<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-lake-edhoc-grease-02" category="info" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title>Applying Generate Random Extensions And Sustain Extensibility (GREASE) to EDHOC Extensibility</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-lake-edhoc-grease-02"/>
    <author initials="C." surname="Amsüss" fullname="Christian Amsüss">
      <organization/>
      <address>
        <postal>
          <country>Austria</country>
        </postal>
        <email>christian@amsuess.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <workgroup>LAKE</workgroup>
    <abstract>
      <?line 20?>

<t>This document applies the extensibility mechanism GREASE (Generate Random Extensions And Sustain Extensibility),
which was pioneered for TLS,
to the ecosystem of Ephemeral Diffie-Hellman Over COSE (EDHOC).
It reserves a set of External Authorization Data (EAD) labels and unusable cipher suites
that may be included in messages
to ensure peers correctly handle unknown values.</t>
    </abstract>
    <note removeInRFC="true">
      <name>Discussion Venues</name>
      <t>Discussion of this document takes place on the
    Lightweight Authenticated Key Exchange Working Group mailing list (lake@ietf.org),
    which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/lake/"/>.</t>
      <t>Source for this draft and an issue tracker can be found at
    <eref target="https://github.com/lake-wg/grease"/>.</t>
    </note>
  </front>
  <middle>
    <?line 29?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>This document applies the extensibility mechanism GREASE (Generate Random Extensions And Sustain Extensibility),
which was pioneered for TLS in <xref target="RFC8701"/>,
to Ephemeral Diffie-Hellman Over COSE (EDHOC, <xref target="RFC9528"/>) ecosystem.</t>
      <t>The introduction of <xref target="RFC8701"/> and <xref section="3.3" sectionFormat="of" target="RFC9170"/> provide comprehensive motivation for adding such extensions;
<xref target="I-D.iab-protocol-greasing"/> provides additional background that influenced this document.</t>
      <t>The extension points of the EDHOC protocol are
cipher suites,
methods,
EAD (External Authorization Data) items
and COSE header parameters.
This document utilizes the cipher suite and EAD extension points.</t>
      <t>Unlike in TLS GREASE <xref target="RFC8701"/>,
EDHOC is operating on tight bandwidth and message size budget,
with some messages just barely fitting within relevant networks' fragmentation limits.
Thus,
more than with TLS GREASE,
it is up to implementations to decide
whether in their particular use case
they can afford to send additional data.</t>
      <section anchor="variability-in-other-extension-points">
        <name>Variability in other extension points</name>
        <t>If the selected method is unsupported by the Responder,
EDHOC does not conclude successfully.
While values could be reserved for these for use as GREASE,
these failed attempts would not be verified between the EDHOC participants
without maintaining state between attempted EDHOC sessions.
Such an addition is considered impractical for constrained devices,
and thus out of scope for this document.</t>
        <t>Recommendations for GREASE in <xref section="4" sectionFormat="of" target="I-D.iab-protocol-greasing"/>
also include varying other aspects of the protocol,
such as varying sequences of elements.
EDHOC has little known variability,
and intentionally limits choice at times
(for example, <xref section="3.3.2" sectionFormat="of" target="RFC9528"/> allows only the numeric identifier form where that is possible).
Where variation is allowed,
e.g., in padding or in the ordering of EAD items,
applications are encouraged to exercise it.</t>
        <t>The extension point of COSE header parameters
(identifying other ID_CRED_x types)
is beyond the scope of this document,
and might be addressed orthogonally in the "COSE Header Parameters" registry.</t>
      </section>
      <section anchor="terminology">
        <name>Terminology</name>
        <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
        <?line -18?>

</section>
    </section>
    <section anchor="the-grease-ead-labels">
      <name>The GREASE EAD labels</name>
      <t>This document registers the following EAD labels for use with GREASE EAD items:</t>
      <t>160, 41120, 43690, 44975</t>
      <t>These EAD labels can be used in any EDHOC message
for non-critical EAD items (see <xref section="3.8" sectionFormat="of" target="RFC9528"/>).</t>
      <t>The numbers cover the different lengths of encoding available in CBOR for the registry's range (except the 23 precious small values).
