<?xml version="1.0" encoding="UTF-8"?>
  <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
  <!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.1.7) -->


<!DOCTYPE rfc  [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">

<!ENTITY RFC2119 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY RFC5234 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5234.xml">
<!ENTITY RFC8152 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8152.xml">
<!ENTITY RFC8174 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml">
<!ENTITY RFC8785 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8785.xml">
<!ENTITY RFC8259 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8259.xml">
<!ENTITY RFC8949 SYSTEM "https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8949.xml">
]>


<rfc ipr="trust200902" docName="draft-morrison-morning-brief-00" category="std" consensus="true">
  <front>
    <title abbrev="Morning Brief">The Morning Brief: A Federated, Identity-Attested Situational-Awareness Payload</title>

    <author fullname="Blake Morrison">
      <organization>Alter Meridian Pty Ltd</organization>
      <address>
        <email>blake@truealter.com</email>
      </address>
    </author>

    <date year="2026" month="July" day="06"/>

    
    
    

    <abstract>


<?line 60?>

<t>This document defines the Morning Brief: a federated,
identity-attested situational-awareness payload exchanged between
organisations, their agents, and peer agents operating under an
Identity Accord <xref target="ACCORD"></xref>.  A Morning Brief carries a signed,
bounded-lifetime summary of signals, escalations, decisions, and
optional commerce quotes from one <spanx style="verb">~handle</spanx> to another.  Every
signal entry carries a <spanx style="verb">provenance_class</spanx> distinguishing active
self-report, passive aggregate observation, and passive individual
observation; the last of these is forbidden on the wire and
rejected at the grammar level.  Readers present a capability token
scoped by <spanx style="verb">(category, provenance_class)</spanx> that gates release
BEFORE payload emission, not after.  The payload is envelope-signed
with COSE_Sign1 <xref target="RFC8152"></xref> over a JCS-canonicalised <xref target="RFC8785"></xref>
representation, bound to the issuer's Sovereign-tier handle per
<xref target="IDCOMMITS"></xref>.  Briefs carry a mandatory <spanx style="verb">not_after</spanx> (default 24h)
and reference a revocation endpoint discovered via DNS TXT per
<xref target="MCPDNS"></xref>.  The document defines the wire format only; rendering,
storage, and retention are out of scope.</t>



    </abstract>



  </front>

  <middle>


<?line 81?>

<section anchor="status-of-this-memo"><name>Status of This Memo</name>

<t>This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.</t>

<t>Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF).  Note that other groups may also distribute
working documents as Internet-Drafts.  The list of current
Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.</t>

<t>Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time.  It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."</t>

<t>This Internet-Draft will expire on November 28, 2026.</t>

</section>
<section anchor="copyright-notice"><name>Copyright Notice</name>

<t>Copyright (c) 2026 IETF Trust and the persons identified as the
document authors.  All rights reserved.</t>

<t>This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document.</t>

</section>
<section anchor="introduction"><name>Introduction</name>

<section anchor="problem-statement"><name>Problem Statement</name>

<t>Organisations and their agents routinely exchange bounded-horizon
situational-awareness payloads: what happened since the last
exchange, what is on fire, what decisions were taken, what is
open.  The daily "standup" is the human idiom for this exchange;
agent-to-agent protocols in deployment today reproduce the same
shape without a shared wire format.  Each implementer ships its
own JSON blob, its own authentication story, its own retention
assumptions, and its own implicit answer to the question of how
the signals inside the payload were obtained.</t>

<t>The absence of a shared wire format produces three operational
defects:</t>

<t><list style="symbols">
  <t><strong>No portable attestation.</strong>  A brief from one organisation to
another cannot be cryptographically bound to a specific issuer
handle without bespoke integration.  The receiver either trusts
the transport (TLS to a known endpoint) or implements a custom
signing scheme per counter-party.</t>
  <t><strong>No provenance discipline.</strong>  Signals in an ad-hoc brief are
flat strings.  The receiver cannot distinguish a statement the
subject actively made from an inference drawn from passive
telemetry.  This distinction is legally significant in
jurisdictions where inference of emotional or behavioural state
from workplace telemetry is prohibited (<xref target="EU-AI-ACT"></xref> Article
5(1)(d)).  A flat payload offers no hook for that gate.</t>
  <t><strong>No consent gate before release.</strong>  A receiver that wants a
subset of the brief today cannot signal that intent before the
sender composes the payload.  Consent is enforced post-hoc by
filtering on the receiver side, which assumes the prohibited
fields ever reach the wire.</t>
</list></t>

<t>This document specifies a wire format that addresses all three
defects: an envelope-signed payload bound to a Sovereign-tier
handle, a <spanx style="verb">provenance_class</spanx> field on every signal entry with a
grammar-level prohibition against passive-individual observations
traversing the wire, and a capability-token gate presented by the
receiver before payload emission.</t>

</section>
<section anchor="design-goals"><name>Design Goals</name>

<t><list style="numbers" type="1">
  <t><strong>Federated.</strong>  No central clearinghouse.  Issuer and reader
each resolve the other's handle via <xref target="MCPDNS"></xref>.</t>
  <t><strong>Identity-attested at the sovereign layer.</strong>  Envelope
signature is COSE_Sign1 <xref target="RFC8152"></xref> over a JCS-canonicalised
<xref target="RFC8785"></xref> payload, bound to the issuer's Sovereign-tier handle
per <xref target="IDCOMMITS"></xref>.</t>
  <t><strong>Provenance-typed at the grammar level.</strong>  Every signal
entry carries a <spanx style="verb">provenance_class</spanx>.  Passive-individual
observations MUST NOT appear on the wire; they are rejected
at parse time, not at policy time.</t>
  <t><strong>Consent-gated before release.</strong>  The reader presents a
capability token scoped by <spanx style="verb">(category, provenance_class)</spanx>.
The issuer filters the payload against that scope BEFORE
signing and transmission.</t>
  <t><strong>Bounded lifetime with published revocation.</strong>  Every brief
carries <spanx style="verb">not_after</spanx> (default 24h).  The issuer publishes a
revocation endpoint via DNS TXT per <xref target="MCPDNS"></xref>.  Readers MUST
honour both.</t>
  <t><strong>Protocol, not platform.</strong>  A separate conformance
specification (<xref target="ALTER-CONFORMANCE"></xref>, Apache-2.0) allows any
identity-attestation authority to implement this protocol
against its own substrate.  The wire format does not embed
any single authority's namespace.</t>
</list></t>

</section>
<section anchor="scope"><name>Scope</name>

<t>This document specifies:</t>

<t><list style="symbols">
  <t>The Morning Brief payload structure in CDDL-adjacent form and
an ABNF grammar for the canonical serialisation.</t>
  <t>The <spanx style="verb">provenance_class</spanx> taxonomy and the grammar-level rejection
of <spanx style="verb">passive-individual-local</spanx>.</t>
  <t>The capability-token consent-gate exchange.</t>
  <t>The COSE_Sign1 envelope binding to the issuer's Sovereign-tier
handle.</t>
  <t>The <spanx style="verb">not_after</spanx> default and the DNS-published revocation
endpoint lookup.</t>
  <t>Reader behaviour for accepting, rejecting, and surfacing
brief states.</t>
  <t>Media-type and IANA considerations for
<spanx style="verb">application/morning-brief+cbor</spanx> and <spanx style="verb">+json</spanx>.</t>
</list></t>

<t>This document does NOT specify:</t>

<t><list style="symbols">
  <t>UI rendering of briefs.  Rendering is an implementation
concern for consuming clients.</t>
  <t>Storage or retention of briefs by readers.  Retention is
governed by the reader's data-protection regime and the
issuer's <spanx style="verb">not_after</spanx> and revocation signal.</t>
  <t>The psychometric or behavioural inference layer that produces
signal payloads within an issuer organisation.  This document
treats signals as opaque strings with an attached
<spanx style="verb">provenance_class</spanx>.</t>
  <t>The <spanx style="verb">~handle</spanx> identity primitive, which is defined in <xref target="MCPDNS"></xref>
and incorporated by reference via <xref target="IDCOMMITS"></xref>.</t>
  <t>The inter-organisational handshake that establishes the
Accord relationship between issuer and reader.  This is
defined in <xref target="ACCORD"></xref>.</t>
</list></t>

</section>
</section>
<section anchor="terminology"><name>Terminology</name>

<section anchor="requirements-language"><name>Requirements Language</name>

<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted as described
in BCP 14 <xref target="RFC8174">RFC2119</xref> when, and only when, they appear in
all capitals, as shown here.</t>

