<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.2.3) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-labiod-rats-attester-groups-05" category="std" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="Attester Groups">Attester Groups for Remote Attestation</title>
    <seriesInfo name="Internet-Draft" value="draft-labiod-rats-attester-groups-05"/>
    <author initials="H." surname="Labiod" fullname="Houda Labiod">
      <organization>Huawei Technologies France S.A.S.U.</organization>
      <address>
        <postal>
          <street>18, Quai du Point du Jour</street>
          <city>Boulogne-Billancourt</city>
          <code>92100</code>
          <country>France</country>
        </postal>
        <email>houda.labiod@huawei.com</email>
      </address>
    </author>
    <author initials="A." surname="Lamouchi" fullname="Amine Lamouchi">
      <organization>Huawei Technologies France S.A.S.U.</organization>
      <address>
        <postal>
          <country>France</country>
        </postal>
        <email>aminelamouchi@huawei-partners.com</email>
      </address>
    </author>
    <author initials="J." surname="Zhang" fullname="Jun Zhang">
      <organization>Huawei Technologies France S.A.S.U.</organization>
      <address>
        <postal>
          <street>18, Quai du Point du Jour</street>
          <city>Boulogne-Billancourt</city>
          <code>92100</code>
          <country>France</country>
        </postal>
        <email>junzhang1@huawei.com</email>
      </address>
    </author>
    <author initials="H." surname="Birkholz" fullname="Henk Birkholz">
      <organization abbrev="Fraunhofer SIT">Fraunhofer SIT</organization>
      <address>
        <postal>
          <street>Rheinstrasse 75</street>
          <city>Darmstadt</city>
          <code>64295</code>
          <country>Germany</country>
        </postal>
        <email>henk.birkholz@sit.fraunhofer.de</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <area>Security</area>
    <workgroup>RATS</workgroup>
    <keyword>Internet-Draft</keyword>
    <abstract>
      <?line 51?>

<t>This document proposes an extension to the Remote Attestation
Procedures architecture by introducing the
concept of Attester Groups. This extension aims to reduce computational
and communication overhead by enabling collective Evidence appraisal
of high number of homogeneous devices with similar characteristics, thereby improving the scalability
of attestation processes.</t>
    </abstract>
  </front>
  <middle>
    <?line 60?>

<section anchor="introduction">
      <name>Introduction</name>
      <t><xref target="RFC9334"/> defines Attesters as entities comprising at least one Attesting Environment and one Target Environment
co-located in one entity. It also presents different ways to compose the Attesting and Target Environments,
such as Composite Devices and Layered Attesters. Layered Attester reflects a cascade of staged Environments. It
is more related to one device with different layers and there is a relationship between them.
However, mechanisms for efficiently managing multiple, independent Attesters are missing.
Assessing the trustworthiness of large numbers of independent devices individually can result in high conveyance and processing overhead.
This comes into effect particularly when these devices share identical hardware or firmware components, which can lead to redundancy between all individual remote attestation procedures.
One example would be a smart factory scenario where numerous sensors of the same model monitor different parts of the manufacturing process.
These sensors share identical hardware and firmware configurations.
This document proposes a model by which these separate sensors devices can be grouped into a single Attester Group and a shared remote attestation procedure can appraise their authenticity collectively rather than individually.
Direct Anonymous Attestation (DAA) <xref target="I-D.ietf-rats-daa"/> has a similar concept of using one unique ID for one group of Attesters, but its goal is to mitigate the issue of uniquely (re-)identifiable Attesting Environments, while scalability is the major concern in this document.</t>
    </section>
    <section anchor="terminology">
      <name> Terminology</name>
      <t>The following terms are imported from <xref target="RFC9334"/>: Attester, Composite Device, Evidence, Layered Attester, Verifier.</t>
      <t>Newly defined terms for this document:</t>
      <dl>
        <dt>Attester Group:</dt>
        <dd>
          <t>A role performed by a group of Attesters whose Evidence must be appraised in order to infer the extent to which the individual Attesters comprising the group are considered trustworthy.</t>
        </dd>
        <dt>group-id:</dt>
        <dd>
          <t>A new Attester Identity type (see <xref section="2.2.1." sectionFormat="of" target="I-D.ietf-rats-ar4si"/>).
