rfc9788.original   rfc9788.txt 
LAMPS Working Group D. K. Gillmor Internet Engineering Task Force (IETF) D. K. Gillmor
Internet-Draft American Civil Liberties Union Request for Comments: 9788 American Civil Liberties Union
Updates: 8551 (if approved) B. Hoeneisen Updates: 8551 B. Hoeneisen
Intended status: Standards Track pEp Project Category: Standards Track pEp Project
Expires: 10 July 2025 A. Melnikov ISSN: 2070-1721 A. Melnikov
Isode Ltd Isode Ltd
6 January 2025 June 2025
Header Protection for Cryptographically Protected E-mail Header Protection for Cryptographically Protected Email
draft-ietf-lamps-header-protection-25
Abstract Abstract
S/MIME version 3.1 introduced a mechanism to provide end-to-end S/MIME version 3.1 introduced a mechanism to provide end-to-end
cryptographic protection of e-mail message headers. However, few cryptographic protection of email message headers. However, few
implementations generate messages using this mechanism, and several implementations generate messages using this mechanism, and several
legacy implementations have revealed rendering or security issues legacy implementations have revealed rendering or security issues
when handling such a message. when handling such a message.
This document updates the S/MIME specification (RFC8551) to offer a This document updates the S/MIME specification (RFC 8551) to offer a
different mechanism that provides the same cryptographic protections different mechanism that provides the same cryptographic protections
but with fewer downsides when handled by legacy clients. but with fewer downsides when handled by legacy clients.
Furthermore, it offers more explicit usability, privacy, and security Furthermore, it offers more explicit usability, privacy, and security
guidance for clients when generating or handling e-mail messages with guidance for clients when generating or handling email messages with
cryptographic protection of message headers. cryptographic protection of message headers.
The Header Protection scheme defined here is also applicable to The Header Protection scheme defined here is also applicable to
messages with PGP/MIME cryptographic protections. messages with PGP/MIME (Pretty Good Privacy with MIME) cryptographic
protections.
About This Document
This note is to be removed before publishing as an RFC.
The latest revision of this draft can be found at
https://dkg.gitlab.io/lamps-header-protection/. Status information
for this document may be found at https://datatracker.ietf.org/doc/
draft-ietf-lamps-header-protection/.
Discussion of this document takes place on the LAMPS Working Group
mailing list (mailto:spasm@ietf.org), which is archived at
https://mailarchive.ietf.org/arch/browse/spasm/. Subscribe at
https://www.ietf.org/mailman/listinfo/spasm/.
Source for this draft and an issue tracker can be found at
https://gitlab.com/dkg/lamps-header-protection.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on 10 July 2025. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9788.
Copyright Notice Copyright Notice
Copyright (c) 2025 IETF Trust and the persons identified as the Copyright (c) 2025 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. Code Components carefully, as they describe your rights and restrictions with respect
extracted from this document must include Revised BSD License text as to this document. Code Components extracted from this document must
described in Section 4.e of the Trust Legal Provisions and are include Revised BSD License text as described in Section 4.e of the
provided without warranty as described in the Revised BSD License. Trust Legal Provisions and are provided without warranty as described
in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 7 1. Introduction
1.1. Update to RFC 8551 . . . . . . . . . . . . . . . . . . . 7 1.1. Update to RFC 8551
1.1.1. Problems with RFC 8551 Header Protection . . . . . . 8 1.1.1. Problems with RFC 8551 Header Protection
1.2. Risks of Header Protection for Legacy MUA Recipients . . 9 1.2. Risks of Header Protection for Legacy MUA Recipients
1.3. Motivation . . . . . . . . . . . . . . . . . . . . . . . 10 1.3. Motivation
1.3.1. Backward Compatibility . . . . . . . . . . . . . . . 10 1.3.1. Backward Compatibility
1.3.2. Deliverability . . . . . . . . . . . . . . . . . . . 11 1.3.2. Deliverability
1.4. Other Protocols to Protect E-Mail Header Fields . . . . . 11 1.4. Other Protocols to Protect Email Header Fields
1.5. Applicability to PGP/MIME . . . . . . . . . . . . . . . . 12 1.5. Applicability to PGP/MIME
1.6. Requirements Language . . . . . . . . . . . . . . . . . . 12 1.6. Requirements Language
1.7. Terms . . . . . . . . . . . . . . . . . . . . . . . . . . 12 1.7. Terms
1.8. Document Scope . . . . . . . . . . . . . . . . . . . . . 14 1.8. Document Scope
1.8.1. In Scope . . . . . . . . . . . . . . . . . . . . . . 14 1.8.1. In Scope
1.8.2. Out of Scope . . . . . . . . . . . . . . . . . . . . 15 1.8.2. Out of Scope
1.9. Example . . . . . . . . . . . . . . . . . . . . . . . . . 15 1.9. Example
2. Internet Message Format Extensions
2. Internet Message Format Extensions . . . . . . . . . . . . . 18 2.1. Content-Type Parameters
2.1. Content-Type parameters . . . . . . . . . . . . . . . . . 18 2.1.1. Content-Type Parameter: hp
2.1.1. Content-Type parameter: hp . . . . . . . . . . . . . 18 2.1.2. Content-Type Parameter: hp-legacy-display
2.1.2. Content-Type parameter: hp-legacy-display . . . . . . 19 2.2. HP-Outer Header Field
2.2. The HP-Outer Header Field . . . . . . . . . . . . . . . . 19 2.2.1. HP-Outer Header Field Definition
2.2.1. HP-Outer Header Field Definition . . . . . . . . . . 21 3. Header Confidentiality Policy
3. Header Confidentiality Policy . . . . . . . . . . . . . . . . 21 3.1. HCP Definition
3.1. HCP Definition . . . . . . . . . . . . . . . . . . . . . 22 3.1.1. HCP Avoids Changing addr-spec of From Header Field
3.1.1. HCP Avoids Changing From addr-spec . . . . . . . . . 23 3.2. Initial Registered HCPs
3.2. Initial Registered HCPs . . . . . . . . . . . . . . . . . 23 3.2.1. Baseline Header Confidentiality Policy
3.2.1. Baseline Header Confidentiality Policy . . . . . . . 23 3.2.2. Shy Header Confidentiality Policy
3.2.2. Shy Header Confidentiality Policy . . . . . . . . . . 24 3.2.3. No Header Confidentiality Policy
3.2.3. No Header Confidentiality Policy . . . . . . . . . . 25 3.3. Default Header Confidentiality Policy
3.3. Default Header Confidentiality Policy . . . . . . . . . . 25 3.4. HCP Evolution
3.4. HCP Evolution . . . . . . . . . . . . . . . . . . . . . . 25 3.4.1. Offering More Ambitious Header Confidentiality
3.4.1. Offering More Ambitious Header Confidentiality . . . 26
3.4.2. Expert Guidance for Registering Header Confidentiality 3.4.2. Expert Guidance for Registering Header Confidentiality
Policies . . . . . . . . . . . . . . . . . . . . . . 26 Policies
4. Receiving Guidance . . . . . . . . . . . . . . . . . . . . . 27 4. Receiving Guidance
4.1. Identifying that a Message has Header Protection . . . . 28 4.1. Identifying That a Message Has Header Protection
4.2. Extracting Protected and Unprotected ("Outer") Header 4.2. Extracting Protected and Unprotected ("Outer") Header
Fields . . . . . . . . . . . . . . . . . . . . . . . . . 28 Fields
4.2.1. HeaderSetsFromMessage . . . . . . . . . . . . . . . . 28 4.2.1. HeaderSetsFromMessage
4.3. Updating the Cryptographic Summary . . . . . . . . . . . 29 4.3. Updating the Cryptographic Summary
4.3.1. HeaderFieldProtection . . . . . . . . . . . . . . . . 30 4.3.1. HeaderFieldProtection
4.4. Handling Mismatch of From Header Fields . . . . . . . . . 31 4.4. Handling Mismatch of From Header Fields
4.4.1. Definitions . . . . . . . . . . . . . . . . . . . . . 31 4.4.1. Definitions
4.4.2. Warning for From Header Field Mismatch . . . . . . . 32 4.4.2. Warning for From Header Field Mismatch
4.4.3. From Header Field Rendering . . . . . . . . . . . . . 33 4.4.3. From Header Field Rendering
4.4.4. Handling Protected From Header Field when 4.4.4. Handling the Protected From Header Field When
Responding . . . . . . . . . . . . . . . . . . . . . 33 Responding
4.4.5. Matching addr-specs . . . . . . . . . . . . . . . . . 33 4.4.5. Matching addr-specs
4.5. Rendering a Message with Header Protection . . . . . . . 34 4.5. Rendering a Message with Header Protection
4.5.1. Example Signed-only Message . . . . . . . . . . . . . 34 4.5.1. Example Signed-Only Message
4.5.2. Example Signed-and-Encrypted Message . . . . . . . . 35 4.5.2. Example Signed-and-Encrypted Message
4.5.3. Do Not Render Legacy Display Elements . . . . . . . . 36 4.5.3. Do Not Render Legacy Display Elements
4.6. Implicitly rendered Header Fields . . . . . . . . . . . . 37 4.6. Implicitly Rendered Header Fields
4.7. Handling Undecryptable Messages . . . . . . . . . . . . . 37 4.7. Handling Undecryptable Messages
4.8. Guidance for Automated Message Handling . . . . . . . . . 39 4.8. Guidance for Automated Message Handling
4.8.1. Interpret Only Protected Header Fields . . . . . . . 39 4.8.1. Only Interpret Protected Header Fields
4.8.2. Ignore Legacy Display Elements . . . . . . . . . . . 39 4.8.2. Ignore Legacy Display Elements
4.9. Affordances for Debugging and Troubleshooting . . . . . . 40 4.9. Affordances for Debugging and Troubleshooting
4.10. Handling RFC8551HP Messages (Backward Compatibility) . . 40 4.10. Handling RFC8551HP Messages (Backward Compatibility)
4.10.1. Identifying an RFC8551HP Message . . . . . . . . . . 41 4.10.1. Identifying an RFC8551HP Message
4.10.2. Rendering or Responding to an RFC8551HP message . . 42 4.10.2. Rendering or Responding to an RFC8551HP Message
4.11. Rendering Other Schemes . . . . . . . . . . . . . . . . . 42 4.11. Rendering Other Schemes
5. Sending Guidance . . . . . . . . . . . . . . . . . . . . . . 43 5. Sending Guidance
5.1. Composing a Cryptographically Protected Message Without 5.1. Composing a Cryptographically Protected Message Without
Header Protection . . . . . . . . . . . . . . . . . . . . 43 Header Protection
5.1.1. ComposeNoHeaderProtection . . . . . . . . . . . . . . 44 5.1.1. ComposeNoHeaderProtection
5.2. Composing a Message with Header Protection . . . . . . . 44 5.2. Composing a Message with Header Protection
5.2.1. Compose . . . . . . . . . . . . . . . . . . . . . . . 45 5.2.1. Compose
5.2.2. Adding a Legacy Display Element to a text/plain 5.2.2. Adding a Legacy Display Element to a text/plain Part
Part . . . . . . . . . . . . . . . . . . . . . . . . 47 5.2.3. Adding a Legacy Display Element to a text/html Part
5.2.3. Adding a Legacy Display Element to a text/html 5.2.4. Only Add a Legacy Display Element to Main Body Parts
Part . . . . . . . . . . . . . . . . . . . . . . . . 48
5.2.4. Only Add a Legacy Display Element to Main Body
Parts . . . . . . . . . . . . . . . . . . . . . . . . 50
5.2.5. Do Not Add a Legacy Display Element to Other 5.2.5. Do Not Add a Legacy Display Element to Other
Content-Types . . . . . . . . . . . . . . . . . . . . 50 Content-Types
6. Replying and Forwarding Guidance . . . . . . . . . . . . . . 50 6. Replying and Forwarding Guidance
6.1. Avoid Leaking Encrypted Header Fields in Replies and 6.1. Avoid Leaking Encrypted Header Fields in Replies and
Forwards . . . . . . . . . . . . . . . . . . . . . . . . 51 Forwards
6.1.1. ReferenceHCP . . . . . . . . . . . . . . . . . . . . 52 6.1.1. ReferenceHCP
6.2. Avoid Misdirected Replies . . . . . . . . . . . . . . . . 54 6.2. Avoid Misdirected Replies
7. Unprotected Header Fields Added in Transit . . . . . . . . . 54 7. Unprotected Header Fields Added in Transit
7.1. Mailing list Header Fields: List-* and Archived-At . . . 55 7.1. Mailing List Header Fields: List-* and Archived-At
8. E-mail Ecosystem Evolution . . . . . . . . . . . . . . . . . 55 8. Email Ecosystem Evolution
8.1. Dropping Legacy Display Elements . . . . . . . . . . . . 56 8.1. Dropping Legacy Display Elements
8.2. More Ambitious Default Header Confidentiality Policy . . 56 8.2. More Ambitious Default HCP
8.3. Deprecation of Messages Without Header Protection . . . . 57 8.3. Deprecation of Messages Without Header Protection
9. Usability Considerations . . . . . . . . . . . . . . . . . . 58 9. Usability Considerations
9.1. Mixed Protections Within a Message Are Hard To 9.1. Mixed Protections Within a Message Are Hard to Understand
Understand . . . . . . . . . . . . . . . . . . . . . . . 58 9.2. Users Should Not Have to Choose a Header Confidentiality
9.2. Users Should Not Have To Choose a Header Confidentiality Policy
Policy . . . . . . . . . . . . . . . . . . . . . . . . . 59 10. Security Considerations
10. Security Considerations . . . . . . . . . . . . . . . . . . . 60 10.1. From Address Spoofing
10.1. From Address Spoofing . . . . . . . . . . . . . . . . . 60 10.1.1. From Rendering Reasoning
10.1.1. From Rendering Reasoning . . . . . . . . . . . . . . 61 10.2. Avoid Cryptographic Summary Confusion from the hp
10.2. Avoid Cryptographic Summary Confusion from hp Parameter
Parameter . . . . . . . . . . . . . . . . . . . . . . . 63 10.3. Caution About Composing with Legacy Display Elements
10.3. Caution about Composing with Legacy Display Elements . . 64 10.4. Plaintext Attacks
10.4. Plaintext Attacks . . . . . . . . . . . . . . . . . . . 65 11. Privacy Considerations
11. Privacy Considerations . . . . . . . . . . . . . . . . . . . 66 11.1. Leaks When Replying
11.1. Leaks When Replying . . . . . . . . . . . . . . . . . . 66 11.2. Encrypted Header Fields Are Not Always Private
11.2. Encrypted Header Fields Are Not Always Private . . . . . 66
11.2.1. Encrypted Header Fields Can Leak Unwanted Information 11.2.1. Encrypted Header Fields Can Leak Unwanted Information
to the Recipient . . . . . . . . . . . . . . . . . . 66 to the Recipient
11.2.2. Encrypted Header Fields Can Be Inferred From External 11.2.2. Encrypted Header Fields Can Be Inferred from External
or Internal Metadata . . . . . . . . . . . . . . . . 67 or Internal Metadata
11.2.3. Encrypted Header Fields May Not Be Fully Masked by 11.2.3. Encrypted Header Fields May Not Be Fully Masked by HCP
HCP . . . . . . . . . . . . . . . . . . . . . . . . . 67
11.3. A Naive Recipient May Overestimate the Cryptographic 11.3. A Naive Recipient May Overestimate the Cryptographic
Status of a Header Field in an Encrypted Message . . . . 68 Status of a Header Field in an Encrypted Message
11.4. Privacy and Deliverability Risks with Bcc and Encrypted 11.4. Privacy and Deliverability Risks with Bcc and Encrypted
Messages . . . . . . . . . . . . . . . . . . . . . . . . 69 Messages
12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 69 12. IANA Considerations
12.1. Register the HP-Outer Header Field . . . . . . . . . . . 69 12.1. Registration of the HP-Outer Header Field
12.2. Update Reference for Content-Type Header Field due to hp 12.2. Reference Update for the Content-Type Header Field
and hp-legacy-display Parameters . . . . . . . . . . . . 70 12.3. New Mail Header Confidentiality Policies Registry
12.3. New Registry: Mail Header Confidentiality Policies . . . 71 13. References
13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 72 13.1. Normative References
14. References . . . . . . . . . . . . . . . . . . . . . . . . . 72 13.2. Informative References
14.1. Normative References . . . . . . . . . . . . . . . . . . 72 Appendix A. Table of Pseudocode Listings
14.2. Informative References . . . . . . . . . . . . . . . . . 73 Appendix B. Possible Problems with Legacy MUAs
Appendix A. Table of Pseudocode Listings . . . . . . . . . . . . 76 B.1. Problems Viewing Messages in a List View
Appendix B. Possible Problems with Legacy MUAs . . . . . . . . . 77 B.2. Problems When Rendering a Message
B.1. Problems Viewing Messages in a List View . . . . . . . . 78 B.3. Problems When Replying to a Message
B.2. Problems when Rendering a Message . . . . . . . . . . . . 78 Appendix C. Test Vectors
B.3. Problems when Replying to a Message . . . . . . . . . . . 79 C.1. Baseline Messages
Appendix C. Test Vectors . . . . . . . . . . . . . . . . . . . . 80 C.1.1. No Cryptographic Protections over a Simple Message
C.1. Baseline Messages . . . . . . . . . . . . . . . . . . . . 80 C.1.2. S/MIME Signed-Only signedData over a Simple Message, No
C.1.1. No Cryptographic Protections Over a Simple Message . 80 Header Protection
C.1.2. S/MIME Signed-only signedData Over a Simple Message, No C.1.3. S/MIME Signed-Only multipart/signed over a Simple
Header Protection . . . . . . . . . . . . . . . . . . 81 Message, No Header Protection
C.1.3. S/MIME Signed-only multipart/signed Over a Simple C.1.4. S/MIME Signed-and-Encrypted over a Simple Message, No
Message, No Header Protection . . . . . . . . . . . . 83 Header Protection
C.1.4. S/MIME Signed and Encrypted Over a Simple Message, No C.1.5. No Cryptographic Protections over a Complex Message
Header Protection . . . . . . . . . . . . . . . . . . 85 C.1.6. S/MIME Signed-Only signedData over a Complex Message,
C.1.5. No Cryptographic Protections Over a Complex No Header Protection
Message . . . . . . . . . . . . . . . . . . . . . . . 90 C.1.7. S/MIME Signed-Only multipart/signed over a Complex
C.1.6. S/MIME Signed-only signedData Over a Complex Message, Message, No Header Protection
No Header Protection . . . . . . . . . . . . . . . . 92 C.1.8. S/MIME Signed-and-Encrypted over a Complex Message, No
C.1.7. S/MIME Signed-only multipart/signed Over a Complex Header Protection
Message, No Header Protection . . . . . . . . . . . . 95 C.2. Signed-Only Messages
C.1.8. S/MIME Signed and Encrypted Over a Complex Message, No C.2.1. S/MIME Signed-Only signedData over a Simple Message,
Header Protection . . . . . . . . . . . . . . . . . . 98 Header Protection
C.2. Signed-only Messages . . . . . . . . . . . . . . . . . . 105 C.2.2. S/MIME Signed-Only multipart/signed over a Simple
C.2.1. S/MIME Signed-only signedData Over a Simple Message, Message, Header Protection
Header Protection . . . . . . . . . . . . . . . . . . 105 C.2.3. S/MIME Signed-Only signedData over a Complex Message,
C.2.2. S/MIME Signed-only multipart/signed Over a Simple Header Protection
Message, Header Protection . . . . . . . . . . . . . 107 C.2.4. S/MIME Signed-Only multipart/signed over a Complex
C.2.3. S/MIME Signed-only signedData Over a Complex Message, Message, Header Protection
Header Protection . . . . . . . . . . . . . . . . . . 110 C.2.5. S/MIME Signed-Only signedData over a Complex Message,
C.2.4. S/MIME Signed-only multipart/signed Over a Complex Legacy RFC 8551 Header Protection
Message, Header Protection . . . . . . . . . . . . . 113 C.2.6. S/MIME Signed-Only multipart/signed over a Complex
C.2.5. S/MIME Signed-only signedData Over a Complex Message, Message, Legacy RFC 8551 Header Protection
Legacy RFC 8551 Header Protection . . . . . . . . . . 117 C.3. Signed-and-Encrypted Messages
C.2.6. S/MIME Signed-only multipart/signed Over a Complex C.3.1. S/MIME Signed-and-Encrypted over a Simple Message,
Message, Legacy RFC 8551 Header Protection . . . . . 121 Header Protection with hcp_baseline
C.3. Signed-and-Encrypted Messages . . . . . . . . . . . . . . 124 C.3.2. S/MIME Signed-and-Encrypted over a Simple Message,
C.3.1. S/MIME Signed and Encrypted Over a Simple Message, Header Protection with hcp_baseline (+ Legacy Display)
Header Protection With hcp_baseline . . . . . . . . . 124 C.3.3. S/MIME Signed-and-Encrypted over a Simple Message,
C.3.2. S/MIME Signed and Encrypted Over a Simple Message, Header Protection with hcp_shy
Header Protection With hcp_baseline (+ Legacy C.3.4. S/MIME Signed-and-Encrypted over a Simple Message,
Display) . . . . . . . . . . . . . . . . . . . . . . 130 Header Protection with hcp_shy (+ Legacy Display)
C.3.3. S/MIME Signed and Encrypted Over a Simple Message, C.3.5. S/MIME Signed-and-Encrypted Reply over a Simple
Header Protection With hcp_shy . . . . . . . . . . . 135 Message, Header Protection with hcp_baseline
C.3.4. S/MIME Signed and Encrypted Over a Simple Message, C.3.6. S/MIME Signed-and-Encrypted Reply over a Simple
Header Protection With hcp_shy (+ Legacy Display) . . 141 Message, Header Protection with hcp_baseline (+ Legacy
C.3.5. S/MIME Signed and Encrypted Reply Over a Simple Display)
Message, Header Protection With hcp_baseline . . . . 147 C.3.7. S/MIME Signed-and-Encrypted Reply over a Simple
C.3.6. S/MIME Signed and Encrypted Reply Over a Simple Message, Header Protection with hcp_shy
Message, Header Protection With hcp_baseline (+ Legacy C.3.8. S/MIME Signed-and-Encrypted Reply over a Simple
Display) . . . . . . . . . . . . . . . . . . . . . . 153 Message, Header Protection with hcp_shy (+ Legacy
C.3.7. S/MIME Signed and Encrypted Reply Over a Simple Display)
Message, Header Protection With hcp_shy . . . . . . . 160 C.3.9. S/MIME Signed-and-Encrypted over a Complex Message,
C.3.8. S/MIME Signed and Encrypted Reply Over a Simple Header Protection with hcp_baseline
Message, Header Protection With hcp_shy (+ Legacy C.3.10. S/MIME Signed-and-Encrypted over a Complex Message,
Display) . . . . . . . . . . . . . . . . . . . . . . 166 Header Protection with hcp_baseline (+ Legacy Display)
C.3.9. S/MIME Signed and Encrypted Over a Complex Message, C.3.11. S/MIME Signed-and-Encrypted over a Complex Message,
Header Protection With hcp_baseline . . . . . . . . . 174 Header Protection with hcp_shy
C.3.10. S/MIME Signed and Encrypted Over a Complex Message, C.3.12. S/MIME Signed-and-Encrypted over a Complex Message,
Header Protection With hcp_baseline (+ Legacy Header Protection with hcp_shy (+ Legacy Display)
Display) . . . . . . . . . . . . . . . . . . . . . . 181 C.3.13. S/MIME Signed-and-Encrypted Reply over a Complex
C.3.11. S/MIME Signed and Encrypted Over a Complex Message, Message, Header Protection with hcp_baseline
Header Protection With hcp_shy . . . . . . . . . . . 190 C.3.14. S/MIME Signed-and-Encrypted Reply over a Complex
C.3.12. S/MIME Signed and Encrypted Over a Complex Message, Message, Header Protection with hcp_baseline (+ Legacy
Header Protection With hcp_shy (+ Legacy Display) . . 197 Display)
C.3.13. S/MIME Signed and Encrypted Reply Over a Complex C.3.15. S/MIME Signed-and-Encrypted Reply over a Complex
Message, Header Protection With hcp_baseline . . . . 206 Message, Header Protection with hcp_shy
C.3.14. S/MIME Signed and Encrypted Reply Over a Complex C.3.16. S/MIME Signed-and-Encrypted Reply over a Complex
Message, Header Protection With hcp_baseline (+ Legacy Message, Header Protection with hcp_shy (+ Legacy
Display) . . . . . . . . . . . . . . . . . . . . . . 214 Display)
C.3.15. S/MIME Signed and Encrypted Reply Over a Complex C.3.17. S/MIME Signed-and-Encrypted over a Complex Message,
Message, Header Protection With hcp_shy . . . . . . . 223 Legacy RFC 8551 Header Protection with hcp_baseline
C.3.16. S/MIME Signed and Encrypted Reply Over a Complex Appendix D. Composition Examples
Message, Header Protection With hcp_shy (+ Legacy D.1. New Message Composition
Display) . . . . . . . . . . . . . . . . . . . . . . 231 D.1.1. Unprotected Message
C.3.17. S/MIME Signed and Encrypted Over a Complex Message, D.1.2. Encrypted with hcp_baseline and Legacy Display
Legacy RFC 8551 Header Protection With hcp_baseline . 240 D.2. Composing a Reply
Appendix D. Composition Examples . . . . . . . . . . . . . . . . 248 D.2.1. Unprotected Message
D.1. New message composition . . . . . . . . . . . . . . . . . 248
D.1.1. Unprotected message . . . . . . . . . . . . . . . . . 249
D.1.2. Encrypted with hcp_baseline and Legacy Display . . . 249
D.2. Composing a Reply . . . . . . . . . . . . . . . . . . . . 251
D.2.1. Unprotected message . . . . . . . . . . . . . . . . . 252
D.2.2. Encrypted with hcp_no_confidentiality and Legacy D.2.2. Encrypted with hcp_no_confidentiality and Legacy
Display . . . . . . . . . . . . . . . . . . . . . . . 253 Display
Appendix E. Rendering Examples
Appendix E. Rendering Examples . . . . . . . . . . . . . . . . . 257
E.1. Example text/plain Cryptographic Payload with Legacy E.1. Example text/plain Cryptographic Payload with Legacy
Display Elements . . . . . . . . . . . . . . . . . . . . 257 Display Elements
E.2. Example text/html Cryptographic Payload with Legacy Display E.2. Example text/html Cryptographic Payload with Legacy Display
Elements . . . . . . . . . . . . . . . . . . . . . . . . 258 Elements
Appendix F. Other Header Protection Schemes . . . . . . . . . . 260 Appendix F. Other Header Protection Schemes
F.1. Original RFC 8551 Header Protection . . . . . . . . . . . 260 F.1. Original RFC 8551 Header Protection
F.2. Pretty Easy Privacy (pEp) . . . . . . . . . . . . . . . . 260 F.2. Pretty Easy Privacy (pEp)
F.3. "draft-autocrypt" Protected Headers . . . . . . . . . . . 261 F.3. "draft-autocrypt" Protected Headers
Appendix G. Document Changelog . . . . . . . . . . . . . . . . . 261 Acknowledgements
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267 Authors' Addresses
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 269
1. Introduction 1. Introduction
Privacy and security issues regarding e-mail Header Protection in S/ Privacy and security issues regarding email Header Protection in S/
MIME and PGP/MIME have been identified for some time. Most current MIME and PGP/MIME have been identified for some time. Most current
implementations of cryptographically protected electronic mail implementations of cryptographically protected email protect only the
protect only the body of the message, which leaves significant room Body of the message, which leaves significant room for attacks
for attacks against otherwise-protected messages. For example, lack against otherwise-protected messages. For example, lack of Header
of Header Protection allows an attacker to substitute the message Protection allows an attacker to substitute the message subject and/
subject and/or author. or author.
This document describes how to cryptographically protect message This document describes how to cryptographically protect message
headers, and provides guidance for the implementer of a Mail User headers and provides guidance for the implementer of a Mail User
Agent (MUA) that generates, interprets, and replies to such a Agent (MUA) that generates, interprets, and replies to such a
message. It uses the term "Legacy MUA" to refer to an MUA that does message. It uses the term "Legacy MUA" to refer to an MUA that does
not implement this specification. This document takes particular not implement this specification. This document takes particular
care to ensure that messages interact reasonably well with Legacy care to ensure that messages interact reasonably well with Legacy
MUAs. MUAs.
1.1. Update to RFC 8551 1.1. Update to RFC 8551
An older scheme for Header Protection was specified in S/MIME 3.1 An older scheme for Header Protection was specified in S/MIME 3.1
([RFC8551]), which involves wrapping a message/rfc822 MIME object [RFC8551], which involves wrapping a message/rfc822 MIME object with
with a Cryptographic Envelope around the message to protect. This a Cryptographic Envelope around the message to protect it. This
document refers to that scheme as RFC 8551 Header Protection, or document refers to that scheme as "RFC 8551 Header Protection", or
"RFC8551HP". Substantial testing has shown that RFC8551HP does not "RFC8551HP". Substantial testing has shown that RFC8551HP does not
interact well with some Legacy MUAs (see Section 1.1.1). interact well with some Legacy MUAs (see Section 1.1.1).
This specification supersedes RFC8551HP, effectively replacing the This specification supersedes RFC8551HP, effectively replacing the
final two paragraphs of Section 3.1 of [RFC8551]. final two paragraphs of Section 3.1 of [RFC8551].
In this specification, all Header Fields gain end-to-end In this specification, all Header Fields gain end-to-end
cryptographic integrity and authenticity by being copied directly cryptographic integrity and authenticity by being copied directly
into the Cryptographic Payload without using an intervening message/ into the Cryptographic Payload without using an intervening message/
rfc822 MIME object. In an encrypted message, some Header Fields can rfc822 MIME object. In an encrypted message, some Header Fields can
also be made confidential by removing or obscuring them from the also be made confidential by removing or obscuring them from the
outer Header Section. Outer Header Section.
This specification also offers substantial security, privacy, and This specification also offers substantial security, privacy, and
usability guidance for sending and receiving MUAs that was not usability guidance for sending and receiving MUAs that was not
considered in RFC 8551. considered in [RFC8551].
1.1.1. Problems with RFC 8551 Header Protection 1.1.1. Problems with RFC 8551 Header Protection
Several Legacy MUAs have difficulty rendering a message that uses Several Legacy MUAs have difficulty rendering a message that uses
RFC8551HP. These problems can appear on signed-only messages, as RFC8551HP. These problems can appear on signed-only messages, as
well as signed-and-encrypted messages. well as signed-and-encrypted messages.
In some cases, some mail user agents cannot render message/rfc822 In some cases, some MUAs cannot render message/rfc822 message
message subparts at all, in violation of baseline MIME requirements subparts at all, which is in violation of baseline MIME requirements
as defined on page 5 of [RFC2049]. A message using RFC8551HP is as defined in requirement 6 of Section 2 of [RFC2049]. A message
unreadable by any recipient using such an MUA. using RFC8551HP is unreadable by any recipient using such an MUA.
In other cases, the user sees an attachment suggesting a forwarded In other cases, the user sees an attachment suggesting a forwarded
e-mail message, which -- in fact -- contains the protected e-mail email message that -- in fact -- contains the protected email message
message that should be rendered directly. In most of these cases, that should be rendered directly. In most of these cases, the user
the user can click on the attachment to view the protected message. can click on the attachment to view the protected message.
However, viewing the protected message as an attachment in isolation However, viewing the protected message as an attachment in isolation
may strip it of any security indications, leaving the user unable to may strip it of any security indications, leaving the user unable to
assess the cryptographic properties of the message. Worse, for assess the cryptographic properties of the message. Worse, for
encrypted messages, interacting with the protected message in encrypted messages, interacting with the protected message in
isolation may leak contents of the cleartext, for example, if the isolation may leak contents of the cleartext, for example, if the
reply is not also encrypted. reply is not also encrypted.
Furthermore, RFC8551HP lacks any discussion of the following points, Furthermore, RFC8551HP lacks any discussion of the following points,
all of which are provided in this specification: all of which are provided in this specification:
skipping to change at page 9, line 6 skipping to change at line 346
integrity and authenticity protections (this specification integrity and authenticity protections (this specification
mandates protection of all Header Fields that the sending MUA mandates protection of all Header Fields that the sending MUA
knows about). knows about).
* How to securely indicate the sender's intent to offer Header * How to securely indicate the sender's intent to offer Header
Protection and encryption, which lets a receiving MUA detect Protection and encryption, which lets a receiving MUA detect
messages whose cryptographic properties may have been modified in messages whose cryptographic properties may have been modified in
transit (see Section 2.1.1). transit (see Section 2.1.1).
* Which Header Fields should be given end-to-end cryptographic * Which Header Fields should be given end-to-end cryptographic
confidentiality protections in an encrypted message, and how (see confidentiality protections in an encrypted message and how (see
Section 3). Section 3).
* How to securely indicate the sender's choices about which Header * How to securely indicate the sender's choices about which Header
Fields were made confidential, which lets a receiving MUA reply or Fields were made confidential, which lets a receiving MUA reply or
forward an encrypted message safely without accidentally leaking forward an encrypted message safely without accidentally leaking
confidential material (see Section 2.2). confidential material (see Section 2.2).
These stumbling blocks with Legacy MUAs, missing mechanisms, and These stumbling blocks with Legacy MUAs, missing mechanisms, and
missing guidance create a strong disincentive for existing MUAs to missing guidance create a strong disincentive for existing MUAs to
generate messages using RFC8551HP. Because few messages have been generate messages using RFC8551HP. Because few messages have been
produced, there has been little incentive for those MUAs capable of produced, there has been little incentive for those MUAs capable of
upgrading to bother interpreting them better. upgrading to bother interpreting them better.
In contrast, the mechanisms defined here are safe to adopt and In contrast, the mechanisms defined here are safe to adopt and
produce messages with very few problems for Legacy MUAs. And, produce messages with very few problems for Legacy MUAs. And
Section 4.10 provides useful guidance for rendering and replying to Section 4.10 provides useful guidance for rendering and replying to
RFC8551HP messages. RFC8551HP messages.
1.2. Risks of Header Protection for Legacy MUA Recipients 1.2. Risks of Header Protection for Legacy MUA Recipients
Producing a signed-only message using this specification is risk- Producing a signed-only message using this specification is risk
free. Such a message will render in the same way on any Legacy MUA free. Such a message will render in the same way on any Legacy MUA
as a Legacy Signed Message (that is, a signed message without Header as a Legacy Signed Message (that is, a signed message without Header
Protection). An MUA conformant to this specification that encounters Protection). An MUA conformant to this specification that encounters
such a message will be able to gain the benefits of end-to-end such a message will be able to gain the benefits of end-to-end
cryptographic integrity and authenticity for all Header Fields. cryptographic integrity and authenticity for all Header Fields.
An encrypted message produced according to this specification that An encrypted message produced according to this specification that
has some user-facing Header Fields removed or obscured may not render has some User-Facing Header Fields removed or obscured may not render
as desired in a Legacy MUA. In particular, those Header Fields that as desired in a Legacy MUA. In particular, those Header Fields that
were made confidential will not be visible to the user of a Legacy were made confidential will not be visible to the user of a Legacy
MUA. For example, if the Subject Header Field outside the MUA. For example, if the Subject Header Field outside the
Cryptographic Envelope is replaced with [...], a Legacy MUA will Cryptographic Envelope is replaced with [...], a Legacy MUA will
render the [...] anywhere the Subject is normally seen. This is the render the [...] anywhere the Subject is normally seen. This is the
only risk of producing an encrypted message according to this only risk of producing an encrypted message according to this
specification. specification.
A workaround "Legacy Display" mechanism is provided in this A workaround "Legacy Display" mechanism is provided in this
specification (see Section 2.1.2). Legacy MUAs will render "Legacy specification (see Section 2.1.2). Legacy MUAs will render "Legacy
Display Elements" to the user, albeit not in the same location that Display Elements" to the user, albeit not in the same location that
the Header Fields would normally be rendered. the Header Fields would normally be rendered.
Alternately, if the sender of an encrypted message is particularly Alternately, if the sender of an encrypted message is particularly
concerned about the experience of a recipient using a Legacy MUA, and concerned about the experience of a recipient using a Legacy MUA, and
they are willing to accept leaking the user-facing Header Fields, they are willing to accept leaking the User-Facing Header Fields,
they can simply adopt the No Header Confidentiality Policy (see they can simply adopt the No Header Confidentiality Policy (see
Section 3.2.3). A signed and encrypted message composed using the No Section 3.2.3). A signed-and-encrypted message composed using the No
Header Confidentiality Policy offers no usability risk for a reader Header Confidentiality Policy offers no usability risk for a reader
using a Legacy MUA, and retains end-to-end cryptographic integrity using a Legacy MUA and retains end-to-end cryptographic integrity and
and authenticity properties for all Header Fields for any reader authenticity properties for all Header Fields for any reader using a
using a conformant MUA. Of course, such a message has the same (non- conformant MUA. Of course, such a message has the same (non-
existent) confidentiality properties for all Header Fields as a existent) confidentiality properties for all Header Fields as a
Legacy Encrypted Message (that is, an encrypted message made without Legacy Encrypted Message (that is, an encrypted message made without
Header Protection). Header Protection).
1.3. Motivation 1.3. Motivation
Users generally do not understand the distinction between message Ordinary Users generally do not understand the distinction between
body and message header. When an e-mail message has cryptographic email message Body and Header Section. When an email message has
protections that cover the message body, but not the Header Fields, cryptographic protections that cover the message Body but not the
several attacks become possible. Header Fields, several attacks become possible.
For example, a Legacy Signed Message has a signature that covers the For example, a Legacy Signed Message has a signature that covers the
body but not the Header Fields. An attacker can therefore modify the Body but not the Header Fields. An attacker can therefore modify the
Header Fields (including the Subject header) without invalidating the Header Fields (including Subject) without invalidating the signature.
signature. Since most readers consider a message body in the context Since most readers consider a message Body in the context of the
of the message's Subject header, the meaning of the message itself message's Subject, the meaning of the message itself could change
could change drastically (under the attacker's control) while still drastically (under the attacker's control) while still retaining the
retaining the same cryptographic indicators of integrity and same cryptographic indicators of integrity and authenticity.
authenticity.
In another example, a Legacy Encrypted Message has its body In another example, a Legacy Encrypted Message has its Body
effectively hidden from an adversary that snoops on the message. But effectively hidden from an adversary that snoops on the message. But
if the Header Fields are not also encrypted, significant information if the Header Fields are not also encrypted, significant information
about the message (such as the message Subject) will leak to the about the message (such as the message Subject) will leak to the
inspecting adversary. inspecting adversary.
However, if the sending and receiving MUAs ensure that cryptographic However, if the sending and receiving MUAs ensure that cryptographic
protections cover the message Header Section as well as the message protections cover the message Header Section as well as the message
body, these attacks are defeated. Body, these attacks are defeated.
1.3.1. Backward Compatibility 1.3.1. Backward Compatibility
If the sending MUA is unwilling to generate such a fully protected If the sending MUA is unwilling to generate such a fully protected
message due to the potential for rendering, usability, message due to the potential for rendering, usability,
deliverability, or security issues, these defenses cannot be deliverability, or security issues, these defenses cannot be
realized. realized.
The sender cannot know what MUA (or MUAs) the recipient will use to The sender cannot know what MUA (or MUAs) the recipient will use to
handle the message. Thus, an outbound message format that is handle the message. Thus, an outbound message format that is
backward compatible with as many legacy implementations as possible backward compatible with as many legacy implementations as possible
is a more effective vehicle for providing the whole-message is a more effective vehicle for providing the whole-message
cryptographic protections described above. cryptographic protections described above.
This document aims for backward compatibility with Legacy MUAs to the This document aims for backward compatibility with Legacy MUAs to the
extent possible. In some cases, like when a user-visible header like extent possible. In some cases, like when a user-visible Header
the Subject is cryptographically hidden, a Legacy MUA will not be Field like the Subject is cryptographically hidden, a Legacy MUA will
able to render or reply to the message exactly the same way as a not be able to render or reply to the message exactly the same way as
conformant MUA would. But accommodations are described here that a conformant MUA would. But accommodations are described here that
ensure a rough semantic equivalence for Legacy MUA even in these ensure a rough semantic equivalence for a Legacy MUA even in these
cases. cases.
1.3.2. Deliverability 1.3.2. Deliverability
A message with perfect cryptographic protections that cannot be A message with perfect cryptographic protections that cannot be
delivered is less useful than a message with imperfect cryptographic delivered is less useful than a message with imperfect cryptographic
protections that can be delivered. Senders want their messages to protections that can be delivered. Senders want their messages to
reach the intended recipients. reach the intended recipients.
Given the current state of the Internet mail ecosystem, encrypted Given the current state of the Internet mail ecosystem, encrypted
messages in particular cannot shield all of their Header Fields from messages in particular cannot shield all of their Header Fields from
visibility and still be guaranteed delivery to their intended visibility and still be guaranteed delivery to their intended
recipient. recipient.
This document accounts for this concern by providing a mechanism This document accounts for this concern by providing a mechanism
(Section 3) that prioritizes initial deliverability (at the cost of (Section 3) that prioritizes initial deliverability (at the cost of
some header leakage) while facilitating future message variants that some header leakage) while facilitating future message variants that
shield more header metadata from casual inspection. shield more header metadata from casual inspection.
1.4. Other Protocols to Protect E-Mail Header Fields 1.4. Other Protocols to Protect Email Header Fields
A separate pair of protocols also provides some cryptographic A separate pair of protocols also provides some cryptographic
protection for the e-mail message header integrity: DomainKeys protection for the email message header integrity: DomainKeys
Identified Mail (DKIM) [RFC6376], as used in combination with Domain- Identified Mail (DKIM) [RFC6376], as used in combination with Domain-
based Message Authentication, Reporting, and Conformance (DMARC) based Message Authentication, Reporting, and Conformance (DMARC)
[RFC7489]. This pair of protocols provides a domain-based reputation [RFC7489]. This pair of protocols provides a domain-based reputation
mechanism that can be used to mitigate some forms of unsolicited mechanism that can be used to mitigate some forms of unsolicited
e-mail (spam). email (spam).
However, the DKIM+DMARC suite provides cryptographic protection at a However, the DKIM+DMARC suite provides cryptographic protection at a
different scope, as it is usually applied by and evaluated by a mail different scope, as it is usually applied by and evaluated by a mail
transport agent (MTA). DKIM+DMARC typically provide MTA-to-MTA transport agent (MTA). DKIM+DMARC typically provide MTA-to-MTA
protection, whereas this specification provides MUA-to-MUA protection, whereas this specification provides MUA-to-MUA
protection. This is because DKIM+DMARC are typically applied to protection. This is because DKIM+DMARC are typically applied to
messages by (and interpreted by) MTAs, whereas the mechanisms in this messages by (and interpreted by) MTAs, whereas the mechanisms in this
document are typically applied and interpreted by MUAs. document are typically applied and interpreted by MUAs.
A receiving MUA that relies on DKIM+DMARC for sender authenticity A receiving MUA that relies on DKIM+DMARC for sender authenticity
should note Section 10.1. should note Section 10.1.
Furthermore, the DKIM+DMARC suite only provides cryptographic Furthermore, the DKIM+DMARC suite only provides cryptographic
integrity and authentication, not encryption. So cryptographic integrity and authentication, not encryption. So cryptographic
confidentiality is not available from that suite. confidentiality is not available from that suite.
The DKIM+DMARC suite can be used on any message, including messages The DKIM+DMARC suite can be used on any message, including messages
formed as defined in this document. There should be no conflict formed as defined in this document. There should be no conflict
between DKIM+DMARC and the specification here. between DKIM+DMARC and the specification here.
Though not strictly e-mail, similar protections have been in use on Though not strictly email, similar protections have been in use on
Usenet for signing and verification of message headers for years. Usenet for the signing and verification of message Header Fields for
See [PGPCONTROL] and [PGPVERIFY-FORMAT] for more details. Like DKIM, years. See [PGPCONTROL] and [PGPVERIFY-FORMAT] for more details.
these Usenet control protections offer only integrity and Like DKIM, these Usenet control protections offer only integrity and
authentication, not confidentiality. authentication, not confidentiality.
1.5. Applicability to PGP/MIME 1.5. Applicability to PGP/MIME
This document specifies end-to-end cryptographic protections for This document specifies end-to-end cryptographic protections for
e-mail messages in reference to S/MIME ([RFC8551]). email messages in reference to S/MIME [RFC8551].
Comparable end-to-end cryptographic protections can also be provided Comparable end-to-end cryptographic protections can also be provided
by PGP/MIME ([RFC3156]). by PGP/MIME [RFC3156].
The mechanisms in this document should be applicable in the PGP/MIME The mechanisms in this document should be applicable in the PGP/MIME
protections as well as S/MIME protections, but analysis and protections as well as S/MIME protections, but analysis and
implementation in this document focuses on S/MIME. implementation in this document focuses on S/MIME.
To the extent that any divergence from the mechanism defined here is To the extent that any divergence from the mechanism defined here is
necessary for PGP/MIME, that divergence is out of scope for this necessary for PGP/MIME, that divergence is out of scope for this
document. document.
1.6. Requirements Language 1.6. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in "OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
The key words "SPECIFICATION REQUIRED" and "IETF REVIEW" that appear
in this document when used to describe namespace allocation are to be
interpreted as described in [RFC8126].
1.7. Terms 1.7. Terms
The following terms are defined for the scope of this document: The following terms are defined for the scope of this document:
* S/MIME: Secure/Multipurpose Internet Mail Extensions (see S/MIME: Secure/Multipurpose Internet Mail Extensions (see [RFC8551])
[RFC8551])
* PGP/MIME: MIME Security with OpenPGP (see [RFC3156]) PGP/MIME: Pretty Good Privacy with MIME (see [RFC3156])
* Message: An E-Mail Message consisting of Header Fields Message: An email message consisting of Header Fields (collectively
(collectively called "the Header Section of the message") called "the Header Section of the message") optionally followed by
followed, optionally, by a Body; see [RFC5322]. a message Body; see [RFC5322].
Note: To avoid ambiguity, this document avoids using the terms Note: To avoid ambiguity, this document avoids using the terms
"Header" or "Headers" in isolation, but instead always uses "Header" or "Headers" in isolation, but instead always uses
"Header Field" to refer to the individual field and "Header "Header Field" to refer to the individual field and "Header
Section" to refer to the entire collection. Section" to refer to the entire collection.
* Header Field: A Header Field includes a field name, followed by a Header Field: A Header Field includes a field name, followed by a
colon (":"), followed by a field body (value), and terminated by colon (":"), followed by a field Body (value), and is terminated
CRLF; see Section 2.2 of [RFC5322] for more details. by CRLF; see Section 2.2 of [RFC5322] for more details.
* Header Section: The Header Section is a sequence of lines of Header Section: The Header Section is a sequence of lines of
characters with special syntax as defined in [RFC5322]. The characters with special syntax as defined in [RFC5322]. The
Header Section of a Message contains the Header Fields associated Header Section of a message contains the Header Fields associated
with the Message itself. The Header Section of a MIME part (that with the message itself. The Header Section of a MIME part (that
is, a subpart of a message) typically contains Header Fields is, a subpart of a message) typically contains Header Fields
associated with that particular MIME part. associated with that particular MIME part.
* Body: The Body is the part of a Message that follows the Header Outer Header Section: The unprotected Header Section that MTAs and
MUAs unaware of Header Protection treat as the Header Section of
the Message.
Body: The Body is the part of a message that follows the Header
Section and is separated from the Header Section by an empty line Section and is separated from the Header Section by an empty line
(that is, a line with nothing preceding the CRLF); see [RFC5322]. (that is, a line with nothing preceding the CRLF); see [RFC5322].
It is the (bottom) section of a Message containing the payload of It is the (bottom) section of a message containing the payload of
a Message. Typically, the Body consists of a (possibly multipart) a message. Typically, the Body consists of a (possibly multipart)
MIME [RFC2045] construct. MIME [RFC2045] construct.
* Header Protection (HP): cryptographic protection of e-mail Header Header Protection (HP): The cryptographic protection of email Header
Sections (or parts of it) by means of signatures and/or Sections (or parts of it) by means of signatures and/or
encryption. encryption.
* Cryptographic Layer, Cryptographic Payload, Cryptographic Legacy MUA: An MUA that does not understand Header Protection as
Envelope, Cryptographic Summary, Structural Header Fields, Main
Body Part, User-Facing Header Fields, and MUA are all used as
defined in [I-D.ietf-lamps-e2e-mail-guidance]
* Legacy MUA: an MUA that does not understand Header Protection as
defined in this document. A Legacy Non-Crypto MUA is incapable of defined in this document. A Legacy Non-Crypto MUA is incapable of
doing any end-to-end cryptographic operations. A Legacy Crypto doing any end-to-end cryptographic operations. A Legacy Crypto
MUA is capable of doing cryptographic operations, but does not MUA is capable of doing cryptographic operations but does not
understand or generate messages with Header Protection. understand or generate messages with Header Protection.
* Legacy Signed Message: an e-mail message that was signed by a Legacy Signed Message: An email message that was signed by a Legacy
Legacy MUA, and therefore has no cryptographic authenticity or MUA and therefore has no cryptographic authenticity or integrity
integrity protections on its Header Fields. protections on its Header Fields.
* Legacy Encrypted Message: an e-mail message that was signed and Legacy Encrypted Message: An email message that was signed and
encrypted by a Legacy MUA, and therefore has no cryptographic encrypted by a Legacy MUA and therefore has no cryptographic
authenticity, integrity, or confidentiality protections on any of authenticity, integrity, or confidentiality protections on any of
its Header Fields. its Header Fields.
* Header Confidentiality Policy (HCP): a functional specification of Header Confidentiality Policy (HCP): A functional specification of
which Header Fields should be removed or obscured when composing which Header Fields should be removed or obscured when composing
an encrypted message with Header Protection. An HCP is considered an encrypted message with Header Protection. An HCP is considered
more "conservative" when it removes or obscures fewer Header more "conservative" when it removes or obscures fewer Header
Fields. When it removes or obscures more Header fields, it is Fields. When it removes or obscures more Header Fields, it is
more "ambitious". See Section 3. more "ambitious". See Section 3.
* Ordinary User: a user of an MUA who follows a simple and minimal Ordinary User: A user of an MUA who follows a simple and minimal
experience, focused on sending and receiving e-mails. A user who experience, focused on sending and receiving emails. A user who
opts into advanced configuration, expert mode, or the like is not opts into advanced configuration, expert mode, or the like is not
an "Ordinary User". an "Ordinary User".
Additionally, Cryptographic Layer, Cryptographic Payload,
Cryptographic Envelope, Cryptographic Summary, Structural Header
Fields, Non-Structural Header Fields, Main Body Part, User-Facing
Header Fields, and MUA are all used as defined in [RFC9787].
The policies "Specification Required" and "IETF Review" that appear
in this document when used to describe namespace allocation are to be
interpreted as described in [RFC8126].
1.8. Document Scope 1.8. Document Scope
This document describes sensible, simple behavior for a program that This document describes sensible, simple behavior for a program that
generates an e-mail message with standard end-to-end cryptographic generates an email message with standard end-to-end cryptographic
protections, following the guidance in protections, following the guidance in [RFC9787]. An implementation
[I-D.ietf-lamps-e2e-mail-guidance]. An implementation conformant to conformant to this document will produce messages that have
this document will produce messages that have cryptographic cryptographic protection that covers the message's Header Fields as
protection that covers the message's Header Fields as well as its well as its Body.
body.
1.8.1. In Scope 1.8.1. In Scope
This document also describes sensible, simple behavior for a program This document also describes sensible, simple behavior for a program
that interprets such a message, in a way that can take advantage of that interprets such a message in a way that can take advantage of
these protections covering the Header Fields as well as the body. these protections covering the Header Fields as well as the Body.
The message generation guidance aims to minimize negative The message generation guidance aims to minimize negative
interactions with any Legacy receiving MUA while providing actionable interactions with any Legacy receiving MUA while providing actionable
cryptographic properties for modern receiving clients. cryptographic properties for modern receiving MUAs.
In particular, this document focuses on two standard types of In particular, this document focuses on two standard types of
cryptographic protection that cover the entire message: cryptographic protection that cover the entire message:
* A cleartext message with a single signature, and * a cleartext message with a single signature and
* An encrypted message that contains a single cryptographic * an encrypted message that contains a single cryptographic
signature. signature.
1.8.2. Out of Scope 1.8.2. Out of Scope
The message composition guidance in this document (in Section 5.2) The message composition guidance in this document (in Section 5.2)
aims to provide minimal disruption for any Legacy MUA that receives aims to provide minimal disruption for any Legacy MUA that receives
such a message. However, a Legacy MUA by definition does not such a message. However, by definition, a Legacy MUA does not
implement any of the guidance here. Therefore, the document does not implement any of the guidance here. Therefore, the document does not
attempt to provide guidance for Legacy MUAs directly. attempt to provide guidance for Legacy MUAs directly.
Furthermore, this document does not explicitly contemplate other Furthermore, this document does not explicitly contemplate other
variants of cryptographic message protections, including any of variants of cryptographic message protections, including any of
these: these:
* Encrypted-only message (Without a cryptographic signature. See * encrypted-only message (without a cryptographic signature; see
Section 5.3 of [I-D.ietf-lamps-e2e-mail-guidance].) Section 5.3 of [RFC9787])
* Triple-wrapped message * triple-wrapped message
* Signed message with multiple signatures * signed message with multiple signatures
* Encrypted message with a cryptographic signature outside the * encrypted message with a cryptographic signature outside the
encryption. encryption
All such messages are out of scope of this document. All such messages are out of scope of this document.
1.9. Example 1.9. Example
This section gives an overview by providing an example of how MIME This section gives an overview by providing an example of how MIME
messages with Header Protection look like. messages with Header Protection look.
Consider the following MIME message: Consider the following MIME message:
A └─╴application/pkcs7-mime; smime-type="enveloped-data" A └─╴application/pkcs7-mime; smime-type="enveloped-data"
↧ (decrypts to) ↧ (decrypts to)
B └─╴application/pkcs7-mime; smime-type="signed-data" B └─╴application/pkcs7-mime; smime-type="signed-data"
⇩ (unwraps to) ⇩ (unwraps to)
C └┬╴multipart/alternative; hp="cipher" C └┬╴multipart/alternative; hp="cipher"
D ├─╴text/plain; hp-legacy-display="1" D ├─╴text/plain; hp-legacy-display="1"
E └─╴text/html; hp-legacy-display="1" E └─╴text/html; hp-legacy-display="1"
Observe that: Observe that:
* Node A and B are collectively called the Cryptographic Envelope. * Nodes A and B are collectively called the Cryptographic Envelope.
Node C (including its sub-nodes D and E) is called the Node C (including its subnodes D and E) is called the
Cryptographic Payload ([I-D.ietf-lamps-e2e-mail-guidance]). Cryptographic Payload [RFC9787].
* Node A contains the traditional unprotected ("outer") Header * Node A contains the unprotected ("outer") Header Fields. Node C
Fields. Node C contains the protected ("inner") Header Fields. contains the protected ("inner") Header Fields.
* The presence of the hp attribute (see Section 2.1.1) on the * The presence of the hp attribute (see Section 2.1.1) on the
Content-Type of node C allows the receiver to know that the sender Content-Type of node C allows the receiver to know that the sender
applied Header Protection. Its value allows the receiver to applied Header Protection. Its value allows the receiver to
distinguish whether the sender intended for the message to be distinguish whether the sender intended for the message to be
confidential (hp="cipher") or not (hp="clear"), since encryption confidential (hp="cipher") or not (hp="clear"), since encryption
may have been added in transit (see Section 10.2). may have been added in transit (see Section 10.2).
The "outer" Header Section on node A looks as follows: The "outer" Header Section on node A looks as follows:
skipping to change at page 16, line 40 skipping to change at line 713
Content-Type: multipart/alternative; hp="cipher" Content-Type: multipart/alternative; hp="cipher"
MIME-Version: 1.0 MIME-Version: 1.0
HP-Outer: Date: Wed, 11 Jan 2023 16:08:43 -0500 HP-Outer: Date: Wed, 11 Jan 2023 16:08:43 -0500
HP-Outer: From: Bob <bob@example.net> HP-Outer: From: Bob <bob@example.net>
HP-Outer: To: Alice <alice@example.net> HP-Outer: To: Alice <alice@example.net>
HP-Outer: Subject: [...] HP-Outer: Subject: [...]
HP-Outer: Message-ID: <20230111T210843Z.1234@lhp.example> HP-Outer: Message-ID: <20230111T210843Z.1234@lhp.example>
Observe that: Observe that:
* Between node C and node A, some Header Fields are copied as-is * Between node C and node A, some Header Fields are copied as is
(Date, From, To, Message-ID), some are obscured (Subject), and (Date, From, To, Message-ID), some are obscured (Subject), and
some are removed (Keywords). some are removed (Keywords).
* The HP-Outer Header Fields (see Section 2.2) of node C contain a * The HP-Outer Header Fields (see Section 2.2) of node C contain a
protected copy of the Header Fields in node A. The copy allows protected copy of the Header Fields in node A. The copy allows
the receiver to recompute for which Header Fields the sender the receiver to recompute for which Header Fields the sender
provided confidentiality by removing or obscuring them. provided confidentiality by removing or obscuring them.
* The copying/removing/obscuring and the HP-Outer only apply to Non- * The copying/removing/obscuring and the HP-Outer only apply to Non-
Structural Header Fields, not to Structural Header Fields like Structural Header Fields, not to Structural Header Fields like
Content-Type or MIME-Version (see Section 1.1 of Content-Type or MIME-Version (see Section 1.1 of [RFC9787]).
[I-D.ietf-lamps-e2e-mail-guidance]).
* If the sender intends no confidentiality and doesn't encrypt the * If the sender intends no confidentiality and doesn't encrypt the
message, it doesn't remove or obscure Header Fields. All Non- message, it doesn't remove or obscure Header Fields. All Non-
Structural Header Fields are copied as-is. No HP-Outer Header Structural Header Fields are copied as is. No HP-Outer Header
Fields are present. Fields are present.
Node D looks as follows: Node D looks as follows:
Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1"; Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";
Subject: Handling the Jones contract Subject: Handling the Jones contract
Keywords: Contract, Urgent Keywords: Contract, Urgent
Please review and approve or decline by Thursday, it's critical! Please review and approve or decline by Thursday, it's critical!
skipping to change at page 17, line 29 skipping to change at line 750
Thanks, Thanks,
Bob Bob
-- --
Bob Gonzalez Bob Gonzalez
ACME, Inc. ACME, Inc.
Observe that: Observe that:
* The sender adds the removed and obscured User-Facing Header Fields * The sender adds the removed and obscured User-Facing Header Fields
(see Section 1.1.2 of [I-D.ietf-lamps-e2e-mail-guidance]) to the (see Section 1.1.2 of [RFC9787]) to the main Body (note the empty
main body (note the empty line after the Content-Type). This is line after the Content-Type). This is called the Legacy Display
called the Legacy Display Element. It allows a user with a Legacy Element. It allows a user with a Legacy MUA that doesn't
MUA which doesn't implement this document to understand the implement this document to understand the message, since the
message, since the Header Fields will be shown as part of the main Header Fields will be shown as part of the main Body.
body.
* The hp-legacy-display="1" attribute (see Section 2.1.2) indicates * The hp-legacy-display="1" attribute (see Section 2.1.2) indicates
that the sender added a Legacy Display Element. This allows that the sender added a Legacy Display Element. This allows
receivers that implement this document to recognise the Legacy receivers that implement this document to recognize the Legacy
Display Element and distinguish it from user-added content. The Display Element and distinguish it from user-added content. The
receiver then hides the Legacy Display Element and doesn't display receiver then hides the Legacy Display Element and doesn't display
it to the user. it to the user.
* The hp-legacy-display is added to the node to which it applies, * hp-legacy-display is added to the node to which it applies, not on
not on any outer nodes (e.g., not to node C). any outer nodes (e.g., not to node C).
For more examples, see Appendix D and Appendix E. For more examples, see Appendices D and E.
2. Internet Message Format Extensions 2. Internet Message Format Extensions
This section describes relevant, backward-compatible extensions to This section describes relevant, backward-compatible extensions to
the Internet Message Format ([RFC5322]). Subsequent sections offer the Internet Message Format [RFC5322]. Subsequent sections offer
concrete guidance for an MUA to make use of these mechanisms, concrete guidance for an MUA to make use of these mechanisms,
including policy decisions and recommended pseudocode. including policy decisions and recommended pseudocode.
2.1. Content-Type parameters 2.1. Content-Type Parameters
This document introduces two parameters for the Content-Type Header This document introduces two parameters for the Content-Type Header
Field, which have distinct semantics and use cases. Field, which have distinct semantics and use cases.
2.1.1. Content-Type parameter: hp 2.1.1. Content-Type Parameter: hp
This specification defines a parameter for the Content-Type Header This specification defines a parameter for the Content-Type Header
Field named hp (for Header Protection). This parameter is only Field named hp (for Header Protection). This parameter is only
relevant on the Content-Type Header Field at the root of the relevant on the Content-Type Header Field at the root of the
Cryptographic Payload. The presence of this parameter at the root of Cryptographic Payload. The presence of this parameter at the root of
the Cryptographic Payload indicates that the sender intends for this the Cryptographic Payload indicates that the sender intends for this
message to have end-to-end cryptographic protections for the Header message to have end-to-end cryptographic protections for the Header
Fields. Fields.
The parameter's defined values describe the sender's cryptographic The parameter's defined values describe the sender's cryptographic
intent when producing the message: intent when producing the message:
+========+==============+=========+=================+==============+ +========+==============+=========+=================+==============+
|hp Value| Authenticity |Integrity| Confidentiality | Description | |hp Value| Authenticity |Integrity| Confidentiality | Description |
+========+==============+=========+=================+==============+ +========+==============+=========+=================+==============+
|"clear" | yes |yes | no | This message | |"clear" | yes |yes | no | This message |
| | | | | has been | | | | | | has been |
| | | | | signed by | | | | | | signed by |
| | | | | the sender | | | | | | the sender, |
| | | | | with Header | | | | | | with Header |
| | | | | Protection | | | | | | Protection. |
+--------+--------------+---------+-----------------+--------------+ +--------+--------------+---------+-----------------+--------------+
|"cipher"| yes |yes | yes | This message | |"cipher"| yes |yes | yes | This message |
| | | | | has been | | | | | | has been |
| | | | | signed by | | | | | | signed by |
| | | | | the sender, | | | | | | the sender, |
| | | | | with Header | | | | | | with Header |
| | | | | Protection, | | | | | | Protection, |
| | | | | and is | | | | | | and is |
| | | | | encrypted to | | | | | | encrypted to |
| | | | | the | | | | | | the |
| | | | | recipients | | | | | | recipients. |
+--------+--------------+---------+-----------------+--------------+ +--------+--------------+---------+-----------------+--------------+
Table 1: hp parameter for Content-Type Header Field Table 1: hp Parameter for Content-Type Header Field
A sending implementation MUST NOT produce a Cryptographic Payload A sending implementation MUST NOT produce a Cryptographic Payload
with parameter hp="cipher" for a non-encrypted message (that is, with parameter hp="cipher" for an unencrypted message (that is, where
where none of the Cryptographic Layers in the Cryptographic Envelope none of the Cryptographic Layers in the Cryptographic Envelope of the
of the message provide encryption). Likewise, if a sending message provide encryption). Likewise, if a sending implementation
implementation is sending an encrypted message with Header is sending an encrypted message with Header Protection, it MUST emit
Protection, it MUST emit an hp="cipher" parameter, regardless of an hp="cipher" parameter, regardless of which Header Fields were made
which Header Fields were made confidential. confidential.
Note that hp="cipher" indicates that the message itself has been Note that hp="cipher" indicates that the message itself has been
encrypted by the sender to the recipients, but makes no assertions encrypted by the sender to the recipients but makes no assertions
about which Header Fields have been removed or obscured. This can be about which Header Fields have been removed or obscured. This can be
derived from the Cryptographic Payload itself (see Section 4.2). derived from the Cryptographic Payload itself (see Section 4.2).
A receiving implementation MUST NOT mistake the presence of an A receiving implementation MUST NOT mistake the presence of an
hp="cipher" parameter in the Cryptographic Payload for the actual hp="cipher" parameter in the Cryptographic Payload for the actual
presence of a Cryptographic Layer that provides encryption. presence of a Cryptographic Layer that provides encryption.
2.1.2. Content-Type parameter: hp-legacy-display 2.1.2. Content-Type Parameter: hp-legacy-display
This specification also defines an hp-legacy-display parameter for This specification also defines an hp-legacy-display parameter for
the Content-Type Header Field. The only defined value for this the Content-Type Header Field. The only defined value for this
parameter is 1. parameter is 1.
This parameter is only relevant on a leaf MIME node of Content-Type This parameter is only relevant on a leaf MIME node of Content-Type
text/html or text/plain within a well-formed message with end-to-end text/html or text/plain within a well-formed message with end-to-end
cryptographic protections. Its presence indicates that the MIME node cryptographic protections. Its presence indicates that the MIME node
it is attached to contains a decorative "Legacy Display Element". it is attached to contains a decorative "Legacy Display Element".
The Legacy Display Element itself is used for backward-compatible The Legacy Display Element itself is used for backward-compatible
visibility of any removed or obscured User-Facing Header Field in a visibility of any removed or obscured User-Facing Header Field in a
Legacy MUA. Legacy MUA.
Such a Legacy Display Element need not be rendered to the user of an Such a Legacy Display Element need not be rendered to the user of an
MUA that implements this specification, because the MUA already knows MUA that implements this specification, because the MUA already knows
the correct Header Field information, and can render it to the user the correct Header Field information and can render it to the user in
in the appropriate part of the MUA's user interface rather than in the appropriate part of the MUA's user interface rather than in the
the body of the message. Body of the message.
See Section 5.2.2 for how to insert a Legacy Display Element into a See Section 5.2.2 for how to insert a Legacy Display Element into a
text/plain Main Body Part. See Section 5.2.3 for how to insert a text/plain Main Body Part. See Section 5.2.3 for how to insert a
Legacy Display Element into a text/html Main Body Part. See Legacy Display Element into a text/html Main Body Part. See
Section 4.5.3 for how to avoid rendering a Legacy Display Element. Section 4.5.3 for how to avoid rendering a Legacy Display Element.
2.2. The HP-Outer Header Field 2.2. HP-Outer Header Field
This document also specifies a new Header Field: HP-Outer. This document also specifies a new Header Field: HP-Outer.
This Header Field is used only in the Header Section of the This Header Field is used only in the Header Section of the
Cryptographic Payload of an encrypted message. It is not relevant Cryptographic Payload of an encrypted message. It is not relevant
for signed-only messages. It documents, with the same cryptographic for signed-only messages. It documents, with the same cryptographic
guarantees shared by the rest of the message, the sender's choices guarantees shared by the rest of the message, the sender's choices
about Header Field confidentiality. It does so by embedding a copy about Header Field confidentiality. It does so by embedding a copy
within the Cryptographic Envelope of every non-structural Header within the Cryptographic Envelope of every Non-Structural Header
Field that the sender put outside the Cryptographic Envelope. This Field that the sender put outside the Cryptographic Envelope. This
Header Field enables the MUA receiving the encrypted message to Header Field enables the MUA receiving the encrypted message to
reliably identify whether the sending MUA intended to make a Header reliably identify whether the sending MUA intended to make a Header
Field confidential (see Section 11.3). Field confidential (see Section 11.3).
The HP-Outer Header Fields in a message's Cryptographic Payload are The HP-Outer Header Fields in a message's Cryptographic Payload are
useful for ensuring that any confidential Header Field will not be useful for ensuring that any confidential Header Field will not be
automatically leaked in the clear if the user replies to or forwards automatically leaked in the clear if the user replies to or forwards
the message. They may also be useful for an MUA that indicates the the message. They may also be useful for an MUA that indicates the
confidentiality status of any given Header Field to the user. confidentiality status of any given Header Field to the user.
An implementation that composes encrypted e-mail MUST include a copy An implementation that composes encrypted email MUST include a copy
of all non-structural Header Fields deliberately exposed to the of all Non-Structural Header Fields deliberately exposed to the
outside of the Cryptographic Envelope using a series of HP-Outer outside of the Cryptographic Envelope using a series of HP-Outer
Header Fields within the Cryptographic Payload. These HP-Outer MIME Header Fields within the Cryptographic Payload. These HP-Outer MIME
Header Fields should only ever appear directly within the Header Header Fields should only ever appear directly within the Header
Section of the Cryptographic Payload of a Cryptographic Envelope Section of the Cryptographic Payload of a Cryptographic Envelope
offering confidentiality. They MUST be ignored for the purposes of offering confidentiality. They MUST be ignored for the purposes of
evaluating the message's Header Protection if they appear in other evaluating the message's Header Protection if they appear in other
places. places.
Each instance of HP-Outer contains a non-structural Header Field name Each instance of HP-Outer contains a Non-Structural Header Field name
and the value that this Header Field was set in the outer and the value that this Header Field was set to within the outer
(unprotected) Header Section. The HP-Outer Header Field can appear (unprotected) Header Section. The HP-Outer Header Field can appear
multiple times in the Header Section of a Cryptographic Payload. multiple times in the Header Section of a Cryptographic Payload.
If a non-structural Header Field name Z is present in Header If a Non-Structural Header Field named Z is present in Header
Section of the Cryptographic Payload, but doesn't appear in an HP- Section of the Cryptographic Payload but doesn't appear in an HP-
Outer Header Field value at all, then the sender is effectively Outer Header Field value at all, then the sender is effectively
asserting that every instance of Z was made confidential by removal asserting that every instance of Z was made confidential by removal
from the Outer Header Section. Specifically, it means that no Header from the Outer Header Section. Specifically, it means that no Header
Field Z was included on the outside of the message's Cryptographic Field Z was included on the outside of the message's Cryptographic
Envelope by the sender at the time the message was injected into the Envelope by the sender at the time the message was injected into the
mail system. mail system.
See Section 5.2 for how to insert HP-Outer Header Fields into an See Section 5.2 for how to insert HP-Outer Header Fields into an
encrypted message. See Section 4.3 for how to determine the end-to- encrypted message. See Section 4.3 for how to determine the end-to-
end confidentiality of a given Header Field from an encrypted message end confidentiality of a given Header Field from an encrypted message
skipping to change at page 21, line 17 skipping to change at line 923
The syntax of this Header Field is defined using the following ABNF The syntax of this Header Field is defined using the following ABNF
[RFC5234], where field-name, WSP, VCHAR, and FWS are defined in [RFC5234], where field-name, WSP, VCHAR, and FWS are defined in
[RFC5322]: [RFC5322]:
hp-outer = "HP-Outer:" [FWS] field-name ": " hp-outer = "HP-Outer:" [FWS] field-name ": "
hp-outer-value CRLF hp-outer-value CRLF
hp-outer-value = (*([FWS] VCHAR) *WSP) hp-outer-value = (*([FWS] VCHAR) *WSP)
Note that hp-outer-value is the same as unstructured from Note that hp-outer-value is the same as unstructured from
Section 3.2.5 of [RFC5322], but without the obsolete obs-unstruct Section 3.2.5 of [RFC5322] but without the obsolete obs-unstruct
option. option.
3. Header Confidentiality Policy 3. Header Confidentiality Policy
An MUA composing an encrypted message according to this specification An MUA composing an encrypted message according to this specification
may make any given Header Field confidential by removing it from may make any given Header Field confidential by removing it from the
Header Section outside the Cryptographic Envelope, or by obscuring it Header Section outside the Cryptographic Envelope or by obscuring it
by rewriting it to a different value in that outer Header Section. by rewriting it to a different value in that Outer Header Section.
The composing MUA faces a choice for any new message: which Header The composing MUA faces a choice for any new message: Which Header
Fields should be made confidential, and how? Fields should be made confidential, and how?
This section defines the "Header Confidentiality Policy" (or HCP) as This section defines the "Header Confidentiality Policy" (or HCP) as
a well-defined abstraction to encourage MUA developers to consider, a well-defined abstraction to encourage MUA developers to consider,
document, and share reasonable policies across the community. It document, and share reasonable policies across the community. It
establishes a registry of known HCPs, defines a small number of establishes a registry of known HCPs, defines a small number of
simple HCPs in that registry, and makes a recommendation for a simple HCPs in that registry, and makes a recommendation for a
reasonable default. reasonable default.
Note that such a policy is only needed when the end-to-end Note that such a policy is only needed when the end-to-end
skipping to change at page 22, line 7 skipping to change at line 959
delivery systems, some of which may reject, drop, or delay messages delivery systems, some of which may reject, drop, or delay messages
where all Header Fields are removed from the top-level MIME object. where all Header Fields are removed from the top-level MIME object.
Note that no representation of the HCP itself ever appears "on the Note that no representation of the HCP itself ever appears "on the
wire". However, the consumer of the encrypted message can see the wire". However, the consumer of the encrypted message can see the
decisions that were made by the sender's HCP via the HP-Outer Header decisions that were made by the sender's HCP via the HP-Outer Header
Fields (see Section 2.2). Fields (see Section 2.2).
3.1. HCP Definition 3.1. HCP Definition
In this document, we represent that Header Confidentiality Policy as In this document, we represent that HCP as a function hcp:
a function hcp:
* hcp(name, val_in) val_out: this function takes a non-structural * hcp(name, val_in) -> val_out: This function takes a Non-Structural
Header Field identified by name with initial value val_in as Header Field identified by name with the initial value val_in as
arguments, and returns a replacement header value val_out. If arguments and returns a replacement Header Field value val_out.
val_out is the special value null, it means that the Header Field If val_out is the special value null, it means that the Header
in question should be removed from the set of Header Fields Field in question should be removed from the set of Header Fields
visible outside the Cryptographic Envelope. visible outside the Cryptographic Envelope.
In the pseudocode descriptions of various choices of HCP in this In the pseudocode descriptions of various choices of HCP in this
document, any comparison with the name input is done case- document, any comparison with the name input is done case-
insensitively. This is appropriate for Header Field names, as insensitively. This is appropriate for Header Field names, as
described in [RFC5322]. described in [RFC5322].
Note that hcp is only applied to non-structural Header Fields. When Note that hcp is only applied to Non-Structural Header Fields. When
composing a message, Structural Header Fields are dealt with composing a message, Structural Header Fields are dealt with
separately, as described in Section 5.2. separately, as described in Section 5.2.
As an example, an MUA that obscures the Subject Header Field by As an example, an MUA that obscures the Subject Header Field by
replacing it with the literal string "[...]", hides all Cc'ed replacing it with the literal string "[...]", hides all Cc'ed
recipients, and does not offer confidentiality to any other Header recipients, and does not offer confidentiality to any other Header
Fields would be represented as (in pseudocode): Fields would be represented as (in pseudocode):
hcp_example_hide_cc(name, val_in) → val_out: hcp_example_hide_cc(name, val_in) → val_out:
if lower(name) is 'subject': if lower(name) is 'subject':
return '[...]' return '[...]'
else if lower(name) is 'cc': else if lower(name) is 'cc':
return null return null
else: else:
return val_in return val_in
For alignment with common practice as well as the ABNF in For alignment with common practice as well as the ABNF in
Section 2.2.1 for HP-Outer, val_out MUST be one of the following: Section 2.2.1 for HP-Outer, val_out MUST be one of the following:
* identical to val_in, or * identical to val_in,
* the special value null (meaning that the Header Field will be * the special value null (meaning that the Header Field will be
removed from the outside of the message), or removed from the outside of the message), or
* a sequence of printable and whitespace (that is, space or tab) * a sequence of whitespace (that is, space or tab) and printable
7-bit clean ASCII characters (of course, non-ASCII text can be 7-bit clean ASCII characters (of course, non-ASCII text can be
encoded as ASCII using the encoded-word construct from [RFC2047]) encoded as ASCII using the encoded-word construct from [RFC2047])
The HCP can compute val_out using any technique describable in The HCP can compute val_out using any technique describable in
pseudocode, such as copying a fixed string or invocations of other pseudocode, such as copying a fixed string or invocations of other
pseudocode functions. If it alters the value, it MUST NOT include pseudocode functions. If it alters the value, it MUST NOT include
control or NUL characters in val_out. val_out SHOULD match the control or NUL characters in val_out. val_out SHOULD match the
expected ABNF for the Header Field identified by name. expected ABNF for the Header Field identified by name.
3.1.1. HCP Avoids Changing From addr-spec 3.1.1. HCP Avoids Changing addr-spec of From Header Field
The From Header Field should also be treated specially by the HCP, to The From Header Field should also be treated specially by the HCP to
enable defense against possible e-mail address spoofing (see enable defense against possible email address spoofing (see
Section 10.1). In particular, for hcp("From", val_in), the addr-spec Section 10.1). In particular, for hcp("From", val_in), the addr-spec
of val_in and the addr-spec of val_out SHOULD match according to of val_in and the addr-spec of val_out SHOULD match according to
Section 4.4.5, unless the sending MUA has additional knowledge Section 4.4.5, unless the sending MUA has additional knowledge
coordinated with the receiving MUA about more subtle addr-spec coordinated with the receiving MUA about more subtle addr-spec
equivalence or certificate validity. equivalence or certificate validity.
3.2. Initial Registered HCPs 3.2. Initial Registered HCPs
This document formally defines three Header Confidentiality Policies This document formally defines three Header Confidentiality Policies
with known and reasonably well-understood characteristics as a way to with known and reasonably well-understood characteristics as a way to
compare and contrast different possible behavioral choices for a compare and contrast different possible behavioral choices for a
composing MUA. These definitions are not meant to preclude the composing MUA. These definitions are not meant to preclude the
creation of other HCPs. creation of other HCPs.
The purpose of the registry of HCPs is to facilitate HCP evolution The purpose of the registry of HCPs is to facilitate HCP evolution
and interoperability discussion among MUA developers and MTA and interoperability discussion among MUA developers and MTA
operators. operators.
(The example hypothetical HCP described in Section 3.1 above, (The example hypothetical HCP, hcp_example_hide_cc, described in
hcp_example_hide_cc, is deliberately not formally registered, as it Section 3.1 above is deliberately not formally registered, as it has
has not been evaluated in practice.) not been evaluated in practice.)
3.2.1. Baseline Header Confidentiality Policy 3.2.1. Baseline Header Confidentiality Policy
The most conservative recommended Header Confidentiality Policy only The most conservative recommended HCP only provides confidentiality
provides confidentiality for Informational Fields, as defined in for Informational Fields, as defined in Section 3.6.5 of [RFC5322].
Section 3.6.5 of [RFC5322]. These fields are "only human-readable These fields are "only human-readable content" and thus their content
content" and thus their content should not be relevant to transport should not be relevant to transport agents. Since most Internet
agents. Since most Internet messages today do have a Subject Header messages today do have a Subject Header Field, and some filtering
Field, and some filtering engines might object to a message without a engines might object to a message without a Subject, this policy is
Subject, this policy is conservative and merely obscures that Header conservative and merely obscures that Header Field by replacing it
Field by replacing it with a fixed string [...]. By contrast, with a fixed string [...]. By contrast, Comments and Keywords Header
Comments and Keywords are comparatively rare, so these fields are Fields are comparatively rare, so these fields are removed entirely
removed entirely from the Outer Header Section. from the Outer Header Section.
hcp_baseline(name, val_in) → val_out: hcp_baseline(name, val_in) → val_out:
if lower(name) is 'subject': if lower(name) is 'subject':
return '[...]' return '[...]'
else if lower(name) is in ['comments', 'keywords']: else if lower(name) is in ['comments', 'keywords']:
return null return null
else: else:
return val_in return val_in
hcp_baseline is the recommended default HCP for a new implementation, hcp_baseline is the recommended default HCP for a new implementation,
as it provides meaningful confidentiality protections and is unlikely as it provides meaningful confidentiality protections and is unlikely
to cause deliverability or usability problems. to cause deliverability or usability problems.
3.2.2. Shy Header Confidentiality Policy 3.2.2. Shy Header Confidentiality Policy
Alternately, a slightly more ambitious (and therefore more privacy- Alternately, a slightly more ambitious (and therefore more privacy-
preserving) Header Confidentiality Policy might avoid leaking human- preserving) HCP might avoid leaking human-interpretable data that
interpretable data that MTAs generally don't care about. The MTAs generally don't care about. The additional protected data isn't
additional protected data isn't related to message routing or related to message routing or transport but might reveal sensitive
transport, but but might reveal sensitive information about the information about the sender or their relationship to the recipients.
sender or their relationship to the recipients. This "shy" HCP This "shy" HCP builds on hcp_baseline but also:
builds on hcp_baseline, but also:
* avoids revealing the display-name of each identified e-mail * avoids revealing the display-name of each identified email address
address, and and
* avoids leaking the sender's locally-configured time zone in the * avoids leaking the sender's locally configured time zone in the
Date Header Field. Date Header Field.
hcp_shy(name, val_in) → val_out: hcp_shy(name, val_in) → val_out:
if lower(name) is 'from': if lower(name) is 'from':
if val_in is an RFC 5322 mailbox: if val_in is an RFC 5322 mailbox:
return the RFC 5322 addr-spec part of val_in return the RFC 5322 addr-spec part of val_in
if lower(name) in ['to', 'cc']: if lower(name) in ['to', 'cc']:
if val_in is an RFC 5322 mailbox-list: if val_in is an RFC 5322 mailbox-list:
let val_out be an empty mailbox-list let val_out be an empty mailbox-list
for each mailbox in val_in: for each mailbox in val_in:
skipping to change at page 25, line 6 skipping to change at line 1094
if lower(name) is 'date': if lower(name) is 'date':
if val_in is an RFC 5322 date-time: if val_in is an RFC 5322 date-time:
return the UTC form of val_in return the UTC form of val_in
else if lower(name) is 'subject': else if lower(name) is 'subject':
return '[...]' return '[...]'
else if lower(name) is in ['comments', 'keywords']: else if lower(name) is in ['comments', 'keywords']:
return null return null
return val_in return val_in
hcp_shy requires more sophisticated parsing and Header Field hcp_shy requires more sophisticated parsing and Header Field
manipulation, and is not recommended as a default HCP for new manipulation and is not recommended as a default HCP for new
implementations. implementations.
3.2.3. No Header Confidentiality Policy 3.2.3. No Header Confidentiality Policy
Legacy MUAs can be conceptualized as offering a "No Header Legacy MUAs can be conceptualized as offering a "No Header
Confidentiality" Policy, which offers no confidentiality protection Confidentiality" Policy, which offers no confidentiality protection
to any Header Field: to any Header Field:
hcp_no_confidentiality(name, val_in) → val_out: hcp_no_confidentiality(name, val_in) → val_out:
return val_in return val_in
A conformant MUA that is not modified by local policy or A conformant MUA that is not modified by local policy or
configuration MUST NOT use hcp_no_confidentiality by default. configuration MUST NOT use hcp_no_confidentiality by default.
3.3. Default Header Confidentiality Policy 3.3. Default Header Confidentiality Policy
An MUA MUST have a default Header Confidentiality Policy that offers An MUA MUST have a default HCP that offers confidentiality for the
confidentiality for the Subject Header Field at least. Local policy Subject Header Field at least. Local policy and configuration may
and configuration may alter this default, but the MUA SHOULD NOT alter this default, but the MUA SHOULD NOT require the user to select
require the user to select an HCP. an HCP.
hcp_baseline provides confidentiality for the Subject Header Field by hcp_baseline provides confidentiality for the Subject Header Field by
replacing it with the literal string "[...]". It also provides replacing it with the literal string "[...]". It also provides
confidentiality for the other less common Informational Header Fields confidentiality for the other less common Informational Header Fields
(Comments and Keywords) by removing them entirely from the outer (Comments and Keywords) by removing them entirely from the Outer
Header Section. This is a sensible default because most users treat Header Section. This is a sensible default because most users treat
the Informational Fields of a message (particularly the Subject) the the Informational Fields of a message (particularly the Subject) the
same way that they treat the body, and they are surprised to find same way that they treat the Body, and they are surprised to find
that the Subject of an encrypted message is visible. that the Subject of an encrypted message is visible.
3.4. HCP Evolution 3.4. HCP Evolution
This document does not mandate any particular Header Confidentiality This document does not mandate any particular HCP, though it offers
Policy, though it offers guidance for MUA implementers in selecting guidance for MUA implementers in selecting one in Section 3.3.
one in Section 3.3. Future documents may recommend or mandate such a Future documents may recommend or mandate such a policy for an MUA
policy for an MUA with specific needs. Such a recommendation might with specific needs. Such a recommendation might be motivated by
be motivated by descriptions of metadata-derived attacks, or stem descriptions of metadata-derived attacks, stem from research about
from research about message deliverability, or describe new message deliverability, or describe new signaling mechanisms, but
signalling mechanisms, but these topics are out of scope for this these topics are out of scope for this document.
document.
3.4.1. Offering More Ambitious Header Confidentiality 3.4.1. Offering More Ambitious Header Confidentiality
An MUA MAY offer even more ambitious confidentiality for Header An MUA MAY offer even more ambitious confidentiality for Header
Fields of an encrypted message than defined in Section 3.2.2. For Fields of an encrypted message than defined in Section 3.2.2. For
example, it might implement an HCP that removes the To and Cc Header example, it might implement an HCP that removes the To and Cc Header
Fields entirely, relying on the SMTP envelope to ensure proper Fields entirely, relying on the SMTP envelope to ensure proper
routing. Or it might remove References and In-Reply-To so that routing. Or it might remove References and In-Reply-To so that
message threading is not visible to any MTA. Any more ambitious message threading is not visible to any MTA. Any more ambitious
choice might result in deliverability, rendering, or usability issues choice might result in deliverability, rendering, or usability issues
for the relevant messages, so testing and documentation will be for the relevant messages, so testing and documentation will be
valuable to get this right. valuable to get this right.
The authors of this document hope that implementers with deployment The authors of this document hope that implementers with deployment
experience will document their chosen Header Confidentiality Policy experience will document their chosen HCP and the rationale behind
and the rationale behind their choice. their choice.
3.4.2. Expert Guidance for Registering Header Confidentiality Policies 3.4.2. Expert Guidance for Registering Header Confidentiality Policies
There is no formal syntax specified for the Header Confidentiality There is no formal syntax specified for the HCP, but any attempt to
Policy, but any attempt to specify an HCP for inclusion in the specify an HCP for inclusion in the registry needs to provide:
registry needs to provide:
* a stable reference document clearly indicating the distinct name * a stable reference document clearly indicating the distinct name
for the proposed HCP for the proposed HCP,
* pseudocode that other implementers can clearly and unambiguously * pseudocode that other implementers can clearly and unambiguously
interpret interpret,
* a clear explanation of why this HCP is different from all other * a clear explanation of why this HCP is different from all other
registered HCPs registered HCPs, and
* any relevant considerations related to deployment of the HCP (for * any relevant considerations related to deployment of the HCP (for
example, known or expected deliverability, rendering, or privacy example, known or expected deliverability, rendering, or privacy
challenges and possible mitigations) challenges and possible mitigations).
When the proposed HCP produces any non-null output for a given Header When the proposed HCP produces any non-null output for a given Header
Field name, val_out SHOULD match the expected ABNF for that Header Field name, val_out SHOULD match the expected ABNF for that Header
Field. If the proposed HCP does not match the expected ABNF for that Field. If the proposed HCP does not match the expected ABNF for that
Header Field, the documentation should explicitly identify the Header Field, the documentation should explicitly identify the
relevant circumstances and provide a justification for the deviation. relevant circumstances and provide a justification for the deviation.
An entry should not be marked as "Recommended" unless it has been An entry should not be marked as "Recommended" unless it has been
shown to offer confidentiality or privacy improvements over the shown to offer confidentiality or privacy improvements over the
status quo and have minimal or mitigatable negative impact on status quo and have minimal or mitigable negative impact on messages
messages to which it is applied, considering factors such as message to which it is applied, considering factors such as message
deliverability and security. Only one entry in the table deliverability and security. Only one entry in the table
(hcp_baseline) is initially marked as "Recommended". In the future, (hcp_baseline) is initially marked as "Recommended". In the future,
more than one entry may be marked as "Recommended". more than one entry may be marked as "Recommended".
4. Receiving Guidance 4. Receiving Guidance
An MUA that receives a cryptographically protected e-mail will render An MUA that receives a cryptographically protected email will render
it for the user. it for the user.
The receiving MUA will render the message body, a selected subset of The receiving MUA will render the message Body, render a selected
Header Fields, and (as described in Section 3 of subset of Header Fields, and (as described in Section 3 of [RFC9787])
[I-D.ietf-lamps-e2e-mail-guidance]) provide a summary of the provide a summary of the cryptographic properties of the message.
cryptographic properties of the message.
Most MUAs only render a subset of Header Fields by default. For Most MUAs only render a subset of Header Fields by default. For
example, most MUAs render From, To, Cc, Date, and Subject Header example, most MUAs render the From, To, Cc, Date, and Subject Header
Fields to the user, but few render Message-Id or Received. Fields to the user, but few render Message-Id or Received.
An MUA that knows how to handle a message with Header Protection An MUA that knows how to handle a message with Header Protection
makes the following four changes to its behavior when rendering a makes the following four changes to its behavior when rendering a
message: message:
* If the MUA detects that an incoming message has protected Header * If the MUA detects that an incoming message has protected Header
Fields: Fields:
- For a Header Field that is present in the protected Header - For a Header Field that is present in the protected Header
Section, the MUA SHOULD render the protected value, and ignore Section, the MUA SHOULD render the protected value and ignore
any unprotected counterparts that may be present (with a any unprotected counterparts that may be present (with a
special exception for the From Header Field (see Section 4.4). special exception for the From Header Field (see Section 4.4)).
- For a Header Field that is present only in the unprotected - For a Header Field that is present only in the Outer Header
Header Section, the MUA SHOULD NOT render that value. If it Section, the MUA SHOULD NOT render that value. If it does
does render the value, the MUA SHOULD indicate that the render the value, the MUA SHOULD indicate that the rendered
rendered value is unprotected. For an exception to this, see value is unprotected. For an exception to this, see Section 7
Section 7 for a discussion of some specific Header Fields that for a discussion of some specific Header Fields that are known
are known to be added in transit, and therefore are not to be added in transit and therefore are not expected to have
expected to have end-to-end cryptographic protections. end-to-end cryptographic protections.
* The MUA SHOULD include information in the message's Cryptographic * The MUA SHOULD include information in the message's Cryptographic
Summary to indicate the types of protection that applied to each Summary to indicate the types of protection that applied to each
rendered Header Field (if any). rendered Header Field (if any).
* If any Legacy Display Elements are present in the body of the * If any Legacy Display Elements are present in the Body of the
message, it does not render them. message, it does not render them.
* When replying to a message with confidential Header Fields, the * When replying to a message with confidential Header Fields, the
replying MUA avoids leaking into the cleartext of the reply any replying MUA avoids leaking any Header Fields that were
Header Fields which were confidential in the original. It does confidential in the original into the cleartext of the reply. It
this even if its own Header Confidentiality Policy would not have does this even if its own HCP would not have treated those Header
treated those Header Fields as confidential. See Section 6 for Fields as confidential. See Section 6 for more details.
more details.
Note that an MUA that handles a message with Header Protection does Note that an MUA that handles a message with Header Protection does
_not_ need to render any new Header Fields that it did not render _not_ need to render any new Header Fields that it did not render
before. before.
4.1. Identifying that a Message has Header Protection 4.1. Identifying That a Message Has Header Protection
An incoming message can be identified as having Header Protection An incoming message can be identified as having Header Protection
using the following test: using the following test:
* The Cryptographic Payload has parameter hp set to "clear" or * The Cryptographic Payload has parameter hp set to "clear" or
"cipher". See Section 4.5 for rendering guidance. "cipher". See Section 4.5 for rendering guidance.
When consuming a message, an MUA MUST ignore the hp parameter to When consuming a message, an MUA MUST ignore the hp parameter to
Content-Type when it encounters it anywhere other than the root of Content-Type when it encounters it anywhere other than the root of
the message's Cryptographic Payload. the message's Cryptographic Payload.
4.2. Extracting Protected and Unprotected ("Outer") Header Fields 4.2. Extracting Protected and Unprotected ("Outer") Header Fields
When a message is encrypted and it uses Header Protection, an MUA When a message is encrypted and uses Header Protection, an MUA
extracts a list of protected Header Fields (names and values), as extracts a list of protected Header Fields (names and values), as
well as a list of Header Fields that were added by the original well as a list of Header Fields that were added by the original
message sender in unprotected form to the outside of the message's message sender in unprotected form to the outside of the message's
Cryptographic Envelope. Cryptographic Envelope.
The following algorithm takes a reference message refmsg as input, The following algorithm takes reference message refmsg as input,
which is encrypted with Header Protection as described in this which is encrypted with Header Protection as described in this
document (that is, the Cryptographic Envelope includes a document (that is, the Cryptographic Envelope includes a
Cryptographic Layer that provides encryption, and the hp parameter Cryptographic Layer that provides encryption, and the hp parameter
for the Content-Type Header Field of the Cryptographic Payload is for the Content-Type Header Field of the Cryptographic Payload is
cipher). It produces as output a pair of lists of (h,v) Header cipher). It produces as output a pair of lists of (h,v) Header
Fields. Fields.
4.2.1. HeaderSetsFromMessage 4.2.1. HeaderSetsFromMessage
Method Signature: Method signature:
HeaderSetsFromMessage(refmsg) (refouter, refprotected) HeaderSetsFromMessage(refmsg) -> (refouter, refprotected)
Procedure: Procedure:
1. Let refheaders be the list of (h,v) protected Header Fields found 1. Let refheaders be the list of (h,v) protected Header Fields found
in the root of the Cryptographic Payload in the root of the Cryptographic Payload.
2. Let refouter be an empty list of Header Field names and values 2. Let refouter be an empty list of Header Field names and values.
3. Let refprotected be an empty list of Header Field names and 3. Let refprotected be an empty list of Header Field names and
values values.
4. For each (h,v) in refheaders: 4. For each (h,v) in refheaders:
i. If h is HP-Outer: i. If h is HP-Outer:
a. Split v into (h1,v1) on the first colon (:) followed by a. Split v into (h1,v1) on the first colon (:), followed by
any amount of whitespace. any amount of whitespace.
b. Append (h1,v1) to refouter b. Append (h1,v1) to refouter.
ii. Else: ii. Else:
a. Append (h,v) to refprotected a. Append (h,v) to refprotected.
5. Return refouter, refprotected 5. Return refouter, refprotected.
Note that this algorithm is independent of the unprotected Header Note that this algorithm is independent of the unprotected Header
Fields. It derives its output only from the normal Header Fields and Fields. It derives its output only from the normal Header Fields and
the HP-Outer Header Fields, both contained inside the Cryptographic the HP-Outer Header Fields, both contained inside the Cryptographic
Payload. Payload.
4.3. Updating the Cryptographic Summary 4.3. Updating the Cryptographic Summary
Regardless of whether a cryptographically protected message has Regardless of whether a cryptographically protected message has
protected Header Fields, the Cryptographic Summary of the message protected Header Fields, the Cryptographic Summary of the message
should be modified to indicate what protections the Header Fields should be modified to indicate what protections the Header Fields
have. This field-by-field status is complex and isn't necessarily have. This field-by-field status is complex and isn't necessarily
intended to be presented in full to the user. Rather, it represents intended to be presented in full to the user. Rather, it represents
the state of the message internally within the MUA, and may be used the state of the message internally within the MUA and may be used to
to influence behavior like replying to the message (see Section 6.1). influence behavior like replying to the message (see Section 6.1).
Each Header Field individually has exactly one of the following Each Header Field individually has exactly one of the following
protection states: protection states:
* unprotected (has no Header Protection) * unprotected (has no Header Protection)
* signed-only (bound into the same validated signature as the * signed-only (bound into the same validated signature as the
enclosing message, but also visible in transit) enclosing message, but also visible in transit)
* encrypted-only (only appears within the Cryptographic Payload; the * encrypted-only (only appears within the Cryptographic Payload; the
skipping to change at page 30, line 13 skipping to change at line 1334
unprotected. unprotected.
If the message has Header Protection, an MUA SHOULD use the following If the message has Header Protection, an MUA SHOULD use the following
algorithm to compute the protection state of a protected Header Field algorithm to compute the protection state of a protected Header Field
(h,v) (that is, an element of refprotected from Section 4.2): (h,v) (that is, an element of refprotected from Section 4.2):
4.3.1. HeaderFieldProtection 4.3.1. HeaderFieldProtection
Method signature: Method signature:
HeaderFieldProtection(msg, h, v) protection_state HeaderFieldProtection(msg, h, v) -> protection_state
Procedure: Procedure:
1. Let ct be the Content-Type of the root of the Cryptographic 1. Let ct be the Content-Type of the root of the Cryptographic
Payload of msg. Payload of msg.
2. Compute (refouter, refprotected) from HeaderSetsFromMessage(msg). 2. Compute (refouter, refprotected) from HeaderSetsFromMessage(msg).
3. If (h, v) is not in refprotected): 3. If (h, v) is not in refprotected:
i. Abort, v is not a valid value for header h i. Abort, v is not a valid value for Header Field h.
4. Let is_sig_valid be false 4. Let is_sig_valid be false.
5. If the message is signed: 5. If the message is signed:
i. Let is_sig_valid be the result of validating the signature i. Let is_sig_valid be the result of validating the signature.
6. If the message is encrypted, and if ct has a parameter 6. If the message is encrypted, and if ct has a parameter
hp="cipher", and if (h,v) is not in refouter: hp="cipher", and if (h,v) is not in refouter:
i. Return signed-and-encrypted if is_sig_valid otherwise i. Return signed-and-encrypted if is_sig_valid, otherwise return
encrypted-only encrypted-only.
7. Return signed-only if is_sig_valid otherwise unprotected 7. Return signed-only if is_sig_valid, otherwise return unprotected.
Note that: Note that:
* This algorithm is independent of the unprotected Header Fields. * This algorithm is independent of the unprotected Header Fields.
It derives the protection state only from (h,v) and the set of HP- It derives the protection state only from (h,v) and the set of HP-
Outer Header Fields, both of which are inside the Cryptographic Outer Header Fields, both of which are inside the Cryptographic
Envelope. Envelope.
* If the signature fails validation, the MUA lowers the affected * If the signature fails validation, the MUA lowers the affected
state to unprotected or encrypted-only without any additional state to unprotected or encrypted-only without any additional
warning to the user, as specified by Section 3.1 of warning to the user, as specified by Section 3.1 of [RFC9787].
[I-D.ietf-lamps-e2e-mail-guidance].
* Data from signed-and-encrypted and encrypted-only Header Fields * Data from signed-and-encrypted and encrypted-only Header Fields
may still not be fully private (see Section 11.2). may still not be fully private (see Section 11.2).
* Encryption may have been added in transit to an originally signed- * Encryption may have been added in transit to an originally signed-
only message. Thus only consider Header Fields to be confidential only message. Thus, only consider Header Fields to be
if the sender indicates it with the hp="cipher" parameter. confidential if the sender indicates it with the hp="cipher"
parameter.
* The protection state of a Header Field may be weaker than that of * The protection state of a Header Field may be weaker than that of
the message body. For example, a message body can be signed-and- the message Body. For example, a message Body can be signed-and-
encrypted, but a Header Field that is copied unmodified to the encrypted, but a Header Field that is copied unmodified to the
unprotected Header Section is signed-only. Outer Header Section is signed-only.
If the message has Header Protection, Header Fields that are not in If the message has Header Protection, Header Fields that are not in
refprotected (e.g., because they were added in transit), are refprotected (e.g., because they were added in transit) are
unprotected. unprotected.
Rendering the cryptographic status of each Header Field is likely to Rendering the cryptographic status of each Header Field is likely to
be complex and messy --- users may not understand it. It is beyond be complex and messy -- users may not understand it. It is beyond
the scope of this document to suggest any specific graphical the scope of this document to suggest any specific graphical
affordances or user experience. Future work should include examples affordances or user experience. Future work should include examples
of successful rendering of this information. of successful rendering of this information.
4.4. Handling Mismatch of From Header Fields 4.4. Handling Mismatch of From Header Fields
End-to-end (MUA-to-MUA) Header Protection is good for authenticity, End-to-end (MUA-to-MUA) Header Protection is good for authenticity,
integrity, and confidentiality, but it potentially introduces new integrity, and confidentiality, but it potentially introduces new
issues when an MUA depends on its MTA to authenticate parts of the issues when an MUA depends on its MTA to authenticate parts of the
Header Section. The latter is typically the case in modern e-mail Header Section. The latter is typically the case in modern email
systems. systems.
In particular, when an MUA depends on its MTA to ensure that the In particular, when an MUA depends on its MTA to ensure that the
e-mail address in the (unprotected) From Header Field is authentic, email address in the (unprotected) From Header Field is authentic,
but the MUA renders the e-mail address of the protected From Header but the MUA renders the email address of the protected From Header
Field that differs from the address visible to the MTA, this could Field that differs from the address visible to the MTA, this could
create a risk of sender address spoofing (see Section 10.1). This create a risk of sender address spoofing (see Section 10.1). This
potential risk applies to signed-only messages as well as signed-and- potential risk applies to signed-only messages as well as signed-and-
encrypted messages. encrypted messages.
4.4.1. Definitions 4.4.1. Definitions
4.4.1.1. From Header Field Mismatch 4.4.1.1. From Header Field Mismatch
"From Header Field Mismatch" is defined as follows: "From Header Field Mismatch" is defined as follows:
skipping to change at page 32, line 16 skipping to change at line 1431
the actual outer Header Field (as seen by the MTA), not the value the actual outer Header Field (as seen by the MTA), not the value
indicated by any potential inner HP-Outer. indicated by any potential inner HP-Outer.
4.4.1.2. No Valid and Correctly Bound Signature 4.4.1.2. No Valid and Correctly Bound Signature
"No Valid and Correctly Bound Signature" is defined as follows: "No Valid and Correctly Bound Signature" is defined as follows:
There is no valid signature made by a certificate for which the MUA There is no valid signature made by a certificate for which the MUA
has a valid binding to the protected From address. This includes: has a valid binding to the protected From address. This includes:
* the message has no signature, or * the message has no signature
* the message has a broken signature, or * the message has a broken signature
* the message has a valid signature, but the receiving MUA does not * the message has a valid signature, but the receiving MUA does not
see any valid binding between the signing certificate and the see any valid binding between the signing certificate and the
addr-spec of the inner From Header Field. addr-spec of the inner From Header Field
Note: There are many possible ways that an MUA could choose to Note: There are many possible ways that an MUA could choose to
validate a certificate-to-address binding. For example, the MUA validate a certificate-to-address binding. For example, the MUA
could ensure the certificate is issued by one of a set of trusted could ensure the certificate is issued by one of a set of trusted
certification authorities, it could rely on the user to do a manual certification authorities, it could rely on the user to do a manual
out-of-band comparison, it could rely on a DNSSEC signal ([RFC7929] out-of-band comparison, it could rely on a DNSSEC signal ([RFC7929]
or [RFC8162]), and so on. It is beyond the scope of this document to or [RFC8162]), and so on. It is beyond the scope of this document to
describe all possible ways an MUA might validate the certificate-to- describe all possible ways an MUA might validate the certificate-to-
address binding, or to choose among them. address binding or to choose among them.
4.4.2. Warning for From Header Field Mismatch 4.4.2. Warning for From Header Field Mismatch
To mitigate the above described risk of sender address spoofing, an To mitigate the above described risk of sender address spoofing, an
MUA SHOULD warn the user whenever both of the following conditions MUA SHOULD warn the user whenever both of the following conditions
are met: are met:
* From Header Field Mismatch (as defined in Section 4.4.1.1), and * From Header Field Mismatch (as defined in Section 4.4.1.1) and
* No Valid and Correctly Bound Signature (as defined in * No Valid and Correctly Bound Signature (as defined in
Section 4.4.1.2) Section 4.4.1.2)
This warning should be comparable to the MUA's warning about messages This warning should be comparable to the MUA's warning about messages
that are likely spam or phishing, and it SHOULD show both of the non- that are likely spam or phishing, and it SHOULD show both of the non-
matching From Header Fields. matching From Header Fields.
4.4.3. From Header Field Rendering 4.4.3. From Header Field Rendering
Furthermore, a receiving MUA that depends on its MTA to authenticate Furthermore, a receiving MUA that depends on its MTA to authenticate
the unprotected (outer) From Header Field SHOULD render the outer the unprotected (outer) From Header Field SHOULD render the outer
From Header Field (as an exception to the guidance in the beginning From Header Field (as an exception to the guidance in the beginning
of Section 4), if both of the following conditions are met: of Section 4) if both of the following conditions are met:
* From Header Field Mismatch (as defined in Section 4.4.1.1), and * From Header Field Mismatch (as defined in Section 4.4.1.1) and
* No Valid and Correctly Bound Signature (as defined in * No Valid and Correctly Bound Signature (as defined in
Section 4.4.1.2) Section 4.4.1.2)
An MUA MAY apply a local preference to render a different display An MUA MAY apply a local preference to render a different display
name (e.g., from an address book). name (e.g., from an address book).
See Section 10.1.1 for an detailed explanation of this rendering See Section 10.1.1 for a detailed explanation of this rendering
guidance. guidance.
4.4.4. Handling Protected From Header Field when Responding 4.4.4. Handling the Protected From Header Field When Responding
When responding to a message, an MUA has different ways to populate When responding to a message, an MUA has different ways to populate
the recipients of the new message. Depending on whether it is a the recipients of the new message. Depending on whether it is a
Reply, a Reply-All, or a Forward, an MUA may populate the composer Reply, a Reply All, or a Forward, an MUA may populate the composer
view using a combination of the referenced message's From, To, Cc, view using a combination of the referenced message's From, To, Cc,
Reply-To, Mail-Followup-To Header Fields, or any other signals. Reply-To, or Mail-Followup-To Header Fields or any other signals.
When responding to a message with Header Protection, an MUA MUST only When responding to a message with Header Protection, an MUA MUST only
use the protected Header Fields when populating the recipients of the use the protected Header Fields when populating the recipients of the
new message. new message.
This avoids compromise of message confidentiality when a MITM This avoids compromise of message confidentiality when a machine-in-
attacker modifies the unprotected From address of an encrypted the-middle (MITM) attacker modifies the unprotected From address of
message, attempting to learn the contents through a misdirected an encrypted message, attempting to learn the contents through a
reply. Note that with the rendering guidance above, a MITM attacker misdirected reply. Note that with the rendering guidance above, a
can cause the unprotected From Header Field to be displayed. Thus MITM attacker can cause the unprotected From Header Field to be
when responding, the populated To address may differ from the displayed. Thus, when responding, the populated To address may
rendered From address. However, this change in addresses should not differ from the rendered From address. However, this change in
cause more user confusion than the address change caused by a Reply- addresses should not cause more user confusion than the address
To in a Legacy Message does. change caused by a Reply-To in a Legacy Message does.
4.4.5. Matching addr-specs 4.4.5. Matching addr-specs
When generating (Section 3.1.1) or consuming (Section 4.4) a When generating (Section 3.1.1) or consuming (Section 4.4) a
protected From Header Field, the MUA considers the equivalence of two protected From Header Field, the MUA considers the equivalence of two
different addr-spec values. different addr-spec values.
First, the MUA MUST check whether the domain part of an addr-spec First, the MUA MUST check whether the domain part of an addr-spec
being compared contains any U-label [RFC5890]. If it does, it MUST being compared contains a U-label [RFC5890]. If it does, it MUST be
be converted to the A-label form is described in [RFC5891]. We call converted to the A-label form as described in [RFC5891]. We call a
a domain converted in this way (or the original domain, if it didn't domain converted in this way (or the original domain if it didn't
contain any U-label) "the ASCII version of the domain part". Second, contain any U-label) "the ASCII version of the domain part". Second,
the MUA MUST compare the ASCII version of the domain part of the two the MUA MUST compare the ASCII version of the domain part of the two
addr-specs by standard DNS comparison: assume ASCII text, and compare addr-specs by standard DNS comparison: Assume ASCII text and compare
alphabetic characters case-insensitively, as described in Section 3.1 alphabetic characters case-insensitively, as described in Section 3.1
of [RFC1035]. If the domain parts match, then the two local-parts of [RFC1035]. If the domain parts match, then the two local-parts
are matched against each other. The simplest and most common are matched against each other. The simplest and most common
comparison for the local-part is also an ASCII-based, case- comparison for the local-part is also an ASCII-based, case-
insensitive match. If the MUA has special knowledge about the domain insensitive match. If the MUA has special knowledge about the domain
and, when composing, it can reasonably expect the receiving MUAs to and, when composing, it can reasonably expect the receiving MUAs to
have the same information, it MAY match the local-part using a more have the same information, it MAY match the local-part using a more
sophisticated and inclusive matching algorithm. sophisticated and inclusive matching algorithm.
It is beyond the scope of this document to recommend a more It is beyond the scope of this document to recommend a more
sophisticated and inclusive matching algorithm. sophisticated and inclusive matching algorithm.
4.5. Rendering a Message with Header Protection 4.5. Rendering a Message with Header Protection
When the Cryptographic Payload's Content-Type has the parameter hp When the Cryptographic Payload's Content-Type has the parameter hp
set to "clear" or "cipher", the values of the protected Header Fields set to "clear" or "cipher", the values of the protected Header Fields
are drawn from the Header Fields of the Cryptographic Payload, and are drawn from the Header Fields of the Cryptographic Payload, and
the body that is rendered is the Cryptographic Payload itself. the Body that is rendered is the Cryptographic Payload itself.
4.5.1. Example Signed-only Message 4.5.1. Example Signed-Only Message
Consider a message with this structure, where the MUA is able to Consider a message with this structure, where the MUA is able to
validate the cryptographic signature: validate the cryptographic signature:
A └─╴application/pkcs7-mime; smime-type="signed-data" A └─╴application/pkcs7-mime; smime-type="signed-data"
⇩ (unwraps to) ⇩ (unwraps to)
B └┬╴multipart/alternative [Cryptographic Payload + Rendered Body] B └┬╴multipart/alternative [Cryptographic Payload + Rendered Body]
C ├─╴text/plain C ├─╴text/plain
D └─╴text/html D └─╴text/html
The message body should be rendered the same way as this message: The message Body should be rendered the same way as this message:
B └┬╴multipart/alternative B └┬╴multipart/alternative
C ├─╴text/plain C ├─╴text/plain
D └─╴text/html D └─╴text/html
The MUA should render Header Fields taken from part B. The MUA should render Header Fields taken from part B.
Its Cryptographic Summary should indicate that the message was signed Its Cryptographic Summary should indicate that the message was signed
and all rendered Header Fields were included in the signature. and all rendered Header Fields were included in the signature.
skipping to change at page 35, line 24 skipping to change at line 1576
validate the cryptographic signature: validate the cryptographic signature:
E └─╴application/pkcs7-mime; smime-type="enveloped-data" E └─╴application/pkcs7-mime; smime-type="enveloped-data"
↧ (decrypts to) ↧ (decrypts to)
F └─╴application/pkcs7-mime; smime-type="signed-data" F └─╴application/pkcs7-mime; smime-type="signed-data"
⇩ (unwraps to) ⇩ (unwraps to)
G └┬╴multipart/alternative [Cryptographic Payload + Rendered Body] G └┬╴multipart/alternative [Cryptographic Payload + Rendered Body]
H ├─╴text/plain H ├─╴text/plain
I └─╴text/html I └─╴text/html
The message body should be rendered the same way as this message: The message Body should be rendered the same way as this message:
G └┬╴multipart/alternative G └┬╴multipart/alternative
H ├─╴text/plain H ├─╴text/plain
I └─╴text/html I └─╴text/html
It should render Header Fields taken from part G. It should render Header Fields taken from part G.
Its Cryptographic Summary should indicate that the message is signed- Its Cryptographic Summary should indicate that the message is signed-
and-encrypted. and-encrypted.
When rendering the Cryptographic Status of a Header Field and when When rendering the Cryptographic Status of a Header Field and when
composing a reply, each Header Field found in G should be considered composing a reply, each Header Field found in G should be considered
against all HP-Outer Header Fields found in G. If an HP-Outer Header against all HP-Outer Header Fields found in G. If an HP-Outer Header
Field is found that matches both the name and value, the Header Field that matches both the name and value is found, the Header
Field's Cryptographic Status is just signed-only, even though the Field's Cryptographic Status is just signed-only, even though the
message itself is signed-and-encrypted. If no matching HP-Outer message itself is signed-and-encrypted. If no matching HP-Outer
Header Field is found, the Header Field's Cryptographic Status is Header Field is found, the Header Field's Cryptographic Status is
signed-and-encrypted, like the rest of the message. signed-and-encrypted, like the rest of the message.
If any of the User-Facing Header Fields are removed or obscured, the If any of the User-Facing Header Fields are removed or obscured, the
composer of this message may have placed Legacy Display Elements in composer of this message may have placed Legacy Display Elements in
parts H and I. parts H and I.
The MUA should ignore Header Fields from part E for the purposes of The MUA should ignore Header Fields from part E for the purposes of
rendering. rendering.
4.5.3. Do Not Render Legacy Display Elements 4.5.3. Do Not Render Legacy Display Elements
As described in Section 2.1.2, a message with cryptographic As described in Section 2.1.2, a message with cryptographic
confidentiality protection MAY include Legacy Display Elements for confidentiality protection MAY include Legacy Display Elements for
backward-compatibility with Legacy MUAs. These Legacy Display backward compatibility with Legacy MUAs. These Legacy Display
Elements are strictly decorative, unambiguously identifiable, and Elements are strictly decorative and unambiguously identifiable and
will be discarded by compliant implementations. will be discarded by compliant implementations.
The receiving MUA MUST avoid rendering the identified Legacy Display The receiving MUA MUST completely avoid rendering the identified
Elements to the user at all, since it is aware of Header Protection Legacy Display Elements to the user, since it is aware of Header
and can render the actual protected Header Fields. Protection and can render the actual protected Header Fields.
If a text/html or text/plain part within the Cryptographic Envelope If a text/html or text/plain part within the Cryptographic Envelope
is identified as containing Legacy Display Elements, those elements is identified as containing Legacy Display Elements, those elements
MUST be hidden when rendering and MUST be dropped when generating a MUST be hidden when rendering and MUST be dropped when generating a
draft reply or inline forwarded message. Whenever a Message or MIME draft reply or inline forwarded message. Whenever a Message or MIME
subtree is exported, downloaded, or otherwise further processed, if subtree is exported, downloaded, or otherwise further processed, if
there is no need to retain a valid cryptographic signature, the there is no need to retain a valid cryptographic signature, the
implementer MAY drop the Legacy Display Elements. implementer MAY drop the Legacy Display Elements.
4.5.3.1. Identifying a Part with Legacy Display Elements 4.5.3.1. Identifying a Part with Legacy Display Elements
A receiving MUA acting on a message that contains an encrypting A receiving MUA acting on a message that contains an encrypting
Cryptographic Layer identifies a MIME subpart within the Cryptographic Layer identifies a MIME subpart within the
Cryptographic Payload as containing Legacy Display Elements based on Cryptographic Payload as containing Legacy Display Elements based on
the Content-Type of the subpart. The subpart's Content-Type: the Content-Type of the subpart. The subpart's Content-Type:
* contains a parameter hp-legacy-display with value set to 1, and * contains a parameter hp-legacy-display with value set to 1 and
* is either text/html (see Section 4.5.3.3) or text/plain (see * is either text/html (see Section 4.5.3.3) or text/plain (see
Section 4.5.3.2). Section 4.5.3.2).
Note that the term "subpart" above is used in the general sense: if Note that the term "subpart" above is used in the general sense: If
the Cryptographic Payload is a single part, that part itself may the Cryptographic Payload is a single part, that part itself may
contain a Legacy Display Element if it is marked with the hp-legacy- contain a Legacy Display Element if it is marked with the hp-legacy-
display=1 parameter. display="1" parameter.
4.5.3.2. Omitting Legacy Display Elements from text/plain 4.5.3.2. Omitting Legacy Display Elements from text/plain
If a text/plain part within the Cryptographic Payload has the If a text/plain part within the Cryptographic Payload has the
Content-Type parameter hp-legacy-display="1", it should be processed Content-Type parameter hp-legacy-display="1", it should be processed
before rendering in the following fashion: before rendering in the following fashion:
* Discard the leading lines of the body of the part up to and * Discard the leading lines of the content of the MIME part up to
including the first entirely blank line. and including the first entirely blank line.
Note that implementing this strategy is dependent on the charset used Note that implementing this strategy is dependent on the charset used
by the MIME part. by the MIME part.
See Appendix E.1 for an example. See Appendix E.1 for an example.
4.5.3.3. Omitting Legacy Display Elements from text/html 4.5.3.3. Omitting Legacy Display Elements from text/html
If a text/html part within the Cryptographic Payload has the Content- If a text/html part within the Cryptographic Payload has the Content-
Type parameter hp-legacy-display="1", it should be processed before Type parameter hp-legacy-display="1", it should be processed before
rendering in the following fashion: rendering in the following fashion:
* If any element of the HTML <body> is a <div> with class attribute * If any element of the HTML <body> is a <div> with class attribute
header-protection-legacy-display, that entire element should be header-protection-legacy-display, that entire element should be
omitted. omitted.
This cleanup could be done, for example, as a custom rule in the This cleanup could be done, for example, as a custom rule in the
MUA's HTML sanitizer, if one exists. Another implementation strategy MUA's HTML sanitizer, if one exists. Another implementation strategy
for an HTML-capable MUA would be to add an entry to the [CSS] for an HTML-capable MUA would be to add an entry to the [CSS] style
stylesheet for such a part: sheet for such a part:
body div.header-protection-legacy-display { display: none; } body div.header-protection-legacy-display { display: none; }
4.6. Implicitly rendered Header Fields 4.6. Implicitly Rendered Header Fields
While From, To, Cc, Subject, and Date Header Fields are often While the From, To, Cc, Subject, and Date Header Fields are often
explicitly rendered to the user, some Header Fields do affect message explicitly rendered to the user, some Header Fields do affect message
display, without being explicitly rendered. display without being explicitly rendered.
For example, Message-Id, References, and In-Reply-To Header Fields For example, the Message-Id, References, and In-Reply-To Header
may collectively be used to place a message in a "thread" or series Fields may collectively be used to place a message in a "thread" or
of messages. series of messages.
In another example, Section 6.2 observes that the value of the Reply- In another example, Section 6.2 notes that the value of the Reply-To
To field can influence the draft reply message. So while the user Header Field can influence the draft reply message. So while the
may never see the Reply-To Header Field directly, it is implicitly user may never see the Reply-To Header Field directly, it is
"rendered" when the user interacts with the message by replying to implicitly "rendered" when the user interacts with the message by
it. replying to it.
An MUA that depends on any implicitly rendered Header Field in a An MUA that depends on any implicitly rendered Header Field in a
message with Header Protection MUST use the value from the protected message with Header Protection MUST use the value from the protected
Header Field, and SHOULD NOT use any value found outside the Header Field and SHOULD NOT use any value found outside the
cryptographic protection unless it is known to be a Header Field cryptographic protection unless it is known to be a Header Field
added in transit, as specified in Section 7. added in transit, as specified in Section 7.
4.7. Handling Undecryptable Messages 4.7. Handling Undecryptable Messages
An MUA might receive an apparently encrypted message that it cannot An MUA might receive an apparently encrypted message that it cannot
currently decrypt. For example, when an MUA does not have regular currently decrypt. For example, when an MUA does not have regular
access to the secret key material needed for decryption, it cannot access to the secret key material needed for decryption, it cannot
know the cryptographically protected Header Fields or even whether know the cryptographically protected Header Fields or even whether
the message has any cryptographically protected Header Fields. the message has any cryptographically protected Header Fields.
skipping to change at page 38, line 23 skipping to change at line 1719
might change if, say, References or In-Reply-To have been removed or might change if, say, References or In-Reply-To have been removed or
obscured (see Section 4.6). obscured (see Section 4.6).
Additionally, if the MUA does not retain access to the decrypting Additionally, if the MUA does not retain access to the decrypting
secret key, and it drops the decrypted form of a message, the secret key, and it drops the decrypted form of a message, the
message's rendering may revert to the encrypted form. For example, message's rendering may revert to the encrypted form. For example,
if an MUA follows this behavior, the Subject Header Field in a if an MUA follows this behavior, the Subject Header Field in a
mailbox summary might change from the real message subject back to mailbox summary might change from the real message subject back to
[...]. Or the message might be displayed outside of its current [...]. Or the message might be displayed outside of its current
thread if the MUA loses access to a removed References or In-Reply-To thread if the MUA loses access to a removed References or In-Reply-To
header. Header Field.
These behaviors are likely to surprise the user. However, an MUA has These behaviors are likely to surprise the user. However, an MUA has
several possible ways of reducing or avoiding all of these surprises, several possible ways of reducing or avoiding all of these surprises,
including: including:
* Ensuring that the MUA always has access to decryption-capable * Ensuring that the MUA always has access to decryption-capable
secret key material. secret key material.
* Rendering undecrypted messages in a special quarantine view until * Rendering undecrypted messages in a special quarantine view until
the decryption-capable secret key material is available. the decryption-capable secret key material is available.
To reduce or avoid the surprises associated with a decrypted message To reduce or avoid the surprises associated with a decrypted message
with removed or obscured Header Fields becoming undecryptable, the with removed or obscured Header Fields becoming undecryptable, the
MUA could also: MUA could also:
* Securely cache metadata from a decrypted message's protected * Securely cache metadata from a decrypted message's protected
Header Fields so that its rendering doesn't change after the first Header Fields so that its rendering doesn't change after the first
decryption. decryption.
* Securely store the session key associated with a decrypted * Securely store the session key associated with a decrypted message
message, so that attempts to read the message when the long-term so that attempts to read the message when the long-term secret key
secret key are unavailable can proceed using only the session key is unavailable can proceed using only the session key itself. For
itself. See, for example, the discussion about stashing session example, see the discussion about stashing session keys in
keys in Section 9.1 of [I-D.ietf-lamps-e2e-mail-guidance]. Section 9.1 of [RFC9787].
4.8. Guidance for Automated Message Handling 4.8. Guidance for Automated Message Handling
Some automated systems have a control channel that is operated by Some automated systems have a control channel that is operated by
e-mail. For example, an incoming e-mail message could subscribe email. For example, an incoming email message could subscribe
someone to a mailing list, initiate the purchase of a specific someone to a mailing list, initiate the purchase of a specific
product, approve another message for redistribution, or adjust the product, approve another message for redistribution, or adjust the
state of some shared object. state of some shared object.
To the extent that such a system depends on end-to-end cryptographic To the extent that such a system depends on end-to-end cryptographic
guarantees about the e-mail control message, Header Protection as guarantees about the email control message, Header Protection as
defined in this document should improve the system's security. This defined in this document should improve the system's security. This
section provides some specific guidance for systems that use e-mail section provides some specific guidance for systems that use email
messages as a control channel that want to benefit from these messages as a control channel that want to benefit from these
security improvements. security improvements.
4.8.1. Interpret Only Protected Header Fields 4.8.1. Only Interpret Protected Header Fields
Consider the situation where an e-mail-based control channel depends Consider the situation where an email-based control channel depends
on the message's cryptographic signature and the action taken depends on the message's cryptographic signature and the action taken depends
on some Header Field of the message. on some Header Field of the message.
In this case, the automated system MUST rely on information from the In this case, the automated system MUST rely on information from the
Header Field that is protected by the mechanism defined in this Header Field that is protected by the mechanism defined in this
document. It MUST NOT rely on any Header Field found outside the document. It MUST NOT rely on any Header Field found outside the
Cryptographic Payload. Cryptographic Payload.
For example, consider an administrative interface for a mailing list For example, consider an administrative interface for a mailing list
manager that only accepts control messages that are signed by one of manager that only accepts control messages that are signed by one of
its administrators. When an inbound message for the list arrives, it its administrators. When an inbound message for the list arrives, it
is queued (waiting for administrative approval) and the system is queued (waiting for administrative approval) and the system
generates and listens for two distinct e-mail addresses related to generates and listens for two distinct email addresses related to the
the queued message -- one that approves the message, and one that queued message -- one that approves the message and one that rejects
rejects it. If an administrator sends a signed control message to it. If an administrator sends a signed control message to the
the approval address, the mailing list verifies that the protected To approval address, the mailing list verifies that the protected To
Header Field of the signed control message contains the approval Header Field of the signed control message contains the approval
address before approving the queued message for redistribution. If address before approving the queued message for redistribution. If
the protected To Header Field does not contain that address, or there the protected To Header Field does not contain that address, or there
is no protected To Header Field, then the mailing list logs or is no protected To Header Field, then the mailing list logs or
reports the error and does not act on that control message. reports the error and does not act on that control message.
4.8.2. Ignore Legacy Display Elements 4.8.2. Ignore Legacy Display Elements
Consider the situation where an e-mail-based control channel expects Consider the situation where an email-based control channel expects
to receive an end-to-end encrypted message -- for example, where the to receive an end-to-end encrypted message -- for example, where the
control messages need confidentiality guarantees -- and where the control messages need confidentiality guarantees -- and where the
action taken depends on the contents of some MIME part within the action taken depends on the contents of some MIME part within the
message body. message Body.
In this case, the automated system that decrypts the incoming In this case, the automated system that decrypts the incoming
messages and scans the relevant MIME part MUST identify when the MIME messages and scans the relevant MIME part MUST identify when the MIME
part contains a Legacy Display Element (see Section 4.5.3.1), and it part contains a Legacy Display Element (see Section 4.5.3.1), and it
MUST parse the relevant MIME part with the Legacy Display Element MUST parse the relevant MIME part with the Legacy Display Element
removed. removed.
For example, consider an administrative interface of a confidential For example, consider an administrative interface of a confidential
issue tracking software. An authorized user can confidentially issue tracking software. An authorized user can confidentially
adjust the status of a tracked issue by a specially formatted first adjust the status of a tracked issue by a specially formatted first
line of the message body (for example, severity #183 serious). When line of the message Body (for example, severity #183 serious). When
the user's MUA encrypts a plain text control message to this issue the user's MUA encrypts a plaintext control message to this issue
tracker, depending on the MUA's HCP and its choice of legacy value, tracker, depending on the MUA's HCP and its choice of legacy value,
it may add a Legacy Display Element. If it does so, then the first it may add a Legacy Display Element. If it does so, then the first
line of the message body will contain a decorative copy of the line of the message Body will contain a decorative copy of the
confidential Subject Header Field. The issue tracking software confidential Subject Header Field. The issue tracking software
decrypts the incoming control message, identifies that there is a decrypts the incoming control message, identifies that there is a
Legacy Display Element in the part (see Section 4.5.3.1), strips the Legacy Display Element in the part (see Section 4.5.3.1), strips the
lines comprising the Legacy Display Element (including the first lines comprising the Legacy Display Element (including the first
blank line), and only then parses the remaining top line to look for blank line), and only then parses the remaining top line to look for
the expected special formatting. the expected special formatting.
4.9. Affordances for Debugging and Troubleshooting 4.9. Affordances for Debugging and Troubleshooting
Note that advanced users of an MUA may need access to the original Note that advanced users of an MUA may need access to the original
message, for example to troubleshoot problems with the rendering MUA message, for example, to troubleshoot problems with the rendering MUA
itself, or problems with the SMTP transport path taken by the itself or problems with the SMTP transport path taken by the message.
message.
An MUA that applies these rendering guidelines SHOULD ensure that the An MUA that applies these rendering guidelines SHOULD ensure that the
full original source of the message as it was received remains full original source of the message as it was received remains
available to such a user for debugging and troubleshooting. available to such a user for debugging and troubleshooting.
If a troubleshooting scenario demands information about the If a troubleshooting scenario demands information about the
cryptographically protected values of Header Fields, and the message cryptographically protected values of Header Fields, and the message
is encrypted, the debugging interface SHOULD also provide a "source" is encrypted, the debugging interface SHOULD also provide a "source"
view of the Cryptographic Payload itself, alongside the full original view of the Cryptographic Payload itself, alongside the full original
source of the message as received. source of the message as received.
4.10. Handling RFC8551HP Messages (Backward Compatibility) 4.10. Handling RFC8551HP Messages (Backward Compatibility)
Section 1.1.1 describes some drawbacks to the Header Protection Section 1.1.1 describes some drawbacks to the Header Protection
scheme defined in [RFC8551], referred to here as RFC8551HP. An MUA scheme defined in [RFC8551], referred to here as RFC8551HP. An MUA
MUST NOT generate an RFC8551HP message. However, for backward MUST NOT generate an RFC8551HP message. However, for backward
compatibility an MUA MAY try to render or respond to such a message compatibility, an MUA MAY try to render or respond to such a message
as though the message has standard Header Protection. as though the message has standard Header Protection.
The following two sections contain guidance for identifying, The following two sections contain guidance for identifying,
rendering and replying to RFC8551HP messages. Corresponding test rendering, and replying to RFC8551HP messages. Corresponding test
vectors are provided in Appendix C.2.5, Appendix C.2.6, and vectors are provided in Appendices C.2.5, C.2.6, and C.3.17.
Appendix C.3.17.
4.10.1. Identifying an RFC8551HP Message 4.10.1. Identifying an RFC8551HP Message
An RFC8551HP Message can be identified by its MIME structure, given An RFC8551HP message can be identified by its MIME structure, given
that all of the following conditions are met: that all of the following conditions are met:
* It has a well-formed Cryptographic Envelope consisting of at least * It has a well-formed Cryptographic Envelope consisting of at least
one Cryptographic Layer as the outermost MIME object. one Cryptographic Layer as the outermost MIME object.
* The Cryptographic Payload is a single message/rfc822 object * The Cryptographic Payload is a single message/rfc822 object.
* The message that constitutes the Cryptographic Payload does not * The message that constitutes the Cryptographic Payload does not
itself have a well-formed Cryptographic Envelope; that is, its itself have a well-formed Cryptographic Envelope; that is, its
outermost MIME object is not a Cryptographic Layer. outermost MIME object is not a Cryptographic Layer.
* No Content-Type parameter of hp= is set on either the * No Content-Type parameter of hp= is set on either the
Cryptographic Payload, or its immediate MIME child. Cryptographic Payload or its immediate MIME child.
Here is the MIME structure of an example signed-and-encrypted Here is the MIME structure of an example signed-and-encrypted
RFC8551HP message: RFC8551HP message:
A └─╴application/pkcs7-mime; smime-type="enveloped-data" A └─╴application/pkcs7-mime; smime-type="enveloped-data"
↧ (decrypts to) ↧ (decrypts to)
B └─╴application/pkcs7-mime; smime-type="signed-data" B └─╴application/pkcs7-mime; smime-type="signed-data"
⇩ (unwraps to) ⇩ (unwraps to)
C └┬╴message/rfc822 [Cryptographic Payload] C └┬╴message/rfc822 [Cryptographic Payload]
D └┬╴multipart/alternative [Rendered Body] D └┬╴multipart/alternative [Rendered Body]
E ├─╴text/plain E ├─╴text/plain
F └─╴text/html F └─╴text/html
This meets the definition of an RFC8551HP message because: This meets the definition of an RFC8551HP message because:
* Cryptographic Layers A and B form the Cryptographic Envelope. * Cryptographic Layers A and B form the Cryptographic Envelope.
* The Cryptographic Payload, rooted in part C has Content-Type: * The Cryptographic Payload, rooted in part C, has Content-Type:
message/rfc822. message/rfc822.
* Part D (the MIME root of the message at C) is itself not a * Part D (the MIME root of the message at C) is itself not a
Cryptographic Layer. Cryptographic Layer.
* Neither part C nor part D have any hp parameter set on their * Neither part C nor part D have any hp parameters set on their
Content-Type. Content-Type.
4.10.2. Rendering or Responding to an RFC8551HP message 4.10.2. Rendering or Responding to an RFC8551HP Message
When it has precisely identified a message as an RFC8551HP message, When an MUA has precisely identified a message as an RFC8551HP
an MUA MAY render or respond to that message as though it were a message, the MUA MAY render or respond to that message as though it
message with Header Protection as defined in this document by making were a message with Header Protection as defined in this document by
the following adjustments: making the following adjustments:
* Rather than rendering the message body as the Cryptographic * Rather than rendering the message Body as the Cryptographic
Payload itself (part C in the example above), render the RFC8551HP Payload itself (part C in the example above), render the RFC8551HP
message's body as the MIME subtree that is the Cryptographic message's Body as the MIME subtree that is the Cryptographic
Payload's immediate child (part D). Payload's immediate child (part D).
* Make a comparable modification to HeaderSetsFromMessage * Make a comparable modification to HeaderSetsFromMessage
(Section 4.2.1) and HeaderFieldProtection (Section 4.3.1): both (Section 4.2.1) and HeaderFieldProtection (Section 4.3.1): Both
algorithms currently look for the protected Header Fields on the algorithms currently look for the protected Header Fields on the
Cryptographic Payload (part C), but they should instead look at Cryptographic Payload (part C), but they should instead look at
the Cryptographic Payload's immediate child (part D). the Cryptographic Payload's immediate child (part D).
* If the Cryptographic Envelope is signed-only, behave as though * If the Cryptographic Envelope is signed-only, behave as though
there is an hp="clear" parameter for the Cryptographic Payload; if there is an hp="clear" parameter for the Cryptographic Payload; if
the Envelope contains encryption, behave as though there is an the Envelope contains encryption, behave as though there is an
hp="cipher" parameter. That is, infer the sender's cryptographic hp="cipher" parameter. That is, infer the sender's cryptographic
intent from the structure of the message. intent from the structure of the message.
* If the Cryptographic Envelope contains encryption, further modify * If the Cryptographic Envelope contains encryption, further modify
HeaderSetsFromMessage to derive refouter from the actual outer HeaderSetsFromMessage to derive refouter from the actual outer
message Header Fields (those found in part A in the example message Header Fields (those found in part A in the example above)
above), rather than looking for HP-Outer Header Fields with the rather than looking for HP-Outer Header Fields with the other
other protected Header Fields. That is, infer Header Field protected Header Fields. That is, infer Header Field
confidentiality based on the unprotected headers. confidentiality based on the unprotected Header Fields.
The inferences in the above modifications are not based on any strong The inferences in the above modifications are not based on any strong
end-to-end guarantees. An intervening MTA may tamper with the end-to-end guarantees. An intervening MTA may tamper with the
message's outer Header Section or wrap the message in an encryption message's Outer Header Section or wrap the message in an encryption
layer to undetectably change the recipient's understanding of the layer to undetectably change the recipient's understanding of the
confidentiality of the message's Header Fields or the message body confidentiality of the message's Header Fields or the message Body
itself. itself.
4.11. Rendering Other Schemes 4.11. Rendering Other Schemes
Other MUAs may have generated different structures of messages that Other MUAs may have generated different structures of messages that
aim to offer end-to-end cryptographic protections that include Header aim to offer end-to-end cryptographic protections that include Header
Protection. This document is not normative for those schemes, and it Protection. This document is not normative for those schemes, and it
is NOT RECOMMENDED to generate these other schemes, as they can is NOT RECOMMENDED to generate these other schemes, as they can
either have structural flaws or simply render poorly on Legacy MUAs. either have structural flaws or simply render poorly on Legacy MUAs.
A conformant MUA MAY attempt to infer Header Protection when A conformant MUA MAY attempt to infer Header Protection when
rendering an existing message that appears to use some other scheme rendering an existing message that appears to use some other scheme
not documented here. Pointers to some known other schemes can be not documented here. Pointers to some known other schemes can be
found in Appendix F. found in Appendix F.
5. Sending Guidance 5. Sending Guidance
This section describes the process an MUA should use to apply This section describes the process an MUA should use to apply
cryptographic protection to an e-mail message with Header Protection. cryptographic protection to an email message with Header Protection.
When composing a message with end-to-end cryptographic protections, When composing a message with end-to-end cryptographic protections,
an MUA SHOULD apply Header Protection. an MUA SHOULD apply Header Protection.
When generating such a message, an MUA MUST add the hp parameter (see When generating such a message, an MUA MUST add the hp parameter (see
Section 2.1.1) only to the Content-Type Header Field at the root of Section 2.1.1) only to the Content-Type Header Field at the root of
the message's Cryptographic Payload. The value of the parameter MUST the message's Cryptographic Payload. The value of the parameter MUST
indicate whether the Cryptographic Envelope contains a layer that indicate whether the Cryptographic Envelope contains a layer that
provides encryption. provides encryption.
5.1. Composing a Cryptographically Protected Message Without Header 5.1. Composing a Cryptographically Protected Message Without Header
Protection Protection
For contrast, we first consider the typical message composition For contrast, we first consider the typical message composition
process of a Legacy Crypto MUA which does not provide any Header process of a Legacy Crypto MUA, which does not provide any Header
Protection. Protection.
This process is described in Section 5.1 of This process is described in Section 5.1 of [RFC9787]. We replicate
[I-D.ietf-lamps-e2e-mail-guidance]. We replicate it here for it here for reference. The inputs to the algorithm are:
reference. The inputs to the algorithm are:
* origbody: the traditional unprotected message body as a well- * origbody: The unprotected message Body as a well-formed MIME tree
formed MIME tree (possibly just a single MIME leaf part). As a (possibly just a single MIME leaf part). As a well-formed MIME
well-formed MIME tree, origbody already has structural Header tree, origbody already has Structural Header Fields (Content-*)
Fields (Content-*) present. present.
* origheaders: the intended non-structural Header Fields for the * origheaders: The intended Non-Structural Header Fields for the
message, represented here as a list of (h,v) pairs, where h is a message, represented here as a list of (h,v) pairs, where h is a
Header Field name and v is the associated value. Note that these Header Field name and v is the associated value. Note that these
are Header Fields that the MUA intends to be visible to the are Header Fields that the MUA intends to be visible to the
recipient of the message. In particular, if the MUA uses the Bcc recipient of the message. In particular, if the MUA uses the Bcc
Header Field during composition, but plans to omit it from the Header Field during composition but plans to omit it from the
message (see Section 3.6.3 of [RFC5322]), it will not be in message (see Section 3.6.3 of [RFC5322]), it will not be in
origheaders. origheaders.
* crypto: The series of cryptographic protections to apply (for * crypto: The series of cryptographic protections to apply (for
example, "sign with the secret key corresponding to X.509 example, "sign with the secret key corresponding to X.509
certificate X, then encrypt to X.509 certificates X and Y"). This certificate X, then encrypt to X.509 certificates X and Y"). This
is a routine that accepts a MIME tree as input (the Cryptographic is a routine that accepts a MIME tree as input (the Cryptographic
Payload), wraps the input in the appropriate Cryptographic Payload), wraps the input in the appropriate Cryptographic
Envelope, and returns the resultant MIME tree as output. Envelope, and returns the resultant MIME tree as output.
The algorithm returns a MIME object that is ready to be injected into The algorithm returns a MIME object that is ready to be injected into
the mail system. the mail system.
5.1.1. ComposeNoHeaderProtection 5.1.1. ComposeNoHeaderProtection
Method Signature: Method signature:
ComposeNoHeaderProtection(origbody, origheaders, crypto) ComposeNoHeaderProtection(origbody, origheaders, crypto) ->
mime_message mime_message
Procedure: Procedure:
1. Apply crypto to MIME part origbody, producing MIME tree output 1. Apply crypto to MIME part origbody, producing MIME tree output.
2. For each Header Field name and value (h,v) in origheaders: 2. For each Header Field name and value (h,v) in origheaders:
i. Add Header Field h to output with value v i. Add Header Field h to output with value v.
3. Return output 3. Return output.
5.2. Composing a Message with Header Protection 5.2. Composing a Message with Header Protection
To compose a message using Header Protection, the composing MUA uses To compose a message using Header Protection, the composing MUA uses
the following inputs: the following inputs:
* All the inputs described in Section 5.1 * all the inputs described in Section 5.1
* hcp: a Header Confidentiality Policy, as defined in Section 3 * hcp: an HCP, as defined in Section 3
* respond: if the new message is a response to another message * respond: if the new message is a response to another message
(e.g., "Reply", "Reply All", "Forward", etc), the MUA function (e.g., "Reply", "Reply All", "Forward", etc.), the MUA function
corresponding to the user's action (see Section 6.1), otherwise corresponding to the user's action (see Section 6.1), otherwise
null null
* refmsg: if the new message is a response to another message, the * refmsg: if the new message is a response to another message, the
message being responded to, otherwise null message being responded to, otherwise null
* legacy: a boolean value, indicating whether any recipient of the * legacy: a boolean value, indicating whether any recipient of the
message is believed to have a Legacy MUA. If all recipients are message is believed to have a Legacy MUA. If all recipients are
known to implement this document, legacy should be set to false. known to implement this document, legacy should be set to false.
(How an MUA determines the value of legacy is out of scope for (How an MUA determines the value of legacy is out of scope for
this document; an initial implementation can simply set it to this document; an initial implementation can simply set it to
true) true.)
To enable visibility of User-Facing but now removed/obscured Header To enable visibility of User-Facing but now removed/obscured Header
Fields for decryption-capable Legacy MUAs, the Header Fields are Fields for decryption-capable Legacy MUAs, the Header Fields are
included as a decorative Legacy Display Element in specially marked included as a decorative Legacy Display Element in specially marked
parts of the message (see Section 2.1.2). This document recommends parts of the message (see Section 2.1.2). This document recommends
two mechanisms for such a decorative adjustment: one for a text/html two mechanisms for such a decorative adjustment: one for a text/html
Main Body Part of the e-mail message, and one for a text/plain Main Main Body Part of the email message and one for a text/plain Main
Body Part. This document does not recommend adding a Legacy Display Body Part. This document does not recommend adding a Legacy Display
Element to any other part. Element to any other part.
Please see Section 7.1 of [I-D.ietf-lamps-e2e-mail-guidance] for Please see Section 7.1 of [RFC9787] for guidance on identifying the
guidance on identifying the parts of a message that are a Main Body parts of a message that are a Main Body Part.
Part.
5.2.1. Compose 5.2.1. Compose
Method Signature: Method signature:
Compose(origbody, origheaders, crypto, hcp, respond, refmsg, legacy) Compose(origbody, origheaders, crypto, hcp, respond, refmsg, legacy)
mime_message -> mime_message
Procedure: Procedure:
1. Let newbody be a copy of origbody 1. Let newbody be a copy of origbody.
2. If crypto contains encryption, and legacy is true: 2. If crypto contains encryption and legacy is true:
i. Create ldlist, an empty list of (header, value) pairs i. Create ldlist, an empty list of (header, value) pairs.
ii. For each Header Field name and value (h,v) in origheaders: ii. For each Header Field name and value (h,v) in origheaders:
a. If h is User-Facing (see Section 1.1.2 of a. If h is User-Facing (see Section 1.1.2 of [RFC9787]):
[I-D.ietf-lamps-e2e-mail-guidance]):
I. If hcp(h,v) is not v: I. If hcp(h,v) is not v:
A. Add (h,v) to ldlist A. Add (h,v) to ldlist.
iii. If ldlist is not empty: iii. If ldlist is not empty:
a. Identify each leaf MIME part of newbody that represents a. Identify each leaf MIME part of newbody that represents
the "main body" of the message. a "Main Body Part" of the message.
b. For each "Main Body Part" bodypart of type text/plain b. For each "Main Body Part" bodypart of type text/plain
or text/html: or text/html:
I. Adjust bodypart by inserting a Legacy Display I. Adjust bodypart by inserting a Legacy Display
Element header list ldlist into its content, and Element Header Field list ldlist into its content
adding a Content-Type parameter hp-legacy-display and adding a Content-Type parameter hp-legacy-
with value 1 (see Section 5.2.2 for text/plain and display with value 1 (see Section 5.2.2 for text/
Section 5.2.3 for text/html) plain and Section 5.2.3 for text/html).
3. For each Header Field name and value (h,v) in origheaders: 3. For each Header Field name and value (h,v) in origheaders:
i. Add Header Field h to MIME part newbody with value v i. Add Header Field h to MIME part newbody with value v.
4. If crypto does not contain encryption: 4. If crypto does not contain encryption:
i. Set the hp parameter on the Content-Type of MIME part i. Set the hp parameter on the Content-Type of MIME part
newbody to clear newbody to clear.
ii. Let newheaders be a copy of origheaders ii. Let newheaders be a copy of origheaders.
5. Else (if crypto contains encryption): 5. Else (if crypto contains encryption):
i. Set the hp parameter on the Content-Type of MIME part i. Set the hp parameter on the Content-Type of MIME part
newbody to cipher newbody to cipher.
ii. If refmsg is not null, respond is not null, and refmsg ii. If refmsg is not null, respond is not null, and refmsg
itself is encrypted with header protection: itself is encrypted with Header Protection:
a. Let response_hcp be a single-use HCP derived from a. Let response_hcp be a single-use HCP derived from
respond and refmsg (see Section 6.1) respond and refmsg (see Section 6.1).
iii. Else (if this is not a response to an encrypted, header- iii. Else (if this is not a response to an encrypted, header-
protected message): protected message):
a. Set response_hcp to hcp_no_confidentiality a. Set response_hcp to hcp_no_confidentiality.
iv. Create new empty list of Header Field names and values iv. Create a new empty list of Header Field names and values
newheaders newheaders.
v. For each Header Field name and value (h,v) in origheaders: v. For each Header Field name and value (h,v) in origheaders:
a. Let newval be hcp(h,v) a. Let newval be hcp(h,v).
b. If newval is v: b. If newval is v:
I. Let newval be response_hcp(h,v) I. Let newval be response_hcp(h,v).
c. If newval is not null): c. If newval is not null:
I. Add (h,newval) to newheaders I. Add (h,newval) to newheaders.
vi. For each Header Field name and value (h,v) in newheaders: vi. For each Header Field name and value (h,v) in newheaders:
a. Let string record be the concatenation of h, a literal a. Let string record be the concatenation of h, a literal
": " (ASCII colon (0x3A) followed by ASCII space ": " (ASCII colon (0x3A) followed by ASCII space
(0x20)), and v (0x20)), and v.
b. Add Header Field "HP-Outer" to MIME part newbody with b. Add Header Field "HP-Outer" to MIME part newbody with
value record value record.
6. Apply crypto to MIME part newbody, producing MIME tree output 6. Apply crypto to MIME part newbody, producing MIME tree output.
7. For each Header Field name and value (h,v) in newheaders: 7. For each Header Field name and value (h,v) in newheaders:
i. Add Header Field h to output with value v i. Add Header Field h to output with value v.
8. Return output 8. Return output.
Note that both new parameters (hcp and legacy) are effectively Note that both new parameters (hcp and legacy) are effectively
ignored if crypto does not contain encryption. This is by design, ignored if crypto does not contain encryption. This is by design,
because they are irrelevant for signed-only cryptographic because they are irrelevant for signed-only cryptographic
protections. protections.
5.2.2. Adding a Legacy Display Element to a text/plain Part 5.2.2. Adding a Legacy Display Element to a text/plain Part
For a list of obscured and removed User-Facing Header Fields For a list of obscured and removed User-Facing Header Fields
represented as (header, value) pairs, concatenate them as a set of represented as (header, value) pairs, concatenate them as a set of
lines, with one newline at the end of each pair. Add an additional lines, with one newline at the end of each pair. Add an additional
trailing newline after the resultant text, and prepend the entire trailing newline after the resultant text, and prepend the entire
list to the body of the text/plain part. list to the content of the text/plain part.
The MUA MUST also add a Content-Type parameter of hp-legacy-display The MUA MUST also add a Content-Type parameter of hp-legacy-display
with value 1 to the MIME part to indicate that a Legacy Display with value 1 to the MIME part to indicate that a Legacy Display
Element was added. Element was added.
For example, if the list of obscured Header Fields was [("Cc", For example, if the list of obscured Header Fields was [("Cc",
"alice@example.net"), ("Subject", "Thursday's meeting")], then a "alice@example.net"), ("Subject", "Thursday's meeting")], then a
text/plain Main Body Part that originally looked like this: text/plain Main Body Part that originally looked like this:
Content-Type: text/plain; charset=UTF-8 Content-Type: text/plain; charset=UTF-8
I think we should skip the meeting. I think we should skip the meeting.
Would become: would become:
Content-Type: text/plain; charset=UTF-8; hp-legacy-display=1 Content-Type: text/plain; charset=UTF-8; hp-legacy-display=1
Subject: Thursday's meeting Subject: Thursday's meeting
Cc: alice@example.net Cc: alice@example.net
I think we should skip the meeting. I think we should skip the meeting.
Note that the Legacy Display Element (the lines beginning with Note that the Legacy Display Element (the lines beginning with
Subject: and Cc:) are part of the body of the MIME part in question. Subject: and Cc:) is part of the content of the MIME part in
question.
This example assumes that the Main Body Part in question is not the This example assumes that the Main Body Part in question is not the
root of the Cryptographic Payload. For instance, it could be a leaf root of the Cryptographic Payload. For instance, it could be a leaf
of a multipart/alternative Cryptographic Payload. This is why no of a multipart/alternative Cryptographic Payload. This is why no
additional Header Fields have been injected into the MIME part in additional Header Fields have been injected into the MIME part in
this example. this example.
5.2.3. Adding a Legacy Display Element to a text/html Part 5.2.3. Adding a Legacy Display Element to a text/html Part
Adding a Legacy Display Element to a text/html part is similar to how Adding a Legacy Display Element to a text/html part is similar to how
skipping to change at page 48, line 45 skipping to change at line 2209
For example, if the list of obscured Header Fields was [("Cc", For example, if the list of obscured Header Fields was [("Cc",
"alice@example.net"), ("Subject", "Thursday's meeting")], then a "alice@example.net"), ("Subject", "Thursday's meeting")], then a
text/html Main Body Part that originally looked like this: text/html Main Body Part that originally looked like this:
Content-Type: text/html; charset=UTF-8 Content-Type: text/html; charset=UTF-8
<html><head><title></title></head><body> <html><head><title></title></head><body>
<p>I think we should skip the meeting.</p> <p>I think we should skip the meeting.</p>
</body></html> </body></html>
Would become: would become:
Content-Type: text/html; charset=UTF-8; hp-legacy-display=1 Content-Type: text/html; charset=UTF-8; hp-legacy-display=1
<html><head><title></title></head><body> <html><head><title></title></head><body>
<div class="header-protection-legacy-display"> <div class="header-protection-legacy-display">
<pre>Subject: Thursday's meeting <pre>Subject: Thursday's meeting
Cc: alice@example.net</pre></div> Cc: alice@example.net</pre></div>
<p>I think we should skip the meeting.</p> <p>I think we should skip the meeting.</p>
</body></html> </body></html>
This example assumes that the Main Body Part in question is not the This example assumes that the Main Body Part in question is not the
root of the Cryptographic Payload. For instance, it could be a leaf root of the Cryptographic Payload. For instance, it could be a leaf
of a multipart/alternative Cryptographic Payload. This is why no of a multipart/alternative Cryptographic Payload. This is why no
additional Header Fields have been injected into the MIME part in additional Header Fields have been injected into the MIME part in
this example. this example.
5.2.3.1. Step-by-step Example for Inserting Legacy Display Element to 5.2.3.1. Step-by-Step Example for Inserting a Legacy Display Element
text/html into text/html
A composing MUA MAY insert the Legacy Display Element anywhere A composing MUA MAY insert the Legacy Display Element anywhere
reasonable within the message as long as it prioritizes visibility reasonable within the message as long as it prioritizes visibility
for the reader using a Legacy decryption-capable MUA. This decision for the reader using a Legacy MUA that is capable of decryption.
may take into account special message-specific HTML formatting This decision may take into account special message-specific HTML
expectations if the MUA is aware of them. However, some MUAs may not formatting expectations if the MUA is aware of them. However, some
have any special insight into the user's preferred HTML formatting, MUAs may not have any special insight into the user's preferred HTML
and still want to insert a Legacy Display Element. This section formatting and still want to insert a Legacy Display Element. This
offers a non-normative, simple, and minimal step-by-step approach for section offers a non-normative, simple, and minimal step-by-step
a composing MUA that has no other information or preferences to fall approach for a composing MUA that has no other information or
back on. preferences to fall back on.
The process below assumes that the MUA already has the full HTML The process below assumes that the MUA already has the full HTML
object that it intends to send, including all of the text supplied by object that it intends to send, including all of the text supplied by
the user. the user.
1. Assemble the text exactly as specified for text/plain (see 1. Assemble the text exactly as specified for text/plain (see
Section 5.2.2). Section 5.2.2).
2. Wrap that text in a verbatim <pre> element. 2. Wrap that text in a verbatim <pre> element.
skipping to change at page 50, line 8 skipping to change at line 2260
class header-protection-legacy-display. class header-protection-legacy-display.
4. Find the <body> element of the full HTML object. 4. Find the <body> element of the full HTML object.
5. Insert the <div> element as the first child of the <body> 5. Insert the <div> element as the first child of the <body>
element. element.
5.2.4. Only Add a Legacy Display Element to Main Body Parts 5.2.4. Only Add a Legacy Display Element to Main Body Parts
Some messages may contain a text/plain or text/html subpart that is Some messages may contain a text/plain or text/html subpart that is
_not_ a Main Body Part. For example, an e-mail message might contain _not_ a Main Body Part. For example, an email message might contain
an attached text file or a downloaded webpage. Attached documents an attached text file or a downloaded web page. Attached documents
need to be preserved as intended in the transmission, without need to be preserved as intended in the transmission, without
modification. modification.
The composing MUA MUST NOT add a Legacy Display Element to any part The composing MUA MUST NOT add a Legacy Display Element to any part
of the message that is not a Main Body Part. In particular, if a of the message that is not a Main Body Part. In particular, if a
part is annotated with Content-Disposition: attachment, or if it does part is annotated with Content-Disposition: attachment, or if it does
not descend via the first child of any of its multipart/mixed or not descend via the first child of any of its multipart/mixed or
multipart/related ancestors, it is not a Main Body Part, and MUST NOT multipart/related ancestors, it is not a Main Body Part and MUST NOT
be modified. be modified.
See Section 7.1 of [I-D.ietf-lamps-e2e-mail-guidance] for more See Section 7.1 of [RFC9787] for more guidance about common ways to
guidance about common ways to distinguish Main Body Parts from other distinguish Main Body Parts from other MIME parts in a message.
MIME parts in a message.
5.2.5. Do Not Add a Legacy Display Element to Other Content-Types 5.2.5. Do Not Add a Legacy Display Element to Other Content-Types
The purpose of injecting a Legacy Display Element into each Main Body The purpose of injecting a Legacy Display Element into each Main Body
MIME part is to enable rendering of otherwise obscured Header Fields Part is to enable rendering of otherwise obscured Header Fields in
in Legacy MUAs that are capable of message decryption, but don't know Legacy MUAs that are capable of message decryption but don't know how
how to follow the rest of the guidance in this document. to follow the rest of the guidance in this document.
The authors are unaware of any Legacy MUA that would render any MIME The authors are unaware of any Legacy MUA that would render any MIME
part type other than text/plain and text/html as the Main Body. A part type other than text/plain and text/html as the Main Body. A
generating MUA SHOULD NOT add a Legacy Display Element to any MIME generating MUA SHOULD NOT add a Legacy Display Element to any MIME
part with any other Content-Type. part with any other Content-Type.
6. Replying and Forwarding Guidance 6. Replying and Forwarding Guidance
An MUA might create a new message in response to another message, An MUA might create a new message in response to another message,
thus acting both as a receiving MUA and as a sending MUA. For thus acting both as a receiving MUA and as a sending MUA. For
example, the user of an MUA viewing any given message might take an example, the user of an MUA viewing any given message might take an
action like "Reply", "Reply All", "Forward", or some comparable action like "Reply", "Reply All", "Forward", or some comparable
action to start the composition of a new message. The new message action to start the composition of a new message. The new message
created this way effectively references the original message that was created this way effectively references the original message that was
viewed at the time. viewed at the time.
For encrypted messages, special guidance applies, because information For encrypted messages, special guidance applies, because information
can leak in at least two ways: leaking previously confidential Header can leak in at least two ways: leaking previously confidential Header
Fields, and leaking the entire message by sending the reply or Fields and leaking the entire message by sending the reply or forward
forward to the wrong party. to the wrong party.
6.1. Avoid Leaking Encrypted Header Fields in Replies and Forwards 6.1. Avoid Leaking Encrypted Header Fields in Replies and Forwards
As noted in Section 5.4 of [I-D.ietf-lamps-e2e-mail-guidance], an MUA As noted in Section 5.4 of [RFC9787], an MUA in this position MUST
in this position MUST NOT leak previously encrypted content in the NOT leak previously encrypted content in the clear in a follow-up
clear in a follow-up message. The same is true for protected Header message. The same is true for protected Header Fields.
Fields.
Values from any Header Field that was identified as either encrypted- Values from any Header Field that was identified as either encrypted-
only or signed-and-encrypted based on the steps outlined above MUST only or signed-and-encrypted based on the steps outlined above MUST
NOT be placed in cleartext output when generating a message. NOT be placed in cleartext output when generating a message.
In particular, if Subject was encrypted, and it is copied into the In particular, if Subject was encrypted, and it is copied into the
draft encrypted reply, the replying MUA MUST obscure the unprotected draft encrypted reply, the replying MUA MUST obscure the unprotected
(cleartext) Subject Header Field. (cleartext) Subject Header Field.
When crafting the Header Fields for a reply or forwarded message, the When crafting the Header Fields for a reply or forwarded message, the
composing MUA SHOULD make use of the HP-Outer Header Fields from composing MUA SHOULD make use of the HP-Outer Header Fields from
within the Cryptographic Envelope of the reference message to ensure within the Cryptographic Envelope of the reference message to ensure
that Header Fields derived from the reference message do not leak in that Header Fields derived from the reference message do not leak in
the reply. the reply.
On a high-level, this can be achieved as follows: Consider a Header On a high level, this can be achieved as follows: Consider a Header
Field in a reply message that is generated by derivation from a Field in a reply message that is generated by derivation from a
Header Field in the reference message. For example, the To Header Header Field in the reference message. For example, the To Header
Field is typically derived from the reference message's Reply-To or Field is typically derived from the reference message's Reply-To or
From Header Fields. When generating the outer copy of the Header From Header Fields. When generating the outer copy of the Header
Field, the composing MUA first applies its own Header Confidentiality Field, the composing MUA first applies its own HCP. If the Header
Policy. If the Header Field's value is changed by the HCP, then it Field's value is changed by the HCP, then it is applied to the Outer
is applied to the outside header. If the Header Field's value is Header Section. If the Header Field's value is unchanged, the
unchanged, the composing MUA re-generates the Header Field using the composing MUA re-generates the Header Field using the Header Fields
Header Fields that had been on the outside of the original message at that had been on the outside of the original message at sending time.
sending time. These can be inferred from the HP-Outer Header Fields These can be inferred from the HP-Outer Header Fields located within
located within the Cryptographic Payload of the referenced message. the Cryptographic Payload of the referenced message. If that value
If that value is itself different than the protected value, then it is itself different than the protected value, then it is applied to
is applied to the outside header. If the value is the same as the the Outer Header Section. If the value is the same as the protected
protected value, then it is simply copied to the outside header value, then it is simply copied to the Outer Header Section directly.
directly. Whether it was changed or not, it is noted in the Whether it was changed or not, it is noted in the protected Header
protected Header Section using HP-Outer, as described in Section using HP-Outer, as described in Section 2.2.1.
Section 2.2.1.
See Appendix D.2 for a simple worked example of this process. See Appendix D.2 for a simple worked example of this process.
Below we describe a supporting algorithm to handles this. It Below we describe a supporting algorithm to handle this. It produces
produces a list of Header Fields that should be obscured or removed a list of Header Fields that should be obscured or removed in the new
in the new message even if the sender's choice of Header message even if the sender's choice of HCP wouldn't normally remove
Confidentiality Policy wouldn't normally remove or obscure the Header or obscure the Header Field in question. This is effectively a
Field in question. This is effectively a single-use HCP. The normal single-use HCP. The normal sending guidance in Section 5.2 applies
sending guidance in Section 5.2 applies this single-use HCP to this single-use HCP to implement the high-level guidance above.
implement the high-level guidance above.
6.1.1. ReferenceHCP 6.1.1. ReferenceHCP
The algorithm takes two inputs: The algorithm takes two inputs:
* A single referenced message refmsg, and * A single referenced message refmsg
* A built-in MUA function respond associated with the user's action. * A built-in MUA respond function associated with the user's action.
respond takes as input a list of headers from a referenced message The respond function takes a list of Header Fields from a
and generates a list of initial candidate message Header Field referenced message as input and generates a list of initial
names and values that are used to populate the message composition candidate message Header Field names and values that are used to
interface. Something like this function already exists in most populate the message composition interface. Something like this
MUAs, though it may differ across responsive actions. For function already exists in most MUAs, though it may differ across
example, the respond function that implements "Reply All" is responsive actions. For example, the respond function that
likely to be a different from the respond that implements "Reply". implements "Reply All" is likely to be a different from the
respond function that implements "Reply".
As an output, it produces an ephemeral single-use Header As an output, it produces an ephemeral single-use HCP, specific to
Confidentiality Policy, specific to this kind of response to this this kind of response to this specific message.
specific message.
Method signature: Method signature:
ReferenceHCP(refmsg, respond) ephemeral_hcp ReferenceHCP(refmsg, respond) -> ephemeral_hcp
Procedure: Procedure:
1. If refmsg is not encrypted with Header Protection: 1. If refmsg is not encrypted with Header Protection:
i. Return hcp_no_confidentiality (there is no header i. Return hcp_no_confidentiality (there is no header
confidentiality in the reference message that needs confidentiality in the reference message that needs
protection) protection).
2. Extract refouter, refprotected from refmsg as described in 2. Extract refouter, refprotected from refmsg as described in
Section 4.2 Section 4.2.
3. Let genprotected be a list of (h,v) pairs generated by 3. Let genprotected be a list of (h,v) pairs generated by
respond(refprotected) respond(refprotected).
4. Let genouter be a list of (h,v) pairs generated by 4. Let genouter be a list of (h,v) pairs generated by
respond(refouter) respond(refouter).
5. For each (h,v) in genprotected: 5. For each (h,v) in genprotected:
i. If (h,v) is in genouter: i. If (h,v) is in genouter:
a. Remove (h,v) from both genprotected and genouter (this a. Remove (h,v) from both genprotected and genouter (this
Header Field does not need additional confidentiality) Header Field does not need additional confidentiality).
6. Let confmap be a mapping from a Header Field name and value (h,v) 6. Let confmap be a mapping from a Header Field name and value (h,v)
to either a string or the special value null (this mapping is to either a string or the special value null (this mapping is
initially empty) initially empty).
7. For each (h,v) remaining in genprotected: 7. For each (h,v) remaining in genprotected:
i. Set result to the special value null i. Set result to the special value null.
ii. For each (h1,v1) in genouter: ii. For each (h1,v1) in genouter:
a. If h1 is h: a. If h1 is h:
I. Set result to v1 I. Set result to v1.
iii. Insert (h,v) -> result into confmap iii. Insert (h,v) -> result into confmap.
8. Return a new HCP from confmap that tests whether (name,val_in) 8. Return a new HCP from confmap that tests whether the
are in confmap; if so, return confmap[(name,val_in)]; otherwise, (name,val_in) tuple is in confmap; if so, return
return val_in confmap[(name,val_in)]; otherwise, return val_in.
Note that the key idea here is to reuse the MUA's existing respond Note that the key idea here is to reuse the MUA's existing respond
function. The algorithm simulates how the MUA would pre-populate a function. The algorithm simulates how the MUA would pre-populate a
reply to two traditional messages whose Header Fields have the values reply to two messages whose Header Fields have the values refouter
refouter and refprotected respectively (independent of any and refprotected, respectively (independent of any cryptographic
cryptographic protections). Then it uses the difference to derive a protections). Then, it uses the difference to derive a one-time HCP.
one-time HCP. This HCP takes into account both the referenced This HCP takes into account both the referenced message's sender's
message's sender's preferences and the derivations that can happen to preferences and the derivations that can happen to Header Field
Header Field values when responding. Note that while some of these values when responding. Note that while some of these derivations
derivations are straight forward (e.g., In-Reply-To is usually are straightforward (e.g., In-Reply-To is usually derived from
derived from Message-ID), others are non-trivial. For example, the Message-ID), others are non-trivial. For example, the From address
From address may be derived from To, Cc, or from the MUA's local may be derived from To, Cc, or the MUA's local address preference
address preference (especially when the MUA received the referenced (especially when the MUA received the referenced message via Bcc).
message via Bcc). Similarly, To may be derived from To, From, and/or Similarly, To may be derived from To, From, and/or Cc Header Fields
Cc Header Fields depending on the MUA implementation and depending on depending on the MUA implementation and depending on whether the user
whether the user clicked "Reply", "Reply All", "Forward", or any clicked "Reply", "Reply All", "Forward", or any other action that
other action that generates a response to a message. Reusing the generates a response to a message. Reusing the MUA's existing
MUA's existing respond function incorporates these nuances without respond function incorporates these nuances without requiring any
requiring any extra configuration choices or additional maintenance extra configuration choices or additional maintenance burden.
burden.
6.2. Avoid Misdirected Replies 6.2. Avoid Misdirected Replies
When replying to a message, the Composing MUA typically decides who When replying to a message, the composing MUA typically decides who
to send the reply to based on: to send the reply to based on:
* the Reply-To, Mail-Followup-To, or From Header Fields * the Reply-To, Mail-Followup-To, or From Header Fields
* optionally, the other To or Cc Header Fields (if the user chose to * optionally, the other To or Cc Header Fields (if the user chose to
"reply all") "Reply All")
When a message has Header Protection, the replying MUA MUST populate When a message has Header Protection, the replying MUA MUST populate
the destination fields of the draft message using the protected the destination fields of the draft message using the protected
Header Fields, and ignore any unprotected Header Fields. Header Fields and ignore any unprotected Header Fields.
This mitigates against an attack where Mallory gets a copy of an This mitigates against an attack where Mallory gets a copy of an
encrypted message from Alice to Bob, and then replays the message to encrypted message from Alice to Bob and then replays the message to
Bob with an additional Cc to Mallory's own e-mail address in the Bob with an additional Cc to Mallory's own email address in the
message's outer (unprotected) Header Section. message's outer (unprotected) Header Section.
If Bob knows Mallory's certificate already, and he replies to such a If Bob knows Mallory's certificate already, and he replies to such a
message without following the guidance in this section, it's likely message without following the guidance in this section, it's likely
that his MUA will encrypt the cleartext of the message directly to that his MUA will encrypt the cleartext of the message directly to
Mallory. Mallory.
7. Unprotected Header Fields Added in Transit 7. Unprotected Header Fields Added in Transit
Some Header Fields are legitimately added in transit and could not Some Header Fields are legitimately added in transit and could not
have been known to the sender at message composition time. have been known to the sender at message composition time.
The most common of these Header Fields are Received and DKIM- The most common of these Header Fields are Received and DKIM-
Signature, neither of which are typically rendered, either explicitly Signature, neither of which are typically rendered, either explicitly
or implicitly. or implicitly.
If a receiving MUA has specific knowledge about a given Header Field, If a receiving MUA has specific knowledge about a given Header Field,
including that: including that:
* the Header Field would not have been known to the original sender, * the Header Field would not have been known to the original sender
and and
* the Header Field might be rendered explicitly or implicitly, * the Header Field might be rendered explicitly or implicitly,
then the MUA MAY decide to operate on the value of that Header Field then the MUA MAY decide to operate on the value of that Header Field
from the unprotected Header Section, even though the message has from the Outer Header Section, even though the message has Header
Header Protection. Protection.
The MUA MAY prefer to verify that the Header Fields in question have The MUA MAY prefer to verify that the Header Fields in question have
additional transit-derived cryptographic protections before rendering additional transit-derived cryptographic protections before rendering
or acting on them. For example, the MUA could verify whether these or acting on them. For example, the MUA could verify whether these
Header Fields are covered by an appropriate and valid ARC- Header Fields are covered by an appropriate and valid ARC-
Authentication-Results (see [RFC8617]) or DKIM-Signature (see Authentication-Results (see [RFC8617]) or DKIM-Signature (see
[RFC6376]) Header Field. [RFC6376]) Header Field.
Specific examples of user-meaningful Header Fields commonly added by Specific examples of Header Fields that are meaningful to the user
transport agents appear below. and are commonly added by MTAs appear below.
7.1. Mailing list Header Fields: List-* and Archived-At 7.1. Mailing List Header Fields: List-* and Archived-At
If the message arrives through a mailing list, the list manager If the message arrives through a mailing list, the list manager
itself may inject Header Fields (most have a List- prefix) in the itself may inject Header Fields (most have a List- prefix) in the
message: message:
* List-Archive * List-Archive
* List-Subscribe * List-Subscribe
* List-Unsubscribe * List-Unsubscribe
* List-Id * List-Id
* List-Help * List-Help
* List-Post * List-Post
* Archived-At * Archived-At
For some MUAs, these Header Fields are implicitly rendered, by For some MUAs, these Header Fields are implicitly rendered by
providing buttons for actions like "Subscribe", "View Archived providing buttons for actions like "Subscribe", "View Archived
Version", "Reply List", "List Info", etc. Version", "Reply List", "List Info", etc.
An MUA that receives a message with Header Protection that contains An MUA that receives a message with Header Protection that contains
these Header Fields in the unprotected section, and that has reason these Header Fields in the Outer Header Section and that has reason
to believe the message is coming through a mailing list MAY decide to to believe the message is coming through a mailing list MAY decide to
render them to the user (explicitly or implicitly) even though they render them to the user (explicitly or implicitly) even though they
are not protected. are not protected.
8. E-mail Ecosystem Evolution 8. Email Ecosystem Evolution
The e-mail ecosystem is the set of client-side and server-side The email ecosystem is the set of client-side and server-side
software and policies that are used in the creation, transmission, software and policies that are used in the creation, transmission,
storage, rendering, and indexing of electronic mail over the storage, rendering, and indexing of email over the Internet.
Internet.
This document is intended to offer tooling needed to improve the This document is intended to offer tooling needed to improve the
state of the e-mail ecosystem in a way that can be deployed without state of the email ecosystem in a way that can be deployed without
significant disruption. Some elements of this specification are significant disruption. Some elements of this specification are
present for transitional purposes, but would not exist if the system present for transitional purposes but would not exist if the system
were designed from scratch. were designed from scratch.
This section describes these transitional mechanisms, as well as some This section describes these transitional mechanisms, as well as some
suggestions for how they might eventually be phased out. suggestions for how they might eventually be phased out.
8.1. Dropping Legacy Display Elements 8.1. Dropping Legacy Display Elements
Any decorative Legacy Display Element added to an encrypted message Any decorative Legacy Display Element added to an encrypted message
that uses Header Protection is present strictly for enabling Header that uses Header Protection is present strictly for enabling Header
Field visibility (most importantly, the Subject Header Field) when Field visibility (most importantly, the Subject Header Field) when
the message is viewed with a decryption-capable Legacy MUA. the message is viewed with a decryption-capable Legacy MUA.
Eventually, the hope is that most decryption-capable MUAs will Eventually, the hope is that most decryption-capable MUAs will
conform to this specification, and there will be no need for conform to this specification and there will be no need for injection
injection of Legacy Display Elements in the message body. A survey of Legacy Display Elements in the message Body. A survey of widely
of widely used decryption-capable MUAs might be able to establish used decryption-capable MUAs might be able to establish when most of
when most of them do support this specification. them do support this specification.
At that point, a composing MUA could set the legacy parameter defined At that point, a composing MUA could set the legacy parameter defined
in Section 5.2 to false by default or could even hard-code it to in Section 5.2 to false by default or could even hard-code it to
false, yielding a much simpler message construction set. false, yielding a much simpler message construction set.
Until that point, an end user might want to signal that their Until that point, an end user might want to signal that their
receiving MUAs are conformant to this document so that a peer receiving MUAs are conformant to this document so that a peer
composing a message to them can set legacy to false. A signal composing a message to them can set legacy to false. A signal
indicating capability of handling messages with Header Protection indicating capability of handling messages with Header Protection
might be placed in the user's cryptographic certificate, or in might be placed in the user's cryptographic certificate or in
outbound messages. outbound messages.
This document does not attempt to define the syntax or semantics of This document does not attempt to define the syntax or semantics of
such a signal. such a signal.
8.2. More Ambitious Default Header Confidentiality Policy 8.2. More Ambitious Default HCP
This document defines a few different forms of Header Confidentiality This document defines a few different forms of HCP. An MUA
Policy. An MUA implementing an HCP for the first time SHOULD deploy implementing an HCP for the first time SHOULD deploy hcp_baseline as
hcp_baseline as recommended in Section 3.3. This HCP offers the most recommended in Section 3.3. This HCP offers the most commonly
commonly expected protection (obscuring the Subject Header Field) expected protection (obscuring the Subject Header Field) without
without risking deliverability or rendering issues. risking deliverability or rendering issues.
The HCPs proposed in this document are relatively conservative and The HCPs proposed in this document are relatively conservative and
still leak a significant amount of metadata for encrypted messages. still leak a significant amount of metadata for encrypted messages.
This is largely done to ensure deliverability (see Section 1.3.2) and This is largely done to ensure deliverability (see Section 1.3.2) and
usability, as messages without some critical Header Fields are more usability, as messages without some critical Header Fields are more
likely to not reach their intended recipient. likely to not reach their intended recipient.
In the future, some mail transport systems may accept and deliver In the future, some mail transport systems may accept and deliver
messages with even less publicly visible metadata. Many MTA messages with even less publicly visible metadata. Many MTA
operators today would ask for additional guarantees about such a operators today would ask for additional guarantees about such a
message to limit the risks associated with abusive or spammy mail. message to limit the risks associated with abusive or spam mail.
This specification offers the HCP formalism itself as a way for MUA This specification offers the HCP formalism itself as a way for MUA
developers and MTA operators to describe their expectations around developers and MTA operators to describe their expectations around
message deliverability. MUA developers can propose a more ambitious message deliverability. MUA developers can propose a more ambitious
default HCP, and ask MTA operators (or simply test) whether their default HCP and ask MTA operators (or simply test) whether their MTAs
MTAs would be likely to deliver or reject encrypted mail with that would be likely to deliver or reject encrypted mail with that HCP
HCP applied. Proponents of a more ambitious HCP should explicitly applied. Proponents of a more ambitious HCP should explicitly
document the HCP and name it clearly and unambiguously to facilitate document the HCP and name it clearly and unambiguously to facilitate
this kind of interoperability discussion. this kind of interoperability discussion.
Reaching widespread consensus around a more ambitious global default Reaching widespread consensus around a more ambitious global default
HCP is a challenging problem of coordinating many different actors. HCP is a challenging problem of coordinating many different actors.
A piecemeal approach might be more feasible, where some signalling A piecemeal approach might be more feasible, where some signaling
mechanism allows a message recipient, MTA operator, or third-party mechanism allows a message recipient, MTA operator, or third-party
clearinghouse to announce what kinds of HCPs are likely to be clearinghouse to announce what kinds of HCPs are likely to be
deliverable for a given recipient. In such a situation, the default deliverable for a given recipient. In such a situation, the default
HCP for an MUA might involve consulting the signalled acceptable HCPs HCP for an MUA might involve consulting the signaled acceptable HCPs
for all recipients, and combining them (along with a default for when for all recipients and combining them (along with a default for when
no signal is present) in some way. no signal is present) in some way.
If such a signal were to reach widespread use, it could also be used If such a signal were to reach widespread use, it could also be used
to guide reasonable statistical default HCP choices for recipients to guide reasonable statistical default HCP choices for recipients
with no signal. with no signal.
This document does not attempt to define the syntax or semantics of This document does not attempt to define the syntax or semantics of
such a signal. such a signal.
8.3. Deprecation of Messages Without Header Protection 8.3. Deprecation of Messages Without Header Protection
At some point, when the majority of MUA clients that can generate At some point, when the majority of MUA clients that can generate
cryptographically protected messages with Header Protection, it cryptographically protected messages can do so with Header
should be possible to deprecate any cryptographically protected Protection, it should be possible to deprecate any cryptographically
message that does not have Header Protection. protected message that does not have Header Protection.
For example, as noted in Section 9.1, it's possible for an MUA to For example, as noted in Section 9.1, it's possible for an MUA to
render a signed-only message that has no Header Protection the same render a signed-only message that has no Header Protection the same
as an unprotected message. And a signed-and-encrypted message as an unprotected message. And a signed-and-encrypted message
without Header Protection could likewise be marked as not fully without Header Protection could likewise be marked as not fully
protected. protected.
These stricter rules could be adopted immediately for all messages. These stricter rules could be adopted immediately for all messages.
Or an MUA developer could roll them out immediately for any new Or an MUA developer could roll them out immediately for any new
message, but still treat an old message (based on the Date Header message but still treat an old message (based on the Date Header
Field and cryptographic signature timestamp) more leniently. Field and cryptographic signature timestamp) more leniently.
A decision like this by any popular receiving MUA could drive A decision like this by any popular receiving MUA could drive
adoption of this standard for sending MUAs. adoption of this standard for sending MUAs.
9. Usability Considerations 9. Usability Considerations
This section describes concerns for MUAs that are interested in easy This section describes concerns for MUAs that are interested in easy
adoption of Header Protection by normal users. adoption of Header Protection by normal users.
While they are not protocol-level artifacts, these concerns motivate While they are not protocol-level artifacts, these concerns motivate
the protocol features described in this document. the protocol features described in this document.
See also the Usability commentary in Section 2 of See also the usability commentary in Section 2 of [RFC9787].
