<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-intra-handshake-fail-00" category="info" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="TODO - Abbreviation">Intra-handshake.fail (CVE-2026-33697 of CVSS 7.5)</title>
    <seriesInfo name="Internet-Draft" value="draft-intra-handshake-fail-00"/>
    <author fullname="Muhammad Usama Sardar">
      <organization>TU Dresden, Germany</organization>
      <address>
        <email>muhammad_usama.sardar@tu-dresden.de</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <workgroup>agent2agent</workgroup>
    <keyword>AI agents</keyword>
    <keyword>Intra-handshake attestation</keyword>
    <keyword>CVE-2026-33697</keyword>
    <abstract>
      <?line 60?>

<t>The draft aims to provide technical details of CVE-2026-33697, which is substantial technical evidence of how intra-handshake attestation fails in practice.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        The latest revision of this draft can be found at <eref target="https://muhammad-usama-sardar.github.io/intra-handshake-fail/draft-intra-handshake-fail.html"/>.
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-intra-handshake-fail/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/muhammad-usama-sardar/intra-handshake-fail"/>.</t>
    </note>
  </front>
  <middle>
    <?line 65?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>We <em>responsibly</em> disclosed the vulnerability in intra-handshake attestation -- as noted in <eref target="https://github.com/ultravioletrs/cocos/security/advisories/GHSA-vfgg-mvxx-mgg7">security advisory</eref> issued -- to the vendors, which resulted in CVE (<xref target="CVE-2026-33697"/>) of CVSS 7.5.</t>
      <section anchor="detailed-vulnerability-disclosure-timeline">
        <name>Detailed vulnerability disclosure timeline</name>
        <ul spacing="normal">
          <li>
            <t>our initial responsible disclosure to vendor: 07 Oct, 2025</t>
          </li>
          <li>
            <t>acknowledgement by vendor: 14 Dec, 2025</t>
          </li>
          <li>
            <t>information to <eref target="https://mailarchive.ietf.org/arch/msg/rats/6gbqx0XY8WYrH3Mx4vO8n2-uKgY/">IETF</eref>: 11 Jan, 2026</t>
          </li>
          <li>
            <t><eref target="https://web.archive.org/web/20260227160554/https://www.ultraviolet.rs/blog/tee-tls-privacy/">public announcement</eref> by vendor: 27 Feb, 2026</t>
          </li>
          <li>
            <t><eref target="https://github.com/ultravioletrs/cocos/security/advisories/GHSA-vfgg-mvxx-mgg7">security advisory issued</eref>: 23 March, 2026 {<strong>Severity = HIGH (CVSS 7.8)</strong>}</t>
          </li>
          <li>
            <t>CVE (<eref target="https://www.cve.org/CVERecord?id=CVE-2026-33697">CVE-2026-33697</eref>) published: 26 March, 2026 {<strong>Severity = HIGH (CVSS 7.5)</strong>}</t>
          </li>
        </ul>
        <section anchor="comparison-with-other-vulnerabilities-in-confidential-computing-literature">
          <name>Comparison with other vulnerabilities in confidential computing literature</name>
          <ul spacing="normal">
            <li>
              <t><eref target="https://wiretap.fail/files/wiretap.pdf">wiretap.fail</eref>: <strong>No</strong> CVE (<eref target="https://www.intel.com/content/www/us/en/security-center/announcement/intel-security-announcement-2025-10-28-001.html">Intel</eref> and <eref target="https://www.intel.com/content/www/us/en/security-center/announcement/intel-security-announcement-2025-10-28-001.html">AMD</eref> announcements)</t>
            </li>
            <li>
              <t><eref target="https://tee.fail/files/paper.pdf">TEE.fail</eref>: <strong>No</strong> CVE</t>
            </li>
            <li>
