<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<?rfc rfcedstyle="yes"?>
<?rfc tocindent="yes"?>
<?rfc strict="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<?rfc text-list-symbols="-o*+"?>
<?rfc docmapping="yes"?>
<?rfc toc_levels="4"?>
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-rats-pkix-key-attestation-07" category="std" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="Evidence Encoding for HSMs">Evidence Encoding for Hardware Security Modules</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-rats-pkix-key-attestation-07"/>
    <author initials="J.-P." surname="Fiset" fullname="Jean-Pierre Fiset">
      <organization abbrev="Crypto4A">Crypto4A Inc.</organization>
      <address>
        <postal>
          <street>1550A Laperriere Ave</street>
          <city>Ottawa, Ontario</city>
          <code>K1Z 7T2</code>
          <country>Canada</country>
        </postal>
        <email>jp@crypto4a.com</email>
      </address>
    </author>
    <author initials="M." surname="Ounsworth" fullname="Mike Ounsworth">
      <organization abbrev="Cryptic Forest">Cryptic Forest Software</organization>
      <address>
        <postal>
          <city>Sioux Lookout</city>
          <country>Canada</country>
        </postal>
        <email>mike@ounsworth.ca</email>
      </address>
    </author>
    <author initials="H." surname="Tschofenig" fullname="Hannes Tschofenig">
      <organization abbrev="UniBw M.">University of the Bundeswehr Munich</organization>
      <address>
        <postal>
          <city>Neubiberg</city>
          <region>Bavaria</region>
          <code>85579</code>
          <country>Germany</country>
        </postal>
        <email>hannes.tschofenig@gmx.net</email>
      </address>
    </author>
    <author initials="H." surname="Birkholz" fullname="Henk Birkholz">
      <organization>Fraunhofer SIT</organization>
      <address>
        <email>henk.birkholz@ietf.contact</email>
      </address>
    </author>
    <author initials="M." surname="Wiseman" fullname="Monty Wiseman">
      <organization/>
      <address>
        <postal>
          <country>United States of America</country>
        </postal>
        <email>monty.wiseman@oracle.com</email>
      </address>
    </author>
    <author initials="N." surname="Smith" fullname="Ned Smith">
      <organization/>
      <address>
        <postal>
          <country>United States</country>
        </postal>
        <email>ned.smith.ietf@gmail.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <area>Security</area>
    <workgroup>RATS</workgroup>
    <keyword>Internet-Draft</keyword>
    <keyword>RATS</keyword>
    <keyword>PKIX</keyword>
    <keyword>HSM</keyword>
    <abstract>
      <?line 146?>

<t>This document specifies a vendor-agnostic format for Evidence produced and verified within a PKIX context.
The Evidence produced this way includes claims collected about a cryptographic module, such as a Hardware Security
Module (HSM),
and elements found within it such as cryptographic keys.</t>
      <t>One scenario envisaged is that the state information about the cryptographic module can be securely presented
to a remote operator or auditor in a vendor-agnostic verifiable format.
A more complex scenario would be to submit this Evidence to a Certification Authority to aid in determining
whether the storage properties of this key meet the requirements of a given certificate profile.</t>
      <t>This specification also offers a format for requesting a cryptographic module to produce Evidence tailored for expected use.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        The latest revision of this draft can be found at <eref target="https://ietf-rats-wg.github.io/key-attestation/draft-ietf-rats-pkix-key-attestation.html"/>.
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-ietf-rats-pkix-key-attestation/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        RATS Working Group mailing list (<eref target="mailto:rats@ietf.org"/>),
        which is archived at <eref target="https://datatracker.ietf.org/wg/rats/about/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/rats/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/ietf-rats-wg/key-attestation"/>.</t>
    </note>
  </front>
  <middle>
    <?line 160?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>This document specifies a vendor-neutral Evidence format for remote attestation in PKIX-based environments, with a focus on hardware security modules (HSMs)
and cryptographic keys managed by such devices. The format enables an Attester to convey measured platform and key properties to a Verifier and, ultimately,
to a Relying Party in a form that integrates with existing X.509-based trust infrastructures.</t>
      <t>Concretely, this specification defines:</t>
      <ul spacing="normal">
        <li>
          <t>an ASN.1/DER <tt>Evidence</tt> envelope containing a to-be-signed section, one or more signature blocks, and optional intermediate certificates;</t>
        </li>
        <li>
          <t>an element-and-claim data model organized around transaction, platform, and key elements, identified by OIDs;</t>
        </li>
        <li>
          <t>encoding and signature-verification processing rules for PKIX Evidence;</t>
        </li>
        <li>
          <t>an attestation request structure that allows a Presenter to request a scoped subset of elements and claims.</t>
        </li>
      </ul>
      <t>The design is intentionally PKIX-native. ASN.1 and DER are used to align with existing certificate tooling, certification authority workflows, and HSM implementations where non-ASN.1 formats are less common.</t>
      <t>This document does not define a transport protocol for carrying Evidence, does not define Verifier appraisal policy, and
does not standardize device-internal authentication/authorization mechanisms. It defines the data model and cryptographic container
so that such mechanisms can be applied consistently across deployments.</t>
    </section>
    <section anchor="use-cases">
      <name>Use Cases</name>
      <t>This section covers use cases that motivated the development of this specification.</t>
      <section anchor="continuous-assurance">
        <name>Continuous Assurance</name>
        <t>There are situations where it is necessary to verify the current running state of an HSM as part of operational or
auditing procedures. For example, there are devices that are certified to work in an environment only if certain
versions of the firmware are loaded or only if user keys are protected with specific policies.</t>
        <t>The Evidence format offered by this specification allows a platform to report its firmware level along with
other collected claims necessary in critical deployments.</t>
      </section>
      <section anchor="key-import-and-hsm-clustering">
        <name>Key import and HSM clustering</name>
        <t>Consider that an HSM is being added to a logical HSM cluster. Part of the onboarding process involves
the newly-added HSM providing Evidence of its running state, for example that it is a genuine device from
the same manufacturer as the existing clustered HSMs, firmware patch level, FIPS mode, etc.
It could also be required to provide information about any system-level keys required to establish
secure cluster communication. In this scenario, the Verifier and Relying Party will typically be other HSMs in the cluster
deciding whether or not to admit the new HSM.</t>
        <t>A related scenario is when performing a key migration across HSMs.
If the key is being migrated is associated with certain properties, for example an environment running in FIPS mode at
FIPS Level 3, and the key is set to certain protection properties such as Non-Exportable and Dual-Control,
then the HSM might wish to verify that the key was previously stored under the same conditions.
This specification provides an Evidence format with sufficient details to support this type of
implementation across HSM vendors.</t>
        <t>These scenarios motivate the design requirements to have an ASN.1 based Evidence format and a data model that
more closely matches typical HSM architecture since, as shown in both scenarios,
an HSM is acting as Verifier and Relying Party.</t>
      </section>
      <section anchor="attesting-subject-of-a-certificate-issuance">
        <name>Attesting subject of a certificate issuance</name>
        <t>Prior to a Certification Authority (CA) issuing a certificate on behalf of a subject, a number of procedures
are required to verify that the subject of the certificate is associated with the key that is certified.
In some cases, such as issuing a code signing certificate <xref target="CNSA2.0"/> <xref target="CSBR"/>, a CA must ensure that
the subject key is located in a Hardware Security Module (HSM).</t>
        <t>The Evidence format offered by this specification is designed to carry the information necessary for a CA to
assess the location of the subject key along a number of commonly-required attributes. More specifically, a CA could
determine which HSM was used to generate the subject key, whether this device adheres
to certain jurisdiction policies (such as FIPS mode) and the constraints applied to the key (such as whether is it extractable).</t>
        <t>For relatively simple HSM devices, storage properties such as "extractable" may always be false for all keys
since the devices are not capable of key export and so the Evidence could be essentially a hard-coded template asserting these
immutable attributes. However, more complex HSM devices require a more elaborate Evidence format that encompasses the
mutability of these attributes.</t>
        <t>Also, a client requesting a key attestation might wish to scope-down the content of the produced Evidence as
the HSM contains much more information than that which is relevant to the transaction.
Not reducing the scope of the generated Evidence could, in some scenarios, constitute a privacy violation.</t>
      </section>
    </section>
    <section anchor="terminology">
      <name>Conventions and Terminology</name>
      <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
      <?line -18?>

<t>This specification uses a necessary mixture of PKI terminology and RATS Architecture definitions
in order to map concepts between the two domains.</t>
      <t>The reader is assumed to be familiar with the vocabulary and concepts
defined in the RATS Architecture (<xref target="RFC9334"/>) such as Attester,
Relying Party, Verifier.</t>
      <t>The reader is assumed to be familiar with common vocabulary and concepts
defined in <xref target="RFC5280"/> such as certificate, signature, attribute, verification and validation.</t>
      <t>In order to avoid confusion, this document generally
capitalizes RATS terms such as Attester, Relying Party, and Claim.
Therefore, for example, a "Verifier"
should be assumed to be an entity that checks the validity of Evidence as per <xref target="RFC9334"/>,
whereas a "verifier" could be a more general reference to a PKI entity that checks
the validity of an X.509 certificate or other digital signature as per <xref target="RFC5280"/>.</t>
      <t>The following terms are used in this document:</t>
      <dl newline="true">
        <dt>Attestation Key (AK):</dt>
        <dd>
          <t>Cryptographic key controlled solely by the Attester and used only for the purpose
of producing Evidence. In other words, it is used to digitally sign the claims collected by
the Attester.</t>
        </dd>
        <dt>Attester:</dt>
        <dd>
          <t>The term Attester respects the definition offered in <xref target="RFC9334"/>. In this specification, it
is also interchangeable with "platform" or "HSM".</t>
        </dd>
        <dt>Attesting Environment:</dt>
        <dd>
          <t>As defined in <xref target="RFC9334"/>, the Attesting Environment collects the information to be represented
in Claims. In practical terms, an implementation may be designed with services to perform this function.
To remain consistent with the RATS Architecture, the term "Attesting Environment" is used throughout
this specification.</t>
        </dd>
        <dt>Evidence:</dt>
        <dd>
          <t>The term Evidence respects the definition offered in <xref target="RFC9334"/>. In this specification, it
refers to claims, encoded according to the format defined within this document, and signed using
Attestation Keys.</t>
        </dd>
        <dt>Hardware Security Module (HSM):</dt>
        <dd>
          <t>A physical computing device that safeguards and manages secrets, such as cryptographic keys,
and performs cryptographic operations based on those secrets.
This specification takes a broad definition of what counts as an HSM to include smartcards,
USB tokens, TPMs, cryptographic co-processors (PCI cards) and "enterprise-grade" or "cloud-service grade" HSMs
(possibly rack mounted). In this specification, it is interchangeable with "platform" or "Attester".</t>
        </dd>
        <dt>Key Attestation:</dt>
        <dd>
          <t>Process of producing Evidence containing claims pertaining to user keys found within an HSM. In
general, the claims include enough information about a user key and its hosting platform to allow
a Relying Party to make judicious decisions about the key, such as whether to issue a certificate for the key.</t>
        </dd>
        <dt>RATS:</dt>
        <dd>
          <t>Remote ATtestation procedureS. Refers to a working group within IETF and all the documents developed
under this umbrella of efforts. This specification is developed using concepts developed in RATS but more
particularly refers to the RATS Architecture as introduced in <xref target="RFC9334"/>.</t>
        </dd>
        <dt>PKIX:</dt>
        <dd>
          <t>Public Key Infrastructure based on X.509 certificates. Refers to the framework of technology, policies and
procedures used to manage and distribute digital certificates based on <xref target="RFC5280"/> and related specifications.</t>
        </dd>
        <dt>Platform:</dt>
        <dd>
          <t>The module or device that embodies the Attester. In this specification, it is interchangeable with
"Attester" or "HSM".</t>
        </dd>
        <dt>Platform Attestation:</dt>
        <dd>
          <t>Process of producing evidence containing claims pertaining to measured values associated with the platform itself. In general, the claims include
enough information about the platform to allow a Relying Party to make judicious decisions about the
platform, such as those carried out during audit reviews.</t>
        </dd>
        <dt>Presenter:</dt>
        <dd>
          <t>Role that facilitates communication between the Attester and the Verifier. The
Presenter initiates the operation of generating Evidence at the Attester and
passes the generated Evidence to the Verifier. In the case of HSMs, the Presenter
is responsible of selecting the claims that are part of the generated Evidence.</t>
        </dd>
        <dt>Trust Anchor:</dt>
        <dd>
          <t>As defined in <xref target="RFC6024"/> and <xref target="RFC9019"/>, a Trust Anchor
"represents an authoritative element via a public key and
associated data. The public key is used to verify digital
signatures, and the associated data is used to constrain the types
of information for which the trust anchor is authoritative." The
Trust Anchor may be a certificate, a raw public key, or other
structure, as appropriate.</t>
        </dd>
        <dt>Trusted Platform Module (TPM):</dt>
        <dd>
          <t>A tamper-resistant processor generally located on a computer's motherboard used to enhance attestation
functions for the hosting platform as defined by the Trusted Computer Group. TPMs are very specialized Hardware Security Modules and generally use
other protocols (than the one presented in this specification) to transmit Evidence.</t>
        </dd>
        <dt>User Key:</dt>
        <dd>
          <t>A user key consists of a key hosted by an HSM (the platform) and intended to be used by a client
of the HSM. Other terms used for a user key are "application key", "client key" or "operational key".
The access and operations on a user key are controlled by the HSM.</t>
        </dd>
      </dl>
      <section anchor="claims-and-measurements-in-generated-evidence">
        <name>Claims and measurements in generated Evidence</name>
        <t>The RATS Architecture <xref target="RFC9334"/> states that Evidence is made up of claims and that a claim is "a piece of
asserted information, often in the form of a name/value pair". The RATS Architecture also mentions
the concept of "measurements" that "can describe a variety of attributes of system components, such
as hardware, firmware, BIOS, software, etc., and how they are hardened."</t>
        <t>Some HSMs have a large amount of memory and can therefore contain a substantial amount of elements that
can be observed independently by the Attesting Environment. Each of those elements, in turn, can contain a
number of measurable attributes.</t>
        <t>A certain level of complexity arises as multiple elements of the same class can be reported simultaneously in generated
Evidence. In this case, multiple similar claims are reported simultaneously but associated with different elements.</t>
        <t>For example, two independent user keys could be reported simultaneously in Evidence. Each key is associated with a
SPKI (SubjectPublicKeyInfo). The measured values for the SPKI of the respective keys are different.</t>
        <t>To that end, in this specification, the claims are organized as collections where each claim is the association of
a claim type with the measured value. The collections, in turn, are organized by "elements". An element represents a
logical portion of the Target Environment that is observed by the Attesting Environment.</t>
        <t>Thus, an element is associated with a collection of claims. Each claim is the association of a claim type
with a measured value.</t>
        <t>The grouping of claims into elements facilitates the comprehension of a large addressable space into
portions recognizable by the user. More importantly, it curtails the produced Evidence to portions of the
Target Environment that relate to the needs of the Verifier. See <xref target="sec-cons-privacy"/>.</t>
      </section>
      <section anchor="sec-ak-chain">
        <name>Attestation Key Certificate Chain</name>
        <t>The data format in this specification represents Evidence and
requires third-party endorsement in order to establish trust. Part of this
endorsement is a trust anchor that chains to the HSM's attestation key (AK)
which signs the Evidence. In practice the trust anchor usually is a
manufacturing CA belonging to the device vendor which proves
that the device is genuine and not counterfeit. The trust anchor can also belong
to the device operator as would be the case when the AK certificate is replaced
as part of onboarding the device into a new operational environment.</t>
        <t>The AK certificate associated with the AK that signs the evidence have the following constraints:</t>
        <ul spacing="normal">
          <li>
            <t>the certificate <bcp14>MUST</bcp14> include the Extended Key Usage (EKU) certificate extension;</t>
          </li>
          <li>
            <t>the EKU certificate extension <bcp14>MUST</bcp14> include the <tt>id-kp-attestationKey</tt>, as defined in this specification; and,</t>
          </li>
          <li>
            <t>the <tt>KeyUsage</tt> extension (KU) <bcp14>MUST</bcp14> have the <tt>digitalSignature</tt> bit set.</t>
          </li>
        </ul>
        <t>An EKU that includes only a single KeyPurposeId of <tt>id-kp-attestationKey</tt> <bcp14>SHOULD</bcp14> be marked as <tt>critical</tt>.
The reasoning here is that the usage of a true attestation key is constrained by the security module it's
contained by.  Presenting non-attestation data for validation by this AK public key should ALWAYS fail.</t>
        <t>An EKU that includes a KeyPurposeId of <tt>id-kp-attestationKey</tt> along with other attestation-related
KeyPurposeId <bcp14>SHOULD NOT</bcp14> be marked as critical.</t>
        <t>Note that the data format specified in <xref target="sec-data-model"/> allows for zero, one, or multiple
'SignatureBlock's, so a single Evidence statement could be un-protected, or could be endorsed by multiple
AK chains leading to different trust anchors. See <xref target="sec-verif-proc"/> for a discussion of handling multiple SignatureBlocks.</t>
      </section>
    </section>
    <section anchor="sec-info-model">
      <name>Information Model</name>
      <t>The Evidence format is composed of two main sections:</t>
      <ul spacing="normal">
        <li>
          <t>An Evidence description which describes the list of reported elements.</t>
        </li>
        <li>
          <t>A signature section where one or more digital signatures are offered to prove the origin of the
Evidence description and maintain its integrity.</t>
        </li>
      </ul>
      <t>The details of the signature section is left to the data model. The remainder of this section
deals with the way the information is organized to form the Evidence description.</t>
      <t>The Evidence description is associated with elements to help with the organization and comprehension
of the information. Elements are portions of the Target Environment observed by the Attesting
Environment. Each element, in turn, is associated with a collection of claims that describes the attributes
of the element.</t>
      <t>Therefore, the Evidence description is composed of a set of elements and each element is composed
of a claim set.</t>
      <section anchor="element">
        <name>Element</name>
        <t>An element is a logical construct that refers to a portion of the Target Environment's state. It is
addressable via an identifier such as a UUID or a handle (as expressed in <xref target="PKCS11"/>). In general, an
element refers to a component recognized by users of the HSM, such as a user key or the platform itself.</t>
        <t>An element is composed of a type, the element type, and a collection of claims. The element type
describes the class of the element while the collection of claims defines its state.</t>
        <t>An element <bcp14>MUST</bcp14> be reported at most once in an Evidence description. The Evidence description can
have multiple elements of the same type (for example reporting multiple keys), but each
element <bcp14>MUST</bcp14> relate to different portions of the Target Environment.</t>
        <t>It is possible for two elements to be quite similar such as in a situation where a key is imported
twice in a HSM. In this case, the two related elements could be associated with similar claims. However, they
are treated as different elements as they are reporting different portions of the Target Environment.</t>
        <t>The number of elements reported in an Evidence description, and their respective type, is
left to the implementer. For a simple device where there is only one key, the list of
reported elements could be fixed. For larger and more complex devices, the list of
reported elements should be tailored to what is demanded by the Presenter.</t>
        <t>In particular, note that the <tt>nonce</tt> claim contained with the Transaction element is optional,
and therefore it is possible that an extremely simple device that holds one static key
could have its Evidence generated at manufacturing time and injected
statically into the device instead of
being generated on-demand. This model would essentially
off-board the Attesting Environment to be part of the manufacturing infrastructure. In the RATS
Architecture, this configuration would refer to the the information provided this way as an Endorsement
provided by the manufacturer as opposed to Evidence generated by the HSM.</t>
      </section>
      <section anchor="element-type">
        <name>Element Type</name>
        <t>An element is defined by its type. This specification defines three element types:</t>
        <ul spacing="normal">
          <li>
            <t>Platform : This element holds claims that describes the state of the platform (or device)
itself. Elements of this type hold claims that are global
in nature within the Target Environment.</t>
          </li>
          <li>
            <t>Key : The elements of this type represent a cryptographic key protected within the
Target Environment and hold claims that describes that specific key.</t>
          </li>
          <li>
            <t>Transaction : This element is abstract in nature since it is associated with claims
that do not describe portions of the Target Environment. Instead, these claims
relate to the current request for Evidence such as a <tt>nonce</tt> to support freshness.</t>
          </li>
        </ul>
        <t>Although this document defines a short list of element types, this list is extensible
to allow implementers to report on elements found in their implementation and not
covered by this specification. By using an Object Identifiers (OID) for specifying element types
and claim types, this format is inherently extensible;
implementers of this specification <bcp14>MAY</bcp14> define new custom or proprietary element types and
place them alongside the standardized elements, or define new claim types
and place them inside standardized elements.</t>
        <t>Verifiers <bcp14>SHOULD</bcp14> ignore and skip over
unrecognized element or claim types and continue processing normally.
In other words, if a given Evidence would have been acceptable without the
unrecognized elements or claims, then it <bcp14>SHOULD</bcp14> still be acceptable with them.</t>
      </section>
      <section anchor="claim-type">
        <name>Claim Type</name>
        <t>Each claim found in an element is composed of a claim type and a value.
Each claim describes a portion of the state from the associated element. For example,
a platform element could have a claim which indicates the firmware version currently running.
Another example is a key element with a claim that reports whether the key is extractable
or not.</t>
        <t>A value provided by a claim is to be interpreted within the context
of its element and in relation to the claim type.</t>
        <t>It is <bcp14>RECOMMENDED</bcp14> that a claim type be defined for a specific element type, to reduce
confusion when it comes to interpretation of the value. In other words, a claim type <bcp14>SHOULD
NOT</bcp14> be used by multiple element types. For example, if a concept of "revision" is applicable to a platform
and a key, the claim for one element type (platform revision) should have a different identifier
from the one for the other element type (key revision).</t>
        <t>The nature of the value (boolean, integer, string, bytes) and its format are dependent on the claim type.</t>
        <t>This specification defines a limited set of claim types. However, the list is extensible
through the IANA registration process or private OID allocation, enabling implementers to
report additional claims not covered by this specification.</t>
        <t>The number of claims reported within an element, and their respective type, is
left to the implementer. For a simple device, the reported list of claims for an element
might be fixed. However, for larger and more complex devices, the list of reported claims
should be tailored to what is demanded by the Presenter.</t>
        <t>Claims of a particular type <bcp14>MAY</bcp14> be repeated within an element while others <bcp14>MUST NOT</bcp14>. For example, for a
platform element, there can only be one "firmware version" claim. Therefore, the associated claim
<bcp14>MUST NOT</bcp14> be repeated as it may lead to confusion. However, a claim relating to
a "ak-spki" <bcp14>MAY</bcp14> be repeated, each claim describing a different attesting key.
Therefore, the definition of a claim specifies whether or not multiple copies of that
claim are allowed within an element's claim set.</t>
        <t>If a Verifier detects, within a single element, multiple copies of a claim type that should not
be repeated, it <bcp14>MUST</bcp14> reject the Evidence as malformed. Since a Verifier is encouraged to ignore
unrecognized claim types, it is possible that a potential rejection is missed.</t>
        <t>If a Verifier encounters, within the context of an element, a repeated claim for a type where
it is allowed, it <bcp14>MUST</bcp14> treat each one as an independent claim and <bcp14>MUST NOT</bcp14>
consider later ones to overwrite the previous one.</t>
      </section>
    </section>
    <section anchor="sec-data-model">
      <name>Data Model</name>
      <t>This section describes the data model associated with generated Evidence. For ease of
deployment within the target ecosystem, ASN.1 definitions and DER encoding
are used. A complete ASN.1 module is provided in <xref target="sec-asn1-mod"/>.</t>
      <t>The top-level structures, as ASN.1 fragments, are:</t>
      <sourcecode type="asn.1"><![CDATA[
Evidence ::= SEQUENCE {
    tbs  TbsEvidence,
    signatures  SEQUENCE SIZE (0..MAX) OF SignatureBlock,
    intermediateCertificates  [0] SEQUENCE OF Certificate OPTIONAL
                                  -- As defined in RFC 5912
}

SignatureBlock ::= SEQUENCE {
    sid SignerIdentifier,
    signatureAlgorithm AlgorithmIdentifier{
        SIGNATURE-ALGORITHM, {SignatureAlgSet} },
    signatureValue OCTET STRING
}

SignerIdentifier ::= SEQUENCE {
    keyId [0] EXPLICIT OCTET STRING OPTIONAL,
    subjectPublicKeyInfo [1] EXPLICIT
        SubjectPublicKeyInfo OPTIONAL,
        -- As defined in RFC 5912
    certificate [2] EXPLICIT Certificate OPTIONAL
      -- As defined in RFC 5912
} (
    WITH COMPONENTS { ..., keyId PRESENT}
    | WITH COMPONENTS { ..., subjectPublicKeyInfo PRESENT }
    | WITH COMPONENTS { ...,certificate PRESENT } )