[I-D.ietf-lamps-e2e-mail-guidance].
9.1. Mixed Protections Within a Message Are Hard To Understand 9.1. Mixed Protections Within a Message Are Hard to Understand
When rendering a message to the user, the ideal circumstance is to When rendering a message to the user, the ideal circumstance is to
present a single cryptographic status for any given message. present a single cryptographic status for any given message.
However, when message Header Fields are present, some message Header However, when message Header Fields are present, some message Header
Fields do not have the same cryptographic protections as the main Fields do not have the same cryptographic protections as the main
message. message.
Representing such a mixed set of protection statuses is very Representing such a mixed set of protection statuses is very
difficult to do in a way that a Ordinary User can understand. There difficult to do in a way that an Ordinary User can understand. There
are at least three scenarios that are likely to be common, and poorly are at least three scenarios that are likely to be common and poorly
understood: understood:
* A signed message with no Header Protection. * A signed message with no Header Protection.
* A signed-and-encrypted message with no Header Protection. * A signed-and-encrypted message with no Header Protection.
* A signed-and-encrypted message with Header Protection as defined * A signed-and-encrypted message with Header Protection as defined
in this document, where some User-Facing Header Fields have in this document, where some User-Facing Header Fields have
confidentiality but some do not. confidentiality but some do not.
An MUA should have a reasonable strategy for clearly communicating An MUA should have a reasonable strategy for clearly communicating
each of these scenarios to the user. For example, an MUA operating each of these scenarios to the user. For example, an MUA operating
in an environment where it expects most cryptographically protected in an environment where it expects most cryptographically protected
messages to have Header Protection could use the following rendering messages to have Header Protection could use the following rendering
strategy: strategy:
* When rendering a message with signed-only cryptographic status but * When rendering a message with a signed-only cryptographic status
no Header Protection, an MUA may decline to indicate a positive but no Header Protection, an MUA may decline to indicate a
security status overall, and only indicate the cryptographic positive security status overall and only indicate the
status to a user in a message properties or diagnostic view. That cryptographic status to a user in a message properties or
is, the message may appear identical to an unsigned message except diagnostic view. That is, the message may appear identical to an
if a user verifies the properties through a menu option. unsigned message except if a user verifies the properties through
a menu option.
* When rendering a message with signed-and-encrypted or encrypted- * When rendering a message with a signed-and-encrypted or encrypted-
only cryptographic status but no Header Protection, overlay a only cryptographic status but no Header Protection, overlay a
warning flag on the typical cryptographic status indicator. That warning flag on the typical cryptographic status indicator. That
is, if a typical signed-and-encrypted message displays a lock is, if a typical signed-and-encrypted message displays a lock
icon, display a lock icon with a warning sign (e.g., an icon, display a lock icon with a warning sign (e.g., an
exclamation point in a triangle) overlaid. See, for example, the exclamation point in a triangle) overlaid. For example, see the
graphics in [chrome-indicators]. graphics in [chrome-indicators].
* When rendering a message with signed-and-encrypted or encrypted- * When rendering a message with a signed-and-encrypted or encrypted-
only cryptographic status, with Header Protection, but where the only cryptographic status with Header Protection but where the
Subject Header Field has not been removed or obscured, place a Subject Header Field has not been removed or obscured, place a
warning sign on the Subject line. warning sign on the Subject line.
Other simple rendering strategies could also be reasonable. Other simple rendering strategies could also be reasonable.
9.2. Users Should Not Have To Choose a Header Confidentiality Policy 9.2. Users Should Not Have to Choose a Header Confidentiality Policy
This document defines the abstraction of a Header Confidentiality This document defines the abstraction of an HCP object for the sake
Policy object for the sake of communication between implementers and of communication between implementers and deployments.
deployments.
Most e-mail users are unlikely to understand the tradeoffs between Most email users are unlikely to understand the trade-offs between
different policies. In particular, the potential negative side different policies. In particular, the potential negative side
effects (e.g., poor deliverability) may not be easily attributable by effects (e.g., poor deliverability) may not be easily attributable by
a normal user to a particular HCP. a normal user to a particular HCP.
Therefore, MUA implementers should be conservative in their choice of Therefore, MUA implementers should be conservative in their choice of
default HCP, and should not require the Ordinary User to make an default HCP and should not require the Ordinary User to make an
incomprehensible choice that could cause unfixable, undiagnosable incomprehensible choice that could cause unfixable, undiagnosable
problems. The safest option is for the MUA developer to select a problems. The safest option is for the MUA developer to select a
known, stable HCP (this document recommends hcp_baseline in known, stable HCP (this document recommends hcp_baseline in
Section 3.3) on the user's behalf. An MUA should not expose the Section 3.3) on the user's behalf. An MUA should not expose the
Ordinary User to a configuration option where they are expected to Ordinary User to a configuration option where they are expected to
manually select (let alone define) an HCP. manually select (let alone define) an HCP.
10. Security Considerations 10. Security Considerations
Header Protection improves the security of cryptographically Header Protection improves the security of cryptographically
protected e-mail messages. Following the guidance in this document protected email messages. Following the guidance in this document
improves security for users by more directly aligning the underlying improves security for users by more directly aligning the underlying
messages with user expectations about confidentiality, authenticity, messages with user expectations about confidentiality, authenticity,
and integrity. and integrity.
Nevertheless, helping the user distinguish between cryptographic Nevertheless, helping the user distinguish between cryptographic
protections of various messages remains a security challenge for protections of various messages remains a security challenge for
MUAs. This is exarcebated by the fact that many existing messages MUAs. This is exacerbated by the fact that many existing messages
with cryptographic protections do not employ Header Protection. MUAs with cryptographic protections do not employ Header Protection. MUAs
encountering these messages (e.g., in an archive) will need to handle encountering these messages (e.g., in an archive) will need to handle
older forms (without Header Protection) for quite some time, possibly older forms (without Header Protection) for quite some time, possibly
forever. forever.
The security considerations from Section 6 of [RFC8551] continue to The security considerations from Section 6 of [RFC8551] continue to
apply for any MUA that offers S/MIME cryptographic protections, as apply for any MUA that offers S/MIME cryptographic protections, as
well as Section 3 of [RFC5083] (Authenticated-Enveloped-Data in CMS) well as Section 3 of [RFC5083] (Authenticated-Enveloped-Data in
and Section 14 of [RFC5652] (CMS more broadly). Likewise, the Cryptographic Message Syntax (CMS)) and Section 14 of [RFC5652] (CMS
security considerations from Section 8 of [RFC3156] continue to apply more broadly). Likewise, the security considerations from Section 8
for any MUA that offers PGP/MIME cryptographic protections, as well of [RFC3156] continue to apply for any MUA that offers PGP/MIME
as Section 13 of [RFC9580] (OpenPGP itself). In addition, these cryptographic protections, as well as Section 13 of [RFC9580]
underlying security considerations are now also applicable to the (OpenPGP itself). In addition, these underlying security
contents of the message header, not just the message body. considerations are now also applicable to the contents of the message
Header Section, not just the message Body.
10.1. From Address Spoofing 10.1. From Address Spoofing
If the From Header Field were treated by the receiving MUA like any If the From Header Field were treated like any other protected Header
other protected Header Field, this scheme would enable sender address Field by the receiving MUA, this scheme would enable sender address
spoofing. spoofing.
To prevent sender spoofing, many receiving MUAs implicitly rely on To prevent sender spoofing, many receiving MUAs implicitly rely on
their receiving MTA to inspect the unprotected Header Section and their receiving MTA to inspect the Outer Header Section and verify
verify that the From Header Field is authentic. If a receiving MUA that the From Header Field is authentic. If a receiving MUA displays
displays a From address that doesn't match the From address that the a From address that doesn't match the From address that the receiving
receiving and/or sending MTAs filtered on, the MUA may be vulnerable and/or sending MTAs filtered on, the MUA may be vulnerable to
to spoofing. spoofing.
Consider a malicious MUA that sets the following Header Fields on an Consider a malicious MUA that sets the following Header Fields on an
encrypted message with Header Protection: encrypted message with Header Protection:
* Outer: From: <alice@example.com> * Outer: From: <alice@example.com>
* Inner: HP-Outer: From: <alice@example.com> * Inner: HP-Outer: From: <alice@example.com>
* Inner: From: <bob@example.org> * Inner: From: <bob@example.org>
During sending, the MTA of example.com validates that the sending MUA During sending, the MTA of example.com validates that the sending MUA
is authorized to send from alice@example.com. Since the message is is authorized to send from alice@example.com. Since the message is
encrypted, the sending and receiving MTAs cannot see the protected encrypted, the sending and receiving MTAs cannot see the protected
Header Fields. A naive receiving MUA might follow the algorithms in Header Fields. A naive receiving MUA might follow the algorithms in
this document without special consideration for the From Header this document without special consideration for the From Header
Field. Such an MUA might display the email as coming from Field. Such an MUA might display the email as coming from
bob@example.org to the user, resulting in a spoofed address. bob@example.org to the user, resulting in a spoofed address.
This problem applies both between domains and within a domain. This problem applies both between domains and within a domain.
This problem always applies to signed-and-encrypted messages. This This problem always applies to signed-and-encrypted messages. This
problem also applies to signed-only messages because MTAs typically problem also applies to signed-only messages because MTAs typically
do not look at the protected Header Fields when confirming From do not look at the protected Header Fields when confirming From
address authenticity. address authenticity.
Sender address spoofing is relevant for two distinct security Sender address spoofing is relevant for two distinct security
properties: properties:
* Sender authenticity: relevant for rendering the message (which * Sender authenticity: relevant for rendering the message (which
address to show the user?). address to show the user?)
* Message confidentiality: relevant when replying to a message (a * Message confidentiality: relevant when replying to a message (a
reply to the wrong address can leak the message contents). reply to the wrong address can leak the message contents)
10.1.1. From Rendering Reasoning 10.1.1. From Rendering Reasoning
Section 4.4.3 provides guidance for rendering the From Header Field. Section 4.4.3 provides guidance for rendering the From Header Field.
It recommends a receiving MUA that depends on its MTA to authenticate It recommends a receiving MUA that depends on its MTA to authenticate
the unprotected (outer) From Header Field to render the outer From the unprotected (outer) From Header Field to render the outer From
Header Field, if both of the following conditions are met: Header Field if both of the following conditions are met:
* From Header Field Mismatch (as defined in Section 4.4.1.1) * From Header Field Mismatch (as defined in Section 4.4.1.1) and
* No Valid and Correctly Bound Signature (as defined in * No Valid and Correctly Bound Signature (as defined in
Section 4.4.1.2) Section 4.4.1.2)
Note: The second condition effectively means that the inner (expected Note: The second condition effectively means that the inner (expected
to be protected) From Header Field appears to have insufficient to be protected) From Header Field appears to have insufficient
protection. protection.
This may seem surprising since it causes the MUA to render a mix of This may seem surprising since it causes the MUA to render a mix of
both protected and unprotected values. This section provides an both protected and unprotected values. This section provides an
argument as to why this guidance makes sense. argument as to why this guidance makes sense.
We proceed by case distinction: We proceed by case distinction:
* Case 1: Malicious sending MUA. * Case 1: Malicious sending MUA.
- Attack situation: the sending MUA puts a different inner From - Attack situation: The sending MUA puts a different inner From
Header Field to spoof the sender address. Header Field to spoof the sender address.
- In this case, it is "better" to fall back and render the outer - In this case, it is "better" to fall back and render the outer
From Header Field because this is what the receiving MTA can From Header Field because this is what the receiving MTA can
validate. Otherwise this document would introduce a new way validate. Otherwise, this document would introduce a new way
for senders to spoof the From address of the message. for senders to spoof the From address of the message.
- This does not preclude a future document from updating this - This does not preclude a future document from updating this
document to specify a protocol for legitimate sender address document to specify a protocol for legitimate sender address
hiding. hiding.
* Case 2: Malicious sending/transiting/receiving MTA (or anyone * Case 2: Malicious sending/transiting/receiving MTA (or anyone
meddling between MTAs). meddling between MTAs).
- Attack situation: an on-path attacker changes the outer From - Attack situation: An on-path attacker changes the outer From
Header Field (possibly with other meddling to break the Header Field (possibly with other meddling to break the
signature, see below). Their goal is to get the receiving MUA signature; see below). Their goal is to get the receiving MUA
to show a different From address than the sending MUA intended to show a different From address than the sending MUA intended
(breaking MUA-to-MUA sender authenticity). (breaking MUA-to-MUA sender authenticity).
- Case 2.a: The sending MUA submitted an unsigned or encrypted- - Case 2.a: The sending MUA submitted an unsigned or encrypted-
only message to the email system. In this case, there can be only message to the email system. In this case, there can be
no sender authenticity anyway. no sender authenticity anyway.
- Case 2.b: The sending MUA submitted a signed-only message to - Case 2.b: The sending MUA submitted a signed-only message to
the email system. the email system.
o Case 2.b.i: The attacker removes or breaks the signature. o Case 2.b.i: The attacker removes or breaks the signature.
In this case, the attacker can also modify the inner From In this case, the attacker can also modify the inner From
Header Field to their liking. Header Field to their liking.
o Case 2.b.ii: The signature is valid, but the receiving MUA o Case 2.b.ii: The signature is valid, but the receiving MUA
does not see any valid binding between the signing does not see any valid binding between the signing
certificate and the addr-spec of the inner From Header certificate and the addr-spec of the inner From Header
Field. In this case, there can be no sender authenticity Field. In this case, there can be no sender authenticity
anyways (the certificate could have been generated by the anyways (the certificate could have been generated by the
on-path attacker). This case is indistinguishable from a on-path attacker). This case is indistinguishable from a
malicious sending MUA, hence it is "better" to fall back to malicious sending MUA; hence, it is "better" to fall back to
the outer From that the MTA can validate. Note that once the outer From Header Field that the MTA can validate. Note
the binding is validated (e.g., after an out-of-band that once the binding is validated (e.g., after an out-of-
comparison), the rendering may change from showing the outer band comparison), the rendering may change from showing the
From address (and a warning) to showing the inner, now outer From address (and a warning) to showing the inner, now
validated From address. In some cases, the binding may be validated From address. In some cases, the binding may be
instantly validated even for previously unseen certificates instantly validated even for previously unseen certificates
(e.g., if the certificate is issued by a trusted (e.g., if the certificate is issued by a trusted
certification authority). certification authority).
- Case 2.c: The sending MUA submitted a signed-and-encrypted - Case 2.c: The sending MUA submitted a signed-and-encrypted
message to the email system. message to the email system.
o Case 2.c.i: The attacker removes or breaks the signature. o Case 2.c.i: The attacker removes or breaks the signature.
Note that the signature is inside the ciphertext (see Note that the signature is inside the ciphertext (see
Section 5.2 of [I-D.ietf-lamps-e2e-mail-guidance]). Thus, Section 5.2 of [RFC9787]). Thus, assuming the encryption is
assuming the encryption is non-malleable, any on-path non-malleable, any on-path attacker cannot break the
attacker cannot break the signature while ensuring that the signature while ensuring that the message still decrypts
message still decrypts successfully. successfully.
o Case 2.c.ii: The signature is valid, but the receiving MUA o Case 2.c.ii: The signature is valid, but the receiving MUA
does not see any valid binding between the signing does not see any valid binding between the signing
certificate and the addr-spec of the inner From Header certificate and the addr-spec of the inner From Header
Field. See case 2.b.ii. Field. See case 2.b.ii.
As the case distinction shows, the outer From Header Field is either As the case distinction shows, the outer From Header Field is either
the preferred fallback (in particular, to avoid introducing a new the preferred fallback (in particular, to avoid introducing a new
spoofing channel), or it is just as good (because just as modifiable) spoofing channel) or just as good (because just as modifiable) as the
as the inner From Header Field. inner From Header Field.
Rendering the outer From Header Field does carry the risk of a Rendering the outer From Header Field does carry the risk of a
"temporary downgrade attack" in cases 2.b.ii and 2.c.ii, where a "temporary downgrade attack" in cases 2.b.ii and 2.c.ii, where a
malicious MTA keeps the signature intact but modifies the outer From malicious MTA keeps the signature intact but modifies the outer From
Header Field. The MUA can resolve this temporary downgrade by Header Field. The MUA can resolve this temporary downgrade by
validating the certificate-to-addr-spec binding. If the MUA never validating the certificate-to-addr-spec binding. If the MUA never
does this validation, the entire message could be fake. does this validation, the entire message could be fake.
If there were a signalling channel where the MTA can tell the MUA If there were a signaling channel where the MTA can tell the MUA
whether it authenticated the From Header Field, an MUA could use this whether it authenticated the From Header Field, an MUA could use this
in its rendering decision. In the absence of such a signal, and when in its rendering decision. In the absence of such a signal, and when
end-to-end authenticity is unavailable, this document prefers to fall end-to-end authenticity is unavailable, this document prefers to fall
back to the outer From Header Field. This default is based on the back to the outer From Header Field. This default is based on the
assumption that most MTAs apply some filtering based on the outer assumption that most MTAs apply some filtering based on the outer
From Header Field (whether the MTA can authenticate it or not). From Header Field (whether the MTA can authenticate it or not).
Rendering the unprotected outer From Header Field (instead of the Rendering the unprotected outer From Header Field (instead of the
protected inner one) in case of a mismatch retains this ability for protected inner one) in case of a mismatch retains this ability for
MTAs. MTAs.
If the MUA decides not to rely on the MTA to authenticate the outer If the MUA decides not to rely on the MTA to authenticate the outer
From Header Field, it may prefer the inner From Header Field. From Header Field, it may prefer the inner From Header Field.
10.2. Avoid Cryptographic Summary Confusion from hp Parameter 10.2. Avoid Cryptographic Summary Confusion from the hp Parameter
When parsing a message, the recipient MUA infers the message's When parsing a message, the recipient MUA infers the message's
Cryptographic Status from the Cryptographic Layers, as described in Cryptographic Status from the Cryptographic Layers, as described in
Section 4.6 of [I-D.ietf-lamps-e2e-mail-guidance]. Section 4.6 of [RFC9787].
The Cryptographic Layers that make up the Cryptographic Envelope The Cryptographic Layers that make up the Cryptographic Envelope
describe an ordered list of cryptographic properties as present in describe an ordered list of cryptographic properties as present in
the message after it has been delivered. By contrast, the hp the message after it has been delivered. By contrast, the hp
parameter to the Content-Type Header Field contains a simpler parameter to the Content-Type Header Field contains a simpler
indication: whether the sender originally tried to encrypt the indication: whether the sender originally tried to encrypt the
message or not. In particular, for a message with Header Protection, message or not. In particular, for a message with Header Protection,
the Cryptographic Payload should have a hp parameter of cipher if the the Cryptographic Payload should have a hp parameter of cipher if the
message is encrypted (in addition to signed), and clear if no message is encrypted (in addition to signed) and clear if no
encryption is present (that is, the message is signed-only). encryption is present (that is, the message is signed-only).
As noted in Section 2.1.1, the receiving implementation should not As noted in Section 2.1.1, the receiving implementation should not
inflate its estimation of the confidentiality of the message or its inflate its estimation of the confidentiality of the message or its
Header Fields based on the sender's intent, if it can see that the Header Fields based on the sender's intent if it can see that the
message was not actually encrypted. A signed-only message that message was not actually encrypted. A signed-only message that
happens to have an hp parameter of cipher is still signed-only. happens to have an hp parameter of cipher is still signed-only.
Conversely, since the encrypting Cryptographic Layer is typically Conversely, since the encrypting Cryptographic Layer is typically
outside the signature layer (see Section 5.2 of outside the signature layer (see Section 5.2 of [RFC9787]), an
[I-D.ietf-lamps-e2e-mail-guidance]), an originally signed-only originally signed-only message could have been wrapped in an
message could have been wrapped in an encryption layer by an encryption layer by an intervening party before receipt to appear
intervening party before receipt, to appear encrypted. encrypted.
If a message appears to be wrapped in an encryption layer, and the hp If a message appears to be wrapped in an encryption layer, and the hp
parameter is present but is not set to cipher, then it is likely that parameter is present but is not set to cipher, then it is likely that
the encryption layer was not added by the original sender. For such the encryption layer was not added by the original sender. For such
a message, the lack of any HP-Outer Header Field in the Header a message, the lack of any HP-Outer Header Field in the Header
Section of the Cryptographic Payload MUST NOT be used to infer that Section of the Cryptographic Payload MUST NOT be used to infer that
all Header Fields were removed from the message by the original all Header Fields were removed from the message by the original
sender. In such a case, the receiving MUA SHOULD treat every Header sender. In such a case, the receiving MUA SHOULD treat every Header
Field as though it was not confidential. Field as though it was not confidential.
10.3. Caution about Composing with Legacy Display Elements 10.3. Caution About Composing with Legacy Display Elements
When composing a message, it's possible for a Legacy Display Element When composing a message, it's possible for a Legacy Display Element
to contain risky data that could trigger errors in a rendering to contain risky data that could trigger errors in a rendering
client. client.
For example, if the value for a Header Field to be included in a For example, if the value for a Header Field to be included in a
Legacy Display Element within a given body part contains folding Legacy Display Element within a given Body part contains folding
whitespace, it should be "unfolded" before generating the Legacy whitespace, it should be "unfolded" before generating the Legacy
Display Element: all contiguous folding whitespace should be replaced Display Element: All contiguous folding whitespace should be replaced
with a single space character. Likewise, if the header value was with a single space character. Likewise, if the Header Field value
originally encoded with [RFC2047], it should be decoded first to a was originally encoded per [RFC2047], it should be decoded first to a
standard string and re-encoded using the charset appropriate to the standard string and re-encoded using the charset appropriate to the
target part. target part.
When including a Legacy Display Element in a text/plain part (see When including a Legacy Display Element in a text/plain part (see
Section 5.2.2), if the decoded Subject Header Field contains a pair Section 5.2.2), if the decoded Subject Header Field contains a pair
of newlines (e.g., if it is broken across multiple lines by encoded of newlines (e.g., if it is broken across multiple lines by encoded
newlines), any newline MUST be stripped from the Legacy Display newlines), any newline MUST be stripped from the Legacy Display
Element. If the pair of newlines is not stripped, a receiving MUA Element. If the pair of newlines is not stripped, a receiving MUA
that follows the guidance in Section 4.5.3.2 might leave the later that follows the guidance in Section 4.5.3.2 might leave the later
part of the Legacy Display Element in the rendered message. part of the Legacy Display Element in the rendered message.
When including a Legacy Display Element in a text/html part (see When including a Legacy Display Element in a text/html part (see
Section 5.2.3), any material in the header values should be Section 5.2.3), any material in the Header Field values should be
explicitly HTML escaped to avoid being rendered as part of the HTML. explicitly HTML escaped to avoid being rendered as part of the HTML.
At a minimum, the characters <, >, and & should be escaped to &lt;, At a minimum, the characters <, >, and & should be escaped to &lt;,
&gt;, and &amp;, respectively (see for example [HTML-ESCAPES]). If &gt;, and &amp;, respectively (for example, see [HTML-ESCAPES]). If
unescaped characters from removed or obscured header values end up in unescaped characters from removed or obscured Header Field values end
the Legacy Display Element, a receiving MUA that follows the guidance up in the Legacy Display Element, a receiving MUA that follows the
in Section 4.5.3.3 might fail to identify the boundaries of the guidance in Section 4.5.3.3 might fail to identify the boundaries of
Legacy Display Element, cutting out more than it should, or leaving the Legacy Display Element, cutting out more than it should or
remnants visible. And a Legacy MUA parsing such a message might leaving remnants visible. And a Legacy MUA parsing such a message
misrender the entire HTML stream, depending on the content of the might misrender the entire HTML stream, depending on the content of
removed or obscured header values. the removed or obscured Header Field values.
The Legacy Display Element is a decorative addition solely to enable The Legacy Display Element is a decorative addition solely to enable
visibility of obscured or removed Header Fields in decryption-capable visibility of obscured or removed Header Fields in decryption-capable
Legacy MUAs. When it is produced, it should be generated minimally Legacy MUAs. When it is produced, it should be generated minimally
and strictly, as described above, to avoid damaging the rest of the and strictly, as described above, to avoid damaging the rest of the
message. message.
10.4. Plaintext Attacks 10.4. Plaintext Attacks
An encrypted e-mail message using S/MIME or PGP/MIME tends to have An encrypted email message using S/MIME or PGP/MIME tends to have
some amount of predictable plaintext. For example, the standard MIME some amount of predictable plaintext. For example, the standard MIME
headers of the Cryptographic Payload of a message are often a Header Fields of the Cryptographic Payload of a message are often a
predictable sequence of bytes, even without Header Protection, when predictable sequence of bytes, even without Header Protection, when
they only include the Structural Header Fields MIME-Version and they only include the Structural Header Fields MIME-Version and
Content-Type. This is a potential risk for known-plaintext attacks. Content-Type. This is a potential risk for known-plaintext attacks.
Including protected Header Fields as defined in this document Including protected Header Fields as defined in this document
increases the amount of known plaintext. Since some of those headers increases the amount of known plaintext. Since some of those Header
in a reply will be derived from the message being replied to, this Fields in a reply will be derived from the message being replied to,
also creates a potential risk for chosen-plaintext attacks, in this also creates a potential risk for chosen-plaintext attacks, in
addition to known-plaintext attacks. addition to known-plaintext attacks.
Modern message encryption mechanisms are expected to be secure Modern message encryption mechanisms are expected to be secure
against both known-plaintext attacks and chosen-plaintext attacks. against both known-plaintext attacks and chosen-plaintext attacks.
An MUA composing an encrypted message should ensure that it is using An MUA composing an encrypted message should ensure that it is using
such a mechanism, regardless of whether it does Header Protection. such a mechanism, regardless of whether it does Header Protection.
11. Privacy Considerations 11. Privacy Considerations
11.1. Leaks When Replying 11.1. Leaks When Replying
skipping to change at page 66, line 22 skipping to change at line 3009
11.2. Encrypted Header Fields Are Not Always Private 11.2. Encrypted Header Fields Are Not Always Private
For encrypted messages, depending on the sender's HCP, some Header For encrypted messages, depending on the sender's HCP, some Header
Fields may appear both within the Cryptographic Envelope and on the Fields may appear both within the Cryptographic Envelope and on the
outside of the message (e.g., Date might exist identically in both outside of the message (e.g., Date might exist identically in both
places). Section 4.3 identifies such a Header Field as signed-only. places). Section 4.3 identifies such a Header Field as signed-only.
These Header Fields are clearly _not_ private at all, despite a copy These Header Fields are clearly _not_ private at all, despite a copy
being inside the Cryptographic Envelope. being inside the Cryptographic Envelope.
A Header Field whose name and value are not matched verbatim by any A Header Field whose name and value are not matched verbatim by any
HP-Outer Header Field from the same part will have encrypted-only or HP-Outer Header Field from the same part will have an encrypted-only
signed-and-encrypted status. But even Header Fields with these or signed-and-encrypted status. But even Header Fields with these
stronger levels of cryptographic confidentiality protection might not stronger levels of cryptographic confidentiality protection might not
be as private as the user would like. be as private as the user would like.
See the examples below. See the examples below.
This concern is true for any encrypted data, including the body of This concern is true for any encrypted data, including the Body of
the message, not just the Header Fields: if the sender isn't careful, the message, not just the Header Fields: If the sender isn't careful,
the message contents or session keys can leak in many ways that are the message contents or session keys can leak in many ways that are
beyond the scope of this document. The message recipient has no way beyond the scope of this document. The message recipient has no way
in principle to tell whether the apparent confidentiality of any in principle to tell whether the apparent confidentiality of any
given piece of encrypted content has been broken via channels that given piece of encrypted content has been broken via channels that
they cannot perceive. Additionally, an active intermediary aware of they cannot perceive. Additionally, an active intermediary aware of
the recipient's public key can always encrypt a cleartext message in the recipient's public key can always encrypt a cleartext message in
transit to give the recipient a false sense of security. transit to give the recipient a false sense of security.
11.2.1. Encrypted Header Fields Can Leak Unwanted Information to the 11.2.1. Encrypted Header Fields Can Leak Unwanted Information to the
Recipient Recipient
For encrypted messages, even with an ambitious HCP that successfully For encrypted messages, even with an ambitious HCP that successfully
obscures most Header Fields from all transport agents, Header Fields obscures most Header Fields from all transport agents, Header Fields
will be ultimately visible to all intended recipients. This can be will be ultimately visible to all intended recipients. This can be
especially problematic for Header Fields that are not user-facing, especially problematic for Header Fields that are not User-Facing;
which the sender may not expect to be injected by their MUA. the sender may not expect such Header Fields to be injected by their
Consider the three following examples: MUA. Consider the three following examples:
* The MUA may inject a User-Agent Header Field that describes itself * The MUA may inject a User-Agent Header Field that describes itself
to every recipient, even though the sender may not want the to every recipient, even though the sender may not want the
recipient to know the exact version of their OS, hardware recipient to know the exact version of their OS, hardware
platform, or MUA. platform, or MUA.
* The MUA may have an idiosyncratic way of generating a Message-ID * The MUA may have an idiosyncratic way of generating a Message-ID
header, which could embed the choice of MUA, a time zone, a Header Field, which could embed the choice of MUA, time zone,
hostname, or other subtle information to a knowledgeable hostname, or other subtle information to a knowledgeable
recipient. recipient.
* The MUA may erroneously include a Bcc Header Field in the * The MUA may erroneously include a Bcc Header Field in the
origheaders of a copy of a message sent to the named recipient, origheaders of a copy of a message sent to the named recipient,
defeating the purpose of using Bcc instead of Cc (see Section 11.4 defeating the purpose of using Bcc instead of Cc (see Section 11.4
for more details about risks related to Bcc). for more details about risks related to Bcc).
Clearly, no end-to-end cryptographic protection of any Header Field Clearly, no end-to-end cryptographic protection of any Header Field
as defined in this document will hide such a sensitive field from the as defined in this document will hide such a sensitive field from the
intended recipient. Instead, the composing MUA MUST populate the intended recipient. Instead, the composing MUA MUST populate the
origheaders list for any outbound message with only information the origheaders list for any outbound message with only information the
recipient should have access to. This is true for messages without recipient should have access to. This is true for messages without
any cryptographic protection as well, of course, and it is even worse any cryptographic protection as well, of course, and it is even worse
there: such a leak is exposed to the transport agents as well as the there: Such a leak is exposed to the transport agents as well as the
recipient. An encrypted message with Header Protection and a more recipient. An encrypted message with Header Protection and a more
ambitious Header Confidentiality Policy avoid these leaks exposing ambitious HCP avoids these leaks that expose information to the
information to the transport agents but cannot defend against such a transport agents, but it cannot defend against such a leak to the
leak to the recipient. recipient.
11.2.2. Encrypted Header Fields Can Be Inferred From External or 11.2.2. Encrypted Header Fields Can Be Inferred from External or
Internal Metadata Internal Metadata
For example, if the To and Cc Header Fields are removed from the For example, if the To and Cc Header Fields are removed from the
unprotected Header Section, the values in those fields might still be Outer Header Section, the values in those fields might still be
inferred with high probability by an adversary who looks at the inferred with high probability by an adversary who looks at the
message either in transit or at rest. If the message is found in, or message either in transit or at rest. For example, if the message is
being delivered to a mailbox for bob@example.org, it's likely that found in a mailbox, or being delivered to a mailbox, and the mailbox
Bob was in either To or Cc. Furthermore, encrypted message is known to be associated with the email address bob@example.org,
ciphertext may hint at the recipients: for S/MIME messages, the it's likely that Bob was in either To or Cc. Furthermore, encrypted
RecipientInfo, and for PGP/MIME messages the key ID in the Public Key message ciphertext may hint at the recipients: For S/MIME messages,
Encrypted Session Key (PKESK) packets will all hint at a specific set the RecipientInfo, and for PGP/MIME messages, the key ID in the
of recipients. Additionally, an MTA that handles the message may add Public Key Encrypted Session Key (PKESK) packets will all hint at a
a Received Header Field (or some other custom Header Field) that specific set of recipients. Additionally, an MTA that handles the
leaks some information about the nature of the delivery. message may add a Received Header Field (or some other custom Header
Field) that leaks some information about the nature of the delivery.
11.2.3. Encrypted Header Fields May Not Be Fully Masked by HCP 11.2.3. Encrypted Header Fields May Not Be Fully Masked by HCP
In another example, if the HCP modifies the Date header to mask out In another example, if the HCP modifies the Date Header Field to mask
high-resolution time stamps (e.g., rounding to the most recent hour), out high-resolution timestamps (e.g., rounding to the most recent
some information about the date of delivery will still be attached to hour), some information about the date of delivery will still be
the e-mail. At the very least, the low resolution, global version of attached to the email. At the very least, the low-resolution, global
the date will be present on the message. Additionally, Header Fields version of the date will be present on the message. Additionally,
like Received that are added during message delivery might include Header Fields like Received that are added during message delivery
higher-resolution timestamps. And if the message lands in a mailbox might include higher-resolution timestamps. And if the message lands
that is ordered by time of receipt, even its placement in the mailbox in a mailbox that is ordered by time of receipt, even its placement
and the non-obscured Date Header Fields of the surrounding messages in the mailbox and the unobscured Date Header Fields of the
could leak this information. surrounding messages could leak this information.
Some Header Fields like From may be impossible to fully obscure, as Some Header Fields like From may be impossible to fully obscure, as
many modern message delivery systems depend on at least domain many modern message delivery systems depend on at least domain
information in the From Header Field for determining whether a information in the From Header Field for determining whether a
message is coming from a domain with "good reputation" (that is, from message is coming from a domain with "good reputation" (that is, from
a domain that is not known for leaking spam). So even if an a domain that is not known for leaking spam). So even if an
ambitious HCP opts to remove the human-readable part from any From ambitious HCP opts to remove the human-readable part from any From
Header Field, and to standardize/genericize the local part of the Header Field and to standardize/genericize the local part of the From
From address, the domain will still leak. address, the domain will still leak.
11.3. A Naive Recipient May Overestimate the Cryptographic Status of a 11.3. A Naive Recipient May Overestimate the Cryptographic Status of a
Header Field in an Encrypted Message Header Field in an Encrypted Message
When an encrypted (or signed-and-encrypted) message is in transit, an When an encrypted (or signed-and-encrypted) message is in transit, an
active intermediary can strip or tamper with any Header Field that active intermediary can strip or tamper with any Header Field that
appears outside the Cryptographic Envelope. A receiving MUA that appears outside the Cryptographic Envelope. A receiving MUA that
naively infers cryptographic status from differences between the naively infers cryptographic status from differences between the
external Header Fields and those found in the Cryptographic Envelope external Header Fields and those found in the Cryptographic Envelope
could be tricked into overestimating the protections afforded to some could be tricked into overestimating the protections afforded to some
Header Fields. Header Fields.
For example, if the original sender's HCP passes through the Cc For example, if the original sender's HCP passes through the Cc
Header Field unchanged, a cleanly delivered message would indicate Header Field unchanged, a cleanly delivered message would indicate
that the Cc Header Field has a cryptographic status of signed. But that the Cc Header Field has a cryptographic status of signed. But
if an intermediary attacker simply removes the Header Field from the if an intermediary attacker simply removes the Header Field from the
unprotected Header Section before forwarding the message, then the Outer Header Section before forwarding the message, then the naive
naive recipient might believe that the field has a cryptographic recipient might believe that the field has a cryptographic status of
status of signed-and-encrypted. signed-and-encrypted.
This document offers protection against such an attack by way of the This document offers protection against such an attack by way of the
HP-Outer Header Fields that can be found on the Cryptographic HP-Outer Header Fields that can be found on the Cryptographic
Payload. If a Header Field appears to have been obscured by Payload. If a Header Field appears to have been obscured by
inspection of the outer message, but an HP-Outer Header Field matches inspection of the outer message but an HP-Outer Header Field matches
it exactly, the receiving MUA can indicate to the user that the it exactly, then the receiving MUA can indicate to the user that the
Header Field in question may not have been confidential. Header Field in question may not have been confidential.
In such a case, a cautious MUA may render the Header Field in In such a case, a cautious MUA may render the Header Field in
question as signed (because the sender did not hide it), but still question as signed (because the sender did not hide it) but still
treat it as signed-and-encrypted during reply, to avoid accidental treat it as signed-and-encrypted during reply to avoid accidental
leakage of the cleartext value in the reply message, as described in leakage of the cleartext value in the reply message, as described in
Section 6.1. Section 6.1.
11.4. Privacy and Deliverability Risks with Bcc and Encrypted Messages 11.4. Privacy and Deliverability Risks with Bcc and Encrypted Messages
As noted in Section 9.3 of [I-D.ietf-lamps-e2e-mail-guidance], As noted in Section 9.3 of [RFC9787], handling Bcc when generating an
handling Bcc when generating an encrypted e-mail message can be encrypted email message can be particularly tricky. With Header
particularly tricky. With Header Protection, there is an additional Protection, there is an additional wrinkle. When an encrypted email
wrinkle. When an encrypted e-mail message with Header Protection has message with Header Protection has a Bcc'ed recipient, and the
a Bcc'ed recipient, and the composing MUA explicitly includes the composing MUA explicitly includes the Bcc'ed recipient's address in
Bcc'ed recipient's address in their copy of the message (see the their copy of the message (see the "second method" in Section 3.6.3
"second method" in Section 3.6.3 of [RFC5322]), that Bcc Header Field of [RFC5322]), that Bcc Header Field will always be visible to the
will always be visible to the Bcc'ed recipient. Bcc'ed recipient.
In this scenario, though, the composing MUA has one additional In this scenario, though, the composing MUA has one additional
choice: whether to hide the Bcc Header Field from intervening message choice: whether or not to hide the Bcc Header Field from intervening
transport agents, by returning null when the HCP is invoked for Bcc. message transport agents by returning null when the HCP is invoked
If the composing MUA's rationale for including an explicit Bcc in the for Bcc. If the composing MUA's rationale for including an explicit
copy of the message sent to the Bcc recipient is to ensure Bcc in the copy of the message sent to the Bcc recipient is to ensure
deliverability via a message transport agent that inspects message deliverability via a message transport agent that inspects message
Header Fields, then stripping the Bcc field during encryption may Header Fields, then stripping the Bcc field during encryption may
cause the intervening transport agent to drop the message entirely. cause the intervening transport agent to drop the message entirely.
This is why Bcc is not explicitly stripped in hcp_baseline. This is why Bcc is not explicitly stripped in hcp_baseline.
If, on the other hand, deliverability to a Bcc'ed recipient is not a On the other hand, if deliverability to a Bcc'ed recipient is not a
concern, the most privacy-preserving option is to simply omit the Bcc concern, the most privacy-preserving option is to simply omit the Bcc
Header Field from the protected Header Section in the first place. Header Field from the protected Header Section in the first place.
An MUA that is capable of receiving and processing such a message can An MUA that is capable of receiving and processing such a message can
infer that since their user's address was not mentioned in any To or infer that since their user's address was not mentioned in any To or
Cc Header Field, they were likely a Bcc recipient. Cc Header Field, they were likely a Bcc recipient.
Please also see Section 9.3 of [I-D.ietf-lamps-e2e-mail-guidance] for Please also see Section 9.3 of [RFC9787] for more discussion about
more discussion about Bcc and encrypted messages. Bcc and encrypted messages.
12. IANA Considerations 12. IANA Considerations
This document registers an e-mail Header Field, describes parameters This document registers an email Header Field, describes parameters
for the Content-Type Header Field, and establishes a registry for for the Content-Type Header Field, and establishes a registry for
Header Confidentiality Policies to facilitate HCP evolution. Header Confidentiality Policies to facilitate HCP evolution.
12.1. Register the HP-Outer Header Field 12.1. Registration of the HP-Outer Header Field
This document requests IANA to register the following Header Field in
the "Permanent Message Header Field Names" registry within "Message
Headers" in accordance with [RFC3864].
+============+==========+==========+==========+===============+
| Header | Template | Protocol | Status | Reference |
| Field Name | | | | |
+============+==========+==========+==========+===============+
| HP-Outer | | mail | standard | Section 2.2.1 |
| | | | | of RFCXXXX |
+------------+----------+----------+----------+---------------+
Table 2: Additions to 'Permanent Message Header Field
Names' registry
The Author/Change Controller of these two entries (Section 4.5 of
[RFC3864]) should be the IETF itself.
12.2. Update Reference for Content-Type Header Field due to hp and hp-
legacy-display Parameters
This document also defines the Content-Type parameters known as hp IANA has registered the following Header Field in the "Permanent
(in Section 2.1.1) and hp-legacy-display (in Section 2.1.2). Message Header Field Names" registry within the "Message Headers"
Consequently, the Content-Type row in the "Permanent Message Header registry group <https://www.iana.org/assignments/message-headers> in
Field Names" registry should add a reference to this RFC to its accordance with [RFC3864].
"References" column.
That is, the current row: +===================+==========+==========+===============+
| Header Field Name | Protocol | Status | Reference |
+===================+==========+==========+===============+
| HP-Outer | mail | standard | Section 2.2.1 |
| | | | of RFC 9788 |
+-------------------+----------+----------+---------------+
+===================+==========+==========+========+===========+ Table 2: Addition to the Permanent Message Header Field
| Header Field Name | Template | Protocol | Status | Reference | Names Registry
+===================+==========+==========+========+===========+
| Content-Type | | MIME | | [RFC4021] |
+-------------------+----------+----------+--------+-----------+
Table 3: Existing row in 'Permanent Message Header Field Note that the Template and Trace columns are empty and therefore not
Names' registry included in the table.
Should be updated to have the following values: The Author/Change Controller (Section 4.5 of [RFC3864]) for this
entry is the IETF.
+===================+==========+==========+========+===========+ 12.2. Reference Update for the Content-Type Header Field
| Header Field Name | Template | Protocol | Status | Reference |
+===================+==========+==========+========+===========+
| Content-Type | | MIME | | [RFC4021] |
| | | | | [RFCXXXX] |
+-------------------+----------+----------+--------+-----------+
Table 4: Replacement row in 'Permanent Message Header Field This document defines the Content-Type parameters known as hp (in
Names' registry Section 2.1.1) and hp-legacy-display (in Section 2.1.2).
Consequently, IANA has added this document as a reference for
Content-Type in the "Permanent Message Header Field Names" registry
as shown below.
12.3. New Registry: Mail Header Confidentiality Policies +===================+==========+========================+
| Header Field Name | Protocol | Reference |
+===================+==========+========================+
| Content-Type | MIME | [RFC4021] and RFC 9788 |
+-------------------+----------+------------------------+
This document also requests IANA to create a new registry in the Table 3: Permanent Message Header Field Names Registry
"Mail Parameters" protocol group (https://www.iana.org/assignments/
mail-parameters/) titled Mail Header Confidentiality Policies with
the following content:
+========================+=================+=========+=============+ Note that the Template and Trace columns are empty and therefore not
| Header Confidentiality | Description |Reference| Recommended | included in the table.
| Policy Name | | | |
+========================+=================+=========+=============+
| hcp_no_confidentiality | No header |Section | N |
| | confidentiality |3.2.3 of | |
| | |RFCXXX | |
| | |(this | |
| | |document)| |
+------------------------+-----------------+---------+-------------+
| hcp_baseline | Confidentiality |Section | Y |
| | for |3.2.1 of | |
| | Informational |RFCXXX | |
| | Header Fields: |(this | |
| | Subject Header |document)| |
| | Field is | | |
| | obscured, | | |
| | Keywords and | | |
| | Comments are | | |
| | removed | | |
+------------------------+-----------------+---------+-------------+
| hcp_shy | Obscure |Section | N |
| | Subject, remove |3.2.2 of | |
| | Keywords and |RFCXXX | |
| | Comments, |(this | |
| | remove the time |document)| |
| | zone from Date, | | |
| | and obscure | | |
| | display-names | | |
+------------------------+-----------------+---------+-------------+
Table 5: Mail Header Confidentiality Policies registry 12.3. New Mail Header Confidentiality Policies Registry
hcp_example_hide_cc is offered as an example in Section 3 but is not IANA has created a new registry titled "Mail Header Confidentiality
formally registered by this document. Policies" within the "MAIL Parameters" registry group
<https://www.iana.org/assignments/mail-parameters/> with the
following content:
Please add the following textual note to this registry: +========================+=================+=============+=========+
| Header Confidentiality | Description | Recommended |Reference|
| Policy Name | | | |
+========================+=================+=============+=========+
| hcp_no_confidentiality | No header | N |Section |
| | confidentiality | |3.2.3 of |
| | | |RFC 9788 |
+------------------------+-----------------+-------------+---------+
| hcp_baseline | Confidentiality | Y |Section |
| | for | |3.2.1 of |
| | Informational | |RFC 9788 |
| | Header Fields: | | |
| | Subject Header | | |
| | Field is | | |
| | obscured, | | |
| | Keywords and | | |
| | Comments are | | |
| | removed | | |
+------------------------+-----------------+-------------+---------+
| hcp_shy | Obscure | N |Section |
| | Subject, remove | |3.2.2 of |
| | Keywords and | |RFC 9788 |
| | Comments, | | |
| | remove the time | | |
| | zone from Date, | | |
| | and obscure | | |
| | display-names | | |
+------------------------+-----------------+-------------+---------+
The Header Confidentiality Policy Name never appears on the wire. Table 4: Mail Header Confidentiality Policies Registry
This registry merely tracks stable references to implementable
descriptions of distinct policies. Any addition to this registry
should be governed by guidance in Section 3.4.2 of RFC XXX (this
document).
Adding an entry to this registry with an N in the "Recommended" Note that hcp_example_hide_cc is offered as an example in Section 3
column follows the registration policy of SPECIFICATION REQUIRED. but is not formally registered by this document.
Adding an entry to this registry with a Y in the "Recommended" column
or changing the "Recommended" column in an existing entry (from N to
Y or vice versa) requires IETF REVIEW. During IETF REVIEW, the
designated expert must also be consulted. Guidance for the
designated expert can be found in Section 3.4.2.
13. Acknowledgments The following textual note has been added to this registry:
Alexander Krotov identified the risk of From address spoofing (see | Adding an entry to this registry with an N in the "Recommended"
Section 10.1) and helped provide guidance to MUAs. | column follows the registration policy of Specification Required.
| Adding an entry to this registry with a Y in the "Recommended"
| column or changing the "Recommended" column in an existing entry
| (from N to Y or vice versa) requires IETF Review.
Thore Göbel identified significant gaps in earlier versions of this Note that during IETF Review, the designated expert must be
document, and proposed concrete and substantial improvements. Thanks consulted. Guidance for the designated expert can be found in
to his contributions, the document is clearer, and the protocols Section 3.4.2.
described herein are more useful.
Additionally, the authors would like to thank the following people Additionally, this textual note has been added to the registry:
who have provided helpful comments and suggestions for this document:
Berna Alp, Bernhard E. Reiter, Bron Gondwana, Carl Wallace, Claudio
Luck, Daniel Huigens, David Wilson, Éric Vyncke, Hernani Marques,
juga, Krista Bennett, Kelly Bristol, Lars Rohwedder, Michael StJohns,
Nicolas Lidzborski, Orie Steele, Paul Wouters, Peter Yee, Phillip
Tao, Robert Williams, Rohan Mahy, Roman Danyliw, Russ Housley, Sofia
Balicka, Steve Kille, Volker Birk, Warren Kumari, and Wei Chuang.
14. References | The Header Confidentiality Policy Name never appears on the wire.
| This registry merely tracks stable references to implementable
| descriptions of distinct policies. Any addition to this registry
| should be governed by guidance in Section 3.4.2 of RFC 9788.
14.1. Normative References 13. References
[I-D.ietf-lamps-e2e-mail-guidance] 13.1. Normative References
Gillmor, D. K., Hoeneisen, B., and A. Melnikov, "Guidance
on End-to-End E-mail Security", Work in Progress,
Internet-Draft, draft-ietf-lamps-e2e-mail-guidance-16, 16
March 2024, <https://datatracker.ietf.org/doc/html/draft-
ietf-lamps-e2e-mail-guidance-16>.
[RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part One: Format of Internet Message Extensions (MIME) Part One: Format of Internet Message
Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996, Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996,
<https://www.rfc-editor.org/rfc/rfc2045>. <https://www.rfc-editor.org/info/rfc2045>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/rfc/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration [RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration
Procedures for Message Header Fields", BCP 90, RFC 3864, Procedures for Message Header Fields", BCP 90, RFC 3864,
DOI 10.17487/RFC3864, September 2004, DOI 10.17487/RFC3864, September 2004,
<https://www.rfc-editor.org/rfc/rfc3864>. <https://www.rfc-editor.org/info/rfc3864>.
[RFC5083] Housley, R., "Cryptographic Message Syntax (CMS) [RFC5083] Housley, R., "Cryptographic Message Syntax (CMS)
Authenticated-Enveloped-Data Content Type", RFC 5083, Authenticated-Enveloped-Data Content Type", RFC 5083,
DOI 10.17487/RFC5083, November 2007, DOI 10.17487/RFC5083, November 2007,
<https://www.rfc-editor.org/rfc/rfc5083>. <https://www.rfc-editor.org/info/rfc5083>.
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, Specifications: ABNF", STD 68, RFC 5234,
DOI 10.17487/RFC5234, January 2008, DOI 10.17487/RFC5234, January 2008,
<https://www.rfc-editor.org/rfc/rfc5234>. <https://www.rfc-editor.org/info/rfc5234>.
[RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322,
DOI 10.17487/RFC5322, October 2008, DOI 10.17487/RFC5322, October 2008,
<https://www.rfc-editor.org/rfc/rfc5322>. <https://www.rfc-editor.org/info/rfc5322>.
[RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70,
RFC 5652, DOI 10.17487/RFC5652, September 2009, RFC 5652, DOI 10.17487/RFC5652, September 2009,
<https://www.rfc-editor.org/rfc/rfc5652>. <https://www.rfc-editor.org/info/rfc5652>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26, Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017, RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/rfc/rfc8126>. <https://www.rfc-editor.org/info/rfc8126>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/rfc/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/ [RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/
Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Multipurpose Internet Mail Extensions (S/MIME) Version 4.0
Message Specification", RFC 8551, DOI 10.17487/RFC8551, Message Specification", RFC 8551, DOI 10.17487/RFC8551,
April 2019, <https://www.rfc-editor.org/rfc/rfc8551>. April 2019, <https://www.rfc-editor.org/info/rfc8551>.
[RFC9580] Wouters, P., Ed., Huigens, D., Winter, J., and Y. Niibe, [RFC9580] Wouters, P., Ed., Huigens, D., Winter, J., and Y. Niibe,
"OpenPGP", RFC 9580, DOI 10.17487/RFC9580, July 2024, "OpenPGP", RFC 9580, DOI 10.17487/RFC9580, July 2024,
<https://www.rfc-editor.org/rfc/rfc9580>. <https://www.rfc-editor.org/info/rfc9580>.
14.2. Informative References [RFC9787] Gillmor, D. K., Ed., Hoeneisen, B., Ed., and A. Melnikov,
Ed., "Guidance on End-to-End Email Security", RFC 9787,
DOI 10.17487/RFC9787, June 2025,
<https://www.rfc-editor.org/info/rfc9787>.
13.2. Informative References
[chrome-indicators] [chrome-indicators]
Schechter, E., "Evolving Chrome's security indicators", Schechter, E., "Evolving Chrome's security indicators",
May 2018, <https://blog.chromium.org/2018/05/evolving- Chromium Blog, May 2018,
chromes-security-indicators.html>. <https://blog.chromium.org/2018/05/evolving-chromes-
security-indicators.html>.
[CSS] World Wide Web Consortium, "Cascading Style Sheets Level 2 [CSS] Bos, B., Ed., "Cascading Style Sheets Level 2 Revision 2
Revision 2 (CSS 2.2) Specification", 12 April 2016, (CSS 2.2) Specification", W3C First Public Working Draft,
<https://www.w3.org/TR/2016/WD-CSS22-20160412/>. 12 April 2016,
<https://www.w3.org/TR/2016/WD-CSS22-20160412/>. Latest
version available at <https://www.w3.org/TR/CSS22/>.
[HTML-ESCAPES] [HTML-ESCAPES]
W3C, "Using character escapes in markup and CSS", n.d., W3C, "Using character escapes in markup and CSS", 12
<https://www.w3.org/International/questions/qa- August 2010, <https://www.w3.org/International/questions/
escapes#use>. qa-escapes#use>.
[I-D.autocrypt-lamps-protected-headers]
Einarsson, B. R., "juga", and D. K. Gillmor, "Protected
Headers for Cryptographic E-mail", Work in Progress,
Internet-Draft, draft-autocrypt-lamps-protected-headers-
02, 20 December 2019,
<https://datatracker.ietf.org/doc/html/draft-autocrypt-
lamps-protected-headers-02>.
[I-D.pep-email] [PEP-EMAIL]
Marques, H. and B. Hoeneisen, "pretty Easy privacy (pEp): Marques, H. and B. Hoeneisen, "pretty Easy privacy (pEp):
Email Formats and Protocols", Work in Progress, Internet- Email Formats and Protocols", Work in Progress, Internet-
Draft, draft-pep-email-02, 16 December 2022, Draft, draft-pep-email-03, 22 May 2025,
<https://datatracker.ietf.org/doc/html/draft-pep-email- <https://datatracker.ietf.org/doc/html/draft-pep-email-
02>. 03>.
[I-D.pep-general] [PEP-GENERAL]
Birk, V., Marques, H., and B. Hoeneisen, "pretty Easy Birk, V., Marques, H., and B. Hoeneisen, "pretty Easy
privacy (pEp): Privacy by Default", Work in Progress, privacy (pEp): Privacy by Default", Work in Progress,
Internet-Draft, draft-pep-general-02, 16 December 2022, Internet-Draft, draft-pep-general-03, 22 May 2025,
<https://datatracker.ietf.org/doc/html/draft-pep-general- <https://datatracker.ietf.org/doc/html/draft-pep-general-
02>. 03>.
[PGPCONTROL] [PGPCONTROL]
UUNET Technologies, Inc., "Authentication of Usenet Group UUNET Technologies, Inc., "Authentication of Usenet Group
Changes", 27 October 2016, Changes", 27 October 2016,
<https://ftp.isc.org/pub/pgpcontrol/>. <https://ftp.isc.org/pub/pgpcontrol/>.
[PGPVERIFY-FORMAT] [PGPVERIFY-FORMAT]
Lawrence, D. C., "Signing Control Messages, Verifying Lawrence, D. C., "Signing Control Messages, Verifying
Control Messages", n.d., Control Messages",
<https://www.eyrie.org/~eagle/usefor/other/pgpverify>. <https://www.eyrie.org/~eagle/usefor/other/pgpverify>.
[PROTECTED-HEADERS]
Einarsson, B. R., juga, and D. K. Gillmor, "(Deprecated)
Protected E-mail Headers", Work in Progress, Internet-
Draft, draft-autocrypt-lamps-protected-headers-03, 16
April 2025, <https://datatracker.ietf.org/doc/html/draft-
autocrypt-lamps-protected-headers-03>.
[RFC1035] Mockapetris, P., "Domain names - implementation and [RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
November 1987, <https://www.rfc-editor.org/rfc/rfc1035>. November 1987, <https://www.rfc-editor.org/info/rfc1035>.
[RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions) [RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions)
Part Three: Message Header Extensions for Non-ASCII Text", Part Three: Message Header Extensions for Non-ASCII Text",
RFC 2047, DOI 10.17487/RFC2047, November 1996, RFC 2047, DOI 10.17487/RFC2047, November 1996,
<https://www.rfc-editor.org/rfc/rfc2047>. <https://www.rfc-editor.org/info/rfc2047>.
[RFC2049] Freed, N. and N. Borenstein, "Multipurpose Internet Mail [RFC2049] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part Five: Conformance Criteria and Extensions (MIME) Part Five: Conformance Criteria and
Examples", RFC 2049, DOI 10.17487/RFC2049, November 1996, Examples", RFC 2049, DOI 10.17487/RFC2049, November 1996,
<https://www.rfc-editor.org/rfc/rfc2049>. <https://www.rfc-editor.org/info/rfc2049>.
[RFC3156] Elkins, M., Del Torto, D., Levien, R., and T. Roessler, [RFC3156] Elkins, M., Del Torto, D., Levien, R., and T. Roessler,
"MIME Security with OpenPGP", RFC 3156, "MIME Security with OpenPGP", RFC 3156,
DOI 10.17487/RFC3156, August 2001, DOI 10.17487/RFC3156, August 2001,
<https://www.rfc-editor.org/rfc/rfc3156>. <https://www.rfc-editor.org/info/rfc3156>.
[RFC3851] Ramsdell, B., Ed., "Secure/Multipurpose Internet Mail [RFC3851] Ramsdell, B., Ed., "Secure/Multipurpose Internet Mail
Extensions (S/MIME) Version 3.1 Message Specification", Extensions (S/MIME) Version 3.1 Message Specification",
RFC 3851, DOI 10.17487/RFC3851, July 2004, RFC 3851, DOI 10.17487/RFC3851, July 2004,
<https://www.rfc-editor.org/rfc/rfc3851>. <https://www.rfc-editor.org/info/rfc3851>.
[RFC4021] Klyne, G. and J. Palme, "Registration of Mail and MIME [RFC4021] Klyne, G. and J. Palme, "Registration of Mail and MIME
Header Fields", RFC 4021, DOI 10.17487/RFC4021, March Header Fields", RFC 4021, DOI 10.17487/RFC4021, March
2005, <https://www.rfc-editor.org/rfc/rfc4021>. 2005, <https://www.rfc-editor.org/info/rfc4021>.
[RFC5751] Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet [RFC5751] Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet
Mail Extensions (S/MIME) Version 3.2 Message Mail Extensions (S/MIME) Version 3.2 Message
Specification", RFC 5751, DOI 10.17487/RFC5751, January Specification", RFC 5751, DOI 10.17487/RFC5751, January
2010, <https://www.rfc-editor.org/rfc/rfc5751>. 2010, <https://www.rfc-editor.org/info/rfc5751>.
[RFC5890] Klensin, J., "Internationalized Domain Names for [RFC5890] Klensin, J., "Internationalized Domain Names for
Applications (IDNA): Definitions and Document Framework", Applications (IDNA): Definitions and Document Framework",
RFC 5890, DOI 10.17487/RFC5890, August 2010, RFC 5890, DOI 10.17487/RFC5890, August 2010,
<https://www.rfc-editor.org/rfc/rfc5890>. <https://www.rfc-editor.org/info/rfc5890>.
[RFC5891] Klensin, J., "Internationalized Domain Names in [RFC5891] Klensin, J., "Internationalized Domain Names in
Applications (IDNA): Protocol", RFC 5891, Applications (IDNA): Protocol", RFC 5891,
DOI 10.17487/RFC5891, August 2010, DOI 10.17487/RFC5891, August 2010,
<https://www.rfc-editor.org/rfc/rfc5891>. <https://www.rfc-editor.org/info/rfc5891>.
[RFC6376] Crocker, D., Ed., Hansen, T., Ed., and M. Kucherawy, Ed., [RFC6376] Crocker, D., Ed., Hansen, T., Ed., and M. Kucherawy, Ed.,
"DomainKeys Identified Mail (DKIM) Signatures", STD 76, "DomainKeys Identified Mail (DKIM) Signatures", STD 76,
RFC 6376, DOI 10.17487/RFC6376, September 2011, RFC 6376, DOI 10.17487/RFC6376, September 2011,
<https://www.rfc-editor.org/rfc/rfc6376>. <https://www.rfc-editor.org/info/rfc6376>.
[RFC7489] Kucherawy, M., Ed. and E. Zwicky, Ed., "Domain-based [RFC7489] Kucherawy, M., Ed. and E. Zwicky, Ed., "Domain-based
Message Authentication, Reporting, and Conformance Message Authentication, Reporting, and Conformance
(DMARC)", RFC 7489, DOI 10.17487/RFC7489, March 2015, (DMARC)", RFC 7489, DOI 10.17487/RFC7489, March 2015,
<https://www.rfc-editor.org/rfc/rfc7489>. <https://www.rfc-editor.org/info/rfc7489>.
[RFC7929] Wouters, P., "DNS-Based Authentication of Named Entities [RFC7929] Wouters, P., "DNS-Based Authentication of Named Entities
(DANE) Bindings for OpenPGP", RFC 7929, (DANE) Bindings for OpenPGP", RFC 7929,
DOI 10.17487/RFC7929, August 2016, DOI 10.17487/RFC7929, August 2016,
<https://www.rfc-editor.org/rfc/rfc7929>. <https://www.rfc-editor.org/info/rfc7929>.
[RFC8162] Hoffman, P. and J. Schlyter, "Using Secure DNS to [RFC8162] Hoffman, P. and J. Schlyter, "Using Secure DNS to
Associate Certificates with Domain Names for S/MIME", Associate Certificates with Domain Names for S/MIME",
RFC 8162, DOI 10.17487/RFC8162, May 2017, RFC 8162, DOI 10.17487/RFC8162, May 2017,
<https://www.rfc-editor.org/rfc/rfc8162>. <https://www.rfc-editor.org/info/rfc8162>.
[RFC8617] Andersen, K., Long, B., Ed., Blank, S., Ed., and M. [RFC8617] Andersen, K., Long, B., Ed., Blank, S., Ed., and M.
Kucherawy, Ed., "The Authenticated Received Chain (ARC) Kucherawy, Ed., "The Authenticated Received Chain (ARC)
Protocol", RFC 8617, DOI 10.17487/RFC8617, July 2019, Protocol", RFC 8617, DOI 10.17487/RFC8617, July 2019,
<https://www.rfc-editor.org/rfc/rfc8617>. <https://www.rfc-editor.org/info/rfc8617>.
[RFC9216] Gillmor, D. K., Ed., "S/MIME Example Keys and [RFC9216] Gillmor, D. K., Ed., "S/MIME Example Keys and
Certificates", RFC 9216, DOI 10.17487/RFC9216, April 2022, Certificates", RFC 9216, DOI 10.17487/RFC9216, April 2022,
<https://www.rfc-editor.org/rfc/rfc9216>. <https://www.rfc-editor.org/info/rfc9216>.
Appendix A. Table of Pseudocode Listings Appendix A. Table of Pseudocode Listings
This document contains guidance with pseudocode descriptions. Each This document contains guidance with pseudocode descriptions. Each
algorithm is listed here for easy reference. algorithm is listed here for easy reference.
+===========================+=========================+===========+ +===========================+=========================+===========+
| Method Name | Description | Reference | | Method Name | Description | Reference |
+===========================+=========================+===========+ +===========================+=========================+===========+
| HeaderSetsFromMessage | Derive "outer" and | Section | | HeaderSetsFromMessage | Derive "outer" and | Section |
skipping to change at page 77, line 23 skipping to change at line 3478
| HeaderFieldProtection | Calculate cryptographic | Section | | HeaderFieldProtection | Calculate cryptographic | Section |
| | protections for a | 4.3.1 | | | protections for a | 4.3.1 |
| | Header Field in a given | | | | Header Field in a given | |
| | message | | | | message | |
+---------------------------+-------------------------+-----------+ +---------------------------+-------------------------+-----------+
| ReferenceHCP | Produce an ephemeral | Section | | ReferenceHCP | Produce an ephemeral | Section |
| | HCP to use when | 6.1.1 | | | HCP to use when | 6.1.1 |
| | responding to a given | | | | responding to a given | |
| | message | | | | message | |
+---------------------------+-------------------------+-----------+ +---------------------------+-------------------------+-----------+
| ComposeNoHeaderProtection | Legacy message | Section | | ComposeNoHeaderProtection | Legacy Message | Section |
| | composition with end- | 5.1.1 | | | composition with end- | 5.1.1 |
| | to-end cryptographic | | | | to-end cryptographic | |
| | protections (but no | | | | protections (but no | |
| | header protection) | | | | Header Protection) | |
+---------------------------+-------------------------+-----------+ +---------------------------+-------------------------+-----------+
| Compose | Compose a message with | Section | | Compose | Compose a message with | Section |
| | end-to-end | 5.2.1 | | | end-to-end | 5.2.1 |
| | cryptographic | | | | cryptographic | |
| | protections including | | | | protections including | |
| | header protection | | | | Header Protection | |
+---------------------------+-------------------------+-----------+ +---------------------------+-------------------------+-----------+
Table 6: Table of Pseudocode Listings Table 5: Table of Pseudocode Listings
Appendix B. Possible Problems with Legacy MUAs Appendix B. Possible Problems with Legacy MUAs
When an e-mail message with end-to-end cryptographic protection is When an email message with end-to-end cryptographic protection is
received by a mail user agent, the user might experience many received by an MUA, the user might experience many different possible
different possible problematic interactions. A message with Header problematic interactions. A message with Header Protection may
Protection may introduce new forms of user experience failure. introduce new forms of user experience failure.
In this section, the authors enumerate different kinds of failures we In this section, the authors enumerate different kinds of failures we
have observed when reviewing, rendering, and replying to messages have observed when reviewing, rendering, and replying to messages
with different forms of Header Protection in different Legacy MUAs. with different forms of Header Protection in different Legacy MUAs.
Different Legacy MUAs demonstrate different subsets of these Different Legacy MUAs demonstrate different subsets of these
problems. problems.
A conformant MUA would not exhibit any of these problems. An A conformant MUA would not exhibit any of these problems. An
implementer updating their Legacy MUA to be compliant with this implementer updating their Legacy MUA to be compliant with this
specification should consider these concerns and try to avoid them. specification should consider these concerns and try to avoid them.
Recall that "protected" refers to the "inner" values, e.g., the real Recall that "protected" refers to the "inner" values, e.g., the real
Subject, and "unprotected" refers to the "outer" values, e.g., the Subject, and "unprotected" refers to the "outer" values, e.g., the
dummy Subject. replacement Subject.
B.1. Problems Viewing Messages in a List View B.1. Problems Viewing Messages in a List View
* Unprotected Subject, Date, From, To Header Fields are visible * Unprotected Subject, Date, From, and To Header Fields are visible
(instead of being replaced by protected values) (instead of being replaced by protected values)
* Threading is not visible * Threading is not visible
B.2. Problems when Rendering a Message B.2. Problems When Rendering a Message
* Unprotected Subject is visible * Unprotected Subject is visible
* Protected Subject (on its own) is visible in the body * Protected Subject (on its own) is visible in the Body
* Protected Subject, Date, From, and To Header Fields visible in the * Protected Subject, Date, From, and To Header Fields are visible in
body the Body
* User interaction needed to view whole message * User interaction needed to view the whole message
* User interaction needed to view message body * User interaction needed to view the message Body
* User interaction needed to view protected subject * User interaction needed to view the protected Subject
* Impossible to view protected Subject * Impossible to view the protected Subject
* Nuisance alarms during user interaction * Nuisance alarms during user interaction
* Impossible to view message body * Impossible to view the message Body
* Appears as a forwarded message * Appears as a forwarded message
* Appears as an attachment * Appears as an attachment
* Security indicators not visible * Security indicators not visible
* Security indicators do not identify protection status of Header * Security indicators do not identify the protection status of
Fields Header Fields
* User has multiple different methods to reply (e.g., reply to * User has multiple different methods to reply (e.g., reply to
outer, reply to inner) outer, reply to inner)
* User sees English "Subject:" in body despite message itself being * User sees English "Subject:" in Body despite message itself being
in non-English in non-English
* Security indicators do not identify protection status of Header * Security indicators do not identify the protection status of
Fields Header Fields
* Header Fields in body render with local Header Field names (e.g., * Header Fields in the Body render with local Header Field names
showing "Betreff" instead of "Subject") and dates (TZ, locale) (e.g., showing "Betreff" instead of "Subject") and dates (TZ,
locale)
B.3. Problems when Replying to a Message B.3. Problems When Replying to a Message
Note that the use case here is: Note that the use case here is:
* User views message, to the point where they can read it * User views a message, to the point where they can read it
* User then replies to message, and they are shown a message * User then replies to the message, and they are shown a message
composition window, which has some UI elements composition window, which has some UI elements
* If the MUA has multiple different methods to reply to a message, * If the MUA has multiple different methods to reply to a message,
each way may need to be evaluated separately each way may need to be evaluated separately
This section also uses the shorthand UI:x to mean "the UI element This section also uses the shorthand UI:x to mean "the UI element
that the user can edit that they think of as x." that the user can edit that they think of as x".
* Unprotected Subject is in UI:subject (instead of the protected * Unprotected Subject is in UI:subject (instead of the protected
Subject) Subject)
* Protected Subject is quoted in UI:body (from Legacy Display * Protected Subject is quoted in UI:body (from Legacy Display
Element) Element)
* Protected Subject leaks when the reply is serialised into MIME * Protected Subject leaks when the reply is serialized into MIME
* Protected Subject is not anywhere in UI * Protected Subject is not anywhere in UI
* Message body is _not_ visible/quoted in UI:body * Message Body is _not_ visible/quoted in UI:body
* User cannot reply while viewing protected message * User cannot reply while viewing protected message
* Reply is not encrypted by default (but is for legacy signed-and- * Reply is not encrypted by default (but is for legacy signed-and-
encrypted messages without Header Protection) encrypted messages without Header Protection)
* Unprotected From or Reply-To Header Field is in UI:To (instead of * Unprotected From or Reply-To Header Field is in UI:To (instead of
the protected From or Reply-To Header Field) the protected From or Reply-To Header Field)
* User's locale (lang, TZ) leaks in quoted body * User's locale (lang, TZ) leaks in quoted Body
* Header Fields not protected (and in particular, Subject is not * Header Fields not protected (and in particular, Subject is not
obscured) by default obscured) by default
Appendix C. Test Vectors Appendix C. Test Vectors
This section contains sample messages using the specification defined This section contains sample messages using the specification defined
above. Each sample contains a MIME object, a textual and above. Each sample contains a MIME object, a textual and
diagrammatic view of its structure, and examples of how an MUA might diagrammatic view of its structure, and examples of how an MUA might
render it. render it.
The cryptographic protections used in this document use the S/MIME The cryptographic protections used in this document use the S/MIME
standard, and keying material and certificates come from [RFC9216]. standard, and keying material and certificates come from [RFC9216].
These messages should be accessible to any IMAP client at These messages should be accessible to any IMAP client at
imap://bob@header-protection.cmrg.net/ (any password should imap://bob@header-protection.cmrg.net/ (any password should
authenticate to this read-only IMAP mailbox). authenticate to this read-only IMAP mailbox).
You can also download copies of these test vectors separately at Copies of these test vectors can also be downloaded separately at
https://header-protection.cmrg.net. <https://header-protection.cmrg.net>.
If any of the messages downloaded differ from those offered here, If any of the messages downloaded differ from those offered here,
this document is the canonical source. this document is the canonical source.
C.1. Baseline Messages C.1. Baseline Messages
These messages offer no header protection at all, and can be used as These messages offer no Header Protection at all and can be used as a
a baseline. They are provided in this document as a counterexample. baseline. They are provided in this document as a counterexample.
An MUA implementer can use these messages to verify that the reported An MUA implementer can use these Messages to verify that the reported
cryptographic summary of the message indicates no header protection. Cryptographic Summary of the Message indicates no Header Protection.
C.1.1. No Cryptographic Protections Over a Simple Message C.1.1. No Cryptographic Protections over a Simple Message
This message uses no cryptographic protection at all. Its body is a This message uses no cryptographic protection at all. Its Body is a
text/plain message. text/plain message.
It has the following structure: It has the following structure:
└─╴text/plain 152 bytes └─╴text/plain 152 bytes
Its contents are: Its contents are:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8" Content-Type: text/plain; charset="utf-8"
skipping to change at page 81, line 19 skipping to change at line 3656
Message-ID: <no-crypto@example> Message-ID: <no-crypto@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:00:02 -0500 Date: Sat, 20 Feb 2021 10:00:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
This is the This is the
no-crypto no-crypto
message. message.
This message uses no cryptographic protection at all. Its body This message uses no cryptographic protection at all. Its Body
is a text/plain message. is a text/plain message.
-- --
Alice Alice
alice@smime.example alice@smime.example
C.1.2. S/MIME Signed-only signedData Over a Simple Message, No Header C.1.2. S/MIME Signed-Only signedData over a Simple Message, No Header
Protection Protection
This is a signed-only S/MIME message via PKCS#7 signedData. The This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a text/plain message. It uses no header protection. payload is a text/plain message. It uses no Header Protection.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 3856 bytes └─╴application/pkcs7-mime [smime.p7m] 3856 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└─╴text/plain 206 bytes └─╴text/plain 206 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
skipping to change at page 82, line 7 skipping to change at line 3693
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:01:02 -0500 Date: Sat, 20 Feb 2021 10:01:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
MIILGQYJKoZIhvcNAQcCoIILCjCCCwYCAQExDTALBglghkgBZQMEAgEwggFCBgkq MIILGQYJKoZIhvcNAQcCoIILCjCCCwYCAQExDTALBglghkgBZQMEAgEwggFCBgkq
hkiG9w0BBwGgggEzBIIBL01JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6 hkiG9w0BBwGgggEzBIIBL01JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04Ig0KQ29udGVudC1UcmFuc2Zlci1F IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04Ig0KQ29udGVudC1UcmFuc2Zlci1F
bmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZQ0Kc21pbWUtb25lLXBhcnQNCm1l bmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZQ0Kc21pbWUtb25lLXBhcnQNCm1l
c3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2 c3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2
aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxvYWQgaXMgYSB0ZXh0L3Bs aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxvYWQgaXMgYSB0ZXh0L3Bs
YWluIG1lc3NhZ2UuIEl0IHVzZXMgbm8gaGVhZGVyIHByb3RlY3Rpb24uDQoNCi0t YWluIG1lc3NhZ2UuIEl0IHVzZXMgbm8gSGVhZGVyIFByb3RlY3Rpb24uDQoNCi0t
IA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1wbGUNCqCCB6YwggPPMIICt6ADAgEC IA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1wbGUNCqCCB6YwggPPMIICt6ADAgEC
AhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoT AhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg
UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIw UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIw
NTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX NTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IB RzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D DwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D
9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs 9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs
165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZu 165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZu
TtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDH TtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDH
skipping to change at page 83, line 5 skipping to change at line 3739
IGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0B IGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0B
AQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3Bj AQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3Bj
JOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIj JOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIj
So27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9 So27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9
cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4P cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4P
GHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+u GHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+u
CDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UE CDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UE
ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1Q ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1Q
UyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6a UyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6a
qdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq qdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq
hkiG9w0BCQUxDxcNMjEwMjIwMTUwMTAyWjAvBgkqhkiG9w0BCQQxIgQgrhyFjywc hkiG9w0BCQUxDxcNMjEwMjIwMTUwMTAyWjAvBgkqhkiG9w0BCQQxIgQg+APzZJl4
FLYzlCbb/xsgb5+a0sgYLUg094upq1ZXLWswDQYJKoZIhvcNAQEBBQAEggEABOi5 pcksifU3FOYwAUqexbFmtbnUdg8eCFIklg8wDQYJKoZIhvcNAQEBBQAEggEARlZH
kcjRmMF4LK94svcfl92padnfUTSyjJtrIf6R6C7xy87VzsmPOPCmHgZOmTCuvY2D lulQA7h4AzGUznSRv1TB3w2u4oXQBgxTTaUFXvezPsEacndc16K4ESz8IpjsLEqC
iKuMId6WPVdjuRUaW6xkgYtgYjPDhy80NY0a9wXEQtjn448G0UHdM21cJyu9LTAg lhFU6haOKz3OZnab6A8sCqozqAoCpJI35L3D0XwlqucqRDMQoNDZf1AZw1/2rvhl
orSzcT2pwEuGzNdsHW8LB5GtJKYct3RS0+jlbSr7WpZFY1mUrwpsm2r8za2KoOcy BA4+YVc1vNjwbFF7T8bz6ttkXBdseesPV8zy01tsPVBSEr9A8QtVGTPw/BLEV/sV
t/E7Qz/8hT4HU52Na7pS1ZnxrasLr5prSjDSSKs4QK3ncJR8jhF9by0pDCoYgswy d6QtbPMCqdVDjRAa5onUPyZvXkt+Qkt5Wcqxfwbotg/u7ecLhqnK0rC2SZkGDjtZ
zYaeJt0N+8uv7ab/kBaE3wfZlipMSFRJIlh+QeXCkIHo5fW5bn/REZHxMMdMfdPh a6BuLu88DxA9T90G+L3hhL5VPdEdkdRCounTb9McyGWWmnK0PYind/sKBATP5ouF
bqYT1i46156CSOqyxA== jj3rLaMfllxGB0xn3A==
C.1.2.1. S/MIME Signed-only signedData Over a Simple Message, No Header C.1.2.1. S/MIME Signed-Only signedData over a Simple Message, No Header
Protection, Unwrapped Protection, Unwrapped
The S/MIME signed-data layer unwraps to: The S/MIME signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8" Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
This is the This is the
smime-one-part smime-one-part
message. message.
This is a signed-only S/MIME message via PKCS#7 signedData. The This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a text/plain message. It uses no header protection. payload is a text/plain message. It uses no Header Protection.
-- --
Alice Alice
alice@smime.example alice@smime.example
C.1.3. S/MIME Signed-only multipart/signed Over a Simple Message, No C.1.3. S/MIME Signed-Only multipart/signed over a Simple Message, No
Header Protection Header Protection
This is a signed-only S/MIME message via PKCS#7 detached signature This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a text/plain message. It uses no (multipart/signed). The payload is a text/plain message. It uses no
header protection. Header Protection.
It has the following structure: It has the following structure:
└┬╴multipart/signed 4187 bytes └┬╴multipart/signed 4187 bytes
├─╴text/plain 224 bytes ├─╴text/plain 224 bytes
└─╴application/pkcs7-signature [smime.p7s] 3429 bytes └─╴application/pkcs7-signature [smime.p7s] 3429 bytes
Its contents are: Its contents are:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/signed; Content-Type: multipart/signed;
protocol="application/pkcs7-signature"; boundary="253"; protocol="application/pkcs7-signature"; boundary="e19";
micalg="sha-256" micalg="sha-256"
Subject: smime-multipart Subject: smime-multipart
Message-ID: <smime-multipart@example> Message-ID: <smime-multipart@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:02:02 -0500 Date: Sat, 20 Feb 2021 10:02:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
--253 --e19
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8" Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
This is the This is the
smime-multipart smime-multipart
message. message.
This is a signed-only S/MIME message via PKCS#7 detached This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a text/plain signature (multipart/signed). The payload is a text/plain
message. It uses no header protection. message. It uses no Header Protection.
-- --
Alice Alice
alice@smime.example alice@smime.example
--253 --e19
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Type: application/pkcs7-signature; name="smime.p7s"
MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
skipping to change at page 85, line 34 skipping to change at line 3861
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH 8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524 RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz 7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTAyMDJa 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTAyMDJa
MC8GCSqGSIb3DQEJBDEiBCAB+IATfw3+2kO9hwjUYxzW+Z12sfFp2dTb1pmXGS+7 MC8GCSqGSIb3DQEJBDEiBCAokSzA71kmvoyy0h+lrO2jw3pvGhvgRnv/zTDC9IxD
DzANBgkqhkiG9w0BAQEFAASCAQANJdfU8DtOpINW4FeIWpdexndYvHYy7jFg5ICy UzANBgkqhkiG9w0BAQEFAASCAQBWL6C/VCYFv6ZiQR6JYBbLWiQJyAmNFrRhAbfi
wIkh1DcqmbdvB4PXcksbJ0zKSVjdjXPdYQYRS4E5ClAEevEe+OkFd16UoGaadoaq w5bPndhDbJNSv3DXoUfCKd87pvD5Qr1PsH4WXDZ/IY95h3dD7k6oIIFXhPBTYYW7
OjyGnuiEJJbRG2UUZZWMyJW2g8OZRAGZjYgEgvbVflmxqRjFRaeLGUorHaHoxk40 Np+vrVtS0sDklr03+ebMBY6J0rEtNf5ZXCkQULTmvwmmuKcg4S+5piNqhTnnE0en
LomKSVRTUG11eEhmRmxIY4wKhwc0U9PKjCQFrhu3t1ZkGSfPn9jvdNTJkg85WUpk IvICii8NgjP3VVPZmNpFmxwmztGWd04omYHbY4JY9C7yvuQ6SNEQm47bxnSIS5yH
WqmOyrup6DH4Gb84By+0IMk3vflrOyAw3kbsj6Ij+zymAlH61YypnAvddFBIuZPL sowWnDYqs2cMDLxZ7zy0cEyOpSy8oDfVde4TyOifqMT3VzSmlttdG1uDNE90ek3t
2LYdIHPLmq8KGrzcgjkjP+Y58hf9U+6gp0KPuS8DAGOvxYs0 xJn9E+hE02sw0Mv1lLjNdRXviRsaMw33DxGbtoUSo2mOkpYb
--253-- --e19--
C.1.4. S/MIME Signed and Encrypted Over a Simple Message, No Header C.1.4. S/MIME Signed-and-Encrypted over a Simple Message, No Header
Protection Protection
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses no header protection. message. It uses no Header Protection.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 6720 bytes └─╴application/pkcs7-mime [smime.p7m] 6720 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 3960 bytes └─╴application/pkcs7-mime [smime.p7m] 3960 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└─╴text/plain 241 bytes └─╴text/plain 241 bytes
Its contents are: Its contents are:
skipping to change at page 86, line 26 skipping to change at line 3901
Subject: smime-signed-enc Subject: smime-signed-enc
Message-ID: <smime-signed-enc@example> Message-ID: <smime-signed-enc@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:03:02 -0500 Date: Sat, 20 Feb 2021 10:03:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
MIITXAYJKoZIhvcNAQcDoIITTTCCE0kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIITXAYJKoZIhvcNAQcDoIITTTCCE0kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAGi78TIbx6BFPvdJW+VbgXY631bpi8XsHhD0 Boq0MA0GCSqGSIb3DQEBAQUABIIBAFxh1OX2qKJrCxk4NBNVX/kprtR6yjMWM/1n
vTxHFViwRovgyH6v1vvobDE1xv6VdbyzVT4LEsiGbDzr0tO22oXSBV3JkzJez5fw tepVdA0A/uf69sMzbyZhd8wFl1eapv05Xp6+1DuOZfqYgkbCJwD+ZtSL4MB7EBPM
umUNX49fx31aXa7GDlp0G7YHzfxSCskt7rREceVzbp3qR46nGGbreosgbVqpiuUX ytxB42LTEC9f8Z/80L96/+nnDotKHxFSVZPXfmi+FKLLDlddH7bswV3GH/nozzYl
m3+ghxULxFZBggDJAFhWwH1cWtQ5lp6zAiior+Fc0A48OHErdNCqEO+21j3/3wIP 4wjesm/nvakHEv2CNJ2mh5XHq0gqNPDx5/2OmxaU+x0biLPcGNzFob39ok+1rTbN
oQR6Aqx9beav1jJsjTVGm2BaCpCvLI4aooptm4LqMxXIe33FkzUDexJclwXJgx8y /9fIGDLKr1ENzQXW0vixcyAS/RBlHw6WGby51EvV7FObcdxsXkTI+vvHTcTGbPhi
r8yW3MroptDD7zJQMFu7LMgUYZ2VqTlbJBvpST13ZNQ+wxWHRz8wggGEAgEAMGww 54ShTTEocIj7mrXzHodVEy0pysuYCl2hOkqre9HSspAqw7s+/3wwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAcBM/QDMNvyAPHlG0py8AovZ7 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAbrhe4bg9I4GbmhF5qnO5kJXw
NHpupXUiRN6AZBINXb9rbgM5bv3XAuWKIeNg8cI4I+TF/RXYLnwTr8YSjThpl/+Q JTfpgB3iK+K+bIxH/gsZbLAOx2UR2OHESrW2dqojynuxZ+QE571NXQN7X7THoOaB
DvcV5T1DyJBlHU5S7VFZHsMrJFw9+14nn83id60n5MSEqtn+Ec5DZaeKoOWXdfXx mhUPuBRPycw/orR2GR0KCYx4taATw9o2fK3KssO+IAnNP1OM7yUsgABZHT6BfvtC
Q/QqLoQVxlOX5awyChHk6s/oIdgXPAiF7ZJkT35FAGuv/Dx9o2chl7o1SIcgfOej qH7ZPBJaj73A9AyrxTNPtJJHwueE3X5CPTODViasPRZrqiGB/WO/siuApdk0MPik
8K0txmm2e2ez8bluhZw1DaGDBiYsUIjw3VF9vQqUnhEisQZxOg5jOxGc2kE7Mk3q tp29bVqzQuD1tpDFb+aQyfggEnqGQn1ReZYhfBvub+AUr+O0lNOh57mob+eJwc0F
wiH8xydBCzKRQfq4ze+ml3uyPPgMDJi5OpJqO0rarsKz4dV+YWbz/5YVKnlMZjCC Snq9mljS3kgoXbh1DrV9S/seSdYZ7ieCiS3FYEi8h7RsZTGCVMn/STxiq13X0DCC
EC4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBRNCCx1UMI1OKK9qZck9jaAghAA EC4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEP3eQZI7xmdgaoarujEjNYuAghAA
cC8Gt6ZgbCpV3HWObyl0nE4w+Vhxs8Z/1+nNlgrtaL6/ZDHZkfdc+lhk9LUeAr09 mXWuV/HZ+MiCJTgt1RWzuHw8hnhLDxcY444IeB0M44fryhiuSkUKDdnvy6GDRiUF
QfHkfqGMYxWF5BqUk3l5BI4OEyL8kU/dcqTFpWt/Fa4yWodfNGLThjoSfryHJFeC ThwVs2iGHdCgvh/tJNaXmF9fa/Vi/aHq/oL3wJi+cS0qkeeq2kpGSMm82mNBlmgt
vBjBcaOkiL9EsFpeFB4Qe5DY7/rcAGnCM5N6N3eRTPsIzguArEWX5fz7ulLuI3dt uhcwozIru+2n+L0xspYIUx0+dG59NlfB1alRQJd7JmCUWF9AY/wVkGPkj5Vym+Vt
/c3LsaGlmeHCB9bKhewhqa/jj3fxntB8CRDoSAUwt0t1lzx/GjHNXboz1vH623Oo dRqGqcnJPM4Nq572bhxgLwDOCuoU+2rN5pdW1AT31odSdPtHoux3ysK+aMLcw3ch
VPABjb/fqf6lzO3gszY2RE6wI7zHydlz2DgkpFdjyVk1Jub2+QkrQA7Brn9gES/I mL+en9j/euqO40Xr3Re0J/suSzHobI5I0bDtQwaEoXooz6aQIZrFE4TtZLCDzG7o
gshjTIF+OL3me4UBxww0Bxtt46yz8FpVVOK4MunYel4U4p1SR1WEZGRLPDL+bydN ZbMf3rkJ1CIelKpbVhjRAjj4X+MvktiOfxVV4K3GYAagHI5jp+4+MWz2yaQcAnRE
vXdstX39Eg8YChAdt5o5pPQ7bUo3Qkk0X9glJdyVNsTpWREj+F+/6do/JPStJSQt 7SpHFxuFdmSYYYAq0yTgxkS9opoAwxPytKefqnnY62wAbug26ZCpSM03172cKopA
TYgnXdjkHP4/w6+xqOcogfEVp6in7KkwfZ0v+SdZK++IPm/rMOsZlP9MbM9LkOA1 gkBqljwFEl+YeauN6206vZKuOhNuyQFbPeO+00qKeHw2bPM+PiKWdzAkQKz9N4CO
6xAB4MmPlOUDs5KQB5NYWvt034PQv8NRqfs7mlS7F4gvCaaAA1SZdqRn7kIdiNqg kFqzOgEHG5HnH8jx9PPuU57g8TmJccDFuUrZ4kZVcfWogH7gsNyW+A06BSu9Do/S
RUFYTkhF5/g+pJ/Ysw9lVIvAOXHtnrbsTOxbrsIzL5wbkvCDW6ZTQIQ4kP9D0NTl I7VxMwenuQLv1+W/tm+zLqBLpksKOh81HVNVQ+4zEXx/jQBqM/Tv9BcetVdzGTIq
1JcxNVj10GprUztmYgqOy+wIJj3DlXHSSdugy3S/qEjiCCZwN8zAVl+c8AiifgfP vCNn7KDLwLceNF7hgbNM4SfZZhg5hfV/xxeNpZx0tn86hHntN54FKymO/kXaFebr
zpI4QU1552EC8HyoIUZSQP5O/dIy6ABLEDcwZKJ8nGJdSLurpD0V68p/hWk+Q6mu W5yoXwvGHukCJJyI87NN7WIM12g5IHC829NIICAGIuZ/kxPb/A51WB8yr8748XXv
I7DqidlNT0yehBKvZRE8jr7wclUm73xX/PhOqY158N6wNsekUHOHYERKU0BzRScQ QcXKg7OxTzkVgiACGDyS3ye+fZCncBZgfQ0jcipQU7jVYu7+UiUZDAvuQwae/RUd
+YJ9tcsmPldE6jAzJB/vjjgoiLxIMci0PAXVdGjisxY3QhLh4DJTwKwhIr4kMkv0 CSOhdjwtBzMlIazVfbIaHPM5QKvB+MzbAKUMWza+XRpjLrDVdaSFR06V4r4SUMsi
OdciW3q2+9sxT4fbFMrOIXLUahE5qGbIyyvpPgwRmP/otP4jEyCgHuBxHKar630J AvKdd/1RFvSTEhtNj1QOUKEa1DvnuRLvYsdjWLDF2TsBCjP4jdGKGG+PtfB4vcSU
q381rmnb6Cqybc/Gmfxb0hX78DTn9hWag7fYh6u0yfMuH2bWvXW+ff+yeAy0/PCR NFJSJ5epaUIDxbFkgSolRF+lM8790NdlgkhY6RbW3kXkA0T1CmKIYrN6poYxCSwU
hxv0jZ+e3yx0Z4d8Q4Jk6kT6+HaP1tAMvJc4dubvP0+nQFZsHcxdLMrmBel+xpg5 Q+RzGurGDMQTGvfDgZrObvdE0haaNEdti/ci2EbcasYa3um7HCpt/bKDw5sivnh6
DP1cGVtwQicVbCYWPkJINDcn9fExd1BiooF6yfaQ6a2h9zFpaevu5EqxRso57zpL 9P9E1WMvdAfEinppCZO8yRrkS1l6b9Jgk6ohJWftQMA2OmpKGw6tRbblH0tJ33JR
fv9PpPiuT9xQvFyYTg07cD8negTwJxVZwhP+PXdctwuwOkhCaW8I65SnKcvyYZpG 8ghApEJpSvtoKGc46NTelR6hBgxoaJCebRpxJ9wrNp4EETj0/PbZDiDzNETWDZ4E
0t+Rr4Ul0oXs/0ERZLxQQbJLIRIxwsfekwvFBZ8QXp30mfQ+4M4lCO/f6cNO0TpF Bn74vJ2I3wCltkk16SmnEJadZovBlyqKYB6bmFvX9S00hOBv8TZ4o//mY4nH57f0
LlNM6YyjWYQ38UDpirxgrp+ySOmCCFF+OjVC5AHsS+Orozv8IOWG8A8KKgryfNMs 5CmUM42ePRS0HMk9SrBjpouTIkw/tbDieZNb4tA09B/c3/s3qpZ2Bo0Bz7RVRI79
tLrLctIOXLL900J4DOP3noqEQnYOI9Qq9X7f2Zv+f1G2sp0qrA8+frrxyB9H1VKu D2P8hnp+/7y74rqyUdRdqW6mFXjNojo1A+hsbXWqTfuMcSikbENC59pmhMDxdS4L
Nqo+S2qq/c3d1EvDtVG8YYU4gCFeZzUq2nAsZcIoD157z7M512cQrCabLcZAYG4T GxJCIVoZmhbnjeEhIMqKwa0NtyLLG8uRlzdTF8g/IOI6UwCeFXl/dO3tvLoEB/KA
/PwRQpb9EqPwzuEBPZq997VbzzWKzqOuJPx4TeT8ksJawZzvs0/Gi5YL8inCV0Hx D/n27IyDILDldYa1Em7I8jQmQghJ1IdMrUlr1n/mRB+sql2IDVlI95+r96IrFdmj
vz2vmsWlL2sDDCus6vcl7X5pOqckNW5A7J/uGOXylkb2ZxTR0xP1wd4P3Ncw0S8m AWVMX+vbq6n/QNcaxfS5nL7ICgV9kQHO9AtzJ4zXxLDj62nkIdoCRupF+IlHXL9G
3TVIiSKsNDHd3/ZEBkTeVIcmkprNeApZ6toTc3/izJO2OgLDtdjfu85nEVTIsalg OmgJJFj0uhgXO67/2G0cT2JME1siW7/F6JHzlGAyeVSoPs2FAJKYMQvvkR6jbn3y
Syq8uGagBIQPpNb/EmICF1s78/b7MPu/NtF47Z0j8LIljS5xac1s/mT9XOEPw28z Huw3s9RS31co6D+nvxJHLvr/REVwiLklxPqimC+2pmkUjRYyL/aXRV9pDuNJLtMu
ZmL6/5I+UKMKsJuaoSAJ5TcK13TONCdOteBt0dxMZHbw4Ix/YKESkCFu9B3IyoLq XJxqwrYgwPw9mBXXaYLgo8G+SSUfeBKvwuKa2kd0prB3cWwfIWlZBgZvVGc7Uudz
kuCKtuGG6KNyIDYhkrLHs4wvQrhuky5r+wuzIE/HcM8mDWSaX+qEsGpOBUvFaDQZ QzxyMaDt8R7eVG6/CXUeGOMSWKbjzoZwkbB/QCgZetVO3YM7FqhEfvmg0tv1pS0c
oNxuupslwKXsEO3I2WYOT4vVu6FbkQxVusmxL5KcXqJzaPu7bfaA9YpEyc0b0psC nprxkkMurw1NGearPv+faBo09YSswF38ol44A8hdpYIGc3LL4jj4wSPdS+lMVp84
YXMyUoplAtGQFwptKKxbhjBNoaIK26hnhREHgaOcD1YWTAU1p0bwTTRCqsYi0Vr9 nKWnZJ/asIS74bEH7TK3JK6tgOPEvh+GDMODoXALsnH157oDi0GeN0kwcB7CeUT7
iHmXjOrI3Hzz5Nks4OiF1tATULhL3dNzpZjIfdfMWsY6rFIfo+CaC/VpXFFvl9UD 6zYaQT07QcgOUyWMEOlScOi9zibws0ZKL3uNTwmF8p1Jv2TEvepZQiL2/xbENTmf
1TDD7NYmSLNKgHMQ4yDBOQo9TyfiU4p2Asq3T+kFcS6X5WqdXeM2KwaDPuULl3J/ H+47tdIPUlJOePdjUGo6QTAaqSH5of0e/T/QENueeJOJboPgbaV0OqTFOVVAMMhA
6ulUm5tm+8rQ5hf3jbxSmoC73HYywM0pdnv4BwghDetE3mdcVcSWYS38H5pOZfh6 upadP8ROG6TalcPC7X0gV9Yi60vd/WWVTJPPLDf4+FJm7HmkzT5l5fOAuA+mYJUO
NhTKY9PT7poeW2U/rmlfuOwKP97bIWVYiUM+F47fukbGymGztGJVqYtOJoLC3HT/ F+BPTUCKyeY9VypoXDV0VnTTpiB9jfyOlPJjBnZ/85Bvfkt0eCW5rV7xeq7tgSJT
cVZhUaAqFkgbDBpGA+bANkzD1jHl3wZya4rb2LmhYSZM1xNqkKolQ+t3VhZ9FpgD +LOkTfwDBqlOZt1hlvKe3SFHnsW9hdojlJz/sXw5FcFCxbxqfageVJ60uamENOhB
FFA7UWxGGjW2N2k/zJLdYNLjMtBRb2idEh0KXmxadRWRazIb1IJwGiXRtKmPRvWS j4Q2ZRvslLXxpVME0ifG1CxpfAr2ZQsEormIu0zJeZjkDguwNlBInFKHFzvtSEJp
IPN138WtWF/fTpV5XP+Knk7SDZYzq2AZ8f98QDimmopz0N2cBDQRMUD32t4hFzHz rP4hAqknbSvOqUdAFp9rlII2dYXI4xh3kV3ECvhvwFt39PfVpGL97R92cTK9JCgq
K7IBAx+fkQdw8JkX4JDJSGzMKM8glO5dpONZYSNb4ucEcmchi+7nMKszz5A0Nsjr p9IOJZv32FdhEsaHqQIRklw5xy96fTwbrho+LQSZIMUhTQ+hcqtcRX9cDPA+VZO/
1V/khpZapoTjcTH9WZegiJMsaiU+sir1SadRTdnYxiwkJH5g/XfOe+3/+1+BDPb3 0vLgkF1R8rAWOTCxu3pHELjDq9nKKIzvX7tmyKapFgC38uotkvvKzpUzoA2xPoVH
ac0vB86womwCoUgRnnFjWPLO7Dky5+p9BqYvKkmHuhzkL2O8+/gy+Z/aPnfZ1Syt ybrM09g9ujruzT/Oz02cDa9NWh2eYsiTWJvekeNftvakr6U9r7VYzUkmPCtfDDKC
dz0gzSgvFrmRPKASmP3KVGmM6w/UwEhldO3HjNoOdv6qyQsy1dY6M4IA2tsCvKYg oWSZHgwnU50Psl6UoTFaw1GuVnlC3cOREOUvFNbtV6R9Jdn3y0XJ0T4uZapFHPJf
qCwlzzZMs/P+PSkZtwwsQ9Zkn1b/wq1AFDqxjs3cysQeBLt0wAGBIRtnetvsWht9 naojAoE5iu3VXRMxVZB+4vZWhFJoe4QNvc5t0kwUZVmE1nQWNkHuRyVnpfoLqaG1
yxAMLanLX01Wh8PtNewJY2LZZkhkOWCxP30VSqrzmwhGyX6lwMH2AAv+mu6hD3ci 1+5IpR6yIZDHlWm75oc8hchG9PxrE0O2WWUqf+QSEdsT74cGTJVOZDl6d4x/G5g4
tyhD44SvQUVVOVSCSyPSIcDZsdHL+XjuY7WDuiFh6v9Jb3KKZqbuoXoet44BtouY 97v1JaCSCgB/J9yrm4olsqgoYfWAbTcIBe0cUHnoNMAstKqH26jAf0Hz1l3V9D7M
RTit8UQJBGqReS9YJGh14U2ra1dvKLoZHIZdyxob12fu4QkTDAjGIvDzYuxuVaZL zt3POMck+f3lLNUCqyNLcSASWc7jmB170/oF4vNP1EkgwWaz7yBluTLS8sJCIViV
W0NaHpBNIlOQUitx5e6JvyjIKtwM6Y/3/0o9pInhXDezk3t78NYctFR08xFQY3LJ YYyZvj4du48h7lKaxeairWjcen+qeIS+Tn8VHqoJD6+QJinH5bXMKtxX0Orvf69p
DN3S2EgXj1jWmd5E0/z+Tccg7d8hEn+0vVCRRQksqiPIEcZ1f/xgfm01FOfnI1Pb r0WjUctKikcjJFRbc6sQyMP6Y44+6/LyFmWILTaV1WPoWLX5MYKOwP1s5GRneGWS
OJfUSuZpTvnWtvCTOn62XmWj+4jzxBmopauAqf9XzDj6NsHGkrPVrdotEhFoYYRu mZRztWt/CL/8DWjpPEG2siCSaS+lBc1u/C5HkD1UVDjPmZTnvuFTHukaTKfteGz1
OHO0K4dUQf57JkVv56tuHkCAGUUgqVRzf9h2wcXP77vsUx0gpjXSKv4SMx7IUlW0 z0Bxuz9gQMyAgU0OMyl+cGldHeR3HvIC9zUZ0qRj/d/20M8aQ+8NtVodadiMt29p
jCz1WNqQXPFny6j60BJzZ8wd6nFshHcYbvCP+BKxx7WB3j5Pqxr3/s9S9daCgMQ4 THvkrioxuW6MVKXs0gZgdL72swDHtG3lKW1rrbufgjSr0UvSc8/MDgBPJVP2d6QX
gWiPMOzuSgoTz2ggjqv31QMAXvkBSE+DIauh9BPw5pwoMsdMYT9eV+DrbN4dhy6t P1IJvvBcr766DZ26j9/X0Is5cJjCN7Y0fIrS4RGu5aQR0w+dOulK6v8q8reYZy0K
P/4zCB4NQcyU2vP8P9piBLhcjunadSdITTna3D/fA6VdhidmuF5ieCzo1sTAGH6H 198CRs3prXRKRPiU0oM16oQdsV9T9LhfOnhWeliL/HzetEltcOSiKgGKVYcArkZU
/VRPjxvA9gBeDtko120xoIaLpBF7I75UuFziIzuGuSE1lAf1S+I4NOD9tw0Gw+xU bzxsxUHF7q7qEzF2fVzWYBnM3qn8Shj3HHlPWYxW6uh5kI6O+mV3Hs56KJjD9zsZ
/lvzqk4NHZ/j91GvRxTRj0eFWRuTKXDvVj6Z07vW1l8tJs+IpslaZgo5/sE7Ntx/ ZIzTE/5agYXKpliVrGScTUUGeDqrPPyEtOGRTmiQDLISHfW+nviZZcjC4XDxp04b
kTpAFcckTfz4iG0ngjlbVv7Do9fM1ndyUz8KxxznxBkS5kWw63rsobmlLpfks9zD v6BH3EsSbXN4wJAXypDCY2kfL8wzqMh7qh/8Pk2AuodDtCJQJGsQPkgGwX21lSR2
qIcxIldwnbKDufmd6kKgu66wjtfxKcGK+JQ09r2G+E0vDHLO3CUHjVafLEN1Rwt9 4C1J1WJqDEaNhvmMf7B9nUu8unXYwwFe7FQN22CYZJOQloj04T1Ukg7wRITeWwc6
4Caj4WW5dcVQh+r3cYNeM50WHsKQ4leBxdVHLswnLa4PsIH5LqUDafFUVEOXbDOI xArdNOTn+XQuXfkxVEbiQRhiFt/47qAzoAjPRVr9r4P89Hz3wkTIxirpAjTnKA5v
SnqIMMCdqGsGGsBIEDjopOrYj8rqyUP85j43/eTE2Jv7mQsvcyeAqH5fOzb8MkGD osv/7+28rRuYRYGu2yPwNeUPmO0YHy3IeTVKcJ/UcmO3cXAe+Q+9ckmZ/MmxaxA1
8AsdOxVIbgYYalaB01pWcQE/jRv4D7cO0D2OM1DQzED9Ydzvl51jHE+71LVUbSkA zvj2pH+INf3eBsQK77PxwsaGUFHqKWS1Wvk/FPsZkGEMX6QcD56sbGRbtsRRryXy
LQoYXJzLNj16DRYbSynXXFiRPmgAq9sfPEf+CoR47zpQUVXACRPLieRSDajlnj/U 4L0Ul3Jc1P1jwMjHldGEqQohVfKYvHwdOdMaExZh/hhlpfxw1Cwh/d+xuuPlLko5
XaoLV6JVFLY7+FQeW/W0YElIz4R2NJXdBXtaNNBjLnrS+8sW99cVY/yzMUjsohys HTHxwlzQvRgzTlIdX78XItFIYo+eMOb84xr8kAaXwHWpuZ06tymA59kD7LpvWVC6
5Vjun8GPVRYVyAx003J5bdzefPLxoUhy7Of46lJxL0kBELzWAtCMm+MwBbrJCphS r/OmqcnvAVDg/eiNh6Kru4BkIiTMtBs313ruZtSe8Hphvm80fYcelpfHs8Y1qrsS
0PlziAmYr5EGUEhA2pmv5O5Ok83Z7C4lmdbrRDraw++N0fq7mSm9ZgJRwbslrP+D EVohhfxL7073Td6jScN54FZU3dg0EfFg97wyn+2DKeckNr5E/CgdD/FqhkH1IaEO
efLWEfWIeOz333XsmbJSi1E/MhJ3dCevVc33rEwaUvOJK8pOSMQj0ftl3yPYs+V1 8wTbc9T/6XC+n27q/kQAMXzFnhn4Ec5E6uQb2MkCJEpW91eg9ZTDRYsZW1/r8yz+
YU/spQFYsXMhF8I4ZKQwGErIQEY5erTLbnhCRZgJgteQ0CkiQwB+U9JVnaJByjTw QzbrSDSjVRvZ61FkGdh6m4i024ZtfCUV08AXoOhGKCh8fG/PKmCMzHvqQezO7I8I
DpY21mtfKIvNdc5rrThpDDI2uEiS+u42z5UxZiXiTYthWvrx7HQaCF9JP4INCe57 DFLTBhWBag9kcNljVFnBYFl0e/hGnAZ6aDc6AQA0HdIZiAF49kEBhCLtOTsa4UHT
tvuGXDdfN2Hu5Yfnu6CdTqrovkbEzYt2kEzCXKvNZGcp58Nhbybt6Pw4Iju5XsA+ npIjhKR6fi1RuiVnFkTqfCMgZawLlZOkaQX2BdH1bsz2Q8wbu/DiNoyXdB/1k3Y2
bptyQfmSSW6Ph6dXub9VJQKlFO0nhyyq6+Th+DXaNeRnXxl2jfykX+mUUFN6KHkK 9yLcVvGRCnyXODjehyoLF/iJUzewsu8fzlTJfV/CCo07cDge2PdnDPVdEl2nM+BH
9Td5k+yyIOGWe6oEeG4nwwytaDqduK9jBEna65cOBh5RulCvabCEXsHT3ovdvgrL Qo4scmT4cm1YYNGoecy9wGSgHE4fvhk0Szv0V2Fbt5HpJqsJvKH573AlCxROpumw
oJUO5WjAGGpdHpXUTlCwZHLo2zgD9L86zaZdi0fe9EcRxI/4NcbWkRhSoZTBur0+ rOttrdRvke2vTw2nlw5iW1lPhcIpUQAEZfpxQ2lhJfRvJiWDBvimAjVlHipTd0xA
KwuMH5ijXlI4Bb6YGt8Z9VUsTQr/QjdlnGVkIWSOqkw+3EVuHsB+ukx19hTXihCz oNZ383NE4SLWvNmjryk/uSvqoMXvof0Hatm67So0KMVDmBA5AMMq+9TBNBxaN1WW
TDPgBaI8twdD5UfxnlglmM88304Rt4JsraLb3YtX8SD2p0g4GFfkEVKMJXYjWz6M FIuWMzmMWZYCMYm2Lmz2nUOdqVz95Y6rEsaMqQoft/UitEYyJdqawyMXYKmwtYzN
cTyDUBnyyShRHtInBjnn6alMBkq0t1vulRmUwOhd1Ua7ripH64qJFe938SJBu3yC 7yES4hRc3ee3JTyogrEtirg87pJ+RB7wOuI9FVjkKhjgVppGQVZAKcpeTRyrqjNU
7divmSGh36en0ix6/hwq8uYVvO0RiyuMQmGs3KVVIByIL43RVhlthvccOO6I6l3s oSycr2PbV3RPwzDRXX12PigHgX3suLehccOWAMFvpQvgixXU/Ik5ScDcuLC4o/bs
U40BsdC/zXG4iZr5PT0LhAUgmX6OcPy2INFx+E/Idy45sN0pj7zfTSxrg5br72gg juzOjy5ENDOjQldvC1bgfPfYUSZAvd/g0SYDc0xzC0Dm7dudNhuwSNDT7R39qh9t
dIZQkGYe3KJhMvHvkA40IEjGljU95Bx+bFoojWUaMUI4wlhhz0bppZF/bkENLhGq eBZSOEI+1TKIxThFhHjKnWqxAJP9LJZbk7/L9QaKfQnDxQkPgwaFgskPTBflzgXd
IXVMYUfa0GFSvfhfXN7r3VvRpzkh7mgJrsIFwG035ZhZq904Z1Yw11N9pns8X2s6 4inGVpCfaO3dHbhcb2EdF3jiIzHH84S0w5L1ZmXGgYUfNZHNkFf55VYZoTxNCIuA
PsSOZAO/E0NOMLSrOonmHy2wqGY7kSMprd9FI7ESe1hwLgqh2pVNesYGqx1Aw0AD Duc6jWMI+BXIxXM1hJ0YYY9OYljhT1vpv0VS6rj8zrr9y4xkH8dIfDdVZh+OIqI5
9rDktHKChXqAQDYElV/D1239rxc3tVFzoXtkk6BcNlwq/hvksAjk1/sMNA9x7OAf jGMcCDFrCk03zHtLeYTWzQge5p2UPRRQWoxjKsjDHehxWdtHzfUsAAhx3f9USH3b
gfE/zFZQNhWFNzuGd6ADf4Io+Wg9+L60JZmgBx6A9IiTygG9D38yREzQl0BgfGx4 +nt2vLL2FuSjJMtqS9ACRFncGCQAPsdXjozm85raGnn8p4j9EbN2MFzQ1/mRA3XM
xlkbs830dOgKafDVTMWCNomvOqIcU9kdirLuaOYl7N5yIR3TMH8p2kkkyYH0hMdX 3mNpZ2/qT2GUOB2d49WLHJvesgKGbrIQBb0eM6//hH84BonFrSR6Sf0uUjTGiu2L
TQ5v4K/OUYQteADMquJIJQiIfsOEdfd6to46yWIWlCQSJpN+M2iw0QoOPOjevCkC PXWkcsTORuAaaTzM33OVOzQTAhBS27vhMr/kxMZSdTx/14phEaJ4zkYzzPb+T92G
RVZ0xXALDuEEuUJLjlSrwRVOx5drsqLoClAeH1Li/ZFm+I6qA2pVKrxohwndGimR CpiDpwEfU2akyZNalZ9jTo28zq1gZENDRu6tYRsjRvPsDI3JN4702HZf80KFhdO/
3FVKgLzC1srGGXsIGqoq5ueeN2ZTIQ6OyJh/ERLFd0uEeVCv7UIBRwQ9WrNaaFY1 ZgQ8egO79JS5iJASxu78DbC8Lo28DzDN7etUTCLKxBmz/IQFIHDDkxmzNgoF399J
1OtoJc+0XZ617xSFoKWnyA== BiD2T2KmI8jOgLaSmuAnyw==
C.1.4.1. S/MIME Signed and Encrypted Over a Simple Message, No Header C.1.4.1. S/MIME Signed-and-Encrypted over a Simple Message, No Header
Protection, Decrypted Protection, Decrypted
The S/MIME enveloped-data layer unwraps to this signed-data part: The S/MIME enveloped-data layer unwraps to this signed-data part:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
MIILPAYJKoZIhvcNAQcCoIILLTCCCykCAQExDTALBglghkgBZQMEAgEwggFlBgkq MIILPAYJKoZIhvcNAQcCoIILLTCCCykCAQExDTALBglghkgBZQMEAgEwggFlBgkq
hkiG9w0BBwGgggFWBIIBUk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6 hkiG9w0BBwGgggFWBIIBUk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04Ig0KQ29udGVudC1UcmFuc2Zlci1F IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04Ig0KQ29udGVudC1UcmFuc2Zlci1F
bmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZQ0Kc21pbWUtc2lnbmVkLWVuYw0K bmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZQ0Kc21pbWUtc2lnbmVkLWVuYw0K
bWVzc2FnZS4NCg0KVGhpcyBpcyBhIHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMvTUlN bWVzc2FnZS4NCg0KVGhpcyBpcyBhIHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMvTUlN
RSBtZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2ln RSBtZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2ln
bmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlzIGEgdGV4dC9wbGFpbg0KbWVzc2FnZS4g bmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlzIGEgdGV4dC9wbGFpbg0KbWVzc2FnZS4g
SXQgdXNlcyBubyBoZWFkZXIgcHJvdGVjdGlvbi4NCg0KLS0gDQpBbGljZQ0KYWxp SXQgdXNlcyBubyBIZWFkZXIgUHJvdGVjdGlvbi4NCg0KLS0gDQpBbGljZQ0KYWxp
Y2VAc21pbWUuZXhhbXBsZQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJU Y2VAc21pbWUuZXhhbXBsZQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJU
h6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UE h6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UE
CxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNh CxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MTha dGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MTha
MDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5B MDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5B
bGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqV bGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqV
KfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfID KfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfID
lB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdS lB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdS
NRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1 NRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1
ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv
skipping to change at page 89, line 45 skipping to change at line 4065
MBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2 MBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2
p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzh p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzh
W/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqEN W/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqEN
t1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9C t1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9C
Dr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0T Dr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0T
zPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+Aq zPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+Aq
J5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYD J5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYD
VQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZp VQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQME Y2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQME
AgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0y AgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0y
MTAyMjAxNTAzMDJaMC8GCSqGSIb3DQEJBDEiBCDlUvgsJW6j30yo/fAeR1vd2Kst MTAyMjAxNTAzMDJaMC8GCSqGSIb3DQEJBDEiBCCb47LkqJUmFpzt9bQAPoWpk+vy
erfZdXyjSKu5gnNGRTANBgkqhkiG9w0BAQEFAASCAQAYPeerPzpSeDL0FAep2p3r 9sGfzpOuEZflV+goizANBgkqhkiG9w0BAQEFAASCAQCd+I+Tr7hDMV3VFvFGduS9
y/xmN2pXvMsg1OQI/r6H/WIUpXga0Z3Z5Ml/VsZtKIbFGv/3en7GoqKc0w7/R26B 4ysR9dceBgPloLOH71fsoJUl508WspagFkqjkUGPipKfYVrssRi8IHQM682HQqUk
qKvtjt+0K7CW1BaWKRqcx7hTIVJXQhT7UnQLnT5daf/BiPbf73FEKoOE4N0cvsVY jkB0UYx0hfEBVbsDvhYejzOYfyLRQD6TYI3HTVFJIJIKVk3JQUuQWzx+A5i14oHI
237ni7VR/Rz/uz3TnheOsBk7H/AEmKIaPBnJj8wFoc6E8Vtusy5ZIrhX6YEq6e3A mCeHl1FgRq6D1B3hjpWFFWI35pRZ1gSZ3tPryQwq1Y0bMkiF4CeuUYEKWIdFHZdo
YIJ01cm+cNWBa7kORT2pyKZ3yF2IIcoqyEfw/QkPkh6KM5hKSOUhvbQRPdKOv5u+ u/IMfLJoJeYpy8cyv6FznuJzkAR9AlUIUw58zXCD0ipCfKH2w6vwqdoCo4V0+cZd
r/KmOuAbX04XzLZY+RYFdPG/grj+YxeJEgZlUfLgx8pJET9J0RkTImNh1zVVU+r4 5cZlYQSFab3fduU44viKaXf4VOpWK49oDeR/tV5i1LfM3ZYeH2V1r+pmnjyt8CcW
C.1.4.2. S/MIME Signed and Encrypted Over a Simple Message, No Header C.1.4.2. S/MIME Signed-and-Encrypted over a Simple Message, No Header
Protection, Decrypted and Unwrapped Protection, Decrypted and Unwrapped
The inner signed-data layer unwraps to: The inner signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8" Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
This is the This is the
smime-signed-enc smime-signed-enc
message. message.
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses no header protection. message. It uses no Header Protection.
-- --
Alice Alice
alice@smime.example alice@smime.example
C.1.5. No Cryptographic Protections Over a Complex Message C.1.5. No Cryptographic Protections over a Complex Message
This message uses no cryptographic protection at all. Its body is a This message uses no cryptographic protection at all. Its Body is a
multipart/alternative message with an inline image/png attachment. multipart/alternative message with an inline image/png attachment.
It has the following structure: It has the following structure:
└┬╴multipart/mixed 1402 bytes └┬╴multipart/mixed 1402 bytes
├┬╴multipart/alternative 794 bytes ├┬╴multipart/alternative 794 bytes
│├─╴text/plain 206 bytes │├─╴text/plain 206 bytes
│└─╴text/html 304 bytes │└─╴text/html 304 bytes
└─╴image/png inline 232 bytes └─╴image/png inline 232 bytes
Its contents are: Its contents are:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="e68" Content-Type: multipart/mixed; boundary="0cf"
Subject: no-crypto-complex Subject: no-crypto-complex
Message-ID: <no-crypto-complex@example> Message-ID: <no-crypto-complex@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:00:02 -0500 Date: Sat, 20 Feb 2021 12:00:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
--e68 --0cf
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="f70" Content-Type: multipart/alternative; boundary="6e6"
--f70
--6e6
Content-Type: text/plain; charset="us-ascii" Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
This is the This is the
no-crypto-complex no-crypto-complex
message. message.
This message uses no cryptographic protection at all. Its body This message uses no cryptographic protection at all. Its Body
is a multipart/alternative message with an inline image/png is a multipart/alternative message with an inline image/png
attachment. attachment.
-- --
Alice Alice
alice@smime.example alice@smime.example
--f70 --6e6
Content-Type: text/html; charset="us-ascii" Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body> <html><head><title></title></head><body>
<p>This is the <p>This is the
<b>no-crypto-complex</b> <b>no-crypto-complex</b>
message.</p> message.</p>
<p>This message uses no cryptographic protection at all. Its body <p>This message uses no cryptographic protection at all. Its Body
is a multipart/alternative message with an inline image/png is a multipart/alternative message with an inline image/png
attachment.</p> attachment.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html> <p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--f70-- --6e6--
--e68 --0cf
Content-Type: image/png Content-Type: image/png
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--e68-- --0cf--
C.1.6. S/MIME Signed-only signedData Over a Complex Message, No Header C.1.6. S/MIME Signed-Only signedData over a Complex Message, No Header
Protection Protection
This is a signed-only S/MIME message via PKCS#7 signedData. The This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline image/png payload is a multipart/alternative message with an inline image/png
attachment. It uses no header protection. attachment. It uses no Header Protection.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 5253 bytes └─╴application/pkcs7-mime [smime.p7m] 5253 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 1288 bytes └┬╴multipart/mixed 1288 bytes
├┬╴multipart/alternative 882 bytes ├┬╴multipart/alternative 882 bytes
│├─╴text/plain 260 bytes │├─╴text/plain 260 bytes
│└─╴text/html 355 bytes │└─╴text/html 355 bytes
└─╴image/png inline 236 bytes └─╴image/png inline 236 bytes
skipping to change at page 92, line 36 skipping to change at line 4196
smime-type="signed-data" smime-type="signed-data"
Subject: smime-one-part-complex Subject: smime-one-part-complex
Message-ID: <smime-one-part-complex@example> Message-ID: <smime-one-part-complex@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:01:02 -0500 Date: Sat, 20 Feb 2021 12:01:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
MIIPIwYJKoZIhvcNAQcCoIIPFDCCDxACAQExDTALBglghkgBZQMEAgEwggVMBgkq MIIPIwYJKoZIhvcNAQcCoIIPFDCCDxACAQExDTALBglghkgBZQMEAgEwggVMBgkq
hkiG9w0BBwGgggU9BIIFOU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6 hkiG9w0BBwGgggU9BIIFOU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjUzMyINCg0KLS01MzMNCk1JTUUt IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9ImRiMCINCg0KLS1kYjANCk1JTUUt
VmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2 VmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2
ZTsgYm91bmRhcnk9IjkzMSINCg0KLS05MzENCkNvbnRlbnQtVHlwZTogdGV4dC9w ZTsgYm91bmRhcnk9IjUxZCINCg0KLS01MWQNCkNvbnRlbnQtVHlwZTogdGV4dC9w
bGFpbjsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29u bGFpbjsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29u
dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZQ0Kc21p dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZQ0Kc21p
bWUtb25lLXBhcnQtY29tcGxleA0KbWVzc2FnZS4NCg0KVGhpcyBpcyBhIHNpZ25l bWUtb25lLXBhcnQtY29tcGxleA0KbWVzc2FnZS4NCg0KVGhpcyBpcyBhIHNpZ25l
ZC1vbmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NTIzcgc2lnbmVkRGF0YS4gIFRo ZC1vbmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NTIzcgc2lnbmVkRGF0YS4gIFRo
ZQ0KcGF5bG9hZCBpcyBhIG11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdp ZQ0KcGF5bG9hZCBpcyBhIG11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdp
dGggYW4gaW5saW5lDQppbWFnZS9wbmcgYXR0YWNobWVudC4gSXQgdXNlcyBubyBo dGggYW4gaW5saW5lDQppbWFnZS9wbmcgYXR0YWNobWVudC4gSXQgdXNlcyBubyBI
ZWFkZXIgcHJvdGVjdGlvbi4NCg0KLS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhh ZWFkZXIgUHJvdGVjdGlvbi4NCg0KLS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhh
bXBsZQ0KLS05MzENCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PSJ1 bXBsZQ0KLS01MWQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PSJ1
cy1hc2NpaSINCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5zZmVyLUVu cy1hc2NpaSINCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5zZmVyLUVu
Y29kaW5nOiA3Yml0DQoNCjxodG1sPjxoZWFkPjx0aXRsZT48L3RpdGxlPjwvaGVh Y29kaW5nOiA3Yml0DQoNCjxodG1sPjxoZWFkPjx0aXRsZT48L3RpdGxlPjwvaGVh
ZD48Ym9keT4NCjxwPlRoaXMgaXMgdGhlDQo8Yj5zbWltZS1vbmUtcGFydC1jb21w ZD48Ym9keT4NCjxwPlRoaXMgaXMgdGhlDQo8Yj5zbWltZS1vbmUtcGFydC1jb21w
bGV4PC9iPg0KbWVzc2FnZS48L3A+DQo8cD5UaGlzIGlzIGEgc2lnbmVkLW9ubHkg bGV4PC9iPg0KbWVzc2FnZS48L3A+DQo8cD5UaGlzIGlzIGEgc2lnbmVkLW9ubHkg
Uy9NSU1FIG1lc3NhZ2UgdmlhIFBLQ1MjNyBzaWduZWREYXRhLiAgVGhlDQpwYXls Uy9NSU1FIG1lc3NhZ2UgdmlhIFBLQ1MjNyBzaWduZWREYXRhLiAgVGhlDQpwYXls
b2FkIGlzIGEgbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBp b2FkIGlzIGEgbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBp
bmxpbmUNCmltYWdlL3BuZyBhdHRhY2htZW50LiBJdCB1c2VzIG5vIGhlYWRlciBw bmxpbmUNCmltYWdlL3BuZyBhdHRhY2htZW50LiBJdCB1c2VzIG5vIEhlYWRlciBQ
cm90ZWN0aW9uLjwvcD4NCjxwPjx0dD4tLSA8YnIvPkFsaWNlPGJyLz5hbGljZUBz cm90ZWN0aW9uLjwvcD4NCjxwPjx0dD4tLSA8YnIvPkFsaWNlPGJyLz5hbGljZUBz
bWltZS5leGFtcGxlPC90dD48L3A+PC9ib2R5PjwvaHRtbD4NCi0tOTMxLS0NCg0K bWltZS5leGFtcGxlPC90dD48L3A+PC9ib2R5PjwvaHRtbD4NCi0tNTFkLS0NCg0K
LS01MzMNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LVRyYW5zZmVy LS1kYjANCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LVRyYW5zZmVy
LUVuY29kaW5nOiBiYXNlNjQNCkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0K LUVuY29kaW5nOiBiYXNlNjQNCkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0K
DQppVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFB DQppVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFB
QUFjRWxFUVZSNDJ1VlRPeGJBDQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95 QUFjRWxFUVZSNDJ1VlRPeGJBDQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95
d2l3WW5DdGtES25iY0xrNjZzcWxUK3p0OWNpZGtFKzZLd2taDQpzZ3J6ZmNxVk1w d2l3WW5DdGtES25iY0xrNjZzcWxUK3p0OWNpZGtFKzZLd2taDQpzZ3J6ZmNxVk1w
TDJqbzA0NDdnWURwZUFyaytPbkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldS TDJqbzA0NDdnWURwZUFyaytPbkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldS
V00vdWxpDQp2ZFBmMVFaMmtERDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0NCg0K V00vdWxpDQp2ZFBmMVFaMmtERDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0NCg0K
LS01MzMtLQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQw LS1kYjAtLQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQw
DQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg DQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg
V0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRo V0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNV b3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3Zl BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3Zl
bGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gB bGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gB
UCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXP UCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXP
mrszyidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEF mrszyidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEF
XgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41ko XgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41ko
aZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX aZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX
+TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iP +TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iP
skipping to change at page 94, line 11 skipping to change at line 4268
Fwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4K Fwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4K
kkOHG25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30Uxf kkOHG25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30Uxf
yrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HV yrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HV
X524bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP X524bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP
0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+ 0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+
JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSz JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSz
NnEmMYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q NnEmMYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q
UyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1 UyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1
dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkq dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkq
hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAx hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAx
MDJaMC8GCSqGSIb3DQEJBDEiBCDw/DGldVr1aM/U2iIYH8C6YHSKLUihv8FIEUZC MDJaMC8GCSqGSIb3DQEJBDEiBCBkEM75wgxSOKXxqQLSNadhQ5kDl0ABIYw030cj
JPECvDANBgkqhkiG9w0BAQEFAASCAQA/sn8ReNdvJH8O3Ejzs7eF6tBy6DYD5dFE kP4nsDANBgkqhkiG9w0BAQEFAASCAQA9zet9PbdeBOdT0TVjIwCXvUjnq1/UN22d
aLVxB6o3G6qHcupmwvHvL6zouALUoh+zkYRxuWNcPQGfbUqXoAC2cQ6ejwtz3Qnm GV2Ql//QcTN3Z7wMvLilhcYHrL8Sl9lIm2XYCV9r2yqvVyiB+qN+69y18HIzZ7ok
4L6amZZQC3NnwFfytOrIvGrMdT1M/39igmep2ZUq9BQS7vq0mYQzSgkGm148yOfI rgqQ8TDPt4IW2UXxyXrBOItFirLKklntf4SafPq73ipeZLMc3x3jr84lr7psIknp
QDeuJZGcw1EcFZuFUZPX4J9kvUu5twvDQoPnTitPVGJ9C2lB6PRkYjKW7JAmNtBL EEmNM+okG6FHduKq8nSvbAKlahOE9qvDGcBJBYXtn+/ijqA6Fxu+mJDshCz0Vvq4
qRbwZbtOjbrhAszzkRG5P8jR+35FIkG6abSF8hwYix0fJokUn3YnU7G6pRM7DSGg uVXp0ZS3pyO+Gg0JJnLD+z5+MPqO8TrSTBhZYQauVQFji9Kjb2A8KZpLjEXvw/JV
S9MtDUy34GTkdUQ7OXFlLa5kpQfUFBbQ5qflKUvIrBsYX6qjWAVs NqgxW8weaEV03KYp+fbsIdTSDwrz5w9rmSH1b+ReoY5kMa50eu9w
C.1.6.1. S/MIME Signed-only signedData Over a Complex Message, No C.1.6.1. S/MIME Signed-Only signedData over a Complex Message, No
Header Protection, Unwrapped Header Protection, Unwrapped
The S/MIME signed-data layer unwraps to: The S/MIME signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="533" Content-Type: multipart/mixed; boundary="db0"
--533 --db0
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="931" Content-Type: multipart/alternative; boundary="51d"
--931 --51d
Content-Type: text/plain; charset="us-ascii" Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
This is the This is the
smime-one-part-complex smime-one-part-complex
message. message.
This is a signed-only S/MIME message via PKCS#7 signedData. The This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline payload is a multipart/alternative message with an inline
image/png attachment. It uses no header protection. image/png attachment. It uses no Header Protection.
-- --
Alice Alice
alice@smime.example alice@smime.example
--931 --51d
Content-Type: text/html; charset="us-ascii" Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body> <html><head><title></title></head><body>
<p>This is the <p>This is the
<b>smime-one-part-complex</b> <b>smime-one-part-complex</b>
message.</p> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 signedData. The <p>This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline payload is a multipart/alternative message with an inline
image/png attachment. It uses no header protection.</p> image/png attachment. It uses no Header Protection.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html> <p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--931-- --51d--
--533 --db0
Content-Type: image/png Content-Type: image/png
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--533-- --db0--
C.1.7. S/MIME Signed-only multipart/signed Over a Complex Message, No C.1.7. S/MIME Signed-Only multipart/signed over a Complex Message, No
Header Protection Header Protection
This is a signed-only S/MIME message via PKCS#7 detached signature This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a multipart/alternative message (multipart/signed). The payload is a multipart/alternative message
with an inline image/png attachment. It uses no header protection. with an inline image/png attachment. It uses no Header Protection.
It has the following structure: It has the following structure:
└┬╴multipart/signed 5230 bytes └┬╴multipart/signed 5230 bytes
├┬╴multipart/mixed 1344 bytes ├┬╴multipart/mixed 1344 bytes
│├┬╴multipart/alternative 938 bytes │├┬╴multipart/alternative 938 bytes
││├─╴text/plain 278 bytes ││├─╴text/plain 278 bytes
││└─╴text/html 376 bytes ││└─╴text/html 376 bytes
│└─╴image/png inline 232 bytes │└─╴image/png inline 232 bytes
└─╴application/pkcs7-signature [smime.p7s] 3429 bytes └─╴application/pkcs7-signature [smime.p7s] 3429 bytes
Its contents are: Its contents are:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/signed; Content-Type: multipart/signed;
protocol="application/pkcs7-signature"; boundary="4e5"; protocol="application/pkcs7-signature"; boundary="872";
micalg="sha-256" micalg="sha-256"
Subject: smime-multipart-complex Subject: smime-multipart-complex
Message-ID: <smime-multipart-complex@example> Message-ID: <smime-multipart-complex@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:02:02 -0500 Date: Sat, 20 Feb 2021 12:02:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
--4e5 --872
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0be" Content-Type: multipart/mixed; boundary="757"
--0be --757
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="cb6" Content-Type: multipart/alternative; boundary="3ff"
--cb6 --3ff
Content-Type: text/plain; charset="us-ascii" Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
This is the This is the
smime-multipart-complex smime-multipart-complex
message. message.
This is a signed-only S/MIME message via PKCS#7 detached This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a signature (multipart/signed). The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses no header protection. attachment. It uses no Header Protection.
-- --
Alice Alice
alice@smime.example alice@smime.example
--cb6 --3ff
Content-Type: text/html; charset="us-ascii" Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body> <html><head><title></title></head><body>
<p>This is the <p>This is the
<b>smime-multipart-complex</b> <b>smime-multipart-complex</b>
message.</p> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached <p>This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a signature (multipart/signed). The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses no header protection.</p> attachment. It uses no Header Protection.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html> <p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--cb6-- --3ff--
--0be --757
Content-Type: image/png Content-Type: image/png
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--0be-- --757--
--4e5 --872
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Type: application/pkcs7-signature; name="smime.p7s"
MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
skipping to change at page 98, line 15 skipping to change at line 4464
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH 8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524 RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz 7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAyMDJa 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAyMDJa
MC8GCSqGSIb3DQEJBDEiBCDQTcb+2QaMhBSlslOnLpojyHSnq4gNzFYU45gwqAHj MC8GCSqGSIb3DQEJBDEiBCC5KpxWrqp9lc/at0VVROdHn83fXt5r6VC1EPizN3pz
7jANBgkqhkiG9w0BAQEFAASCAQCYM1/HD0Ka4aZwwLS4xMGoyFzGn5G2C3ph0jKS YDANBgkqhkiG9w0BAQEFAASCAQCVWFu4+5JFFOLMcfSgjQsyxsRKPplmT35MrYT1
mCVbpfAxeHnsnuFjdCYzgN/mdBCOQs4P2/rBGWy3DpDHnKdaB+Q2/IZmI1UgyRTM rZKzBqdb7BgsgtavL6xHs/GKGjbqHwrrPADgsnyeXwotOBZoFzxLxw9fQI7z7wH5
oclbWWQfTLX1BuI/mJKqHBhJn0y17UXCUAnvSoYGFhjmqTQStR3k4PsdJod78pEa QbGLEj6hRHvrSdYzhlptTnTqc4hXdYwh3jjNJlIf1D01EP9KySaLt3M/aGcNUKDO
9+Yx6lBGVyznuhHaGuB7lh/S9pxAYtoJFUuIVq+frSN5xhmisPXluFHC3UPu3Hyb z2ngLLtpOQULqGm/IxkIG+Rj9YHlktQVEiPxtT+TQ8qO0eiHZVukT88BpGOBBpCs
3w6gm+bTL4NDNWwXXSn5wfm9Ru05b3eAEv9pADPZ2TKZPxzrfe4wPNzArgYwdn3k 9aLUH2JuEF6v6wKp9S+sWj4sxO9bzYmNPOmi8WWyGYx5NVldgzeZxhISConuiji7
6NdLvgw4mZmSSiOyOlfKo3cgo4rZuN6CeLCgqZ0GjIJS43v+ e3Wyda9wa7pqiFz0nsY+/mqILYTxBYMcsjN8uZ8yCaPdcfpU
--4e5-- --872--
C.1.8. S/MIME Signed and Encrypted Over a Complex Message, No Header C.1.8. S/MIME Signed-and-Encrypted over a Complex Message, No Header
Protection Protection
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses no alternative message with an inline image/png attachment. It uses no
header protection. Header Protection.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 8710 bytes └─╴application/pkcs7-mime [smime.p7m] 8710 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5434 bytes └─╴application/pkcs7-mime [smime.p7m] 5434 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 1356 bytes └┬╴multipart/mixed 1356 bytes
├┬╴multipart/alternative 950 bytes ├┬╴multipart/alternative 950 bytes
│├─╴text/plain 295 bytes │├─╴text/plain 295 bytes
skipping to change at page 99, line 18 skipping to change at line 4509
Subject: smime-signed-enc-complex Subject: smime-signed-enc-complex
Message-ID: <smime-signed-enc-complex@example> Message-ID: <smime-signed-enc-complex@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:03:02 -0500 Date: Sat, 20 Feb 2021 12:03:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
MIIZHAYJKoZIhvcNAQcDoIIZDTCCGQkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIZHAYJKoZIhvcNAQcDoIIZDTCCGQkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAAWNP5pH9dbDPUdHQXSo0/ngHl7DGuH0uRFS Boq0MA0GCSqGSIb3DQEBAQUABIIBAGaxvLw0XDiDHlLUZffbDPPnrxQvEqUfaDKF
i68xp82mLO/liolbzronottFipHvmMHYZ+dL6fqVLlqY85FtCp/6r6iklmuQzP3g q/0tzSwKuX4GYXwI2srRxm04umoeqcyUdiaBx0Vu4R2mSCSUFspk+W9KACMLqpTO
TGRtiY5SvNBnm9bqSMcfOwHRaat7gKVKLktFXeQN5vUmaxW4H+RXBQHFXpoTljF7 hAheLjlB2C2Pu0t0NbkbO74Junxy4DM7epIDpMRqfDs78QSJtuLehkvZRSPbu+of
z/z2oPxLYiazyV+srwrlSF7N8NvwXgtewhV/GDQZKGZEqQlX4XPRy1XDPdi+vHwU fdEjeihEluJrK171PW04zgCUajmHpT0QFkstBnP8sI631tIKutQ1tn7f7NbXFSkI
0gxqwRzAhAkN8sAIs+82yMFf+OE60fqI+pPWxrR0YIEXEK/DBl4e1yA0u+keo/eD gnfZnpO9osQpUI1hfDbKsPE4Lsv0p3R60Bhy3xK27qS53KMH4bzQrIN86FiGRgYL
NWFKE7g2BihWcp10wDEZHqEupPPN52LCHihyzpBdG0ubSpqYm3AwggGEAgEAMGww 25s0O3jCSDuNimD1q0Yq3ADJwiN8JE4vxl7ohOvhqkV+cFfiA6MwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAEALPDG2li48vBIODVbDuAZnJ HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAjofQnu1xr50wncKoCmExvdj5
AIJPGuV9pVAU6AQq3+WWPd7kx8ct2WJPWpUOoKsvFyyNsTc8n6lVTrwflR1AcGhj eIbwYUuUrpfriURfX3dhMTAQ5jnQghbIi+zmTuraElTk6Vi65/rpDBz7a4YBAaeQ
kkX7VGb71lpnC8ygaSqPF6KtkMICcW3nNdXBuqYR2n6npGD1z7CzElQbMgC53Ell jz3GH4ua8j5wrYe44ipXaZnHd2QkS5zYCER/lBD/lgCrgewhy7Ef4QI03drzT3zF
VqC56yHjeSiyLJKyyZBq/0bDjveFHndHCWoIQG7f1HcA8CY4bNNTC6YzQhQNbc69 rc2YozxaViKZ/KUaBn27BlIPZoXWtahlSa8TnoZkCl4to5mI5K6vLuxAR7WgFC84
hS+S+WwjOtpmNXLVZq491Rs1zPOUN2XjwE638rUqe1M/McBAwAXFQ+YBPdjWhiDg 5vpnELyyiXcET0cjDnnvfx2wfUpBPo4gx1S+VTzcCn9i/b35LiLoVWSlWabY62Zt
SrAjN8xnTyi4XJIdabs5RIVg+NWDHuhdiTlzU8M5kY2ShAuGHY0FO445l/e/CDCC RRlNH2gTIqNKjw3X6XvSM63e6qilg7vxWf1wv6tS+mlgsVzxc58u1g0zCxKuUjCC
Fe4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGsnW1gQI42Orjxx3Fn9pySAghXA Fe4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEL40oVxNKumsqJAgvAxYpoaAghXA
P71fxkSiJhQ9hJFUk1VtxPLYVxD6RroosTILpBn/eB28fOyA1z5pIhzx6CH35SuL WAvh2j69ZQKJIU7KRi1TU4RuE4uuPBn+QLa5OYXocxAA8bN2x1BcW14DgROhZ6mA
MzuFsnN99/LmvOe9z9Dc1UCrWLUhod5uVQilrdouxXljMdZlNGDj1zc10+82ahAP aNv6yzK+aNkYpnlKLwo+YWw911hMLdjVBUJxZan9N7RvRTwxvBqxUFP56m/t4Nxw
KotYU/8AmtUHiGGs4BVr9tl5fBF2l72KYhlh1MHIU8x0C99vqOq41vBqtC9cmCzS lKkRICb2yt0+/RzMHA4NqAnugmiOPs1Fcva2vXL5eRn0vrxQCTQOkuPdRLNMlJX2
ht9TxlwRACQgAxADyzSKMc2rtqkAEqGRNBHxq09KxI9pJ6qkj3rQ5aL+epnkYoGN u1cT59pFStaxkPxE9MEm9ES8+nuvJNX/aOmUrpvYQsED7vCVdlemd/NlQ8fbTiMj
B5thIQCoG7x/jNzN+mRdtvi3LhM7Uce1TU0N83VoBxpiH3o04re5CUb8ELEYssmO Alg20nrbCxMBgGKb1RqpElmLP8t7ip1JX3Uqw7rB0zVoRpf4q4nMN+WIdSsJevnn
4ZN/5AFQ3RQyZS0z1tgWzahrzo91VCvbdnM0irtXZPjpS/NoR/0ZokjE5Iw3SnJZ cyyO9kTEhklwTmkldme2XSmuPukBjW1RghHV5hpWDmLssURpb4rMf79l/8mbuZbQ
35gdvu48eGStmKDFiTs/TXkuPQcMd2aO/joDD+/XNtuSdatXWp+PvELMYR5Z4Pbz juHI7gXVdutDH/VxeMx3fPYtYRrkrXia6XHtHFoIfRuYuXeoX3uG36FDrCXUHthq
KMo1jMj5n3j/O+6WF8Fg1Dx8vr9JwHTP/4FFjh3qC1aMZxh4PjLEB4dD8rWJQdJA 5TujlJkI2l8gYUsNUl9JpFj5mauVnlWHc1ZdgY7Lu2DCVooybBD4Zfe2laQKl+ZD
p/3wS3+d+0kSkhnjG2dT5/6MtRwX5HFQlrVEAbdBIJee0GTAlLn974Li9JiutWzz KiVi4yxFWMlbZzENMmwUXnrf12xl8uEzNW63Ms573Cp6DgLj5acfSJPA7GuKT25Q
sVxTyD+6IBTYSoKQVbL8Th29J081sh5OV2bZ7EFpU6iwWMTEjKQBML9PLs/BO3ME +C2lfP4o48hMdwqL7xZU1cxEjiUE8bhvBVQ7RNvWziANmI+vzAXyPmq+LNjeaig9
ZOsd8Lh3+RLMm3hsCh6ixAyDBX0xJUpW5dbbnKMffsUwdRxBBoO8rMFjURSSfJ4G yzTEDRrcDISL61wVBf1cakbrDS/zitKy4WZta15pWLpXS5Nm0o/j78H424poEnkl
HzqXh1Lr5XEoKG7UQxW/2brMx7gf3OXsKq0YWQ7t6eniMkItu/lcndywe58q9nZF BLdn9VFjENNYqszWxUmTxMoGE9bMFAOQny4FrMCyuFLVcu2ktQg6L2q8CSw98Eod
h5NmmXH7Wf/YhcH3HywFXRv/0tSs3EgpjIgwGbeggwrND8LKx15kdRpT8egu6sOr KAg1vyKIYUtNMghZpx2dSWaVV/0dFzgV9q3ezgKft3GrZ2MP/vdCfNB0+GM9yJ79
b4D8PhzYwKz87V+6fd6rDBvarWD6Oi+t847eVdaGPZ3qVVaMlQs5llAzLPUsqkU/ KJcgdsmUv8GeIs0fkihsABdUMZn/kdFdDOQIx4w9K5hmxWXeR37ancwRloBgC2Ke
zLIL1c1SxCSoFWebd81CJ/6khs8tWpoiEQugHMrjyLykbax+jHeA7UD4+XZhgaBN 5Ci/MtKsHtnaAMhAhwHDtaB2jlITWQUvu3uBe4CffQaZblYhro1KedIcMco/Kw3Y
j6VJxeiQ3Euaqs6NdVe5KLGQVcpRayoifbsI/NogUY2WM0pfccGHtLA1KbZga5nX sQgE2SBhKTmiIQC/JPlnn350J93zVEzdouhzjXO9NyJpQHX6l4iJs8V0GevTfcXN
ba6kox8cLSgf2w4B2CGEFAyl/yCXIvEbJE+L5vMYLd5dtW2UsR5HeD5i8NZ2+hYC 0fsuT0XdX5aRjlFKB4Wv4G6jVf9lQqNHpr/fEnSeuz0bFnGrZetRYHlHu/gxsDDA
oDq8hcNYSCt1CX2BTd7bCrCOaP38pl2Q+k0VV6J2y+lyL+P5hVtcYOXaOfQqWjhf BHAirmRhPNUJEMWkeC4t9MWfDMtI0EFb+80E8y27bYh3VlGxJS/Mvfwd1sgRmp2+
7tpMXmMGqiaHP/Megtx5x9pudrERLHpJNnF57kx/YoiDOfKPSxNmKMfCWkJFOr/H 17Gyny7MA9xMtIhetzGOpLb/8dwODdenv/Set1qJ3yDDS7S6UnNsbuK1/08OAYBL
9PPYERlir51S62YQvqW9s2rwhjCSiL/YQVXpGoR16JRmcIBOVMsT4a9ArSFUdKNt hNbO5pGYiQohflHkq0Rrs1ps6lxdz5hk2fm44sgCKtTC3S7g5OUbATSx3zl1aEE0
7x30W+CQ0ff4U+l0sfE/jfLwtPB29h1i5JFvbrzc9oyi+xDa4Iy/St4bbS6wulQ9 bnTcNEoh+iHUj4YFRhz/sB8sqeodMJLSlbUlAl2OgmF+cJyLT7+SdAR0/vJxjkgP
lo7PgPM/Oo8/Crav4vd20tKhNQQuR9YaC8a5n3fnclF256tcZunUg2G4MVm1ZJt7 vVB1p5Eut27JGaACrXfWE/hGGriLgdiT4UgV9f5pru7w9TVM67jc59+7Flz4bSCt
oVslu/jaywsluQWdpA8ldSwnDq4wOFN5y9xCj0UgCaYqRSwB5auAlCUo8WXyIkyn K+xUskePye1SN4DeaSDOm9hYUZMfKu9lcXAWRdGJd4zWdICBbWcfNvuajuFZbOE8
rhO+TwOigrJvZ2AgJjxh31CqClADwN2jBYkooDE71YfOOXjR6a8LBWrS4jCyInqu l6lmS61f7/6zhLSREt0xNP/hsJa2QpnDE5hQWql3lkyC7k4T3bGzvYRKO5D063kF
ykdEdDcr11peNN0AhMKBfD670Qp/eQWtcrjWuM3qOsZfSF6YuKQJb1t0yRQontpo Mgo2aofZ4QdbsB17POiibSEj0KyxhXCDnjSybQ25gOycg0VoshVZj1loxIDfMZzh
dWFHw5RNI5p5lx4bl31XfpQ+dg6JECpbgNjcP03tVRMzAlvlj8m0P3dzr8XBr/8F lRuA04q1dm9W3o/MXKLbhWhyFAEJswnz05VxrxYUQLL9mmcp8I8fN1YH9gd/DQQC
c1128rmsvIGNWPtU8N6sAzBvWC3hnuq0fmiyvlnF4+lk5DJWfXVPHtMTc24xOp0z BQPkzzFs755rJpdPJ1KKoj8aKefDzNSBszgHdwNUjbrGHRQAgqYg8QHXHzG5SNA+
z1gM7+x/v+SIQuH3VvmEtQCCKtEXUHw+sSYRhAlwG1h8Ii88RNgg6TpTqicX2OpX xX1uvJv7gMcrlSFYTKKgWKM7tdBmD2dhxQL8FGI+ZlZEF9GZ4UIVEMRVJqZ1kQ0k
WICs5PLwa9BnYk3IAgyWfHhYEqY4ZYbq3lMnkaCZ0G30lXRqIZtumMTFK0j8RFt6 qsR84dxCejnALehDDAjsYl1E2+OJA8DO+ddjdPlF3h5DNGs/GwJ0CkStf9mWt2LG
YI7wtpXImenNYZ0VSqSlS5hwLrYR3BjxjVO88ZhUao2cA+c+Gdown3j/v+BpkJgf uwueWxdEeI3jphF75ttwJ4v81Dv4vEH0suzcQS7O1PZmLoqXu/h60SvKK4txEr2O
5AvNcx4z29oJmYq/lCcHU1UHIuKdu/zyMgljgJoTbvtLB/HoIYj1BCgIoknhrWz8 60uc8un8a4//WcMotRQMfMmYmNomY/HaayEhbEPWofENsEgsa+70oHFgqcM70Mts
Rxsxdl+TUpdzN0fQw9jmzsQdwpalTL9gitqjeky3Lt8mfw+rl1aTiPSS667pZebq TyW2MOXM7KEgUH8YRsHLx5a1V2TCqVeJmUcq/MeQZs30rxBywGNVRPijc8XSV9kO
fBdh+FlokKqhprCFYZbD8lV36anMHWkbDxj4/E1Ba58jZbC1w6GDdQ5uSLSXgbGw fRI+h+d7c2YROk8QLrUmdZdKxg9229I40r5jwGOzwljFCYEsyWC8AEw5TKi0Y6mE
vb255hmcWco8N78G3nsWtvygR9P4zRjfu/KM9IPzReHeQkE1CispMCf7Zx6+LJrF cdkY8viRK1ZkVTfR7od3xgfzjm0Woo1BW/Nj4Q3j9B7eR+TdOZqq26/t7XiqzlMq
wlW4Vl7l59d5qlKODKgInUpjGrBZo06/rb/QJYmh0CvAGbKVUnX7sWzoGIbzTN3g jor08wBhE4GtrxBHvIjgvArniBe/z9s4p5ZT5sMWqm7YEzkAWeocT5cvJGZVdmC5
zGEV/yAlROQDEAnmCoIKieVlThjDf++eUKiDbdbkhRP4OP4+b6DhSSdk3olNCQ/G CtNUI1mmTIngy57sIxl6rSXcdrSl8qMvTc0/7D3mSChpj1OQxhP95jtEkYMAyqsr
PO1HfVna9diWNUb35TsUy067EsNpNFlbAJ4/3/e46+h8JxSiD97umeFDeNECO0JA vJtZMCaumihR3BKbnsPkdpZeXb7VBGW08M1jv9dy2MucmTCyP8inDhMwPuj1sn2f
0PcKX7x6kdFYZ7StiQWIgkK8lXrSv22vjdrHAUx0FP2m8mgnkWrOTeFRnvAZdYem VRqgyqWCfLH1N47gXtNtKbOvzJ0NkHfJqpJRY6NtQ7mVHT9ZUjh6HjPVU47TikOJ
qUTR6g+eqq6+H9cE+VYutjzStfx5b8y34VEr6SmqH09yBggTG82zYii0o5d2qmbE PU97IYvGhwGnKf6ROUXoUt0X4rba77kgBAA8NqtGFB0O7IZlNzL7hb98TjMOM0pn
riuRHabQEt9ybAeY4BjaBR/o3iH2G45KVVUrOPlvXvAoGCcgzCMHqRC1zOZzcDO3 piWsihdkP5OKgv9PToRlhmv/g1ZQ3Dli2oFBmdQrdMOfvqWZWtHf6qFXXasjgkKh
fXD2LSPHqf4IcqQcPetejTSiLjdzjkBsw8EZBCfEtZN3/BFyZRm7giiL4qLb6dM+ Rcr1o4TfRQT/WbHj4Mjcx9/govqtB2ssw30JTI2s6NxVt+0GKk798W4mAClYqSDY
p4yzwC2qHe8g1AFhUx9BwynN8iSRgBQzCIgA6A8kdXXwWAGJCygs3FUKZ4mBO0LR 2nXBS0Oa7vr3MRzlmwMtFvLe5WIV4ojjvcjRmgFLVA9d33D0Cvb9h5tk8jcHO7H+
YxElYI9gaOBifFWOmdmLauNc3Lc9zORmd8X9vjLsEWcY5vQWQ1Ao/Yfj5cdBf3lS mhcXWhKq+Ugmk1xjKiNqFOUmif6vr9lwv++RGJEuujVWRgucfMuuQJmhOTBeuEHA
jrDwKQf0B+Het9Y64x9wHrzsTyF337+PPVtw6PIru52GBk/Zcn/sCMmgcS4R7igf nTg3ILoj5I9CFTBCr8w8CGfJsax1gmOpY39aXxgXNBWH8YhGPi9UYu/cUdiXyEQQ
eIyWagLmtwKrlZRGb8KYyElMDM5gT86ptGJyoyAhRz2dlvuHBXuxYZPlIAg1Rtql kBmFWvaD45247R1ubkERejEd05zl/K+93KhzVDeoMow/Q0GGEEQ/SZ5als5NpyzJ
O+rj/0d6b0ZfJW8fLhba957Gf0xLldXuuZIMqyJ+yOK20rsVWyYsR5hE4kXqXghs Q7qI5jDjSqreiRXRrX1WQTN/7aTaCnw1LwNO5SNHVzZP1vAQIZQlSYxMzrFPtuF2
aIZFbIsbSIfhRZopjKlUuVx6IPrcQ3qMmwlhnmGTTmDR//N9GRae8OulQmWkexdw 5uiFKJrUpe48NkLNi8bAKOb3Wc4OvLlPhbBVQuRz0lN8VE8gZMcZzQcdsFvorEor
VzPflEjb2gTpBhNTEFvP4KePmBoKtFVjfSOF+OezE6aKDr1RID0ux5k1HgpS1gMP +4+ABaHVsTbdrrLGSGSpTcqGpTcd620H9JvrrNgfdv7eZ/ZD7TT9XG6coy4dzO33
CKFJmgCs07bKgnWiAYgEiYKIocXMvJAOZnzlXVuly6XxZk+SHqUggDnINxKusWwy gaWIY+VZy/poMm+bFjYD8B7bc+qiTYQrIyBmFaC5haFgRnvN9nFq2OmL40g5Q9Ur
a+SrV4vgeQWs3qTFGvTKRGuRfygPergdA2h/Ra9VSJVARv08Ifo9e/H6kCq/ZaaM eLfPwPc5aBgr+kKjebSMl4ZLV7T21BPDBDZ8JWFWFutw/SUR/7a9S7G8YkztQPxh
qJoXVKRUp4QRtHdEV3e2qUcGBS00EGlxEpNBT9kp1RHnGzQGKDPQGTpeSwkZrVzP /EMrFUsxK+eYu4OCbTGMOdZOAvnLO3Na3AjaSJGVdCKU50Yc4HxZOdTOMm1tfRj3
NAW+cgRaCq3ebuGWZYddUpRH6cUhv9+/GYxA+g2LNtKu1544vmar+96nVjLkscw6 PZIWjOp5lYue2SK/pqG1GeFztaZbGF19zkLmZMRr1KO71RQeaIl1wlkZYOLRonIS
Elyl/xc4q5ADYEErCjgJTx1bGBH/lKdHGanC0JVKld+sImlXGy2BVAzR+fCYSAII qE7z6mj//Z5x6zP17i11LhhWMIxZECpMFjKA4dkfXLpa+aMqd8Wc7p1F7UeJbu+x
Z8WkZcu/Xkv3pVYIx/tnl8Lx8kktJltyxkm482hUnzZy2O8knv6lJr+BbzkvmV9D K4kLfJdRf+YjIc6F+OtJClK98AKxjfX6Hs6AdTBT3SkKci4qPmNOslv+GgyUP4yf
mQJpjowoqG79tLqaJVuJtFm9IleTMRLiMxQ07TgHpd6GTpy6OSUks/F3Yn4ZYOa5 MwXiTn3/TvlrHARaEQrKCTUL6GnedTEFZIPy9UUcG82PerOeyitm6m4SmSo+VxSf
5lPDfuqK6yB54qXjCCGKuRWji/z2B+qdE+hL8RCUXBlKfr5Cvs0SpNKn4ccFrVAa grQQP1rCjz0xxaz5PT0+6rdlki53T4rBUYzw3El1i5r7XA0Pw9+dLLLzRWL5l4Dj
SX418VQHSlJZtwmRVeyX5LuCznF+g+vnn/g6h+fwGqzVLU4napv2IdU0ULxSB3eU vr4XvuyhKu7PZahKtoYMBKVw423JxNpJkgP2DlhEb78pUeNMaUUwGyxjSLX6mpf5
sWEzhcI7JRUsygOEeseQ/0N8WydYwYU8CSGmygTPfl9SIOojZowc8dZ1yaU037GP c4a5Q0+R9fw4Acs/QtDoX5ZMgMoSpdN8x7AdBtxolicWe/iQECurAnRYcrwKXo7+
/Y+7O7LyOHZXxheMVBomZTenvyfhRsHiNXgYRIRkL3YSCVmzh1oTN+IOXoLYxWVK WVURy5/cq6Z3STIHqdCcGBBJLX9OsGIyBK80mgmhNDjbRe4fdeVXOSWQOcdNQSXT
pHhzOselv4Tcy9wPzKdMOh/YBl1LLyskl6vXElLo45jTFpUr8SQ1OIxH8eeeUfw8 KFg5G75UuCkukly7e31XNbhhRQy58jbuhM4bptnxqM7cz++uC1Xfl+zm8TX+1gRM
PJ6yfu/w8gwk6R2x9VbJTrYHuI451oKNZ89jHhhPH1x+PDjOV3ugKabNM0JD9u1G BODVg/e5OpJT6OBQv/V0aVChRu9pMa7B7Zi44iYZh4jAK2s86f7d7amLQZT+PtCY
t5fN+kFz8A3jKMAtkaBHHFmBJD8Y1lmRPazRSX8EF7hvtU+YgIc2z5yULwny2LWL g+Q+8Vxf+XUDs1wciqcBZAZ9Jo4Qk/1cb1DBmxj7Vh54liv/nHUErohlUV6CVWOM
VTRQyGoj/NDDRRt9MsPf0ZBLvVBPHcJWdWY4kLQDPCE5CrH8F9fsIuh89icDUMUP Jcb43KIuhkKooVG5e1/u/9SHRt4nE5WK9QQruL3OV0hzfopc5UAV57ocQBMHdgqT
yOjI7rCydpceJdvOv65SSscf63MRdsZvYwOm1JgRdSqki8e+qy77o12qXw5eTeIV ezq+ntFTFlez7Loed/zUqInzWhE3I7ID+pJX6YK5ti4E5uqOzBYA8bj/a3PTwE2G
7T+YWRbO5lWuVOZOJPv7tu3rdTCGslsTAe1FISU3AzrB9fNG5eHNmPnjZ1yqOlpL 2PteVZgcMK3764MB/dRgSPZ8HdpsYcG685aCzs3zEIYVi/Q5Zp4q3UBzRy3TY0mh
J9BXVvNmWN2cVLutEfimcVRW/aeWuY3+HgSMHOhiqR92mRN6VY6PbdQ+rT914fUz djvDk1RcCwkmKxzrQDEJVOcxz5GdMcuLt8WAB5pjK3LG3gIEbfd8h968U+D3+ufV
Vmy5LIN/kZjdeizQyTdgfrRG9pGDEimdlPPia5nCxhCwGqxkGPezjzNEWzHo/C4W 6KjRsh5cweupN51piLneBEg5TgjZzSMuYakrbezTRfySO9SFIj2JvLfWvuX8grEi
knfRMJpMbUJqZVe5uOSE466nhOKIF8nmR2fMzYYpnayCsJoh0AgghIAh94OFGz/T 101qRGC8/O7/I4L45Sb8diZaPsNIl/3kuqjGMASYtnEFYcrurCGlC1UweIShOrtS
Fp8hKykir4JuzspCI43sGwqZFVICfGOEtisIjZhPUn4VTvxdXsjMoC8ebVUpiMsw deHjmBBOq+YyAYybF2ez6AVPr/SDfwxcK+cQB1wmpdftyuLhY3uEQE53aPvxb9EW
/IihAFjMc5GdU5bP/F2oHiRh+B4e8OnSTdzS7PXb6tZ1g7ccazZ5ezp3rEOc5Q0X RVGOKJv4fxqOgAt99XeXQvgfWWM/Kix/hI+zP5gOrzKW0i/T7wdJBQDBIOwqbauP
yJ/UBiy29VmvLNPV5JBsZQdqCOkOHfz5zqXqnZLdp9XjuW/DD4uahd/t7fWkAjk1 fepur9reL75ixWn7AR7iMaEZD6sCfEojPhozeFUZ6KZdGo1baG3bRW5IRq4g9rt8
IN82Om8GTMjrKSblbvSHRXXQk4sDC7+4K8a6M6hcDXZ51ggDdJkqgGDeyoquA2Za YpujOEo4dFtflECQHAsoJ6xiCHs4XLgB9iLJd4eMzHuZDaVdPRp4JQT9fi8/st3C
+AX0XQPozqryfKggqqLL0kmBtfz5PJzDkgXof1VrbslAjQ4VsFjsIKeb4igc3IcS RfDkyIdFb1aAxX/D8xBYkE1zwC4TR3ejTEVwpQUNz8GOW+npz/uTUkjKxyO+P4qX
snPjPC0ujVK/UpKOnci30yo6EreEsxvoRml1jUZ2NZycdJ+qGxL9hK5GWfqFxGDp NSJap6dmxb34lUOtE/OnuMFcy2IrvE5g+NzzqwCFGOEOpk+Ii6HVgmZDhMhzzYzF
6eqt5X/bHLs+BK5R6G7qZRgk11zsMI+OLj9wkNRf65yxdWiREO/+0gewAX1sWbxI eNArxRQP2YA+dnn10X4o3oB2gW47vZ+PF61r6DcUWlTCDaVDU5FvMEu5AOasuwpo
soA6zPzvjk1hnz+rOHnip/ak+QIcdEBMWfUIpJXd92MW57IH5g93CL62vO/w2Kom /JSkBafZ0xup8QQHdhIQhuL99Y+CkNDGqh6d24L93bSRFiYu1k/sRO+QdWrNtyZ8
AoBVbHSbzFj97vbc6umT2CTM1F7NS4Rxb8xvuwgLAk11Li9QBhMcm47u1l84Jcuu MYOoeEsVP/MDdI1anKEOUn1snSaGc08yaSmHqttLI85KnGOJCNsNvJ/qB7DQXXAd
3IW6nC1v8SH77deDefBYZQJaeBH1HiBoC5Md1LgwP2EKYPEACnn0oPXW4hOjBRT4 gUWHM12x/dbbBwwh5cc281352crClDTdm21Vor//Jd8sz3o9dGIRyyf/NiEvuK9A
yNVviniI7/4Pwdux39cDeXg4GbM3FDRtD/4srBF02pl9A9UsADNE6h83bCBTrZXb Y4JJmEHKZ6/XFgBxmgKAXnik642D6zCX7phGRgcVTJX54NhiJ17DT7sw/VIN9lsY
9SNeObOhZ4sVXQ8Ofj7rr5oI8NmcFeI5wcogypd9esWitWGcE5i5wC+3n9nuFvfT GZoAWFjvu9wtolHAdhzh2OCFtRm8bs/SYyf2hUma9DL8Ejl1Qvtc0KHZxuKNXcqa
X8yOkEDXwDzR8qWgG1rl6A6JZnCL1N2fYJHkiOpu/NuFDCCXrlA4tvI8/E2ZmYy7 +srUOmSq+HrGMBL5SmVdwvRptytopEKPYvMZDS27IacnioEljjCHzQdqFu6zmwRu
PtcEuz0NmkxK28pxKXleGX07ioVVMy6iHhEtGuotiFXjT6USG66KenDcXXRSle+O 5d3gmwY0zuubQPz5FXiuyQ0ombKR4G9MWsLsRwMiwMz5sDaNbSIaKRgLDFxBQmL5
T3ICsHy7b29G9D6ZKxgPA2KlOa8oTvvaea5ptclHchK5WCyRcvdpoei1Vz75K52p qHlhHPTAZSD8r6BZTwHPsi+jfBH4lpgsdjHRYwk6ApX4lCdra/q5SaubBZkJnxpE
HThqwLkRD7blE/iIva2R465ghWQLV/lc6L4jPIX6YQXE+uLt5TWQkWZ4gNsBVKds 0TgOIxypGPWYPefHVwv2aiy3oHs21k19YpokEe3asKAcpmXFGSkf1Fzhac0ZalbR
KMgUQdy//yqmqxjImRsB/3wVcp947YOzbuQNKHH4Yn2cfsofnuWQRN6O0glCtX7i cP8fapP8yJY8Ys/fZDHGKB4XL28JKfMUeb7+YWtAN+yoj3YsfdfsM5EL7oZHcb/H
HH1WTu4d16i2oDzWkgBhvfgJMwRFXfytDvc2AaHeBvzTsItyW6dV2YkX/P3Cx51e JQhdvTLa5Iyi1IUdk/GUF+YYKuOMG50KClqAX2fm2X9Um30HTCENRuLlbT71youR
8zTSzM/+ZLF02Mg+kY0+GUaJohjx06dt45xKSbUYq4beE22VVZO44ObuDgNPv7by ei6dhxqHMbcBoscqFLVbVu5ESGVyjVYpMl6EjzCrkTgjH+OlCI3Zsu0y1JL+L2CN
dp86PRFz7yLNKvglqD3XFg3EtQsG2YlS5TpGHqQe2ZxY7inlFzdnktxYAfJrXwkb 0H5KQ2y7aMqbiq+122QrjICWNNWrA2qgB2x/NI/BiH5vGs5HDvKTDchafWQiDVJU
LGLVPNM0OipwTpPnAAShzwy763OX/Lh5Ou7MT2B7C08tCihanl3gQqvZvQ7ufNUF k4+CSSnxKs9AJ5VLStkLfEaxvtbBDt5KaLtmCE8yKKc6fGB4ji9CSSdWcfjCdd0K
3edpbAkvv23lVXIMPFCssgMpGFFnG9NogqXHJc5PzTESr+p7QuH+gvySHvYYkulh i/DaW0xKcwwsknVaYbL6evqAk5wEZjacf7kudcYTKBuMdEmM7vKVluXwI671dDdL
w7ZtNiBBd7qu6ire1igXaYN0gVizoIyDintGWxHTaL6fN0AYf2CJRzvragn03t86 BWFsXi2pTpFnppA90RBvNS7nDG0mKhXzTiqjEZx0uWT97yW2DtoalO6VlGLyC+wM
IkVIStrRaKh2eyZlwmG84wN4Vuj7dNARVcyK1HTIiz+zjReh2ouRW6ZMw4SVA5Fk X5TlswenP+r79DxCmpzYkOGI9SGAG2gN0SWrlOwy54M+ZnNynntc39wz355IzhDG
dUlQAHMmM4NG+BSek8qxIG02VXkaD+Bw9Z9oLcjE2lRfxc5QYc0smUD41m/dqbs8 O8DBoZVF69/RUgHVzJm65MMJjNEcv278QHTlyw4B1upAO4CMchGYfFDsQP0297wd
kDYc8I1ONlf19073hZmAvqpDSIO/R2OF6v2rHpxRGgoY3GGz3vz1U+sAzwCdT25A 6Ip8ScpKNx04amwDcK6y9EOtrE3I3cW01RrlTt1tIW3bY3iTdjv5NStfZxAhZlpX
rqPwvAIS3ocPUXbzbX2BpoItIhM9GR+zy0DVxZ8rdGuisokRNaa67lzEsn3yTHth twb/BDabvjlDpfPVlRXB17iC7RfI1q9WdpV6Zam4aXjYlvpWREZ1WXuTpi1lxGxv
3firVDH9ASlmKYJ7Igf/51Ms2KNm90x5794cE4KJG6k6I2exALrWJXEjdm+A2br3 CMYbRfrgTT6OZRwNeiYl2pO61ODzwQTbVS5L0JE9NSr6Cx/lGQ1Y8wxbJ1AOFAzW
O8kfGY7mi6PrkKyFLdTx6m84bSkuIstdfXvq2rrdS1eTqmEppIEuSx5i34L9AlY8 slLnMlkOFE2Qbfyz+6Yg33xD90m5LRnxBDd/zifczhV9+KlJ2u1GvaUAN9CVHrhw
qMiUbQUpThLhoQ0fdfrKAAdJRPEYH8nn2yoiZnmEKaH3N97cRiYDZLa/YBZXGnny 8M/ukjGWwxsq1adPxlBK6OH/vAIhynbYio0lrVxi6xYHfnyjfhab4aFozE98X2hH
O6uh3wezJRYa9QpSQH5mubiNC1fBoHzHGQEyTEZUaYJqqjAc4bx3yyacYnFTEPtX UFUFdY2qn8CT5say+QEyiA319gtZ6U1rqGpLD0KVNeIuaJXlZBst8sY/DzvdyflK
mOT2S4o9Pz32f6wvOBT6xJzOFEMoh25gURmymISZKMU1pFePNNTmmP6x1K4pI2Pi N+nGUROgrmuZZMIdkZTL1IHGTklDTRFtZdT4qPz0M3OxDw+DjPE6n3C8vxgWWH7A
VAJUuyS7OARkdnjKwciPFU7VB4JubPvsdOTpihU4MzngSuohAcUhvRFYDNB7CwgU v83ecUwyzNfWzfk1WYeQ6Lr5xcu5R7kl9fGM9oFOgQk9ZmQdRKLbZkwxpUhF1kdd
igyOSURUVw0RnNslCSJxnalxpenfouN6vfuE48wkOtq/vGnJkiepuyuDm7b+qO0Y xP8wNf7UQR9OIeve7v6eapjauXzJnXhtcl78YdteFxI6dBXCQ79JemUmPNXFuQJE
j3iTqIJYVDlo9sNj1zjFN7T/zWgu5w32TU70eJ82PpBtjOFgWyaSi8dQGZgf4oxt lOZDtmjZAGQIHnzXTl8kAOuHRlx2mkBpRwNYGUTQZzdGGJAUnrwBotPfx6310aKb
OhMKjRQAXPJs9f/NZzrR80oa04EZrTGoYu4+T97e5S19iyxKD4cLciqsLVAPISbh QbjtsoSyfghUvzp8ULhbxo9FvZm+nwp2OunIiqtKtuyWh19qlKBCXjrsd0IHZ5dO
BgYR+K6yHPT86vhql4dOrg07l9DYt3G1RiDHrCe12YA5iuNBBF2Wxbt5wZl29cdr PELQsof5zWVoPgwqd2QkDUSflUnW2zWvl1FWmTJmVQuLOJoJ4V5SX0O3ZtDGBCLk
PFmHJvYg+jIC37UYBw9qv2ABsUI8AUJc8gMqvylNIuilwBPz4hYfo/AAYZe+o40i Kc1FtP1XzwL+pASF8MBh1mYoJsdAXuUxaEkrDZXqoqY7zx5/XiD/HW27gZk7hrfo
cKwLe/UamiqdfPOVQeeN/BkXXaqr2EPDKUSeaShDrui+VKTvgKbJDbImWJjdhjQd Z/fR1U8Ac4InIoa3FHR1wLro0NJsF6mqRxCr7vMe2bhjmD0KYqqDW2pVtzaYuC3f
6ugnYd3ahi8Zk3+v6Taz0a7ZUtnGqvarOX6S4EH+h8H+CnLyuOPron5wJIssCMD2 Uje6Hv6rIWOjZ+Q1La2Lwx0RzmYafGZB8azGr+7B8eijXppVgn/s80+llMOiNV99
cNDVB8a/n26EiQUG+fsakGyCIEqin5nSSdzgBlDiM0ghav5onizmKyqxHtHjZvRP rkvilUvkZg3QCNNoCtuAb4/sfTN/pqXpcdW7Cte6kHPbxtzoGkR2P+Lu6lJdxrG0
/1tGNa0yDwgfSDycM5QGsMD4JUFmozQ/NZsNeGfJEjyZpsI4v64jzcs4QxEbJoDP as7bh0Rs7fMXCnl3ps44thAbZSje1ZNcuI4bQiYEgiF2wdPCcescz9xA8+Xz7t99
/K8v9kiCQZ3NtkHGDRcUBWNDbKij8wgOPAJmHweFIA6UnHoqJdbPzNwsAAjMVN2Z qa1t27+4JaC2w5maC49s6cd/hRi7AGCyy8dMhUfNz+xs8m0BrdKACkQm8i3u817v
vtvsfFtuDu5BALHyKAlf67WbdKfFYqfktnmR2rPXa5U/3WWiS6cOLly6h+cseQvS nPFC8FcceXCgwVK9lgZMGLdcYcyW31ma2JXJXjTTrW0Z9324r1etODBR75UC2p5s
bPn77hbn6y2tRQOIMstJ7pBIlim6m/duKc7PZz1u/tANP/gKkHzthMyAErEOPmqM fHVB/KkHgCQnEiEYshhHmYpHjiTbTYfT6S9HkA2yugwbdFHpxFjLRaS2AVZ/mZPc
Plfvt8ju0UpwGpiF1T1E3SRodx5/q8NV6TSKANWeKN7nahusiB5CVO2EclhjATXR Yhu1E8OWnxu0YkntmZMx3TlyR17KGIziGFAzvA4vwD34n+9S7yNeso264eUDd59X
XmPo08kyxwYYK7P+oBOXsE2gM/uZy3If5hIEfmxxJ+5F19cNiotTQwJM7Jmbag1O Cn0pGXHB13LsLt2EXxmb0gEZhZnWTdhkzzEXyvZjXeZDDeU4h7ilvJqWJ2CBpWtH
MtW7IWC7g+sDYln9L8hCxnCjoH331ss7c3470XB9pTy8EBnRdX5IRW9QuoRcMcZw w/CDpK5lffK0VMX62Dce+3QefqFVifhmXQfYRxgJGSh/qGYeLLLdiOWrdeZrFrvD
C.1.8.1. S/MIME Signed and Encrypted Over a Complex Message, No Header C.1.8.1. S/MIME Signed-and-Encrypted over a Complex Message, No Header
Protection, Decrypted Protection, Decrypted
The S/MIME enveloped-data layer unwraps to this signed-data part: The S/MIME enveloped-data layer unwraps to this signed-data part:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
MIIPaQYJKoZIhvcNAQcCoIIPWjCCD1YCAQExDTALBglghkgBZQMEAgEwggWSBgkq MIIPaQYJKoZIhvcNAQcCoIIPWjCCD1YCAQExDTALBglghkgBZQMEAgEwggWSBgkq
hkiG9w0BBwGgggWDBIIFf01JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6 hkiG9w0BBwGgggWDBIIFf01JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjUwOCINCg0KLS01MDgNCk1JTUUt IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjM2MyINCg0KLS0zNjMNCk1JTUUt
VmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2 VmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2
ZTsgYm91bmRhcnk9IjgwNCINCg0KLS04MDQNCkNvbnRlbnQtVHlwZTogdGV4dC9w ZTsgYm91bmRhcnk9ImYyNyINCg0KLS1mMjcNCkNvbnRlbnQtVHlwZTogdGV4dC9w
bGFpbjsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29u bGFpbjsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29u
dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZQ0Kc21p dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZQ0Kc21p
bWUtc2lnbmVkLWVuYy1jb21wbGV4DQptZXNzYWdlLg0KDQpUaGlzIGlzIGEgc2ln bWUtc2lnbmVkLWVuYy1jb21wbGV4DQptZXNzYWdlLg0KDQpUaGlzIGlzIGEgc2ln
bmVkLWFuZC1lbmNyeXB0ZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQpl bmVkLWFuZC1lbmNyeXB0ZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQpl
bnZlbG9wZWREYXRhIGFyb3VuZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMg bnZlbG9wZWREYXRhIGFyb3VuZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMg
YQ0KbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUg YQ0KbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUg
aW1hZ2UvcG5nDQphdHRhY2htZW50LiBJdCB1c2VzIG5vIGhlYWRlciBwcm90ZWN0 aW1hZ2UvcG5nDQphdHRhY2htZW50LiBJdCB1c2VzIG5vIEhlYWRlciBQcm90ZWN0
aW9uLg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQotLTgwNA0K aW9uLg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQotLWYyNw0K
Q29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIg0KTUlN Q29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIg0KTUlN
RS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQN RS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQN
Cg0KPGh0bWw+PGhlYWQ+PHRpdGxlPjwvdGl0bGU+PC9oZWFkPjxib2R5Pg0KPHA+ Cg0KPGh0bWw+PGhlYWQ+PHRpdGxlPjwvdGl0bGU+PC9oZWFkPjxib2R5Pg0KPHA+
VGhpcyBpcyB0aGUNCjxiPnNtaW1lLXNpZ25lZC1lbmMtY29tcGxleDwvYj4NCm1l VGhpcyBpcyB0aGUNCjxiPnNtaW1lLXNpZ25lZC1lbmMtY29tcGxleDwvYj4NCm1l
c3NhZ2UuPC9wPg0KPHA+VGhpcyBpcyBhIHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMv c3NhZ2UuPC9wPg0KPHA+VGhpcyBpcyBhIHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMv
TUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQg TUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQg
c2lnbmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlzIGENCm11bHRpcGFydC9hbHRlcm5h c2lnbmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlzIGENCm11bHRpcGFydC9hbHRlcm5h
dGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZw0KYXR0YWNobWVu dGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZw0KYXR0YWNobWVu
dC4gSXQgdXNlcyBubyBoZWFkZXIgcHJvdGVjdGlvbi48L3A+DQo8cD48dHQ+LS0g dC4gSXQgdXNlcyBubyBIZWFkZXIgUHJvdGVjdGlvbi48L3A+DQo8cD48dHQ+LS0g
PGJyLz5BbGljZTxici8+YWxpY2VAc21pbWUuZXhhbXBsZTwvdHQ+PC9wPjwvYm9k PGJyLz5BbGljZTxici8+YWxpY2VAc21pbWUuZXhhbXBsZTwvdHQ+PC9wPjwvYm9k
eT48L2h0bWw+DQotLTgwNC0tDQoNCi0tNTA4DQpDb250ZW50LVR5cGU6IGltYWdl eT48L2h0bWw+DQotLWYyNy0tDQoNCi0tMzYzDQpDb250ZW50LVR5cGU6IGltYWdl
L3BuZw0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogYmFzZTY0DQpDb250ZW50 L3BuZw0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogYmFzZTY0DQpDb250ZW50
LURpc3Bvc2l0aW9uOiBpbmxpbmUNCg0KaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FB LURpc3Bvc2l0aW9uOiBpbmxpbmUNCg0KaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FB
QUJRQUFBQVVDQVlBQUFDTmlSME5BQUFBY0VsRVFWUjQydVZUT3hiQQ0KTUFnUzcz QUJRQUFBQVVDQVlBQUFDTmlSME5BQUFBY0VsRVFWUjQydVZUT3hiQQ0KTUFnUzcz
OW5PM1RwUncyMGRxcGJmQVJRRWpPeXdpd1luQ3RrREtuYmNMazY2c3FsVCt6dDlj OW5PM1RwUncyMGRxcGJmQVJRRWpPeXdpd1luQ3RrREtuYmNMazY2c3FsVCt6dDlj
aWRrRSs2S3drWg0Kc2dyemZjcVZNcEwyam8wNDQ3Z1lEcGVBcmsrT25KSGtJaEFm aWRrRSs2S3drWg0Kc2dyemZjcVZNcEwyam8wNDQ3Z1lEcGVBcmsrT25KSGtJaEFm
VFBSaWNpaEFmNVlKcnc3dmp2MFpXUldNL3VsaQ0KdmRQZjFRWjJrREQ5eHBwZDh3 VFBSaWNpaEFmNVlKcnc3dmp2MFpXUldNL3VsaQ0KdmRQZjFRWjJrREQ5eHBwZDh3
QUFBQUJKUlU1RXJrSmdnZz09DQoNCi0tNTA4LS0NCqCCB6YwggPPMIICt6ADAgEC QUFBQUJKUlU1RXJrSmdnZz09DQoNCi0tMzYzLS0NCqCCB6YwggPPMIICt6ADAgEC
AhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoT AhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg
UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIw UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIw
NTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX NTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IB RzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D DwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D
9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs 9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs
165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZu 165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZu
TtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDH TtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDH
dZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy dZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy
skipping to change at page 103, line 40 skipping to change at line 4725
IGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0B IGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0B
AQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3Bj AQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3Bj
JOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIj JOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIj
So27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9 So27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9
cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4P cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4P
GHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+u GHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+u
CDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UE CDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UE
ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1Q ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1Q
UyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6a UyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6a
qdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq qdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq
hkiG9w0BCQUxDxcNMjEwMjIwMTcwMzAyWjAvBgkqhkiG9w0BCQQxIgQgXYQxbGVS hkiG9w0BCQUxDxcNMjEwMjIwMTcwMzAyWjAvBgkqhkiG9w0BCQQxIgQgup+VC4mf
YbD1RRyrYjMaj8vm0wJceMeGDm9qv/JsQlgwDQYJKoZIhvcNAQEBBQAEggEAbtxK BVNHPJS0b9oKX/dVMKiR3JOz5AXfqv/YG0AwDQYJKoZIhvcNAQEBBQAEggEAJ2XX
BK0ie88UC9KGR0/nHIWpXJOnN1/tXtEWsLoypwYiw8XKgcN8zgZ06RikcGX12ijW xojAdRnBTCRahPos057TnArr1wju76pnJSWXK1flGWjEsSpHVro2t9LRKALqwTnX
Gz2wgA2yIRfnzWBvS6zmBc9r37klP8uhB0GgPrPFTtq+GeLn9hUApYQTb20HlSKM YLM1PbrPoMyivqfhFik1h1dR9J2aXisS4FfZB3jj1c8XkD1yZb8qTBBRQ4v17MFS
e34oCU7qv0lYFfN0sDlwxkha1X3AAg4QFcUrnLJRkYFWDH6XvxsHNiLznwsF/+B1 1bEKW4ecopbd67f73QhUvk3NGJ8Aq8JPY8yxKGgGH9bucecSGYAHC1745wosTs81
uNiPIi7rhKgG3oLYu4H8qGolM5H+gyl7+h4t8hUHZVTxZ6QyTO0K+D2JO8aazcor aaY3k5UwyHNxRjFkkQAsnMe7HAiVnwsDLYCDOXACbg/DOwOCFK9vzDYkD5HjnqK2
PgJsa85BUfcx0JXsixcqtLzTAfsPOAQBl1CUHEied1qX6nlMb2gCxP6psFEXPRGM wrhkTs1R4OZW+gWXPhFYClf3fMvrGZvr9rCwgjnwMvrpQjugZi5QGoi/sEdHO5T5
rxSLzwv5QtKJCaDfYw== edT2/t+0u3oJtCflrQ==
C.1.8.2. S/MIME Signed and Encrypted Over a Complex Message, No Header C.1.8.2. S/MIME Signed-and-Encrypted over a Complex Message, No Header
Protection, Decrypted and Unwrapped Protection, Decrypted and Unwrapped
The inner signed-data layer unwraps to: The inner signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="508" Content-Type: multipart/mixed; boundary="363"
--508 --363
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="804" Content-Type: multipart/alternative; boundary="f27"
--804 --f27
Content-Type: text/plain; charset="us-ascii" Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
This is the This is the
smime-signed-enc-complex smime-signed-enc-complex
message. message.
