<?xml version='1.0'encoding='utf-8'?>encoding='UTF-8'?> <!DOCTYPE rfc [ <!ENTITY nbsp " "> <!ENTITY zwsp "​"> <!ENTITY nbhy "‑"> <!ENTITY wj "⁠"> ]><?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> <!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.22 (Ruby 3.2.3) --><rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-lamps-rfc4210bis-18" number="9810" category="std" consensus="true" submissionType="IETF" xml:lang="en"obsoletes="4210obsoletes="4210, 9480" updates="5912" tocDepth="4" tocInclude="true"sortRefs="false"sortRefs="true" symRefs="true" version="3"><!-- xml2rfc v2v3 conversion 3.26.0 --><front> <title abbrev="CMP">Internet X.509 Public Key Infrastructure -- Certificate Management Protocol (CMP)</title> <seriesInfoname="Internet-Draft" value="draft-ietf-lamps-rfc4210bis-18"/>name="RFC" value="9810"/> <author initials="H." surname="Brockhaus" fullname="Hendrik Brockhaus"> <organization abbrev="Siemens">Siemens</organization> <address> <postal> <street>Werner-von-Siemens-Strasse 1</street> <city>Munich</city> <code>80333</code> <country>Germany</country> </postal> <email>hendrik.brockhaus@siemens.com</email> <uri>https://www.siemens.com</uri> </address> </author> <author initials="D." surname="von Oheimb" fullname="David von Oheimb"> <organization abbrev="Siemens">Siemens</organization> <address> <postal> <street>Werner-von-Siemens-Strasse 1</street> <city>Munich</city> <code>80333</code> <country>Germany</country> </postal> <email>david.von.oheimb@siemens.com</email> <uri>https://www.siemens.com</uri> </address> </author> <author initials="M." surname="Ounsworth" fullname="Mike Ounsworth"> <organization abbrev="Entrust">Entrust</organization> <address> <postal> <street>1187 Park Place</street> <city>Minneapolis</city> <region>MN</region> <code>55379</code> <country>United States of America</country> </postal> <email>mike.ounsworth@entrust.com</email> <uri>https://www.entrust.com</uri> </address> </author> <author initials="J." surname="Gray" fullname="John Gray"> <organization abbrev="Entrust">Entrust</organization> <address> <postal> <street>1187 Park Place</street> <city>Minneapolis</city> <region>MN</region> <code>55379</code> <country>United States of America</country> </postal> <email>john.gray@entrust.com</email> <uri>https://www.entrust.com</uri> </address> </author> <dateyear="2025"/> <area>sec</area> <workgroup>LAMPS Working Group</workgroup>year="2025" month="July"/> <area>SEC</area> <workgroup>lamps</workgroup> <keyword>CMP</keyword> <keyword>Certificate Management</keyword> <keyword>PKI</keyword> <abstract><?line 203?><t>This document describes the Internet X.509 Public Key Infrastructure (PKI) Certificate Management Protocol (CMP). Protocol messages are defined for X.509v3 certificate creation and management. CMP provides interactions between client systems and PKI components such as a Registration Authority (RA) and a Certification Authority (CA).</t> <t>This document adds support for management of certificates containing a Key Encapsulation Mechanism (KEM) public key anduseuses EnvelopedData instead of EncryptedValue. This document also includes the updates specified in Section 2 and Appendix A.2 of RFC 9480.</t><t>The updates maintain backward compatibility with CMP version 2 wherever possible. Updates to CMP version 2 are improving crypto agility, extending the polling mechanism, adding new general message types, and adding extended key usages to identify special CMP server authorizations. CMP version 3 is introduced for changes to the ASN.1 syntax, which are support of EnvelopedData, certConf with hashAlg, POPOPrivKey with agreeMAC, and RootCaKeyUpdateContent in ckuann messages.</t><t>This document obsoletes RFC42104210, and together withI-D.ietf-lamps-rfc6712bis andRFC 9811, it also obsoletes RFC 9480. Appendix F of this document updatestheSection 9 of RFC 5912.</t> </abstract> </front> <middle> <?line 228?> <section anchor="sect-1"> <name>Introduction</name><t>[RFC Editor: please delete:</t> <t>During IESG telechat the CMP Updates document was approved on condition that LAMPS provides a RFC4210bis document. Version -00 of this document shall be identical to RFC 4210 and version -01 incorporates the changes specified in CMP Updates Section 2 and Appendix A.2.</t> <t>A history of changes is available in <xref target="sect-g"/> of this document.</t> <t>The authors of this document wish to thank Carlisle Adams, Stephen Farrell, Tomi Kause, and Tero Mononen, the original authors of RFC4210, for their work and invite them, next to further volunteers, to join the -bis activity as co-authors.</t> <t>]</t> <t>[RFC Editor:</t> <t>Please perform the following substitution.</t> <ul spacing="normal"> <li> <t>RFCXXXX --> the assigned numerical RFC value for this draft ]</t> </li> </ul><t>This document describes the Internet X.509Public Key Infrastructure (PKI) Certificate Management Protocol (CMP).PKI CMP. Protocol messages are defined for certificate creation and management. The term "certificate" in this document refers to an X.509v3Certificatecertificate as defined in <xref target="RFC5280"/>.</t> <section anchor="sect-1.1"> <name>Changes Made by RFC 4210</name> <t><xref target="RFC4210"/> differs from <xref target="RFC2510"/> in the following areas:</t> <ul spacing="normal"> <li> <t>The PKI management message profile section is split to two appendices: the required profile and the optional profile. Some of the formerly mandatory functionality is moved to the optional profile.</t> </li> <li> <t>The message confirmation mechanism has changed substantially.</t> </li> <li> <t>A new polling mechanism is introduced, deprecating the old polling method at the CMP transport level.</t> </li> <li> <t>The CMP transport protocol issues are handled in a separate document <xref target="RFC6712"/>, thus theTransports"Transports" section is removed.</t> </li> <li> <t>A new implicit confirmation method is introduced to reduce the number of protocol messages exchanged in a transaction.</t> </li> <li> <t>The new specification contains some less prominent protocol enhancements and improved explanatory text on several issues.</t> </li> </ul> </section> <section anchor="sect-1.2"> <name>Updates Made by RFC 9480</name> <t>CMP Updates <xref target="RFC9480"/> and CMP Algorithms <xref target="RFC9481"/> updated <xref target="RFC4210"/>, supporting the PKI management operations specified in the Lightweight CMP Profile <xref target="RFC9483"/>, in the following areas:</t> <ul spacing="normal"> <li> <t>Added new extended key usages (EKUs) for various CMP server types, e.g.,registration authorityRA andcertification authority,CA, to express the authorization of the certificate holder that acts as the indicated type of PKI management entity.</t> </li> <li> <t>Extended the description of multiple protection to cover additional use cases, e.g., batch processing of messages.</t> </li> <li><t>Use<t>Used the Cryptographic Message Syntax (CMS) <xref target="RFC5652"/> type EnvelopedData as the preferred choice instead of EncryptedValue to better support crypto agility in CMP. </t> <t> For reasons of completeness and consistency, the type EncryptedValue has been exchanged in all occurrences. This includes the protection of centrally generated private keys, encryption of certificates,proof-of-possessionProof-of-Possession (POP) methods, and protection of revocation passphrases. To properly differentiate the support of EnvelopedData instead of EncryptedValue, CMP version 3 is introduced in case a transaction is supposed to use EnvelopedData. </t> <t> Note: According to point 9 in <xref section="2.1" target="RFC4211"/>,Section 2.1, point 9,the use of the EncryptedValue structure has been deprecated in favor of the EnvelopedData structure. <xref target="RFC4211"/> offers the EncryptedKey structure a choice of EncryptedValue and EnvelopedData for migration to EnvelopedData.</t> </li> <li><t>Offer<t>Offered an optional hashAlg field in CertStatus supporting casesthatwhen a certificate needs to beconfirmed that hasconfirmed, but the certificate was signed using a signature algorithm that does not indicate a specific hash algorithm to use for computing the certHash. This is also in preparation for upcoming post-quantum algorithms.</t> </li> <li> <t>Added new general message types to request CA certificates, a root CA update, a certificate request template, or Certificate Revocation List (CRL) updates.</t> </li> <li> <t>Extended the use of polling to p10cr, certConf, rr, genm, and error messages.</t> </li> <li> <t>Deleted the mandatory algorithm profile in <xref target="sect-c.2"/> andreferinstead referred toSection 7 of<xref section="7" target="RFC9481"/>.</t> </li> <li> <t>Addedsecurity considerationsSections <xref format="counter" target="sect-8.6"/>, <xref format="counter" target="sect-8.7"/>, <xref format="counter" target="sect-8.9"/>, and <xref format="counter"target="sect-8.10"/>.</t>target="sect-8.10"/> to the security considerations.</t> </li> </ul> </section> <section anchor="sect-1.3"> <name>Changes Made by This Document</name> <t>This document obsoletes <xref target="RFC4210"/> and <xreftarget="RFC9480"/>. It includestarget="RFC9480"/>.</t> <t> Backward compatibility with CMP version 2 is maintained wherever possible. Updates to CMP version 2 improve crypto agility, extend the polling mechanism, add new general message types, and add EKUs to identify special CMP server authorizations. CMP version 3 is introduced for changes to the ASN.1 syntax, which support EnvelopedData, certConf with hashAlg, POPOPrivKey with agreeMAC, and RootCaKeyUpdateContent in ckuann messages.</t> <t>The updates made in this document include the changes specified by Section2<xref section="2" target="RFC9480" sectionFormat="bare"/> andAppendix C.2 of<xref section="A.2" target="RFC9480"/> as described in <xref target="sect-1.2"/>.AdditionallyAdditionally, this document updates the content of <xref target="RFC4210"/> in the following areas:</t> <ul spacing="normal"> <li> <t>Added <xref target="sect-3.1.1.4"/> introducing the Key GenerationAuthority.</t>Authority (KGA).</t> </li> <li> <t>Extended <xref target="sect-3.1.2"/> regarding use of Certificate Transparency (CT) logs.</t> </li> <li> <t>Updated <xref target="sect-4.4"/> introducing RootCaKeyUpdateContent as an alternative to using a repository to acquire new root CA certificates.</t> </li> <li> <t>Added <xref target="sect-5.1.1.3"/> containing a description of origPKIMessagecontentcontent, moved here from <xref target="sect-5.1.3.4"/>.</t> </li> <li> <t>Added support for KEM keys forproof-of-possessionPOP to Sections <xreftarget="sect-4.3"/>target="sect-4.3" format="counter"/> and <xreftarget="sect-5.2.8"/>,target="sect-5.2.8" format="counter"/>, for message protection to Sections <xreftarget="sect-5.1.1"/>,target="sect-5.1.1" format="counter"/> and <xreftarget="sect-5.1.3.4"/>,target="sect-5.1.3.4" format="counter"/> and <xref target="sect-e"/>, and for usage with CMS EnvelopedData to <xref target="sect-5.2.2"/>.</t> </li> <li> <t>Deprecated CAKeyUpdAnnContent in favor of RootCaKeyUpdateContent.</t> </li> <li> <t>Incorporated the request message behavioral clarifications fromAppendix C of<xref section="C" target="RFC4210"/> to <xref target="sect-5"/>. The definition of altCertTemplate was incorporated into <xreftarget="sect-5.2.1"/>target="sect-5.2.1"/>, and the clarification on POPOSigningKey and on POPOPrivKey was incorporated into <xref target="sect-5.2.8"/>.</t> </li> <li> <t>Added support for CMS EnvelopedData to differentproof-of-possessionPOP methods for transferring encrypted private keys, certificates, and challenges to <xref target="sect-5.2.8"/>.</t> </li> <li> <t>Addedsecurity considerationsSections <xref format="counter" target="sect-8.1"/>, <xref format="counter" target="sect-8.5"/>, <xref format="counter" target="sect-8.8"/>, and <xref format="counter"target="sect-8.11"/>.</t>target="sect-8.11"/> to the security considerations.</t> </li> </ul> </section> </section> <section anchor="sect-2"> <name>Terminology and Abbreviations</name><t>The<t> The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described inBCP 14BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shownhere.</t> <?line -18?>here. </t> <t>This document relies on the terminology defined in <xref target="RFC5280"/>. The most important abbreviations are listed below:</t><ul empty="true"> <li> <t>CA: Certification Authority</t> </li> </ul> <ul empty="true"> <li> <t>CMP: Certificate<dl spacing="normal" newline="false"> <dt>CA:</dt><dd>Certification Authority</dd> <dt>CMP:</dt><dd>Certificate ManagementProtocol</t> </li> </ul> <ul empty="true"> <li> <t>CMS: CryptographicProtocol</dd> <dt>CMS:</dt><dd>Cryptographic MessageSyntax</t> </li> </ul> <ul empty="true"> <li> <t>CRL: CertificateSyntax</dd> <dt>CRL:</dt><dd>Certificate RevocationList</t> </li> </ul> <ul empty="true"> <li> <t>CRMF: CertificateList</dd> <dt>CRMF:</dt><dd>Certificate Request MessageFormat</t> </li> </ul> <ul empty="true"> <li> <t>EE: End Entity</t> </li> </ul> <ul empty="true"> <li> <t>KEM: KeyFormat</dd> <dt>EE:</dt><dd>End Entity</dd> <dt>KEM:</dt><dd>Key EncapsulationMechanism</t> </li> </ul> <ul empty="true"> <li> <t>KGA: KeyMechanism</dd> <dt>KGA:</dt><dd>Key GenerationAuthority</t> </li> </ul> <ul empty="true"> <li> <t>LRA: LocalAuthority</dd> <dt>LRA:</dt><dd>Local RegistrationAuthority</t> </li> </ul> <ul empty="true"> <li> <t>MAC: MessageAuthority</dd> <dt>MAC:</dt><dd>Message AuthenticationCode</t> </li> </ul> <ul empty="true"> <li> <t>PKI: PublicCode</dd> <dt>PKI:</dt><dd>Public KeyInfrastructure</t> </li> </ul> <ul empty="true"> <li> <t>POP: Proof Of Possession</t> </li> </ul> <ul empty="true"> <li> <t>RA: Registration Authority</t> </li> </ul> <ul empty="true"> <li> <t>TEE: TrustedInfrastructure</dd> <dt>POP:</dt><dd>Proof-of-Possession</dd> <dt>RA:</dt><dd>Registration Authority</dd> <dt>TEE:</dt><dd>Trusted ExecutionEnvironment</t> </li> </ul>Environment</dd> </dl> </section> <section anchor="sect-3"> <name>PKI Management Overview</name> <t>The PKI must be structured to be consistent with the types of individuals who must administer it. Providing such administrators with unbounded choices not only complicates the softwarerequired,required but also increases the chances that a subtle mistake by an administrator or software developer will result in broader compromise. Similarly, restricting administrators with cumbersome mechanisms will cause them not to use the PKI.</t> <t>Management protocols are <bcp14>REQUIRED</bcp14> to supporton-lineonline interactions betweenPublic Key Infrastructure (PKI)PKI components. For example, a management protocol might be used between aCertification Authority (CA)CA and a client system with which a key pair isassociated,associated or between two CAs that issue cross-certificates for each other.</t> <section anchor="sect-3.1"> <name>PKI Management Model</name> <t>Before specifying particular message formats and procedures, we first define the entities involved in PKI management and their interactions (in terms of the PKI management functions required). We then group these functions in order to accommodate different identifiable types ofend entities.</t>EEs.</t> <section anchor="sect-3.1.1"> <name>Definitions of PKI Entities</name> <t>The entities involved in PKI management include theend entityEE (i.e., the entity to whom the certificate is issued) and thecertification authorityCA (i.e., the entity that issues the certificate).A registration authorityAn RA might also be involved in PKI management.</t> <section anchor="sect-3.1.1.1"> <name>Subjects and End Entities</name> <t>The term "subject" is used here to refer to the entity to whom the certificate is issued, typically named in the subject or subjectAltName field of a certificate. When we wish to distinguish the tools and/or software used by the subject (e.g., a local certificate management module), we will use the term "subject equipment". In general, the term "end entity" (EE), rather than "subject", is preferred in order to avoid confusion with the field name. It is important to note that theend entitiesEEs here will include not only human users ofapplications,applications but also applications themselves (e.g., forIKE/IPsec)Internet Key Exchange Protocol (IKE) / IPsec) or devices (e.g., routers or industrial control systems). This factor influences the protocols that the PKI management operations use; for example, application software is far more likely to know exactly which certificate extensions are required than are human users. PKI management entities are alsoend entitiesEEs in the sense that they are sometimes named in the subject or subjectAltName field of a certificate or cross-certificate. Where appropriate, the term "end entity" will be used to refer toend entitiesEEs who are not PKI management entities.</t> <t>Allend entitiesEEs require secure local access to some information -- at a minimum, their own name and private key, the name of a CA that is directly trusted by this entity, and that CA's public key (or a fingerprint of the public key where a self-certified version is available elsewhere). Implementations <bcp14>MAY</bcp14> use secure local storage for more than this minimum (e.g., theend entity'sEE's own certificates or application-specific information). The form of storage will also vary -- from files to tamper-resistant cryptographic tokens. The information stored in such local, trusted storage is referred to here as theend entity's Trusted Execution Environment (TEE)EE's TEE, also known as Personal Security Environment (PSE).</t> <t>Though TEE formats are beyond the scope of this document (they are very dependent on equipment, et cetera), a generic interchange format for TEEs is defined here: a certification responsemessage, seemessage (see <xreftarget="sect-5.3.4"/>,target="sect-5.3.4"/>) <bcp14>MAY</bcp14> be used.</t> </section> <section anchor="sect-3.1.1.2"> <name>Certification Authority</name> <t>Thecertification authority (CA)CA may or may not actually be a real "third party" from theend entity'sEE's point of view. Quite often, the CA will actually belong to the same organization as theend entitiesEEs it supports.</t> <t>Again, we use the term "CA" to refer to the entity named in the issuer field of a certificate. When it is necessary to distinguish the software or hardware tools used by the CA, we use the term "CA equipment".</t> <t>The CA equipment will often include both an"off-line""offline" component and an"on-line""online" component, with the CA private key only available to the"off-line""offline" component. This is, however, a matter for implementers (though it is also relevant as a policy issue).</t> <t>We use the term "root CA" to indicate a CA that is directly trusted by anend entity;EE; that is, securely acquiring the value of a root CA public key requires some out-of-band step(s). This term is not meant to imply that a root CA is necessarily at the top of any hierarchy, simply that the CA in question is trusted directly. The "root CA" may provide its trust anchor information with or without using a certificate. In somecircumstancescircumstances, such a certificate may be self-signed, but in othercircumstancescircumstances, it may becross signed,cross-signed, signed by a peer, signed by a superior CA, or unsigned.</t> <t>Note that other documents like <xref target="X509.2019"/> and <xref target="RFC5280"/> use the term "trusted CA" or "trust anchor" instead of "root CA". This document continues using "root CA" based on the above definition because it is also present in the ASN.1 syntax that cannot be changed easily.</t> <t>A "subordinate CA" is one that is not a root CA for theend entityEE in question. Often, a subordinate CA will not be a root CA for any entity, but this is not mandatory.</t> </section> <section anchor="sect-3.1.1.3"> <name>Registration Authority</name> <t>In addition toend-entitiesEEs and CAs, many environments call for the existence ofa Registration Authority (RA)an RA separate from theCertification Authority.CA. The functions that theregistration authorityRA may carry out will vary from case to case but <bcp14>MAY</bcp14> include identity checking, token distribution, checking certificate requests and authentication of their origin, revocation reporting, name assignment, archival of key pairs, et cetera.</t> <t>This document views the RA as an <bcp14>OPTIONAL</bcp14> component:whenWhen it is not present, the CA is assumed to be able to carry out the RA's functions so that the PKI management protocols are the same from theend-entity'sEE's point of view.</t> <t>Again, we distinguish, where necessary, between the RA and the tools used (the "RA equipment").</t> <t>Note that an RA is itself anend entity.EE. We further assume that all RAs are in fact certifiedend entitiesEEs and that RAs have private keys that are usable for signing. How a particular CA equipment identifies someend entitiesEEs as RAs is an implementation issue (i.e., this document specifies no special RA certification operation). We do not mandate that the RA is certified by the CA with which it is interacting at the moment (so one RA may work with more than one CA whilst only being certified once).</t> <t>In some circumstances,end entitiesEEs will communicate directly with a CA even where an RA is present. For example, for initial registration and/or certification, theend entityEE may use itsRA,RA but communicate directly with the CA in order to refresh its certificate.</t> </section> <section anchor="sect-3.1.1.4"> <name>Key Generation Authority</name> <t>AKey Generation Authority (KGA)KGA is a PKI management entity generating key pairs on behalf of anend entity.EE. As the KGA generates the keypairpair, it knows the public and the private part.</t> <t>This document views the KGA as an <bcp14>OPTIONAL</bcp14> component. When it is not present and central key generation is needed, the CA is assumed to be able to carry out the KGA's functions so that the PKI management protocol messages are the same from theend-entity'sEE's point of view. If certain tasks of a CA are delegated to other components, this delegation needs authorization, which can be indicated byextended key usagesEKUs (see <xref target="sect-4.5"/>).</t> <t>Note: When doing central generation of key pairs, implementers should consider the implications of server-side retention on the overall security of the system; in somecasecases, retention is good, forexampleexample, for escrow reasons, but in othercasescases, the server should clear its copy after delivery to theend entity.</t>EE.</t> <t>Note: If the CA delegates key generation to a KGA, the KGA can be collocated with the RA.</t> </section> </section> <section anchor="sect-3.1.2"> <name>PKI Management Requirements</name> <t>The protocols given here meet the following requirements on PKI management</t> <ol spacing="normal" type="1"><li> <t>PKI management must conform to the ISO/IEC 9594-8/ITU-T X.509standards.</t>standards, in particular <xref target="X509.2019"/>.</t> </li> <li> <t>It must be possible to regularly update any key pair without affecting any other key pair.</t> </li> <li> <t>The use of confidentiality in PKI management protocols must be kept to a minimum in order to ease acceptance in environments where strong confidentiality might cause regulatory problems.</t> </li> <li> <t>PKI management protocols must allow the use of different industry-standard cryptographicalgorithms, seealgorithms (see CMP Algorithms <xreftarget="RFC9481"/>.target="RFC9481"/>). This means that any given CA, RA, orend entityEE may, in principle, use whichever algorithms suit it for its own key pair(s).</t> </li> <li> <t>PKI management protocols must not preclude the generation of key pairs by theend entityEE concerned, by aKGAKGA, or by a CA. Key generation may also occur elsewhere, but for the purposes of PKImanagementmanagement, we can regard key generation as occurring wherever the key is first present at anend entity,EE, KGA, or CA.</t> </li> <li> <t>PKI management protocols must support the publication of certificates by theend entityEE concerned, by an RA, or by a CA. Different implementations and different environments may choose any of the above approaches.</t> </li> <li> <t>PKI management protocols must support the production of Certificate Revocation Lists (CRLs) by allowing certifiedend entitiesEEs to make requests for the revocation of certificates. This must be done in such a way that the denial-of-service attacks, which are possible, are not made simpler.</t> </li> <li> <t>PKI management protocols must be usable over a variety of "transport" mechanisms, specifically includingmail,email, Hypertext Transfer Protocol (HTTP), Message Queuing Telemetry Transport (MQTT), Constrained Application Protocol (CoAP), andoff-line file-based.</t>various offline and non-networked file transfer methods.</t> </li> <li> <t>Final authority for certification creation rests with the CA. No RA orend entityEE equipment can assume that any certificate issued by a CA will contain what was requested; a CA may alter certificate field values or may add, delete, or alter extensions according to its operating policy. In other words, all PKI entities(end-entities,(EEs, RAs, KGAs, and CAs) must be capable of handling responses to requests for certificates in which the actual certificate issued is different from that requested (for example, a CA may shorten the validity period requested). Note that policy may dictate that the CA must not publish or otherwise distribute the certificate until the requesting entity has reviewed and accepted thenewly-creatednewly created certificate or the POP is completed. In case of publication of the certificate (when using indirect POP, see <xref target="sect-8.11"/>) or a precertificate in aCertificate TransparencyCT log <xref target="RFC9162"/>, the certificate must be revoked if it was not accepted by the EE or the POP could not be completed.</t> </li> <li> <t>A graceful, scheduledchange-overchangeover from one non-compromised CA key pair to the next (CA key update) must be supported (note that if the CA key is compromised, re-initialization must be performed for all entities in the domain of that CA). Anend entityEE whose TEE contains the new CA public key (following a CA key update) may also need to be able to verify certificates verifiable using the old public key.End entitiesEEs who directly trust the old CA key pair may also need to be able to verify certificates signed using the new CA private key (required for situations where the old CA public key is "hardwired" into theend entity'sEE's cryptographic equipment).</t> </li> <li> <t>The functions of an RA may, in some implementations or environments, be carried out by the CA itself. The protocols must be designed so thatend entitiesEEs will use the same protocol regardless of whether the communication is with an RA or CA. Naturally, theend entityEE must use the correct RA or CA public key to verify the protection of the communication.</t> </li> <li> <t>Where anend entityEE requests a certificate containing a given public key value, theend entityEE must be ready to demonstrate possession of the corresponding private key value. This may be accomplished in various ways, depending on the type of certification request. See <xref target="sect-4.3"/> for details of the in-band methods defined for the PKIX-CMP (i.e.,Certificate Management Protocol)CMP) messages.</t> </li> </ol> </section> <section anchor="sect-3.1.3"> <name>PKI Management Operations</name> <t>The following diagram shows the relationship between the entities defined above in terms of the PKI management operations. The letters in the diagram indicate "protocols" in the sense that a defined set of PKI management messages can be sent along each of the lettered lines.</t> <figure anchor="ure-pki-entities"> <name>PKI Entities</name> <artset> <artwork type="svg" align="left"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="592" width="520" viewBox="0 0 520 592" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 8,32 L 8,448" fill="none" stroke="black"/> <path d="M 40,32 L 40,448" fill="none" stroke="black"/> <path d="M 184,272 L 184,320" fill="none" stroke="black"/> <path d="M 208,208 L 208,264" fill="none" stroke="black"/> <path d="M 224,216 L 224,264" fill="none" stroke="black"/> <path d="M 240,272 L 240,320" fill="none" stroke="black"/> <path d="M 256,32 L 256,64" fill="none" stroke="black"/> <path d="M 272,72 L 272,200" fill="none" stroke="black"/> <path d="M 272,368 L 272,400" fill="none" stroke="black"/> <path d="M 288,72 L 288,208" fill="none" stroke="black"/> <path d="M 288,304 L 288,360" fill="none" stroke="black"/> <path d="M 296,528 L 296,560" fill="none" stroke="black"/> <path d="M 304,288 L 304,360" fill="none" stroke="black"/> <path d="M 312,408 L 312,520" fill="none" stroke="black"/> <path d="M 328,408 L 328,520" fill="none" stroke="black"/> <path d="M 344,208 L 344,360" fill="none" stroke="black"/> <path d="M 352,528 L 352,560" fill="none" stroke="black"/> <path d="M 360,32 L 360,64" fill="none" stroke="black"/> <path d="M 360,216 L 360,360" fill="none" stroke="black"/> <path d="M 376,368 L 376,400" fill="none" stroke="black"/> <path d="M 8,32 L 40,32" fill="none" stroke="black"/> <path d="M 256,32 L 360,32" fill="none" stroke="black"/> <path d="M 64,48 L 232,48" fill="none" stroke="black"/> <path d="M 376,48 L 432,48" fill="none" stroke="black"/> <path d="M 256,64 L 360,64" fill="none" stroke="black"/> <path d="M 56,208 L 512,208" fill="none" stroke="black"/> <path d="M 184,272 L 240,272" fill="none" stroke="black"/> <path d="M 72,288 L 168,288" fill="none" stroke="black"/> <path d="M 256,288 L 304,288" fill="none" stroke="black"/> <path d="M 256,304 L 288,304" fill="none" stroke="black"/> <path d="M 184,320 L 240,320" fill="none" stroke="black"/> <path d="M 272,368 L 376,368" fill="none" stroke="black"/> <path d="M 72,384 L 264,384" fill="none" stroke="black"/> <path d="M 384,384 L 440,384" fill="none" stroke="black"/> <path d="M 272,400 L 376,400" fill="none" stroke="black"/> <path d="M 8,448 L 40,448" fill="none" stroke="black"/> <path d="M 296,528 L 352,528" fill="none" stroke="black"/> <path d="M 296,560 L 352,560" fill="none" stroke="black"/> <polygon class="arrowhead" points="448,384 436,378.4 436,389.6" fill="black" transform="rotate(0,440,384)"/> <polygon class="arrowhead" points="384,48 372,42.4 372,53.6" fill="black" transform="rotate(180,376,48)"/> <polygon class="arrowhead" points="368,216 356,210.4 356,221.6" fill="black" transform="rotate(270,360,216)"/> <polygon class="arrowhead" points="352,360 340,354.4 340,365.6" fill="black" transform="rotate(90,344,360)"/> <polygon class="arrowhead" points="336,408 324,402.4 324,413.6" fill="black" transform="rotate(270,328,408)"/> <polygon class="arrowhead" points="320,520 308,514.4 308,525.6" fill="black" transform="rotate(90,312,520)"/> <polygon class="arrowhead" points="296,360 284,354.4 284,365.6" fill="black" transform="rotate(90,288,360)"/> <polygon class="arrowhead" points="296,72 284,66.4 284,77.6" fill="black" transform="rotate(270,288,72)"/> <polygon class="arrowhead" points="280,200 268,194.4 268,205.6" fill="black" transform="rotate(90,272,200)"/> <polygon class="arrowhead" points="264,288 252,282.4 252,293.6" fill="black" transform="rotate(180,256,288)"/> <polygon class="arrowhead" points="232,216 220,210.4 220,221.6" fill="black" transform="rotate(270,224,216)"/> <polygon class="arrowhead" points="216,264 204,258.4 204,269.6" fill="black" transform="rotate(90,208,264)"/> <polygon class="arrowhead" points="80,384 68,378.4 68,389.6" fill="black" transform="rotate(180,72,384)"/> <polygon class="arrowhead" points="80,288 68,282.4 68,293.6" fill="black" transform="rotate(180,72,288)"/> <polygon class="arrowhead" points="72,48 60,42.4 60,53.6" fill="black" transform="rotate(180,64,48)"/> <g class="text"> <text x="104" y="36">cert.</text> <text x="160" y="36">publish</text> <text x="416" y="36">j</text> <text x="280" y="52">End</text> <text x="324" y="52">Entity</text> <text x="24" y="68">C</text> <text x="152" y="68">g</text> <text x="464" y="68">"out-of-band"</text> <text x="24" y="84">e</text> <text x="448" y="84">loading</text> <text x="24" y="100">r</text> <text x="368" y="100">initial</text> <text x="24" y="116">t</text> <text x="256" y="116">a</text> <text x="304" y="116">b</text> <text x="400" y="116">registration/</text> <text x="400" y="132">certification</text> <text x="24" y="148">/</text> <text x="352" y="148">key</text> <text x="388" y="148">pair</text> <text x="444" y="148">recovery</text> <text x="352" y="164">key</text> <text x="388" y="164">pair</text> <text x="436" y="164">update</text> <text x="24" y="180">C</text> <text x="384" y="180">certificate</text> <text x="460" y="180">update</text> <text x="24" y="196">R</text> <text x="72" y="196">PKI</text> <text x="120" y="196">"USERS"</text> <text x="380" y="196">revocation</text> <text x="456" y="196">request</text> <text x="24" y="212">L</text> <text x="72" y="228">PKI</text> <text x="132" y="228">MANAGEMENT</text> <text x="108" y="244">ENTITIES</text> <text x="192" y="244">a</text> <text x="240" y="244">b</text> <text x="328" y="244">a</text> <text x="376" y="244">b</text> <text x="24" y="260">R</text> <text x="24" y="276">e</text> <text x="152" y="276">g</text> <text x="280" y="276">d</text> <text x="24" y="292">p</text> <text x="204" y="292">RA</text> <text x="24" y="308">o</text> <text x="112" y="308">cert.</text> <text x="24" y="324">s</text> <text x="128" y="324">publish</text> <text x="272" y="324">c</text> <text x="24" y="340">i</text> <text x="24" y="356">t</text> <text x="24" y="372">o</text> <text x="128" y="372">g</text> <text x="408" y="372">i</text> <text x="24" y="388">r</text> <text x="324" y="388">CA</text> <text x="24" y="404">y</text> <text x="128" y="404">h</text> <text x="448" y="404">"out-of-band"</text> <text x="112" y="420">cert.</text> <text x="168" y="420">publish</text> <text x="448" y="420">publication</text> <text x="104" y="436">CRL</text> <text x="152" y="436">publish</text> <text x="440" y="452">cross-certification</text> <text x="296" y="468">e</text> <text x="344" y="468">f</text> <text x="432" y="468">cross-certificate</text> <text x="412" y="484">update</text> <text x="324" y="548">CA-2</text> </g> </svg> </artwork> <artwork type="ascii-art" align="left"><![CDATA[ +---+ cert. publish +------------+ j | | <--------------------- | End Entity | <------- | C | g +------------+ "out-of-band" | e | | ^ loading | r | | | initial | t | a | | b registration/ | | | | certification | / | | | key pair recovery | | | | key pair update | C | | | certificate update | R | PKI "USERS" V | revocation request | L | -------------------+-+-----+-+------+-+------------------- | | PKI MANAGEMENT | ^ | ^ | | ENTITIES a | | b a | | b | R | V | | | | e | g +------+ d | | | p | <------------ | RA | <-----+ | | | o | cert. | | ----+ | | | | s | publish +------+ c | | | | | i | | | | | | t | V | V | | o | g +------------+ i | r | <------------------------| CA |-------> | y | h +------------+ "out-of-band" | | cert. publish | ^ publication | | CRL publish | | +---+ | | cross-certification e | | f cross-certificate | | update | | V | +------+ | CA-2 | +------+ ]]></artwork> </artset> </figure> <t>At a high level, the set of operations for which management messages are defined can be grouped as follows.</t> <ol spacing="normal"type="1"><li> <t>CAtype="1"> <li>CA establishment: When establishing a new CA, certain steps are required (e.g., production of initialCRLs,CRLs and export of CA publickey).</t> </li> <li> <t>Endkey).</li> <li>End entity initialization: This includes importing a root CA public key and requesting information about the options supported by a PKI managemententity.</t> </li> <li> <t>Certification:entity.</li> <li><t>Certification: Various operations result in the creation of new certificates: </t> <ol spacing="normal"type="1"><li> <t>initialtype="a"> <li>initial registration/certification: This is the process whereby anend entityEE first makes itself known to a CA or RA, prior to the CA issuing a certificate or certificates for thatend entity.EE. The end result of this process (when it is successful) is that a CA issues a certificate for anend entity'sEE's publickey,key and returns that certificate to theend entityEE and/or posts that certificate in a repository. This process may, and typically will, involve multiple "steps", possibly including an initialization of theend entity'sEE's equipment. For example, theend entity'sEE's equipment must be securely initialized with the public key of a CA, e.g., using zero-touch methods like Bootstrapping Remote Secure Key Infrastructure (BRSKI) <xref target="RFC8995"/> or Secure Zero Touch Provisioning (SZTP) <xref target="RFC8572"/>, to be used in validating certificate paths. Furthermore, anend entityEE typically needs to be initialized with its own keypair(s).</t> </li> <li> <t>keypair(s).</li> <li>key pair update: Every key pair needs to be updated regularly (i.e., replaced with a new key pair), and a new certificate needs to beissued.</t> </li> <li> <t>certificateissued.</li> <li>certificate update: As certificates expire, they may be "refreshed" if nothing relevant in the environment haschanged.</t> </li> <li> <t>CAchanged.</li> <li>CA key pair update: As withend entities,EEs, CA key pairs need to be updated regularly; however, different mechanisms arerequired.</t> </li> <li> <t>cross-certificationrequired.</li> <li><t>cross-certification request: One CA requests issuance of a cross-certificate from another CA. For the purposes of this standard, the following terms are defined. A "cross-certificate" is a certificate in which the subject CA and the issuer CA are distinct and SubjectPublicKeyInfo contains a verification key (i.e., the certificate has been issued for the subject CA's signing key pair). When it is necessary to distinguish more finely, the following terms may be used:aA cross-certificate is called an "inter-domain cross-certificate" if the subject and issuer CAs belong to different administrative domains; it is called an "intra-domain cross-certificate" otherwise.</t></li> </ol> <ul empty="true"> <li> <t>Note 1: The<ol type="Note %d:"> <li>The above definition of "cross-certificate" aligns with the defined term "CA-certificate" in X.509. Note that this term is not to be confused with the X.500 "cACertificate" attribute type, which isunrelated.</t> </li> </ul> <ul empty="true"> <li> <t>Note 2: Inunrelated.</li> <li>In many environments, the term "cross-certificate", unless further qualified, will be understood to be synonymous with "inter-domain cross-certificate" as definedabove.</t> </li> </ul> <ul empty="true"> <li> <t>Note 3: Issuanceabove.</li> <li>Issuance of cross-certificates may be, but is not necessarily, mutual; that is, two CAs may issue cross-certificates for eachother.</t>other.</li> </ol> </li></ul> <ol spacing="normal" type="1"><li> <t>[RFC-Editor: Please fix the enumeration and continue with '6'.] cross-certificate<li>cross-certificate update: Similar to a normal certificateupdate,update but involving across-certificate.</t> </li>cross-certificate.</li> </ol> </li><li> <t>Certificate/CRL<li><t>Certificate/CRL discovery operations: Some PKI management operations result in the publication of certificates or CRLs: </t> <ol spacing="normal"type="1"><li> <t>certificatetype="a"> <li>certificate publication: Having gone to the trouble of producing a certificate, some means for publishing may be needed. The "means" defined in PKIX <bcp14>MAY</bcp14> involve the messages specified in Sections <xref format="counter" target="sect-5.3.13"/> to <xref format="counter"target="sect-5.3.16"/>,target="sect-5.3.16"/> or <bcp14>MAY</bcp14> involve other methods(LDAP, for example)(for example, Lightweight Directory Access Protocol (LDAP)) as described in <xref target="RFC4511"/> or <xref target="RFC2585"/> (the "Operational Protocols" documents of the PKIX series ofspecifications).</t> </li> <li> <t>CRLspecifications).</li> <li>CRL publication: As for certificatepublication.</t> </li>publication.</li> </ol> </li><li> <t>Recovery<li><t>Recovery operations: Some PKI management operations are used when anend entityEE has "lost" itsTEE: </t>TEE:</t> <ol spacing="normal"type="1"><li> <t>keytype="a"> <li>key pair recovery: As an option, user client key materials (e.g., a user's private key used for decryption purposes) <bcp14>MAY</bcp14> be backed up by a CA, an RA, or a key backup system associated with a CA or RA. If an entity needs to recover these backed up key materials (e.g., as a result of a forgotten password or a lost key chain file), a protocol exchange may be needed to support suchrecovery.</t> </li>recovery.</li> </ol> </li><li> <t>Revocation<li><t>Revocation operations: Some PKI management operations result in the creation of new CRL entries and/or newCRLs: </t>CRLs:</t> <ol spacing="normal"type="1"><li> <t>revocationtype="a"> <li>revocation request: An authorized person advises a CA of an abnormal situation requiring certificaterevocation.</t> </li>revocation.</li> </ol> </li><li> <t>TEE<li>TEE operations: Whilst the definition of TEE operations (e.g., moving a TEE, changing a PIN, etc.) are beyond the scope of this specification, we do define a PKIMessage (CertRepMessage) that can form the basis of suchoperations.</t> </li>operations.</li> </ol> <t>Note thaton-lineonline protocols are not the only way of implementing the above operations. For all operations, there areoff-lineoffline methods of achieving the same result, and this specification does not mandate use ofon-lineonline protocols. For example, when hardware tokens are used, many of the operations <bcp14>MAY</bcp14> be achieved as part of the physical token delivery.</t> <t>Later sections define a set of standard messages supporting the above operations. Transfer protocols for conveying these exchanges in various environments (e.g.,off-line: file-based, on-line:offline: file-based; online: mail, HTTP <xreftarget="I-D.ietf-lamps-rfc6712bis"/>,target="RFC9811"/>, MQTT, and CoAP <xref target="RFC9482"/>) are beyond the scope of this document and must be specified separately. Appropriate transfer protocols <bcp14>MUST</bcp14> be capable of delivering the CMP messages reliably.</t> <t>CMP provides inbuilt integrity protection and authentication. The information communicated unencrypted in CMP messages does not contain sensitive information endangering the security of the PKI when intercepted. However, it might be possible for an eavesdropper to utilize the available information to gather confidential technical orbusiness criticalbusiness-critical information. Therefore, users should consider protection of confidentiality on lower levels of the protocol stack, e.g., by using TLS <xref target="RFC8446"/>, DTLS <xref target="RFC9147"/>, or IPsec <xref target="RFC7296"/><xref target="RFC4303"/>.</t> </section> </section> </section> <section anchor="sect-4"> <name>Assumptions and Restrictions</name> <section anchor="sect-4.1"> <name>End Entity Initialization</name> <t>The first step for anend entityEE in dealing with PKI management entities is to request information about the PKI functions supported and to securely acquire a copy of the relevant root CA public key(s).</t> </section> <section anchor="sect-4.2"> <name>Initial Registration/Certification</name> <t>There are many schemes that can be used to achieve initial registration and certification ofend entities.EEs. No one method is suitable for all situations due to the range of policies that a CA may implement and the variation in the types ofend entity whichEE that can occur.</t> <t>However, we can classify the initial registration/certification schemes that are supported by this specification. Note that the word "initial", above, is crucial:weWe are dealing with the situation where theend entityEE in question has had no previous contact with the PKI, except having received the root CA certificate of that PKI by some zero-touch method like BRSKI <xref target="RFC8995"/>and<xreftarget="I-D.ietf-anima-brski-ae"/>target="RFC9733"/> or SZTP <xref target="RFC8572"/>. In case theend entityEE already possesses certified keys, then some simplifications/alternatives are possible.</t> <t>Having classified the schemes that are supported by thisspecificationspecification, we can then specify some as mandatory and some as optional. The goal is that the mandatory schemes cover a sufficient number of the cases that will arise in real use, whilst the optional schemes are available for special cases that arise less frequently. In this way, we achieve a balance between flexibility and ease of implementation.</t> <t>Further classification of mandatory and optional schemes addressing different environments is available, e.g., in Appendices <xreftarget="sect-c"/>target="sect-c" format="counter"/> and <xreftarget="sect-d"/>target="sect-d" format="counter"/> of this specification on managing human user certificates as well as in the Lightweight CMP Profile <xref target="RFC9483"/> on fully automating certificate management in a machine-to-machine andIoTInternet of Things (IoT) environment.Also industryIndustry standardslikesuch as <xref target="ETSI-3GPP.33.310"/> for mobile networks and <xref target="UNISIG.Subset-137"/> forRail Automationrailroad automation have adopted CMP andhave specifieddefined asetseries of mandatory schemes for their usecase.</t>cases.</t> <t>We will now describe the classification of initial registration/certification schemes.</t> <section anchor="sect-4.2.1"> <name>Criteria Used</name> <section anchor="sect-4.2.1.1"> <name>Initiation of Registration/Certification</name> <t>In terms of the PKI messages that are produced, we can regard the initiation of the initial registration/certification exchanges as occurring wherever the first PKI message relating to theend entityEE is produced. Note that the real-world initiation of the registration/certification procedure may occur elsewhere (e.g., a personnel department may telephone an RA operator orusing zero touchuse zero-touch methods like BRSKI <xref target="RFC8995"/> or SZTP <xref target="RFC8572"/>).</t> <t>The possible locations are at theend entity,EE, an RA, or a CA.</t> </section> <section anchor="sect-4.2.1.2"> <name>End Entity Message Origin Authentication</name> <t>Theon-lineonline messages produced by theend entityEE that requires a certificate may be authenticated or not. The requirement here is to authenticate the origin of any messages from theend entityEE to the PKI (CA/RA).</t> <t>In this specification, such authentication is achieved by two different means:</t> <ul spacing="normal"> <li> <t>symmetric: The PKI (CA/RA) issuing theend entityEE with a secret value (initial authentication key) and reference value (used to identify the secret value) via some out-of-band means. The initial authentication key can then be used to protect relevant PKI messages.</t> </li> <li> <t>asymmetric: Using a private key and certificate issued by another PKI trusted for initial authentication, e.g., anIDevIDInitial Device Identifier (IDevID) <xreftarget="IEEE.802.1AR-2018">IEEE 802.1AR</xref>.target="IEEE.802.1AR-2018">IEEE 802.1AR</xref>. The trust establishment in this external PKI is out of scope of this document.</t> </li> </ul> <t>Thus, we can classify the initial registration/certification scheme according to whether or not theon-lineonline 'end entity -> PKI management entity' messages are authenticated or not.</t><t>Note 1: We<ol type="Note %d:"> <li>We do not discuss the authentication of the 'PKI management entity -> end entity' messages here, as this is always <bcp14>REQUIRED</bcp14>. In any case, it can be achieved simply once the root-CA public key has been installed at theend entity'sEE's equipment or it can be based on the initial authenticationkey.</t> <t>Note 2: Ankey.</li> <li>An initial registration/certification procedure can be secure where the messages from theend entityEE are authenticated via some out-of-band means (e.g., a subsequentvisit).</t>visit).</li> </ol> </section> <section anchor="sect-4.2.1.3"> <name>Location of Key Generation</name> <t>In this specification, "key generation" is regarded as occurring wherever either the public or private component of a key pair first occurs in a PKIMessage. Note that this does not preclude a centralized key generation service by a KGA; the actual key pair <bcp14>MAY</bcp14> have been generated elsewhere and transported to theend entity,EE, RA, or CA using a (proprietary or standardized) key generation request/response protocol (outside the scope of this specification).</t> <t>Thus, there are three possibilities for the location of "key generation": theend entity,EE, a KGA, or a CA.</t> </section> <section anchor="sect-4.2.1.4"> <name>Confirmation of Successful Certification</name> <t>Following the creation of a certificate for anend entity,EE, additional assurance can be gained by having theend entityEE explicitly confirm successful receipt of the message containing (or indicating the creation of) the certificate. Naturally, this confirmation message must be protected (based on the initial symmetric or asymmetric authentication key or other means).</t> <t>This gives two further possibilities: confirmed or not.</t> </section> </section> <section anchor="sect-4.2.2"> <name>Initial Registration/Certification Schemes</name> <t>The criteria above allow for a large number of initial registration/certification schemes. Examples of possible initial registration/certification schemes can be found in the following subsections. An entity may support other schemes specified in profiles of PKIX-CMP, such as Appendices <xreftarget="sect-c"/>target="sect-c" format="counter"/> and <xreftarget="sect-d"/>target="sect-d" format="counter"/> or <xref target="RFC9483"/>.</t> <section anchor="sect-4.2.2.1"> <name>Centralized Scheme</name> <t>In terms of the classification above, this scheme is, in some ways, the simplest possible, where:</t> <ul spacing="normal"> <li> <t>initiation occurs at the certifying CA;</t> </li> <li> <t>noon-lineonline message authentication is required;</t> </li> <li> <t>"key generation" occurs at the certifying CA (see <xreftarget="sect-4.2.1.3"/>);</t>target="sect-4.2.1.3"/>); and</t> </li> <li> <t>no confirmation message is required.</t> </li> </ul> <t>In terms of message flow, this scheme means that the only message required is sent from the CA to theend entity.EE. The message must contain the entire TEE for theend entity.EE. Some out-of-band means must be provided to allow theend entityEE to authenticate the message received and to decrypt any encrypted values.</t> </section> <section anchor="sect-4.2.2.2"> <name>Basic Authenticated Scheme</name> <t>In terms of the classification above, this scheme is where:</t> <ul spacing="normal"> <li> <t>initiation occurs at theend entity;</t>EE;</t> </li> <li> <t>message authentication is required;</t> </li> <li> <t>"key generation" occurs at theend entityEE (see <xreftarget="sect-4.2.1.3"/>);</t>target="sect-4.2.1.3"/>); and</t> </li> <li> <t>a confirmation message is recommended.</t> </li> </ul> <t>Note: An Initial Authentication Key (IAK) can be either a symmetric key or an asymmetric private key with a certificate issued by another PKI trusted for this purpose. The establishment of such trust is out of scope of this document.</t> <t>In terms of message flow, the basic authenticated scheme is as follows:</t> <artset> <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="384" width="552" viewBox="0 0 552 384" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 24,94 L 96,94" fill="none" stroke="black"/> <path d="M 24,98 L 96,98" fill="none" stroke="black"/> <path d="M 408,94 L 504,94" fill="none" stroke="black"/> <path d="M 408,98 L 504,98" fill="none" stroke="black"/> <path d="M 136,192 L 176,192" fill="none" stroke="black"/> <path d="M 368,192 L 408,192" fill="none" stroke="black"/> <path d="M 136,256 L 176,256" fill="none" stroke="black"/> <path d="M 376,256 L 416,256" fill="none" stroke="black"/> <path d="M 136,304 L 176,304" fill="none" stroke="black"/> <path d="M 376,304 L 416,304" fill="none" stroke="black"/> <path d="M 136,352 L 176,352" fill="none" stroke="black"/> <path d="M 376,352 L 416,352" fill="none" stroke="black"/> <polygon class="arrowhead" points="424,304 412,298.4 412,309.6" fill="black" transform="rotate(0,416,304)"/> <polygon class="arrowhead" points="416,192 404,186.4 404,197.6" fill="black" transform="rotate(0,408,192)"/> <polygon class="arrowhead" points="384,352 372,346.4 372,357.6" fill="black" transform="rotate(180,376,352)"/> <polygon class="arrowhead" points="384,256 372,250.4 372,261.6" fill="black" transform="rotate(180,376,256)"/> <polygon class="arrowhead" points="184,304 172,298.4 172,309.6" fill="black" transform="rotate(0,176,304)"/> <polygon class="arrowhead" points="184,192 172,186.4 172,197.6" fill="black" transform="rotate(0,176,192)"/> <polygon class="arrowhead" points="144,352 132,346.4 132,357.6" fill="black" transform="rotate(180,136,352)"/> <polygon class="arrowhead" points="144,256 132,250.4 132,261.6" fill="black" transform="rotate(180,136,256)"/> <g class="text"> <textx="12" y="36">In</text> <text x="48" y="36">terms</text> <text x="84" y="36">of</text> <text x="128" y="36">message</text> <text x="184" y="36">flow,</text> <text x="224" y="36">the</text> <text x="264" y="36">basic</text> <text x="344" y="36">authenticated</text> <text x="428" y="36">scheme</text> <text x="468" y="36">is</text> <text x="492" y="36">as</text> <text x="36" y="52">follows:</text> <textx="32" y="84">End</text> <text x="76" y="84">entity</text> <text x="456" y="84">RA/CA</text> <text x="104" y="116">out-of-band</text> <text x="204" y="116">distribution</text> <text x="268" y="116">of</text> <text x="312" y="116">Initial</text> <text x="404" y="116">Authentication</text> <text x="72" y="132">Key</text> <text x="112" y="132">(IAK)</text> <text x="152" y="132">and</text> <text x="208" y="132">reference</text> <text x="272" y="132">value</text> <text x="324" y="132">(RA/CA</text> <text x="364" y="132">-></text> <text x="392" y="132">EE)</text> <text x="32" y="148">Key</text> <text x="92" y="148">generation</text> <text x="52" y="164">Creation</text> <text x="100" y="164">of</text> <text x="168" y="164">certification</text> <text x="256" y="164">request</text> <text x="48" y="180">Protect</text> <text x="112" y="180">request</text> <text x="164" y="180">with</text> <text x="200" y="180">IAK</text> <text x="240" y="196">certification</text> <text x="328" y="196">request</text> <text x="420" y="212">verify</text> <text x="480" y="212">request</text> <text x="424" y="228">process</text> <text x="488" y="228">request</text> <text x="420" y="244">create</text> <text x="484" y="244">response</text> <text x="240" y="260">certification</text> <text x="332" y="260">response</text> <text x="44" y="276">handle</text> <text x="108" y="276">response</text> <text x="44" y="292">create</text> <text x="124" y="292">confirmation</text> <text x="204" y="308">cert</text> <text x="244" y="308">conf</text> <text x="296" y="308">message</text> <text x="420" y="324">verify</text> <text x="500" y="324">confirmation</text> <text x="420" y="340">create</text> <text x="484" y="340">response</text> <text x="204" y="356">conf</text> <text x="240" y="356">ack</text> <text x="300" y="356">(optional)</text> <text x="44" y="372">handle</text> <text x="108" y="372">response</text> </g> </svg> </artwork> <artwork type="ascii-art"><![CDATA[In terms of message flow, the basic authenticated scheme is as follows:End entity RA/CA ========== ============= out-of-band distribution of Initial Authentication Key (IAK) and reference value (RA/CA -> EE) Key generation Creation of certification request Protect request with IAK -----> certification request -----> verify request process request create response <----- certification response <----- handle response create confirmation -----> cert conf message -----> verify confirmation create response <----- conf ack (optional) <----- handle response ]]></artwork> </artset> <t>Note: Where verification of the cert confirmation message fails, the RA/CA <bcp14>MUST</bcp14> revoke the newly issued certificate if it has been published or otherwise made available.</t> </section> </section> </section> <section anchor="sect-4.3"><name>Proof-of-Possession (POP)<name>POP of Private Key</name><t>Proof-of-possession (POP)<t>POP is where a PKI management entity (CA/RA) verifies if anend entityEE has access to the private key corresponding to a given public key. The question of whether, and in what circumstances, POPs add value to a PKI is a debate as old as PKI itself! See <xref target="sect-8.1"/> for a further discussion on the necessity ofproof-of-possessionPOP in PKI.</t> <t>The PKI management operations specified here make it possible for anend entityEE to prove to a CA/RA that it has possession of (i.e., is able to use) the private key corresponding to the public key for which a certificate is requested (see <xref target="sect-5.2.8"/> for different POP methods). A given CA/RA is free to choose how to enforce POP (e.g., out-of-band procedural means versus PKIX-CMP in-band messages) in its certification exchanges (i.e., this may be a policy issue). However, it is <bcp14>REQUIRED</bcp14> that CAs/RAs <bcp14>MUST</bcp14> enforce POP by some means because there are currently many non-PKIX operational protocols in use (various electronic mail protocols are one example) that do not explicitly check the binding between theend entityEE and the private key. Until operational protocols that do verify the binding (for signature, encryption, key agreement, and KEM key pairs) exist, and are ubiquitous, this binding can only be assumed to have been verified by the CA/RA. Therefore, if the binding is not verified by the CA/RA, certificates in the InternetPublic-Key InfrastructurePKI end up being somewhat less meaningful.</t> <t>POP is accomplished in different ways depending upon the type of key for which a certificate is requested. If a key can be used for multiple purposes (e.g., an RSAkey)key), then any appropriate method <bcp14>MAY</bcp14> be used (e.g., a key that may be used for signing, as well as other purposes, <bcp14>MUST NOT</bcp14> be sent to the CA/RA in order to prove possession unless archival of the private key is explicitly desired).</t> <t>This specification explicitly allows for cases where anend entityEE supplies the relevant proof to an RA and the RA subsequently attests to the CA that the required proof has been received (and validated!). For example, anend entityEE wishing to have a signing key certified could send the appropriate signature to the RA, which then simply notifies the relevant CA that theend entityEE has supplied the required proof. Of course, such a situation may be disallowed by some policies (e.g., CAs may be the only entities permitted to verify POP during certification).</t> <section anchor="sect-4.3.1"> <name>Signature Keys</name> <t>For signature keys, theend entityEE can sign a value to prove possession of the privatekey,key; see <xref target="sect-5.2.8.2"/>.</t> </section> <section anchor="sect-4.3.2"> <name>Encryption Keys</name> <t>For encryption keys, theend entityEE can provide the private key to the CA/RA (e.g., for archiving), see <xref target="sect-5.2.8.3.1"/>, or can be required to decrypt a value in order to prove possession of the private key. Decrypting a value can be achieved either directly (see <xref target="sect-5.2.8.3.3"/>) or indirectly (see <xref target="sect-5.2.8.3.2"/>).