TbsEvidence ::= SEQUENCE {
    version INTEGER,
    reportedElements SEQUENCE SIZE (1..MAX) OF ReportedElement
}
]]></sourcecode>
      <t>An <tt>Evidence</tt> message is composed of a protected section known as the To-Be-Signed (TBS) section.
The <tt>TbsEvidence</tt> corresponds to the "Evidence Description" referred to in <xref target="sec-info-model"/>.
The integrity of the TBS section is ensured with one or multiple cryptographic signatures
over the content of this section. There is a provision to carry X.509 certificates supporting each signature.
The SEQUENCE OF <tt>SignatureBlock</tt> allows for both multi-algorithm protection and for counter-signatures
of the Evidence.
In an effort to keep the Evidence format simple, distinguishing between these two cases is left up to Verifier policy,
potentially by making use of the certificates that accompany each signature.</t>
      <t>This design also does not prevent an attacker from removing, adding or re-ordering signatures without leaving trace.
This is discussed as part of the security considerations in <xref target="sec-detached-sigs"/>.</t>
      <t>The TBS section is composed of a version number, to ensure future extensibility, and a sequence of reported elements.
For compliance with this specification, <tt>TbsEvidence.version</tt> <bcp14>MUST</bcp14> be <tt>1</tt>.
This envelope format is not extensible; future specifications which make compatibility-breaking changes <bcp14>MUST</bcp14> increment the version number.</t>
      <t>A <tt>SignatureBlock</tt> is included for each signature submitted against the TBS section. The <tt>SignatureBlock</tt> includes
the signature algorithm (signatureAlgorithm) and the signature itself (signatureValue). It also includes
information to identify the authority that provided the signature which is the structure <tt>SignerIdentifier</tt> (sid).
The signer identifier includes a combination of X.509 certificate, SubjectPublicKeyInfo (SPKI) and/or
key identifier (keyId). It is expected that a X.509 certificate will be generally used, as it provides the public key needed
to verify the signature and clearly identifies the subject that provided the signature. The SPKI and keyId are allowed
to support environments where X.509 certificates are not used.</t>
      <t>The field <tt>SignerIdentifier.keyId</tt> is not constrained to specific details. It is an identifier that is shared between the Attester and the Verifier to establish which public key should be used during the verification of a signature block. The fields <tt>SignerIdentifier.subjectPublicKeyInfo</tt> and <tt>SignerIdentifier.certificate</tt> are encouraged as these fields have specific syntax and semantics. When <tt>SignerIdentifier.keyId</tt> is used without a certificate or SPKI, the Verifier <bcp14>MUST</bcp14> obtain the corresponding public key by some implementation-specific or out-of-band mechanism before it can validate the signature.</t>
      <t>The optional certificate list provided in <tt>Evidence.intermediateCertificates</tt> enables the insertion
of X.509 certificates to support trusting the signatures found in signature blocks. This information is intended to provide
the certificates required by the Verifier to validate the endorsement on the certificates included
with the signatures. <tt>intermediateCertificates</tt> <bcp14>MAY</bcp14> include any or all intermediate CA certificates needed to build paths.
It is not required to include trust anchors. Order is not significant.</t>
      <t>As described in <xref target="sec-info-model"/>, the <tt>TbsEvidence</tt> is a collection of elements. Each element
is associated with a type that defines its class. The element types are represented by object identifiers
(OIDs). The following ASN.1 fragment defines the structures associated with elements:</t>
      <sourcecode type="asn.1"><![CDATA[
ReportedElement ::= SEQUENCE {
    elementType         OBJECT IDENTIFIER,
    claims             SEQUENCE SIZE (1..MAX) OF ReportedClaim
}

id-evidence-element             OBJECT IDENTIFIER ::=
    { id-evidence 0 }
id-evidence-element-transaction OBJECT IDENTIFIER ::=
    { id-evidence-element 0 }
id-evidence-element-platform    OBJECT IDENTIFIER ::=
    { id-evidence-element 1 }
id-evidence-element-key         OBJECT IDENTIFIER ::=
    { id-evidence-element 2 }
]]></sourcecode>
      <t>In turn, elements are composed of a collection of claims. Each claim is composed of a type and a value.
The claim types are represented by object identifiers (OIDs). The
following ASN.1 fragment defines the structures associated with claims:</t>
      <sourcecode type="asn.1"><![CDATA[
CLAIM ::= CLASS {
    &id       OBJECT IDENTIFIER UNIQUE,
    &Type
} WITH SYNTAX {
    ID &id
    WITH TYPE &Type
}

ReportedClaim ::= SEQUENCE {
    claimType  CLAIM.&id ({ClaimSet}),
    value      CLAIM.&Type ({ClaimSet}{@claimType}) OPTIONAL
}

ClaimSet CLAIM ::= {
    -- claim definitions from this specification,
    ...
}
]]></sourcecode>
      <t>The <tt>ClaimSet</tt> object set in the complete ASN.1 module is extensible. This allows future or proprietary claim types to be encoded without changing the <tt>ReportedClaim</tt> syntax. A Verifier that does not recognize a claim type <bcp14>SHOULD</bcp14> ignore that claim as described in <xref target="sec-info-model"/>, unless local policy requires rejection.</t>
      <t>For generated Evidence, <tt>value</tt> <bcp14>MUST</bcp14> be present for every claim whose semantics are defined by this specification unless that claim type explicitly allows omission. In attestation requests, the value <bcp14>MAY</bcp14> be omitted when the value is to be supplied by the Attesting Environment.</t>
      <t>Each claim type <bcp14>SHOULD</bcp14> be associated with a single element type. Therefore, it is encouraged
to define claim types grouped with their respective element type.</t>
      <t>The nature of a claim value is dictated by the claim type. When a claim type is defined, the
definition must include the type of the value, its semantic and interpretation.</t>
      <t>The following ASN.1 fragment illustrates how a claim is associated with a type, in this case the
OID <tt>id-evidence-claim-transaction-nonce</tt> and the expected data format (OCTET STRING).</t>
      <sourcecode type="asn.1"><![CDATA[
id-evidence-claim-transaction-nonce     OBJECT IDENTIFIER ::=
    { id-evidence-claim-transaction 0 }

claim-transaction-nonce CLAIM ::= {
  ID id-evidence-claim-transaction-nonce
  WITH TYPE OCTET STRING
}
]]></sourcecode>
      <t>The remainder of this section describes the element types and their associated claims.</t>
      <section anchor="platform-element">
        <name>Platform Element</name>
        <t>A platform element reports information about the device where the Evidence is generated and is
composed of a collection of claims that are global to the Target Environment.
It is associated with the type identifier <tt>id-evidence-element-platform</tt>.</t>
        <t>A platform element, if provided, <bcp14>MUST</bcp14> be included only once within the generated Evidence. If a
Verifier encounters multiple elements of type <tt>id-evidence-element-platform</tt>, it <bcp14>MUST</bcp14>
reject the Evidence as malformed.</t>
        <t>The following table lists the claims for a platform element (platform claims) defined
within this specification. In cases where the claim is borrowed from another specification,
the "Reference" column refers to the specification where the semantics
for the claim value can be found.</t>
        <table>
          <thead>
            <tr>
              <th align="left">Claim Type</th>
              <th align="left">Reference</th>
              <th align="left">Multiple?</th>
              <th align="left">OID</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">vendor</td>
              <td align="left">RFCthis</td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-vendor</td>
            </tr>
            <tr>
              <td align="left">oemid</td>
              <td align="left">
                <xref target="RFC9711"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-oemid</td>
            </tr>
            <tr>
              <td align="left">hwmodel</td>
              <td align="left">
                <xref target="RFC9711"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-hwmodel</td>
            </tr>
            <tr>
              <td align="left">hwversion</td>
              <td align="left">
                <xref target="RFC9711"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-hwversion</td>
            </tr>
            <tr>
              <td align="left">hwserial</td>
              <td align="left">RFCthis</td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-hwserial</td>
            </tr>
            <tr>
              <td align="left">swname</td>
              <td align="left">
                <xref target="RFC9711"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-swname</td>
            </tr>
            <tr>
              <td align="left">swversion</td>
              <td align="left">
                <xref target="RFC9711"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-swversion</td>
            </tr>
            <tr>
              <td align="left">dbgstat</td>
              <td align="left">
                <xref target="RFC9711"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-debugstat</td>
            </tr>
            <tr>
              <td align="left">uptime</td>
              <td align="left">
                <xref target="RFC9711"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-uptime</td>
            </tr>
            <tr>
              <td align="left">bootcount</td>
              <td align="left">
                <xref target="RFC9711"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-bootcount</td>
            </tr>
            <tr>
              <td align="left">fipsboot</td>
              <td align="left">
                <xref target="FIPS140-3"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-fipsboot</td>
            </tr>
            <tr>
              <td align="left">fipsver</td>
              <td align="left">
                <xref target="FIPS140-3"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-fipsver</td>
            </tr>
            <tr>
              <td align="left">fipslevel</td>
              <td align="left">
                <xref target="FIPS140-3"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-fipslevel</td>
            </tr>
            <tr>
              <td align="left">fipsmodule</td>
              <td align="left">
                <xref target="FIPS140-3"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-platform-fipsmodule</td>
            </tr>
          </tbody>
        </table>
        <t>Each claim defined in the table above is described in the following sub-sections.</t>
        <section anchor="vendor">
          <name>vendor</name>
          <t>A human-readable string that reports the name of the device's manufacturer. This field is for informational
purposes only and should not be used in any automated mechanism to compare the Evidence. For the purposes of comparison,
the claims <tt>oemid</tt> and  <tt>hwmodel</tt> should be used.</t>
          <t>If the device is submitted to FIPS validation, this string should correspond to the vendor field of the submission.</t>
        </section>
        <section anchor="oemid-hwmodel-hwversion-swname-swversion-dbgstat-uptime-bootcount">
          <name>oemid, hwmodel, hwversion, swname, swversion, dbgstat, uptime, bootcount</name>
          <t>These claims are defined in <xref target="RFC9711"/> and are reused in this specification for interoperability. Small
descriptions are offered for each to ease the reading of this specification. In case of confusion between the
description offered here and the one in <xref target="RFC9711"/>, the definition offered in the latter shall prevail.</t>
          <t>The claim "oemid" uniquely identifies the Original Equipment Manufacturer (OEM) of the HSM. This is a
sequence of bytes and is not meant to be a human readable string.</t>
          <t>The claim "hwmodel" differentiates models, products, and variants manufactured by a particular OEM. A model
must be unique within a given "oemid". This is a sequence of bytes and is not meant to be a human readable string.</t>
          <t>The claim "hwversion" is a text string reporting the version of the hardware. This claim must be
interpreted along with the claim "hwmodel".</t>
          <t>The claim "swname" is a text string reporting the name of the firmware running on the platform.</t>
          <t>The claim "swversion" differentiates between the various revisions of a firmware offered for the platform. This
is a string that is expected to be human readable.</t>
          <t>The claim "dbgstat" refers to the state of the debug facilities offered by the HSM. This is an integer
value describing the current state as described in <xref target="RFC9711"/>.</t>
          <t>The claim "uptime" reports the number of seconds that have elapsed since the HSM was last booted.</t>
          <t>The claim "bootcount" reports the number of times the HSM was booted.</t>
        </section>
        <section anchor="hwserial">
          <name>hwserial</name>
          <t>A human-readable string that reports the serial number of the hardware module. This serial number often matches the number engraved
on the case or on an applied sticker.</t>
        </section>
        <section anchor="fipsboot-fipsver-fipslevel-and-fipsmodule">
          <name>fipsboot, fipsver, fipslevel and fipsmodule</name>
          <t>FIPS 140-3 CMVP validation places stringent requirements on the mode of operation of the device and the cryptography offered by the module,
including only enabling FIPS-approved algorithms, certain requirements on entropy sources, and extensive start-up self-tests.
FIPS 140-3 offers compliance levels 1 through 4 with increasingly strict requirements. Many HSMs include a configuration setting that allows
the device to be taken out of FIPS mode and thus enable additional functionality or performance, and some offer configuration settings to change between compliance levels.</t>
          <t>The boolean claim <tt>fipsboot</tt> indicates whether the device is currently operating in FIPS mode. When the claim value is "true", the HSM is running in compliance with the
FIPS 140 restrictions. Among other restrictions, it means that only FIPS-approved algorithms are available. If the value of this claim is "false", then the HSM is not
restricted to the behavior limited by compliance.</t>
          <t>The textual claim <tt>fipsver</tt> indicates the version of the FIPS CMVP specification with which the device's operational mode is compliant. At the time of writing, the strings "FIPS 140-2" or "FIPS 140-3" <bcp14>SHOULD</bcp14> be used.</t>
          <t>The integer claim <tt>fipslevel</tt> indicates the compliance level to which the device is currently operating and <bcp14>MUST</bcp14> only be 1, 2, 3, or 4. The <tt>fipslevel</tt> claim has no meaning if <tt>fipsboot</tt> is absent or <tt>false</tt>.</t>
          <t>The claim <tt>fipsmodule</tt> is a textual field used to represent the name of the module that was submitted to CMVP for validation. The information derived by combining this claim with the vendor name shall
be sufficient to find the associated records in the CMVP database.</t>
          <t>The FIPS status information found in Evidence indicates only the mode of operation of the device and is not authoritative of its validation status.
This information is available on the NIST CMVP website or by contacting the device vendor.
As an example, some devices may have the option to enable FIPS mode in configuration even if the vendor has not submitted this model for validation. As another example,
a device may be running in a mode consistent with FIPS Level 3 but the device was only validated and certified to Level 2.
A Relying Party wishing to know the validation status of the device <bcp14>MUST</bcp14> couple the device state information contained in the Evidence with a valid FIPS CMVP certificate for the device.</t>
        </section>
      </section>
      <section anchor="key-element">
        <name>Key Element</name>
        <t>A key element is associated with the type <tt>id-evidence-element-key</tt>. Each instance of a
key element represents a different addressable key found in the Target Environment. There can
be multiple key elements found in Evidence, but each reported key element <bcp14>MUST</bcp14>
describe a different key observed from the Target Environment. Two key elements may represent the same underlying cryptographic key
(keys with the exact same value) but they must be different portions of the Target Environment.</t>
        <t>A key element is composed of a collection of claims relating to the cryptographic key. At
minimum, a key element <bcp14>MUST</bcp14> report the claim "identifier" to uniquely identify this cryptographic
key from any others found in the same Target Environment.</t>
        <t>A Verifier that detects Evidence with multiple key elements referring to the
same addressable key <bcp14>MUST</bcp14> reject the Evidence.</t>
        <t>The following table lists the claims for a key element defined
within this specification. The "Reference" column refers to the specification where the semantics
for the claim can be found.</t>
        <table>
          <thead>
            <tr>
              <th align="left">Claim Type</th>
              <th align="left">Reference</th>
              <th align="left">Multiple?</th>
              <th align="left">OID</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">identifier</td>
              <td align="left">RFCthis</td>
              <td align="left">Yes</td>
              <td align="left">id-evidence-claim-key-identifier</td>
            </tr>
            <tr>
              <td align="left">spki</td>
              <td align="left">RFCthis</td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-key-spki</td>
            </tr>
            <tr>
              <td align="left">extractable</td>
              <td align="left">
                <xref target="PKCS11"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-key-extractable</td>
            </tr>
            <tr>
              <td align="left">sensitive</td>
              <td align="left">
                <xref target="PKCS11"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-key-sensitive</td>
            </tr>
            <tr>
              <td align="left">never-extractable</td>
              <td align="left">
                <xref target="PKCS11"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-key-never-extractable</td>
            </tr>
            <tr>
              <td align="left">local</td>
              <td align="left">
                <xref target="PKCS11"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-key-local</td>
            </tr>
            <tr>
              <td align="left">expiry</td>
              <td align="left">RFCthis</td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-key-expiry</td>
            </tr>
            <tr>
              <td align="left">purpose</td>
              <td align="left">RFCthis</td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-key-purpose</td>
            </tr>
          </tbody>
        </table>
        <t>An attestation key might be visible to a client of the device and be reported along with other cryptographic keys. Therefore,
it is acceptable to include a key element providing claims about an attestation key like any other cryptographic key. An
implementation <bcp14>MAY</bcp14> reject the generation of Evidence if it relates to an attestation key.</t>
        <section anchor="identifier">
          <name>identifier</name>
          <t>A human-readable string that uniquely identifies the cryptographic key. This value often contains
a UUID but could also have a numeric value expressed as text or any other textual description.</t>
          <t>This claim <bcp14>MAY</bcp14> be repeated as some environments have more than one way to refer to a
cryptographic key.</t>
        </section>
        <section anchor="spki">
          <name>spki</name>
          <t>The value of this claim contains the DER-encoded field SubjectPublicKeyInfo (see <xref target="RFC5280"/>) associated with the cryptographic
key.</t>
        </section>
        <section anchor="extractable-sensitive-never-extractable-local">
          <name>extractable, sensitive, never-extractable, local</name>
          <t>These claims are defined as key attributes in <xref target="PKCS11"/> and reused in this specification for interoperability. Small
descriptions are offered for each to ease the reading of this specification. In case of confusion between the
description offered here and the one in <xref target="PKCS11"/>, the definition offered in the latter shall prevail.</t>
          <t>The claim "extractable" indicates that the key can be exported from the HSM. Corresponds directly to the attribute CKA_EXTRACTABLE
found in PKCS#11.</t>
          <t>The claim "sensitive" indicates that the value of key cannot leave the HSM in plaintext. Corresponds directly to the attribute CKA_SENSITIVE
found in PKCS#11.</t>
          <t>The claim "never-extractable" indicates if the key was never extractable from the HSM throughout the life of the key. Corresponds
directly to the attribute CKA_NEVER_EXTRACTABLE found in PKCS#11.</t>
          <t>The claim "local" indicates whether the key was generated locally or imported. Corresponds directly to the attribute CKA_LOCAL
found in PKCS#11.</t>
        </section>
        <section anchor="expiry">
          <name>expiry</name>
          <t>Reports a time after which the key is not to be used. The device <bcp14>MAY</bcp14> enforce this policy based on its internal clock.</t>
          <t>Note that security considerations should be taken relating to HSMs and their internal clocks. See <xref target="sec-cons-hsm-timestamps"/>.</t>
        </section>
        <section anchor="purpose">
          <name>purpose</name>
          <t>Reports the key purposes, also referred to as key capabilities, associated with the subject key. Since multiple purposes can be associated with a single key,
the value of this claim is a list of purposes, each reported as an object identifier (OID).</t>
          <t>The value of this claim is the DER encoding of the following structure:</t>
          <sourcecode type="asn.1"><![CDATA[
claim-key-purpose CLAIM ::= {
  ID id-evidence-claim-key-purpose
  WITH TYPE KeyPurposes
}

