<?xml version="1.0" encoding="UTF-8"?><?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.4.2 --><!DOCTYPE rfcSYSTEM "rfc2629.dtd"[ <!ENTITYRFC4998 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4998.xml"> <!ENTITY RFC5276 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5276.xml">nbsp " "> <!ENTITYRFC5055 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5055.xml">zwsp "​"> <!ENTITYRFC5911 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5911.xml">nbhy "‑"> <!ENTITYRFC5912 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5912.xml"> <!ENTITY RFC6268 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6268.xml">wj "⁠"> ]><?rfc toc="yes"?> <?rfc sortrefs="yes"?> <?rfc symrefs="yes"?><rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-housley-ers-asn1-modules-03"category="info">number="9169" obsoletes="" updates="" submissionType="IETF" category="info" consensus="true" xml:lang="en" tocInclude="true" sortRefs="true" symRefs="true" version="3"> <front> <title abbrev="New ASN.1 Modules for the ERS">New ASN.1 Modules for the Evidence Record Syntax (ERS)</title> <seriesInfo name="RFC" value="9169"/> <author initials="R." surname="Housley" fullname="Russ Housley"> <organization abbrev="Vigil Security">Vigil Security, LLC</organization> <address> <postal> <street>516 Dranesville Road</street><city>Herndon, VA</city><city>Herndon</city> <region>VA</region> <code>20170</code><country>US</country><country>USA</country> </postal> <email>housley@vigilsec.com</email> </address> </author> <author initials="C." surname="Wallace" fullname="Carl Wallace"> <organization abbrev="Red Hound Software">Red Hound Software, Inc.</organization> <address> <postal> <street>5112 27th St.N.</street> <city>Arlington, VA</city>N</street> <city>Arlington</city> <region>VA</region> <code>22207</code><country>US</country><country>USA</country> </postal> <email>carl@redhoundsoftware.com</email> </address> </author> <date year="2021"month="August" day="26"/> <keyword>Internet-Draft</keyword>month="December"/> <keyword>LTANS </keyword> <keyword>long-term archive </keyword> <abstract> <t>The Evidence Record Syntax (ERS) and the conventions for including these evidence records in the Server-based Certificate Validation Protocol (SCVP) are expressed using ASN.1. This document offers alternative ASN.1 modules that conform to the 2002 version of ASN.1 and employ the conventions adopted inRFCRFCs 5911,RFC5912, andRFC6268. There are no bits-on-the-wire changes to any of the formats; this is simply a change to the ASN.1 syntax.</t> </abstract> </front> <middle> <sectionanchor="intro"><name>Introduction</name>anchor="intro" numbered="true" toc="default"> <name>Introduction</name> <t>Some developers would like the IETF to use the latest version of ASN.1 in its standards. This document provides alternative ASN.1 modules to assist in that goal.