<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-rosomakho-tls-ecdhe-mlkem512-00" category="info" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="ECDHE-MLKEM512 hybrid">Post-quantum hybrid ECDHE-MLKEM512 Key Agreement for TLSv1.3</title>
    <seriesInfo name="Internet-Draft" value="draft-rosomakho-tls-ecdhe-mlkem512-00"/>
    <author fullname="Yaroslav Rosomakho">
      <organization>Zscaler</organization>
      <address>
        <email>yrosomakho@zscaler.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="05"/>
    <area>Security</area>
    <workgroup>Transport Layer Security</workgroup>
    <keyword>tls</keyword>
    <keyword>mlkem</keyword>
    <keyword>hybrid</keyword>
    <abstract>
      <?line 37?>

<t>This document defines two post-quantum hybrid key exchange groups for TLS 1.3
that combine ML-KEM-512 with ECDHE: MLKEM512X25519 and SecP256r1MLKEM512.
These groups provide lower-overhead hybrid key exchange options for deployments
where ClientHello size, fragmentation risk, constrained-device performance, or
compatibility with existing network infrastructure are important
considerations. The groups defined in this document are intended for use with
TLS 1.3 and DTLS 1.3 and follow the hybrid key exchange construction used by
ECDHE-MLKEM key agreement for TLS 1.3.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        The latest revision of this draft can be found at <eref target="https://yaroslavros.github.io/tls-ecdhe-mlkem512/draft-rosomakho-tls-ecdhe-mlkem512.html"/>.
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-rosomakho-tls-ecdhe-mlkem512/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        Transport Layer Security Working Group mailing list (<eref target="mailto:tls@ietf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/tls/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/tls/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/yaroslavros/tls-ecdhe-mlkem512"/>.</t>
    </note>
  </front>
  <middle>
    <?line 48?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>The transition to post-quantum cryptography requires new key exchange
mechanisms for TLS 1.3 <xref target="TLS"/>. Hybrid key exchange
combines a post-quantum key encapsulation mechanism with a traditional
elliptic-curve Diffie-Hellman key exchange, allowing deployments to gain
protection against future cryptographically relevant quantum computers while
retaining the security properties of widely deployed classical key exchange
mechanisms.</t>
      <t><xref target="TLS-HYBRID"/> describes the general design for
hybrid key exchange in TLS 1.3, and
<xref target="TLS-ECDHE-MLKEM"/> defines several ECDHE-MLKEM
hybrid groups based on ML-KEM-768 and ML-KEM-1024.</t>
      <t>This document defines two additional ECDHE-MLKEM hybrid groups that use
ML-KEM-512:</t>
      <ul spacing="normal">
        <li>
          <t>MLKEM512X25519</t>
        </li>
        <li>
          <t>SecP256r1MLKEM512</t>
        </li>
      </ul>
      <t>This document follows the construction and terminology of <xref target="TLS-HYBRID"/>. It
defines only additional TLS NamedGroup values and their associated key share
encodings. It does not modify the TLS 1.3 handshake, key schedule, or
negotiation mechanisms.</t>
    </section>
    <section anchor="conventions-and-definitions">
      <name>Conventions and Definitions</name>
      <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
      <?line -18?>

<t>This document uses the terminology of TLS 1.3 <xref target="TLS"/> and hybrid key exchange
for TLS 1.3 <xref target="TLS-HYBRID"/>.</t>
      <t>The term "ML-KEM" refers to the Module-Lattice-Based Key-Encapsulation
Mechanism defined in <xref target="FIPS203"/>.</t>
    </section>
    <section anchor="motivation-and-applicability">
      <name>Motivation and Applicability</name>
      <t>The ECDHE-MLKEM hybrid groups defined in <xref target="TLS-ECDHE-MLKEM"/> are appropriate
for general-purpose post-quantum hybrid deployments and provide higher
post-quantum security categories than ML-KEM-512. However, the use of
ML-KEM-768 or ML-KEM-1024 increases the size of TLS key shares.</t>
      <t>Larger key shares increase the size of TLS handshake messages. In particular,
larger client key shares increase the size of the ClientHello, which can
increase the likelihood of fragmentation and may expose interoperability
problems in deployments involving legacy network devices, middleboxes, or other
network infrastructure with limitations around larger TLS ClientHello messages.