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses no header protection. attachment. It uses no Header Protection.
-- --
Alice Alice
alice@smime.example alice@smime.example
--804 --f27
Content-Type: text/html; charset="us-ascii" Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body> <html><head><title></title></head><body>
<p>This is the <p>This is the
<b>smime-signed-enc-complex</b> <b>smime-signed-enc-complex</b>
message.</p> message.</p>
<p>This is a signed-and-encrypted S/MIME message using PKCS#7 <p>This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses no header protection.</p> attachment. It uses no Header Protection.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html> <p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--804-- --f27--
--508 --363
Content-Type: image/png Content-Type: image/png
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--508-- --363--
C.2. Signed-only Messages C.2. Signed-Only Messages
These messages are signed-only, using different schemes of header These messages are signed-only, using different schemes of Header
protection and different S/MIME structure. The use no Header Protection and different S/MIME structures. They use no HCP because
Confidentiality Policy because the hcp is only relevant when a the HCP is only relevant when a message is encrypted.
message is encrypted.
C.2.1. S/MIME Signed-only signedData Over a Simple Message, Header C.2.1. S/MIME Signed-Only signedData over a Simple Message, Header
Protection Protection
This is a signed-only S/MIME message via PKCS#7 signedData. The This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a text/plain message. It uses the Header Protection payload is a text/plain message. It uses the Header Protection
scheme from the draft. scheme from RFC 9788.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 4189 bytes └─╴application/pkcs7-mime [smime.p7m] 4189 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└─╴text/plain 233 bytes └─╴text/plain 232 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
Subject: smime-one-part-hp Subject: smime-one-part-hp
Message-ID: <smime-one-part-hp@example> Message-ID: <smime-one-part-hp@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:06:02 -0500 Date: Sat, 20 Feb 2021 10:06:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
MIIMEAYJKoZIhvcNAQcCoIIMATCCC/0CAQExDTALBglghkgBZQMEAgEwggI5Bgkq MIIMDwYJKoZIhvcNAQcCoIIMADCCC/wCAQExDTALBglghkgBZQMEAgEwggI4Bgkq
hkiG9w0BBwGgggIqBIICJk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z hkiG9w0BBwGgggIpBIICJU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1vbmUtcGFydC1ocA0K ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1vbmUtcGFydC1ocA0K
TWVzc2FnZS1JRDogPHNtaW1lLW9uZS1wYXJ0LWhwQGV4YW1wbGU+DQpGcm9tOiBB TWVzc2FnZS1JRDogPHNtaW1lLW9uZS1wYXJ0LWhwQGV4YW1wbGU+DQpGcm9tOiBB
bGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NClRvOiBCb2IgPGJvYkBzbWltZS5l bGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NClRvOiBCb2IgPGJvYkBzbWltZS5l
eGFtcGxlPg0KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDowNjowMiAtMDUwMA0K eGFtcGxlPg0KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDowNjowMiAtMDUwMA0K
VXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0KQ29udGVudC1UeXBl VXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0KQ29udGVudC1UeXBl
OiB0ZXh0L3BsYWluOyBjaGFyc2V0PSJ1dGYtOCI7IGhwPSJjbGVhciINCg0KVGhp OiB0ZXh0L3BsYWluOyBjaGFyc2V0PSJ1dGYtOCI7IGhwPSJjbGVhciINCg0KVGhp
cyBpcyB0aGUNCnNtaW1lLW9uZS1wYXJ0LWhwDQptZXNzYWdlLg0KDQpUaGlzIGlz cyBpcyB0aGUNCnNtaW1lLW9uZS1wYXJ0LWhwDQptZXNzYWdlLg0KDQpUaGlzIGlz
IGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2UgdmlhIFBLQ1MjNyBzaWduZWRE IGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2UgdmlhIFBLQ1MjNyBzaWduZWRE
YXRhLiAgVGhlDQpwYXlsb2FkIGlzIGEgdGV4dC9wbGFpbiBtZXNzYWdlLiBJdCB1 YXRhLiAgVGhlDQpwYXlsb2FkIGlzIGEgdGV4dC9wbGFpbiBtZXNzYWdlLiBJdCB1
c2VzIHRoZSBIZWFkZXIgUHJvdGVjdGlvbg0Kc2NoZW1lIGZyb20gdGhlIGRyYWZ0 c2VzIHRoZSBIZWFkZXIgUHJvdGVjdGlvbg0Kc2NoZW1lIGZyb20gUkZDIDk3ODgu
Lg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQqgggemMIIDzzCC DQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1wbGUNCqCCB6YwggPPMIIC
AregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0w t6ADAgECAhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTAL
CwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxl BgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUg
IExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0 TEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQx
MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMI OFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhM
TEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0B QU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEB
AQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeN AQUAA4IBDwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41K
SiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+Ithj ImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt
LeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/N 4jse2Dqs165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S
kug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSw 6DgCReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCq
qpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQ lLqhBwDHdZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6
ury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwG vL/PGeWy6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYD
A1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWB VR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYET
E2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0P YWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8B
AQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSME Af8EBAMCBSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQY
GDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4 MBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXig
oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIu nLEynBakDKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6z
s8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2 yBZVjdaox644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYD
AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gz Bh4zE4Nar2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOd
nbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqH u+F2MVtluLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeu
rg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RH D9YSHjKK49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2
NrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcw tUpAr4vRhZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zAN
DQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg BgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
V0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRo RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
b3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNV cml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UE
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3Zl ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVs
bGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/ YWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9P
T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5G krYo0jTkfCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY6
Otz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnf 3PQWl+DILs7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K
itOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjG 04s+A8TCNO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMay
sgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/ CQtws1q7ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN783
N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ 6IPPdfTMSiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90nj
45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZI lsJLOwIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgB
AWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQM ZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAww
MAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIc CgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyX
l64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJ rilqkBDTIGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkq
KoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xii hkiG9w0BAQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ1
dfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2 9naIs3BjJOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaV
lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh WHg4eHIjSo27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHa
2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2I hiXRn/C9cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgk
JCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcB LD59fk4PGHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFX
VyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUx LJtBiN+uCDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTEN
DTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1w MAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBs
bGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/Qqmi ZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJc
XDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B OvT4as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH
BwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE1MDYwMlowLwYJKoZIhvcNAQkEMSIE ATAcBgkqhkiG9w0BCQUxDxcNMjEwMjIwMTUwNjAyWjAvBgkqhkiG9w0BCQQxIgQg
IHBk91pcJj0zJrTyROHOdfUnQMoctIHVb6WXTpS3gYxlMA0GCSqGSIb3DQEBAQUA K3lOLqVxzkFzTCjC4/0WD1uiOJZ/y8y2mKLDM5P/bj0wDQYJKoZIhvcNAQEBBQAE
BIIBABWhy/yIy9RLS3OdZZTlUNChBhzNHjpSSoL3v0JmzOHeYJVblzBgpyPU33Tu ggEAiWwxPK/j2eujuwSbftm7fHd+LZyXyhUhfrZghxdPZyunkZmQ+N4ARXGv0zqr
JALxlGuGp4ybO16yQREHMXNFZJkrqWcIAMZG/4tG7WIHXm0AGIcxl8BKKEpn8t1m yOgKhBdbd0pFO8sIfqRGvU2eQdvfFWTKz1Nt1UMGMUtTTA2Iua4+QcPdjX6At6k/
kiOO/NWzFY9TW1pYd/+CC7Q8Asc+S2Nd269HGrFFpL36r74Gt2xJDxn11N3coBh3 pp/OdEIuSLQHW89UkUfNEqYc8SjnhOaTMz7glWEM9jIXuWcmhtRqqsg+yYItvSbd
khaFt+p5GkqqrNUtfGeo0ifF+66x/oW9A/AtNE+iKwx7mEtukOhBgTXgyr3bi+ev eXktWzBWuVCzvrsO4Q3oR4B0Aohdf+qCeTOwP5grdU4oIadD4eq1o+OEZfmliN2N
sEQzWYVLyVS7TCsCM5A1LxHZHv5gVcX1EMTZi7rRaNKKEmUcA9vbJYBSOWlmR/o4 3dNYgd65gF0IXek3a1MMFh6AQF9aJz6451GqO1fwwwX2TtRnjXBY0ucY2Rn6h3PB
FeLYNUvUvFXvV9YCb/0R0pgp9Aw= GEyYkGT7mRMuLMxmHktDjUBiIA==
C.2.1.1. S/MIME Signed-only signedData Over a Simple Message, Header C.2.1.1. S/MIME Signed-Only signedData over a Simple Message, Header
Protection, Unwrapped Protection, Unwrapped
The S/MIME signed-data layer unwraps to: The S/MIME signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
Subject: smime-one-part-hp Subject: smime-one-part-hp
Message-ID: <smime-one-part-hp@example> Message-ID: <smime-one-part-hp@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:06:02 -0500 Date: Sat, 20 Feb 2021 10:06:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
Content-Type: text/plain; charset="utf-8"; hp="clear" Content-Type: text/plain; charset="utf-8"; hp="clear"
This is the This is the
smime-one-part-hp smime-one-part-hp
message. message.
This is a signed-only S/MIME message via PKCS#7 signedData. The This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a text/plain message. It uses the Header Protection payload is a text/plain message. It uses the Header Protection
scheme from the draft. scheme from RFC 9788.
-- --
Alice Alice
alice@smime.example alice@smime.example
C.2.2. S/MIME Signed-only multipart/signed Over a Simple Message, C.2.2. S/MIME Signed-Only multipart/signed over a Simple Message,
Header Protection Header Protection
This is a signed-only S/MIME message via PKCS#7 detached signature This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a text/plain message. It uses (multipart/signed). The payload is a text/plain message. It uses
the Header Protection scheme from the draft. the Header Protection scheme from RFC 9788.
It has the following structure: It has the following structure:
└┬╴multipart/signed 4435 bytes └┬╴multipart/signed 4434 bytes
├─╴text/plain 250 bytes ├─╴text/plain 249 bytes
└─╴application/pkcs7-signature [smime.p7s] 3429 bytes └─╴application/pkcs7-signature [smime.p7s] 3429 bytes
Its contents are: Its contents are:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/signed; Content-Type: multipart/signed;
protocol="application/pkcs7-signature"; boundary="78f"; protocol="application/pkcs7-signature"; boundary="54f";
micalg="sha-256" micalg="sha-256"
Subject: smime-multipart-hp Subject: smime-multipart-hp
Message-ID: <smime-multipart-hp@example> Message-ID: <smime-multipart-hp@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:07:02 -0500 Date: Sat, 20 Feb 2021 10:07:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
--78f --54f
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
Subject: smime-multipart-hp Subject: smime-multipart-hp
Message-ID: <smime-multipart-hp@example> Message-ID: <smime-multipart-hp@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:07:02 -0500 Date: Sat, 20 Feb 2021 10:07:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
Content-Type: text/plain; charset="utf-8"; hp="clear" Content-Type: text/plain; charset="utf-8"; hp="clear"
This is the This is the
smime-multipart-hp smime-multipart-hp
message. message.
This is a signed-only S/MIME message via PKCS#7 detached This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a text/plain signature (multipart/signed). The payload is a text/plain
message. It uses the Header Protection scheme from the draft. message. It uses the Header Protection scheme from RFC 9788.
-- --
Alice Alice
alice@smime.example alice@smime.example
--78f --54f
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Type: application/pkcs7-signature; name="smime.p7s"
MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
skipping to change at page 109, line 46 skipping to change at line 5014
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH 8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524 RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz 7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA3MDJa 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA3MDJa
MC8GCSqGSIb3DQEJBDEiBCAIw1Q7hUXhrDaz3lXMFP0A3q3nvlhWh9ejLg/g9kjk MC8GCSqGSIb3DQEJBDEiBCAfybSsej+1D6r16hb18FcqV4ucPU0CgwMlVVH7gTaP
vDANBgkqhkiG9w0BAQEFAASCAQAcl0M6ZwFAzFvsP+/siWSN0EM0YWxuOzvCmSWC 3TANBgkqhkiG9w0BAQEFAASCAQBwlRSGR8OZHFa+8cUc5th58+DiNkwKWqz4pWWX
0QwnAQ/dSwXcKMcej0wWMKTDTQSYBUjxFVE0chcK6FMH2gHDVb/PztWrSECmvh6F 0QP9uuxRZjE8Dtg7b88d0HtZWL98qAp+bjFK8ElktpuBiS5Nuiy+Zm3XnMU5GhCM
utJ2SRxs0uGrFkee3hR0kowuOu9pDXasLtWP2MnB5pSMWX5QMpya1UxYcbIoaUOx ywIPUAPJA6jvibT5fzYvMGV11RBmrTFNBZxxrJOAWfGfqf96vx9VajBVbyXdXnV7
Jeu5zjbYf/Oo2tINvZHP+r+wxQZ7qTaEzviQ+IV0KoJanfU3Qd/giS6MuySwozwP hnQCx8wsbIOrbRUUVJHBGqpx+j+bIoUmg3uKxOYkZFz9IShmq8fzsW/CVTBMLfoT
r3E7YAy3O9dZT7zL6AR5CsC1I0coo7X1PRNnBXXLMEcR/v5cXniGV+GNf8xYaiGA qle2y+4H+RlGioqz8Mvs+XXbL5MG1r5PGjgpa9hHxPKdbFQCoWIJMA6xJNKgeuoN
iT9IwijZa6psfTSFjzUWTIc0jGx3GcLZr+BIm+MEBCSRzDum rA3kHbrX/5Gn9eK8vE5eI6rpEurDGYkws6A9Z/tvsR7Gm9Ia
--78f-- --54f--
C.2.3. S/MIME Signed-only signedData Over a Complex Message, Header C.2.3. S/MIME Signed-Only signedData over a Complex Message, Header
Protection Protection
This is a signed-only S/MIME message via PKCS#7 signedData. The This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline image/png payload is a multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft. attachment. It uses the Header Protection scheme from RFC 9788.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 5647 bytes └─╴application/pkcs7-mime [smime.p7m] 5643 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 1570 bytes └┬╴multipart/mixed 1568 bytes
├┬╴multipart/alternative 934 bytes ├┬╴multipart/alternative 932 bytes
│├─╴text/plain 287 bytes │├─╴text/plain 286 bytes
│└─╴text/html 382 bytes │└─╴text/html 381 bytes
└─╴image/png inline 236 bytes └─╴image/png inline 236 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
Subject: smime-one-part-complex-hp Subject: smime-one-part-complex-hp
Message-ID: <smime-one-part-complex-hp@example> Message-ID: <smime-one-part-complex-hp@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:06:02 -0500 Date: Sat, 20 Feb 2021 12:06:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
MIIQRQYJKoZIhvcNAQcCoIIQNjCCEDICAQExDTALBglghkgBZQMEAgEwggZuBgkq MIIQQwYJKoZIhvcNAQcCoIIQNDCCEDACAQExDTALBglghkgBZQMEAgEwggZsBgkq
hkiG9w0BBwGgggZfBIIGW01JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt hkiG9w0BBwGgggZdBIIGWU1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1vbmUtcGFydC1jb21wbGV4LWhwDQpNZXNzYWdlLUlEOiA8c21pbWUtb25lLXBh ZS1vbmUtcGFydC1jb21wbGV4LWhwDQpNZXNzYWdlLUlEOiA8c21pbWUtb25lLXBh
cnQtY29tcGxleC1ocEBleGFtcGxlPg0KRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1l cnQtY29tcGxleC1ocEBleGFtcGxlPg0KRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1l
LmV4YW1wbGU+DQpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6IFNh LmV4YW1wbGU+DQpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6IFNh
dCwgMjAgRmViIDIwMjEgMTI6MDY6MDIgLTA1MDANClVzZXItQWdlbnQ6IFNhbXBs dCwgMjAgRmViIDIwMjEgMTI6MDY6MDIgLTA1MDANClVzZXItQWdlbnQ6IFNhbXBs
ZSBNVUEgVmVyc2lvbiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L21peGVk ZSBNVUEgVmVyc2lvbiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L21peGVk
OyBib3VuZGFyeT0iZTJlIjsgaHA9ImNsZWFyIg0KDQotLWUyZQ0KTUlNRS1WZXJz OyBib3VuZGFyeT0iYWI4IjsgaHA9ImNsZWFyIg0KDQotLWFiOA0KTUlNRS1WZXJz
aW9uOiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L2FsdGVybmF0aXZlOyBi aW9uOiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L2FsdGVybmF0aXZlOyBi
b3VuZGFyeT0iMjAwIg0KDQotLTIwMA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWlu b3VuZGFyeT0iMGY0Ig0KDQotLTBmNA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWlu
OyBjaGFyc2V0PSJ1cy1hc2NpaSINCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50 OyBjaGFyc2V0PSJ1cy1hc2NpaSINCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50
LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0DQoNClRoaXMgaXMgdGhlDQpzbWltZS1v LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0DQoNClRoaXMgaXMgdGhlDQpzbWltZS1v
bmUtcGFydC1jb21wbGV4LWhwDQptZXNzYWdlLg0KDQpUaGlzIGlzIGEgc2lnbmVk bmUtcGFydC1jb21wbGV4LWhwDQptZXNzYWdlLg0KDQpUaGlzIGlzIGEgc2lnbmVk
LW9ubHkgUy9NSU1FIG1lc3NhZ2UgdmlhIFBLQ1MjNyBzaWduZWREYXRhLiAgVGhl LW9ubHkgUy9NSU1FIG1lc3NhZ2UgdmlhIFBLQ1MjNyBzaWduZWREYXRhLiAgVGhl
DQpwYXlsb2FkIGlzIGEgbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0 DQpwYXlsb2FkIGlzIGEgbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0
aCBhbiBpbmxpbmUNCmltYWdlL3BuZyBhdHRhY2htZW50LiBJdCB1c2VzIHRoZSBI aCBhbiBpbmxpbmUNCmltYWdlL3BuZyBhdHRhY2htZW50LiBJdCB1c2VzIHRoZSBI
ZWFkZXIgUHJvdGVjdGlvbiBzY2hlbWUgZnJvbQ0KdGhlIGRyYWZ0Lg0KDQotLSAN ZWFkZXIgUHJvdGVjdGlvbiBzY2hlbWUgZnJvbQ0KUkZDIDk3ODguDQoNCi0tIA0K
CkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQotLTIwMA0KQ29udGVudC1UeXBl QWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1wbGUNCi0tMGY0DQpDb250ZW50LVR5cGU6
OiB0ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIg0KTUlNRS1WZXJzaW9uOiAx IHRleHQvaHRtbDsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEu
LjANCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQNCg0KPGh0bWw+PGhl MA0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQo8aHRtbD48aGVh
YWQ+PHRpdGxlPjwvdGl0bGU+PC9oZWFkPjxib2R5Pg0KPHA+VGhpcyBpcyB0aGUN ZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+PGJvZHk+DQo8cD5UaGlzIGlzIHRoZQ0K
CjxiPnNtaW1lLW9uZS1wYXJ0LWNvbXBsZXgtaHA8L2I+DQptZXNzYWdlLjwvcD4N PGI+c21pbWUtb25lLXBhcnQtY29tcGxleC1ocDwvYj4NCm1lc3NhZ2UuPC9wPg0K
CjxwPlRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtD PHA+VGhpcyBpcyBhIHNpZ25lZC1vbmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NT
UyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxvYWQgaXMgYSBtdWx0aXBhcnQvYWx0 Izcgc2lnbmVkRGF0YS4gIFRoZQ0KcGF5bG9hZCBpcyBhIG11bHRpcGFydC9hbHRl
ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGluZQ0KaW1hZ2UvcG5nIGF0dGFj cm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lDQppbWFnZS9wbmcgYXR0YWNo
aG1lbnQuIEl0IHVzZXMgdGhlIEhlYWRlciBQcm90ZWN0aW9uIHNjaGVtZSBmcm9t bWVudC4gSXQgdXNlcyB0aGUgSGVhZGVyIFByb3RlY3Rpb24gc2NoZW1lIGZyb20N
DQp0aGUgZHJhZnQuPC9wPg0KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFsaWNl ClJGQyA5Nzg4LjwvcD4NCjxwPjx0dD4tLSA8YnIvPkFsaWNlPGJyLz5hbGljZUBz
QHNtaW1lLmV4YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPg0KLS0yMDAtLQ0K bWltZS5leGFtcGxlPC90dD48L3A+PC9ib2R5PjwvaHRtbD4NCi0tMGY0LS0NCg0K
DQotLWUyZQ0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtVHJhbnNm LS1hYjgNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LVRyYW5zZmVy
ZXItRW5jb2Rpbmc6IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5l LUVuY29kaW5nOiBiYXNlNjQNCkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0K
DQoNCmlWQk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBO DQppVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFB
QUFBQWNFbEVRVlI0MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVq QUFjRWxFUVZSNDJ1VlRPeGJBDQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95
T3l3aXdZbkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oNCnNncnpmY3FW d2l3WW5DdGtES25iY0xrNjZzcWxUK3p0OWNpZGtFKzZLd2taDQpzZ3J6ZmNxVk1w
TXBMMmpvMDQ0N2dZRHBlQXJrK09uSkhrSWhBZlRQUmljaWhBZjVZSnJ3N3ZqdjBa TDJqbzA0NDdnWURwZUFyaytPbkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldS
V1JXTS91bGkNCnZkUGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQ0K V00vdWxpDQp2ZFBmMVFaMmtERDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0NCg0K
DQotLWUyZS0tDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaK LS1hYjgtLQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQw
tDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q DQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg
V0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3Zl
bGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gB
UCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXP
mrszyidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEF
XgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41ko
aZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX
+TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iP
sIVKarUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZI
AWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQM
MAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkV
fAEj8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJ
KoZIhvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtK
tl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3M
RsMtjH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0
LIZRzWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXw
fDz8A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyu
OfQsqm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3
QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElF
VEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNB
IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIw
OTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEX
MBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo
7sHUa4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+95
0MFz/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYW
Tut3SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfC
n+IQsaqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9
COgEykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIw
ADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21p
bWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAw
HQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwH
Fwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4K
kkOHG25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30Uxf
yrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HV
X524bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP
0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+
JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSz
NnEmMYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q
UyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1 UyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1
dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsG dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkq
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExv hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA2
dmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP MDJaMC8GCSqGSIb3DQEJBDEiBCAXURNXz0Mn7lPPDM1oQHdl876V7RbyfNsR/srF
6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp sVvmLDANBgkqhkiG9w0BAQEFAASCAQAjKgdecJe4TqYBPZ1hQzaeCGP+Y8kB5byd
1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6h wtkUDh91bAPCGiA7YzRjyWG/Yq4soSb/bRSpPRr3Jyzubwq5oBsnH9k1L2hVDinF
AQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXj Yeot2E1Aga5OZTjfS8URVY4IEKKI9hNNUpdnqoehQqm54D4LFnJiujiVrS2COHSj
WShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2 Z3Nr9SjeZ7ymKzThhsHaZTRJaloCxauGkf8EpeNJeoeNzae2PvcgomrO1aLW3M1o
lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/ Q3VqlsOfVsLElmS8hL0Mo08XXVs9KRWuBiuXR+fsXlODlVHwqWJVBR/5wOGLgfn9
WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpg bPh7G4quw8SDQNHb/qTjsWYfAfE1K2edTz5z1u0GPm9ElCiFUPsc
hkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0l
BAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyA
KRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTAN
BgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1
u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZ
ncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fF
o/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmG
pfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO
7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQIC
EzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChME
SUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBS
U0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1
MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdH
MRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOw
I2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD
73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aR
phZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65
x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL
270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8E
AjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBz
bWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIG
wDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCO
fAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3
/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffR
TF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9v
sdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkK
TM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4G
Wv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s
1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExB
TVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24g
QXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgG
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3
MDYwMlowLwYJKoZIhvcNAQkEMSIEIGbRm8jphDRUXRWIk4vxhAup+YZsmtrednWv
3iPoigWSMA0GCSqGSIb3DQEBAQUABIIBAEHG833PIy7iky9Ok2pN22fjSF6xtjlt
h1Pi4Eh9PSjQ5Rdrsv9pJFFsBhSLOXv+O8fwYfS1rUrgwsCVMO64zz5MT1Kj4Y4Z
a6ztE9weXTlciQydOWER6lV1BDP4GwUaz+BBCoKKB0DTHq+nPNo97XtTCUfo55Vz
55vmNXxqWQ952hzw+qxxTxKzdYApFd9cZYzvV4otZgtvZDu3sn6GWFCtVpN4+6TR
xClE93q+LZwvJyXFRFWHcKqpUfQ16ZAomBadrJ1RU3BmRXnC6DAI/J/yhm7OegdN
0Or/+EuyWAzp0r/GCsSGXt2owaAkGPuZf6kPc0mLhb/VFdeY16wy9J0=
C.2.3.1. S/MIME Signed-only signedData Over a Complex Message, Header C.2.3.1. S/MIME Signed-Only signedData over a Complex Message, Header
Protection, Unwrapped Protection, Unwrapped
The S/MIME signed-data layer unwraps to: The S/MIME signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Subject: smime-one-part-complex-hp Subject: smime-one-part-complex-hp
Message-ID: <smime-one-part-complex-hp@example> Message-ID: <smime-one-part-complex-hp@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:06:02 -0500 Date: Sat, 20 Feb 2021 12:06:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
Content-Type: multipart/mixed; boundary="e2e"; hp="clear" Content-Type: multipart/mixed; boundary="ab8"; hp="clear"
--e2e --ab8
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="200" Content-Type: multipart/alternative; boundary="0f4"
--200 --0f4
Content-Type: text/plain; charset="us-ascii" Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
This is the This is the
smime-one-part-complex-hp smime-one-part-complex-hp
message. message.
This is a signed-only S/MIME message via PKCS#7 signedData. The This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline payload is a multipart/alternative message with an inline
image/png attachment. It uses the Header Protection scheme from image/png attachment. It uses the Header Protection scheme from
the draft. RFC 9788.
-- --
Alice Alice
alice@smime.example alice@smime.example
--200 --0f4
Content-Type: text/html; charset="us-ascii" Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body> <html><head><title></title></head><body>
<p>This is the <p>This is the
<b>smime-one-part-complex-hp</b> <b>smime-one-part-complex-hp</b>
message.</p> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 signedData. The <p>This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline payload is a multipart/alternative message with an inline
image/png attachment. It uses the Header Protection scheme from image/png attachment. It uses the Header Protection scheme from
the draft.</p> RFC 9788.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html> <p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--200-- --0f4--
--e2e --ab8
Content-Type: image/png Content-Type: image/png
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--e2e-- --ab8--
C.2.4. S/MIME Signed-only multipart/signed Over a Complex Message, C.2.4. S/MIME Signed-Only multipart/signed over a Complex Message,
Header Protection Header Protection
This is a signed-only S/MIME message via PKCS#7 detached signature This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a multipart/alternative message (multipart/signed). The payload is a multipart/alternative message
with an inline image/png attachment. It uses the Header Protection with an inline image/png attachment. It uses the Header Protection
scheme from the draft. scheme from RFC 9788.
It has the following structure: It has the following structure:
└┬╴multipart/signed 5520 bytes └┬╴multipart/signed 5518 bytes
├┬╴multipart/mixed 1628 bytes ├┬╴multipart/mixed 1626 bytes
│├┬╴multipart/alternative 990 bytes │├┬╴multipart/alternative 988 bytes
││├─╴text/plain 304 bytes ││├─╴text/plain 303 bytes
││└─╴text/html 402 bytes ││└─╴text/html 401 bytes
│└─╴image/png inline 232 bytes │└─╴image/png inline 232 bytes
└─╴application/pkcs7-signature [smime.p7s] 3429 bytes └─╴application/pkcs7-signature [smime.p7s] 3429 bytes
Its contents are: Its contents are:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/signed; Content-Type: multipart/signed;
protocol="application/pkcs7-signature"; boundary="ba4"; protocol="application/pkcs7-signature"; boundary="a64";
micalg="sha-256" micalg="sha-256"
Subject: smime-multipart-complex-hp Subject: smime-multipart-complex-hp
Message-ID: <smime-multipart-complex-hp@example> Message-ID: <smime-multipart-complex-hp@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:07:02 -0500 Date: Sat, 20 Feb 2021 12:07:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
--ba4 --a64
MIME-Version: 1.0 MIME-Version: 1.0
Subject: smime-multipart-complex-hp Subject: smime-multipart-complex-hp
Message-ID: <smime-multipart-complex-hp@example> Message-ID: <smime-multipart-complex-hp@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:07:02 -0500 Date: Sat, 20 Feb 2021 12:07:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
Content-Type: multipart/mixed; boundary="b14"; hp="clear" Content-Type: multipart/mixed; boundary="550"; hp="clear"
--b14 --550
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="f1a" Content-Type: multipart/alternative; boundary="fcd"
--f1a --fcd
Content-Type: text/plain; charset="us-ascii" Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
This is the This is the
smime-multipart-complex-hp smime-multipart-complex-hp
message. message.
This is a signed-only S/MIME message via PKCS#7 detached This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a signature (multipart/signed). The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft. attachment. It uses the Header Protection scheme from RFC 9788.
-- --
Alice Alice
alice@smime.example alice@smime.example
--f1a --fcd
Content-Type: text/html; charset="us-ascii" Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body> <html><head><title></title></head><body>
<p>This is the <p>This is the
<b>smime-multipart-complex-hp</b> <b>smime-multipart-complex-hp</b>
message.</p> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached <p>This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a signature (multipart/signed). The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft.</p> attachment. It uses the Header Protection scheme from RFC 9788.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html> <p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--f1a-- --fcd--
--b14 --550
Content-Type: image/png Content-Type: image/png
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--b14-- --550--
--ba4 --a64
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Type: application/pkcs7-signature; name="smime.p7s"
MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
skipping to change at page 116, line 40 skipping to change at line 5344
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH 8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524 RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz 7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA3MDJa 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA3MDJa
MC8GCSqGSIb3DQEJBDEiBCDKNV54rM1AYevevF+c3DI/JjX14STIx3nsp5B95mHf MC8GCSqGSIb3DQEJBDEiBCAHedgXF/1PPCnjTbv4CNkHl6SU0FJSW9ykndUZcVnS
gTANBgkqhkiG9w0BAQEFAASCAQBWQxNUY6IG27ju4XS4aApRfPoBUjk6m7uUMIQF czANBgkqhkiG9w0BAQEFAASCAQCYePlJ3K4FtJC/4snTsO8l+p0qEkpFh4swjQTG
/VC9EpXLvWRkn6B9k7L9MMrMJPRKR03oCzimaPjTKH3JKTxdj0gWtb2eELmIaRWY WUhZHrdzb4kvHTCaoH5ShpVxZ4FOp1InabzulsB1P9m5xDvZveUMaCiC/qgSS+st
nOTaAK/3/h2dqMbPXYXgmWRQPsgFs42m6zWF4CH3YpurTvQC5gB0PSEPF0BOHdcm KdklsWANoTgTlAAGs9og6Wp5Nq/evf8XIYdQV0ZXavzASl/yylz2uHTpW1ETxTlZ
77bRs4AcPf1mfGThUG3YUNXuJ99BKb3Zz3lQiTohvhti9eHRYAMXL/XdP7TLiGVm fkgSqb8X/zRaVGoai20aVbmsIJFrVPIlkpgh+r8tbJOm4791cCU/8lIdreynoUKq
Ee7uoUREekXvLmj8C6B3z8fiTfiWlqENU7J2BkrVF0KgW5X9ANwhekNROEx6X05R Bsa2Y/uhoez/pldX/5A7Rv+JX2vdt71C2BZAk4166wvDhhlHf9pVCWXdKXSh99c6
NVcBYNKNxCxuKMbHcE47Ytt8AuV4NoDWk2yumc8T6sM0Wkue Do1TzpnakOm4bKSzPMXTrz1p5GcfDzO94kbNImkcdr8yAdcB
--ba4-- --a64--
C.2.5. S/MIME Signed-only signedData Over a Complex Message, Legacy RFC C.2.5. S/MIME Signed-Only signedData over a Complex Message, Legacy RFC
8551 Header Protection 8551 Header Protection
This is a signed-only S/MIME message via PKCS#7 signedData. The This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline image/png payload is a multipart/alternative message with an inline image/png
attachment. It uses the legacy RFC 8551 header protection attachment. It uses the legacy RFC 8551 Header Protection
(RFC8551HP) scheme. (RFC8551HP) scheme.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 5696 bytes └─╴application/pkcs7-mime [smime.p7m] 5696 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴message/rfc822 1660 bytes └┬╴message/rfc822 1660 bytes
└┬╴multipart/mixed 1612 bytes └┬╴multipart/mixed 1612 bytes
├┬╴multipart/alternative 974 bytes ├┬╴multipart/alternative 974 bytes
│├─╴text/plain 296 bytes │├─╴text/plain 296 bytes
skipping to change at page 117, line 39 skipping to change at line 5388
Subject: smime-one-part-complex-rfc8551hp Subject: smime-one-part-complex-rfc8551hp
Message-ID: <smime-one-part-complex-rfc8551hp@example> Message-ID: <smime-one-part-complex-rfc8551hp@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:26:02 -0500 Date: Sat, 20 Feb 2021 12:26:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
MIIQaQYJKoZIhvcNAQcCoIIQWjCCEFYCAQExDTALBglghkgBZQMEAgEwggaSBgkq MIIQaQYJKoZIhvcNAQcCoIIQWjCCEFYCAQExDTALBglghkgBZQMEAgEwggaSBgkq
hkiG9w0BBwGgggaDBIIGf01JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6 hkiG9w0BBwGgggaDBIIGf01JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyDQoNCk1JTUUtVmVyc2lvbjogMS4wCkNvbnRlbnQtVHlw IG1lc3NhZ2UvcmZjODIyDQoNCk1JTUUtVmVyc2lvbjogMS4wCkNvbnRlbnQtVHlw
ZTogbXVsdGlwYXJ0L21peGVkOyBib3VuZGFyeT0iZTY4IgpTdWJqZWN0OiBzbWlt ZTogbXVsdGlwYXJ0L21peGVkOyBib3VuZGFyeT0iZmNjIgpTdWJqZWN0OiBzbWlt
ZS1vbmUtcGFydC1jb21wbGV4LXJmYzg1NTFocApNZXNzYWdlLUlEOiA8c21pbWUt ZS1vbmUtcGFydC1jb21wbGV4LXJmYzg1NTFocApNZXNzYWdlLUlEOiA8c21pbWUt
b25lLXBhcnQtY29tcGxleC1yZmM4NTUxaHBAZXhhbXBsZT4KRnJvbTogQWxpY2Ug b25lLXBhcnQtY29tcGxleC1yZmM4NTUxaHBAZXhhbXBsZT4KRnJvbTogQWxpY2Ug
PGFsaWNlQHNtaW1lLmV4YW1wbGU+ClRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxl PGFsaWNlQHNtaW1lLmV4YW1wbGU+ClRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxl
PgpEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjI2OjAyIC0wNTAwClVzZXItQWdl PgpEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjI2OjAyIC0wNTAwClVzZXItQWdl
bnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjAKCi0tZTY4Ck1JTUUtVmVyc2lvbjog bnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjAKCi0tZmNjCk1JTUUtVmVyc2lvbjog
MS4wCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L2FsdGVybmF0aXZlOyBib3VuZGFy MS4wCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L2FsdGVybmF0aXZlOyBib3VuZGFy
eT0iYmJhIgoKLS1iYmEKQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0 eT0iMGY4IgoKLS0wZjgKQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0
PSJ1cy1hc2NpaSIKTUlNRS1WZXJzaW9uOiAxLjAKQ29udGVudC1UcmFuc2Zlci1F PSJ1cy1hc2NpaSIKTUlNRS1WZXJzaW9uOiAxLjAKQ29udGVudC1UcmFuc2Zlci1F
bmNvZGluZzogN2JpdAoKVGhpcyBpcyB0aGUKc21pbWUtb25lLXBhcnQtY29tcGxl bmNvZGluZzogN2JpdAoKVGhpcyBpcyB0aGUKc21pbWUtb25lLXBhcnQtY29tcGxl
eC1yZmM4NTUxaHAKbWVzc2FnZS4KClRoaXMgaXMgYSBzaWduZWQtb25seSBTL01J eC1yZmM4NTUxaHAKbWVzc2FnZS4KClRoaXMgaXMgYSBzaWduZWQtb25seSBTL01J
TUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUKcGF5bG9hZCBp TUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUKcGF5bG9hZCBp
cyBhIG11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5l cyBhIG11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5l
CmltYWdlL3BuZyBhdHRhY2htZW50LiBJdCB1c2VzIHRoZSBsZWdhY3kgUkZDIDg1 CmltYWdlL3BuZyBhdHRhY2htZW50LiBJdCB1c2VzIHRoZSBsZWdhY3kgUkZDIDg1
NTEgaGVhZGVyCnByb3RlY3Rpb24gKFJGQzg1NTFIUCkgc2NoZW1lLgoKLS0gCkFs NTEgSGVhZGVyClByb3RlY3Rpb24gKFJGQzg1NTFIUCkgc2NoZW1lLgoKLS0gCkFs
aWNlCmFsaWNlQHNtaW1lLmV4YW1wbGUKLS1iYmEKQ29udGVudC1UeXBlOiB0ZXh0 aWNlCmFsaWNlQHNtaW1lLmV4YW1wbGUKLS0wZjgKQ29udGVudC1UeXBlOiB0ZXh0
L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZlcnNpb246IDEuMApDb250 L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZlcnNpb246IDEuMApDb250
ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0Cgo8aHRtbD48aGVhZD48dGl0bGU+ ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0Cgo8aHRtbD48aGVhZD48dGl0bGU+
PC90aXRsZT48L2hlYWQ+PGJvZHk+CjxwPlRoaXMgaXMgdGhlCjxiPnNtaW1lLW9u PC90aXRsZT48L2hlYWQ+PGJvZHk+CjxwPlRoaXMgaXMgdGhlCjxiPnNtaW1lLW9u
ZS1wYXJ0LWNvbXBsZXgtcmZjODU1MWhwPC9iPgptZXNzYWdlLjwvcD4KPHA+VGhp ZS1wYXJ0LWNvbXBsZXgtcmZjODU1MWhwPC9iPgptZXNzYWdlLjwvcD4KPHA+VGhp
cyBpcyBhIHNpZ25lZC1vbmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NTIzcgc2ln cyBpcyBhIHNpZ25lZC1vbmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NTIzcgc2ln
bmVkRGF0YS4gIFRoZQpwYXlsb2FkIGlzIGEgbXVsdGlwYXJ0L2FsdGVybmF0aXZl bmVkRGF0YS4gIFRoZQpwYXlsb2FkIGlzIGEgbXVsdGlwYXJ0L2FsdGVybmF0aXZl
IG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUKaW1hZ2UvcG5nIGF0dGFjaG1lbnQuIEl0 IG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUKaW1hZ2UvcG5nIGF0dGFjaG1lbnQuIEl0
IHVzZXMgdGhlIGxlZ2FjeSBSRkMgODU1MSBoZWFkZXIKcHJvdGVjdGlvbiAoUkZD IHVzZXMgdGhlIGxlZ2FjeSBSRkMgODU1MSBIZWFkZXIKUHJvdGVjdGlvbiAoUkZD
ODU1MUhQKSBzY2hlbWUuPC9wPgo8cD48dHQ+LS0gPGJyLz5BbGljZTxici8+YWxp ODU1MUhQKSBzY2hlbWUuPC9wPgo8cD48dHQ+LS0gPGJyLz5BbGljZTxici8+YWxp
Y2VAc21pbWUuZXhhbXBsZTwvdHQ+PC9wPjwvYm9keT48L2h0bWw+Ci0tYmJhLS0K Y2VAc21pbWUuZXhhbXBsZTwvdHQ+PC9wPjwvYm9keT48L2h0bWw+Ci0tMGY4LS0K
Ci0tZTY4CkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nCkNvbnRlbnQtVHJhbnNmZXIt Ci0tZmNjCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nCkNvbnRlbnQtVHJhbnNmZXIt
RW5jb2Rpbmc6IGJhc2U2NApDb250ZW50LURpc3Bvc2l0aW9uOiBpbmxpbmUKCmlW RW5jb2Rpbmc6IGJhc2U2NApDb250ZW50LURpc3Bvc2l0aW9uOiBpbmxpbmUKCmlW
Qk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFBQWNF Qk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFBQWNF
bEVRVlI0MnVWVE94YkEKTUFnUzczOW5PM1RwUncyMGRxcGJmQVJRRWpPeXdpd1lu bEVRVlI0MnVWVE94YkEKTUFnUzczOW5PM1RwUncyMGRxcGJmQVJRRWpPeXdpd1lu
Q3RrREtuYmNMazY2c3FsVCt6dDljaWRrRSs2S3drWgpzZ3J6ZmNxVk1wTDJqbzA0 Q3RrREtuYmNMazY2c3FsVCt6dDljaWRrRSs2S3drWgpzZ3J6ZmNxVk1wTDJqbzA0
NDdnWURwZUFyaytPbkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldSV00vdWxp NDdnWURwZUFyaytPbkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldSV00vdWxp
CnZkUGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQoKLS1lNjgtLQqg CnZkUGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQoKLS1mY2MtLQqg
ggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0B ggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0B
AQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UE AQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UE
AxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0x AxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0x
OTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjER OTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjER
MA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjAN MA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY
60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6 60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6
kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b9 kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b9
7enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMs 7enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMs
wt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5 wt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5
skipping to change at page 119, line 20 skipping to change at line 5466
HGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40 HGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40
BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeq BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeq
AH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ AH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ
2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYTo 2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYTo
j1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6h j1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6h
noQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB noQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB
/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYD /AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYD
VQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3 VQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3
QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzEL QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzEL
BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3MjYwMlowLwYJKoZI BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3MjYwMlowLwYJKoZI
hvcNAQkEMSIEIPo6cfj2PNIuP7W8SRv7KpxepLUu9zPgalLeN0BNuSo/MA0GCSqG hvcNAQkEMSIEIJaCe/AYALXLZ8GDGBxF2yvHB9b3uwnKNIvWM0h3y2s3MA0GCSqG
SIb3DQEBAQUABIIBAIB0l2cJSO2iAJg5nB/+gal+wZn3hOPlWW6n8YQ957q/TxIj SIb3DQEBAQUABIIBADrTK0kKM1vxG/qmdbFxdKDBjyUXGDaOWqjCmq81OfRF88aY
Iny59ctj4CokVaRb3uAm50r1TpK1h1x/hse1MsZgWQ0ew+omUQQkJg3RLZ9R8wsv 37JerJhyUUsUPVCd73rlsjskMrxsA53c6ojOcSqj5PM7ZDhXCnGdEg4CiKjOAn1l
Ol8SN5WMNdiNSRNC9a3MFtSVPEOCt90XdQdQ2kqeRkL/fthatcF8gI+p4+pOP2+U C84LXG485qDGcJiQ0hMF/p/V2UguVdfVzPrCLPP2SCDP5BWfCLMII3k4sRVayUt4
dOfnKCjP9nPobyBcXkljv0pRriu7snqQi1O0I1aqd4VwocIm8YV65la0/9522f6e FwlYLvsXcRUbTlLZBoJrYvfN6sNOAfcbNwAMTu0rx1A8ZAoNBTbhAbpn/UiTd6Av
/4Zi30oBLuIz1+pT2z6frPzUJfd6UbGtSiAwRHyfIJHZ2PAYt94iMv7U0VmK3GmJ YFcisTSEIuZ+oGRyvU3n/wBHp9bUonKVHuNYGYKgycuXowwVx3D3j6+h+XEBOFJE
TkzFm1if4dpFLofdkEtUX8Is+DPf+/ZB1MvrrQk= KTaTKY4sz4qH+3UWjytqrEisWQW0JkuzVOa0dg4=
C.2.5.1. S/MIME Signed-only signedData Over a Complex Message, Legacy C.2.5.1. S/MIME Signed-Only signedData over a Complex Message, Legacy
RFC 8551 Header Protection, Unwrapped RFC 8551 Header Protection, Unwrapped
The S/MIME signed-data layer unwraps to: The S/MIME signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: message/rfc822 Content-Type: message/rfc822
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="e68" Content-Type: multipart/mixed; boundary="fcc"
Subject: smime-one-part-complex-rfc8551hp Subject: smime-one-part-complex-rfc8551hp
Message-ID: <smime-one-part-complex-rfc8551hp@example> Message-ID: <smime-one-part-complex-rfc8551hp@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:26:02 -0500 Date: Sat, 20 Feb 2021 12:26:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
--e68 --fcc
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="bba" Content-Type: multipart/alternative; boundary="0f8"
--bba --0f8
Content-Type: text/plain; charset="us-ascii" Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
This is the This is the
smime-one-part-complex-rfc8551hp smime-one-part-complex-rfc8551hp
message. message.
This is a signed-only S/MIME message via PKCS#7 signedData. The This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline payload is a multipart/alternative message with an inline
image/png attachment. It uses the legacy RFC 8551 header image/png attachment. It uses the legacy RFC 8551 Header
protection (RFC8551HP) scheme. Protection (RFC8551HP) scheme.
-- --
Alice Alice
alice@smime.example alice@smime.example
--bba --0f8
Content-Type: text/html; charset="us-ascii" Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body> <html><head><title></title></head><body>
<p>This is the <p>This is the
<b>smime-one-part-complex-rfc8551hp</b> <b>smime-one-part-complex-rfc8551hp</b>
message.</p> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 signedData. The <p>This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline payload is a multipart/alternative message with an inline
image/png attachment. It uses the legacy RFC 8551 header image/png attachment. It uses the legacy RFC 8551 Header
protection (RFC8551HP) scheme.</p> Protection (RFC8551HP) scheme.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html> <p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--bba-- --0f8--
--e68 --fcc
Content-Type: image/png Content-Type: image/png
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--e68-- --fcc--
C.2.6. S/MIME Signed-only multipart/signed Over a Complex Message, C.2.6. S/MIME Signed-Only multipart/signed over a Complex Message,
Legacy RFC 8551 Header Protection Legacy RFC 8551 Header Protection
This is a signed-only S/MIME message via PKCS#7 detached signature This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a multipart/alternative message (multipart/signed). The payload is a multipart/alternative message
with an inline image/png attachment. It uses the legacy RFC 8551 with an inline image/png attachment. It uses the legacy RFC 8551
header protection (RFC8551HP) scheme. Header Protection (RFC8551HP) scheme.
It has the following structure: It has the following structure:
└┬╴multipart/signed 5624 bytes └┬╴multipart/signed 5624 bytes
├┬╴message/rfc822 1718 bytes ├┬╴message/rfc822 1718 bytes
│└┬╴multipart/mixed 1670 bytes │└┬╴multipart/mixed 1670 bytes
│ ├┬╴multipart/alternative 1030 bytes │ ├┬╴multipart/alternative 1030 bytes
│ │├─╴text/plain 324 bytes │ │├─╴text/plain 324 bytes
│ │└─╴text/html 422 bytes │ │└─╴text/html 422 bytes
│ └─╴image/png inline 232 bytes │ └─╴image/png inline 232 bytes
└─╴application/pkcs7-signature [smime.p7s] 3429 bytes └─╴application/pkcs7-signature [smime.p7s] 3429 bytes
Its contents are: Its contents are:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/signed; Content-Type: multipart/signed;
protocol="application/pkcs7-signature"; boundary="a61"; protocol="application/pkcs7-signature"; boundary="740";
micalg="sha-256" micalg="sha-256"
Subject: smime-multipart-complex-rfc8551hp Subject: smime-multipart-complex-rfc8551hp
Message-ID: <smime-multipart-complex-rfc8551hp@example> Message-ID: <smime-multipart-complex-rfc8551hp@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:27:02 -0500 Date: Sat, 20 Feb 2021 12:27:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
--a61 --740
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: message/rfc822 Content-Type: message/rfc822
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="91c" Content-Type: multipart/mixed; boundary="cf8"
Subject: smime-multipart-complex-rfc8551hp Subject: smime-multipart-complex-rfc8551hp
Message-ID: <smime-multipart-complex-rfc8551hp@example> Message-ID: <smime-multipart-complex-rfc8551hp@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:27:02 -0500 Date: Sat, 20 Feb 2021 12:27:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
--91c --cf8
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="b87" Content-Type: multipart/alternative; boundary="e8a"
--b87
--e8a
Content-Type: text/plain; charset="us-ascii" Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
This is the This is the
smime-multipart-complex-rfc8551hp smime-multipart-complex-rfc8551hp
message. message.
This is a signed-only S/MIME message via PKCS#7 detached This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a signature (multipart/signed). The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the legacy RFC 8551 header protection attachment. It uses the legacy RFC 8551 Header Protection
(RFC8551HP) scheme. (RFC8551HP) scheme.
-- --
Alice Alice
alice@smime.example alice@smime.example
--b87 --e8a
Content-Type: text/html; charset="us-ascii" Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body> <html><head><title></title></head><body>
<p>This is the <p>This is the
<b>smime-multipart-complex-rfc8551hp</b> <b>smime-multipart-complex-rfc8551hp</b>
message.</p> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached <p>This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a signature (multipart/signed). The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the legacy RFC 8551 header protection attachment. It uses the legacy RFC 8551 Header Protection
(RFC8551HP) scheme.</p> (RFC8551HP) scheme.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html> <p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--b87-- --e8a--
--91c --cf8
Content-Type: image/png Content-Type: image/png
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--91c-- --cf8--
--a61 --740
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Type: application/pkcs7-signature; name="smime.p7s"
MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
skipping to change at page 124, line 5 skipping to change at line 5686
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH 8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524 RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz 7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzI3MDJa 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzI3MDJa
MC8GCSqGSIb3DQEJBDEiBCAYyptCVBhIbjLhlQOKunV/81vEiJSGLmos08/AoumM MC8GCSqGSIb3DQEJBDEiBCA9qnCv8hrAl02HDXOOfVNCH7ucDtJ3vYdKv0vdCnWz
FzANBgkqhkiG9w0BAQEFAASCAQCSBglwkJFZNTXSwtDjldQxDo4n3twmJl9VyZSO SDANBgkqhkiG9w0BAQEFAASCAQBp4hNammJHK5hpd7ha6lzKahf9hoZZS6TPNUCD
AlO0EiVW2+9Tqu06G+mTSePraLq4L2BvutQ1rKW9jVXJXJ8klx3Y8aY6TGvJ5/RH plGKSjV4XN7pLxDu3wXAuzon2zV0FxeA1MG6gZgdSBy/5nGivTc/NBOmXJtlNOUV
3GpwQPjfjauEVAplxnIeLdtUbwJJvaColBr6bPHUibtvXS14JqfHvEu7uTgHlxpv 6b+IiQ1ZgJcWG6R2Pi0bE+NfadPhxvekgmCNTNl0jHQkXn+ABstolOZ+0QnY7TPe
KFZ/VEXf+Lx62gINfpie22d6UC3Nxif6EwPEDLmIjOYILjfMf9McQ2KzAPr6t6x/ 6JoT6HHamKbV0L1/gkEEQtSvOkaDaZllA+if+Qkb6xus1QA3FGzScPpcryTvupsO
hrz6NDG3LeTeLegQ4+onLotaBFsa0QPat0nSFjcaH8j9hFb4RB4avMbT1/5nRR6/ wNIlNwiRTT1Kvk7uMxJkWTvfZnWh2UOh7lJAkXbRfMwXwmnVnVooCFHWWpUBVPnn
B49YO28fRuAztMvesvs4M8kW6DAJjYj2fFAgT87CdWErzM7r URqYcZhz+4DJc9iim5CqXRZzIF6t6fioS8lCBalaWRy4AaEJ
--a61-- --740--
C.3. Signed-and-Encrypted Messages C.3. Signed-and-Encrypted Messages
These messages are signed and encrypted. They use PKCS#7 signedData These messages are signed and encrypted. They use PKCS#7 signedData
inside envelopedData, with different header protection schemes and inside envelopedData, with different Header Protection schemes and
different Header Confidentiality Policies. different Header Confidentiality Policies.
C.3.1. S/MIME Signed and Encrypted Over a Simple Message, Header C.3.1. S/MIME Signed-and-Encrypted over a Simple Message, Header
Protection With hcp_baseline Protection with hcp_baseline
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft with message. It uses the Header Protection scheme from RFC 9788 with the
the hcp_baseline Header Confidentiality Policy. hcp_baseline Header Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 7825 bytes └─╴application/pkcs7-mime [smime.p7m] 7825 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 4786 bytes └─╴application/pkcs7-mime [smime.p7m] 4786 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└─╴text/plain 329 bytes └─╴text/plain 330 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <smime-signed-enc-hp-baseline@example> Message-ID: <smime-signed-enc-hp-baseline@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:09:02 -0500 Date: Sat, 20 Feb 2021 10:09:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
MIIWjAYJKoZIhvcNAQcDoIIWfTCCFnkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIWjAYJKoZIhvcNAQcDoIIWfTCCFnkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAERRjmiJrN88aVGFS2yaskouoeCwZ++b+Xx4 Boq0MA0GCSqGSIb3DQEBAQUABIIBAERACKkMFfCQBEXqsSFRAOfaa0UcrVI6fcuB
pJQ1bIG5PzkUkiAqDWKhdwAJT+f74rJIneIhgYQkL1NWefgCuO7UBT+ciHEBDEhP nsfnksstYg/+DabeHHBueVpIuTr5Zqtj8kQMK8hWRoA+yVhA85aZaRadcywsEn3O
+3jciOFRP3Hnynxdiw6DpGaUfyyk9WnOGjePADIipvHDkRJXWIuuHFCXpQPQthB+ oTc5vD6m9DBVOIpK2vhT+aYWJr67cfzlxJgVdRi6Pf+8g3c0oi05fMA17pPCUHYe
mwYuv6G5Wm9MxHSpAid/UXMkUAYK2zkVMSoDM4BfG9TpmIUqjBm+uo0d3ZjIIcAM //VSeW3cdaMGgaqFamqL+pOi222Hp19p+3Q6zYRUJ5Y1cvD4aOKzaxw0RcWvFg//
wzDMpEEZyZc3ZO7jdC7DC1eQBm09co/RnhwpI56kEp2rtQqmRi1waXS3jqHf8EeC KYuy1q6Fn0utZAhoEfnBtEp71fSI5LugUdj3tx3NDfrG1MLJHbBsELqawuWrcvmv
u/X5xskoJlVakhdHteSMObqJ1v0cNnsSMYbHb3TLQRF+BhPIWt8wggGEAgEAMGww BbewMWR5BYcl1/DQgbGFSbB/yoqBPkpC54A7PP2MXfb97SEquY0wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAURM6vJvmBdyw0kwK73GhkCBT HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAL7PO1rb8J7CwZ+vEvIROxpiZ
DN26jSUwPbZg9MYXICPROANV4oU9gFTF0E/CA4JzCPhPeIyqGA9KHWEpEr9dljFg on8lc1VRHaE2tthLu8WOekoAyQtPv11edZgydCRbXr++xY2CvOiaE3+jdWrn11am
HwFIg+jo0VVqa9yHyQ3NvPN9Bmm2fc9JFc9hCj9id/35tEfCVO8dUw2KctQaEPKD khzFkHpfEna4o91BHoNoipvl4vuLp7B+s2Dxymwctv1sZYkcHjVC8Eh1SH/43JMY
OvoJfHrq54FwbCW5u+I/QszuN2U95gqNXg4R3GD3NFgB5vtUPk/hV26H5n0U98Wk 0TJkBtkO1nLDWTVfVePC/ydbFaXqtgN69SiN03GjaczhHUTuZbKJX41SbGqk3XhH
6Fqd76iQbY9SbqOqxQpdbDcNwdDWYHPDoyuXmmsgGIyCn17PdTcEURrPTCS059OL iscSIrS/QIdK9arBEP7Vlr7WdvVdfAfPEYZvRRrogzZJ5TE95Aes78+kaQO5wJRq
oPJy7h8LA9QLdOjg31nF7sXtsJriCIpJ3CFht0fRdi12dVMevhTx3S0cQK1lVDCC xSCdSgw1M9jcHUrUtZ0kk/pGvs2aa3oNtkKj/7OMDi64SsWwEdiTVsHob5foyjCC
E14GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEECsbOPK1Byo8Yr3SVUeSGAOAghMw E14GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGYCTS4JhiRx+ufWgp0alQiAghMw
Kd1hOujWtOvKraLc85HbQ5Lx9Z64dro+3EJj7zNUjPx33hYU+m25DXgdjB+ZsA2Z GgBNjWrIh5GY9ElDx5GWJxbUaCM77I6Q/NAYPVQaM73L5yCBHNEekbAFMFmZF8k2
1QtUO6MvLqsJKjC1Z9n3yrMc7gsom8PjF2KAia6F9x43EyNv7hagnPvawqKEFPCp bYgLyBCp2PcL6BhSAQiFAvDUN8KYTKHYqaz0cwK2C9EgUi1dBtQ7VB+xPvTXZwSx
QLF3TTLs12i8rIcn8FwjrDlMqSmVlBIz1dvLD9JKiOKQ4IJxl6OjETniZvFZgsRJ 0sPOiv6keO2FYeIDEnT56jnD2b+JkW4/dwsgBVju3dtPsVR6bIRHICTrk0thCphg
/PXZYzqq7cWoymZrPSX/UksUFr/8pc2AyQR0Ly3JvDZQ+3EykHcXQgRzqtT8TYyN 0kUPnjefdDmQh0kCkp8XuN6M9ZTwamzR1gn4ZLXw5LArZ9h7P1yNKZvdoR6D+510
HB0e+Feo65sjxYQvwMYJJeMRjzercDgAwqYQ3XGroFtDTw+tDJdhIR8/yuXHeWuU qo6IhBR1fmi+uF60m8blLN8TBJ9y8dt+UPQE3XD2d/r8YHvrItCJD1hse56J3WqG
8PxAnaM1QnoZpRvHdIn3zLD6BalgMW98VSGFL54HQL8P6O888LxBvstfl5lTEyev AAU3dlks76PcxUzECQPmVgdzfWYmQ+ygCnxqIWanRbDsOY9DG0FoozWLbRG0yTsT
EnOUwa6Qx+B777Lzt9n6rvIrJQ5T+rIXBhH/U1RfOQtMxfZC5tSc3Lux5LPDSGdc awwlH8si81FJPUyqiKRSdhufVMHIQT/rySSmfB2o6r6Z5p60x2sqY5csYemPrFq2
c5rM2nh26JCEpoY2FjdrikIJOBK+NUdkyu/mlCmjCFO3c7jQm6Q7JFdpG0qmjoQy YWp5wCv/nLTkcAbvuCohR22XSlz9n0ihuTQbH3d2vDsUQzbX/7RrPNPOKYLPNZXu
gZo8VL4g6gxq0mlaOG+pYK/3QUBAampxnx8kJ9zQ2NdVBEjdRxk7JD5fqVWa5tZb O0XEklYC0IwMMJ4CUGtjgOMalOEpeePuURmXzQHg3704w4ESSiCnmVEVQCLEwgQu
RV4IA6bm+mfZzAviibnXI55m6E07wOfHHm/b+KKUmyB17WeKvNm3Z3iTkOtViqun 8A1r9P97aQaVV4vvKEtLv2/RpRr5BXY28Kcer/2HQFUJ9nBpkJf+ItZBicO2cab5
tZnXjyhVA9fGdwaNYs6njkQSuwQjGmjmLtokR0dh6LMOXg8cgX6us34BHfP0yNe6 o0JelZdoPL6aDwy4eDLVS+SMajO5bQLYMKaTYfcP+nUdYZ5gLU9qBcqRtIjQ5qdB
HUzXhL0wKLQmTuvbLBqZRcNZxVgeSNRViL/n/O8DlLn3kXJpNL+1WUJZQhBLXVIk WH8XhEEiBPZYYHhvBidaK9EovTOJ4touEgOG0iaWoRa8crQgryKR/cnInZ1pWpfd
T7Fucb02kDhDXufsjRed/uMizdX6lNHjRFObGARZp/SD6rn3X+WzJV2BwX8xpEph kmeJ0+NJSfstOLaHhk2x1fiq0KklryMAF9ORN2iZvtbOdr6zv2iR548O1XuN0Q52
iEr6I9hrVDytdoBFsGt/z9FVM04kwp+n6U02ipikVQdKPt1CpsBYkBzwfDaPFOmS ZmLQnWdqj2CSXvXi2kPHz+/1dn/iQl4oXAnDMbvm0QcJxvflFg1zQzRsTwvoyiRn
kbwuLZhZ1nj3tkAzv9sx5a/z71v92S7LVHDycnUcuvNK4AZB8wZvSXz/8WPxwk3O RBUdbsbGBziZGqg/vMaVnZF8yUl6ADxzqIf5rM/iV76g7sscLhX5Ewcj618QKOgq
zmdeeSsn6dyZ5Q9o203Zq6/7k9YhkYD3LDS3XWRkpJMfNmjDL5WEr5ifxVrIq3KM n3nGxBd2xuEuX0pv9tS0mRi81qElRUboHV3/HhRnlTLs699fLFOAJMcke43a0jHF
MAEOs1tqfBMWF4AeA0KOoHa9NAhzLCMsfxNEtXd7l8Ur2JKkUGxtmCKD/3ep5e5S NOECszVjwdXfn9JwlS6ZwWGqtDuCB4qPGjVttiPMn3iWIbWC6y5mtgaJBBAcGMaT
smIS/Ty3aD47LQYD0kjWhvTnQF61v0vQHrEKLmf7rlrnAwL2fEwfnMvNZTTiTN4I DXcojNrR3mUEwFmWFZKb/3cn2mzmB26JU9qbfyZrFxvXFPF0EYzqReHSkQLvwnqu
nfL1m49CxxzffSvlOECTlKs/RZq7JxcfvuW4qN3yjMKy1dwtRZm9pU5+R0p2Hn9F IqWm1ILBuIsLICSUrJw64e+k+qBgqg7lKhTywECC/0D1bjKntE7R7eeUn5IGs4Xd
C4nZQ4Dre2cPdM1JmvimOnVEyc37O3Mi7hF3Nuf7H2j0g4yTMu8Tuk+8J0OKukQD dLdr0f/UkDhIqIAkn67CnIZi+miCszlk+l8uzIAIM6Vux3a7rXYVcJdSQg59tWFN
dNz95Bzj89cCb9FJyq5h4Sk+TeVqJzhONpL0Q6f7xrJeJZVefq4RhMMtfFYgNAeZ mmqdx9BT/bZok1Ijo2qG6JI2EIIjuvD8ufW9LYl2QCNuZ+Qn8S5b4gbRDKZGf9fG
/G1f4xHGXFug9okJXFSZCcoLYv4qek5OjJrbWM3GeY7lj9ClxFbs0bqrtBXAImul vD2G96t0C8QpnUmVn4dI5B4plXYo77SrvMAY85GOtzha6HCJdIA+5SMxxIF/Qpba
60G7uEJdsFR2wBLyv6i9lCwAVKeBSJx6FdfzKzRqsHYUFsMVeNw3kYPbbsXyj3Mx TBinO2Z+4dxTJvbIJpQzZfMUQP4DCJxphpaALMiBxgVMM7FxPn4hpwUUAiu8juQP
PLCrB8lP71NHtIEHPkKFgTPvEaVWzXMvz6YA0g6mKxVjI8iVFSE6JBJHtaTX49kJ GRh/PRKTB+ZjdzysiCYBPUlvd5BO/aM8uhu0CqOal9oA7bOXznd5PyJOBrkac94x
w2XXS/eI4DD8y5exJVt1Rb6l/88eh9IiN60UXbUXmtDm/cKnnMD3Nt4H0weIygvU qXCwhwu72jYrt0YFmL9RbpXMZSh/fTGq68NY7j7NOMdlFS8P7Si1Tdfc7Q8fh4MW
BHMVw3+p6Uoj/E3lDExSGIX1BTveRZVGz11AOaz63UGz18KCzOhow+XJrLILJlnH w/ODenQPXTRKJ8NTYk7LntGM2NKrUS+e1kjaAwCk/F5fRieF6AkbVkP/vFDQYTui
8MLEF/BarmHe5+O9XHF8otpOYPmdhL8RnFfvtStTthxhp2smd5IIblm13hj1CuV7 oQM9LlGW85TIihO/WDWJYzRQCoigVVErwppjuwSDztFtQrtfCFbOVx4sAfbYoEt7
KTnVbyBxKX9utmIRmlSyOdvAMR2+jzloNCUTzWYCu2/IcYw23gW44pFQdUosKmyf NTVg9V/elgTgAwrzowT9jMmZIDnkAzQ1Y46sD20BhjgxU1YwWSIhKyo7EP0xszPX
0gyFSNQVQJ+CKADEID9sHWm7yBWkkNEk5jExDn00qyU6B0Wr0i4RYY/J6LrQGMWG DTo9fY5ybayhkYQ59gQcb0mrwZ8q9C95FFxxpA0S9Yee5++j5+RCSosvYIHw5Piv
YliQtmyVOfhDjzUATEAGumxVBWbCycDAl1DsEp0hSckgowk8aTlXo6tWPeXv5iMq Rge1Wm1U3SG0BYQENLqYB+G39va0T5yy9lusVMiFnJ6CVGGNufLXNjpCXaNQLfRX
bCfxUGLY8gmHEf7n+v2yLoCJmZSyTMT0Bh0PjINnNYRWQnsdR+CELSxgmbE651K2 shYBUoUMwt0R9kpBDDg1tOwqHWoh0iG4X8Iy+cLvna2thFv8u94/Riq5pUn1sbC6
abaYEX/jBZvCvgILPuAHF14WVVHj/BbfMZTfxTRSnjZIKhcP32Bk42WIuo+Hkhtk wxyu6y0vBdMLx0fm0fP8xyPnBCiG/5WeziARqdAaH8sGp3Q7qc/YApnlIQevCU2b
sG6xsLi614VAqqtRvpDzMK+HsK8YmyCT53d0mb9JEokmuOV4GaMRluaeBGxV88UK OlIz6t7dLve9HyYlvIv4pClPWi6AZg/un4Rtas2HuLAndrNV7s55sOFH4BvdGP58
t0tTQB1VZ+/kcSy7SBBuGtNz2kSapRDUjWgXnWDzMdQeMc5rI16WeCRgwVTiRBRb 3fR/M9ITOVjyiT3bUit+5qE7MvpUqdxfsdC3SUaPxFJ17khGiimV0gC+x+8YTicE
EWrsrPtG5u/krSm/wwBdd3m9VDOmlTj+lUoH5+OXeReZjb0se7uQt2W/V/IWpGMy JebKrihVAosyVVWZpjCIa4hjdMpVgUutyEgVNov9XFoWcNxMb8f5IAgXvNKMsvpN
EK/M/rThL4q8JjY3SNmlzYv9mtrUy+eoFgf+efOiGSfCynfnK4A12K9LPFvaPnS3 FMoAfeT1MSj3tM5jdWliV0P5tU8WtlFj3hxixZPaz+w2SykOrHoyoDjCWpXifZ3K
qcTH4FVjufs4THAfCp5rEoaefUzEY12DBYdLVTNMfKr517bnCs4wp82XGvf4kHJS CVgGghueWgLglwuja0FSkvZbq1AiVy6ebtbkx/q5o/jh91oTa0SM2MupcHrHg3Z6
y5tM/H456uv1wQRDNJQ321Fbi6xkCC/KujRMYsDsfLgo0VSlKi+wVOIH5cvpem57 SB6ujw7BlBXWqcNlMMJQS6npXCWsleg8iHQRdTuDGabxuBJmVf6I2mg8Ev+Ki7C1
cKrgBwNyUYtk4l/s6tlSWNyDQvFYqCrhN5TEHu+JWCK7poGBdCLzUTtSHJeMOH0x KAHfAAhHp1E13DXf+E8eHVEPIemv3YeY3ldBVI93+T5V823yYwqwk5PfWZ+fPo+7
Jr9K+LiBnscmgDstq67x0rLwhe3r4PM8OcgSuV+Kz91j23RtksSghpeWe9vxCnkx lBoq8IuHDu0fpwh21b6iNKEODvokXOPwkixLB7KpMpl9niCkdVwtj8CJJzLD6CSR
NsZ/ZddX8ZdNk7uihJZJ/M9/DWEGx4Y12Mk5XI0Shb53ZmlO3KuLlkN7qj8mdOp1 ctVnGtFua77wOMEu1wvlXWuWz2IT9a3aKGyciLrgz/CsTmJKWSIoc/f+u6EnPf23
3tfr/FB82zXo5Hk0C7U3Nej9gmqr6SO9kSxwqPa04om342FJuYVZgsfwO09gSM11 hYMpMxLI46I9VQVcxaX5YD20ywMxTmN2fkGQdoyxa5pAhN75+iBeYH9J0+B+bYHo
Z5bYKrQ2ml+/oRawRLuU03fCM2tV+thgi8M9SIwl3FUZnGevyuGyudbktckRa4FF HJX9UiEs5Ja6vu37SVje6RqchkLrrXLyock/uTB0pCqsqJaZoFaVC8M1T+jTw8ro
wGkERAzpAag836wt3zUWbP4WyZpY0u6soeARvaaeYHpxNW3G8nI53fhwKlHeK0ac +mioqKVi0JeH/Wn3yhCEHQ5AY5n5dB2OMdPe9BZQ9zzr/WdNx1/xs/FpRj+ggpql
geqC9Z7zdkDZRL6gqDjqZjU+sQZDoFPIRh39zC33YkOVm/0CRg02NSIYQ7C2tgxy 1nEerBbzG9uJQOneKqRLYActvZ3zhe9X7Sl/jS9+pFLLtO2tnRNe/edOunZHrJVt
uE3UO6V1L1wbXcBkEJQ653/JYqUkLAOZ3bKRp7FhgJBblLg+Qe1dvg5zFPoOBRDS pb19s+WtaDVez/eRUbjkgdjlBFtfYtFtcldKJBjLO9KiIkLecj49cfZHr2pcXeZS
b7RNyc5ItAJnciqpH5048PvvUgNwY8fNuKojNeK/9a1GLiE9YBeorWVb+rzkenxi pnMu3vv1mjapHAbqIvnEnf/jGxGFIiWKP3jeKjgjv7580R3YpNQ62upOe2MP+HAw
OgfS0LdgszpxfYs7ag/y4LGCN7IOa3rZ2Kshkq0uD+TUbcdni0vWPVco0Qa9VPjC 3nhYYNrLxD1eFT/TTiFwOfVpvrVuL3vFfJBXVFWyaokM4/sLN4E2EfJ9kdgBVS2Y
UVlyypzJdT6cale8SLK75/ABiIo8SEuqgQLbz+diq+AEPY1TlDW/isd9hCGDexFq RmgXH3/EBYjJzicoVcvb799rXkbfu5LymXGteMZ+XeTDeYkLrx490E4FYmnQFlQX
ZrPY/rBXLqA43l+EwqfCdN0lZLOaEvCJ3T71Fwt0JoW+/nn5iG3qfj87mzGbMLK2 Grx2cqtzLPe4aVFekZndq0zDenNibLpv2PGL1cJy3mL/FEM85phjxe16wXM/aPcD
wEzxxJnFYW9w5IWjL/YlplPRnNZUm6zsGZDd5x10tW+CE+FoklgU8p/MceR0oEwo 2ScKzC7eSfUj01K27nswJ0FogQQv4Q81apSQaVt3884uQfpz8j07NxR7ZfknpnwF
BLXknBDjaq0EDLocgmqIUrSvtKOnDgxgDCCqy3+DNt87YwunGWUFhjiw/SwSH7Dc AR208udTix02yEQc0lYEI+vTo48DiI7bHVOXbA4lM7hSCaFyqAMuyb9JXyZGVvdc
ONvvTVsJbMVS8r7G8oJXMGJ+OKpslVhQ0iZYILDHeX8hoUYyCyzQ/istgAVJ6Lvu v9+mxvNg6ObXhOkLwPxBVfQ+TraGKGvxMBI29/Lzfgssb6k8JoxiBy/qQnBcLZfs
f2nhjw04Dg4ldYGBPVgpjwPO7dYaaPmn0pR7qbl7ui+FxLwGKZi3BQk0h9AUY/n/ bCqggRM2WDy0mApeyAHBwmybYS1l1nosIGHntnpaPgsRMIcMENNzEpVdWLZOcmwh
BkyvsSJgx4TEL4G8JVgEm8+Zz+yDmNu/wDrxQrdIhzd+ws8D9kENuceuM1xM543n fEX++diQFQ9AwzW3zygnYAk/tZSXVe2wUL9ojMRr7kLwUz9n3OZLF3u/4UEra7bD
nMOv6d20FygJFaLEQVgVGz+HlsfdHHa79vzSP6kz93+1naS3j/0iNThy3e/rrAAq XRMtTO/UmuN/d16EqBN10gKY96buiRcgAAigMzj+D5VRqXzgj0I0Qq+gu/eXkzr0
ORslyqepsr8XtZlCynxKrmGOpDHWF12iKXJdrN6YYgfhBgNXPuhwlVgfhiPny39+ tONfZfuoVNDl+q6H//f2kDRHbj0SXz9OSWHOtxaJ6SJbDX60MQFb6mEWJm8kno/e
j1SB8vXpYP2EW0EiiY9iwk/OsYxqsZz7RfvtYobZVBC2AuYFxeK/FfBsAMtFIY04 UpEXjHzTU2xyum8qoN8XdaRBevrBhyPXFPb8QEVD1BXR6ehFockfbnaRqHVaStva
qz8/vrw7KviAAf/bAASBIAGfre9pwE3w8YF8OdQVk/3mHDs3Z/9v4TO5CKRBO3cY Df6/nos9E7ViCGW8R3YoJ+2qfWTk7RXjmq1ykrdbQxMycOXyRTbLB5ur0ynIif15
5fu+GpSBS9EzuKvDmLOIYdq8SyGN/Q0emK3D4omiiklffzGH/Pj6pH50LCsCBhwD oQyz3SiQGSLOaSD1Z501Yty3zTEn8jMlpBOr9KXFkgbbxNY1X6nn3vZ5ZumAl1M/
PnathlA7jZ4+NURX/y487w4gATjTv1i/N1gwHxotOln5dC5X/ZrTWLcywS7GATko iwtaPgThkj2RnM0ATEWG9SQva8FaH8zUv3fGepJ37VMPlQ43eWhZavwZi1/fs5vG
2/y+8X5IE/0dWiv6tBkRTNIdBuhsuuKEe8H1rJIAoMfhy1xWIgGrfdWZNgeO8bJe UYCyqxjhNXtwSnhEGHI2F4LaffYeim20Wt9HiXZON15vRpSeTWvTGOUGVZWROzx7
CZBfDI4NEoO2nOs9wPOWNHkkaTu7dRTKvxFiPqbwb0K7O2s0vGtnLb6TWqdVE4Bz OgIeKe/ksjcIlJuzy9fKQlJjsmURWQfuKM2vfRFGAoM3jxKBNDDFzinkL2/kVpoz
K5DmQXob00qX+srs2ULKaE9VhK4agziDGBIy7jy56PmDTO71WG5mGYZOLnVjiAbR rn8LpukkEOZNB++ALIGVOB8L4zNDluePDTYlojthvjJUN0+oU6OB/iYvcnHOKXin
dnvia5+QGCcmwNHNg5EaKWOqul2ekrbN76wcT+e5indntAK103nrw82SR/jJIHCD PKmeDe7g5Ywjx0Uj0nuZEwa4L7ALCG2WpmnpMOT1RkHVpqn+29PPQ/Cx+JpGmXO+
B+bS9FMoP6aIh04UWR3NQ0YCbxQzAqRQmJK7aFeBK1k7J/kzX0kEaDcRlqdFv2fs uFiHQN+L3uk74rQwJ+LUQBGDrRE94GobEN/sWgk4l6bQrf7Sl3Af0QaXDCN9d2Nn
QyiFnY04Dj+lsfGpdP3rTx9cfi6+bM0VY4aDonF1YZs46bLN2rdMKvG73fFZiCnq ebzYvxhxEkpqVnvjvd1Vr3ZT7ECzOFEA2hjK8L12oJz/zF8DXUhSlXxXAER3Nf5n
R8yVA8gBre3x52tTvRqQxHAKH8CeBGBO5IZGYbA/d1uFpix1cBef8gpD2zFrfR1J VzM+OfCpigIUezk5QN3r0sHD1mWEmOe6JgXnDu8BIbBN6NnxFXE+rbRV71vd0APE
E0cd364G14p9vD+ItE+hHV+B504UmDeyN8r1ACUcPcYXwN9uWwqh1NAsPPgA72x8 q5F0T9a0o95/cVYBcLvhW3QQcp6yP1Xhulaq1zZc/N1482qDNddYDPtUDaa+g7/X
bVC2hNGHzAn0p7X7CDK5Jj14lwxdRkOqntAeDZMaYdKzhS6MVRVVXn5e/0g2pX/z m1+3tK1myLIBhxv8ORgdyVQiXmHmvjWVk8qqSmwrNM7rZNkWo4FZFOYALreVHxHZ
V2rvaDPBWiKgLQJk64OJeBGVXOnLAJUqyKd/JkFwu0ON16lyG0kZ/YBduLK3xguG T1bgmQ2Q/OydwRhfpWTlHK1AH4UzUTWKjFDH0j1pZGqtDuc+ghEboZxHdAI/xrvy
YisTXzkYZod+4sbOgoix28Q1iYzMvtwqZ84qW5VcjM3nkdUa0UivyQXwyXXJ/Wyf ypU3OnP5a9Dvdx4B2GuKHbPpN/yY+jbvjDbb1DX0NROcVqC7JU+mMXYFRkKg6yga
WWJkbLKfHZOtJP+Q8RNMYj9oQpqNl2ANd1+PBc86tPKi/u1V25EcDFgM3FFOcgr1 L2KDhI0VChXtzGUGSR7wnfvCPBWOpmi959NSoSRdVnVI6hrCqNopVPvRh9bAtdor
BKNNw3R9WCXJhP5ym1op3hQv/gI+45iyzsP1G9EtMcHhajM1hkagpKMW9naT1aFy +MoGi2gxmKCLhxY0A9/6VjZnBF498RxRKSAh9EkHZp3Wtiy5T5779j8gHRLwIpeL
oi6h3jMatP+EQkO1fDYQo5bAkfvVJ/qDiVjLkz7CDNQsBcgx/XhV71iJkUhQb44/ YnORqbfW0gcWhjKwL8BoXT95S7rvHWuJbwFXMmZFD7fVJqDl1auaeS8QNFPxEOIW
KVGuAAuaYogwtIcM84doJvxEeuPTSObKUunYNHD8tAjrcmKwhhh7c7ihkGIn3p0Y 91Z+2yidE0MdkfTWWS3WTFy3N4DBYP6JJRIzHV9bYk18ASxvNR7sGjKTsaioRble
nDKb0sri0yQhiswNEUo4/lZkSoCYUx3xYyxJaUdkMJ0vuD98Afz5hIwD0WnTYQNT 3WaKwI7eszBNvgEsrNtJP9PYD3leXc0XXbsZZmUgbu+Q0zIYfrmJwoOwA/4pOjtM
T2YdoZO+Q2WotvcFyeVgamczb8nsMX0p1QFmbOoeEOwovWWLdYAH2uIIEecKs2Lo VpF0dAWOvwOMygwsljdOH8MFBBwVMsu95DiM5Qx7JTXNaPAkxKSVrvmPCPi1yH6s
1JfP5SOK8BtM08pdiPqycmf23sEkQVVI+EhPZNbmQUVrYZmYSHeaJPcrXjDK2gIE 82Tkf9D7MC91TyOV5g5wqR/aNXfHFk31+8tRi/jhDAGcyY+s1AUONPaNCImOjfe1
997lSp8Iw9bZuQHg6E4Zb3AgIwQlkAJM7Li/VFnh31x5PivT9om1DDqQEUlQshZH oRPRpw6noLVW+0X6JuZ+hFoIvOv5oY4mhvXmtm0rxG1/bI+5WFHRfqD3rQNX/RW0
FudrMJlJ4Tn0i1whm33rC1LBElFh5e473ir7kFDhrQlztOgb0yRztTecyk8512PL WMepPlKnRq1yNCzwKNrdPf7sus1MHSDCYCuGFUUawRBZnPtd0wM7G4kPiVh6rm0W
UuHX0SCmSCjzoLtpdyvwoVNjouKatxP7V7lrofI2HLqAVCbOdtdGsFREn4cGhi0r EQji3yT1bDp61yVbw6TN0SAhcAzkDwrBNiGyDCDa5naYnnYRNE2j5KkAcFtZv32Q
g/l1rl+xac85KVf1k9SN0C84/WaSnylVU5/vNzD9ycargmIU3RE0DwU8X0C8ECUg KFVEAld8dP3+qeuGiNJVpiTNaQMtMT+Zm4IwgHHn7aHKW6su/jjc48gxLU+IHSR6
P1e6wdpuqpYK1bgtl9lG+2dsoFGBdq4b1qRry6reI8xMJwdcR9BWVKksRAMbSPBh iW9IwZxRvCWkHLKmUutBN/WkNMgpt/Wmc3waY7LZiFhK+LCXHK1dLbyrkCdSD8DB
5gFhER4dG8cKiO0NGuL08m74UKgA6vsSz3rJJ5NyXvTGt1vP3j/EuWOUbOFzOSv3 iYxV6+MFG9huPj1JtuonFt6DX/PE2S7pgLeTFWDwKxaeNSd6WGVU6KiEpeEgDPmJ
Tq7q4N3yEgLSayg0YEvO8JY+0R2+1EQMTu9I9sv8dCRw+ALR+JI6vJ0gYTLM7A22 GpLAv1ow/G3Vmv0GhM/oxKd76uY61CosCHlEV6KqSX/c2YA1IVcxu6v8kaPXd2B9
l3v7b1FlDWouT+RGrokL//Pnt99uYolCKnRte+LsGZ1/zk87Wx3jxdPHyrWXPzqt mbafIPVDfEr8ZOD8SswA9jxaf3ZCmrYHhwyV9FSuQn8BNBpYqaa1++YOeOWPJ9tA
VUru5O+u2x+xDAsyKiEzMvq6SICG5MT95vNQFiMcM/1cSrSsl5eahhigcdpuK+3s 7qTDNUJNgc0vKa/nVWPuSVogfaVn5gw/byuNlPHmdLEdHUMyOcal4UyJ28nQrvYR
gCkMyScHvy0iGrk+VAaarrdSwpMT5poPZbudr0K+K3MD7Y1Cp9o7ZBT1rjvKCNIW 23WPQKmRT9OASsEMm2UZzB4+yf4/lzt3p2auEks2s3GMlfdyUm7PHu6tz/Kvpvy3
vpwQdfVSZV+1Ji5sfyC2RLy7+2vwRU72yB3DJs9rFLk9XfjLHiv+BmVW6Ql4tovY xE6G04qV/cEK9600jwfonvNgf+LV/06GV262QvbVj6eKnNVoE/7qws+QJNuwjqmE
mn45thtn4zYQEtdANkR8aufQg0A+BDQg3XAQicCb2hhyH6j5VFACh3MPDj1tjy+r xyOt/dRjTFLomTXFAKWpnXNTPNzUTyM4GG31We+aOkOzvjhC4dAL7lf4JKYqP6WW
YNi5VcHj1ccnXsk2EaYW2y+SkgcGg/ywmPZ50B/I8GLJWNeb7Ai5VBXCWfMeCIz0 wKxjK46KQuew81k08Wwk1VHW+D4DlN2ynIbDM+q8rkrlJNNvIHXw5BA5CSWpsxnu
NIPzxwdN+mceK4MfBFWM3GDi0hZM72hzMN4pFN/4GeLPEdZUNlOkNWT8hKEreX+W oYR/fpw6kSbCPGO7b2tWVGmTw3S/Vwy96OLwunw4oYyaaBgenFFBgDzicgiyExtP
PcL0faa1xbpEUTfWv6Vviq9VCVkc5q/wxdL1irkqLNR5Ht8PyZUjCH9GsVntgPu+ K0OPIr3LjEXyol31cLwSBjCNUMt7FwPiB5/TFQwVmtGq5t3uYL3ei5IgTaozbk7p
UDswKkNICxi0rUppHp0Nzr7HRH1Y76htABrX+wyFVtA6ttwbm8nNqSVof7wb0pYa 04bVa2QJQxK4bHHbsgZ8/Vd2JXJJdQ+I1rfC0F6PKFqrfhDeujsF8QzZhvn8M2qJ
cHYMfJDCVJvCLCLy/sePxzwGbH8bW/Va4ebVQfNBgS49ATHNbv2HfjROYqgWAINJ y1NPENK9Q4zb77dYvDUXBss4+erFM0wPesScHEbQPh9yyu2zqskpYQMrOqMPCjb6
l8L3IqyUROBveA+3+a0wEZ/kJnlIJppNGqIhuS7SiKUBXN+lHvxoGAfeJFN8uQ2B y7yKppG1pOIrMzpJQkt7WP6n68nhZAlkEoCu7XchopEq1TmlzFVJ0F48ijIXWHMJ
C5KuodUGgcTbVsxkVDweTfBdS8bG06OIAklSXvgE614E146DNKKlqD3nc8xDCzbN PjsMWj2eh6goyFaAl2tovcyHl14j8vY3JO9ACyLytyns+PzdrqjuZxJQt8wZMd84
+YZ9VjShMxepn6pJ06xOKW54NVTa3zy/R+HZ+/WixdzkAcn8gog93ybxg/9PhAi4 axs1klGO2AEuAehpsf7ypMKCBO32kirOMQSYZc4QridRDU5J5TTxMsxz8vXtc748
VauRPmbhrasLdiZwGyQ65shkUaJMwkjY+BpTK40M5KUV4yLr0ddkzbmKWo4Q50FY 8fDkhFFq5Bqf6Weo8YiFvspF/Vvow6xjGpcNK6DMgxwwvUb92bxHwhdlyVa90lho
NMc2AtCg1A8e9ziRU4Y2MD8abcs5S8rOKk5/R7o5gJGNHjlHpn9Xz+7fTpqtYqIf B1fxiQkaA+Oiy4bdYXuDoLHd5p+T8SipMorXJrHe/blq0OwNaHrbGSCje2SXQBqB
UY+YJhE+LyJW2uu8Gu1tTe05BSdy13E367FpALD0ZTeQHQWKmAckvwjsQ29YcKFM +cMVUyvTtEsA+hpI6hIlAZutTZ7qrvIMGafd5CO078+8okboTHysqAIH8WAdDwkv
n5+AmwDhDdpWKXih4nxFgQ== aXylZnqk5kEiwW3eNjoh0Q==
C.3.1.1. S/MIME Signed and Encrypted Over a Simple Message, Header C.3.1.1. S/MIME Signed-and-Encrypted over a Simple Message, Header
Protection With hcp_baseline, Decrypted Protection with hcp_baseline, Decrypted
The S/MIME enveloped-data layer unwraps to this signed-data part: The S/MIME enveloped-data layer unwraps to this signed-data part:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
MIINkgYJKoZIhvcNAQcCoIINgzCCDX8CAQExDTALBglghkgBZQMEAgEwggO7Bgkq MIINkwYJKoZIhvcNAQcCoIINhDCCDYACAQExDTALBglghkgBZQMEAgEwggO8Bgkq
hkiG9w0BBwGgggOsBIIDqE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z hkiG9w0BBwGgggOtBIIDqU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw
LWJhc2VsaW5lDQpNZXNzYWdlLUlEOiA8c21pbWUtc2lnbmVkLWVuYy1ocC1iYXNl LWJhc2VsaW5lDQpNZXNzYWdlLUlEOiA8c21pbWUtc2lnbmVkLWVuYy1ocC1iYXNl
bGluZUBleGFtcGxlPg0KRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+ bGluZUBleGFtcGxlPg0KRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+
DQpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6IFNhdCwgMjAgRmVi DQpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6IFNhdCwgMjAgRmVi
IDIwMjEgMTA6MDk6MDIgLTA1MDANClVzZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVy IDIwMjEgMTA6MDk6MDIgLTA1MDANClVzZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVy
c2lvbiAxLjANCkhQLU91dGVyOiBTdWJqZWN0OiBbLi4uXQ0KSFAtT3V0ZXI6IE1l c2lvbiAxLjANCkhQLU91dGVyOiBTdWJqZWN0OiBbLi4uXQ0KSFAtT3V0ZXI6IE1l
c3NhZ2UtSUQ6IDxzbWltZS1zaWduZWQtZW5jLWhwLWJhc2VsaW5lQGV4YW1wbGU+ c3NhZ2UtSUQ6IDxzbWltZS1zaWduZWQtZW5jLWhwLWJhc2VsaW5lQGV4YW1wbGU+
DQpIUC1PdXRlcjogRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpI DQpIUC1PdXRlcjogRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpI
UC1PdXRlcjogVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpIUC1PdXRlcjog UC1PdXRlcjogVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpIUC1PdXRlcjog
RGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDowOTowMiAtMDUwMA0KSFAtT3V0ZXI6 RGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDowOTowMiAtMDUwMA0KSFAtT3V0ZXI6
IFVzZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkNvbnRlbnQtVHlw IFVzZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkNvbnRlbnQtVHlw
ZTogdGV4dC9wbGFpbjsgY2hhcnNldD0idXRmLTgiOyBocD0iY2lwaGVyIg0KDQpU ZTogdGV4dC9wbGFpbjsgY2hhcnNldD0idXRmLTgiOyBocD0iY2lwaGVyIg0KDQpU
aGlzIGlzIHRoZQ0Kc21pbWUtc2lnbmVkLWVuYy1ocC1iYXNlbGluZQ0KbWVzc2Fn aGlzIGlzIHRoZQ0Kc21pbWUtc2lnbmVkLWVuYy1ocC1iYXNlbGluZQ0KbWVzc2Fn
ZS4NCg0KVGhpcyBpcyBhIHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMvTUlNRSBtZXNz ZS4NCg0KVGhpcyBpcyBhIHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMvTUlNRSBtZXNz
YWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0 YWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0
YS4gIFRoZSBwYXlsb2FkIGlzIGEgdGV4dC9wbGFpbg0KbWVzc2FnZS4gSXQgdXNl YS4gIFRoZSBwYXlsb2FkIGlzIGEgdGV4dC9wbGFpbg0KbWVzc2FnZS4gSXQgdXNl
cyB0aGUgSGVhZGVyIFByb3RlY3Rpb24gc2NoZW1lIGZyb20gdGhlIGRyYWZ0DQp3 cyB0aGUgSGVhZGVyIFByb3RlY3Rpb24gc2NoZW1lIGZyb20gUkZDIDk3ODggd2l0
aXRoIHRoZSBoY3BfYmFzZWxpbmUgSGVhZGVyIENvbmZpZGVudGlhbGl0eSBQb2xp aA0KdGhlIGBoY3BfYmFzZWxpbmVgIEhlYWRlciBDb25maWRlbnRpYWxpdHkgUG9s
Y3kuDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1wbGUNCqCCB6YwggPP aWN5Lg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQqgggemMIID
MIICt6ADAgECAhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUx zzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBV
DTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1w MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2Ft
bGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2 cGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAw
NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL NjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UE
EwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3 CxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG
DQEBAQUAA4IBDwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnel 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53
N41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+
2GMt4jse2Dqs165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNH IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8goz
T82S6DgCReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ R0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJ
ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3 vmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbk
qFC6vL/PGeWy6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgaww N6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGs
DAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcw MAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQX
FYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNV MBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYD
HQ8BAf8EBAMCBSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1Ud VR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNV
IwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCB HSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEA
SXignLEynBakDKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9 gUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7
Ii6zyBZVjdaox644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz5 fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8
3PYDBh4zE4Nar2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/ +dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm
eDOdu+F2MVtluLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744g /3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++O
qoeuD9YSHjKK49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXz IKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl
lEc2tUpAr4vRhZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp 85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6a
1zANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q qdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFN
UyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1 UFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBB
dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsG dXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTAL
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExv BgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBM
dmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5N b3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+
mn9PkrYo0jTkfCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDc TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA
DkY63PQWl+DILs7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFt 3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DB
md+K04s+A8TCNO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJ bZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6s
OMayCQtws1q7ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFec yTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BX
N7836IPPdfTMSiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq nDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT
90njlsJLOwIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpg 6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYK
hkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0l YIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1Ud
BAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0G JQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0d
EhyXrilqkBDTIGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTAN BhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29Fkw
BgkqhkiG9w0BAQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7 DQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT
GKJ19naIs3BjJOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd +xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p
6XaVWHg4eHIjSo27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7a 3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+
gyHahiXRn/C9cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazg 2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs
PYgkLD59fk4PGHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jM 4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeo
hwFXLJtBiN+uCDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGww zIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBs
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh MFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhT
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9C YW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/
qaJcOvT4as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3 QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG
DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwMjIwMTUwOTAyWjAvBgkqhkiG9w0BCQQx 9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE1MDkwMlowLwYJKoZIhvcNAQkE
IgQgX3dswDsmGjwXzejaB+kh8kzNOiNjkHpEtBXbJ8gjT5UwDQYJKoZIhvcNAQEB MSIEIPc7Pk9KNPXyMYThSPlPWV2Qm8CR4vwcxnqIoOjkdUtMMA0GCSqGSIb3DQEB
BQAEggEASC6sf2ioO3Y7yVOzy/6sbjR6suLfigryPkvaOvuh1aHCP/I071/j3LYL AQUABIIBAA4QYIyZPmQpKWNUhU2nJc7Fr1Oh66z992rzH2OTpxSHehRBo5dJYSqm
nER9aCGoEFXzxXzI1aiTjwlQp+Fg6qNz8avFRbSvecUpAsbihlRbbOSirvNwW6F4 9p/EOWB0XLOuJ8s97cVbdYl1EqEjx9zvp1kdLtvosuonNGHmQlCPVKSFfpBvq4DV
McP6cbA4UR6M52M4mE8buxvDtwf6caf8gwtx9XbZy9a/FSr1YqQoB9ebotZDadDy L7YcZkAQgXujN2Z1F+MDlUTYo6reDa2K21zPqa6CJX75zersFb1xS3raFRaNAspW
sh0hjzMTjvHbq6DTPytem6Dy7rBP7F32Z1SHNC1Wc2MaW4NKejRxubh4kKpopRvk URatTpJpgf2E7F39o78kRGsbUxurtzm5QTNHIVAqjv4LudNSGVOH++VTmkMR5gLJ
diHHADbm6WUwa3IsgU65HV7X/BkE4vQcYsWzYjqyA3WjpZZWlYus023kqug5sHX5 3Xm2E7tz/TLDlGDi+l67tYni3f+sMgyW39dA4/ImkVV3LCjT6TXuKRwvDnLdik1u
G5uhNtW6SURCQjN+d6PNa182OqCW3w== eh0Hs/LLI6jCJ82HDBCfgGfbJ8Lfqdk=
C.3.1.2. S/MIME Signed and Encrypted Over a Simple Message, Header C.3.1.2. S/MIME Signed-and-Encrypted over a Simple Message, Header
Protection With hcp_baseline, Decrypted and Unwrapped Protection with hcp_baseline, Decrypted and Unwrapped
The inner signed-data layer unwraps to: The inner signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
Subject: smime-signed-enc-hp-baseline Subject: smime-signed-enc-hp-baseline
Message-ID: <smime-signed-enc-hp-baseline@example> Message-ID: <smime-signed-enc-hp-baseline@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:09:02 -0500 Date: Sat, 20 Feb 2021 10:09:02 -0500
skipping to change at page 129, line 41 skipping to change at line 5962
HP-Outer: Date: Sat, 20 Feb 2021 10:09:02 -0500 HP-Outer: Date: Sat, 20 Feb 2021 10:09:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0 HP-Outer: User-Agent: Sample MUA Version 1.0
Content-Type: text/plain; charset="utf-8"; hp="cipher" Content-Type: text/plain; charset="utf-8"; hp="cipher"
This is the This is the
smime-signed-enc-hp-baseline smime-signed-enc-hp-baseline
message. message.
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft message. It uses the Header Protection scheme from RFC 9788 with
with the hcp_baseline Header Confidentiality Policy. the `hcp_baseline` Header Confidentiality Policy.
-- --
Alice Alice
alice@smime.example alice@smime.example
C.3.2. S/MIME Signed and Encrypted Over a Simple Message, Header C.3.2. S/MIME Signed-and-Encrypted over a Simple Message, Header
Protection With hcp_baseline (+ Legacy Display) Protection with hcp_baseline (+ Legacy Display)
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft with message. It uses the Header Protection scheme from RFC 9788 with the
the hcp_baseline Header Confidentiality Policy with a "Legacy hcp_baseline Header Confidentiality Policy with a "Legacy Display"
Display" part. element.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 8085 bytes └─╴application/pkcs7-mime [smime.p7m] 8085 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 4968 bytes └─╴application/pkcs7-mime [smime.p7m] 4972 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└─╴text/plain 414 bytes └─╴text/plain 418 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <smime-signed-enc-hp-baseline-legacy@example> Message-ID: <smime-signed-enc-hp-baseline-legacy@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:10:02 -0500 Date: Sat, 20 Feb 2021 10:10:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
MIIXTAYJKoZIhvcNAQcDoIIXPTCCFzkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIXTAYJKoZIhvcNAQcDoIIXPTCCFzkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFt/SL+2acYbbnElaXwsZy3nS97+v4FjebWx Boq0MA0GCSqGSIb3DQEBAQUABIIBAHafgwK5Dq1Mk+/BfVcTHIE/bWksOCdgOuo1
L8Q/BXPJQQFAqPwXiBMf2vbpBoVz/mq7OOwPiCUbgG6IT2e432SJ72N+FsZhClLH ppl3Qdi238REiGsONqPHaLjiK9xhjvTS4pSV3NHEbKTVZpQurzaUqIXL/sA12kkn
WSRu50QqqkFTrSzomm0iCcPEeU6dOL2THdDH01Ltp5zRarFzEFzXmjEIqVfHXFQH TQgbJiemZq2HXKI1feGM86z13FYWPe4g42nffZNi5kErmPI/IZX4CuJ2+6Wy8IoO
2hmO7af4Usxt8cJWsLaQ8px6hm4KqSpwKSLEeXK7kiDYKJDsLlVeSHDfqiJfkoCt tZ3C1vLg6z4V9mialF6IyVDYw2VZUIb/r3I4SKINANa1t6wKHeHTX6TEJxOv3P6W
iajW1C0MfjBTvD6upSlusILp3/wju0ZR3Axjr9svkyGBqkwQxUtNUev2JXxio+9m kWUwpPHGzYXPNVKX+NSLxGqX68vTYOhg86Q+FeKLNHkutnQD1fNU/ZBn/iidZt3u
A3xYUsHLgDjVNlImBN3q4yQfyTg7Byl5aS/WjdRZd4kB9Poj31AwggGEAgEAMGww aUbDpByaxv79j8QpvCHUXbygTIYENNc11+RcJ3WmkCKVkwXG2fswggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEApi17wPDNLbvOE+snTdjrgHyQ HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEARW1p7eiEdi69X6DKW+FXzEoc
V4DGBR/WTMW8Tzd7Zm6nh6h4jX7x3FX8NkyE380HkFgzZ5yitz+kB7WtcMr2Gij2 E8KIzTvIpU++vNLVzq+29VTzdjvBVcg/8F8L4BNCIpWSgz5i7Z0o9LjMCw/mHo20
VBdJi9ey3pZyTZ1TCkwnF5q4ghqD0vfoPmKXIoPOyQUP7Ak9+EXA91QPYaMcTRxM XL074me2zAv3HeGZ85i7gIiA/lsdgIb3f2Qw/+8gQVAIkoYOlBmpocBf6EGyEciU
jvibAzsbnwQmmvnuuvlLhGqqDjv4woTJ8F/yOxrWaidf8nfWmCEzMP6kYl4sDxFT SWfwp1qJE6/YWhiFbjcTIZYj6UqGy72AkiqGKgCZ/tFWhMJ2KKzbm8t5rG8oC8bD
xxm329jXEQ0olqYHzyIgYhRklLW09h2TpC7T5Yov7NfWZyQZA0F4j4TW9gCfmcfb dgjT2PYo5by8brJohF/zTS5CucfLqqWpA7QtHLHcAeU3NXqVc5tHyGZy89KDpEii
pwP5tcbzkxpclkklBBlnbezpVEMbMsaLCcY5c5RDRLPJPdhYKcUztCeZKbei0jCC xVCxdE9Rs2AurTjT2/98WF5tTEFOR6LeEdG3svOzmMd0xWEdwP47BA/ePsS53jCC
FB4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEHMz0B+KARgbNWCbbkfBkqqAghPw FB4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEILWJEheEd6fWe0TTJf9JzOAghPw
J7tgZJiuXvnsaLW0qpJfTfd1NW11Y6uUmPGbbp6ukBFi4Ri+coXutASHHc8pgQMd 6igc/NoE/Okf7HXkehS4/7Vs85BKRQ5mdxGN1WfY4nFcchHVWVUCrPXYC9mUC6hW
In4vIs48XWLTlRUuotY2JfBWrq67pCjsfv/s5TyRzEaBDC/lwYV0m7UdWiko59tY 12YuNkD+i/LBUN0Yunvny5igqNHEUBzMQbJMpRxcgClqS8zMokqB0+kzkGJMK0nC
+yOXqz0R5p/Rjj7U6RePNBv+QtQN0zXbECJxJ19IGExL14ziddgXGejQcMOJuxk9 0DVfneVaPAldMvZhw3BsbJfGaeDVTthp8IuR4PgdCUEBL4QWCvkgDlNquACVYAD3
9AfoctdteTMV8H3Keg+LGhbUhwhsHv+o9CQfWo/kEAQ9On20Zhb7ORggCLRJSg3c MD7PSziVb2tAvVBBpXOZ0kRGc3bQm+IhZWRAd65313297+eYKfmInlt+j/K57UBC
G1kdv+ph3umi/bGZVupvdpKqBQe5nSJazx2Ej9jkcBX+W58csvteME+bYexzK7X2 i3tnWaNei+ftFBPVpbnMqXm3TbBBKzuWtV8QsOKZFddCtgoZmjpeNPAYMUGtn79c
v5d/ut/lmd+Ah+POkU+ZVYIAPHE5ORDrLSZjuUC3prtksHneNqx+DwA9MnjwRa4p 3eq6fTzQPaMKCY8Z3aEFEv7YfvcdCWrmsbtGndyoQAr0nc8BU7geuHD+MoVIVu07
seLZWRCoEzgubftMk1zKBDRUJ9WCHxbvK7hLmpGRKpNHyHUAt4uBbHWERXBqvSG7 F6x/hxZyJdEh1vfLP8hPKq9X11gwa8+qq1M92oBxT4hY96rMOMu2dBNvF3g9Tl6v
rmsN8rl07panMefhNZAf2r1wc3dEVtwoV315RFboof5sPyVaiTXkP3KlGC4JeKsn g1LE2PJs62m4O2XEYd05FlWzYzXjP4EzF3u171duDsdyrbwZBqOJvMXVffqEmfd7
3nqiP8sgNlkX8FLj2i6GDJYdcUCyzfURMGFGMqwvtqFIgN1TYJW35gFCitJYCAvW YfiLMvfUihHpNBFsKtgPeSqjVZ7WN2M902CzFa85Z1CcCTrqtXTbVkzSUYBfixU5
MhUseNGQzlqigkbOjuHxSsgGt/OUwJf/5mhK5cV7KTYstnbF8tvxGTo5MFaRJEsh mCkZimMFvH9iwNSxxqdovNq6OojFiVNUH4SCKBXDHhwBrHROUqZ7Jap3xQplYp0P
s/WSxSQcr9P1T3i3bLQ3lYO63j28cWvMzrt/vZ671WnpivPawpSQlMePPKKHOqj9 2q9owbJ9irL/2oX9QGRG/g2W9POQ2L7+S9l2QWWpn3hJZwZimG2LebRrIHEVsHhV
ZLtf2iIc3Yn76ir3v8SSWpGsOBES8s1lhM/jEt1t5H8xUfVNz+WyhhnnL/3kdhv2 nQdEst7lZ8iDw2fDTd9cpSxUjV24LauODLxLHfO2NWnttdykv4RZhrhAYOOIE0H1
xXpnuSscxiQja9I4KOhqw5gHW0t//vnNZRRCXhWiVL5rEx0kK3UUnSJm63kkn+Q0 YuEhPD7m8rYvhr5Xi6pDEFVGpjkAE0Vk9CQkdmYxjF3nJhL9EBzozTWWkRsiNgyU
y/EykyK3sLCTSDQIwdbe3CoXq+smap61qDQeHgpBnOSz0/Sp1PvPS09g6fOWn6mj DJUkaikV/smnYcwU/0Y4Ug+AZdLhx9fCK5Crv2MjXaB/8btxoutyKUn3oO4ABVtQ
ocXbrifW/y/uafC2Bs2rLEtfq7Tts0T96urEOBI95bEF53OuYj9xLahALFmIHi8p KFt3r/CkYJvyfZQTmlhDLDxry1L/yX78+pFmnsLRSKdNp+Wlhz3GeeI/bDZzR5L3
DgHNaOymQcXwkooCT9JG5h4c/pZcM6Vbde1v0a4Nu9eoXC/ZIT7zloVV7e7aYvEz ETECwXcPjh9uqrgM3HUvKC9HHc+fUXKrQXqGMXRltvA1l7yW9ONOdBZbW+AaS52x
QXaABEmmmHAySmPpBC75SegSLUsHwRbpS/AGQb8LStZAX3mh3fsDfHqcWiKAkin/ cSSr/z+jQJy6WSIXiPN/Lme8SyK8cSMUGRW44x08jZ17FRCMJwbmET6n/AxX4XFM
QZ2TwDanvMca9DYlWFX3WeWte/fQk4uXEEQdPnLu6c6q3+ls3seauYpfg7pnr+bG MBAJ/Cln9kM0cnC1Aw52X0571xKOS1MNQb5LRr/a6RnpVTTTJpplBQGjc8tjQfAl
50msWCSg5HDBZqlsw07/cp8VXSXYlI0xOiKZ6gWFtkqcDkAEX44eYW9OQ0V34fz8 bL5l0dPFKq2oOp90C3xjVa0Gvi3Qp8BBR9LKfwTUZSEsrcNhYm05+OiDfKMaD4nX
yec/JTUTvLVoVRRjQCsg89Hx4dejSma2bKIjIdrF6HJfTwhs+XbDMxG5h4t2++/S PJPd47XBR+MuYHRVu/7LYFv9KmhxDsemLmq+8W23AYuPXGoodQDB5upJSoVj2gjw
KFFDsmPtYjgcbQEas0ELKMdYTtTWy5jq2L2nVLScheryfIN1vq1y2lUEpK33c4U8 j/Aa6n7J8NIoNr0omfsavqZBiAiNSKRBnaQZ45h7hkYB40Oel3dMgJNATAE8/5d2
vCpOaVaRvylCi6TaWKjh8JlfJ6e/Sx6/WGOY0wmN9pYeBbRsUmSkjtV6TofOodGf gXV6RkhCxtFQP0ykzbSdrlCVUSW35TtiCzGzEsVUQdJ6ZBy02a2mXIwWDt98Hf3x
9tP2VXt/2jsO2RbDCKp3cC/VNgttVU3l6H+R1DvasOJIcVVeDVCQGiKnKLrAoUoQ Z1pHjfIXlFKG+h9f2S6lxkNZjIATawIwY1+yN246yvdfX4TugEtISyyeu8mGlnkk
6ZOGLhfhT0xSufMPUyvZUqmgbvWn4OcQSYMajot6TCwQ6YSoN8LlH3CX1vZR1tCG md6BJL1fGCapQ8B2u/KFswjNQc9orJAs4PZAYwAMJqZl4jOPbcwjD4yVwxwdgu5W
STXkEQ9BIL6TwQQcyraRuBUnabv3oS45HNIZo6uWxBDfS7jHYgdvtJVko6rKc+yB uQZgUfHVQnig4jT35svTsNmMei//0WYrESkOLT+8I64TuBpP9Nt8kwFbfrJA3MAS
nXoB9MufZfK0RalSFG5n6hh6wh5DK1/5BLbWvym0Xwp55fhiel82juyG6s5m4LFN mmLKVZ2t/U5FfOu8hemprMntiAhNGBLuKwwbg2q8cQfZ1XNGyZv006s/9dVX2aTG
VpeDA1Xyu7yLIHwfMrKaKuzo1YWNU4mTjy1Y+v8WmVFlg3jiDLJGBN9XKsLV9tBp ExNCEsfprvsXrgHNT2gFGEbvlDJFEHCWlozu2GucDVo/AH5FAcwSMcyWtFvTkXHV
chbN5lco/RJh7A2Z5FUU71sLFwbBpmSdjK3/H9jtg61QwqozKwIAcPt+NCUdiZE/ W2gGKYQd6Ap9flpy4B2PGQHdlinMADUxmaFRsD3fYbG2JkhOaSzAfJOwjXMMu1dF
DUz9L1ul4qWd5FkoiuXVt7i6/FJUhtMWrP1xBtFXJDx1QQcYPgy9NRzJ07DpGWMK AYyUmSj/hCCmosqR0QG7UJWQ4QK2S7dMFSnNt9zaPvKJMwPmAc8OTzaxrJxJ7l6H
XYB2aVIf2gGHVoSlO3HGdqMJ/eciaRNUT0le35MkIpLh3Myv3gv8xIG2ue+uiiJ9 DJ5HHAtZm52fGYRrUyXEWYSzIjqPkQFO9pwFhnlMNDLZ99D43VFUkoBeHHQ0Aswh
tG0tmbpsG4R310t/KV/L59AaOX6y8dtrCoOIyD8SI5QburVh9FcXUxphMxgKle9h d+Xp+jGDwEMR62xQhIdRCuR8i7Wyl3+tCdzpfQSvMcfTPU2G3/xdvhDVJ3sDjcIf
scVHp+KYSLp6cx1zlE4OMUL3ipU+ZLpDKCM12VQS6gdv8xyr38c2IGg23QCk8Vfw 7gLQG6/uQmevrL6XdUNW7zI4a09e/knL+trM/847NLjN0RRTABLkTxlTxgJ9ELcw
DBmKjJ32FaFJFgjMKcnEqpSJC2w3/i6odPJDNCV5kOQuQ6RTUaJpMLYcUTIlVtiq yx2gvuhvKSt414/1NcnbBZaW3yfA6l32X5t5jY9djW8M6EYLN5HSjy3aIJ8fiaZt
5wGVlXF0PR6va7B2IE4zrjst2pQ1elwtQDjR3bwIQgL7/scNeTzmgzcTwWP71HkL T9kKm5uSsz+7bb8TSc8uQ5lHzAvctgM2k56zGVQnzWkXR/ghaIJnp4ekLGlGZeWv
+xSoCu5bCxALqGOzZplcl/v/290M8sN8vDB1OR78YM+dbxej64BzaGaOGDinIJeH Wa5lKqMyvIM511VRL5UvuoAA2T99A0BiC0qWjuXpAjXHRDUMKfR1vSJMcxim228V
o9hjjifOUcwrKuVRifpTdct+rPpKXkXbI/IyFMEeVLx1JZTLi2i7BcChty+JSUUV d6MfqcxJjEFsH1SLDA02jSafk2jAApBZe6Dwx42bw1/w3MOGJv+rPAI7tVyRBqD4
Lb8RHEyRZcx/O3iO+kVqfGUjaEw3S52A69A00/tvFDzE+Yxe/1M6RZrG7VanhtwC LqD4sgT7R1N4z1CPuxWdRTCmsSN8rqK11pzawJyOwElyimrqjP1GLFGuoG/s+VIH
WU3XzKhg2Skm8KNTcG/c7cRw7tzZVwHpXHh16at+9GoIsXA9tiT5keFKJvNWWdV1 gsRZGGeL1X9OeyfgFeFb8EAiQ8VCrCr5yzQNL8l+E7CJYCbqFH1HK3+aGqYhg2G1
U7EswrW557JnqSa0V9WwhWastP3LaAGDsMuseIRDCg65CUMEVC239q6eXX6YBE8O kYEgcMGS2JVQTioPlohPB9ZVLPmcaCAzsPeZ1qAgkc4FAMHNh6Oad8/ELCtlp8Mf
FnlxN+WluVNp5Q2MAX3nTt0Z4B5R7E2qP5jBL1L6sqzChyIBM7BBi6Z9Enz9lqzY +ttz3HVVZVkIHbqjag/LVgAGbi2WMvsb1WmtRCEAxzQwuuxvdQ3SrqiJ9QTP0DUR
gLZTW7s0r2Gx9513voz5BbPyM8S9f+XzURH0LBbrhoIR9yk6QswNYS7RaGJREDL9 hpyIzIP7G61EDnI2HPeq0G4L9LspOf/MUzTtYhnjkxRrsqUDVJ4UhWWVeL/rzEOI
zv0Ird6mvTzRC8G47lbOY2q6TzU+SNVu1RVUdWj8X63SaU3p8F6HPqdItIfPc28C /mfltQ+f2odEYOWLYHomhyd23SnWnq86P28wVgEhXBTNFeo+BkXnoenaJyLmjJi2
NpJDpeMiAoMFt/Zd9ewDUbCV4aPMniYUNQBhVvfX+CFbtSY3Nn8MVD8XN4jC9UB3 7HxOEXM6gcO0Y98wt9NQxaLvJ3DPtCQpJf4vQE2fsOblY4YLM5z/sEQSmNhxjRFr
+sECae1zD+hAG7j7vqvryKksejsX4tLrN8jIL+PhpU4bsTdC5kg3TAVQinf4Umc/ RTO14S6ngOcH5iqdrw0+e9P7HXZahp5c6IuDOgG36DEM6NFxzy7mSDUsKRtStZKk
RcUaaMZItTuy+FG48sewznCd1E/6eBQxXRKfoHCnsBSgimiwqX2wvd+qvpgEzr7v TQXe1W9LeUo4Vn/oHiR4cijQJ65j4k90FTgfBMKL58z0H82fZUcXZIHJnkMhvjmQ
UTJgy+OMeTcbmnRz+UYIzUQrYYGGtg/vFYiKBM15xTu0qlGGWqC++l5V/Af11lp6 m8LZLU7n46KC3sAzVJg+Uh374iwqsrNYXqr/IjYyheXLHxbFV76a7RbknTFx376z
4wYXNGSwNkUm1L6vqQJPgCfJs4L+onRRzLrzVkBKQfZVSs7jHUyiS9ivoYTP+I7+ Y84Q7NTD+HoydTWtFd7Wyajy8lfcJIddMi7tQtKvrrSZXGWQEhKTA4TmCgVCYRKs
zhiW0XYkQYf1dcIXwGmVYD78tdv7ip9S0sJTTQj+WdWfdWNP4BP7H3DGKq3rUbts Oo4RynbaFbX7Xb50No8CUtSsD+fVyIlq/fSlhs8cdpxzfQH2K75CdIQ2DAcPTVmh
y+ti5/9I5Z+k84CBpSO6cd6o2ByrHeAnqQ7Ti8GgM2IYvjijO4YFDxKG1EJAvQVJ o6MIBVAmDy8y1DAw8zJUPH5p8mSOvbvRX0y5Bs5dRM7PT9A+Nf67f+RF5xfJNSi4
MXKiOVIh54rT/7v75k4Dc+uysC3r/7o1BQESxOC9H6J7dHGlrPOAJh36rhb59SlU Gwj6cU1hBN4Uxi8Yre/ze8DgaTb+5b5vt8pTiNpSvgqa0iY1o4TQjQVA+wZ9FZpF
J5ea5IZrsBkqLS+3xMy7hlVcVfhuKu84zwD70RftXUqoC4i7NCmmgGZElrQ14sOf ha48nC9hmpOIEAH3elODip2kuAXx1J8tUCJ6xvWHBfxhYjZZoZfkW5ANh7YRNDmV
BkiiIqTgHEAr3A8bYFp/QVdx4UVQAwPsTkN0+Gslhj6WJpr+LHME8tesFg2pY4tt cKjdpWyLak62aERncU35lxpg/OHM7fTlChFBl0PBPIownbpWSzuzPFKslu4Maf9h
YVMRWe52oVSH0FKmhz6CR6DheUSiPbB9GZ7aYpodNZlUgGB2iyl6qlBHZvH0scFQ PLO3jTcKPlw5Yp7JL4ChSqCLcF9KK7ava11UHj4oNgnphejl8ncFAWHvrB3CykN9
tupRY3EtfZGe26Rh2btS+xrSwph9n2/2apD3jlPCdJkj1yUA3iVybjD0Ks5NCsTB xD3IPjQmpH1woMkNspkFHklfq6jiFcuVBPPJ1AFawpKMwrf46MHOFQr85BE5JlXo
7hO+V5xbMChDb9PXHx8i9981YLInLjfkGgDA5V4HfwTeZNSMHYpKLQYaFRFyn0ud ez/pM19tItZyOsm6XUlITumIX0El1kiVr5WQaC4eC8FEd8KDJfD+sOq7RGaRoIQZ
ecgQCVHXnC0amgU+bQfreBpMB+PI8ouxR/W4jIrovx2iArGVhvcLdl66IvOO/GF/ D8vGB5QrdLbB2aNnKxwyTbK+P7p+F3Qy0BVidoGk1J16sEep2Sko7OoVdJCFd4bm
Bwa6nJ2VoAfmbH4DF0Q5U6KjJklTCE6oGp0K14ONKy5Kw6nVAmvIcONsYHLDVAY9 dUwBlvwXc006z821QkfmdLWpuIEIiqB19bEtxyEXyVnt0QG1OhrzJqjY0Q8cFhMs
ba+0Tjoi+cZAuKLmK4dXK3U2fMOb+tPqqomwaEkQVba9F8lUYdX7wywVTwcqDS/X exyW0aak/pOSPd7f81azE/UmX5U7b8slLwA54N7tqqjoMCLXyQqqaGNdgfU6S5Hd
hl9CWPW3LKlW0LfMEfqWTwj87SCoT5wF/thc0nm6GTAKwEmP94AbUFtb8kqUxADq DcIGHA7KT1tlr64HlzhQOA/iqCrv3/mOdJtx5voztQSqlZqlVs86ZhvW6BigqxyL
yqvuLKo9tdab+ehAz5V2QZa7ObwuvmWmWGMU6g9i4zEXL4DTVrJJK9buA0SviZc9 oqI52yFPMmkloR+QkPrwCl7EiSQSLRjv06KgdYDRjBqr2mgIOuZy0Urz0LDSSJv7
v+OIc+fEiF3KBH8vqbfHkYdACn8ElbAYPmDIVbdNGN4+sNmSpCWT+vet9xcTUcU6 hdV+TYLwYxb4h/q6sxtQHu5vyzBshNBoF84PK7/xMMw3hASQLEpVZJCv0k/0pFuB
17g88jgc4vEEaWO1AA8G1khzRJNNzrbFZusDSGPE0CRPjOEo3zu9/nfAN+yXKuBh adCXSux6Op8nSYcMfyN8b1vIAPFP4b/s6uE+R9beTss6tWzZrk4rx77qjBOdApIA
zgAXM3VJmCbcVd95NaaYaw/D9/mm+buZf39tMVlPdUY36pbwgQtT95hfoyw0SAIM PdbtndybZvktflfSq7ftwgiKERN8qT/FRQZVU9Z58MnVCTb3ep3MxTEoiVE47/sg
fo4GyIEpd4KgQZdXycC0JJd3T4WPV7SCla6ErduMwJ7qBa7MG9x8HfX0kPNGIGiu V5WZsly6Pm87XFCZxGCfZvyePGPU6iEPcbiO7zfhQk+tH/D7ccd4xD3kSVF5S+qX
V2UWih9UxvY7wNLfqnX2CV+XLW+iwaeJo3zYzKIAcuFEz55FEl++mELC04gwmAkd V9DC5/eiKXDaWVOf+KyhJVuoNztErEvDfuPIqBr8gL85kpcqi4fvPrP4xziKK0HJ
Eexou8/Vig1Cv8y/S++bS2YwYm9qZFRHk13zMS2QdcUBkqaAGF+/dfBka4lDlHVi X7hoc5psA27JO0FbvPPPwNCWBcQmjZswIqt/s4JwiKGApZEtv1zaL8qHieiLS5lF
jqIAI5d5tXPq512OV3bJtqP5QNb1GvMwO1HrXLgN+OocomZfUKY+XejI2mrgF2rR CJGyeQvjdSm99fRGF+dOrypeMGoTPkBL5KjTF6ezt/H3b+BN2A760Otphv8YHsa/
QhPYDiUfog/tjpsoZZLSjPfscqUkg3gCqbw7CXOgyU+Qi3o7u/p1cXeBdGDYbqfE GhYwxmbjLnwCNL8bKrLzR211n8XPZcHcZTOKwvuT3/jImgTW47T8tBjP+uzsp6PX
V8dG5owCq+LliK8PP/mi3M9hxvC8NizWmuI0MsRRZkcGB3R7E5MomZxKilhfZgSI a+I5HTxkw8hhLIN7sqfkzp+zupKlHjHG8AayROTkW8yFNViDZfxWI7shsjOHJApf
JRsPDYZmxwvtPdVo8kQPpVvbmJsLhp6AE4qoN9pGam8jEpFKD5ju1KoGGeN4Yrrv 6Nkaauz0bUXYuxGdobMWaY/50ggA5CKS+SEXRXyrmLL0l7NAEWBCqIODK26zZPQk
3171UGMD8VdJJ/aNWucKViU3jYCNlcL/yOMy40M/KDT4pJt6ipol0O6ZXRDcLnXB TABDscOSDevdMXiAKcfUcIJCwZpjUQ42x9yJ0Byd5ood2+489nfz+GJC2yO9ZgZe
X5wuv/nV6tc/Qa8kW8L0dqcHyD94/Hyt2dtkepQVS3YBOdimvz1htXtlbR8XM07K SWP1uUUs8maUPglQA8IVik6Jh7hijmoKu6ZMxM0Vg64bkiAMpNxFcZnYQSrlW4nY
iYlF66cIm8dhfV93DhJcyInJhMRNCjSrTZ3saDQZGeJPzOa2kI556YAazjlNgAQ/ 6LsHstDs2z6+8oz/1ff68Ig1i8i1EzTXLRF5rKofQNMtBruuxD5O7tpeXDHj2EmA
+/fL/mDldK+p9euwIevg3xeOl10jqdpTqe9D0PjtjjnVWEW9y+0zv4tFESMh8g5t mxkU5ubRf6Ab0QbAJ/FMB32VXpZnJHt8dIQZJ2HN3dq1H5I8PDwlD/kFuLE6xyYY
q9W9RJ5oN/C1vEFS69BFkSNP8gGiMngv3uxEXDmDNJQUCfwoStlItxIxcV+DjoS7 PMC3an5+q5VrrLzqaZ5w5uZAupJ+1dHmT2TxuySkUJuwfOHL20d2JVOHmtpJmuZ1
EDI3qU0h4Cdf53o2dfpc4+yjbvNSsassRr85dH5GmuMoYQa95y07YhiZFSOVRasS SEUU4EOIwDzS/NlqAVWElN4r5MPWotZ52pzvd2MiTMwrtNDE9wZd+WDOX9evTr6Y
bpcNbTtrqYgLtl2WyyvWnmKS4+IZPeIePdnOtu33nh8OouE0srONNDQM2I8BWE/Z pYOS7XW+NYEz/jABEWJb+Vw9gOL0DOkhwBjYdnUnD5io7LkQsRfvkCun1vHIWv7f
PFRXHPtlIDrPqciGG13snBoGfzCbGI2IYrBONgaETvBlBa7AV/in8I2oPClWTmNr Mn7MdSgnmTu7+advjf0sv+SdHYOMPdCML/QbNQU7d1DP6gv8/WeDoGFvInNRidBg
LxzJzI7l6iRHKxT9SmLNAZ2kUnolE0B08+DWWyn6+bVmrBv16XbaZmo0JnTJbCSk Ftwm8CHrzXPIEP2/3GPxWh8SSlFyafBKwtpUWZV3pbO1+9UhlDBGX/ysIKFD1/Xd
IIJGz+yGlXHaIPLdIn3/ouOKdwDtBRwCGdE6DgcH0TCGJO0A73vsXIym45HxZ74n iSt6B6ZZAResO7sxeSED/7ytHfEb9kAw16Z4d1XIyZ9y8QNRATI8IC2T9PHt2qVb
Mv1mdrdyuIZr78JM5EOlD1czqspcCM73XZnRgT1DAfJtDj1HT2z6jsrlepJHAzxo DDNR7JU+UH+XsPUvqolv0vDCkk6KfrRKiugEfgKZHPCOYQsVwhO+Nych47I7DxJe
pBrJikkl51IkDlJp0IztwRa2a3Nscdr1KKd/FUKQEoj74ga3Lw8cSmOeYU9o3KQe AHJUdjh03KjBHalhbT2EZexcDPCMbiQOdQsVKyGSMFTbupZ4jGN2qMul/2nfB5Ed
DzE02rVFbdFvgamhqYmdRiyKrRXLUmI0IpOs+ftAXPWm2MDr0YMlFTIHppaVT6oB /lEK3At02aFzSl2eIEeExS/kyL8yJB9g3MAae5hcH67tvQlYIpZvRtKHbaF5nOr6
ICc15ZDoUoDdLBBwFztNm2H8UcnplrXLIZQEHOYnS55s72RPMlWcIdIVdZt/+Od1 CxznmHv2Iuui39a/FE+tpzeutxSg8gSmu7RuyYtILhNRJgKhYfBQFqJKJZzLSbgP
BDgtMBimGJ7PmN4Qhs26ZxQkAaZBuvceWkiL9ZziIDQGbzJ5cwGMaUGGzF9nhrBd MZBPEEymba113dmAjow3trFz33Uy8nw1/bQvWLMMX9qoJM2FK/CFwTvNeW4+ixWB
3bq0friQkI7KcDKwVnyh7sWBgWJfM3+tdRMPCaWDgJ68V8wpd+qvVSQFxozpV59W IHovEIv2Z+0eSS0JcBXAfWaDTha0593PiJ0aMWPwHfa0smahNmBqQ/XYnKGSOtsd
SePv7MwQddmvAVot+XtldairyZ29lQtcGPxIPQzyqoke/f78R0UKqG9ugI0cB0By /ijY0m0YoNyjwS36gRnl9BMJ8BXKraxlQiRjLM2zcuAXhl/wieahb8Nl2oPgooNc
UR2TcAlpcxwOpEApQBboziLpragIqhd5NtEj2RVD8e1dtOY4CD/jxiVQKqJTTrun Yn1rgcc3V3UaOjW6qjypkNJOaY9zQ1TNPf//DvlVi3Ut5niLMmroucYho9Cs81z3
nWBBVWMZOB6pMwoqDJAqjjRPOuaTHBMgI93vjllKfYIDcx0jZn2D21ey8J/LQJjn IpKi/dvP7nEtfxuyQwTNHhJnDELPBuAQ3BBEptVYZufT6dtCIGeLZoLALShvEgrW
rHL/XxJubai4EyhkxTmrafs4VZlZtoc2py99Za1zX90fu1dBXTQ3NdC2qmZ73Syk TI7HtACgdBI5+52yCJLhFg/GkgO8BtztAW3XJyfxOj7RH64ijCKpNzW+aBSMdPCx
SiNy7kOF8aCBcVmSbfcHfCZeKusCGe/KUeGbEUHqHxog8x0PJX0Zp9cMyc8WlhiK bPvLjzQzVqTuCpr1VF+uY28NLfFxDcKFoVIVH746nt7flS4UUUP2h/6ISIe/NWSf
Ky6x8BMTh6/GKHoi4ygDM+wcT06oh5pg8U+gJeDBO+m/TVQkDm9jWcPFqiTm6plb IiAL5Pd3zpdCzT2wOhrztHYzFgVM0m8LSATm7Lfvay9j8G92qnzD2kge0J1uApgw
48KuuU1jexO9/WXIGjYP5rlrViBRIQ1kBCSs/ZGgT+xHyL/U/8YzNtZo48pLtfKx SMJCy6wQ1EubvxtywxML4JZzkDZMwtfTmujaGLNZmlJ9wOW8ZR1et6Oy39326n34
eKN725KJxEziRXGjKRjDUitJtc0KCYeXWWkgls2hQNkg3vFt+moLgV6UVnZwg+Tp Fv+Jx1ZaLC0Wy6Ap/0lYDeQ4ebCqhRJBLi2e54AeNfFntNmFtxvkL6/ZLvEi3fHC
Kkk5AlXFBLDQUQHIZKBYI6mmzJntMMhtLtE7qR0S31wOLQxgR/KvClwJ41MfqXxS iijh24iHVLQNKjACp+Ez8/rjWaqA1MEBXhAJsHt7pTKTL5KtfNOujP6Jd2REI5jD
ShSjgu3ZmAun4TIc5Er8xHtL2fw46cy8NMAAkMZgGRA5Lc0jcbgMWdqz868Uoumn UTmbwOzdEap3xT8pVBLWrJr9D4Me4vu+htyqxdNYtS7M7LP3AaWN+XNbtVszES80
CABiaM/cw/fLIc9/MVDFrBM+m7GrJJJe+8+GaY9tV+psxo0SVGNI2kqoXVI0yrTJ u1gFNKCytavWx3lVTfuMCwT98e3qxhE5WLENxSsHYWUSoYCF0IureNIbmLeYxrCE
WhVik6d6oJaGviNjcZaw4C5kuZ5bKHUCiMLv05uAtQOOyPiddgfZXymBoKCjndge gKJ/vYEI5EGYWBXAYRs96Klx3zfmMCgBv7Fi+U+Z6zlh2nhJo4AF9G+DiifeRVTK
MNRBo4MxXU9cYHzi0umhauiw9I3UG4HAKH75L+1DFf1wbbgu165dCSIo2wVTIgOt syESFZSFYDrrfIQR4M1Hig/yGxZIBSd73Q779Q5x1T3/u5pYwP2Sb0I/45csIWvS
zr3Y03kTJJidclkYzP7o2d80EMGftQQ4uGyEtowWJbEn0yWhss35Vs3Fyy10mwGM zK1cdjVDwEOGnjlHP3E4z6Dvp58Er8zHkWPhH5bvEzyP5ga14huQ8UgrrVm66/N9
pncS4Tc1dVGyddkDXyAZ1JvfFzsXnoX+38R5lI25aYHAbfij582/hv48FU1I3XoB Ob/Rh3iwS4fk4dSQkqBxZ+W8QifsXkWVOjIhjbDjtmj1r/1azJJSvMkXf25ocTjT
WXR/gIKr/hQ2cFLwHsiJlGRw6smfBGOzk/x4JhG7sCR2E0QmM9CYzmyhZAKXORaX 3x1o1oRlCHuXa2yPYOHe8uzx6ikrBHmaIWtNORvUIXA5Bqfk6xsDwfswFtSgNUxp
Ur75d8x99mIJdEO4uu4avHvaRouG6D9tPJWYIRioVDTPD1AU6qirN32hOupGwcz7 pUVgQawrq5bwFOD6C9Ee756QXp9DGmW4PWi76u5qcnKYeG7JHUd+JLRjcxVvxh0g
t8q70Jbv/tDpcLmLNX5VxsQzUfjpsGGvuz/Eq77raPG/TByissRMTjUuFv4BxS0x mayCxEsRoCZiePnRjSUWTUiFd7SQ3C2/3hRpC7aeH4rEZJ00W9cFBgRzHsZhgjkK
wh//p9l2sJA4FWCA+Sr5YLFublQqRF1C3Vv0h2YEEz+sFA44u4VMmcCrwGBoJob1 IWEt5kgpX4C7HAhEHmk8NztZRoMXMLCEK/yAj6btTt7aRgPtjkISQ3ZDU66C4MUr
4we46RXwzH3K7gRV/1tv2QB9pK4G8KxsbHXNV5RwVJ6xXI6JRvIJru3/w4nRPnrA uj2B1Z1HBLVFZsk79z/yzHQarFYooGJUEsOmJ6VDjGj1Oh3kHR72BDLspScxUQe4
lRXXfx7senJDd2tXmXvYkA== oOAsZzzqd5R1io5ABgZD5A==
C.3.2.1. S/MIME Signed and Encrypted Over a Simple Message, Header C.3.2.1. S/MIME Signed-and-Encrypted over a Simple Message, Header
Protection With hcp_baseline (+ Legacy Display), Decrypted Protection with hcp_baseline (+ Legacy Display), Decrypted
The S/MIME enveloped-data layer unwraps to this signed-data part: The S/MIME enveloped-data layer unwraps to this signed-data part:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
MIIOFwYJKoZIhvcNAQcCoIIOCDCCDgQCAQExDTALBglghkgBZQMEAgEwggRABgkq MIIOGwYJKoZIhvcNAQcCoIIODDCCDggCAQExDTALBglghkgBZQMEAgEwggREBgkq
hkiG9w0BBwGgggQxBIIELU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z hkiG9w0BBwGgggQ1BIIEMU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw
LWJhc2VsaW5lLWxlZ2FjeQ0KTWVzc2FnZS1JRDogPHNtaW1lLXNpZ25lZC1lbmMt LWJhc2VsaW5lLWxlZ2FjeQ0KTWVzc2FnZS1JRDogPHNtaW1lLXNpZ25lZC1lbmMt
aHAtYmFzZWxpbmUtbGVnYWN5QGV4YW1wbGU+DQpGcm9tOiBBbGljZSA8YWxpY2VA aHAtYmFzZWxpbmUtbGVnYWN5QGV4YW1wbGU+DQpGcm9tOiBBbGljZSA8YWxpY2VA
c21pbWUuZXhhbXBsZT4NClRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxlPg0KRGF0 c21pbWUuZXhhbXBsZT4NClRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxlPg0KRGF0
ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDoxMDowMiAtMDUwMA0KVXNlci1BZ2VudDog ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDoxMDowMiAtMDUwMA0KVXNlci1BZ2VudDog
U2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0KSFAtT3V0ZXI6IFN1YmplY3Q6IFsuLi5d U2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0KSFAtT3V0ZXI6IFN1YmplY3Q6IFsuLi5d
DQpIUC1PdXRlcjoNCiBNZXNzYWdlLUlEOiA8c21pbWUtc2lnbmVkLWVuYy1ocC1i DQpIUC1PdXRlcjoNCiBNZXNzYWdlLUlEOiA8c21pbWUtc2lnbmVkLWVuYy1ocC1i
YXNlbGluZS1sZWdhY3lAZXhhbXBsZT4NCkhQLU91dGVyOiBGcm9tOiBBbGljZSA8 YXNlbGluZS1sZWdhY3lAZXhhbXBsZT4NCkhQLU91dGVyOiBGcm9tOiBBbGljZSA8
YWxpY2VAc21pbWUuZXhhbXBsZT4NCkhQLU91dGVyOiBUbzogQm9iIDxib2JAc21p YWxpY2VAc21pbWUuZXhhbXBsZT4NCkhQLU91dGVyOiBUbzogQm9iIDxib2JAc21p
bWUuZXhhbXBsZT4NCkhQLU91dGVyOiBEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEw bWUuZXhhbXBsZT4NCkhQLU91dGVyOiBEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEw
OjEwOjAyIC0wNTAwDQpIUC1PdXRlcjogVXNlci1BZ2VudDogU2FtcGxlIE1VQSBW OjEwOjAyIC0wNTAwDQpIUC1PdXRlcjogVXNlci1BZ2VudDogU2FtcGxlIE1VQSBW
ZXJzaW9uIDEuMA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PSJ1 ZXJzaW9uIDEuMA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PSJ1
dGYtOCI7DQogaHAtbGVnYWN5LWRpc3BsYXk9IjEiOyBocD0iY2lwaGVyIg0KDQpT dGYtOCI7DQogaHAtbGVnYWN5LWRpc3BsYXk9IjEiOyBocD0iY2lwaGVyIg0KDQpT
dWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhwLWJhc2VsaW5lLWxlZ2FjeQ0KDQpU dWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhwLWJhc2VsaW5lLWxlZ2FjeQ0KDQpU
aGlzIGlzIHRoZQ0Kc21pbWUtc2lnbmVkLWVuYy1ocC1iYXNlbGluZS1sZWdhY3kN aGlzIGlzIHRoZQ0Kc21pbWUtc2lnbmVkLWVuYy1ocC1iYXNlbGluZS1sZWdhY3kN
Cm1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtYW5kLWVuY3J5cHRlZCBTL01J Cm1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtYW5kLWVuY3J5cHRlZCBTL01J
TUUgbWVzc2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEgYXJvdW5kIHNp TUUgbWVzc2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEgYXJvdW5kIHNp
Z25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhIHRleHQvcGxhaW4NCm1lc3NhZ2Uu Z25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhIHRleHQvcGxhaW4NCm1lc3NhZ2Uu
IEl0IHVzZXMgdGhlIEhlYWRlciBQcm90ZWN0aW9uIHNjaGVtZSBmcm9tIHRoZSBk IEl0IHVzZXMgdGhlIEhlYWRlciBQcm90ZWN0aW9uIHNjaGVtZSBmcm9tIFJGQyA5
cmFmdA0Kd2l0aCB0aGUgaGNwX2Jhc2VsaW5lIEhlYWRlciBDb25maWRlbnRpYWxp Nzg4IHdpdGgNCnRoZSBgaGNwX2Jhc2VsaW5lYCBIZWFkZXIgQ29uZmlkZW50aWFs
dHkgUG9saWN5IHdpdGggYQ0KIkxlZ2FjeSBEaXNwbGF5IiBwYXJ0Lg0KDQotLSAN aXR5IFBvbGljeSB3aXRoIGEgIkxlZ2FjeQ0KRGlzcGxheSIgZWxlbWVudC4NCg0K
CkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQqgggemMIIDzzCCAregAwIBAgIT LS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhhbXBsZQ0KoIIHpjCCA88wggK3oAMC
Dy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJ AQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UE
RVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJT ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1Q
QSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUy UyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgP
MDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx MjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBT
FzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A IFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQAD
MIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cx ggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpM
Qq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeu LcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLYYy3iOx7Y
Xq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7T OqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF
HNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3We 5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEH
ag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukg AMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z
n+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQC 5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAMBgNVHRMB
MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNt Af8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGlj
aW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUg ZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQE
MB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58 AwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0jBBgwFoAU
BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAyl kTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJeKCcsTKc
OvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeu FqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN
OA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9o 1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc9gMGHjMT
pwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4 g1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94M5274XYx
oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPf W2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCqh64P1hIe
qmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY Morj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOURza1SkCv
1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcN i9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqG
AQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNV SIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEw
BAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcN LwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
MTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYx MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJ
ETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIw RVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2Uw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2af0+StijS
+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7O NOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwORjrc9BaX
xsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTt 4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z34rTiz4D
dg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZ xMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4xrIJC3Cz
DQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj WruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3vzfog891
0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEA 9MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3SeOWwks7
AaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAe AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
BgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUF MAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggr
BwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm BgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQ
ZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQEN ENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3
BQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTn DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sYonX2doiz
euK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qN cGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4
uz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqDIdqGJdGf
9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh5 8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+
2MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4 Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI
DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoT 364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0wCwYD
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg VQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExB
UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnX TVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kpolw69Phq
MAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI zpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG
hvcNAQkFMQ8XDTIxMDIyMDE1MTAwMlowLwYJKoZIhvcNAQkEMSIEIBmb56ZODWgP CSqGSIb3DQEJBTEPFw0yMTAyMjAxNTEwMDJaMC8GCSqGSIb3DQEJBDEiBCBARlG4
A1SVa8da67RsNicfHZ2zJVUWYLTKrF07MA0GCSqGSIb3DQEBAQUABIIBAAou3+Ck 9zozFh95Jb3qN55AtQaDyR811KUu+Kt9v5+b9zANBgkqhkiG9w0BAQEFAASCAQAv
FB6wTfWUVq1ABIBF3AFS+wBR2+mDSQKXxlVCnt/cfY07qKDX2YsVkj1uXq3I1Ptw syHys6sl5UEThDVuQ8xBKoZOktYzIMuwy9TPtVJ0rX1vG4iXMBE+px8wWoyqlypv
6RHEtqtbY3iwAqB5pzgfcw7qZHDpRMMEwobNLzHBdSZwW+ljkQ3LvDAZao5c+Cmt KkM+bN307AfxMENsBsWfm9vEzPAC3WjgXl/6T5vhgxWb+Cb0Zn+uaYGkxa43vsS6
gSUCdnQ9Kvzdkl+xgtJQnjGGGNBiiWDb7NkZhlHYesV7QKNHTP+qP+awE1ZMrOP3 fUonAiKB2QTuG4LgHxD1lxsKOYvUx8DcNcS/I4y9Xw+rm74LTjyrGISWmq7qec+s
qBgIS1UH9nSNSmOfyTprD8MWoUKPkzFI1YUyPByE/QKjdV245YvYuZjz0cqn4VvV duAWjkLU5025Opkh86yjSI0L89x0XEqcKeKoxp4O7lxt3LZ6rHC3pr2zHhgGo3uc
2Y6t9DI4EmJJhay+P4EJwiggTjH9mJeeXIHyKpyELVSC5KCaIghQpTHV/pIH+fNs xI/5nTWN98HT9N8w/jNkZSskHXbnCxNgLz/CFHXA41Qq0Wd7wrk9vdHammCjdc2U
WxxyPU2C+RwECSI= 4RtIRPzk8ehj5ko6LULT
C.3.2.2. S/MIME Signed and Encrypted Over a Simple Message, Header C.3.2.2. S/MIME Signed-and-Encrypted over a Simple Message, Header
Protection With hcp_baseline (+ Legacy Display), Decrypted and Protection with hcp_baseline (+ Legacy Display), Decrypted and
Unwrapped Unwrapped
The inner signed-data layer unwraps to: The inner signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
Subject: smime-signed-enc-hp-baseline-legacy Subject: smime-signed-enc-hp-baseline-legacy
Message-ID: <smime-signed-enc-hp-baseline-legacy@example> Message-ID: <smime-signed-enc-hp-baseline-legacy@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
skipping to change at page 135, line 37 skipping to change at line 6242
hp-legacy-display="1"; hp="cipher" hp-legacy-display="1"; hp="cipher"
Subject: smime-signed-enc-hp-baseline-legacy Subject: smime-signed-enc-hp-baseline-legacy
This is the This is the
smime-signed-enc-hp-baseline-legacy smime-signed-enc-hp-baseline-legacy
message. message.
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft message. It uses the Header Protection scheme from RFC 9788 with
with the hcp_baseline Header Confidentiality Policy with a the `hcp_baseline` Header Confidentiality Policy with a "Legacy
"Legacy Display" part. Display" element.
-- --
Alice Alice
alice@smime.example alice@smime.example
C.3.3. S/MIME Signed and Encrypted Over a Simple Message, Header C.3.3. S/MIME Signed-and-Encrypted over a Simple Message, Header
Protection With hcp_shy Protection with hcp_shy
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft with message. It uses the Header Protection scheme from RFC 9788 with the
the hcp_shy Header Confidentiality Policy. hcp_shy Header Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 7760 bytes └─╴application/pkcs7-mime [smime.p7m] 7760 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 4732 bytes └─╴application/pkcs7-mime [smime.p7m] 4732 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└─╴text/plain 319 bytes └─╴text/plain 320 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <smime-signed-enc-hp-shy@example> Message-ID: <smime-signed-enc-hp-shy@example>
From: alice@smime.example From: alice@smime.example
To: bob@smime.example To: bob@smime.example
Date: Sat, 20 Feb 2021 15:12:02 +0000 Date: Sat, 20 Feb 2021 15:12:02 +0000
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
MIIWXAYJKoZIhvcNAQcDoIIWTTCCFkkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIWXAYJKoZIhvcNAQcDoIIWTTCCFkkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACnWkzPI3J1YHJzg+y81VoDKI7z5vg2c74uE Boq0MA0GCSqGSIb3DQEBAQUABIIBAC7eDC6qLlW6dni6TljfOJWAP5P9RzVjPRjs
gBsxorvh95LsdB/zaB4nLdCgQhV+XW5s1srqRKOioiQYbQi9txvMOzBb8ddZeIqw gJJeEWxC4ddrf6UUR/HNSIEz0R+QFrbuzM45aZZdGpq8WEyRdhfho9R6hHdaDhbL
1CGTLr7OXx5STs4flwJTYFBXOSrbAOYPGrWpHT1M+yIzDO3oAWJRy0Q3eRJW9O0Y FWpH5K5KNWVaUbmZkzvhbXAS6/ac9p9prd+0D7lPZySQv7sL43jFS72bx1jTF7O4
bC5+YSAjTdzdhMnn0483TQNyAun3CV1dTvQPEgrZUZi5/932YEN+sEA06SEPa8Dc Zfd+IoGg5mjroPVQBpP3K6oG/lOQydggNimBy5ISWRYtsHizfrFawjO7V6I8f7sa
q8aH0843aTttnoRZGm+MGWOw3LWD/82EwRhucvLPhvusoKGIqGuEnvd0ETfTe3LV eOf6jFB9t1SVbjNzuGSZ8R9hg3nVHjNsQ2x9YTHDzaJoMlvGwDFPOouo2MHEirAK
CwoVEYotg57+Q1IW5dvio6fmXuvBARHVPOEf9K1Jp4yKgJ0Cko0wggGEAgEAMGww It62HCddq0tB6fGTUoxztrqPoNNTiZIN1Zb4eXp0JtpnXKMC5nQwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAIYzFIRtcEwk97gg4gObZn6Ui HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAWMK/5bj6qVYBipvgvm/QXOqT
HpU7Sa/VV4edmxdBjOdBx1BJzDOhwM1kUXSqPgOZvRz9ehSGujeemC9uYfXhXo1J 7iH7R7z8RC0jlU/k/G2Vgcl+9Lk83z46Las0vnk7xgUJCwbFhw+hgd/rBZOuDJPt
AWf6ZW2i84zmQXkc23JlUwWajzraVfq6lJ17gy+iv//EtUvka/p874YRKnW6rDSl Zhrx0G2rI0UaR8dH2YjitHPi12yNGWgxddaGAFD07GU5Sbi2Q/R1jDoVXuYRGIZW
PZzdYxcGKh81dDmwRWcvvNQbyMT21EgvjWxm5/Ca77aSseERt2LjnonrKRvSfwsa EGoatToIrQLmfKMoF0d2EbSOI6ic+jHNUD0NSzstRdsoqIDKM0PWcb7ap+uNsi2h
j6NZDC95Pd9GplsvgZD1GfNmPtymQaK1VhRy53D3+Ne1xHr97C77XYdJQefaZH/h eJemWXQ5xwQuMCDNxicYwCzV9TjfaiXZV2EaJjtgSB0YbTxSu3AlpYRIx+Ao1+58
qIB2PKhjo3hLpP4dCvBDLI2TwC2wIphQ5azqH3Lcv/imBYuVqZM5UTJlpK58pTCC TlK0bdv8EUqxb3ehR7B/yl5GoM7PtF1MbKF5m08JQCLUVULY41BLMEs6JTijijCC
Ey4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEF5qWn/RJwrmJiPW9ewiei2AghMA Ey4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEFcKhjcQbc7Lfa9Sm6HsEHOAghMA
LYAJ/u8gGEAJbfFuXOTnN0ztW+UHE3nWkbWmNf2rYdRCTrt6/DnH43242t/LkEbh Xv//vkE9RSpsfziFKfS2N/SASzpEdcNE1ByKrDHpehYSwXT3s/V+JqxyfxW0dBgR
2fk2eOyffUFnrHglZsRWqfn4UT6dqMFfmNDzgCIx4ZlqMUbkBRvn66S2/L/Sr1iM hrdQ/dw74DBv/Yk/q5auISAwC3ChtX0sgA5p2oMNOcDw1z+ZtniVHSYoDRRq5fnj
wGZBfEAKhFo80ldzkl/aCaQUYVQfZkoI1clDg5ZxUGTVV55kirvTs0+PPir2ZVCT lYLZ8yNrziZW2XF6gVLnsCE7mIjuCzliUXpSr3PSlVLTXRgqeXvrzEijprArIh8P
aUhvZIZPsW0fJAqGjDxq29ByDe2hSxYftpiqequ+PHQuRLII7TEdUnZs8rOprsWj SyoZ4Kd8js+N85yl1Lrh+EERevf184tTeRTjVdP4c6G2b5yPIwPqABM7B4EP5DLR
gn/BkPUiYKAuwIE/QCgd1gBW+TPZRYO8TMeZHaFYx9F0MqDpOLjpgH5msFj973KK AWaqEXr4g7xWkiuZLYjJVdTfh0I6oiKVKVoP7X8hMiOE0M4Sx9UG6FGUz7mvuraR
cds0rJVZ2c3Ei/2VuxUvN0nEcRsd6Nfk+lny29hXuLCENLH5j+LlO12n59H81F5B az3wcYWNKhf80XoLZM64on9t2700RT16NOPMi7Ik8nM/Soo9lPm7RxHGN0bzNba3
z0+29a1wRTJNt7ibVzrM/Bj9SDSPFzWrtaZ98UjnAmhTx/4X4O9XS7gEZBdbveYy eVgBV6iDn5bZgMxwocdY/A2b/kM0WReApCXNhcKJo3O1qORrCaTIfKAMDX6lyUI5
+c6Zp/3cUcWFHp64gN9Fyug+cTV6U04Y8X+DzxbFEeOjKfx5nzCy0m2c045cchGx bpE+3Bj+S7WYEblQvXs3iAcDqEtA6zLy/A8eCJdgy86i8QS2PKRb81+3496ogtRQ
54vtFwihMrS29C3SXfZTRFHBT/zTG4PXkqKgw+ZbQYG8917ej2UqNf5+EDdK17cY a3cNoxBQ1nzxSOjnzgvIPi9wTSysSVbtSAZJxeGoDUk3T/pyTki9ODL4GsINGTew
r5HGlz709hDJ8lMfDzfzW0PZ/60aE+OyvfZITLOZto3fUHM82+kZt09p9Gd81fVu WDUuEHNulCYyj7RN6cDU/IV3ucww4WWvxos/npcQar994ycE+qCob3FEd5GUmQ5t
o4mrRTw5CAFbeqv0OpIKeHc4Buq0CnOQyAIJ9W2AEzhr13DuEHHBBB0hk1q+UOlh ESNOrYoHkKhqlc/eNJs4HmICbJnqk3YbXYsa3y0QHYrCAMvtXW4zuwng6nh9tM5f
AfHC00arooIC5q7wc8sBLJju35AO9msXje6mYGNewzZkVZWLYYHlwURtYbEkonJh YseP0Az9tik1y9PWdRUfp1pZBPwYIN+RnDRsj3JGIjPy5Eu+vPyELGzSSm4iMD9f
nct0ZA37gL9Emwi/byUScChMlx6IhPrWdRCAuiTWaJfmYR+Enq67wGrGPkU2U3eH 7LUwuSQAchF2ffKJZNiTmT/HKXB8MIRnowdBfhLIyNy+hv8JX7B78ixpsvsjTsFD
5XOLto815AtoouXP2C9nAvdGfwyHA8GvD28Ch8oDdof/xa4rZZGdLAsBxiUd7OJs DsqCOIV01Zf+/M/h7+RmV4tozT52KvU8jr1jOIo1PCBvp7QSj0L9M0u/M+2gXd0B
CBBfbSusJqoPvC4yfeR+66GLtvVpFtmVZ+mTir1ZXtckkn5Dn+NakfV2wWvQGTKF 4kB9zNLlByy9zlalHiIEuu1LVZ4zmwx19RtzCB0sgeAquCDBta3Qg1/pMhL9jQRw
/dzk6OQlu/cCqwBt2/Rr3+CNy1SgJLYstMPWJezWK5ATzmtTKZZ9snyibsskWXlW wEQTBgoH5Ibs819g/R6LKy7hHvl4Ea/a+b+LVT8Lz9/dCjY6orXgu/8ePcoiAKmY
QDjZO48lgWaeK3hh+EZ9B1P7tsvgR/E3owHaODrxmTgRGx/CCqlnZr0HPmPBg5h2 MFPXLoSHnH9LF81O4UB/Lejo3M4VUFtZzZFs/bVQK8pmzx9bbOMFoKlM5LsgE+RJ
bSMYFybxr2CPgl0jrlNWvyZq9g8nFeVg3bqCncumOB57j1Rb4jtadlQRAHuvlpbO W/oeLsJfF3iVWnvHMVgDTZ6S7OlhfL6ZJtnziwkq3Ub3MjhlhgiuaS1dzihWXv+m
mGcl/KzYqYUVq7/AcV/39O/09mW7xLzgpD9F7KSpC3KxRutZPG+f5o+AGTT7moxD k/U8mMu7t7033YW999w9R8G2jpxU5Sp2GzEuAzzqfEL7eKnbRQJD93dOrwUmY6RY
hqVtwYnZByekNRU/dcakGieb4ksjyeVC40c39Xf8QTfQWm2u7cEjnfZ83D6kwrdV HzUGJbfm56J8+Uc4GpGmgRqnx96aodf/McUB/NCLD5DVJ3aPvktHrhyB3M2V4jq4
701NCvs3VCyJahysjUnzA4gRXuKzTI+GJungjP5PlO/DR2C3rimfqoEw+A6mpTga RT/xXUvq+FLqK0nR3XwQicLcc1YREa3jbrf5zHJmcITdQTuZmgPXL2UAPzbdzm/e
SuTJQ6IruIlZTxfgAE41lF5RLkyAsMkFOHLuDIfaj6i7u/x1aDAY/9IDlwE+pA6s sRK6o7b3TQIhwgyEWOAVrf91aDuBiOcw9/IaLDUOwy9moQJHb8g5HH1+XVhYwqfJ
IKx6dCyt4XIvTLNDkcQkjLMdl+i4B1O0eLJxanJdm3Ph+k50Xh1zNySbyy0NkmE9 pV0LNGSSxSu7abtgmmD02QC9mTXxh99lcE+z7SJXYjkNevf/SRzIyUIwtxD/Se0M
uBJuE5gjjLCovq1o9rPR5l5YSZv0Rx6E2GuFkcbjCEh4WcOixb5CSDYgZSGZELGi 2LYYArUntyOQmBVzUREV9wkZXCR5cRYS9az+nBjUEmLL0CBcPPl/ar8m/qzoWm9s
7smZ9W9WM1eadb8gCQIp00zdo1A7slnmG02ff03WAAXV1GYzg2c7UdgQdqhuL/eI Jnn1NQOVP7F8EVoUXyPDchk820ZVJ/WcLpGPoPWQlCfKbGwKOftL8DQPFnZssBeQ
Q/eZhGeFFwA2m2e2H2tCIza1Ezmzd/xaeqChfjqxjanEUwBjtEuvi4B8hGGX4+0n cNxihr1y2iDFGib8vt9vr10hR0XP0zMruXz2CukMILTV1je+UPV1uh41YVKJOsS4
J8/7bKkNwibVQYHdEy+7fB716NJHrGTI7dzevIyqOWsZLIPYuIhn1SP/02C+Y8bp tFyWCvQXxfUZtCELQlaPu00FVvpzLqOmzRTd6os/zCGCo8lJ5VXeuQdEo9lPMebu
ChduQbWqUq/EOm+miVEI2z13i/wWR1vT1ripJP9U4tgENzcjyiZBhzAIL2Ionf25 FygtuUJBh4WchNieVjoAafg3+51+IY5Ft5qpHUFBQOWQwskA2Ly4KGVKu9XFrUS0
M17kjHQhxS54DGZJxiff5cxBWHG0vvuu4W9M+3zGPER4yWZML+5VrK5wNejz1PPW rAPLk3CkPYxKA0AJlwdoc5CI3jE3IWWQf2DTFyQQzDE4/omkFCB3j7uIQVRYXD3I
5kt3i2QY5al5UjSL2NIKI81ZNJ9IkNGT38Hb+jSobs3pvkPdnUbl++TjAX1RwYgH lncWsYa+0Ih7r6kLdEWWXBHSAZcMCAwBNK8+7JYtb3tQj0aUaOid6OTO2R0ozwuG
Bgr1XpD+ek8xoImLNcymaJDqApW/Cs/9I1GvVlXIT6BQi3eA0uy7LpaECi2gWMRJ 9OAKLcYfI6z/z8ETf4UNQ2UxgoXGEmR2puKx+3+R1BZiIdk8VHbOZQDcW6qNEHdN
a0R0lNt31UGHRez6rv8G1VthzVLNOXYlRKD8p2/NjN/Giaa1yJPGAu+z87G04j/P 5Aq841xFokdjg0AGt3WmUPXI4at4gxLMDYdqK+KTl+JuBBjqaR2ctC6Lpd3VC9jw
Zg82+8SWYM3A4crGKjk9bBAlm7Hk3qTVu1SeyBA0dcNyuVHlLYInmzkvo+KGhDhl io+WNCfLvvbhw2MtFmsOvGjBDUxnNkyhmNochTMsVv2IkxqJofjaGJ3cjFmU3Qi4
rGuM3SVRQdVay286AqX27HUiyHZ39ebqJwMWY+qBVKSjwBOI6z19JOBrMuyBOdzV ARyuB6tFgtw5pMqw72Hci63gv8pRrmlyEIL6iOXhHvaqc/xzlPPrb5z/o9X3iv3N
TH2ck9dLF6+fQzfLLspnBjbrdc7KwbjuIX2Nj1R9DQLMC6JpnByGeo9ctrVeC3Z7 etY4PhNF3FKaTmeFGPwGd9czdUUvBphb/zph+xzzA8rE1ItCHwNyv7JlX3veIlUj
KE5MbppSG7gcXTMdqohjauu8Ru+PjxPggjtazUymKoEoMJFY0kaww5dqpYuPxtjE dyeKEDqSp1CIx9+HqYhZkCE9XiRfp5UgGJ2uFKgiP3gKHHn1eeLotKASZbaz02fw
YRgYyMfRFYO7qnAU7+mdW2XzvGJAyVO8o4RcHnaiXenlZs+TAfQ0GovOAKyBwrtw M9k5xIom9wHVHnnnPvTzOCI7iswvP7am7moWkMwAzmxEUhVyWTSCvE7Pdnp+XbNA
ob8B35Z/XPp3trlRuGgWaD7TDYSP9Sz3SvPhIpPUbScCFlHw+o5GsF5eoDGE63+g wcMSf4AzEIlXMSuX0C876naz6LBZDdMQAaSRRjDab3YilCrVEMj4BMDmniPJ/r7I
N/ibjajDNHp3Dk1mIfMXAmErP8bqixSKXuPltf4U5L60pqhIsmk6rNdteKdlKBGi IBiNCtOJjSCr0IpTL9ASJqsBf/HbvQo5LVieTwVZUGZrCViT6LbLmT8/tBV3Y8Vw
/Xn3JXT4Qj2PicodzWDJDiaEjn9QKlFQyOXxSCdT8Em5kfptHcclRiNgsaIxOvpw 9Y9LbombG3TXMWEgtylKxYDvJ2zOBx1pspXnsGzB2QKxduinTDb6N3PBWR8Yb1ul
3RRsPNjG78iWQugl0XAK+HQUP2KxyGwWQX0oET7M5PLhPGhkya+hT14nuK3i0azy lcWEyzx16n9g9DqNOpi8cmVrd5f5bBMOD8CnPK4mWKkvpoQ0IXlNIDOQpjDZGgPl
ULFRCtnSFowW+q81qmJYUUfrcZ0QJf0ABVPbnVmLY9kOfG036N2NsPT1Q8alEzVB eYQBlnT0jOqJG1Om4X/qv+1yzTltsYnjWzER/teKsjGXUvMHzNwx6iFdU0KQ/JjV
/CmoRmtnfJnKJUZubbgTvdqaQnH/mBTg8FiA8i4MZAeFBRJcSRLE+hfL54uA8GNf A419ox0SIwS0N2/1ZgAosqw/N3oDuPEgfFYKsoCMFjn/WCX8LBdd3CsznKhvfsRN
6xr4D5eWIMXmvlWKiQdOO0DW5u/c3leWzVyQFqm/Cw58cXnmTFE6mhTrWktkFlox qgNHEVGzQoVT70qWhnNb5F/8tGuQZ3aX2PirqT/S8+e4sPdgtO0e4AZrmCC02wmw
S0OQB/fzfKTuJuxiB0dFrPHuAIR8smUiWZiyz7NzXC2C7UI60t9FhpfQIlHjAI+i kWytPNtflN4GCmZmPJcAIqirm7ohaTdUSLfDKb2qBL/8OUFQqyL7loJnYnIEguLa
ktxm9EdGq5cix4RtG6o8lts8kJl/kBLTmuIH95sfyNkbHQ2dYi4LjPR7PKBAZjJV /tNLfWUamgZOEts4ebaa559S6UbINlhwKDpuvuoh+XgloNRfxtLsszAmQJUfC2GM
UyFI6FDvIOMUa6TJfK0kyb3y2eTp+iRzuys1APhEY2sAskL2q02ZCzTldHNJfwM3 dWnOeKWMaIntPz5YucKa7nUYQHxzU93Ot9d15WhoqnEi4Fqgo15gJJq9AmODHDXr
qpKciyG0LTg542SfC2GI0SSHEh5jBVHy29liaw1R7ecM0Skjy8Z1MBiiHFn50QXm +SsBc7mpuE/sJBCIrn9XIvU3QxXniAXx8agQHwaKc4YYXu1EB+pium01HqXtqcCG
5hJ+T2xI/214rUvESBrCpYkMTT8uKnAs6jRxoFvuK5QxcuOVIab1jA+tXsft9FW0 iE9NDZRYTb3l5an7cPnC+674y3A3X6EIvFJAQ7yabMIXG7IZc+gdk4CwkG+XoG9R
5kSEL3cxfBoXRlWfcLpTty3Um6AukDGMmleopM6iQMoBpeUqdWPmvi4SB8jMJou0 5zSOjFGt+x6FaWLOs0AbcZtX7htR6R4fnB5thsJ0u5UOOjvj3Ub7cSF4I2Gqf2ul
rL2mZcnai3w2tUe+eitwln6AIo5bOMv14NkWcFeArnLyguvjkZ0aOE2nFvaI/rc5 HA19GZ5cC49or6jABUxQBhexoaI+ywQOXVRYcQ2CGrZkjy1yC/EmHOw+sAmrn95f
54QCW9/VRU+Ku/S77gleCNSyO/FMOEIwFIWzc0OY4fnQxSGmp90Y1AmB5/eqPD5d wWDdz6izTOOVNsazPzKTSuLV6R+alEjiLqh6AgsYSqzCRTum8dRRflS6KxA6gKAA
1f7wF4OeNOUSkKCbXOA1VfmumJ+BzKdwZyjxsf5oDzMMfaShmnhtKz8lsfigHEic 6c+XVZje9A2szgblxHFcs/FC3hs7veBPSbgCeA5nSHTk2LjmExQX5n6qsavHqUba
1CFzufOwTjw3dnZrNmFIFhWBrcNtur3u8AMEqrmmWCGHnATxL7BUOTiFvtkq1SUa gi01+X0792Ji/dPMNi1UOdN1PJ/LIHPioNcG7oBmF+AjVE64fe8G7Rxpum8JebfT
/VqOk7gbvcAk3UdSVV4Ixr3AN3wiWHaX/Fmta4NJYM4xljrmWPL1nXUH0Nirv7aV sv1Pgq/aUsLb2adv/GlYe7vbuLQOyeUJFgcNHCEWxffh+wejHXilxxxZr5wjIkee
x0xHgzOQE8ftgIzkLjNqvQyuRaz5rJZzmHV20sxyKuK/GipCc8vx1kNrmUTjIjTS 2+yK7sHFJoY0VT+dFFdg2MU11hjz5VhE9vQRcwF142XKJqI842xdCvjiAexGDWC8
0/9eyQw9I+efnBzydJRzDEoTwSh7Z/v7nJgMV9sxGy9MIX67z9WpCq0L3TuG+r1d BIqhNJDL85nJT6RddqoAylblR2AqmebZ78E1LVsfUJ2MBUcWH260Ky1oWp7RUdwz
baCymEjFlWf/0l5nkNijswXyEglrgryCZkW0HHogwTAK+5efC+X7ZV0Uiyt8+HRJ rKwxbHjoadueEom2DhdBsCl+AiaOW2S6iq7bBffqZTFdM3OXsXsdy6nNaWSviOoX
+63ZB86gTuKi8gM83p/ujliSjekCm0exPUEdU9LzIcPf+kkEDUZIBoKh558h/2nv DgXLK0Kq4uh6SRDl7tKFPoa7rIb0B5n7r82vWKYAcd6FcHTQGU2f/lXXnQuoycDM
BWK+CVq0GFW+ztgLoGbDfR/iM/0YIUo71+gIR2GDZuVciMHm1wBrQK31BM/sfCcD HssIDRpSxzMB56ecSBQrApjWS/NXUpAunJr0zW4FNWQiEd143VTFJEg7tgk2/0ln
KCbCYf3aOJPOu9E44tHjA13pHy9d0uRHHAvLrPxRMCgDkDSi+xNrGeX0dDXfhCgi PG6fzKOiuJdqyCLXhxOsfy/64JAXbAIexyp9B++ZUq6pMZFewPpkqRH17L8EJ2NJ
iMvg2dxn3C09PkzOYXUQPvtUua/qbZNXZW22sg1u3iKaQ0z4rgNLed6i4jHu9KBS 62jYABnH4S1uiyY5rfTeY+Sz6gwlD+fshZSWFla6D6wqKBT83I7gpvhbGgzctRpB
GjHrN0l4qKrr7C0sD0dl3MSL9M3IRlBJeJBLw43NW7+0X8EE58UWHB1vLemQ9vLS Uycd/IRV9NGOzF8RjpPtNOYUKV4C6/5cTMnT1NKOJ7qvYdEQRSRLCDVDpd7Zlptw
AXsnXM5YHKBBwxLqxgXFsjISO4ltTer2pl22zdo+Um6cBu4h3mS9AoD8gKhq0q80 FjtH5QEXqDA8w/B1UzdVKhvefN5ZQ33bs43/4A42USlEMFsPlntMQa5gibVLVaMj
MU6ldCmyaZy+9E10HeNNyMt4GU917r+YuEq9CCb7AtpWtJokTCBv0Vr7tLt4Bov7 fZofDE/NoQUUjC8zpqoHXrPnLvnmZQoijSrv08/HEfBBo7NlTQXNmAdfVbVv7L/w
kinWnCF/JUuxx9QdjEOHzINkQiEq6XyxTkoUcjWM+FdRXF1KKc52JpaMYzeMV+Ln MJziZBEE9ux2rTilRpINcNbGlTTMkaTZMkv9EbiHHQwbujiDjyQ8/3/rgmsigjKc
VSJukwaVCmWMSEeKdOGUo2m/KQO6gX0DReoG7An9cDnTYP5LaNeP/KTliiBkLyaS UpcUX8vL/R6BcRjau9v52ISAMIRuOv2yeiyUT5PyjUdbSABZ4ApgHPjkIusTtGzE
jddvEeTizcqKFHFjaanzeEYVavnFASxmdlD1jv06EBQZeovH7NkZ5T3QheRkr68m KNut5dmX+YsLQofapHwh84xvr0xBGfFNTpnEHnj+sIYjEiHVxWXbeFPnk/Arshq7
lnyBDs4R1xLSd+PRZhdFg5fL/mgdzYCmYNu6P+rwgsQpQZpSbcu2rAu24fEbH9DN UjOu57IQwtaBl8tO020l7HRxYO+PnjH1qLrvWSYVa4FX7BErCdzQsGDXoBeHdcmM
RIe2Woz2tMIx6jTsAOBDRsDtXMWn/bqZ/lc5YaVuGsR0vFf6eWK9jJH3VkZCYK0E sLiri6xgXET27TkSculjVYQKMZ6fTXhf+MJUYWlWatAgoW6YegwnfCw5zZgLdSxs
ukwFrEZGSCWVP0dOepYl9tIOU7o2BnQeVBAOas1jnr6gJWueoazZtgQHKtiXo582 f79eYUy7eePwko6a8jgFucRHrWCjmpCiCarLTbpIeMGMqlIBMl5D1gKKDVmmwmS+
nzLC/zS+72a/9JaoChclM97ED534fqkND2SVHPkClxr/wRk0zqSbOOkA/gLzis+s gM4n2XZ4dyrqzJMJHaSGX23gXq1S82rx2B9O82uWKOTrHAgUhDd5qfp63rGZJ/KX
RGZGMOsv9aCIMMUowMB3XKSn6qEXJvNHeN2uH8p5a0Eml6gm5jyYqJlV0q5a1lhC RwfPdjHy4ITGCPsi9sVo/Gt40+PhaH/F+156N6+YlmZ4NemtfxWRotBRla3BObLA
6vTbPbFXCWxJS1daqiZWtdVp5RK7qoUJY0CG8etYQGUDKsvUqr2J59RXJKA4mBR7 CTw2+T+Nus171wJu3q0nW2aSfHrf8laYCnkKUMqQ4Ju7Yf3c12B8a0EXYamiAvD1
8beQL7SvDvioaHL7sgoY8Nx9sgCtww8MEAKvRnOkfD6tfURjivu8qz1tGAF/INQ+ EijcTPQe9VexCXX8zSzK+A20dSxtAr9QhRAAao9ewV0oDbsO7G9dBGqjnAph3OLy
RvGuw514o8giG+WU4Jcoz+QUMpL7SBSekiGnPE6iz5gHIXNtM3FUTgHTaCVa87aL 0DY0a9ylz1DwJWeSAZvsQYJ4dCGJloBXHHB8VWjkdKe675lF7eDcvaN882M1jqpb
Hh/idVK0/uV3Bj774fJhBrfLRxGfOPiaPwjdnE6W8p5colXpUw4MshD2zk27e2cH edoV2QrdqKjITiw+jSMKalldsvM1f/WaIZ7CB+aqOmupKUdK75NJ0GiUBRB7L3zT
W7hpSl7FI427vSKu+9CYDmn71FNkb3JRP2Sy4uBWGBftObmJKVvuwENpiL8D2QNH Ja9ryWZ05VVTVypRWPsD4m1wLS64GT0ZpSPNWa8FHeKYif3lVPoA6CpDvcL5AtEx
f/tvY1zTXJTLzwWiV9vk82p12BKR6BdLY1hyUDEft+MOulXR5hFmuPdbnEdDUX9G WpwsE4+rSGqMFFvk2MtJswUFVoJYKMxEVHDqYUz9c3Xati/wDDpmUuSeZ+V5yujj
pvvYvb9y9SdwjheYckd3F5R5TTEHTHDyf8+zYEbtCazNNmboKgpvd9z4Xy2RUJK0 BmWTLKH5jX8gCyhHDWZpRWStMxxIo8KHtcR/q9yf6Fgp3OcN188Tx4hVqDFbDeJo
4+BCmCC2n4VDN9Ztaf8zVnBCA6vxBf8kSCIoFyMXazCukX11pDN7qhvkQG+BomwJ iEqy27D1SK6zBtSRLaFeZ+t5E9degiG24xufCyXwg5o/Zoh9+J3opef4Hr9qfBk8
AK0UY20qhfKpBRCmiGkglpjaBeyDsX8Bd27lurTRuVry6/YR1cw9zAhoOPPqE3bn GVsg169pNQsvqeAyI4pwlqvNLzl/B72TyRk/O/PibKICikUI/UrOkSKsyNBCj8Ns
yFrSkQNaVCpAoqB1UitC8NWNsdCQ2h94w5Ai347vQf6SOR7SpT4zd5RNWXwVOlFT N6PN0+KxNIsoCuHdPc7MKnMU4W5d5lRES3SmQI2wKBiq++VO2zz7G5Toi+69YuXE
UkBkocfG9JIFKsOapOpXeRc7J3quZEyo87to4U+12UGt1g77Q0aPT/n+StZJcNnu eTWn3a6+7MxG2NDsxu/YaR2ghqm+a7PN++WtpyLSw2rsdHRlTrOQ6FZBBuuLrR7z
MKQlj6UB2yQjv0FWBtjwxay4Dn1CKbgLFBT5qntcPBJ3gRq/4Wa4MOlkbDRdWVxO Ll7pEtN4k2p43DURAWr3jQL9/iRdqYaBXMxdL3HKMiD4XTvaNw7vXs/rR77skc7h
LoLCgJRWI3aTR9FvjAmAIQjulvwCa8jNnwuXO6Hf0Cgep2/uNeT6BBzn492brQUh lFbOvFIk8FahdGHaXY2/uJUuI/RA9dKD7IizDtuVel9n8gsxfPE68Pm7y2ZT9fBe
/cpZ1L0yvSY0gCDBGKfcmLXxbm6jVA835TQ456Qc3MX6EEVJvBv0zoqh3EqqGd2S FXeoN1SnRCXwKPaBc/C+cErJbSx6/FOaWpraenLxA6bdKnA0dznNotzxZj1J5eky
+fKIGwolruj6Pu7eRDzI5rNmIPbg64OJVDnHxKCH0jhVFBkWGeI7EheYW49b7GPL SVakMlhLBDCiIZhWQsbdNQPCLWv41XQ3uSdNWgOvWCkX6jxfr0+kq2fF3Ecy4x0o
w1P3sMlA/67GXPJ67q9k0DZMPDxzTBw/iEnwT35vBaPp1RgW/dXXzdr6hS7kt6rd SU4QTi60lYKIpZmwS7vhyovQmR6h04KUFeagDDMQ31qxT0j+D95XHPRmTLflEpJS
Uxb5+ckIzCXX/BF1kh/yaXhQWAGNQy36g5uq77gWY5ypa97GXojuajqpjLrpPGom VdOwWXajTs8hOe7dtzfaIqgetdqSqoRIfx+WO7BEux9bD+KIznUWnHsuyaNwfnXE
P9TWlr1aXH8WOzFaZXMa5xa3YoD9unQIzWRMW3ysobjOvIp+Fmj1gsIlgrfbNI1O Ve8+EcR3I9TlBzfpAdXeK8xnWJOIOBrCxN55xhuZGOExt//vaaWXPZb+KP0mvN+G
RJaC0WXfX/3WuguukJzC8nAyTVM+Aj/bUZFoPgTCaZ37KXJy8ORZjhUmZ7wMZWh0 aXrg1u3wQaEW5v4wai1URgFhCilXa3K+AyfYxSaBYCmKVUafF4tPOUkYUVjLGqLP
lprC6izOj7CUE+UyPUBDn1nIqWRclShIyUIvkGkvsqCPRseMR/K0ObLk7PgHuq7G TwPIS+PHnZtVtbEjT7vKEbVDz1s8c1mWEAaxVbfxAt5qfI3hTTKvW3y6CyaBWlXM
VfDTvOyeMGVjrJUPxsydbA9zF6GzTmT6PWNfsLlr4wX38CQkKQzG/8IEGvYQ6xWT lwmOFZSx0Q0ss7JKkYlTweuUygsnH4C0tj7tDHNxLDVkyDQoZEi3cgU9tl9xXu3L
kADeNyrFvVVE0diZgyCcybjTAI1LGj8n36DQBmfpYp1w6T/EyrznwS7PtRftaTm6 A6T0OC2i1Zp82p1CJy8sg42WDjw8af1Xf+KnyzbuZ2GKmCf/5Z8AGn8FBs04SG0P
bI3eXQqnO+I1HCR6+1gqcS70LK+bX+Cw0sNzLaUy66XVm7/CxYJrohRkNRxTGkHy damoK80/butLsVv2z6HNEdNzkJNkQTQsDfWc0EuLkQTQbHGwtekMr9aRLLEEFkmS
cqFFL/wBx1TK/jhARfxm4kWkW7Fsmo5t/ZRAv6jMAlYMjHdBF20HKMNDhZWtf/bC eW+/OJwYC2hcuM2BjNY0oxVR868E3UXgr1evQ5IPsMAr6BlvSi5tFJfOkUuE44Ty
mEV4/BERSfbHB60aM6ZXWUzBlf486ffAvxsQy5qGjQ/yJIwAMN84qHZvqoA3NwIs nX/7qhBcsx4ieWZtGO87PRwjdTIFEynhISWn+S5iu27xBVHslSk+8LVHxT5zEQR2
JThbTIFM0Xtux76AITxAYIhtB07ChxXrXC/owJ35oFve+sq1HQGh0fQIGTgTtv60 H+J5/ZEwKNN6vV0TfcJXCvGEgdaZSCP9mnLvwpGQL17cROU58KPVpHF/uaFFSmWd
tq82T7KLO6ervK1UVL6oxHkt/xbr3c6wu4wd2Vh+Kk3xn3wp7ShpT6sopk4GCdBv cwHhSD56dLJFog0Kc0phn6Vf6FFJ7lgDVJHj/2igEqEzxJjrnCtaGM32tX6yvytq
mxxbUu50F7e7tlc/sxvCIU1ObwiF6WOJH+7RUJEGmWpvt7eGFZSo/h8oLjnxxvmK CQwIInshpVWWsajcninsn3yCzDuQdiRTW5FnHqEqAi8k9LFDoF06QIvCHxWrg7Zd
Qyus5nGIIWDZgKWYxxIGpQ== oJQBOTOwY6Cl1c77GnYyjg==
C.3.3.1. S/MIME Signed and Encrypted Over a Simple Message, Header C.3.3.1. S/MIME Signed-and-Encrypted over a Simple Message, Header
Protection With hcp_shy, Decrypted Protection with hcp_shy, Decrypted
The S/MIME enveloped-data layer unwraps to this signed-data part: The S/MIME enveloped-data layer unwraps to this signed-data part:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
MIINawYJKoZIhvcNAQcCoIINXDCCDVgCAQExDTALBglghkgBZQMEAgEwggOUBgkq MIINbAYJKoZIhvcNAQcCoIINXTCCDVkCAQExDTALBglghkgBZQMEAgEwggOVBgkq
hkiG9w0BBwGgggOFBIIDgU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z hkiG9w0BBwGgggOGBIIDgk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw
LXNoeQ0KTWVzc2FnZS1JRDogPHNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5QGV4YW1w LXNoeQ0KTWVzc2FnZS1JRDogPHNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5QGV4YW1w
bGU+DQpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NClRvOiBCb2Ig bGU+DQpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NClRvOiBCb2Ig
PGJvYkBzbWltZS5leGFtcGxlPg0KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDox PGJvYkBzbWltZS5leGFtcGxlPg0KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDox
MjowMiAtMDUwMA0KVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0K MjowMiAtMDUwMA0KVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0K
SFAtT3V0ZXI6IFN1YmplY3Q6IFsuLi5dDQpIUC1PdXRlcjogTWVzc2FnZS1JRDog SFAtT3V0ZXI6IFN1YmplY3Q6IFsuLi5dDQpIUC1PdXRlcjogTWVzc2FnZS1JRDog
PHNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5QGV4YW1wbGU+DQpIUC1PdXRlcjogRnJv PHNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5QGV4YW1wbGU+DQpIUC1PdXRlcjogRnJv
bTogYWxpY2VAc21pbWUuZXhhbXBsZQ0KSFAtT3V0ZXI6IFRvOiBib2JAc21pbWUu bTogYWxpY2VAc21pbWUuZXhhbXBsZQ0KSFAtT3V0ZXI6IFRvOiBib2JAc21pbWUu
ZXhhbXBsZQ0KSFAtT3V0ZXI6IERhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTU6MTI6 ZXhhbXBsZQ0KSFAtT3V0ZXI6IERhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTU6MTI6
MDIgKzAwMDANCkhQLU91dGVyOiBVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNp MDIgKzAwMDANCkhQLU91dGVyOiBVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNp
b24gMS4wDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04 b24gMS4wDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04
IjsgaHA9ImNpcGhlciINCg0KVGhpcyBpcyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMt IjsgaHA9ImNpcGhlciINCg0KVGhpcyBpcyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMt
aHAtc2h5DQptZXNzYWdlLg0KDQpUaGlzIGlzIGEgc2lnbmVkLWFuZC1lbmNyeXB0 aHAtc2h5DQptZXNzYWdlLg0KDQpUaGlzIGlzIGEgc2lnbmVkLWFuZC1lbmNyeXB0
ZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQplbnZlbG9wZWREYXRhIGFy ZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQplbnZlbG9wZWREYXRhIGFy
b3VuZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMgYSB0ZXh0L3BsYWluDQpt b3VuZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMgYSB0ZXh0L3BsYWluDQpt
ZXNzYWdlLiBJdCB1c2VzIHRoZSBIZWFkZXIgUHJvdGVjdGlvbiBzY2hlbWUgZnJv ZXNzYWdlLiBJdCB1c2VzIHRoZSBIZWFkZXIgUHJvdGVjdGlvbiBzY2hlbWUgZnJv
bSB0aGUgZHJhZnQNCndpdGggdGhlIGhjcF9zaHkgSGVhZGVyIENvbmZpZGVudGlh bSBSRkMgOTc4OCB3aXRoDQp0aGUgYGhjcF9zaHlgIEhlYWRlciBDb25maWRlbnRp
bGl0eSBQb2xpY3kuDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1wbGUN YWxpdHkgUG9saWN5Lg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxl
CqCCB6YwggPPMIICt6ADAgECAhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3 DQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG
DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYD 9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8G
VQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAX A1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAg
DTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRG Fw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVU
MREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEi RjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIB
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PH IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpOD
HNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7m xxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu
ZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eD 5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afH
hv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8F g4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvv
kyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtj BZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1L
hflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMB Y4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQID
AAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw AQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
HgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEF MB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYB
BQcDBDAOBgNVHQ8BAf8EBAMCBSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N BQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546v
83cPMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEB zfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0B
DQUAA4IBAQCBSXignLEynBakDKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjo AQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI
N9f/gsOx/Ht9Ii6zyBZVjdaox644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUh 6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1
vdTxDNOOoHz53PYDBh4zE4Nar2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNU Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTD
RexTg+z3web/eDOdu+F2MVtluLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyEx VEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6ch
l56BJABb744gqoeuD9YSHjKK49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w MZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+
06jaRzWdNeXzlEc2tUpAr4vRhZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kp sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9C
olw69Phqzpqp1zANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYD qaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8G
VQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZp A1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlm
Y2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQx aWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0
OFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMT MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQD
DkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA Ew5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
tPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJe ALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBS
STulamNfCwDcDkY63PQWl+DILs7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/ Xkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A
esFfs+E7QMFtmd+K04s+A8TCNO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnh /3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp
xBW2RZAeLqzJOMayCQtws1q7ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNX 4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmj
d3/Y0pG7QFecN7836IPPdfTMSiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJ V3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJW
BUIKkO1zQ1Pq90njlsJLOwIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0g iQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1Ud
BBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1w IAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFt
bGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQW cGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4E
BBS79syyLR0GEhyXrilqkBDTIGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2 FgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShl
GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9 NhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj
HjQEQ+v6BdP7GKJ19naIs3BjJOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+x /R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/
h6oAfzcozmnd6XaVWHg4eHIjSo27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrW
01DZZukKYr7agyHahiXRn/C9cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHB g9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghx
hOiPU7IPkazgPYgkLD59fk4PGHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN wYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJ
3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAw Dd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIA
ggH8AgEBMGwwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAv MIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEw
BgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkC LwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
EzdBBXntdX9CqaJcOvT4as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkD AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJ
MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwMjIwMTUxMjAyWjAvBgkq AzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE1MTIwMlowLwYJ
hkiG9w0BCQQxIgQgL6N313auMszx5Byu+sPmUUoQvZ6glyBIgh0k1qycdmUwDQYJ KoZIhvcNAQkEMSIEIMFOxgjxvsd6O/C92x9Wv+OPyqNJRSBwoMdr0BlV5Y6iMA0G
KoZIhvcNAQEBBQAEggEAmHzQqLkVTKl8TKMaeYFFuU9fLrHZbg3aZ5eP+Zt3OkIN CSqGSIb3DQEBAQUABIIBACBPs5toz4DA/xDj8t/B3f8YR7RhxqF+607P29Qd7lvc
ErSsCBXE2V0u7yCmxk/PdfkTzOoSI9PW/seA5dd/W6yrCVX7EhqWWQx1vA+s+jtx c+PRfV9P+SEwlHgLtrvm242i5hDk0jWzwsZFTT9JfJa3fKMGM8ZpSnQQq8Q255PY
oZ+Fh5a1GO9W7XmcQBvpjJQL0hyt78UzZt+CL0K5E5oueKj9CxCBkuKlgzzvwtpX OO03qh5xOpUT8KEoKQduLQbEdtUAzndZgfSNbBNW1buT7kaWqhk5ExB4qm+fPyfI
CAK6iYUzwGRWkxqdBaClu1xi2OCEzu5mbpAUY8ra26hGGaExYIZRVbwNZ5uGjfCI +ZRng4B+PI8l9YpcuzybR10CylZLzJdB2EfHcXFDt91nA+iouUNCpN0ddLENJ6gZ
lsrsd5wFdxQbcWOF/M5QIjbed1Gz862IZxaOA/fRY126jdeJyG2VKdD/3XglLNx4 2338fhZ1xokMqSXo88sEjh9KBr//UMlxsWUJ5rM1DBGs4ysMfmuoz0rAnh5U95NZ
+6kU9F3BYb7itpwqnkY3MiKxLuofNQVx/ZQ1m9arww== fTDI2hVSCHWx/92NDZXQlak7Te6MFWpluHV8QLwn/Xo=
C.3.3.2. S/MIME Signed and Encrypted Over a Simple Message, Header C.3.3.2. S/MIME Signed-and-Encrypted over a Simple Message, Header
Protection With hcp_shy, Decrypted and Unwrapped Protection with hcp_shy, Decrypted and Unwrapped
The inner signed-data layer unwraps to: The inner signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
Subject: smime-signed-enc-hp-shy Subject: smime-signed-enc-hp-shy
Message-ID: <smime-signed-enc-hp-shy@example> Message-ID: <smime-signed-enc-hp-shy@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:12:02 -0500 Date: Sat, 20 Feb 2021 10:12:02 -0500
skipping to change at page 141, line 27 skipping to change at line 6508
HP-Outer: Date: Sat, 20 Feb 2021 15:12:02 +0000 HP-Outer: Date: Sat, 20 Feb 2021 15:12:02 +0000
HP-Outer: User-Agent: Sample MUA Version 1.0 HP-Outer: User-Agent: Sample MUA Version 1.0
Content-Type: text/plain; charset="utf-8"; hp="cipher" Content-Type: text/plain; charset="utf-8"; hp="cipher"
This is the This is the
smime-signed-enc-hp-shy smime-signed-enc-hp-shy
message. message.
