<?xml version='1.0' encoding='utf-8'?> encoding='UTF-8'?>
<!DOCTYPE rfc [
<!ENTITY nbsp " ">
<!ENTITY zwsp "​">
<!ENTITY nbhy "‑">
<!ENTITY wj "⁠">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.22 (Ruby 3.2.3) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-lamps-rfc4210bis-18" number="9810" category="std" consensus="true" submissionType="IETF" xml:lang="en" obsoletes="4210 obsoletes="4210, 9480" updates="5912" tocDepth="4" tocInclude="true" sortRefs="false" symRefs="true" version="3">
<!-- xml2rfc v2v3 conversion 3.26.0 -->
<front>
<title abbrev="CMP">Internet X.509 Public Key Infrastructure --
Certificate Management Protocol (CMP)</title>
<seriesInfo name="Internet-Draft" value="draft-ietf-lamps-rfc4210bis-18"/> name="RFC" value="9810"/>
<author initials="H." surname="Brockhaus" fullname="Hendrik Brockhaus">
<organization abbrev="Siemens">Siemens</organization>
<address>
<postal>
<street>Werner-von-Siemens-Strasse 1</street>
<city>Munich</city>
<code>80333</code>
<country>Germany</country>
</postal>
<email>hendrik.brockhaus@siemens.com</email>
<uri>https://www.siemens.com</uri>
</address>
</author>
<author initials="D." surname="von Oheimb" fullname="David von Oheimb">
<organization abbrev="Siemens">Siemens</organization>
<address>
<postal>
<street>Werner-von-Siemens-Strasse 1</street>
<city>Munich</city>
<code>80333</code>
<country>Germany</country>
</postal>
<email>david.von.oheimb@siemens.com</email>
<uri>https://www.siemens.com</uri>
</address>
</author>
<author initials="M." surname="Ounsworth" fullname="Mike Ounsworth">
<organization abbrev="Entrust">Entrust</organization>
<address>
<postal>
<street>1187 Park Place</street>
<city>Minneapolis</city>
<region>MN</region>
<code>55379</code>
<country>United States of America</country>
</postal>
<email>mike.ounsworth@entrust.com</email>
<uri>https://www.entrust.com</uri>
</address>
</author>
<author initials="J." surname="Gray" fullname="John Gray">
<organization abbrev="Entrust">Entrust</organization>
<address>
<postal>
<street>1187 Park Place</street>
<city>Minneapolis</city>
<region>MN</region>
<code>55379</code>
<country>United States of America</country>
</postal>
<email>john.gray@entrust.com</email>
<uri>https://www.entrust.com</uri>
</address>
</author>
<date year="2025"/>
<area>sec</area>
<workgroup>LAMPS Working Group</workgroup> year="2025" month="June"/>
<area>SEC</area>
<workgroup>lamps</workgroup>
<keyword>CMP</keyword>
<keyword>Certificate Management</keyword>
<keyword>PKI</keyword>
<!-- [rfced] To keep the abstract succinct, we suggest
moving some of its content to the Introduction. Perhaps the third paragraph could be worked into the Introduction?
As noted in
Section 4.3 of RFC 7322:
Every RFC must have an Abstract that provides a concise and
comprehensive overview of the purpose and contents of the entire
document, to give a technically knowledgeable reader a general
overview of the function of the document....
A satisfactory Abstract can often be
constructed in part from material within the Introduction section,
but an effective Abstract may be shorter, less detailed, and perhaps
broader in scope than the Introduction.
Please review and let us know how/if the text may be updated.
-->
<abstract>
<?line 203?>
<t>This document describes the Internet X.509 Public Key Infrastructure (PKI)
Certificate Management Protocol (CMP). Protocol messages are defined for
X.509v3 certificate creation and management. CMP provides interactions between
client systems and PKI components such as a Registration Authority (RA) and
a Certification Authority (CA).</t>
<t>This document adds support for management of certificates containing a Key Encapsulation Mechanism (KEM) public key and use uses
EnvelopedData instead of EncryptedValue. This document also includes the
updates specified in Section 2 and Appendix A.2 of RFC 9480.</t>
<t>The updates maintain backward compatibility with CMP version 2 wherever
possible. Updates to CMP version 2 are improving crypto agility, extending the
polling mechanism, adding new general message types, and adding extended
key usages (EKUs) to identify special CMP server authorizations. CMP version 3 is
introduced for changes to the ASN.1 syntax, which are support of
EnvelopedData, certConf with hashAlg, POPOPrivKey with agreeMAC, and
RootCaKeyUpdateContent in ckuann messages.</t>
<t>This document obsoletes RFC 4210 4210, and together with I-D.ietf-lamps-rfc6712bis
and RFC 9811, it also obsoletes RFC 9480. Appendix F of this document updates the
Section 9 of RFC 5912.</t>
</abstract>
</front>
<middle>
<?line 228?>
<section anchor="sect-1">
<name>Introduction</name>
<t>[RFC Editor: please delete:</t>
<t>During IESG telechat the CMP Updates document was approved on condition that
LAMPS provides a RFC4210bis document. Version -00 of this document shall
be identical to RFC 4210 and version -01 incorporates the changes specified
in CMP Updates Section 2 and Appendix A.2.</t>
<t>A history of changes is available in <xref target="sect-g"/> of this document.</t>
<t>The authors of this document wish to thank Carlisle Adams, Stephen Farrell,
Tomi Kause, and Tero Mononen, the original authors of RFC4210, for their
work and invite them, next to further volunteers, to join the -bis activity
as co-authors.</t>
<t>]</t>
<t>[RFC Editor:</t>
<t>Please perform the following substitution.</t>
<ul spacing="normal">
<li>
<t>RFCXXXX --> the assigned numerical RFC value for this draft
]</t>
</li>
</ul>
<t>This document describes the Internet X.509 Public Key Infrastructure
(PKI) Certificate Management Protocol (CMP). Protocol messages are
defined for certificate creation and management. The term
"certificate" in this document refers to an X.509v3 Certificate as
defined in <xref target="RFC5280"/>.</t>
<section anchor="sect-1.1">
<name>Changes Made by RFC 4210</name>
<t><xref target="RFC4210"/> differs from <xref target="RFC2510"/> in the following areas:</t>
<ul spacing="normal">
<li>
<t>The PKI management message profile section is split to two
appendices: the required profile and the optional profile. Some
of the formerly mandatory functionality is moved to the optional
profile.</t>
</li>
<li>
<t>The message confirmation mechanism has changed substantially.</t>
</li>
<li>
<t>A new polling mechanism is introduced, deprecating the old polling
method at the CMP transport level.</t>
</li>
<li>
<t>The CMP transport protocol issues are handled in a separate
document <xref target="RFC6712"/>, thus the Transports "Transports" section is removed.</t>
</li>
<li>
<t>A new implicit confirmation method is introduced to reduce the
number of protocol messages exchanged in a transaction.</t>
</li>
<li>
<t>The new specification contains some less prominent protocol
enhancements and improved explanatory text on several issues.</t>
</li>
</ul>
</section>
<section anchor="sect-1.2">
<name>Updates Made by RFC 9480</name>
<t>CMP Updates <xref target="RFC9480"/> and CMP Algorithms <xref target="RFC9481"/> updated <xref target="RFC4210"/>, supporting the PKI management operations specified in the Lightweight CMP
Profile <xref target="RFC9483"/>, in the following areas:</t>
<ul spacing="normal">
<li>
<t>Added new extended key usages for various CMP server types, e.g., registration
authority and certification authority, to express the authorization of the
certificate holder that acts as the indicated type of PKI management entity.</t>
</li>
<li>
<t>Extended the description of multiple protection to cover additional use cases,
e.g., batch processing of messages.</t>
</li>
<li>
<t>Use
<t>Used the Cryptographic Message Syntax (CMS) <xref target="RFC5652"/> type EnvelopedData as the preferred choice instead of
EncryptedValue to better support crypto agility in CMP. </t>
<t>
For reasons of completeness and consistency, the type EncryptedValue has been
exchanged in all occurrences. This includes the protection of centrally
generated private keys, encryption of certificates, proof-of-possession methods, and protection of revocation
passphrases. To properly differentiate the support of EnvelopedData instead
of EncryptedValue, CMP version 3 is introduced in case a transaction
is supposed to use EnvelopedData. </t>
<t>
Note: According to point 9 in <xref section="2.1" target="RFC4211"/>, Section 2.1, point 9, the use of the EncryptedValue structure has been deprecated
in favor of the EnvelopedData structure. <xref target="RFC4211"/> offers the EncryptedKey structure a choice of EncryptedValue and EnvelopedData
for migration to EnvelopedData.</t>
</li>
<!--[rfced] It is unclear to us how "that has a signature algorithm..." fits
into the sentence below. Please review and let us know it may be updated for
clarity.
Original:
* Offer an optional hashAlg field in CertStatus supporting cases
that a certificate needs to be confirmed that has a signature
algorithm that does not indicate a specific hash algorithm to use
for computing the certHash.
Perhaps:
* Offer an optional hashAlg field in CertStatus supporting cases
where a certificate that has a signature algorithm but doesn't
specify a hash algorithm to compute the certHash needs to be
confirmed.
-->
<li>
<t>Offer
<t>Offered an optional hashAlg field in CertStatus supporting cases that a certificate
needs to be confirmed that has a signature algorithm that does not indicate
a specific hash algorithm to use for computing the certHash. This is also in
preparation for upcoming post-quantum algorithms.</t>
</li>
<li>
<t>Added new general message types to request CA certificates, a root CA update,
a certificate request template, or Certificate Revocation List (CRL) updates.</t>
</li>
<li>
<t>Extended the use of polling to p10cr, certConf, rr, genm, and error messages.</t>
</li>
<li>
<t>Deleted the mandatory algorithm profile in <xref target="sect-c.2"/> and refer instead referred to Section 7 of <xref section="7" target="RFC9481"/>.</t>
</li>
<li>
<t>Added security considerations Sections <xref format="counter" target="sect-8.6"/>, <xref format="counter" target="sect-8.7"/>, <xref format="counter" target="sect-8.9"/>, and <xref format="counter" target="sect-8.10"/>.</t> target="sect-8.10"/> to the security considerations.</t>
</li>
</ul>
</section>
<section anchor="sect-1.3">
<name>Changes Made by This Document</name>
<!-- [rfced] FYI, we have updated the citations in the sentence below
as follows. [RFC9480] does not have an Appendix C.2, but it does have
an Appendix A.2. Please review and confirm that these updates retain
the intended meaning.
Original:
This document obsoletes [RFC4210] and [RFC9480]. It includes the
changes specified by Section 2 and Appendix C.2 of [RFC9480] as
described in Section 1.2.
Current:
This document obsoletes [RFC4210] and [RFC9480]. It includes the
changes specified by Section 2 and Appendix A.2 of [RFC9480] as
described in Section 1.2.
-->
<t>This document obsoletes <xref target="RFC4210"/> and <xref target="RFC9480"/>. It includes the changes specified by Section 2 <xref section="2" target="RFC9480" sectionFormat="bare"/> and Appendix C.2 of <xref section="A.2" target="RFC9480"/> as described in <xref target="sect-1.2"/>. Additionally Additionally, this document updates the content of <xref target="RFC4210"/> in the following areas:</t>
<ul spacing="normal">
<li>
<t>Added <xref target="sect-3.1.1.4"/> introducing the Key Generation Authority.</t>
</li>
<li>
<t>Extended <xref target="sect-3.1.2"/> regarding use of Certificate Transparency logs.</t>
</li>
<li>
<t>Updated <xref target="sect-4.4"/> introducing RootCaKeyUpdateContent as an alternative to using a repository to acquire new root CA certificates.</t>
</li>
<li>
<t>Added <xref target="sect-5.1.1.3"/> containing a description of origPKIMessage content content, moved here from <xref target="sect-5.1.3.4"/>.</t>
</li>
<li>
<t>Added support for KEM keys for proof-of-possession to Sections <xref target="sect-4.3"/> target="sect-4.3" format="counter"/> and <xref target="sect-5.2.8"/>, target="sect-5.2.8" format="counter"/>, for message protection to Sections <xref target="sect-5.1.1"/>, target="sect-5.1.1" format="counter"/> and <xref target="sect-5.1.3.4"/>, target="sect-5.1.3.4" format="counter"/> and <xref target="sect-e"/>, and for usage with CMS EnvelopedData to <xref target="sect-5.2.2"/>.</t>
</li>
<li>
<t>Deprecated CAKeyUpdAnnContent in favor of RootCaKeyUpdateContent.</t>
</li>
<li>
<t>Incorporated the request message behavioral clarifications from Appendix
C of <xref section="C" target="RFC4210"/> to <xref target="sect-5"/>. The definition of altCertTemplate was incorporated into <xref target="sect-5.2.1"/> target="sect-5.2.1"/>, and the clarification on POPOSigningKey and on POPOPrivKey was incorporated into <xref target="sect-5.2.8"/>.</t>
</li>
<li>
<t>Added support for CMS EnvelopedData to different proof-of-possession methods for transferring encrypted private keys, certificates, and challenges to <xref target="sect-5.2.8"/>.</t>
</li>
<li>
<t>Added security considerations Sections <xref format="counter" target="sect-8.1"/>, <xref format="counter" target="sect-8.5"/>, <xref format="counter" target="sect-8.8"/>, and <xref format="counter" target="sect-8.11"/>.</t> target="sect-8.11"/> to the security considerations.</t>
</li>
</ul>
</section>
</section>
<section anchor="sect-2">
<name>Terminology and Abbreviations</name>
<t>The
<t>
The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/>
when, and only when, they appear in all capitals, as shown here.</t>
<?line -18?> here.
</t>
<t>This document relies on the terminology defined in <xref
target="RFC5280"/>. The most important abbreviations are listed
below:</t>
<ul empty="true">
<li>
<t>CA: Certification Authority</t>
</li>
</ul>
<ul empty="true">
<li>
<t>CMP: Certificate
<dl spacing="normal" newline="false">
<dt>CA:</dt><dd>Certification Authority</dd>
<dt>CMP:</dt><dd>Certificate Management Protocol</t>
</li>
</ul>
<ul empty="true">
<li>
<t>CMS: Cryptographic Protocol</dd>
<dt>CMS:</dt><dd>Cryptographic Message Syntax</t>
</li>
</ul>
<ul empty="true">
<li>
<t>CRL: Certificate Syntax</dd>
<dt>CRL:</dt><dd>Certificate Revocation List</t>
</li>
</ul>
<ul empty="true">
<li>
<t>CRMF: Certificate List</dd>
<dt>CRMF:</dt><dd>Certificate Request Message Format</t>
</li>
</ul>
<ul empty="true">
<li>
<t>EE: End Entity</t>
</li>
</ul>
<ul empty="true">
<li>
<t>KEM: Key Format</dd>
<dt>EE:</dt><dd>End Entity</dd>
<dt>KEM:</dt><dd>Key Encapsulation Mechanism</t>
</li>
</ul>
<ul empty="true">
<li>
<t>KGA: Key Mechanism</dd>
<dt>KGA:</dt><dd>Key Generation Authority</t>
</li>
</ul>
<ul empty="true">
<li>
<t>LRA: Local Authority</dd>
<dt>LRA:</dt><dd>Local Registration Authority</t>
</li>
</ul>
<ul empty="true">
<li>
<t>MAC: Message Authority</dd>
<dt>MAC:</dt><dd>Message Authentication Code</t>
</li>
</ul>
<ul empty="true">
<li>
<t>PKI: Public Code</dd>
<dt>PKI:</dt><dd>Public Key Infrastructure</t>
</li>
</ul>
<ul empty="true">
<li>
<t>POP: Proof Of Possession</t>
</li>
</ul>
<ul empty="true">
<li>
<t>RA: Registration Authority</t>
</li>
</ul>
<ul empty="true">
<li>
<t>TEE: Trusted Infrastructure</dd>
<dt>POP:</dt><dd>Proof-of-Possession</dd>
<dt>RA:</dt><dd>Registration Authority</dd>
<dt>TEE:</dt><dd>Trusted Execution Environment</t>
</li>
</ul> Environment</dd>
</dl>
</section>
<section anchor="sect-3">
<name>PKI Management Overview</name>
<t>The PKI must be structured to be consistent with the types of
individuals who must administer it. Providing such administrators
with unbounded choices not only complicates the software required, required
but also increases the chances that a subtle mistake by an
administrator or software developer will result in broader
compromise. Similarly, restricting administrators with cumbersome
mechanisms will cause them not to use the PKI.</t>
<t>Management protocols are <bcp14>REQUIRED</bcp14> to support on-line interactions
between Public Key Infrastructure (PKI) components. For example, a
management protocol might be used between a Certification Authority
(CA) and a client system with which a key pair is associated, associated or
between two CAs that issue cross-certificates for each other.</t>
<section anchor="sect-3.1">
<name>PKI Management Model</name>
<t>Before specifying particular message formats and procedures, we first
define the entities involved in PKI management and their interactions
(in terms of the PKI management functions required). We then group
these functions in order to accommodate different identifiable types
of end entities.</t>
<section anchor="sect-3.1.1">
<name>Definitions of PKI Entities</name>
<t>The entities involved in PKI management include the end entity (i.e.,
the entity to whom the certificate is issued) and the certification
authority (i.e., the entity that issues the certificate). A
registration authority might also be involved in PKI management.</t>
<section anchor="sect-3.1.1.1">
<name>Subjects and End Entities</name>
<t>The term "subject" is used here to refer to the entity to whom the
certificate is issued, typically named in the subject or
subjectAltName field of a certificate. When we wish to distinguish
the tools and/or software used by the subject (e.g., a local
certificate management module), we will use the term "subject equipment".
In general, the term "end entity" (EE), rather than
"subject", is preferred in order to avoid confusion with the field
name. It is important to note that the end entities here will
include not only human users of applications, applications but also applications
themselves (e.g., for IKE/IPsec) Internet Key Exchange Protocol (IKE) / IPsec) or devices (e.g., routers or industrial
control systems). This factor influences the
protocols that the PKI management operations use; for example,
application software is far more likely to know exactly which
certificate extensions are required than are human users. PKI
management entities are also end entities in the sense that they are
sometimes named in the subject or subjectAltName field of a
certificate or cross-certificate. Where appropriate, the term "end entity"
will be used to refer to end entities who are not PKI
management entities.</t>
<t>All end entities require secure local access to some information --
at a minimum, their own name and private key, the name of a CA that
is directly trusted by this entity, and that CA's public key (or a
fingerprint of the public key where a self-certified version is
available elsewhere). Implementations <bcp14>MAY</bcp14> use secure local storage
for more than this minimum (e.g., the end entity's own certificates or
application-specific information). The form of storage will also
vary -- from files to tamper-resistant cryptographic tokens. The
information stored in such local, trusted storage is referred to here
as the end entity's Trusted Execution Environment (TEE) (TEE), also known as
Personal Security Environment (PSE).</t>
<t>Though TEE formats are beyond the scope of this document (they are
very dependent on equipment, et cetera), a generic interchange format
for TEEs is defined here: a certification response message, see message (see <xref target="sect-5.3.4"/>, target="sect-5.3.4"/>) <bcp14>MAY</bcp14> be
used.</t>
</section>
<section anchor="sect-3.1.1.2">
<name>Certification Authority</name>
<t>The certification authority (CA) may or may not actually be a real
"third party" from the end entity's point of view. Quite often, the
CA will actually belong to the same organization as the end entities
it supports.</t>
<t>Again, we use the term "CA" to refer to the entity named in the
issuer field of a certificate. When it is necessary to distinguish
the software or hardware tools used by the CA, we use the term "CA equipment".</t>
<t>The CA equipment will often include both an "off-line" component and
an "on-line" component, with the CA private key only available to the
"off-line" component. This is, however, a matter for implementers
(though it is also relevant as a policy issue).</t>
<t>We use the term "root CA" to indicate a CA that is directly trusted
by an end entity; that is, securely acquiring the value of a root CA
public key requires some out-of-band step(s). This term is not meant
to imply that a root CA is necessarily at the top of any hierarchy,
simply that the CA in question is trusted directly. The "root CA"
may provide its trust anchor information with or without using a
certificate. In some circumstances circumstances, such a certificate may be
self-signed, but in other circumstances circumstances, it may be cross signed, cross-signed,
signed by a peer, signed by a superior CA, or unsigned.</t>
<t>Note that other documents like <xref target="X509.2019"/> and <xref target="RFC5280"/> use the
term "trusted CA" or "trust anchor" instead of "root CA". This
document continues using "root CA" based on the above definition
because it is also present in the ASN.1 syntax that cannot be changed
easily.</t>
<t>A "subordinate CA" is one that is not a root CA for the end entity in
question. Often, a subordinate CA will not be a root CA for any
entity, but this is not mandatory.</t>
</section>
<section anchor="sect-3.1.1.3">
<name>Registration Authority</name>
<t>In addition to end-entities end entities and CAs, many environments call for the
existence of a Registration Authority (RA) separate from the
Certification Authority. The functions that the registration
authority may carry out will vary from case to case but <bcp14>MAY</bcp14> include
identity checking, token distribution, checking certificate requests
and authentication of their origin, revocation reporting,
name assignment, archival of key pairs, et cetera.</t>
<t>This document views the RA as an <bcp14>OPTIONAL</bcp14> component: when When it is not
present, the CA is assumed to be able to carry out the RA's functions
so that the PKI management protocols are the same from the end-entity's
end entity's point of view.</t>
<t>Again, we distinguish, where necessary, between the RA and the tools
used (the "RA equipment").</t>
<t>Note that an RA is itself an end entity. We further assume that all
RAs are in fact certified end entities and that RAs have private keys
that are usable for signing. How a particular CA equipment
identifies some end entities as RAs is an implementation issue (i.e.,
this document specifies no special RA certification operation). We
do not mandate that the RA is certified by the CA with which it is
interacting at the moment (so one RA may work with more than one CA
whilst only being certified once).</t>
<t>In some circumstances, end entities will communicate directly with a
CA even where an RA is present. For example, for initial
registration and/or certification, the end entity may use its RA, RA but
communicate directly with the CA in order to refresh its certificate.</t>
</section>
<section anchor="sect-3.1.1.4">
<name>Key Generation Authority</name>
<t>A Key Generation Authority (KGA) is a PKI management entity generating key
pairs on behalf of an end entity. As the KGA generates the key pair pair, it
knows the public and the private part.</t>
<t>This document views the KGA as an <bcp14>OPTIONAL</bcp14> component. When it is not present
and central key generation is needed, the CA is assumed to be able to carry
out the KGA's functions so that the PKI management protocol messages are the
same from the end-entity's end entity's point of view. If certain tasks of a CA are
delegated to other components, this delegation needs authorization, which can
be indicated by extended key usages (see <xref target="sect-4.5"/>).</t>
<t>Note: When doing central generation of key pairs, implementers should consider
the implications of server-side retention on the overall security of the
system; in some case cases, retention is good, for example example, for escrow reasons, but
in other cases cases, the server should clear its copy after delivery to the end
entity.</t>
<t>Note: If the CA delegates key generation to a KGA, the KGA can be collocated
with the RA.</t>
</section>
</section>
<section anchor="sect-3.1.2">
<name>PKI Management Requirements</name>
<t>The protocols given here meet the following requirements on PKI
management</t>
<ol spacing="normal" type="1"><li>
<!-- [rfced] For clarity, we recommend adding citations for ISO/IEC 9594-8/ITU-T X.509". May we add a citation to the existing reference to [X509.2019]?
Original:
1. PKI management must conform to the ISO/IEC 9594-8/ITU-T X.509
standards.
-->
<t>PKI management must conform to the ISO/IEC 9594-8/ITU-T X.509
standards.</t>
</li>
<li>
<t>It must be possible to regularly update any key pair without
affecting any other key pair.</t>
</li>
<li>
<t>The use of confidentiality in PKI management protocols must be
kept to a minimum in order to ease acceptance in environments
where strong confidentiality might cause regulatory problems.</t>
</li>
<li>
<t>PKI management protocols must allow the use of different
industry-standard cryptographic algorithms, see algorithms (see CMP Algorithms <xref target="RFC9481"/>. target="RFC9481"/>).
This means that any given
CA, RA, or end entity may, in principle, use whichever
algorithms suit it for its own key pair(s).</t>
</li>
<li>
<t>PKI management protocols must not preclude the generation of key
pairs by the end entity concerned, by a KGA KGA, or by a CA. Key
generation may also occur elsewhere, but for the purposes of PKI
management
management, we can regard key generation as occurring wherever
the key is first present at an end entity, KGA, or CA.</t>
</li>
<li>
<t>PKI management protocols must support the publication of
certificates by the end entity concerned, by an RA, or by a CA.
Different implementations and different environments may choose
any of the above approaches.</t>
</li>
<li>
<t>PKI management protocols must support the production of
Certificate Revocation Lists (CRLs) by allowing certified end
entities to make requests for the revocation of certificates.
This must be done in such a way that the denial-of-service
attacks, which are possible, are not made simpler.</t>
</li>
<!--[rfced] It is unclear what "off-line file-based" refers to in the
sentence below. Does it refer to "transport mechanisms"?
Original:
PKI management protocols must be usable over a variety of
"transport" mechanisms, specifically including mail, Hypertext
Transfer Protocol (HTTP), Message Queuing Telemetry Transport
(MQTT), Constrained Application Protocol (CoAP), and off-line
file-based.
Perhaps:
PKI management protocols must be usable over a variety of
"transport" mechanisms, specifically including mail, Hypertext
Transfer Protocol (HTTP), Message Queuing Telemetry Transport
(MQTT), Constrained Application Protocol (CoAP), and off-line
file-based transport mechanisms.
-->
<li>
<t>PKI management protocols must be usable over a variety of
"transport" mechanisms, specifically including mail, Hypertext
Transfer Protocol (HTTP), Message Queuing Telemetry Transport (MQTT),
Constrained Application Protocol (CoAP), and off-line file-based.</t>
</li>
<li>
<t>Final authority for certification creation rests with the CA.
No RA or end entity equipment can assume that any certificate
issued by a CA will contain what was requested; a CA may alter
certificate field values or may add, delete, or alter extensions
according to its operating policy. In other words, all PKI
entities (end-entities, (end entities, RAs, KGAs, and CAs) must be capable of
handling responses to requests for certificates in which the
actual certificate issued is different from that requested (for
example, a CA may shorten the validity period requested). Note
that policy may dictate that the CA must not publish or
otherwise distribute the certificate until the requesting entity
has reviewed and accepted the newly-created newly created certificate or the
POP is completed. In case of publication of the certificate
(when using indirect POP, see <xref target="sect-8.11"/>) or a precertificate
in a Certificate Transparency log <xref target="RFC9162"/>, the certificate
must be revoked if it was not accepted by the EE or the POP could
not be completed.</t>
</li>
<li>
<t>A graceful, scheduled change-over changeover from one non-compromised CA
key pair to the next (CA key update) must be supported (note
that if the CA key is compromised, re-initialization must be
performed for all entities in the domain of that CA). An end
entity whose TEE contains the new CA public key (following a CA
key update) may also need to be able to verify certificates verifiable
using the old public key. End entities who directly trust the
old CA key pair may also need to be able to verify certificates signed
using the new CA private key (required for situations where the
old CA public key is "hardwired" into the end entity's
cryptographic equipment).</t>
</li>
<li>
<t>The functions of an RA may, in some implementations or
environments, be carried out by the CA itself. The protocols
must be designed so that end entities will use the same protocol
regardless of whether the communication is with an RA or CA.
Naturally, the end entity must use the correct RA or CA public
key to verify the protection of the communication.</t>
</li>
<li>
<t>Where an end entity requests a certificate containing a given
public key value, the end entity must be ready to demonstrate
possession of the corresponding private key value. This may be
accomplished in various ways, depending on the type of
certification request. See <xref target="sect-4.3"/> for details of the
in-band methods defined for the PKIX-CMP (i.e., Certificate
Management Protocol) messages.</t>
</li>
</ol>
</section>
<section anchor="sect-3.1.3">
<name>PKI Management Operations</name>
<t>The following diagram shows the relationship between the entities
defined above in terms of the PKI management operations. The letters
in the diagram indicate "protocols" in the sense that a defined set
of PKI management messages can be sent along each of the lettered
lines.</t>
<figure anchor="ure-pki-entities">
<name>PKI Entities</name>
<artset>
<artwork type="svg" align="left"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="592" width="520" viewBox="0 0 520 592" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 8,32 L 8,448" fill="none" stroke="black"/>
<path d="M 40,32 L 40,448" fill="none" stroke="black"/>
<path d="M 184,272 L 184,320" fill="none" stroke="black"/>
<path d="M 208,208 L 208,264" fill="none" stroke="black"/>
<path d="M 224,216 L 224,264" fill="none" stroke="black"/>
<path d="M 240,272 L 240,320" fill="none" stroke="black"/>
<path d="M 256,32 L 256,64" fill="none" stroke="black"/>
<path d="M 272,72 L 272,200" fill="none" stroke="black"/>
<path d="M 272,368 L 272,400" fill="none" stroke="black"/>
<path d="M 288,72 L 288,208" fill="none" stroke="black"/>
<path d="M 288,304 L 288,360" fill="none" stroke="black"/>
<path d="M 296,528 L 296,560" fill="none" stroke="black"/>
<path d="M 304,288 L 304,360" fill="none" stroke="black"/>
<path d="M 312,408 L 312,520" fill="none" stroke="black"/>
<path d="M 328,408 L 328,520" fill="none" stroke="black"/>
<path d="M 344,208 L 344,360" fill="none" stroke="black"/>
<path d="M 352,528 L 352,560" fill="none" stroke="black"/>
<path d="M 360,32 L 360,64" fill="none" stroke="black"/>
<path d="M 360,216 L 360,360" fill="none" stroke="black"/>
<path d="M 376,368 L 376,400" fill="none" stroke="black"/>
<path d="M 8,32 L 40,32" fill="none" stroke="black"/>
<path d="M 256,32 L 360,32" fill="none" stroke="black"/>
<path d="M 64,48 L 232,48" fill="none" stroke="black"/>
<path d="M 376,48 L 432,48" fill="none" stroke="black"/>
<path d="M 256,64 L 360,64" fill="none" stroke="black"/>
<path d="M 56,208 L 512,208" fill="none" stroke="black"/>
<path d="M 184,272 L 240,272" fill="none" stroke="black"/>
<path d="M 72,288 L 168,288" fill="none" stroke="black"/>
<path d="M 256,288 L 304,288" fill="none" stroke="black"/>
<path d="M 256,304 L 288,304" fill="none" stroke="black"/>
<path d="M 184,320 L 240,320" fill="none" stroke="black"/>
<path d="M 272,368 L 376,368" fill="none" stroke="black"/>
<path d="M 72,384 L 264,384" fill="none" stroke="black"/>
<path d="M 384,384 L 440,384" fill="none" stroke="black"/>
<path d="M 272,400 L 376,400" fill="none" stroke="black"/>
<path d="M 8,448 L 40,448" fill="none" stroke="black"/>
<path d="M 296,528 L 352,528" fill="none" stroke="black"/>
<path d="M 296,560 L 352,560" fill="none" stroke="black"/>
<polygon class="arrowhead" points="448,384 436,378.4 436,389.6" fill="black" transform="rotate(0,440,384)"/>
<polygon class="arrowhead" points="384,48 372,42.4 372,53.6" fill="black" transform="rotate(180,376,48)"/>
<polygon class="arrowhead" points="368,216 356,210.4 356,221.6" fill="black" transform="rotate(270,360,216)"/>
<polygon class="arrowhead" points="352,360 340,354.4 340,365.6" fill="black" transform="rotate(90,344,360)"/>
<polygon class="arrowhead" points="336,408 324,402.4 324,413.6" fill="black" transform="rotate(270,328,408)"/>
<polygon class="arrowhead" points="320,520 308,514.4 308,525.6" fill="black" transform="rotate(90,312,520)"/>
<polygon class="arrowhead" points="296,360 284,354.4 284,365.6" fill="black" transform="rotate(90,288,360)"/>
<polygon class="arrowhead" points="296,72 284,66.4 284,77.6" fill="black" transform="rotate(270,288,72)"/>
<polygon class="arrowhead" points="280,200 268,194.4 268,205.6" fill="black" transform="rotate(90,272,200)"/>
<polygon class="arrowhead" points="264,288 252,282.4 252,293.6" fill="black" transform="rotate(180,256,288)"/>
<polygon class="arrowhead" points="232,216 220,210.4 220,221.6" fill="black" transform="rotate(270,224,216)"/>
<polygon class="arrowhead" points="216,264 204,258.4 204,269.6" fill="black" transform="rotate(90,208,264)"/>
<polygon class="arrowhead" points="80,384 68,378.4 68,389.6" fill="black" transform="rotate(180,72,384)"/>
<polygon class="arrowhead" points="80,288 68,282.4 68,293.6" fill="black" transform="rotate(180,72,288)"/>
<polygon class="arrowhead" points="72,48 60,42.4 60,53.6" fill="black" transform="rotate(180,64,48)"/>
<g class="text">
<text x="104" y="36">cert.</text>
<text x="160" y="36">publish</text>
<text x="416" y="36">j</text>
<text x="280" y="52">End</text>
<text x="324" y="52">Entity</text>
<text x="24" y="68">C</text>
<text x="152" y="68">g</text>
<text x="464" y="68">"out-of-band"</text>
<text x="24" y="84">e</text>
<text x="448" y="84">loading</text>
<text x="24" y="100">r</text>
<text x="368" y="100">initial</text>
<text x="24" y="116">t</text>
<text x="256" y="116">a</text>
<text x="304" y="116">b</text>
<text x="400" y="116">registration/</text>
<text x="400" y="132">certification</text>
<text x="24" y="148">/</text>
<text x="352" y="148">key</text>
<text x="388" y="148">pair</text>
<text x="444" y="148">recovery</text>
<text x="352" y="164">key</text>
<text x="388" y="164">pair</text>
<text x="436" y="164">update</text>
<text x="24" y="180">C</text>
<text x="384" y="180">certificate</text>
<text x="460" y="180">update</text>
<text x="24" y="196">R</text>
<text x="72" y="196">PKI</text>
<text x="120" y="196">"USERS"</text>
<text x="380" y="196">revocation</text>
<text x="456" y="196">request</text>
<text x="24" y="212">L</text>
<text x="72" y="228">PKI</text>
<text x="132" y="228">MANAGEMENT</text>
<text x="108" y="244">ENTITIES</text>
<text x="192" y="244">a</text>
<text x="240" y="244">b</text>
<text x="328" y="244">a</text>
<text x="376" y="244">b</text>
<text x="24" y="260">R</text>
<text x="24" y="276">e</text>
<text x="152" y="276">g</text>
<text x="280" y="276">d</text>
<text x="24" y="292">p</text>
<text x="204" y="292">RA</text>
<text x="24" y="308">o</text>
<text x="112" y="308">cert.</text>
<text x="24" y="324">s</text>
<text x="128" y="324">publish</text>
<text x="272" y="324">c</text>
<text x="24" y="340">i</text>
<text x="24" y="356">t</text>
<text x="24" y="372">o</text>
<text x="128" y="372">g</text>
<text x="408" y="372">i</text>
<text x="24" y="388">r</text>
<text x="324" y="388">CA</text>
<text x="24" y="404">y</text>
<text x="128" y="404">h</text>
<text x="448" y="404">"out-of-band"</text>
<text x="112" y="420">cert.</text>
<text x="168" y="420">publish</text>
<text x="448" y="420">publication</text>
<text x="104" y="436">CRL</text>
<text x="152" y="436">publish</text>
<text x="440" y="452">cross-certification</text>
<text x="296" y="468">e</text>
<text x="344" y="468">f</text>
<text x="432" y="468">cross-certificate</text>
<text x="412" y="484">update</text>
<text x="324" y="548">CA-2</text>
</g>
</svg>
</artwork>
<artwork type="ascii-art" align="left"><![CDATA[
+---+ cert. publish +------------+ j
| | <--------------------- | End Entity | <-------
| C | g +------------+ "out-of-band"
| e | | ^ loading
| r | | | initial
| t | a | | b registration/
| | | | certification
| / | | | key pair recovery
| | | | key pair update
| C | | | certificate update
| R | PKI "USERS" V | revocation request
| L | -------------------+-+-----+-+------+-+-------------------
| | PKI MANAGEMENT | ^ | ^
| | ENTITIES a | | b a | | b
| R | V | | |
| e | g +------+ d | |
| p | <------------ | RA | <-----+ | |
| o | cert. | | ----+ | | |
| s | publish +------+ c | | | |
| i | | | | |
| t | V | V |
| o | g +------------+ i
| r | <------------------------| CA |------->
| y | h +------------+ "out-of-band"
| | cert. publish | ^ publication
| | CRL publish | |
+---+ | | cross-certification
e | | f cross-certificate
| | update
| |
V |
+------+
| CA-2 |
+------+
]]></artwork>
</artset>
</figure>
<t>At a high level, the set of operations for which management
messages are defined can be grouped as follows.</t>
<!--[rfced] For the nested lists in Section 3.1.3, we have updated the numbering
to letters and converted "Notes" to a hanging list to help with readability.
Please review and let us know of any objections.
Original:
1. CA establishment: When establishing a new CA, certain steps are
required (e.g., production of initial CRLs, export of CA public
key).
...
1. initial registration/certification: This is the process
whereby an end entity first makes itself known to a CA or RA,
prior to the CA issuing a certificate or certificates for
that end entity.
...
1. Note 1. The above definition of "cross-certificate"
aligns with the defined term "CA-certificate" in X.509.
Current:
1. CA establishment: When establishing a new CA, certain steps are
required (e.g., production of initial CRLs, export of CA public
key).
...
a. initial registration/certification: This is the process
whereby an end entity first makes itself known to a CA or RA,
prior to the CA issuing a certificate or certificates for
that end entity.
...
Note 1. The above definition of "cross-certificate"
aligns with the defined term "CA-certificate" in X.509.