It is expected that future documents register additional values with the same semantics.</t>
      <section anchor="use-of-grease-ead-items-by-message-senders">
        <name>Use of GREASE EAD items by message senders</name>
        <t>A sender of an EDHOC message <bcp14>MAY</bcp14> include an arbitrary number of GREASE EAD items,
with any or no ead_value (that is, with or without a byte string of any usable length).</t>
        <t>Senders <bcp14>SHOULD</bcp14> consider the properties of the network their messages are sent over,
and refrain from adding GREASE when its use would be detrimental to the network
(for example, they might use it less frequently when the added size causes fragmentation of the message).</t>
        <t>On networks where the data added by the grease EAD items does not significantly impact the network,
senders <bcp14>SHOULD</bcp14> irregularly send arbitrary (possibly random) GREASE EAD items with their messages
to ensure that errors resulting from the use of GREASE are detected.</t>
        <t>The GREASE EAD items <bcp14>MAY</bcp14> be used as an alternative form of padding.</t>
        <section anchor="suggested-pattern">
          <name>Pattern for limited fingerprinting</name>
          <t>A method of applying GREASE is suggested as follows:</t>
          <ul spacing="normal">
            <li>
              <t>For every message, use GREASE with a random probability of 1 in 64.</t>
            </li>
            <li>
              <t>Pick a random GREASE label out of the uniform distribution of available options.</t>
            </li>
            <li>
              <t>Pick a random length from the uniformly distributed interval 9 to 40 (inclusive).</t>
            </li>
            <li>
              <t>Add the selected GREASE label with a value of the selected length,
filled with random bytes.</t>
            </li>
          </ul>
          <t>Running EDHOC already requires the presence of a cryptographically secure random number generator.
Implementers can use that same source here to avoid any privacy implications from insufficiently initialized faster sources of randomness.</t>
        </section>
      </section>
      <section anchor="use-of-grease-ead-items-by-message-recipients">
        <name>Use of GREASE EAD items by message recipients</name>
        <t>A party receiving a GREASE EAD item <bcp14>MUST NOT</bcp14> alter its behavior
in any way that would allow random GREASE EAD items
to alter the security context that gets established.</t>
        <t>It <bcp14>MAY</bcp14> alter its behavior in other ways;
in particular, it <bcp14>SHOULD</bcp14> randomly insert GREASE EAD items
in later messages of a session in which unprocessed EAD items (including GREASE EAD items) were present.</t>
        <t>Implementations <bcp14>SHOULD NOT</bcp14> attempt to recognize GREASE EAD items,
and <bcp14>SHOULD</bcp14> apply the default processing rules.</t>
      </section>
    </section>
    <section anchor="grease-cipher-suites">
      <name>GREASE cipher suites</name>
      <t>This document registers the following GREASE cipher suites:</t>
      <t>160, 41120, -41121, 43690</t>
      <t>The numbers cover the different lengths of encoding available in CBOR for the registry's range (except the 46 precious small values), and both available signs.
It is expected that future documents register additional values with the same semantics.</t>
      <t>An Initiator may insert a GREASE cipher suite
at any position in its sequence of preferred cipher suites.</t>
      <t>A Responder <bcp14>MUST NOT</bcp14> support any of these GREASE cipher suites,
and <bcp14>MUST</bcp14> treat them like any other cipher suite it does not support.</t>
      <t>Thus, a GREASE cipher suite never occurs as the selected cipher suite,
i.e., it is never specified as the last cipher suite in EDHOC message_1.
An Initiator whose offer of a GREASE cipher suite is accepted through cipher suite negotiation (<xref section="6.3" sectionFormat="of" target="RFC9528"/>)
needs to discontinue the protocol.</t>
    </section>
    <section anchor="processing-of-grease-related-failures">
      <name>Processing of GREASE-related failures</name>
      <t>It is <bcp14>RECOMMENDED</bcp14> that any counters or statistics about successful and failed sessions
distinguish between sessions in which GREASE was applied and those in which it was not applied.
Any operator feedback channel, be it immediately to the user or through network monitoring,
<bcp14>SHOULD</bcp14> warn the operator if there are errors that were determined to originate from the use of GREASE
or that are significantly likely to originate from there.
This provides a feedback path as described in <xref section="4.4" sectionFormat="of" target="RFC9170"/>.</t>
      <t>On constrained devices, one suitable operator feedback channel is CORECONF <xref target="I-D.ietf-core-comi"/>;
no general YANG model is available for that purpose.</t>
      <t>Whether logging of GREASE-related failed session details is appropriate
depends on the privacy policies of the application.</t>
    </section>
    <section anchor="privacy-considerations">
      <name>Privacy considerations</name>
      <t>The way in which GREASE is applied
can contribute to identifying which implementation of EDHOC
is being used.