</t> <t>The direct method is for the RA/CA to issue a random challenge to which an immediate response by the EE is required.</t> <t>The indirect method is to issue a certificate that is encrypted for theend entityEE (and have theend entityEE demonstrate its ability to decrypt this certificate in the confirmation message). This allows a CA to issue a certificate in a form that can only be used by the intendedend entity.</t>EE.</t> <t>This specification encourages use of the indirect method because it requires no extra messages to be sent (i.e., the proof can be demonstrated using the {request, response, confirmation} triple of messages).</t> </section> <section anchor="sect-4.3.3"> <name>Key Agreement Keys</name> <t>For key agreement keys, theend entityEE and the PKI management entity (i.e., CA or RA) must establish a shared secret key in order to prove that theend entityEE has possession of the private key.</t> <t>Note that this need not impose any restrictions on the keys that can be certified by a given CA. In particular, for Diffie-Hellmankeys(DH) keys, theend entityEE may freely choose its algorithm parameters provided that the CA can generate a short-term (or one-time) key pair with the appropriate parameters when necessary.</t> </section> <section anchor="sect-4.3.4"><name>Key Encapsulation Mechanism<name>KEM Keys</name> <t>Forkey encapsulation mechanism (KEM)KEM keys, theend entityEE can provide the private key to the CA/RA (e.g., for archiving), see <xref target="sect-5.2.8.3.1"/>, or can be required to decrypt a value in order to prove possession of the private key. Decrypting a value can be achieved either directly (see <xref target="sect-5.2.8.3.3"/>) or indirectly (see <xref target="sect-5.2.8.3.2"/>).</t> <t>Note: A definition ofkey encapsulation mechanismsKEMs can be found in <xref section="1"sectionFormat="comma"sectionFormat="of" target="RFC9629"/>.</t> <t>The direct method is for the RA/CA to issue a random challenge to which an immediate response by the EE is required.</t> <t>The indirect method is to issue a certificate that is encrypted for theend entityEE using a shared secret key derived from a key encapsulated using the public key (and have theend entityEE demonstrate its ability to use its private key for decapsulation of the KEM ciphertext, derive the shared secret key, decrypt this certificate, and provide a hash of the certificate in the confirmation message). This allows a CA to issue a certificate in a form that can only be used by the intendedend entity.</t>EE.</t> <t>This specification encourages use of the indirect method because it requires no extra messages to be sent (i.e., the proof can be demonstrated using the {request, response, confirmation} triple of messages).</t> <t>A certification request message for a KEM certificate <bcp14>SHALL</bcp14> use POPOPrivKey by using the keyEncipherment choice ofProofOfPossession, seeProofOfPossession (see <xreftarget="sect-5.2.8"/>,target="sect-5.2.8"/>) in the popo field of CertReqMsg as long as no KEM-specific choice is available.</t> </section> </section> <section anchor="sect-4.4"> <name>Root CA Key Update</name> <t>This discussion only applies to CAs that are directly trusted by someend entities.EEs. Recognizing whether a self-signed or non-self-signed CA is supposed to be directly trusted for someend entitiesEEs is a matter of CA policy andend entityEE configuration.ThisThus, this isthusbeyond the scope of this document.</t> <t>The basis of the procedure described here is that the CA protects its new public key using its previous private key and vice versa. Thus, when a CA updates its keypairpair, it may generate two linkcertificatescertificates: "old with new" and "new with old".</t> <t>Note: The usage of link certificates has been shown to be veryuse casespecific for each use case, and no assumptions are done on this aspect. RootCaKeyUpdateContent is updated to specify these link certificates as optional.</t> <t>Note: When an LDAP directory is used to publish root CA updates, the old and new root CA certificates together with the two link certificates are stored as cACertificate attribute values.</t> <t>When a CA changes its key pair, those entities who have acquired the old CA public key via "out-of-band" means are most affected. Theseend entitiesEEs need to acquire the new CA public key in a trusted way. This may be achieved"out-of-band","out-of-band" by using arepository,repository or by using online messages also containing the link certificates "new with old". Once theend entityEE acquired and properly verified the new CA public key, it must load the new trust anchor information into its trusted store.</t> <t>The data structure used to protect the new and old CA public keys is typically a standardX.509 v3X.509v3 certificate (which may also contain extensions). There are no new data structures required.</t> <t>Note: Sometimes self-signed root CA certificates do not make use ofX.509 v3X.509v3 extensions and may beX.509 v1X.509v1 certificates. Therefore, a root CA key update must be able to work for version 1 certificates. The use of theX.509 v3X.509v3 KeyIdentifier extension is recommended for easier path building.</t> <t>Note: While the scheme could be generalized to cover cases where the CA updates its key pair more than once during the validity period of one of itsend entities'EEs' certificates, this generalization seems of dubious value. Not having this generalization simply means that the validity periods of certificates issued with the old CA key pair cannot exceed the end of the "old with new" certificate validity period.</t> <t>Note: This scheme offers a mechanism to ensures thatend entitiesEEs will acquire the new CA public key, at the latest by the expiry of the last certificate they owned that was signed with the old CA private key. Certificate and/or key update operations occurring at other times do not necessarily require this (depending on theend entity'sEE's equipment).</t> <t>Note: In practice, a new root CA may have a slightly different subjectDN,Distinguished Name (DN), e.g., indicating a generation identifier like the year of issuance or a version number, forinstanceinstance, in anOUOrganizational Unit (OU) element. How to bridge trust to the new root CA certificate in a CA DN change or a cross-certificate scenario is out of scope for this document.</t> <section anchor="sect-4.4.1"> <name>CA Operator Actions</name> <t>To change the key of the CA, the CA operator does the following:</t> <ol spacing="normal" type="1"><li> <t>Generate a new key pair.</t> </li> <li> <t>Create a certificate containing the new CA public key signed with the new private key or by the private key of some other CA (the "new with new" certificate).</t> </li> <li> <t>Optionally: Create a link certificate containing the new CA public key signed with the old private key (the "new with old" certificate).</t> </li> <li> <t>Optionally: Create a link certificate containing the old CA public key signed with the new private key (the "old with new" certificate).</t> </li> <li> <t>Publish these new certificates so thatend entitiesEEs may acquire it, e.g., using a repository or RootCaKeyUpdateContent.</t> </li> </ol> <t>The old CA private key is then no longer required when the validity of the "old with old" certificate ended. However, the old CA public key will remain in use for validating the "new with old" link certificate until the new CA public key is loaded into the trusted store. The old CA public key is no longer required (other than for non-repudiation) when allend entitiesEEs of this CA have securely acquired and stored the new CA public key.</t> <t>The "new with new" certificate must have a validity period with a notBefore time that is before the notAfter time of the "old with old" certificate and a notAfter time that is after the notBefore time of the next update of this certificate.</t> <t>The "new with old" certificate must have a validity period with the same notBefore time as the "new with new" certificate and a notAfter time by which allend entitiesEEs of this CA will securely possess the new CA public key (at the latest, at the notAfter time of the "old with old" certificate).</t> <t>The "old with new" certificate must have a validity period with the same notBefore and notAfter time as the "old with old" certificate.</t> <t>Note: Further operational considerations on transition from one root CA self-signed certificate to the next is available in <xreftarget="RFC8649">RFC 8649 Section 5</xref>.</t>section="5" target="RFC8649"/>.</t> </section> <section anchor="sect-4.4.2"> <name>Verifying Certificates</name> <t>Normally when verifying a signature, the verifier verifies (among other things) the certificate containing the public key of the signer. However, once a CA is allowed to update itskeykey, there are a range of new possibilities. These are shown in the table below.</t> <table> <thead> <tr> <thalign="left"> </th>align="left"/> <th align="left">Verifier's TEE contains NEW public key</th> <th align="left">Verifier's TEE contains OLD public key</th> </tr> </thead> <tbody> <tr><td<th align="left">Signer's certificate is protected using NEW keypair</td>pair</th> <td align="left">Case 1: The verifier can directly verify the certificate.</td> <td align="left">Case 2: The verifier is missing the NEW public key.</td> </tr> <tr><td<th align="left">Signer's certificate is protected using OLD keypair</td>pair</th> <td align="left">Case 3: The verifier is missing the OLD public key.</td> <td align="left">Case 4: The verifier can directly verify the certificate.</td> </tr> </tbody> </table> <section anchor="sect-4.4.2.1"> <name>Verification in Cases 1 and 4</name> <t>In these cases, the verifier has a local copy of the CA public key that can be used to verify the certificate directly. This is the same as the situation where no key change has occurred.</t> </section> <section anchor="sect-4.4.2.2"> <name>Verification in Case 2</name> <t>In case 2, the verifier must get access to the new public key of the CA. Case 2 will arise when the CA operator has issued the verifier's certificate, then changed the CA's key, and then issued the signer's certificate; so it is quite a typical case.</t> <t>The verifier does the following:</t> <ol spacing="normal" type="1"><li> <t>Get the "new with new" and "new with old" certificates. The location of where to retrievethesesthese certificatesfrom,may be available in the authority information access extension of the "old with old"certificate, see caIssuerscertificate (see the access method for caIssuers inSection 4.2.2.1 of<xreftarget="RFC5280"/>,section="4.2.2.1" target="RFC5280"/>), or it may be locally configured. </t> <ol spacing="normal"type="1"><li>type="a"><li> <t>If a repository is available, look up the certificates in the caCertificate attribute.</t> </li> <li> <t>Ifaan HTTP or FTP server is available, pick the certificates from the "certs-only" CMS message.</t> </li> <li> <t>If a CMP server is available, request the certificates using the root CA update the generalmessage, seemessage (see <xreftarget="sect-5.3.19.15"/>.</t>target="sect-5.3.19.15"/>).</t> </li> <li> <t>Otherwise, get the certificates "out-of-band" using any trustworthy mechanism.</t> </li> </ol> </li> <li> <t>Ifreceivedthecertificates,certificates are received, check that the validity periods and the subject and issuer fields match. Verify the signatures using the old root CA key (which the verifier has locally).</t> </li> <li> <t>If all checkswereare successful, securely store the new trust anchor information and validate the signer's certificate.</t> </li> </ol> </section> <section anchor="sect-4.4.2.3"> <name>Verification in Case 3</name> <t>In case 3, the verifier must get access to the old public key of the CA. Case 3 will arise when the CA operator has issued the signer's certificate, then changed the key, and then issued the verifier's certificate.</t> <t>The verifier does the following:</t> <ol spacing="normal" type="1"><li> <t>Get the "old with new" certificate. The location of where to retrievethesesthese certificatesfrom,may be available in the authority information access extension of the "new with new"certificate, seecertificate (see caIssuers access method inSection 4.2.2.1 of<xreftarget="RFC5280"/>,section="4.2.2.1" target="RFC5280"/>), or it may be locally configured. </t> <ol spacing="normal"type="1"><li>type="a"><li> <t>If a repository is available, look up the certificate in the caCertificate attribute.</t> </li> <li> <t>Ifaan HTTP or FTP server is available, pick the certificate from the "certs-only" CMS message.</t> </li> <li> <t>If a CMP server and an untrusted copy of the old root CA certificateisare available (e.g., the signer provided it in-band in the CMP extraCerts filed), request the certificate using the root CA update the generalmessage, seemessage (see <xreftarget="sect-5.3.19.15"/>.</t>target="sect-5.3.19.15"/>).</t> </li> <li> <t>Otherwise, get the certificate "out-of-band" using any trustworthy mechanism.</t> </li> </ol> </li> <li> <t>Ifreceivedthecertificate,certificate is received, check that the validity periods and the subject and issuer fields match. Verify the signatures using the new root CA key (which the verifier has locally).</t> </li> <li> <t>If all checks were successful, securely store the old trust anchor information and validate the signer's certificate.</t> </li> </ol> </section> </section> <section anchor="sect-4.4.3"> <name>Revocation - Change of the CA Key</name> <t>As we saw above, the verification of a certificate becomes more complex once the CA is allowed to change its key. This is also true for revocationcheckschecks, as the CA may have signed the CRL using a newer private key than the one within the user's TEE.</t> <t>The analysis of the alternatives is the same as for certificate verification.</t> </section> </section> <section anchor="sect-4.5"><name>Extended Key Usage<name>EKU for PKI Entities</name> <t>Theextended key usage (EKU)EKU extension indicates the purposes for which the certified key pair may be used. Therefore, it restricts the use of a certificate to specific applications.</t> <t>A CA may want to delegate parts of its duties to other PKI management entities. This section provides a mechanism to both prove this delegation and enable automated means for checking the authorization of this delegation. Such delegation may also be expressed by other means, e.g., explicit configuration.</t> <t>To offer automatic validation for the delegation of a role by a CA to another entity, the certificates used for CMP message protection or signed data for central key generation <bcp14>MUST</bcp14> be issued by the delegating CA and <bcp14>MUST</bcp14> contain the respective EKUs. This proves that the delegating CA authorized this entity to act in the given role, as described below.</t> <t>The OIDs to be used for these EKUs are:</t> <sourcecode type="asn.1"><![CDATA[ id-kp-cmcCA OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) kp(3) 27 } id-kp-cmcRA OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) kp(3) 28 } id-kp-cmKGA OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) kp(3) 32 } ]]></sourcecode> <t>Note:Section 2.10 of<xref section="2.10" target="RFC6402"/> specifies OIDs for a Certificate Management over CMS (CMC) CA and a CMC RA. As the functionality of a CA and RA is not specific to anycertificate managementprotocol used for managing certificates (such as CMC or CMP), these EKUs are reused by CMP.</t> <t>The meaning of the id-kp-cmKGA EKU is as follows:</t> <dlindent="9">spacing="normal" newline="false"> <dt>CMP KGA:</dt> <dd> <t>CMPkey generation authoritiesKGAs are CAs or are identified by the id-kp-cmKGAextended key usage.EKU. The CMP KGA knows the private key it generated on behalf of theend entity.EE. This is a very sensitive service and needs specific authorization, which by default is with the CA certificate itself. The CA may delegate its authorization by placing the id-kp-cmKGAextended key usageEKU in the certificate used to authenticate the origin of the generated private key. The authorization may also be determined through local configuration of theend entity.</t>EE.</t> </dd> </dl> </section> </section> <section anchor="sect-5"> <name>Data Structures</name> <t>This section contains descriptions of the data structures required for PKI management messages. <xref target="sect-6"/> describes constraints on their values and the sequence of events for each of the various PKI management operations.</t> <section anchor="sect-5.1"> <name>Overall PKI Message</name> <t>All of the messages used in this specification for the purposes of PKI management use the following structure:</t> <sourcecode type="asn.1"><![CDATA[ PKIMessage ::= SEQUENCE { header PKIHeader, body PKIBody, protection [0] PKIProtection OPTIONAL, extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate OPTIONAL } PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage ]]></sourcecode> <t>The PKIHeader contains information that is common to many PKI messages.</t> <t>The PKIBody contains message-specific information.</t> <t>The PKIProtection, when used, contains bits that protect the PKI message.</t> <t>The extraCerts field can contain certificates that may be useful to the recipient. For example, this can be used by a CA or RA to present anend entityEE with certificates that it needs to verify its own new certificate(if, for(for example, if the CA that issued theend entity'sEE's certificate is not a root CA for theend entity).EE). Note that this field does not necessarily contain a certification path; the recipient may have to sort, select from, or otherwise process the extra certificates in order to use them.</t> <section anchor="sect-5.1.1"> <name>PKI Message Header</name> <t>All PKI messages require some header information for addressing and transaction identification. Some of this information will also be present in a transport-specific envelope. However, if the PKI message is protected, then this information is also protected (i.e., we make no assumption about secure transport).</t> <t>The following data structure is used to contain this information:</t> <sourcecode type="asn.1"><![CDATA[ PKIHeader ::= SEQUENCE { pvno INTEGER { cmp1999(1), cmp2000(2), cmp2021(3) }, sender GeneralName, recipient GeneralName, messageTime [0] GeneralizedTime OPTIONAL, protectionAlg [1] AlgorithmIdentifier{ALGORITHM, {...}} OPTIONAL, senderKID [2] KeyIdentifier OPTIONAL, recipKID [3] KeyIdentifier OPTIONAL, transactionID [4] OCTET STRING OPTIONAL, senderNonce [5] OCTET STRING OPTIONAL, recipNonce [6] OCTET STRING OPTIONAL, freeText [7] PKIFreeText OPTIONAL, generalInfo [8] SEQUENCE SIZE (1..MAX) OF InfoTypeAndValue OPTIONAL } PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String ]]></sourcecode> <t>The usage of the protocol version number (pvno) is described in <xref target="sect-7"/>.</t> <t>The sender field contains the name of the sender of the PKIMessage. This name (in conjunction with senderKID, if supplied) should be sufficient to indicate the key to use to verify the protection on the message. If nothing about the sender is known to the sending entity (e.g., in the initial request message, where theend entityEE may not know its ownDistinguished Name (DN), e-mailDN, email name, IP address, etc.), then the "sender" field <bcp14>MUST</bcp14> contain a "NULL-DN" value in the directoryName choice. A "NULL-DN" is a SEQUENCE OF relativedistinguished namesDNs of zero length and is encoded as 0x3000. In such a case, the senderKID field <bcp14>MUST</bcp14> hold an identifier (i.e., a reference number) that indicates to the receiver the appropriate shared secret information to use to verify the message.</t> <t>The recipient field contains the name of the recipient of the PKIMessage. This name (in conjunction with recipKID, if supplied) should be usable to verify the protection on the message.</t> <t>The protectionAlg field specifies the algorithm used to protect the message. If no protection bits are supplied (note that PKIProtection is<bcp14>OPTIONAL</bcp14>)<bcp14>OPTIONAL</bcp14>), then this field <bcp14>MUST</bcp14> be omitted; if protection bits are supplied, then this field <bcp14>MUST</bcp14> be supplied.</t> <t>senderKID and recipKID are usable to indicate which keys have been used to protect the message (recipKID will normally only be required where protection of the message usesDiffie-Hellman (DH)DH orelliptic curveElliptic Curve Diffie-Hellman (ECDH) keys). These fields <bcp14>MUST</bcp14> be used if required to uniquely identify a key (e.g., if more than one key is associated with a given sender name). The senderKID <bcp14>SHOULD</bcp14> be used in any case.</t> <t>Note: The recommendation of using senderKIDishas changed since <xref target="RFC4210"/>, where it was recommended to be omitted if not needed to identify the protection key.</t> <t>The transactionID field within the message header is to be used to allow the recipient of a message to correlate this with an ongoing transaction. This is needed for all transactions that consist of more than just a single request/response pair. For transactions that consist of a single request/response pair, the rules are as follows. A client <bcp14>MUST</bcp14> populate the transactionID field if the message contains an infoValue of typeKemCiphertextInfo, seeKemCiphertextInfo (see <xreftarget="sect-5.1.3.4"/>.target="sect-5.1.3.4"/>). In all othercasescases, the client <bcp14>MAY</bcp14> populate the transactionID field of the request. If a server receives such a request that has the transactionID field set, then it <bcp14>MUST</bcp14> set the transactionID field of the response to the same value. If a server receives such request with a missing transactionID field, then it <bcp14>MUST</bcp14> populate the transactionID field if the message contains a KemCiphertextInfo field. In all othercasescases, the server <bcp14>MAY</bcp14> set the transactionID field of the response.</t> <t>For transactions that consist of more than just a single request/response pair, the rules are as follows. If the message contains an infoValue of type KemCiphertextInfo, the client <bcp14>MUST</bcp14> generate atransactionID, otherwisetransactionID; otherwise, the client <bcp14>SHOULD</bcp14> generate a transactionID for the first request. If a server receives such a request that has the transactionID field set, then it <bcp14>MUST</bcp14> set the transactionID field of the response to the same value. If a server receives such request with a missing transactionID field, then it <bcp14>MUST</bcp14> populate the transactionID field of the response with a server-generated ID. Subsequent requests and responses <bcp14>MUST</bcp14> all set the transactionID field to the thus established value. In all cases where a transactionID is being used, a given client <bcp14>MUST NOT</bcp14> have more than one transaction with the same transactionID in progress at any time (to a given server). Servers are free to require uniqueness of the transactionID or not, as long as they are able to correctly associate messages with the corresponding transaction. Typically, this means that a server will require the {client, transactionID} tuple to be unique, or even the transactionID alone to be unique, if it cannot distinguish clients based on any transport-level information. A server receiving the first message of a transaction (which requires more than a single request/response pair) that contains a transactionID that does not allow it to meet the above constraints (typically because the transactionID is already in use) <bcp14>MUST</bcp14> send back an ErrorMsgContent with a PKIFailureInfo of transactionIdInUse. It is <bcp14>RECOMMENDED</bcp14> that the clients fill the transactionID field with 128 bits of(pseudo-) random(pseudo-)random data for the start of a transaction to reduce the probability of having the transactionID in use at the server.</t> <t>The senderNonce and recipNonce fields protect the PKIMessage against replay attacks. The senderNonce will typically be 128 bits of(pseudo-) random(pseudo-)random data generated by the sender, whereas the recipNonce is copied from the senderNonce field of the previous message in the transaction.</t> <t>The messageTime field contains the time at which the sender created the message. This may be useful to allowend entitiesEEs to correct/check their local time for consistency with the time on a central system.</t> <t>The freeText field may be used to send a human-readable message to the recipient (in any number of languages). Each UTF8String <bcp14>MAY</bcp14> includean <xref target="RFC5646"/>a language tag <xref target="RFC5646"/> to indicate the language of the contained text. The first language used in this sequence indicates the desired language for replies.</t> <t>The generalInfo field may be used to send machine-processable additional data to the recipient. The following generalInfo extensions are defined and <bcp14>MAY</bcp14> be supported.</t> <section anchor="sect-5.1.1.1"> <name>ImplicitConfirm</name> <t>This is used by the EE to inform the CA or RA that it does not wish to send a certificate confirmation for issued certificates.</t> <sourcecode type="asn.1"><![CDATA[ id-it-implicitConfirm OBJECT IDENTIFIER ::= {id-it 13} ImplicitConfirmValue ::= NULL ]]></sourcecode> <t>If the CA grants the request to the EE, it <bcp14>MUST</bcp14> put the same extension in the PKIHeader of the response. If the EE does not find the extension in the response, it <bcp14>MUST</bcp14> send the certificate confirmation.</t> </section> <section anchor="sect-5.1.1.2"> <name>ConfirmWaitTime</name> <t>This is used by the CA or RA to inform the EE how long it intends to wait for the certificate confirmation before revoking the certificate and deleting the transaction.</t> <sourcecode type="asn.1"><![CDATA[ id-it-confirmWaitTime OBJECT IDENTIFIER ::= {id-it 14} ConfirmWaitTimeValue ::= GeneralizedTime ]]></sourcecode> </section> <section anchor="sect-5.1.1.3"> <name>OrigPKIMessage</name> <t>An RA <bcp14>MAY</bcp14> include the original PKIMessage from the EE in the generalInfo field of the PKIHeader of a PKIMessage. This is used by the RA to inform the CA of the original PKIMessage that it received from the EE and modified in some way (e.g., added or modified particular field values or added new extensions) before forwarding the new PKIMessage. This accommodates, for example, cases in which the CA wishes to check the message origin, the POP, or other information on the original EE message.</t> <t>Note: If the changes made by the RA to the original PKIMessage break the POP of a certificate request, the RA can set the popo field of the new PKIMessage toraVerified, seeraVerified (see <xreftarget="sect-5.2.8.4"/>.</t>target="sect-5.2.8.4"/>).</t> <t>Unless the OrigPKIMessage infoValue is in the header of a nested message, it <bcp14>MUST</bcp14> contain exactly one PKIMessage. The contents of OrigPKIMessage infoValue in the header of a nested message <bcp14>MAY</bcp14> contain multiple PKIMessage structures, which <bcp14>MUST</bcp14> be in the same order as the PKIMessage structures in PKIBody.</t> <sourcecode type="asn.1"><![CDATA[ id-it-origPKIMessage OBJECT IDENTIFIER ::= {id-it 15} OrigPKIMessageValue ::= PKIMessages ]]></sourcecode> </section> <section anchor="sect-5.1.1.4"> <name>CertProfile</name> <t>This is used by the EE to indicate specific certificate profiles, e.g., when requesting a new certificate or a certificate requesttemplate; seetemplate (see <xreftarget="sect-5.3.19.16"/>.</t>target="sect-5.3.19.16"/>).</t> <sourcecode type="asn.1"><![CDATA[ id-it-certProfile OBJECT IDENTIFIER ::= {id-it 21} CertProfileValue ::= SEQUENCE SIZE (1..MAX) OF UTF8String ]]></sourcecode> <t>When used in a p10cr message, the CertProfileValue sequence <bcp14>MUST NOT</bcp14> contain multiple certificate profile names. When used in an ir/cr/kur/genm message, the CertProfileValue sequence <bcp14>MUST NOT</bcp14> contain more certificate profile names than the number of CertReqMsg or GenMsgContent InfoTypeAndValue elements contained in the message body.</t> <t>The certificate profile names in the CertProfileValue sequence relate to the CertReqMsg or GenMsgContent InfoTypeAndValue elements in the given order. An empty string means no certificate profile name is associated with the respective CertReqMsg or GenMsgContent InfoTypeAndValue element. If the CertProfileValue sequence contains less certificate profile entries than CertReqMsg or GenMsgContent InfoTypeAndValue elements, the remaining CertReqMsg or GenMsgContent InfoTypeAndValue elements have no profile name associated with them.</t> </section> <section anchor="sect-5.1.1.5"> <name>KemCiphertextInfo</name> <t>A PKI entity <bcp14>MAY</bcp14> provide the KEM ciphertext for MAC-based message protection using KEM (seeSection 5.1.3.4)<xref target="sect-5.1.3.4"/>) in the generalInfo field of a request message to a PKI management entity if it knows that the PKI management entity uses a KEM key pair and has its public key.</t> <sourcecode type="asn.1"><![CDATA[ id-it-KemCiphertextInfo OBJECT IDENTIFIER ::= { id-itTBD124 } KemCiphertextInfoValue ::= KemCiphertextInfo ]]></sourcecode> <t>For more details of KEM-based messageprotectionprotection, see <xref target="sect-5.1.3.4"/>. See <xref target="sect-5.3.19.18"/> for the definition of {id-itTBD1}.</t>24}.</t> </section> </section> <section anchor="sect-5.1.2"> <name>PKI Message Body</name> <sourcecode type="asn.1"><![CDATA[ PKIBody ::= CHOICE { ir [0] CertReqMessages, --Initialization Req ip [1] CertRepMessage, --Initialization Resp cr [2] CertReqMessages, --Certification Req cp [3] CertRepMessage, --Certification Resp p10cr [4] CertificationRequest, --PKCS #10 Cert. Req. popdecc [5] POPODecKeyChallContent, --pop Challenge popdecr [6] POPODecKeyRespContent, --pop Response kur [7] CertReqMessages, --Key Update Request kup [8] CertRepMessage, --Key Update Response krr [9] CertReqMessages, --Key Recovery Req krp [10] KeyRecRepContent, --Key Recovery Resp rr [11] RevReqContent, --Revocation Request rp [12] RevRepContent, --Revocation Response ccr [13] CertReqMessages, --Cross-Cert. Request ccp [14] CertRepMessage, --Cross-Cert. Resp ckuann [15] CAKeyUpdContent, --CA Key Update Ann. cann [16] CertAnnContent, --Certificate Ann. rann [17] RevAnnContent, --Revocation Ann. crlann [18] CRLAnnContent, --CRL Announcement pkiconf [19] PKIConfirmContent, --Confirmation nested [20] NestedMessageContent, --Nested Message genm [21] GenMsgContent, --General Message genp [22] GenRepContent, --General Response error [23] ErrorMsgContent, --Error Message certConf [24] CertConfirmContent, --Certificate Confirm pollReq [25] PollReqContent, --Polling Request pollRep [26] PollRepContent --Polling Response } ]]></sourcecode> <t>The specific types are described in <xref target="sect-5.3"/> below.</t> </section> <section anchor="sect-5.1.3"> <name>PKI Message Protection</name> <t>Some PKI messages will be protected for integrity.</t> <t>Note: If an asymmetric algorithm is used to protect a message and the relevant public component has been certified already, then the origin of the message can also be authenticated. On the other hand, if the public component is uncertified, then the message origin cannot be automaticallyauthenticated,authenticated but may be authenticated via out-of-band means.</t> <t>When protection is applied, the following structure is used:</t> <sourcecode type="asn.1"><![CDATA[ PKIProtection ::= BIT STRING ]]></sourcecode> <t>The input to the calculation of PKIProtection is the DER encoding of the following data structure:</t> <sourcecode type="asn.1"><![CDATA[ ProtectedPart ::= SEQUENCE { header PKIHeader, body PKIBody } ]]></sourcecode> <t>There <bcp14>MAY</bcp14> be cases in which the PKIProtection BIT STRING is deliberately not used to protect a message (i.e., this <bcp14>OPTIONAL</bcp14> field is omitted) because other protection, external to PKIX, will be applied instead. Such a choice is explicitly allowed in this specification. Examples of such external protection include CMS <xref target="RFC5652"/> and Security Multiparts <xref target="RFC1847"/> encapsulation of the PKIMessage (or simply the PKIBody (omitting the CHOICE tag), if the relevant PKIHeader information is securely carried in the external mechanism). It is noted, however, that many such external mechanisms require that theend entityEE already possesses a public-key certificate,and/ora uniqueDistinguished Name,DN, and/or other such infrastructure-related information. Thus, they may not be appropriate for initial registration, key-recovery, or any other process with"boot-strapping""bootstrapping" characteristics. For thosecasescases, it may be necessary that the PKIProtection parameter be used. In the future, if/when external mechanisms are modified to accommodateboot-strappingbootstrapping scenarios, the use of PKIProtection may become rare or non-existent.</t> <t>Depending on the circumstances, the PKIProtection bits may contain aMessage Authentication Code (MAC)MAC or signature. Only the following cases can occur:</t> <section anchor="sect-5.1.3.1"> <name>Shared Secret Information</name> <t>In this case, the sender and recipient share secret information with sufficient entropy (established via out-of-band means). PKIProtection will contain a MACvaluevalue, and the protectionAlg <bcp14>MAY</bcp14> be one of the options described inCMP Algorithms Section 6.1<xreftarget="RFC9481"/>.</t>section="6.1" target="RFC9481">CMP Algorithms</xref>.</t> <t>The algorithm identifier id-PasswordBasedMac is defined inSection 4.4 of<xref section="4.4" target="RFC4211"/> and updated by <xref target="RFC9045"/>. It is mentioned inSection 6.1.1 of<xref section="6.1.1" target="RFC9481"/> for backward compatibility. More modern alternatives are listed inSection 6.1 of<xref section="6.1" target="RFC9481"/>.</t> <sourcecode type="asn.1"><![CDATA[ id-PasswordBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 13} PBMParameter ::= SEQUENCE { salt OCTET STRING, owf AlgorithmIdentifier, iterationCount INTEGER, mac AlgorithmIdentifier } ]]></sourcecode> <t>The following text gives a method of key expansion to be used when theMAC-algorithmMAC algorithm requires an input length that is larger than the size of theone-way-function.</t>one-way function (OWF).</t> <t>Note:Section 4.4 of<xref section="4.4" target="RFC4211"/> and <xref target="RFC9045"/> do not mention this key expansion methodand givesor give an example using HMAC algorithms where key expansion is not needed. It is recognized that this omission in <xref target="RFC4211"/> can lead to confusion and possible incompatibility if<xref target="RFC4210"/>key expansion <xref target="RFC4210"/> is not used when needed. Therefore, when key expansion is required (when K >H)H), the key expansion defined in the following text <bcp14>MUST</bcp14> be used.</t> <t>In the above protectionAlg, the salt value is appended to the shared secret input. The OWF is then applied iterationCount times, where the salted secret is the input to the first iteration and, for each successive iteration, the input is set to be the output of the previous iteration. The output of the final iteration (called "BASEKEY" for ease of reference, with a size of "H") is what is used to form the symmetric key. If the MAC algorithm requires a K-bit key and K <= H, then the most significant K bits of BASEKEY are used. If K > H, then all of BASEKEY is used for the most significant H bits of the key, OWF("1" || BASEKEY) is used for the next most significant H bits of the key, OWF("2" || BASEKEY) is used for the next most significant H bits of the key, and so on, until all K bits have been derived. [Here "N" is the ASCII byte encoding the number N and "||" represents concatenation.]</t> <t>Note: It is <bcp14>RECOMMENDED</bcp14> that the fields of PBMParameter remain constant throughout the messages of a single transaction (e.g., ir/ip/certConf/pkiConf) to reduce the overhead associated with PasswordBasedMac computation.</t> </section> <section anchor="sect-5.1.3.2"> <name>DH Key Pairs</name> <t>Where the sender and receiver possess finite-field or elliptic-curve-basedDiffie-HellmanDH certificates with compatible DHparameters,parameters in order to protect themessagemessage, theend entityEE must generate a symmetric key based on its private DH key value and the DH public key of the recipient of the PKI message. PKIProtection will contain a MAC value keyed with this derived symmetrickeykey, and the protectionAlg will be the following:</t> <sourcecode type="asn.1"><![CDATA[ id-DHBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 30} DHBMParameter ::= SEQUENCE { owf AlgorithmIdentifier, -- AlgId fora One-Way Functionan OWF mac AlgorithmIdentifier -- the MAC AlgId } ]]></sourcecode> <t>In the above protectionAlg, OWF is applied to the result of theDiffie-HellmanDH computation. The OWF output (called "BASEKEY" for ease of reference, with a size of "H") is what is used to form the symmetric key. If the MAC algorithm requires a K-bit key and K <= H, then the most significant K bits of BASEKEY are used. If K > H, then all of BASEKEY is used for the most significant H bits of the key, OWF("1" || BASEKEY) is used for the next most significant H bits of the key, OWF("2" || BASEKEY) is used for the next most significant H bits of the key, and so on, until all K bits have been derived. [Here "N" is the ASCII byte encoding the number N and "||" represents concatenation.]</t> <t>Note: Hash algorithms that can be used asone-way functionsOWFs are listed inCMP Algorithms<xreftarget="RFC9481"/> Section 2.</t>section="2" target="RFC9481">CMP Algorithms</xref>.</t> </section> <section anchor="sect-5.1.3.3"> <name>Signature</name> <t>In this case, the sender possesses a signature key pair and simply signs the PKI message. PKIProtection will contain the signature value and the protectionAlg will be an AlgorithmIdentifier for a digitalsignaturesignature, which <bcp14>MAY</bcp14> be one of the options described inCMP Algorithms Section 3<xreftarget="RFC9481"/>.</t>section="3" target="RFC9481">CMP Algorithms</xref>.</t> </section> <section anchor="sect-5.1.3.4"> <name>Key Encapsulation</name> <t>In case the sender of a message has aKey Encapsulation Mechanism (KEM)KEM key pair, it can be used to establish a shared secret key for MAC-based message protection. This can be used for message authentication.</t> <t>This approach uses the definition ofKey Encapsulation Mechanism (KEM)KEM algorithm functions inSection 1 of<xref section="1" target="RFC9629"/> as follows:</t> <t>A KEM algorithm provides three functions:</t><ul<ol spacing="normal"><li> <t>KeyGen()<li>KeyGen() -> (pk,sk):</t> </li> </ul> <ul empty="true"> <li> <t>Generatesk): Generate a public key (pk) and a private (secret) key(sk).</t> </li> </ul> <ul spacing="normal"> <li> <t>Encapsulate(pk)(sk).</li> <li>Encapsulate(pk) -> (ct,ss):</t> </li> </ul> <ul empty="true"> <li> <t>Givenss): Given the public key (pk), produce a ciphertext (ct) and a shared secret(ss).</t> </li> </ul> <ul spacing="normal"> <li> <t>Decapsulate(sk,(ss).</li> <li>Decapsulate(sk, ct) ->(ss):</t> </li> </ul> <ul empty="true"> <li> <t>Given(ss): Given the private key (sk) and the ciphertext (ct), produce the shared secret(ss).</t> </li> </ul>(ss).</li> </ol> <t>To support a particular KEM algorithm, the PKI entity that possesses a KEM key pair and wishes to use it for MAC-based message protection <bcp14>MUST</bcp14> support the KEM Decapsulate() function. The PKI entity that wishes to verify the MAC-based message protection <bcp14>MUST</bcp14> support the KEM Encapsulate() function. The respective public KEM key is usually carried in a certificate <xref target="I-D.ietf-lamps-kyber-certificates"/>.</t> <t>Note: Both PKI entities send and receive messages in a PKI management operation. Both PKI entities may independently wish to protect messages using their KEM key pairs. For ease ofexplanationexplanation, we use thetermterms "Alice" to denote the PKI entity possessing the KEM key pair and who wishes to provide MAC-based messageprotection,protection and "Bob" to denote the PKI entity havingAlice’sAlice's authentic public KEM key and who needs to verify the MAC-based protection provided by Alice.</t> <t>Assuming Bob has Alice's KEM public key, he generates the ciphertext using KEM encapsulation and transfers it to Alice in an InfoTypeAndValue structure. Alice then retrieves the KEM shared secret from the ciphertext using KEM decapsulation and the associated KEM private key. Using a key derivation function (KDF),sheAlice derives a shared secret key from the KEM shared secret and other data sent by Bob. PKIProtection will contain a MAC value calculated using that shared secret key, and the protectionAlg will be the following:</t> <sourcecode type="asn.1"><![CDATA[ id-KemBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 16} KemBMParameter ::= SEQUENCE { kdf AlgorithmIdentifier{KEY-DERIVATION, {...}}, kemContext [0] OCTET STRING OPTIONAL, len INTEGER (1..MAX), mac AlgorithmIdentifier{MAC-ALGORITHM, {...}} } ]]></sourcecode> <t>Note: The OID for id-KemBasedMac was assigned on the private-use arc { iso(1) member-body(2) us(840) nortelnetworks(113533) entrust(7)},} and not assigned on an IANA-owned arc because the authors wished toplacedplace it on the same branch as the existing OIDs for id-PasswordBasedMac and id-DHBasedMac.</t> <t>kdf is the algorithm identifier of the chosen KDF, and any associated parameters, used to derive the shared secret key.</t> <t>kemContext <bcp14>MAY</bcp14> be used to transfer additionalalgorithm specificalgorithm-specific contextinformation, seeinformation (see also the definition of ukm in <xreftarget="RFC9629"/>, Section 3.</t>section="3" target="RFC9629"/>).</t> <t>len is the output length of the KDF and <bcp14>MUST</bcp14> be the desired size of the key to be used for MAC-based message protection.</t> <t>mac is the algorithm identifier of the chosen MAC algorithm, and any associated parameters, used to calculate the MAC value.</t> <t>The KDF and MAC algorithms <bcp14>MAY</bcp14> be chosen from the options in CMP Algorithms <xref target="RFC9481"/>.</t> <t>The InfoTypeAndValue transferring the KEM ciphertext uses OID id-it-KemCiphertextInfo. It contains a KemCiphertextInfostructurestructure, as defined in <xref target="sect-5.3.19.18"/>.</t> <t>Note: This InfoTypeAndValue can be carried in a genm/genp messagebodybody, as specified in <xreftarget="sect-5.3.19.18"/>target="sect-5.3.19.18"/>, or in the generalInfo field of PKIHeader in messages of othertypes, seetypes (see <xreftarget="sect-5.1.1.5"/>.</t>target="sect-5.1.1.5"/>).</t> <t>In the following, a generic message flow for MAC-based protection using KEM is specified in more detail. It is assumed that Bob possessestheAlice's public KEMkey of Alice.key. Alice can be the initiator of a PKI management operation or the responder. For more detailedfiguresfigures, see <xref target="sect-e"/>.</t> <t>Generic Message Flow:</t> <figure anchor="KEM"> <name>Generic Message FlowwhenWhen AlicehasHas a KEMkey pair</name>Key Pair</name> <artset> <artwork type="svg" align="left"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="240" width="560" viewBox="0 0 560 240" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 8,48 L 552,48" fill="none" stroke="black"/> <path d="M 184,80 L 200,80" fill="none" stroke="black"/> <path d="M 336,80 L 352,80" fill="none" stroke="black"/> <path d="M 184,160 L 200,160" fill="none" stroke="black"/> <path d="M 336,160 L 352,160" fill="none" stroke="black"/> <path d="M 8,224 L 152,224" fill="none" stroke="black"/> <path d="M 400,224 L 552,224" fill="none" stroke="black"/> <polygon class="arrowhead" points="360,160 348,154.4 348,165.6" fill="black" transform="rotate(0,352,160)"/> <polygon class="arrowhead" points="344,80 332,74.4 332,85.6" fill="black" transform="rotate(180,336,80)"/> <polygon class="arrowhead" points="208,160 196,154.4 196,165.6" fill="black" transform="rotate(0,200,160)"/> <polygon class="arrowhead" points="192,80 180,74.4 180,85.6" fill="black" transform="rotate(180,184,80)"/> <g class="text"> <text x="24" y="36">Step#</text> <text x="72" y="36">Alice</text> <text x="360" y="36">Bob</text> <text x="24" y="68">1</text> <text x="376" y="68">perform</text> <text x="424" y="68">KEM</text> <text x="488" y="68">Encapsulate</text> <text x="224" y="84">KEM</text> <text x="284" y="84">Ciphertext</text> <text x="24" y="100">2</text> <text x="80" y="100">perform</text> <text x="128" y="100">KEM</text> <text x="196" y="100">Decapsulate,</text> <text x="96" y="116">perform</text> <text x="144" y="116">key</text> <text x="208" y="116">derivation,</text> <text x="92" y="132">format</text> <text x="152" y="132">message</text> <text x="204" y="132">with</text> <text x="104" y="148">MAC-based</text> <text x="188" y="148">protection</text> <text x="264" y="164">message</text> <text x="24" y="180">3</text> <text x="376" y="180">perform</text> <text x="424" y="180">key</text> <text x="488" y="180">derivation,</text> <text x="388" y="196">verify</text> <text x="456" y="196">MAC-based</text> <text x="404" y="212">protection</text> <text x="192" y="228">Alice</text> <text x="272" y="228">authenticated</text> <text x="340" y="228">by</text> <text x="368" y="228">Bob</text> </g> </svg> </artwork> <artwork type="ascii-art" align="left"><![CDATA[ Step# Alice Bob --------------------------------------------------------------------- 1 perform KEM Encapsulate <-- KEM Ciphertext <-- 2 perform KEM Decapsulate, perform key derivation, format message with MAC-based protection --> message --> 3 perform key derivation, verify MAC-based protection ------------------- Alice authenticated by Bob -------------------- ]]></artwork> </artset> </figure> <ol spacing="normal" type="1"><li> <t>Bob needs to possesstheAlice's authentic public KEM keypk of Alice,(pk), forinstanceinstance, contained in a KEM certificate that was received and successfully validated by Bob beforehand. </t> <t> Bob generates a shared secretss(ss) and the associated ciphertextct(ct) using the KEM Encapsulate function with Alice's public KEM keypk.(pk). Bob <bcp14>MUST NOT</bcp14> reuse the ss and ct for other PKI management operations. From this data, Bob produces a KemCiphertextInfostructurestructure, including the KEM algorithm identifier and the ciphertextct(ct) and sends it to Alice in an InfoTypeAndValuestructurestructure, as defined in <xref target="sect-5.3.19.18"/>. </t><sourcecode type="asn.1"><![CDATA[ Encapsulate(pk)<t>Encapsulate(pk) -> (ct,ss) ]]></sourcecode>ss)</t> </li> <li> <t>Alice decapsulates the shared secretss(ss) from the ciphertextct(ct) using the KEM Decapsulate function and its private KEM keysk.(sk). </t><sourcecode type="asn.1"><![CDATA[ Decapsulate(ct,<t>Decapsulate(ct, sk) ->(ss) ]]></sourcecode>(ss)</t> <t> If the decapsulation operation outputs an error, any failInfo field in an error response message <bcp14>SHALL</bcp14> contain the value badMessageCheck and the PKI management operation <bcp14>SHALL</bcp14> be terminated. </t> <t> Alice derives the shared secret keyssk(ssk) using a KDF. The shared secretss(ss) is used as input key material for the KDF, and the value len is the desired output length of the KDF as required by the MAC algorithm to be used for message protection. KDF, len, and MAC will be transferred to Bob in the protectionAlg KemBMParameter. The DER-encoded KemOtherInfo structure, as defined below, is used as context for the KDF. </t><sourcecode type="asn.1"><![CDATA[ KDF(ss,<t>KDF(ss, len,context)->(ssk) ]]></sourcecode>context)->(ssk)</t> <t> The shared secret keyssk(ssk) is used for MAC-based protection by Alice.</t> </li> <li> <t>Bob derives the same shared secret keyssk(ssk) using the KDF. Alsoherehere, the shared secretss(ss) is used as input key material for the KDF, the value len is the desired output length for the KDF, and the DER-encoded KemOtherInfo structure constructed in the same way as on Alice's side is used as context for the KDF. </t><sourcecode type="asn.1"><![CDATA[ KDF(ss,<t>KDF(ss, len,context)->(ssk) ]]></sourcecode>context)->(ssk)</t> <t> Bob uses the shared secret keyssk(ssk) for verifying the MAC-based protection of the message received and in this way authenticates Alice.</t> </li> </ol> <t>This shared secret keyssk(ssk) can be reused by Alice for MAC-based protection of further messages sent to Bob within the current PKI management operation.</t> <t>This approach employs the notation of KDF(IKM, L, info) as described in <xref section="5"sectionFormat="comma"sectionFormat="of" target="RFC9629"/> with the following changes:</t> <ul spacing="normal"> <li> <t>IKM is the input key material. It is the symmetric secret calledss"ss" resulting from thekey encapsulation mechanism.</t>KEM.</t> </li> <li> <t>L is dependent of the MAC algorithm that is used with the shared secret key for CMP message protection and is calledlen"len" in this document.</t> </li> <li> <t>info is an additional input to the KDF, is calledcontext"context" in this document, and contains the DER-encoded KemOtherInfo structure defined as: </t> <sourcecode type="asn.1"><![CDATA[ KemOtherInfo ::= SEQUENCE { staticString PKIFreeText, transactionID OCTET STRING, kemContext [0] OCTET STRING OPTIONAL } ]]></sourcecode> <t> staticString <bcp14>MUST</bcp14> be "CMP-KEM". </t> <t> transactionID <bcp14>MUST</bcp14> be the value from the message containing the ciphertextct(ct) in KemCiphertextInfo. </t> <t> Note: The transactionID is used to ensure domain separation of the derived shared secret key between different PKI management operations. For all PKI management operations with more than oneexchangeexchange, the transactionID <bcp14>MUST</bcp14> be setanyway, seeanyway (see <xreftarget="sect-5.1.1"/>.target="sect-5.1.1"/>). In case Bob providedaan infoValue of type KemCiphertextInfo to Alice in the initial requestmessage, seemessage (see <xref target="KEM-Flow2"/> of <xreftarget="sect-e"/>,target="sect-e"/>), the transactionID <bcp14>MUST</bcp14> be set by Bob. </t> <t> kemContext <bcp14>MAY</bcp14> contain additionalalgorithm specificalgorithm-specific context information.</t> </li> <li> <t>OKM is the output keying material of the KDF used for MAC-based message protection of length len and is calledssk"ssk" in this document.</t> </li> </ul> <t>There are various wayshowthat Alice canrequest,request and Bob can provide the KEMciphertext, seeciphertext (see <xref target="sect-e"/> fordetails.details). The KemCiphertextInfo can be requested using PKI generalmessagesmessages, as described in <xref target="sect-5.3.19.18"/>. Alternatively, the generalInfo field of the PKIHeader can be used to convey the same request and response InfoTypeAndValuestructuresstructures, as described in <xref target="sect-5.1.1.5"/>. The procedureworksalso works without Alice explicitly requesting the KEM ciphertext in case Bob knowsa KEM keyone ofAliceAlice's KEM keys beforehand and can expect that she is ready to use it.</t> <t>If both the initiator and responder in a PKI management operation have KEM key pairs, this procedure can be applied by both entities independently, establishing and using different shared secret keys for either direction.</t> </section> <section anchor="sect-5.1.3.5"> <name>Multiple Protection</name> <t>When receiving a protected PKI message, a PKI management entity, such as an RA, <bcp14>MAY</bcp14> forward that message adding its own protection. Additionally, multiple PKI messages <bcp14>MAY</bcp14> be aggregated. There are several use cases for such messages.</t> <ul spacing="normal"> <li> <t>The RA confirms having validated and authorized a message and forwards the original message unchanged.</t> </li> <li> <t>A PKI management entity collects several messages that are to be forwarded in the same direction and forwards them in a batch. Request messages can be transferred as a batch upstream (towards the CA); response or announce messages can be transferred as a batch downstream (towards an RA but not to the EE). For instance, this can be used when bridging anoff-lineoffline connection between two PKI management entities.</t> </li> </ul> <t>These use cases are accomplished by nesting the messages within a new PKI message. The structure used is as follows:</t> <sourcecode type="asn.1"><![CDATA[ NestedMessageContent ::= PKIMessages ]]></sourcecode> <t>In case an RA needs to modify a request message, it <bcp14>MAY</bcp14> include the original PKIMessage in the generalInfo field of the modifiedmessagemessage, as described in <xref target="sect-5.1.1.3"/>.</t> </section> </section> </section> <section anchor="sect-5.2"> <name>Common Data Structures</name> <t>Before specifying the specific types that may be placed in a PKIBody, we define some data structures that are used in more than one case.</t> <section anchor="sect-5.2.1"> <name>Requested Certificate Contents</name> <t>Various PKI management messages require that the originator of the message indicate some of the fields that are required to be present in a certificate. The CertTemplate structure allows anend entityEE or RA to specify asmuchmany data fields asitthe structure wishesaboutfor thecertificaterequested certificate. The structure also allows an EE or RA to include any other necessary data, such as the publicKey field, when itrequires.is required for the certificate. A CertTemplate structure is identical to aCertificate,TBSCertificate structure (see <xref target="RFC5280"/>) but with all fieldsoptional.</t>optional/situational.</t> <t>Note: Even if the originator completely specifies the contents of a certificate it requires, a CA is free to modify fields within the certificate actually issued. If the modified certificate is unacceptable to the requester, the requester <bcp14>MUST</bcp14> send back a certConf message that either does not include this certificate (via aCertHash),CertHash) or does include this certificate (via a CertHash) along with a status of "rejected". See <xref target="sect-5.3.18"/> for the definition and use of CertHash and the certConf message.</t> <t>Note: Before requesting a new certificate, anend entityEE can request a certTemplate structure as a kind of certificate requestblueprint,blueprint in order to learn which data the CA expects to be present in the certificaterequest, seerequest (see <xreftarget="sect-5.3.19.16"/>.</t>target="sect-5.3.19.16"/>).</t> <t>See CRMF <xreftarget="RFC4211">CRMF</xref>target="RFC4211"/> for CertTemplate syntax.</t> <t>If certTemplate is an empty SEQUENCE (i.e., all fields omitted), then the controls field in the CertRequest structure <bcp14>MAY</bcp14> contain the id-regCtrl-altCertTemplate control, specifying a template for a certificate other than an X.509v3 public-key certificate. Conversely, if certTemplate is not empty (i.e., at least one field is present), then controls <bcp14>MUST NOT</bcp14> contain id-regCtrl-altCertTemplate. The new control is defined as follows:</t> <sourcecode type="asn.1"><![CDATA[ id-regCtrl-altCertTemplate OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) pkip(5) regCtrl(1) 7} AltCertTemplate ::= AttributeTypeAndValue ]]></sourcecode><t>See also<t>Also see <xref target="RFC4212"/> for more details on how to manage certificates in alternative formats using CRMF <xref target="RFC4211"/> syntax.</t> </section> <section anchor="sect-5.2.2"> <name>Encrypted Values</name> <t>When encrypted data like a private key, certificate, POP challenge, or revocation passphrase is sent in PKImessagesmessages, it is <bcp14>RECOMMENDED</bcp14> to use the EnvelopedData structure. In somecasescases, this is accomplished by using the EncryptedKey data structure instead of EncryptedValue.</t> <sourcecode type="asn.1"><![CDATA[ EncryptedKey ::= CHOICE { encryptedValue EncryptedValue, -- deprecated envelopedData [0] EnvelopedData } ]]></sourcecode> <t>See Certificate Request Message Format (CRMF) <xref target="RFC4211"/> for EncryptedKey and EncryptedValue syntax and Cryptographic Message Syntax (CMS) <xref target="RFC5652"/> for EnvelopedData syntax. Using the EncryptedKey data structure offers the choice to either use EncryptedValue (for backward compatibility only) or EnvelopedData. The use of the EncryptedValue structure has been deprecated in favor of the EnvelopedData structure. Therefore, it is <bcp14>RECOMMENDED</bcp14> to use EnvelopedData.</t> <t>Note: The EncryptedKey structure defined in CRMF <xreftarget="RFC4211">CRMF</xref>target="RFC4211"/> is used here, which makes the update backward compatible. Using the new syntax with the untagged default choice EncryptedValue is bits-on-the-wire compatible with the old syntax.</t> <t>To indicate support for EnvelopedData, the pvno cmp2021 has been introduced. Details on the usage of theprotocol version number (pvno)pvno are described in <xref target="sect-7"/>.</t> <t>The EnvelopedData structure is <bcp14>RECOMMENDED</bcp14> tousebe used in CMP to transport a private key, certificate, POP challenge, or revocation passphrase in encrypted form as follows:</t> <ul spacing="normal"> <li> <t>It contains only one RecipientInfo structure because the content is encrypted only for one recipient.</t> </li> <li> <t>It may contain a private key in the AsymmetricKeyPackage structure (which is placed in the encryptedContentInfo field), as defined in <xref target="RFC5958"/>, that is wrapped in a SignedData structure, as specified inSection 5 of<xref section="5" target="RFC5652"/> and <xref target="RFC8933"/>, signed by theKey Generation AuthorityKGA or CA.</t> </li> <li> <t>It may contain a certificate, POP challenge, or revocation passphrase directly in the encryptedContent field.</t> </li> </ul> <t>The content of the EnvelopedData structure, as specified inSection 6 of<xref section="6" target="RFC5652"/>, <bcp14>MUST</bcp14> be encrypted using a newly generated symmetric content-encryption key. This content-encryption key <bcp14>MUST</bcp14> be securely provided to the recipient using one of four key management techniques.</t> <t>The choice of the key management technique to be used by the sender depends on the credential available at the recipient:</t> <ul spacing="normal"> <li> <t>recipient's certificate with an algorithm identifier and a public key that supports key transport and where any given key usage extension allows keyEncipherment: The content-encryption key will be protected using the key transport key management technique, as specified inSection 6.2.1 of<xref section="6.2.1" target="RFC5652"/>.</t> </li> <li> <t>recipient's certificate with an algorithm identifier and a public key that supports key agreement and where any given key usage extension allows keyAgreement: The content-encryption key will be protected using the key agreement key management technique, as specified inSection 6.2.2 of<xref section="6.2.2" target="RFC5652"/>.</t> </li> <li> <t>a password or shared secret: The content-encryption key will be protected using the password-based key management technique, as specified inSection 6.2.4 of<xref section="6.2.4" target="RFC5652"/>.</t> </li> <li> <t>recipient's certificate with an algorithm identifier and a public key that supportskey encapsulation mechanismKEM and where any given key usage extension allows keyEncipherment: The content-encryption key will be protected using the key management technique for KEM keys, as specified in <xref target="RFC9629"/>.</t> </li> </ul> <t>Note: There are cases where the algorithm identifier, the type of the public key, and the key usage extension will not be sufficient to decide on the key management technique to use, e.g., when rsaEncryption is the algorithm identifier. In suchcasescases, it is a matter of local policy to decide.