-->
<ol spacing="normal" type="1"><li>
<t>CA type="1">
<li>CA establishment: When establishing a new CA, certain steps
are required (e.g., production of initial CRLs, CRLs and export of CA
public
key).</t>
</li>
<li>
<t>End key).</li>
<li>End entity initialization: This includes importing a root
CA public key and requesting information about the options
supported by a PKI management entity.</t>
</li>
<li>
<t>Certification: entity.</li>
<li><t>Certification: Various operations result in the creation
of new certificates: </t>
<ol spacing="normal" type="1"><li>
<t>initial type="a">
<li>initial registration/certification: This is the process
whereby an end entity first makes itself known to a CA or RA,
prior to the CA issuing a certificate or certificates for that
end entity. The end result of this process (when it is
successful) is that a CA issues a certificate for an end
entity's public key, key and returns that certificate to the end
entity and/or posts that certificate in a repository. This
process may, and typically will, involve multiple "steps",
possibly including an initialization of the end entity's
equipment. For example, the end entity's equipment must be
securely initialized with the public key of a CA, e.g., using
zero-touch methods like Bootstrapping Remote Secure Key
Infrastructure (BRSKI) <xref target="RFC8995"/> or Secure Zero
Touch Provisioning (SZTP) <xref target="RFC8572"/>, to be used
in validating certificate paths. Furthermore, an end entity
typically needs to be initialized with its own key
pair(s).</t>
</li>
<li>
<t>key
pair(s).</li>
<li>key pair update: Every key pair needs to be updated
regularly (i.e., replaced with a new key pair), and a new
certificate needs to be issued.</t>
</li>
<li>
<t>certificate issued.</li>
<li>certificate update: As certificates expire, they may be
"refreshed" if nothing relevant in the environment has
changed.</t>
</li>
<li>
<t>CA
changed.</li>
<li>CA key pair update: As with end entities, CA key pairs need
to be updated regularly; however, different mechanisms are
required.</t>
</li>
<li>
<t>cross-certification
required.</li>
<li><t>cross-certification request: One CA requests issuance of a
cross-certificate from another CA. For the purposes of this
standard, the following terms are defined. A
"cross-certificate" is a certificate in which the subject CA
and the issuer CA are distinct and SubjectPublicKeyInfo
contains a verification key (i.e., the certificate has been
issued for the subject CA's signing key pair). When it is
necessary to distinguish more finely, the following terms may
be used: a A cross-certificate is called an "inter-domain
cross-certificate" if the subject and issuer CAs belong to
different administrative domains; it is called an
"intra-domain cross-certificate" otherwise.</t>
</li>
</ol>
<ul empty="true">
<li>
<t>Note 1: The
<ol type="Note %d:">
<li>The above definition of "cross-certificate"
aligns with the defined term "CA-certificate" in X.509.
Note that this term is not to be confused with the X.500
"cACertificate" attribute type, which is unrelated.</t>
</li>
</ul>
<ul empty="true">
<li>
<t>Note 2: In unrelated.</li>
<li>In many environments, the term
"cross-certificate", unless further qualified, will be
understood to be synonymous with "inter-domain
cross-certificate" as defined
above.</t>
</li>
</ul>
<ul empty="true">
<li>
<t>Note 3: Issuance above.</li>
<li>Issuance of cross-certificates may be, but is
not necessarily, mutual; that is, two CAs may issue
cross-certificates for each other.</t> other.</li>
</ol>
</li>
</ul>
<ol spacing="normal" type="1"><li>
<t>[RFC-Editor: Please fix the enumeration and continue with '6'.] cross-certificate
<li>cross-certificate update: Similar to a normal certificate
update,
update but involving a cross-certificate.</t>
</li> cross-certificate.</li>
</ol>
</li>
<li>
<t>Certificate/CRL
<li><t>Certificate/CRL discovery operations: Some PKI management
operations result in the publication of certificates or CRLs: </t>
<ol spacing="normal" type="1"><li>
<t>certificate type="a">
<li>certificate publication: Having gone to the trouble of
producing a certificate, some means for publishing may be
needed. The "means" defined in PKIX <bcp14>MAY</bcp14>
involve the messages specified in Sections <xref
format="counter" target="sect-5.3.13"/> to <xref
format="counter" target="sect-5.3.16"/>, target="sect-5.3.16"/> or <bcp14>MAY</bcp14>
involve other methods (LDAP, for example) (for example, Lightweight Directory Access Protocol (LDAP)) as described in
<xref target="RFC4511"/> or <xref target="RFC2585"/> (the
"Operational Protocols" documents of the PKIX series of specifications).</t>
</li>
<li>
<t>CRL
specifications).</li>
<li>CRL publication: As for certificate publication.</t>
</li> publication.</li>
</ol>
</li>
<li>
<t>Recovery
<li><t>Recovery operations: Some PKI management operations are
used when an end entity has "lost" its TEE: </t> TEE:</t>
<ol spacing="normal" type="1"><li>
<t>key type="a">
<li>key pair recovery: As an option, user client key
materials (e.g., a user's private key used for decryption
purposes) <bcp14>MAY</bcp14> be backed up by a CA, an RA, or a
key backup system associated with a CA or RA. If an entity
needs to recover these backed up key materials (e.g., as a
result of a forgotten password or a lost key chain file), a
protocol exchange may be needed to support such recovery.</t>
</li> recovery.</li>
</ol>
</li>
<li>
<t>Revocation
<li><t>Revocation operations: Some PKI management operations
result in the creation of new CRL entries and/or new CRLs: </t> CRLs:</t>
<ol spacing="normal" type="1"><li>
<t>revocation type="a">
<li>revocation request: An authorized person advises a CA
of an abnormal situation requiring certificate revocation.</t>
</li> revocation.</li>
</ol>
</li>
<li>
<t>TEE
<li>TEE operations: Whilst the definition of TEE operations
(e.g., moving a TEE, changing a PIN, etc.) are beyond the scope of
this specification, we do define a PKIMessage (CertRepMessage)
that can form the basis of such operations.</t>
</li> operations.</li>
</ol>
<t>Note that on-line protocols are not the only way of implementing the
above operations. For all operations, there are off-line methods of
achieving the same result, and this specification does not mandate
use of on-line protocols. For example, when hardware tokens are
used, many of the operations <bcp14>MAY</bcp14> be achieved as part of the physical
token delivery.</t>
<t>Later sections define a set of standard messages supporting the above
operations. Transfer protocols for conveying these exchanges in
various environments (e.g., off-line: file-based, file-based; on-line: mail,
HTTP <xref target="I-D.ietf-lamps-rfc6712bis"/>, target="RFC9811"/>, MQTT, and CoAP <xref target="RFC9482"/>) are
beyond the scope of this document and must be specified separately.
Appropriate transfer protocols <bcp14>MUST</bcp14> be capable of delivering the CMP
messages reliably.</t>
<t>CMP provides inbuilt integrity protection and authentication. The information
communicated unencrypted in CMP messages does not contain sensitive
information endangering the security of the PKI when intercepted. However,
it might be possible for an eavesdropper to utilize the available information to
gather confidential technical or business critical business-critical information. Therefore, users
should consider protection of confidentiality on lower levels of the protocol
stack, e.g., by using TLS <xref target="RFC8446"/>, DTLS <xref target="RFC9147"/>, or IPsec <xref target="RFC7296"/><xref target="RFC4303"/>.</t>
</section>
</section>
</section>
<section anchor="sect-4">
<name>Assumptions and Restrictions</name>
<section anchor="sect-4.1">
<name>End Entity Initialization</name>
<t>The first step for an end entity in dealing with PKI management
entities is to request information about the PKI functions supported
and to securely acquire a copy of the relevant root CA public key(s).</t>
</section>
<section anchor="sect-4.2">
<name>Initial Registration/Certification</name>
<t>There are many schemes that can be used to achieve initial
registration and certification of end entities. No one method is
suitable for all situations due to the range of policies that a CA
may implement and the variation in the types of end entity which that can
occur.</t>
<t>However, we can classify the initial registration/certification
schemes that are supported by this specification. Note that the word
"initial", above, is crucial: we We are dealing with the situation where
the end entity in question has had no previous contact with the PKI,
except having received the root CA certificate of that PKI by some
zero-touch method like BRSKI <xref target="RFC8995"/> and
<xref target="I-D.ietf-anima-brski-ae"/> target="RFC9733"/> or SZTP <xref target="RFC8572"/>. In case the end
entity already possesses certified keys, then some
simplifications/alternatives are possible.</t>
<t>Having classified the schemes that are supported by this
specification
specification, we can then specify some as mandatory and some as
optional. The goal is that the mandatory schemes cover a sufficient
number of the cases that will arise in real use, whilst the optional
schemes are available for special cases that arise less frequently.
In this way, we achieve a balance between flexibility and ease of
implementation.</t>
<t>Further classification of mandatory and optional schemes addressing
different environments is available, e.g., in Appendices <xref target="sect-c"/> target="sect-c" format="counter"/> and
<xref target="sect-d"/> target="sect-d" format="counter"/> of this specification on managing human user certificates
as well as in the Lightweight CMP Profile <xref target="RFC9483"/> on fully
automating certificate management in a machine-to-machine and IoT Internet of Things (IoT)
environment.
<!--[rfced] May we update the phrasing of "Rail Automation adopted CMP"
to improve readability?
Original:
Also industry standards like [ETSI-3GPP.33.310] for
mobile networks and [UNISIG.Subset-137] for Rail Automation adopted
CMP and have specified a set of mandatory schemes for their use case.
Perhaps:
Also industry standards, like [ETSI-3GPP.33.310] for
mobile networks and [UNISIG.Subset-137] for CMP that has adopted rail
automation, have specified a set of mandatory schemes for their use cases.
-->
Also, industry standards like <xref target="ETSI-3GPP.33.310"/> for
mobile networks and <xref target="UNISIG.Subset-137"/> for Rail Automation adopted
CMP and have specified a set of mandatory schemes for their use case.</t>
<t>We will now describe the classification of initial
registration/certification schemes.</t>
<section anchor="sect-4.2.1">
<name>Criteria Used</name>
<section anchor="sect-4.2.1.1">
<name>Initiation of Registration/Certification</name>
<t>In terms of the PKI messages that are produced, we can regard the
initiation of the initial registration/certification exchanges as
occurring wherever the first PKI message relating to the end entity
is produced. Note that the real-world initiation of the
registration/certification procedure may occur elsewhere (e.g., a
personnel department may telephone an RA operator or using use zero touch
methods like BRSKI <xref target="RFC8995"/> or SZTP <xref target="RFC8572"/>).</t>
<t>The possible locations are at the end entity, an RA, or a CA.</t>
</section>
<section anchor="sect-4.2.1.2">
<name>End Entity Message Origin Authentication</name>
<t>The on-line messages produced by the end entity that requires a
certificate may be authenticated or not. The requirement here is to
authenticate the origin of any messages from the end entity to the
PKI (CA/RA).</t>
<t>In this specification, such authentication is achieved by two different means:</t>
<ul spacing="normal">
<li>
<t>symmetric: The PKI (CA/RA) issuing the end entity with a secret value (initial
authentication key) and reference value (used to identify the secret value)
via some out-of-band means. The initial authentication key can then be used
to protect relevant PKI messages.</t>
</li>
<li>
<t>asymmetric: Using a private key and certificate issued by another PKI trusted
for initial authentication, e.g., an IDevID Initial Device Identifier (IDevID) <xref target="IEEE.802.1AR-2018">IEEE 802.1AR</xref>. target="IEEE.802.1AR-2018">IEEE 802.1AR</xref>.
The trust establishment in this external PKI is out of scope of this document.</t>
</li>
</ul>
<t>Thus, we can classify the initial registration/certification scheme
according to whether or not the on-line 'end entity -> PKI management
entity' messages are authenticated or not.</t>
<t>Note 1: We
<ol type="Note %d:">
<li>We do not discuss the authentication of the 'PKI management
entity -> end entity' messages here, as this is always <bcp14>REQUIRED</bcp14>. In any case, it can be
achieved simply once the root-CA public key has been installed at the
end entity's equipment or it can be based on the initial
authentication key.</t>
<t>Note 2: An key.</li>
<li>An initial registration/certification procedure can be secure
where the messages from the end entity are authenticated via some
out-of-band means (e.g., a subsequent visit).</t> visit).</li>
</ol>
</section>
<section anchor="sect-4.2.1.3">
<name>Location of Key Generation</name>
<t>In this specification, "key generation" is regarded as occurring
wherever either the public or private component of a key pair first
occurs in a PKIMessage. Note that this does not preclude a
centralized key generation service by a KGA; the actual key pair <bcp14>MAY</bcp14> have
been
generated elsewhere and transported to the end entity, RA, or CA
using a (proprietary or standardized) key generation request/response
protocol (outside the scope of this specification).</t>
<t>Thus, there are three possibilities for the location of "key generation":
the end entity, a KGA, or a CA.</t>
</section>
<section anchor="sect-4.2.1.4">
<name>Confirmation of Successful Certification</name>
<t>Following the creation of a certificate for an end entity,
additional assurance can be gained by having the end entity
explicitly confirm successful receipt of the message containing (or
indicating the creation of) the certificate. Naturally, this
confirmation message must be protected (based on the initial
symmetric or asymmetric authentication key or other means).</t>
<t>This gives two further possibilities: confirmed or not.</t>
</section>
</section>
<section anchor="sect-4.2.2">
<name>Initial Registration/Certification Schemes</name>
<t>The criteria above allow for a large number of initial
registration/certification schemes. Examples of possible initial
registration/certification schemes can be found in the following
subsections. An entity may support other schemes specified in
profiles of PKIX-CMP, such as Appendices <xref target="sect-c"/> target="sect-c" format="counter"/> and <xref target="sect-d"/> target="sect-d" format="counter"/> or <xref target="RFC9483"/>.</t>
<section anchor="sect-4.2.2.1">
<name>Centralized Scheme</name>
<t>In terms of the classification above, this scheme is, in some ways,
the simplest possible, where:</t>
<ul spacing="normal">
<li>
<t>initiation occurs at the certifying CA;</t>
</li>
<li>
<t>no on-line message authentication is required;</t>
</li>
<li>
<t>"key generation" occurs at the certifying CA (see <xref target="sect-4.2.1.3"/>);</t> target="sect-4.2.1.3"/>); and</t>
</li>
<li>
<t>no confirmation message is required.</t>
</li>
</ul>
<t>In terms of message flow, this scheme means that the only message
required is sent from the CA to the end entity. The message must
contain the entire TEE for the end entity. Some out-of-band means
must be provided to allow the end entity to authenticate the message
received and to decrypt any encrypted values.</t>
</section>
<section anchor="sect-4.2.2.2">
<name>Basic Authenticated Scheme</name>
<t>In terms of the classification above, this scheme is where:</t>
<ul spacing="normal">
<li>
<t>initiation occurs at the end entity;</t>
</li>
<li>
<t>message authentication is required;</t>
</li>
<li>
<t>"key generation" occurs at the end entity (see <xref target="sect-4.2.1.3"/>);</t> target="sect-4.2.1.3"/>); and</t>
</li>
<li>
<t>a confirmation message is recommended.</t>
</li>
</ul>
<t>Note: An Initial Authentication Key (IAK) can be either a symmetric key or
an asymmetric private key with a certificate issued by another PKI trusted
for this purpose. The establishment of such trust is out of scope of this
document.</t>
<!--[rfced] We have removed the following from the figure in Section 4.2.2.2 because it is repetitive with the text introducing the figure. However, please review, as it seems like some of the blank space can also be removed from the SVG.
Original:
In terms of message flow, the basic authenticated scheme is as
follows:
-->
<t>In terms of message flow, the basic authenticated scheme is as
follows:</t>
<artset>
<artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="384" width="552" viewBox="0 0 552 384" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 24,94 L 96,94" fill="none" stroke="black"/>
<path d="M 24,98 L 96,98" fill="none" stroke="black"/>
<path d="M 408,94 L 504,94" fill="none" stroke="black"/>
<path d="M 408,98 L 504,98" fill="none" stroke="black"/>
<path d="M 136,192 L 176,192" fill="none" stroke="black"/>
<path d="M 368,192 L 408,192" fill="none" stroke="black"/>
<path d="M 136,256 L 176,256" fill="none" stroke="black"/>
<path d="M 376,256 L 416,256" fill="none" stroke="black"/>
<path d="M 136,304 L 176,304" fill="none" stroke="black"/>
<path d="M 376,304 L 416,304" fill="none" stroke="black"/>
<path d="M 136,352 L 176,352" fill="none" stroke="black"/>
<path d="M 376,352 L 416,352" fill="none" stroke="black"/>
<polygon class="arrowhead" points="424,304 412,298.4 412,309.6" fill="black" transform="rotate(0,416,304)"/>
<polygon class="arrowhead" points="416,192 404,186.4 404,197.6" fill="black" transform="rotate(0,408,192)"/>
<polygon class="arrowhead" points="384,352 372,346.4 372,357.6" fill="black" transform="rotate(180,376,352)"/>
<polygon class="arrowhead" points="384,256 372,250.4 372,261.6" fill="black" transform="rotate(180,376,256)"/>
<polygon class="arrowhead" points="184,304 172,298.4 172,309.6" fill="black" transform="rotate(0,176,304)"/>
<polygon class="arrowhead" points="184,192 172,186.4 172,197.6" fill="black" transform="rotate(0,176,192)"/>
<polygon class="arrowhead" points="144,352 132,346.4 132,357.6" fill="black" transform="rotate(180,136,352)"/>
<polygon class="arrowhead" points="144,256 132,250.4 132,261.6" fill="black" transform="rotate(180,136,256)"/>
<g class="text">
<text x="12" y="36">In</text>
<text x="48" y="36">terms</text>
<text x="84" y="36">of</text>
<text x="128" y="36">message</text>
<text x="184" y="36">flow,</text>
<text x="224" y="36">the</text>
<text x="264" y="36">basic</text>
<text x="344" y="36">authenticated</text>
<text x="428" y="36">scheme</text>
<text x="468" y="36">is</text>
<text x="492" y="36">as</text>
<text x="36" y="52">follows:</text>
<text x="32" y="84">End</text>
<text x="76" y="84">entity</text>
<text x="456" y="84">RA/CA</text>
<text x="104" y="116">out-of-band</text>
<text x="204" y="116">distribution</text>
<text x="268" y="116">of</text>
<text x="312" y="116">Initial</text>
<text x="404" y="116">Authentication</text>
<text x="72" y="132">Key</text>
<text x="112" y="132">(IAK)</text>
<text x="152" y="132">and</text>
<text x="208" y="132">reference</text>
<text x="272" y="132">value</text>
<text x="324" y="132">(RA/CA</text>
<text x="364" y="132">-></text>
<text x="392" y="132">EE)</text>
<text x="32" y="148">Key</text>
<text x="92" y="148">generation</text>
<text x="52" y="164">Creation</text>
<text x="100" y="164">of</text>
<text x="168" y="164">certification</text>
<text x="256" y="164">request</text>
<text x="48" y="180">Protect</text>
<text x="112" y="180">request</text>
<text x="164" y="180">with</text>
<text x="200" y="180">IAK</text>
<text x="240" y="196">certification</text>
<text x="328" y="196">request</text>
<text x="420" y="212">verify</text>
<text x="480" y="212">request</text>
<text x="424" y="228">process</text>
<text x="488" y="228">request</text>
<text x="420" y="244">create</text>
<text x="484" y="244">response</text>
<text x="240" y="260">certification</text>
<text x="332" y="260">response</text>
<text x="44" y="276">handle</text>
<text x="108" y="276">response</text>
<text x="44" y="292">create</text>
<text x="124" y="292">confirmation</text>
<text x="204" y="308">cert</text>
<text x="244" y="308">conf</text>
<text x="296" y="308">message</text>
<text x="420" y="324">verify</text>
<text x="500" y="324">confirmation</text>
<text x="420" y="340">create</text>
<text x="484" y="340">response</text>
<text x="204" y="356">conf</text>
<text x="240" y="356">ack</text>
<text x="300" y="356">(optional)</text>
<text x="44" y="372">handle</text>
<text x="108" y="372">response</text>
</g>
</svg>
</artwork>
<artwork type="ascii-art"><![CDATA[
In terms of message flow, the basic authenticated scheme is as
follows:
End entity RA/CA
========== =============
out-of-band distribution of Initial Authentication
Key (IAK) and reference value (RA/CA -> EE)
Key generation
Creation of certification request
Protect request with IAK
-----> certification request ----->
verify request
process request
create response
<----- certification response <-----
handle response
create confirmation
-----> cert conf message ----->
verify confirmation
create response
<----- conf ack (optional) <-----
handle response
]]></artwork>
</artset>
<t>Note: Where verification of the cert confirmation message fails, the RA/CA
<bcp14>MUST</bcp14> revoke the newly issued certificate if it has been published or
otherwise made available.</t>
</section>
</section>
</section>
<section anchor="sect-4.3">
<name>Proof-of-Possession (POP) of Private Key</name>
<t>Proof-of-possession (POP) is where a PKI management entity (CA/RA)
verifies if an end entity has access to the private key
corresponding to a given public key. The question of whether, and in
what circumstances, POPs add value to a PKI is a debate as old as PKI
itself! See <xref target="sect-8.1"/> for a further discussion on the necessity
of proof-of-possession in PKI.</t>
<t>The PKI management operations specified here make it possible
for an end entity to prove to a CA/RA that it has possession of (i.e., is able
to use) the private key corresponding to the public key for which a
certificate is requested (see <xref target="sect-5.2.8"/> for different POP methods). A given CA/RA is free to choose how to
enforce POP (e.g., out-of-band procedural means versus PKIX-CMP
in-band messages) in its certification exchanges (i.e., this may be a
policy issue). However, it is <bcp14>REQUIRED</bcp14> that CAs/RAs <bcp14>MUST</bcp14> enforce POP
by some means because there are currently many non-PKIX operational
protocols in use (various electronic mail protocols are one example)
that do not explicitly check the binding between the end entity and
the private key. Until operational protocols that do verify the
binding (for signature, encryption, key agreement, and KEM key pairs)
exist, and are ubiquitous, this binding can only be assumed to have
been verified by the CA/RA. Therefore, if the binding is not
verified by the CA/RA, certificates in the Internet Public-Key Public Key
Infrastructure end up being somewhat less meaningful.</t>
<t>POP is accomplished in different ways depending upon the type of key
for which a certificate is requested. If a key can be used for
multiple purposes (e.g., an RSA key) key), then any appropriate method <bcp14>MAY</bcp14>
be used (e.g., a key that may be used for signing, as well as other
purposes, <bcp14>MUST NOT</bcp14> be sent to the CA/RA in order to prove
possession unless archival of the private key is explicitly desired).</t>
<t>This specification explicitly allows for cases where an end entity
supplies the relevant proof to an RA and the RA subsequently attests
to the CA that the required proof has been received (and validated!).
For example, an end entity wishing to have a signing key certified
could send the appropriate signature to the RA, which then simply
notifies the relevant CA that the end entity has supplied the
required proof. Of course, such a situation may be disallowed by
some policies (e.g., CAs may be the only entities permitted to verify
POP during certification).</t>
<section anchor="sect-4.3.1">
<name>Signature Keys</name>
<t>For signature keys, the end entity can sign a value to prove
possession of the private key, key; see <xref target="sect-5.2.8.2"/>.</t>
</section>
<section anchor="sect-4.3.2">
<name>Encryption Keys</name>
<t>For encryption keys, the end entity can provide the private key to
the CA/RA (e.g., for archiving), see <xref target="sect-5.2.8.3.1"/>, or can be required to decrypt a value in order to prove
possession of the private key. Decrypting a
value can be achieved either directly (see <xref target="sect-5.2.8.3.3"/>) or indirectly (see <xref target="sect-5.2.8.3.2"/>).</t>
<t>The direct method is for the RA/CA to issue a random challenge to
which an immediate response by the EE is required.</t>
<t>The indirect method is to issue a certificate that is encrypted for
the end entity (and have the end entity demonstrate its ability to
decrypt this certificate in the confirmation message). This allows a
CA to issue a certificate in a form that can only be used by the
intended end entity.</t>
<t>This specification encourages use of the indirect method because it
requires no extra messages to be sent (i.e., the proof can be
demonstrated using the {request, response, confirmation} triple of
messages).</t>
</section>
<section anchor="sect-4.3.3">
<name>Key Agreement Keys</name>
<t>For key agreement keys, the end entity and the PKI management entity
(i.e., CA or RA) must establish a shared secret key in order to prove
that the end entity has possession of the private key.</t>
<t>Note that this need not impose any restrictions on the keys that can
be certified by a given CA. In particular, for Diffie-Hellman keys keys,
the end entity may freely choose its algorithm parameters provided
that the CA can generate a short-term (or one-time) key pair with the
appropriate parameters when necessary.</t>
</section>
<section anchor="sect-4.3.4">
<name>Key Encapsulation Mechanism Keys</name>
<t>For key encapsulation mechanism (KEM) keys, the end entity can provide the private key to
the CA/RA (e.g., for archiving), see <xref target="sect-5.2.8.3.1"/>, or can be required to decrypt
a value in order to prove possession of the private key.
Decrypting a value can be achieved either directly (see <xref target="sect-5.2.8.3.3"/>) or indirectly (see <xref target="sect-5.2.8.3.2"/>).</t>
<t>Note: A definition of key encapsulation mechanisms can be found in <xref section="1" sectionFormat="comma" sectionFormat="of" target="RFC9629"/>.</t>
<t>The direct method is for the RA/CA to issue a random challenge to which an
immediate response by the EE is required.</t>
<t>The indirect method is to issue a certificate that is encrypted for the end entity using a shared secret key derived from a key encapsulated using the public key (and have the end entity demonstrate its ability to use its private key for decapsulation of the KEM ciphertext, derive the shared secret key, decrypt this certificate, and provide a hash of the certificate in the confirmation message). This allows a CA to issue a certificate in a form that can only be used by the intended end entity.</t>
<t>This specification encourages use of the indirect method because it requires
no extra messages to be sent (i.e., the proof can be demonstrated using the
{request, response, confirmation} triple of messages).</t>
<t>A certification request message for a KEM certificate <bcp14>SHALL</bcp14> use POPOPrivKey by using the keyEncipherment choice of ProofOfPossession, see ProofOfPossession (see <xref target="sect-5.2.8"/>, target="sect-5.2.8"/>) in the popo field of CertReqMsg as long as no KEM-specific choice is available.</t>
</section>
</section>
<section anchor="sect-4.4">
<name>Root CA Key Update</name>
<t>This discussion only applies to CAs that are directly trusted by some
end entities. Recognizing whether a self-signed or non-self-signed
CA is supposed to be directly trusted for some end entities is a
matter of CA policy and end entity configuration. This Thus, this is thus beyond
the scope of this document.</t>
<t>The basis of the procedure described here is that the CA protects its
new public key using its previous private key and vice versa. Thus,
when a CA updates its key pair pair, it may generate two link certificates certificates:
"old with new" and "new with old".</t>
<t>Note: The usage of link certificates has been shown to be very use
case
specific for each use case, and no assumptions are done on this aspect.
RootCaKeyUpdateContent is updated to specify these link certificates
as optional.</t>
<t>Note: When an LDAP directory is used to publish root CA updates, the
old and new root CA certificates together with the two link
certificates are stored as cACertificate attribute values.</t>
<t>When a CA changes its key pair, those entities who have acquired the
old CA public key via "out-of-band" means are most affected. These
end entities need to acquire the new CA public key in a trusted way.
This may be achieved "out-of-band", "out-of-band" by using a repository, repository or by
using online messages also containing the link certificates
"new with old". Once the end entity acquired and properly verified
the new CA public key, it must load the new trust anchor information
into its trusted store.</t>
<t>The data structure used to protect the new and old CA public keys is
typically a standard X.509 v3 certificate (which may also
contain extensions). There are no new data structures required.</t>
<t>Note: Sometimes self-signed root CA certificates do not make use of
X.509 v3 extensions and may be X.509 v1 certificates. Therefore, a
root CA key update must be able to work for version 1 certificates.
The use of the X.509 v3 KeyIdentifier extension is recommended for
easier path building.</t>
<t>Note: While the scheme could be generalized to cover cases where
the CA updates its key pair more than once during the validity period
of one of its end entities' certificates, this generalization seems
of dubious value. Not having this generalization simply means that
the validity periods of certificates issued with the old CA key pair
cannot exceed the end of the "old with new" certificate validity
period.</t>
<t>Note: This scheme offers a mechanism to ensures that end entities
will acquire the new CA public key, at the latest by the expiry of
the last certificate they owned that was signed with the old CA
private key. Certificate and/or key update operations occurring at
other times do not necessarily require this (depending on the end
entity's equipment).</t>
<t>Note: In practice, a new root CA may have a slightly different subject
DN,
Distinguished Name (DN), e.g., indicating a generation identifier like the year of issuance or
a version number, for instance instance, in an OU Organizational Unit (OU) element. How to bridge trust to
the new root CA certificate in a CA DN change or a cross-certificate scenario
is out of scope for this document.</t>
<section anchor="sect-4.4.1">
<name>CA Operator Actions</name>
<t>To change the key of the CA, the CA operator does the following:</t>
<ol spacing="normal" type="1"><li>
<t>Generate a new key pair.</t>
</li>
<li>
<t>Create a certificate containing the new CA public key signed with
the new private key or by the private key of some other CA (the
"new with new" certificate).</t>
</li>
<li>
<t>Optionally: Create a link certificate containing the new CA public
key signed with the old private key (the "new with old"
certificate).</t>
</li>
<li>
<t>Optionally: Create a link certificate containing the old CA public
key signed with the new private key (the "old with new"
certificate).</t>
</li>
<li>
<t>Publish these new certificates so that end entities may acquire
it, e.g., using a repository or RootCaKeyUpdateContent.</t>
</li>
</ol>
<t>The old CA private key is then no longer required when the validity
of the "old with old" certificate ended. However, the old
CA public key will remain in use for validating the "new with old"
link certificate until the new CA public key is loaded into the
trusted store. The old CA public key is no longer required (other
than for non-repudiation) when all end entities of this CA have
securely acquired and stored the new CA public key.</t>
<t>The "new with new" certificate must have a validity period with a notBefore
time that is before the notAfter time of the "old with old" certificate and
a notAfter time that is after the notBefore time of the next update of this
certificate.</t>
<t>The "new with old" certificate must have a validity period with the same
notBefore time as the "new with new" certificate and a notAfter time by which
all end entities of this CA will securely possess the new CA public key (at
the latest, at the notAfter time of the "old with old" certificate).</t>
<t>The "old with new" certificate must have a validity period with the same
notBefore and notAfter time as the "old with old" certificate.</t>
<t>Note: Further operational considerations on transition from one root CA
self-signed certificate to the next is available in <xref target="RFC8649">RFC 8649 Section 5</xref>.</t> section="5" target="RFC8649"/>.</t>
</section>
<section anchor="sect-4.4.2">
<name>Verifying Certificates</name>
<t>Normally when verifying a signature, the verifier verifies (among
other things) the certificate containing the public key of the
signer. However, once a CA is allowed to update its key key, there are a
range of new possibilities. These are shown in the table below.</t>
<table>
<thead>
<tr>
<th align="left"> </th> align="left"/>
<th align="left">Verifier's TEE contains NEW public key</th>
<th align="left">Verifier's TEE contains OLD public key</th>
</tr>
</thead>
<tbody>
<tr>
<td
<th align="left">Signer's certificate is protected using NEW key pair</td> pair</th>
<td align="left">Case 1: The verifier can directly verify the certificate.</td>
<td align="left">Case 2: The verifier is missing the NEW public key.</td>
</tr>
<tr>
<td
<th align="left">Signer's certificate is protected using OLD key pair</td> pair</th>
<td align="left">Case 3: The verifier is missing the OLD public key.</td>
<td align="left">Case 4: The verifier can directly verify the certificate.</td>
</tr>
</tbody>
</table>
<section anchor="sect-4.4.2.1">
<name>Verification in Cases 1 and 4</name>
<t>In these cases, the verifier has a local copy of the CA public key
that can be used to verify the certificate directly. This is the
same as the situation where no key change has occurred.</t>
</section>
<section anchor="sect-4.4.2.2">
<name>Verification in Case 2</name>
<t>In case 2, the verifier must get access to the new public key of the
CA. Case 2 will arise when the CA operator has issued the verifier's
certificate, then changed the CA's key, and then issued the signer's
certificate; so it is quite a typical case.</t>
<t>The verifier does the following:</t>
<ol spacing="normal" type="1"><li>
<t>Get the "new with new" and "new with old" certificates. The
location of where to retrieve theses these certificates from, may be available in
the authority information access extension of the "old with old"
certificate, see caIssuers
certificate (see the access method for caIssuers in Section 4.2.2.1 of <xref target="RFC5280"/>, section="4.2.2.1" target="RFC5280"/>), or it may be locally configured. </t>
<ol spacing="normal" type="1"><li> type="a"><li>
<t>If a repository is available, look up the certificates in the
caCertificate attribute.</t>
</li>
<li>
<t>If a an HTTP or FTP server is available, pick the certificates
from the "certs-only" CMS message.</t>
</li>
<li>
<t>If a CMP server is available, request the certificates using
the root CA update the general message, see message (see <xref target="sect-5.3.19.15"/>.</t> target="sect-5.3.19.15"/>).</t>
</li>
<li>
<t>Otherwise, get the certificates "out-of-band" using any
trustworthy mechanism.</t>
</li>
</ol>
</li>
<li>
<t>If received the certificates, certificates are received, check that the validity periods
and the subject and issuer fields match. Verify the signatures
using the old root CA key (which the verifier has locally).</t>
</li>
<li>
<t>If all checks were are successful, securely store the new trust anchor
information and validate the signer's certificate.</t>
</li>
</ol>
</section>
<section anchor="sect-4.4.2.3">
<name>Verification in Case 3</name>
<t>In case 3, the verifier must get access to the old public key of the
CA. Case 3 will arise when the CA operator has issued the signer's
certificate, then changed the key, and then issued the verifier's
certificate.</t>
<t>The verifier does the following:</t>
<ol spacing="normal" type="1"><li>
<t>Get the "old with new" certificate. The location of where to retrieve
theses
these certificates from, may be available in the authority
information access extension of the "new with new" certificate, see certificate (see
caIssuers access method in Section 4.2.2.1 of <xref target="RFC5280"/>, section="4.2.2.1" target="RFC5280"/>), or it
may be locally configured. </t>
<ol spacing="normal" type="1"><li> type="a"><li>
<t>If a repository is available, look up the certificate in the
caCertificate attribute.</t>
</li>
<li>
<t>If a an HTTP or FTP server is available, pick the certificate
from the "certs-only" CMS message.</t>
</li>
<li>
<t>If a CMP server and an untrusted copy of the old root CA
certificate is are available (e.g., the signer provided it in-band
in the CMP extraCerts filed), request the certificate using the
root CA update the general message, see message (see <xref target="sect-5.3.19.15"/>.</t> target="sect-5.3.19.15"/>).</t>
</li>
<li>
<t>Otherwise, get the certificate "out-of-band" using any
trustworthy mechanism.</t>
</li>
</ol>
</li>
<li>
<t>If received the certificate, certificate is received, check that the validity periods
and the subject and issuer fields match. Verify the signatures
using the new root CA key (which the verifier has locally).</t>
</li>
<li>
<t>If all checks were successful, securely store the old trust anchor
information and validate the signer's certificate.</t>
</li>
</ol>
</section>
</section>
<section anchor="sect-4.4.3">
<name>Revocation - Change of the CA Key</name>
<t>As we saw above, the verification of a certificate becomes more
complex once the CA is allowed to change its key. This is also true
for revocation checks checks, as the CA may have signed the CRL using a newer
private key than the one within the user's TEE.</t>
<t>The analysis of the alternatives is the same as for certificate
verification.</t>
</section>
</section>
<section anchor="sect-4.5">
<name>Extended Key Usage for PKI Entities</name>
<t>The extended key usage (EKU) extension indicates the purposes for which the
certified key pair may be used. Therefore, it restricts the use of a certificate
to specific applications.</t>
<t>A CA may want to delegate parts of its duties to other PKI management entities.
This section provides a mechanism to both prove this delegation and enable
automated means for checking the authorization of this delegation. Such delegation
may also be expressed by other means, e.g., explicit configuration.</t>
<t>To offer automatic validation for the delegation of a role by a CA to another
entity, the certificates used for CMP message protection or signed data for
central key generation <bcp14>MUST</bcp14> be issued by the delegating CA and <bcp14>MUST</bcp14> contain
the respective EKUs. This proves that the delegating CA authorized this entity to act in the given role, as described below.</t>
<t>The OIDs to be used for these EKUs are:</t>
<sourcecode type="asn.1"><![CDATA[
id-kp-cmcCA OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) kp(3) 27 }
id-kp-cmcRA OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) kp(3) 28 }
id-kp-cmKGA OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) kp(3) 32 }
]]></sourcecode>
<t>Note: Section 2.10 of <xref section="2.10" target="RFC6402"/> specifies OIDs for a
Certificate Management over CMS (CMC) CA and a CMC RA.
<!--[rfced] As "CMP" is expanded as "Certificate Management Protocol", may we
update this text to avoid repetition?
Original:
As the functionality of a
CA and RA is not specific to any certificate management protocol
(such as CMC or CMP), these EKUs are reused by CMP.
Perhaps:
As the functionality of a
CA and RA is not specific to any CMP (such as CMC), these EKUs are reused by CMP.
-->
As the functionality of a CA and
RA is not specific to any certificate management protocol (such as CMC or CMP),
these EKUs are reused by CMP.</t>
<t>The meaning of the id-kp-cmKGA EKU is as follows:</t>
<dl indent="9"> spacing="normal" newline="false">
<dt>CMP KGA:</dt>
<dd>
<t>CMP key generation authorities are CAs or are identified by the id-kp-cmKGA
extended key usage. The CMP KGA knows the private key it generated on behalf
of the end entity. This is a very sensitive service and needs specific authorization,
which by default is with the CA certificate itself. The CA may delegate
its authorization by placing the id-kp-cmKGA extended key usage in the certificate
used to authenticate the origin of the generated private key. The authorization
may also be determined through local configuration of the end entity.</t>
</dd>
</dl>
</section>
</section>
<section anchor="sect-5">
<name>Data Structures</name>
<t>This section contains descriptions of the data structures required
for PKI management messages. <xref target="sect-6"/> describes constraints on
their values and the sequence of events for each of the various PKI
management operations.</t>
<section anchor="sect-5.1">
<name>Overall PKI Message</name>
<t>All of the messages used in this specification for the purposes of PKI management
use the following structure:</t>
<sourcecode type="asn.1"><![CDATA[
PKIMessage ::= SEQUENCE {
header PKIHeader,
body PKIBody,
protection [0] PKIProtection OPTIONAL,
extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
OPTIONAL
}
PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage
]]></sourcecode>
<t>The PKIHeader contains information that is common to many PKI
messages.</t>
<t>The PKIBody contains message-specific information.</t>
<t>The PKIProtection, when used, contains bits that protect the PKI
message.</t>
<t>The extraCerts field can contain certificates that may be useful to
the recipient. For example, this can be used by a CA or RA to
present an end entity with certificates that it needs to verify its
own new certificate (if, for (for example, if the CA that issued the end
entity's certificate is not a root CA for the end entity). Note that
this field does not necessarily contain a certification path; the
recipient may have to sort, select from, or otherwise process the
extra certificates in order to use them.</t>
<section anchor="sect-5.1.1">
<name>PKI Message Header</name>
<t>All PKI messages require some header information for addressing and
transaction identification. Some of this information will also be
present in a transport-specific envelope. However, if the PKI
message is protected, then this information is also protected (i.e.,
we make no assumption about secure transport).</t>
<t>The following data structure is used to contain this information:</t>
<sourcecode type="asn.1"><![CDATA[
PKIHeader ::= SEQUENCE {
pvno INTEGER { cmp1999(1), cmp2000(2),
cmp2021(3) },
sender GeneralName,
recipient GeneralName,
messageTime [0] GeneralizedTime OPTIONAL,
protectionAlg [1] AlgorithmIdentifier{ALGORITHM, {...}}
OPTIONAL,
senderKID [2] KeyIdentifier OPTIONAL,
recipKID [3] KeyIdentifier OPTIONAL,
transactionID [4] OCTET STRING OPTIONAL,
senderNonce [5] OCTET STRING OPTIONAL,
recipNonce [6] OCTET STRING OPTIONAL,
freeText [7] PKIFreeText OPTIONAL,
generalInfo [8] SEQUENCE SIZE (1..MAX) OF
InfoTypeAndValue OPTIONAL
}
PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
]]></sourcecode>
<t>The usage of the protocol version number (pvno) is described in <xref target="sect-7"/>.</t>
<t>The sender field contains the name of the sender of the PKIMessage.