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft message. It uses the Header Protection scheme from RFC 9788 with
with the hcp_shy Header Confidentiality Policy. the `hcp_shy` Header Confidentiality Policy.
-- --
Alice Alice
alice@smime.example alice@smime.example
C.3.4. S/MIME Signed and Encrypted Over a Simple Message, Header C.3.4. S/MIME Signed-and-Encrypted over a Simple Message, Header
Protection With hcp_shy (+ Legacy Display) Protection with hcp_shy (+ Legacy Display)
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft with message. It uses the Header Protection scheme from RFC 9788 with the
the hcp_shy Header Confidentiality Policy with a "Legacy Display" hcp_shy Header Confidentiality Policy with a "Legacy Display"
part. element.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 8170 bytes └─╴application/pkcs7-mime [smime.p7m] 8190 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5046 bytes └─╴application/pkcs7-mime [smime.p7m] 5050 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└─╴text/plain 502 bytes └─╴text/plain 506 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <smime-signed-enc-hp-shy-legacy@example> Message-ID: <smime-signed-enc-hp-shy-legacy@example>
From: alice@smime.example From: alice@smime.example
To: bob@smime.example To: bob@smime.example
Date: Sat, 20 Feb 2021 15:13:02 +0000 Date: Sat, 20 Feb 2021 15:13:02 +0000
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
MIIXjAYJKoZIhvcNAQcDoIIXfTCCF3kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIXnAYJKoZIhvcNAQcDoIIXjTCCF4kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBADmQPwawzwzPKIJbuLJ1LeeMRHXlIoG7j/r1 Boq0MA0GCSqGSIb3DQEBAQUABIIBACAU9OH5PSuN9tLWwz3pZCIjfuhDPvElwIWM
tvkHMo9bUUhT8jdexlAgl1L7CKdQmfbXbMq/lAMUe8727BECAU/ZRqw9ZA+a71Y9 FLLaSLuRC5cnMqlxagX4RJaKeAhI+WZQzinX0SRGWosV1ixjq1RhgoLsdnQhXh1S
NfDivBgRdu0W1qlL0dcRiR3gU/Tbvx5g9kEbQxT4sAqrVVJFBxPxKH1E3NPicFkM G3HHdlke+bhxqlyfAxOxozsKYybrkx+dHIhZkOtG9XrEfUC/4QCEAy6pQz1M15i8
2Cfe18+fM+o6+45xZgKrV3tTO+xsoJe00OBOghFEItp2p9q9+ItOPnBCrFl1Mjed NOOxXi7UaEHo7qwyW7NJ5wWe9QrDi8G3nazLEAWEro6kimhdSKiVvGi+7KCjLQpz
B/5DmHDigcV/KcJqpQeZGifC9q/3uT5EIqoEq22gyTAg+q+SHASpbrUdtTAI0OqM HM/BY/ydpgLZ3BiMOOALCK8BiZlMhy//jp6Z8638UmjKDiKA8ExU3EhHO24yBT3y
MeSl5Ou7Xr7oA++n5nn3KGm0NSbirWQ/luGC8txFEaEM1YCAHzcwggGEAgEAMGww TVBCVx99bq1FwP1jnBBKg5VjeFpfA4JnUge5J66YIOR7DVeGglowggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAHFfMy82jaRS88AdeeTpXTcI5 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAZ+OcEKyP/cfIy34M7u7ZUcdR
eIWQXlgopLfTZVNWouqoD0UNwE69mNURWUBUqND+ascj2aEc1SlzzZokWMzfAb8U HK/hm2UHKlcSixxIDvVZADtdSzJ5qE6gzeRtCzVgIXEWPzuru6ADSFPUNdzV+R9E
+HINE78pYcnd4PHC2EnMf6peasmfJwHgrNehJqy4J2WhaQpQD6em7S2wQXfCjxgW G8pDkwzsZzxQ4QY37hkx6/bWDBcBBjF4/hVe4ubxGEvJ9QxixB2B34m0nCwxD6LY
UZdM8ouyXw7VMYd7CDQvY34VGxjWKooTwsSDriEL/CQ1ew2tjsXyznHDkfbFfpxQ EN2g88Pc9kSSRbduGq4LRfyrVQEG+WpKXzjHQSpzqiDXuMBDDW/+dMHaGKsR24oZ
XtUciRQX+WHn6uZHDTGZ5/PArfp+hjsHmegmIttON0Ggk5Orh6Fw62+O56k8W3jQ Ne0Z0U/iOnU0J0VuuJbnPkgYUJXQvafZSJGIfhpocMMPD9Ll42XkMLIOJvDsGqVk
Sgtlbqigw4/GnkEYBZ8iYF9dJuQpMV41S3tMcZzwM1FBTwLpW70gMeDtpjOJMDCC qkp2uEUJ3tzd4Nsg5UAWIrMNWQRdWbdqLcuMfoabNck1lOrJritHc65jAyjv5TCC
FF4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEG+d1PKP9Bv3wjYhP6kQiGSAghQw FG4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEIp1SKNdHDNw0Ia57jzQav6AghRA
PgNipAhO1AbBIDyP/wL0dgsWwC/KHSouWRESeutz2oMXMW6zDwFHwWVAHUX4uRmT SnD0DeMznPkqrErin0IkCd2tCYouj0vON90o6QkuEMX0SsEL/+9c6JQRVAVxcxip
+ZZVEwiS+wzf3TAfdOXs2kYHfhaiFkrJUxYirdyaqzuT11sVzKLt2F1+uxqud9JU a/FpEnBMRBGdfeujUTFp/AM89QL0TVc6jdjFRD5XbDsd4VSlk/HTDar0zv8YEZOu
vLwZo7INJiiUYpredI3plWznCZd0NMhUHiWHv6qT2fBU1KPBEiO0oZ3NZtO/ZnAV FCHItlAoN04WgyDK2AO16XPAzZN+IZMmh7pWRWS7k4IgWfuo6tcd0Vo0TEtZHlDp
jdMO2PHAUwdnmqPLDNsLnsaNZ7i+b0rRFEgT1qeZ4xhRp0zSsjwvQn7d/WBCNDpC oJkxgSgg2bZwSXq3lb1sTDS1Cs/rG9h3GD6uBATdRKBD0+DRRX+Z/yPM96aFoX+0
9KKAP9P+Cr12l6PTjQnFx4NrDNqupw2A6A+qv3NRq/ymn8zR8nm6zGLjje5RfftA +DqPvun7amo+2xeTgJgkchz2XK1sK8OG0vb6aMv3PwK3p0KDVCLNAzkaz0BOQvdX
WVGQSajJNLTDir5TUAtb3lo7Cv1Zb8VQZhqxTJJrwW3piWUTV9xjMiVL+h2sqdZ2 UFng8/sNNu/P9+WBelewVfGDTdCocA6+9vQa6Gx1RzJz0js2Gt4MhH/MfsSbapjc
LhOnQBNJmFHPhukkdvkCPxbM+vylJU04U+5ma+ZpDOBCgy5nWRgbQbFxcP5dpGkH omaveE6baODAHMcbqH4r77QrgORmUfBNQC0AsnC5zdm1+w5ULOt9YkKUWWw4F9sB
dZpcf164e23dKGNrYWK+gjVF0cp2VpEilgZCwJLJYgxnpH+tcoSIM7XfNe2IR1eO 0+2UeQpe0y+mtyQAtJvjTOcLEcAzRmV6Moaq+EThHfeSoyFJbIUqT7K8epNbhKws
L7pAhrzTrVWiBemph727lAXJM1tWhhgFL9GFWkbkQeJq2ndpGwz6lK4Bk8Ri+9j7 QC1KdD118++t2+GxOjK4vuU0r3YFl2kHhDJIf5H/FJNR4YS+ZZ3S4IRky3HeSx0p
fkXo8qt4xGEcE7hjfHPIHcXr4FhjYRrk2h2bb4LPAeb7E56bEl7XTT9hWCAoAT1I CmJE5x5wbXLvLf6+NTcF1yzYjASQvwqmPSAjHMYzD3t8SDrKO/cJGNdud84FaWfx
lcfY8giqsny9xDeb8Bww/i7dVCzpFZCSNKxymnuWybTqu8kmnh4FQttwJFvvDCoR zf+0YyRulv7pPvmIK7Ul1Nh4T2We1ecFO7ON5qVLMeH5I+Zc/YwXRkyJGSgaAXHQ
Xh2j6mMO7DpzGx5v8E74lf4cXwYKdlOer0L7rBCT7worv5OcH+Hf86Hgg5NzvWTn cgh5BtOqQnsstX+nYofSceGgn/Vpop52pwWCf0/KnRi6C4Ih8o1naJOSEcU8Ucxh
ZdCioihv4Nh2w5EmLfWLcwP9tnMC+62jNFCIh9k8EQOs6uETEjN0vyFYWMM7aCIQ D+ggOAvy/gLeag6G1DL4IzxqNHh7Qr9IZfk4doNyumkcOvMz7gSZGFxHoOPdH61S
JgF8fkEmAs690oU77Na5V4RrGvvyhKZv2EPGUTdwikls6YsYgEHReOQ3hBVqrn/5 /ndqe8D1C0zFj446GIpj8hfhVLf8+7eVGK5GPcfAiM/fSjfe6ZVqn5zX398YjHGB
/Pm5m3LKe90D3ksmeasjTLBCf29RT+vYpHlLPYNlJf1mTTKZmA6FjMi3yjlByJe1 H0HIyp/ZvWwNNMfdeJgG6ukdhqhx/NqK3/Dl0crpCbdGqqTHjl4UDfmMlUEt255N
TbrhXpmSxloX6fHeOMnq9JNqQEgrs2r17gyMULRxDRcVcSwpHYIkAjmjtyfRlVb9 Mp24Qd+rUeOtj+vGComumU23UueJz9/VDhQFfOPMnhLnqxNhC55R00CzXBla3fOZ
5XfK9/7bwNAH0qoXQ//tppHMFoyK59YyD/aOVvHAFyHvFxY/R63JkYd2lX3AFevV 6t4OyRo0JCT9fkGfHFgQxmFLFtXkpHK3HBpP/tu9rFLl9nc8KToOguY6N+c5T9Rq
OHk+a86S8/rlcSW5NMKMEGIR6d3sbUkoTKhVt8U/PNMQgTVbROv6oQQf6wB+VM7b cpCyRj5yQIwkS5sLREYyNlnVQXBK8jESSqEOuJOp3pHUgNKMnWwfplkuBVK1pAtt
etSPPJciKCa0zF/m2FU/6HEU8s1DI0lioMgo+Q1YJrqWnAGlJ528Sdc2GTP0LKub GUUFXZEz24T9urWaJHXFsikB33aks59HrNddwamv2wpgaDmt2e5zDZWKgTB3p89l
+zMRCZsrYzPHklw0PxuXa3hdyke/c6SZz890Nhhh9jWhlk+1eju7NmNYhz3t9MjB oIPbM5X0W2RsTAZwPgbjnQs4y7YZNT+CerPoocgI226Jyhxi6e7dYGrOmpavgYHB
SumAvmHOMoLOy91dBwhcCnp+f4Y/Fx5NdIkj7VJVngCQiPQH/pi2LlgyYfcmqRld ieale2z0tZdYOyNBS3FspCQWTXOUtte822OFuVu5xF4GOm/11zYRLt85SuAxTsNr
n4ZwC4JZgjvz1Ui6Pd4iL6TTeHeQD/OtwxztqFqiQXZJyRNqbYYJyGZbBz3zFviq DwrBfLvuxwpx56GPgpoC42qyLbeuw19iTFS8kMXJxoSnfdJq59AwUqwdeFFxm8dj
aWahRK9rHYHVDqWKBy9SmyjiHmjVZluWXdK4zDkzWeqcwYHspKSYnymcBcrBneJZ TL8eCsyfyUoscvZLCD78mHMvB8IRzIQ/iCMESPfeAig5pZoeMMx2gVJFOZkEWqcW
Hpy/bKK7RVNyUOE4V1duhaz6vUdkXG3KHIWCePPr3crlUHFB/H+CSQ3PXQAA7qNy OC7Icm+qKPX6tjSi+EnUASklDfrRhUQ+BdVYXdEhwf6UUG4HZ6OEa+MxpFUC2ulD
DvcD8jQ4TxDMhj3bWSaAKVL+SZiTBSVVXX5A+OkGHoe57TDI9zKqJSmyh1dr6V8P 3kKddnMJZaDuvr3k23NhlBVhSOt7Uo6Soi/Sz1aow07d25JbLv5AVJJeE+cWPlSI
LiFdSfmGKA5sWuTsta9SMslWobVguXuvYTxE2V1S3zoHgB0p1efJ0IaNH0i+gqJR DQTAlPuYtx6oMVn5lTjLw3KaF/Y5i+RQbvJ/HeNfrstrelx7brLHiIHoCf1wZkgJ
NquG2fjiQpMQVYypG6942C6RXNUU1aLg3kH11ELTOmNRCw6EnL7xYA+xwwWQw72Q EaQUTt/GZlnKv7xeKleBvJI1mCdy16NZrklHMnPUgj1ZxEwBJ17M23B3hAkYLF0O
6o9xUyrX9AqEv8cH4IMelIpkBue1hhf15eFpvB5y+cUlnv6OjCaINXGXEcNPlrw7 EYtKUNushATxhMptM0sWQffDWROKD8c612WrbYo/zz+ApnNRUzEs20+cgvlTl4d9
0mvTezWJXIyP1E+x438ZSFkN8EL5DqvbttkzH+0qcUCKwp2/RADofAsRwDdDuIOF N6/untoFR0mPe+0ZuZ3iCKmGdw+LNwR3jBeLd0YxYWlQrRBWja4O0ofswqddQ9Iu
UQby6oDzqLTZHNWvrJiLkgquJ1iXWiKEWPAppgLc1pYzzBDFuOIKb//tjUznp0l5 99+ksCTch4n4BSDNQV0VLQ7dX9uWSgnno6fD3gpmIJxrNuAMfBavXqsP1Gtjl8uB
lyCNpkazuj2FGeDddz9jvWES5u3jATrG85wK4WTH2vjIh16Tk321OpwXeJP6M17O wBXn//OiMIOgHYvLMEj+A0Q3/D/6sB7Mki15spxF3KDI+6OiFQJkruTuOF+f/SaG
cG+NuQVPR2r6K1D1IZSGOf9/nsDVtnB5LePXyczIPtPoJYGx20Kt2IUyjJ/00mxt uGAYgEjANuOLCVu6aQZPf9lu5SV1MJJ3VjXzS2obkkk2lb6aNckXG8jZPzHwCoPJ
iGk3/KZsVJdukr8S6U/h5V70E/i5o3GYgG57iLX5DoA6uMTlxi5SEEv1qYMd/fw8 XDTwP8sM9VKbwMiv4wA/pxKjGEtJq4sslD2L5CaZBUakhIJtXSaTc93qkH3o7up4
o0PCZw8N1kkkLxP4bKtMJJcAasns68CSu5kxC7bCynjEVR/Ea0YO7bAf6V+pDYYA qyChBX3sm2aJPvw8s5fktLauyBrUwVl8/naaCNJq5QXhcfbGxoBaoDaDAZ1auOxa
ABLNLdZBQuYJ5r4G5TSS6YQQ/uh1zOOg5tcUS3JPb3VYVXSthtpxaR6Z0bMv5tKC F802tArlDy3/c8KAcguiZhJTnPdtC//v8AyMYXbocblLoCblM8a2QTmif7LUcXZM
ca4gleLxxv5qWetxcNTKR054tCIREGX9qUX7HhIWV7cd3tiaN3N4RHU17nfy2mr5 CMiLgynIMMtQA7gfKN9uvAR+Yibh358h6vupmu1dW0LsCb9KYtuNWEIL5CM2sw8P
geyQdfQRckTzuH66/a7czTqlVMUw/3oXNwqVVyxgyg4TJ7cHwfWx5Em6VCdUAeYA 1hGKrAxJrbQX3WWJIn1d+nv+ldqk3UOlwoKUTcxq4q7DYG9WjOev6LDGQyzAojrT
r/pxcMMlwboDg3gsUuhwBPInGrbs7fQwe2LAJw0zXIjw61dGPF3Q6IJHZuStrGvF 1Ob+fAR50Q5ssBnmN8xgw2zk/lVZH69Iaql8vG+zhNJRbSox5hRrovJWyA9XtlUG
3GHO7/U/KW7P3aaVdBR484uaCf1QGVgkfZYLZNtdATh3uydDrhLot+DYUcD0RI5C 9oVWLhg0aqd3FbTvlNth3S17zp2BLvAOfCctyoHHGCEzU/Bx5Sj55RvTlvl5KyUd
YIrZzUER0Wq2/HskDBh2O3LxGxAB+HAbgzIw7od23AIzrTvwTeyGY0Fotnr8y6ag KPU2lVox7C+ueMwzG3zwYHFud9YhmI21l4KfjHfaYICjqNY9QX15kJa6oxJKGi68
a2TjAEHxSItZ7/YT/SiRHJVPDilp8aptPKDQUZJS8POyxCy3zNKANzcDkspdcT1N meRATnQOm8l1fl+p2PVcmqB7Z1qkQwX7Fpjx2r3oJK0XO+s0du4rEvwlggqHbCaH
R25mBS39o5ab7q6eKiNF6moGRxG1ZU1ghXYFOTp6lHXv4YVpanOK2KKR3efly9x8 YZzGHJM0CfI1zIo/BEkG/JkMrZlAT4lo7KIykGGVoE342OVvohXWqH6DyI+4QOzm
apD5Baaoo2tOmQ7Xb6d+NRT6RnrIIB2jUyqUSTADRnVQEsbz2nxd91+HFAChc+tu CM/MYhcZwdeb2ucEeSlGheMzcksS+x/8h1uAhguFEf+y2+qcAuYCIUYuVPFn+T3O
7bn9swHrcgaBvC7ynFs1KIIx+UFPqEaOPwzbE0n5xGqja3+VFoEJ3hyOQ58N5Aw8 ee2vdXag6JYUzaRGSxfL7cCATB5O8d24HfiwGiyH/mQzuhk9CnK3IAkbdAcrkrOd
pgPavMZbWeBHwu8cos+FiTtRsNHY7KxYXPjirYRFU1d03jIWThwP3omjfS6cv0S0 zhbPrJzG5eqohCnarEwsE5cpfTrCveft+xqE/5nhM0zmgvXr6ZZ/i+Cc2e//FUw6
wARwjaiLisgm4g8hj+7bAWjsXYNXbGhqeqbz3pYWYH5BQE0TIGdddXPjAFJs8hih 9jdtZsKMHqTZUx5oODaoBTAKXS81PW5pChQGNTCP9klM0nFspLEg7jsDnZm5EXHU
tn2bOXQqSuywiuX+RVXU0rPPoN8baZIqqLkxeAigsNzgFLhQoiS92hmoCsxgwoXK qOfDCPdSvDGg9UkmiYrGujFlOywYn1Q+ai6Z045ILD23Ha//+yHZAms2OA8NWcA/
EBGZdUd4Tq4V4BjhRXqdFf0OE9jh5pY4xzslnYkxSmemSGqEbYUyJQKQntzx9SdC UU+2kYwS5gYilvGDV7T1lvnfLiL6puNP3Uk0N1HTG/UWOQIBhYbtVfmGWnprz2SX
gdwsNGOr57z00ySoHMWvChgw9RKZXdLF1MPp3BjIaOXwUhQPOaQPhXxSyogY28V+ uWQfrvgkCisjHqTrJ8UzaQaX0iPEewQZzqVoMIolxsnu73MqncRwDTbQv5UWj8zU
j4cGogR4dSdR0YhVT7HeaqjCVHbpxC9BJD7OXE19PEU6wBSInQVwddoYHgxJxEhS UL6I33gCd5v+SLSUfAXzZq3YpiMNku+93VL8PnSh7d/fSD32N7/pBOewxANOR1Je
o/GVUO9kqqL3ygV75MtfAOSFuO7RgkQY/geSQtdN6+DZ36LdP2xRdU43aICpyHku pV5xHCFTKoAvIg0fNJVgOvPmXTLU7RDrO/0ceGbIxDD6kEle8rFe3PQQYBZGjIHm
fbUpAyIxpKYBndZAkf/zvDSX67SvhIWrMsuv3VMYZSArW9WWifvQQ3RsYl6Z1hot l+1Mf4XPHUu2IdQBlL9XJTAfGu7kYxNBfdvf0rx7vFjTwG4neNsgaG9XOTtRIWcq
NbJyoRPeh0d+18Gj/Nyd2gRlTPzIsfz/jdQqfczTK9d8ewTCAQl1ddTaezlrmT+l 9LODeZUsP/Nnc+M2GcxMjJGLk+c9pFtoXYvgKA77UlIC84FdcNUiAYx14CYStMti
GIniD99EIhouDeH97v46rJRtSTqRv5EtTFktlQHooHJWM/nRmvEFE62YqMrfT1c4 Smi5MMf7luGRy8JDjmHgUfN3e93nCABa+76VYaXkCbp1svkGJsuBCi7xSBlE0xVu
US4JkBI8MBL/oB1I0F0SBol1SWex96Ab1T6XdZihJXStL2gGJgQNQ+Obj9GvFfYJ Qi1hHs6a4yL8STkLyDYkBAsiBxWo4kKJOgd1JL/lfscCUZW/90jbOJBlF9NhWn+o
uEv+LUP88Cv1MWHV5OrCUXmUnuaGj6RLM27nL6pmXTQB8cf8CwkAlYP8pLzEn7I0 SCVG+e0JbdN8nbIVgVhd/I33bJMVOk+RyfYY04BU0BCGoV6r40CJtMFKq3SZIdnG
JigRcYCY6eevrctaIPkmmU7PKAB1RF/HUTdvelWzN60jF2idZKn0Oc0ks+o8IUpD 0GfXjGMxoty3mKYrOAGui1+JMxyzabqRQTxc/k/HyPHuNCr6UNGlL+UXyfWAZSSh
uoh14WwvAZnXbKZBWasPuw3VAKCNiJxik4F8/7S3w75dW2AUmwamSFWNCpU6B5+X dI+mVcsZ7yGWUz/sxLT19NFmv4hq1e8sBtdTF/Ws8SmEVlSmBRhokNkk0+rbM6gP
9w083nMsnDbvRai7BHPmpsGmppuH9RHFMFHwiV66UR3Q0aapDoalA6Xo6uFM3KtA pdCsz6rcv7d4mmhCx+A7kNlOA0KPenHr18coLApibfWmqliBwNQk+SR5ZYdLAAPc
ytx8v1qaqmI9XyWO2CySqGMR+d/Vu1opugr8jIrJCo1FGNhhj387FCeZsBGsKAo/ Us7xikmqXd+AIPfIeigGck+7fTvKf/c6tSG3JMUbXlnYH+18swnrclF4/Jswv1wM
Lu6DgvgnV/DcipEafi1O8uJrNcqM34FGNL8IGDcWAZGxORNIyIZ3x7dnLpykaoS+ IZ4wCCYSwaAyX/CuIyUGah2OtPsOmg78hLQ0VCETt7Md1wld6NFWhiEGQt96wKL0
CkABKOMiUYHwEqER1BptchQ7za3nh2IzYFXbPs/dfkLEPE53+RMe7KiDoNDp64Qw 215fiLORCfeitnK2Rdjq4OGnGUpQ2P6aXYJEa6TJ0EMKMFKeaoIwB9fiCEhVJhUu
QrZqT8powhIZEVsacVKBe8iiOsFYK1KuAL11zfvSBFWfXJC3pHZOJWqhlYjsATmD ejUAAh01aciU11MT0ZjyfvQZIbv5GyFsQOjsvYO47xOY08Tfg5ZVKn1Zq+xVe5qa
FakLKn5FNuib4PXo52fcqz+EhlqxxxjXePjtIA3D1IzOfH7IofCX/crana7PNGzU g3t1laLrcEtAhhgpugHX+bAiwoOeP0QAeRpoIA5wsvvkyy6ou6VaB6+a5Xp3fcQC
5/KX+1e1srAhSMuylPYSjJFeIQ+Hj63LKp0wisFSq5eAeSh6BbRqCat24xozeMs1 4gsr55CoYynF14/xD8obq+o6XzR0JQ7lkAOKYTnBRZirNnctTurdbbOHgYKyiE5a
w5285nmwglBHXR9daIEyOZbN67Aa//9V+ANayy2sek4pdsTMyelCtYng/3el+3yS +0HhGoa9JI3MpfIWKu/RKnOVSwJk93SJww4Xi36ifBJwHW/534W+62DrOnoss4wT
8eYxeLFW4u/9xJsOg5zKwwKkxWUadRZrOYBBBjZJrwQj+/C/Ydl/xCXdCrzgX5tM smdYByOOxrQ11yeBNb1yV5/ehfRdAY2dRhOgv9ZQtutFdLopZAai7MZkh63P8PSy
e7NfqrslEd4yaAAG0KfRgOzmhinTnH9xwMk929d/zgcYtcpBhOLXnsbMCpcOsBlg PvBVlpXrx1ZxCRuBeafxJfU+rWSS2x2Bep3rDKtdBLM/816NUvMprDeR75QiESZu
9YFQTAINMeIXRU5JXUsOxufbDR/XPbLy9bgyKBUUvSvypwEa8yvVaoJvO1FxmC4K byynANxocATJEkPOh2uGQ1RMlBlFz8dFLgVIRQ7MloIEiEyzdkta2XDKZ67X0F6u
Ne+843Wv0RR8M0QeTP3uDfqcw7Rc1if4Qa0fcZWpDGec5yqoiL8Rx6XpMUhxqZpm warivnsUCeT/h9SeIg3C3tpxgBpb9NppMY+UVb46HB7XpzjHQObDAwC3VEizrKVm
KGw7waMxgP/wXouwXJNFvhUcl2klVG00affvlt5IxJFly6hckkGgsMaDrNduziPn a/6SynuNH5n/zNU0/MSY5M3GQL4xSfXq8AEId5UhuPiFwmD+sQ+G4VVm7d2HbXbL
j00ugta2EgVnAa7fDe9MRXF40PSwR2k62T+OdxrRtC8Fvw5wlQi9etWG0VGuwxPN 9D/NkDep0zvdqbnB1ygTnlnRf/Nl5uFsdu+/1iKOMP5guzqCj0bKh+52lQTBHPDO
kMTVWtOHRPaaySRXwOhw1j2PGUBBJAb/bFfHAFHHLeM3A2M32xWkkVo4y6bNGRq/ nZVM6Xvr+hWZPEZ7auSUqgeBR3DBXiwvRL5sxNysL6wRu/TXVV1ZIew+EiJJ9uZa
50XRISApwVZbpSUm94VD1++LYrRk/u0XUBE0vHUeP16ICKKWXk6W4sFfAqisuPTS f0f+vvd6CeF72Syt7ceE5vs0i7M7z7dHMxiBsskpgQbx/AtTxGQyMU3Ki4DtmmnJ
JzqrIaQcOEEcn8c//Jyo4HtmFmqDdVeax6lkNeQekyJDoc9U87Gie9E8bJWZ9F9p gYBnIR7n6Ywu33dIeivQwZVywdnwHo6/SujaAX0bEBcPAlQqczLouNtFB+OKbdQt
jXod0zX7SQjS+FqXA3vPeSixDq2+4rJhUzsF8aPxm3/HjutoLlylXTi7V1W15oh2 jG8wMLs8eV/cdGiniwDXtSTp4VZw8lQNIdiGtgWAt/k11zFfn7A/YF0QfC8e1k9s
fpyHBPSp9E851ZLlf+c0OXOA2HfixTjg7LVBwtf7jTZhUt9P95PIYQJNu0BhCe2w oLhZTic6SY33HLDJX5/Iq2b3Iw6ijzH8kkgTRCdtoJx+EqRIiV6ybT040cRgVCKp
TOMcwNVigbKw0ZV63nSs5zOJ7ZjMVr2eAONIYCx5trzS1bplUMdspJVkTUp4bycv FSZyuTeJXKDGWFDpbhz/PD4Np+dzp0tVUWw0M8pFy3erWmKPqu5Q4lbwinZPwtUD
qgAXguOjMqxnS5ACuGIFiGRIyWMi6oVt/999wpSwJ71wV/rWZTgaAvU1h7lfqM/j PpP8CBKRWXanaqy558CIyJKzhkgGXR2z6OrOXSQtVDbcbQtxixdjV9lGP2qP25t8
GxTHnuqVlpYPupUpNaHE97xbNbJoFTI77EnurLZssekD06jlzErtEkOvBZmj6KrF PCsHvbNGSvBlmIUWPFn4iQ9T7wnDMtxPDzBb0k6KXWi1IxxC97pfFwt7kVjGT7St
StJMuCKE03KZo6BmOagisDD6RF74fMxgQ2MyC3KeWpjbE+VoMEbNEEcQYW61kyUy 6amDshEfCqLLcwCN6Aa3lKfP58FewuEoHoG5xFaT1+lOW/U6n9F6T2+CUM/3YOxN
Qgt/TuY0WmMyrfyZJf6/xd90zN8tLRqev4FvOtPxfHE4qEGzlRg3IMPKrdt0L/SI kq1oI9e2dCDvz9ND813U9YS8HGHqGQqjSQteWt49xRXqvMi7gurrNz6i2feOmCvI
B6nFxLwhsKLCzfoGYl2npk4IaQsU2v5obj7blSgNLhGGD//JQkbwNYp3UgToTsZL GMIsnp2rCDyIfmadJam0ElyYnSHbL+PyjhMt8883j+N3m5IKUfA1wo3KbI2zWa2w
QlpkEnAmardCEj4olwiOqwDWAZOCcicf8PcvZYRuTl8yZVlpndx5eGvmCdEyEayU mP6rImkJ2WemM2Z5gIQWJ1DOKt3M9fUxwcoX8W8XEXiRVJgOTp00xn+fqXqItZDJ
2LCf3Iiaoeb5gF9BWQt9c0nFXb4iDjbcK4ijMbpw5IYRHAze1/GMnbkJJwzItJM2 qkdgt7h7bVnhQbV6fvOCSSwU1ta+bjVGFgHPE1C6+Z6UrHQwn3iM9ZE7A+ytZz2D
LXbJSyVC8DvUYjyJsBu7CGJpd53lks2Mq03GFGVo3sDp8RlAUddXOqnvKj9je5Qe CikVVFZANawbp9M5mM7PVPEY69n3WQ3VqpB0rZbCYFgNB0IyUu2yg06sH2wrKYE4
pygvaBbAFn9NaHNQOH0YRta9DEphGqMzjTgCtdQWhDHAUZ0P31fR2gcgBred6CuO pfMbmLOUyFTbfs8ChQiOVcmtZHux/wOL52MGFyBJkupHwhZ1bBSjZocuXx7pxe5L
gwoiXJxTyhx4Vqeb7G+dqx9/TpFgN0/Ml2p10Bz5yXuDPAP/D3InjewCSgw4rOrB 5EFMWtj6IQvQtE6XB7Nm5xcKty9EW/eIkd1aUXXRnzRKOZb7eWnRnqe21iVwL3el
6/W13FnQfpngWY3Q/HvQRVlArUbROy/qf7amnQ79CPzYKUIW8xn6rD47ssNT/9i5 R26HfqfCDntOCSSkYdOmeOu/mD4oZoqT/PRcR5i9b6jQUtZyfmbFBG7ZdIuavn5a
anPtuUrX02E8Wg5GeB3unBvqsRliK3tbS5u4pBCEHWrvHQuDJF3VenPdAag0pM/a orjJCN2i02T7v2zN0aYTnMX+3fue/Ekgdvw7EfuBp73JaySDVByciSQkzDyJnWEb
SRMsrI8ScXsz5XeZwRCCkxIB/8GNwQuHsiVnKQ1tmBg9dn1DyxQfHyN25J4o5kSb fw5dEF/Zxl7KhnMud0ZIOZkdaAWyF36jVUgj2znIA2cjVqd9P+CfH9YI6vXPefgE
3hj/YtZk5pbOEtWvLOtMs+zBa83RaSWYaKn+sJESrx+pyU7YLxFKNmkbIVdB7m3l rWUbg1ijrufE26Yd40Hj7hMVXdeIwDuhZe8AdSmovaqK06N0eBRiyCzznmmaO9ae
4LXb9m0w5j+zXRPGvoY4hzVz1bTFqhXCKORnCjJdm/2J1vNMjC/FioeAOd/oGwBx VVdLoHyY5l/95Pc4cOZoeFWJ83agzcOrtSHWgAkVsycW9xg+g/oHBu3VoA8rlcs8
/knz5VWDpbxcl0zeituHT/Y9iZ0TUwDncB3uS/sWn1F5yEIFrgd4emtibETOS0Xb Djv73l84caZKdwiQ9sHvsvBBMIT5Ozz9uts+STb4e/h3ElAAkddL7eFowqlVOGIN
aweHBTxxZ0IuCYhtbyqFPv+P32bK9dAsO7gVCCgrISA1TmTI9dRRJ7xE/P24OBSZ X3zSdDv1sT4D82oAeMDxeCAxG18Bn03Vd8dt/zA8FxVluUuLmcBHVVgy6pPqdiit
Zl2/8xJsMjaxDvcS63hfWelbJRS3U1RRp9vZRbkggnutMrBu61NL/yLxPCS5OR6q buR6Saa08RusmygTIjzbc10ZUD/bLB7YlCWS6mWwriviXBg2ThitwQJL3vXfEWHF
HVw2Pr0MvkRvZx+RHQf9oT8tc9owYhxwGhweF926OMlHwsYW28K/IKyFIaMWwlUH mHiGR5uc8dVhU9CmzqwQiiFFA9WOE8wgOudV419m6RbmW3grmVC8xskOYK7EzX7s
cxYnc2yPckCN5ffTAdQXA8UNFBIBnSmartVGG5zxc1PoJCVax3Xz7Tgj+vISBaeA Mhv6dvIIY6in5dYp6hEcQYOsdxekSlltHUVIaijO+z9zxORP4XA2tkyU0ndXuWkg
HQHjNSzIa8APRIxE5jVMvzOfyvc6KtPLLgbOmvLmgyDC9rUVAuceVO9oyLS1MsCV kivonLqcBXiaO7nICbpwLKDK/N1JE+nKZLUZg51OXig3obIe5C6oALyC5o56zw9q
g3j4RmMIswPdagpYELQcwuek5e5ffD5bidL2Xn5BOXkMK7N2S1lXlmWn215NZG55 5opiXEKZBhjcEBdzTfBeYRE60zfqbacTyDS9wBzHo/84wY7fhNQsR3Y8t8bZZJcA
PoIAeXjgNDjdMmCXSt/frUvTsFOPtcCA2JAcI/e2dsyAF3iIRvPpDPRfUsvEzSQe STWQVzhjszD1i+WRnJJO9fc9htipj7I7Sec9nMvrWh+sCeF1/QY+rEqbhQWajyUi
gB6OEFYkDOqcG7Lk9Hx5d78ZpJst+XViQAIDlgLHBpPuwkIvh9OOdeP/XKLH/1lJ NTnIwHeuYIqtP8xi0vxqmBFe/t/WPrd+r53YOlObp6lJWPk8bnxA+5v76gjHAIHt
yOQ9mQCfuTx6rBtj2216o2L92OKFI27F/Ns4Lcir5VX0/6hrNe4/BlkAnexKnOgs utp3kvykjCbJizw0WFU6du/jgCXzaYFWK88smgM1xAJ9dXUkkMekx/kJwUr/5Dfd
Ok3hIuQnB6C9Z2vtWt1P0lnsemX+AhIJPtgRs6aGhMUnIwtvb8aZwFsS8WvaA6PG eWMKT42eG/JxFMeauuRsOwMIxAuj+AJU3IHej9oYBZWuEMqid5ZvL05ZYO7IaDoO
uLKBUfuv5V+mjt5vNNlnkaaF9bMGQVk9NmK6mgkqmjmoaXP+8MbKHJ7cf2Kt1Bpc O/pfhG0YQ1mE8mCwlvqggUYfgVnfxBpAi5yikLMkTKP1YmKqfdDC3PvpDrqlp9Pc
PJ8uPBQ302Qv3PjpFk/YYdi3tmmvaxbOlDkNCJ87xjN7Tlgd5jmBZRCDzxDBmbOs rSMAnsydjO3K3JGoFDvv4RxCuIhn65Lqz1s9YepmHNfFlAZxEPhC5MJlwIXAT3VV
1USxLB1yDN/k4soKAKL/Ze6rVusjC+GJ02TcWFQkS5eQjxoHNKIkU4fMDggw1vzJ imEMYLUHbb4HsqWX/KR/FuZO0zpHGZhPIdtiS6TdiRm4D9ywPfV7J36zDVFEP6mm
m5kyP5p5DST0+cko42Ae0yjn05T75MdYP0/l/I8YBes= kE7FrgI4Wo5aizOFA4GZFXN6h9IlsFiV9izXUoMjFJwR6Kp/QF1ikD0Pf/aPiUqu
C.3.4.1. S/MIME Signed and Encrypted Over a Simple Message, Header C.3.4.1. S/MIME Signed-and-Encrypted over a Simple Message, Header
Protection With hcp_shy (+ Legacy Display), Decrypted Protection with hcp_shy (+ Legacy Display), Decrypted
The S/MIME enveloped-data layer unwraps to this signed-data part: The S/MIME enveloped-data layer unwraps to this signed-data part:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
MIIOUAYJKoZIhvcNAQcCoIIOQTCCDj0CAQExDTALBglghkgBZQMEAgEwggR5Bgkq MIIOVAYJKoZIhvcNAQcCoIIORTCCDkECAQExDTALBglghkgBZQMEAgEwggR9Bgkq
hkiG9w0BBwGgggRqBIIEZk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z hkiG9w0BBwGgggRuBIIEak1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw
LXNoeS1sZWdhY3kNCk1lc3NhZ2UtSUQ6IDxzbWltZS1zaWduZWQtZW5jLWhwLXNo LXNoeS1sZWdhY3kNCk1lc3NhZ2UtSUQ6IDxzbWltZS1zaWduZWQtZW5jLWhwLXNo
eS1sZWdhY3lAZXhhbXBsZT4NCkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFt eS1sZWdhY3lAZXhhbXBsZT4NCkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFt
cGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQsIDIw cGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQsIDIw
IEZlYiAyMDIxIDEwOjEzOjAyIC0wNTAwDQpVc2VyLUFnZW50OiBTYW1wbGUgTVVB IEZlYiAyMDIxIDEwOjEzOjAyIC0wNTAwDQpVc2VyLUFnZW50OiBTYW1wbGUgTVVB
IFZlcnNpb24gMS4wDQpIUC1PdXRlcjogU3ViamVjdDogWy4uLl0NCkhQLU91dGVy IFZlcnNpb24gMS4wDQpIUC1PdXRlcjogU3ViamVjdDogWy4uLl0NCkhQLU91dGVy
OiBNZXNzYWdlLUlEOiA8c21pbWUtc2lnbmVkLWVuYy1ocC1zaHktbGVnYWN5QGV4 OiBNZXNzYWdlLUlEOiA8c21pbWUtc2lnbmVkLWVuYy1ocC1zaHktbGVnYWN5QGV4
YW1wbGU+DQpIUC1PdXRlcjogRnJvbTogYWxpY2VAc21pbWUuZXhhbXBsZQ0KSFAt YW1wbGU+DQpIUC1PdXRlcjogRnJvbTogYWxpY2VAc21pbWUuZXhhbXBsZQ0KSFAt
T3V0ZXI6IFRvOiBib2JAc21pbWUuZXhhbXBsZQ0KSFAtT3V0ZXI6IERhdGU6IFNh T3V0ZXI6IFRvOiBib2JAc21pbWUuZXhhbXBsZQ0KSFAtT3V0ZXI6IERhdGU6IFNh
dCwgMjAgRmViIDIwMjEgMTU6MTM6MDIgKzAwMDANCkhQLU91dGVyOiBVc2VyLUFn dCwgMjAgRmViIDIwMjEgMTU6MTM6MDIgKzAwMDANCkhQLU91dGVyOiBVc2VyLUFn
ZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wDQpDb250ZW50LVR5cGU6IHRleHQv ZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wDQpDb250ZW50LVR5cGU6IHRleHQv
cGxhaW47IGNoYXJzZXQ9InV0Zi04IjsNCiBocC1sZWdhY3ktZGlzcGxheT0iMSI7 cGxhaW47IGNoYXJzZXQ9InV0Zi04IjsNCiBocC1sZWdhY3ktZGlzcGxheT0iMSI7
IGhwPSJjaXBoZXIiDQoNClN1YmplY3Q6IHNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5 IGhwPSJjaXBoZXIiDQoNClN1YmplY3Q6IHNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5
LWxlZ2FjeQ0KRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpUbzog LWxlZ2FjeQ0KRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpUbzog
Qm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEg Qm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEg
MTA6MTM6MDIgLTA1MDANCg0KVGhpcyBpcyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMt MTA6MTM6MDIgLTA1MDANCg0KVGhpcyBpcyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMt
aHAtc2h5LWxlZ2FjeQ0KbWVzc2FnZS4NCg0KVGhpcyBpcyBhIHNpZ25lZC1hbmQt aHAtc2h5LWxlZ2FjeQ0KbWVzc2FnZS4NCg0KVGhpcyBpcyBhIHNpZ25lZC1hbmQt
ZW5jcnlwdGVkIFMvTUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVk ZW5jcnlwdGVkIFMvTUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVk
RGF0YSBhcm91bmQgc2lnbmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlzIGEgdGV4dC9w RGF0YSBhcm91bmQgc2lnbmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlzIGEgdGV4dC9w
bGFpbg0KbWVzc2FnZS4gSXQgdXNlcyB0aGUgSGVhZGVyIFByb3RlY3Rpb24gc2No bGFpbg0KbWVzc2FnZS4gSXQgdXNlcyB0aGUgSGVhZGVyIFByb3RlY3Rpb24gc2No
ZW1lIGZyb20gdGhlIGRyYWZ0DQp3aXRoIHRoZSBoY3Bfc2h5IEhlYWRlciBDb25m ZW1lIGZyb20gUkZDIDk3ODggd2l0aA0KdGhlIGBoY3Bfc2h5YCBIZWFkZXIgQ29u
aWRlbnRpYWxpdHkgUG9saWN5IHdpdGggYSAiTGVnYWN5DQpEaXNwbGF5IiBwYXJ0 ZmlkZW50aWFsaXR5IFBvbGljeSB3aXRoIGEgIkxlZ2FjeQ0KRGlzcGxheSIgZWxl
Lg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQqgggemMIIDzzCC bWVudC4NCg0KLS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhhbXBsZQ0KoIIHpjCC
AregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0w A88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAw
CwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxl VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
IExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIw
MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMI MDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNV
TEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0B BAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZI
AQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeN hvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSe
SiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+Ithj d6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQ
LeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/N fiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIK
kug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSw M0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9B
qpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQ yb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG
ury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwG 5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCB
A1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWB rDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREE
E2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0P FzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4G
AQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSME A1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYD
GDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4 VR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEB
oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIu AIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8
s8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2 e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046g
AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gz fPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB
nbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqH 5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvv
rg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RH jiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ01
NrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcw 5fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrO
DQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg mqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExB
V0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRo TVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24g
b3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNV QXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0w
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3Zl CwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2Ug
bGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/ TG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgW
T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5G Pk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18L
Otz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnf ANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtA
itOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjG wW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4u
sgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/ rMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtA
N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ V5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XND
45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZI U+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwG
AWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQM CmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNV
MAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIc HSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLIt
l64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJ HQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZ
KoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xii MA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF
dfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2 0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjO
lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh ad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6Qpi
2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2I vtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+R
JCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcB rOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazX
VyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUx qMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEw
DTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1w bDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
bGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/Qqmi U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11
XDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZI
BwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE1MTMwMlowLwYJKoZIhvcNAQkEMSIE hvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTEzMDJaMC8GCSqGSIb3DQEJ
INdmPheiziYcbAwKeKaDpmuOQFmVMdAqPn4+xeOFjp3NMA0GCSqGSIb3DQEBAQUA BDEiBCCSH/VshGTecXJjFa7ucaLu5N5h+XWZDoRRFzjPTfPjqTANBgkqhkiG9w0B
BIIBAD0aQzYiNU8AycDkBbQVbuAjHzerZmO27QlIZ47Cw9QfNcJ3w40RJAohR487 AQEFAASCAQCmZj3YztDO1jbNLEaAm/3QumEiuQzGfQctHOakbQxvEdazDFQuz4XY
1NpkFskR79WY6aHuiLxClWV0Jw/iuieAFfBZ8Z9t2hOt+F93M+9v1eoLzrgA7YZG tnXnadpjedB8CrzjKdgP8A3ls1mzTSrobnZ4hEd9uhuMDgVRUXaEy+0rx+XCfBek
itp6r5zToKCdwNOc2futk/+dutbrTqYlFI8nnjLNqegBiGMMzVfateMc2fVnIVN+ 2fvCIwuVDT5dZ5k2X95CTtcAhBu4VcXo/WJEiPKAu1/p+iZtRiZeV4jZQBfquGT9
7/4fyA8ASzseEis/HQTN7sEjw0pUCvU4JvQy2klVYsaTZO4bdKXW86DHEWjoiweF sVqKEXkhfyAjl8pynl3yOMoX3AEnPOuFhEDm5Sx383zfzF9jvoaK5wOne/PzZ559
liiKSueA3WB1jeJRse2/g33dL+5++UUtQLY3kdknM78705WOaFg03V57abGCp2r+ tzHJBnv+nQN7UpC4O6LCCIyjzI+hoEV+GP0m0LpClvUcRaplG5vgwshhHJRyjeOt
bgcHQNhfe0MXoJHKqYrnG++22tA= veiRr2vhYuXwo3pR+NzQGx3eaqOnksSP
C.3.4.2. S/MIME Signed and Encrypted Over a Simple Message, Header C.3.4.2. S/MIME Signed-and-Encrypted over a Simple Message, Header
Protection With hcp_shy (+ Legacy Display), Decrypted and Protection with hcp_shy (+ Legacy Display), Decrypted and
Unwrapped Unwrapped
The inner signed-data layer unwraps to: The inner signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
Subject: smime-signed-enc-hp-shy-legacy Subject: smime-signed-enc-hp-shy-legacy
Message-ID: <smime-signed-enc-hp-shy-legacy@example> Message-ID: <smime-signed-enc-hp-shy-legacy@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
skipping to change at page 147, line 33 skipping to change at line 6792
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:13:02 -0500 Date: Sat, 20 Feb 2021 10:13:02 -0500
This is the This is the
smime-signed-enc-hp-shy-legacy smime-signed-enc-hp-shy-legacy
message. message.
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft message. It uses the Header Protection scheme from RFC 9788 with
with the hcp_shy Header Confidentiality Policy with a "Legacy the `hcp_shy` Header Confidentiality Policy with a "Legacy
Display" part. Display" element.
-- --
Alice Alice
alice@smime.example alice@smime.example
C.3.5. S/MIME Signed and Encrypted Reply Over a Simple Message, Header C.3.5. S/MIME Signed-and-Encrypted Reply over a Simple Message, Header
Protection With hcp_baseline Protection with hcp_baseline
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft with message. It uses the Header Protection scheme from RFC 9788 with the
the hcp_baseline Header Confidentiality Policy. hcp_baseline Header Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 8300 bytes └─╴application/pkcs7-mime [smime.p7m] 8300 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5136 bytes └─╴application/pkcs7-mime [smime.p7m] 5136 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└─╴text/plain 335 bytes └─╴text/plain 336 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <smime-signed-enc-hp-baseline-reply@example> Message-ID: <smime-signed-enc-hp-baseline-reply@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:15:02 -0500 Date: Sat, 20 Feb 2021 10:15:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-signed-enc-hp-baseline@example> In-Reply-To: <smime-signed-enc-hp-baseline@example>
References: <smime-signed-enc-hp-baseline@example> References: <smime-signed-enc-hp-baseline@example>
MIIX7AYJKoZIhvcNAQcDoIIX3TCCF9kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIX7AYJKoZIhvcNAQcDoIIX3TCCF9kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAGpRgu/+AsR287dW3Ygyjh1atM+HOIMy1LVi Boq0MA0GCSqGSIb3DQEBAQUABIIBACsFMztj9S2Us6fsAlVzAPVWpbjptMkEGnAZ
g0Kr8xBysv4g5DuAWfNU5MC40hTQC/VzBNQEYq9XKLZojwJCSAz/doygseKYXqV1 b+17E/dDNLBf1K4WiN2WVycsvg58WSEIUfRBxZ6BHePpS3+4Tg4PlmzBV41gGZuO
I9Mwh3tWaoHHgLQxoP1zY+AI7jWNIwSbTtn9W2YGtZCeZ0oV/7QY18nes26aNDgc 4eXWbrkGAwBOsckyRgpDLTmRpnN4lczjVx4gSfkEOXeDTU5FCoed4i1jnIHdP1Uw
aRdEhx2jmLKxvhTCpFy7scICBSERea5SgN9uRAUihwsEvJRhX9vjngrlKwbGKMz7 v7WWq/SnDrwVfBZZKya0RPn58V299JxTjDKL1VKsCK5NV+weQo16deS9d3deg48n
ewpe0YcoY+gGRYqUYLKIvu6jyd5A/dDX2Tc8z2Zvv2MxYmMdP0okeAiie7diTHg+ dv/C9Gme0jUoOUilZCngEytRsGhJSoummFm2sieZ+ypP1zl8uZUHfnJXPqPiK2Sn
ae9CTZN6HP7vbKHaftgcKcP7JT9x2PfoRLBagy1xFG9sy0DcqbowggGEAgEAMGww Ji3nypkjx1BJXO8M3wsaifNGmk/Rj9mz8mXWkAL2RrhP7ViISsswggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAN08bq23teHvwfECD/cO1SAZq HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAf7w9j/+bUK8AFDQHC69/A/xG
OJ8aphPZfk0r4yfTge+uSLc/UUk5ipnFTHrUfmf78/BQmqSfaPRwHRhLREaZeFB6 /IygoRihTfsSINKsaezVLHmVvJXqOiPDavHRvHLMQNE0lqLy5edKD9tndyLCkOTy
aWgZN/DSe8BpkheW+2Y7L01NvmREQZLP69mwPg1WQ+phUc/NCUvz9XCMDbroiX5Z xa8kQWwzxfRJHBq++paJMNTgdSLWpSMVxxPO7FghXbJoHPRq5T1m4q6V0Hjixfeq
XwauA4fjKKRhn25wdrb0EeVa5PRg2CjjpcFrLWUU5TvDbEB1Qss0X467REyFg0QV lvtnWcGTFhwDiW09beFZhZInMGJOmRcgqHjToye2RkN8Vna0ySczcoWl5yFqW61J
mSke9tdTh+M7IL2t2on4DIlxJy9A+dVtwMgz8qd/bw6a5qGC+Hk6CgpskEfexANP bW1bHVun8Rn8OyEtw6XDDbnUgiVB3MYa5daDcVUe09npf+04M3gPQrDe27SBbmFm
ypqF9iFQW/1lr1NhDOm8OQLgm4PG+/L5nX/xsI3QkgBbpC7N6po06+W8Es5lgDCC LD3KfuLs8Be4TBRVaNkiruULjidQ0akI4gEaSpAX3y+ALHPDFH4UbwQrr7wdizCC
FL4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEAYLQLnmoDE+1L9M+p4U5lSAghSQ FL4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGKhwDGWZa/xZkxt86e1AK2AghSQ
ukiRYivwnbEQfkBN8oIwjd6EBGHDfK53gjhPxRaaY43MwJqWoSjCQtJAzc9to2DA hTHm2t4nNf1Tgo2kzG18BqDLWQNlUJVQdHShktmLMyXbJ3/qgZIm7wnh+lZecrR2
gFyL/s+lMGXxapd8DHwDXu9Sota0wZ94gJYSeNMBJy+QTjw0rkqMrurVqTrlDs+v aJ8yXfgWs8Po3atCKApsxA6eqUJN72NsrLIKiLSASXbsQHbRCtr+uJcs3M4z607H
55xulqMYcOw6WEAYdJwMZ9TPsaHb9af7k+KNghTBUpteD+HGozWGdOP/WN6I+zq6 UHpLSej8FRWJ7iRY1d4wJM5K0TKS+VzbMgo6MzSnhlZKZtqOokDCVgfg7t0fZKEd
HhwjXaEcideIxg32j8yT0bDHp3lz42eFzlFNCHd42bcHtEDFGKFUTZZVO2B54hcv mD7fn4qCeMCw3nkorWSBHnTkxaPC2vjPAMaFbxuRgbdEtEOK1DEvn4k1q0ig961i
DRDqLSIIwAs4TmW7ajD+qcfM3ug5lRj3NJERbZyBjjxwXCDAa1P+3ERBc7KovqWC 2b31Ne0VDTFyJLna+3a466wj4I9nnwaQsH/F3p5GAJl1tVBLQXi4VVYrDsn4Xiza
0NOgBLcxQL97EA0YcnYuB9qZaNC4/Z9tnPdocCCMXViWkqGhfaRlCHLSKbySVOQR gJMNmNBD4wXm2jKq7oT8KFTWy9vt9noH2qBgXYBvEkT0GDVx3gC5wCZ1YzUzUVS8
3lqLSr8S3lzQ5L9+GFw/om/Bto2VJp1AHWa7wdZk9CDdZKHk93eEGPHpMTbzcW/Y X0fA4xsz3nb+YpP2ir6fXPOt7JvyRHV1LA9Gf18cQO9izQR4IebBu05xnn+XAp8/
L5kaD2Yw+vRFIM4ZYYgya+WkXh6SQYml+dAKlsXE1aGOnsTYk6odoanC6Jv9Az0l p7aFpcIJgJtrgUeE96cvO59lGCNb4pIgYTYYZaHyb7xNwbTWqGVhC+DQgNB8xiUT
9FeNSeiH54hSyDNaDjcUvGOIm8b64pZCiZOc11qivKOmc//n3AmUTOk3+xvu/Icm /jS6QmOvXUMjSWULEaAeMGlB2NdxBPW2tyZxBpAhlOwn1k0yPgxYBa0r0EVoK7o9
N+Jv2blnYEF5jf73Hfv/xFm9ZuEfhLsxCtjtUcBmUyKh13vcoMw8iDU5gfUoTtD8 p1ah7SOY+GA2UExATAtmionaJdBdBTADN7Cc54tipN6+ILHaSBm1j3F3H/G4C1l6
ceN5XkTFELM44cc9M5Kec28gWHYUM09wpyGiq9/Z1Q8qS+RgRZV210Yikz886ATb qHatDbSeT1RucMmPW68GIeRAKeVgMgrttQAoTNWycyj+QYMKsZzRhmFirBsew37E
v4+m6kciaI95EF5X790zglLjODR8JY5gSOfbCGdb94XtPouGASa2J0TOO3f9AAE7 8s0crEx6GuQ0yXLCQCW+eNIfNqkGelzZmg9oNKSItFfOMbeWKRksu23vKzRzix7s
rlytRgPHMJyY7G2lNpSF81VhVlfY1RJZpPBbZ88tRvMENsyWQb+6+mMW/PrNy83L fBk7HwCWwjSmlbHxr9djjpF2wKLK34k73LJCE6TPktH69tzbQpI+2fPFeGJASyTi
ZxQ1E8gzA2oyOl8SIuRMgfYcSIGM831q/IiMTJI0cA8OX5iVD4KnBLoZlVCuQUwM V3h2tjw/pWP8I4BOScHYoJ0pDB2zsio2MPXUKghI3gaS2UEdJiyNEBclh8a4OffA
0WK/iGjJIgXDTsMLHNrlgZeulkfol/ryWU1M+CwJSetqorE3WBy4HxvUau8v20CO scxnVAIdKffJcDvuftlmEACd8lIOJSke9+fRNxvhKVk16rtxlovvnAlCL6HddrFD
pABkDZ29evve2X46KVmDDXGICE9O+q+fanmX4ZFzMsVmPS81s3JQhECigYJ62IPI NMFCbAVERIHYwXUuzj75cL99/X51exRFFMZP43s1thRvwVL0BDAhrm7VebtyXQHn
hl561lXJzkC8lcp25TcpacjjnvB3VGfdqDgTjmALJD4gDDgeGSWZHKWxEdIrzeXr iKjdKeBLhQ+FovYjve1vMcDPn1iaWKctQqDIK1xzma/YbmOAalrdODv06lwkYWeF
7yIoKC4H28yOtCwZ0UNQbeIVo6qcJjvTrSJ/ZD97L+jLQ5RMRwtGVoOhlS5tTRC4 y4G/ylLiPDsn0TisdFwslm8756750TEIXw+y9lLO60Jkm7Q35ldHPAa4I+mIc8w9
l3SmVX7qJbX3I/W1AKBGFCtvY2k/NqzMJ88td0RRmbVvNwFC7iioWYUCmU/97a6x 1MtqcU0Ly60nRHgdEJDJC5EO5YI2wGUPqrtnNxydU2+JEZ30o58ATJRWhJRW29JX
1v73Kqpc73L7DTkofya+zAgtHqcRlOvZZ3Api3Spa83fYQc8kUA5n/Pq7P1LCbbq 0QViBhwmbaDkGGhnEQzjngNDqBLSgSN0KeDIYKPoGAza1b/cjhDmckaUM1cdA3Ie
yrv+2Y27If+bW0CNFP+4J8/hFdrQECTBhDgf5PtnizLORXFxCvZbqVdwN7qjocqW 3AsaCNIizoTN4LS5H4TpkD3/ck98B8RiDbWODUigG5dLAMU+096Xw1CPp1BwYc6F
U/gi745fcEOJjIMeECdhpY4sMsAaspxFH21puSdUv/bx/i3Eaz4B2pgtL/t957pT hAF2n94fh0cY/PiSycXJmOVBHVv5K4iP+d+eHpcQrm0utMfccej21Uy8VG6cKCGw
oATDNublLFP8F/k+0Ml+LFFlg7YsbQG6l8Ki61xHyNp6HnK9XjyluLUIgTMV7KrB 1Gv8YuAK7Sf7yLF8plNhEC4YWr8up8KFkaP26Vf3KvVWWQYI0uVqaTXECiqOA3Xo
DZwqygl7UJd1IIgBZL6tS5mXOCv/k3Pe9raQR8MmCPNIuQynBB9JjiI8DqcCE17L BXN37nWnXe+tywkOUWZ2l8xpgirMTtBZjFSxlQV51bZY1D6Pl06qKHU34WijCCOZ
siRFtb0SPRR1GNmIIm+30HOB1IaPqPE470J9AprPe+tg2umKnD1MST8qOUQ2c/lt 5d9bZ5j3dZmfhEhHUjGHUWxON+JD5sAExSi0/bYGC0DMLSz54PHp0q0S1yPx4XKj
eSBzmJBHJKpOS2GHHIfOoDz6n6JvV1DUUtNi7LxJOm/cjrTxoviMR5b8hcOTvueh 9p45RWpfDTrpdB9iXDJm6qvDOHUZQP6uMjyEAu4nR3XXJlb2rv+qXhrx2S0fu8zV
nHtutZK2jrqGfMylRxPD06tRQ9cRv/svMlfXascl1apce0qwDGVUUVVxI8yvEwgL 7T+uu+ZKPVU3AuVw1/ciCRXuXYPUZB3jDEYHLJ8y7fzeic3hN0zq+Dm56BOp/0Bz
MML9qVt8GIC3xMyU8UXlNhAC9iU3VHuU1i/mzIdVQmxXyKz/Csnvwe3jY44iW50z zX/fTa1hwaW0EICeeTTzoCMSKbak494WxpaE/ekoC3T1/RJ6xWhvjrCqBlKeY9km
dRKmrbr5JKf5HFGvucEsmz9Tiz8xziuoxURAensZT8NastY2rmnHqAITbJc1TALo EQ500ZghhZG9J1wLVuEDD//6cyaMoakTGqv8QlBbfx++GRdUE+4zqFkB6GyjgywQ
cHow0MWUUfyjRQgFoSVsQf5LpOIvSxj2dZ0k941MDjmH2M1Zm1ik9MQtbDWx4z3o wbJGy1rpYdlRpPNJ2/3zS2K+DTzKiuDkVo9Rn++AfLs7blZukE41KTnIO7TTdL3E
w6rlyBnUq9geh7Qt45nK1dyuoUaaueOoVq1HXt2qZ2w8f0DurR6XueEuakpl5ty1 MHRYv21JlCWmTsEPLjAbgAlNQNWK+EaIMEnuD62foRyajGvtXahPAqU61Yr1+DmC
NrxDi3oKNc68s6jBnHbcRjlmqB3g1C/iA/D8gLZRcVDbM8kn+KGDMBJ0J/DHZn51 fQMLGCph0kTGoI2IJLf1U3dtRvI0eujpkjM0yi4tWVW0NdKF7rV9rP78VnXvCmUw
enlAddnXgI1sEolNGlGWVFFlTCQuZpw2RohTcP1/+6yD3TS1BakjweiXKLAhKNEn urP9o4oCICaCkvYPhYpCan+P0JxaGcSNSrY99HHIDoDLk5/sCVyMEs+pXy/9DVDX
t4yWxQiGurwTO0d0VxUItt0d7s8idH4pxjayc652CK29Ov5Dz8ysKyqT+uIySPJB luiwZG1dUU4f+2YZ7I76LcNXhUfZScKH6dPxxxQw1ypQWVdLGSQIXResiyI8XmTy
yyWURsmpqYtoV8Ox1w11oWisBa/dpk6QhKSValXOU+RJre1p59WL7Bozte21Z09Z 1maF7MZJjUUfm2GhEExFLgjskwg7Tn+dV+KxDek1ucCGxfXQb4tod++ojyFzcpNn
g0uQEezaR38rByfeG1sExG1QJGcSgyELVUYVOFcdM6r5cfHlsqNJN2XMVwlZry/W mLRFBj1t6BQV8P2rkq0tbXzJ+uqETp5VgZHY0pMnQqNHu8+U8f+4BWWLZNE9j5du
JgJKuHaw6LCC6+1gmselpXGkcpPLF02ZLBgDbC2AKZRT8e3T0j+SE53FQIyyZPbr MDij8uBAdZ8Cjzqlxnv8T2kn0KD+qoohmHzUQibGiVPM1heI5SuScE2wV9Kw5D9m
CjZ0ljtsWru+eWAlaaktJnRfokBpNCJ5GEyyd5asZu+oJXGIFZQNVQYe1FqLbrBY WApogFxjpPfBhMLtPVVUvFp0dGplSME+5D0b6JPnauwo5Kng+FnDVtpiDPh/C2Xh
Z4Rfdcu+cMvz2Viw9f6kgAo4nDEBHkoJzAM7+1h0a5mGfaQEuL+kcMIRPVEbJ9kp 3GSBPPebvP1MbOV7DVUxuAQYOeFH43YVACKgQskBH7bqZdrhI70d4R/4xB7kYA0H
cWMoSE0M9TnLJ926fhtSItZQOEItfO+Xs5y6KOJTLly02KdaCskyyIqju2AYAOhJ D65yTXjKyviGkRuPyEZjjkblR/OpzBCEYh+sJ+OXZjKkOW1gxVsOnYUIjYjUe9qZ
UVdyzulqvURUIwIMCjyUh1jrmpCE7NtUx3/gXcxvEto9RjexlYHw++KCgoIZ5E4q YAavaev/JRFIo2ungs1bwgOfgpnHdghLUW4UAtZdk9bOZkoUY4aIp6Q6ycPX9jbX
f/ZJjRMqBDu8CJpT7nHNv0pgRxplQg4x31A9ZDm6pdXF8U/ZNJrfSaSnaBOUrLDF zCurW4hjRwjdwaPcgrOROYYTiKrnZ18m1t+SFA7GfVsjDO6ivittdMQptTm0aNI1
wbeN7vdJsW/7JssBuyVRIEjx2vIfZ0U5y2yy/hbLjhh01jt2zkJZC2dxLBH64UFD I3eTlvfTs7Ol2C0/XEyBJOTswJXNcukDG24bZAyJ2lWyYbqjEfwca3n7jOTZWLGz
pGsL+lmQHSQpL3cf00dNyrx5h0wDoz8/rC5w4/axD70KijIbKcssgSHUCd1oWBn/ 1oIJ3qrHRAw2urFXfsyGHKaEqp12QcIdS2Lu0PVDdUdYQ4JL0/BUPqoT/dq2W8mi
c+i1hdqXfT/obUCDhgFOMlbrbC9juoSz3Bs1EnjWFt8unm+N8UaNuggTbCeujYvd ZLmygU/xcPPAYngkyT02FlibbtBMuptz3SfEU3XVzxirHRGnoQXDxKQMpcvbPf/o
Mgh5eazSocQ82xqpwmIxvez7ahN4i0bLI58ZE7OSyFME1yFL0/fnD7B/Dy0ooATT bM580RH+E+U6a3ETKi/yHUI0F/5iuFH5AdaWqGbWlAWEx/TNGExGVSRiYLaZpvhX
wFWF+hBfeGaWdXdPIbnOjTXjEpYchaWgN9nUon9DGlKYay4UpUSntUcnqI/CJEVI hw5hCnvqP/cti9fkYwK27EbrHsTSf3jdToTvddHZ0oxWIut+1Er+DKq48uDnF2Ar
U5FVWBaD5BY+nRymkTX9yxuB45z/AixvDMYBn69/LmcchIAYQeldMHwsy611it+T vDJJmWQVBTuzxjAYtNn2HyByjSq8zuEZK6IepOhA5v1ltIRnrwpTaa2aFmeZec0H
cZUMtpemQoGqGdxP/uKkC0Pf5TFeq7v+1W9Q5ybxxJh5nrHTAcupH5FJBsqnySg1 OyKr087p4Qo6FOztEXd650rzYtYfbaU8HvHfMkW9CeMCBUwj8obBYFuOeLPki/lk
jOd3xIO/sQNTfCWBIjN0YuedORUkdieRYuJ6ygazkCBQCr1k7/r/sQiO+F5PD1LB lEU8JQ4/ZgarISB67pRs/sRciMgen9UW3WJXfhlMx2Rk0GPGzsG69t9amb4Vx/WE
J26sP0Ly+WXruQ00yA9tTRYiRgwqx/sjcv1Dl86kKMmKBNCVLyUdFPsgjToIhsti 3KPSe5YS/hACUL+Hy9ods3ZGQt4yAR1Cx8NHlTE5fhDQL6zzDJOsTOamsXZJGstv
DASDRZXEWlXfAJSwT+dyaDz+HOOtwOH6In8SNr6UPnSsoXofE2Kh4U7DNTot9k39 VH+nPsW3AQfAfD/FWyFKJFCG6VsVhh60+p82ZGqBQk1YLZs236QVRmiZUXPeui9+
s1AQBG6FtYfFE2qZ+r7oaHCWfkrkUUCgBUUJcKaGv7mZptf3BS9WEkSHBZboAxse 0YRV1cvcvybx0AWwRCNajEA3fwAGoin5Lw4INIe+oJPN2rQaCD8wwKRzybKRIpSb
yOfszNnagBOqVPK6Yi9JLleXEBNSa0CQuxuLDzEadDNLltcEKt/CWWXYcq4Mkqej r9mHB74aUQjmMd4c/Hn7liLnPbWSOMavxjO0lbykQxjIFVYbC/yq7chADdPpMOAy
FyGNnNGoFRJy/ExL+IbaMVg9wmAhYLXr7vmPFQ0me59CYtbaNr5y8818Gvu5EHba jlEKbMGpkUiGqtuU3Gf3r6I8M4yMRAHEKduNEZNRqprs+aHu9DcT5GN8GJ8QRHYx
g7ZEubaE4qFnGX+jQ5te7cgoJ4aR0Aeq6fcV9mwBK3Cs60ejpCv60LYjDXrX5a/w CCYwAsW1GX+oLkfJliy+hNW2EYC80u/E5ZI7ZzsdIcSZbTEWMrPHTpVw6UJPZ1hF
PMhFtY+KCVOyfgIG69vDh+MSSsRKe7VxIawTJyhDOmiF+iW/LA4zJKXgDdSXk0wB xVUWYwENBlQNuZnAkR7P9U15ZWnEdheoXaj0O11x4ffgTvap167AOpflKBk3m4OW
+hECKChBTlBqF2SHE+8s80olKv3wbNp91cY4m4MV6+Rjo1x5eP28tGQOG/nx3Cs8 N7h9hMX+96FWSg1ee0xuOF4ENYLaWJ7RwJwLvWfc2tos8/Xf9/mEWqsJ2whjf81o
f/uvxTvOijAc43i3O7Hl1HJTY0keEzEVcmXh7eEhASYJxAELpLPXCVDmuohnIAIH rpi1ze0fQgQmiTFnNe56ghXZcToOiov+GGZAQOEdfFWv2HyvBpfx9hZykW+x81XZ
VUCx+jiWESllycm9QmCf7ItjnyyI+cQFjzS5hVQDpSVLm3NJVR3hcJey80OI43FW TJN8LvInqRL/Gr4R1eXmEhNEbvH1PAGAZ2wa3t/ZNEPsGvq7vvGW+rE9dudc1o7P
gTpB41MR9jVDN/eQ+za+T9wNN16yKNKr1WXcT4Z6j4fMzoUdAmSVITjGGqy2vNX6 YooLVpV8g2IeEkFFO9+DjrTg97j2FnJbInOSQGR4Iv0HQOpJ1fMkWOJHQjTjbiNr
jZFVI21ne81gZifabkpxmmCig6pDkTlhsHA9dB0lywBqOo3KQ6E7t6TIiJ15ULr1 VcmrNYlo5yD7F5nQDZJgtJXctXoMNDdjFufOTa0yzrLCOZjrO1SRssFVMPgpm0Xg
Rr1vxE9jw09DtSIqJfK670/ERJtIVRwHCeyBgLz7vV/IWcYeYtVyIJhuMpWtPuoL Ae/I96d2PxAJA1wZBJWV5xQCekqIHnB2Jud7TxH2Vc4AsEEFbxkBFWGR/kHycX8X
BUf/Dnmd22fJh/o8fYrNG/OFwWX805gqsP9gwzN7TySxw5lnmeE9ggr1M8R9+xqY ZMtDpPH/qPaJsh975a12WHQY1cQpHDCl2jadQi5u//6VIg0zxMS1wHB3TU7Mt/FQ
hv3NK2I5rcbgraRT83X9qugiFFQtIAn0SZmP2Heo3YJ9MQUrarmvkMOXytKhBI7a YooIMIjW6n5Lekoi8u8IKQ+sqy78m+DVoL4XRZr9leQpvSukCWPeQEbIOTitYNrb
+WAm3VxW44u1SoduDQltkKVlbEwqDzVp5RSMuNInORSNP+RLYmQFpK8UD4cZb2lw wTmakYir1Dt+vuzLDQBzF7pBNSxdZh3jKUZ/YYsW8/g/D4niekNP1sHSSYOcI6oi
uEmx7rvvQMLsmfmjhEnQfh610CXt0q/gtnvZNlcbAPkY4m2T0czYuA9cL2ywArZM wh+sSWm746AYtg+dBERBcTjQKhK45zcjUDPkC7tu6HuanP4HvI2fZMXDySUYvISH
Ya84vxqvCvXwqlwIK18UxhOyGfYEUCUfPc2vrHPWt0iu/dTLdzYCo8gfA7aWK2MC GdyPtR29w+XX3n1Hy+TX1NsmyP3WNv6lqdClSWwxXTwyOJwvlk9OEkmGmd6APJpP
DUg66Skfqxl27pFIUUz96RbXyR0tG9F6mMOdWgyuqZUh5Mr4S0yDyI1r+1ynQV6b 0xeTXUozActjge4OxvGa06uuLdXIfDwcuX4yxpj+HEWsHkbOkHcxxaY+byFOr3SU
exdCUobNN+CaRyI7qktV362GBebeOiEe06wjrAAElXqLCbEslXg5myl0jVm+t+1K Jbo56UbDHQS+OGpELp7HeJL5MVvcU9N0OSGfKTFFKOjyCOj2rdeYsf5Hidb/9078
2R+Jv8zcFsUCK9XFaK/O29qElZZPc715bcXS+FukyfR9wKvaRKc6u6WRJE02LzVZ z5C9L5x23ChCvd2ipkOEwcvWYkNwRJW0T193cur5qBGisZQfDbw6xNS2PCI3zp9Y
0ty5yfAOxFDKjxbYV/xfdUuVIKVA1Z7mMKkgk951zD4yUJYfgP4NKw2IRXTIEi+0 2lEpegrtxi4pDWA030EWzHCw7kcbtlWdzIW2/iaMOW7S0hHjcRboPgSzuFpDwEFS
DSRfmEPIjOFHn5Ae9asKmXp+jfnvAOv9sKezmrrsmMsWpFoFAGyuSy5ZyXgjIEnm M9k33iqH3vqfdrs1SfMXgumEzKAOnslMEzNHPJzCO7UaVlJOBgqTdNbAHqXSAfdZ
TnW1kJwqDYMiNgzTM/X+Grac7oXYZq9Lw8vvDSPdn34Zuveul2Q6GlI98UFc5OOH UN7z5+xnmdp1llBAbqNG4kS34JDEraArdfn0B5nQSYAPOyvu+Ub2S16/u91RYznb
V/76smknnphD5Smk6VJEP7bvfvTfJvPQJ0/xIoPP0LFFa5+iZ4x5XsnHkhNXTLb3 PcjbtAt1Tc7pw6/OV5xNEpjRYBHbG5kPZ3DjaSKIakKJpS+zfMXbtr0HoM1TryUo
6sDsZ1VX/jPmZRO0XpbO4jNIV4elCNHaBk7+UC50axW4KtMteG4F1mML/6yK+f4I 0KSPI/Ll99NbXXpLxW2tVOwNr+FexXYB4IsISC0Z331lqPTtr94rv+GlZ0f5KbFj
6O1UDiEcxxPvJfUDpkhSPSfoWLE43eJgbr0Arm4YKjdLyA2j+jAD1aqXNv81gh8f Rp30h0Wo7EKnENVLPaijrAhSYI7f51nuDsIi1/ZFqt4lA9Me3Vu/Etv3OZi5EHEq
7HlRVh+yiZ+bADj+Y2bYP98ppwMu9+zNEGUMBY7dG2r2WbzHrDBciTKQvy3ZsxFS e+gVbiUb6HIvik/nnfWpDhjO5LFLga7C6rOKSnLRIidj46NnzH6yeRkQuAcU/Fby
vXcO4p7Y++Zirsxum+o1/sXi3Mz8uIigzE3fUVmbysVJ4ZYWBhS+/NwvOt3ufxvo zqawmYz+1QfcyKAxNaqrIEbKDOn4ws3XHboxSJWzAQ+72/vqhzSV4ih3MLkDeWHy
Y3Ns9BalJD/ljbZGSEvFhpgClyNWHzLy0FFpZRvpCzWvV8pKmkbs4dyPFRp+cgKF rWmuzsTJk2cdmSwt1+dL8UfjRDV02UdHjaBf4MrlKaX3ngfqibiskly/HFSfZrkK
dXmkWfqf1CNh1GDg+0mWO+V1NticcM2aTdWjWR4itvpBPZir41YeSIYCT7blzoCx DB+1SMASPLzZ7Gd6pPK3Ie8mzVYnE2SSIpBzgAqIsOooYb1oA4qLLq75HfvEuJKm
NtlSnxNik0VaYAGNjYL53HS3kfGJuVpu6vwxCWJ6PIhkvJMW0/nrfdrrBLkRj5RO mBqcjsGuOFemASbZzsxrPbS4ASQ6L2MlH5HSoY4twvQ3b0SXhzYYKi++hZqB7prh
NANnLc81IOciOEqE7GDP8c4HD2HxrFYY9CqrGJJaMDFuhAB+CNv4c5nqYBmkYefu MujPkThFQ1qyDvFHSdthJb+O+DtD0NRV3yPTkJNQTBEAVEPMEo3q87dkwAruhUpQ
l/W1N3klgyxJoYP1m09J78zDhv8ZS9M36ofAwya7Wv8JE6UHE/1E1qgxg6vycFEH 0uTtA2f8ROHW3YM3AKVhR4Zcwbf3Z3CEzg6gR2zdcXSZyD09OvyycryfmhA7Cnhf
zt0gM6uk7do50yHE3YVuFmsulKXKdzdCEmGxtkFEC4pUN1Tn9sRe3d2CW4MFtriF Uyy9uShwr4J57q+XE/nYU4vgGhoCyyf4LT3VcX0M+Bun2a0rqx+7cxCyzVlHaaIA
8z1mH3M3uk6BEOkAUgbpF874AFAzGy/r5HWPv8QdSDVsZqEfg0Znh2cZGkXWXEUi 3sZv5YQ2ZgQBd0YfbcWYGqxDH3SJoon7G7T7QWp3MilTWjtaGXf7GQOfZPJWnlrp
jSHlaUvVCJzAHXVmHNL7YLqLOU0aZM2ON8NHoAsVXmS1h3IGNIHto1lIFWv5UNe9 H9ZCvxKJ/vKnM/q8BTsCKpbMqLc0bdL4WOSKioTp1UGqi5Rf0bW55d4b0oNn5tkP
AhVRSP/lUhdXIf7q7UH/kNyUYpOsESB3ai/t4ubt4eoWD6n+BSM6CPGzDVURL7Rk 1nRLHdR+vP2KUc6B4pdZa8ZiI9ujg7R9xF/KwQb0B7WYC3a3Gu9IADtj5Z1oCvbK
fYX28DTcr/fv5HC7XVLSycQ7mEz+QVFXh6gxFTTuxpGBR5Jiv3azwcNmSUlCdlwR 2JFQOiUER+OyE5VmoPy7QoGmiX1jrLWsuwflnEbUEkd+qkhx0uv84jRHCXFsgxSl
Nd5hKU8GFFfv2QOQlgyBif4mfJbGHJcYduoiIsTLvQHMZtn7QEQx3k/lvOyjYpqE HZ9hdNNvyTyFrmZrv2a2QcSPfnlvqGpYv+7pXL0gonnct5lc8PSVvuucbdV0R3Im
GlPrJ4yineubGfaGAH82fZcjrzsEFpSiQ/UxDOCx6yDWfCINZqXm3AqQDk3DdWMP j9Hdiz+TZpE+XCU88jqHx/lCYbdgu6pLgkcmvUx2Ug464aRATy381PTC1eie3Xm/
BjlZJJbQOlD37LqPjpB1zk/LM7PJNEJFldcSHKQs0T3kQyMONIJ6ih5Yowo/tOAZ z3tjOMCrOwkxfUa8VMTmI6gljeqPWodNgNtPLJDuWpHjCO2EWC2REcVAzCJGTnu8
l1kKGvhQvYm+FHQow1e2nTFPc2L7QHmEmt0uJJME011PZ8jR/bccw90MTHuOPQPt LRfHAPMyY1DmbLg5QmmPh5zmkkjGSlaRbuSr2+k5Cd3XjNbEO8dbJ0AEQtwtBkD0
UJCpAcNHlO2D6csRGg0wTH/CXbFVkBfMWVFPndX3n/vypbHTRN+/GOL7wFiS4B+E QSFx8IkCOiR03eV2+Wy43wnaCV5pvCYBHE557V6vkGYeRGrwTlRy/oGRQBKu7xvU
w0Ae1woY5uVLw3EMOwjK8bAEVWhmsZkg6E0XHwNUvH3KQfhR/7/2M0I7jJkaA42T wfKLTS63XAluObZeOREWaNEZd79TqTdsoSz6IYjbF2EKgXJly8tgfkSvAbiFL0MX
Ira7g7PiQ9WzmlOIfSBdQHblsaw6i99Tq92cCpvACUwm83cUK3K39TsXgaokNYj5 3mUdxBUCSbQRw5eITl/MBrZA/VUYxIgJMvOH6H01uCaWxR48SZ2fim/NsE7+BUmq
hxbW2ZMhHuxjF/rcZsjcRCA/zncX2OEaL58jWhRBmzpze2C3CPJmAm1eUdzWLurp 4+Ihx9ZuV1clIDUxMCuDlOx3EjycQfVuM6loiO/B2qxHVILoMbldTZSavL+iWbCF
J4ndgRoShI2QkR9rpyNlMEB83P8fl//6vH4Jj/gKS90hMCTSnw6iv4QEAz4cJZEx z2sLzt4b2ULzXZ/UUIJRY3efPlUzsKX60HAcim2IjCN2fWaPgv13oXT3XiGvtSym
RLSdUEOcuEdgtqKA1XH7beiNs9/66I755G0X45DIiSkWSoNsofvNX5GMQi8KHfra Ez2T7TpTetaK5n40+nEfIDBC5WHOZ744zx04fj42hTbFWzy/I3+aR5vhdk4yJMUt
Lvkwj/tv9nJ+y1RdNfd19m2yp5kJwyqJvZ4q9CnKvQn1qXHNYbcHeCFLknfl+YzY pq8vrEdhzv4FJulxW7xUdJxgiBE5/YLHEw6EE2I9zhQWjLem8U+HdLaX1blnZu5m
BAhaHwg47t/5F7I1m7CpkdlXuI+ByZiYaCtAZbkYElVYPpNLzvFmblwqA7UjPrL5 vZgEV0akIGuuMV7dyG7mf8RObqt17V4BOA0+cEugzirykruHnHSxtLAvWiRP2Qrq
RzA9qsqEXuJBLqP13d0iciEa3AexWFU9om+lDNHc8bIoZfxk3wW4BITDoM7CwO9k b10PErMjdRMQNCz3ZBNL43PHwc5z8S+JjNlgJut8YU14ZnQND+7Msb4bKrPB8IhQ
M3mPHTwIU0zwauzqgWkBS7XNWGuFdyphRf8Oos9nlDfZr5hnQsRDKwusMxQQMpyK iZWWR3VmZfqcBeBNpwe8+1sVQcntUNViIPPBOK4XWGbHuYaI38fMFdsvghL1qvnW
aamXq/Yhcr2flUZ9hffQwVffGlLT/4h4WhKrDcYlO4XwY85AOB+9MouvPIgUt5Pa ul9n5vE+fayvImn5m6THMcIujGsQd5vYEFAzUZHo4lL4RuN1MmbUTOsBvewyZ3AG
fyWG4tqcFy5DSKTiGpoO4Y5N51tQqnO0X6j8fd4DuI/WkMfib+84Os+ZnfQ4BM+b BrcDix/ZdpSafATgAfVFDib26E7k9baX6+3XWfj8be6ND5gF597Yo9Ad12MyVhsO
AnGWAqHzU2mwg1vSR1nBoLNERKLnsTUM8OX0qkhqo4hxCjdh+Dc7gqbCNVtUfBbe YXX5DeTswvO0/0OCbZQMluC3hgnPf0fI8FRLx+0ioxx0h8dxvTUhQOvQMdaq9TCw
fqdfr1EdJoe+GEdrT8J3NVl1AYzS3t3zTQdQ5yNzrP0kVyOUIbiyd5MpNBxLquLS MNFfkyKt7RsFd18ZivEUVwy/sAIX9W75zjzNdZuZnyeyeNsB/XHR7TXgUKUUYw8Q
TwpOTnEcj+46IC6cXcIeVmTWtEmnGvGcQHdw95waGV0BrpAyPjyEfZ48ubfY7i6x fjb0RZ0Iaa9kX+LnWhppOGIAOcB9NSkHv9mwmZ59+ZWoYYjH2gCpbBz8lBZyusqF
eSC4YX5vzM0DEfkz8tXrEkA0PHbOvuEJgJE0iX52fYc4vnMquiEY4GDIc7WRJ62H MBG2+EWVcXDmJ6H/NHgEkKGqqj74X1j/Zg+hOdrIZWXu8cu6Wcb2UqCYvkLvQB6l
j4nVpvjAa34DWgZ+RgQCXF95kSztyoSAL3Jnq1fQOZ8= A7Ihrk0TXY6pECERvfrAhWhVQsxrBQqND3Fbc2Nk6vc=
C.3.5.1. S/MIME Signed and Encrypted Reply Over a Simple Message, C.3.5.1. S/MIME Signed-and-Encrypted Reply over a Simple Message,
Header Protection With hcp_baseline, Decrypted Header Protection with hcp_baseline, Decrypted
The S/MIME enveloped-data layer unwraps to this signed-data part: The S/MIME enveloped-data layer unwraps to this signed-data part:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
MIIOkgYJKoZIhvcNAQcCoIIOgzCCDn8CAQExDTALBglghkgBZQMEAgEwggS7Bgkq MIIOkwYJKoZIhvcNAQcCoIIOhDCCDoACAQExDTALBglghkgBZQMEAgEwggS8Bgkq
hkiG9w0BBwGgggSsBIIEqE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z hkiG9w0BBwGgggStBIIEqU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw
LWJhc2VsaW5lLXJlcGx5DQpNZXNzYWdlLUlEOiA8c21pbWUtc2lnbmVkLWVuYy1o LWJhc2VsaW5lLXJlcGx5DQpNZXNzYWdlLUlEOiA8c21pbWUtc2lnbmVkLWVuYy1o
cC1iYXNlbGluZS1yZXBseUBleGFtcGxlPg0KRnJvbTogQWxpY2UgPGFsaWNlQHNt cC1iYXNlbGluZS1yZXBseUBleGFtcGxlPg0KRnJvbTogQWxpY2UgPGFsaWNlQHNt
aW1lLmV4YW1wbGU+DQpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6 aW1lLmV4YW1wbGU+DQpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6
IFNhdCwgMjAgRmViIDIwMjEgMTA6MTU6MDIgLTA1MDANClVzZXItQWdlbnQ6IFNh IFNhdCwgMjAgRmViIDIwMjEgMTA6MTU6MDIgLTA1MDANClVzZXItQWdlbnQ6IFNh
bXBsZSBNVUEgVmVyc2lvbiAxLjANCkluLVJlcGx5LVRvOiA8c21pbWUtc2lnbmVk bXBsZSBNVUEgVmVyc2lvbiAxLjANCkluLVJlcGx5LVRvOiA8c21pbWUtc2lnbmVk
LWVuYy1ocC1iYXNlbGluZUBleGFtcGxlPg0KUmVmZXJlbmNlczogPHNtaW1lLXNp LWVuYy1ocC1iYXNlbGluZUBleGFtcGxlPg0KUmVmZXJlbmNlczogPHNtaW1lLXNp
Z25lZC1lbmMtaHAtYmFzZWxpbmVAZXhhbXBsZT4NCkhQLU91dGVyOiBTdWJqZWN0 Z25lZC1lbmMtaHAtYmFzZWxpbmVAZXhhbXBsZT4NCkhQLU91dGVyOiBTdWJqZWN0
OiBbLi4uXQ0KSFAtT3V0ZXI6DQogTWVzc2FnZS1JRDogPHNtaW1lLXNpZ25lZC1l OiBbLi4uXQ0KSFAtT3V0ZXI6DQogTWVzc2FnZS1JRDogPHNtaW1lLXNpZ25lZC1l
bmMtaHAtYmFzZWxpbmUtcmVwbHlAZXhhbXBsZT4NCkhQLU91dGVyOiBGcm9tOiBB bmMtaHAtYmFzZWxpbmUtcmVwbHlAZXhhbXBsZT4NCkhQLU91dGVyOiBGcm9tOiBB
skipping to change at page 151, line 42 skipping to change at line 6992
MDIxIDEwOjE1OjAyIC0wNTAwDQpIUC1PdXRlcjogVXNlci1BZ2VudDogU2FtcGxl MDIxIDEwOjE1OjAyIC0wNTAwDQpIUC1PdXRlcjogVXNlci1BZ2VudDogU2FtcGxl
IE1VQSBWZXJzaW9uIDEuMA0KSFAtT3V0ZXI6IEluLVJlcGx5LVRvOiA8c21pbWUt IE1VQSBWZXJzaW9uIDEuMA0KSFAtT3V0ZXI6IEluLVJlcGx5LVRvOiA8c21pbWUt
c2lnbmVkLWVuYy1ocC1iYXNlbGluZUBleGFtcGxlPg0KSFAtT3V0ZXI6IFJlZmVy c2lnbmVkLWVuYy1ocC1iYXNlbGluZUBleGFtcGxlPg0KSFAtT3V0ZXI6IFJlZmVy
ZW5jZXM6IDxzbWltZS1zaWduZWQtZW5jLWhwLWJhc2VsaW5lQGV4YW1wbGU+DQpD ZW5jZXM6IDxzbWltZS1zaWduZWQtZW5jLWhwLWJhc2VsaW5lQGV4YW1wbGU+DQpD
b250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04IjsgaHA9ImNp b250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04IjsgaHA9ImNp
cGhlciINCg0KVGhpcyBpcyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMtaHAtYmFzZWxp cGhlciINCg0KVGhpcyBpcyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMtaHAtYmFzZWxp
bmUtcmVwbHkNCm1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtYW5kLWVuY3J5 bmUtcmVwbHkNCm1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtYW5kLWVuY3J5
cHRlZCBTL01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEg cHRlZCBTL01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEg
YXJvdW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhIHRleHQvcGxhaW4N YXJvdW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhIHRleHQvcGxhaW4N
Cm1lc3NhZ2UuIEl0IHVzZXMgdGhlIEhlYWRlciBQcm90ZWN0aW9uIHNjaGVtZSBm Cm1lc3NhZ2UuIEl0IHVzZXMgdGhlIEhlYWRlciBQcm90ZWN0aW9uIHNjaGVtZSBm
cm9tIHRoZSBkcmFmdA0Kd2l0aCB0aGUgaGNwX2Jhc2VsaW5lIEhlYWRlciBDb25m cm9tIFJGQyA5Nzg4IHdpdGgNCnRoZSBgaGNwX2Jhc2VsaW5lYCBIZWFkZXIgQ29u
aWRlbnRpYWxpdHkgUG9saWN5Lg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5l ZmlkZW50aWFsaXR5IFBvbGljeS4NCg0KLS0gDQpBbGljZQ0KYWxpY2VAc21pbWUu
eGFtcGxlDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDAN ZXhhbXBsZQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQw
BgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX DQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv V0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRo
cml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UE b3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNV
ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVs BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3Zl
YWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQ bGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gB
J+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+a UCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXP
uzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVe mrszyidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEF
A5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShp XgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41ko
lcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5 aZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX
NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+w +TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iP
hUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgB sIVKarUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZI
ZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAww AWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQM
CgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8 MAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkV
ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkq fAEj8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJ
hkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2 KoZIhvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtK
XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxG tl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3M
wy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/Qs RsMtjH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0
hlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8 LIZRzWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXw
PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K45 fDz8A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyu
9CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdB OfQsqm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3
BXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVU QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElF
RjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0Eg VEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNB
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5 IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIw
MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcw OTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEX
FQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC MBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
AQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2ju ggEKAoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo
wdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQ 7sHUa4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+95
wXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO 0MFz/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYW
63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf Tut3SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfC
4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I n+IQsaqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9
6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAA COgEykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIw
MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWlt ADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21p
ZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAd bWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAw
BgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcX HQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwH
DKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqS Fwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4K
Q4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/K kkOHG25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30Uxf
tmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVf yrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HV
nbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/R X524bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP
CGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4k 0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+
m3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2 JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSz
cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBT NnEmMYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q
IFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0 UyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1
aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqG dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkq
SIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE1MTUw hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTE1
MlowLwYJKoZIhvcNAQkEMSIEIKHPvLfnw9dsDhrKZlaFW3+cbW6ewBQ6mkp22q7y MDJaMC8GCSqGSIb3DQEJBDEiBCAn/5Euey54zEPMTWTi6D1FzMPXZyPmKLehwiHU
BhI9MA0GCSqGSIb3DQEBAQUABIIBAH3cRn5LOa7nqW8Z/czFCRpkU6j2e8xqaw7/ u97UIzANBgkqhkiG9w0BAQEFAASCAQCldWAb1Y3QmHJaNLnrFOVTdBYsVLQoKmle
eCh6GvC4emq/eAgKhqpbhw+QwEOYZCMmTe7GFb/eSl82QjB+zYaR+pGgVhBH57Zp oajirYCQ8fv1D9dknCPl2tRdshOMtV+c7sR4wW6XNQNBdbLh/+zw9aV32quYp1m5
IOtobnzbOEsgzmUKakI2iaAuQBtOxMPqDRTRjMPLMhc6ddIRBqNeDpC3hm+sOXrj LmvWZJnmbVCuFqZwG/frYlk46SXkggJZCFNuTKRNiBMERuYtyROlQUX3VlchX3NX
r8rQAMDBJTck7psP72DTyDWDeVPw7BRMSnxz7FwSbW1CXFeiJ6mWhZ0Va1YgDpJK n07FBEgy6SwD6avoVEG7pG11J6xlcUhOLl4aPcb94LkcUHpNj5kSet8+klHQw1KR
Ic2uW2Tq/ob8jTjnPrVIQhq0ZxKOiWsHTMfzxRnH3xyYt/c/huuoDtcf9P3j9GWa VCjMvXymn4aygpSkiZT35CjFhZmAoEaFUilfl354sl21RjXMZZ/2fLho2SzWXCR4
a23tU+PDSpfcpG5MJPe9DBzExWII7Z50Om8g6tZETD0+pOjNTAg= qwji+i7VzeP6sQ1Jyt4vpv4R2p9stcSEUpFMRQhqNfHiJd0kZLYo
C.3.5.2. S/MIME Signed and Encrypted Reply Over a Simple Message, C.3.5.2. S/MIME Signed-and-Encrypted Reply over a Simple Message,
Header Protection With hcp_baseline, Decrypted and Unwrapped Header Protection with hcp_baseline, Decrypted and Unwrapped
The inner signed-data layer unwraps to: The inner signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
Subject: smime-signed-enc-hp-baseline-reply Subject: smime-signed-enc-hp-baseline-reply
Message-ID: <smime-signed-enc-hp-baseline-reply@example> Message-ID: <smime-signed-enc-hp-baseline-reply@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:15:02 -0500 Date: Sat, 20 Feb 2021 10:15:02 -0500
skipping to change at page 153, line 37 skipping to change at line 7079
HP-Outer: In-Reply-To: <smime-signed-enc-hp-baseline@example> HP-Outer: In-Reply-To: <smime-signed-enc-hp-baseline@example>
HP-Outer: References: <smime-signed-enc-hp-baseline@example> HP-Outer: References: <smime-signed-enc-hp-baseline@example>
Content-Type: text/plain; charset="utf-8"; hp="cipher" Content-Type: text/plain; charset="utf-8"; hp="cipher"
This is the This is the
smime-signed-enc-hp-baseline-reply smime-signed-enc-hp-baseline-reply
message. message.
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft message. It uses the Header Protection scheme from RFC 9788 with
with the hcp_baseline Header Confidentiality Policy. the `hcp_baseline` Header Confidentiality Policy.
-- --
Alice Alice
alice@smime.example alice@smime.example
C.3.6. S/MIME Signed and Encrypted Reply Over a Simple Message, Header C.3.6. S/MIME Signed-and-Encrypted Reply over a Simple Message, Header
Protection With hcp_baseline (+ Legacy Display) Protection with hcp_baseline (+ Legacy Display)
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft with message. It uses the Header Protection scheme from RFC 9788 with the
the hcp_baseline Header Confidentiality Policy with a "Legacy hcp_baseline Header Confidentiality Policy with a "Legacy Display"
Display" part. element.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 8625 bytes └─╴application/pkcs7-mime [smime.p7m] 8625 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5368 bytes └─╴application/pkcs7-mime [smime.p7m] 5376 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└─╴text/plain 426 bytes └─╴text/plain 430 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <smime-signed-enc-hp-baseline-legacy-reply@example> Message-ID: <smime-signed-enc-hp-baseline-legacy-reply@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:16:02 -0500 Date: Sat, 20 Feb 2021 10:16:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-signed-enc-hp-baseline-legacy@example> In-Reply-To: <smime-signed-enc-hp-baseline-legacy@example>
References: <smime-signed-enc-hp-baseline-legacy@example> References: <smime-signed-enc-hp-baseline-legacy@example>
MIIY3AYJKoZIhvcNAQcDoIIYzTCCGMkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIY3AYJKoZIhvcNAQcDoIIYzTCCGMkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACjyNrxVYj1Xb+ACrx0kFuDPNhExlQkEjbJj Boq0MA0GCSqGSIb3DQEBAQUABIIBABcSvh6m3bqMqug7JtspPDcpNnbUKLh0maZf
EZ3Az3gK6rWKIcIfSUIlwhqWJn4Vqa80/fHS0WRkaYuLRR+WBBoXszR6j+cEhHwa xtgFkNpttPxzoOrbgzttatlfuOHinFXrm9p3onp4B/J+UqntN6mGVogOhpbBeRFD
MHYVoj14YCg9+AmGbU1s2GNSrxqPFRFbrLVHCHdM26+7mpjWx6NhbVtPTsZ/+MfC xDEEI+2rs0NPkOqKSTmIrPSu38mHMtUCfYpXegNs6Ez5pxf813Ack4X504qFKjKc
BPmKulF7rImdumm8nkaqdenbvp+AjPA82P38Ah6FTMUeC5ItSqr0WnvVMvcL6NA7 P77YqBVrOZq/LL20s6+kTABWgPsRP13lUNUbp4HUcaQ+SH3uZpOO5IzFrboYrDb0
8BX/WlxEYVmcIL9B/EfRmC9f4nDYudwfMytHELddT9Gv7MejEqOB8B2+b2K0+z7F vDjLvYKvfjraLgLlzFW1Ie2eGLQl1L3ri8hlMIWq9MX3hUlegecVyKo75l5i3CTo
DqxBUK3h5dXgIDoPadGkvunqnTLFak1JJyIeXftPK1GCnglXI30wggGEAgEAMGww cdp+8YROM5zWx7ID4y1lL0gy77wZrP1JWLUa5jloPOB9omzvl9IwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEABvIWkrAM7mEjQFyBhNeJwopi HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAVPIlzTVhXAsgTJZHlgb/wSMv
KUcL2wEHZJkKZxQcx1nzWdNXGhF+JCY5H0KmZw3fbcH4VnGPB0olqC1yarSiLuHO aGSEh6a4nM5YllTEfvhO0IXIyrzgMC14HCAMLkrmjDEnXtCvMHMd5vLKJB49UX1s
dfaZB0ioUwzLUKobv5u3gJ53vd7LwDvZnadXAWdwSXuxbp5XCRnK3UFE00/djZ6k n7x8EKYLqHC3RJkq18DN0mnIJ2mr9qiohxSQN9ie//93a8ar+kKgrl2qRCTtgTcP
K037U5tydzJtCi484Yd5BfaQwF8UPW3/JNxGFs9Kw+jmVGjWJxDToZAhlKNzILmk b6CXHVwLm9FazwJlC/ZOjS3YY82Up/P8cgXEbAji09ZIryaUUrljr1I8R5ivjIPF
nj2OeZcUyQoCtmzXmpTHDENz60IJZJ9KvbLhCpJ6owwM7818kOn/69ffTYR8dV39 cAFtnkcZ32eyahNU97pmnF8nZD5JUxBpQ7OtOqemBBkJAy2YcqVzzCJG1seO8id5
Liy0KUISCODAVtTAsioyQQV/wBgwkmE5iTILa6WKPogsbxWmGTjItdQm5Ty3NDCC O5Ogc9YTehBq1EbU7HAUsHMw+3T8cZgH22vec7HJPvrS+BMvPGlNYWBGyvvc2zCC
Fa4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEIZLVXkwIIvlTRvYBsWvNdWAghWA Fa4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEENgnBbo7rgFT+sfWGsbYpOeAghWA
/OKrDfplfnq8JqXGW2x4c7ag9bUaeknkbqeNFeWbtYUXuUs/qEjYEnwuGoxs4KoP eDNEsIoFnkJJHiOW+TI6ecod4Gdyku4qQKjULEzI35mhJhbofl/IrffWdG8CAdgf
14FjMC15o/IFDzURsGR644EvdxjKTgdzDIJ03SoUIz+RgdNgGCkGbGoBbl3t2PQV VYjItKwG0zu0W0RRJtVqaYcjcDXX2HXcgz0QjsLwJETWR6nOZ92PfYwJki0sW6PK
645X+7uSfUqCppTceJ5zFyIZKoYlkdP+nqMSKQItXPydmaw01ipeVizufHb09Fqz sfnZPRnK7K9Sb24rEOnMLgb3pmLXXx9JsH8LMlTVuN/JMk9wkqSwDgubLMix6eFS
FZxZthU8O41z2Glr9y8y8PDHD7EpgZpNa1n4vpma+612G06aIuVFoIxmjMi+Zbbb QHtpLYs0YLoIyli/sw+fI58IzplPsCzpUA8z06jptlroij3j6iCWuSj2NlFhea+c
yRfJcvpPR/iY0M1H09ZvR3za35m3ffSBdE4P/Be13CBhEO6kRQ8Wpvzg3Hk5vKo3 t5PVR6I+UuGhgCj8VaQisat1yFyUL+jeoeD1EvDQK2wMioOiEpP/m7bJuxi1malH
O/FMT9+EiF4BZ0lIkzUxK7BEZ0VsLK89KC96P1Jsp9PDe18/XbyW1bLsuLdMfCld RfDkeAWxLf3A3P1aK8gBxVGEO3hFyWjmdw+hOJoK/AEk+0q2ctSfyc0bmkz8TiHR
XDq+Obdtv236mRpDeAR5TNtcFelr35ZZf2KxFHnnNVl/OI+UEx7kI1w48m8CSvKm x6j68TnDkVUpAUd5NlW2ikitk6nsA4c9Bj99Br/1LqKonmA357r2sYG1vEtxviJ4
KuMQRm5+oQtDIYTqm0hiIogOmw73q5pS8oXbR+Am6sGu/fbt4ucE9qpU0jk0IkHL pqxZhHiKsIs0D/eWbheXuXkbT/jrEDlr9ibSuRXmgqq8JV40tQtDvUvdVTq/h9Xg
4rLHAj4Tg2NOecFBTECvN+Ce/QMPQSqOmBsoPnJO0dWt4veyxFlIxjlkty33PsQv JCR1zjOPWUSAHyz1iCg1yDIO6YLvHPgFlxQtT97EiX1WRAlkEGL//W6v33vkhXTJ
ulcAF6c6PVef6lFSHx65KJVUUtzbd66h2/LYb5zkV8OICa0UQxGX5hMg1METhVyb oTYyLr0U3d+oQCiLxQBCIrsBl94p1t1NjeEK79NrMs+yhRAQ6Um7ckddPBWKHM/h
108IwQ2eGbCyHBlErwWsUY4xca7WvTEOmYIDcEtIKwL3HYauTjn2qUkhzfXkrARI AcOPv8oAyu8eDTiOoJv1ZKNcGIc+itQn0HyMHBBCOsRPVOJ5MIZcgdw8yOe9pYbj
eizjTTkxP2fPFCMRPrMD28nDObKqS8ChYXOgy2U4WY9DyiZ8iKu6C3itXCFW7vkZ 4mY70rq2IiOnrjn+y2zr0rswfKB73fQNdfF04rCTbzLo4x0oH0BODSdQJ67CmtJ9
Po+IsclwXmwEqMotPMsjxuMtS4LTy8Wb/KUk4gY7OQeBEp+u3zIBUNl2b8LQ6ZLr hBKLRjb4PPd0sdDaAjTFnVYOXjZUOKj2DUhDcDBkiiIrPf+PgOXtE5qc85FgzDZ3
7ktrD9GrEx5l4eGfoNZZNC7+27HHo0wzFjHLSnAHO95iilKTLy7iwhcuu4bHNyOE gKyAnaKqEnVqYbmEhSKMRJ/dfAWrFQQBX+5Da5tp4BSRxNJ8glP+fvqr4W6jftPF
rq63jKdaABkDoktAaMcb9EYkXBMx31W3/rGtKK3NnjIimsztxu44aTcGthbF30to 9R1SfpltX6xgPRgrHaDKc/l0rAliBs1JaGpR3ggYB+C+Bd9DVD1MAmuVoWTwOLNm
dcKyZrK2s/6/LDYfwyt2zljaoQ1F+ozCpcx2Lv0oR/Qq4M2DY9YekJ33aAD3QsdA pJnHCHsLsvR9hgcUuobIOEVDspIitfi3Phn5KGfGZ3a7SN5a5gX0+l++DuX3PgZo
+JhTVNpWvXykQp/UzHzjfF5J2XNGZrJtz7KHzXTATk0b3imqxlct13J7kyuaKTem x+34fGY00wN9EdtNOqxu3PqfRNYQr6723oHh4aTxwx2P2hr2xCp5t6aDWFie+U+n
HYlH5lUegRyRefOVjAS9rft4fbelCUwzX8MclbLH9buDB0tIZafLHDjlhiLHaYsF yZ89q8f63WUl8GooOKjnuxP4I96w6/eG7ixLvORe2QuAFSEvF88NzN9m8CiZ8yQd
PmYFSDy7NsLPUjrHuxpyY355es2aKpvz3u+38N4ykveAY1Rhh4Z9HNMnSssSnyBe PJGPoqbgeM89CbM1oFoI5p+PsGgtZp1vxPtiOpv0eVyjlwBrGEX6PO8iimAoe1HB
TWn8LogACMHGp7QZuXqhcHJMJZIH9QX3mxs4hrXliXivQ6vpsNnZDEBapEpcfckR p+Sk+UdmAUGmxGFLLg+Ju2PqyIMRrYc4NV7cTi0S9NXV1lF3PXo4aIQuVv1HGJ9H
riujD6mQV6y3mE+wjTiLaC9ZakKosB9W6465ca8F+bmlKuaaH0rJOLf4I9mJw5fV 7x3KAcM8679WLTjXTNcDifLTXJlH7RO+Ut1UMc4gHZ5MqOI2WLXWjGW/UJOcB0uP
7IFN6uXMLEb532cUE5bixUrIqWPyeX7mHfr6EOv94bLcuAss9dT9ny/TXlY/FSm9 Q0AsWvpDsoOFw69qPooFBf8bt4CjjOx3Z1IWIGLiva61ct2QQjnv2Mo5ccxJ1qoD
4DjbaaP7MtF5RO0MyBS3p094dEF6lSkcZykIWMtJsqa7qIynZOBPOKjGgrwMkNee /Uw7FjCGj5NHcHd0P0o6fv7Kc2QyJSJB0rjgRI3dbeZ+N6h7kyx430JaLvU4hXiY
llwFFD81SESUC/GSOVr6I3WgMp7ZydaZ7KR7p96Gx78j6ZL19HsbauToON6TI/uW B3CHeoea5y6YrAv8nAmhXgXy/kaKISJXyHmWTAP5t/z7eoCPYbUNPyKmNEI1iYqR
kTSKVzZW8spUz45pzGDVKBnvD7hE2dO3poQJ16VS8YAPrPgbAewmqSA6vYU9TuUy swDc5ENFOQFhs6r+xbak4KEVd8RLjP614KxzVrPZyPE5mkmcZ3xWK/YZcUhDKZOh
D8lGbxe+THB7U7eYO8t/PHCsD5MbJNBcmxX2PBJgPUqWIjz4oush8aJ17z12jkTn XqKx5Jh83yWMQ8VgGxqUd/rhUOltSnjiRpmWOwGft3fLh/x3AD71j3MEKrkJHSBK
yXecwDQAkk4CH7QqHlYgtam4+mK/A9YydDPObCnPQK6KAvGLfNoJEkxe5KUfBP4D eu6HcC9ratgaCXunlbvcx6QOx/q2fb+eyEhFtSoZQwo47NbJHUSYvFOjqoqA3LhH
+uzUiTu/WslArHTABROsrnidewhpeUwCZYv5g2gc/i3stk5Dj/M5hAd+TDohWY19 1j8GfPzN+sLlkZ5HWBtdIAWXTQOC4epY5n1BYWsRCeDjKl/s04wR+VbGJsrPQ1jq
9kYPRMvEfSMVR0OrwwS1wv7gBZnyy+Ovby0skOPgoojnbrQyb8tS0TTeCfXyQ2T9 f7143t1T8yMS5g4iIpjEOL1RL/WoPYL3ooIz8tCCMQQh3qL/zaKCi2JZaj1gy4y7
1HIzR1cdC/58VaM80zQUuajYyMa7JshYl/xz01ynL1YY1uBuGpBIW3Wb+OTTtnbh dusQRV0azSNNwjK+1WYbzabodXHsQ3R87TNq2CNWrIEcRkYibeBEA1xWvECf5TGh
CHCo4/NvnSd2eDJPc8/nlQzy04R7ML0wQATBArLtd2L2DqDJT1Kw4ZRrXX7qvwoY jtOnkEZcIFKMHnYpIK+9D8yYtuCarzol8BeOyuQN6LWZyMiNOZXm0rvzCIzqORQF
B4VUjtAwCnoR20mzPeioI7dYSf/dIfg11IoDHCt++g26TRPW6RVoaVkPMFEqoaFp MI+xL4WJetdEt6wwFIskTVGpJPr3HyjU9ageiNSpXql7+A+DMCSgaQoyMKRtl8Sf
LOnor7UoQ5o/pa1RgE4b0QdJ2PRZ/EvaAams7LkHrb/3HWhBSZ0Z3k1N7M5FFjPV tizJCqGdWD+/S6iZTnr4voJdsJ3nPArNlu5Tf+tz63S3APwbj5uS9qoBR2Vas3cb
Euez74xXPKhYnpLFNc72RJ3tqjkAUbhbgvp9Nx7CC3TO94iyy1R7OZhRnZhrcv+R IVNgTwURgznpRa5TXO+sDlSz/nNMr5uZAXiSORearVtOyK1aTM6LZ6t1Yf6jVh01
9PsovDR+HvrFvxIQnFBC5rrkBxKcPMIobPlDDoawun1LJEq1D380u91BUupkMkvz XZlGcmW3hW5bdN0UMbmgZznuSuqA+0rjCJsHoPUw+3ubSdegmBGbIa7lyeuGGyJZ
fdkRr4zGfW5xOFiIHMtoukrWPsxad7Gy0jb/thROWPdSvbtnEKpfvWtEIovnIo/H sNeB9KdddRmOCbk+0RybzDCZJhPTHpw8yqVi2htOs1ZElAa3obCrbVEU10xMs70L
BheLoM/6dbkvdagKwg4RhI674DXH1PlYKgTYPKjcoGrn3aYLAkDKK50E16NQSNAF NxdPXZPiv/VDw72JEcmfKUm8fTbQfatWeM10U9mOs7Eub32VH0V3RbB48bnDrslh
4j/CkJE8DHVye7Cx7ehNfqmBfgDXCi9pZpqeJq4UOCArNV3/zmMAkQMhFyXGzzpq XL/ZUs7OY+csMemEVy8XrbBvNuhSZLo3mdD0/XmDYrCxa5pKOhZmIt3PGeamYRdf
7JsZz0EOKhwP8HbLHsV9qpq5ZUjZ3wnvtuGq0Be/itv8DTI5ezuOpX3cemiy9INT IQDN8WsaNGIDsPN3w0M96sJWhn2pYyErwpsSiBMRnLmz71yo+embXKJWTsxTXubN
hbFpRvDeGHeq9lwtgkcWNZIS1x7BtvYce8dsDZM9tN/t2d6J1DtpIb7AjpWn7ke2 bmCIG5vxJ1Ew9vxqj88y+sbWrpI+2jUT23GVqy3+/iSruFtqZL7f4QNMemCWq2SC
WlTNl9C3MVMBXn83mwGyHFtW2wfZOJxROWNfDssCGfS0BRodMsm4LRqQnc8MNK+4 1m3Bisoq48TObm88Q6BOk8+owhjeG7KylFKQJEZvJE1NSisIsEDQQRfzwGBgpDyU
A/6g2pMxj0wikABBMke/+YgwlAEt+VKGcIexo/LOAoQDpG+hI2dRGfZnrKz7Hc4r D1diWrCmpiynhqOmBDeljtjIHQT83knRiY3XbSABr57w4TM9SLCUZ+/b826TpMiX
R1v6gaCqqErVonHFPNX8bGYUPrEwBxPwdzjj8bbAczwC0Y4KsZqfABysXUzQ0nOn hl2aKH73/zVPH6PAamxKCub9YP15ZO0BHKKi0zZHQQtesEH54iUGY+O+1/LCSuQ/
4JQ491uuydJSBjgP0Qr2ZuBpuRKf/m8NamX3LEZUfeixvSNzh1eNVL/98EhdoEas Q45Qvu5CnWBFx4sYvFRtJfMynalAjUbWfqK/BGnS9H1rJKYiXlZr0lt+/cqU+r+h
nT1bfFNSbg5+UmaiQJs2z9tGJokUXtPplPYKLgr6DfoPqUe2yNTrBn0SxDLZwN0h POc4OAeyORsg+szBns4y55gWhGVicyNU2RRqNg3dsyj/sUZhysFiNbyWF+NCXsYa
RU7CoxoKKHQY8QtYdwXQiOh5PGFGCzRloeUaYq4KDYYr6dOD2Ok4Yu0NxqxYrkp5 ND79DR0UL4nm7XVXjz6y34dRV7u00nWRPRWLBhum/ekv08Fv03oOEQ6sfJElhx5M
RyBXAI/p3wpBK1p6lnHmybbpb2gpSY5HGmKDdq54yLZjDHM//A4I6T35Nx47uWS1 6fNV8R+8849k5oZ0FxvsMb6sJU6N8hxgpMqlCODGH6KnizJZOxfjJhMgiyEX9h8J
Ix/5McCzZP1gFHXjndRU+7Mdj2OkBsSpdVZ0+OemrEtjJGUpXJoC5xHN/cxLQ8jA CSV2noFCpbDsIu+JKOSi2LFCfj8wT35q1hsdrn16sUq4/crG2NMOZrYPhh5Uxwim
gJtbK6WuZ7ShAFe/y946Zh7r5xFtDhNqFTl3q8oHoiFPDW4qafryKcC9faClKiP8 nCGWJm309+TUh0CRV3JmU4t/Ls1mdduErrO/W/7SF/pD6zCg11hmpHBKFu2mzXTT
TDBkQZ3qgngiTEvSrVkfASJEKFHfNSl4dgVK41YkUTMT9y04C0rvMBxHGhgxEVFC GjWlJuHSy23yzQ3x8kaZLkw0tNWVOtWzlHdjBq5TXOGU/IBjOfRbnsSxC8btiIFS
eRuWXBV/RPa5y1RT7N1iaMDtlOpBrW2Qq/BLw1jma42QybmDhsfGtgi9O2NBPdyG ZlcyVfRphNT2WXgXZ6pX3soWiE7rkj8geEsYkQLIT1yTSYRzlX98NuFUEgrgTWaN
SjgsMNQoRHNQ4dUh+kTsDxaz09s9QDASGa/ePVbEPMsBVftbIphOWNkvwpC6+k10 j0VgflqIXfO4UrMhkHp/cTcAE311blLaackHTdRIj3Xciubs0dZrIuc2AlJYJiOe
oJZgx6dqxRoJPLXLF8qdaVq9sZJL9ISaLJqFZXflx8541shyyOzP03s8pzAGh9e+ ITdAzgFKx437Hh9MhVdW9DC6Osa8b5FEesiexc4ZRYBALp+XCQLiSO1flUoQxXLh
u9oYtl+DwvBB+GoGqBK4zwGDReXBlQ5aJbq8QhzoHPnhlpfXsvssPXIZRX7Trq1d 8dvr2dAYkITswQNQtSO7FJlvp3ugNNW33BJs2LGmaLhvosBh0YngJx10fr7Fbkyb
z7J3iMJav9bDaAbuGWvP5jbMJ5GVypnjgbaDGO94YxkScou2yW+t696iVJaMVadQ YHenw90TSy6gtF37j/xmtUjz4vI0cToRunPh18fUJjxQbaepXFw6M+YC2Up4S0GF
bm+N2pgJDiC2yCCzbEiWGTeMoW1irHPLnBugPxQinB4KQ+nOg6v4K1VbgZkWuafe sZEAv0qQjBdXezU5z4V8wz4hgPcuvb5w37l+fP50lmqHjC0FHKwi04JdinaetrpS
LbQb9+bwhiZ0YNinzaQ20fEf7qtEUvtJ1P3UkZzW/MD+eFRLHJoN40RDe10PaP2r Nwg/hI6d5A2s0gMEd472SLP2bR0INNGW+DZKtewTC6WqrniR+WT/TcA2O8NNsZVT
aMOwA8Fsj2FpO/8Y6tlGSEfZ4USeiivrd6vw2JWs8jKV+5EOSJwzeCmvi6uNQe8L GZOOSf5/Kd+HR2apkmOKq5hIYsDX84Ji/eY32jHZO9K0DfCQ+zBatQ00JUOpYMEq
iJkkA684/Exp90W/ASQk1nEy8MvDrypH4UdQQ2+Iyef9ukOL1wID7u3BChaikbdw lDLxoXKV/qUuXEp34foZvZT0699btpmPhaD8aTKLlFV59WD+TwdC15n7V6at9Jnq
2l1Ph9caHNGSMxr3CJU98mQo7NytCSHv9tD6BJe+Ilt+s5NwxVg9JD++hEN/agKS kqe5AVV28faXxCi4LVOJunjNlkCA7SUraGVayRPEL5SG7dUsqcP5jFPOwHAZgC2K
NsYFRdOAW6XPZSN55zA1ypsVHGGUWaSMSvLogxlVDlzBzpnTXsidHavUwHI09fsn Crr+zJZgwYJqTaUI7gKUAsxph0bFqn3RL4Qhnc6b0OZx4zVcwMIWTDt0W39JZrnz
LrD5FXDjjk3iU8O/ara4Vkg7y5UI8RS5SnU/N2MYVvP17Mt83/ax0D+J+hXKRJ48 3ia0x9U1KvrNlnLMDl5xPro6XwhqOD1QEGZOGaZmByTZO7Wkvoe0kL3s8s0xCWHW
fk8TP859Ec9g2LMZPUCsK0K85adKh5/ETjNo8stdhWkOfdapisSg3vkdCT1Btr2f bjoWydg6rxeyfPW3ZY3Htr3nzqfVovFupFbdj7icm/iPM+B9gw+0sb7IZ11v9Hmy
kTrT7z8mX620vENI4EBPO3tX6V9waWeQXA7ogDZ+arjh9eThdS+QZj3SpkAPPy3X NFx6DqPDQXvOTijea66hKfIyxPMTfZFZszX/KOOO9MNBX7OzAibgprJ/fK4VYUsc
/FbPCaFm1IUO7V8N5qCpMlb2iarjvGVbtNFlTosbBYQuJ/ztSpZcF8lQ+ukTw9OF NPSJlHZ59DWpAaZZEaCaolcWJBrxvb9ycir5ydPudQUpTN8z7agosdkNPT9hxGKz
4PxZmGtU/bmDGg/nwmIIzUliAKBQ8MTViWe4nk6r4fdr7cpNph7TiRhG8fM9zwVY WrsV5hxe1nhDklG2VJ6ohkCbiJawBO8pZE48nE1r4cwYT8u/CvzfIHX50SmXN20l
QqJP0tvy454q73DqhIbMZixjINeyq4C7HpFp85/m0/cSgGdqfyDjVTV4koQb/RPG ugVbTDygrRG8nCKKkym6hqi+/0kzHKRk2V48HAal8CNv7h/iVz8R3a/PyGD7cc65
XEEpOSx72k0MVUoRF1hO83f/QiXZWdfIDTBbgjxZMtW4o8qG5xigFfAwpTzy25GX w9fDjyjpex40hsTy6tmz/7dZtu3lFznNDUYuU/lDqDAJUG40SGSwCUzlp6TRmTZd
l+EMbxgD+YSf7N1zdV7zWBy2UgV9OdFkWYd5J30ThaDJ+j6DsDRawz132INUWA00 z4U+26pPW74eKJ1isz8QVfrDEsn3Jk/IBE3SrzM1VyfuvxLKYEMXARAJoSSVk5pz
WFBWH/jspgzIbCThPWt5E91flhm11qrIakJi9ivVjPOZWGVm+L37CA8PxK5cWfg1 n/rM+gIKQ0hXTUYIyoKgfE75SXV4fSCSy1GHgdbuub461HDEXKVc43qTbQkhOlYp
v+5a+HuU5k2I5w02C6qvqLhAhQ9jX2VtvuOej3eLNoFbOYrJ8M7ZbRemcitso64r 5u4OjdfdXcq790GfGL9NslVxTVCCpTrQc9n7jjkplvBXQXwDXCfpOqzTar6+Nkcw
6rdbFn72FwTiGQdgKp7p+jkSIIdK+GWT6lWVQ2ZPHyREZOMPGeZDtTW8JzfjS6ca EL9r2+5PsVOzw5mpHDY933W9AkVaLsnqxyVsFJz3l7Up0Q7y0yqM8ecA+6SW4gAh
DpxURVz1VUEwQYxd9uCtjjslmInatBKUmWyoRmMMuYWEzsr6RkjZoOOqP0CzNSMz Er7UHcEmljNidhLGdoZKjMijDGRAiCIavFi+nbihkRumrDhStQHKqQhfTU7JyiLq
PJGuRCrU8uvO6/xFu7wnk195O0sqAS2n0He6Ek3Y24JerOYwuaOsLeEymWt+KSZn UmWNlhkPax7Swc/zBW9J272LgYV40mQfjYNacY7KaHu44xGda/SOrMeUnFPZB0mU
uG5LWvVpgot9yfyE1HJ9bIvQl/7qxKbXkKll7c1U+WzMpFQlIW1OgIi25n00Mr+H edkdsuG/jhVT5UgifL8SXnCL6DzyA9Lo/IDb7PQhUHhEhWfNsWd1F6qAZohJrdqq
YcYr6KdXizAhuPAjRQl7UFKIhT7D0qxHh8e7+gEhX94XPX1B9PJsdSq2lm3kvK2n lDShd+g3t+MBshapvaXtwjI7DbZ3WKRFeyhdye+Leml+Z0eD58cR1N3GqCPMRyWa
f8/MRKW1RphqZdXHkE7QtRanyZMxbC0+Mz85U3iCkkJqfzTnXYorvFNdTC5YBLQS +fEvrVdaJKBizTXgeph3g2Uc3vjGnmNH4x861zuG3+5pKpONV+10z33noByApeZg
PFdlrhtUBgx82GlMC/OnDgF5RwIRBZsl+oZ46cgJxVjr0A0pWmYVfQ2mUmV6gqQx GrVOwwXVZQfr76ZSR8wwLpAy6EvJ9E9gCMC9Q2RlJzdZ93hCqQVn1srocqu9RYD/
kOOWwRGslcXN0KKfRITPbrIge/+68dwtR0ftuYMPZ5wmCCna2LbvQYGcKZ8NRtQu YL+P0Mafk7TpvEJmYvAMMydiBUfGkrCIOZa5J3D1oYZSd392gt9SYeju+EZ4HRJn
Q3/fDGSZMMQo3FC1XHVDVlBRg2qLapJe9VZM08RVx2vBcB5IIVceNPwkZDPATtMd usZhz6T/eZpSNJcVEgrHSoRI9t83o2Dms197VyVElOY52KgpF2H7sGTauWuMwJJO
lPBVNpwHnb5JIM8xiDHomjhPL8P0AuuMMDcmUsjlOJsgwyqJArI/JlhoFsMUh9NL MmaW7xzG1mP7+4miBs33urlijeToL05EkXD0eEL4lOlddLHmHQ96189+orgzi8qt
7jNcpyuk2YzizC5AOYUoa4XOpwLVmRShQ5reedn8v2oIch9KuIT6dewcELGQHdHR kB6yeEFfwK1h+7ilooPmfSaQj5Re6G8HK82CIJaVH59Yo3QoCIeAZhcnxMKrNJSh
0Y7UCwOsQYWxCIYu3NjkssO7+xrmqrffdgJdq7sf8tXZpBqhOQBtmrqydbnx96JQ GRC5+XEntchPH4iDyGC7k5Du0CfNKNyrFpJ8vwdGmNZiqnEatCtXEtzqEo4Z3ib9
HRtZpwk+X2Lc1d2jd5jfQmyk+m6MyB11rMS47CGs39qWyXs5rMr6cFyHnQYfaXR4 NHLz/bJzPPDqG1sLIe+fv3Cpb9a7G9uMyn7ZzAcDarsRCJdjdfsT3NG9Jeh2LeeK
o8rLT1A1f+K70A6JrEM65Ka8YkeUzSiNKDgPq/OThItAFe04GH3UpdBpoiT2oezy vEDFK6XyQiz9QxCqNqdpEGgUff/zuWMHaXN9RmR88uyNPN2mClnF1A2pY8oRhdVC
rPL2ddLfMrOoiYIHJwSXPDlHdIYvbfxveZUJoAZcE0USPxneKVyb1A0G7rRj1ahw kvF6urIbOPS2Tiih66duBPd3nF1y8xFwwCCjgeWSffhzVRfvpdqZ7mlN4GimsI71
bRdQ/voqOLQh+STRCZifHws6JbGfFikLH06TB737Qo4E4XxZegQFIbwgg7Irc/XU o6V6ztsVM7A247X1jOZ1/WBIhF1fyMF/jf37Rq6N7FAFnMOZWJSf0b+UTXeXzS6z
F4fdtew5pMhEpGC8Im02j6QCs2Ls9cJEZo0LAqyjYXTxWgUATvy9gIoG/99AuG8O 6v3PbA4grpEC9U6wDDO6zq1JVdAD69Ecw/IsLa4uhoJNJa4ZmXxhPg9gl301nMla
wGnqMQmYrX+swf8QAK9wLxE4wSs1ZGyc8oWqyF9mfwdLSx4cfalR94930CgI6hBS z5LMulGDSHtgbOUYA6Z7E7WGDm1oTYPeI+O1ZzPDzpcOrKd/QqX5zhSAAaYqcuQP
MEFAlTBVDKvEr21D74f1S/8Ya+pUD8Gxxnp4MDWtHEsls9w+Oc4UDgq6S4gcMMAE Zi8S1CON6AYL2r0bAvrBCc3oKUgIAXCgcltiRrt8jW3Tm1HylgtX9hHxmQqx5Fwv
sTry3u/D/hFZqRX8M2y7W7Adj21FyvC8Mm3OYCbXOGHF1bie4AQ1wSiS+fjEVVVt EK/F2qxnZLpwX6y3ooQncBIn14TC2fGTItbAdwReyTZjLv6l13zSgGWNjcDXQFPz
XSzRozuULU9HIjemb/oLmVzs3Bx/U5nOIf5ucCbUxCOA+Ol6rHNMMmYQHwpu4rbu koLT4iykPcFXJARBOn+TQqbEQC/MkZ6Vej9DHYhmN/dXIAX6aVWBgJ8yKRs/8YK3
+d7wMRrtVWLEShy5awYotV9XLI7chZUB+pXhOBljGA9h4DChE9cwvHJGCEwfOutm QhAzQizaOgtluVA7cNcrVk1lk87Ee6aeYKB94fa4Nkl42vukEerCGXNUW+wZfwO7
63/6T8uNwI9OI0LAPbbbABSR8na9qzrpV0STxuG2TQ9Qh7cCHRnIfE+QRJuy6Xfc wK/+yCh8yFIKSeZPRk9hejMCCuhl9rLoVVXvr7kOp55Eugi8ioBBjnJ1Hj73p2dj
rVhLZB24GlCEPf0kys4RPfrcHFBfC/rAdiF/KIjD2vw3oXdccd2gdn0FrJ9fFPfM Howx+JIEFrT526Zmf1oMxnjT23+mW0UQNxQGVev4/+XdfR+mG6ah9xF0b1MD+9oP
ZMWKFZKSB0vUFUFAyg90jMS+J0MoG1Dnmk9ZtddhLjh/IiTInTdrWU+T02XG6Vlb vVqHxsdUuLtqPqFWmcg7JmbWgAB+tvCa4ET9Sg6yID0UH0FenejcotqaltZiDRGG
/qNEFkIw6vbaPwoLzowSeprVWptogqTnfCaQPPFUv70+14mNTL6wi0ufinwhHtF5 g1YiI3llBU9CASFmzN3bXVfIs4u6RyYHSo2VTNA4A4Uen06chZkWNxYtb1BjIMnl
fvuhUkekixn5M61+uE7czfflyZnxoXTzI8YhSdRnVCcrJ+9AV5dyx7Cr3ELipGLB 6IG49GlfTO+yhtk38Z/JZzB2WcVAFNExQdgxlfpQEU47NSTa8EgyJFD+0uwr6A1o
2OKWNHz8V/GddKLN2Wu+ls0CPiss/bCKW+UJb4wtxJz/fHp5gkH6qc3EqZ7i5crJ gm1e2S85ViHL26YTzmDP1CH5CjD5/ZlBl6mOBZXt3euA7hr46zFe/XCa5YqlUuOs
ozY9n7Up6WSZgvgzwET0JCbcHsL2+wStkSaRlhTyczB52cNJTACi6uXEYyl9om8M PER2c0UlvY58rEiJghTvy3p9sTbAj9m5wUef54wivUXXo04LoZhlleHpiFdi1kYJ
7BWq2FvDTeUJDawB+rBm+XzyL95ySrXhLhTN9N71U+Jk1CDbf/zJXVbu+NDPhEpY 13B1KWkS9HwLIjv3AML+rSOgWZjT1QLDM04RohzDJP1GKRmMp0uNY2RtcQeWt7hv
7hTg/P/u83DbXkUR8w0Ja1nSjA8ze+Fxt3fbtNPSzG/bC7Ut+rGkJsnzBBYpTUjt IgNQyOb0BUtWFiQye9lpF8rmtsfTFfQmFfYmcALTvGqEAL/hQbYYSZLDHJBGt/D0
dbDoEdjj0cj2z8B7LSLdEdtlueLKLtIdYFPDdca5CjoEzja+4I3mNU8FxF/CC7Ci FMlX8K83o3do1IoAYw2kBcm7bHLAXT6e6WY5URJ6bhpYk29GpLIe/RPtbNLefqwL
KIGaRgwy1JW9Lsi3Z0QM1jnugR0RgsLisIU4yX9pogO9EvWmo00wj7kuM4OVGggg OlzomfzU6I21VRqb1A7NrWge3UPIx++mIMi/qK7n6OS4pORq8qvpZqoVSgWNEOwd
y2/c8YlJJi3JvyBayMj22CrUtBv59fPz+biFloYe1nHh6jGJB+zxsobKpEZ0UMGk QQD6Zh0RzjyB+H52xyGZTSb5GqJBMCJYw/2ZiHOHGMbH6iqChMT5abMzkCFejWlX
1Q8k6PKznMicR0M8cummltrtNcwk13470zy0VCisjIq4j7YLfSkUH2Wo+3WgHdpN LHtD5szlj5Bkc1ptpM3jYoIwFLB1er1QnNktOFFzJejj4f+OiODBIFYxkakc1zKx
wUAsTXpE2HR9Amg17uOU7qBqBkCC4nbArddaw9d/Jv6IxfsGx5kyDK1X8Nkalqvh JdgkL6orA2jZ6AE5Bv5QbinpUySz6o7hlGvi2bdjnJUti3I3dtaMnzF9BJxl3aqN
wT59cOw3GXzOeS3eIfvu5RO9o+d2mfRH+77sRkvPIXOkM/bDwZH3cPtT+YEveqOK sSsm0obh5ds5xURSxhkK1Q7T3buV/hMZlsSbakX+xmHA1eA8uWYROQqf7KCQqGem
8RJTDQeLMqSX7lo1+VC+975x2Wsv1z1LBpWiw68tXLj4De9Pp8O5BXnfBS80vJFY 6Hk01xjz797mSnpmi4w3LrI52MSjjXdr9sf5aCcLJ0Niok5I6SLoNyeH7TwaKMZf
JMBtAg6MIVIQyblv+QxnYX09CGCxjqjka1PehmYpafcP10OUfU5tSqJb4kB7MyUj ReMp83rBGP+KLEyfGMp0/PuMajQAsqXgJG89T22tMq1+G1uGuWqYW4GI3Zuk4mDq
NRn6yYcJXJBAt1lMRGlLDkUTN/mswR5Bzy4NnzThZb62sUZ23xwKJVOoApexfBVK ygZqKCwHiR8wvDjppzTiuvQegN/K6MIwjgKRcfoPmBxI4KryoKK83Xs7rA+z6spK
rJRaeuUaDx1upyGfMEVuIlmCT1aYIXBb3f/W2zK5219f2dbAFU0goYTKJoohBzGL zJpUtlGSV24ooyVcWy03RQ85Gc/HMMwP+zOg37J/YZASBpqjvlSWxDaK8ZzR+dEJ
tJ3/dO5jLgje9H1AgZS22UVUI+FQo8uG8ApPJgts3AW91fjohjzzYCp7T/zR7x4h 1EAhJ3uCRenTRURzMyrysBdLayLFW+gHUDFC5F+INKPGMertJqtYdfOs0tqG2uPU
UERWGfMG2fHYje5/QuyobVCKt8QfG2DhvSIMDPBY7KHO7bXJdEmUwb/aSeggmDCp JX8U3mubey4B4G3j58ok7ZBD4rOll+h/8Z2Nahs8udVMMfSB0xx8bmf7rwaJKf/K
LHK2foRU983nLGdDrp2q4TWCoMGVSmOwBasUjVHiUA8= yg/AjedixIkUNA5CfMErF/h1EV+zEux7jyQGdVQ7xJI=
C.3.6.1. S/MIME Signed and Encrypted Reply Over a Simple Message, C.3.6.1. S/MIME Signed-and-Encrypted Reply over a Simple Message,
Header Protection With hcp_baseline (+ Legacy Display), Header Protection with hcp_baseline (+ Legacy Display),
Decrypted Decrypted
The S/MIME enveloped-data layer unwraps to this signed-data part: The S/MIME enveloped-data layer unwraps to this signed-data part:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
MIIPOwYJKoZIhvcNAQcCoIIPLDCCDygCAQExDTALBglghkgBZQMEAgEwggVkBgkq MIIPPwYJKoZIhvcNAQcCoIIPMDCCDywCAQExDTALBglghkgBZQMEAgEwggVoBgkq
hkiG9w0BBwGgggVVBIIFUU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z hkiG9w0BBwGgggVZBIIFVU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw
LWJhc2VsaW5lLWxlZ2FjeS1yZXBseQ0KTWVzc2FnZS1JRDogPHNtaW1lLXNpZ25l LWJhc2VsaW5lLWxlZ2FjeS1yZXBseQ0KTWVzc2FnZS1JRDogPHNtaW1lLXNpZ25l
ZC1lbmMtaHAtYmFzZWxpbmUtbGVnYWN5LXJlcGx5QGV4YW1wbGU+DQpGcm9tOiBB ZC1lbmMtaHAtYmFzZWxpbmUtbGVnYWN5LXJlcGx5QGV4YW1wbGU+DQpGcm9tOiBB
bGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NClRvOiBCb2IgPGJvYkBzbWltZS5l bGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NClRvOiBCb2IgPGJvYkBzbWltZS5l
eGFtcGxlPg0KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDoxNjowMiAtMDUwMA0K eGFtcGxlPg0KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDoxNjowMiAtMDUwMA0K
VXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0KSW4tUmVwbHktVG86 VXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0KSW4tUmVwbHktVG86
IDxzbWltZS1zaWduZWQtZW5jLWhwLWJhc2VsaW5lLWxlZ2FjeUBleGFtcGxlPg0K IDxzbWltZS1zaWduZWQtZW5jLWhwLWJhc2VsaW5lLWxlZ2FjeUBleGFtcGxlPg0K
UmVmZXJlbmNlczogPHNtaW1lLXNpZ25lZC1lbmMtaHAtYmFzZWxpbmUtbGVnYWN5 UmVmZXJlbmNlczogPHNtaW1lLXNpZ25lZC1lbmMtaHAtYmFzZWxpbmUtbGVnYWN5
QGV4YW1wbGU+DQpIUC1PdXRlcjogU3ViamVjdDogWy4uLl0NCkhQLU91dGVyOg0K QGV4YW1wbGU+DQpIUC1PdXRlcjogU3ViamVjdDogWy4uLl0NCkhQLU91dGVyOg0K
IE1lc3NhZ2UtSUQ6IDxzbWltZS1zaWduZWQtZW5jLWhwLWJhc2VsaW5lLWxlZ2Fj IE1lc3NhZ2UtSUQ6IDxzbWltZS1zaWduZWQtZW5jLWhwLWJhc2VsaW5lLWxlZ2Fj
skipping to change at page 158, line 4 skipping to change at line 7287
MS4wDQpIUC1PdXRlcjoNCiBJbi1SZXBseS1UbzogPHNtaW1lLXNpZ25lZC1lbmMt MS4wDQpIUC1PdXRlcjoNCiBJbi1SZXBseS1UbzogPHNtaW1lLXNpZ25lZC1lbmMt
aHAtYmFzZWxpbmUtbGVnYWN5QGV4YW1wbGU+DQpIUC1PdXRlcjoNCiBSZWZlcmVu aHAtYmFzZWxpbmUtbGVnYWN5QGV4YW1wbGU+DQpIUC1PdXRlcjoNCiBSZWZlcmVu
Y2VzOiA8c21pbWUtc2lnbmVkLWVuYy1ocC1iYXNlbGluZS1sZWdhY3lAZXhhbXBs Y2VzOiA8c21pbWUtc2lnbmVkLWVuYy1ocC1iYXNlbGluZS1sZWdhY3lAZXhhbXBs
ZT4NCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD0idXRmLTgiOw0K ZT4NCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD0idXRmLTgiOw0K
IGhwLWxlZ2FjeS1kaXNwbGF5PSIxIjsgaHA9ImNpcGhlciINCg0KU3ViamVjdDog IGhwLWxlZ2FjeS1kaXNwbGF5PSIxIjsgaHA9ImNpcGhlciINCg0KU3ViamVjdDog
c21pbWUtc2lnbmVkLWVuYy1ocC1iYXNlbGluZS1sZWdhY3ktcmVwbHkNCg0KVGhp c21pbWUtc2lnbmVkLWVuYy1ocC1iYXNlbGluZS1sZWdhY3ktcmVwbHkNCg0KVGhp
cyBpcyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMtaHAtYmFzZWxpbmUtbGVnYWN5LXJl cyBpcyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMtaHAtYmFzZWxpbmUtbGVnYWN5LXJl
cGx5DQptZXNzYWdlLg0KDQpUaGlzIGlzIGEgc2lnbmVkLWFuZC1lbmNyeXB0ZWQg cGx5DQptZXNzYWdlLg0KDQpUaGlzIGlzIGEgc2lnbmVkLWFuZC1lbmNyeXB0ZWQg
Uy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQplbnZlbG9wZWREYXRhIGFyb3Vu Uy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQplbnZlbG9wZWREYXRhIGFyb3Vu
ZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMgYSB0ZXh0L3BsYWluDQptZXNz ZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMgYSB0ZXh0L3BsYWluDQptZXNz
YWdlLiBJdCB1c2VzIHRoZSBIZWFkZXIgUHJvdGVjdGlvbiBzY2hlbWUgZnJvbSB0 YWdlLiBJdCB1c2VzIHRoZSBIZWFkZXIgUHJvdGVjdGlvbiBzY2hlbWUgZnJvbSBS
aGUgZHJhZnQNCndpdGggdGhlIGhjcF9iYXNlbGluZSBIZWFkZXIgQ29uZmlkZW50 RkMgOTc4OCB3aXRoDQp0aGUgYGhjcF9iYXNlbGluZWAgSGVhZGVyIENvbmZpZGVu
aWFsaXR5IFBvbGljeSB3aXRoIGENCiJMZWdhY3kgRGlzcGxheSIgcGFydC4NCg0K dGlhbGl0eSBQb2xpY3kgd2l0aCBhICJMZWdhY3kNCkRpc3BsYXkiIGVsZW1lbnQu
LS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhhbXBsZQ0KoIIHpjCCA88wggK3oAMC DQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1wbGUNCqCCB6YwggPPMIIC
AQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UE t6ADAgECAhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTAL
ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1Q BgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUg
UyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgP TEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQx
MjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBT OFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhM
IFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQAD QU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEB
ggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpM AQUAA4IBDwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41K
LcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLYYy3iOx7Y ImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt
OqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF 4jse2Dqs165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S
5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEH 6DgCReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCq
AMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z lLqhBwDHdZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6
5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAMBgNVHRMB vL/PGeWy6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYD
Af8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGlj VR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYET
ZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQE YWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8B
AwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0jBBgwFoAU Af8EBAMCBSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQY
kTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJeKCcsTKc MBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXig
FqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN nLEynBakDKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6z
1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc9gMGHjMT yBZVjdaox644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYD
g1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94M5274XYx Bh4zE4Nar2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOd
W2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCqh64P1hIe u+F2MVtluLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeu
Morj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOURza1SkCv D9YSHjKK49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2
i9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqG tUpAr4vRhZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zAN
SIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEw BgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
LwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJ cml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UE
RVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2Uw ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVs
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2af0+StijS YWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9P
NOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwORjrc9BaX krYo0jTkfCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY6
4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z34rTiz4D 3PQWl+DILs7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K
xMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4xrIJC3Cz 04s+A8TCNO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMay
WruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3vzfog891 CQtws1q7ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN783
9MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3SeOWwks7 6IPPdfTMSiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90nj
AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB lsJLOwIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgB
MAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggr ZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAww
BgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQ CgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyX
ENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3 rilqkBDTIGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkq
DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sYonX2doiz hkiG9w0BAQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ1
cGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4 9naIs3BjJOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaV
ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqDIdqGJdGf WHg4eHIjSo27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHa
8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+ hiXRn/C9cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgk
Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI LD59fk4PGHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFX
364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0wCwYD LJtBiN+uCDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTEN
VQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExB MAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBs
TVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kpolw69Phq ZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJc
zpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG OvT4as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH
CSqGSIb3DQEJBTEPFw0yMTAyMjAxNTE2MDJaMC8GCSqGSIb3DQEJBDEiBCDlm+B5 ATAcBgkqhkiG9w0BCQUxDxcNMjEwMjIwMTUxNjAyWjAvBgkqhkiG9w0BCQQxIgQg
0QBs78N2wRl0kf1Exib4redr1foUWvF3vmcyCTANBgkqhkiG9w0BAQEFAASCAQBc 48aQJVg4Ai/QpEFw8rsxq2fGKjdKAo7F9AiyJ9AcdQswDQYJKoZIhvcNAQEBBQAE
m0fLRAACOYr8JymCYS4CYBWzMuTqh1DOat4MTroQLeNXvV8NijRWYdbHFcL1hrdy ggEAVvcWqGsebWjsEhsQlER/C5Pib2KPH+9KhVGFbCjDFZvBmNklEI2YomGPyrXq
uLBoqHTkv29eG3Lp5+Ah+uYLcPeamzoxWgfiLgPBaFSQU8ZyxPqVRj2xLq2EqG16 OoPdQEQpVKLXB3M2VfV9BotUyXNQRR48gRU/P2kRGclOnaKOkzJVnBQjuNkcTTDF
IW5DfieHgVN0bv9P+gmRdKdzG8+hiZcZXBm2aJtN8oifP/ahgTzePiBiHK4Qvecy +CHduHMFTcBHNmvWn9TsxhzIksqIWWqTS2ugc4JGJ+Oh9IGX5HBpFcuXU3ouznUt
q+Cr1gFwVlT+1t/2MO1tGqif6R14NCmUaHzeOvzEpJs1HlE8W7yUjBdrS3my9KW1 RQDZNZuiqo7MFcw4z8uJXHXiZM4lWici8jlSs7LNtlUX01Wd/K8rTJZZZ01zpEtD
fAv+chp5rIXeSrZGTg7ZhNLcq/uq1H9IpgnYvRXN/f6WhggdVUZ5BJwPqbNcCJFl vjVftz2p54sEevwkS++c3eM9MUyNYT+GC/Hm2m3japmH8E7grmssDeo3d4a1aKy9
zAP8CJk3IK1fzZulSebk wd7sRi7PdwAgwUXiOuso3yAoqQ==
C.3.6.2. S/MIME Signed and Encrypted Reply Over a Simple Message, C.3.6.2. S/MIME Signed-and-Encrypted Reply over a Simple Message,
Header Protection With hcp_baseline (+ Legacy Display), Header Protection with hcp_baseline (+ Legacy Display),
Decrypted and Unwrapped Decrypted and Unwrapped
The inner signed-data layer unwraps to: The inner signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
Subject: smime-signed-enc-hp-baseline-legacy-reply Subject: smime-signed-enc-hp-baseline-legacy-reply
Message-ID: <smime-signed-enc-hp-baseline-legacy-reply@example> Message-ID: <smime-signed-enc-hp-baseline-legacy-reply@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
skipping to change at page 160, line 37 skipping to change at line 7382
hp-legacy-display="1"; hp="cipher" hp-legacy-display="1"; hp="cipher"
Subject: smime-signed-enc-hp-baseline-legacy-reply Subject: smime-signed-enc-hp-baseline-legacy-reply
This is the This is the
smime-signed-enc-hp-baseline-legacy-reply smime-signed-enc-hp-baseline-legacy-reply
message. message.
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft message. It uses the Header Protection scheme from RFC 9788 with
with the hcp_baseline Header Confidentiality Policy with a the `hcp_baseline` Header Confidentiality Policy with a "Legacy
"Legacy Display" part. Display" element.