Larger key shares can also increase bandwidth, memory, and computational costs
for constrained endpoints or for deployments operating over lossy or
bandwidth-constrained networks.</t>
      <t>The groups defined in this document use ML-KEM-512 in combination with
classical ECDHE key exchange. This provides hybrid post-quantum and classical
key exchange with lower bandwidth, memory, and computational overhead than
corresponding hybrid groups based on ML-KEM-768 or ML-KEM-1024.</t>
      <t>The following table shows the key share sizes for the groups defined in this
document:</t>
      <table>
        <thead>
          <tr>
            <th align="left">Group</th>
            <th align="left">Client key share size</th>
            <th align="left">Server key share size</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td align="left">MLKEM512X25519</td>
            <td align="left">832 bytes</td>
            <td align="left">800 bytes</td>
          </tr>
          <tr>
            <td align="left">SecP256r1MLKEM512</td>
            <td align="left">865 bytes</td>
            <td align="left">833 bytes</td>
          </tr>
        </tbody>
      </table>
      <t>ML-KEM-512 provides a lower post-quantum security category than ML-KEM-768 and
ML-KEM-1024. Deployments that can support hybrid groups based on ML-KEM-768 or
ML-KEM-1024 <bcp14>SHOULD</bcp14> generally prefer those groups. The groups defined in this
document are intended for constrained, compatibility-sensitive,
bandwidth-sensitive, or otherwise policy-selected deployments.</t>
    </section>
    <section anchor="hybrid-group-definitions">
      <name>Hybrid Group Definitions</name>
      <t>This document defines two additional TLS NamedGroup values for use with the
TLS 1.3 <tt>key_share</tt> extension:</t>
      <ul spacing="normal">
        <li>
          <t>MLKEM512X25519</t>
        </li>
        <li>
          <t>SecP256r1MLKEM512</t>
        </li>
      </ul>
      <t>Each group combines an ML-KEM-512 key exchange with an elliptic-curve
Diffie-Hellman key exchange. The hybrid key exchange values are encoded as the
concatenation of the component key exchange values. The component encodings are
fixed length and are therefore unambiguous.</t>
      <t>For ML-KEM-512, the encapsulation key and ciphertext are encoded as defined in
<xref target="FIPS203"/>. The ML-KEM-512 encapsulation key is 800 octets, and the ML-KEM-512
ciphertext is 768 octets.</t>
      <t>For X25519 and secp256r1, the public key encodings used in the <tt>key_share</tt>
extension are those defined in <xref section="4.2.8.2" sectionFormat="of" target="TLS"/>. The X25519 public
key is the 32-octet public value for X25519 defined in
<xref section="5" sectionFormat="of" target="ELLIPTIC-CURVES"/>. The secp256r1 public key is encoded
as the <tt>UncompressedPointRepresentation</tt> and is 65 octets.</t>
      <t>The server <bcp14>MUST</bcp14> perform the encapsulation key check described
in Section 7.2 of <xref target="FIPS203"/> on the client's ML-KEM-512 encapsulation key and
abort with an <tt>illegal_parameter</tt> alert if it fails.</t>
      <t>The client <bcp14>MUST</bcp14> check that the ML-KEM-512 ciphertext length is
768 octets and abort with an <tt>illegal_parameter</tt> alert if it fails. If ML-KEM
decapsulation fails for any other reason, the connection <bcp14>MUST</bcp14> be aborted with
an <tt>internal_error</tt> alert.</t>
      <t>Both client and server <bcp14>MUST</bcp14> process the ECDHE component as described in
<xref section="4.2.8.2" sectionFormat="of" target="TLS"/>, including all validity checks, and abort with an
<tt>illegal_parameter</tt> alert if it fails.</t>
      <section anchor="mlkem512x25519">
        <name>MLKEM512X25519</name>
        <t>For MLKEM512X25519, the client key_exchange value contains the ML-KEM-512
encapsulation key followed by the X25519 public key:</t>
        <artwork><![CDATA[
struct {
    opaque kem_key[800];
    opaque ecdhe_key[32];