</t> <t>The Evidence Record Syntax (ERS) <xreftarget="RFC4998"/>target="RFC4998" format="default"/> provides two ASN.1modules,modules: one using the 1988 syntax <xreftarget="OLD-ASN1"/>,target="OLD-ASN1" format="default"/>, which has been deprecated by the ITU-T, and another one using the newer syntax <xreftarget="NEW-ASN1"/>,target="NEW-ASN1" format="default"/>, which continues to be maintained and enhanced. This document provides an alternative ASN.1 module that follows the conventions established in <xreftarget="RFC5911"/>,target="RFC5911" format="default"/>, <xreftarget="RFC5912"/>,target="RFC5912" format="default"/>, and <xreftarget="RFC6268"/>.</t>target="RFC6268" format="default"/>.</t> <t>In addition, <xreftarget="RFC5276"/>target="RFC5276" format="default"/> specifies the mechanism for conveyingEvidence Recordsevidence records in the Server-based Certificate Validation Protocol (SCVP) <xreftarget="RFC5055"/>.target="RFC5055" format="default"/>. There is only one ASN.1 module in <xreftarget="RFC5276"/>,target="RFC5276" format="default"/>, and it uses the 1988 syntax <xreftarget="OLD-ASN1"/>.target="OLD-ASN1" format="default"/>. This document provides an alternative ASN.1 module using the newer syntax <xreftarget="NEW-ASN1"/>target="NEW-ASN1" format="default"/> and follows the conventions established in <xreftarget="RFC5911"/>,target="RFC5911" format="default"/>, <xreftarget="RFC5912"/>,target="RFC5912" format="default"/>, and <xreftarget="RFC6268"/>.target="RFC6268" format="default"/>. Note that <xreftarget="RFC5912"/>target="RFC5912" format="default"/> already includes an alternative ASN.1 module for SCVP <xreftarget="RFC5055"/>.</t>target="RFC5055" format="default"/>.</t> <t>The original ASN.1 modules get some of their definitions from places outside the RFC series. Some of the referenced definitions are somewhat difficult to find. The alternative ASN.1 modules offered in this document stand on their own when combined with the modules in <xreftarget="RFC5911"/>,target="RFC5911" format="default"/>, <xreftarget="RFC5912"/>,target="RFC5912" format="default"/>, and <xreftarget="RFC6268"/>.</t>target="RFC6268" format="default"/>.</t> <t>The alternative ASN.1 modules produce the samebits-on-thebits on the wire as the original ones.</t> <t>The alternative ASN.1 modules are informative; the original ones are normative.</t> </section> <sectionanchor="asn1-module-for-rfc-4998"><name>ASN.1anchor="asn1-module-for-rfc-4998" numbered="true" toc="default"> <name>ASN.1 Module for RFC 4998</name><figure><artwork><![CDATA[ <CODE BEGINS><sourcecode name="" type="asn.1" markers="true"><![CDATA[ ERS-2021 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ltans(11) id-mod(0) id-mod-ers(1) id-mod-ers-v2(2) } DEFINITIONS IMPLICIT TAGS ::= BEGIN EXPORTS ALL; IMPORTS ContentInfo FROM CryptographicMessageSyntax-2010 -- in [RFC6268] { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) } AlgorithmIdentifier{}, DIGEST-ALGORITHM