This name (in conjunction with senderKID, if supplied) should be
sufficient to indicate the key to use to verify the protection on the
message. If nothing about the sender is known to the sending entity
(e.g., in the initial request message, where the end entity may not know
its own Distinguished Name (DN), e-mail email name, IP address, etc.), then
the "sender" field <bcp14>MUST</bcp14> contain a "NULL-DN" value in the directoryName choice.
A "NULL-DN" is a SEQUENCE OF relative distinguished names of zero length and is encoded as 0x3000.
In such a case, the senderKID field <bcp14>MUST</bcp14> hold an identifier (i.e., a reference
number) that indicates to the receiver the appropriate shared secret
information to use to verify the message.</t>
<t>The recipient field contains the name of the recipient of the
PKIMessage. This name (in conjunction with recipKID, if supplied)
should be usable to verify the protection on the message.</t>
<t>The protectionAlg field specifies the algorithm used to protect the
message. If no protection bits are supplied (note that PKIProtection
is <bcp14>OPTIONAL</bcp14>) <bcp14>OPTIONAL</bcp14>), then this field <bcp14>MUST</bcp14> be omitted; if protection bits are
supplied, then this field <bcp14>MUST</bcp14> be supplied.</t>
<t>senderKID and recipKID are usable to indicate which keys have been
used to protect the message (recipKID will normally only be required
where protection of the message uses Diffie-Hellman (DH) or elliptic curve Elliptic Curve Diffie-Hellman (ECDH) keys).
These fields <bcp14>MUST</bcp14> be used if required to uniquely identify a key
(e.g., if more than one key is associated with a given sender name).
The senderKID <bcp14>SHOULD</bcp14> be used in any case.</t>
<t>Note: The recommendation of using senderKID is has changed since <xref target="RFC4210"/>,
where it was recommended to be omitted if not needed to identify the protection
key.</t>
<t>The transactionID field within the message header is to be used to
allow the recipient of a message to correlate this with an ongoing
transaction. This is needed for all transactions that consist of
more than just a single request/response pair. For transactions that
consist of a single request/response pair, the rules are as follows.
A client <bcp14>MUST</bcp14> populate the transactionID field if the message
contains an infoValue of type KemCiphertextInfo, see KemCiphertextInfo (see <xref target="sect-5.1.3.4"/>. target="sect-5.1.3.4"/>). In all other cases cases,
the client <bcp14>MAY</bcp14> populate the transactionID field of the request. If a
server receives such a request that has the transactionID field set,
then it <bcp14>MUST</bcp14> set the transactionID field of the response to the same
value. If a server receives such request with a missing
transactionID field, then it <bcp14>MUST</bcp14> populate the transactionID field if
the message contains a KemCiphertextInfo field. In all other cases cases,
the server <bcp14>MAY</bcp14> set the transactionID field of the response.</t>
<t>For transactions that consist of more than just a single
request/response pair, the rules are as follows. If the message
contains an infoValue of type KemCiphertextInfo, the client
<bcp14>MUST</bcp14> generate a transactionID, otherwise transactionID; otherwise, the client <bcp14>SHOULD</bcp14>
generate a transactionID for the first request. If a server receives
such a request that has the transactionID field set, then it <bcp14>MUST</bcp14> set
the transactionID field of the response to the same value. If a
server receives such request with a missing transactionID field, then
it <bcp14>MUST</bcp14> populate the transactionID field of the response with a
server-generated ID. Subsequent requests and responses <bcp14>MUST</bcp14> all set
the transactionID field to the thus established value. In all cases
where a transactionID is being used, a given client <bcp14>MUST NOT</bcp14> have
more than one transaction with the same transactionID in progress at
any time (to a given server). Servers are free to require uniqueness
of the transactionID or not, as long as they are able to correctly
associate messages with the corresponding transaction. Typically,
this means that a server will require the {client, transactionID}
tuple to be unique, or even the transactionID alone to be unique, if
it cannot distinguish clients based on any transport-level information.
A server receiving the first message of a transaction (which requires
more than a single request/response pair) that contains a
transactionID that does not allow it to meet the above constraints
(typically because the transactionID is already in use) <bcp14>MUST</bcp14> send
back an ErrorMsgContent with a PKIFailureInfo of transactionIdInUse.
It is <bcp14>RECOMMENDED</bcp14> that the clients fill the transactionID field with
128 bits of (pseudo-) random (pseudo-)random data for the start of a transaction to
reduce the probability of having the transactionID in use at the
server.</t>
<t>The senderNonce and recipNonce fields protect the PKIMessage against
replay attacks. The senderNonce will typically be 128 bits of
(pseudo-) random
(pseudo-)random data generated by the sender, whereas the recipNonce
is copied from the senderNonce field of the previous message in the
transaction.</t>
<t>The messageTime field contains the time at which the sender created
the message. This may be useful to allow end entities to
correct/check their local time for consistency with the time on a
central system.</t>
<t>The freeText field may be used to send a human-readable message to
the recipient (in any number of languages). Each UTF8String <bcp14>MAY</bcp14>
include an <xref target="RFC5646"/> a language tag <xref target="RFC5646"/> to indicate the language of the
contained text. The first language used in this sequence indicates
the desired language for replies.</t>
<t>The generalInfo field may be used to send machine-processable
additional data to the recipient. The following generalInfo
extensions are defined and <bcp14>MAY</bcp14> be supported.</t>
<section anchor="sect-5.1.1.1">
<name>ImplicitConfirm</name>
<t>This is used by the EE to inform the CA or RA that it does not wish to send
a certificate confirmation for issued certificates.</t>
<sourcecode type="asn.1"><![CDATA[
id-it-implicitConfirm OBJECT IDENTIFIER ::= {id-it 13}
ImplicitConfirmValue ::= NULL
]]></sourcecode>
<t>If the CA grants the request to the EE, it <bcp14>MUST</bcp14> put the same
extension in the PKIHeader of the response. If the EE does not find
the extension in the response, it <bcp14>MUST</bcp14> send the certificate
confirmation.</t>
</section>
<section anchor="sect-5.1.1.2">
<name>ConfirmWaitTime</name>
<t>This is used by the CA or RA to inform the EE how long it intends to wait
for the certificate confirmation before revoking the certificate and
deleting the transaction.</t>
<sourcecode type="asn.1"><![CDATA[
id-it-confirmWaitTime OBJECT IDENTIFIER ::= {id-it 14}
ConfirmWaitTimeValue ::= GeneralizedTime
]]></sourcecode>
</section>
<section anchor="sect-5.1.1.3">
<name>OrigPKIMessage</name>
<t>An RA <bcp14>MAY</bcp14> include the original PKIMessage from the EE in the generalInfo
field of the PKIHeader of a PKIMessage. This is used by the RA to inform
the CA of the original PKIMessage that it received from the EE and modified
in some way (e.g., added or modified particular field values or added new
extensions) before forwarding the new PKIMessage. This
accommodates, for example, cases in which the CA wishes to check the message origin, the POP, or other
information on the original EE message.</t>
<t>Note: If the changes made by
the RA to the original PKIMessage break the POP of a certificate request,
the RA can set the popo field of the new PKIMessage to raVerified, see raVerified (see <xref target="sect-5.2.8.4"/>.</t> target="sect-5.2.8.4"/>).</t>
<t>Unless the OrigPKIMessage infoValue is in the header of a nested message, it <bcp14>MUST</bcp14> contain exactly one PKIMessage. The contents of OrigPKIMessage infoValue in the header of a nested message <bcp14>MAY</bcp14> contain multiple PKIMessage structures, which <bcp14>MUST</bcp14> be in the same order as the PKIMessage structures in PKIBody.</t>
<sourcecode type="asn.1"><![CDATA[
id-it-origPKIMessage OBJECT IDENTIFIER ::= {id-it 15}
OrigPKIMessageValue ::= PKIMessages
]]></sourcecode>
</section>
<section anchor="sect-5.1.1.4">
<name>CertProfile</name>
<t>This is used by the EE to indicate specific certificate profiles, e.g., when
requesting a new certificate or a certificate request template; see template (see <xref target="sect-5.3.19.16"/>.</t> target="sect-5.3.19.16"/>).</t>
<sourcecode type="asn.1"><![CDATA[
id-it-certProfile OBJECT IDENTIFIER ::= {id-it 21}
CertProfileValue ::= SEQUENCE SIZE (1..MAX) OF UTF8String
]]></sourcecode>
<t>When used in a p10cr message, the CertProfileValue sequence <bcp14>MUST NOT</bcp14> contain multiple certificate profile names. When used in an ir/cr/kur/genm message, the CertProfileValue sequence <bcp14>MUST NOT</bcp14> contain more certificate profile names than the number of CertReqMsg or GenMsgContent InfoTypeAndValue elements contained in the message body.</t>
<t>The certificate profile names in the CertProfileValue sequence relate to the CertReqMsg or GenMsgContent InfoTypeAndValue elements in the given order. An empty string means no certificate profile name is associated with the respective CertReqMsg or GenMsgContent InfoTypeAndValue element. If the CertProfileValue sequence contains less certificate profile entries than CertReqMsg or GenMsgContent InfoTypeAndValue elements, the remaining CertReqMsg or GenMsgContent InfoTypeAndValue elements have no profile name associated with them.</t>
</section>
<section anchor="sect-5.1.1.5">
<name>KemCiphertextInfo</name>
<t>A PKI entity <bcp14>MAY</bcp14> provide the KEM ciphertext for MAC-based message protection using KEM (see Section 5.1.3.4) <xref target="sect-5.1.3.4"/>) in the generalInfo field of a request message to a PKI management entity if it knows that the PKI management entity uses a KEM key pair and has its public key.</t>
<sourcecode type="asn.1"><![CDATA[
id-it-KemCiphertextInfo OBJECT IDENTIFIER ::= { id-it TBD1 24 }
KemCiphertextInfoValue ::= KemCiphertextInfo
]]></sourcecode>
<t>For more details of KEM-based message protection protection, see <xref target="sect-5.1.3.4"/>. See <xref target="sect-5.3.19.18"/> for the definition of {id-it TBD1}.</t> 24}.</t>
</section>
</section>
<section anchor="sect-5.1.2">
<name>PKI Message Body</name>
<sourcecode type="asn.1"><![CDATA[
PKIBody ::= CHOICE {
ir [0] CertReqMessages, --Initialization Req
ip [1] CertRepMessage, --Initialization Resp
cr [2] CertReqMessages, --Certification Req
cp [3] CertRepMessage, --Certification Resp
p10cr [4] CertificationRequest, --PKCS #10 Cert. Req.
popdecc [5] POPODecKeyChallContent, --pop Challenge
popdecr [6] POPODecKeyRespContent, --pop Response
kur [7] CertReqMessages, --Key Update Request
kup [8] CertRepMessage, --Key Update Response
krr [9] CertReqMessages, --Key Recovery Req
krp [10] KeyRecRepContent, --Key Recovery Resp
rr [11] RevReqContent, --Revocation Request
rp [12] RevRepContent, --Revocation Response
ccr [13] CertReqMessages, --Cross-Cert. Request
ccp [14] CertRepMessage, --Cross-Cert. Resp
ckuann [15] CAKeyUpdContent, --CA Key Update Ann.
cann [16] CertAnnContent, --Certificate Ann.
rann [17] RevAnnContent, --Revocation Ann.
crlann [18] CRLAnnContent, --CRL Announcement
pkiconf [19] PKIConfirmContent, --Confirmation
nested [20] NestedMessageContent, --Nested Message
genm [21] GenMsgContent, --General Message
genp [22] GenRepContent, --General Response
error [23] ErrorMsgContent, --Error Message
certConf [24] CertConfirmContent, --Certificate Confirm
pollReq [25] PollReqContent, --Polling Request
pollRep [26] PollRepContent --Polling Response
}
]]></sourcecode>
<t>The specific types are described in <xref target="sect-5.3"/> below.</t>
</section>
<section anchor="sect-5.1.3">
<name>PKI Message Protection</name>
<t>Some PKI messages will be protected for integrity.</t>
<t>Note: If an asymmetric algorithm is used to protect a message and the relevant
public component has been certified already, then the origin of the
message can also be authenticated. On the other hand, if the public
component is uncertified, then the message origin cannot be
automatically authenticated, authenticated but may be authenticated via out-of-band
means.</t>
<t>When protection is applied, the following structure is used:</t>
<sourcecode type="asn.1"><![CDATA[
PKIProtection ::= BIT STRING
]]></sourcecode>
<t>The input to the calculation of PKIProtection is the DER encoding of
the following data structure:</t>
<sourcecode type="asn.1"><![CDATA[
ProtectedPart ::= SEQUENCE {
header PKIHeader,
body PKIBody
}
]]></sourcecode>
<t>There <bcp14>MAY</bcp14> be cases in which the PKIProtection BIT STRING is
deliberately not used to protect a message (i.e., this <bcp14>OPTIONAL</bcp14> field
is omitted) because other protection, external to PKIX, will be
applied instead. Such a choice is explicitly allowed in this
specification. Examples of such external protection include CMS <xref target="RFC5652"/> and Security Multiparts <xref target="RFC1847"/> encapsulation of the
PKIMessage (or simply the PKIBody (omitting the CHOICE tag), if the
relevant PKIHeader information is securely carried in the external
mechanism). It is noted, however, that many such external mechanisms
require that the end entity already possesses a public-key
certificate, and/or a unique Distinguished Name, and/or other such
infrastructure-related information. Thus, they may not be
appropriate for initial registration, key-recovery, or any other
process with "boot-strapping" characteristics. For those cases cases, it
may be necessary that the PKIProtection parameter be used. In the
future, if/when external mechanisms are modified to accommodate
boot-strapping scenarios, the use of PKIProtection may become rare or
non-existent.</t>
<t>Depending on the circumstances, the PKIProtection bits may contain a
Message Authentication Code (MAC) or signature. Only the following
cases can occur:</t>
<section anchor="sect-5.1.3.1">
<name>Shared Secret Information</name>
<t>In this case, the sender and recipient share secret information with sufficient
entropy (established via out-of-band means). PKIProtection will contain a
MAC value value, and the protectionAlg <bcp14>MAY</bcp14> be one of the options described in CMP
Algorithms Section 6.1 <xref target="RFC9481"/>.</t> section="6.1" target="RFC9481">CMP Algorithms</xref>.</t>
<t>The algorithm identifier id-PasswordBasedMac is defined in Section 4.4 of <xref section="4.4" target="RFC4211"/> and updated by <xref target="RFC9045"/>. It is mentioned in Section 6.1.1 of <xref section="6.1.1" target="RFC9481"/> for backward compatibility. More modern alternatives are listed in Section 6.1 of <xref section="6.1" target="RFC9481"/>.</t>
<sourcecode type="asn.1"><![CDATA[
id-PasswordBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 13}
PBMParameter ::= SEQUENCE {
salt OCTET STRING,
owf AlgorithmIdentifier,
iterationCount INTEGER,
mac AlgorithmIdentifier
}
]]></sourcecode>
<t>The following text gives a method of key expansion to be used when the MAC-algorithm MAC algorithm requires an input length that is larger than the size of the one-way-function.</t> one-way function.</t>
<t>Note: Section 4.4 of <xref section="4.4" target="RFC4211"/> and <xref target="RFC9045"/> do not mention this key expansion method and gives or give an example using HMAC algorithms where key expansion is not needed. It is recognized that this omission in <xref target="RFC4211"/> can lead to confusion and possible incompatibility if <xref target="RFC4210"/> key expansion <xref target="RFC4210"/> is not used when needed. Therefore, when key expansion is required (when K > H) H), the key expansion defined in the following text <bcp14>MUST</bcp14> be used.</t>
<t>In the above protectionAlg, the salt value is appended to the shared
secret input. The OWF one-way function (OWF) is then applied iterationCount times, where the
salted secret is the input to the first iteration and, for each
successive iteration, the input is set to be the output of the
previous iteration. The output of the final iteration (called
"BASEKEY" for ease of reference, with a size of "H") is what is used
to form the symmetric key. If the MAC algorithm requires a K-bit key
and K <= H, then the most significant K bits of BASEKEY are used. If
K > H, then all of BASEKEY is used for the most significant H bits of
the key, OWF("1" || BASEKEY) is used for the next most significant H
bits of the key, OWF("2" || BASEKEY) is used for the next most
significant H bits of the key, and so on, until all K bits have been
derived. [Here "N" is the ASCII byte encoding the number N and "||"
represents concatenation.]</t>
<t>Note: It is <bcp14>RECOMMENDED</bcp14> that the fields of PBMParameter remain
constant throughout the messages of a single transaction (e.g.,
ir/ip/certConf/pkiConf) to reduce the overhead associated with
PasswordBasedMac computation.</t>
</section>
<section anchor="sect-5.1.3.2">
<name>DH Key Pairs</name>
<t>Where the sender and receiver possess finite-field or elliptic-curve-based
Diffie-Hellman certificates
with compatible DH parameters, parameters in order to protect the message message, the
end entity must generate a symmetric key based on its private DH key
value and the DH public key of the recipient of the PKI message.
PKIProtection will contain a MAC value keyed with this derived
symmetric key key, and the protectionAlg will be the following:</t>
<sourcecode type="asn.1"><![CDATA[
id-DHBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 30}
DHBMParameter ::= SEQUENCE {
owf AlgorithmIdentifier,
-- AlgId for a One-Way Function
mac AlgorithmIdentifier
-- the MAC AlgId
}
]]></sourcecode>
<t>In the above protectionAlg, OWF is applied to the result of the
Diffie-Hellman computation. The OWF output (called "BASEKEY" for
ease of reference, with a size of "H") is what is used to form the
symmetric key. If the MAC algorithm requires a K-bit key and K <= H, then
the most significant K bits of BASEKEY are used. If K > H, then
all of BASEKEY is used for the most significant H bits of the key,
OWF("1" || BASEKEY) is used for the next most significant H bits of
the key, OWF("2" || BASEKEY) is used for the next most significant H
bits of the key, and so on, until all K bits have been derived.
[Here "N" is the ASCII byte encoding the number N and "||" represents concatenation.]</t>
<t>Note: Hash algorithms that can be used as one-way functions are listed in
CMP Algorithms <xref target="RFC9481"/> Section 2.</t> section="2" target="RFC9481">CMP Algorithms</xref>.</t>
</section>
<section anchor="sect-5.1.3.3">
<name>Signature</name>
<t>In this case, the sender possesses a signature key pair and simply
signs the PKI message. PKIProtection will contain the signature
value and the protectionAlg will be an AlgorithmIdentifier for a
digital signature signature, which <bcp14>MAY</bcp14> be one of the options described in CMP Algorithms Section
3 <xref target="RFC9481"/>.</t> section="3" target="RFC9481">CMP
Algorithms</xref>.</t>
</section>
<section anchor="sect-5.1.3.4">
<name>Key Encapsulation</name>
<t>In case the sender of a message has a Key Encapsulation Mechanism (KEM) key pair, it can be used to establish a shared secret key for MAC-based message protection. This can be used for message authentication.</t>
<t>This approach uses the definition of Key Encapsulation Mechanism (KEM) algorithm functions in Section 1 of <xref section="1" target="RFC9629"/> as follows:</t>
<t>A KEM algorithm provides three functions:</t>
<ul
<ol spacing="normal">
<li>
<t>KeyGen()
<li>KeyGen() -> (pk, sk):</t>
</li>
</ul>
<ul empty="true">
<li>
<t>Generate sk): Generate a public key (pk) and a
private (secret) key (sk).</t>
</li>
</ul>
<ul spacing="normal">
<li>
<t>Encapsulate(pk) (sk).</li>
<li>Encapsulate(pk) -> (ct, ss):</t>
</li>
</ul>
<ul empty="true">
<li>
<t>Given ss): Given the public key
(pk), produce a ciphertext (ct) and a shared secret (ss).</t>
</li>
</ul>
<ul spacing="normal">
<li>
<t>Decapsulate(sk, (ss).</li>
<li>Decapsulate(sk, ct) -> (ss):</t>
</li>
</ul>
<ul empty="true">
<li>
<t>Given (ss): Given the private key
(sk) and the ciphertext (ct), produce the shared secret (ss).</t>
</li>
</ul>
(ss).</li>
</ol>
<t>To support a particular KEM algorithm, the PKI entity that possesses a KEM key pair and wishes to use it for MAC-based message protection <bcp14>MUST</bcp14> support the KEM Decapsulate() function. The PKI entity that wishes to verify the MAC-based message protection <bcp14>MUST</bcp14> support the KEM Encapsulate() function. The respective public KEM key is usually carried in a certificate <xref target="I-D.ietf-lamps-kyber-certificates"/>.</t>
<t>Note: Both PKI entities send and receive messages in a PKI management operation. Both PKI entities may independently wish to protect messages using their KEM key pairs. For ease of explanation explanation, we use the term terms "Alice" to denote the PKI entity possessing the KEM key pair and who wishes to provide MAC-based message protection, protection and "Bob" to denote the PKI entity having Alice’s Alice's authentic public KEM key and who needs to verify the MAC-based protection provided by Alice.</t>
<t>Assuming Bob has Alice's KEM public key, he generates the ciphertext using KEM encapsulation and transfers it to Alice in an InfoTypeAndValue structure. Alice then retrieves the KEM shared secret from the ciphertext using KEM decapsulation and the associated KEM private key. Using a key derivation function (KDF), she Alice derives a shared secret key from the KEM shared secret and other data sent by Bob. PKIProtection will contain a MAC value calculated using that shared secret key, and the protectionAlg will be the following:</t>
<sourcecode type="asn.1"><![CDATA[
id-KemBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 16}
KemBMParameter ::= SEQUENCE {
kdf AlgorithmIdentifier{KEY-DERIVATION, {...}},
kemContext [0] OCTET STRING OPTIONAL,
len INTEGER (1..MAX),
mac AlgorithmIdentifier{MAC-ALGORITHM, {...}}
}
]]></sourcecode>
<t>Note: The OID for id-KemBasedMac was assigned on the private-use arc { iso(1) member-body(2) us(840) nortelnetworks(113533) entrust(7) }, } and not assigned on an IANA-owned arc because the authors wished to placed place it on the same branch as the existing OIDs for id-PasswordBasedMac and id-DHBasedMac.</t>
<t>kdf is the algorithm identifier of the chosen KDF, and any associated parameters, used to derive the shared secret key.</t>
<t>kemContext <bcp14>MAY</bcp14> be used to transfer additional algorithm specific algorithm-specific context information, see information (see also the definition of ukm in <xref target="RFC9629"/>, Section 3.</t> section="3" target="RFC9629"/>).</t>
<t>len is the output length of the KDF and <bcp14>MUST</bcp14> be the desired size of the key to be used for MAC-based message protection.</t>
<t>mac is the algorithm identifier of the chosen MAC algorithm, and any associated parameters, used to calculate the MAC value.</t>
<t>The KDF and MAC algorithms <bcp14>MAY</bcp14> be chosen from the options in CMP Algorithms <xref target="RFC9481"/>.</t>
<t>The InfoTypeAndValue transferring the KEM ciphertext uses OID id-it-KemCiphertextInfo. It contains a KemCiphertextInfo structure structure, as defined in <xref target="sect-5.3.19.18"/>.</t>
<t>Note: This InfoTypeAndValue can be carried in a genm/genp message body body, as specified in <xref target="sect-5.3.19.18"/> target="sect-5.3.19.18"/>, or in the generalInfo field of PKIHeader in messages of other types, see types (see <xref target="sect-5.1.1.5"/>.</t> target="sect-5.1.1.5"/>).</t>
<t>In the following, a generic message flow for MAC-based protection using KEM is specified in more detail. It is assumed that Bob possesses the Alice's public KEM key of Alice. key. Alice can be the initiator of a PKI management operation or the responder. For more detailed figures figures, see <xref target="sect-e"/>.</t>
<t>Generic Message Flow:</t>
<figure anchor="KEM">
<name>Generic Message Flow when When Alice has Has a KEM key pair</name> Key Pair</name>
<artset>
<artwork type="svg" align="left"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="240" width="560" viewBox="0 0 560 240" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 8,48 L 552,48" fill="none" stroke="black"/>
<path d="M 184,80 L 200,80" fill="none" stroke="black"/>
<path d="M 336,80 L 352,80" fill="none" stroke="black"/>
<path d="M 184,160 L 200,160" fill="none" stroke="black"/>
<path d="M 336,160 L 352,160" fill="none" stroke="black"/>
<path d="M 8,224 L 152,224" fill="none" stroke="black"/>
<path d="M 400,224 L 552,224" fill="none" stroke="black"/>
<polygon class="arrowhead" points="360,160 348,154.4 348,165.6" fill="black" transform="rotate(0,352,160)"/>
<polygon class="arrowhead" points="344,80 332,74.4 332,85.6" fill="black" transform="rotate(180,336,80)"/>
<polygon class="arrowhead" points="208,160 196,154.4 196,165.6" fill="black" transform="rotate(0,200,160)"/>
<polygon class="arrowhead" points="192,80 180,74.4 180,85.6" fill="black" transform="rotate(180,184,80)"/>
<g class="text">
<text x="24" y="36">Step#</text>
<text x="72" y="36">Alice</text>
<text x="360" y="36">Bob</text>
<text x="24" y="68">1</text>
<text x="376" y="68">perform</text>
<text x="424" y="68">KEM</text>
<text x="488" y="68">Encapsulate</text>
<text x="224" y="84">KEM</text>
<text x="284" y="84">Ciphertext</text>
<text x="24" y="100">2</text>
<text x="80" y="100">perform</text>
<text x="128" y="100">KEM</text>
<text x="196" y="100">Decapsulate,</text>
<text x="96" y="116">perform</text>
<text x="144" y="116">key</text>
<text x="208" y="116">derivation,</text>
<text x="92" y="132">format</text>
<text x="152" y="132">message</text>
<text x="204" y="132">with</text>
<text x="104" y="148">MAC-based</text>
<text x="188" y="148">protection</text>
<text x="264" y="164">message</text>
<text x="24" y="180">3</text>
<text x="376" y="180">perform</text>
<text x="424" y="180">key</text>
<text x="488" y="180">derivation,</text>
<text x="388" y="196">verify</text>
<text x="456" y="196">MAC-based</text>
<text x="404" y="212">protection</text>
<text x="192" y="228">Alice</text>
<text x="272" y="228">authenticated</text>
<text x="340" y="228">by</text>
<text x="368" y="228">Bob</text>
</g>
</svg>
</artwork>
<artwork type="ascii-art" align="left"><![CDATA[
Step# Alice Bob
---------------------------------------------------------------------
1 perform KEM Encapsulate
<-- KEM Ciphertext <--
2 perform KEM Decapsulate,
perform key derivation,
format message with
MAC-based protection
--> message -->
3 perform key derivation,
verify MAC-based
protection
------------------- Alice authenticated by Bob --------------------
]]></artwork>
</artset>
</figure>
<ol spacing="normal" type="1"><li>
<t>Bob needs to possess the Alice's authentic public KEM key pk of Alice, (pk), for instance instance, contained in a KEM certificate that was received and successfully validated by Bob beforehand. </t>
<t>
Bob generates a shared secret ss (ss) and the associated ciphertext ct (ct) using the KEM Encapsulate function with Alice's public KEM key pk. (pk). Bob <bcp14>MUST NOT</bcp14> reuse the ss and ct for other PKI management operations. From this data, Bob produces a KemCiphertextInfo structure structure, including the KEM algorithm identifier and the ciphertext ct (ct) and sends it to Alice in an InfoTypeAndValue structure structure, as defined in <xref target="sect-5.3.19.18"/>. </t>
<sourcecode type="asn.1"><![CDATA[
Encapsulate(pk) -> (ct, ss)
]]></sourcecode>
</li>
<li>
<t>Alice decapsulates the shared secret ss (ss) from the ciphertext ct (ct) using the KEM Decapsulate function and its private KEM key sk. (sk). </t>
<sourcecode type="asn.1"><![CDATA[
Decapsulate(ct, sk) -> (ss)
]]></sourcecode>
<t>
If the decapsulation operation outputs an error, any failInfo field in an error response message <bcp14>SHALL</bcp14> contain the value badMessageCheck and the PKI management operation <bcp14>SHALL</bcp14> be terminated. </t>
<t>
Alice derives the shared secret key ssk (ssk) using a KDF. The shared secret ss (ss) is used as input key material for the KDF, and the value len is the desired output length of the KDF as required by the MAC algorithm to be used for message protection. KDF, len, and MAC will be transferred to Bob in the protectionAlg KemBMParameter. The DER-encoded KemOtherInfo structure, as defined below, is used as context for the KDF. </t>
<sourcecode type="asn.1"><![CDATA[
KDF(ss, len, context)->(ssk)
]]></sourcecode>
<t>
The shared secret key ssk (ssk) is used for MAC-based protection by Alice.</t>
</li>
<li>
<t>Bob derives the same shared secret key ssk (ssk) using the KDF. Also here here, the shared secret ss (ss) is used as input key material for the KDF, the value len is the desired output length for the KDF, and the DER-encoded KemOtherInfo structure constructed in the same way as on Alice's side is used as context for the KDF. </t>
<sourcecode type="asn.1"><![CDATA[
KDF(ss, len, context)->(ssk)
]]></sourcecode>
<t>
Bob uses the shared secret key ssk (ssk) for verifying the MAC-based protection of the message received and in this way authenticates Alice.</t>
</li>
</ol>
<t>This shared secret key ssk (ssk) can be reused by Alice for MAC-based protection of further messages sent to Bob within the current PKI management operation.</t>
<t>This approach employs the notation of KDF(IKM, L, info) as described in <xref section="5" sectionFormat="comma" sectionFormat="of" target="RFC9629"/> with the following changes:</t>
<ul spacing="normal">
<li>
<t>IKM is the input key material. It is the symmetric secret called ss "ss" resulting from the key encapsulation mechanism.</t>
</li>
<li>
<t>L is dependent of the MAC algorithm that is used with the shared secret key for CMP message protection and is called len "len" in this document.</t>
</li>
<li>
<t>info is an additional input to the KDF, is called context "context" in this document, and contains the DER-encoded KemOtherInfo structure defined as: </t>
<sourcecode type="asn.1"><![CDATA[
KemOtherInfo ::= SEQUENCE {
staticString PKIFreeText,
transactionID OCTET STRING,
kemContext [0] OCTET STRING OPTIONAL
}
]]></sourcecode>
<t>
staticString <bcp14>MUST</bcp14> be "CMP-KEM". </t>
<t>
transactionID <bcp14>MUST</bcp14> be the value from the message containing the ciphertext ct (ct) in KemCiphertextInfo. </t>
<t>
Note: The transactionID is used to ensure domain separation of the derived shared secret key between different PKI management operations. For all PKI management operations with more than one exchange exchange, the transactionID <bcp14>MUST</bcp14> be set anyway, see anyway (see <xref target="sect-5.1.1"/>. target="sect-5.1.1"/>). In case Bob provided a an infoValue of type KemCiphertextInfo to Alice in the initial request message, see message (see <xref target="KEM-Flow2"/> of <xref target="sect-e"/>, target="sect-e"/>), the transactionID <bcp14>MUST</bcp14> be set by Bob. </t>
<t>
kemContext <bcp14>MAY</bcp14> contain additional algorithm specific algorithm-specific context information.</t>
</li>
<li>
<t>OKM is the output keying material of the KDF used for MAC-based message protection of length len and is called ssk "ssk" in this document.</t>
</li>
</ul>
<t>There are various ways how that Alice can request, request and Bob can provide the KEM ciphertext, see ciphertext (see <xref target="sect-e"/> for details. details). The KemCiphertextInfo can be requested using PKI general messages messages, as described in <xref target="sect-5.3.19.18"/>. Alternatively, the generalInfo field of the PKIHeader can be used to convey the same request and response InfoTypeAndValue structures structures, as described in <xref target="sect-5.1.1.5"/>. The procedure works also works without Alice explicitly requesting the KEM ciphertext in case Bob knows a KEM key one of Alice Alice's KEM keys beforehand and can expect that she is ready to use it.</t>
<t>If both the initiator and responder in a PKI management operation have KEM key pairs, this procedure can be applied by both entities independently, establishing and using different shared secret keys for either direction.</t>
</section>
<section anchor="sect-5.1.3.5">
<name>Multiple Protection</name>
<t>When receiving a protected PKI message, a PKI management entity, such as an
RA, <bcp14>MAY</bcp14> forward that message adding its own protection. Additionally, multiple
PKI messages <bcp14>MAY</bcp14> be aggregated. There are several use cases for such messages.</t>
<ul spacing="normal">
<li>
<t>The RA confirms having validated and authorized a message and forwards the
original message unchanged.</t>
</li>
<li>
<t>A PKI management entity collects several messages that are to be forwarded
in the same direction and forwards them in a batch. Request messages can
be transferred as a batch upstream (towards the CA); response or announce messages
can be transferred as a batch downstream (towards an RA but not to the EE).
For instance, this can be used when bridging an off-line connection between
two PKI management entities.</t>
</li>
</ul>
<t>These use cases are accomplished by nesting the messages within a new PKI
message. The structure used is as follows:</t>
<sourcecode type="asn.1"><![CDATA[
NestedMessageContent ::= PKIMessages
]]></sourcecode>
<t>In case an RA needs to modify a request message, it <bcp14>MAY</bcp14> include the original
PKIMessage in the generalInfo field of the modified message message, as described in
<xref target="sect-5.1.1.3"/>.</t>
</section>
</section>
</section>
<section anchor="sect-5.2">
<name>Common Data Structures</name>
<t>Before specifying the specific types that may be placed in a PKIBody,
we define some data structures that are used in more than one case.</t>
<section anchor="sect-5.2.1">
<name>Requested Certificate Contents</name>
<t>Various PKI management messages require that the originator of the
message indicate some of the fields that are required to be present
in a certificate. The CertTemplate structure allows an end entity or
RA to specify as much as it wishes about the certificate it requires.
CertTemplate is identical to a Certificate, Certificate but with all fields
optional.</t>
<t>Note: Even if the originator completely specifies the contents of
a certificate it requires, a CA is free to modify fields within the
certificate actually issued. If the modified certificate is
unacceptable to the requester, the requester <bcp14>MUST</bcp14> send back a
certConf message that either does not include this certificate (via a
CertHash),
CertHash) or does include this certificate (via a CertHash) along
with a status of "rejected". See <xref target="sect-5.3.18"/> for the definition
and use of CertHash and the certConf message.</t>
<t>Note: Before requesting a new certificate, an end entity can request a certTemplate
structure as a kind of certificate request blueprint, blueprint in order to learn which
data the CA expects to be present in the certificate request, see request (see <xref target="sect-5.3.19.16"/>.</t> target="sect-5.3.19.16"/>).</t>
<t>See CRMF <xref target="RFC4211">CRMF</xref> target="RFC4211"/> for CertTemplate syntax.</t>
<t>If certTemplate is an empty SEQUENCE (i.e., all fields omitted), then the
controls field in the CertRequest structure <bcp14>MAY</bcp14> contain the id-regCtrl-altCertTemplate
control, specifying a template for a certificate other than an X.509v3 public-key
certificate. Conversely, if certTemplate is not empty (i.e., at least one
field is present), then controls <bcp14>MUST NOT</bcp14> contain id-regCtrl-altCertTemplate.
The new control is defined as follows:</t>
<sourcecode type="asn.1"><![CDATA[
id-regCtrl-altCertTemplate OBJECT IDENTIFIER ::= { iso(1)
identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) pkip(5) regCtrl(1) 7}
AltCertTemplate ::= AttributeTypeAndValue
]]></sourcecode>
<t>See also
<t>Also see <xref target="RFC4212"/> for more details on how to manage certificates in alternative formats using CRMF <xref target="RFC4211"/> syntax.</t>
</section>
<section anchor="sect-5.2.2">
<name>Encrypted Values</name>
<t>When encrypted data like a private key, certificate, POP challenge, or revocation passphrase is sent in PKI messages messages, it is <bcp14>RECOMMENDED</bcp14> to use the EnvelopedData structure. In some cases cases, this is accomplished by using the EncryptedKey data structure instead of EncryptedValue.</t>
<sourcecode type="asn.1"><![CDATA[
EncryptedKey ::= CHOICE {
encryptedValue EncryptedValue, -- deprecated
envelopedData [0] EnvelopedData }
]]></sourcecode>
<t>See Certificate Request Message Format (CRMF) <xref target="RFC4211"/> for EncryptedKey and EncryptedValue syntax and Cryptographic Message
Syntax (CMS) <xref target="RFC5652"/> for EnvelopedData syntax. Using the EncryptedKey data structure offers the
choice to either use EncryptedValue (for backward compatibility only) or
EnvelopedData. The use of the EncryptedValue structure has been deprecated
in favor of the EnvelopedData structure. Therefore, it is <bcp14>RECOMMENDED</bcp14> to
use EnvelopedData.</t>
<t>Note: The EncryptedKey structure defined in CRMF <xref target="RFC4211">CRMF</xref> target="RFC4211"/> is used here, which makes the update backward compatible. Using the new syntax
with the untagged default choice EncryptedValue is bits-on-the-wire compatible
with the old syntax.</t>
<t>To indicate support for EnvelopedData, the pvno cmp2021 has been introduced.