Implementers of EDHOC are encouraged to use the algorithm described in <xref target="suggested-pattern"/>,
both to reduce the likelihood of their implementation to be identified through the use of GREASE
and to increase the anonymity set of other users of the same algorithm.</t>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>The use of GREASE has no impact on security
in a correct EDHOC implementation.</t>
      <t>As the application of GREASE contributes to an ecosystem that can have security updates deployed in the future,
implementers of EDHOC are strongly encouraged to apply GREASE regularly whenever their operational constraints permit it.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA considerations</name>
      <section anchor="edhoc-ead-labels">
        <name>EDHOC EAD labels</name>
        <t>IANA is requested to register
four new entries into the EDHOC External Authorization Data Registry
established in <xref target="RFC9528"/>:</t>
        <t>160, 41120, 43690, 44975</t>
        <t>All share the name "GREASE",
the description "Arbitrary data to ensure extensibility",
and this document as a reference.</t>
      </section>
      <section anchor="edhoc-cipher-suites">
        <name>EDHOC cipher suites</name>
        <t>IANA is requested to register
four new values into the EDHOC Cipher Suites Registry
established in <xref target="RFC9528"/>:</t>
        <t>160, 41120, -41121, 43690</t>
        <t>All share
the array N/A,
the description "Unimplementable GREASE cipher suite to ensure extensibility",
and this document as a reference.</t>
      </section>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC9528">
          <front>
            <title>Ephemeral Diffie-Hellman Over COSE (EDHOC)</title>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="J. Preuß Mattsson" initials="J." surname="Preuß Mattsson"/>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <date month="March" year="2024"/>
            <abstract>
              <t>This document specifies Ephemeral Diffie-Hellman Over COSE (EDHOC), a very compact and lightweight authenticated Diffie-Hellman key exchange with ephemeral keys. EDHOC provides mutual authentication, forward secrecy, and identity protection. EDHOC is intended for usage in constrained scenarios, and a main use case is to establish an Object Security for Constrained RESTful Environments (OSCORE) security context. By reusing CBOR Object Signing and Encryption (COSE) for cryptography, Concise Binary Object Representation (CBOR) for encoding, and Constrained Application Protocol (CoAP) for transport, the additional code size can be kept very low.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9528"/>
          <seriesInfo name="DOI" value="10.17487/RFC9528"/>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC8701">
          <front>
            <title>Applying Generate Random Extensions And Sustain Extensibility (GREASE) to TLS Extensibility</title>
            <author fullname="D. Benjamin" initials="D." surname="Benjamin"/>
            <date month="January" year="2020"/>
            <abstract>
              <t>This document describes GREASE (Generate Random Extensions And Sustain Extensibility), a mechanism to prevent extensibility failures in the TLS ecosystem. It reserves a set of TLS protocol values that may be advertised to ensure peers correctly handle unknown values.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8701"/>
          <seriesInfo name="DOI" value="10.17487/RFC8701"/>
        </reference>
        <reference anchor="RFC9170">
          <front>
            <title>Long-Term Viability of Protocol Extension Mechanisms</title>
            <author fullname="M. Thomson" initials="M." surname="Thomson"/>
            <author fullname="T. Pauly" initials="T." surname="Pauly"/>
            <date month="December" year="2021"/>
            <abstract>
              <t>The ability to change protocols depends on exercising the extension and version-negotiation mechanisms that support change. This document explores how regular use of new protocol features can ensure that it remains possible to deploy changes to a protocol. Examples are given where lack of use caused changes to be more difficult or costly.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9170"/>
          <seriesInfo name="DOI" value="10.17487/RFC9170"/>
        </reference>
        <reference anchor="I-D.iab-protocol-greasing">
          <front>
            <title>Considerations For Maintaining Protocols Using Grease and Variability</title>
            <author fullname="Lucas Pardue" initials="L." surname="Pardue">
              <organization>Cloudflare</organization>
            </author>
            <author fullname="Tommy Pauly" initials="T." surname="Pauly">
              <organization>Apple</organization>
            </author>
            <author fullname="Dave Thaler" initials="D." surname="Thaler">
              <organization>Armidale Consulting</organization>
            </author>
            <date day="5" month="July" year="2026"/>
            <abstract>
              <t>   Active use and maintenance of network protocols is an important way
   to ensure that protocols remain interoperable and extensible over
   time.  Techniques such as intentionally exercising extension points
   with non-meaningful values (referred to as "grease") or adding
   variability to how protocol elements are used help generate this
   active use.