FROM AlgorithmInformation-2009 -- in [RFC5912] { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-algorithmInformation-02(58) } AttributeSet{}, ATTRIBUTE FROM PKIX-CommonTypes-2009 -- in [RFC5912] { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) } ; ltans OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ltans(11) } EvidenceRecord ::= SEQUENCE { version INTEGER { v1(1) }, digestAlgorithms SEQUENCE OF AlgorithmIdentifier {DIGEST-ALGORITHM, {...}}, cryptoInfos [0] CryptoInfos OPTIONAL, encryptionInfo [1] EncryptionInfo OPTIONAL, archiveTimeStampSequence ArchiveTimeStampSequence } CryptoInfos ::= SEQUENCE SIZE (1..MAX) OF Attribute ArchiveTimeStamp ::= SEQUENCE { digestAlgorithm [0] AlgorithmIdentifier {DIGEST-ALGORITHM, {...}} OPTIONAL, attributes [1] Attributes OPTIONAL, reducedHashtree [2] SEQUENCE OF PartialHashtree OPTIONAL, timeStamp ContentInfo } PartialHashtree ::= SEQUENCE OF OCTET STRING Attributes ::= SET SIZE (1..MAX) OF Attribute ArchiveTimeStampChain ::= SEQUENCE OF ArchiveTimeStamp ArchiveTimeStampSequence ::= SEQUENCE OF ArchiveTimeStampChain EncryptionInfo ::= SEQUENCE { encryptionInfoType ENCINFO-TYPE.&id ({SupportedEncryptionAlgorithms}), encryptionInfoValue ENCINFO-TYPE.&Type ({SupportedEncryptionAlgorithms}{@encryptionInfoType}) } ENCINFO-TYPE ::= TYPE-IDENTIFIER SupportedEncryptionAlgorithms ENCINFO-TYPE ::= { ... } aa-er-internal ATTRIBUTE ::= { TYPE EvidenceRecord IDENTIFIED BY id-aa-er-internal } id-aa-er-internal OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 49 } aa-er-external ATTRIBUTE ::= { TYPE EvidenceRecord IDENTIFIED BY id-aa-er-external } id-aa-er-external OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 50 } ERSAttrSet ATTRIBUTE ::= { aa-er-internal | aa-er-external, ... } Attribute ::= AttributeSet {{ERSAttrSet}} END<CODE ENDS> ]]></artwork></figure>]]></sourcecode> </section> <sectionanchor="asn1-module-for-rfc-5276"><name>ASN.1anchor="asn1-module-for-rfc-5276" numbered="true" toc="default"> <name>ASN.1 Module for RFC 5276</name><figure><artwork><![CDATA[ <CODE BEGINS><sourcecode name="" type="asn.1" markers="true"><![CDATA[ LTANS-SCVP-EXTENSION-2021 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ltans(11) id-mod(0) id-mod-ers-scvp(5) id-mod-ers-scvp-v2(2) } DEFINITIONS IMPLICIT TAGS ::= BEGIN EXPORTS ALL; IMPORTS id-swb, CertBundle, WANT-BACK, AllWantBacks FROM SCVP-2009 -- in [RFC5912] { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-scvp-02(52) } EvidenceRecord FROM ERS-2021 -- in[ThisRFC][RFC9169] { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ltans(11) id-mod(0) id-mod-ers(1) id-mod-ers-v2(2) } ; EvidenceRecordWantBack ::= SEQUENCE { targetWantBack WANT-BACK.