} MLKEM512X25519ClientShare;
]]></artwork>
        <t>The server key_exchange value contains the ML-KEM-512 ciphertext followed by
the X25519 public key:</t>
        <artwork><![CDATA[
struct {
    opaque kem_ciphertext[768];
    opaque ecdhe_key[32];
} MLKEM512X25519ServerShare;
]]></artwork>
        <t>The name MLKEM512X25519 reflects the order of the encoded components in the
key_exchange field: the ML-KEM-512 value is encoded first, followed by the
X25519 value.</t>
      </section>
      <section anchor="secp256r1mlkem512">
        <name>SecP256r1MLKEM512</name>
        <t>For SecP256r1MLKEM512, the client key_exchange value contains the secp256r1
ECDHE public key followed by the ML-KEM-512 encapsulation key:</t>
        <artwork><![CDATA[
struct {
    opaque ecdhe_key[65];
    opaque kem_key[800];
} SecP256r1MLKEM512ClientShare;
]]></artwork>
        <t>The server key_exchange value contains the secp256r1 ECDHE public key followed
by the ML-KEM-512 ciphertext:</t>
        <artwork><![CDATA[
struct {
    opaque ecdhe_key[65];
    opaque kem_ciphertext[768];
} SecP256r1MLKEM512ServerShare;
]]></artwork>
        <t>The component order for SecP256r1MLKEM512 follows the convention used by
<xref target="TLS-ECDHE-MLKEM"/> for NIST elliptic curves.</t>
      </section>
    </section>
    <section anchor="shared-secret-calculation">
      <name>Shared Secret Calculation</name>
      <t>For each group defined in this document, the hybrid shared secret is the
concatenation of the component shared secrets. The resulting hybrid shared
secret is used as the ECDHE shared secret input to the TLS 1.3 key schedule.</t>
      <t>For MLKEM512X25519, the ML-KEM shared secret is produced by ML-KEM-512
encapsulation and decapsulation, and the X25519 shared secret is produced by
the X25519 Diffie-Hellman operation. The hybrid shared secret is the
concatenation of the ML-KEM shared secret followed by the X25519 shared secret:</t>
      <artwork><![CDATA[
MLKEM512X25519_shared_secret =
    MLKEM512_shared_secret || X25519_shared_secret
]]></artwork>
      <t>The ML-KEM-512 shared secret is 32 octets, and the X25519 shared secret is 32
octets. The resulting hybrid shared secret is therefore 64 octets.</t>
      <t>For SecP256r1MLKEM512, the ECDHE shared secret is produced by the secp256r1
Diffie-Hellman operation, and the ML-KEM shared secret is produced by
ML-KEM-512 encapsulation and decapsulation. The hybrid shared secret is the
concatenation of the ECDHE shared secret followed by the ML-KEM shared secret:</t>
      <artwork><![CDATA[
SecP256r1MLKEM512_shared_secret =
    SecP256r1_shared_secret || MLKEM512_shared_secret
]]></artwork>
      <t>The secp256r1 shared secret is the x-coordinate of the ECDH shared secret
elliptic curve point represented as an octet string, as described in
<xref section="7.4.2" sectionFormat="of" target="TLS"/>. The secp256r1 shared secret is 32 octets, and the
ML-KEM-512 shared secret is 32 octets. The resulting hybrid shared secret is
therefore 64 octets.</t>
      <t>Both client and server <bcp14>MUST</bcp14> calculate the ECDHE component of the shared secret
as described in <xref section="7.4.2" sectionFormat="of" target="TLS"/>, including the all-zero shared secret
check for X25519. If this computation or validation fails, the endpoint <bcp14>MUST</bcp14>
abort the connection with an <tt>illegal_parameter</tt> alert.</t>
    </section>
    <section anchor="regulatory-context">
      <name>Regulatory Context</name>
      <t>The regulatory considerations related to component ordering and the use of
hybrid ECDHE-MLKEM key exchange are discussed in
<xref section="5" sectionFormat="of" target="TLS-ECDHE-MLKEM"/> and apply to the groups defined in this
document.</t>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>The security considerations outlined in <xref section="6" sectionFormat="of" target="TLS-HYBRID"/> and
<xref section="6" sectionFormat="of" target="TLS-ECDHE-MLKEM"/> apply to the groups defined in this document.