KeyPurposes ::= SEQUENCE OF OBJECT IDENTIFIER

]]></sourcecode>
          <t>The following table describes the key purposes defined in this specification. The key purposes offered are based on key
attributes provided by PKCS#11. Each purpose is assigned an object identifier (OID).</t>
          <table>
            <thead>
              <tr>
                <th align="left">Capability</th>
                <th align="left">PKCS#11</th>
                <th align="left">OID</th>
              </tr>
            </thead>
            <tbody>
              <tr>
                <td align="left">encrypt</td>
                <td align="left">CKA_ENCRYPT</td>
                <td align="left">id-evidence-key-capability-encrypt</td>
              </tr>
              <tr>
                <td align="left">decrypt</td>
                <td align="left">CKA_DECRYPT</td>
                <td align="left">id-evidence-key-capability-decrypt</td>
              </tr>
              <tr>
                <td align="left">wrap</td>
                <td align="left">CKA_WRAP</td>
                <td align="left">id-evidence-key-capability-wrap</td>
              </tr>
              <tr>
                <td align="left">unwrap</td>
                <td align="left">CKA_UNWRAP</td>
                <td align="left">id-evidence-key-capability-unwrap</td>
              </tr>
              <tr>
                <td align="left">sign</td>
                <td align="left">CKA_SIGN</td>
                <td align="left">id-evidence-key-capability-sign</td>
              </tr>
              <tr>
                <td align="left">sign-recover</td>
                <td align="left">CKA_SIGN_RECOVER</td>
                <td align="left">id-evidence-key-capability-sign-recover</td>
              </tr>
              <tr>
                <td align="left">verify</td>
                <td align="left">CKA_VERIFY</td>
                <td align="left">id-evidence-key-capability-verify</td>
              </tr>
              <tr>
                <td align="left">verify-recover</td>
                <td align="left">CKA_VERIFY_RECOVER</td>
                <td align="left">id-evidence-key-capability-verify-recover</td>
              </tr>
              <tr>
                <td align="left">derive</td>
                <td align="left">CKA_DERIVE</td>
                <td align="left">id-evidence-key-capability-derive</td>
              </tr>
            </tbody>
          </table>
          <t>The use of an object identifier to report a purpose allows third parties to extend this list to support
implementations that have other key purposes.</t>
        </section>
      </section>
      <section anchor="transaction-element">
        <name>Transaction Element</name>
        <t>A transaction element is associated with the type <tt>id-evidence-element-transaction</tt>. This is
an abstract element and does not relate to any state found in the Target Environment. Instead, it
groups together claims that relate to the request of generating the Evidence.</t>
        <t>For example, it is possible to include a <tt>nonce</tt> as part of the request to produce Evidence. This
<tt>nonce</tt> is repeated as part of the Evidence to support
the freshness of the Evidence. The <tt>nonce</tt> is not related to any portion of the Target Environment
and the transaction element is used to gather those values into claims.</t>
        <t>A transaction element, if provided, <bcp14>MUST</bcp14> be included only once within the reported elements. If a
Verifier detects multiple elements of type <tt>id-evidence-element-transaction</tt>, it <bcp14>MUST</bcp14>
reject the Evidence.</t>
        <t>The following table lists the claims for a transaction element defined
within this specification. The "Reference" column refers to the specification where the semantics
for the claim value can be found.</t>
        <table>
          <thead>
            <tr>
              <th align="left">Claim Type</th>
              <th align="left">Reference</th>
              <th align="left">Multiple?</th>
              <th align="left">OID</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">nonce</td>
              <td align="left">
                <xref target="RFC9711"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-transaction-nonce</td>
            </tr>
            <tr>
              <td align="left">timestamp</td>
              <td align="left">
                <xref target="RFC9711"/></td>
              <td align="left">No</td>
              <td align="left">id-evidence-claim-transaction-timestamp</td>
            </tr>
            <tr>
              <td align="left">ak-spki</td>
              <td align="left">RFCthis</td>
              <td align="left">Yes</td>
              <td align="left">id-evidence-claim-transaction-ak-spki</td>
            </tr>
          </tbody>
        </table>
        <section anchor="nonce">
          <name>nonce</name>
          <t>The claim <tt>nonce</tt> is used to provide "freshness" quality as to the generated Evidence. A Presenter requesting Evidence <bcp14>MAY</bcp14> provide a nonce
value as part of the request. This nonce value, if specified, <bcp14>SHOULD</bcp14> be repeated in the generated Evidence as a claim within the transaction element.</t>
          <t>This claim is similar to the "eat_nonce" as defined in <xref target="RFC9711"/>. According to that specification, this claim may be specified multiple times with
different values. However, within the scope of this specification, the "nonce" value can be specified only once within a transaction.</t>
        </section>
        <section anchor="timestamp">
          <name>timestamp</name>
          <t>The time at which the Evidence was generated, according to the internal system clock of the Attesting Environment. This is similar to the
"iat" claim in <xref target="RFC9711"/>.</t>
          <t>Note that security considerations should be taken relating to the evaluation of timestamps generated by HSMs. See <xref target="sec-cons-hsm-timestamps"/>.</t>
        </section>
        <section anchor="ak-spki">
          <name>ak-spki</name>
          <t>This claim contains the encoded Subject Public Key Information (SPKI) for the attestation key used to sign the Evidence. The definition
and encoding for SPKIs are defined in X.509 certificates (<xref target="RFC5280"/>).</t>
          <t>This transaction claim is used to bind the content of the Evidence with the key(s) used to sign that Evidence. The importance
of this binding is discussed in <xref target="sec-detached-sigs"/>.</t>
          <t>This claim can be reported multiple times. Each included claim <bcp14>MUST</bcp14> refer to a different attestation key. In other words, this claim
should be repeated only if multiple attestation keys are used to sign the Evidence.</t>
        </section>
      </section>
      <section anchor="sec-additional-claim-types">
        <name>Additional Element and Claim Types</name>
        <t>It is expected that HSM vendors will register additional Element and Claim types by assigning OIDs from their own proprietary OID arcs to hold data describing additional proprietary key properties.</t>
        <t>When new element and claim types are used, documentation similar to the one produced in this specification <bcp14>SHOULD</bcp14> be distributed to
explain the semantics of the claims and the frequency that values can be provided.</t>
        <t>See <xref target="sec-req-processing"/>, <xref target="sec-req-verification"/> and <xref target="sec-cons-verifier"/> for handling of unrecognized custom types.</t>
      </section>
      <section anchor="encoding">
        <name>Encoding</name>
        <t>The structure <tt>Evidence</tt> is to be DER encoded <xref target="X.690"/>.</t>
        <t>If a textual representation is required, then the DER encoding <bcp14>MAY</bcp14> be subsequently encoded into Standard Base64 as defined in <xref target="RFC4648"/>.</t>
        <t>PEM-like representations are also allowed where a MIME-compliant Base64 transformation of the DER encoding is used, provided that the
header label is "EVIDENCE". For example:</t>
        <artwork><![CDATA[
-----BEGIN EVIDENCE-----
(...)
-----END EVIDENCE-----
]]></artwork>
      </section>
    </section>
    <section anchor="sec-verif-proc">
      <name>Signing and Verification Procedures</name>
      <t>The <tt>SignatureBlock.signatureValue</tt> signs over the DER-encoded to-be-signed Evidence data
<tt>Evidence.tbs</tt>.</t>
      <t>If <tt>SignerIdentifier.certificate</tt> is present, the signature <bcp14>MUST</bcp14> be validated with the subject public key of that end-entity X.509 certificate. If <tt>SignerIdentifier.subjectPublicKeyInfo</tt> is present, the signature <bcp14>MUST</bcp14> be validated with that public key. If <tt>SignerIdentifier.keyId</tt> is present, the Verifier <bcp14>MUST</bcp14> obtain the corresponding public key by some implementation-specific or out-of-band mechanism; if no such key can be obtained, the SignatureBlock <bcp14>MUST</bcp14> be treated as unverifiable and the Evidence <bcp14>MUST</bcp14> be rejected. The certificate-based mode remains the preferred form in PKIX deployments because it provides both the public key and an X.509 identity.</t>
      <t>Verifiers <bcp14>MUST</bcp14> ensure, prior to accepting the signature associated with an end-entity certificate, that:</t>
      <ul spacing="normal">
        <li>
          <t>the certificate contains the <tt>KeyUsage</tt> (KU) extension with the <tt>digitalSignature</tt> bit set; and,</t>
        </li>
        <li>
          <t>the certificate contains the <tt>Extended Key Usage</tt> (EKU) extension that includes the <tt>id-kp-attestationKey</tt> usage.</t>
        </li>
      </ul>
      <t>Verifiers <bcp14>MAY</bcp14> also use <tt>Evidence.intermediateCertificates</tt> to build a certification path from the end-entity
certificate to a trust anchor.</t>
      <t>Note that the structure <tt>Evidence</tt> <bcp14>MAY</bcp14> contain zero or more SignatureBlocks.
A structure <tt>Evidence</tt> with zero SignatureBlocks is unsigned and unprotected; Verifiers <bcp14>MUST</bcp14> treat it as untrusted and <bcp14>MUST NOT</bcp14> rely on its claims.</t>
      <t>More than one SignatureBlock <bcp14>MAY</bcp14> be used to convey a number of different semantics.
For example, the HSM's Attesting Environment might hold multiple Attestation Keys using different cryptographic
algorithms in order to provide resilience against cryptographic degradation in a hybrid fashion. In this case a Verifier would be expected to validate
all SignatureBlocks. Alternatively, the HSM's Attesting Service may hold multiple Attestation Keys (or multiple X.509 certificates for the same key) from
multiple operational environments to which it belongs. In this case a Verifier would be expected to only validate the SignatureBlock corresponding to its
own environment. Alternatively, multiple SignatureBlocks could be used to convey counter-signatures from external parties, in which case the Verifier
needs to be equipped with environment-specific verification logic. Multiple of these cases, and potentially others, could be supported by a single Evidence object.</t>
      <t>Note that each SignatureBlock is a fully detached signature over the tbs content with no binding between the signed content and the SignatureBlocks meaning that a third-party can add a
counter-signature of the Evidence after the fact, or an attacker can remove a SignatureBlock without leaving any trace. See <xref target="sec-detached-sigs"/> for further discussion.</t>
      <t>If any <tt>transaction.ak-spki</tt> claims are present, the Verifier <bcp14>SHOULD</bcp14> verify that each <tt>SignerIdentifier</tt>’s SubjectPublicKeyInfo (or the SPKI of its <tt>certificate</tt>) matches at least one <tt>ak-spki</tt> value. Each such claim is authoritative only when it is backed by a successfully verified SignatureBlock using the corresponding attestation key. An <tt>ak-spki</tt> claim that is not matched by a valid signature block <bcp14>MUST NOT</bcp14> by itself be treated as proof that the corresponding key was used to sign the Evidence.</t>
    </section>
    <section anchor="sec-reqs">
      <name>Attestation Requests</name>
      <t>This section is informative in nature and implementers of this specification do not need to adhere to it. The aim of this section is
to provide a standard interface between a Presenter and an HSM producing Evidence. The authors hope that this standard interface will
yield interoperable tools between offerings from different vendors.</t>
      <t>The interface presented in this section might be too complex for manufacturers of HSMs with limited capabilities such as smartcards
or personal ID tokens. For devices with limited capabilities, a fixed Evidence endorsed by the vendor might be installed
during manufacturing. Other approaches for constrained HSMs might be to report elements and claims that are fixed or offer limited
variations.</t>
      <t>On the other hand, an enterprise-grade HSM with the capability to hold a large number of private keys is expected to be capable of generating
Evidence catered to the specific constraints imposed by a Verifier and without exposing extraneous information. The aim of the request
interface is to provide the means to select and report specific information in the generated Evidence.</t>
      <t>This section introduces the role of "Presenter" as shown in <xref target="fig-arch"/>. The Presenter is the role that initiates the generation of
Evidence. Since HSMs are generally servers (client/server relationship) or peripherals (controller/peripheral relationship), a Presenter is
required to launch the process of creating the Evidence and capturing it to forward it to the Verifier.</t>
      <figure anchor="fig-arch">
        <name>Architecture</name>
        <artset>
          <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="496" width="408" viewBox="0 0 408 496" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 8,32 L 8,336" fill="none" stroke="black"/>
              <path d="M 48,416 L 48,480" fill="none" stroke="black"/>
              <path d="M 64,80 L 64,160" fill="none" stroke="black"/>
              <path d="M 64,240 L 64,288" fill="none" stroke="black"/>
              <path d="M 112,296 L 112,408" fill="none" stroke="black"/>
              <path d="M 128,160 L 128,232" fill="none" stroke="black"/>
              <path d="M 136,288 L 136,408" fill="none" stroke="black"/>
              <path d="M 184,416 L 184,480" fill="none" stroke="black"/>
              <path d="M 216,80 L 216,160" fill="none" stroke="black"/>
              <path d="M 216,240 L 216,288" fill="none" stroke="black"/>
              <path d="M 248,32 L 248,336" fill="none" stroke="black"/>
              <path d="M 296,416 L 296,480" fill="none" stroke="black"/>
              <path d="M 400,416 L 400,480" fill="none" stroke="black"/>
              <path d="M 8,32 L 248,32" fill="none" stroke="black"/>
              <path d="M 64,80 L 216,80" fill="none" stroke="black"/>
              <path d="M 64,160 L 216,160" fill="none" stroke="black"/>
              <path d="M 64,240 L 216,240" fill="none" stroke="black"/>
              <path d="M 64,288 L 216,288" fill="none" stroke="black"/>
              <path d="M 8,336 L 248,336" fill="none" stroke="black"/>
              <path d="M 48,416 L 184,416" fill="none" stroke="black"/>
              <path d="M 296,416 L 400,416" fill="none" stroke="black"/>
              <path d="M 192,432 L 288,432" fill="none" stroke="black"/>
              <path d="M 192,464 L 288,464" fill="none" stroke="black"/>
              <path d="M 48,480 L 184,480" fill="none" stroke="black"/>
              <path d="M 296,480 L 400,480" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="296,464 284,458.4 284,469.6" fill="black" transform="rotate(0,288,464)"/>
              <polygon class="arrowhead" points="200,432 188,426.4 188,437.6" fill="black" transform="rotate(180,192,432)"/>
              <polygon class="arrowhead" points="144,408 132,402.4 132,413.6" fill="black" transform="rotate(90,136,408)"/>
              <polygon class="arrowhead" points="136,232 124,226.4 124,237.6" fill="black" transform="rotate(90,128,232)"/>
              <polygon class="arrowhead" points="120,296 108,290.4 108,301.6" fill="black" transform="rotate(270,112,296)"/>
              <g class="text">
                <text x="60" y="52">Attester</text>
                <text x="120" y="52">(HSM)</text>
                <text x="100" y="100">Target</text>
                <text x="120" y="116">Environment</text>
                <text x="112" y="132">(Elements</text>
                <text x="160" y="132">&amp;</text>
                <text x="112" y="148">values)</text>
                <text x="168" y="196">Collect</text>
                <text x="176" y="212">Claims(3)</text>
                <text x="112" y="260">Attesting</text>
                <text x="120" y="276">Environment</text>
                <text x="56" y="372">Attestation</text>
                <text x="208" y="372">Evidence(4)</text>
                <text x="52" y="388">Request(2)</text>
                <text x="244" y="420">Nonce(1)</text>
                <text x="120" y="452">Presenter</text>
                <text x="348" y="452">Verifier</text>
                <text x="240" y="484">Evidence(5)</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art"><![CDATA[
+-----------------------------+
|  Attester (HSM)             |
|                             |
|      +------------------+   |
|      | Target           |   |
|      | Environment      |   |
|      | (Elements &      |   |
|      |  values)         |   |
|      +-------+----------+   |
|              |              |
|              | Collect      |
|              | Claims(3)    |
|              v              |
|      +------------------+   |
|      | Attesting        |   |
|      | Environment      |   |
|      +--------+---------+   |
|            ^  |             |
|            |  |             |
+------------+--+-------------+
             |  |
 Attestation |  |   Evidence(4)
 Request(2)  |  |
             |  v
     +----------------+   Nonce(1)  +------------+
     |                |<------------|            |
     |    Presenter   |             |  Verifier  |
     |                |------------>|            |
     +----------------+ Evidence(5) +------------+
]]></artwork>
        </artset>
      </figure>
      <t>The process of generating Evidence generally starts at the Verifier with the generation of a nonce. The nonce is used to ensure freshness
of the Evidence and this quality is guaranteed by the Verifier. Therefore, if a nonce is used, it must be provided to the Presenter by
the Verifier (1).</t>
      <t>An Attestation Request (request) is assembled by the Presenter and submitted to the HSM (2). The Attesting Environment parses the request and
collects the appropriate measurements from the Target Environment (3).</t>
      <t>In the previous figure, the HSM is represented as being composed of an Attesting Environment and a Target Environment. This representation is offered
as a simplified view and implementations are not required to adhere to this separation of concerns.</t>
      <t>The Attesting Environment produces Evidence based on the collected information and returns it to the Presenter for distribution (4). Finally, the
Presenter forwards the Evidence to the Verifier (5).</t>
      <t>The aim of the figure is to depict the position of the Presenter as an intermediate role between the Attester and the Verifier.
The role of "Presenter" is privileged as it controls the claims included in the Evidence being generated by the Attester. However, the role is not "trusted" as
the Verifier does not have to take into account the participation of the Presenter as part of the function of appraising the Evidence.</t>
      <t>The attestation request, shown in the figure, consists of a structure <tt>TbsEvidence</tt> containing one <tt>ReportedElement</tt> for each element expected to
be included in the Evidence produced by the HSM.</t>
      <t>Each instance of <tt>ReportedElement</tt> included in the request is referred to as a requested element. A requested element contains a number of instances
of <tt>ReportedClaim</tt> known as requested claims. The collection of requested elements and requested claims represent the information desired
by the Presenter.</t>
      <t>In most cases the value of a requested claim should be left unspecified by the Presenter. In the process of generating
the Evidence, the values of the desired claims are measured by the Attesting Environment within the HSM and reported accordingly. For the purpose
of creating a request, the Presenter does not specify the value of the requested claims and leaves them empty. This is possible because the definition of
the structure <tt>ReportedClaim</tt> specifies the element <tt>value</tt> as optional.</t>
      <t>On the other hand, there are circumstances where the value of a requested claim should be provided by the Presenter. For example, when a particular
cryptographic key is to be included in the Evidence, the request must include a key element with one of the "identifier" claim set to the value
corresponding to the desired key.</t>
      <t>Some instances of <tt>ReportedElement</tt>, such as those representing the platform or the transaction, do not need identifiers as the associated elements are
implicit in nature. Custom element types might need selection during an attestation request and related documentation should specify how this is
achieved.</t>
      <t>The instance of <tt>TbsEvidence</tt> is unsigned and does not provide any means to maintain integrity when communicated from the Presenter to the HSM.
These details are left to the implementer. However, it is worth pointing out that the structure offered by <tt>Evidence</tt> could be reused by an
implementer to provide those capabilities, as described in <xref target="sec-cons-auth-the-presenter"/>.</t>
      <section anchor="requested-claims-with-specified-values">
        <name>Requested Claims with Specified Values</name>
        <t>This section deals with the requested claims specified in this document where a value should be provided by a Presenter. In other words, this
section defines all requested claims that should set a value in the structure <tt>ReportedClaim</tt>. Requested claims not covered in this sub-section
should not have a specified value (left empty).</t>
        <t>Since this section is non-normative, implementers may deviate from those recommendations.</t>
        <section anchor="key-identifiers">
          <name>Key Identifiers</name>
          <t>A Presenter may choose to select which cryptographic keys are reported as part of the generated Evidence. For each selected cryptographic key,
the Presenter includes a requested element of type <tt>id-evidence-element-key</tt>. Among the requested claims for this element, the
Presenter includes one claim with the type <tt>id-evidence-claim-key-identifier</tt>. The value of this claim should be
set to the utf8String that represents the identifier for the specific key.</t>
          <t>An HSM receiving an attestation request which selects a key via this approach is expected to fail the transaction if it cannot find the cryptographic
key associated with the specified identifier.</t>
        </section>
        <section anchor="nonce-1">
          <name>Nonce</name>
          <t>A Presenter may choose to include a nonce as part of the attestation request. When producing the Evidence, the HSM repeats the
nonce that was provided as part of the request.</t>
          <t>When providing a nonce, a Presenter includes, in the attestation request, an element of type <tt>id-evidence-element-transaction</tt>
with a claim of type <tt>id-evidence-claim-transaction-nonce</tt>. This claim is set with the value of the
nonce as an octet string.</t>
          <t>It is important to note that the Presenter, as an untrusted participant, should not be generating the value for the nonce. In fact, the
nonce should be generated by the Verifier so that the freshness of the Evidence can be trusted by the Verifier.</t>
        </section>
        <section anchor="reporting-of-attestation-keys">
          <name>Reporting of Attestation Keys</name>
          <t>There is a provision for the Attesting Environment to report the attestation key(s) used during the generation of the Evidence. To this end,
the transaction claim "ak-spki" is used.</t>
          <t>A Presenter invokes this provision by submitting an attestation request with a transaction claim of type "ak-spki" with a
non-specified value (left empty).</t>
          <t>In this case, the Attesting Environment adds a transaction claim of type "ak-spki" for each Attestation Key used to sign the Evidence. The
value of this claim is an octet string which is the encoding of the Subject Public Key Information (SPKI) associated
with the Attestation Key. Details on SPKIs and their encoding can be found in X.509 certificates (<xref target="RFC5280"/>).</t>
          <t>This reporting effectively binds the signature blocks to the content (see <xref target="sec-detached-sigs"/>).</t>
        </section>
        <section anchor="custom-key-selection">
          <name>Custom Key Selection</name>
          <t>An implementer might desire to select multiple cryptographic keys based on a shared attribute. A possible approach
is to include a single request element of type <tt>id-evidence-element-key</tt> including a claim with a set value. This claim
would not be related to the key identifier as this is unique to each key. A HSM supporting this scheme could select all the cryptographic
keys matching the specified claim and report them in the generated Evidence.</t>
          <t>This is a departure from the base request interface, as multiple key elements are reported from a single requested element.</t>
          <t>More elaborate selection schemes can be envisaged where multiple requested claims specifying values would be tested against cryptographic keys.
Whether these claims are combined in a logical "and" or in a logical "or" would need to be specified by the implementer.</t>
        </section>
        <section anchor="custom-transaction-element-claims">
          <name>Custom Transaction Element Claims</name>
          <t>The extensibility offered by the proposed request interface allows an implementer to add custom claims to the transaction element in
order to influence the way that the Evidence generation is performed.</t>
          <t>In such an approach, a new custom claim for requested elements of type "transaction" is defined. Then, a
claim of that type is included in the attestation request (as part of the transaction element) while specifying a value. This value
is considered by the HSM to select elements and claims during the generation of the Evidence.</t>
        </section>
      </section>
      <section anchor="sec-req-processing">
        <name>Processing an Attestation Request</name>
        <t>This sub-section describes the considerations that are relevant when an Attesting Environment processes a request to generate
Evidence. This section is non-normative and implementers may choose not to follow these recommendations.</t>
        <t>These recommendations apply to any attestation request scheme and are not restricted solely to the request interface proposed
here.</t>
        <t>An Attesting Environment is expected to fail an attestation request if it contains an unrecognized element type. This is to ensure that all the semantics expected
by the Presenter are fully understood by the Attesting Environment.</t>
        <t>An Attesting Environment is expected to fail an attestation request if it contains a requested claim with an unrecognized type and a specified value (that is, a value that is not empty). This represents a situation where the Presenter is selecting specific information that is not understood by the Attesting Environment.</t>
        <t>An Attesting Environment is encouraged to ignore unrecognized claim types in an attestation request. In this situation, the Attesting Environment is expected not to include
the claim as part of the response. This guidance is intended to increase the likelihood of interoperability between tools of different vendors.</t>
        <t>An Attesting Environment is expected to include only elements and claims in the generated Evidence if these elements and claims were
specified as part of the request. This is to give control to the Presenter as to what information is disclosed by the Attesting Environment.</t>
        <t>An Attesting Environment is expected to fail an attestation request if the Presenter does not have the appropriate access rights to the elements or claims included
in the request.</t>
      </section>
      <section anchor="sec-req-verification">
        <name>Verification by Presenter</name>
        <t>This sub-section describes the considerations that are relevant when a Presenter receives Evidence from the Attester (the HSM)
prior to distribution. This section is non-normative and implementers may choose not to follow these recommendations.</t>
        <t>These recommendations apply to any Evidence and are not restricted solely to Evidence generated from the proposed request interface.</t>
        <t>A Presenter is expected to review the Evidence produced by an Attester for fitness prior to distribution.</t>
        <t>A Presenter is expected not to disclose Evidence if it contains information it
cannot parse. This restriction applies to element types and claim types. This is
to ensure that the information provided by the Attester can be evaluated by the
Presenter.</t>
        <t>A Presenter is expected not to disclose Evidence if it contains elements other than the ones that were requested of the Attester. This is to ensure that only the
selected elements are exposed to the Verifier.</t>
        <t>A Presenter is expected not to disclose Evidence if it contains an element with a claim
that was not requested of the Attester. This is to ensure that only the selected
information is disclosed to the Verifier.</t>
        <t>Further privacy concerns are discussed in <xref target="sec-cons-privacy"/>.</t>
      </section>
    </section>
    <section anchor="sec-asn1-mod">
      <name>ASN.1 Module</name>
      <sourcecode type="asn.1"><![CDATA[
<CODE STARTS>

PKIX-Evidence-2025
      { iso(1) identified-organization(3) dod(6) internet(1)
        security(5) mechanisms(5) pkix(7) id-mod(0)
        id-mod-pkix-evidence-2025(TBDMOD1) }

DEFINITIONS EXPLICIT TAGS ::=
BEGIN

EXPORTS ALL ;

IMPORTS
  AlgorithmIdentifier{}, SIGNATURE-ALGORITHM
    FROM AlgorithmInformation-2009 -- in [RFC5912]
  { iso(1) identified-organization(3) dod(6) internet(1)
    security(5)mechanisms(5) pkix(7) id-mod(0)
    id-mod-algorithmInformation-02(58) }

  Certificate, SubjectPublicKeyInfo
    FROM PKIX1Explicit-2009 -- in [RFC5912]
  { iso(1) identified-organization(3) dod(6) internet(1)
    security(5) mechanisms(5) pkix(7) id-mod(0)
    id-mod-pkix1-explicit-02(51) }
;

-- OID Arc

id-kp OBJECT IDENTIFIER ::=
  { iso(1) identified-organization(3) dod(6) internet(1)
    security(5) mechanisms(5) pkix(7) kp(3) }

  -- Attestation Key Extended Key Usage --

id-kp-attestationKey OBJECT IDENTIFIER ::= { id-kp TBDMOD2 }

-- Evidence --

Evidence ::= SEQUENCE {
    tbs  TbsEvidence,
    signatures  SEQUENCE SIZE (0..MAX) OF SignatureBlock,
    intermediateCertificates  [0] SEQUENCE OF Certificate OPTIONAL
                                  -- As defined in RFC 5912
}

SignatureBlock ::= SEQUENCE {
    sid SignerIdentifier,
    signatureAlgorithm AlgorithmIdentifier
        { SIGNATURE-ALGORITHM, { ... } },
    signatureValue OCTET STRING
}

SignerIdentifier ::= SEQUENCE {
    keyId [0] EXPLICIT OCTET STRING OPTIONAL,
    subjectPublicKeyInfo [1] EXPLICIT
        SubjectPublicKeyInfo OPTIONAL,
        -- As defined in RFC 5912
    certificate [2] EXPLICIT Certificate OPTIONAL
      -- As defined in RFC 5912
} (
    WITH COMPONENTS { ..., keyId PRESENT}
    | WITH COMPONENTS { ..., subjectPublicKeyInfo PRESENT }
    | WITH COMPONENTS { ...,certificate PRESENT } )

TbsEvidence ::= SEQUENCE {
    version INTEGER,
    reportedElements SEQUENCE SIZE (1..MAX) OF ReportedElement
}

ReportedElement ::= SEQUENCE {
    elementType         OBJECT IDENTIFIER,
    claims             SEQUENCE SIZE (1..MAX) OF ReportedClaim
}

CLAIM ::= CLASS {
    &id       OBJECT IDENTIFIER UNIQUE,
    &Type
} WITH SYNTAX {
    ID &id
    WITH TYPE &Type
}

ReportedClaim ::= SEQUENCE {
    claimType  CLAIM.&id ({ClaimSet}),
    value      CLAIM.&Type ({ClaimSet}{@claimType}) OPTIONAL
}

ClaimSet CLAIM ::= {
      claim-transaction-nonce
      | claim-transaction-timestamp
      | claim-transaction-ak-spki
      | claim-platform-vendor
      | claim-platform-oemid
      | claim-platform-hwmodel
      | claim-platform-hwversion
      | claim-platform-hwserial
      | claim-platform-swname
      | claim-platform-swversion
      | claim-platform-debugstat
      | claim-platform-uptime
      | claim-platform-bootcount
      | claim-platform-fipsboot
      | claim-platform-fipsver
      | claim-platform-fipslevel
      | claim-platform-fipsmodule
      | claim-key-identifier
      | claim-key-spki
      | claim-key-extractable
      | claim-key-sensitive
      | claim-key-never-extractable
      | claim-key-local
      | claim-key-expiry
      | claim-key-purpose,
      ...
}

id-evidence OBJECT IDENTIFIER ::= { 
     iso(1) identified-organization(3) dod(6)
     internet(1) security(5) mechanisms(5) TBDMOD3 }

id-evidence-element             OBJECT IDENTIFIER ::=
    { id-evidence 0 }
id-evidence-element-transaction OBJECT IDENTIFIER ::=
    { id-evidence-element 0 }
id-evidence-element-platform    OBJECT IDENTIFIER ::=
    { id-evidence-element 1 }
id-evidence-element-key         OBJECT IDENTIFIER ::=
    { id-evidence-element 2 }

id-evidence-claim    OBJECT IDENTIFIER ::=
    { id-evidence 1 }

id-evidence-claim-transaction           OBJECT IDENTIFIER ::=
    { id-evidence-claim 0 }
id-evidence-claim-transaction-nonce     OBJECT IDENTIFIER ::=
    { id-evidence-claim-transaction 0 }
id-evidence-claim-transaction-timestamp OBJECT IDENTIFIER ::=
    { id-evidence-claim-transaction 1 }
id-evidence-claim-transaction-ak-spki   OBJECT IDENTIFIER ::=
    { id-evidence-claim-transaction 2 }

id-evidence-claim-platform            OBJECT IDENTIFIER ::=
    { id-evidence-claim 1 }
id-evidence-claim-platform-vendor     OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 0 }
id-evidence-claim-platform-oemid      OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 1 }
id-evidence-claim-platform-hwmodel    OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 2 }
id-evidence-claim-platform-hwversion  OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 3 }
id-evidence-claim-platform-hwserial   OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 4 }
id-evidence-claim-platform-swname     OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 5 }
id-evidence-claim-platform-swversion  OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 6 }
id-evidence-claim-platform-debugstat  OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 7 }
id-evidence-claim-platform-uptime     OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 8 }
id-evidence-claim-platform-bootcount  OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 9 }
id-evidence-claim-platform-fipsboot   OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 10 }
id-evidence-claim-platform-fipsver    OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 11 }
id-evidence-claim-platform-fipslevel  OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 12 }
id-evidence-claim-platform-fipsmodule OBJECT IDENTIFIER ::=
    { id-evidence-claim-platform 13 }

id-evidence-claim-key                   OBJECT IDENTIFIER ::=
    { id-evidence-claim 2 }
id-evidence-claim-key-identifier        OBJECT IDENTIFIER ::=
    { id-evidence-claim-key 0 }
id-evidence-claim-key-spki              OBJECT IDENTIFIER ::=
    { id-evidence-claim-key 1 }
id-evidence-claim-key-extractable       OBJECT IDENTIFIER ::=
    { id-evidence-claim-key 2 }
id-evidence-claim-key-sensitive         OBJECT IDENTIFIER ::=
    { id-evidence-claim-key 3 }
id-evidence-claim-key-never-extractable OBJECT IDENTIFIER ::=
    { id-evidence-claim-key 4 }
id-evidence-claim-key-local             OBJECT IDENTIFIER ::=
    { id-evidence-claim-key 5 }
id-evidence-claim-key-expiry            OBJECT IDENTIFIER ::=
    { id-evidence-claim-key 6 }
id-evidence-claim-key-purpose           OBJECT IDENTIFIER ::=
    { id-evidence-claim-key 7 }

id-evidence-key-capability              OBJECT IDENTIFIER ::=
    { id-evidence 2 }
id-evidence-key-capability-encrypt      OBJECT IDENTIFIER ::=
    { id-evidence-key-capability 0 }
id-evidence-key-capability-decrypt      OBJECT IDENTIFIER ::=
    { id-evidence-key-capability 1 }
id-evidence-key-capability-wrap         OBJECT IDENTIFIER ::=
    { id-evidence-key-capability 2 }
id-evidence-key-capability-unwrap       OBJECT IDENTIFIER ::=
    { id-evidence-key-capability 3 }
id-evidence-key-capability-sign         OBJECT IDENTIFIER ::=
    { id-evidence-key-capability 4 }
id-evidence-key-capability-sign-recover OBJECT IDENTIFIER ::=
    { id-evidence-key-capability 5 }
id-evidence-key-capability-verify       OBJECT IDENTIFIER ::=
    { id-evidence-key-capability 6 }
id-evidence-key-capability-verify-recover OBJECT IDENTIFIER ::=
    { id-evidence-key-capability 7 }
id-evidence-key-capability-derive       OBJECT IDENTIFIER ::=
    { id-evidence-key-capability 8 }


claim-transaction-nonce CLAIM ::= {
  ID id-evidence-claim-transaction-nonce
  WITH TYPE OCTET STRING
}

claim-transaction-timestamp CLAIM ::= {
  ID id-evidence-claim-transaction-timestamp
  WITH TYPE GeneralizedTime
}

claim-transaction-ak-spki CLAIM ::= {
  ID id-evidence-claim-transaction-ak-spki
  WITH TYPE OCTET STRING
}

claim-platform-vendor CLAIM ::= {
  ID id-evidence-claim-platform-vendor
  WITH TYPE UTF8String
}

claim-platform-oemid CLAIM ::= {
  ID id-evidence-claim-platform-oemid
  WITH TYPE OCTET STRING
}

claim-platform-hwmodel CLAIM ::= {
  ID id-evidence-claim-platform-hwmodel
  WITH TYPE OCTET STRING
}

claim-platform-hwversion CLAIM ::= {
  ID id-evidence-claim-platform-hwversion
  WITH TYPE UTF8String
}

claim-platform-hwserial CLAIM ::= {
  ID id-evidence-claim-platform-hwserial
  WITH TYPE UTF8String
}

claim-platform-swname CLAIM ::= {
  ID id-evidence-claim-platform-swname
  WITH TYPE UTF8String
}

claim-platform-swversion CLAIM ::= {
  ID id-evidence-claim-platform-swversion
  WITH TYPE UTF8String
}

claim-platform-debugstat CLAIM ::= {
  ID id-evidence-claim-platform-debugstat
  WITH TYPE INTEGER
}

claim-platform-uptime CLAIM ::= {
  ID id-evidence-claim-platform-uptime
  WITH TYPE INTEGER
}

claim-platform-bootcount CLAIM ::= {
  ID id-evidence-claim-platform-bootcount
  WITH TYPE INTEGER
}

claim-platform-fipsboot CLAIM ::= {
  ID id-evidence-claim-platform-fipsboot
  WITH TYPE BOOLEAN
}

claim-platform-fipsver CLAIM ::= {
  ID id-evidence-claim-platform-fipsver
  WITH TYPE UTF8String
}

claim-platform-fipslevel CLAIM ::= {
  ID id-evidence-claim-platform-fipslevel
  WITH TYPE INTEGER
}

claim-platform-fipsmodule CLAIM ::= {
  ID id-evidence-claim-platform-fipsmodule
  WITH TYPE UTF8String
}

claim-key-identifier CLAIM ::= {
  ID id-evidence-claim-key-identifier
  WITH TYPE UTF8String
}

claim-key-spki CLAIM ::= {
  ID id-evidence-claim-key-spki
  WITH TYPE OCTET STRING
}

claim-key-extractable CLAIM ::= {
  ID id-evidence-claim-key-extractable
  WITH TYPE BOOLEAN
}

claim-key-sensitive CLAIM ::= {
  ID id-evidence-claim-key-sensitive
  WITH TYPE BOOLEAN
}

claim-key-never-extractable CLAIM ::= {
  ID id-evidence-claim-key-never-extractable
  WITH TYPE BOOLEAN
}

claim-key-local CLAIM ::= {
  ID id-evidence-claim-key-local
  WITH TYPE BOOLEAN
}

claim-key-expiry CLAIM ::= {
  ID id-evidence-claim-key-expiry
  WITH TYPE GeneralizedTime
}

claim-key-purpose CLAIM ::= {
  ID id-evidence-claim-key-purpose
  WITH TYPE KeyPurposes
}