</section>
<section anchor="definitions"><name>Definitions</name>

<dl>
  <dt>Morning Brief</dt>
  <dd>
    <t>A bounded-lifetime situational-awareness payload exchanged
between two handles under an Identity Accord <xref target="ACCORD"></xref>.  A
brief is a single unit of exchange, signed as a whole by the
issuer and addressed to a specific audience.</t>
  </dd>
  <dt>Issuer</dt>
  <dd>
    <t>The handle whose Sovereign-tier key signs the brief's COSE_Sign1
envelope.  The issuer is the <spanx style="verb">iss</spanx> field of the payload.</t>
  </dd>
  <dt>Reader</dt>
  <dd>
    <t>The handle named in the brief's <spanx style="verb">aud</spanx> field.  The reader is the
intended consumer.  A brief MAY be addressed to an agent handle,
an organisational handle, or a group, subject to the terms of
the underlying Accord.</t>
  </dd>
  <dt>Signal</dt>
  <dd>
    <t>A single bounded entry within the <spanx style="verb">signals</spanx> array of a brief.
A signal carries a <spanx style="verb">kind</spanx>, a <spanx style="verb">provenance_class</spanx>, a source
reference, a timestamp, and a body.</t>
  </dd>
  <dt>Provenance Class</dt>
  <dd>
    <t>A controlled-vocabulary tag on each signal indicating the class
of observation that produced it.  See Section 4.</t>
  </dd>
  <dt>Active Signal</dt>
  <dd>
    <t>A signal whose body was actively produced by its subject for the
purpose of being shared.  Examples: a typed decision, an
explicit status update, a scheduled commit.  <spanx style="verb">provenance_class
= "active"</spanx>.</t>
  </dd>
  <dt>Passive-Aggregate Signal</dt>
  <dd>
    <t>A signal whose body is a statistical aggregate over a population
of k &gt;= 1000 subjects, such that no individual is identifiable.
<spanx style="verb">provenance_class = "passive-aggregate"</spanx>.</t>
  </dd>
  <dt>Passive-Individual-Local Signal</dt>
  <dd>
    <t>An observation about a single individual derived from passive
telemetry (typing cadence, audio features, biometrics, presence
heuristics).  These observations MUST NOT leave the device on
which they are computed and MUST NOT appear on the Morning
Brief wire.  The token is defined in this document only to
specify the grammar-level prohibition.</t>
  </dd>
  <dt>Capability Token</dt>
  <dd>
    <t>A bearer token presented by the reader to the issuer's
brief endpoint, scoped by the cartesian product of
<spanx style="verb">(category, provenance_class)</spanx> pairs the reader is authorised
to receive.  The token is consumed by the issuer at composition
time, before signing.</t>
  </dd>
  <dt>Not-After</dt>
  <dd>
    <t>The UTC timestamp after which a brief MUST NOT be relied upon.
Default 24 hours from issuance.</t>
  </dd>
  <dt>Revocation Endpoint</dt>
  <dd>
    <t>A URI published by the issuer via DNS TXT per <xref target="MCPDNS"></xref> that
returns the revocation status of a brief identified by its
envelope identifier.</t>
  </dd>
  <dt>Conformant Verifier</dt>
  <dd>
    <t>A consumer of Morning Briefs that implements the parsing,
consent-gate enforcement, provenance rejection, and signature
verification rules defined in Section 8.</t>
  </dd>
</dl>

</section>
</section>
<section anchor="payload-structure"><name>Payload Structure</name>

<section anchor="abstract-schema"><name>Abstract Schema</name>

<t>A Morning Brief is a map with the following top-level fields.  In
the canonical CBOR serialisation, fields are encoded with integer
keys; the JSON debug serialisation uses the string labels below.</t>

<t>```
MorningBrief = {
  v               : uint,                    ; protocol version, = 1
  iss             : handle,                  ; issuer Sovereign handle
  aud             : handle / array of handle, ; intended reader(s)
  iat             : time,                    ; issuance timestamp
  not_after       : time,                    ; expiry timestamp
  accord          : [+ accord-ref],          ; accord binding (&gt;=1 entry)
  summary         : tstr,                    ; human-readable precis
  signals         : [* signal],              ; zero or more signals
  escalations     : [* escalation],          ; zero or more escalations
  x402            : ? commerce-quote,        ; optional commerce quote
  consent_gate    : gate-descriptor,         ; scope actually released
  revocation      : uri,                     ; revocation endpoint
}</t>

<t>signal = {
  id              : tstr,                    ; issuer-unique signal id
  kind            : "decision" / "contact" / "commit" /
                    "escalation" / "draft" / "other",
  provenance_class: "active" / "passive-aggregate",
                                             ; passive-individual-local
                                             ; is FORBIDDEN
  source          : uri,
  ts              : time,
  body            : tstr,
  attest          : ? COSE_Sign1_structure,  ; optional per-signal
                                             ; attestation
}</t>

<t>escalation = {
  sev             : "critical" / "high" / "medium",
  ref             : uri,
  sla             : ? duration,
}</t>

<t>commerce-quote = {
  quote_uri       : uri,
  price           : decimal,
  currency        : tstr,                    ; e.g. "USDC"
  ttl             : duration,
}</t>

<t>gate-descriptor = {
  scope           : [+ (category, provenance_class)],
  token_endpoint  : uri,
}</t>