This document defines additional ECDHE-MLKEM hybrid groups and does not change
the TLS 1.3 handshake, key schedule, authentication mechanisms, or the general
hybrid key exchange construction.</t>
      <t>The groups defined in this document use ML-KEM-512. ML-KEM-512 provides a lower
post-quantum security category than ML-KEM-768 and ML-KEM-1024. As a result,
the groups defined in <xref target="TLS-ECDHE-MLKEM"/> provide stronger post-quantum
security properties and are generally preferred when their larger key shares
and implementation costs are acceptable.</t>
      <t>The groups defined in this document are intended for constrained,
compatibility-sensitive, bandwidth-sensitive, or otherwise policy-selected
deployments where the lower overhead of ML-KEM-512 is considered an acceptable
trade-off.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document requests/registers two new entries to the
<eref target="https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8">TLS Supported Groups registry</eref>,
according to the procedures in <xref section="6" sectionFormat="of" target="IANA-TLS"/>.</t>
      <section anchor="mlkem512x25519-1">
        <name>MLKEM512X25519</name>
        <dl spacing="compact">
          <dt>Value:</dt>
          <dd>
            <t>TBD1 (0xHEXTBD1)</t>
          </dd>
          <dt>Description:</dt>
          <dd>
            <t>MLKEM512X25519</t>
          </dd>
          <dt>DTLS-OK:</dt>
          <dd>
            <t>Y</t>
          </dd>
          <dt>Recommended:</dt>
          <dd>
            <t>N</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document</t>
          </dd>
          <dt>Comment:</dt>
          <dd>
            <t>Combining ML-KEM-512 with X25519 ECDH</t>
          </dd>
        </dl>
      </section>
      <section anchor="secp256r1mlkem512-1">
        <name>SecP256r1MLKEM512</name>
        <dl spacing="compact">
          <dt>Value:</dt>
          <dd>
            <t>TBD2 (0xHEXTBD2)</t>
          </dd>
          <dt>Description:</dt>
          <dd>
            <t>SecP256r1MLKEM512</t>
          </dd>
          <dt>DTLS-OK:</dt>
          <dd>
            <t>Y</t>
          </dd>
          <dt>Recommended:</dt>
          <dd>
            <t>N</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document</t>
          </dd>
          <dt>Comment:</dt>
          <dd>
            <t>Combining secp256r1 ECDH with ML-KEM-512</t>
          </dd>
        </dl>
      </section>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="FIPS203">
          <front>
            <title>Module-lattice-based key-encapsulation mechanism standard</title>
            <author>
              <organization/>
            </author>
            <date month="August" year="2024"/>
          </front>
          <seriesInfo name="DOI" value="10.6028/nist.fips.203"/>
          <refcontent>National Institute of Standards and Technology (U.S.)</refcontent>
        </reference>
        <reference anchor="TLS">
          <front>
            <title>The Transport Layer Security (TLS) Protocol Version 1.3</title>
            <author fullname="Eric Rescorla" initials="E." surname="Rescorla">
              <organization>Independent</organization>
            </author>
            <date day="13" month="September" year="2025"/>
            <abstract>
              <t>   This document specifies version 1.3 of the Transport Layer Security
   (TLS) protocol.  TLS allows client/server applications to communicate
   over the Internet in a way that is designed to prevent eavesdropping,
   tampering, and message forgery.