It is a unique identifier assigned to each Attester Group, allowing the group to dynamically adjust its membership without redefining its fundamental identity.</t>
        </dd>
      </dl>
      <section anchor="requirements-notation">
        <name>Requirements Notation</name>
        <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
        <?line -18?>

</section>
    </section>
    <section anchor="attester-group-and-comparison-to-composite-devices">
      <name>Attester Group and Comparison to Composite Devices</name>
      <t>We should be able to leverage the similarities between Attesters to avoid redundant attestations.
An Attester Group is by definition a dynamic entity.
Attesters can join or leave the group, in contrast to Composite Devices that have a static composition with a pre-defined set of Attesting Environments and fixed parameters.
The dynamic nature of an Attester Group allows for the flexibility to tailor group parameters.
This kind of flexibility facilitates the implementation of various group attestation schemes that can optimize the resources required to conduct remote attestation procedures for large device groups.
 A composite device is an entity composed of
multiple sub entities. Each sub entity is an Attester. In a composite device we can have multiple Attesters with a Lead
Attester. The Attesters are appraised via the main Lead Attester's help.
The lead Attester generates Evidence about the layout of the whole composite device, while sub-Attesters generate Evidence about their respective (sub-)modules.
Composite device model is not flexible enough to  represent our definition of Attester Group where we do not need a leader Attester nor a composition of evidences of the Attesters.</t>
      <t>The table below summarizes the key differences between the Group Attester concept and the Composite Device concept.</t>
      <table>
        <thead>
          <tr>
            <th align="left">Composite Device</th>
            <th align="left">Attester Group</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td align="left">Lead Attester</td>
            <td align="left">No Lead Attester</td>
          </tr>
          <tr>
            <td align="left">The Composite Device is identifiable by the Lead Attester</td>
            <td align="left">The Attester Group is identifiable by a group-id a unique identifier</td>
          </tr>
          <tr>
            <td align="left">Composition of Evidence of sub-modules (Attesters)</td>
            <td align="left">No composition</td>
          </tr>
        </tbody>
      </table>
    </section>
    <section anchor="attester-group-extension">
      <name>Attester Group Extension</name>
      <t>In Section 3 (Architectural Overview) of <xref target="RFC9334"/>: we could add a subsection 3.4 titled "Attester Groups". In addition, in <xref section="2.2" sectionFormat="of" target="I-D.ietf-rats-ar4si"/> about Non-repudiable Identity,
we could add an Identity Type "group-id" (i.e add another row in the Table 1 in <xref target="I-D.ietf-rats-ar4si"/>).</t>
    </section>
    <section anchor="use-case-scenarios-with-a-large-scale-network">
      <name>Use Case Scenarios with a large scale network</name>
      <t>In this section, we provide three examples of applications where all devices are homogeneous with similar characteristics.</t>
      <t>Use Case 1: Remote maintenance in the aerospace domain</t>
      <t>Context: EU ASSURED H2020 Project.
Once an aircraft lands, there is the need for the physical presence of an engineer to go and connect to the "head unit" (in the cockpit) for extracting log data so as to check whether something needs to be checked/maintained.
We need attestation of all core PLCs and embedded systems responsible for the core functionalities of the aircraft. All attestation reports are remotely sent (in a secure manner) to the control station once landed. We can group the attested elements into different Attester Groups.</t>
      <t>Approach: We can consider an Attester Group of 1000 aircrafts (same manufacturing brand).</t>
      <t>Use Case 2: Automotive domain, a Vehicle with embedded Electronic Control Units (ECUs)</t>
      <t>Context: CONNECT EU H2020 project.