<t>accord-ref = {
  peer            : handle,
  accord_id       : uri,                     ; reference to Accord record
}
```</t>

<t>The handle type is a <spanx style="verb">~</spanx>-prefixed identifier per <xref target="IDCOMMITS"></xref>.</t>

</section>
<section anchor="abnf-grammar-for-canonical-serialisation"><name>ABNF Grammar for Canonical Serialisation</name>

<t>The CBOR serialisation is canonical for transmission.  The JSON
serialisation is permitted for debugging, human-readable logs, and
test vectors.  Both serialisations MUST preserve the same field
set and the same type discipline.</t>

<t>The following ABNF <xref target="RFC5234"></xref> defines the lexical grammar of the
JSON debug serialisation.  The CBOR canonical form is governed by
the schema above.</t>

<t><spanx style="verb">
brief            = "{" brief-members "}"
brief-members    = pair *( "," pair )
pair             = quoted-key ":" value
quoted-key       = %x22 key-name %x22
key-name         = "v" / "iss" / "aud" / "iat" / "not_after" /
                   "accord" / "summary" / "signals" /
                   "escalations" / "x402" / "consent_gate" /
                   "revocation"
provenance-value = %x22 "active" %x22 /
                   %x22 "passive-aggregate" %x22
                   ; passive-individual-local is syntactically absent
                   ; from this rule by design; see Section 4.3.
</spanx></t>

<t>A parser that encounters the literal string
<spanx style="verb">"passive-individual-local"</spanx> as the value of any
<spanx style="verb">provenance_class</spanx> field MUST reject the entire brief as
malformed and MUST NOT process any of its contents.  This is a
grammar-level rejection, not a policy filter.</t>

</section>
</section>
<section anchor="provenance-classes-normative"><name>Provenance Classes (Normative)</name>

<section anchor="active"><name>Active</name>

<t>An <spanx style="verb">active</spanx> signal is one whose body was produced by the subject
for the explicit purpose of being shared through this channel.
Examples include typed decisions, explicit status updates, and
commits authored with clear attribution <xref target="IDCOMMITS"></xref>.  Active
signals are the default expected class for brief contents.</t>

</section>
<section anchor="passive-aggregate"><name>Passive-Aggregate</name>

<t>A <spanx style="verb">passive-aggregate</spanx> signal is a statistical summary computed
over a population of at least 1000 subjects, such that no
individual subject is identifiable from the aggregate.
Implementations MUST enforce the k &gt;= 1000 threshold at
aggregation time and MUST NOT emit an aggregate with a smaller
cohort.  Aggregates over cohorts smaller than this threshold are
categorically passive-individual observations and are prohibited
on the wire per Section 4.3.</t>

</section>
<section anchor="passive-individual-local-forbidden-on-the-wire"><name>Passive-Individual-Local (Forbidden on the Wire)</name>

<t>A passive-individual-local observation is an inference about a
single subject derived from passive telemetry such as typing
cadence, audio features, biometric signals, engagement heat maps,
or presence heuristics.  Such observations MUST remain on the
device that computed them and MUST NOT appear on the Morning
Brief wire under any encoding, any field, or any extension.</t>

<t>The grammar of Section 3.2 omits the <spanx style="verb">passive-individual-local</spanx>
token from the <spanx style="verb">provenance-value</spanx> rule precisely so that a
conformant parser treats its appearance as a structural
violation.  An issuer that transmits a brief containing such a
value has produced a malformed brief; a reader that accepts such
a brief has violated this specification.</t>

<t>The rationale for grammar-level exclusion rather than policy-level
filtering is that emotion-adjacent inference from passive
workplace telemetry is categorically prohibited by <xref target="EU-AI-ACT"></xref>
Article 5(1)(d) in workplace and education contexts.  A
policy-level filter is an implementation detail that can fail
silently; a grammar-level exclusion is a machine-checkable
invariant that cannot.</t>

</section>
</section>
<section anchor="envelope-and-signing"><name>Envelope and Signing</name>

<section anchor="canonicalisation"><name>Canonicalisation</name>

<t>The payload is canonicalised using JCS <xref target="RFC8785"></xref> prior to
signing.  JCS produces a deterministic byte sequence from a JSON
document regardless of key ordering or whitespace, enabling the
issuer and reader to agree on the exact bytes covered by the
signature.</t>

<t>When the canonical CBOR serialisation is in use, the same
deterministic ordering MUST be applied to the map keys before
the signature is computed, using the CBOR canonical-form rules
of <xref target="RFC8949"></xref> Section 4.2.</t>

</section>
<section anchor="envelope-signature"><name>Envelope Signature</name>

<t>The signed envelope is a COSE_Sign1 structure <xref target="RFC8152"></xref> with the
following parameters:</t>

<t><list style="symbols">
  <t><spanx style="verb">alg</spanx>: EdDSA (Ed25519) per <xref target="IDCOMMITS"></xref> Section 5.</t>
  <t><spanx style="verb">kid</spanx>: the issuer's <spanx style="verb">Identity-Key-Id</spanx> value per <xref target="IDCOMMITS"></xref>
Section 4.1.</t>
  <t>Payload: the JCS-canonicalised brief payload.</t>
</list></t>

<t>The signing key is the issuer's Sovereign-tier signing key, the
same key bound to the issuer's <spanx style="verb">~handle</spanx> by the DNS-published
record per <xref target="MCPDNS"></xref> and <xref target="IDCOMMITS"></xref>.  Brief signing and commit
signing are governed by the same key-custody discipline; key
compromise affects both surfaces identically.</t>

</section>
<section anchor="verification"><name>Verification</name>

<t>A reader verifies a brief by:</t>

<t><list style="numbers" type="1">
  <t>Resolving the issuer's public key via <xref target="MCPDNS"></xref> using the
<spanx style="verb">kid</spanx> named in the COSE_Sign1 headers.</t>
  <t>Recomputing the canonical serialisation of the payload.</t>
  <t>Verifying the Ed25519 signature against the recomputed bytes.</t>
  <t>Checking that <spanx style="verb">iat &lt;= now &lt;= not_after</spanx>.</t>
  <t>Querying the revocation endpoint (Section 7) if policy
requires revocation freshness.</t>
</list></t>

</section>
</section>
<section anchor="consent-gate-normative"><name>Consent Gate (Normative)</name>

<section anchor="ordering-rule"><name>Ordering Rule</name>

<t>The consent gate MUST be enforced BEFORE the issuer composes or
signs the brief payload.  This ordering is normative: a gate
applied after payload composition requires the issuer to produce
the full superset payload in memory, from which a filter removes
fields the reader is not authorised to see.  In the event of a
filter defect, the full superset is a leak candidate.  The
gate-before-release rule removes the unauthorised fields from the
compositional step; they are never produced.</t>

</section>
<section anchor="capability-token"><name>Capability Token</name>

<t>The reader presents a capability token to the issuer's brief
endpoint prior to payload emission.  The token scope is a set of
<spanx style="verb">(category, provenance_class)</spanx> pairs that the issuer is
authorised to release to this reader in this request.  The
issuer consumes the scope at composition time; fields outside
the authorised scope MUST NOT appear in the resulting payload.</t>

<t>The <spanx style="verb">consent_gate</spanx> field in the emitted brief echoes the scope
actually honoured, so that the reader can detect drift between
the scope it requested and the scope the issuer applied.</t>