-- --
Alice Alice
alice@smime.example alice@smime.example
C.3.7. S/MIME Signed and Encrypted Reply Over a Simple Message, Header C.3.7. S/MIME Signed-and-Encrypted Reply over a Simple Message, Header
Protection With hcp_shy Protection with hcp_shy
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft with message. It uses the Header Protection scheme from RFC 9788 with the
the hcp_shy Header Confidentiality Policy. hcp_shy Header Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 8190 bytes └─╴application/pkcs7-mime [smime.p7m] 8190 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5054 bytes └─╴application/pkcs7-mime [smime.p7m] 5054 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└─╴text/plain 325 bytes └─╴text/plain 326 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <smime-signed-enc-hp-shy-reply@example> Message-ID: <smime-signed-enc-hp-shy-reply@example>
From: alice@smime.example From: alice@smime.example
To: bob@smime.example To: bob@smime.example
Date: Sat, 20 Feb 2021 15:18:02 +0000 Date: Sat, 20 Feb 2021 15:18:02 +0000
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-signed-enc-hp-shy@example> In-Reply-To: <smime-signed-enc-hp-shy@example>
References: <smime-signed-enc-hp-shy@example> References: <smime-signed-enc-hp-shy@example>
MIIXnAYJKoZIhvcNAQcDoIIXjTCCF4kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIXnAYJKoZIhvcNAQcDoIIXjTCCF4kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFAk5Jw4mFC+UC84fvpvWVuVYa7lz/mqUPw1 Boq0MA0GCSqGSIb3DQEBAQUABIIBAEY/MQAP8JUkxGJr2+gL9fUy/gTYqzyKkkZF
jVB8JIsTrvGAEVoW5Jm9cei83og4JLMUOIxM9WAuJEUbUApScNRBgW0vSyl0qB8E GQqKBR98jCom6wtry9FqxMqirqkIXmy6QgPsFh9nf6QmP62K3QjP/aGDI2VLeKJk
4VdNXWLA0Hsh2LYySirv0yxb0cGuvoWdgGxlqlUmgoHMcwcr3o0F9Y8HenqQkE/L beQfZRQRCLqqsP0MRQLT2d8lAJAHCO57N8tdm3jXavSWxaZkEqWF1rtcVCz2QQRg
aplaZ7E1TW4OGmDmuxxUHUHPER5QcS3UKFHmOrQga7Ecnagzlw7SLiloFNwOFhMb iKJ99BPNEjwLLK81VCjxTkQOcxRgUNUK21pMQVFoltXE7SGVjV8jeEiEHj9q65nb
oqAbKADbMdgn27ThOoroxT3z02GDIHLaYa6uP9IVe/ysFPQTqjKZhd+6TETLh1/p ITmfNgmTP9oNk8gojEj/cmTy+hHGPVFjDJZxAHtd4tjU4k/LP46NRAW3tmaxOKMP
0SMix7NDaUnm9YiZYIzsqsQwKTCWYqgBhl7uZ0MrrooZNQNn1rQwggGEAgEAMGww v/WkGMcYQGy+qdaXn3n2Fp5VCTfJjFW1bZHdSHwW63kTGr+uOQMwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEACpVIIC327M39MPcp0ozCdnwC HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAk75ys1csbLhA8HayfcCB6yPP
eLqFcDb59GdezAghfnv5LE38ZBa8cl4Hq010yIE0CQlbpW0NRbQ4qa62PEHsRaHC 70oO/9hlsazxTzL8NcP/f3vzlVEdaCXKGzQSWRSMgf5RoxQvUrFCTaq/F+rbGM7g
hJlBhkOSs5xw/ClO8RRPsQz01t2j5hA1F9Khe8z+OC+TaLBFVjXm7v6SOnp0GHSi S03e1DfxGb8wUgE2ZeZB1o0GvSd6eNB6gjayEJ9AEHwpT4bEJeh7TQ/Mi3PDwelF
Rcy2QPTCU2xj/4u0wGNQ5SMxMg9v0RmnKs7I5fLHJDTgBQ2p+YLGp55LAIPQIA3Q kbmA056B7R7529w55YeQF7ZgsJxicJFp00ADPw8iYGd1bOj3wGt3Kz5uycUqsc+4
QD4TjlsZrCYCK1RK/qj2/0p+llf9X5lVPUe0kttJ2qu+lPWJXQ2+FYB/zh244v5K Q8VWlU5N+8jeJRDVPtEQJwa+S2HyuaPLUZcyZWkuGtVAOPRyCqSjtgSwenLmRTGU
fnD5DGok2NK96pr3HToJTRgTTRgA6wKF/6tlE00BZHRqr1xhUL/d4ZMkfsjpdDCC YtwAFvQ6K5E+vCRPyIAg/HYwaYNeUJn5Cr++YkpNBofnrofxaV8zKRIx96IoxTCC
FG4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEJua4/oTK5pBnB0FVr+FDv2AghRA FG4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEHawOvd97z0NJQe7ccQnSR2AghRA
NffO6MgeUXY60oPjjAtWmKdtLrY3CCr/iioPo04wnBngRfEHJQNkqJ01gOScql+w lqu1gwka8gwMldV4laK3pICEOTa0bvJGWO7wrvSEAgZUObXjd3ekfVtDGWgXhWbB
eFP5u+7znmTLC7ib9Y7Wed8KpObxTISfyLmd/xByN1fIuDyd+mejL3c5O9LnclI/ 8uaam5ssV4WViD4h3iZ8HTRPiczbSsJ2lf8CKOwqOYp8VKQ/wy87yVB6Mna3ZHCT
Kng0VGlxbQekkITS14iBrwgIvOSsNDBAKsVpyQDvq2gkOyR+e3fTAKFtDpEovs63 PqyEOTYYsc6nrf9vQIxrE6I0Roa6FJ33+PpS312CglFyMyhs5bS3TTt2xwnBvLJX
48iKvZu922TkdxTjyp/wQjtB9lVlWqPDnHr+boJ2TjGZomEIAwat3mA4+ESIbOkR HoPF8JwGxe5xkD9xqOC8jjkMdBcUM8y+DRf9vcDYLAONiuJzpaixkEVG8lFdsXtz
0qPjgLFqul1mH/XA7dvW5y7PqN8WiUKf6dBnesRIjv9Vhq0a3OFqdzYdKy9KpnXU 95b3Uedf7XdXe9p/gnqfeVvDLvTjUoxWa98KUM+ZC0bm4gHhTwdP2itiUGMiGYZf
zI3o2GWC3xdGJ2WhX0L+J5hvW22k+CIgrB02Y+1ddESmC4gsr4LqOSz71erlr7cR yl7WICIW2jVPVZ6GGrcE9fYwqsG6O+5vygpte2juAQUkwQ74PIcVY6sSWMVbFmfu
qSc7URAqQefd240iNaJfKv3pkTzUYXBnclIovijegtz+ypzbv9h4Ejr6CyETCqwV iWCQ07OXmNDOtcSHd8Uhz1uqUGQxNElzFQJoKc9RzO4O+jSgSRenVvfwR0AtZy24
+HNC9216ptAGhG4aobQ4cEgMx6AYgVWk21gXe8/ZsXm7xWmkdqAwCNNBUExdOQNw WnvbnyUHESgmcn94eHBYow7fqmC7N63kTwtr4NXuMAEH1MvW1iVkJNyB9ZI/DOCr
cSFAVI+0IsyPSoUBTyA9CL5oQkODjviy4lvswBqjJYuQEGQnNZffMuuNKESJpA30 0fv+/yPfLr3Jobx94CYnP/FRqir1h6dO1M9RonpK5wj+YEl2zNUmegCDizVCcuvP
kwBPtVhEba6fK0HpW2XStVzhpgOjr/J8OHqfw4aTWFuHOcZbOqNQ424FSAZdNbsb md2nj91RGccyWgmQ4LPrNdMk2+nQvKNm9Jrv2iHNseyuwGJrc9cczvl/E3Xf0cnu
mUQWOCPvzdM4tGM27T2MbC0z/ux9PXRqola5/YcLkjm0ji5hntITDmBTY2XgvEgC mS8Y4iMPY/wRnIBN5+D8IzgWXvhMEGumwtT58XFL9KwrLjOKRvai4iNIW6K1fh8J
yr8UoUFJ5xEWFGQMcyUkN/WNF9MdGRvMqKpyKimRqn+lY3imYDOQlGDbXsufJAEj hh0D7HrdneBas9x0QV7yP2TMuOO9LBln0M9OAlIJAa2LNBoMLlaaeJvv4/AzTIEm
9tFbxG58inPfQl9m+oQ4KnMGH1/wZisxJGzZT4mkBl7155+wfATa2Vk35gnHZJ04 GEYbVIxD3ovj0jm9GCEn1XNgktaTJZt1g+u1v3bsUOIZZcNGdsiUpMXY5a4xnO9N
8CrdW4k3y0L3Av5uDk4XIoWBrRk5xMUF+ESceQ32NGd/PXaifDe8P5NnxBYw+5Sr 7KGyn0K/ALBt4dsfY4V0hfQ7HrgAlOs/pO/6bgfGfAul207nzGUV05C2gvn0HApq
+3+Wsl4v1CUZoDAEvCipqNKIT5MV8wrSADE8WC9lDYsTeRWx7dxeTdiIOQzKhaUL tU0RpW7F59q5rr/EMlMU4RIE4RtsKFv/jjLVMqwyQ8c6SAVsdCUNCqWPPN5KPKne
8rjgmWF2+SMm0HL8eX3ibROVzNl4r6V3BKGJrbztHT9kKXRCPsOmpA5XLsObNCXP B7NQ397Wfrpd5+f0IiQ/g6GQpSpiQjjfZW/tKq+EGxVpHqrM/wtM9W8phh+rRas9
vqcPKIk4XkzLvPgZ/znIa9bhnPKY3BqphyLDMVU5p/1Wp4UIztLmiqEGZLkpHpCM meavNl9EuB8aJ2gjansk/IezbZkUuN8GUzhFxEQHzSQNADeWjt4rnPaBzPrKzDlh
pa5zd3r/C7Lk8EqOGIA8TmwY0iuiWZX3+Zegsl55QYsOBmSS2/2XKyPGI9+QPond MqRk1j2LrH8Oh4xBzimpEz4Z+MzEY13pbdu7g1ZWyTCiewHeyZbIoRZNLFtYG6rY
SOeyEJaxUhtJtXt9mqae9doxL4jzLfc2IW8Sau+WmdVXmyZtxPxDp9fZc5pME/dD uGjEX1MHkY8HarcAqii4Uk5KTi/cEoH6bOYj8zIlcGxqiA9Xha6jsaG/BkRQS0Mm
uL9RE774krvPtGvpI45BIAlKVxPpalicEURf2U8QpDBcCAO3hml9nY8t5nPGV1nm /YqBxllLNoyiTV/VC53MoHfA4Ro2/4YrdaykBZEPoAn0mM99EUdgm0vqQeiKLd3j
gkV6DViWJkLPCSl3a6l3faIQUWR/ERLku0omu5zFToe1Xq8oxN/fQeVETMNasiTQ IePb2udTgpPlHIR6Nw9XNlqiUxFyD5PcBIz/JNY4FbZQ8xWB5OpiQNm8zL4Q7Sim
n+ReCFvdcMbR3aD0yoC2obz5BImvIXwde7Tw7VWYRuuOgngluf6C1sv+uvURHj9C 6RH13Wpl1MIU6FhS1K9966Pjkh/nMnS7hPtsH/rBXxrgFVBv75Kn1gmccadIXvQh
eu7asNze8hCdhvkeVpE02ow+ou3nstMsbTo2xdjXPGlIalFO/kbZjOAlV/6E9GhG fgZTXjXDgw+7ilNxJn7c0tCgZpuGM37TmjIXANDwBCSJHfeVG4WdJTKsM2NXJrzH
6eSV36Rl77bj6pJW+XIkYM0UHUNNZoSrxwX6EuL/+P0nVA72tyP6T0ZubuJtSSk9 9uFOUnhwY8LLmy0MJ4BgYMqe7cCHBZ+Els7bbUCA3la4tYXQKQY5Z9XtE3bst8rO
IeWI7Tt6l4PGdFj0UT22v8QXbfSFXSH3A+A6DUXOQn2Foe+pB5sLQBdrD3iJmBpv 2fxWkwF0qncK/giXEhSURyiMr9yc1T0lGfF3jSxMahSohnBA3cKHBww0Y5Kj9n4l
j6hN2rZCd+N5WjRANUpToD9f82BE39fm8Cx/DdlZTSsBy7QA5a/Ho4Emu3mt0OzA kemATIjN88n7IazxyAztz9n7/I2FXmPAtu0W8FG5QBoIhfBw4cunuHkzAU7yTSNl
gUPPgru48T+/qZs2TAZ0i3Sv1Rv2orXrbUW9UWyv/T8bD5ICggHVRmisFbZyN1h/ MNCjYW7FL/ouvnb/MY5I1LySF0XqfJ5JEdgfk1gXsQKG5g4350i1T3I4XWsK6h5j
ZBkZCAO0vVq7hbPOAyClb5/Fc8bHXk4iKlWCt1+4agzA/TjPZmN+6V4DFdJBLf3L dJxTS9v6U2efWIDWYtAKqi0tNnvcbJjQBNx4zt/sPqqU6dCTSz3tn9QdYm40EuiF
EPvWW381ejEIIeGx9wgMWiDxc7QZaIGIF7n9yKrtUeGgz8D2NF6P5cweiFJ1U5zz aEBcna52jUCncF1EETp2S+yv2ZudNOUysRGAfy7maNGcqrUuLtXRfa1xdJ/TBYhs
VoqIyxwE0yySPzlItRl6rkztn69yDBfzUZTaX4oWxLyVW7Lv+F5Hn17HC4H/I8By wlAwdMKtakFv6dqu/h3kMBDEqcu3y6pWnB7mFlcso2CUkv7/CEl0cg6KNOtPz5k2
3aWPHbYUXuSXvXvXC+R287RjOyNi0efGQm+kKAOn6386fsw7MvJ0tCGIzLWdhWMf WAin1RylzYjBkR+OoMexQXQNSXk1Zf8PKZ9QBTfFOiuifAfAizyAGao3CebY6WNT
TZtKSTOQ7753xxcQVx+4YDp6TaPx+qgT5MjS6baHVaUR7YX+oFQkY60bhh34fmzw 1ewkZBAMoyM3iFjvCXjR203l2bkKSIZopA0FFIsDsGWn3ILZmPWq/9TcrNvqPTKI
q5WA0MQH+310MbhadPvC6CcDtdz37iHhaGbMf9fc2OJY2VMMJx/unT9KTtYh/avZ WzyIKlml2VUse6OtvGShW18wW7BNBlsZeAi8naGvMe/9JmOShIJj/neKxgoivxrV
OD/7sLgkVCkkLbtpHchfHpGvQJkTA9cx0/lEYxKTb5VLo+pC5+x9CdoGvuI/hWve oM9B8a5k/qB7W9tecEHAyohQPOy11+1HfDTeClJmdhui/uhqFJW6zQv5+qCdx/sl
igy5BF3wxfgNK61pusCXS6VRCJuG+ohtg1iQK5NRJA0W2JX60AlKaiRJawB0IFQu KRXR2uxdmpFex7u6EfaDUmKyO1PZg7a81808fTaBX+LL8N2LpNrpeoO8feH6nnKE
XUrri1leiCD4zJHNixDMkawoi7X5TtcvKjOfhiRGifRULn73UFLL6tAo8Fy/hWGC vvUl4wH1fabHsqUcOr+WADC1Uxsi54HmUszrdK95byESEjaVLJwL8LXj2APu7cx6
qYIFACU8RjrlvDPVjLiFPQCsDuPrxe5NSt7bI+C8LzeqI73pYGaK4kSNtSMYk0E7 tZ/8qsDqz5x3CgsCTS1QXv74GwvnJdzs/O7vE0mG7c1v7ukn9qxd99wPg9vHwkEf
Ls1jxKcRVh602gA2sNoRRxirScQsF2UW0BKWpKXIunzvL4SgzHo4yuS0U1H44M9E +d/45beotS4F5kBnxL+wXmlPBJ3+k1BgnFYuYodvXaDMUNZDnpPPQuKoC6RRVqYR
kbR86G/KljXKBnVnW1H/ou9Os5GgCbJn76TxVRzpeRWAKOX5AhU2OQYCJb0MxZl9 pjaOpmi9tuIjURYQMuSuiBUt28OfzhBK+kte8rZIZ+ZwykY/BIVEWbobOZMXEZyG
wRD7Ehsv68CzE8Dw4VBIjMku4D2jRov3fu2LGmreQG4MJEQjwUNx4xyHNTfr7BDp +3kPPrPxcV5omNiPdE7qjo0Skj8QPAEx4IcT1KBIS9vL6OXgH1tDbz5IYrX5eF3A
5Z87q/rCa/GNZX8zDXi+FrEy/4JjM8j8VV7MC6cGMnbAd8fqQPVPQLtcHUQgGbuv jFE38ykxMAJ4Z4NRFzHddZmqiPBWSPcR6+aYSGjiw4T4ywP1ZwKaPtB/2AXDz88b
Db9gQF573Ss8ttWm6n55pb5eUU7wLgcH9YbXdLLQENtJ62HTxeKY/HD206bCEQfA lViai4VNsa1feH2UIMKY3BPpWRf6ADfWI1n+jIByAc0UkNynB/gL/UOfUOCLaRm0
zqb3/MWyIElvUiIci9hGZCowzcTm9+JCry3/JBr3hkZ8+OSvor/x1HRjRqtlYW3c QUchsCqO6vou+/Yil/czE9VxrW/ARBTw+mmOh7Hn+7aW3jsPxZLdTMaia9exM2VF
EvuyYXFJ7/dD6yHrqdwJG7AhJbzpq47Y4SUTWpDtpM+WHGaQFj1B7JVP2iYtxsDa rBcyA/1iv+7zEPhlWJv6rVQHR6/goDQsaVfuyeumZRouazmKXpwVRu5i0pV8Ie/n
nTLg7Ym6GHtH5ZwizjkZlDR9WBWaOPgpknb3JMbI2pYLz8p/69fdOkMwudl4iE9+ QQ2UXU7JytaLkeSqqsnLXo2K+NdIp0MXOBCu1TIz7fOZs/iUZphAxhZ+9qZCzHR+
iThb9nf2Z6iVhZzxpSei1EGh/5EMQHGLIfcrZwIu/vuk6GGIGYF/ktUAdHBdengs j1X74Pu2lzGDWi9ElfIH5xrb0H9jYnqYWzM2Od5nLG9KB2oGluR8pgVSZ/c6FWaf
PqRYP0tEaNQF40nG8RPLPiOPiUlxvOKUl4+7ChD0so5Y8fVDRlgK7GCJ8lfi4LoU 7o+2X0QpBdX53Ggpp4LqE/Mi6HbePQyt3c2ldkpOy/IFlg0WvyTWH/G3CBYPLldb
DLGF3sto76A3RgpmCjSh7fSk7IYRiZm92KwTGssRhfPnABqskxw7rXtDcAOg8uU5 iPv//0yVozh8ZOKRpbNLUAjguDd6+m7cSNloIECRjeZ9VwDU6YFnRwraFDOeTbkZ
sND5d41btT6GqAQHWiYrfAQN8cIZd2WBSiGZG1w7/KPRxcoiatkGDlYJd017ytbH /5jjwrKVj+bCX+h6puLsBh+KZDFnw/T5Jlt5Z4CbMv5sPdwMBLjB9AmMCmEHwLVr
QI2C3m9v1GpykX3b4sYN3SkHU9GSkeAJHHa3bnXlzbsmudhAL4Ql9YayagABbdA5 E+pWoT7lTl6kfqBd3Kyb8e5WeqqtvOQbYaVuxArxEFsKfzg6T+iN7F3jElfcBG3v
VwzGFIZ/43ybp+MQYx5nBl9y7RwxDd2N/kZZXXaqq+9aBKLVhpOpngBbxrvOjiuH XRIgBkA7MhyMs4ymwjSH3GMKCE72nQ5w//F5L/Pv9kpMzB/t6SJ08TfnYvzqWbp8
e4SaMN9aOxJ1oiYufu7+azgIcqia6cDTlR8jgYXACPuvZkZQAwkmAvQlIvLjhv2X HuSnYYYtoyys6+DdmWlPNWESYX4sGYkov2vHbnRojo4qGSqfsf7hmZ4lWKKcbyRp
O1nogIyWfhNYxJqpxrWexbtg9TYHDnr9JxAdi0dfrMIDx+r10MmF0Sd+Cp/LFMxD NcZX8s76oWYpBfGDfRQS0MxOwnuh6B3TL6dD1Xy+HPhNePF+yp6eIDIo/pfji8pz
jaR0Z1Gug4CAuypdypVnif+a3FiltDvtjlwaziKG8J5Qcm1X7+7gv+RtqcLnsaxv F0WZMKN+DGqNgF/EZw2m2hZGY2EyWXuDvSRe6C7d7jbbbLE2ydfxCpWjNWwQ6lD/
70Gd7o1XbiAhNvEUWbM2wxSM+T7zgFdHI8cEjUl5MAT3Vf2gKxGfQibd8z9vmW9r SKqCgpiyLmLG36Ml7MIDy7xpfra9pqadnoAMzfkzMnjky9pS+Torv+Yn4pP5H3ml
HZV9eN37qlQY1MS+rO2De5jCLdi6WcMP4CxPaRbbzXPmUm3bDesOf2CZihf+HLru 7dE0M43sLRx1ypkBSjd5S7sHYvlmqf1aWYQ5KveElT1Um1UtPz9j3qFyeJMYhBd0
RPNI4Mg+xy1N9VcMVSXl1SlN1r4yMJdQubdzS722gw7GpIaxVjTQbr6qAtE0xon0 /yBU7AZEHzaM0/Bwjz1fZQTw+5IdfM3CNPhxNC6O+zEgFwXDKlFBGQ8Ys1ygryH6
pUmaRwABerAeiFU61t+uAGeP7dCG5MkfL69YrBBVf+jvZeHzcnBNtBuNvBhQy9er vXU2Vkg6Int5TWUJw2JPvBznnkqv4eQxK8WoGCeIHCaFryS49nTpa2YL+BAOC3Ct
SHL6Gst/Uybdbc+VCboDX0FNb7FgDzD9sN8tkBhP2vYEu1peOqZeVZBIvJpipaSO Du7wF+FEEGr17xsJq6ok4IzqoA5LtTa21lde5PssaeEeJT6kqXyw8XjZ6aOPn76v
PJOVaqmP6Z8Yj/afEIfl5GY7+l0tKifew4gTIYAtdEUqc935yC9dvH2wjVv/OVSu 0P60mu2Bbp3xC/yU/SbVrAvkekX7Ah9ZTeGlLEG7ZxW+oZg/wnOc7eMkdz8xj+OX
yfIpxao0AcjGCRdByH/yhl2cwvydVlcjdVjnFi8r0NWjuBozKcjB9urpjVdjoboZ X3an+SsHkf8xuIs/ryPyR1UU877yD9J/eV+1xgP3x7xwnWUrGigan/qK/TGe2WM3
GHE8L8NGsjGQxzT7oAiTY5VfYnmMlPehsKXNJ84YYsRvK0P1fFk+YG7AATKrQQRC FdzAFloPaq+jAjzItnZ59+RYOBCGiGMzUu7XDN0t15yXL3CeAP42YIi2exVQdj/u
K/R8v7ymePqfC88281jZkVA9deNoHgRdjdZDxl55vjH5+DX36K8DtSlANLavnZLi jC27PzoF6+diNsenHt95jedzYB9FjY53++B7jzhqPTmv0QL+pt4O45Rbqtk+whgd
uvltHl0pT0zPdg3XpFyqz1iZZUZe+M3O5EBpbDn7VayM75MwFO2gJhlykEGOBFAA MuSFTsFXvL9L5BkBfM3fg2yYwJTAmyra8516c8TQj9PNtua0weCTf9WYfcmH+j6u
2XyrEl82tQ58q0pRZy5jW8jcaZhn84NuJGIwhmAoytcW5dqVnDvKMbQZbqiN/nhu W2Dfhc6Zuu+OcXFXWhew50PqlfdeYJvxGGOqLP8hSBMN5zhyj8Q5z4MxiyOa0QVH
yj57eMnAfR4pl3MtFbI6zAZLnsZ2Re0m0TgNk62F7QR+pg37OMYNvp/P6Gong8zs +4N+pAqiKw9rbrg5JOfMZjI9FgmcVJAbxZpxXk1oDpCgYMp1RcgkMJhaZOl1x959
3+hDKpj8kfG1GgDf0PNzdnRGsnEcKDx5DpeaR7o43PQAPjIv8ESov7Xrbd+zilQ2 bpfcbgL6HqyP1T8iQxDJt3wpRAinPVccScBEOJcJcaPXk1pVRfGTfwUtH+PI546h
E1haaVh4NWrPT9lFApiDLQY9KFSGHeb/Xu3s+p7xZWmqgML4jgDXzcKCKPTuKDL0 uKdJF63tGZPIExodinaerZBiqkbP4jxPB4rGbrSJBi928QX5InN+pz3MQ8uJmyND
qg+CVAeFLOG95pGrdTo30iUV232E0DV+OzhOF67B5GbDu4M27cAaCJoZN39wlz5Z uGus9+FNgJ7a4j6mvdOz8lfcRn+U3YE1jLIEE0R/VtIg6jgezyt7/Z4J7rbf1pJC
C80bYjd3XAJfGiBRWRSriu+HugTDUHS47oe3bJMSRd+qrQaUOy9cCqwOEgvQm+9u ZHJQ6x6UR1VA53pQKoFVF9bsPl3ZvsvHWT8yblfKL3U3EJm0Yl+GHbVqaZR2XF8a
rm1uTM3aeDJzQ8oToV5tc72OxvNRdv0d6sZPOStUD07u6IXSN+S2eSxw+jBl0jQ4 knL2/j4tpd/73jOvlb7eAR+eFgjh0HQdR/aEQ46eF0gYZTPDoXHB+9lxjtikAO6L
lSkXBKPpi2HW9Zvm/PuDdWA5cYRlgre+rxvztbg7KMzRheKJE9tz52FPybJftvyZ HgAQ6y1OnxuQWRaburXeyXYEoPVLUrYfdueBBRn8lTZY4esZNCAaCeqsICN2eKEl
1J3j+g6u8DC9WLetCA0/HXw3aiGF+vuBeaJM48jMNRxZGd3dRmwALHsRV53mFa5S wbF0oNH9Hn7vuIkdPCbSLMQxs9JBelIjgv1X/V0VVG8xiA3F18Jwf6XZl7AwpWBa
d4f8F4kTtXrqBa0Di9qPMKznp8Z+BbXtI602Lv3IdPEaboyFBVJyGMFxINDmuyIt MBD7iBxovI0XAClxcWrB6ZlRYxwMujdIw2Dm98kaAeGpr9vXvkjxpLdcsSZF25cg
B3fWbEC8ZsZ6AxZN1nemckf1MEkyhNC4pwZx73nQ/qNleRVsbjXTX6qiGlrTaK0c iSBoXR8KAbAvO8X0EciO/Or1qptyUgu6tUL+jFox7pC9Byaa4BW9/Dr4biwelUFD
PZ5dPJFJuNeoCTtowqnsK7eElb/qKWr9SbjUq/Kmnla3FWxo4+P1goFnaZmacfEH IT3M7OhrYJDEwoF6UIjlcMpymnJYmqGasG59Ah4uaEieQxYk01RRFiytF+N6oc2U
mhs4vTDHsgKmBB6rkIeUAxxolb6TzLDlZqUS/EWaJCA0gGJSCtdh7W17CwtRuL67 39qNFtxzMs14dQr/+zuLdbugVge7v6DgC65iQl9ontT/lH/EX3hChmY6daUmz4kS
vygwTQqeKNi4P7/DGo45zhCjOsABBAQZ+0i9fVwAP9rTc3MFgb72jTfEIzqDSfzo 2VmwdoEhuO6H7yeoIhBTZ2v4+vkGihgQTo8xm+6rw/t55+nQfgQYTC/ZZ+9MuAN3
h0FE+9X5ssuYZUyPUi3VFCOm4Qxv/LVFCUKa3CskcssjhUQkbXVX4gltDigPRFms uKSvTsrorp1I6kK5zI8s6rOY+YaqS10ckNrYXmyq9TSIwyBzk/btb/mDvZMF/TpK
7xV95x9/MEO6RzEZTy5IRmWVImePuKn7lH+TCoTJDxpHC+BmGxuMkuS0qYSLwlxD QIaHsSVlkIdmfq5YmTr+iNlwK1fcOZjseesYAhehpPJUzuP4KdGWr8Jc/pC0QNYd
wuOO876bUHHdfaJ+JfAs1c1aC76AmL44AfI0eBMoqPxaCD+VdCkDsTbU+vEAOZPe iGL23ieFbTHKgPyGCmRdYgEMqpe/THE65H7pGuINigDEgkG4m0Eq7xDVbvy1SVJC
gi6f6ta4DNMdDGk2unqrGGYaCY6n8ZOWowI40/Qtyq4AgQLT1TtVq7CYq3K+vNVc jc7o/O8cONg3kbHyYbGUlaIKBBap285GWNSotQSChkaDo3hT6S6cjPVsrPoqMN8j
vRvbsqwQHVKEwSA5iVVsOkb6YD+q1obEcgJRN+zHNC20jFDZMPaPRJiu5hk/JLTx PQNPARqKYRriyI3ej8msK311VRTjAGKWwEVgxn4nF02bvg9HBqv/TiFrTrFLSsd8
71IRKblxaYqfbO/TSNwlRezonDJWTQqvIt5erHXjjGmSYTddadf+dVsaLbuQv7u9 6g4HpglcnewxmVWjAeCsruK3IJv79JWRNPxOX9+tnd3k28E1QqwuEA02uNuHZLbB
W/XFZzA/zZz+mhGHYeiRmMZ01eyxXCXiLKvc2DnXwT6+MMolOSpgdHgApfpd0uVO TvlHswfi9xmPwZG1bytwrSB+kv/oE0cVLI9fPCKpe3I9N+oL8xLrlqG7vNqwaZAK
yeiwtlTGUD+cJJcnqkk3rdOv8rm76ew3TpixPYh4xg9HBeeJKhkpIVowg9ihgUge MTd1VoPxWmlvj/z2NahU05eC12yx29sJN9Oqz4DB2juUaLFSA45+rJMQc9Vj8fFr
/L3zH1iMiSk1+fPbqFGmfXbLJ0sy2G83sIgvE4/88MrA4+mKGB8zORJhYdZ8TxuZ /Qrq91UVuXQJIJXCWfC598YJ/p4VwL/glK4ofs9ssl5MZbj3IesHFEwN5BQm2BJB
r8GNW3hoXh6ov5v6jEYoGd3XJWsYcJJTtWNtPwMZua+u234unR2sAxwYw3q+w8yX khO/s2kG3dJ5jSHSFcB/EDexFZtdLCyEwjiMNQqniOUwQjaZCKf4U3QYV2vxTL9r
LjsK9nOXuhcZNTZyGIUEJVOBEb67nMK/UhNiFRYQAKEXJTvO8vAh+gzFgDlHr4+k jA7KfBOgAdwgXX+tKRWv0VgIOz6gITE21u9envfZ1eqOfexlfGT1xv/E+iGauIST
z23Z9v6Z2v1zwxAheWcYNER+Jyk04FiP8toA1qYPhx1jttaiffXxdHJWs+soQjv3 qgVKh0ciZMPqhRgaBHrtrjtTyifweXbSKo4AFVNHN3K+swDmXW/XHQ6Y7UAjseZS
/mGD8vTogVJdGjyaJmab7jLTbp2zvMMLKqkN1byjbjZRhaH7rftMxoD06zG9Ca52 ZFtjurmHB+uYz+O4kxAct4fJW7d2e5iU6tEGKseCnBZ//PGgzkLbwigdNhopou/Z
ehAhFfsiEjUjZzcUx9ynvBXsEyV4rpRzCREUA6NsL7zrYWIGSVeLn8pDBkk3gigF s53h4I2Z0rxJFz33NHwTx2wquT7MLwCZwD/Thttujx6uI2JXMa0zudluK7S+lj2y
JVg2mN9POZYSlZIctw9OhOUXhCViHM5+dceyMcIEUmMyFgN8yDe86sPSnXqJ6cYQ d3DBHNGszistpi7cUoOgYVMvFwuTSPgvLfyb3CiyUHlK3TIEqox2BJun3tXL2P9s
xAB/TzIsoWddbLUNNzK1WnRaarXx7tU/2iEH9iR3A192b4pZ1126JfURFwhECP/M 7tFBjgqVRqm8AYDRzSpkw5jKL2xWBCI0j9hd2PDOQbhw/EgLNqlHmLK7Yqy5TK/v
cY1Q3lHSMB2Oo9RRWYvlpsGck011EcMwlYYIYxK50RtsmoL7PF1OFK1mYnTvPTyb CMk2aLkVAORtQlryJ2M8WlObq3RPjwfc/zB9NWKTpX/EuY03nYXQLG951Oajvodu
NntoJ/mem/T3rnmxTEFP1THxs545BoUFj2fCYjWsxXAlJSht5gH7rQ7cFFmNu3Rv sNZB4JyeNKbIn9LPNZ+8mfaxHE8Zmqd3A8XSN/KfSGOj5k1wkh2qrWWlhbZQGBnU
4dYWF0R9Cb5+JpY7MoAhXk9k4PqgQwn84XUuqdIYPNU/PmB28ObGb3e3zvihZvK5 ocpwedKqvxKxun/nGsfRmDvMzSMqRfXYxATneXH5IhmCLsBx3qeGLiYoRkLd0434
nHjaAs/k6Z40gQZaAEBFD08yKlMTYYH0F/IO/Aey+mJe1n8SvWTVG0XTFZHm459z 3Z4937SMWwtg+oZYcd+ndW1OnEVyGqTmWB2UKhJhfIhL1YzpkS6444tdlIV2LKeK
kb9o2JKJmBKTHOPHFOI/dDXfm4kbHvn6T1y70Vke3ORySdHxxTXoEEchkJ65rT01 GwhG/6RzVZ+qnNzeEFlJjwUsMTd+4Xa3k2bkMBJQZggOtFxCeiANkVsBzrT6DTLa
gJ/cA7EJSIzJ4DpcUlKk+HBVmvl0HX63NSTBEEfWrsWdoEUAktVHmTTMfxnvrtoh L9xJqDPD7SROKHubosXhFwx/cDcFveWL+mbkfQc9/edehffeCvdgXO1CIxPmxXHY
LPnNUdEXJae+0kE+EyEWce9MbSPjsNFddHAdNpxthy04hbvQx6/YrUrk0BHGtzDI y5vETDTiJqDd6+wjQHRrjoTv17Zz2ZblhhvdxLnoE9IMABvmd8H6fF3L4jIn2k3K
lIdeatVgxlIb6XS3UzfS/DqHx6+FCGZ75ZYM5/IwlYXkNzXXibin6xqAL3UFAGob Kc0CAy20FA9K2eMgCOW1+JeYcgA1Sh5Y8x1Fg6Ah0FFH62SMn33B9rMYOB++Sjg0
kGeAoKE1bo4d4TJdoYafa+9KxU8DH8fQvMrfFBtS9327I4qWFv4fzPG81opU/+d9 vh/1cfHXaZPwpMb1gNU9hipbThL+2MH0irtzQ7sn7X9FQqvkQwA57OaXXpUId2Nu
kkKOvewfx99h4aMfflT0Y1bs8/mLMABnZiiyPdE4ZDIwoicqGsQgO1u/dRD7pHWt U0rjXrw8AxmaUtFpN43rCk9t58eP+vosfCsG/uA80ptkEqb0Gz3FM9B6Be4crw2O
J9Hv77iPBZMmURHGiRkK0hBxYlRGUFZm/6/Y/aX4vG/1K+A8l2ksWdLpqXRQpcuD 3Oivl7+0dpJ/rAD1lG3Vq6VAvpAQNT0g0/TmrHJ2rnhX5UUxZB7YPF/eufDDtLF+
kqIBlcn++x8pyWyY1STAOF9w1IFp5wBHH1fy07yNBDj/xKMufz9j6hrYWQV8bjWV BZNXMT9+snguEJHRifIxhFXIsE/MFti9ROSsbT90u4k9WxY0PI5hp95dkvX/PfUO
TK3cb8Ar2Qr80TrUUCjyu+d+37kcsi2uMDkiRD/avJbLPwePFTuJZe7nZYdA1A2s lNsNQvN/OjVFx860ZCY2UR+l8VhYwUkTL6qlBAeVca2QvdZ8BIhr/GNHfXyge0yo
hxnJyBasTI4iMlxH11JYuMGHouu24u5BbCILf654lR+BIQ1d2ogA41eHPlZ7x3H7 cIbqf3WQnU/05jV6v1YOq2TJZaN8tLaf+rJait129WW48fCv/oxW00xUeRwB6Fnp
C.3.7.1. S/MIME Signed and Encrypted Reply Over a Simple Message, C.3.7.1. S/MIME Signed-and-Encrypted Reply over a Simple Message,
Header Protection With hcp_shy, Decrypted Header Protection with hcp_shy, Decrypted
The S/MIME enveloped-data layer unwraps to this signed-data part: The S/MIME enveloped-data layer unwraps to this signed-data part:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
MIIOVQYJKoZIhvcNAQcCoIIORjCCDkICAQExDTALBglghkgBZQMEAgEwggR+Bgkq MIIOVgYJKoZIhvcNAQcCoIIORzCCDkMCAQExDTALBglghkgBZQMEAgEwggR/Bgkq
hkiG9w0BBwGgggRvBIIEa01JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z hkiG9w0BBwGgggRwBIIEbE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw
LXNoeS1yZXBseQ0KTWVzc2FnZS1JRDogPHNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5 LXNoeS1yZXBseQ0KTWVzc2FnZS1JRDogPHNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5
LXJlcGx5QGV4YW1wbGU+DQpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBs LXJlcGx5QGV4YW1wbGU+DQpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBs
ZT4NClRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxlPg0KRGF0ZTogU2F0LCAyMCBG ZT4NClRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxlPg0KRGF0ZTogU2F0LCAyMCBG
ZWIgMjAyMSAxMDoxODowMiAtMDUwMA0KVXNlci1BZ2VudDogU2FtcGxlIE1VQSBW ZWIgMjAyMSAxMDoxODowMiAtMDUwMA0KVXNlci1BZ2VudDogU2FtcGxlIE1VQSBW
ZXJzaW9uIDEuMA0KSW4tUmVwbHktVG86IDxzbWltZS1zaWduZWQtZW5jLWhwLXNo ZXJzaW9uIDEuMA0KSW4tUmVwbHktVG86IDxzbWltZS1zaWduZWQtZW5jLWhwLXNo
eUBleGFtcGxlPg0KUmVmZXJlbmNlczogPHNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5 eUBleGFtcGxlPg0KUmVmZXJlbmNlczogPHNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5
QGV4YW1wbGU+DQpIUC1PdXRlcjogU3ViamVjdDogWy4uLl0NCkhQLU91dGVyOiBN QGV4YW1wbGU+DQpIUC1PdXRlcjogU3ViamVjdDogWy4uLl0NCkhQLU91dGVyOiBN
ZXNzYWdlLUlEOiA8c21pbWUtc2lnbmVkLWVuYy1ocC1zaHktcmVwbHlAZXhhbXBs ZXNzYWdlLUlEOiA8c21pbWUtc2lnbmVkLWVuYy1ocC1zaHktcmVwbHlAZXhhbXBs
ZT4NCkhQLU91dGVyOiBGcm9tOiBhbGljZUBzbWltZS5leGFtcGxlDQpIUC1PdXRl ZT4NCkhQLU91dGVyOiBGcm9tOiBhbGljZUBzbWltZS5leGFtcGxlDQpIUC1PdXRl
cjogVG86IGJvYkBzbWltZS5leGFtcGxlDQpIUC1PdXRlcjogRGF0ZTogU2F0LCAy cjogVG86IGJvYkBzbWltZS5leGFtcGxlDQpIUC1PdXRlcjogRGF0ZTogU2F0LCAy
MCBGZWIgMjAyMSAxNToxODowMiArMDAwMA0KSFAtT3V0ZXI6IFVzZXItQWdlbnQ6 MCBGZWIgMjAyMSAxNToxODowMiArMDAwMA0KSFAtT3V0ZXI6IFVzZXItQWdlbnQ6
IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkhQLU91dGVyOiBJbi1SZXBseS1Ubzog IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkhQLU91dGVyOiBJbi1SZXBseS1Ubzog
PHNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5QGV4YW1wbGU+DQpIUC1PdXRlcjogUmVm PHNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5QGV4YW1wbGU+DQpIUC1PdXRlcjogUmVm
ZXJlbmNlczogPHNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5QGV4YW1wbGU+DQpDb250 ZXJlbmNlczogPHNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5QGV4YW1wbGU+DQpDb250
ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04IjsgaHA9ImNpcGhl ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04IjsgaHA9ImNpcGhl
ciINCg0KVGhpcyBpcyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5LXJlcGx5 ciINCg0KVGhpcyBpcyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5LXJlcGx5
DQptZXNzYWdlLg0KDQpUaGlzIGlzIGEgc2lnbmVkLWFuZC1lbmNyeXB0ZWQgUy9N DQptZXNzYWdlLg0KDQpUaGlzIGlzIGEgc2lnbmVkLWFuZC1lbmNyeXB0ZWQgUy9N
SU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQplbnZlbG9wZWREYXRhIGFyb3VuZCBz SU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQplbnZlbG9wZWREYXRhIGFyb3VuZCBz
aWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMgYSB0ZXh0L3BsYWluDQptZXNzYWdl aWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMgYSB0ZXh0L3BsYWluDQptZXNzYWdl
LiBJdCB1c2VzIHRoZSBIZWFkZXIgUHJvdGVjdGlvbiBzY2hlbWUgZnJvbSB0aGUg LiBJdCB1c2VzIHRoZSBIZWFkZXIgUHJvdGVjdGlvbiBzY2hlbWUgZnJvbSBSRkMg
ZHJhZnQNCndpdGggdGhlIGhjcF9zaHkgSGVhZGVyIENvbmZpZGVudGlhbGl0eSBQ OTc4OCB3aXRoDQp0aGUgYGhjcF9zaHlgIEhlYWRlciBDb25maWRlbnRpYWxpdHkg
b2xpY3kuDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1wbGUNCqCCB6Yw UG9saWN5Lg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQqgggem
ggPPMIICt6ADAgECAhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUA MIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0F
MFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhT ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
YW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEy U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx
MDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYD MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8G
VQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqG A1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkq
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWU hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1
nnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6F lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+
UH4i2GMt4jse2Dqs165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXy hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV
CjNHT82S6DgCReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/ 8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41
Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80 /0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWf
RuQ3qFC6vL/PGeWy6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8w NEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4Gv
gawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0R MIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1Ud
BBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAO EQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQw
BgNVHQ8BAf8EBAMCBSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8G DgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAf
A1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IB BgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOC
AQCBSXignLEynBakDKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx AQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LD
/Ht9Ii6zyBZVjdaox644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOO sfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzT
oHz53PYDBh4zE4Nar2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3 jqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps
web/eDOdu+F2MVtluLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb 98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQA
744gqoeuD9YSHjKK49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWd W++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1
NeXzlEc2tUpAr4vRhZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phq nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4
zpqp1zANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhM as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMI
QU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9u TEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlv
IEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzEN biBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsx
MAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNl DTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGlj
IExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4 ZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehY
Fj5Nmn9PkrYo0jTkfCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNf OBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpj
CwDcDkY63PQWl+DILs7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7 XwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7Ph
QMFtmd+K04s+A8TCNO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAe O0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQ
LqzJOMayCQtws1q7ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7 Hi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKR
QFecN7836IPPdfTMSiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1z u0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDt
Q1Pq90njlsJLOwIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAM c0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4w
BgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYD DAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMG
VR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syy A1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bM
LR0GEhyXrilqkBDTIGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0 si0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh2
WTANBgkqhkiG9w0BAQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6 9FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr
BdP7GKJ19naIs3BjJOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzco +gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83
zmnd6XaVWHg4eHIjSo27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukK KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2Wbp
Yr7agyHahiXRn/C9cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IP CmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1Oy
kazgPYgkLD59fk4PGHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s D5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9
16jMhwFXLJtBiN+uCDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEB rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIB
MGwwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMT ATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQD
KFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXnt EyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV5
dX9CqaJcOvT4as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqG 7XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkq
SIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwMjIwMTUxODAyWjAvBgkqhkiG9w0B hkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE1MTgwMlowLwYJKoZIhvcN
CQQxIgQgMahPfXeRTJKDWjCE/0llScBMuyD7DptAxoKsAmAzBdgwDQYJKoZIhvcN AQkEMSIEIAsnTrJmG9vhEDGPGAIiq3jNFKAZg/b5qnb8K8AAVkcfMA0GCSqGSIb3
AQEBBQAEggEASJuMfoErHP+bowktPN/yJIltnTlZUibkbJxhHPhR5EgNnn3JyMoW DQEBAQUABIIBAH/7j5oqF/rfVNLmPNfU3UFn3oHiaWt3+y8+fLX1e4uMgFOshe5Y
l0yP6nJyH3sBQ2/CIBkmMSXmg+A0PFv3w40fUtX2oKVzT5TKnNsIDtv2Z7J5JRI3 Iz5rkMeHmP0HHtnqfbPjyktjTR/wlmHazGcasD5/KT2/1/HXOJJdaM/YQ4g5RiBi
TbATMRmw8VItmPGFCJsD9nXRc4cEgvrvojXSfv6bWp5hCO+8WNadiiGZNdoZduiL h7TDwAfDsNMMeEfYII+gDXrVeTc0BvtrWetxrGYhbMUNLtM5tskMhuUMVYrQBcUh
rWNSwO9nQSxuNkqNo+wwaXF9Rynh1ZcazsVopBB4s5XuJ/Zcbbsaci1w34ywNCHw vkYBamQMVmiZMBOFHhhA9hEay6QFIlAC1v3WtJvyiJCShld1Qetd+NuDbaCr6vZt
5xx9Cgj+6+yUsFp33P2YVgdfK4beyoOZK27Rm9e7Mpi6QxUi+BCR/8DB9svZBwob +C8LsBh8hQO+TIT8AnV8yBhQnqFGj61JQjwGBRRwQHbvAEG4uxaWr2OwCa0VWOh5
K7iaKJzRBDxl4Qt/m6VHxtvkTXjkOOD+7g== 237SKEh0m/haavxKarioAGkbzlAGbNElyX0=
C.3.7.2. S/MIME Signed and Encrypted Reply Over a Simple Message, C.3.7.2. S/MIME Signed-and-Encrypted Reply over a Simple Message,
Header Protection With hcp_shy, Decrypted and Unwrapped Header Protection with hcp_shy, Decrypted and Unwrapped
The inner signed-data layer unwraps to: The inner signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
Subject: smime-signed-enc-hp-shy-reply Subject: smime-signed-enc-hp-shy-reply
Message-ID: <smime-signed-enc-hp-shy-reply@example> Message-ID: <smime-signed-enc-hp-shy-reply@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:18:02 -0500 Date: Sat, 20 Feb 2021 10:18:02 -0500
skipping to change at page 166, line 36 skipping to change at line 7665
HP-Outer: In-Reply-To: <smime-signed-enc-hp-shy@example> HP-Outer: In-Reply-To: <smime-signed-enc-hp-shy@example>
HP-Outer: References: <smime-signed-enc-hp-shy@example> HP-Outer: References: <smime-signed-enc-hp-shy@example>
Content-Type: text/plain; charset="utf-8"; hp="cipher" Content-Type: text/plain; charset="utf-8"; hp="cipher"
This is the This is the
smime-signed-enc-hp-shy-reply smime-signed-enc-hp-shy-reply
message. message.
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft message. It uses the Header Protection scheme from RFC 9788 with
with the hcp_shy Header Confidentiality Policy. the `hcp_shy` Header Confidentiality Policy.
-- --
Alice Alice
alice@smime.example alice@smime.example
C.3.8. S/MIME Signed and Encrypted Reply Over a Simple Message, Header C.3.8. S/MIME Signed-and-Encrypted Reply over a Simple Message, Header
Protection With hcp_shy (+ Legacy Display) Protection with hcp_shy (+ Legacy Display)
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft with message. It uses the Header Protection scheme from RFC 9788 with the
the hcp_shy Header Confidentiality Policy with a "Legacy Display" hcp_shy Header Confidentiality Policy with a "Legacy Display"
part. element.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 8690 bytes └─╴application/pkcs7-mime [smime.p7m] 8690 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5418 bytes └─╴application/pkcs7-mime [smime.p7m] 5422 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└─╴text/plain 514 bytes └─╴text/plain 518 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <smime-signed-enc-hp-shy-legacy-reply@example> Message-ID: <smime-signed-enc-hp-shy-legacy-reply@example>
From: alice@smime.example From: alice@smime.example
To: bob@smime.example To: bob@smime.example
Date: Sat, 20 Feb 2021 15:19:02 +0000 Date: Sat, 20 Feb 2021 15:19:02 +0000
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-signed-enc-hp-shy-legacy@example> In-Reply-To: <smime-signed-enc-hp-shy-legacy@example>
References: <smime-signed-enc-hp-shy-legacy@example> References: <smime-signed-enc-hp-shy-legacy@example>
MIIZDAYJKoZIhvcNAQcDoIIY/TCCGPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIZDAYJKoZIhvcNAQcDoIIY/TCCGPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACdv0XrIiYwOqFiCZ4pb4VxZQfPk+g7Kb7bD Boq0MA0GCSqGSIb3DQEBAQUABIIBAAms1ngOySnXdmv6DCfeI7GaiqqHxwOGv1EI
45v1z22kXFlsbpOrdYsJCfyleCEN88RhU/gzDpyLHY4ESXAJ6fEvKWJn/1kRZEXO l0jgi8u7Y72KiMZwvjFeRLtLpbE3/D5s/MEJ8AJ9LN63jhEUv+AyF7L29pqX7h1R
LFVzbE3f5F1N0x0cLKa7r7Au0ryY8P8fvBM0Z1sgZToOL135JiiKm3RD7IKXCLxg SQVY2I51zrm5ilPMkB+v1Dng6GguD8XDqmsxgi1oloDgExg4dsqPbGvYcXqQOUli
onz7kgGCrkby51sdsGAQgJ6rvFJlmvPQLdmi9YOOYpKiIR6wfAUu2mHOgBdEtsot B4XdqnREveBuiXp5KetN7RROt3KfD7o3Flakl90pyUIh1gpArSbndjbnjinlwbby
k7UfAloQ+AZXA61VSejFBwEWwKMSk1NiAj6S9Nppn+bOzEI/1qQsVJcNNcdA5kE0 fChri1V9NT99P6BVcdtOoduxEFIUxW8Rb1mmjlbpZQHUN9sxFftA2+qZE4YPGOnn
BWRzQFs2f8HzaoitaeLQuI4UPjnasy86sX3kl+xK9MCe9iSASZwwggGEAgEAMGww j5GyLFAmVbJSOXYeWN2S0TMrFl+RF0H5HVfoTqOMtEaKbro+CgYwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEACFBy5UfVv+8iiNnM1ZrlMISJ HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEATEB5GYpWDLjGLqDyORR4LW+h
ygBuyl2da1yDyv3d5J9El31g6QoJPllmkSC8loxIYPQGdAZ1OIEDBWV6bkgPGnZP 3+Sz2jt7VF8p4jo9c2WubRx1jmmzULRw+Nc12RKtprjftmWXCrzEwiqMy6KKijCI
tL07RkYkNTAUwLJ5Ug2tKADNfkKWOZ4bNa8SbxKDmgx5CtleG2/u3X6xw0DEA5N6 e9Rd5812SDL6iNp1WUXYbqp1x969IQNvBTfNGutgQogB21jNm/qbaL6fAjwIZXxW
m0s9vDa218FWKbe5wSKAA5mToCzWxEOzLLlKHL/a/7p5njtYxneRj2iRPSAOFmU6 lLvTBi5LDe+K6/dwlRjPJlZ/BBhyj2miqz/x+rYsSaG3REExLsN/uIv3f5DGrqg2
uZ1c2UJDmd58b2JlrUxTxYf1+jJguej0/j2YannWR0w8LcF/jEXrMUn66CuxOLoZ 2kHrHjXjIQE8/qYPa0t2fKXFJsmH/4FUT/384aepm8oiN5y8xSxlgeQoW1drFvGC
JdFTc5SmrHnJrjuE0U0jw6SW/R/IIF32XXEX7/4VFltbjzD8Xr/MeocHl7hTdjCC sqFVHomUGvReor5zM6Q1bwrj2FAKQS+Qd1r5Z8bWatQmMfWGu5Ix8m1/kocX9DCC
Fd4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEH1amtLrDCmloM6pbsnGLNuAghWw Fd4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEPUytcsL/JFRST8refH5jrqAghWw
x8bEDtMcmKRFaclsZQSooeU5PEKfwytxagFordfhGUM8tkgm+ZIGq7mujmTz9AmR myavNN8eGoalhPR5erxp3r1BVoRpk1biqcaFsojj2XyGUSqKM3bcnoVAW70KVLCk
rwvoKTU7j43XdwbT4QPzFwNZml2ay7z3qQm13qlR1wNNQgmnH/KWiku3iFYzvF9g HhxzxEFYVeK1BGhW/W9d9JSiwn0OOl7Z0KX0Zf87C9xgnigpjpB8c7/Nm/7bmD7R
O17Io10kAfgcH02XtPxPUhKxNJxrW2fSpELB4olSyET1qpHQyrCf+4m4BK19M6sa Xp4stpyVCjn15E0Yz2R5wLMvh23b7Od/c7UxS4yivIxM8eW6zDsHUVmb8/TT+0tG
AwqBO+gj/hv2L5TNq21dqsAsTe7uNpM0++gJZqm8MQOdmTQrdOf1wxr3J6KRIB5o kVXIc2I81l4WQfVyY2KsQi7Jn8nYt5WO63CVin+FHoSRSdx8hChedXptVj6YXeKp
JAFyLHikD5fKyzLaWfLaUPp36lrISZPOHodnHwYYQUuRZaZ30yABi/5KmPxu978A 24Ugp6cclAEHgcjo0NHNZC6wnOQjEhsra0VyUt2e8FFWAVE58M1HpFNRIgSXNFdY
ad7SAgBqg3ni8VrVKHPz7b8SngjPVWYOnlCjUC9jQlXZOz2mGeaP9ShiW0+Oh4HC eq1O5nBt5g2XnYgiJM+AuEuXD/QpZwpdjIrQif4UwLW4nJCUCnyTxquT2wE+CuU/
Czm9z6RJ+4B2pkkDtnPvxZnbB7VeMmuJYW88GfAka4HxSdMU34PQioy+egjdcPml 8JWm/8xeVmGlXfSHRU9ElHdBTFS3OiIAZBfu+9S7LHnnB2TZraKBqKQuk+K/DQMj
OwIQ059A+mZBDhEYdaNxLjHvbL7SBrV+AsfuwmOUmGgTXVnzRbd3qRqRt8UIU10+ CZMzXLt7HMVvSl0lw8erpkPTz87ugBzXvLq9iCVZ8CirmQouXXTWXyoEf7uhtOBF
H/vMN1W/HKeWvjsg3RAjFCY5B01CJO/+bp0I7JBQZn2p2Ke1hNTGThUCaVbX+0A3 t+Y3aNhNnmjoqs7S/Tw2HCyvk6azw9hFibYm7TCqviLhwpEk64Ol5g3OPhpKGZdw
9ivwOwws48WoynTr6M2upt62lpFqI4FaXwv6/M7UoprWrtppSMdlpFv5Cun8RPb2 sYY0eTndS/j1uBNT0uUCluwj7Nh60xCmRtzpuFZXG+HN5iTR0wgGpxJH0Mj9QdTV
ZlOGkcrHxEZJjbCA5uzPu8VrBAj9f0pM4pIcyXBtpboRBRWctlFH+7N6WFN0dojk uctaEakmHfeJZZqo9N7DfqrQV6Cs5MKnWQ9YZQX/mloY2WDtQ62umI+T6avdkfsY
yuODty7pRnbpaZyll6GjzByf0hUsyuWbPp7V7moqTYqIMfkrOWWl8j9G/Ri5LNu/ AJPUMnxBZgvS6TYWwpW7xwxWMs+skLRyzdjFBds3A+O8A0k9E1pQ0Cr5VPV9pYNs
gpuGBrEBhW3VDmya1axW3MegAFu25WTxtJ8lIeE+BIKidtEE3jhFpl46KsG9IPc5 n/tZyY+LMgF3VV6+eN+menuNet9BDEqntk2R+waAlLDZ3mQXrsNTgJ8U8MKXEu3E
6Ctb4kGm2sI+1O6EvkP4CvMo8/ZGwCSYLCsLwi6OXlRA4LbAHgwCx/UsXNcYXRAS NdcRRl6ekOmbEW1X0Wn9N+oVndbZbIiERHHLRhmmzo7nNSniBKn/0AHNGBM425kT
oEmVhlN9C4exEvVW38OB9KGIjX7ViCxjwaXpPhrnLNnxLWQLBApM58+4DgEa/jlN HfUYPVsm8o38NAQ0lnSJfa35Q039UucojLLazsEQnPr0T1gSy+CMhz+K/HYF2OHY
rHL3c11S0/HFbJ+3RxA3jCE/CVFeOfoszrUNz/tSLqeoLxyeGixIEutTwIag+5RX S+mV+lNuXrvfZ7sUUdSsKWoqbxwVvrohhXSUrmmwZrd6DVE2GuOjogOAhP4xA1p3
WuIa/vtBI9om6v2UqwgvijipClaFwBZBjZXRDxZjO4wbDgzmXT9uGKSLwgrnOwRM 6/NN2/3szADTOXDO78jmchqYu9Beg09K75VByVFzpc+1A9ZCJv6qSZ9GilWoaPbz
Y/k0SITHuRKMYAnRqTj0xTqdiUznIMLKCRTlrqejCLREGUuTowoJGgpYLmQ1OdpR RIR8lxox9Vtjj4JD1toPL2Nm5LHdL1napAMNuolktDL2lKuMVCyGTwaMM/T9DSDf
Qx10qrtEG8pCMFm/GS2kdMXvSnlNDYFKiJUkVoIDEzjm43DhpIN5KGQwcfChAGX2 shr+FTB7rD6YKd/GcBCCJehy0cRd3Y/hLFI+vJBaVEtpCSeH+FuYU17ap9+EPGmj
gf4T0PPGHVokXsurrqpLc7Uy3gSajfc9/4VWrALDRfBPh7NsXgWflMc0p5eIU8FG kJwkVqPyBXWlTYr3fthwtWsrwE650RH78vBbkoE8zny6RRTdV0ENPZEsKgCp7wpt
i3pzph/J29SSN1+JAiIfeSoIdX3k5oHMgHwhKY4+H7U1RX/XEdNsM/twQpeC5Ri1 1/JrGN2M5S9P6A0ZTsAkBvkPMD52m6dYJsopIDyaDvtP/QMlIPuS5o7npfvDCsr9
9WPx7ZcaQKRVQT0vBmIlgJFYBJY45emZcPaKMcN+hPue9Yt2+gQXD8xKnh4IGbZy qpE3DObT5L3dRKbDdnW365+13oaZ6JnxOFqL/XZp9h1n6vxAxx7MGm0lrd3sl/nL
a6K+vlkoEpb9VrRhGjSarX8CzsnDlGTYjEfFru+qbYN8XYT8mtSUxbLYsnRo/skn QI8w22c+jeJbfINsIzkbgfasPxdbYGcgU5xGCROOTlAqn8cU1W1NRkYGSxTZSp6l
BcT3tHz4hi3MS6KjJkcnXw98dyH1IkJgYACSv2GjyEGEZpR3wadJP6Jcig9xX8Ga vNGc5MN9ShtJDlcOxoG8nW/GMhx0MGNh13htAfcQB6d61v1tFAT3sJFruaUF1pF3
f1OuyyDwTM4ZsMj8PiB+wd0KN/JmgGU5b1wkTcc8cVlRCmiN0UuqNAHsCO4pn2Qh 0DGQtY1Lh8UQRqAYkfVfSeW5oTd52hBZZfeHMDHEwXOHJLjKR4pLTqPskMFSpla3
yhfdZUO5l8mOcmsZQ6fRu3UbVu1HjZZH1eGjxiPwtGUtBo8mhOQNOCZPbO4a2sza 5F1uw5abtKgDpqT5ilf4919FBPKT/Ev1BRENt2nlq4jSDjSkTm+ZyZtRdWKoUMM6
QBOMx5uVsZoqB//p6oQFQZdv18nOah4T8JhoSoSnObr2NgJYSgLER/WzucP4zk5s LDRnA6T1GXv/+WNDS3KcGSSKZvMwQHbOdgs3lBEzvcNka2jGiNiwsWpj/6axZIjl
o7LgRTlb+IfTYnw9FLUvOHLEs8AB8TWTpkk8Pto+K3CcUyJMKYjbg/57teYT0T/U AyH2ySc1zR47bfb/Gks3NVZiyAmedt4WU8Ph04uZuoSYuV40V8c6ntk5P9g4y+rG
/aYB+CuAatM7HOc03C0XcvfJuZsXEzSdu0Nuw/VYSwibXS7tgIu/w8TsfGZqAdEz RdXpmUhKN5cTTezrs3EH+p8O/cD0Af5odbWQE0EZtam6Vdnl3afFeJoKdnlBET3K
k+mCDx3NeCukg/t4/7ju3NPe8RqhU3lBer4r94jNoPG1VkCVeO9bUQw/6PAVmpeS Q0kTL8aFxKeRAbpFOTbCgNqzcP6iozqlxz2OmBGdNBhDLwLWDzQBJOOO1aeXe9rs
FkbJsAB1UTSCimrgZlUxQAnndDFZCdU/rmc8ogRCmHtxrgzGyHt803jdlEBQ6Ct/ 3NvO3t7oZ+ZToy5swk8JdLAkS9JOWAc5ofZwfhwZDLnpLdkWticucEjyn8SoqeLA
rb4PcotIHQALRsc3dyL8BkwxW0N+nuB3Slxfr4ooOv7lEeAvZn/nizGGlxynFynB tFAG67GGFStNrpPXtIbdndhSlNLP45UxCeZU8eO3fcs8doRjsaTTbpA1MmQMH3+8
DSeXi1NnMt+8ZeX+jQbPDQNnAONzlQG7LoxuFXS/7AIeF1V5MmWsge0n0SL128tj pCJci6DlkLvwtb0DwwQ+LWSW9bEHWkGfxHo0y2hiwhUCnTw/DvQRoLa7feb6cSFW
8xVC0X1NUvTGVKcW73AXZ8V7oI7sVee/waRo7SdT4yzg0lSEzvRepNecB10smdnM o1wWO8F0kzyD7I4Qc6gTdhnksSepJdlGOFia9R7HNmWhpJL8QY+Okp6WFxF9MlBu
Z7VPXoazVhQJN5QprodedrLOdRD5KwifgrulJsDNHxsMl+cLYym8rx7ajyhofOrk TJkzhwK4XwdNPoX7eKPK+0Mhft4MFedAbPNTgHyJO2JGtUik/h8dduxrhDtgXVw/
OcH2PNRyu14o9ts7jpPhghyqwG0P2A18RNHB7YcsPiy1MUftIRExzUZ2VCyYRK4O jBUg1m0BBslrhuXk77HedXoj2ws690Fb7UdwbyVAl2+8GzGri19zOjYMHpE/V7Qq
DTCk6zatynXBEbr9olQdeQJHAYUF+D53RUJzDD/vTD1TpW35D6xY5s7PxajLaybc u70zUByDhqEQHCeomGS27jv6mBrL8jkqnB+EP7p7prxSwrGsXIfIzg2+cKp53SRy
4WMcZwJcLt2u+VznKgwlRCADESBE1XqScu7mfoB3jpc3pepdApHcNj4T+vBX/OwW 4eOR2gNzdHFfMH5rRNM0ad8aCBtL6/My/7zTEOuh7Btm1C8XDtkksQuJaTz7BrR5
L5IcN7wcMRzdcfP1XlHii+WriJk4GM8Xn8HY4iK15csC1F5TxbPIT6r4SVdRoCFX SyBUrf8g7S5gk3oezrC+U3GQ+B8vOAlQ1yVJbIYpHNuHy4VbiiYC56zDUc5r368O
zpxEoYa3JvpAP2ek5LX+nTd2TZU4WcbSLG/Nn6y4K3KJNR+SuinwLqNrwXbXtKu8 R0oF3tcbQn39X+sTQbtjjK7dftxgCTwr4irxxCxxAEAOwcgK0XBhIlMIL3Vo/Fsf
BM7+bshaz35e6klKXyKksXECPS+qPjVkKMSVYoqg6go1VIxqDvPhtlr9IvKjWK7B wFxjai0LgkNTwY9EwgYNdgArlZzyuSoOZBhQZ6oxf5jXEBh05tYTIunCFIwfFLqh
4mSWU4ZTaw61bTRw96bAjrjQA5O/pY7+RGxxAU6K3G1BKzL0z4rGCACokU7i/n+l o8sg3ZoaUS9NHaGEsruz+sBG8zsbwSgGjzPAyJyw95CN3gM6HI/Uaoi9x5Dx/IR8
Rj2iyF0a9Qf37CLg5TQXqoDS+zgx2qb2YTos9MQj8jSd9HKS2B7VIXWJgTJf0ZE8 883bTyK7wcjy4l7P7XZF+Puw9fGoGOADVpjux9brsBluoYQ/Pm3F9RvCOJi/89LT
rlxZZUUx0BwehWBo9fJ1ysBQ/ZCyLV5i0hY5/93Jst8Q42ohT/Jjo/vxsYbruUdR oMZnU41ZEkFNGOSnTuGr1lbKSdSe9DTt2J2oQwJFnskVYPhGrLIa2UetQBs8Oqve
tGjePoIs0zY2i6pAhfx816/x5ULolpKBAhtVNByiP2TMDZ8FVSM6JmciNs81nnlV iMKrNP6CRhKwLbjgwe1fC7WTiYgrhrLUUsjYxlqRsaPlKeefXZzFBWH10o01lkU6
AjDixrjl5PCY5sfW/qGhVp+h6PUoRjTXS+ybbJAzkVn7BAHli2sdW7OvS64yJfxn vkrr5Rl9xtv0zJVPGDOjbWVMY9QLWu8Mne8evi2OLSJhyiNcVv4my9Taf1fHCSS7
2+nj3J+VpMrnH0YbaDzIcK6G1cCN7UaZolUcfgPdYQKdzogyRxBYgr3eAMEUwmrk 3xK6rdJPWy27eCNVoQwE6USLwsSybO5hsZCbECWXYM+mvD7EudFSPPRSJzHyB1RP
Gu1TLSrLtloSb+w/+mkQDg5LkidqVPpRz7IqlDhWVuZXI5ntzEhY+7DWJEocKSkf 8h0OwZVM/V0S1G9HTBFJHx05iCxqszlePsKmZPzGQFcl5xIxQdt3xtlIOQy2FQVq
n8vpIecLWn5wHTaGsjTzvwgZma/o4QDJrNH+pcFj56DBxVR0B9DyUiSBOrZGU/kk Mfz2Eecw+mgr0Yf5q38i/IxvcJRN9x5u9efAuQNuf5mW2CJTmll2JEtNuYQ3r9W5
ts1FOaFYGBg6xvk0S9qFfevizRZ4DTY+VZBtLpk/tvYU864FnSkff3ps3W+bEmlb QNmSvQZn0+whGIGyfbhvBLhDQJYGN0TXmImoJ93qceLyWoyOTLrTRrM1y6h1sfyp
MgvVAW4UpLgVGe20V2z6QmUm+DRmF4/MXSmRJTIEv2eonDZQXZ2/16KaxL6RUTNP HrTnW80Mcaeqwx7/K9oDkU5yG3i5LOuy4I80kM1HMuY8zUcuf0tWbqwqb9kJn4ow
d+ZgU1ZJfdvesVgoZCZQ/F3lsDlSROqDgufQsaxvbz0eVCTgSEoITfN+99AA6p7t /FWhpJWmaUVoHy/Z8J0ca9bVUNEzgs1DV4TJSzYyAJiS8vfCuhpFiwZn9IdEN2B8
xmBblraAIfax15zG0VQAvEBhWZzqkJzdKRr57RUW/UVOqBKgYegKxBtTjdXHgRE4 xQzKj1gHH8BKzViYNsFyjxPErPlwe3HYH3mYSzketCyMAWqGCLjnx0A7h73FGAe4
pwr1kWlCDqF8GUjC4JX6oc57tQ+Wf6G0db51+jQoJ+XexKUCgyJFj942795Du47E qOqkI9Ea1204BH7+zZUuaX3l62SXwwXXNIWPGZquXrvwD1IT7ylJA9quKM3GShUX
tzLS+GswkD0kD2JBz9fXj9iAg06RvN6clJhStTOFj7Ila/6DFL+GoV5d3TCNlZ4g ADv4J0tR4GB4VzVijEBJO9Z7Yo47PQwLYU/DpbimfSgKOSKhUyHF0McHzyrLV5Mv
lYv+hUmiW8RPpZMSGChWdTIrp160ftE7fpHR/M0cNBO6zB42HtXWgJzGyr3TZ54L PwB4qCvvvTH1xL6vCKzQBssZPIFfPFSu7G/xUTiSytioTeTn0ecnyVXOGrBuUaQF
FmfUEnklbvExdmZN/0G7eI04ZIZvQKZQYl8pSMQ4kZ/8hEHf7BkeHznadb5FGpS6 IXe1Tn/M3rz9DYBoutCVE8iW3nTPF3v5OP0LfYn0sooxy0mi/5e0fjtoesz7L5sm
+ZTKy/pT5/ulpeyMUDlu0e3p4axhwGGaUnEpNRdUOhFT4jiil/hZzO1GN4GCBDsJ nLVwWPjEg7PAHQS5jHSDhRW2x4kd+Rx7DCESIJXEqrc8ge6CQTWe5IoA8IwqN40e
Ok258Bo9xVHOeyDneHVbn6FKWkgASGGBzbJJwCybiEJIM/ixWgd36jg7IpbO35Fj +MwXmCScDSe4OHTqbx7+OtN/HxqbzGWCjITTVEh9QKnCjhjNlLB05KTV4nFlK2YS
YPZYoMQjYGyyuq+PoNPlCj6k6jU3wYIbRoNpXso6eacAq1z62l2lWDQBdSSNReCq eomLT7FdE0LxsNbZIBTZMAxfSGJUCaEylikNHEseRc4AbKML4YdtL/5Mtg/yOzMB
gXeX/8S/qVXEGAR4Kju/MiROou9yx8TvWAmJ5RHaiOkDHdFvxRFbXjf4GrVMYpaz qwIldlXDjjwh87iYDwJoxBGL4GewGbcYICMZu76qnnyfZd0j6R6jDg3rna6v9cXr
gVLgFuvn3Imt78IYOu0rb53GazUYix9qEa6fdWAHK2RXrgJW0YKtlDRfZTYgjVOY 8RAI15+3t/bnmGjWV4E/18/9CE/N+8Lk1+LknVbehykbnM9vBb3smEJgESqmn1sT
cdf5kQhYRSAktDOSB4LncLCTY6KDhrkrMshWgCOYgikhoe44enEPXKhWM9y1BVTO 4quISc3z1Pjv3q47iR+lRWG9F5icqRSu7ZgmCXnWqw6iuep3mSea/HyX23x0U6oQ
ZvCjYR2uQ4ryIVnpinFhPhT8kZwqdia2mfiJpXmDMClDX+XV3TWTsMWrZ2c93miv dvLIl9vT4ji8wG4F+WXlFVe5acl09Um/30cG3pJTjKcogmBvlyJPJt+1HESmJT9U
0KfaMJDOiFWK+zhlQrJ3aKpa1iR/+M0YkrxKxx1qOGz4LW0rCn1b2hHjW64fqq/5 rGfrA9k/94+e2Ye9ksf9irp4rPmBVYTAvnwzr2hLAqlaas8yxGMy15fOuPQ20IWX
rJRFcC1SQM/vYqtk0U6yUeImlfIoRIIUH++f8vd/7Uv6AmOOsgKEYp+pkhtl2nPQ sFP/eRuAeVfbYDGGsqmYhSKXbvd5AJtupiM9SBKqBHCjQYT9G1Q3hUE2qspHrweE
MtZ1NHw7oNmnLi4TeJbtLRU2M/7mChrL9C6BVDP6CZx7F310RNkxQ7wHapVSiU+A hvhdCcK/T0sfVuZrcykUtBo5G8wTtdxSLMUU9prqtYR/brtQGBveM9BchW0iPgTS
LmL59uxWzXSyESQYojaV4hcM4pDjzP98X/N/qNwJPnY4K/LVacKBz8GZxi3KOEBa /jY1R8V+j37GQG5oWV5EGXS8IObsMYzRM2SugwsE1zb74LJrsM209+n4Z+CQT0Il
nWxVlOf8RRpvi0AQb/t48FVGAVzC2Rvfg3MMvrmKMv8SXh/Vj2IsYuhDME9ns1P+ e8zOEkBikQMtx6Im2SCYyYXRi3elIhFolCszCQel0bsr8neZOjVS9aQkH6OEdl4C
eJs9DCLp9YwJYpnstS6MRT9xcPwWAHT5PwQbqTlTFvAJgKL/UjxYlsjwP0Fa/aCk 4JVit2D41Vu7nq2CvWqsjgwz71vD2nVEEBVqPnk3SC6dXXUP47GAiyu0XoL+zFdL
CNlSMVHVgQSSAbaR6CN89Yok0tnDJ5VSG4X8CKbVQved21D2UBXPSoCsnuvgw3/y kzQoFuiBSmWavO53kUOLhSWdt/hkIqzRT7uyd3APBIHSG8ZvTqEEYX18c4dzr8Bz
jc9n7EyD+JsgmIZpbvQmJcoqvO1gxjmxPmFuM6Q4RO8VIY5FHoQZIArHo40brgZw W6Q6o2DNnI82Ht1I7g/ioXI/U/gmc6sWdYh+W+1VxIntu7sjTZz9i+PRQPEvjWdM
gpn4WjpGkyWBVunGsBX/WEhNoPlpvNDZHSmH2/j1cG5QWrV0x0ZRsQ/J/cpiOSj0 bG3hqkOaPj62+2Mp58FHC8CzILViy4uND4AsFrzBYOsybRi48SR8LA0a2QuUPzHa
Ez4ib/yQaZWdKYtGd9SBBvPm4SslOaLm6eSLy88bBDJCRd8j77RMgjZVYzEMkjCV 2/ofW8pehUmhYtqP6kFqtibHdEGBmxz0ntkYzp3bZAPrlyLfSF+aWS8rKVbrgxjv
0A9GHBX1yPcY5X3bxS3+D8QsyjUPNDDk1rwY4MNby6MsEsdwoZ+qFFWLXjzlLW1p wGHUxaRvLUKaqJMq+h50HzglaUPPdElq2cshqYVjyIKqrESk4m3si/CKS6GqWW5v
wHYCM+MH+vXwNlxBQE35FCIoNrBgzsuGonDoiawtcZ17LBnHLu9O+mZOw5E89ukj 3oaxs+WIn4cil+PUgIKhRtJEwpZnJzXOteK9gyKabPJvNsJWmkkI8OdXafDVdJ7F
NvqBY+Xea1jc1RjwAjD/aM+GKL1V7IoOsFwHZYSVADcvrjWBEbqu8Uaahb7YCh+D iJ3PQGZmrturTlGRavwk+EW6cN9jG7KTrQ1jBgYpA3r3ll7EKe4f2YlScmzLswXO
5cY36IlaKvWircrjG4ZRLzI79e+lutD6JWASaQMfpJwP0FrY3Rt+KdSf1vXS/EaZ GeV6FIcdu3xC2a2NOHSSCleglNffJiYJPtCwKiQK2bY07pgL4jXzsa3YqnjoOJ32
bI+C3h6JxG1cOW1lJHG0u8rWVNQkN7uYVsw5IBDgUSIrOl5No5hcFbMrslF5X5XQ pDC5DMaTQPLjNW6hCC7JxVDiDhxCj67b074YDyhWjQMnIDXLVFanRsZVG0Rj5+Yl
lA/4tGJjT8tZVuksk2+P8Sq80Zs67Bsq2J9envNQIe/zXiBacOfpteUnQOBjH7Q4 QPk27a8EUF65vGFAUAvXOIXNPDK/JwvT8BylHX5HjASqK62i9fuHqOrg/OBsDTKI
dTz+NnO0bH4fQwg2jPMjArUvRgjexG0DpC/hbBTX1PEhez2djjXjbsbEoS5N7MwI XKJnS1T802HuQze1ZZEDs1lDays6Bi4JdIVZZKXt+RqevZ6YoZ2O/1Jj+t4P3cb8
PLrI1F9yBhU4I/ZPVVqEXlOrSbgKyyKxzX95jXrfFplFVW+ch3RxPFGVk1gVvRUi e7GK6vLEelOg3F7N42POF4Nl6NiycFtuF3c1RNvGbPw46HAZvUkU+Bdd+ZFy9OyF
GmwNAjVQzU8rzJtzGKI8aWnQUfwpvEVBsXFWzn816oQxwfZR1aIHHKRQ+aTXyzr0 CCaVsHo6/9YGK1oSASdr8wY9yMBZSQFJ5zdA5ytOUSWARmu7YWkGN0vRpUYhOoAN
u+20U0DJP5ibVwSANUbbEcxG0vh1hJDbPGa+zhy+aWIWbAiZFZPHENPG4g//iww8 0WGS+lVSmfak2QplyGHJzkkUVTLgcaBCbdO5RPyLRe/brwvGQo39tTCHlgsspNLO
ol9NavfvvZMhaWNX5jfBr3j4mMCbRfMfq/ZgLtiCfQUXKraVQrDxSVWqzxSGMGm0 RyDWZ64ZqFVSBCjcH9ys4BCSxdFzS56fAFQwX/Yq2bIXmbf0RIjDgMju7e5hqXvU
iQHoKKEO08DUvFQ6YlJse1N6MxQnL1tUKKPeTE90mXescLZsUg6lf1Z2NaBIVNoG r0Q4uesP3V7P1tOuYz8pJV8L4hBiJHoPb0vgx45wzYrp7n6d4aqBm6h644Q1/OhS
4UMKGJ1adznOKWVGZxBr/GBcQDA9OYTOOq/ylxG0hZetGixOGQYBsJx3U9fdDWYm Irf6cCU+ue41dyCOw2pPjNxAaFHPwBRg3J6ogg74LwUWZUQEKycQ1KjI8AHY2jLq
4o+nmEFhH1sr5QvSAEkho8uCZxTXx3zxh547nzzCibuG26uhGpZ/xbFA/PpFvkai 9F9nVb560KPnob7G4BHS+5T1mKZmi6qx8o7VTWLF1gYudHKldF9eNY0dvp9/9kKX
6tXDze0uK2rlz+gf8yRn1Yl++Lq3SFNrK/hisAGY2P3vYSa7p3k7cI4lfsacX7AR 829kbKQQpX0xPiOkdZyOq5O37zcGTRuv6EIfqJTERYkIxHCfsPFHXUloyhgzu3X9
gmkpCfY3gLDLHftoE+XHHFGNwoWo0mkiF/gViRv+rj2m23jtzs2RKckiDpHPryBD fFJUO/ue/P4ZXT8K2EbeG/9Eegzytw1LDkFn1KjG/G4AVx1+Hd3/UY7ia7ZPMCAR
6aktHPrs7ie+4e4Gj/8LEdp/czOG1r+QdhMYANSn2Tls4lQNu72i0BOBeVBszUaI Sw/l9ZyElbzoE/x1/7elpV3r4rjkJeUh6oRBknd/nENW6gakpFxYvHDnru3AEoxK
A1bEyVW7eOXQy1dqTkhTkF4YgoWbxi041p1E1hjGs3lkRuaSkbhW/JDJ+pWEmJwx kNZCTqyH7iL1Xs8RN1QUHILLXNG9wc+bIgrEpwmqqEAbxVHcmZgX/07bxGmYTHGX
EX598fgRN/fnedEElqn99ob4iifPbRWl4gk0n6Gb2R12yzx81U1AJesPAPzwDiPd tNHt3QcKaA7EuVTF2Fx5kKXgdeM6P1NaKgnOIArXHdfD4OrLDPa9Sh5TF0APOW6Z
rfp/JM69QgRUEs0ady10Xi/LOXehg6BBqcpVLPXtQykK1Vh2n2mlG0szjI2AHxWl vRvuG1qv9biI7+FMJBUq2TSPCVX6i4VM1i+Tckx18VoBK3fQdOmnc+BaLks4FQNA
k5EDLIcoBwUdp6UqqZIt2WOtP1o/KT6xvb7oUBbHTDUt5gYrBOwNx+FSAW3MEI/k ayKrnZBFRvr0n+aUPfb4pfBWn/1YFcJDKXN4Isqp+BD0rqJqXUi0zEAhHsJdjiZP
zA4zZRgl9cPTSG3Om5dd7WejVxw7YLCd3HULWOCYb38id9//QmEPxAZaEemEFslK dXzpKSygdjR8w+d26KKlky6HS5dBuoUA1cKo4kyMTBU7SRv5kHmm8WWKg02YMM0K
WAEwKbqoiFi2fkTPjZlV+4a3wor+ZpjR8itnknFqMkRGewklmA4Q1hH8cW4L+TJK /Gj1ApNrNib5wCoBClLrGS1IpeHNjCI15/mQGJPk4wF67GT/37JkDQH+hiWhOvdN
5OA1HI8vTeigu3vog0nd8wlRr3hy0zNLr5b1QtpAfv+m3gaqn2DjHNXHU7aYsna/ EvCEGqc5YkTFh8OTwDD+5uSLmNvSWdf9BFaQVR2RwbMSVAaUc6dggZe5qlmBqN4R
+fZ5I2Kx4ja4vyDcx+vIEOiJVZ0SabINF4hsAyyF18xdo9Ox/rapKhF4HZcTGi74 T3xrkPUADPxYZiP11jUJCFis6wsLP4bOEpvg0KZ/9r4+27UvUbmZk596ptB4I5LE
YHw30ig+ddtvtRrdpfuZKW8OrEVgmvhIc6Yj/oVc/lTflJ5BEZA/pU45dH3NLWWo Ck7Dwf+Hiiui/RL2RHfjPFfRNJX80OdMHjRz4meAWvS/0HlyENc2ruc7lt9dVECW
gWqivq05ncRgbqPVNJyjY6XBELWWonQesu0TTq4PGESxKGeSBE9h4S21tYNhm6Un K11KiuFec8zbEZGDBJcv4V3SvkpLf8H7zZSTER7oBONvi8uNsIaU3l6JdpusAfiV
SDm33C36ARtOljuvdELav8B1wqJNCjNU/PCPUI23txYMQP4lM6RkPWjNd9Z59Zpn UHCYJ8kTaVoT6b6h/9cJ2TufSfv14ktvdMiW0wJ1vKEyb3jE3fQgaHQXbihPAX+g
hgHXs4nF7ZWnNxEhnG8MN7D+kXG8UjBdQwyAGwkxUl0wPEbMcwkj0bmBVmEvWUFg uIIgYYoO/myUIITzSKjOINU9/TPgrs5M6fYDHbrZVDA964EDYIToiGFQZTu5TbyD
5MoJjt952bgNTa4tNu0UDzKg/eirLXMnlxgwE75ZHeMWYj7OJmDl27UDA2zy2o/U ojrdR9FTiuYuoki8fkTPJc6HicaY/rDyKvNlpINpa2jA5qSv+MwtLdLX7c1RcBFF
gU5j1ovrtdMqsLtd2g62ccKDlzDJCVn9gP6nN/KXhKBQRhLATgo6a1lmyd3GNA12 /z9pOHo7SeZiREWqDJZ6pN7bpAumE5XgLW1WGnUWBbtLATjqyOeAUnRbyXv2RhFW
CGizsLjg+UImbJkFUWp4eEZr9E7RcdJ6lC/Gs93K4aq/XbhJMdjfQXWLM03ndF9/ gHjwk6RDv0ScssPTcribodZWHpKo8jf1GzE/AxkjDXxH7ZkoXfuK2mTNRnynFhqp
r7Cp3Z7TW2emivxYYCk7airndOWeIdZrwxoACNTQ+6IeD0LSet6iMP2EiLRRgfOB 328FwkRvik2udbFKa0AXI/phsaVgffz335si9EYxEGa9VXR6K2ikZ1YpTNykvN8N
2eU6X7yMWvTwRYbByybrKpqsM2moy4IpMS+DgaThSVxVHf3RbFvIXPUmhRCFFkS4 inJk2YRXjVWp8zlsswNwmyEaRdsv6E5EYmpCTOxFD6YnHanV8t97X1EmWYV8Vg1v
lmmm2czKN9wUaBLKcmeynBpRaunt9n0uFyWJgSbekqw3cet82vu9MOPSmM2h36UV 9jaL+nhm8zrEK/R+sG6nM3Mvn+7/igG8QObvZfsmcRTKxjtpHX0aXgz/vuDACgR4
WgJDktehhr/gi23ON4kavEwGngVIvlq+Emm0SuUmKacqdaOmATxUhL92IA93L9pm wVMY3xSogDsg+azivtAmhCpkfpbRkjr8PdySvoY/t9FymrZjBFFlHYLsIsr32KKC
RvT6xARWsy0DrG/r362C6PDwp1fsTOQju6LkhFAOAvqDPKk+HOIjgBtkynHUPGwv y/cEwUm/a8yUcGWzDfDUWeTxpr9kVy6NpKhQopnVlVoYwruYEJFauHcXKI4htemb
8EN9Gx2SWwDJahAjPoz2t9kByC7PdG9qyGAAAEU6G/wXjshmzgw3jdw/PRmfSdNs VZuUNio46th+9sSzj8AMCpn0PDbVq4Q+XMnXK3seF2tvclwCei4r/pwudKum8ggx
gbky/4GGewNl06WC9c+6qN4ldDff+m83ABgWonCuamerjlaIFFbfBJEGX/CBz7GQ x+Z0pRpLkCn5tYbjgKedS3nDpTEHLOIRa2zACLvsqCbsNn05af11MTOVyRfUWkAI
QpfxuAEbhi11UloM77povWS5Cl8e0GSD2t2mt7E0aLgMT+L2TZXQx8lZmN8sWQq7 FkEq7a3esIoeIkbhjv1P4ZVnmWwK0HlmVdI/PxH39qJDIl7Oy9OiXQG9OGA4NRwl
cP6aK8FpkDhidLIc9fneWucvMH5BKXx8em3ug4Bl8MUABR4K03ebuTLfDH+FGkD0 HI+BvWMJJ234mBSUFIZ3N/nfmHl6/S0HE9RhCHgDBTqymCdLiAmEQQO+RXvehrh6
HNeqqUVBSzDveFdaylcw2HkJpm8D9BoC3Y0n/WMW5VE= 51ecm3eKdxurHuZKq/0LMFykxJH0RJyh1SDLwb3eePI=
C.3.8.1. S/MIME Signed and Encrypted Reply Over a Simple Message, C.3.8.1. S/MIME Signed-and-Encrypted Reply over a Simple Message,
Header Protection With hcp_shy (+ Legacy Display), Decrypted Header Protection with hcp_shy (+ Legacy Display), Decrypted
The S/MIME enveloped-data layer unwraps to this signed-data part: The S/MIME enveloped-data layer unwraps to this signed-data part:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
MIIPXgYJKoZIhvcNAQcCoIIPTzCCD0sCAQExDTALBglghkgBZQMEAgEwggWHBgkq MIIPYgYJKoZIhvcNAQcCoIIPUzCCD08CAQExDTALBglghkgBZQMEAgEwggWLBgkq
hkiG9w0BBwGgggV4BIIFdE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z hkiG9w0BBwGgggV8BIIFeE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw
LXNoeS1sZWdhY3ktcmVwbHkNCk1lc3NhZ2UtSUQ6IDxzbWltZS1zaWduZWQtZW5j LXNoeS1sZWdhY3ktcmVwbHkNCk1lc3NhZ2UtSUQ6IDxzbWltZS1zaWduZWQtZW5j
LWhwLXNoeS1sZWdhY3ktcmVwbHlAZXhhbXBsZT4NCkZyb206IEFsaWNlIDxhbGlj LWhwLXNoeS1sZWdhY3ktcmVwbHlAZXhhbXBsZT4NCkZyb206IEFsaWNlIDxhbGlj
ZUBzbWltZS5leGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpE ZUBzbWltZS5leGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpE
YXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEwOjE5OjAyIC0wNTAwDQpVc2VyLUFnZW50 YXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEwOjE5OjAyIC0wNTAwDQpVc2VyLUFnZW50
OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wDQpJbi1SZXBseS1UbzogPHNtaW1lLXNp OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wDQpJbi1SZXBseS1UbzogPHNtaW1lLXNp
Z25lZC1lbmMtaHAtc2h5LWxlZ2FjeUBleGFtcGxlPg0KUmVmZXJlbmNlczogPHNt Z25lZC1lbmMtaHAtc2h5LWxlZ2FjeUBleGFtcGxlPg0KUmVmZXJlbmNlczogPHNt
aW1lLXNpZ25lZC1lbmMtaHAtc2h5LWxlZ2FjeUBleGFtcGxlPg0KSFAtT3V0ZXI6 aW1lLXNpZ25lZC1lbmMtaHAtc2h5LWxlZ2FjeUBleGFtcGxlPg0KSFAtT3V0ZXI6
IFN1YmplY3Q6IFsuLi5dDQpIUC1PdXRlcjoNCiBNZXNzYWdlLUlEOiA8c21pbWUt IFN1YmplY3Q6IFsuLi5dDQpIUC1PdXRlcjoNCiBNZXNzYWdlLUlEOiA8c21pbWUt
c2lnbmVkLWVuYy1ocC1zaHktbGVnYWN5LXJlcGx5QGV4YW1wbGU+DQpIUC1PdXRl c2lnbmVkLWVuYy1ocC1zaHktbGVnYWN5LXJlcGx5QGV4YW1wbGU+DQpIUC1PdXRl
skipping to change at page 170, line 51 skipping to change at line 7874
Y2VzOiA8c21pbWUtc2lnbmVkLWVuYy1ocC1zaHktbGVnYWN5QGV4YW1wbGU+DQpD Y2VzOiA8c21pbWUtc2lnbmVkLWVuYy1ocC1zaHktbGVnYWN5QGV4YW1wbGU+DQpD
b250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04IjsNCiBocC1s b250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04IjsNCiBocC1s
ZWdhY3ktZGlzcGxheT0iMSI7IGhwPSJjaXBoZXIiDQoNClN1YmplY3Q6IHNtaW1l ZWdhY3ktZGlzcGxheT0iMSI7IGhwPSJjaXBoZXIiDQoNClN1YmplY3Q6IHNtaW1l
LXNpZ25lZC1lbmMtaHAtc2h5LWxlZ2FjeS1yZXBseQ0KRnJvbTogQWxpY2UgPGFs LXNpZ25lZC1lbmMtaHAtc2h5LWxlZ2FjeS1yZXBseQ0KRnJvbTogQWxpY2UgPGFs
aWNlQHNtaW1lLmV4YW1wbGU+DQpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4N aWNlQHNtaW1lLmV4YW1wbGU+DQpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4N
CkRhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTA6MTk6MDIgLTA1MDANCg0KVGhpcyBp CkRhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTA6MTk6MDIgLTA1MDANCg0KVGhpcyBp
cyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5LWxlZ2FjeS1yZXBseQ0KbWVz cyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5LWxlZ2FjeS1yZXBseQ0KbWVz
c2FnZS4NCg0KVGhpcyBpcyBhIHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMvTUlNRSBt c2FnZS4NCg0KVGhpcyBpcyBhIHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMvTUlNRSBt
ZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVk ZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVk
RGF0YS4gIFRoZSBwYXlsb2FkIGlzIGEgdGV4dC9wbGFpbg0KbWVzc2FnZS4gSXQg RGF0YS4gIFRoZSBwYXlsb2FkIGlzIGEgdGV4dC9wbGFpbg0KbWVzc2FnZS4gSXQg
dXNlcyB0aGUgSGVhZGVyIFByb3RlY3Rpb24gc2NoZW1lIGZyb20gdGhlIGRyYWZ0 dXNlcyB0aGUgSGVhZGVyIFByb3RlY3Rpb24gc2NoZW1lIGZyb20gUkZDIDk3ODgg
DQp3aXRoIHRoZSBoY3Bfc2h5IEhlYWRlciBDb25maWRlbnRpYWxpdHkgUG9saWN5 d2l0aA0KdGhlIGBoY3Bfc2h5YCBIZWFkZXIgQ29uZmlkZW50aWFsaXR5IFBvbGlj
IHdpdGggYSAiTGVnYWN5DQpEaXNwbGF5IiBwYXJ0Lg0KDQotLSANCkFsaWNlDQph eSB3aXRoIGEgIkxlZ2FjeQ0KRGlzcGxheSIgZWxlbWVudC4NCg0KLS0gDQpBbGlj
bGljZUBzbWltZS5leGFtcGxlDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rO ZQ0KYWxpY2VAc21pbWUuZXhhbXBsZQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0R
QlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYD OZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjER
VQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZp MA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2Vy
Y2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQx dGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5Mjcw
OFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMT NjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYD
DkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA VQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
mpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB ggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg
8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5 9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07
R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJan k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74
Z/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9 zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY
yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJL 9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r
AgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0g 8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcG
BBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1w A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5l
bGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQW eGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNV
BBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2 HQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfx
GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD CShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRG
5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GD zJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5
Eu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8 AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5U
uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K zpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGn
9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpi UZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19o
vNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88w WZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgw
ggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTEN ggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUA
MAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBs MFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhT
ZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1 YW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEy
NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsT MDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYD
CExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcN VQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqG
AQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6 SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l
WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZ 078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6
WleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CR uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEO
Q/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3 ls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBl
nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0 fkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4Ku
nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAM ElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8w
BgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAV gawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0R
gRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud BBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAO
DwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0j BgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8G
BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJ A1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IB
ojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnN AQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAo
vOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSi cCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoT
oQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4 WgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2z
z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2Z L3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF
PRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH 07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSr
4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAP JNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRG
BgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRp MREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBD
ZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFl ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglg
AwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X hkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ
DTIxMDIyMDE1MTkwMlowLwYJKoZIhvcNAQkEMSIEIDUClbNj9mKYodH3vCGfNVpZ BTEPFw0yMTAyMjAxNTE5MDJaMC8GCSqGSIb3DQEJBDEiBCD7w9aychKiKqa6/sht
jSSWg3QZ6u/dLxbyfbvEMA0GCSqGSIb3DQEBAQUABIIBAHqRG2dp61WFSKrkBcj7 F4TUlddh7IbF6DnI0Vaa95yhfDANBgkqhkiG9w0BAQEFAASCAQCEsnuIovDVNOBB
sVy7SmsllIQUOl3EO23T5h4PcL8PjggAJi/GHWaEsGviQEdS0QAbljEnzd2wjgn0 USthxOARiNhm/IrfGyx0uYeIMCR2K+UZIEQ2+aeYGEYKh/2yocr6VfauX0pK2prW
QDtLBAfpQtQR0byQGTzpg7y9Lt5WnuxQaZxsBPvENqeYSFesUVlW1JrJGXcqLH7U s8bxDewJdOVgw13QbcmgyhOMg/5dQLh0pTcFx/5b0rYQp2dLwpFIOzUrFnycGJI/
cu1+bdDLEe0p2ITtazvmgJ5NvoHkucBk1v8fwW6uliGJCZC0Gf9WJDP1qay2Jexy 6qo82knE2ch/7NMWtKB7Y7n9xKBXTC6kD8LwIrG/li0tSyrqcx/LUODNznTB6xoV
/TUzmr2Egnxq71WlAVql2kfUOfZkgALFRzhaHtonrST83I1sLK9ZxB8ZX8vJX56v KwNJHBOJiBiqYQFHoH3wyXF7nw3l5dr7OTSpAt2A/SplGSYA6cKzvI3XcEZD3/5g
5hHRzhuQQyAVgOeVz7skKIb5ODfBHqJ1vEzvCjf72BgQLYGEzR6hmPXW1Ml4vXtV 9IUQmkPXIZPWnBMigxBZX31d+R+RRwSIt5gDOzwFo82KnuHeoDtH0lOcaxXd3ocR
lIw= TucFUmr6
C.3.8.2. S/MIME Signed and Encrypted Reply Over a Simple Message, C.3.8.2. S/MIME Signed-and-Encrypted Reply over a Simple Message,
Header Protection With hcp_shy (+ Legacy Display), Decrypted Header Protection with hcp_shy (+ Legacy Display), Decrypted
and Unwrapped and Unwrapped
The inner signed-data layer unwraps to: The inner signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
Subject: smime-signed-enc-hp-shy-legacy-reply Subject: smime-signed-enc-hp-shy-legacy-reply
Message-ID: <smime-signed-enc-hp-shy-legacy-reply@example> Message-ID: <smime-signed-enc-hp-shy-legacy-reply@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
skipping to change at page 173, line 38 skipping to change at line 7970
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:19:02 -0500 Date: Sat, 20 Feb 2021 10:19:02 -0500
This is the This is the
smime-signed-enc-hp-shy-legacy-reply smime-signed-enc-hp-shy-legacy-reply
message. message.
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft message. It uses the Header Protection scheme from RFC 9788 with
with the hcp_shy Header Confidentiality Policy with a "Legacy the `hcp_shy` Header Confidentiality Policy with a "Legacy
Display" part. Display" element.
-- --
Alice Alice
alice@smime.example alice@smime.example
C.3.9. S/MIME Signed and Encrypted Over a Complex Message, Header C.3.9. S/MIME Signed-and-Encrypted over a Complex Message, Header
Protection With hcp_baseline Protection with hcp_baseline
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Header Protection scheme from the draft with the hcp_baseline Header Header Protection scheme from RFC 9788 with the hcp_baseline Header
Confidentiality Policy. Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 10035 bytes └─╴application/pkcs7-mime [smime.p7m] 10035 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6412 bytes └─╴application/pkcs7-mime [smime.p7m] 6416 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 2054 bytes └┬╴multipart/mixed 2054 bytes
├┬╴multipart/alternative 1124 bytes ├┬╴multipart/alternative 1126 bytes
│├─╴text/plain 383 bytes │├─╴text/plain 384 bytes
│└─╴text/html 478 bytes │└─╴text/html 479 bytes
└─╴image/png inline 236 bytes └─╴image/png inline 236 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <smime-signed-enc-complex-hp-baseline@example> Message-ID: <smime-signed-enc-complex-hp-baseline@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:09:02 -0500 Date: Sat, 20 Feb 2021 12:09:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
MIIc7AYJKoZIhvcNAQcDoIIc3TCCHNkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIc7AYJKoZIhvcNAQcDoIIc3TCCHNkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBADDPZm+dVU61KX+lmXLEuKI+W/hu1Uw0QmHq Boq0MA0GCSqGSIb3DQEBAQUABIIBAGPIKUbO7uaza7TKuUY2av9QvGOrh+II70JF
Vi5HfM9uo9AMrXVl7PG2YzA75ItxhcJMjf8TwnKlA0YbrwGnhJAodi9MHCR+nqdY jmfXtOq2FRJynyfRCzQtOTh9HmQiuv/0D8oNXyiyMvPZEXbXc2IECoErnn8dCN0j
A413rxKHU1hcJLn8oWck8ypYwzs3NBDJi7F+8aBmfEolG8xn42o5B1FlKCnKMlNg fpq06OkYn/tpAsUDCLXiLPa581D574tMwb74AZ2AULbEv7TdNT2HtddFA3ZQntsl
NBTQpqruLd+n6iin0vGFPTJV7PBDdcE0VVeqiIoDAsZaTp25PYqEKSsnCO10zRF5 8+WB6KiHvr3Q9Bwkf0tyj+fUvvm7MeIn+i6PmdlQjoYyBGzKsYj/dJXFfNM1YHC4
8v2BEAX6h8EpjqE5PX65JKus2NAjnJioN9eUjCQ6mn1XPBw4UYJEUqc834+17HcG GNuHvUM8flg4r9yUb7QkjMmXksY5CUbVb+FGRy5tMa0qY8AHeM7eSYdu04rdgBaW
FjwDXIoJY7XuSNd2brm9JFYSmlyR6gzz3bRgIUqWYgjQhqulCRswggGEAgEAMGww PUC8CP+QWU7lau/XoH6Gq9WTgE88fEZpdiaMPEsLXoc4eDuWRxEwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAmxXv7vLaS7vcshZyoM5wgRsY HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAOLJlujTXnL4l2INjDQAwOHzd
IUF4iPK6n1BuzbCZnexPwW5TGghgsO8zxA64/hzzqEwbVneZIfcooIij4bdQZx17 h2yJNC1q02iZ0VHyGxsA8Q0YTHjggbCB7Div5MxlAyAKZ0URNwDkPpkEmlM1l0P8
nbYpLBCC1Y35+gtsiLGgCyUvqymH9jg7znq617FNqgD6v+Oui7OF4ZX3t072I+4I hH1N46zT740PBerrdR4+tCHoxExhwdwS7D/5gh/5FGZTx+TqLswH4UG9hyVT3fWF
HDjfFLryn939vUwMpmTPUQ5Y1ZqKTNjM2jdDQ5/lJ5ndGYcC/wi1hiZt5mz44LvF f/bEXPTaTpm1SwUajnJVsBNwhNxzXUR4ANzCIJVStWsxRxCwv/U2v77oCZkmbpY5
npGAXXVRn7bcYUtDRsFuuSmHbckCnbeI4C2yUOc2G6fmyHuOnpy5LL5US0hODca9 yGz+BeLSx5hXl5PbL0AjYiVnMHPx1DeerBU/4fyxLRBiO+2LpouR+K7NjhmDh7JU
pMV9dn6cJH5T9bksl2eYiPGS9CrixOL/U+fXHmVKsyzm5cRU/CB3rwUDnLen0zCC 6DQabdXzyh97AF5uR1neBztOLx6VLbFh83XbeLBoRh46WsLrFP0HuggyCZV8+TCC
Gb4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBzMZlGxbLgauF9sIia9KrGAghmQ Gb4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEIYh3k6aQwiv/CB/9ZJiM1eAghmQ
avkXlQ62LNzHi7NtNtPLsiqIrji1UwDWe8cYPupsu+3hxQZRVMDHjC1ygNsK8BWA WIC9ITS+o9nkZZyCWgZEmdcygI7lzgLRCP66EibaFTqKmbfPUbcSkzKz/yQgTYut
P86t5gJaORrI4AvyO//4bEzZM267YRWiC3RgxM+p3DB161vETc1cXjZu+7qKJMdE Y7KBMXLh1O66qhEK9HzUlShfQLtt5G/+FI+YcYwgWY3W50HHkGXtAVfFi6quVP5G
LbSH9iLue/iNi+xQxD0tGYVzuYPwHypts8br+Cs3Yda3aWK1ipJQUuCILbDCGvl7 fuJEHx7yVl7KCgVSqvgG9S6inZPXDHONHEo0GhpKRvs0OLyVpR9NT7ToDIpLMihT
ZC5eizwGufBEhje17iJkgVDyU6sAY10E38YFL/saDHjtryJLp+c0cV7R02UEmDPC GwxKw8QtvmIPkp3cxt2zT8+6VZR+M0DsPkqKTZcP+yFd1ekvifdB+TEdx27YO96h
Jf/BfdCknCdo7gEu4lZitlkcr2T1h56IAyK46iyPLXZaZua5R8He6/MEdC5Ys2a7 0oCJWxzkKYVqHYHBmI9Mn16p/I42BaHLqL4q9PxlAZlAxG030dHUrVHf3+z0nARC
gw3FwSgzjUlxOzIRtGwCqDk5dc1Up7PLOmeZ5PLaQglwB8fXYDkv9f/T/Sh0uJ40 rTJwolgsxtrAYJ288okEeZUgI4Ia3j7/vSXu51k1ZPgOiui0tw/rOxpHB/XStsJz
xc/pcK5yjrcpFr0pVzcPVurzBpWtKwRNjiRnwFGhJafPfldxJf96WtgkkZcJNDmW qC7Qnhi+FU1nw8icx9d9WzzhVFuY0Qcmnvk1xoLuSdDYCVShUvh13punCT+k6/Zo
11yO5SwWHRUd5OpVvffdqipm88nL9tVfp31Jy3jbFR+7XTRPUy3QJ1l7d97aO3p+ T2HGqqO39+NYfZBi8DhpefyXyRFT47YB1Xyi4JUa8/e8+9+JrJdzpcRflYPED7Bn
aZLKXhgvMWN9R1MzqtF6wihpmPccLOX3Bd8bIwuGFeyZA4FR6iXicdql7nXWDSzw +tDz/OqQOGY9G7hNS+2BIXmIBK7QlKQo6L5wT29MjpQ5fCNh5m+lpCPPP48zi9z5
1Zakfbe4EbKRg0yrRb9X9iMaUBoScwByEopp4jlGex0hGD5omujbvrd/tpR5amqN 7duvKwRM+nBObxSFdFhpxr5A91n1OCnd3ptb5XNaIoNQ00COFM5CUYDTn6aHr30A
Q+cY/J33oo8v5auCWQiBdr3NK9jG6dAyfXrhcvpVi/Ay9sSMGewApCTXkRRibbNS QK4xKaDX2ktEKwIVifziPtvlsIHEOBqawn1C/ABM7lW/7BRDRddzs21B1IOfS9aH
jY+2szt81uo2Nfp4FWr36rfNmE7KmBHXWTs9U7ZW5yYJvBVG9VZDGk+7vt/KxNqh 26bcy4vQw/+NSemAuREIOlhY9HAlDTgY29ogWot3zPE26TRD854eyi/ETKnh1x3t
JEXdQlW/g8XmuYDqtnx9VL+vAZqHvKkBqvSZqsTrEhOIJ69e4wTu+2/f5Kv5DYlw GlxsDbEitSoykXpuBHncmZeFUyGO10zjCuzDwlMyf9D8zHARm+65Mx7ViKa3XPsv
pas+TKxRN2VZgGaLx10Jp1OTkyY846t4iud8pVR1v3MxuMSzS3JF6R+Ynk1uTmtD 8x7BK/OhYbqSSQDthDtL/El5icm9Sl/yCZijnVIldPqa3jmPM0QfEy3/Liea8UTS
xD27uKFT5LwS5+jvLOy/a6zk104pr5SvA/EnGJrVnODO+Rszw2JWxRdiE2Cejk1X ODaJ/tyJ3pV9SocZf7DBBXUhkHBb4fRrJKsK/sDFh1CGWFRL0AS+YhaH/qs0NNbA
zXgLIdDvRF/tytRNN2UOhypvsdkZdjRT+MrT26ypkJSPEA9a/0LdiylkRJuFW0Fh 9Lns6XbbSC/4iV2IJxoTuJoZ45+05f/q5ZGFgO62m8nvgMAQV/eK2glVa5/jWkwG
FDYIZ4TljFMkedTktD+O38TNVFE42LBF5dTm/ATz0Be00YQgRC+QSE6O4NEnCZhX lMn6X4JT4wv+uqaAqJWm1Mlb+9gdbV7nM7VY6th10Qm8Cm1bQdvlx9d5MSkm2oK1
Xppkk1sFoPJvA8AAZANQyZ10wQuFZA/8S/6mJ/15Fh/pr8c/NU4NyM/vC1T6Pg5f /LwSCnf4riZW437lCBucGpmmWcguoQvokf9jew2nzpBf+ED84hEtHX/IiAvzZlHI
ZMFx/anra7iUCSyn6Muo7t3vyevh+QX0wn6aHWWe90NPsuLFd25EDYWrokrPo57t T0IvB0jMXd3j2Rt6h7HuhxuBgTb6ZcTvOfoGZsxRMFZEz6niVCq5ob0GjfFO0RNb
/538uPU47RPCRKtG0tqmuNplh/8HshhP3e9082WKPyFaFixGaVVmhMjzU9+CFGQa v2jCLAQ0h4H9KkpUZxSTKNSypxXIBXyWylQm407WklCLZJb9qkXKWaHswoFGIYmX
d6oJag2uudjv+e2mpwX5Zm4lROlIO0QH3ubhaHz9ZCU5S5Hckwb2yIvk81gFqmm3 VqpmNTsthLgou62KeVssCypiASBLo2fVbJwhkWVHiaqOc2KxYiFecesfyDe4S4Ux
/ykRWX30gl1J4tfb4+WpbcJWYsckwc8mvGizDEQTu6oStblDBqJXzeB+PdXlLZQZ /OluQCDbQKdSNoj/nDX7oFF+iTCCVFSnEr/6ihskWCjnWmYquOUqSYOzZv161F0Z
xsbAc6xRFyD8CJBEhAEzwQ/y9tVG3hLbNhg8IQ1XMCrVp3EypwDRdDEIDnIP2HUS ajOU6WcUUVkycB6KuHPgzMQqMLbHFgJ8J4lkO9IMg3GYSZubZRq+XnwriAsnuZQX
Iub26/ZnAXwzCT7jt5WGjsM73XHMruiL/4nwSGv+px7Zw59U+D7w3bxncqaJHUPe lpNGh2EzZdjUUp2f7U/FFNZOCVAXinaxJVVuRszi/1lhjNs5D5ZbMZdfb1tWuZ9F
jUxBIJadRSUkK0UgIMkshAQsCB6GyTcvddolFZF+keE+cyvn1wKa/pUPBYh1Hwmy gSRdDvFsnAs2Z79cMD0fowSGefBHp/JmNctqZvGaknvOkwuees36nvxIe2R8Ggpi
LZ5Niko2jqyuuufTAgB+u686Z7c36E3N+1xGUS6BQIoTKulEXmuvCdwC1xjmC9Hi HsrgyXWfsJMX47Acl2IHWmXdSBLWT+RG4yuiXvKQ2nXiwFWr1LgyAv7V4RX6oNKZ
uHKb8tvlFaHfsp/Ilo2v8GgIL+pkJsZeHww6cM80qtuJKMMGz35SMdrMbInYK+4U YvnQbDx5QfjZuBnBRW1tg3RA6DfJaeacZJLXG/fTAB8Mfi9xMHLXOm0Wrbsjz9Ml
OdijBsBB2tCk7m5aRn6HVff14RBZDsqN+5xtuPYaE5Wmie/NMTOlKhvuc9Yp+Xl1 Rn7EjvH0sHlXvos0ayazwQppzynCn6O1MNxVqZpU2MSWanSshllLB76zqZHPNMd1
rvIe02kKZ5FjPYW5BQJuj3gJl3G6Z7Z9qrEpgqK6XtkMvEjxUbzd5PuhFDklPd9q mM3Qy3w3q7aN/6pI2EPraFTtbNaMufQ7fTnxeLGs6pBgZjBqGl8AZ+w6Legs5AE9
PbXD48D8LO3q1rLScuHgrRTaSXy9XfYRvBaNuGrGfD07ucM9LqS3Ugu6MPyV4wPs k+tJpmZbaGGyhOW2d8GgYW347y6ZRfRdGv7uSwkvE0iaJt7//zLChnBBx6OVAzqd
2bvQkybHmuav5M+szPnyUVnYvS9LmPlCg3IX5YshrCyVYz2w6zZRF4J+hI3zIkla fFztNGDShQtJ4Q+nx6uKt9D32kWFsvS6aDwviqWE1oBcStBSNzrDQApVvKUNksh6
huJgUoGumLSlea7qTwr1GS2MuaUfe5PZMn16qOaqXTMk68yEM4ugI9a6O33MJK1o P0ORT/hq9QQHM6WnRH55L35CQzyj2UTlQ7mIoZ6C4Iibavx9Ln81SnErr0IUVIyD
OTkWQvXFRQpb36NWAVHx5rGlk5+LG0idxGFjyI/AUcpoe14h98QtYROjas6UOIDm QGdAUYtvyvVcc1dgLSPlSw8AIr93BHs9tJ2r33gmpgQS1CZT1nMqjNj+H73A50Z8
/CVjFKsrzCsyWPjlxL1mLoe+0J8ErFY5X0ZHGYIP2AvgpTMZGReC9X5FZKeAs1Ny lfri5Dz3fP8LT3RnSIfSaxaw6yYTOysL0P/3M5P0D5qFw58srJjq8Wp/NueZKWqH
WjiqUjjsxW7f15ynVpdHH2Z7M5rZgTdClC+sxn6qPq2uaOAGeMY5hQR8MfPX+aWk +5vBpgaxn/pIy2xYSiSsP4o9jk9Yx8ptRBh2Sw3xeoyuLOsgzQzL9CqyncgAaGP4
4I62uThfl4lDECunGX22nIcsgpRfuW6ylmGlkpNZDNGf/ngrEkQEj4uK7CBx75Z9 W1aWsLziQkO2klzDSPaNo41S6w4320EiM7Txi2XJbsnmKq3ad6sv5yuC6sOSW620
jNubdl+HYWUQEEF2I+Gp665beYQuF4tpmI2Bh5TTFyF5+0Uj/DeEB3Ol6opPG29i ywMHL5PJxG+iFGuOLbeb9zgoxhDU2nvzjOApgZKrotf2Nq8d1K/x1taS1gQrUVnf
b4+cuKXFbF4F2ShtKqyO033vVeWKmDyB1TfcmWJx6Z/feQKrVRKJsOIp9KrsNVYo hS2M19ifp9ymmZqm0D/wKuvfnSkHkN8pizK9CrpaFzUxNk6X0d3+pqQUHQ4iPBJE
K+xBtHHnnPuJiQM6HUsA7ttPpTCjQkMWz12trAvGOEcKaXAATfQ/upTBuk3NoiAo jizY5DUq5AECn1qNJ7/UONjnneZcQMNArfIXzYDyDPNWjs3uptM56AOS3fRP6U7g
q60bS80irMm1/W63hgPILubiXlMF0H1pQ/1k6FoxJfT8jlcXM8xyNxufux0O/uz4 lXFgyybC4oKlTo9k6Vx1VALOskWSrT+WtATUMcGXfD73EuqJVpjOOWp4ATiaqIsf
aTStfUW85RzFBa98hoVGJrg/bKXH1Ffc84Z2cc7VMqsAZZcyKjzGIBso0MFTMN2E QiXuCB8fsbFxidjcm2tJ3A5k8NKMYTdBOYhEzHKDRk+rlk06xagghXird0fJ5rx0
JsTY0HtF3hzUcV/KrEU+4m3mSSauUpudyR4yLeFmPN5Fc4l4MYhh+vU+S/k4AQwE cPzNvZTcSleLXKHQ8elHAo8NYF+dLaXIrxQoghAjZFqCp9Al8ksvoFUbXVVpaND5
QChtthYZmWcmhTu3Nmb8IINWLpUT8m6upYy9/YlVApQP4b4HosKdFb9ZTW8FXhhB 5bRMaaCVMOPXscSORTD/UP95kDstpywBQVC4GjILK1bZ7n9lfKMRuT/3lqqJiW5j
ASzt5f4G/cJhw+V2TahvFNyWGMskArEOsrv7Sg9GNRv7IBSGCB7g+c5A3cWBWGt6 FTId9wmeelCWSUtExyihpJBsBKro900+bTZHOp5Kai8YPjPxf5PNw9lFry9bPFXA
xIy+HlHz2wxaIip+A7Rflw0plZjaxRq9hCtMEXM7pq4FK6MUzs+zVR7ZjFD7Xp15 PbziUOVwYXj6EZMtzZFNu0dw9ddsyZw3ZO0RWHVErBMR6j50JkCyBCwbU4F4hcGs
SBlLkr9Shfo915mGbAvjT0/zNj87yPu/6IiZ3BXTF4mXJFh8LjRSf3WaFLmDGeZt KkyM34GQBrrtCdVWsq0t09rTzFXj/D/oeTegveQelRhAeNWkIl0z3HOV0c7HdM5Z
iX6y0U7wsLbkGLHOHvwMDCm7an8fUyCTzpOC6RwiV6gT3QOFhxj25OyTzwIuETXW w5dYd0wlD4pBOJvLiR8B4/9HlSStyuVEeu9Df2qsXdbhnNrghY5KP+nPUOpJxyGe
3oNSq37nLwZxXzj58jgsDcjPysfngGTld7PxDzRS3BOIk3YbDhCgYXYsy/Z43zmD G9NYxlylCc+b0jMW4gzMUOf+n7vux4ixKqsCfkG/5ju4dgnnJqAZX38dsrL/MaU4
AqDqdoh8ab1foLtuiFbYQC+Ons9eAjbLzqdRzXJMyzKWQXkmzNM03TYx5Sto+G8D Kfh8skm6ovp6RTBggxQ+js9tG5g+5Qee9y/uq+uKzGic2oOIz0LkXOwH9k70Sm44
tkv2bPbImfD4ElirDT7nquY6hBG3p1O7qUiFsOjq6RS4wb/v8TW2NqXwGoCplSHK d7jlzOsIRG3qeT5MnY/Teq/buX86kcjbK4h3G6u8haDt2QohCFOkQ5elffeZCUKk
zg9MuzT+srDCY6qSAePqy2HZ3JnAYsk3Bs0oB79yWYLXkYzgeMZADP3C+ees7oK5 /da/WyQNUv2ERmgtfZCnXzafOCnvkZayhBFfeo6rYlbt3S2kJgIjgfwgPuSl+wZu
sA7X+LV9eA+dIjRSdXsAlnzviEhM7zSq+82V65GqcvNNFZYqkxsli67Kciy12XxU XV/5URoKKK4RcVeY5pcqkUNjXhLTlMQXnC3Ahw3N+855qbqxsyeFTtS++Y1htM4x
pKYAc54MdvrJurCWVp3tWvKsqwdXXlZyrx3/a/fdzsiTD1k++REYhRTEwGkyZsK7 H6Gu/fewKXFTiSyzhyOnVbpo5Hf8gEnITBiMa7Ji0jgscZ4YZyyt5X50misnSRYz
okSoR+ZkVAIRv4vto69DpkPmUX+M+56Wn/nmV3XZQ7IQ5CuF1XutC9NXF5mvnnnI Mf5icnM0BKNddRTRzN5UQk82lKYYoqam2fMSWMTdW9SNvdSPy7B4uX42XVqCHz3u
jIAf9HidAV8Xf3+ru0WzMxGzVtkW8qzz5jqJtDpYIa/IJDRC9DRLWaqJ6a3+c7B+ 5rS//1kasqSNmOeOhVxn+2Q3/5AaScU9c2MCu2rqc3Zy1eiVtUYPDkR28jDpGHue
zbqggQd1Sikha96oqoQOC6ulcjWt+MuFvzjcICERkjFpCAgsCAAt8C1a+5ImnlDt M9UtHfOoysd0l65ihmG1sv8IEpPpVUq2qjIL5FI9Mk3IX3C4geYHf07+85oXV8f7
VNfZwvhhnfICwV2BRQDZl00flQwJTlSijK3cRO0OcgogL28a4ydWqVDO7Zmp/0bs 5QKlJ86eCdJ1DEzcN6MPOzOJ2DycRyPL1wSGBmiZ9x2PS/k1S3N3Qh8tWJ7KTzFR
CRUckUdhmLd/vq4ctF+nsRObmtYQ8+By+QoH2NmWkiIyKatniZLBNnoWmQV4rqkz od18MSEm4n20F01yWHX9fZfzlXH3NIJJTdw4lPUW73lxfrMeE4/j8OrtjQv28aIR
X4MJxJlQkHznpxxYVJNvvBmjokw9OFeSkwfoAEWUzIi3WgY2TKAMI1kKj0XCsPSh iHQ33hNVXoHaGO3Ws2iEZweYRiroUk7wJXBx+K9U8n9ZuvmaFErfX5uXGcsM9jxf
eFcnh7+HFHGACmBcpJpO7nWQzbIZNQzXFAdmI/jLTJ15SfDiJi/xfKLb8i6Vrf0q MbY2/DtDxqTBoxItK7s5cThwFm0tcFfM68JmyqunprH6A5iUikm0cY4Hkz2xSmbo
6tk+90HRy44Mni6wCvg8fVJ+fY/UHGpwdWc33r5W/1lLJbo2QugsGkNBO0m18Mz6 vW1DYK9/TQhhr/axl+jp1jr8pu1GXG0fbfAT+jc+WM2SJqwnrKgAvcLCMs3QeXe0
IerbrP659NsqYgfXf1GzXQ5ySkkHL/YB0taljpMiF+MYTLbGu/DlxMG65nGyNADD 2piT0pIWG47aIrAjr5iFkJtBsc7HQEh99zhUTPE5rfISvr5xpPi1nhGTwG4PhGUW
wbTOY0s6PeeKKvc69LzjugHlA9hgFhdGraNq0LIjX90POOkWbwFSmijELEgbbspv ZSvBkwOcn5BjPqcBM4selB3B1fm4vVcy2Gq+wd1LPhiYSPw0nQrHWysxljkOBbmZ
UI7Oy+0z8iptfSN9P05V5blSYEx0KK7C96tKXcJgCmZlTnuOHJueoaUW18s3lBPk ln/X/XoBb1/66MosPE5CVkoi5B2kpJCPMfAIuyQEqbH+RGPWLpcg8sP18oQU6HKl
WFX840ORfcxNHxVn62SQZJLP9fmOAHW5w44ZND5n32U/U7gqNxPZw9bbhsIWufjc MB13KYNEKOT3o0Yeq1OLEsc+wTmu+zkCJSajRtWX93TtLtjSo7oA5cSgyjvcFepL
UsHZQns2Zoy9z+2D1f6zXRouU4DxkhJtLZDubYqyFO/yuYeG7P/1nmIzcmQXUX6J tE0CvyS2XVwL7luU7cEbOsMtJRdtm3ZmbqTp+zgbJch10DIc8BN+EqkxOwL8iHuv
G1BSZGcoFAuurvfJOOCKi6E90pmXPFxdOl0kMMXWFdnDiAa1ND4HpWKCo9SevZsx JRTv3gp6yeg3M/3jsz7HBMeVPqrrTWWaAMRd2vX+RfoxqPRD13N3A6quD61iXvi0
0dxl6xFbBNm+ryjTm0pqzpHPo9EOwUdkol0LuYL/pLFE9t2LlGu20ILRp/gZsN0m IYeStHLMsLKRFzLoxc5dpDgxXEqq4UoEsJbLilRqr68Db95zS+3sqAomgDela1fD
GNpTZkP3aNZ8y9tg/IO4DbwbdqYJFyEKmZUjxxdxyBNj4TW4Ih/HisVfsByRJn4e Gl3BzdH95Okw2fQuvuMTm5XBEymrsmFxbyslVb5nX3jKoM8IGHn0qiIDN1DoAu+i
yMGexDmMrxXTetCfMAISTPGk00hPFZRBLUXn0kOgefXln25xk2XqpgHFqKF8zSHk CmJxQbDyJ1HcyI6HjTC8jfyp6DT/eEwnKzahiopMemQXBYDQ8tgVhm4IkM+t2gG2
9Ke2joNowVQjqvxJ+0VYgX0a+JjNS/x8p6g32HH6ajzHxQDzV9VFqHqdiYFB+ZkI enlGVK0lrubR2EZJ4HQa8adhNjGxf2MkzUfh1Effmy9OxpCvShnQ4xp/Y8JT5B2O
6ZTSLZesnOjxDmWYH2DQXJLwO5FBeioLJniUq3BzbVcilEZg9erp9KCuM8dZ6mkQ 5SduazYH2llyjyP3CtRPa34fPPE/lym6aniPs0R+bRwG/ExVqhdzcNnp2QCJRVaf
olZXmAyKG5VSr5Fw3NFTCtFZ29gFAbkmAXHannZsGogAoAOTVegTgR8m9+jNNElb hZB7ORvIx6qux5Hf3wdb3HaFqmpH7PH4Q/r+QPk8yE3xtLyjBShmYrx5NfRfBlr3
SBKUxEny1EUtLlH4KaxDZqzHQtwjLldq+b7XZ5QsOG5aoq7UhbpkQboJZesYtqEv 2HpjdBCtNlVmaR7yNy5TBORO5ihkMZ4nMXzcP/GJ3Ag4e6kmWZuHkUBo/pTmBBRa
+Xaqccw8InSNzUhXcgo2Om16C7OuxlBhF46kxcccmWj0G2sKAL8t4tp825bvJMmy u15Ybtz0emLNYjMiWgFgOXMXxZVpuMwiSmxVj3aJUjMSAp+F7uVlPOi4pCm2/4lY
fE3b+DH120zVQ6AfX4ZRpjDk0Xxc/5h3SX2CmbkO5kedoJrh+USO2uVYMT/TAaww dBDoU5xZ9nOrijdXm/YW0QFqwOKoMNFuwlx6KtGBMHUgxPeJUlN+oaUgnjomroGS
BlbYwr3R0ikSF7dZK07vnDsvXV1MDZ+6iQHnLkXRmQxMYvcMoyp5uKdSca3hb8c7 ZhoarruT7G1NyKSotBiaQkDSEkSWn0WnjcObCdedLGJqkYGeeadITiRWL+zxbDgG
lrePfaI8PG5+RQ47JbYjjg91cRzA8GC/l70KU0naxalgvf9FSsl8PLCjmCNuoS57 XaRTHuiX13avTwapZPYfD81dXMq69RHfhNGr5rhU9eXMowKALeoT0uD1bzEQvg3M
FB4+JC2u37iGmsDu94eUODwwzrBxzM3I6HZDAlhqTrABLztww9E/+qc43F/L+mgv r/YDtQE53Ysfe0ktAs5Vn5w5kgFMeHxb3B9DnZCE6DK1j9qU6G8/NGe8Ev0tihT6
ndic5HuFseCHRilbLq/SrQdzWH/t7FYuke9mwqJ5fMozW/TGIGJy6kYcMWx4NGcs XVbhFovfwN66igL6MNqm6pBqtIWImVAPeMp8C6VL9EkvcFLRUDSBo1HTPl85UPci
Sgq4H9waeqVdpUCYi2rnBobfxwPp+iFzJLFcYyLYjKB4lPAZdn49PIO0o2cXXMKA DgJTERFXiS9GmR7Rh9bO1JFjVwMW8DbNwimi+6LZiLA9GtcdRMFG8V4usHDV4OWz
l+B5qMwIumPe5tx10ETUes8wW6Ma2BuuRpjX9YK/mwICAyOCmrUQ9P3hCaKdvkuZ Yv0cjLv94O3QmXZtvcUjBl716UIngAx0bLlZ/kvUh60xo4hkp+FSdnH+R6+XfDG2
oW0h9bdZutmK9/eByk8ecjc1aYLuFcAzuLc2UHNhvNpqDntEhcxFOLhgO6FBQVry 44YVX0s5Bnd6xMaxc6Wm8FNlvDYTmkkqVmn2i7z8EaSuif/08VhNNP7sMFodG34y
n7j7NSc3tTR/PoyMmDXHIubDi8ACm126ju5ioyVxep7/DUzfXAAXY+XI1VkTlM+D yhmhtVW3fkod1G3CzeDKDVUuRLKOo79BTh4208GtNLOQmy6iUCxnjAbmgc7LIfzP
xwG+OZQK1hl6OOFqypmjEhcALxUcD3jxJcmnA0OoYNV+j+CQj2xi+To+fY1gMTT8 J2euFeMD3ysne9tVK3h9J12iBUHEvlpeYVew/BwcnbZgBenQO3PlqfNRxW9pBMQF
6BCg6dT2VwAJoYVaOzBFnFvQ219OvR2EFWnJuLBg28XExos4/4MS9Z6t9thWcu0J rtrv3zeov+H4l8QT8wnOthzTmDQUEu3BYsbyZ+mwKs9Dd31qNvZ/4oV0HBoYjfn7
uVoDVjkGdeQcyuG3Ey1YwSnKxapj+ZtQn7m7rR2YTGndDqVLypXZn0SQyrcamlgD ETMLy0cFi+L5wfjxHbfOOwgxlf1/cH4tc/0moxqFtsPDzt2kUzfrTPJjaxui1wz9
C0/+iW7fbnUevaruDyyXaz+Mlxv2KCPhP62qeAInbwWMdxkVBL7cWLymUZb6i+A0 AFnAR2Vpww4xITn6nZo6UJe6BMAD2TNLMnvA5EFWNXJEoUzbvOQ8uJkfJhLEtCpE
HkraXcLbadGGjmd7sgoZRVDQzxj0on1B4iIgWigZ3RS+4QLf8L5Dmr3tnvslyeG9 Bwll8N0R7KDUWI39xzKGA9+j/A+s/00zGG5Vet3DdKWW/domeWo+d4rYmpKQDtrr
OvtsdJaTJ+jGtUE1BZ6nyOusflL1k+t/PGrkBtv1AFsLu2YWvxnP5Ob1HsD84YXv V0/Dp0rJJkJVItyuDl+0yEJe0mDDhHgffQIhx/Y6lD0KvE0yEG404z1OeGvHoVGX
XA7ieDsgXXDSwn63VAUhoaMr1hhEFl+2JFwqDx9v1ZMwnmNANJUPT3J0DYKVjBel aSv86D10a8IHVoJbXRtNMF525c4UP7VPh1l1wKD0sjzYkofaJvwPqZp/GSi8wSYo
nRZeOePzpYQGXxJapZhYshsMNjQpHieqm/yyU61i+NXuap6Cyqifab7xRSc2TQza pyVmrzIWfwDXYrqEIxFDLzXxcGW+L7gl5ntEqP/XLsda9DQFJSg2hTAfhhWgMOog
txISAuRxg1pfTu+anSmF33l57w3YFttJx/KzjAImNvVHYvAg3AYd11s2gaI7H2bh fmIhHUyOcEUtycb4RvQSM1Pkg5h+kHUmMMpUKuhF50Pgw3+UgxwG2J3CW1DKUQZd
MHvkXs2wcBimKSqkanMmzZ2Ds8K1OYsECcvqY7l72xEvxG2yhETAwiuXXgRHy88L j+cuO3J46b0o4/0eY8NoNqpWK6XksqSH0g1wVsyenFuugRsuESiSiZMTNmCqURSl
WnftnPJ+x8aWISWCoY7iGIdWTX9nqgd2fvPx76ZMgKDYYhUFU6jhRl8HwQQozesK PPFUyeMtUgSQ23EDLV9T2RkaabSNmVG35jE0CQMOBaF7XU67reXpLsUqPg2yhQwn
2qgMXy+tsMmO6pIK+dtsJX5vtr4FHVq12dE/2VsHqzfOu/dfJSkTYP4qsLZw9RRX EzX6KM4qioqC2wrqk2a1SdqRB8L8BEKykK2kv1bqvc0DNl9FoUxFt5uEH6iKHArK
NfFCAnV+ZSrCMzQNS2B/1d6Aa92PC42QYxGtQebmPnzSvBpSbGAaFoQDVF4wCaY6 SkjLaQZsRmzu+ueHRhTqcSHEKeVstq9jWc/heW4RhP3LQgD43CVc8m7yRqSaOkor
iRUegB4a52zfjEGmCjOYlllOW89ep113frCrqdual5qPKQw3XvAtQg9taTGM1RW/ 08Pc7O7++t7SDvYMsXFVmJ9MbB34HNgmXk5gTTb0AqI6fKyXEZCfJloUMbWWBsKU
kqSlw2ThmmPdik4/JriXTJYBP80b80FQBYFxbrO3H+6cxD9F8YcYCnQQ6RngA6xL mEGUu0YOmgK3hRCsXBugFIS6K4galFCx22U3hoByZoiVjLduQhRQNPC0mFk5aB+i
ZPGH+galIYFnp9sOX9iguS+r37pBoPWfUfXIrzZpoYOKL2npgjf9/qdWTF1MzMDZ NwPL02YlB8rylvz3fV88GH9A1PrIEPJzCVsabxORVQeiJYCISJnvRn+PME02aqBh
PbavWCdWOk4ZUksf8QlkXEoa8Rao87yUhxvyofcKNoX7UE2PBanu0BnvsGJZQq/y 7qOtTDOlTChfj7jBgMsDtgpytWEnObAsiL9+Rm4UsnHBbbpOMbn7rhZLyjEKkc8d
6u9nNm+aB8gSzGaC/FQ5mRXvUU+3SmLW9oWrOD38HEQe7wtVUchez+NQukZfDf8G Ej/6LTuQGjIOdPEcfIU4LMFh3mZiWojhLtDXi8mEF/+m2BcX77fKgduM3KM1FXzw
uOuE6vBtXtHixn3vZa21Yp+rWpR7i2BOsKGMeUzKLsg9UvZkvfwnP4+zuZvffR58 Te4TnpIET18zeigaj5ie+BKmac2Jxmxa8sOlrmUP4KLD1kwF7bgTOsahZzkPHmBP
82nMbLStjTBOZnqNDkLhIZueXGJgGXxO95kkqowlWv8QYyp5XQy2HaGjaULGB0Yt ykrogqTdmYUjkTyQvDzVUykI4PhnthaljLEYOj+LhZ0DSr0hhbsfM7OFUXqpPLeE
VyCF+7RErqXvNDycnIc3aumJ7yJ5wygor3/z+SgEqVOE4iEkjaSvsRKard6vVdCK +tr2hGdj3YZOIJkfSYWH2DqtEeDlWDbhBfoaT7EbCFi0doFHsAz+BX2PlZJsIqJ2
KQG3LL6fKwgGDTdP+08KKXLyhZMsi8TtGLjye722CQ5wl7dfQex1L/vnHN5avW8B BuA9mci9XB43ssokteKCqGT4QQn6KAekoEDZ96wHDTudcXIbYPdZIrD1xFHGjS1a
Qdq+TEQowytWJC5qTe2EtwmRiCcBc1PNebQFM3cT2rX45cl6iiFz3zM2EYvTQBYf ZONl09Fa2IBuLnMhKuYQXoZwUUnXSI18Ga3Yt2ljCEcKeXmo/juIkt0b9UPTLBq8
LKkLudvH/4vd8oFWS8oKY6mzPtZKWZ4XgM9gxCsN59HZ/+CsrNFoEx1kTPVRpfD0 r4kb/ExUJ0kUgqUGmL5rSZszWWYmxt1nzOJkEd3v4i7LUk+0mGIdlKOE0hqLSMn7
rgr/sfNpVKSS7E4hagMUbElSU9GlcyxX6DYoqy0sx23ErcOi+/Dl9MLNAny9+xO+ YVJwhiEqIPHu2PnnDUtqlDPVMGG8wCZfZnnzP/sDBm98/nIJRVXSEc15BYFtiUqf
IplyP9dVbeUCSLBbzQIH57FN64h3iHXx6Q/JNnkmLNKwMXNIi+ekE6e/ikZLSBhg cqGOgVAv81z40FFg6TlpOAGoZqXjk5It0plTwjWRR5RaoggYzL20DmL7Q054ogDI
cMrTtZO+G6P/7bQKOKYxIkdaoFRL6qkqKqzTbHXM9F0XlxcjBP4EhfSzS4zTk2PP 5lEgMtbY3jvN6XAA2X3qPUsCwinlxaUMCJJsVEN8c9YkouvsbNG19eBRCpsC70+l
oQs9iebTozmbk2x6xjkW8/D27fmWFbWdjCLjCN2Z4xWkmkkXonwrdesjw4ORGxwk HMp5Ybh3ypJxSqHCn8zEa4KmJYsW+7Q8VQ4nCMekbhH7Z8l+5Mmw4/Y6+Wn3j+Zi
AsS1VHW5akXeXr0xHx6wjS9y6sGftYWI5fghlJTxvvaSjBY+13BvLZboKLAw0/0j nl95bYnS0S/FF/QVI2CbZAn2IKlwmGVtIsv+XgGSlrPk6YvCgHurK9NhrRSlj/5/
5JiyQAB/t22zUaHvi/YEwL1aHtpgY/PUEatbHmU09kt7PY+3jiURxPHjae4CelqL ZbFWKUZmCPBbXwuFWP6yS0UBzTRCTaEGIZQTpNJawmoyHsRJm45Sxxq+q/0Gkieu
D3dFJ/I6DGPuLhLgxCUkTDXGDbReugmNA9rM0z/aS/yQuwRh+OiNLsJd+iifaX5p u4GD2XQsYZhBKL24NhEW2fMTrqHeuyiouQiOdKJlV21pCDo9cgqbd0Ikz5wx8Zxq
VlDyRq6gOkRej31jO8fPKEHNDLgTToHbDzDhUTBKGcjePhMH0//JrOkH3izTpSWR DKVP8yc+RXQHKj6PYnmAQDzsqtO+21rRCrT4zt9I9uhSIAoEhv8ue6TSnhhc0QbM
6IEfM6Jo8HvcZGPqO0Ra5HSOBPcQ/rEr5GiEtbEUqkJ3PonMEYelK2buI5Lw5sUt 8aB588Ass35/PGIDRVpBdIEoDrjHx51oss9J0WGN5E0iVkDcwVRpuB2ttM7UmNv7
W8/wt9YLuXap2OL4jnVAJrfLf5n3fOPm4F9mCPCzBCNzBv2U+cuASVh9HA4E8+dG 3lGG+Hji/FconVZjwkSEQ8KUZ1jss7Sx1Ji1Kyv02+aQ0VsTePkh5JJpJoRFPrck
KqR4FEqqv7Mo5DONHdfYk8Sdw5IYx+XGahqk/qvrqR+QXPBbO6oeXLmbIl7TZKus dgjZyCnLl/VysqlGFcwKbop2QfgUqlB4ZWZMsnBT9ZmgkD9pUoS12DnX0PiFqT3+
nqAg6PoENnxf86R3jPwrZOc11jasz0L6zQ6yVQTxlx/Jj3CbzhkYEHh6sU5EPkWu x7YWr+z13W7br9amR57w7TYwdTB5dYCkfuLFC2th0nR7cHKPxAB5O9pbdtqTIVvB
H2B8lFifdxkn8CIs+cdWcSyVxJlYRU8qwqdUudsXbCfN6bW41/V43yrz4BozVuB8 QtNUy3DpqVpiAp8pAM67ElHjfP/WZrnP8SafvE5tLZtOvcvVF2fHnW4visb/VCSt
N3vOTqoDZeLRRAebCaFGRmUGWW03/WvOqqdzMc3UFxBiMDol0Gyr/3tKff2kf/dY xKIKnhsqKJZ8gLZliL/zV6dQmvAVvWeAwsS2D2OUyHlvHKLWnA9fWVq6GsTC1wJ6
KaHssQYIIC2hh+f5l+Ekp3XjaX6GFtAjM/scJlC0ftupzk9tJG3scEUTbK8MwUxT 2El67XOVbGYPIHgbQ1PgMecWwaapHsmRu8Lh4z6nnv+H3vUG9R+rykvR+D7x8V0y
pJ59+cj3CtdJHxMVIc904PlPqsocHzK5CpqQD5Clvqj1jFc+eZ9BICZ+s880Ie9B xXt9hoFbhfp6PaXLhFkEwAcaXE+w3bLyPrWS8rUv26zYL0KN96FeJTysT+/juML2
bFpW1S8AN9UyHl6nCbllDOazUIhdRh5goDv1FRv47Wtr+zZCseGzIJ7oCAE38KDZ FQP706NRcsHaxoBp3jddqxdiGMxUJDOugh7zINNZwCryMq95j1jFP+JZFumD43Aj
u6QdAe2a16qibKGeOKaZEVm1DDIae6YCIUUJZw/PDmO5Bf8NkRSz2atY8UzyxSxi tPfvfqv0vZ9RJiirxF08skjG14NNovMYs+jyaDv41/1MRt4TJq3Alu9Fwc5DibVy
K9HYKPDly0ILMF+aQzqvy36IttNYQ22nqN1XVCmYF0HFPnS6RFyDXU+Wa9RATL1p KWKzf2XlvnYsXwiB7hLc9hv/QG/YTjJbNHoNSlhEP7fgNI5WYZhefmzzkrk1ueW5
u/kW8TwMOBveXstkJUm8TBhX5TDEFtg+Y+tyDNb4n4xwpuishLd/pMck6LNK3fO3 IPfgwrQJSG68IpZOGb1r71n74YgtyxtkM8sVpklHz0l/mUFSoUczFLFc78nTjiR4
cOaqQssUWkpjJSzSeedcA4oonnq833DXP6SPF1ksXlArsDVWB4atlFRqbaUKKrpv Zl54J+pfv6dXQp8KBIhDnyjg1pH2Uvg4Ie5YU5twJ0QufhBst7ookPbj4czYBTcZ
Hinhb+MUjANUW+TcAEznbTyHFvEuNCIX7WU7SlOglcrEjJzGnJZC24+l0KzxF3ed dha1mFjbVPTTqaMuZsiRSfMjMvE653QEWAG+bt9bODNFTk6/8ZFnmuLH6M3h56xs
7PndgDslLmJc4ExhALrKGFw57Muvy1UNd4f6W7AEraj/54FIoZzDRH+R/owcjuiK LnAEOUs6ikIKwJON7AxVZ+YfG6WJpHbqelmC2V8MdBltN7kU70tm2KmE0SleadBW
Pza8vs8W8792ds1ewGcLs+B1g+l79IbO0+zR4eio1f+6kSsRf+EucrH4RF+lU+ba 3p8lzad1pvL/A+F+3ZzcVYqGV62ojnSOHb7iSEttZAlEmLVArtcVCcAqM5IWtjyT
w56nBq1EMoBJFuzPrLdAOD9vRVwi8cmKYYf/VgriDvZxqsDsdjC81fUEesG8/iVS Q+aazgaKMEVov9FY28UB3YOl+6SMPWq/r2jxJcTd2z1y3L9yXDLTLg/eIYZtPOVM
axpAOFhCp8oUQZVg8yRsR7x/m0EjFWZPu9JZwAge76HhwpSu+yg55m5ndeXEy55p iqIkeQ04Lq7CNwQa1GXbIlYmUSqKra+588IQWG5dbCIctteTtY6iLsquK0Yu6ReP
ss6t9jHwuFu7F8q75xTTVE+jBZomyxfYQV0qFvvelF86Hrc+FTobS2AzPRzhwj+p Cs0IQnGrZ4W+Pp43CEZ2+UtNL775n0WgBF9T14U/toMd6+EwTth53KmKVQWdYJqO
Wfh8ORVoQaHb/BuAREB/xXCLhzDsirqoUKDcVATLnBUvZIawptgC1OjIaAX3Xgn0 F7NhRuOi3RGHQFHUv20RyOwHMRP3xsCWLpx301zLxKzzy5y81puzEaGcsZ9nbq/1
VQXDSeABdtUDVBgI67OgFw== XGazzMVR4ksU8jkHPdw1nA==
C.3.9.1. S/MIME Signed and Encrypted Over a Complex Message, Header C.3.9.1. S/MIME Signed-and-Encrypted over a Complex Message, Header
Protection With hcp_baseline, Decrypted Protection with hcp_baseline, Decrypted
The S/MIME enveloped-data layer unwraps to this signed-data part: The S/MIME enveloped-data layer unwraps to this signed-data part:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
MIISMQYJKoZIhvcNAQcCoIISIjCCEh4CAQExDTALBglghkgBZQMEAgEwgghaBgkq MIISMwYJKoZIhvcNAQcCoIISJDCCEiACAQExDTALBglghkgBZQMEAgEwgghcBgkq
hkiG9w0BBwGggghLBIIIR01JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt hkiG9w0BBwGggghNBIIISU1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUNCk1lc3NhZ2UtSUQ6IDxz ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUNCk1lc3NhZ2UtSUQ6IDxz
bWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmVAZXhhbXBsZT4NCkZy bWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmVAZXhhbXBsZT4NCkZy
b206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNt b206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNt
aW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjA5OjAyIC0w aW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjA5OjAyIC0w
NTAwDQpVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wDQpIUC1PdXRl NTAwDQpVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wDQpIUC1PdXRl
cjogU3ViamVjdDogWy4uLl0NCkhQLU91dGVyOg0KIE1lc3NhZ2UtSUQ6IDxzbWlt cjogU3ViamVjdDogWy4uLl0NCkhQLU91dGVyOg0KIE1lc3NhZ2UtSUQ6IDxzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmVAZXhhbXBsZT4NCkhQLU91 ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmVAZXhhbXBsZT4NCkhQLU91
dGVyOiBGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NCkhQLU91dGVy dGVyOiBGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NCkhQLU91dGVy
OiBUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkhQLU91dGVyOiBEYXRlOiBT OiBUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkhQLU91dGVyOiBEYXRlOiBT
YXQsIDIwIEZlYiAyMDIxIDEyOjA5OjAyIC0wNTAwDQpIUC1PdXRlcjogVXNlci1B YXQsIDIwIEZlYiAyMDIxIDEyOjA5OjAyIC0wNTAwDQpIUC1PdXRlcjogVXNlci1B
Z2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0KQ29udGVudC1UeXBlOiBtdWx0 Z2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0KQ29udGVudC1UeXBlOiBtdWx0
aXBhcnQvbWl4ZWQ7IGJvdW5kYXJ5PSJlMDMiOyBocD0iY2lwaGVyIg0KDQotLWUw aXBhcnQvbWl4ZWQ7IGJvdW5kYXJ5PSIzYTMiOyBocD0iY2lwaGVyIg0KDQotLTNh
Mw0KTUlNRS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L2Fs Mw0KTUlNRS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L2Fs
dGVybmF0aXZlOyBib3VuZGFyeT0iNzk5Ig0KDQotLTc5OQ0KQ29udGVudC1UeXBl dGVybmF0aXZlOyBib3VuZGFyeT0iZjMxIg0KDQotLWYzMQ0KQ29udGVudC1UeXBl
OiB0ZXh0L3BsYWluOyBjaGFyc2V0PSJ1cy1hc2NpaSINCk1JTUUtVmVyc2lvbjog OiB0ZXh0L3BsYWluOyBjaGFyc2V0PSJ1cy1hc2NpaSINCk1JTUUtVmVyc2lvbjog
MS4wDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0DQoNClRoaXMgaXMg MS4wDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0DQoNClRoaXMgaXMg
dGhlDQpzbWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUNCm1lc3Nh dGhlDQpzbWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUNCm1lc3Nh
Z2UuDQoNClRoaXMgaXMgYSBzaWduZWQtYW5kLWVuY3J5cHRlZCBTL01JTUUgbWVz Z2UuDQoNClRoaXMgaXMgYSBzaWduZWQtYW5kLWVuY3J5cHRlZCBTL01JTUUgbWVz
c2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEgYXJvdW5kIHNpZ25lZERh c2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEgYXJvdW5kIHNpZ25lZERh
dGEuICBUaGUgcGF5bG9hZCBpcyBhDQptdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVz dGEuICBUaGUgcGF5bG9hZCBpcyBhDQptdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVz
c2FnZSB3aXRoIGFuIGlubGluZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVz c2FnZSB3aXRoIGFuIGlubGluZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVz
ZXMgdGhlIEhlYWRlciBQcm90ZWN0aW9uIHNjaGVtZSBmcm9tIHRoZSBkcmFmdA0K ZXMgdGhlIEhlYWRlciBQcm90ZWN0aW9uIHNjaGVtZSBmcm9tIFJGQyA5Nzg4DQp3
d2l0aCB0aGUgaGNwX2Jhc2VsaW5lIEhlYWRlciBDb25maWRlbnRpYWxpdHkgUG9s aXRoIHRoZSBgaGNwX2Jhc2VsaW5lYCBIZWFkZXIgQ29uZmlkZW50aWFsaXR5IFBv
aWN5Lg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQotLTc5OQ0K bGljeS4NCg0KLS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhhbXBsZQ0KLS1mMzEN
Q29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIg0KTUlN CkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PSJ1cy1hc2NpaSINCk1J
RS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQN TUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0
Cg0KPGh0bWw+PGhlYWQ+PHRpdGxlPjwvdGl0bGU+PC9oZWFkPjxib2R5Pg0KPHA+ DQoNCjxodG1sPjxoZWFkPjx0aXRsZT48L3RpdGxlPjwvaGVhZD48Ym9keT4NCjxw
VGhpcyBpcyB0aGUNCjxiPnNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1iYXNl PlRoaXMgaXMgdGhlDQo8Yj5zbWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFz
bGluZTwvYj4NCm1lc3NhZ2UuPC9wPg0KPHA+VGhpcyBpcyBhIHNpZ25lZC1hbmQt ZWxpbmU8L2I+DQptZXNzYWdlLjwvcD4NCjxwPlRoaXMgaXMgYSBzaWduZWQtYW5k
ZW5jcnlwdGVkIFMvTUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVk LWVuY3J5cHRlZCBTL01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3Bl
RGF0YSBhcm91bmQgc2lnbmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlzIGENCm11bHRp ZERhdGEgYXJvdW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhDQptdWx0
cGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3Bu aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGluZSBpbWFnZS9w
Zw0KYXR0YWNobWVudC4gSXQgdXNlcyB0aGUgSGVhZGVyIFByb3RlY3Rpb24gc2No bmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgdGhlIEhlYWRlciBQcm90ZWN0aW9uIHNj
ZW1lIGZyb20gdGhlIGRyYWZ0DQp3aXRoIHRoZSBoY3BfYmFzZWxpbmUgSGVhZGVy aGVtZSBmcm9tIFJGQyA5Nzg4DQp3aXRoIHRoZSBgaGNwX2Jhc2VsaW5lYCBIZWFk
IENvbmZpZGVudGlhbGl0eSBQb2xpY3kuPC9wPg0KPHA+PHR0Pi0tIDxici8+QWxp ZXIgQ29uZmlkZW50aWFsaXR5IFBvbGljeS48L3A+DQo8cD48dHQ+LS0gPGJyLz5B
Y2U8YnIvPmFsaWNlQHNtaW1lLmV4YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1s bGljZTxici8+YWxpY2VAc21pbWUuZXhhbXBsZTwvdHQ+PC9wPjwvYm9keT48L2h0
Pg0KLS03OTktLQ0KDQotLWUwMw0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNv bWw+DQotLWYzMS0tDQoNCi0tM2EzDQpDb250ZW50LVR5cGU6IGltYWdlL3BuZw0K
bnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJhc2U2NA0KQ29udGVudC1EaXNwb3Np Q29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogYmFzZTY0DQpDb250ZW50LURpc3Bv
dGlvbjogaW5saW5lDQoNCmlWQk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFV c2l0aW9uOiBpbmxpbmUNCg0KaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUJRQUFB
Q0FZQUFBQ05pUjBOQUFBQWNFbEVRVlI0MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3 QVVDQVlBQUFDTmlSME5BQUFBY0VsRVFWUjQydVZUT3hiQQ0KTUFnUzczOW5PM1Rw
MjBkcXBiZkFSUUVqT3l3aXdZbkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3 UncyMGRxcGJmQVJRRWpPeXdpd1luQ3RrREtuYmNMazY2c3FsVCt6dDljaWRrRSs2
a1oNCnNncnpmY3FWTXBMMmpvMDQ0N2dZRHBlQXJrK09uSkhrSWhBZlRQUmljaWhB S3drWg0Kc2dyemZjcVZNcEwyam8wNDQ3Z1lEcGVBcmsrT25KSGtJaEFmVFBSaWNp
ZjVZSnJ3N3ZqdjBaV1JXTS91bGkNCnZkUGYxUVoya0REOXhwcGQ4d0FBQUFCSlJV aEFmNVlKcnc3dmp2MFpXUldNL3VsaQ0KdmRQZjFRWjJrREQ5eHBwZDh3QUFBQUJK
NUVya0pnZ2c9PQ0KDQotLWUwMy0tDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5 UlU1RXJrSmdnZz09DQoNCi0tM2EzLS0NCqCCB6YwggPPMIICt6ADAgECAhMPLSW9
l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREw ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
DwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2
NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNV
BAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2
vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuT
SxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjM
UJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1
V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvw
DhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYD
VR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4
YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1Ud
DgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJ
KGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbM
l1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkB
D+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTO
kRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadR
lE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZ
kPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCC
A88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAw
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIw
MDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNV
BAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XT
vyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4
WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6W
z+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+
SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4S
WcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCB
rDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREE
FzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4G
A1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYD
VR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEB
AHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChw
KfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNa
ACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMv
cdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXT
us2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk
22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCG cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
SAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkF MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
MQ8XDTIxMDIyMDE3MDkwMlowLwYJKoZIhvcNAQkEMSIEIFPOmRBiI1gpSbRbrEhT A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
xW8uQ+V/G/cmOB6495mnsKVeMA0GCSqGSIb3DQEBAQUABIIBADgh7UBYrX+esUzQ AoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i
I9zNqk4LnbgdQoUdeJtdY2Jvyl6dlV8cfIFNgng8IluuuJI48a5yJwYG3060AkvF 4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9
JC/hq7sSBCLzNVb9UioTixGi+4nGB2iRb7TKsfamuyh5Zdjg4OrN8N1H4rwUQ1K4 O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy+
Sis2TCi5/TSc+UYG7rH+YyIRSeVxNCII3rEA8E+dDRg6R5bqOTHxInQbBvG9q19e +MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII
pelntJeSxvRSOSYwcoNGXenZ6S7eqfB3iln65d0gURSV7hPSfZwh1QSZa47egE7V 2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58du
9Dgce5pbZYQgeB27mLBCpsgRgYKbQ/+NBPBexT6Kxixd4sND++AZ6kUie+AvUpXo q/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
+kGun/Q= BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBSAwHQYD
VR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBakDKU68ro0
RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdaox644DsiL
OQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Nar2inC0D+
VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtluLihne0B
p1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK49+qYC9f
aFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vRhZjVD6FY
MIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0F
ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx
MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8G
A1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/
pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwX
urhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVB
DpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2w
ZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peC
rhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4Gv
MIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1Ud
EQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQw
DgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAf
BgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOC
AQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd64roA
KHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIjSo27PmhK
E1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31wbqN
sy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1F
hdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0
qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UEChMESUVU
RjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0Eg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6aqdcwCwYJ
YIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B
CQUxDxcNMjEwMjIwMTcwOTAyWjAvBgkqhkiG9w0BCQQxIgQg2xAxJLd5cNPk2o3i
Jrcgqk/WAtQzwmzkVadbd10R1gkwDQYJKoZIhvcNAQEBBQAEggEAWsHGjwENgVc0
GRVd3mp7i5QJPmYvHhAuma75gcRKwPleEQdka1P95xnNFTJiDmaMzf+5wDEuj27L
zgf7UffeIJns/d/xIGGXTuUR/IPvT1ROsY9dS74mzFHl5fY309iHtBLgaBjJ76WD
JQ+9To+vEIk/gFhx931G9fYBZ3i5wqMCcoG0UhYG2AXTNLfEDhW3+7Yz1leqS6NH
yCcfwEB8iLvLs9hIGoCbsczkgYPSbbQx82NzQjaEHOtXqLHXAn/c7a4zn8y6qV2k
o9ewCiLmqimEsacO9ZJYmi7XdwDolB50ylpcM45Mvn0n0WIjaLcU3Ooqw8LPQWS2
ybK5q4kRvQ==
C.3.9.2. S/MIME Signed and Encrypted Over a Complex Message, Header C.3.9.2. S/MIME Signed-and-Encrypted over a Complex Message, Header
Protection With hcp_baseline, Decrypted and Unwrapped Protection with hcp_baseline, Decrypted and Unwrapped
The inner signed-data layer unwraps to: The inner signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Subject: smime-signed-enc-complex-hp-baseline Subject: smime-signed-enc-complex-hp-baseline
Message-ID: <smime-signed-enc-complex-hp-baseline@example> Message-ID: <smime-signed-enc-complex-hp-baseline@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:09:02 -0500 Date: Sat, 20 Feb 2021 12:09:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...] HP-Outer: Subject: [...]
HP-Outer: HP-Outer:
Message-ID: <smime-signed-enc-complex-hp-baseline@example> Message-ID: <smime-signed-enc-complex-hp-baseline@example>
HP-Outer: From: Alice <alice@smime.example> HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example> HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 12:09:02 -0500 HP-Outer: Date: Sat, 20 Feb 2021 12:09:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0 HP-Outer: User-Agent: Sample MUA Version 1.0
Content-Type: multipart/mixed; boundary="e03"; hp="cipher" Content-Type: multipart/mixed; boundary="3a3"; hp="cipher"
--e03 --3a3
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="799" Content-Type: multipart/alternative; boundary="f31"
--799 --f31
Content-Type: text/plain; charset="us-ascii" Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
This is the This is the
smime-signed-enc-complex-hp-baseline smime-signed-enc-complex-hp-baseline
message. message.
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft attachment. It uses the Header Protection scheme from RFC 9788
with the hcp_baseline Header Confidentiality Policy. with the `hcp_baseline` Header Confidentiality Policy.
-- --
Alice Alice
alice@smime.example alice@smime.example
--799 --f31
Content-Type: text/html; charset="us-ascii" Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body> <html><head><title></title></head><body>
<p>This is the <p>This is the
<b>smime-signed-enc-complex-hp-baseline</b> <b>smime-signed-enc-complex-hp-baseline</b>
message.</p> message.</p>
<p>This is a signed-and-encrypted S/MIME message using PKCS#7 <p>This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft attachment. It uses the Header Protection scheme from RFC 9788
with the hcp_baseline Header Confidentiality Policy.</p> with the `hcp_baseline` Header Confidentiality Policy.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html> <p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--799-- --f31--
--e03 --3a3
Content-Type: image/png Content-Type: image/png
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--e03-- --3a3--
C.3.10. S/MIME Signed and Encrypted Over a Complex Message, Header C.3.10. S/MIME Signed-and-Encrypted over a Complex Message, Header
Protection With hcp_baseline (+ Legacy Display) Protection with hcp_baseline (+ Legacy Display)
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Header Protection scheme from the draft with the hcp_baseline Header Header Protection scheme from RFC 9788 with the hcp_baseline Header
Confidentiality Policy with a "Legacy Display" part. Confidentiality Policy with a "Legacy Display" element.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 10640 bytes └─╴application/pkcs7-mime [smime.p7m] 10640 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6856 bytes └─╴application/pkcs7-mime [smime.p7m] 6870 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 2367 bytes └┬╴multipart/mixed 2373 bytes
├┬╴multipart/alternative 1415 bytes ├┬╴multipart/alternative 1423 bytes
│├─╴text/plain 476 bytes │├─╴text/plain 480 bytes
│└─╴text/html 636 bytes │└─╴text/html 640 bytes
└─╴image/png inline 236 bytes └─╴image/png inline 236 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: Message-ID:
<smime-signed-enc-complex-hp-baseline-legacy@example> <smime-signed-enc-complex-hp-baseline-legacy@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:10:02 -0500 Date: Sat, 20 Feb 2021 12:10:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
MIIerAYJKoZIhvcNAQcDoIIenTCCHpkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIerAYJKoZIhvcNAQcDoIIenTCCHpkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACLgXflY746FTqdLnYLWQE/uY53acAbSNoGw Boq0MA0GCSqGSIb3DQEBAQUABIIBAFzRRJ4ae2Mk8l1B7yZRDGmCK9wJNrPFJTno
OY86dFVtfd4kmtKoF6bqyRom13sRj228BwPm4P/SiMKTt40967XTuuuYFzWYOIl5 34WR+wNG0/sDCZCYzBvpNXScUVbk/+Y90xyCKLXZYvP89rkPvPPEDjm0faAKPw7r
QV1W+59RRrZnNMD71rG6Cy/t2jcn55iGjpFhVUgD9LMD4YgO2LJfvOoQLFDDvI0w 9CodT58+Zxc+mW50t1G/ERj0yLlMFa+yAvWjuAXuQ25+mZ1fB2TkMQ6pZPg38smk
Q09gy+4+ydc65IKk4qZcn2WfTK1TyVnHAAjc9vLItl0NPZCrPsfrm7JiKLtyBT/1 Gtl3Dzqx31lCmB3JSYfBJQ3SCNOeRQzZENp9dpo0o4+wfxBCukVTGPexmnX9GIkL
CsaVp7atHrCNZmUSb0wrcfdXkRYmMYu8Tws/+Ck/5LBKc6FRRv478oqZLpP88Bkh 9bfoTfqcOt9gPQBXKnOG/hg6vmEQN0avXjI71fCMUwj6nUr7Jmd5e5P9Js01/4Qa
37OF2AqrfJvdLQZFSfqxeVZbHBO6sx7y9IDQUAN5qCy72w6ULxIwggGEAgEAMGww jScrAk/JdFNixNiVarqYWEWiIeTRu8NidcW3L941Fb/3CSfcgR4wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAOuP/nJwnkTi9bK5viGgKWQ5l HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEABb5CqsgXnqKOQb8V12/4362F
Me5kgUCfpiPFrKfzn98Wo/WeRhNuvvVbK5B+4TT7W2TC9FD+zQOdKtoU9i2EbBlw J3hgPcMNbwO/59c8Fmn1ETL5R85beGapoHKD9hlejMVgyVPJucrSzVX458JBx7F8
V/nSbVJoUjnFyPYRcAKgw828RfQM1PGZ8pRUOBMlZuk+TkCPdUAIJGsI38trL7c5 Q2gcINWqe4i1Vul4vGwFPQVsyK5ufH7VnNYJ3rwaig1mc+3zb2NaF8rS41xnCHVD
pItqwKJEEoZqr2qe3/rt2eWStYDbZH6ZCp5SktozKYK2jlLxYZ15K1qQ9tnnf2pV 0Fcl9lpsN3iQ4hqzUNKTupjVKmZJfIVvjdwwrTnqdSbovmCAFYe4b5h+lIPfGJ9p
DIUf8UTHl2NFq9SWC/Vnc1ifoAmzgv/Q3CY5prl3Ucz69LpGI5vAQ25+iZoRyzzT RZNDWB4mZk+adxhK6qYxoAqzJE1HmF4NwJz0BKaknBPr9jWPa6Y6A+ap3Fn4OfYV
jsP7xbIHnYS+CHKS8sOIDL2vf3/b/cSOp756tuVd4kGBXYQdA5NV0ghvPXX9BDCC NXqRS0LSsqkT8D31CoSDbWsBH2SlVWHmOtSZvQfNh1jXDRfQFssgg4dOXiL+LDCC
G34GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEF9OiG3jOvWyOYsEwUhg86mAghtQ G34GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEMGuYxUySDVL/ohXx2NMvHaAghtQ
J9wQwdRPPRIjqaFR9ciP9ECMC1tXw3uNHjsjl9tgTgzT0WxgwuKrHDGzYywRPtFD poigIUJ21hyg0R0MwSilmOnxXu6RlAVjlj9LiS9iEfWStaxj1wv7I03AnTJDMpEn
pEYPXbYKmjH6w8fr2a46v8nQTgErdhO0gPQsc/FDPI4s1uR+aCd1H3pVDB2HJ4lW 4JUC6w+ZKkG1N7KF0viOCi1l/dIBCmBrUIBH6GTb1AVVlUI8NwnIR0Edv/RqlNSj
uJhtyalcbFT9As8mNk9izHLd/K4POXKc4W7dhv66BbeBMVBseFDbGoqPalblRHsI dViDiZerCe6EJeD0oirYPPjzofrD56glnYCetuDXFnMas2ECP7pu6YaB3MiuLO1G
c7sjqLUsmlEWIkU6e18/KHFuxW/m7p+HPItcN+MzhsIrOAzpAb8tvy8a4z7FCrRt McK9B5G5ior0BiAigYPpMW1dmufoOJFYX6F7v5+1ZrIlTOYvGGYU0WeOvM3mY1Js
BlNLjzGSk1qIswiUpkhWgv95ZjiJ2jX9+BuOGXWDn8c4NNlyQQSSOg7G9H4gS9m1 49qkzg8l/6qc89+vlAMDa3f6P5Iv0g10/s37Yz3N8roT78C9ZegPC/85RgA2KY6t
yx3D1UMHko+nqGuFdECX4yE96LnKFK1hhWKuIRC2L9bVaMB3lhf6D/K+k7A51DZx U6wgGDllqgPUfg0Fd9yVd/konoBN4Nxik2YmM6mJTj73Ii3H2LFSWD9HRJjXwpda
mrOnb6q1rkAS6xr/IlUCPvogo8x+bEK8fufZM806AaL8cRPxGHxlhsV1KVC0TGka JZqkCjWHOjbugF+z1wpLSFLznRxdgje5Q4BkQDSw7BJsm9a04EgRg/4IDZTXsY6e
sGm3koZZrSX4Q0MFYQsl6HHAFlnCN6agVFema6sbqC22oNtjsTd79Ee0S6VyMvh5 zncUIslIJvf2dKCMzLzNA/KNBoSZPxvZo3MDIBr4z9Mp07I2jbtdM5OAQCbWwNGz
04jJJqbdrCNmh7LPThPY7sesrJwMy9VgWh3qHM8q04JLdQOssxss2WI4QFahFO7L oUuu4p1NvUJDJoLae/w2j8v2RDpI7rss5hWLqmwEnJJNPMmR7PtqU5tL7kbonPjs
6Ldu4yKChpXME6dvuybeAjmKdiCBUt79BXhE4frn3LKm8UWQXUV0nUrGRdoFszf0 ew6t4aAN2AakJOjHBHV+ABtScANhCDacMa15/0MyS0CkxAIU9ydf4WHtvQlsu81i
5+l+SEre/4oLtBv/IIKF9+rwZzScLvhZNhaZq/6rK2s1C/UlAPBKP9eP1L3TAp3m 4XXLgm8JYgu1znbsil+FSJtVIrsasEtHny5xJAHAlCwFCr10Wt9gqCv/t8tji5Xl
na9wJ7kmaTwo9xKFlYP9yUv4sMe8pdMIZqGGh22ijtw0z8qKhi9AaoqXH41y6wmA gKoxdtM2mp4zsXurP7BsKDXSA27QGVyuL2l6Oq7VHrwg2ex/7AB31qCP0hZni86K
r9eZ/HIhXtTBfCpRxHqU47wgd4Cn02kk8is43xI0QjClAfNpWEGaGvpZjyy3v4jE Fk3O3ZxjjN3aZo7iXeN/IjaQDhmKEg4qaZ/Kfs+gGA31alBopZKL4UyFehX5Le/J
REQ0xJiu1nmUkyUorx/9N1uYo1XeErF5oZX2J00WR/YUQZhjvLK1uH8iEdXp59Q/ BbXPCFaXCxU1eztGqLA4BPSNSuDoUXzHMnvm/nRsuUF/d0YHsNp7iVORUVMj9JQP
BLo7yKDkt/TwY/3IdjDsx2OSgVLekKrOcQC0iAchM0Zg37DGIQHZRknff2aAGhjK 891eNWch1R7OI2q5THAFJVLWwCCScO89vFeeFhZDJHMZ1EdZRP5hdE4pGOj11Om9
oWXXlfb4M2ym+0BsBkgJHrH63Fk7kxgN9VwUyY5HxyWCQDKauMwUKw93I2tNm30i DGYIWjd59fN26eSbB8Eh0R72L/K8ziXIObxLd1pLy7F0ae/WyDKl5fykSTd581MB
7PfnkDlS0QmB3cw4XvQGgQWfmBEp8P9q04QVzeiZvOy4IoFqh0jiOLlkaup+WuOh UqRflyAiTn8lojH9b1svp2XXNVBNRDuCtJCjqd2VT5NqO0UNN5Hy9ojVyCyqTFZa
zk52lU/im2A9MzlW87UNNsFpTz3pP4k0ZA1lkVSH/HGhCIvHqp4xwIiIECyt6U56 pwbyx3V5MCZfnZMtEr9A4y8e37ogWC6zm2Hg/3/mgapslPJsWBZHRqPaIhnytKDq
S72X4sUedoBFrZgZYEFki8XJgaFQHjFlVSTqbBifQbWELa8l6cJrGy7W+Fb1d2oI J3WlegHY6f4WF1XyTVOKZ98mjTytcwRZ+D5QwrNdULT3EYOeFGdBJ6Ao11+2EDZh
6hLQQP5r//j0cPfsTayrV8o7QxlcbW2bQsPkCttjB9tM9MDwR1ID4iywG80eF/fD 0vMVjdxfLAXxIyZ3srdqf1jFoLnAqsmJMolWBT4eX1379SQK4UULoGVIUOrjsCd1
F1H0+6pmvcegREdmSYJr4QgnqY6thnyBBiFVdSGMUP+3Q8jZqHxiJUjYY2BYnNL1 YK7vKED3e502hQc1IKHFD79OTg2VssER5QTLXkxHvoLXzL35fif9gZN0K5WEin6K
kjIe+0M4Eey/U4/kUxrlNjzxvXd+7KWaVjJaLwPpVqbfBq8cBx03Q1yZPGRx2xVN aBHSMcFzT2sFtESHpzs3Kl2FlEUBnxA4QfvmiFcvH212yUAvnwczoH69w3+xaaqW
4Z8EbSAO1oPsdJSrjfgM6oYwz5k/92795rNB8nXAQTqcEGBKbajJbqEb2IjLXCzR mmOqMpNRMxMap1j1lLI9lzGG4bp4sHNPd/t4uN/RPjq71+f6HNjbJsu+My0bNTIc
bvZBuwESmwuzqqiCpf7WYyJVOEfQXEdPzXtBe3TAy34J0RLaXKfCdKZ5oF4coh6l zfmwTlsg8zN8L1biu0U1Nfn79XY01xsLpJqFYGoYUiTuY0SBPz77LT3BE6j2OsLp
WFlm1QqJfrsAuwb4L5QeOH0XQLCGnORRGtfL88TFLxd8quUnxHgg0lkO7UuT8VAS H8NhlJVlrfBeYWdJJnwkGbElwbQwI9eDkjxf38oUv79Az7NFcg3VLtuUgr4VWdBv
6n3N882CFN22C9BNkR5+3bdpdQZOAxuJY/5jYPVSfX9p2y6gmJ+KLuX1vYyB6CjQ 6e4vEwamNB36hEtHZuTL7tPuv9mSZD4wzK+sPHxrVyw7Qvnln0PDmzS8Bs2l1dQI
sA+bQRqWeqHw5kN+gTXT0UHMOAdqw8D8MPHhU77MwRzaFb6DK4Y0LPBZoVUgXxg0 RIi7/oN7bLJ8YUZwALukzJ919wuiCYjfJg43l5Gvhwh1PBZ4mHNUsU6/EUmmm+rC
8Mv52yq5cra82c89712+fHaY43onEGJq2VmKnLkiCbQExVc4c6h+6AnQleZQ0skg ULCIyQqAY0CAzjO70EeI96JOZHh9Yh06ZOdh2iNGaZmQ6QRCIzlEiikKPKK6euhf
5Q8vzFONHIiHeGbuABnCHmmABs8RyWm1Txlr7MUJcm7gR850sZOe1KqRKWlGEM4n RtzTM2pFQNu+BUj+vB7rQ8aGD2snw72kD175+Mup85Ac7VJiJU25mR8ojNgnku3x
5DH2JWl0cYWOQQpnwTWTl8y7hq2rzcLQEpzfthHQ9Ezu3GDBieiDdmcKDxtq2FrW tPRvU0z+/bWw/l2RhRfvNUy7Eh4CTB1jixlabRWHQFgs69cLrPly4kJxIR0yw1/Y
Uo4F+VbqnJLdD/h+QoZGNcCqWeZBeSm4qRKFhBZCTXE7pE6DOaJuwlShov+Lej85 7l01or7cL2mFwRzoBJVcu+/pVr9DKya2E65ZrmitUUBF/QWUBEzc78adBHQcT2Ih
xc+FMb81gonG7c3NQajMCOCyjewQULR/qMUURaZbQkQv+GDjkzAdRjZK1cc+JUaS 2bkfB/E7I7KVQd1p7n7eo95RnVtS0WbwFHcXkr3cK5PzJAOQwGi9sj3CSk6cHrzU
m6cj1xsZIwyxELtXNBfvtqPkjrjvzNQoatQhAA305TS9QlQAKJ1+LenQb+otDmGP GSi5iGA51V5MAo38pYJdhBPPzAHsD1PLRYcFP8McjBTuBT30xKE6BO8voV/9NsAk
hQUaw5Db/w6lheBxqhW/rQC1Wk1YHcTl7vQr4kUK06TjRQ9RIV6ds2V5WDrhEFbn a0OuhpABP1GwQl1l84a8mECVCHkfPge/HJ8T1d9my+Ra8jYakMIWiudd9a2q4/hQ
O/KGHN7k+WNanxMmhyN3Vpnlz6J9OEaFTm548ElQUnEHeQ2z9pJc9TGAAzrSakn/ VzL5Lp2TjAqO9IWbpPZvT0GFej+4KCb5nfW4vgqGwRc3XSX1PNsrDpfrFPUyQjdQ
WgWgonMKkXuQVm8jb/CkpYWrXSH6TvofjMn2wL6SeB5ax6cmW/O318aGJ9otfcXe mAcfjK+kYYBaYgsTYZBaZxOOoCqs5BbstQ+Ibs2M3IPqDaPhY5pZ/cWiDtMGRliy
0kyNGKbiiT+raZlt7Nno7B9JHLJa5estp3dxb3v1J1lN7diERT++8Gqo11cm15uV y6yyM2B4oLUdXJH7wbjIlUeG2Zip56QmFbiob4s3v8w2iOfPaP69+tIeGZSCdpky
cgdBmP0h1hFRSilr4Z+1DHJ3GRjHoDS5yMI57NpmKCO4AsM4ORXOMSQdm+RzrUfA nqKWZejZetqwhdbiXIapD3+CsKNmmJHDTnwWqr/kRzatdDIYICZtf+WGLGoIo2tx
8j9LW3/5MsLOReNNioIz3/Zz25xpEwLs8VlCP4g8WKncrKlujFc2BECaA8KTCDai g+y4N57sn+CZLEnI7wKwZYcPTSXsWrsdA7+h9EZT8FIagdesKx7B59SNXPQO/7EG
elIDjix6aC9k2t7gwJKaWDmlUjGcrJNnxs462v4INJak8746dSi8rWYpnFYpcl/c qzH1ko+s4NbuyZJbyiXvEVmD5bNQ7w2VrvOtZMekQa4CtDusF0zjStqHSZTJ16J7
WPEHXmdVDIME6Sdomiju0tKhP+QrGmORQuRCHfyws8cLLDAyyJxmdQxi4Zbka+de 785dMVo8xO/72VlP805jokuTJNGTYddY+Jh5FbotALz6qtrQiQQ0xRqv1oKlcC71
uBlJkntYvg8mFm5fKyZ2iUAPzFpGNVxA/eDYKPE4opLKdOrNtHakF2fhyq6m2LAJ X/dsH+xzBFvPCq19dn2zEcgrJuLyu4Ojmy5jLGfg33xVMYEMNVaiNd45SU/cEbDX
pGd4PJ6U5huBF1gazcSMDsOcP4vF6mBgUEBlDTUkFCisSgLHmDouZ2CLdsXcJ9ZU rBxtsKJs/e3zmKqi7siJ/GvAIVGrVQzMOT1iZvJyQ/OUZMFh1vUbvBTFAY8e7LjA
WbjJbXl/ZTX9VWcd83AJW3HQDOvFHkNVL8GejHQLdLC3iln5D1I73CDT9AYINPtH wbVB9PD4VdtwjPZdeXkGylCjskNUmlTGi4hO4mKnOFbuLxOFMTDrU73RE58tsdqk
BsChRv2Au0eYpwuyEolBHX5QzFEUVh4wG5qDgzBBzx28sl2CGKvFsaAxWan/NdAu MI1Z7AnhyyTRWUj6s+jBoXtRXwWZgvGb1Ro4CZ6EC1c5Z6DFFcy5ICgI52r+Pz6x
g3mcMBeBtinMPxP2ifqaaxsRoRVjjCbhT7ouZMsPtgJ2oFJ9XGVBJ+c1l3bxDnmu cdINTvTgPedoDqDXv+5kPy1+EyT5/pFzRfp+eIzZmfnzXvrUzXSK2UEyxVxvJe+t
mEbiKmlz2g+TfjsqL7GIpctQKz6Nu9hr5sY1/Zvz4VrQxUOdp/WL+M4vGJRHCstX eS+jmBFNhvkzZQ10UcCsdKjhgDc42dR+N1gNUem5UXvsMV8JGv6rcK+AoXgIA6lB
n+kLYSnepevLEPPOj7sU9Mokt5jVNx1iEwJ3U4P9g+LI0oKrUSZczoZ+V/+MOvi3 Aby/E5dXc1YT5CJLs9NRGidWXW6ltJgoYORM/97GVNJeQRa758t+7A0rV/CaHJlg
oBS18iTfFR7840zWLD5DWK1lqIrnEzLSVV/pZ6ZmVxFK3zaN/AM4Y82IvzM8vci1 HR8pjTnelOCQT99BmYknS2NhG0XrZsT4/rtCsUvJRrR3bPyd6M868jWmW443w0Fx
/eNI1Tndd1JAZU5zLak09u5eacl8GYkk840oqxHOX6wsMh1qftgg0BABoU27cJ3D AYkvOQW2J7GDHjJRwJqhK2tDhTpl9Mtuv1Uv75UuPSP+sxcncjz4mGYR/A4vkjFD
7xuXm7EWcUXrQMVpNGO/eG9VJ/it8NUrp1k8QP0KPTQs43jJAoHREYb6deyEwgTt WlZLDXH4RcS405llTQPI6Tf9ii0C5qFTVqj1yZUVnYAE49nqqXVFaRH7b+z68VMq
3L+yqE3xoUB0SQCsczkcXGg7ACv/sb0clhUon4PngjT8e+gc6SM1YckQT5KN7dTe D61ThDEMvALeMNrMOuPK6czLqu7jpwbAFaJGsjrFAgfQ8C0VE1+ZcjWM9uP43msH
W14Slku9qpSMVJI5+XyvtK4OX2LLuKjUCQDz2tThVu+AhdfgUqyMiSJr1/fCDDy/ 2CNaqPKu6rhZgbhNtlTMSzISOhJeTCK5LT7rGcOOCLDnM9yqosAZ/3Txq0xw5pKX
w3lQQioXXXU0dwJhgzmHG+016o4uOHxN4iYijfkQW+Zil4AGMF6xNYbw8iKhm08r OtUsaCvyXOH1WGk0IJGA0W5k7Q/tV5zBuddtt8rVj8WbmV659SLU3TTZkGOp6SeA
ksvdV0g2gCSwiISXH7bfynWXD1QrDSbr4DPW0U7/EfvH/wGX52wh7EprDPTMa9Xh FsoN3/w71djAYPJtNhHPqB+TICv7rs2JhhHbHvrHU16L6118UgSM2TUtxZEQ5CXd
aekbxK3QiE2R/LPrcm7U4li+FmEw/d6cSK9Ge2HYufj6zlPpKX1tyLD+Ucosj+yD CFGvyOzap2VHbUyiSdE9mGzvOLrnhR1IarQDYy6Raxha+5Efd87bhpCdluiT4oSw
dufxtdKIoXA3iYISLc95pWcAu9V+VO4lRv+OBH3vY4KsLLi35aF7F8xaj2HjFYiO 8zsq2q00Yv9XyGDBgpZPRtZC2GJDyarXvnHWtqVvFoOHHyNk8GrOWfthhR7uINuP
Q6UjTSxWSOmEFmRQm1KFj9brBWFeZUx+C/kFDdtRg9ZPhUKxjSQTgMuJoZyFq6B+ xopCfRl7ijnBhVSjC/cdxpE4KItJkp5CkkRLxuy7polGvxzB1Y8EP62iyhP9Oz4o
vIrmQTo07RTaQgZZDD6bY2cmuQAflEJ/4oszywS+yeiyl2KvNUVuQTZ6ofCZcTZh AW6jwfvYaAa9bjX+B+QZYKjYZiKXbdu55h1WMGXng9yDhQONyQMPbCMprfu4tLr7
7iOkjkH8hqM9xYFvHU/o8ymXKclJDDgDHfgN46NNNh0Feq56/ippiLLlIzCr5wtG Tv/bFEak1TOahNORfVzioWE/Flig3JotDqB6wJE2EmXtjH426cn4orFNyai0fF47
Yc48C4WhECxWIrx4TVktUHGgKJGLQYI2qii2kuvqKCavkf2z7NJW8781xZLzgOvD PsoiGdUJvjKfWVe1X+71AD9+xe46JyJyrnvLY2y1gjYljVKFe4rhLfrCwU91xFoD
6+19H0VhVreHwFpjg3axrJOiA4D12Jq7RgdBqTiB+rTqxTTSsvMldOad18IgFUyP svrzv7LMSSJhuCdvcPq9OS6fw97upSYVlUWt4KIRtDOi1vxJpeR49VppMY4EXNpS
dk9kPP5heCtT/kNoqeMvTCYtv6SGgoT7oX76gUOzHvlbWq5nm8p7mIl+CumgeBoH 6+6mv2g4SWIfPCSw8C42q+sO6KUmqmCMcdXx37mrBy9DT1EjAbrq17WyVPmMQz9v
xhFUaLIpGVendGWAfqmnxDIHjZ46HvzLg2ANVxfNnxvHXVNHWOyOh7GqknmAWob3 ehaCSiAAOZCXC2sX3pC6N6o2d56Z6tdFbPSgMBOFW1vuHUlMUtOkCXuxIjtucF/v
GrFF9Td9/UoFD3+Y1r4FRUpHXUOqaJq6tIY25TttzYWcvJozJF/GK/77XVIqQ/lt /vZVmtSATOv+tpDqcB2tWg5a6vq1/EHXV29XsSZ/Hty/1j/Gt4oirtmmajAVMevu
gLajNfWSKNOWv+1l4VkS/ioylcXGKMtPWYsEhyCdqtSnqf6cvcoEIyyjBlLJCI9S Upk9+WaDwWtJ44cWEOLnw5d1aiSupG1Xt2Qpo+QtSLFtYSoalZRenOvZcdEqMEMg
og1FOm9Kul4HiAtXwPhSLEoipfPIVITOTcOpDp0ZtDK3FamrlIphyBe8tva1S0hH 1ufw2oTq5uwGdoVbQP+CjdOhnbaIjqArj0BXMZ2dcxcluy0txz4kyRn72DvcpTiY
9MOLtdwoRVbMUvSGy2gOgWVvpegVHtGNJ0nmdSpvMEEktjWUawtVQnkBWCvEaJaQ UaPFchqerEJ41wTAD5xeM6vfLpnUjnhHTuY8Z2muYlIAspCHaSuQbGbCvtkLsFVE
bx6bH2fWfOvHvt0aLDk+51evRDovLAQof6s54hvdW8wT2RS4B9J8VFmMM2dvK+ku gM4U7W7xM37XoM5UNnuY5CROkBs4+RpKC9WxjL9b1u2mHSmHWg4h+bUNSG/OQvM4
t/6AhCpr7GCd+9LodG31XETykfwKjc3s+pKQ/eQtlC4X1ownt9IS7t9R1670pR/J jq58X2QVYE0MsHeCgUS+dWAaSsvi01YpeuWkf9LSH30jqrclgCM9cbrkpodCSrYr
7qe8Yus3cqXS16PmWJRWMr6+qtNKOTwNRKVrg9CgWFSAytcTw1OmDrRLITDvQz+9 xp7YJpa2OhUAB7zobQXNBavpxgOJSniV/NmTYSe+7B7qNPX6Hm3rq2ETH03JvWol
JTgvTaQfA6O+QqVyygi/JvU7reNiFJZ4GSfw/fvpfWS2bQuH7HWms04dG74n6ZBF GOCcWlmhJfxwIKK2ddAasxiZ5h9+rOjE4YDxXOSFCUoTtHZvOAES+5MT5g0ZwMjK
i3407k8HsNd6PGHDQeiZmKlwnmr79b9pmZfwO72QBmF1zxZ21+K2ts9S4Zjdmp6l tkmSx7uqngBbnYeo3lsnUIQXuwjbjymeD4sXNcGEFAB23EpJ6ewzdpX8NsNj4agp
VEtvWFrmjWz/Z3h/yxQkqol+VZ3U6LbLh6MJ3QdVgTXCq0jicb2hs83an949J9SS Ubtj3qoXs+gvQjmAj9dI2AKhRuhpBAj4kb0CQyFLO8LJjnipsFI5Bjsxh4Ntc80W
cFfibs77cXmRpGGi6QLhRySwfCNtrbFXgvmJXe3am6tlPAvuw+3hg7JzqDi3zanx w51Zb8QCaSEZlARJ0T7L6g/kjUd0q/cviMb5zCUdA2hq7m8zL8MhTIpehZgq2MIe
ymQ81qgp7I2/xHY17faGyKvOnBvwUTcJ1OYsbnCyLb3zhLPgW3WeWz/7MI6/V0aX Fqc7nY5YyvKZDkIQF9Jza6bN/8HRSJLS2rYehVDOja6QOR5xVsV7EYoEvorBxg+e
3L6acMB4yyMi0lGyQdCxyccMrqxjw5lq1kMMbJNISDTkCIqU+ROQVtz4f5TZk4Af 4MutPpSDEgQFqGkFQuaKKT2cOIfv1j9FMyv55o+/puAebsnEBLOqeXGVY/1PWc2D
U+ATVySGZ23DAWsI7l8vX43wRtMn0Q5zSkDK/ulTGfh89rSbk+4bq9mbCzWNLjG6 1YNQ0E0o1fQeSvvqdCOc54vbU1zsnOGdgcna0w6VgN93aNFmifAcUVoCG/QVGmfg
fpXTRx0cW8pPrC9JGKDxjss1dAYK25GX512g63g+gWRcEzUEPTjpY48YjEcfonus 3yPGQh0/t2RjX2Df3b/oie0Vr37m7Wc9fTmlwPuaiB4WhBgzbkAnNKan5eFu2OrE
TIWEvgrdorecsRmwyBOvPYkEy52JnKjbppPTM2Weow3e46VVsrmgcB9Ev21WbXH7 9NnaXTBGJPMRQ8/aNafl78a8L55rFRDJJ3d0MGdq8/Km+1u1P+ckJ0yZtX3ini58
RqK4EtgDpDKNJtmpw/l4wl+Tyr2IuOHXWOmfWkSz4JLZD6fOJS/v6DqYU8spfRwV D8q0o19JS8D6r8OFPyYpGbM4xA+EovnWiA8udN/C3VXfTPflOsIzQ7BxoiFKZJJ8
qN1lgvvcmwt6BfxKoym1JMM0kbl5iFxSkFSZLegDYRZmBkp1JRFpWM0qti/R0ngM etGlINGRftBrCuP+sp5TfhfF/9wzLvryCT0wBXbWsqe9+rOuU4OyzSF5OX9tX/BZ
f/QfhOps5JLnzigPWk5XdIRE2N/53uDJ5FhGsUy7FnZYgmJiSXcOasNngmdQ9OZo DrVrIn9lo2t5a5KVYz8gLJvTCDvjdLdE2wWAX5wnmqXZSvoN8vjC1rxOLpJaHH73
FQ/uijNReo/ozFhlgEIBU84o4qaUDYdyDAqq349npZt5XxbHpcHY4FwZhiQBmOA+ fNh2POpbonAfVj0eWXsdI3AH1nC+AsS2rDQguURUH6i/pFJM3iT23vBkFDVK1s46
7rInBdHfrFiR1ZkEZtnGrlGV2KXZk8aPQsbQMzYELU841jSpumlw/NlTdgbzuGus SXrYIeUx0LNqoDlJak4hD7DV6JROMJ2CnXbMe1K8VUXNla80yoh2juCU33PG9DU3
T8QH8kRbZLwItMQfofo5+VPJoPvldu8m7ezixf7H53fhPiNOjAnklMAM+mCPGBNk 3DN2pUMwUIO1p4hYatx6k2m+bB2cJhncW9ApK/seF4XvvS3HmWZ7yBZVv2OmgzOH
W1G7GVAZA8eIqRoPVdVh6GCBauMrrLLOvjGX/wF+Wb1tR5CobfWFPQy58k31f9S8 Swz4pIoLhJ7sHXUTRFdkF59D8Jho65gmGaoK+EJqtNZU9hPxRcHMw2yKW027oVw1
AnyXUbuxEqHz1UZV/gS84sE0NxrB7bGj5+pFbOAs74G2qprKVuiCQ/OANa7r4I1l XCBATnASxDifgA5wIqtP4aK9fRPPI4zJu4voqK/qe40DVpjDF/4xnacbmB70q5X9
r+NehvRu1f4piCbk5gutF12kig4pEpvzdfQSI3Zn8Y/nMj7nuzQjkkooh1wdiw1X wgIiBWeZW9Yiu2Ssk2u6s0nfb+JpfqK6IniAtLtct2LUlcOh6uiWQq+B26UgG+Ik
8DjTccNQbEuNUaBc4zFogJHIQve8GuXAZvhSlda9YWZtL6JfBw+sjU68I6/Ubc0g EDKVriy7HEuzaaM2m4lmUy0bay1On3et+sdmbSg0oQOy0GQBP+TOUZl72y4FNGnq
gslspiJ3+EDxXV8UyT8+Nuw/000mGidIwenHENutknl25rgLiTSvdBASsP+Qo+8x edg8Dhd2rlIfKn8RHs52FudiEhbtxHfmKIapvj+SDPqN4FzpnUtrk8ul5t7ASdr+
rczJqeqah8MM/IL4WRNI5GMDyGFZDWbVBxur6JuVS/zqYT4Fwk5B5aelCueLzoW2 XdOLqp0uAXlK3kDqEZc4eVmBKeQjet7aNb3goEEnbu6AxUbeB/8GQbv5aNeQUP0Z
7FL+9IKLVds9QPGGxz4MoOb1M6uknKllCtUMx4vI1VO8J0F/vtizCu8LqMm9YI8n /NPxh0rhtPRGkM7x/LgFw/nCqW7QU2fPQf/6jJE5/CpXUgo0ZuT3HZriSLFoIqfS
++OXIePV/isP/faYsFaLAc+Sv0aBniCWKxkIO6X8S6MpcVswKzFTpvQ7Neuinbij 3iOls8MS3WhsaodETFNyLbalwyFvMqS64KlP+yWbCVm/G93ermWj4uoLZ3Jhbx/t
eOSTpnciebKkKAw5nBtb0s6gPuvJg0ABVD08rYei8Rxp84WvUU+P3nzIv5StGDdi jPs1mKxGBXu8JhUrqOsBwMv58qTVYyNPKgxssPGohTdGiC9Du3nhEqj5vUVRfGDp
M3SJ+vSVTZXY3CQGEC76Oi6YFsQFTD8ONz1vdbhgeF9kBQZUAcPJhfhfdkJhnjni nD2IaQ8O/ugsIr3XIsaXU8p8QbORKaWAbmz3B5pt2vGRa36lyM/pirNUse6h8Xb8
GWRW9ToyO7Iufd2Rqe8qZpl/5e8YeCjraE+8FYgRAmNCIPnl9dvBT0kRS1d1aV29 KC2pHottzkt66qWz3Q+sbRjexeJdL/0qjx82QyPaDAfwT+A+8utjBrSy8rvHwFco
iZQWcvt5jCULyeCoQ+Qiu772ZlgToKMS6dP8Rzu0CKkLoRNQzsbTctEL+8wIM+Ym NYCfKhzq6SYnUSmo36p1wZae+CSP+ls+1zN3uPtXEzar81ULsvVYn5Sj6+sgZaoP
u5y/nDH7Igvf1INUPuU84CghaRaocFfmTF7iPFbOsq2WBq5hvtGXRqh+k9vpq7yj w5ROqExM8MFua/aab+kMjIVU6DYcAm4r+E4tv0P1Pf6FKstFSdVDCGVhHkmlpFu7
wIzbo3LbPalddV21gFhpd7ASg8u8bAgEkarf+C9cejIDtk+/WzilYuX/yzv88aiX /lcjcXbOlcpMoGLkC0CdDoiScJ0D29jMaO8Fc0ifq6PCiJuAHKowqJS2H+VnUwoO
KwdXrwk0GLBHaRsNWPipOUxhleyfAOgzSSm57vGB48qsR11p/ZeWNSLabF9cLKJI wdwPLiKDim6dSCzAVatzM2/SRB6mso4LjwCzGEukOChkbbDinC9+UoG6tV8xdovK
eTi7BEg4LjmLYKuLNsTj5ahbjrerLWiMgX+fUkss3mb/tYc5/FS+GL3t5gpt/z+v rx0i4ZZfkwiQd7P+cGs/CMdDYk+DYPWJi6w3n4MNvlLMkSTce+C99n/7CEAPU7Po
AwauFCK5hrlmKqtzFRr0PNycXRhnBz8JKNJRCnhH/7pze40Zax3CpnllK/TmSPjE mizN5Us4y3bQ42pXJMZbPriedEplEAoTBcw90FZ8qvxuTfkZuyb75roe6lm4S7on
s3X4vRFc2jn3KDbwd6me3AAkHikYmnLlE7I4WHyc14KtIvw6ZUcHvYNzLOrUJUdw F/sn4T0YednconxhGorshMLRZ0aDQDwf602+8Nm3qyEY5gLfbe0JjdBnPomLo0rg
Gn9/wclMLJib02ZIm9JYgXIVYeLTd2zqEdTU8kA0ZSU4fib9yFSPzsTqfK1FWQqb nYCi6MLwns0T9QhMQfAR6JOp3fHQ6rMe6ih9su73qqmsIkRrly4nSJL8LwhFdV8d
KxG1EkKMeSOOZXQieebr+V5FxISLdC3iShBCxouDlSVKYETC7O/Cmq44LDDtDC/w qPoEMFeKb+tnFmi7SOaT6m0oZREra1iyiwpZPqkhA15LvcCDq1zcK3pd6M44hg+H
ymdXt/kRTv/Bj4ymTCKzMpKZCKhtWCaEuQucNcVeVO1vj+iHxfZuIXxJE/Xc4+VO uk4SZ0aBGRY+WReNsmYDIT3WnS9uKJpMSx6pCWa4hhcmnOsp8xwZK1UEEKzNEc+O
gO/OnaEc+0N73/fNkV/QFrOnOC/u1jeRPSWUWkEK35UYCIx1/wuJXnXDDZMVYy40 ky+/WoYQlajv9vjRsQ8mVP2o3hpjAJg0HcvVn6BsJYS0fZykAZh8tA/MBGBzkmNj
GJOIKqOCjOjATNR2m8ParmrywvF+IEQvINz2G5VAyDeolRqaL5azDA7vuS1O5oeu Pm3awY31MM3MVhtFQmQtjIZYzsKKxLWb8k1N6bSs9tKFuZx0+FZSRvjwA6mSg6YK
E0bZ6Ug9KUgmR12ZEu+28oEjrFLBNDP0s2BQQJxOA1kRYi5ba0rcqOoUWDnbXVW2 BNHiZ3W4nf4HSc1EwhgHemDU//n30xAIvX8oSFf6YuxtPj6PZ8elBVvNYHflesLW
MywIzRNt5RgTxQEXh7PaauYMC0qSoxb/9lHzp63tnowQ6wSf1+9s6tkmqOcqHuwC 0S3o/nQVSEukU1z1aZUB70lnejzvGC5EEvnTHeohRrjHP88R0oz6K7HgsCw2GVS9
p6Sv+faNqT6VaS38LeQK61hgt9nBOOr2Ozcc2qYoc5QxJH0/dzpPNRutqaf7Lm30 XT0XTjwIwmX7Q3rifjVxrju6sdmyTywLlwPWPMHFZbNWZMoaZdr1f2p6HoUJrIkK
GLvJiAjn16D5+Wm1M/gqTCmG8FRuf+KaOpVFeoXMNhFVjNPtJP68xl5WDOiemszC Opk9QD34KpaH56pG0qJ3NxcsjF0AttISbfljn2FE7t/N6AXjwOWFKfMZyIMm/iSE
qNTjE+Xy/ZOkeHNdPuhPA2BcGOlcnaowchEPibXFBHPlWxqo75f4bLZuG7mDkvdP Yp1Jp7HKxw3owdFmB41P2FBHT/eehbfgLozSG/bhVj7pEuaY0XozKDu+0OqRxg+i
63Z3NO8XTMqWiWyuc6EpwIh1XZY8KH7zJApluCdovDjF3CmuwNFP05vGdu2zkx2Z UJCfcngZP4nP5D6pG2ll3sFM+i37A2tGrGlGescgQk/SgWrnkDm+FZjIG9vLJMG4
VMOe34JUy8/YlVfXm4L4gKJbjjByWuH0xCavNOHRknSPZRhrgNWZQ423TYIHjRxU /wBjVRqF639bUrc8qrhx/jRPxkgg4Ly7+UW3mwUnr3Erf3p6ZL1//Nd7f5BC8Rcc
b5Bzg/bEXZntfWJs/j6mCTHrUepBA0s675njsNfdoiJW7Swa9Rm/XtZnKetNSBju YXY3dR+gAMpAFE62akhotTGVqUxcVU76KxI9geFg3e8pMHJ1ycygoM1b9Gt98IvB
QcDglGqXmLhe4ELu6wLs7n2gIqHAL0XeHmObBbCGD1ah3SnTpYNkkKKRcbg3D7uW 59nId0bbvOm4iLuzs3cSsdboDlS/tWMqcETzrpIOqaqydrbTkwxGGv0/3vAV19+v
c5ORsFu5EXiLza2xwlEOXh109Br4YW2aoM7W58Lb1AQ0uDx3wMISdWCcSuUQ75Tj lFy9IQ8Z2mUF+S2CgJ9bTzTXh2QqIIugoBYT3TpUlq+Tbl9oFH3FBej1J3EKaxW8
8XFAHLH4iITwsWvMcNP6+ExA2otAcFhuMCsMHLUm4m8wTh7ogdrkZhxFrd9M9/Qu s0mKvro8GmNxR2sbhBL1LnzLWs6vAstngAZmPlj1mYcbgNU998+27/+5Iln9IZ6X
MbIbqS36eFtjZshXBU6iydu0jCWHz4r2aXl68XwunN6HSHhEmsU6+WKHbEKNkE9L /jrQhWtuKg2QgQV0gtraDqz6/lMGKeUidjg2C1IKXo/m87hJWFSj9TMr+/2K2OMr
NWJsPljtDuM94Axjrf5MLugZge9Y7COkLvmVUn9p0Yl9CXEAGpGFHbSPYQCSkXfO XReM5ER2YFKsGqCNFkiTkl+T3SPw6qynf3S7lxtxmys8zOu7f/JFILKZarfWRyIE
YZxU45ZwSKIP8P8QaomSD3y2xVFqUph0xm/CLPDwkSZm6Wl3ZYMKNuhROKxeP4tc 2qyOWmBfu6/sEuVMGOWLpHbpGevp+SMT8J6187NH1NGO29jmGO9rjh4f0B8ZSmJW
DUNFkRkyvZx0OM0atctx0McFN9JrnebOMh+20NEYlefiHI67lRUPOVguMOK/XIT4 FFnwQm1PalAzCPGxlgVbbERuRZ6tnPTFIBCpE4I/9d/lNbHeKgZRjhK9jsk2Fc7v
weO+LLifJB9bFLDXd6aib3JY3jVf/1nzGKu7+Qr6XnL+Rh1qsBtt1aBWhPjwf960 QCdpedO1qwysKFmC0otrromr6mTzEZepedKYuB1TDuZMBTwIQNWf4oGiBZlQ03z+
1b+PbEBlZN+J8EErhbaNJBQFigS9fBE/zk/I90/fUqQxhX1AofJwH+jXH4XAfWTr VuXgWhgWZJxspGZ8CgYBi9CoTgsu/fkjq0n+rd9LrlRhoLPR/iVdhtSvHp1u/BYf
04a6dVJThq5yN8kWrdUP5TDY0dUf8gvML2s9BtVmRARquPBQGJLZfhh+6xJXdi5c OL9a2cqXRQfIze+cJfD2Ler8h627aW59SA8g566CSxPVw/GvO2Rk2mm/PCwep6lX
1qaCYxN6IwYc1v7ctxQtahSVdu89QXG/SxwmkLuvIbLfhJMnEOSz+xOiVa2tLJFz gpWu81riycD6VFUnSCDrw0aqpNfhNOBnx4bNqvGM2msMTJ46BgGv7gMHoUzjracz
2GyJb6NklwwklYvG2QALEaNl7jLP2YcQUdg8LbxKgmPOFhRRPZrwvzXcrgrHIQ1k tsP5Y8qS17FsxptAmPjP5GpFihHQv3JO2XgbaAudsKGMAf/bUZf5djDhmzZxWqrr
No4ZCWBkHs0HZEBzAeGKP0ZdRTleyOlG+RgkHEPgau5dLnlnaKlKUInzbbspvp/Z TW+abp6gKjktu1Ug2zYl9JYanABpb8/9oYI1AattVoAokUjlWca02bGqeMRpBtwj
Do6Pp1R+ezTkMoDFmiOUgGrHnhiWbrsciYeqCaCaCTHvCq4Yc3dry+nVFlxMqq95 oo5E22qyEkRIhfoHrWLoUg/bt2vEjKAdbe/Xp7zb1Mf6MDksa5/IIMhB1l6y0yV4
X9LucfCcSAAvD0QA4ecf6LpdTIpNv4LcdlFqR8ea6uw3tQ1gqxUPVIoTsavfV+Nn JKeRvxji3t7bNaYzTCtAcLMQRAoqrp/B97emRVQSx21ALE7puVLezZHTPDscyz7c
xCGcDCoOQqKmYzOWjEkpLqJUJU4B8VkdgjIz1/+kD0DZKWuo7WGiphhqv5M+VJRr hijAssGK+6cb180XGxtM3VSZg3R8tGiETu6nFhTB4ojh7CG+szqAkWKupBPxOUkO
5hlDxDMRhyaNKAS6Sa8yN3tWHYoXmHPgU1XL3MT0QT2GR51QbWq16+lsCkeaFL5b l5zIkutYJLpFhCbQ4cj6cF1faug6POMcww7iBkqRCU2Y0c4QcQ9z706+t67Sj3oy
0jvQqWn6poDbQ0qNzCk+qqiJjD8UzOFkpN66amptse6KXgc71xp5fBE7m6VUHv+e g62KUvdvEiA+lm3MSTJASj76mi1hi1rdTNU2pdfT4JIzPAMI6RDN0Jike6Y/Vr7z
6yhJ+9NcCA64prKqBxosVOyb5SBWZGofFlpgmbStt+1hvcPA8TS1Y3LlVd8GCNP3 wuHcGe8inCjn0+14A5sdgRouC0v5tkId04pRewc3eUixnVvzsXTp1jvbMcCxTHYG
BysnpeELKcGGHjdUovPTWk7v/ewl/dJ1dVgEiRsnSU7G4bMhR1OY3lRER902wjLm rM1GsyxHiB3j47De343GLJo3JUxt+X8e/Xfs/dwDbTppYa8J67/w74YRRvgGq/A2
6zdOuNbd7LrTimhtu6lWIFtSgrJpPNKpDTgjGn5X8R8MuAFJFibkS4uMbL1Fty32 /c/lyk/JOkuZcbnKGJa8UsflyXfEhbFDnA6ogWRxBHYTsOs27Du95SvrZwk4GL3j
bESHzoLqSLRgWgLpZQjmrTyvOgvYyauKjZYslBnVqjd+oBq9JUgxh7xKsG+z2KQo pW4KkX80gGTY857dMJm8OEuxZbVDjhAyBgnC+pq4m4AyfIOzFcXKHSb6e581n0jE
V4QC4M3z0ppx76fYMETfOMjp9Pm8KyuhEHXIbAXoVE1rer2m1ptaJGZF7wUJAqEL Z07Agv5hPcO9phCHyn3pIE9snR0Jwn7vlGaMrv6uv6DDwWIx52yNrucgYCi3WRxc
uJiKSztN5S5sFe+a87BsIlDWkCLZRuDb04aO+ndSd343yK9CMfYKbknZXtC/cAVd XIwOTYWaGhkFJ/HDHd2gCmVbSsZPTEaU9IXxmvScOpfCl7sUe5baRYR5X4VS5Oh3
2cwFAg+qix+351gdmGd5L8tQC9V4FO3uy0JQU90g0Twq0nE45fvLj0J4rnivuQkD jNpFO5YYLwvN5CAnPRXa6vlKWZzyq34vgQhsHHiJJq40GdyKV0ODlWE6ZoyGenxE
NMypJdswmGcd8TWFdb8kQMtZPNWuupbV5w1lF3ibGEhGqtO+4/gu1ua3jg+cHI3o rV0yLodGch/JAzig28oODwnw4D3IsCbu5hCVQLy6unZsxwWRjMT0onfFrnoO5ttl
oKBzUuvYGLXrbrYnPE1b3HQXvxDVd8m/+KLDNiwyQ7UT676iJn7ARCYZCwP/D3g6 XYq5LHaxkJKF9aBzSi/AcNWao3wEXVyKTT1P2DQcGCmVz+6fsR1AE22e094tULy4
zMc3NXJkUZ8KFOHqokaaJ3jleLoMi6JB23bhiv/RRJuYk+TCwX7uBKF8fnt+E802 mSAC10R8byELoQs+W4i8GdND86fG+mRQKoR8fYsrOF1CZpLXDFG4AnmiaBF5Ro7C
YOhbKcnThdDUreGM2QrsjZeHZQ6qgIkLUedro8EsPI8= X20oNkEZ4yhYoiSOTp/yfWOphJ9iDxfXO0RVHSrO2Aw=
C.3.10.1. S/MIME Signed and Encrypted Over a Complex Message, Header C.3.10.1. S/MIME Signed-and-Encrypted over a Complex Message, Header
Protection With hcp_baseline (+ Legacy Display), Decrypted Protection with hcp_baseline (+ Legacy Display), Decrypted
The S/MIME enveloped-data layer unwraps to this signed-data part: The S/MIME enveloped-data layer unwraps to this signed-data part:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
MIITdQYJKoZIhvcNAQcCoIITZjCCE2ICAQExDTALBglghkgBZQMEAgEwggmeBgkq MIITfQYJKoZIhvcNAQcCoIITbjCCE2oCAQExDTALBglghkgBZQMEAgEwggmmBgkq
hkiG9w0BBwGgggmPBIIJi01JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt hkiG9w0BBwGgggmXBIIJk01JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUtbGVnYWN5DQpNZXNzYWdl ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUtbGVnYWN5DQpNZXNzYWdl
LUlEOg0KIDxzbWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUtbGVn LUlEOg0KIDxzbWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUtbGVn
YWN5QGV4YW1wbGU+DQpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4N YWN5QGV4YW1wbGU+DQpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4N
ClRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxlPg0KRGF0ZTogU2F0LCAyMCBGZWIg ClRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxlPg0KRGF0ZTogU2F0LCAyMCBGZWIg
MjAyMSAxMjoxMDowMiAtMDUwMA0KVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJz MjAyMSAxMjoxMDowMiAtMDUwMA0KVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJz
aW9uIDEuMA0KSFAtT3V0ZXI6IFN1YmplY3Q6IFsuLi5dDQpIUC1PdXRlcjogTWVz aW9uIDEuMA0KSFAtT3V0ZXI6IFN1YmplY3Q6IFsuLi5dDQpIUC1PdXRlcjogTWVz
c2FnZS1JRDoNCiA8c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLWJhc2VsaW5l c2FnZS1JRDoNCiA8c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLWJhc2VsaW5l
LWxlZ2FjeUBleGFtcGxlPg0KSFAtT3V0ZXI6IEZyb206IEFsaWNlIDxhbGljZUBz LWxlZ2FjeUBleGFtcGxlPg0KSFAtT3V0ZXI6IEZyb206IEFsaWNlIDxhbGljZUBz
bWltZS5leGFtcGxlPg0KSFAtT3V0ZXI6IFRvOiBCb2IgPGJvYkBzbWltZS5leGFt bWltZS5leGFtcGxlPg0KSFAtT3V0ZXI6IFRvOiBCb2IgPGJvYkBzbWltZS5leGFt
cGxlPg0KSFAtT3V0ZXI6IERhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTI6MTA6MDIg cGxlPg0KSFAtT3V0ZXI6IERhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTI6MTA6MDIg
LTA1MDANCkhQLU91dGVyOiBVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24g LTA1MDANCkhQLU91dGVyOiBVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24g
MS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjMw MS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjNj
OCI7IGhwPSJjaXBoZXIiDQoNCi0tMzA4DQpNSU1FLVZlcnNpb246IDEuMA0KQ29u NSI7IGhwPSJjaXBoZXIiDQoNCi0tM2M1DQpNSU1FLVZlcnNpb246IDEuMA0KQ29u
dGVudC1UeXBlOiBtdWx0aXBhcnQvYWx0ZXJuYXRpdmU7IGJvdW5kYXJ5PSJmZmYi dGVudC1UeXBlOiBtdWx0aXBhcnQvYWx0ZXJuYXRpdmU7IGJvdW5kYXJ5PSJhZjMi
DQoNCi0tZmZmDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1F DQoNCi0tYWYzDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1F
bmNvZGluZzogN2JpdA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0 bmNvZGluZzogN2JpdA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0
PSJ1cy1hc2NpaSI7DQogaHAtbGVnYWN5LWRpc3BsYXk9IjEiDQoNClN1YmplY3Q6 PSJ1cy1hc2NpaSI7DQogaHAtbGVnYWN5LWRpc3BsYXk9IjEiDQoNClN1YmplY3Q6
IHNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1iYXNlbGluZS1sZWdhY3kNCg0K IHNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1iYXNlbGluZS1sZWdhY3kNCg0K
VGhpcyBpcyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1iYXNlbGlu VGhpcyBpcyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1iYXNlbGlu
ZS1sZWdhY3kNCm1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtYW5kLWVuY3J5 ZS1sZWdhY3kNCm1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtYW5kLWVuY3J5
cHRlZCBTL01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEg cHRlZCBTL01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEg
YXJvdW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhDQptdWx0aXBhcnQv YXJvdW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhDQptdWx0aXBhcnQv
YWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGluZSBpbWFnZS9wbmcNCmF0 YWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGluZSBpbWFnZS9wbmcNCmF0
dGFjaG1lbnQuIEl0IHVzZXMgdGhlIEhlYWRlciBQcm90ZWN0aW9uIHNjaGVtZSBm dGFjaG1lbnQuIEl0IHVzZXMgdGhlIEhlYWRlciBQcm90ZWN0aW9uIHNjaGVtZSBm
cm9tIHRoZSBkcmFmdA0Kd2l0aCB0aGUgaGNwX2Jhc2VsaW5lIEhlYWRlciBDb25m cm9tIFJGQyA5Nzg4DQp3aXRoIHRoZSBgaGNwX2Jhc2VsaW5lYCBIZWFkZXIgQ29u
aWRlbnRpYWxpdHkgUG9saWN5IHdpdGggYQ0KIkxlZ2FjeSBEaXNwbGF5IiBwYXJ0 ZmlkZW50aWFsaXR5IFBvbGljeSB3aXRoIGENCiJMZWdhY3kgRGlzcGxheSIgZWxl
Lg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQotLWZmZg0KTUlN bWVudC4NCg0KLS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhhbXBsZQ0KLS1hZjMN
RS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQN Ck1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3
CkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PSJ1cy1hc2NpaSI7DQog Yml0DQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD0idXMtYXNjaWki
aHAtbGVnYWN5LWRpc3BsYXk9IjEiDQoNCjxodG1sPjxoZWFkPjx0aXRsZT48L3Rp Ow0KIGhwLWxlZ2FjeS1kaXNwbGF5PSIxIg0KDQo8aHRtbD48aGVhZD48dGl0bGU+
dGxlPjwvaGVhZD48Ym9keT4NCjxkaXYgY2xhc3M9ImhlYWRlci1wcm90ZWN0aW9u PC90aXRsZT48L2hlYWQ+PGJvZHk+DQo8ZGl2IGNsYXNzPSJoZWFkZXItcHJvdGVj
LWxlZ2FjeS1kaXNwbGF5Ij4NCjxwcmU+DQpTdWJqZWN0OiBzbWltZS1zaWduZWQt dGlvbi1sZWdhY3ktZGlzcGxheSI+DQo8cHJlPg0KU3ViamVjdDogc21pbWUtc2ln
ZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUtbGVnYWN5DQo8L3ByZT4NCjwvZGl2Pjxw bmVkLWVuYy1jb21wbGV4LWhwLWJhc2VsaW5lLWxlZ2FjeQ0KPC9wcmU+DQo8L2Rp
PlRoaXMgaXMgdGhlDQo8Yj5zbWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFz dj48cD5UaGlzIGlzIHRoZQ0KPGI+c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhw
ZWxpbmUtbGVnYWN5PC9iPg0KbWVzc2FnZS48L3A+DQo8cD5UaGlzIGlzIGEgc2ln LWJhc2VsaW5lLWxlZ2FjeTwvYj4NCm1lc3NhZ2UuPC9wPg0KPHA+VGhpcyBpcyBh
bmVkLWFuZC1lbmNyeXB0ZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQpl IHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMvTUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1Mj
bnZlbG9wZWREYXRhIGFyb3VuZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMg Nw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0YS4gIFRoZSBwYXlsb2Fk
YQ0KbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUg IGlzIGENCm11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5s
aW1hZ2UvcG5nDQphdHRhY2htZW50LiBJdCB1c2VzIHRoZSBIZWFkZXIgUHJvdGVj aW5lIGltYWdlL3BuZw0KYXR0YWNobWVudC4gSXQgdXNlcyB0aGUgSGVhZGVyIFBy
dGlvbiBzY2hlbWUgZnJvbSB0aGUgZHJhZnQNCndpdGggdGhlIGhjcF9iYXNlbGlu b3RlY3Rpb24gc2NoZW1lIGZyb20gUkZDIDk3ODgNCndpdGggdGhlIGBoY3BfYmFz
ZSBIZWFkZXIgQ29uZmlkZW50aWFsaXR5IFBvbGljeSB3aXRoIGENCiJMZWdhY3kg ZWxpbmVgIEhlYWRlciBDb25maWRlbnRpYWxpdHkgUG9saWN5IHdpdGggYQ0KIkxl
RGlzcGxheSIgcGFydC48L3A+DQo8cD48dHQ+LS0gPGJyPkFsaWNlPGJyPmFsaWNl Z2FjeSBEaXNwbGF5IiBlbGVtZW50LjwvcD4NCjxwPjx0dD4tLSA8YnI+QWxpY2U8
QHNtaW1lLmV4YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPg0KLS1mZmYtLQ0K YnI+YWxpY2VAc21pbWUuZXhhbXBsZTwvdHQ+PC9wPjwvYm9keT48L2h0bWw+DQot
DQotLTMwOA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtVHJhbnNm LWFmMy0tDQoNCi0tM2M1DQpDb250ZW50LVR5cGU6IGltYWdlL3BuZw0KQ29udGVu
ZXItRW5jb2Rpbmc6IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5l dC1UcmFuc2Zlci1FbmNvZGluZzogYmFzZTY0DQpDb250ZW50LURpc3Bvc2l0aW9u
DQoNCmlWQk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBO OiBpbmxpbmUNCg0KaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUJRQUFBQVVDQVlB
QUFBQWNFbEVRVlI0MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVq QUFDTmlSME5BQUFBY0VsRVFWUjQydVZUT3hiQQ0KTUFnUzczOW5PM1RwUncyMGRx
T3l3aXdZbkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oNCnNncnpmY3FW cGJmQVJRRWpPeXdpd1luQ3RrREtuYmNMazY2c3FsVCt6dDljaWRrRSs2S3drWg0K
TXBMMmpvMDQ0N2dZRHBlQXJrK09uSkhrSWhBZlRQUmljaWhBZjVZSnJ3N3ZqdjBa c2dyemZjcVZNcEwyam8wNDQ3Z1lEcGVBcmsrT25KSGtJaEFmVFBSaWNpaEFmNVlK
V1JXTS91bGkNCnZkUGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQ0K cnc3dmp2MFpXUldNL3VsaQ0KdmRQZjFRWjJrREQ5eHBwZDh3QUFBQUJKUlU1RXJr
DQotLTMwOC0tDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaK SmdnZz09DQoNCi0tM2M1LS0NCqCCB6YwggPPMIICt6ADAgECAhMPLSW9ETmXSs5C
tDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q VIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNV
UyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1 BAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmlj
dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsG YXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExv WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMO
dmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP QWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCa
6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp lSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHy
1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6h A5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NLFflH
AQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXj UjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQlqdn
WShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2 9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K
lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/ 7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AOEksC
WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpg AWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAE
hkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0l EDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBs
BAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyA ZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBSAwHQYDVR0OBBYE
KRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTAN FKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYa
BgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1 ZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBakDKU68ro0RsyXWAPk
u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZ fXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdaox644DsiLOQEP4YMS
ncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fF 7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Nar2inC0D+VM6RGDy6
o/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmG 6K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtluLihne0Bp1GUTkr0
pfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK49+qYC9faFmQ+mK8
7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQIC 0lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vRhZjVD6FYMIIDzzCC
EzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChME AregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0FADBVMQ0w
SUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBS CwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxl
U0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1 IExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0
MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdH MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMI
MRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEP TEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0B
ADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOw AQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/pdO/KLpZ
I2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD bJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwXurhYdZla
73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aR V5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVBDpbP4JFD
phZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65 9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2wZX5ICjec
x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL F1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peCrhJZwLSe
270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8E wbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4GvMIGsMAwG
AjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBz A1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWB
bWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIG E2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0P
wDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCO AQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAfBgNVHSME
fAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3 GDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAc4mi
/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffR NqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd64roAKHAp+c28
TF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9v 4VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIjSo27PmhKE1oAJKKh
sdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkK DbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31wbqNsy9x0fjP
TM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4G Qg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1FhdO6zZk9
Wv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0qyTbY4fg
1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExB KieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UEChMESUVURjERMA8G
TVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24g A1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlm
QXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgG aWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6aqdcwCwYJYIZIAWUD
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3 BAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcN
MTAwMlowLwYJKoZIhvcNAQkEMSIEIDe7/NLwTkHNon7IR1M1xiObMU+8qMIZ1No5 MjEwMjIwMTcxMDAyWjAvBgkqhkiG9w0BCQQxIgQgFPMLhnhgVYfwoQAWNtNbXfp6
ANcjz5C9MA0GCSqGSIb3DQEBAQUABIIBABi/HvXTe3Z+LaltuFv57ZaUvY6kegwe /cWw0vajQObfIM2N1+0wDQYJKoZIhvcNAQEBBQAEggEADBKPOlAhmQvuL9r8u9eh
OGiZ5UPa5FBpQxoE/1vp8xG+UVIUnpdV/1THKPjKFr6bZZff1/4u4NFeBYwI9yg+ 4V7q50gjztxHMFw2kcppxXNAEoy6iQ9LeHjSXSmVNIsNyD34OfqIWUOztwbva/xC
tK1cYz+B2cscX6FDAGjUr/6QxMOwd+ol7bnlzJJDrXvv8B5AOdHFosyOrDSrvn2k +qOC/4GwaG4nvqCmyT2FfN19X+2XHgaLtlgUSE5JhYifHm2cfFGH4YObujre1NS+
Pzc6ush4JvS3aee5QFEgtd1bQx9fx3t/QhBsn5kGMC+3FzvKtmAYUlz0unqvk4HV tZubVHdqf/Stlr1vFhpBYcsu0ZInwbeVbUJBMYd2iqG5sE702eQpMPeSdh4C1CB8
I40Goh/Fm3uzNxwTQ3/rzE7ws1Qkrp0VlBxVGgUa4dZ1VXVIizkRz1PRtis66F73 W+1n0eMlPiea/V2SZC3WCTpErF7llbYdc6jLAWsOeT8tlJ+DhfgBccPpbsCw2nlW
EXJlygf9Btm/TJDUivXGr7fCI2i+njByX9vqUf/0UANsPevCy0HQWCY= yAxju5U8wojwW5qTVdVdlerenMLyzVmaxnVKZU5b5PPq8WV27JVzEZtG9YUTZV3T
8g==
C.3.10.2. S/MIME Signed and Encrypted Over a Complex Message, Header C.3.10.2. S/MIME Signed-and-Encrypted over a Complex Message, Header
Protection With hcp_baseline (+ Legacy Display), Decrypted Protection with hcp_baseline (+ Legacy Display), Decrypted
and Unwrapped and Unwrapped
The inner signed-data layer unwraps to: The inner signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Subject: smime-signed-enc-complex-hp-baseline-legacy Subject: smime-signed-enc-complex-hp-baseline-legacy
Message-ID: Message-ID:
<smime-signed-enc-complex-hp-baseline-legacy@example> <smime-signed-enc-complex-hp-baseline-legacy@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:10:02 -0500 Date: Sat, 20 Feb 2021 12:10:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...] HP-Outer: Subject: [...]