The automotive industry is moving to a more hierarchical in-vehicle architecture where ECUs are monitored by Zonal Controllers and these in turn communicate with the Vehicle Computer. This is, for instance, how kinematic data are extracted from the sensors all the way up to the vehicle computer to be encoded into a V2X message. This data need to be associated with Evidence on the integrity of the sensor as a data source and this is where group attestation is an interesting capability. The Attester Group can be formed for hierarchical-based attestation,
like Attester Group of all in-vehicle ECUs or attested group of vehicles within an intersection.</t>
      <t>Approach: we can consider an Attester Group of a fleet of 70000 vehicles (same brand). We can also consider an Attester Group of similar ECUs.</t>
      <t>Use Case 3: AI computing cluster</t>
      <t>Context: An AI computing cluster is a composite computing environment composed of a group of computing nodes/chips on which one or more computing tasks are executed.
A user or an application/large model provider needs to verify the integrity of the collected measurement/evidence information from the composite computing environment.</t>
      <t>Challenge: The cluster may contain heterogeneous trusted roots, and the composition may be dynamically updated. Repeated attestation is not efficient if done without context and can be very expensive.</t>
      <t>Approach: We can consider a large group of Attesters or a set of group Attesters. An Attester group that maps to the nodes of a cluster that executes a specific task may be dynamically created or dissolved according to the requirements of the computing task. One or more remote attestation server/Verifier appraise collected evidence/measurements for the entire composite computing environment. The intent of remote group attestation is to hide the complexity of that back-end computing node interaction from customers (the Relying Parties), while still being able to assess its trustworthiness. Generally, a master node in the group is responsible for communicating with the Verifiers (or indirectly with the customer if they triggered remote attestation as a Relying Party), responding to the remote attestation challenge request of the client, collecting evidence claims of all group nodes as a whole, and sending the evidence to the Verifier for appraisal.</t>
      <t>When all computing nodes/chips in a computing Attester group are provided by the same vendor or deployed by the same cloud vendor, using a unified and centralized dedicated hardware root of trust can be considered (e.g., hardware security chip, centralized hardware DIE, or BMC) to offload important security functions (secure storage, security monitoring, etc.) to this independent root of trust module. The trusted boot and other related evidence claims of the group are securely stored on that unified root of trust. During the remote attestation procedure, the master node of the group collects claims aggregated and signed already as evidence by the centralized module. If a single root of trust manages multiple chips, a single point of failure (such as malicious intrusion and system breakdown) of the root of trust affects the security of the entire Attester group managed by the root of trust. The unified trusted root should support distributed and pooled design. Multiple roots of trust may work together to enhance overall security and reliability.</t>
      <t>In heterogeneous interconnection scenarios where all computing nodes and chips in a computing cluster are provided by different vendors, it might not be possible to deploy a unified root of trust. During the group remote attestation procedure, the master node needs to communicate with each group node to collect its individual evidence claims. The node evidence is signed by the private attestation key of each node. The master node collects the information, packs the information, and sends it to the remote Verifier for appraisal.
The dynamicity of the computing attested group is reflected through the following aspects:
* Creation and dissolving of groups is dynamically triggered by the life cycle management of computing tasks the groups execute. The member scale, type, and quantity of evidence claims to be collected are dynamically generated and dynamically change. Before performing remote attestation, customers are required to dynamically obtain all related information through a management system interface. Based on this management information, a template-based remote attestation request message is defined and sent to the master node.
* According to the dynamic requirements of computing task functions, performance, and to the trustworthy state changes of member nodes, the overall state of the group (including the state change of each existing node, the exit of the existing node from the group, the addition of a new node to the group, the replacement of the existing node by the new node, etc.) is dynamic. These dynamic changes lead to the need for real-time dynamic update of group remote attestation. Incremental update should also be supported to reduce communication and computing load in large groups.