<t>Token issuance, rotation, and revocation are governed by the
Accord relationship established under <xref target="ACCORD"></xref> and are out of
scope for this document.</t>

</section>
</section>
<section anchor="lifetime-and-revocation"><name>Lifetime and Revocation</name>

<section anchor="notafter-default"><name><spanx style="verb">not_after</spanx> Default</name>

<t>Every brief MUST carry a <spanx style="verb">not_after</spanx> field.  The default value is
24 hours after <spanx style="verb">iat</spanx>.  The rationale for a bounded lifetime is
twofold:</t>

<t><list style="symbols">
  <t><strong>Freshness.</strong>  Situational awareness loses value quickly.  A
brief older than a day is of archaeological interest, not
operational interest.</t>
  <t><strong>Liability bound.</strong>  An issuer who accidentally emits a
brief with a sensitive signal has a bounded exposure window.
A 24-hour ceiling prevents indefinite replay.</t>
</list></t>

<t>Issuers MAY specify a shorter <spanx style="verb">not_after</spanx> for higher-sensitivity
contexts.  Issuers SHOULD NOT specify a longer <spanx style="verb">not_after</spanx>;
readers MAY reject briefs with <spanx style="verb">not_after - iat &gt; 24h</spanx>.</t>

</section>
<section anchor="revocation-endpoint"><name>Revocation Endpoint</name>

<t>The issuer publishes a revocation endpoint URI via a DNS TXT
record under the issuer's policy zone per <xref target="MCPDNS"></xref>.  The record
is keyed by <spanx style="verb">_alter-brief-revocation</spanx> underscore-prefixed label.
The endpoint accepts the brief's envelope identifier and returns
a boolean revocation status with a short cache lifetime.</t>

<t>Readers processing a brief for a decision with material
consequence SHOULD query the revocation endpoint even when
<spanx style="verb">not_after</spanx> is in the future.  Readers MAY cache revocation
responses for the interval indicated by the endpoint's response
headers, but MUST NOT cache beyond the brief's <spanx style="verb">not_after</spanx>.</t>

</section>
</section>
<section anchor="reader-behaviour-normative"><name>Reader Behaviour (Normative)</name>

<t>A conformant reader MUST perform the following steps in order for
each received brief:</t>

<t><list style="numbers" type="1">
  <t><strong>Parse the outer COSE_Sign1 structure.</strong>  A reader that
cannot parse the envelope MUST reject the brief.</t>
  <t><strong>Resolve the issuer key and verify the signature.</strong>  The
reader resolves the issuer's public key via <xref target="MCPDNS"></xref> and
verifies the Ed25519 signature over the canonicalised payload.
Signature failure is a terminal rejection.</t>
  <t><strong>Enforce grammar-level provenance rejection.</strong>  The reader
scans the parsed payload for any occurrence of
<spanx style="verb">passive-individual-local</spanx> as a provenance value.  Its
presence anywhere in the brief is a terminal rejection; the
reader MUST discard the brief and SHOULD log the violation
against the issuer handle.</t>
  <t><strong>Check lifetime bounds.</strong>  The reader MUST verify
<spanx style="verb">iat &lt;= now &lt;= not_after</spanx>.  Out-of-bounds briefs are rejected.</t>
  <t><strong>Check revocation, if policy requires.</strong>  The reader queries
the revocation endpoint per Section 7.2.  Revoked briefs are
rejected.</t>
  <t><strong>Check consent-gate scope echo.</strong>  The reader compares the
brief's <spanx style="verb">consent_gate.scope</spanx> to the scope it presented in its
capability token.  A mismatch is not necessarily a rejection
(the issuer may lawfully narrow the scope), but a widening is
a conformance violation and MUST be rejected.</t>
  <t><strong>Verify per-signal attestations, if present.</strong>  Signals MAY
carry their own <spanx style="verb">attest</spanx> COSE_Sign1 structure.  If present,
the reader verifies each per the same key-resolution path.</t>
</list></t>

<t>A conformant reader SHOULD distinguish four brief states in any
user-facing surface:</t>

<t><list style="symbols">
  <t><spanx style="verb">verified-fresh</spanx> - envelope signature valid, lifetime in bounds,
revocation check passed.</t>
  <t><spanx style="verb">verified-expired</spanx> - signature valid but <spanx style="verb">not_after</spanx> in the past.</t>
  <t><spanx style="verb">unverified</spanx> - signature failed or key could not be resolved.</t>
  <t><spanx style="verb">revoked</spanx> - revocation endpoint indicated the brief was revoked.</t>
</list></t>

<t>Conflating these states is a security defect.</t>

</section>
<section anchor="media-types"><name>Media Types</name>

<t>This document defines two media types:</t>

<t><list style="symbols">
  <t><spanx style="verb">application/morning-brief+cbor</spanx> - the canonical CBOR
serialisation.  This is the on-wire format.</t>
  <t><spanx style="verb">application/morning-brief+json</spanx> - the JSON debug serialisation.
Intended for test vectors, logs, and development tooling.</t>
</list></t>

<t>Deployments SHOULD default to the CBOR form for production
exchanges.  The JSON form is for human-readable contexts where
wire efficiency is not a concern.</t>

</section>
<section anchor="security-considerations"><name>Security Considerations</name>

<section anchor="emotion-adjacent-inference-and-eu-ai-act-article-51d"><name>Emotion-Adjacent Inference and EU AI Act Article 5(1)(d)</name>

<t><xref target="EU-AI-ACT"></xref> Article 5(1)(d) categorically prohibits the placing
on the market of AI systems that infer emotions of a natural
person in the workplace or in education institutions.  A naive
situational-awareness payload that includes inferred emotional or
engagement state from passive telemetry is a direct breach if
used in org- or education-facing flows.</t>

<t>This specification pre-empts such breaches at the grammar layer.
The <spanx style="verb">provenance_class</spanx> vocabulary deliberately excludes
<spanx style="verb">passive-individual-local</spanx> from the wire; the ABNF of Section 3.2
renders the forbidden value syntactically unreachable; and the
reader-behaviour rule of Section 8 step 3 requires terminal
rejection of any brief in which the forbidden value appears.</t>

<t>Implementers cannot make this specification Article 5(1)(d)
compliant by adding a filter; the filter is the grammar itself.
An implementation that routes passive-individual signals to the
wire by encoding them under <spanx style="verb">active</spanx> or <spanx style="verb">passive-aggregate</spanx>
labels has produced a non-conformant brief and is separately
liable under the Article 5(1)(d) regime.</t>

</section>
<section anchor="consent-gate-ordering"><name>Consent-Gate Ordering</name>

<t>The gate-before-release ordering of Section 6.1 is
normative.  A gate applied post-composition is a different
specification and MUST NOT be referred to as conforming to this
document.  Readers SHOULD treat any issuer that advertises
post-composition gating as out of conformance and SHOULD refuse
exchanges with such an issuer.</t>

</section>
<section anchor="revocation-and-notafter"><name>Revocation and <spanx style="verb">not_after</spanx></name>

<t>A brief's signed payload is replayable for as long as the
signature verifies mathematically.  The <spanx style="verb">not_after</spanx> field
provides a hard upper bound on acceptance, defaulting to 24
hours to limit the exposure of any single brief to at most one
operational day.  The DNS-published revocation endpoint allows
the issuer to shorten that window in response to mis-issuance
or leak detection.</t>

<t>Readers performing material actions on the basis of a brief
SHOULD NOT rely on <spanx style="verb">not_after</spanx> alone when the action is