   Grease and variability are used across various protocols developed by
   the IETF.  This document discusses considerations when designing and
   deploying grease and variability mechanisms, and provides advice for
   making them as effective as possible.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-iab-protocol-greasing-01"/>
        </reference>
        <reference anchor="I-D.ietf-core-comi">
          <front>
            <title>CoAP Management Interface (CORECONF)</title>
            <author fullname="Michel Veillette" initials="M." surname="Veillette">
              <organization>Trilliant Networks Inc.</organization>
            </author>
            <author fullname="Peter Van der Stok" initials="P." surname="Van der Stok">
              <organization>consultant</organization>
            </author>
            <author fullname="Alexander Pelov" initials="A." surname="Pelov">
              <organization>IMT Atlantique</organization>
            </author>
            <author fullname="Andy Bierman" initials="A." surname="Bierman">
              <organization>YumaWorks</organization>
            </author>
            <author fullname="Carsten Bormann" initials="C." surname="Bormann">
              <organization>Universität Bremen TZI</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   This document describes a network management interface for
   constrained devices and networks, called CoAP Management Interface
   (CORECONF).  The Constrained Application Protocol (CoAP) is used to
   access datastore and data node resources specified in YANG, or SMIv2
   converted to YANG.  CORECONF uses the YANG to CBOR mapping and
   converts YANG identifier strings to numeric identifiers for payload
   size reduction.  CORECONF extends the set of YANG based protocols,
   NETCONF and RESTCONF, with the capability to manage constrained
   devices and networks.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-comi-21"/>
        </reference>
      </references>
    </references>
    <?line 235?>

<section anchor="using-extension-points-beyond-successful-edhoc-runs">
      <name>Using extension points beyond successful EDHOC runs</name>
      <t>Some ways of using the extension points, in particular
the use of critical GREASE EAD items
and
placing a GREASE cipher suite in the selected position
do not result in the successful continuation of the EDHOC session.</t>
      <t>They can be useful during testing
(e.g., to verify that a peer does indeed implement the correct behavior of not silently tolerating critical EAD items it can not process),
particularly when they allow a testing system to provoke an error response from the implementation under test.
However,
this document is concerned with test performed during successful operation,
therefore that application is out of scope.</t>