KeyPurposes ::= SEQUENCE OF OBJECT IDENTIFIER

END

<CODE ENDS>

]]></sourcecode>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>Please replace "RFCthis" with the RFC number assigned to this document.</t>
      <t>For the ASN.1 module found in Section 8, IANA is requested to assign
an object identifier for the module identifier (TBDMOD1) with a
description of "id-mod-pkix-evidence-2025". This should be allocated in the
"SMI Security for PKIX Module Identifier" registry (1.3.6.1.5.5.7.0).</t>
      <t>For the ASN.1 module found in section 8, IANA is requested to assign an
object identifier for the extended key usage <tt>id-kp-attestationKey</tt> (TBDMOD2).
This identifier should be allocated under the PKIX KP arc (1.3.6.1.5.5.7.3)
with the description "Extended Key Usage (EKU) for signing Evidence".</t>
      <t>IANA is asked to define a new arc under "SMI Security for Mechanism Codes" (1.3.6.1.5.5) with the following
details:</t>
      <ul spacing="normal">
        <li>
          <t>OID Value: 1.3.6.1.5.5.TBDMOD3</t>
        </li>
        <li>
          <t>Name: evidence</t>
        </li>
        <li>
          <t>Description: Evidence Encoding for Hardware Security Modules</t>
        </li>
        <li>
          <t>Reference: RFCthis</t>
        </li>
      </ul>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <section anchor="sec-cons-verifier">
        <name>Policies relating to Verifier and Relying Party</name>
        <t>The generation of Evidence by an HSM is to provide sufficient information to
a Verifier and, ultimately, a Relying Party to appraise the Target Environment (the HSM) and make
decisions based on this appraisal.</t>
        <t>The Appraisal Policy associated with the Verifier influences the generation of the Attestation
Results. Those results, in turn, are consumed by the Relying Party to make decisions about
the HSM, which might be based on a set of rules and policies. Therefore, the interpretation of
the provided Evidence may greatly influence the outcome of some decisions.</t>
        <t>A Verifier <bcp14>MAY</bcp14> reject Evidence if it lacks the claims required per the Verifier's
appraisal policy. For example, if a Relying Party mandates a FIPS-certified device,
it <bcp14>SHOULD</bcp14> reject Evidence lacking sufficient information to verify the device's FIPS
certification status.</t>
        <t>If a Verifier encounters a claim with an unrecognized claim type, it <bcp14>MAY</bcp14> ignore it and
treat it as extraneous information. By ignoring a claim, the Verifier may accept Evidence
that would be deemed malformed to a Verifier with different policies. However, this approach
fosters a higher likelihood of achieving interoperability.</t>
      </section>
      <section anchor="sec-cons-simple">
        <name>Simple to Implement</name>
        <t>The nature of attestation requires the Attesting Environment to be implemented in an extremely
privileged position within the HSM so that it can collect the required measurements such as
hardware registers and the user keys. For many HSM architectures, this will
place the Attesting Environment inside the "security kernel" and potentially subject to FIPS 140-3
or Common Criteria validation and change control. For both security and compliance reasons,
there is an incentive for the generation and parsing logic to be simple and easy to implement
correctly. Additionally, when the data formats contained in this specification are parsed
within an HSM boundary -- that would be parsing Evidence
produced by a different HSM -- implementers <bcp14>SHOULD</bcp14> opt for simple logic that rejects any
data that does not match the expected format, instead of attempting to be flexible.</t>
        <t>In particular, the Attesting Environment <bcp14>SHOULD</bcp14> generate Evidence from scratch and
avoid copying any content from the request. The Attesting Environment <bcp14>MUST</bcp14> generate Evidence
only from information and measurements that are directly observable by it.</t>
      </section>
      <section anchor="sec-detached-sigs">
        <name>Detached Signatures</name>
        <t>The construction of the Evidence structure includes a collection of signature
blocks that are not explicitly bound to the content. This approach was influenced by the following
motivations:</t>
        <ul spacing="normal">
          <li>
            <t>Multiple simultaneous signature blocks are desired to support hybrid environments where
multiple keys using different cryptographic algorithms are required to support appraisal
policies.</t>
          </li>
          <li>
            <t>Provide the ability to add counter-signatures without having to define an envelop scheme.</t>
          </li>
        </ul>
        <t>The concept of counter-signatures is important for environments where a number of heterogeneous
devices are deployed. In those environments, it is possible for a trusted actor, intermediary between
the Attester and the Verifier, to validate the original signature(s) and apply its own afterwards.</t>
        <t>The ability to add signature blocks to the Evidence after the original generation by the Attester leads
to the unfortunate situation where signature blocks can also be removed without leaving any trace.
Therefore, the signature blocks can be deemed as "detachable" or "stapled".</t>
        <t>Manipulation of the Evidence after it was generated can lead to undesired outcomes at the Verifier.</t>
        <t>Therefore, Verifiers <bcp14>MUST</bcp14> be designed to accept Evidence based on their appraisal policies, regardless
of the presence or absence of certain signature(s). Consequently, Verifiers <bcp14>MUST NOT</bcp14> make any inferences
based on the presence of a signature, as the signature could have been added or removed in transit.</t>
        <t>This specification provides the transaction claim "ak-spki" to effectively bind the content with
the signature blocks that were inserted by the Attesting Environment. When this claim is provided, it reports
the SPKI of one of the attestation keys used by the Attesting Environment to produce the Evidence. This claim
is repeated for each of the attestation keys used by the Attesting Environment.</t>
      </section>
      <section anchor="sec-cons-privacy">
        <name>Privacy</name>
        <t>Some HSMs have the capacity of supporting cryptographic keys controlled by separate elements referred to as "tenants", and when the HSM is used in that mode
it is referred to as a multi-tenant configuration.</t>
        <t>For example, an enterprise-grade HSM in a large multi-tenant cloud service could host TLS keys fronting multiple un-related web domains. Providing Evidence for
claims of any one of the keys would involve a Presenter that could potentially access any of the hosted keys.
In such a case, privacy violations could occur if the Presenter was to disclose information that does not relate to the subject key.</t>
        <t>Implementers <bcp14>SHOULD</bcp14> be careful to avoid over-disclosure of information, for example by authenticating the Presenter as described in <xref target="sec-cons-auth-the-presenter"/> and
only returning results for keys and portions of the Target Environment for which it is authorized.
In the absence of an existing mechanism for authenticating and authorizing administrative connections to the HSM, the attestation request authentication approach is described in <xref target="sec-cons-auth-the-presenter"/>.</t>
        <t>Furthermore, enterprise and cloud-services grade HSMs <bcp14>SHOULD</bcp14> support the full set of attestation request functionality described in <xref target="sec-reqs"/> so that
Presenters can fine-tune the content of the generated Evidence such that it is appropriate for the intended Verifier.</t>
      </section>
      <section anchor="sec-cons-auth-the-presenter">
        <name>Authenticating and Authorizing the Presenter</name>
        <t>The Presenter represents a privileged role within the architecture of this specification as it gets to learn about the existence of user keys and their protection properties, as well as details of the platform.
The Presenter is in the position of deciding how much information to disclose to the Verifier, and to request a suitably redacted Evidence from the HSM.</t>
        <t>For personal cryptographic tokens it might be appropriate for the attestation request interface to be un-authenticated. However, for enterprise and cloud-services
grade HSMs the Presenter <bcp14>SHOULD</bcp14> be authenticated using the HSM's native authentication mechanism. The details are HSM-specific and are thus left up to the implementer. However,
it is <bcp14>RECOMMENDED</bcp14> to implement an authorization framework similar to the following.</t>
        <t>A Presenter <bcp14>SHOULD</bcp14> be allowed to request Evidence for any user keys which it is allowed to use.
For example, a TLS application that is correctly authenticated to the HSM in order to use its TLS keys <bcp14>SHOULD</bcp14> be able to request Evidence related to those same keys without needing
to perform any additional authentication or requiring any additional roles or permissions.
HSMs that wish to allow a Presenter to request Evidence of keys which is not allowed to use, for example for the purposes of displaying HSM status information on an administrative
console or UI, <bcp14>SHOULD</bcp14> have a "Attestation Requester" role or permission and <bcp14>SHOULD</bcp14> enforce the HSM's native access controls such that the Presenter can only retrieve Evidence for keys for which it has visibility.</t>
        <t>In the absence of an existing mechanism for authenticating and authorizing administrative connections to the HSM, the attestation request <bcp14>MAY</bcp14> be authenticated by embedding the <tt>TbsEvidence</tt>
of the request inside an <tt>Evidence</tt> signed with a certificate belonging to the Presenter.</t>
      </section>
      <section anchor="proof-of-possession-of-user-keys">
        <name>Proof-of-Possession of User Keys</name>
        <t>With asymmetric keys within a Public Key Infrastructure (PKI) it is common to require a key holder to prove that they are in control of the private key by using it. This is
called "proof-of-possession (PoP)". This specification intentionally does not provide a mechanism for PoP of user keys and relies on the Presenter, Verifier, and Relying Party
trusting the Attester to correctly report the cryptographic keys that it is holding.</t>
        <t>It would be trivial to add a PoP Key claim that uses the attested user key to sign over, for example, the Transaction Element. However, this approach leads to undesired consequences, as explained
below.</t>
        <t>First, a user key intended for TLS, as an example, <bcp14>SHOULD</bcp14> only be used with the TLS protocol. Introducing a signature oracle whereby the TLS application key is used to sign Evidence could lead to cross-protocol attacks.
In this example, an attacker could submit a "nonce" value which is in fact not random but is crafted in such a way as to appear as a valid message in some other protocol context or exploit some other weakness in the signature algorithm.</t>
        <t>Second, the Presenter who has connected to the HSM to request Evidence may have permissions to list the requested application keys but not permission to use them,
as in the case where the Presenter is an administrative UI displaying HSM status information to a system's administrator or auditor.</t>
        <t>Requiring the Attesting Environment to use the reported application keys to generate Evidence could, in some architectures, require the Attesting Environment to
resolve complex access control logic and handle complex error conditions, which violates the "simple to implement" design principle outlined in <xref target="sec-cons-simple"/>.
More discussions on authenticating the Presenter can be found in <xref target="sec-cons-auth-the-presenter"/>.</t>
      </section>
      <section anchor="sec-cons-hsm-timestamps">
        <name>Timestamps and HSMs</name>
        <t>It is common for HSMs to have an inaccurate system clock. Most clocks have a natural drift and must be corrected periodically. HSMs, like any other devices,
are subject to these issues.</t>
        <t>There are many situations where HSMs can not naturally correct their internal system clocks. For example, consider a HSM hosting a trust anchor and usually kept offline
and booted up infrequently in a network without a reliable time management service. Another example is a smart card which boots up only when held against an NFC reader.</t>
        <t>When a timestamp generated from a HSM is evaluated, the expected behavior of the system clock <bcp14>SHOULD</bcp14> be considered.</t>
        <t>More specifically, the timestamp <bcp14>SHOULD NOT</bcp14> be relied on for establishing the freshness of the Evidence generated by a HSM. Instead, Verifiers <bcp14>SHOULD</bcp14> rely on other provisions
such as the "nonce" claim of the "transaction" element, introduced in this specification.</t>
        <t>Furthermore, the internal system clock of HSMs <bcp14>SHOULD NOT</bcp14> be relied on to enforce expiration policies.</t>
      </section>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC9334">
          <front>
            <title>Remote ATtestation procedureS (RATS) Architecture</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="D. Thaler" initials="D." surname="Thaler"/>
            <author fullname="M. Richardson" initials="M." surname="Richardson"/>
            <author fullname="N. Smith" initials="N." surname="Smith"/>
            <author fullname="W. Pan" initials="W." surname="Pan"/>
            <date month="January" year="2023"/>
            <abstract>
              <t>In network protocol exchanges, it is often useful for one end of a communication to know whether the other end is in an intended operating state. This document provides an architectural overview of the entities involved that make such tests possible through the process of generating, conveying, and evaluating evidentiary Claims. It provides a model that is neutral toward processor architectures, the content of Claims, and protocols.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9334"/>
          <seriesInfo name="DOI" value="10.17487/RFC9334"/>
        </reference>
        <reference anchor="RFC5280">
          <front>
            <title>Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</title>
            <author fullname="D. Cooper" initials="D." surname="Cooper"/>
            <author fullname="S. Santesson" initials="S." surname="Santesson"/>
            <author fullname="S. Farrell" initials="S." surname="Farrell"/>
            <author fullname="S. Boeyen" initials="S." surname="Boeyen"/>
            <author fullname="R. Housley" initials="R." surname="Housley"/>
            <author fullname="W. Polk" initials="W." surname="Polk"/>
            <date month="May" year="2008"/>
            <abstract>
              <t>This memo profiles the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) for use in the Internet. An overview of this approach and model is provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail along with standard and Internet-specific extensions. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5280"/>
          <seriesInfo name="DOI" value="10.17487/RFC5280"/>
        </reference>
        <reference anchor="RFC9711">
          <front>
            <title>The Entity Attestation Token (EAT)</title>
            <author fullname="L. Lundblade" initials="L." surname="Lundblade"/>
            <author fullname="G. Mandyam" initials="G." surname="Mandyam"/>
            <author fullname="J. O'Donoghue" initials="J." surname="O'Donoghue"/>
            <author fullname="C. Wallace" initials="C." surname="Wallace"/>
            <date month="April" year="2025"/>
            <abstract>
              <t>An Entity Attestation Token (EAT) provides an attested claims set that describes the state and characteristics of an entity, a device such as a smartphone, an Internet of Things (IoT) device, network equipment, or such. This claims set is used by a relying party, server, or service to determine the type and degree of trust placed in the entity.</t>
              <t>An EAT is either a CBOR Web Token (CWT) or a JSON Web Token (JWT) with attestation-oriented claims.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9711"/>
          <seriesInfo name="DOI" value="10.17487/RFC9711"/>
        </reference>
        <reference anchor="RFC4648">
          <front>
            <title>The Base16, Base32, and Base64 Data Encodings</title>
            <author fullname="S. Josefsson" initials="S." surname="Josefsson"/>
            <date month="October" year="2006"/>
            <abstract>
              <t>This document describes the commonly used base 64, base 32, and base 16 encoding schemes. It also discusses the use of line-feeds in encoded data, use of padding in encoded data, use of non-alphabet characters in encoded data, use of different encoding alphabets, and canonical encodings. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="4648"/>
          <seriesInfo name="DOI" value="10.17487/RFC4648"/>
        </reference>
        <reference anchor="X680" target="https://www.itu.int/rec/T-REC-X.680">
          <front>
            <title>Information technology — ASN.1: Specification of basic notation</title>
            <author>
              <organization>ITU-T</organization>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
        <reference anchor="X690" target="https://www.itu.int/rec/T-REC-X.690">
          <front>
            <title>Information technology — ASN.1 encoding rules: BER, CER, DER</title>
            <author>
              <organization>ITU-T</organization>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
        <reference anchor="PKCS11" target="https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/pkcs11-spec-v3.1-cs01.html">
          <front>
            <title>PKCS #11 Specification Version 3.1</title>
            <author initials="D." surname="Bong" fullname="Dieter Bong">
              <organization/>
            </author>
            <author initials="T." surname="Cox" fullname="Tony Cox">
              <organization/>
            </author>
            <author>
              <organization>OASIS PKCS 11 TC</organization>
            </author>
            <date year="2022" month="August" day="11"/>
          </front>
        </reference>
        <reference anchor="FIPS140-3" target="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf">
          <front>
            <title>Security Requirements for Cryptographic Modules</title>
            <author>
              <organization>NIST, Information Technology Laboratory</organization>
            </author>
            <date>n.d.</date>
          </front>
          <seriesInfo name="FIPS" value="140-3"/>
        </reference>
        <reference anchor="X.690" target="https://www.itu.int/rec/T-REC-X.690">
          <front>
            <title>Information technology -- ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)</title>
            <author>
              <organization>ITU-T</organization>
            </author>
            <date year="2021" month="February"/>
          </front>
          <seriesInfo name="ITU-T Recommendation" value="X.690"/>
          <seriesInfo name="ISO/IEC" value="8825-1:2021"/>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC2986">
          <front>
            <title>PKCS #10: Certification Request Syntax Specification Version 1.7</title>
            <author fullname="M. Nystrom" initials="M." surname="Nystrom"/>
            <author fullname="B. Kaliski" initials="B." surname="Kaliski"/>
            <date month="November" year="2000"/>
            <abstract>
              <t>This memo represents a republication of PKCS #10 v1.7 from RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, and change control is retained within the PKCS process. The body of this document, except for the security considerations section, is taken directly from the PKCS #9 v2.0 or the PKCS #10 v1.7 document. This memo provides information for the Internet community.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="2986"/>
          <seriesInfo name="DOI" value="10.17487/RFC2986"/>
        </reference>
        <reference anchor="RFC6024">
          <front>
            <title>Trust Anchor Management Requirements</title>
            <author fullname="R. Reddy" initials="R." surname="Reddy"/>
            <author fullname="C. Wallace" initials="C." surname="Wallace"/>
            <date month="October" year="2010"/>
            <abstract>
              <t>A trust anchor represents an authoritative entity via a public key and associated data. The public key is used to verify digital signatures, and the associated data is used to constrain the types of information for which the trust anchor is authoritative. A relying party uses trust anchors to determine if a digitally signed object is valid by verifying a digital signature using the trust anchor's public key, and by enforcing the constraints expressed in the associated data for the trust anchor. This document describes some of the problems associated with the lack of a standard trust anchor management mechanism and defines requirements for data formats and push-based protocols designed to address these problems. This document is not an Internet Standards Track specification; it is published for informational purposes.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6024"/>
          <seriesInfo name="DOI" value="10.17487/RFC6024"/>
        </reference>
        <reference anchor="RFC9019">
          <front>
            <title>A Firmware Update Architecture for Internet of Things</title>
            <author fullname="B. Moran" initials="B." surname="Moran"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <author fullname="D. Brown" initials="D." surname="Brown"/>
            <author fullname="M. Meriac" initials="M." surname="Meriac"/>
            <date month="April" year="2021"/>
            <abstract>
              <t>Vulnerabilities in Internet of Things (IoT) devices have raised the need for a reliable and secure firmware update mechanism suitable for devices with resource constraints. Incorporating such an update mechanism is a fundamental requirement for fixing vulnerabilities, but it also enables other important capabilities such as updating configuration settings and adding new functionality.</t>
              <t>In addition to the definition of terminology and an architecture, this document provides the motivation for the standardization of a manifest format as a transport-agnostic means for describing and protecting firmware updates.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9019"/>
          <seriesInfo name="DOI" value="10.17487/RFC9019"/>
        </reference>
        <reference anchor="RFC4211">
          <front>
            <title>Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)</title>
            <author fullname="J. Schaad" initials="J." surname="Schaad"/>
            <date month="September" year="2005"/>
            <abstract>
              <t>This document describes the Certificate Request Message Format (CRMF) syntax and semantics. This syntax is used to convey a request for a certificate to a Certification Authority (CA), possibly via a Registration Authority (RA), for the purposes of X.509 certificate production. The request will typically include a public key and the associated registration information. This document does not define a certificate request protocol. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="4211"/>
          <seriesInfo name="DOI" value="10.17487/RFC4211"/>
        </reference>
        <reference anchor="I-D.ietf-lamps-csr-attestation">
          <front>
            <title>Use of Remote Attestation with Certification Signing Requests</title>
            <author fullname="Mike Ounsworth" initials="M." surname="Ounsworth">
              <organization>Cryptic Forest Software</organization>
            </author>
            <author fullname="Hannes Tschofenig" initials="H." surname="Tschofenig">
              <organization>Siemens</organization>
            </author>
            <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
              <organization>Fraunhofer SIT</organization>
            </author>
            <author fullname="Monty Wiseman" initials="M." surname="Wiseman">
              <organization>Independent</organization>
            </author>
            <author fullname="Ned Smith" initials="N." surname="Smith">
         </author>
            <date day="16" month="June" year="2026"/>
            <abstract>
              <t>   Certification Authorities (CAs) issuing certificates to Public Key
   Infrastructure (PKI) end entities may require a certificate signing
   request (CSR) to include additional verifiable information to confirm
   policy compliance.  For example, a CA may require an end entity to
   demonstrate that the private key corresponding to a CSR's public key
   is secured by a hardware security module (HSM), is not exportable,
   etc.  The process of generating, transmitting, and verifying
   additional information required by the CA is called remote
   attestation.  While work is currently underway to standardize various
   aspects of remote attestation, a variety of proprietary mechanisms
   have been in use for years, particularly regarding protection of
   private keys.

   This specification defines ASN.1 structures which may carry
   attestation data for PKCS#10 and Certificate Request Message Format
   (CRMF) messages.  Both standardized and proprietary attestation
   formats are supported by this specification.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-lamps-csr-attestation-28"/>
        </reference>
        <reference anchor="I-D.fossati-tls-attestation">
          <front>
            <title>Using Attestation in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)</title>
            <author fullname="Hannes Tschofenig" initials="H." surname="Tschofenig">
         </author>
            <author fullname="Yaron Sheffer" initials="Y." surname="Sheffer">
              <organization>Intuit</organization>
            </author>
            <author fullname="Paul Howard" initials="P." surname="Howard">
              <organization>Arm Limited</organization>
            </author>
            <author fullname="Ionuț Mihalcea" initials="I." surname="Mihalcea">
              <organization>Arm Limited</organization>
            </author>
            <author fullname="Yogesh Deshpande" initials="Y." surname="Deshpande">
              <organization>Arm Limited</organization>
            </author>
            <author fullname="Arto Niemi" initials="A." surname="Niemi">
              <organization>Huawei</organization>
            </author>
            <author fullname="Thomas Fossati" initials="T." surname="Fossati">
              <organization>Linaro</organization>
            </author>
            <date day="30" month="April" year="2025"/>
            <abstract>
              <t>   The TLS handshake protocol allows authentication of one or both peers
   using static, long-term credentials.  In some cases, it is also
   desirable to ensure that the peer runtime environment is in a secure
   state.  Such an assurance can be achieved using attestation which is
   a process by which an entity produces evidence about itself that
   another party can use to appraise whether that entity is found in a
   secure state.  This document describes a series of protocol
   extensions to the TLS 1.3 handshake that enables the binding of the
   TLS authentication key to a remote attestation session.  This enables
   an entity capable of producing attestation evidence, such as a
   confidential workload running in a Trusted Execution Environment
   (TEE), or an IoT device that is trying to authenticate itself to a
   network access point, to present a more comprehensive set of security
   metrics to its peer.  These extensions have been designed to allow
   the peers to use any attestation technology, in any remote
   attestation topology, and mutually.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-fossati-tls-attestation-09"/>
        </reference>
        <reference anchor="I-D.ietf-rats-msg-wrap">
          <front>
            <title>RATS Conceptual Messages Wrapper (CMW)</title>
            <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
              <organization>Fraunhofer SIT</organization>
            </author>
            <author fullname="Ned Smith" initials="N." surname="Smith">
              <organization>Independent</organization>
            </author>
            <author fullname="Thomas Fossati" initials="T." surname="Fossati">
              <organization>Linaro</organization>
            </author>
            <author fullname="Hannes Tschofenig" initials="H." surname="Tschofenig">
              <organization>University of Applied Sciences Bonn-Rhein-Sieg</organization>
            </author>
            <author fullname="Dionna Glaze" initials="D." surname="Glaze">
              <organization>Google LLC</organization>
            </author>
            <date day="11" month="December" year="2025"/>
            <abstract>
              <t>   The Conceptual Messages introduced by the RATS architecture (RFC
   9334) are protocol-agnostic data units that are conveyed between RATS
   roles during remote attestation procedures.  Conceptual Messages
   describe the meaning and function of such data units within RATS data
   flows without specifying a wire format, encoding, transport
   mechanism, or processing details.  The initial set of Conceptual
   Messages is defined in Section 8 of RFC 9334 and includes Evidence,
   Attestation Results, Endorsements, Reference Values, and Appraisal
   Policies.

   This document introduces the Conceptual Message Wrapper (CMW) that
   provides a common structure to encapsulate these messages.  It
   defines a dedicated CBOR tag, corresponding JSON Web Token (JWT) and
   CBOR Web Token (CWT) claims, and an X.509 extension.

   This allows CMWs to be used in CBOR-based protocols, web APIs using
   JWTs and CWTs, and PKIX artifacts like X.509 certificates.
   Additionally, the draft defines a media type and a CoAP content
   format to transport CMWs over protocols like HTTP, MIME, and CoAP.