HP-Outer: Message-ID: HP-Outer: Message-ID:
<smime-signed-enc-complex-hp-baseline-legacy@example> <smime-signed-enc-complex-hp-baseline-legacy@example>
HP-Outer: From: Alice <alice@smime.example> HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example> HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 12:10:02 -0500 HP-Outer: Date: Sat, 20 Feb 2021 12:10:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0 HP-Outer: User-Agent: Sample MUA Version 1.0
Content-Type: multipart/mixed; boundary="308"; hp="cipher" Content-Type: multipart/mixed; boundary="3c5"; hp="cipher"
--308 --3c5
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="fff" Content-Type: multipart/alternative; boundary="af3"
--fff --af3
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Content-Type: text/plain; charset="us-ascii";
hp-legacy-display="1" hp-legacy-display="1"
Subject: smime-signed-enc-complex-hp-baseline-legacy Subject: smime-signed-enc-complex-hp-baseline-legacy
This is the This is the
smime-signed-enc-complex-hp-baseline-legacy smime-signed-enc-complex-hp-baseline-legacy
message. message.
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft attachment. It uses the Header Protection scheme from RFC 9788
with the hcp_baseline Header Confidentiality Policy with a with the `hcp_baseline` Header Confidentiality Policy with a
"Legacy Display" part. "Legacy Display" element.
-- --
Alice Alice
alice@smime.example alice@smime.example
--fff --af3
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset="us-ascii"; Content-Type: text/html; charset="us-ascii";
hp-legacy-display="1" hp-legacy-display="1"
<html><head><title></title></head><body> <html><head><title></title></head><body>
<div class="header-protection-legacy-display"> <div class="header-protection-legacy-display">
<pre> <pre>
Subject: smime-signed-enc-complex-hp-baseline-legacy Subject: smime-signed-enc-complex-hp-baseline-legacy
</pre> </pre>
</div><p>This is the </div><p>This is the
<b>smime-signed-enc-complex-hp-baseline-legacy</b> <b>smime-signed-enc-complex-hp-baseline-legacy</b>
message.</p> message.</p>
<p>This is a signed-and-encrypted S/MIME message using PKCS#7 <p>This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft attachment. It uses the Header Protection scheme from RFC 9788
with the hcp_baseline Header Confidentiality Policy with a with the `hcp_baseline` Header Confidentiality Policy with a
"Legacy Display" part.</p> "Legacy Display" element.</p>
<p><tt>-- <br>Alice<br>alice@smime.example</tt></p></body></html> <p><tt>-- <br>Alice<br>alice@smime.example</tt></p></body></html>
--fff-- --af3--
--308 --3c5
Content-Type: image/png Content-Type: image/png
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--308-- --3c5--
C.3.11. S/MIME Signed and Encrypted Over a Complex Message, Header C.3.11. S/MIME Signed-and-Encrypted over a Complex Message, Header
Protection With hcp_shy Protection with hcp_shy
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Header Protection scheme from the draft with the hcp_shy Header Header Protection scheme from RFC 9788 with the hcp_shy Header
Confidentiality Policy. Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 9925 bytes └─╴application/pkcs7-mime [smime.p7m] 9945 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6342 bytes └─╴application/pkcs7-mime [smime.p7m] 6346 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 2003 bytes └┬╴multipart/mixed 2005 bytes
├┬╴multipart/alternative 1104 bytes ├┬╴multipart/alternative 1106 bytes
│├─╴text/plain 373 bytes │├─╴text/plain 374 bytes
│└─╴text/html 468 bytes │└─╴text/html 469 bytes
└─╴image/png inline 236 bytes └─╴image/png inline 236 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <smime-signed-enc-complex-hp-shy@example> Message-ID: <smime-signed-enc-complex-hp-shy@example>
From: alice@smime.example From: alice@smime.example
To: bob@smime.example To: bob@smime.example
Date: Sat, 20 Feb 2021 17:12:02 +0000 Date: Sat, 20 Feb 2021 17:12:02 +0000
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
MIIcnAYJKoZIhvcNAQcDoIIcjTCCHIkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIcrAYJKoZIhvcNAQcDoIIcnTCCHJkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAIT/yEi7AoxOH3WdBU9Ff3ge5PZyEKHiXwCp Boq0MA0GCSqGSIb3DQEBAQUABIIBAEYCnMa5cAMGlFedd4M7eVuZRV3TQlSwv6zq
exVEZRgKm2m1PHvc8STLe9siVkz9OH+MbPfTQ9RYRw+xiOmvK+mwpCPfAf9QDCWw HizrFLVHcw2IQIXHK5qbN2Gei2g4nukYK9jX/nlfLZcKwB2iyG3737Ga9ioiW3WG
4dU75zCBVQOPy/m6+SDQRtvHyesEe4taEjnI07DcGj5ENoE8ugCcjr34HmBsIILF 9tJdD7gCDmqmuXW7uOfY2Y2czyJfxwygJ9rcYVF9J6bdq5yXxiuPCpIQEYZY2d6O
+OLJQ9fTXTYjeXQbXjP0InPjQk1GgHnfNXgtIcTM4XEA/EEjPSrphXsifgnBf0Dm HZKvDTHpCbDksSrj7YHAc7vzWFSGDvJ3qZ0Pax0782/oPI4e0I7IhpSJyi0kSJyw
smBfCKe7fSPN6tEeP+DIQkuQVZIrBZd7f+nzM99ixMH7kpI23Gl+BCLeSr6M4fjf 4ibrBeMXcSokx6wn80hdJK3gb2txJIbAIKCQ4cdTTsni5kYZ1eU+si0eXLLADGoQ
gMoL4tuj8WgT8kr1W6x3583fOonWNsVDW+9FJp5iefg5ou9g/y4wggGEAgEAMGww g1dcw0Lcniv/iElqQEeIqitEjrgcMOGa+7NfUt8pl2ql3/SgyGgwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAIN4h5gziR7BMQ587FEgEjT0P HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAdhLP26FYAU8560yDWy0tAg0k
M8QJzMfBPlgZL/POdBeNvMqLMABEZOna24NjftAZw887hhvv5nHujIBtEO3ezN6V r9TR3H8R9QxKI604FXSK3bmOXqq7mWT58NTkquiB4ZEycB+eC44YS3CpPq0oUxlv
wZn0tzznuqMXBExxOHq+h47VahUNmg5zrlVYBVg5O01vXXPVoIWjW24vwZo9Q1hp KO1x9vjGq8ksFQwaZ+CRLlK+pJWPOkcfLd2m3vYbj5arKGNdJe+cqqxoX+GXJlY3
0QqGC0MItLN81RpwG9FTgvtGMx/uDs37IxHQDDH81VqSu50BbuDEYPgD6U3NtzkC 7TUYptqU7VRj/oe7IfawjmORo8PUtcftFmNNTrd+ohS01RTw+czmu8OS4SDEVQZf
uVlW9aSqA0scGwib7bVLdmIoL3f++HUWD+YDKHnZ3M08E2u/trYTc3ofiU9RImKo mgLFHTVqj0BfTGUJDqA917N04GYBRXSYUVL3oNjBBRRS3aWTRZYUW9lp8XRl3LJQ
SjMLKQVGQYXg05sXb6IUWSXxKi43BfeI1YcQsHE6TMCcBN5v4esQ7rDyIKlzXTCC berrHomKqkY1aLBn6m6bY9/RkyACqmcsar5HuinbuNS+v7WNuQKeFgWPDDdiNTCC
GW4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGjqoAw+Ed51rHpzWgYvdraAghlA GX4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEDkYoCBUV2kALKjvqgmyJIeAghlQ
YTD4kIjvM0Lc1TM5w1rdgJ4hoLTX6BDFIUPye3MkOg20XYl+XKES4fW60C0vad0j 4G3n7gBTsLWMtbnseEYMFqoVDK2AtaC6iq1AEi7qVHvCueAQQzmiFDD39N13w6+W
2A6N6TbJoxrHQFy3tSCnLScUqF0O4BY0Y8u300s7HMKV0cQFKFAzv8STtpu2uOUA MnMkUG9BSN3Bpt99HaHITGsfnzkD+Cv17da/1WfWPIDI8yClA2OzUKOTdyBUvrBz
2pKrjK/BCYQ89GzGvhSInN+Lx475Hh8l11B8Ue3JrxI/x73cNufYsaPUmRQnYxPV wZKrCMrfzGQEgzcsjzHTP7aHezlCKU7aNc3GIvY6V+y7OYARPAD+xlsdNEBLdO/r
F0TI4k7kxaELKwradV/owDJnulGKq68tX5/GRoQMhFAZHrYDyDzvlG7FHRVQx8cK iZCtxCe5RaK2DBQxu4wOCHiWHGBx5wl2iR7uPHi+dXyhRYb4PKh/8uxBo0WzBYmt
2BZeCEFcCVbpYFu31hVmu+RB2MRFSmKt7FedNnc2cqNLTaCJURE6qSMcsBfxoGME kNdkYIcNeK1u7lHFCzD8S5Il/wB9jAJK4BnzKz0Z5aISDtrsIeOv4khtJB54KVf9
TjZJUVtB2Fsoe02UvVzOQvoJ9odB6oihKRsaEUe14w6aIpgwGS8h8LJiuG5yFlmj Ho829bIUYuPX77MWyoR8ce/+HD0xXxrorm6f9qIk4chBTC2m1AVDtTiRvPWG4eCA
j0kG4sQul4wc9zHGlP3MZ0ivrvUCxag9OOY/qI3aJNj/KgyGyx2ncuYps61w49kA NQfg47pEwgz3cVeGCHExyGwVVl3BsOZ3azeh2IXM26oqOCrxeEmYcuK5Kletg8e+
6QSnvPBtcoVGmu+VlmtSS5AscvHnUFcrj6HYIO68gVdJF5zW88qF7qN9rQaL62rF iNecpmOUBcNtBB3ivdG1kUvlSeBmF3NIkDup3G75lFMuCQUUYmMTOofzMA1pcKMq
Llt5TXz6TaM6+S0Q14QXA0nGk7Eeliy9e5Anu2DPm0jRZfujwouvzj+hBtelMX+G jPaQmzydKZhe2UrhYtr6Xzqxnj+WBli2iLX3VDBaQHWCUI6NgB5P3vS+3/qRUc7E
kx7f8HiaSZP7wCAkw219gnaRQbyUvDaYDWlAS+lDbKk0jX+zH33T19F//aKw5grY 1PjQ1jzwwfmNCZQQBGrzfAdqMCAJEqgaWj0VNrQ2O8pRecynNqavlpO5pn4K2Jjr
qAcCO8rXY6755AubfhUk1xmuR2nDeNIKx/q+ur/BUhrXH99788Tl9GHJVCqVUzkO nIV4xmillWypRkAT2cl+Vow+DeN+HImKhZPN/kRQvs6iRx0OuZ0uTe6wE+F4LoyV
R6wAULl26kqU5HWrFxQtz6yjoWC+YU4tZJQrYFZmyU6BvSJhcKck38lwktrvXuvb REg0O4lJQeUnATzXIyHz/QENOnmkMa+k8OQYI+FihUkFIOLzvQw3CBG4vmO3sei3
GBQ9Dmu+0qUk53SXEtbnxgpO54JyNRBpX+FP3MWqiMcQdlY+iI1eSNoatXEeLrTE mxCb0Ciy6GCVMXxk3BzeaUMifd8YeAfwO9aNHnVsZ5oEzTEfIGUuVt8P3UA+83j/
IzMiCYgx67jI3rgAshwBDBfxhXnqlbdby9/IJWsmfYlnhiubdlZ/wJMDnPMbE88r VXyogQznyhlvnu81J2cj8k0qfH+yyIqAqEDjx1a3toNRcutfdCGURuIGbbF6p7l5
pMw5IccDR2jM5PvQsRJrmPfUDkFXBio2KNUVMJy3AWpCUKu4/JxnR+Og1fs/ffbe rWE3rgPOYvyDGkRx6CdvnCUG/kiOX3XSP/e1R6QUO8+NR9ZfgMwBHmnfBgD24RGW
m1b794TlEctK8iXRzDp1CLGFTpsHtA3RYHHPd3DM2RPeYl1FYWILyuHTbZB7soKG ucLTRaKwD5tQrPxp0KnKrdoQ5qTcfWEYirBtYzI/cDsONkmt55fL/efSdVsUZZ6W
dJR0gpL6V/zpxo7y59v7yl7FEvq8+OwVkKgx8pGrAPPd9R/7S0jlqxSZVSzgIEWA oThl95axTiOrW+EeZkkOhYFFWGaPV1ZhJbyzYgFHjumLlSMB2dENEo1XtjHwlggM
9fawyV7IcaSH6FhBSUgbQRm+javR4RgPHTSHrenFUm0/hPT1PL8GFDdZFnNhHZ+w +RhIMxfTcWr5bk34VxtbgGCcszTGPJpUZhf+lSIvVoIeyVN7YQ+VT2JsgDd2oikl
ktF9x98Lf/RlSwqT+01Hdgd1Hk6EytYuLRhT6h7YxBIb0iKPe21hVV0jFqnAqAlI Z5YZ/pS7z1oIDas2cgguRuAHyz3WUT9heB5+fjx1Uw14K4iFRq+RBwFulCOqCBgx
YhAACYQ32SJGZAfPQ1+tP6g9bGxKWb6hxn+wEhNR4BTbSujrR6dkFIQW7FfBZwDE YUnEwj2C4c62qloS7kfLQU95Z/q265wbf1sYl+ZHwdYby4UPcvcqXgGCwSGZTJvD
PMTZ8tJ8V2E1DgU0gD2RJabZ+FKa0DAArT4dFs5RsmCJBCBrydtE1Qn1QjoWsdC2 xMHXmfkKB596UAlXefx1qb5tdlJdss18fXMwCrmbb4O/XxcOzoa8eeNs7urHP7jY
8HFI9h87fxcAs6tSTNtV6dLIignDCu2kBWKEMaAbuO7E0OUPV8708WbXGy4889CE fNLEjpyAD/soGAdJcxP6o1IqItjXtZqPCRnRE1QSqU3RaLQngI+B1QSM8lJjsQx9
4SuGldMTX/h0r/wzSim+HFndJF+ocLL/7R/ynV6V70wYsGy3Qba1DrG6AHOQzIMY qZMVznL+ROEUbAAdVR83oDpbA9qi9Xq07QLOcoUekYLdND0Pup+zPgjQ39fDtJLA
uOtK2R/y6KDxKTQUOQpt4TBzDJu96D48b+BxIQpB9KXSbNsNQuHBql9A30FlZhxb +loFvZGrTUhTQi9On1d4ZrdJziTwBw/l3lVuFjvBfVbYeGhdsVyQgxP1MHlGiBA2
kELYZmenmi89slmRgdjQ6r5673r2kGAD5601XLhtT67QsrBNMe5FX9EKHIKdamSY DdHcD3EE0MRoiqgV9rqwspp4ar2OqOc/kVvh3VcA6fTASYL/d5254WWnxq9sc2HR
a8weblLDrpHI8K7tnuJiBPIF0/vAiJRkJ2ARDcuhEAHVu6ONX3+0dylxiwMkR8/o 0GH79c/4fdjmEPvE5iwc3USMWsVO2/2dOjNurBWdPRqHIkSSVSnf9xkRfWFY2p7U
ae7dI+RQWgl94g6kd1AKT7pOyA4Paah0fZZ0SYwmR0MTXMt74Xl0/AWgL0K/GunI DTSzkQOKQ/3mG06ke2nV33tna4EnVB8tZaL0bcoUXwGtclkCxCMftHikU8M4tbay
4eCrBCT1ewUae109F4ue/2vmO1wt590GApZM5N48LvTjLo77KYK1w5RlFawWCnGm RA9bzhse0/WVHqtDWeoQvifls/IkdYmlRCHRcc3wDCi5VVaX9BOpCDKaFxfatb40
MHw5osNEEcntNcukumQkoNVbYl1PVH27L51Psm6g6sZJlaXuFz3o1k7mXUUjdqPZ RTBfSYSoeFaUkhTjPBEoZUPuE6qXWGMvS4tbTuqGK7u8WAkVC71lc3zqisz2q7Vs
TPem/JqObrkuIAX01b6fYasm4eYZ4Jj0GvW0xZSVP3dcEj0+kWiug9/8UVjPqd38 qBJxqnIZRFbJuxRuOlIoQPEUPsNJgTqOAtWzWcFQwG6hJ9CBR4uQRVmr1bRJsik3
GAaxDn9qoH4sVfFg0Qm9HLnZ4ebSePb5xe/kb1ft5iPv63T/1tWe5IOkqRlkTKbS jSvcVjbLeTTINDxRRVtPa9preDrr494Nykt7+5D2qhGh+CiAQME9P+Wbf0fwhotn
WqhiksIPGv2nruMokawTOe+lr+CCE64epfClN6YzE5zcx9ZzY67iUNljG2cBYXKR M/1X/GGPmT5XZA27ia1OJ3+/MRLqP1m3dR5VXDRZBtXqxPiB72aP6TsXLcSdlky+
028Ik9ayqjuwOYbFBET2yreVT4GK7Xn3fWAkqzkCjVt0I0w2g0pL46hq4got/D// n3mmEB4aplUu+F9ZKDgDXImP3cFSqqqMkkOKNKi/J0omabZfXOnAx/vYOtjjSl6K
xT/xMCEnLSz9hZB0KAwO5FAaLzbEpPbS6HsfPAgithbCHSOLAXN/+qQtUrS2vtiB KJc/j7/bo5q75WaiRUzVbFc8RmnDCVF0ceICrATgHAtsbDBD1BM2SC72w63Ic6rg
YBF5sgUTtpOoYdOu5Wqnu/XbHmHvi+uBIMoTbASO5+D59mcIwVGdutjJ0lwWITQk TNy4wecyaQeyP5qJFeMLENGA73a2xPCFh4Xg3RgyxLR3xUJ+1NJO7iE8EF7T2peH
OliBQwd+OFe2Ro/yE28nsIg+sMzvYVH5gngAmS9+gmwNNr6j/MMeZTJeIdqpkjJp AzL6+3ZAfKg0Q9uoxr748cs9p5s8r3RAaaFAjk8ZVrn2mljrOqMatAfIQ9TY7+Vh
98cAJ4iNRve1yTYuHAnBoxwl58RNpl+GBGB0NP25MWVs0pTuSc5MlyoufMB59hjj AMpfa4PFLcm1bHlIeRD4g0jdJ4ozJlDHrb/xAyW+IIwlm7W7AirdNldCw8B7rdmy
SMboejGK2bBxRfSTGZ7BdDM7+7KY5mQotONOCpMQW9ubklhOkUUSlUeawRSr6pYk NbiYtlEd99MsmKOK1fpYmke0i4BVsFFGaj9OuAynIBl0yUaSQ284l9ejaTUlQ+YJ
Fml7mUWMUP23PESDEgNq8j6OGsZVT5fLxo2Sn97VhUXnXPCAE27GlN4VYu9U2CKF FeJjDZ1o1WBbFb6j1LuZ9k3vDye55ZphlykGo31f1LtSmZ8daBHp64h2f+BrylRv
G7aNU7GWnm+pz/Bf+VJ8VRIKoFwYNSHAajmhfizhz4SqipwLhfRMp3jGXA8F4cmM cHdszK1TwhBg2TCVM9+MJ4jplf/ls8pSVtoHZQUVJkm1T7lm/tA6CPSRvCjjtuR6
lPKqqUZ6eleRH4bWUGPm2hynM2A9tFG6W03e+Z8PsCnshABKq/XBzkavRClK+Ry+ 3YwTHOvx6NfQr0vr7LSaG0sSBugTgMepBja2uh6qR2QkJaCQgFeUFEjDtPzkQ9k4
rH/D3L2RluVHbejNWR9qbumAAvwQf6CZX0yZc8FVXKZd9sPSn3h5u6Uub/01kl/A UZTm0u4g+FW61XN6T/BFC7euKLXzhI6htv1foyWcOSEO0+wz3vRYXVmsYOotVHSe
kPN0aX5ld1+ZG623O1uO8OFFj9EMK9O5PJ9iinzeCFKHVjfdR23imO1WOF3QSRIM iK7TA/oUSyu+dADbShFimJ295RZIALW3nMx2H/f6amg+n8NA9uEn33er74g+JRbA
iUyPGqsnlC2yg/CA1mZTmfnKg6rwUO4Zhd7bf9287jEOInJwrhFIZg5aFSn6hR6N OE78tRz/190+ub4v0lspkb3osm1Wf5TKVFKpCbQpTEac422pjpBeO4iekCkW+qJB
15eNF6CY3m6icjaT+Km800YjxcMNw5MmgPu0qXYC6J2NG8ppSpR6czacZJWgPKlG v1s2kd45S9Fke+s5o6d+lapwL4finUNOiga6yh70vjm2l7MxGtS1D6ZnsLPFgb7Y
XdFFfOQTcyh26KlP3P47Dp/ZK/ciDQ8ZoSxIhT7e8gI813SdwkTSy7e2razbi2vA uSUMeNJ5UvSwrM/uOReWmZUX7pETCt28U+3dqnR44VYJ15M2CpWgB2IxoLph0D8G
ZxDaqLpN1stx+doOIPjWiFrDWlWLwzcS9iOAZMHDnXY54l8zNXG70wwivj0t3nIl exKvxXFYpF3xS8w7cmHpYsBkiaAWMfQvYop+huEdQLNtFT4QfVLOtxVkJKZXS781
4i/EQX6SF7W4o9wjM3rGdr9lclKpRMR5dWB/Viflyoe+9UdiC4emnXosdRxK0Umz 0ylhG9Zl25+c/mwJj7+i5OOQz5Idl3yeqrtTbk0P4Olo9Q274ZlkeonxfWcI4qeQ
nJ/ej+oZGsTQ2QYgWvMFgKRrOP8tD7L6l1LMThXEvjff+HVILH7lPZioML2znenC Zc8vswWpCbyHneoYrhMREexO02ikGYuK0fYhGfySTaYbQPDX6+altrboUmXoCIth
j4SGhvqQ78/vgAKSIsXCNy67bNY8BE+vUWDSoYpQ3JTuv8af6ou6LVSPmjIQRxP+ 13vbZ3KD/2JMKvctah/2Cb/2ZeQimCrvYtehTlJiwl0qkS3AcSTHlp/5juh3oxVn
VCoyVS0ymqt/kHFgaNI5UMDQCrKX7gDD4E0RoM7t4o34MN3HwNVTriz5SnqjQxkt eQpFKYo3chZ9s6xd6Nsae71rpZ24olpkZtAbrEC78ao0gmULuxvXgzzll984KclC
r+3aUWndQchUHAmH3Sre3Kr+U5+VGSuRRVa07FqKXrbaGD7IYNmfBuaVOaA8CJqX aTYoSbk+ayOEORUgrvEwJEWf6MP1wRIcx1b9r+GBjtogYvJrLFJ7OZDpkigkLKYd
/0vxQv3F3zNmFCh8aomVmQcQdgI0ZRfso7t/sbT+/FpgMV9xXSzp69LwrpDME771 nWrztRgvfWpn5S77S/ZFPUK8Ija8G8zBdOz61Bhbl5tLBOTedDiC5NMVUGAVknHl
TEP3J4L1S5flNuy12MYr3Cfgq058erDbs9x6L172nP4WgQUDyJ9RR0wWpNUPyqlM R5PtQE2NkVe/kfvn7w/Vy7AnyDIkepsI4rZUIbXqkId8xUKq1Y+r6BgaSqtztXu0
2YnFt1iwsGSHSzgv32ykbfHqcPujklZHm1omk0x+2KUkToYZwTa+OMvC7uXPxGkS aUnr5qKU2K9F6/2AM9mZPo0VhBJU5qWiMZeev53vKGvrXCd7PodPWg0CKOMP4f9X
8vuBzJzQlX3fZYbsaiyJK5uQxMj2Yp2WTLsPFEkg0xSKl5i3vmCWq/kyZMwnrVr/ fBl+HlsKkdOgcMMiiazq/xoG0OThczQhpARNXaMDxzZmrO9K4+tG5NxVVlF7INfZ
Ty/xHasuSlBaM+uZEVorN0yFdIwZF7aeAp2yi1j1lIzh52xY/hwOcDhoo0OX5a8z ADFunqox8hpk2HW2sas/8wQ3FqoGU774go1g7ldkBed2vOETee211rXDyf7DIiTH
V2gsdQQJ5FS1KjJzfs0nsKfxkQCLkzJPCdyzWFlmaUuotGvV37qoCqBWALzsw9l3 g1/Ty20q+qc33dR8fVgLRB4wZbuKiwb7mvOaUDXQCHxMK26w9uS/7OmQGoOTJs+R
8zB5gTGDAvIZkfO4/HL9971ZcsxuPzmrv9u9NoS4lRM4OuGBqlhVaXnPPTSKW7DG jxGhy7sL20fn8LlCLLRm/RKcc1EPIWR2pFi/dvbUHLCYcqtl6EAwtUSXXXJ3q7NH
zwpOocCWhhJE5UrhDxWCZHYDmyBqxk77uGn18UzUQQ17t70/EZueLIQZROZG/701 si4VPnVxjF6b/iKaBuWsXzGmSfws5PmriK3JfXK9N8SippZwwdhqGX3JavUoFH6F
IGaub+MlYXtBlPXPd8whCsd67NVSlqMkLADbu/S+Nr8Q/K0oVVC2kwrqb4dfHf4v swEWrsWTGnalU6l9B1/yYTrlB3+XDFtkGuBULENI/BJoXPA50BZpkvOF6d2Q2CRY
W224JE3WnFjtvkc6vDBIEx+QdO2yw5nR7Zo+XqVyoFoHgbUyhbeWTbM8hqIFUvfd aUFGIFthgqnMLJJYozxmblkM6f2teCwgw1zD1Hs6emQ5Bf6eBOiNnvFHYA/wT2c6
C+BY1wU8jvWCM15NNY8R2ZwUgyfeshwpmNUbuguwy6CIUHTblwJpYBw1juOggXp9 yBoXiGjJ9HOrxuKGpoD6LekD2dAzSzZVkla5IwnzfCd8Nby2260LJP4TAxZvkVne
qESnDasfuZ5dIzuWMxxRwKn/GtmFejYuf4G5MVqgzH8GLB7bHMur6yEVhZjhNAWx 1cK+/Hsa9fNvR9rh4VprQpKTcqLH7TXAy9HayqCpeggbMbxRbXGsxgC/szMjKHoF
khcDD2o2+6vufzxbbOmxfsG0vKMgTwA43MhFJYnw5aX6ikQiDPl8HpQaJLZ5A3Ve qjrfU17kXdo5hp4LowHlpl0+4FsSYXvl/zFRNFUSj/EyTrfwPGcC2WPY8JaPLYxM
g9AeNhHqnB7pTz/4ZXy776K9AmyBxSXDz/9AJfdEq1bQDWlSldX9UaQjNIhCpKIt KUjeKKlvH3PQ0QDgeU/0GoCTwekBa2mwfwdGtQfmNPeP/usTiWN5K5ymeeLbgwbE
wfulvdx4b9Fdrqo4Fm9V01uIioQ60xyahrS+ekBjPTl8oquDj1IgfeWWZQH206VV JNtN+QqZynBqUAuVBv8JOyHv8SzCgEWLK0WEK3zQUrj79lQ62p5sFSd5fWpOv4tg
ch/9mJmqJLKuqMEkhzVm2RQsbCwvALS2bXmBnIu68sAdrKY+G4Ph/QzoGpG20jJ6 e9n65e9O1yyu/olkhEW+yc4SKz/V42knHifYIfVGsQ9Gjq26m578QAn4wtylNKWf
XPGID2SHF1fYKhq8bpqgtzncLXtfCps2v5dr7ZMeKVBGC0zR/0Xr/YFHCW+E0CcE 4m7bg8jLP87k0eDB5Lkr+bzFiO9UdYYE2sSO/Cn/WCeU0UNaOsDRB0tGA2bJVDcW
MI6PJrXbwj3Vo6rGE6Akvi9t7BCVg+G02Lbh/cLTnClmebaXo2K7CV3913tFbeXw 5GhHt/qR7OzOc/h5HR7JIY/JR2ekN43juTCsPypLfZthgUbHTxWj9H9/3rQNfniX
FruMZbmU8aneltETSrH4BDL8pnZghhQQB+6zynFH71zRUhUSZGl3ko5GJ/XmjnUW lIooLIDXTi/MotzcZwFqMVyQhzd9jgHOY4dOlET77rpGHJv69UmjwHYqfoeiDdz7
lMQkaUfWnLWUQNwvRDn0yO6q2hkPkNzJhhUwzPJfC3PhXJBZENVPSVzScX13GmAD OWHXTCDelVKT6IFlqxjpfrh/EUWjBUE1/Dzx4/ZQIoLieOYvqMaELjjedwOpEoIx
RFJL8HqvTdCXVlyz0HacK6Qzy5QR162gF0f+I0A70QQM8KnRKZvpeLAr+q3Ecv/z hcK1rsvBDiU7XR9VTvA7VTI1egqmculyeBON/d+MlPtylFYRZtw9m7837EMPuAwD
WCWKi/c5RoTsF6U5t18oVTYZpJPuXhzlWgRPcEa6FH03nNkLdXCsYpd3/I3HqRSH JawBJdw1M8DaznEiLm8K1PKH0MqQHjXnXSgQz9BjX6JBaQZYEMyaH3XtS0LMN/As
0ic92uDPGcEM9+zvV4IEwesAfKkgHpfbNXvl3QIk3hMdhjJ8Z04OOENThDGXimiT Ga1DIS5VMxCFPNkP3IJKEz9+JeQpUKA06uYxcHIQEaIr171wJ55JbxJnQef0klSN
KxXfIcujc5MGGPsSCIkRaQ0pOYIQkB+DIyEdJHvx2YDE0QFWuRm4ukFWN52LgaY4 xFNZbJ8HrMp7ebfsezsX0qL86HpmAqamzJblXjpBWdujxF7haTG5JJOvfDWVAIeo
s6SCHseFczVZ1Uh+dXJi6dadYf7zrEEcZWyQo2mzYqHqs7l9M3OuCOrmT1Akol6E 2L1JJxn4PlvwHQ8aCFDfdhtSGUm0ht3dAdcdxvKSBXtn51b6vr8Jk4GEX7Qt4MZN
ewgMFhENK2hzCxCPQvKCN5sZBdq7UXYrALalxhVzPP148S4yYoFx7R37GZBB8Lmv Q6ioS/i77KNflKUcGsH7Vs7g8L+d5Gix9yuGln39tUF6NvdKeCpeLIJR0wq7BiD5
dCHESeIEXQ+Mk1gPo6TIgn8/0JGcFfYBlXWDzNSNtphIzN9o3TFsmicL2ofWfidi FViBa/K4dymxQl+3zXcgvCZ4f07LOHMTkwONtyXKxmx3/NgOgsXEE5o0ynFp36wO
L4QOa3qhvADS/7rV/cu0GnG1NUaLVgF532W6iMEHMyW882iGjp0D3rNm8sDx+jRI /bfA4t0gHQF/t0XjF9QwNYNcL9Zl/ih440TuElOsIAiWGp/dUYVfHGtx7iri7ZwB
FBbDAIrvFlHZwTfSX1v0umSCE7a4inm9n9xUWPvNGE1zIgGJ1y/1lKD3nQs6V89V eOWV8An9oy6w3U/6d5gZhWOLU1tL8h2LiXqFOLFMMT9F+3ozCyxEFSIg+8lmrUqG
o6J74qxrJZpM+mrSkzPcXuIoa44vCiNcyfCceSSjCNSV2KQs03n0iCbC7HF/lDJp D6Y0XX7Fzb29bsaSqYAzBAHJw5XWgqFSI/tnbR3ciitWNGj1bBUzjzRzoUKumW/o
BJR81nccq3A2i9UJsh0mv2tPtDVFWEJ5DORn1EdtMu1rHg4HYJFA4ZEEZAACPoKr Zt3MvbdtFwxM+lzRQyYoNZi8or/qQWls1pF4GNdTUKDROJvOzyLP3b59Eo3tLUPm
VvwVlGaYSEMYE/C4vMHry65qk3JiHkPL+ceFvlzxyL43F1xuZ0rEfUykpIuChCMA IH9f2dX3XnDCncAf1zmtyXy+dIJcO2FD6Jzz8E9G2bMNR/6zB9u1r+pYDAjJnmi+
I6NSfW/ykTdeKu3weFTDCEX0NxTfhqYLjUnmJwrHwdIVRwlKK0ixDTblNKDef0un V1W7vfw5jPFT1xWKype4RiYXa6uSV0wl9QvEz1GNnwXeC1P7ZDALQ36v1v7pmDSm
4R9LwN+nXpmbQYp3n+UIBqQn3+b98H4rBTyDPq30hkzK2ZkVsfnHKe5WA6x95RQm OldaIZQdbCONLwWjZnLMB67OR0r6AbiTn1k/CgLGTJ+GQ8TsmZ/eAKPo00miDKaH
zruzY5a48PuGAcRbGUt8Ne/lv4A5JFcliETkBCXOzSDdWrZpAwDUXnwYjwUc9Hon ggRpeofpLOSk69vJtgXYkaWh1YdaadHW1t6SWMy2CRe2HHIZ9g7jxDKOC5lgpDlo
aWC2g90gTT2DwFBdOWHJoDr0SfquNsiC1LWee25QoG9yP+AByxppJJDTyXae2PK6 FP1CRmJe3ZcCWFUYrabiEJtyL9NCw+jcjBejA2sM/CWEEkx/dEOwZFCu51U92dgz
tC8wxO58N4LnYIZhC0EoUEX5IqbNoNFWTjNeAScWXdBnN+NgvYkYPR/ATVH996aj jGoHPlpiMqHAQYL2xt3xbZfc1Z/O93Wv2huB2/eu8J3bk1+BSLENr63NUwK+PbK6
VpOdjJGVCFVaTphqroqer+f9PUk27qXbaK4tplwnNb2+zK6IVQsK81+7Bi8VBYKv tcCF5jtrDsLowOnAYeXdj0EnxaV9LwequsKiVJxfik2H1QGed7MRYC8Tx4aCrqx5
3jOgo23Cp+276nQbZthzfO1T8DkYs1E4lM46DFegPoTqFTn9Y9/CyFxQ0K/+uT3Y pdMNm78438mie5/PgRpQ8AJJ78A4AWHaOOXbg/sWUXF1bBgSj+mcdyAEmbJUZ0zM
yDqlmgJGCRj7LkyOgcZGW7OTkgyZar5VM+uW9M6ASqeNj61HrZZ7e1NMuHqNe0w3 v++vJw33nNmum2hoUfgfq8SvPT5LizVnzzuN/Xd36+I1W0dsWVMBwgTH9m0IrGKI
cIERFOT6q/njz01e5VaWWqrcPudO0CPcTXzFfG9M6gEgUjzLkEg7E40XPiNFfrGZ K4Ddx1AlntqZCCeFetwP1Jpec3X7HW9GVUTIjMel3TbCOgNt/qmd6GxKHZGfN0v+
3RRLFP6qYJ/LFccRsD2gFQFGmOFmbK/rVGPn9c5mjfO74Tqbl9VvzGPyYHZB94LH iqm9icPZjHfoWkh2NXbHEA1qjiiXl9bmYdKBX7pBrlukr6sEc0nknQiU1aCFzbD0
6hboBD4gH/DVKJmPnl57LZhj1ytsmG5tGYBzBaG5QR+C2VlYwNBFrs9A8m0hsIQu Z92j40Q5ZGAFZqFIeHXGRR5tlOQXeA9r1xdnKocsC8mAnXRzLIyqgW1y0IxoGZ9A
srundztS8LickI6eR6hVp09bclXmxfA/YYPQs8pUIi2evAemdXPa6kZdQcU3bijA wMXTSsG97A+JvqZYOjQFqFNJNEpIkmYmQbEIwkTu+xuUJ7X4Z3trCc2AzdPsBh/s
nlsml4AmYNF1w192wDTZ9oVeAzH8AjSGRghRAa2r/G77oyge4EmmhqwWBxdshuii w70m7dm8++WmQXYfWRxEy67fqCRte8OQFuhOzBksVeEdisdWcAtoft3pX/Qwr4vf
N/2bpdiuYOGknJEoOSxTu9d6EncSxwwVhAudZ2mynG+AYgJx+LM4ZriVZ7DjuPo+ /M7HR+av5lUvDsNtXA2tjK/SFfHN4VkZf+jyuzb/U8zAM+WixSAachsLIDxYVCaJ
gU7XLwsEZY8towvuDZsht2/6UJTtaUtr/2RGUYH2zuy4fCeREJKu4wissg9vA60e q9E/OU8XbDOUDIhlGxA1NcktIaDrYdGwTYb5rQEmekzbjk6Fm6lCW4IlefBKd5dR
ucAGOJg3vnnZKy5hxgNJjJhJCuY3QZrEqbsWavqCuc/Iee/rBEdQ5gNZ4AZIEcvM GUx64ootY21qqxJCUiffYQtLBi/tZVbIJpsLH8zn5OoRNMkkwGNprkNQpOM3NaQl
idqXhp2gLSsg2O+nUEVxsiQRCQZqQHwCRXjaienkctMxEt2rnGjvCz/ZDnEivLfD +HlICbPfPHv6FygLYU26SaBt8fCsBSIvGSKmvOMRVHuIeuavoqhj/K1z2avC7R72
a6vRTZD40Gzxgmk5brcltFvUJs9AY9dfEE+MlMefeb78pDbjwBb0CN6A+P59h+Z8 5PaUJMitj+8fE6iAVkxV6vqh3EqKcF4570J77pp0j71PR3D8VQkn93qkLfWLJIgN
6Tz8US9RLWK0rr78voT8P0v60FVHiQhAKVjAHh1HRfGe/ic3utAY4YT0Yx9B8QIL Z9DGCnlWfcRLaG3MjKait9PikUosTeA3XSA4tdDyF/AaaDUSfbqseFQuOW15lz8h
oSFZpCSyk8stO0JtmcXd10WJVTYwPzoFtR1Ebi2MvRqKKUHKPAuuVsk0s6ZUyzLk EhiR1wMlwcRkanCGxpJdYW3wfCrv3nNMa2Ehzw1fxoBXqrUKbtY+/3LjUAy3DmeF
z23Dqu73fvt4lDV/lvHXoFuTOdcWV+V3zo/fq63efD3ZKqtw4eEoBv6VRt6xpPdy 3YjunYL5Ij+6Jvvs1vDnmleE5DRsU0QsygfjuwmdsJZ3JXUD2fRaZJLNqc1s4im6
14YGOmI9NuGsUhUTsdNV3BiyjK8KBS43Vp8AemViMfaV0h8gjgmAs3kt6UPLNlUy R++Mh1jrmRrazBsgTWanqdxPLwRAq9V3JyjxjU/wAirCX5pCAXzAHIiFHdJnlliD
xfdfcAJlQ+j6NS7VsQ6a3VeDq6Om3qn/v+CARGFh9SG/sh+frkbtLd6wAdD033E8 21SPK2RPbrJ/G64KMLAWK8r4SfbmfiifOCJH+8F/YLiKB2W1oHNdaF4MagvgKzIy
4+Y/LJWElksOYfZZkJ8Pn94yE/kvRLRIui4gPosJkMmuhc/hCU0exFlkiqOdRJF8 bYDy85kUGgaRy6IhCgp4gqd8Of4N3YHQhhQkl4/vYHEzaaBZMTU5TU+q7jzSDH0w
qs9H4qmtEHCIMCK4tl/3/UA1dw4+4H0Gx5F/8mH6WTASSfQlPGzbBfNHBXYhE4Jm T2UoXjO5wlJgZy6UYCAOzN1wY0M89OYU7pUXacjNaXUEhajY2zSHIKZva/lTW1Ug
JYdhpaz8rY5djEGrwd9gx0J/x0fuZQSTMQA4DAyb/keFZYY/obXoCpzTb3uASmm8 1111xYHLqZ/93d68Jb75nszdbLcwnHtyUuMtiQVSVyXzIYgmTjjRZ8WLeS1rIku/
SGAiurgRPrzOlXUBz6eR6LGm5+TYJsf4tXF7ylURxM29ArS8Fao9K+RTZDRhWs31 a3y1HLT+3m383l8p8S5HKwAEehz1zhxN7Oy/A/sFYZ/iQyDkBivOoyHTkM2596uC
uYaxGby/QFmKovpudaT/NPgVtpv3OihUgrEnMvh7nvAS2rk/2+tAsLAIpxm/l+HC GdrrSfrGw0aFGyi5Zk3QxKwhunul/0rZcrFu9VPYr5UrBcB3TQC2hCc0MyfLaDxB
4zemv+joiSMzCKEEGy6Bj7amYpWlU+Ohr5thU4N2MyL4GRy4XEAfyfaqShRAcrAF Lo3JaKr1K7dfeBoyAXKSSv6K7eUYpWP0GBEmmLeb3xHMEQInpwYBuDgFX4dOzNck
aYChXvfiQ4V2ld57/P6XUaKn4zn9FxzRb/b1y2ZOqCEmBI1n0sStaPiaYXfbIbt9 wYUOukJHh6TJeX+FynigAs91Ai1sNgwKVEQ7MZKv12MPfScL2IXs238oDxOO9zAH
NtwWB7pFvdwwz84QXdEzEKfM3BRF4P0OvEyYqraFtDUchLi4jj1Cyk/Tpl6L1teY zXNjf4iLH7fYj8k97/8CLLFncbdoGKaR1yItKcxjTxSkXtimZk5uY6yQqnyV7mf6
q95nw4Kk/bY6Rce/cRzwJKBlf/33hw0A7aBxonntxl1qsIu5MKaoi7xhgQP73C9/ JHKCQ6Nvgq8NWAVUOkLeRrifhRHy1AjFMpp7o/AuWy5mvx92LhYB+uWfRhoBZWee
xQjlUsKIIQXw9u8G8I0BhWOAGFFRhfoYIjwXYD8VKcdzstOsCRPMZiNUsK+ElS38 fmw4xcQCe5+Sp+Z3XP5r4c+h5rXXaGdmXFNb72eOEY7AOabo9gi1Vj4LgJPLg7L7
NqCo9+09NZvyPF6uBErZMP/5CcX3r6owSfcSkOZXFvbQAUZMyBnyGorQ8MS4AQ/S qDYpcz8FCeSgIQ6iSttk6Lhg0AZ2cv7fcMWQcO3cjTU8HgRET4doy2AznzP9G3a4
9RwND4aAsnsMeNIWXTavNDCHIaez5HsiGwhppqY9h2eCWegfreRe0diP85+xo5ro jYKuQoElzfjYycYR06qCoyCCCw0IF2Lfmwxf3XUbIMjEwvI0iiK/epN6izO3mxMx
+7KLUI0mW8B6zP5T2VSdFYQbg80jI4sRKa0EHWg1eFlrK3XXOy8+v5u5RUV8Pclc Zf4MmRMe6p+XallW3R3AozDJuUWw1GoQ/tokMN/HNK8sE3v8Jf39xQAf6uTA6qAt
C/6o5Co4VEogaY5mhimizvF7u0wV7lKNKGQUvBqsbXe4MjBj87pecPNKp7J9MkeW Y5BpK1lXCRyYg0YLUIhBRz0zSkBA94GGK687z6PSDVlkY/pqGFhThTcR0h1lbbvO
rbG8Tqk8ZxFGeu3Wp5WAzIYV688tw4rZ0B/jQMsvjW/uueVXNA4tyLMfYuEFrDjm eOT+9xqi9WckQqEVPklD76g8x2xNxw+AYObCjvPYNCfK4q0RAKm7Js7OFhpJS9px
4+1NTW/ynviO9Ztoc5rATj29mfqSX6pImpP/CeL3oSnMVSS+SfYOWT/p4tKYc/ED Ns2vGaZ7y3w6f7AFa3KSbyiYmbW3nj8g9Ew0yNEDM/3C/mGEQWfYk8Ay3QH/TynW
ydKyUhr3fH7YsnC+m0xpxiHO7V8V0p5MP2+fq24mMco3O1aZqHboHm+cC4i30qNJ ogsx3K1kn1+LY4WpaUiZjYVXKNNVE8+eiyykZ06P+fcOTZak42ARyO2+q6H/yXoV
t0yvxCDFt7UTgEJ4FEfq1AIpNtA1XtXT5vLSnBkX2UOqjL5FkhwEPHe6Wqw1l67B s6C+H4xPHdq2WE7z0BrC4dmL5ihnQ3tPhfU2gU7+sYI4q0uUpuVNOs2yHzwMbAeC
x8uzVRuOsCSgLpo9Ljgp56ly2vEr7gDSWgqIit0cVIwXZlUcOzzaVrDWtDDfmXYF TctqNj7ZEDdz/D7uYhdJFEbBYxi86pBCWtOCuaEckRQuqgy6lYGcyoFkxJMhEDKL
stpjIHk4BsJGwoqJN8Gf9IGV6Pi6DlpUtifBcDEpCoBt7wkMUCHp/Bjq5lEsTtZA hj3I9t3dqwaIWTKITodE8AL89Vc1GSu6SDPQKrHj6hlDPtXhIrh1uF35C9uwKNUI
86yRqNOZKLuyW7tqDfOPYQUsUpbAM4E8hrN84EDgLYMCg6AC/Qs3H/wDO7cJ4LCk 01JDhzsbX7yjIVdF7FI2sKCJWb/OARZ5sm9F5sOn8c0+ZVBvOpA2m5j0BA8mP+Jt
M5Hph06hiyehanuMCtUVyvyfSb1hWY5LELyr9UKLYHXMdCRm6SI4lhkcD/yd7YRc XcGg7SerRK6wxxkyFyF0DMcyrHs++Gr+8lY+RrPCbZYDWOsCib4nqqb70htn2bcg
8xXJwFVSBSXcuRFQD8ViGo84HNNw45Oa/kcT0tfJLNDk2psDgMICjWkiZDcOJ0fF C4EO+40JuW4MpLrxtIjMkQPjmynj9REM6qkJwOveYbEtJyaIaaHo/ZJ7mCaTP0xD
ExXO65SCDaVSK2a2hScuhLb4o87nkHPTtmCwse92gYQlgEJqhAUCe4tupS3Tlced 2ha5HLtyw458elqQEDy/JcMiS35az5arnYr1jF1ceqGyuaKYwwlKwB9+Mr9gzvKA
rYx5p0TRq0a4saxyQw3KOkvCYb00vr3e5ywj+I7FJmdT/3FRepXHAdJgeymSmelh fqwNhON1LL0u/RjnvmVoahWqTreTg6lTEYxx3K9ufl66QFkIP0lQP7sHjQy5ksd3
MUnQVvRetUv+tbsHk96DXjMHUfvCArWcjf4NfuweEud6JAtmIxZhmBFTlg/j+oB7 xPEgMKw15xgyB+k7QuZoQi8QMjMxnmI1ecc7itvO9yG8YKAIkI87O0hVtNwYkSat
L3+nunA6/dDrIlBNCCQ/WWW3STpAhFC7jBCzIZMJMwyP7tRk6KL+PptfMMWD2rJy xPc2w/eJlU2EiVYo5V2c35zQagOjZ/1qSkXOZU1hPifl5V7LD8hr1wpJMJkrk+of
QpFXwNDVCKOca+JCuhJ3lhlfjrexPJKD5/hhqGdKqc8= rrjZ1VE1bios7wIFyB8g2Imk9c84Rk8k6SjUYa82mkjkvHytn0SSq48aPsJXiHw6
C.3.11.1. S/MIME Signed and Encrypted Over a Complex Message, Header C.3.11.1. S/MIME Signed-and-Encrypted over a Complex Message, Header
Protection With hcp_shy, Decrypted Protection with hcp_shy, Decrypted
The S/MIME enveloped-data layer unwraps to this signed-data part: The S/MIME enveloped-data layer unwraps to this signed-data part:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
MIIR/gYJKoZIhvcNAQcCoIIR7zCCEesCAQExDTALBglghkgBZQMEAgEwgggnBgkq MIISAAYJKoZIhvcNAQcCoIIR8TCCEe0CAQExDTALBglghkgBZQMEAgEwgggpBgkq
hkiG9w0BBwGggggYBIIIFE1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt hkiG9w0BBwGggggaBIIIFk1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5DQpNZXNzYWdlLUlEOiA8c21pbWUt ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5DQpNZXNzYWdlLUlEOiA8c21pbWUt
c2lnbmVkLWVuYy1jb21wbGV4LWhwLXNoeUBleGFtcGxlPg0KRnJvbTogQWxpY2Ug c2lnbmVkLWVuYy1jb21wbGV4LWhwLXNoeUBleGFtcGxlPg0KRnJvbTogQWxpY2Ug
PGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBs PGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBs
ZT4NCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTI6MTI6MDIgLTA1MDANClVzZXIt ZT4NCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTI6MTI6MDIgLTA1MDANClVzZXIt
QWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkhQLU91dGVyOiBTdWJqZWN0 QWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkhQLU91dGVyOiBTdWJqZWN0
OiBbLi4uXQ0KSFAtT3V0ZXI6IE1lc3NhZ2UtSUQ6IDxzbWltZS1zaWduZWQtZW5j OiBbLi4uXQ0KSFAtT3V0ZXI6IE1lc3NhZ2UtSUQ6IDxzbWltZS1zaWduZWQtZW5j
LWNvbXBsZXgtaHAtc2h5QGV4YW1wbGU+DQpIUC1PdXRlcjogRnJvbTogYWxpY2VA LWNvbXBsZXgtaHAtc2h5QGV4YW1wbGU+DQpIUC1PdXRlcjogRnJvbTogYWxpY2VA
c21pbWUuZXhhbXBsZQ0KSFAtT3V0ZXI6IFRvOiBib2JAc21pbWUuZXhhbXBsZQ0K c21pbWUuZXhhbXBsZQ0KSFAtT3V0ZXI6IFRvOiBib2JAc21pbWUuZXhhbXBsZQ0K
SFAtT3V0ZXI6IERhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTc6MTI6MDIgKzAwMDAN SFAtT3V0ZXI6IERhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTc6MTI6MDIgKzAwMDAN
CkhQLU91dGVyOiBVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wDQpD CkhQLU91dGVyOiBVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wDQpD
b250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjFmYSI7IGhw b250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9ImViNCI7IGhw
PSJjaXBoZXIiDQoNCi0tMWZhDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1U PSJjaXBoZXIiDQoNCi0tZWI0DQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1U
eXBlOiBtdWx0aXBhcnQvYWx0ZXJuYXRpdmU7IGJvdW5kYXJ5PSI2MDEiDQoNCi0t eXBlOiBtdWx0aXBhcnQvYWx0ZXJuYXRpdmU7IGJvdW5kYXJ5PSJhYWIiDQoNCi0t
NjAxDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lp YWFiDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lp
Ig0KTUlNRS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6 Ig0KTUlNRS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6
IDdiaXQNCg0KVGhpcyBpcyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1o IDdiaXQNCg0KVGhpcyBpcyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1o
cC1zaHkNCm1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtYW5kLWVuY3J5cHRl cC1zaHkNCm1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtYW5kLWVuY3J5cHRl
ZCBTL01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEgYXJv ZCBTL01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEgYXJv
dW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhDQptdWx0aXBhcnQvYWx0 dW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhDQptdWx0aXBhcnQvYWx0
ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGluZSBpbWFnZS9wbmcNCmF0dGFj ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGluZSBpbWFnZS9wbmcNCmF0dGFj
aG1lbnQuIEl0IHVzZXMgdGhlIEhlYWRlciBQcm90ZWN0aW9uIHNjaGVtZSBmcm9t aG1lbnQuIEl0IHVzZXMgdGhlIEhlYWRlciBQcm90ZWN0aW9uIHNjaGVtZSBmcm9t
IHRoZSBkcmFmdA0Kd2l0aCB0aGUgaGNwX3NoeSBIZWFkZXIgQ29uZmlkZW50aWFs IFJGQyA5Nzg4DQp3aXRoIHRoZSBgaGNwX3NoeWAgSGVhZGVyIENvbmZpZGVudGlh
aXR5IFBvbGljeS4NCg0KLS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhhbXBsZQ0K bGl0eSBQb2xpY3kuDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1wbGUN
LS02MDENCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PSJ1cy1hc2Np Ci0tYWFiDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD0idXMtYXNj
aSINCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5n aWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGlu
OiA3Yml0DQoNCjxodG1sPjxoZWFkPjx0aXRsZT48L3RpdGxlPjwvaGVhZD48Ym9k ZzogN2JpdA0KDQo8aHRtbD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+PGJv
eT4NCjxwPlRoaXMgaXMgdGhlDQo8Yj5zbWltZS1zaWduZWQtZW5jLWNvbXBsZXgt ZHk+DQo8cD5UaGlzIGlzIHRoZQ0KPGI+c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4
aHAtc2h5PC9iPg0KbWVzc2FnZS48L3A+DQo8cD5UaGlzIGlzIGEgc2lnbmVkLWFu LWhwLXNoeTwvYj4NCm1lc3NhZ2UuPC9wPg0KPHA+VGhpcyBpcyBhIHNpZ25lZC1h
ZC1lbmNyeXB0ZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQplbnZlbG9w bmQtZW5jcnlwdGVkIFMvTUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxv
ZWREYXRhIGFyb3VuZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMgYQ0KbXVs cGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlzIGENCm11
dGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUgaW1hZ2Uv bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdl
cG5nDQphdHRhY2htZW50LiBJdCB1c2VzIHRoZSBIZWFkZXIgUHJvdGVjdGlvbiBz L3BuZw0KYXR0YWNobWVudC4gSXQgdXNlcyB0aGUgSGVhZGVyIFByb3RlY3Rpb24g
Y2hlbWUgZnJvbSB0aGUgZHJhZnQNCndpdGggdGhlIGhjcF9zaHkgSGVhZGVyIENv c2NoZW1lIGZyb20gUkZDIDk3ODgNCndpdGggdGhlIGBoY3Bfc2h5YCBIZWFkZXIg
bmZpZGVudGlhbGl0eSBQb2xpY3kuPC9wPg0KPHA+PHR0Pi0tIDxici8+QWxpY2U8 Q29uZmlkZW50aWFsaXR5IFBvbGljeS48L3A+DQo8cD48dHQ+LS0gPGJyLz5BbGlj
YnIvPmFsaWNlQHNtaW1lLmV4YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPg0K ZTxici8+YWxpY2VAc21pbWUuZXhhbXBsZTwvdHQ+PC9wPjwvYm9keT48L2h0bWw+
LS02MDEtLQ0KDQotLTFmYQ0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRl DQotLWFhYi0tDQoNCi0tZWI0DQpDb250ZW50LVR5cGU6IGltYWdlL3BuZw0KQ29u
bnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlv dGVudC1UcmFuc2Zlci1FbmNvZGluZzogYmFzZTY0DQpDb250ZW50LURpc3Bvc2l0
bjogaW5saW5lDQoNCmlWQk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZ aW9uOiBpbmxpbmUNCg0KaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUJRQUFBQVVD
QUFBQ05pUjBOQUFBQWNFbEVRVlI0MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3MjBk QVlBQUFDTmlSME5BQUFBY0VsRVFWUjQydVZUT3hiQQ0KTUFnUzczOW5PM1RwUncy
cXBiZkFSUUVqT3l3aXdZbkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oN MGRxcGJmQVJRRWpPeXdpd1luQ3RrREtuYmNMazY2c3FsVCt6dDljaWRrRSs2S3dr
CnNncnpmY3FWTXBMMmpvMDQ0N2dZRHBlQXJrK09uSkhrSWhBZlRQUmljaWhBZjVZ Wg0Kc2dyemZjcVZNcEwyam8wNDQ3Z1lEcGVBcmsrT25KSGtJaEFmVFBSaWNpaEFm
SnJ3N3ZqdjBaV1JXTS91bGkNCnZkUGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVy NVlKcnc3dmp2MFpXUldNL3VsaQ0KdmRQZjFRWjJrREQ5eHBwZDh3QUFBQUJKUlU1
a0pnZ2c9PQ0KDQotLTFmYS0tDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rO RXJrSmdnZz09DQoNCi0tZWI0LS0NCqCCB6YwggPPMIICt6ADAgECAhMPLSW9ETmX
QlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYD Ss5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAP
VQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQx
OFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMT
DkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
mpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB
8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5
R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJan
Z/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9
yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJL
AgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0g
BBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1w
bGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQW
BBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2
GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD
5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GD
Eu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8
uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K
9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpi
vNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88w
ggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTEN
MAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBs
ZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1
NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsT
CExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6
WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZ
WleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CR
Q/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3
nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0
nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAM
BgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAV
gRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud
DwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0j
BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJ
ojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnN
vOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSi
oQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4
z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2Z
PRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH
4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAP
BgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRp BgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFl ZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1
AwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UE
DTIxMDIyMDE3MTIwMlowLwYJKoZIhvcNAQkEMSIEIOk6rjm9vW4yAFhPqraTwTSM AxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
poDXdAk+kSVCc47Smx1DMA0GCSqGSIb3DQEBAQUABIIBAAURi5oouLYIh9YruNpF AQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9
Se6sDsPTGmIcZsDjQ/MZV55S4pmhVBQu4SoVZDVM9KHKxqfBbj+aTs1Cyas8R88h ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NL
cWqd8xhiU9ufoC7p6qEMVIyMvyppeupRyjQWUCH+2XtQ5sAVmr+F+l/Valuj7JZw FflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQ
JU8XS84oinCF6uApu7eucGblt8t7ek7j3JXoFVE7g8a/O1JKg4ezNV2RduQeNXLT lqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX
m/lBVIfeiiOsmgmJa5RTgbgAakJtdo3odHj0cI31eANSbQlE3XENz2E9L8JWxYNP 1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AO
bBceEhIvu2AOtV2PYCBfrVp0WTVwWHorm8GG/DyvsAsa6eGJI55hA8VeBg170gT5 EksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNV
nzc= HSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhh
bXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBSAwHQYDVR0O
BBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEwjnwHFwyn8Qko
ZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBakDKU68ro0RsyX
WAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdaox644DsiLOQEP
4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Nar2inC0D+VM6R
GDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtluLihne0Bp1GU
Tkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK49+qYC9faFmQ
+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vRhZjVD6FYMIID
zzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0FADBV
MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2Ft
cGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAw
NjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UE
CxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/pdO/
KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwXurhY
dZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVBDpbP
4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2wZX5I
CjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peCrhJZ
wLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4GvMIGs
MAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQX
MBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYD
VR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAfBgNV
HSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEA
c4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd64roAKHAp
+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIjSo27PmhKE1oA
JKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31wbqNsy9x
0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1FhdO6
zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0qyTb
Y4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UEChMESUVURjER
MA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6aqdcwCwYJYIZI
AWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx
DxcNMjEwMjIwMTcxMjAyWjAvBgkqhkiG9w0BCQQxIgQg//G1y8IBZR2ZHaxvjng5
wsDzqScPZmGqfXdsuHb7bBYwDQYJKoZIhvcNAQEBBQAEggEAgNAXRpWDJX8taLEv
apUOax4C3CeJQgG2loke7SrgSqmJrNeCSuu80jFOxNY9YGiz8jUKOfk5lBiiO8p8
bq5MpX8NraGtWaL79iK++2nZ4D0D4C4VXYi6lVEio8cvChUS/HURa8ehtmOxwHFK
q0+Qw5OA0LvYNNu62oThBLdJzfbirxlQL+q5/xLndvEZkz1ljmiATIEtJ1vvsEdG
0vXeLi0Ppa8M50VOVpzK6DQ2Ay7Gu2ebfq99jLY22Cfe3GHab/WrUeJZ7mFmaqBG
WM5HN/DtOsBA0zgDBSymieKaXbzfFAzNcgm441xlPMWCWH1ceqgzrq20KHTts6yv
pm6/ag==
C.3.11.2. S/MIME Signed and Encrypted Over a Complex Message, Header C.3.11.2. S/MIME Signed-and-Encrypted over a Complex Message, Header
Protection With hcp_shy, Decrypted and Unwrapped Protection with hcp_shy, Decrypted and Unwrapped
The inner signed-data layer unwraps to: The inner signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Subject: smime-signed-enc-complex-hp-shy Subject: smime-signed-enc-complex-hp-shy
Message-ID: <smime-signed-enc-complex-hp-shy@example> Message-ID: <smime-signed-enc-complex-hp-shy@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:12:02 -0500 Date: Sat, 20 Feb 2021 12:12:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...] HP-Outer: Subject: [...]
HP-Outer: Message-ID: <smime-signed-enc-complex-hp-shy@example> HP-Outer: Message-ID: <smime-signed-enc-complex-hp-shy@example>
HP-Outer: From: alice@smime.example HP-Outer: From: alice@smime.example
HP-Outer: To: bob@smime.example HP-Outer: To: bob@smime.example
HP-Outer: Date: Sat, 20 Feb 2021 17:12:02 +0000 HP-Outer: Date: Sat, 20 Feb 2021 17:12:02 +0000
HP-Outer: User-Agent: Sample MUA Version 1.0 HP-Outer: User-Agent: Sample MUA Version 1.0
Content-Type: multipart/mixed; boundary="1fa"; hp="cipher" Content-Type: multipart/mixed; boundary="eb4"; hp="cipher"
--1fa --eb4
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="601" Content-Type: multipart/alternative; boundary="aab"
--601 --aab
Content-Type: text/plain; charset="us-ascii" Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
This is the This is the
smime-signed-enc-complex-hp-shy smime-signed-enc-complex-hp-shy
message. message.
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft attachment. It uses the Header Protection scheme from RFC 9788
with the hcp_shy Header Confidentiality Policy. with the `hcp_shy` Header Confidentiality Policy.
-- --
Alice Alice
alice@smime.example alice@smime.example
--601 --aab
Content-Type: text/html; charset="us-ascii" Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body> <html><head><title></title></head><body>
<p>This is the <p>This is the
<b>smime-signed-enc-complex-hp-shy</b> <b>smime-signed-enc-complex-hp-shy</b>
message.</p> message.</p>
<p>This is a signed-and-encrypted S/MIME message using PKCS#7 <p>This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft attachment. It uses the Header Protection scheme from RFC 9788
with the hcp_shy Header Confidentiality Policy.</p> with the `hcp_shy` Header Confidentiality Policy.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html> <p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--601-- --aab--
--1fa --eb4
Content-Type: image/png Content-Type: image/png
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--1fa-- --eb4--
C.3.12. S/MIME Signed and Encrypted Over a Complex Message, Header C.3.12. S/MIME Signed-and-Encrypted over a Complex Message, Header
Protection With hcp_shy (+ Legacy Display) Protection with hcp_shy (+ Legacy Display)
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Header Protection scheme from the draft with the hcp_shy Header Header Protection scheme from RFC 9788 with the hcp_shy Header
Confidentiality Policy with a "Legacy Display" part. Confidentiality Policy with a "Legacy Display" element.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 10920 bytes └─╴application/pkcs7-mime [smime.p7m] 10945 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 7072 bytes └─╴application/pkcs7-mime [smime.p7m] 7084 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 2519 bytes └┬╴multipart/mixed 2525 bytes
├┬╴multipart/alternative 1597 bytes ├┬╴multipart/alternative 1605 bytes
│├─╴text/plain 564 bytes │├─╴text/plain 568 bytes
│└─╴text/html 736 bytes │└─╴text/html 740 bytes
└─╴image/png inline 236 bytes └─╴image/png inline 236 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <smime-signed-enc-complex-hp-shy-legacy@example> Message-ID: <smime-signed-enc-complex-hp-shy-legacy@example>
From: alice@smime.example From: alice@smime.example
To: bob@smime.example To: bob@smime.example
Date: Sat, 20 Feb 2021 17:13:02 +0000 Date: Sat, 20 Feb 2021 17:13:02 +0000
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
MIIffAYJKoZIhvcNAQcDoIIfbTCCH2kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIfjAYJKoZIhvcNAQcDoIIffTCCH3kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACgBnn7CPutWy0itfe5dCraPlDXBE+WvvHIX Boq0MA0GCSqGSIb3DQEBAQUABIIBAEBXJpGHO8AJVfwKb9Juhai3fwEaeyt576LQ
EhTzjfwj8Oy666bZWDo8VCr86IK1Ul3/OR6f1a/FyLJ04yLW+1Zn7WVxxS8PKGrO wqs5p3GhRIBPkKrkjOmtlZbO46vl1BvR6FkjXzBpMTkD+atUlAgwcR6v904kwV/J
oaE56/oJxgqRRL3qnY01rMIhqfFrG2DNh6rjRnd03witWba76ifzdWdCz3JRCsrC 8Lab/rxrhuyIYWXtip9z1gJZLq+2YVW5VwafpPyn1rP8Bv7nzzW8J6ewu3RWRs1g
3hlh5SMSLYH5O0TDFEJ9tGDGmxFZ5+x4FJ6D+lJ7OLRo64rtpHthyuO5N1NXPBXU XdALRlUG2vgMLUGld8Ztvztz4idD1ixj3Gebv2YwOcPPNxT8jLe+L0XvNtRqAdHs
NIxSVFQ4f8j5AS7Z8oo/79IoX1wUlv7IEkq0mfrx8sXrcqZbkmw9bPRGZrWRZLDf f7PtLnorVWLwiZmTj5lFBy8sEUxCgY/ZOtj12iVgudsxiaMecZwN2GWe469I4pOF
7EYCc0IF+sn6USXf6nd6G1vRAgWaUd1kiZChjVRwgo5SRsAk9nUwggGEAgEAMGww uEqpKOwOkiosPbeCFrFYYOgo01v8myLHEHy99OTiEQNn68tY2qcwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAFOKeyT8lWzqPQF4leLhROrAI HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAoHffD4M7tWWdVj25qIu8/aMz
pTb21ahiLRjfX4mWuotY32k8fCLeSEmH5bHrjdtn5FNI/jLC3t9bAtFMEkz7VPZ+ Gpu5MIUOI2Sz/64AOTmvrQRU4RXMR4SYBqaGiCrL/O3Y8EMFnLvUNP/6fE7EQBS0
FgjlBT4Bteuw4g8miNcIU+xu7gL3n8HlkTxOOkAmGPZg/m0BYJZYUFXCSQB1OGja fu/bsALlL+eLVQv9HdN/2SxCxzC6GHlXCwOfwCk+QgzVcbbct3ZLkeP4OILmTQoB
slGNtLS0Km11f/u13p0CLRV0+nasldZxM7Rt7Zd0Uis0PDZfMeVWTS8s8l9ifpjA ar3ZQQEGRO976398AdChG9t+8tlGPAWeR9QWnoS3IBZQtqLiHzZAWobHgYz+iKSf
YGRJpKwzty4BUMvxbgUBzySofIH0pc/DlcFIB+s/S0Dgc7xAU8CxU7xvo36dicgK 5qfCdByCZ4jyJooEOeFTVWSHFyOZhdnRFlJQU0X7QlhG2Np75WDG4N+A6kEuKrr2
qm6TqyYQDvBBXfnc8MWfVmE64sWIQS+nWJIpvTzXh4pZ0FgjKhNUdOYEV1Zz8jCC SK/4va7JtDE9hWCdMOf9ZSRrMss0tpGromCoOWleWujL9XIW3jvuEkyInx+CYDCC
HE4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEMVrSF0MP06N6O1pRZNHTXmAghwg HF4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEDR63F3Ex9ZJaqBncRdFmSCAghww
JGppsM+z42CDVWr/cZdmJAF0qTh58Yba5feUKKVha+SVHfhjgaW4v27XT3kKnraH DyQUVu2Oxy7BDRXBlsAlBK363lgVpACqFnCDi+oR9dHUUqJ8zsO9AhjeROI/RxNo
7tkFxwXRvPa/qSYKSgCS8LZeHEj0mh6HX7mJjbWIeEogBw9CH7kUUsq+YDmZ4ReE YVx0Jy4sWw7QpFWQ+qy0tHpjfgTmr+qcMsmxxkTihbD+vn2dWMKjb07wchVOuN97
+teYWio5HaP6aXoiy8qSyu2kbzz/EmIUxEIHwDGtbZ4f8Hqpo9/j2cXR59xGspg8 6WTJcoKz6f8WRc+2skkXioKJW2SRc/n0Ii4Frf95JN7Yy+taMKSgb1gQVGZBG+E2
0u588sbXipWzBv1gxN24aRgpBov48l8XHqw9JzLozzOG0bZwdGMwZeKrtSPjtE5K zhEkug1fBodQlUNOYtqy0gs5YGUxXKHnIUAX43F/e9xYcNDXelHZk2mRIUiygW7A
Qt2Gonk30Ri3LmLPVHQ8TKv7ZeEUw3mY/95noB2rDvIfm3sX/bBIWTttWj2pnzQv OETb5DIbY/EtphHfa7WMnHhgRVK8EpKqrfKYUxWtJ2VFkS0hat+hbzQlUKcOtOig
dWl8byZ0otx1QjJcaLbmL1Vxd2U6Lo5RNsyHL+BsfoE6roSBwk7UacD0tR/tiMKQ QbdZGYU6RCuNdvVS2tS6BJ2K4guWkK2XHPTZWFGMPR3RiAGisySNxvo585mHrwKr
aDeOsQArMHC8+OGV7uKV0p6puZT1RGEkVLW9Pz3MvHYfVQCn7UU4HWz3vjUoCCFn hG79/caPmlcHCopZKikPXAYrNeOqlcaObsfasZ3TIFiwD9JSJik5UnStdrsz7R/S
KRj6CG7xKUHAdQDTmtfKf1F6t3ba7Q3sGi2Lw7FH2RG9u8SO0RUQvYTxWo0okb1Q D1GNWUwETvcRKtqp2vrMhvHmuNp0C9dN3biCmzLc2fB/1vKAGLglRP6LR14nQJlS
H163f7DLzIgyiiOaZmtrSOE1rHKhs3utQuYqvBtR7fvUWFC4GtqXTEThwYF84YLi CAPHiA0af3SGxt5Wy2mU2vWLEb1D0pIXOsQ/Easx2htl+fHC+CiO7HRFgmp+Sah6
vvYhVQqP5TWF7uxxJUyW8cgYqAjNnqi4Iif+LXDtrbf97fP7cAmcE3rNxvDn77lY NoE0Mt/LZAYvjEl+BpzChTY9RThaa2igmMeqRyy3PdQtR7GMylfpObsayqy+Me8s
Z2e+Khh/FgaMEFRzNN8P9itpd87YGY+mwde3bBw3fdzVInel1gFaxplGebabqpup wR6DyIXa5tF3AxjxL8o+5hrYieL8D8N/04aJHroJI/Mf6iotFxzpzl34jcw4g0hv
rko9Epu+i891NSkwnKYMDqb3azOUW7OzGbWOw2Fvn5VcD0FK/eTVLwpn6WHhg7zl VElBYHti7+YL4wvslb74f6ba5CHP8QjQ/eGw9U2ZIB/KpWiMmUqgxm2ANmCEwT8z
x2yZHQ7QMUCtKiAv78kjLuumezciX3Df4KUjYidPFF1lLI91tmZAn6exO9vtq55n 3tAfpglE3V+Sxp89YySC+tYXtEYwf8GhNO7Es0V+qx4yD60mC7NGS5kpjT2gUJON
W9A5fznObqeN/xhBv47IWaHTYozgbCY1SoqNqSmpqax+WG1EivO9b7w4jn+yxFkb /wiMgx8w8vzvrwRM/QR5vzVuWRchwT7Jg/NRFaNydMz3y1TxWkHlEuqE6WoTe+XZ
smZ+WJJoMzJpvUCfZ5QeE6bVZhoFMPsDWa4UzzWhiwxFr2lj5guaWqJduQgv3qHE ZLDhSeCi+NLcYDVtYZ0Y+D2PoBZLJvpWtJkr9mxTdGIdXVG5mibxKW2YyGpJKUPh
qF82ovG4Q4gR35gGHebJ6dxV5FOWD/3Z53ZrYMZUZxdwW+bWr504UgFHOA7ngvau AXUGqf7xwrXwfifEwpVqWbUDm1U/69xW1Mrrk+TJj9C+tdb7Txwu0MEVNl8oHFEU
vHgOyTnnxvRzvKSkhr3uRItr8jM4+yOa18HLUOmi0+/L45xJJwf8A8GKL0BCNabG CbUIUlOee0/H2/ENA4cgswSUvJLDojB29sfUvcYOW+EJbIpOf1UfDe3R3XVH/iEy
giTHu+/5KYG3j6foE8mf4x1UAVG1dxp6QfEXZG1mFV02/w4vGJTz0tOrYSPJ3bXF c7SzK6Df/nxlGUGvIMMMMuCjzrZm9FKAFwgJKHriTIdrWQMCUEhxQdkTPoMifyX+
+HahaZ0S7KXpN69rRqyFchtTC1Vbm7b75q37+lzLHisVebzvco92TyClaoKooLfZ 3YuzZ+7f0VWFlfuoK5esvGOl31DrnvffO2WcY6Dx48RhQDiRlm0rGL7tM9N3ii3v
sifJRf8KudETwNkNGFIj3oDmmSUrJ+0YiB3h7zJWGiVGiNd9UBXOm63/7SpTIaYZ Q27dUcrUQDVaEoEJB4qgh4RBAzHwkw4xOanzo/gBQIGo9cW1XP3a8IpTFfkhVrNg
eOUbCM+nQ5/SFTg4gqjQ2PPh7QSoOzioilMyosOAwWQ3E9ThEhKLzoaGzPx/dLri 8Z9I/VsjYfxgwNDnMO2VRgV3lGpGKNVhWz9SzcjmOEyjwwNw0l9uBLxseSrgaGiP
HL1ZBjjdtGC1lSCFcjdYLC7sP3W2nbnyBMG6dqvwakWGlaAuXPZ1yl15jn7yJqPL zARiqLV/SWK+E7FwR+INQtrncRs2yvMPCqayZdOn1TN+F+ASIfbWm5yaIMt0plN+
Pnp/eVU+9SlUfuqBfZQbVWPhIUmYg1KL23HzV0blIsKqbi1sjxo7DL4RrC1axRFu 7o/CfzXBc0M2N7HnveJXKhCysZOosrrTaSWPT3SS/gGLxQ2dXMHmHAaZvEkFVjlX
E5gKB1VaUCiDkZhiKj6vPQetaCD3bTi6Zr/xjj8rH6G0Rr8aWI3HIVgFtwrtuAxh xzg6FTTPt4xVLKDxJrK7U8xj4PF77YxuX62vlvD9cdqSb2sri2c2+SF+VBCTF1r4
D0YNl14Zm2K26c5FcrTVXh1XCpbRCjj0RqqsVUX3onamxH0nEdxSKObegqfBQwjA /dOj35AhSFLqunWR0A114tXeoP4PN2Y/0u1Vq0Vi/uQZHQG8Xqzpztj/kHYJM9V6
rn8jWSo7jm40wmpiEjg2Szi43g9C31jwMps0Eu1zAg67/O0n/ft/+75/y6j1lSb2 yKu8NbGtxjunBW0t57QeB+xycD8EK1gDDyswUpTENzI9T4dhijv9zVHlEWrwQ6ov
thJp6L2z0VTMJDNbI75POhY1NPoqHWIZOV9PlOLOnH6hcUg5zt8JvXBeoxQdMcjG u+rKgtP1o04h1+hSeUjhCLGijYEXsT4MWKJuiRKnmbh9sFSa024dB24x+AQJvZ7k
uY9ly1w+gLMuFA7KdMO/sEH7GM2OwpIEU5gqzoDresGUCE9gAC8kz/M5QOw4dOmW t3lNC3Y2cMop2mpK6rMjruh8FXH4q1Bwn1CyWMzLYrjD7uld5UsyL7o2rhR7mKVZ
t85JlsTwmUbbYGcWjjZiDT2Gb6MrNUa14X10bsPO2hcceuvvEvLt9bBgYywVJcRO FeosAcyN27WI+peHi4L+bkeBHulwxwrXib53HYZrISLFPuGtOwvVhY1WuX6yiFWf
uE7snAIXXHEXodMkwAxwhSlQLcBjDSVUQm2C8+lVhw1W662ogb4yFJNJc0H7c+9k l30jQ4FqNY1/qgOpq3HkWMzVn955A5H2YYegGbsVDed2lJ4UIQR1sMBkJHLR0TCW
qTP2jJTSyMxG5ibmzF+apc7u3eL5/OU/prUmnZJAlr8DkfB1opYx/sCBQqJMJyIJ jcTK/OqEz3XScJuXHjgAwYgagUGb+Voc8LQO174iwoVXvdaBE3+mGFWcA1x1UOOZ
/ixMsHyqcNUGCD0D4+qibWS1vbUQ3XZOmdN3qIUdvwzgP7YpX1MEUYnb39k4pe18 Or/vty7I13Yqb/GtBj2l4t0pF9THeqsDgIlP8IJWLwKSKSUmCyyoN0xxC//A38rG
fH8fwkSpK3j2qJQ6mLPFMRRIL0zi0nkOEtFa8OUQgG0LpZKH2+Hqiyr7Zmparl0O zXxE186ri/ZLkFd1aCg9Mw0RHEdUOSg1K79BFHNFJdkxWgUuAT7CX7q25u0R3PKN
Wc3D/M0Kksp44y5hYt3Hexnz6t+fuUedb4N6V43KjFK+DAuU3SZZ170B8vPRQNft qSNZRyUrwRah6MAV8XRCHNvtuKk8UUqbyIy7NNcO2PwAduqtdM9P4u5AgAuzNuv+
s4x/AYMAcsqGieTau1uVEnqwUBoHgm8IRfgGcAwn02XFk9S1UXS/iFmKCl7dEfsH v8Sy168YT6854/52dHcgYScWLxHCnYroRnjY2DUNkM85clpUBkX/QlB0yiLiE/w0
OrIvM1d4R/+a220epCUGEcmr5653LtMOoQM3Tupdit58Rxv43pg3KOvzTKygJ4JW VhmT/X7iOI5uFl/eW0jU5oD5dWSmD5DCuY+qz0JKvDQKqEEwMHtKjkkyQBt6vnOO
02qBuNtc+B+llkKoilnQ1YJIqk6Fh7mOE31qo2isdLBd0niDp3vfQDBiFlTBHI/C qBCBqoW0+aJEWjzhHaOM/wE7U6H1NSaORP0tPKy7Jt+K8MajdUuU3s0nRJfgNNac
e/5rUmwND2ub3pd006cy79GrEUsDSedhciN6ulsrXONhBr7FtK8oO5IyNVFVHI27 rTEnReJxC7B4dV2qtzs/SDQryQPTuVlR/2+KkgAUqiDYMZvQfdRlbJY6rid3Evdb
QSiO5TNKllvyV7hWqCVIIuOVYwEvuaEI/TOMok7Pf7yUnJN0Q04t8co2BT7TiH/8 bLPN1w6c8J5qV/+W9uDWTofx9fs9uK0wZlIwfc1ac8Fke2aZSpG1OTs1dP6BWcga
NcyZtmGJaf35R8s8YMLnbg7LUb9wqo1V6EPnLfCkt8M8fcnpOlnQ8+Ynpavvz81h h88avKEV/pLt5I5iigj1u9q5A2PwdWoxdlvSyhL6kOj618+B8Pun4NBdVmvNIp5A
wd4v49COf5512ptCgdg5YZR/Q9v+T0c+fdeaF3jhR7/vV/D4NNN8LsthODqQ6Ac5 wp/ACatR0AFoPCh1Gdf+39P7STfkBB+5v7+OKtajL+rMR7AFwGHxg5NIQ+jc6dPf
kzz4RbsLLXbK9ZELjgjyyIB0Uome5ytjDSuAPeqWgEo28DsTJ0vIECRZg25ZhKeW I27AW8D1kDLH5SuugDzDy+S33y0j9vY754x1YrKYoUwf/aRvG2EfGCdrwxjH5bsw
cN8uuKI6WezjxeIRM7ZmDN3wvd3amjOSDvK5ASslaO3CyGWpZ3RJ0SknCRCo9Oxm ukMntuWpQMhBEy94vdTNWo5xplNvCkiJCGfY7AMhWfHgacae+uY0WqxgUxpJPBaF
aSn9zuHGD1ZtYL8P5kfTNmhCq14ktAdH23Lhjqwr5FNbhEGI9rxT8CsXUweaqRuK c5rvZaKD5QS6udPyyrQ2xPdKPJ3Ky3Xh7NREeDYHWq/fJXIbq/AM5LqhijWtcwH0
KeX3UdWOiLBTpcncaaN/3knX8EYdyOvNhQsqBtqu6gZhQTIZB8QiydFvf8ztCDgb 4YkjsYJ2DcWnrj2grNxOAVD3bK4HRgtl1nSUBop5kn39zpK5ZgRPqOfRKxZbFCPm
5IfeDoZUru8HzhMXm2+COxqMC+FKoFjVc+2s81MIrhpMnFXL5M9iPnUKL6f21q9m 1cQ1avhCXwpYaFDa8Q0vBA8n8fQ+GdBJrjEtyUC31M5w4spY8d9uEwNtLaJc9okm
c4KjLQdP20Btgeq0WKPdos9ZWTHyb4wWNZhbkq8AQ12MkThrHymiA2n9EaVO76sh B+TsRIbmRLaGkwfUh2jlQj6X2Jj2dldfT9uwMkxBzEg6H0jfH1EyJ/xWbeLrGgkK
ceQwORLinfQVbkqja+tN0u2jDfKVrbI21h93kvK9ZLP/c1IEt3f7u3J4KgCr95kQ rIJ9CjbbdNXgsBVT892yvRczix7z/vhCKomUXmKQzEKv/vOl+UVyCtdcPqUMblns
SBNlSCpzALiazPSWB4Cbr0PKFU+mozln8IvBoYJWryoc4pbX162AFd7dUzXYOWOm Buj7wxQHBH7kYTIAmPMIKMAcpLhpYecD+6AebpX2Bjq+i/kM+1Xr02czQTBbJYn6
41nXvsg2jKtor6j/CUIeIog+GrPlkfuesFKihydC6oCEjpGI68qU+JG8AhM4ZCvx jaYWDoGM84S64TJYXgsGffyysh/aBbB3rhN071BjMIwIPgtC9sD06TUNIVwr0+bM
4VfB75yJHJ7ch2hytw/UE7K6Vjz8lEaxS2LZ1DqiHoBo58QwgPbmmYUU/Mf5PlPH QNajsnpZ09qlLM3izMgXzYB8DFTL/UW+aGnwQN4fQiStPPQlo0JwqVtUbB4qr23n
ybr1KTSeNyFT1Mky+GmpcN5tX5aY+qeLQ7mu6rfYLVk8wA0aoc3N0sRGO+8eigan cnp5n9gPb7iLeCOZ5Je9qqta/Uj90BPM714qXbMZpkICPSJI6VSvkBG/WMnnHjCF
01Jq4QeBmRbo5SDbe8PuRqGuGtCi1sU4vXbKBvBJt0DUZ+u7cTKHdZ20s08/JLVv +x9ek55H6XPD8e5LWWSVrqK26LY/VKtYQVtIhPP4RsZluSl8Yk9TwGx7ZBOzwyuB
Ys+SYP6OSwgngI+E0c85XOkREcp011QymxOiJT7ulUJHISB9P/NFoA6ovCYBZyRQ ZySeTTF1Ao7MYzk2wMOhcwBexcsPC5W5voWIQy/hXc+Q/K9Zm2ewbqC7q06hH1L/
SfdYEKvW+0KpVsBLVdYEouJteWd1Utc6Hi96Ej6OS+WtFyV4YUE8MtDzLk1buy6E bX8wjbjVYm9OOLSfUvtHSzyShG0tchXh9aCpoVKLybARfaiJqAKvsUMXNTiFiXzF
YIOFJiowAWYFVwNVw6JPMF0yoHdk4FIj/lEChCLKNUgL0iABgkYOBpSnxov+Ur9N 85NUAWGqBHtKyJ+R75Ud+OiZlBjplDYo+j177iXqw0E+0YmPRC815f7x25eOz0sT
0V7FQtTJ6/d4szAWZbApUeFqXliOb/py9El/DOTGy6oLUnL/iGVfTf+Ajg5+emCh ry1xRxlQEweP9ooT5e+2XdUYQSi1QuZJb2h2LX7rDA/IDD2TtTTYg1UbRfROayzg
44Ahob2UH70VQ0HrMT2GDMizGvgzSPnMk22PAYcePvREiu4wJk2tue48CXUkVhKQ JUQb+2kbyHArQJdIoCeOYGOnpFboS6ssOlgTmp7zIkh5M/PLQraASzQmXZMVJ9SR
l47MUmBKnC6gDnyjsQLB7WZ7PkizbmGC3d6vS4N3CcopEyDK7zBaWppewVagIKd4 9iOrVBdZN1A0DDJq3cM/iDrTQYjfigL8lP5xz4CA8uMD8FLQaIpwL6SCby50RFXX
qOMn6Y9iKm0y97Doc/y8VADYTN/EDQvji4j8Sg8I95cx1VInn46YDvH6HZH2zJGh RKldybjfn2LD1nquQmA6yqI9d32CucawMyASf+70qrmtW9PNzfgeAhIaFMuK0ah2
4xUC31AfOrBVe/v5oQEHDcCjFZKa72vc4ieANqQPX4G2j0TegJG8JzxLnHifud79 AymtgrFrH4U4qxJVweAvwrcyWtpNx1yASrYlrz0MbV8qhdLdpsAENlltYzPWtyqF
d+OPxcxM8U1w28ybRNWkP+TiDZZQ6L6lCib82fyMcXxeUiGRYRAhSNOQYzblDBfH buYEMKkMFTdNlzKCJnXFw3ui1gHoALM1mRJENzAPx3nQ7f7npmnzG3xBsjmwuXQD
Z1H7gMFaWfJAa5XJtJSpJHEstbiWVOrEOY/kNEBkmddEP54uT/bcxkiQs/f89CfF ROQlVIu9PLi4NWE/51NGgvw1PCJvYIqTW5OfkkeHnmnxtzH7L8mKHYJYKWMtxGoa
K9ShqAb7GEmdQMlnv6rf3dTiG8GGNBsztaZAx4/LK5IeoYQUTSrkGFgah0qsQO9I N0g+CxXwwOmoe84EBtSlw/Tz3lRtfo3wm5Haja6PMAE2oFEReXlMupow3jrZs0/R
TaESQK44gRjCe5F9PXjpPK5zpZA0Ti0yBJDPA1h+v2zNj5PklN3V4V02oWCwG8vx 1JGUzudUKsneDa1N9cdG7IZdFgImxZFQU+Ensp1Jh6zWOM5eYjJEohoL+XlTi9YZ
XwaF5YE3dKcS6BVMnxy3lARxKtp4MIZRXpgma6qeIL5DrAXDOLMoTqZA3fiNguuM pHGoWDecs+UA54mNVbhQrQnynY3T0/qmE+lMAortbCNjCZ2TiHSxdf5ORqdMxjoH
Vn/LIEQxpbxhGpzVi3jcDCthvzdVWppl+VfG58ydngch1PuWNfkkA0oEt55ub78I DzKpqmIcBnQTTcEfx7Mzg7WRzAMWfAy4ZgA1K/En905C3MH3+j3gX4lS0xa2mpJj
AGQRhm/QMgYkeXOWrZelfpIKGUFt/WkmhMPpl04sRaJLjRIo+lKXV39TYrlegf/s EMS1Z7Iuu+dM8E7ZSAFdNWoGJTV1ekoKMaHbfMe4OiKzx7NqFTmbLAcMqmgx/s0x
2Js4HRz4IIdWufUQHdt0mQkNKnssMIVI30Lloli/0R+hPv1sAc7XshfPzqbIXXd5 tZYqsYjUTornbzK8/F48VlyGzJKbvSA2UVXggcdI881iaCuyJIDy3Pv7A7Bh8sA/
ThQXoiSsPBVTy4yHI5d+0LLsx3zfSA+Xq4XRF7bxq4xoaDKBY0CoZe2qVi35Hz5i lthTkn9VWI+iDcKgzQanoh/JSfAcdXhcRDbpJrQvMMnEzvJk+c58aiHnDcDgA7Mm
sPb2AHT9qHZEV63YZ55+pCmH5kiVsgrlj0pQo8QUzYjCbGq6XOw60SbBUHmf0//0 6hCqq3rSdd/POhFBgeCMLYEvWu6OtrM45Lfte52/EmYsdBorniMbuN0G0KJrQgQb
aHB++zb7IsnYHNeEJFCiRCJxYAcHTVWc2RLyfxJz6tx6GidcnhgDMqw/h5Du4X+q lMmx34vZuT/cYdJvoeYZXGniZodNs++ziupzrfB2GIQIFqCLhDhw/pFsrMPOjcZy
3WTRxMfFJVNjHkHiD9JsNUNQ1liu+I6LREW27IHaxJ3urfJggpEv7nNZKoQ2Fwnk zl+iKT+P/ZWg5yMB5cWPOzZs/0IXrKpbkhAquFgv7AkBAlDMORyBDSKSmA6bu9Xc
Hinnc1Wc1ZXZBoXpos6zQkmBbxOO9ciJKPvfU5vhkjgO2Ja7eMnvaGem3xw6ubLa cVm926zeoo6pNFgz4WDHLeMieAN/O+NUZnK/P1SBjIfksvTyHQY8DdPjgqrK47Tm
dMCW8zT+Y7lOAY3L5jfW6B4wKt55c0nJELUDrnLqR6ITI+b4Nq8+MuPPGkvXIosV NjKL8k+jJh76Gcs47DbcFOKsDjDPRRDZyl1LB5c/iA9V3aESjEpZ+0lYnHcDFt3f
umZ6sg0MWPQfoGgR0i0F80QHkHylMA9L8cTXiC4B6lei5GvTHfoad+7OIzD6ygzP b6hsO8vB5caby0QBHBk8+13xnoM1/lCbUKmforcjF+I1R8vJhUFBoxVCIZVoPwjt
4ITgaeSC57pB+3ZNrjNn1T2iELlXZZb4sqxwxDf7mw5FdcI3R2VNGH2Hu4krCWqd kQOuBf2IijAJavog5Agf4Y9SHcQhnbaeuBAzBY9jBx98mhZj9HGdAUhuBGTvUO9r
4yx5laRk45ChF9Ygd7VexK7ELSRAd/Q3AvkFAyj6oL8Isy3AqruaGzvLPoqQGrTv kqHIrCyiyjUX24RqiGSF7517Nr6TVj2JZlosIuqcEtpFFoAjGZ6yvTE185toj42t
uT8DajAOtfV8r6EHf/im61Dwtk2ccGuBoP3qYXJ3uLqGQRyXW5KrPEeq2UxlbSra n8KISHFu1J1LdkQgUdVBc2Hn9VTF3wfVBXNvoIV6gZckzVQM7VT8CEOoEMdkt2RC
nDGYPQ7+OBB2dg4exQ6ewCBAs6HaX3fHsAKJcOFCf49LClN7yu7ARvXZ/yUaGaHq +xoTOIKIzER0+OQJxTG3Zgga+NPzEC6C4gohaOT5jaJmDURWnjeewkA0uWsWVzhN
irEWffl4IC0FvYzMv5MYPczJA+c8G+vJZa3qeBm3ZAZWFMZ0zdkjz9joE4Ox8syE 6e+oVUirLt1ml/biJ8opoKdcxwHA7hwY5V/G+u05Ezr9HqXm0530gTOCRi4strmz
7ME2a9uBwneLHTx0GGORZsrL4NFxt5wCG09nj43civVgBLwbjsya0i0/RH+67lfV XQghJ+We5XcL/TXDrkU+GGCD2+rrtCMoa27qY7WUS5B9AOtmWjoZnvs5BeqDkXHw
jmsvZ1M6i9LzhPuvDKe7Htvv6/wJGqBSAsY3PFoEMKQ7n7+Jb9Vk+29O6Ivi5+Zp xDnMbRvHKMmCaUwHoeBAJobT0PKqOxHzeC1N+Q4E4yIN4guOfjoCxsEVEHB2H/Ke
SVwmHH7KL7Z7/73U5PSjmuGtyPlvQT7RRr9kqk7BbvEbdpyIGHLrMPTf02hIDc26 BfaxLY5dHr6NMWWR5FAZm+AYind4/pimQc6OX6VgSRBnwgvLJdu5RkzpnpAsrXxJ
BsuVkZ0pDrY0AsUHvIaEZWugmWfF5Dub5osg7S+lZEaZG1nr9jn7ZkFyBynC9eci NcAgR0m6UFB3Lmz/DScPeQIL/OD1E7FyDsL384AqIP8xPkiKxgs/TrVzTTLJmGuz
qQeh17PBaSPLBeAFgvsfoH5ynBiJMLnuWw9Mmw/G+mw2RMEeV4wMJqylB5mP2hR0 P46qPFb8cmNJ8jj2dEjMfSlGZ8gGIXDT08CpU622QaA365L+w77gH9KEWDDs+CtP
OD32KWcDtxx8NPHULbFtiAZ067raGGWkWYI3iIeBYpqCSJo0bFxcch1CfK8VR/WH 3HS2GPL3jO531a9w9azTPxYmuEGM3fJNCXx9Z9du367DSzylA3f+yjwR8wHnLiXn
YDFwItvBvQ5k/ntvniCeh1JaP2UwelVV6mafH7qrmXmvqtq2QEFVbVB+aBnRK2KO JGTe0Pfsm/KD4KW2jk4EAWbAts/Msm6rebnFLWltEFbHQAFRixv6L4AS0zhFVCs3
uFKbXka+PbZ1b7311HxAz+xsEAe1UXlnKi+aASl+Qn+pS3YKyuH0zg19pOAmCf1t CJj1yYwgdYJvl5wlw3iuf+1oup1Q3cij+S6b0/QqG7uk6FpboQhTpOVGnw9xcV1y
5OhS7j+0DBgHYFajNfLb7lJy30MceP7gkj6gW1vHMKHRSHVOC0KlbMyQ8JAgMJUj SACx+7/AHQfIVgfODNln0T56wGsOs4hOp4YTuzL7nRpaMCr3u3f+OA+DH1c64bC7
8yfO9qgbXWzMxyFxJvHX5CyJ0KHA1JfQNF1yl3Ml58jUHUqP9Ys2gDMPrJv6xTsq pUSHZjlTcwXkVR80C79Xwy5RTxg/dJHgcQ4IsPfdSV95J+FwkHAZtn00Ig2/nyTO
T1tvxFLT0IiOO7WsUOyV4LCGi+wnrUk5dbhfwV6FhdZKNpfFnwpdeLak/2ccMMMm 0NQahYFrg8gcei1OpSCU8b/1cU4YD50WJfuGuFyFsKVKWFQrdfUZ1JyGBxnrOPIy
OSZ7WBFFKHBmmWMfozq5359OgGE3sf7/C45x/9SDiIsfWQZusA25XiJ0nrJxwoho /kf1n1jELO4TpWDg0G41Awd3O78bacC5zjPWp0fgCeSTKJFqXnG4AIo7hD3SXiSr
5mN97+DUx5nhbKzD/ajTg43kSldRJFvtbDHC2nYaIl6SLXg6HwhCk6qnAnb4Fxau Kj5nKLz1JePRwd4rf9I82cyl7RaiVDIog0vMLVxvewecUjWqKa9mdKDUcvEGMyt2
3M9M5XZuDwXQ0Z21yjh4Yckfi69GUO6qK3Dgc9wugvmz2WI6lT5oE2Od/4HdTf9e gzcd7171pdr7NV9/1mAHTeoWSpg/iIW/Cd9T0BeLMHiLNc9eujy21E6zwSXkKEBr
LNEWzR67qvyUy6tILZi9R3LdAN3HukfmJjXCbaIOUFtQQUgRgCEdM5NbSp3UhTZO YP+33rFKeSGa1l/8ypUJIFLOmz3tDCZRYBO/uFSDEKZ2VGEy1fFSS8qemCHNmlCP
3trXdXa0lifRJ5VfsJmGUiaZqD+yi/p+sYuwRDMu/sSPaSCBf70OtxsLRrScJ4+B 1yP2e3V1fJh0z6Cl0MSf1AbRQ+J6OFpbeMZS4U1wIs/AVdsirMcuT9pnHrkYH6W8
yqg+AOUxxWYCH/A7kAQ5Bxyyj/HxRRH7KlJRTxTxZChuad721D84Y7OOFjaRAx5G DBLIdoUttGTfH+54ipKUg1WrkJLxUmR6CCJd095jyzB/p1iYhNWz7etGSNd5/mrZ
yug48Ls6jJugo48ce0zVZKDQYW6cAoufc+xz4BLZobqoIjGn2vu+9pIvED6+Bud1 6sgGGXPnI7LCwGSWtEPazcPBqfHEy8nsbXoYzlXNqxcldCGmi1RJsyxqcY4izgu4
p4wsgVS0fM2ZktBIM39RDedb+90NxvKw+VO9Gdo2XmcMQtig2oTMLkUbNbiPC5Or 0TXlhDDJZ6hoPU/bFXVtds3btPwNy0uFGX06fu/t0pznWGRalANSp/21n8j0d7ns
diokCwEwSAm/+uXU280GhFo8zHwIMpcfzs88kKHCInrTqS0mNFnXm1bGydDdtMqX wjbO0u0AZuewj43FgJWWKgfi7tSMbAQl4Lth6XF2bf4cFHvegg+AUnvC8cmL+Iyd
Mz0c57+8uCrQvFAa9yXcY+dCIxMNj595lldBMXCVzwUaJF3ITCJ0Juk0ZJE784+A Y1RURBUJBVln3OiD0q7KzO/OQntLUcrt02wG+FbW5Zp1deXMMY9Y12yxccxAgVeN
e+MSqOBm1GPHya7f7wnAnEz3d1qZ5yFgBV0B4kcXpAaW5lgt9xWk8TZ0K+o/+R5S RJxaZfsPPJobn39ZI8ilEU/W/6NZFXUSk30vbBMb/dlGrP60n3ig3DeDR0flvqS/
4VR+wb7cQnYHQNVbMrPCF93Btqw0d9fFDkmvjxAfG8IyPMyuEzfSRqhH0qU/K4Y4 2hLZb9ER0CzLfimZ35TxbUoPm43OH3QWoIM28+mr2srObrCeJQeO6SFumif5iXel
fbggbxq1520vax+foW/nQNKFL7Bj4GqLKTLdS0ChQxT1YnwEuQ0cI2oQ8zzo9fFC jOcDRbm+jjUVC7Jdwng79npdt71Q3jUPp8ge15uiKr329S6qwYtmG1phsACYRCaX
AiDYruczd8dA7mPuC4FQrCQjNXp7fzi2GKE8rN1aC6/EsZGFZujmVq48+yMQ6Ufv hxv8yzb9ZjFykp3VaVW9GK3AJF57HIIC33LF2YmEBWwa7HAs46k841o/HtNZhAn4
byymZlAhAbFXNJlQjQ98rkyjooQr1QIjHpFn6wH6OfSt+1ncOVL1DMRM+8KpPp9+ ti4ogWH2YJTiBzfQQVYv7L7BAnrcEmsdONEEYdaHKHA1/jR09so+5sxEiyRTNLta
U+khHu2wKDtFoOhw1+1seImM0cuIxGLfBQ3fTlpl9p9PcN/Db+eMuPjXv1i/jPyf f9Qco4NR2AFYYRfMgxPKpR5pL1hpmcAsKIrUvZBElXvmDTwoZFtQR3/DWQaFUMnE
z3m8EIOg1YqsSX9IulrvH6OhslS5FLSvxG+tT+9U1pytiijH8M1UHUCYRd5++yZ+ xXLTglkLBtB6z2FJfy1RFJkjLm3Cr8Q0VitUbByDtBYkK668SLEU7r5gKcvtHlcF
VwS3SlyGFryw4u1vH1CT3rUbYpxbVkk0aW0e1HFbJST6WvSkB4OdxYmha2HK4mKb ih/QwMiAXygCU0k7pxUK0qHa1yNyiVxeBAvUtTEr+S/hkO70iwSliILbKOef+8pL
aOc7QFDwDveewOfOaEXiLVysKhSZusmsIvS5l/oAZDdeC+qmeEH9yctRIJS3910E RLZucZXDC5TWn3TCTSjeSI9XjERRF3P7ueM1jsfhgVzdtCxaXqgDyNeZDbTHM9Zu
DkI0HpM1QEuc/abzIJx3/KmKMHmVKfbVvwpzuiwByvxkIv0Y/enWILBWXQWLzpid KYIwJgrpRK/UQGl7uKx1IBMECo5UrVOhT4WwxH68GlOOilENsatV2oBjNz9LhCnh
h1AzKiewpDZesdXXCw2pRgafPZRrjuAwInpakuU6AuU9TmhHeWgRD9OtpleyI5Xs aqb9YAqBb+OEopDuXhIhc75P5CBOccn+u6S+PU7myWbLOnQVVXh/d1GJSZEsDnie
VimkL81rcuCBve5dXtziFZOYj1TfG5VzWAiSX7tajl5tvlhSiCmQN9Yz8CusOfP9 tW0Pbw9o/5hXTOupX4uFAvbgkkQ0D016jc+5Wqn665cEfm60OehNQmToSr0ODF8T
r2kDAroyIts2OmukqRYoavOC3vZVp30vUaxnPcRw7o+0sOpbCWRQen7PVtT75vz0 UbV9QWvzOc/6rvjm1ymIRkHUblC/9lJzjJTpw3gBzfXmpKEnyPniBVAiKa1NtWrf
7YZLrXN2fBhzx5kxnBPD8Ucv5t9ixepy0/pSyztdejHfyTCT9twNeoDKfqkzJ/Mx K22LNDDI8mdmSSoIyTrD/2Y9Z0OVCbxlLkXBsnKHNmUUDHCSDqZe7DPONQEY9Quu
HWy3AzlNpSuT4Brqjsja7D1QJenDuCqcMsz6xVL1DM4w+JS5TMiOejWuIu5Ck9ey a3qtEU1mcOGk3HIKQR8XeaUDnlvs9gG5P2AxQEZs3dP1M3OJ9AIwKjpwHy1jfPuK
2QIQMqEdYmIRyC0zevw260WsbCdwPMmYInUwoTFifcvtC+JLZvfFp7LgzKa6XCIk qh6mJTvBYkJC3zY0rfhJwkabIBAqjdTUbdUokVUOIE/wMA2PJZxbG9SFsQPU+mBv
dM16z6kOVZKKTjUfJewBdG6ezIecOQZdKlYcjSPy8R1uEPvqc94MTJ5uTdbh5sum GQv3siLE0iuPYUw4ICox7IhMDetWP69iaI03jGQbuEmOdd9yvI8fjCcroUbw9PbB
EYIkT6h6DHWjfBjoCTYpbFavprnqXmOPVvoTcifkUemh3sOu9Hll0Oa8wtIAZp13 3gUHSSqm+sqqfb02LCWdpv1d85uZC+VE21Ch2LQIrINhinhH9ZJiX+iLAjthx55m
gVqQXS1ErvzF6Sy4UKSqAu8liM2WUSZH4bmW36sEBEOykXh//19wqHW17NqGHrgG GMCORoWUmNMBl5aACuaVf6wvm33GxciQDMWWbL69IAUmSu2g85FrBpuUhe8IFOkk
AVMmRB42waFaTLysx/yNwyrnpNFIRQoRKi9DgfFvDCu94Q/4YfWojNgcooYC5SAr VF7053IBFw/LF083OrDzE6w5tEr3NM2I1gLQsvqL+bpgGkixVthBh35I54shZzyk
lSLt6sjIWSp6neP603RDOXq910mbrM6dF9JAL3BAUK0Pn5/+zaaVva5IWyaL9KsH wUJSTlQDrxQRrm2HTuCj5JNkSnm3W03DHdmiKMlDOLIyAuRIRuTLMUEtlgqz328M
2mJBvC+WIk40v9k+n9lH0c1eIkJZDCHVeqfM/FEafdhD7teusBcvxDPhZVQ8l0mH o/6k73SPFuAwpVokN2kC1xDtHS82PyvwO1m3a9WFiSoVG576XPDDTfGtyx2KYZdx
phcUd3u0GEZC4LOfEYar1A9BOKEYslCodnDC2cKT3quqtWvhwej9VttZQgGNOn6w YbE9WNd9euMYYGQdaGheQ9SF2U3+rQXaFr89GUAe1XhU/24npcutZsA68o6e+NU4
GLeOsBP4x1pQ5apaSKJa3kVl+Gq+zZs7A+tsl3Z2BlkJ3quYpBkW7/39KTWPniA/ e8pThbPtgWhXyX+NHuWjArbnuSoltWcwaNXcReHaKfdoE9Z0Uixr+XYuHfgYDgyE
Sx++STetToLGYA7UuVndESoTbHMgjGbSOn94taPNmqejT5aSL/v4SKw3nUGnIeb4 O/U+Nl1UGys/89wbEK1B/08JxW5TFzEQ/EER/Q9ZB3/RB99pL8sqq1LJq30al+NI
kbuS7CHdTP7cNpo3DC8X2xprJJ3ffZIPH1HvIqjTA27lgs62676XJSG7BIgIrBiy i0P8KeMrOSjGmXu3ZH6CHFcPXj/uTTT356mWiGr+SJAYN7DvjYuWf1MA9S0p1V20
g6jWTh5X+zG2dRcjTafyPSzW+jf1U+cVFlvW2/cZKz//ku7W/1NOuMjvJGbUbjif rcZN96+yt9c9CubQSUdU0yUh+Xbzq9HTM5JaHACxjsc3RQB4CDaAp/67toJQcCSF
1m5R2PkjvwAYiDjvV8QmD46Xyh9lIumO1YYpUKZahTC+K7w3qs9gWweP+aUYOL8Q tHHwXf88Sc3WPpXAJAnaSHxgsJu1nlo7wPj+jiJ7kMwD19Bl/BPrHGc+aeUTvIVW
0x7RFcCmWKvm6+u2SOfctuYWd9e57R+q555PanLTReyS6FaHDdqpvuoxxrkPUBT+ D8Fu+XVtFPnywenrYnooqkyOFkTbck08MYDxOiiyXhVWKLlCnSYwfIQvDtEN/bq+
gtz1nduPat0SKm0+0253AoFFqozyJpMiDOmEbDKmQO5PHAfOX73ZIiUxAmyHFyNc ObXlYQZKiwLcQAjx0o1Dr1gEEUMDlUNYo66MjRfnxgtetDgOjAZNWNB1lwVv44tH
FJQwYiy/BmQ3H19wq9/0aSmt3CK06ouUPvTBhCQmwuw24e7X2LxY8J1rOdOSKt+s Z15bb2QdMEBL5cSaEQzO3CtuLNUnPJHb3NiJV3YuWuLeBtcwJNzTup4GLD8kbwqz
IGsp1dVMh1bmiCQE5i1UZBxoBHLMx46ahaMgcd28B+pCoRkRUMUhZXcB59Jf2/qI IJD4aG+bCywKs6epTifI9zhLorDJUrmxaxy5sxHDrzufAMNfZTV+nTGGQ6iVsLVc
z8EgUqGceYMmA6XT13FvGqkc/MGo9MWC/Gt7yXO1Asr6iWzd3wCty/Pd8emwK3wq RmfiQ7b8varVDVtrBHX8vzI2Quier/gNLxn4AYnFtXQjbalYOp5ySOG7Fx8GGZvW
rWq3BzmsCqFjtdMlBF5juAUA6WhMc3Hfj5RwCGgHr2fV9M49uYuZziG+aVypIKwI +NxHLedmmASlubNLYBre42wV6OnGZ/eZJtkoH+c3spaq6Ujsp8pZiwE60jfwnrB6
fdc+hL4XrM+XL/QfcV1lpQo9+Smt+iLHwblykdWRBPKUJ4KXIR5jJel93lD12zuK qHRxP98ftbEdcB586TvOx2zYNbd6MRMgQMxo/8k6YRvJTeHfAdJ69TsUI3OLVu6Y
dQCUerq3hDVwsd5WWgQlaG8Iwf4misPoAAmpZpbp09XASCK1C2dQr9sX81+3AeQh drxpGcDKK84JEt7W7h+6vlPfG8RzK0X/M3U2EEZ8CHL73caVcPTQ5FSm/rGj1smU
TPQam+QzlsR9lKDHlm1an4F7k0t2+xRcZu+YpVocsYeBCzmx6FsKKFJ7eGC9wvFr ZBja96TPY2JYv4YB69drCTjhH+nR9JAuhbna82e/HKN3Od0fU54JjN3C1FUrhiAh
T/XUAdhspNbo2OlRQuy4ixDC8gNxMuF/eQoI71ecHShiSsB3pThX9Z+sOCqYu8BZ 1k8oFabzoF96YVdg/mSttI1zH3Sw010NmyuagwYNcoLELq1mgWM7Kd2989KkX2j8
3q2Yerkjrz+/Lnbc+XJgtNYErzK00b2Yl+wSivCvgs2CZwHAWagb40ycaJcp1rGs /bQRsJxO2Bz2IdNbD7E+hBjedywDaqvxftqQBcoQePfMnAhhzVCrAB6z+UfjS9Qh
SHSAyMEe3+9g2Xd9Y5UyhPCePnIFtfvThUUWDMBbl4NkTZhci2Q+NGhwSfd//i/q us+CcqS4z+3YXun2a+Mv+qayDqVjWcZy5sDmXXtS7rxHcOdE5CwDOoH9quLS9N4k
0dCdTZHj3ucJsNkCtfW7DtIykpy6Vld5smayE1zu5WjE2EzfumQHHqkOrfCNBBbi aoZHzN2jc1ksQ9v32jimBKQfmoMohIvAwVkRgzCBxGRJj1xJsROMK4bmAaCiY1pX
plJwXI0WLdVCJrSAUoOTlZbE22r4tJnar1DA+V3Jep/VPZ1mNxa5Dh0fseI4h63q eGbbwfTenscaZVy5OIa+pEmFIjlQ1UvX10D4nhQGGskAJkzz1u3FD6mH7MmtDJVl
eudtLO5NBMLMQxz762u9uB0y1vuFmKOX0VWz2aXZ6jHmN0z4zuwrqbS6yHYqEX3Z pfOdegJt1w63DyKRB7zXAY4KP5nCdV+PGiJa8KCyVfDyrm0+/UlLIvpmUJP/akFz
4NzaoFOD7eRJbH92yFb1owGjPsb7QcRykQfBhmiIHeNJUoja5xZdk9M7vX5ygB8w H8g5VEv4CP/Wa69P72w+xZcbRaEwvg2ZZ9fdQ3EWNi14yyB7utbf8kdJPPBNGutH
AIk33yHYWOumHHFeSPvHlTTsNvLel422gDyiDO0fXmJfGAsauqcX11jNB7RI+HM3 /Fl9XyOtzTlkOHUETcZ+jE8LBCSjVmLU2ELMKFmWNsST9cM1nmA/NN8ba9ijvVA/
HnXNeubb3y3aA1bl1djZxngAwOQ1Sr9aLobmpbL/zsKrFXG7/fiz2DmachOLJL97 cMTAloqLf0OdXnzUNrdabQ4rxvQaIeW2iyQjyjQEFKLOOKcqwvtu4Wy9w4DibfP4
PU1j9MTspdH8VtBXX1KFyOSQKBRoGtYmG/OK5gilSXSSevz84KJiZw1ReIMXCa77 U2IY6QVehXNXveg5x0wvfxH/gMT9Vp0N3xCBwx89Bh3OS1x9ViXVObJDLWwO/ZxC
8Qxgzs7bIccDSBVzfzxjFADQxFY2jm+g8mr5b17byqO5wiNlLaGyneQeGMsI6H4Q BGbFvqM/RNJ0ew6MUYDU6Tre6LAvPcLgYL2dlywZGWG2OJC1MOajDnRH9iRgBZdT
6yI9K5QPEcFa9AErInwKFQ==
C.3.12.1. S/MIME Signed and Encrypted Over a Complex Message, Header C.3.12.1. S/MIME Signed-and-Encrypted over a Complex Message, Header
Protection With hcp_shy (+ Legacy Display), Decrypted Protection with hcp_shy (+ Legacy Display), Decrypted
The S/MIME enveloped-data layer unwraps to this signed-data part: The S/MIME enveloped-data layer unwraps to this signed-data part:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
MIIUEgYJKoZIhvcNAQcCoIIUAzCCE/8CAQExDTALBglghkgBZQMEAgEwggo7Bgkq MIIUGgYJKoZIhvcNAQcCoIIUCzCCFAcCAQExDTALBglghkgBZQMEAgEwggpDBgkq
hkiG9w0BBwGgggosBIIKKE1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt hkiG9w0BBwGgggo0BIIKME1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5LWxlZ2FjeQ0KTWVzc2FnZS1JRDog ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5LWxlZ2FjeQ0KTWVzc2FnZS1JRDog
PHNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1zaHktbGVnYWN5QGV4YW1wbGU+ PHNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1zaHktbGVnYWN5QGV4YW1wbGU+
DQpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NClRvOiBCb2IgPGJv DQpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NClRvOiBCb2IgPGJv
YkBzbWltZS5leGFtcGxlPg0KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMjoxMzow YkBzbWltZS5leGFtcGxlPg0KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMjoxMzow
MiAtMDUwMA0KVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0KSFAt MiAtMDUwMA0KVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0KSFAt
T3V0ZXI6IFN1YmplY3Q6IFsuLi5dDQpIUC1PdXRlcjoNCiBNZXNzYWdlLUlEOiA8 T3V0ZXI6IFN1YmplY3Q6IFsuLi5dDQpIUC1PdXRlcjoNCiBNZXNzYWdlLUlEOiA8
c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLXNoeS1sZWdhY3lAZXhhbXBsZT4N c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLXNoeS1sZWdhY3lAZXhhbXBsZT4N
CkhQLU91dGVyOiBGcm9tOiBhbGljZUBzbWltZS5leGFtcGxlDQpIUC1PdXRlcjog CkhQLU91dGVyOiBGcm9tOiBhbGljZUBzbWltZS5leGFtcGxlDQpIUC1PdXRlcjog
VG86IGJvYkBzbWltZS5leGFtcGxlDQpIUC1PdXRlcjogRGF0ZTogU2F0LCAyMCBG VG86IGJvYkBzbWltZS5leGFtcGxlDQpIUC1PdXRlcjogRGF0ZTogU2F0LCAyMCBG
ZWIgMjAyMSAxNzoxMzowMiArMDAwMA0KSFAtT3V0ZXI6IFVzZXItQWdlbnQ6IFNh ZWIgMjAyMSAxNzoxMzowMiArMDAwMA0KSFAtT3V0ZXI6IFVzZXItQWdlbnQ6IFNh
bXBsZSBNVUEgVmVyc2lvbiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L21p bXBsZSBNVUEgVmVyc2lvbiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L21p
eGVkOyBib3VuZGFyeT0iY2Q1IjsgaHA9ImNpcGhlciINCg0KLS1jZDUNCk1JTUUt eGVkOyBib3VuZGFyeT0iODhiIjsgaHA9ImNpcGhlciINCg0KLS04OGINCk1JTUUt
VmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2 VmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2
ZTsgYm91bmRhcnk9IjU4MiINCg0KLS01ODINCk1JTUUtVmVyc2lvbjogMS4wDQpD ZTsgYm91bmRhcnk9IjZiZCINCg0KLS02YmQNCk1JTUUtVmVyc2lvbjogMS4wDQpD
b250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0DQpDb250ZW50LVR5cGU6IHRl b250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0DQpDb250ZW50LVR5cGU6IHRl
eHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIjsNCiBocC1sZWdhY3ktZGlzcGxh eHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIjsNCiBocC1sZWdhY3ktZGlzcGxh
eT0iMSINCg0KU3ViamVjdDogc21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLXNo eT0iMSINCg0KU3ViamVjdDogc21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLXNo
eS1sZWdhY3kNCkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KVG86 eS1sZWdhY3kNCkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KVG86
IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIx IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIx
IDEyOjEzOjAyIC0wNTAwDQoNClRoaXMgaXMgdGhlDQpzbWltZS1zaWduZWQtZW5j IDEyOjEzOjAyIC0wNTAwDQoNClRoaXMgaXMgdGhlDQpzbWltZS1zaWduZWQtZW5j
LWNvbXBsZXgtaHAtc2h5LWxlZ2FjeQ0KbWVzc2FnZS4NCg0KVGhpcyBpcyBhIHNp LWNvbXBsZXgtaHAtc2h5LWxlZ2FjeQ0KbWVzc2FnZS4NCg0KVGhpcyBpcyBhIHNp
Z25lZC1hbmQtZW5jcnlwdGVkIFMvTUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1MjNw0K Z25lZC1hbmQtZW5jcnlwdGVkIFMvTUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1MjNw0K
ZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlz ZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlz
IGENCm11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5l IGENCm11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5l
IGltYWdlL3BuZw0KYXR0YWNobWVudC4gSXQgdXNlcyB0aGUgSGVhZGVyIFByb3Rl IGltYWdlL3BuZw0KYXR0YWNobWVudC4gSXQgdXNlcyB0aGUgSGVhZGVyIFByb3Rl
Y3Rpb24gc2NoZW1lIGZyb20gdGhlIGRyYWZ0DQp3aXRoIHRoZSBoY3Bfc2h5IEhl Y3Rpb24gc2NoZW1lIGZyb20gUkZDIDk3ODgNCndpdGggdGhlIGBoY3Bfc2h5YCBI
YWRlciBDb25maWRlbnRpYWxpdHkgUG9saWN5IHdpdGggYSAiTGVnYWN5DQpEaXNw ZWFkZXIgQ29uZmlkZW50aWFsaXR5IFBvbGljeSB3aXRoIGEgIkxlZ2FjeQ0KRGlz
bGF5IiBwYXJ0Lg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQot cGxheSIgZWxlbWVudC4NCg0KLS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhhbXBs
LTU4Mg0KTUlNRS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rp ZQ0KLS02YmQNCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5zZmVyLUVu
bmc6IDdiaXQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PSJ1cy1h Y29kaW5nOiA3Yml0DQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD0i
c2NpaSI7DQogaHAtbGVnYWN5LWRpc3BsYXk9IjEiDQoNCjxodG1sPjxoZWFkPjx0 dXMtYXNjaWkiOw0KIGhwLWxlZ2FjeS1kaXNwbGF5PSIxIg0KDQo8aHRtbD48aGVh
aXRsZT48L3RpdGxlPjwvaGVhZD48Ym9keT4NCjxkaXYgY2xhc3M9ImhlYWRlci1w ZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+PGJvZHk+DQo8ZGl2IGNsYXNzPSJoZWFk
cm90ZWN0aW9uLWxlZ2FjeS1kaXNwbGF5Ij4NCjxwcmU+DQpTdWJqZWN0OiBzbWlt ZXItcHJvdGVjdGlvbi1sZWdhY3ktZGlzcGxheSI+DQo8cHJlPg0KU3ViamVjdDog
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5LWxlZ2FjeQ0KRnJvbTogQWxpY2Ug c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLXNoeS1sZWdhY3kNCkZyb206IEFs
Jmx0O2FsaWNlQHNtaW1lLmV4YW1wbGUmZ3Q7DQpUbzogQm9iICZsdDtib2JAc21p aWNlICZsdDthbGljZUBzbWltZS5leGFtcGxlJmd0Ow0KVG86IEJvYiAmbHQ7Ym9i
bWUuZXhhbXBsZSZndDsNCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTI6MTM6MDIg QHNtaW1lLmV4YW1wbGUmZ3Q7DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjEz
LTA1MDANCjwvcHJlPg0KPC9kaXY+PHA+VGhpcyBpcyB0aGUNCjxiPnNtaW1lLXNp OjAyIC0wNTAwDQo8L3ByZT4NCjwvZGl2PjxwPlRoaXMgaXMgdGhlDQo8Yj5zbWlt
Z25lZC1lbmMtY29tcGxleC1ocC1zaHktbGVnYWN5PC9iPg0KbWVzc2FnZS48L3A+ ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5LWxlZ2FjeTwvYj4NCm1lc3NhZ2Uu
DQo8cD5UaGlzIGlzIGEgc2lnbmVkLWFuZC1lbmNyeXB0ZWQgUy9NSU1FIG1lc3Nh PC9wPg0KPHA+VGhpcyBpcyBhIHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMvTUlNRSBt
Z2UgdXNpbmcgUEtDUyM3DQplbnZlbG9wZWREYXRhIGFyb3VuZCBzaWduZWREYXRh ZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVk
LiAgVGhlIHBheWxvYWQgaXMgYQ0KbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3Nh RGF0YS4gIFRoZSBwYXlsb2FkIGlzIGENCm11bHRpcGFydC9hbHRlcm5hdGl2ZSBt
Z2Ugd2l0aCBhbiBpbmxpbmUgaW1hZ2UvcG5nDQphdHRhY2htZW50LiBJdCB1c2Vz ZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZw0KYXR0YWNobWVudC4gSXQg
IHRoZSBIZWFkZXIgUHJvdGVjdGlvbiBzY2hlbWUgZnJvbSB0aGUgZHJhZnQNCndp dXNlcyB0aGUgSGVhZGVyIFByb3RlY3Rpb24gc2NoZW1lIGZyb20gUkZDIDk3ODgN
dGggdGhlIGhjcF9zaHkgSGVhZGVyIENvbmZpZGVudGlhbGl0eSBQb2xpY3kgd2l0 CndpdGggdGhlIGBoY3Bfc2h5YCBIZWFkZXIgQ29uZmlkZW50aWFsaXR5IFBvbGlj
aCBhICJMZWdhY3kNCkRpc3BsYXkiIHBhcnQuPC9wPg0KPHA+PHR0Pi0tIDxicj5B eSB3aXRoIGEgIkxlZ2FjeQ0KRGlzcGxheSIgZWxlbWVudC48L3A+DQo8cD48dHQ+
bGljZTxicj5hbGljZUBzbWltZS5leGFtcGxlPC90dD48L3A+PC9ib2R5PjwvaHRt LS0gPGJyPkFsaWNlPGJyPmFsaWNlQHNtaW1lLmV4YW1wbGU8L3R0PjwvcD48L2Jv
bD4NCi0tNTgyLS0NCg0KLS1jZDUNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpD ZHk+PC9odG1sPg0KLS02YmQtLQ0KDQotLTg4Yg0KQ29udGVudC1UeXBlOiBpbWFn
b250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiBiYXNlNjQNCkNvbnRlbnQtRGlzcG9z ZS9wbmcNCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJhc2U2NA0KQ29udGVu
aXRpb246IGlubGluZQ0KDQppVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBQlFBQUFB dC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCmlWQk9SdzBLR2dvQUFBQU5TVWhFVWdB
VUNBWUFBQUNOaVIwTkFBQUFjRWxFUVZSNDJ1VlRPeGJBDQpNQWdTNzM5bk8zVHBS QUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFBQWNFbEVRVlI0MnVWVE94YkENCk1BZ1M3
dzIwZHFwYmZBUlFFak95d2l3WW5DdGtES25iY0xrNjZzcWxUK3p0OWNpZGtFKzZL MzluTzNUcFJ3MjBkcXBiZkFSUUVqT3l3aXdZbkN0a0RLbmJjTGs2NnNxbFQrenQ5
d2taDQpzZ3J6ZmNxVk1wTDJqbzA0NDdnWURwZUFyaytPbkpIa0loQWZUUFJpY2lo Y2lka0UrNkt3a1oNCnNncnpmY3FWTXBMMmpvMDQ0N2dZRHBlQXJrK09uSkhrSWhB
QWY1WUpydzd2anYwWldSV00vdWxpDQp2ZFBmMVFaMmtERDl4cHBkOHdBQUFBQkpS ZlRQUmljaWhBZjVZSnJ3N3ZqdjBaV1JXTS91bGkNCnZkUGYxUVoya0REOXhwcGQ4
VTVFcmtKZ2dnPT0NCg0KLS1jZDUtLQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0R d0FBQUFCSlJVNUVya0pnZ2c9PQ0KDQotLTg4Yi0tDQqgggemMIIDzzCCAregAwIB
OZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjER AgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQK
MA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2Vy EwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBT
dGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5Mjcw IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8y
NjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYD MDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg
VQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC V0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOC
ggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg AQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwt
9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07 w/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6
k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74 rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXm
zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY bk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcA
9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r x3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnl
8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcG sukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB
A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5l /wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNl
eGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNV QHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQD
HQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfx AgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSR
CShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRG MI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwW
zJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5 pAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3W
AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5U qMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxOD
zpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGn Wq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFb
UZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19o Zbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4y
WZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgw iuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L
ggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUA 0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZI
MFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhT hvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAv
YW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEy BgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
MDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYD IBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElF
VQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqG VEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCC
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI0
078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6 5Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0Fpfg
uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEO yC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPE
ls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBl wjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNa
fkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4Ku u5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0
ElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8w zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsC
gawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0R AwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw
BBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAO ATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsG
BgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8G AQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ
A1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IB 0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcN
AQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAo AQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNw
cCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoT YyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhy
WgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2z I0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/w
L3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF vXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5O
07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSr Dxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjf
JNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRG rgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNV
MREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBD BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglg UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrO
hkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ mqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJ
BTEPFw0yMTAyMjAxNzEzMDJaMC8GCSqGSIb3DQEJBDEiBCBllHSf7b+HyaqXmEwT KoZIhvcNAQkFMQ8XDTIxMDIyMDE3MTMwMlowLwYJKoZIhvcNAQkEMSIEIFT1fYL9
DQLFcyd845Y683fln5KaB6NJmjANBgkqhkiG9w0BAQEFAASCAQCRRSDM+MtNb5av gAEHvzGwOrKYPQPsCdQ+Dvgh0flzrEz5H3UXMA0GCSqGSIb3DQEBAQUABIIBAIaD
W1U6o2LxrDXrrIy7lb8Vw1D3gHSgEaeZ3ZvZ6OefQPh4OkHNy/oescj+rKZzcLHB 09L9rNPSxDuaCb1sGOVYYWZmZ17BoLp28exTLU4Z2peJZiipmAZUAuKGeZ1CdLEC
s3RZ9Tnybr7p3kawIEFv1DW3aiyXQ49gQyPHn2Nwi6hK7Gn5d7rjSFuzprWYACg7 VqQ+t2snrG6EbfDad8TT0xmP3BXbQdeIO+hftHNyM9B6MkRlaWIcMHzuW3q62w6d
hAVWBd4/prAE1mNMR4DOOXoPYZn+ggJb/oaagcbdEy3WrznO2n6TW6Eb7bBoUT4t 9dMRg4G/PxUWWP7L9c4M3t5zsf3S88JcWA5zLyXxScvYtT6Qccu43HSXciTWb9rQ
IrZRWxPrdP30T7N1eHMmCDNGSXt/fC9rgcRLz+cj+1czfU1Gf+qIxg05HyrVMrkL vkEwATVblSzmhVA2KFICXRw8s6OdiLy9q0l/8OdXZ8oZBpRgPbn0s8Zp0yX2bldF
+XiCEoOck2+pbpz5WFPcmnRXLgH2FMlSNWU5RwbRu5YZejoKBiUZNlUmlA08d5JV w/7Rag0W1j+d3uefP3kxLm62jnd17H3TLlpqNqKo86Ho0TG/Tuwqi3OsBVnOqrBD
U3Zqnl/G RzEIRwi/BymNcaR2Bac=
C.3.12.2. S/MIME Signed and Encrypted Over a Complex Message, Header C.3.12.2. S/MIME Signed-and-Encrypted over a Complex Message, Header
Protection With hcp_shy (+ Legacy Display), Decrypted and Protection with hcp_shy (+ Legacy Display), Decrypted and
Unwrapped Unwrapped
The inner signed-data layer unwraps to: The inner signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Subject: smime-signed-enc-complex-hp-shy-legacy Subject: smime-signed-enc-complex-hp-shy-legacy
Message-ID: <smime-signed-enc-complex-hp-shy-legacy@example> Message-ID: <smime-signed-enc-complex-hp-shy-legacy@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:13:02 -0500 Date: Sat, 20 Feb 2021 12:13:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...] HP-Outer: Subject: [...]
HP-Outer: HP-Outer:
Message-ID: <smime-signed-enc-complex-hp-shy-legacy@example> Message-ID: <smime-signed-enc-complex-hp-shy-legacy@example>
HP-Outer: From: alice@smime.example HP-Outer: From: alice@smime.example
HP-Outer: To: bob@smime.example HP-Outer: To: bob@smime.example
HP-Outer: Date: Sat, 20 Feb 2021 17:13:02 +0000 HP-Outer: Date: Sat, 20 Feb 2021 17:13:02 +0000
HP-Outer: User-Agent: Sample MUA Version 1.0 HP-Outer: User-Agent: Sample MUA Version 1.0
Content-Type: multipart/mixed; boundary="cd5"; hp="cipher" Content-Type: multipart/mixed; boundary="88b"; hp="cipher"
--cd5 --88b
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="582" Content-Type: multipart/alternative; boundary="6bd"
--582
--6bd
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Content-Type: text/plain; charset="us-ascii";
hp-legacy-display="1" hp-legacy-display="1"
Subject: smime-signed-enc-complex-hp-shy-legacy Subject: smime-signed-enc-complex-hp-shy-legacy
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:13:02 -0500 Date: Sat, 20 Feb 2021 12:13:02 -0500
This is the This is the
smime-signed-enc-complex-hp-shy-legacy smime-signed-enc-complex-hp-shy-legacy
message. message.
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft attachment. It uses the Header Protection scheme from RFC 9788
with the hcp_shy Header Confidentiality Policy with a "Legacy with the `hcp_shy` Header Confidentiality Policy with a "Legacy
Display" part. Display" element.