   This document updates RFCs 5705, 6066, 7627, and 8422 and obsoletes
   RFCs 5077, 5246, 6961, 8422, and 8446.  This document also specifies
   new requirements for TLS 1.2 implementations.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-tls-rfc8446bis-14"/>
        </reference>
        <reference anchor="TLS-HYBRID">
          <front>
            <title>Hybrid key exchange in TLS 1.3</title>
            <author fullname="Douglas Stebila" initials="D." surname="Stebila">
              <organization>University of Waterloo</organization>
            </author>
            <author fullname="Scott Fluhrer" initials="S." surname="Fluhrer">
              <organization>Cisco Systems</organization>
            </author>
            <author fullname="Shay Gueron" initials="S." surname="Gueron">
              <organization>University of Haifa and Meta</organization>
            </author>
            <date day="7" month="September" year="2025"/>
            <abstract>
              <t>   Hybrid key exchange refers to using multiple key exchange algorithms
   simultaneously and combining the result with the goal of providing
   security even if a way is found to defeat the encryption for all but
   one of the component algorithms.  It is motivated by transition to
   post-quantum cryptography.  This document provides a construction for
   hybrid key exchange in the Transport Layer Security (TLS) protocol
   version 1.3.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-tls-hybrid-design-16"/>
        </reference>
        <reference anchor="TLS-ECDHE-MLKEM">
          <front>
            <title>Post-quantum hybrid ECDHE-MLKEM Key Agreement for TLSv1.3</title>
            <author fullname="Kris Kwiatkowski" initials="K." surname="Kwiatkowski">
              <organization>PQShield</organization>
            </author>
            <author fullname="Panos Kampanakis" initials="P." surname="Kampanakis">
              <organization>AWS</organization>
            </author>
            <author fullname="Bas Westerbaan" initials="B." surname="Westerbaan">
              <organization>Cloudflare</organization>
            </author>
            <author fullname="Douglas Stebila" initials="D." surname="Stebila">
              <organization>University of Waterloo</organization>
            </author>
            <date day="26" month="May" year="2026"/>
            <abstract>
              <t>   This draft defines three hybrid key agreement mechanisms for TLS 1.3
   - X25519MLKEM768, SecP256r1MLKEM768, and SecP384r1MLKEM1024 - that