&id ({ExpandedWantBacks}), evidenceRecord EvidenceRecord OPTIONAL } EvidenceRecordWantBacks ::= SEQUENCE SIZE (1..MAX) OF EvidenceRecordWantBack EvidenceRecords ::= SEQUENCE SIZE (1..MAX) OF EvidenceRecord ExpandedWantBacks WANT-BACK ::= { AllWantBacks | NewWantBacks | ERSWantBacks, ... } NewWantBacks WANT-BACK ::= { swb-partial-cert-path, ... } swb-partial-cert-path WANT-BACK ::= { CertBundle IDENTIFIED BY id-swb-partial-cert-path } id-swb-partial-cert-path OBJECT IDENTIFIER ::= { id-swb 15 } ERSWantBacks WANT-BACK ::= { swb-ers-pkc-cert | swb-ers-best-cert-path | swb-ers-partial-cert-path | swb-ers-revocation-info | swb-ers-all, ... } swb-ers-pkc-cert WANT-BACK ::= { EvidenceRecord IDENTIFIED BY id-swb-ers-pkc-cert } id-swb-ers-pkc-cert OBJECT IDENTIFIER ::= { id-swb 16 } swb-ers-best-cert-path WANT-BACK ::= { EvidenceRecord IDENTIFIED BY id-swb-ers-best-cert-path } id-swb-ers-best-cert-path OBJECT IDENTIFIER ::= { id-swb 17 } swb-ers-partial-cert-path WANT-BACK ::= { EvidenceRecord IDENTIFIED BY id-swb-ers-partial-cert-path } id-swb-ers-partial-cert-path OBJECT IDENTIFIER ::= { id-swb 18 } swb-ers-revocation-info WANT-BACK ::= { EvidenceRecords IDENTIFIED BY id-swb-ers-revocation-info } id-swb-ers-revocation-info OBJECT IDENTIFIER ::= { id-swb 19 } swb-ers-all WANT-BACK ::= { EvidenceRecordWantBacks IDENTIFIED BY id-swb-ers-all } id-swb-ers-all OBJECT IDENTIFIER ::= { id-swb 20 } END<CODE ENDS> ]]></artwork></figure>]]></sourcecode> </section> <sectionanchor="iana-considerations"><name>IANAanchor="iana-considerations" numbered="true" toc="default"> <name>IANA Considerations</name> <t>IANAis requested to assignhas assigned two object identifiers from the "SMI Security for LTANS Module Identifier" registry to identify the two ASN.1 modules in this document.</t> <t>Theassignment of thesefollowing object identifiersis requested:</t> <figure><artwork><![CDATA[ 1.3.6.1.5.5.11.0.1.2 id-mod-ers-v2 [ThisRFC] 1.3.6.1.5.5.11.0.5.2 id-mod-ers-scvp-v2 [ThisRFC] ]]></artwork></figure> <figure><artwork><![CDATA[ {{{ RFC Editor: Please replace [ThisRFC] with the number assigned to this document. }}} ]]></artwork></figure>have been assigned:</t> <table anchor="iana"> <name>IANA Object Identifiers</name> <thead> <tr> <th>OID Value</th> <th>Description</th> <th>Reference</th> </tr> </thead> <tbody> <tr> <td>1.3.6.1.5.5.11.0.1.2</td> <td>id-mod-ers-v2</td> <td>RFC 9169</td> </tr> <tr> <td>1.3.6.1.5.5.11.0.5.2</td> <td>id-mod-ers-scvp-v2</td> <td>RFC 9169</td> </tr> </tbody> </table> </section> <sectionanchor="security-considerations"><name>Securityanchor="security-considerations" numbered="true" toc="default"> <name>Security Considerations</name> <t>Please see the security considerations in <xreftarget="RFC4998"/>target="RFC4998" format="default"/> and <xreftarget="RFC5276"/>.target="RFC5276" format="default"/>. This document makes no changes to the security considerations in those documents. The ASN.1 modules in this document preservebits-on-the-wirebits on the wire as the ASN.1 modules that they replace.