              <t><eref target="https://dl.acm.org/doi/10.1145/3658644.3690230">TDXdown</eref>: CVSS <strong>2.5</strong> by <eref target="https://www.intel.com/content/www/us/en/security-center/announcement/intel-security-announcement-2024-10-08-001.html">Intel</eref></t>
            </li>
            <li>
              <t><eref target="https://xca-attacks.github.io/staleus/staleus_usenix26.pdf">Staleus</eref>: <eref target="https://nvd.nist.gov/vuln/detail/CVE-2025-54509">CVE-2025-54509</eref>: CVSS <strong>4.0</strong></t>
            </li>
            <li>
              <t><eref target="https://xca-attacks.github.io/breakfast/breakfast_oakland26.pdf">BreakFAST</eref>: <eref target="https://nvd.nist.gov/vuln/detail/CVE-2025-6197">CVE-2025-61972</eref>: CVSS <strong>4.2</strong> and <eref target="https://nvd.nist.gov/vuln/detail/CVE-2025-61971">CVE-2025-61971</eref>: CVSS <strong>5.9</strong></t>
            </li>
            <li>
              <t><eref target="https://badram.eu/badram.pdf">BadRAM</eref>: CVSS <strong>5.3</strong> by <eref target="https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3015.html">AMD</eref></t>
            </li>
            <li>
              <t><eref target="https://xca-attacks.github.io/fabricked/fabricked_usenix26.pdf">Fabricked</eref>: <eref target="https://nvd.nist.gov/vuln/detail/cve-2025-54510">CVE-2025-54510</eref>: CVSS <strong>5.9</strong></t>
            </li>
          </ul>
          <t>The comparison of the above with CVSS <strong>7.5</strong> for <xref target="Intra-handshake.fail"/> indicates that attested TLS is not mature yet compared to the rest of the confidential computing stack, and is currently one of the weakest links in the ecosystem.</t>
          <t>Further formal analysis of <strong>production</strong> implementation of intra-handshake attestation has led to discovery of another class of attacks and will potentially lead to three CVEs (currently under <em>responsible</em> disclosure) each with an expected <strong>CVSS 9.1</strong>.</t>
        </section>
      </section>
      <section anchor="overview">
        <name>Overview</name>
        <t>This draft presents the formal specification and analysis of the candidate binding mechanisms for binding in intra-handshake attestation for standardization for attested TLS protocols:</t>
        <ol spacing="normal" type="1"><li>
            <t>Client’s TLS nonce: used in <eref target="https://ai.meta.com/static-resource/private-processing-technical-whitepaper">Meta's AI</eref></t>
          </li>
          <li>
            <t>Client’s attestation nonce</t>
          </li>
          <li>
            <t>Early exporter</t>
          </li>
          <li>
            <t>Server’s public key</t>
          </li>
          <li>
            <t>Combination of #2 and #3</t>
          </li>
          <li>
            <t>Combination of #2 and #4: used in: <eref target="https://github.com/CCC-Attestation/meetings/blob/main/materials/MarkusRudy.contrast-atls-ccc-attestation.pdf">Edgeless Systems Contrast</eref>, <eref target="https://www.ultraviolet.rs/products/cocos-ai/">Cocos AI</eref>, and CCC Attestation SIG's adopted project <eref target="https://github.com/ccc-attestation/attested-tls-poc">attested TLS proof of concept</eref></t>
          </li>
          <li>
            <t>Combination of #2, #3, and #4: proposed in <eref target="https://www.ietf.org/archive/id/draft-fossati-tls-attestation-06.html">draft-fossati-tls-attestation-06</eref></t>
          </li>
        </ol>
        <artwork><![CDATA[
We provide a formal proof of insecurity of all the above candidate
binding mechanisms of intra-handshake attestation using the
state-of-the-art tool ProVerif and propose a mitigation for the
discovered security vulnerabilities. Our study reveals that it may
not be possible to achieve strong application-traffic (level 3)
binding using intra-handshake attestation alone.