   The goal is to improve the interoperability and flexibility of remote
   attestation protocols.  Introducing a shared message format such as
   CMW enables consistent support for different attestation message
   types, evolving message serialization formats without breaking
   compatibility, and avoiding the need to redefine how messages are
   handled within each protocol.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-rats-msg-wrap-23"/>
        </reference>
        <reference anchor="CNSA2.0" target="https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF">
          <front>
            <title>Commercial National Security Algorithm Suite 2.0</title>
            <author>
              <organization>National Security Agency</organization>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
        <reference anchor="CSBR" target="https://cabforum.org/working-groups/code-signing/documents/">
          <front>
            <title>Baseline Requirements for the Issuance and Management of Publicly-Trusted Code Signing Certificates Version 3.8.0</title>
            <author>
              <organization>CA/Browser Forum</organization>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
      </references>
    </references>
    <?line 1724?>

<section anchor="samples">
      <name>Samples</name>
      <t>A reference implementation of this specification can be found at https://github.com/ietf-rats-wg/key-attestation</t>
      <t>It produces the following sample Evidence.</t>
      <t>All signatures throughout the samples chain to the following root certificate:</t>
      <artwork><![CDATA[
-----BEGIN CERTIFICATE-----
MIIB7DCCAZOgAwIBAgIUMgLblKxORZBH2V2Xbz6u0xR8+QswCgYIKoZIzj0EAwIw
RDESMBAGA1UECgwJaWV0Zi1yYXRzMR0wGwYDVQQLDBRwa2l4LWtleS1hdHRlc3Rh
dGlvbjEPMA0GA1UEAwwGUm9vdENBMB4XDTI2MDMxNjE4MjQzMFoXDTM2MDMxMzE4
MjUzMFowRDESMBAGA1UECgwJaWV0Zi1yYXRzMR0wGwYDVQQLDBRwa2l4LWtleS1h
dHRlc3RhdGlvbjEPMA0GA1UEAwwGUm9vdENBMFkwEwYHKoZIzj0CAQYIKoZIzj0D
AQcDQgAE53vdbWMLUqao8kieV4xu+uDatcj1Q137+WOyGyBoh0mwce5LXXm+9O4U
VGeLtI1krpn73CkiGtaCSUrLYfRG76NjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
HQ4EFgQU68iIgHDteR5t28feYVdJRVHDUhgwHwYDVR0jBBgwFoAU68iIgHDteR5t
28feYVdJRVHDUhgwDgYDVR0PAQH/BAQDAgKEMAoGCCqGSM49BAMCA0cAMEQCIDTp
vQmYJQac4cjNRPWVwyEd3aC/9iuOg54+zv6vWFTJAiBqbVDsUtzpZhuAQqpk5OgY
OQtH0sRtYVvO8nPXxqUCoA==
-----END CERTIFICATE-----
]]></artwork>
      <section anchor="simple-platform-evidence">
        <name>Simple Platform Evidence</name>
        <t>This example shows a minimal PKIX Evidence object with only transaction and platform elements a single signature where the AK key is identified only by
its SHA1 hash KeyID. In other words, this Evidence describes only the HSM itself (rather than application keys stored within it), and it assumes
that the Verifier will be able to look up the AK key by its SHA1 hash.</t>
        <artwork><![CDATA[
-----BEGIN EVIDENCE-----
MIIBmzCCASMCAQEwggEcMIGkBgYqA4dnAAAwgZkwEwYHKgOHZwEAAIAI3q2+78r+ur4w
GgYHKgOHZwEAAYMPMjAyNTAzMTQxMjAwMDBaMGYGByoDh2cBAAKAWzBZMBMGByqGSM49
AgEGCCqGSM49AwEHA0IABPEy2tHFO7tXSeeWl1hKEJypI+YXc3z4ltaTPDFWGYlMhwHl
vclinZFfrxh8MyykNINMOGH0wj+4gOkeYj+vqFkwcwYGKgOHZwABMGkwFAYHKgOHZwEB
AIEJQWNtZSBDb3JwMBMGByoDh2cBAQKACEhTTS05MDAwMBAGByoDh2cBAQOBBTIuMS4w
MAwGByoDh2cBAQuCAf8wDAYHKgOHZwEBDYQBAzAOBgcqA4dnAQEIhAMBUYAwcjBwMBig
FgQUYcGIarqstIuidRFngOzU9OYYFe4wCgYIKoZIzj0EAwIESDBGAiEAtWNik/qin9rE
ofX9ZE4eKkmkcigBEnpZFTJ0izp4nLICIQCyalz4bslZXjtQC9MCombwXVcEGUIce94d
UFcI7QSSag==
-----END EVIDENCE-----
]]></artwork>
        <t>Here is a pretty-print of the Evidence object:</t>
        <artwork><![CDATA[
Evidence:
  TbsEvidence:
    version: 1
    ReportedEntity[0]: id-evidence-entity-transaction
      Claim[0]: id-evidence-claim-transaction-nonce
              -> [bytes] deadbeefcafebabe
      Claim[1]: id-evidence-claim-transaction-timestamp
              -> [time] 20250314120000Z
      Claim[2]: id-evidence-claim-transaction-ak-spki
              -> [bytes] 3059301306072a8648ce3d02...
    ReportedEntity[1]: id-evidence-entity-platform
      Claim[0]: id-evidence-claim-platform-vendor
              -> [utf8String] Acme Corp
      Claim[1]: id-evidence-claim-platform-hwmodel
              -> [bytes] 48534d2d39303030
      Claim[2]: id-evidence-claim-platform-hwversion
              -> [utf8String] 2.1.0
      Claim[3]: id-evidence-claim-platform-fipsboot
              -> [bool] True
      Claim[4]: id-evidence-claim-platform-fipslevel
              -> [int] 3
      Claim[5]: id-evidence-claim-platform-uptime
              -> [int] 86400
  Signatures (1):
    SignatureBlock[0]:
      algorithm      : 1.2.840.10045.4.3.2
      signatureValue : 3046022100b5636293faa29f...
      keyId          : 61c1886abaacb48ba275116780ecd4f4e61815ee
]]></artwork>
        <t>For completeness of the sample, the following AK and Intermediate CA certificates are required for verification:</t>
        <artwork><![CDATA[
-----BEGIN CERTIFICATE-----
MIICAjCCAaigAwIBAgIUNQtT1K8fMLmXpZ8s7hOFof0+iDQwCgYIKoZIzj0EAwIw
QzESMBAGA1UECgwJaWV0Zi1yYXRzMR0wGwYDVQQLDBRwa2l4LWtleS1hdHRlc3Rh
dGlvbjEOMAwGA1UEAwwFSW50Q0EwHhcNMjYwMzE2MTgyNDMwWhcNMzYwMzEzMTgy
NTMwWjBFMRIwEAYDVQQKDAlpZXRmLXJhdHMxHTAbBgNVBAsMFHBraXgta2V5LWF0
dGVzdGF0aW9uMRAwDgYDVQQDDAd0ZXN0LWFrMFkwEwYHKoZIzj0CAQYIKoZIzj0D
AQcDQgAE8TLa0cU7u1dJ55aXWEoQnKkj5hdzfPiW1pM8MVYZiUyHAeW9yWKdkV+v
GHwzLKQ0g0w4YfTCP7iA6R5iP6+oWaN4MHYwDAYDVR0TAQH/BAIwADAdBgNVHQ4E
FgQUYcGIarqstIuidRFngOzU9OYYFe4wHwYDVR0jBBgwFoAUdLGCWSkyCjjxyv0A
dCcN4mVoHz4wDgYDVR0PAQH/BAQDAgeAMBYGA1UdJQQPMA0GCysGAQQBgrddBAEB
MAoGCCqGSM49BAMCA0gAMEUCIQCMZbKvYR+v8Asmkxn6GvLy4DlyX+P6LP7BU+tc
ktulGAIgC+3QmgzhBO1lttLPlLiE8OZQVwk0jXp1OrE9ubs+G5c=
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIB7TCCAZKgAwIBAgIUZBusKENkkquWekNzoRqWJqu6qHowCgYIKoZIzj0EAwIw
RDESMBAGA1UECgwJaWV0Zi1yYXRzMR0wGwYDVQQLDBRwa2l4LWtleS1hdHRlc3Rh
dGlvbjEPMA0GA1UEAwwGUm9vdENBMB4XDTI2MDMxNjE4MjQzMFoXDTM2MDMxMzE4
MjUzMFowQzESMBAGA1UECgwJaWV0Zi1yYXRzMR0wGwYDVQQLDBRwa2l4LWtleS1h
dHRlc3RhdGlvbjEOMAwGA1UEAwwFSW50Q0EwWTATBgcqhkjOPQIBBggqhkjOPQMB
BwNCAARZ1Q2U/MYAnNiD26gCwAsTDJejLICmM1mgPN48PMky8p/9lW5v9UxBoNCL
JKHLTI2lD6L7Y47gfEos5Ro94Jomo2MwYTAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
DgQWBBR0sYJZKTIKOPHK/QB0Jw3iZWgfPjAfBgNVHSMEGDAWgBTryIiAcO15Hm3b
x95hV0lFUcNSGDAOBgNVHQ8BAf8EBAMCAoQwCgYIKoZIzj0EAwIDSQAwRgIhAOhn
0CRE/6Vy2yQ5LNTA/q0hVOWkqlogOYyv4Q5/8X0hAiEA4G46LGJaunN9s4U6LBU+
NFb0gpZ75WsNx43/r6CNdEM=
-----END CERTIFICATE-----
]]></artwork>
      </section>
      <section anchor="key-attestation-evidence">
        <name>Key Attestation Evidence</name>
        <t>This example shows a PKIX Evidence object that is attesting two different application keys held within the HSM.
For the purposes of this example, the Platform Element is kept short.
This example embeds the AK and Intermediate CA certificates in the Evidence object. It chains to the same root as above.</t>
        <artwork><![CDATA[
-----BEGIN EVIDENCE-----
MIIG7DCCAogCAQEwggKBMIGkBgYqA4dnAAAwgZkwEwYHKgOHZwEAAIAIvu/K/rq+3q0w
GgYHKgOHZwEAAYMPMjAyNTAzMTQxMjAwMDBaMGYGByoDh2cBAAKAWzBZMBMGByqGSM49
AgEGCCqGSM49AwEHA0IABPEy2tHFO7tXSeeWl1hKEJypI+YXc3z4ltaTPDFWGYlMhwHl
vclinZFfrxh8MyykNINMOGH0wj+4gOkeYj+vqFkwHwYGKgOHZwABMBUwEwYHKgOHZwEB
AoAISFNNLTkwMDAwgfMGBioDh2cAAjCB6DAvBgcqA4dnAQIAgSQ5YTI1ZjYwMy1hMmM0
LTRkYWQtOWVlMC1hMWI0ZTc3MWYyYzMwZgYHKgOHZwECAYBbMFkwEwYHKoZIzj0CAQYI
KoZIzj0DAQcDQgAEZO7hZ1LQjXT0965bVPqlogRQeAhtbx4rbnv8XUNJ+cs7S1YCYt0l
d/mWs1pDIQ4dbxPVCgKsG0UnwJm18ZtEsTAMBgcqA4dnAQICggEAMAwGByoDh2cBAgSC
Af8wDAYHKgOHZwECA4IB/zAMBgcqA4dnAQIFggH/MBUGByoDh2cBAgeACjAIBgYqA4dn
AgQwgcAGBioDh2cAAjCBtTAvBgcqA4dnAQIAgSQ4NTcwNGI5OS03MDk3LTRiY2EtOTNi
Ni0xMzM1MmY4NjVhY2UwZgYHKgOHZwECAYBbMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
QgAERMImI/BgGGCWlsMUPZDYjW1lg2/H3Y/40CUk3cRwRw34VLuS834P1azG2mlsi2sE
6NNzhbl8oYgRpuPbVBhrjDAMBgcqA4dnAQICggH/MAwGByoDh2cBAgOCAQAwggJnMIIC
YzCCAgqiggIGMIICAjCCAaigAwIBAgIUNQtT1K8fMLmXpZ8s7hOFof0+iDQwCgYIKoZI
zj0EAwIwQzESMBAGA1UECgwJaWV0Zi1yYXRzMR0wGwYDVQQLDBRwa2l4LWtleS1hdHRl
c3RhdGlvbjEOMAwGA1UEAwwFSW50Q0EwHhcNMjYwMzE2MTgyNDMwWhcNMzYwMzEzMTgy
NTMwWjBFMRIwEAYDVQQKDAlpZXRmLXJhdHMxHTAbBgNVBAsMFHBraXgta2V5LWF0dGVz
dGF0aW9uMRAwDgYDVQQDDAd0ZXN0LWFrMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
8TLa0cU7u1dJ55aXWEoQnKkj5hdzfPiW1pM8MVYZiUyHAeW9yWKdkV+vGHwzLKQ0g0w4
YfTCP7iA6R5iP6+oWaN4MHYwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUYcGIarqstIui
dRFngOzU9OYYFe4wHwYDVR0jBBgwFoAUdLGCWSkyCjjxyv0AdCcN4mVoHz4wDgYDVR0P
AQH/BAQDAgeAMBYGA1UdJQQPMA0GCysGAQQBgrddBAEBMAoGCCqGSM49BAMCA0gAMEUC
IQCMZbKvYR+v8Asmkxn6GvLy4DlyX+P6LP7BU+tcktulGAIgC+3QmgzhBO1lttLPlLiE
8OZQVwk0jXp1OrE9ubs+G5cwCgYIKoZIzj0EAwIERzBFAiAQkyMjDepyz0XX/eezdIPz
X7dOqqQ9AZi97nUiBWOorwIhAJRe5TF/KsX7I23xH9B+XmWTtei9hEQmYkwAak1K7Lr7
oIIB8TCCAe0wggGSoAMCAQICFGQbrChDZJKrlnpDc6Ealiaruqh6MAoGCCqGSM49BAMC
MEQxEjAQBgNVBAoMCWlldGYtcmF0czEdMBsGA1UECwwUcGtpeC1rZXktYXR0ZXN0YXRp
b24xDzANBgNVBAMMBlJvb3RDQTAeFw0yNjAzMTYxODI0MzBaFw0zNjAzMTMxODI1MzBa
MEMxEjAQBgNVBAoMCWlldGYtcmF0czEdMBsGA1UECwwUcGtpeC1rZXktYXR0ZXN0YXRp
b24xDjAMBgNVBAMMBUludENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWdUNlPzG
AJzYg9uoAsALEwyXoyyApjNZoDzePDzJMvKf/ZVub/VMQaDQiyShy0yNpQ+i+2OO4HxK
LOUaPeCaJqNjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUdLGCWSkyCjjxyv0A
dCcN4mVoHz4wHwYDVR0jBBgwFoAU68iIgHDteR5t28feYVdJRVHDUhgwDgYDVR0PAQH/
BAQDAgKEMAoGCCqGSM49BAMCA0kAMEYCIQDoZ9AkRP+lctskOSzUwP6tIVTlpKpaIDmM
r+EOf/F9IQIhAOBuOixiWrpzfbOFOiwVPjRW9IKWe+VrDceN/6+gjXRD
-----END EVIDENCE-----
]]></artwork>
        <t>Here is a pretty-print of the Evidence object:</t>
        <artwork><![CDATA[
Evidence:
  TbsEvidence:
    version: 1
    ReportedEntity[0]: id-evidence-entity-transaction
      Claim[0]: id-evidence-claim-transaction-nonce
              -> [bytes] beefcafebabedead
      Claim[1]: id-evidence-claim-transaction-timestamp
              -> [time] 20250314120000Z
      Claim[2]: id-evidence-claim-transaction-ak-spki
              -> [bytes] 3059301306072a8648ce3d02...
    ReportedEntity[1]: id-evidence-entity-platform
      Claim[0]: id-evidence-claim-platform-hwmodel
              -> [bytes] 48534d2d39303030
    ReportedEntity[2]: id-evidence-entity-key
      Claim[0]: id-evidence-claim-key-identifier
              -> [utf8String] 9a25f603-a2c4-4dad-9ee0-a1b4e771f2c3
      Claim[1]: id-evidence-claim-key-spki
              -> [bytes] 3059301306072a8648ce3d02...
      Claim[2]: id-evidence-claim-key-extractable
              -> [bool] False
      Claim[3]: id-evidence-claim-key-never-extractable
              -> [bool] True
      Claim[4]: id-evidence-claim-key-sensitive
              -> [bool] True
      Claim[5]: id-evidence-claim-key-local
              -> [bool] True
      Claim[6]: id-evidence-claim-key-purpose
              -> [bytes] 300806062a0387670204
    ReportedEntity[3]: id-evidence-entity-key
      Claim[0]: id-evidence-claim-key-identifier
              -> [utf8String] 85704b99-7097-4bca-93b6-13352f865ace
      Claim[1]: id-evidence-claim-key-spki
              -> [bytes] 3059301306072a8648ce3d02...
      Claim[2]: id-evidence-claim-key-extractable
              -> [bool] True
      Claim[3]: id-evidence-claim-key-sensitive
              -> [bool] False
  Signatures (1):
    SignatureBlock[0]:
      algorithm      : 1.2.840.10045.4.3.2
      signatureValue : 30450220109323230dea72cf...
      AK Certificate : present
  Intermediate Certificates:  (1)
]]></artwork>
      </section>
    </section>
    <section anchor="acknowledgements">
      <name>Acknowledgements</name>
      <t>This specification is the work of a design team created by the chairs
of the RATS working group. This specification has been developed
based on discussions in that design team and also with great amounts of
input taken from discussions on the RATS mailing list.</t>
      <t>We would like to thank Jeff Andersen for the review comments.</t>
      <t>We would like to thank Dave Thaler for his guidance.</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA9y96XYaW5Yw+D+eIlp3rUypDGiwPGZVViIJ2VwLTSDbcq7s
VAABhAUEjgiEsa9rfQ/Rf/pfP0s/yvckvaczRQRI8r3ZX3U7a9VFEHGGffbZ
81CtVr0sysbha79xF/XDaS/0G9Ne3I+mQ38QJ/7bIOkvgiT022FvnkTZ0m/F
/fk4TL2g203Cu5XvtVup149702ACY/eTYJBVozAbVJMgS6uz2+hr9TZcVoMs
C9MsyKJ4Wt154Xm9IAuHcbJ87adZ3+vF0zScpvP0tZ8l89BL591JlKbwcLac
wbDNRufY86JZQr+n2d7OzqudPQ+WG7z2N9SKN7xFnNwOk3g+g28v6532hgdz
w5f9157vV/3mNAuTaZhVj3CZ9BU+RR/O3zU/0gfYkMf7e+3PYR8vPQ8WPu3/
MxjHU1jLEkAyi3DAZNAL+2m2HMu3vp/FPetjNAV4ZeqLNE6yJByk+u/lxPkz
S6KefrgXTybwrv41mo6jqZkm/JpVx1GaVWGQbjyGx6rxvz2BX+AgJsFsRovX
6/jnOLwL8aF97y6czkNcu0BJts9Q/gDQw2N9g7/Bt5MgGr/28Rz/hidai5Mh
fBskvdFrf5Rls/T19nY/gENNgt5tmNTUQ9uL4Ta+tR1043m2jbNF2WjehUMx
mAHP5PBiAx4cB/gnPKjGt1+o8TC1KM6/uv0QvKuNssl4w/OCeTaKE8YIxtpf
w2BaPY/CBND/OEpDRA3fh5289g+T5SyL9+uAO70afa2ug/qFvoTTC0NY9+6z
Zzt1/ySYwVgwXujX70J6oAf4+do/y7JgEVT8s2kWJFHMv8TzaYYX4TCYBv1A