-- --
Alice Alice
alice@smime.example alice@smime.example
--582 --6bd
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset="us-ascii"; Content-Type: text/html; charset="us-ascii";
hp-legacy-display="1" hp-legacy-display="1"
<html><head><title></title></head><body> <html><head><title></title></head><body>
<div class="header-protection-legacy-display"> <div class="header-protection-legacy-display">
<pre> <pre>
Subject: smime-signed-enc-complex-hp-shy-legacy Subject: smime-signed-enc-complex-hp-shy-legacy
From: Alice &lt;alice@smime.example&gt; From: Alice &lt;alice@smime.example&gt;
To: Bob &lt;bob@smime.example&gt; To: Bob &lt;bob@smime.example&gt;
Date: Sat, 20 Feb 2021 12:13:02 -0500 Date: Sat, 20 Feb 2021 12:13:02 -0500
</pre> </pre>
</div><p>This is the </div><p>This is the
<b>smime-signed-enc-complex-hp-shy-legacy</b> <b>smime-signed-enc-complex-hp-shy-legacy</b>
message.</p> message.</p>
<p>This is a signed-and-encrypted S/MIME message using PKCS#7 <p>This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft attachment. It uses the Header Protection scheme from RFC 9788
with the hcp_shy Header Confidentiality Policy with a "Legacy with the `hcp_shy` Header Confidentiality Policy with a "Legacy
Display" part.</p> Display" element.</p>
<p><tt>-- <br>Alice<br>alice@smime.example</tt></p></body></html> <p><tt>-- <br>Alice<br>alice@smime.example</tt></p></body></html>
--582-- --6bd--
--cd5 --88b
Content-Type: image/png Content-Type: image/png
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--cd5-- --88b--
C.3.13. S/MIME Signed and Encrypted Reply Over a Complex Message, C.3.13. S/MIME Signed-and-Encrypted Reply over a Complex Message,
Header Protection With hcp_baseline Header Protection with hcp_baseline
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Header Protection scheme from the draft with the hcp_baseline Header Header Protection scheme from RFC 9788 with the hcp_baseline Header
Confidentiality Policy. Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 10575 bytes └─╴application/pkcs7-mime [smime.p7m] 10575 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6820 bytes └─╴application/pkcs7-mime [smime.p7m] 6820 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 2345 bytes └┬╴multipart/mixed 2343 bytes
├┬╴multipart/alternative 1136 bytes ├┬╴multipart/alternative 1138 bytes
│├─╴text/plain 389 bytes │├─╴text/plain 390 bytes
│└─╴text/html 484 bytes │└─╴text/html 485 bytes
└─╴image/png inline 236 bytes └─╴image/png inline 236 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <smime-signed-enc-complex-hp-baseline-reply@example> Message-ID: <smime-signed-enc-complex-hp-baseline-reply@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:15:02 -0500 Date: Sat, 20 Feb 2021 12:15:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-signed-enc-complex-hp-baseline@example> In-Reply-To: <smime-signed-enc-complex-hp-baseline@example>
References: <smime-signed-enc-complex-hp-baseline@example> References: <smime-signed-enc-complex-hp-baseline@example>
MIIefAYJKoZIhvcNAQcDoIIebTCCHmkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIefAYJKoZIhvcNAQcDoIIebTCCHmkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAB4+rUywYwd5++VSpboCoB0ZnRSxJI2onFBv Boq0MA0GCSqGSIb3DQEBAQUABIIBAAh8BW90JuemYqxwwiLjK0/1puC5akUSDDzw
klMu5xi3XKYXOMBoxnRCzqXrG5U56fnqNGN61fytQNYOuPTYzb8PE4x22E1DGTGl nwIP1+zCjV+RBTnuJbc1Yt80deysj0WOADJQxHdjGLqhqwy7tYChAopgpvEmZIFN
+PreSLEb/poN0c9k4Of72wBi31tN9e6cNJI45aulpg7lsyfqR2Hh1sNUkO+/qeBv 9GOioUSRxGHbRc9fG+OPKYhTqxy/sPWY2E69RjE08wgh3+g1NLGW968F2hQ8T955
C4+6xvR1zudZARFPFBVbSg5Y78mHBc6Eyeu9Dprv3sMIej/t2WLkfzsyZQB3ip6d aWD6gffqhVHgUg7ZyBV45TwaqJhtKU0NykP8fM7QMTLfAleXwhfC0XDg/edowQSZ
y7r4Hrl4nTn3NWf1T5PiLU7Md0iAXmXk4+5ZMVHguq/YAQ1X24Nqloih4RJb4+tB +8Akm+Q6Z0Wc+f19QSNVUhs57E3Aj0RXeUzVND+uaajAyWEv5IrkIZsYyqoA3346
JKvZuwldG48r7Xh3N4sDuefzNJyZruC6T6bL6oKIydOxbftbBKAwggGEAgEAMGww 1bGfkgqa1rZwCr0nd47+L/JSIEigsEs4BO4HCL/3152nd+ujEiwwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAoDxdIdVEOaRiQQ80GO/7+zdr HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAY/JjLXmn6NbOt3TjrWIQyj7z
XaL2a/LqIOQgeDC7+NarHKxIPGromx5GGs/0A7Hc1WmUUAEl26/3yULmY1RIQ7FR UqVUsuGDTnOvGzlmr3aX7MAGb9gcbiJvbEi1qBddKbc5hBy5MOAaa2eahJW32e66
QbfUzddUUlt7nSm3k4J9dVENgfhpqIjZYp4xqsmJNYYbBH0+GL85BMw8MpB3ndvE Q2YcvCrj56tjKGHnKCKNhEyQaBIJwa586dT87MAlhCgSAOlPRWInWkH8yjHkxgF5
d7pzGCHWYtN/7mPYmf1vJmfC25u3kkmkcuFWafKBCfai6fSe85UQg2G5Y/Q44tNb VXw2UuH1zk2momhA0c9dkX2vAXihIaldSQXrhAKcaUYH23VcelUtFitlyo3jbs4V
B5Q9N3QbFysX+u5etKwnPd08rEL76BflCBhTu6gOaO3HodL/A5jGu8kg9CXqkSwW sSdYOhfEU7agSSCuUghB2SYTMe88nrh/PUuL9BCx2Yfmu/UOq6enkK6zhGGw2hY0
vJ+tVggRQTU/Z7hxav2kDa0weKsCdOhSCPbKl4e9E+l6bc2QLg6GnIu2Eu+bYjCC zMACnCBtdAcaXBCsdXDd0rJQdD8lvXE8GlR0VIdUAo2KVmww6dD0XpyChiJccDCC
G04GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEMIDwGtky+IO9HP6uP4Udg6Aghsg G04GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEML/LZyVd/Cgei/l+M1kHF2Aghsg
v/eTch+9+5zUIxYIGGJHR0R2nyggJcHXvA8SU2XqzstdG3b7AzrDoIRcKjqiCVSF 1TX6aXgTAJEAbBbbnV1Af5NLxsxal9GZ9AKi4pWk+1lOjzvfxxAOpeMH5z4jH+3r
4iojFAqAw0A0rFecSokWgHtqL3DAw4BTlIc/alh7n4IuENIEpdX8wIE3X4xd9np1 +mss2RN+DVdfItsa72lXat6FdC6+RFU5RziCGJdbHIvRzw29BWRQW/eem+RXhi4t
Vic3K4eq3Er3WoHNssA8gazrU2Xinftqt15S6sCy5pSK7PN1kxWUUBp14lWRMFRG VST7l6ND87C+BbWwVZ0JDj3yHXWxYGSgzNNHb2Ix4wnf2DWbWqtHl+7SNiAh7QgE
iWr6IfyVm9By2whh80v7p/bRqC+4rwmIqQU3SuWzMj8oyrrmAlt+A3zEPRwwjj5p 8wlv9KM6Qi4OEwyAEPBxtkGnrGYgChBrchvcjsV/TtQx8WeK/0z1uNDwbVtUPaep
hRAUVeAZwFZN7BVNtqGN34LFdlsLs0YXWXWkrhFF48nL97yxufY6eJt5j/I+L46k UIMOuIf2vCcp27FkWyh6OJdwWVeRg3af81vxfaStN2GbKATt9fh8RwNACtGfVc+u
2gufwjkVM8JNQ2LeIdJgBfJDny/zXG0Uim4OOm1G4VrwfoLRDgbidVGWYShiyYd1 NpjL4Qf8FMGbfuextkmlq0U1nsGZP3O1JO+VDrpkLRPoLk4bjh6Wk0mEbvjRFeNX
azu5pTjhnK+o0tn/SQ0y6wmSwUtHry5zAAI7oiMoAfQOvYRHZ0iE0fMUw45dW7jH ZUVMWVbnDH4Z5+t0IXNV3T59fsJ7QqnHOKqGL1y09fZTIc6lNA3bELXM0nSgDP5Z
COFSIO6nh9ieAUPodc+Br1o+ICvD2I1VGXIEtUk3/nC2iXcaMxvAUNVN7f6YqM4H iDQLyTcs0nk7YooEIUXOlUMt3FBS1SR+ieABPj7lzCn/6bg43QS6tbtvx/12bJxC
0+ABTX3JUYvw0GvPWegMRZUax478CqIW6I29A8hbJE2/nA3YEv+TiRggBFKfJKS9 C8ZE+dq08TDiWGSn3vPfADBt+7reZaKXNAH+tFVcW9Q6GbgAVwvwNynjRySTfzK8
9CgLD09e0mD88+NZRW8Xh1UfGHg538KK6mZT6NooBdT+Q6TghMDsxWHfZGTMpacZ HearG5r9F8ZtgV/Fmedod4s8/VxGdq9gl+zOR0nmE8P3k2PY6pAWbBRb1DGfDMwm
HVQ0IPvC143eODBQ/dhI5ijA0teab/EPV1uevc8ezHKJymBMX+VJnBf7D/IPygjd A62aiLzM5cc4Ikri1jexndSQDowQpnllD+RYLWYEni0NhE8ueM0iN7Vfv4b8Bxts
c42YtLuW7Gon/rWkhJiDNwJ/YUkUUSnRI3JKGqfuxQ5Q5nIfrQFziRKTHEvL3Xir iisQ7M/lcbrCTQQjR2GNpq3WD756ARlaCIO5zqXMkE6I1HxsJFYGjQWYo/bRqdK1
74jR+Oj5HuLVRhYV+uA3+DD8dwe8EGu+HPDfmzGkAWGWaLtrojPlyrzcEs12jPMq 8nzEbRL0vcNSIr0jcH6lbizm1otU3bDdqBXlteKW/4CONB61hXYwMaoG59z3YVaE
Q4dpFTfEJsKV2vj0MkoK6pSmPYAcJsaRKyVykZwILOZ5O46E/wYZ+JV+bB7vgn91 GoazwiiAXaFZDIZ/so1sQAHuy7Liwodd0MY/FxOrgCQkN4E0CMYxhW+3Zv/lSpli
7u+6ocEJbeNzloIkpkD56vDPEzNTDs9zGOZdA4q2FM31ITK/fdgtznQuu1/0FY0f 2IDnyaMZOBoIIzLw8uJvHw5XeI6B7vr0LKgd/JyEuhqtHNU+q4fW1hUWF6rFmP+5
5O7fhnUIIfFGkEro0Fm1Cq4FjljsJIQF8zeIn623dFfW5E5wicuLXBWbx+lVlcI+ 88I5LlTmKYHAs5wNdI4RnhZ96nFdjz2sG2Mxv3aChuzrfYmCM+/88NSB8QdZB5Xd
854RcFUrAjK8C0xUlJH3tK/DK3Pee0QVi20wbcdYWBYQ9mGA2kOaJO0c4Cd9fg9V H5FTwjizYdFoAaobAIyme8x5HRqjd+GTY/sqq5aUgs388CCQE22F8qExCE74bL0Y
i1VoqxwW2RO3SBAilYBmZOQEaoyOTLjvr2TCK1LQQFv/rCi+Mv41ggF/9KAGOaFA YT2NX28Sp6C4i9ULMxV1YnlBy5WFdBz+3kd0vI/+c7nkxjgfmDCZeOVlrzlJM9yJ
8b2hoYDWP2MIZBbZMlp+SVENRVmjdV5ok+NW/nFlC/eD75BH5AZyzkatfE4S1oXj aDvcOIRrPjn7XlPYOaquxzBgE9wz4zrS7IUcnezipoNiunEYHpVIj7LU0T6zuE0o
Qlyle+fGzD3ia0xuzOi++PsdU/7SRXefnJog1hpKormrLE4WACamfLVCFPiEepPM Fu/dcXmeb7njOs/R09hm7kipEpM75kz00cYEvlNBfsH7llPMoKpqoTK3K+c9GXyA
OYCiy+2Yie+jRTEiGw5gSP6GLH3Q8QDPX7Ycd7bDTt7Kv1rJ9/u6nM3N72qfU0sO wBbXL++MzgRfNubhSqOOuaaXRLYiqkpGfmvFkUYzNGsgyq6+Bkwjit0XG1WgySo1
KwDQf/b85KgbM5Dl1UWBG/oWmTSicq5rfKRknyJIUulfk13QxmYW1yk3ZSPSlA6x 3uoQ7GDzmxE9VNlSVKPDSPiuDPQccdfN+BlD2lVjrSS5Koon+vl3McJm8zlX+UaR
opMhoGLOk+BJsmWWVPYuZb7X+UbpmaqPAX9jhezzpGo56Z/4o6lK+ydGs2IBMR4b wAOdhVjsOJJvpyoMI6Vvlh26oYMqpPdwvp/eBBiZREuDpDdIyefd9aMnYokY7iua
BXGozhRp+tTw+FV5NeZn7BbjgupRrMkybLP3ihAiMPpKBjl1+ZWV79SnwQmsRrmV KucdGoryEc+wnBTsnTryfOtU6UwmjqQexZFeLrce9FJ65SAr0zlln9plNjloUauE
iGeLd9rH4A/Wp4Le8M88ZbCursTbGMZ7AcTZved4GdNFi5tAzieyUfuOgeQePKSR YpIQWtwfwlNHG7VEwjvKdO7llfc7zJCfUZUCHogMoo3rl6WsK6QSKNf/kl8/FUjO
GiJ8cObCYK23tDzBM4czpxtoT1hayHIgeRrKzE8Ve6K6fd56Ycaw/AdnB+orIpc8 /iccHsKVWRWcNn9MuXchhEwR+QvI26f5/CD5ErXSy/wxk0mm6V2fbd5Oei+HlTz9
ZC7yDKC9omlIYhs+v4iYpzSeAllZ1EMY/PUcAKMGpjj32fvdZD1mfO+5GuXSis4q hIDYGHxJPjAq83YVPQ4r1Ndy682QNDL9oNz4ENFgYRj8Q8G2OF4IDG6MDOxSBNuu
mpr8giCDhPCs5INWBFyFVAy4dXJSszOnfptphOBM+DXgU0opZzi46nRyDK4rH1XX uRcjTvE5bl8OhZvqOF45NyKQZh47XtF6ESrYI45DkqpHDxNeIQG5Fowfzz25SCy4
eAJj5Xn4vA8rMoiRZkzTBanMuDCMH7eBftzV6tE1LwJvGpsOtTsluYmY9CK/g6bG CNQcibLe4cYNylTqfAHa9FHDMBW3kJJDHtmaX17Zbtyz126S9QvJiIR8x7W81lSB
AXNi3DZF6r4PYsSvhA4DvODVhu4ZyYuavo7KBwp+79oz9/oR+aWoQ4yyPH66tOQ6 IEbOMmZ6rNCok+7P5JB565//+T18y8dNxZPLtSbBx7XO3b9REiTR2s7M8jYOjKja
v+PdlZ6j/KmLFDdZkGND0+4xJqrf6L2MIe3K+GFfuCW+QB9zu+prW627gFnL8EeA /7CWWX/fAQeivjy+9jFk/fD5x3w/Sn1uFQCBUmf5YflkzEqqr0jq0ZjxbzawgNkx
M8EDJI7IYoCqcc5pjTejeOEyVTOjhxaTtbqKkYtvidDxQUYvlxVBzGClv/BuOhGi QmtG4GtUr3K49MaC/XJ13/iOONRng4Y3q1h+4mdE6c1n+CpG/BrRBb5bxZrGcqJJ
8HntDWHPTHFfDvKeWJ44vAMATWzWtlEoAyMtpAWboN9CYv19V5GfwSdQdYEQTC8v swlvoUelHwyKXoXloc/RholYC1NB7NKJASm8+JO9ugcKDfQBREg/4dIV3SQufftG
VAXvf2ucI7RFQI28Uv8g1IHdh+oHNq9QsY+d2ItswzJKRhbUU1GX9oXrR5snKTHJ xJyoESXAoG5TuW6a2vDhfLZ45WDDuVBuId4uiZX0E/5xT5SzW1ZWfZZi2ZHkRWDq
ZG/loE0tOzgmXX8AEmu7onPtAhF0jrnJ68EACVQpc4vWcJ8x2FyFwfUQTmcbqFPc F15PIfOXXfHXh1PUJOBlx+fwKC6mrQV7oRMRVWunWPwk0tSxuPolCIKtRuodS1Ee
YUIDyZLJ1oV3eXPCSTYBc0LCFlkaaz8XXSLOEwBBcmvu3X5enPi3ac8LdPH7vjEr 9RzI2Xy9QLX0AjUSr1iAjvCmcfIfvxnyX4KRvwHuAxOFTNJUxR7pYRwJz7xbUeW6
ZvbbQHNgzvX/QubBGpA3gYb0sKMv7tZtoQ84ZLvPisqoNwzETQRRwljoomekk3Cp JjjjCb+52/jmC6WmLr/aSsNq7PyaWHBR/N01Kt0Z3T/fWdQ3+cYgnDTw0wmvqR55
gSLSy8xqc4Ip5Auf15Bu3VMp1J2XtFphfSIao2FYXkliiATRVCfV8LsKWWyfOYZy xJ6a9qiYytowff0YaDGwaWEUpgisrfFVNei9sVYLo+4pzT1OXx2pQ31NweMn17rm
owJrYBtJ+S0kRK8X1Lc9EYpBTJ+evNXjHO2t0S6B4j2y6VFePVplzEXWn377tZzu A/9xue4vauFZ/FPQ1G1ys5FemIO5z0COpXrceLejBb+5ZozQdHSKmxuaEHaReu4v
su3AhwlQ98rkaZYHxCTS2klFlePjwJLUFmL4qly6jBBdGjMMxZWsgn/MMACJBYWH jR7j4NYDfP7LFB3nRB6I+QbjuxHy+xl0bESB7iALO7P72Y/4dR+6gbHZLngirHQE
qbhCvcxfl3D6AhED40/DnN57yh1nJDj6nVg8tq2KOIocom75nXoOEOmM7kSZuwIS 2RktRXo++8uJ4jqfmLBVzszG1C5R2AG90hA7VLZs7LU7V6E3nzwZllcgxCSSR+gN
dr4HhRk2ZlzyPX3rrcX85VMGUjPaiI4/E3l0fWi0mk4ZRAih0fM3IfMFe0Wdw2O+ e4f6d261oCkJ+pT4JdCM0ZbrpfxFBitm9R7QuTkrd3dTbQ7OVU8t+3rzY2MeIt8R
9umTwAvIYggG6ZqEiJz8uKpZk+0pqxXkaZlY0h203KHg3s1BKcJbfZOPPZ6tfex1 WNgTc58ThYo3OABAGB4DspLRIywR7Dr1osj1du90vIWnS1LWWSqKQdEu7E9Oha4M
0Bs7B4K3z9swIct1uqoVF7rHjZ0VOINkLT38ixkrkk7/JGPwXyuwVBZP1JWJRtUu qvwrtktLmGgKVijKI0PgxuxXWsFS98Na292l9ZYtbtxptKpWI1G/rNarBetgNVG4
0hDZUMXK+B3tD8W1M0Lq8tx0MSBPf3BIP8ttWSYUlc7IQYGRs52PoMNApWw80Vty J0ohqzOZd06F4CQHfI+1dE/a8g4xDcdZmnDDS4/fr1GhhS3HZVm4csjIyB+YSHmz
mjDwKZ/rS86T2wujRG3AB0hRIQcyMXi42dWsDSHIdzjexOILddgDbSMJiW2Vneg/ cMIt1LW6aFj1/PS/ofQJ7eEjme5lSlRsY3CjAeM1EMJdXn9SLXtntPDaAm9Q62Wq
OEZ90WUxSi99ewLiB8Wjlh59942xIootNhKujfbFYgtUAbli43mXXqOzpsc5VbVw rgE+NSeWtyQyj37let2DerOY+rWwGtpx9hD3v/np/VWEIwSopORrnbNXb9VU6ILI
7c5HK50g6C5TQDG0aNYBqutP3d7df8abe1rtsZBcG2mfh+Pxh0LtsZrTziourUtE 1kfRe2mjEgtU93OE/4d9l1HNEu3JFe1+l3d2m04NrU0QQOx2bwIT9TCWVjYDqawO
b3xnh2EkOpudGTuOCjAkyGHIbMPhkXpJWoHojj66F8iToH8jL1eTheBnWl/NWQ3O OP7C7/DyxgkfE8f+BKsaRkoJ54h2OgA7uboeXBEjEeHwsIdZkM32vQg/tP4ftAOd
U/1jquVs6a0GbMImg5/vxIIW/qnozyDfrwsmFSfIhs0cNyJ6pUSeNMYRVUEtoK6n 4Hkl4ZxHqJF4ETuQv1KHUhT2aJQmQJJWpB5UoIe3/eiqKvHLujFsBsT0vidaeeqK
63DX9EQ0Bm/rKZhaznxHrH4u0b7amC8uXKHEK39JZaKg0gUNpjWXbVkJxBlNtORg x/QSDxYAYVCByJmcfutA4fJbC7AJvkJPTyYdgYqWFIMDCgu2QmtX8nuwDZchRfYK
LoBZzt4u0JNoNl3zdDM+2/+JNP0Gq90SO3SkAY31InkSjSB98OBJY6V+f+02nPdS BGBze0Pdcr4coEh/9d7fqlo6AtcIZKg/9ofWnzPRqA4zgL/Q0JP0mGQYWUf6G4n2
QoB+DFXtAk5EV9DYcJRFI1wCLCIhGMcy5n0lPrjucaUPwfbFd3JDkk7AzNtBpQQ0 aUNyAZRbfoPlNXWDY3cKy7kAHGZO7qU3QMeqpIffSDHHbaZ6CtarFBcDEwrLvk/8
W/BXtyvT6GFvWnc2P8cnKrXvGcb6YvN+i7mh9JbIC9rIl8x+iM6oXE9c7Xxz1l/8 Cap0aBGX7BxatCLjbb4iZpQvKKyPMZzyRD5oIgW8t74Yc1KnLsTKkp4JDDKcMQLo
R2VatyR3S7v2gj5X2hbqz1xgZHuX+ZaXm6muozmspyM2tNMolYpvpX/kmHN/RPzN k8h75c088PDo09secT3kqCkA+2a7I4PS3l7eTNjxa4HmGMDQa7ulso3O/LHmHKHG
vza7XzHXcZdqNWwHKub8Tl/ZIJeA12MMKDRpERDndaR4j0iyqZTMU8qCrtPhmmI6 TyilXA1Q0qluw/QmyVx8jA0EkDHsrVTA1KvF9O+kA1+9Zf8zg2riX3RrAaGXBCFz
A51LjLkN6Vy09AWmAEl35H+OtDOkwqE3E6DHgS8znl4oBfY+2+NtFdQmCKYF/EKr w4M3JosnZVCMRhEAXi0DNJfwlZ87MfrsvDtwLHzHayajuDaaCfbcPs0CARxHtTmH
s8NGezoAtPxq0Swh/crfgmfk3oOhv9FGM119qUU0LAMy9nUKv0Nsci+70cBR2Sus 8qxz75U6nL2PNTB36aoiMWMhUxA0d9J+e413A7Cl3NtSye9B6hwxUj1m1ik/ENrv
WPPZJDJW12F8z+oATPT5+XjEsGzm1AcWSVf4PG1tlSmBPn7RWmSAE74T1Eu0EvfX Ma2xbwJFeQKyT51pm4Dg1C2ptRbrka7/33XHNhmh8WWk6VbWLNf/jlKoFxs2qTff
4Vv84/BLcTo31H/caIT+SInxeDAON2aFx+gNRteIo+MMQeHNU1C+iHZnZs6ye1Vy 5j098PdbTSIuKBYh5CRSClv4NbsFZt17Vp9QVWRuK1rT8SCeA/Ev4HVgdX1lBTcX
ySJ7X2HijnisxBMkM0l5zJN75KdDpQrZt0c9/ko++AGIpYcSLzsyxL5PuQTAXWGA 2phDUZmWU2pi4A2Bsj/bYQHkaaxhGNSF6drlcRNfRzKExdZLK7ybaFQtJPnzzQVL
1ioCI7A3icYsSly7SLUZQXAFMcV6xVXL4zx4ACohEFgydA9s7MNnuYg/DC71qtHJ HOU0mzMMOS2rktQghpqwDrm9cnFjNn+7ZYfrqYq8pZ7I7wllMBRfnzC3emmNbabN
iWtODQK2cnP7rptU4R9u8524AwrZbTpvaJeaXzZ5gB57ziN9JFTNicUWf88UkJcc XQh+mm1LudlDoiO/F5KFV5g1lPdjrB/+dMjifWIVo6HqiXSYS7VwQTgUwPuPxZwf
Zjk1HxtdmtpP4kqiT8MEJQEY8Y4Q0Trn45GazsZnfZZxXxK2EC0w/Mj7/RJ7mCPu UKYoMQqJfZ5VfIOWiBV+lpxF77Ihxp54To5BtpTI2asTSs0CtfRhpGamp6Vug59a
SEOYDfAu2PtDh1jW1JjJv6AeqosoSpPuuvRZt8gBE38oKiHlRgkKRHdjEyVsg0yj L4GtPFutrR1x8W6nv+YJkg8d7bWgebF45xL1Da/NNr47rF79bzieUR/kvnvNwMRR
eD7qVk7DzYz+sZhRQyiGZY+p1A/hItQknAFbLiSB6X0ZCIml/+n0/lB7hkDSaT7X HIWqYaWcMoGV/RIYLK7lmVWVIn4tdkXX/pnefaQj1r/swA5ZG9cq+maBzyA7zq8S
wYTKdpA1bCgB1/9z8WAUwojaqu2wCDBG5wvKZsfeViSloxVgxezysvJCVFiHdgn8 nKhasKLuBnWuPYeqkZyXgaaxIwWVJnKw+YYRCGXvJNYhh91FNK0NXvrAk/TPQ3Th
8AuYmkph9MrjRvM6eq1bDZWQ0Pxb0kV15obEKTLk7tFbudaoEmYI0sGbQ0LWGRCD 9skjLzc8TQggBQ+0K3GZ/+oz5U96F5kf2FJj1hAnA31TDOtqp5sWLUkjcFWXMJMT
DEu6sftmbXKQCTvy3HjXuZbgSt89VZIFJVu112qU4XxYPWC/vasCJ+atAgQk5Cn+ HtLwuI7xpViD7HRpV+YmpuCdrjwBel5ylhMb1yVj/Fm/sBx6Ta4hcf0zybJsro5Q
CD7i9psfPE9ENOnMdxCDu6GHkIYkYpY54dpKeRMKizr8vKrMr04DM+VON5/BgePv KmIroLxeBUDet/aE/GUw8rK7/4eS9IintAoZbng2eLTIRBnecieXGXzjCP1pswTK
AtgIXxQuQjlchz9z2/AEJsgLnd/61jv5BtJt1FB/mMfmZqRxi4ezRnK9tSiMLLDV 4ynBMzZCsrN/kFltskTGCbA2j3PGUyiPWYvtZCTEBSlD0LWlfkluXifCvugYtPnB
Y6Zj4qmSZxryosNvkUiq3X6ic0rCqlc4z17cQN5lVKJ9k+mb6MDpDUXsub11FnJb fnsDYBw3pM4oi1Y+CO8LsnGou2aqEyVUkxwX5ow8UriHbrtntNOfUYybUJZ4l4ZP
V1waMVWvpPBZyDmrTB/Rtiinzg1p6kNuoS92Di7yGNpZUQOjxf75wdXLm9cWVtDM 9UE4Ow0Yava+QPV1y8mJlhqidgWMygJF0v7lFgjjiX2tM5T781pjGgxj7gMEKYYn
9xlsBIPiTtIzyW+x+iYIBuFQLth0g1evYXmUZ4BV90hM3ysKH467v7VcdIhpJgrF v4t/De+30UgprRwpEPZ91DySE6y5XD1cKzrjzaUU6kMJ3ttyK4rDd0IYqn83V8zQ
KepFhg+942rWXAgAe1aFEhq5bBgUgydqyJ+N5IIZUunphdodrNgSWI7RHQJfWktX WXuONNqZzF49SzC6RInvoooW2ipvs3/ZDwgVwhDYgDHtFqIvj8ROewB/ZiUVMiBS
yi+BbcsWYWYxvouW3UIAr24OFpW7/cMPoRw8w6tPvQ8PCvVfkeG8Xxg/WxiVtpuS /NZbdV5ArfWTum2s54sCVEi3+1ACeLiQoylQQc5mjI9lVQvqwjpzMOp13EQj1tTb
CIetAqBBW4MI7C0icv9lTizUM81hCrcUOdcqtPdNUOXQziGqa/CICFHX/4sOMP0K rCU4jZj+nRCqj6c9oe/SduEVxfGBZQ40vGOPoQf6EUY/S/yBBX5eiUA13HNj6tJS
UMbP5Q1Y840283qajxk7sVEas4PiDaA1feIn3BhMwkaPXfleRSlvcO779SRhc2Pm N5uV6LehKQuuN3+OxKH0A53c+AlGJePocc8L8XUCS5XxutQEWf78Blp5IWxElNIs
yBuc5UbfgSaZQ0gL/WsZUYLk6VAt4bbO62rntIn9dZTacjRl3uPQtuNQ4brG6IM6 5lnG8xMR4XpcIOK7H1b/KWYJ4szYN/+tXGo8vCy8azYZDT155MRzOdBKiCj1+HQW
08sfFERdIwRFVxSyT+chE23cMgdCszZ2EwpkDbld0ntdKtKd52FGEgvkfT3gYuDV T4gkpK3/uzxitiioEeQbvhDN9LQEX6xpb0vok9MVPBh1nImm5pQIBB+G8X9cb3xO
XyZc/17Iu9r6kD2M4/dn/W2I9vmBszc+NhXhA/fE2+X6pZgCyTFmbkH25Q3nDDjz Nb1P7Qu5qdp3LJQMm+ME2eTV2dKGSrffe2botW9LgYbq8DuRO0iC5dGjkSNYx4+8
UcbjAmvMEGVI90Kv1kp6+qIdkUCkAAjigA1p4X44JSYDRjSovIreP8CawufuA+9G GHyB84Fox0a/7o2w0+1n+ujCGgEOKjvBtgMLfy1WGw1s4xktp/OrqYdit80QLV7d
vJ+5AyFnexRk4yCGa+IE5Rt5uTctcHXb6ZQKel61k6WLZlLfJ1wrzUObjpcEgNS3 kPJhCkpS6MdFeEtn4UOvSh+2DWFNtvXqkJWww1CNN2qupeKhA3afYAt6W3HkUHvr
PJ07n6QkxiBpqwnc89mAJOOrSAYxGe13vHpT48kX6CHdqV+LDr+21MNlBMlXBGXI DhgawnJz+0Q/iRlrzbu1pe7r3udX7zxQl6eV1k4RlkLJ6+v6zxhn12fjRjjL7Ufh
qRt6X5dG7zfhNCoGQICAd3yj8kGW99VhBBc2QZvK7EUVJF7LAqbfzS2EnZ5G4al9 euwO8zxtyLvbwq6HW+9iKmc08nxGhitj0Uwm0mOWMA3sASsuMT6FefSiQpu9nt93
Zq15tnQkcJzuNOvwaUkQAuGFri5e2LRJILklwskqJP/aMUaXU9XLff+n/ld4Gzp6 TzaNiS1fn9zLlSr+6D9sLwcobNz6Hgtq1/d8u3hIXHJxH0ZTRbh3KmB40HyrFsEB
m+fgDU6mmkhWasYJtjR2UTdtu2VB1EoIOirhohnUyfyaFbqOkEka+pl6+5kr7ds9 Drxf9Brn6DxMOeGg2VEgzoiE3dn4nvdHNVs6GqgAjQ8pWCzFrWijTJ11zUYa3aT4
fAbTJNdVjyC0cML77YWqBndfS4k/vs8DteMnwgE8VTZFc4FHBfRLD6rUzxLKkLr6 CFpz2no5GsnXFfCVyDdXwNuDIhhf+Yke+PJ6ss5YdujZoRux1+C4l9hyoRTnYF1z
6tFOWbpHlXnmo6oLswnQBucyLUcZXDZ2PKjSlHbpn3o6FXSdUPTy0qt+g/a7N8q/ 0LE20LdFUPBqDMoPSjJyOoxncdF/vCqVaBcbMuAFypxsiPYLSA46RWjdOPasPTfN
QC15Fs77G9kc+dLpETXCUX80/HO87v/74ACcFenSeGAWTwK3gszbmeyvyzqo8MZ6 Zalwzps/loBuMHnUmX0Zkw62fF81BzuO4Eqld3Gg0wwn4Gy1EATQGC3TfnDlNGzv
8xZxoPbf2kglMS8Bbn50DDgU9lG/5Vst70U5RvzoBiHShBOQLNTuYn5dZCaJtW3p mps8qen5F9ER8xv2gyUtsxwLY3RMbSlQp0KMk4uqa6SMq5cw1u6aCPy7wHkRRJvi
U5StAaVlCoBbdvkCH6U9lGuSoEV+fpplZN/U5vY2PntEhEiUcTwTIHTeeJmpXAHY Y46Iax6rMcZOWmcuGqEotZMo00wkCF9dQPFkTIMtacpFqMqoPpDtOw6MnHm8TC2J
KrwT/daJNS3hA1EXu4ZQIx+98lEehhkEqZuXhm+F6AZWCe/NilIAf9YdYrI7pXxO /Tb1X6o1tpNDRzwglI1HNIOKT+c83eVPfnd5FRqLK3FZqHXKkeGwP8YnQkrLCO8L
Ec8jn9roFOSa2X7kDWJ3UrBjzUM7fmU4ypPi6vHlHF4RD6t+IOmAPmkNiMddOxCg om3dcdznc+giDxhkVjNnG7jtflm3ytUK3aouJqGgVO9sZ5EVzps1LiTJSgbQYoQT
DpEVW9CjMCcZI0W4s+bpjIjwWM9j/TSyNrMp6EUr3QChgghCdVvN3P5WVjtDGZhU NIKMi/ZQXf8xoffhv7tAGQA9tfRpmq/BNu5FoA08jucgw5EjPqqX1NIIvv2ce/wr
KNWz+s0pB7zMEj8MVeu5RzO/E0J9JXyELJkMviqCRfAmqJ4OekZatX4ZJNYIdav6 7eULcsBUCgnT5/apRBZBb/fV+uZbVRtXajaf+r3dsrfYZwVGeHr59X90slEY6kEJ
C3qVaiBcumVHoQNMAAQy2LkdV6yDzPchMc6umzCeeyufkGs4RmWFaVietjuE76nX qsSPGhR2iMJBUSj6haTGWbx8dsyodtQrGjtnO7uy29oJ4i5eX7e0aOaz2fuAfdoX
fGfsVjcg0Cm+5BzYvCKmN/xEEYtMjyElByLzwcDvX/nedsZV2pyuggYZqjcC/qYC JkxmKxYCGJIq5SVmfjynb6rNE938KGQu3kwPDIPzamZ5e295y6Z/BLi6zLe8myCi
1sHSBNjgVWQinYDEbtebj6I4i/0/0eRv4vfcdE7r8mFm5Ukx4JP9MJFKaNQPWDZ2 RGHm/1mx5jX0scQL9s7p+UZPGdQhpfgZQeXmMgSQtS48cBGMdDdXrnuWBOFVMQ8E
cyXZsH8/i4+/u+P99onw1y31qdpcU7Xtzo2UKpdNla4GjlfOij7i+Tuf057/13WA gjrDRsVd4hMCKvOMh2bPUNq8/FPAPNRDN2thRts9ZZTz6/ug86wUu07a5GkdLLmu
XQBcvABU0H9l0zDNiCioY+A0+qHOWgS95Qgzqfl+wwEZFTC5r1V2yqO7eePrWO/M uFc5Qtu+3kj6FhmjZuFJ3IMExKzQsl5T3aUEL5YJpOSfUrY3ir4CEcZ9Q0jEpffB
Zy0HdPVUNmEavV9CZ2Cv8KQ+atL1uLkw24jNHYf2Fn1Mndb2+iSX9lqP2FfaHXbh 3Xs52uHXP8QcdtENvNX5K1ZlXNBkpJW8fWmuYcLMzHVQ8072kEEz287GoqqZgRMC
XSzsMcvxj55iA1mlBAFWoHR2yhJUJS+UtB38VxlbyWlrmUtZup61i9wFo89trRx2 wG26oS+yTRMHbPF2Jc+qeNFwi8nfcuA2SJx2Gw83eXGRABvxBspdrjFFc+pJLJcw
S/xfeR8pdtg23ZutvETVfjFmNNG7w8Yx1yKT3gZo/eG0slrY7hR/WA2nARc55fAB RnU0QfVa4IoSr6xCg3e4+ZfveKS3BSQ79ubHoD3cTo2/W1PFXhHH3x5vmL8gVXZo
ELxGuZJp2H87J1noU/4L64IGHSNS5kzyStSvoihAg8a2bmV2j9FDBW2yUMdqUiXO zAFrrhDfVp63SmqbCngwkdLZr/myoN6oMWh/EyvNiWgRfxpL8d/JZBw6rdm0smya
opb2fcM0J0F0SECNmz4n/EDzKlZjJmw8daMbElRVZ2Fz6EoUzmmYQG0BLeeFz37l wJ9k8BzEg9a5nvHPjwwG932xyOHR3eevzuqH95H8vi1ZLnag3UaCgXBQrO6DyOgz
Ei0bjuKJAlaUpBfosaw/f+Ft/PUYlpJ5hXPFv8qJ+bpmHF2ACNPyrmYDJ0lTzvMs PnAwG4hjOTzO/Cxn0FMQYr1ZxgeTgSdhtJblh5TxrfSsjFEXLWYguB+KBgoryMtK
Q0zDJUZsMSENb24FCR6eMLMBgA+Uh2ix7FafPTqx1p7B80F/f3royH0NgIHzkm38 Z8Q6B9jtVLNjAAcowjpyhFuqZsMk4diKco6xx7gOaeN8WcOoapIgOtifZ2YLHzk7
SYvwLs6MYKlioM7+wMU8qDOYweh1IgR6oBDqaeC8lrFHai7c6h67QgV2qDlajIyO zHOvQ0MHLiFKIBUyBQWrtPrhp1k6hBwuCBCjsDYSbRfVtroeDemOZLz5eBd79hJo
ejoTbnWuRDmTrRdINTRpne3SQoKalSzUfARcbuWoVC5cmxdL+wlYT3PM1mWZ94cW 3J2uN7kQHjKEPmCAPMpqzPBRbLrzx+C77cBjImtOzQXZC7pRmwqUUKfC6Hht9pz8
XNhGFb6qcwBtK5PWxxwIj6RxrwEK2Z/+EfWHHiqtHT8Ft73gILqMYMce0ve+8Adx AanfaaO6H9z8ShHB0GewOhYf12M8mmx1Hb2FEla5VsU8knQO7hRav9lP6Q5+MPN7
g4JBn/pKvTaEt+n0/cUJlN1zk9Cpf19ug8y798vMD4vQJ8Iv9xk+zaNZ4SrRVvZC P3vF/fXy2RpdiGEEo2PirlQ9Dnyrtp60voy/31QNp7ntj5tic2ywV0+QAn4OEx/8
jbiEXAVuwkGzIRobUDC4gE/PnnPB6hbhJM3dSbHhf+LaZfR2lh3f4anQbunn/sDh ewy5zUJAe9Z8qGsExZh8opjsjoXCThnpcU43vgYwHLPGcSVxodhMrKA42YS4xPEg
ohLXkzDz9K+9RN2P0uS+0M1IHnBqX7vHlSUXpw3s0l8JVEF8gigXF5GV7F/EXWlM v1wU4VpTbjE/Xx4oNKWiC7ppJsceDIDrT2iNIiri1hjy6qVgsNh2ViCMAnyIxhQK
2LEvrVjXI3OlVHSbhPogCD+98smaAnIUuBQ7Tr+0nSIMKZ4Bct8jyx3C1dlZk31x a8kpg0R7EF4ChPkP2SZO1qMgju7IItOzch4fLxel3rKR9AKKH1xi+rXsovbti34k
X4VrEMLatemExIVkIqk7VC9a+U8zV5vpyJO1SDJo9Bm/mbxi0M7DwSbaxJrOURPI hbxaQCESEHIKkGgXW3Pi6o47N3rvTCZMfQUOVBMyAbxVykaE44kdLp33w525g7ms
gFJveIetLrwTNeq0auBcuGXjyQVdNQtLIXydBGTzg6Rj9W0/yeHQYZh8IUlQB4It HXo6I6BV5pIP5LzKgqC+grcFKaslHNgx/Ulc0xdYR87eB0pjrvu8Km0AabzMqaIU
TBTniPTYpfUiVe6acfDDKeESd+S6SH9ZNaXnZBTqxpJHeVUBtFnplZagjlZiKP9M c2MaZiZx1p081hpkwxq49kE/gqzRUeTm2gCSlpiR6qEvDuUjetmeCaBH+b4dvVRU
0CRAycswHBfIT9BGIr4odnvOk9aWifBHDqjGJ4XGaiKSQZ0xuZRZdEPyoRg9FsAA 8J6orGOhKFp5yNv8pTxmVYHl05JcjfQ0enjbCnlVt14ro+yuYcpBhjwYlHjJNOsK
mlyMF+JdANy9hGdbStDS3ok2tKiRPzArphUass9P30Mrp+hphehljDw58vQxyIj2 yd3ceuRRKbwH0i5OTbK3TwG19I+1JnUrTq6rYKk/FUanQ35DWjpPavdhBcTDgSWQ
rTBdv9G4A8gE37hn1A9wo1mW0E0K2nLl/CVPNZDlavLTWcx/RCLUgTtgTvQsERVa zqJJlQ/ohh14T1KMvzC7hVHiAWOIGAnlkgHF0I5uUoz6exhrN+iFg7fkCkxJAjsq
CktsA9Fd6jUK2bqZIcvS4lRXRHyWtLRQD/WbNR6iGFq3ou6iKSWiOAuwmMgfcnsT KlT6lXlv/eLwmJ9yYcbYAlU9DfJISIBScD0AmY45Q1Y3rQsfHPSB37Cjam5M1eQY
yREWaTY3gs1eIHCRMU1qfxz6WecCM2DpgEQVL0cZBDJNB6d2MsDjkcGCrsi9hPda q3cc1lbskiaMeOSEHHdxdofyTTN5gDCHMOUBgTsFn6nr+LZVj15xECpjxgTigBCu
vPDNKMsxAAfkeUT4nQ1FbkGFN19wfMvHzZdj3t2nv28ORyarOMR7JdZy8uH9ZC2x Da7i6FlcOyCPDNX/ktG46PFzMCvov+IisDm3E1GMkH7bjQeIpjJ5OzyzAlNKhpsL
MBUUpa8dcLqfCsIwfMqHSmHwoE7avo4B+j9gaFbONyUrpS9XivPaR4C/VdpvmEx4 wtr5PSW66oTqeF64dOegwlJDNvoa8NzN5hMzD++Gy2YkijQ/WeYhkWTDAQMch7Sq
uPCQcON3hnxts4H0Bbnxr567VRLH9M2lh95uURXg2QroDNXBKibYNLEXrGnsuR6e ks0kVKvNzx1T8nfCO/QDU6a8E+UnejBAQi6wS1BU5nQ1B3Xiy6Cda76PNppslyjp
G1+GPxXVk5LB3QavktPU9UUnCTU/yh7OJUUJC7LAIcOkuQfG8W/cVWa92dXoGFIc aY0hifDuxfhLfUl8jftimCOm8WkX6iGtobaemLcq6hi1rAN5c2GwaNu2uYPcKMo9
sePH1GM5AmG3EkaeXItR5gT2gG6S2J6WfarVJSkvK2DL962V5btA9qFvu85hxjC+ iSTTGAfgHHbfp5LsZy7J6bUBRG3lWrp16zFJ9vhNWJ3Y9ppkOeMZEsmwrINNaU+S
/XcucUlbcEPixrv0ZfXeKeykOk1NKKiJ3bVnGZpQIql/dT1LxPFF9pEDQMOtucec aO+Kx6Qae1b2cT7W6CfMUgFl5zsxyXt5MHDLIPsjaRb1C613ajjLeirCT2p82U19
cuDbVmh691nt5Wx8Emk09BXRWOsxqgS9Rp0ZnYl9/0CYwJWH178sfRfuZvCG4Lv6 zPqw7+YxLEp5RfAQrUJ46N41crO9mr5Jzf9EyFqZMPXjwhK8Bn7qSHM+3lTkOqWv
bd1a+A80hEshOhqZxXEZlrSGNSVw7jIN5CIXX0cs62UKsx/+PQQIV8RQZafy2vbz QWrDc84Nh54ZV267GbL1VK+Y2IzmDGu/gOs8FWo8MOtiMhOBDjPVO+H78yjJV3dk
N7PN501YdbE7nRjIMGMRcs5tibuukn9/HRY4+NsaLik+olW74q1EHp1N0gtRBiYM V+SkImA9OVxjMCjdj7OPUDYpzaTKfs+7D+UH7MGCGFUVj7aHwYFaapX3f5H8ZCoy
wvFTWnTqguogKEWb1RAysycPUuTV8RvnGN95y58c4pnpTwZRFw8rhGnE0VHSTVq8 N2sa2UQ3O240J62YV9hOFunyciSOrv58c5JwWO/clMEUy6uh6rEcOGTiO+glS+I+
6796GuKYcExa3RoX2PUU4FDpufq0kfCRlWxvuUM5m2lr73TA2hb6icXhsNJ8OEGa M1W8R1srDKScPyJ90l2VOtvFMqkIGKce1E7k/GwkkxlzT8o0SEKJt+XQk7p8APwu
AfufQi+RH93+6UFTrmWlsxMhRxR2NpWxXNEB/7tkyjpK5jh+oN0f279PapJ3FfLO dkeH0UyqxgoPrbKjhDkwzaK8+8e9yDY0PYWxRATikaXqEZtJ3M2Yy/KVY/epiFPf
AV7phEbm4W0BSBdNJmnzLQipGKzszyTd4XlgaXB2HqxFlWbKWJdAdHkFK8faN4SK 5k+INNrDLe57zvP1Kg0c0Nr5mql2QT2jcr2rdGEWM0/1oNLlesmKqm7sCxp9Yky4
ztxxOBngAlBMdPtxEi4tev7S93SFKoqMwY18vHlLOHi/oFpaWMjJsE4uxdqvtz/x 3pagPWZ41X2CHJ06xJ/fsnlIUNTBYpdzSHtg7DNd+AWVkMpvge/JwZaRjoakoRAn
aeZMmgstD1ZYRykBqGzjm8cMeoQawJ9HF6AkNFPo9+AsgXCuPNhutGZuCv3vAWTg PrSvDF7QrLu2hKNTq2L+akOlAULqET5wMRoih/h4PWf5JNziJDSHnmNY3jmR+e7K
yXAiMHDuzahSggfr7r2ixkDUxD12/5RSeSDvCkeCWsjBKVpyzoWn2QksAMBoETyN rW0SeczSjg/3dwx0Z2jl48TjPqQaleBZ9/cakgSaxY4nsH4jB1m5VHRyCNmCVMNk
F2gcjouX2Cp+OkOQV0e8Y6zIOWE/SGUkFkUDRJUSA8gkpfXWDPV8MN6rAMULWUGP iykfrVnCdEIYIRI7gdECvO6yGKCzwXTZtHAdQCOBkpzrLF8OzQF9wKwTG7x/nGki
jYcRtabSgnlXKn6VivRiBlGXvp7iOXpsoGtMwof9hUcoo/HYMAvdsd5anaIZU8tA lJR0WcwUtZyUI6e5sT92lPG2QOQOpcAtqFmz3/GMxrT/18L5GHIM6ynAsqJ6JH16
g+c+8OHky2OJ5mzUWmk1CcBIWO9yyAHsy7ivSVzJtxDuTrQAuuH92MZgyvGnoioM J57gixKv8spUkYT2bzJQWbSdq92fp+olwM/AAVurRqOhqOtVFuAnpK/xWzcDBO/i
uaKOwNzrmhAAhBruv0XpMd/RBIu5+e8EM+fIuYwwwYDWIpn9vMbkKiBv4h5PQ8+T D11Y1BU3GUk0Yya2RFHA24hmDJdfPgT/7DiCG13y64EQ3WUo8vz7KnYp2UKSLqAn
cunAwgNdg0qVFeZ96Gu1sIHttbexEvSADg9fplx7TG+DZgSrDkxhnJ80a0hZhZ2F N3/2Vx0wpnuE7SwMUCQPlKz+Q3fZZZkKtgW739NT5OV63zPblvzWMBUjV+KYByoF
CYJJrvEcQn+/ItTftmmV5tpG2r/LCufYFL26h0RXdD8= hp7RNLoN0UKRGy5/vX88/DDyoSs2DOi2NZb/A/tqNTQ=
C.3.13.1. S/MIME Signed and Encrypted Reply Over a Complex Message, C.3.13.1. S/MIME Signed-and-Encrypted Reply over a Complex Message,
Header Protection With hcp_baseline, Decrypted Header Protection with hcp_baseline, Decrypted
The S/MIME enveloped-data layer unwraps to this signed-data part: The S/MIME enveloped-data layer unwraps to this signed-data part:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
MIITWQYJKoZIhvcNAQcCoIITSjCCE0YCAQExDTALBglghkgBZQMEAgEwggmCBgkq MIITWwYJKoZIhvcNAQcCoIITTDCCE0gCAQExDTALBglghkgBZQMEAgEwggmEBgkq
hkiG9w0BBwGggglzBIIJb01JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt hkiG9w0BBwGgggl1BIIJcU1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUtcmVwbHkNCk1lc3NhZ2Ut ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUtcmVwbHkNCk1lc3NhZ2Ut
SUQ6IDxzbWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUtcmVwbHlA SUQ6IDxzbWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUtcmVwbHlA
ZXhhbXBsZT4NCkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KVG86 ZXhhbXBsZT4NCkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KVG86
IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIx IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIx
IDEyOjE1OjAyIC0wNTAwDQpVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24g IDEyOjE1OjAyIC0wNTAwDQpVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24g
MS4wDQpJbi1SZXBseS1UbzogPHNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1i MS4wDQpJbi1SZXBseS1UbzogPHNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1i
YXNlbGluZUBleGFtcGxlPg0KUmVmZXJlbmNlczogPHNtaW1lLXNpZ25lZC1lbmMt YXNlbGluZUBleGFtcGxlPg0KUmVmZXJlbmNlczogPHNtaW1lLXNpZ25lZC1lbmMt
Y29tcGxleC1ocC1iYXNlbGluZUBleGFtcGxlPg0KSFAtT3V0ZXI6IFN1YmplY3Q6 Y29tcGxleC1ocC1iYXNlbGluZUBleGFtcGxlPg0KSFAtT3V0ZXI6IFN1YmplY3Q6
IFsuLi5dDQpIUC1PdXRlcjogTWVzc2FnZS1JRDoNCiA8c21pbWUtc2lnbmVkLWVu IFsuLi5dDQpIUC1PdXRlcjogTWVzc2FnZS1JRDoNCiA8c21pbWUtc2lnbmVkLWVu
Yy1jb21wbGV4LWhwLWJhc2VsaW5lLXJlcGx5QGV4YW1wbGU+DQpIUC1PdXRlcjog Yy1jb21wbGV4LWhwLWJhc2VsaW5lLXJlcGx5QGV4YW1wbGU+DQpIUC1PdXRlcjog
RnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpIUC1PdXRlcjogVG86 RnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpIUC1PdXRlcjogVG86
IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpIUC1PdXRlcjogRGF0ZTogU2F0LCAy IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpIUC1PdXRlcjogRGF0ZTogU2F0LCAy
MCBGZWIgMjAyMSAxMjoxNTowMiAtMDUwMA0KSFAtT3V0ZXI6IFVzZXItQWdlbnQ6 MCBGZWIgMjAyMSAxMjoxNTowMiAtMDUwMA0KSFAtT3V0ZXI6IFVzZXItQWdlbnQ6
IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkhQLU91dGVyOg0KIEluLVJlcGx5LVRv IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkhQLU91dGVyOg0KIEluLVJlcGx5LVRv
OiA8c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLWJhc2VsaW5lQGV4YW1wbGU+ OiA8c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLWJhc2VsaW5lQGV4YW1wbGU+
DQpIUC1PdXRlcjoNCiBSZWZlcmVuY2VzOiA8c21pbWUtc2lnbmVkLWVuYy1jb21w DQpIUC1PdXRlcjoNCiBSZWZlcmVuY2VzOiA8c21pbWUtc2lnbmVkLWVuYy1jb21w
bGV4LWhwLWJhc2VsaW5lQGV4YW1wbGU+DQpDb250ZW50LVR5cGU6IG11bHRpcGFy bGV4LWhwLWJhc2VsaW5lQGV4YW1wbGU+DQpDb250ZW50LVR5cGU6IG11bHRpcGFy
dC9taXhlZDsgYm91bmRhcnk9ImIyZiI7IGhwPSJjaXBoZXIiDQoNCi0tYjJmDQpN dC9taXhlZDsgYm91bmRhcnk9IjhlYyI7IGhwPSJjaXBoZXIiDQoNCi0tOGVjDQpN
SU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvYWx0ZXJu SU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvYWx0ZXJu
YXRpdmU7IGJvdW5kYXJ5PSI2ZTgiDQoNCi0tNmU4DQpDb250ZW50LVR5cGU6IHRl YXRpdmU7IGJvdW5kYXJ5PSJiY2UiDQoNCi0tYmNlDQpDb250ZW50LVR5cGU6IHRl
eHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIg0KTUlNRS1WZXJzaW9uOiAxLjAN eHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIg0KTUlNRS1WZXJzaW9uOiAxLjAN
CkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQNCg0KVGhpcyBpcyB0aGUN CkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQNCg0KVGhpcyBpcyB0aGUN
CnNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1iYXNlbGluZS1yZXBseQ0KbWVz CnNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1iYXNlbGluZS1yZXBseQ0KbWVz
c2FnZS4NCg0KVGhpcyBpcyBhIHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMvTUlNRSBt c2FnZS4NCg0KVGhpcyBpcyBhIHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMvTUlNRSBt
ZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVk ZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVk
RGF0YS4gIFRoZSBwYXlsb2FkIGlzIGENCm11bHRpcGFydC9hbHRlcm5hdGl2ZSBt RGF0YS4gIFRoZSBwYXlsb2FkIGlzIGENCm11bHRpcGFydC9hbHRlcm5hdGl2ZSBt
ZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZw0KYXR0YWNobWVudC4gSXQg ZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZw0KYXR0YWNobWVudC4gSXQg
dXNlcyB0aGUgSGVhZGVyIFByb3RlY3Rpb24gc2NoZW1lIGZyb20gdGhlIGRyYWZ0 dXNlcyB0aGUgSGVhZGVyIFByb3RlY3Rpb24gc2NoZW1lIGZyb20gUkZDIDk3ODgN
DQp3aXRoIHRoZSBoY3BfYmFzZWxpbmUgSGVhZGVyIENvbmZpZGVudGlhbGl0eSBQ CndpdGggdGhlIGBoY3BfYmFzZWxpbmVgIEhlYWRlciBDb25maWRlbnRpYWxpdHkg
b2xpY3kuDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1wbGUNCi0tNmU4 UG9saWN5Lg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQotLWJj
DQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD0idXMtYXNjaWkiDQpN ZQ0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIg0K
SU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2Jp TUlNRS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdi
dA0KDQo8aHRtbD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+PGJvZHk+DQo8 aXQNCg0KPGh0bWw+PGhlYWQ+PHRpdGxlPjwvdGl0bGU+PC9oZWFkPjxib2R5Pg0K
cD5UaGlzIGlzIHRoZQ0KPGI+c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLWJh PHA+VGhpcyBpcyB0aGUNCjxiPnNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1i
c2VsaW5lLXJlcGx5PC9iPg0KbWVzc2FnZS48L3A+DQo8cD5UaGlzIGlzIGEgc2ln YXNlbGluZS1yZXBseTwvYj4NCm1lc3NhZ2UuPC9wPg0KPHA+VGhpcyBpcyBhIHNp
bmVkLWFuZC1lbmNyeXB0ZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQpl Z25lZC1hbmQtZW5jcnlwdGVkIFMvTUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1MjNw0K
bnZlbG9wZWREYXRhIGFyb3VuZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMg ZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlz
YQ0KbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUg IGENCm11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5l
aW1hZ2UvcG5nDQphdHRhY2htZW50LiBJdCB1c2VzIHRoZSBIZWFkZXIgUHJvdGVj IGltYWdlL3BuZw0KYXR0YWNobWVudC4gSXQgdXNlcyB0aGUgSGVhZGVyIFByb3Rl
dGlvbiBzY2hlbWUgZnJvbSB0aGUgZHJhZnQNCndpdGggdGhlIGhjcF9iYXNlbGlu Y3Rpb24gc2NoZW1lIGZyb20gUkZDIDk3ODgNCndpdGggdGhlIGBoY3BfYmFzZWxp
ZSBIZWFkZXIgQ29uZmlkZW50aWFsaXR5IFBvbGljeS48L3A+DQo8cD48dHQ+LS0g bmVgIEhlYWRlciBDb25maWRlbnRpYWxpdHkgUG9saWN5LjwvcD4NCjxwPjx0dD4t
PGJyLz5BbGljZTxici8+YWxpY2VAc21pbWUuZXhhbXBsZTwvdHQ+PC9wPjwvYm9k LSA8YnIvPkFsaWNlPGJyLz5hbGljZUBzbWltZS5leGFtcGxlPC90dD48L3A+PC9i
eT48L2h0bWw+DQotLTZlOC0tDQoNCi0tYjJmDQpDb250ZW50LVR5cGU6IGltYWdl b2R5PjwvaHRtbD4NCi0tYmNlLS0NCg0KLS04ZWMNCkNvbnRlbnQtVHlwZTogaW1h
L3BuZw0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogYmFzZTY0DQpDb250ZW50 Z2UvcG5nDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiBiYXNlNjQNCkNvbnRl
LURpc3Bvc2l0aW9uOiBpbmxpbmUNCg0KaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FB bnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQppVkJPUncwS0dnb0FBQUFOU1VoRVVn
QUJRQUFBQVVDQVlBQUFDTmlSME5BQUFBY0VsRVFWUjQydVZUT3hiQQ0KTUFnUzcz QUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFBQUFjRWxFUVZSNDJ1VlRPeGJBDQpNQWdT
OW5PM1RwUncyMGRxcGJmQVJRRWpPeXdpd1luQ3RrREtuYmNMazY2c3FsVCt6dDlj NzM5bk8zVHBSdzIwZHFwYmZBUlFFak95d2l3WW5DdGtES25iY0xrNjZzcWxUK3p0
aWRrRSs2S3drWg0Kc2dyemZjcVZNcEwyam8wNDQ3Z1lEcGVBcmsrT25KSGtJaEFm OWNpZGtFKzZLd2taDQpzZ3J6ZmNxVk1wTDJqbzA0NDdnWURwZUFyaytPbkpIa0lo
VFBSaWNpaEFmNVlKcnc3dmp2MFpXUldNL3VsaQ0KdmRQZjFRWjJrREQ5eHBwZDh3 QWZUUFJpY2loQWY1WUpydzd2anYwWldSV00vdWxpDQp2ZFBmMVFaMmtERDl4cHBk
QUFBQUJKUlU1RXJrSmdnZz09DQoNCi0tYjJmLS0NCqCCB6YwggPPMIICt6ADAgEC OHdBQUFBQkpSVTVFcmtKZ2dnPT0NCg0KLS04ZWMtLQ0KoIIHpjCCA88wggK3oAMC
AhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoT AQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UE
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg
UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIw
NTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D
9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs
165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZu
TtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDH
dZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy
6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/
BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VA
c21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMC
BSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEw
jnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBak
DKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdao
x644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Na
r2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtl
uLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK
49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vR
hZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG
9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8G
A1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAg
Fw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVU
RjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTk
fCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DI
Ls7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TC
NO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7
ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTM
SiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwID
AQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
MB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYB
BQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDT
IGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0B
AQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3Bj
JOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIj
So27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9
cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4P
GHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+u
CDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UE
ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1Q ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1Q
UyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6a UyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgP
qdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq MjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBT
hkiG9w0BCQUxDxcNMjEwMjIwMTcxNTAyWjAvBgkqhkiG9w0BCQQxIgQgzz6zrLzs IFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQAD
Pn86IlgrGm7Fheev5QucTU+VJZWxIIrBFk8wDQYJKoZIhvcNAQEBBQAEggEASITl ggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpM
JnQGy7Cb5U6BdSMX3mnksCOX8mvaxy3o0QqNUbUGhNNPKI0LIWOdjHUL2Eq8+99Y LcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLYYy3iOx7Y
2+WvVn3ZkAJ7KF/89ja3u4NTiwu30wWsd7DL7t1z8DJBK6JuyaY4xtohUPVa2gL2 OqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF
1atPowCt0X5RF7lmihqZnDGGUAzjfLpVsFnyIVAL3QG4/vW609d+aeO+ccdwzzUh 5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEH
lE03h3qpHK9wX5pWBNZCfdmjdXUFacU+fMe1mG9I8A1HMY09zj+rNz3onoIHJWJ2 AMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z
FBWS2tqK2eW8yCf/LSq9M5k86VbTjPjvjPz8FqupzugC5sUAx2JMUfUOq4A9hW+j 5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAMBgNVHRMB
g8PEOcwaEeYOMdSeKw== Af8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGlj
ZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQE
AwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0jBBgwFoAU
kTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJeKCcsTKc
FqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN
1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc9gMGHjMT
g1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94M5274XYx
W2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCqh64P1hIe
Morj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOURza1SkCv
i9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqG
SIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEw
LwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJ
RVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2Uw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2af0+StijS
NOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwORjrc9BaX
4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z34rTiz4D
xMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4xrIJC3Cz
WruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3vzfog891
9MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3SeOWwks7
AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
MAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggr
BgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQ
ENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3
DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sYonX2doiz
cGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4
ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqDIdqGJdGf
8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+
Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI
364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0wCwYD
VQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExB
TVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kpolw69Phq
zpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG
CSqGSIb3DQEJBTEPFw0yMTAyMjAxNzE1MDJaMC8GCSqGSIb3DQEJBDEiBCDqxAGg
S+1eHkWHxwhKH54BovlMmxx6FJnth3m1aP2z+DANBgkqhkiG9w0BAQEFAASCAQAF
sIpGZtBsgrjVl9N6sQu/kUOdnbGSU9JKm6bXL+1vef+4jDckomzjYI5A1sKXxfsK
nBWwgEsEv9V03839X1gMAUc09cx1wwcg4LAUEDWgscC/iNJQo6Xm8fTs8yBMiM/+
0yMrreXIgeXR2ikTG5ub9mPrnxOxaefdnx6HMTh6jGmIodN2BAPIW2KahYYS0BQZ
g74NYeBJX1euT3/ZUqLmupQ0bephgj14pNcslj0qPSRmBf8pZv/9tzYOuSj5CwK4
pzvzfqRN6Lsz3AgFpXd0m7RiYCEwcAkgLLgJ4brnvtASUAmKuSRJaePB7Qcbewy3
4DJRpBBHfebD7Zg7DtDN
C.3.13.2. S/MIME Signed and Encrypted Reply Over a Complex Message, C.3.13.2. S/MIME Signed-and-Encrypted Reply over a Complex Message,
Header Protection With hcp_baseline, Decrypted and Unwrapped Header Protection with hcp_baseline, Decrypted and Unwrapped
The inner signed-data layer unwraps to: The inner signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Subject: smime-signed-enc-complex-hp-baseline-reply Subject: smime-signed-enc-complex-hp-baseline-reply
Message-ID: <smime-signed-enc-complex-hp-baseline-reply@example> Message-ID: <smime-signed-enc-complex-hp-baseline-reply@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:15:02 -0500 Date: Sat, 20 Feb 2021 12:15:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
skipping to change at page 213, line 25 skipping to change at line 9858
HP-Outer: Message-ID: HP-Outer: Message-ID:
<smime-signed-enc-complex-hp-baseline-reply@example> <smime-signed-enc-complex-hp-baseline-reply@example>
HP-Outer: From: Alice <alice@smime.example> HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example> HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 12:15:02 -0500 HP-Outer: Date: Sat, 20 Feb 2021 12:15:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0 HP-Outer: User-Agent: Sample MUA Version 1.0
HP-Outer: HP-Outer:
In-Reply-To: <smime-signed-enc-complex-hp-baseline@example> In-Reply-To: <smime-signed-enc-complex-hp-baseline@example>
HP-Outer: HP-Outer:
References: <smime-signed-enc-complex-hp-baseline@example> References: <smime-signed-enc-complex-hp-baseline@example>
Content-Type: multipart/mixed; boundary="b2f"; hp="cipher" Content-Type: multipart/mixed; boundary="8ec"; hp="cipher"
--b2f --8ec
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="6e8" Content-Type: multipart/alternative; boundary="bce"
--6e8 --bce
Content-Type: text/plain; charset="us-ascii" Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
This is the This is the
smime-signed-enc-complex-hp-baseline-reply smime-signed-enc-complex-hp-baseline-reply
message. message.
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft attachment. It uses the Header Protection scheme from RFC 9788
with the hcp_baseline Header Confidentiality Policy. with the `hcp_baseline` Header Confidentiality Policy.
-- --
Alice Alice
alice@smime.example alice@smime.example
--6e8 --bce
Content-Type: text/html; charset="us-ascii" Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body> <html><head><title></title></head><body>
<p>This is the <p>This is the
<b>smime-signed-enc-complex-hp-baseline-reply</b> <b>smime-signed-enc-complex-hp-baseline-reply</b>
message.</p> message.</p>
<p>This is a signed-and-encrypted S/MIME message using PKCS#7 <p>This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft attachment. It uses the Header Protection scheme from RFC 9788
with the hcp_baseline Header Confidentiality Policy.</p> with the `hcp_baseline` Header Confidentiality Policy.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html> <p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--6e8-- --bce--
--b2f --8ec
Content-Type: image/png Content-Type: image/png
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--b2f-- --8ec--
C.3.14. S/MIME Signed and Encrypted Reply Over a Complex Message, C.3.14. S/MIME Signed-and-Encrypted Reply over a Complex Message,
Header Protection With hcp_baseline (+ Legacy Display) Header Protection with hcp_baseline (+ Legacy Display)
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Header Protection scheme from the draft with the hcp_baseline Header Header Protection scheme from RFC 9788 with the hcp_baseline Header
Confidentiality Policy with a "Legacy Display" part. Confidentiality Policy with a "Legacy Display" element.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 11205 bytes └─╴application/pkcs7-mime [smime.p7m] 11205 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 7278 bytes └─╴application/pkcs7-mime [smime.p7m] 7286 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 2666 bytes └┬╴multipart/mixed 2668 bytes
├┬╴multipart/alternative 1419 bytes ├┬╴multipart/alternative 1427 bytes
│├─╴text/plain 478 bytes │├─╴text/plain 482 bytes
│└─╴text/html 638 bytes │└─╴text/html 642 bytes
└─╴image/png inline 236 bytes └─╴image/png inline 236 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: Message-ID:
<smime-signed-enc-complex-hp-baseline-lgc-rpl@example> <smime-signed-enc-complex-hp-baseline-lgc-rpl@example>
skipping to change at page 215, line 23 skipping to change at line 9952
Date: Sat, 20 Feb 2021 12:16:02 -0500 Date: Sat, 20 Feb 2021 12:16:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
In-Reply-To: In-Reply-To:
<smime-signed-enc-complex-hp-baseline-legacy@example> <smime-signed-enc-complex-hp-baseline-legacy@example>
References: References:
<smime-signed-enc-complex-hp-baseline-legacy@example> <smime-signed-enc-complex-hp-baseline-legacy@example>
MIIgTAYJKoZIhvcNAQcDoIIgPTCCIDkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIgTAYJKoZIhvcNAQcDoIIgPTCCIDkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAGfiAnT52E4dOn3GCoKxpwxZ5jrJBpfmph0+ Boq0MA0GCSqGSIb3DQEBAQUABIIBADQPkIuGlBhlGBvHWV+5XhSHz6YEXDsOGhxo
ue/FmZEv5klqdljABwTObNZZ4JUCbzv6MLOI1Xmn+00SQ8JXpX4WiQhIEOuejfcI lwaqsHHut09RMi+VovM7fasvln4F4tpKCfYbV5kAkFrNFB7fY2thHH58YpkABzF4
ksFg9SyHfxsqmW5bh9b2VvTC3mXRF9O+4bEkep7dcp60i2X33jw3E2rocPl1cdY1 oA0kDcWHqVho/AVV1n0Kf7kplDCR0uPfibSgWjJQcsRARuwB0aRAkUMJKl9EcZgX
CKYcOcUiIpf9guS0JPcenBq+OGJHjL7o3HC01fNJPc4XtaPao1xJNAN3UwOTrHNL KWz54wcwkZkcKGn2SxhWSea6HqhB1no0Q0Iexgzl4LdEWlcZWkQYfWZ6VAY8r5tp
RGwkgtyG6Xw1B0U1+Kn/T/rkkUgqqWrw+K7nX5WtPUW1rQgFoUHJUzZx/fXMfeOe h0txgujzFUFuYLebbKS8LC2G2jurs+ktsSGDwnLzOqSeQyN17rlDnEC+aQMmTsRI
wWrybho46jWISNF+xDiuR1+A4188E/Q7+4RJVIHoJCa3box7MEkwggGEAgEAMGww S0DMwKAb/P3z5u6jk3Ryu2HRBIZsTsJhIhgkuoZqEFG5/ZS91I0wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAcq7+FdWfup7R9o64oTMQaqu2 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAR0Pqih31TIW6ROhwnDGcMz2i
Zj3DOLonCZ92tFAySyaZY+bCvA6/vLs5Et63c3ETWzFP7HUYnFjBDOTsgrnZAzez 5f9z+HpFsjLj6EJ5LU3DXhsdT+6XcF2fqtCJUjvIgqVBj/5ixRYR1wPzypgz/QI5
bDsg3XVZGWf2vCYhEDe1RKchq5HlPPEjyg5Pj/HE2p8P0BGidOmsj1nSy23FWM9C MYBi2hrr6ch/tWyUDSV5R2FKLD58u5ZLlt5KKW6oyW3L30zB+hl1NEaIjUFyMSJm
Y+Y3fhXtcV4qB7g7FQMmB4bghxgouiPVE3kt7wCuPw6ekuOWe+GnrmI8qoh7aFdz Up6/JEPDeJwg3fAygH9XHUxE1ocTgWuVyVqFsjyzAja3S2cvUOvm6smEGdPYcBxc
ehgq2K1IAO9UXvNGV0r7XIN+w08iVxM6DAELNqZ9dVNZ5fpzOSsIPvGNCZZSrOjU Lr1zALPmct3Dikn/pTZizIDA1zQR78mwbPYJ2mJsLYxGAjoPhEh5X8y9PrzJNGsO
Lk4+6eyHo/5qLXDFhESGRe0XUe6VSAz3hN4PgOdsyoA02/emgR977VDsavjeVjCC gQW1UtLI9dDSjrijLV1vKWWaV2coMcsXxQiLAVoVWDJxjEDM2UoY2ymQAX39HzCC
HR4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEELNpzmwBEJh+gxLdI2Gm1ymAghzw HR4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGhYozFbuzK33IcI4CwfeAuAghzw
mLnjPD9k41KZLVG+i7LyAI11h/fYPRxpnRjsm1Z2xWhHKQQmcnVFHf/kyqZDc5fI eiwNUm6ghKAi3x/wM+7u99irte7m5KiQwuC/6W88BVZk+Xu8rGHeHgl8Py8Sdfxx
Ud3SenoCrxO7gLELALwfH3v065D2ETNIshz/KoujlxswSettcE5LRBDsTeNwRgl7 e0MvM1Bdc8NwsUAJK4PphSZkK8FPKczvKF7kV1+XzBTQRflesQido0IOKfLHDBMS
lxSL1EjagWzAWN3i98C0M2xL679Z1RLVB+a2NjzVhDE/NktouFBQSq5qtlzvCByc NKbvK8haTRiB/4EBAPh2C7evfTYfKeN6Wd7GKkzphO58dB8t9ABpJP+mCG+hvuhv
dtBpo9IW0w/COBfm8tuzR+Cs2uanYx751Ku/KDyJfnEl+mDaP65pI5ooKrMcazTX v3iLc+oYLfFCbaI0c4//GUXOG1a0209Y96m463rYQyfneKlKN29UysTC4ziEAtgw
YLzjwwDi+idhdZxucwuWj977fBe9bQ1R5tnT0jKuch9hTB6KZWAUNANINEA3SISJ PhZPf3kjlEaSfxjicrEjR6d7kTlRDhEyH4QOexadosQYTXo+Fg/2m2NZc539z0Sx
hFIf+bYE48cBaFhSMU+2ccl6qdWFzJeut+F8MESC7xpsZfoeHC3nXXcGEQ+j3UWo DXSy4eyDDI85wWQIsLQ2fh599Vhag0tXk4+ElCzdSy+UqXwmX8hMBHZoWU0j65No
Qtd48yP3mlx7m6Uvd4k2JPaoAu+N3uZhSJLwgePW/J9tMix+VXsiADBZSrV03nnH PgWcZQ4IT7qctJd9NDBi3a3R6OFYJSPjNEu1TmW6kEQlE+I0PtlxiqTDDJu9odKt
Gd8QCyHZKAC8QBefhVaRHcxfFVmtT2Ru20tKZQN7kevlKSPkpFV1u/iJfKFUfYnY uQzHsQBEG+kDFTvtPIu3OcZniFN1Xhm4cc1iZMdc+fvwom9SXl8R3fiK3zFbOZbT
KoPGrWS5HbyD8ap0UGmVHpXjwcmA6anerktkdeOSqohokfQgU9vOGP0DjtNOv+zC C+/DQWjxrjsbCdukOfXqI1o72SQwgLuHDpfs2Kmz0bHrMlORN/RAhKKem2Kb7s7g
tu96SSm3aEA11wefb1I/9NiAwgfyFdf1bTJEUvfMXERJOCWsfGhyYEQy5LAxq0QM lPBbmp9zkvErc85RU06EXRsI5SVGOfIfpC6B49tXJhr1k8Dmm9v+vsQytrco+jX4
p5R75Uob2D5CaNof7Uyr0o1zY8aadZ10qQ+NXmFCQx/yG5nrMgv63By+gkgb4bbG H4Sl38a+9o6hJBQT09l2hBdD0g/q80z8a1V40hGwlR4H50jMVXlEJp+ksfIS2HVl
AuamBjdpJ3EGpJ/SMdl9X4vVZOIkqrJ/D0UeFklMMCbsrfRlCaB/OWc5l5wiHxFI /HVEe6BNkxhD6q9ti7Lg3dDODkh8meLgkaXirmSC/IDwY4IzVepKWnENn5iMemf3
HTXRM8fcq27KCiE//L3OauQkBI3NaP2t2EuBvusEGtCSSBUtb8t2qZxW/PS3OS+b 8/nZ6g8m7xph0riq9NLXLqecLqQrhJfUEvBtxw0bm+OxZGkPel/5ib941dSNKexk
0Ko/wnrQmoVxC4CqO6ZBozVs/PKZUE/TcWSX9PhRUcaK3236Co1mZVrajlFdcv+D DZ2cq4gAifNoAWu9q9S9bz7+ODD68hRdoQQuUvDyV2FzB6cyOBeoB2tWLnknl3FN
ktR/Sau12du4SVYez0MKTc0A63BUWuKNHdvI8IJueStL5BBSEWnnjnP7DRj1vvvF rYiqz/1S76XP9duGIf5rmb4rhfAJlnrvKipWfGJ5cUSm641Dr63ou+HaOMaXf7wS
mEIKebxZzeAcqwhHNbrurjazsQA9GXXQElXm9gWvMg+IM0BH+MEpmUzQis81mb3w p3Mm594E+vI9Z0ri2A5bmbEV3dC1l121YFX5xfbU346akePA9V/KzkHPNJi0k0j9
ghPeVB9U4RkGt1OYKcxuR6lQkvXzhfU5ePsVeTzZbWVopx5wNrbb28yyUdG3uobO 2RUVtRA5FmXizcTRi2rdY38uIEvBOj7jNLzGErG6F/li4OEm7SiwovzvuUsVSSON
MuK1LCeutlRSYJcB4laeQGKEnMhBnxTAlKV2J9aUionWOKcjkPmAL2JfjNcBnUDJ tswvOz2xkJb+WaTc6obJCWycUUm9Dfdmcl+SGwCMf+i6zMgCNUf4TBuLw0HBpCdo
aUg0UblNss8X7zHhTpinKykEYPinab00YV8g1m3lkt+uam1Msn84u9TSK/a1V35C zXbBmbiBRn9UD0aZknlxwOVevKqORyPVO/u9zRcSgHzSPM5KASpLO417prcfZhL4
qs2jbbqjaVEnV1BMKBk8JZgaQF8YAUPevrPsyFpzY9+Sf9kvJxx7zByV8YRCRBH3 FcrmPDisDWYS3WN67eyXyWtM2aM7LnoUl5kPNYlwBe7qIaxwch8i9k0KBVcU52gY
2PSYrChFOog6hNa7dmNpLDix+rZgPiIqAeec4FUzwBJqcnOueHZBYi2k3ExqCX5S mfJnMP8okcU0FauGPZBN1M96/M35mrj/IRiQJod0xM0XaqJlZu3A8TlRLfaGnleo
FDwwy0lilHh2DgSl3u5q0ouXZJ3nahivC9JTpJKYpTipEtOD0K9VXExYG2oQ38fH JZ+a5r1Rx2gJ5/QMUV5yd+Bsv67DYu2l/TEtvElnfJmm2/3kFN3bmHKb2ibpkIMP
2J6R8neBfeDWcN2aiBHnDnnTgVMY66QKNYkJM6T9m1pWmjF40Re+cjKO8Y8a91q4 PNF9LWD+7D3qr1vzKl+jp3eLYsskDs/i7cd+MIZ+z4T3I8WAmpBP75LnSHk/V6rY
tj55/rPNWPhYrqZqERvda2V0Ia7ywLjPtrQuEbKLVXlts0KDJV6KACps0rTZXmer nWyC3MaB4OxKWBsu7iURIv+hoD8wqGenoiG4NsEPNsuhyuPz0BVPkEFm1aVh8XzZ
Fb3LjKxTZYCDjgGOFIC8TpeGDEC2VTU1gLLN+Tsjx2ZGuCRqrIwzgdyMMwtPL7mQ qbg4yh7g3IlXlJPMW4QChsPo6lKOUPhaqExZucEgKQye7OHA7u1DIOsmiUZBNSz6
ORAK+Ff/HaOuDLGr0oyTpbBGgmKsZx/SEoS3ZL/c4IO29YwhlEyPSlDDMXqVsNE9 Mc6HqKO3lU7akhQrKNZjOI7pqR2CK9pQVVUW66DYSV6wI/Ms7mnr04G3Hl7Nvt2Q
8mqbP6um2ZH6l4EzNm8sqPs4Wmxlp4AzNFy3yZPihZe7VVO2hrhPBjOLVVN82gcu JD0pLEGGEBDcT2SibcXxrRgls9CWPrV2+lbjG6tgwDRwq/lFaFQMt16SHB6z22U8
KbnOhhfLTbSvvSdR2/sUbQ9pUJUq8VR85py6OyGUaOEAiEIee7BGy4AjHBGinW3f ZLmlk3Awi8m21EoEiIMJwandgQ8kURItgba2XRgiuE7R0b0XqODRT15+au9At6b5
8z5qEewOT/Hn9BOHIPY8nNi3k27/RD8bvYXktWoROZ7n4UrkkBmC7ZwELunkp4N3 RP8NZ6qlpmIEVT6bCZloyQbMT1pPpdM6FXW4fGZzQI9kd73gbhg3kMnqmEuxqLvV
wzGA/Waff+rcdCl8SwoZQCocwyM9cmu6tcK1bnlVyp4WQVDqqlxakGkXdKcU2tGr e6jsqTr1a7BH2vYTMFQXfqYSoof6WTac7IqmC7Wcu7Ydkb1liCJ/Ne4FJ0mlx1Sq
X7d3R/638v5R7ZcTtIscOYvjT/YD/9x9DoR1kqDGHOTP5v9nIyKuRVfvSpsPazBI 9Poz/zpgjgbTLQ5QLjvMqkdVJAQpQa0QWh4htOSkgrMbWbybZHoEYTHwaXudlw6h
2IcZj4d/O42JYIAPKokr09/7DVjn2hODs5RGNWJxcn2gB8ff7MYuMQkn2WpzVcGC TmaPxrDL1bFYRPf5l35e9VoHufhjE9wAEwU08adShmvxPbGzYSSWCU20zQ6F5GdE
4IQu4k3PpLMPFu4DAbq8qH/XeviqP8nTjURCbtJY2oSOvY02Wy9kAKGjq+JyTt3l O7L/OwtFl+f7b95uv8M2FT4HDNPRK8LrdqvFYow6++1/2QsEgGZny/lTOzbcZl8K
R3KPfydNjc+TckbDx1Ryxr1ZDgIOarfZaZmpWky33LyHfOfS2B3lsix8qQit5/Wj HaGT3rheElAD2sr6vvCALasiXWmJ15cZfpn0rYQS9V+cYo2X+wi7vZ4SWQsGhoK2
8EvLPzsZxto31qDNO7AEhQvWD3aVLxfwHcEgrEqXwJBtNx004TfCDCrLR+X2b+iX yLMK+M3V2Et/4gfSCKN5uBg4TtgHSFYn1TQuEvTjcLiBPZTL+JZdi5YhBhkhSNwI
U7Va69ojWSmL6xSnXTLTzaJR0QttJ3AmR2gNLsCVH8gqkPuK83N4VyR88pVTutXV 8Ka8O8TE7aYrkBlU2SLT3RaTFU0NP7uOdCSxTudwShB6yeBPySDcv8U+CYnlzuwo
a27zk0tCB0BB3w76cNXNeG2fmM2T7eJHjJlLg9voAgbRM8tva9uT5r6YExK4h0dx GAr6Db9leTk5Wjzd4+1KcP5mQ9hT9X11qgqobfGxSCfzLLkSoJ9PvBwNoFn1FwPy
fsNnZuHrWxaObb4AyUGiA/zMHuiLhASTu3Ueru3X/sMGNYxg3nCT1v9epe529TM4 08GlAm/rJNZI8VKNILQhGfiEazumOlmE0IiI/0GxT6oqQrX+OKQfmqAUg20VMXEG
eX66wEY/aPL/Ms4CpSXKfwy2PjU0oOu7JTDgmKc08cQqjC/mxEI25u51QKTAcYhU LQRRu9W2QzXlfcFOlDjzM1PjtwGpsM5so+yLfV/vKiFnZfQUgUholBq/cJX2ISy5
dAzow0A8CpEwF1uKtRPaU5BPMoCe/+xdPlxXNSYcHr0yHHZJxrOkC03WJJBGlaEd TbmljK7/zCwzGoBjQrJxykFGD1xHZwWY3TEhpQoewduLE1nX3lZtHBHvV6bt2CMD
MZva54oMQxlLlxZeta2lrF66qMrPfp3uHf2d4I7H2pgDEoLygJBUwqy73jmzMiib ld639Jczp5QSAq4yGtZjZYUqHqYGIgNqov8GyLfiNaLUhneojo2V41SL1kRIsF5U
fxozGcbKHdE0VfykiyRgLRZXh7zEsvexyiss7/mhQIkrZkapNiYwzS8KKmcw7OXd EYfjDYXv/MSorcMCI0x8/B+0qxtyd0R05QE1RZnSftQ+appE8XKLVPcFzQ8x+P9g
gKxW3dlQG4oa5eK3wYMgAZtpXxeMrx5jrbcYiT3bBatfa/GutvLSJjUog1kK7/MX 1yW/+CumfKFKZAkp12qpIIPJ6kAe7Ig0Zd3uFgd6FtXbVMUFHqBHGN7ZFC0JwlhJ
E19anA9JKBEFI4cB1jVSapS6oyxWzQ12cSjaVturSNNqlClSdu/nqYx2j2SCkokR NQBjvZbqAymfdlcsDgqAm6e3Fi1uhg7i29iuryC15icudXoGhdzR41vvqJu/hIjB
q7LX0Mi0JRyhc7fihBpjkvOQjWO8kfFz/H/EqV5SWabPUwLbMB2ccUQaHlhcofR5 tvNW23j19JZuJtu7IJn/J6eqw5nu4UFG5LlhiqjsKx16Ae2r2kK8Nl4EZ9hMhMv+
xx5+BSbE/TMywN/ymHFybr+zfCwEaweXE3MxX0bxN2GK4nxSfW7NljEdEq/Piwv5 UOMldoHTno6dsbXkCA0HI5+Uy5ZbweOLOP0gi5ZemoyECyWJTWsCLd22N+EHbdx+
GnMIdA3OYKOTxXZPYgCSGE+X93aIimDhGySHR7sHtwdt6CfYyvCnU6dclKsFjx7d 0+G/WAX9y2av+0VXTPqCs6PacoeCg7Dbah0hp/5Amw36ADIWYKjsa6jUFdZtxi12
nRRjwetZlzkrJ0hGWYEnia5EzHZ3fesqJ2u9JXFBBAUJWNe2nZk5Sj62kzLfsEab KDqY69q6dCZm/Ctfn6FVOPhft/jhl4bqGlmRTy7YtxHM8aqoC3bPz4/x9/WuffQG
WC5slugY2Ogghb3qkMJW9LJR8H7aU3me+rGR3UeDMqQyTbzUPnd8+pfBupRUNyUg 4zhj8TXva4QHmQnJ/bhLemNz4b6SJWnulNcDvkTetwUrcI6X6/UWpMROLqKmJWbH
m9KP5JPBnDX8s0DWhiIQpQiDO9IlUpaRkVqtRQxernB0a5qHTo71q2BmbYoIn8jw ZfC2siIAPZRWsovSNbq4VENFWiP3NUwUUa0AHVZkldg/sNJxbiZvAUBCrMsIDKlS
F5b40UAhbC0kvg9AM/5KDLzTSS7/DCFFDRrXUWW4E4kO70qFbahrFmGZmbBcMg7i 4RuMY5M//5Zc7AyFiCfmUSn/l9G/Jhxoc6jQhyZQGAK+eOP2WdCrybn4dPeNP2Cv
x+h7+HlhNRyEQwgEpsYDiCMna7uigdVo0oD1Ik9BXPrEEqiVx32l8d0U3tKrq285 czxU90kFJwnyre8eN37GL46o7cECX33d60hgL4hPBlwYowczrW+VUdNUbpUlRTGn
u0EHQTfpG/LD+jeFW0E5pUPF0CfvC6ehmH1JcNoB7xWvf4YEJN8i9jhYxlwECWYR Rj+rcHVRgEVjeGsasFb3S5Lb0aY75Wy/pOumQYxc/5Lm4IeF+i2sJuMvJQxuPbcx
Clzk9PlhkJvpMv85Du1jQUqHbHg0/w3uZnkP7sj46/z20YWGVKh53uXWqzs+77ea gw/J0y0H3VZXOcLbin6GEqC0rkANi3thkU/LjtOUzXHm5vkmfaNXMvXQMKuK/gXW
x7JFKviVo89fALh3rxxrvQu7LVOdqSOnZ8eZtXqabIt2+k15O1DYCyxU32dbjUZL UP/W2924d7VWajoidXXE1S8XHEllhrT4xkxZ+3Lx8oB8AycEUw8AeGfXx8rdOsri
gfwFdSn/QsNd3v8X+Sg/+95JUU2DihxNPsKZ0Ge1OEznOaxMm8u8Ry7WU38JUKNG VVeG3x/Yi5Prvr1gJxFeNv6Sbwq2RDLep/GJBxIY+tcuTy4Pd7CtBmokIOHCUySB
1XrHcgUZ9fqPvJCefZLKT6+H/BPYL5XUn4yxtmx56ejicSdQqmH8qYgc2nn6bN+4 q1KR6WuhB8/rdfcUa9oooJUPr2nB6EToNAUvNRFdhqzWvvuxT4l4CurGUwc7pM3w
EzsA8Mj0bAfziRD4sNmTd/pWSjWFx39Mhj+dtmNXS6ksXpl3OERv3ivlSfmkp3+z PFaeW5xxadBIDTehRXmoUc4blfa7BAfM9H0IH3r968njQWUfC2XgUh7wpfOAD9NJ
egRpGurwB0RH/easzdkVSHYgAtmVeD3yvGxVpDVwlG9bz2pb597KK12HErQmJaCK yYUMxfy8RRRwmBwBMA5ja0SZr0myCvEHkK2LOhFFhKLFtw1tocNVP3unRY9UjrgE
pqz/Yvac1qE6ZSm0FgNGVMspY9ttLqYUNEPJ+Hu2aCtOxiY9oNsoWFj/kFCZk4jg T+FAgqqhZEWgPvaKJFDzl7la/T9DVfvpXyTAEX2n1jvL2UYpyV+0bjP1/7cEnvTD
I2khWehwOwq9qw5CwODXPhFnPWbsrheTNng60zeNfPkKG5IKIOmHpsg5/CFijV+h Q/KvrQMszNS8Ams2VZiqQfrV9odGf+OXGO0cCXNdbWJtRC8TV4+mSnfPO7f3dHvs
lCYCkiUU9L9Z/ENd3XA31VQWDeRbFqlPIoCQY/8U4mbrH+zmpjPgYKIQ43Lt9UhT fOkeN7ArJmiZIUevxsgQe1mCFGp6+L4/XPalGV6LzIUY7kS4HNW7gpn8lDYw6Jwv
NiwNs3kBcQ9NGy4AtIKjmxqnkcw1UXpFzLLHuPE44yWZ7d30/nv06Lud81tYDnSh TMwvJ5gUJw7cAV4zm+8Syx3IdhyT844J4e8s1nxiBwYDSgfMDa3tJVxWZk7CVaFQ
WNAG6z4PGMbwJKV4NePEnGi+HDHxpE8mg4YLpmN+Jo7dsRZ9zBtLcWayy7crQEjl lSH2e3j7hlWDL2gZ0BZemstT/snE3UgSlQYOy39HohGIffuwVxKMkcRpYk1ADHU8
uGwVLKtp2K4ssFSPIMmIQjeTPCVWLZYwuHQxWmt2fhcgG+G4WQmHjjBeqXqftegu GB8wfDAsSDQ0s452ucbdaY1k6iG2XxjBiovNUiJs/IYgj3n+Lq3MH1WpkRgDRj8D
bFX1HioRnjgWhC9f9JG39E4QvzxogsomX+X61UneCu8VOhohqOy8eIyFKI9piFJX 4vd59gm9YzXa2lrielU2I+qdxTf94P7QhwQitrsvmpmxA5NAG9ola6bXAvUJqilO
qBk02Yij5ilf0w9EmgAvMO4KgX50ofTC05G3g1r+/NXo5ojmcXR9vbHv3ZZQlAaV q0wrlB7l0tiahXlKIHQEVdQB2rTSNZQ5EtcEgAYGs/Lh3FL/pm4Rcv+DrBuFormk
9kntSirAyE3Ug6pBc3F1WRDH8WJ/Ysdd3s8j9BQpTn31hkqwHTadsOzCfKJuoGli YVTElDSNesh8Q2EmOPD8zaUU86bYboz0bDtA6Ry/H7RpYzirBr1ymwvGSeCnLSnW
UyMCdcPoxMf7DwpX2LaqDcElgqLUzlzJLNtry56eLmbanGKoTgW5IDz2JTBIdodE KcbbXS2ntv5ohU/Ksn27t5pJJ1n7bVbTrwoeJ2J4kev54vbjupoR2am97I2Gzlcs
hvZS74pHATmajkAxyjUIGWpZDj81R8B8q09hp0kTUQ1sQpbtnvZaAANo1QcaMaGg G+1K8vJ5L/ECkdZQx+4BU/5a5be3eMe5TpNDmMfT0WRkSC5CLfj1/YqXAIjmxVDo
oc6l0/i8g9H++kSdZOSpJD++O15/qSklQXVVyDOS1hNCrwv5MCXD/iAIE2XkMZSv CJD25BaX0SwSooHrl7hQEvax9oAEjgsG1xJTYU0C9gEUF6abW9hravxxEYgWvu+z
63TyFubFwN8gK9rARSbWEiuzckuyxviAcP7cm6tsPvfQLnyqzC5is3Vv8GNrFPkX 11q0rwhWavVshkk07DPjpcZP6FOvsEJNLfmw+Ob9RcOpaQUJh9xpw7avQSkeQ/hk
zXigdLGL8sgQV8haNSY4HjeKBn9JwnqZg/nh5Zq2FRJUtH7kZXu57KLE+8QmV1V9 K7LElcxUXZJYGEKlu2Ou1vuczdFrJob3xPn/3DE+vfopaQl1XFxFhdkFtk630JX7
tniJ1081VjuqoYYsFO+JpjjVVex9gG7t4L+UAzAGiu+LHUHCLp/aU63w8velA6h5 3gouMVNfdmBgsniIoe7CutNayFoNiCeSbUNDPsOFNiWR/PGiwUsF0pOs2fK64yhl
kwt440g/Z5guB866OyhNQKb6yeOdOMtb8mycDA33daQvs6017rDosjKj4U3SJirq dCwHijMoBLN39jj+LJSnzMpBB+lxiqTAFrcBTc29CDK94VOACLHs9fhUdMmWMu6q
nSsl227PCg26jTeNxBxHMJI6SK9KLPitZKEBgV0g6XYa2pldIC3FAQQ76++APlkl Ms9eTzWZ7cHZpPZTVNnXlVIKx/NfKFl/QMr9ZYYHX5/sxxMXNjjiSM4zvnxvysaf
ruxPv+gdd9lgZh/uFsr2+WswrlRBYyMztQbPEXlg7SWQ+xkRZxwK7+2PBLP/z8yM zOB1YzVgKdc47IvsXYuvN6+jZXoYzNZN65yEKu6ZS51TpOyvl+WyA3JWYGm4EZ/E
sFfFBZhV81hNG0xuBT3r44kMnFxY8GnzR7fHX55Mr3TCV42q9nX2XOdmeHA+Nkci IIJhnxhmlhJfD18GztEvTzLkqY183BkxPdsi01j4i23uxWIhX6WBUUph8hcjq7+f
vSuDOO2wH5f9hHNM1otmghimhbwTS/DP92JqOjwZHQQ9KlwH6AJrZ8YXS5xPRf0u X0KdAA/ObVcE1QQW8yYbKagulN+WJDU2LENgPeNbX217JDgmWgX0pZHt/fIzBucD
GBMQSpoF3g6nrvvxLM4T/VXVEarXAp2SsVE1L3EKmmxCujqKdEJ+wxf/AdkdIJll Et6r+leFWvbezdNAnCj0JeqRshjz/wwaz9u7gckF9YBR1XEqNM8fePXeYGNznlbZ
kpab9Mks5fZLkpWWX2GfTC6j8FnnRWKc/fn+GsjFWaG23O7HYzMt40nxw0JIn3/j qQYyXivDvFmIgXwebiLTyR14OA4y6ZmbQPut9ne26a5r+tmzpD6/Ehl6EaH4z2Yg
i3xhoYoyoPAZZy6Sio46klwjWfn0XjReWOelgRHRIrVwp0uoq2vS5xoFzWTDla3V IYIGnwRy3Ri8u7AuAZTEvv4hzsUj7MpIV35mbQNKpKslDgfD1jFsWAlLo8SJ25iA
scCei1QcMTvgJkXIDCYG+MZC7TrzNFZf15eOBoXODnT3FQjQcgxNMpiLcuyQ4rj4 WvKuYJAXFqBkksL0ZIMuG37O/HjVHESyaahCBy5M2I+BblReyH4dxdZB4kdWBuJW
hgllV2PjIdkz+MV0rrw3fTX3lVULU0gb1obMog6fUGKabTPgB10rBhjJp2luLyyK jwoN964SEpypk+tP9OR1IBHpIuu+Oxvg8iZri8JG8sWjqFOlLSSdG5V9An3/nX1P
K+siCjlOdEnEgyGoDvYdlaVuDbNhcTUl3kME83+0VoUPFaznTOumnRuVBUxY3scY hpGa7sFpQUIxRuV3RH8VuhXVRqeu3M1cIiX53W+Iyuonjlv82HvS9bN44uE3sO2h
lsPe0rHgPu8uhJTbF6/mBHHZwX8EsnrRKCNWWoWdfJ055oyv3NgLSAJMT3ZLoR/l PT0NOgPZMqG9Letybzt78iwXS1qQl76oMDFfx1iHS8n5y1nSkzzedvnGNKzlHqdF
eUN8f6VEN92ACF9d43j5r6XoeMJJExgi6Lnq+fKdvgbePoOYpN3kdbFQTaqIdeKP V3QclzBW6T8mPrqGp95uTBTDSC6EPFZ5QG7E8fw+8d8GJjCHQah/DHeEo3fRQAL4
pGMr5lBzW/MGg47EAbwqOd1cMYWCTEjVwhyF8nnfKNcvgVEHcbZ7FNZh2u3vGeqb GOz+KLHmkjocKZTWVLTVw2sHmo3k0wCk0TSUEjjfSQE2n7QOdsOXQLaAMYvyfw5x
zUzDzH7nYtQhI8bJ1TxrS3g0jWnEq0K/HElNtY2uz65q9kbrwOL05hFrtTMsJBBV RGfPCPyjMSeZxosnGftHp3u6ZlA8QW2CV/WLYai+Qy22z5jvhN+duvQbEI+6p4RU
L8IUsPy9m4CArNsJ+uZW4rKyw/zZGRmcy87UiCkmsKLUmjzhJSPI6ySxezra1WqW BMdDZH4xGF06aPfpeD5f0eH9vsXoRIUG9TUB1xZ3yYLrpQh+AXjmEWzG7b2pa5Zt
eXP5mVK1KgLcR4yRpPfw2+DSeMz4wUi80wFR/mf+q+F3Pm0ZxTU6WclYo0Q0bHdL fNC6J0c9aKvdLY+HMtdQ35Gq+wYVMMtyZLDRDcs9sDnzubxP5loaePKahPARYhU9
GD/qNfU21GQRnDo3oob0t2obPVKYVCKNp33/A5KwwAD93bu1Al/vQ6H/zdMwxzwv 07/cKG0AHZPl2ffWGC0Xr9ayOT41LVL+Q8TM5syz6c1ZAanK6nDCWf2iksIrkQQt
aqJog/voP8aVQUHx9demRIpYqj1v8M023AYzDwVbcidIT2tupNt3HIUjVuUCriuK /ko3R8s401/ajye3AW9lWrW5eUOE6/dF41Ec+znHd8GGk9wH/rG6uVeet1TfsrkZ
ZI6i02rSYN2n+YCTjuaSP6+9GzAktEZAeJoS7L2A4TKlCpXUawo1Lyu6WXiC0ipi OO4v8Sy/bgs/KFDZH9p1Tw7skDdFl3ER5202JrVgcBrVTTjrsw1PIFb6lFCyoguF
124DZg+ibs6BL8nHv1qy12D4yb8NV5qg/xY/gP/YDymLYGJMiUGUGjt33GwZd6Jd z0jOaBRgGkd13IhezPlrr8t1fPppZvUKCYxgv/JPoRAxnTrjTtGv6z0R6POV0vZ/
G0CQfDGJekYYWkFyWDzBUuKdh0zHd8ZVd/swhx82bZz7RDrxYBt1IzU3oQwgvxjf MZBPDnm0lPa1mFidN7lRAmI0VGhgvY/1+tWKWdBbeV4NtoOheRXZgqGYK57qTkMS
eEHVWX+NcuaMeZuhLKahNApli1mQ+ReY3wfAQey3zg1pYrQEHEGtoYiwDOageAD8 1CglYPADZvwyvVcGtNhO+qVwvjuIYhRSL+kthY6pxDRrFwerzyOw8wGCJXpl3Swm
0CcUf6ZqoY3Mpn+qNwX95P09L+GfGK+WLJYyoUp0Mv7IlEDYpdQ28rowkRldB+ba 8Tjip93eMjniZ6k8e187E2iW5ykgZWheSrKjQKFVj/zUjbwxiwfw9WlTUY16O+Fu
lt2dPacRH0xTglUXz1JzjvqLOYtPqfF0JQtYFHziTesBJf3tlhQrErV0Qb15fNAH Nkm+qWTz0lhxmm4PoKSTeTn3uMBaFh25Vc463RGTiBdj43Mtm4/SMWfKEJ93kFgC
tspx1xQz5pFHTmCv25HBLeFO4I2Yy1aLmhjREVTs+lxBYFLjb4vV2z1J2ZypXAsg bISYo3n3MfXJZsO/AuCDnHMvy1DmpdsG+zKbR5+YS+RgiK4Vf+i418xempcJUfP7
Ydi9XTH49kXvMSP3Z4CpYzGR06xhEgUC26Rjn87fvFrTCchhRbcQkwxTxu56xQaV zPlNzSrRt0lncnHij1mWSmQuSR7nAOQtqYWdsasx52Jk8o0XPdixWcutEQVc5vEM
qlBMTCIqKtNCIQwCz8CQey2aPkbLSY8DCwi2Idgy11NUPk1UWjgAYbC1oSdVnXaE MdaYHqvy/cRXBC3tm0B/JKnbDO+OzaHgUcgUW4GJyKxf3iRoK5CIZlBdW88L8rXh
GarLMjmnJm26+ckeTBbMZH34Hw47+6YTirY3/c/cNIvichCMKpamJcKPWWFXpMps K+xxjyTes9alqza9rFB/YaBOZiz7PCZ8mgYIfe+BlDH23KfXtaZVLAQ9CQfFO9vX
FW27hjKNJ8Wb1Vvay+Rph0CzL54dntxioiPcAxeLA6Lz1l23g7aUygIZFfrb7VNR 3Ydu5U2HSCcSmt/+KcWWP5B8RVg8a8ycoF/ZEeTp72Uafx6FFKbJi1LuLOIr7JqJ
Noh9yUrhzsSG3O8HvMyrF+iT0srvD/oSQHz2CasCgN5xz6X6defNayLrKwwIRxam Vkn/9wjq+NVOzDN4+bYI9kPFi1LzqTE953xLm4UfBhGFStMeGqCmdK+KOYcA4iZx
QNJ6xMFD+5ZHV+E9xaobzlBXY0D/NPYzeTF01UrPpd+o/qB8WZ+qlmR6YiV5KxM8 MxIhLDtCbOrKsPVxguaom7iDNnkL8klJigpw5qr9SuHv8cTcYpmgY/KlxDcDcV8R
5CcjvBWhtSxqOmJXpyzhy9Pau8wVe6vGgGFxFeKPDGxQAoSCOW+5xXlg7r6BljZb 1V5WYamz6KPwdfh1BiigRU6dHBrvNY+fBHEV18PelTqm5TWD/ryP/KebvIsLgQhf
Tq2IIwILTcmJ7p7Y0JmJC+LVGClYETX+gt841A7wUMtZB5pgg2NVwS5oj1zOHLc4 VVF1sWZHB5ZSTFiGmXU088isDjJSjtQ27m0Ux5JS07G1U7RTK9N1ZQwmqg90rXrM
GF5RvxsCdM1lG/7c/d8WTPSsIUXjmMo1uaoSPT2licvPYYab7p310GIxgokIpAjx EntLIfVAGwTg10cX8ZV1IwojAPTB1DFYLeYjzDdkZFR6c8pKDtrKqx1ExdUrmj4E
LDAknzbCgaWRVprPvbXMpGSDrxiW6eKj7/ZAl/GdK9wciOElICwAoDF2Ku8Y4N21 c0gIjbnnnwpgNbQXhfYU25F6opEipOCsTQ/HhOeQjpbwnqaDsqht67NNouKMWco+
6QdVQ9/z5pXVAzblHBURHDZ+fv/4TlRDEbmNKk8bjcUj9EB4dUF7H7HlMHRUAGMj T1gKXuaEF5VFMPeIo9YTwOPRtcqtsMullE9vP5jA6QKn0+1zX69ytxwMUy3fe4S0
MNKumY8GdyTqlQ2CLneUpq4YHdkeMU0H/lC20fRqLzGiuQ6+JUZ8lS6dd4fK4zM/ FefRP6E3taViJv10oWqifzJtyNcsBLn13619yxOug5WBvA8UKWXLaFf5BR1ZYMJp
0844Eeq0plCtB3ptpK9+Al4jmX9deiVHs9S5rxkRkQXU7ghUC+Ovg3t8bkq+Xdg/ KG+hrREh2o0cojLooFgL82H5bJYIqiCnv8pb124aghXsMWapot6JcQjjoG66Ni9e
LCQAtc98/lGTgYoJUHblWZmACYowoQZeMHYofLgogXPJAg5rEsdxRuW1lOUn9GHG JrfixhUMDKqBMHvhKTIocysMLjAZs3fUlkZyByexP4/DceJ2YLmD0tTD50Zx15av
9Q6yG6Qxo7+17jBQHbJk8MVxnKa8Vh1IDHyMS4KAuAJc3kG8xwZsPQHcJX1H+S8o kh9jGBrkYDadsGfunLFfyi+aDhDtC3I4kDYXWE4dLUvVwjjn31sBz7qzICYfly8w
Me2cTdBNFFNkyKXcY5l4nOK9Leu+tGGsRjOJsI5bek+PKfzOC+U+nUJ238wnNcxe 2OgZy7Ao63BHTHX3tGjNer2I4Z5HdYlv3NeCIxAKjcFVuWERF3OOi1r54nfcboVy
sIklj4GOuE3AmFEoaqAQM9/UZtBtAIDmcqgzF1bAHtf1bIwMGO/etFmQzB1EgKMd p5HVP4ZYZGKqcTaXNTuuCtkTBwYt3SBXe/dbcn7PCwkgW9Q2uwQk2z4/+3Frq4YP
5EQXHRsWsD97k2QJ5SqzQslJTy6HTGWtMW85RKJPwE8d+Re4uZ+uMYOjm4pHV6hE 8lcjwimFTo1QODAaQNzaQAzMK0OAAxLDmxZLQdN6NAwgcF0ieoG69uu5fgZGO0NY
lmkzyiqw849RIwj+okEH7amdDS0vHI0U8n+hEJ44vUPpOSV9Zjsg6h95YwHb49rg qQyP4aWoY7WfXllAeVoDiwWcl+N5WMviK9uBbI+gTem3AiE70dr3roxFlHcArQS9
fg5FeKQC1KDJ3NfWy3KyjcnvblFAY+4U2tikqVTF6gHuKLl4uRqLe6sRIoHcYPjN UZHGS50tTI/4xf5qerK/B9rkU750sQKdvbAJZkXaxg0so1r4qpSRIvsHGfBTZjP8
D+2ylKgwRyGtvMSJQ2NzFXb+eIz5F7PrqtUj+KKZ4hyT5qI8GL00/YBuFzQtR3ts 0OH+7T2VRaBQSb8vGTcONqmzhvWrkf2HUswPFjLtlcWszbHgnhusb1dOPPWkr8DD
HU7A/aICewOfa0hvgTxok0OWWNPnYQYLcxBo251otY6eqHWacLqb+0rQyCE1irwc CjElwQcg0m+6WPQqIH3QBXt+aOndZ4kHEdurcjwa/AcVHykc/aR8mR0+bP7KRsv7
KqEm5uTWwM7OEuUnCc9Rc8P3+78U/zNo42kz8Xmr9QQNA9u09zWKyYCGisSlou0K SVG+hD6hOL2cBVL3HCWF7z/K4f+YSQ9KTF/efP/Kbr2o98zrQ1IhKDIPZ8sJVPVz
eeaaViMiq0iBoqOvCYVxcAPUFLqFa9GlQDKweGeDXcobSI1LAa6F8lVUe16EU+I3 WcK+GU0JUDreuVmVnWrvDM3Pk2/3K1/23xGzfDF0S/gF9OPHX1jH/KTnz0KHQxFE
0dcgdsn05ge1tikSoBm635OM2bsXUahKXslzZxlwuZC5gDRyHW9mt8SiRcDBw1/k sTNJox/80sTqIsuTiw3b16bG5KAGgeiLWSAzUO7eOU5goB9QWT+QSblMmdumGhzF
+0I2G7Te8u8DDYbrRQay/g0OdWEoqZJ8HRXSgK4heGd9xtYemfvZcSvLDfSGr4Zm jQFGmNL0aaxJa1U/kq6T2NoiLetQPJDEdr6UHloASF/mZtbPlQlgyKxbeS3y468i
x81Qix6s9LsWhHXx6EEem6xiXEfG/UoUiqToBTg+o0vx/3IR09Gtm5Nr7Kspt/AJ tVQWEHyePSzvIYfknfnCeeJtQNaABfICfYBedlzxk4zuyRUSlrenW0RCuCMuIOQL
RCuhq5nMp3tFWtoCpXem6CC4GyTew4wI9U8sv82Hzu9J7IeZuHwqgHvHqUm5if8+ uRXdnuB2aC3Gnb1KVcWilRO2C+O6HhodXqDNwWSQjku0o2mhbCZ5TAL87GzVSdI6
Z86qkKjfuaatH1EHcahU6KvCY2fKTkw4k6ZZ1gb+A+qExuRVXoJ6lOiuzlhkpJhX 9FgMsfD4GyH3LnHQDr9jjFqhbARBWqhCJoy62ES8LlLg3E41b1/TEeP6c1IJ54uz
4JwV3ri9SjfND3aVDQnBKNdYP0LnVmJdOea+rh1Gj0kIL4IYa3TQoJzK4IEeQt/P j3H3nhzCPeUA7w7jc324lioLT9QtiWnKSE4OkNarGwxGq+lJxAZ3qafimRe/DGC0
01/wDTLyzmX7BMTP9KLol/iO8ZbeRXefIva6CHVnSNXaJrk3rQ2LVfTJA3qE1Aud ysAysJQTLN4MgsAr1RDvnXY+UD/J2HrZZlYguTLc6Qz8NclJO0eHYGec8hbWw4Ji
BpJIx9DLYm5cyCD1AJIF4h44TXo1aek5WUFQoJmNM9QdKB1qwrB+oIAhAwT7Zwvr OvpVNpqSKi6aW9atAWONoQ0c6YJqetNab1lSWXSYlZTwZnf3iSlgC5x2k2zrQOkv
Hdt99I98G/kyehjuJoJ0RNvJM9LPDgquYCW1jo1sRxv84cYM5/fGdFoDJZo0T35e kipyixPl+BK0cP2gzXZihacodnfL8QJVZuNdCzfM31skCehMV4moXBmQeOGU/z+J
E+0WoNjrwQwJv1hdFATH/TVyqFOh2aJ2AXpkpf76h3b1gY9MhzNFVX2uhdMv5nU5 y2jFdZk3APNq8Jc0fDpqtGedriwbRnmG8RysfS5vaa2pdZdtpLb+TK9OyGcDBLb9
mjYVX6/HLdS5FsjUaDZa9DoYRqBJUv+2W7sPnf3mCvrzyqMP2IAbcSWOnHKovU4S 2anQNQnafUXz4AKY5j8C7+eTiWt5bfUtN9zqVUcMxcjpPitaldyG0xMrXMThftq6
5JwF698f/nF2zpuAtaAo8CScFO40LNA1WMiOCzhGpaBneeytIUVREtz2zyYMTCSu PaUFS6pEnw3Rurz67gp0zBIa+ajmwFj09LqPC95JH+PJttnrztgc3B4eD7xuWiW4
h1sP1UFReIei+mAiY12DRVrcVgrgCohoxueJjjtYCBsBv9Vgq1DNohPekjLbC+wd AWybu1vWGY9bEzwNHr6Jn2XMx4T5CadOXGzid0JcoIu+/SpME1fWLBNr9H9hCC+W
VsQW0le4xL7OhJTREoW4jhoAmip1dZIp7VLNb5R0yXyKdUK+uRsiccz885vrUSer drz/lwkYijOvw6RPdsp2Go10W8/DXRdcses32WZyfr1RZ9S+BfJs01hQmVh8cs15
ux2LT6mcutD64Y9drHfh1zRh2w0/NW+JqUupsOpUi9uNzMIcZMWrJm+F6ydwLuIS /aQhCPIxtmWQUKXHCzWwKI6J7LJyugfpImWGL3Xt9dvwIz62Ma3AECrPx3SsOLMA
1FCR121ku9lYhlbFhI9j84JdJAB1XG1l8gi755w/Rh27dxmj3r24iq4wB9Ozlu32 y5Mb03lft3FXOD+ZQs6kxcS/E7NfM2bch3BjY/3jOk5b/YxZeUxvXAWJ+W6l1hva
lix5u2oy+nSU/EHwbayAtiLeSm6FVNxzr1AO99xgTDkm8OWxCpSjqznzWffI+uPq D2fyDbAfCZTtIJGEc1vxO/7MxzDyYnLuFavEPhh0YWB5S4tbz/2nWQ23SzoWazo3
SoqL/FjUUV65GxqmvnN66kGPI9QeX+pmHA9DlsabqWgy2zQKmK5QQfRgOloU+kIG s4RIO3aPl9ogTraNAtkrB0BPgxdFzUCbAEf7guX816wSPeW72Iess7TUyt1TK9wV
Aq5U6m0FKBJILTa8gC8h4HbuacHiW9w9wiBFd7Nur6/ZhzZz+CFlyjlolu+SWfbj oCOlTEfuggTROFX7/VGfduLQCjI/8xvfQguvYDt4NwUAdeIu70a5TnO1DOxPioz8
M7mpNDtOfifB14SVjHwbupb9mwaToLe44llHrX860x7MTvR7AJZ4e9ATb5ZkOiVA wwBrXOhzXEd1oZ4Xmc9rxqdCsq5s7bI7M/0FpSs53nuQrlZDqTrJMI+rW4jhIrb/
uzJiLcJbunOsEq4moIHDlPw4xs4U0+6N7qlupHeV1lx9mz392+9RW8/r8nZRkO8g xJmDE2/0i6fUy1eZWMpoDDcD2Om7S5vbOquhsuyV8RbiPXnoCJsNMbJIIIotkVMR
NBr1VhambZliGNjAF7gS+AoyZdSFHvjyUZ8dx0Tw4qEGvUparsp2MKHqmF0+29Ty 5yEhltLdD33cwnqKKqWcHKUO5fWtegP+ZIVxIG226U5itJbiU+uj0TUZsbCu52uI
GkOgetOL6bcoW29PkhnodKSscod7sk4C70hJBJ7RrJNlA5YuwrWzokeD3rjEzqlj 9RQp3Q8gMwkQ3PAaXqHmknVAUeTKSU34RV9kn/rlN+1mFC49ribsHUVaPzlG1sMg
dmRN2m9DQnXNeHKsxEsCkgIeLZVsrCxMVONTCrdfQnKnzZDgtoI4EYFfEElN6qQ7 Cg3rt243Q2zMmdwdokmUT5euga4Abw9xhTRgoSCEGoQhlMW1PO3ZVs+Nmr5QQW71
v8LtiJyqtmYSPU3c3xb+zsWtElso+HfHELrwsY8ge485xBwtGTGKZtCcxsKtj97X ITfHV2UGUm/F+b6iZWA+TQ8RgHTVzHWrUSlJuCqpcFxxY/ezzeB0iappZTkGN2E9
gb/4pfvziajCLU/MWnE4fzQXPjXk8NEQRdk+EsgoCOxnTPShAnW+MDN143ndDN+J 77owuDPHV8CyTQvJs+v2YcP+rgBXtCzIPxVjz0v/mfNvo7fXo6y+709LXj6hhAro
+BuTpFVF/duO+Vobv3N+3dH+Qd1qhui+q7R+ojXyp516X0IZCKr6211hAGgI7i+y xBPAaVxvnB395oaa+1ZMCDOzxmSYnpMj1qP0pnwYdvGsFeUFWZa20O4gveQ2qMc1
Z2RGCHIF3AA3ncH/An0X0RHgQi7ZIoSGDoHR2v0blOXDBNlzRXXiVEUGu1XuBp/o r6WYj/48a7roSpjBTI+ZFQ/5EnkdLBJ0DoXi1zncQYPnHl9VdXDuucegLlkEhF7W
BDnnXqcLT2Nng2tgdu6XvbIfgdr15/zrwKEAbG3yJa2iGsotgdiu1DgU7lfktlPq dhiRCnLWywqM9o5+WwAFrUq7IQZy+g5Ar93Ymwitawv7XsMw2SIeR0Nisf1r23Ai
ftTzg2nvDkTGT86AsTQNM2ClARtAmQnul5v/Oo926jCr+471rEXfN6Gm6zkwwoAG OqFSKIhOajCncNFAGCv9fC6/m66B7gGba5y4SAOqm7qWpPuVAZvc/kO41v2gAPl6
ZyE19pnIaF/p7tczePNgug== GpZyX492SC9oN3dOJZELsQ==
C.3.14.1. S/MIME Signed and Encrypted Reply Over a Complex Message, C.3.14.1. S/MIME Signed-and-Encrypted Reply over a Complex Message,
Header Protection With hcp_baseline (+ Legacy Display), Header Protection with hcp_baseline (+ Legacy Display),
Decrypted Decrypted
The S/MIME enveloped-data layer unwraps to this signed-data part: The S/MIME enveloped-data layer unwraps to this signed-data part:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
MIIUpgYJKoZIhvcNAQcCoIIUlzCCFJMCAQExDTALBglghkgBZQMEAgEwggrPBgkq MIIUrgYJKoZIhvcNAQcCoIIUnzCCFJsCAQExDTALBglghkgBZQMEAgEwggrXBgkq
hkiG9w0BBwGgggrABIIKvE1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt hkiG9w0BBwGgggrIBIIKxE1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUtbGdjLXJwbA0KTWVzc2Fn ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUtbGdjLXJwbA0KTWVzc2Fn
ZS1JRDoNCiA8c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLWJhc2VsaW5lLWxn ZS1JRDoNCiA8c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLWJhc2VsaW5lLWxn
Yy1ycGxAZXhhbXBsZT4NCkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxl Yy1ycGxAZXhhbXBsZT4NCkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxl
Pg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZl Pg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZl
YiAyMDIxIDEyOjE2OjAyIC0wNTAwDQpVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZl YiAyMDIxIDEyOjE2OjAyIC0wNTAwDQpVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZl
cnNpb24gMS4wDQpJbi1SZXBseS1UbzoNCiA8c21pbWUtc2lnbmVkLWVuYy1jb21w cnNpb24gMS4wDQpJbi1SZXBseS1UbzoNCiA8c21pbWUtc2lnbmVkLWVuYy1jb21w
bGV4LWhwLWJhc2VsaW5lLWxlZ2FjeUBleGFtcGxlPg0KUmVmZXJlbmNlczoNCiA8 bGV4LWhwLWJhc2VsaW5lLWxlZ2FjeUBleGFtcGxlPg0KUmVmZXJlbmNlczoNCiA8
c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLWJhc2VsaW5lLWxlZ2FjeUBleGFt c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLWJhc2VsaW5lLWxlZ2FjeUBleGFt
cGxlPg0KSFAtT3V0ZXI6IFN1YmplY3Q6IFsuLi5dDQpIUC1PdXRlcjogTWVzc2Fn cGxlPg0KSFAtT3V0ZXI6IFN1YmplY3Q6IFsuLi5dDQpIUC1PdXRlcjogTWVzc2Fn
ZS1JRDoNCiA8c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLWJhc2VsaW5lLWxn ZS1JRDoNCiA8c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLWJhc2VsaW5lLWxn
Yy1ycGxAZXhhbXBsZT4NCkhQLU91dGVyOiBGcm9tOiBBbGljZSA8YWxpY2VAc21p Yy1ycGxAZXhhbXBsZT4NCkhQLU91dGVyOiBGcm9tOiBBbGljZSA8YWxpY2VAc21p
bWUuZXhhbXBsZT4NCkhQLU91dGVyOiBUbzogQm9iIDxib2JAc21pbWUuZXhhbXBs bWUuZXhhbXBsZT4NCkhQLU91dGVyOiBUbzogQm9iIDxib2JAc21pbWUuZXhhbXBs
ZT4NCkhQLU91dGVyOiBEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjE2OjAyIC0w ZT4NCkhQLU91dGVyOiBEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjE2OjAyIC0w
NTAwDQpIUC1PdXRlcjogVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEu NTAwDQpIUC1PdXRlcjogVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEu
MA0KSFAtT3V0ZXI6IEluLVJlcGx5LVRvOg0KIDxzbWltZS1zaWduZWQtZW5jLWNv MA0KSFAtT3V0ZXI6IEluLVJlcGx5LVRvOg0KIDxzbWltZS1zaWduZWQtZW5jLWNv
bXBsZXgtaHAtYmFzZWxpbmUtbGVnYWN5QGV4YW1wbGU+DQpIUC1PdXRlcjogUmVm bXBsZXgtaHAtYmFzZWxpbmUtbGVnYWN5QGV4YW1wbGU+DQpIUC1PdXRlcjogUmVm
ZXJlbmNlczoNCiA8c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLWJhc2VsaW5l ZXJlbmNlczoNCiA8c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLWJhc2VsaW5l
LWxlZ2FjeUBleGFtcGxlPg0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvbWl4ZWQ7 LWxlZ2FjeUBleGFtcGxlPg0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvbWl4ZWQ7
IGJvdW5kYXJ5PSI2M2MiOyBocD0iY2lwaGVyIg0KDQotLTYzYw0KTUlNRS1WZXJz IGJvdW5kYXJ5PSJiZWQiOyBocD0iY2lwaGVyIg0KDQotLWJlZA0KTUlNRS1WZXJz
aW9uOiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L2FsdGVybmF0aXZlOyBi aW9uOiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L2FsdGVybmF0aXZlOyBi
b3VuZGFyeT0iODAyIg0KDQotLTgwMg0KTUlNRS1WZXJzaW9uOiAxLjANCkNvbnRl b3VuZGFyeT0iODI4Ig0KDQotLTgyOA0KTUlNRS1WZXJzaW9uOiAxLjANCkNvbnRl
bnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQNCkNvbnRlbnQtVHlwZTogdGV4dC9w bnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQNCkNvbnRlbnQtVHlwZTogdGV4dC9w
bGFpbjsgY2hhcnNldD0idXMtYXNjaWkiOw0KIGhwLWxlZ2FjeS1kaXNwbGF5PSIx bGFpbjsgY2hhcnNldD0idXMtYXNjaWkiOw0KIGhwLWxlZ2FjeS1kaXNwbGF5PSIx
Ig0KDQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxp Ig0KDQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxp
bmUtbGdjLXJwbA0KDQpUaGlzIGlzIHRoZQ0Kc21pbWUtc2lnbmVkLWVuYy1jb21w bmUtbGdjLXJwbA0KDQpUaGlzIGlzIHRoZQ0Kc21pbWUtc2lnbmVkLWVuYy1jb21w
bGV4LWhwLWJhc2VsaW5lLWxnYy1ycGwNCm1lc3NhZ2UuDQoNClRoaXMgaXMgYSBz bGV4LWhwLWJhc2VsaW5lLWxnYy1ycGwNCm1lc3NhZ2UuDQoNClRoaXMgaXMgYSBz
aWduZWQtYW5kLWVuY3J5cHRlZCBTL01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcN aWduZWQtYW5kLWVuY3J5cHRlZCBTL01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcN
CmVudmVsb3BlZERhdGEgYXJvdW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBp CmVudmVsb3BlZERhdGEgYXJvdW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBp
cyBhDQptdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGlu cyBhDQptdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGlu
ZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgdGhlIEhlYWRlciBQcm90 ZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgdGhlIEhlYWRlciBQcm90
ZWN0aW9uIHNjaGVtZSBmcm9tIHRoZSBkcmFmdA0Kd2l0aCB0aGUgaGNwX2Jhc2Vs ZWN0aW9uIHNjaGVtZSBmcm9tIFJGQyA5Nzg4DQp3aXRoIHRoZSBgaGNwX2Jhc2Vs
aW5lIEhlYWRlciBDb25maWRlbnRpYWxpdHkgUG9saWN5IHdpdGggYQ0KIkxlZ2Fj aW5lYCBIZWFkZXIgQ29uZmlkZW50aWFsaXR5IFBvbGljeSB3aXRoIGENCiJMZWdh
eSBEaXNwbGF5IiBwYXJ0Lg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5leGFt Y3kgRGlzcGxheSIgZWxlbWVudC4NCg0KLS0gDQpBbGljZQ0KYWxpY2VAc21pbWUu
cGxlDQotLTgwMg0KTUlNRS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHJhbnNmZXIt ZXhhbXBsZQ0KLS04MjgNCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
RW5jb2Rpbmc6IDdiaXQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0 ZmVyLUVuY29kaW5nOiA3Yml0DQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hh
PSJ1cy1hc2NpaSI7DQogaHAtbGVnYWN5LWRpc3BsYXk9IjEiDQoNCjxodG1sPjxo cnNldD0idXMtYXNjaWkiOw0KIGhwLWxlZ2FjeS1kaXNwbGF5PSIxIg0KDQo8aHRt
ZWFkPjx0aXRsZT48L3RpdGxlPjwvaGVhZD48Ym9keT4NCjxkaXYgY2xhc3M9Imhl bD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+PGJvZHk+DQo8ZGl2IGNsYXNz
YWRlci1wcm90ZWN0aW9uLWxlZ2FjeS1kaXNwbGF5Ij4NCjxwcmU+DQpTdWJqZWN0 PSJoZWFkZXItcHJvdGVjdGlvbi1sZWdhY3ktZGlzcGxheSI+DQo8cHJlPg0KU3Vi
OiBzbWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUtbGdjLXJwbA0K amVjdDogc21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLWJhc2VsaW5lLWxnYy1y
PC9wcmU+DQo8L2Rpdj48cD5UaGlzIGlzIHRoZQ0KPGI+c21pbWUtc2lnbmVkLWVu cGwNCjwvcHJlPg0KPC9kaXY+PHA+VGhpcyBpcyB0aGUNCjxiPnNtaW1lLXNpZ25l
Yy1jb21wbGV4LWhwLWJhc2VsaW5lLWxnYy1ycGw8L2I+DQptZXNzYWdlLjwvcD4N ZC1lbmMtY29tcGxleC1ocC1iYXNlbGluZS1sZ2MtcnBsPC9iPg0KbWVzc2FnZS48
CjxwPlRoaXMgaXMgYSBzaWduZWQtYW5kLWVuY3J5cHRlZCBTL01JTUUgbWVzc2Fn L3A+DQo8cD5UaGlzIGlzIGEgc2lnbmVkLWFuZC1lbmNyeXB0ZWQgUy9NSU1FIG1l
ZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEgYXJvdW5kIHNpZ25lZERhdGEu c3NhZ2UgdXNpbmcgUEtDUyM3DQplbnZlbG9wZWREYXRhIGFyb3VuZCBzaWduZWRE
ICBUaGUgcGF5bG9hZCBpcyBhDQptdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2Fn YXRhLiAgVGhlIHBheWxvYWQgaXMgYQ0KbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1l
ZSB3aXRoIGFuIGlubGluZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMg c3NhZ2Ugd2l0aCBhbiBpbmxpbmUgaW1hZ2UvcG5nDQphdHRhY2htZW50LiBJdCB1
dGhlIEhlYWRlciBQcm90ZWN0aW9uIHNjaGVtZSBmcm9tIHRoZSBkcmFmdA0Kd2l0 c2VzIHRoZSBIZWFkZXIgUHJvdGVjdGlvbiBzY2hlbWUgZnJvbSBSRkMgOTc4OA0K
aCB0aGUgaGNwX2Jhc2VsaW5lIEhlYWRlciBDb25maWRlbnRpYWxpdHkgUG9saWN5 d2l0aCB0aGUgYGhjcF9iYXNlbGluZWAgSGVhZGVyIENvbmZpZGVudGlhbGl0eSBQ
IHdpdGggYQ0KIkxlZ2FjeSBEaXNwbGF5IiBwYXJ0LjwvcD4NCjxwPjx0dD4tLSA8 b2xpY3kgd2l0aCBhDQoiTGVnYWN5IERpc3BsYXkiIGVsZW1lbnQuPC9wPg0KPHA+
YnI+QWxpY2U8YnI+YWxpY2VAc21pbWUuZXhhbXBsZTwvdHQ+PC9wPjwvYm9keT48 PHR0Pi0tIDxicj5BbGljZTxicj5hbGljZUBzbWltZS5leGFtcGxlPC90dD48L3A+
L2h0bWw+DQotLTgwMi0tDQoNCi0tNjNjDQpDb250ZW50LVR5cGU6IGltYWdlL3Bu PC9ib2R5PjwvaHRtbD4NCi0tODI4LS0NCg0KLS1iZWQNCkNvbnRlbnQtVHlwZTog
Zw0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogYmFzZTY0DQpDb250ZW50LURp aW1hZ2UvcG5nDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiBiYXNlNjQNCkNv
c3Bvc2l0aW9uOiBpbmxpbmUNCg0KaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUJR bnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQppVkJPUncwS0dnb0FBQUFOU1Vo
QUFBQVVDQVlBQUFDTmlSME5BQUFBY0VsRVFWUjQydVZUT3hiQQ0KTUFnUzczOW5P RVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFBQUFjRWxFUVZSNDJ1VlRPeGJBDQpN
M1RwUncyMGRxcGJmQVJRRWpPeXdpd1luQ3RrREtuYmNMazY2c3FsVCt6dDljaWRr QWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95d2l3WW5DdGtES25iY0xrNjZzcWxU
RSs2S3drWg0Kc2dyemZjcVZNcEwyam8wNDQ3Z1lEcGVBcmsrT25KSGtJaEFmVFBS K3p0OWNpZGtFKzZLd2taDQpzZ3J6ZmNxVk1wTDJqbzA0NDdnWURwZUFyaytPbkpI
aWNpaEFmNVlKcnc3dmp2MFpXUldNL3VsaQ0KdmRQZjFRWjJrREQ5eHBwZDh3QUFB a0loQWZUUFJpY2loQWY1WUpydzd2anYwWldSV00vdWxpDQp2ZFBmMVFaMmtERDl4
QUJKUlU1RXJrSmdnZz09DQoNCi0tNjNjLS0NCqCCB6YwggPPMIICt6ADAgECAhMP cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0NCg0KLS1iZWQtLQ0KoIIHpjCCA88wggK3
LSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElF oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTENMAsG
VEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNB A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBM
IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIw QU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4
OTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEX WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExB
MBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw TVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEB
ggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFC BQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoi
rS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165e ZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLYYy3i
rnT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc Ox7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLo
1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5q OAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5ksKqU
DTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf uqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5DeoULq8
58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/BAIw v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAMBgNV
ADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21p HRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNh
bWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBSAw bGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB
HQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEwjnwH /wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0jBBgw
Fwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBakDKU6 FoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJeKCc
8ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdaox644 sTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30iLrPI
DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Nar2in FlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc9gMG
C0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtluLih HjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94M527
ne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK49+q 4XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCqh64P
YC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vRhZjV 1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOURza1
D6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0B SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnXMA0G
AQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UE CSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdH
AxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0x MTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9y
OTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjER aXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQK
MA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjAN EwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxh
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4 Y2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2af0+S
TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7G tijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwORjrc
xVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12 9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z34rT
DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkN iz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4xrIJ
BR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR C3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3vzfo
+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQAB g8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3SeOW
o4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4G wks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFl
A1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUH AwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAK
AwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZm BggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeu
czAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0F KWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqG
AAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd6 SIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sYonX2
4roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIjSo27 doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3pdpVY
PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31 eDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqDIdqG
wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnY JdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQs
xs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgN Pn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyHAVcs
G/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UEChME m0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0w
SUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBS CwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxl
U0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6aqdcw IExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kpolw6
CwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG 9Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
9w0BCQUxDxcNMjEwMjIwMTcxNjAyWjAvBgkqhkiG9w0BCQQxIgQg4f753q+skjOT MBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzE2MDJaMC8GCSqGSIb3DQEJBDEiBCCY
bEsl5q6WUySCAbgxotWkN7Ci2/Q7J9cwDQYJKoZIhvcNAQEBBQAEggEAiUGuCHAe UuDiqUQkX8Y6z7GoBK5oZgbF9o0kqfOxpi4tDaKThTANBgkqhkiG9w0BAQEFAASC
JkzXXnkH3k8yFGtEkkMscuC0JOPwqnxHzILBDYt9udpeParT/drO0VgRKxCQ0mxT AQAPvlBItCWJNdtkeHveM0hBpLsosoAUG3bMHg0JNi89kzV02YK9YDjFSG2nX2Wj
sz0D65erzo+ZXfuXC5+Q4hzqdNkQhC8Vi7H2NL8KLsBrXNLZtG82xco08fTKTWVq pYuKJVi7UH1aGCmyA0D20umbcIuBqtWXX+W4SRhzNGR3P+lxlVKMe//qPlTgdZTR
c2HwuAPL0+Yh+fTfqrr5oRnJvPVkTxl97KxTA1YNQh/s+Uuacumnmr/3iuHwjubd t9Eg+vmJwrIuJVcZk6+tagnOinCl5watJ0BDEnCQcgywe+5EvT7+kRrIV8eZWj1f
+iesA8wZ9RWsmeg4FGUzaVrTRIHj8p6YQQYJcOomV9GuRbjUzMVTL/fOB0G6Jho1 7e2ut4xOMYVOKwWBOpBFtY27rlu8rMjqf6JT1wpvGvaXllsTsBPqxfOPe0x321ma
aq6nGVcsoVTMIrH8nJv54eHQtWtYFBJI855oDbkIS4DxH0wR5121BayRN7MgC6q+ HGAO/tnCcM7FXtFChgFR6rfpRDvTBvFtR81lDbK/vPYo/PevKjR8mX5lgO0GcFwg
H+cJTAZUD2IF7Q== 30JDp0rABngu4wItcNYBsHNP
C.3.14.2. S/MIME Signed and Encrypted Reply Over a Complex Message, C.3.14.2. S/MIME Signed-and-Encrypted Reply over a Complex Message,
Header Protection With hcp_baseline (+ Legacy Display), Header Protection with hcp_baseline (+ Legacy Display),
Decrypted and Unwrapped Decrypted and Unwrapped
The inner signed-data layer unwraps to: The inner signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Subject: smime-signed-enc-complex-hp-baseline-lgc-rpl Subject: smime-signed-enc-complex-hp-baseline-lgc-rpl
Message-ID: Message-ID:
<smime-signed-enc-complex-hp-baseline-lgc-rpl@example> <smime-signed-enc-complex-hp-baseline-lgc-rpl@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
skipping to change at page 222, line 11 skipping to change at line 10274
HP-Outer: Message-ID: HP-Outer: Message-ID:
<smime-signed-enc-complex-hp-baseline-lgc-rpl@example> <smime-signed-enc-complex-hp-baseline-lgc-rpl@example>
HP-Outer: From: Alice <alice@smime.example> HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example> HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 12:16:02 -0500 HP-Outer: Date: Sat, 20 Feb 2021 12:16:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0 HP-Outer: User-Agent: Sample MUA Version 1.0
HP-Outer: In-Reply-To: HP-Outer: In-Reply-To:
<smime-signed-enc-complex-hp-baseline-legacy@example> <smime-signed-enc-complex-hp-baseline-legacy@example>
HP-Outer: References: HP-Outer: References:
<smime-signed-enc-complex-hp-baseline-legacy@example> <smime-signed-enc-complex-hp-baseline-legacy@example>
Content-Type: multipart/mixed; boundary="63c"; hp="cipher" Content-Type: multipart/mixed; boundary="bed"; hp="cipher"
--63c --bed
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="802" Content-Type: multipart/alternative; boundary="828"
--802 --828
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Content-Type: text/plain; charset="us-ascii";
hp-legacy-display="1" hp-legacy-display="1"
Subject: smime-signed-enc-complex-hp-baseline-lgc-rpl Subject: smime-signed-enc-complex-hp-baseline-lgc-rpl
This is the This is the
smime-signed-enc-complex-hp-baseline-lgc-rpl smime-signed-enc-complex-hp-baseline-lgc-rpl
message. message.
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft attachment. It uses the Header Protection scheme from RFC 9788
with the hcp_baseline Header Confidentiality Policy with a with the `hcp_baseline` Header Confidentiality Policy with a
"Legacy Display" part. "Legacy Display" element.
-- --
Alice Alice
alice@smime.example alice@smime.example
--802 --828
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset="us-ascii"; Content-Type: text/html; charset="us-ascii";
hp-legacy-display="1" hp-legacy-display="1"
<html><head><title></title></head><body> <html><head><title></title></head><body>
<div class="header-protection-legacy-display"> <div class="header-protection-legacy-display">
<pre> <pre>
Subject: smime-signed-enc-complex-hp-baseline-lgc-rpl Subject: smime-signed-enc-complex-hp-baseline-lgc-rpl
</pre> </pre>
</div><p>This is the </div><p>This is the
<b>smime-signed-enc-complex-hp-baseline-lgc-rpl</b> <b>smime-signed-enc-complex-hp-baseline-lgc-rpl</b>
message.</p> message.</p>
<p>This is a signed-and-encrypted S/MIME message using PKCS#7 <p>This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft attachment. It uses the Header Protection scheme from RFC 9788
with the hcp_baseline Header Confidentiality Policy with a with the `hcp_baseline` Header Confidentiality Policy with a
"Legacy Display" part.</p> "Legacy Display" element.</p>
<p><tt>-- <br>Alice<br>alice@smime.example</tt></p></body></html> <p><tt>-- <br>Alice<br>alice@smime.example</tt></p></body></html>
--802-- --828--
--63c --bed
Content-Type: image/png Content-Type: image/png
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--63c-- --bed--
C.3.15. S/MIME Signed and Encrypted Reply Over a Complex Message, C.3.15. S/MIME Signed-and-Encrypted Reply over a Complex Message,
Header Protection With hcp_shy Header Protection with hcp_shy
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Header Protection scheme from the draft with the hcp_shy Header Header Protection scheme from RFC 9788 with the hcp_shy Header
Confidentiality Policy. Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 10445 bytes └─╴application/pkcs7-mime [smime.p7m] 10445 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6716 bytes └─╴application/pkcs7-mime [smime.p7m] 6720 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 2273 bytes └┬╴multipart/mixed 2273 bytes
├┬╴multipart/alternative 1116 bytes ├┬╴multipart/alternative 1118 bytes
│├─╴text/plain 379 bytes │├─╴text/plain 380 bytes
│└─╴text/html 474 bytes │└─╴text/html 475 bytes
└─╴image/png inline 236 bytes └─╴image/png inline 236 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <smime-signed-enc-complex-hp-shy-reply@example> Message-ID: <smime-signed-enc-complex-hp-shy-reply@example>
From: alice@smime.example From: alice@smime.example
To: bob@smime.example To: bob@smime.example
Date: Sat, 20 Feb 2021 17:18:02 +0000 Date: Sat, 20 Feb 2021 17:18:02 +0000
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-signed-enc-complex-hp-shy@example> In-Reply-To: <smime-signed-enc-complex-hp-shy@example>
References: <smime-signed-enc-complex-hp-shy@example> References: <smime-signed-enc-complex-hp-shy@example>
MIIeHAYJKoZIhvcNAQcDoIIeDTCCHgkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIeHAYJKoZIhvcNAQcDoIIeDTCCHgkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAHlYUDAZJtrARL+kRtiQU4vNChzIMY4Kq+ga Boq0MA0GCSqGSIb3DQEBAQUABIIBAI9iPH5/b2KLsDbl+Gv6Q/yOjrEsmu76WuOA
tvbsejCyWpPOJ6bCjx7IuyFyTQzpi/rkcBdyphDz/sEzyF68mAtFvGBHhV3wi0Bw rQu6BKFkeKtgemTUgvvcbc//DMQLqFXrciCBw2LNPzq6pxpgaaS8xFcvHttAtd4j
V4+TCpXHio01a1fDbWQTmIRhNoT0CwkEq2AWzMerjlPk1YGzRWQ2F8v5conRtN3l pci1n9SJvAggSTzU+vaHUEdgf/PTP5mBDy82PbZx4cZbuIM4prBq6/haUnmxARs4
guvkXr3vyaD2wbq6UYIw/x16vTfEmqFVnRMSsdWdqjVrrPHTTVytUI5uBhKq7f1C xSEbfQliaYCSFRt+3GAhXLSI2y+6odiA/0DxltHq+PiTc2SGn1BVyNyxeNpxbAkm
dWt7nVOqTglW8WKB0qgABKT6E7PqafUzXMBu1EmjFhJyNP4rrQYnY97iVbPnUyyz G38L96SPP3lgeb1oV2F6aEmwBKUeMoHoFPfGz3L7aCKCcbaXgp+phC+8qlMPJxol
SUUb5pLZ0aa/opENPk5rhCQnb4eEnbGS9lu/dE+6y/I9/l7eGFowggGEAgEAMGww sPgSToVMCakQBk/OaveXL5HaMHYd63p2G5vBUcjvUsEsyP5N0j4wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAh+lzMZeSWj2T8iddrFSZOoV1 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAnQrNiuXf9Kn9FiuopsfQYQT0
VYyCijzcJJEp4Mfq3Ta/ln6Z8wAvgJAuFaph1mMGKX1iZIN48te6SmQ82IyBqvkp L6euHqh4ENdEQeBLZUsvmaO98nqF0Sc6Pe9QKlIJbnFFBHLGD/52Sv5vZH5aLUgh
m76opxs26OnNZ1sVvwhTIWzQjNUY4sxTF5UDTqKuLAcrOBPTtVvgsJtMi4rWDbW2 BCeM5YiBg6J5Di8EmE207ltptn1+mDColCceMsCpiBiSohczFNY4ME0Yd30NsYcY
MbzSy+mxyEWlDkDZ0/2BXgEVXNmBgJ5qUUMF+31WixM9Y+iN9kF6194V4TbBQ9U4 qEr1TbT8/CqmSBtJrkVVNAi+XCYPYo4yQTlRjneBR066DaPvMsR4G1YZSb/xcKih
fksuKQliK+eOXqaZibATxgn8B4arubpnHFw0bjna2bMkHmQs/eT3VEI1RSF4Qg3p 5w49gwQO4qf7N7CH3t79Fo+OPRwRDF1MwVMTK3L4BAZzH//M4+h3w3u8XzM2djUK
FvDzXC/jHqrhbtnQkR/zY8bpNDFEiBv3e+myGaL4CsnUOMubx5tkhP4IzWXwRzCC /4YQ9EyFfhoTGrbi1o7KsZV/fMlmGxaIdtdQ+zny1ZzGijJG0GjKbJ7fxjCHkzCC
Gu4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBjNxqRyzAx39GzHbZO4CwOAghrA Gu4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEECpxXzqAYIhfW/zQN9X1OhiAghrA
KwtFLWZ1Im0uhZJ/SZ9TDEQXGF8Bt5WnyCp3PC8m2ygxoui8y0XLvH/X353IQzHv gmLziupytMbQFUjii3dvaXG3GoyMPL4f+eEcPVkk+YShdVj5yKdvuD+Ck4hz7YAw
ituNJd5CN8m6RWSHym7NGYwifFciv/usZk1/pvp+jVzvFW/GAaea3oyksAYJz4o+ GxVYDWVflW5ofL+YdOiW5/OYwJ/6Q1i8gEmfl3JTnjSA3vIx9wP1bu8K5hS4eyd8
y5IG/TFykybUNyDKEtJ3kMS5D07rbDgGJn7qoK/7rEbTsUf1NSIEdVkfM8SEHKOi dNbb2AwprX/Fwd1hSiTsnJ0eov9RcdmmTLhyD7yG6VVMZ85ZhJE7i6IygHxq8MlF
WdwV8uOJ59d4mx11uOBU7+VOVFbo+YVPBHuJYJz4U6Gp48Tu3IdAJQS+PPmY6IEX Cef4x0QJf7XHmd02Hi4t/7yjSf/HsaSNct2jp+XB43tNtYpl1r3acsibOvP4lAp/
+3rE1+jcf0KXxs7PRjZ684uwteMkekMEehxNSQg2HJw5W9hTtPI/qSdCfx1egfR1 XZuR3tvUNeXL/NTp5ulMqfIQlLKC9Ah0znPX8H7g9ccTPig09nm8qWeaOMyiJ9Vm
+Lcj+sLi4fPXK8cdo2Kc9qGiRci4PRSLxsNCRX+Pk+YrhE1/L1x1Q+O6GmVR7XYc /jPJPN6xPTJT3jxEMXj9V0DmlkG4aHhkf74vfQKPNt/lx5Tl79Cit73Sw0ajCqgF
fU/SOPL2LO4jFToHu27NF1lT7s4diVsWXl0Mn5umgo+cOBNGdAM6Thh50GuygOlQ IOPeyvUww7u4kGXhTxlv+CirX6W7wPGPdQku7PXwl5r2I8iBWFaOiqPhuoluaWnK
xI0VvwTbhNE6Cm4g2okhIYOj/Ko6SludZXlhCCAxsnG+80b8If9CjwVkb1dv8DqJ CRN9QQOA0PAScDZxyHB+Z0E4JMgzt7rwDiGChcZn/OwYMYEgZW75N6kA2Ptc2pfw
81NPoiSaJj5RCbfNy1RE20jLjkAKzancfCXIzuBuReQaUnVkAHOh6Aj4ixx1awrX +9l9AXkRIJcU0t3p3Kk9JiFC/AinLP2XfseuQYvtEUviBlD6snMquAkdkvlsI1po
F8hJm+i+WDrnGhkb0zsgR5n9zlIagCfiS6JWZ+N/lYeoeTuoS3dNPEw6wUXmC5h0 SjJNHyPqC1+x/0jVqquEpDVhHQ7JYci4CfzTaEGxvtpGMtAYgHXOlTe34+xqvg7/
oXpJHD9URuOScbrQLF5Kx34B1Ppk/WVRJLxbSy72sm+7wEHOC+Ft200KofzJvZ2N Vwjs+NJOQVT1Oj+bQAu1IbtAdg1hE6PHcWy2Sl2Ej5wWvbrtoyi/9b8hBoGGnLIi
Vu5f18qGjklYSmJl7/jNVR6t1G4bN5wNIxZbdVeKWDvpv+iCFXbBlhSu1M3x9Dqj mRDKj2PiA0dGKiOq0d4tIzmKnzRUPugVwjLEpW9BBP6p0BcNYBbBKdOQvmOdhlkb
zfzfTa02JlpHZhtxNywOa0OLFDQsbLyVYWJlAKG7mq34m4jKSKWINnbkaeMo0xEN V2rggBQdIUeDvb9bgM7O9oCZIokmJqUDVrD75VTWPel1hPv4ab8XM09y8lC/+4R2
l5QxwLXbgrE8oeYifgeEsdV6ep7jyGaLFOqU5qXh5PowHiXAIWQO6FI2VVJwmjST 8X8NJyLf2RLGmRhvvAYi4LYRaP4db7pEDCK3cEZ+hB0MG20Lfuzoe1RmOtU5Eu+4
xmcm8iX6sGUffC+8C5Oli2T9whpkoj2RUx4udm2e29TAwHgCIOuwwKGIws3Wusu3 8DUuW+7aOM+72/px1p3v2Yruf4vX9EZJJidWnqOXNcopts5oIMjwvKfpW17fzrBX
fqhYuzHCPCXqpqsfuJvt6l2KUqhAdrdPOYQNMbef3Pyh95qvHCtln/pNIwDjJHRC JUhpTgaycis/SAHAPdomO2aS6tDMYSlhv9hLTCrsTnyFB04AOV+j8R834An3VRZV
w+BjdZcDIv1XOrAYid6OxFxJL5vjS9/NLG+TD+G3Th7a+TOItnK7RHjff+CSMfi9 S+Qw8M3jlWD1TurHPGpQAdmvRUjKzXOnXA/Ior2MdEvkOObluFHTvCqC3HRx1+eV
68ismududaCBb1okq1yWJiQLxSJ9ozQnwC2Ic933DjXnFkw6PIgade8pNM6TM96X IwuHNTcWedC5EYfIzIfKgjkKf3gq6MRd5wfjqPCCN/WVDIHGCMs3BZJVAX+1aXqU
NmN77vF0uKCmMoC5MRGk7FY2h1iQ/w85AZyUL17BRcUL8JH8zyaTMAZAP6Q5ejK/ 5GXgij0n9l3vliknqGz+FqPBRNS2kGjeW+6A/3fq2+T6R7xbMl0wwcziXZAEWIYQ
XM01usJFBJiD6xVtMeqz5Efl8st6J2bcC8FEg22OEQELere/FkTw69i5XZGBZNEa MmhqOpy4FqGKh8Xd9RMZ/w+XEOLFY56FzvlkWoL1tF5gvpcNtInyfszUdvyyyWB9
nXy0zF3wQUujqz/XHH/x33AEvjUfbkdJRyqPQMn0poM5NplvS7GVaii+TqdCgdOu mT4O8LwdgZap/bvHOeU2JsfcxLd2E51ssXhqYaE89mRl1BZ2hhyU1KRwbsALwJhr
T3ROu8TIa6tsoWHMk7txFQnAVVOMij/F97vJQZa2ts3WK72I6S8zMpkx1kWxwzhq F6jEyqtWAKnlv55ZyoHBKLmvCRkvi8iQ6lVOKZ787sCmVduFEieMzzw40hupwpqX
Ov7ksP7t7lfrNHHFLSc3GqzcNwejgstoY4sS0JEuInkqCqAX+tC0wVmLGa8IfhjL nyKAdiFZca44nw60vHSUiALT9umlq5mGnomqI/Ka13/fzjz9dKJ6NcCi6C56ty+p
mYhFxSUazeWwcG/Q9na0ynI5X3z/ccLaUYuI590SmGjYawS5QjDj23s68OlSEba/ ZhoOCuMQ2n90474Re5t1qlQjwVZwAPnSKBchQUW+tjbn0TWZ/QnnpCuKTdQqqkdL
aNF6/7Y9JidaDJBXqFABRXlrrCqZ5l0OwvWnuuPX8daVas0P3b+5Y7YHZkG+6tEo iLQJZZk02qE55zybR/PFELI53Xj+RqL3Zzcv+FHuOu9Ykv+fmRMiVon0Fdlh/G5C
x9BhJ1ZpZbMpK7SxMTIZxEhSq3jjsHAuISceOP7FNWvnrrQKulD3eV3ywqrXeI5W /je2+oFF8mmcKd2Rbm8Jh+xcRAvXeXJRkNSz2NVfOofMrCzydb+WeKF4cO4xIRi2
8rEukobJQgZrkOPPpHw2diFf1bk7YSfWFNk2iD1x0o+5Bsy5XrEUyrACIKzKn8cT fhbQiqcW7WcDpBVg5XtLJKLGGkx4speDOf4HQ6RatuKfm0VfHcHnRDTzahdLtdoJ
4jUMw/G7hBQJdrUlcsMtb65lEGP5RSjnzNFOksBYM0+Uh96xPf5FuF6B8IOhPrtv uiQDBbn4ymQFbVTR9h21VcncUz1M0BeCTYVh9BA6kUbVxoctzKUonhl0r6pKWsTD
HoDsypNnLNPLxc2I/RjjIjR2rC2vkJRwcnG/x2F8JztPwRrSQhgKkopaGkTLY89h MODLU1RJUi0R5EsFbMkA9nRaMflcvkDOFRY27PPqwWAjgnBNUIZeO4gMXw/yM1gc
Dd9u98WAepIr9Wj8DumN3a1fcrsDcDOL//TuSepd9juMwKkTthvXa6fRcjJ2oxNC hmTw6iWgPREtmAXfoS/rDay3sH5GKzY+Be7kdVInlGFQjEaLnaLuedI3tOZQ5cfF
EZLtwLh5wkfF7IdtNVGig2W02ykfDcCBq0TBdcTXTEJNjeGDUhAXFRwYB9rmm4nk rLpAM6rD8to2o+Kcd0hRF3US/kPTV0cXxVJhL5/k4HpPL8bmnls+qzoQojJCfFkR
HkxXKyH2sK3JiUcEGREIfARSJfxAGU4oP328378006QvIoHGHgIP3DnsBMKsOJkU zt0GEUVlnxohyrPfEjr2UQ9s/+edUwXwTaDbWA+JPaaDkxC5X9Asbxain9tj322c
2KbBAmT8T4X61x2Me76idmwJPsP+hnE4rPw9bKdn5u9eYlU0F25VoZgln18qJq1b 8uO8kROdqCMtVo4ihyABJhk8dlhETuzYAegeSXT7/UPoWO1POf0OO6pVn2/TG+os
C6brgQTszKSHlgvy81ug/wV3PCpz6L80xW5c5J7ig+OWwb2tzfLMO4F3Tvssqp7I v736v8ty7ytVOyR1XVRaTmxSHOZhamStm81R1mwIgqbYcYT2ljrp5pTSth4GpyVd
MA8JFsHSF3pgSuEGenTZxBpR6eTo/VSIEI2rPrYKik1D4MxNzuU10ukL9FCYkWb/ ave/jH0GXIe5R6Rljm3kzmkWHii9Z5FKBpHgMksUHm0mtlWAGa/DrsFqFuG4tNVU
Lcorm6OhJOPtcvYp1iJJx3MRtndalHNw1lMdVXEbJErpKxhSW/pgaRrCdX/I2prO FRIpgZbGXPgTVgMzfnh0/C0BjnBuFMggGpYSX8MTu8rznuiSfSoRffSLMP3VRD8P
pZMthLKOwl73HAWYeVvGU3scA8mI002KGGFCGJvp4IbbQ4nf0f3M6hcHqsum6cRe n+nCqncj9Z+k0c9y58Sg61ice7iiBgsjFzh49HH04h4ft19xtySOLmIXpCVR+cY+
LgB5e02U1nA5pKR5iWAiMkmXWUTfzCZuYAOaBznTvA7zHNNf0BkQWKgieZjyckVb SIAqgRgXNnx+jMPCKf0DQMqAE0C5XmztiSG7XWlE3ufS0Gw9zSWxoHFbPinbU8nc
8YaObWSsr98oha6hUOPCfdBtajXL2JrphGXtBc1DVLLf4VTgy+clVYZAXDdiD9Ov 8vokU2Jk7rJujoNjwNeLc6UgnsixtpQlUlNhC9apAZo/6QzUiVkyZh30I7E3GNZp
KGrXftO3xo7cU2TIcFFq/ZbjWJud8Aj+s6jacBjjYoLuNBiNyWMVINjDviHA34rZ IlvBhD1pGbbxBkewC7L3rfA5TbAci7tNNX46beoEfbI73HqtN7+EnAkxCVsE6mH6
XSEV5J50nuQtfUP8257z4UCqwk+ABJRW97tMxO1Lo3sCOi+Pyh+c2CdxvUFOt29i JUNSPJI7RJu3/sFyq8KyV2EzYfwhb+ww9tPYhKCaokeluvmEqzb1qMw4atpSBWU0
okI9N5cc2aatwNHg3mHgkEhViDuHXF1v+WFFwjqB1tIY+amUDZsSnTAjXuJ88tAk lnyku3ffndauOW0MVpMmbtlVMqz2NFJcfAm132PQdHSs5Hxc4XiStJBZ6/EeGn/a
iuptLA07DzBa1Z1CunbQwddIgryiKrzw1T7b5CBaqpugg6V49pNNkXEtv0MIxRO3 lbhjdpYf5Df73zb1icUxU/El5Gkws+S2oloCa2d0XbjY0ngr/9l28xJJLEyBQDV9
QVaxfFns/ft4dXxKEBmWdj5AMekWDCG699IIAtuM7AYh59g/qRnpkZSSBluUG2zS GxlsULqjM+ipoQb1PfhH9UQOH3HGTdd7Ko3YcoiGhN2Fx/mddOvbROJWbx1OsV49
wvQi1iUhK6U0Rf9O4+cWfCIvZuL/FUAToUq892VsVrzZObeyLtqxGAM3yfO5jPpZ aLxozsMx7/CTXNB5IQz0VvyF/8B3ChncqJTfBETRfU02mlp8MehfP4ZKSVCSnRmJ
yStYhYt1HWtX7v7jd6Ni98dNq+3gmfpq9z779aTxIckL9myqTNURGjrNyXf9lmco 9gasdKFk7m3etaqc6Vd0XOdeV0AAl6AvGv0/cXymmyN9Xdw1+Aet4StR12YzlmuR
qauyW8MagYn7U/Bwtax0h5qpjLqcmOPUGo/TmPmL6MN+znzxRLBsakvDNED4tARq SkXmXmOUWIZls1jqCz5plFuKKDaPTMFdqE5MIUBewJ2E1RIzKjkgW62YUm9tToGD
2QYkoR8HLKvbp8q8XBtf/I/23S1qEnqqprnotd0oRgaJUw8Z/QyVmwC3oxVlVQYV z9uaIpxFdl7Y6/kmeLrVjiesHDpvA4dfkCtIekOu+HpOzjVOruI6rJC6aOC6nURW
c4391fZLwnVbky6v54ynmtjIf9HLNCl3fIA3p8DF1mzGsZidD4WS9WCIUOx/lRqT /qyQZ459RU0A1brtE9//7aBqhXAUzzgZ5COu0OPgFeNikBhlUJNeCceypG7kFDn5
hu1M9VMtKoO1sCJ2u2cmF3aYxTFbFH4j92zXv9ugW1EpY75AgyklIjExyIYTUQdq EynDYo7WAGhOOEaurGB0F+Zb6QBWMGIYQpaueSEl8BZcXMwVKGeGdVA9oW/X5pvP
PVLPsSG8HXnuoupDb21hx8WjIJCLz5hprxKvZ5UimjsAHb2AOcpIyhx8pfiPohDu nvQDvgJ2TZmBUpZ4bIHgi2dtMAb+oXnkYREqAYqc+nxqFh51M+gdVstRL248njRW
QL11dDHlRckYPBBm8cAsIP3NAKbOcIk66q+4xMPqxEoD6qXI0yUW22dju42PTT8+ P5y3NAXRxnkGb4lp4rUQnb5i9hrtqeJruqWFK1bQ78rNc5qjbyFN2LARRmDDtXDZ
MgpMRf7IOjlJ+cLoE9/QUcXCTxHOAbIQv7O8dLdfRY7H+Ssci6BS40G+SYpcGDTa UgC2553rSgZycEO5OJkC7JVDOl6V4qGftBx1npXrXS3WEJjNyP8ZkwvHKXEG9xyQ
OTJluDN69HueqqfA4iCCJm0Et5AQ5wyCx492pwxNyeUdRxs0PMfiDAyuaAxQuLww hgYf27vBcss2SPws633HkXmyCRpturu5J/AQGzfjb2kvnHh3s7usQkiUqcP0/AD0
25u6R8adQG1x1+d0sotRg96VBNNGw0T6Tx4CFtu58CIWOEtd9m+rRoyKM7VodxSs uQPaEXqLhqfRsXkw4m4ZD3YJQbVNQ3ICal34CqA7bwjfpOQrosgzpx67QG9+ksTH
E0Wdga6CW13JOOlcm72S5BRJeBkhDQ446suFtiqjMJhPhS8nctY8esx4wEd7VhF9 Wyd4hk8GfceC0MiB8vPNcg4j9vBliOxw5Ip1WFBy6TL4PUAx1RnUQeUDlv5lXbt/
MPmwaxlm54LjkSJQ59oXtQxiw+yQbep6uR4AaE2SMktz0TzuPtmILlHb8njC8GCM EzviUnnBaPsnZsMrMYZmj3PRsCKLr118BAXgWgZjrS4b7wsahkTZiVKRc+/bXMv7
7bDvosP+ja8FjF+hAw3Cnw47itF+ZmVGxsWmmt+RkiQo54+4uZ3Xi3IZm2/AM0FY 7Ta16UYQ2mTLM9qPGOv9gJFZtQEs+HQdJ0HG3on47coqxudJclPSLvK4Gvlux0iO
5TDElYiMK3KWai28NAnThHbl7mrKrJ3Y4LzImYW7sVK6Lim/lQq2QOwTFYs9LYBn 0GyIagZXndQkWaXGy4KHcyM8nqmwhAbmhLtTX70egiI88pkj3i1dOX3Gi3KEXL7D
fRoFT0NuVtteN3eMa+ERIKCVBdunP6c6ufF4OZL/ltKGP0gko29f1EIl3R9VH0jY 6zHlQUYQ6bVeq2NB6byFKGiSZz+9i4J3vgfW2l/lMwu26fukAslL7cBsXyREjTLw
Rvq5pa79y5WkihPUngA2rmZz3IpREvN6wE4c0rix54QBklaz1yW2LMVYXnI2Q0x3 tYGbw5EWoHOxr8Mgj7HrhGPLXX/gmjYmg7YRds9WWte+9FsRYnUTc9oVEGoIcE9b
ZZgC0hz0xjYqY/YeloXR5pPz24CJAbrMSCqAhtohYDmkTJUv/ov5YKvE8IbDvUVu JPxUpluje2b0eqz4dG20LSdk6UELU7ZrKZGItOTGKgLzNb4Vag4z1d2RD105w4wQ
fI29aQ7vh504eAKG9HVK8nNV2GvuM/+32LP6alvX+yIUKRr6BLyt7H6lw76E1BDk CzBtH8nERPO9Idx8IabEpLd8t/E/W7hVjWj6pJEqPB9Wp4Q3gGts6xiZ8IIs5Ihv
pgxMmU1EpPaSo3BTI8eALDTBNLyGOK98kZqXemnrYbVAJgMS2hUfeyZim8tFf5Ws x9NMrWrtpg6nuTZ93lPakPyVeZKepmvQgKkOLpmdKXwn57W3IS3YXG6Jvufaatsb
BMKOP14SoK0Emn4PJXV8A/2XMsYpTZz9nWGX25HKaXhaAIZGaB8D0Askil37VhmK tCi14KxiMbPBpEBz5vNzuUzMUjFl2GLii3AlRvMNJNAkbRc4T4KV2cK08LZtk5c+
LGe7dEqg/CHIS0ydVCOCqFOdsIYVqpCzpO2XpbToS+kNoY9T430bUwIq7rdDRIWx sY68S2ZsRrPjKNpSiI70MRpSBfaQ1L7gGzCNUdG86geJ9kUUw0Ri+wv/PCyXmYQX
PUkgE8AIP0k8uqI6wCeF4giwUOjhjLj4K+ein293xEwKasXD+o7HNcyvluFt3g8F 7P0xtHU6WwLnxKdViVpfT2juSOQ2+LD/pOwag5FaPsBsSm4b4a8kLAZfNyFyrdGL
s0eezk958peq4R2Jm4KySsuOsPfeq8YXpbdwpZjXRkK2sNQLiKLmBsrTr5OtJoQX SnzL0CipUe09mfbCscMtAJEyh6zvETUbiMOuRCC3iZDprXPU3TDUVT9Vmfba881c
Paaut5ZMi63Pln8eWMfIFJ1/7lmDPYeTGOzrbyQXg+l111HKgsuBkrlN5iZuuCvk hCwKk+4Rz2QUlEjdaUJwsbW3SUftO2U231x7lBRf/D+LDZmUy/BhSe9+6x+Z7upO
sNgGhW26zDpWf2IXxOnAdby/+6ZvCh2PzTO94n9y5yo0W0UfoUK3RxHfleEcsdHq v5BCrvEb4F1MTyenODG+JU+Vev7rZp4A6eJT0GNDpq9AkI3rIlGrtVFGg18cga7P
3X2/utJZhmM1W3HPxyW8ClpDxkXKnTHArjRVmu3zCcUbeEJEGc/c9pmyzx0NEnlO EQgqUWIstSL2B9HpZrTCuor3g1kzQNFcCDpo3KvbmJ0FcLG3N1m3YSFcXrAipbhT
2yfUuM7UYk0sLCcMqY+8UNtOeY373e9RYx/JtRSnYzRQTOI5UdSGdug8fBMc1wkX uz+4gmThKBi1ncX1Kp1p5NXXbnCD7JF9h0vfdVMA+eIYGufu/YjaVrm0jfhkcESk
dsKLO/SP/xXo3J3ArIPesF+j8hSJItarYc1RTpcSHuqTZ+QbfXB0fqXIV9KJietb k8rhAae91JqXKD+tUXkRPV36lLpXVAhnohPQnbWwnVdJ+gPchJS3RyABFzvni2Lz
3ufjGwvYIRv6fQ81rICQW6TeCRvLM8cX5PtPiEt1rQ7lc9BKgpqgfxt57nsd5b4w 309Sjg2r4N0bt4xJm2F7T42373w60JpHJO8RFnSNppqyVX3AD/3llgAb9kTB4xy/
T/nZ7mM/ks2m6NO9KxZ2H9QYSCCo77MbQCbxdVxhRS4aDUec1gkTQHLSdJDnpRSf n1O+je8faJ2zvoD3BZqDF2/8gacvEBU3xBUBJi68AaBlhhciNY7SicG/SS/wRgRi
nO6JxmqSBp90tJ+LDHS50G0Rtlv23GQ1yrL3nWnL9S6s8ohFGlokNl3tgWYQe8Ek nNjlhHX/2SRf5vGb64/4RvN4WqUCEMG4m1Zs1e9352A9Mi7gsl7ITMwDKCrCSQs5
YwZiyGw9Dz61JQYO6QWKWYkqfblJZqlmoZPxDJY42PqXz5gczGTyvorOXkapWfVz d3fbhcniS/29E1rxMxu3LNXAzebs1bY4+NYeROp79rQwGFFH11vJw6hwdLxjhE+H
l5OJeNPNQ7dZVqECSUh3dqJ6LxEPYTy703my4BPIJLt+ImT6bhFDieig7cf9oxqR HjJ3F0lmIwj/TSD56JVDrdzASZEFWoTQ0j4Wb+dnvLRFYQJAuLgJUc4But5/rYPZ
ZXeSphW6lKYyz3yFpQ+51E6/ebZtejvIdxn3YC65IogPRgdNmrx8AWuzQR/SR5/6 BDSbuGRmstkzJmgp3bPX9QhWscGoDxFTYvFWZsG0Z2A/Q6sBC4qMmTxuxUfQA7Al
oiO2YjKc7BwCaZVTcGXHIOYbzplraACMCrrgz94XvbaPZ3WX7AbJZmxekAqMdQR0 LsjZoTjRQLjIN6jkQ0n3hjW7oF1aX5ZbL1hE2YrBei5K8K/32Xxh9rU36kn+mdyU
i/OxyiojevnNhr1hfBTCagGJr3UiTKnQzYFBplNphHq9Je45v78N8A5ZjZQIeThg fcFdCSBm8Jw+4utPG0PcC913tEP/apykXIU0EN3NFMmuQC4wXgLEQSprqFWIZrKq
pAPu9ZujQIeGQxWKWfsWIAKEmVUFiQ+7WDBf8GOFCRZLqUmitSNP72q5r6Ao5QoI OHD0TB+ORlATKGHvzJHnVUhBw76t+MUi0DpnOLl9eQuuBbABWLvSbX+z/JVCy475
OKjIpF+QB1lhqQK69Q+Td/Q/Qsxl3W4OE5p+1qZNhJDgrYneZBxwNy3BU6GXQoCI 3LxsIxrLohS95MgkpzqtCrjCAW8vawfLDOHSJNAMxlYg+9WESc8INI4YGzrJP77A
gxiAonb/XB33G463hDEui/MbuVvsM0thgFgvzko6wIIIcqrXYbjKsubVKeCWMs2/ 8L39Js0zxij98Wj6T8QK+/MrLj7paOcVMMvVVB2fyUHl+91171UOCNHS1NMFVvYu
O9XDeJeZjc2psmuUiOLR4OU+7mlE9YhRmITxkztlL8jJigSL1kmyTMz9EXHndIXd uTptL82CogEZcYawyMMyV0Brfeqj9RkBG3uGJdo5h+mn1jtXqKxFVpOt3gYaylXM
7KZZzML0gdy7z3KaPQyPO2huJXjHlM5+Dd/+FI29S9uMLAQrXphJEsKHpnEtK6D3 Ap7yZpZivcQ3cs/uVCaDX7/ohHm8JZaSrpzCeTe3N7yUu8RjcThYptJweNutNxCm
H/5rYHV+2qWYEjI0cPnf8RzYkK0H/UI53zISf/sFC3zbbMNBC3+SPH2K73EjpWaz olh+n4mWcSWLaXs9suKqeCReWfJhNfeeGgJsxRNDcbxm2/Pj0p8dSWcdsKIe7KdF
zqkYDSWy4pfEn1+maXEaUbbgZsCEE7Jktj2TS44HvtL61UiRnbcPbwEZbn6PMKre PuFApDm3vtsDpEyvX60cfS8J6xyQnJdzIqyW0c1d8FU4/dYJIzNFNHtEmoC+Vies
9vBpBrLJDpmIsbc6dHMnSG16+b/Z72orc1933yBuq98dZltlm7V4R0AqWHrcH5Rx ssW5H7zPZFPuEsMzGfJtnuEHhkWNhNavbsVo2jK+LPXfQN0Z+c89Bc2d85pyFNeQ
oXn5UpvZoqlWU0ounqRQ/DPnsPTPV/6fsQFu++RfrzkossP8Ukiy5VhIQK3LUf3J kyAw5tlOYMoav0WqBrb+rs4dXSOA17WKJcPypn7c2tZjoz87qFYmre+3frC+oegc
PX+htDHqZg810yoPqj2Sr3tTeYqFeIefaJ3cJhp7YPICxJetCXGssGnOTtl/b+KK WQyMEP048xuFqRB7J3+usCv+7p0Ur90Mnvb1364N9hxfdJtJ3cgDoIigx5sssp1n
ZHpaLdtDehkX2p/2+fhXV1a3QQ7vGXyK5oHJ3+FmGatoLqpVL0eRjRJTlTZA3Tq+ Z8GyaDmqGqo0uvneIys9+wbYDjNYFQLXUwL6Fgzj/qldPoF/YdrMBnSRSUm/a5E2
33y6gb8svU7v+CkDQXU3qg6u80LULvTilXhfJNStVwCsyTnY+K9meirGTmdvd1t8 CPGOJgJc/krcLOYkSF3gJ3verbcoycX99kU1o/HlGL5DLro1A9olD9HaUg1oKPY2
08oCjTN4FOJpaXrfvHWdR+4anTnvEsCUsFOECQ3a/SrJbHP4zCozgNba8utPIf8n pA2k+yAIv5zoj/4es6UndtxnLj2CEunOojzEGQy46kVkfgYVfx76UnWcx16k/E1C
P4DDlFKeaSvHr4KHS4hsuC3o4HSbFv0usr+aWZjsgKb0yhPKn0EwiurwbIS+CNiJ ZKu4gOL4N+jbDwu0Pw3j8eW3Q/3esPTfE0AJzRTtgkGdI6UbrNkNXVWxfKDLchqW
Pw5ae7VSytlPmC+WfDyRqiflGFJHBTigwEdDTnuKsrYn/MsZGrpUgx0fHFMYBv/k 18U5RMrvD+zfV4yyK/jjy7YDd508ildX4R3lLcnzSFJeDF5mSnhePCBmWSEr0z6u
Avh3IBP3ky1D+leP/RxkXwvOiyxkFsAF4ewm7zq/Qkp5CYG38+vPuf+iF7fH0aOL 62/LoPj5HHNlU/LESRAzNuQLwlWe9DzaGaeyfBHBYvFvUn/BLxPifGPsBZKbEPg/
kk7GonZ69KvKBL5YJXr1oWqs/SQ2SJ8Yc/VvjOaDb/JxkvRXlID0ymvfLWl9K4js 9q8UPNh+vPFRdQp9YAU0UV3VQZXhQxRNIiaoFF2x+6MEA+VoKH1ANo9zbzkPsCtB
syVaVsjn43hAP0rHW9atEYnvjU/3qyWSoq50Jxkrm/pgLwzTWol7t2V16uwnY97b EdeK4Dw9t2KXJlmM/fB0C7EdYX5UbqVr8VM9GPt7DUndG4WaxGH/7OrVA4uOMtDG
XVu2/2L/R/VXaLZwTOAqedQ2Xow0pn4qwpFCkvmT0Kci+Zxv5M3A9csSXjciW34Z YS/eHjpHEkhxv81pguuEuV3pXEQw4h5I/DUCeMhYt3zEhxPPCXRKOqCDNfZVaiyg
Uk7b16JYaT7Bug6zPtFFco4u2n6AWOr4cBY4uNYb/PKNG5C/4gg+LkuqffrfhHb6 GjOV+wDYTg0y7SpHdXNxfA7Khsc8NFK5w4Cx9PLGQpg310c4HNxCSdT88O/+pBsr
OdThNppZ+F2KgexYHFaKbt7woVfAnQQvEETgDPlPiqcRp2mmhAzN8r2Ia2Cr0iSf eTIs5Ym9NZLqzXFPnc8ixFCHXvg/eZEP9iEbzEw2pMDePzOCwHGlouYpgHmlGUfr
5fhLHnZVA3QSkMIyedXfHdFMO25ibApSM89IiEcwpNo71F+APthXCU/9C4fBCYim /gn72roI+uT/gYH8Lc2SYNR7gOQqEUmZ79MzziePg8fyvxd8IiOSpUHMlkLbQdjC
C6N6ORb8T6m16C2rdHGfndZl9pkPfTQtNkTsWE8fP6LwV0V2w/I5h5hWre6Qpqrg YislsKmjjSWQYJrsSXKB/jomZuv4V8Ix68odD6nAlT2/FLxH7hq7YFfdFaTeUaU9
jjDuIMamfTNiV8RKVtXmXTzHa9cdUnqOWczpnzz+8nLB5vOqh6McrUquSSqxMhMY vCEugvwN5Z1+VdXAWp3egdU3fY3yDgrIDqTfkH8mlk/Sk8XEhhMnYFeYPQ8sDmkT
ZeVK5hMssM/OkwcqMFCxCjZtAOidAVYkuPdQLR8Qw7Vw99BHFSV9fI/NCB0LXIPA 8ZwI+P8D5RfP0fMRAAg11rCPm9woeXA9JEGNfBtKpEMEez2am99nKfIbkL0xvj+e
NC3nJELTq21ZI+/EHpIKrz3zDU+oV5ipm1wrFWEGcjSzbxA9+1vvU5Ra9P4tVOxQ yZTOEkjDVXtugIbUf7RMmGoFj4oHQa69cDWDfMXPJoXtF99LUI62Dr4rDGrSPVUt
FfwQ6mojU02Sy4p1vQoaRhDLAN8DPHHFC5AU6TNMxka26OUC9sOuPIRIVFcdpqbX dgVwS8IWPahbRPn09NixO1rb+Q1+3UyUcovJuNwia8RT8jH5z11SL4s5CwC77jLb
QvnEIhLNT+uGt8DKhi3sb/T4GKUlcxCM+QLi8I+9aOsdHyiWGDM4xb3LPrwPhOU/ PCzez5nGqm6tuFLQ48togUaMbkwmGxhxE3mLVDlOh/rQ2cndcvHNwkhUJpo3A9Dc
yHzOQSM0xwkCRai/WEroFSEP9weogqUq7uIrQBmwFkBQUneQV4KesfkD5H+vzZWb mn5wb5OYXknZBjqv9Zi+6xufiTKUpoFXG7YvyKp2Wj3xNSBDDLi2ovA6BVCNsRnl
opx56gTQRaACZpLCTn0jdIK/Iieeo8xy4h0AAs/nV3s5Qb2f9e15f6EnYfSiWd9X jjWeVtjcCg2cmm8nKEix2KXb7VbiYkzV6selYCZC2LTprlJxIwzRH8oKM5mmR0UE
dHfN+0txgDbqpUjRumoym0YjuNFwdTxnz8C+YCqkT90f9nzX7+bIz+Bq4CynvAE7 0mXtEhiUbSPrIYEJKgBS9x/541nFj6zPR8VDWPBC/z+Jz/+pQGjO1tn8Cw3yaZoH
W5Mk6JRIIRcCwwwX2WSMX7RDVYRg5F+gxFFkxknOZS8UFbAvR/jkwVjjPEUS1FIm aNAg6NWu9Z94WdiOras+rAXsrccFofWL7NDC8YhQO7a4o4cLz9Y+sG99CxMrdOOG
71EhZW7vLo30aGku7kNiitTeW2qRHD1wZq+aoPG835iQLwgdH62tF/0tRUv/qtNG L6iachPXuUyjpTxqE1g5U9bIGqoZkrmDkv9ZjGxidFA/ofjXZ/kV0zfQ0R1TZ8g7
Jox77mnuq1iW+I1FKvEibrNH1CDipCdE0D1+EXe4iAOUx/OOjKV4ONKy5eDk/t55 /EMhFMLtcWu+SCPl7IxBgGK14wEUN4gJdBvWbNvXItyOSSngCEBwlG+cqZxtzHvO
dzB+JpeHlAs2AUBbQeDwKo65R6sO08JC1PbiTXVskuvjmFS/8uzkDGc/JehezRN/ S+lrIEtuFP1ziPKXisDekRlJ2n9ySsGz3ff4SQYHvv2f5OJpjK3niOtzXrhzjqQR
ZHg4TI47xzVwKABMS3F7nPYWZTKy+jwzdPmueCuDZsktDzlRbgIdDR3dNg87iNTf E7LXJlAYxc/SdKkB2N8ajOG7vld5ydA5dDZM1cbdNkeGgxaCZd6hDb08Lc52Hlj6
03XfznIaTKplEqoxRMM9Q0LjmzNoDZtPOnWg4awzg/7aNB7BjN1IfXlKV7H5Od3n B9NQgygtF0INFnEUvrVsI3SJKSrQAeafppe7/RrC9FsuwDe2582BKbX9NnCXQamI
RNx7rnVEFAX57JMTFAJcK+Uo4ibci2dMNqM5cpAX9LPBmsynfSxaTzhPWEWpPQwY ND3HDvVFLi7tnaJ7luGtQvqV4BHsF6WNbJTisWxTJtuhqQ3N7LvyBGO8DJnwzUFj
SCGCmiVvJFG/TbSCumjkIGBXPsJpPCJhx4d4hC1trjq96VjYkV09N20PO5JKlRo0 D0vaWHTdeMmsvkQz8JO/fMxq1GxGnHkjjg8BmmkymS2sA/RXLPJ4FIGgPg1eNymY
az4SI8kqj7Axa5UffXCpSSfbn8ehp78IxsxMG7tBZ0AEFVJV3679zZj2NVdhFNb8 6IphFEpTwyoW1IYFIROIW6KiVArA4N8lYpoMeprzO08I8MA5Gf9XoRJRpLMo2zOf
CkmHo3ya6bdZ/NJdSy77Cd9Vt0jy912g4X3/s0ausdDOZoRbTFTU1VKupLDo9pQb hJ6UCYO2rgunUaa4kMbpSW+l+7wUPEgbxM47UQKZ6FRjU0lMnmYNxHnoJIOCHJ4R
C69iMim2eRGg7g7wsh9YQbe8O9hwryUEtDeeeIPhbE5gEk8xjP2t101kmpk4ViRW 0nPO2O0dEYk8qYe+YSGsVa6d/dGskOBK5YrZeXmSiTHiZemAyahE38rZJIZrwC6n
FKaTu/IKsh87trtQE89KCTppUDCEy6N5HEirPnW9vEJo4qRQZ2ApsUpnVYD4kR9t Kjm1MDaTiS0QhtNSVctjNYqJzkesSJr7ihxP7M8uvBONV9hs3dpiJr7oXFKPR3gU
sME+PuecHiRhqh+dEo9EHHdrhyu53d9fCcGhbBfNWy4Sf3nCnhO5hzzUw3fcpW9p mE/Jj6gtBe+xcuhluqPvwLPRiM6rZEHisjct8KYVzSFhXMZ/LqM/r4SAnDTHoMlp
7GkKlO+yWcpxc1fOrvuq0OAnQihtlCQ7NydQ54x3varOZSLZ6dopsxXnjGSlfawI PJOQzqUqUSDrZp6FefbzrHMKvmh/BjCPYVYrtRhnCyeq90h6D7pUjsdKV81MzX40
GUKl06Cv9Gd8G6ZsMr4bhjyD2prNnJpOcadX1r+LEkfX44Xv3EHge3J9enOR+fMZ TeIfRAlpv5VVJlN9A7QItE9sCvT63b9M19YIHltZLrZI6oAuRLVux0TphgJnuH9Q
tVQriToOEMB5mfEtOP07rwfDCiGXkAZPCukMC22y7Yksqib8o512oWcbx5l+FVFO nrDVlhFYzmcIIz5zeHcSRLAnE4xhHY9eNbBkfr+0kSmzYO1lj/z0kWs82ZxFsCv/
tfmy+c375n2x+wth+SPY/LarQUDs0lV/v+NC6u71TjyMhqkWEGDbxtDqO+hrUkqG X8m9r88mMAO8UjvSSdaXaU4QMpgyjQjdIDYp8bzX/sySZsSwue6Xfz8+HV18Km0/
B95VNgIGFmdvV3+IlD13Hx/rAf/eMfadJ5F7HlwOjdXbnEQsYXkwtx6UOturVohH aurM5Cnt4pPCyecHh6d3ktp0atLFfAgkvXRy1qeB/HQ2FpH6WbZTxdq0AKKsPHpJ
lUFqqjdsECXP1o4QFiiO+a+WGFNEy1KafnBYBbVpIouu8g3SGtHKrFAPxH7i4uFb Q9E9KwXmooTajSKyLamS/eO72pQ5G715KDaEkaG/O7LRXS/gmKhk+yrfULj2uMAF
nCGXYM1O6HBdQkF5IHeVH/Sh3iDPnK8ilfSUXIbo2QiFnuuvb280VD1hDWys4q1Y 3Z1f/irjt2aDlYOOfpQtkO396ZjRlpTb5Z0YwA9Z/h8nDiKils7wm7aOr4MFU863
82bQdIQOz/YQkDNmUoM09ZQEtRzGxGqqyDrKtoeGNuItavI/oQFs+n5f/p+B7ebP 64FshXZDst8UhD2fg+FErcxLn0cBsgBAwoQ/dVyAThn5yg2/RdQUXb+lbUdoWQsa
+Dq4AptNdZliJTVrkKKw0buQJMrcUvWKKxkUC9/N5DeNVV7yVuyVBUOk1Q9Zub8X KjA2/fCE+MWIvNI/7kVOJu1oF/kIhKb2GMS4qP+mL7iyGRexfKuXg9t2ZPcrzDVQ
SNFkFDZ4I+CfQDrN9YedY+lAMjcmiYIDn9s2RmYnGgAVlYweN7y8hE36sNAxDUKq DJ+U8ShhTwbwxKow+MYEa6tyNr5n//R3X0PqWEh2Nm4i3RHsHAiyT5y4XAFV4bqw
AEgC8bJrTAy7axaqj2m8c/F1nXzmKBn1+Q4zSW8oeNjvfSpfS5ZeljHnyHrZrUN5 8A+j/IsOYb6YOnXSmPcAqapvfpBkmFYVmKeKEnX0qvurU9WnWIPUVex2lZORXWpm
fVyet/3gok33Qqh58j2kXSVgWJrtbsIk1x5Zu2Q+QeUmMykA2ltAe//NbcRm5NzW Z0rJpkGeJ0Qzl+lUTlyzDv3F0OYfu2YM087UwDjusFXkZx4q0us0RRlHOivRhsSm
fdAyOP3IIvpwp6wOrtDxyBeDDmPS6Jkthp/3A9CmD7jewnt2D3f9OG1jlZI1nvvi fVPvCEJpPP+IkbKC9rnTNDRYHZXe0fwL0BayXeP5vzu0xhTPj2scw7xGGQXSV/K7
VxqKkC+yHGxYKC1kdvZnkoVPS5sGA3STRxzWgfzZOrnvyNjKneokJY2CMA89A8wm rXZIyp21dUgWPvtC6GsnaqqB60ulY7Z4RyGIROF+dpIqGPa7cT5DWaxFZxA28zCe
cdAbA8WTxoLo7ObjelYiyPgB5BWUqWvRbrVUYS6lrgLToUIfVSS/beNyjwwmjHgR my2SjL2+P8CiOO0cynhFSW+RkxwemTxUIcorFeRbwY/QGJPxOt3zYd8Ac3xMUpl6
C3a2iQQ74kYyMr1iBj9K0cUeyVSBHOMvwG5Xv0Phovz6waVZdSWOcxjDslz+Ghg/ 5e8lO5xVK4nonot1XfxBEb3KLU5szkNM1KzoXNFxjvnfiwrSX8UNGWAvmDWiGWut
c74x37hFQSAiIUt9ZzrE569QNP6wcGe/S0MxL5MG6bqu5BH8MGrBeQ0IPRCwXFwI 7D7b2mazbiAoTMEOmX43as1FHeco3oDjeoEiYyc8b/6nLj9/SMSkxzgncrxvEEAG
+Hvwh/mIF5Uc0hssRDYNn9YxYA0jCLsjpxjMcDJCMUA= amhJ49wnRgOUWYkZzyOOaCQqA4xnGl84Dj3tQy0afpE=
C.3.15.1. S/MIME Signed and Encrypted Reply Over a Complex Message, C.3.15.1. S/MIME Signed-and-Encrypted Reply over a Complex Message,
Header Protection With hcp_shy, Decrypted Header Protection with hcp_shy, Decrypted
The S/MIME enveloped-data layer unwraps to this signed-data part: The S/MIME enveloped-data layer unwraps to this signed-data part:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
MIITEAYJKoZIhvcNAQcCoIITATCCEv0CAQExDTALBglghkgBZQMEAgEwggk5Bgkq MIITEgYJKoZIhvcNAQcCoIITAzCCEv8CAQExDTALBglghkgBZQMEAgEwggk7Bgkq
hkiG9w0BBwGgggkqBIIJJk1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt hkiG9w0BBwGgggksBIIJKE1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5LXJlcGx5DQpNZXNzYWdlLUlEOiA8 ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5LXJlcGx5DQpNZXNzYWdlLUlEOiA8
c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLXNoeS1yZXBseUBleGFtcGxlPg0K c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLXNoeS1yZXBseUBleGFtcGxlPg0K
RnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpUbzogQm9iIDxib2JA RnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpUbzogQm9iIDxib2JA
c21pbWUuZXhhbXBsZT4NCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTI6MTg6MDIg c21pbWUuZXhhbXBsZT4NCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTI6MTg6MDIg
LTA1MDANClVzZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkluLVJl LTA1MDANClVzZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkluLVJl
cGx5LVRvOiA8c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLXNoeUBleGFtcGxl cGx5LVRvOiA8c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLXNoeUBleGFtcGxl
Pg0KUmVmZXJlbmNlczogPHNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1zaHlA Pg0KUmVmZXJlbmNlczogPHNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1zaHlA
ZXhhbXBsZT4NCkhQLU91dGVyOiBTdWJqZWN0OiBbLi4uXQ0KSFAtT3V0ZXI6DQog ZXhhbXBsZT4NCkhQLU91dGVyOiBTdWJqZWN0OiBbLi4uXQ0KSFAtT3V0ZXI6DQog
TWVzc2FnZS1JRDogPHNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1zaHktcmVw TWVzc2FnZS1JRDogPHNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1zaHktcmVw
bHlAZXhhbXBsZT4NCkhQLU91dGVyOiBGcm9tOiBhbGljZUBzbWltZS5leGFtcGxl bHlAZXhhbXBsZT4NCkhQLU91dGVyOiBGcm9tOiBhbGljZUBzbWltZS5leGFtcGxl
DQpIUC1PdXRlcjogVG86IGJvYkBzbWltZS5leGFtcGxlDQpIUC1PdXRlcjogRGF0 DQpIUC1PdXRlcjogVG86IGJvYkBzbWltZS5leGFtcGxlDQpIUC1PdXRlcjogRGF0
ZTogU2F0LCAyMCBGZWIgMjAyMSAxNzoxODowMiArMDAwMA0KSFAtT3V0ZXI6IFVz ZTogU2F0LCAyMCBGZWIgMjAyMSAxNzoxODowMiArMDAwMA0KSFAtT3V0ZXI6IFVz
ZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkhQLU91dGVyOiBJbi1S ZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkhQLU91dGVyOiBJbi1S
ZXBseS1UbzogPHNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1zaHlAZXhhbXBs ZXBseS1UbzogPHNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1zaHlAZXhhbXBs
ZT4NCkhQLU91dGVyOiBSZWZlcmVuY2VzOiA8c21pbWUtc2lnbmVkLWVuYy1jb21w ZT4NCkhQLU91dGVyOiBSZWZlcmVuY2VzOiA8c21pbWUtc2lnbmVkLWVuYy1jb21w
bGV4LWhwLXNoeUBleGFtcGxlPg0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvbWl4 bGV4LWhwLXNoeUBleGFtcGxlPg0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvbWl4
ZWQ7IGJvdW5kYXJ5PSI0NmYiOyBocD0iY2lwaGVyIg0KDQotLTQ2Zg0KTUlNRS1W ZWQ7IGJvdW5kYXJ5PSIyMzAiOyBocD0iY2lwaGVyIg0KDQotLTIzMA0KTUlNRS1W
ZXJzaW9uOiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L2FsdGVybmF0aXZl ZXJzaW9uOiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L2FsdGVybmF0aXZl
OyBib3VuZGFyeT0iZmE1Ig0KDQotLWZhNQ0KQ29udGVudC1UeXBlOiB0ZXh0L3Bs OyBib3VuZGFyeT0iNGM4Ig0KDQotLTRjOA0KQ29udGVudC1UeXBlOiB0ZXh0L3Bs
YWluOyBjaGFyc2V0PSJ1cy1hc2NpaSINCk1JTUUtVmVyc2lvbjogMS4wDQpDb250 YWluOyBjaGFyc2V0PSJ1cy1hc2NpaSINCk1JTUUtVmVyc2lvbjogMS4wDQpDb250
ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0DQoNClRoaXMgaXMgdGhlDQpzbWlt ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0DQoNClRoaXMgaXMgdGhlDQpzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5LXJlcGx5DQptZXNzYWdlLg0KDQpU ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5LXJlcGx5DQptZXNzYWdlLg0KDQpU
aGlzIGlzIGEgc2lnbmVkLWFuZC1lbmNyeXB0ZWQgUy9NSU1FIG1lc3NhZ2UgdXNp aGlzIGlzIGEgc2lnbmVkLWFuZC1lbmNyeXB0ZWQgUy9NSU1FIG1lc3NhZ2UgdXNp
bmcgUEtDUyM3DQplbnZlbG9wZWREYXRhIGFyb3VuZCBzaWduZWREYXRhLiAgVGhl bmcgUEtDUyM3DQplbnZlbG9wZWREYXRhIGFyb3VuZCBzaWduZWREYXRhLiAgVGhl
IHBheWxvYWQgaXMgYQ0KbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0 IHBheWxvYWQgaXMgYQ0KbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0
aCBhbiBpbmxpbmUgaW1hZ2UvcG5nDQphdHRhY2htZW50LiBJdCB1c2VzIHRoZSBI aCBhbiBpbmxpbmUgaW1hZ2UvcG5nDQphdHRhY2htZW50LiBJdCB1c2VzIHRoZSBI
ZWFkZXIgUHJvdGVjdGlvbiBzY2hlbWUgZnJvbSB0aGUgZHJhZnQNCndpdGggdGhl ZWFkZXIgUHJvdGVjdGlvbiBzY2hlbWUgZnJvbSBSRkMgOTc4OA0Kd2l0aCB0aGUg
IGhjcF9zaHkgSGVhZGVyIENvbmZpZGVudGlhbGl0eSBQb2xpY3kuDQoNCi0tIA0K YGhjcF9zaHlgIEhlYWRlciBDb25maWRlbnRpYWxpdHkgUG9saWN5Lg0KDQotLSAN
QWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1wbGUNCi0tZmE1DQpDb250ZW50LVR5cGU6 CkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQotLTRjOA0KQ29udGVudC1UeXBl
IHRleHQvaHRtbDsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEu OiB0ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIg0KTUlNRS1WZXJzaW9uOiAx
MA0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQo8aHRtbD48aGVh LjANCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQNCg0KPGh0bWw+PGhl
ZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+PGJvZHk+DQo8cD5UaGlzIGlzIHRoZQ0K YWQ+PHRpdGxlPjwvdGl0bGU+PC9oZWFkPjxib2R5Pg0KPHA+VGhpcyBpcyB0aGUN
PGI+c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLXNoeS1yZXBseTwvYj4NCm1l CjxiPnNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1zaHktcmVwbHk8L2I+DQpt
c3NhZ2UuPC9wPg0KPHA+VGhpcyBpcyBhIHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMv ZXNzYWdlLjwvcD4NCjxwPlRoaXMgaXMgYSBzaWduZWQtYW5kLWVuY3J5cHRlZCBT
TUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQg L01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEgYXJvdW5k
c2lnbmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlzIGENCm11bHRpcGFydC9hbHRlcm5h IHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhDQptdWx0aXBhcnQvYWx0ZXJu
dGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZw0KYXR0YWNobWVu YXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGluZSBpbWFnZS9wbmcNCmF0dGFjaG1l
dC4gSXQgdXNlcyB0aGUgSGVhZGVyIFByb3RlY3Rpb24gc2NoZW1lIGZyb20gdGhl bnQuIEl0IHVzZXMgdGhlIEhlYWRlciBQcm90ZWN0aW9uIHNjaGVtZSBmcm9tIFJG
IGRyYWZ0DQp3aXRoIHRoZSBoY3Bfc2h5IEhlYWRlciBDb25maWRlbnRpYWxpdHkg QyA5Nzg4DQp3aXRoIHRoZSBgaGNwX3NoeWAgSGVhZGVyIENvbmZpZGVudGlhbGl0
UG9saWN5LjwvcD4NCjxwPjx0dD4tLSA8YnIvPkFsaWNlPGJyLz5hbGljZUBzbWlt eSBQb2xpY3kuPC9wPg0KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFsaWNlQHNt
ZS5leGFtcGxlPC90dD48L3A+PC9ib2R5PjwvaHRtbD4NCi0tZmE1LS0NCg0KLS00 aW1lLmV4YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPg0KLS00YzgtLQ0KDQot
NmYNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LVRyYW5zZmVyLUVu LTIzMA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtVHJhbnNmZXIt
Y29kaW5nOiBiYXNlNjQNCkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQpp RW5jb2Rpbmc6IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoN
VkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFBQUFj CmlWQk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFB
RWxFUVZSNDJ1VlRPeGJBDQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95d2l3 QWNFbEVRVlI0MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVqT3l3
WW5DdGtES25iY0xrNjZzcWxUK3p0OWNpZGtFKzZLd2taDQpzZ3J6ZmNxVk1wTDJq aXdZbkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oNCnNncnpmY3FWTXBM
bzA0NDdnWURwZUFyaytPbkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldSV00v MmpvMDQ0N2dZRHBlQXJrK09uSkhrSWhBZlRQUmljaWhBZjVZSnJ3N3ZqdjBaV1JX
dWxpDQp2ZFBmMVFaMmtERDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0NCg0KLS00 TS91bGkNCnZkUGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQ0KDQot
NmYtLQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ LTIzMC0tDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDAN
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx BgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG cml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UE
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzE4MDJa ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVs
MC8GCSqGSIb3DQEJBDEiBCD0vcxZnCjxaOpfz5cIo9Maa0SVODPCXLJlV2Wbq4Z6 YWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQ
7zANBgkqhkiG9w0BAQEFAASCAQB3m6q708hB5tmuz6jzSJ+nCR7C0BRbfKypEnSP J+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+a
k2tdLaOAJWrHqljSd4klEJWy3x2SvLL9q+rSbmIWpK34PWVL1E7gbbJIBjfpoIUo uzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVe
+YMSIkhKFaKfUgulEi0zQG/HgnMENl6CDXa5ZrbW53SEpNpYgchUcqpg6Z0yOB07 A5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShp
oH7YOqF2111RRSzsjNMMDAm/1LvOFBR+nUERAhHvq1dpGpNuvbtAh4itWLLbDLlR lcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5
gIvrihHbqaUhf4VDQNg4MWjdHGATgPHNAb4hpfaxHxGEv+NYB/65VQWKGKMZujqk NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+w
aLH9nVThiAlEOyirAA7VlmvlUQgBem0pjh6ixnwK9HfPb7pG hUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgB
ZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAww
CgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8
ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkq
hkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2
XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxG
wy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/Qs
hlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8
PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K45
9CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdB
BXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVU
RjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0Eg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5
MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcw
FQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2ju
wdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQ
wXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO
63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf
4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I
6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAA
MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWlt
ZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAd
BgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcX
DKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqS
Q4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/K
tmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVf
nbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/R
CGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4k
m3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2
cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBT
IFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqG
SIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3MTgw
MlowLwYJKoZIhvcNAQkEMSIEIJqUXzqD6DHL5QxaWDH8cjQd+BnWEDsqfNBB2TB1
TAOkMA0GCSqGSIb3DQEBAQUABIIBACXiU0FE8dQ6qbdByg97uCGlmOthKkgEMr5O
RkpoX6ntzZW8Bzj3xOt6fe6wwhxExszASuxN0STebics6GRcN/EzXV/SUDEOW7Y6
gK8c4LiuNfD76ZQLHbPhIMYDidhYb5lDO4MZCJosGPFCgGitf5V089h6WjZMY26F
YpL5lQfXgVAP0A4Y+2f8RaEP4Fsh8SLcV/EzniT2xCNCEuZwsETA65OnGJ6A6ktM
ljaEywaYkm0bVFuJ2ml4x0YDd/pZpr7CIgDtzh/97x39apqnNOnzTGnGgZi2T6yK
4flYxBHvYI53lUd/ub1SQMH/+X4zL0sbfb5+idTt10u1pN0Qcb8=
C.3.15.2. S/MIME Signed and Encrypted Reply Over a Complex Message, C.3.15.2. S/MIME Signed-and-Encrypted Reply over a Complex Message,
Header Protection With hcp_shy, Decrypted and Unwrapped Header Protection with hcp_shy, Decrypted and Unwrapped
The inner signed-data layer unwraps to: The inner signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Subject: smime-signed-enc-complex-hp-shy-reply Subject: smime-signed-enc-complex-hp-shy-reply
Message-ID: <smime-signed-enc-complex-hp-shy-reply@example> Message-ID: <smime-signed-enc-complex-hp-shy-reply@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:18:02 -0500 Date: Sat, 20 Feb 2021 12:18:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
skipping to change at page 230, line 28 skipping to change at line 10669
References: <smime-signed-enc-complex-hp-shy@example> References: <smime-signed-enc-complex-hp-shy@example>
HP-Outer: Subject: [...] HP-Outer: Subject: [...]
HP-Outer: HP-Outer:
Message-ID: <smime-signed-enc-complex-hp-shy-reply@example> Message-ID: <smime-signed-enc-complex-hp-shy-reply@example>
HP-Outer: From: alice@smime.example HP-Outer: From: alice@smime.example
HP-Outer: To: bob@smime.example HP-Outer: To: bob@smime.example
HP-Outer: Date: Sat, 20 Feb 2021 17:18:02 +0000 HP-Outer: Date: Sat, 20 Feb 2021 17:18:02 +0000
HP-Outer: User-Agent: Sample MUA Version 1.0 HP-Outer: User-Agent: Sample MUA Version 1.0
HP-Outer: In-Reply-To: <smime-signed-enc-complex-hp-shy@example> HP-Outer: In-Reply-To: <smime-signed-enc-complex-hp-shy@example>
HP-Outer: References: <smime-signed-enc-complex-hp-shy@example> HP-Outer: References: <smime-signed-enc-complex-hp-shy@example>
Content-Type: multipart/mixed; boundary="46f"; hp="cipher" Content-Type: multipart/mixed; boundary="230"; hp="cipher"
--46f --230
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="fa5" Content-Type: multipart/alternative; boundary="4c8"
--fa5 --4c8
Content-Type: text/plain; charset="us-ascii" Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
This is the This is the
smime-signed-enc-complex-hp-shy-reply smime-signed-enc-complex-hp-shy-reply
message. message.