During the attestation process for an Attester Group, the client can not only integrate the communication key negotiation with the master node, but also support the communication key negotiation with other nodes in the group. Therefore, the key negotiation material is required to be generated by the client and different nodes separately. In addition, each group node that need to communicate can calculate the session key for mutual communication, so as to implement the subsequent establishment of the security channel.</t>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>[TBD]</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document has no IANA actions</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="I-D.ietf-rats-ar4si">
          <front>
            <title>Attestation Results for Secure Interactions</title>
            <author fullname="Eric Voit" initials="E." surname="Voit">
              <organization>Cisco Systems</organization>
            </author>
            <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
              <organization>Fraunhofer SIT</organization>
            </author>
            <author fullname="Thomas Hardjono" initials="T." surname="Hardjono">
              <organization>MIT</organization>
            </author>
            <author fullname="Thomas Fossati" initials="T." surname="Fossati">
              <organization>Linaro</organization>
            </author>
            <author fullname="Vincent Scarlata" initials="V." surname="Scarlata">
              <organization>Intel</organization>
            </author>
            <date day="18" month="May" year="2026"/>
            <abstract>
              <t>   This document defines reusable Attestation Result information
   elements.  When these elements are offered to Relying Parties as
   Evidence, different aspects of Attester trustworthiness can be
   evaluated.  Additionally, where the Relying Party is interfacing with
   a heterogeneous mix of Attesting Environment and Verifier types,
   consistent policies can be applied to subsequent information exchange
   between each Attester and the Relying Party.

   This document also defines two serialisations of the proposed
   information model, utilising CBOR and JSON.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-rats-ar4si-10"/>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC9334">
          <front>