</t> </section> </middle> <back><references title='Normative References'> &RFC4998; &RFC5276; &RFC5055; &RFC5911; &RFC5912; &RFC6268;<references> <name>References</name> <references> <name>Normative References</name> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4998.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5276.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5055.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5911.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5912.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6268.xml"/> <reference anchor="NEW-ASN1">target="https://www.itu.int/rec/T-REC-X.680"> <front> <title>Information technology -- Abstract Syntax Notation One (ASN.1): Specification of basic notation</title><author ><author> <organization>ITU-T</organization> </author> <dateyear="2015" month="August"/>year="2021" month="February"/> </front> <seriesInfo name="ITU-T Recommendation" value="X.680"/> <seriesInfo name="ISO/IEC"value="8824-1:2015"/> <format type="PDF" target="https://www.itu.int/rec/T-REC-X.680-201508-I/en"/>value="8824-1:2021"/> </reference> </references><references title='Informative References'><references> <name>Informative References</name> <reference anchor="OLD-ASN1">target="https://www.itu.int/rec/T-REC-X.208/en"> <front><title>Specification<title> Specification of Abstract Syntax Notation One (ASN.1)</title><author ><author> <organization>CCITT</organization> </author> <date year="1988" month="November"/> </front><seriesInfo name="CCITT Recommendation" value="X.208"/> <format type="PDF" target="https://www.itu.int/rec/T-REC-X.208/en"/><refcontent>CCITT Recommendation X.208</refcontent> </reference> </references> </references> </back><!-- ##markdown-source: H4sIAMasJ2EAA81ae3PaSBL/X5+iy6m6wlUWARK/2LutxRgnurXBh5THXip1 JaSxmY3QcJrBhGPZz37dM5KQBAaSu9paktqVZrp7un/9mB5NbNu2FFcRa0Of zaHj9utNuBPhLGISHkQCasyg98RDFgcMhiwQSQjuIlb+V6j1hu6x5Y9GCXva yT50rVAEsT/BVcLEf1D2WMxkxBY2S6Tty7hpTwyP3Xhlhb5Culaj1bQbF3br zApw4FEkizbw+EFYFp8mbVDJTKpWo3HZaFlf2GKOerXBiRVLYqbsa1rFsqTy 4/BffiRilBgLa8rb8EmJ4ASkSFTCHiQ+LSb08Nmy/Jkai6RtgW0B/ngs2zCs w1ujqx4zNgxnUpaGRfLYhvf8kUfgsmCWcLU4gdvbrp7MACrP6ymJOjDVhtPm GaDKMZNPPIoQZ+GHmiBAyja8RaNCEZ/A+44ZFaFGqHneSN9nsSJ83rn6nU18 HrUhBfmnJ1pYsqAeiIlVsq5bhw9+FPkBK1jX9ZOoNKytG7KQTI7R++JBzf2E nSDcQb1k4iZRxcxmC1rnagyuqkO/XjCxk0Q8flSbRrZajfNdRgao7U8JC8e0 rExXNZbGIpn4ij8xdCkMb7qvLy8v0sfT1vlZ9tg4Pc0eL5vN9WMrfTxrnWm2 fu+DjQGuKQDSpPlRvwBC8WBWEzEoFoxjEYnHBdg2dEZovh+oLGv6QhmyQcyg pjPmuJ1Kcacs4A88MATiAUa+5AFGrmExWGdRCrlvHO+d7emBLHeap5g7BnuW cCYpcTKWI02uc3kyYXGoRR+14ehj/eyicZRTuYOXTq9LExcXrdd2s01izbSx NRMI99c3GG1KTWX75cv5fF7nalbnsXqZsOClZw97XVvLtkkC5rTzksUWzxAz /hncXm+ie7QByCFoHj2HU7freEWcmpcXF3az+RxOmnwrTq3GxfcDgcxkv2Vj cPipOZbl7amzgJVMV9NAxE8sJl1MheVxEM1CTB6alcximZBEC5FIoPlcljyx xMaIwiTtskQZXBm89yNujIP7RGB1FJFVc7vv73HNhAH7Ok2YJKaZpFU0xnUA b8wlYFmfITYKXfOAtRz8iAqwdqohtNLCjir4inQnxEAJrRKW7xagUjJzrt4+ yFA2mUZiQURW0V4/FFOFmqBJmJhA+XqSPbVONCe9UcZqDRnqTzZg6R9xJW0R 2yjSnnMcC8Z+/EiKCeRb0PKkknGo/AFf0Dz8KzmqsgA/pbdS1Y2qUjuobnw5 4WEYMct6gbtQglYHGtLlC06vK8tyxYRByJ5YJKaE1VzMohAi/oVpiU7PuyFl ZtK8R+gbqTbh4Zg6CvWirc1H/264YpoICoEtzoDcGWizlFwqSwcHeuZR+FH9 gChcLtNCulqtF1JzUV7gxMIdN40XsoUSLQULJWSpvlqdwHzMgzGMfQkjxmKE B4ONojKEkXG/LlbGtT7WQXQplGXHbI5jufCsSufCKYAUj2fG7BED3DeQlscs NKEWo2MDFu7AMbaeg9KA9yCiSMzlRnqi//xRxOVYh6ylsaOYJd2ylxa9kB56 gCJ3tUJHODEGe8hJTkaLWxaCLk1FZGa1CaOw5HKiS4Fee0HAZD60ht9fBMAU gVRt3CVRsSypECcRY1qQK0p44DoFbY1lXFFQS2tXJOxC/9mqckgUaA2ecZBV dhAc7iCgjcd43yoQoqYJ88NFWpSf0T7DilxGEEMRYZODIsGeLfajSt4+MoWd K5YRU614ggnzwGOe7gaJmMCU2jZpiZmSCJ+2mEqi2d5Qb3fNjjsEFm0Kk7Ak hyomrTIn60L+gCEyixRlD9KYPGE7ioveCgygquhS042DiFPVxTzGDMWkx/11 pNNxzrE11GGdiqr4xNqTNLv1muqibCCR2OlCYUsAvSX4JkZz8DG65V6xhFah l/kBNkRYZgtKCVDgi+I5SYcBuYiqqmX9/vvv1l+7g+seXPXeOH33R4uaC6y9 Np2ITKOxxPwTteYxUJJTCrPQxgYHC8F/dArXXh0j6mHtDCnSExFSZ02KTE8g tdPjdf2Q9Bahg2StqQXTiazWyJnMAJ3Xavm0Pr09tWqtY1hpLa97N07f8ZxB 3wXn7v7WwQYKvM4bF9rtvxGBNskY9PF+MPRc6Nze/qAHkJ4G9HMXKzYaRj21 Wf9mOLiDbrKYKvGY+FMs63fYkviPzOxN1Fc2qNfGePmUBsTnTPMcrAmbjKj2 iXBBKs9k7eJ14xgS6YeSo9WvTl9fHsP0S6BNzNhBj9iXNZyTEz5htSbCmjof AcqwCCbSpuNo7fQig6MT4akVQ3riZG5Klhi3186bnuvZnds3g6Hjvb0rmLjm WB8ntNSCcRT+m8Z9VyTsioXpF/61dr4lEvJY8Lcp22gVAVAq4aOZYi5TZHnH 84bO1TuvVzD5/mfno93FDlvE3mLK5J/WXKIwemojz8lInDXRqzMHBld/73U9 cK57fc+5cXpDivtDlDaLbWp+UK4arLMdP23aaGG39493vX63B0sjP2slwel7 vTeo3RKemrQKVlajAMeGWOVBKGEtYnCzLZzXIFV/y2qU44Zar9dX2VKBTmaK HFzlU+Nzmt1mYHBPNaRzm9KiWTSJqtM0kjc/Q688VuHwk2CMpdbDdHWVP5m6 7N8z3dJC57kZg2JRixKErvPPHtSa9fpd5+OxRiOLbRPpFbFb8a/Aq83+JlB3 wLqBQKaeNIyEWWc9VqHG7Rp3xvCtL8f0qQY+tT6XXH/vY6foR/l8hV3lZptf oX6nuFYFlODBBQZdr+eBi+Wh/6ZcOjI/eN/qgu4Ye/yNhapUW1nzoNjHrdcw 6VeOx23uL4cxFTtk63ed/s3A9n6579X/wsPM97WlO5tORYIHobXkdWKujrem Bjbxsw2htNChYpc/bSq5yitMQaw2kB7sdbHTRDvlb4pYAkZvKt/3saGwTfWj zjfbLLLmgcq/ZqyUulyDa7j6hap1RZCRvjm+r1yX+wWjwZ6mgf5f6RT0utRv vL4s2cm+/p/szAVV7MzH/2A7TxtZvAxdylDc+8s24soVT/xWweQkjQoUUqoF mrvYVGD/v15llYXptZV20PiI/TN11M+03HRKfa7lvvU6fdem85nd++j1+i5W vD9LD27L4GlK1JWh7+nGU5BLDXk6VuzJcSU5H53ojwZXsziM2Al86PQ9+6rT /Rlbuyj64Mfqyg++yEJ3p+H7s3Z0GjHq5VppL5f+NtupgkXZSSwziL5aoFF/ gEE7IuOA81nWqZYNy3y2dcNSfvLIVE6ydjftVLiX9L5O8QzOciGFbalcuaqV LGsftrauubTdDdiuLsn8tovdsuK+Vq8SC1pA1fQ1OGmJKyYE/LZfW/r12fyb eTAec56Twm5aklVVDjPZnpqWzA4wofFFjYvcWwnKYrIyuC4ImzvUdjGrQkHZ Mv3sdqUZoHm63l92W0jhjzuVFn0AnBnLCJv0gjqHM26acjhvwp6EueWy6WPS N3D6UVT1XMnwrU7b11psSCn5rDSzz11nFcUq8P5P6lVkbShZmd+n6nkVw8My 4GAwd2fCdpJ9Ol9UdK4G0gEay+dVrkrLtsmK2lWyfUpfVpTGGD5E0XW6P6sw SdpAlQb3qNTKu9bt7aPT6XfoXEsf1RPf3B5YepBLPD7jeVHSpVV6sfYY6zsx MfqVBWrdCSTpN3r6QmwduXdO/q9BdEeqO86sRV1/DzhC+Y9cqmRB4lNhC/2l euPibeOje/b5WiuV3tSai+Jt2hVtaZvGGCFp1l/Vz+rN+in+aTbrDXxsAUC5 y8jr0roj2sp7usGbNq5lXo06/We5XOpWvRdyJZI23EfMl3R1oS861hzry4N4 RucZ828AtNnGL2VYYIXHBePa3AdV96ZLSZbeGWR0QYkuv6RIb0XzawlzBZZe bFn5xdbE/4J+ikXxAnqPeDUWkuUSZHoDs9vxQLf2dNsH1Ztvy5eFK+zS/TwO LzJo69Z/AftW9uIcJgAA --></rfc>