</t> </section> <section anchor="sect-5.2.3"> <name>Status Codes and Failure Information for PKI Messages</name> <t>All response messages will include some status information. The following values are defined.</t> <sourcecode type="asn.1"><![CDATA[ PKIStatus ::= INTEGER { accepted (0), grantedWithMods (1), rejection (2), waiting (3), revocationWarning (4), revocationNotification (5), keyUpdateWarning (6) } ]]></sourcecode> <t>Responders may use the following syntax to provide more information about failure cases.</t> <sourcecode type="asn.1"><![CDATA[ PKIFailureInfo ::= BIT STRING { badAlg (0), badMessageCheck (1), badRequest (2), badTime (3), badCertId (4), badDataFormat (5), wrongAuthority (6), incorrectData (7), missingTimeStamp (8), badPOP (9), certRevoked (10), certConfirmed (11), wrongIntegrity (12), badRecipientNonce (13), timeNotAvailable (14), unacceptedPolicy (15), unacceptedExtension (16), addInfoNotAvailable (17), badSenderNonce (18), badCertTemplate (19), signerNotTrusted (20), transactionIdInUse (21), unsupportedVersion (22), notAuthorized (23), systemUnavail (24), systemFailure (25), duplicateCertReq (26) } PKIStatusInfo ::= SEQUENCE { status PKIStatus, statusString PKIFreeText OPTIONAL, failInfo PKIFailureInfo OPTIONAL } ]]></sourcecode> </section> <section anchor="sect-5.2.4"> <name>Certificate Identification</name> <t>In order to identify particular certificates, the CertId data structure is used.</t> <t>See <xref target="RFC4211"/> for CertId syntax.</t> </section> <section anchor="sect-5.2.5"><name>Out-of-band root<name>Out-of-Band Root CA Public Key</name> <t>Each root CA that provides a self-signed certificate must be able to publish its current public key via some "out-of-band" means or together with the respective link certificate using an online mechanism. While such mechanisms are beyond the scope of this document, we define data structures that can support such mechanisms.</t> <t>There are generally two methods available: Either the CA directly publishes its self-signed certificate, or this information is available via the directory (or equivalent) and the CA publishes a hash of this value to allow verification of its integrity before use.</t> <t>Note: As an alternative to out-of-band distribution of root CA public keys, the CA can provide the self-signed certificate together with link certificates, e.g., using RootCaKeyUpdateContent (<xref target="sect-5.3.19.15"/>).</t> <sourcecode type="asn.1"><![CDATA[ OOBCert ::= Certificate ]]></sourcecode> <t>The fields within this certificate are restricted as follows:</t> <ul spacing="normal"> <li> <t>The certificate <bcp14>MUST</bcp14> be self-signed (i.e., the signature must be verifiable using the SubjectPublicKeyInfo field);</t> </li> <li> <t>The subject and issuer fields <bcp14>MUST</bcp14> be identical;</t> </li> <li> <t>If the subject field contains a "NULL-DN", then both subjectAltNames and issuerAltNames extensions <bcp14>MUST</bcp14> be present and have exactly the samevalue;</t>value; and</t> </li> <li> <t>The values of all other extensions must be suitable for a self-signed certificate (e.g., key identifiers for the subject and issuer must be the same).</t> </li> </ul> <sourcecode type="asn.1"><![CDATA[ OOBCertHash ::= SEQUENCE { hashAlg [0] AlgorithmIdentifier OPTIONAL, certId [1] CertId OPTIONAL, hashVal BIT STRING } ]]></sourcecode> <t>The intention of the hash value is that anyone who has securely received the hash value (via the out-of-band means) can verify a self-signed certificate for that CA.</t> </section> <section anchor="sect-5.2.6"> <name>Archive Options</name> <t>Requesters may indicate that they wish the PKI to archive a private key value using the PKIArchiveOptions structure.</t> <t>See <xref target="RFC4211"/> for PKIArchiveOptions syntax.</t> </section> <section anchor="sect-5.2.7"> <name>Publication Information</name> <t>Requesters may indicate that they wish the PKI to publish a certificate using the PKIPublicationInfo structure.</t> <t>See <xref target="RFC4211"/> for PKIPublicationInfo syntax.</t> </section> <section anchor="sect-5.2.8"><name>Proof-of-Possession<name>POP Structures</name> <t>Theproof-of-possessionPOP structure used is indicated in the popo field of type ProofOfPossession in the CertReqMsgsequence, see Section 4 ofsequence (see <xreftarget="RFC4211"/>.</t>section="4" target="RFC4211"/>).</t> <sourcecode type="asn.1"><![CDATA[ ProofOfPossession ::= CHOICE { raVerified [0] NULL, signature [1] POPOSigningKey, keyEncipherment [2] POPOPrivKey, keyAgreement [3] POPOPrivKey } ]]></sourcecode> <section anchor="sect-5.2.8.1"> <name>raVerified</name> <t>An EE <bcp14>MUST NOT</bcp14> use raVerified. If an RA performs changes to a certification request breaking the providedproof-of-possession (POP),POP, or if the RA requests a certificate on behalf of an EE and cannot provide the POP itself, the RA <bcp14>MUST</bcp14> use raVerified. Otherwise, it <bcp14>SHOULD NOT</bcp14> use raVerified.</t> <t>When introducing raVerified, the RA <bcp14>MUST</bcp14> check the existing POP, or it <bcp14>MUST</bcp14> ensure by other means that the EE is the holder of the private key. The RA <bcp14>MAY</bcp14> provide the original message containing the POP in the generalInfo field using theid-it-origPKIMessage, seeid-it-origPKIMessage (see <xreftarget="sect-5.1.1.3"/>,target="sect-5.1.1.3"/>) enabling the CA to verify it.</t> </section> <section anchor="sect-5.2.8.2"> <name>POPOSigningKey Structure</name> <t>If the certification request is for a key pair that supports signing (i.e., a request for a verification certificate), then theproof-of-possessionPOP of the private key is demonstrated through use of the POPOSigningKeystructure,structure; fordetailsdetails, seeSection 4.1 of<xref section="4.1" target="RFC4211"/>.</t> <sourcecode type="asn.1"><![CDATA[ POPOSigningKey ::= SEQUENCE { poposkInput [0] POPOSigningKeyInput OPTIONAL, algorithmIdentifier AlgorithmIdentifier, signature BIT STRING } POPOSigningKeyInput ::= SEQUENCE { authInfo CHOICE { sender [0] GeneralName, publicKeyMAC PKMACValue }, publicKey SubjectPublicKeyInfo } PKMACValue ::= SEQUENCE { algId AlgorithmIdentifier, value BIT STRING } ]]></sourcecode> <t>Note: For the purposes of this specification, the ASN.1 comment given inAppendix C of<xref section="C" target="RFC4211"/> pertains not only tocertTemplate,certTemplate but also to the altCertTemplatecontrolcontrol, as defined in <xref target="sect-5.2.1"/>.</t> <t>If certTemplate (or the altCertTemplate control) contains the subject and publicKey values, then poposkInput <bcp14>MUST</bcp14> be omitted and the signature <bcp14>MUST</bcp14> be computed on the DER-encoded value of the certReq field of the CertReqMsg (or the DER-encoded value of AltCertTemplate). If certTemplate/altCertTemplate does not contain both the subject and public key values (i.e., if it contains only one ofthese,these or neither), then poposkInput <bcp14>MUST</bcp14> be present and the signature <bcp14>MUST</bcp14> be computed on the DER-encoded value of poposkInput (i.e., the "value" OCTETs of the POPOSigningKeyInput DER).</t> <t>In the special case that the CA/RA has a DH certificate that is known to the EE and the certification request is for a key agreement key pair, the EE can also use the POPOSigningKey structure (where the algorithmIdentifier field is DHBasedMAC and the signature field is the MAC) for demonstrating POP.</t> </section> <section anchor="sect-5.2.8.3"> <name>POPOPrivKey Structure</name> <t>If the certification request is for a key pair that does not support signing (i.e., a request for an encryption or key agreement certificate), then theproof-of-possessionPOP of the private key is demonstrated through use of the POPOPrivKey structure in one of the following threeways,ways; for details seeSection 4.2Sections <xref target="RFC4211" section="4.2" sectionFormat="bare"/> and4.3 of<xref target="RFC4211" section="4.3" sectionFormat="bare"/> in <xref target="RFC4211"/>.</t> <sourcecode type="asn.1"><![CDATA[ POPOPrivKey ::= CHOICE { thisMessage [0] BIT STRING, -- deprecated subsequentMessage [1] SubsequentMessage, dhMAC [2] BIT STRING, -- deprecated agreeMAC [3] PKMACValue, encryptedKey [4] EnvelopedData } SubsequentMessage ::= INTEGER { encrCert (0), challengeResp (1) } ]]></sourcecode> <t>When using agreeMAC or encryptedKey choices, the pvno cmp2021(3) <bcp14>MUST</bcp14> be used. Details on the usage of theprotocol version number (pvno)pvno are described in <xref target="sect-7"/>.</t> <section anchor="sect-5.2.8.3.1"> <name>Inclusion of the Private Key</name> <t>This method mentioned previously in <xref target="sect-4.3"/> demonstratesproof-of-possessionPOP of the private key by including the encrypted private key in the CertRequest in the POPOPrivKey structure or in the PKIArchiveOptions control structure. This method <bcp14>SHALL</bcp14> only be used if archival of the private key is desired.</t> <t>For a certification request message indicating cmp2021(3) in the pvno field of the PKIHeader, the encrypted private key <bcp14>MUST</bcp14> be transferred in the encryptedKey choice of POPOPrivKey (or within the PKIArchiveOptions control) in a CMS EnvelopedDatastructurestructure, as defined in <xref target="sect-5.2.2"/>.</t> <t>Note: The thisMessage choice has been deprecated in favor of encryptedKey. When using cmp2000(2) in the certification request message header for backward compatibility, the thisMessage choice of POPOPrivKey is used containing the encrypted private key in an EncryptedValue structure wrapped in a BIT STRING. This allows the necessary conveyance and protection of the private key while maintaining bits-on-the-wire compatibility with <xref target="RFC4211"/>.</t> </section> <section anchor="sect-5.2.8.3.2"> <name>Indirect Method - Encrypted Certificate</name> <t>The indirect method mentioned previously in <xref target="sect-4.3"/> demonstratesproof-of-possessionPOP of the private key by having the CA return the requested certificate in encryptedform, seeform (see <xreftarget="sect-5.2.2"/>.target="sect-5.2.2"/>). This method is indicated in the CertRequest by requesting the encrCert option in the subsequentMessage choice of POPOPrivKey.</t> <artset> <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="128" width="264" viewBox="0 0 264 128" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 16,48 L 40,48" fill="none" stroke="black"/> <path d="M 192,48 L 224,48" fill="none" stroke="black"/> <path d="M 16,64 L 40,64" fill="none" stroke="black"/> <path d="M 192,64 L 224,64" fill="none" stroke="black"/> <path d="M 16,80 L 40,80" fill="none" stroke="black"/> <path d="M 192,80 L 224,80" fill="none" stroke="black"/> <path d="M 16,96 L 40,96" fill="none" stroke="black"/> <path d="M 192,96 L 224,96" fill="none" stroke="black"/> <polygon class="arrowhead" points="232,80 220,74.4 220,85.6" fill="black" transform="rotate(0,224,80)"/> <polygon class="arrowhead" points="232,48 220,42.4 220,53.6" fill="black" transform="rotate(0,224,48)"/> <polygon class="arrowhead" points="24,96 12,90.4 12,101.6" fill="black" transform="rotate(180,16,96)"/> <polygon class="arrowhead" points="24,64 12,58.4 12,69.6" fill="black" transform="rotate(180,16,64)"/> <g class="text"> <text x="12" y="36">EE</text> <text x="240" y="36">RA/CA</text> <text x="112" y="52">req</text> <text x="72" y="68">rep</text> <text x="108" y="68">(enc</text> <text x="152" y="68">cert)</text> <text x="68" y="84">conf</text> <text x="112" y="84">(cert</text> <text x="160" y="84">hash)</text> <text x="112" y="100">ack</text> </g> </svg> </artwork> <artwork type="ascii-art"><![CDATA[ EE RA/CA ---- req ----> <--- rep (enc cert) ----- ---- conf (cert hash) ----> <--- ack ----- ]]></artwork> </artset> <t>Theend entityEE proves knowledge of the private key to the CA by providing the correct CertHash for this certificate in the certConf message. This demonstrates POP because the EE can only compute the correct CertHash if it is able to recover the encrypted certificate, and it can only recover the certificate if it is able to obtain the symmetric key using the required private key. Clearly, for this to work, the CA <bcp14>MUST NOT</bcp14> publish the certificate until the certConf message arrives (when certHash is to be used to demonstrate POP). See <xref target="sect-5.3.18"/> for furtherdetailsdetails, and see <xref target="sect-8.11"/> for security considerations regarding use ofCertificate TransparencyCT logs.</t> <t>The recipient <bcp14>SHOULD</bcp14> maintain a context of the PKI management operation, e.g., using transactionID and certReqId, to identify the private key to use when decrypting the EnvelopedData containing the newly issued certificate. The recipient may be unable to use the RecipientInfo structure as it refers to the certificate that is still encrypted. The sender <bcp14>MUST</bcp14> populate the rid field as specified byCMSCMS, and the client <bcp14>MAY</bcp14> ignore it.</t> </section> <section anchor="sect-5.2.8.3.3"> <name>Direct Method - Challenge-Response Protocol</name> <t>The direct method mentioned previously in <xref target="sect-4.3"/> demonstratesproof-of-possessionPOP of the private key by having theend entityEE engage in a challenge-response protocol (using the messages popdecc of type POPODecKeyChall and popdecr of type POPODecKeyResp; see below) between CertReqMessages and CertRepMessage. This method is indicated in the CertRequest by requesting the challengeResp option in the subsequentMessage choice of POPOPrivKey.</t> <t>Note: This method would typically be used in an environment in which an RA verifies POP and then makes a certification request to the CA on behalf of theend entity.EE. In such a scenario, the CA trusts the RA to have done POP correctly before the RA requests a certificate for theend entity.</t>EE.</t> <t>The complete protocol then looks as follows (note that req' does not necessarily encapsulate req as a nested message):</t> <artset> <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="224" width="248" viewBox="0 0 248 224" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 16,48 L 40,48" fill="none" stroke="black"/> <path d="M 88,48 L 120,48" fill="none" stroke="black"/> <path d="M 16,64 L 40,64" fill="none" stroke="black"/> <path d="M 104,64 L 120,64" fill="none" stroke="black"/> <path d="M 16,80 L 40,80" fill="none" stroke="black"/> <path d="M 96,80 L 120,80" fill="none" stroke="black"/> <path d="M 128,96 L 152,96" fill="none" stroke="black"/> <path d="M 208,96 L 232,96" fill="none" stroke="black"/> <path d="M 128,112 L 152,112" fill="none" stroke="black"/> <path d="M 200,112 L 232,112" fill="none" stroke="black"/> <path d="M 128,128 L 152,128" fill="none" stroke="black"/> <path d="M 208,128 L 232,128" fill="none" stroke="black"/> <path d="M 128,144 L 152,144" fill="none" stroke="black"/> <path d="M 200,144 L 232,144" fill="none" stroke="black"/> <path d="M 16,160 L 40,160" fill="none" stroke="black"/> <path d="M 88,160 L 120,160" fill="none" stroke="black"/> <path d="M 16,176 L 40,176" fill="none" stroke="black"/> <path d="M 96,176 L 120,176" fill="none" stroke="black"/> <path d="M 16,192 L 40,192" fill="none" stroke="black"/> <path d="M 88,192 L 120,192" fill="none" stroke="black"/> <polygon class="arrowhead" points="240,128 228,122.4 228,133.6" fill="black" transform="rotate(0,232,128)"/> <polygon class="arrowhead" points="240,96 228,90.4 228,101.6" fill="black" transform="rotate(0,232,96)"/> <polygon class="arrowhead" points="136,144 124,138.4 124,149.6" fill="black" transform="rotate(180,128,144)"/> <polygon class="arrowhead" points="136,112 124,106.4 124,117.6" fill="black" transform="rotate(180,128,112)"/> <polygon class="arrowhead" points="128,176 116,170.4 116,181.6" fill="black" transform="rotate(0,120,176)"/> <polygon class="arrowhead" points="128,80 116,74.4 116,85.6" fill="black" transform="rotate(0,120,80)"/> <polygon class="arrowhead" points="128,48 116,42.4 116,53.6" fill="black" transform="rotate(0,120,48)"/> <polygon class="arrowhead" points="24,192 12,186.4 12,197.6" fill="black" transform="rotate(180,16,192)"/> <polygon class="arrowhead" points="24,160 12,154.4 12,165.6" fill="black" transform="rotate(180,16,160)"/> <polygon class="arrowhead" points="24,64 12,58.4 12,69.6" fill="black" transform="rotate(180,16,64)"/> <g class="text"> <text x="12" y="36">EE</text> <text x="124" y="36">RA</text> <text x="236" y="36">CA</text> <text x="64" y="52">req</text> <text x="72" y="68">chall</text> <text x="68" y="84">resp</text> <text x="180" y="100">req'</text> <text x="176" y="116">rep</text> <text x="180" y="132">conf</text> <text x="176" y="148">ack</text> <text x="64" y="164">rep</text> <text x="68" y="180">conf</text> <text x="64" y="196">ack</text> </g> </svg> </artwork> <artwork type="ascii-art"><![CDATA[ EE RA CA ---- req ----> <--- chall --- ---- resp ---> ---- req' ---> <--- rep ----- ---- conf ---> <--- ack ----- <--- rep ----- ---- conf ---> <--- ack ----- ]]></artwork> </artset> <t>This protocol is obviously much longer than the exchange given in <xref target="sect-5.2.8.3.2"/>above,above but allows alocalLocal Registration Authority (LRA) to be involved and has the property that the certificate itself is not actually created until theproof-of-possessionPOP is complete. In some environments, a different order of the above messages may be required, such as the following (this may be determined by policy):</t> <artset> <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="224" width="248" viewBox="0 0 248 224" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 16,48 L 40,48" fill="none" stroke="black"/> <path d="M 88,48 L 120,48" fill="none" stroke="black"/> <path d="M 16,64 L 40,64" fill="none" stroke="black"/> <path d="M 104,64 L 120,64" fill="none" stroke="black"/> <path d="M 16,80 L 40,80" fill="none" stroke="black"/> <path d="M 96,80 L 120,80" fill="none" stroke="black"/> <path d="M 128,96 L 152,96" fill="none" stroke="black"/> <path d="M 208,96 L 232,96" fill="none" stroke="black"/> <path d="M 128,112 L 152,112" fill="none" stroke="black"/> <path d="M 200,112 L 232,112" fill="none" stroke="black"/> <path d="M 16,128 L 40,128" fill="none" stroke="black"/> <path d="M 88,128 L 120,128" fill="none" stroke="black"/> <path d="M 16,144 L 40,144" fill="none" stroke="black"/> <path d="M 96,144 L 120,144" fill="none" stroke="black"/> <path d="M 128,160 L 152,160" fill="none" stroke="black"/> <path d="M 208,160 L 232,160" fill="none" stroke="black"/> <path d="M 128,176 L 152,176" fill="none" stroke="black"/> <path d="M 200,176 L 232,176" fill="none" stroke="black"/> <path d="M 16,192 L 40,192" fill="none" stroke="black"/> <path d="M 88,192 L 120,192" fill="none" stroke="black"/> <polygon class="arrowhead" points="240,160 228,154.4 228,165.6" fill="black" transform="rotate(0,232,160)"/> <polygon class="arrowhead" points="240,96 228,90.4 228,101.6" fill="black" transform="rotate(0,232,96)"/> <polygon class="arrowhead" points="136,176 124,170.4 124,181.6" fill="black" transform="rotate(180,128,176)"/> <polygon class="arrowhead" points="136,112 124,106.4 124,117.6" fill="black" transform="rotate(180,128,112)"/> <polygon class="arrowhead" points="128,144 116,138.4 116,149.6" fill="black" transform="rotate(0,120,144)"/> <polygon class="arrowhead" points="128,80 116,74.4 116,85.6" fill="black" transform="rotate(0,120,80)"/> <polygon class="arrowhead" points="128,48 116,42.4 116,53.6" fill="black" transform="rotate(0,120,48)"/> <polygon class="arrowhead" points="24,192 12,186.4 12,197.6" fill="black" transform="rotate(180,16,192)"/> <polygon class="arrowhead" points="24,128 12,122.4 12,133.6" fill="black" transform="rotate(180,16,128)"/> <polygon class="arrowhead" points="24,64 12,58.4 12,69.6" fill="black" transform="rotate(180,16,64)"/> <g class="text"> <text x="12" y="36">EE</text> <text x="124" y="36">RA</text> <text x="236" y="36">CA</text> <text x="64" y="52">req</text> <text x="72" y="68">chall</text> <text x="68" y="84">resp</text> <text x="180" y="100">req'</text> <text x="176" y="116">rep</text> <text x="64" y="132">rep</text> <text x="68" y="148">conf</text> <text x="180" y="164">conf</text> <text x="176" y="180">ack</text> <text x="64" y="196">ack</text> </g> </svg> </artwork> <artwork type="ascii-art"><![CDATA[ EE RA CA ---- req ----> <--- chall --- ---- resp ---> ---- req' ---> <--- rep ----- <--- rep ----- ---- conf ---> ---- conf ---> <--- ack ----- <--- ack ----- ]]></artwork> </artset> <t>The challenge-response messages forproof-of-possessionPOP of a private key are specified as follows (for decryptionkeyskeys, see <xref target="MvOV97"/>, p.404 for details). This challenge-response exchange is associated with the preceding certification request message (and subsequent certification response and confirmation messages) by the transactionID used in the PKIHeader and by the protection applied to the PKIMessage.</t> <sourcecode type="asn.1"><![CDATA[ POPODecKeyChallContent ::= SEQUENCE OF Challenge Challenge ::= SEQUENCE { owf AlgorithmIdentifier OPTIONAL, witness OCTET STRING, challenge OCTET STRING, -- deprecated encryptedRand [0] EnvelopedData OPTIONAL } Rand ::= SEQUENCE { int INTEGER, sender GeneralName } ]]></sourcecode> <t>More details on the fields in this syntaxisare available in <xref target="sect-f"/>.</t> <t>For a popdecc message indicating cmp2021(3) in the pvno field of the PKIHeader, the encryption of Rand <bcp14>MUST</bcp14> be transferred in the encryptedRand field in a CMS EnvelopedData structure as defined in <xref target="sect-5.2.2"/>. The challenge field <bcp14>MUST</bcp14> contain an empty OCTET STRING.</t> <t>The recipient <bcp14>SHOULD</bcp14> maintain a context of the PKI management operation, e.g., using transactionID and certReqId, to identify the private key to use when decrypting encryptedRand. The sender <bcp14>MUST</bcp14> populate the rid field in the EnvelopedData sequence using the issuerAndSerialNumber choice containing a NULL-DN as issuer and the certReqId as serialNumber. The client <bcp14>MAY</bcp14> ignore the rid field.</t> <t>Note: The challenge field has been deprecated in favor of encryptedRand. When using cmp2000(2) in the popdecc message header for backward compatibility, the challenge field <bcp14>MUST</bcp14> contain the encryption (involving the public key for which the certification request is being made) of Rand and encryptedRand <bcp14>MUST</bcp14> be omitted. Using challenge (omitting the optional encryptedRand field) is bit-compatible with <xref target="RFC4210"/>. Note that the size of Rand, when used with challenge, needs to be appropriate for encryption, involving the public key of the requester. If, in some environment, names are so long that they cannot fit (e.g., very long DNs), then whatever portion will fit should be used (as long as it includes at least the common name, and as long as the receiver is able to deal meaningfully with the abbreviation).</t> <sourcecode type="asn.1"><![CDATA[ POPODecKeyRespContent ::= SEQUENCE OF INTEGER ]]></sourcecode> <t>On receiving the popdecc message, theend entityEE decrypts all included challenges and responds with a popdecr message containing the decrypted integer values in the same order.</t> </section> </section> <section anchor="sect-5.2.8.4"> <name>Summary ofPoPPOP Options</name> <t>The text in this section provides several options with respect to POP techniques. Using "SK" for "signing key", "EK" for "encryption key", "KAK" for "key agreement key", and "KEMK" for "key encapsulation mechanism key", the techniques may be summarized as follows:</t><artwork><![CDATA[ RAVerified; SKPOP;<ul empty="true" spacing="compact"> <li> RAVerified;</li> <li> SKPOP;</li> <li> EKPOPThisMessage; --deprecateddeprecated</li> <li> KAKPOPThisMessage; --deprecated EKPOPEncryptedKey; KAKPOPEncryptedKey; KEMKPOPEncryptedKey; KAKPOPThisMessageDHMAC; EKPOPEncryptedCert; KAKPOPEncryptedCert; KEMKPOPEncryptedCert; EKPOPChallengeResp;deprecated</li> <li> EKPOPEncryptedKey;</li> <li> KAKPOPEncryptedKey;</li> <li> KEMKPOPEncryptedKey;</li> <li> KAKPOPThisMessageDHMAC;</li> <li> EKPOPEncryptedCert;</li> <li> KAKPOPEncryptedCert;</li> <li> KEMKPOPEncryptedCert;</li> <li> EKPOPChallengeResp;</li> <li> KAKPOPChallengeResp;and KEMKPOPChallengeResp. ]]></artwork>and</li> <li> KEMKPOPChallengeResp.</li> </ul> <t>Given this array of options, it is natural to ask how anend entityEE can know what is supported by the CA/RA (i.e., which options it may use when requesting certificates). The following guidelines should clarify this situation for EE implementers.</t><t>RAVerified:<ul spacing="normal"> <li>RAVerified: This is not an EE decision; the RA uses this if and only if it has verified POP before forwarding the request on to the CA, so it is not possible for the EE to choose thistechnique.</t> <t>SKPOP:technique.</li> <li>SKPOP: If the EE has a signing key pair, this is the only POP method specified for use in the request for a correspondingcertificate.</t> <t>EKPOPThisMessagecertificate.</li> <li>EKPOPThisMessage (deprecated), KAKPOPThisMessage (deprecated), EKPOPEncryptedKey, KAKPOPEncryptedKey, KEMKPOPEncryptedKey: Whether or not to give up its private key to the CA/RA is an EE decision. If the EE decides to reveal its key, then these are the only POP methods available in this specification to achieve this (and the key pair type and protocol version used will determine which of these methods to use). The reason for deprecating EKPOPThisMessage and KAKPOPThisMessage options has been given in <xreftarget="sect-5.2.8.3.1"/>.</t> <t>KAKPOPThisMessageDHMAC:target="sect-5.2.8.3.1"/>.</li> <li>KAKPOPThisMessageDHMAC: The EE can only use this method if (1) the CA/RA has a DH certificate available for thispurpose,purpose and (2) the EE already has a copy of this certificate. If both these conditions hold, then this technique is clearly supported and may be used by the EE, ifdesired.</t> <t>EKPOPEncryptedCert,desired.</li> <li>EKPOPEncryptedCert, KAKPOPEncryptedCert, KEMKPOPEncryptedCert, EKPOPChallengeResp, KAKPOPChallengeResp, and KEMKPOPChallengeResp: The EE picks one of these (in the subsequentMessage field) in the request message, depending upon preference and key pair type. The EE is not doing POP at this point; it is simply indicating which method it wants to use. Therefore, if the CA/RA replies with a "badPOP" error, the EE can re-request using the other POP method chosen in subsequentMessage. Note, however, that this specification encourages the use of the EncryptedCert choice and, furthermore, says that the challenge-response would typically be used when an RA is involved and doing POP verification. Thus, the EE should be able to make an intelligent decision regarding which of these POP methods to choose in the requestmessage.</t>message.</li> </ul> </section> </section> <section anchor="sect-5.2.9"> <name>GeneralizedTime</name> <t>GeneralizedTime is a standard ASN.1 type and <bcp14>SHALL</bcp14> be used as specified inSection 4.1.2.5.2 of<xref section="4.1.2.5.2" target="RFC5280"/>.</t> </section> </section> <section anchor="sect-5.3"> <name>Operation-Specific Data Structures</name> <section anchor="sect-5.3.1"> <name>Initialization Request</name> <t>An Initialization request message contains as the PKIBody a CertReqMessages data structure, which specifies the requested certificate(s). Typically, SubjectPublicKeyInfo, KeyId, and Validity are the template fieldswhichthat may be supplied for each certificate requested (see the profiles defined in <xref section="4.1.1" target="RFC9483"/>Section 4.1.1,and Appendices <xreftarget="sect-c.4"/>target="sect-c.4" format="counter"/> and <xreftarget="sect-d.7"/>target="sect-d.7" format="counter"/> for further information). This message is intended to be used for entities when first initializing into the PKI.</t> <t>See <xref target="sect-5.2.1"/> and <xref target="RFC4211"/> for CertReqMessages syntax.</t> </section> <section anchor="sect-5.3.2"> <name>Initialization Response</name> <t>An Initialization response message contains as the PKIBody a CertRepMessage data structure, which has for each certificate requested a PKIStatusInfo field, a subject certificate, and possibly a private key (normally encrypted usingEnvelopedData,EnvelopedData; see <xref section="4.1.6" target="RFC9483"/>Section 4.1.6for further information).</t> <t>See <xref target="sect-5.3.4"/> for CertRepMessage syntax. Note that if the PKIMessage Protectionmessage protection is "shared secret information" (see <xref target="sect-5.1.3.1"/>), then any certificate transported in the caPubs field may be directly trusted as a root CA certificate by the initiator.</t> </section> <section anchor="sect-5.3.3"> <name>Certification Request</name> <t>A Certification request message contains as the PKIBody a CertReqMessages data structure, which specifies the requested certificates (see the profiles defined in <xref section="4.1.2" target="RFC9483"/>Section 4.1.2and <xref target="sect-c.2"/> for further information). This message is intended to be used for existing PKI entities who wish to obtain additional certificates.</t> <t>See <xref target="sect-5.2.1"/> and <xref target="RFC4211"/> for CertReqMessages syntax.</t> <t>Alternatively, the PKIBody <bcp14>MAY</bcp14> be a CertificationRequest (this structure is fully specified by the ASN.1 structure CertificationRequest given in <xreftarget="RFC2986"/>,target="RFC2986"/>; see the profiles defined in <xref section="4.1.4" target="RFC9483"/>Section 4.1.4for further information). This structure may be required for certificate requests for signing key pairs when interoperation with legacy systems is desired, but its use is strongly discouraged whenever not absolutely necessary.</t> </section> <section anchor="sect-5.3.4"> <name>Certification Response</name> <t>A Certification response message contains as the PKIBody a CertRepMessage data structure, which has a status value for each certificaterequested,requested and optionally has a CA public key, failure information, a subject certificate, and an encrypted private key.</t> <sourcecode type="asn.1"><![CDATA[ CertRepMessage ::= SEQUENCE { caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate OPTIONAL, response SEQUENCE OF CertResponse } CertResponse ::= SEQUENCE { certReqId INTEGER, status PKIStatusInfo, certifiedKeyPair CertifiedKeyPair OPTIONAL, rspInfo OCTET STRING OPTIONAL -- analogous to the id-regInfo-utf8Pairs string defined -- for regInfo in CertReqMsg [RFC4211] } CertifiedKeyPair ::= SEQUENCE { certOrEncCert CertOrEncCert, privateKey [0] EncryptedKey OPTIONAL, -- See [RFC4211] for comments on encoding. publicationInfo [1] PKIPublicationInfo OPTIONAL } CertOrEncCert ::= CHOICE { certificate [0] CMPCertificate, encryptedCert [1] EncryptedKey } ]]></sourcecode> <t>A p10cr message contains exactly one CertificationRequestInfo data structure, as specified inPKCS#10PKCS #10 <xref target="RFC2986"/>, but no certReqId. Therefore, the certReqId in the corresponding Certification Response (cp) message <bcp14>MUST</bcp14> be set to -1.</t> <t>Only one of the failInfo (in PKIStatusInfo) and certificate (in CertifiedKeyPair) fields can be present in each CertResponse (depending on the status). For some status values (e.g., waiting), neither of the optional fields will be present.</t> <t>Given an EncryptedCert and the relevant decryption key, the certificate may be obtained. The purpose of this is to allow a CA to return the value of acertificate,certificate but with the constraint that only the intended recipient can obtain the actual certificate. The benefit of this approach is that a CA may reply with a certificate even in the absence ofaproof that the requester is theend entityEE that can use the relevant private key (note that the proof is not obtained until the certConf message is received by the CA). Thus, the CA will not have to revoke that certificate in the event that something goes wrong with theproof-of-possessionPOP (but <bcp14>MAY</bcp14> do so anyway, depending upon policy).</t> <t>The use of EncryptedKey is described in <xref target="sect-5.2.2"/>.</t> <t>Note: To indicate support for EnvelopedData, the pvno cmp2021 has been introduced. Details on the usage of different protocol version numbers(pvno)are described in <xref target="sect-7"/>.</t> </section> <section anchor="sect-5.3.5"> <name>Key Update Request Content</name> <t>For key updaterequestsrequests, the CertReqMessages syntax is used. Typically, SubjectPublicKeyInfo, KeyId, and Validity are the template fields that may be supplied for each key to be updated (see the profiles defined in <xref section="4.1.3" target="RFC9483"/>Section 4.1.3and <xref target="sect-c.6"/> for further information). This message is intended to be used to request updates to existing (non-revoked and non-expired) certificates (therefore, it is sometimes referred to as a "Certificate Update" operation). An update is a replacement certificate containing either a new subject public key or the current subject public key (although the latter practice may not be appropriate for some environments).</t> <t>See <xref target="sect-5.2.1"/> and <xref target="RFC4211"/> for CertReqMessages syntax.</t> </section> <section anchor="sect-5.3.6"> <name>Key Update Response Content</name> <t>For key update responses, the CertRepMessage syntax is used. The response is identical to the initialization response.</t> <t>See <xref target="sect-5.3.4"/> for CertRepMessage syntax.</t> </section> <section anchor="sect-5.3.7"> <name>Key Recovery Request Content</name> <t>For key recoveryrequestsrequests, the syntax used is identical to the initialization request CertReqMessages. Typically, SubjectPublicKeyInfo and KeyId are the template fields that may be used to supply a signature public key for which a certificate is required.</t> <t>See <xref target="sect-5.2.1"/> and <xref target="RFC4211"/> for CertReqMessages syntax. Note that if a key history is required, the requester must supply aProtocol Encryption Keyprotocol encryption key control in the request message.</t> </section> <section anchor="sect-5.3.8"> <name>Key Recovery Response Content</name> <t>For key recovery responses, the following syntax is used. For some status values (e.g.,waiting)waiting), none of the optional fields will be present.</t> <sourcecode type="asn.1"><![CDATA[ KeyRecRepContent ::= SEQUENCE { status PKIStatusInfo, newSigCert [0] Certificate OPTIONAL, caCerts [1] SEQUENCE SIZE (1..MAX) OF Certificate OPTIONAL, keyPairHist [2] SEQUENCE SIZE (1..MAX) OF CertifiedKeyPair OPTIONAL } ]]></sourcecode> </section> <section anchor="sect-5.3.9"> <name>Revocation Request Content</name> <t>When requesting revocation of a certificate (or several certificates), the following data structure is used (see the profiles defined in <xref section="4.2" target="RFC9483"/>Section 4.2for further information). The name of the requester is present in the PKIHeader structure.</t> <sourcecode type="asn.1"><![CDATA[ RevReqContent ::= SEQUENCE OF RevDetails RevDetails ::= SEQUENCE { certDetails CertTemplate, crlEntryDetails Extensions OPTIONAL } ]]></sourcecode> </section> <section anchor="sect-5.3.10"> <name>Revocation Response Content</name> <t>The revocation response is the response to the above message. If produced, this is sent to the requester of the revocation. (A separate revocation announcement message <bcp14>MAY</bcp14> be sent to the subject of the certificate for which revocation was requested.)</t> <sourcecode type="asn.1"><![CDATA[ RevRepContent ::= SEQUENCE { status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo, revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL, crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL } ]]></sourcecode> </section> <section anchor="sect-5.3.11"><name>Cross Certification<name>Cross-Certification Request Content</name><t>Cross certification<t>Cross-certification requests use the same syntax (CertReqMessages) as normal certification requests, with the restriction that the key pair <bcp14>MUST</bcp14> have been generated by the requesting CA and the private key <bcp14>MUST NOT</bcp14> be sent to the responding CA (see the profiles defined in <xref target="sect-d.6"/> for further information). This request <bcp14>MAY</bcp14> also be used by subordinate CAs to get their certificates signed by the parent CA.</t> <t>See <xref target="sect-5.2.1"/> and <xref target="RFC4211"/> for CertReqMessages syntax.</t> </section> <section anchor="sect-5.3.12"><name>Cross Certification<name>Cross-Certification Response Content</name><t>Cross certification<t>Cross-certification responses use the same syntax (CertRepMessage) as normal certification responses, with the restriction that no encrypted private key can be sent.</t> <t>See <xref target="sect-5.3.4"/> for CertRepMessage syntax.</t> </section> <section anchor="sect-5.3.13"> <name>CA Key Update Announcement Content</name> <t>When a CA updates its own key pair, the following data structure <bcp14>MAY</bcp14> be used to announce this event.</t> <sourcecode type="asn.1"><![CDATA[ RootCaKeyUpdateContent ::= SEQUENCE { newWithNew CMPCertificate, newWithOld [0] CMPCertificate OPTIONAL, oldWithNew [1] CMPCertificate OPTIONAL } CAKeyUpdContent ::= CHOICE { cAKeyUpdAnnV2 CAKeyUpdAnnContent, -- deprecated cAKeyUpdAnnV3 [0] RootCaKeyUpdateContent } ]]></sourcecode> <t>When using RootCaKeyUpdateContent in the ckuann message, the pvno cmp2021 <bcp14>MUST</bcp14> be used. Details on the usage of theprotocol version number (pvno)pvno are described inSection 7.</t><xref target="sect-7"/>.</t> <t>In contrast to CAKeyUpdAnnContent as supported with cmp2000, RootCaKeyUpdateContent offers omitting newWithOld and oldWithNew, depending on the needs of the EE.</t> </section> <section anchor="sect-5.3.14"> <name>Certificate Announcement</name> <t>This structure <bcp14>MAY</bcp14> be used to announce the existence of certificates.</t> <t>Note that this message is intended to be used for those cases (if any) where there is no pre-existing method for publication of certificates; it is not intended to be used where, for example, X.500 is the method for publication of certificates.</t> <sourcecode type="asn.1"><![CDATA[ CertAnnContent ::= Certificate ]]></sourcecode> </section> <section anchor="sect-5.3.15"> <name>Revocation Announcement</name> <t>When a CA has revoked, or is about to revoke, a particular certificate, it <bcp14>MAY</bcp14> issue an announcement of this (possibly upcoming) event.</t> <sourcecode type="asn.1"><![CDATA[ RevAnnContent ::= SEQUENCE { status PKIStatus, certId CertId, willBeRevokedAt GeneralizedTime, badSinceDate GeneralizedTime, crlDetails Extensions OPTIONAL } ]]></sourcecode> <t>A CA <bcp14>MAY</bcp14> use such an announcement to warn (or notify) a subject that its certificate is about to be (or has been) revoked. This would typically be used where the request for revocation did not come from the subject concerned.</t> <t>The willBeRevokedAt field contains the time at which a new entry will be added to the relevant CRLs.</t> </section> <section anchor="sect-5.3.16"> <name>CRL Announcement</name> <t>When a CA issues a new CRL (or set ofCRLs)CRLs), the following data structure <bcp14>MAY</bcp14> be used to announce this event.</t> <sourcecode type="asn.1"><![CDATA[ CRLAnnContent ::= SEQUENCE OF CertificateList ]]></sourcecode> </section> <section anchor="sect-5.3.17"> <name>PKI Confirmation Content</name> <t>This data structure is used in the protocol exchange as the final PKIMessage. Its content is the same in all cases --actuallyactually, there is no content since the PKIHeader carries all the required information.</t> <sourcecode type="asn.1"><![CDATA[ PKIConfirmContent ::= NULL ]]></sourcecode> <t>Use of this message for certificate confirmation is <bcp14>NOT RECOMMENDED</bcp14>; certConf <bcp14>SHOULD</bcp14> be used instead. Upon receiving aPKIConfirmpkiconf for a certificate response, the recipient <bcp14>MAY</bcp14> treat it as a certConf with all certificates being accepted.</t> </section> <section anchor="sect-5.3.18"> <name>Certificate Confirmation Content</name> <t>This data structure is used by the client to send a confirmation to the CA/RA to accept or reject certificates.</t> <sourcecode type="asn.1"><![CDATA[ CertConfirmContent ::= SEQUENCE OF CertStatus CertStatus ::= SEQUENCE { certHash OCTET STRING, certReqId INTEGER, statusInfo PKIStatusInfo OPTIONAL, hashAlg [0] AlgorithmIdentifier{DIGEST-ALGORITHM, {...}} OPTIONAL } ]]></sourcecode> <t>The hashAlg field <bcp14>SHOULD</bcp14> be used only in exceptional cases where the signatureAlgorithm of the certificate to be confirmed does not specify a hash algorithm in the OID or in the parameters or no hash algorithm is specified for hashing certificates signed using the signatureAlgorithm. Note that forEdDSAEdDSA, a hash algorithm is specified inSection 3.3 of<xref section="3.3" target="RFC9481"/>, such that the hashAlg field is not needed for EdDSA. Otherwise, the certHash value <bcp14>SHALL</bcp14> be computed using the same hash algorithm as used to create and verify the certificate signature or as specified for hashing certificates signed using the signatureAlgorithm. If hashAlg is used, the CMP version indicated by the certConf message header must be cmp2021(3).</t> <t>For any particular CertStatus, omission of the statusInfo field indicates acceptance of the specified certificate. Alternatively, explicit status details (with respect to acceptance or rejection) <bcp14>MAY</bcp14> be provided in the statusInfo field, perhaps for auditing purposes at the CA/RA.</t> <t>Within CertConfirmContent, omission of a CertStatus structure corresponding to a certificate supplied in the previous response message indicates rejection of the certificate. Thus, an empty CertConfirmContent (a zero-length SEQUENCE) <bcp14>MAY</bcp14> be used to indicate rejection of all supplied certificates. See <xreftarget="sect-5.2.8.3.2"/>,target="sect-5.2.8.3.2"/> for a discussion of the certHash field with respect toproof-of-possession.</t>POP.</t> </section> <section anchor="sect-5.3.19"> <name>PKI General Message Content</name> <sourcecode type="asn.1"><![CDATA[ InfoTypeAndValue ::= SEQUENCE { infoType OBJECT IDENTIFIER, infoValue ANY DEFINED BY infoType OPTIONAL } -- where {id-it} = {id-pkix 4} = {1 3 6 1 5 5 7 4} GenMsgContent ::= SEQUENCE OF InfoTypeAndValue ]]></sourcecode> <section anchor="sect-5.3.19.1"> <name>CA Protocol Encryption Certificate</name> <t>This <bcp14>MAY</bcp14> be used by the EE to get a certificate from the CA to use to protect sensitive information during the protocol.</t><artwork><![CDATA[<sourcecode type="asn.1"><![CDATA[ GenMsg: {id-it 1}, < absent > GenRep: {id-it 1}, Certificate | < absent >]]></artwork>]]></sourcecode> <t>EEs <bcp14>MUST</bcp14> ensure that the correct certificate is used for this purpose.</t> </section> <section anchor="sect-5.3.19.2"> <name>Signing Key Pair Types</name> <t>This <bcp14>MAY</bcp14> be used by the EE to get the list of signaturealgorithmalgorithms whose subject public key values the CA is willing to certify.</t><artwork><![CDATA[<sourcecode type="asn.1"><![CDATA[ GenMsg: {id-it 2}, < absent > GenRep: {id-it 2}, SEQUENCE SIZE (1..MAX) OF AlgorithmIdentifier]]></artwork>]]></sourcecode> <t>Note: For the purposes of this exchange, rsaEncryption and sha256WithRSAEncryption, for example, are considered to be equivalent; the question being asked is, "Is the CA willing to certify an RSA public key?"</t> <t>Note: In case several elliptic curves are supported, several id-ecPublicKey elements as defined in <xref target="RFC5480"/> need to be given, one per named curve.</t> </section> <section anchor="sect-5.3.19.3"><name>Encryption/Key<name>Encryption / Key Agreement Key Pair Types</name> <t>This <bcp14>MAY</bcp14> be used by the client to get the list ofencryption/keyencryption / key agreement algorithms whose subject public key values the CA is willing to certify.</t><artwork><![CDATA[<sourcecode type="asn.1"><![CDATA[ GenMsg: {id-it 3}, < absent > GenRep: {id-it 3}, SEQUENCE SIZE (1..MAX) OF AlgorithmIdentifier]]></artwork>]]></sourcecode> <t>Note: In case several elliptic curves are supported, several id-ecPublicKey elements as defined in <xref target="RFC5480"/> need to be given, one per named curve.</t> </section> <section anchor="sect-5.3.19.4"> <name>Preferred Symmetric Algorithm</name> <t>This <bcp14>MAY</bcp14> be used by the client to get the CA-preferred symmetric encryption algorithm for any confidential information that needs to be exchanged between the EE and the CA (for example, if the EE wants to send its private decryption key to the CA for archival purposes).</t><artwork><![CDATA[<sourcecode type="asn.1"><![CDATA[ GenMsg: {id-it 4}, < absent > GenRep: {id-it 4}, AlgorithmIdentifier]]></artwork>]]></sourcecode> </section> <section anchor="sect-5.3.19.5"> <name>Updated CA Key Pair</name> <t>This <bcp14>MAY</bcp14> be used by the CA to announce a CA key update event.</t><artwork><![CDATA[<sourcecode type="asn.1"><![CDATA[ GenMsg: {id-it 18}, RootCaKeyUpdateValue]]></artwork>]]></sourcecode> <t>See <xref target="sect-5.3.13"/> for details of CA key update announcements.</t> </section> <section anchor="sect-5.3.19.6"> <name>CRL</name> <t>This <bcp14>MAY</bcp14> be used by the client to get a copy of the latest CRL.</t><artwork><![CDATA[<sourcecode type="asn.1"><![CDATA[ GenMsg: {id-it 6}, < absent > GenRep: {id-it 6}, CertificateList]]></artwork>]]></sourcecode> </section> <section anchor="sect-5.3.19.7"> <name>Unsupported Object Identifiers</name> <t>This is used by the server to return a list of object identifiers that it does not recognize or support from the list submitted by the client.</t><artwork><![CDATA[<sourcecode type="asn.1"><![CDATA[ GenRep: {id-it 7}, SEQUENCE SIZE (1..MAX) OF OBJECT IDENTIFIER]]></artwork>]]></sourcecode> </section> <section anchor="sect-5.3.19.8"> <name>Key Pair Parameters</name> <t>This <bcp14>MAY</bcp14> be used by the EE to request the domain parameters to use for generating the key pair for certain public-key algorithms. It can be used, for example, to request the appropriate P, Q, and G to generate the DH/DSAkey,key or to request a set of well-known elliptic curves.</t><artwork><![CDATA[<sourcecode type="asn.1"><![CDATA[ GenMsg: {id-it 10}, OBJECT IDENTIFIER -- (Algorithm object-id) GenRep: {id-it 11}, AlgorithmIdentifier | < absent >]]></artwork>]]></sourcecode> <t>An absent infoValue in the GenRep indicates that the algorithm specified in GenMsg is not supported.</t> <t>EEs <bcp14>MUST</bcp14> ensure that the parameters are acceptable to it and that the GenRep message is authenticated (to avoid substitution attacks).</t> </section> <section anchor="sect-5.3.19.9"> <name>Revocation Passphrase</name> <t>This <bcp14>MAY</bcp14> be used by the EE to send a passphrase to a CA/RA for the purpose of authenticating a later revocation request (in the case that the appropriate signing private key is no longer available to authenticate the request). See <xref target="sect-b"/> for further details on the use of this mechanism.</t><artwork><![CDATA[<sourcecode type="asn.1"><![CDATA[ GenMsg: {id-it 12}, EncryptedKey GenRep: {id-it 12}, < absent >]]></artwork>]]></sourcecode> <t>The use of EncryptedKey is described in <xref target="sect-5.2.2"/>.</t> </section> <section anchor="sect-5.3.19.10"> <name>ImplicitConfirm</name> <t>See <xref target="sect-5.1.1.1"/> for the definition and use of {id-it 13}.</t> </section> <section anchor="sect-5.3.19.11"> <name>ConfirmWaitTime</name> <t>See <xref target="sect-5.1.1.2"/> for the definition and use of {id-it 14}.</t> </section> <section anchor="sect-5.3.19.12"> <name>Original PKIMessage</name> <t>See <xref target="sect-5.1.1.3"/> for the definition and use of {id-it 15}.</t> </section> <section anchor="sect-5.3.19.13"> <name>Supported Language Tags</name> <t>This <bcp14>MAY</bcp14> be used to determine the appropriate<xref target="RFC5646"/>language tag <xref target="RFC5646"/> to use in subsequent messages. The sender sends its list of supported languages (inorder,order of mostpreferredtoleast);least preferred); the receiver returns the one it wishes to use. (Note:eachEach UTF8String <bcp14>MUST</bcp14> include a language tag.) If none of the offered tags are supported, an error <bcp14>MUST</bcp14> be returned.</t><artwork><![CDATA[<sourcecode type="asn.1"><![CDATA[ GenMsg: {id-it 16}, SEQUENCE SIZE (1..MAX) OF UTF8String GenRep: {id-it 16}, SEQUENCE SIZE (1) OF UTF8String]]></artwork>]]></sourcecode> </section> <section anchor="sect-5.3.19.14"> <name>CA Certificates</name> <t>This <bcp14>MAY</bcp14> be used by the client to get CA certificates.</t><artwork><![CDATA[<sourcecode type="asn.1"><![CDATA[ GenMsg: {id-it 17}, < absent > GenRep: {id-it 17}, SEQUENCE SIZE (1..MAX) OF CMPCertificate | < absent >]]></artwork>]]></sourcecode> </section> <section anchor="sect-5.3.19.15"> <name>Root CA Update</name> <t>This <bcp14>MAY</bcp14> be used by the client to get an update of a root CA certificate, which is provided in the body of the request message. In contrast to the ckuann message, this approach follows the request/response model.</t> <t>The EE <bcp14>SHOULD</bcp14> reference its current trust anchor in RootCaCertValue in the request body, giving the root CA certificate if available.</t><artwork><![CDATA[<sourcecode type="asn.1"><![CDATA[ GenMsg: {id-it 20}, RootCaCertValue | < absent > GenRep: {id-it 18}, RootCaKeyUpdateValue | < absent >]]></artwork>]]></sourcecode> <sourcecode type="asn.1"><![CDATA[ RootCaCertValue ::= CMPCertificate RootCaKeyUpdateValue ::= RootCaKeyUpdateContent RootCaKeyUpdateContent ::= SEQUENCE { newWithNew CMPCertificate, newWithOld [0] CMPCertificate OPTIONAL, oldWithNew [1] CMPCertificate OPTIONAL } ]]></sourcecode> <t>Note: In contrast to CAKeyUpdAnnContent (which was deprecated with pvno cmp2021), RootCaKeyUpdateContent offers omitting newWithOld and oldWithNew, depending on the needs of the EE.</t> </section> <section anchor="sect-5.3.19.16"> <name>Certificate Request Template</name> <t>This <bcp14>MAY</bcp14> be used by the client to get a template containing requirements for certificate request attributes and extensions. The controls id-regCtrl-algId and id-regCtrl-rsaKeyLen <bcp14>MAY</bcp14> contain details on the types of subject public keys the CA is willing to certify.</t> <t>The id-regCtrl-algId control <bcp14>MAY</bcp14> be used to identify a cryptographic algorithm (seeSection 4.1.2.7 of<xref section="4.1.2.7" target="RFC5280"/>) other than rsaEncryption. The algorithm field <bcp14>SHALL</bcp14> identify a cryptographic algorithm. The contents of the optional parameters field will vary according to the algorithm identified. For example, when the algorithm is set to id-ecPublicKey, the parameters identify the elliptic curve to be used; see <xref target="RFC5480"/>.</t> <t>Note: The client may specify a profile name in the certProfilefield, seefield (see <xreftarget="sect-5.1.1.4"/>.</t>target="sect-5.1.1.4"/>).</t> <t>The id-regCtrl-rsaKeyLen control <bcp14>SHALL</bcp14> be used for algorithm rsaEncryption and <bcp14>SHALL</bcp14> contain the intended modulus bit length of the RSA key.</t><artwork><![CDATA[<sourcecode type="asn.1"><![CDATA[ GenMsg: {id-it 19}, < absent > GenRep: {id-it 19}, CertReqTemplateContent | < absent >]]></artwork>]]></sourcecode> <sourcecode type="asn.1"><![CDATA[ CertReqTemplateValue ::= CertReqTemplateContent CertReqTemplateContent ::= SEQUENCE { certTemplate CertTemplate, keySpec Controls OPTIONAL } Controls ::= SEQUENCE SIZE (1..MAX) OF AttributeTypeAndValue id-regCtrl-algId OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) pkip(5) regCtrl(1) 11 } AlgIdCtrl ::= AlgorithmIdentifier{ALGORITHM, {...}} id-regCtrl-rsaKeyLen OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) pkip(5) regCtrl(1) 12 } RsaKeyLenCtrl ::= INTEGER (1..MAX) ]]></sourcecode> <t>The CertReqTemplateValue contains the prefilled certTemplate to be used for a future certificate request. The publicKey field in the certTemplate <bcp14>MUST NOT</bcp14> be used. In case the PKI management entity wishes to specify supported public-key algorithms, the keySpec field <bcp14>MUST</bcp14> be used. One AttributeTypeAndValue per supported algorithm or RSA key length <bcp14>MUST</bcp14> be used.</t> <t>Note: The controls for an ASN.1 typeisare defined inSection 6 of CRMF<xreftarget="RFC4211"/></t>section="6" target="RFC4211">CRMF</xref>.</t> </section> <section anchor="sect-5.3.19.17"> <name>CRL Update Retrieval</name> <t>This <bcp14>MAY</bcp14> be used by the client to get new CRLs, specifying the source of the CRLs and the thisUpdate value of the latest CRL it already has, if available. A CRL source is given either by a DistributionPointName or the GeneralNames of the issuing CA. The DistributionPointName should be treated as an internal pointer to identify a CRL that the server already has and not as a way to ask the server to fetch CRLs from external locations. The server <bcp14>SHALL</bcp14> only provide those CRLs that are more recent than the ones indicated by the client.</t><artwork><![CDATA[<sourcecode type="asn.1"><![CDATA[ GenMsg: {id-it 22}, SEQUENCE SIZE (1..MAX) OF CRLStatus GenRep: {id-it 23}, SEQUENCE SIZE (1..MAX) OF CertificateList | < absent >]]></artwork>]]></sourcecode> <sourcecode type="asn.1"><![CDATA[ CRLSource ::= CHOICE { dpn [0] DistributionPointName, issuer [1] GeneralNames } CRLStatus ::= SEQUENCE { source CRLSource, thisUpdate Time OPTIONAL } ]]></sourcecode> </section> <section anchor="sect-5.3.19.18"> <name>KEM Ciphertext</name> <t>This <bcp14>MAY</bcp14> be used by a PKI entity to get the KEM ciphertext for MAC-based message protection using KEM (see <xref target="sect-5.1.3.4"/>).</t> <t>The PKI entitywhichthat possesses a KEM key pair can request the ciphertext by sending an InfoTypeAndValue structure of type KemCiphertextInfo where the infoValue is absent. The ciphertext can be provided in the following genp message with an InfoTypeAndValue structure of the same type.</t><artwork><![CDATA[<sourcecode type="asn.1"><![CDATA[ GenMsg: {id-itTBD1},24}, < absent > GenRep: {id-itTBD1},24}, KemCiphertextInfo]]></artwork>]]></sourcecode> <sourcecode type="asn.1"><![CDATA[ KemCiphertextInfo ::= SEQUENCE { kem AlgorithmIdentifier{KEM-ALGORITHM, {...}}, ct OCTET STRING } ]]></sourcecode> <t>kem is the algorithm identifier of the KEM algorithm, and any associated parameters, used to generate the ciphertextct.</t>(ct).</t> <t>ct is the ciphertext output from the KEM Encapsulate function.</t><t>NOTE:<t>Note: These InfoTypeAndValue structures can also be transferred in the generalInfo field of the PKIHeader in messages of other types (see <xref target="sect-5.1.1.5"/>).</t> </section> </section> <section anchor="sect-5.3.20"> <name>PKI General Response Content</name> <sourcecode type="asn.1"><![CDATA[ GenRepContent ::= SEQUENCE OF InfoTypeAndValue ]]></sourcecode> <t>Examples of GenReps that <bcp14>MAY</bcp14> be supported include those listed in the subsections of <xref target="sect-5.3.19"/>.</t> </section> <section anchor="sect-5.3.21"> <name>Error Message Content</name> <t>This data structure <bcp14>MAY</bcp14> be used by an EE, CA, or RA to convey error information and by a PKI management entity to initiate delayed delivery of responses.</t> <sourcecode type="asn.1"><![CDATA[ ErrorMsgContent ::= SEQUENCE { pKIStatusInfo PKIStatusInfo, errorCode INTEGER OPTIONAL, errorDetails PKIFreeText OPTIONAL } ]]></sourcecode> <t>This message <bcp14>MAY</bcp14> be generated at any time during a PKI transaction. If the client sends this request, the server <bcp14>MUST</bcp14> respond with aPKIConfirm response,pkiconf response or anotherErrorMsgerror message if any part of the header is not valid.</t> <t>In case a PKI management entity sends an error message to the EE with the pKIStatusInfo field containing the status "waiting", the EE <bcp14>SHOULD</bcp14> initiate polling as described in <xref target="sect-5.3.22"/>. If the EE does not initiate polling, both sides <bcp14>MUST</bcp14> treat this message as the end of the transaction (if a transaction is in progress).</t> <t>If protection is desired on the message, the client <bcp14>MUST</bcp14> protect it using the same technique (i.e., signature or MAC) as the starting message of the transaction. The CA <bcp14>MUST</bcp14> always sign it with a signature key.</t> </section> <section anchor="sect-5.3.22"> <name>Polling Request and Response</name> <t>This pair of messages is intended to handle scenarios in which the client needs to poll the server to determine the status of an outstanding response (i.e., when the "waiting" PKIStatus has been received).</t> <sourcecode type="asn.1"><![CDATA[ PollReqContent ::= SEQUENCE OF SEQUENCE { certReqId INTEGER } PollRepContent ::= SEQUENCE OF SEQUENCE { certReqId INTEGER, checkAfter INTEGER, -- time in seconds reason PKIFreeText OPTIONAL } ]]></sourcecode> <t>Unless implicit confirmation has been requested and granted, in response to an ir, cr, p10cr, kur, krr, or ccr request message, polling is initiated with an ip, cp, kup, krp, or ccp response message containing status "waiting". For any type of request message, polling can be initiated with an error responsemessagesmessage with status "waiting". The following clauses describe how polling messages are used. It is assumed that multiple certConf messages can be sent during transactions. There will be one sent in response to each ip, cp, kup, krp, or ccp that contains a CertStatus for an issued certificate.</t> <ol spacing="normal"type="%d"><li> <t>Intype="1"> <li>In response to an ip, cp, kup, krp, or ccp message, an EE will send a certConf for all issued certificates and expect aPKIconfpkiconf for each certConf. An EE will send a pollReq message in response to each CertResponse element of an ip, cp, or kup message with status "waiting" and in response to an error message with status "waiting". Its certReqId <bcp14>MUST</bcp14> be either the index of a CertResponse data structure with status "waiting" or -1 referring to the completeresponse.</t> </li> <li> <t>Inresponse.</li> <li>In response to a pollReq, a CA/RA will return an ip, cp, kup, krp, or ccp if one or more of the still pending requested certificates are ready or the final response to some other type of request is available; otherwise, it will return apollRep.</t> </li>pollRep.</li> <li> <t>If the EE receives a pollRep, it will wait for at least the number of seconds given in the checkAfter field before sending another pollReq.</t></li> </ol> <ul empty="true"> <li> <t>[RFC-Editor: Please fix the indentation. This note belongs to 3.] Note<t>Note that the checkAfter value heavily depends on the certificate management environment. There are different possible reasons for a delayed delivery of responsemessages possible,messages, e.g., high load on the server's backend, offline transfer of messages between two PKI management entities, or required RA operator approval. Therefore, the checkAfter time can vary greatly. This should also be considered by the transfer protocol.</t> </li></ul> <ol spacing="normal" type="1"><li> <t>[RFC-Editor: Please fix the enumeration and continue with '4'.] If<li>If the EE receives an ip, cp, kup, krp, or ccp, then it will be treated in the same way as the initial response; if it receives any other response, then this will be treated as the final response to the originalrequest.</t> </li>request.</li> </ol> <t>The following client-side state machine describes polling for individual CertResponse elements at the example of an ir request message.