Details on the usage of the protocol version number (pvno) are described in <xref target="sect-7"/>.</t>
<t>The EnvelopedData structure is <bcp14>RECOMMENDED</bcp14> to use be used in CMP to transport a private key,
certificate, POP challenge, or revocation passphrase in encrypted form as follows:</t>
<ul spacing="normal">
<li>
<t>It contains only one RecipientInfo structure because the content is encrypted
only for one recipient.</t>
</li>
<li>
<t>It may contain a private key in the AsymmetricKeyPackage structure (which is placed in the encryptedContentInfo field), as defined
in <xref target="RFC5958"/>, that is wrapped in a SignedData structure, as specified in
Section 5 of
<xref section="5" target="RFC5652"/> and <xref target="RFC8933"/>, signed by the Key Generation Authority or CA.</t>
</li>
<li>
<t>It may contain a certificate, POP challenge, or revocation passphrase directly in the encryptedContent
field.</t>
</li>
</ul>
<t>The content of the EnvelopedData structure, as specified in Section 6 of <xref section="6" target="RFC5652"/>,
<bcp14>MUST</bcp14> be encrypted using a newly generated symmetric content-encryption
key. This content-encryption key <bcp14>MUST</bcp14> be securely provided to the recipient
using one of four key management techniques.</t>
<t>The choice of the key management technique to be used by the sender depends
on the credential available at the recipient:</t>
<ul spacing="normal">
<li>
<t>recipient's certificate with an algorithm identifier and a public key that supports key transport and where any given key usage extension allows keyEncipherment:
The content-encryption key will be protected using the key transport key management technique, as specified in Section 6.2.1 of <xref section="6.2.1" target="RFC5652"/>.</t>
</li>
<li>
<t>recipient's certificate with an algorithm identifier and a public key that supports key agreement and where any given key usage extension allows keyAgreement:
The content-encryption key will be protected using the key agreement key management technique, as specified in Section 6.2.2 of <xref section="6.2.2" target="RFC5652"/>.</t>
</li>
<li>
<t>a password or shared secret: The content-encryption key will be protected
using the password-based key management technique, as specified in
Section 6.2.4 of
<xref section="6.2.4" target="RFC5652"/>.</t>
</li>
<li>
<t>recipient's certificate with an algorithm identifier and a public key that supports key encapsulation mechanism and where any given key usage extension allows keyEncipherment: The content-encryption key will be protected using the key management technique for KEM keys, as specified in <xref target="RFC9629"/>.</t>
</li>
</ul>
<t>Note: There are cases where the algorithm identifier, the type of the public key,
and the key usage extension will not be sufficient to decide on the key management
technique to use, e.g., when rsaEncryption is the algorithm identifier. In
such cases cases, it is a matter of local policy to decide.</t>
</section>
<section anchor="sect-5.2.3">
<name>Status Codes and Failure Information for PKI Messages</name>
<t>All response messages will include some status information. The
following values are defined.</t>
<sourcecode type="asn.1"><![CDATA[
PKIStatus ::= INTEGER {
accepted (0),
grantedWithMods (1),
rejection (2),
waiting (3),
revocationWarning (4),
revocationNotification (5),
keyUpdateWarning (6)
}
]]></sourcecode>
<t>Responders may use the following syntax to provide more information
about failure cases.</t>
<sourcecode type="asn.1"><![CDATA[
PKIFailureInfo ::= BIT STRING {
badAlg (0),
badMessageCheck (1),
badRequest (2),
badTime (3),
badCertId (4),
badDataFormat (5),
wrongAuthority (6),
incorrectData (7),
missingTimeStamp (8),
badPOP (9),
certRevoked (10),
certConfirmed (11),
wrongIntegrity (12),
badRecipientNonce (13),
timeNotAvailable (14),
unacceptedPolicy (15),
unacceptedExtension (16),
addInfoNotAvailable (17),
badSenderNonce (18),
badCertTemplate (19),
signerNotTrusted (20),
transactionIdInUse (21),
unsupportedVersion (22),
notAuthorized (23),
systemUnavail (24),
systemFailure (25),
duplicateCertReq (26)
}
PKIStatusInfo ::= SEQUENCE {
status PKIStatus,
statusString PKIFreeText OPTIONAL,
failInfo PKIFailureInfo OPTIONAL
}
]]></sourcecode>
</section>
<section anchor="sect-5.2.4">
<name>Certificate Identification</name>
<t>In order to identify particular certificates, the CertId data
structure is used.</t>
<t>See <xref target="RFC4211"/> for CertId syntax.</t>
</section>
<section anchor="sect-5.2.5">
<name>Out-of-band root
<name>Out-of-Band Root CA Public Key</name>
<t>Each root CA that provides a self-signed certificate must be able to publish its current public key via some
"out-of-band" means or together with the respective link certificate using an online mechanism. While such mechanisms are beyond the scope of
this document, we define data structures that can support such
mechanisms.</t>
<t>There are generally two methods available: Either the CA directly
publishes its self-signed certificate, or this information is
available via the directory (or equivalent) and the CA publishes a
hash of this value to allow verification of its integrity before use.</t>
<t>Note: As an alternative to out-of-band distribution of root CA public keys, the CA can provide the self-signed certificate together with link certificates, e.g., using RootCaKeyUpdateContent (<xref target="sect-5.3.19.15"/>).</t>
<sourcecode type="asn.1"><![CDATA[
OOBCert ::= Certificate
]]></sourcecode>
<t>The fields within this certificate are restricted as follows:</t>
<ul spacing="normal">
<li>
<t>The certificate <bcp14>MUST</bcp14> be self-signed (i.e., the signature must be
verifiable using the SubjectPublicKeyInfo field);</t>
</li>
<li>
<t>The subject and issuer fields <bcp14>MUST</bcp14> be identical;</t>
</li>
<li>
<t>If the subject field contains a "NULL-DN", then both subjectAltNames and
issuerAltNames extensions <bcp14>MUST</bcp14> be present and have exactly the
same value;</t> value; and</t>
</li>
<li>
<t>The values of all other extensions must be suitable for a self-signed
certificate (e.g., key identifiers for the subject and issuer must be the
same).</t>
</li>
</ul>
<sourcecode type="asn.1"><![CDATA[
OOBCertHash ::= SEQUENCE {
hashAlg [0] AlgorithmIdentifier OPTIONAL,
certId [1] CertId OPTIONAL,
hashVal BIT STRING
}
]]></sourcecode>
<t>The intention of the hash value is that anyone who has securely
received the hash value (via the out-of-band means) can verify a
self-signed certificate for that CA.</t>
</section>
<section anchor="sect-5.2.6">
<name>Archive Options</name>
<t>Requesters may indicate that they wish the PKI to archive a private
key value using the PKIArchiveOptions structure.</t>
<t>See <xref target="RFC4211"/> for PKIArchiveOptions syntax.</t>
</section>
<section anchor="sect-5.2.7">
<name>Publication Information</name>
<t>Requesters may indicate that they wish the PKI to publish a
certificate using the PKIPublicationInfo structure.</t>
<t>See <xref target="RFC4211"/> for PKIPublicationInfo syntax.</t>
</section>
<section anchor="sect-5.2.8">
<name>Proof-of-Possession Structures</name>
<t>The proof-of-possession structure used is indicated in the popo field
of type ProofOfPossession in the CertReqMsg sequence, see Section 4 of sequence (see <xref target="RFC4211"/>.</t> section="4" target="RFC4211"/>).</t>
<sourcecode type="asn.1"><![CDATA[
ProofOfPossession ::= CHOICE {
raVerified [0] NULL,
signature [1] POPOSigningKey,
keyEncipherment [2] POPOPrivKey,
keyAgreement [3] POPOPrivKey
}
]]></sourcecode>
<section anchor="sect-5.2.8.1">
<name>raVerified</name>
<t>An EE <bcp14>MUST NOT</bcp14> use raVerified. If an RA performs changes to a certification request breaking the provided proof-of-possession (POP), or if the RA requests a certificate on behalf of an EE and cannot provide the POP itself, the RA <bcp14>MUST</bcp14> use raVerified. Otherwise, it <bcp14>SHOULD NOT</bcp14> use raVerified.</t>
<t>When introducing raVerified, the RA <bcp14>MUST</bcp14> check the existing POP, or it <bcp14>MUST</bcp14> ensure by other means that the EE is the holder of the private key. The RA <bcp14>MAY</bcp14> provide the original message containing the POP in the generalInfo field using the id-it-origPKIMessage, see id-it-origPKIMessage (see <xref target="sect-5.1.1.3"/>, target="sect-5.1.1.3"/>) enabling the CA to verify it.</t>
</section>
<section anchor="sect-5.2.8.2">
<name>POPOSigningKey Structure</name>
<t>If the certification request is for a key pair that supports signing (i.e., a request for a verification certificate), then the proof-of-possession of the private key is demonstrated through use of the POPOSigningKey structure, structure; for details details, see Section 4.1 of <xref section="4.1" target="RFC4211"/>.</t>
<sourcecode type="asn.1"><![CDATA[
POPOSigningKey ::= SEQUENCE {
poposkInput [0] POPOSigningKeyInput OPTIONAL,
algorithmIdentifier AlgorithmIdentifier,
signature BIT STRING
}
POPOSigningKeyInput ::= SEQUENCE {
authInfo CHOICE {
sender [0] GeneralName,
publicKeyMAC PKMACValue
},
publicKey SubjectPublicKeyInfo
}
PKMACValue ::= SEQUENCE {
algId AlgorithmIdentifier,
value BIT STRING
}
]]></sourcecode>
<t>Note: For the purposes of this specification, the ASN.1 comment given in Appendix C of <xref section="C" target="RFC4211"/> pertains not only to certTemplate, certTemplate but also to the altCertTemplate control control, as defined in <xref target="sect-5.2.1"/>.</t>
<t>If certTemplate (or the altCertTemplate control) contains the subject and publicKey values, then poposkInput <bcp14>MUST</bcp14> be omitted and the signature <bcp14>MUST</bcp14> be computed on the DER-encoded value of the certReq field of the CertReqMsg (or the DER-encoded value of AltCertTemplate). If certTemplate/altCertTemplate does not contain both the subject and public key values (i.e., if it contains only one of these, these or neither), then poposkInput <bcp14>MUST</bcp14> be present and the signature <bcp14>MUST</bcp14> be computed on the DER-encoded value of poposkInput (i.e., the "value" OCTETs of the POPOSigningKeyInput DER).</t>
<t>In the special case that the CA/RA has a DH certificate that is known to the EE and the certification request is for a key agreement key pair, the EE can also use the POPOSigningKey structure (where the algorithmIdentifier field is DHBasedMAC and the signature field is the MAC) for demonstrating POP.</t>
</section>
<section anchor="sect-5.2.8.3">
<name>POPOPrivKey Structure</name>
<t>If the certification request is for a key pair that does not support signing (i.e., a request for an encryption or key agreement certificate), then the proof-of-possession of the private key is demonstrated through use of the POPOPrivKey structure in one of the following three ways, ways; for details see Section 4.2 Sections <xref target="RFC4211" section="4.2" sectionFormat="bare"/> and 4.3 of <xref target="RFC4211" section="4.3" sectionFormat="bare"/> in <xref target="RFC4211"/>.</t>
<sourcecode type="asn.1"><![CDATA[
POPOPrivKey ::= CHOICE {
thisMessage [0] BIT STRING, -- deprecated
subsequentMessage [1] SubsequentMessage,
dhMAC [2] BIT STRING, -- deprecated
agreeMAC [3] PKMACValue,
encryptedKey [4] EnvelopedData
}
SubsequentMessage ::= INTEGER {
encrCert (0),
challengeResp (1)
}
]]></sourcecode>
<t>When using agreeMAC or encryptedKey choices, the pvno cmp2021(3) <bcp14>MUST</bcp14> be used. Details on the usage of the protocol version number (pvno) are described in <xref target="sect-7"/>.</t>
<section anchor="sect-5.2.8.3.1">
<name>Inclusion of the Private Key</name>
<t>This method mentioned previously in <xref target="sect-4.3"/> demonstrates proof-of-possession of the private key by including the encrypted private key in the CertRequest in the POPOPrivKey structure or in the PKIArchiveOptions control structure. This method <bcp14>SHALL</bcp14> only be used if archival of the private key is desired.</t>
<t>For a certification request message indicating cmp2021(3) in the pvno field of the PKIHeader, the encrypted private key <bcp14>MUST</bcp14> be transferred in the encryptedKey choice of POPOPrivKey (or within the PKIArchiveOptions control) in a CMS EnvelopedData structure structure, as defined in <xref target="sect-5.2.2"/>.</t>
<t>Note: The thisMessage choice has been deprecated in favor of encryptedKey. When using cmp2000(2) in the certification request message header for backward compatibility, the thisMessage choice of POPOPrivKey is used containing the encrypted private key in an EncryptedValue structure wrapped in a BIT STRING. This allows the necessary conveyance and protection of the private key while maintaining bits-on-the-wire compatibility with <xref target="RFC4211"/>.</t>
</section>
<section anchor="sect-5.2.8.3.2">
<name>Indirect Method - Encrypted Certificate</name>
<t>The indirect method mentioned previously in <xref target="sect-4.3"/> demonstrates proof-of-possession of the private key by having the CA return the requested certificate in encrypted form, see form (see <xref target="sect-5.2.2"/>. target="sect-5.2.2"/>). This method is indicated in the CertRequest by requesting the encrCert option in the subsequentMessage choice of POPOPrivKey.</t>
<artset>
<artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="128" width="264" viewBox="0 0 264 128" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 16,48 L 40,48" fill="none" stroke="black"/>
<path d="M 192,48 L 224,48" fill="none" stroke="black"/>
<path d="M 16,64 L 40,64" fill="none" stroke="black"/>
<path d="M 192,64 L 224,64" fill="none" stroke="black"/>
<path d="M 16,80 L 40,80" fill="none" stroke="black"/>
<path d="M 192,80 L 224,80" fill="none" stroke="black"/>
<path d="M 16,96 L 40,96" fill="none" stroke="black"/>
<path d="M 192,96 L 224,96" fill="none" stroke="black"/>
<polygon class="arrowhead" points="232,80 220,74.4 220,85.6" fill="black" transform="rotate(0,224,80)"/>
<polygon class="arrowhead" points="232,48 220,42.4 220,53.6" fill="black" transform="rotate(0,224,48)"/>
<polygon class="arrowhead" points="24,96 12,90.4 12,101.6" fill="black" transform="rotate(180,16,96)"/>
<polygon class="arrowhead" points="24,64 12,58.4 12,69.6" fill="black" transform="rotate(180,16,64)"/>
<g class="text">
<text x="12" y="36">EE</text>
<text x="240" y="36">RA/CA</text>
<text x="112" y="52">req</text>
<text x="72" y="68">rep</text>
<text x="108" y="68">(enc</text>
<text x="152" y="68">cert)</text>
<text x="68" y="84">conf</text>
<text x="112" y="84">(cert</text>
<text x="160" y="84">hash)</text>
<text x="112" y="100">ack</text>
</g>
</svg>
</artwork>
<artwork type="ascii-art"><![CDATA[
EE RA/CA
---- req ---->
<--- rep (enc cert) -----
---- conf (cert hash) ---->
<--- ack -----
]]></artwork>
</artset>
<t>The end entity proves knowledge of the private key to the CA by providing the correct CertHash for this certificate in the certConf message. This demonstrates POP because the EE can only compute the correct CertHash if it is able to recover the encrypted certificate, and it can only recover the certificate if it is able to obtain the symmetric key using the required private key. Clearly, for this to work, the CA <bcp14>MUST NOT</bcp14> publish the certificate until the certConf message arrives (when certHash is to be used to demonstrate POP). See <xref target="sect-5.3.18"/> for further details details, and see <xref target="sect-8.11"/> for security considerations regarding use of Certificate Transparency logs.</t>
<t>The recipient <bcp14>SHOULD</bcp14> maintain a context of the PKI management operation, e.g., using transactionID and certReqId, to identify the private key to use when decrypting the EnvelopedData containing the newly issued certificate. The recipient may be unable to use the RecipientInfo structure as it refers to the certificate that is still encrypted. The sender <bcp14>MUST</bcp14> populate the rid field as specified by CMS CMS, and the client <bcp14>MAY</bcp14> ignore it.</t>
</section>
<section anchor="sect-5.2.8.3.3">
<name>Direct Method - Challenge-Response Protocol</name>
<t>The direct method mentioned previously in <xref target="sect-4.3"/> demonstrates proof-of-possession of the private key by having the end entity engage in a challenge-response protocol (using the messages popdecc of type POPODecKeyChall and popdecr of type POPODecKeyResp; see below) between CertReqMessages and CertRepMessage. This method is indicated in the CertRequest by requesting the challengeResp option in the subsequentMessage choice of POPOPrivKey.</t>
<t>Note: This method would typically be used in an environment in which an RA verifies POP and then makes a certification request to the CA on behalf of the end entity. In such a scenario, the CA trusts the RA to have done POP correctly before the RA requests a certificate for the end entity.</t>
<t>The complete protocol then looks as follows (note that req' does not necessarily encapsulate req as a nested message):</t>
<artset>
<artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="224" width="248" viewBox="0 0 248 224" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 16,48 L 40,48" fill="none" stroke="black"/>
<path d="M 88,48 L 120,48" fill="none" stroke="black"/>
<path d="M 16,64 L 40,64" fill="none" stroke="black"/>
<path d="M 104,64 L 120,64" fill="none" stroke="black"/>
<path d="M 16,80 L 40,80" fill="none" stroke="black"/>
<path d="M 96,80 L 120,80" fill="none" stroke="black"/>
<path d="M 128,96 L 152,96" fill="none" stroke="black"/>
<path d="M 208,96 L 232,96" fill="none" stroke="black"/>
<path d="M 128,112 L 152,112" fill="none" stroke="black"/>
<path d="M 200,112 L 232,112" fill="none" stroke="black"/>
<path d="M 128,128 L 152,128" fill="none" stroke="black"/>
<path d="M 208,128 L 232,128" fill="none" stroke="black"/>
<path d="M 128,144 L 152,144" fill="none" stroke="black"/>
<path d="M 200,144 L 232,144" fill="none" stroke="black"/>
<path d="M 16,160 L 40,160" fill="none" stroke="black"/>
<path d="M 88,160 L 120,160" fill="none" stroke="black"/>
<path d="M 16,176 L 40,176" fill="none" stroke="black"/>
<path d="M 96,176 L 120,176" fill="none" stroke="black"/>
<path d="M 16,192 L 40,192" fill="none" stroke="black"/>
<path d="M 88,192 L 120,192" fill="none" stroke="black"/>
<polygon class="arrowhead" points="240,128 228,122.4 228,133.6" fill="black" transform="rotate(0,232,128)"/>
<polygon class="arrowhead" points="240,96 228,90.4 228,101.6" fill="black" transform="rotate(0,232,96)"/>
<polygon class="arrowhead" points="136,144 124,138.4 124,149.6" fill="black" transform="rotate(180,128,144)"/>
<polygon class="arrowhead" points="136,112 124,106.4 124,117.6" fill="black" transform="rotate(180,128,112)"/>
<polygon class="arrowhead" points="128,176 116,170.4 116,181.6" fill="black" transform="rotate(0,120,176)"/>
<polygon class="arrowhead" points="128,80 116,74.4 116,85.6" fill="black" transform="rotate(0,120,80)"/>
<polygon class="arrowhead" points="128,48 116,42.4 116,53.6" fill="black" transform="rotate(0,120,48)"/>
<polygon class="arrowhead" points="24,192 12,186.4 12,197.6" fill="black" transform="rotate(180,16,192)"/>
<polygon class="arrowhead" points="24,160 12,154.4 12,165.6" fill="black" transform="rotate(180,16,160)"/>
<polygon class="arrowhead" points="24,64 12,58.4 12,69.6" fill="black" transform="rotate(180,16,64)"/>
<g class="text">
<text x="12" y="36">EE</text>
<text x="124" y="36">RA</text>
<text x="236" y="36">CA</text>
<text x="64" y="52">req</text>
<text x="72" y="68">chall</text>
<text x="68" y="84">resp</text>
<text x="180" y="100">req'</text>
<text x="176" y="116">rep</text>
<text x="180" y="132">conf</text>
<text x="176" y="148">ack</text>
<text x="64" y="164">rep</text>
<text x="68" y="180">conf</text>
<text x="64" y="196">ack</text>
</g>
</svg>
</artwork>
<artwork type="ascii-art"><![CDATA[
EE RA CA
---- req ---->
<--- chall ---
---- resp --->
---- req' --->
<--- rep -----
---- conf --->
<--- ack -----
<--- rep -----
---- conf --->
<--- ack -----
]]></artwork>
</artset>
<t>This protocol is obviously much longer than the exchange given in <xref target="sect-5.2.8.3.2"/> above, above but allows a local Registration Authority to be involved and has the property that the certificate itself is not actually created until the proof-of-possession is complete. In some environments, a different order of the above messages may be required, such as the following (this may be determined by policy):</t>
<artset>
<artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="224" width="248" viewBox="0 0 248 224" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 16,48 L 40,48" fill="none" stroke="black"/>
<path d="M 88,48 L 120,48" fill="none" stroke="black"/>
<path d="M 16,64 L 40,64" fill="none" stroke="black"/>
<path d="M 104,64 L 120,64" fill="none" stroke="black"/>
<path d="M 16,80 L 40,80" fill="none" stroke="black"/>
<path d="M 96,80 L 120,80" fill="none" stroke="black"/>
<path d="M 128,96 L 152,96" fill="none" stroke="black"/>
<path d="M 208,96 L 232,96" fill="none" stroke="black"/>
<path d="M 128,112 L 152,112" fill="none" stroke="black"/>
<path d="M 200,112 L 232,112" fill="none" stroke="black"/>
<path d="M 16,128 L 40,128" fill="none" stroke="black"/>
<path d="M 88,128 L 120,128" fill="none" stroke="black"/>
<path d="M 16,144 L 40,144" fill="none" stroke="black"/>
<path d="M 96,144 L 120,144" fill="none" stroke="black"/>
<path d="M 128,160 L 152,160" fill="none" stroke="black"/>
<path d="M 208,160 L 232,160" fill="none" stroke="black"/>
<path d="M 128,176 L 152,176" fill="none" stroke="black"/>
<path d="M 200,176 L 232,176" fill="none" stroke="black"/>
<path d="M 16,192 L 40,192" fill="none" stroke="black"/>
<path d="M 88,192 L 120,192" fill="none" stroke="black"/>
<polygon class="arrowhead" points="240,160 228,154.4 228,165.6" fill="black" transform="rotate(0,232,160)"/>
<polygon class="arrowhead" points="240,96 228,90.4 228,101.6" fill="black" transform="rotate(0,232,96)"/>
<polygon class="arrowhead" points="136,176 124,170.4 124,181.6" fill="black" transform="rotate(180,128,176)"/>
<polygon class="arrowhead" points="136,112 124,106.4 124,117.6" fill="black" transform="rotate(180,128,112)"/>
<polygon class="arrowhead" points="128,144 116,138.4 116,149.6" fill="black" transform="rotate(0,120,144)"/>
<polygon class="arrowhead" points="128,80 116,74.4 116,85.6" fill="black" transform="rotate(0,120,80)"/>
<polygon class="arrowhead" points="128,48 116,42.4 116,53.6" fill="black" transform="rotate(0,120,48)"/>
<polygon class="arrowhead" points="24,192 12,186.4 12,197.6" fill="black" transform="rotate(180,16,192)"/>
<polygon class="arrowhead" points="24,128 12,122.4 12,133.6" fill="black" transform="rotate(180,16,128)"/>
<polygon class="arrowhead" points="24,64 12,58.4 12,69.6" fill="black" transform="rotate(180,16,64)"/>
<g class="text">
<text x="12" y="36">EE</text>
<text x="124" y="36">RA</text>
<text x="236" y="36">CA</text>
<text x="64" y="52">req</text>
<text x="72" y="68">chall</text>
<text x="68" y="84">resp</text>
<text x="180" y="100">req'</text>
<text x="176" y="116">rep</text>
<text x="64" y="132">rep</text>
<text x="68" y="148">conf</text>
<text x="180" y="164">conf</text>
<text x="176" y="180">ack</text>
<text x="64" y="196">ack</text>
</g>
</svg>
</artwork>
<artwork type="ascii-art"><![CDATA[
EE RA CA
---- req ---->
<--- chall ---
---- resp --->
---- req' --->
<--- rep -----
<--- rep -----
---- conf --->
---- conf --->
<--- ack -----
<--- ack -----
]]></artwork>
</artset>
<t>The challenge-response messages for proof-of-possession of a private key are specified as follows (for decryption keys keys, see <xref target="MvOV97"/>, p.404 for details). This challenge-response exchange is associated with the preceding certification request message (and subsequent certification response and confirmation messages) by the transactionID used in the PKIHeader and by the protection applied to the PKIMessage.</t>
<sourcecode type="asn.1"><![CDATA[
POPODecKeyChallContent ::= SEQUENCE OF Challenge
Challenge ::= SEQUENCE {
owf AlgorithmIdentifier OPTIONAL,
witness OCTET STRING,
challenge OCTET STRING, -- deprecated
encryptedRand [0] EnvelopedData OPTIONAL
}
Rand ::= SEQUENCE {
int INTEGER,
sender GeneralName
}
]]></sourcecode>
<t>More details on the fields in this syntax is are available in <xref target="sect-f"/>.</t>
<t>For a popdecc message indicating cmp2021(3) in the pvno field of the PKIHeader, the encryption of Rand <bcp14>MUST</bcp14> be transferred in the encryptedRand field in a CMS EnvelopedData structure as defined in <xref target="sect-5.2.2"/>. The challenge field <bcp14>MUST</bcp14> contain an empty OCTET STRING.</t>
<t>The recipient <bcp14>SHOULD</bcp14> maintain a context of the PKI management operation, e.g., using transactionID and certReqId, to identify the private key to use when decrypting encryptedRand. The sender <bcp14>MUST</bcp14> populate the rid field in the EnvelopedData sequence using the issuerAndSerialNumber choice containing a NULL-DN as issuer and the certReqId as serialNumber. The client <bcp14>MAY</bcp14> ignore the rid field.</t>
<t>Note: The challenge field has been deprecated in favor of encryptedRand. When using cmp2000(2) in the popdecc message header for backward compatibility, the challenge field <bcp14>MUST</bcp14> contain the encryption (involving the public key for which the certification request is being made) of Rand and encryptedRand <bcp14>MUST</bcp14> be omitted. Using challenge (omitting the optional encryptedRand field) is bit-compatible with <xref target="RFC4210"/>. Note that the size of Rand, when used with challenge, needs to be appropriate for encryption, involving the public key of the requester. If, in some environment, names are so long that they cannot fit (e.g., very long DNs), then whatever portion will fit should be used (as long as it includes at least the common name, and as long as the receiver is able to deal meaningfully with the abbreviation).</t>
<sourcecode type="asn.1"><![CDATA[
POPODecKeyRespContent ::= SEQUENCE OF INTEGER
]]></sourcecode>
<t>On receiving the popdecc message, the end entity decrypts all included challenges
and responds with a popdecr message containing the decrypted integer values in the same order.</t>
</section>
</section>
<section anchor="sect-5.2.8.4">
<name>Summary of PoP POP Options</name>
<t>The text in this section provides several options with respect to POP techniques. Using "SK" for "signing key", "EK" for "encryption key", "KAK" for "key agreement key", and "KEMK" for "key encapsulation mechanism key", the techniques may be summarized as follows:</t>
<artwork><![CDATA[
RAVerified;
SKPOP;
<ul empty="true" spacing="compact">
<li> RAVerified;</li>
<li> SKPOP;</li>
<li> EKPOPThisMessage; -- deprecated deprecated</li>
<li> KAKPOPThisMessage; -- deprecated
EKPOPEncryptedKey;
KAKPOPEncryptedKey;
KEMKPOPEncryptedKey;
KAKPOPThisMessageDHMAC;
EKPOPEncryptedCert;
KAKPOPEncryptedCert;
KEMKPOPEncryptedCert;
EKPOPChallengeResp; deprecated</li>
<li> EKPOPEncryptedKey;</li>
<li> KAKPOPEncryptedKey;</li>
<li> KEMKPOPEncryptedKey;</li>
<li> KAKPOPThisMessageDHMAC;</li>
<li> EKPOPEncryptedCert;</li>
<li> KAKPOPEncryptedCert;</li>
<li> KEMKPOPEncryptedCert;</li>
<li> EKPOPChallengeResp;</li>
<li> KAKPOPChallengeResp; and
KEMKPOPChallengeResp.
]]></artwork> and</li>
<li> KEMKPOPChallengeResp.</li>
</ul>
<t>Given this array of options, it is natural to ask how an end entity can know what is supported by the CA/RA (i.e., which options it may use when requesting certificates). The following guidelines should clarify this situation for EE implementers.</t>
<t>RAVerified:
<ul spacing="normal">
<li>RAVerified: This is not an EE decision; the RA uses this if
and only if it has verified POP before forwarding the request on
to the CA, so it is not possible for the EE to choose this technique.</t>
<t>SKPOP:
technique.</li>
<li>SKPOP: If the EE has a signing key pair, this is the only POP
method specified for use in the request for a corresponding certificate.</t>
<t>EKPOPThisMessage
certificate.</li>
<li>EKPOPThisMessage (deprecated), KAKPOPThisMessage
(deprecated), EKPOPEncryptedKey, KAKPOPEncryptedKey,
KEMKPOPEncryptedKey: Whether or not to give up its private key
to the CA/RA is an EE decision. If the EE decides to reveal its
key, then these are the only POP methods available in this
specification to achieve this (and the key pair type and
protocol version used will determine which of these methods to
use). The reason for deprecating EKPOPThisMessage and
KAKPOPThisMessage options has been given in <xref target="sect-5.2.8.3.1"/>.</t>
<t>KAKPOPThisMessageDHMAC:
target="sect-5.2.8.3.1"/>.</li>
<li>KAKPOPThisMessageDHMAC: The EE can only use this method if
(1) the CA/RA has a DH certificate available for this purpose, purpose
and (2) the EE already has a copy of this certificate. If both
these conditions hold, then this technique is clearly supported
and may be used by the EE, if desired.</t>
<t>EKPOPEncryptedCert, desired.</li>
<li>EKPOPEncryptedCert, KAKPOPEncryptedCert,
KEMKPOPEncryptedCert, EKPOPChallengeResp, KAKPOPChallengeResp,
and KEMKPOPChallengeResp: The EE picks one of these (in the
subsequentMessage field) in the request message, depending upon
preference and key pair type. The EE is not doing POP at this
point; it is simply indicating which method it wants to
use. Therefore, if the CA/RA replies with a "badPOP" error, the
EE can re-request using the other POP method chosen in
subsequentMessage. Note, however, that this specification
encourages the use of the EncryptedCert choice and, furthermore,
says that the challenge-response would typically be used when an
RA is involved and doing POP verification. Thus, the EE should
be able to make an intelligent decision regarding which of these
POP methods to choose in the request message.</t> message.</li>
</ul>
</section>
</section>
<section anchor="sect-5.2.9">
<name>GeneralizedTime</name>
<t>GeneralizedTime is a standard ASN.1 type and <bcp14>SHALL</bcp14> be used as specified in Section 4.1.2.5.2 of <xref section="4.1.2.5.2" target="RFC5280"/>.</t>
</section>
</section>
<section anchor="sect-5.3">
<name>Operation-Specific Data Structures</name>
<section anchor="sect-5.3.1">
<name>Initialization Request</name>
<t>An Initialization request message contains as the PKIBody a
CertReqMessages data structure, which specifies the requested
certificate(s). Typically, SubjectPublicKeyInfo, KeyId, and Validity
are the template fields which that may be supplied for each certificate
requested (see the profiles defined in <xref section="4.1.1" target="RFC9483"/> Section 4.1.1, and Appendices <xref target="sect-c.4"/> target="sect-c.4" format="counter"/>
and <xref target="sect-d.7"/> target="sect-d.7" format="counter"/> for further information). This
message is intended to be used for entities when first initializing
into the PKI.</t>
<t>See <xref target="sect-5.2.1"/> and <xref target="RFC4211"/> for CertReqMessages syntax.</t>
</section>
<section anchor="sect-5.3.2">
<name>Initialization Response</name>
<t>An Initialization response message contains as the PKIBody a
CertRepMessage data structure, which has for each certificate
requested a PKIStatusInfo field, a subject certificate, and possibly
a private key (normally encrypted using EnvelopedData, EnvelopedData; see <xref section="4.1.6" target="RFC9483"/> Section
4.1.6 for further information).</t>
<t>See <xref target="sect-5.3.4"/> for CertRepMessage syntax. Note that if the PKI
Message Protection
message protection is "shared secret information" (see <xref target="sect-5.1.3.1"/>),
then any certificate transported in the caPubs field may be
directly trusted as a root CA certificate by the initiator.</t>
</section>
<section anchor="sect-5.3.3">
<name>Certification Request</name>
<t>A Certification request message contains as the PKIBody a
CertReqMessages data structure, which specifies the requested
certificates (see the profiles defined in <xref section="4.1.2" target="RFC9483"/> Section 4.1.2 and <xref target="sect-c.2"/>
for further information). This message is intended to be used for existing PKI
entities who wish to obtain additional certificates.</t>
<t>See <xref target="sect-5.2.1"/> and <xref target="RFC4211"/> for CertReqMessages syntax.</t>
<t>Alternatively, the PKIBody <bcp14>MAY</bcp14> be a CertificationRequest (this
structure is fully specified by the ASN.1 structure
CertificationRequest given in <xref target="RFC2986"/>, target="RFC2986"/>; see the profiles defined in
<xref section="4.1.4" target="RFC9483"/> Section 4.1.4 for further information).
This structure may be
required for certificate requests for signing key pairs when
interoperation with legacy systems is desired, but its use is
strongly discouraged whenever not absolutely necessary.</t>
</section>
<section anchor="sect-5.3.4">
<name>Certification Response</name>
<t>A Certification response message contains as the PKIBody a
CertRepMessage data structure, which has a status value for each
certificate requested, requested and optionally has a CA public key, failure
information, a subject certificate, and an encrypted private key.</t>
<sourcecode type="asn.1"><![CDATA[
CertRepMessage ::= SEQUENCE {
caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
OPTIONAL,
response SEQUENCE OF CertResponse
}
CertResponse ::= SEQUENCE {
certReqId INTEGER,
status PKIStatusInfo,
certifiedKeyPair CertifiedKeyPair OPTIONAL,
rspInfo OCTET STRING OPTIONAL
-- analogous to the id-regInfo-utf8Pairs string defined
-- for regInfo in CertReqMsg [RFC4211]
}
CertifiedKeyPair ::= SEQUENCE {
certOrEncCert CertOrEncCert,
privateKey [0] EncryptedKey OPTIONAL,
-- See [RFC4211] for comments on encoding.
publicationInfo [1] PKIPublicationInfo OPTIONAL
}
CertOrEncCert ::= CHOICE {
certificate [0] CMPCertificate,
encryptedCert [1] EncryptedKey
}
]]></sourcecode>
<t>A p10cr message contains exactly one CertificationRequestInfo data structure,
as specified in PKCS#10 PKCS #10 <xref target="RFC2986"/>, but no certReqId.
Therefore, the certReqId in the corresponding Certification
Response (cp) message <bcp14>MUST</bcp14> be set to -1.</t>
<t>Only one of the failInfo (in PKIStatusInfo) and certificate (in
CertifiedKeyPair) fields can be present in each CertResponse
(depending on the status). For some status values (e.g., waiting),
neither of the optional fields will be present.</t>
<t>Given an EncryptedCert and the relevant decryption key, the
certificate may be obtained. The purpose of this is to allow a CA to
return the value of a certificate, certificate but with the constraint that only
the intended recipient can obtain the actual certificate. The
benefit of this approach is that a CA may reply with a certificate
even in the absence of a proof that the requester is the end entity
that can use the relevant private key (note that the proof is not
obtained until the certConf message is received by the CA). Thus,
the CA will not have to revoke that certificate in the event that
something goes wrong with the proof-of-possession (but <bcp14>MAY</bcp14> do so
anyway, depending upon policy).</t>
<t>The use of EncryptedKey is described in <xref target="sect-5.2.2"/>.</t>
<t>Note: To indicate support for EnvelopedData, the pvno cmp2021 has been
introduced. Details on the usage of different protocol version
numbers (pvno) (pvnos) are described in <xref target="sect-7"/>.</t>
</section>
<section anchor="sect-5.3.5">
<name>Key Update Request Content</name>
<t>For key update requests requests, the CertReqMessages syntax is used.
Typically, SubjectPublicKeyInfo, KeyId, and Validity are the template
fields that may be supplied for each key to be updated (see the profiles
defined in <xref section="4.1.3" target="RFC9483"/> Section 4.1.3 and <xref target="sect-c.6"/> for further information).