    </section>
    <section anchor="change-log">
      <name>Change log</name>
      <t>Since draft-ietf-lake-edhoc-grease-01: Address WGLC comments.</t>
      <ul spacing="normal">
        <li>
          <t>seccons: Stronly encourage use of GREASE</t>
        </li>
        <li>
          <t>Explicit <bcp14>SHOULD</bcp14> on applying default processing rules (not just by exclusion of <bcp14>SHOULD NOT</bcp14> attempt)</t>
        </li>
        <li>
          <t>Point to EDHOC CS-RNG for fingerprint resistance</t>
        </li>
        <li>
          <t>Point to CORECONF as example of how to report</t>
        </li>
        <li>
          <t>Add remark on why numeric values were chosen</t>
        </li>
        <li>
          <t>Elaboration on cipher suite selection</t>
        </li>
        <li>
          <t>Added BCP14 boilerplate Terminology section</t>
        </li>
        <li>
          <t>Updated reference from edm-protocol-greasing-02 to iab-protocol-greasing (currently at -01)</t>
        </li>
        <li>
          <t>Editorial fixes; highlights:
          </t>
          <ul spacing="normal">
            <li>
              <t>Consistency around "EAD items" and "EAD labels"</t>
            </li>
            <li>
              <t>EAD items can be critical/non-critical, not labels</t>
            </li>
          </ul>
        </li>
      </ul>
      <t>Since draft-ietf-lake-edhoc-grease-00: Resolve all open issues.</t>
      <ul spacing="normal">
        <li>
          <t>Question on "is this better than padding" removed. (There are currently implementations of EDHOC that can't use all EAD values but can do padding).</t>
        </li>
        <li>
          <t>Question of COSE header extension deferred to COSE maintenance.</t>
        </li>
        <li>
          <t>Use of GREASE values in critical form is out of scope, but appendix illustrates that it can make sense to do, and emphasizes that indeed those options do cause errors when used with negative sign.</t>
        </li>
      </ul>
      <t>Since draft-amsuess-lake-edhoc-grease-01:</t>
      <ul spacing="normal">
        <li>
          <t>Document was adopted in LAKE.</t>
        </li>
        <li>
          <t>Instead of discouraging GREASE around fragmentation limits wholesale, suggest reduced frequency.</t>
        </li>
        <li>
          <t>Editorial fix to fingerprinting section.</t>
        </li>
      </ul>
      <t>Since draft-amsuess-lake-edhoc-grease-00:</t>
      <ul spacing="normal">
        <li>
          <t>Expanded introduction section to just point to the abstract any more.</t>
        </li>
      </ul>
      <t>Since draft-amsuess-core-edhoc-grease-01:</t>
      <ul spacing="normal">
        <li>
          <t>Update references to RFC9528 🎉</t>
        </li>