vuvDst7tfvJfdPbom5AP4/Psbz2eN6gBjnjWJlrRbeifzacp4Hs2yu0g6vnH
cQKQ8NvxIMN7XtyLfsZacDuK51/9kzi+hZNcuVxZ3ARW8LdYraDWC+zlvQ2m
0zD1O2lvFA/CaTQ0K7yaRndhkiLNiQd+Ngr9gzlcnXQRjhK/NZ9GvZGzWnj+
YOG3atY6T8N5N+qGCY+ahEM479f+QXAHYA7cdb8Jk0kwXVpwfvns2YtX9kZG
tNZaptf6t+Hkaw0Ih7OhcHrrH0TJ7SgefzObOU6C+RRfS/x2s+OMCi/UuvIC
3yige1nQc4ZtIc3zPwAWwirdlcO+s7DvtzO8JAiq+iQEouGeAb5eW/Drf4vh
Zo5DwhSYgZ6LpkAITmt+exIJlvC8pziy/g63smZye8Zp2K+l+CLdf4AUfMu4
OY0B0hmcLQ51eXz46unTffn4bO/ljvr2xe6ufNx/vv8SP358zr8CYWKWtdGc
DniweArUrzeaxuN4uPT/5//4P/x6+7S2C5g6C3vRAKBBzwBwukEKGD2NDXEB
DNJXH/9V+cSanasqHxRcyiHeYkV8FotFLcrmtWiabSdhb7tTvWwcVj/WYHm0
ylePXKUfKs6ZIGcFBG1cVvxD/H9Hjcs/domvcInn7w7bDF2zSPzO/2V3Nwex
93gD4b9Pa7vlC2E0OYJDBtQ+iKfD3C+deLr0D+Ov7srP6u1mm9bhw5SdQ/oV
mAa8sLezt1fdeVnd3S3dGbCytBbDIabVeBZOibHMbnvp7q78p5rCBrbvYMHb
vXTH+baK31bxWyL6MP5x87y9u79TfeoCQws7l+GXeZSExHRJrmHyPkyC2QjQ
SGShNUd02mx3Kr6NAR2DASfACYEvgbzD3AKubZhG8KwaBJcH3AMXWAqM6d14
Nu+mtSkw/dowvtvGD/jNNr65jZPX8FONhqjN+gNE0JrB0EehjYbPX2V5KxC7
WpXfy7G7cCUP6Epq8fESH/M34RJsVWQgYCox0PtgXHgKbsmWD2IYYGCawffz
KB0BPco/Bvdoq3BIhVukEXC3urO34kjoacALFsX6tInXvgERPNE+2242DoGB
vNx7Vt19jeOBlKpgpene3quXz+Xj8509RQJf7ey+UnRvjy9ps3pERLQ6Diaz
FPA3seUX9cQgTlP4opqN07KfjRA0SYfVBSAw/nJ42q7v1XL06hC3lvQiAPcp
jQEf9I2oj0E+B7I+8dtzIP0+vL0O/YvvDwEflqXYNwn7UVDrh8Bb05DQGWnB
djucbe+8gM87T3de7L58ur9d3cX/29k+bNf/iTv4Jyzin/WTN2eXzc7bVvuf
tfOjY9xc++DS3RlgWogSc/Feo3jRTNN5gJoM4lML5JghPYAoej7vjqPeeFnt
oJ4BCHYIIgKIQcMpItlhmGSM0YBrhmK+XAuaw/r2QRIvAMNQvppPSkHSC7oD
/JHlZxbEqySkp9sopVRTXgKSxTntZtvz4D8o/cCA7cbJMeo8x4fZKAIy5VWr
VZCXUhTNQbzowJe+etNP+V7CFgIfFIJ+DGg2nMYpSoCMuwQpre/NEqB+oOoQ
uEBSw3f7/gJwI5rCEKg5+SjJgFZSg6nCkjdxVf4iWIL40RvPQbbze+MgmsB/
4vE47CGgSVmA4XoO4Z0Q4a346bw38gNccUFR9Zg4+5uguQEhwUWGY33iIEmq
pUaZHsadBBSFtOZ5Z4AvaS+comgOxOwuSgEx+j6sPBsBTBBz8K6FfmSRQ142
/la2cL8XTP0uvIdrDcdLgEgImi7s18ti2AxgZgwDAoMj9gAIAzjUj/AjwTZ/
PAz9oAsj8xJqXh2mAmgAmZqNw69mA4t4Pu7j3DAR6dMZn4I+HFqAwWjcTJ3w
F28v/hj1cRF9ZPiTCJHPW4xC2GkioACWNqQznuEgLJLSFABPfwL6ED2X2DcQ
nghAG4Rt+T1zl3CMQQSCqmBq6jCOYJzG8CJI1Hj8FoLiyCExgxVog7sQFLS2
DfIpAKxPQ4RfZ4x98xRnx1szifr9ceh5v6C5gF7GVTzgDk3DOVy3sZnJWSqd
s0WuEbR4c6ogp8L8iG5JPCUoVQhhaa+9OcBsCgqJ4HyqqCtvMCWkT7cI6Ys4
DRr8lFC4u2TM74d3UQ80Gx9vqSwP0KWLIwGi1ml5eL4xXug7OsYgnSO0ZqCa
4xtEBPCArXMnTHrPhCHBByr+fJxFMDqgfIUx/RI+4kmdB0m2ZOSm4ehqgRgS
wsKRqtLWw6/M5IHdPtt5JSAiyw/evSQAugbHAuvCa3sYT3tJSFMx+rnoA2wG
GEH62vP+jfaIoso2iAn+jTqoG4R+OIbtEBkLCNdhfVlc7TLhhdkB8jhcBY4j
xGtKlw5/C3Adfncc927h5BA68Ux4IW4rIWYHZ2/he/oXWYzQqSq8VSWCiJJJ
gIcbjpF5BNPoG5LGhMgYYNc0DWQZ6jwq+kAU0av4uK2MqTSc/FnziCfU8hm+
oZdeZZoi0IJTBQRJtRRH2EsUXkFLrd3GZbmJvj4XPtZgPAa+hyxCqB5hlno4
AFoFMO8jdUpD4r6abhM+E4cgmhDCKeKCkRYjUKcMYKCndIWmJG3VRAwlIRHO
F+/LnBAH8G+Mb7u4ZROgLI5BXBhWrC+J9Gh6iCx5gLtheMOt8yMkuLhcehYw
d4QGH5Bfq7wOvl8prQMgmZJRL57W8qSkHwOYQU8VTEXEw4OexUmGx5HFwCPp
GHpBktAdUkdRKbxrLuFslgTAwMb+DHbWW9KyPf04WTSBqAB6CVGoErIi1uKm
EcIMg22BwTeGyASkf8DKFA7Gb6ppUyL0FuoWyZFcrDDxgJgTchBBMsMpTgkL
HyPiokkYDgoWAqcc9BIQemG22TheEoYAFIFCX6UhqAxpmCrGwZcUXkaDEp4+
DJuGwsCBBEd3QUbiCG0b77wS/IqUg6b4BQRAgMV0HgMlroPcmKDgSDgJx0ok
GfQoBwOA0cJQ0xDvUZAQK6UrtmQpYZ4kOGUynxKZYYkC+eKUsAqEkxmQSPyG
pQImJXHikWCAr9Ad7RP1Q4kSMDpAVETqpxYlhF6uYaKpD98GRGYiwVOb7wBl
A1BHA3oWzsq7YwE3VVa5QZRMiAsRRsdBH0ZDmUVem6OES2wHf0fMZdZKt05B
ltExCtW9zjNL4vNMt0pouSYomhsRPaGrEqG4p1ZIFm8fLfZDmt+LSW4x0qaI
n+aUABw9uOmke+bx7Bf/HdBXuO84j7r+IMcir0SxCFlQCvtIBN58krD6bkjk
tt8XKgRQG9IM1gA1YokKxvG0G+O9VMecIsG7i8d3gOP4+zRcgHLCI+Ig8BBA
0CYKOBLCwkGwikg7hCjCcwlNQRoLp3MkHYwy/iCJJzRTGkxCFCDmg4BIeoKo
iT8YAsob4JUAYdTQnwUZ3G06gwqZNogsVPww69U8oBo9Ek1JrutqAbEv0hpu
o0TCDqYgwyxhvkmVD5cwzX4XuREob+nIY2lbrY/oLlqR+VaDWCeoJZIy3RtH
fMkJK4toPEYXCZ4coDosmbEJd414Q9ea5/L6gK50HEpUBrAjwcXT77MMToeI
LwNu1WEHYyJJWm6PiI4AJw4ThAGLIiRRR8NEIMLkEOcHeDLi4BMa4/hR1l2C
NI17UaBvotxuS35zkSNHFBQawRv6JIH3e/THCZ3EU+aJ1iqQnaMMaabKhDJb
UqPSxU6BYza+4t0ivYbY9zwYV5HwJvG4gtjIQEaEh62NMthJOnIIq+hnOP8C
SWgC2AwkG44L9RQU8Kd9pbggYgN7QWoK97ZWpnMIHpJUnCdRTM/mgwHSMeTf
IaoUKetZM6IRhF/oVIPL6LlygnV4ojgIKUyN8plqViWcimQfR5GCyUbBXagl
Wp9l5PxaEZiBzZkRUh4rjOM4RY10gpc1TBWCMxNKeqMIj2xODI5EDYBqOooX
pLh0YwSBWi3q3IrioXiKGJuuuVBCU1nbIBI1736GyVg7tMWySAw1nncOEyXr
VdbNw/oWvSEKoTVOjKLFKBgPeAqZD/bkT+eTLt7SgcVV0a/sUJY8llnrpbvv
rLhw4RReMtVNDSuGuzv103giQooxclibwNsmph9nnu/fxaL34wd+bh9c/viB
+zms+xNUk9CbLmK4Zy9ZLihoK0wfpmUWFd+2qPwUo0b5NhTNCQkBSq4ECJuw
G+aL9IfWnsUegA+5Hj5MqxTbcX4TzNvtA2TxGrijPjpQUZKoO89QUGqRvqYW
OUZlkWYkXuQpI0cItDeCQ0BsRjqi9AdgkiiLhfllVHxjEqE9Ew8N+iiIpZ5F
Aj8DYNN+JERQZCB/U524Jq1bmpSiAAyKQETqkAjFWayxSb+qFoCqEZz7VzL5
ISXFkzsm28OY9COkhUSLaHciIVbK7Dhq6A1rtA0gFAj1RbBELuMPgH2HfHBj
ZsYeEQolW5P4GZBCBAw/mBFth1MiTfWrlqRS3pHGrp6yWgEOoBJCHDcgA0gV
LwPAIJyg9BfiPcP1AhZkSD2Bzk7mwkKsc38bL4BJJRXXSmZBQN10P+BHAFrk
rCmiPF1gVKInM0JSnNejOaOxcV6nzvzA4kHMQVzrjYlbOEYrQmRLj3aZG6nH
1T7SXEGITCsrlm1VLzNgEZFkS1a3gJGQloX7sm8e7GTK22F0jxAKIFYF00zh
mGVsqHmnMS4cphNo89LUStTl6OeOsYLkheibYRWM1qAy4QHCHoDL9ZY+8Oqx
0blQ5bpjHZ8tAR26m+xz+v5LZv76wbSJuH6c9AFjW1ftzkaF/+ufntHny8bF
VfOycYSf22/rJyf6gydPtN+eXZ0cmU/mzcOzVqtxesQvw7e+85W30apfb7D4
s3F23mmendZPNlgmtFV8vAcZCbukZc/QXNXH8wIiCVpHlynxweH5//1/7e4D
Pf/f0Gu0u/uKiDv+8XL3xT78gYKh2JhQ6eI/4QiWHlCIMGCjMVxHuG9RBhfU
4tpIkQC6//Z3hMw/Xvv/3u3Ndvf/Kl/ghp0vFcycLwlmxW8KLzMQS74qmUZD
0/k+B2l3vfVr528Fd+vLf/9Pcv5Ud1/+51+9UqPyPCXTrWFBk+grSTvoA3rX
9C0kYwGm3mn7dVssItMHi5AegB3Qj81bk2CGSN4LZxkSymwRivSaLWLAiAle
S+GpSRj0mXIDPQFM6QuSDIIJUBQ4Ti0/3AEn7M7HuFCyrcj4Httf+koLKa5y
8/t3ibz48WNLE3Zl6K14jmBW0ULboxbIjPcha6TFYOwH4LJ2xRippmKskhVD
RCu+Y6EkJ1QwjvqKYDQt4Ad3cURTD+YpmUnde8iUCliKJzck+gZoQFDDA0+L
APJzAMLZD9F2UGMTENBUV7lGUr+hwLjhweUThuZCkLSsjDwtSIZBAu/dstBD
exN2YpF21Ad96zArHlmbyCW2cafmM/xTuJnsGE4SxTXt9kEUL87v5eeHVZIF
3hWmE9F/+9EQYWhZwe1l8jELIg1itNwQ9yA4a9tsnlS+9rzvr/27dBb0wv/Y
2NkACl+3GCTaYTbr77Zee69zERrIA3qsMY5RnY7HKPB0WerUjg08PpqX6Kfy
B8/myQyUIY+1AGFzCvZkMOANE4+piOVEiYYCBZKuhsoYkPNtdpeevYya2lSY
4EYQQAgWs0wQHtEvJXZVTWi00K2uEqOCZdKwaRwu1MOri3YW4jtoax2GJCLR
xd1QZrQNPNQNEBw29NIIBMYOgOusp37+LgsuWkDOvaeAkBak/0yMP8YjCoMe
ss0fNzRDyZM0UkIZvHo5kztJpN3QaBqsmYeJ2D5jZUNh4AzmUxFnOmg0REJs
WZkNrS0QUd4endBG6SY3DD6Mkng+HGGwZKlBWSGVc+z6lv9xx07XnUDAuFhh
5w8KHb1ezPZFEfREuFUnK75y51JWtMeIPKVo8sxdSuRo69VIQiB/NlqmdKYo
RM8JjqIzsU8gGITDeYCSHM7I7ksy64PEZCnIRVcn+/3lvPMPaEN6KmYSEoHj
NFQjl9qAsuCWZIRuEgd99zhA8goyjo1MKSqB7R9ZrOIb/HQC/KKHO6l4V+0D
+OkWVPKK3zlHS2neN1IVW28MZ7Z5ftj06U3WBTdCFhmjNKzCG/2QL2tvHM/7
VUF2X36gYPxNoGVp1AWChHHZwAbmeLu21qCLcqvdRyAUfUIqgZS4bkcfvfbP
xWBdSkZt16rQxxnrxoKLxn3gBG0waHHxnvCyik1jFbzDKd67MruxHpigiZbx
Ucw32HYikGfBy7upSZy7DUF7B9Ud7Yk+2nfZKWICP8gOkFfHEReA44c5S5Ri
OfAOABFJDULuksMD6h1zqbQ5ql2Dn9VtDnyJDeIAfgUkzI9gWx9aqpF4qCgh
5eYC8qosoEirJl3Q98YB+VwHsKaMYgLKzTjyPl98I9qaH2ABRDNBWCOhw0MH
VtRDURCRUC++XEINCPeUMpsjcZ6HDl5CLgrMIgGg6YQAmCtdEFVSG3RE65Jg
EpL3C1VXHchYMRYZ9JIaS6Bm8kyJCMT9KBXBVAtA9pRmObawiy9qS78NYiSc
54KHiilI8Apgik0bw0k37kfia9WSxOMvtWeusc311SIedKnDh15qHT4CUuU8
LLeN6msIdzMcD2hLa666t/KqO4OpO10IPXnQnfZMeIW62Mww0JKJljh8DlCE
zDjol/XR4RAu6DhVsAPd7Fj52wZBD81EhCOOR8pREh1J1fZLUcyOGdsnZkSD
kdtQcTg8J7HHONRXLNf28J6xYpWZcOTKmPmbItwCfuMs7PPDb/SiPLIjpTMU
qsTcByca9pSRTp2k9krPLM9ncQmoO1DMT33ao7DKUhEUQ2rlhjHl2EG7Caph
9svehpY0iV2ryA6yjKq4E/8uCtAqxaRGWIZn4Sw6Ujh4ynrG0gXEUSB0wdOK
UWo8ZLnR7Le1xZflzeUsTFElsREd2Qeb7NhGhxsMaIOkpNubqm0QxthAUAJz
4CrdAQgKC2tHFa3ieZrKkiUJg0pikETgLXU2sHJNOZS4BzKOiHsZqMRhUgUA
RBhxkvlazjGquPZF4D0WuTBM/kw+MFgCucM1iMLpiAN3DZHylFxv4nsLDD4w
aCMaoQnv5fk46a1G8hmhJhzlkokqWQn6qxMk6WjNduaoSJIIoIJ3QKYTg2tI
0WNa49Har0O8t+jqofkV/cXWZbhCQQYYIMNWizWiw0hwJX6D++etimC6aZNG
FispjKqv7REEYHxB7NSe3EqSvc5YoiHNnR5kf40RrAAqG+SjEIoGX6K9VEze
+BexGjugBb/kaGHQSJDBcOScFtQJG5wZLO1eDpF96Bijw3SFdAbmOCz8RNMS
ssIWiaIgYskdHDQhhEpTxAgDKkHWBLkL3U1mTqZn/A0+tQE0JAopFMNjLwWd
tb7GcMEGAH1ltSMUpcPDTJptYpVAGiOQs/3ypZJKPxETuSfOARTLcJgNGwQb
vLgNjK5SxmYMWQ2Ai4mNRzsriF5TiAVdQ0DVqVK6YBs6CNUEelT8g+ZZG56Q
nEKO8GBaNwLWi5ZpOjp8NcREsQ3Pa6NDgEIn2IHtjzEU3g9IT8ElTEAYVjZE
vjVsZlPCBjtwiZ5g5oJ5UUcPktdT4sniLupIBP9+OAspJTdvGMqp8zW/EQCF
pRuAPN8KrITlzBM4PxxcL8czPkgGfd4JhXEeyhHIwSvsrkRXFBKSAJU7UiQn
GDeLLjq9F+X6pKCFcZDqQDkOe0J5MsK3gmnI8Q42znuOEYtIDbLvipkHXo7g
ADQ2J6sHRvE+L7/1IzJNAPzVgsXpaGLSFrENekvN06bKNTsx66cjEXabX0Xg
tdGgudlmxyyrCkAoMW1pi+9QXhBVrIJeFBiL+QUFAh3GpjeIDC9WLkB2bZXJ
3ZaUg69bMbzaHmiFCoa4KU02bPGARTlPERWKJdESs7sZ3qA1uIWn7hoA6TfU
OQFtqesAZN8WjjwVpIanYnnfO5Sy4hj3VEiDvmRrrxUS3jkb8tS8ZYdpbcXQ
WUGANbDybVh5MlQOUkz6SXXGxRkqDtwwtrJGLFGdiesEwDMKp6meSohWv5+g
/wjvO5msaSBPAIfCcC8eAuzpAYENXgAJR+CIwgAJEmlsIFdIKFGpfxcNmmpk
PhNv1Zmwrqlk+GkY9jUlMQJ9O0Sml4a9KooQVXHGktZt4nOM3d1KfvIPR0jL
vv+CLwe31R7+Kc5YkmrFqFh6SWxkM/oJCNriiMftR0m/OiN1jUOkBFssT4+O
9mMp2I6ijFLPeSulkGpLVBaXBznIBUTAkEDktH3xt+Jq8FjeRlk+dWIVbCt1
WJTH5+mc5EGc3jNxlJRGVgeyh/ErlhlWVH0OCRMZH6PQKO5TtDd5BkZUQZvI
JCnAgox8ySCMMiYHzlKQY0i0Jc7quVPq5CO0XumkIaXpLVTwXf1dPtAJznEM
OI8akolZNvGr9oqnZLvCuEdbBgxzxKEwSZm5AB5hW7E+EG2NIIEic9xNVhQN
ZYBkuXgtcn4rIyKd7leRixHlrzADzN9svLvact4K8SEkBn9RY8Ij5U8UZ7iJ
+tXbmZ26CVPdVGwlpfTe/IUya9SEN/ASLe/GmmsTF0oTalDciDLaVrrojd/F
RLgQQQ4cABcuOTiSmUeusQDD/oZAtWCac3aPNft4wOWr98W/38WQ4eSW+d2N
Cqi+qSlvchqTZYjj5K28ujkBmigrFoApXEQUXNRJGjaTy4YCEvrn1FOZBvhU
zVfGCZwVUzPsgRWlstzJOpwNsMxS8cWLWz/5UL9uA3uIxquAFzwUYCY2XZyL
doUcMRV6zlgmhMIFs4IyLOk0zkIDVJsSq3w1sZsg3cafqxQViuYTjqxHaHwL
k5jSnMgOoCRF788agw4w1+nPqBnEBk80JSfVSVx/Qkzm06pOB6BBTZQX02k6
UT0TEgEmzuMwUK4qI2napC21uRhZX8iVAhtiFbUfpb15qtg2KOH9McVHK/HX
3ZNkldjZ7i2KmmVGhxqcAKw8JpKwdILHRSePoi95GSUthSlQ3YooZo2M0sWE
5CsdTQIgQa/HkbSEbEnZMJLleVeZLyxX2jlqBS+9SKbiU5SgeyYWcQIPK4HP
88sXyp65iJWfKEsley+iwF6SACQgWqkuhUViAGo40KFmJjyZeRf7ZvusUWVW
Xo/XD4GNGVaACcV5tzJKo1rghQnE/xuW7iUf22pvs0Q0NQpmDCRsPDMrkSlN
hIojMipjirVOkGd1rhsaQl25rkzWXilje0XVVRZqKQIPFrSZfLhoaFRZtROZ
oObZUTCroJy/F4Fflu4XWgu33/As0Z65FsimAjwiwrYuoRNsmFvMe1oeNh60
e9UaEASJiFGGGwiTtpRPFuKpybBMrMz0q6vmEWVwM6EBwQG+Dr+isJsqwssV
WX782HLdHMHUM6qYWao2w2hNgs8fdQiNKyC62vnx2mamglty7pU8zNyTQeWp
Yh+xfMOJBOWaWSf3tOdiD1stXMRBajcWKbMMCVVeIZIXPgtn2STi2JYDyu5D
Wkl2uqmTtmHfd3/ldQcZ2SOhab0JhhTxTTtfhtfgcBW0HmxVyGCCWO05yzaq
mWFp919/jHOj4xLnvniSF7FDlAAkX6hYhzLr6IwCspqpTEXhEoESrVgPxZoE
i0jgp5zuttGIVJxFrB2ZeuaeFePmkBjXumQFY2cUs4pRsSAUcixsiS1JMs6W
llmKIkYeBzc8cmOh02Nr3FmNLtprEyW2cYhvBBAGm4np0CTUrI+JCki0vehA
DPNMib4kZSOfJoeLxey9ArM38B1EX8M+D08GCHYTOpHtOq5//ZAmLlHXQ8DE
ULHn9LF6WN/wGu3h43BL49+voPZpiZw305gS6plcG1FcM8qOCSu3iZBKmecw
HmPyjVycV+mVmJcA75qMBttRPorHaO2YsijKErzHIKQLHtl2B+MeQBLiaOlZ
NAnFVfKZRFePx2Otfuoq0SCtZiCsIrA5Bc8MDPI8w1NCLDgRizVtK8sB+Nyg
yt6ulSY0ueO229Rds1sdQftsqcxjPqSNdapBNJyL65iXRPxHZwHkpCvJi7MK
unD0U8PYWzz9jCBPPoc0njG/gSlKjsFx7Vis3u8gZ8nxLsuph6eKF7M0jsWk
qSehy6tYJtcuzNf8tnqCUWm1YKSTtx1Gu6kjN7AUlYpqaDjsROUH4gwFt/hw
HHeDMZX99EV01mF5K4jcv5G94rXNi3MzaatboViKVPOw0rV5JlhAiRzKzp3c
qm2wGG2zJ2FO/+Zc+xyMUWyTQkXWfjmXKCq1EPPEWLaUpo6lAII4tx7AE+Ba
0G0lIpmGZkDXbKpT9aVghVMUyQhciuZZ+Z8DgPQIEI7zf7IRBay4oegKJQMk
xfCKUvUc5JRrSr8hyNjQA5TQ0+EtFt9JrWx4Q15VPB2fKXCyfD4qmxA9qpmw
KqGv5h8sJQAMbvsZ5781tRCc+ptnzaMtghC/RwE3zl48XdPD2ZtRnaPpiLj6
eGlt9C+es8HSQg1+q36tCmCgiRE0/iyeoPzL4QqgjiZLdzEc/4LWSwTKhK0x
mMKvrrWqjmFYZoUDsswsZisce2pGi6gaQPkwgBHKAp8qkw4oyMjsKMj2Npr5
eBLefGrJ/GrxcWLPq/IssD5FaJduocqbwFMow9SNXTcFmDQqLwxv7GIcEjrk
Z5kOGFMhUWULSvWKWOKgIluyK+Be4zFJhe54BCNVXIM2w6TdcvBojA3WqCqW
Z4y1E/HxWOMYslRQ+5h0Y7UDx5dktubW1vCsmhNqRZZMoVYj6XTTvgQDkjFa
lUWQehqKrmBsJCfX14Ct8SkppYJ0Wauoj9bYec+s0uKOrIDTkU6/t9I2Pa4/
QC5oCSyw2LMVs1BMT7NYjlR386S0hFoUC0eSYMoh/dr/ycxYaS1WLpfvREvQ
8XVDzcnZbKf5h6uEEnlDp5inM3zYP4G+s3jCMf96C07qsHhK89fBWQbjrScG
1nnOLOkSkFzlFbpWdgwGhgPi+ig1QEJjumPJvlGY5DHeag1AIX9C0qs9n7+p
sU+NvKVkeEFAoxUZ44Sn8RsHVD5vQTVneMQcPbJSmgKVEach6G9243gcBmhR
Qqsf6nIYDoulk7pLwPgtHWWtKhBQqpzy/sfTIoaskdcCYH0TqjssFiOL+Lna
ZCmP5GQM+rlZP61TXWiUNOxKV8wmuNgC8DDiqsqZT6XRSKx2mazoU+j+jcSV
perJkC9uHSPN66PyotbQTNi7NuL9cUoog0rPpWQOWQPdPT2vx8nIRuvU4B48
Uv00E4qg9fPKpwR6Ef03WijjMEoBbBMKg1JIitGJ0D/1Vdpr7iYTELw8rVe1
ldCTSpp7l6/URp64b/AeydBk20Ut/kIPeGp6Z8kB5fBjlCZ6PiQmlAmdBX9F
tJjuknsE2NNGcFtNZ7fRRh4QFTvMRDgip58bkhFobZMk9tzi3dwXbYzVJRBz
tW40xezFM10WEiOy6DUqIIWia9kR/Tl1LL3NgV1YEIs09FR5RLFoke9JH1LJ
zA6FZ+WEsQ9lXgdKkTbQkXTrWLMxNCsYI0bgTWiTcmKtDOnOFMSBhKotIhMi
ic4VmRzZt9SwAX9nbA6QRYjxHHthYLmQHDxoSqJJlRJmLfmbhooYNDN8JpDI
IjxvT7QtPhsDDzLRMQ4hyrPCb4d0ybliLV1BamroQQWxUJ8idka8GSnjIomk
joYq0oM/o1nfP0JHkO1xs1yUuQpvrh5ul57LKYslYeV84TmM3TO1vmwYcnle
Hw6PAyIrUmXHSvrWdQZVWUVPJbXW/LrQQ8zpofeUgzo14pf2wwbpdBc3qZNl
s3gmNa5MnUsKD5C6goBlopHAjK8977/+67/g12ltV4f7+a9f/4ffblxcNU4P
G/53rjjcTUGf76a6eCDXvTZeQfNCu/mp4W/u1Gqt+sct/+w45yatSCMBU9zS
qYvs/33nH2YseNsOHFLJ+lIied2/ajUX7n95fOg/e7W75wEyuCsq2y/gH607
TIyemtuzKXGtP5lnv+sltptvTuudq8tGVZeervjf29Yo7TD74f/Ijf6eBKaz
w06j47c7l83TN2rh9pLKlg40uNknMDY+np80D5sdZxgNRJmwJOrR//uuedls
pOxJd7D1gMdf7SiXv+9ZS1xzzGuO0t+kZz4AVH3QEc7PThunnbb/3a/VahWB
xPllow3f/qAnf1v1bCkc5FV//bv2nvQb/hZcR3Nfyg5KaXTN007jTeOyIt1H
WNrRBr/cvdo19+rSfRTwA+4yGTmt4rQT9D0Ow6ICbGx2iireTrHUh9Tp68TV
g7Da5qzdzc5Be0s9x+E4N9bmbmDohFN3+jombkNv/cj4RDbYQCwymyZiVmzE
Dx5eRwVoQ9xB244A4ApVQqVVwILm346B0hApDzmI4XJ26U7ZGgterEATrU1F
M+UaVMUcQWW0I4NVIJF+NBvvw6ZkNy7ZubHDZqgmGm2gGmi6YlW+Q3Yx4NgX
pJxVe1MDR9ogqw2ybsrMxLXfhuHMFUhUWE/EUmvfNEXAfVgZZSn77LgMqgq8
mM9wVC1ISIlYT4sfHCA/CSjTdJ5qHdCBG8ssPSqHNF0WYCdVbrl2HUUf6uqz
yPjZfoCCJzWPYksMlsm+I2USVSuM0EWdp0pBn1QoznArZZkCQfmOZOAk6IWS
x43zcuAPy9S2v0THjCkRRfJNTFhUCCsahX08oFTz5BzyuhdRkQHW6iqcqET1
1wZzUqGVUkp1opQzPUWzshTsLAnwOSZcgeONKONJLGfFiHP7GtdkJTfaQ36z