]]></artwork>
      </section>
      <section anchor="affected-implementations">
        <name>Affected Implementations</name>
        <ul spacing="normal">
          <li>
            <t><eref target="https://ai.meta.com/static-resource/private-processing-technical-whitepaper">Meta's AI</eref></t>
          </li>
          <li>
            <t><eref target="https://github.com/ultravioletrs/cocos">Cocos AI</eref></t>
          </li>
          <li>
            <t><eref target="https://github.com/edgelesssys/contrast">Edgeless Systems Contrast</eref></t>
          </li>
          <li>
            <t>CCC Attestation SIG's adopted project <eref target="https://github.com/ccc-attestation/attested-tls-poc">attested TLS proof of concept</eref></t>
          </li>
        </ul>
      </section>
      <section anchor="binding-levels">
        <name>Binding Levels</name>
        <ol spacing="normal" type="1"><li>
            <t>DH shared secret</t>
          </li>
          <li>
            <t>Handshake traffic key</t>
          </li>
          <li>
            <t>Application traffic key</t>
          </li>
        </ol>
      </section>
      <section anchor="correlation-goals">
        <name>Correlation Goals</name>
        <t>We consider TLS Server as RATS Attester, which is typical in confidential computing.</t>
        <ol spacing="normal" type="1"><li>
            <t>Correlation of Evidence to a DH Shared Secret (G1)</t>
          </li>
          <li>
            <t>Correlation of Evidence to Client’s Handshake Traffic Key (G2)</t>
          </li>
          <li>
            <t>Correlation of Evidence to Client’s Application Traffic Key (G3)</t>
          </li>
        </ol>
      </section>
      <section anchor="main-results">
        <name>Main results</name>
        <ul spacing="normal">
          <li>
            <t>All analyzed binding mechanisms and the corresponding implementations of intra-handshake attestation are vulnerable to relay attacks.</t>
          </li>
          <li>
            <t>Early exporter helps achieve level 1 binding.</t>
          </li>
          <li>
            <t>Our proposed mechanism helps achieve level 2 binding.</t>
          </li>
          <li>
            <t>It may not be possible to achieve level 3 in intra-handshake attestation alone without additional assumptions.</t>
          </li>
        </ul>
        <table>
          <thead>
            <tr>
              <th align="left">Property</th>
              <th align="left">Mechanism #1,2,4,6</th>
              <th align="left">Mechanism #3,5,7</th>
              <th align="left">Proposed mechanism</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">G1 : Correlation of Evidence to gxy</td>
              <td align="left">❌</td>
              <td align="left">✅</td>
              <td align="left">✅</td>
            </tr>
            <tr>
              <td align="left">G2 : Correlation of Evidence to kch</td>
              <td align="left">❌</td>
              <td align="left">❌</td>
              <td align="left">✅</td>
            </tr>
            <tr>
              <td align="left">G3 : Correlation of Evidence to kc</td>
              <td align="left">❌</td>
              <td align="left">❌</td>
              <td align="left">❌</td>
            </tr>
          </tbody>
        </table>
        <section anchor="implications-of-research-for-ietf-seat-wg">
          <name>Implications of Research for IETF SEAT WG</name>
          <ul spacing="normal">
            <li>
              <t>We believe post-handshake attestation alone, such as <eref target="https://datatracker.ietf.org/doc/draft-fossati-seat-expat/">draft-fossati-seat-expat</eref>, can achieve level 3 binding.</t>
            </li>
            <li>
              <t>The research suggests that recent hybrid proposals (combination of intra-handshake attestation and post-handshake attestation) <eref target="https://datatracker.ietf.org/doc/draft-fossati-seat-early-attestation/04/">draft-fossati-seat-early-attestation</eref> and <eref target="https://datatracker.ietf.org/doc/draft-ritz-seat-facts/00/">draft-ritz-seat-facts</eref> may add unnecessary complexity of intra-handshake attestation without adding any security benefit compared to post-handshake attestation alone, such as <eref target="https://datatracker.ietf.org/doc/draft-fossati-seat-expat/">draft-fossati-seat-expat</eref>.</t>
            </li>
          </ul>
        </section>
        <section anchor="implications-of-research-for-ietf-tls-wg">
          <name>Implications of Research for IETF TLS WG</name>
          <ul spacing="normal">
            <li>
              <t>Remote attestation <em>within</em> the handshake is very dangerous, since to our knowledge, it is one of the highest scored vulnerabilities in confidential computing literature (see <eref target="https://github.com/CCC-Attestation/formal-spec-KBS#comparison-with-other-vulnerabilities-in-confidential-computing-literature">this</eref>).</t>
            </li>
          </ul>
          <artwork><![CDATA[
Given the high-severity vulnerabilities, the developers and maintainers
of intra-handshake attestation MUST urgently move to post-handshake
attestation.