This message
is intended to be used to request updates to existing (non-revoked
and non-expired) certificates (therefore, it is sometimes referred to
as a "Certificate Update" operation). An update is a replacement
certificate containing either a new subject public key or the current
subject public key (although the latter practice may not be
appropriate for some environments).</t>
<t>See <xref target="sect-5.2.1"/> and <xref target="RFC4211"/> for CertReqMessages syntax.</t>
</section>
<section anchor="sect-5.3.6">
<name>Key Update Response Content</name>
<t>For key update responses, the CertRepMessage syntax is used. The
response is identical to the initialization response.</t>
<t>See <xref target="sect-5.3.4"/> for CertRepMessage syntax.</t>
</section>
<section anchor="sect-5.3.7">
<name>Key Recovery Request Content</name>
<t>For key recovery requests requests, the syntax used is identical to the
initialization request CertReqMessages. Typically,
SubjectPublicKeyInfo and KeyId are the template fields that may be
used to supply a signature public key for which a certificate is
required.</t>
<t>See <xref target="sect-5.2.1"/> and <xref target="RFC4211"/> for CertReqMessages syntax. Note that if a
key history is required, the requester must supply a Protocol
Encryption Key control in the request message.</t>
</section>
<section anchor="sect-5.3.8">
<name>Key Recovery Response Content</name>
<t>For key recovery responses, the following syntax is used. For some
status values (e.g., waiting) waiting), none of the optional fields will be
present.</t>
<sourcecode type="asn.1"><![CDATA[
KeyRecRepContent ::= SEQUENCE {
status PKIStatusInfo,
newSigCert [0] Certificate OPTIONAL,
caCerts [1] SEQUENCE SIZE (1..MAX) OF
Certificate OPTIONAL,
keyPairHist [2] SEQUENCE SIZE (1..MAX) OF
CertifiedKeyPair OPTIONAL
}
]]></sourcecode>
</section>
<section anchor="sect-5.3.9">
<name>Revocation Request Content</name>
<t>When requesting revocation of a certificate (or several
certificates), the following data structure is used (see the profiles defined
in <xref section="4.2" target="RFC9483"/> Section 4.2 for further information). The name of the
requester is present in the PKIHeader structure.</t>
<sourcecode type="asn.1"><![CDATA[
RevReqContent ::= SEQUENCE OF RevDetails
RevDetails ::= SEQUENCE {
certDetails CertTemplate,
crlEntryDetails Extensions OPTIONAL
}
]]></sourcecode>
</section>
<section anchor="sect-5.3.10">
<name>Revocation Response Content</name>
<t>The revocation response is the response to the above message. If
produced, this is sent to the requester of the revocation. (A
separate revocation announcement message <bcp14>MAY</bcp14> be sent to the subject
of the certificate for which revocation was requested.)</t>
<sourcecode type="asn.1"><![CDATA[
RevRepContent ::= SEQUENCE {
status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo,
revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL,
crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList
OPTIONAL
}
]]></sourcecode>
</section>
<section anchor="sect-5.3.11">
<name>Cross Certification
<name>Cross-Certification Request Content</name>
<t>Cross certification
<t>Cross-certification requests use the same syntax (CertReqMessages) as
normal certification requests, with the restriction that the key pair
<bcp14>MUST</bcp14> have been generated by the requesting CA and the private key
<bcp14>MUST NOT</bcp14> be sent to the responding CA (see the profiles defined in <xref target="sect-d.6"/>
for further information). This request <bcp14>MAY</bcp14> also be used
by subordinate CAs to get their certificates signed by the parent CA.</t>
<t>See <xref target="sect-5.2.1"/> and <xref target="RFC4211"/> for CertReqMessages syntax.</t>
</section>
<section anchor="sect-5.3.12">
<name>Cross Certification
<name>Cross-Certification Response Content</name>
<t>Cross certification
<t>Cross-certification responses use the same syntax (CertRepMessage) as
normal certification responses, with the restriction that no
encrypted private key can be sent.</t>
<t>See <xref target="sect-5.3.4"/> for CertRepMessage syntax.</t>
</section>
<section anchor="sect-5.3.13">
<name>CA Key Update Announcement Content</name>
<t>When a CA updates its own key pair, the following data structure <bcp14>MAY</bcp14>
be used to announce this event.</t>
<sourcecode type="asn.1"><![CDATA[
RootCaKeyUpdateContent ::= SEQUENCE {
newWithNew CMPCertificate,
newWithOld [0] CMPCertificate OPTIONAL,
oldWithNew [1] CMPCertificate OPTIONAL
}
CAKeyUpdContent ::= CHOICE {
cAKeyUpdAnnV2 CAKeyUpdAnnContent, -- deprecated
cAKeyUpdAnnV3 [0] RootCaKeyUpdateContent
}
]]></sourcecode>
<t>When using RootCaKeyUpdateContent in the ckuann message, the pvno cmp2021 <bcp14>MUST</bcp14> be used. Details on the usage of the protocol version number (pvno) are described in Section 7.</t> <xref target="sect-7"/>.</t>
<t>In contrast to CAKeyUpdAnnContent as supported with cmp2000, RootCaKeyUpdateContent offers omitting newWithOld and oldWithNew, depending on the needs of the EE.</t>
</section>
<section anchor="sect-5.3.14">
<name>Certificate Announcement</name>
<t>This structure <bcp14>MAY</bcp14> be used to announce the existence of certificates.</t>
<t>Note that this message is intended to be used for those cases (if
any) where there is no pre-existing method for publication of
certificates; it is not intended to be used where, for example, X.500
is the method for publication of certificates.</t>
<sourcecode type="asn.1"><![CDATA[
CertAnnContent ::= Certificate
]]></sourcecode>
</section>
<section anchor="sect-5.3.15">
<name>Revocation Announcement</name>
<t>When a CA has revoked, or is about to revoke, a particular
certificate, it <bcp14>MAY</bcp14> issue an announcement of this (possibly upcoming)
event.</t>
<sourcecode type="asn.1"><![CDATA[
RevAnnContent ::= SEQUENCE {
status PKIStatus,
certId CertId,
willBeRevokedAt GeneralizedTime,
badSinceDate GeneralizedTime,
crlDetails Extensions OPTIONAL
}
]]></sourcecode>
<t>A CA <bcp14>MAY</bcp14> use such an announcement to warn (or notify) a subject that
its certificate is about to be (or has been) revoked. This would
typically be used where the request for revocation did not come from
the subject concerned.</t>
<t>The willBeRevokedAt field contains the time at which a new entry will
be added to the relevant CRLs.</t>
</section>
<section anchor="sect-5.3.16">
<name>CRL Announcement</name>
<t>When a CA issues a new CRL (or set of CRLs) CRLs), the following data
structure <bcp14>MAY</bcp14> be used to announce this event.</t>
<sourcecode type="asn.1"><![CDATA[
CRLAnnContent ::= SEQUENCE OF CertificateList
]]></sourcecode>
</section>
<section anchor="sect-5.3.17">
<name>PKI Confirmation Content</name>
<t>This data structure is used in the protocol exchange as the final
PKIMessage. Its content is the same in all cases -- actually actually, there
is no content since the PKIHeader carries all the required
information.</t>
<sourcecode type="asn.1"><![CDATA[
PKIConfirmContent ::= NULL
]]></sourcecode>
<t>Use of this message for certificate confirmation is <bcp14>NOT RECOMMENDED</bcp14>;
certConf <bcp14>SHOULD</bcp14> be used instead. Upon receiving a PKIConfirm for a
certificate response, the recipient <bcp14>MAY</bcp14> treat it as a certConf with
all certificates being accepted.</t>
</section>
<section anchor="sect-5.3.18">
<name>Certificate Confirmation Content</name>
<t>This data structure is used by the client to send a confirmation to
the CA/RA to accept or reject certificates.</t>
<sourcecode type="asn.1"><![CDATA[
CertConfirmContent ::= SEQUENCE OF CertStatus
CertStatus ::= SEQUENCE {
certHash OCTET STRING,
certReqId INTEGER,
statusInfo PKIStatusInfo OPTIONAL,
hashAlg [0] AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}
OPTIONAL
}
]]></sourcecode>
<t>The hashAlg field <bcp14>SHOULD</bcp14> be used only in exceptional cases where the signatureAlgorithm
of the certificate to be confirmed does not specify a hash algorithm in the
OID or in the parameters or no hash algorithm is specified for hashing certificates signed using the signatureAlgorithm. Note that for EdDSA EdDSA, a hash algorithm is specified in Section 3.3 of <xref section="3.3" target="RFC9481"/>, such that the hashAlg field is not needed for EdDSA. Otherwise, the certHash value
<bcp14>SHALL</bcp14> be computed using the same hash algorithm as used to create and verify
the certificate signature or as specified for hashing certificates signed using the signatureAlgorithm. If hashAlg is used, the CMP version indicated
by the certConf message header must be cmp2021(3).</t>
<t>For any particular CertStatus, omission of the statusInfo field
indicates acceptance of the specified certificate. Alternatively,
explicit status details (with respect to acceptance or rejection) <bcp14>MAY</bcp14>
be provided in the statusInfo field, perhaps for auditing purposes at
the CA/RA.</t>
<t>Within CertConfirmContent, omission of a CertStatus structure
corresponding to a certificate supplied in the previous response
message indicates rejection of the certificate. Thus, an empty
CertConfirmContent (a zero-length SEQUENCE) <bcp14>MAY</bcp14> be used to indicate
rejection of all supplied certificates. See <xref target="sect-5.2.8.3.2"/>, target="sect-5.2.8.3.2"/>
for a discussion of the certHash field with respect to
proof-of-possession.</t>
</section>
<section anchor="sect-5.3.19">
<name>PKI General Message Content</name>
<sourcecode type="asn.1"><![CDATA[
InfoTypeAndValue ::= SEQUENCE {
infoType OBJECT IDENTIFIER,
infoValue ANY DEFINED BY infoType OPTIONAL
}
-- where {id-it} = {id-pkix 4} = {1 3 6 1 5 5 7 4}
GenMsgContent ::= SEQUENCE OF InfoTypeAndValue
]]></sourcecode>
<section anchor="sect-5.3.19.1">
<name>CA Protocol Encryption Certificate</name>
<t>This <bcp14>MAY</bcp14> be used by the EE to get a certificate from the CA to use to
protect sensitive information during the protocol.</t>
<artwork><![CDATA[
<sourcecode type=""><![CDATA[
GenMsg: {id-it 1}, < absent >
GenRep: {id-it 1}, Certificate | < absent >
]]></artwork>
]]></sourcecode>
<t>EEs <bcp14>MUST</bcp14> ensure that the correct certificate is used for this
purpose.</t>
</section>
<section anchor="sect-5.3.19.2">
<name>Signing Key Pair Types</name>
<t>This <bcp14>MAY</bcp14> be used by the EE to get the list of signature algorithm algorithms whose subject
public key values the CA is willing to
certify.</t>
<artwork><![CDATA[
<sourcecode type=""><![CDATA[
GenMsg: {id-it 2}, < absent >
GenRep: {id-it 2}, SEQUENCE SIZE (1..MAX) OF
AlgorithmIdentifier
]]></artwork>
]]></sourcecode>
<t>Note: For the purposes of this exchange, rsaEncryption and sha256WithRSAEncryption, for
example, are considered to be equivalent; the question being asked is, "Is
the CA willing to certify an RSA public key?"</t>
<t>Note: In case several elliptic curves are supported, several id-ecPublicKey elements
as defined in <xref target="RFC5480"/> need to be given, one per named curve.</t>
</section>
<section anchor="sect-5.3.19.3">
<name>Encryption/Key
<name>Encryption / Key Agreement Key Pair Types</name>
<t>This <bcp14>MAY</bcp14> be used by the client to get the list of encryption/key encryption / key
agreement algorithms whose subject public key values the CA is
willing to certify.</t>
<artwork><![CDATA[
<sourcecode type=""><![CDATA[
GenMsg: {id-it 3}, < absent >
GenRep: {id-it 3}, SEQUENCE SIZE (1..MAX) OF
AlgorithmIdentifier
]]></artwork>
]]></sourcecode>
<t>Note: In case several elliptic curves are supported, several id-ecPublicKey elements
as defined in <xref target="RFC5480"/> need to be given, one per named curve.</t>
</section>
<section anchor="sect-5.3.19.4">
<name>Preferred Symmetric Algorithm</name>
<t>This <bcp14>MAY</bcp14> be used by the client to get the CA-preferred symmetric
encryption algorithm for any confidential information that needs to
be exchanged between the EE and the CA (for example, if the EE wants
to send its private decryption key to the CA for archival purposes).</t>
<artwork><![CDATA[
<sourcecode type=""><![CDATA[
GenMsg: {id-it 4}, < absent >
GenRep: {id-it 4}, AlgorithmIdentifier
]]></artwork>
]]></sourcecode>
</section>
<section anchor="sect-5.3.19.5">
<name>Updated CA Key Pair</name>
<t>This <bcp14>MAY</bcp14> be used by the CA to announce a CA key update event.</t>
<artwork><![CDATA[
<sourcecode type=""><![CDATA[
GenMsg: {id-it 18}, RootCaKeyUpdateValue
]]></artwork>
]]></sourcecode>
<t>See <xref target="sect-5.3.13"/> for details of CA key update announcements.</t>
</section>
<section anchor="sect-5.3.19.6">
<name>CRL</name>
<t>This <bcp14>MAY</bcp14> be used by the client to get a copy of the latest CRL.</t>
<artwork><![CDATA[
<sourcecode type=""><![CDATA[
GenMsg: {id-it 6}, < absent >
GenRep: {id-it 6}, CertificateList
]]></artwork>
]]></sourcecode>
</section>
<section anchor="sect-5.3.19.7">
<name>Unsupported Object Identifiers</name>
<t>This is used by the server to return a list of object identifiers
that it does not recognize or support from the list submitted by the
client.</t>
<artwork><![CDATA[
<sourcecode type=""><![CDATA[
GenRep: {id-it 7}, SEQUENCE SIZE (1..MAX) OF OBJECT IDENTIFIER
]]></artwork>
]]></sourcecode>
</section>
<section anchor="sect-5.3.19.8">
<name>Key Pair Parameters</name>
<t>This <bcp14>MAY</bcp14> be used by the EE to request the domain parameters to use
for generating the key pair for certain public-key algorithms. It
can be used, for example, to request the appropriate P, Q, and G to
generate the DH/DSA key, key or to request a set of well-known elliptic
curves.</t>
<artwork><![CDATA[
<sourcecode type=""><![CDATA[
GenMsg: {id-it 10}, OBJECT IDENTIFIER -- (Algorithm object-id)
GenRep: {id-it 11}, AlgorithmIdentifier | < absent >
]]></artwork>
]]></sourcecode>
<t>An absent infoValue in the GenRep indicates that the algorithm
specified in GenMsg is not supported.</t>
<t>EEs <bcp14>MUST</bcp14> ensure that the parameters are acceptable to it and that the
GenRep message is authenticated (to avoid substitution attacks).</t>
</section>
<section anchor="sect-5.3.19.9">
<name>Revocation Passphrase</name>
<t>This <bcp14>MAY</bcp14> be used by the EE to send a passphrase to a CA/RA for the purpose
of authenticating a later revocation request (in the case that the appropriate
signing private key is no longer available to authenticate the request).
See <xref target="sect-b"/> for further details on the use of this mechanism.</t>
<artwork><![CDATA[
<sourcecode type=""><![CDATA[
GenMsg: {id-it 12}, EncryptedKey
GenRep: {id-it 12}, < absent >
]]></artwork>
]]></sourcecode>
<t>The use of EncryptedKey is described in <xref target="sect-5.2.2"/>.</t>
</section>
<section anchor="sect-5.3.19.10">
<name>ImplicitConfirm</name>
<t>See <xref target="sect-5.1.1.1"/> for the definition and use of {id-it 13}.</t>
</section>
<section anchor="sect-5.3.19.11">
<name>ConfirmWaitTime</name>
<t>See <xref target="sect-5.1.1.2"/> for the definition and use of {id-it 14}.</t>
</section>
<section anchor="sect-5.3.19.12">
<name>Original PKIMessage</name>
<t>See <xref target="sect-5.1.1.3"/> for the definition and use of {id-it 15}.</t>
</section>
<section anchor="sect-5.3.19.13">
<name>Supported Language Tags</name>
<t>This <bcp14>MAY</bcp14> be used to determine the appropriate <xref target="RFC5646"/> language tag <xref target="RFC5646"/> to use in
subsequent messages. The sender sends its list of supported
languages (in order, order of most preferred to least); least preferred); the receiver returns
the one it wishes to use. (Note: each Each UTF8String <bcp14>MUST</bcp14> include a
language tag.) If none of the offered tags are supported, an error
<bcp14>MUST</bcp14> be returned.</t>
<artwork><![CDATA[
<sourcecode type=""><![CDATA[
GenMsg: {id-it 16}, SEQUENCE SIZE (1..MAX) OF UTF8String
GenRep: {id-it 16}, SEQUENCE SIZE (1) OF UTF8String
]]></artwork>
]]></sourcecode>
</section>
<section anchor="sect-5.3.19.14">
<name>CA Certificates</name>
<t>This <bcp14>MAY</bcp14> be used by the client to get CA certificates.</t>
<artwork><![CDATA[
<sourcecode type=""><![CDATA[
GenMsg: {id-it 17}, < absent >
GenRep: {id-it 17}, SEQUENCE SIZE (1..MAX) OF
CMPCertificate | < absent >
]]></artwork>
]]></sourcecode>
</section>
<section anchor="sect-5.3.19.15">
<name>Root CA Update</name>
<t>This <bcp14>MAY</bcp14> be used by the client to get an update of a root CA certificate,
which is provided in the body of the request message. In contrast to the
ckuann message, this approach follows the request/response model.</t>
<t>The EE <bcp14>SHOULD</bcp14> reference its current trust anchor in RootCaCertValue
in the request body, giving the root CA certificate if available.</t>
<artwork><![CDATA[
<sourcecode type=""><![CDATA[
GenMsg: {id-it 20}, RootCaCertValue | < absent >
GenRep: {id-it 18}, RootCaKeyUpdateValue | < absent >
]]></artwork>
]]></sourcecode>
<sourcecode type="asn.1"><![CDATA[
RootCaCertValue ::= CMPCertificate
RootCaKeyUpdateValue ::= RootCaKeyUpdateContent
RootCaKeyUpdateContent ::= SEQUENCE {
newWithNew CMPCertificate,
newWithOld [0] CMPCertificate OPTIONAL,
oldWithNew [1] CMPCertificate OPTIONAL
}
]]></sourcecode>
<t>Note: In contrast to CAKeyUpdAnnContent (which was deprecated with pvno cmp2021),
RootCaKeyUpdateContent offers omitting newWithOld and oldWithNew,
depending on the needs of the EE.</t>
</section>
<section anchor="sect-5.3.19.16">
<name>Certificate Request Template</name>
<t>This <bcp14>MAY</bcp14> be used by the client to get a template containing requirements
for certificate request attributes and extensions. The controls id-regCtrl-algId
and id-regCtrl-rsaKeyLen <bcp14>MAY</bcp14> contain details on the types of subject public
keys the CA is willing to certify.</t>
<t>The id-regCtrl-algId control <bcp14>MAY</bcp14> be used to identify a cryptographic algorithm
(see Section 4.1.2.7 of <xref section="4.1.2.7" target="RFC5280"/>) other than rsaEncryption. The algorithm
field <bcp14>SHALL</bcp14> identify a cryptographic
algorithm. The contents of the optional parameters field will vary according
to the algorithm identified. For example, when the algorithm is set to id-ecPublicKey,
the parameters identify the elliptic curve to be used; see <xref target="RFC5480"/>.</t>
<t>Note: The client may specify a profile name in the certProfile field, see field (see <xref target="sect-5.1.1.4"/>.</t> target="sect-5.1.1.4"/>).</t>
<t>The id-regCtrl-rsaKeyLen control <bcp14>SHALL</bcp14> be used for algorithm rsaEncryption
and <bcp14>SHALL</bcp14> contain the intended modulus bit length of the RSA key.</t>
<artwork><![CDATA[
<sourcecode type=""><![CDATA[
GenMsg: {id-it 19}, < absent >
GenRep: {id-it 19}, CertReqTemplateContent | < absent >
]]></artwork>
]]></sourcecode>
<sourcecode type="asn.1"><![CDATA[
CertReqTemplateValue ::= CertReqTemplateContent
CertReqTemplateContent ::= SEQUENCE {
certTemplate CertTemplate,
keySpec Controls OPTIONAL }
Controls ::= SEQUENCE SIZE (1..MAX) OF AttributeTypeAndValue
id-regCtrl-algId OBJECT IDENTIFIER ::= { iso(1)
identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) pkip(5) regCtrl(1) 11 }
AlgIdCtrl ::= AlgorithmIdentifier{ALGORITHM, {...}}
id-regCtrl-rsaKeyLen OBJECT IDENTIFIER ::= { iso(1)
identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) pkip(5) regCtrl(1) 12 }
RsaKeyLenCtrl ::= INTEGER (1..MAX)
]]></sourcecode>
<t>The CertReqTemplateValue contains the prefilled certTemplate to be used for
a future certificate request. The publicKey field in the certTemplate <bcp14>MUST
NOT</bcp14> be used. In case the PKI management entity wishes to specify supported
public-key algorithms, the keySpec field <bcp14>MUST</bcp14> be used. One AttributeTypeAndValue
per supported algorithm or RSA key length <bcp14>MUST</bcp14> be used.</t>
<t>Note: The controls for an ASN.1 type is are defined in Section 6 of CRMF <xref target="RFC4211"/></t> section="6" target="RFC4211">CRMF</xref>.</t>
</section>
<section anchor="sect-5.3.19.17">
<name>CRL Update Retrieval</name>
<t>This <bcp14>MAY</bcp14> be used by the client to get new CRLs, specifying the source of
the CRLs and the thisUpdate value of the latest CRL it already has, if available.
A CRL source is given either by a DistributionPointName or the GeneralNames
of the issuing CA. The DistributionPointName should be treated as an internal
pointer to identify a CRL that the server already has and not as a way to
ask the server to fetch CRLs from external locations. The server <bcp14>SHALL</bcp14> only provide
those CRLs that are more recent than the ones indicated by the client.</t>
<artwork><![CDATA[
<sourcecode type=""><![CDATA[
GenMsg: {id-it 22}, SEQUENCE SIZE (1..MAX) OF CRLStatus
GenRep: {id-it 23}, SEQUENCE SIZE (1..MAX) OF
CertificateList | < absent >
]]></artwork>
]]></sourcecode>
<sourcecode type="asn.1"><![CDATA[
CRLSource ::= CHOICE {
dpn [0] DistributionPointName,
issuer [1] GeneralNames }
CRLStatus ::= SEQUENCE {
source CRLSource,
thisUpdate Time OPTIONAL }
]]></sourcecode>
</section>
<section anchor="sect-5.3.19.18">
<name>KEM Ciphertext</name>
<t>This <bcp14>MAY</bcp14> be used by a PKI entity to get the KEM ciphertext for MAC-based message protection using KEM (see <xref target="sect-5.1.3.4"/>).</t>
<t>The PKI entity which that possesses a KEM key pair can request the ciphertext by sending an InfoTypeAndValue structure of type KemCiphertextInfo where the infoValue is absent. The ciphertext can be provided in the following genp message with an InfoTypeAndValue structure of the same type.</t>
<artwork><![CDATA[
<sourcecode type=""><![CDATA[
GenMsg: {id-it TBD1}, 24}, < absent >
GenRep: {id-it TBD1}, 24}, KemCiphertextInfo
]]></artwork>
]]></sourcecode>
<sourcecode type="asn.1"><![CDATA[
KemCiphertextInfo ::= SEQUENCE {
kem AlgorithmIdentifier{KEM-ALGORITHM, {...}},
ct OCTET STRING
}
]]></sourcecode>
<t>kem is the algorithm identifier of the KEM algorithm, and any associated parameters, used to generate the ciphertext ct.</t> (ct).</t>
<t>ct is the ciphertext output from the KEM Encapsulate function.</t>
<t>NOTE:
<t>Note: These InfoTypeAndValue structures can also be transferred in the generalInfo field of the PKIHeader in messages of other types (see <xref target="sect-5.1.1.5"/>).</t>
</section>
</section>
<section anchor="sect-5.3.20">
<name>PKI General Response Content</name>
<sourcecode type="asn.1"><![CDATA[
GenRepContent ::= SEQUENCE OF InfoTypeAndValue
]]></sourcecode>
<t>Examples of GenReps that <bcp14>MAY</bcp14> be supported include those listed in the
subsections of <xref target="sect-5.3.19"/>.</t>
</section>
<section anchor="sect-5.3.21">
<name>Error Message Content</name>
<t>This data structure <bcp14>MAY</bcp14> be used by an EE, CA, or RA to convey error information and
by a PKI management entity to initiate delayed delivery of responses.</t>
<sourcecode type="asn.1"><![CDATA[
ErrorMsgContent ::= SEQUENCE {
pKIStatusInfo PKIStatusInfo,
errorCode INTEGER OPTIONAL,
errorDetails PKIFreeText OPTIONAL
}
]]></sourcecode>
<t>This message <bcp14>MAY</bcp14> be generated at any time during a PKI transaction. If the
client sends this request, the server <bcp14>MUST</bcp14> respond with a PKIConfirm response, response
or another ErrorMsg if any part of the header is not valid.</t>
<t>In case a PKI management entity sends an error message to the EE with the
pKIStatusInfo field containing the status "waiting", the EE <bcp14>SHOULD</bcp14> initiate
polling as described in <xref target="sect-5.3.22"/>.
If the EE does not initiate polling, both sides <bcp14>MUST</bcp14> treat this message
as the end of the transaction (if a transaction is in progress).</t>
<t>If protection is desired on the message, the client <bcp14>MUST</bcp14> protect it
using the same technique (i.e., signature or MAC) as the starting
message of the transaction. The CA <bcp14>MUST</bcp14> always sign it with a
signature key.</t>
</section>
<section anchor="sect-5.3.22">
<name>Polling Request and Response</name>
<t>This pair of messages is intended to handle scenarios in which the client
needs to poll the server to determine the status of an outstanding response
(i.e., when the "waiting" PKIStatus has been received).</t>
<sourcecode type="asn.1"><![CDATA[
PollReqContent ::= SEQUENCE OF SEQUENCE {
certReqId INTEGER }
PollRepContent ::= SEQUENCE OF SEQUENCE {
certReqId INTEGER,
checkAfter INTEGER, -- time in seconds
reason PKIFreeText OPTIONAL }
]]></sourcecode>
<t>Unless implicit confirmation has been requested and granted, in response to an ir, cr, p10cr, kur, krr, or ccr request message, polling is initiated
with an ip, cp, kup, krp, or ccp response message containing status "waiting". For
any type of request message, polling can be initiated with an error response
messages
message with status "waiting". The following clauses describe how polling
messages are used. It is assumed that multiple certConf messages can be
sent during transactions. There will be one sent in response to each ip,
cp, kup, krp, or ccp that contains a CertStatus for an issued certificate.</t>
<!--[rfced] Should "PKIconf" be updated to "pkiconf", "pkiConf", or
"PKIConf" to reflect usage elsewhere in the document?
Original:
In response to an ip, cp, kup, krp, or ccp message, an EE will
send a certConf for all issued certificates and expect a PKIconf
for each certConf.
-->
<ol spacing="normal" type="%d"><li>
<t>In type="1">
<li>In response to an ip, cp, kup, krp, or ccp message, an EE will
send a certConf for all issued certificates and expect a PKIconf
for each certConf. An EE will send a pollReq message in response
to each CertResponse element of an ip, cp, or kup message with
status "waiting" and in response to an error message with status
"waiting". Its certReqId <bcp14>MUST</bcp14> be either the index
of a CertResponse data structure with status "waiting" or -1
referring to the complete response.</t>
</li>
<li>
<t>In response.</li>
<li>In response to a pollReq, a CA/RA will return an ip, cp, kup,
krp, or ccp if one or more of the still pending requested certificates
are ready or the final response to some other type of request is
available; otherwise, it will return a pollRep.</t>
</li> pollRep.</li>
<li>
<t>If the EE receives a pollRep, it will wait for at least the
number of seconds given in the checkAfter field before sending
another pollReq.</t>
</li>
</ol>
<ul empty="true">
<li>
<t>[RFC-Editor: Please fix the indentation. This note belongs to 3.] Note
<t>Note that the checkAfter value heavily depends on the
certificate management environment. There are different possible reasons
for a delayed delivery of response
messages possible, messages, e.g., high
load on the server's backend, offline transfer of messages
between two PKI management entities, or required RA operator
approval. Therefore, the checkAfter time can vary greatly. This
should also be considered by the transfer protocol.</t>
</li>
</ul>
<ol spacing="normal" type="1"><li>
<t>[RFC-Editor: Please fix the enumeration and continue with '4'.] If
<li>If the EE receives an ip, cp, kup, krp, or ccp, then it will
be treated in the same way as the initial response; if it receives
any other response, then this will be treated as the final
response to the original request.</t>
</li> request.</li>
</ol>
<t>The following client-side state machine describes polling for individual
CertResponse elements at the example of an ir request message.</t>
<artset>
<artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="464" width="504" viewBox="0 0 504 464" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 32,192 L 32,224" fill="none" stroke="black"/>
<path d="M 176,384 L 176,416" fill="none" stroke="black"/>
<path d="M 240,48 L 240,64" fill="none" stroke="black"/>
<path d="M 240,96 L 240,112" fill="none" stroke="black"/>
<path d="M 240,176 L 240,224" fill="none" stroke="black"/>
<path d="M 320,384 L 320,416" fill="none" stroke="black"/>
<path d="M 352,336 L 352,352" fill="none" stroke="black"/>
<path d="M 352,384 L 352,416" fill="none" stroke="black"/>
<path d="M 400,192 L 400,224" fill="none" stroke="black"/>
<path d="M 480,384 L 480,416" fill="none" stroke="black"/>
<path d="M 496,144 L 496,336" fill="none" stroke="black"/>
<path d="M 296,144 L 496,144" fill="none" stroke="black"/>
<path d="M 32,192 L 232,192" fill="none" stroke="black"/>
<path d="M 248,192 L 400,192" fill="none" stroke="black"/>
<path d="M 72,240 L 160,240" fill="none" stroke="black"/>
<path d="M 328,240 L 376,240" fill="none" stroke="black"/>
<path d="M 352,336 L 496,336" fill="none" stroke="black"/>
<path d="M 72,368 L 104,368" fill="none" stroke="black"/>
<path d="M 384,368 L 464,368" fill="none" stroke="black"/>
<path d="M 176,416 L 320,416" fill="none" stroke="black"/>
<path d="M 352,416 L 480,416" fill="none" stroke="black"/>
<path d="M 248,272 L 288,352" fill="none" stroke="black"/>
<path d="M 192,352 L 232,272" fill="none" stroke="black"/>
<polygon class="arrowhead" points="472,368 460,362.4 460,373.6" fill="black" transform="rotate(0,464,368)"/>
<polygon class="arrowhead" points="384,240 372,234.4 372,245.6" fill="black" transform="rotate(0,376,240)"/>
<polygon class="arrowhead" points="360,384 348,378.4 348,389.6" fill="black" transform="rotate(270,352,384)"/>
<polygon class="arrowhead" points="328,384 316,378.4 316,389.6" fill="black" transform="rotate(270,320,384)"/>
<polygon class="arrowhead" points="304,144 292,138.4 292,149.6" fill="black" transform="rotate(180,296,144)"/>
<polygon class="arrowhead" points="296,352 284,346.4 284,357.6" fill="black" transform="rotate(63.43494882292201,288,352)"/>
<polygon class="arrowhead" points="256,192 244,186.4 244,197.6" fill="black" transform="rotate(180,248,192)"/>
<polygon class="arrowhead" points="248,224 236,218.4 236,229.6" fill="black" transform="rotate(90,240,224)"/>
<polygon class="arrowhead" points="248,112 236,106.4 236,117.6" fill="black" transform="rotate(90,240,112)"/>
<polygon class="arrowhead" points="248,64 236,58.4 236,69.6" fill="black" transform="rotate(90,240,64)"/>
<polygon class="arrowhead" points="240,192 228,186.4 228,197.6" fill="black" transform="rotate(0,232,192)"/>
<polygon class="arrowhead" points="200,352 188,346.4 188,357.6" fill="black" transform="rotate(116.56505117707799,192,352)"/>
<polygon class="arrowhead" points="80,368 68,362.4 68,373.6" fill="black" transform="rotate(180,72,368)"/>
<polygon class="arrowhead" points="80,240 68,234.4 68,245.6" fill="black" transform="rotate(180,72,240)"/>
<g class="text">
<text x="240" y="36">START</text>
<text x="228" y="84">Send</text>
<text x="260" y="84">ir</text>
<text x="260" y="100">ip</text>
<text x="216" y="132">Check</text>
<text x="268" y="132">status</text>
<text x="204" y="148">of</text>
<text x="252" y="148">returned</text>
<text x="240" y="164">certs</text>
<text x="132" y="228">(issued)</text>
<text x="336" y="228">(waiting)</text>
<text x="24" y="244">Add</text>
<text x="52" y="244">to</text>
<text x="192" y="244">Check</text>
<text x="268" y="244">CertResponse</text>
<text x="400" y="244">Add</text>
<text x="428" y="244">to</text>
<text x="20" y="260">conf</text>
<text x="60" y="260">list</text>
<text x="176" y="260">for</text>
<text x="212" y="260">each</text>
<text x="280" y="260">certificate</text>
<text x="400" y="260">pending</text>
<text x="452" y="260">list</text>
<text x="300" y="292">(empty</text>
<text x="348" y="292">conf</text>
<text x="392" y="292">list)</text>
<text x="136" y="308">(conf</text>
<text x="184" y="308">list)</text>
<text x="396" y="324">ip</text>
<text x="44" y="356">(empty</text>
<text x="104" y="356">pending</text>
<text x="160" y="356">list)</text>
<text x="416" y="356">pollRep</text>
<text x="48" y="372">END</text>
<text x="132" y="372">Send</text>
<text x="188" y="372">certConf</text>
<text x="300" y="372">Send</text>
<text x="352" y="372">pollReq</text>
<text x="484" y="372">Wait</text>
<text x="228" y="436">(pending</text>
<text x="288" y="436">list)</text>
</g>
</svg>
</artwork>
<artwork type="ascii-art"><![CDATA[
START
|
v
Send ir
| ip
v
Check status
of returned <------------------------+
certs |
| |
+------------------------>|<------------------+ |
| | | |
| (issued) v (waiting) | |
Add to <----------- Check CertResponse ------> Add to |
conf list for each certificate pending list |
/ \ |
/ \ (empty conf list) |
(conf list) / \ |
/ \ ip |
/ \ +-----------------+
(empty pending list) V V | pollRep
END <---- Send certConf Send pollReq---------->Wait
| ^ ^ |
| | | |
+-----------------+ +---------------+
(pending list)
]]></artwork>
</artset>
<t>In the following exchange, the end entity is enrolling for two certificates
in one request.</t>
<artset>
<artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="672" width="560" viewBox="0 0 560 672" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 8,48 L 552,48" fill="none" stroke="black"/>
<path d="M 184,80 L 200,80" fill="none" stroke="black"/>
<path d="M 288,80 L 304,80" fill="none" stroke="black"/>
<path d="M 184,144 L 200,144" fill="none" stroke="black"/>
<path d="M 288,144 L 304,144" fill="none" stroke="black"/>
<path d="M 184,192 L 200,192" fill="none" stroke="black"/>
<path d="M 288,192 L 304,192" fill="none" stroke="black"/>
<path d="M 184,256 L 200,256" fill="none" stroke="black"/>
<path d="M 288,256 L 304,256" fill="none" stroke="black"/>
<path d="M 184,304 L 200,304" fill="none" stroke="black"/>
<path d="M 288,304 L 304,304" fill="none" stroke="black"/>
<path d="M 184,368 L 200,368" fill="none" stroke="black"/>
<path d="M 288,368 L 304,368" fill="none" stroke="black"/>
<path d="M 184,416 L 200,416" fill="none" stroke="black"/>
<path d="M 288,416 L 304,416" fill="none" stroke="black"/>
<path d="M 184,464 L 200,464" fill="none" stroke="black"/>
<path d="M 288,464 L 304,464" fill="none" stroke="black"/>
<path d="M 184,496 L 200,496" fill="none" stroke="black"/>
<path d="M 288,496 L 304,496" fill="none" stroke="black"/>
<path d="M 184,560 L 200,560" fill="none" stroke="black"/>
<path d="M 288,560 L 304,560" fill="none" stroke="black"/>
<path d="M 184,608 L 200,608" fill="none" stroke="black"/>
<path d="M 288,608 L 304,608" fill="none" stroke="black"/>
<path d="M 184,656 L 200,656" fill="none" stroke="black"/>
<path d="M 288,656 L 304,656" fill="none" stroke="black"/>
<polygon class="arrowhead" points="312,608 300,602.4 300,613.6" fill="black" transform="rotate(0,304,608)"/>
<polygon class="arrowhead" points="312,496 300,490.4 300,501.6" fill="black" transform="rotate(0,304,496)"/>
<polygon class="arrowhead" points="312,416 300,410.4 300,421.6" fill="black" transform="rotate(0,304,416)"/>
<polygon class="arrowhead" points="312,304 300,298.4 300,309.6" fill="black" transform="rotate(0,304,304)"/>
<polygon class="arrowhead" points="312,192 300,186.4 300,197.6" fill="black" transform="rotate(0,304,192)"/>
<polygon class="arrowhead" points="312,80 300,74.4 300,85.6" fill="black" transform="rotate(0,304,80)"/>
<polygon class="arrowhead" points="296,656 284,650.4 284,661.6" fill="black" transform="rotate(180,288,656)"/>
<polygon class="arrowhead" points="296,560 284,554.4 284,565.6" fill="black" transform="rotate(180,288,560)"/>
<polygon class="arrowhead" points="296,464 284,458.4 284,469.6" fill="black" transform="rotate(180,288,464)"/>
<polygon class="arrowhead" points="296,368 284,362.4 284,373.6" fill="black" transform="rotate(180,288,368)"/>
<polygon class="arrowhead" points="296,256 284,250.4 284,261.6" fill="black" transform="rotate(180,288,256)"/>
<polygon class="arrowhead" points="296,144 284,138.4 284,149.6" fill="black" transform="rotate(180,288,144)"/>
<polygon class="arrowhead" points="208,608 196,602.4 196,613.6" fill="black" transform="rotate(0,200,608)"/>
<polygon class="arrowhead" points="208,496 196,490.4 196,501.6" fill="black" transform="rotate(0,200,496)"/>
<polygon class="arrowhead" points="208,416 196,410.4 196,421.6" fill="black" transform="rotate(0,200,416)"/>
<polygon class="arrowhead" points="208,304 196,298.4 196,309.6" fill="black" transform="rotate(0,200,304)"/>
<polygon class="arrowhead" points="208,192 196,186.4 196,197.6" fill="black" transform="rotate(0,200,192)"/>
<polygon class="arrowhead" points="208,80 196,74.4 196,85.6" fill="black" transform="rotate(0,200,80)"/>
<polygon class="arrowhead" points="192,656 180,650.4 180,661.6" fill="black" transform="rotate(180,184,656)"/>
<polygon class="arrowhead" points="192,560 180,554.4 180,565.6" fill="black" transform="rotate(180,184,560)"/>
<polygon class="arrowhead" points="192,464 180,458.4 180,469.6" fill="black" transform="rotate(180,184,464)"/>
<polygon class="arrowhead" points="192,368 180,362.4 180,373.6" fill="black" transform="rotate(180,184,368)"/>
<polygon class="arrowhead" points="192,256 180,250.4 180,261.6" fill="black" transform="rotate(180,184,256)"/>
<polygon class="arrowhead" points="192,144 180,138.4 180,149.6" fill="black" transform="rotate(180,184,144)"/>
<g class="text">
<text x="24" y="36">Step#</text>
<text x="64" y="36">End</text>
<text x="108" y="36">Entity</text>
<text x="328" y="36">PKI</text>
<text x="24" y="68">1</text>
<text x="76" y="68">format</text>
<text x="116" y="68">ir</text>
<text x="24" y="84">2</text>
<text x="220" y="84">ir</text>
<text x="24" y="100">3</text>
<text x="340" y="100">handle</text>
<text x="380" y="100">ir</text>
<text x="24" y="116">4</text>
<text x="340" y="116">manual</text>
<text x="420" y="116">intervention</text>
<text x="484" y="116">is</text>
<text x="364" y="132">required</text>
<text x="416" y="132">for</text>
<text x="452" y="132">both</text>
<text x="496" y="132">certs</text>
<text x="24" y="148">5</text>
<text x="220" y="148">ip</text>
<text x="24" y="164">6</text>
<text x="80" y="164">process</text>
<text x="124" y="164">ip</text>
<text x="24" y="180">7</text>
<text x="76" y="180">format</text>
<text x="136" y="180">pollReq</text>
<text x="24" y="196">8</text>
<text x="240" y="196">pollReq</text>
<text x="24" y="212">9</text>
<text x="336" y="212">check</text>
<text x="388" y="212">status</text>
<text x="428" y="212">of</text>
<text x="460" y="212">cert</text>
<text x="520" y="212">requests,</text>
<text x="380" y="228">certificates</text>
<text x="448" y="228">not</text>
<text x="488" y="228">ready</text>
<text x="20" y="244">10</text>
<text x="340" y="244">format</text>
<text x="400" y="244">pollRep</text>
<text x="20" y="260">11</text>
<text x="240" y="260">pollRep</text>
<text x="20" y="276">12</text>
<text x="68" y="276">wait</text>
<text x="20" y="292">13</text>
<text x="76" y="292">format</text>
<text x="136" y="292">pollReq</text>
<text x="20" y="308">14</text>
<text x="240" y="308">pollReq</text>
<text x="20" y="324">15</text>
<text x="336" y="324">check</text>
<text x="388" y="324">status</text>
<text x="428" y="324">of</text>
<text x="460" y="324">cert</text>
<text x="520" y="324">requests,</text>
<text x="344" y="340">one</text>
<text x="408" y="340">certificate</text>
<text x="468" y="340">is</text>
<text x="504" y="340">ready</text>
<text x="20" y="356">16</text>
<text x="340" y="356">format</text>
<text x="380" y="356">ip</text>
<text x="20" y="372">17</text>
<text x="220" y="372">ip</text>
<text x="20" y="388">18</text>
<text x="76" y="388">handle</text>
<text x="116" y="388">ip</text>
<text x="20" y="404">19</text>
<text x="76" y="404">format</text>
<text x="140" y="404">certConf</text>
<text x="20" y="420">20</text>
<text x="244" y="420">certConf</text>
<text x="20" y="436">21</text>
<text x="340" y="436">handle</text>
<text x="404" y="436">certConf</text>
<text x="20" y="452">22</text>
<text x="340" y="452">format</text>
<text x="384" y="452">ack</text>
<text x="20" y="468">23</text>
<text x="240" y="468">pkiConf</text>
<text x="20" y="484">24</text>
<text x="76" y="484">format</text>
<text x="136" y="484">pollReq</text>
<text x="20" y="500">25</text>
<text x="240" y="500">pollReq</text>
<text x="20" y="516">26</text>
<text x="336" y="516">check</text>
<text x="388" y="516">status</text>
<text x="428" y="516">of</text>
<text x="492" y="516">certificate,</text>
<text x="376" y="532">certificate</text>
<text x="436" y="532">is</text>
<text x="472" y="532">ready</text>
<text x="20" y="548">27</text>
<text x="340" y="548">format</text>
<text x="380" y="548">ip</text>
<text x="20" y="564">28</text>
<text x="220" y="564">ip</text>
<text x="20" y="580">29</text>
<text x="76" y="580">handle</text>
<text x="116" y="580">ip</text>
<text x="20" y="596">30</text>
<text x="76" y="596">format</text>
<text x="140" y="596">certConf</text>
<text x="20" y="612">31</text>
<text x="244" y="612">certConf</text>
<text x="20" y="628">32</text>
<text x="340" y="628">handle</text>
<text x="404" y="628">certConf</text>
<text x="20" y="644">33</text>