</t> <artset> <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="464" width="504" viewBox="0 0 504 464" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 32,192 L 32,224" fill="none" stroke="black"/> <path d="M 176,384 L 176,416" fill="none" stroke="black"/> <path d="M 240,48 L 240,64" fill="none" stroke="black"/> <path d="M 240,96 L 240,112" fill="none" stroke="black"/> <path d="M 240,176 L 240,224" fill="none" stroke="black"/> <path d="M 320,384 L 320,416" fill="none" stroke="black"/> <path d="M 352,336 L 352,352" fill="none" stroke="black"/> <path d="M 352,384 L 352,416" fill="none" stroke="black"/> <path d="M 400,192 L 400,224" fill="none" stroke="black"/> <path d="M 480,384 L 480,416" fill="none" stroke="black"/> <path d="M 496,144 L 496,336" fill="none" stroke="black"/> <path d="M 296,144 L 496,144" fill="none" stroke="black"/> <path d="M 32,192 L 232,192" fill="none" stroke="black"/> <path d="M 248,192 L 400,192" fill="none" stroke="black"/> <path d="M 72,240 L 160,240" fill="none" stroke="black"/> <path d="M 328,240 L 376,240" fill="none" stroke="black"/> <path d="M 352,336 L 496,336" fill="none" stroke="black"/> <path d="M 72,368 L 104,368" fill="none" stroke="black"/> <path d="M 384,368 L 464,368" fill="none" stroke="black"/> <path d="M 176,416 L 320,416" fill="none" stroke="black"/> <path d="M 352,416 L 480,416" fill="none" stroke="black"/> <path d="M 248,272 L 288,352" fill="none" stroke="black"/> <path d="M 192,352 L 232,272" fill="none" stroke="black"/> <polygon class="arrowhead" points="472,368 460,362.4 460,373.6" fill="black" transform="rotate(0,464,368)"/> <polygon class="arrowhead" points="384,240 372,234.4 372,245.6" fill="black" transform="rotate(0,376,240)"/> <polygon class="arrowhead" points="360,384 348,378.4 348,389.6" fill="black" transform="rotate(270,352,384)"/> <polygon class="arrowhead" points="328,384 316,378.4 316,389.6" fill="black" transform="rotate(270,320,384)"/> <polygon class="arrowhead" points="304,144 292,138.4 292,149.6" fill="black" transform="rotate(180,296,144)"/> <polygon class="arrowhead" points="296,352 284,346.4 284,357.6" fill="black" transform="rotate(63.43494882292201,288,352)"/> <polygon class="arrowhead" points="256,192 244,186.4 244,197.6" fill="black" transform="rotate(180,248,192)"/> <polygon class="arrowhead" points="248,224 236,218.4 236,229.6" fill="black" transform="rotate(90,240,224)"/> <polygon class="arrowhead" points="248,112 236,106.4 236,117.6" fill="black" transform="rotate(90,240,112)"/> <polygon class="arrowhead" points="248,64 236,58.4 236,69.6" fill="black" transform="rotate(90,240,64)"/> <polygon class="arrowhead" points="240,192 228,186.4 228,197.6" fill="black" transform="rotate(0,232,192)"/> <polygon class="arrowhead" points="200,352 188,346.4 188,357.6" fill="black" transform="rotate(116.56505117707799,192,352)"/> <polygon class="arrowhead" points="80,368 68,362.4 68,373.6" fill="black" transform="rotate(180,72,368)"/> <polygon class="arrowhead" points="80,240 68,234.4 68,245.6" fill="black" transform="rotate(180,72,240)"/> <g class="text"> <text x="240" y="36">START</text> <text x="228" y="84">Send</text> <text x="260" y="84">ir</text> <text x="260" y="100">ip</text> <text x="216" y="132">Check</text> <text x="268" y="132">status</text> <text x="204" y="148">of</text> <text x="252" y="148">returned</text> <text x="240" y="164">certs</text> <text x="132" y="228">(issued)</text> <text x="336" y="228">(waiting)</text> <text x="24" y="244">Add</text> <text x="52" y="244">to</text> <text x="192" y="244">Check</text> <text x="268" y="244">CertResponse</text> <text x="400" y="244">Add</text> <text x="428" y="244">to</text> <text x="20" y="260">conf</text> <text x="60" y="260">list</text> <text x="176" y="260">for</text> <text x="212" y="260">each</text> <text x="280" y="260">certificate</text> <text x="400" y="260">pending</text> <text x="452" y="260">list</text> <text x="300" y="292">(empty</text> <text x="348" y="292">conf</text> <text x="392" y="292">list)</text> <text x="136" y="308">(conf</text> <text x="184" y="308">list)</text> <text x="396" y="324">ip</text> <text x="44" y="356">(empty</text> <text x="104" y="356">pending</text> <text x="160" y="356">list)</text> <text x="416" y="356">pollRep</text> <text x="48" y="372">END</text> <text x="132" y="372">Send</text> <text x="188" y="372">certConf</text> <text x="300" y="372">Send</text> <text x="352" y="372">pollReq</text> <text x="484" y="372">Wait</text> <text x="228" y="436">(pending</text> <text x="288" y="436">list)</text> </g> </svg> </artwork> <artwork type="ascii-art"><![CDATA[ START | v Send ir | ip v Check status of returned <------------------------+ certs | | | +------------------------>|<------------------+ | | | | | | (issued) v (waiting) | | Add to <----------- Check CertResponse ------> Add to | conf list for each certificate pending list | / \ | / \ (empty conf list) | (conf list) / \ | / \ ip | / \ +-----------------+ (empty pending list) V V | pollRep END <---- Send certConf Send pollReq---------->Wait | ^ ^ | | | | | +-----------------+ +---------------+ (pending list) ]]></artwork> </artset> <t>In the following exchange, theend entityEE is enrolling for two certificates in one request.</t> <artset> <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="672" width="560" viewBox="0 0 560 672" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 8,48 L 552,48" fill="none" stroke="black"/> <path d="M 184,80 L 200,80" fill="none" stroke="black"/> <path d="M 288,80 L 304,80" fill="none" stroke="black"/> <path d="M 184,144 L 200,144" fill="none" stroke="black"/> <path d="M 288,144 L 304,144" fill="none" stroke="black"/> <path d="M 184,192 L 200,192" fill="none" stroke="black"/> <path d="M 288,192 L 304,192" fill="none" stroke="black"/> <path d="M 184,256 L 200,256" fill="none" stroke="black"/> <path d="M 288,256 L 304,256" fill="none" stroke="black"/> <path d="M 184,304 L 200,304" fill="none" stroke="black"/> <path d="M 288,304 L 304,304" fill="none" stroke="black"/> <path d="M 184,368 L 200,368" fill="none" stroke="black"/> <path d="M 288,368 L 304,368" fill="none" stroke="black"/> <path d="M 184,416 L 200,416" fill="none" stroke="black"/> <path d="M 288,416 L 304,416" fill="none" stroke="black"/> <path d="M 184,464 L 200,464" fill="none" stroke="black"/> <path d="M 288,464 L 304,464" fill="none" stroke="black"/> <path d="M 184,496 L 200,496" fill="none" stroke="black"/> <path d="M 288,496 L 304,496" fill="none" stroke="black"/> <path d="M 184,560 L 200,560" fill="none" stroke="black"/> <path d="M 288,560 L 304,560" fill="none" stroke="black"/> <path d="M 184,608 L 200,608" fill="none" stroke="black"/> <path d="M 288,608 L 304,608" fill="none" stroke="black"/> <path d="M 184,656 L 200,656" fill="none" stroke="black"/> <path d="M 288,656 L 304,656" fill="none" stroke="black"/> <polygon class="arrowhead" points="312,608 300,602.4 300,613.6" fill="black" transform="rotate(0,304,608)"/> <polygon class="arrowhead" points="312,496 300,490.4 300,501.6" fill="black" transform="rotate(0,304,496)"/> <polygon class="arrowhead" points="312,416 300,410.4 300,421.6" fill="black" transform="rotate(0,304,416)"/> <polygon class="arrowhead" points="312,304 300,298.4 300,309.6" fill="black" transform="rotate(0,304,304)"/> <polygon class="arrowhead" points="312,192 300,186.4 300,197.6" fill="black" transform="rotate(0,304,192)"/> <polygon class="arrowhead" points="312,80 300,74.4 300,85.6" fill="black" transform="rotate(0,304,80)"/> <polygon class="arrowhead" points="296,656 284,650.4 284,661.6" fill="black" transform="rotate(180,288,656)"/> <polygon class="arrowhead" points="296,560 284,554.4 284,565.6" fill="black" transform="rotate(180,288,560)"/> <polygon class="arrowhead" points="296,464 284,458.4 284,469.6" fill="black" transform="rotate(180,288,464)"/> <polygon class="arrowhead" points="296,368 284,362.4 284,373.6" fill="black" transform="rotate(180,288,368)"/> <polygon class="arrowhead" points="296,256 284,250.4 284,261.6" fill="black" transform="rotate(180,288,256)"/> <polygon class="arrowhead" points="296,144 284,138.4 284,149.6" fill="black" transform="rotate(180,288,144)"/> <polygon class="arrowhead" points="208,608 196,602.4 196,613.6" fill="black" transform="rotate(0,200,608)"/> <polygon class="arrowhead" points="208,496 196,490.4 196,501.6" fill="black" transform="rotate(0,200,496)"/> <polygon class="arrowhead" points="208,416 196,410.4 196,421.6" fill="black" transform="rotate(0,200,416)"/> <polygon class="arrowhead" points="208,304 196,298.4 196,309.6" fill="black" transform="rotate(0,200,304)"/> <polygon class="arrowhead" points="208,192 196,186.4 196,197.6" fill="black" transform="rotate(0,200,192)"/> <polygon class="arrowhead" points="208,80 196,74.4 196,85.6" fill="black" transform="rotate(0,200,80)"/> <polygon class="arrowhead" points="192,656 180,650.4 180,661.6" fill="black" transform="rotate(180,184,656)"/> <polygon class="arrowhead" points="192,560 180,554.4 180,565.6" fill="black" transform="rotate(180,184,560)"/> <polygon class="arrowhead" points="192,464 180,458.4 180,469.6" fill="black" transform="rotate(180,184,464)"/> <polygon class="arrowhead" points="192,368 180,362.4 180,373.6" fill="black" transform="rotate(180,184,368)"/> <polygon class="arrowhead" points="192,256 180,250.4 180,261.6" fill="black" transform="rotate(180,184,256)"/> <polygon class="arrowhead" points="192,144 180,138.4 180,149.6" fill="black" transform="rotate(180,184,144)"/> <g class="text"> <text x="24" y="36">Step#</text> <text x="64" y="36">End</text> <text x="108" y="36">Entity</text> <text x="328" y="36">PKI</text> <text x="24" y="68">1</text> <text x="76" y="68">format</text> <text x="116" y="68">ir</text> <text x="24" y="84">2</text> <text x="220" y="84">ir</text> <text x="24" y="100">3</text> <text x="340" y="100">handle</text> <text x="380" y="100">ir</text> <text x="24" y="116">4</text> <text x="340" y="116">manual</text> <text x="420" y="116">intervention</text> <text x="484" y="116">is</text> <text x="364" y="132">required</text> <text x="416" y="132">for</text> <text x="452" y="132">both</text> <text x="496" y="132">certs</text> <text x="24" y="148">5</text> <text x="220" y="148">ip</text> <text x="24" y="164">6</text> <text x="80" y="164">process</text> <text x="124" y="164">ip</text> <text x="24" y="180">7</text> <text x="76" y="180">format</text> <text x="136" y="180">pollReq</text> <text x="24" y="196">8</text> <text x="240" y="196">pollReq</text> <text x="24" y="212">9</text> <text x="336" y="212">check</text> <text x="388" y="212">status</text> <text x="428" y="212">of</text> <text x="460" y="212">cert</text> <text x="520" y="212">requests,</text> <text x="380" y="228">certificates</text> <text x="448" y="228">not</text> <text x="488" y="228">ready</text> <text x="20" y="244">10</text> <text x="340" y="244">format</text> <text x="400" y="244">pollRep</text> <text x="20" y="260">11</text> <text x="240" y="260">pollRep</text> <text x="20" y="276">12</text> <text x="68" y="276">wait</text> <text x="20" y="292">13</text> <text x="76" y="292">format</text> <text x="136" y="292">pollReq</text> <text x="20" y="308">14</text> <text x="240" y="308">pollReq</text> <text x="20" y="324">15</text> <text x="336" y="324">check</text> <text x="388" y="324">status</text> <text x="428" y="324">of</text> <text x="460" y="324">cert</text> <text x="520" y="324">requests,</text> <text x="344" y="340">one</text> <text x="408" y="340">certificate</text> <text x="468" y="340">is</text> <text x="504" y="340">ready</text> <text x="20" y="356">16</text> <text x="340" y="356">format</text> <text x="380" y="356">ip</text> <text x="20" y="372">17</text> <text x="220" y="372">ip</text> <text x="20" y="388">18</text> <text x="76" y="388">handle</text> <text x="116" y="388">ip</text> <text x="20" y="404">19</text> <text x="76" y="404">format</text> <text x="140" y="404">certConf</text> <text x="20" y="420">20</text> <text x="244" y="420">certConf</text> <text x="20" y="436">21</text> <text x="340" y="436">handle</text> <text x="404" y="436">certConf</text> <text x="20" y="452">22</text> <text x="340" y="452">format</text> <text x="384" y="452">ack</text> <text x="20" y="468">23</text> <text x="240"y="468">pkiConf</text>y="468">pkiconf</text> <text x="20" y="484">24</text> <text x="76" y="484">format</text> <text x="136" y="484">pollReq</text> <text x="20" y="500">25</text> <text x="240" y="500">pollReq</text> <text x="20" y="516">26</text> <text x="336" y="516">check</text> <text x="388" y="516">status</text> <text x="428" y="516">of</text> <text x="492" y="516">certificate,</text> <text x="376" y="532">certificate</text> <text x="436" y="532">is</text> <text x="472" y="532">ready</text> <text x="20" y="548">27</text> <text x="340" y="548">format</text> <text x="380" y="548">ip</text> <text x="20" y="564">28</text> <text x="220" y="564">ip</text> <text x="20" y="580">29</text> <text x="76" y="580">handle</text> <text x="116" y="580">ip</text> <text x="20" y="596">30</text> <text x="76" y="596">format</text> <text x="140" y="596">certConf</text> <text x="20" y="612">31</text> <text x="244" y="612">certConf</text> <text x="20" y="628">32</text> <text x="340" y="628">handle</text> <text x="404" y="628">certConf</text> <text x="20" y="644">33</text> <text x="340" y="644">format</text> <text x="384" y="644">ack</text> <text x="20" y="660">34</text> <text x="240"y="660">pkiConf</text>y="660">pkiconf</text> </g> </svg> </artwork> <artwork type="ascii-art"><![CDATA[ Step# End Entity PKI --------------------------------------------------------------------- 1 format ir 2 --> ir --> 3 handle ir 4 manual intervention is required for both certs 5 <-- ip <-- 6 process ip 7 format pollReq 8 --> pollReq --> 9 check status of cert requests, certificates not ready 10 format pollRep 11 <-- pollRep <-- 12 wait 13 format pollReq 14 --> pollReq --> 15 check status of cert requests, one certificate is ready 16 format ip 17 <-- ip <-- 18 handle ip 19 format certConf 20 --> certConf --> 21 handle certConf 22 format ack 23 <--pkiConfpkiconf <-- 24 format pollReq 25 --> pollReq --> 26 check status of certificate, certificate is ready 27 format ip 28 <-- ip <-- 29 handle ip 30 format certConf 31 --> certConf --> 32 handle certConf 33 format ack 34 <--pkiConfpkiconf <-- ]]></artwork> </artset> <t>The following client-side state machine describes polling for a complete response message.</t> <artset> <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="416" width="520" viewBox="0 0 520 416" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 8,192 L 8,288" fill="none" stroke="black"/> <path d="M 104,96 L 104,176" fill="none" stroke="black"/> <path d="M 104,208 L 104,280" fill="none" stroke="black"/> <path d="M 272,48 L 272,80" fill="none" stroke="black"/> <path d="M 272,288 L 272,320" fill="none" stroke="black"/> <path d="M 272,352 L 272,368" fill="none" stroke="black"/> <path d="M 440,96 L 440,288" fill="none" stroke="black"/> <path d="M 104,96 L 192,96" fill="none" stroke="black"/> <path d="M 344,96 L 440,96" fill="none" stroke="black"/> <path d="M 8,192 L 64,192" fill="none" stroke="black"/> <path d="M 8,288 L 264,288" fill="none" stroke="black"/> <path d="M 280,288 L 440,288" fill="none" stroke="black"/> <polygon class="arrowhead" points="288,288 276,282.4 276,293.6" fill="black" transform="rotate(180,280,288)"/> <polygon class="arrowhead" points="280,368 268,362.4 268,373.6" fill="black" transform="rotate(90,272,368)"/> <polygon class="arrowhead" points="280,320 268,314.4 268,325.6" fill="black" transform="rotate(90,272,320)"/> <polygon class="arrowhead" points="280,80 268,74.4 268,85.6" fill="black" transform="rotate(90,272,80)"/> <polygon class="arrowhead" points="272,288 260,282.4 260,293.6" fill="black" transform="rotate(0,264,288)"/> <polygon class="arrowhead" points="112,280 100,274.4 100,285.6" fill="black" transform="rotate(90,104,280)"/> <polygon class="arrowhead" points="112,176 100,170.4 100,181.6" fill="black" transform="rotate(90,104,176)"/> <polygon class="arrowhead" points="72,192 60,186.4 60,197.6" fill="black" transform="rotate(0,64,192)"/> <g class="text"> <text x="272" y="36">Start</text> <text x="300" y="68">Send</text> <text x="352" y="68">request</text> <text x="232" y="100">Receive</text> <text x="300" y="100">response</text> <text x="208" y="132">ip/cp/kup/krp/ccp/error</text> <text x="324" y="132">with</text> <text x="472" y="132">other</text> <text x="140" y="148">status</text> <text x="208" y="148">"waiting"</text> <text x="484" y="148">response</text> <text x="104" y="196">Polling</text> <text x="132" y="228">Send</text> <text x="184" y="228">pollReq</text> <text x="144" y="244">Receive</text> <text x="212" y="244">response</text> <text x="64" y="308">pollRep</text> <text x="136" y="308">other</text> <text x="196" y="308">response</text> <text x="244" y="340">Handle</text> <text x="308" y="340">response</text> <text x="272" y="388">End</text> </g> </svg> </artwork> <artwork type="ascii-art"><![CDATA[ Start | | Send request v +----------- Receive response ------------+ | | | ip/cp/kup/krp/ccp/error with | other | status "waiting" | response | | v | +------> Polling | | | | | | Send pollReq | | | Receive response | | | | | v | +-----------+------------------->+<-------------------+ pollRep other response | v Handle response | v End ]]></artwork> </artset> <t>In the following exchange, theend entityEE is sending a general message request, and the response is delayed by the server.</t> <artset> <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="448" width="560" viewBox="0 0 560 448" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 8,48 L 552,48" fill="none" stroke="black"/> <path d="M 176,80 L 192,80" fill="none" stroke="black"/> <path d="M 272,80 L 288,80" fill="none" stroke="black"/> <path d="M 176,160 L 192,160" fill="none" stroke="black"/> <path d="M 272,160 L 288,160" fill="none" stroke="black"/> <path d="M 176,208 L 192,208" fill="none" stroke="black"/> <path d="M 272,208 L 288,208" fill="none" stroke="black"/> <path d="M 176,288 L 192,288" fill="none" stroke="black"/> <path d="M 272,288 L 288,288" fill="none" stroke="black"/> <path d="M 176,336 L 192,336" fill="none" stroke="black"/> <path d="M 272,336 L 288,336" fill="none" stroke="black"/> <path d="M 176,416 L 192,416" fill="none" stroke="black"/> <path d="M 272,416 L 288,416" fill="none" stroke="black"/> <polygon class="arrowhead" points="296,336 284,330.4 284,341.6" fill="black" transform="rotate(0,288,336)"/> <polygon class="arrowhead" points="296,208 284,202.4 284,213.6" fill="black" transform="rotate(0,288,208)"/> <polygon class="arrowhead" points="296,80 284,74.4 284,85.6" fill="black" transform="rotate(0,288,80)"/> <polygon class="arrowhead" points="280,416 268,410.4 268,421.6" fill="black" transform="rotate(180,272,416)"/> <polygon class="arrowhead" points="280,288 268,282.4 268,293.6" fill="black" transform="rotate(180,272,288)"/> <polygon class="arrowhead" points="280,160 268,154.4 268,165.6" fill="black" transform="rotate(180,272,160)"/> <polygon class="arrowhead" points="200,336 188,330.4 188,341.6" fill="black" transform="rotate(0,192,336)"/> <polygon class="arrowhead" points="200,208 188,202.4 188,213.6" fill="black" transform="rotate(0,192,208)"/> <polygon class="arrowhead" points="200,80 188,74.4 188,85.6" fill="black" transform="rotate(0,192,80)"/> <polygon class="arrowhead" points="184,416 172,410.4 172,421.6" fill="black" transform="rotate(180,176,416)"/> <polygon class="arrowhead" points="184,288 172,282.4 172,293.6" fill="black" transform="rotate(180,176,288)"/> <polygon class="arrowhead" points="184,160 172,154.4 172,165.6" fill="black" transform="rotate(180,176,160)"/> <g class="text"> <text x="24" y="36">Step#</text> <text x="64" y="36">End</text> <text x="108" y="36">Entity</text> <text x="328" y="36">PKI</text> <text x="24" y="68">1</text> <text x="76" y="68">format</text> <text x="124" y="68">genm</text> <text x="24" y="84">2</text> <text x="220" y="84">genm</text> <text x="24" y="100">3</text> <text x="316" y="100">handle</text> <text x="364" y="100">genm</text> <text x="24" y="116">4</text> <text x="312" y="116">delay</text> <text x="348" y="116">in</text> <text x="396" y="116">response</text> <text x="444" y="116">is</text> <text x="496" y="116">necessary</text> <text x="24" y="132">5</text> <text x="316" y="132">format</text> <text x="368" y="132">error</text> <text x="424" y="132">message</text> <text x="496" y="132">"waiting"</text> <text x="324" y="148">with</text> <text x="384" y="148">certReqId</text> <text x="440" y="148">set</text> <text x="468" y="148">to</text> <text x="492" y="148">-1</text> <text x="24" y="164">6</text> <text x="224" y="164">error</text> <text x="24" y="180">7</text> <text x="80" y="180">process</text> <text x="136" y="180">error</text> <text x="24" y="196">8</text> <text x="76" y="196">format</text> <text x="136" y="196">pollReq</text> <text x="24" y="212">9</text> <text x="232" y="212">pollReq</text> <text x="20" y="228">10</text> <text x="312" y="228">check</text> <text x="364" y="228">status</text> <text x="404" y="228">of</text> <text x="452" y="228">original</text> <text x="524" y="228">request,</text> <text x="336" y="244">general</text> <text x="400" y="244">message</text> <text x="468" y="244">response</text> <text x="520" y="244">not</text> <text x="328" y="260">ready</text> <text x="20" y="276">11</text> <text x="316" y="276">format</text> <text x="376" y="276">pollRep</text> <text x="20" y="292">12</text> <text x="232" y="292">pollRep</text> <text x="20" y="308">13</text> <text x="68" y="308">wait</text> <text x="20" y="324">14</text> <text x="76" y="324">format</text> <text x="136" y="324">pollReq</text> <text x="20" y="340">15</text> <text x="232" y="340">pollReq</text> <text x="20" y="356">16</text> <text x="312" y="356">check</text> <text x="364" y="356">status</text> <text x="404" y="356">of</text> <text x="452" y="356">original</text> <text x="524" y="356">request,</text> <text x="336" y="372">general</text> <text x="400" y="372">message</text> <text x="468" y="372">response</text> <text x="516" y="372">is</text> <text x="328" y="388">ready</text> <text x="20" y="404">17</text> <text x="316" y="404">format</text> <text x="364" y="404">genp</text> <text x="20" y="420">18</text> <text x="220" y="420">genp</text> <text x="20" y="436">19</text> <text x="76" y="436">handle</text> <text x="124" y="436">genp</text> </g> </svg> </artwork> <artwork type="ascii-art"><![CDATA[ Step# End Entity PKI --------------------------------------------------------------------- 1 format genm 2 --> genm --> 3 handle genm 4 delay in response is necessary 5 format error message "waiting" with certReqId set to -1 6 <-- error <-- 7 process error 8 format pollReq 9 --> pollReq --> 10 check status of original request, general message response not ready 11 format pollRep 12 <-- pollRep <-- 13 wait 14 format pollReq 15 --> pollReq --> 16 check status of original request, general message response is ready 17 format genp 18 <-- genp <-- 19 handle genp ]]></artwork> </artset> </section> </section> </section> <section anchor="sect-6"> <name>Mandatory PKI Management Functions</name> <t>Some of the PKI management functions outlined in <xref target="sect-3.1"/> are described in this section.</t> <t>This section deals with functions that are "mandatory" in the sense that allend entityEE and CA/RA implementations <bcp14>MUST</bcp14> be able to provide the functionality described. This part is effectively the profile of the PKI management functionality that <bcp14>MUST</bcp14> be supported. Note, however, that the management functions described in this section do not need to be accomplished using the PKI messages defined in <xref target="sect-5"/> if alternate means are suitable for a given environment. See <xref section="7" target="RFC9483"/>Section 7and <xref target="sect-c"/> for profiles of the PKIMessage structures that <bcp14>MUST</bcp14> be supported for specific use cases.</t> <section anchor="sect-6.1"> <name>Root CA Initialization</name> <t>[See <xref target="sect-3.1.1.2"/> for this document's definition of "root CA".]</t> <t>If a newly created root CA is at the top of a PKI hierarchy, it usually produces a "self-certificate", which is a certificate structure with the profile defined for the "newWithNew" certificate issued following a root CA key update.</t> <t>In order to make the CA's self-certificate useful toend entitiesEEs that do not acquire the self-certificate via "out-of-band" means, the CA must also produce a fingerprint for its certificate.End entitiesEEs that acquire this fingerprint securely via some "out-of-band" means can then verify the CA's self-certificate and, hence, the other attributes contained therein.</t> <t>The data structure used to carry the fingerprint may be theOOBCertHash, seeOOBCertHash (see <xreftarget="sect-5.2.5"/>.</t>target="sect-5.2.5"/>).</t> </section> <section anchor="sect-6.2"> <name>Root CA Key Update</name> <t>CA keys (as all other keys) have a finite lifetime and will have to be updated on a periodic basis. The certificates NewWithNew, NewWithOld, and OldWithNew (see <xref target="sect-4.4.1"/>) <bcp14>MAY</bcp14> be issued by the CA to aid existingend entitiesEEs who hold the current root CA certificate (OldWithOld) to transition securely to the new root CA certificate(NewWithNew),(NewWithNew) and to aid newend entitiesEEs who will hold NewWithNew to acquire OldWithOld securely for verification of existing data.</t> </section> <section anchor="sect-6.3"> <name>Subordinate CA Initialization</name> <t>[See <xref target="sect-3.1.1.2"/> for this document's definition of "subordinate CA".]</t> <t>From the perspective of PKI management protocols, the initialization of a subordinate CA is the same as the initialization of anend entity.EE. The only difference is that the subordinate CA must also produce an initial revocation list.</t> </section> <section anchor="sect-6.4"> <name>CRLproduction</name>Production</name> <t>Before issuing any certificates, a newly established CA (which issues CRLs) must produce "empty" versions of eachCRLCRL, which are to be periodically produced.</t> </section> <section anchor="sect-6.5"> <name>PKI Information Request</name> <t>When a PKI entity (CA, RA, or EE) wishes to acquire information about the current status of a CA, it <bcp14>MAY</bcp14> send that CA a request for such information.</t> <t>The CA <bcp14>MUST</bcp14> respond to the request by providing (at least) all of the information requested by the requester. If some of the information cannot be provided, then an error must be conveyed to the requester.</t> <t>If PKIMessages are used to request and supply this PKI information, then the request <bcp14>MUST</bcp14> be the GenMsg message, the response <bcp14>MUST</bcp14> be the GenRep message, and the error <bcp14>MUST</bcp14> be the Error message. These messages are protected using a MAC based on shared secret information (e.g., password-basedMAC,MAC; seeCMP Algorithms<xreftarget="RFC9481"/> Section 6.1)section="6.1" target="RFC9481">"CMP Algorithms"</xref>) or using any asymmetric authentication means such as a signature (if theend entityEE has an existing certificate).</t> </section> <section anchor="sect-6.6"><name>Cross Certification</name><name>Cross-Certification</name> <t>The requester CA is the CA that will become the subject of the cross-certificate; the responder CA will become the issuer of the cross-certificate.</t> <t>The requester CA must be "up and running" before initiating the cross-certification operation.</t> <section anchor="sect-6.6.1"> <name>One-Way Request-ResponseScheme:</name>Scheme</name> <t>The cross-certification scheme is essentially aone wayone-way operation; that is, when successful, this operation results in the creation of one new cross-certificate. If the requirement is that cross-certificates be created in "both directions", then each CA, in turn, must initiate a cross-certification operation (or use another scheme).</t> <t>This scheme is suitable where the two CAs in question can already verify each other's signatures (they have some common points of trust) or where there is an out-of-band verification of the origin of the certification request.</t> <t>Detailed Description:</t><t>Cross certification<t indent="3">Cross-certification is initiated at one CA known as the responder. The CA administrator for the responder identifies the CA it wants tocross certifycross-certify and the responder CA equipment generates an authorization code. The responder CA administrator passes this authorization code by out-of-band means to the requester CA administrator. The requester CA administrator enters the authorization code at the requester CA in order to initiate theon-lineonline exchange.</t><t>The<t indent="3">The authorization code is used for authentication and integrity purposes. This is done by generating a symmetric key based on the authorization code and using the symmetric key for generatingMessage Authentication Codes (MACs)MACs) on all messages exchanged. (Authentication may alternatively be done using signatures instead of MACs, if the CAs are able to retrieve and validate the required public keys by some means, such as an out-of-band hash comparison.)</t><t>The<t indent="3">The requester CA initiates the exchange by generating a cross-certification request (ccr) with a fresh random number (requester random number). The requester CA then sends the ccr message to the responder CA. The fields in this message are protected from modification with a MAC based on the authorization code.</t><t>Upon<t indent="3">Upon receipt of the ccr message, the responder CA validates the message and the MAC, saves the requester random number, and generates its own random number (responder random number). It then generates (and archives, if desired) a new requester certificate that contains the requester CA public key and is signed with the responder CA signature private key. The responder CA responds with thecross certificationcross-certification response (ccp) message. The fields in this message are protected from modification with a MAC based on the authorization code.</t><t>Upon<t indent="3">Upon receipt of the ccp message, the requester CA validates the message (including the received random numbers) and the MAC. The requester CA responds with the certConf message. The fields in this message are protected from modification with a MAC based on the authorization code. The requester CA <bcp14>MAY</bcp14> write the requester certificate to the Repository as an aid to later certificate path construction.</t><t>Upon<t indent="3">Upon receipt of the certConf message, the responder CA validates the message and theMAC,MAC and sends back an acknowledgement using thePKIConfirmpkiconf message. It <bcp14>MAY</bcp14> also publish the requester certificate as an aid to later path construction.</t> <t>Notes:</t> <ol spacing="normal" type="1"><li> <t>The ccr message must contain a "complete" certification request; that is, all fields except the serial number (including, e.g., a BasicConstraints extension) must be specified by the requester CA.</t> </li> <li> <t>The ccp message <bcp14>SHOULD</bcp14> contain the verification certificate of the responder CA; if present, the requester CA must then verify this certificate (for example, via the "out-of-band" mechanism).</t> </li> </ol> <t>(A simpler, non-interactive model of cross-certification may also be envisioned, in which the issuing CA acquires the subject CA's public key from some repository, verifies it via some out-of-band mechanism, and creates and publishes the cross-certificate without the subject CA's explicit involvement. This model may be perfectly legitimate for many environments, but since it does not require any protocol message exchanges, its detailed description is outside the scope of this specification.)</t> </section> </section> <section anchor="sect-6.7"> <name>End Entity Initialization</name> <t>As with CAs,end entitiesEEs must be initialized. Initialization ofend entitiesEEs requires at least two steps:</t> <ul spacing="normal"> <li> <t>acquisition of PKI information</t> </li> <li> <t>out-of-band verification of one root-CA public key</t> </li> </ul><t>(other<t>(Other possible steps include the retrieval of trust condition information and/or out-of-band verification of other CA publickeys).</t>keys.)</t> <section anchor="sect-6.7.1"> <name>Acquisition of PKI Information</name> <t>The information <bcp14>REQUIRED</bcp14> is:</t> <ul spacing="normal"> <li> <t>the current root-CA public key</t> </li> <li> <t>(if the certifying CA is not a root-CA) the certification path from the root CA to the certifying CA together with appropriate revocation lists</t> </li> <li> <t>the algorithms and algorithm parameters that the certifying CA supports for each relevant usage</t> </li> </ul> <t>Additional information could be required (e.g., supported extensions or CA policy information) in order to produce a certification request that will be successful. However, forsimplicitysimplicity, we do not mandate that theend entityEE acquires this information via the PKI messages. The end result is simply that some certification requests may fail (e.g., if theend entityEE wants to generate its own encryption key, but the CA doesn't allow that).</t> <t>The required information <bcp14>MAY</bcp14> be acquired as described in <xref target="sect-6.5"/>.</t> </section> <section anchor="sect-6.7.2"> <name>Out-of-Band Verification of the Root CA Key</name> <t>Anend entityEE must securely possess the public key of its root CA. One method to achieve this is to provide theend entityEE with the CA's self-certificate fingerprint via some secure "out-of-band" means. Theend entityEE can then securely use the CA's self-certificate.</t> <t>See <xref target="sect-6.1"/> for further details.</t> </section> </section> <section anchor="sect-6.8"> <name>Certificate Request</name> <t>An initializedend entityEE <bcp14>MAY</bcp14> request an additional certificate at any time (for any purpose). This request will be made using the certification request (cr) message. If theend entityEE already possesses a signing key pair (with a corresponding verification certificate), then this cr message will typically be protected by the entity's digital signature. The CA returns the new certificate (if the request is successful) in a CertRepMessage.</t> </section> <section anchor="sect-6.9"> <name>Key Update</name> <t>When a key pair is due to expire, the relevantend entityEE <bcp14>MAY</bcp14> request a key update; that is, it <bcp14>MAY</bcp14> request that the CA issue a new certificate for a new key pair (or, in certain circumstances, a new certificate for the same key pair). The request is made using a key update request (kur) message (referred to, in some environments, as a "Certificate Update" operation). If theend entityEE already possesses a signing key pair (with a corresponding verification certificate), then this message will typically be protected by the entity's digital signature. The CA returns the new certificate (if the request is successful) in a key update response (kup) message, which is syntactically identical to a CertRepMessage.</t> </section> </section> <section anchor="sect-7"> <name>Version Negotiation</name> <t>This section defines the version negotiation used to support older protocols betweenclientclients and servers.</t> <t>If a client knows the protocol version(s) supported by the server (e.g., from a previous PKIMessage exchange or via some out-of-band means), then it <bcp14>MUST</bcp14> send a PKIMessage with the highest version supported by both it and the server. If a client does not know what version(s) the server supports, then it <bcp14>MUST</bcp14> send a PKIMessage using the highest version it supports with the following exception:versionVersion cmp2021 <bcp14>SHOULD</bcp14> only be used if cmp2021 syntax is needed for the request being sent or for the expected response.</t> <t>Note: Using cmp2000 as the default pvno is done to avoid extra message exchanges for version negotiation and to foster compatibility with cmp2000 implementations. Version cmp2021 syntax is only needed if a message exchange uses EnvelopedData, hashAlg (in CertStatus), POPOPrivKey with agreeMAC, or ckuann with RootCaKeyUpdateContent.</t> <t>If a server receives a message with a version that it supports, then the version of the response message <bcp14>MUST</bcp14> be the same as the received version. If a server receives a message with a version higher or lower than it supports, then it <bcp14>MUST</bcp14> send back an ErrorMsg with the unsupportedVersion bit set (in the failureInfo field of the pKIStatusInfo). If the received version is higher than the highest supported version, then the version in the error message <bcp14>MUST</bcp14> be the highest version the server supports; if the received version is lower than the lowest supportedversionversion, then the version in the error message <bcp14>MUST</bcp14> be the lowest version the server supports.</t> <t>If a client gets back an ErrorMsgContent with the unsupportedVersion bit set and a version it supports, then it <bcp14>MAY</bcp14> retry the request with that version.</t> <section anchor="sect-7.1"> <name>Supporting RFC 2510 Implementations</name><t>RFC 2510<t><xref target="RFC2510"/> did not specify the behavior of implementations receiving versions they did not understand since there was only one version in existence. With the introduction of the revision in <xref target="RFC4210"/>, the following versioningbehaviourbehavior is recommended.</t> <section anchor="sect-7.1.1"> <name>Clients Talking to RFC 2510 Servers</name> <t>If, after sending a message with aprotocol version numberpvno higher than cmp1999, a client receives an ErrorMsgContent with a version of cmp1999, then it <bcp14>MUST</bcp14> abort the current transaction.</t> <t>If a client receives a non-error PKIMessage with a version of cmp1999, then it <bcp14>MAY</bcp14> decide to continue the transaction (if the transaction hasn't finished) usingRFC 2510 semantics.the semantics described in <xref target="RFC2510"/>. If it does not choose to do so and the transaction is not finished, then it <bcp14>MUST</bcp14> abort the transaction and send an ErrorMsgContent with a version of cmp1999.</t> </section> <section anchor="sect-7.1.2"> <name>Servers Receiving Version cmp1999 PKIMessages</name> <t>If a server receives a version cmp1999messagemessage, it <bcp14>MAY</bcp14> revert toRFC 2510 behaviourthe behavior described in <xref target="RFC2510"/> and respond with version cmp1999 messages. If it does not choose to do so, then it <bcp14>MUST</bcp14> send back an ErrorMsgContent as described above in <xref target="sect-7"/>.</t> </section> </section> </section> <section anchor="sect-8"> <name>Security Considerations</name> <section anchor="sect-8.1"> <name>On the Necessity ofProof-Of-Possession</name>POP</name> <t>It is well established that the role of aCertification AuthorityCA is to verify that the name and public key belong to theend entityEE prior to issuing a certificate. If an entity holding a private key obtains a certificate containing the corresponding public key issued for a different entity, it can authenticate as the entity named in the certificate. This facilitates masquerading. It is not entirely clear what security guarantees are lost if anend entityEE is able to obtain a certificate containing a public key that they do not possess the corresponding private key for. There are some scenarios, described as "forwarding attacks" in Appendix A of <xref target="Gueneysu"/>, in which this can lead to protocol attacks against anaively-implementednaively implemented sign-then-encrypt protocol, but ingeneralgeneral, it merely results in theend entityEE obtaining a certificate that theycan notcannot use.</t> </section> <section anchor="sect-8.2"><name>Proof-Of-Possession<name>POP with a Decryption Key</name> <t>Some cryptographic considerations are worth explicitly spelling out. In the protocols specified above, when anend entityEE is required to prove possession of a decryption key, it is effectively challenged to decrypt something (its own certificate). This scheme (and many others!) could be vulnerable to an attack if the possessor of the decryption key in question could be fooled into decrypting an arbitrary challenge and returning the cleartext to an attacker. Although in this specification a number of other failures in security are required in order for this attack to succeed, it is conceivable that some future services (e.g., notary, trusted time) could potentially be vulnerable to such attacks. For this reason, we reiterate the general rule that implementations should be very careful about decrypting arbitrary "ciphertext" and revealing recovered "plaintext" since such a practice can lead to serious security vulnerabilities.</t> <t>The client <bcp14>MUST</bcp14> return the decrypted values only if they match the expected content type. In anIndirect Method,indirect method, the decrypted value <bcp14>MUST</bcp14> be a valid certificate, and inthe Direct Method,a direct method, the decrypted value <bcp14>MUST</bcp14> be a Rand as defined in <xref target="sect-5.2.8.3.3"/>.</t> </section> <section anchor="sect-8.3"><name>Proof-Of-Possession<name>POP by Exposing the Private Key</name> <t>Note also that exposing a private key to the CA/RA as aproof-of-possessionPOP technique can carry some security risks (depending upon whether or not the CA/RA can be trusted to handle such material appropriately). Implementers are advised to:</t> <ul spacing="normal"> <li> <t>Exercise caution in selecting and using this particular POP mechanism.</t> </li> <li> <t>Only use this POP mechanism if archival of the private key is desired.</t> </li> <li> <t>When appropriate, have the user of the application explicitly state that they are willing to trust the CA/RA to have a copy of their private key before proceeding to reveal the private key.</t> </li> </ul> </section> <section anchor="sect-8.4"> <name>Attack AgainstDiffie-HellmanDH Key Exchange</name> <t>A small subgroup attack during aDiffie-HellmanDH key exchange may be carried out as follows. A maliciousend entityEE may deliberately chooseD-HDH parameters that enable it to derive (a significant number of bits of) theD-HDH private key of the CA during a key archival or key recovery operation. Armed with this knowledge, the EE would then be able to retrieve the decryption private key of another unsuspectingend entity,EE, EE2, during EE2's legitimate key archival or key recovery operation with that CA. In order to avoid the possibility of such an attack, two courses of action are available. (1) The CA may generate a freshD-HDH key pair to be used as a protocol encryption key pair for each EE with which it interacts. (2) The CA may enter into a key validation protocol (not specified in this document) with each requestingend entityEE to ensure that the EE's protocol encryption key pair will not facilitate this attack. Option (1) is clearly simpler (requiring no extra protocol exchanges from either party) and is therefore <bcp14>RECOMMENDED</bcp14>.</t> </section> <section anchor="sect-8.5"> <name>Perfect Forward Secrecy</name> <t>Long-term security typically requires perfect forward secrecy (pfs). When transferring encrypted long-term confidential values such as centrally generated private keys or revocation passphrases, pfslikelyis likely important.YetYet, it is not needed for CMP message protection providing integrity and authenticity because transfer of PKI messages is usually completed in very limited time. For the samereasonreason, ittypicallyis not typically required for the indirect methodof providingto provide a POP<xref target="sect-5.2.8.3.2"/>(<xref target="sect-5.2.8.3.2"/>) delivering the newly issued certificate in encrypted form.</t> <t>Encrypted values<xref target="sect-5.2.2"/>(<xref target="sect-5.2.2"/>) are transferred using CMS EnvelopedData <xref target="RFC5652"/>, which does not offer pfs. In cases where long-term security is needed, CMP messages <bcp14>SHOULD</bcp14> be transferred over a mechanism that provides pfs, such as TLS with appropriate cipher suites selected.</t> </section> <section anchor="sect-8.6"> <name>Private Keys for Certificate Signing and CMP Message Protection</name> <t>A CA should not reuse its certificate signing key for other purposes, such as protecting CMP responses and TLS connections. This way, exposure to other parts of the system and the number of uses of this particularly critical key are reduced to a minimum.</t> </section> <section anchor="sect-8.7"> <name>Entropy of Random Numbers, Key Pairs, and Shared Secret Information</name> <t>Implementations must generate nonces and private keys from random input. The use of inadequate pseudorandom number generators (PRNGs) to generate cryptographic keys can result in little or no security. An attacker may find it much easier to reproduce the PRNG environment that produced the keys and to search the resulting small set of possibilities than brute-force searching the whole key space. As an example of predictable random numbers, see <xref target="CVE-2008-0166"/>; consequences of low-entropy random numbers are discussed in <xref target="MiningPsQs">Mining Your Ps and Qs</xref>. The generation of quality random numbers is difficult. <xref target="ISO.20543-2019">ISO/IEC 20543:2019</xref>, <xref target="NIST.SP.800_90Ar1">NIST SP 800-90A Rev.1</xref>, <xref target="AIS31">BSI AIS 31 V2.0</xref>, and other specifications offer valuable guidance in this area.</t> <t>If shared secret information is generated by a cryptographically secure random number generator (CSRNG), it is safe to assume that the entropy of the shared secret information equals its bit length. If no CSRNG is used, the entropy of shared secret information depends on the details of the generation process and cannot be measured securely after it has been generated. If user-generated passwords are used as shared secret information, their entropy cannot bemeasured andmeasured. Passwords generated from user generated entropy are typically insufficient for protected delivery of centrally generated keys or trust anchors.</t> <t>If the entropy of shared secret information protecting the delivery of a centrally generated key pair is known, it should not be less than the security strength of that key pair; if the shared secret information is reused for different key pairs, the security of the shared secret information should exceed the security strength of each individual key pair.</t> <t>For the case of a PKI management operation that delivers a new trust anchor (e.g., a root CAcertificate)certificate), using caPubs or genp that is (a) not concluded in a timely manner or (b) where the shared secret information is reused for several key management operations, the entropy of the shared secret information, if known, should not be less than the security strength of the trust anchor being managed by the operation. The shared secret information should have an entropy that at least matches the security strength of the key material being managed by the operation. Certain use cases may require shared secret information that may be of a low security strength, e.g., a human-generated password. It is <bcp14>RECOMMENDED</bcp14> that such secret information be limited to a single PKI management operation.</t> <t>Importantly for thissectionsection, further information about algorithm use profiles and their security strength is available inCMP Algorithms<xreftarget="RFC9481"/> Section 7.</t>section="7" target="RFC9481">CMP Algorithms</xref>.</t> </section> <section anchor="sect-8.8"> <name>Recurring Usage of KEM Keys for Message Protection</name> <t>For each PKI management operation using MAC-based message protection involvingKEM, seeKEM (see <xreftarget="sect-5.1.3.4"/>,target="sect-5.1.3.4"/>), the KEM Encapsulate() function, providing a fresh KEM ciphertext (ct) and shared secret (ss), <bcp14>MUST</bcp14> be invoked.</t> <t>It is assumed that the overall data size of the CMP messages in a PKI management operation protected by a single shared secret key is small enough not to introduce extra security risks.</t> <t>To be appropriate for use with this specification, the KEM algorithm <bcp14>MUST</bcp14> explicitly be designed to be secure when the public key is used many times. For example, a KEM algorithm with a single-use public key is not appropriate because the public key is expected to be carried in a long-lived certificate <xref target="RFC5280"/> and used over and over. Thus, KEM algorithms that offer indistinguishability under adaptive chosen ciphertext attack (IND-CCA2) security are appropriate. A common design pattern for obtaining IND-CCA2 security with public key reuse is to apply the Fujisaki-Okamoto (FO) transform <xref target="Fujisaki"/> or a variant of the FO transform <xref target="Hofheinz"/>.</t> <t>Therefore, given a long-term public key using anIND-CCA2 secureIND-CCA2-secure KEM algorithm, there is no limit to the number of CMP messages that can be authenticated using KEM keys for MAC-based message protection.</t> </section> <section anchor="sect-8.9"> <name>Trust Anchor Provisioning Using CMP Messages</name> <t>A provider of trust anchors, which may be an RA involved in configuration management of its clients, <bcp14>MUST NOT</bcp14> include to-be-trusted CA certificates in a CMP message unless the specific deployment scenario can ensure that it is adequate that the receiving EE trusts these certificates, e.g., by loading them into its trust store.</t> <t>Whenever an EE receives in a CMP message a CA certificate to be used as a trust anchor (forexampleexample, in the caPubs field of a certificate response or in a general response), it <bcp14>MUST</bcp14> properly authenticate the message sender with existing trust anchors without requiring new trust anchor information included in the message.</t> <t>Additionally, the EE <bcp14>MUST</bcp14> verify that the sender is an authorized source of trust anchors. This authorization is governed by local policy and typically indicated using shared secret information or with a signature-based message protection using a certificate issued by a PKI that is explicitly authorized for this purpose.</t> </section> <section anchor="sect-8.10"> <name>Authorizing Requests for Certificates with Specific EKUs</name> <t>When a CA issues a certificate containingextended key usageEKU extensions as defined in <xref target="sect-4.5"/>, this expresses delegation of an authorization that originally is only with the CA certificate itself. Such delegation is a very sensitive action in aPKIPKI, andthereforetherefore, special care must be taken when approving such certificate requests to ensure that only legitimate entities receive a certificate containing such an EKU.</t> </section> <section anchor="sect-8.11"> <name>Usage ofCertificate TransparencyCT Logs</name> <t>CAs that support indirect POP <bcp14>MUST NOT</bcp14> also publish final certificates toCertificate TransparencyCT logs <xref target="RFC9162"/> before having received the certConf message containing the certHash of that certificate to complete the POP. The risk is that a malicious actor could fetch the final certificate from the CT log and use that to spoof a response to the implicit POP challenge via a certConf response. This risk does not apply to CT precertificates, so those areokOK to publish.</t> <t>If a certificate or its precertificate was published in a CTloglog, it must berevoked,revoked if a required certConf message could not be verified, especially when the implicit POP was used.</t> </section> </section> <section anchor="sect-9"> <name>IANA Considerations</name> <t>This document updates the ASN.1 modulesof CMP Updates Appendix A.2in <xreftarget="RFC9480"/>.section="A.2" target="RFC9480">CMP Updates</xref>. The OIDTBD2116 (id-mod-cmp2023-02) was registered in the "SMI Security for PKIX Module Identifier" registry to identify the updated ASN.1 module.</t><t>In<t>IANA has added the following entry in theSMI-numbers registry"SMI Security for PKIX CMP InformationTypes (1.3.6.1.5.5.7.4)"Types" registry within the SMI Numbers registry group (seehttps://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.4) as defined in<eref brackets="angle" target="https://www.iana.org/assignments/smi-numbers"/>) <xreftarget="RFC7299"/> one addition has been performed.</t> <t>One new entry has been added:</t> <t>Decimal: TBD1</t> <t>Description: id-it-KemCiphertextInfo</t> <t>Reference: [RFCXXXX]</t> <t>Thetarget="RFC7299"/>: </t> <dl spacing="compact" newline="false"> <dt>Decimal:</dt><dd>24</dd> <dt>Description:</dt><dd>id-it-KemCiphertextInfo</dd> <dt>Reference:</dt><dd>RFC 9810</dd> </dl> <t> Note that the new OID 1.2.840.113533.7.66.16 was registered byEntrustEntrust, and not by IANA, for id-KemBasedMac in the arch 1.2.840.113533.7.66.Entrust registered alsoThis was done to match theOIDsprevious registrations for id-PasswordBasedMac andid-DHBasedMac there.</t>id-DHBasedMac, which are also on the Entrust private arc.</t> <t>All existing references to <xref target="RFC2510"/>, <xref target="RFC4210"/>, and <xref target="RFC9480"/> athttps://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml<eref brackets="angle" target="https://www.iana.org/assignments/smi-numbers"/> except those in the "SMI Security for PKIX Module Identifier" registryshould behave been replaced with references to this document.</t> </section><section anchor="Acknowledgements"> <name>Acknowledgements</name> <t>The authors of this document wish to thank Carlisle Adams, Stephen Farrell, Tomi Kause, and Tero Mononen, the original authors of <xref target="RFC4210"/>, for their work.</t> <t>We also thank all reviewers of this document for their valuable feedback.</t> <t>Adding KEM support to this document was partly funded by the German Federal Ministry of Education and Research in the project Quoryptan through grant number 16KIS2033.</t> </section></middle> <back> <displayreference target="I-D.ietf-lamps-kyber-certificates" to="ML-KEM"/> <references anchor="sec-combined-references"> <name>References</name> <references anchor="sec-normative-references"> <name>Normative References</name> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2985.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2986.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3629.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4211.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5280.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5480.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5646.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5652.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5958.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6402.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8933.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9045.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9481.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9629.xml"/> <referenceanchor="RFC2985"> <front> <title>PKCS #9: Selected Object Classes and Attribute Types Version 2.0</title> <author fullname="M. Nystrom" initials="M." surname="Nystrom"/> <author fullname="B. Kaliski" initials="B." surname="Kaliski"/> <date month="November" year="2000"/> <abstract> <t>This memo represents a republication of PKCS #9 v2.0 from RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, and change control is retained within the PKCS process. The body of this document, except for the security considerations section, is taken directly from that specification. This memo provides information for the Internet community.</t> </abstract> </front> <seriesInfo name="RFC" value="2985"/> <seriesInfo name="DOI" value="10.17487/RFC2985"/> </reference> <reference anchor="RFC2986"> <front> <title>PKCS #10: Certification Request Syntax Specification Version 1.7</title> <author fullname="M. Nystrom" initials="M." surname="Nystrom"/> <author fullname="B. Kaliski" initials="B." surname="Kaliski"/> <date month="November" year="2000"/> <abstract> <t>This memo represents a republication of PKCS #10 v1.7 from RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, and change control is retained within the PKCS process. The body of this document, except for the security considerations section, is taken directly from the PKCS #9 v2.0 or the PKCS #10 v1.7 document. This memo provides information for the Internet community.</t> </abstract> </front> <seriesInfo name="RFC" value="2986"/> <seriesInfo name="DOI" value="10.17487/RFC2986"/> </reference> <reference anchor="RFC3629"> <front> <title>UTF-8, a transformation format of ISO 10646</title> <author fullname="F. Yergeau" initials="F." surname="Yergeau"/> <date month="November" year="2003"/> <abstract> <t>ISO/IEC 10646-1 defines a large character set called the Universal Character Set (UCS) which encompasses most of the world's writing systems. The originally proposed encodings of the UCS, however, were not compatible with many current applications and protocols, and this has led to the development of UTF-8, the object of this memo. UTF-8 has the characteristic of preserving the full US-ASCII range, providing compatibility with file systems, parsers and other software that rely on US-ASCII values but are transparent to other values. This memo obsoletes and replaces RFC 2279.</t> </abstract> </front> <seriesInfo name="STD" value="63"/> <seriesInfo name="RFC" value="3629"/> <seriesInfo name="DOI" value="10.17487/RFC3629"/> </reference> <reference anchor="RFC4211"> <front> <title>Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)</title> <author fullname="J. Schaad" initials="J." surname="Schaad"/> <date month="September" year="2005"/> <abstract> <t>This document describes the Certificate Request Message Format (CRMF) syntax and semantics. This syntax is used to convey a request for a certificate to a Certification Authority (CA), possibly via a Registration Authority (RA), for the purposes of X.509 certificate production. The request will typically include a public key and the associated registration information. This document does not define a certificate request protocol. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="4211"/> <seriesInfo name="DOI" value="10.17487/RFC4211"/> </reference> <reference anchor="RFC5280"> <front> <title>Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</title> <author fullname="D. Cooper" initials="D." surname="Cooper"/> <author fullname="S. Santesson" initials="S." surname="Santesson"/> <author fullname="S. Farrell" initials="S." surname="Farrell"/> <author fullname="S. Boeyen" initials="S." surname="Boeyen"/> <author fullname="R. Housley" initials="R." surname="Housley"/> <author fullname="W. Polk" initials="W." surname="Polk"/> <date month="May" year="2008"/> <abstract> <t>This memo profiles the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) for use in the Internet. An overview of this approach and model is provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail along with standard and Internet-specific extensions. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="5280"/> <seriesInfo name="DOI" value="10.17487/RFC5280"/> </reference> <reference anchor="RFC5480"> <front> <title>Elliptic Curve Cryptography Subject Public Key Information</title> <author fullname="S. Turner" initials="S." surname="Turner"/> <author fullname="D. Brown" initials="D." surname="Brown"/> <author fullname="K. Yiu" initials="K." surname="Yiu"/> <author fullname="R. Housley" initials="R." surname="Housley"/> <author fullname="T. Polk" initials="T." surname="Polk"/> <date month="March" year="2009"/> <abstract> <t>This document specifies the syntax and semantics for the Subject Public Key Information field in certificates that support Elliptic Curve Cryptography. This document updates Sections 2.3.5 and 5, and the ASN.1 module of "Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3279. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="5480"/> <seriesInfo name="DOI" value="10.17487/RFC5480"/> </reference> <reference anchor="RFC5646"> <front> <title>Tags for Identifying Languages</title> <author fullname="A. Phillips" initials="A." role="editor" surname="Phillips"/> <author fullname="M. Davis" initials="M." role="editor" surname="Davis"/> <date month="September" year="2009"/> <abstract> <t>This document describes the structure, content, construction, and semantics of language tags for use in cases where it is desirable to indicate the language used in an information object. It also describes how to register values for use in language tags and the creation of user-defined extensions for private interchange. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t> </abstract> </front> <seriesInfo name="BCP" value="47"/> <seriesInfo name="RFC" value="5646"/> <seriesInfo name="DOI" value="10.17487/RFC5646"/> </reference> <reference anchor="RFC5652"> <front> <title>Cryptographic Message Syntax (CMS)</title> <author fullname="R. Housley" initials="R." surname="Housley"/> <date month="September" year="2009"/> <abstract> <t>This document describes the Cryptographic Message Syntax (CMS). This syntax is used to digitally sign, digest, authenticate, or encrypt arbitrary message content. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="STD" value="70"/> <seriesInfo name="RFC" value="5652"/> <seriesInfo name="DOI" value="10.17487/RFC5652"/> </reference> <reference anchor="RFC5958"> <front> <title>Asymmetric Key Packages</title> <author fullname="S. Turner" initials="S." surname="Turner"/> <date month="August" year="2010"/> <abstract> <t>This document defines the syntax for private-key information and a content type for it. Private-key information includes a private key for a specified public-key algorithm and a set of attributes. The Cryptographic Message Syntax (CMS), as defined in RFC 5652, can be used to digitally sign, digest, authenticate, or encrypt the asymmetric key format content type. This document obsoletes RFC 5208. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="5958"/> <seriesInfo name="DOI" value="10.17487/RFC5958"/> </reference> <reference anchor="RFC6402"> <front> <title>Certificate Management over CMS (CMC) Updates</title> <author fullname="J. Schaad" initials="J." surname="Schaad"/> <date month="November" year="2011"/> <abstract> <t>This document contains a set of updates to the base syntax for CMC, a Certificate Management protocol using the Cryptographic Message Syntax (CMS). This document updates RFC 5272, RFC 5273, and RFC 5274.</t> <t>The new items in this document are: new controls for future work in doing server side key generation, definition of a Subject Information Access value to identify CMC servers, and the registration of a port number for TCP/IP for the CMC service to run on. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="6402"/> <seriesInfo name="DOI" value="10.17487/RFC6402"/> </reference> <reference anchor="RFC8933"> <front> <title>Update to the Cryptographic Message Syntax (CMS) for Algorithm Identifier Protection</title> <author fullname="R. Housley" initials="R." surname="Housley"/> <date month="October" year="2020"/> <abstract> <t>This document updates the Cryptographic Message Syntax (CMS) specified in RFC 5652 to ensure that algorithm identifiers in signed-data and authenticated-data content types are adequately protected.</t> </abstract> </front> <seriesInfo name="RFC" value="8933"/> <seriesInfo name="DOI" value="10.17487/RFC8933"/> </reference> <reference anchor="RFC9045"> <front> <title>Algorithm Requirements Update to the Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)</title> <author fullname="R. Housley" initials="R." surname="Housley"/> <date month="June" year="2021"/> <abstract> <t>This document updates the cryptographic algorithm requirements for the Password-Based Message Authentication Code in the Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF) specified in RFC 4211.</t> </abstract> </front> <seriesInfo name="RFC" value="9045"/> <seriesInfo name="DOI" value="10.17487/RFC9045"/> </reference> <reference anchor="RFC9481"> <front> <title>Certificate Management Protocol (CMP) Algorithms</title> <author fullname="H. Brockhaus" initials="H." surname="Brockhaus"/> <author fullname="H. Aschauer" initials="H." surname="Aschauer"/> <author fullname="M. Ounsworth" initials="M." surname="Ounsworth"/> <author fullname="J. Gray" initials="J." surname="Gray"/> <date month="November" year="2023"/> <abstract> <t>This document describes the conventions for using several cryptographic algorithms with the Certificate Management Protocol (CMP). CMP is used to enroll and further manage the lifecycle of X.509 certificates. This document also updates the algorithm use profile from Appendix D.2 of RFC 4210.</t> </abstract> </front> <seriesInfo name="RFC" value="9481"/> <seriesInfo name="DOI" value="10.17487/RFC9481"/> </reference> <reference anchor="RFC9629"> <front> <title>Using Key Encapsulation Mechanism (KEM) Algorithms in the Cryptographic Message Syntax (CMS)</title> <author fullname="R. Housley" initials="R." surname="Housley"/> <author fullname="J. Gray" initials="J." surname="Gray"/> <author fullname="T. Okubo" initials="T." surname="Okubo"/> <date month="August" year="2024"/> <abstract> <t>The Cryptographic Message Syntax (CMS) supports key transport and key agreement algorithms. In recent years, cryptographers have been specifying Key Encapsulation Mechanism (KEM) algorithms, including quantum-secure KEM algorithms. This document defines conventions for the use of KEM algorithms by the originator and recipients to encrypt and decrypt CMS content. This document updates RFC 5652.</t> </abstract> </front> <seriesInfo name="RFC" value="9629"/> <seriesInfo name="DOI" value="10.17487/RFC9629"/> </reference> <reference anchor="MvOV97">anchor="MvOV97" target="https://cacr.uwaterloo.ca/hac/"> <front> <title>Handbook of Applied Cryptography</title> <author initials="A." surname="Menezes" fullname="A. Menezes"> <organization/> </author> <author initials="P." surname="van Oorschot" fullname="P. van Oorschot"> <organization/> </author> <author initials="S." surname="Vanstone" fullname="S. Vanstone"> <organization/> </author> <date year="1996"/> </front> <seriesInfo name="CRC" value="Press ISBN 0-8493-8523-7"/> </reference><reference anchor="RFC2119"> <front> <title>Key words for use in RFCs to Indicate Requirement Levels</title> <author fullname="S. Bradner" initials="S." surname="Bradner"/> <date month="March" year="1997"/> <abstract> <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t> </abstract> </front> <seriesInfo name="BCP" value="14"/> <seriesInfo name="RFC" value="2119"/> <seriesInfo name="DOI" value="10.17487/RFC2119"/> </reference> <reference anchor="RFC8174"> <front> <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title> <author fullname="B. Leiba" initials="B." surname="Leiba"/> <date month="May" year="2017"/> <abstract> <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t> </abstract> </front> <seriesInfo name="BCP" value="14"/> <seriesInfo name="RFC" value="8174"/> <seriesInfo name="DOI" value="10.17487/RFC8174"/> </reference><xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> </references> <references anchor="sec-informative-references"> <name>Informative References</name> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9480.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9482.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9483.xml"/> <!-- [I-D.ietf-lamps-rfc6712bis] I--> <referenceanchor="RFC9480"> <front> <title>Certificate Management Protocol (CMP) Updates</title> <author fullname="H. Brockhaus" initials="H." surname="Brockhaus"/> <author fullname="D. von Oheimb" initials="D." surname="von Oheimb"/> <author fullname="J. Gray" initials="J." surname="Gray"/> <date month="November" year="2023"/> <abstract> <t>This document contains a set of updates to the syntax of Certificate Management Protocol (CMP) version 2 and its HTTP transfer mechanism. This document updates RFCs 4210, 5912, and 6712.</t> <t>The aspects of CMP updated in this document are using EnvelopedData instead of EncryptedValue, clarifying the handling of p10cr messages, improving the crypto agility, as well as adding new general message types, extended key usages to identify certificates for use with CMP, and well-known URI path segments.</t> <t>CMP version 3 is introduced to enable signaling support of EnvelopedData instead of EncryptedValue and signal the use of an explicit hash AlgorithmIdentifier in certConf messages, as far as needed.</t> </abstract> </front> <seriesInfo name="RFC" value="9480"/> <seriesInfo name="DOI" value="10.17487/RFC9480"/> </reference> <reference anchor="RFC9482"> <front> <title>Constrained Application Protocol (CoAP) Transfer for the Certificate Management Protocol</title> <author fullname="M. Sahni" initials="M." role="editor" surname="Sahni"/> <author fullname="S. Tripathi" initials="S." role="editor" surname="Tripathi"/> <date month="November" year="2023"/> <abstract> <t>This document specifies the use of the Constrained Application Protocol (CoAP) as a transfer mechanism for the Certificate Management Protocol (CMP). CMP defines the interaction between various PKI entities for the purpose of certificate creation and management. CoAP is an HTTP-like client-server protocol used by various constrained devices in the Internet of Things space.</t> </abstract> </front> <seriesInfo name="RFC" value="9482"/> <seriesInfo name="DOI" value="10.17487/RFC9482"/> </reference> <reference anchor="RFC9483">anchor="RFC9811" target="https://www.rfc-editor.org/info/rfc9811"> <front><title>Lightweight Certificate Management Protocol (CMP) Profile</title> <author fullname="H. Brockhaus" initials="H." surname="Brockhaus"/> <author fullname="D. von Oheimb" initials="D." surname="von Oheimb"/> <author fullname="S. Fries" initials="S." surname="Fries"/> <date month="November" year="2023"/> <abstract> <t>This document aims at simple, interoperable, and automated PKI management operations covering typical use cases of industrial and<title> Internetof Things (IoT) scenarios. This is achieved by profiling the Certificate Management Protocol (CMP), the related Certificate Request Message Format (CRMF), and transfer based on HTTP or Constrained Application Protocol (CoAP) in a succinct but sufficiently detailed and self-contained way. To make secure certificate management for simple scenarios and constrained devices as lightweight as possible, only the most crucial types of operations and options are specified as mandatory. More specialized or complex use cases are supported with optional features.</t> </abstract> </front> <seriesInfo name="RFC" value="9483"/> <seriesInfo name="DOI" value="10.17487/RFC9483"/> </reference> <reference anchor="I-D.ietf-lamps-rfc6712bis"> <front> <title>InternetX.509 Public Key Infrastructure -- HTTP Transfer for the Certificate Management Protocol(CMP)</title>(CMP) </title> <author fullname="Hendrik Brockhaus" initials="H." surname="Brockhaus"> <organization>Siemens</organization> </author> <author fullname="David von Oheimb" initials="D." surname="von Oheimb"> <organization>Siemens</organization> </author> <author fullname="Mike Ounsworth" initials="M." surname="Ounsworth"> <organization>Entrust</organization> </author> <author fullname="John Gray" initials="J." surname="Gray"> <organization>Entrust</organization> </author> <dateday="9" month="January"month="July" year="2025"/><abstract> <t> This document describes how to layer the Certificate Management Protocol (CMP) over HTTP. It includes the updates to RFC 6712 specified in RFC 9480 Section 3. These updates introduce CMP URIs using a Well-known prefix. It obsoletes RFC 6712 and together with I-D.ietf-lamps-rfc4210bis and it also obsoletes RFC 9480. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-lamps-rfc6712bis-10"/> </reference> <reference anchor="RFC1847"> <front> <title>Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted</title> <author fullname="J. Galvin" initials="J." surname="Galvin"/> <author fullname="S. Murphy" initials="S." surname="Murphy"/> <author fullname="S. Crocker" initials="S." surname="Crocker"/> <author fullname="N. Freed" initials="N." surname="Freed"/> <date month="October" year="1995"/> <abstract> <t>This document defines a framework within which security services may be applied to MIME body parts. [STANDARDS-TRACK] This memo defines a new Simple Mail Transfer Protocol (SMTP) [1] reply code, 521, which one may use to indicate that an Internet host does not accept incoming mail. This memo defines an Experimental Protocol for the Internet community. This memo defines an extension to the SMTP service whereby an interrupted SMTP transaction can be restarted at a later time without having to repeat all of the commands and message content sent prior to the interruption. This memo defines an Experimental Protocol for the Internet community.</t> </abstract> </front> <seriesInfo name="RFC" value="1847"/> <seriesInfo name="DOI" value="10.17487/RFC1847"/> </reference> <reference anchor="RFC2510"> <front> <title>Internet X.509 Public Key Infrastructure Certificate Management Protocols</title> <author fullname="C. Adams" initials="C." surname="Adams"/> <author fullname="S. Farrell" initials="S." surname="Farrell"/> <date month="March" year="1999"/> <abstract> <t>This document describes the Internet X.509 Public Key Infrastructure (PKI) Certificate Management Protocols. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="2510"/> <seriesInfo name="DOI" value="10.17487/RFC2510"/> </reference> <reference anchor="RFC2585"> <front> <title>Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP</title> <author fullname="R. Housley" initials="R." surname="Housley"/> <author fullname="P. Hoffman" initials="P." surname="Hoffman"/> <date month="May" year="1999"/> <abstract> <t>The protocol conventions described in this document satisfy some of the operational requirements of the Internet Public Key Infrastructure (PKI). This document specifies the conventions for using the File Transfer Protocol (FTP) and the Hypertext Transfer Protocol (HTTP) to obtain certificates and certificate revocation lists (CRLs) from PKI repositories. [STANDARDS-TRACK]</t> </abstract></front> <seriesInfo name="RFC"value="2585"/> <seriesInfo name="DOI" value="10.17487/RFC2585"/>value="9811"/> </reference><reference anchor="RFC4210"> <front> <title>Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP)</title> <author fullname="C. Adams" initials="C." surname="Adams"/> <author fullname="S. Farrell" initials="S." surname="Farrell"/> <author fullname="T. Kause" initials="T." surname="Kause"/> <author fullname="T. Mononen" initials="T." surname="Mononen"/> <date month="September" year="2005"/> <abstract> <t>This document describes the Internet X.509 Public Key Infrastructure (PKI) Certificate Management Protocol (CMP). Protocol messages are defined for X.509v3 certificate creation and management. CMP provides on-line interactions between PKI components, including an exchange between a Certification Authority (CA) and a client system. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="4210"/> <seriesInfo name="DOI" value="10.17487/RFC4210"/> </reference> <reference anchor="RFC4212"> <front> <title>Alternative Certificate Formats for the Public-Key Infrastructure Using X.509 (PKIX) Certificate Management Protocols</title> <author fullname="M. Blinov" initials="M." surname="Blinov"/> <author fullname="C. Adams" initials="C." surname="Adams"/> <date month="October" year="2005"/> <abstract> <t>The Public-Key Infrastructure using X.509 (PKIX) Working Group of the Internet Engineering Task Force (IETF) has defined a number of certificate management protocols. These protocols are primarily focused on X.509v3 public-key certificates. However, it is sometimes desirable to manage certificates in alternative formats as well. This document specifies how such certificates may be requested using the Certificate Request Message Format (CRMF) syntax that is used by several different protocols. It also explains how alternative certificate formats may be incorporated into such popular protocols<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.1847.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2510.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2585.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4210.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4212.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4303.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4511.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5912.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6268.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6712.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7296.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7299.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8446.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8572.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8649.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8995.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9147.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9162.xml"/> <!-- [I-D.ietf-anima-brski-ae] Published asPKIX Certificate Management Protocol (PKIX-CMP) and Certificate Management Messages over CMS (CMC). This memo provides information for the Internet community.</t> </abstract> </front> <seriesInfo name="RFC" value="4212"/> <seriesInfo name="DOI" value="10.17487/RFC4212"/> </reference> <reference anchor="RFC4303"> <front> <title>IP Encapsulating Security Payload (ESP)</title> <author fullname="S. Kent" initials="S." surname="Kent"/> <date month="December" year="2005"/> <abstract> <t>This document describes an updated version of the Encapsulating Security Payload (ESP) protocol, which is designed to provide a mix of security services in IPv4 and IPv6. ESP is used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality. This document obsoletesRFC2406 (November 1998). [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="4303"/> <seriesInfo name="DOI" value="10.17487/RFC4303"/> </reference> <reference anchor="RFC4511"> <front> <title>Lightweight Directory Access Protocol (LDAP): The Protocol</title> <author fullname="J. Sermersheim" initials="J." role="editor" surname="Sermersheim"/> <date month="June" year="2006"/> <abstract> <t>This document describes the protocol elements, along with their semantics and encodings, of the Lightweight Directory Access Protocol (LDAP). LDAP provides access to distributed directory services that act in accordance with X.500 data and service models. These protocol elements are based9733 onthose described in the X.500 Directory Access Protocol (DAP). [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="4511"/> <seriesInfo name="DOI" value="10.17487/RFC4511"/> </reference> <reference anchor="RFC5912"> <front> <title>New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX)</title> <author fullname="P. Hoffman" initials="P." surname="Hoffman"/> <author fullname="J. Schaad" initials="J." surname="Schaad"/> <date month="June" year="2010"/> <abstract> <t>The Public Key Infrastructure using X.509 (PKIX) certificate format, and many associated formats, are expressed using ASN.1. The current ASN.1 modules conform to the 1988 version of ASN.1. This document updates those ASN.1 modules to conform to the 2002 version of ASN.1. There are no bits-on-the-wire changes to any of the formats; this is simply a change to the syntax. This document is not an Internet Standards Track specification; it is published for informational purposes.</t> </abstract> </front> <seriesInfo name="RFC" value="5912"/> <seriesInfo name="DOI" value="10.17487/RFC5912"/> </reference> <reference anchor="RFC6268"> <front> <title>Additional New ASN.1 Modules for the Cryptographic Message Syntax (CMS) and the Public Key Infrastructure Using X.509 (PKIX)</title> <author fullname="J. Schaad" initials="J." surname="Schaad"/> <author fullname="S. Turner" initials="S." surname="Turner"/> <date month="July" year="2011"/> <abstract> <t>The Cryptographic Message Syntax (CMS) format, and many associated formats, are expressed using ASN.1. The current ASN.1 modules conform to the 1988 version of ASN.1. This document updates some auxiliary ASN.1 modules to conform to the 2008 version of ASN.1; the 1988 ASN.1 modules remain the normative version. There are no bits- on-the-wire changes to any of the formats; this is simply a change to the syntax. This document is not an Internet Standards Track specification; it is published for informational purposes.</t> </abstract> </front> <seriesInfo name="RFC" value="6268"/> <seriesInfo name="DOI" value="10.17487/RFC6268"/> </reference> <reference anchor="RFC6712"> <front> <title>Internet X.509 Public Key Infrastructure -- HTTP Transfer for the Certificate Management Protocol (CMP)</title> <author fullname="T. Kause" initials="T." surname="Kause"/> <author fullname="M. Peylo" initials="M." surname="Peylo"/> <date month="September" year="2012"/> <abstract> <t>This document describes how to layer the Certificate Management Protocol (CMP) over HTTP. It is the "CMPtrans" document referenced in RFC 4210; therefore, this document updates the reference given therein. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="6712"/> <seriesInfo name="DOI" value="10.17487/RFC6712"/> </reference> <reference anchor="RFC7296"> <front> <title>Internet Key Exchange Protocol Version 2 (IKEv2)</title> <author fullname="C. Kaufman" initials="C." surname="Kaufman"/> <author fullname="P. Hoffman" initials="P." surname="Hoffman"/> <author fullname="Y. Nir" initials="Y." surname="Nir"/> <author fullname="P. Eronen" initials="P." surname="Eronen"/> <author fullname="T. Kivinen" initials="T." surname="Kivinen"/> <date month="October" year="2014"/> <abstract> <t>This document describes version 2 of the Internet Key Exchange (IKE) protocol. IKE is a component of IPsec used for performing mutual authentication and establishing and maintaining Security Associations (SAs). This document obsoletes RFC 5996, and includes all of the errata for it. It advances IKEv2 to be an Internet Standard.</t> </abstract> </front> <seriesInfo name="STD" value="79"/> <seriesInfo name="RFC" value="7296"/> <seriesInfo name="DOI" value="10.17487/RFC7296"/> </reference> <reference anchor="RFC7299"> <front> <title>Object Identifier Registry for the PKIX Working Group</title> <author fullname="R. Housley" initials="R." surname="Housley"/> <date month="July" year="2014"/> <abstract> <t>When the Public-Key Infrastructure using X.509 (PKIX) Working Group was chartered, an object identifier arc was allocated by IANA for use by that working group. This document describes the object identifiers that were assigned in that arc, returns control of that arc to IANA, and establishes IANA allocation policies for any future assignments within that arc.</t> </abstract> </front> <seriesInfo name="RFC" value="7299"/> <seriesInfo name="DOI" value="10.17487/RFC7299"/> </reference> <reference anchor="RFC8446"> <front> <title>The Transport Layer Security (TLS) Protocol Version 1.3</title> <author fullname="E. Rescorla" initials="E." surname="Rescorla"/> <date month="August" year="2018"/> <abstract> <t>This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t> <t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.</t> </abstract> </front> <seriesInfo name="RFC" value="8446"/> <seriesInfo name="DOI" value="10.17487/RFC8446"/> </reference> <reference anchor="RFC8572"> <front> <title>Secure Zero Touch Provisioning (SZTP)</title> <author fullname="K. Watsen" initials="K." surname="Watsen"/> <author fullname="I. Farrer" initials="I." surname="Farrer"/> <author fullname="M. Abrahamsson" initials="M." surname="Abrahamsson"/> <date month="April" year="2019"/> <abstract> <t>This document presents a technique to securely provision a networking device when it is booting in a factory-default state. Variations in the solution enable it to be used on both public and private networks. The provisioning steps are able to update the boot image, commit an initial configuration, and execute arbitrary scripts to address auxiliary needs. The updated device is subsequently able to establish secure connections with other systems. For instance, a device may establish NETCONF (RFC 6241) and/or RESTCONF (RFC 8040) connections with deployment-specific network management systems.</t> </abstract> </front> <seriesInfo name="RFC" value="8572"/> <seriesInfo name="DOI" value="10.17487/RFC8572"/> </reference> <reference anchor="RFC8649"> <front> <title>Hash Of Root Key Certificate Extension</title> <author fullname="R. Housley" initials="R." surname="Housley"/> <date month="August" year="2019"/> <abstract> <t>This document specifies the Hash Of Root Key certificate extension. This certificate extension is carried in the self-signed certificate for a trust anchor, which is often called a Root Certification Authority (CA) certificate. This certificate extension unambiguously identifies the next public key that will be used at some point in the future as the next Root CA certificate, eventually replacing the current one.</t> </abstract> </front> <seriesInfo name="RFC" value="8649"/> <seriesInfo name="DOI" value="10.17487/RFC8649"/> </reference> <reference anchor="RFC8995"> <front> <title>Bootstrapping Remote Secure Key Infrastructure (BRSKI)</title> <author fullname="M. Pritikin" initials="M." surname="Pritikin"/> <author fullname="M. Richardson" initials="M." surname="Richardson"/> <author fullname="T. Eckert" initials="T." surname="Eckert"/> <author fullname="M. Behringer" initials="M." surname="Behringer"/> <author fullname="K. Watsen" initials="K." surname="Watsen"/> <date month="May" year="2021"/> <abstract> <t>This document specifies automated bootstrapping of an Autonomic Control Plane. To do this, a Secure Key Infrastructure is bootstrapped. This is done using manufacturer-installed X.509 certificates, in combination with a manufacturer's authorizing service, both online and offline. We call this process the Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol. Bootstrapping a new device can occur when using a routable address and a cloud service, only link-local connectivity, or limited/disconnected networks. Support for deployment models with less stringent security requirements is included. Bootstrapping is complete when the cryptographic identity of the new key infrastructure is successfully deployed to the device. The established secure connection can be used to deploy a locally issued certificate to the device as well.</t> </abstract> </front> <seriesInfo name="RFC" value="8995"/> <seriesInfo name="DOI" value="10.17487/RFC8995"/> </reference> <reference anchor="RFC9147"> <front> <title>The Datagram Transport Layer Security (DTLS) Protocol Version 1.3</title> <author fullname="E. Rescorla" initials="E." surname="Rescorla"/> <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/> <author fullname="N. Modadugu" initials="N." surname="Modadugu"/> <date month="April" year="2022"/> <abstract> <t>This document specifies version 1.3 of the Datagram Transport Layer Security (DTLS) protocol. DTLS 1.3 allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t> <t>The DTLS 1.3 protocol is based on the Transport Layer Security (TLS) 1.3 protocol and provides equivalent security guarantees with the exception of order protection / non-replayability. Datagram semantics of the underlying transport are preserved by the DTLS protocol.</t> <t>This document obsoletes RFC 6347.</t> </abstract> </front> <seriesInfo name="RFC" value="9147"/> <seriesInfo name="DOI" value="10.17487/RFC9147"/> </reference> <reference anchor="RFC9162"> <front> <title>Certificate Transparency Version 2.0</title> <author fullname="B. Laurie" initials="B." surname="Laurie"/> <author fullname="E. Messeri" initials="E." surname="Messeri"/> <author fullname="R. Stradling" initials="R." surname="Stradling"/> <date month="December" year="2021"/> <abstract> <t>This document describes version 2.0 of the Certificate Transparency (CT) protocol for publicly logging the existence of Transport Layer Security (TLS) server certificates as they are issued or observed, in a manner that allows anyone to audit certification authority (CA) activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves. The intent is that eventually clients would refuse to honor certificates that do not appear in a log, effectively forcing CAs to add all issued certificates to the logs.</t> <t>This document obsoletes RFC 6962. It also specifies a new TLS extension that is used to send various CT log artifacts.</t> <t>Logs are network services that implement the protocol operations for submissions and queries that are defined in this document.</t> </abstract> </front> <seriesInfo name="RFC" value="9162"/> <seriesInfo name="DOI" value="10.17487/RFC9162"/> </reference> <reference anchor="I-D.ietf-anima-brski-ae"> <front> <title>BRSKI-AE: Alternative Enrollment Protocols in BRSKI</title> <author fullname="David von Oheimb" initials="D." surname="von Oheimb"> <organization>Siemens AG</organization> </author> <author fullname="Steffen Fries" initials="S." surname="Fries"> <organization>Siemens AG</organization> </author> <author fullname="Hendrik Brockhaus" initials="H." surname="Brockhaus"> <organization>Siemens AG</organization> </author> <date day="17" month="September" year="2024"/> <abstract> <t> This document defines enhancements to the Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol, known03/03/25 --> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9733.xml"/> <!-- [I-D.ietf-lamps-kyber-certificates] IESG State: I-D Exists asBRSKI-AE (Alternative Enrollment). BRSKI-AE extends BRSKI to support certificate enrollment mechanisms instead of the originally specified useofEST. It supports certificate enrollment protocols, such as CMP, that use authenticated self-contained signed objects for certification messages, allowing for flexibility in network device onboarding scenarios. The enhancements address use cases where the existing enrollment mechanism may not be feasible or optimal, providing a framework for integrating suitable alternative enrollment protocols. This document also updates the BRSKI reference architecture to accommodate these alternative methods, ensuring secure and scalable deployment across a range of network environments. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-anima-brski-ae-13"/> </reference> <reference anchor="I-D.ietf-lamps-kyber-certificates"> <front> <title>Internet X.509 Public Key Infrastructure - Algorithm Identifiers for the Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM)</title> <author fullname="Sean Turner" initials="S." surname="Turner"> <organization>sn3rd</organization> </author> <author fullname="Panos Kampanakis" initials="P." surname="Kampanakis"> <organization>AWS</organization> </author> <author fullname="Jake Massimo" initials="J." surname="Massimo"> <organization>AWS</organization> </author> <author fullname="Bas Westerbaan" initials="B." surname="Westerbaan"> <organization>Cloudflare</organization> </author> <date day="7" month="January" year="2025"/> <abstract> <t> The Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) is a quantum-resistant key-encapsulation mechanism (KEM). This document describes the conventions for using the ML-KEM in X.509 Public Key Infrastructure. The conventions for the subject public keys and private keys are also described. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-lamps-kyber-certificates-07"/> </reference>02/28/25 --> <xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-lamps-kyber-certificates.xml"/> <reference anchor="NIST.SP.800_90Ar1" target="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf"> <front> <title>Recommendation for Random Number Generation Using Deterministic Random Bit Generators</title> <author fullname="Elaine B. Barker" surname="Barker"> <organization>Information Technology Laboratory</organization> </author> <author fullname="John M. Kelsey" surname="Kelsey"> <organization>Information Technology Laboratory</organization> </author><author> <organization abbrev="NIST">National Institute of Standards and Technology</organization> <address> <postal> <country>US</country> <city>Gaithersburg</city> </postal> </address> </author><date month="June" year="2015"/> </front> <seriesInfo name="NISTSpecial Publications (General)"SP" value="800-90Ar1"/> <seriesInfo name="DOI" value="10.6028/NIST.SP.800-90Ar1"/> </reference> <reference anchor="IEEE.802.1AR-2018"> <front> <title>IEEE Standard for Local and Metropolitan Area Networks - Secure Device Identity</title> <author><organization/><organization>IEEE</organization> </author> <datemonth="July"month="August" year="2018"/> </front> <seriesInfo name="IEEE Std" value="802.1AR-2018"/> <seriesInfo name="DOI" value="10.1109/ieeestd.2018.8423794"/><seriesInfo name="ISBN" value="["9781504450195"]"/> <refcontent>IEEE</refcontent></reference> <reference anchor="CVE-2008-0166" target="https://nvd.nist.gov/vuln/detail/CVE-2008-0166"> <front> <title>National Vulnerability Database - CVE-2008-0166</title> <author> <organization>National Institute of Science and Technology (NIST)</organization> </author> <date year="2008" month="May"/> </front> </reference> <reference anchor="MiningPsQs" target="https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/heninger"> <front> <title>Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices</title><author> <organization>Security'12: Proceedings of the 21st USENIX conference on Security symposium</organization> </author><author initials="N." surname="Heninger" fullname="Nadia Heninger"> <organization>UC San Diego</organization> </author> <author initials="Z." surname="Durumeric" fullname="Zakir Durumeric"> <organization>University of Michigan</organization> </author> <author initials="E." surname="Wustrow" fullname="Eric Wustrow"> <organization>University of Michigan</organization> </author> <author initials="J. A." surname="Halderman" fullname="J. Alex Halderman"> <organization>University of Michigan</organization> </author> <date year="2012" month="August"/> </front> <refcontent>21st USENIX Security Symposium (USENIX Security 12)</refcontent> </reference> <reference anchor="X509.2019" target="https://handle.itu.int/11.1002/1000/14033"> <front> <title>Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks</title> <author><organization>International Telecommunications Union (ITU)</organization><organization>ITU-T</organization> </author> <date year="2019"month="October" day="14"/>month="October"/> </front> <seriesInfoname="ITU" value="Recommendation X.509name="ITU-T Recommendation" value="X.509 (10/2019)"/> </reference> <referenceanchor="ISO.20543-2019">anchor="ISO.20543-2019" target="https://www.iso.org/standard/68296.html"> <front> <title>Information technology -- Security techniques -- Test and analysis methods for random bit generators within ISO/IEC 19790 and ISO/IEC 15408</title> <author><organization>International Organization for Standardization (ISO)</organization><organization>ISO/IEC</organization> </author> <date year="2019" month="October"/> </front> <seriesInfoname="ISO" value="Draft Standard 20543-2019"/>name="ISO/IEC" value="20543:2019"/> </reference> <reference anchor="AIS31" target="https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_31_Functionality_classes_for_random_number_generators_e.pdf"> <front> <title>A proposal for: Functionality classes for random numbergenerators, versiongenerators - Version 2.0</title><author> <organization>Federal Office for Information Security (BSI)</organization> </author><author initials="W." surname="Killmann" fullname="Wolfgang Killmann"> <organization>T-Systems GEI GmbH</organization> </author> <author initials="W." surname="Schindler" fullname="Werner Schindler"> <organization>Federal Office for Information Security (BSI)</organization> </author> <date year="2011" month="September"/> </front> <refcontent>Federal Office for Information Security (BSI)</refcontent> </reference> <reference anchor="Gueneysu" target="https://eprint.iacr.org/2022/703"> <front> <title>Proof-of-possession for KEM certificates using verifiable generation</title> <author initials="T." surname="Gueneysu" fullname="Tim Gueneysu"> <organization/> </author> <author initials="P." surname="Hodges" fullname="Philip Hodges"> <organization/> </author> <author initials="G." surname="Land" fullname="Georg Land"> <organization/> </author> <author initials="M." surname="Ounsworth" fullname="Mike Ounsworth"> <organization/> </author> <author initials="D." surname="Stebila" fullname="Douglas Stebila"> <organization/> </author> <author initials="G." surname="Zaverucha" fullname="Greg Zaverucha"> <organization/> </author> <date year="2022"/> </front><seriesInfo name="Cryptology<refcontent>Cryptology ePrintArchive" value=""/>Archive, Paper 2022/703</refcontent> </reference> <reference anchor="Fujisaki"> <front> <title>Secure Integration of Asymmetric and Symmetric Encryption Schemes</title> <author fullname="Eiichiro Fujisaki" initials="E." surname="Fujisaki"> <organization/> </author> <author fullname="Tatsuaki Okamoto" initials="T." surname="Okamoto"> <organization/> </author> <date month="December" year="2011"/> </front><seriesInfo name="Journal<refcontent>Journal ofCryptology" value="vol.Cryptology, vol. 26, no. 1, pp.80-101"/>80-101</refcontent> <seriesInfo name="DOI" value="10.1007/s00145-011-9114-1"/><refcontent>Springer Science and Business Media LLC</refcontent></reference> <reference anchor="Hofheinz"> <front> <title>A Modular Analysis of the Fujisaki-Okamoto Transformation</title> <author fullname="Dennis Hofheinz" initials="D." surname="Hofheinz"> <organization/> </author> <author fullname="Kathrin Hövelmanns" initials="K." surname="Hövelmanns"> <organization/> </author> <author fullname="Eike Kiltz" initials="E." surname="Kiltz"> <organization/> </author> <date month="November" year="2017"/> </front><seriesInfo name="Lecture<refcontent>Theory of Cryptography (TCC 2017), Lecture Notes in ComputerScience" value="pp. 341-371"/>Science, vol. 10677, pp. 341-371</refcontent> <seriesInfo name="DOI" value="10.1007/978-3-319-70500-2_12"/><seriesInfo name="ISBN" value="["9783319704999", "9783319705002"]"/> <refcontent>Springer International Publishing</refcontent></reference> <reference anchor="ETSI-3GPP.33.310" target="http://www.3gpp.org/ftp/Specs/html-info/33310.htm"> <front> <title>Network Domain Security (NDS); Authentication Framework (AF)</title> <author> <organization>3GPP</organization> </author> <date year="2020" month="December"/> </front> <seriesInfo name="3GPP TS" value="33.310 16.6.0"/> </reference> <reference anchor="UNISIG.Subset-137" target="https://www.era.europa.eu/system/files/2023-01/sos3_index083_-_subset-137_v100.pdf"> <front> <title>ERTMS/ETCS On-line Key Management FFFIS</title> <author> <organization>UNISIG</organization> </author> <date year="2015" month="December"/> </front><seriesInfo name="Subset-137, V1.0.0" value=""/><refcontent>Subset-137, V1.0.0</refcontent> </reference> </references> </references> <?line 4061?> <section anchor="sect-a"> <name>Reasons for the Presence of RAs</name> <t>The reasons that justify the presence of an RA can be split into those that are due to technical factors and thosewhichthat are organizational in nature. Technical reasons include the following.</t> <ul spacing="normal"> <li> <t>If hardware tokens are in use, then not allend entitiesEEs will have the equipment needed to initialize these; the RA equipment can include the necessary functionality (this may also be a matter of policy).</t> </li> <li> <t>Someend entitiesEEs may not have the capability to publish certificates; again, the RA may be suitably placed for this.</t> </li> <li> <t>The RA will be able to issue signed revocation requests on behalf ofend entitiesEEs associated with it, whereas theend entityEE may not be able to do this (if the key pair is completely lost).</t> </li> </ul> <t>Some of the organizational reasons that argue for the presence of an RA are the following.</t> <ul spacing="normal"> <li> <t>It may be more cost effective to concentrate functionality in the RA equipment than to supply functionality to allend entitiesEEs (especially if special token initialization equipment is to be used).</t> </li> <li> <t>Establishing RAs within an organization can reduce the number of CAs required, which is sometimes desirable.</t> </li> <li> <t>RAs may be better placed to identify people with their "electronic" names, especially if the CA is physically remote from theend entity.</t>EE.</t> </li> <li> <t>For many applications, there will already bein placesome administrative structure in place so that candidates for the role of RA are easy to find (which may not be true of the CA).</t> </li> </ul> <t>Further reasons relevant for automated machine-to-machine certificate lifecycle management are available in the Lightweight CMP Profile <xref target="RFC9483"/>.</t> </section> <section anchor="sect-b"> <name>The Use of Revocation Passphrase</name> <t>A revocation request must incorporate suitable security mechanisms, including proper authentication, in order to reduce the probability of successful denial-of-service attacks. A digital signature or DH/KEM-based message protection on the request -- <bcp14>REQUIRED</bcp14> to support within this specification depending on the key type used if revocation requests are supported -- can provide the authentication required, but there are circumstances under which an alternative mechanism may be desirable (e.g., when the private key is no longer accessible and the entity wishes to request a revocation prior to re-certification of another key pair). In order to accommodate such circumstances, a password-basedMAC, see CMP AlgorithmsMAC (see <xreftarget="RFC9481"/> Section 6.1,section="6.1" target="RFC9481">CMP Algorithms</xref>) on the request is also <bcp14>REQUIRED</bcp14> to support within this specification (subject to local security policy for a given environment) if revocation requests are supported and if shared secret information can be established between the requester and the responder prior to the need for revocation.</t> <t>A mechanism that has seen use in some environments is "revocation passphrase", in which a value of sufficient entropy (i.e., a relatively long passphrase rather than a short password) is shared between (only) the entity and the CA/RA at some point prior to revocation; this value is later used to authenticate the revocation request.</t> <t>In this specification, the following technique to establish shared secret information (i.e., a revocation passphrase) is <bcp14>OPTIONAL</bcp14> to support. Its precise use in CMP messages is as follows.</t> <ul spacing="normal"> <li> <t>The OID and value specified in <xref target="sect-5.3.19.9"/> <bcp14>MAY</bcp14> be sent in a GenMsg message at any time or <bcp14>MAY</bcp14> be sent in the generalInfo field of the PKIHeader of any PKIMessage at any time. (In particular, the EncryptedKey structure as described in <xref target="sect-5.2.2"/> may be sent in the header of the certConf message that confirms acceptance of certificates requested in an initialization request or certificate request message.) This conveys a revocation passphrase chosen by the entity to the relevant CA/RA. When EnvelopedData is used, this is in the decrypted bytes of the encryptedContent field. When EncryptedValue is used, this is in the decrypted bytes of the encValue field. Furthermore, the transfer is accomplished with appropriate confidentiality characteristics.</t> </li> <li> <t>If a CA/RA receives the revocation passphrase (OID and value specified in <xref target="sect-5.3.19.9"/>) in a GenMsg, it <bcp14>MUST</bcp14> construct and send a GenRep message that includes the OID (with absent value) specified in <xref target="sect-5.3.19.9"/>. If the CA/RA receives the revocation passphrase in the generalInfo field of a PKIHeader of any PKIMessage, it <bcp14>MUST</bcp14> include the OID (with absent value) in the generalInfo field of the PKIHeader of the corresponding response PKIMessage. If the CA/RA is unable to return the appropriate response message for any reason, it <bcp14>MUST</bcp14> send an error message with a status of "rejection" and, optionally, a failInfo reason set.</t> </li> <li> <t>Either the localKeyId attribute of EnvelopedData as specified in <xref target="RFC2985"/> or the valueHint field of EncryptedValue <bcp14>MAY</bcp14> contain a key identifier (chosen by the entity, along with the passphrase itself) to assist in later retrieval of the correct passphrase (e.g., when the revocation request is constructed by theend entityEE and received by the CA/RA).</t> </li> <li> <t>The revocation request message is protected by a password-basedMAC, see CMP AlgorithmsMAC (see <xreftarget="RFC9481"/> Section 6.1,section="6.1" target="RFC9481">"CMP Algorithms"</xref>) with the revocation passphrase as the key. If appropriate, the senderKID field in the PKIHeader <bcp14>MAY</bcp14> contain the value previously transmitted in localKeyId or valueHint.</t> </li> </ul> <t>Note: For a message transferring a revocation passphrase indicating cmp2021(3) in the pvno field of the PKIHeader, the encrypted passphrase <bcp14>MUST</bcp14> be transferred in the envelopedData choice of EncryptedKey as defined inSection 5.2.2.<xref target="sect-5.2.2"/>. When using cmp2000(2) in the message header for backward compatibility, the encryptedValue is used. This allows the necessary conveyance and protection of the passphrase while maintaining bits-on-the-wire compatibility with <xref target="RFC4210"/>. TheencryaptedValueencryptedValue choice has been deprecated in favor of encryptedData.</t> <t>Using the technique specified above, the revocation passphrase may be initially established and updated at any time without requiring extra messages or out-of-band exchanges. For example, the revocation request message itself (protected and authenticated through a MAC that uses the revocation passphrase as a key) may contain, in the PKIHeader, a new revocation passphrase to be used for authenticating future revocation requests for any of the entity's other certificates. In someenvironmentsenvironments, this may be preferable to mechanisms that reveal the passphrase in the revocation request message, since this can allow a denial-of-service attack in which the revealed passphrase is used by an unauthorized third party to authenticate revocation requests on the entity's other certificates. However, because the passphrase is not revealed in the request message, there is no requirement that the passphrase must always be updated when a revocation request is made (that is, the same passphrase <bcp14>MAY</bcp14> be used by an entity to authenticate revocation requests for different certificates at different times).</t> <t>Furthermore, the above technique can provide strong cryptographic protection over the entire revocation request message even when a digital signature is not used. Techniques that do authentication of the revocation request by simply revealing the revocation passphrase typically do not provide cryptographic protection over the fields of the request message (so that a request for revocation of one certificate may be modified by an unauthorized third party to a request for revocation of another certificate for that entity).</t> </section> <section anchor="sect-c"> <name>PKI Management Message Profiles(REQUIRED)</name>(<bcp14>REQUIRED</bcp14>)</name> <t>This appendix contains detailed profiles for those PKIMessages that <bcp14>MUST</bcp14> be supported by conforming implementations (see <xref target="sect-6"/>).</t> <t>Note: Appendices <xreftarget="sect-c"/>target="sect-c" format="counter"/> and <xref format="counter" target="sect-d"/> focus on PKI management operations managing certificates for humanend entities.EEs. In contrast, the Lightweight CMP Profile <xref target="RFC9483"/> focuses on typical use cases of industrial and IoT scenarios supporting highly automated certificate lifecycle management scenarios.</t> <t>Profiles for the PKIMessages used in the following PKI management operations are provided:</t> <ul spacing="normal"> <li> <t>initial registration/certification</t> </li> <li> <t>basic authenticated scheme</t> </li> <li> <t>certificate request</t> </li> <li> <t>key update</t> </li> </ul> <section anchor="sect-c.1"> <name>General Rules for Interpretation of These Profiles</name> <ol spacing="normal" type="1"><li> <t>Where <bcp14>OPTIONAL</bcp14> or DEFAULT fields are not mentioned in individual profiles, they <bcp14>SHOULD</bcp14> be absent from the relevant message (i.e., a receiver can validly reject a message containing such fields as being syntactically incorrect). Mandatory fields are not mentioned if they have an obvious value. The pvno <bcp14>MUST</bcp14> be set as specified in <xref target="sect-7"/>).</t> </li> <li> <t>Where structures occur in more than one message, they are separately profiled as appropriate.</t> </li> <li> <t>The algorithmIdentifiers from PKIMessage structures are profiled separately.</t> </li> <li> <t>A "special" X.500 DN is called the "NULL-DN"; this means a DN containing a zero-length SEQUENCE OF RelativeDistinguishedNames (its DER encoding is then '3000'H).</t> </li> <li> <t>Where a GeneralName is required for a field, but no suitable value is available (e.g., anend entityEE produces a request before knowing its name), then the GeneralName is to be an X.500 NULL-DN (i.e., the Name field of the CHOICE is to contain a NULL-DN).</t> </li> <li> <t>Where a profile omits to specify the value for a GeneralName, then the NULL-DN value is to be present in the relevant PKIMessage field. This occurs with the sender field of the PKIHeader for some messages.</t> </li> <li> <t>Where any ambiguity arises due to naming of fields, the profile names these using a "dot" notation (e.g., "certTemplate.subject" means the subject field within a field called certTemplate).</t> </li> <li> <t>Where a "SEQUENCE OF types" is part of a message, a zero-based array notation is used to describe fields within the SEQUENCE OF (e.g., crm[0].certReq.certTemplate.subject refers to a subfield of the first CertReqMsg contained in a request message).</t> </li> <li> <t>All PKI message exchanges in Appendices <xreftarget="sect-c.4"/>target="sect-c.4" format="counter"/> to <xref format="counter" target="sect-c.6"/> require a certConf message to be sent by the initiating entity and aPKIConfirmpkiconf message to be sent by the responding entity. ThePKIConfirmpkiconf is not included in some of the profiles given since its body is NULL and its header contents are clear from the context. Any authenticated means can be used for the protectionAlg (e.g., password-based MAC, if shared secret information is known, or signature).</t> </li> </ol> </section> <section anchor="sect-c.2"> <name>Algorithm Use Profile</name> <t>For specifications of algorithm identifiers and respective conventions for conforming implementations, please refer toSection 7.1 of CMP Algorithms<xreftarget="RFC9481"/>.</t>section="7.1" target="RFC9481">CMP Algorithms</xref>.</t> </section> <section anchor="sect-c.3"><name>Proof-of-Possession<name>POP Profile</name><t>POP<t>The table below describes the POP fields for use (in signature field of pop field of ProofOfPossession structure) when proving possession of a private signing key that corresponds to a public verification key for which a certificate has been requested.</t> <table> <thead> <tr> <th align="left">Field</th> <th align="left">Value</th> <th align="left">Comment</th> </tr> </thead> <tbody> <tr> <td align="left">algorithmIdentifier</td> <td align="left">MSG_SIG_ALG</td> <td align="left">only signature protection is allowed for this proof</td> </tr> <tr> <td align="left">signature</td> <td align="left">present</td> <td align="left">bits calculated using MSG_SIG_ALG</td> </tr> </tbody> </table> <t>Note: For examples of MSG_SIG_ALGOIDsOIDs, seeCMP Algorithms Section 3<xreftarget="RFC9481"/>.</t> <t>Proof-of-possessionsection="3" target="RFC9481">CMP Algorithms</xref>.</t> <t>POP of a private decryption key that corresponds to a public encryption key for which a certificate has been requested does not use this profile; the CertHash field of the certConf message is used instead.</t> <t>Not every CA/RA will doProof-of-PossessionPOP (of signing key, decryption key, or key agreement key) in the PKIX-CMP in-band certification request protocol (how POP is done <bcp14>MAY</bcp14> ultimately be a policy issue that is made explicit for any given CA in its publicized Policy OID and Certification Practice Statement). However, this specification mandates that CA/RA entities <bcp14>MUST</bcp14> do POP (by some means) as part of the certification process. Allend entitiesEEs <bcp14>MUST</bcp14> be prepared to provide POP (i.e., these components of the PKIX-CMP protocol <bcp14>MUST</bcp14> be supported).</t> </section> <section anchor="sect-c.4"> <name>Initial Registration/Certification (Basic Authenticated Scheme)</name> <t>An (uninitialized)end entityEE requests a (first) certificate from a CA. When the CA responds with a message containing a certificate, theend entityEE replies with a certificate confirmation. The CA sends aPKIConfirmpkiconf message back, closing the transaction. All messages are authenticated.</t> <t>This scheme allows theend entityEE to request certification of alocally-generatedlocally generated public key (typically a signature key). Theend entityEE <bcp14>MAY</bcp14> also choose to request the centralized generation and certification of another key pair (typically an encryption key pair).</t> <t>Certification may only be requested for one locally generated public key (for more, use separate PKIMessages).</t> <t>Theend entityEE <bcp14>MUST</bcp14> supportproof-of-possessionPOP of the private key associated with thelocally-generatedlocally generated public key.</t> <t>Preconditions:</t> <ol spacing="normal" type="1"><li> <t>Theend entityEE can authenticate the CA's signature based on out-of-bandmeans</t>means.</t> </li> <li> <t>Theend entityEE and the CA share a symmetric MACingkey</t>key.</t> </li> </ol> <t>Messageflow:</t>Flow:</t> <artset> <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="256" width="560" viewBox="0 0 560 256" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 8,48 L 552,48" fill="none" stroke="black"/> <path d="M 200,80 L 216,80" fill="none" stroke="black"/> <path d="M 312,80 L 328,80" fill="none" stroke="black"/> <path d="M 200,128 L 216,128" fill="none" stroke="black"/> <path d="M 312,128 L 328,128" fill="none" stroke="black"/> <path d="M 200,176 L 216,176" fill="none" stroke="black"/> <path d="M 312,176 L 328,176" fill="none" stroke="black"/> <path d="M 200,224 L 216,224" fill="none" stroke="black"/> <path d="M 312,224 L 328,224" fill="none" stroke="black"/> <polygon class="arrowhead" points="336,176 324,170.4 324,181.6" fill="black" transform="rotate(0,328,176)"/> <polygon class="arrowhead" points="336,80 324,74.4 324,85.6" fill="black" transform="rotate(0,328,80)"/> <polygon class="arrowhead" points="320,224 308,218.4 308,229.6" fill="black" transform="rotate(180,312,224)"/> <polygon class="arrowhead" points="320,128 308,122.4 308,133.6" fill="black" transform="rotate(180,312,128)"/> <polygon class="arrowhead" points="224,176 212,170.4 212,181.6" fill="black" transform="rotate(0,216,176)"/> <polygon class="arrowhead" points="224,80 212,74.4 212,85.6" fill="black" transform="rotate(0,216,80)"/> <polygon class="arrowhead" points="208,224 196,218.4 196,229.6" fill="black" transform="rotate(180,200,224)"/> <polygon class="arrowhead" points="208,128 196,122.4 196,133.6" fill="black" transform="rotate(180,200,128)"/> <g class="text"> <text x="24" y="36">Step#</text> <text x="64" y="36">End</text> <text x="108" y="36">entity</text> <text x="360" y="36">PKI</text> <text x="24" y="68">1</text> <text x="76" y="68">format</text> <text x="116" y="68">ir</text> <text x="24" y="84">2</text> <text x="252" y="84">ir</text> <text x="24" y="100">3</text> <text x="372" y="100">handle</text> <text x="412" y="100">ir</text> <text x="24" y="116">4</text> <text x="372" y="116">format</text> <text x="412" y="116">ip</text> <text x="24" y="132">5</text> <text x="252" y="132">ip</text> <text x="24" y="148">6</text> <text x="76" y="148">handle</text> <text x="116" y="148">ip</text> <text x="24" y="164">7</text> <text x="76" y="164">format</text> <text x="140" y="164">certConf</text> <text x="24" y="180">8</text> <text x="268" y="180">certConf</text> <text x="24" y="196">9</text> <text x="372" y="196">handle</text> <text x="436" y="196">certConf</text> <text x="20" y="212">10</text> <text x="372" y="212">format</text> <text x="432"y="212">PKIConf</text>y="212">pkiconf</text> <text x="20" y="228">11</text> <text x="264"y="228">PKIConf</text>y="228">pkiconf</text> <text x="20" y="244">12</text> <text x="76" y="244">handle</text> <text x="136"y="244">PKIConf</text>y="244">pkiconf</text> </g> </svg> </artwork> <artwork type="ascii-art"><![CDATA[ Step# End entity PKI --------------------------------------------------------------------- 1 format ir 2 --> ir --> 3 handle ir 4 format ip 5 <-- ip <-- 6 handle ip 7 format certConf 8 --> certConf --> 9 handle certConf 10 formatPKIConfpkiconf 11 <--PKIConfpkiconf <-- 12 handlePKIConfpkiconf ]]></artwork> </artset> <t>For this profile, we mandate that theend entityEE <bcp14>MUST</bcp14> include all (i.e., one or two) CertReqMsg in a singlePKIMessage,PKIMessage and that the PKI (CA) <bcp14>MUST</bcp14> produce a single response PKIMessage that contains the complete response (i.e., including the <bcp14>OPTIONAL</bcp14> second key pair, if it was requested and if centralized key generation is supported). For simplicity, we also mandate that this message <bcp14>MUST</bcp14> be the final one (i.e., no use of "waiting" status value).</t> <t>Theend entityEE has an out-of-band interaction with the CA/RA. This transaction established the shared secret, thereferenceNumberreferenceNumber, andOPTIONALLYoptionally thedistinguished nameDN used for both the sender and subject name in the certificate template. See <xref target="sect-8.7"/> for security considerations on quality of shared secret information.