]]></artwork>
        </section>
        <section anchor="implications-of-research-for-agent2agent">
          <name>Implications of Research for Agent2Agent</name>
          <t>Intra-handshake attestation does more damage than protection for AI agents.</t>
        </section>
      </section>
    </section>
    <section anchor="conventions-and-definitions">
      <name>Conventions and Definitions</name>
      <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
      <?line -18?>

</section>
    <section anchor="technical-details">
      <name>Technical Details</name>
      <section anchor="tool">
        <name>Tool</name>
        <t>We use state-of-the-art symbolic security analysis tool <eref target="https://ieeexplore.ieee.org/document/9833653">ProVerif</eref> for the specification of the protocols.</t>
      </section>
      <section anchor="modeling">
        <name>Modeling</name>
        <t>The formal model uses the <eref target="https://github.com/CCC-Attestation/formal-spec-id-crisis/tree/main/TLS-a/fix">fixed version of diversion attacks in intra-handshake attestation</eref> from our previous work as the starting point to focus on relay attacks in intra-handshake attestation in this work.
The rationale is that we consider it more useful to show the added value of this contribution to the community by using the <eref target="https://github.com/CCC-Attestation/formal-spec-id-crisis/tree/main/TLS-a/fix">fixed version of diversion attacks in intra-handshake attestation</eref> as the baseline, rather than showing the same diversion attacks from <eref target="https://dl.acm.org/doi/10.1145/3779208.3785387">ID-Crisis paper</eref>, and the discovered CVE (<xref target="CVE-2026-33697"/>) -- which the previous analysis could not find -- practically demonstrates the added value.
This modeling choice makes it clear that even with the diversion attacks fixed, high-severity relay attacks would still remain in intra-handshake attestation.</t>
      </section>
      <section anchor="technical-report">
        <name>Technical Report</name>
        <t>Technical report is available at <xref target="Intra-handshake.fail"/>.</t>
      </section>
      <section anchor="artifacts">
        <name>Artifacts</name>
        <t>Artifacts are available at <xref target="Intra-handshake.fail-repo"/> under Apache-2.0 License.</t>
      </section>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>All of this document is about the insecurity of intra-handshake attestation.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document has no IANA actions.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="Intra-handshake.fail" target="https://www.researchgate.net/publication/408219182_Intra-handshakefail_CVE-2026-33697_High-severity_CVE_in_Attested_TLS">