sensitive; they SHOULD additionally check revocation.  Readers
performing routine display SHOULD rely on cached revocation up
to the cache lifetime indicated by the endpoint's response.</t>

</section>
<section anchor="essential-facility-and-antitrust-posture"><name>Essential-Facility and Antitrust Posture</name>

<t>A specification that requires issuers to use a single
attestation authority to produce trusted briefs creates an
essential-facility problem.  If the specification is "open" in
the sense of publicly readable but its operation requires
accounts at a particular provider, competition regulators treat
the resulting lock-in as anticompetitive.</t>

<t>This document is deliberately protocol-not-platform.  The
envelope is COSE_Sign1 <xref target="RFC8152"></xref>; the canonicalisation is JCS
<xref target="RFC8785"></xref>; the key discovery is DNS-based per <xref target="MCPDNS"></xref>.  None of
these depends on any specific attestation authority.  To make
this posture operationally real, a separate conformance
specification <xref target="ALTER-CONFORMANCE"></xref> is published under Apache-2.0
and tracked in the issuer's public standards repository.  Any
attestation authority or identity substrate may implement against
that conformance specification and produce briefs that readers
of this protocol accept without special integration.</t>

<t>Implementers who encounter a deployment that requires a specific
attestation authority to produce or verify briefs SHOULD treat
that requirement as a conformance defect and escalate it through
standards-body channels.</t>

</section>
<section anchor="key-compromise"><name>Key Compromise</name>

<t>A compromised Sovereign signing key enables an attacker to mint
briefs purporting to come from the compromised issuer.
Mitigations are inherited from <xref target="IDCOMMITS"></xref> Section 9.1: key
rotation under a new <spanx style="verb">kid</spanx>, historical key retention for
retrospective verification, and compromise-vs-hygiene distinction
in the rotation metadata.  Readers encountering a
compromise-rotated key SHOULD treat briefs signed by that key as
suspect even when the signature validates.</t>

</section>
<section anchor="passive-aggregate-threshold-attacks"><name>Passive-Aggregate Threshold Attacks</name>

<t>The k &gt;= 1000 threshold for <spanx style="verb">passive-aggregate</spanx> signals is a
privacy floor, not a privacy ceiling.  An attacker with
auxiliary information may still re-identify individuals within
an aggregate of 1000 subjects if the aggregate is sufficiently
high-dimensional.  Implementations producing aggregates for
emission SHOULD apply standard statistical-disclosure-control
techniques (noise injection, cell suppression, top-coding) in
addition to the threshold.  This specification defines the
minimum acceptable cohort size; it does not define the maximum
acceptable disclosure risk.</t>

</section>
<section anchor="capability-token-binding"><name>Capability-Token Binding</name>

<t>A capability token presented by a reader MUST be bound to the
reader's Sovereign handle under the Accord relationship
<xref target="ACCORD"></xref>.  A bearer token with no binding to a specific reader
is a replay vector and MUST NOT be accepted by conformant
issuers.</t>

</section>
<section anchor="dns-dependencies"><name>DNS Dependencies</name>

<t>Brief verification depends on DNS resolution for issuer key
discovery and for revocation-endpoint lookup.  Mitigations for
DNS poisoning are as described in <xref target="IDCOMMITS"></xref> Section 9.3:
DNSSEC requirement where available, TLS-terminated
<spanx style="verb">.well-known</spanx> fallback, and independent transparency-log
anchoring where a log is deployed.</t>

</section>
</section>
<section anchor="iana-considerations"><name>IANA Considerations</name>

<section anchor="media-type-registrations"><name>Media Type Registrations</name>

<t>This document requests registration of the following media
types in the "Media Types" registry.</t>

<section anchor="applicationmorning-briefcbor"><name>application/morning-brief+cbor</name>

<t><list style="symbols">
  <t>Type name: application</t>
  <t>Subtype name: morning-brief+cbor</t>
  <t>Required parameters: none</t>
  <t>Optional parameters: none</t>
  <t>Encoding considerations: binary</t>
  <t>Security considerations: see Section 11 of this document.</t>
  <t>Interoperability considerations: CBOR canonical form per
<xref target="RFC8949"></xref> Section 4.2 is required.</t>
  <t>Published specification: this document.</t>
  <t>Applications that use this media type: agent-to-agent and
organisation-to-organisation situational-awareness exchange.</t>
  <t>Fragment identifier considerations: none.</t>
  <t>Additional information:
  <list style="symbols">
      <t>Deprecated alias names for this type: none.</t>
      <t>Magic number(s): none.</t>
      <t>File extension(s): .cbor-brief</t>
      <t>Macintosh file type code(s): none.</t>
    </list></t>
  <t>Intended usage: COMMON</t>
  <t>Restrictions on usage: none.</t>
  <t>Author: Blake Morrison.</t>
  <t>Change controller: IETF.</t>
</list></t>

</section>
<section anchor="applicationmorning-briefjson"><name>application/morning-brief+json</name>

<t><list style="symbols">
  <t>Type name: application</t>
  <t>Subtype name: morning-brief+json</t>
  <t>Required parameters: none</t>
  <t>Optional parameters: charset (UTF-8 is the only permitted
value).</t>
  <t>Encoding considerations: 8bit; UTF-8 only.</t>
  <t>Security considerations: see Section 11 of this document.
Note that the JSON debug form is not intended for production
exchange.</t>
  <t>Interoperability considerations: JCS <xref target="RFC8785"></xref> canonical form
is required when the payload is to be signed.</t>
  <t>Published specification: this document.</t>
  <t>Applications that use this media type: development and
debugging tools for the Morning Brief exchange.</t>
  <t>Fragment identifier considerations: per <xref target="RFC8259"></xref>.</t>
  <t>File extension(s): .json-brief</t>
  <t>Intended usage: COMMON</t>
  <t>Restrictions on usage: SHOULD NOT be used on production
exchanges; CBOR form is preferred.</t>
  <t>Author: Blake Morrison.</t>
  <t>Change controller: IETF.</t>
</list></t>

</section>
</section>
<section anchor="dns-underscore-label"><name>DNS Underscore Label</name>

<t>This document uses the underscore-prefixed DNS label
<spanx style="verb">_alter-brief-revocation</spanx>.  Registration of this label in any
applicable DNS scoped-label registry is requested, pending
registry establishment.</t>

</section>
<section anchor="provenance-class-vocabulary-registry"><name>Provenance-Class Vocabulary Registry</name>

<t>This document requests establishment of a "Morning Brief
Provenance Classes" registry with initial entries:</t>

<t><list style="symbols">
  <t><spanx style="verb">active</spanx> - see Section 4.1.</t>
  <t><spanx style="verb">passive-aggregate</spanx> - see Section 4.2.</t>
</list></t>

<t>The <spanx style="verb">passive-individual-local</spanx> token is intentionally NOT
registered.  Its non-registration is the normative expression of
its prohibition on the wire.  Future additions to this registry
MUST NOT register any token whose semantics would permit
single-subject passive inference to cross the wire.</t>

<t>The registration policy is Standards Action per BCP 26.</t>

</section>
<section anchor="no-other-iana-actions"><name>No Other IANA Actions</name>

<t>This document requests no other IANA actions.</t>

</section>
</section>
<section anchor="relationship-to-existing-drafts"><name>Relationship to Existing Drafts</name>

<t>The Morning Brief is a sibling, not a dependency, of the other