<text x="340" y="644">format</text>
<text x="384" y="644">ack</text>
<text x="20" y="660">34</text>
<text x="240" y="660">pkiConf</text>
</g>
</svg>
</artwork>
<artwork type="ascii-art"><![CDATA[
Step# End Entity PKI
---------------------------------------------------------------------
1 format ir
2 --> ir -->
3 handle ir
4 manual intervention is
required for both certs
5 <-- ip <--
6 process ip
7 format pollReq
8 --> pollReq -->
9 check status of cert requests,
certificates not ready
10 format pollRep
11 <-- pollRep <--
12 wait
13 format pollReq
14 --> pollReq -->
15 check status of cert requests,
one certificate is ready
16 format ip
17 <-- ip <--
18 handle ip
19 format certConf
20 --> certConf -->
21 handle certConf
22 format ack
23 <-- pkiConf <--
24 format pollReq
25 --> pollReq -->
26 check status of certificate,
certificate is ready
27 format ip
28 <-- ip <--
29 handle ip
30 format certConf
31 --> certConf -->
32 handle certConf
33 format ack
34 <-- pkiConf <--
]]></artwork>
</artset>
<t>The following client-side state machine describes polling for a complete
response message.</t>
<artset>
<artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="416" width="520" viewBox="0 0 520 416" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 8,192 L 8,288" fill="none" stroke="black"/>
<path d="M 104,96 L 104,176" fill="none" stroke="black"/>
<path d="M 104,208 L 104,280" fill="none" stroke="black"/>
<path d="M 272,48 L 272,80" fill="none" stroke="black"/>
<path d="M 272,288 L 272,320" fill="none" stroke="black"/>
<path d="M 272,352 L 272,368" fill="none" stroke="black"/>
<path d="M 440,96 L 440,288" fill="none" stroke="black"/>
<path d="M 104,96 L 192,96" fill="none" stroke="black"/>
<path d="M 344,96 L 440,96" fill="none" stroke="black"/>
<path d="M 8,192 L 64,192" fill="none" stroke="black"/>
<path d="M 8,288 L 264,288" fill="none" stroke="black"/>
<path d="M 280,288 L 440,288" fill="none" stroke="black"/>
<polygon class="arrowhead" points="288,288 276,282.4 276,293.6" fill="black" transform="rotate(180,280,288)"/>
<polygon class="arrowhead" points="280,368 268,362.4 268,373.6" fill="black" transform="rotate(90,272,368)"/>
<polygon class="arrowhead" points="280,320 268,314.4 268,325.6" fill="black" transform="rotate(90,272,320)"/>
<polygon class="arrowhead" points="280,80 268,74.4 268,85.6" fill="black" transform="rotate(90,272,80)"/>
<polygon class="arrowhead" points="272,288 260,282.4 260,293.6" fill="black" transform="rotate(0,264,288)"/>
<polygon class="arrowhead" points="112,280 100,274.4 100,285.6" fill="black" transform="rotate(90,104,280)"/>
<polygon class="arrowhead" points="112,176 100,170.4 100,181.6" fill="black" transform="rotate(90,104,176)"/>
<polygon class="arrowhead" points="72,192 60,186.4 60,197.6" fill="black" transform="rotate(0,64,192)"/>
<g class="text">
<text x="272" y="36">Start</text>
<text x="300" y="68">Send</text>
<text x="352" y="68">request</text>
<text x="232" y="100">Receive</text>
<text x="300" y="100">response</text>
<text x="208" y="132">ip/cp/kup/krp/ccp/error</text>
<text x="324" y="132">with</text>
<text x="472" y="132">other</text>
<text x="140" y="148">status</text>
<text x="208" y="148">"waiting"</text>
<text x="484" y="148">response</text>
<text x="104" y="196">Polling</text>
<text x="132" y="228">Send</text>
<text x="184" y="228">pollReq</text>
<text x="144" y="244">Receive</text>
<text x="212" y="244">response</text>
<text x="64" y="308">pollRep</text>
<text x="136" y="308">other</text>
<text x="196" y="308">response</text>
<text x="244" y="340">Handle</text>
<text x="308" y="340">response</text>
<text x="272" y="388">End</text>
</g>
</svg>
</artwork>
<artwork type="ascii-art"><![CDATA[
Start
|
| Send request
v
+----------- Receive response ------------+
| |
| ip/cp/kup/krp/ccp/error with | other
| status "waiting" | response
| |
v |
+------> Polling |
| | |
| | Send pollReq |
| | Receive response |
| | |
| v |
+-----------+------------------->+<-------------------+
pollRep other response |
v
Handle response
|
v
End
]]></artwork>
</artset>
<t>In the following exchange, the end entity is sending a general message request,
and the response is delayed by the server.</t>
<artset>
<artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="448" width="560" viewBox="0 0 560 448" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 8,48 L 552,48" fill="none" stroke="black"/>
<path d="M 176,80 L 192,80" fill="none" stroke="black"/>
<path d="M 272,80 L 288,80" fill="none" stroke="black"/>
<path d="M 176,160 L 192,160" fill="none" stroke="black"/>
<path d="M 272,160 L 288,160" fill="none" stroke="black"/>
<path d="M 176,208 L 192,208" fill="none" stroke="black"/>
<path d="M 272,208 L 288,208" fill="none" stroke="black"/>
<path d="M 176,288 L 192,288" fill="none" stroke="black"/>
<path d="M 272,288 L 288,288" fill="none" stroke="black"/>
<path d="M 176,336 L 192,336" fill="none" stroke="black"/>
<path d="M 272,336 L 288,336" fill="none" stroke="black"/>
<path d="M 176,416 L 192,416" fill="none" stroke="black"/>
<path d="M 272,416 L 288,416" fill="none" stroke="black"/>
<polygon class="arrowhead" points="296,336 284,330.4 284,341.6" fill="black" transform="rotate(0,288,336)"/>
<polygon class="arrowhead" points="296,208 284,202.4 284,213.6" fill="black" transform="rotate(0,288,208)"/>
<polygon class="arrowhead" points="296,80 284,74.4 284,85.6" fill="black" transform="rotate(0,288,80)"/>
<polygon class="arrowhead" points="280,416 268,410.4 268,421.6" fill="black" transform="rotate(180,272,416)"/>
<polygon class="arrowhead" points="280,288 268,282.4 268,293.6" fill="black" transform="rotate(180,272,288)"/>
<polygon class="arrowhead" points="280,160 268,154.4 268,165.6" fill="black" transform="rotate(180,272,160)"/>
<polygon class="arrowhead" points="200,336 188,330.4 188,341.6" fill="black" transform="rotate(0,192,336)"/>
<polygon class="arrowhead" points="200,208 188,202.4 188,213.6" fill="black" transform="rotate(0,192,208)"/>
<polygon class="arrowhead" points="200,80 188,74.4 188,85.6" fill="black" transform="rotate(0,192,80)"/>
<polygon class="arrowhead" points="184,416 172,410.4 172,421.6" fill="black" transform="rotate(180,176,416)"/>
<polygon class="arrowhead" points="184,288 172,282.4 172,293.6" fill="black" transform="rotate(180,176,288)"/>
<polygon class="arrowhead" points="184,160 172,154.4 172,165.6" fill="black" transform="rotate(180,176,160)"/>
<g class="text">
<text x="24" y="36">Step#</text>
<text x="64" y="36">End</text>
<text x="108" y="36">Entity</text>
<text x="328" y="36">PKI</text>
<text x="24" y="68">1</text>
<text x="76" y="68">format</text>
<text x="124" y="68">genm</text>
<text x="24" y="84">2</text>
<text x="220" y="84">genm</text>
<text x="24" y="100">3</text>
<text x="316" y="100">handle</text>
<text x="364" y="100">genm</text>
<text x="24" y="116">4</text>
<text x="312" y="116">delay</text>
<text x="348" y="116">in</text>
<text x="396" y="116">response</text>
<text x="444" y="116">is</text>
<text x="496" y="116">necessary</text>
<text x="24" y="132">5</text>
<text x="316" y="132">format</text>
<text x="368" y="132">error</text>
<text x="424" y="132">message</text>
<text x="496" y="132">"waiting"</text>
<text x="324" y="148">with</text>
<text x="384" y="148">certReqId</text>
<text x="440" y="148">set</text>
<text x="468" y="148">to</text>
<text x="492" y="148">-1</text>
<text x="24" y="164">6</text>
<text x="224" y="164">error</text>
<text x="24" y="180">7</text>
<text x="80" y="180">process</text>
<text x="136" y="180">error</text>
<text x="24" y="196">8</text>
<text x="76" y="196">format</text>
<text x="136" y="196">pollReq</text>
<text x="24" y="212">9</text>
<text x="232" y="212">pollReq</text>
<text x="20" y="228">10</text>
<text x="312" y="228">check</text>
<text x="364" y="228">status</text>
<text x="404" y="228">of</text>
<text x="452" y="228">original</text>
<text x="524" y="228">request,</text>
<text x="336" y="244">general</text>
<text x="400" y="244">message</text>
<text x="468" y="244">response</text>
<text x="520" y="244">not</text>
<text x="328" y="260">ready</text>
<text x="20" y="276">11</text>
<text x="316" y="276">format</text>
<text x="376" y="276">pollRep</text>
<text x="20" y="292">12</text>
<text x="232" y="292">pollRep</text>
<text x="20" y="308">13</text>
<text x="68" y="308">wait</text>
<text x="20" y="324">14</text>
<text x="76" y="324">format</text>
<text x="136" y="324">pollReq</text>
<text x="20" y="340">15</text>
<text x="232" y="340">pollReq</text>
<text x="20" y="356">16</text>
<text x="312" y="356">check</text>
<text x="364" y="356">status</text>
<text x="404" y="356">of</text>
<text x="452" y="356">original</text>
<text x="524" y="356">request,</text>
<text x="336" y="372">general</text>
<text x="400" y="372">message</text>
<text x="468" y="372">response</text>
<text x="516" y="372">is</text>
<text x="328" y="388">ready</text>
<text x="20" y="404">17</text>
<text x="316" y="404">format</text>
<text x="364" y="404">genp</text>
<text x="20" y="420">18</text>
<text x="220" y="420">genp</text>
<text x="20" y="436">19</text>
<text x="76" y="436">handle</text>
<text x="124" y="436">genp</text>
</g>
</svg>
</artwork>
<artwork type="ascii-art"><![CDATA[
Step# End Entity PKI
---------------------------------------------------------------------
1 format genm
2 --> genm -->
3 handle genm
4 delay in response is necessary
5 format error message "waiting"
with certReqId set to -1
6 <-- error <--
7 process error
8 format pollReq
9 --> pollReq -->
10 check status of original request,
general message response not
ready
11 format pollRep
12 <-- pollRep <--
13 wait
14 format pollReq
15 --> pollReq -->
16 check status of original request,
general message response is
ready
17 format genp
18 <-- genp <--
19 handle genp
]]></artwork>
</artset>
</section>
</section>
</section>
<section anchor="sect-6">
<name>Mandatory PKI Management Functions</name>
<t>Some of the PKI management functions outlined in <xref target="sect-3.1"/> are
described in this section.</t>
<t>This section deals with functions that are "mandatory" in the sense
that all end entity and CA/RA implementations <bcp14>MUST</bcp14> be able to provide
the functionality described. This part is effectively the profile of
the PKI management functionality that <bcp14>MUST</bcp14> be supported. Note,
however, that the management functions described in this section do
not need to be accomplished using the PKI messages defined in <xref target="sect-5"/>
if alternate means are suitable for a given environment. See
<xref section="7" target="RFC9483"/> Section 7 and <xref target="sect-c"/> for profiles of the PKIMessage structures
that <bcp14>MUST</bcp14> be supported for specific use cases.</t>
<section anchor="sect-6.1">
<name>Root CA Initialization</name>
<t>[See <xref target="sect-3.1.1.2"/> for this document's definition of "root CA".]</t>
<t>If a newly created root CA is at the top of a PKI hierarchy, it usually
produces a "self-certificate", which is a
certificate structure with the profile defined for the "newWithNew"
certificate issued following a root CA key update.</t>
<t>In order to make the CA's self-certificate useful to end entities
that do not acquire the self-certificate via "out-of-band" means, the
CA must also produce a fingerprint for its certificate. End entities
that acquire this fingerprint securely via some "out-of-band" means
can then verify the CA's self-certificate and, hence, the other
attributes contained therein.</t>
<t>The data structure used to carry the fingerprint may be the OOBCertHash, see OOBCertHash (see <xref target="sect-5.2.5"/>.</t> target="sect-5.2.5"/>).</t>
</section>
<section anchor="sect-6.2">
<name>Root CA Key Update</name>
<t>CA keys (as all other keys) have a finite lifetime and will have to
be updated on a periodic basis. The certificates NewWithNew,
NewWithOld, and OldWithNew (see <xref target="sect-4.4.1"/>) <bcp14>MAY</bcp14> be issued by the
CA to aid existing end entities who hold the current root CA
certificate (OldWithOld) to transition securely to the new root
CA certificate (NewWithNew), (NewWithNew) and to aid new end entities who
will hold NewWithNew to acquire OldWithOld securely for verification
of existing data.</t>
</section>
<section anchor="sect-6.3">
<name>Subordinate CA Initialization</name>
<t>[See <xref target="sect-3.1.1.2"/> for this document's definition of "subordinate CA".]</t>
<t>From the perspective of PKI management protocols, the initialization of a
subordinate CA is the same as the initialization of an end entity. The only
difference is that the subordinate CA must also produce an initial revocation
list.</t>
</section>
<section anchor="sect-6.4">
<name>CRL production</name> Production</name>
<t>Before issuing any certificates, a newly established CA (which issues
CRLs) must produce "empty" versions of each CRL CRL, which are to be
periodically produced.</t>
</section>
<section anchor="sect-6.5">
<name>PKI Information Request</name>
<t>When a PKI entity (CA, RA, or EE) wishes to acquire information about
the current status of a CA, it <bcp14>MAY</bcp14> send that CA a request for such
information.</t>
<t>The CA <bcp14>MUST</bcp14> respond to the request by providing (at least) all of the
information requested by the requester. If some of the information
cannot be provided, then an error must be conveyed to the requester.</t>
<t>If PKIMessages are used to request and supply this PKI information,
then the request <bcp14>MUST</bcp14> be the GenMsg message, the response <bcp14>MUST</bcp14> be the
GenRep message, and the error <bcp14>MUST</bcp14> be the Error message. These
messages are protected using a MAC based on shared secret information
(e.g., password-based MAC, MAC; see CMP Algorithms <xref target="RFC9481"/> Section 6.1) section="6.1" target="RFC9481">"CMP Algorithms"</xref>) or using any asymmetric authentication means such as a
signature (if the end entity has an existing certificate).</t>
</section>
<section anchor="sect-6.6">
<name>Cross Certification</name>
<t>The requester CA is the CA that will become the subject of the
cross-certificate; the responder CA will become the issuer of the
cross-certificate.</t>
<t>The requester CA must be "up and running" before initiating the
cross-certification operation.</t>
<section anchor="sect-6.6.1">
<name>One-Way Request-Response Scheme:</name> Scheme</name>
<t>The cross-certification scheme is essentially a one way one-way operation;
that is, when successful, this operation results in the creation of
one new cross-certificate. If the requirement is that cross-certificates
be created in "both directions", then each CA, in turn,
must initiate a cross-certification operation (or use another
scheme).</t>
<t>This scheme is suitable where the two CAs in question can already
verify each other's signatures (they have some common points of
trust) or where there is an out-of-band verification of the origin of
the certification request.</t>
<t>Detailed Description:</t>
<t>Cross
<t indent="3">Cross certification is initiated at one CA known as the responder.
The CA administrator for the responder identifies the CA it wants to
cross certify and the responder CA equipment generates an
authorization code. The responder CA administrator passes this
authorization code by out-of-band means to the requester CA
administrator. The requester CA administrator enters the
authorization code at the requester CA in order to initiate the
on-line exchange.</t>
<t>The
<t indent="3">The authorization code is used for authentication and integrity
purposes. This is done by generating a symmetric key based on the
authorization code and using the symmetric key for generating Message
Authentication Codes (MACs) on all messages exchanged.
(Authentication may alternatively be done using signatures instead of
MACs, if the CAs are able to retrieve and validate the required
public keys by some means, such as an out-of-band hash comparison.)</t>
<t>The
<t indent="3">The requester CA initiates the exchange by generating a cross-certification
request (ccr) with a fresh random number (requester random number).
The requester CA then sends the ccr message to the responder CA.
The fields in this message are protected from modification with a
MAC based on the authorization code.</t>
<t>Upon
<t indent="3">Upon receipt of the ccr message, the responder CA validates the
message and the MAC, saves the requester random number, and generates
its own random number (responder random number). It then generates
(and archives, if desired) a new requester certificate that contains
the requester CA public key and is signed with the responder CA
signature private key. The responder CA responds with the cross
certification cross-certification response (ccp) message. The fields in this message are
protected from modification with a MAC based on the authorization
code.</t>
<t>Upon
<t indent="3">Upon receipt of the ccp message, the requester CA validates the
message (including the received random numbers) and the MAC. The
requester CA responds with the certConf message. The fields in this
message are protected from modification with a MAC based on the
authorization code. The requester CA <bcp14>MAY</bcp14> write the requester
certificate to the Repository as an aid to later certificate path
construction.</t>
<t>Upon
<t indent="3">Upon receipt of the certConf message, the responder CA validates the
message and the MAC, MAC and sends back an acknowledgement using the
PKIConfirm message. It <bcp14>MAY</bcp14> also publish the requester certificate as
an aid to later path construction.</t>
<t>Notes:</t>
<ol spacing="normal" type="1"><li>
<t>The ccr message must contain a "complete" certification request;
that is, all fields except the serial number (including, e.g., a
BasicConstraints extension) must be specified by the requester
CA.</t>
</li>
<li>
<t>The ccp message <bcp14>SHOULD</bcp14> contain the verification certificate of
the responder CA; if present, the requester CA must then verify
this certificate (for example, via the "out-of-band" mechanism).</t>
</li>
</ol>
<t>(A simpler, non-interactive model of cross-certification may also be
envisioned, in which the issuing CA acquires the subject CA's public
key from some repository, verifies it via some out-of-band mechanism,
and creates and publishes the cross-certificate without the subject
CA's explicit involvement. This model may be perfectly legitimate
for many environments, but since it does not require any protocol
message exchanges, its detailed description is outside the scope of
this specification.)</t>
</section>
</section>
<section anchor="sect-6.7">
<name>End Entity Initialization</name>
<t>As with CAs, end entities must be initialized. Initialization of end
entities requires at least two steps:</t>
<ul spacing="normal">
<li>
<t>acquisition of PKI information</t>
</li>
<li>
<t>out-of-band verification of one root-CA public key</t>
</li>
</ul>
<t>(other
<t>(Other possible steps include the retrieval of trust condition
information and/or out-of-band verification of other CA public keys).</t> keys.)</t>
<section anchor="sect-6.7.1">
<name>Acquisition of PKI Information</name>
<t>The information <bcp14>REQUIRED</bcp14> is:</t>
<ul spacing="normal">
<li>
<t>the current root-CA public key</t>
</li>
<li>
<t>(if the certifying CA is not a root-CA) the certification path
from the root CA to the certifying CA together with appropriate
revocation lists</t>
</li>
<li>
<t>the algorithms and algorithm parameters that the certifying CA
supports for each relevant usage</t>
</li>
</ul>
<t>Additional information could be required (e.g., supported extensions
or CA policy information) in order to produce a certification request
that will be successful. However, for simplicity simplicity, we do not mandate
that the end entity acquires this information via the PKI messages.
The end result is simply that some certification requests may fail
(e.g., if the end entity wants to generate its own encryption key,
but the CA doesn't allow that).</t>
<t>The required information <bcp14>MAY</bcp14> be acquired as described in <xref target="sect-6.5"/>.</t>
</section>
<section anchor="sect-6.7.2">
<name>Out-of-Band Verification of the Root CA Key</name>
<t>An end entity must securely possess the public key of its root CA.
One method to achieve this is to provide the end entity with the CA's
self-certificate fingerprint via some secure "out-of-band" means.
The end entity can then securely use the CA's self-certificate.</t>
<t>See <xref target="sect-6.1"/> for further details.</t>
</section>
</section>
<section anchor="sect-6.8">
<name>Certificate Request</name>
<t>An initialized end entity <bcp14>MAY</bcp14> request an additional certificate at
any time (for any purpose). This request will be made using the
certification request (cr) message. If the end entity already
possesses a signing key pair (with a corresponding verification
certificate), then this cr message will typically be protected by the
entity's digital signature. The CA returns the new certificate (if
the request is successful) in a CertRepMessage.</t>
</section>
<section anchor="sect-6.9">
<name>Key Update</name>
<t>When a key pair is due to expire, the relevant end entity <bcp14>MAY</bcp14> request
a key update; that is, it <bcp14>MAY</bcp14> request that the CA issue a new
certificate for a new key pair (or, in certain circumstances, a new
certificate for the same key pair). The request is made using a key
update request (kur) message (referred to, in some environments, as a
"Certificate Update" operation). If the end entity already possesses
a signing key pair (with a corresponding verification certificate),
then this message will typically be protected by the entity's digital
signature. The CA returns the new certificate (if the request is
successful) in a key update response (kup) message, which is
syntactically identical to a CertRepMessage.</t>
</section>
</section>
<section anchor="sect-7">
<name>Version Negotiation</name>
<t>This section defines the version negotiation used to support older
protocols between client clients and servers.</t>
<t>If a client knows the protocol version(s) supported by the server (e.g.,
from a previous PKIMessage exchange or via some out-of-band means), then
it <bcp14>MUST</bcp14> send a PKIMessage with the highest version supported by both it and
the server. If a client does not know what version(s) the server supports,
then it <bcp14>MUST</bcp14> send a PKIMessage using the highest version it supports with
the following exception: version Version cmp2021 <bcp14>SHOULD</bcp14> only be used if cmp2021 syntax
is needed for the request being sent or for the expected response.</t>
<t>Note: Using cmp2000 as the default pvno is done to avoid extra message exchanges
for version negotiation and to foster compatibility with cmp2000 implementations.
Version cmp2021 syntax is only needed if a message exchange uses EnvelopedData,
hashAlg (in CertStatus), POPOPrivKey with agreeMAC, or ckuann with RootCaKeyUpdateContent.</t>
<t>If a server receives a message with a version that it supports, then
the version of the response message <bcp14>MUST</bcp14> be the same as the received
version. If a server receives a message with a version higher or
lower than it supports, then it <bcp14>MUST</bcp14> send back an ErrorMsg with the
unsupportedVersion bit set (in the failureInfo field of the
pKIStatusInfo). If the received version is higher than the highest
supported version, then the version in the error message <bcp14>MUST</bcp14> be the
highest version the server supports; if the received version is lower
than the lowest supported version version, then the version in the error
message <bcp14>MUST</bcp14> be the lowest version the server supports.</t>
<t>If a client gets back an ErrorMsgContent with the unsupportedVersion
bit set and a version it supports, then it <bcp14>MAY</bcp14> retry the request with
that version.</t>
<section anchor="sect-7.1">
<name>Supporting RFC 2510 Implementations</name>
<t>RFC 2510
<t><xref target="RFC2510"/> did not specify the behavior of implementations receiving
versions they did not understand since there was only one version in
existence. With the introduction of the revision in <xref target="RFC4210"/>, the following versioning behaviour behavior is recommended.</t>
<section anchor="sect-7.1.1">
<name>Clients Talking to RFC 2510 Servers</name>
<t>If, after sending a message with a protocol version number higher than cmp1999,
a client receives an ErrorMsgContent with a version of cmp1999, then it <bcp14>MUST</bcp14>
abort the current transaction.</t>
<t>If a client receives a non-error PKIMessage with a version of
cmp1999, then it <bcp14>MAY</bcp14> decide to continue the transaction (if the
transaction hasn't finished) using RFC 2510 semantics. the semantics described in <xref target="RFC2510"/>. If it does
not choose to do so and the transaction is not finished, then it <bcp14>MUST</bcp14>
abort the transaction and send an ErrorMsgContent with a version of
cmp1999.</t>
</section>
<section anchor="sect-7.1.2">
<name>Servers Receiving Version cmp1999 PKIMessages</name>
<t>If a server receives a version cmp1999 message message, it <bcp14>MAY</bcp14> revert to RFC
2510 behaviour the behavior described in <xref target="RFC2510"/> and respond with version cmp1999 messages. If it does
not choose to do so, then it <bcp14>MUST</bcp14> send back an ErrorMsgContent as
described above in <xref target="sect-7"/>.</t>
</section>
</section>
</section>
<section anchor="sect-8">
<name>Security Considerations</name>
<section anchor="sect-8.1">
<name>On the Necessity of Proof-Of-Possession</name> Proof-of-Possession</name>
<t>It is well established that the role of a Certification Authority is to
verify that the name and public key belong to the end entity prior to
issuing a certificate. If an entity holding a private key obtains a certificate containing the corresponding public key issued for a different entity, it can authenticate as the entity named in the certificate. This facilitates masquerading. It is not entirely clear what security guarantees are lost if an end entity is able to obtain a certificate containing a public key that they do not possess the corresponding private key for. There are some scenarios,
described as "forwarding attacks" in Appendix A of <xref target="Gueneysu"/>, in
which this can lead to protocol attacks against a naively-implemented naively implemented
sign-then-encrypt protocol, but in general general, it merely results in the
end entity obtaining a certificate that they can not cannot use.</t>
</section>
<section anchor="sect-8.2">
<name>Proof-Of-Possession
<name>Proof-of-Possession with a Decryption Key</name>
<t>Some cryptographic considerations are worth explicitly spelling out.
In the protocols specified above, when an end entity is required to
prove possession of a decryption key, it is effectively challenged to
decrypt something (its own certificate). This scheme (and many
others!) could be vulnerable to an attack if the possessor of the
decryption key in question could be fooled into decrypting an
arbitrary challenge and returning the cleartext to an attacker.
Although in this specification a number of other failures in security
are required in order for this attack to succeed, it is conceivable
that some future services (e.g., notary, trusted time) could
potentially be vulnerable to such attacks. For this reason, we
reiterate the general rule that implementations should be very careful
about decrypting arbitrary "ciphertext" and revealing recovered
"plaintext" since such a practice can lead to serious security
vulnerabilities.</t>
<t>The client <bcp14>MUST</bcp14> return the decrypted values only if they match the expected content type. In an Indirect Method, indirect method, the decrypted value <bcp14>MUST</bcp14> be a valid certificate, and in the Direct Method, a direct method, the decrypted value <bcp14>MUST</bcp14> be a Rand as defined in <xref target="sect-5.2.8.3.3"/>.</t>
</section>
<section anchor="sect-8.3">
<name>Proof-Of-Possession
<name>Proof-of-Possession by Exposing the Private Key</name>
<t>Note also that exposing a private key to the CA/RA as a
proof-of-possession technique can carry some security risks (depending
upon whether or not the CA/RA can be trusted to handle such material
appropriately). Implementers are advised to:</t>
<ul spacing="normal">
<li>
<t>Exercise caution in selecting and using this particular POP
mechanism.</t>
</li>
<li>
<t>Only use this POP mechanism if archival of the private key is desired.</t>
</li>
<li>
<t>When appropriate, have the user of the application explicitly
state that they are willing to trust the CA/RA to have a copy of
their private key before proceeding to reveal the private key.</t>
</li>
</ul>
</section>
<section anchor="sect-8.4">
<name>Attack Against Diffie-Hellman Key Exchange</name>
<t>A small subgroup attack during a Diffie-Hellman key exchange may be
carried out as follows. A malicious end entity may deliberately
choose D-H DH parameters that enable it to derive (a significant
number of bits of) the D-H DH private key of the CA during a key
archival or key recovery operation. Armed with this knowledge, the
EE would then be able to retrieve the decryption private key of
another unsuspecting end entity, EE2, during EE2's legitimate key
archival or key recovery operation with that CA. In order to avoid
the possibility of such an attack, two courses of action are
available. (1) The CA may generate a fresh D-H DH key pair to be used
as a protocol encryption key pair for each EE with which it
interacts. (2) The CA may enter into a key validation protocol (not
specified in this document) with each requesting end entity to ensure
that the EE's protocol encryption key pair will not facilitate this
attack. Option (1) is clearly simpler (requiring no extra protocol
exchanges from either party) and is therefore <bcp14>RECOMMENDED</bcp14>.</t>
</section>
<section anchor="sect-8.5">
<name>Perfect Forward Secrecy</name>
<t>Long-term security typically requires perfect forward secrecy (pfs).
When transferring encrypted long-term confidential values such as centrally generated private keys or revocation passphrases, pfs likely is likely important.
Yet
Yet, it is not needed for CMP message protection providing integrity and authenticity because transfer of PKI messages is usually completed in very limited time.
For the same reason reason, it typically is not typically required for the indirect method of providing to provide a POP <xref target="sect-5.2.8.3.2"/> (<xref target="sect-5.2.8.3.2"/>) delivering the newly issued certificate in encrypted form.</t>
<t>Encrypted values <xref target="sect-5.2.2"/> (<xref target="sect-5.2.2"/>) are transferred using CMS EnvelopedData <xref target="RFC5652"/>, which does not offer pfs. In cases where long-term security is needed, CMP messages <bcp14>SHOULD</bcp14> be transferred over a mechanism that provides pfs, such as TLS with appropriate cipher suites selected.</t>
</section>
<section anchor="sect-8.6">
<name>Private Keys for Certificate Signing and CMP Message Protection</name>
<t>A CA should not reuse its certificate signing key for other purposes, such
as protecting CMP responses and TLS connections. This way, exposure to other
parts of the system and the number of uses of this particularly critical
key are reduced to a minimum.</t>
</section>
<section anchor="sect-8.7">
<name>Entropy of Random Numbers, Key Pairs, and Shared Secret Information</name>
<t>Implementations must generate nonces and private keys from random input.
The use of inadequate pseudorandom number generators (PRNGs) to generate
cryptographic keys can result in little or no security. An attacker may find
it much easier to reproduce the PRNG environment that produced the keys and
to search the resulting small set of possibilities than brute-force searching the whole key space. As an example of predictable random numbers, see <xref target="CVE-2008-0166"/>; consequences of low-entropy random numbers are discussed in <xref target="MiningPsQs">Mining Your Ps and Qs</xref>. The generation of quality random numbers is difficult. <xref target="ISO.20543-2019">ISO/IEC 20543:2019</xref>, <xref target="NIST.SP.800_90Ar1">NIST SP 800-90A Rev.1</xref>, <xref target="AIS31">BSI AIS 31 V2.0</xref>, and other specifications offer valuable guidance in this area.</t>
<t>If shared secret information is generated by a cryptographically secure random number
generator (CSRNG), it is safe to assume that the entropy of the shared secret
information equals its bit length. If no CSRNG is used, the entropy of
shared secret information depends on the details of the generation process
and cannot be measured securely after it has been generated.
<!--[rfced] In the sentence below, does "are typically insufficient..."
refer to "passwords" or "entropy"?
Original:
If user-generated passwords are used as
shared secret information, their entropy cannot be measured and are
typically insufficient for protected delivery of centrally generated
keys or trust anchors.
Perhaps A (refers to "passwords"):
If user-generated passwords are used as
shared secret information, their entropy cannot be measured and the passwords
are typically insufficient for protected delivery of centrally generated
keys or trust anchors.
Perhaps B (refers to "entropy"):
If user-generated passwords are used as
shared secret information, their entropy cannot be measured and is
typically insufficient for protected delivery of centrally generated
keys or trust anchors.
-->
If user-generated
passwords are used as shared secret information, their entropy cannot be
measured and are typically insufficient for protected delivery of centrally
generated keys or trust anchors.</t>
<t>If the entropy of shared secret information protecting the delivery of
a centrally generated key pair is known, it should not be less than the security
strength of that key pair; if the shared secret information is reused for
different key pairs, the security of the shared secret information should
exceed the security strength of each individual key pair.</t>
<t>For the case of a PKI management operation that delivers a new trust anchor
(e.g., a root CA certificate) certificate), using caPubs or genp that is (a) not concluded
in a timely manner or (b) where the shared secret information is reused
for several key management operations, the entropy of the shared secret information,
if known, should not be less than the security strength of the trust anchor
being managed by the operation. The shared secret information should have
an entropy that at least matches the security strength of the key material
being managed by the operation. Certain use cases may require shared secret
information that may be of a low security strength, e.g., a human-generated
password. It is <bcp14>RECOMMENDED</bcp14> that such secret information be limited to a
single PKI management operation.</t>
<t>Importantly for this section section, further information about algorithm use profiles
and their security strength is available in CMP Algorithms <xref target="RFC9481"/> Section
7.</t> section="7" target="RFC9481">CMP Algorithms</xref>.</t>
</section>
<section anchor="sect-8.8">
<name>Recurring Usage of KEM Keys for Message Protection</name>
<t>For each PKI management operation using MAC-based message protection involving KEM, see KEM (see <xref target="sect-5.1.3.4"/>, target="sect-5.1.3.4"/>), the KEM Encapsulate() function, providing a fresh KEM ciphertext (ct) and shared secret (ss), <bcp14>MUST</bcp14> be invoked.</t>
<t>It is assumed that the overall data size of the CMP messages
in a PKI management operation protected by a single shared secret key
is small enough not to introduce extra security risks.</t>
<t>To be appropriate for use with this specification, the KEM algorithm
<bcp14>MUST</bcp14> explicitly be designed to be secure when the public key is used
many times. For example, a KEM algorithm with a single-use public
key is not appropriate because the public key is expected to be
carried in a long-lived certificate <xref target="RFC5280"/> and used over and over.
Thus, KEM algorithms that offer indistinguishability under adaptive
chosen ciphertext attack (IND-CCA2) security are appropriate. A
common design pattern for obtaining IND-CCA2 security with public key
reuse is to apply the Fujisaki-Okamoto (FO) transform <xref target="Fujisaki"/> or a
variant of the FO transform <xref target="Hofheinz"/>.</t>
<t>Therefore, given a long-term public key using an IND-CCA2 secure IND-CCA2-secure KEM
algorithm, there is no limit to the number of CMP messages that can
be authenticated using KEM keys for MAC-based message protection.</t>
</section>
<section anchor="sect-8.9">
<name>Trust Anchor Provisioning Using CMP Messages</name>
<t>A provider of trust anchors, which may be an RA involved in configuration
management of its clients, <bcp14>MUST NOT</bcp14> include to-be-trusted CA certificates
in a CMP message unless the specific deployment scenario can ensure that
it is adequate that the receiving EE trusts these certificates, e.g., by
loading them into its trust store.</t>
<t>Whenever an EE receives in a CMP message a CA certificate to be used
as a trust anchor (for example example, in the caPubs field of a certificate response
or in a general response), it <bcp14>MUST</bcp14> properly authenticate the message sender with
existing trust anchors without requiring new trust anchor information included in the
message.</t>
<t>Additionally, the EE <bcp14>MUST</bcp14> verify that the sender is an authorized source
of trust anchors. This authorization is governed by local policy and typically
indicated using shared secret information or with a signature-based message
protection using a certificate issued by a PKI that is explicitly authorized
for this purpose.</t>
</section>
<section anchor="sect-8.10">
<name>Authorizing Requests for Certificates with Specific EKUs</name>
<t>When a CA issues a certificate containing extended key usage extensions as
defined in <xref target="sect-4.5"/>, this expresses delegation of an authorization that
originally is only with the CA certificate itself.
Such delegation is a very sensitive action in a PKI PKI, and therefore therefore,
special care must be taken when approving such certificate requests to
ensure that only legitimate entities receive a certificate containing
such an EKU.</t>
</section>
<section anchor="sect-8.11">
<name>Usage of Certificate Transparency Logs</name>
<t>CAs that support indirect POP <bcp14>MUST NOT</bcp14> also publish final certificates to Certificate Transparency (CT) logs <xref target="RFC9162"/> before having received the certConf message containing the certHash of that certificate to complete the POP. The risk is that a malicious actor could fetch the final certificate from the CT log and use that to spoof a response to the implicit POP challenge via a certConf response. This risk does not apply to CT precertificates, so those are ok OK to publish.</t>
<t>If a certificate or its precertificate was published in a CT log log, it must be revoked, revoked if a required certConf message could not be verified, especially when the implicit POP was used.</t>
</section>
</section>
<section anchor="sect-9">
<name>IANA Considerations</name>
<t>This document updates the ASN.1 modules of CMP Updates Appendix A.2 in <xref target="RFC9480"/>. section="A.2" target="RFC9480">CMP Updates</xref>. The OID TBD2 116 (id-mod-cmp2023-02) was registered in the "SMI Security for PKIX Module Identifier" registry to identify the updated ASN.1 module.</t>
<t>In
<t>IANA has added the following entry in the SMI-numbers registry "SMI Security for PKIX CMP Information Types (1.3.6.1.5.5.7.4)" Types" registry within the SMI Numbers registry group (see https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.4) as defined in <eref brackets="angle" target="https://www.iana.org/assignments/smi-numbers"/>) <xref target="RFC7299"/> one addition has been performed.</t>
<t>One target="RFC7299"/>: </t>
<dl spacing="compact" newline="false">
<dt>Decimal:</dt><dd>24</dd>
<dt>Description:</dt><dd>id-it-KemCiphertextInfo</dd>
<dt>Reference:</dt><dd>RFC 9810</dd>
</dl>
<!-- [rfced] We are unable to verify these registrations with Entrust. Please ensure the descriptions and values are correct. In addition, please consider whether it is appropriate for this text to appear in the IANA Considerations section, as it seemingly does not provide any information for IANA and does not require any IANA actions.