   combine the post-quantum ML-KEM (Module-Lattice-Based Key
   Encapsulation Mechanism) with an ECDHE (Elliptic Curve Diffie-
   Hellman) exchange.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-tls-ecdhe-mlkem-05"/>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
        <reference anchor="ELLIPTIC-CURVES">
          <front>
            <title>Elliptic Curves for Security</title>
            <author fullname="A. Langley" initials="A." surname="Langley"/>
            <author fullname="M. Hamburg" initials="M." surname="Hamburg"/>
            <author fullname="S. Turner" initials="S." surname="Turner"/>
            <date month="January" year="2016"/>
            <abstract>
              <t>This memo specifies two elliptic curves over prime fields that offer a high level of practical security in cryptographic applications, including Transport Layer Security (TLS). These curves are intended to operate at the ~128-bit and ~224-bit security level, respectively, and are generated deterministically based on a list of required properties.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7748"/>
          <seriesInfo name="DOI" value="10.17487/RFC7748"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="IANA-TLS">
          <front>
            <title>IANA Registry Updates for TLS and DTLS</title>
            <author fullname="J. Salowey" initials="J." surname="Salowey"/>
            <author fullname="S. Turner" initials="S." surname="Turner"/>
            <date month="December" year="2025"/>
            <abstract>
              <t>This document updates the changes to the TLS and DTLS IANA registries made in RFC 8447. It adds a new value, "D" for discouraged, to the "Recommended" column of the selected TLS registries and adds a "Comment" column to all active registries that do not already have a "Comment" column. Finally, it updates the registration request instructions.</t>
              <t>This document updates RFC 8447.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9847"/>
          <seriesInfo name="DOI" value="10.17487/RFC9847"/>
        </reference>
      </references>
    </references>
    <?line 340?>

<section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>The author thanks the authors and contributors of <xref target="TLS-HYBRID"/> and
<xref target="TLS-ECDHE-MLKEM"/>, whose work this document builds on.</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA7Va3XbbNhK+x1OgysW2PaJsy47jqk1bx3bWPrWTrO10m83p
SSASknBMESxBylGc9Fn2WfbJdmYAkiBFyW727I0tgvibmW9mvgEYBAHLVR7L