          <front>
            <title>Intra-handshake.fail (CVE-2026-33697): High-severity CVE in Attested TLS</title>
            <author initials="M. U." surname="Sardar">
              <organization/>
            </author>
            <author initials="V." surname="Dubeyko">
              <organization/>
            </author>
            <author initials="J.-M." surname="Jacquet">
              <organization/>
            </author>
            <date year="2026" month="September"/>
          </front>
        </reference>
        <reference anchor="Intra-handshake.fail-repo" target="https://github.com/CCC-Attestation/formal-spec-KBS">
          <front>
            <title>Intra-handshake.fail (CVE-2026-33697): High-severity CVE in Attested TLS</title>
            <author initials="M. U." surname="Sardar">
              <organization/>
            </author>
            <author initials="V." surname="Dubeyko">
              <organization/>
            </author>
            <author initials="J.-M." surname="Jacquet">
              <organization/>
            </author>
            <date year="2026" month="June"/>
          </front>
        </reference>
        <reference anchor="CVE-2026-33697" target="https://www.cve.org/CVERecord?id=CVE-2026-33697">
          <front>
            <title>CoCoS attested TLS is vulnerable to relay attacks via extracted ephemeral TLS keys</title>
            <author>
              <organization>CVE</organization>
            </author>
            <date year="2026" month="March"/>
          </front>
        </reference>
      </references>
    </references>
    <?line 213?>

<section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>We would like to thank our co-authors of paper for their valuable contributions:</t>
      <ul spacing="normal">
        <li>
          <t>Viacheslav Dubeyko</t>
        </li>
        <li>
          <t>Jean-Marie Jacquet</t>
        </li>
      </ul>
      <t>We gratefully acknowledge the following for insightful discussions on this work:</t>
      <ul spacing="normal">
        <li>
          <t>Eric Rescorla</t>
        </li>
        <li>
          <t>Juho Forsén</t>
        </li>
        <li>
          <t>Markus Rudy</t>
        </li>
        <li>
          <t>Mariam Moustafa</t>
        </li>
        <li>
          <t>Bruno Blanchet</t>
        </li>
        <li>
          <t>Steve Kremer</t>
        </li>
        <li>
          <t>Tjaden Hess</t>