eyNA0TWujcUVz8IytarVugmqYtOinEk660z2Ue2CYEgYwhmmqQ51TMSyMApz
oCEzVOESRTq3U4qyO5gkxetJPRpiVFiWpybs1S8OKzF5nhuEZC7nZlEQMOXX
zAvswLGeJsa+RdEhUltDJsqVtxA7DGuxppQ03RvLkWbPpctxsYlSpTjf5KWG
G1xOf4spFBVmSOyYFCscEY4MtD1tCyvQv0q5VLCJiREEje048ciuaIbfJLa8
JfExpoi+aDHFkjELsQQ7WXL9iui7utgmKQUm6hLD1rlRglU/2TpI8ieElGSu
FyeQkwp9a0DNSEPpH1JAvdm3dVPPcufYxfnFj1/CR1Sxuznrah0y/YagaRZO
r0az3agraEe24qzK+ClxdArMbtiRSr1IRwEZmx6SQ+zGzUuMeSHKVdk+Jb1Z
brHTyCfIV76XjgK43bRkv2Wi2Q0tr/isBdMbgqmlWbNkk+qZyPSp4ZUup1nw
ld0oaEPKoh4A7wMaiNcdAW1WsZMgX+oIMSRXIZjIXNzNAq1wK9GJkk4NQLHt
Ama7uR63ql4wGnrnWTUeVLucuijF0OEIVPQDGpwkPDnMITCjmG42YK+bDG+2
pqnFydoqte1GN4Jgnz/VVuTQxRJct2vdYjiurgtoGLT24eSbJIiHPhe0aeej
ysq9gsihK3uKadBGbAdKdv6HsjnbAyl+4+nAFLPymn+zGkhoW1PB/Cj1SP1L
p9PDYd2djOkYeVjmEVwwYKGjtCaekWmcObVmdaaAG+V8lkghNqrejwVhcXRy
/ZNmZZURLArkjL+uvB+lhXg+LXs4QaReaeioMafZoXoU6lcMCNR5hTrxGc4v
ZhJtSFrqoRM53VLdSVQKh2v1cFoOGPvIylhdxz6S07fKVDp5D12S2hJxdvBr
47DjN49AL2weN5WiJ2Zz+9/9qh5ZsNEQEPWrKnGlqoBl/ytMiquleb/71rv+
Dui2JWNVrQKeDx1Lr2PVmNos/vD16TF3V4yJhPKRe9Zj7vmiMTdVnLMJHRSn
hOUvfkBaYTEY1vUtdxzn1QPx2rfw2vu9eM3rdrD68KTebBEuw6d2WxD5T1F/
JVSvTpuAp4zFfyLv+w+2jLSvTzv1jzJC8wgHMeaZzvV5Qz3ueQ5Cl90kWinf
I1phDVe0+Z2eR4OZNP1jvyL9k8foHevB73/TQ/3YMqalH+IOgkd8AwKeu1rV
/g5jsBVnaEGFojdqtZoyv5A2oYa+UQeKHkjN8FcYd40yJUxO2QdYscpFpNiI
xO53VaRNSSOkWCneeuNA/EbEHTQ2GzbIAVGhYivieyhzc6ugE86FZAv+AxjJ
fEqtbNBHqlrL+DpvUzstJAm8aHsHdZXO2yioKiiNFD8quqEiKbg+m8hx4ke2
angUS7ry0qwN0XZBO8HaTtRGhk8jlt7iFA5Q0sZIvJeMmOJMi0UF1emQ/KsO
nEBpaBzdnwFtkRv7MEpip/PeLR3dqF1z7K8x4jGqLBKgZKMWpTtbMbiuH9kZ
Pe/3V3ijN4sVzO0wTcuRz4K2g2kmQpMg6ll+xAn38jJZkdItwcC2wsH/ggC6
ZokJ7SiUFs0RVNA55+TtD1OqRmEFu5TLMyapnzJfccUYEXBjcx4awuatVYn+
U7qWVobt7LtN23yP4RWGeD9g8EexxsIYxMy9VUO7hBN2+4D1eDY/yPk3NAFd
mcSVc90VwvIERfMOc9WJR4fqmhSgYmSWio0qrxGWD8h3KrxYAeGIcZhPep8Q
kQ/cVfbzskDdZmlEq74AloJ/s04Au6mV7ZvikJTaV9EkVhvXJOeg54QTlzlI
0c/slfiZVyTH4MrXL1d7k717veuFgsEUNzWmCkea5EiwSvHkTZwUP7elKJBn
FzbNxbY2p2IfNyihSUUXlHuKVSDpIZA4vZwAQd6SS1ViGaswj+eTaa70ocut
zFSax3kqQMsmulLthbRpgM1vVsgkC02/+Xpi+bslh/Sf8BkJ2P3/foNxsfel
813uG/vv4tOrx5WKBtY437//CfvV/vghf5/G5rci+VEHWrUGwnHjcKIlXDWu
tJOnkR88rjUQjjtacCDB7x7XGojHVbbw3z2uHojHxd7Vwdhe70/B1xoIx00X
WI3qD4CvNRCP+wfBIXXh0O8OUY77/evth925DIXjzmeUCPT7x7UGwnG7cZwR
Xf2941oD4biDaJbiV/Z6sb0MdYaHkR88rjWQGhedr3/IuDKQGpejXf6AcWUg
Na5oZr9/XBnoN8+NLneaL0jvmS4m00c5VSpzWFo671ZVTQDKZ/5FqCQy9dEc
2EEVOy9wWaFMrPBWyHdGQvpEy8ss0Pw5dVKtRANlFwQnWtjyUDD2pOy9qviB
ZnMdGqe9ABSet0T3VTwhKcFYqSk8cTILclIUx1exL0dNMJAno1SxS2HjN0R9
WXz2b4Rk3uRcERz5ZoluyMK1VxCWQe2TTBUP1QeYQSdjGSu9YsjCUBhCpsWU
0g75YGh9FcUVKoaMV4RCVgxFqygiVBGqUTG3XPV4s4qDFYrp89UngxPZlZwO
Ca74wKcJMhnV02GHbM1vY9aHZ2WwurUetHMV/UCi4lCPDymGtUY24iNUQfeW
t8meTU/E6cWiEWFsh7vFkqhSXeCe4oZRKU/QtTUeU7AAF1wxxrcNOpUNUPkj
0NiL/r8zqmOBvbi/zCNu8dqysxA3zxqtLSt/XrkksFST7ZankHZRBDi0NQx0
FmbAV9XPXVV3oYI3GybWlov20rdpRap8ZVIgFssyBihVWxdZEjWsaGdYPFp9
aAiPFGmqsYKgMKGxnOMjgLL25//R+9OBz1xnCyNP5eKZjG07EkCgrqpJytJ4
ONmM53RJMoVysiJc3dXwjbx3KTbt1AHcqtGluIsU+c9PoLebO1DbAYvHiHGt
KqFCApH1VPZ9dOYiWHh8TBbdd3zsdDbuybhrFBq0kVc/7FxVknFUnTuOlLba
+eXvxFQle3isk1hB5HQkkifJMxStiPreu+tkErnhcjWdFwH8kWPRKKU7IEtV
MEOCaNrMqS594wDRBiitVh9lCk19V82CK0idsfQwSPyVSPwIviwytDWFhexi
KlY5yrlHsSSs7sZplhlOhwnsv+8pRyaR44Qq5E51a8AUqMMtRdjgwpXsVlFi
W8WSsygSTQs1HrdyJbHIP2y9P7fLYVFSo+KkKhdWNyGVBVFL2HjgFiG3uLXu
aGiC+pZ5hOO1VDy2VfA9xERQlYGDa6xS/ek7ogkSr5NWdGHV/MpCrBY8Qw/8
POmpCtxioL+j65BkIJNjhfJBFY21GHNlIEHrS+0ILAJe6u/6Kq9on6kSBTwF
ZKxdEqR6LphqyHuWqluwuI5zqfdpmGUandhM7VkQ5EuPDUmmVHke4Gs14yXw
zlNx4NtZSao0dsD9CRPVICXgjq7Uf3Ei9Kh8RdxDhuK7NIkrwEQunaSGyeW7
UTh4Y+VD2smKRpYzCZGCQrl+w2JbzptG4M0NrBa3UdE3OErthsXF8LlQHzHa
wOmsSAj36xPkMmzcsX8hwxVyRaFEhJWrkJHjh1BaIarsN+3MOSVfmSrR1EJz
Q/JmrR1gZopaQ6ilVWxge4dNcFVKXHdpbVClDgCCz1U6Gh/BHUaLuRmpOVZM
IKGbnzNRIcxMtXmtZdglHAkDI3NPMgAlW/dI2cVWOQl1ra8oxyYh1Ya+aXtc
GtzcvA3LJ2KFUgkHsndGyJffWx45ObPM3cMqnNMpLCrFa7fi71WwvzUscV/C
DK2ZeS2jAI+MkITwbuCgPlU3kNTtGzrxG4dH3RhKfGPkFjxD1ktU5XtTviEv
wYhuyu08g5xmRMfq1jjkfdimcYyuvdMY1ZXuHQZZTRtC1phodpLOPXJ96VbY
WG8tKjY6QEck9nQS8Z7WhO4RbJUiwKDzRwFi7lrtdRSRsdHr46ZTeigDEgHX
7fsg+cwWw+MlqDhiN0RJ32zF+E6bgCu0m0XYTSMOGOtyH7rAdL1wSrvWMF6H
SthIwiFRYNWLFlP/dOlODu3iaGKa1tB8bl1mkWsMqEbUs06J8TKz8cGUn8mj
BC3KyUHHlHdZubSNsCgrZ1sV2qfZTeGp/JXtbgnkxFSgFntYdDds3Ce/ugcw
yjVtWUhgO8bCT7myfPHUcqdONxmkv9nYbkosUqp9tKZMkSCoqYzAzkGaySKT
ZQ2deHRxUmEtFss/ZSfyr/P+lPpQ4OUbCVPB4OdAVLfAs0e163fbaZ1W5Tp8
3K4EUloYpaOyXPFi2/XMSqqJGJ++KnRmwtjttZHbx+o9YJZHVepUWUOdql66
rkXsrgJR0iWJVJ6Nelwx4hRq3HibVNVdgxzwHMM68DXi0FsKY5dKD31spbHC
ST/Ad2gl8eaFZKmfAwzVmwBNnswnlVxVCMlX5ThMo/YYL+IGdVbLWUkkesKZ
ibBJXFxLlSLtoAsBasW2cwEonKebu0bl2MTJRGb/Hk2Tx9tVebmPcxbakHuA
V7Dzr3Dq3evOyzv0fsadV+7Qy7vtfsahxyNbXmrLaG+cTr/512Gqfyma1uEg
qiVjoHNodhvl1+yOvN5ojyOXjAEjWzVRrJFVOU7/gWOXjIKrRp2SBAr/d4xd
MgqMPcWgKGfenxm7ZBQYm6O48tB+7NgloxC8Z1GyzI/9uJMsGQNGFq/C7xq5
ZAxKu8zXHdc1MNCQp+u3SF+jopDplCTNF/guNi21o7lU9r2plWQFg7u0iyM8
rJ570umyuPxxdBsagl7KW6Zerh4YBrxZpFY1k2OmZaRwlJylXhoXqy3MLqYo
qxrNeivaKmN+yapJOldqdRZqES71pAovcnIuz0QZWlIiZzqfAKPqyZumMi+m
lVDFhMQCllLD8uWitVaUrzeCqhfK8k62EJeUlUDLKflCqGp1bOosBl5xhww6
pGTM4cpMCGrPBKSjxmVVRY+y4lie1pWGod2YcqtUGC1IBrIei35UDNGrFGlU
hUnLGp8XAIv6epnmU055ZGmY+f8zB5ja3e/3f1mw3nAMIIFuSatEDUBzJkha
wCbj/qGV792PQENHU4gINfpU/MN39X82PnYu64ed+sFJw9MSIW7ll93dnHdE
oUTpmjQOy+JQN8XsXWPLj8jgHFH5ksessN04bTc7zff3ra+Ap/Y6RXnGxaGq
Ss86UoMNP980+uYTiwbaHkMUylq8t37xp433jUsbyP76TdDNsheeLwCHqzdB
ffT4mIy/qszzY0B7cnZYPykDK9MD5M8qFYBsV1Qzd4DYa4xuUpUOz9s0G2T5
WqnqQEpD1MjJsUOFcSiyXPfSVW0GEq61hRmHdreLVUnddqEptJ3byhbZ4028
qTt6WuiONEonVfIWYU9LzgtHEIggYWCgNqxiHyrMgeyiCUL7esGM6VbE5V2K
dFilsRJGcdEhrUXp2Aq55ivDx7G6nLfGDB3oMl1mya4yzxV/CnktXPOztppB
RZo16Ro52utqYmFUqouT0uIVRbUHRCpbjzsxyqaNSopZI9afbt7K2XExzNoz
Ic15NdMNZLYPfX0jH0Z953nFAAK7nzXaLCwGaRduVPeQ7UIKRGxb4oIfa08M
1E6FfEstKcuYrsj+UIVzhcpZqlc+XNkUVWJKAok9APGl08PL6/OO+dJGCEQF
fcGW1dwQFC8Ylo561Hj4qLkhcNQFCE25zeKoHy7r586Xa0bNDUExiNP8lzTq
1akz7tpRc0OQ2oqVOYprxXJHD11rbgg1ahUt/ipY0Iz6TywDCtzuIaNaQ3AU
MVUAyK8VBmseXz9srbkhzKj2VNaoerUPGFUPwZiV2Fq8waxLEFEettbcEL8x
AZJKLKVX25R+DjQ9kHwnaqfHAUSsq5EXXNwBRPxNOndOG7TjL1gtsskW92Kx
a3tbRu+svNL/44zf1iA3OiDFQ11TlQy3a9FamW+qjjfqc1Lq9z7bty4KHmUe
5UwhrIYsW9mJHm6RcFUcPHb6rueMlG6t2FzpP1vNV7XEc0Vr1CScG48VcK1o
S4oZUi9GqaOQ2oPYfSTVaRMvVsXK8w+Kw9OMbEDbV7C9t5mOauiwCh+Uf3MY
iBCLiCtNWqnJgs7+KUWpn0p5KVbbyWW8KAv2I9NdbGxdm/HyOLt1GeT+V9mv
S5NS/kVZKf6/LjFFhjbpder1x8Xgl6fq0dBaV/gDhrbGwqGl0KuzajfjY735
3R7aGus31mg4xc+OUDAEQF1WuXD+hqYdG/6XOUcZBRq3yjLL6qacr6JqlCSr
aBNqgmr0QNbCOFdOEoUpMPBV3ujAtDusWNEkmjCuzHzjhg4m6EFF9hcvoGsK
xMsnrY5U7TyY6Z+0qo1cY087HtKv9zAyQru/rNYZdiC7BMeyF950ctTUiaMY
ccGe8VgyDbXKBlsbSnvxLCw3eLFtakOW7lx3M3OBqjpESlRjjbUSmkSmgcyy
Cxj/oG2xqFBNOQsoodHNVXd6qvkpiLCihbsKXnXPxduIMDJWTi0fnPr7DArk
U0aAmRAUbS9wG9yg6eGhBga5oA66OZZfZfUVe6/PBl8KQbAbWUpBL0XN854C
dbNJoC8KAcZWSfxcq/MDqZBUSGgoqRm0adud1f2xr5a+S2oxXRVL5BR7zMdn
iPK9mW7ldwEH6W5DNdwGoqKQH+egoBa7ZuDaYoDmGPhaaGnCvY86ZkMkEXEa
sCdbmf4LJbiN96TQq8CQAquAuqZpdCWB8ulF5MbjE1p9zNzy24SONiy52jD3
VPX81g8qnoI//lDtHtyKcGgv5ZiklCvBcR1+LFC2bj7OCMfkB7Jp4CFhHRVt
h40SH6ud2hU1qIB/0uMGndijiJLw7ZrnZkL7PemANAtJRQJYULwpdnmx1Yt8
4ReuYac6+kgkkssG0PSvG7mXOzIMf8IinmzswTPysHCFKjFm6mCoSpziUpEL
Mkg4q0OqC4r8LAiqxGPYl6E58ELVdIxBn4T53i73Jr4Yi1DdiZQsTXZ1U11Y
mVvvnNvwcLMGbuWlKmVz2UJT3tApS8U2Ym01DHHyj7Xnr3bo/lEJdOWb0xFA
OkZPldKyomod+6M47dJ5l/NgqNuQTEPqRlua9vgHQRo+3y9j3vvP91/SWs4b
rSq5WN11SBwwmn11oXtpuNhqthpVHSur5iAiaEi1HLGzbqGKFbuaIftVvBEo
rVRpvRuOKa648R7Nl4eNDae1AdtXvSr+O2i8aZ766jn6ytus1Wpb/HPj9Cj3
I9lAvV+ooLaKlH1vFwU8R1TqU8UiphBWM2apqOPW56y55TRvpJ+7ru9rOzSz
uNoNq2LYNI0a4W57prBd1k1vGD/uqSlIRdjptCQmWdenU9qjiVAsmOKt6n7S
1gBrzVVxpqykujAplg+th/gTCwvsFa2YzFQ6dEb/f6+c4V+QL01jbplmeSZ5
TrmruRrzestWg9D5lEkPZzkI5TOag+4Jy90ameNbZ1FlwzoFrnJ1Eqk4qn0z
3CYXvVzNj75pDIDJXb0AjW92sVKq90zvGwhR6qYSftg4R12xTccvWiUXB8a7
jPH8KAdQ1EehiGLRqTO1sc2p4oq4QL0MM3fXrrB4A8h2hdXEb/zNd1dbKh9G
BfvTI9IwXJ/HDchIVP7qL7i/yv1zNL5KKUeUQdVsDXc6zmtTZWrpNVBUb2dV
S2yB12+A6sH7LgiBhBNxxRN5SGFLXXjRLu5J2U0B7Fm7dQ1kPXtvJKbZ1Rgd
RSFbxchwlQIW/1uYxLofe6HlfL18ADoQejP3BvGCqXbz9OEPXQn+L34O1bh5
B5wf3R/ahrylG9AkISlzqoAjG9taTshK/m4yE1XCJGzzDpHfSnozYq2pxOpa
QcWR/ud0RadTjrwiIU6LtHVLpH2HIi13JDSTuYErVmIONrWnCpqW8QKIXISB
XKj2S2FpNxCnH8IniTAnHXe07CYRkIkgHanQEFMuymrMslDSuZ21qWi3h0Ed
eSTw62NScTF4Yrwsh047THQ0/j1w2bRr6ZeoYkoLpGBbIFxbdAs8/Yqd4eOE
M+lkmgij4qhp4iPB4KQAlBF+l/2gdTxLPRT0Q1u9z8FLrzx/V3pOSWODrMUq
/EwIkEKRqUHcJVQTjLesioLpDXpY2FWX7sNMc11mzVqr4Y9OFWVqVF/TVlER
+lJO75RsRbseP4dkV8yGxISv8sPF26/ZIXuIHFpFXv0ctCkAYDDHGZSua/Ef
LY1h8xilhNMGp7HWnO3MZ6FK6lHFpPOnonKlpGA4OaiqM8r0QNkAtDSMissf
UUH950AT0n+CXlbh+D3TUqBHKdKTmGL/cvvOtw9AXwa3ELDsMjntn67NYJ6Q
Ui7GAjZ3oVICA9zYRjAx3NzY0W/lAphogLrIuTqqYtX3//k//s90RWCf3Ggq
aC5pTTe22LulU4sD2jW6rICy3+hlSodEMlqQpGYiRNycKbzAqusiGlAQ2AoJ
5z1UKBmfRE/s50HPRLsoaRYMINgGxYWir9LhqVYB7Udm5hSdXKlpw+O4QTSW
8XdFSuAFSowvLkgFU60zmoBOZFPfS6kgKUoQaKNpvnOVnVd2F1otjylL7f5m
t9LvGGkPySZ99tkgnWSRF+GUr7kXpZ7F+QLdmpZNqwPsXKuucWBZ6EWeRQMO
WzFsW73MRsiBFRZnWiSi2iuFCdD04y25HI0J3CQPaDw2BRQoFIaSRIkgWwZt
NiFZ+aA8rqm+qw0ssmsdvQ0z6A6FeIntOjkEZwoGI8Kmsmvt6Czd7DmdAI3q
wbZSj5OpU2KRzSOY4TacSldQlcy3crwKFYP4aiuzUrBc58NLDp/eAaV+jcdh
35Oy/E7f95p/RkSJcpIDuuXcasY0FqAdWgBR0QKmYPK02IicF4l6HWWIy148
KlOiqhed8Z1gUyUagyqsplAFjygNqyhESX0FHWBsoo+UpS7glpKWDKm6cpLx
slgCg8Zgxmkc76YDGhK9xGRPayasYYIRhZKdRRREk2MEhGIPGDxL5IoCQadh
7Kan5i6c9kp5BjvZoKVuHj4j2eQxVh5AkwKHOtNh6FU6macr6zTmKQtWPEBT
IytUSczQ2dD3mVxR6QiFKbJlDaJhNUh6I/RE4UbMxY+sIURVi6TQibUWNlZ5
hiBwjCJHViZ2uw/K8cNK2Jw6sc1/687BIE/PtqQ+QTQb4Uv4bIwbAqRPts33
7jsVh1wBlbNL6Y+D+VRcTbrZ68DHYg2FGA3G/mDG1wk5G6Yyx8mCSJjur6pw
RFVwDdK7ofekuu7fE+8333Tk2ATYbBXc0Pe5qelfyTRP7N9/U8EXtjvb+d1W
r8p+39Qdy/5U+ruYlbfKx1fre7JiffZL6/b/m3/IeZKrfycqtfl0q/T3uxXj
3w8/o2qV7e8++Onxn6zb//+eB0Du99+KvzsLf+IAmPDLz7/vOSKJjKgwfXN/
y1NiyubelnojN8adVw4z3NEpOn43d7dyP8tCCtj827/bT7mbtV4xt7gAAd/Q
ZucV5yF7kr+WzVKyFw2TZ1v5vaDB+/tr/xdFIv0sysbhf2zU4XOEthYQHTZA
tCNZxKIuVgyYpi0WGcSiMySBOwqA5otuspXEPzBt5ggHyzmqOoypCIx8FzlR
vuANFZmB1Y3nAbCxLAwLLVTcyuJ6cuN4wDookhZtfBBMFs3ZdZeeszNAkxol
1pUIyf6mcMstiQsMJ8DPi22fuU6NXdRCrCM+4C8Dp9yEBAplqnihTAlDeZKG
zT+QxDRLqG8LMGYEqaS5r05H94H01LjnxMjqYkvVGEK3Fo3VGgJrS4WUtGcn
hU9XrJ27TpSn6NsDa8eXRJB7FMFCbQFZ+bqLwoWrWlg+qnzzGaNMiBwNINTo
SO3tk6kSwFfAXEkgGg11ODsrWAR7ktWt0twkAWEDj9RitgYBUJbVzlEKZtiH
gz/GCn9iLPOch5Frp+5lyDFwH6687MOS3vgERWTrh7NIwvZQBrQ9cxZq6upo
uvsPyUwPasfF7UTKxDTy1UR30TiUrlcRdQlDaciJD9TBBfnCFYxpTtCJvRQr
KkiLeaJVb4iNGGVF9y7r6FouUBJTCAw7TTFiZy51GLhQYTQLVkLMDuNSFaro
MsBdDKI0L5upcyo2aqgYYdYcX0VVJZGqe5ZxPdfwlIzzXGrM6q4hQtCNSRZU
MQCWAuLZMaZ54GuHv1VMTwrH2hU8ijPmR1RUK1J1EnT+UKB+M0GsGFtX+NJ4
ZmzrvFoF8Yx8WxHdQ9YMpnrldMwNliMrTJjKZXZfzZXqcGsPpUh9vDzVZwI7
idEqHygyrrOMgvwUVmQWdzidmmi1wtC+Jt0lfNuzz9LqBGKVl6EV23Y94Rzr
u3/YAXjIH4zeh3dcxbyNl4X6uZ6ttQQG+d2Lpa8nb3zpAsxCJ2vpsALKwCTo
TvxwMsuWJnROh6gr92c2ymWtejn3V75DjRyB2+lBdYDBekDSvK7cjJBx0AQW
pImS3nwiSGtFKT8IH+y8qRweOB6pBfcvMYVWi3nZJjxl1eWvOBfX6XLiJvGb
tsd8OE7RFtlCqHkhbdQruEZsdOQ07TY56NX9LiUzFW3O4mB7fTcV4dUtFAQN
Lat2xTE/miWnqum05bG2W3FRWgl24TH2zpp/yAFCbgcQNlHR8GwfISLBanlQ
2q5HLhKnJeSisRgJ1I0YUeUoySEBOR44oCkvZxHmfKM8x9tqdTEWa+p0aWw6
GFZAPl/T/prwCoS+yXxKpngrE9vcXiPV1iRpXrp/Ev4TSVPBsMZEbLFxtsUv
4KBHcG8jPkzOTi54qa3Smzc2P9QhhXNlFLOKQ7i+U8acfAZrWfsoChlDI3EV
FlFV4nBC8VMYE3ap7y2r9Xwx2pp4U3RQmrN09UM0EGm1qUDYDO1XJmGFFzoS
i0lHOZUIcryiEIbpmYVw07aAohpzq+BIYkHBMNOTqpi+VXSzZgFFhuI2sXem
SABXQFdV5D2rcLvUujAg4Ek3CYeIwqPk25Yiuq5jYkp5DOKaqLjeCHQ7o2Wb
cqkYgZl6IGqH0742CP8iBdCM3yrF5B2D6zhSbxTj28YKKj7WQo0U1WJPpyLb
0mNZhsGx7iAdiqpRGJTzoS27oWmXXJSg1mb8cHE2Lh5aionsaUfrtcpXcrUV
PXWsu3atSYsrK590w3JZWQK2xm7PYiXzbPCy7RYvVqXjiLyYlEIdJaCs0sxi
6uwQgoMPo7s1ZJlPlE8hFe4H6MMLVJ6KvGF/ADQvz3Sk2IyUjNAFJov1y0pz
6A0pMCFxjKSnnOmyGjUN52ZbSA77SjYtlWqNs6woGzDsMGqbAO7x0Lp6p6ZD
K/JdJDbZ1ACSxeUs4YJWFUVsSrWnYPowLLfz2jypLsAYVvraqh5pTql3IjyZ
VVrUklQ9DW6MPwLUyEzteQ4wV4H8hNVTJxpLA6EiA5iwJ62aTll1tHpd5HI3
eTXqAogZDjgBxxmYJRr+UdC1td6cxmZxK3MtVUykWmreOscYe6nL2MPr+agf
EmTYfBEwfqSqUM5qncQ4AvNYYqdUWK3AXROlo6f7HbEbhRgmmL/EUr5EHPob
yrBYcy9gNL2Lb0lhiFJrExh6yhbAdQRHWvkVJlVYaibnR/EQq/cwSju4qbIG
kEG/nz5wcm1YyJ3gPUk43qoCHu4dUQFaVnaQVXjjYVlChpCaBtm5xdb8IxFQ
MYeBU4B0MRU9q50o+pi0INOvIQRhtcdhXhRxJFX2cz3FdfVMCTySOlclQTxb
cpVE+UAAtJWeQbzNlnhZGWENy5JVdLRZibiizZ0B1m+imh6qhAdaaLROrRig
xyqlYTUSyKWQ+sFiiG9K59spjNTxI1PRPYYAewub/FlZ3QhGUnWNIBCkSm1S
bUaofhZHc+OukKdJPJouHZ0C0CehqBXK1T0el7PulKN5dAS0vpO8EctFToaK
e13iRAP7aL7O2EkiCheejjGrKSc9cYry+qSO9Mn1UXMnZFngJGwWYNmNcV2W
BsvQ0Ck5GB+Igc0qM0RPvkKVoYq2YobSYZUZP1gevEr1BVFWyKQ2lFuHjet8
szYRcDBiMAYaNe1TPXb32zjZkFlV1JGTDSq8ylZMnTtWUiBClD3WvVXXZA4I
yTWGQPcMeUsKp6bKWwTunSU3hs4+UqpYXBAqdQ2CqadDg6PpYMzNcfBpKtSn
OHfOm6c0JmmowD2qpmJZmerbjVIZppHZqyH6X2I41YzCWuWG1UOXmMC0gpGR
mrHQ6qTVbt4kVcYiN3NSZQlAtpCBjEMb8QKHfLAtiqobc26sY+m2yGRZaNHD
JAnu9Kqz04ybzHUg6iA7O5NNmQqMdpwr1JRL6dXBTkADw7uATQTT1Z45mcrW
Fql+hdAiz+bZa7TrYrifpXtIqTSuDyGXt6hod8q+p4YwS1WeowwHhDCrNmPs
A9TdJtJ4HJpicMVLp+6jh3TL9u3m4VSm2K0Q3ES/066KqZtImG+AzfTduMBV
0xRmHTpTUs1ecC1waBvFqFK9cLia8b2Nu/8V+ywYrVWSj7N9ut/sDy7IqhIP
W9G2JTtAVmTYnMeY/cPZPF/xwwn+EsaF9dnKQtLsWf4gEOou5kSHuTe9m05q
Zd9G0xUgNskIeovrhHb77OTOCRU1PQqLijha4FOFicN51A8kUAJvyVTiIqQr
EMMWk0TH0QhhRO43t2yp8RZTIKyTPmOCXh+KgEqS5P5JJSR4dfWLSOUglL22
gAV5BgHXluPg64kt6JTbuujUDySbhIILnT4bGFo/jq1g2H/xnVzhR9N9OOwY