        <li>
          <t>Change target WG to LAKE, renaming to draft-amsuess-lake-edhoc-grease</t>
        </li>
        <li>
          <t>Process RFC9170
          </t>
          <ul spacing="normal">
            <li>
              <t>Add a section on failure processing</t>
            </li>
            <li>
              <t>Reference where appropriate</t>
            </li>
          </ul>
        </li>
        <li>
          <t>Process draft-edm-protocol-greasing-02
          </t>
          <ul spacing="normal">
            <li>
              <t>Variability outside of extension points</t>
            </li>
            <li>
              <t>Be firmer against recognizing GREASE values</t>
            </li>
            <li>
              <t>Point out that future options may be registered (instead of the suggested algorithmic registrations)</t>
            </li>
          </ul>
        </li>
      </ul>
      <t>Since -00:</t>
      <ul spacing="normal">
        <li>
          <t>Fixed a mix-up between positivity and criticality of options.</t>
        </li>
        <li>
          <t>Adjusted numbers accordingly to once more fit in the <tt>0xa.</tt> pattern
(actually they're using <tt>0x.a</tt>, but that doesn't work the same way with CBOR).</t>
        </li>
        <li>
          <t>Text improvements around recipient side processing.</t>
        </li>
      </ul>
    </section>
    <section numbered="false" anchor="acknowledgements">
      <name>Acknowledgements</name>
      <t>Marco Tiloca pointed out a critical error in the numeric constructions,
and provided many general improvements.
Göran Selander provided input to reduce mistakable text.
Meiling Chen and Shujaatali Badami found places where the text did not provide the right guidance to readers.</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA81a3XLcyHW+x1N0qIslVTNjUktrJa7tzYjkSqxIokxK2dpK
ubRNoGemLQCNoAGSsyo+gG/8CslT5CpX8QvlEfKdc7rxMxxuVHY5lYtdDYH+
O3/f+c5pTKfTpLFNbo7Uzryq8rUtl+qlKU2tG6MudJm5Qp3eNqb01pVezctM
Xba+0baMj69sbpu12n15cTq/PN1TjVOnJ6/Oj8fvd5LMpaUusFFW60UztaZZ
THP9yUxNtnLpdFkb7c10/0liq/pINTV2ebK//xwPsF2ZfdS5Kw2/MEmqmyNl
y4VLbpZH6vX8n04T3TYrVx8lUzz3R+p4puaF/8t/ep8oJfser2rrG6vLwZvU
tWVTr4/UHNvVVuORKbTNj1QaR/+jLnxrvJ+lrkhKVxe6sdfmCCMvvj9+/usn
z44SOsn4+bNv9g/ikINv9o+SJJlOp0pfYRedNknyfmW9gkrawpSN0lC9NV41
K6PMSK2FSVe6tL5Qol/o+a+wzt4kuVnZdKVutFcVxhpTm0zh1Or968tJApvx
1qnza9+YQrmFOq1WpsBOuTqxi4U101cmzwto7/za1Or4nM7Cht6bJWeNqo03
9TVk0MqbhhfACeoS8+dsGvszFORKdaIbjZnzkz2V6yuTYwaO3Zat11e5UanF
vrXyrW2MT5qVblSh1+rKwK5p3mY4NqQrYBC9pAFOQcy2NqqCTB4GrWuTNvla
QW0Z1mvLT6W7KdW1zmHFmdihsBneJckjdQbzu6xN+WifH9nBn3f/v6xEYn/+
HHzr7o6N9sU2mshUcte7u73e0DOSkVQ70AJMN9iHrfP586WRl1/PvqYBwa/x
uqrdtc1gN1dUtVmRNNdGFQ7BIPam4+ssI2DxLYQznSa+TT5/PpuezKy+mmKZ
xqUuFxzA4H5pz9NpLch5pdNPyxpRmyn2DYQe7Fqmhv4eGCsI1m2mKgchPZ2d