        </li>
        <li>
          <t>Martin Thomson</t>
        </li>
        <li>
          <t>Yuning Jiang</t>
        </li>
        <li>
          <t>Pavel Nikonorov</t>
        </li>
        <li>
          <t>Casey Wilson</t>
        </li>
        <li>
          <t>Danko Miladinovic</t>
        </li>
        <li>
          <t>Songbo Bu</t>
        </li>
        <li>
          <t>Nathanael Ritz</t>
        </li>
      </ul>
      <t>We also gratefully acknowledge the following who gave feedback on <eref target="https://github.com/CCC-Attestation/formal-spec-id-crisis">previous state-of-the-art</eref> that we utilize as the basis:</t>
      <ul spacing="normal">
        <li>
          <t>Tuomas Aura</t>
        </li>
        <li>
          <t>Ionut Mihalcea</t>
        </li>
        <li>
          <t>Thomas Fossati</t>
        </li>
        <li>
          <t>Hannes Tschofenig</t>
        </li>
        <li>
          <t>Yaron Sheffer</t>
        </li>
        <li>
          <t>Laurence Lundblade</t>
        </li>
        <li>
          <t>Giridhar Mandyam</t>
        </li>
        <li>
          <t>Christopher Patton</t>
        </li>
        <li>
          <t>Jonathan Hoyland</t>
        </li>
        <li>
          <t>Richard Barnes</t>
        </li>
      </ul>
      <t>Several others at the IETF, IRTF, and CCC have contributed by providing feedback.</t>
      <t>We sincerely thank Karthikeyan Bhargavan, Bruno Blanchet, and Nadim Kobeissi for the foundational formal model of draft 20 of TLS 1.3 in their <eref target="https://ieeexplore.ieee.org/document/7958594">work</eref>.</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA81a3XLbOJa+51NgnYuNVCKpH/+qpqdHsR3bSRz3Wk73pFxT
KYiEJIxJQkOQstXpdM3N3u0LbNVu1d7ua+y+ST/JfgcgKVLxX09t76wrsUkQ
ODjnw/kF4Lquk8ksEkO2dZZkKXfnPAn1nN8Ib8plxF4efn/s9rv9XXcw2D3Y
Y2rKDr8fj9met9Pacvhkkoolxl5dHF0wl43Mu+SZVMmWE/BMzFS6GjKZTJXj
hCpIeIypwpRPM1c253NpPrfbdXQ+iaXWIJGtFuh9dnz1mrEXjEdaYSqZhGIh
8CvJtjpsS4QyU6nkEb2cjV7hj0rxdHn1estJ8ngi0qETgpOhE6hEi0Tnesiy
NBcOGB84oJsKPmSjy+ORc6vSm1mq8sWQ8Rkm6Jvfzo1Y4Us4dEjEM/tJ08sG
ZIxnmdCZEZ8+N7FzliLJwcYLxoo5fjihFyvlD5haJjN2Qp+oOQYc1OUP4o7H
i0h4gYqpnafBfMjmWbbQQ9+vffRBDqRlNs8nwCnO5zyOeejmmsfc1TwNeerf
B/oWhkWcOMewkvC9wz1L3ZPqXkL+wwvrzbMYEzk8z+YqJSQxKWPTPIqsTmyd
FxOyDzQhG5sJt0wvlc54In80uA7Z1Qd2lAoNBeiwE5HGPFmZXsIiVgn+yXDu
Wc7/kOVuaEd5oQAjicLITC6xIA6pZ/XGNlfVGMLQTPFrTKU1ZKdyNne1WIpU
ZivSBhgCGxkdESG7eje24hntZGOxyASpKyMaHTsfT2ciW6/27e2tByEE6cAM
o7xEZP4in0QyMOD42939fu+gt9//tMEicfipyeCnBnv08ZNMPpXsfQJ7hodq
xcyPCxFgP+ce++AVa9T88r3HjvKJWN2oZvsbF2Pe8OAvucgewNhNxUL99kC/
yRPxCMaFipNBHR4euqO1SftGSyJXL0Tgvn31W8LTlLCg3pzKmMWQetqGArJD