</t> <t>Initialization Request -- ir</t> <artwork><![CDATA[ Field Value recipient CA name -- the name of the CA who is being asked to produce a certificate protectionAlg MSG_MAC_ALG -- only MAC protection is allowed for this request, based -- on initial authentication key senderKID referenceNum -- the reference numberwhichthat the CA has previously issued -- to theend entityEE (together with the MACing key) transactionID present -- implementation-specific value, meaningful to end -- entity. -- [If already in use at the CA, then a rejection message MUST -- be produced by the CA] senderNonce present -- 128 (pseudo-)random bits freeText any valid value body ir (CertReqMessages) only one or two CertReqMsg are allowed -- if more certificates are required, requests MUST be -- packaged in separate PKIMessages CertReqMsg one or two present -- see below for details, note: crm[0] means the first -- (which MUST be present), crm[1] means the second (which -- is OPTIONAL, and used to ask for acentrally-generatedcentrally generated key) crm[0].certReq. fixed value of zero certReqId -- this is the index of the template within the message crm[0].certReq present certTemplate -- MUST include subject public key value, otherwise unconstrained crm[0].pop... optionally present if public key POPOSigningKey from crm[0].certReq.certTemplate is a signing key --proof-of-possessionPOP MAY be required in this exchange -- (see Appendix D.3 for details) crm[0].certReq. optionally present controls.archiveOptions -- theend entityEE MAY request that thelocally-generatedlocally generated -- private key be archived crm[0].certReq. optionally present controls.publicationInfo -- theend entityEE MAY ask for publication of resulting cert. crm[1].certReq fixed value of one certReqId -- the index of the template within the message crm[1].certReq present certTemplate -- MUST NOT include actual public key bits, otherwise -- unconstrained (e.g., the names need not be the same as in -- crm[0]). Note that subjectPublicKeyInfo MAY be present -- and contain an AlgorithmIdentifier followed by a -- zero-length BIT STRING for the subjectPublicKey if it is -- desired to inform the CA/RA of algorithm and parameter -- preferences regarding the to-be-generated key pair. crm[1].certReq. present [object identifier MUST be PROT_ENC_ALG] controls.protocolEncrKey -- if centralized key generation is supported by this CA, -- this short-term asymmetric encryption key (generated by -- theend entity)EE) will be used by the CA to encrypt (a -- symmetric key used to encrypt) a private key generated by -- the CA on behalf of theend entityEE crm[1].certReq. optionally present controls.archiveOptions crm[1].certReq. optionally present controls.publicationInfo protection present -- bits calculated using MSG_MAC_ALG ]]></artwork> <t>Initialization Response -- ip</t> <artwork><![CDATA[ Field Value sender CA name -- the name of the CA who produced the message messageTime present -- time at which CA produced message protectionAlg MSG_MAC_ALG -- only MAC protection is allowed for this response senderKID referenceNum -- the reference number that the CA has previously issued to the --end entityEE (together with the MACing key) transactionID present -- value from corresponding ir message senderNonce present -- 128 (pseudo-)random bits recipNonce present -- value from senderNonce in corresponding ir message freeText any valid value body ip (CertRepMessage) contains exactly one response for each request -- The PKI (CA) responds to either one or two requests as -- appropriate. crc[0] denotes the first (always present); -- crc[1] denotes the second (only present if the ir message -- contained two requests and if the CA supports centralized -- key generation). crc[0]. fixed value of zero certReqId -- MUST contain the response to the first request in the -- corresponding ir message crc[0].status. present, positive values allowed: status "accepted", "grantedWithMods" negative values allowed: "rejection" crc[0].status. present if and only if failInfo crc[0].status.status is "rejection" crc[0]. present if and only if certifiedKeyPair crc[0].status.status is "accepted" or "grantedWithMods" certificate present unless end entity's public key is an encryption key and POP is done in this in-band exchange encryptedCert present if and only if end entity's public key is an encryption key and POP done in this in-band exchange publicationInfo optionally present -- indicates where certificate has been published (present -- at discretion of CA) crc[1]. fixed value of one certReqId -- MUST contain the response to the second request in the -- corresponding ir message crc[1].status. present, positive values allowed: status "accepted", "grantedWithMods" negative values allowed: "rejection" crc[1].status. present if and only if failInfo crc[0].status.status is "rejection" crc[1]. present if and only if certifiedKeyPair crc[0].status.status is "accepted" or "grantedWithMods" certificate present privateKey present -- Use EnvelopedData; if backward compatibility is required, -- use EncryptedValue, see Section 5.2.2 publicationInfo optionally present -- indicates where certificate has been published (present -- at discretion of CA) protection present -- bits calculated using MSG_MAC_ALG extraCerts optionally present -- the CA MAY provide additional certificates to the end -- entity ]]></artwork> <t>Certificate confirm -- certConf</t> <artwork><![CDATA[ Field Value sender present -- same as in ir recipient CA name -- the name of the CA who was asked to produce a certificate transactionID present -- value from corresponding ir and ip messages senderNonce present -- 128(pseudo-) random(pseudo-)random bits recipNonce present -- value from senderNonce in corresponding ip message protectionAlg MSG_MAC_ALG -- only MAC protection is allowed for this message. The -- MAC is based on the initial authentication key shared -- between the EE and the CA. senderKID referenceNum -- the reference numberwhichthat the CA has previously issued -- to theend entityEE (together with the MACing key) body certConf -- see Section 5.3.18, "PKI Confirmation Content", for the -- contents of the certConf fields. -- Note: two CertStatus structures are required if both an -- encryption and a signing certificate were sent. protection present -- bits calculated using MSG_MAC_ALG ]]></artwork> <t>Confirmation --PKIConf</t>pkiconf</t> <artwork><![CDATA[ Field Value sender present -- same as in ip recipient present -- sender name from certConf transactionID present -- value from certConf message senderNonce present -- 128(pseudo-) random(pseudo-)random bits recipNonce present -- value from senderNonce from certConf message protectionAlg MSG_MAC_ALG -- only MAC protection is allowed for this message. senderKID referenceNum bodyPKIConfpkiconf protection present -- bits calculated using MSG_MAC_ALG ]]></artwork> </section> <section anchor="sect-c.5"> <name>Certificate Request</name> <t>An (initialized)end entityEE requests a certificate from a CA (for any reason). When the CA responds with a message containing a certificate, theend entityEE replies with a certificate confirmation. The CA replies with aPKIConfirm,pkiconf message to close the transaction. All messages are authenticated.</t> <t>The profile for this exchange is identical to that given in <xref target="sect-c.4"/>, with the following exceptions:</t> <ul spacing="normal"> <li> <t>sender name <bcp14>SHOULD</bcp14> bepresent</t>present;</t> </li> <li> <t>protectionAlg of MSG_SIG_ALG <bcp14>MUST</bcp14> be supported (MSG_MAC_ALG <bcp14>MAY</bcp14> also be supported) in request, response,certConfirm,certConf, andPKIConfirmpkiconf messages;</t> </li> <li> <t>senderKID and recipKID are only present if required for message verification;</t> </li> <li> <t>body is cr or cp;</t> </li> <li> <t>body may contain one or two CertReqMsg structures, but either CertReqMsg may be used to request certification of alocally-generatedlocally generated public key or acentrally-generatedcentrally generated public key (i.e., the position-dependence requirement of <xref target="sect-c.4"/> isremoved);</t>removed); and</t> </li> <li> <t>protection bits are calculated according to the protectionAlg field.</t> </li> </ul> </section> <section anchor="sect-c.6"> <name>Key Update Request</name> <t>An (initialized)end entityEE requests a certificate from a CA (to update the key pair and/or corresponding certificate that it already possesses). When the CA responds with a message containing a certificate, theend entityEE replies with a certificate confirmation. The CA replies with aPKIConfirm,PKIConfirm to close the transaction. All messages are authenticated.</t> <t>The profile for this exchange is identical to that given in <xref target="sect-c.4"/>, with the following exceptions:</t><ol spacing="normal" type="1"><li><ul spacing="normal"><li> <t>sender name <bcp14>SHOULD</bcp14> bepresent</t>present;</t> </li> <li> <t>protectionAlg of MSG_SIG_ALG <bcp14>MUST</bcp14> be supported (MSG_MAC_ALG <bcp14>MAY</bcp14> also be supported) in request, response, certConfirm, and PKIConfirm messages;</t> </li> <li> <t>senderKID and recipKID are only present if required for message verification;</t> </li> <li> <t>body is kur or kup;</t> </li> <li> <t>body may contain one or two CertReqMsg structures, but either CertReqMsg may be used to request certification of alocally-generatedlocally generated public key or acentrally-generatedcentrally generated public key (i.e.,the position-dependence requirement of <xref target="sect-c.4"/> is removed);</t> </li> <li> <t>protection bits are calculated according to the protectionAlgfield;</t>field; and</t> </li> <li> <t>regCtrl OldCertId <bcp14>SHOULD</bcp14> be used (unless it is clear to both the sender and receiver -- by means not specified in this document -- that it is not needed).</t> </li></ol></ul> </section> </section> <section anchor="sect-d"> <name>PKI Management Message Profiles(OPTIONAL)</name>(<bcp14>OPTIONAL</bcp14>)</name> <t>This appendix contains detailed profiles for those PKIMessages that <bcp14>MAY</bcp14> be supported by implementations.</t> <t>Profiles for the PKIMessages used in the following PKI management operations are provided:</t> <ul spacing="normal"> <li> <t>root CA key update</t> </li> <li> <t>information request/response</t> </li> <li> <t>cross-certification request/response (1-way)</t> </li> <li> <t>in-band initialization using external identity certificate</t> </li> </ul><t>Later<t>Future versions of this document may extend the above to include profiles for the operations listed below (along with other operations, if desired).</t> <ul spacing="normal"> <li> <t>revocation request</t> </li> <li> <t>certificate publication</t> </li> <li> <t>CRL publication</t> </li> </ul> <section anchor="sect-d.1"> <name>General Rules for Interpretation of TheseProfiles.</name>Profiles</name> <t>Identical to <xref target="sect-c.1"/>.</t> </section> <section anchor="sect-d.2"> <name>Algorithm Use Profile</name> <t>Identical to <xref target="sect-c.2"/>.</t> </section> <section anchor="sect-d.3"> <name>Self-Signed Certificates</name><t>Profile<t> The table below is a profile of how a certificate structure may be "self-signed". These structures are used for distribution of new root CA public keys. This can occur in one of three ways (see <xref target="sect-4.4"/> above for a description of the use of these structures):</t> <table> <thead> <tr> <th align="left">Type</th> <th align="left">Function</th> </tr> </thead> <tbody> <tr> <td align="left">newWithNew</td> <td align="left">a "self-signed" certificate; the contained public key <bcp14>MUST</bcp14> be usable to verify the signature (though this provides only integrity and no authentication whatsoever)</td> </tr> <tr> <td align="left">oldWithNew</td> <td align="left">previous root CA public key signed with new private key</td> </tr> <tr> <td align="left">newWithOld</td> <td align="left">new root CA public key signed with previous private key</td> </tr> </tbody> </table> <t>A newWithNew certificate (including relevant extensions) must contain "sensible" values for all fields. For example, when present, subjectAltName <bcp14>MUST</bcp14> be identical to issuerAltName, and, when present, keyIdentifiers must contain appropriate values, et cetera.</t> </section> <section anchor="sect-d.4"> <name>Root CA Key Update</name> <t>A root CA updates its key pair. It then produces a CA key update announcement message that can be made available (via some transport mechanism) to the relevantend entities.EEs. A confirmation message is not required from theend entities.</t>EEs.</t> <t>ckuann message:</t> <table> <thead> <tr> <th align="left">Field</th> <th align="left">Value</th> <th align="left">Comment</th> </tr> </thead> <tbody> <tr> <td align="left">sender</td> <td align="left">CA name CA name</td> <tdalign="left"> </td>align="left"> </td> </tr> <tr> <td align="left">body</td> <td align="left">ckuann(RootCaKeyUpdateContent)</td> <tdalign="left"> </td>align="left"> </td> </tr> <tr> <td align="left">newWithNew</td> <td align="left">optionally present</td> <td align="left">see <xref target="sect-d.3"/> above</td> </tr> <tr> <td align="left">newWithOld</td> <td align="left">optionally present</td> <td align="left">see <xref target="sect-d.3"/> above</td> </tr> <tr> <td align="left">oldWithNew</td> <td align="left">optionally present</td> <td align="left">see <xref target="sect-d.3"/> above</td> </tr> <tr> <td align="left">extraCerts</td> <td align="left">optionally present</td> <td align="left">can be used to "publish" certificates (e.g., certificates signed using the new private key)</td> </tr> </tbody> </table> </section> <section anchor="sect-d.5"> <name>PKI Information Request/Response</name> <t>Theend entityEE sends a general message to the PKI requesting details that will be required for later PKI management operations. The RA/CA responds with a general response. If an RA generates the response, then it will simply forward the equivalent message that it previously received from the CA, with the possible addition of certificates to the extraCerts fields of the PKIMessage. A confirmation message is not required from theend entity.</t>EE.</t> <t>Message Flows:</t> <artset> <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="160" width="560" viewBox="0 0 560 160" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 8,48 L 552,48" fill="none" stroke="black"/> <path d="M 160,80 L 176,80" fill="none" stroke="black"/> <path d="M 264,80 L 280,80" fill="none" stroke="black"/> <path d="M 160,128 L 176,128" fill="none" stroke="black"/> <path d="M 264,128 L 280,128" fill="none" stroke="black"/> <polygon class="arrowhead" points="288,80 276,74.4 276,85.6" fill="black" transform="rotate(0,280,80)"/> <polygon class="arrowhead" points="272,128 260,122.4 260,133.6" fill="black" transform="rotate(180,264,128)"/> <polygon class="arrowhead" points="184,80 172,74.4 172,85.6" fill="black" transform="rotate(0,176,80)"/> <polygon class="arrowhead" points="168,128 156,122.4 156,133.6" fill="black" transform="rotate(180,160,128)"/> <g class="text"> <text x="24" y="36">Step#</text> <text x="64" y="36">End</text> <text x="108" y="36">entity</text> <text x="336" y="36">PKI</text> <text x="24" y="68">1</text> <text x="76" y="68">format</text> <text x="124" y="68">genm</text> <text x="24" y="84">2</text> <text x="220" y="84">genm</text> <text x="24" y="100">3</text> <text x="348" y="100">handle</text> <text x="396" y="100">genm</text> <text x="24" y="116">4</text> <text x="352" y="116">produce</text> <text x="404" y="116">genp</text> <text x="24" y="132">5</text> <text x="220" y="132">genp</text> <text x="24" y="148">6</text> <text x="76" y="148">handle</text> <text x="124" y="148">genp</text> </g> </svg> </artwork> <artwork type="ascii-art"><![CDATA[ Step# End entity PKI --------------------------------------------------------------------- 1 format genm 2 --> genm --> 3 handle genm 4 produce genp 5 <-- genp <-- 6 handle genp ]]></artwork> </artset> <t>genM:</t> <artwork><![CDATA[ Field Value recipient CA name -- the name of the CA as contained in issuerAltName -- extensions or issuer fields within certificates protectionAlg MSG_MAC_ALG or MSG_SIG_ALG -- any authenticated protection alg. SenderKID present if required -- must be present if required for verification of message -- protection freeText any valid value body genr (GenReqContent) GenMsgContent empty SEQUENCE -- all relevant information requested protection present -- bits calculated using MSG_MAC_ALG or MSG_SIG_ALG ]]></artwork> <t>genP:</t> <artwork><![CDATA[ Field Value sender CA name -- name of the CAwhichthat produced the message protectionAlg MSG_MAC_ALG or MSG_SIG_ALG -- any authenticated protection alg. senderKID present if required -- must be present if required for verification of message -- protection body genp (GenRepContent) CAProtEncCert present (object identifier one of PROT_ENC_ALG), with relevant value -- to be used ifend entityEE needs to encrypt information for -- the CA (e.g., private key for recovery purposes) SignKeyPairTypes present, with relevant value -- the set of signature algorithm identifiers that this CA will -- certify for subject public keys EncKeyPairTypes present, with relevant value -- the set ofencryption/keyencryption / key agreement algorithm identifiers that -- this CA will certify for subject public keys PreferredSymmAlg present (object identifier one of PROT_SYM_ALG) , with relevant value -- the symmetric algorithm that this CA expects to be used -- in later PKI messages (for encryption) RootCaKeyUpdate optionally present, with relevant value -- Use RootCaKeyUpdate; if backward compatibility with cmp2000 is -- required, use CAKeyUpdateInfo. -- The CA MAY provide information about a relevant root CA -- key pair using this field (note that this does not imply -- that the responding CA is the root CA in question) CurrentCRL optionally present, with relevant value -- the CA MAY provide a copy of a complete CRL (i.e., -- fullest possible one) protection present -- bits calculated using MSG_MAC_ALG or MSG_SIG_ALG extraCerts optionally present -- can be used to send some certificates to the end -- entity. An RA MAY add its certificate here. ]]></artwork> </section> <section anchor="sect-d.6"><name>Cross Certification<name>Cross-Certification Request/Response (1-way)</name><t>Creation<t> This section describes the creation of a single cross-certificate (i.e., not two at once). The requesting CA <bcp14>MAY</bcp14> choose who is responsible for publication of the cross-certificate created by the responding CA through use of the PKIPublicationInfo control.</t> <t>Preconditions:</t> <ol spacing="normal" type="1"><li> <t>Responding CA can verify the origin of the request (possibly requiring out-of-band means) before processing the request.</t> </li> <li> <t>Requesting CA can authenticate the authenticity of the origin of the response (possibly requiring out-of-band means) before processing theresponse</t>response.</t> </li> </ol> <t>The use of certificate confirmation and the corresponding server confirmation is determined by the generalInfo field in the PKIHeader (see <xref target="sect-5.1.1"/>). The following profile does not mandate support for either confirmation.</t> <t>Message Flows:</t> <artset> <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="160" width="560" viewBox="0 0 560 160" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 8,48 L 552,48" fill="none" stroke="black"/> <path d="M 176,80 L 192,80" fill="none" stroke="black"/> <path d="M 288,80 L 304,80" fill="none" stroke="black"/> <path d="M 176,128 L 192,128" fill="none" stroke="black"/> <path d="M 288,128 L 304,128" fill="none" stroke="black"/> <polygon class="arrowhead" points="312,80 300,74.4 300,85.6" fill="black" transform="rotate(0,304,80)"/> <polygon class="arrowhead" points="296,128 284,122.4 284,133.6" fill="black" transform="rotate(180,288,128)"/> <polygon class="arrowhead" points="200,80 188,74.4 188,85.6" fill="black" transform="rotate(0,192,80)"/> <polygon class="arrowhead" points="184,128 172,122.4 172,133.6" fill="black" transform="rotate(180,176,128)"/> <g class="text"> <text x="24" y="36">Step#</text> <text x="92" y="36">Requesting</text> <text x="148" y="36">CA</text> <text x="380" y="36">Responding</text> <text x="436" y="36">CA</text> <text x="24" y="68">1</text> <text x="76" y="68">format</text> <text x="120" y="68">ccr</text> <text x="24" y="84">2</text> <text x="240" y="84">ccr</text> <text x="24" y="100">3</text> <text x="364" y="100">handle</text> <text x="408" y="100">ccr</text> <text x="24" y="116">4</text> <text x="368" y="116">produce</text> <text x="416" y="116">ccp</text> <text x="24" y="132">5</text> <text x="240" y="132">ccp</text> <text x="24" y="148">6</text> <text x="76" y="148">handle</text> <text x="120" y="148">ccp</text> </g> </svg> </artwork> <artwork type="ascii-art"><![CDATA[ Step# Requesting CA Responding CA --------------------------------------------------------------------- 1 format ccr 2 --> ccr --> 3 handle ccr 4 produce ccp 5 <-- ccp <-- 6 handle ccp ]]></artwork> </artset> <t>ccr:</t> <artwork><![CDATA[ Field Value sender Requesting CA name -- the name of the CA who produced the message recipient Responding CA name -- the name of the CA who is being asked to produce a certificate messageTime time of production of message -- current time at requesting CA protectionAlg MSG_SIG_ALG -- only signature protection is allowed for this request senderKID present if required -- must be present if required for verification of message -- protection recipKID present if required -- must be present if required for verification of message -- protection transactionID present -- implementation-specific value, meaningful to requesting CA. -- [If already in use at respondingCACA, then a rejection message -- MUST be produced by responding CA] senderNonce present -- 128 (pseudo-)random bits freeText any valid value body ccr (CertReqMessages) only one CertReqMsg allowed -- if multiplecross certificatescross-certificates are required, they MUST be -- packaged in separate PKIMessages certTemplate present -- details follow version v1 or v3 -- v3 STRONGLY RECOMMENDED signingAlg present -- the requesting CA must know in advance with which algorithm it -- wishes the certificate to be signed subject present -- may be NULL-DN only if subjectAltNames extension value proposed validity present -- MUST be completely specified (i.e., both fields present) issuer present -- may be NULL-DN only if issuerAltNames extension value proposed publicKey present -- the key to be certified (which must be for a signing algorithm) extensions optionally present -- a requesting CA must propose values for all extensions -- that it requires to be in the cross-certificate POPOSigningKey present -- seeSection D3: Proof-of-possession profileAppendix C.3: POP Profile protection present -- bits calculated using MSG_SIG_ALG extraCerts optionally present -- MAY contain any additional certificates that requester wishes -- to include ]]></artwork> <t>ccp:</t> <artwork><![CDATA[ Field Value sender Responding CA name -- the name of the CA who produced the message recipient Requesting CA name -- the name of the CA who asked for production of a certificate messageTime time of production of message -- current time at responding CA protectionAlg MSG_SIG_ALG -- only signature protection is allowed for this message senderKID present if required -- must be present if required for verification of message -- protection recipKID present if required transactionID present -- value from corresponding ccr message senderNonce present -- 128 (pseudo-)random bits recipNonce present -- senderNonce from corresponding ccr message freeText any valid value body ccp (CertRepMessage) only one CertResponse allowed -- if multiplecross certificatescross-certificates arerequiredrequired, they MUST be -- packaged in separate PKIMessages response present status present PKIStatusInfo.status present -- if PKIStatusInfo.status is one of: -- accepted, or -- grantedWithMods, -- then certifiedKeyPair MUST be present and failInfo MUST -- be absent failInfo present depending on PKIStatusInfo.status -- if PKIStatusInfo.status is: --rejectionrejection, -- then certifiedKeyPair MUST be absent and failInfo MUST be -- present and contain appropriate bit settings certifiedKeyPair present depending on PKIStatusInfo.status certificate present depending on certifiedKeyPair -- content of actual certificate must be examined by requesting CA -- before publication protection present -- bits calculated using MSG_SIG_ALG extraCerts optionally present -- MAY contain any additional certificates that responder wishes -- to include ]]></artwork> </section> <section anchor="sect-d.7"> <name>In-Band Initialization Using External Identity Certificate</name> <t>An (uninitialized)end entityEE wishes to initialize into the PKI with a CA, CA-1. It uses, for authentication purposes, a pre-existing identity certificate issued by another (external) CA, CA-X. A trust relationship must already have been established between CA-1 and CA-X so that CA-1 can validate the EE identity certificate signed by CA-X. Furthermore, some mechanism must already have been established within theTrusted Execution Environment (TEE)TEE, also known asPersonal Security Environment (PSE)PSE, of the EE that would allow it to authenticate and verify PKIMessages signed by CA-1 (as one example, the TEE may contain a certificate issued for the public key of CA-1, signed by another CA that the EE trusts on the basis of out-of-band authentication techniques).</t> <t>The EE sends an initialization request to start the transaction. When CA-1 responds with a message containing the new certificate, theend entityEE replies with a certificate confirmation. CA-1 replies with aPKIConfirmpkiconf message to close the transaction. All messages are signed (the EE messages are signed using the private key that corresponds to the public key in its external identity certificate; the CA-1 messages are signed using the private key that corresponds to the public key in a certificate that can be chained to a trust anchor in the EE's TEE).</t> <t>The profile for this exchange is identical to that given in <xref target="sect-c.4"/>, with the following exceptions:</t> <ul spacing="normal"> <li> <t>the EE and CA-1 do not share a symmetric MACing key (i.e., there is no out-of-band shared secret information between these entities);</t> </li> <li> <t>sender name in ir <bcp14>MUST</bcp14> be present (and identical to the subject name present in the external identity certificate);</t> </li> <li> <t>protectionAlg of MSG_SIG_ALG <bcp14>MUST</bcp14> be used in all messages;</t> </li> <li> <t>external identitycert.certificate <bcp14>MUST</bcp14> be carried in ir extraCerts field</t> </li> <li> <t>senderKID and recipKID are not used;</t> </li> <li> <t>body is ir orip;</t>ip; and</t> </li> <li> <t>protection bits are calculated according to the protectionAlg field.</t> </li> </ul> </section> </section> <section anchor="sect-e"> <name>Variants of Using KEM Keys for PKI Message Protection</name> <t>As described in <xref target="sect-5.1.3.4"/>, any party in a PKI management operation may wish to use a KEM key pair for message protection.Below possiblePossible cases aredescribed.</t>described below.</t> <t>For any PKI management operation started by a PKI entity with any type of request message, the following message flows describe the use of a KEM key. There are two cases to distinguish, namely whether the PKI entity or the PKI management entity owns a KEM key pair. If both sides own KEM key pairs, the flows need to be combined such that for each direction a shared secret key is established.</t> <t>In the following messageflowsflows, Alice indicates the PKI entity that uses a KEM key pair for message authentication and Bob provides the KEM ciphertext using Alice's public KEM key, as described in <xref target="sect-5.1.3.4"/>.</t><t>Message Flow when the PKI entity has a KEM key pair and certificate:</t><figure anchor="KEM-Flow1"> <name>Message FlowwhenWhen the PKIentity hasEntity Has a KEMkey pair</name>Key Pair and Certificate</name> <artset> <artwork type="svg" align="left"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="688" width="560" viewBox="0 0 560 688" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 8,64 L 552,64" fill="none" stroke="black"/> <path d="M 200,176 L 216,176" fill="none" stroke="black"/> <path d="M 312,176 L 328,176" fill="none" stroke="black"/> <path d="M 200,288 L 216,288" fill="none" stroke="black"/> <path d="M 312,288 L 328,288" fill="none" stroke="black"/> <path d="M 200,384 L 216,384" fill="none" stroke="black"/> <path d="M 312,384 L 328,384" fill="none" stroke="black"/> <path d="M 8,480 L 64,480" fill="none" stroke="black"/> <path d="M 496,480 L 552,480" fill="none" stroke="black"/> <path d="M 200,560 L 216,560" fill="none" stroke="black"/> <path d="M 312,560 L 328,560" fill="none" stroke="black"/> <polygon class="arrowhead" points="336,384 324,378.4 324,389.6" fill="black" transform="rotate(0,328,384)"/> <polygon class="arrowhead" points="336,176 324,170.4 324,181.6" fill="black" transform="rotate(0,328,176)"/> <polygon class="arrowhead" points="320,560 308,554.4 308,565.6" fill="black" transform="rotate(180,312,560)"/> <polygon class="arrowhead" points="320,288 308,282.4 308,293.6" fill="black" transform="rotate(180,312,288)"/> <polygon class="arrowhead" points="224,384 212,378.4 212,389.6" fill="black" transform="rotate(0,216,384)"/> <polygon class="arrowhead" points="224,176 212,170.4 212,181.6" fill="black" transform="rotate(0,216,176)"/> <polygon class="arrowhead" points="208,560 196,554.4 196,565.6" fill="black" transform="rotate(180,200,560)"/> <polygon class="arrowhead" points="208,288 196,282.4 196,293.6" fill="black" transform="rotate(180,200,288)"/> <g class="text"> <text x="24" y="36">Step#</text> <text x="64" y="36">PKI</text> <text x="108" y="36">entity</text> <text x="360" y="36">PKI</text> <text x="420" y="36">management</text> <text x="492" y="36">entity</text> <text x="80" y="52">(Alice)</text> <text x="368" y="52">(Bob)</text> <text x="24" y="84">1</text> <text x="76" y="84">format</text> <text x="152" y="84">unprotected</text> <text x="220" y="84">genm</text> <text x="76" y="100">of</text> <text x="108" y="100">type</text> <text x="136" y="116">KemCiphertextInfo</text> <text x="96" y="132">without</text> <text x="156" y="132">value,</text> <text x="200" y="132">and</text> <text x="80" y="148">KEM</text> <text x="144" y="148">certificate</text> <text x="204" y="148">in</text> <text x="108" y="164">extraCerts</text> <text x="24" y="180">2</text> <text x="260" y="180">genm</text> <text x="24" y="196">3</text> <text x="380" y="196">validate</text> <text x="432" y="196">KEM</text> <text x="496" y="196">certificate</text> <text x="24" y="212">4</text> <text x="376" y="212">perform</text> <text x="424" y="212">KEM</text> <text x="488" y="212">Encapsulate</text> <text x="24" y="228">5</text> <text x="372" y="228">format</text> <text x="448" y="228">unprotected</text> <text x="516" y="228">genp</text> <text x="372" y="244">of</text> <text x="404" y="244">type</text> <text x="432" y="260">KemCiphertextInfo</text> <text x="400" y="276">providing</text> <text x="456" y="276">KEM</text> <text x="516" y="276">ciphertext</text> <text x="24" y="292">6</text> <text x="260" y="292">genp</text> <text x="24" y="308">7</text> <text x="80" y="308">perform</text> <text x="128" y="308">KEM</text> <text x="192" y="308">Decapsulate</text> <text x="24" y="324">8</text> <text x="80" y="324">perform</text> <text x="128" y="324">key</text> <text x="188" y="324">derivation</text> <text x="76" y="340">to</text> <text x="104" y="340">get</text> <text x="136" y="340">ssk</text> <text x="24" y="356">9</text> <text x="76" y="356">format</text> <text x="136" y="356">request</text> <text x="188" y="356">with</text> <text x="104" y="372">MAC-based</text> <text x="188" y="372">protection</text> <text x="20" y="388">10</text> <text x="264" y="388">request</text> <text x="20" y="404">11</text> <text x="376" y="404">perform</text> <text x="424" y="404">key</text> <text x="484" y="404">derivation</text> <text x="372" y="420">to</text> <text x="400" y="420">get</text> <text x="432" y="420">ssk</text> <text x="20" y="436">12</text> <text x="372" y="436">verify</text> <text x="440" y="436">MAC-based</text> <text x="404" y="452">protection</text> <text x="96" y="484">PKI</text> <text x="140" y="484">entity</text> <text x="224" y="484">authenticated</text> <text x="292" y="484">by</text> <text x="320" y="484">PKI</text> <text x="380" y="484">management</text> <text x="452" y="484">entity</text> <text x="20" y="516">13</text> <text x="372" y="516">format</text> <text x="436" y="516">response</text> <text x="492" y="516">with</text> <text x="404" y="532">protection</text> <text x="488" y="532">depending</text> <text x="540" y="532">on</text> <text x="400" y="548">available</text> <text x="456" y="548">key</text> <text x="508" y="548">material</text> <text x="20" y="564">14</text> <text x="260" y="564">response</text> <text x="20" y="580">15</text> <text x="76" y="580">verify</text> <text x="148" y="580">protection</text> <text x="100" y="596">provided</text> <text x="148" y="596">by</text> <text x="176" y="596">the</text> <text x="80" y="612">PKI</text> <text x="140" y="612">management</text> <text x="212" y="612">entity</text> <text x="20" y="644">16</text> <text x="112" y="644">Further</text> <text x="180" y="644">messages</text> <text x="228" y="644">of</text> <text x="260" y="644">this</text> <text x="296" y="644">PKI</text> <text x="356" y="644">management</text> <text x="440" y="644">operation</text> <text x="80" y="660">can</text> <text x="108" y="660">be</text> <text x="160" y="660">exchanged</text> <text x="220" y="660">with</text> <text x="280" y="660">MAC-based</text> <text x="364" y="660">protection</text> <text x="420" y="660">by</text> <text x="448" y="660">the</text> <text x="480" y="660">PKI</text> <text x="100" y="676">entity</text> <text x="152" y="676">using</text> <text x="192" y="676">the</text> <text x="256" y="676">established</text> <text x="332" y="676">shared</text> <text x="388" y="676">secret</text> <text x="432" y="676">key</text> <text x="472" y="676">(ssk)</text> </g> </svg> </artwork> <artwork type="ascii-art" align="left"><![CDATA[ Step# PKI entity PKI management entity (Alice) (Bob) --------------------------------------------------------------------- 1 format unprotected genm of type KemCiphertextInfo without value, and KEM certificate in extraCerts 2 --> genm --> 3 validate KEM certificate 4 perform KEM Encapsulate 5 format unprotected genp of type KemCiphertextInfo providing KEM ciphertext 6 <-- genp <-- 7 perform KEM Decapsulate 8 perform key derivation to get ssk 9 format request with MAC-based protection 10 --> request --> 11 perform key derivation to get ssk 12 verify MAC-based protection -------- PKI entity authenticated by PKI management entity -------- 13 format response with protection depending on available key material 14 <-- response <-- 15 verify protection provided by the PKI management entity 16 Further messages of this PKI management operation can be exchanged with MAC-based protection by the PKI entity using the established shared secret key (ssk) ]]></artwork> </artset> </figure><t>Message Flow when the PKI entity knows that the PKI management entity uses a KEM key pair and has the authentic public key:</t><figure anchor="KEM-Flow2"> <name>Message FlowwhenWhen the PKIentity knows thatEntity Knows That the PKImanagement entity usesManagement Entity Uses a KEMkey pairKey Pair andhasHas theauthentic public key</name>Authentic Public Key</name> <artset> <artwork type="svg" align="left"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="496" width="560" viewBox="0 0 560 496" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 8,64 L 552,64" fill="none" stroke="black"/> <path d="M 200,208 L 216,208" fill="none" stroke="black"/> <path d="M 312,208 L 328,208" fill="none" stroke="black"/> <path d="M 200,304 L 216,304" fill="none" stroke="black"/> <path d="M 312,304 L 328,304" fill="none" stroke="black"/> <path d="M 8,400 L 64,400" fill="none" stroke="black"/> <path d="M 496,400 L 552,400" fill="none" stroke="black"/> <polygon class="arrowhead" points="336,208 324,202.4 324,213.6" fill="black" transform="rotate(0,328,208)"/> <polygon class="arrowhead" points="320,304 308,298.4 308,309.6" fill="black" transform="rotate(180,312,304)"/> <polygon class="arrowhead" points="224,208 212,202.4 212,213.6" fill="black" transform="rotate(0,216,208)"/> <polygon class="arrowhead" points="208,304 196,298.4 196,309.6" fill="black" transform="rotate(180,200,304)"/> <g class="text"> <text x="24" y="36">Step#</text> <text x="64" y="36">PKI</text> <text x="108" y="36">entity</text> <text x="360" y="36">PKI</text> <text x="420" y="36">management</text> <text x="492" y="36">entity</text> <text x="72" y="52">(Bob)</text> <text x="376" y="52">(Alice)</text> <text x="24" y="84">1</text> <text x="80" y="84">perform</text> <text x="128" y="84">KEM</text> <text x="192" y="84">Encapsulate</text> <text x="24" y="100">2</text> <text x="76" y="100">format</text> <text x="136" y="100">request</text> <text x="208" y="100">providing</text> <text x="80" y="116">KEM</text> <text x="140" y="116">ciphertext</text> <text x="196" y="116">in</text> <text x="112" y="132">generalInfo</text> <text x="172" y="132">of</text> <text x="204" y="132">type</text> <text x="140" y="148">KemCiphertextInfo,</text> <text x="80" y="164">and</text> <text x="116" y="164">with</text> <text x="180" y="164">protection</text> <text x="104" y="180">depending</text> <text x="156" y="180">on</text> <text x="208" y="180">available</text> <text x="80" y="196">key</text> <text x="132" y="196">material</text> <text x="24" y="212">3</text> <text x="264" y="212">request</text> <text x="24" y="228">4</text> <text x="376" y="228">perform</text> <text x="424" y="228">KEM</text> <text x="488" y="228">Decapsulate</text> <text x="24" y="244">5</text> <text x="376" y="244">perform</text> <text x="424" y="244">key</text> <text x="484" y="244">derivation</text> <text x="372" y="260">to</text> <text x="400" y="260">get</text> <text x="432" y="260">ssk</text> <text x="24" y="276">6</text> <text x="372" y="276">format</text> <text x="436" y="276">response</text> <text x="492" y="276">with</text> <text x="400" y="292">MAC-based</text> <text x="484" y="292">protection</text> <text x="24" y="308">7</text> <text x="260" y="308">response</text> <text x="24" y="324">8</text> <text x="80" y="324">perform</text> <text x="128" y="324">key</text> <text x="188" y="324">derivation</text> <text x="76" y="340">to</text> <text x="104" y="340">get</text> <text x="136" y="340">ssk</text> <text x="24" y="356">9</text> <text x="76" y="356">verify</text> <text x="144" y="356">MAC-based</text> <text x="108" y="372">protection</text> <text x="96" y="404">PKI</text> <text x="156" y="404">management</text> <text x="228" y="404">entity</text> <text x="312" y="404">authenticated</text> <text x="380" y="404">by</text> <text x="408" y="404">PKI</text> <text x="452" y="404">entity</text> <text x="20" y="436">10</text> <text x="112" y="436">Further</text> <text x="180" y="436">messages</text> <text x="228" y="436">of</text> <text x="260" y="436">this</text> <text x="296" y="436">PKI</text> <text x="356" y="436">management</text> <text x="440" y="436">operation</text> <text x="96" y="452">can</text> <text x="124" y="452">be</text> <text x="176" y="452">exchanged</text> <text x="236" y="452">with</text> <text x="296" y="452">MAC-based</text> <text x="380" y="452">protection</text> <text x="436" y="452">by</text> <text x="464" y="452">the</text> <text x="120" y="468">PKI</text> <text x="180" y="468">management</text> <text x="252" y="468">entity</text> <text x="304" y="468">using</text> <text x="344" y="468">the</text> <text x="408" y="468">established</text> <text x="220" y="484">shared</text> <text x="276" y="484">secret</text> <text x="320" y="484">key</text> <text x="360" y="484">(ssk)</text> </g> </svg> </artwork> <artwork type="ascii-art" align="left"><![CDATA[ Step# PKI entity PKI management entity (Bob) (Alice) --------------------------------------------------------------------- 1 perform KEM Encapsulate 2 format request providing KEM ciphertext in generalInfo of type KemCiphertextInfo, and with protection depending on available key material 3 --> request --> 4 perform KEM Decapsulate 5 perform key derivation to get ssk 6 format response with MAC-based protection 7 <-- response <-- 8 perform key derivation to get ssk 9 verify MAC-based protection -------- PKI management entity authenticated by PKI entity -------- 10 Further messages of this PKI management operation can be exchanged with MAC-based protection by the PKI management entity using the established shared secret key (ssk) ]]></artwork> </artset> </figure> <t>Note: <xref target="KEM-Flow2"/> describes the situation where KEM-based message protection may not require morethatthan one message exchange. In this case, the transactionID <bcp14>MUST</bcp14> also be used by the PKI entity (Bob) to ensure domain separation between different PKI management operations.</t><t>Message Flow when the PKI entity does not know that the PKI management entity uses a KEM key pair:</t><figure anchor="KEM-Flow3"> <name>Message FlowwhenWhen the PKIentity does not know thatEntity Does Not Know That the PKImanagement entity usesManagement Entity Uses a KEMkey pair</name>Key Pair</name> <artset> <artwork type="svg" align="left"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="320" width="560" viewBox="0 0 560 320" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> <path d="M 8,64 L 552,64" fill="none" stroke="black"/> <path d="M 200,144 L 216,144" fill="none" stroke="black"/> <path d="M 312,144 L 328,144" fill="none" stroke="black"/> <path d="M 200,256 L 216,256" fill="none" stroke="black"/> <path d="M 312,256 L 328,256" fill="none" stroke="black"/> <polygon class="arrowhead" points="336,144 324,138.4 324,149.6" fill="black" transform="rotate(0,328,144)"/> <polygon class="arrowhead" points="320,256 308,250.4 308,261.6" fill="black" transform="rotate(180,312,256)"/> <polygon class="arrowhead" points="224,144 212,138.4 212,149.6" fill="black" transform="rotate(0,216,144)"/> <polygon class="arrowhead" points="208,256 196,250.4 196,261.6" fill="black" transform="rotate(180,200,256)"/> <g class="text"> <text x="24" y="36">Step#</text> <text x="64" y="36">PKI</text> <text x="108" y="36">entity</text> <text x="360" y="36">PKI</text> <text x="420" y="36">management</text> <text x="492" y="36">entity</text> <text x="72" y="52">(Bob)</text> <text x="376" y="52">(Alice)</text> <text x="24" y="84">1</text> <text x="76" y="84">format</text> <text x="136" y="84">request</text> <text x="188" y="84">with</text> <text x="108" y="100">protection</text> <text x="192" y="100">depending</text> <text x="76" y="116">on</text> <text x="128" y="116">available</text> <text x="184" y="116">key</text> <text x="100" y="132">material</text> <text x="24" y="148">2</text> <text x="264" y="148">request</text> <text x="24" y="164">3</text> <text x="372" y="164">format</text> <text x="448" y="164">unprotected</text> <text x="520" y="164">error</text> <text x="380" y="180">with</text> <text x="428" y="180">status</text> <text x="504" y="180">"rejection"</text> <text x="376" y="196">and</text> <text x="428" y="196">failInfo</text> <text x="428" y="212">"wrongIntegrity"</text> <text x="512" y="212">and</text> <text x="544" y="212">KEM</text> <text x="408" y="228">certificate</text> <text x="468" y="228">in</text> <text x="404" y="244">extraCerts</text> <text x="24" y="260">4</text> <text x="264" y="260">error</text> <text x="24" y="276">5</text> <text x="84" y="276">validate</text> <text x="136" y="276">KEM</text> <text x="200" y="276">certificate</text> <text x="24" y="308">6</text> <text x="168" y="308">proceed</text> <text x="212" y="308">as</text> <text x="248" y="308">shown</text> <text x="284" y="308">in</text> <text x="312" y="308">the</text> <text x="356"y="308">Figure</text>y="308">figure</text> <text x="412" y="308">before</text> </g> </svg> </artwork> <artwork type="ascii-art" align="left"><![CDATA[ Step# PKI entity PKI management entity (Bob) (Alice) --------------------------------------------------------------------- 1 format request with protection depending on available key material 2 --> request --> 3 format unprotected error with status "rejection" and failInfo "wrongIntegrity" and KEM certificate in extraCerts 4 <-- error <-- 5 validate KEM certificate 6 proceed as shown in theFigurefigure before ]]></artwork> </artset> </figure> </section> <section anchor="sect-f"> <name>Compilable ASN.1 Definitions</name> <t>This section contains the updated 2002 ASN.1 moduleforfrom <xreftarget="RFC5912"/> astarget="RFC5912"/>, which was updated in <xref target="RFC9480"/>. This module replaces the module inSection 9 of<xref section="9" target="RFC5912"/>. The module contains those changes to the normative ASN.1 module fromAppendix F of<xref section="F" sectionFormat="of" target="RFC4210"/> that were specified in <xref target="RFC9480"/>, as well as changes made in thisdocument.</t>document. This module makes reference to ASN.1 structures defined in <xref target="RFC6268"/>, as well as the UTF-8 encoding defined in <xref target="RFC3629"/>.</t> <sourcecode type="asn.1"><![CDATA[ PKIXCMP-2023 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)id-mod-cmp2023-02(TBD2)id-mod-cmp2023-02(116) } DEFINITIONS EXPLICIT TAGS ::= BEGIN IMPORTS AttributeSet{}, SingleAttribute{}, Extensions{}, EXTENSION, ATTRIBUTE FROM PKIX-CommonTypes-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)} AlgorithmIdentifier{}, SIGNATURE-ALGORITHM, ALGORITHM, DIGEST-ALGORITHM, MAC-ALGORITHM, KEY-DERIVATION FROM AlgorithmInformation-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-algorithmInformation-02(58)} Certificate, CertificateList, Time, id-kp FROM PKIX1Explicit-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)} DistributionPointName, GeneralNames, GeneralName, KeyIdentifier FROM PKIX1Implicit-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)} CertTemplate, PKIPublicationInfo, EncryptedKey, CertId, CertReqMessages, Controls, RegControlSet, id-regCtrl FROM PKIXCRMF-2009 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-crmf2005-02(55) } -- The import of EncryptedKey is added due to the updates made -- in [RFC9480]. EncryptedValue does not need to be imported -- anymore and is therefore removed here. CertificationRequest FROM PKCS-10 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkcs10-2009(69)} -- (specified in [RFC2986] with 1993 ASN.1 syntax and IMPLICIT -- tags). Alternatively, implementers may directly include -- the syntax of [RFC2986] in this module. localKeyId FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) modules(0) pkcs-9(1)} -- The import of localKeyId is added due to the updates made in -- [RFC9480] EnvelopedData, SignedData FROM CryptographicMessageSyntax-2010 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58)} -- The import of EnvelopedData and SignedData from [RFC6268] is -- added due to the updates made in CMP Updates [RFC9480] KEM-ALGORITHM FROM KEMAlgorithmInformation-2023 -- [RFC9629] { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-kemAlgorithmInformation-2023(109) } -- The import of KEM-ALGORITHM was added due to the updates made -- in[RFCXXXX][RFC9810] ; -- History of the PKIXCMP ASN.1 modules -- [RFC2510] -- 1988 Syntax, PKIXCMP, 1.3.6.1.5.5.7.0.9 (id-mod-cmp) -- Obsoleted by RFC 4210 PKIXCMP, 1.3.6.1.5.5.7.0.16 -- (id-mod-cmp2000) -- [RFC4210] -- 1988 Syntax, PKIXCMP, 1.3.6.1.5.5.7.0.16 (id-mod-cmp2000) -- Replaced by RFC 9480 PKIXCMP, 1.3.6.1.5.5.7.0.99 -- (id-mod-cmp2021-88) -- [RFC5912] -- 2002 Syntax, PKIXCMP-2009, 1.3.6.1.5.5.7.0.50 -- (id-mod-cmp2000-02) -- Replaced by RFC 9480 PKIXCMP-2021, 1.3.6.1.5.5.7.0.100 -- (id-mod-cmp2021-02) -- [RFC9480] -- 1988 Syntax, PKIXCMP, 1.3.6.1.5.5.7.0.99 (id-mod-cmp2021-88) -- 2002 Syntax, PKIXCMP-2021, 1.3.6.1.5.5.7.0.100 -- (id-mod-cmp2021-02) -- Obsoleted by[RFCXXXX][RFC9810] PKIXCMP-2023,1.3.6.1.5.5.7.0.TBD21.3.6.1.5.5.7.0.116 -- (id-mod-cmp2023-02) --[RFCXXXX][RFC9810] -- 2002 Syntax, PKIXCMP-2023,1.3.6.1.5.5.7.0.TBD21.3.6.1.5.5.7.0.116 -- (id-mod-cmp2023-02) -- The rest of the module contains locally defined OIDs and -- constructs: CMPCertificate ::= CHOICE { x509v3PKCert Certificate, ... } -- This syntax, while bits-on-the-wire compatible with the -- standard X.509 definition of "Certificate", allows the -- possibility of future certificate types (such as X.509 -- attribute certificates, card-verifiable certificates, or other -- kinds of certificates) within this Certificate Management -- Protocol, should a need ever arise to support such generality. -- Those implementations that do not foresee a need to ever support -- other certificate types MAY, if they wish, comment out the -- above structure and "uncomment" the following one prior to -- compiling this ASN.1 module. (Note that interoperability -- with implementations that don't do this will be unaffected by -- this change.) -- CMPCertificate ::= Certificate PKIMessage ::= SEQUENCE { header PKIHeader, body PKIBody, protection [0] PKIProtection OPTIONAL, extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate OPTIONAL } PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage PKIHeader ::= SEQUENCE { pvno INTEGER { cmp1999(1), cmp2000(2), cmp2021(3) }, sender GeneralName, -- identifies the sender recipient GeneralName, -- identifies the intended recipient messageTime [0] GeneralizedTime OPTIONAL, -- time of production of this message (used when sender -- believes that the transport will be "suitable", i.e., -- that the time will still be meaningful upon receipt) protectionAlg [1] AlgorithmIdentifier{ALGORITHM, {...}} OPTIONAL, -- algorithm used for calculation of protection bits senderKID [2] KeyIdentifier OPTIONAL, recipKID [3] KeyIdentifier OPTIONAL, -- to identify specific keys used for protection transactionID [4] OCTET STRING OPTIONAL, -- identifies the transaction, i.e., this will be the same in -- corresponding request, response, certConf, andPKIConfpkiconf -- messages senderNonce [5] OCTET STRING OPTIONAL, recipNonce [6] OCTET STRING OPTIONAL, -- nonces used to provide replay protection, senderNonce -- is inserted by the creator of this message; recipNonce -- is a nonce previously inserted in a related message by -- the intended recipient of this message. freeText [7] PKIFreeText OPTIONAL, -- this may be used to indicate context-specific instructions -- (this field is intended for human consumption) generalInfo [8] SEQUENCE SIZE (1..MAX) OF InfoTypeAndValue OPTIONAL -- this may be used to convey context-specific information -- (this field is not primarily intended for human consumption) } PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String -- text encoded as UTF-8 string [RFC3629] PKIBody ::= CHOICE { -- message-specific body elements ir [0] CertReqMessages, --Initialization Request ip [1] CertRepMessage, --Initialization Response cr [2] CertReqMessages, --Certification Request cp [3] CertRepMessage, --Certification Response p10cr [4] CertificationRequest, --imported from [RFC2986] popdecc [5] POPODecKeyChallContent, --pop Challenge popdecr [6] POPODecKeyRespContent, --pop Response kur [7] CertReqMessages, --Key Update Request kup [8] CertRepMessage, --Key Update Response krr [9] CertReqMessages, --Key Recovery Request krp [10] KeyRecRepContent, --Key Recovery Response rr [11] RevReqContent, --Revocation Request rp [12] RevRepContent, --Revocation Response ccr [13] CertReqMessages, --Cross-Cert. Request ccp [14] CertRepMessage, --Cross-Cert. Response ckuann [15] CAKeyUpdContent, --CA Key Update Ann. cann [16] CertAnnContent, --Certificate Ann. rann [17] RevAnnContent, --Revocation Ann. crlann [18] CRLAnnContent, --CRL Announcement pkiconf [19] PKIConfirmContent, --Confirmation nested [20] NestedMessageContent, --Nested Message genm [21] GenMsgContent, --General Message genp [22] GenRepContent, --General Response error [23] ErrorMsgContent, --Error Message certConf [24] CertConfirmContent, --Certificate Confirm pollReq [25] PollReqContent, --Polling Request pollRep [26] PollRepContent --Polling Response } PKIProtection ::= BIT STRING ProtectedPart ::= SEQUENCE { header PKIHeader, body PKIBody } id-PasswordBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2) usa(840) nt(113533) nsn(7) algorithms(66) 13 } PBMParameter ::= SEQUENCE { salt OCTET STRING, -- Note: Implementations MAY wish to limit acceptable sizes -- of this string to values appropriate for their environment -- in order to reduce the risk of denial-of-service attacks. owf AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}, -- AlgId for theOne-Way FunctionOWF iterationCount INTEGER, -- number of times the OWF is applied -- Note: Implementations MAY wish to limit acceptable sizes -- of this integer to values appropriate for their environment -- in order to reduce the risk of denial-of-service attacks. mac AlgorithmIdentifier{MAC-ALGORITHM, {...}} -- AlgId of theMessage Authentication CodeMAC algorithm } id-DHBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2) usa(840) nt(113533) nsn(7) algorithms(66) 30 } DHBMParameter ::= SEQUENCE { owf AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}, -- AlgId fora One-Way Functionan OWF mac AlgorithmIdentifier{MAC-ALGORITHM, {...}} -- AlgId of theMessage Authentication CodeMAC algorithm } -- id-KemBasedMac and KemBMParameter were added in[RFCXXXX][RFC9810] id-KemBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2) usa(840) nt(113533) nsn(7) algorithms(66) 16 } KemBMParameter ::= SEQUENCE { kdf AlgorithmIdentifier{KEY-DERIVATION, {...}}, -- AlgId of the Key Derivation Function algorithm kemContext [0] OCTET STRING OPTIONAL, -- MAY contain additionalalgorithm specificalgorithm-specific context information len INTEGER (1..MAX), -- Defines the length of the keying material output of the KDF -- SHOULD be the maximum key length of the MAC function mac AlgorithmIdentifier{MAC-ALGORITHM, {...}} -- AlgId of theMessage Authentication CodeMAC algorithm } PKIStatus ::= INTEGER { accepted (0), -- you got exactly what you asked for grantedWithMods (1), -- you got something like what you asked for; the -- requester is responsible for ascertaining the differences rejection (2), -- you don't get it, more information elsewhere in the message waiting (3), -- the request body part has not yet been processed; expect to -- hear more later (note: proper handling of this status -- response MAY use the polling req/rep PKIMessages specified -- in Section 5.3.22; alternatively, polling in the underlying -- transport layer MAY have some utility in this regard) revocationWarning (4), -- this message contains a warning that a revocation is -- imminent revocationNotification (5), -- notification that a revocation has occurred keyUpdateWarning (6) -- update already done for the oldCertId specified in -- CertReqMsg } PKIFailureInfo ::= BIT STRING { -- since we can fail in more than one way! -- More codes may be added in the future if/when required. badAlg (0), -- unrecognized or unsupported algorithm identifier badMessageCheck (1), -- integrity check failed (e.g., signature did not verify) badRequest (2), -- transaction not permitted or supported badTime (3), -- messageTime was not sufficiently close to the system time, -- as defined by local policy badCertId (4), -- no certificate could be found matching the provided criteria badDataFormat (5), -- the data submitted has the wrong format wrongAuthority (6), -- the authority indicated in the request is different from the -- one creating the response token incorrectData (7), -- the requester's data is incorrect (for notary services) missingTimeStamp (8), -- when the timestamp is missing but should be there -- (by policy) badPOP (9), -- theproof-of-possessionPOP failed certRevoked (10), -- the certificate has already been revoked certConfirmed (11), -- the certificate has already been confirmed wrongIntegrity (12), -- KEM ciphertext missing for MAC-based protection of response, -- or not valid integrity of message received (password based -- instead of signature or vice versa) badRecipientNonce (13), -- not valid recipient nonce, either missing or wrong value timeNotAvailable (14), -- the TSA's time source is not available unacceptedPolicy (15), -- the requested TSA policy is not supported by the TSA unacceptedExtension (16), -- the requested extension is not supported by the TSA addInfoNotAvailable (17), -- the additional information requested could not be -- understood or is not available badSenderNonce (18), -- not valid sender nonce, either missing or wrong size badCertTemplate (19), -- not valid cert. template or missing mandatory information signerNotTrusted (20), -- signer of the message unknown or not trusted transactionIdInUse (21), -- the transaction identifier is already in use unsupportedVersion (22), -- the version of the message is not supported notAuthorized (23), -- the sender was not authorized to make the preceding -- request or perform the preceding action systemUnavail (24), -- the request cannot be handled due to system unavailability systemFailure (25), -- the request cannot be handled due to system failure duplicateCertReq (26) -- certificate cannot be issued because a duplicate -- certificate already exists } PKIStatusInfo ::= SEQUENCE { status PKIStatus, statusString PKIFreeText OPTIONAL, failInfo PKIFailureInfo OPTIONAL } OOBCert ::= CMPCertificate OOBCertHash ::= SEQUENCE { hashAlg [0] AlgorithmIdentifier{DIGEST-ALGORITHM, {...}} OPTIONAL, certId [1] CertId OPTIONAL, hashVal BIT STRING -- hashVal is calculated over the DER encoding of the -- self-signed certificate with the identifier certID. } POPODecKeyChallContent ::= SEQUENCE OF Challenge -- One Challenge per encryption or key agreement key certification -- request (in the same order as these requests appear in -- CertReqMessages). -- encryptedRand was added in[RFCXXXX][RFC9810] Challenge ::= SEQUENCE { owf AlgorithmIdentifier{DIGEST-ALGORITHM, {...}} OPTIONAL, -- MUST be present in the first Challenge; MAY be omitted in -- any subsequent Challenge in POPODecKeyChallContent (if -- omitted, then the owf used in the immediately preceding -- Challenge is to be used). witness OCTET STRING, -- the result of applying theone-way function (owf)OWF to a --randomly-generatedrandomly generated INTEGER, A. (Note that a different -- INTEGER MUST be used for each Challenge.) challenge OCTET STRING, -- MUST be used for cmp2000(2) popdecc messages and MUST be -- the encryption of Rand (using a mechanism depending on the -- private key type). -- MUST be an empty OCTET STRING for cmp2021(3) popdecc messages. -- Note: Using challenge omitting the optional encryptedRand is -- bit-compatible to the syntax without adding this optional -- field. encryptedRand [0] EnvelopedData OPTIONAL -- MUST be omitted for cmp2000(2) popdecc messages. -- MUST be used for cmp2021(3) popdecc messages and MUST contain -- the encrypted value of Rand using CMS EnvelopedData using the -- key management technique depending on the private key type as -- defined in Section 5.2.2. } -- Rand was added in [RFC9480] Rand ::= SEQUENCE { -- Rand is encrypted involving the public key to form the content of -- challenge or encryptedRand in POPODecKeyChallContent int INTEGER, -- the randomly generated INTEGER A (above) sender GeneralName -- the sender's name (as included in PKIHeader) } POPODecKeyRespContent ::= SEQUENCE OF INTEGER -- One INTEGER per encryption or key agreement key certification -- request (in the same order as these requests appear in -- CertReqMessages). The retrieved INTEGER A (above) is returned to -- the sender of the corresponding Challenge. CertRepMessage ::= SEQUENCE { caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate OPTIONAL, response SEQUENCE OF CertResponse } CertResponse ::= SEQUENCE { certReqId INTEGER, -- to match this response with the corresponding request (a value -- of -1 is to be used if certReqId is not specified in the -- corresponding request, which can only be a p10cr) status PKIStatusInfo, certifiedKeyPair CertifiedKeyPair OPTIONAL, rspInfo OCTET STRING OPTIONAL -- analogous to the id-regInfo-utf8Pairs string defined -- for regInfo in CertReqMsg [RFC4211] } CertifiedKeyPair ::= SEQUENCE { certOrEncCert CertOrEncCert, privateKey [0] EncryptedKey OPTIONAL, -- See [RFC4211] for comments on encoding. -- Changed from EncryptedValue to EncryptedKey as a CHOICE of -- EncryptedValue and EnvelopedData due to the changes made in -- [RFC9480]. -- Using the choice EncryptedValue is bit-compatible to the -- syntax without this change. publicationInfo [1] PKIPublicationInfo OPTIONAL } CertOrEncCert ::= CHOICE { certificate [0] CMPCertificate, encryptedCert [1] EncryptedKey -- Changed from Encrypted Value to EncryptedKey as a CHOICE of -- EncryptedValue and EnvelopedData due to the changes made in -- [RFC9480]. -- Using the choice EncryptedValue is bit-compatible to the -- syntax without this change. } KeyRecRepContent ::= SEQUENCE { status PKIStatusInfo, newSigCert [0] CMPCertificate OPTIONAL, caCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate OPTIONAL, keyPairHist [2] SEQUENCE SIZE (1..MAX) OF CertifiedKeyPair OPTIONAL } RevReqContent ::= SEQUENCE OF RevDetails RevDetails ::= SEQUENCE { certDetails CertTemplate, -- allows requester to specify as much as they can about -- the cert. for which revocation is requested -- (e.g., for cases in which serialNumber is not available) crlEntryDetails Extensions{{...