zCcIFTdVugamDB1vkhQGTpvhBzwVSnzYl/cUJhQ+IT2xxldGZ1io0jVgB9Pg
dGM/ahuY++fgSMNtWde03+axIc2HMrefyFLsC8HNRv4gMmEjV5HrkcKxQGOX
qwZqK7MbmzUr3iJEj/I4hbpqs6Vp4HoWb70rTBdc6o/wUkytDcJpYRtekobh
EHhmrjWEKU1z4+pP/iu1qPWS5BPV5LawDYvekjYdIhQGK3n+QIRJYhs6c1tR
4rBFlZtuDU+PMpPCBxAYsAf0hK3xr2X1NjZtc12r1kONSB5AC7PGr1LpBbwu
o+neQN6B/2SwGLT56JH6Zw28D/GLVR0vv6n4JDkTh/GQN20M6Y78go8M3Kkq
V9PTqzWPujC+ciWsH62ROaixdA3CQ9CLYiCFfhdtnq9nyQ8rC4wSbKJklGeE
dAFLJfSxLuSjXyQnkCEqLrxAtsJI3cAJKzj4DS9CW2IhoIAFLNCizY0x5dD3
WX+20iQlGcW1hLQQGv9xsDYEX3FiWB9LyXQPGchEs+SSgpp0HpRMqoG0HlYj
9IJJKePZFMonIegVcqAt8S4z1zalYNMczi1ct+XU4VP4cJB+HNQXgK4Cv7Pg
ITQmBAPjY8SpQ1rmu19Al0Tn3sWcAgvUTH3EC7SvsEwHFnH2JGEAgwnicG/+
lcGHhxpxXahEVLTCQHgXyJWKKajzOBEZysYEdkxEmEQMiIeDUqBwhC4iMdkl
Ec2tptCYjJF49iRiMeO6wjLuBmcpc3HHElqrbapgCmwDR6hJX4VCMEk4cuhV
DqZE6t0jd6QXfM5oSl7TZJPEzJazCSm5CmjuYjTiF2zNjxYMXwyIEJHyZRoM
BRRBpoaLAyUMh6a5NXVq4cL2AbSm5bYjarIbRBoY7ezk4/HF6cnHW9WsK+P3
Ehz+yqwdu5YJLsUWHXiU2KEQjDTkw4g9j/MhrFduGSwTxNzhw7ySw7zrDrOD
eF2CK9ZrAZb3pi5s6XK3XItYn4BKwMjMq503Hy7f70zkX/X2nH9fnP7+wxlO
Tr8vX81fv+5+JGHE5avzD69P+l/9zOPzN29O357IZDxVo0fJzpv5j3hDMu6c
v3t/dv52/npHxBkRG/IGJxwLEiGPU6BrnyD5prW9Es714vjdf/37wSFc8B/g
ck8ODp7D5eSPZwffHOIP+FUpu7ELyp8EyuQKRrO/QKGA6Mo2iL8JxZJfUWyQ
40F9j/+FNPOHI/Wbq7Q6OPxdeEACjx5GnY0ess7uP7k3WZS45dGWbTptjp5v
aHp83vmPo7+j3gcPf/NdDvxT04Nn3/0uIRZKXhJQjOJHePEm/RQvI5JLzrhw
FJjk/v2MLktwkh0syAGJIuTg6f5EHR4cPKF/vn76nP45fP7Nr9lPMW+wFKVR
OETrxfi6XAfkD+wgob1KV07hIILu3UZq1xszQqpnI5zaC+EOeLoSzk5slYTK
wGLhCBA2N+WyWQmuAjUYcPQ1ch0XCTjQ8Yvzi5gfuwD8yqtal2A2u+Y2NVXD
L598DQQHi3DIL74g/5N8K3ULNGxuK8ntjIiLtqFyIqrdd3of0oiQsVnPjC7A
AmQDUG/owgsOfPCMN5tmIK7QETBDZAGWnoefNAGKH2lawaO6REWJtr6yyKD1
Oihw2yaBzpHV2EwKoPWRD612A+5P5PR4HbO/xtGQ8qkQFiyn6aEsE3uQ5S7l
zCqETEz1MVOCezbWdLkz0MNA2jpmSYjjyc5kegHh2iyIFoBGolwKKSaIRUCi
KDeyb0eWlBkclMlirkIBG3bbyJlMCwXjW043kMYjWGrO3k1AKl4A+8IPmBen
GoP9BqsNUgU5SB3nZUeBu7xqmGaGxQI1lP7GwA06aujtskRyRsDRUcCXQJeG
0oB2jFVuUeIuifliuPDbziN2QzJfUxyg7ty7737RZwfmGFTR7Bymrl1Nju/b
nEk/24SO1I58mqwIK3DwhJi+tx05b8QR7dl/c66lqFsidAQLBk7BgfMIubWh
IRzezIqICuM1pSZkKDrR50e+XeLoeDWtZPgdhVGg5+S8XTsr0ENEf5xCJxEA
JVR8rL4nd4EndpE5YUmj+3EoBY2Sj1/FugHbHBAYPT2cYZV3Nv3UjwuTGU4j
r2UVwtgkdUaIZa/a6Fc9urmqEWq9uaQE4cAashSs3S1mhFXWiHX1nMLicF/t
MnhQXb5Ha86zbFzSjE4ahBWscBvFjxxgkiiYI6eyg0eH0xF4EPRdtCUXEAJi
OofjZ/BHBJutQ9FbUYUD3sxyq7ReV41b1rpaUSJhr07JGcPCAeaW0lJxNXA7
1omcPuBTZC12XQFisEwsLtHooFlnMwYzuM+1TjnIembK6rRw/wWC0AogoARq
rKYqHZ6nGf1lUQY2OVdJTcEvRXpKQBUtzmBPxRepJDX2mjPb5lwVWY9EC4Pf
lVnpa+vqJKTjG70WmQURmahvOF93FIpwWUnsCfWS/wK8G5BuWWZpsAnCAz5o
/YojGvmR4vf+GfqKGafw3yZcFsSCfEIQG7BKzsMaRU3b3D8YZuaalu9yA/tE
qC9pH+mJtSUCLxVyPmAakhcHYd6921M3ZH9xNaowzjaaCz3ni9UtOQuM4oDH
P9+HMklTYRaji0C9WWjApArHo6PUbc6R8CiuMW5qfiGv2zZ3g8NN6d+DwOX+
T0nV4dMHSJXw/ytHKNItTSnO/z3p1rxUZxyygAfuFwd309u0mGBbRgPnQ8dC
2EWs5jkhgY4gDeKUI/3TVn2Xp4/S0AkSwrUIPZttBhQn4nkNgJGVCWCn1h7P