drafts in the ALTER identity-protocol stack.</t>

<texttable>
      <ttcol align='left'>Draft</ttcol>
      <ttcol align='left'>Layer</ttcol>
      <ttcol align='left'>Relationship to this document</ttcol>
      <c>draft-morrison-mcp-dns-discovery</c>
      <c>L1: transport discovery</c>
      <c>Informative.  This document uses DNS TXT discovery for key and revocation.</c>
      <c>draft-morrison-identity-pronouns</c>
      <c>L1: handle grammar</c>
      <c>Informative via <xref target="IDCOMMITS"></xref>.</c>
      <c><xref target="IDCOMMITS"></xref></c>
      <c>L2: atomic attestation</c>
      <c>Normative.  This document inherits key custody and signature rules.</c>
      <c><xref target="ACCORD"></xref></c>
      <c>L2: inter-org handshake</c>
      <c>Normative.  Briefs are exchanged under an existing Accord.</c>
      <c>draft-morrison-morning-brief (this)</c>
      <c>L3: periodic payload exchange</c>
      <c>N/A.</c>
</texttable>

<t>The Morning Brief is the first "dynamic payload" draft in the
stack.  The earlier drafts define how a handle is known; this
document defines what a handle shares while being known.</t>

</section>
<section anchor="acknowledgments"><name>Acknowledgments</name>

<t>The author thanks the founding circle of Alter Meridian Pty Ltd
for adversarial review of the consent-gate ordering rule and the
grammar-level provenance rejection.  The <spanx style="verb">passive-individual-local</spanx>
prohibition on the wire is motivated by the compute-location
provenance gate articulated in Section 5; the rationale is
restated in this document at the level required for protocol
implementation.  Additional contributors will be named at review
time following the first round-trip exchange of briefs under an
Identity Accord.</t>

</section>
<section anchor="references"><name>References</name>

<section anchor="normative-references"><name>Normative References</name>

<t><xref target="RFC2119"></xref>  Bradner, S., "Key words for use in RFCs to Indicate
           Requirement Levels", BCP 14, RFC 2119, March 1997.</t>

<t><xref target="RFC5234"></xref>  Crocker, D. and P. Overell, "Augmented BNF for Syntax
           Specifications: ABNF", STD 68, RFC 5234, January 2008.</t>

<t><xref target="RFC8152"></xref>  Schaad, J., "CBOR Object Signing and Encryption
           (COSE)", RFC 8152, July 2017.</t>

<t><xref target="RFC8174"></xref>  Leiba, B., "Ambiguity of Uppercase vs Lowercase in
           RFC 2119 Key Words", BCP 14, RFC 8174, May 2017.</t>

<t><xref target="RFC8785"></xref>  Rundgren, A., et al., "JSON Canonicalization Scheme
           (JCS)", RFC 8785, June 2020.</t>

<t><xref target="ACCORD"></xref>   Morrison, B., "The Identity Accord: An
           Inter-Organisational Handshake Protocol",
           draft-morrison-identity-accord, work in progress.</t>

<t><xref target="IDCOMMITS"></xref> Morrison, B., "Identity-Attributed Git Commits via
           Tier-Structured Trailers",
           draft-morrison-identity-attributed-commits, work in
           progress.</t>

</section>
<section anchor="informative-references"><name>Informative References</name>

<t><xref target="RFC8259"></xref>  Bray, T., Ed., "The JavaScript Object Notation (JSON)
           Data Interchange Format", STD 90, RFC 8259, December
           2017.</t>

<t><xref target="RFC8949"></xref>  Bormann, C. and P. Hoffman, "Concise Binary Object
           Representation (CBOR)", STD 94, RFC 8949, December
           2020.</t>

<t><xref target="MCPDNS"></xref>   Morrison, B., "Discovery of Model Context Protocol
           Servers via DNS TXT Records",
           draft-morrison-mcp-dns-discovery, work in progress.</t>

<t><xref target="EU-AI-ACT"></xref> European Parliament and Council of the European
           Union, "Regulation (EU) 2024/1689 laying down
           harmonised rules on artificial intelligence
           (Artificial Intelligence Act)", 2024.</t>

<t><xref target="ALTER-CONFORMANCE"></xref> Morrison, B., "Morning Brief Conformance
                    Specification (Apache-2.0)",
                    https://truealter.com/standards/morning-brief-conformance,
                    2026.</t>

</section>
</section>
<section anchor="authors-address"><name>Author's Address</name>

<t>Blake Morrison
Alter Meridian Pty Ltd</t>

<t>Email: blake@truealter.com
URI: https://truealter.com</t>

</section>


  </middle>

  <back>


<references title='References' anchor="sec-combined-references">

    <references title='Normative References' anchor="sec-normative-references">

&RFC2119;
&RFC5234;
&RFC8152;
&RFC8174;
&RFC8785;
<reference anchor="ACCORD" target="https://datatracker.ietf.org/doc/draft-morrison-identity-accord/">
  <front>
    <title>The Identity Accord: An Inter-Organisational Handshake Protocol</title>
    <author fullname="Blake Morrison">
      <organization>Alter Meridian Pty Ltd</organization>
    </author>
    <date year="2026"/>
  </front>
</reference>
<reference anchor="IDCOMMITS" target="https://datatracker.ietf.org/doc/draft-morrison-identity-attributed-commits/">
  <front>
    <title>Identity-Attributed Git Commits via Tier-Structured Trailers</title>
    <author fullname="Blake Morrison">
      <organization>Alter Meridian Pty Ltd</organization>
    </author>
    <date year="2026"/>
  </front>
</reference>


    </references>

    <references title='Informative References' anchor="sec-informative-references">

&RFC8259;
&RFC8949;
<reference anchor="MCPDNS" target="https://datatracker.ietf.org/doc/draft-morrison-mcp-dns-discovery/">
  <front>
    <title>Discovery of Model Context Protocol Servers via DNS TXT Records</title>
    <author fullname="Blake Morrison">
      <organization>Alter Meridian Pty Ltd</organization>
    </author>
    <date year="2026"/>
  </front>
</reference>
<reference anchor="EU-AI-ACT" target="https://eur-lex.europa.eu/eli/reg/2024/1689/oj">
  <front>
    <title>Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act)</title>
    <author >
      <organization>European Parliament and Council of the European Union</organization>
    </author>
    <date year="2024"/>
  </front>
</reference>
<reference anchor="ALTER-CONFORMANCE" target="https://truealter.com/standards/morning-brief-conformance">
  <front>
    <title>Morning Brief Conformance Specification (Apache-2.0)</title>
    <author fullname="Blake Morrison">
      <organization>Alter Meridian Pty Ltd</organization>
    </author>
    <date year="2026"/>
  </front>
</reference>


    </references>

</references>



  </back>

<!-- ##markdown-source:
H4sIAAAAAAAAA819e3PbyLXn//0pujS1FWlC0LbGM2PLm+TSspxo4teV5GS3
plxDkABFxCDAAKBk5ubez77nd87pB0DS9mR3q66rkqHIRj9On/cLSZKYrujK
/Mwe3Sxz+7puqqK6tc+bIl+c2Yl9mWd5k3Z5NrKXWV7R2G0y6bq8pa/sddFt
0q6oq7RMJvdpk1d529p36bas0+zIpLNZk9/RzL1Zj0xWz6t0RUtmTbroklXd
NEVbV/iAYckMw5KHD01GC5/Z04enPyQPf0we/mDm9MVt3WzPbNtlplg3Z7Zr
Nm13+vDh04enxqSbblk3Z8bahP5n7WJTlrLU8zL9yMfjpfjHurlNq+IffAA6
atnljX2dN0VWpJV9123tK1oDA/NVWpRndoYp/o3Wy1OMHc/rlTFV3axohrsc
i169PD999Oipfvz+9LvH+vHJo+9P/ccf/bc/PvkeHyfn52+vXpzxWvFlOIDb
yXxeNxntsbKXFS2dvOWttwp7+6e0ytolDviuqbt6XpdHPFkAxxeB8SvA0aXN
bd6d2WXXrduzBw/oltKuSecfCSZF3i3GNNMDuuMHg+stHP6kfJwHPFm4Yvrz
8sX529evL2+u+7CIEa8pZhug3h+Lzp7Xq1XRtfauSO1NQWC5psuZd5uGfr9p
6M7ypv3vDQh/nmQuZ9kBiimqxQDFnpx+71DsydPH/PH1+bsXbwZQe1G08/ou
b7a2XtARs7wkgBH2fOo8ltjrvKERAkGawN78rxt7leN2/lsCbjVfJ1nVJpk7
2h4cunifTC6TyflNHxpX+e2m5J3Z44v3Jxj9+MGjH548tWW6BW/K6vvKLtNm
VRNhEQI1mzJvLQ1Pm65YFPOC6Kwg8JVlcZtX89weT8IPl/EPk3l3sg96dKgz
e7Fp6nUOeKRNWRAsq84S9dLVbKp5UeKuOiJ9P+x9VSh8h0DLN01S5p/GOYam
9J8HeVk8aPLbB/5sD+q/9QH0GNzm1c3FVXL+9s3Lt1evJ2/OL/qA6vFqYAyj
H851vc7nOLBCcbJO58s8OR0/3Hva/1e40rvcXSj02PGDtiNYpoS9D/qyZB6O
YUySJDadtUC4zpibZdHS5c83fBVZvihIiPEdDGRhahdeFpqYhEUWtpEsTL0s