}} OPTIONAL -- requested crlEntryExtensions } RevRepContent ::= SEQUENCE { status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo, -- in same order as was sent in RevReqContent revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL, -- IDs for which revocation was requested -- (same order as status) crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL -- the resulting CRLs (there may be more than one) } CAKeyUpdAnnContent ::= SEQUENCE { oldWithNew CMPCertificate, -- old pub signed with new priv newWithOld CMPCertificate, -- new pub signed with old priv newWithNew CMPCertificate -- new pub signed with new priv } -- CAKeyUpdContent was added in[RFCXXXX][RFC9810] CAKeyUpdContent ::= CHOICE { cAKeyUpdAnnV2 CAKeyUpdAnnContent, -- deprecated cAKeyUpdAnnV3 [0] RootCaKeyUpdateContent } -- Withcmp2021cmp2021, the use of CAKeyUpdAnnContent isdeprecated ,deprecated, use -- RootCaKeyUpdateContent instead. CertAnnContent ::= CMPCertificate RevAnnContent ::= SEQUENCE { status PKIStatus, certId CertId, willBeRevokedAt GeneralizedTime, badSinceDate GeneralizedTime, crlDetails Extensions{{...}} OPTIONAL -- extra CRL details (e.g., crl number, reason, location, etc.) } CRLAnnContent ::= SEQUENCE OF CertificateList PKIConfirmContent ::= NULL NestedMessageContent ::= PKIMessages -- CertReqTemplateContent, AttributeTypeAndValue, -- ExpandedRegControlSet, id-regCtrl-altCertTemplate, -- AltCertTemplate, regCtrl-algId, id-regCtrl-algId, AlgIdCtrl, -- regCtrl-rsaKeyLen, id-regCtrl-rsaKeyLen, and RsaKeyLenCtrl -- were added in [RFC9480] CertReqTemplateContent ::= SEQUENCE { certTemplate CertTemplate, -- prefilled certTemplate structure elements -- The SubjectPublicKeyInfo field in the certTemplate MUST NOT -- be used. keySpec Controls OPTIONAL -- MAY be used to specify supported algorithms -- Controls ::= SEQUENCE SIZE (1..MAX) OF AttributeTypeAndValue -- as specified in CRMF [RFC4211] } AttributeTypeAndValue ::= SingleAttribute{{ ... }} ExpandedRegControlSet ATTRIBUTE ::= { RegControlSet | regCtrl-altCertTemplate | regCtrl-algId | regCtrl-rsaKeyLen, ... } regCtrl-altCertTemplate ATTRIBUTE ::= { TYPE AltCertTemplate IDENTIFIED BY id-regCtrl-altCertTemplate } id-regCtrl-altCertTemplate OBJECT IDENTIFIER ::= { id-regCtrl 7 } AltCertTemplate ::= AttributeTypeAndValue -- specifies a template for a certificate other than an X.509v3 -- public key certificate regCtrl-algId ATTRIBUTE ::= { TYPE AlgIdCtrl IDENTIFIED BY id-regCtrl-algId } id-regCtrl-algId OBJECT IDENTIFIER ::= { id-regCtrl 11 } AlgIdCtrl ::= AlgorithmIdentifier{ALGORITHM, {...}} -- SHALL be used to specify supported algorithms other than RSA regCtrl-rsaKeyLen ATTRIBUTE ::= { TYPE RsaKeyLenCtrl IDENTIFIED BY id-regCtrl-rsaKeyLen } id-regCtrl-rsaKeyLen OBJECT IDENTIFIER ::= { id-regCtrl 12 } RsaKeyLenCtrl ::= INTEGER (1..MAX) -- SHALL be used to specify supported RSA key lengths -- RootCaKeyUpdateContent, CRLSource, and CRLStatus were added in -- [RFC9480] RootCaKeyUpdateContent ::= SEQUENCE { newWithNew CMPCertificate, -- new root CA certificate newWithOld [0] CMPCertificate OPTIONAL, -- X.509 certificate containing the new public root CA key -- signed with the old private root CA key oldWithNew [1] CMPCertificate OPTIONAL -- X.509 certificate containing the old public root CA key -- signed with the new private root CA key } CRLSource ::= CHOICE { dpn [0] DistributionPointName, issuer [1] GeneralNames } CRLStatus ::= SEQUENCE { source CRLSource, thisUpdate Time OPTIONAL } -- KemCiphertextInfo and KemOtherInfo were added in[RFCXXXX][RFC9810] KemCiphertextInfo ::= SEQUENCE { kem AlgorithmIdentifier{KEM-ALGORITHM, {...}}, -- AlgId of theKey Encapsulation MechanismKEM algorithm ct OCTET STRING -- Ciphertext output from the Encapsulate function } KemOtherInfo ::= SEQUENCE { staticString PKIFreeText, -- MUST be "CMP-KEM" transactionID OCTET STRING, -- MUST contain the values from the message previously received -- containing the ciphertext (ct) in KemCiphertextInfo kemContext [0] OCTET STRING OPTIONAL -- MAY contain additionalalgorithm specificalgorithm-specific context information } INFO-TYPE-AND-VALUE ::= TYPE-IDENTIFIER InfoTypeAndValue ::= SEQUENCE { infoType INFO-TYPE-AND-VALUE. &id({SupportedInfoSet}), infoValue INFO-TYPE-AND-VALUE. &Type({SupportedInfoSet}{@infoType}) } SupportedInfoSet INFO-TYPE-AND-VALUE ::= { ... } -- Example InfoTypeAndValue contents include, but are not limited -- to, the following (uncomment in this ASN.1 module and use as -- appropriate for a given environment): -- -- id-it-caProtEncCert OBJECT IDENTIFIER ::= {id-it 1} -- CAProtEncCertValue ::= CMPCertificate -- id-it-signKeyPairTypes OBJECT IDENTIFIER ::= {id-it 2} -- SignKeyPairTypesValue ::= SEQUENCE SIZE (1..MAX) OF -- AlgorithmIdentifier{{...}} -- id-it-encKeyPairTypes OBJECT IDENTIFIER ::= {id-it 3} -- EncKeyPairTypesValue ::= SEQUENCE SIZE (1..MAX) OF -- AlgorithmIdentifier{{...}} -- id-it-preferredSymmAlg OBJECT IDENTIFIER ::= {id-it 4} -- PreferredSymmAlgValue ::= AlgorithmIdentifier{{...}} -- id-it-caKeyUpdateInfo OBJECT IDENTIFIER ::= {id-it 5} -- CAKeyUpdateInfoValue ::= CAKeyUpdAnnContent -- - id-it-caKeyUpdateInfo was deprecated with cmp2021 -- id-it-currentCRL OBJECT IDENTIFIER ::= {id-it 6} -- CurrentCRLValue ::= CertificateList -- id-it-unsupportedOIDs OBJECT IDENTIFIER ::= {id-it 7} -- UnsupportedOIDsValue ::= SEQUENCE SIZE (1..MAX) OF -- OBJECT IDENTIFIER -- id-it-keyPairParamReq OBJECT IDENTIFIER ::= {id-it 10} -- KeyPairParamReqValue ::= OBJECT IDENTIFIER -- id-it-keyPairParamRep OBJECT IDENTIFIER ::= {id-it 11} -- KeyPairParamRepValue ::= AlgorithmIdentifier{{...}} -- id-it-revPassphrase OBJECT IDENTIFIER ::= {id-it 12} -- RevPassphraseValue ::= EncryptedKey -- - Changed from Encrypted Value to EncryptedKey as a CHOICE -- - of EncryptedValue and EnvelopedData due to the changes -- - made in [RFC9480] -- - Using the choice EncryptedValue is bit-compatible to -- - the syntax without this change -- id-it-implicitConfirm OBJECT IDENTIFIER ::= {id-it 13} -- ImplicitConfirmValue ::= NULL -- id-it-confirmWaitTime OBJECT IDENTIFIER ::= {id-it 14} -- ConfirmWaitTimeValue ::= GeneralizedTime -- id-it-origPKIMessage OBJECT IDENTIFIER ::= {id-it 15} -- OrigPKIMessageValue ::= PKIMessages -- id-it-suppLangTags OBJECT IDENTIFIER ::= {id-it 16} -- SuppLangTagsValue ::= SEQUENCE OF UTF8String -- id-it-caCerts OBJECT IDENTIFIER ::= {id-it 17} -- CaCertsValue ::= SEQUENCE SIZE (1..MAX) OF -- CMPCertificate -- - id-it-caCerts added in [RFC9480] -- id-it-rootCaKeyUpdate OBJECT IDENTIFIER ::= {id-it 18} -- RootCaKeyUpdateValue ::= RootCaKeyUpdateContent -- - id-it-rootCaKeyUpdate added in [RFC9480] -- id-it-certReqTemplate OBJECT IDENTIFIER ::= {id-it 19} -- CertReqTemplateValue ::= CertReqTemplateContent -- - id-it-certReqTemplate added in [RFC9480] -- id-it-rootCaCert OBJECT IDENTIFIER ::= {id-it 20} -- RootCaCertValue ::= CMPCertificate -- - id-it-rootCaCert added in [RFC9480] -- id-it-certProfile OBJECT IDENTIFIER ::= {id-it 21} -- CertProfileValue ::= SEQUENCE SIZE (1..MAX) OF -- UTF8String -- - id-it-certProfile added in [RFC9480] -- id-it-crlStatusList OBJECT IDENTIFIER ::= {id-it 22} -- CRLStatusListValue ::= SEQUENCE SIZE (1..MAX) OF -- CRLStatus -- - id-it-crlStatusList added in [RFC9480] -- id-it-crls OBJECT IDENTIFIER ::= {id-it 23} -- CRLsValue ::= SEQUENCE SIZE (1..MAX) OF -- CertificateList -- - id-it-crls added in [RFC9480] -- id-it-KemCiphertextInfo OBJECT IDENTIFIER ::= {id-itTBD1}24} -- KemCiphertextInfoValue ::= KemCiphertextInfo -- - id-it-KemCiphertextInfo was added in[RFCXXXX][RFC9810] -- -- where -- -- id-pkix OBJECT IDENTIFIER ::= { -- iso(1) identified-organization(3) -- dod(6) internet(1) security(5) mechanisms(5) pkix(7)} -- and -- id-it OBJECT IDENTIFIER ::= {id-pkix 4} -- -- -- This construct MAY also be used to define new PKIX Certificate -- Management Protocol request and response messages or -- general-purpose (e.g., announcement) messages for future needs -- or for specific environments. GenMsgContent ::= SEQUENCE OF InfoTypeAndValue -- May be sent by EE, RA, or CA (depending on message content). -- The OPTIONAL infoValue parameter of InfoTypeAndValue will -- typically be omitted for some of the examples given above. -- The receiver is free to ignore any contained OIDs that it -- does not recognize. If sent from EE to CA, the empty set -- indicates that the CA may send -- any/all information that it wishes. GenRepContent ::= SEQUENCE OF InfoTypeAndValue -- The receiver MAY ignore any contained OIDs that it does not -- recognize. ErrorMsgContent ::= SEQUENCE { pKIStatusInfo PKIStatusInfo, errorCode INTEGER OPTIONAL, -- implementation-specific error codes errorDetails PKIFreeText OPTIONAL -- implementation-specific error details } CertConfirmContent ::= SEQUENCE OF CertStatus CertStatus ::= SEQUENCE { certHash OCTET STRING, -- the hash of the certificate, using the same hash algorithm -- as is used to create and verify the certificate signature certReqId INTEGER, -- to match this confirmation with the corresponding req/rep statusInfo PKIStatusInfo OPTIONAL, hashAlg [0] AlgorithmIdentifier{DIGEST-ALGORITHM, {...}} OPTIONAL -- the hash algorithm to use for calculating certHash -- SHOULD NOT be used in all cases where the AlgorithmIdentifier -- of the certificate signature specifies a hash algorithm } PollReqContent ::= SEQUENCE OF SEQUENCE { certReqId INTEGER } PollRepContent ::= SEQUENCE OF SEQUENCE { certReqId INTEGER, checkAfter INTEGER, -- time in seconds reason PKIFreeText OPTIONAL } -- --Extended key usageEKU extension for PKI entities used in CMP -- operations, added due to the changes made in [RFC9480] -- The EKUs for the CA and RA are reused from CMC, as defined in -- [RFC6402] -- -- id-kp-cmcCA OBJECT IDENTIFIER ::= { id-kp 27 } -- id-kp-cmcRA OBJECT IDENTIFIER ::= { id-kp 28 } id-kp-cmKGA OBJECT IDENTIFIER ::= { id-kp 32 } END ]]></sourcecode> </section> <sectionanchor="sect-g"> <name>History of Changes</name> <t>Note: This appendix will be deleted in the final version of the document.</t> <t>From version 17 -> 18:</t> <ul spacing="normal"> <li> <t>Deleted last paragraph of Appendix D.3 to resolve the DISCUSS from Paul Wouters</t> </li> </ul> <t>From version 16 -> 17:</t> <ul spacing="normal"> <li> <t>Addressing DISCUSS from Paul Wouters by extending text of Sections 3.1.1.2, 4.4, 5.2.5, 6, and D.3.</t> </li> <li> <t>Updated IPSEC -> IPsec</t> </li> </ul> <t>From version 15 -> 16:</t> <ul spacing="normal"> <li> <t>Addressed IESG review comments from Erik Kline, Gunter Van de Velde, Orie Steele, Zaheduzzaman Sarker, Éric Vyncke, and Paul Wouters, except the DISCUSS issue Paul raised</t> </li> </ul> <t>From version 14 -> 15:</t> <ul spacing="normal"> <li> <t>Addressed SECDIR, OPSDIR, and TSVART review comments</t> </li> </ul> <t>From version 13 -> 14:</t> <ul spacing="normal"> <li> <t>Implemented some editorial changes throughout the document, specifically in Sections 5.1.1, 5.1.1.3, 5.1.3.4, 5.2.2, 5.2.8.3, 5.3.18, 5.3.19.2, 5.2.22, 7, C.1, and C.4</t> </li> <li> <t>Aligned formatting of message flow diagrams</t> </li> <li> <t>Updated the page header to 'CMP'</t> </li> <li> <t>Removed one instruction to RFC Editors</t> </li> <li> <t>Fixed some nits in Section 5.2.2</t> </li> <li> <t>Fixed one reference to RFC 9629 in the ASN.1 Module</t> </li> </ul> <t>From version 12 -> 13:</t> <ul spacing="normal"> <li> <t>Updated the definition of "NULL-DN" in Section 5.1.1 and Appendix D.1 and added a specificationanchor="Acknowledgements" numbered="false"> <name>Acknowledgements</name> <t>The authors ofhow the RA/CA shall generate the rid content to Section 5.2.8.3.3 to clarify direct POP (see thread "CMS RecipientInfo for EnvelopedData in CMC")</t> </li> <li> <t>Added one minor clarification in Section 5.2.2</t> </li> <li> <t>Updated reference from draft-ietf-lamps-cms-kemri to RFC 9629</t> </li> </ul> <t>From version 11 -> 12:</t> <ul spacing="normal"> <li> <t>Adding a paragraph to Section 5.2.8.3.2 to clarify Indirect POP (see thread "Using cms-kemrithisCMP Indirect POP")</t> </li> <li> <t>Updated Appendix F addressing comments from Russ (see thread "WG Last Call for draft-ietf-lamps-rfc4210bis and draft-ietf-lamps-rfc6712bis")</t> </li> <li> <t>Extended the Acknowledgments section.</t> </li> </ul> <t>From version 10 -> 11:</t> <ul spacing="normal"> <li> <t>Updated Section 4.2.2 addressing the comment from Tomas Gustavsson and as presented during IETF 119 (see thread "draft-ietf-lamps-rfc4210bis-v10 Section 4.2.2 - removing normative language")</t> </li> </ul> <t>From version 09 -> 10:</t> <ul spacing="normal"> <li> <t>Implemented some minor editorial changes modernizing the text in Section 3, 4, and 5.2.8 as proposed during IETF 119, without changing normative language.</t> </li> <li> <t>Added to Section 4.2.2 two ToDos for further discussion, based on the comment from Tomas Gustavsson as presented during IETF 119.</t> </li> <li> <t>Addressed erratum 7888</t> </li> </ul> <t>From version 08 -> 09:</t> <ul spacing="normal"> <li> <t>Changed reference from ITU-T X.509 to RFC 5280 (see thread " CMP vs RFC5280").</t> </li> <li> <t>Deprecated CAKeyUpdAnnContent in favor of RootCaKeyUpdateContent in CMP V3 as proposed by Tomas.</t> </li> <li> <t>Updated Section 4.4 incorporating RootCaKeyUpdateContent as alternative to using a repository for providing root CA key updates.</t> </li> <li> <t>Deleting an obsolete sentence in Section 8.8.</t> </li> <li> <t>Added IANA considerations addressing IANA early review.</t> </li> </ul> <t>From version 07 -> 08:</t> <ul spacing="normal"> <li> <t>Aligned with released RFC 9480 - RFC 9483</t> </li> <li> <t>Updated Section 1.3</t> </li> <li> <t>Added text on usage of transactionID with KEM-bases message protection to Section 5.1.1</t> </li> <li> <t>Reverted a change to Section 5.1.3.1 from -02 and reinserting the deleted text and adding some text explaining when a key expansion is required.</t> </li> <li> <t>Consolidated the definition and transferal of KemCiphertextInfo. Added a new Section 5.1.1.5 introducing KemCiphertextInfo in the generalInfo filed and moving text on how to request a KEM ciphertext using genm/genp from Section 5.1.3.4 to Section 5.3.19.18</t> </li> <li> <t>Some editorial changes to Section 5.1.3.4 and Appendix E after discussion with David resolving #30 and discussing at IETF 117. Also introducing optional field kemContext to KemBasedMac and KemOtherInfo as CMP-specific alternative to ukm in cms-kemri.</t> </li> <li> <t>Added ToDo for reviewing the reduced content of KemOtherInfo to Section 5.1.3.4</t> </li> <li> <t>Added a cross-reference to Section 5.1.1.3 regarding use of OrigPKIMessage to Section 5.1.3.5</t> </li> <li> <t>Added POP for KEM keys to Section 5.2.8. Restructured the section and fixed some references which broke from RFC2510 to RFC4210. Introduced a section on the usage of raVerified.</t> </li> <li> <t>Fixed the issue in Section 5.3.19.15, resulting from a change made in draft-ietf-lamps-cmp-updates-14, that no plain public-key can be used in the request message in CMPCertificate.</t> </li> <li> <t>Updated Appendix B regarding KEM-based message protection and usage of CMS EnvelopedData</t> </li> </ul> <t>From version 06 -> 07:</t> <ul spacing="normal"> <li> <t>Updated section 5.1.1.4 addressing a question from Liao Lijun on how to interpret less profile names than certReqMsgs</t> </li> <li> <t>Updated section 5.1.3.4 specifying establishing a shares secret key for one arbitrary side of the CMP communication only</t> </li> <li> <t>Removed the note and the security consideration regarding combiner function for HPKE</t> </li> <li> <t>Added security considerations 8.1 and 8.8</t> </li> <li> <t>Updates IANA Considerations in section 9 to add new OID for the updates ASN.1 module and for id-it-KemCiphertextInfo</t> </li> <li> <t>Added new appendix E showing different variants of using KEM keys for PKI message protection</t> </li> <li> <t>Updates ASN.1 module in appendix F</t> </li> </ul> <t>From version 05 -> 06:</t> <ul spacing="normal"> <li> <t>Updated section 5.1.3.4 exchanging HPKE with plain KEM+KDF as also used in draft-ietf-lamps-cms-kemri</t> </li> </ul> <t>From version 04 -> 05:</t> <ul spacing="normal"> <li> <t>Updated sections 5.1.3.4, 5.2.2, and 8.9 addressing comments from Russ (see thread "I-D Action: draft-ietf-lamps-rfc4210bis-04.txt")</t> </li> </ul> <t>From version 03 -> 04:</t> <ul spacing="normal"> <li> <t>Added Section 4.3.4 regarding POP for KEM keys</t> </li> <li> <t>Added Section 5.1.3.4 on message protection using KEM keys and HPKE</t> </li> <li> <t>Aligned Section 5.2.2 on guidance which CMS key management technique to use with encrypted values (see thread "CMS: selection of key management technique to use for EnvelopedData") also adding support for KEM keys</t> </li> <li> <t>Added Section 8.9 and extended Section 3.1.2 regarding use of Certificate Transparency logs</t> </li> <li> <t>Deleted former Appendix C as announced in the -03</t> </li> <li> <t>Fixed some nits resulting from XML -> MD conversion</t> </li> </ul> <t>From version 02 -> 03:</t> <ul spacing="normal"> <li> <t>Updated Section 4.4.1 clarifying the definition of "new with new" certificate validity period (see thread "RFC4210bis - notAfter time of newWithNew certificate")</t> </li> <li> <t>Added ToDo to Section 4.3 and 5.2.8 on required alignment regarding POP for KEM keys.</t> </li> <li> <t>Updated Sections 5.2.1, 5.2.8, and 5.2.8.1 incorporating text of former Appendix C (see thread "draft-ietf-lamps-rfc4210bis - ToDo on review of Appendix C")</t> </li> <li> <t>Added a ToDo to Appendix B to indicate additional review need to try pushing the contentdocument wish toSections 4 and Section 5</t> </li> </ul> <t>From version 01 -> 02:</t> <ul spacing="normal"> <li> <t>Added Section 3.1.1.4 introducingthank <contact fullname="Carlisle Adams"/>, <contact fullname="Stephen Farrell"/>, <contact fullname="Tomi Kause"/>, and <contact fullname="Tero Mononen"/>, theKey Generation Authority</t> </li> <li> <t>Added Section 5.1.1.3 containing descriptionoriginal authors oforigPKIMessage content moved here from Section 5.1.3.4</t> </li> <li> <t>Added ToDos on defining POP and message protection using KEM keys</t> </li> <li> <t>Added a ToDo to Section 4.4.3</t> </li> <li> <t>Added a ToDo to Appendix C to do a more detailed review</t> </li> <li> <t>Removed concrete algorithms and referred to CMP Algorithms instead</t> </li> <li> <t>Added references to Appendix D and E as well as the Lightweight CMP Profile<xref target="RFC4210"/>, forfurther information</t> </li> <li> <t>Broaden the scope from human userstheir work.</t> <t>We alsoto devices and services</t> </li> <li> <t>Addressed idnits feedback, specifically changing from historic LDAP V2 to LDAP V3 (RFC4511)</t> </li> <li> <t>Did some further editorial alignment to the XML</t> </li> </ul> <t>From version 00 -> 01:</t> <ul spacing="normal"> <li> <t>Performedthank allupdates specified in CMP Updates Section 2 and Appendix A.2.</t> </li> <li> <t>Did some editorial alignment to the XML</t> </li> </ul> <t>Version 00:</t> <t>This version consists of the text of RFC4210 with the following changes:</t> <ul spacing="normal"> <li> <t>Introduced the authorsreviewers of this documentand thanked the authors of RFC4210for theirwork.</t> </li> <li> <t>Added a paragraphvaluable feedback.</t> <t>Adding KEM support to this document was partly funded by theintroduction explaining the backgroundGerman Federal Ministry ofthis document.</t> </li> <li> <t>AddedEducation and Research in thechange history to this appendix.</t> </li> </ul>project Quoryptan through grant number 16KIS2033.</t> </section> </back><!-- ##markdown-source: H4sIAAAAAAAAA8y9a1vj2JUw+l2/QkN/KJyxDQbqAp3kfd1AdTFVVBGgupP0 9OlHtgUo2JIjyVCk0+c5f+N8m98yP+X8krOue68tyRTVmcw7zKQLbGlf1l57 3S+DwSC6O4h3o2xZHsR1uarqne3t/e2daFZM82SRHsSzMrmqB1laXw3myWJZ Dcqr6d7OaHuSVYPRq2ia1AdxVc+iYlIV87ROq4P4GX4f7++92n4WrZazhD98 vj/aeRZNi7xK82qFn8B86bOoWk0WWVVlRV4/LGHCk+PL19E8ya8P4jSPltlB FMd1MXXP01+zdFnf4Ez4d/WwKNOryjxRFWUtH10l8wo+q7N6joPndVrmaR3/ cfh8ez8+W03m2TR+mz7AN1dlUsEA03pVpjEAJo4P07LOrjLYYxqfJnlynS7S vI7PygKWUMzjzcPTs16UTCZlClCEP6KkTBOARzqN7mH978anZxfx90V5m+XX 8bdlsVpGt+nDfVHODqIBvTBYMwl8cfb2JLrO6pvV5CDeYNjfX29NF8uBAHUD wAT/wAFs3NT1sjrY2tLHhvziMCvsC1uPHObwpl7MNyJ87iDe2d55HiWr+qYo caGMCW/SfFZmt/E3ZTG9vUlWFUCoKGGbFxkuGf9UUPhPAKJpCiv8HsFeDu6K fCBfDi5qAHiVxiN4bFrMYIZnr7Z3d3fxAKdZ/XAQn67ybHpDX6/yuoRPvk3L RZI/wEfpIsnmB/ENL2o40UX974qHH06LBTy2KjN4SKBzf38/tF/rzo6Su2wW /z2G1cUfbtJsMfmfsLUZrmoIww4LWtOv2dlpdpvGH1Z5BThX3+iujnO66mZX /hPd1Wj06mV8lpS38dk8mabwTZlewyWFMd/7XT1/vvty3+wqy/M0WRbzrLJb +5hndTqLL2pEwri4iseLtASM93tdwDqHha7zf6e8nHU7tV/rTv+tuMnhiiUP /3M3+RdY4vAalvgl+4uy/KoAzKizuxRJ4fnrQ6Ss/tcd/+su/noyOBqGN/zF y9EO3HB5bvRq76X8uvN8tO1+ffVcfkWC4H/V4fd2t3f11+ejkfyKRF1+fbHz 4pX++tJ9+nJn/4X/dV9+fbW3p5++ev5Sn331Ys89sL+vy9kfufXuj17sBFtM 8myRDCZldZsNkrRj97cPE7iaU09iCQrvTy4uhxdnw1fb2z/tb49L2s3J8fEx fLIzHI3PBzvbo1dAFz6cDEfbw9Foe38Lv764PBriN8NXezuAEnvIIr47hoe3 Xw22Ry9oS8CekvIakUtPNL+bDfMMjvO6uNu6W83zrVlaA0JsBe/yq8yl3sNp F3kyj7+Dp9MymWRzwDwgU3UySYCsDOL2q0qt8fcB3wA3zElewcgrYDCAlhfT LM2naZzks/gynd7kxby4fog3ESg9ep15wDMe//lgRGQLsB6Y2Fn1h6p7l4i3 K2Dt2achTL4FfP4qLXGiLf4UeCLgef0w2tmqcVY4jfmgSonxV1vLMoWnalrw FtB0mCotLUie8fzxn4pVGZ9VtHpYSnwEIscU38KtfZ/N0gqGSmZAlJNb5OtV nOXx+7QGunILD99l07R6tg5gzy5kkc+eAQIjn5+m6Qympftc36Txzqiq448X x+9P/hj7LcYwvb6K0siyqLLV4pkMzfTpfTLLEuShfmtCqD4exhdJHh9l6XUR vPLn5DYr46NVuSJKEryTAzkoK5wPVnYKrCS7TvLg7WN4Jf4eyEhZ3H/hq/82 jMfz9FP8JpnPiCs98X0VHkY7g+1X8MkfQcbCC7PfjTI3cIjzdAiYOczyems0 gsu2vbMF/9neGu0BvwwQ4ETpIAC79ng7iD8sUwD/Q1Wni4oFPDiZXLBiEF/C sR1lJfxdIJlmkW8AYhjhUFLXZTbBq2GIRAyi4CJFlFmPKyxJ6g27TOcpUOsF cnX6rEI4wfybJ5cfeyFw9gej7cFojz6s4GDTCkn8gcAYnj+Iz2kwEG14uyys bo62t/B1HO7k4gMA9vne7sCAV0XcbjgNPIryBfzrCvgUfHwJIiTDAnbyUGVV vEhhu7MqhoHiEr4pFvEkq+PrFIkRgLGK70G8hIsFywDCeBiP9l/ub9MY7pPn e4QCT4DdhxLwJ/sbrxinBBYKOy9n+tkmDNoBw3UAvPgAZAEFXTdQ7EEFD41P LnZH64nYpMqGk1U+G87SrYsbEOhnR8W02joq7vN5kczgt+Otby5Otv7M+PK3 LC1X+fUW7QloD9OwNN+CaX7aHf30epVPeaMA+Z+mc5QLq59gmz8xZH/KVwvg UT954P6UDpezqwD3x/GyLICqALTgzYM4GDSWQe1x8aDmxPoxXVqA5s5wey1S v07hvuORXMFFSGlAi04OgTYBAD15McuBDH8/jN9m8zmQCqUVTEm+L+ZXcLrX zW9ptsuB3tpvj0/ibxeTN40hL4C2IIkowzFJ3m59+Ss34JjdaDTYBrR6hcD5 dgWAe6hW3ViSLkugV8MsmZbE60Bb2tl6uR2QK+AdxdUA/h9OTbgcrebt8aml NFW8qpCtweHAJ8lknuqZwQutU/IU+jJbuEU2vjq7AWlhGb8pZtdp1fju2xTW G78DHGl80dIT7JdHxeoaUAyuUwqSSNIcE0RmYFWwg9X0JmleyviwfFjWTILS M4RbPC7h5O7S4ELv7MCfr1d/ySrgeV7w2t5+uVVtb4/2ng/wfPZHo70B6lRv iitQifK/hU/uv3w12B3sAnF4uf18e3uw89MIhz2+vDgZ7H57djbc3R3usmwb Hqrc/N3r5ZIO9Kpebl0sU7j1qBQPcCNboL3BPPB3cDGdZFGAiG/x6/3RRe/r eAyHB2KN8IT4tbKVeHP8urf2FuJaQ+gAv9hZQ+7w4fjyAt6izcWjF8MXQ6SN H0GgO/l2eLGaVGkNQtzL9SQP8G2YroDC4D9bFV3KratsnlaI27sA+62qqHZ/ gvuWftp+tfvT4KfKDfvTHQC/RbGOzy9PL7aOLw8v4g/5YJ7lKVlZjBXl9evX JxdrYcCrD4n+8w4oxH5//fi70XAb9h7lDYVpZ98pN/Crah67L3ZU3QA9x2k0 O065eu71rOcvnMLy/MVzVVie7z93Ks/etlNj9ndVU9rf3nNqzN4rnWJfJj69 +/Dd/suAeb+BqzkpilvSH5fLeQYaJd8g0BuXNw8d4CJiOR7Gp0AN/uZuPN/N 1scs5j6zr54N4zsQPz8Ak5jeFHXwfvd3HYNcDOPvEtAygPMFA7Q/ty/zyY72 91+sQe7D80MkpUA/ga1/8z7eHrza298dvHoOSPkyigYgvSQTkHCTaR1F0eUN yC6zYroi/AJVYAqiHZBYFNyfbPjbPHsLnOFJlr9h7D9YwBrhKVBMYIxZegUI P0OCH9F8d7uBeDkFFYUIAkpMCzf8EC2CyOnvUI8BwMKSkylLkxMgNGmaR1NA CVhIJYwTB4AFgy4CSgdIHXUVV0CGY6DWCUiR1xkCh6YaE9IQbTof9/DFKDG2 x8Yjh+PesAnQZDbD0ZdLYBHEy/zKEV0DrgYSOKi4pLElBOXjfJosq9WcZzoF ARRkvmoRbwJD7MVLPg4VykFjjI7zu3ReLEH6Aq0XkaxGtQ7mgZHwQqSz75L5 Kh3GjUXOqwKens5XMz55tUDHFRB0WB8cCxNqWsgOzQc3DWTt7BPclx2cAu4o ma8JBGmsIyCJx13Fk2R6e49yJYIddiT6OQrFdIRO1Irvb0BDhD8jFAMyYO/D +KOMVheNZxFzsgUdP4CNNlnEyTWN3Y/TTzWuEb7BTS2L+Rx/Xygg+3g8+Eme 3osI4ZAyRsM6SIAk4/NTPFo6Q3M0gJswF2YDvANudfXAwIIRcIVwLWGRQnVE Jq+GweJ346yKADhlMVtNGfFjXJgMixdwfPF+OAK8BQh+6gNcMsRS2LEiVHEV HnmfEOoQdGyG601S3Yzn1/347AP8X5ndIVbRN8l1maan40PaYHReFPVhAl8y nGGAGvECTm16uwIB1N3UFn47DwadP/kwEGJAekEdAgDQZGutaxE+mwkChkMR Knkke83GBDu1YhgeraLmvmIi2tiGTOwW2Qwk3ij6CukZAZse/fmrCl4ajH6J oh/wjeNZVqOasJynaC6apbiWgyg6AuEEDv/k+OJb0AHniDs1HQ6epeKlW9Q9 EpEl4iOcKMwCdxrGJbUS3ovYueGoVaKmw4nZGFDI7wRFBtvb7X1XN8l8Hk1S QbwpYBygSwD+O/f+CO91UQK2KKwcjrm7DUgYbGb9PQeIjmNYDFoFiHzJULC8 5C4BMRdlcRjt558Jtte//NJavpAHvhhVe3f3WXXD6J/kt/FhUs6zCgYdz5IF 3EaQppcgHMavk7JM5/N+dFkssvhtAsSvL8a5sohPixzpep+2C9fvOkOV2Uwp UO/TnYOHsjIiCZPQMb/LgN3Ap0AfcrjzuJqrVUnofFfMV3A3UtQN4eO/FFlO kwzwAJHtwLsPUYK0fCDzwYZ/DFEsis4Yx5ZpiWoWjXAFxKm4R0xDKZEsj3AG 8HL0G1zuH+EnHgx+T8+C5ppdI6/M2cgFm8Ph75C2y5YQpKjO49z/FSw+Ihb/ NOfeOhYfGRb/NNZOdihY4CLaMM9vxAR1u6kyvYIzwSNJxPID0oNdbFK52Qk/ RWj95ReA8FdfxYeCyKfJLI0nD+42RT8fwDX73QaTiuFoA6gFvYxfAnbPsiua +KosFjwqugfgC8ELf6ro5KwO6DhxUyh/GFFAmQ5QBlQh0BlKAMnwmgIvoxtx j5bOhK/jFN3DOEOZ/nWVlbAtfZXIL+L9UkxF8gVA86JYoEQpZllEvbScP+A6 Zgld6avARIJGLaJjwo10RBhCx9Tt6PrRvJup4cDxWeRDQitmjN4JEC6gYg80 wJj4b4s74/yePfYBcZdlilIXs/O4mM/0JVgRm99iQ5tBiMsrYpNzkCbmbq3h d0vF1KyqViKKso2VMCWBo1gmSDxhDodudNLIw375BYnMiu/SpQ5a2fMrUwKi 2SnIK3DJ4FAb0KINBJtGyMPZwq/E5WI1UcEJLls3LP2kIKZ10xZZEnZbx9mF 7Iv4KjInrBhwAwAFSgOMvMhQLHZzwMRpDmNPCVlZgGahCyZLPy3ngMiEPzWS Sxi1QvEtUZgiEYM7puzF3jHk8o07toN3zLIjAjY+CNcKZ8bvQKhBoftm4b8e wdcsEsxic0X7Kiwp2jRuHohOpRifA2EXH32XXd+ABoH/pbiDM7liOuUuDv/Y TR/PZkilAeoqO8ZGdkQyeJeUWQH4Y2RGETzT4fWwT65VVUci1WLxciIkpoEm 4r4j1gTHQipg7ZitWob5+sNglgTfFOi1ICEF+ViFyhC+miGtIZjisvDdBvxQ BKn5Hh/rHvFFZjNLnXGxmtcZiFaEU3I5YJXTgqTkGctIgDHAyOMp8Maqj0hH IJgkNYi9S/QrVWT3w+G8PPqb+GOV8qX3Oj/wsFMhSRckPSNnuugJ4X/xHC4u byjUmGTTS2InSFRBgUeTqNek0DQW6FK4C9AzgUk5qTzUQmKWrmClcfwajc2A HYhtKD6BJoRSZo4HRQcKX8Bxp/n0gYUXWWMwIRLTCaq1cePKz+dxMZ2uSnKv VcQ9iZp4vc5Cn7RPoDRIhmEosaASI8nuECUAUxENeXL3htdX+zhay14rbhCW xsLpQKkrporJSxBiljclHjWoowXZ6okbMUtFtEpYDDPaTtyp4DJLC6HUb6la lqyiYoMCWEAlYZhMdPWKSS8iYzAjHeL7Ag0w4ymI1axaFo7ejJAgOPF5OAIQ FWi93efTxPGE+TbO1JtS9HQdu0txf7Dgq+SuKP3rFg7u7aFdCTzLQpGdDiU7 P1miCN6CHx1fMAusguwX2bUYR2DfTeDgbfyAs6IY5gQQ0UJjIK1zgj0KZhjy saoscaZrLxTIIhqyvTSdVXzTlGkSmYFHb8hqg/JwwltSzsBfzwoYMy9qR8iQ iDoeSEuzr/CZk3wKd3PlmAYu5w086y5VpUYTEoZYRFB3xWo5RQ56DYdf1YO/ ggJdrxZ+FiZanjV0Gh6Y86O3EVjPuHHvkhguHn3ODK9Pm7LkXF+tU6Aw+ASo QYE8fO7uInA5eHDz8PxdT1XqNjUXzFUZDRa3HG1PS29vAE4Ff8FWFnzzgXwi slgyfUQaNY/nRU4PfBVgvf44He4IzyeC7MgwTK+X7CUuy4gABrYaPMFUdebY vLyKksNvaZpXwxd4b/2fL8M/9/FPXIX/aMSaQ5fqQPhxJJJiQ7bZRdlmnQHF 6hU8m5N7hvFJHRLylhKPU69R3A/ZQBfIUZXTA2cG4CME+BDhJ/wY6PFaowvJ jmLHtGtfKxDpwchku0NQqIZ79AZTZr1tSKS+dR49b2IN8dIMg2gCklLCBFmQ 1aI7i+YJcsaHeF5ci+DgxEUaaa+1mDV2MSQ5c/HG36VMNdhqC5SgqDKWhUEC mJJuRrdcb6y9ycMWTJ4TTECutMbghiiFBg0Qwk69ykWLYlUNTaeqjboRd3Fj 9mYYezT6VpHT0x9dDJ3Ym8Bn16GmjL0zfIWX48rf9YaAZ/fFtypcVd+Ol+rf REVpNDEPXzQ4nh15h5CWKYyyTIA0n9o4z4010/HQ7oOlQU68vWzmNGykpbrB SXqT3GUFkuzpPCmdAC5WAL12QJMPm1fDLBvv2eWNuD0yPVtAK0TbSyHbZE7M 7IIAO4Otj+RE6D7a1aAahlbfC+CMgERvxUsgnzpb8OfGf7UWcToPxQlvj8mG bKLCG4lSNlnWVfZoCJ8NtocSMho/U7WRr1/o02n/KCT2z8M/X3XQ/pHQfjQ2 Ap9nPz1RXIqZzWQuMTDv/MIWT1T8MIi9ijdOP15cbvT53/j9B/r9/PgPH0/O j4/w94s343fv3C+RPHHx5sPHd0f+N//m4YfT0+P3R/wyfBoHH0Ubp+M/bfAu Nj6cXZ58eD9+12FDQ8sHi1iZhuUAJMlwZjjFN4dn//kfoz2Ax7+gtWs0Au4o f7wavUQCen+DpldGNuAf/Cfg50OEtqukVF1lmiyzGqSoPtLT6qa4z4l64Sn+ gJD58SD+7WS6HO39Xj7ADQcfKsyCDwlm7U9aLzMQOz7qmMZBM/i8AelwveM/ BX8r3M2Hv/1f5OEfjF79r9+3HLFlOs8wIpp5aW0QbZ0Zk8xwIHCiZQbuaIIn GuAjnu8ctUuQFeDW3gNH/j3QyYN1Dk36+vTs4HNGX37u4uBR/ZseOn938JgQ ys+cvm4+xORXx3tNcQr47PExhqejmlLLcoGZHTzmOaVnvh0frJUw8IF35/DA u4Ks6p3OYHzodHx44JbUiFg5LGYpPgNM+uARizo+8eFMop5AbYrPHKXE73AV 6+e/xM1fYsA7HOfxJyB39AwQ5KwschI9kUKhscYc2QdQiO8ykEaENu0KbSKb DoyFl98tcOYVLjZK1MyN1S6BJowI1aq7bLaCeww3veBRkhlgK74Cd71mbwA8 w74N9GDK1xxkF9Ggq3xSrEisY42UlTYiIGQlERc5mQOKq/oekVlN3/1osvJO bBQ2jZA89TpltZrUoF8sYOrklmT1JI+CxaCW5Iafpczc0IkJ5KpMAZ9IipiU Bcj6ZYQLQ1tpRbb1bJEB/50/oM0OhsumpDyGe2UATsmIiwbXyBm7K55kip4s 8j3R/kUfFbMlUEZzlmqc5YutpBBfcfYSiSGyMRGRxER8LpjDBEcM2W6VfkrQ WgXUOlq0V4F2gRvCn1VFBIZnWRstEWG0BDvX4yA8g0Ekrm5imsskK0nhrqpi ikahGWqzbiP1fQFUTA6ZDM7xtISbFCQwkMiRJjBmgX48dvo0LscpXNt5oLDt ssPnmxTeTkXVeiDFPoGhp0BevNjL8ZKVmr2m6QxgCbztHr7KSiBuTLfpLMlm mlG0yl0xv2Ni3rCrilCHW7fHt4lsG7iBC65vvKYenMrdDnTHfU/z5vE1ZdPB r2jkcE/CkCCXoPUXVRYMoi5QKDbCnIQ4cKwl3f0Ipk9Rz5etEES/AglcpdlK bcXH8kQTsgzbyyeCQ5RfAZ/M+xBvZsN02I8cUEntAjq0cFYbZSNktAHkmPW8 vGxRM/KmdR40toM63KqaAyN4x5E10xsjPV8KokwkVq3bHpsSAH4Xq8lf0qmg keNtndDz8EN8iDcqfnUDd0p3kFRBMiNd8dl2QynqhFIfjxk9y0CAMSrN+URk GryB8ut4Xr+HJ8S8h0qMhQ9iH6Lefepc+zMAFdyiFfxJJ1cXRMXy2ZYlv0xH HoJJN9kjkIAKD0sLVm6dqaC+z9Nen+eczx0NDQAV4/1Y4gsbw+gkVzNc3zzp EW0j3jw+hhHhhG/YTZJHDuJ9BJv3GQTX6a7IyKx/tSINyDFQAlaEkAUAoXGn MnIbvAjUP2W0CzAebwmdK+4r0kvhWOXNCsCA2+Uwh2TJjBOvYz92TNJ+jAew qFJAy0qhS/Hfb4+3Ts4A2XrIEmecAqQPABGpaQakTTNMlsnwMAo0nMw1yq6n ptKrBJNI4Mmr+SoVdpxGnnu5Ta53zMGGvmYKLjwoMlvwGEOTAUUuSNC9TeeE 57d5ge43WAUpI5hAavGGHHOVE5CdOx2PmJ3BHqYoyrw9iZrer0zcxgTc4Kj0 zsAM/jQfKBYC2X+dLVDQ6b5e8drrFawfTdVNdsd3DleEkUigUpMFuBOvI7og yrYttQg2gqIdbhExbQ0IMDYIhgpeE2iyOp7yrUUWQ47Jgn3OmUk1GAwiktRQ ZlqsFn3hgKgaIpSEuToLAe+JviGyczjmKCtUpCh5CTFAZOSJWDJ5331hAgna 5J5VNpZyEyCaRFeUcUY5C8ppzTP3DF3Y1/xKAZ/6sCsMbHPhUOm8Sul5vBEn iL4LTdqrQI34E1GnAEAYXgXQjciqhshMuEirF8DoTQy5IewDIRXIPUCmzV0Z OMeHgXpP4mwoFAn2KtMz6UScju6SknKhyL5FIe7ETuAupuUApJyMAjrE76n6 X13cYmI1jR3ZQ8bxGeFJG6A999056ewUOSEUFSZDAEbing12/KgOFG+CntTj i4l0IEdzxhnK3uiXcokHwRtnF8ccxlusrm9Qz/KiXYnGv4dCxIdqWizTdgDb prvigA6orqM5kAha7llOP04BXikKdj3kZ8R86FgwE49s+zItYQGsgnxOqvsj NA4CPosbh5NYYqUIlUn7gFapt5GJvRVRbpJGeN+d2LFOSG8LHTsqdKyJPaAo aCDjDzHFOj8QxQDauyJJYpKSjRy4xQYArZyRIA3MlRCrdbTsOwUAo8oKiPSH VUbZuLUYlCK474ykfvx5we4pOiAiDDZRrolAKFhltSpMRMKukywnySEUGg7H G+tkKUu/I5Keys/IQhnx+zxFOpiwq6ApEzmmBmC8ScrZPVvnkGFawehw3LnW QLah47KfMdAIjk6unhQYFJzHG8XVFWmNG14D5Lh3/C5vftX3Es3h2JJmlkc8 FWSQRV3De59qP74p7jF0CK8E4D4aEBD9M6WacHMjuF90MxmIdLXLdJ7eJeKY QSdlNn1gORZv8vdN+Igrhg5U3cKee8Qd3CMiW4HBzq/10b6QbtwseXvUh8XB mIQBMl9kGIgwRgm7AnkKLeUT5Ekw3XITpSeCCS04Y2PIIoUtRrhmAMeDGjXU r2QQKsPFsExVF0taQw6yYQbEBmjLQz+qzAhydIC+ZGaToDWlxgoIYREOdBFe bQljhpOQF2Ce6Q3Leo7aE34UHAgO+1RPWRRei5OcITHNSiCjyE5QUGRrURyK +XjLI2K8HATLgi0K3SSahyMAkvAbLCTF8kok8bN4rPEyRYSznwA9AGqMPo4x Oc5XOX8LyPTeyeU8nZL9iiROILYufdt6cdlGq2gYMRoqjBETYZINC8INm7zh oC43JXK8BmXuLF+5jEiP2ljyYKbm42RS3FlPUzRJ2dBk7pAUE1A51GYe8H6n SY5YOFHf8yxKkyqjEM4xKVUUDoNnhPNnaLtO3YUiLuBwVaKurSKf5ZHiH+zy A9N4MtmZYZlwySrC4bAIjIp2iA+1RGnQxdFgA8fv1thV2+yOHPaAnBqhJoLx wMv9GJA4BjKAZWjgKydIVDEqz7rVKP3EcV1CEh7LMtKAU8cVozXsWeU2Z8hx FzqIGjTmCLgK06TE2P2VcAES7WgiCojCkDz8F0GIgoKwh4gNQOhPu0mnWJip z/Id8S2qBQAz9d23XbEonOyRhKZyFq1RxKco/b6JESNfOkUG9SMW/inqnaWn hNJhE+RizkZYGaGqlaeCIgQz//MxsYk8VpeM50QH5KxS9lzUkVyKvqOSZIVc LZxtXHmbhypPAdKLOxZQ9dYquaER1wktVh4aqDwUhfKQlVWM9NAX5cRJF31n jNXdi/xK0gTJgSSzxhvnVm7oBcQOwHVO2wdaD6Q3ZIZsYNQUCQaQvDafR+dj 3hy536d17NWlQFV0+hg+f5PcpYErOOLhyCxEMMd7VbFre4ipzfdIyL1V1oo7 kVovld2G81Y0Y0YokQXqmViTnY0xSMKRuBvEE5f4dT5uiMXOhsFGWCDchiAZ +w7D1kPGSXfWGk5oGTlrMHJRfntRsOKBOVQ5DYYXnRJa6HWvQ+LXIIjAePNK TEaT1NxXYhlTkpo6OXK/YRUgl4Wr4JF6uYlzzFBAB3EuV31ZkUiuVdOxQKIe cijQD0KDKpsGA9g2lV/aM/M0PFHiAtH6tXmxx9nqQLaHdd3QAFY6Uaax1mfY Zht7yDbGa9+IN99+C4Qeca47nNrVM4CjAfSPiLwhN8fYE7h+ResGjpm4wbgu kpc/8R6UOkIVuLK2DCUFetXwBj1COnH0dbRzGKg2Ra2HHHGgOgUa02J8qQaW WdMZWZufQmAjJbCwEEth4ydQ2DDZGLnqekrb1DxPOPAZs1jrpLqtnLWJk5rm 6TUHCxUqgzrfWV+MA/wM7plDWYOIfM3sBAmL0vpcyD2Qga68gU2j1u9hwIrS 6gM+g1nBV5phbuAdMkurVWH8xWo+c+EypINmC28nJsMQ5ScM8IEYg0NyjTPC hwvK+Jj7yBtJM2Bz8Ndk7iF6guKFfxuAc10Us7417/LvFUjs9xotz9fZC/nO xSs5E7r8OcWX4AUuliDJX6EGCcDPyBTj1PZZ5LIWGGwnV4qAeppVE1fRmI94 13c3AY6L3eNzNGGhlugoy/lYqEbTx3jOeh8JiC264WwrXiq4zpB8EvVcpGnd CKwszWgU2RVYZmEFo2Er0Qx1DPRHUN4hA0TLD+0/398bvNo6ufw4uOQkugir /nE5IDSOjCgOVQMFNDubaef1irzfEiBKGqcjPaL7YZTy1VUqvAse4MPUx3iC Sx9tTJHexLsTTaRYKz7JomCK23RZ82mpsdQSecq7RAv0kjgafmeFdnifeRVW AMNL1FgCO/RYeeI9U6wnrAMAsRAYPb7IBE+P4C7bdG5WivMnf8rDQMHeMKr6 IHI27q3PhRpGYlZBs4GGQADMCaMwNhEw+ZzV25CJUkYTGr6nGXFlXCXRJ0rJ j80SQDtDcs/hgHjp0MCqp4k2jCdAQziFd+62yBXliiD7E6HIrHaKwkrJNoAH vp64H/r9cAzixdvUpLZQBGLyIMnmmCjjbfOsNKpeulyVmAOiLmzMLvQbuE/p 5nO4cZNKAHfkFBxEcVfHIHacGF1UGA3g1G2Wrf2e+kxjyPbwFPhprIdn6gq7 MMHrCeDLFR8UfjDCkQ8BaHgukK37AIFA8SU186YACCK65MoKxAxBPqkE0OlJ tyXYn0/ep+09EkpWUUJD1aO9KLkMNA/KaRQ5FujCAiOCVFN1iGC00Ubyk79e Qg1nBUXaqM3qPjH2NSAgQD/QxIfsKqOaqUldJ9PbylZ1UILad662BeYUkLUu LZ8CrYnTjzivjtILU2LGMOWGy3rd8Fm2SEg0IxRN6KzxUyJuks378ZsH0GEw rxM3LDG7Jt/7zeXlWa/vIuH+sEpX+C6W9lukQMh8Umy8efqHy8se5qocAgLB WsiVMTaeXJNGXoxxWAoiFYsxOZ4GZNdiULw2Wf2IzldNFcHnlZd0qkbwH1Ie F6ojIf3zNnK844EqC3gcJiVxoITeFlWGuNjJPb6CwdWCUunsa36KCVBNRCEo nkgOAzIaV+o6SWaU9YzZIXQv6T3jsEYsslloRIKXqjewGZxtq8xoKfq4T7G3 TNXcBdi0Ni3kCxXRIYm5PhzDRVL8miZLRjDEKEqUZkmEXU82b6lq5vmTP5zR vaYEVPbbNMJ0CKhkg1fiIjJ6UntoxptYJig2QWkKXJAEy1qMHQDObIbHSubc mX8d1XGU/Igyw7jiMsD3QfauA90cx3WcCilshfZszDlEoN5nVeqNYGkzOihe AVDnQkvYwEnh7hSwGlPyGkbopvcYaY3mMZJMJPEgT+/nDwNC4nQWN5z+DMGz D2dkOZBE0tkQT5tEbMzWCvhBc2nw9iaZu9h0jFoHKsg4ZOA45IB3igNJiFWH lyCM8Wtn2ohMMnohufLNNSheIam9xZO/QokCrw57DgUewr2Oj2XvtPMpCv2Y Hih2aQcFog+gCZfJNL1aARWrgN9gUNBMjNcDoo+EWEi38yIf+GhOxHgSJEV8 FTGZaoFsAjqQKkZirr8WwqcQM3ODWJlTLIT7m1nQ2DkQe4c6KL0YK7VBpFpG QpEVYVTJjMvn0clSHAOFouWWuWGkArBh8mK7TH9BLXLYmbAHk6/l9++2qXIT qq8N1ZzKMD6EF92XZoSBGMFIScSSDW7OYUwhbkGQSeh5EyzH1wSEdCBfuhr2 3gQrUQAYj+Wmi/1h4yLQJhZ1WCMIlmIAB4e6QR5afHWDE2iarmwk9oEc7/hM z2s93pzB5h224/Wd5tyUwJgAGsGrz/QZhE+044E8682IbLYVh4ETGsz1m6Xi AFNTStvQp05UspuY0hAsCVPpCFg4AEtC5NI4KO6LgGKzYC58V9gw5u2i6NG2 6OHadFbgc0Se9FU5AsFTf/AiKJq089ZKGOTfq03SzOg4V+h0DAqzqQJlUOCO M867lk+ULZmxjz9dsOBD9MHkRblFlsxHiaFb1Lzjqm0icbILlJk/mmiqG44/ 0FoSIHtWfQk8oXoJkkTCBRwCwYOFI9o0xrBbuxLm+l1R8B/WXdd4YyL57KnW bC5b1UcMcH8coGIqcbSHAb3vSCDp2TzhLqvJBxcK2LKZ7KrNxJOvWZbANVtQ SlElrJcTQaqbbBl4Q1wQiO6BVZTPxFj7yES5UHOq/4C2eSbMsgAXW7DhbtxG R0hg4iBYpXXUrrDhDJdicGK9kQJdOKKdF8mLADKHwjJB8v+GnzhJqjusj/Ov g8HgX6k+JJ7+0Iky8oNfux9+Lv4LvPb3mP7320HXD37lE3DgD32MXjykl/3P tf2ja74NEwexQUOkjSEaP3+P/6/mR1htmgsC/T0uP/e2fK0+B/yofuydhN6Z 0O/WQbHlAfWE6Rpx5/jN1hNfdRwQSCFKMA9fNLF7m7l65yGtezeQaf3r5/g9 4uvGx4vj84uNxuvf6euBW5fIDb3+Dv7XgVf/OvjX4F//S/DjN0/0Yvx+/O3x 6fH7S154AzXgAwsseOzk8uT4gr+0B2s/8Hts/3zX/Bje6ERaxHvdB/49azy/ pOeDG4azjumR3/r39PnCnslQx5J/+Om/2+crtx5/5816pnrI+nz2OErEzecf vTIGUt8116/ACX9alCEzl7mbDsEPD3k45gXKh7+nNx/sfDefna9NheIQ4A3K qTDx+Gb0rvD9w/N33W8rMD2RfuxH4N8M+84KLRT/uZ+UhrhqD5E+cQBLzRw1 ePKLT372uyc/q/j8xMeB7o0HO18+OnJUFEG+WoHqtrzNfBwQlaL+3TOb8PQs TkoqdD4A/e46/93GPL2qyTGMPP8mu77hwnR9EQjI4WiyHlCeYmuJ8el0lkwW wYCyuyhlW6QhkgJA1EU3fFUnhHgLinMhP6H7jAVbVon6ztWJkYhctzH2aRES eB6YYpWBIn5jiMAnrdbUkNJF1zm2UV9W+z1oFKzihBgprCExlHGz7LExq9iw QxDkxFfMZYgqr6HDGGSzW1fIDAFmL9VB/J0I1uZwfDYoSe5qaIRNAxgbpnes BUeYBiMrqALxYRpOpxWGRJXBOB5BVNJEm7Go4lFAC7aLz+Fgd/KCHZLCdD7u yxhLimwUJZVc7tWKYdxMK2nkT8r7oXaoQWgpHQXBRCPiZeliZeLoFR6iWlEK yNVq3uN9khQsa0mb2heH94lZA3+8m96hQl9wAVRJdXbZIYzn1w6hgSVYp6nj LbJt+YouQ3n30m6ONHQKo3Dpcqgs9zXZzxW+k5c36FZt9NXYbw3uGIAUmoNE tO/YujMgNINomqYHEwfFQziLlcYtuznhejsTubllEuwgFQllFLak/C0ti0Fd oMtDtUEKg/0Gbiti93JJVXRA7wVwXnCOC/vk9KeZe/zN+QVmH5PREPuZYRmz Ul/9Mxb3vcTpzAiUXI5qNE61efHnyzN9/flLtjkW8rRmOZGqPM9mbCe3J75M 6hvKd+ZYNgyc6nfhnk2ONKXJWpA0TlG9fc41KgShIZQfxMcUq+A+tuNreUvn bZdBRdEGVMWGfDI3E3QdR5wp/GGb4Qe7IBO8X2Fb9D/AcKOAPADNz0rGvgdv oCCEl7Aqso1doan2hh0GErKfqSbuU3BuEiUUEmns12KtgGYttGFrserbJznK SMlXNyS/9qkH3vFgsvOZDeKPskIDoLYgpmzpIP5AIXfesoTQTTQOWLfZFMPY Mp3k7LchV/brDt80klklqRIv0G+EiLAdwwgLaCOON1ozbnA0WhszrMvGZSce uihSfYrTXjgkSsJRp5zELinNXG8ALj+2FvLGaAUBG4wFeGSN9UnYQZ1SLY8o jiLLl+z6nlUaHuqvwPr0GxnChNFy0CRCTA2TTZhKXgFSlINHTjLjQHDy78Qb FL05EMt91yFc2X3IoFRuVwFc+SQnt2rFV1NsAuuS8TTV17LhcBllsn4ZMrBz cA1VgInj35PfLB4dMNtvZhZQusLaAUkONn5YlV81bakBC6nkrXz3vUmJbqTG +MqQRODdBPj+thKi6fjQDu+b2KFhVP3wmDyfk73Q3XC36Z0Dcqa2Iv1tam17 730YkIzjEiAtY/51BdDAYIR+LCm4ylnzWQryXFGoZ6N6yIv8YUGWXdzYZ5Eo cTZZhTueUnM3u7gbQ4w6imYwikuCjWuSA/A2mUZ9ECjQi2syorQiB75OeLvu cnSU5VCaivXyB9qSQcrlX2WfhFdg2XtfMV6zYBg8z148G/7YcRGVXUihFhaO qenRvIPsSWFNyS1CUU5k5FauddTQGNItVPOBlLCFzigNB1SAvaF3oE9pnVrR cOA2EntJ3bK6RSDJ+FexQRKt/poyclgUrkFXdG58/Fm6oocBF+iz74mDyKhE 4MqpjAGf50BezROj5zdsrSr0CkhKCQvGFLku2qwysY5uM75UG2awjna1ip75 jKp3wtLs6IW5aiqabr47Gp8Fkaa9jkKY0quXBU8p6f8K5FCVtShVwnkkAHnO vHHfZ4N5z8EfdXPUqIniaG0FdisLOvuQHty4FUNhvxfUO0+fhmkWz1yBDdTN 0JUUKJTIZDfmoBRtkASLtaYMmrWM0LROV/CXIgZLLepzS/Ig0CuQi/WYXRUP fBDVOOPpokWx28nVnVaRp4cn7GV5bCgED6+WGoLTNzFsXDoIH4HvOQZZiaEr I6RysmrIGCsjgfWc2KtCsWzUCxqVnT3YottcRbqjKsQqH8DOrosa41Ow/jUG 5PBiEdg0EAicmCiTUf2SxLpZ8UfrfavwwZfO1nyi8DM9GIcgPort6SjSbeGI YrFxELJiiLkk76AeLR8HRKlt+T/AIAUNgMeSj5SPD8ILqHGk/ON54Dk47iVU 2rnkRQZvJ5rpVLJxDHuwO/6e816c6OFElvBBOUP0jhdC9uGBPmsj/PfZyXvM NpsOe49WBYji8LJzslYhdJFtUBo6t4ks5Dxdyt894qdoSUry2HWJmSTYahZp CJ6zcUQGmalS9ytMLiM5Ce1hVJQxIb3ehRRoiyyW5wIH52sJP/EfkryDvnNM T9foPCWywFCAn2fpnUZaULgAI5NW3ciqRhcKV6VbMqMiCY1u7aRp7SDTksmP x5ITpKutKMBmYaJPzflyCYSY18kGU8x8cYU+bh4q1O4jSXGU/AGA8buE6vwr Z3LHKMZbF7TtrLSN3hME3ij0H2tMpT8tLj+e36UP8l6VupuP5tFIHf1B1K0Q Hj2QAxMv2VdAHnBQZ4RRm8Db1vblojoRf7i8lPi/YnzmQst3MBYMIfz5ShgU JKDWJsfaNb0VM4fHvj6NKwhrAEFFP4OYQz0MBSh25XDAxpqZ8BweVKMn4GSV ESmr02sKFTUBIu2kVI7GMcZkm0YGFD/31WqlcZZbgcNjjQNFN3+GylhQAQV7 VGN5GXdFwpwZIspsNKVyIBQBN8QkRzJQYMUKV23PJWGolTS5S6sZAHXJ+Q6r OkN7FGOfadFl2l0X0TVXtbLJDrHrN08R4WjuQx0GBCXuOGZGIHiVVCOPeX8V NbKJmm0nGkkV8Clo1vAYuUOc7OR4X4WR0toQZfIgtsfLdxdi59vbIwnwyH2y P9p7KTIhFbHiT1/u7MNzLODtbu9yEV+qkjnGON+lj2s/1wKOpozv3i9UM9CE O5wEttogMmXPF2dj4zxafY0h2/s/AKETiqAlWaShGviIv6AfQLefA981GXHO 28Ht+JplKqj3A+ZICbCdPU6T6r0BmM2VuHnZcZC9vhX4ShpQ0IwmYRZEjjEU c6FFOcVzpcWnhCKvzQJtptc2ahBSTHfhmBHqrJii4hKGKT/Nx/XNVk4dKkmq 4g4H2TRLjVOCSl04RulSJpEGS1ybD6+qgiU9mLw+ygoBMOol1jQSakOucWuf dw5FAfRMK0hT4SpgrcPQbpJSEHi0ITNhVWhkSVTBblquMIv5AJfGBkODmUSm nPxFfqioEe9mS4igBnGTzDA5eokBzsitiCZOTRFZwNh+BIwNE7ZuWEXF8OLs Tguvt0vmu2hXxHbYMBVRbXkhxAmBroTAk4B1bAzXS/JskQwmZXWbDZJUPA1/ vjyz7gOOn+faCEHuICATB/ZJHF9q87e5ejkyFV4hpXB4lW/LdA+ogtQPxBCG hCBGliqL/dy5R6FIJfjFa+DKpazKJ5XtvoEVZ/jTSPu1iA5/XVADL485/i1d jHRvgrVg53jU9yLfoIy0Bt/ShQs1lRgun+VUAyqmpo33XiZ3/eV0fCqq55gW ReVKpr3tFUNjsoWNKGSO9Wowf51uwz066O6dsAernSRzsnlpIODVPP2k3Wip dQmHz0dhvC2cjHiF3NF4KhQC1DW+cfuYzUruXRWtSZmyDTSV05k+KA536c+Z aasZHjpluAH7QATydQsDwxEWUbtP8SxcIHmjzVnc0eYMR75aYacokJWKRdtz FpRqpepNAO88hWs5kF8JNCfFZWQ2js4ILtvMaY8+21TL6TT70HNQarQoJrjC nDvJV1Jpp9W9XUJYzwGymH1fKNOcFShSkZSIb1K5CS+hOnm+jfGuX6hrVMYF pqQwzb0zJjH6txCli7GFFF6nkoK6hyBwoWUBm5zNmtyVpQwqTsCsWad5OoPW OrInXSGvKtY6orN0zRjDLMiaSvzZFTyNnRm1BglQK3OSHS8kQZkFSTyvL/Tm mVDErnlaZIv1IdEZAL5QE6rGYh87EVfOmevahZmjzuATsR0jT+cYeg3qJAfv Yh4gyFbLmyLXChis/3G1ce9Hj4mDRaEfvcXCOlhUT0q8OVVgXmjSPhHQRgnZ h9BMdqip6oFsq0aJD1SWp1HgvgOHXOq6auwOd/Q0OvJPXUoXVUJLGuV8uVqg nzglUxkoV8KfTPI7J8iTkBzZN5ir8BakCppbV0fJQS1Sh6i2eTjeOh9LIZQ2 pe1LnmdYzYh6AItNAbd7XwTOZNBvuS1k9bDA5MhseuB6wcp8LhqnsTKxVALE SyBNXFtu08ctN9aBsVa+bRZVnZJXVNB2PctF/XSj9mC0OyA3rbp0tHwBvV7s 9rRe5hCpPiKPu+h/Xsuw5IXatiQGJh+lmZK1C4fCv8sTpFgo9pLjkFquL7a1 ZBrLVPYKCz05Su9OjuIfTo6Pj//zP15tAyaPz3/c/Ar/Hsqfg53t0asep/um kpUUBNO5RiqYmFmSQwBWgla6FRuFOo0jdGdX1a/VA4RLREH+p6be8DURYx9f x2cGlwa/79QzH56FJVI6r56YGUcHWPFJqhmhq2tlOo0ajBBG8KxzPlyIiVTy s3NCPtXq1FZ7mNLiehywTE4JuQmKkJnqkZG7fVLhEBPcnSoxCPO2fCRBDsfJ rnFOOOsOn6Jy105jDerr6UVs3wcF2A4ZvZ9wrp7XuGwP1Nsjl4P2OAVrH5xe 5qh1mb0fBlsys+QcYyhV3XMs4Z1Jfw+rGXUwAS2W10UuN8JCCRtc3xeFB7a/ Ot4fOd6fZrUmksmxUYcypgm+OCmFpzmfFPdaoNEqlkS9iX3YiiFw9jpXggK5 ENXNIddEo7qDZO+7YhNfM85zFrNbAlqXUaKMqEmr76vqRQayIWhefDprizGu NMfhONLWcptsKk1rDFlBVUhEZVxor7lSMRVtaV62q7cebwIeUAWftuE2OLKe o1De2F/flKnKGagvZV4idkIHRYA0Dvsgam4vcWUuAgnk0DbEhoEuXKBo/Dkp lkpuvfYxOo2o3HUhpbqiyPQgxrT/klREDazmUgWTBzVTNIRObIGNDb2pWQ3t wIS4sk1j6bwLplW6JhVugkYjyWIda+81g6CGjaRJ0P0bncR5Bleoh7kvRm93 ki3Heuk8/F8d7B2FVrqVREF6WivsmgwZKO9oFcAASQ5M01bHSFi/+bxJMb5g hah15r4UtepIUmCECuxcsV81KQEQ3ijxBfpXHB+zl6liu6AI108fQbHnChsb tbpiRkR0p+oGGjuvMxUx0A4+BEsdz4ZHRNItVWvUUMalSqVVw3AQW8NBafV6 UwHcUz0GeBve3ZpiQ8kVeyITFBqIYoI0iZlyU7nCNdlXsBSOK3tC1JFFZKug MTEXPYZBTZ6xw/HX+GheNLWODrlcozbpjRYzemSKRrW1HW7P2dOZOy+emW8Y Asx1CwIkCIFkyjQ5L608HbnsC3zcVMSgyNIW8xAh3VKBSP1RtSS9lqlWtm+/ fNEp+keGmqBbje31rpZVqEW1lDC/E7HvildCojxiDqlTtxqXQXG4+U1SATUa B2LNWhzd+bU4+iTsMxXA8bn/Gnyz/YzWI1vyCK6hg5LKBLqKdkBPlLQ2utOh GLd5Mn7bU/okclbi1VIh9RGVwHEfWnVM9NGna2SMaWid4WAeTRsJNCmNa2At a40KFRkVymQ4P3bLOG5i2pCM/cknVSQJUwcYt2ISlJ78cz7eouyk37mfp733 O/ujWQ328tkCy7i37lPVN/3hdqr/tErUu46PUdF/G6AlfHBoJKbOePaI8i1E l2dvJKECTNnKpeMUzO5xYpef+YU/UuXBL+cLfzRv51cPwOV4XMGj1gCcobqu M8dvNXGZKicFw8jA9pI/BlJ60GG6+fZXw/TRmf/L4IKrTqa3IPOKl6Tnv+2A C2Vc+uKmwLeCTAFT1qibPF5h7QqmAXxFKaaEiw3Rp1RkSYlXQM+oEJGzEkjc K0mwkS/9RBXanOuGIwqwgIV2P/Y9PePNsw9nPRLXhJBiJlTIwEiDPuvonMzv KpNaWzZYrIgRwwgDBxqFgmk/vgETh1k4sh6FFUgoQporkNqiPUi3naPXV3zh WCGQTKn2WaNsNCyf3GBCiGhkMZNh+YsJlQytqLoO/IPVyTiR8V9sTRLq1SyC veoZYnzKfCFajk1HtQzF9g5YcjDy0HQ+7Yx/9NI2l1/FAoGZl1ajdjQHGzrv Us27hKNggU7wKKz4IgkuCAEcjlt99ppHEreOxNhD8HufJZw0O/mZamlBIyBq ls1Bts46jeW0xPVAZaTk3HkTGblWuQ4z1XXEZCk0tqcYiTLlYlwaf2Z4lxqz krmIt9gga1U5fSXypWTYptXDwwnrb4deIpcV5OrgoOMlaPgSu0ApyXvxrVG5 TFa1hQXfiQ6Y9UcSTSAr1Q4Z3viB9inyLXMYC5YMo5j2woeCm652Gble400X qjcH2JdFDqeGIXiN2Ez0DWlIOpe6F9uqtSxgbwUWZjJGhrCSjbcB5rOogUUA lI9UiM4s1ixBZ/QllCKdY1ML7aPBAV3TuYZl99kufw2IIT0ZYAlvj0992l2P u15I5iFGnE8ykIrrYqV1sXWWKdWmlwZRvv63s6IJ0beV8bcoXvvSR55J6pQO KR0cOl8MG8uran6CwXZ5Wktr3AGS50Z6KkIZ482pZj5iC9E6ij1AtIFPr1Zz oCxSlq9ZoMlfN7Jn+wpNq2VYo4mIsbnZzU6m7mZLyLpzvWgsFfnIJfPYpwxu Os/H+cWYvUTkq0F8Nq0CNYoGo+11QGcrpmpbuGuT/2a7MZDhXgMMOAtD5+/H 2sXdlTFyaehEZkydZiKkkaGYkkRlG380SSX5YNx9wYpm1P5WbFRhpIR5kJRY ibqlsBLXrcCY+NAiM89SV0+K3VjEXojc57azBvzqTerUjKmmBig+6d74pEW1 56GcuOEU5U0cVNKV09m/wHbCZswBB7qXzBy5O6jTmSRIF58UUeFEPAFerz17 d9f1bPC6uAzQXDwrEdwtljACeNidNYQOAeBMnO1219TwB4s5lujNkQK6PthM EA04PZ0U3WVqn+mD9QQ7NelMwi+IorgYSqB8i6wWcztTOrqnwJ/CYBYxflM7 XgeMt9iEpCGssT3stSWQPvIrKLSc5PQIFeQV+aeF4G2EbvTvA7Y93HEmO2xx rwkynYvb0cV5kr1+ddrKq3mlgMf7+2n6w/I1BLj1Oha5i3IaGfeFJPmmqsbi I6B49NK3YQK4ciSZQdRGjAeReZz7T0warphkS/6BNe5KUVMtfLrmMRNgIQVS XXCpM5+xWo1udWoYk2A46QxbKt2gXxEjSwGOQsqxyQywt8wqS6a6aWg6ZGd7 a14zU1DlQppteUMasoGmhckFPDW+MNUJSQRLJCQOlq5nRjy7USGD1K8Ozcv1 /xXySs1g1iyc/HSS4yJBwSoNmGaH1PqGemEYc2U3cc+RmJCTVBJJ6g5A+iZo kQtCyQt045eJiX0qHLMyKelMrcXrbCA3MyVGfxYu3Xfn3A8g9Utcl8SfiyuX w6CeVzLNjFW26r7gu3rBAzms+44rZ+pUGyMt1Ch5cFLV1tnmkBrfJCXlblCk CDHb1r1dR/kfv882cYnwi2q6ouyL5X8q7iRR2oB8EZVwnw5fUE4J2iclToHh aAHfG4oJGBa2z9LBGxBUMExSeky1Ggqh2jPXavZ8LbT9AQ6ZLFLqnqI2cQ+D Q+4Pot5fAmFR1gPKEscWwwUGR2aLtBe2ySBEt/zYzEIpIa5sgcUU4AXJslpx lcv4VMtWdOPNnsWbNHjTFbyIN0GS7/0P4hfRWn7xOfyy7CL+72IXYoRvpBk+ AvC2t5C9dC929vuaCh1TW49/nBWpVpFH/72sqIlIGtnQJi5wviT8chmUBtwC ImsrWH85Z3MNwywOS/axOSVBK1Rup9nyhvsh9GWVHEjR3EI/Xsc0+9LFnC9Q giTyxtoxfw1vjf9R3hr/03irC/CMfg1vjbt5a/QFvDW2vLXZoE/dEc5cTMZF OmgDw4s343fvaLugMHxA8y0SXZeJJtzoOGfk4PYRN0XGdTXInPvhyhuC2xQQ qZ+WfCiWhe8ezSnBfz2trlGbprIvVBgfV+h7uctcNoeA9Jf4XBJocLUfuUxj yAz2OISCui0YO+qczAFzaY1yODYR4M3OyC4Jp5GIhUUJQPP8m0Rzq4fRt+3l QJB8YD6KuAEcBT9UrrB7a0YyNrT6OOLuI+kZLaUH2SxIKR1B05ur7HpVutRF rbW3qiSNm6MT1kdtmixsQVeJ2POFJFw8shEHJAqHSvRFmClvSJe0YCBCJNlS zeBXCjxD+2mCi15V/YjEAbr6XKyERrb9/kiCcRIIRufMs/w2zAbZQJM7CR6w pA2aaQMXx22b57MNx8xw49SADjfeGshbLrDsdi5nR2Up4N5ElEDlEBZnASRO bNplKS10CokfTPBpADji8GECGMwIfFggoSLeojW86sIlONWUK93eJZqiNLsp aJUHRAaLggiSYaZHVrlsRC3VqnloAmbuPU+uCtwHAKsjUQ1vzjWjvct30xOI gucomQum5jjIoEiRqVHkQiK+d6fuEsLNqePaUFJ11wJ7KrApaKoylSw+jIbF MNGg8q3YwSltE4tTcOc2rfBShRfeNWLQ5FLxrDVbJeDK9RrfJ8BhLq0hX8Wx YB0m49cWY5RGVRIdCSQrSDqg5hAmwA6X04H7IaLHHzRa2CpOCjZh2ssUm9yp VTnq3Cc5HkiFwmrkDhbrWqRH1DLCNVFHMQLRQSW9pE5ib4F2uCleeB2c8s6a p4qULfKlChNfoIAKa8V3uwGb29Rqs9xdwwUN+Y5DPTW5S0UJmjpcYSA08k3D gCJUdaqA/ndeGtcg91bb40VuqX4ZXFmAsUa+HoXduaxjIIl0Kt/RxMVGatsQ 6paLnAVJLMnajXZfTP6cwONWhRXttL+wac7UiMshSwz2S8fQyAQwDisSoOnf AYmKk2hULgWmsJF2oi3xODYPXXCUdWlM1aJydbMB2/wX0FusnfhGoztSRPU2 aIM4gL3ezwJYiO/GrUpjo9NFhWPMVhNiYNqzArbnw2Y73uNIfR/+FnWsrWqV vxKHvaOtjRYxkXSrx+xiyaBNqZcY/dpgevYO6MQRT+yP59IEixXoxkGx2+vL 1Be+IvxvtU+JOPf1MdLY11gw1G8q17mFympS9zb+rmqUtcVqm8BtU2mdjV2T 5HY1ABOFJtSAx3DtHnM3jBPcp+TBwXBUF99kuaimEJzeez7lzVb7EZ86bbMq vLJMVhrqbD2lfl6WseJdV4fGHPNU0b/jnGlaLfHovU+ddcHUSdBw2N9Uyq/D dT1gy1hEelcLr0Rjg5ABDh3W3tSVaxqKPZA/xiknCEsHcpR5ymx2rWlCYgxZ IyFI66xxfPReWDmHw7cr11XTNEc3ctSMiHNBdUY+pWDesbRMge/H0oS+IfhL gYpCpxYdRm/I4di1ZHbZipQsUdsY5gMus/StN3LZkrNSSpvjgtY21OmWFAwW R7F7xsrE3KeyaX9C0FD4as2FU6lcG4zgWX3zxktR8g8iHs4fDvySmyLDo+vm Gued9y/oMkUEKJA8wnLh/8iCAglgzYKagNxsU8TOBZ2JNMwydqOMcNXdN4pE CaZ7MGZW6/1sy3Nkee4U9UUO0q2F/l5ySYIcgqpxWnrDIelGlpFELdKPkA9g yQG0PnpEABqFmEm0vEyp9qYEeZDY4AtKdxxw69x8W8AOKbkiuZFCBiQjNRQM 48vmUet7HZDYZB88SQBXonMD2Fczjm/uMai4v5w5OdV8YQqKwmiWj2GBWPSW zn3Iua2/eSyDCVlvtmrUEtZF/Q2JcRGyHWdWnNBnPG9Rj6nNNz3w+VPG6Jik 8ZYOy/3CZdRvZA4zLHUAVCYp0chhKdDL1tl/2Y5J/EsWadRYQFI10KoFTKnu HexrIhVooseOlxDaHa8Y09eg5qaIZyylOKHlC89A/amPiGG/BlBsVbArUait XYkXPrS2hw2Q0vJVifc7YdIem/Nd70jtTGF1m47eA4Q71kSH1AOr3P7nf7x6 sbfvbPzPf9z8ClP74TPnDPyOohUoH8Xqr02WTh7/91QrEUv83Wjc1IOY2X0U F1FG1mHL2AWLbiYLIB4q5mEgSdXKPWtynLBPANIqAkFpw/BI8ZD+DrHGcKDx nW+Sqiu1UyxBY9N6TMStbC6Z2h/YbkK2Ji3ARFDF6tj3ADhuT/N3hl1GdUaD Lpjvj7+3i1//4Id3R8GD0d8PqOHQwbpWRM3ORE9+ENZ8QcB71vCyVyaFj1kn rt6peH+PD9G8NmIbnTtXtKA746npjhhkEsq7O4130SqTVc66HQJrGH/JUhF+ zaXuPj5dCHK3yL1ftUHNIvrOxo1j4T5SoEdENvbad8knuxG2kbrduDgUS02J r/OgllpAM6OuOmfdi3WbUfcOCzgRVdAUWtaowYUcX8rG4oW5cZnUZH5Zv/F4 p2PHmjpFxtqdxmaJIl+ndSN6vGHIFhqAXneextZ9ckKZ1SpwyaLM2/meBZxV amlJOwgZ41nlO7/Q12aYSpDTDvI1yqgcEoxRqEiSxDamhXwC7HpE3am7mHHb dN42SUWxz5Omgn5YPpddiKaAGAvUyGD6zjZquIYoRL7xeVAPkE/H26E6uXEo 4LNDapqcUI8Blx+gTl5XijuWLFAuGk7+6ec7r7bFd5+5kFC6EXPvamFc1ILA FK9qBP+w9NW8KG4xxLZxNTRIVyvJJ51W8mE4CVU5hZW9hn8wdZ8JjZkMDv+2 NZNWatYUyw38shqgV2wjPjy9UCtzYzKsJdU5iboYWzsi8miaV4RuBrWT6XQN r+HucLQ/HD2ngABZxodaklL6dE9b84XmfVHBcu0hQyrGfQFS0IM3a0kdZdhg UJgvtAZqYLoIg03TXRS76CNtz2EaWpCrExXFenozFEHH3WCSVnCAsIO0Nedu +uYkAV0WHBTdFU8IyBCtFKOTqX6eJuj3vfRL+kynwR7VV3vNTFBuQHAa0uUj FHi3gwLvWgq8+zQKHPbUblHg3S+lwF2ks4P+riW93RT8y6nrWuWA9d8uOhrF X0ZJQzraPOJ1lHStDkZXlCp2fwEl7aCjWHj8n0ZJ/9sI6T9OR0mlxch/NX9Y IcsQAt1LKIf6g5Y4NI/cPocdxQHOQfLtjuh+wCooWAXBU1Ep7VlvLS03gSk8 yj+XlP9zKPl/MyG3VvF/JiFHPPkvIuS2kcIgPrxRHZUjbFrknIg5NidDS8W9 LzrQTmENjeMTdBui8RTNXpRAlH7ylaxaWrSI/qJFG9WBnOCwdU5VNH0YBHqi UVj3ipgv6OPzd85MC2eFaTw2zvOG67yRBQSJodwb6egBCrQQ/CRP5g8mWiao fCs9LlW/abQ6iSyYpGBMfPxJ4tQopsnFbNm+q42DeK5lYlJ9lSNuqOfC8duP Peu0lY7t0ntT86Z8JhZe8aDMrzhZfS5U4Hqm8DcOXa4UPq0Dj1wAC4bGYNwV b7mieDU5nvuEs6Vm6Ty9lrhgbjODBz9b1RKs5SsvNMO8M/ZiUwmRqdYa4wL5 DUfmBAbRTFbyLvGcel3SnBJWpRBsqtXE6PQQs1yzA2nxYWIog8GGWN7pxnwQ aeQBVaX4tMSauRxhZmoOqQtBE7gaAV3k0yL/bKyVaqfOOF/kLgzV7InOoyzm qfaR4YQutptrwaoO6V1C0UwDgKDOfam3ieIj0P8vlcWatbq0y4EvoGEXyEVo EO70nJilyAqLoY84G5wT4HE19K1J71ITe9YYyTde4aqFvmjL1HV74dh5hEk/ 7JCk1jW8Tx9OjlxjSgUGG0twNWifO9AKHVU+HCHhnQ1ul4PpYooOym/+7fjw Mj45wk7sr0+Oz+ODg9/FPzMPy6pic9Tz7trZoCivAT8ZlzZ3eyA/zjZf9LhB Qp7W8DS/qa0UNp/3THA1/rW8zT5tvuzFt0t8f+dl/Etkl3T+f35Jr8Ilvf32 //iSdndgSbYEg8qvILtuO+H1xd72zi+/uIT5ijGDQmkjK16emjx7lO9QCNw8 PD3sKYaj9HeIjZiisSgH0s9A+kRwI1py4XBWOoYgONJJt/YhYKWGBvoCeFoj C+fi+9ujilQGceFqaXA0fC34Lhm+LuTZHBO8x3VkYl9HBrlQjkfzu419YEFI JuDRg+iAKEaDBqgSkklAIMbcUtpEao7XxWr7maO4g61JbR2ZkXpBazNp4zyt Y1+asEDr5E0yv+L2Tvhso56UiBQc0em6mriKiBwJie2yPCez5B+bKTEHnWA8 /lVCraVMK8hmbARVf9CNMAtU1kee5KrBXmBYbH6rvMceTgff19j6QFtxTSjW VxAm2uigFsTUXDY5nmhxys9mmMOz4HaXN2Wxwu7vYjk2/KsD+tyi5AiZyIUP spOuJM81flt5unNbMM2W6FoZdV2kXqQilLkvrjqvKiov4IorI6BmDhiVn1Gv O2JHWSlBql5LoARojoIH7Rwf9f0er0TH4PIIWPGjswwHB7J/uEP9iSvrSjHP QMp7ztb68dzlhbtQUO343FEtX2UB21K3UalWSkCY5q8OfE3mZlp5IY2+OP7D x+P3h8dKrG/SBLOW/A88/4Y+k5bak2IW1puCB76Bz+RrI1rE8Q/bP+LXZ/6z D2eXJx/ej9/J00Z3hadHP/rlXJz8+TjeHA2Hp+M/9uIPr5FMHLa09taPjg/f E5Pyu63C7bbG908KJ8Gb4jbvETboSSQOeYyfZBMP1dwgLPFVo2UgBJIfRr73 2RG2U5F7x0NOeohxvzA3yiTThvA20NbMP3Q6hbcRYNIG1XKWuNkwHDysmYCF QSU+DBTybJmlXa3csyrwHKl8Slma+DqKyCk1pWkVC29PntW+o6E4oDAVAT2o jWieeDO7CvpkumAwORhn7AuC+hoGGGTOidPx2/lfPVuPN6LNMgxdVV4bXahA taoTKTFJfUN1eCMHR6/PomZVlDUaBrD+ilgCtYgpFXDSgmA4AqcnNd0OLt1Q iMFCouwMMYoZmZs0yVOloJ2CBkpSpJrQBYv9JDm5liFczwUDD5JpEMQoirEW bBT9yg7Ell9mQA5XJAhfqg/7e5LmdyDcL9OggM5VE+8DD6+YhVvzqvHBFJ6l 9K7oXuooBckf0sOKbTd+ZRol4klvIxTeZGr48pbhSjpotJCdLhK9vIN1NX5O 3l8efwtiN/78HE8Xy9H+/j7I0X38fWd7e3tzp9d/arU0emVnhJL1L32VxPOQ LcAPx1PO3yeLVJ7yqP3YU3JElxj6EguX+NbHjrvPLT1vcZfx/FpYxlgznX18 +8/jd99+OD+5fHPaj38eDoeuK+4jHCPY6NuTI/n6h50fG7Hza1+l3fs34x92 n/yquTf0/g97P8YfDi+PL+OLy/OT999+dsHvyfBGsz5/8qu0YP9m/MOLJ7+K CeeXGCqke31JnP514+OuV8XKfALoz6++eoTtrz83fP/yYZmO89l3lC1tpzLs 3y3pcfb/8fL1K5Bb0dXp2b/LI2OtRDSzMOY63sT7SEXvGh2aiby+dLnQcoWE /yoHJxtz4sPR5Cnf3kaLwrP8TI9uZsS8/yJaJzNSh7hEDrWMTS+WHodAWX37 K0rCFRuieskc5wjCPqyliB0yKlhQRSe0PhHtd+39ZP2wVNTncvX+VRJkr5Uc XOso0oJcv4Egy1UKLTfYMXFN5Lo4Ppbfw8yC+Cir0HK04hpW7wlKR++B/KUD qmOGcOvHJ2fKsKQrLnMGEm82eOUbckDWigWMaOP9x3fvBkfvN3x6P2kqmo9H M3KC6zAam8dJG3VoB4jGTYHuqFCQWTIukCR76rGDKfAYWEp+C8pllv4D2592 gZhT2zApQMS9JTzokQCZLdxwAqBNKZAc5sTXXZV2aD2Rm7x1WboOsiuGBaOg CJNNJ4/Cbp0dyBTKpJ5ZfOZK+AfFaRy0SvjMtVCiHN6KyN0KvOOSW/UY2jfW HvIhXr+3K7EDQetvdKTCNS+RnY9Eeu2cR5WoNnNXeSRQCTDPQglez4g45vRh fwVXk/oa998xjVYMC4SkcAR9AvbuUYzr9grD4zbtCkdHWdiSQgl+JOZSo4mu zEAV2jbdiNKoTGJEtRKAMwQwYQjbtdqBVqgmN2qnbB69ocoY8CfaG6b/+R8g yMGqmo8dH+KDuOoepdNh5Dw7DRUgrKtfBfU/VnkGxAtLtGrLIqoH4SjdVZDh 5hID2l3e2aYtZBTxmldhbvfFmw8f3x35hfgeM0EStEvrcxYb9pP5gVBtk1AJ +GYqnfT2drB9XV9gnHG6ls0RZFu64BXujHUgbfEe9GzyRxT5WPtQ2mFkM845 PURVOQLrPbbOctXcA8rgCjawpF0SoRXXEMMWIX9dIIs3KzBmQ9mDtmA1D2kF H4y0rmqqhORO8y/ktEUIXs/TVkcTTjFijbk1YOQH/MwITOHL1Vy7HjkTLrKb 6ZyAQPi5LJarufL1LkhnwVWJHNlFJgEUnIUpvE9Y4/Ftujh0pURQ5GoEBYyw UA+2Hz3h5Az2gFEUKnFVXdn4T59fmCP3tH8pGRlJkIXwoErZng9xSLhq7bpR q7QmszkWbGUIVRKq8OgaBPYqvmAIv2aKUvxH57KCWuOJxgpHHRMJtc2efmiR vRr+0NonxG+sPRFZOJ4IAeLzQBhyGabHrkO85jpEX4rMBN1/CD091nENbVPa Kthr3xhXDKYycY3WveXsQ9ztMcTVJlJEvwZX4yauRr8CV2OLq91XqBtXuyYS IfnJuNpcF88gqxh4v8QJdki78D29ZEWVyBb8tnBdaon9CCxk71QexRWES2ce DnwZ+BpocfJwIMrXoiq3ZGNVTmxpK5aEpTSzkJdbq1eQ9dOcgWIZrksqEFtH yLUp/2fTVDBnKKHN8YJ+4xuiZa3VJMfSBra614TBcCbuXtS31XhqTMKm2yZi GrFIDOOPnBDibX9uG4263iHf1JINfTaLmt4w7i5IHqLPKf+ZAdoPV/xLVK+W vK6Jbo8soOiQ6dhgMifAB08DjeTGd9LtT7UrOcLKN8MjyDvT4hzmmIf293F4 ldVdx5deiTAxbXv2EhvmKkl5LHmcufccORVS1+AYUvdarM0s/mSkxC9S4WXc Usp4u6JNX1DDFAlv47z2B+ck0Z6SnXwWTbD/ASz+uCyL8rS61po2QjHQtgKq 9apMiesgHpqxZyf5R2QdJ1Lb/PDD6enx+yMtb+4pLkUtztcSE0qtHu28YoUF 69Evq3Q1KwY9LRmncSt86+qkrNsnA1IjyOmrqVYCLCZaXI2KGbsDbt1XBJu0 W2SMCIw5bDtzqhD/KcpCwyGjFvgEm7RVWMpzOU+o5DJAWRuW2lHp4tgzjA0U om4oeNo60ZapOKAYUhKtgqxLjch1tcy0gl3dWEJAzl3FJ2dhZ3uQJQkagODt ux2qPac81j5STZUdbs0xs4KOCudNh5RcgiBXtC4iIWlbrgZ9Vor3mial0C+W WdJ8+mAqHlE+aO67KsbVAzyzUNO+mhB5N7aiOHpuUgoJoT7mA7xLRGC9LhI6 z8hKQYX5XbO3OahgK678FsfH6HX2xkgqbg66GTd9lGqLz1/soZdb34vr5Lpl 0XNfis1EjgCXDDvhOAAmZ+7J0AWtTnFnDaJ9SLVy/xLHbFIRNoGWte+uB5g2 Xhe/Fofq+d6GhM7e/OQcj6GnxUwV2bI7VOTsinZLEWkg64odgxpZDrUZ+YJj 86SdY9stJtUnRD20dQiPjxniUrEwNe5O8WE6en1P1Qh421GrvoQvmkilO1r9 XaphOzgtqwdZuPR1AVj0cDzaRf9HY7csSONTaKsUo/eJywy8hmtdK8EQ8bWQ rfe93qJWX9SPbHyqkj1xYzU1CifmAxwdoODA+PK3BvLFE71cnLciw4Puks1e nd8nWY0UqeOQd9YdsnFh26OGNWNfERKsKDAf43bISHEPk0TKitYetFQFoOY+ ro9mI/Ufg4jqDq7UjQ3TcI+fwYY9xIYGWDw2NDxxghgMS2yzbuIk2qDkWHJq MoCXTgkXboKjk7jttDJDx3WwjKuEdJorHfCfAJka7XK7Ds8em1ae0pyMjqXo tXVpB3ZtVMermHEtNdMi0rWbmM24UqQ+ZOo4Cw2UmCN2madUj8+QrJ4iBfzn PpFO2TecfdDaKXXTXsBUnNcWxD9wua0sN9yVaieAMlRxFL52Z3FSLAGD9eaz D2c+7CCw54sV3EEOgOIt4mxzlBut5f6o49TkIfJnsQ70E2Catzp/O89AS6jq SNSlQMTesAxpG2KkMyWSMj/rqOm8R+65j9y0A98PUdyYHDLXgOXGoGHOjYuc x0rpk69Jl1DaN2or9iAvb9iIQwIwjLR+2s/NSRdNp3O9VMxYPpBOG2S4SO7c a6ocPSIiYufb0pAKw5i6qVAR7uFxIvQciVC4a0+DTNRWQH8wgumMG8p2EJ+9 zzFrEY98QVqDZdqnVuP2MdpKrVcuuyR4g6tgtREVBCy4i5zI3c6fekEI10XD /d4eB93OiOi3f9zD7Qvc299rNBkH2ixH29PSozHRjeYMTiR0tpAW2nVAlD2b wzicEFh7uTUtt25X5RaQ/MWvnxqp5tppY5cA5MVtU6wYjhDYnVFtW0EFUjmt ir383PBSTPg+XN48tgxN11u7L3VWFO65L19ikBRB93lI/ZoXyxozzUidYBMN NgRes9Yup5SKYJLE8WtWN1T2sB4ETkkkWty1PtTNMj3UXwUjsTxTWSytU/Pl gCZnJnttPdw6gLZQRaNlpu6gXpT/NaYIPAl0IKeJaWAQ1nUnvn86PhywVasj tYfdffgWdQBwlXvYadPrkLg8K/VGa+NUW9fOkVtQavx+4mweHY+SYzYJ+q/F XA+f64EGdbk6qGTb27GGVvLz8eU3R6P4F+oh23jRU8326TCJfF1IWdJZWmN7 ToQLFjRfC/Buz9hFmwloX0PWqG3rhZ/9sl0HJRvAidy3hTykwDQDCCncGLd3 +ObDiQ8ezDQKDaPuHP4Ls+1rcNVgIP17NW8BHpL3l/r+yL2/PFXi/cj71ZIH mLoF7Dy6AB/sHcw/dfPvPjp/83WdnhldzCF2cfDUudbqx/fP3h5exF+NtukR KhT/16GMUCxn6XTKkXZUaf8onb5NHw6xdYUQjz6MAM/Fh9rOwr5acqSdeRWX 596UV8+DDrXAJ32g3SNQ8yX043PbOvh2JXDDaLtHwBa8Hyyg1AXsf3YBWFSf EnDcqd2WOv1om4Ii4RFYgN9z99t6aKXDmRFg3Xl6BwM33qXXTeJzsPvSI+2O vN+cu/2+3f1UsfaHEaDdI0hLRVE9yvglTKcOAns/Poa34Qju1tyukpxSKkaA dYdjrj7Z3AO8brsoAPfPBWmn/Da+/4Knh+9aILDXxr5d+rdfEvy6Xg7hZ6Yu 57p0wL3D83drXsZMbviqWIEwQEkt9PnyNqNezPD2PoWYiuEiHAHebnWFFjUJ CQ3g3Hv6SwBuXh4M+BuXr0PvkkhKG94Z/RjKBcGaxVjSenkpL+/Qy2uwTV8O US1Fbwu/DajW8L2Yk6ZvwolRZkI4wKuCY13ACg9ZbZ8M7GI+B6zFuQHLzviv DizBb1C2CDCcX17iyy/0Zd133Pmy2/YvJubW50mC7KW23HZc7XPsdOTyfFt8 0kTJNbkl2agoFyHIdiB/yyQ1yQBcS7lOr0vOb3NmDnToVQ+LBZZzmZpIP9uT Qbw/PihJs820CWUkog5WTihyhJFrTeEz98U552LzGkl+LtsBbSKawWfzArEN wgd5keJAsG+5y5eQ+rt+BbiB3M1uZg2NRepjnbjseq3cb6fux5OVSyUKvqEu DqY2SERaiTaNMAIV6iImOrErvU2B3pFCYdLOUA765kTj2g22ZTmZsFntgk1M TS+lcAgpAnEEAibF43KKbRQuK0z9aK1JUesMnZSPZ9+tT7sT2S68NmWqXo4O C2C4EQ8HbLswS+dws9BpOOew6vUYbJtaa9wpawxU8ZvjAXvO28wItzQZbGjv LNH4B8NjT+q+XrpITplKl8OuKS6Eo5tdz6BmJ1zvq4qCdEn0obE1lAR2inVx E1vcEts0ZneLV+05pofjPb2QvPP4lAwbVMKCnhm92nsJz4TN0VpRydQ4TxoG CPxJGt8kGKltV+TyOsFmc3wjI9eh1lu7GwlLrnTMNCnLzJsjdIuRy5NHbyJ7 3zF+GG7Qja8YTTl++UMDOj7FPvIRG+1miRoxIDV4SaFjUjLAiNegVo9U7U8k SKMjTt89w/iCK0LLs2lnPWDjyCwI0Yi5uxCHtWhKwCTsScgEXHMLrjPqz5VJ S/BBKXImWbwRGNIFWhLtSInfmBRFPcD3lktY9gZat7H2f1riPqaVBnZSMxu5 eXUkNM+1QAyUYnMTXc9EX5Ql5kqe0dWKK+BmV1uU99lxRtLzRhwOVBjDuQWi cN2uNL8YQKS8S7gaXjXW9AF5r6T+AliEm3qjc33zo2avhGlWTlcL7jYgQ4dj UrgCDuwyKSK9I2PPEfDJwwLu4ubp+LCnJUmoGBPxL7lGjsxGDGnqEYdVRA/E zHLB6QgX3N3uxLSuackApmwqJa+GORQ+pINc9pTmoE3zwsRFTLxxaTWYYlpi 7a/NIAQtZHZsgoPLGUKKKKGB0vhQMk1UbghTDoTYSyMU4u+SQx8IS4enZ5HL j6ucCejFcCR9G/de+WaNRpDxySLZbHCWVNV9Uc6+QbvHaTLlVKcrNYb6WnF7 rtTG3s5oJLRU219NHmTK7b3nFDBMpAkFfXg5HOkFGsTcWLxGuswYkYTuMRKa 4Ag4hmcYnxZ8FeCKhJWb8NzmWVW3xm+M3mFsau16jaFpFO/Er/a249Fo9/nu bvwyfvFCHO5n35yeuRvexe0rWGvc+LH5d8L6i/ur5lNdSY/ydFZLTYJD0KRk eMkO1fxL2MwTxmvI5V7IIevjNcNXawZq19BPy4Q99yZk31VzRGulRzLXzJgi e1EMk6wnzaqfJ+U1JR2JCb/K/uaxPU8H98nDQCuvDJuVX9Zgo0FB18SJUZAp QbgJ2Ry+KPvN1dUq1tU3eFETf8M4tDQcJatMhoQifimNB7UnDs1eUBQuxz3Y lSOlm6eJ5hBfreghavVFNcepSmRwJ1CgMNkc3Svyp6Nru/Q1wejz1mu+XwN9 /zb+ffyGi6+Hjxr6ULeRxybSDLV6tcQwBnROiDLekzv1wgJLc3ko9C1R/ciR Z8Ak9q9++P61673hBMzwdlCTIJNnGOFULqNNZf5ASeCgKTdOTAqV1guJpMof ukncI30zCElwtdwOQuRVvVy5zDYXZOdeli4a9ikMlAFJwC9hE7UvAMHGN+OL 47fHf9qQ9TCXd1l+fY3c1Iu08WaD8lbv5cLhcWCVNxfp4pVcqh0jLpwA5c01 jt8OJhl1lY0QNd/Gv/1d/MYqkdifDzk7SYfYLtwFdcrCJZGMbslVRMgl7ydc MkWfy0xhs86h37hIScHNPqLD5sZoI/73v//733WgXmsk6n/QHi7SlYbD7Tx5 uKhzdX44alNSxIgt3HQFdywA8slz0nB4GP/7D28QZTc4wxRHGV8cnpwAl6UO MaKfGsfney78javdwOBTrrJAfk2U1HNGtn//0Zk51sftSoArCpCWw7FXjVKa aqoCyOWDNDHYGVpsrlMQPU2O9ygrt7Lllpqytpa3Gf7b4+h3F8KLkjsqy023 W9Ri20gWV3UYE3b0hqykZwnc5Q7ZkPwp37vc41Am5ExY7T9Cvpt0IH4zn1w4 oNxCdhVFjQzDoIo3F0ER0g0QgaX5Vur9ZhvxVsYkEg2bG821l30zd3uBffy7 bSUNE+KNDYVNXEWzVnMrD9faz4bRY+Js7MVZGM97SEmQJIyOwpV2C71qogs4 SkfxvqM3v0Zo292mkgHw8mfEti+TxwYD/PJE0gpBm0kH34NC9FoEly8VyXhE JcM0shHUHuOkwg6VE7rg2gprnAn/aWKquTux46nCjITrxAHXiX4d14kN14ka XOfpbCdmtvPvnu9EX8x3cDbDeKJfzXgcaY/+Icazho89nfF8jo89ifHoNR1G /xDjiZ/AeN5gn3kjUbf6kmDvEJb+Xd3FhqJHRQyN2mvVSF8ZUo0GamroYAS7 jxoJrP3LGSzCsAY2AhLvr1oks2mkDmgmKzy6tMdMAUoVAUQdJEPqW86y66zG vAa3zqdbEOK2BSHabWjPGufyEB9b22gHTClKzzUPMOAMUri5Z01rvPjUFQDe fHt82jMNpbNW9xpnhMHzsZUq6K3Phc9Iz3U7Jr7i3DmB+WoogYdkfcQMDopz aYd3fH5DnsJ55DamC2O4eLGzj0qtreU5psAaP4SrnAyyWOrLlOKjv8G1fJvm m7148Pt4c3nbj6vbHnzxe9sn0/ZUW972pPqpig6bDE4+hU14fYjj+v2l9A4O P8XaZpUMn2lKX2P0Pq6XJLzExjnByzJxFJ7iZlXxjEepn7GCjeALOGvHjLah ZCUbYktmMJ9fCjGkrmkvC00oQYj4cO/gBJxN1NUvplp9hnC0IqF8rDZaabMn xHlxQoSsRQPFLEx67uRZm2yux09pSqB8+ZT24JtTmvBBOXXdODGuFbeP8C6N MLL2h5PB0TBL66vBPFksq8HtA3AW23u2+tEZgL7BquBuhxl1885nVnr3qghN 1AhUczU9hx1DoSkbq+WSBSJHX5Rm96hwbgp6CiPMyuCQqyFXTxQ5Cd1aSS7m 5FRr98VYhDXeGAOg0g2upy5FYILTE0RSjtvGpZvCHK7GEj52siwPbHxTTB6Z VhImaXX/3//z/1aeGDYPVxfRLOgYIphBLNfxYvLA42NxeSzBhxPCqogx0BfP KprF9qa+8VVvq+at9sGQofOOCABqodQqm7NqaXwJU25FgTq31FCeI/uEtnap 3EGERMNlk3QuaZa2lnQTRJTSTm0Z34/S8gCBTLKZ5JBp7aPNt0evgYpVxIFK sdV2MEFdVnvFuAp2ybFTG+8GHAqcweOuC6PrqT89nbnbkNTtVfT/QXXvbbr4 VUb6F6Tv4duPK3y3s6vPamY/gxA+ODo+P/lujI5xLTvIOuBtyhE4VBcP4y6D Inthebx5moeTaWVHjebnx1oKY9ea8IZ1VUIMa6WTWieVLRrQxMo/gIXcH6AI WOiAMqPLKUbacn33RYry/gADFTZ3enDimwDxHhZxqtN5nmKrl9tqk0+gR7Hc q6rGGu6/9LUnajAZXr7x+/GAG8fjVDaPnWtYV0zeOGBhnkzJwqsrpbyWSYn9 VDSxhZyZ1O1RS793eXqo7Jo1IwARQiTImqW9jJ+s0OynokK7+NHrvvQFerD3 2Jp2VEzl+2lM2eZq4MQeeURk1xeVbMUmb9avzWe5yNvGccmJUNx4pSWjrm4X zv/AQmbfiZ+7sKB56oJhxBIgfhsBAezd94GQ66tpw9aFIzUHrXD9qDweRQv2 PT7xDAJ7wZNPw9EsZ3PgEiIRe8Hc5kK3j8be8MyOqqpG1daj2t7XFqPR4y0t ew/YB7cwWBcZT56mRwsF+SCqJPDotqPVTWExOIDWUkVJCuQ3DKHcolBImymD M2mhvDVzUXOxR1ITbGhMYFWWhsAYNtiqUjUacuOqk4Y/qh9L1QS4KLrOKywt EKJjZ1ZF1tiKyRVQLx9VD1YXH4ovXvQ3CpBKS7AHlnlEshCwsvcIw1iwDZ5m v3bKrLFYf6RkC2YANbIY8KZRi7bKgigl4HwrgNAQjdcACMdvk+ruOrqo0+VX srrP/MBuoyd2FH78BxjW6HOT6Q/AgcyIDXVkTRXZ3w4G9KS/FvgRPLzTGMoo U76Isj4QimD+e6a2DqvIO6HfdWHWmkUOQJONXdFk/Qge3v1SoKxb6JN+RHB3 C/+yt80uO044FowKg0RZ2MTdduAECTA/H8Rf4fGAUjJPf/esC33Zjc3Di03J KEnPQKwguWSQzEHu+N3GPL2q0T41GtLcTm2x7ebXKjvLW3eD+xJ7xqFRYfIg LyFovU5KOFdZ5ORzsh26hnHYNlp6vzmwcL44hvNyOz78zCs/TVm/qrq0CsNM prVXWJu3x2sVZMlX7au1e4aZy9Ck3jQs1vDsU7ZldLb+Mp004tfMPtE5BJpH n+kmm2M+x8c4qNPuo1NQ6LD6SJfAiko5fIka+BTeCecTKC3484iZTJ8nPORV eA1RWEfrfLs0zNapGkLmT5XEXeMR1BOtbtcs3dqWaMm3zt7mlx47x02o3Rpe RdIjB9VgMkOf5LMrYFKG4TP4OSnCFc1yxPDizfjdu8BmzprnJHGpHlTwQA98 Ld/kgSZseMnyhKvExLEDP+vQnUI6QP/W9SAEAZEtXq0DUg8NZjpSLMgtRa5i LCkI7uq3Ic3Bb8QI2ypDrxe6TXjOxNlYzA1oSNtdNm+aHobuOynXaeEqjrKc jJcyU43Qau2hPs2wAMV4oEWs4XtqGxre3L69RpTV0bcAUx3GQGkNbsI3m1je m/Ygr/UGv4fPbkPkbJ+RHqV1pXWKgMY2JYwiwA9UOx9DEt0ADAIKmA8z+O9B mOA95+//7AFJbbnVtPZRXbRT9MORS84xhgqNjP/cw0OYOxdLN6xxNhZaFOad Z9koHB1wYK2FRVs0sknljp97WnXOL8K779DGlGQtUsFCrlZlzQ0kRamppFY/ btcUSJ6u4BZykkC35brpjcKCFMWDVFYvape2gPA+eXvaj9/1yTzQC7soWiuA twFg6KQrC+AD+6TuC7mWYMwwds5irupGdHTO1S/Qk5iCqpLABBzZcTYKMQys t7Zv8G/idxyZLMZ5PdoGDbRRB75YZ6d7cE3LTKnKL0ulCyeIMiumqwXHyv+G AEo6YG4NNEEsId1BP5S31ITD8T0Niug94cK6Cmh4Jq3LFrzUFeWCpRQB3aUM Hf2YbhqqPTQbl3QGMIcG0PUWUHr6l8jf82AJak/agGMZgIyyQUQkXIC1OTE9 dMjTKJ3sCm8F0hJAvm1HwWm8qbRVQNO5m/OKwF5gGBygElqXLImREIoOXJuk 9T0FWWRXFDSz/maL80h7zHU+wlgdVqhNP0n75bq1A1fln2z+D0Dr2sYTKfBN HnuRxtlLkzylJnMgS3tjRke/D54Xayyg7obZWOTtVhNF/zPLF/cEnlfDauq8 E19qKaWb/MGTM+GlcGpUTUWZsZHCnmTMpLKPzI+RfoQUhWSQNkW55KrFpe9G CGdVUSk6by7SYlk0JB4Vfri+iEi/YQSihUu5Cxbd2qfpGBvN5Hw7iI+NBvJV BztpaUeweJewMZcOxp12P5HftR9fGOsBR3eXPnipRFHLlpJ+RIl7ZKVqOyRo UHLYDK85eTPYhI73DaNc+RRMnqIpH9Vhv83MheLaKUnLEmjUfOYBlICw5ChQ 8qWlHJWP+XguZGBIhRypPXZoO/TQEPPpI5ZEiv0KHNeS+ulhIGegEYVw/WhO 5y0PPOV9H48j3eIEcTzVa1FGacSZsRuSeu3YMN5TV+3skWxvLqzzPTtptZhz YtK8TUhWf12Jm36s3XiTPDof94moSK0+PgkXFzQj84P2JbK6VTx21AfBoUWz oiANXTwJyfV1SV1kZxx4KTe/SqnDKJ0zJ8EhgGhtpuEkkCxEVqyVx9n9lbrs vRmJMMr32A7z1GVn3G0w9kX7XHuVXPqGEHkcr6n1MwXZMMWO8rpqt0kuEV5q AW+ZjoyKVrVwJ95a1IKRd5LU05uhliHw4wNiwlANpRWz6/H5eLWEe58mC6y7 7kaMD8e9rz2poMvCtSjcsFHsLPJdw87gvJsDJ1QKE/Pg0bvpCqj2sDTGa2Mh 7GiiSYbLSZnNrvm6YLf4wRwkOjzUXDVRlhxQDrovOo/B1eWtUoM1VAce00WX kqQIdzc3pCqoA0+glrqKpnMRKdBO2uTKbo3e0oHM2VWBY021P5U1GHzOCkvJ rg/t2lRcdnFNvVGbl/2YW4m2rdm07jKEXCEKuMKuRj7Gh9z/tdH8uEGLKKvg Gy7zySKH00wbNS9sD1b1agut5k679yrdcyXSZr9kd7203F4oDEqnIKSg546J N2qCUGHK5gY4afY73wu5qxFz3Eodl5MQ51Vtylb4koyFb/cl6SVuE7bLEtXn oADiqBkkpk244ZNLKcBojbSEko0GtEUZcWVSOQ487oXQ+cyFxfnedmHnbxeC PoyCSbH+5IxNBVyq3MKWi2JwRDwI8bzXiP3EoBqrm/UYAxazqyb46MKmVKoh 7DZmSok2Skybdfa5Ky/295J2EnKhBOLewmBz+IFO1Byex8WpTYsWvS1hQ91o lQNpSZe1NppghyQjmvZ+0T9NNWduNxC5IjY+xQUQQWUArRXtb3oW1grcxHTr hE4EI8l7lN1Pr33mldi9Qs0lriNNWwAddEX+5Y0y/QuJDBvUnSOs6tZd0i1i