Original:
The new entry has been added:</t>
<t>Decimal: TBD1</t>
<t>Description: id-it-KemCiphertextInfo</t>
<t>Reference: [RFCXXXX]</t> OID 1.2.840.113533.7.66.16 was registered by Entrust for id-
KemBasedMac in the arch 1.2.840.113533.7.66. Entrust registered also
the OIDs for id-PasswordBasedMac and id-DHBasedMac there.
-->
<t>The new OID 1.2.840.113533.7.66.16 was registered by Entrust for id-KemBasedMac in the arch arc 1.2.840.113533.7.66. Entrust registered also registered the OIDs for id-PasswordBasedMac and id-DHBasedMac there.</t>
<t>All existing references to <xref target="RFC2510"/>, <xref target="RFC4210"/>, and <xref target="RFC9480"/> at https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml <eref brackets="angle" target="https://www.iana.org/assignments/smi-numbers"/> except those in the "SMI Security for PKIX Module Identifier" registry should be have been replaced with references to this document.</t>
</section>
<section anchor="Acknowledgements">
<name>Acknowledgements</name>
<t>The authors of this document wish to thank Carlisle Adams, Stephen Farrell,
Tomi Kause, and Tero Mononen, the original authors of <xref target="RFC4210"/>, for their work.</t>
<t>We also thank all reviewers of this document for their valuable feedback.</t>
<t>Adding KEM support to this document was partly funded by the German Federal Ministry of Education and Research in the project Quoryptan through grant number 16KIS2033.</t>
</section>
</middle>
<back>
<displayreference target="I-D.ietf-lamps-kyber-certificates" to="ML-KEM"/>
<references anchor="sec-combined-references">
<name>References</name>
<!-- [rfced] Would you like the references to be alphabetized or left
in their current order?
-->
<references anchor="sec-normative-references">
<name>Normative References</name>
<reference anchor="RFC2985">
<front>
<title>PKCS #9: Selected Object Classes and Attribute Types Version 2.0</title>
<author fullname="M. Nystrom" initials="M." surname="Nystrom"/>
<author fullname="B. Kaliski" initials="B." surname="Kaliski"/>
<date month="November" year="2000"/>
<abstract>
<t>This memo represents a republication of PKCS #9 v2.0 from RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, and change control is retained within the PKCS process. The body of this document, except for the security considerations section, is taken directly from that specification. This memo provides information for the Internet community.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="2985"/>
<seriesInfo name="DOI" value="10.17487/RFC2985"/>
</reference>
<reference anchor="RFC2986">
<front>
<title>PKCS #10: Certification Request Syntax Specification Version 1.7</title>
<author fullname="M. Nystrom" initials="M." surname="Nystrom"/>
<author fullname="B. Kaliski" initials="B." surname="Kaliski"/>
<date month="November" year="2000"/>
<abstract>
<t>This memo represents a republication of PKCS #10 v1.7 from RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, and change control is retained within the PKCS process. The body of this document, except for the security considerations section, is taken directly from the PKCS #9 v2.0 or the PKCS #10 v1.7 document. This memo provides information for the Internet community.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="2986"/>
<seriesInfo name="DOI" value="10.17487/RFC2986"/>
</reference>
<reference anchor="RFC3629">
<front>
<title>UTF-8, a transformation format of ISO 10646</title>
<author fullname="F. Yergeau" initials="F." surname="Yergeau"/>
<date month="November" year="2003"/>
<abstract>
<t>ISO/IEC 10646-1 defines a large character set called
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2985.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2986.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3629.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4211.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5280.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5480.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5646.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5652.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5958.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6402.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8933.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9045.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9481.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9629.xml"/>
<!-- [rfced] Please review. We found the Universal Character Set (UCS) following URL:
https://cacr.uwaterloo.ca/hac/index.html which encompasses most of the world's writing systems. The originally proposed encodings of the UCS, however, were not compatible with many current applications and protocols, and this has led to the development of UTF-8, the object of this memo. UTF-8 has the characteristic of preserving the full US-ASCII range, providing compatibility with file systems, parsers and other software that rely on US-ASCII values but are transparent to other values. This memo obsoletes and replaces RFC 2279.</t>
</abstract>
</front>
<seriesInfo name="STD" value="63"/>
<seriesInfo name="RFC" value="3629"/>
<seriesInfo name="DOI" value="10.17487/RFC3629"/>
</reference>
<reference anchor="RFC4211">
<front>
<title>Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)</title>
<author fullname="J. Schaad" initials="J." surname="Schaad"/>
<date month="September" year="2005"/>
<abstract>
<t>This document describes the Certificate Request Message Format (CRMF) syntax and semantics. This syntax is used to convey a request for a certificate to a Certification Authority (CA), possibly via a Registration Authority (RA), for the purposes of X.509 certificate production. The request will typically include a public key and the associated registration information. This document does not define a certificate request protocol. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="4211"/>
<seriesInfo name="DOI" value="10.17487/RFC4211"/>
</reference>
<reference anchor="RFC5280">
<front>
<title>Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</title>
<author fullname="D. Cooper" initials="D." surname="Cooper"/>
<author fullname="S. Santesson" initials="S." surname="Santesson"/>
<author fullname="S. Farrell" initials="S." surname="Farrell"/>
<author fullname="S. Boeyen" initials="S." surname="Boeyen"/>
<author fullname="R. Housley" initials="R." surname="Housley"/>
<author fullname="W. Polk" initials="W." surname="Polk"/>
<date month="May" year="2008"/>
<abstract>
<t>This memo profiles the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) for use in the Internet. An overview of this approach and model is provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail along with standard and Internet-specific extensions. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="5280"/>
<seriesInfo name="DOI" value="10.17487/RFC5280"/>
</reference>
<reference anchor="RFC5480">
<front>
<title>Elliptic Curve Cryptography Subject Public Key Information</title>
<author fullname="S. Turner" initials="S." surname="Turner"/>
<author fullname="D. Brown" initials="D." surname="Brown"/>
<author fullname="K. Yiu" initials="K." surname="Yiu"/>
<author fullname="R. Housley" initials="R." surname="Housley"/>
<author fullname="T. Polk" initials="T." surname="Polk"/>
<date month="March" year="2009"/>
<abstract>
<t>This document specifies the syntax and semantics for the Subject Public Key Information field in certificates that support Elliptic Curve Cryptography. This document updates Sections 2.3.5 and 5, and the ASN.1 module of "Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3279. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="5480"/>
<seriesInfo name="DOI" value="10.17487/RFC5480"/>
</reference>
<reference anchor="RFC5646">
<front>
<title>Tags for Identifying Languages</title>
<author fullname="A. Phillips" initials="A." role="editor" surname="Phillips"/>
<author fullname="M. Davis" initials="M." role="editor" surname="Davis"/>
<date month="September" year="2009"/>
<abstract>
<t>This document describes the structure, content, construction, and semantics of language tags for use in cases where it is desirable to indicate the language used in an information object. It also describes how to register values for use in language tags and the creation by authors
of user-defined extensions for private interchange. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
</abstract>
</front>
<seriesInfo name="BCP" value="47"/>
<seriesInfo name="RFC" value="5646"/>
<seriesInfo name="DOI" value="10.17487/RFC5646"/>
</reference>
<reference anchor="RFC5652">
<front>
<title>Cryptographic Message Syntax (CMS)</title>
<author fullname="R. Housley" initials="R." surname="Housley"/>
<date month="September" year="2009"/>
<abstract>
<t>This document describes the Cryptographic Message Syntax (CMS). This syntax is used to digitally sign, digest, authenticate, or encrypt arbitrary message content. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="STD" value="70"/>
<seriesInfo name="RFC" value="5652"/>
<seriesInfo name="DOI" value="10.17487/RFC5652"/>
</reference>
<reference anchor="RFC5958">
<front>
<title>Asymmetric Key Packages</title>
<author fullname="S. Turner" initials="S." surname="Turner"/>
<date month="August" year="2010"/>
<abstract>
<t>This document defines the syntax for private-key information this handbook and a content type for it. Private-key information includes a private key for a specified public-key algorithm and a set of attributes. The Cryptographic Message Syntax (CMS), as defined in RFC 5652, can be used to digitally sign, digest, authenticate, or encrypt the asymmetric key format content type. This document obsoletes RFC 5208. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="5958"/>
<seriesInfo name="DOI" value="10.17487/RFC5958"/>
</reference>
<reference anchor="RFC6402">
<front>
<title>Certificate Management over CMS (CMC) Updates</title>
<author fullname="J. Schaad" initials="J." surname="Schaad"/>
<date month="November" year="2011"/>
<abstract>
<t>This document contains a set open-access PDF files of updates to the base syntax for CMC, a Certificate Management protocol using the Cryptographic Message Syntax (CMS). This document updates RFC 5272, RFC 5273, and RFC 5274.</t>
<t>The new items in this document are: new controls for future work in doing server side key generation, definition of a Subject Information Access value to identify CMC servers, and the registration of a port number for TCP/IP for the CMC service to run on. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="6402"/>
<seriesInfo name="DOI" value="10.17487/RFC6402"/>
</reference>
<reference anchor="RFC8933">
<front>
<title>Update to the Cryptographic Message Syntax (CMS) for Algorithm Identifier Protection</title>
<author fullname="R. Housley" initials="R." surname="Housley"/>
<date month="October" year="2020"/>
<abstract>
<t>This document updates the Cryptographic Message Syntax (CMS) specified in RFC 5652
reference. Would you like to ensure that algorithm identifiers in signed-data and authenticated-data content types are adequately protected.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8933"/>
<seriesInfo name="DOI" value="10.17487/RFC8933"/>
</reference>
<reference anchor="RFC9045">
<front>
<title>Algorithm Requirements Update add this URL to the Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)</title>
<author fullname="R. Housley" initials="R." surname="Housley"/>
<date month="June" year="2021"/>
<abstract>
<t>This document updates the cryptographic algorithm requirements for the Password-Based Message Authentication Code in the Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF) specified in RFC 4211.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="9045"/>
<seriesInfo name="DOI" value="10.17487/RFC9045"/>
</reference>
<reference anchor="RFC9481">
<front>
<title>Certificate Management Protocol (CMP) Algorithms</title>
<author fullname="H. Brockhaus" initials="H." surname="Brockhaus"/>
<author fullname="H. Aschauer" initials="H." surname="Aschauer"/>
<author fullname="M. Ounsworth" initials="M." surname="Ounsworth"/>
<author fullname="J. Gray" initials="J." surname="Gray"/>
<date month="November" year="2023"/>
<abstract>
<t>This document describes the conventions for using several
cryptographic algorithms with the Certificate Management Protocol
(CMP). CMP is used to enroll reference?
[MvOV97] Menezes, A., van Oorschot, P., and further manage the lifecycle S. Vanstone, "Handbook
of
X.509 certificates. This document also updates the algorithm use
profile from Appendix D.2 of RFC 4210.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="9481"/>
<seriesInfo name="DOI" value="10.17487/RFC9481"/>
</reference>
<reference anchor="RFC9629">
<front>
<title>Using Key Encapsulation Mechanism (KEM) Algorithms in the Cryptographic Message Syntax (CMS)</title>
<author fullname="R. Housley" initials="R." surname="Housley"/>
<author fullname="J. Gray" initials="J." surname="Gray"/>
<author fullname="T. Okubo" initials="T." surname="Okubo"/>
<date month="August" year="2024"/>
<abstract>
<t>The Cryptographic Message Syntax (CMS) supports key transport and key agreement algorithms. In recent years, cryptographers have been specifying Key Encapsulation Mechanism (KEM) algorithms, including quantum-secure KEM algorithms. This document defines conventions for the use of KEM algorithms by the originator and recipients to encrypt and decrypt CMS content. This document updates RFC 5652.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="9629"/>
<seriesInfo name="DOI" value="10.17487/RFC9629"/>
</reference> Applied Cryptography", CRC Press ISBN 0-8493-8523-7,
1996.
-->
<reference anchor="MvOV97">
<front>
<title>Handbook of Applied Cryptography</title>
<author initials="A." surname="Menezes" fullname="A. Menezes">
<organization/>
</author>
<author initials="P." surname="van Oorschot" fullname="P. van Oorschot">
<organization/>
</author>
<author initials="S." surname="Vanstone" fullname="S. Vanstone">
<organization/>
</author>
<date year="1996"/>
</front>
<seriesInfo name="CRC" value="Press ISBN 0-8493-8523-7"/>
</reference>
<reference anchor="RFC2119">
<front>
<title>Key words for use in RFCs to Indicate Requirement Levels</title>
<author fullname="S. Bradner" initials="S." surname="Bradner"/>
<date month="March" year="1997"/>
<abstract>
<t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
</abstract>
</front>
<seriesInfo name="BCP" value="14"/>
<seriesInfo name="RFC" value="2119"/>
<seriesInfo name="DOI" value="10.17487/RFC2119"/>
</reference>
<reference anchor="RFC8174">
<front>
<title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
<author fullname="B. Leiba" initials="B." surname="Leiba"/>
<date month="May" year="2017"/>
<abstract>
<t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
</abstract>
</front>
<seriesInfo name="BCP" value="14"/>
<seriesInfo name="RFC" value="8174"/>
<seriesInfo name="DOI" value="10.17487/RFC8174"/>
</reference>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/>
</references>
<references anchor="sec-informative-references">
<name>Informative References</name>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9480.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9482.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9483.xml"/>
<!-- [I-D.ietf-lamps-rfc6712bis] I-->
<reference anchor="RFC9480">
<front>
<title>Certificate Management Protocol (CMP) Updates</title>
<author fullname="H. Brockhaus" initials="H." surname="Brockhaus"/>
<author fullname="D. von Oheimb" initials="D." surname="von Oheimb"/>
<author fullname="J. Gray" initials="J." surname="Gray"/>
<date month="November" year="2023"/>
<abstract>
<t>This document contains a set of updates to the syntax of Certificate Management Protocol (CMP) version 2 and its HTTP transfer mechanism. This document updates RFCs 4210, 5912, and 6712.</t>
<t>The aspects of CMP updated in this document are using EnvelopedData instead of EncryptedValue, clarifying the handling of p10cr messages, improving the crypto agility, as well as adding new general message types, extended key usages to identify certificates for use with CMP, and well-known URI path segments.</t>
<t>CMP version 3 is introduced to enable signaling support of EnvelopedData instead of EncryptedValue and signal the use of an explicit hash AlgorithmIdentifier in certConf messages, as far as needed.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="9480"/>
<seriesInfo name="DOI" value="10.17487/RFC9480"/>
</reference>
<reference anchor="RFC9482">
<front>
<title>Constrained Application Protocol (CoAP) Transfer for the Certificate Management Protocol</title>
<author fullname="M. Sahni" initials="M." role="editor" surname="Sahni"/>
<author fullname="S. Tripathi" initials="S." role="editor" surname="Tripathi"/>
<date month="November" year="2023"/>
<abstract>
<t>This document specifies the use of the Constrained Application Protocol (CoAP) as a transfer mechanism for the Certificate Management Protocol (CMP). CMP defines the interaction between various PKI entities for the purpose of certificate creation and management. CoAP is an HTTP-like client-server protocol used by various constrained devices in the Internet of Things space.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="9482"/>
<seriesInfo name="DOI" value="10.17487/RFC9482"/>
</reference>
<reference anchor="RFC9483"> anchor="RFC9811" target="https://www.rfc-editor.org/info/rfc9811">
<front>
<title>Lightweight Certificate Management Protocol (CMP) Profile</title>
<author fullname="H. Brockhaus" initials="H." surname="Brockhaus"/>
<author fullname="D. von Oheimb" initials="D." surname="von Oheimb"/>
<author fullname="S. Fries" initials="S." surname="Fries"/>
<date month="November" year="2023"/>
<abstract>
<t>This document aims at simple, interoperable, and automated PKI management operations covering typical use cases of industrial and
<title>
Internet of Things (IoT) scenarios. This is achieved by profiling the Certificate Management Protocol (CMP), the related Certificate Request Message Format (CRMF), and transfer based on HTTP or Constrained Application Protocol (CoAP) in a succinct but sufficiently detailed and self-contained way. To make secure certificate management for simple scenarios and constrained devices as lightweight as possible, only the most crucial types of operations and options are specified as mandatory. More specialized or complex use cases are supported with optional features.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="9483"/>
<seriesInfo name="DOI" value="10.17487/RFC9483"/>
</reference>
<reference anchor="I-D.ietf-lamps-rfc6712bis">
<front>
<title>Internet X.509 Public Key Infrastructure -- HTTP Transfer for the Certificate Management Protocol (CMP)</title> (CMP)
</title>
<author fullname="Hendrik Brockhaus" initials="H." surname="Brockhaus">
<organization>Siemens</organization>
</author>
<author fullname="David von Oheimb" initials="D." surname="von Oheimb">
<organization>Siemens</organization>
</author>
<author fullname="Mike Ounsworth" initials="M." surname="Ounsworth">
<organization>Entrust</organization>
</author>
<author fullname="John Gray" initials="J." surname="Gray">
<organization>Entrust</organization>
</author>
<date day="9" month="January" month="June" year="2025"/>
<abstract>
<t> This document describes how to layer the Certificate Management
Protocol (CMP) over HTTP.
It includes the updates to RFC 6712 specified in RFC 9480 Section 3.
These updates introduce CMP URIs using a Well-known prefix. It
obsoletes RFC 6712 and together with I-D.ietf-lamps-rfc4210bis and it
also obsoletes RFC 9480.
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-ietf-lamps-rfc6712bis-10"/>
</reference>
<reference anchor="RFC1847">
<front>
<title>Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted</title>
<author fullname="J. Galvin" initials="J." surname="Galvin"/>
<author fullname="S. Murphy" initials="S." surname="Murphy"/>
<author fullname="S. Crocker" initials="S." surname="Crocker"/>
<author fullname="N. Freed" initials="N." surname="Freed"/>
<date month="October" year="1995"/>
<abstract>
<t>This document defines a framework within which security services may be applied to MIME body parts. [STANDARDS-TRACK] This memo defines a new Simple Mail Transfer Protocol (SMTP) [1] reply code, 521, which one may use to indicate that an Internet host does not accept incoming mail. This memo defines an Experimental Protocol for the Internet community. This memo defines an extension to the SMTP service whereby an interrupted SMTP transaction can be restarted at a later time without having to repeat all of the commands and message content sent prior to the interruption. This memo defines an Experimental Protocol for the Internet community.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="1847"/>
<seriesInfo name="DOI" value="10.17487/RFC1847"/>
</reference>
<reference anchor="RFC2510">
<front>
<title>Internet X.509 Public Key Infrastructure Certificate Management Protocols</title>
<author fullname="C. Adams" initials="C." surname="Adams"/>
<author fullname="S. Farrell" initials="S." surname="Farrell"/>
<date month="March" year="1999"/>
<abstract>
<t>This document describes the Internet X.509 Public Key Infrastructure (PKI) Certificate Management Protocols. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="2510"/>
<seriesInfo name="DOI" value="10.17487/RFC2510"/>
</reference>
<reference anchor="RFC2585">
<front>
<title>Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP</title>
<author fullname="R. Housley" initials="R." surname="Housley"/>
<author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
<date month="May" year="1999"/>
<abstract>
<t>The protocol conventions described in this document satisfy some of the operational requirements of the Internet Public Key Infrastructure (PKI). This document specifies the conventions for using the File Transfer Protocol (FTP) and the Hypertext Transfer Protocol (HTTP) to obtain certificates and certificate revocation lists (CRLs) from PKI repositories. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="2585"/>
<seriesInfo name="DOI" value="10.17487/RFC2585"/>
</reference>
<reference anchor="RFC4210">
<front>
<title>Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP)</title>
<author fullname="C. Adams" initials="C." surname="Adams"/>
<author fullname="S. Farrell" initials="S." surname="Farrell"/>
<author fullname="T. Kause" initials="T." surname="Kause"/>
<author fullname="T. Mononen" initials="T." surname="Mononen"/>
<date month="September" year="2005"/>
<abstract>
<t>This document describes the Internet X.509 Public Key Infrastructure (PKI) Certificate Management Protocol (CMP). Protocol messages are defined for X.509v3 certificate creation and management. CMP provides on-line interactions between PKI components, including an exchange between a Certification Authority (CA) and a client system. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="4210"/>
<seriesInfo name="DOI" value="10.17487/RFC4210"/> value="9811"/>
</reference>
<reference anchor="RFC4212">
<front>
<title>Alternative Certificate Formats for the Public-Key Infrastructure Using X.509 (PKIX) Certificate Management Protocols</title>
<author fullname="M. Blinov" initials="M." surname="Blinov"/>
<author fullname="C. Adams" initials="C." surname="Adams"/>
<date month="October" year="2005"/>
<abstract>
<t>The Public-Key Infrastructure using X.509 (PKIX) Working Group of the Internet Engineering Task Force (IETF) has defined a number of certificate management protocols. These protocols are primarily focused on X.509v3 public-key certificates. However, it is sometimes desirable to manage certificates in alternative formats as well. This document specifies how such certificates may be requested using the Certificate Request Message Format (CRMF) syntax that is used by several different protocols. It also explains how alternative certificate formats may be incorporated into such popular protocols
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.1847.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2510.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2585.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4210.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4212.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4303.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4511.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5912.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6268.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6712.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7296.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7299.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8446.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8572.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8649.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8995.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9147.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9162.xml"/>
<!-- [I-D.ietf-anima-brski-ae] Published as PKIX Certificate Management Protocol (PKIX-CMP) and Certificate Management Messages over CMS (CMC). This memo provides information for the Internet community.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="4212"/>
<seriesInfo name="DOI" value="10.17487/RFC4212"/>
</reference>
<reference anchor="RFC4303">
<front>
<title>IP Encapsulating Security Payload (ESP)</title>
<author fullname="S. Kent" initials="S." surname="Kent"/>
<date month="December" year="2005"/>
<abstract>
<t>This document describes an updated version of the Encapsulating Security Payload (ESP) protocol, which is designed to provide a mix of security services in IPv4 and IPv6. ESP is used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality. This document obsoletes RFC 2406 (November 1998). [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="4303"/>
<seriesInfo name="DOI" value="10.17487/RFC4303"/>
</reference>
<reference anchor="RFC4511">
<front>
<title>Lightweight Directory Access Protocol (LDAP): The Protocol</title>
<author fullname="J. Sermersheim" initials="J." role="editor" surname="Sermersheim"/>
<date month="June" year="2006"/>
<abstract>
<t>This document describes the protocol elements, along with their semantics and encodings, of the Lightweight Directory Access Protocol (LDAP). LDAP provides access to distributed directory services that act in accordance with X.500 data and service models. These protocol elements are based 9733 on those described in the X.500 Directory Access Protocol (DAP). [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="4511"/>
<seriesInfo name="DOI" value="10.17487/RFC4511"/>
</reference>
<reference anchor="RFC5912">
<front>
<title>New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX)</title>
<author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
<author fullname="J. Schaad" initials="J." surname="Schaad"/>
<date month="June" year="2010"/>
<abstract>
<t>The Public Key Infrastructure using X.509 (PKIX) certificate format, and many associated formats, are expressed using ASN.1. The current ASN.1 modules conform to the 1988 version of ASN.1. This document updates those ASN.1 modules to conform to the 2002 version of ASN.1. There are no bits-on-the-wire changes to any of the formats; this is simply a change to the syntax. This document is not an Internet Standards Track specification; it is published for informational purposes.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="5912"/>
<seriesInfo name="DOI" value="10.17487/RFC5912"/>
</reference>
<reference anchor="RFC6268">
<front>
<title>Additional New ASN.1 Modules for the Cryptographic Message Syntax (CMS) and the Public Key Infrastructure Using X.509 (PKIX)</title>
<author fullname="J. Schaad" initials="J." surname="Schaad"/>
<author fullname="S. Turner" initials="S." surname="Turner"/>
<date month="July" year="2011"/>
<abstract>
<t>The Cryptographic Message Syntax (CMS) format, and many associated formats, are expressed using ASN.1. The current ASN.1 modules conform to the 1988 version of ASN.1. This document updates some auxiliary ASN.1 modules to conform to the 2008 version of ASN.1; the 1988 ASN.1 modules remain the normative version. There are no bits- on-the-wire changes to any of the formats; this is simply a change to the syntax. This document is not an Internet Standards Track specification; it is published for informational purposes.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="6268"/>
<seriesInfo name="DOI" value="10.17487/RFC6268"/>
</reference>
<reference anchor="RFC6712">
<front>
<title>Internet X.509 Public Key Infrastructure -- HTTP Transfer for the Certificate Management Protocol (CMP)</title>
<author fullname="T. Kause" initials="T." surname="Kause"/>
<author fullname="M. Peylo" initials="M." surname="Peylo"/>
<date month="September" year="2012"/>
<abstract>
<t>This document describes how to layer the Certificate Management Protocol (CMP) over HTTP. It is the "CMPtrans" document referenced in RFC 4210; therefore, this document updates the reference given therein. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="6712"/>
<seriesInfo name="DOI" value="10.17487/RFC6712"/>
</reference>
<reference anchor="RFC7296">
<front>
<title>Internet Key Exchange Protocol Version 2 (IKEv2)</title>
<author fullname="C. Kaufman" initials="C." surname="Kaufman"/>
<author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
<author fullname="Y. Nir" initials="Y." surname="Nir"/>
<author fullname="P. Eronen" initials="P." surname="Eronen"/>
<author fullname="T. Kivinen" initials="T." surname="Kivinen"/>
<date month="October" year="2014"/>
<abstract>
<t>This document describes version 2 of the Internet Key Exchange (IKE) protocol. IKE is a component of IPsec used for performing mutual authentication and establishing and maintaining Security Associations (SAs). This document obsoletes RFC 5996, and includes all of the errata for it. It advances IKEv2 to be an Internet Standard.</t>
</abstract>
</front>
<seriesInfo name="STD" value="79"/>
<seriesInfo name="RFC" value="7296"/>
<seriesInfo name="DOI" value="10.17487/RFC7296"/>
</reference>
<reference anchor="RFC7299">
<front>
<title>Object Identifier Registry for the PKIX Working Group</title>
<author fullname="R. Housley" initials="R." surname="Housley"/>
<date month="July" year="2014"/>
<abstract>
<t>When the Public-Key Infrastructure using X.509 (PKIX) Working Group was chartered, an object identifier arc was allocated by IANA for use by that working group. This document describes the object identifiers that were assigned in that arc, returns control of that arc to IANA, and establishes IANA allocation policies for any future assignments within that arc.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="7299"/>
<seriesInfo name="DOI" value="10.17487/RFC7299"/>
</reference>
<reference anchor="RFC8446">
<front>
<title>The Transport Layer Security (TLS) Protocol Version 1.3</title>
<author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
<date month="August" year="2018"/>
<abstract>
<t>This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
<t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8446"/>
<seriesInfo name="DOI" value="10.17487/RFC8446"/>
</reference>
<reference anchor="RFC8572">
<front>
<title>Secure Zero Touch Provisioning (SZTP)</title>
<author fullname="K. Watsen" initials="K." surname="Watsen"/>
<author fullname="I. Farrer" initials="I." surname="Farrer"/>
<author fullname="M. Abrahamsson" initials="M." surname="Abrahamsson"/>
<date month="April" year="2019"/>
<abstract>
<t>This document presents a technique to securely provision a networking device when it is booting in a factory-default state. Variations in the solution enable it to be used on both public and private networks. The provisioning steps are able to update the boot image, commit an initial configuration, and execute arbitrary scripts to address auxiliary needs. The updated device is subsequently able to establish secure connections with other systems. For instance, a device may establish NETCONF (RFC 6241) and/or RESTCONF (RFC 8040) connections with deployment-specific network management systems.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8572"/>
<seriesInfo name="DOI" value="10.17487/RFC8572"/>
</reference>
<reference anchor="RFC8649">
<front>
<title>Hash Of Root Key Certificate Extension</title>
<author fullname="R. Housley" initials="R." surname="Housley"/>
<date month="August" year="2019"/>
<abstract>
<t>This document specifies the Hash Of Root Key certificate extension. This certificate extension is carried in the self-signed certificate for a trust anchor, which is often called a Root Certification Authority (CA) certificate. This certificate extension unambiguously identifies the next public key that will be used at some point in the future as the next Root CA certificate, eventually replacing the current one.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8649"/>
<seriesInfo name="DOI" value="10.17487/RFC8649"/>
</reference>
<reference anchor="RFC8995">
<front>
<title>Bootstrapping Remote Secure Key Infrastructure (BRSKI)</title>
<author fullname="M. Pritikin" initials="M." surname="Pritikin"/>
<author fullname="M. Richardson" initials="M." surname="Richardson"/>
<author fullname="T. Eckert" initials="T." surname="Eckert"/>
<author fullname="M. Behringer" initials="M." surname="Behringer"/>
<author fullname="K. Watsen" initials="K." surname="Watsen"/>
<date month="May" year="2021"/>
<abstract>
<t>This document specifies automated bootstrapping of an Autonomic Control Plane. To do this, a Secure Key Infrastructure is bootstrapped. This is done using manufacturer-installed X.509 certificates, in combination with a manufacturer's authorizing service, both online and offline. We call this process the Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol. Bootstrapping a new device can occur when using a routable address and a cloud service, only link-local connectivity, or limited/disconnected networks. Support for deployment models with less stringent security requirements is included. Bootstrapping is complete when the cryptographic identity of the new key infrastructure is successfully deployed to the device. The established secure connection can be used to deploy a locally issued certificate to the device as well.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8995"/>
<seriesInfo name="DOI" value="10.17487/RFC8995"/>
</reference>
<reference anchor="RFC9147">
<front>
<title>The Datagram Transport Layer Security (DTLS) Protocol Version 1.3</title>
<author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
<author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
<author fullname="N. Modadugu" initials="N." surname="Modadugu"/>
<date month="April" year="2022"/>
<abstract>
<t>This document specifies version 1.3 of the Datagram Transport Layer Security (DTLS) protocol. DTLS 1.3 allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
<t>The DTLS 1.3 protocol is based on the Transport Layer Security (TLS) 1.3 protocol and provides equivalent security guarantees with the exception of order protection / non-replayability. Datagram semantics of the underlying transport are preserved by the DTLS protocol.</t>
<t>This document obsoletes RFC 6347.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="9147"/>
<seriesInfo name="DOI" value="10.17487/RFC9147"/>
</reference>
<reference anchor="RFC9162">
<front>
<title>Certificate Transparency Version 2.0</title>
<author fullname="B. Laurie" initials="B." surname="Laurie"/>
<author fullname="E. Messeri" initials="E." surname="Messeri"/>
<author fullname="R. Stradling" initials="R." surname="Stradling"/>
<date month="December" year="2021"/>
<abstract>
<t>This document describes version 2.0 of the Certificate Transparency (CT) protocol for publicly logging the existence of Transport Layer Security (TLS) server certificates as they are issued or observed, in a manner that allows anyone to audit certification authority (CA) activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves. The intent is that eventually clients would refuse to honor certificates that do not appear in a log, effectively forcing CAs to add all issued certificates to the logs.</t>
<t>This document obsoletes RFC 6962. It also specifies a new TLS extension that is used to send various CT log artifacts.</t>
<t>Logs are network services that implement the protocol operations for submissions and queries that are defined in this document.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="9162"/>
<seriesInfo name="DOI" value="10.17487/RFC9162"/>
</reference>
<reference anchor="I-D.ietf-anima-brski-ae">
<front>
<title>BRSKI-AE: Alternative Enrollment Protocols in BRSKI</title>
<author fullname="David von Oheimb" initials="D." surname="von Oheimb">
<organization>Siemens AG</organization>
</author>
<author fullname="Steffen Fries" initials="S." surname="Fries">
<organization>Siemens AG</organization>
</author>
<author fullname="Hendrik Brockhaus" initials="H." surname="Brockhaus">
<organization>Siemens AG</organization>
</author>
<date day="17" month="September" year="2024"/>
<abstract>
<t> This document defines enhancements to the Bootstrapping Remote Secure
Key Infrastructure (BRSKI) protocol, known 03/03/25 -->
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9733.xml"/>
<!-- [I-D.ietf-lamps-kyber-certificates] IESG State: I-D Exists as BRSKI-AE (Alternative
Enrollment).
BRSKI-AE extends BRSKI to support certificate enrollment mechanisms
instead of the originally specified use of EST. It supports
certificate enrollment protocols, such as CMP, that use authenticated
self-contained signed objects for certification messages, allowing
for flexibility in network device onboarding scenarios.
The enhancements address use cases where the existing enrollment
mechanism may not be feasible or optimal, providing a framework for
integrating suitable alternative enrollment protocols.
This document also updates the BRSKI reference architecture to
accommodate these alternative methods, ensuring secure and scalable
deployment across a range of network environments.
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-ietf-anima-brski-ae-13"/>
</reference>
<reference anchor="I-D.ietf-lamps-kyber-certificates">
<front>
<title>Internet X.509 Public Key Infrastructure - Algorithm Identifiers for the Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM)</title>
<author fullname="Sean Turner" initials="S." surname="Turner">
<organization>sn3rd</organization>
</author>
<author fullname="Panos Kampanakis" initials="P." surname="Kampanakis">
<organization>AWS</organization>
</author>
<author fullname="Jake Massimo" initials="J." surname="Massimo">
<organization>AWS</organization>
</author>
<author fullname="Bas Westerbaan" initials="B." surname="Westerbaan">
<organization>Cloudflare</organization>
</author>
<date day="7" month="January" year="2025"/>
<abstract>
<t> The Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) is a
quantum-resistant key-encapsulation mechanism (KEM). This document
describes the conventions for using the ML-KEM in X.509 Public Key
Infrastructure. The conventions for the subject public keys and
private keys are also described.