XIsstPmn+TKtbmncLO/u87wydcTC2xEWLBqbEgZ19BcwYp3n7gtLuEALYzOb
KsPXlRkIB/uzSJEPY7rh/tbtPCXQ06FS2uRthe3PasyTJWWxyLtildt2s1ql
wiowJi1pE3k7T0u3v4zuvpWPtDlTr1X0gG/lDWHH3zc1QcIumnpFVJPb6X/R
gbMyn9qupkdqOmBDe7sA2RpZw9IJaM2wvem6IbKucE2/zMu0baeWSB3n3hTt
EgeiKyNGaNq8XCRNvq6bbkQwblv6kmB1S9hP92PrWUuMjbeusNQhRZUVd0W2
SUsTjXnG103rdUp+LY2ko9TNrMgIzOACGHFfNDmfvsn/ls9x6WnHP9w2KcBn
y/wuL+mQV3maga2uG5oKBE5nXKezosR9dfVHun5iYGtgw9ZOj51WQ0cZnP+E
oLekRXCq1jZ5madtbp5fEOleBNxaFW3LRyUoW2KYDGgoEG4EHSavaGu0ZCIo
YO6LbmnP315f/HJNXzyyP6uW8sGCsdKOfzq/TuZ0bxURfMkc8WdVWT7Q+fVk
CmJGJ9wzgEGb2eTNb1p7jZlymj3pSDhbQQdC68b87AU90JWRtGU02NLCK5Bw
R+CwUzrPL3yeqT0mykw3ZWdPHy9PDO60yRc0PRhTSp/vauVLeZWt6wKkrEKC
dh6LN15f5OUHBdNe6ufLFtFL919un9EioD3CwpFpaX9EmoJcTd6BFFlUEO5t
GIv4fsfCbFaERSUxnm/sNUFs0+J3Zjuv81WtHIj1uirvkhcQebixdjMjjQBY
VlTMTW3ExSzfH+3TAGWEMjHt8/N39scnvC3++JS20J+65V3e181HkXpy9NYJ
HjfYXlS3BAs+r7lJ24/2ZQ0yP768uHl5QoB7Q+QuyMmkTTRQb9Yt3R7dYdnW
TLii3JjdxdLhgVu9CsI0Bt980xC4u529E1xoxc/rDTzygc7w4AAAeFS0oztC
8gz3zRj4qVhtVsIMPxnSCLplyzDF6Wa53awzMYmIEMp0jk/0IHGUusw7oWoB
ip/fpBDzRPzEbOmol3zDRZWu6frWTQGmReSzafMhXAhUJmA6ISPdCHFOWo7G
zwu+g3yly9F1VIDtESAOtKHZiSe27fhoP5rdF4RW+ac1cJ3w9w3Ry2pGE50+
GbHIHQNpz+v1tilulx3uvIAEDd8cz1mV+sECLUjpJluMAQVUIkprgZYiKxcF
+CXTlvEEJyoDLn9CG+EpwebAmfNsPBTOQhRgvTh8hOqMuH4DxHpekRwozbtA
Gld5KfKTHuSRL/zNHEeqBEnyPGBSSYet2jyBCn4CcOaLBRZXcZCxqFmY9WZW
Oq2IqSjaMwOQgN7UGVkmUOXMN99A/56VdGtgBzmGGRNbdK07lNcILBEXbT8v
t16TsE6GEwCLf9DEn1VA2jN7D1pdEsbRD1BXgE9O7hk360iGFaz5Lggt9Asv
/u09oSJpYSTD/FjSBvLK8VIyu7b2iBWxzfoIM2GR5YbYFmFCQdoBiIyB5BZ9
ZviUSVcn/AFoy/YJSISWXpf1lhGgqzMiQEgfgFO235KOacj4XQtPBPslPYcU
eTpkxMOhepC+aovVumSQE5aTSkEci6wuA93/p+u3b8jGr2cjfGXxFdATuKuX
C66/Db96vm9IUm9W686rR34IViMLATTR3ueNE5F/35DOqOiyrO8Nn0PULjpx
SwQjBKTim0Fez7qUMECoIocCyxyBZth3XKsgAvSbPHcKJJDDkJQjLG7PSDjZ
b799U1uoUSkhpBVllseNv/0WiiSrz0Gpi5VWOgxp5KrZkfSuoH0Qc5w323VH
bCddL6E6EDZ49YB2qjaEagk0gaoF7u5mebsmBYlNrVvZsmJWk8/zArpJXgiz
A7m2NANARVKganEOe3zz6lrW+ljhCpw+cAKe6W8f2uacnq9XNAFAD97Qkj2z
Yr5FonbDjpY1WX/bcYCU189YvSjodqucQXXtr8+CB4Ms5wo9uhtaZEEMyEIk
Vrft8EQKvEjXBagcc2CWaT3rExWYwLoiJVOuBqRVORlBko2Ozd+r2gsY5Tg3
adu8NBgUr8UsCTRagmHSnAwK2Hhgt7DV/rYhqy0r5sKX7pdAxbAWYR+pMGoK
EHxn+TK9K+pNQ3/y/nFw7AQCiUVl2AmWJXgui1kBmXn8s7fcP1iY1vMST39/
/OjkODs5YbOGYeiooiZmTDp2VRMJ1R+Vq6iuHG6MdCZWwdkumOU0Knd6tKK4
vwV++j5l5BB4t7mzCPQqhQHpdakRw48BXavOLaAXxvoiLKR13apWqZun05zr
xlg3X0C3IjOlbjtBnC0AV8CuBWKqwPE7BYcA9y2IoTHvcbN7cPLjeZnR5Hig
ycH7nFq7I1iVKtkGi5kIHy3NMqgQ+LEshZ14FgLMG1gW/n4iqu9bAkZIfrTf
4ONt48Q5+656liIrvalRcythc8sfmhXwW+KRbecQPwn2XmwTtobYBfxerBAo
UIRxx5ZawpaaYI7aO6Lb4Xr9XeiVD42xMQv6Fzn2b/9YE2sw5tGYcNI71Bn9
gKE4GyxpQkrcNrHBlnVE5pBqYcCehP+D75H2Upd3IiOY+5LGo2wUlo63bow5
xYqXO74KNVtbdy3wgZEKjQ1d6G1iMYY93KlA0l9lK+Jpby462PwqOxEzgBHH
pqIx3+E87zzOJN12fcgK58NEKMTQ+6K/geD+bgd38GiMPvb1++sb++btjYU2
RStG/gH2JWzZxHBeAjzOfKsh9R4GgBrq9FVN2oEaBcY8xuGULSTAumwfwxLB
AXxwSCnsasfFYL/WxTDG0zf+RpTv9PiVJyzmCDyxFS+EwxN2zuByIYgDDXyP
Mz0XTdV6bxPTMavN7RKuVm+9R7fGDFfOJdd10Bsw7u3eTatQ2ecZGLgDbOQO
cJ4b3DAeX9YVSTNC3G5Jp/lB0Y+VU7lFEmoduKUKkzanawbDiD2OAFHfd/rz
jhP2w8hGDlWw2voedgAEgR14G2USsZ3kuoNiI5q1U6AZ9fTqnE4KudZhjwq3
mOFndd7ysWAGCuJWIKDqFtqhW5BoFp7dlvabC5+7BkYclCqsae5EFz1utS5q
A+Xp/MWLV0ma/S0FW+RtsccNG7GT529eeioXeZ9bz3cI9jCNVTsd65J7JEyX
fqJbXW296diXJ0K24nUn4T/dlSVJSShVTt0SOxJjHtGwN3Lc6IiPOslpZ5hb
jNPPcEavLPuzRRThCMKdifA52UdhxgY6KElv2qwxm6B9UN/EETKf52sopCMH
E3zEAu2mWaRzeIasKkas7LWY6nWeFSkzZh56OXkzYYAUmVog7FilB6fEPJ3d
3HfX/3Y+q+lIeHz627+1dTXd0VgYUcGBBcm2jGLvL4OPDlfHk7VM1e5b+I+q
QC0OJLTBed5UfGxsdrPC4HlZgL2yMnktHj8oucHf59cAkxWmLMu5AQXsk1vc
YuVVBx1I1wv3VQJSFXyjH27BHfUK6UmPCPFNi0LguZpIt7EjsXW7nS9rKNhk
ZA008qC3s7wXZu4MRbWDaJhzGTCbFntGeWts/nlDQq8ERgadjJiMs2RTxC1S
snWd2aP6WwU7E6wOZL1HBLujhAiC43+02WJVwPxx2i82wE5b9pI6Rs7sAt/M
64aMwlT1tuBHYzWpp1nIkgUbfXU/ur700XUGGBiwEzFyTRqBaXKNliyLtQvz
OMgFLc7BjVEj3ruL38BjdJM3hIF1Wd9umb9e5X/fEJsWy/UVsZMN4aI4Aj6S
tnGPgK09gtA6Gsl/QRz4fHXx7+8vry5e4PP1nyavXvkPMsLQH2/fv9Lf8Sk8
CfBcvHkhD4PYBl+9nvxvmgBHO3r77uby7ZvJqyMcpecBY1WIGNtMobtu2EWa
4uLaeVNAztAz8OY9esxKI1IoPqiS+ePjDzA6NYwDP7z+KVqWqF9kqMI0IT5c
dBy5osnbJcdz8yZ3mjhBuhDt3/TkkEGay25A7OvCeWCAetPdfa38ufVRumEK
Ry9K55lnIaE5FrIb2iSb1d4hp2ZVysbZsqYxaoLYGLmclTb0s6SbrADKww0u
LpczxnTndlmSaTrUwIFSWLUNlu9vYgOAZYiIrr7upc6+aREZcoue3WuMiJr+
LqBNZII5Yb0pbV1nGffU3sLRHRvdUCyFZTNtOZcV4SZQrg+WStypuuxItIo9
1A7jlCMBHNQYxV5ndjYRdSJgor4nvuySkwjklumU4g5i1NKLVQyLLFk971T5
JXH2pkm34tHjQ0AxnziuHFktH0ldmO43n/FtS9yetU7P7/AtsJo412rtDN1Z
ncGzFawpe44peM8E0K6py5IoAoJmtikRHO5SdkWwDaq7guIyV886VCGegfWm
yGDqCRo4R+mernNCO5V7j2kbE/Zq2R7ceAXBUGzW3oMGnPfLT0fUANXW3ZHq
hbSJ9aaB44WldM7+PXaTwhP8KYUGAP+FFRPS+bcBHKD3J/XbthKwk4APAxdy
a1My0iFjZ7xHhNEEv7NHstMjyDNnUk58hPqz5xR+AOWk7VizjSLbYnCv67Vm
swiwP9rf/84+evjwoQNDC6Rllw9BvqqjwDcHnjQiA6fveJ8Qxv6d3usX7x3l
MmjDr6ANRyeqenefztQlL2QQbQQq2R0B8pCr0h7T3bAeRmQvWEzMrLaLnJ0S
dMRZoZpOO1JjmPF+mcNpSaBr1TZs8wP2O5nV6kfJ8rsCDk0AVFQLb8fDgcc5
Z6CbA6a/ShSj0WxxswnXEpugr6j0JSSLNfamqza7xyqJvFx0C+fB1r/hdAKW
YbQfjjFgvaHDyjHPgYnhZZAzCkaR20DMq4YUeyTlCMF1wve+kLSwTgt1IASe
reajeIdoG+pBG0JJebnfgJNxnTpSC8V6caSog0Q9EASZN3WXTKAoq4R5f3Me
WJ8kRzjHqZMU7kZn7GhBmHKzBpQtlAb1MtglMVXNbsGOUhGpV0EPv1AA8lW8
v7qM/Bv9kxzyPjCtMtcm7K4c9IKe71MH3MajuKrwwEguhx8boItzRnT2L0R0
+NaxeZabkiEY6USterVDuESEOLtMR2IwRSau+K8xMMaGYEmr1ejcifT8HW9D
jyapdhF5OMHwhJVhzSe2PruTFbqJZnDZa0RtUpIgA/cCc9FVuvapEiQa4FUR
Q3utdCVecrhbK9N3J5w/f3vV9ymMnE8dXIF4TZ1x0I1m52gVAZU0p1ayiTia
mOWzzW1/DsT4BZpiFJEpNsvJWKL/q+/puNPp1Kmncozf2f8AvGz/35ndMLHu
+ffMe38s+7ixbxIOoi4OJnHKzp5JFFu9ahj8ssSF905jHwQNxk38LChpwgmO
2xPshJCrP4WQ897jOHoLdEwzeIP4a2bgDIdt73nJQY538PNv9cuE9KYPo/h5
HezcNMe//90j0eNOOE4kqXPRWehqD+yE4+AJQMEBV+LS8yKY3m00yc/f6pcf
RsNJ/pE3NfTTlWN9iC7YOF8vzBG+7B+pN0f0JM3z6fHD0/7l/MGn+SWc5jcK
8xxIBAws4hdmETwNPiVi9a27OgLRM3UpEzlvOAypDu/M9By4uhsS7nuha5/t
8/aa/zQu3VBIqehj7+fvS6ggIauM/Riq9GJfUML70xw5JfKIKOEIKjSdRz9D
VaSPZt8qRwH8PJpTk/gTB3eOwG+HMvbM65cYt6uqjfaudPDfsz0RM/Fy/tp5
iOu+fHv1/PLFi4s3wGu2RWIo4fYgvvusyNEv9BGowP1fcD+gWfZ+x7/8IbJK
f/F+5FEPMUnGJiEE9GvOEnnbgUXhmhST2rzPlulSCLVZZedrWRa3S/5A6kyx
WfGlEG8ZPKMAact08MMfbLYRl+kIy/dJULfAn3+hKYbTrZsihjv9AOxcpSVL
b86Nm2/Dj58hgXx8O7ZH769fnCPNu+vKwTZ7mxyQuAMUU3f8EDHbz2mQHxhF
oBL+4r3V7my0SuDTugDnSvcWiEx8HvyLJ/svMBDnIiQN1fv18B9aF7LZRG4L
dnKzmjH9r2lCvHxRfIIC41WvPRFMaC4IY/wxCmOce53jOlYVZK1dNYS1ZP8I
27tx0E30aegfZuexNfyKnFOKx1g9uWWv/kAulfWtJnozxd2RPiZpes+JJfV3
o9bUWrP2fE6W6EoGKRQuJsFfM9Ci5Bk5ZVDNGDo/a/nUh15Kbpl/4iO7EJD4
lswhVUshwQDswQsqfOyVl/wrViNhrt7lqoeJmh39I6v4P45E+05WnCnZ2qP/
PDL9b3ggLCD77bE9Gh3J5xPD/+lPx+SbJXC4HZ0dIQl1k5voSzfuf3w6PYVb
LoGnjP8y/q9oc3fMbQgP+L+kp8nfqUgTrzIdEERHQik8VpUa+SwaxqGnIuWB
h0N9cBLQKwCHHg4C+8gELpAwINy5vaTjv/bOI+N2xaCAai+lHxJ4nGW6Zdmt
6Wucatftn4UNQrbmYcTADss45YM0mp6D67uxcI+JpAFo7AU2BOeZKX4X9JEz
pzjrenp0aI9HU82kFYxho7DamoPZNEyhYo3xU+BPjctpSltDYgFkMXRx0HRz
eL0RA6Yl4GWDVsMxMR/F2MnHiaw+TnNwWQ6SViAW3cDnSPR9/MZVuZ0Ik5RC
DzOp7FTuf+rVr5ZzEQeOwdgfyPQsjjDj4sTepXfALYjMpnpzu5TbhPO9ysux
ca5CBJPKTZYP/IUok9nrK1T2qWV96vxw5iKn+lhX/QcM6VdE6OF9IK1xPipx
R9CKUn4ivjqcUK7S345kGQ+9jkC/6Q6RxHDtux2dZeMcYGbH+8iY18GNRlLi
M/5HE7n9nKN24Id0pBTV8YzNZS9Qq6JG3Q08Njg+kZjWLusS6UDGTcHOZxdT
9XidrzgjN3KrSmDStkQIJZnx85ouC65dD7pWPK/yQ+sGSsI9I0y0fJO7OmVl
IF/IRhN/fNNL34srjqBE9DhJfLk7ftjjl8Oypb/SJCfCeg6wvNhfqxFyHypW
/61R/627vX3O28h1y5cPHsUeXPNlD25UdlbdpreSy7KkcXDhtCNTN97DG/l3
EUjASrve3QZF2w4ERr27jI3encuFE1/h0w0eXR/X24r7RxMitsJmJWaE3z4R
FWoC1E2UmEbE4u7xu/GprZkzcAjoYI6JEb+op43pUEhORfCIIwFxkbbWtE0z
D14/J3QkQM8MiY/KLDgVuhfjiayku6IunQI18RFsnlQVTU6fDiyHAM18lO/c
iEhaxiwZfjgnYfixZ1yzJQ5p3iynmrQ8hXFTYwrZC18W5HKcRaXAdWntnMM0
cJrnn4hnt+xiTEOBjMgjGWJCkm2hTk9NaA5JSIEWepGKAynNA9IPCc4kl6IU
Z6Mpzi7BGW7PMCOwMifYCUnOpWyby2RMvHuVqXuzWohC6WI0PZnUX7ugv4iK
SxqAarb0IKzUcTpfkuKdkFY8/wj+TCz8LiXtuur8lCTeWZy7nFHe9rW44plJ
nYec0MiiiaoS+wWGG07I/en8Os4dbQqudTLOxW95gC9vSHFOzpZgjkBQJnbe
5n/fhAtLxRjy4RZw9AZhevamQ80mrVeThjg40ElqG1gRMj0ktml2Mjk4pHzL
1RWVqhjwR2MHUJSk9FBj9d73TQD76zKvBqlr+428gr3Fo1Dm0j+q3zXzLwS7
kVCV+wRb+L7hkNYgSagycSm9jhOOFPLdjrWUsLXE/nlDsPpZWw58iOTRqcgj