            <title>Remote ATtestation procedureS (RATS) Architecture</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="D. Thaler" initials="D." surname="Thaler"/>
            <author fullname="M. Richardson" initials="M." surname="Richardson"/>
            <author fullname="N. Smith" initials="N." surname="Smith"/>
            <author fullname="W. Pan" initials="W." surname="Pan"/>
            <date month="January" year="2023"/>
            <abstract>
              <t>In network protocol exchanges, it is often useful for one end of a communication to know whether the other end is in an intended operating state. This document provides an architectural overview of the entities involved that make such tests possible through the process of generating, conveying, and evaluating evidentiary Claims. It provides a model that is neutral toward processor architectures, the content of Claims, and protocols.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9334"/>
          <seriesInfo name="DOI" value="10.17487/RFC9334"/>
        </reference>
        <reference anchor="I-D.ietf-rats-daa">
          <front>
            <title>Direct Anonymous Attestation for the Remote Attestation Procedures Architecture</title>
            <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
              <organization>Fraunhofer SIT</organization>
            </author>
            <author fullname="Christopher Newton" initials="C." surname="Newton">
              <organization>University of Surrey</organization>
            </author>
            <author fullname="Liqun Chen" initials="L." surname="Chen">
              <organization>University of Surrey</organization>
            </author>
            <author fullname="Thanassis Giannetsos" initials="T." surname="Giannetsos">
              <organization>Ubitech</organization>
            </author>
            <author fullname="Dave Thaler" initials="D." surname="Thaler">
              <organization>Microsoft</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   This document maps the concept of Direct Anonymous Attestation (DAA)
   to the Remote Attestation Procedures (RATS) Architecture.  The
   protocol entity DAA Issuer is introduced and its mapping with
   existing RATS roles in DAA protocol steps is specified.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-rats-daa-09"/>
        </reference>
      </references>
    </references>
    <?line 187?>