Ee+90iYP/ihEkhdzPluOMxXxk6Pj05Pg4vyXk4vHO0P+i1zyw2km5VwmOZ/o
jF+fXy12Brs9JsbjTC5gmtYQO1GPhSKXU50tR1wlE81YpMNEzGHdKBOTPMi0
0XNxM9NBHptAhtFMBvP4Rs5hjmB7m5liPFfGKJ3kyxRGnZ1cP+f8ERex0bCo
SiKZSviT5L0+78lI5TpTIsaHs8Nn8A/22ju7vH7eY0kxH8tsxCLY0YiFOjEy
MYUZ8QlMJhnIsMtEJgVMeyXDIlP5ssdudXYzzXSRQut1JhKT6izn52IpM173
upFL6BiNGA84yIH/SAj8YRXBFjIpYFnO75+Ncytr75+wuEqm/O84BNvnQsXQ
Dkv8rGQ+Gehsis0iC2fQPMvz1Iy2trAXNqmFHJTdtrBha5zpWyO3YPwWjpuq
fFaMYeRSgB1isYC/W6t2wK4xKM3k3iLekIGdZ6B0x+Ct++08mOXzuMeYKPKZ
zlCJsCDnkyKOLVTeuLX4ZTkLdQCxRKI+ihzQMeL/MqGIZUZvpFXUslr154/2
7SDUc8YSnc1h1ILs8fzs1dVwe3fEj1+eDXa2B/vbw4OtF2dX1wN8M4BXjCF0
qyEsCAIuxibPRJgzdj1ThgOqC/KNSE5UIg3PbzVPOxwLkMLlh3Amkqm0UDCl
P3HwJ5bPRM5hk2OYhV+cB+BNAbrTLajYeuWIlz722/Dx453vuEgiBM+r4eP9
bKd8N4B9SVMtkWZ6oSLJY30rs0AvZDaTIurclE5Rn3ZX4FyxXqJght3OZCb5
Uazg6VTGseZGfZR9PsnEFHuQGXimzE2fo3OBekCGKIjkQoWSpzIjHSahRKcE
/5unMGSsYsC8FU9+UCZHvCcyR7/DiJEJmKgI8wLWBufkao4uAyolBwaRMlrX
DDjIW0prjRDBeJ43rEMzJDkGjIgELEBFuDZz+idlHvsPEw2i3sI8slNbVlLY
IAoPs0V8vGReKKTeoh06cfaBBdJcRVEsGXvEz5I805GdCmEleY4hQtHUeQtO
YbZMcz3NRDpb8kz+UagMUJfI28b22FziD2XmDZTxu7uv4OfTs+CYAgT5ZDYJ
D/b29sfKfP484KersjIHS8NFcy/UKQlFaorYoqBa1hpWoCQRCSJiBthRgLEw
gHi3kPxYTSZKBggpQEdjxT6EeVA+QsJDIupiCthiAOpcWs0LbDCg34KQ4mlH
gd/HqKJYLmC7vFIg4K/IZWb47UyBATKZwxS4FJrauGCMjgPIzRVIrScgTSRh
MrsZsHUYC8hNsMI6rYORra6D0zfPLs+Omyq3gAIPMWqafP4M85owU2MMHwhm
mQC6Y25fo/1YFwIB5M6sfQRsuZ6HweaiXuylJW28MnJBi3nDytWcU40Foht0
7aLSk/0DchD3uLM93BtsioYiKhHgL8Kbi1D4AzdideiDgPttK+RBw0rAay9t
/dZqsuGkuGew+1wlOtbTJZr17q62EIL/LGflznUC9va2jqp+AUkpopzMFyIu
0CFwzplUGQc86FBBsrRWMjMIOQycQ0cALYNTwxbRU3XO59A4WdIOS8cEk0Yw
5gagT8PDmYyK2EbMBHhUrloOhgh7xI90AvzCxm2KYLh72rKxkQQnQ4ZieO/i
9dU10iP8z1+8pN+XJ/94fXZ5coy/r04Pz8+rH8z1uDp9+fr8uP5Vjzx6eXFx
8uLYDoZW3mhivYvDNz1CJu+9fHV99vLF4XmvOzKDX49tfM5ScEdQoTCs9AmK
5s+OXv3n3zt7GL8unx8Nd3a+Awjbh4OdJ3vwAFkqsauR5ewjaHjJRJpKkeEs
EBA4RCuVA++DvgD+mb5NOOY30Oa3b1Ezv4/4D+Mw3dn70TWgwI3GUmeNRtLZ
asvKYKvEjqaOZSptNtpbmm7u9/BN47nUu9f4w08xMoxg5+CnH1nbd8ABreO0
/KROH/ALlI1q7ghJrJlqGr7lEhvMCwgkH+9BbJ5gHAbz45oXGhEfnIsccoQM
nlHYgQIkOPFTDLuoUoyX7e/uHJujlR7BXEDZROX2h2kaQ7S2nMPuZH0oakzb
iqgoOxKSFNNDhu5OMruIHaRFBglSdhJAP5HhnkpmNlNTACBrDKmykCuiFJlF
JB4xhEwNlA5iN6Gc+IyeMC9Ew7a8CA3ShFDilPZFBlcatgpXGFLORTaFmqRu
qwaujKtCFgQlY8RUYpRLeCoga4ZgrazPYjtbSNzx3knxt0cz+5igwxnoIGGN
/rG6kbGaaR3hqCYNRc3OBUKSDEExBRN5aXvQ+jiWc9xBwyIqWeh4gSwgllMR
LisqalkshAvL18b6Az6AcnWOZlvDWIn9xGqu7LbA4oAt2JpTCKrPJ9SVAjv0
D+JT0VvrbAxCAiHJZ7ApOYcS28Y9S2yEy1ch4MkQOD1ODmwtSrVCgeFFi+hz
0hPxcKwToGQwZon5p1ov8Kdykhvn2fcxcASoV9bAe8sqrdmIitekijyuEVqQ
5quqnDGlUzW8hpRQzsEaXMnaA2ugh2mvKpTQ64D/ZmCJVCeYy/n97Kjpek5B