jwPX3svPl63ZCyEugSuLcuBC8l/IKva1jcEqRFblCqeXZMJpWt5Oz+xF9uJ6
Yo8vstPvv3/09GRobvtdfo/EtOnHIqNnegl2U58b/Wcypy6zqSrUg4mMjQ78
CJNpTEKm2y2VncUJjuMACRwFCKeJEodSoKOhI0EfGHp4cH8GdciUUuW3l/1n
xIHRDzYBjfeU4fZyeUV5Nf4ruqRhLpvbWMLFNKSKB8v+Gb6HAky0uiKo2JSr
51pOptUUwtzpgMwtBZP+EoWGoLUosUnEKA+SZ4akv0dje8XZ8A5/PUykKo+B
FifFB1SHQcc40U8/iXBzqRl9SKNHVwxQi8902J92upPv8t1YDrR1DyqyRpQY
cqu5xMOpJ8xHxsgKPwcPlueJ8U4RPPmfvyOt+l7+4zIDx8i2/nc6vV9rX/Lz
scPkH0nmLFQYSqY055i18VMLKLXIfNJCUClZ+SNU5qHB9tZxo6tNqbTfq71x
TMoXu2gVexQZ9ZUydWMG+UdR4QzbnZ73FchXdv1RINRg5zhGKAEiJ2+i+HE4
bLR8VzuxwqySS67bDapY81B1RFiyIg0BXkspbNJYskpiUjuJQlqjgcJ+BJzN
YR8Fx3ptzpUeKj7uOBmALCrVSqyU2YgA6G+H2SiZXR+BiFmR+XRu8cAKx080
jCIqom5NU5aifehenY5pIjixMyJfR0UNFdcTOc1urGJ+kI1g9hYp7FYoDPmY
5Px7VHWyf7e4Js4ZEOeyGK9cr2W+MjlBy0Z87prp340DHm8SDh69x8r9yVWc
CnWPwVWoxtKYVi9xga3RZw7kZFkhL5rRLVpcHhxaJYUrAms3ZScyMRYv09jd
5hw/+kyuTl9N9Zgv63iLxofdpNoBCoGzIiIEhg4JBQTGHzG0zncyCWctOgcW
dSWFn+JUDqFO7FuTPiS+O7JN7TpKDJKc94gesy/rNuTmZmqruYRLb2RLfwbp
vxFKkXv12q9cEiieCSkejOtxJramhxgTVazItbleFvHoOJPReXJE2yDU8xkm
wrLA46cu67Fn4KQ+kdCnqtLj3X1NulKmJb0vPdeWylSfyWpDJmvJjFbWJ1Y4
/1huezmpNJtvKGBR9FhI7kkzX6Y5EpNZ9nFGLwGdXX1IRQtlxv63Me/pVeFI
n/cv5TLeuLxf1rABWRdgTMzFyPTbcQ4a2NWcKKg+qyUbrz638hPRGUQq6YwZ
0imQP3n6OAFo7TwvWJcnhnTHDInGSFJwLn0ctj5HtuX0UZeMhfrquuFria+T
LgMBPkQXdVd0OhPZam6ukFYdTVnW1W1/xmemccVHtLh6a7W8gI8fxtqEMyh+
j/Kn6VgzxHczkUyUmhuVRe1VC5CxBD3J5yY5rVHIqK9aiUP3H/DCDuqnblSH
aTJiiVC+tADtF+7RpN2YwvpTmZ6IkaSVD6BxSsyYd+/35zwEcYbwnmQn15AF
GVRwJNR1iS5au3lUDqFws0Suc3a/C0H5JOXWecBZ+3W18EyEzv8r87i2HIZ5
sNqeeu1/h0J2UBsDKnJGu4lxS2w/kfpsNEaFaYQbst2opqdB0XwFgnbebia+
u5CgGzR2t/RvuNEGP2ZU0R3ZGTFHL3dkmVm+rZWT+8zsWOc037jqoee+eqin
G05s5IhSWSIhw7xh87KfmgV9g4/PKh7XCmnRK6cLqhA702rad1JUuWS+TsP3
WZa+ztv7m6SskIu4134Cj03DaInmYksx7VVUe6ukBRMDaMcWippF3tzXkk1R
sHkDWr07sAAPmStS/Basn/0mRH2XD6rhWJHwGoK1wS5nR5B6AFIrDoU0Ctu4
MtsLdbPv5KHupPcN6lK53pE2EpIGo6rwhfpI67kmIeSSUPoZH6g4KKOFWWpx
F52Wy4SdX5jmdQ0KIsvhwDGfORswRklYr2kTYbu4tISSSehJzM35R+Pqyggf
XJGeFvTCeAvCmkVVO6zk5cUFfxgWB008a99uuqReJDKPkw9xubGrupWFA5cY
BXPPmz/DfYBZFVwLdpBjxdGIH8enzJruSI/Lor0IWP12fgjb6eWNig4GdXS4
D2jMaeMLrALniZXcMT8/dVaEV0FD6jPhgaTF7pgeXClC1gRxKakiAy+ocjD7
tEEHm7RXB2qPo/tFE6gyvYdBtrUVaXp0S34DJ8JE0UeBhJJYqIwnve5dHoVC
/GHWu8EfATJxHEQJTHFGUiv3KWfttSAhEeHqppkbFQ3X/U7l4el+HknU5Gcb
hfvvu16YEa+V1XjXDzM0CWOuU66T3sfylYjiHicLLq2O6kele8rWbFo6slSY
OkeRuP10J1nCjokp6UGeawdmyK28RpF+XCnVjfrphOzaZnc+QB7PLh2xMsw/
mJYvtyeqK+VyouhON5Wbpf80mC5hZC3iYl5vyDrThjkqEGQPjRATHt5HfUGc
BxaF6Lc+prnertcVVz440IqBTFwXRCCeBZbeXLBrb7ZrovtD3TDva7viYYh+
OxfsF8p3kz0+bk6aG6boSBoBy/AqiVs2fX4VLgzWVQ6mABnLLc/YOmDdKEpn
GoU0J5R/AI20y1RdSjHBC996ymvxznJTpsPuctZiFrVzizDPcPV7bZSP5XOP
2HboZ1w5u0Fa7BgGQ75Ae1lO1HPeI1epzDd37W7zvFdfLf54jWJNXBTrMkR0
6bwX7+3kEnkGdhCHMmZPHx4fpNof3FJBX0pJuAZDSGX4KO1zaKF2S2rdylUV
YCcuzKYVDUwlpEBLzzhHVSEgVrP/I4TEIHPJruUZmJdXqWRMfK5qU1fnPI5W
toEQTdzByETRZyacQwFuJqeMbomNNGaMxQKMKxPd9TbBnv2GHTdboK2Dq2bv
N4Ug5pvkKxcF1Unzdqe7CbdqEZfPbr5PVK2X5WUx41Yz0jWOT20+o2b5ILPv
YyLJeP2wtZES+1bVdpdrIJ6EfuLUpuIzAL+f+ap2EQdJaDXAzslojSdsAtjv
Ih+tKm/Gi2TNeHIaXhVKtna2JN4zwPwytH5rnfq/krLuncsYUgUUkpKDn2RG
pVkmFqG4aQVUIRQb3xYRR16S8TDZCc8yMqKtX97uSxBxuT/CZ4QfzELagSQv
iG3u86MI4fak9xitMBlE5IktJ5GUDtouYKFdTMqtKSU5J3gBhixBmhaoI1i1
Ow4QuICA5kDscUuHsGu4/R/Gj6AxeZ8+Ezdri86pz02yYpeqkuKC+Vtn+hfZ
y+9gYatUj+Bt6/QU33yDlvauwGB0K+/n9AnGuzgnIs1I4ndkb7VmZ2u3IojT
1rWFjZXAyLSgXRHrCEJD3AqSUOGcZDt+Hu6PEVQRqF1OTx604mJ3NTxckmgF
E6xlD5RryBlpOU7XWyFjAncgoTm703FE8nu5/WzGbqUlLKfNGvqhhCmxR3bb
iHdXRafC+vSxEY8nfS7R1UFD6OrBUwJ3xdPafQ3McFWjRWyVm9jZmKVui4ca
n0SuJO6tY/qRH3HxKVmK+xB8xblIMITMhcT5qpGPxOEX8YiL2ey9RuLYwEF9
w9ZUO+ipdJylbREX85nISdiAYdO4XtOPUlIeNXMgdY37jPeIaoxG5wGLEtDQ
XPOBJRgw20Rb1Raj0NCBKgE1ZTfsDeoBdLM2qgX1/Wdf5XPSrIEW/ILgk7wk
+cjmGbB6gpg895J9R5fNuQSTAYMW9ukkRKGuVu2h66qNzcF+Sb6DKPd89bbr
HBQOZCYFzm9t4ba2lratYiuxCdTbEl3oETqhogeGBEXQPRaXLM6dUnrEMA3C
jChCY/coIsnFDRsOmHHyLF4/MIdEt0pqzYjNYwK1PscvNqhxeuze9INEJNs/
JgV3BU4RZ3dP3u12AeQS5UhncGWECeFh4vtciTsrzufY1xnu2dAb5UH00/m1
8ek9MgwWkX+lA8aAhmcpu4367uU33IR0YcSyyXKCdiYvaQCv8D0v9t06Nl6z
vDfSIkswKw5ZyAWVXOa/r49X/7r39PDiEotNPwAVunoZ7Y82/xiyDYb+P/8C
AzBsSJGaW3ZOyCjej8tQjF2PEd/Zi10UoSWY+qiMpj8GCbQrKh1dzKIqYA1L
GNfb2JeXCnP3rVt5Ng38uNatA60LcR6f9M5u9NDbt0fQoYPJl2m4bpzrVXcd
i2sTzyvQaAfOGLGFJedOahnYjaT54MZfScK55poZrjnWf85hfbkUF/F8uL+y
qHg2Tv7hrDJmMtII6aNIoBVCNnoCzlFvnKikKaP06HgBpxm8Joq+ddnE7AAl
K5KzDvmxfTlRT8ePzjhDxwVdXXKrrfJ7SYwZWbruTsw93nnofAW3PP3V1Lgm
DsjFFd0jlz6kG03u2mS5vSVTNo8bzxoX0nY7INMqRVOsSPXy2MJ6VJROlPBT
dMKPQeqJgqYwVB2IRRB9y156kpcb3nEIvPT99eLlkV5me3Poifu5RO8JX16r
bZj2JKIv9ivkodUzIpzrprhLUR5R1iiJ1ZIJ/VJjlpKI65EFBGfSzSf6DYae
f0MQIEiET/BFM/Vc3zO02EZNN1xTL9NLfyfK7iXvw7PIaoYfwa3X1R3RkVmA
yGeSkbDnPOcUL70Y5uoLefK1hSx6DudoFofXVUix33rOF1cg8It+SlYIE21J
Y0jdWnI1bmuPqxp5ZUXlC07muSTJwJEple+o9BeT6YT7RKle5Fv5uMtynqg+
S4yqzwzyLvFWAFVpxWnD4cO2+AepX0XUPlGeUz8Iv0zARI+FU9mmaD8Ok2gS
SYt4LtXmzFOGiTO97h4+ldr5keMkQeO7zQ0r+WObbjeVwvTeJ9NrLcK2SVXH
XQujhlMaAyok0MyapPjbdkwxgYicIViimkqj9Idg9AsW88QIEJnQbPxe/4hI
D8D4yB8NCgxROhOUDOxlwb38nDqbDNsiWhtzVSAuJqchbe3TIeMuZtzEbS+j
/e4Mj15fnPfkkISq0ru0KIEVI3vz6jpRVwdKQKbje8LmhLuYk7VF6smMyF/7
y1eZAkVz8hEtqZAWXt8Sac8hJGmLugRHrli7g7SVrC1pzLjHcRjcwcSDbwtW
KOTHvraoiT4tOwDcKJf+GMK57DY27DZ2Os9R5HE+co9L8uc39vNeZe7Th63J
m6WiwWjRuJl14bc9Dyeuj14W5xPDE5LTb299wfjubxfO7dLvZHkGGiAWjMWd
L3Y4Iq4DfPRozwsiEnkpB+uhSuTDOfaVsK450Lo3I9tqehpOysnKXiXtcbez
3Z1MAkBV+du06h8L/v8zO3hdg8So4z5q+K33roD9jtm4N+rLJr0VMyQkcwzh
gNvgbXrrNhZ+8uaxBPyiycX+JGGearPakOslZ5C55InX6S1xrmqD+t3j9qT/
48uizENJD/88BjolvkMxz0CSrqsR1CpcZTj6w0SzJSESsWkJcHStxCrevmG0
RMln8BDo7/648mK1wYvU8Mu5vArEt2ujQXi7yRdpCbGTf5mW+OF/gZborjl3
9fj9zcvkSYj5lNtQl45WN3Dbnow/R3VPZkX3zMo0eH78f0WA8buMBsEkF7CB
TC/iOFIU6bE9NP4iLffLW/pEzT16POkG9TTy40knTdFt/7/QdhwJE8L2bQI4
MhZyjPrtln4tLbNlr2+z/MAP7aEzoJrS2a8nn8ilhnc2wV6qq/031z6LInls
4qqb+F8nP1ZF3vvsNvsKXvihEPXNoPalwWEC9t2bg+lzbCgNxS9e54HHXDRd
KRuaJ6aU/m6JDHHS1+Edp+6OLHQL6J7+Z59Y65Jk4yLuhIu47V9C7Ek3tT2o
NPTmEz9o/82TO30pY13BNd0q4J/jTkyFj0prLCQZFOBz1c4+Y2w48NTlUx8O
lPledfLWD+c7IkRTgOXSZvKyaznM0tOQlO35AAdc3mqtwLMFp2D8RouoEJhm
fLmRihGVf22UnK4A9wq224m8dkwUd66Yb/MVewLJFOQsBOG9Wt+buPre8MbE
qCHKnOz98HY8V4AZn07zi2hH196TNRHQguDR5VfeKvYNXn3xtkNRJmuiMuiw
lkn2Rh1Gqzddsw+jBHDa5MUnSTGx8gI12eSe1nBtwbV9zuR2CvV8O3JaLC9o
Mn3znFwEO/1CQ37vC2thm9N+/inL7mkWEf79k5jBtt+wZt+g4cH6TSN/3b9/
mn8mX/73NWO+btBX/6ON7bwGfPiWX4bYo7PoJU/RTzHELsO7koftyYXVur6L
4flFHRI44wjJnn3Fl16Rid26fak97WK+uzcZ7Wun9fivvEjeWGxmHhhlX52S
TtfVq4E/vD/ozUFwqQexlXQlLe7rdXGUstCwf96Yq7Y4vH3emO+zHjVXP7ix
5yHHMbxG13fYzh25a+/l/RD73JvmkdxXtCfY2neslxSkdc53en3rxh5MfvWV
HYTFAd4k6QRN29mjbEsaeNjMkb63UpiREaYjcc8c75NGzZiwK/VALet7jswy
giIjH96EZ/1At/dy8ev8/Ghui4IvoZdJpxR+mpnuZI7PZZ7dyksU5Z10rChx
0chHlx+yER/RvGjmkuZx4FXPHJRGJB35l5yne1fk944T99JGfdoAZ464vJKv
SFPWGPbhZgsHBC8AhxyhuzimqXWa/Chrk9GSkq+ggbuu39P0e4l5haqeAi/4
bDs3btA8X0wS11lHDQO1QOQVL/28ErjrgnXMmil6zCA8yC/7nLlu6xwVAYwN
x2yj3qge+xrcXkITrAMRhFdeHHoTtQplVRtalfWO/cU/hGb/hPtpViG0eT0e
2aM/+3ca4KQb9vHidfes71xqdDluyBS9H8G+Aqzao5G+UmCEBy2WGZGV3syX
9tHTpz+OZXXpMWbPmxqO9ZF9MWZ8eje2b+EsLUvazGTDOI6K1TcveUPXyHL6
FK/fezU6GTfIm6IdXN+8sD88kR1gqZH9Ka02UJBPHz58onuQmne0sU3xjqyf
AAA2Rt6KJnYdVWSTRYy3Kxb+Ner87xgR2JMjWQfT0SybEos8+tEvgjcpEGyK
WUqQwRqT1ay43XAMcWHfI21jjqScu9a+qu/1j6K3jgMkR73+ivsZQBmrAMr9
pdnQtVeEL6R0VyM7odXRFa7ELtjYDn0i5IXw0tO3d8PHZDf7I9KMOCLxt9OH
pw+xTpA7zj7TU4LiBwiKFuXx1GyyJ2/7rwH4k5dL7n1P/Z6ah3QD6aE2sjtv
4DXxW6+Hu/RtCCbaE4qw7Y9Fh9AiF8KR0hAvfkOMPvHtkDN70yC7uGm/cot+
jUTbU/ntxo9HO//mm54KM6RhNuGZhkl3vqHzXGQO9D+ld+k1N4N06PzGBfuO
cfUn8Yov0i6V21Bm85KXVEJ6+lBvn1YjSs3n3G4vfj5GOvaJ2uccUyAon3vC
/lO9WNB3ILK6Qs8cBFpAkrK/PleJX3NOZEZUeeJ241CeFjq0G0FNV8mzg5ov
vBLK7bcz4vDnkgXsca7HY9BesWl7/cOvuNTu8/e+o07vR84o6/diAw8WhDN0
itS5gmh3G4JY6YSyGxav/b7iqNvRlWSlMNgu3vM7oh8/ePTDk6fIX5V3gd/3
HiRlY0U8AE4aaQfOVb/wHfmcgrIsbrXDf2ALkzDmMhoDexJXhXWZP+zmagxu
o6+Fnfdf37bz77r/Prfo1W0HWu9GL5nO2ZkzJtp74HML+v7ZJEpP2D+dfzm3
OKd+00Lq4yqN6bupzAF9y1ysiGec2RlG/1tvV+b91eXZ/g2b/wMxt6YEMIoA
AA==

-->

</rfc>