5Zga9QQRSz1VkG0417ZUPm3bA7yBTO9SBLmnTDeC8OHISWJnZsbhCrvINGp9
SM8ozMwBfxsn2iCoHw9mYwPcrBwj4iIQ2q2npN5CSv7EnlC7drnaFGPpmtCI
2O2riad9B1qqiaQ0JpNeofWEaLZszahxw6H4ro/PDquntSHwybiLBjf0SfDR
QXEnbkrG4csiii2ISN0xuh9KIcUVZfe+r8cBENpysU2WUILG1i2QteupxZc9
yEXCQUSJLxsyJa0x0mc3CuaiEeQQYRTpfx36vjjcAgqhRrmiW4nS5BMu7SFY
UZgMGqV+bmDMSJy14oAXC0S+XjhY01EhMEkC5N3oOrR74j6WPR3Ry80dIY2S
kUxghtQJkW4P1lraklqK28lkwofQ0owYU2KKDjnx/UWoa8Bw2l8W9OKDGHK7
btTGGPQIZ4ejuwxh89salMqVhr0y8LMH9Eyec3xOvvP2e+wj7Ue650xdbfC/
wt7dfZugGhMqk6sf529fQtWZTO3xchGVUbU1UIo6Iz+EBnjulsuHfbh3OVI/
HnheuKLCjJp6JslMhZLB89UAh4gwosrlRH66um3QuwvRI+NiuSc5VFLODePt
2IVt58EJ8TMKS+Gn3OYfNO+CS49yM/cRCWGkh0fDqH7Y4H1x0JbWotBBSJEv
4TLNqth0gfvFw90k4aTFFCBrU1mAXc+unJQUUjVtnDU0zmKLtQez+y7OscxN
ZykG+YilK9cFkbFwbSopgOKyMwanu04WtsdlpHDHWwwyrtJWjBWxsHRlR/+Y
SMYb06DLsXCU7vymPwyW7s3K+AtD91fI7L9kezDGAeVsK9TGhmKyyt1a7MG8
h3kAMtKDJkZUunIJIBjbWphYOFBfGFNJbwIFgtHCnRiziS7CkfMrgqhGWtCP
1Nn87fyei4Pghw8aBq05Hmk9lzVSUrLjCHVJFjgfoPQGR4V+DCF8wNv+04iH
rsYvAu1KBlS8u/uVlPeLnbw5uJhf6dCIoE8f1I5oZ4fvjEIocI2pduZd64Bb
Fn0jYHTBvROvaEZdY8JapklEmmYDRW3Q3S/UVSB5G6o6lrUuea2/QjkbFLnT
DqtC1zWw6+2v5ls086HsY4EweRuH+ZvURR8iUPYgx/vAvOTebXW4vxhwC1FK
3ZJjXtJlLdVfFCctrzD4NKFbJVzaxOosGeBS17u9V5bh/EmV63RUnW6ywBGx
jGw6yRxTE+kedcN6EQJFGzXURpeK0kpaD1rQNC1ruS0JLyAilezKfRQswJec
oRTW/BmIEGYLii4XkGJFuW4PaNcVsjiANOFyqfwbl8fb8y2dbSuQRjNCvbc3
SXrdDlqJ61CQ63hiFXHRMVdxzPiFNZGuUFH4ATfaSDItlxu00ix55W4Md03H
/iXXrilwJfZlaDgBHPWIiMyIAgeW6ECR3R++6WIHcAj3dnwty0B5vOKKEGQE
bmipZvrlr7oOjqjtRHdr6oeXr4+VXOLyhw2PKTcQ5h6pS0L4IcBv5M/HAE46
V99ewPG6Pt9DhbjaJXPJtwxY+5Z7YeJ691sAe9R048vH7ju248vpBWgacbJB
E5JsZunLtNQMp3T0T/vYgKaNVvAEBj0q30IPrkb9CqbtiDmtu7vaWOoSg06J
95ckNtKOq0PElOM4lACkwONlYegXx+8ODlGCw6Xrirjh8EqStB1Gf+BUnPWg
JO5nsuL+hfl0/wlTl22X6WoXub2W8IHvwNqkxdOMCwi69re3xn+rVna5yqkL
7+nLuKkwF4RECVqp5ZOenS7SduTSsk+5Ozynj8QADjFGfzW8ippwgMZU/SX+
uX9EVb3Lrw1fUMLNye+9fDH2WP2e8lZQ/o71guwo46Shprs7cboKLtw1qKra
fd9VRr12Nr9v6fhNJEtfyRUFnYFEDc4AgsXyAlnDRtzI7U81vifvE0AWmxjs
mRjBH3iYUnMGerzRuOwScI983KneAIAJn4dudMvM3iqb5/TtJJM6uVqSwxbQ
Ml1PeE6TmZPGEGIMfDR8/cTfbzFIS4UbGt8kJ9++xJqSMZVvEBjXSrOU2wMq
E2djA4ePNbdjEJnyJOIlF9mZq6Rlzh+RkkrOwA2hRpKW2wmEQ4NuXHDUbd86
UdsDcKPpyinUF6GUyOJdU7qebUYGKWfjbiNE6JdLts+SARuhYbkA6L/mC4vR
NgyBVUQq5j/he1Rub9A3Wg/syfXrNm0KhPQIwmVAoGLqv//tz3/CmJArGl0v
UeH88JKGkLYnmAZ6yknd/W9CEsYKrsd6nfGAcFR3MtLXhtLIGSQBHnfRQZzc
0Q0r4n5lOcND+McLDb8aQ1BQocDt1M3vxmjsCwCqReqtlV4i7tgdpLk8cCgJ
Oh4vSYRCbdgZjUERvoKNvBl23rW9rwrH6q63Yq2IhBLauII4e9G+0Wm+BzaT
Cgt7O22rrjUlZO6apKSojXgQ7rwGF1TzjLwKS8S+s0YurwmiQseGNuOv/xa2
I4M/7d/q2U8qlN6QfRc+2PLNDzGnr2oT6CwGzvRPAjisEyJ2BJLxTllKY2pA
MDJQ/5qh8T3datCnZwBjaSuHwO3uYRSbrncTpjXzlL7Uyk22lFnJ5yORy2S/
3Vno3JuduyR5o+vUqfc2d6kWe9MHQ3yB3gGn8Logb8ztUnhKYIZOcGhbZTAv
QjD2hYYnnyUv//IfNQD10uSaaWA3x5ZV2ww6FgURkk9crdC1zix5Y+Cp0OMx
ASjfXqzaP2oUerlVL3SG4APCk1qI6pvhBTZfC2U2i1SXv/HlWwG+R1+2NqMk
IptT1sE5/weW5Gy7TTAAAA==

-->

</rfc>