<section anchor="implementation-considerations">
      <name>Implementation Considerations</name>
      <t>Details on creating and maintaining Attester Groups, choosing the number of Lead Attesters, and methods for evidence collection and signing are left to the implementer's discretion, allowing for tailored security measures.</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA8Vb23bcNrJ951fgKA+RZnXTlu2cJFqzZkaWlFizfBtLnsxl
zQOaRHfDIokOQUrujPMv8y3zZWdXFUCC3e3M5eW8OGoSBKoKu6p2FZD5fJ7d
n6mnWdbZrjJn6svzrjO+M636vnX9xqula9U7U7vOKHmlO+uaLzO9WLQGn+6M
z0pXNLrGTGWrl9280gvrynmrOz/XYeh8xUPnj7/KdGv0mboxRd/abps9rM7U
u/Pbm+zu4UxdNxjbmG5+STNlhe7OlO/KzHf4qMb7q9vvskz33dq1Z9lcybIv
XF9q9ZKXzZRyLaZ80esHY9WtKdaNq9zKGq++a3VTGHWTn+c3+fscQ02tbXWm
1jRBLnL/bs1f5oWrMYAWNhDi9JuZ+kOvrSp79dbZpqM/fu/6FmMKV5IVv31y
+vjxl/Qbap2p567Hso2ZP7dVhXUxtuPBfdO1eC/CDDqc17Yx0KF2fbG2/5kW
u3MOemmatApzBsXmG912jWk9axiX/33fqL+sdbP6r+z3oW9+oo9P/5+M98I0
d+q5be/WrvopaoAxfbN2S+D05voWTyN8915EFGCWfBFm+Z23Xb4cRualSRR6
tza2wQ/tvVFffzWq8b/Pnnz71ajGpW5reE85kf1709a62WZZ4/BHZ+/NGV5f
zy9za7plcJv2mbfiF/Pzd89urrPMNst0/LvvLr59+vTZMObixd4kpdbh9eX5
eZaZpiOhMOzm6uV3Z+oIU3Rr64+ybD6fwzqkUNFl2S0eKvh0X+MTtWndxnns
vm6U+diZxiMWqM6pbm0ORInsbesKU/YtfdECdp0pOvxSi63Czreu7AvbrOjr
rHDYxE2n3HI3pOSKhRjX07b2tGiLqQFB4GvTy4K6ynRT0pO6b2zBz5S7N+3a
6JJWNY1eVLRk4aoKwsCA6ureloawrDebVluPSSDE2q7WqunrBeSgn652K9MY
18Mc5t4WUOnBdmvlbW0r3apircliprW+s4WfkVKtIUVrWO0+qKl8oSm0VBTt
MK0ejUXGxaywbi6bUNuyrEyWfUGRkG3FNs3+/vf5sM8//wxplnBsP1gNpoax
aH/JTck4EImW152qjPYwcRN3iR5fNfe2dQ3vLxmP3t7qdmW69BX2Z145WNSU
2DoeJBjK1TW+q7yD/MbjGexjl/ASmu9Bb3mnSArghi0wrkyr7a/kZ5lHiCIt
LvgzoEZdBpPTJy/1FrOXo8L53iNAY0nbiw9UoWHz0tAmwtIrjEoXI/EzoKt2
gGWL+EgKQmJSUPZZtnnUqaK1RBLeYmVpFf4U2+PXdqMWpnswpqH3dZ69cA8G
EJypGvFTN9bXklXNcmkLiymrrUIQ0CuySd1Xnd1UZgYrl2Zj8A/WTPYWC9bW
04bm2TmhxUdodW3vuwfXwo+BB08KV2TdgGJ+kE4aYYxnFi7Q6wqCFPBs7COk
oG1mJ4Bn3pstR3tSOsCUVo2elUuYwC7zdDAfdIP5FaUXW/QQA1M/rMUk3gxL
+zXpQ+6HYbpS+Fk+0COYZ2nbmv9m8DSMDMxhAQ0SsiKPDkGgKSHddjA7FEmU
wgiOS3uuxnEpz94QlD/qGkZXD0g1iBMYrHwN2dUSLu3aLdwWkaO1jpRo2aKm
pVAAwHsnpmXvRgYClEpT4d/G4tMEOGSMYSQ2vKfJwXtgyGBTsiOZJ876WfPQ
PiT2aZZ21beCv/yzITsIttgGK3ZhLcgF1A+Lxr0hI8MSzNXY6WFsmAXiVmYn
RLM8WsQtf9HePGuIsxwObKuIwbGGiCZJXAZiIBfMjWH4KEVpnl3alvB13rhm
W9NGJFlHHSPFnagYJvEDUXKtPUsfgvWYbHpBMkCAjPFjb9T1JXsnPWHd04wE
BC56eAb2ceWwIZajW41QuyIT0sbCN3sONjIdtDhuzfxENnFpkX4+E3wF3dUk
RfACjJYPLkjdkilUl+4x8sUX//zHLaiEZXq2pbRtoEVVuQeODngloQPJCAEC