kYAC3P0EFQMtVhgWnhggMzP2XFcuczYncxar+enJDUdzcrD/KJ7mFF9B850d
qKGFZBOtKDx9y9OZinYYxn8LDueEO63lZ3kJznbErJYy8/YJF7Mw9idcuAKi
7f7XUoSYUwdRRtafcniunkrApW5Gvg63ZinOTco8MZlSIJTmA7q5lfSOY1bq
OOFy1Q5M5bUc081yzvy8q1XvXak9XB5FP+DZ7v7fu3dzC0XlCcSlPFVViJGE
WTzXKSCjG+YWRQvVZ8jTHgVHPaQYcaM7Wya737sjyz5rW109bSxW8Vs/tx/t
IfFWEuDino4l/4mi83tLHRXGBWCKFVTI/ycPi9PPr7dPa7t+i/tWSUGRdLpb
ncT9H04V2H8/PDtq+O1O/bLT/qvnYV52VQGrurez90wCV7/DqmMMSdVGi341
ToYBSA60KYwV7sf9zedbUksozOBpHfWqqv1gHKjOWk/xr9lt9HXzBY6Li9vc
Me/wN1V8wNhjcEmbnYOj1tkRLAb2ctQ4bp42O82z07bf+Hh+0jxsdvxO/U0b
C896VIbB8+CHM9igXz858f8CamSL/oSZ6iqB1bjSvv+o+FhKs965umxU6ydv
zi6bnbctWtbx5VnLesecKaxr55VfreKp/B2Nba929/7h/S6wWSB7CMQEWkHZ
4nb2Np+9JGj5/qGd0l6W6GY2isiw2/jKYQX/2h0+CCkshNjFzhW8LtwcoQIc
LCwPC9TUk57nUbJ7sdowocW/eNm3M3ydwA0rytugi8n78JSsN5ecX758XDxt
ju/BHs4E82gah6PpP5zyy99pA5hq6lsRGBXelsnTNS+0m58a/uZOrdaqf9zC
6s1upiG/uaougO//fecfTu1n61f/7Bwvbf3EjYwv/YdAdIrEAP75iIBYazqX
+1iyX5Db/HyiZ27P+k6XUQS9wu9lhKECX9dqNf+H/yM3KAVW+GeHnUYHKOxl
8/SNWq+9krIVU0ERgp4mafYwGnYyYVm66t93zct6A6WJre5g6+GNv9qlG/6+
Zy1xzemuOUF/k56hWuKHZ0CZTwHX2wzUikDi/LLRhm9/0JO/rXq2FA7yqr/+
XXtP+g1/C+Rjc03KDkr1+WyedhpvGpcMwsQNB0vz12nXXKdc5BjiR+6rsllF
ZLFbWhUpBa9FlCX73/2rIdMxrsVUhIdP7bZM/ye4Tysm9a9OmzA6z/0nXCAc
MIG8fX3aqX+UEYBGwyDm3KmGvDxuIMBFykr2T5vi3dMKa7iize/0fDvMfmzx
/GyvoX/yGL1jPfj9b3qoH1sGZ3Hn8kiuKL6eveh8l19/K/nd1Glc/YyqQug+
oQIFq2ylWPUr9aBf9aM0cl/9syDx6gekRfeK37kl/Opf7xmeGqUjy1v1AHcx
X/WrbkC+6gHVKXbd73fhStDqZrTrHpA+3+4TbhBRyY8l553rgFb2kuoAU/Jb
oftKyTPcNqhsVuo0UvxBQqQVdwBqiffD8pGuFFL4jYfKWfK0EbbWCFos+Dz1
3YUoZ61v/1slAPosRelN7MBg90TmPHQsvY5VY+rw34evT4+5u2JM9Kk+cs96
zL08INky8Qjo7ZaO4ADv0Uciq8gDcV1d6EeN7Kzu/llMieifnyV/eOuqRf/8
LOXH6WDdzx1F+fJzPOonDkKvrPwUXDb3Ews3E9yzA2GVv2OCvfsmUBLjz07w
9L4JmFn//A7210/A3P73nMGz+yb4vSB6vn4CLXD89AQv1k/AAsvvAdHL9RNo
meenJ3i1fgIlM/2Oi3bPVRap6/dc5Xvushbcfn6Gey6zkfx+eoaCCKPlLr/4
73HEunzx5Y2BH7d8XF358ZY3B3786OVHW94e+PGjr4ZMsUHw40cvJ9DlLYIf
P3o5dS5vEvz40ctJc3mj4MePXk6Xy5sFP370F/mr5DZ8+imULKDKuqZnD11y
bl35m7SuA9pPTpG/Tuvaof3kFPcAyumN9pNT5C/WukZpPzlF/nat65r2k1Pk
r9i6Fmo/OUX+nq3vp/aTk+RloHXt1X5yCpSCVJ/Kor73gG6VZTY6Y2/MG+bX
qXyPnMw2+JkJ33CVGoy16qBFq3ROpQA+ckZjPrxvg3l17QETFa2QZpKrzrEk
u5VMwQrbY2ZQlswH70KpbI+ZxFhEHzGN0koeN5Exfj4QZFqBe9w82kT7wGlE
jXvMJNrO++ApfgZk6eNBZhS6x0xk253NROLIKZlFtLrHTKEt1w8Z3yh1j5nC
Nn8/ZBat2T1mEsuEbuY4ODs7adRPV8yBnOWxU7AV/oGHbtS7x06jrPkPBZeo
eI+dRvsE1m8op5A9sAez41e4f4KHchTLK3EfZcwrYw8c3XVOrMEmVx176Not
58g9YxeVsQfOUeZkuWcuVs0eOL5y0NwzpihkDwa7eHceII3YCtn/spbgjdMj
FZwGHzE0jRrk/OI366d1/9AJxvW883HIaWdwA0E03NDdGjdM+jNGHEiBJt3C
W5VhU7UrpJEsxfhRBJ3cfZ1d2ZZI3JcVXkhkF3GiwlE4slfaP1ilCcuY1i8m
oE2yZjn0eKYydzZWhsJtqAhhnSWNKVs9qwejt9FuNXHd3G0PF0HNVyQ20MSh
bEjTMECqzd3a09rz2m7tGfzvRW1n6164pA+CC5Y7WQ2XUMVFcbc8jIta0bFE
4LW3VZNcRDNYGSAof4Jj0HHn786xg1l+k0+3TCKuDf6NknAtbrWC61Zt01SM
yAYmqQkAgvSWN89hL5KnhlPzgooH01JOTkBwWMOGs8Ytg8q6q60nJWyoLQ1G
vlHI0Wvf3pr4SvGJU5DfXvsKgfCbI7PT1yaArGE3H3wbJP0Fhp7qpTLqpPi+
bkH72nRIpS5W6tn8TcWssxgD98LUae3o1Ia+DMeUFXdO/Qo4fNVtjMZpjW5+
m14+R4VLgUirpE46Hwxw5qmbD5HFnlubuuJjrij8So0vgtxyEJu5jB7nLpRV
r1RR/bSbSXAbwkH1KM8+tas1SpUOGIoKdOGW6upvBlN5xQ29WJ1NWVI0Op9S
7l2GKeyLQs25rAz9yfUr5gmmPSac5gCkUMeXF/aOu/HNboJuPOcm17DfimTG
6yLodqp2SJksCWKOtN5gNHDKonK4OxU2DzNd/lryBzjwXR8z5joMsWgbtmV0
0kphST2s0gXzUTstvVyKGDdtuerX0ssqHx8OXOTWKQOpS3jOhJKoQf6cevoI
eUvLXNEzqvTqgnGClfszym88bp63qxJ9hmUgQixsX/FgDdKzIr9AXBplja1C
ZtPlIpTh/pzSNJ7bmgnRYp6qfn8aKOFUuoKkuST36apkMe7DDbCUnLKIi8Da
fZFW1XY/WPJLVkp9rnMHHjL37tIgkOB8Ref7YYj4OgnGnCbM7aTcyr8m28tg
nVWf06qW4w3iVDY/Aiymkvx2ZhkXNaMK5rkcM048alM6Dq6hqfJybAJGZWND
IV+m50o+bSpK5EavLCnStbPB+5Kuh2CGb8ZLz6ptqkur5oojqqIpXPdHVZ3U
qVSE7U69Xqlp540UQ1BNRk2TzHkKAKO8eLoDE0wfokKMVk1n1WeVmlWwvLYm
fZC4Bz2woTsG32KE0Hij0MBHdRAE8CC++7v7O9Wn2EbiMJ5M0AwBb6OZRDVH
iqQwLjLdoc6j46VT7zk9Iz0lPSV7uPEghdOkCixSDgbL0fVwJXemqI1Fjmmp
QUKp1pT0r1L8GV2o42+QEoHVx8rFCHsZ1qs0bWORJS1U401qvsr3KVVJLXb9
MqetCbXHwTwl3dNeuGQXpThs0lqt+u7dUkvWV8/JvLKuFQ6DuQF2LpoQsBiu
LotKtFXZPdfF+syFq6ZLj3ZC3+rsQKpXIZKhpPXwVitUSzAM+urqTGZKjMBK
KOPwK9b/4HIBptbkuixVWapKW8tl7IGIREtBqhbcxRHiwmypehqpgig6081K
1Fw1H3XNKczmUdoQjZOv3excRJ172I8YP0DZwHYPpMVSHx6mRUeq3VTbhPYz
LXIrtkgremrbMe/Z4oOGg6mkZ1VycwvV6rB3TxWMUcukTGlJ18AaM6Q0uOVk
RI3RNcsw9UrzdC2MGLl3EmfYugR5Osm+uskXYBl8FF5TqGHDLbRTVYxbCqqo
rnNOHzZK2/bskiX3NMPzrWZ4QWIRUWsiLSp4mg/h6s+t3iVW1xYqslHsoqY6
p4y4r5alYFAHt3Acz6QCQU2fLDFQqjBeGM6p9UWFkwpgcEobj0Lke4i8AGJP
deJhyGI/TyyjQSniKGTaY6kSmrpAD04W6HpcQS+LscymTiZJdNq252Q65ot8
V+zefyz/JdEwom72aptYZ4vSVymxFVt3UQlm7G5GpcxVBWwX+KtqIOlrYdqj
6Sktop9P0RwDyaIET2KVeMOz+ZSK2OSKBRTmpZZt2JCTCglhv7X+mv5qXk6g
Lh3OSE5w1TaYICABoeI0GyCMANb3UZ1tgUY6m49Ly4gIACLOlTRZvzgB7hYB
hsou3zgRywvdGWqeveJce80u31hlrsnJgk7t+yjxc7I4VU0FMQWOeGw1cOA6
DViKFt7oyscBJbZgYVkba2qkwapG1oXVYecz0ogQ+kCwWBlOPackv5mOqqWr
0Suqoq85Hy7lRGnxXeoU1keNh4rZ8KEjZ0evH5H4TpHH6965+dIzLK6bCmmY
sJqr+2XTY8Iur7wOmM7zBS4cJibVeEURAa7X6BZUU8ockQROl+FS+Kq5nlW2
OVcxT9pzrC0Dzjo/Cipu0Ru7OBcX7OA2dbpc3E9PqerpcMauJfCrvFypG02N
m3TZA/R197gik13cq6TmmW7URMuQrhFWWYRc8foNOEMg5+kGd7nU8qLYROap
EhLhKNEV6kXlJfCJ/VV5MFwD1f8PJJPe0XJXNSTjMlfUd8wdbBzP+9S0Chuu
Ct5jKfrOSZu3DHIQ11jWPHiOwRdcRW0RdkFQpA7TNWGfTkMYOFFPVPeYO0da
GEXDs4yLxRDHVM3XKhSNUOEV2dqF1KWgsXgcXC+bK4F/6NJUUsdQZW/fRbF0
05Ix4x4oFcWiGAuu1qEz1gvFYLRczDDQbddE6eHKsc0SAZw6ucHRzqlECAuw
GPlRlblEB7UmrPCN4LMlUX8OU2HNH1O/0ykz8piq1CRGk6TLDUlwQLFF0bRc
kphUu4ThJuAuMbTh87pbrumj+Q2LhUkHAou+k4Yc8d3V+SQshbj7I0lBhqK/
+5NoiqZxrroBW5uy3KslAjJ+5UmHrp5ujR5PncK8jyznLaUBJsQozX2TahJw
o6pyo4AZqyuo8UAJoSRJz8djZZIrW7JqGsJtjUpWSX03fygjgqkywcIFiqNV
EG5Ch6esLCnNN0dZI5QeIPVglDatS/9YYgMS3Xrx7OrW2bm4alHmEhCzEGhX
cLEqOlkmFermYplTbPPGip6i3GEG8JdQBmSjZMq2U1Fw0ZAiaKqNKFa5T2k/
Lix+Fia6IPwihJOkKyi1QkXEEVd0LbelSFcnslvuoIGUCCjW75/MqY2KY1PU
ZClXroL5C5VpEVyHs4zQLYrXux/0nGPWKjL3azm2O3y6TI+bfVJHLGVLLsOJ
0nJDupAa2wOAa1gXELUTbfljbWfNLfKsW+QikqGtzuBW611uLj6VQj0uCdDU
h40EdiMCeM30s1YVd7IRaLPcdWW2tkuBMPLLxuFZq9U4PWocOSYlKtEkl4NX
MkiCSbiIk1vUnCNg1Gp4rWvnqqxYG8cHQuf0bf5LnNLgskOmzZvwQK5tfUAi
ABXO6bm10LQ9LAdzq1+Z3YUe+6mgpqclCmvp3BS3uG6nSiviu+rfbtRuLNBJ
TWxiVZqS6wBqC13+sKUWZZQoLc16FClJKm05J1EqTgrBN5Szo3REXJuKOAVu
O4vC6uEm27BmccEFtsva1T2aKc88VUZLgXiQeYvMxOQmcOhBzLXhHKboIU2l
PluJf9WsKFhLq4SNktqS5HGWN8zuCeXl5RDnFBnevU0siul+XYZ9uJcUWZGS
NBLsReIiKIuZtggxAkKK9bC1Rf+/jxCBDpYCtQHRLJwAX+4rouM0VlHqrqGM
ZEyHHVhNSUS1VtWPrDoI3XAcT4dWHxy7lBRXD40HVfi/8xiLdabCS67wynO1
9A80aLqcTBD+PXOPSCtwC2QngbExblKJ7EguPdnuBd2jRHX5wZbGpmOKqZa1
JIIZTXVZPK3z617HCDam05Epp+f1qPmzvzFT25qZbW2ex+dbOtbCYewklijT
fEnrmhySwEBFHg9UJ6IGFS6YKzk26zgRPbKbqXPXNqYstsikVXe+RKe05C0E
pi7+b6ofo8QTjJU1LKDF43GJ7w/fn6vGYYyzxAF5a7rMemx4raLxJM4Xaxav
csqx5cw1JvWUWaYnghBamMn94SHiLlC+iBLqwWCWpGVIXA3wBdXAQC9M+SyQ
aHRDVpS12x0ZCQpicQ+9RE3pBc2+S2MmiZOgh+IhWrTEZJBnaNLnyilGrykT
a4nKetZLAAuralaEMrqma7povq2A849I97giOJXzR+pLse8bUg9DM4eImy2w
Tgn4BbJZd853LkG7Hgf2sE6LhZpZQYV9gPDK5gEyugKCpxQVg0+T1z3j6mWy
ZJL+v2Y+nf9sHMOSrMcWYXBL9fpUyx4NR21Ox146IYzSz/djW4xiothCSl1J
oIw/ojOZOJLFbUkcj9LMppRhP39cKYGGLrZhVSJjwIuTihfoLaD+v6rqa4Fv
ArN8AMcll3a6hJVNgAtaI2DjeOQ8IFDESJYvtaCx1jqmWs2Zrj/57Vr1lnOo
WdEHnfPqKvq8bmYPniSDC3lTw685Vi7eQSR22KBubJ4LkwRLf2JjNuKZKtSE
zStCgzZS7X3XIu+GmI+RAUx7ZEcCKW6s/KSWzi2+edCzqca8VNpjC8R0vQkk
34Thfk0e+GdHJYkwEyChz9JPR+nE5JGgk65p80OKzCIxMRYhC1lRgLYl8igQ
rqA207ut+S3q8cjmW5HI6JIBbe8Dg+H+bqr1sLAPjnWJ4j4WqEcXNM5WoWgI
toHR9RX3D6B/Etr+94zKisI9mYepMu9zH0d8V/s7lH+JdoJApMZ3vLTxUi1F
dGAuDYJeHWtzaS7aRpVphS3iXUITHRNoYpew8t4oZhfSPJ3TJLfsGhsgSnj4
A0a6Ix+b4RVMlOmfLZnTMCNlSSkDAfFuVicwOwC2B6SQkF10yJpfnzKslNBN
nRPSCZb27QVJXxAZZ01xUuI9ZLEdhWPTewCAc3p8iKEHfRLAPnC5WZOilKu5
Gihjr64IWnF96d0QHYhxogQkG6q26VCXoFfNF7T8o1oDW4uQ99Atwj0vInaD
EPdP0S4ACo26P6tb9TitfmgnyG/J52+7YHSIFLrAp4bxcEub1DNdGEPNBFl2
US0hnUYAuoFYJKx9VShF3hKnzFMF7MR5bBNcAS5UN5S1HArRFi+Odg5Xq1W/
C0ydYioJfajTW6LCLnM9p1cYnxzyBELbKMtm6evt7SFg8bxbA5KyHYXZoArT
p9XFcBtDui0dhEiPbjvtGAdQP0ac1i4WWN14bNcSzEZJPB+OlKWLn08x5iaa
FmwNoBBiGz6jhLzmuG9qGU+1PP3DxiXGiB/WOw361ms1mwcvjg4P65/OhvVF
86A+bF61hifd8buvZ5efDt7uvd/72P32fL7z9fLlk4t0cTi8br6LPzW/fd5p
wPML7/Ko0W4d1N/Ud68ah8PFr8GH9zufot3l9cfLb63LncWbxfXR+4uLk6OD
y0WwN94/+ZCNw/buqP/2ctx7ejny+m/Gd93PjfNWfYcGqS8Wb64mr+76jdOD
1sH+x6NOc6911Pp6+rmx3/p88a11HMN3Lfqu9a2x77U+X+GXi59diaeWsnYl
x7eLxuL6rez9sH6h4XDk1S96RxfDeuPZ07t+90Pr5OpLEL+8jcL3+1/nT+ZH
Qdb7vHux+/TFkw9nyzfLg3i0M1n0wmcnHz9Onrw627/y3r8JT7Lm7m0ym754
engbvcmCw/ZVcnI9uHzz4vnp59abxuIIl3+506lfvN0+qF8t6ovGwfa3ev9g
ePree3ux3zgeXlw9fxk1h2+PsvDyWbb3chBev+//evn+7dHVaLh4ywN8PjgY
Lo7juvOsl3/4aEgPn/NsF0f14btGqx6/OTz88qbd2n91UG8d1nd69Vbj4rB5
1Jl5dxeT618vgt5+7/Pp5fmH94tlo/80ONx+Fc3Phs/2n3y7e3734bjzaz06
+NJ9f5ReZd9mn0bz+sWX2e2zs+G1d3aRvd1JL7Pr93dnL6fnH79+uTqM6//x
H4y+jdOjIvJyUoMOGzxXhSF0SBA7eRXrwGbc5JcD+W+CMcIYz27MP8x+pe/t
eOk4gMmjooY31ZVVqx0jdxvJtf5OaSo6wL4vqtHSQ8ta+219FyXwEWqFzaNa
aSdPsz5TUF3XRyYelaXheOBvAvXRVaUL8mgK8q3oYtj6NdtilZjCSzFgOfW0
/ccK/QRSZFn7xnF8SwZUs7cuB4PojdQK9KbxHtNSDi1iM/kGxKYNyHPRWAyH
jV6r+eb2YHj9pb7fn9br9cXwk1y04dnbT4tGvd6sN59+2Xvy4mXyZJ7sL7w3
Q+vH69Z563N9edqpf2t1Lr7C50Xr6CBovbl+c7CMj0Z7vYN6/V39w7eDT62D
FnzH2OvVhw2NynCR3tZ3mvWD88ZyL3t7fPYi+9gOww/j3dG7xq/LWfPJ9cfe
02/74yzonB8df3hzPW6NFm/H3l0PpJ5Px4Pk6+hla7m8PW2ets7evN1ZfH6y
Pzy7Da8/P7n7AnSjt7h+wyuuwxpuF8d1vYMDr95s/Hrx4TT71D446j79dcHL
lKVfvKsfNkadTnvnWesItgbUzfx2dnDQac5bbYBJq76wfpgf1gcvF0fWLEfX
Fwf1b/Wzg2GPAX3RaI7qrYOr6/qi9/kABo6GHtKP696bZpB8SbPmPOpfHk+H
Z9+uXp1dXx+H+3nS32gfHbypR4169uE0ut3+Ek1fJQ0vHnx89amxH767ndz2
ouFBYzr7BLd+J/o2259iodOLw2Uw/rbfTcefPn7OLg5ftQ7jSXfx8X2v8eaq
2Qtf7fe9q+Ne88VFux0M7evv4hLd/bdWP8Ewy5YYMGBcZbmrLdxQffvac8r4
vuail5w9+9rfpT91NVG4v9ny7zv/eO1WgKOv7UxyKfN3iGJS4fHVafX2v+pf
/b93lyA+/APbCPe7YTjoBYOwG3RDZ/Tde0fPF860Z8Df/uFjEtTO09393b0d
+PfJGX/v3vEDp+hmyfqf7jx79XRn9+nO850Xe8HL5/sve+HT/s4eVkEsAW9+
RwJeRXcfANvygp/2ykx32X/49R5mJMfJ7AFwXVEPtGTT+y+fPd3v7/Wfwtbx
fw8A6spqoqtWvlfbrbkDP10/cK6Mp7PsOB7/w+8kcxe99u8f0C7saY8IVxDO
3hnt2frRnCKlhaEAcXZwt1Yg7ubuFl9Yt341ooWMog1g/Cdmde3VXu7v1HZ3
dvaf1fZrT2t78miu5PRrwNv95zt7e/Bk99nzp8/3Xj0dBMHeq4HCW1ViWv97
7T/f7e2+fPk86AZBr7v/shvsvXi2u/v8xcudsNffH+yHz3df7j4LQ6Zb5LNj
40wW2jpcapl4jVwP7BbZddOqFO4f1t02lU7QLCqMdoOWhykCh/XPwJuDSCsC
pxdZZ/fdy0HrZPJx9ull+mJ0dhwPdp5ERxdFReDi2x+jCJwhMxPx+7j94dnO
xU5j8XbUO219vl6AwL/X6gyXp0etxQf87ht99w2/80478OXng+PWZRNkA5rt
3VF9PPv08XJy8vFXmKn19W2n3kWJ+aCeto7fHiTBx2EW7L1/dvLheAdW8P5b
/83xTvDh1bx1WWch+OLi6Kje3/n08XQHHkoepAi87JwEO72rF/Pd/q/PngUf
PzTii+m728/PRv1vg/Pow+6s9bL1/vpTdLV8Ww8/vFp+eNe/ff/kznvzdvHt
5N3FznBnsX896Byev4jqzy+fRefPn8QfgtP91ttrZOyWItBc1I9YCUAd4F4m
nlcC+idvDj+0b5eHnz9/Xd7t1L3+Ye90f/I+fvttv0QJCEFouMbT6f96cUGK
0uEyfVO/uDgYJv3+QR0EmqKWMAQt4Qo5f+tT993d9eWTu5f1dHL7dfr8zd3J
cv9ovPz45Pz5yfmLg6snWc+7zebjN/Xm8PDJ04vJ8Nvo4Gx3nGUn5+OTqPHy
7NPF+8XtzuePs92zpPFq3k2fvHnWW6ck3K/+dlD9faex/tPBPH3XOL29/TL/
EN6efosvv3z49cv8+Ze38X9n9fdn719e/S29fx869Q4Kj6Pbz2fnF03AnqF8
bh14B4vTw3r98tPuxd7Vduu6Pj2NjvaeDw8X9bRz9Gv4GcS+SWt3Mjw/3X95
3rpdvpxtvxp/eHb36urrQXx6eOL9+u7tCWxzfPT85MX1/ovhoBGnzy7jV/u/
xpN4r7W47tTPCcMvYYODl42DDuA84GTrgGDW946GFx8ODi530utfP73rNN+d
nb99t31xsPPr4mn06cNwcP65PqAB2q3Gm6P6h+FBJ1k2o3rvbPfZ28nTrvf1
1bPR+53x8VXvtA0PnPF9esmzIRLHBYp31L6oLy6HIEefjabezuFlY/v5++Xe
8uLZCagj2192Ru/PPtx+GcfDs+vl3f7Fs+2XH3dGKDDvv9l/fvLm12A+PX2V
7l89PwG8906PuzvD2acXzz6kp1/3n24nzw9P+43Wveov6r/oVbRjBO7Rf0v1
XhUmEmjfQ7aIrWyNgk5J9lU3K66m89ztkAjX00amf62oqx6nKRuSYYVJVnNX
TS76VKmd9/LBaFom+4NynbHVTMcLUGwKWcwCSsS9Cx+gvr4hW1k8FPX13cFD
1Ne7+fa77eTLk6dfdv6/qL6+tdXXgyt7e6C+xvVm+/j09KRzu0AVdTiAZUa0
9DqIEwfPj+p3Ruts1ofti2fXnebuJ2Tmy91Ra9La8U46l7fXHy6ysw/vx61D
+PJDc+dTp/e09eF6ef2ttfhkYHZYvz7olvFgTzFhxYM/nb0Yfdo9ufj8sbPz
6vmz7vtzvIuXF2F9lHW/7ifd6d3Lj1envz7ppS/au9eH19nO2OtvTz6ku7Oj
5sV+v/v1/P3h8F36/7R3bU2K4lD4Pb/Cd8sSAUHmDUVttAHBK74FjMhNadBB
+fWboPagrbbTvTu1Vbvlg1VUEQ4nJ+TLd25darxOe2GtMd+2kxHeAH+9Tstx
2uLF4dsZtsDV6bslsjJh6oo3dhyHfL7GhRuR2PJE+WxLeIr11LHFC2VuRx+U
yaojO1W7cl0bUowi+QzWpWvS7a02Ul2guhTeJJSaEpqs6k1WJj1+SplFXQKi
TEORQ7nadLoYLQSJMh7MJdOb1gKHrr4wZpWlWmOfsY3USBl28robNhh2UINZ
lw6DxKWTNuBUNVtZQWNjOka0G1iT5ir2pGtlYp1cKFPD0mCbcnprAk+BSbgj
5811HLn7VbwKzlv3d/Aq+Gy//CN4lcBV8B28el4q4Kt4tQhXwVfw6jVcBb+L
V2/BVfA7ePUeXAXP4tVHcBXcwasfuDQja3ZEV9T9g+JJKDpk1GxWRShbyIMM
zPiF9vamC+LcFfj12G1OtU2cYuDRM1B91Kn2kxkv08z+RWiWZ+F0tEWusGrr
oemnIvRrff415sEGI90GQbqIwguqO9yQd8WLrtPVrbi1kua9fhysI8nm2jBw
Ybx7W3HXugFKW9+3PVE/WuRGwR+DYNE1t3bYoeysvVCayXE9penY7m4j1KrF
85m/xWsqN0j8HwGLZvdSJqrHQRSlGfR+Wowh6SMRdVLqoHpkNzT3miRTStaE
+Fp2vKaQazVyDUui/E2SeOQjdJJkHOw+c/ac18x0MVaDQdYFYi8zHWG3ERPx
tZ0eZpvDQYw8db6RMjSQsp7ys7+szic7qzpRdCjp7mG4OuC3jPSyW6Y1jX3Z
98GrNoYD1IK9t8+dPed18/Do9sjZ88jXA+47e3y8Lkx8jJM2c0H0jUE5sLeJ
rw2zcTrgtvJkFET9CMpSqIC43NaW1Y4g6wQeN3eau3encZQtLa2juelk4BlT
Qe5PUXkSSzZSq1zZ8WaG9F8me4tELyF+/yd7P9HtNynZK3muNXCSBx91nhDl
ZrOioiBF8laAdH3JUUwF0jZbYRdwUREQoiqwZrGI52tL2maemPyrHkhfmJHH
k3+7mdLFY3LmuAODBD3BRT9qsfRx1Cf56Fs9nZ4Y7DYdfd3g6YmBuLsD/Srq
d3d2qAaeGY6GFNPgOZ6iKfaWYV5r858zzEadp1hLECo8JfAV1rJhRWAsrlJj
mDq9bHB1aD/jgvq3GOaHybpvl5+b0NnK/6QPok7RNFWjBIbGPwrvCTxtF3wQ
Yv+iZ+SPU6Y88fFcMiQFeuRHiYh9Zo5Kou2vN2mAFseou+RmVrx7JF/yyL08
B/8UErpFMCzZMSr0y84plvi9UoAhjob5fYROcuLNLrqZBECikPOE/QXK62+Q
IPRzBYBiHOk557r4/DxPhNR2yOM28oJmJRiSOh2EewLuOiKhU9BH62Ng31Vc
6ruUIXSDvLyQm5B09Ck6BfLnEZs5YwTXfqmHlsuSSOoPJmj9nv9zarJ+bAK/
Te7fLpHo0dEKBqe6jUQVzs5dwDz26y97Fvs7A30BAA==

-->

</rfc>