dajGhSOysjOp2TKPEpHySSRYplgqIr6iPjy4wTfJmbgDzgENEIu5iNE1MkPh
+XRB/h5VDJbCAxM+eLgUATzktzL8ZsPpsTXw56S2BnnH8TzPcVzXZXyizdSO
czUXNjIwLmNNfC5StZQhWBbBPIGKRywUGTRA2zBUn6fDbucS1CEr4gcWLMkQ
E2ojBVFKAkFD5+qWyYddN5uaOaBCC+JMBgK8GmZjGYaRcOCGSTFVmAfG1Ts/
CNaGXS4QYOQkWrVZKHUQKQ08M0hVoi8jUk/QfWxywkSzRNFioOu1FkFu1JqH
S6kRTv/08h5VzSNQXEoViSzVfqACpf1ypF+MlEL7J6fjkbuczmZuvLy7c+PZ
bK8F0HSO2TAzQDcMI76qVJegQjTQt/yQcb38/LmJ/pcvrXpmALhevGBHZq0w
qil+AU2eYl1lLCKZAFCXqTwFeWlWbQ2laHRXBWND1t1jF0HWIWXawWDocaJu
MdcMuptkbLKqeva2wUhQ9axcPZAGvWtKLtaAUgQhJUUg8KTIpka7qcGP9cxP
eab93dnkL3fdP37c/+Fjejo4v9teXuwnfTd/O/vowxP1erDipGO13GXX1jkz
niQqh/YRd+vpbsXEK6ejmfDu08Buv7/X2+3u7Gz7dXOrrbGHRZ5EauZnQrhZ
pN1FKpc8WPmtuuz9PfZaTNbMfKVKxcr/r2sUph5Yc7eTs8/t9rh0z9+w07OT
U/LiRlv2W+32F8e1inXd1KsaVM9zN60WM4jruQjBxO5zmdgxTEBrX8CBxgue
QrqE3QINpmAQaUOHITVZAtLJKfkUo7JAbJFnlMChAzpmUFiC/FamMIOFCVw1
aWqt/hRGoqumRTgFfO32e9VuF5jA14ioCYWkJrNM4CIDD9Tq59oXSbVIboB2
kfp13fPNQLfqUv9GMO64va7b30ca3jMZWwuaG7Lr0fnR32/+dQ/dIkivjo83
4IQR1KFc8IVIvwLSDD36Y6huk/XIMPJ4EButCpX0e12v19ve8Qe7O/u729se
VKrbH3RbQ+va2u2+twNqMLH/y0XZJlC6NVBIlHHGI5HrNQd3AXeLkF5L07Xt
Vv5FTiwSedffLeAp7W3H3dne6R6sqSXL0EukzryZWvqk/L4NvX5zwBqZba/b
bhNjr1BO3bweja+eYm1CHadcZ+unT4rfRNC4e/jb7R3s9X8NfzSgzl4fC2eU
udGj92tJ9tY0d7yDQmQeXo7O15QmHHlM7Im8fLLCVMMGhQ59ZVY8Do3+QGEQ
AxESA1Jnm2hU+uFPUDQJ+Bof3V09cQfd3s5aMV7zSSqDm7pXvx//adlx/fSo
evS6z8AKPro2YBMrk+MFaweLnIHSDT5RS2G9bdF9z9gZQjX7/Pm+GuDLF3jg
kKoe+OJszrOvMl4kUCihyQ2zlciKSSkfsxkO4M3K6R9w5JoA6xidAT1gn6JL
tGIqEeXIW+gtEUISc2NiAjUiNOkVWImRBr3OUxM+bOUAWjxaaWny13Z7UWWQ
kFVSGU8Wb3MTdHgsSZwjRYysNJQgAT4Ec4zhiQ1XQcS1maVM8kmKWxlFbKEy
KykkiQQvAEmFIB+p2cu1nHkSglItrxXtWjbWYoIjNTSLxhMUECiKCP522yzh
gddrt20eeAHmllLc0upDdJviL6iMhUc3iBXoUF0lp0Upaziu42VWCo2Sigk2
oeXHIsVI8Dk0EQUDaUvZ/ESOTV2pRkB5Fhb7CqatoURYngxZT6SHjtPz2GEk
wfAvf/1Xbb4mCh56yHJdpOnn0P9/1Gx0tjYSLr0YrcaizcyBW1q1b/K1TCBv
U7BxDZ7dqlZxkXVnwkSxltNvzFwXwnDgDDx2zFMsF1ZApQgtzjYqTyAuUjOi
SEBRyDk7HiU3gKhSsRd9A/OLgbP74LftSkj4g2Nk2Aixmo2NhmsMIph1dm8K
uVk/x4Lc1sykrhNKttEEEGj3TvvI1G5yfZmHKy8oiMJpIbUNgsCtyW1cUweu
iTLSBt735MiFiRX5q8ul37IWDdZYjTU2PjvB6vFQLWj5MezPUGd2vakQwAX/
AkJ+cb/MG9z6JQWbpaug5ezdA3UHa9Cp8MZEC1Uqlt1Tmyqt0d9QqZF3u7sb
OUi9akFd4cvQf4pCETucn3/+mSrZsurmpV1WcsukqiDItcCbrL13ZZrOPab5
hDfLSf+JlkMtwlVTFy8uTzN4JxWx71L1PbRkagAqwAF7MVLx2dp4aXzpDIFd
xepG6u6xi5ysH4qGKLAU0D0bQSQFjJVDgWMCFACXLPZL4OgkemJQqsAoXyzK
DTcXQk3hstjLCB0iNmhV4luhHhObRwglnoGd/ORoOrUu9KwRCjQF9d/Ku7j3
2dHjRaAZ9Ov8gCh6Iyz6pW0Tmb+jERLgr4qVekdLp8nHH50yLFOhPajHyPue
VmtXrjX5Urjd0VoNGp8cU0SmtMlmvp0oqBgZFp0/SIqpJId10bTVczm6Gpeb
lWltHytbLczO1YOlpmfjUm0qwHJc7nOR3pJAYyvQ2AjEXp70bEx5eFQt3Kxl