lpcQzxQAQco91hkrY5MnWMKer1UpK1UK/MhykU8OS62JoP1KZgsfTdRO1ccn
Xv1lrbLyEz/YHUI1A3U//t7etr/ZCvPCt/uP6567u66nR+Jqiwmn/42BbtkI
c45pMl+ZQHG8goCKZhhgipROVB5iG3867pKvC+Ax8n5MSjCzroroTSUmW19i
es7S542qN8ADKIWHCn3PuerGKrzcKkomkLtwTAw1j2wkEsp1rmKzWGgRwAdw
8m5i69fICMaqTn4PYHpHYHoP7pXjnnXyYKp+IiCgkyZ5XVT6aY2vui28b1aO
bEPlaG3VVS6VjB3MRLScWCaJBoZC+LlQ5BIRGkwnpVe1ZrGr1F0qno/Ts4n6
AJPHMpnS7iPLcZFlglYhVScCJJ8WukD7Pa+DBYhvk3mzpqaDBIxQKoU5clB6
W4gak8wnQrRJT7Wr0wI80L814Co3/bKa8cYwb1HoTA5End3OvZMocOWUrG1l
SIsxwLY8InDaoXMS8hzpA4lVQHKqQt9r0LArV+7vDYaDg8HQUZBSRrcLuyRz
guEau8OAtlvuhqxH2HZDGporF3mM0391cn5+BvT5KDh6ffnrydVTKDWePNk7
KNesxPUlhWWdWZjFFn//OkGYQPoA0V9h6r2U+FQSlvekOxgHgbTSrJ2fQjdV
IO4IbQ02oFQMb6ojhAi4Ei8leWJV5YECoyHBmzLG38xmfGDwFWMMrKUnvlcx
EqT4HdA8CBrArkCCGBDC1YQrqL6FiksRHO0jEewmKV43EebD2rkMRNUaaNaB
vmAP/GziloFS0heMXhMIRLK0cZYjsdK2YMS4nTj90dahNKX1ASZEU2gHyCsh
er6TWabL5UHsZzBdKbd1Cs+KmQYiaWFhCU4dQMiJ63qXrUd8H3lgXBATwXoW
IK0iyqCoYefEDX2xh9rs0aN2DHfRyW/re/BBjLxrhkbUHp6nmXYgWQWXJUR0
cEqdG16MPSCr/Pnnn8yyan5nj/5T8UeBlGn+Dnq8hej1+/f+Czrkole7Q3jz
ubV7S5SuMOp8T5P7vvZwaXzQemKwLxGjnuotoP4vSWPpXVsavDppXxVA6kH2
YOXQWQTSujxXppEKi8YFaNZQB+TbOBq11WCVVEc96JaZvN82LXO7oO4WaB3c
ALG20vyX4FbFZHsQ70fmNtg2hb0NBqsNsv+4aaomIj+vSvI/Qa/ONmslY6uS
1dD6YpFW0NkhWTcM6+Bm8TbpMm/7tNYdZlYXKl0HMDgRXtNVrJATK7RkmHZB
12IZpP0jEYfluRHhS9b8c12l2vevfIydztjp1IP4YmOMo4qQ8Ys496pH24nV
E5PEws8OrbUTKE/Lo7KSjPtHxYP10dpCYlWYlK6drFOsDdWYTxoJtOaJzq03
zeuHxBZtd8cNOmlw9odrvFOqNUml0ck5Q1NTlopG79w8T8kRyi6tl58+8a5B
NfY9H1yRB2rrNt9ep8fdIXOccBOImrpyRcb+XpOorwmsnUhrAqMZWNfZsF08
bAbF2ui7ArYvxEaXXN0poBMaK9rqREfVaxUe3eP8sF/G8y6Z+Icg1BA18XRM
+iI1e7NmAOR0sgcocfWFjSdoJCqBIPYDdPobqOaTwd5KabVho6tAZg/C/QPB
zLrBvIlhhy7cy06O7fTYVGFLG3ydNnzajbMA9Q4+yky3prNlTl1gUhVC6cU7
X8TjHaLtXj1SFv72eJbEcZVXqyS5twiiNHgpp6gIPFA7Ah4B6dviLqvbm59R
4D05XV5Chmllbqo0nHO7a4bVj8WapyRYxUfKhIUxncV1x60KVi1pGi/LFHfP
cZtN9uXp4VFDlsrF3NFiU1Bd5PHqwcJ+ua3ywspdqa+8b237/i3zesvd53EP
uh+nwFjeH7vbtgfdH+O3VUiqwvb9MZ0yep8bdH5j4F+gf9FB/4BvOAvefOnV
eRbcOFjnhziVjSR91m2CLgZZXr2BaDqZts6kWdcnIOUpXvucGF0fr5rdRwBx
+/aG0enOPI1lfUVFNzP2GjEMZUq3AQ/U7cYzZrbujJn/5TNm5l8L2e+/6OKN
DvCruxE98Y1LMc56GmaexJOO4VdAMtCTCbnt2eGLww6X9QXFD5skqGkLApYy
9LUOHlvjZ07w2t6HktOxt+gBV/b4X7pTcIxmOCxb/v51+dni7e3tQIlE2G8i
DX5ZQ+LRl4tVDG0/Dj7gJ4qPmo3BwTd9BtJRhp6W3k/HO1FhbzfbkeUnlDnA
T68unx99d7D3xN5Trx648F+x+BsxPuLXz453+NfbH05PfsOf38DLY0pV9J0e
dVkZjV+wBS9/oZdv4PlSAijmhBdqe0FtAFygXW4VX+/w9oj65/TuiI7oUcb2
B4mOsaJbsbsRN6kIodvTHkEwzHuf1xX5TfmGtXzDLvm6Jvh/idgssa2YXlHE
14iJ12hjEd4gsA/Dm0TfxjKa2i8n70b202MZPe3Rt8Y4AP3cfvBK8e3GMj7b
YtxVJEJ8XOTYsPKVkktMK1ENr8vx3Jyuo5thY1yoOMJPmgbsv/+BBVgALgAA

-->

</rfc>