m7RsXa2mmWTk8rO9yDsbsuRsL9jO1B+R9ZYWxCjLXpsHqCw5qQwLkzknAp9l
2RRAeIDVVeug/sa0RG4M52t9YA9gJsolQ9quEfbYZwOsJEG1JSHH4e8lQ8gI
gejo2YD/NEyM8yc5k8aIBMHTPBYl5cdgCzRmPGRuy6BHYx5GD7kuJVGqbrsx
6tgbA7vfGE7m6kn+JD/NSb35yO9+/vkkz5BVObEEVEb8YEIQTbtqJE0ZDUWm
tpxR/Av7PkiPoeUW/JjCCPZHlx/IaITj2nByoLRFic4B3tCP9o9moBFLiq+0
bQT4oAxB7gswvh97OCKjV712gfQx+O4Mwgw2waujV+9vbo9m8l/1+g3//e7q
D++v311d0t83L85fvhz+yMKImxdv3r+8HP8av7x48+rV1etL+RhP1eRRdvTq
/M94QyHp6M3b2+s3r89fHu35DO8nrLIgDMB2IC/kFhoFrPFFaxcCo+cXb//5
j9Nn2LH/AUN+cnr6LWKJ/Pjm9Otn+EFZbRaIU0hyzP22GfBoEGusJKRCbyws
CC/XFNjdA7IrkARD/uqvZJm/nalfL4rN6bPfhAek8ORhtNnkIdts/8nex2LE
A48OLDNYc/J8x9JTec//PPkd7Z48/PVvKypq56ff/PY3GZHaAymEog6yrJea
Yo/9ZdkPhkwXczSFUoyriF2B2EkGlggv5DcSgtG1KYfdO1sOtKFL8xSS53mz
KxhAswgRzbLP6uhKkQFnSehApvrgOP4QQ7k3ow8So6MIQpVid1A/SnQdMtU9
8w8SqQjMWRZmIqqJZ89jgPUmqZh2E0qgCR8xjnJ8bZgss3tGDRrN9RhVInuK
cxiJ0RvppDIfbUhLVPGhTMYbCS/T6WGxO0sOsZx8BLpDfyBRSlKzRLk4rkiZ
tlT3RLGQzEPETVK6L0Clo4XIyG7TYad/EvuCx7m+JQu2EpFKKToaqpl+mf+x
ekKTA92X5lSeIY4Xww6Fd1YqX4nnoaghPbNI25XvF0PxlasrCs/Do234PtoZ
tQehaW+VB6FJDIRh4iT9CQxeggBn41S3a7NTJoz58N7qQCMAQfpuGPmlRxSq
NgKKKn2jqNptebPGAnlB6YFmQhFEfwYyi4RcmT09Bj7TL+ajZHHaA7Naqtv8
JpTlx/TdCThrXxFNv9i1krBZWLRxXcBZRUWp61GzYPsxV6hIFcCROvBeiyGw
eti9dDxdYygXsEEwZhjcACt64pKYygQ9Bmo/1qWSCjsOVAsDb4ItatQVwK24
AGXJWCAUScCidyLZsHakrKHu3IsecQAWzbJP+68/7er8CaMmWMCQ1273EQbd
HloNdp9QWoRIkmp3whSVYzzd/TKwPBCoQ4TnU6JOsPmAHSrqAZOAEnU82P5E
tEn36tOBrHMVm0pZBl+MrOwpJhrbVaA9b5Bh7q15OKEFd1kzuSvnJF1yFdQv
fJwnf6a4rw4qstPUOhLnL0uWjXPDhBXuUcLgJq9dMwew+1KMF8nlLJtK0Yy0
85Zo51E08JE6trkJgxyXVy1waQVztzzpqUizy0hhvffg3Rca/9yEeniIRhJC
qXRBdWyIGd+xSZl0BXvMyFTcDCspbrdmKLzZdxCvqtCz88EjiTjFepRCWtqF
+6XuG4QdRD09i51JCn/Ybu5kBIU1yni/0QV5Pr3OEGcw5mN3pq7eq/Obm/cg
XOrFk8dPHqu3rfsARahjwK0QpW1b0NEElG/K2PGLJRuHkJg7N+ut5wpeIlIR
M65pVkjjUqisnJLeZdNQaRuaqkfcuYRPdLRzInThijuQyRPpIn3kTi3lfpR+
qtQdIOiIZFIKXJvijmzJG+0dcvSaRpJwPtBfHmPKR2wdTawiJ54lITDJmSQx
8VhqlL19eSHsgoqHsiQisgW4a88BnKokwlHUnj9BFVFIi1a4WQiW0Ya5Osfk
6XpAuaOGiebGHG0g6DWHc7KDJlARdak17NWeRHsxwXKVGqQmY9P+QC31gyTW
UBKtIyeA+KYKVQy3OcaezW4rGoUrsqpDWj+Ls8Wi8ACDgo6njx8/HpREgJIO
0aT5s2gh3kkK2ScoIvsOWOdEKMhE3YA6G4VrFTqSg+mvqGECzgc6dxG0f99Q
4XZ8dfHenySQvnjz+vXVxS1BWyC9iZCmOK3HJcHeUB+2TFjq0Lx23EEiJ0RM
5m4+Ado28/sg1aTDL/5LAkjLUrphUtT/hVAQZa2SZqoXv+zbJmnhB3Vpu6L+
F9zxF9ZD6QS+R1ijYxjNLQqUV0RBTc0cmn2CpAi+EtsfXC+ErhdBm6mM3iqp
l+lXVK0ICwaXgQe7cuyJ/fHJn1BGe48aJEjEK7IHyQco2V1hubfMyoz5qwlt
iM6s6AR0aCSyWIqbVsGlieAGQ7HOwcT7XFlIJle1oShA7RkaSvmhjBw6faHr