vyoEfCtWoNFvEQDPo1GHqUllYJfhHHGg2GLStBM0iopE6UewfY8zISdg07bU
5iY24jeN5imXA0we2xT1wEczrLK5iBa6cgXW3Hslf9Sf3ErluSt+7x3Xr487
M36HPeJ3Ct/yVFZj/InJyFSOhDgMJTVT2ql1Hi8MLtCZn8ifwvrhGh/9+Ymd
V0K86HX6ne3ObrNx0Nnp7DFLb0PqnzDN0HUfn6ExWdG7fKj+gtBJjw0f07bZ
3Qr9f/n3fylI/fJv/9x8IBr9x2ncwOgaNOxTk8bgKRrsARrFg91hIv9eWITR
08viRMdEMXPaOT4eXdHpoMvgNiYiMloAiLPHVr7DdA4i8CgbOQOoZy70mNec
JSI1p333G5Guc4ZQBf5DQylxQoz/Sidrinxl6yori85nM/BXxNZU0L4Hm69Q
aJYhnALvy6CZCT2q3hT8H8Sgdb/UZMP1UPA3IrBJxu9u+8XemO2OTONH23fK
kW8+e5qNcX63C7rkDmC+qMASQfGbo7gjrx+JuyL3egynugOgbCVZrXOhiUjE
VDbL4b+3XtHhyvPMguKmsYpLEaOMbbDaJrFl0jahYS0NnX1RbRzyZCZSlWtI
IwtzpSOH6tygQ/kfVZrr6n4uZ3Oq7pFSphvHGM/dAmYvNSrra3Cmn1UhbZww
vljvlbgkn2uqe3eDE1cmbp0Tt+LEXXPSIpwp1TxBVZBU8q1PTTeIdkyXkKyc
goUNu1SyZfiPd+cJLTz/ML5ieTqzewkxlQhf6ZpTL+vKPPgJRRiZexnmt/PI
9QsWKixRjIXD0sd8JsgPJaamF0FVMlSXOYwOUhK7JAhpXhL3CLaSSJuEm60r
pHeMboJotkXy0ZUTI+f7C/N8efxPH84uj4/oeXw6eveuenCKHuPTiw/vjtZP
65GHF+fnx++P7GC0skaTs3U++rhlK8Sti++uzi7ej95t2R0n2lNRQW4Ovrg9
JkMeQXvK6QIpHzSXaycUOkjlxNaUrw6/+6//6G2zz5//4fL1Yb/XO/jypXjZ
7+1t4+V2TrcraDaVYPnsKxRi5aD4wWIQFar/Ar6QGRx5h9yDnqvbBPlOSuel
7WtC5k9D9rtJsOht/75oIIEbjSVmjUaD2dctXw22IN7TdM80FZqN9g2km/yO
PjbeS9xrjb/7ls4vmdvb//b3RoWuqgNne/ypTYp7hSqWKoBcUxG5UeLqVTxR
tEezPp4rt71M9Xtdlr9rDyKFgPOMoN0ePZZO1uiAf7A/GOzuDFplUbyxr1Y4
t2p3y27SnauQjmJnVs+Lwj+mRmLabtNdT+Ud+UFYf0EolOVLuc/4eIr6q32g
DF2oLaDws1QIu2WEKOByH7xAwlTFxo0v6NoZvDtZ5w3popE7A7zkjxcKPJFd
TIERufiNGxBP5NWllRFtz+CTcptZm/hiEpzbWnlHGwnkeADcNI9oXrIMu1cS
hoQgj/IiytDOMlXEcpKXZ9K2tonjPDERe7XeHvl/uAIF1BOuzUl+h6ChDWjj
bUnsknXNY3EPt2YFr8+O3EMzCTP7Ek+fz+3tHfS7+95gb39nsL9X7OmZgLXe
AHrwpgLqCltkWzsoNKcyukDlUWjKMXh/cyuiuAZi9sxDpB4JXVnJCquoLaln
d7jjwpZYMFcSqUZMhwSkFUFErtPoi6AgbDbPLddf4UIL3dkI0U2tvTV86ox2
9VO6/JY8sfbW0tce6lJQaeusG1LTQDrNl3QTgspQ8PrQEYylN4KNmdzVqZ5M
GHoGCXPhC9HGnjSMFqgthNv3uuwdYEu0sFF5XLrFw8LAim0xhzYKSiOqIiAx
P6H0l3Btblg+Dg1d6hm9H301y1WD/NzczbE9eVCW1OZy0ASrQlRG1WUUc2bt
fB7aa6gi/GZrilgptr6YG0N2/SJ5I6zV8+TG+LJAufaml0l+jEGUrlymRtEM
qnW3QUcULvteEoA64svqjpnL3gieuOfIIUV1vYwmn5EC0+3LVf3yTHEaE0XW
bmlWQAgdzMiRkW3l5mKu8aGVTzSTH6eIYMjUkCtHnObN54q9hhD//Z8JXu3u
PqPtffsmeYygkwP/KXV/leaA9VXEE4iQoWGcUZX5NqXLaFRb/pkju2WnqIbs
eDh2FJwqRmqMho9wlmD4jUSaj9fvOBWn7+WNSlSqlrTVCAe1Yj8gIJv+RwBb
sXMoKGoktZQBzaiS2QQ85Hh+z2k9OIhcokAziNH14+fBdgvJZ+CATYUISSsI
revK0WwmAH+7S25VsQdaEMkfRc0dS6sTV7mK0TjKU0L5TCWwjHM551EguCnZ
zefXtixDwylHzanZlYbvmopEEpofeUqbs3MxnZq1eMdRT1AN9Q6GOwGEdNPl
RKKyn8O9ncO+VjwmzOfgMlMLigffwdgM8m8QN01wOFUrOuqnag6+mKche8VT
zO045pIO3JEpdujMy8hEFWCH0b3u9QnOnFCuDIG2C1fF8YVR3wJ+z6yfKfvg
QVeFqb0F9HMY3wq8vML8WDG6uNVURDvVe2hJzN6qiaB76VVeNVWQv8gEmikT
BWZzzNnv0jPVrT1vUBwQw4ivyWyemc7tHezs7xxso3z7HzZL0gOtLwAA

-->

</rfc>