MSfVupMc3G5KV9ud+hBGLRC9vvpov4HKRvaXa6H4GAWeiiS+zXKid12VSycg FC9B2a7DxKN5mpRSTyTiwuzEL0USrcKLqUS2q4Tv+oKoCM4fDs9PX/+4+ZXk vfbYBhPc5wdQ4z6xeDtt3LlEK106Q4b2OXT3zNUo8UmJVBe/LOaVdzfUN67E JQHFw89qkiRYzwYgpB3W5XyQzGu7Uh22byl94irDSi5QUE2WgxeoWUge/3H4 fHv/bndNWY0hle/G5jCkMWVtYOAVYWgoEND+m2CvpjyVutokytORKTwcLFpV VtfvlJvTEXby27Y6wHphYP2A6ws6UpiZJLmrL282KMrrJJcyg9ixeFbMNl/0 qHBTmac1RqZVUs5l83lPOxBrEQ34CEuMfcI4NPh3iX/LwvDNlxQiOG6sENcz rmuQClZ1ahVKEV8uNLhKM7B3hDiE1SRz0t25aTxZphoNvU0lg/+fvXfvbuNI 8gX/z09Ryz57DPSAkEjqafXtPTBF2by2RI5Iu7u3xzunCBTJGoEoDAqgzBl7 P/tmPDMyKwukZHum757Le2fGIuuRlRkZGY9f/ILBBIIqho0SFYjrxsBT/Wgx Xd0t4VTHUXXP8X11iSq9FDf2vP5QGYA/gjMjrQMM3VMhNUTdugqcb8uybZfX K7Dcag5eE2e0QVx3y0q1YbkfN7X2nr2ODBpiRUETgazXNXM8pxZsSK/oDEDB RdqPmziGQAfqZT8wxiuS0eghXSbNKrq50Kyu+SXQQEJA2rsx2NmE77NfyfHQ +NN/MYJkDTNRSYpwIIjJAORhGAkESFs0fjh04sGx0OBfDuH3zdWqXF4HAAUM 94yuGRy+PRtGNEn0gmi9SAYZmnzfKjSXCLhGFUwcTxBCpVMe5CEZ66Cf/gO7 gwJrjIvGw/YgH77RcNIMvhKvmaXygntZ3qrJukU2zwNnQk66HX2NHZlF3kZz 1A3e+2F0jkWJOcN7hdId2tWTKUh8K925mld2aUBh04I5TYJs/D+voBmof3kJ RaG8MMm8QZ+0et3uNotdf9fuxxqTg/KS8DhoPKx66dzyr3PdSEeEyDbE9vbc gj4sTQ2HC0BAZmP3OmhQHPcndOnuoxMMbbp7FrpHbTGyU9C4Ug5k9Kf7PP1p VTOit6KzFHJsBtyJ/XHBtXsvJdpJLsgip9lX4MbS9AoI8sAzEJ+zsC13+FUR h1NURsW20ERTeV6QT73wRc0DpDUa2Bzq0MJtOgL2OYNPPrSQAAoMkf55+fQF pQIokfcROK7EQz5D9Hi8cqMUc+qKkMvUcjrD/ob/fvHy4ABew3h0xlPAJuXy OLh9QgE0dCW9QZyfrM9afwp9ze/65sl/A7X5ZOZ5XtPtyqozE4ERKZmHkZO8 SpBCQbh41eHHFVqNhRwuj2KX76m56S8XUnb+iOIT8jfMa6e5pbT7k6MBcMHq ZbNZcVpZQxBrb9YhzZy0omIFZgDnuastLibqm8a5ZO+fs0uzqtDuhOzRrddA 6OBykEOHSbtT//lF7GtKI+JeWFpUc0kxflKXxE1ktAyWVmFgeHHHpP9wBWnD 0EKJIx/+T16PY/bhBkdpxCZdky4VarCs4kH0TekWSYMwUiJt499zxsqrVUWj +/QZm8i9v2q6wgg+b7r2c9NVoraAshXky7OZky+LTxms1yRhuPJMTlw+eLxG pcKIn/xXLnAPIuTXbpBPmsRkxbNaBs5Wzqe13QU35TbWPuS8D/k9SlOVnSvO jkMKXmyhUBvpJOiUmwH8HOLPNGyGVJs0hcQx67/401ykQDdAjhBa5xSrtjwK k7alageQBdQoWfgz0bWD3Pqa+yNiB8dl47/lLgyKI9hnFJ4D+khCGXNPUkv/ iFNv2KG7DjH1LcNOtTHElHmhJXaITihHBFM20soFMBR3+zKNCFPn0g+Hhw6e pRT5sWtJ8dNqlqDoB4+5+o+681Wzv/i5fNvMWr1gTy6gUCV8e/yEfbkAWtUp sMdccBCeIHbJX8rVQi8dPOle4KU1tFoYPJULPiBHvd/i0QOKwbOhqUF8L+lo Kq4WI9UwPZMHauqXMYpiZt9RhP6SFx7FKDPdtlltzAct035RzgDB2pkTnfYU VtyZdn+B+Oj5afcXYIe+3mn3F4DHf5ysfZh2fwFYdez6hwt02j+umsVVsEz1 gmdyAVAFYp9UCUDwBc/lAu4FDgP1MnojzRMGL8wYwJDtfMVLuWCK8dPb5kMs w4O9x/YK5p631wz29qLvOBb+dXPFfjTbfKhQx1q+QmcT+P28dE7UWpMrdDol WVHNTknByBVPu1ccqcbEK3RCy9kMpCp90WDvuRnpmWmsG77lRbLuGmPUK3RO 0RPxD1ifQ+GsTtpgX+e023+Zr9gL36JNUH9g/5iu0Dn1x8AkwALCSPd1Tqk1 7vcLNIHtFU/iK0QRmyt0TmcbAMn47+RAu17BusEqyF6EIuth/tHrR/avAl80 0EX8a1x0HYoO5FFWWVh84i+mH10UmpOy62mO92afWG+OTU6FD8A7Sx1iA8Ch EdoxxWZdm1Lec9okDfvxPXFI+MQQEK8af9QfTopTLuCp0o5C+4SZwVbEcjER lwifDPABzC932Tm21hwy0F2ELvNog7TXCIgR3LIx5yD1Boeq2zEUyTvcpgzS ac1VhTHBXCOyeb34EL2cXVRIcyNSIsCDi+Iv19Cqi6EyEYf2RXXXsHXUThs0 n1yCvw0J92yuHVtSclQLCczDGyLgHgMPgM/6Y8Pssm3wJb8sjmpOA2F+TYIA jiexoh5ZPVM/ouLPOrJMIB8bfFWYbUxQ4oOb1R0y1UN62BsskAjS3KR/e3hp 6a4hb4lWpX88AWu1CTeC7OX0by5xiNo2Q/qabtqQ3pwQJtpkN/yzLEP2DJja IbnCTxQZDHIj22PSwTf2yWUsSKnkaNtHkqD3/oWH5bdivwhYZZCkLp/+8ssw NTROTr6CDUj5AtOb2BApJ9n2JBtNkAeYAHQs0rDfeZJaDfGT8N3aqMFQiMnG dFzKWaNABLflbHMBFiPpBP/lJhD3St7b0jUMV2031Uo+RjuKCvAB72GcgNyW 9IIvix3oPL37+t0O5x8RPchXT+brd9g6EfqDFPw6/aVp9i2vlvQzdZO7rbT1 KmHYEFCGkqufIy15L4ldFqXDPFg0WbupCcpASVsz0a6IcQQkQhgUVfdGEHqd mZPHh+H1yRKCBrLdQvwfxGCFJFKO/i1z2E2NfQld3HL2ZuY2eNsPZTjxTT+V mCkcG2Jb5DtqD+VvJmDP4g4CecANBCF+if45rb9J7huI6uoy6aMK4PJkf0r2 7H/CZpRrCtPimThZTa9B+5wQS0PnEHwGh6AgpFZK/mRqdtfXlTBAETgZtSI/ VsPkDg86/Iyw3/zF/H5+vckp5c/1zB3REU9bl9Rwf++D/fHzz/ssOchL1z1x +TIzgjj/0P9FnVviT/Ka/xKW+5SJrqBSsxdfN35BDYAxLkP3LcN9XaiifLQm I0I3aSfFDDiCk0vz/hghAp1DpYMpwVuUgD6hn083d+bR3RyzaV5d6DYHrSmV NUG/h/0MfQUhEeJX5lsI/dBfkvgWtl+EK0+9kMaXadQTH3gQXQZXyV5HDHYY YHc5CC84WUADZoWUgIcfbhpzP633E6EpaLWDOGLngrDBDClQCVqGa9BSMga5 ZR/4oRMIjOF0/k38lDaF4ACe9rqcX+KRsJDG79zsyhoZ4Px6M8ermpE8E78v /TassPIbiVLDZ9+cfP/d69wkMBhDcpzwYbZruX1FaOCuXEbStV16j3Mh0gV3 tGFjWuGY/rM4HHfdzGeBNifiFzvnVyYtaDtI8KSaCiemD2QbdEWuX3iGsgUT cNUCigakZ9LEkMhhoQMKYSzxQUVkRBKhL9KqPitbdcsnvVLpxTHnll6kyCq9 ke6KzGEjXgZ0lhXU7ioQkuoG625RTTGjusU0JF9uUn2mkifWSyb90qeZ4odm qwNBV7YfjrGaEZRSfA/9PjEgQvjX2Cf9xNlGt0WmBoUHsi/MjhSqHFAKE9UK b6A0H4yfmzFiR6pwwVLMYSgiPf3W/2/CedFff5Er9bKsGW3GrE/oGSoShW+Z ErIi0umwbG5vGIO63Kz8AlWtem1RkzTSKZOzd14YoGkUKHvKkPjdO8EGG/VP xWHaQcWraLLdQSEiYGDdRNhDgjcTsVjDIf8YOycowR7WjP0xCWQK8BzwZ/U8 bhhXx1pzO6wN2fu8Da38igvB8FB1gg1ZMl9BhOiVkuHZMtxbqYKcckwrKi0w 9oJ8S/bmBGs4xAPSTsWjdAoUEy2QAy386k5DoaZoK/qLmnd3oSQ07pbCCgtC Zg23TJ71v37F5NlHGz92By/YobrhNq/96Cb/1GEg+kKp9+cVk03zEXg4eeQP N+IDev1Nl4sHGgEtoHxLK3Yi0PY9Z0ac7yV2an6K9umUPEef/sb+Ommyz7J6 C4RXSAqhyL0z83oV/Bp7q9GpIGcKWw/2GGU7b+sZevC5Z6iKqgbLtp6lioFi ZrN4cv9LzlaZDgsftZzpprERUmxDSe62s3cfV+nJ+OAhZ7C8POMXgEoXFCgc X+FIyGJOQRWQm7LWu7yncJb+Vs6Z2TUIFLgI9z0Y1wMvBkdBzzd5UGXhjdBy PYImhZOxM5JcWhSfhtG1kJILaCrIJBaMEJczEc1qjgrLQCHiaUdFIKG2Cz4E NHnUqar43YCHf8D9dwxZZiuwp8LIlAnRv5Amhoiu4k5loZ2edJIiCBm/7Ak2 TTZy3z50u1zcJdxaAReWAQPa8gn+VX4zBarHbnRDLAWDtbWfSoxNeFwJeMsf ZRR8CRX5nS2PlDgQX3iTlGBY9ZXUpyG9SZAJiRaAqOSr00dbpkgpKkwNaQry C2KJhJdm6sB2MEwwvbM2JDwkNLftA7T2WmD7MQQl0jU8qgxiurCIafslmHvR bYjz+PgxMAR3CoVyS8Adkfvh3wx76Y4xmTlBTScea68cQwCgDzAeYU6DhkQY CIBXCFG0vrY9YImhAOkA0R7rUBDZ93/EZBUQichYeyHXhIHHrEZ8nqhSoWxP 8Zb2za4pD7EJipx+2ZeAWi0P+S/QM1yqzu7+qvIzvuDMnxSrRgWHKVI6CSSQ PBeR7sgF/6zOuuhwN+jJ0zCgaSEWdnJsZYVvHJGoFsmPtwv7ft5PHh1OOjcU RJqJPytNnuNv/9y9+E948aryh6P/Cpy7IbNq9jwZWAOKAVyIIfjh9ieTGRDQ MIagE2XHVClCKKki23pezezZGSSATW6/9BcCBlauHoKthErKS8l4JgIhaiWq riQJiIQSwlUWGs8WOh4q7K3kX0xOE2x1TnNzM+lEpaStsKVJDb7A3hKNP312 cxE6AkVd0kJATWukoyDeIRRuQoWgzpN/GhCXaPZUo7IS3U8HQy2hcvNZANkz rCZ1Ap3q1LQWT41wPZ1xmHDv0fbVzgr/mZjORMip174Ya+ZAKvqQla6eKfUR cGasUF5M0a18yznClkvoSnZXzJsrQYmHvnYcoRW9C/YBUwLZjncZtpQ4fRwz FGEMmZTLMQRzDfYjI/swbpzQWUWuj9ZS2VM8OcQIkk/12XFNfPx9zCmwWYho ieD31Y1QITz2cmtlZ+a8Za8o5/Mg+MyASdE1lDHv1gdW9VU9Y8MpQsH6/Q72 inracxwz8jpcLRDztw7H2uvkUDsUN2D3vUA4T9kizx5tB3K0/bccbEYn+jEz NUUZfJldxaGqWzEIu12xqX5WvZhMlXoLjpzXFQS7cDq4QzBcs8pcAxP1CjcY Em4OlYdMYlXK4rSY8e+WbyNl+tnHaey0fe6ZaijpeSQfm42XKv+dgEGwngGx yC5u61WzuOHCVCpJouQTRe35SGAJXHBVXZ+XEE6qKHMUry8SpxF5UNFOqwWQ Z6j6xRYYreR31g0BF2YQX8BCITp25oqi2Z6/EvoB83KpDiLaiCBM+HXzpvlg CVuKATf7KZEz4osQrhErtp5buD0eO0QqsCC7jAVz+OUn2Dv+e8xPr7UDr9pm hqBEFf02DWyoIn9//m1fPOjqP9HVyz57KvNstK4e/GwwrHqefd+773tb8nyx 2Ijii+QEepJfiBpEahSgxrBN2ZVZUNMHxvJGHwKq6qAfqeQGiIiFUf3vq6ua QpFROR1ZEPXitpkLGes1t3DxY4M0xF2I5sZ0J5CVFQoEpS6ZripUTsGcyalt rFKjrTLWknOjNJBBJdCVEZaTdzy1XFXNzCet2GWBPywOGg7QKuOLZxWRT9NR SPUO/3srPfjvn7a5foet2N1KVe5EVxkBfd1jPcQltqUyRtURIpCq4sVQpNok aevx9vbkh5fPIYG+HD95/MSGpIfiDWcGp9uZmpfY1tq8bfxRgAb29rDNgDoY yEneuZpfx7y2UAUg5Vs0OUOpxIxtaTnMo2gbPuVCrOlA0xs3Og5Ig2ys3ZhN lptMU7Qnb4KJiRFr/Vc+lQtNonN4vDQn7md2AZ0lcrS5uj7xX7NxeLW938Ns dCklLMcuhdzxwuzYvfcjoXfNxZMtb7LkNsz+NuE1QSVHyFCBuHIZT23gzuaw uMSIFYVkxaj9TYOwvK/eR42ptkRg8cLQgeDzA6nEQhFWkp5JUB4pERfmIrvK /6v4ptGMPdjv4+lOZpRxdBYoRLDfxewMeXbfUUqF/QHjBJcFQ4nRYyWArc3Y 4veht2meQ6PtupnRUKNIeLqMDw6D0+Rsj4Oncv/AyPdW0Up2wIAsKgXOBUwA vIX8oa1J3YuKaI9n1VC3U4nuht03CZ7CfzgRj4ShDvBPMg6hv8ttvyHzjewG ihE6jf5Ose7HP46RnDuYg9JjDp7BxaiB7N1wLyitJFHYerNyVYsbFeZsVPTO Ge875bIDqAYSp6V2o38XQdnhHG/QhC4C0JbxhZf1WhDk3hm9o6tev2slt/3R 3wA8qgUkzrVqF+5qr9HrFV934IUSb6bgDZeutoECjCKayFgJ4+LWeOEm+ijE Ya9sHHJWIfCvhB1HXYnULCgvLiBcgvLSgbEnIYe+45VPHD5STixdb2Z7iHbX OArrJMy+yEfPwnq3zpAfM0d6qcGRHjgjPxN39boCv4exM5alFt0A5SQ+29zc QLoHghXNaS+2/AVVhGF6zVL+t3Ef3MCdK60EceBcAwWLAnECw3vBO23n7Nsd FOQdQVh4gd0ZFTtH8vu4oh3+9O1E/tYBsexwW+Bvj97aa/oq7+kOtN50ZOLk tDg/xDmcssOhVTIR3OsrxAV86z8Q/+sI/us8pPledc0g/wX3XoOPsaRLr8Kd 3V/77+2/3Lzo9TdvJ4evus+HKFjuBeH3yRv0D/icQxsmM8+Jf88lMvKs6I9j 3k7SAh2282pVonyySAltFWKGmLK0/YDcdF2OSUjdoCrCqK/Ukor1TbgqBvPQ caItMNda3038ACEgaOuwhnQoBw/5auO3ARTztaLnpvOSe0jDEGrv4WuNP0Cb wX8Hua1WEN8P4sSBQokMILwbmATA5XolkbVNoJe7pA7IkKmhjAwc9rcCxqfM EQblmJfapmKqlprQSoBwBGqfZ7mh/u+1VBRx3gmAlNdN0zI/qW4cKJ2AVf1S qqn8tQRcMztbQWb0gXimwsBhlBwZDf4jvJSpq+x4mZISQo6oI5OV8eNId2Ax CFvLn1KdTZH8vbPzRpltN8rtuS/BcMLMEEARiUgbwk3FZhk1LovShyCJRAtq FnpsZpFoJFrK3t3C2VYTo0gAk7VUjpeZz8SN6SJscRtNr6EnOP11YBk4CBIH 4XjBAkTQIbZX/EGmMSHZTozK1GGQWT5kP2PlD3jeCzL3sI6dlYO3dtdL9qqa tX0xPQIY5LUg09qZTOpGhFrSBZcA0zLLlAVihvnV7CVjmukwAsuZV7KcUwME es60Wd4p6jlKhpmmCC2e9UTH32IhhK663X0YEqQsqtF2WHtWhuwCa7+jI0TT BoxR9yzoiDz/MnMKjDJHwCin/2k6cspfl2JZTz+0EaoXXIGebIuY3bF6ULOL OLEwxbpEQ6XCcCjDWiLhHsv7We/NGgacEmkWrKj/zfoVq8YWdPed9feZ25DF BnpkLtYi8uOIePHSiNOqgsCP2ng7xFaxI00GTaJ/BZEv+r7gc3J/yqA6uasz GPbpZJHvMYLDEuy0kZj1HW0AOGd/ul4JSWOGlRLhJezaouvC6fAb/MK2vDM1 PJnIXV/qC09bSnJhns6E1MN62KIVmNhNq/MUvAvxAyArBk8Em3g+r6/ASBQF azLwicKyujMcdnkpk/o/DjeBtQhkJB0r+iXY0MlFxB4EbRVm4DFTjYOqWu3z KM3psqxbT8Z7QIJgmbf2XzwmVBXw/Z9IbGX3TJj7t3P/Y7aZ0FjY+oj5ioXQ Nb1aC+eSy9Moa6ilbiUE9BU22XZpCneWEAHS4sQk8oqvshWeAwoXi1iNshUu I0CoQgAJpvgH6DHi7UUnR2dgvebKd2YsZX+Aw7TodgPjhHm5C5CvAYS1OcJ7 Wc+rJOZG3dQhOW/XcG8kJ9d0/OSXXxyxO+IvZuPnCerEsCZIhDw0KiBKg8VM 2xBomyftdoMb7bJeIeaVl83vA+dv1Ai0FsLacpdAOpmweNgFjAtjO2JESqAj R/t9cpQ0Ur1PkCTv3yNH12V73/qVCaELygLk06RIpYOVYivZy1Fk4A0WsEpz ykRH1JQJl2wrFcexYDgQjGf9K5+s0AEIjlkRnQmhOzbRp1oDsU6uCp2JQIZ2 4g5H5r07JOCm/BGtrOHIrUl/38W4G2FgDKHraem3pNDY0+ZyyiK6ZsogNJCE TsM+kE0YbRU17lDcbFNXRJ+WXPzfoKzaz1MT+4VRDFMI27t7FEPxEMWg9ble HoyWaLi0XoF9pimd/ZbfQFdkWqvJrEufqXjRBLGDeemYcYgifhFaC55H56te 6bKPM36EH/n+yxfPkFq3f6lc31I92bJxqRmrjpn3gEIj4cZMUwom6EicaVLn DrsIhJ5oxB3jLZzpHZNctaaqgAAONbL0YyMUP5ZmceVnbVa3bP6RPYZxXAxD XLTNfIMNXRQp3rf1elT8k/ze++0VvLZC4caarO9dZk4rNgUksD8X3ywi8RkJ ZZ8z67j1SCgt1ttCXZOIc/JNuSQnq0v9wXIouebs+P8+8j7qePx28tchpn7f nlqsfC9OIMnu6jKYnyijjOPkheW8rP1dfuSazwo/cbY2Jkajn+j0NUQwuJmR srtGspjDzO86n9UuA1mafLlt6JpOB90GEAkvDM0VdI9im4j6gMDTdjfryxen uPVaIm0L3N908yWyZePFyLseKmo5F7T3o53E6Cv6JvJk5f0v9Lzo59D+jj+X BQ2KSEhUMLluSnV6Vt8PGdvayOBIA1G1NabJsfjVf+mY35NwoSCXR5ciJeGj c8mgM9WCdofKB8QSzSOuIl+UNoX9UkP04zfy3uNu5qRV2iWINuQOA/yGRMu4 1BE7/fbw7A97j+PzgtroBfkfOxMBiDO9YhNF0cxoNE732GC6HOpn2HayXkR3 98aQiopKogNZ4IC6m4R9NdSEunJC+bMsFcahOELc7s80TkIDOtIKgxBvYWAF 7W6wRAAvYRlppbCbaXiJ4dWbkFy9LePXdKsykQmbMY5jLNkCWwGFAiERzFU1 r25L8vpNEgkXIToO2McjO0daWUoYT2N0VDFAZHIlUXw4U/ajpeEJlb42UqOV RkA2IFfQFIfAoyOLlq2zgKTAwGSoqSCQYLeVnLvwBzXkV2Wc2k5dSaxgsPCN EHG6k3iT9X+q20pxzf6sxzAZw7safKyyx0s/NA7fh7SLU4ZBAevr9CdukU2C 0/Mp7uZk/rdVc2AXWebe0mwOmbtAqUn/DkzRCFSmyHnzgd+bKcKB76cVcSCo a2z9egWwYmR3tbiyDHUPrDDYqbPGi7mT5tRpAJJwkoyX4cBapJ7rvta+Sanj r2xR4kyLkt5K4YAeTYP+juqF24cVDKOFCB9HDIXaGUjaQ6RWIhJ6vuEaem4R owbwOuD1Ex8iUI1+TgSoSCNAzvZ27A0AcRrnQnrZZII/7gFe3UHs1T3bFu5x 1qlzPU4dijtHi3FgqLfUzfM7cLFL+2GGkSb4d/XTElyDYdzca7BOewbh7qhv sH0mQ9K8FkSbecfWMNFy7wR0F2zRyUKWFGOfoI3KKXG02z1pwA18IFBbQTG3 LbSFy9KIsNVlrhiUc+h6fUXbd05k7csVIMumpPiJUN6l0JoOqLoTcvncoFi0 Hfhw79sPz7L7gW4y3LudeI9uCDoi1MBPm36GYEon6PapESbzde+pZPDu3u3+ 3H7eSu6KNjx/j5LhJaN3ndHzG+MliGLDLksiitkpUA4ddVB01YGTnYZq4Y7T 3MRmkoWrJd1OW/X3f7VUJZG9EmkcvZpA3txa+9zO0o6mSOypw9ciNNMNAcv7 pVvi1gRIsuj3CPWLnlWPxLrDrB8kWuxJt9WeBL1W3WNLumBLRo45QsCmXsaz ILAsr3ef8+o111l9Ja4bujSJmxO5pwkFagkXyzu2+v73lQYURffFyds+kN3/ TY1tAYBV5Td4W/Bt++jJ34fOUvfpi5faENLgckxnqtT6Rh4KhqZFAdhhKmRp 80VmYeiN07reE31/e7amQjCjdJiODOqkM20oHLAEpZGc+qnzU9aHVPR/ZfvO 0bVi7fVFGeTvdgmVMo0vW82PvEa4s5ceBTLiWK62rvQ9SmLvsQAPzfrac4zU Ef9bWNxsdRN2gPY7nGzdADtquWlMrA4VJSsv87cPJq6tluWKTl0dBQBhN4tp 1E9cAtX24WyOuCaloKrMwWCe+7FsQ2RyPMyt9ScopP4oYU5N+WGwqgEVtSXC WCEJc6qnViI198QnwxR857VMTov0NjFYeY8rn+fplyHMT9OdWax4q84qQmRb 6SIan7TeyWkdpfN6HjOKeP+REx2xVeLmSrie2tWhU0rAJe1Ox76sUWvejZVA hnGgnVIhJMJmA0iT+/JLnFp+9oAMkpz4IN9ICcduhrsAqNFFAyAKGNvhBN2M qwq/uI67RCTtCZHcgCmufxOTOi8c92mY/X7pYFNkm3iI/btNOtSi6RePRePy 3D4cdWPz5HNMcS8HxteYWK3VOycHesJi1EgcSMgWAdFgzBTYe3x6YXHGHRWF SSoYgy2dkyzfyiCn5rxFBQ2l3nmXMDY4cqFivvhkbtIQ3bhyqs+a+azzCqSg z99FAe7DCQ3fjj0KcE/5Ar8SP+zzmMOv+LZc2Zy98YDGn58vlyGU65lZCT1/ 2PjViasVorDR78csJybTc6LBRE+jJL6C7rQgBkqRjVQjQ6VJo74v5NbNWsJj RAGTfrrGNlbHH0ZFNwJ9Oxp3G+nY7dTdRk+U8S7aFEV+UzBJtoRdk+y6LRt6 WEp/DUhA7lM3qC8hJDkMXfnIvF1Ao7JqV8NCDCLEYl/D0N9cRnbzKwMPz739 IzV7JlxBCRj3UfHX8dPHjx1bbL2vSb+6kyg1spBvWpKamNtX6Gms6K7R9sKg GJGUQz0RtGvT4PEIe1lKE6S4XXLNhXlQ0YdNY6yulbj8QJBCXqtOvVR6H9Xl dWF1m3zs/a5nt7HUtOq2yyDrTRqXeR/4q4rbn00os5iAFE1bsNp/zmvjsuav 9IZg6kRE7kHGupsgwZOfPThriX4gmUBggypXC3TmFtDDz0tzyL5j1B7bNkUB lrB8F+QGSvx7KOssFg4iUl0WkSpVlqb2wNjrs3rGhMbeOLhcNTfOWP2gz/yI qKUiuDHpdCdtZjDgBLhQv88lZARRzwq8LbwZTtRyFrUc5gTL4fvvWj303393 j+Q/iyUfhbblt8Hd5DOj3MKDh5mj3j1Eq/Ud9f6hfeKdcRHM3obK4UNbhd9r xTxX9dvj10stqxxZyicg1BfQPcCZWnzvS661ObS4n2gV1tialbUt0iswmQeq WkeqVm5sa9H4wbufAkNZRQWBIm0QsLNwk0yfSJ4JO49QXMwT9r1JXMqJkSKL IkYDfx14FaZ3/Cun2Tcu6g40Rf6wKrFgdtnYAsjSDIwqdRLYDRnEEoqUTCfI 0BqoT0CRlsIXhG+Gk97h/Fp3gup7pd9hF4lUPVBOXtwnJ+ywcPE1xHsr7PQb Td26cQHVj/U0MC5qmp4ChLJHW2Yp0y1Bql1QFKYlay6OgwR3RZEja7ConBwa h6AbMQY202AJ2jn1tHL6z9fHXx+dne9Ovvv65P3x+TdvR8V/jsdj72oW6U/m NABNKS8gDZnIHlW6LWDHVhLUTdsOayxeh5eLwdDRMNXmnoH1GyEeEBXHzk6m GzBqDXdy/NowAkN86KbCFkV4PnVuapOiNvh7Wk8oDnIo7+h+gy0gx4Tv7PXZ JDPInmKBA0Pm/fLJiz2ENm6wkp6jFPG818KpVc144PjCqFuMTOk32gHLaeWC 0uibbwJ9mQy3bPXsIPYjNM6pdYpLlywkWUC3/HYTe3ypH887n3Nrb0/Vm1Hq OCdKIcUmMBOCdEwLLCDCGbKI2miGjTwCJyWi5GsTBLqTt7esXUr2FfBinYUY HBLDal31EzQzhUJ80h5ChDJIa7XtG0SHQUhI3HptZFQvsoMdQQOO63LJ5Pqb GbVw1lYf3l5TfQk9hYgnuqsI42kpreYLQN4YO5X0YjJpez3xiS5Rz6JQO6Ez HJpSd7WGIE2UDcVlFPigLP6jWjW7UPrkp1ZU9DA1luSVLnojnHY67OjoKIok WsbEZSNHVbGA391EcqSbk/Z0stIuA2cZG2OLbXzpR95/jmJeJjrWQBrO75bV ZDHrbyRT80XpsfDV/zw6PC+OXx+9Oz9+c6wnFFxOD4t+Ju/+Vrw+enP87uh1 8dXfzENT/KE3zuiM+E9s7PRL8T/wv5Yf6p+KJ/ivveKgeFbsFU/9/3vuf+fQ z3nbXvWSQSSfaVuOQetasS9NVtU6rt2JNFz5Vli0dFNirAmlonc+GAuldKm4 ulDUATZLW2MDU9txdbZZmc5kOMyx8hvQV38J00uTVez54+JPBA5bF3+mS95X y/QSa4P9bG+giTk6aqPmX6FSkKmLEyfOhDTq1rEGCSQWjIaHKCemGGEpOjVt MKv7D5tVxIhA+tNvn3DWhMPqIwZWJK/T7VXDS1BTgpkUElvAd9smd//+yYVL Picdm7HQHtaISVyiUbFqSyO/yJh2Xe4/fQaK+/3Z5MiQ0Pilchr4KVeVEh9r mCh08SU2A8p3IDMp2vTtBwR6jIqd49bC+Vi782RipeiZRen/XzvyRRBLhDY6 QkkCxZ9+eFOACd0KvY2EEkd6mZ/maqqQEH8Xus+tS2mzoMryCVRZomnEX4WV IyNE3y6hZqIEgxLfp8IapukRPD90L7xfeg+2SW/wTVIJDtwpjyBzFKhSVKDb WKIz3ZdUol13EbZJ9MH9En3wO0n0P+j6nypi7kzZ0YN/kln1J5+26oeT3aW+ QgnYXWV2ruqxS7ZG0fnBWYQJMIcDpaaYeQpsPtEGM2VfZs1pOnEPorBvrQwW WA7vxHm2TBgxMNswFeMApUeKqKbhNoF7cr/AwSX9wkOr9D1DOTl3BvsytzZP t60NHcIaCcMom8Hv2aBY/qh98UsnqWGti5SX/oCTgcpseJm80UZTWxXIw/ff 5T7t2cPFzpJYILgSk/Hvv9v2cc/uX6dnsR2RhAH9Gi1CJuiEFFdYzawCDfHA JLDTVivsbdBIA49StWdDTzYtsgniXpv+YABe8ybIf6CjpGBsMcbwSV61crs+ eqWjKYymKPn+59sUY9c6juZGD5NTDUvkJuTF/faQ0odfA9U38DnaUAdZmeh3 MIhBjEml1pBwI96JenUXGbv08MGgquM8NzndkQZJBmERuqej4p8JxP01KCjB UeB1r795BIERrPRoVvYppcS1P/ozYZda58np4Oh02LovH/uF6Uw/uBUDVSss Nrv1bJi3kffySihnLE8W8pvg+bAbSw82Pqsa0jq9LooC0ddIUEf3z3iLSW5W G45MjgowuUYtZTZ0seMBmeQk9DMlrC5C40Ej3jY1se2u6/WGjqT1upx+QM1O 8mvyd6dl2y6vV2WmmNRL8Mv7JZhjtUt9DoUHKE57Gdu9ECA0I6ZgNmi0KOMj giSsNHG7RiOgTgp1k8Zei0aYyQNvEAzKzJXNOPl5Mcr+oqf/iCbjbcifSe62 yjP4FEndXEZiE+ckxGk/q4iFlvn4hmJRHDjJOsIIADxLmy0LIAjVEthltXol PB4Z90F4Hb/mL2W9zhC00Ov2sq/bf/DrnoTXnUj76ZBAyr5yP/vKgwe/8ml4 5ZmeiN95M20De/C8vMrq/r28O4HMmcLilepbMnufPYHqlLm8YF1eSbShXjjD on1jUPfXSrQL/4eQROpiy6CdPLPFrYVUlaPipmnXxdIUmhAx6PCVpI+I+pNO bnIWwQAHAqa6va4CA1MxIM8Ay3a+P3/z4owqd1HtMQdnUTr7YeMhoEdjDDmW RM3grx0nAqKBQNvkBC5Dg0IF27//nm096MNA8/syd3d6ozUNDm31fd7R3PsE nyNm5th+cD5/QPBoq9WzDW+egLIyBykfLcwnQgZ19vO3mvWJ7avFTBibzpCV jBzl8alRRRQxvwBOg5iX16KWYzAUGo0dmJYt9BSeffO4R4FaoZlVc8Yg+HOR 02mBDg2hE1RARfwr/tOm15TfIicEZpf8j6QKBD5jBL6vkkpmKFugJkXOuq0x sMfq9egL48XMik2fr5STgwziMLwKQUUxf0IXlxgu7QHg/f8CyphGU7Yj8wYk 5h8xUKL84phqsEjC4cj9aqCeewBQj5Wd+TaBiUspQ3brf5Lbu7Z93blWkWEb FDTqIXEBe9ebRps1d6uqFBrFJO9UbdUy38ThejXf9Qb9MRVqml+uWpjG76oF jlZo1BODENjkWjpnbXjPYfuNXKjaBPZgNOkgtBgsTWMJF39ZoCXYXK3KpZcJ 44sM4vbSQFv3PCGtGzKjIbbsiULONDfhYYILgERz37tdGbK7MrPEZ5EUhBkv R3Jk83lxC9zY3uNBePuVk/KSkGQXx202xgi6+qwfpb93nJAnmoY4xEjV6ub9 UU+DOGppMJavAmMYxSFj6v+5dtALMAYuAqDKI9N38pR/z1nbNrVEn+DDE1EI oifiEJMVYuhOPz5aSBeoDS3zvwJJ/VG1mW+QR7/g3Ckv13ty6JHYsN/MePkA M+MlB5e8UhB9IHrovhMjuY1TkQJG7T7Qde/ZdhhMTbWVPQu6RVh+JoDQsWMI ifYQZc60K/Lr+K0de3MiuilKaPoHdPRANwYCT/5PL+kNNzYvzA7ZbVZX3hel Al3oiTJrZoNnQ1x2byKvwWqVRpmDp3y7OrCt/1UBKdrBc/y/S/g3Dwfu3Nuj r5zAyOCXOJYcLqkLSIq/LQj2P9T37dP3vZfR6TdK13lZQ+OZZyU1gpqCW+UV HSMMVOxiILkri8sNpkAzZ5mypEjGJGqZEj0VnCLHNUtcwytJGoZC2o4wxCdi fDhRZMFdzIYTRxJ+xL1huoyEt554by4v5pC1MczJIZy3Et0jGil6ZKR6ZZ8Z Ltc6Sh7JAfiMsLVv39gyJxOWD/QAfqjVbZm2BiWL5fnDLRaG9vop4rlUMFSz WSGQiFKt/hJN6ICLweNQaps4zI9BwMBpPUpM/Qlew2/woyR2PaZ0uIBz6TX0 1IO18JNyChTL76hRhYQ4pYdTK/A9wCpThRtLX/4JgQt4zQ31ylaYgFcA7EU+ Z4r7GwMChhvas1BmIOLsXhDeGxGqH8s7or74kCQSLqs1kCPBVGImAGw8eCl2 ElwHW4/voOMQUY3sJToq38AnEH8PsAQChT+EPIinhjZZs6hsS9No6be6WlvB BPBmhptmgQifm7dNczqFP3DvO3H9SEh+umxhs+Ui9oOysiDQIeq1FNwfK118 TMpX5ysuaBj8ITIsfrrZKl4sAcRvTmCDCPr26G1xWC+9/EMzleym7k3MILRa dKNJ+8Izp/pMtL7eTg53L0q4T8Lxpt0cASHhri6Tq7f3hKDIvIzcO0aIYaUA 3K1pHiIoD2kaMxgoEWV3rVx0IWEBbi1Nf7+tbsL8IKAwgHpNDqRloWHTPrxQ mcricItp01EtQpKCiLDuHZgAV5EqfsuuOv/q9QNAUnxV50tz4t+djoxofqhu 4m2Ws338inUB2SS903V8e4QaN+EAeA/XPWT8IC2gB9nQvwsd5p1t0hg8npG6 kFECzy4o6LGpFlyYvzSb9XJjkq3w3iPT8/dys5hy5YS3PI7wiPZatX+tiedO SpwzTfdojPOAc+208oMrtW0mpJDJoUU3PN1te+OntNs6aMt7C5f3H3fgliRn n4hSPCKnFYdKD+ADR7gM1B6SGDmdTBC+12mhuP+UGlSgR2/0WeAAO4Lo+L1A 0v29voKMRBtCDwvoVwPmGaItvPF1C6gdfI1FskDTIVWfXSsTUbhIJg3Jlnl5 B4UA1bxGShr/OVrDndZt4Af1IUP50FhGZRT6k+NfwIEfNrME2yo2vtmdcXgP 7+uU3MEr3qyq6hx2SnxfVGthioN4ggMjARgefuNiTRpjRWkSTWtG6VPDoAZO 8awNb8DIWkdoOjNaW2gITcGQlgc5hCfR7pF5pk5HBKCXjceAe05q3wKdG9cS g2vRt+Q0SMnY6ARwjAfwSlys75ZdKvi09Rpj6XeYdWhH+1FwnF2Ey5ucFGUr +xKkXvoxQ2o6/wjMRCWUHzKi/jAt9gXCSaXqKVvt5crA0MjTZRYOyoIhjml+ g/XEcHRe+XXAjLwfyTLihWcCaYkvRkXj0p8Su2ky8Lheu6T4I3Ss4e5bUUWH N1yGUoHnJ3YFM6r4/O5HsA8A5aPw1nL+EZqPwBMpBwjy5cILOH6E6pYXQyLD cEr1NycI4GE0eJrLoOSTImxvmM/mfuzeTC9XdYMzatpV4hQ5begIq5k4D3EG loULEkwLOPCwWwjFmoV2VXqYcdRR5TAomdAmSYgzO50PYTq28AhtZXYWDYU2 ND2o9xx6yIOkTu26mn6YXK7RaJc/IYQfFRI0uamgM1Ir9DXYUKqr/DqG+PeL OfQxrhmAEFfymanShhBeNK68zGGatzYURAjxK4AKY+r/B1mGR8WHDfyv1QpP pul01e1LJHoAJYe29cyJJVov/dOW8Bj4X6slP2bZS5SO/GiJCsKItEPdDTY1 HmI9g2B7WQeiJjGpxrRGhnsVdV94HhnZ03mJDepEz2GPPn5leBR4tRIMWnMf 7w3AZolmbzNf19446VRZCR2xQxtbihiCUmDQwapSvmBI4Quvll09RAP4GXfZ GSeqWKWjt8VHhJ4lnzKuufLqxWsPmPb/sfN/zrza2BtDpCuVmb5V1vWhbnD4 AVJwKtMAYbmCmod23i9JJSzvweNvyreElifwEOLi5De4QoFSpAZMR+vufFnS Z8FIs4KCqSzww4Dab5P4WanQ4FC7+yk6k13RJ3BUja3qQ2JyHFwid3FW/RTq xgx9fWJZ5kfnB7G7xySnnBxDFd6AxWxKmf2SZ9ZYpnKkcDNcS8GYbhEBfywj 5AQWGWM+kL5bw82S+AyqKV55jA9BqIrjZ1jCHrZwgZFUYCoIXonVDbVpFfiK rqEaTzxKzeD525b85Wqt8OnShivCvTCttG1sc1/mh4EvVF2uLThwtsMhQMYX t7IMQQX6Fp5tP6I/I4397tGsXjerL4tTeBlMxU8qE35DS06R7Eag4gJMHh7J B+MfkzbNZgwUBvVG520NzTIwFa3JVhshDzanMwyy3AmOiHCUX5lOLlYqW12Q oDqlMae0TL+ur66LeVOqZUYGxRctduSuoElbc3k5R7OC/VoI+erzFNL/scna zDVQWDUrZSYAn4uYfeGgARSKn5qo0V0yc3hmg97GvOoVGKvzO14CDtay4+1M wRDHM3XIpkwNRG/bSldetqQbCnLde0VeLza827948oVf55zo9u9M7rsoEm1i y6bJMiis8k5MWKam1QV8xR1azevueDdGzAjU3dEVnTdZcooO92EjoEPJz1Ag zx7LYH7uwuyivgM5nV6DUMhB3aphcIle9Ky+rWebcu5yWr8teIdw7ltOgY7N o9Zm2d5ebSUOPTufvD/fekVR/HzP32+3/f0MC1BW973CC8Hnv+UQxJ4PlP6r cF8TRLD4027Pzz9tHcXUUMP2fMi9H3rP3/H+f+ob3p9/zoz8nzr3978l9xf7 u+T+AVk8Q/37rfxBOX+7909m6JnZkfISRULNXySX6/1oQM2JEVd+ci3k6C9y RvMN98z/o+Jftv79nvsf+f/xDxhgGXoYaJie7v0Dc9Uj/M3WEWx7/yP+v8kD 6uXD7n+k/6UP6MoZyj9/n53aYfGDeZT8N648mx704qN3r2nhaeOrDc0/+Eu2 HYxUA0q8Z+Bdgf1/+H+iqx5898+Z3/bdnZmezG+3qIxBNIXsDh+nGZJQ9ivR Iw6bQUnwYmXOB7AWrAkK6FCwXcP5Y9T+2bpaQg3szP8PPi7/Az3o+tTNJ/34 adgrcKveQM0WqPz9zPtgy9er8A9/2UHvBJofDvTgc5885AZvUm2wxnINptmC I2r36GfzE7WHw+gfqn//gKeZq73Qh534J5yNZwV0iGqmGPyA/fG80OnhPeB/ +SLzMJgjcQ15jl4+ZMhTcxAKwV9gzH34p0duDlXdeTfHFXuPH3J39In+u/f2 MhfBfPEVPF97IC0fURPsHaSP8TO1l1v17kzt5Van+4W/0UzB7ksIFGSunj3k ftktME3PM3/vitUeCIxsBrjtZXiMqFtX7OdWCiZLNTJO1n5uaTo//Dbz9NzG 7vs27w/5O3J7HGXgQ00HBH7c/pOiu/D7uRXtLvz+gyY8t/Ax6PtBT8ku+X5u BTs/Zsn3c5u/u+T7sMRmyQ8eF5klP8itZXfJDx60dp0lP3iQkrZLfpDbr50l Dwi6z3ebSg0SuTRq+3BPCH7OIAPyACm4z8rHa8jYYZ3ygBsSB8eaGdDpA/zX 4IFuMUDuczF6PwOcsEfT5SPvhz/ybvgj74I/ouAguvDRlehDp7d3Qnp977Ux st9i5Lc9l2Vv5In9s6akHnpj5Od8yhvjG60N/Ek3doTgdx7q58wqCWTGOvzz P+V8bhZdNQSS2Iw8/N6frSGI4htSZnmh6/ugX/lO/PHG9+cY/RpsFQCMxvUl xe9Cw8XQnkMimRHRwj+ST+C/5ibvFcB2hL/yfz/IJ+Ajih96v0uA0xPlPyAa Lb2Ve8z6+Ie/I0YxqLp7oPlATOqaSNF+ouwxJD9wYNL7xK0AI0PcCqqAJSei 41lkXAZrNZG1fL9Fn1pMadTzoWZTV5Z5GaAR5cMeIab1/VZrxwfJCJ11Qci0 BqFjDyRniOZci+6M3m+G/u4z+mA3Vyb0fsM1bOEl+yDJD8wmYj0LcVSM1Yq3 cWWwc38o3vpfl9guDZIfb0Py4w1jCNviP/+AcJBnUK/faPumNFlyqdc3m/U8 abdyQL1NVpWL8D+I2WEA3Vh6BjDkZlaVc865h0crJHznRsa9ozmICk4UumI+ t4ocVDRlIgH5gMMlMLrmToWLIqDQA4iynMMzdNzCnI5YLIgLXV7CiIFmlItL qK6Mywp6ZokeSoBDaWesvCTU1W7krpuPwM81Cgm57Hz3Tmkxa5zQ2HJ1C5T1 AfqjvY54YXGUkhHrdst5+ssvDjBTzKkKNn25EB6AmnhRyPznOgeb+DurKpfr FvY86v3JvA/asicImfZ3UbCqy88bta4k4pcpMjMgNzL2r9AC+OOoZWKEd3qG /JP/8ndDSnGQ8GDA2d5MN/BhX7SWoMIPd4cLwHfG//Ij4seQVd5LxZQzWFIg Xmv2aN0sKUsP839dexWyml7fYep40yKRurTwwiajbTW/3DUO786o0Cr7mGw8 yfBbuZTVFZaNnVCHveNibxohFsFQCoX+gV6LIIfIWQESdlN+qLi69gsQw3i8 sCaXG+xeqbuzluWcNVRfMsVYH+/o5P7b2s+CVy/A2nrhpWeHBJGaWkOfZ6zg h2QqT5sfs//aq2q1XEHbaczsxd0SxmgbJmMJg6jb6AFYygY7HUaCgILMcJDV CVOZxOS8ZUJKSE9fAxUBWZ/kzJlCaQbhIDKoWlX1gjObCY5DWaTL1epO8qQ6 au7iC78+OfnqkGlxk5rXfcBkE0ZQN0vooJRsFOoehYLQFoOS+PvJY4BfDanN F05+vQbQ9GVF/R0WXGPMvamdaSDcIL7Cz1gz89v3omxr4VCJgqDvVFxH7p0W yxPY/iTU+1vI+ZPxEzh/lIKYJZs5yZixrp6FNsFWOoElsrhu5mTlC1kE74Ro wwz49f7/DDExDbl7Ug8qN5yvhpo0eIRL+CIG4euG9Ek8NOqGEY/K0UzC0MJt xGFN4hvGEwYAWwDFkrvPQHWZfjdIFYvAWdTebLvaRE6dz9ebcSc1Up9vpLTB CwQyNoO77S9OjlNBRXD9Y9IPF1Sri58eda+IoQr2roUxH1gIsVu9QFemlTaY x6fF78iooYUBRAijloNcFE83lN/RxZn5RWKarwj+I1WAyGBp9sVIjxtvtvoD mU54IKaUIwI6nThqaoIDlLHtYI5xR7je8egluJsfE3djWXF1rJP9iU0+pL0k fwOszbGpPmCAcfIxtveQKbQaQEXDe6pqODoamgpYkeaosAH62zi7IQ1cGIsj uCsRovtwnaClYNTMBvj/kzYjFlEtUP24WSYoDTISsZ24QLqGpACpHsAONADW 4iaH1Qo7dDIo7VKLvPg+OEKoN7fWczE6JsAEhWkfiz+qdKAYbzi+NAZUQJ1G tIDAaEyNkHGbwpKYgSBPQ0x8I3bXmupUoTwhAsOr72MuTCjyRlpoS99iH3lk XXraexb+Bd/AEHu1YEsAzxdU9QfK9rpEGtjKG17raFa5SzKQ4n30G5YLBf3N dBZCx4NJoAc23SJC9fJ4bwgiyi/G4i5ltLUces2CjWTq6tRGaPwB88MaH4Vq bIMqNnt7KDqi2+gx2VvPQttYae0aVB6cc7ARGFiFjZtYeSFBCkvvFN5ijZRX ZlVn9MT0EVxh2veEcWZQIr47myUKw2qzWGCkmmGODMtmB6XzTFTUS0a5cYe6 k0W1+5dSG6/vKr7lzLv5N9WX6WQJ3bzfQ5mnt3gTenhtSyzB2Cwc8oyAc9O3 v2Jq1JZLEfyCQ0TIG7pMVaVXwiRu5utWIZ7gGHCjOXgsHPLdySsErGdIdvT0 6Vzegkk1Dei8HcyXz+oVl6ntsB4hDT9BWD9AsUYOV0SrbcrspIRPGeAmqASG 6mi6hurF6+ypgxiqWQE8AS1T/auVAZ3qDykKwmYzDhGf/kUbamW8vel/dUcW JKpPL4Y3/glY196i3w1MXrhNk75/VEki5npkByk3DkaAxHuPvz6AO6jozM/w a/S9keDly3w/VVvrAH4fLDRYzkjAWrbx5hrLEVTObvxd3sCHGIf6amETau1p IDNaE9c0su6bcdwVcYSatzDI0hJFSareYHocqDA/BWwKTZsZq+D45nh0oE4r qnzL3A8Hn5100oqdFtTelo6eqq81OiN+bbUgMl6vHTJvZcssVoTGU1VBh/ub xS4ChCUVwAor81jbliFR94TpX1dXwHUi7RpaCRehBbzA2TCcwWUgK0enWs+w vq9aRN18onsTOmLh3pzEo4QyS7+F/Jnn7cCG2rfp4apE52M3SO4DH7K0PXVA eeMX0XjM/uQOabCH4DXKhg5bHsl0Odi2IoYPbnoEBYyWARa7wAVO/hYL6mG7 s8uv52q8p7HDEsS4ylXd+qNhmDsQee25SFDa36VLk1GA0rO+GEynq6GUcV76 r74uvLc3806LNH4Nb4z+MBx3x4MKWcpHKyydSgoz7e6jB2BNQKsRP7k+No+w QPzG2+uqjbgwMLKX1llR93sgNLhbatmpGdyoq1VkFWlb6qBYAZGhVd5WbbI3 oxki41C1kpP2y535lfcm84slVTil4RkDLMVHTv2KBJLLOYfc+zGMJeqSZuug XEefmI4RuPm14ZbteK2TY+w/Q4ycU6/8jzY8B0XRpacRmzdeFpfD2GLeIh7u fvEotouH2yoey1Q8zITlxWNAFfbKo8mVmvG6QiP6IEb0lS56eGbWkvK57Ny4 T9s6nbnZdmSa0YEz+nFVxxTXVdRKVza7d5SatsacDOk3CAABAXCZyueyXF9j 0QgGAskSzq5KMhGft3PRVUQtBZU1OLApmDHeDuJwjB5NzlS2G25X8skpMrLB GEUiI1Fs1FsTybfD9xbJ90KqpP2SqmLOE+2JJq2w7ZXFjoCTdvKG3SsoFBNb Hg5GlhRqtyipfAjiiBJSyZVqpNI/4quyraeHOMoSTVJluhyq2xP46dO4ALDx TMbmc0ItIZfVW/rAyIS1s+cP36KzyliEs/S/qRbrzPbEwZnAtSN2nzhCGXUp gDA4JhGSKDjzu4E7MJh4rQhXe8W+8IYWooBLCughPS9i/zK+BlkcVBgFCSWY QK5DDmXlgRRL4kRt5NRi2D1Qf9K2RjNipbtsxLMIpss6RPZjo5W/iPAe5F9R xSkLMr+344+h2sBmzGFUDkelLQnrxW0zv60oW0bWIk0Mx+29zwUpxjmwsF15 y+UG4vGwDDcQfzC5Ni+1Fxvpsxu36qAQGnJIcMhU97jYP3AurqUzIpbhqWsD RxuU4NczDhlMmyVnOEPHTVo2MLgwWmGgLVuDx8jkNmGt7U3EURznlg2jQVpm 0EtDtv4mpzfx97am5NK7nF7Ml6gp/kiy0moIOgl6wRXb/EQE+jfNejeyAbyo S0UmVSjSCw1/TCUmb0mxwhWrpxkOxCXMLY/8Cm8dBb4sGgIyV0AoZNL9PhOZ TVcgBELsEN4f/fP3x++PXvvFp0lL8x/p5/9R41rsefLGZIqSUm4ammvke/Ak KwKjkWQapfQ4euC6uarw4+lINp0nChNex1KPVgZu2n6hLagsTravi9a92tdB jTilmNtQ/aTtxzfoZLnJjBYxaSU1FS4+LWHgEGRIWgcaZGB+gSlt/Ize2ccM I881pDazh5izQT4TjPK75hvBE2D4W1gg7oqPlWRfCVXBKIokQmn0K8Y0wlfK KWBRBOSlEO4Wgl5kHd9QnNk/nCI3uQ9oUe9deiUk8dputFQiHYE7S7wE0/IL muC4i410CEN1uPgC0SHNRxzF0EQma2K7Cl/FyUL+7Fkfec2zkDf9Q3FC+/Ur ELEfkv1qkqqdDYj51InNOpHi07QdM9BRSiy4Hc0lfjjvlrEDjk8vzNcNJQ69 vwP+9ZoDEAHg0plPMZnhZHKdNLVNJuv5SGPLJcDD2vPjNSGu37Npt+AExlFj kGfa9iTp/TLmkyZDd55M8AueXnOI2OHBSod8SFGGvRzZo2unnFADaSLHYZ6h HNzyGNl/N+WsMmZxVuC9A7ey/ttxR9wlMGp5CKXJjnIRDthBiZsCR7lem1Qw 1daFMZlx4Ou7Jaf4LqxPxAlzGhTkcWtvjvhZUsc2kBJxXxJNdkcmZH1pfWkK EouaQl0ntBXLt1o74Li/VxaO8NLkFHU+IOK2IfKOn5b1Sp0eVtz59XelAbe8 Ct4ApxMD12OpagWTHxRGiLw5AkTBx4clalZov0pnsGm9mm5uWmw3LRnczjPW kq6Wxwxj/xI+1IgZfoDj9hwqYR82QcQgdqJtZXA8uJ9jQxIzVjt2a9HM74Qc wHCbrAbOTPdZsholwDQLaUIZ9wtqkQqq+3RBLWJBdR1BNZ0GQ0DmwyYEZAJG y7V33nGbrnnEFML3/82duToS7/4AZwh2tH5XXTWYDvP/zXDM5790AJMA7GrF LcT7FuY+yfxKq75m7g0KpwgKJcJgMjPy9gG43o4ZzsZ/AZ9fiLS5xTO/b9AO jWUTtxmks9yhhVeGVuQG4KeBWICo5L0wf7iw4nI1Z6KZv8c8Rw8zoAaBdZPZ iIaGeTHq5ObCMEmk9VPVg4Jv9gtZru2nmq8TC5EltX9wIXqfjq5eBzsTPoFA qLZMoaI8k97BzUUkLoA8ysIT6UVX/oxi95NDjH01M9A/xTRg92GkiTLJJqJS qmaW7ocIv7/Hb8DHP34sOSwvfiXYedj2RLId2vjOW7mrsui4nI7hSB1hZejT ZUNhIYjnr+uLeq7Girw9QfSO3Q/J5NDXowcL88NTgAyA6XAKZO46WtxWc6/k Zq/LdTlykFCYzK+wN1fgwfJSeHri/9+qvoVTidQZ9BjGSBmwplDTIvxDvvWL 7CqWIEMhFHP06vxIB06VNdoIdr9rW6WEMc0CLCz0SWKtjh8g4v/gMaEQr4Cy yYupNDDpjDHeDxI9VHZL5ZzchOamsozQDgMKM6TrIPgFXoF3iGhjvsqhzZpz OFn3WSujVi5x3oouKAi+WI2kMMU8jrjyxEJd0n2d0RKvirp/cDiRTscG/2xN 10r73P6RudzK86O2DCzR9N7NbjvLJQSHqma7q+Zk1dDVzmk4IxdoVq1XURhU FGDQt2NGJeLtSF/55rDYf7r3GNspGg0QmYYc2tBrZzWx2EtXBXjlRXVd+rMI 4StpfQCtD1D3KTpuDeADec4GAqvITMlRtzWx75WsbUAHhuVxiO4B9KAXz7/I 9NXQOYGBf2EDU7xTu24/2d97/MsvZMKGM4EfDf/JX7FZURU0YCKQmZMDQoe4 oG1xXs4/MKWbTsoZnfLpxNHUHV96WxB5rEItXKILUitAouN2l3ltvPfy5cuR U9myvFNZ0SqtVpP7I3XiygswZGxcyjKkxrJsdBmEoWn/plaDfafrvtOL6swL zqxi1mWi1YL3p/SyoAjs7/wpAqEHwL0CMHPIdoCuQVvdlGANtqS4OHiL1RvT 66YhpqsZkNiFHhUxfy1cKo/vnSZ7j6RzHrQAMhkS6GCZ4UpY+BRz7sKFFnjY kax9kqzsQXObPEcJGUVV3AJBBMmvw7kLol8uxFrhHGzPw+6f5YecWzJZZWuq mvxc31YmPPScgkNgzJ9xHxxgAEeatzKqr3rxC6q4E1LM77AcEq6G+O2q8Tbw yeXuKTlVaQz3Be9V9AWhv3MEAlZnddUwU1kMIiwmlMGkktd1I/grvQ9bZ2mu g5EqyBso8Vnj/y1XNTaedopUjsstjhleTahH74TQNbZXcHMhxKPWG0vIp2PX 0YxM61aQU1C5BumN6Mkj1sx2HVa6aBwUfG7Uy0fHjv7WZTkFOxQTQDdl68+r VQljGDOVK0gTPAnjXNN5Va7IcZA2SMXVpkROXUazzqHTa52AzqnPA+FkaDr6 Z6O0Xy+LdichXRs5TObMTPklIK7OlaKRAnzC5Dyy8t0WO/7ij+WKFo56WGMR 3mSJJEs/FRMQsr9/vakW1V27+RFCDE5SdjVx2M4BIETxSDo7+EHeiIalh2zB okSc0a6eyd5MBQd+FxZul+O8+gBKfdULLcWsgYMP1yBGXTozyTSzHSE1kwhj xYO+lSBUZi+Kunxdaew5DfK+IJ2H9ZNxn8BprAxg9j96dX2t+cE5drMjggTv DY+lgj147iGZjNqHcagdedIot9+cEAeuRDb4jAUGzih4DnOYVDh6R2kOvaDo KXw9iotfWkDESxw+wi9zcJRBoQjGgdylwxRW+38MQ57kdjOH5ZPW4NIkXexl HnCjWON4xDGiVJ552TRz3NDIMU7XI3jblStvqK6AllO/i88QCAqppoE9jH03 7JAArDmZQ2736joUXtpUKMiwsrxSto69l5Y5vFEfOGKv1QwEZ3q0cIZnACM3 02mFKXBcFy85cGrCZLmQU+GmZXCw1lA3yDkUL8QlpLox6QirV99UPO9u2awV 4NxZA8LZ0e70C/lGhkXcrV7WAIZTr0MHE9mAq82cd1JqVYcWVUjzOvUTcLmZ OyzqiFZIl2cnND/Z4RW6rco5UQJPvSgDWHBnOQe8BV5D1jiN3e8UjLpVkeYB JAcEoHQZ5LNBuddYNor4C0PtzyzAFO3gvu9EjMvmPknpnRfuNeMTNIjCPTip kQ5wJmPvHcJlF28xZTPKPTmUKBNEJ6JJEh5puO/1pzzqPTpm2VLf8f74xfgA GrGPe/UdNCH5CeATUj7MJ0lX62FpGJIKI5QDxaGSW+NTn00JKtTG8PMSX+3/ v9FToYkCLCbVO4Z0FGi6Vd36c2Sg3XLdBhBRXiWuKVKB+jy8iWngdV+ERgYg PIC1AMSPM1nm+R2GF/RYWjGsdeZ9NnzCl5B0PvqpWk1rLELerNmVa6s5aFJU PgHIy8Xk9XQz97bC6cmpMy0Sx/Csk4WmzKBE5+Q0/B0tBwQ2llKAFM1q6FyB T6IkSfiWEVdiXmPwSxsZ+SvmosXCOQSZ8HV8PpbMNS804SuGEPHk4mxiJei0 Wd4pKKleRWPkkg+k0qhm/Cja4en38CE8IZ04YWPhtbfy6mr3G39K+nMF80RH HNNL5BFL6SZFewPwrnZzcbVqoACFHqedXpLnwRg1RkigHAeSBycuqKyylS7k QC7vr4D5At1i07nlHRJbX6Ci9HPJDsfr3W86EARvdoHyrdfUFWMFUKkBZ1Fg 50MfDT1YLvDEvaRoND7NWtKCvA7fBtmhIDBYrys61BS1wIesbgKU1YuRQv2o 3BoY9FGNo6N0kYF1GxWEEI9oXE74yyF6RBWetvDWn1RHR/sjGbb/7y9aA396 4FfI6LH8jxpvKowC49JOjAqJLWPD6Ol1OOZHRPXpvcuWWAnEe15VLvR7LApo V8opJVhqxSUIOhxWRtNfodOow36KagXH6AW6WDEn0p2H80lrJ1A6ELvBfvR+ 1Etk8lCOivGdtBD8tgHwvQTjUYwYqdRlfDvjXciuitaICvlbb24EwMjREQDu tn0PJu4wWqGOVEG1Izjh0KmU7oApBTMHzC8wgglFSMj6GsVi0XBiQUFtmlng /pPUEwHU691QQNproWov3h8dnrx9e/Tu9dFrse4JawdmDrg44LN7sUpPNaxh /c77v7vQsSYcPSEdqQg0Bu8V7DNRVeL0rhgsLwGthfpY+63R9MqhPdcXYJ+W GdloYnBI/QN0xVzhO0P7KrPVWuKuV1AUFOssr1dAjDEq/BiKef0BDPsa28J4 x6OEzMTfqjUbmcIfwh41lEhmGiuGklitgKHYr3jZ8IuLalriIRZo+GPiESyu QdoLpRFEqcRNPa9vajFcx+6NTYxzA5x6bRagjpCPIedVi83FMJnm0gy+xLM1 sYSgip1bEoi9Q4XW3R4kMNiwfgAl8mJ1tEhMRfP8fWLFiTrukVlw+PYszkQh 5f/TZ0/3f5SMsiYnm0vsEHDZjqW1cMuVb/OujGoacGQXs5UkYtL+r8E+sMbc wI3OKKIW3hkqcc6/O+sg8rhrIVYBVi0bQByVtmYjQess3OCMMQNI3uMHKnHa U5W6ZFM+o6PdK0D2L2j9QeISzo8IjwDvZdwml2zRF4FmFgnH9TjVtBpBCOFz /cZcVNJ6B33cj6U/utDC3VDRPJVHggZSUpv2zpuaNxrIDWf5phXmm8gmRA6Z GrECCGImhxFL7wk7AGVxN5ubsSBv1yuyttDO92rwHZVQjNAyOvVKuCXX4Ywq pc+oUroPIfqCMLpJnoUAanrOLcAZZUS01T6ohrmSo14sIX5xTsYm5lsW5czv UKxlaKvNrImLfPjpjTeMBqfv333dDi3mz8WBFHwdNWQlwCEgQNfreUU2v+6A MfT/ER+esIZeKQCe4AYE2euSmiyEVSVQS/Rx/PstRkZ3Aq/DNX8w4gngbWCe SDYWGjpBip3MzgoLM4LZQVWc4IesNutq168C+K74APBf4BkfryF2C4vfLkvI H024XFzbTyz9StZTKrWNK2eE6OXwh6Pd/cePX+w+3nv27JdfXmHoCc51XDn/ CG/B7lYsPPEjuG9LO920Lenkv7+lwNnfIO5+Sgv/z+2Pgz/Q70/bf/bHG1ok UlNHQSa/2GhoJc8HswOMbi/v63Hx9+Ozk0fHR4fF/uOnTw6+3H+899I/2f9y jL/YhV8MR8Xf3x17h/bstHjx+PHuy8eT4n11O97zV8Lvx2enY//7f/W/X+3B xV+dHReT4zNg5/1hf/zYX+b/dbDHPCukAqL4TcuKFdQ2TuvVxptQiK1nS8nP Sklppl7OAWz+rQczNuOMxBYPK4ZSRnPiVPiLweGZF76hxH3a8pKiY9gzrDBY Xd33qGXskCJwOey4eYtaERK11NsdI/N+m+C7pM51lDzY9X9n0hKIMZoyGCME zJhIhRRKc3Hj992GH00QUco6+vFpYzqdRxwr+Ku7+isnpA6G5qJs+9dlxH6o fJuOxOlIqGawskaFN3ZBSDEkxHRlDDmzTYvUJHNh5cUUIw/ZS9F1I8CqZO36 p9gcRzTF+kpIq2bsQIuFxIJzFCFzPPqJn1NyoBQ8AEfD2vUKxYIW0EuYPEux C1tFHs9dNIFcSMHII9pR9K6swEYPpBGDcV+xqtV77TipqZ127tH3+WkWexGb oyrlmmESCj4jsZHR3LaM4LSrJqj0QIdmY91svk3L080FLjgyMTKO1HvxQ5x3 CN1CUcjMYWIHbNo5xAi8NYEhqsHF0PAlPGCmEUjVQm6Uvzv3aW26nbc/fQSc fyw2D5GZIpaZKp41ApnRsBQbaOIN5w+QAAwmOUof4icQW5sU+WDYVQrA+gZF k8NRvfsGdchAXSUTRHtByqn6NSy1caTyLZQ2qDjoDEmLBovrjR9DRplJTtE4 qvRstLkz8wSLI45Sg5wzi6t5h4XSMqcci9fH5GARgaQg7jvcS6aABuZGaBuF DbleZRbAdtmDI/R+uh33XAjp4GHofn0v/XCh57k6Dvc6B1gB8EYiKb17nzbv 28khUwNlXF2q1oPL/AgSDr097y4+EZhO0pR9MFTKzlHkclJ8CK42Hd4H0zXF K+ItMWgBeShxfBjKB3SmMk1EUZJRH8yZLbD+D6Wasp4fqaDeKYlQ1fAUFKh4 WBCNA6m5IeJVTIlhlL1RdFPFkZo4TA9JFuIlNS7jJVPLhNBjZJaF2VUZdDgj JmF6gQ0KqBifgm1sYmmz4AgwQKG4GynvaLGLbKhyLeO3SbqXpmIX5T9UmEq1 m/kgDXx03qvpIWJXk6Ayrgj67nNEB1rfFcMA+y8e/8g5BHXSF/Qf4F9twNWz Q+bAMtmzcEJiKG9T+2XkwCci2YpyVi4h0wvR6Raw4EEiOUY+OH73evfwcLI/ DEuJ2Y/wvd45cczJQ4sA1X3AHEK+tubc5UnhQTixpqSQvXeigWOOsqp4s/m3 ui0/1LsnH8qbxv9p8OZkyFELr6WKv8sFP8JRWrrb0g9rocXwb07std80l15d Lf7jR8r3SQ9H4rEtTQDFLJyQfyVfgELpdM5HFGgkgSCtrPSP6vFHIRiimygX QOFk8SkSE4Il/aAqb4uSYq15jufvBM9fUI2EKSQtKjGNLEbrBVXUTCTQswrl qmy5SgyKzzg/F8CuTIXMKL8YsrzakBJxVrNQyRrlVVtWZu9OzkOdbLN7Ue1K Pi42r1hZ2SjkZjEXeIty/3pfZN7c4esExIKRAQpW4zw78qU0/BBAUopoOzqi b8aHtzENqRzdF3cOeo+ySX5DEXf4Ppqt1rtvAByBMG9FuzTqudn5mjL54E6q wK5CVIyvgCWyPBUbHSNbtPMC9rg0fQ3kD+RlSid7fwqAJ2axUvAOGS3A4rgM 1ylzXSQnWv5ugvaJPR0btGwXC1gnNI8JFbbzuxGnGmicKVyNR0V8X8LOAYdV s1lNK5eKsqBTYh4PcNtBnS7o4Js3UKjDpblo5IhT6ECd2l3ab8RK/5YyVMzF W9gZO0OquTKUzHgQw4EtboU5+cL3OrXmOLApuVO+AvGnUnKbRF+5HP9MNtTR t9+nGmLvsSm6kzK4LZg9rHOesVO64boLKX0mDGWKRXgCpbVMouc/cUWlj941 q64sVWu8cLi5hcefEgGIzTAlrvGcrqH8dOzOwKI2z64ZjHqHxPI18lUI2lYM JrZ26dCgTBoUjcJ5KLwF6/JDtWBAFjYLRhHZJA00tfR53TijpGjkJu1pGA6o A03fdDvJYvqVo2C7Gs42yH4OB+GyBEbbu+K75qqzyHtE9NyK10GlY5pEgXSJ KvCI14X69EbMzV6V9b577t/NHsDeM8iKMCYAkL0E8qE6CYFkWjabDjKUCa41 dJHoU+1jjmHdk1PyPcEeVVrF0iTx/aJDPQ/6n5eVAHs63xe4Cw7P4XPEPGO9 1PjTqUF1nPYuljp8nMyAQ4MKuDJ8qxZhcZ0xjFYTQGwbNfDqJcyVPagQdgNQ AxDLBoFkvEiKkLe8McSQHj8FCxqE6ITNU/5KDJuTqEOW8QPC0y6Zahczb5nl MqEEpl7xd1W8f2CvipUezQ0MAg5C1GPF8eTdpAdJ/VJKIyWTzRWaZCVMzt6N 94BhZcN9BuD8/Z4vCBjW8b56pI9/+YVk5OT4dXH+1ev9YlDPdv0TdqnI7GD3 sTeHYXgrv1WhYi3gh3fO3h4H5Pcl1Rz8tXiLry+OhcZxtcP3rnAdmd6R7F0h SLcDH2sjI//8XYmi6yN63gpfahmaz++WgBAEt/WZd16f+v/3fPxkuEPs6dfr 9bL98tGjjx8/jr0BXY6b1dUj72P6swuLhB+1N7W82v73+Kfr9c38D+Y3u+kb OtgzP9HP91++9BsfSmakAj+EfiGN3gAgxX/4CVOlQhDoLlzib6pmXzrot/La C5LfwF/CYu3xbwJPp5/d3Xq9+211c6juDcwKXvi+YoLvL9HT+qv/+ZGQgPBK EIA9yAs/eex148HTgwP/Oc/8lz1Llx8gcguyM7DrwAze9xUc9m/LqQgHpohy z9N7zRMZQIdS2MpDTzlQpE9GjMNs9/U3+hs8oMCAAt9cjLSVfCaqZZx/qKWA 4zaqN6IWHboNINb268QikGmBSvr8TRIwpCtv7JdTgSrFHxbhWeAcLCYxZRno jPRXv1j2z5CPVWXyEXnLEMy4+FAcliuvFv0wJ7PyxqtbaOwF6uuN9+Wr+Xzk zpubuvgWAgA0nefVqvGftvCCzrEM7TpkXhmtAoMXADzTrD6APxHwlH4IEHWB irHqY5Ubb7hbM1mXVTWDcha2q9m3lOM9nThS/+UKQ4QbNOI4VPq194y9kfGm mqET8ZboWTG0fDTbGGLU9xUnRGsFryM/1z9vGsiGYSR5hXGjK6iNEA9579m3 x2f7j/228Dof2i/CoGEZ3yPko1VYxymSmk3RwHk/0ZOgVD5suhzP4n/zG0t0 69LcR04s40Fbf/Cs0Z1zJKraeohJJQiICl7BJVoILVuDcK2y5ntD9KpcsGmK 3EBFICDQB8joLFOUFvmNkXvJn9PerZh9JCZ+b1JSmotC01yshJaA7XyEfSKk 2wbTwQXeX0b1KBcu0KKQp0uM3+8tSTBEJYpogNqvLelpNCCWhkDehsYUxH8I /kk+1BDRqGfEO2Hpvvx98B2KSp2WSwlRBcPFxY2RX1HVyEiGzUEJZp6+K1g/ iD+Erz6nS4WnRcCLRObBkUMDm1IDHWPs3kiDTyHasTB4rwSbKRE9oy6q1yPK 4mh9UQQHpW5r5uUz3nfCO2HTd2K0gj/QtMhcZJtxJXIWyXu5utoEKpFY4h1g rVd5kdMMxg1Y4lMoU9JSEC6ApKTjOm2Wxc57EcsQJYwaaTeQtMJqOrLr7x8Y o9BPinhYuAPSvh3hRRQwvIABgL1IsnYkFXHo9zLhXI04fDt5jCBR2IeG6pCX MRTRmNZLWP0CYWNCWiMgFN4IL+EZvKhwA7AgWgNvWTUQvBHvFJuq7yBKatV4 7bCD1WhtZB0rnTK8fHl91yrm8KZhP0Q2e2hiAgN6I5yBBt7dSpgSd4KQt2By gYaLn+efZ8i3Yf1D7yGB9fuJmzGFqBJMcMEhCZl/iBdLXGpA3EhnEtnyBMIP KYoJrNsbTkCJQCt9DxNwNze43bgr8e662ZUGxdZ9gf5D07vpvLKBSIxa23wU vPW7+up6/bGC/43W8il3zTINzMj9AP3xPeWS3wc1caroSjmBLjCO2tUkBdPt T5uVP3MRlCZE+RoOV9RdO3KBI5fCcgn7+CiiiDPy66++YAXqCNzM/DVeWBde nqC8gmuFTJXPpMvtBJ7h628eeTuhPzfGjLjyidAuWUgEDfEMb7xMwZTWbAiK BOtCvJMinCYup5KpDZ3QI/iXwha2RGfxVLmwhZkcjoseIzYmTojwSb6w3Ocu oCF5e+u+l2qrkGaKSzEgEdAAl5orcR2QJlJ7oQgXm3S+UU6yCMAr9bWrKm3O cCndGCKqqAj0PsXEzIzkbXrtOgxUn98bxXk3aCQLZ7ip0AwwcuDul4OB0LcC 8y9GXnVPkPngeroNDkE53i8j6CRtAzOxEWirqIUeyXwdLGOnt4KsDxtJbHeE MYHJneJpwYdt4eEb8ok6fFwwjztZFPcOqAYRU67zwn2uOCXBSgzqcYUMxV6H Coc/1nCHhxVeESllQwk+ll8mkQgE49OUOZmMAQQoh1Z6ZUK4jIuLErE3hxVd +ZJXtPw0biA/QZ5noarqJB5M86zQjOM4J0MpVUaoG4OiBVlX+Z6MCMh05cHz OBknp+fHJ+8m3xmhRpZrCp9B7RevZ5Tlw0S9Fgw5MUYhtMCNEDaWH9qW5h2M 916OIUjC3JRI2YTRuLgRExzX60LZCjFbGN0QIHlzjHwUEZcOeN/feDuA8n7w GMOTYR4MZSfHCwNUHrHZp5B3wBsHS6GHQVOA8GK2mzFe4yjI1M6GfoWhH5jG IVQLsQXQZXRLFH4OrbjI6kvMR9FYzSoXmceSPEpFDTlfRI232j4JKTiFHnHR sV5Anlo2ZHCjjKkwLwb8Gwwm8XfWae3pxd0azWR0RPiXwkqBC6rP5T/+IPts +4PBLYFHy7T7h9Od/FC2ym4aYVXUko66jVvMYmqwiCsCTDELkoP6Leg96GoF oakpeWfH1MYNVIjmSuP9b2d6EO0dqFLcunuGdsuEdKfyyiOEuxDutrhzGafc yA9uJRwnfIYXKLs4iuG9wxgLQ1X3O2MeY/Ol3a1rE71228KkRxs3fKj14nsG Hzy47Ks6OgL3ZkQuoYnmwowhsHJxO2Yws0zdoFRXp5TOCZuZkK9KCXrMtreI ublcoUlXbRHoj9J/I6Nlh1qwNsuQWi6xSh8/mF6AsrAmJ7Lm87Eiu8Trt2Po 6sT9WjHuFe3hso2kwD+KYq0vXzyFWDc9Cuf8m1o2LT0l2rFefUPMQzsZoDmp YdFiQLoGt63RNtDEAA740APYSBKmPYeMI69bqpfA01dJyo3ehbWdrqNNl1i6 GReHlCRtKlYqaRyEavk5uXdxF2RjqFGanO8knEBtCk/rMV/BeX9Qc7+RiEu/ tuFgDvVuAUVlq6lp0xAC4Vu/t2hBeduGLQPHcdTGAVdZSDGx0hpV6k295gPL iFuzChKjnIxvmpVh5ooqCvsOKAYuKJfj/t7gQHY+0TjmN7ygiOUUMo9UtjlT Qia0dNG+8AJbT6tI0sFWiNNCsi5oIABl2nUluAimf4SqV36+fDqZDKgjIFiM RZcRf2Qy/OhI5OwqMoQLJ6yEOem8x/oPqnIKbu9luru8PT6HUvFaE9NQpr3b IHnN7sca42kdTksT86d8Iw6yDKPkWdOUl/eX/eYpWUQuy1siRtFve039fL9X ooZgBXc4Y/oFnive2V5KOsxilpsTlNbm7OJ+EP8ZGnkm3Q20cJc5RhR8mTf7 DS0Y6LFiEPRAVHeK45LUAjbvoVLlTbvVokCold/hQ/x43qkjORXNTpDuUbmH BOhWp13c4soxT0vOWZXzTa0vpjGmUkJr1JJ733UXNQaPtMiQEuNTNsQuODhs aRY6dkZ3cLJ+I+U7ZEInItUve6NKhW3b4uitse6Q1nqgxxdgFwTkln/LakZV 3PANkVvYE6TvTlzkDYydNkOI0LnRcKiAlEdaR65/mIe1AXnaDp0KR7M7iRpD fyyhnV3lZN8QOqjnBEVq74ESkcMToejZWa1Lzp2ZveBt9MyVi4QtlOhEHhPU wehfMMJtQrLB+CfKu5iYRcJvLYSxr+KSN4tyQ+iyrFV2OwSW3lsFUrludJKX i5Q459bgflqHWZN2a2yEg77zvos7aVQRSIZ6NYULxWHCt8ZfHhen5j6Zu0s1 MRu+krRLXD3uWm1GQZ1oIr54TdjMtLnU9r2E4aC+p0s0sctIXwqfHvUmRjDc 2xBaN+UYWBZSDCT+N5S4+FQwOqUgbqTPXuhAJFUl/FLIrNp21oj0E4sj4vYG F7NZ3SAfQVK1PDAFG8+8L6gGFP9uCiAHBD38Cf89w94T0w0qlb4iiZbyCknf Zho3lvZEeS1kcIOv9QLEbbgekHagUVSk3EjoQNodlSVhLfXMqxdsTwYfcNyc BwY/mR4YIdCyElCUkydmyE4zJfY79TF+sk7jNYlXZNMGRRlCb/GsuTBr0nIP +5tTjyE2MgTngdc9iltw+qsuoMNacsgTuRz8NRe+8b8OTP2Ih/yagc/vN/I1 x8CZ4k/LtW6Ac8R9yydH2MgpUW5Cm7a/4AmgwUDIkxy9mXz/3bnscPhM7K4D o23YuA11ipAU51egNNwZLgb2ykNfJAkbheaJEKYEb1/8qBUqYOR7QR2GgfQy B5ZEjKiMscVcNP46blOwYOcPcglvsT8QdCaMPw3DY/pxzIJGzE9+Ii+I6h+d FjJs0bvQrVutUz/ZsKcOx2aSNZboJX463SCGHbPTGLFuFuoG8ERS1rGtgGEJ c+c80VgbbEtWtN+elm8E1BGTGJgYqBkGizA+NHoVPXJS7HDidqf46/jp48fF 63foFwPMkyLlO+++/+673dfvdjgWTg2SS39hcPnJjfuPatXsUrV2ceYV6tG7 w6Pi5E3xngP6r0NZTzV7B3ljSKEDnPP10XvwChqiaEHLd1F8ceA9qC++iSa4 lH0Bt0ekkZRxwWWnxBlQKnDK0r9GI/ghpSp1shEPJRMmtOZYI6ivfwbAsHCA fsSQ9g49aqp0WGRb+0fTpPIU4udi2B5uwWsjF/bwm5NjP2V0f4im8N3JRPCq Fs1NTb2mLGk4fS7NiRnaiBLvTOFLjw1TQ4Pm/ovBoKQdHQXKJNBK7iiKuulr ygUOEf19YaILWAtMrZKlGZf5MMj/31zUXkywdKtGTD3lRfykY/L1krf3SFLI MBH+FYhFgN+1odvMzqxZ7yC9JKVNaNF3QAmfV/7whd3F6bwdVBPlIm7RSJ8h aAz+J+8P+5RkeXbsDoAcMZDQEkyNoqGqCXjjYEQIFOVqRYgDxflLukmSE6Lc NEFZ2e2GsBT8yOnq5u+PfxxPsXPLv49zn0x4RCpggy/GJ4e42mW98huAWr/8 OyRwWCgFZJ0YhTwFgOQ0xEnBdzaacwqFqITt/BP/wps7WrpcMoQqTqY0mn/h UBx3yiZeKg3YlSRt0uC1e5uJAzP8hPrthJsATEYWu634aQ2iSY0/SvJKU0vv ODUzyKX7J8AGo1yu/zXHfZhnkxQzsS/r4Yl/+wlydJMFhNhiA4IkkzO/6rXz UNh4x0Yg1MimyMYa63uoQLicvoGcljovQ6nM0QrT74PZkVgd+1LI3KEqMQWq tTm7hBOdcVsYxVrQPcDO0G8qj4ollNVXJMKwyhKPez7eE9x8PqIaUSU3EXVo /quQJhQw/rzzpAQYun4EH08V3rJZ6j8cvuXk0rxDj+ch+YtSdpPSHTM4w1k6 KE4oSiqDdy4Xf0YNqoQ8inPvkR+mETpNOvop+fkNDvnngoJ5PxeH2KRhXfzs fv5yF374/+j/9f/lfs6ZJP7mt2df/+vZ8df/Ovnua/8vLBSyDcZDvTqHMw0A skBiVXitueVnPZh+Jk5Jr4KnWLkuhW3RG23cmWN1KIT2IgSqZ8AjIkcHicyc Zvhe7UIl/NT5tXK8Vgn1oFmpYvtKhZ4AyrjKuohwsYdSXhSZFh1l6jUUu0P+ oeWM/EwIYnjjmbJfiLibNdltMgAMRxDLkUupuZnzEnsO3TC5ytAkGv66C5Ne LzC62tN3MBBBXjcfscRG+jZBRAk4q27IagZTy0lfUkTISuUhRqe0k7EELkll A0BxQdVEuCRYlHhKT5GMbdyI4FSImqGTD37W0LYtRZbIGCnEDUs5zEPzqnhc dDBggv2XDS6IJ9hRE7GiDKaCLJ/pRksURXBQpHhqbKhBVtyyJDJ1Dfnge9T+ bCnGDzD/QP0mK6N914pOAENOA+5x7K174wrH8zXAVuNY0RnOsTN0hIeJhn3C LTAHm4Xpgjm0pnkASxUDNEyG3fq20iGR6l/ExsUOerz7OM2acTSjLYct0uL3 evGp9P6koBGsBaGkPac3YhN6V1ob5AKpWqfzwEltO8HQOmrqAblb7ZyNpZUe EdSb9E9Mdiobp4u7c5ifm9/tGhLOQBgwCFFCU/uLW5a/SttXUzdKxMyFliSh 7WQlPE8YyzOsWt1dnoEDRgNJe+UyYNC5WMYgpCid5YKORCaHBWfBY+7RQIWB 5ekUJwZVKr6xDRlJB17bjRNT+YwRzFGAd1muXYq81wR9z4rgYVNp621scL0n ObeobW0HgkYda3UNyfZDkEC3V2HuoQEgR5YiSMSdtwPWKz80b0OyxndOXUEv jH58/6//Kcqyvb1yUGJEDdb5mf0/fqrd7m/x479vzz+PjNkCYer72Tfu7v7Z /28va/Ivf+XBlhFGP0y9jo9/8tCbZExLf9PT7BV/2t2FMS31X/7KZ+Z1cOfz 8CQ5y/1vX/R/o5749I0vP/Ebw0v2Hn/il7Le83fu9X8uX8Sfu7cf3iy3g0QJ M1owcqCjgxyrIYmV7k/BEPkd5vjIA3UAz/rYDK1Hi35soKFSNBLtA3o8ZFSL AXSGF+IJ7nDO9ykCyERIBPlHOQN4iNZ1h0asNLKAnUfIkwRqW1QAqvrAeQNW ECrkFEVHUOFI68INRvPWbXR2v4l6q+NsojZPprQOnWxtiz4sK3cwlTz2RSNc qTsfyxo88R0BMhFUq6tAwaSFaKjRRsIUXgdO9EqQhxhjipqVxc2jErInychz mSVRy+LxIxP73d/wkpmNRlIPKfWqsfkqh7GQ5YqiJQ6v6nZeKtYSVilMY/AX 4+fcGFxZC5NmOs1C+Ua3ESsihjgCg74PFQxeF9FOIe8t+UFXzjmA+y4RbW1+ vIaH73GgLwhLUt6Y8hbgdAXhoaB72X5QY5KF3+Zl4hAE/4Cv5U8M8LXoJXhO +9/c5/+xeI8KiYnhvZp8SVKlcBoFRJP5sUIQvlJ/K7VTmvaHj75GWmXBOTGj Cd/c6SU2WDdX1LZDhTackEMrs2Fg7MXSI+OQxq4SBOHWGeEh7Z8G1TBIZc8D kZIp/MffAeLFZVHMBKi9vzk+XRaKJ4w2NT2AOlMTS7Ai3H50PKXvoIguTGk0 +r39F8WAeJF3h0wOC665u/RO3zmQctkfcLyoRQzBYDFOlv6ADSjKWUwwlz1E tH8l6XSj0vPXoylDgsZzf8mFgxGkwPQ6GgWPg1Ug3bj0tjzyMWLHlK7NSBYq Hy92wDrWaBYhAAHd6j4S1IF4abEhUvUlh3BNVBodH7qR69NEPfNDhxT33bM3 8UlCN/DXh/KAUWBqQ7TlB84bKGPrbsTYOnQuCSzT913WP1WzUOEBMW1YCb7o WDYRQ7opejurflIyTlahNqotENn4fR1RjMLw9JrICJBYt/F4eIOh+/ERKyEW BAXF4La8cNksx+OxLqCCcEOO5NLSwflroOkyM8MDXhCmBdzSLZF4ChXnBNYG WFjyMt4Gg2tsgy4mJOIGMyQrIGVKHvJ6fGCFbZhf0O734lwDMKCZt2Nqb1JR M4w26FdrimFDTPENWS11/B75Nttwh3sG+T9+1thoUVCpcv1IfnAi7OZ6kMfA iA5vHdMY9lIBTAQesC70Byvyhb76wdIOT8i9z3xoV+b5RR22On/8ANWw7YxZ A62dSn64N9oCkkMSu4C6Mmgh7HXo042ocX4ErRUEDbCnFpMy4e47xREAQhiQ 6yy18Sf5ByDptiQ+FyEoa0LLBNxg8FC40yafvzo+L87O3x+/+1pzJOkoYOsi xV54AvehIsYBZF9UKzROXyC8VnoihfuXhttjVV1xB0pcbaQM7PJej113scfR Yhd/b0h3GTR9OIzu+Tl9f3L+r0fv0AD70Ync6B7hCB8AnL8l7SXn4gO9CTIX /G+8pWFEHcvw/AXES1mG6EESzxlY3vloq4RdOlQGBEEPsp2G9hB1dxyUenN4 F7G40WryhcOkoVvv6/3jlUYhgFxlSKk2+Cxt+TmPSJWaMaLDT2Ra9OdJxCwn H7vjXbB/CtKwfIB7wZ5S/PMQ9yJqTyH6j//vOcC089+FCG6vWsgAOpyE53SJ Cn8bf4SLhbJuxkP9DD0B+9yMUH2HRv5v52YwGgQtkagKqg5lSL/C3EfvMrmz dwD2PcjD2jOeX+FDLMWHWLJJ3uNCaHSm+slPH7sTpjAs86PNzkLdpf88xg5Q iMhm+7i/lzH9QxKDTaaImNifBVOw972yb4QPjjAYA4Zli5X/yvGBOwVT314v xj4KtzFU0QaxZWdwu8I54rEtZobFg/V9a48Fuj0+G4ZjR8MfJ3P2IMdAahy1 5ijlIaR5UOT5ImyVXhni4VA8SkbFUzKCdDvRZnLfK972X8LgOIQV/+xQ/W41 2xkVO8gDVc3+4lf4bTNrd/LyskC6zvw7sj+m9G/r8Kkj90z6usLztCwwCHj0 AP4mKtVPXxKPov8l7C1jORR0aup9Sf8X6izCnujOo42rdQbEbMpBOX4h2dv8 +5jXoptMgs+iVqaZH0kziy/FaergU4VqZj/Y7ZMWjTX/uphzPTvW/I2Q0N0+ 0MRmoNsydgYHBZgqWNqzZYEIgWdzEOl4rMZoIXbJXpRXhs6RgtquEdhz+lSF wIrukzXC3v/aGqFv+L+pRugs2W+gEcxs9YT0PlUdODbnOdSS/BElAZBqUckz 9gfKV15aPPGIbt/g7bYUk+hmotLPB++y32uT/RaeAJY/gjqzMt73DWwZgBcv 4JJS+c87rMrsP9ngNTselm+ZsRS4fSX3+JmuRxxf1TgF5Eo+OxMCabd7kiC/ zhBHo0uJHNpPNciL38kiX/5OPpXQlSC+hDW+vwsSTgxZMAjfXM5HuHE4iRHY j46ODIhh7P4xc0N518Vk9jkzEBTNwXjvhT9lwM84NLCjgglVdpSGNZj2Ftml cACCsHL2iECSkj85I1WdlI+E0PIlJUaRaxO3spopCLvWgHVEzY11MRVSAfx2 EYtoBvx9ghn4rRXGMq8wkgQOPhF1Bm1tWcVPUwgJQvO/RwHkh/L7bP0H7Mzs LpHF/u3ECfCM9izi/HqCUXwqGMUHIBS7yETQIANGoDpibhl+BlTRGkSjVOk8 FKrozuWF0fUBsDjCCqR5w3XnHbCis2DFogtW1PqIsOrikyCh04wunzNP9Zoh uUl9yMip7gzlmkTQLai4P0bbLxQmqmPzx6Q8IsGAd+tzB0Y8mNhGmIIDjgZG qigFcUxGunFwBsltMyBQmbNXYdjfMs4Y9yv+A5gsk8hNVOMW4jcW7Y+P5MoT b38jS9gy/NKwRORz5kbnU/UcRa78W8w1XL0tYfUtaNNiK7qx6E0vR8lUUypH jlmz2CUGTjyhLZkBEpKbuiIMPwDf7K1fq1exEJBSwPKboBiAFIzzNU23psYx /xwjn8HdoIYMPYri2a9XFOuG6RdwNAqQ9bLyCLt9WBstQiIh8H0tkBDHmWJA sv5vXfMrdc3e+D5l46/4R9Q2OvDfUN34Z4q++bBBhfNhszS//y9WOVlYwaep HFY4ZEF/usax+iaSg1+hcOhRq+rqcL2aFydzjDcez4zo4cwMOCxKPeOoqhCq HhskNzQ4Ri3BB9vojhFCkNOPitvj5gqIRha1wkWRxM2PlSAPYdcQpJGya8x+ K3YNpg21GemkTPD354SQNsuWwOGPUWEli+0jzS0BC8TKa+aEITm9rhjs7X4s wVv8o4Z2E1pQsmihU9kKGzjMpDbAxCXcd8ibB/2ipRYzXmLYZdT/DKeBCXMa AZG4ZTqBZj7mNeKQCcE2MIR+xAZlmzt73cIYiyHxymb4mxJ+DBNZgz8dvv8u /tVnEWWMo+N6RkwZx/aY0K0dikXvL36dUfFr/kH7+qCzan65e0YdHGxLu+RZ VHIqNf6XxTXSV9m5CcS1rCV3gGpsl5pD7FBgBXLWsTevGGfAPyMtJM8REoWx KAelqO0HocOGclqgQgcpWlXQfOsu5q15ghqRpIighLPQ3shxPIJR42tcmTDG od9TP0Pfp+Ln4g13YNAC1FB3ioWnfsQQJ37nB/4zVNzbz7czRXWRIddpVL4c yJtWaD61W2NlqmgGQBZ3da2FCLD7uW8fQNevVlI5s+gQOX30eqptoEBwiBWt zXwWBi3RpMzES5MP3EuwNha6Yr7+BEt284sXPUPfFT/ITew8WvkahLoEpXUJ LRGHxBbGs+p2sAuhn8MdSWzgys/nEm9KaPO48JkSL47RWZP5GkkxtIG03UoY blvxJSPiRY2f8gHoJ0NluR1fxPBLAxwVFRgSUHggXbx5AoN9n+xJKlLUiZau bXC8K6QLCLYJdm2oROLToVwsGi/adFrGTNFU3Y9Vq4aoBHrtIfcA2sZw1AWe vKEYEGGNLJcT9Eqw5rit/yX+ODH2hIUgpoJy0w8bP1657cvPLxNnM+Rnibbr //25QHlGq/Hngt43gLU4LP1K0EJwkHMoF0dbPwPM/dk2PvfKVPVRZ+d86s3R /v3Um02Spedmy+/gF3aHE0E7cVJFCD7s73ivb7TCNFEaoH6I9sDbNrbLHvuw jwT2lQg9Rr2SEh6scDXdeQ1DB9tXcqDDYBhmTMyWgueLvAwi9u2lLxtDp55H hxOXOq1pd2BmvMVGWWLiC48me00O92bNA2EmPT8GTAei/PtxeQ3R2Zv12hLg KilwaKs5GRkm40aaZ0irwJTuHRt3VVYilG8vsVF/zR6GSlKxx99A1fDnVWr+ TmWafokg+dIp1KQaTfhr8WklmlxByM99WIWm5PL8TdkKTSrOhL8WmdpMvIuC yP4/3365JQOxpRbrvgRk2cbMO9FZyMmY0KwYWi/iBQlRkJW/bEjfxiKgKUOI XHD2eXGXkNIYL7ecX43dWSainwkt0OOkMWtf7CGiM2kuY+haeHMWKvgQpKBf sFUxQAL9f5cDxhHtvnQpoJ/qZun3hnAs8VxgU0M+cjPOnv/IXH7i09IT6Sqo oJ1uE7SHw3I7eW7IdmZBufdlgD5TXrIZoN9dYLJZJdzhJA1LlYbDiXfB1keL aQ7oNehi80MRSPLjR2Ph+MORtANVdrXMj/SLoATzhbaZskcxhGJaC4e3sniJ RE4BsMF2g/UAiFZ12iDxC3dib4fOgYfKiB5qw2u+PBl8NM5rIkxkfhhyn/LM T6HS+JDIZjhxjVqKBtat3GqdX4zOuD5tYCFv/SjmqOkfpzwjDPbecZ5iItOL 5tndzY1sml8jOmd/e4uiU3yy7MCna2VE+MhoAaqfgIKrNYImcCVrnUnUDBOZ YR6HLrHXeeQdC3ckHVcyP7lVg1hL8uhtAC6cF+bepySQf0ao54SYw+FEnwRG 8DgguBNAk91H3oLfENMxD5FdwACDxuyM2N41G3PFYNFEJfXaER3NTlkdLgsw GR3qnYi/ZF+zhlJxsKdhsg83K+C8hmiYEZOeye7dDSmAy8/l8o6C6UpVAK9Q Cld/3+VmPkdqJrFvvdQOf4tEfHp+fBIcLXGasM8K+ssPQKKNiwm6C1gOOCOu vgiSh92pDUwA4rYJL1TqQWncNvakMC14uKpM1oIJJNJgsKFXWGPaxIsIwDOY jscZ54pXkcl4uGafvR1coUx9I6Q4uq+cwshCkVUsjtKjIITtgBTjNAE+cq1S D33N++iJyAIcgm3UZFqMEUn0DFjQ7jCfK60aOkQ2QyZpFWaswIkuTdjw9XbS suQ5+gumZIgG5ooYhqxje8jIXNEdmyQDzkM4tC+Lqoi2OPMLPQwqIkmsDYvj DKJaN+gs8GJ22ySlPV+cjeA+He9B6FvYn0JeRDKtqsiENoRTMNj4kKte4izw /W5ovD75n0iEfg+XdDrtoQ4inxT+zv96sFMaKHWmn8IbJH7pdNpDHESOKfyd /xV7pnAfqS3/3q3uwlZ/IVmWzyvpy4LoEn3wm3GRZOsHudPgJd+T9RCmdKxq eWGkZfMeUNfn+TSmS0l75QsLf3dHSHEA/6VvzcIifwUxSrROW2lR0jMtT45i 6k8ScpTo/h/zCM1fw5HysAJHVEIPpEkJPCn3EaR02VGAA2Ep1sk2npT1dUil uYdxpEQUGPmp47Axnz6O09fJoG/3sN/YAYNaD6Du/+T/6+5bl9vIkTX/8ylq PRHb1FmSw4skS+6djZUl2q21ZSkk2d19OvyjTJakWlEko4qUrPHxA5zn2hdb 5A1IoFAkZfdl4rAnxiKrcEskEolE5pfvXr/9NTkfHp6enAzfHQ2PBEFXL9yw NaUuMHsguwMgMmKEje8xtRZq1AzU6k6LXIekRg7RocidB+3zDbnrCsbh9YXv cwWgXSLJ/Fuy0pn8bH62GZzexw3koIo512tCuFs0fRBa1geElU909mYTosSd Ntiy+A3d94yWK3o/txgNKycLEXaRsjYCyaZsZ0FFl8/ilW7na6uhjKV6qdQc L9IYY3B3w9tOV7M63eXWRi/na8EQC5XwRhVApjJ4HRZwNHjh8HkVKoxg4kdP ZpsezVaexWqppXMHogGwLjDoxm2xGCUBa8cau8T1RDSY+XdpME/SM56kwTxJ NyLFBQ9knhbyh+kvWln+Q/QXP1bhX0N/iTa7gc5RG5wF2+3KoIzvwUmwZW0k iQ7EqO3H96kPmyIkhNoDn3y/VVP4FkXBHrdjU9yIRuU6f1xTEcU0oalPXvY1 zask+hbkNUEvpxf0XpJI9CqnR6BrQT9ctWWX/9TtShIXGwC14ZHeRuh6eHyU VanRqMbvavYmz1S0Okxrpi82snXDtuO1evEmg+JEUJUxuYlWo4455ZgVAvZ5 kKVlo1Fp53cZeTSW+Cm1ht1q6FA7lOQEt6UbElkHrk9ikvFPljztZMBS3o3/ +ps3iqZ1mzeBxbdfYtY333uVMr8OxXv1WLxXlV9kYEN9vh4nXrTwmfOVBYVL +abgHUSKHhuHB+0e+WxB8rpWJRMq6FJ8KdZC/KisnX0m5NhGzNlWoHwwsyGh mzfFO3dLWvwFXToWheEMI98m5ORyA6G2lICTjq2YnwyjwTXgrUS6QscpRYGp ryHJGPFXm19NzJrDYdQxWFyGPj1Sp/zUmZyhid3MNukauRmgW8sljM38NPyc jcjDdOjyvybNy+Fwi+IcMOEMgOGcmeMd8tkFg+X6Jc4uTAnWpsxwyJVotjSq IGV2NUewMJsoEIcNzNrh2xt0L2mmKOgbXkJf0z8vgCGNTbFNv+OCljAgv91r qUaEC9DewDc9MAAgkM0ECwkDMdOmth8HbGgTmFpQelMNO2JNQ7dwi7o4A+CK YlGJrGlgLBBSYINIIHEnC+OBGt+UJoFbxdcblXCgNdFAXpoEOVQ3maqRZ8oh Tl97R3KzNPzJlOQgK33rOeWKGVDju9pGYvpt+yTU7qFmSRJmE6T+QUYyHDC6 mRVyrBwOfyiBh7f+7FjMhQu/x0nmnLOrEgmoMD+8JaFMxXod1CesUlH/CNgl bqtbP4aBoQj+UNHAmhhQ4Y/fQkU2KJ+cO01w0uZV7BDGGq4IAZO4k1SxNJaO NwDJLcVkkxYFR+rkRcWBcE1sqSQh9gJGc4zfyue/a6Tk38yh3Kh2DEFAO/2b 4Ql4V5O5BMOGXKyQNMohQhlkLz0obdI7nXYTrqcGyJSopFCyYFwydS6kKM1B MYBeozEY+2Jv7lWomxpQJ3mJYS32tpuS2QJFbLc6lKIA+lHbOIpg3g7wLaup IJrCI+YHJOBZL59eK1hu0sMrzP9i0wGqcAo7LMzrAYsOko8+zLjnkETQwd63 kMGNCvhwQ0gVoh9x91y0lB6WPHzALKCaih1wviXofIqPMDu7fs75Gqn3CCfL 9rvZ3ScUaJjwFUWQxdkb54X4iwWCgOGylAKCOPkrSXYwyRHkZGzVWG/A2DQm MV7BHsG2DCvs5eyTiwqBOqGwWXSGppDQj7cBbNzilUkDLXDuXMnkwd0pBT0E PcecCn6f8aDlRFPsxlVVUP+JTj+fj5o4pq0VpeElQ56tP+KudjnlpZqNxeWX TzdXuKLs9zfZ3aGdDQaEpg+sQHDt4XsljbSGc6i1PncodDI3flecBC7MT7wu dsp70Icn3B4nRvgghjFUMZyO0nm5ZKjoeA6ayCdO5nnN2bjmE87FRp/6Cdvo Q2tRNhy3EPmCvPrxfLz5Kh0S7mgiHmWaiHvqKSw5s9+Cgpcr04ERbtdGTpXl bYPS7zA9Rch7nnBGIeI8ncq8WZd6B5lLqiHmqkm1EyPO6l5v9NFD68UXQOTD hzE71CdPqtDFCpNEizDf0/hTZT8WSWeFien7xkvSzh1bI+vdGNf3fxNLU83H BYXB9EH6Q6NiTcxA4nLhf6L7oxhQKdMSLH+eCc1qrpcY2syOQ/b3+C5gqpMF xbYDdwSTKOM6rchWzacaOZNwuGJsQYg3E4Sj2DHytLqjljZJVFWGpmHaLbJM fXmR/M2s7Dbsqr3E1DLJ/vFDdatduc3+YDQso18Vt20js6+n/3g2ya4WYKNa u2WD5cM6QddpWTFlBDZ26IjnsKYOrn/MTg+b+DruZHXgd93r6/cxkDuBSLWC 39/FnSamNnHtErdWYWjZR0B9jqetLB69rt1StY/9JVujDkRk+7dt+v5+tfGm /3tvDzU7buTz/SI2voniTl79RGTjN+3qtbta/YZVXefRvSu2YYlC8O3i9hsE rj8LdZIqIn9rp29judyvl8t/ljytFfEEnvjli+3r16/2JMdY7PliKTAAcBqH N4nGVWMDmihUOCdlp8LxwEWkFJBZg0sLhmqBs30rtJYeH5HBSNCEdP4MRTWS 6xg+VMJ9/3h2l7qrWG1kG+dXCMy3WBGn29hg37Ouw+ha9fT5+q+1va06E8Q0 RnfGnfrKoH2gdpgVR9Ngh3mqHqzPhFlRzIqnCWoUOHzjrKGnn1SJvmt+Wsln D8Vsen0syB3PsCrDY0+rpcY4sNHHsyDU6+4JETeR/Ql19zrjQHWvxYgDsNli Rp6HqdiwX+XXmBuYIhMqMnewscz93rVcK1obfwNYiTmz98HFu07PKDRXeMsF XntsJL4SHKmS14lOuMpwG+Ok3+32uY672XjJFyFfvpy/OtzZ7xmp3TAEkpfR AGee7G/vdcH2htVzMbizSkcs2/k387444+0TKpitlqDv+D3VM7jbIiFug5Km dKdxnwX9LGZ3DZu27ZWtf7vfM53jW1AE2NX4Xar/LRjaQzaZYAg5t4nwIiHO V0fEajnt9MBx5pfDk7N2v9sfIGd/SfJy1uxtuYjFcXtWXKdTvnFsDrZMVePm 7hYlc51mC/M2FpXsp82dLXefXMK3+W3+ufkc6mybATe79D59a2MYX3/Q7vab ly+P+lvJ18bR8NXxu2PAErtIhr+cvT0+PL5MLg9eXyQvXvyj8XL4+vhd4/jk 7PT88qLROFgQvFF2kS2+fG0lFxhqZX+Fn4bWWRO//XI5fHdhKm8lB5eX58cv 318OG6/OT0+An39pA8zJbIoxp4Ys3X0iy7dQRVMEa1lDFaEIPKBeAFF2nm+B K0Q1QxoO9vj1u4PL9+fD9sHb16fnx5c/nZhR2T+x1aPj18OLS/0CqIDq65vh r+2j4fnxhwMgOZHCtefu4f5kcmgmSWPdAeLsAXEO9XW1+vI2ByBFcLBsQUW3 czfNveFnSo38F85xr51JJ2AoPRjKkULrOpuZhggFicHP0KPa+9aCezbHE2qA x3f/AgOUBNQ4wH2ZKwkIaCXV2MKWy8PwBm5NCAmRODkIhWghJjrkTGsl59k1 f7mA3NCmE4ym6ChyeH7yShHjzxd0xd2VaX4HabEDcg4eclCyIdSsQNcyPXz0 xR2DmW68tKg7AkcF4l2qMFL+N94MPnaCTBZu91Z3cdQen9wIwgHPIXhTXtIt PTqqMdolx8eqpWZoJKi4TOLDi3av+1dw2qjsdXFmm7vAY23Ig6o3SiBNf39v 9yMppL39/QHvv+Wj2a0/46jNhoIbDRRfpNcIpHswwTt62LAnhhdttBLCjplj HN1aIjocecLZKHys1syma1o2YtryDSkRyRRXryKgv1LvMshO0Ib7+6bZGZdl c2/bDLwo03GZN3u9wc72PlBmVMLb8G97v7nP1MN2SiAUPwABE2U515O1DCca MIReCcM1Gl7mFdiCwSsG/qaRHQI3zq6LdH6Tj3j1XiCJzKwFLPM9Qy7vjKhv 9gxbqcFbNYO2c9oyalaeGgXyhBsI+WnDkHf7u3sfJfEVrJw15EqMfsUwc6Wm GWjhdhMmOpmfavbd/sCRfLe///EvEmG32V1tB5u97n6tUPMGSzlWniDWfjGf j40fwbyW/GQ2yFlho7ZZgfXU6bLBpOrv9AylKXy2t7+3lxDTtaRUK4Gr991O r7Nj/nve6Xb2k6ZTS7e46OmncgaxU2hXMdUmoJbX19Hb5XJrPk2tAHe7W9Jr qP1pve7tRitLIHAFTzK258B7K0a/v1HPvbb6vfbenu07HIik73gcC/qOS7Da 8E53fcPBCM0uuskggTV7EYp1N2ixbrzcslvLT+Kw/Tr61ZPsm0dQ0/Mk4Gm7 xnSbg2qbcD7bnGxh8wNNOFrSq0f9zT2ItYvC45LwGBYiPcIzO4OLJ2MwQRja nB4fYZbMBnn/E3wt+ECaHuo8IuZYmhz+dHp8ODRC+fNOd/9+YHZzgJLyjiaQ ZP4r9QNsGTzihxvw2QQfvLYRpaZb7QcwCwvizSSzcIMYO7QAJIZinPxiVs0+ 9dQiDz5TzT1rkct0KSXJu40AdMy7V0sM/PKcTxFoqYnuWUZEYwtQMpXDtBcc 0AIPxXGbYrjQfuM/nRWMDQ3QOfmUIA/1K1suK3peenlZHMo4FD7jDNYtsG6h KzhpsgC2m6RFTqkCGZmCnMv40g+BEZHeYIsJEMPJrMKuq6DrQsBlapVkrF3g LiBgjsAuKuQ6Ofi1xVlUyfWwBVNHFvPlQohP2KAOyhm0i2eQiR3ffBZ4s8FF wLzIwTFvRrwHNjILOqQ3O6OlNl0Sdtzn0VBPE93AaGXDPTVjn/6AFMBabQbu aXp1RSbfT48NgcPi24gtXEcx9tcWSueHj88EUS/5ghv7DQKRqPVqwUnomFeJ ZjPPX5rf6KkXLQNJdOEM6X4TDHp62YuKgQy6tisXx/8+TJq9Tufk4Jet5PRV MKaImVdqTr7qAZb+CCvVujexFI0zRpX5/XQWNnn87nL4eniOf38BwCtzdAE9 viXgV0ZFbkW6GvvwHgBK4dcWK4HVKFptWrBamKiXkngYiuHDWLTsBjUAl05B /bPl+bznB8TC5HJtEPzjBcr609xu18TN6uDVpIl3Y2jfVmPAmKxJbpa7ulW0 AMx2VTwrlzncd4JcFaAsH9cLe0BoswsupPArlnMM1xhl+XyxFTAyBeoCe8bM fMpS98XsIF+/rpzwCmEcfIGFhBc3byZS4AmueMOF3P7W/+hbmmqbDGN1fxts WpKDyuhFi1NAMHuu84E/Rhjw+9v2x+T08HJ4CQgRx+9er6RNwJeqLp5kXzIi 91OYgdTgR+6uSN7SolTEnNKMS9skkI7kLm74t51NRxIGHP+2+wQaTKFcaUHV BCYO70C061hLd9ASENLnlVmh8MQQXgz2fn/1/ah6qUqn1L6CXHYV5oTaQvEI sog/PbqFF5MkYbsdfD0Mo/7tOe4br2LR1VWmxOr8DDXiW05BoZ8XDromZzWR sSGwhqbCCkSSca+Bn2+WdyleaJXLOwZZhFLabQl7vLdi86qVCFAcrjIOpmwL 1ANcNT7Tn/vsMTY6e+qPDQ5UKaO43BmtjHMmrBonbaR2ElZvpO8vX+1dLAq5 G4d+Q6HM6FBjuvs0b7T3QMeCpQiHjAGaShqsPvhaOn3cGnRDRPUjI22JZlDi knFHqlqhbV1B1KuYR7GKuVTRs1VIUL6tIVYFg8fB05HtRn9lN6KghVSD7cVg ZS/CGlQn5r0u9QMEbRIzB7ewCjEwO8MZmkGpjtl8nI1GJOIgu/npUQZAMIc3 5sTCmLwtU4d5L8Hfsul1pkoWJOJUSeiiLcglvW5D7iq78lfQLpLzjYoz5WAZ riCcV1w3X0jz+2ubPxeUXq8DhXSg18X91LzlAIxbdRWoLhSWe3qGBc+ze4eG 7UZgajh3yXp0BwrHwH0uHrZeLa6ZV7j3t57hvRXMi1A5hxgK57HuyBJg++Mq 1vXK6w5QgguowHCdwMOGQzAV6MQgycF0SjvIiApD8V1q3zyqEEAvHVW4cIWf I/FiZX3iuYaLifTb8N7h+duasgDheqAyjtB6uc0hKBcK739Uwbd+BaawitzF glOENodW+4bf3uE3prYq227TE4nvk53rjgbb76EC73DWvQ5LQqeg7JzL9rFs DZfZZFB6hsWHxhQ2LDaEb5Gm22184jVrE+H+1mfmitHJn1x+g8XSZGKYFVo2 vHVG3yLMAU9gc9KMTWXnUHZXysqYk2hZHjLtnuroC/vby2NR+jCrFLlunUFk +MqDeO0JXPZO01g+bp+lZfkwK8YvwbfxJB0lpy//z/DwMjk+Gr67PH51bI6q 0Iy9mPAvc7DqZZnSjc50gbc5A3MenZZTuHKwJ5Wyubu7BUEbXxtnL09M743O vYifmst0EkKseaqvVeLIiTM5DuwgAIQh8aKT/A4yaiL8C9qzSnPstDqc6JWs X0AKKYIE0+gmjBUA8boO1UDdZhjaZQVhGSKiJaLR5eUt1G7OImbnh3BogHuF AMZ0sUhHtyXJgdnDVTjQ6HGx6u5Bp0ZLCVPo2KEanE6z9s9G95MkXKStLNjV 89CIE6Yv2yLcuYEypwNZ8js+QJ3+/CqhbH/mQD3+3UmPObiIfn8u7e8Mq29C +8CxRh3XLd3Z8izmsQM/yvRwNlYw+g1adUc//SnrbdAF16uf1iy4P4AN0zgT /oVER9OA0aXuLOHRc9R8V8RBhzy6xvTuKRtB0T9URu6aOQv6FZm02/HVejr6 bmA188WUBA3pyAZNuAx+jorYbEYbKB6w4ezkGSUq52wPlMgBEjkDlj2i8bG0 cho1BwV/nGJAlYOkbQudTFlqwfECElnS0G6zRwwoZ/dqMOLPl/bG6M3RK6nC JWfFq6T0c363pHASv0LDn8nVSsb+k7jaYmUhiwhpiEME9CxYb82uI9njbJlc zyA3YIo+L5DxEH+0cIekwvlQabamXrUmgB6CC6BrI/9vs0iFP9qolHZbYUhG kO/TEnQ4BWMjYQwj3kYc+q8/wL7fLboSgcif3Ghu6BKlkUiySZlRiAe7WN8p LfIhzRHqK6ThYEuZkhzmPSpZgGmBUSlgOXnMFoS2xBDy2fhHztcB90BcxQ1k /cWOUb4OzD3xAnFKzTcEBccrJKuuMBgc05ADoWCtLRl7Z86apenY3wujiXoo SuJHpTZS8YPe6Qw6/f6Phsk8Lympjim0BKPh5FHbbaxxfZI+mj5DXxBpCqGo lgu6opR7wSK7TovxFk+inI9+TouppXVzeysw1vnQRmBmfOACaK5PdUpa58qT 3wFyGysN7g2jvzhjSHNnS5lO1YNqxTCtmEq1YPLdSkYSr/dJc3dLauRc8IK/ NYaLQJuM16aF1s5tUlLBPrNZLc0nywKTnwQnA7Pk4SI5R5zjDMPEIL4CKC6x SJT69SF9/G/w6skM76PHmTUT2m0P7y3pJjm/+jverQgKJKlOn9JxAMfsS5Xl FDJIXE/hhgeujJdTl+U5lqdHKpXD6E02uq0IGJesdYTPryjVNKdFcqin45xM lhTbtyV1n0vQTExKqEsCMndCCobFgnpv+y5VBeiuvjTQF14PLAPK5ZVhKbBk GxHL+FiMV/RohN8datvucqe0vgqfHsl9AdZfPnqUDjDLqA5sawYO8Lvgdh0B lZeQ2CJdjG4csBUHjI+KHHdGaQC8415RtBA3sOPLuzG4z5XLT0wlCcHD2ByO MyLxCT/AJjYrbICXWRpeXal9LAZ4y4UiViHWwYawSaZEe5KY8gVFmJ3DEPk2 48PPFC91Rgv0++N+PI/K8Kz4oaTx4emEy1HWJDOZafGY8HmCcdvvckwMAjNu tuI7tHU091zdNvgGz1T4BogzKpV8Wi7EBYK0jsIOrGmmnybecvHZ6Vmw7Pb9 QcwjgNK0UqxRBAxSt0oraPa6fh1eCh1w62PJhdtYQaU9E0te3Nn6jHL7hNpG Utpxiw3tkvrUOg0iwoWGMDXREFiEZZLkocIuBYkHhNp1QsUhFSc2P2hzzraR xEUHoyQyXJKO/TxpgHwMZ0yAuk+V1OErLLnJa/YG3l7D/XBXXXh11pI8LDJC UzutLckDRaDSZhc7sIGEWPu2T/zLiwPDzXiLXc6WxSgjjLZFEOG+nIqueIb8 RnXtxNfHGGplxpTqnHznG0PzSlCzDdhJwJu3pmYHLL+uYrNbwTboUaDZC5a0 OnFE0zyydISGPtllh8pNuZjNxpSNM0IvM7MXIZh0s7cXm1lBsls9rWAa0dLd S6/Q7O3HaiZouYW8OXPVUmIf8KgND1OIbWh6vRCQT6i+r9Y/vWB96XhFLKeE 9clrZ0GFiQ3VXb2ZEUj6ZmoMZIDeX1XavLwM8nwwy9hJ/yB5I5r9vl+jZJQI OhpyDdm9DY/QHvNPJ6b6gQbP8yRbduoKmK36Lr1ltRpkw1jpvbJDgRMDgw94 7yWpOyPSZv9+irxk+7EdP0nA3QSyJecEsn7VrDIsp8yS5BPm6mcd0dYfX8Vr 67+iarDoeDnHcJ6MFVKq2Gm4nr5h6xU03WyUEmqfrSZWThgBEXpL72hr1d3Q TuwBiNvXW+ohXS4nFb8A307hY3UHerbnI3Z6+hJdQPHa2Xcuk2c/peVN1DBv fhetGewmTzGwNZKajz+OkdIL4U66oidGS0HHPqQT+1RdN/A8yRu5h1cN95HI UkfDc7qyt2dUO8NlNrlqM6Cqnm2LR6qkAfb+qINTH70+9qkK7n32Htk0dQpI 9/IDLEaV4xKWp58uFL65DsEKVYu5yeon+gWRiZkU3NKuHzRTw6k9x5JhQp8O 2hszidk6R+QZGyHhmxZdp6tc872W2VrGqbBBu12BWJWjYG52Q0faH/Fsb16b sfJP59U2pQw2Z4ISKDRVJaCimhlt5ldcmGtDLAxqF8YuSKvIKndGT4RbAQI+ d3IY6O/a0mlQt/C8aphtaibGH3t4n2TFY7mcEBz8fI4WDurLNIOskNbmlzRN 7xB7I+XClCxi8tiW3PVje7uSHHS0P2/qzjJcVsx2Hr6shdG0Y+ugwB3Zoa4e TaUy515qnTUc7rHhTwf5L8TQC+gqQSZuElZMqtDFPeQkXvvgmq5Rkx/nGc2F 6lg65eTcngXZ9pTcWsOeSiV0/0TItI4iyER2zhgnP1iGZBpqI/5+Wznk2xM5 hvkJuCRokOKiLRVyeQbLTZKgARLvfuCZds9SJJAltGZ6Qsr5UxonlJtSNphV 5zXjVCN2cmluD08ugt5bfCCug8CwLEaERTevsEKFCQAtnuoQE4dne+yb//iu Ji4yOc4OHwbSUsoArqwdXz69n03urb3DgXSb2bbKmssBgX75jpuKkHXq5BiM KZ9WLq39C1aRMCwokoqgSA6SJsYU4DqP5kNSjtiqSnrVHPQQ9BpQ8Tl2lbos fgBb/taq/KsqOyv3SPZV6eBfvatysI9R6rL7GN3oFsGcxwliveHRR84Kvnuv k64UCO08kGJK3Cg9MxscT8bvFHsg/r5BrhxP0dEZfL5KR/l7rJtEOE/3C+/6 8VizQNBmd/eiNLOoF7QhtDJB0DV+u+dvuhA44zogJzIdu60UxBpfa8oFN0Kb 9YSs0+SluBXR/OnjHRecPhxmojmM/BbMRDmvJO6JeV6HLrdGIE5m17OlBYYh wAKoq71cXO1Ba9bVhMWflAVhzu9ieLE1/Ev0aO9jw4FiuM7XzP1pMZyO8KBC n0P9m4TcoGS2iepoz1IwBREehQvSLHNdoj2Iwp0wH4acAjr2BoNR6tBmG0AY GCp5DSI+J/vyzqw7fVAIxLC/Oalw4wAkR6pwKAryy3sLeDe6mYHVLmgF0tXG tAN7rPGVBB1MRcQNcmuDpIik3PaOlt4ceX7Nmpdt/iOYL1/EcHSUjISnH5rW ZF49M8l/6akxVA69bNfbFVZKmGn2cJFfq5UWnZnwmF7N6bR6L1l5irOflW3e ksCASHvXZv/72wwFkuZozx+5omKYp0eUJRbf5L/rJJo81g1byBkrgSk21jkV gDkLNx5k4TuOgcWoTswh/8mwSHhX0UGpRhuQd6PszMb2gobuHin8ChDS8ikX LNHP5B2504UmZNrDRsVkOF0Uj3pkCtSKzu/wY7jPKOs1V+GKNYTsG/P3yijH kN3JV8BX4EBHF3OBN+Os1twTs8OqWKEskaWqst1ArHZ0OqDV6nz4PaNxWmqX 6xdaCDQVCasREwHqjudvSwiVAd8RvkT3LttR4RavdOfiHXXBm6B3zbvsobKS W6hnTcawq0hyItTSIKsTbOMiiaCCU0ywGqkAXw4qwEqDCmI9SOoqsD2gM1vg gF9n8Qpfq+51jmQfGAezSsUWnSLBEpQKD+iCA5LE57PZ4jB9I14awpsYsg/j lTM0+bVQJpbIlMENtG0raeFlBZw4o7XLDSEfKYKZD+3GXujApvtRYO3Wll8t IgVlC6IdX2Z883tAW0AQhtuyN1vgRHKk8ixGXzQLKpTJMfEVLiAM3oaFY1OE sxA19bH7MURapiUEJ054tbeSbDHq0GrSsRJVg7C/fPEOwff6xyKQ3brRiAVA 4GOdwlQdQ2W7sfxn8Qh1NF4LSgw/z1MIkqtFMGunk4W/haEHoP9b4l6+NhPp F8df0GcQfmjRQZseFiVw5Nts6hVRv4Kmdi5fEVAN3BQqrq9sbIkPP8Koo/Di smarRuOgOf9MJnwrYAs5LAUdq9cmkI8Lyu11JinGUYXm+Mup3b5tXWj7end6 KdY+OpyinmmUoQujFiTBR5DnKtY6sndLGKVoFBGfJumurWlN/GOUg8SaXvqH ZoC6U6dB89JXBZTpBYRiowFk5hdCKjFloszpYDPZk9l/+h8N3MujvJv8h8+o 6rviOcJJadTV4TUPjX1JLn89G4ZrwnlcHyUvf12xoDi4pe5prf+2LZI8R/oG 5eCtVZMmMwbnJXszT/7w+gBHuCOoJpj/ISbL/UCWhjNSegjBPo3r6cUSYRWl oIKQPvDbBlTp9Ygs0goSZFOAA7Af/HTw9u2mq0nT6fziwNHA8lUtHTzxVk8L V5FPD/f7JjTp42nHa1F7Y8uK35wEZrDK6Zx2obiq0YK99AJde0iuw1fSFzyB 7oNbNWr0lqpM97TCpKpa8phAESxMnZAq1U965Sum687GpirCQPJdGCvJTHmR SJOMoS7+K2NnxRQVF+oJ3vZUbrwuj3ds036xir5Zv0RzjvSLtBya04puPJ4r Z3egZhxcFi8kwP/CBQh/1JcHpbTiYgf8eWdvMZ5zy2LwCEwqHEmbIBCvd+gH L70wA4tE2pzCcsYfauNsqmWrfbvN7vyNOx75clITqNSOxL247DRwuDyxd5te 7MsovODRVmHZ+Z13IgeZiLuqzoDjxY6gVUrRJjIZEF43El+WxHNnCa97nwHQ mhk8AvKHQCr1F8USo4O+VRSHZzvu8l1YPA9xkeQqgpWgXDSbowUgVcazwm0W S6S0sO+JJDJkPn736rQN20P74N1R+8PB2/ek7eBPTsJDKsoAYiNyKsv5Hfg7 UnEnakD77/m4+eVC5Dw0Y7Srr+yhBTUKosfmNUIfInV++d/Swa+A4NkIX4i1 wFsbq2p4jsHE2lXIEb4ytReNLfRjliS1GPmZIcLeYhYmQm1ahDQbDuLh5tNF NN4UgxYcBIOmnOFYhYNuvTAvEoCg2ZTBNpxClLS6AanZw/HtpPfVgg8eHqiC DlsldmpXzYFoZ/MnIsyvbq7vmrsICkqLK88MG2M1xoQiq2Kq89l05PV9decH rvNDv6Cl1p/ZeThFZhCJc/F4ByC2qzu/7Tp/FhTUlN+s6ZFTnvgqZ1XTO5rH vIIe3ap2J1usXdPuQ+oZph6URcvrLgQsTRdgd6HPyu7uqu7agmo9SHcDa4tq T/nwIt7m6vaeu/be+wV/Z7aKjlz3m69JMPAWHV1Xi46u6/gbv6TX8Sc0OV/X ZK+uybnX5GZcbDZ0gH+Y3xQpeR6sblvJrnNdMhCV3nWjY+BvvXFUVWgo/c0v HVUFgt8d4vzCs2+5eVTFI85j6vJRU10SKLBlch3VldA99kt6M45GTb3k6Z2f 03xBAWurW1HS8dAv6bUS2IJ1g4bfrhVI6LoGlUw89Uo6bgqNsXrTNVLirSHs ZXpdxpe115iSaBeqpJZpoS1ZYZN5cj+4u13drpJsh1TSF6Nhu98l2ZLwdB7Z Paj3ETOvlgq+cWDdGPeUVPBLepxTcxETdjFsfHVXR75tel1X99V0+CX9fThq 8a5SM2h8E6oqV4HVamI3pGqgkyb1ammFmtjoekIa5fcqn2Sb9K7nE5JLet37 XfkaPuGCDGZCer9mnMWEbB5v2RNi9TjVjmetJVAy2PF+13G6lqrj9Hq/dqSB y/vKkQ68kVbF1O880qju6I90nZiqmorWDfLy5ZGnPgXlecxQoGquCDtYbb3m tpvOpggwoc+pkJOjrre2sbW5QOybq1PvxPOBICkYCZ+JupKC2GXUE3ggCHlv MfTRQuOlLDVqGPk5orkTsgAkgbByoPAWEd66moJqZ91SXa5cxJ5nJNX2fFnM IZyeL5FThZW35cqA4YABDQAJHtcV/ATB/WI0UgYFyIXqQdxV3aMDe0iDxoIe IOgL8+kxGQ5byfkBQuYfHiRNzzVeY1lAVzuSyMBaUp0taG5BgIz2WzHEwMU+ 2lke5znlOQjCChB/gy2dGZlzSrahoM+0bZpNeuiuBNC6iIh7PaUEUo9iepME CoRMj+vWpqKyoA+Q3/aKCEHK/hAqOzwgUxAFfZQZFpaQf4XTbagFzjTgtE0M +vh3MzAvgJdbR6ixjKerzucpNl3hkIFz147VDpTu2mWsjUaAShgFgvdiGe0n 4mKFgIeI8+N9NGo8i/MK8LWHxeawbwlCEaE+XAsV340IdHLou7G6AfbnEDfl iNtF6KnBm1zD/V3n/YcxlUkNCiDwDEQoWv9+7fnkUlujbxi+5wNa0VV77tCy EUuCTpacHzyEMbBR/xVn+9VO9iOFyLnC0R4Ae5TjD7GMHw1bjeAE89dTw0qj 7m0+iWAEYI31IOYh5opnxfqFE3DWu1MXoAR2erNuyTOSAJag/kgHVTBBLam9 q/XqNEJkiwfRWeG4DUIk1Dqz9dUKlSfVxz5TAFxzcLUIwnpsnCBOQY5Y9LB7 G44QnCvwh0rCj16x/hUc2e4ZqBsukpecf1zQFWA6bS7gXKDiKbEZ7o42L3ir mtUrzEXraWcgV4dv3pcW4siIc/Q3OsDrgSKj4DXYFg5PDlsa7cbdUu9udzHl lKD23c7bo7uRqWnFbfztPOk/p1Q8tsT52hJ7poS8/ub1utcHeNM/fHdEiZch 1bHKXXbIdOEEx9c2zTzqSamkApbMA+OMkjXZMFu4zgpwDVSG31dAMnnce560 /5c5er9oNP4tOeKKJqnRmkBdwKx8UIVNP3zUGRBKZjmb3NM6PDq+OHx/cUFT cZYuJ8nPsyVkQWyEbe1iW8+xrYPxuMgIZaK2AtB+kNUodBLvQq8kyq9MBp2e +a/fSrY72y0M+ttpJbvkvWD62YFm3nNG5+Ozi+EhNH98Zmha6dkO9mxX9wwK DS9eg69wbpROG51CikiR3yZvJobbWsnrJejKyYcUMrQnH7IJ3GKdFnmWXCwy Q9FW8u/pTTZe/vOfKYDcX6TFLfgm/r//LMyW9+FxOrpljws99JYZOMCdeBTG i3h6rUhzAJIJx7GN49gJxmGGfnRsxMLp2QX+C41dXnw4OL8MR1epcIAVbmOF FqPVVInaYDbODcsCDqLNZH1TzJbXbLN0XNey6jFqli5UszTTZiaxRf90BvTH QOazT//s0QMz33v877486pt/n7eSQ6gDvVY62zj2CblJkKa3YDwB0ZavIJX5 OAf2vis1l2BsJ7zB4MeG038wguwHeOecc50CSpRK4wDvQF65IdICa3uVfxYK TXO82vQjU907UBfeIAEUodQEORxlLdOF5gleaDYqk9PHyRm8CIcQ5P0Cg277 6N0zvyOG3kgxtbTpBxLTqZsyqegG07tnRgL/3UjQEuIdbewpObQDmAzvcmYw etBmCklyjCYpqkKUHRXCYJMm5NYynANQSM8gaNiCHZFnppH/vmUet5fDZ1vM 5UzIu3wKugXWL72OkV4o5QiPS3pcpFeLdp4trtoTc7opMSnobXZX5HpiKnPQ wznoy4qjmHYnOyNk6GsyHE/rCMEh6a4TmAft5MwrQjSQEakk8akTr77kOl+W pd/Qz6+TtyDwD2E+gdgVShRXI8g7+SmnYPDY893nvb55Tv2xGgOy8AggfybZ +Jp6URI5OhVKdpGSPY+bhXbbMHl6UKTv0u0/jutydmc0gNdLo+rel6DkICuX gkGBige6vRwPL1+ZZvZ9IqwYc/vedM3vSJsyH0N1UzpL3gPi5vR6aYQH0MAf Wncfh9aNS1Hi26osvTMHrcKcDGW47Ipiu2Jk4jYJPeQsGuwMrBiVsbbsTRJW Hu93xy0nxbU04MXDzFD4aCYmkAL9Kcd5OVoiNFyLgM0kWn/NzKyYlY6/c5kT oVHa75Lne3t7FaruAVW7+0hVuRMMFvXx5fv2JXvc8Sre6e91/bnHVXVfwlN4 +GyrQ8qQvQyPhXEAGt49ZTKqjd3Aij8MvJkxKg0SpBNn821CCpzPCjoe1dSN 8HcWWJXOViR6zJFvVuaoSXJCrPuczoPOOVDS6Xas0odljZDnxJ9ockEqKn7b M9LLscjxwbsDNNnlY9Hw9frEx1laoIsXqBiV9d5FzbMLmqfasPEwW5guITvZ hK1t+XMQI5vRGBTvopo45ZMKqL+e7xo2AD59n/A46VzSLNafJ7LNLkmb/31G PsW8PMO3jE5CHNfu9tngSKmqLOQw69bYPd5m4RmKAEpW9Hk+Yd83RHpMcaoy cLIXIDuHngosb0g+m+TRbR8awHFfYSYMSLIcmpk7TK8UbareiDs7YP/FXHnQ m6qFmrUTnYbqCkFUoV0WjDIPqDXMnDE2xF4kxoW8IH/HBB9IRZ+02z61Uf/r 7QENLmrU0HBytn1VZ5ikeHh2Aoz44ii9RwzFkrE+/jbo0o7H78EqWYisem4o CEZqTSoLFUPhJMov0XQpAhnvnDVT3NydLSxc3rd3QHWrDqiVCHKZ4/5hoTnw UkhkMFagJH6DVRq5Kg2XY6YcTzf1WWTA2MvQHEe7+bfv1QZ2XAOg7UCXgRcw g19FT4JUJhLEM2bwjZHl7SunYts+lhzc+amY3bL45zTfLPphP+8Y9Ymmi3Rc wfdkOGqRGUX6ATPX8lIjbR2hGPAIFuBcAzvutFQ8JzZuRYWYNyIa5rzNorjd 226RfXg6S1AOsAt4+5ZjjJU1TMPvWcDCaXCF24lqhi/VtIkUHMekIHlPMjkq SD6hLMeTffc5yXJptPQYZltvD2mCvUcLElT0Nk9n5v/+73KqRAbeQZlNeJFM AHVrzvey05QyikDCOAtvUdY1DGuf4yKgYcDNNWQtb6gX5hBTZKiTQjNAauBK OE2kxafcSFAA6YWMh2xGgQ0dlJvl1J6LppNHfTxEn/wZm32ZbZeENq03SzUN pr5POWBlWkww6MNPZ2+Gbr3EKynNnkxnNrM3OwKUtPse+q+SKRDrR13IzAZK /lOzKYqJjZmx6kcLL9RcV7pOQm2pE7HlDfnpOsDle3PmSRHh44rFvl3/Ykes cqIel9cvMAvbA0/IkGjQ6e7WMyTwRfbZqsNAbtoDaPGZjv2PN0evSNEqZ3bp 1Z8Swx6gKaa7E+1BWTFz0CTuP+Xcdtw+MocrqO7FqiNbu7vdWXxewKnE7yCa drrbrH/hDDo9FMjjWDQU19USQlJ1J6mESTDZMFjL36z4ecd0qOZ6aVQbRKFH qQ4iqBYujO8WcP4CTLKyYl54AWCSDtd5XaUV88OzLWIJUeA4tfhq+uDcThmX WD8AI2a/upfq+KFLTImQwiYHMO4k68RWCxYuIzusgD9EluXra7tbtLuDmGUq 2LF+OXkLPHFyRBk+kU9CrkGbU3fgs7U6v5j1ybYNp/l61iiQEhLz/yyI8UI8 YhBzc7P7zsb+1PEODlYIRC+m+w9J7aziy1Sd2kaEepJ3sh2o0/PM5SYw02t4 ErmhsgRMJ2WSYye4EmvrsdlSnc4NWfyDnVizg/kz9R9ubJkwdMBBYd/RjqtN 9Z6BLLXDV6qATlWrImG4Lsl1vzB74HyJO2Yj8XDuHDHLhDRsu4pDtkEzWbcf EzYDVg+0Hi3hVOQlSjkPBd0/LnxAI1XRQ+OsHBW5hZwMXEplALhlNyDXXZFF Dx4+9yA0FbEzcwSed9bJu9gs6BUzWDlNh+j9MgOkTHAroNtxtHTALGnVw4wK 1JhMB77SUZRiFNB3wigwB+4x40u4DihtWnfiiPyjEaYlm0wY/MZobNc3i4cM /h9rZtc5Q1FtJtLhU6ahl8XMKMQM4TcyUpUoTymAjfgreMtFpx9Mj4CNS64E 30CUj1GQXRle/ZSOboOLBru9Uwt4w2bOVm+PDs6SD33Km0NfBkkT5MtOr4eL 5ihnMSljcGdMJxz4FtNIzZDb0ZTZ7RG3nxGcN8qViVWx/JB8QzvRcYQz+v6R 9QAQLXXP1vXog+2M6QZeHEr3UIcsSQ2zhkWwY5GAdQ4FLtaKD9Y0IHWCWti0 G6VNKiSXPqwBp9Pb6ovcFDPKAhPzPcyK245eCp4VHQ9f3DBlW3LmEngGs39d YGqSsCPasGlvnZkbHqluda3aafx/LfGA6vH0AwA= --></rfc>