QpZMt3i+0H4aCmZZZe/2ZgnxIQEE7z5pEb1s6OWEERLEyZuDvCFRTNzs4d9x
M00MUGqhrx+Tyw0riMcFH4s+y+cVvzxjzCykROqbT+Gb1wEQbNuqpw8TL6MS
8sAIaeeMJHkcYJITmKSoSJtf4+AGyPOPsDUbT+iRVhY1K2Fods9xaKf9nQ/A
R7DsKLKfq97TiRZrnWTcR5LAhVSHHN2OeeKeOnzbw1gNLVvIXBvte+kHPYq0
WA1nlZB2cLt/YQYisRdrwAkJ0pwxZqMVa73lIE+lzJpKzoEQcEuO+s/OUTM1
EuWUAtLHCzNphfWbkvwyB0nYGPbQHV+iemA4qlF2iXjcmKFXVsiuS+oWP4Kt
trD4hojlvfnllBF404EmJ5caobxfTUoB1JVplyJmMxTGtd74GLoYJ4KiaDoe
E6DA3XCUWmDYBQPlkG2KVizCxxgIYdU9madAPi9DSpDqO+kCDphIQZirNwlA
D9TjgCSs9ij2kccTghFbEU+PEpCNzQniuu2/hhUjiUkg2zVIcjCEQrm18FSZ
jArMiHmYcaGLu7mRs+bEMyWM6WJEewHbg3dhR4/lkLza0uC3dDJm/MlQJHcW
wXNh+Fw0NLY0H+9xD3bnbC9X33MZjU0iXlDrUJ6WA7FdxVprl5AlZ+NYKkmt
YnqIyZm05AMWamjGEVERcgHqb0Imu1qZz5z4cOZKld1CVZFlip29L4vo9wws
44cuQ1GRB86GIyLa2xhkioovBYQcJMqLB7Ag3KCQkIDMWsbe+PB5kGbAHxlq
uA0AD/5hHY4VD8dhG9s48mrHNSkAh4haxjqZk9I9RHEci0uzqdx253VRub4M
g2bhnIrLY4hYSsAx1E2s7E/4jcmtHM8Pp4QUCNl4BJ4YnZIzjGOTr/LZON6H
a1iKtJpNZh/GXF5fzUji568umHO75bJyqFDkYIn6qcMskfFTDhauDgBRo3Y2
jgm8EKrNlOmKPPB46ycn1VNFpNgXX44xf0EjuAkvJW04yD+Aj+mJjghGhYWw
U+ZjcO9o5cnKuboUxv4Z5A5dxVnoto1eOVk4ANhHqfRq1ZqV5B5CqJzu6ArR
t9zybY6oRoBHujPRGtfL8XR2x150twCeMLQSGbSzcfiGr2FRt1bbivbpOF7A
qLFIwS1Zuq7Ty+2bJlZ7YFVG35XuoTmJCk5X1nwLwAdGG7Y8jAwRe8dXRNbB
D3bMTzsedybN9vFQwPcbQiElKwSnRR8tunGuYhch0+bqVTQEM4XUUHxmdQcM
rqRiphO2Zs0NA7rrQBFg0IMmBnRsZNbc7pgyEk4GoaCXLvbQNRnaGzsRRfz6
UFSJWXw3nIzFqoQK7KyFLna17pi7LGiDvSQAqm051CSB5PMQly35z4A+MMa9
Ao6PKsfILGPYETjDJSexO14r+87fjKTSRzcJSNm09l7viEndVWrQ0sL0uUyU
Sjt4ohDbgajO1Ab5/cDjmEEoK+/ksM8lj+S4ZUKa477uVEecspeB9HTrVtrZ
k+N8zT1yf5b9Sl0QQ4teGTga32cIpJELxZTSjUk7GK6yS0izpXpNnK8O5Gi3
jhgQ4SOHDPbkA2Rp/c34kFvM9GOvpQGZ9MhjxAudp4HcEaZTKeMhgbjvhJLS
1VKs/NwsiUuGywIk5T5OZwn5ki7SeDiUzukWXE2QN8bEkRYtcRN0aqAQAdnD
l7ogibhMdqHlmQydAkjhsw0tEurqA+4VeU/oKfAWhvO+gL8BewmYc8DhfJeb
x3O+XY4+3dwxVc+iRaWPwjWU27ldtuXmmglbwdMFDHAEk5gwhEseOkl/x7ZB
LBtIWDrZ4K4g234IirNwfcMOVHDyeqwqwzkrd/ZCZ10qILqQEYPOzsAW8RD7
F1G/P3vwkzhF5CmjX7Eb+NHW0S7xhtqkGwx/readrcfhUoCOZd4+IOiooJDN
Q3QM40PK407GwsTUZ4Y7cXIxNrkGqyfFipC2Jq0/fZ4lwf/AzVSJbLvNkllC
zplkUtLhuxDSKYgXo6bSUGxuzMp1Vo9n2zuIlstWrGHM7P/mRMICJaGmBRFv
VcuhYzYcwKVfw00RxuVmVxou6CLcEJMiCxOVJfLGHCxrxkt11XbnmGcvCRLZ
jI3CNGVym0BXdHcy2I+vegaFaSPqvqNkObHGbGz9D6fr8jEdSiGq4Cft6qKy
fp1CPqH+1E+nmif7Yvj/MqhXy0WDHM5k2V9vn1/+jW8mn78+33s7vYBIN+8a
JyOlMPZyv5lKaJ5jeg9gd7ZLQ1cNuNnF/Yh4czieV0wqLmnTI/CvnRsucI23
uCfHk6FHRGcirgxXcoc8FWrMyHfBNXjdlk7Jl0P4HYzMJ+nIv5AwxPmYrLlD
wXcl+LpGrHukiQGX+z9fLtq3gjMAAA==

-->

</rfc>