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft attachment. It uses the Header Protection scheme from RFC 9788
with the hcp_shy Header Confidentiality Policy. with the `hcp_shy` Header Confidentiality Policy.
-- --
Alice Alice
alice@smime.example alice@smime.example
--fa5 --4c8
Content-Type: text/html; charset="us-ascii" Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body> <html><head><title></title></head><body>
<p>This is the <p>This is the
<b>smime-signed-enc-complex-hp-shy-reply</b> <b>smime-signed-enc-complex-hp-shy-reply</b>
message.</p> message.</p>
<p>This is a signed-and-encrypted S/MIME message using PKCS#7 <p>This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft attachment. It uses the Header Protection scheme from RFC 9788
with the hcp_shy Header Confidentiality Policy.</p> with the `hcp_shy` Header Confidentiality Policy.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html> <p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--fa5-- --4c8--
--46f --230
Content-Type: image/png Content-Type: image/png
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--46f-- --230--
C.3.16. S/MIME Signed and Encrypted Reply Over a Complex Message, C.3.16. S/MIME Signed-and-Encrypted Reply over a Complex Message,
Header Protection With hcp_shy (+ Legacy Display) Header Protection with hcp_shy (+ Legacy Display)
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Header Protection scheme from the draft with the hcp_shy Header Header Protection scheme from RFC 9788 with the hcp_shy Header
Confidentiality Policy with a "Legacy Display" part. Confidentiality Policy with a "Legacy Display" element.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 11505 bytes └─╴application/pkcs7-mime [smime.p7m] 11530 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 7508 bytes └─╴application/pkcs7-mime [smime.p7m] 7520 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 2832 bytes └┬╴multipart/mixed 2834 bytes
├┬╴multipart/alternative 1621 bytes ├┬╴multipart/alternative 1629 bytes
│├─╴text/plain 576 bytes │├─╴text/plain 580 bytes
│└─╴text/html 748 bytes │└─╴text/html 752 bytes
└─╴image/png inline 236 bytes └─╴image/png inline 236 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: Message-ID:
<smime-signed-enc-complex-hp-shy-legacy-reply@example> <smime-signed-enc-complex-hp-shy-legacy-reply@example>
From: alice@smime.example From: alice@smime.example
To: bob@smime.example To: bob@smime.example
Date: Sat, 20 Feb 2021 17:19:02 +0000 Date: Sat, 20 Feb 2021 17:19:02 +0000
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-signed-enc-complex-hp-shy-legacy@example> In-Reply-To: <smime-signed-enc-complex-hp-shy-legacy@example>
References: <smime-signed-enc-complex-hp-shy-legacy@example> References: <smime-signed-enc-complex-hp-shy-legacy@example>
MIIhLAYJKoZIhvcNAQcDoIIhHTCCIRkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIhPAYJKoZIhvcNAQcDoIIhLTCCISkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAGlAuaN5i488nW0BLsFYGGzv05Z7lYU/2JcF Boq0MA0GCSqGSIb3DQEBAQUABIIBAAI/dYMbzc3zEiYx+UrTZSpSeDOwGmzAeujC
bCWNgMWKZXJg15jwdzYH+xrTDHMk3Lm3+zgK9UoV+SCIBH2canLBrEgBk7KeqP6C jAZv5gFxjb62n5NLr9K9d+shGjdaYbpCxj8JfQmFg2jOB1MlEkf06RXo/3A8M+lY
XSZ5q9yxGyZ+CqJ8oMsjvhezu/F/WROolCP/ALvzwu3TMlC7WGX2VId+dkYbJlqh DTEbcZxJSVsoxWD5GFybNQm1kCUSaPtWJd0PdXv27sdv4ylWZOw2AW1ecaUnK70f
84usiISToli4K5GBGP5TwCt40qFNq0oiCh3PMUyZQO2RxCqvW031j8J7ASKxA4gl Lz5ge+Uz8gSOU+nHnxESOAMqUAsg8lgk16IWSnm+Vnt6YVeaVfiA+DL/+lG3Ijf8
ilSjC4Qs5kf+TEUc+iylX8DQJu5t2CMmvtaBShCBOkxnqQlQC78JQxojZ+xEP182 +KvkwSasTh0Bg8lRJ3QepmHqyZcJopJz/TOsn/6zp+wk4VEezqF19ofdlOO4Eyck
HHqi3Mqd45z2mRl2GuJaMnlW/OhaUolY7AgDOTGDIY+8QeyiFJEwggGEAgEAMGww h8PN2ksrWuj+8xts5CxdYBnAn8kAiA5yusP1O6xJz22AWQY8oo0wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEADR9K8p6a0/i4HviQ9Tt9Pb7R HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAQDa6AeSZzIQh8pQjClWUIK5a
NtG9AajTJ6rALd1mRmDlpwQjKLduufYKBCxxB60LkiTUXGPddtruirSbEsjOa3cs FNESnV+b49enYnj4vuGEHnnB0TM5btNCYLoI62CvyDsSMyCWdLBiFPBn2w8H2IiL
ueHgTUPxC8z7Jpmjk0ab3pgilymcCB3ajskxKFNC+kssejHIc/fE8KoJO89fYMjv m2XbWwXDPUlikcO1CGEmSmJJI/7GYScU0naGyrKxTOBefjovgQwFqJmBFIAgo/xc
J8BPk6giYB+FCfz9FEDGXxWjU4OQdmYRQlhRBHmaF7CIpCyjo2VnJJllp7STKfAe DyS3betIuuvZ3PTlQPYLQrTHIke7WfymJw80dcgP6bY4JQp5Pf9ErW3GvdKx7wN4
nKbbEbBOsFfw3U2F2AfEmobmNixtNCaNFbdMQLV/k1+oGuAkggZC0+N+sSfAZ5DV gGyqFvCm1PGuc0OeHO0jb40GcglfzqabBQXax3Vr+XxDiiwwa50R1nPgIhf/mYOU
ZQvdd5ex5lNjMhSVh1qp152LcGbtQhP3qOhWaqDYjmDlP6nWP5/PrFgQjOcZBjCC 07B+4GH30ogzveQ8KRQ1Ry2By41b+nFO42U/nO9bC6FAebCGj7qNq1x9G4dpETCC
Hf4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEFzxfgxbmalkU7vL68qwqfyAgh3Q Hg4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEHdJN4l0uotCGn4QEUsJjjWAgh3g
LvLr/03CJmjSYS/t5iURfgrocyJrvZk3RW3i14gxNLDFElcTKR1fCuUGnaV9irYB 30f/pefDZUamG+tfMmvMOPZZOznkpv2sR6nXwJGpqMzgnUv35t8MatduIQvjL/vj
A4FUWy0QR8NUPbEihtDXlDuhfIR9bzGO5am3GdoNJWbNPEcC9Vta7QlDWjfzxNF8 1wkZ1W8XgKKrC+PI1cz2HaJioFVglFMp6lVuzep4gZZ6coK/oq/0eZfm466TIaXt
NJw6q/SlZ1mAQCHq8p5dtBsRWsOH7gokScgyB7oOXBHnOmQ0ObUbJ9WcIbA8FNCg kUaja40Fs7B/BzyWI8LzzjRuZFWJeiLfh4HHEXFFNJ9n6aTaNCUW1AsFCyi1y3H+
tJDPxBTI8kDqduwhStetZwl0HrXspvSojb6+siJIFcah2p/hFc0Wxf0h1sz754wm dP0Y35mB9o9N06LO/B95yjJ5cJcfOf3clANxMBZWvrbof94epVrOputl9dQMCNiB
13q0t2BGGWippElLS9Xysuof+zbmwwA57FkJp53n0PsnKqhvKEo0ZyEMPkKu5z9p aGdlvI1lg2pXDyeNYWR5jpdTBAN7Bfmg9MPQBWzRT6Deq9qkD6aLwOJW96dMW4hh
XN40X/3PwrBxo4HoHut/N3HNwyJs7tb71/8AbmrTltAAHUhDYc1dCpza8wF4wGnC fLCOEWGuMe6UEh8hvsx3gVF7A5wZ/fbs9pZvrHSDDU49+Hkf9RBvBepPtqXt1dxC
kFxFVOE+3rTKIZdTmNdywyoBpobY8KSLheKrpaRGaeBv6QnFavph/1w4sdlEPGVa kEXd1sXae1z/ZrUVkBjWLoZ8HHPyEhoEQz6GtxRl9yffDA3eRBoaaTPUJJaU62OL
CXNn35GjtB5bAE5dMkxbrEiaDi3DupuQFSxhNWzBPLVILWxBnjgDWaUhfVRSx5OX oJwlGb9efDum6jmbG5cHTBcEjWAja3NK7ZX0RmG+kxa4nDZuKOw57DhbtVJhHsTU
MzU/GSefZ6lC4eynr9KG3F2EiRm12yNj/ORlZTm3dbfUxSp+mRO262nkj1UMcyLe Ocz0vZK/EqRDHXiPnxXysHM3V092vmW1Y2GKhNCqFGl+5AGiGcZ9SxgZ3tbMWVMi
3eTwxK5yKH8pMNOuQOpEB6CGJY19I5zryFtdNb5BaPNSGznwkgMnX4qPEG18UXlq YkSSf/pU4h+MCPYKIgXs8suP8XaLyvk+nWnAitf+emaI8bootKazlEWSGtIqC2M8
yKfz/hjcLXYyYbM4ey/xh3uDRWXPXAtMnJpXDyvfDMSK/DaFI2eN02fdZ1Hnr7xD 6DwNaRI2aZc9RkgwFd3MU7uYhM5qhp5cvgLxWc/Rg30Ly0m0V+GLza+3AhiMVPo9
MRAKrFGR0NDirjjxjYVGHkUeBCn9H+zz6bl0HdcNM132QtZHsYhIe6PSvmybZ/oF YNuo02TxfaStJeC5jaEd2212Zm/0ZOgbvDw+lAD8DC3i3uDgui3xtc0Ljc5DziqA
R2uqR2uEJIFtoPAA+0F5hj26RBAoLeJhGddyvXfNp0X0Nun8Fwzpsjn6nPwoyPN0 /usC5pl2hjw9vcG1puqDWOz2OiDwvtasiR9m7k5CN+ViSSKt2brNAx4aqbUO321f
hedCV1Oi5XCuH6J6ShJD1etim8A7dxKduX6lp4ts/SHKN2wvnP95zZExvy9L3b9a UcsxeDZ8pUDs+SAm+zuHMUcbWczHW1bRYlo0DehOvaPbOX8qxhJ98JnNdNooG2ko
m/eWq28vri4i3MLcPbswFWkjBkgZ1DPuwwmv4c+6NeWyZSJMMK6ftZDuAKUfHwVR 5U31iT23s9rTH6/Ebcsn5BJeOvHk9DFX+Mzl9+k9phWiihxn4zTRXvgDC+L3GByl
VS+PHx4kT9vwg2KSzJKkbt9IaYDUrNbGsPJbZftigBS0z267GG2mYSjasSxv+uUX EIhWRE2hgG32fKmGeAaOptLW35RPYZDNidMQzD9eEcO4Gn9kNO1Jq3E1vwLixx+7
bLkgoHEixJuUbg/Jvsncnby7JwJErgDnLN7S2ZGLyAaetyWBDWbZYFy0SQX0WrfZ PcgTdVuyPJvmRpJ2TaLJFM3bN+ywyUY8bVFsweaaAXzr4onnC2HJShKaUGuOTbnO
hEzgZ/F7oLfAqD9P5O+I2OSxl8tHVHCnRrAXaMUl7I1EArminSw+G8QTSoV8Hd0L RPJOgpZOB0ujNdqZsJjnyeUTlkwg8IxzsfIP6UljfJNrHR78quPmNJwgRN+9ycEo
EwwpYKZMmaXf87+KApqYTYK+fv31eI7qaBB+8Hxia26eg9xMa/eI256J8MGPAPTu 2GuHtfYixeBVucNptDx7O8p/+K21MgGFcDtCmubVzQzm82QW3xvBaU0mVQuE0mqD
3cwKCTDAG70GChrSIKZQJCNBZnbIq2gYWAyF2+BEVqsmy3mXXNcAuPxwbC4UUJQJ xnC8pc6UvVnXK6LBqyDzbBWk6UxqHDIwimtst4P12KOZ/MJVmMBOWyyef3PcIgSz
lttVXZJpDrHqOrg17ew2WzvNTnVdPwvQLxSJsZpA1Yx7xnHKX3+U+MzLXfUkKg2E 5D5seDL/ZkzEmnypKFcMYPQMrrLWwcSiYuCXKKqjh0eKWkt2ioPrrdPUDNs12aU1
LQ2O3o2OY0oaf7POL7yg9X0A/qiOsz7QaNQQTaG49M5G/GIXy5YifzbteZIa62RQ U7LUrqviOb+ajNQ/uBOBmqSwGlsot7Tz9+x8sM4ywWhJ/9kAZt0zZO1VoIIcbX6y
GsCJfD8pibMs/rylNOkXpCXNwc5+gVJeb/9pAz+ZaAH3Bh8iHKtS13elDmudMcfw XW8oNC+AOk/nSyHX5vbQ5c9paHif3s0lDxalcn4T5PmZ7vsG3TkR97N7Bbas64rz
/CnZiD9e3fmFuYZHAMQT4PwfRCz6VczxsJhNYTURJ6wiqybSoDXgXkHrx1jq7ZA5 zjL3YlsY2sxSVhM15E+RzF1bcJXT9vqS2n6tZmQdLIK2r3xEa2MQmj1D0281FDF2
LJmpXcSxAowigMM7bs0eQSzDCesSCFrT4AdsT02645pVS6nZex0P4MB0X7TPcB6x 4ckMsHxmhw+IdwS9JHG7mdmOLHYMt9QLMsxdb9ptfUqZw8jpwIxZ5gjCIw9PLGgQ
6kelmj53tpG5zYlBon1A0tWz9rNPGU2AGrOuAMgotaol+q8Nq3r5bamJ7idQSUzt n7ZTm5eNRzfyCi37prI3oR6j8s8H5NS4OeygduGjkSUEnsap8iovsRmb+SX1y67k
Ow/vujhPnKU5Wt5XXBDaXl1+H5cfawdkDh8M+eaI1nGNQRhCI8+JNcRcLLMiZHDl Ti7Pvtqc750/1FelnnWudpnbSd4ZTnfHi+D6Qe7UUmz8OJKF8B6Z69+Y+v6qCS/q
rcvkx38pksBWlEejze9y64GN0iA01tCdGTmIorxDjIJToeSOmqeDHTIiqFH2qsVA jF+6JxVz3SoJU6yMJQY/EXCwd5Ft+kyYVbCpc/YK4Rjg5XGAZrIdHqorqXJDLs7+
O/zuWRE+3AnXrwivGePaCq9pO+ir4D/S8oZG0DJ6gQ29apgUJR/AxEd2w3g9vGC7 3DPx65mIeyIkFoJRsh2U0HWGOwlW+e722h2lx/gyG0roN1ltcDqfhIZJHvTEr8LY
pnIp81vjZord15aGzSuM81+uk/By4PQ3kZm3Ot6vh0+/bSZK0VVo4Ow+wPfOna4F wO2qWpWMZXoSRHXyyfcdJ3kUmdjXUHCmVMoKAp5zuBNiTlH6Fn0+iux4qQMSM6sg
Bj0AJi3s4oFwNLNq2qybjuEtS5ufImm5c9iAO+kIyXOMsLLJA3WJph0Ct+0dE73Z nTt1rRuH/9hc7hBKfHbCdXVj+TJzs74ChtNCHPzZqsdPup36y9YUTQ/CC/pLUOHX
89362hoH+JiDLp9jvsuECvaUIWSs5Y815GXrmtVbk4bgvNLX1X8619BjlPkMbMJj FEcIR+PayJIszHa//x9OkL+gzhRf4HD+vTUc51M2hpScoZyj15yFZz58LWkAG/1F
eYSt/uDoOYth5VSJo1IdQGXznCXARz6QBX/UdoEqMNzAM7VOHOK2J6VpvN+WHxLW fYB/upejDYznMlO+bNwYh3pJ1NpPfciWVZ2DajxMS5g71T3JJfJKem6FxAWno0AK
hrIx6w3nEsfeikCm8s9sDkbrgJwmHT/WQDzfFArAkuRXNczJlEO1evLcz0YKnk/E vgCjghD5rIIEfhD2gn0FZphYMbakpDcijFFIkmSMzcAWLBJn6IWlBQrJZs+S2q0n
/IaFSs2dobuDDUXklmbxXYOW2Vk+VMt+svjEwCYLXpPOhqhufN1HIUqG9D//4RiB xdR/d5CS0lSNtSSQVE9KqwpiD7nt2Ux2CDJRXI1csLhowgDM9GQ+iEHwlRT7JzcP
/jrJOy8ci5fn2vM+czragUNNAusuCI9RnPgSyPHLwMyAXLZo3kWFtB68OKO9cT6Z DeminbPXOgGmE6LUmgKhNY8wWUxc+HUTenvHw9/x3+Owcg31aptvoIjexN9kkLMx
k1temLL7OOk0VBU4411Sc7S568kYXByU60JZtbdwnChId0YTszQ5cq5P/3tnlCbw 8U854Za+/o8+3f+Im6gpz5orRWsl+EFDrH8ChCMl8OvuT44HwIvW828zMxTcBfU9
1HFc3yvlW2CLOB3wNmxo2jOmd48R2kmzV6Mc/C+P0VxIW0hh/gcVqt854WiQxVw6 /Pb8dSZNnNB63zJbx39PDH9aN5FROXQNLODfVfQ6Rn149NGMqvaHiNuJ7y5ZUVqK
aODr69oj59olH/bPa5wVICKO+3CrucfQWLi3eRNtGnQ2N23eZWFeayDZ+U63SDyw S6HTusbIujitQ0KJo91qEu7wQxHLP7STTFO+slJpST/zm7H0L1uZd0/vGZrzz0Jp
Iubr9tRIwZNu2kvf2eHTLoLswoTF87SSbcHbzwpeLEbp250HodTkfL0KIAxcZMe/ WzP8OUNAk2U2kc5kkc/dhsmTIQdxN1GmN0Kdv7L6XbWqHt+JjuK80C5WGnCYgrLW
zspTEUaOBysL/0z59X3Sk7lei4qpAP9uOGyvqK9iQw0N+G75v8VPWGwYDTsmAnb7 fOIfkyLdwTOOP+vflQJoY5c9ACvHr6m/mrzHDDai2xxrilQRdxuFcoMFOpGO1Cw1
x/qZOpX3MS17i8f9rI75jYUpmU5l+HbOrPw6cywnvGKcjN+ElyE+VY1Eud/PL1hj IcucA8FD04z+F/De4bsVxf89HUauVFIPMpv2QFfF576IS8/VpJlMtUHbl6R/I5QV
Q24GE8nC7EQnmKFuNXz0guDek/a7SMWgcp/VoPMd/1cI2Vr9Wwlhcf/FULqGROuC UcAPa4+CbT8Ldm/mKDdH8JfH2tK4x/c7i0tSojz+vJ8kFBOwi/rF9PAsaA0XfCDL
ANeBlaUgZvDIWXqdimYAFjFBvx+pYlghcAyzymoKnK9wjW1xeyscr7vN8GKARjCC 9zhdoEYBogXtPggzOfpWRi/ksW3P2SyBEZKHHn9mvyyLSFKpqNKSqRxJqAb6o8/H
WLMIhuX3AK2FQUcWpzjuAhQhleY1AbV0FKTk1pXLbfA526KxUDY9uEV+8M5iRpv6 OyM7mTiIWZtZM84Wk1raN0TCFvkHGTOsMIlxf7+ukicoNevX6ZVHjzu6jl68MSOE
uz4X01Pk7bwTSNkwGIRWT8SSbWA1VbGARsUinhFinhKmkvdc/CKDtPTdchkmcGEA TjLMUzZlhXFLVOeEsPBkSlP/auYqKaj1c0g0xSyAvjoyE7O3zMurfxNjoGBGsaRh
D+bIpuWKMhQdAnSCoi5XmcN+5q8PH7Ivw6iz6WHGjiQNoqYadiTr+AZu98uRnU0H I0lwL/DeDypkNfpcTnyqBK8PbrozDSuSZOQ6zVSurHvq5PQs0fb8yKcKkg4yztPA
vbYXr63tBK60XIjPFcuHMnk8x6aQpUYAWYuaN+EvVvtecStf340tuPg0XWdh9ghG stv1geh/ZI1loQZprXVK7WE9OHLhg9z0a8AWiyvi4tMfDwul4P00XyX/HzK257kA
/MfFiQMLOn4gT+vq6PZPlriCHU4Q97qmdwThrQQsr7kY0zcEF4zOuDxNAccK2UNT OwtLZQXUfrfj5PK6u4QZsfaURH0d/87S8fhIyskmAjzjFbd0VSQQyFuECW5RWwnj
Va1j0a/Ucn25l2UtMW+QSiz9IryWBhBAllqFdYOsgqYPMBnZx1fQ+DpNwmQ7E8XA 5+q0almwJV4yRPSm44bcdPXHBiZHKqq2v/wW8YfzTWSIM62VX+VUZMYriyIXxq8d
HES6WKGMZNZOJnpu443BPGHUnJk4SyrDKQwL2EfK5tsc0BoAGrGhKdSkdlAB9Z7/ VJKPfy/177Jfnf0vLshhlDLwt87nZCrkjXlEazUtcZOkbgXb6VJw1Wt6CY6fsTjy
rIfi5efz9HKv8rnHd2vxzXmdB6Lc3eKNC7ICNE5U9ow/Yd90aMBrIdK9f5imw3Uk YtVUNaPuw4u+0qiFyIYdHLfIEF7ERvqEN9HcQZpIVJ+txy0lyExLViz6MYVLGMEa
CL27LkV1x8aieahJTwwAVVBRZz27FgkmB1x2R42mj99zWZtecrSkGx8wj4/qscqq EvKkDX/aFNQb501wi7sDivcL6M2c8hAuZYzF0x8DuPiuEovicWQASsS/odhsfEVp
39wi/tD8tR4iyqzoP8TDNP2YVmkFnSVSOYXeEMSrazTbdOi/sxKqTtx5sZQi9f/J tKMqB2woHSX6J4aOQDfQ4SUDUrXHqcTyqDiygX1cYi1pHZ/vCN1MQ7OVrgDyCql3
7K99QYOGkJmhjiCl5H/tA7kLD5HPC0fgPDB5m0lp31siMDij46r4ORahUjpPdtPk 5zisTrvcI1KX6Hu9T4UnyeK5HPP5SB6KfHp2Br7VPe1GARo0WXGmR7FnI+hjo++Y
IgtxhWdiJ+hn63rm6WFzoWRlfm/k9yxSsegOpYoCKgi24ZOH/84rtVOXfcMKz+in ZABKQRj4ky8iq2uzbonTgmuQNtM0MN5c4sez4xPfJE/zFk57NM6VXvt9Ya7Q+2p3
+8mkwRVl7bQ7hKkNs9JwnQD37xx5HCw150wNivynBIGlP5ISsr2aRo+eids223FE RUbz5QzI1/1M/FLf0KN2LDyL/FxdHxl5t99dwoIieDJDo12V6xvpQC0ZhgoGGuMQ
9R2TVNXtJp2Nmg6Y+LKbMdCUwaZ7w3vWT3sQmG0rn2nwb1ShnHvQ2Nlw7hAAEbqd RJLuXzkR+0KzaWmV6dSNVHOCW+yrvwg4oyZqoiRaCZsECxYe3ur+coIz0MPbOiOf
/I3dFrvVPxqm+Q60NVjXrACtIlfcTM+LSUc9MCXjgaxXlTMyiWgmO9m6UnEGtvWi RnKYVn24AqTZ1rTcuBUxj7OeSLGCFvZKLGZli8bUabyCKr54gwaxrQRy9UZxTXal
LGImq/0CHgW6YCT9bwLnPfkz2L1vk2p78gTUqlH77iXt8THE1WjBIB/GJl5LGInF 1XsyDz1fm5XkcciUZn6rFlwvNxbYDmis14sl9R/7w0Uhw87kOZ9Bt1sDg4zpOr9X
vI1lsLQMkK355Ztg5wk5FhD47k/EFzQWKfyn6+V1u3hfwG0Q5+FRwgYRS5nfA32T +UsbTySGkWS/NTh6BaYrAeNuJz6ThXTghrW7NhNn5gcPht4jwbAajgcF/tIBmwZn
XxFQIdL57tSXzSrQcDxIe6r2buKOW4glaHWF5kmbK8gchyes4fmvE+pL90s44SUK ad6OhuhtoK35b5EoNI+xYgAsntzccPCmKbQ3wHn2oaziQQ5pTGb+XYAOfmlUwUWS
ZqBkW3kjaGogZActlWZkq+0QcRYnti5KRyk7jzKT/9f1LLB4qdcrPwyotGKJWip5 cWuemvYfDQntdcEGYleE4U0dWpszd9bXzodgzH0ghzI8RnpxDQ5heYbWdcsNCkKm
pyiLwkxMgWxhociW9/3u1gPwu/K4w42zJQUtX3N5l7TvmPhfDU7L3ognCJeaZvbE HcduBeUegEBnMgSzIC+ae5DNs57kqQGFah0l/JMQ+ek+MdrXcqEfHIcuJcE8D9Cb
wEJ9KYb8JimYySr+IOrOQ12YVvm/Wq0ZCL9qb2E+Hbxxb9+1FvBt1WGp2zYnBVaY WX4UpITxyQ7lF4/BPd/Wxc1eK7OyGSCGEYSG366ywtkB9DHVzJmyAtqxAcPPJkpu
RSuxr+TFu1IQtMgDjPD0glGiV8sCGXD1rSc4m6p8pSFlIrXNBEF26cianPaJV1DF DcJ9kIKqtGzOz9qmNrYopT+hztesZTNwfiXd96bUyd67ny07dedM9epPxdSiDtnO
YSqqcopBNfM4zEIreRpp0Nhce6wKW7nhcxpwTnSrB+SZA8pjizoOxjSDllaX/wGr PtedT/epOTrN/wkX6N5uyY7uE53m0XwQRUCCVS7cTAdHRPAZ7pp7l8FzAwnM/9p/
ZDAEflXBwiC6cp9gWivHY2pA1d3LO9joVjfIfx5QxBc3vyYmJ1ATgoQIX6aLJq+/ vk1dsafHwL5IpbfBUTTX052WIRiXqXYPfeFVO2TkmCwFv0QLtK6H88DRzVDUF+IA
Uh2hFTw//9lprqgpkKSdr/3TLKbXDlyY5ysVFKl7OAFUhbaLs6MbVrXaRHG34AOu DVDlQrVZ5EBKopm/AF/cNqfkWDwSp2hMA0I5BHFu9nhLRQqzRL6TZol0OXAN0UDe
wTv2tsbFcq3qkqCrx7rf8mZXIyGEzbIhQ++I1jEVSzwz2E9ruH4jr3lM5d9uus6C 17AKdmHgSUwFuIwocdpPULqKV18eIwOtUKSZre8uqhLPYu5SsGQ8V+4jitMD+Equ
VMysVTCbLnwGKefk1Hh2OvSvF902US1PmbcwBFeoYy8XWdt+xHK8aIcbbj6xxBA4 ctdTPsTafX/8v+l86NO05XDKbnxMTNelYbyMETw4HQmeaYGzjbFqoc4LzQhKh5W1
tvBIsfAqCcKYovXdNtWO9Ex00eAIa77NUmLaRPCYWsmgGJ5NlYgNyP0yrsxz/6Xc VjeQ0ZxKtzUgtKuQkI2rinI+lWPd56XbsCJ2lH+pa4tAB7thMYiinf91v86GTyCt
2lTcTotmEqMjWCRMdWvQnGUSWY0Qe/DsjtXrVcPjSCBdxZ8DWjCYI8mmmyo4lu1X nzzeLdHiW6F/19WGmiKBNk6aMG+C85Bk/GbMmHcC+Xdi94NKO12kPyIE084N6BNq
PSCMXwqcQDbGcvNHqzxy0eT72ZhL319aD7ealbqZ5got87H1fURQ/mkp/LRZyeu/ kdCN8z0f2kYQLCwnhCV6t9cEsq6XsIIfzL5ULbaPY7DqOl7XWH5T2+2DZluEII9N
b9gAIL5UAQ+E+1NgQdY/meuOawNp3q0Wpkgl0bqglYdEUm77vGO+DlDTQ3ruxeb/ LDYO0ocZhiCHp0GeiEy4sX8b5tWSgZvj8U3uV05PfcMePCXpvuFlxf3SWswElhEJ
IdBiVypb7YlJcNx5/O3bf5JUyLpipeiwzXTeRH5vbzBKkmBsLFkwRW9H+AtI/DV1 LAqpWlClsCS7nFSxH7M3FVALw/egqd+TSZ3hPEu1QaGY5EZ4T9gdF65MCEihsC67
OqhGyLon8JkPNO/1WC6c2ftQ2Kp73tT+dsQIObSrrkSXQ9nUaaPbStepczhPptwS U0yS5C8BKXZkmsL++E4J9QkjnAnRSj1Poxvi9ZUvmIiTD0Dx3Mn7Gkprqm/WJwmK
x4zxF8gsc68dZ0OsyjpcwiJaIm6gWseeB1bPW59IlinNHFhxq6lmt37n7a+VQCpC KbazwoQtBSYpooNXcJQAut3lHhl5erm5sGwtRZb63uA5kNBty6/1tVsPDVntVrQu
oNvnfjGaVwoBW2SGX+Qsu6LQ/7ZBXbAn/ZfPABJOinn7xycBCArV1NAIr/CgrzUK PlLlAQ/XUuOlNAlV2LOQck6YwF3HusBeCjZ1xNZWJC3jbUhsXkwxx2IffNcfJREh
H3AhI+7f8UnG1JrOnMaJuIccp8LVzYlFIEleTOBLcKRK/5ye6dTR0OsX/bWLJiZr fuANjE/GytAK1Z3VdJFqKGPD3qlG8t8xGWLGrA1T/oQdsqAKhTVR0rWShj5NKaoZ
wFLUpA1SH4KxPWQGFe1x+LCuXBIo6Q0q3STUkkgD07afCs6xaEZH9as/9jP2jpGO P4MBQz8tWc1VlL36tlirD93YIcqqu0fVJvHSV65MCZMnoe67ke1pdcYKB0Wzvd+r
ZLiV5Ii8/zZ22vHIt9EjjfvjPNDEgo9++RTw1cOJasWvgUAJcWhRwRzgTeXm8luk RBuOe4vbvGI5YstRAKLSLdcQBXxqfiVqChxKPQdeXfEjKoyL64vymFuHibrENpaP
IXnX/Q2HHCQthgIYTdPvJ81uH9TXfuKiT7kDnmbjXGhaPE4uUtV5mokuF65d2ZRy l7IOXz0NKoluj55xyTUzdzBT0e/WKJRpDpal12ZknrUkcXIzLRpnqC53EmNRJ4Qv
nRYQTt7jEZ2Ve7+6h+AZi3KGW3xVvMibv2isGGI+tAUefrVAC1bKnRnj/3skzRz7 s2BlhFpYrC4VWSBppu2Du2B1TtVDOxqad2woWordPIiex6dGb5+dqaOLSV6DH+Wu
JyFIsOSEH51W6GiapYVwhwIya6Jbq2fCBY5c/0sEvjljQU845P6KjLfCUJ1UdOR7 IRc7gCfT07KGHVTZ+JkCZaoXG4qGFiRqEob8MwydAKToS5L47BVxgPZxJW2Tlm5H
aNp6L6piJ9V4b2vbVXeCmzVXAkphV1pkiz3H/KyMy/7HU77ROsrzWc1XPupAV9gA nz1W9CJrJ3kM1IdagWUweiCjqnhgC4W175qoRvh5DxV3DhM429YVR4+0oS3FwDxh
4CaEAlOqx5VRgSpko0jQa+UJ6hvC8kOwhBx+Qq1D/GLAc5kL8nNdkLZfIyO/yLmh /1JgNTWq4ROZRI5drPfjUdaS1XopMJ4GJPn6Dm7tQMuoGd3Sk+2Vni5fEgyjMw4a
+khKI9TEEEup5BJwGNw/DxZg+mnMG0wJdeT/y9oKqqBajQHgk2xRPyvEGjyi1zrq en79UkQz9x6KD29nOm0bpN0zNhjBfps13bYGxqMIZMWAwpy2yq8DR3QWo6Z2BMoZ
HDgjY6YMalTwhxFNUSv8JoHbKU0WYjNDds1APqFbJq6EMs8HgVryDJjQT9ijrEE+ Tsbs5THzpRb0Rl7slX4rmjg/X+1SAFzTxhxpyrULS3VF4n9NYBlgKyyNWUI9S46G
tWb+T1kPWxSWKR3sU6mXhVHqJVzcHMJbKj0kohDdb/LaNzD0SQr5RH/4uH3G57B/ F6rXrxZaxZlR9EvpXUlATo3ZV94BhP9of5zOdrytS3zAXwT7E4ajJWsSGL9rvdx8
n8PhgNNrkQ1snGmqw2JLfSRXpvdL2GA3ne7azpYRgELMs1FSfh5tTrFrWtc2dsvH 83PvvVisD4AhqzfHS3DPhgJd9bXLMAA0t+bLtQqUT56d7R97AOfgnM4L1C2xRT9K
bxxPxQY7dBCC6qw02kTNHubYBuR0Dau4SNBivvFAVaqRpQ15OdeTPm8G5vEukpFc pobr29Nt7bQuKluMoh4NHjexc4QiU2DZIy79G880AuUDf53z3NYcbY93foyKXhYk
Uxh8OcALRVOb5P3KjyIdCrDK3+i6Z7/dHKo+MeSbrKPdZtVWWPteUnB6pDt3GN1o /WfJD33tao1cjFbCcrJR3/LY8FTdtYOAPjPQwfmp967y/98yvrPqvJvHeuUFW01r
WLrJ2KIV7u2Y6NseJyV3G89BPUthwgY+WDKheo6vnNf284JZxfIqviIZIyrZcQWA QmaCVLgwKEG0D3q+hs14APAWMBHc519UMJBq61ObMmsMCw7VMKpq3oCghXabyctq
EhW5/b4KymtMHaB54A4MnhYrqqGQm918bgPJvQOW+cd2uEGe5Dli+Z2BxyHDhCT0 WJ1akVeBo6usYSnnknLN9+6WMsqiNmeb15MO52iYyZaU77jeDFRfIs7+B+yyycdZ
SPOgJLUPATJR4shHRpoduH3RWhTOe89s89LTnIRAjr+m17r10sTYbXxLwswUzQ6l 3x9N7XyTbqGZr6UUJYubInE6UclBO0XSRiBsm2/VVFLBJRfckFMvPkK7IccmY4NL
I5VXww6/HTp5Je2G1xtgLvOKYypTIFzxiPwjLn3rqfYJNQWcLQ8c9jWoviy3JSOb 2e6quWMl2fadmB0JaMOztUjfRCDdoaBBOSw24fh4zfHyyGJYzbLoznuCPeCgOB7b
xtwrY/fJ0mDceBFbUtgm/Gbeg5yXmN9EkOgRcdV7FWNGHziHIUQa1knXdEhWDLuu E4fJg5tIADSJivl36YIyOCGqpj4768yvjzzjg+rz14lTVe4si5GhFgXADW7LtkFb
0hqFcTUlRYMeoZCpnyEt75c8rmwmnVVGhb3FyLrUO9vVeyPvPuB0AiwK9dECvcz/ o8EGRwDDAOxCG5st4HMz/1YEjm90jyqRJe0V9lDt4rWjzmADiOT5BZnbVoso5Ie7
US+HkNoJSUdLC2/QVV2cJtJIb82c2AM1CaeMoTTjXMK9KyZOeWhBCYNULsR6FzeL +hB4WqaP3lN2eipERlOSGHiMN0sibXgQyvz3IMmstq5u7OU5Qe1qPIOYjNFi9dv3
1GQwfJWcdiEEIbrvc/tkYHDnksSgDXxb14E5D2PWmkogtNAs+Uu0WLcz9AhhG9Zr tcxIz3mOpaTMQRzIBxOQdF5421AUxljPC3dGktjROPE1pdgPzpfPHX3LDda26ibD
2YTTj1JA1vQ9Xq6XB/7cOqAXZx5dYqAJM1j7v0Ndget6bUUZluAEJzN5Q4xiK4Hk 9c12AZFCsxap68AFiGNPpx9e2EzrAk8BM3L+T3DszTAM4jb+rpOgljEJH/pLnT4H
BTJb/oSj1Ul2hMMsuQNeHVQYJQmlUpP43Nod6FdGlDsDSY/ZqMh7i6x4vqwjMjEw hRYhCU0PTMUXxmf3b2WJU5UMuf6OM2ZPT0woWYBCKRO5LPoBu0gDQdCpkHrDEDtB
LlGdpjgOrqB7RzBwFHzeP84vles38HBgnEIdnBQvQUEOoIMAHPrBNu4LJJgpQ47r UojQaiAjJ2But/ox1qM4PREt+1Bw6JTvkZOZdttDbmTA2nKFbVUFXH2Nh3VykRN8
3C0F7J/1+d1otCFcfCmWmrwSrT2cSFVEmndEK39/TU5vSlKdm3Xtn6FtXA9iYNXt 5O917c++CZX7Gg3F3p6YBCzkqIIC0VVS3bkP1P5ZimETngRSTJ5DWE6/5N5zhM3J
5f3UGBNuuLfzp2n9A9pLTY2h57Hw2nJTZ1gZI9pA8H3akoSokGacL5ztXOONYHBx sUKfM0BaGQGm3D4cTrYpcZaomPrnFmkKyrUvlBkGt3oyJM2EENfX6z01kod3dZ9O
4aC0uNNDPXzXCGlzTUjCKJyh+MhFSuFPjwRZNRgMintvJJlCs88A7x05v1B/+aEn kH9OBLRjR3siJfUulodi5iF0Pn0gZeHzqHKMlNknAwVVg20Vnpxuujy42NYNwnx7
rz0eSyJoGa6AP1NJOfE7MzSL3bTzd/pi9fH4m3GuiOe1/v9O7GPoEmdJ8b3LhIKi askd28OvZAgF24osGkrZCX/zQXfqLhNEFseKtGQEqZhy6/Ew+rkk/w2Z7gkF00b4
awgN4ugc4+SNuoNFOU1Z8fxejeMkGBot+3Kbuzbyq2i2qRIf6/O7owwFlA4urfEo xr2rcyYW2JsyMtErWp6KQPVNEdYzXi+qJBwWPXas3pzH16hMjHD4d2Q8pCfUYK0S
m/SvXwC+0069AqUVQfl3Bre/gnf9DweYOBGis4bKuWxcug4xYict9010eDU/8xeg YGW1xU69cEMtgSs8Qc9VCIowLttDKBQOBU2eH1MVRGO6BgowKqC/WgtmA9rRanmA
dfO59nBd+CMbqR8yAFu6buJB0E64sSJwWYVp4XWM+HRXSbJKrPqpb18Z2hzFCVN7 3x+rEAxPncGrdFOUOEmXEN/Maw61V3RWZec2oSe9geH/AYj5QOTDmHLp0j3iiQyj
Hq1YNQGkGV1bn6z1uO08kY0gXY83qI2lfWtbX7Rf+sj1OuWdt6mkcq3Di0DamZNP g3CJIsUXhKPgjSRnxPYqYOFUUACNaoAXD9PYRZqem7G6zHIiRqGCx7iMjpiSBND4
Kk9syvk6QndtHmHrivnXjWdMp6cjVnS8szBxBqiDKbvZHOrhfIIlBd/jIm3QbjXY IUVWKWiuC2rvSqBmB6ohuTRt+tWshZ5Ksvi31eCCJSDB48XY7pU5N5Itfo1kB8Vl
tPOooqqmIScHkWo+c5aSy7YUEXHNZO3DXWlyjAwYIf95gA752fPfaP7axmg7qFN/ F9j1bhzuAnCczqy6PHi7H05+ulWLbehlS2EMlzIqM+MziEiFUHoMuh+isfM48o3C
d+KhAN5F+p5y+MYJYJmzEydWWuTNrAHjJXo1I+m6PKWm1Fpm5gUhrEyX6WFPxkga Js0v2oOyUz6XhmXxQesMMz2pM9Y2Lc+tcXh6QSX+RXcDMHZY5I1aNUk0g0V1o2cs
IaF+Z36LenDmePleJ8YinC9FIzWaO04BC2Qc/K1JpCVWuHHQj9nfuc40lB6Q3O2D O+h6v/W/nRzSiB3f8YZJr2c2hUt9EAUj9TvCQa8SrPTen6K9WFNHOQWdd+bqbdL3
A6HxBeE5vXHOFp6KWwDhucGSWeM/TILI/uiWH4lkvJVu6t+pGgOQl7+JHSDfPmgJ QiMh+8pLNbIiQfonsPgW7UXi8M7r5K5PewR1+VHFU89UVNU1hnu+JAbhOCVF3LCb
oA3MVWdK5wPYekh6KtM2nLfpO8Coj+s7xXffq1haCcjnw3/qcQK84FcQrYKBX6Ve Yi+jFiM9uSeovg0ytMrqa9qUtcNonoKP3Q8GHh0ZQrXOOF8S7jG9E1le0Y1RqJ4J
4lM+bYTzvjfBY/TCDb9UoKuYsRdg1tPk3ACFaVso1nsHh4WM3ID5NyVBzwISn7D5 0Ys8sscjyYYF515irOV7t9R5wRDf4Syr/rhZeHBUANGevqyHkH91nTUDs33FAquc
78Scp6oFZQ+5Bil8dSTfLhkCWN9DYP6TT4aqGUZlWYInbK5yMAIKMLN5heMjCziy nCPUGEThKi3+pEoV9eIcobGjSIcWd+sh4M5akRrquUXvcbOl+6VeI/yZrUfC+tL8
zvEsbjog9tCqiwSXLVz6CnqfB4swJe2rIiPi2dhR88Z825L5Fb/p6AUH/j/OkYrJ Z+RE+qzLsGUfkfOhwbwEprtuyaSQPIpfe6v7GlHMYtS7W9NAOSZbJ7KJIbKtdOcO
9BITo8qSY0rz7Hac+WE+oPhL/BCcilVxZrDsGHhybup6qdJa1kjDaIadrJbe2Y/L CMtiWxcAszutTu1sst5ac1syV8TwgsPSkitp5qlJW7rHl9vaf3A+wLcDrn9kxCAf
UoxPQomUoVzjPLyQ0IZFVx1CynBuJVtQzfGQ6HUaBApFWs3e19PlVikQOGiI7gad /IzwKfGqKjbRc5OvN6CZwD2wGS2e/AaQn8XVHXNLz7t/SuBiPlOBpJmvtRtnEsE8
aDAQrzR4zW1t7Wwfp1d8a9dNizwmmEn9VuycjLL7vFZ1Md1f3hJNFYFUS8dcS2ke zWivISOrTh5qpdDbp3Gylec/8ltglYu9c+NL53R3KEq6AkzPRwC44yTz0OPBLk+M
BHo6mMYE8zqEQ/MbSOTNFP7np1j0x/elqbF227CWL4bdUCPD5F7fM01lR6uvJeKh HkPCnWorX7rMGy2NPWaUa4OmeEnHeAQYVRF3I3KdKIEi9i1IM+hpjjftq9+8SqhM
xgWLeGNi+dtYAJ+x4Q8/Zp/zxq+djBlAuVa3pJWUENoE9qMOupvxIPTdihzWrEcE OVQ3l5+s1C0y5RdsowbOZZDF/MISYHa9loTGX6Dry0W6c39g4yzn2tyf6carMycq
y2tl6eO53d65H8FrvJBQ9zr7D0B742IDzXsCo+jx5tiR714DrGMQteXTrz+1NFMQ RqQYR7FnBMGvbhQWhbNn1joKBkQoI2kiTrdn3QA7yhbeoLO2fug64A0l7VtdR6v6
NObzn4rCCFe//mcSlt8puhMhbe5wcvjA4bEpmghBjo0cOgegHkhPOPfFRRF1VD+T d1FXKTcNFBJiTkNim1X9Evk3F7E8/FOwKQqRNdW+2wsiKCyFcBGu1LM1rjJDBdnV
Z8PAarUtXl7PM+mEZc+xQti3mNuDaPHGcbUWk3OXfX8ct4Na0TE4XaTEHKI6NaxR xh1RGzz/LRz66skHMLnOgsNM2V3TblE28PZQNrmNqcSIv5eK+CXTlO8q2yp1MeR5
7e6349X2JkULYoi7bFg2c1NZXDut+mnhtYYrPjdXbssljfZs/RBufDo2nWTHp01G KeupsCiu/2ARCmTHePcO4ZoQllXzQwquc19p5jca+1kIQwFsNpM41cI0XCPzMVCK
SYmlhr4N/TOrKfapzi91WUVltoGo+U5VyhXyt97KDcj0yEaCe3z3nNVhUAJGj2Dm fT6OWJNL41TYzPK3rHqN67GrugV98BBY6KfpAosxtMgZ1KoelrCAlD68BaIJJbCW
8ak/NmE+dShqxWOf7isCMr84lmUtQ/s/Qh3RUgKSf6qNoVZ2+pWhaXK+NuhKMnIq sXy4FnXgslZLs3b+R9yOuKbrWEli45/UUIW9e8zvB5pceNxWSg70WgykOvnBmvcC
MAF/NspdJ8r5uNhklb9O3MmzKuW26z3LgiVBfzkYecY57mre+iBo0zpioLBGk/pw sgISnVgTD1odlMa8gJwohbrryLzFbtpb6dbp5tBMP9tESizLizWre9UkBPtx9Q+P
j1bXvQ/9Uo9frPPQQyHD/5M594sPZ+lu43ItvIoz0+SDcE9LlGQeO9KXaGC8R8Py p7MT2kne9Bx2XB2kZqb2uqhTo5vjFgsVRwzjImJ9wfs12XZGChkeGqKTyKOQ859G
fx13oQ9IRbZ3BJngc4E9taY1KNWnj2rZY3GOtjfAVPXR2N6ARgFBWc0GIIcGJNc9 WJxGUJCoLt74RLLPOJTJEgBibmGvs/fc4PmQcqxucp2Fs0kMZ5WYItF0DzpMbdcX
HIlw0rDaE8SHK0x4u6p67bY1R4qkpD5ejPHRUOQelIQ2I5oFJWwCqYYI5MeQ+DBx waNzhg+MauksASn2tm7D5a5yd7uTaSoTL09gFBr35gRBdKmg8lz4ux3bttYYSQTF
oV0jfLysKAC14Vmc29pOxFh2tYJK/axLgSTCCP9a0bX2yS7gOonrmGyNm7qWJBXU 9ioY7srsLj4QbHLLCfTqh0+MVvifbizFmNDuR29KuATR1391X9OenKKpIm0S9ipH
74ClITuOpPhbd7QZfekBjuwt+D9SkhEOJ6Ij8lf/pv+JzUgjkpe+lOxvHnfkIJqZ aLaY41RR7PDA+qjtypnNr0N0ramUOP7MeAaEPPczIarmrz1K5KbJrcUzOqiEDLoA
IFbpokdcFUevEKWfHJQY08FYIlfHf91HQ/Lrb6MebrkW7bY1VKEROEANj3mlSQNX ZggjdwIpYYlAbpCY3FYksI8l8Wo75sPSo7scdUTIfl6FwhwIJ6nqLIG3QG28ovpN
GypZBRrCPJoDxRUHDyfH2t5GDzDv9eakpIuBm/fm9NSPgPkIvXbJkBqWrD+WjMNB XCBdcdSvc3Ixt4wsoCJxguuUA7twFZHfoGDu7f7Dc7bdwm9UBJ38QL7frr8/UYQQ
aRzi6C/HcQj9+eFVr9DfTBAJ90gkws0Fl/EmUMmTrBQzVj49MDbO7TyPntK1NYsz Ltb2xTiZKsMFEc7q3KiH8y2Z1pjRUf+0ylkb5XI/5mClpr96L/ldErMb6nn221qg
csPeXy86g4+xbW0IAar2rXiJjVbcTZuPFCR/NtcRXwe+Gdw4MyPfcM8Y6Wa/ByQ0 PldLvNA47EWriCXnvbCuf4ikKoh+h7F7LpmDpEmEj7JPgLjDE8X3ShdTzZOBNOeW
3XbZdfwy69MuYnKJ5Ie22McGBEa3nODlpc23UeyDyxlf9jgsaktT1qIb+bFDE0YR 1JucBZVnMsVseOlddvc30X+BqiizXsNQ9c3atc9A0avuhslocANQoH9x08VRkZky
7aVZoyTzGZTWmw2Ae4rDQOW/SPq11roZ8vQxPeVnXVy4KJD/2JK5/sCXuRzXk4kX m2iHfeL1HbjRw+PchbdVfXxwlgO/+AfiOCEVKMHkB03mbbmFa9oFh9e8zQ0Uia9L
0SVyOm0MeLNf+NWPIe4deeGaQAwtU2jQvnmuJkXHWcGAunwa4GW25ETxccqekt6y 43TQolX67p6s6KpI9o1r5/bUzNYtNrO2jVd8TjCmg7m6JkusTBXktJDs/iwCJWCn
k3PBKBeZejvoxsrteoYeOWHbPcvthlUkJfp2I9emnhTjELsqqvbEaS8DZ3nPbNnD ZQI/ghEtYaBtDGHfal8xiY/B/g6v8YkezPf8VXxlIUOrGTfzk3zk/PD3TnbRLy3N
p8ug5WoUp9plX6gfl93Cj6I81B0KhtKzaiLXVRq9orNlacOyYieOKQhk+dpzIBDe ot49sr1uKpYYdofnGfleclXBVbvAVZsm3I58MpjdOCQsLCxYNgxVPIhFkptUUjKf
BqXB22FC225jWrKnwYzOVWFTyZfziarDDS+RjVjcWCDO/6OKsdl1d0zbp0VkXkEu /4nQ/X8kdmH5gSs97JF7P2+pw6EimubVOvHTX+gKbp1rHzWUEUtH4JQLssH+8v+H
qix/0NgrilfwOZ4waYTLOu9ihN9KVHIgHOFn9q0BU9OngirE14bkuSu4KvIMmtyT hoJtKrmhoEPysT+tjPJtbWMsptslap14bwHCfNrtlQnhsE6jrrPFIUB7a7DNL7D8
3eZo3Nm+bwWzJzlo4yogzlTgH0SGnxyoibzOXzMqFgLkVbWvqTnw9UZASvoLAyrS FDfRazcq1w0JGs4un6GaJ7d1CYzHrOVKR0c1T201uIwzJOyXU3+YgMYfWqIYViW1
SFctnufOoPlH9JrL+mfoU83prsRDMmOqudzyi5/xWh4IvamvvQsq5+3xsQr1duA+ AGwZj1PPXM8aICmdOyVpWomBq2tUa0fCSHSD//lltDpr3sTGahPvbV8clhQZhHkF
W/HeZ8jx5hgO5UfexS5hAcgNs4Wz2NVCCl9fProSuYh9Caoz2PwlK87c/MliEqWc jyYq5D83dsNKFbcSnsctx4SP71LMaKZw9ttsEzHRRU0duUI149uKpRU0ciGPsSEc
jZ5oSk0+zwLXTp3xpv4MHwDzHwqV6Sdg+cOUtl6wlZp0vJVxPD5tljBU9EW2vjfF gHhBEgKruGdxX9zWeGEFuBzrgpu3C3LXRbhlGNS7RbFlIIR8WZoD0cMPEVrOt4Y9
Iq19LN50RLPQ7RpfCtJAIYUAuYGz0mwd66Q71d39Wx56wHA9TqQBTzNqI0CK6/mX pOGMl1/8LiwQFeznZhQVIjLbjWcjDcqzqxscBh1TJKrjl26Le1tFMmHaY147SfiO
sRZKrMvLBTdHKk4Capu6ehFJgUt3Oifib6DWV6v5HUG14Dt4z8Bj9a3R66NBLWlR PORZOLmnvQxdAaFeN4c+U9pU8DZPMZFa3f3EmoMgi/t16vnw0F/eFywz4GjNLqEt
K+2PoBYdd942K9XlMGBn3LJl4ALdvIcPBWj3GF+uGyuVe7wBlSx9CflX2WSI5YSg d27PzhPuqYPupgCu95ZLVo3727BMwF0+Z+Noqv/X5RFA8W3wXX6Cw0JsSYBp6Xn0
UDSpg+5kGBqjvtMlI8+4lfWZWKxub8YY4IMzkQxJcbvfqIwwjrevtIArQbtPlZDG /HP6a5LoHU3yku+sC2C9EvVuPVEY/51uk7oIyTO0pC6T83oa/mQ7xMMSfuzVcsKK
q5zPmbmEot+ceJepsSmSeiEXJoDQJgbl6ZodjzNaAzLdOcGZI+qvi9m1S95VDfVG YLvHwwvXZK6kbkyNS0ryODE0wwXoC1UnJ5PEX7V+0ondyRxe0D5SnIGAIR/SyllM
qrLl6hDxECQwnHKXwGrH6Qt4lftSzDHOnWKRERbiAgu9JPEuek4MY4C3u6dteyC+ qzSYcMRUGBmK56IirKZ0XmoM34Gv92Z7TNMUZLReIAO1qUHMiOIfaZ1Tp7gbgBZq
5P6nHYB/zZ7qHM/LPSZdWA==
C.3.16.1. S/MIME Signed and Encrypted Reply Over a Complex Message, C.3.16.1. S/MIME Signed-and-Encrypted Reply over a Complex Message,
Header Protection With hcp_shy (+ Legacy Display), Decrypted Header Protection with hcp_shy (+ Legacy Display), Decrypted
The S/MIME enveloped-data layer unwraps to this signed-data part: The S/MIME enveloped-data layer unwraps to this signed-data part:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
MIIVUAYJKoZIhvcNAQcCoIIVQTCCFT0CAQExDTALBglghkgBZQMEAgEwggt5Bgkq MIIVWAYJKoZIhvcNAQcCoIIVSTCCFUUCAQExDTALBglghkgBZQMEAgEwgguBBgkq
hkiG9w0BBwGgggtqBIILZk1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt hkiG9w0BBwGgggtyBIILbk1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5LWxlZ2FjeS1yZXBseQ0KTWVzc2Fn ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5LWxlZ2FjeS1yZXBseQ0KTWVzc2Fn
ZS1JRDoNCiA8c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLXNoeS1sZWdhY3kt ZS1JRDoNCiA8c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLXNoeS1sZWdhY3kt
cmVwbHlAZXhhbXBsZT4NCkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxl cmVwbHlAZXhhbXBsZT4NCkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxl
Pg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZl Pg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZl
YiAyMDIxIDEyOjE5OjAyIC0wNTAwDQpVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZl YiAyMDIxIDEyOjE5OjAyIC0wNTAwDQpVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZl
cnNpb24gMS4wDQpJbi1SZXBseS1UbzogPHNtaW1lLXNpZ25lZC1lbmMtY29tcGxl cnNpb24gMS4wDQpJbi1SZXBseS1UbzogPHNtaW1lLXNpZ25lZC1lbmMtY29tcGxl
eC1ocC1zaHktbGVnYWN5QGV4YW1wbGU+DQpSZWZlcmVuY2VzOiA8c21pbWUtc2ln eC1ocC1zaHktbGVnYWN5QGV4YW1wbGU+DQpSZWZlcmVuY2VzOiA8c21pbWUtc2ln
bmVkLWVuYy1jb21wbGV4LWhwLXNoeS1sZWdhY3lAZXhhbXBsZT4NCkhQLU91dGVy bmVkLWVuYy1jb21wbGV4LWhwLXNoeS1sZWdhY3lAZXhhbXBsZT4NCkhQLU91dGVy
OiBTdWJqZWN0OiBbLi4uXQ0KSFAtT3V0ZXI6IE1lc3NhZ2UtSUQ6DQogPHNtaW1l OiBTdWJqZWN0OiBbLi4uXQ0KSFAtT3V0ZXI6IE1lc3NhZ2UtSUQ6DQogPHNtaW1l
LXNpZ25lZC1lbmMtY29tcGxleC1ocC1zaHktbGVnYWN5LXJlcGx5QGV4YW1wbGU+ LXNpZ25lZC1lbmMtY29tcGxleC1ocC1zaHktbGVnYWN5LXJlcGx5QGV4YW1wbGU+
DQpIUC1PdXRlcjogRnJvbTogYWxpY2VAc21pbWUuZXhhbXBsZQ0KSFAtT3V0ZXI6 DQpIUC1PdXRlcjogRnJvbTogYWxpY2VAc21pbWUuZXhhbXBsZQ0KSFAtT3V0ZXI6
IFRvOiBib2JAc21pbWUuZXhhbXBsZQ0KSFAtT3V0ZXI6IERhdGU6IFNhdCwgMjAg IFRvOiBib2JAc21pbWUuZXhhbXBsZQ0KSFAtT3V0ZXI6IERhdGU6IFNhdCwgMjAg
RmViIDIwMjEgMTc6MTk6MDIgKzAwMDANCkhQLU91dGVyOiBVc2VyLUFnZW50OiBT RmViIDIwMjEgMTc6MTk6MDIgKzAwMDANCkhQLU91dGVyOiBVc2VyLUFnZW50OiBT
YW1wbGUgTVVBIFZlcnNpb24gMS4wDQpIUC1PdXRlcjoNCiBJbi1SZXBseS1Ubzog YW1wbGUgTVVBIFZlcnNpb24gMS4wDQpIUC1PdXRlcjoNCiBJbi1SZXBseS1Ubzog
PHNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1zaHktbGVnYWN5QGV4YW1wbGU+ PHNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1zaHktbGVnYWN5QGV4YW1wbGU+
DQpIUC1PdXRlcjoNCiBSZWZlcmVuY2VzOiA8c21pbWUtc2lnbmVkLWVuYy1jb21w DQpIUC1PdXRlcjoNCiBSZWZlcmVuY2VzOiA8c21pbWUtc2lnbmVkLWVuYy1jb21w
bGV4LWhwLXNoeS1sZWdhY3lAZXhhbXBsZT4NCkNvbnRlbnQtVHlwZTogbXVsdGlw bGV4LWhwLXNoeS1sZWdhY3lAZXhhbXBsZT4NCkNvbnRlbnQtVHlwZTogbXVsdGlw
YXJ0L21peGVkOyBib3VuZGFyeT0iZDM3IjsgaHA9ImNpcGhlciINCg0KLS1kMzcN YXJ0L21peGVkOyBib3VuZGFyeT0iMjQyIjsgaHA9ImNpcGhlciINCg0KLS0yNDIN
Ck1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRl Ck1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRl
cm5hdGl2ZTsgYm91bmRhcnk9ImQzZSINCg0KLS1kM2UNCk1JTUUtVmVyc2lvbjog cm5hdGl2ZTsgYm91bmRhcnk9ImRhNyINCg0KLS1kYTcNCk1JTUUtVmVyc2lvbjog
MS4wDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0DQpDb250ZW50LVR5 MS4wDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0DQpDb250ZW50LVR5
cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIjsNCiBocC1sZWdhY3kt cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIjsNCiBocC1sZWdhY3kt
ZGlzcGxheT0iMSINCg0KU3ViamVjdDogc21pbWUtc2lnbmVkLWVuYy1jb21wbGV4 ZGlzcGxheT0iMSINCg0KU3ViamVjdDogc21pbWUtc2lnbmVkLWVuYy1jb21wbGV4
LWhwLXNoeS1sZWdhY3ktcmVwbHkNCkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5l LWhwLXNoeS1sZWdhY3ktcmVwbHkNCkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5l
eGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQs eGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQs
IDIwIEZlYiAyMDIxIDEyOjE5OjAyIC0wNTAwDQoNClRoaXMgaXMgdGhlDQpzbWlt IDIwIEZlYiAyMDIxIDEyOjE5OjAyIC0wNTAwDQoNClRoaXMgaXMgdGhlDQpzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5LWxlZ2FjeS1yZXBseQ0KbWVzc2Fn ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5LWxlZ2FjeS1yZXBseQ0KbWVzc2Fn
ZS4NCg0KVGhpcyBpcyBhIHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMvTUlNRSBtZXNz ZS4NCg0KVGhpcyBpcyBhIHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMvTUlNRSBtZXNz
YWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0 YWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0
YS4gIFRoZSBwYXlsb2FkIGlzIGENCm11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNz YS4gIFRoZSBwYXlsb2FkIGlzIGENCm11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNz
YWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZw0KYXR0YWNobWVudC4gSXQgdXNl YWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZw0KYXR0YWNobWVudC4gSXQgdXNl
cyB0aGUgSGVhZGVyIFByb3RlY3Rpb24gc2NoZW1lIGZyb20gdGhlIGRyYWZ0DQp3 cyB0aGUgSGVhZGVyIFByb3RlY3Rpb24gc2NoZW1lIGZyb20gUkZDIDk3ODgNCndp
aXRoIHRoZSBoY3Bfc2h5IEhlYWRlciBDb25maWRlbnRpYWxpdHkgUG9saWN5IHdp dGggdGhlIGBoY3Bfc2h5YCBIZWFkZXIgQ29uZmlkZW50aWFsaXR5IFBvbGljeSB3
dGggYSAiTGVnYWN5DQpEaXNwbGF5IiBwYXJ0Lg0KDQotLSANCkFsaWNlDQphbGlj aXRoIGEgIkxlZ2FjeQ0KRGlzcGxheSIgZWxlbWVudC4NCg0KLS0gDQpBbGljZQ0K
ZUBzbWltZS5leGFtcGxlDQotLWQzZQ0KTUlNRS1WZXJzaW9uOiAxLjANCkNvbnRl YWxpY2VAc21pbWUuZXhhbXBsZQ0KLS1kYTcNCk1JTUUtVmVyc2lvbjogMS4wDQpD
bnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQNCkNvbnRlbnQtVHlwZTogdGV4dC9o b250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0DQpDb250ZW50LVR5cGU6IHRl
dG1sOyBjaGFyc2V0PSJ1cy1hc2NpaSI7DQogaHAtbGVnYWN5LWRpc3BsYXk9IjEi eHQvaHRtbDsgY2hhcnNldD0idXMtYXNjaWkiOw0KIGhwLWxlZ2FjeS1kaXNwbGF5
DQoNCjxodG1sPjxoZWFkPjx0aXRsZT48L3RpdGxlPjwvaGVhZD48Ym9keT4NCjxk PSIxIg0KDQo8aHRtbD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+PGJvZHk+
aXYgY2xhc3M9ImhlYWRlci1wcm90ZWN0aW9uLWxlZ2FjeS1kaXNwbGF5Ij4NCjxw DQo8ZGl2IGNsYXNzPSJoZWFkZXItcHJvdGVjdGlvbi1sZWdhY3ktZGlzcGxheSI+
cmU+DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5LWxl DQo8cHJlPg0KU3ViamVjdDogc21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLXNo
Z2FjeS1yZXBseQ0KRnJvbTogQWxpY2UgJmx0O2FsaWNlQHNtaW1lLmV4YW1wbGUm eS1sZWdhY3ktcmVwbHkNCkZyb206IEFsaWNlICZsdDthbGljZUBzbWltZS5leGFt
Z3Q7DQpUbzogQm9iICZsdDtib2JAc21pbWUuZXhhbXBsZSZndDsNCkRhdGU6IFNh cGxlJmd0Ow0KVG86IEJvYiAmbHQ7Ym9iQHNtaW1lLmV4YW1wbGUmZ3Q7DQpEYXRl
dCwgMjAgRmViIDIwMjEgMTI6MTk6MDIgLTA1MDANCjwvcHJlPg0KPC9kaXY+PHA+ OiBTYXQsIDIwIEZlYiAyMDIxIDEyOjE5OjAyIC0wNTAwDQo8L3ByZT4NCjwvZGl2
VGhpcyBpcyB0aGUNCjxiPnNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1zaHkt PjxwPlRoaXMgaXMgdGhlDQo8Yj5zbWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAt
bGVnYWN5LXJlcGx5PC9iPg0KbWVzc2FnZS48L3A+DQo8cD5UaGlzIGlzIGEgc2ln c2h5LWxlZ2FjeS1yZXBseTwvYj4NCm1lc3NhZ2UuPC9wPg0KPHA+VGhpcyBpcyBh
bmVkLWFuZC1lbmNyeXB0ZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQpl IHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMvTUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1Mj
bnZlbG9wZWREYXRhIGFyb3VuZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMg Nw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0YS4gIFRoZSBwYXlsb2Fk
YQ0KbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUg IGlzIGENCm11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5s
aW1hZ2UvcG5nDQphdHRhY2htZW50LiBJdCB1c2VzIHRoZSBIZWFkZXIgUHJvdGVj aW5lIGltYWdlL3BuZw0KYXR0YWNobWVudC4gSXQgdXNlcyB0aGUgSGVhZGVyIFBy
dGlvbiBzY2hlbWUgZnJvbSB0aGUgZHJhZnQNCndpdGggdGhlIGhjcF9zaHkgSGVh b3RlY3Rpb24gc2NoZW1lIGZyb20gUkZDIDk3ODgNCndpdGggdGhlIGBoY3Bfc2h5
ZGVyIENvbmZpZGVudGlhbGl0eSBQb2xpY3kgd2l0aCBhICJMZWdhY3kNCkRpc3Bs YCBIZWFkZXIgQ29uZmlkZW50aWFsaXR5IFBvbGljeSB3aXRoIGEgIkxlZ2FjeQ0K
YXkiIHBhcnQuPC9wPg0KPHA+PHR0Pi0tIDxicj5BbGljZTxicj5hbGljZUBzbWlt RGlzcGxheSIgZWxlbWVudC48L3A+DQo8cD48dHQ+LS0gPGJyPkFsaWNlPGJyPmFs
ZS5leGFtcGxlPC90dD48L3A+PC9ib2R5PjwvaHRtbD4NCi0tZDNlLS0NCg0KLS1k aWNlQHNtaW1lLmV4YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPg0KLS1kYTct
MzcNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LVRyYW5zZmVyLUVu LQ0KDQotLTI0Mg0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtVHJh
Y29kaW5nOiBiYXNlNjQNCkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQpp bnNmZXItRW5jb2Rpbmc6IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5s
VkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFBQUFj aW5lDQoNCmlWQk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05p
RWxFUVZSNDJ1VlRPeGJBDQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95d2l3 UjBOQUFBQWNFbEVRVlI0MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFS
WW5DdGtES25iY0xrNjZzcWxUK3p0OWNpZGtFKzZLd2taDQpzZ3J6ZmNxVk1wTDJq UUVqT3l3aXdZbkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oNCnNncnpm
bzA0NDdnWURwZUFyaytPbkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldSV00v Y3FWTXBMMmpvMDQ0N2dZRHBlQXJrK09uSkhrSWhBZlRQUmljaWhBZjVZSnJ3N3Zq
dWxpDQp2ZFBmMVFaMmtERDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0NCg0KLS1k djBaV1JXTS91bGkNCnZkUGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9
MzctLQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ PQ0KDQotLTI0Mi0tDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhM
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp QU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9u
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT IEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzEN
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj MAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNl
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk IExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovB
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz ouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CV
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa t2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC 8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4Tg
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz DqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcY
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK bwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD /EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAM
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG BgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYD
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj VR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HV
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI RDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4M
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt uxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveE
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR RRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8 m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYO
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs nUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPU
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5 XTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMC
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx AQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UE
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1Q
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3 UyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgP
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG MjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBT
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK IFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQAD
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU ggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKl
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3 QHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKa
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ w7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE +I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyX
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX t1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMB
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu Af8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGlj
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD ZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQE
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn AwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAU
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH kTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmg
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl aSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524 iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHG
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp Vy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6m
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz rYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXN
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm QC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX 7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsT
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv CExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRp
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG b24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBp
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzE5MDJa MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIy
MC8GCSqGSIb3DQEJBDEiBCDmeJ6lsrSkjN4AZBIkFqDsd0GBqHEAIhAZzSPkodWm MDE3MTkwMlowLwYJKoZIhvcNAQkEMSIEIEUN8MCE/gE8VaUWOZYNyiuSDKZahJOb
CTANBgkqhkiG9w0BAQEFAASCAQA8+6A0jm2WrDdfvFYh0OQ4Rpy+6ofiRnx5jI8I CB59LQgqpUl1MA0GCSqGSIb3DQEBAQUABIIBAEk7y6K+3YZB+tri+EVQFLmb1N5K
a0iD6U77+KS/1W9c4rm5Sk2ElE7gZb/XL5D7l9X5aoiuF6KgyPrzNCL4G3Zz9zLY CUsnwbyLwl9bH3bv+8MFEYqYmiATHzimOxdQNBl8c6HR7GqnMQVJIZ+OEYiL1fz/
1l+7Cc+VsR8HcY9mgI5U34bmT1xZCHk3V+hTSUn+zE2XV5khxX0E5OxGzkrSz39Y Ej7Up3VQzyR1KvblL4Xt1W7+ITh/6iAx1j1W48US9pMR+05Rz+cfVATn77voVNs3
TReERGZGPPXorUIc/MPPKVNE0uhlVUY3WVp9oECnYOBnZ8Ed91rzJWH9hbvUq+jx fN0B8EsjPoVM708f/xKD5lwHv/72Mg1fUTs3YMaqabplXdABkdp1lQhZ6za+N3/k
22s5mbPGSi5napgEIr/vv66CuCSBK9oqUG4/dyd/hvLVgtZ3knoxn8VPXUgf8Yw6 yEYSmxz0Owd4JRKuAIdbzdFIC57BIGFICQX0Nr1c3aZ/wHvNvH2xOAp1cQ7M6Nu3
my5/oStqcO3Q9Sd176LsZ4Otgc4kG789qHAlTax4HGqU3bAi KImZs86OBQmc0Kdk8AzE4s0o8mtf3uhU+eJ/23FWjMYpGdgHaUu90GMnKnM=
C.3.16.2. S/MIME Signed and Encrypted Reply Over a Complex Message, C.3.16.2. S/MIME Signed-and-Encrypted Reply over a Complex Message,
Header Protection With hcp_shy (+ Legacy Display), Decrypted Header Protection with hcp_shy (+ Legacy Display), Decrypted
and Unwrapped and Unwrapped
The inner signed-data layer unwraps to: The inner signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Subject: smime-signed-enc-complex-hp-shy-legacy-reply Subject: smime-signed-enc-complex-hp-shy-legacy-reply
Message-ID: Message-ID:
<smime-signed-enc-complex-hp-shy-legacy-reply@example> <smime-signed-enc-complex-hp-shy-legacy-reply@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
skipping to change at page 239, line 11 skipping to change at line 11088
HP-Outer: Message-ID: HP-Outer: Message-ID:
<smime-signed-enc-complex-hp-shy-legacy-reply@example> <smime-signed-enc-complex-hp-shy-legacy-reply@example>
HP-Outer: From: alice@smime.example HP-Outer: From: alice@smime.example
HP-Outer: To: bob@smime.example HP-Outer: To: bob@smime.example
HP-Outer: Date: Sat, 20 Feb 2021 17:19:02 +0000 HP-Outer: Date: Sat, 20 Feb 2021 17:19:02 +0000
HP-Outer: User-Agent: Sample MUA Version 1.0 HP-Outer: User-Agent: Sample MUA Version 1.0
HP-Outer: HP-Outer:
In-Reply-To: <smime-signed-enc-complex-hp-shy-legacy@example> In-Reply-To: <smime-signed-enc-complex-hp-shy-legacy@example>
HP-Outer: HP-Outer:
References: <smime-signed-enc-complex-hp-shy-legacy@example> References: <smime-signed-enc-complex-hp-shy-legacy@example>
Content-Type: multipart/mixed; boundary="d37"; hp="cipher" Content-Type: multipart/mixed; boundary="242"; hp="cipher"
--d37 --242
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="d3e" Content-Type: multipart/alternative; boundary="da7"
--d3e --da7
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Content-Type: text/plain; charset="us-ascii";
hp-legacy-display="1" hp-legacy-display="1"
Subject: smime-signed-enc-complex-hp-shy-legacy-reply Subject: smime-signed-enc-complex-hp-shy-legacy-reply
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:19:02 -0500 Date: Sat, 20 Feb 2021 12:19:02 -0500
This is the This is the
smime-signed-enc-complex-hp-shy-legacy-reply smime-signed-enc-complex-hp-shy-legacy-reply
message. message.
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft attachment. It uses the Header Protection scheme from RFC 9788
with the hcp_shy Header Confidentiality Policy with a "Legacy with the `hcp_shy` Header Confidentiality Policy with a "Legacy
Display" part. Display" element.
-- --
Alice Alice
alice@smime.example alice@smime.example
--d3e --da7
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset="us-ascii"; Content-Type: text/html; charset="us-ascii";
hp-legacy-display="1" hp-legacy-display="1"
<html><head><title></title></head><body> <html><head><title></title></head><body>
<div class="header-protection-legacy-display"> <div class="header-protection-legacy-display">
<pre> <pre>
Subject: smime-signed-enc-complex-hp-shy-legacy-reply Subject: smime-signed-enc-complex-hp-shy-legacy-reply
From: Alice &lt;alice@smime.example&gt; From: Alice &lt;alice@smime.example&gt;
To: Bob &lt;bob@smime.example&gt; To: Bob &lt;bob@smime.example&gt;
Date: Sat, 20 Feb 2021 12:19:02 -0500 Date: Sat, 20 Feb 2021 12:19:02 -0500
</pre> </pre>
</div><p>This is the </div><p>This is the
<b>smime-signed-enc-complex-hp-shy-legacy-reply</b> <b>smime-signed-enc-complex-hp-shy-legacy-reply</b>
message.</p> message.</p>
<p>This is a signed-and-encrypted S/MIME message using PKCS#7 <p>This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft attachment. It uses the Header Protection scheme from RFC 9788
with the hcp_shy Header Confidentiality Policy with a "Legacy with the `hcp_shy` Header Confidentiality Policy with a "Legacy
Display" part.</p> Display" element.</p>
<p><tt>-- <br>Alice<br>alice@smime.example</tt></p></body></html> <p><tt>-- <br>Alice<br>alice@smime.example</tt></p></body></html>
--d3e-- --da7--
--d37 --242
Content-Type: image/png Content-Type: image/png
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--d37-- --242--
C.3.17. S/MIME Signed and Encrypted Over a Complex Message, Legacy RFC C.3.17. S/MIME Signed-and-Encrypted over a Complex Message, Legacy RFC
8551 Header Protection With hcp_baseline 8551 Header Protection with hcp_baseline
This is a signed-and-encrypted S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
legacy RFC 8551 header protection (RFC8551HP) scheme with the legacy RFC 8551 Header Protection (RFC8551HP) scheme with the
hcp_baseline Header Confidentiality Policy. hcp_baseline Header Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 9580 bytes └─╴application/pkcs7-mime [smime.p7m] 9580 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6082 bytes └─╴application/pkcs7-mime [smime.p7m] 6082 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴message/rfc822 1876 bytes └┬╴message/rfc822 1876 bytes
└┬╴multipart/mixed 1828 bytes └┬╴multipart/mixed 1828 bytes
├┬╴multipart/alternative 1166 bytes ├┬╴multipart/alternative 1168 bytes
│├─╴text/plain 392 bytes │├─╴text/plain 393 bytes
│└─╴text/html 490 bytes │└─╴text/html 491 bytes
└─╴image/png inline 232 bytes └─╴image/png inline 232 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: Message-ID:
<smime-enc-signed-complex-rfc8551hp-baseline@example> <smime-enc-signed-complex-rfc8551hp-baseline@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:28:02 -0500 Date: Sat, 20 Feb 2021 12:28:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
MIIbnAYJKoZIhvcNAQcDoIIbjTCCG4kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIbnAYJKoZIhvcNAQcDoIIbjTCCG4kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAIGTjqXl+E6A5sPoSiC4rgKQPp/Sq9KlmiYZ Boq0MA0GCSqGSIb3DQEBAQUABIIBAANFe+QhN1IuF/acKoQk/CrT7s6ncIXk72bZ
kHuhai6C1kyLR/I+dsQNtJb+T6nUMs6u0C8lHLFMolShXNbmU0UFxbzTjBmz6qdb yqANUj5IWD/YQPJMczB4khaPZRacFIWSbcn3RHR8H9kaincGgB0F3pw+Ju1CaD5x
gqzLeYdkT+l+EuFrsgQ8XtDNqIZHHo6u0c4lZWxdJ1kBGaatjQjzo7qA4fG1uQ/A Lj8pX3ry1b2BNFPEMhbHQy4RsrZpwmL6qSc5X/qWbJNvA83xnnE+avEzW4JFwH1l
NDPZHozuhLE5/Q2+0CTbAawvfXDmA+Ss+Sh5vVxtw7evOxNoRPzypAvcc/gLCly9 RRABOCiNe+lRF7L+X/kqJL0oALwBWLn1OsfK5AwCg3Vao4uyRUtRbC8P4Q7v+KPi
C5RJDy2ctavux6LmC89561I25uUHhgSxCaVT8lxhUMxvgCeN0nWBDp1n68Xy836V 6qYEwXAe6gz1LCwD/EPyiDnMBlbNBid0g8nC8pt2Ymbz+SljAW9FDv9Xyv8iJuXT
d2LKSiEq0INfA4O0OrsujxP5WJaJm4xh+eSUQcCpPcJEGBMuWaUwggGEAgEAMGww +OXOgl8pfBA1a4zKGiRZrKN0PDf0NUh13p/0h7Wd/322eR+FTuwwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAMVD52+ksD3N5L7ElKbclg44f HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAHNOf6aUb4tfH2tb0OWz678eY
WmBMTTsrUeL+q+sqHAzPNf+7x2Yitv9X4QjctucZQNo09s41d7WiaV6TtMvCExcM tSslVolgGLYIrJcX3Xz0ZVEg7EHJfwMMrfzuvaXtMu3VR26TZpJxJrUQy5bplIKf
Vi+bu0jPHiei2WxtASZ9arH0W2+aB46Iw7UTbrwl3EXSAN5IXFIyeQTl4mjte2Rd rb4ZF95XeC1KMC5E88kpOX3qb+ALpsnRbUvldPfaG17GQl1LXRML16Xvw2BdQ/p3
Mxp3o0z42WOzsfAh+3mr6bNvoSiS2WUbvwP36VfWir1GT1wf2Wdv8a0iCcSE0jIE O3EhpITTSdzFYJOjW8J58JGe1M6sjsymI0KJZdEtvG77dNhNAXZfmbf+fBUZ+237
5oKEenck4jNNxXe3i30L3x3FR51piNpxcxo60iuJcyNpBnzjZ6FLzPDKyqPLzhDg Kc0nbd3dWtNmriJONPKwK5qF1UO1JHhGX8/UquWY7bjXYv/kH9YYZUnR3VCNFQZn
mBMG4XyMsNeL8fq5Yjjuuz7xtUKQi8lEih5G1MeeLCy7IyPR1vzraIe42CNpwzCC KndxvfG/jJ3HofDM6XgEZf+hogg9JVg9LN5IGmdmau7/YSt/7q8k53AL3YS7ADCC
GG4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEFNM7bcQDJtZl9ZLfi1Ni2aAghhA GG4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEENLhBGpw6GdtyReA3vbppXaAghhA
nYiY1WB73GOhddIjiceKCfuPfWFmUwC3zkyxz5Qgh/O7UYL2YXPH/+W2xZnSl1U5 yG+aQIQUVygKLkRUL7c+MZNMnUhD+I7X9lWOHMlTQnrHagQoCxlKw9b3v7LCUbCL
eHN3eLqCmsRC2bRfPApVda/ZW7J2GCEHYORRg44m1k7bLrQACA5PDn3T5cYT+syq SabxdNhhBnQwFpgec8aHPFojjM592Zg/7AnYYDqMAttYhoabFG7wSg7+ntlJB/AX
evYnIqK0tAcqo7cphQZ/n/uwdvkPWvkn8dQe0H8RTw+CsMPo9SezKr3hyJTENhre CGFWd1ILOTHr/PghR4rgOmO5/FosuV0PdfBrshG2CoOWzeLtFhzUle1iVtqxq+1z
Tswyoow5httSgHf1vSv51dKJMuKAGvXW7AaAImuNh6rtknzXS+VzUNVh0FvzgLUA Varyg1qLwtxMAkMP052WmVhqNw9WSsvIxXVYcjWdbn7g+lJ5N1BfcjHXnjn8AjL9
36SzeFdJ1NTrpM04p/Du00S9saLdxF0O1TMLaungoLMZgM60ZCCLi3z4CFuQyIlt 1IzHmuHh4ZW9C8S95gdrn8ipd0oee1Ubpu7KP5C/W1H9MDU8cesFcMmUt/WLNxeb
UB2viRGOfJhkePgWaoty6eLvllTXKCXb10ehMU7f8VowVwRWm62h0/SYvPBuGuXJ 09fV0ILaXDbnLIVTQ3xHdoQzg+TQCB4300i2Wvp6UhPnlE6Ap5mexGvObWlIIwEF
7GEVYHlrp4aXR2KQbeMoyxxY5hUGKWzDg4zJc1r80IAZXc64s7SR01x5BVinXhSE RKO4lWVNxEoGB223n10LH6mqJxpiqUK9SYIhNCfo8uxIdZ5R49B2jbzC8e1Owefm
w4VGQ7Qv3CpolKQeuyQ14XK7/nzlkYWdXLFefuU528gHy42Xt+FaKR6ZElFURPdr i1QII6ZVnwPltALSvxiL97GSHG/32YmITrsZBpTitY7Q4tcDgzfFGRV23R89yorp
0IIWN+Gdr28bpQomhbmhm71Srz7q3IIG3wXEh/qrxWf0yzSrrJluLcCAh9dyWM3e AuseNYbGJ5Mb1qFtbQZKycW+2RX16qt4hlcsf6wYBCzI9xOzsSCHJW4KVZc9GuIu
vfuneXrnxTr9Tf1GW/rNygZoHMvrjpSRIrzEAqqCzt/Vs1+ds0TBHn5fs9E2poIW 0Cmc3M5mFgrWwKhCvdJBo6fLwSqTTj6moGmqBLIZ1ouiamOOzxY+VBrpLNSrnnKf
9bXm54ucpXavu5ZafpHUReTrXLMGPJ+IkyGGVrACwAsIDYm/aPSM4HA41DzHtkY8 SdEUgsHuJKo+A+oy0vhHYZqusnoE4o6vE5Sd/R11q655O/jI6ngCE70yZpcCxKV5
q/HRYWR6So7rlYEo74bY2e+TyOJhSApZ87b2I1JMkHUZeB3aAPswZeMdZoA0HF+K 0JgsFeUSjBLtIqGVGPwKRAreug/2rcRWDBlW4QTZ0Yuw7Zu/xVPkAevp8Hn6v0C2
HK2zXm1havuDecCc59q+DP4ROnfMbAU2ACTxvh+dJzX9GdifCUeh9NXn73fb8f50 rxEpaXnhzITeCsS0qLN+G+vuQAzDxz4SlpWxx6HajBToje79ZtuF/YzAZfJTWsKO
7k3GRbg3TgoUDJmfbU8wxeHtx7DvaylbaRLAW8CT0fyedJFGl7qhL3izlhHp9Jjs MzxO8hOCxEl/7z355AmXrKF0ubZj+/Y9UTXlSqUUXV/5b0L98xU5NoAaAhzssysb
SzZpzlLCP/Yv/O6zNuP0RsR0WuaqYdK3qppgIoGta5Z+ZcHxLAhlrxr/mF1qxDoP fXLHgi1CXMNZBUL6Ukv2ovWz/9ICXHd3GdmNUW1OIFRmPdY4obnMtCN0Jpkrbz8l
sFhG/UoPSLT/lyzYN4pbBqC/QRuC3gr0MMKHpBm7G6gJppBW74se9w4IwIBmlnO2 2Uilu0BVtsvsAmhfzgo/v7MMAoeFLkc+idCOexM3v4H2tQlJ1V8MB+yz3IbM4RMA
f8T2FgobF7Z3ne1LRpLCDcaQhFvCyN1IRu9PJH5Kcc0hGYqIAH7t6JPRfcImNbtS UvnAn1fxjsR7Scsg0txauodFltdywA+FnjPJwT9if73HZ2/Lb8bs8ri5iv5Jl+XO
W8Y5bcZ0/1S5kY/Q9NpeAiUDVNdt0qdYEOtcNSpPhi9TrtqULD5EpGJscO5Gmkcn FjsmhyKMUeEmlUXbJ2omjDnnYmYzogYXTs5XSmrZrjvoIbQAKtmxSKywQRNfHjei
ATDL5nzJdLB7XvRQKi+FeWIzUzlr+IH7ik37WGkjZwwt+ClY1kAjgX39poUJTf+7 81VcyyWadLUCZn7PdoQ5qtxSHPRr7upARLAHHljWAL08MHfJSNyN93jK1Ktxkefk
r/gaI0pg/vz88lqZk6vgRQmIRwBv2GvLEfvMz0Ohf9vAwzYxbc3uj64/5aXJbsxr 9/k7WAWsYvkynhGBBolvydzUpK8GwS06+at+UGgUHOTs69RrwNWPwJjuw2sS9hX8
PxpatoiRJu+pF1nh6bPK+THYTnej2tlG1zLWuEvxZvHnUqlWNh4cRsuwm6Cf0H/2 DHy0eGAKKAIrhMcNNJqjnQ3aEP5imIVhTlh9ZEKQzF3ywpnlpAfGdBh0Qkq4cn0p
kv0HY4Rcnjiz13aPMIU/zjg0rkfmPfZfofyPJfNsiXC1h8Cty0HKZC/nWlLg0pJg NVpG+cLWt/ccY/ROFY3bMAuvxYOr14fJNcTRbBY6uTpgSKEoQzY77NZ0fk4IlVcU
hm+FbvUIrvhPhMKMJgY3nOqF6eEkwqnZpWzQxp8wcaVNsP10GoBG3Lef1MbSnsIh NA1PMf9+ZysrYblQB70TggQSb5R3Ik+Xr+BzS7x+pXiBuFlU7qSnxXmLIzyK5ElU
rUx6OyXXdpxaIgRWJQpXkSd59z5VTIyEbJj8iil/GEqqXs0WMGOnlRE+o9sR21Za HfHkeAIAC8ReUSsomobYl+2mmyvvWCLqIR9K3FtGtweZ9bQ3NY3lOuONJAldB9Ge
+m65T7hsq0U776EWjZwcrb44rn/sW+mg+8+leuXL4UNADrm64qXvCcIkHrTpPRML cH2MdHvckaTJNx12aDKA4bm0gHEx6XXDzKARPbcbHDeu+eJ3SbGJ1C8XBqrXxgLJ
k/W71PtYybEx8eZRkEG3tIWog3HV8w+WRKS1smFYvFxw66eU9cFDnKoYJAQi7USq MxUxTVa3uc+Dk7ZY4jzZbGoRVLsUFvCnJklk64GbzydMGplEPH2gR2fjecRbFknq
fdkW/QLuXUJuGvpKGGWm8IJgOezbGPkbiYw+BTMJKExgXStAhAhhVFP3m/47AUx9 6DWdaM1z5J13GJbi3g2mXo2JiWuUBQCLnbdKTAbXdNDBFbU1oVVqMK5PDrQ0cExW
bGiRMGgEBvprT9Iu7mydHOjUO//qRm6fUXOYJ5Xm8OUjk/wI/wOCdtO66tw/d9L4 Dnxa3r3ae2W6Pfvk6sS6LzpvMJUhGfQzhdkgBRfGrMaM7FG8hdr0ZAqJxhu+vS0c
n2skZbRlMEdSja62427CHLCedZAWyyTaCdkj3QiC/vfj74okv+U7SsDyUWxnSK0p ts3hiS77m/KQhyeEPzdNkVXAUHAsaHQ9PgEc3E6ZHvUiDJAYBeQ3e4kXhZZN/NaV
pMZESdV8qUpPRjT9Eh6BSD4B3SrGDuhSEdNuW60Qb2Yab0ZjWaurJeGqVn23A+tR fAlGKplZjWc3RYQK0h2f6ADxcdG3GHAE/vHa9QkrWHUS4QuX/h0aFYDX/bwAg036
u92mwIBB4K/9w9LGv6NXRVoLuSZ7wxcERmM9aXg4f6UjPKijbPzADnPrahqsZ4hb wsYK8WUVTtpItYfV3jTMbfAuLL8En8qYgJNPQcb1SOOC9Sv8qBg0PSlSRQhpG+oW
TpbxZkU/U6KmNmO/l9M5KZjfRMO87dIA8K8e40eJoqGeCyTezC8SzuKy6w26bLQQ lkWTWEKOn4X0hfV2uo4XMIf93SMvRss8vmmB0Kjryr92tGX3CdjWJTjFJAtcNBVO
TonyUBgbpnRzPg3dx6A6Qfr+H7E1XXDTTWcoY9FCGPuYkkmjYgjRW/7phcASXgHz 7Oz5lD84LLJW8vyGMvZ4trxnbVlg9REopeDVq2BJeznYHzOQoawXVM4n8Z0vgp4m
76+C15RI/CdZh5q2hCZE7L9dqHO3sX/12pyR/DCoGDNlO0x/u9xqBo6mxR3LTYf3 xlleVprwb8nmVUyOvxozr09V/ki9aSwZIFnHdMaVX3qwXUZ/1eu0AJJ395Ea6M4o
RP6TVLKnT70ynXDmYjaJMaMWj/+EKsip70TxZanpHeh74lO+YWpvKL5PQtxvSko+ hM+Iqv30A19496kpHp8sfYeZsHtNNwQG4WbhpnXAdR5pJ1+CMjliLFgpkfmWXn/J
EohJTUaPjxG6EJj4K7Xu4aq9UqW7c0fyYM1oOabQaB9ZY1K3aQdRwvY2D7//bCo9 KIF2OSew31/v7JtxUUOHBNNvs+SxLwDqFK4RjuOUBJNEA0EgCvkfpdyAbqCS15g6
56J84DhlKfp1MkakehPJFY3FvParM9kRYxf7CnhVdQX2UkAi5xasZRK020ksUr0k fx6do36Gz4mxXNMJRqP4qunv3MVxEb+igwEPOeSxWpw9vP7XaFiit91Euoj9/UIc
sOM1TvefRZbgaffX+DhtvvbUvFlit7PVwjc5Q0c5YiLELlgSqTpKKnO+IL0u0X3H ROq0Vo3JuB9XM925T7erNHhkhdlUW2utiSjUrHOU0PIZqzbCaB/L+Sb1HhnAKFDJ
pZmms25AZqtY8VZEtjuFv5XoZK/HtF646ipe0yawWi1JoNGSw50CVz5zy9YtcfPI Rg2uD55Mwv5BdpBTnPmq4Wz3kzvuIop7hUzoCVDhcM4a6OIRXgyGeKHOs//ca439
Gz56LodAyQVl7CHSZCRE9tTlyyFxsZzyfK+AqgcahrdT7sc83lpd3PiwAjUL0VCg zoy7aNurEjQSKjFs4dfj5z64b1GIu33X/Gpg634bowErRXGQ1FpOy6oGnD8LIkOV
8EFNHILF3VT9+DsjGZJbqvoITgB51p0i4cdXgS3/yaZ0aESnZBAnEBUXtQQL9wqP n+VODMvu5HTDcYmmNtWLRBImmdq4Er8gUN8LjZIoh/z/F+QSGWoW44pHPwvCV6/k
l8UcDog+kvMK37AYeqGgoseh6ZvJXd5hIMj6WesXUTOQy6IGzZciDAPeNUdMmW0U 6RFcaQKsPx3PHPqRhM9yAmhTWobMOnJBTLccFsxYQWXe2t022B7Ecdoa9QjT7OkF
NivI9SL8uxbSXG8NB9Q63xHj6J8WjNaNzWZPEr/qylfzQaP7uywTKXr4cVTVYwKG +9KpNTPFPlYPMKi1F+IGf/g9KgVd6UHSQoTQOmunONXjuKcebamy4kRwP72qOqj+
TZGZt1OZnymvwWoH7LhJ5qS1pPqe/4gNijCcngBmRpeG0qDHOSFJ//3Lncg94gnJ jDMBlG+jC7I9neZ1/f50DT26av9B8HfyxVuzTBg0mDSCYvrA+yxHFxiyEO9zH5fv
N8f9Y8zUkulrO2LHsTuzz0I2YCZsP42ZgL66H3uy7MkvgYYFO3IHrSim/evQqS/Z oq5JRT2rXTyq2RZ/EUyOa5Ye0HUI2/veje9C7yOQMyJcqOFWukw6y/BHOo6M6q//
WKpHRCO2Cof8hta9pZQsR6WBWCxCUSEbgcBskZVg2iApVXVDgDyYPHIt0KSUef1S y+S9yMevzh8oxjkjCsx/lrM8kueF2klUxG/Xzm+uR3Peijqlus961Lx5d4qY2XQk
QKsXXlCT7IR4g//0MRP2RyKcrYiIkz09auKYex7CNyQYZfqeeMKUuKw5gXjMZS/p gIVsKphv1I47AYxtDTPx+mXRlm14NVl1skrcOppwfAvXwUBiEuxBrVrrBafj4l6M
jV2Enoo1UG2kzAYFL2mRzdbaxeoqXVvbgErM4c7WKkomfoGIP6Kk4mOWwcEvPozJ VszKHsELw6Ub1/6NjEkp/C72s0bqRkDna0Q4ls3s1N23wylOkWooujWI+w1r9E1Q
pNxUOCPIUBoRcXMuoZp0u0bvU30EBRX+gJWYqRi9p1dnc9EXzm1MHX7Ui6xT6ZCv RT8u4kWJtgBJYGmiBRWN9jMxaOpcf4VrU0HpxNpY7hITQ4b6/KB/28UE8EB+cFp/
DF7YhBWV2GvGC+YKR5IJpXEPO0l5PEnGi3cNV9htahhtQWK8DiYjR4BOtHQ0mZRL NmC6+vx0jKPgGsLYGe0eaZoUUVXW19PmV+tbvRbRSxcLDSzsBRvCsEoeK+KBc+r3
NGWRyDbV60ac7pvl/wPwCEEfySu2dT4hvFIEn17B2oLKxowoJsEzOeOF+C23xR9n 7/n9Z5BVH50RQx31KlAEadF1LXVVANh/ZHBrC4TBTaFMGvgJjQZJ3Eax/RKkS5oN
HfMNe/Fd2JtxJ6WJfpYmG/hvdYY5FNt4VlNpK/guwMbjbYfuRbHhCb5AG0gbxiIx /APYHw3zDNFWyhtXRtL0tEG2oyppspUmfG1ZwlAlrMa9dBOkRr3iKlVlyW91tOQu
bszWSIv/af5aFhQWh7eXZcSZoJ3PZIK2z6r9ALFaGy69Qiswbgop4VGs89kjBrZQ 8Q8gDHcdNahMDHdTAIeb5bU5nd7Qr/2uyHIg8sswxWHOjI+l37Qq6sg6wNfq6Xhu
42+eD859Xw2zr8YRuskKIrAdl1jB2txZQYZQkHhzMjagEgc6scYEgikMTRyMDY2T to1/MHofcQlMiQGVucZIaQR82TjNzo99ezyu9ZAbu3J4pm2pLmHeQjg2m1+TO9NA
PgJtyLi11Vec6ZQ29/go9N/rIYDmYx1wN/eBM7SqvQqkhE6AerBhiGetmllgRn8i jdctddks6cbw/bL2yFGw3juupSLTYtYGK9uWqvHSp3O6zLS2b2ihEPBhe5V2UgLh
BbCgc8ClQUbVQ45XQzE3mhm5UnAbJWofEdHJabShy1hoMfuFQFXd4b4okMUFOw9H Xc/CvGAWbLTJgqM64FuUPsDjXByGcGreSA3bIG4AU5hhD+SwSoaFE53Qw6FETH4K
hTi3daOLjmqgo47E1OHalXt4MItAhLXP9+GrhVE5vYN1h/cVRA94K8MlL+5HzT1f BVcGedXnmvkDZrDxwSoRpAqHAkPdrxY+yt7lFiv/dGtfQtMCYv8flAP/bVtWNung
l8Rgls8gLVKV1D+BlXFw7JfS04vAtfv62ttuEinRUicte2rMKi4RKa0m7FYGiD36 wZODrmwI6rJj1Ooub+PIT31MXmm+FbM6yFq3EtfZbq2bKivzHUZpiwL7afe8s+RD
QleGa9W69kkJOxpykFAR6qX/UE0TVydER4+6f4/43Pu53DQs3HqoKsW65q1xb3vX rlZoz4y2vOJwi/REMIDLk1q4RnFcc+FH/ZaG+gMdfkduY0iGfyqIIJeQx5HXhTDV
zci638qUL4lu2LjmxWmeBm8vRyhY84QR95qI/RHoYWIXNSEXggcX2Evvow+cOrc6 gxoy356pQ7QCVdAUoyP/7xp9gKqHbaNFt77ZM+68KGPKuEi6byYJki1gXrB9oJL4
s3C3KjD08EyT7CKtqOyApOHcWhFI3gLvgJf7kd4hvZ3IsgZ0TPpNhPoOLw7OwWtX JmF1jQSZMYqj+FgZBbrc9G8t7vTiF+8Oxfxxs3G+GVdCGAEjhz4dQww1o4vIBmdy
qX3akv8xPBPQ2DfUSuoJyhoMQFLx3zVL2Bl7wm5Q+TqcjM6R56MGfvBGuMmbEIQ4 mrsTEs205qD7Asl0du43DZrXSBt0ppfTxTEjrosTzRD8Skd9AvhFGKhtSFGePNL3
Wm4NY7I8LPN58UeKJ3A2pxhRXG/s/q8PMZUJeXL5QtYBonMFNnISS11T2cP8bB/G 8UqnQE6jmbHHKQt7Z4DJTQ/ZyheYUawAPLLbpX4COwUHDo8YawF+vghitdt8K2+v
LYTC3q8aejWKSg+mX15sovgxDGFFR/Ru2y/Rlx2Mk76tJPr+8nbCYVnNFfdlZEkc 4dkQh9BdyFXpfqXSBDa6XcQPscLxHwjFJPczCeATuycA7/bNguS47InBGg5n+Z2/
htdwLlm1ocXvtb4bjKyMkd9LqH3bDfBAapQquQ+6FG3wTedEsEvPOxvg3byYYXb/ nebOemWFiOd9Fg5uMOBruCHeHCNPN9BZ66RQ7FL+jbXO39Tq+QX/NnzW3WBnoTDJ
E/nvvKhX5Dp90jNkhlGhGfDmoJwJCXutvvd+tnhIFFlarvqfo6zFCQXetwFgBEgg GEzULm2VjTn18gMlflVRjNENOC1yUH3E9jWMn8LEuTnUXTqfEfkkj9lwUXQxNeYf
SYXUugaiovw5r09/7fJs4+9Lwr8phsH1tNibweWGmh9o3GM8tGgxfhaOtikRWx3y uVvJ95gDas8aC/O/MmHLc6CFfq0l9MGu4FYXMfRon6cfJZCpgfXQnJAqxlxMb4wI
MpKecxe9RWUufrUwScDYpTI7sjnqHAjm3qT4YCTnX0QsYeE14yXUo+fTU5WA4evq qMUyCSzZ3umKCD+UAf7MIMyCMEdOMLFoO6LoNofFjNooK011sR4qJcM/zXiFZQaO
xzNcaHo+61Y+/rgB6TFYIQg1tRINAp86EB930uKbJN6xga2QjICTZlvzF9aperRF eCoxyIBESCv2h/LeGRW6Sx7iacntg4Se12zPlaG7ckuiz6PCY92g3WGj9E4ARWIB
Tcmqws2kESiyvxZBGbVhqGSPn7fBknlbAA8MLHhBQVhiA7h28biGv5gOnhipApDo VDIkJo74MDUSn1osHHojKd13lqdAH7Am2UjoIVogx8cE9cSEnmZfwZBf2Pb2TxwF
lRDxJh1q37N0fLOxQXDzuqUt44MMY9CqFZxeRDTcq/dGHztoKum6NHHZTbA9ugnT FTWG7TqheJzJxWzj14sjMPwBZRJQCdmscn8XWEeEk7BBUEGbZi/3Y+PIMe9G1ZYF
ZzcFrtK3yor5ahbjcsWO+44cq52TSRBZy4yGL14+oMD1TbePqRyKdpuUxNeaZmex 3bu9GNmM4JcSdH9FX0NSUdQQrgqDey+C+UCjFD1GWY1Ja18vHK1C3ssWd3wWFBLF
80fBFBDN1p095LRb85tOtLzXDALvhshpuWVn+sH8uC6clrJ/x+LRP6idSiTDlglE e3/Vg4GZhYPSgmTVRk0l0pGR7XgMEBbGGZgloknFBetlJ8F6qIXylDNsMTQ9tNJ6
+yRzeG3YXa2LtLbE+PjDmFla9cOeO89nNGvqYKoqjDYFdnAgX99stX2gJ5pZKuzn rBy0Ite6Qcvma+bz4CSR+y/FWcy93BFKVFC6y/izfdK5InHlrgBEZugR2rR0oPsJ
k8lGBnH1/ytiRKMlNOVQSROQuRniUnlM7UjAuvDt4WhpOyo6d4n5EG03IrAs/0ms wXaoSHrkza1TiW/CsghAx1bjQ4Z1YtMaSfCO03nKQ4z32hFcxm/de3ZUJWlaEp5O
0fd5KwaQV2kM7gLVWC8EDFFPAQtLjVXnbqrJHnpnzb8+3Umdc7bbtTHrHdvbOgXW w0c7kqIzfD2w+UvtcceDo8uc7weRtiYi99K8x0ZtXTfSjWwcJcH5Unpcd3dOXVko
Qi2IOPME+CC4pY7QVjLdW7EUHtWzu577RVyjCgKnh4qVtPSqnDk0lfogprqO8Oos x+ag8enG3DfmVmBvXxsyCboqXJj7FWhFyLcPkZXe+OGDj5Ms3wno8JH8aKVdrSYR
9UUNreV+Ie06Mk54JjGsw4yeKYTYl0zEuxZ2X1ec6ah5pDdofAln5uOwAMBVBodL XmNzsJP9a2CMSEDhaXfaWHQqYSrV3Eg2WXeCbGHUHPCUF5f0uc9RXNN0Wtb/MBuv
q388bcdVtmLWKd0TEc+3Jx+fGCUQfQJq18lpzx6gPm1h/61QXF9R5JPc1fiA7gJ7 dcCNytFxYNgT21vpQ9VxLvFjw7Tt0NjLa9URRObzZrd9I9g0MJrmw59DJm2kbBoX
hpSLRkiQrXZ7tvpxRAFdK9xp/hyKfo8SBPYGZAKvt7H8Wv3akP3hPBhDsKdTg2yL 3qcIq4B693ajEaJC2qpBAszTCEq0AcUzAaf4KunE5LwGY/iYzxngRiW1EljyPY+F
kZciqnm8fa+A8QM6fjHXF9CQ7kAKL5Kyzrn+hQ8gndovU5hKCmLOOPRKC488lXGX wYGgIY8hMkQsZfgwBnzZvr9jhq0s715VEIAmJY4cdlMhRVUf+nViVTxHqSOraXlR
sHqQMP/36DGjEGXyGmmlCIDWiuIfHxQ9vaDZB9c5muWYbI00anAUBiPsuQYDOvap I886EZmgNqMIXoJQinAaitUNiUcxft+vrfXBhBnGOnvIQI807wY2CHQhcrTbLX5v
vyxeONavr53nofOv/AlrMUBiEaJcokDU9LjdqqbmO2DBwhqL7Qkju+fvgl8+jOtB hgNnKY2Hd6EQyYnWRXGL59jgACyfj0dbdEsWtva20reWMx5fcPkVQ500H0E2hdfa
8BuGWtTHFpvXY0wQARIfEonj4qM4PM/TmZYggqaWkSgqCfcMKa0LoIEHLe3k927w yBzIJxvOvkSLLwsLwPxcbu0S92YnFr2FrO7+G0w99FjGT/xnOhVEwkvzHjFzzzlo
TKnKuorWmjdSm0PzWzekxVuEvwmMPWCkL/MRhDkbgm1tCrc58UsgdznEy2K15c/W fhSumEUFU6gdYi6fdjngVQxqdz/rfCWqCj9IEUrJxKUnsU322RV6vutgOjQ8ENkz
BPc9dhuzhyAP30tgN8NiPjANFymRYlZ1XRibTFrWbGZ4JkUr7rjLAJVhMb3a7TBB zqdY/TOS/2onRIIsaE/ul1P6Cvc2XezmZI4819aARPsqrTzeH5nVE3D6EWrieDHh
16Bl226lYu2cfbEpJNr/yTvG67xEB8dGA0etD85ZaKGCtvTN4K13SsCEvkNydf7L LOmvIEkE64ZIKwUfG8J2hs2ALyraD1ECpQKBakW+f7RgFrZNui/4LIW6Hxwe58A8
GjzW7UvGHnYQoPZ7c+rLLAvmQpLsbsvZDIidYvq7GjO5C+N3K/Kz1VL7RQOabErj /SQvMf/OJS7dtwX3a3Z4w2nnnp2oXV1MgWvXnuEIPYDQdaIqh1CRJwk1fu+Su7Ys
I+xB1lC/D+LOUjFsZiphJjI57P6wAL3euP9Y6Ytr+SJQmndw6Nkq3t8l2S0FWMVz 2kfOs+Czz+nBq6CRDD20YpP3rBurR+JmdBfyvR10a+pwlWqWaADYfzmvKNXcikYC
zLeAvJ4SaRHy0ERQ/nrfGTIx2GmTZUvrsrn9KUtBn7dPLmyKqzl3zYf55nLNA+Gc h8xCp23xL7p62XgVwVtUEkbrQJBbCShBjZZxBx+RmAoYcThcsggLLLl/RHKGRqQp
LheU12GH5K4Qja3qKEnpz0KpDXuEFyxA7iFvcKEqJm2f3fEJ2KfSDeNdNDFf642m XI3gFKEy27HV6X4G4qMkJhzuCAvHASoSQj4g/KLwaYf+njxeRSzwPRkjCn7Z0Men
oX3Z7y3dls4iKds83wjOPORCo8j9ro03GxSCjmlgTHnR5sM1bYrye6oh0pw3SjyB EQreLcqvHQaoR4Exo8qFJFizkMrEr1uTRtyxFcvqJcLUffPhfUWAuPwzS+CeiK4F
8FAKn+qdH4Z/ndk/K/UqZ8MyDJAXuSQu6rHaEv9zz2K6HfyLqX83obnFYE3WNHzY Y+hLYxzieVmP4lpxu1spWJfQgUlO5/6pj0051nMwjpfJpB3tjFFYKhKrmjHqRSHX
TFFLKqw31A5ZRtCUTN0D6LfZ0ikwrgB+pWzfzGvRbghK+sGKweMEFF2Cbn0z3A3g owguPcxkPMI/SwpRZWRROOMSzh/ph6lR9E/KyeaWGTjDCDD6tdCjsLGHCuX3UzZe
bvC3sG6/rxBFZ/iU3Yd6hBiRMjqUUojsl9zSowRlkbUIRXZteaDnhz5qwcmPt3rO +AMiDhW1AWw+HkmkLEOym4hbQnQhwuzYLUS6Cab/oN/UvBnjhrIdG8s3YF71PvY+
iod4Z2QmnW8mJM0OT8uX0MBIFwCjKRgqKHfjeTnT1NCpxOH5+6DJrj0mEPhfOB1o yPcq8AsmysxxVvL7Q205BeX8nRNhFeJc3asMBvSijuo1VMiGY/0wzzjasWZH5D5b
nHKJor6EOMU4zsDAZHCcepPyvRfLTp7TvUf0D5RBkqNf6JfGoPTLQ6JClQnMOPzS KTBJIqXP57aNaW/BG6eIiaSxVoLnsbgW57P0mpP5JxK4f6cvMPihO9rNItSqESuK
SlFAodd2Qng3q5fQh9tiaohZdyf2hN+lb9bvac1LUblSZM6mS/JenvA/+NVVoqdh 6oDyXjXzJaYblhrOJkOkVp4gjpHMmcsc1oruQDzWXMUNpdvPUnYnZ0yYKhmdbHoO
3IEAepXOHv6B0PxN7V/R4JtTgVIJTWbC3TyLdseAii+Y3yEFFKIUABGGd2mSpJNV n+AKgwh3tmqItejAdRLthS3bwMdwgEEx2sfnnnKwEy6Xqdu5oaB8rVRtKcMxFIvA
mPze3fiKmsfj+O5kcKb7q+EB0/CDSU+upSFmRSq2YbyM+P5/1faoUz2Nny+ee5Z7 NVefdCft4+2brFXPQv2HsQWYdVcdZMdUT8WLL7VUJ2mXiVP5422LEspTxFgBb6cV
0YVfMt6jhWqZgvpdTaVzbKiQ/aCQmmRnxEwRQ8fhbtXrnzdebHK7sFuqn5mtsfgR jbfKu6btpQOdIEux9YkD9zH5ye54Dk/FcElFQah9MGZOGS2P3AKFLcLLxmprHWFv
jL/s+D5nQLkc+VtpslqaOXFAFz+iGLFuA2FDuwIkECu4qoMsE0EP+gbcQlEbjAx2 2SE2EEkTQzp25c67nzd3/r8LNAmupkqTVHuuIvuMZgP9xIiOuYUzGrUL7k5EJTWk
oR82st4KgqDeBga/3GTqx5TN0nbn584ujZ+VAYy0UZjShlH+4NJY1GMRHlA1b3kA OMPRQeYS8iv9v3QEarSPCJLyeUpZjXVu50u1kKgLAuA/s32/aVwGuTCUMNgGQx2q
hWtP//PnkX1aZFVGWAHhiPIneG/ZCtRGUWqWUMn9DRd5BNMS7S/xl17KIF9lFbLS jpozo5jYDAUv3l9EitrcM9X9WxvYP30rsVs4kNvRM08RR2wfs6sHb//t49xOL3hW
6b5f5R5J/wjdwCC8mH0CCNXrdWRID3vqVEyBvH4usBoA8v64+ttQIUSttweBoG6W mbpAXbFz1WXIE+VvVoO9ZCsXx3JBRkWxyxoUpDibijBQirYkwWx+TdDm4DP27KdM
Al2Qorxi8wZGqZ6qLp4glATHp2Ni1Aq90kP2cBfUNkP5GLdBD61O2qoBLtUuRliA w70bRhM5jVqsYUgIfA756WFIpoaXrRpCHja1ZXyaFs8pyoSr7XZIZ380A8kexEB7
T25cdgz1JOtHrFsKJ4t04Udb8PWSr5DuFINhjcDP/wMthFRhCrLSipJsOEzreASD XsKfB3vBf0gcJsYVn3ebojEpFSjC4ayUxJxiNZVtluyIcz0gGdo5AWGo/0BstflI
C1fuEYbwD2or7UiWaZC37ERT10VC+kyNS2j/bxNubKpXWgOH0TWT0LdXjCj3OsDN nFbx+4D7xH2SwPC2XQIXrYJnsawqEb0H4+hPVg0C5fnqK7QrjVWLKx2b64z+VowI
llhPugAjgZOpx8f+wyaucDExq6ubMcMtE4QLng7ivqw7vJFs51FIigskVPRnB0ro xHyiHfWrcAfMygh5YBAQp/XoLzDL65VWKYbCVOUzFy2iwfoTs1RbqcAPRhjjdMJS
k6rPrEMP/zgVSEBt0ULp2CG0RdUnPCLTlGR/B9F3WRfjHhowbnYANAZU1LgR/doC U/ep/EBPa8bF5KNKdq8G8OhcT0Y3iFEW45kO6E6kXs2w3NgHKhrU1wY3FLDD/w1u
qEkgjxVKfThjV+Xf9BWU6sBAVvq/I8O5hdZEn6ALRDrSnusIwmfVTdkbl6uSQD1p f7SjMtPVN1HEhrQoEUGP14fztUBRuC6I2vyOjiJ0RaJG+TU2ZlKs2sE5ey1EUKnk
MZjuGe+TkSpUY2CUIVucmmV6HCVJm4H+J3U9bsmQOWeCtR1kDKLaquuqYCjJk1NB dvETYA8Qjso3JYb7WWMRKTtiaXj/tPMVGvqfD5OQxNLGcvS1qjds5eNMuXHuoflC
vJOaDR/0NJizyCpC4seGJ8gPRKV4VDvcH3jCjNOXFc9sS3YQdJWS13NpYoZkBymg fyubtOU6FmS2oThM6r6/K17GXjg7Usui1XtL8ATuKMKn7nQG0zQJpFeDawJER6KB
CR6Gf4WX5Mt8yhWPBP2ZYCF9yj6B30SVd8UU/01/v3z3kH8gtni7rwq9YX5+SOx4 8vTrjgYlZQkni25eIiOLH1XpaJXUIDWIyOeDxYCrl9BQHuKfOalo5f7WQ56cp2M7
h5FKsYkYFbt+Llh9BEaHvYF7ENwT3IS6tIs+A5g06By7O8pPoEKrZclMYAOpZste if3rUpGk+50tx2RWBlWvzVJtF5HEB+1xbaaEaMCqS8OexHWQUcZApzhnQC9NeniN
nKrOIJNLjUNtHyJFI5K6o98GGJ3REHJ3i83rfkWO31G5SVgYqk72m7j/dlJ28x68 8oeLZkojmOPHUNZti4lzBwqJvVj4Ag455hWXFMzy8lqlzOivvfYzIquQOYaxozXS
A2iqgtcaZJgzgAKYQDz7Lyvbd5lYaEU0yt+CjhsJjS6JmTab23D5iovFfoD+AmpX mlPRhaYLW4WkYUnM1+J40IZAecidJQ5iEEaYwdobd2LL39eURvA0aPdSQw09sZTG
5GKRKIHv1JF6ok8wQp9dKYDNmocg4m+oqIngVoioLn1N0A370i8yhC1qmFXpEwox CLhkZY/8LkshqjQaYGghQpnpGsdTUTvXqWoDW3cGZmk6neKVFtkwK/JmxT55kkCw
saxFq/hBWHKmxJlCxEFBF/AYw8M9ibOwOJA5r0U4Lg/+3UiUKRimbX6X8R+FS3c3 jig7s8ksL+8f/sOsI0I83n8EEO7ymicvVuYrAMxy3bYXeh+nsrQYgbrNwJxdU9CS
5Eqs0RH1VDzTvu4aaIb5OfVZCjX/L9xT4ezXZqbR7JSGryHZr/CNH+8AtfTXEC4U oPJGXqnV9iXVHbTXevXGyccoq7whEJeE1q8E9Yi1VlFSctOd63f3BsZ7Or8qKAYW
xAmFAXgfuNc18ZkVtSLPjJ418cSe+VOlQ3WH2Os2N3PP6UqR7hlgymJeisV80C0N A7hG5SUmKYqajYlDwPqFJmX72sOofNh8qdn4K1P7zzfOjzi0Zs9mBqmAzG6U+Ciu
kuu0AYauvHf6mDPhbsvdtTLQUY9cQ991c1XFB3NZwZa1GL9BtYpLU9xsd4k+qyzI pYwRzQALIHdR2u5oHhnGU4sqIXXyN+RrRL4Z8zaX7ECij4TuD1Fiu/rGoarnirn9
5zW1UEG0B265+FhYBMz12KRvjfTMegaMCqo3WKG0p/HfdGRFXzYScZCDKe/n7pDW oMFF1LZvBGlweg8kIBNPCbEZyO03EQBBjUhqSuXdo5MNHlZRfGtV0ea1pUKOMZE+
45+PhVyrxqQpsdyxTHb0qetjbYM/OlydenM47tvb9D+UIpRjYLmk3RCMKfbAd6nE 2syqcOT0iR4itBy2uqxReGVDpOVI8YM3iY+CLf4d+cZXTR1+ep27QWAEzz865yRf
ctVLhUHswCMx4lnVRdIXuIc4yQrquAVPvlfzBVIxDeemkf2kmrA1P5aYZniflr7i 4d1sRczE/iqpjcXuERcgLN7fr+21Ob3JFSq51iTs568sVnLyX6JtZCi4DLxtSSDJ
SRG+XntvfKyyKqr09A605hOz8GyDSOIDRq5SykbeuUZd2MkhMHiqn3pkgWxfFADH LXh0bYnUw7+x30zmP9zNMTK+6fsalN46iD/+MmnSC4h2/aCYBHplYPyFzPMUbSDk
rptkhjQytcY4j8Znqg8O70da9J4G4sbILV5OgKaTt/7okM+rQ8ikzR9UJsAAgewn +0uS/NB34PyjK+ZX0ouEo+fSvM/TFWNBHVlbiFZZL58/+F7Jk2f+ojtViMTrgHZt
DrnutsyrGrSmz7wIFkexxWnM6NZYMcJpdy0KXuctfBWIQs+ZyYrsd4pH3MP/hc+1 j+vEd4UwxKLV/jgAT5ktM3WYSGDzlqLxVXgFAST6TYzGhGaxNkLUWBXfuNP0klNz
t2W57Gm57dXBh0lqxDnaGFGVBlYioWj/v1s0EoaVUM+XCYEsRKge45drULGh0qAZ PwSS2ychxCl+jUgjtHtenhfVfQtyG/NzKnx0s5vazdSRe4bnVBmqm8i+dsUqyPCd
sG1/1VBptLyt3UY3jh1tUw== FYDZOpfnljZ1ywCw30yaeA==
C.3.17.1. S/MIME Signed and Encrypted Over a Complex Message, Legacy C.3.17.1. S/MIME Signed-and-Encrypted over a Complex Message, Legacy
RFC 8551 Header Protection With hcp_baseline, Decrypted RFC 8551 Header Protection with hcp_baseline, Decrypted
The S/MIME enveloped-data layer unwraps to this signed-data part: The S/MIME enveloped-data layer unwraps to this signed-data part:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
MIIRQAYJKoZIhvcNAQcCoIIRMTCCES0CAQExDTALBglghkgBZQMEAgEwggdpBgkq MIIRQgYJKoZIhvcNAQcCoIIRMzCCES8CAQExDTALBglghkgBZQMEAgEwggdrBgkq
hkiG9w0BBwGgggdaBIIHVk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6 hkiG9w0BBwGgggdcBIIHWE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyDQoNCk1JTUUtVmVyc2lvbjogMS4wCkNvbnRlbnQtVHlw IG1lc3NhZ2UvcmZjODIyDQoNCk1JTUUtVmVyc2lvbjogMS4wCkNvbnRlbnQtVHlw
ZTogbXVsdGlwYXJ0L21peGVkOyBib3VuZGFyeT0iMjY2IgpTdWJqZWN0OiBzbWlt ZTogbXVsdGlwYXJ0L21peGVkOyBib3VuZGFyeT0iMTQ0IgpTdWJqZWN0OiBzbWlt
ZS1lbmMtc2lnbmVkLWNvbXBsZXgtcmZjODU1MWhwLWJhc2VsaW5lCk1lc3NhZ2Ut ZS1lbmMtc2lnbmVkLWNvbXBsZXgtcmZjODU1MWhwLWJhc2VsaW5lCk1lc3NhZ2Ut
SUQ6CiA8c21pbWUtZW5jLXNpZ25lZC1jb21wbGV4LXJmYzg1NTFocC1iYXNlbGlu SUQ6CiA8c21pbWUtZW5jLXNpZ25lZC1jb21wbGV4LXJmYzg1NTFocC1iYXNlbGlu
ZUBleGFtcGxlPgpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4KVG86 ZUBleGFtcGxlPgpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4KVG86
IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+CkRhdGU6IFNhdCwgMjAgRmViIDIwMjEg IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+CkRhdGU6IFNhdCwgMjAgRmViIDIwMjEg
MTI6Mjg6MDIgLTA1MDAKVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEu MTI6Mjg6MDIgLTA1MDAKVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEu
MAoKLS0yNjYKTUlNRS1WZXJzaW9uOiAxLjAKQ29udGVudC1UeXBlOiBtdWx0aXBh MAoKLS0xNDQKTUlNRS1WZXJzaW9uOiAxLjAKQ29udGVudC1UeXBlOiBtdWx0aXBh
cnQvYWx0ZXJuYXRpdmU7IGJvdW5kYXJ5PSJkYjYiCgotLWRiNgpDb250ZW50LVR5 cnQvYWx0ZXJuYXRpdmU7IGJvdW5kYXJ5PSI1NzkiCgotLTU3OQpDb250ZW50LVR5
cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZlcnNpb246 cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZlcnNpb246
IDEuMApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0CgpUaGlzIGlzIHRo IDEuMApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0CgpUaGlzIGlzIHRo
ZQpzbWltZS1lbmMtc2lnbmVkLWNvbXBsZXgtcmZjODU1MWhwLWJhc2VsaW5lCm1l ZQpzbWltZS1lbmMtc2lnbmVkLWNvbXBsZXgtcmZjODU1MWhwLWJhc2VsaW5lCm1l
c3NhZ2UuCgpUaGlzIGlzIGFuIGVuY3J5cHRlZCBhbmQgc2lnbmVkIFMvTUlNRSBt c3NhZ2UuCgpUaGlzIGlzIGEgc2lnbmVkLWFuZC1lbmNyeXB0ZWQgUy9NSU1FIG1l
ZXNzYWdlIHVzaW5nIFBLQ1MjNwplbnZlbG9wZWREYXRhIGFyb3VuZCBzaWduZWRE c3NhZ2UgdXNpbmcgUEtDUyM3CmVudmVsb3BlZERhdGEgYXJvdW5kIHNpZ25lZERh
YXRhLiAgVGhlIHBheWxvYWQgaXMgYQptdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVz dGEuICBUaGUgcGF5bG9hZCBpcyBhCm11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNz
c2FnZSB3aXRoIGFuIGlubGluZSBpbWFnZS9wbmcKYXR0YWNobWVudC4gSXQgdXNl YWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZwphdHRhY2htZW50LiBJdCB1c2Vz
cyB0aGUgbGVnYWN5IFJGQyA4NTUxIGhlYWRlciBwcm90ZWN0aW9uCihSRkM4NTUx IHRoZSBsZWdhY3kgUkZDIDg1NTEgSGVhZGVyIFByb3RlY3Rpb24KKFJGQzg1NTFI
SFApIHNjaGVtZSB3aXRoIHRoZSBoY3BfYmFzZWxpbmUgSGVhZGVyIENvbmZpZGVu UCkgc2NoZW1lIHdpdGggdGhlIGBoY3BfYmFzZWxpbmVgIEhlYWRlcgpDb25maWRl
dGlhbGl0eQpQb2xpY3kuCgotLSAKQWxpY2UKYWxpY2VAc21pbWUuZXhhbXBsZQot bnRpYWxpdHkgUG9saWN5LgoKLS0gCkFsaWNlCmFsaWNlQHNtaW1lLmV4YW1wbGUK
LWRiNgpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD0idXMtYXNjaWki LS01NzkKQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lp
Ck1JTUUtVmVyc2lvbjogMS4wCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdi IgpNSU1FLVZlcnNpb246IDEuMApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3
aXQKCjxodG1sPjxoZWFkPjx0aXRsZT48L3RpdGxlPjwvaGVhZD48Ym9keT4KPHA+ Yml0Cgo8aHRtbD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+PGJvZHk+Cjxw
VGhpcyBpcyB0aGUKPGI+c21pbWUtZW5jLXNpZ25lZC1jb21wbGV4LXJmYzg1NTFo PlRoaXMgaXMgdGhlCjxiPnNtaW1lLWVuYy1zaWduZWQtY29tcGxleC1yZmM4NTUx
cC1iYXNlbGluZTwvYj4KbWVzc2FnZS48L3A+CjxwPlRoaXMgaXMgYW4gZW5jcnlw aHAtYmFzZWxpbmU8L2I+Cm1lc3NhZ2UuPC9wPgo8cD5UaGlzIGlzIGEgc2lnbmVk
dGVkIGFuZCBzaWduZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3CmVudmVs LWFuZC1lbmNyeXB0ZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3CmVudmVs
b3BlZERhdGEgYXJvdW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhCm11 b3BlZERhdGEgYXJvdW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhCm11
bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdl bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdl
L3BuZwphdHRhY2htZW50LiBJdCB1c2VzIHRoZSBsZWdhY3kgUkZDIDg1NTEgaGVh L3BuZwphdHRhY2htZW50LiBJdCB1c2VzIHRoZSBsZWdhY3kgUkZDIDg1NTEgSGVh
ZGVyIHByb3RlY3Rpb24KKFJGQzg1NTFIUCkgc2NoZW1lIHdpdGggdGhlIGhjcF9i ZGVyIFByb3RlY3Rpb24KKFJGQzg1NTFIUCkgc2NoZW1lIHdpdGggdGhlIGBoY3Bf
YXNlbGluZSBIZWFkZXIgQ29uZmlkZW50aWFsaXR5ClBvbGljeS48L3A+CjxwPjx0 YmFzZWxpbmVgIEhlYWRlcgpDb25maWRlbnRpYWxpdHkgUG9saWN5LjwvcD4KPHA+
dD4tLSA8YnIvPkFsaWNlPGJyLz5hbGljZUBzbWltZS5leGFtcGxlPC90dD48L3A+ PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFsaWNlQHNtaW1lLmV4YW1wbGU8L3R0Pjwv
PC9ib2R5PjwvaHRtbD4KLS1kYjYtLQoKLS0yNjYKQ29udGVudC1UeXBlOiBpbWFn cD48L2JvZHk+PC9odG1sPgotLTU3OS0tCgotLTE0NApDb250ZW50LVR5cGU6IGlt
ZS9wbmcKQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogYmFzZTY0CkNvbnRlbnQt YWdlL3BuZwpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiBiYXNlNjQKQ29udGVu
RGlzcG9zaXRpb246IGlubGluZQoKaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUJR dC1EaXNwb3NpdGlvbjogaW5saW5lCgppVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFB
QUFBQVVDQVlBQUFDTmlSME5BQUFBY0VsRVFWUjQydVZUT3hiQQpNQWdTNzM5bk8z QlFBQUFBVUNBWUFBQUNOaVIwTkFBQUFjRWxFUVZSNDJ1VlRPeGJBCk1BZ1M3Mzlu
VHBSdzIwZHFwYmZBUlFFak95d2l3WW5DdGtES25iY0xrNjZzcWxUK3p0OWNpZGtF TzNUcFJ3MjBkcXBiZkFSUUVqT3l3aXdZbkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lk
KzZLd2taCnNncnpmY3FWTXBMMmpvMDQ0N2dZRHBlQXJrK09uSkhrSWhBZlRQUmlj a0UrNkt3a1oKc2dyemZjcVZNcEwyam8wNDQ3Z1lEcGVBcmsrT25KSGtJaEFmVFBS
aWhBZjVZSnJ3N3ZqdjBaV1JXTS91bGkKdmRQZjFRWjJrREQ5eHBwZDh3QUFBQUJK aWNpaEFmNVlKcnc3dmp2MFpXUldNL3VsaQp2ZFBmMVFaMmtERDl4cHBkOHdBQUFB
UlU1RXJrSmdnZz09CgotLTI2Ni0tCqCCB6YwggPPMIICt6ADAgECAhMPLSW9ETmX QkpSVTVFcmtKZ2dnPT0KCi0tMTQ0LS0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0R
Ss5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAP OZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjER
BgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1
NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UE
AxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9
ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NL
FflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQ
lqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX
1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AO
EksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNV
HSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhh
bXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBSAwHQYDVR0O
BBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEwjnwHFwyn8Qko
ZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBakDKU68ro0RsyX
WAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdaox644DsiLOQEP
4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Nar2inC0D+VM6R
GDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtluLihne0Bp1GU
Tkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK49+qYC9faFmQ
+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vRhZjVD6FYMIID
zzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0FADBV
MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2Ft
cGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAw
NjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UE
CxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/pdO/
KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwXurhY
dZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVBDpbP
4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2wZX5I
CjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peCrhJZ
wLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4GvMIGs
MAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQX
MBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYD
VR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAfBgNV
HSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEA
c4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd64roAKHAp
+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIjSo27PmhKE1oA
JKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31wbqNsy9x
0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1FhdO6
zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0qyTb
Y4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UEChMESUVURjER
MA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2Vy MA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6aqdcwCwYJYIZI dGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5Mjcw
AWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx NjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYD
DxcNMjEwMjIwMTcyODAyWjAvBgkqhkiG9w0BCQQxIgQgzbXAB7rXfNs26yYOHvuE VQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
D4KQ9RzsSF5fL55lZZY7AjgwDQYJKoZIhvcNAQEBBQAEggEAAs1y7DQLS7S+Vh2b ggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg
Ju5W9UwkHp6lUk/F7mJE80FRc8K6z8pcSn4xTrlCaLgL7azQ0o/iNQEh2EVJqdy6 9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07
huwwtlaeiPa2gXwIHCKcLGhA2bW3/R+sEsJZi7FryqTakOZ9eXcYRXoPWv6ncf+I k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74
eA7jlQX3Z4Ln5pP9p+Uw7H1oroH2Y4e0yAqIMtYXnS+GKALTtbxTa1p2Y9dsHQLS zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY
2cXbfUsU2zc5bstgKXZyTkjuKJ8ivbYJ2ttk79AOMosWkDBmgzKTTS/0HptfO9SD 9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r
mX58BvQt6GHQZ4TR2NVDvq3z+/CAlzsR5xmNH1C+uDH99ORoy3w6CHmv4aTTmRM9 8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcG
S+uZXg== A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5l
eGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNV
HQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfx
CShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRG
zJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5
AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5U
zpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGn
UZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19o
WZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgw
ggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUA
MFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhT
YW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEy
MDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYD
VQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l
078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6
uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEO
ls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBl
fkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4Ku
ElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8w
gawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0R
BBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAO
BgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8G
A1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IB
AQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAo
cCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoT
WgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2z
L3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF
07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSr
JNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRG
MREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglg
hkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ
BTEPFw0yMTAyMjAxNzI4MDJaMC8GCSqGSIb3DQEJBDEiBCBeode6D2+XFP+H82l3
4jEbYjlqU5Tgru11NftjsHf5ojANBgkqhkiG9w0BAQEFAASCAQCPddNTo2dMep9S
Ux9R61FJylyqjA4n22MbI3haUrxVOgk1+FAacmva+eo8weKDd+FR3fYuy4C+PkIj
woclAH4Hb7QkNHQgv5DSuvqN1/QoIHpGvF0atF0NXKOirYFGIZmeytKJJ9WR67A1
Myuh/Yi8aaUDheliEIPsD+59pFRHDZIcM1MkNuSJGw6LHMCHSA9p7WggrLrD8trC
rR/xL2ZWbswb5sr3Y6NucbZS51e0UAy2fKzxK/CUFG/M4VhFQF1UgUZU/6hwXHMg
ffr7xEDPeco1Tq7/fCLCVYz5Ixf+RfCOid7Gps07qsQlMIV/awPSekvMyg93nqDv
ES1xMiED
C.3.17.2. S/MIME Signed and Encrypted Over a Complex Message, Legacy C.3.17.2. S/MIME Signed-and-Encrypted over a Complex Message, Legacy
RFC 8551 Header Protection With hcp_baseline, Decrypted and RFC 8551 Header Protection with hcp_baseline, Decrypted and
Unwrapped Unwrapped
The inner signed-data layer unwraps to: The inner signed-data layer unwraps to:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: message/rfc822 Content-Type: message/rfc822
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="266" Content-Type: multipart/mixed; boundary="144"
Subject: smime-enc-signed-complex-rfc8551hp-baseline Subject: smime-enc-signed-complex-rfc8551hp-baseline
Message-ID: Message-ID:
<smime-enc-signed-complex-rfc8551hp-baseline@example> <smime-enc-signed-complex-rfc8551hp-baseline@example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:28:02 -0500 Date: Sat, 20 Feb 2021 12:28:02 -0500
User-Agent: Sample MUA Version 1.0 User-Agent: Sample MUA Version 1.0
--266 --144
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="db6" Content-Type: multipart/alternative; boundary="579"
--db6 --579
Content-Type: text/plain; charset="us-ascii" Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
This is the This is the
smime-enc-signed-complex-rfc8551hp-baseline smime-enc-signed-complex-rfc8551hp-baseline
message. message.
This is an encrypted and signed S/MIME message using PKCS#7 This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the legacy RFC 8551 header protection attachment. It uses the legacy RFC 8551 Header Protection
(RFC8551HP) scheme with the hcp_baseline Header Confidentiality (RFC8551HP) scheme with the `hcp_baseline` Header
Policy. Confidentiality Policy.
-- --
Alice Alice
alice@smime.example alice@smime.example
--db6 --579
Content-Type: text/html; charset="us-ascii" Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body> <html><head><title></title></head><body>
<p>This is the <p>This is the
<b>smime-enc-signed-complex-rfc8551hp-baseline</b> <b>smime-enc-signed-complex-rfc8551hp-baseline</b>
message.</p> message.</p>
<p>This is an encrypted and signed S/MIME message using PKCS#7 <p>This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png multipart/alternative message with an inline image/png
attachment. It uses the legacy RFC 8551 header protection attachment. It uses the legacy RFC 8551 Header Protection
(RFC8551HP) scheme with the hcp_baseline Header Confidentiality (RFC8551HP) scheme with the `hcp_baseline` Header
Policy.</p> Confidentiality Policy.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html> <p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--db6-- --579--
--266
--144
Content-Type: image/png Content-Type: image/png
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--266-- --144--
Appendix D. Composition Examples Appendix D. Composition Examples
This section offers step-by-step examples of message composition. This section offers step-by-step examples of message composition.
D.1. New message composition D.1. New Message Composition
A typical MUA composition interface offers the user a place to A typical MUA composition interface offers the user a place to
indicate the message recipients, the subject, and the body. Consider indicate the message recipients, subject, and content of the message.
a composition window filled out by the user like so: Consider a composition window filled out by the user like so:
.------------------------------------------------------. .------------------------------------------------------.
| Composing New Message .----. | | Composing New Message .----. |
| +---------------------------------+ | Send | | | +---------------------------------+ | Send | |
| To: | Alice <alice@example.net> | '----' | | To: | Alice <alice@example.net> | '----' |
| +---------------------------------+---------+ | | +---------------------------------+---------+ |
| Subject: | Handling the Jones contract | | | Subject: | Handling the Jones contract | |
| +-------------------------------------------+ | | +-------------------------------------------+ |
+--------------------------------------------------------+ +--------------------------------------------------------+
| Please review and approve or decline by Thursday, it's | | Please review and approve or decline by Thursday, it's |
skipping to change at page 248, line 48 skipping to change at line 11548
| Bob | | Bob |
| | | |
| -- | | -- |
| Bob Gonzalez | | Bob Gonzalez |
| ACME, Inc. | | ACME, Inc. |
| | | |
+--------------------------------------------------------+ +--------------------------------------------------------+
Figure 1: Example Message Composition Interface Figure 1: Example Message Composition Interface
When Bob clicks "Send", his MUA generates values for Message-ID, When Bob clicks "Send", his MUA generates values for the Message-ID,
From, and Date Header Fields, and converts the message body into the From, and Date Header Fields and converts the message content into
appropriate format. the appropriate format.
D.1.1. Unprotected message D.1.1. Unprotected Message
The resulting message would look something like this if it was sent The resulting message would look something like this if it was sent
without cryptographic protections: without cryptographic protections:
Date: Wed, 11 Jan 2023 16:08:43 -0500 Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net> From: Bob <bob@example.net>
To: Alice <alice@example.net> To: Alice <alice@example.net>
Subject: Handling the Jones contract Subject: Handling the Jones contract
Message-ID: <20230111T210843Z.1234@lhp.example> Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii" Content-Type: text/plain; charset="us-ascii"
skipping to change at page 249, line 46 skipping to change at line 11593
hcp_baseline("Subject", "Handling the Jones contract") yields hcp_baseline("Subject", "Handling the Jones contract") yields
"[...]". "[...]".
D.1.2.1. Cryptographic Payload D.1.2.1. Cryptographic Payload
The Cryptographic Payload that will be signed and then encrypted is The Cryptographic Payload that will be signed and then encrypted is
very similar to the unprotected message in Appendix D.1.1. Note the very similar to the unprotected message in Appendix D.1.1. Note the
addition of: addition of:
* The hp="cipher" parameter for the Content-Type * the hp="cipher" parameter for the Content-Type
* The appropriate HP-Outer Header Field for Subject * the appropriate HP-Outer Header Field for Subject
* The hp-legacy-display="1" parameter for the Content-Type * the hp-legacy-display="1" parameter for the Content-Type
* The Legacy Display Element (the simple pseudo-header and its
trailing newline) in the Main Body Part. * the Legacy Display Element (the simple pseudo-header and its
trailing newline) in the Main Body Part
Date: Wed, 11 Jan 2023 16:08:43 -0500 Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net> From: Bob <bob@example.net>
To: Alice <alice@example.net> To: Alice <alice@example.net>
Subject: Handling the Jones contract Subject: Handling the Jones contract
Message-ID: <20230111T210843Z.1234@lhp.example> Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1"; Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";
hp="cipher" hp="cipher"
MIME-Version: 1.0 MIME-Version: 1.0
HP-Outer: Date: Wed, 11 Jan 2023 16:08:43 -0500 HP-Outer: Date: Wed, 11 Jan 2023 16:08:43 -0500
skipping to change at page 250, line 32 skipping to change at line 11627
Please review and approve or decline by Thursday, it's critical! Please review and approve or decline by Thursday, it's critical!
Thanks, Thanks,
Bob Bob
-- --
Bob Gonzalez Bob Gonzalez
ACME, Inc. ACME, Inc.
D.1.2.2. External Header Section D.1.2.2. Outer Header Section
The Cryptographic Payload from Appendix D.1.2.1 is then wrapped in The Cryptographic Payload from Appendix D.1.2.1 is then wrapped in
the appropriate Cryptographic Layers. For this example, using S/ the appropriate Cryptographic Layers. For this example using S/MIME,
MIME, it is wrapped in an application/pkcs7-mime; smime-type="signed- it is wrapped in an application/pkcs7-mime; smime-type="signed-data"
data" layer, which is in turn wrapped in an application/pkcs7-mime; layer, which is in turn wrapped in an application/pkcs7-mime; smime-
smime-type="enveloped-data" layer. type="enveloped-data" layer.
Then an external Header Section is applied to the outer MIME object, Then, an Outer Header Section is applied to the outer MIME object,
which looks like this: which looks like this:
Date: Wed, 11 Jan 2023 16:08:43 -0500 Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net> From: Bob <bob@example.net>
To: Alice <alice@example.net> To: Alice <alice@example.net>
Subject: [...] Subject: [...]
Message-ID: <20230111T210843Z.1234@lhp.example> Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
skipping to change at page 251, line 4 skipping to change at line 11647
Date: Wed, 11 Jan 2023 16:08:43 -0500 Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net> From: Bob <bob@example.net>
To: Alice <alice@example.net> To: Alice <alice@example.net>
Subject: [...] Subject: [...]
Message-ID: <20230111T210843Z.1234@lhp.example> Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
MIME-Version: 1.0 MIME-Version: 1.0
Note that the Subject Header Field has been obscured appropriately by Note that the Subject Header Field has been obscured appropriately by
hcp_baseline. The output of the CMS enveloping operation is hcp_baseline. The output of the CMS enveloping operation is base64
base64-encoded and forms the body of the message. encoded and forms the Body of the message.
D.2. Composing a Reply D.2. Composing a Reply
Next we consider a typical MUA reply interface, where we see Alice Next, we consider a typical MUA reply interface, where we see Alice
replying to Bob's message from Appendix D.1. replying to Bob's message from Appendix D.1.
When Alice clicks "Reply" to Bob's signed-and-encrypted message with When Alice clicks "Reply" to Bob's signed-and-encrypted message with
Header Protection, she might see something like this: Header Protection, she might see something like this:
.--------------------------------------------------------. .--------------------------------------------------------.
| Replying to Bob ("Handling the Jones Contract") .----. | | Replying to Bob ("Handling the Jones Contract") .----. |
| +-----------------------------------+ | Send | | | +-----------------------------------+ | Send | |
| To: | Bob <bob@example.net> | '----' | | To: | Bob <bob@example.net> | '----' |
| +-----------------------------------+---------+ | | +-----------------------------------+---------+ |
skipping to change at page 251, line 42 skipping to change at line 11686
| > -- | | > -- |
| > Bob Gonzalez | | > Bob Gonzalez |
| > ACME, Inc. | | > ACME, Inc. |
| | | |
| -- | | -- |
| Alice Jenkins | | Alice Jenkins |
| ACME, Inc. | | ACME, Inc. |
| | | |
+----------------------------------------------------------+ +----------------------------------------------------------+
Figure 2: Example Message Reply Interface (unedited) Figure 2: Example Message Reply Interface (Unedited)
Note that because Alice's MUA is aware of Header Protection, it knows Note that because Alice's MUA is aware of Header Protection, it knows
what the correct Subject header is, even though it was obscured. It what the correct Subject Header Field is, even though it was
also knows to avoid including the Legacy Display Element in the obscured. It also knows to avoid including the Legacy Display
quoted/attributed text that it includes in the draft reply. Element in the quoted/attributed text that it includes in the draft
reply.
Once Alice has edited the reply message, it might look something like Once Alice has edited the reply message, it might look something like
this: this:
.--------------------------------------------------------. .--------------------------------------------------------.
| Replying to Bob ("Handling the Jones Contract") .----. | | Replying to Bob ("Handling the Jones Contract") .----. |
| +-----------------------------------+ | Send | | | +-----------------------------------+ | Send | |
| To: | Bob <bob@example.net> | '----' | | To: | Bob <bob@example.net> | '----' |
| +-----------------------------------+---------+ | | +-----------------------------------+---------+ |
| Subject: | Re: Handling the Jones contract | | | Subject: | Re: Handling the Jones contract | |
skipping to change at page 252, line 29 skipping to change at line 11721
| | | |
| Regards, | | Regards, |
| Alice | | Alice |
| | | |
| -- | | -- |
| Alice Jenkins | | Alice Jenkins |
| ACME, Inc. | | ACME, Inc. |
| | | |
+----------------------------------------------------------+ +----------------------------------------------------------+
Figure 3: Example Message Reply Interface (edited) Figure 3: Example Message Reply Interface (Edited)
When Alice clicks "Send", the MUA generates values for Message-ID, When Alice clicks "Send", the MUA generates values for the Message-
From, and Date Header Fields, populates the In-Reply-To, and ID, From, and Date Header Fields, populates the In-Reply-To and
References Header Fields, and also converts the reply body into the References Header Fields, and also converts the reply content into
appropriate format. the appropriate format.
D.2.1. Unprotected message D.2.1. Unprotected Message
The resulting message would look something like this if it were to be The resulting message would look something like this if it were to be
sent without any cryptographic protections: sent without any cryptographic protections:
Date: Wed, 11 Jan 2023 16:48:22 -0500 Date: Wed, 11 Jan 2023 16:48:22 -0500
From: Alice <alice@example.net> From: Alice <alice@example.net>
To: Bob <bob@example.net> To: Bob <bob@example.net>
Subject: Re: Handling the Jones contract Subject: Re: Handling the Jones contract
Message-ID: <20230111T214822Z.5678@lhp.example> Message-ID: <20230111T214822Z.5678@lhp.example>
In-Reply-To: <20230111T210843Z.1234@lhp.example> In-Reply-To: <20230111T210843Z.1234@lhp.example>
skipping to change at page 253, line 29 skipping to change at line 11757
I'll get right on it, Bob! I'll get right on it, Bob!
Regards, Regards,
Alice Alice
-- --
Alice Jenkins Alice Jenkins
ACME, Inc. ACME, Inc.
Of course, this would leak not only the contents of Alice's message, Of course, this would leak not only the contents of Alice's message
but also the contents of Bob's initial message, as well as the but also the contents of Bob's initial message, as well as the
Subject Header Field! So Alice's MUA won't do that; it is going to Subject Header Field! So Alice's MUA won't do that; it is going to
create a signed-and-encrypted message to submit to the network. create a signed-and-encrypted message to submit to the network.
D.2.2. Encrypted with hcp_no_confidentiality and Legacy Display D.2.2. Encrypted with hcp_no_confidentiality and Legacy Display
This example assumes that Alice's MUA uses hcp_no_confidentiality, This example assumes that Alice's MUA uses hcp_no_confidentiality,
not hcp_baseline. That is, by default, it does not obscure or remove not hcp_baseline. That is, by default, it does not obscure or remove
any Header Fields, even when encrypting. any Header Fields, even when encrypting.
However, it follows the guidance in Section 6.1, and will make use of However, it follows the guidance in Section 6.1 and will make use of
the HP-Outer field in the Cryptographic Payload of Bob's original the HP-Outer field in the Cryptographic Payload of Bob's original
message (Appendix D.1.2.1) to determine what to obscure. message (Appendix D.1.2.1) to determine what to obscure.
When crafting the Cryptographic Payload, its baseline HCP When crafting the Cryptographic Payload, its baseline HCP
(hcp_no_confidentiality) leaves each field untouched. To uphold the (hcp_no_confidentiality) leaves each field untouched. To uphold the
confidentiality of the sender's values when replying, the MUA confidentiality of the sender's values when replying, the MUA
executes the following steps (for brevity only Subject and Message- executes the following steps (for brevity, only Subject and Message-
ID/In-Reply-To are shown): ID/In-Reply-To are shown):
* Extract the referenced header fields (see Section 4.2): * Extract the referenced Header Fields (see Section 4.2):
- refouter contains: - refouter contains:
o Date: Wed, 11 Jan 2023 16:08:43 -0500 o Date: Wed, 11 Jan 2023 16:08:43 -0500
o From: Bob <bob@example.net> o From: Bob <bob@example.net>
o To: Alice <alice@example.net> o To: Alice <alice@example.net>
o Subject: [...] o Subject: [...]
skipping to change at page 255, line 7 skipping to change at line 11832
o To: Bob <bob@example.net> o To: Bob <bob@example.net>
o Subject: Re: Handling the Jones contract o Subject: Re: Handling the Jones contract
o In-Reply-To: <20230111T210843Z.1234@lhp.example> o In-Reply-To: <20230111T210843Z.1234@lhp.example>
o References: <20230111T210843Z.1234@lhp.example> o References: <20230111T210843Z.1234@lhp.example>
* Compute the ephemeral response_hcp (see Section 6.1): * Compute the ephemeral response_hcp (see Section 6.1):
- Note that all headers except Subject are the same. - Note that all Header Fields except Subject are the same.
- confmap contains only ("Subject", "Re: Handling the Jones - confmap contains only ("Subject", "Re: Handling the Jones
contract") -> "Re: [...]" contract") -> "Re: [...]"
Thus all Header Fields that were signed are passed through untouched. Thus, all Header Fields that were signed are passed through
The reply's Subject is obscured as Subject: Re: [...] if and only if untouched. The reply's Subject is obscured as Subject: Re: [...] if
the user does not edit the subject line from that initially proposed and only if the user does not edit the Subject line from that
by the MUA's reply interface. If the user edits the subject line, initially proposed by the MUA's reply interface. If the user edits
e.g., to Subject: Re: Handling the Jones contract ASAP, the the Subject line, e.g., to Subject: Re: Handling the Jones contract
response_hcp will _not_ obscure it, and instead pass it through in ASAP, the response_hcp will _not_ obscure it and instead pass it
the clear. through in the clear.
For stronger header confidentiality, the replying MUA should use a For stronger header confidentiality, the replying MUA should use a
reasonable HCP (not hcp_no_confidentiality). Also recall that the reasonable HCP (not hcp_no_confidentiality). Also recall that the
local HCP is applied first, and that response_hcp is only applied to local HCP is applied first and that response_hcp is only applied to
what is left unchanged by the local HCP. what is left unchanged by the local HCP.
D.2.2.1. Cryptographic Payload D.2.2.1. Cryptographic Payload
Consequently, the Cryptographic Payload for Alice's reply looks like Consequently, the Cryptographic Payload for Alice's reply looks like
this: this:
Date: Wed, 11 Jan 2023 16:48:22 -0500 Date: Wed, 11 Jan 2023 16:48:22 -0500
From: Alice <alice@example.net> From: Alice <alice@example.net>
To: Bob <bob@example.net> To: Bob <bob@example.net>
skipping to change at page 256, line 43 skipping to change at line 11893
Alice Alice
-- --
Alice Jenkins Alice Jenkins
ACME, Inc. ACME, Inc.
Note the following features: Note the following features:
* the hp="cipher" parameter to Content-Type * the hp="cipher" parameter to Content-Type
* the appropriate HP-Outer Header Field for Subject, * the appropriate HP-Outer Header Field for Subject
* the hp-legacy-display="1" parameter for the Content-Type * the hp-legacy-display="1" parameter for the Content-Type
* the Legacy Display Element (the simple pseudo-header and its * the Legacy Display Element (the simple pseudo-header and its
trailing newline) in the Main Body Part. trailing newline) in the Main Body Part
D.2.2.2. External Header Section D.2.2.2. Outer Header Section
The Cryptographic Payload from Appendix D.2.2.1 is then wrapped in The Cryptographic Payload from Appendix D.2.2.1 is then wrapped in
the appropriate Cryptographic Layers. For this example, using S/ the appropriate Cryptographic Layers. For this example using S/MIME,
MIME, it is wrapped in an application/pkcs7-mime; smime-type="signed- it is wrapped in an application/pkcs7-mime; smime-type="signed-data"
data" layer, which is in turn wrapped in an application/pkcs7-mime; layer, which is in turn wrapped in an application/pkcs7-mime; smime-
smime-type="enveloped-data" layer. type="enveloped-data" layer.
Then an external Header Section is applied to the outer MIME object, Then, an Outer Header Section is applied to the outer MIME object,
which looks like this: which looks like this:
Date: Wed, 11 Jan 2023 16:48:22 -0500 Date: Wed, 11 Jan 2023 16:48:22 -0500
From: Alice <alice@example.net> From: Alice <alice@example.net>
To: Bob <bob@example.net> To: Bob <bob@example.net>
Subject: Re: [...] Subject: Re: [...]
Message-ID: <20230111T214822Z.5678@lhp.example> Message-ID: <20230111T214822Z.5678@lhp.example>
In-Reply-To: <20230111T210843Z.1234@lhp.example> In-Reply-To: <20230111T210843Z.1234@lhp.example>
References: <20230111T210843Z.1234@lhp.example> References: <20230111T210843Z.1234@lhp.example>
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
MIME-Version: 1.0 MIME-Version: 1.0
Note that the Subject Header Field has been obscured appropriately Note that the Subject Header Field has been obscured appropriately
even though hcp_no_confidentiality would not have touched it by even though hcp_no_confidentiality would not have touched it by
default. The output of the CMS enveloping operation is default. The output of the CMS enveloping operation is base64
base64-encoded and forms the body of the message. encoded and forms the Body of the message.
Appendix E. Rendering Examples Appendix E. Rendering Examples
This section offers example Cryptographic Payloads (the content This section offers example Cryptographic Payloads (the content
within the Cryptographic Envelope) that contain Legacy Display within the Cryptographic Envelope) that contain Legacy Display
Elements. Elements.
E.1. Example text/plain Cryptographic Payload with Legacy Display E.1. Example text/plain Cryptographic Payload with Legacy Display
Elements Elements
Here is a simple one-part Cryptographic Payload (Header Section and Here is a simple one-part Cryptographic Payload (Header Section and
body) of a message that includes Legacy Display Elements: Body) of a message that includes Legacy Display Elements:
Date: Fri, 21 Jan 2022 20:40:48 -0500 Date: Fri, 21 Jan 2022 20:40:48 -0500
From: Alice <alice@example.net> From: Alice <alice@example.net>
To: Bob <bob@example.net> To: Bob <bob@example.net>
Subject: Dinner plans Subject: Dinner plans
Message-ID: <text-plain-legacy-display@lhp.example> Message-ID: <text-plain-legacy-display@lhp.example>
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1"; Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";
hp="cipher" hp="cipher"
HP-Outer: Date: Fri, 21 Jan 2022 20:40:48 -0500 HP-Outer: Date: Fri, 21 Jan 2022 20:40:48 -0500
skipping to change at page 258, line 25 skipping to change at line 11960
HP-Outer: To: Bob <bob@example.net> HP-Outer: To: Bob <bob@example.net>
HP-Outer: Subject: [...] HP-Outer: Subject: [...]
HP-Outer: Message-ID: <text-plain-legacy-display@lhp.example> HP-Outer: Message-ID: <text-plain-legacy-display@lhp.example>
Subject: Dinner plans Subject: Dinner plans
Let's meet at Rama's Roti Shop at 8pm and go to the park Let's meet at Rama's Roti Shop at 8pm and go to the park
from there. from there.
A compatible MUA will recognize the hp-legacy-display="1" parameter A compatible MUA will recognize the hp-legacy-display="1" parameter
and render the body of the message as: and render the Body of the message as:
Let's meet at Rama's Roti Shop at 8pm and go to the park Let's meet at Rama's Roti Shop at 8pm and go to the park
from there. from there.
A legacy decryption-capable MUA that is unaware of this mechanism A legacy decryption-capable MUA that is unaware of this mechanism
will ignore the hp-legacy-display="1" parameter and instead render will ignore the hp-legacy-display="1" parameter and instead render
the body including the Legacy Display Elements: the Body including the Legacy Display Elements:
Subject: Dinner plans Subject: Dinner plans
Let's meet at Rama's Roti Shop at 8pm and go to the park Let's meet at Rama's Roti Shop at 8pm and go to the park
from there. from there.
E.2. Example text/html Cryptographic Payload with Legacy Display E.2. Example text/html Cryptographic Payload with Legacy Display
Elements Elements
Here is a modern one-part Cryptographic Payload (Header Section and Here is a modern one-part Cryptographic Payload (Header Section and
body) of a message that includes Legacy Display Elements: Body) of a message that includes Legacy Display Elements:
Date: Fri, 21 Jan 2022 20:40:48 -0500 Date: Fri, 21 Jan 2022 20:40:48 -0500
From: Alice <alice@example.net> From: Alice <alice@example.net>
To: Bob <bob@example.net> To: Bob <bob@example.net>
Subject: Dinner plans Subject: Dinner plans
Message-ID: <text-html-legacy-display@lhp.example> Message-ID: <text-html-legacy-display@lhp.example>
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"; hp-legacy-display="1"; Content-Type: text/html; charset="us-ascii"; hp-legacy-display="1";
hp="cipher" hp="cipher"
HP-Outer: Date: Fri, 21 Jan 2022 20:40:48 -0500 HP-Outer: Date: Fri, 21 Jan 2022 20:40:48 -0500
skipping to change at page 259, line 31 skipping to change at line 12006
<pre>Subject: Dinner plans</pre> <pre>Subject: Dinner plans</pre>
</div> </div>
<p> <p>
Let's meet at Rama's Roti Shop at 8pm and go to the park Let's meet at Rama's Roti Shop at 8pm and go to the park
from there. from there.
</p> </p>
</body> </body>
</html> </html>
A compatible MUA will recognize the hp-legacy-display="1" parameter A compatible MUA will recognize the hp-legacy-display="1" parameter
and mask out the Legacy Display div, rendering the body of the and mask out the Legacy Display div, rendering the Body of the
message as a simple paragraph: message as a simple paragraph:
Let's meet at Rama's Roti Shop at 8pm and go to the park Let's meet at Rama's Roti Shop at 8pm and go to the park
from there. from there.
A legacy decryption-capable MUA that is unaware of this mechanism A legacy decryption-capable MUA that is unaware of this mechanism
will ignore the hp-legacy-display="1" parameter and instead render will ignore the hp-legacy-display="1" parameter and instead render
the body including the Legacy Display Elements: the Body including the Legacy Display Elements:
Subject: Dinner plans Subject: Dinner plans
Let's meet at Rama's Roti Shop at 8pm and go to the park Let's meet at Rama's Roti Shop at 8pm and go to the park
from there. from there.
Appendix F. Other Header Protection Schemes Appendix F. Other Header Protection Schemes
Other Header Protection schemes have been proposed in the past. Other Header Protection schemes have been proposed in the past.
However, those typically have drawbacks such as sparse However, those typically have drawbacks such as sparse
implementation, known problems with legacy interoperability (in implementation, known problems with legacy interoperability (in
particular with rendering), lack of clear signalling of sender particular with rendering), lack of clear signaling of sender intent,
intent, and/or incomplete cryptographic protections. This section and/or incomplete cryptographic protections. This section lists such
lists such schemes known at the time of the publication of this schemes known at the time of the publication of this document out of
document out of historical interest. historical interest.
F.1. Original RFC 8551 Header Protection F.1. Original RFC 8551 Header Protection
S/MIME [RFC8551] (as well as its predecessors [RFC5751] and S/MIME [RFC8551] (as well as its predecessors [RFC5751] and
[RFC3851]) defined a form of cryptographic Header Protection that has [RFC3851]) defined a form of cryptographic Header Protection that has
never reached wide adoption, and has significant drawbacks compared never reached wide adoption and has significant drawbacks compared to
to the mechanism in this draft. See Section 1.1.1 for more the mechanism in this document. See Section 1.1.1 for more
discussion of the differences and Section 4.10 for guidance on how to discussion of the differences and Section 4.10 for guidance on how to
handle such a message. handle such a message.
F.2. Pretty Easy Privacy (pEp) F.2. Pretty Easy Privacy (pEp)
The pEp (pretty Easy privacy) [I-D.pep-general] project specifies two The pretty Easy privacy (pEp) [PEP-GENERAL] project specifies two
different MIME schemes that include Header Protection for Signed-and- different MIME schemes that include Header Protection for Signed-and-
Encrypted e-mail messages in [I-D.pep-email]: One scheme -- referred Encrypted email messages in [PEP-EMAIL]: One scheme -- referred as
as pEp Email Format 1 (PEF-1) -- is generated towards MUAs not known pEp Email Format 1 (PEF-1) -- is generated towards MUAs not known to
to be pEp-capable, while the other scheme -- referred as PEF-2 -- is be pEp-capable, while the other scheme -- referred as PEF-2 -- is
used between MUAs discovered to be compatible with pEp. Signed-only used between MUAs discovered to be compatible with pEp. Signed-only
messages are not recommended in pEp. messages are not recommended in pEp.
Although the PEF-2 scheme is only meant to be used between PEF-2 Although the PEF-2 scheme is only meant to be used between PEF-
compatible MUAs, PEF-2 messages may end up at MUAs unaware of PEF-2 2-compatible MUAs, PEF-2 messages may end up at MUAs unaware of PEF-2
(in which case they typically render badly). This is due to (in which case, they typically render badly). This is due to
signalling mechanism limitations. signaling mechanism limitations.
As the PEF-2 scheme is an enhanced variant of the RFC8551HP scheme As the PEF-2 scheme is an enhanced variant of the RFC8551HP scheme
(with an additional MIME Layer), it is similar to the RFC8551HP (with an additional MIME Layer), it is similar to the RFC8551HP
scheme (see Section 4.10). The basic PEF-2 MIME structure looks as scheme (see Section 4.10). The basic PEF-2 MIME structure looks as
follows: follows:
A └┬╴multipart/encrypted [Outer Message] A └┬╴multipart/encrypted [Outer Message]
B ├─╴application/pgp-encrypted B ├─╴application/pgp-encrypted
C └─╴application/octet-stream inline [Cryptographic Payload] C └─╴application/octet-stream inline [Cryptographic Payload]
D ↧ (decrypts to) D ↧ (decrypts to)
skipping to change at page 261, line 4 skipping to change at line 12069
A └┬╴multipart/encrypted [Outer Message] A └┬╴multipart/encrypted [Outer Message]
B ├─╴application/pgp-encrypted B ├─╴application/pgp-encrypted
C └─╴application/octet-stream inline [Cryptographic Payload] C └─╴application/octet-stream inline [Cryptographic Payload]
D ↧ (decrypts to) D ↧ (decrypts to)
E └┬╴multipart/mixed E └┬╴multipart/mixed
F ├─╴text/plain F ├─╴text/plain
G ├┬╴message/rfc822 G ├┬╴message/rfc822
H │└─╴[Inner Message] H │└─╴[Inner Message]
I └─╴application/pgp-keys I └─╴application/pgp-keys
The MIME structure at part H contains the Inner Message to be The MIME structure at part H contains the Inner Message to be
rendered to the user. rendered to the user.
It is possible for a normal MUA to accidentally produce a message It is possible for a normal MUA to accidentally produce a message
that happens to have the same MIME structure as used for PEF-2 that happens to have the same MIME structure as used for PEF-2
messages. Therefore, a PEF-2 message cannot be identified by MIME messages. Therefore, a PEF-2 message cannot be identified by the
structure alone. MIME structure alone.
The lack of a mechanism comparable to HP-Outer (see Section 2.2) The lack of a mechanism comparable to HP-Outer (see Section 2.2)
makes it impossible for the recipient of a PEF-2 message to safely makes it impossible for the recipient of a PEF-2 message to safely
determine which Header Fields are confidential or not, while determine which Header Fields are confidential or not while
forwarding or replying to a message (see Section 6). forwarding or replying to a message (see Section 6).
Note: As this document is not normative for PEF-2 messages, it does Note: As this document is not normative for PEF-2 messages, it does
not provide any guidance for handling them. Please see not provide any guidance for handling them. Please see [PEP-EMAIL]
[I-D.pep-email] for more guidance. for more guidance.
F.3. "draft-autocrypt" Protected Headers F.3. "draft-autocrypt" Protected Headers
[I-D.autocrypt-lamps-protected-headers] describes a scheme similar to [PROTECTED-HEADERS] describes a scheme similar to the Header
the Header Protection scheme specified in this document. However, Protection scheme specified in this document. However, instead of
instead of adding Legacy Display Elements to existing MIME parts (see adding Legacy Display Elements to existing MIME parts (see
Section 5.2.2), "draft-autocrypt" injects a new MIME element "Legacy Section 5.2.2), [PROTECTED-HEADERS] suggests injecting a new MIME
Display Part", thus modifying the MIME structure of the Cryptographic element "Legacy Display Part", thus modifying the MIME structure of
Payload. These modified Cryptographic Payloads cause significant the Cryptographic Payload. These modified Cryptographic Payloads
rendering problems on some common Legacy MUAs. cause significant rendering problems on some common Legacy MUAs.
The lack of a mechanism comparable to hp="cipher" and hp="clear" (see The lack of a mechanism comparable to hp="cipher" and hp="clear" (see
Section 2.1.1) means the recipient of an encrypted "draft-autocrypt" Section 2.1.1) means the recipient of an encrypted message as
message cannot be cryptographically certain whether the sender described in [PROTECTED-HEADERS] cannot be cryptographically certain
intended for the message to be confidential or not. The lack of a whether the sender intended for the message to be confidential or
mechanism comparable to HP-Outer (see Section 2.2) makes it not. The lack of a mechanism comparable to HP-Outer (see
impossible for the recipient of an encrypted "draft-autocrypt" to Section 2.2) makes it impossible for the recipient of an encrypted
safely determine which Header Fields are confidential or not, while message as described in [PROTECTED-HEADERS] to safely determine which
forwarding or replying to a message (see Section 6). Header Fields are confidential or not while forwarding or replying to
a message (see Section 6).
Appendix G. Document Changelog
[[ RFC Editor: This section is to be removed before publication ]]
* draft-ietf-lamps-header-protection-25
- Address editorial clarifications from IESG review
- Update acknowledgements
* draft-ietf-lamps-header-protection-24
- Deal with From spoofing risk: when inner and outer From differ
with no valid signature, render outer From and warn
- Add test vectors to show historical 8551HP variants
- clarify PEF-2 and draft-autocrypt commentary
* draft-ietf-lamps-header-protection-23
- normalize on "signed-and-encrypted" across the document
- replace hcp_strong with hcp_shy
- Remove "Wrapped Message" scheme
- Rename "Injected Headers" to "Header Protection"
- Add guidance about From Header Field spoofing risk
- offer guidance on handling RFC8551HP messages when received
* draft-ietf-lamps-header-protection-22
- Reorganize document for better readability.
- Add more details about problems with draft-autocrypt.
- Rename hcp_minimal to hcp_baseline: in addition to obscuring
Subject, it now removes other Informational Header Fields
Comments and Keywords.
- Add an example message up front for easier explainability.
- Unwrap sample message test vectors.
- Name pseudocode algorithms, number steps.
- Reply guidance also applies to forwarded messages.
- hcp_strong: stop rewriting Message-Id.
* draft-ietf-lamps-header-protection-21
- HP-Outer mechanism replaces HP-Removed and HP-Obscured. This
enables the recipient to easily calculate the sender's actions
around header confidentiality.
- Replace Content-Type parameter protected-headers= with hp= and
hp-scheme=. The presence of hp= indicates that the sender used
Header Protection according to this document, and the value
indicates whether the sender tried to encrypt and sign the
message or just sign it. hp-scheme="wrapped" advises the
recipient that they should look for the protected Header Fields
in subtly different place.
- Provide a clear algorithm for reasonably safe handling of
confidential headers during Reply and Forward operations.
- Do not register the example HCP hcp_hide_cc, rename to
hcp_example_hide_cc
- Rename hcp_null to hcp_no_confidentiality
- Provide a clear algorithm for the recipient to compute the
protection state of each Header Field.
* draft-ietf-lamps-header-protection-20
- clarify IANA guidance about registration policy and designated
expert review
- emphasize that Content-Type parameter hp-legacy-display=1
belongs on all main body parts with a legacy display element
- clean up/normalize pseudocode variable names and text (no
algorithm changes)
* draft-ietf-lamps-header-protection-19
- improve text, capitalize defined terms, fix typos
- Clean up from AD review:
- updates RFC 8551 explicitly
- add "Legacy Signed Message" and "Ordinary User" explicitly to
terms
- tighten up SHOULDs/MUSTs for conformant MUAs
- expand references to other relevant Security Considerations
- drop nudge about non-existent Content-Type Parameters registry
- clarify IANA notes to align with table columns
- explicitly request HCP registry
- add references to other header protections schemes, but move
all of them to appendix
* draft-ietf-lamps-header-protection-18
- only allow US-ASCII as modified output of HCP, adjusted ABNF to
match
* draft-ietf-lamps-header-protection-17
- More edits from WGLC:
- clean up definition of "Header Field"
- note leakage of encrypted recipient hints
- clarify explanation of LDE generation
- clarify how some obscured headers might not actually be private
* draft-ietf-lamps-header-protection-16
- correct variable names in message composition algorithms
- make text more readable
* draft-ietf-lamps-header-protection-15
- include clarifications, typos, etc from comments received
during WGLC
* draft-ietf-lamps-header-protection-14
- provide section references for draft-ietf-lamps-e2e-mail-
guidance
- encouarge a future IANA named HCP registry if HCP development
takes off
* draft-ietf-lamps-header-protection-13
- Retitle from "Header Protection for S/MIME" to "Header
Protection for Cryptographically Protected E-mail"
* draft-ietf-lamps-header-protection-12
- MUST produce HP-Obscured and HP-Removed when generating
encrypted messages with non-null HCP
- Wrapped Message: move from forwarded=no to protected-
headers=wrapped
- Wrapped Message: recommend Content-Disposition: inline
* draft-ietf-lamps-header-protection-11
- Remove most of the Bcc text (transferred general discussion to
e2e-mail-guidance)
- Fix bug in algorithm for generating HP-Obscured and HP-Removed
- More detail about handling Reply messages
- Considerations around handling risky Legacy Display Elements
- Narrative descriptions of some worked examples
- Describe potential leaks to recipients
- Clarify debugging/troubleshooting UX affordances
* draft-ietf-lamps-header-protection-10
- Clarify that HCP doesn't apply to Structural Header Fields
- Drop out-of-date "Open Issues" section
- Brief commentary on UI of messages with intermediate/mixed
protections
- Deprecation prospects for messages without protected headers
- Describe generating replies to encrypted messages with stronger
HCP
* draft-ietf-lamps-header-protection-09
- clarify terminology
- add privacy and security considerations
- clarify HCP examples and baselines
- recommend hcp_minimal as default HCP
- add HP-Obscured and HP-Removed (avoids reasoning about
differences between outside and inside the Cryptographic
Envelope)
- regenerated test vectors
* draft-ietf-lamps-header-protection-08
- MUST compose injected headers, MAY compose wrapped messages
- MUST parse both schemes
- cleanup and restructure document
* draft-ietf-lamps-header-protection-07
- move from legacy display MIME part to legacy display elements
within main body part
* draft-ietf-lamps-header-protection-06
- document observed problems with legacy MUAs
- avoid duplicated outer Message-IDs in hcp_strong test vectors
* draft-ietf-lamps-header-protection-05
- fix multipart/signed wrapped test vectors
* draft-ietf-lamps-header-protection-04
- add test vectors
- add "problems with Injected Messages" subsection
* draft-ietf-lamps-header-protection-03
- dkg takes over from Bernie as primary author
- Add Usability section
- describe two distinct formats "Wrapped Message" and "Injected
Headers"
- Introduce Header Confidentiality Policy model
- Overhaul message composition guidance
- Simplify document creation workflow, move public face to gitlab
* draft-ietf-lamps-header-protection-02
- editorial changes / improve language
* draft-ietf-lamps-header-protection-01
- Add DKG as co-author
- Partial Rewrite of Abstract and Introduction [HB/AM/DKG]
- Adding definitions for Cryptographic Layer, Cryptographic
Payload, and Cryptographic Envelope (reference to
[I-D.ietf-lamps-e2e-mail-guidance]) [DKG]
- Enhanced MITM Definition to include Machine- / Meddler-in-the-
middle [HB]
- Relaxed definition of Original message, which may not be of
type "message/rfc822" [HB]
- Move "memory hole" option to the Appendix (on request by Chair
to only maintain one option in the specification) [HB]
- Updated Scope of Protection Levels according to WG discussion
during IETF-108 [HB]
- Obfuscation recommendation only for Subject and Message-Id and
distinguish between Encrypted and Unencrypted Messages [HB]
- Removed (commented out) Header Field Flow Figure (it appeared
to be confusing as is was) [HB]
* draft-ietf-lamps-header-protection-00
- Initial version (text partially taken over from draft-ietf-
lamps-header-protection-requirements
Index
C H R
C
Compose Table 6
ComposeNoHeaderProtection Table 6
H
HCP Section 1.7, Paragraph 2.12.1; Section 3, Paragraph 2; Acknowledgements
Section 3, Paragraph 5; Section 3.1, Paragraph 3;
Section 3.1, Paragraph 9; Section 3.1.1, Paragraph 1;
Section 3.2, Paragraph 2; Section 3.2, Paragraph 3;
Section 3.2.1, Paragraph 3; Section 3.2.2, Paragraph 1;
Section 3.2.2, Paragraph 4; Section 3.3, Paragraph 1;
Section 3.4.1, Paragraph 1; Section 3.4.2, Paragraph 1;
Section 3.4.2, Paragraph 2.1.1; Section 3.4.2, Paragraph
2.3.1; Section 3.4.2, Paragraph 2.4.1; Section 3.4.2,
Paragraph 3; Section 4.8.2, Paragraph 3; Section 5.2.1,
Paragraph 4.5.2.2.2.1.1; Section 6.1, Paragraph 5;
Section 6.1, Paragraph 7; Section 6.1.1, Paragraph 7.8.1;
Section 6.1.1, Paragraph 8; Section 8.2, Paragraph 1;
Section 8.2, Paragraph 4; Section 8.2, Paragraph 5;
Section 8.2, Paragraph 6; Section 9.2, Paragraph 2;
Section 9.2, Paragraph 3; Section 11.2, Paragraph 1;
Section 11.2.1, Paragraph 1; Section 11.2.3, Paragraph 1;
Section 11.2.3, Paragraph 2; Section 11.3, Paragraph 2;
Section 11.4, Paragraph 2; Section 12, Paragraph 1; Table 6;
Appendix D.1.2, Paragraph 1; Appendix D.2.2, Paragraph 3;
Appendix D.2.2, Paragraph 6; Appendix G, Paragraph
2.5.2.4.1; Appendix G, Paragraph 2.7.2.9.1; Appendix G,
Paragraph 2.8.2.1.1; Appendix G, Paragraph 2.12.2.2.1;
Appendix G, Paragraph 2.14.2.1.1; Appendix G, Paragraph
2.16.2.1.1; Appendix G, Paragraph 2.16.2.5.1; Appendix G,
Paragraph 2.17.2.3.1; Appendix G, Paragraph 2.17.2.4.1
Header Confidentiality Policy Section 1.2, Paragraph 4;
Section 1.7, Paragraph 2.12.1; Section 3, Paragraph 2;
Section 3.1, Paragraph 1; Section 3.2.1, Paragraph 1;
Section 3.2.2, Paragraph 1; Section 3.3, Paragraph 1;
Section 3.4, Paragraph 1; Section 3.4.1, Paragraph 2;
Section 3.4.2, Paragraph 1; Section 4, Paragraph 5.4.1;
Section 5.2, Paragraph 2.2.1; Section 6.1, Paragraph 5;
Section 6.1, Paragraph 7; Section 6.1.1, Paragraph 3;
Section 8.2, Paragraph 1; Section 9.2, Paragraph 1;
Section 11.2.1, Paragraph 3; Section 12.3, Paragraph 5.1.1;
Appendix C.2, Paragraph 1; Appendix C.3.1, Paragraph 1;
Appendix C.3.2, Paragraph 1; Appendix C.3.3, Paragraph 1;
Appendix C.3.4, Paragraph 1; Appendix C.3.5, Paragraph 1;
Appendix C.3.6, Paragraph 1; Appendix C.3.7, Paragraph 1;
Appendix C.3.8, Paragraph 1; Appendix C.3.9, Paragraph 1;
Appendix C.3.10, Paragraph 1; Appendix C.3.11, Paragraph 1;
Appendix C.3.12, Paragraph 1; Appendix C.3.13, Paragraph 1;
Appendix C.3.14, Paragraph 1; Appendix C.3.15, Paragraph 1;
Appendix C.3.16, Paragraph 1; Appendix C.3.17, Paragraph 1;
Appendix G, Paragraph 2.23.2.4.1
HeaderFieldProtection Section 4.10.2, Paragraph 2.2.1; Table 6 Alexander Krotov identified the risk of From address spoofing (see
HeaderSetsFromMessage Section 4.3.1, Paragraph 4.2.1; Section 10.1) and helped provide guidance to MUAs.
Section 4.10.2, Paragraph 2.2.1; Section 4.10.2, Paragraph
2.4.1; Table 6
R Thore Göbel identified significant gaps in earlier draft versions of
this document and proposed concrete, substantial improvements.
Thanks to his contributions, the document is clearer, and the
protocols described herein are more useful.
ReferenceHCP Table 6 Additionally, the authors would like to thank the following people
RFC8551HP Section 1.1, Paragraph 1; Section 1.1, Paragraph 2; who have provided helpful comments and suggestions for this document:
Section 1.1.1, Paragraph 1; Section 1.1.1, Paragraph 2; Berna Alp, Bernhard E. Reiter, Bron Gondwana, Carl Wallace, Claudio
Section 1.1.1, Paragraph 5; Section 1.1.1, Paragraph 7; Luck, Daniel Huigens, David Wilson, Éric Vyncke, Hernani Marques,
Section 1.1.1, Paragraph 8; Section 4.10, Paragraph 1; juga, Kelly Bristol, Krista Bennett, Lars Rohwedder, Michael StJohns,
Section 4.10, Paragraph 2; Section 4.10.1, Paragraph 1; Nicolas Lidzborski, Orie Steele, Paul Wouters, Peter Yee, Phillip
Section 4.10.1, Paragraph 3; Section 4.10.1, Paragraph 5; Tao, Robert Williams, Rohan Mahy, Roman Danyliw, Russ Housley, Sofia
Section 4.10.2, Paragraph 1; Section 4.10.2, Paragraph Balicka, Steve Kille, Volker Birk, Warren Kumari, and Wei Chuang.
2.1.1; Appendix C.2.5, Paragraph 1; Appendix C.2.6,
Paragraph 1; Appendix C.3.17, Paragraph 1; Appendix F.2,
Paragraph 3; Appendix G, Paragraph 2.3.2.6.1
Authors' Addresses Authors' Addresses
Daniel Kahn Gillmor Daniel Kahn Gillmor
American Civil Liberties Union American Civil Liberties Union
125 Broad St. 125 Broad St.
New York, NY, 10004 New York, NY 10004
United States of America United States of America
Email: dkg@fifthhorseman.net Email: dkg@fifthhorseman.net
Bernie Hoeneisen Bernie Hoeneisen
pEp Project pEp Project
Oberer Graben 4 Oberer Graben 4
CH- 8400 Winterthur CH- 8400 Winterthur
Switzerland Switzerland
Email: bernie@ietf.hoeneisen.ch Email: bernie@ietf.hoeneisen.ch
URI: https://pep-project.org/ URI: https://pep-project.org/
 End of changes. 1012 change blocks. 
6154 lines changed or deleted 5748 lines changed or added

This html diff was produced by rfcdiff 1.48.