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-ietf-lamps-kyber-certificates-07"/>
</reference> 02/28/25 -->
<xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-lamps-kyber-certificates.xml"/>
<reference anchor="NIST.SP.800_90Ar1" target="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf">
<front>
<title>Recommendation for Random Number Generation Using Deterministic Random Bit Generators</title>
<author fullname="Elaine B. Barker" surname="Barker">
<organization>Information Technology Laboratory</organization>
</author>
<author fullname="John M. Kelsey" surname="Kelsey">
<organization>Information Technology Laboratory</organization>
</author>
<author>
<organization abbrev="NIST">National Institute of Standards and Technology</organization>
<address>
<postal>
<country>US</country>
<city>Gaithersburg</city>
</postal>
</address>
</author>
<date month="June" year="2015"/>
</front>
<seriesInfo name="NIST Special Publications (General)" SP" value="800-90Ar1"/>
<seriesInfo name="DOI" value="10.6028/NIST.SP.800-90Ar1"/>
</reference>
<reference anchor="IEEE.802.1AR-2018">
<front>
<title>IEEE Standard for Local and Metropolitan Area Networks - Secure Device Identity</title>
<author>
<organization/>
<organization>IEEE</organization>
</author>
<date month="July" month="August" year="2018"/>
</front>
<seriesInfo name="IEEE Std" value="802.1AR-2018"/>
<seriesInfo name="DOI" value="10.1109/ieeestd.2018.8423794"/>
<seriesInfo name="ISBN" value="["9781504450195"]"/>
<refcontent>IEEE</refcontent>
</reference>
<reference anchor="CVE-2008-0166" target="https://nvd.nist.gov/vuln/detail/CVE-2008-0166">
<front>
<title>National Vulnerability Database - CVE-2008-0166</title>
<author>
<organization>National Institute of Science and Technology (NIST)</organization>
</author>
<date year="2008" month="May"/>
</front>
</reference>
<reference anchor="MiningPsQs" target="https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/heninger">
<front>
<title>Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices</title>
<author>
<organization>Security'12: Proceedings of the 21st USENIX conference on Security symposium</organization>
</author>
<author initials="N." surname="Heninger" fullname="Nadia Heninger">
<organization>UC San Diego</organization>
</author>
<author initials="Z." surname="Durumeric" fullname="Zakir Durumeric">
<organization>University of Michigan</organization>
</author>
<author initials="E." surname="Wustrow" fullname="Eric Wustrow">
<organization>University of Michigan</organization>
</author>
<author initials="J. A." surname="Halderman" fullname="J. Alex Halderman">
<organization>University of Michigan</organization>
</author>
<date year="2012" month="August"/>
</front>
<refcontent>21st USENIX Security Symposium (USENIX Security 12)</refcontent>
</reference>
<reference anchor="X509.2019" target="https://handle.itu.int/11.1002/1000/14033">
<front>
<title>Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks</title>
<author>
<organization>International Telecommunications Union (ITU)</organization>
<organization>ITU-T</organization>
</author>
<date year="2019" month="October" day="14"/> month="October"/>
</front>
<seriesInfo name="ITU" value="Recommendation X.509 name="ITU-T Recommendation" value="X.509 (10/2019)"/>
</reference>
<reference anchor="ISO.20543-2019"> anchor="ISO.20543-2019" target="https://www.iso.org/standard/68296.html">
<front>
<title>Information technology -- Security techniques -- Test and analysis methods for random bit generators within ISO/IEC 19790 and ISO/IEC 15408</title>
<author>
<organization>International Organization for Standardization (ISO)</organization>
<organization>ISO/IEC</organization>
</author>
<date year="2019" month="October"/>
</front>
<seriesInfo name="ISO" value="Draft Standard 20543-2019"/> name="ISO/IEC" value="20543:2019"/>
</reference>
<reference anchor="AIS31" target="https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_31_Functionality_classes_for_random_number_generators_e.pdf">
<front>
<title>A proposal for: Functionality classes for random number generators, version generators - Version 2.0</title>
<author>
<organization>Federal Office for Information Security (BSI)</organization>
</author>
<author initials="W." surname="Killmann" fullname="Wolfgang Killmann">
<organization>T-Systems GEI GmbH</organization>
</author>
<author initials="W." surname="Schindler" fullname="Werner Schindler">
<organization>Federal Office for Information Security (BSI)</organization>
</author>
<date year="2011" month="September"/>
</front>
<refcontent>Federal Office for Information Security (BSI)</refcontent>
</reference>
<reference anchor="Gueneysu" target="https://eprint.iacr.org/2022/703">
<front>
<title>Proof-of-possession for KEM certificates using verifiable generation</title>
<author initials="T." surname="Gueneysu" fullname="Tim Gueneysu">
<organization/>
</author>
<author initials="P." surname="Hodges" fullname="Philip Hodges">
<organization/>
</author>
<author initials="G." surname="Land" fullname="Georg Land">
<organization/>
</author>
<author initials="M." surname="Ounsworth" fullname="Mike Ounsworth">
<organization/>
</author>
<author initials="D." surname="Stebila" fullname="Douglas Stebila">
<organization/>
</author>
<author initials="G." surname="Zaverucha" fullname="Greg Zaverucha">
<organization/>
</author>
<date year="2022"/>
</front>
<seriesInfo name="Cryptology
<refcontent>Cryptology ePrint Archive" value=""/> Archive, Paper 2022/703</refcontent>
</reference>
<reference anchor="Fujisaki">
<front>
<title>Secure Integration of Asymmetric and Symmetric Encryption Schemes</title>
<author fullname="Eiichiro Fujisaki" initials="E." surname="Fujisaki">
<organization/>
</author>
<author fullname="Tatsuaki Okamoto" initials="T." surname="Okamoto">
<organization/>
</author>
<date month="December" year="2011"/>
</front>
<seriesInfo name="Journal
<refcontent>Journal of Cryptology" value="vol. Cryptology, vol. 26, no. 1, pp. 80-101"/> 80-101</refcontent>
<seriesInfo name="DOI" value="10.1007/s00145-011-9114-1"/>
<refcontent>Springer Science and Business Media LLC</refcontent>
</reference>
<reference anchor="Hofheinz">
<front>
<title>A Modular Analysis of the Fujisaki-Okamoto Transformation</title>
<author fullname="Dennis Hofheinz" initials="D." surname="Hofheinz">
<organization/>
</author>
<author fullname="Kathrin Hövelmanns" initials="K." surname="Hövelmanns">
<organization/>
</author>
<author fullname="Eike Kiltz" initials="E." surname="Kiltz">
<organization/>
</author>
<date month="November" year="2017"/>
</front>
<seriesInfo name="Lecture
<refcontent>Theory of Cryptography (TCC 2017), Lecture Notes in Computer Science" value="pp. 341-371"/> Science, vol. 10677, pp. 341-371</refcontent>
<seriesInfo name="DOI" value="10.1007/978-3-319-70500-2_12"/>
<seriesInfo name="ISBN" value="["9783319704999", "9783319705002"]"/>
<refcontent>Springer International Publishing</refcontent>
</reference>
<reference anchor="ETSI-3GPP.33.310" target="http://www.3gpp.org/ftp/Specs/html-info/33310.htm">
<front>
<title>Network Domain Security (NDS); Authentication Framework (AF)</title>
<author>
<organization>3GPP</organization>
</author>
<date year="2020" month="December"/>
</front>
<seriesInfo name="3GPP TS" value="33.310 16.6.0"/>
</reference>
<reference anchor="UNISIG.Subset-137" target="https://www.era.europa.eu/system/files/2023-01/sos3_index083_-_subset-137_v100.pdf">
<front>
<title>ERTMS/ETCS On-line Key Management FFFIS</title>
<author>
<organization>UNISIG</organization>
</author>
<date year="2015" month="December"/>
</front>
<seriesInfo name="Subset-137, V1.0.0" value=""/>
<refcontent>Subset-137, V1.0.0</refcontent>
</reference>
</references>
</references>
<?line 4061?>
<section anchor="sect-a">
<name>Reasons for the Presence of RAs</name>
<t>The reasons that justify the presence of an RA can be split into
those that are due to technical factors and those which that are
organizational in nature. Technical reasons include the following.</t>
<ul spacing="normal">
<li>
<t>If hardware tokens are in use, then not all end entities will have
the equipment needed to initialize these; the RA equipment can
include the necessary functionality (this may also be a matter of
policy).</t>
</li>
<li>
<t>Some end entities may not have the capability to publish
certificates; again, the RA may be suitably placed for this.</t>
</li>
<li>
<t>The RA will be able to issue signed revocation requests on behalf
of end entities associated with it, whereas the end entity may not
be able to do this (if the key pair is completely lost).</t>
</li>
</ul>
<t>Some of the organizational reasons that argue for the presence of an
RA are the following.</t>
<ul spacing="normal">
<li>
<t>It may be more cost effective to concentrate functionality in the
RA equipment than to supply functionality to all end entities
(especially if special token initialization equipment is to be
used).</t>
</li>
<li>
<t>Establishing RAs within an organization can reduce the number of
CAs required, which is sometimes desirable.</t>
</li>
<li>
<t>RAs may be better placed to identify people with their
"electronic" names, especially if the CA is physically remote from
the end entity.</t>
</li>
<li>
<t>For many applications, there will already be in place some
administrative structure in place so that candidates for the role of RA are
easy to find (which may not be true of the CA).</t>
</li>
</ul>
<t>Further reasons relevant for automated machine-to-machine certificate lifecycle
management are available in the Lightweight CMP Profile <xref target="RFC9483"/>.</t>
</section>
<section anchor="sect-b">
<name>The Use of Revocation Passphrase</name>
<t>A revocation request must incorporate suitable security mechanisms,
including proper authentication, in order to reduce the probability
of successful denial-of-service attacks. A digital signature or DH/KEM-based message protection on the
request -- <bcp14>REQUIRED</bcp14> to support within this specification depending on the key type used if
revocation requests are supported -- can provide the authentication
required, but there are circumstances under which an alternative
mechanism may be desirable (e.g., when the private key is no longer
accessible and the entity wishes to request a revocation prior to
re-certification of another key pair). In order to accommodate such
circumstances, a password-based MAC, see CMP Algorithms MAC (see <xref target="RFC9481"/> Section
6.1, section="6.1" target="RFC9481">CMP Algorithms</xref>) on the request is also <bcp14>REQUIRED</bcp14> to
support within this specification (subject to local security policy
for a given environment) if revocation requests are supported and if
shared secret information can be established between the requester
and the responder prior to the need for revocation.</t>
<t>A mechanism that has seen use in some environments is "revocation passphrase",
in which a value of sufficient entropy (i.e., a
relatively long passphrase rather than a short password) is shared
between (only) the entity and the CA/RA at some point prior to
revocation; this value is later used to authenticate the revocation
request.</t>
<t>In this specification, the following technique to establish shared
secret information (i.e., a revocation passphrase) is <bcp14>OPTIONAL</bcp14> to
support. Its precise use in CMP messages is as follows.</t>
<ul spacing="normal">
<li>
<t>The OID and value specified in <xref target="sect-5.3.19.9"/> <bcp14>MAY</bcp14> be sent in a GenMsg message
at any time or <bcp14>MAY</bcp14> be sent in the generalInfo
field of the PKIHeader of any PKIMessage at any time. (In particular, the
EncryptedKey structure as described in <xref target="sect-5.2.2"/> may be sent in the header
of the certConf message that confirms acceptance
of certificates requested in an initialization request or certificate request
message.) This conveys a revocation passphrase chosen by the entity to the
relevant CA/RA. When EnvelopedData is used, this is in the decrypted bytes
of the encryptedContent field. When EncryptedValue is used, this is in the decrypted
bytes of the encValue field. Furthermore, the transfer is accomplished with
appropriate confidentiality characteristics.</t>
</li>
<li>
<t>If a CA/RA receives the revocation passphrase (OID and value
specified in <xref target="sect-5.3.19.9"/>) in a GenMsg, it <bcp14>MUST</bcp14> construct and
send a GenRep message that includes the OID (with absent value)
specified in <xref target="sect-5.3.19.9"/>. If the CA/RA receives the
revocation passphrase in the generalInfo field of a PKIHeader of
any PKIMessage, it <bcp14>MUST</bcp14> include the OID (with absent value) in the
generalInfo field of the PKIHeader of the corresponding response
PKIMessage. If the CA/RA is unable to return the appropriate
response message for any reason, it <bcp14>MUST</bcp14> send an error message
with a status of "rejection" and, optionally, a failInfo reason
set.</t>
</li>
<li>
<t>Either the localKeyId attribute of EnvelopedData as specified in
<xref target="RFC2985"/> or the valueHint field of EncryptedValue <bcp14>MAY</bcp14>
contain a key identifier (chosen
by the entity, along with the passphrase itself) to assist in later retrieval
of the correct passphrase (e.g., when the revocation request is constructed
by the end entity and received by the CA/RA).</t>
</li>
<li>
<t>The revocation request message is protected by a password-based MAC, see
CMP Algorithms MAC (see
<xref target="RFC9481"/> Section 6.1, section="6.1" target="RFC9481">"CMP Algorithms"</xref>)
with the revocation passphrase as the key. If appropriate, the
senderKID field in the PKIHeader <bcp14>MAY</bcp14> contain the value previously
transmitted in localKeyId or valueHint.</t>
</li>
</ul>
<t>Note: For a message transferring a revocation passphrase indicating cmp2021(3) in the pvno field of the PKIHeader, the encrypted passphrase <bcp14>MUST</bcp14> be transferred in the envelopedData choice of EncryptedKey as defined in Section 5.2.2. <xref target="sect-5.2.2"/>. When using cmp2000(2) in the message header for backward compatibility, the encryptedValue is used. This allows the necessary conveyance and protection of the passphrase while maintaining bits-on-the-wire compatibility with <xref target="RFC4210"/>. The encryaptedValue encryptedValue choice has been deprecated in favor of encryptedData.</t>
<t>Using the technique specified above, the revocation passphrase may be
initially established and updated at any time without requiring extra
messages or out-of-band exchanges. For example, the revocation
request message itself (protected and authenticated through a MAC
that uses the revocation passphrase as a key) may contain, in the
PKIHeader, a new revocation passphrase to be used for authenticating
future revocation requests for any of the entity's other
certificates. In some environments environments, this may be preferable to
mechanisms that reveal the passphrase in the revocation request
message, since this can allow a denial-of-service attack in which the
revealed passphrase is used by an unauthorized third party to
authenticate revocation requests on the entity's other certificates.
However, because the passphrase is not revealed in the request
message, there is no requirement that the passphrase must always be
updated when a revocation request is made (that is, the same
passphrase <bcp14>MAY</bcp14> be used by an entity to authenticate revocation
requests for different certificates at different times).</t>
<t>Furthermore, the above technique can provide strong cryptographic
protection over the entire revocation request message even when a
digital signature is not used. Techniques that do authentication of
the revocation request by simply revealing the revocation passphrase
typically do not provide cryptographic protection over the fields of
the request message (so that a request for revocation of one
certificate may be modified by an unauthorized third party to a
request for revocation of another certificate for that entity).</t>
</section>
<section anchor="sect-c">
<name>PKI Management Message Profiles (REQUIRED)</name> (<bcp14>REQUIRED</bcp14>)</name>
<t>This appendix contains detailed profiles for those PKIMessages that
<bcp14>MUST</bcp14> be supported by conforming implementations (see <xref target="sect-6"/>).</t>
<t>Note: Appendices <xref target="sect-c"/> target="sect-c" format="counter"/> and <xref format="counter" target="sect-d"/> focus on PKI management operations
managing certificates for human end entities.
In contrast, the Lightweight CMP Profile <xref target="RFC9483"/> focuses on typical use
cases of industrial and IoT scenarios supporting highly automated certificate
lifecycle management scenarios.</t>
<t>Profiles for the PKIMessages used in the following PKI management
operations are provided:</t>
<ul spacing="normal">
<li>
<t>initial registration/certification</t>
</li>
<li>
<t>basic authenticated scheme</t>
</li>
<li>
<t>certificate request</t>
</li>
<li>
<t>key update</t>
</li>
</ul>
<section anchor="sect-c.1">
<name>General Rules for Interpretation of These Profiles</name>
<ol spacing="normal" type="1"><li>
<t>Where <bcp14>OPTIONAL</bcp14> or DEFAULT fields are not mentioned in individual
profiles, they <bcp14>SHOULD</bcp14> be absent from the relevant message (i.e.,
a receiver can validly reject a message containing such fields as
being syntactically incorrect). Mandatory fields are not
mentioned if they have an obvious value. The pvno <bcp14>MUST</bcp14> be set as specified in <xref target="sect-7"/>).</t>
</li>
<li>
<t>Where structures occur in more than one message, they are
separately profiled as appropriate.</t>
</li>
<li>
<t>The algorithmIdentifiers from PKIMessage structures are profiled
separately.</t>
</li>
<li>
<t>A "special" X.500 DN is called the "NULL-DN"; this means a DN
containing a zero-length SEQUENCE OF RelativeDistinguishedNames
(its DER encoding is then '3000'H).</t>
</li>
<li>
<t>Where a GeneralName is required for a field, but no suitable
value is available (e.g., an end entity produces a request before
knowing its name), then the GeneralName is to be an X.500 NULL-DN
(i.e., the Name field of the CHOICE is to contain a NULL-DN).</t>
</li>
<li>
<t>Where a profile omits to specify the value for a GeneralName,
then the NULL-DN value is to be present in the relevant
PKIMessage field. This occurs with the sender field of the
PKIHeader for some messages.</t>
</li>
<li>
<t>Where any ambiguity arises due to naming of fields, the profile
names these using a "dot" notation (e.g., "certTemplate.subject"
means the subject field within a field called certTemplate).</t>
</li>
<li>
<t>Where a "SEQUENCE OF types" is part of a message, a zero-based
array notation is used to describe fields within the SEQUENCE OF
(e.g., crm[0].certReq.certTemplate.subject refers to a subfield
of the first CertReqMsg contained in a request message).</t>
</li>
<li>
<t>All PKI message exchanges in Appendices <xref target="sect-c.4"/> target="sect-c.4" format="counter"/> to <xref format="counter" target="sect-c.6"/> require a
certConf message to be sent by the initiating entity and a
PKIConfirm to be sent by the responding entity. The PKIConfirm
is not included in some of the profiles given since its body is
NULL and its header contents are clear from the context. Any
authenticated means can be used for the protectionAlg (e.g.,
password-based MAC, if shared secret information is known, or
signature).</t>
</li>
</ol>
</section>
<section anchor="sect-c.2">
<name>Algorithm Use Profile</name>
<t>For specifications of algorithm identifiers and respective conventions for
conforming implementations, please refer to Section 7.1 of CMP Algorithms <xref target="RFC9481"/>.</t> section="7.1" target="RFC9481">CMP Algorithms</xref>.</t>
</section>
<section anchor="sect-c.3">
<name>Proof-of-Possession Profile</name>
<!--[rfced] The following text in Appendices C.3, D.3, and D.6 are not complete
sentences. Please review and let us know how these may be made into complete
sentences.
Original:
POP fields for use (in signature field of pop field of
ProofOfPossession structure) when proving possession of a private
signing key that corresponds to a public verification key for which a
certificate has been requested.
...
Profile of how a certificate structure may be "self-signed".
...
Creation of a single cross-certificate (i.e., not two at once).
Perhaps:
The table below describes the POP fields for use (in signature field of pop field of
ProofOfPossession structure) when proving possession of a private
signing key that corresponds to a public verification key for which a
certificate has been requested.
...
The table below is a profile of how a certificate structure may be "self-signed".
...
This section describes the creation of a single cross-certificate (i.e., not two at once).
-->
<t>POP fields for use (in signature field of pop field of
ProofOfPossession structure) when proving possession of a private
signing key that corresponds to a public verification key for which a
certificate has been requested.</t>
<table>
<thead>
<tr>
<th align="left">Field</th>
<th align="left">Value</th>
<th align="left">Comment</th>
</tr>
</thead>
<tbody>
<tr>
<td align="left">algorithmIdentifier</td>
<td align="left">MSG_SIG_ALG</td>
<td align="left">only signature protection is allowed for this proof</td>
</tr>
<tr>
<td align="left">signature</td>
<td align="left">present</td>
<td align="left">bits calculated using MSG_SIG_ALG</td>
</tr>
</tbody>
</table>
<t>Note: For examples of MSG_SIG_ALG OIDs OIDs, see CMP Algorithms Section 3 <xref target="RFC9481"/>.</t> section="3" target="RFC9481">CMP Algorithms</xref>.</t>
<t>Proof-of-possession of a private decryption key that corresponds to a
public encryption key for which a certificate has been requested does
not use this profile; the CertHash field of the certConf message is
used instead.</t>
<t>Not every CA/RA will do Proof-of-Possession (of signing key,
decryption key, or key agreement key) in the PKIX-CMP in-band
certification request protocol (how POP is done <bcp14>MAY</bcp14> ultimately be a
policy issue that is made explicit for any given CA in its publicized
Policy OID and Certification Practice Statement). However, this
specification mandates that CA/RA entities <bcp14>MUST</bcp14> do POP (by some
means) as part of the certification process. All end entities <bcp14>MUST</bcp14>
be prepared to provide POP (i.e., these components of the PKIX-CMP
protocol <bcp14>MUST</bcp14> be supported).</t>
</section>
<section anchor="sect-c.4">
<name>Initial Registration/Certification (Basic Authenticated Scheme)</name>
<t>An (uninitialized) end entity requests a (first) certificate from a
CA. When the CA responds with a message containing a certificate,
the end entity replies with a certificate confirmation. The CA sends
a PKIConfirm back, closing the transaction. All messages are
authenticated.</t>
<t>This scheme allows the end entity to request certification of a
locally-generated
locally generated public key (typically a signature key). The end
entity <bcp14>MAY</bcp14> also choose to request the centralized generation and
certification of another key pair (typically an encryption key pair).</t>
<t>Certification may only be requested for one locally generated public
key (for more, use separate PKIMessages).</t>
<t>The end entity <bcp14>MUST</bcp14> support proof-of-possession of the private key
associated with the locally-generated locally generated public key.</t>
<t>Preconditions:</t>
<ol spacing="normal" type="1"><li>
<t>The end entity can authenticate the CA's signature based on
out-of-band means</t> means.</t>
</li>
<li>
<t>The end entity and the CA share a symmetric MACing key</t> key.</t>
</li>
</ol>
<t>Message flow:</t> Flow:</t>
<artset>
<artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="256" width="560" viewBox="0 0 560 256" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 8,48 L 552,48" fill="none" stroke="black"/>
<path d="M 200,80 L 216,80" fill="none" stroke="black"/>
<path d="M 312,80 L 328,80" fill="none" stroke="black"/>
<path d="M 200,128 L 216,128" fill="none" stroke="black"/>
<path d="M 312,128 L 328,128" fill="none" stroke="black"/>
<path d="M 200,176 L 216,176" fill="none" stroke="black"/>
<path d="M 312,176 L 328,176" fill="none" stroke="black"/>
<path d="M 200,224 L 216,224" fill="none" stroke="black"/>
<path d="M 312,224 L 328,224" fill="none" stroke="black"/>
<polygon class="arrowhead" points="336,176 324,170.4 324,181.6" fill="black" transform="rotate(0,328,176)"/>
<polygon class="arrowhead" points="336,80 324,74.4 324,85.6" fill="black" transform="rotate(0,328,80)"/>
<polygon class="arrowhead" points="320,224 308,218.4 308,229.6" fill="black" transform="rotate(180,312,224)"/>
<polygon class="arrowhead" points="320,128 308,122.4 308,133.6" fill="black" transform="rotate(180,312,128)"/>
<polygon class="arrowhead" points="224,176 212,170.4 212,181.6" fill="black" transform="rotate(0,216,176)"/>
<polygon class="arrowhead" points="224,80 212,74.4 212,85.6" fill="black" transform="rotate(0,216,80)"/>
<polygon class="arrowhead" points="208,224 196,218.4 196,229.6" fill="black" transform="rotate(180,200,224)"/>
<polygon class="arrowhead" points="208,128 196,122.4 196,133.6" fill="black" transform="rotate(180,200,128)"/>
<g class="text">
<text x="24" y="36">Step#</text>
<text x="64" y="36">End</text>
<text x="108" y="36">entity</text>
<text x="360" y="36">PKI</text>
<text x="24" y="68">1</text>
<text x="76" y="68">format</text>
<text x="116" y="68">ir</text>
<text x="24" y="84">2</text>
<text x="252" y="84">ir</text>
<text x="24" y="100">3</text>
<text x="372" y="100">handle</text>
<text x="412" y="100">ir</text>
<text x="24" y="116">4</text>
<text x="372" y="116">format</text>
<text x="412" y="116">ip</text>
<text x="24" y="132">5</text>
<text x="252" y="132">ip</text>
<text x="24" y="148">6</text>
<text x="76" y="148">handle</text>
<text x="116" y="148">ip</text>
<text x="24" y="164">7</text>
<text x="76" y="164">format</text>
<text x="140" y="164">certConf</text>
<text x="24" y="180">8</text>
<text x="268" y="180">certConf</text>
<text x="24" y="196">9</text>
<text x="372" y="196">handle</text>
<text x="436" y="196">certConf</text>
<text x="20" y="212">10</text>
<text x="372" y="212">format</text>
<text x="432" y="212">PKIConf</text>
<text x="20" y="228">11</text>
<text x="264" y="228">PKIConf</text>
<text x="20" y="244">12</text>
<text x="76" y="244">handle</text>
<text x="136" y="244">PKIConf</text>
</g>
</svg>
</artwork>
<artwork type="ascii-art"><![CDATA[
Step# End entity PKI
---------------------------------------------------------------------
1 format ir
2 --> ir -->
3 handle ir
4 format ip
5 <-- ip <--
6 handle ip
7 format certConf
8 --> certConf -->
9 handle certConf
10 format PKIConf
11 <-- PKIConf <--
12 handle PKIConf
]]></artwork>
</artset>
<t>For this profile, we mandate that the end entity <bcp14>MUST</bcp14> include all
(i.e., one or two) CertReqMsg in a single PKIMessage, PKIMessage and that the
PKI (CA) <bcp14>MUST</bcp14> produce a single response PKIMessage that contains the
complete response (i.e., including the <bcp14>OPTIONAL</bcp14> second key pair, if
it was requested and if centralized key generation is supported).
For simplicity, we also mandate that this message <bcp14>MUST</bcp14> be the final
one (i.e., no use of "waiting" status value).</t>
<!--[rfced] As "OPTIONALLY" is not a key word in BCP14, may we update this
sentence to rephrase to use the key word "OPTIONAL"?
Original:
This transaction established the shared secret, the referenceNumber and
OPTIONALLY the distinguished name used for both sender and subject
name in the certificate template.
Perhaps:
This transaction established the shared secret, the referenceNumber, and
an OPTIONAL distinguished name used for both the sender and subject
name in the certificate template.
-->
<t>The end entity has an out-of-band interaction with the CA/RA. This
transaction established the shared secret, the referenceNumber and
OPTIONALLY the distinguished name used for both the sender and subject
name in the certificate template. See <xref target="sect-8.7"/> for security
considerations on quality of shared secret information.</t>
<t>Initialization Request -- ir</t>
<artwork><![CDATA[
Field Value
recipient CA name
-- the name of the CA who is being asked to produce a certificate
protectionAlg MSG_MAC_ALG
-- only MAC protection is allowed for this request, based
-- on initial authentication key
senderKID referenceNum
-- the reference number which that the CA has previously issued
-- to the end entity (together with the MACing key)
transactionID present
-- implementation-specific value, meaningful to end
-- entity.
-- [If already in use at the CA, then a rejection message MUST
-- be produced by the CA]
senderNonce present
-- 128 (pseudo-)random bits
freeText any valid value
body ir (CertReqMessages)
only one or two CertReqMsg
are allowed
-- if more certificates are required, requests MUST be
-- packaged in separate PKIMessages
CertReqMsg one or two present
-- see below for details, note: crm[0] means the first
-- (which MUST be present), crm[1] means the second (which
-- is OPTIONAL, and used to ask for a centrally-generated centrally generated key)
crm[0].certReq. fixed value of zero
certReqId
-- this is the index of the template within the message
crm[0].certReq present
certTemplate
-- MUST include subject public key value, otherwise unconstrained
crm[0].pop... optionally present if public key
POPOSigningKey from crm[0].certReq.certTemplate is
a signing key
-- proof-of-possession MAY be required in this exchange
-- (see Appendix D.3 for details)
crm[0].certReq. optionally present
controls.archiveOptions
-- the end entity MAY request that the locally-generated locally generated
-- private key be archived
crm[0].certReq. optionally present
controls.publicationInfo
-- the end entity MAY ask for publication of resulting cert.
crm[1].certReq fixed value of one
certReqId
-- the index of the template within the message
crm[1].certReq present
certTemplate
-- MUST NOT include actual public key bits, otherwise
-- unconstrained (e.g., the names need not be the same as in
-- crm[0]). Note that subjectPublicKeyInfo MAY be present
-- and contain an AlgorithmIdentifier followed by a
-- zero-length BIT STRING for the subjectPublicKey if it is
-- desired to inform the CA/RA of algorithm and parameter
-- preferences regarding the to-be-generated key pair.
crm[1].certReq. present [object identifier MUST be
PROT_ENC_ALG]
controls.protocolEncrKey
-- if centralized key generation is supported by this CA,
-- this short-term asymmetric encryption key (generated by
-- the end entity) will be used by the CA to encrypt (a
-- symmetric key used to encrypt) a private key generated by
-- the CA on behalf of the end entity
crm[1].certReq. optionally present
controls.archiveOptions
crm[1].certReq. optionally present
controls.publicationInfo
protection present
-- bits calculated using MSG_MAC_ALG
]]></artwork>
<t>Initialization Response -- ip</t>
<artwork><![CDATA[
Field Value
sender CA name
-- the name of the CA who produced the message
messageTime present
-- time at which CA produced message
protectionAlg MSG_MAC_ALG
-- only MAC protection is allowed for this response
senderKID referenceNum
-- the reference number that the CA has previously issued to the
-- end entity (together with the MACing key)
transactionID present
-- value from corresponding ir message
senderNonce present
-- 128 (pseudo-)random bits
recipNonce present
-- value from senderNonce in corresponding ir message
freeText any valid value
body ip (CertRepMessage)
contains exactly one response
for each request
-- The PKI (CA) responds to either one or two requests as
-- appropriate. crc[0] denotes the first (always present);
-- crc[1] denotes the second (only present if the ir message
-- contained two requests and if the CA supports centralized
-- key generation).
crc[0]. fixed value of zero
certReqId
-- MUST contain the response to the first request in the
-- corresponding ir message
crc[0].status. present, positive values allowed:
status "accepted", "grantedWithMods"
negative values allowed:
"rejection"
crc[0].status. present if and only if
failInfo crc[0].status.status is "rejection"
crc[0]. present if and only if
certifiedKeyPair crc[0].status.status is
"accepted" or "grantedWithMods"
certificate present unless end entity's public
key is an encryption key and POP
is done in this in-band exchange
encryptedCert present if and only if end entity's
public key is an encryption key and
POP done in this in-band exchange
publicationInfo optionally present
-- indicates where certificate has been published (present
-- at discretion of CA)
crc[1]. fixed value of one
certReqId
-- MUST contain the response to the second request in the
-- corresponding ir message
crc[1].status. present, positive values allowed:
status "accepted", "grantedWithMods"
negative values allowed:
"rejection"
crc[1].status. present if and only if
failInfo crc[0].status.status is "rejection"
crc[1]. present if and only if
certifiedKeyPair crc[0].status.status is "accepted"
or "grantedWithMods"
certificate present
privateKey present
-- Use EnvelopedData; if backward compatibility is required,
-- use EncryptedValue, see Section 5.2.2
publicationInfo optionally present
-- indicates where certificate has been published (present
-- at discretion of CA)
protection present
-- bits calculated using MSG_MAC_ALG
extraCerts optionally present
-- the CA MAY provide additional certificates to the end
-- entity
]]></artwork>
<t>Certificate confirm -- certConf</t>
<artwork><![CDATA[
Field Value
sender present
-- same as in ir
recipient CA name
-- the name of the CA who was asked to produce a certificate
transactionID present
-- value from corresponding ir and ip messages
senderNonce present
-- 128 (pseudo-) random (pseudo-)random bits
recipNonce present
-- value from senderNonce in corresponding ip message
protectionAlg MSG_MAC_ALG
-- only MAC protection is allowed for this message. The
-- MAC is based on the initial authentication key shared
-- between the EE and the CA.
senderKID referenceNum
-- the reference number which that the CA has previously issued
-- to the end entity (together with the MACing key)
body certConf
-- see Section 5.3.18, "PKI Confirmation Content", for the
-- contents of the certConf fields.
-- Note: two CertStatus structures are required if both an
-- encryption and a signing certificate were sent.
protection present
-- bits calculated using MSG_MAC_ALG
]]></artwork>
<t>Confirmation -- PKIConf</t>
<artwork><![CDATA[
Field Value
sender present
-- same as in ip
recipient present
-- sender name from certConf
transactionID present
-- value from certConf message
senderNonce present
-- 128 (pseudo-) random (pseudo-)random bits
recipNonce present
-- value from senderNonce from certConf message
protectionAlg MSG_MAC_ALG
-- only MAC protection is allowed for this message.
senderKID referenceNum
body PKIConf
protection present
-- bits calculated using MSG_MAC_ALG
]]></artwork>
</section>
<section anchor="sect-c.5">
<name>Certificate Request</name>
<t>An (initialized) end entity requests a certificate from a CA (for any
reason). When the CA responds with a message containing a
certificate, the end entity replies with a certificate confirmation.
The CA replies with a PKIConfirm, PKIConfirm to close the transaction. All
messages are authenticated.</t>
<t>The profile for this exchange is identical to that given in <xref target="sect-c.4"/>,
with the following exceptions:</t>
<ul spacing="normal">
<li>
<t>sender name <bcp14>SHOULD</bcp14> be present</t> present;</t>
</li>
<li>
<t>protectionAlg of MSG_SIG_ALG <bcp14>MUST</bcp14> be supported (MSG_MAC_ALG <bcp14>MAY</bcp14>
also be supported) in request, response, certConfirm, and
PKIConfirm messages;</t>
</li>
<li>
<t>senderKID and recipKID are only present if required for message
verification;</t>
</li>
<li>
<t>body is cr or cp;</t>
</li>
<li>
<t>body may contain one or two CertReqMsg structures, but either
CertReqMsg may be used to request certification of a
locally-generated
locally generated public key or a centrally-generated centrally generated public key
(i.e., the position-dependence requirement of <xref target="sect-c.4"/> is
removed);</t>
removed); and</t>
</li>
<li>
<t>protection bits are calculated according to the protectionAlg
field.</t>
</li>
</ul>
</section>
<section anchor="sect-c.6">
<name>Key Update Request</name>
<t>An (initialized) end entity requests a certificate from a CA (to
update the key pair and/or corresponding certificate that it already
possesses). When the CA responds with a message containing a
certificate, the end entity replies with a certificate confirmation.
The CA replies with a PKIConfirm, PKIConfirm to close the transaction. All
messages are authenticated.</t>
<t>The profile for this exchange is identical to that given in <xref target="sect-c.4"/>,
with the following exceptions:</t>
<!--[rfced] May we update the numbered listed in Appendix C.6 to be a
bulleted list? This would reflect the bulleted list in Appendix C.5.
Appendix C.5:
* sender name SHOULD be present
* protectionAlg of MSG_SIG_ALG MUST be supported (MSG_MAC_ALG MAY
also be supported) in request, response, certConfirm, and
PKIConfirm messages;
...
Appendix C.6:
1. sender name SHOULD be present
2. protectionAlg of MSG_SIG_ALG MUST be supported (MSG_MAC_ALG MAY
also be supported) in request, response, certConfirm, and
PKIConfirm messages;
...
-->
<ol spacing="normal" type="1"><li>
<t>sender name <bcp14>SHOULD</bcp14> be present</t> present;</t>
</li>
<li>
<t>protectionAlg of MSG_SIG_ALG <bcp14>MUST</bcp14> be supported (MSG_MAC_ALG <bcp14>MAY</bcp14>
also be supported) in request, response, certConfirm, and
PKIConfirm messages;</t>
</li>
<li>
<t>senderKID and recipKID are only present if required for message
verification;</t>
</li>
<li>
<t>body is kur or kup;</t>
</li>
<li>
<t>body may contain one or two CertReqMsg structures, but either
CertReqMsg may be used to request certification of a locally-generated locally generated
public key or a centrally-generated centrally generated public key (i.e.,the
position-dependence requirement of <xref target="sect-c.4"/> is removed);</t>
</li>
<li>
<t>protection bits are calculated according to the protectionAlg
field;</t>
field; and</t>
</li>
<li>
<t>regCtrl OldCertId <bcp14>SHOULD</bcp14> be used (unless it is clear to both the
sender and receiver -- by means not specified in this document --
that it is not needed).</t>
</li>
</ol>
</section>
</section>
<section anchor="sect-d">
<name>PKI Management Message Profiles (OPTIONAL)</name> (<bcp14>OPTIONAL</bcp14>)</name>
<t>This appendix contains detailed profiles for those PKIMessages that
<bcp14>MAY</bcp14> be supported by implementations.</t>
<t>Profiles for the PKIMessages used in the following PKI management
operations are provided:</t>
<ul spacing="normal">
<li>
<t>root CA key update</t>
</li>
<li>
<t>information request/response</t>
</li>
<li>
<t>cross-certification request/response (1-way)</t>
</li>
<li>
<t>in-band initialization using external identity certificate</t>
</li>
</ul>
<t>Later
<t>Future versions of this document may extend the above to include
profiles for the operations listed below (along with other
operations, if desired).</t>
<ul spacing="normal">
<li>
<t>revocation request</t>
</li>
<li>
<t>certificate publication</t>
</li>
<li>
<t>CRL publication</t>
</li>
</ul>
<section anchor="sect-d.1">
<name>General Rules for Interpretation of These Profiles.</name> Profiles</name>
<t>Identical to <xref target="sect-c.1"/>.</t>
</section>
<section anchor="sect-d.2">
<name>Algorithm Use Profile</name>
<t>Identical to <xref target="sect-c.2"/>.</t>
</section>
<section anchor="sect-d.3">
<name>Self-Signed Certificates</name>
<t>Profile of how a certificate structure may be "self-signed". These
structures are used for distribution of new root CA public keys. This can
occur in one of three ways (see <xref target="sect-4.4"/> above for a description
of the use of these structures):</t>
<table>
<thead>
<tr>
<th align="left">Type</th>
<th align="left">Function</th>
</tr>
</thead>
<tbody>
<tr>
<td align="left">newWithNew</td>
<td align="left">a "self-signed" certificate; the contained public key <bcp14>MUST</bcp14> be usable to verify the signature (though this provides only integrity and no authentication whatsoever)</td>
</tr>
<tr>
<td align="left">oldWithNew</td>
<td align="left">previous root CA public key signed with new private key</td>
</tr>
<tr>
<td align="left">newWithOld</td>
<td align="left">new root CA public key signed with previous private key</td>
</tr>
</tbody>
</table>
<t>A newWithNew certificate (including relevant extensions) must contain
"sensible" values for all fields. For example, when present,
subjectAltName <bcp14>MUST</bcp14> be identical to issuerAltName, and, when present,
keyIdentifiers must contain appropriate values, et cetera.</t>
</section>
<section anchor="sect-d.4">
<name>Root CA Key Update</name>
<t>A root CA updates its key pair. It then produces a CA key update
announcement message that can be made available (via some transport
mechanism) to the relevant end entities. A confirmation message is
not required from the end entities.</t>
<t>ckuann message:</t>
<table>
<thead>
<tr>
<th align="left">Field</th>
<th align="left">Value</th>
<th align="left">Comment</th>
</tr>
</thead>
<tbody>
<tr>
<td align="left">sender</td>
<td align="left">CA name CA name</td>
<td align="left"> </td> align="left"> </td>
</tr>
<tr>
<td align="left">body</td>
<td align="left">ckuann(RootCaKeyUpdateContent)</td>
<td align="left"> </td> align="left"> </td>
</tr>
<tr>
<td align="left">newWithNew</td>
<td align="left">optionally present</td>
<td align="left">see <xref target="sect-d.3"/> above</td>
</tr>
<tr>
<td align="left">newWithOld</td>
<td align="left">optionally present</td>
<td align="left">see <xref target="sect-d.3"/> above</td>
</tr>
<tr>
<td align="left">oldWithNew</td>
<td align="left">optionally present</td>
<td align="left">see <xref target="sect-d.3"/> above</td>
</tr>
<tr>
<td align="left">extraCerts</td>
<td align="left">optionally present</td>
<td align="left">can be used to "publish" certificates (e.g., certificates signed using the new private key)</td>
</tr>
</tbody>
</table>
</section>
<section anchor="sect-d.5">
<name>PKI Information Request/Response</name>
<t>The end entity sends a general message to the PKI requesting details
that will be required for later PKI management operations. The RA/CA
responds with a general response. If an RA generates the response,
then it will simply forward the equivalent message that it previously
received from the CA, with the possible addition of certificates to
the extraCerts fields of the PKIMessage. A confirmation message is
not required from the end entity.</t>
<t>Message Flows:</t>
<artset>
<artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="160" width="560" viewBox="0 0 560 160" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 8,48 L 552,48" fill="none" stroke="black"/>
<path d="M 160,80 L 176,80" fill="none" stroke="black"/>
<path d="M 264,80 L 280,80" fill="none" stroke="black"/>
<path d="M 160,128 L 176,128" fill="none" stroke="black"/>
<path d="M 264,128 L 280,128" fill="none" stroke="black"/>
<polygon class="arrowhead" points="288,80 276,74.4 276,85.6" fill="black" transform="rotate(0,280,80)"/>
<polygon class="arrowhead" points="272,128 260,122.4 260,133.6" fill="black" transform="rotate(180,264,128)"/>
<polygon class="arrowhead" points="184,80 172,74.4 172,85.6" fill="black" transform="rotate(0,176,80)"/>
<polygon class="arrowhead" points="168,128 156,122.4 156,133.6" fill="black" transform="rotate(180,160,128)"/>
<g class="text">
<text x="24" y="36">Step#</text>
<text x="64" y="36">End</text>
<text x="108" y="36">entity</text>
<text x="336" y="36">PKI</text>
<text x="24" y="68">1</text>
<text x="76" y="68">format</text>
<text x="124" y="68">genm</text>
<text x="24" y="84">2</text>
<text x="220" y="84">genm</text>
<text x="24" y="100">3</text>
<text x="348" y="100">handle</text>
<text x="396" y="100">genm</text>
<text x="24" y="116">4</text>
<text x="352" y="116">produce</text>
<text x="404" y="116">genp</text>
<text x="24" y="132">5</text>
<text x="220" y="132">genp</text>
<text x="24" y="148">6</text>
<text x="76" y="148">handle</text>
<text x="124" y="148">genp</text>
</g>
</svg>
</artwork>
<artwork type="ascii-art"><![CDATA[
Step# End entity PKI
---------------------------------------------------------------------
1 format genm
2 --> genm -->
3 handle genm
4 produce genp
5 <-- genp <--
6 handle genp
]]></artwork>
</artset>
<t>genM:</t>
<artwork><![CDATA[
Field Value
recipient CA name
-- the name of the CA as contained in issuerAltName
-- extensions or issuer fields within certificates
protectionAlg MSG_MAC_ALG or MSG_SIG_ALG
-- any authenticated protection alg.
SenderKID present if required
-- must be present if required for verification of message
-- protection
freeText any valid value
body genr (GenReqContent)
GenMsgContent empty SEQUENCE
-- all relevant information requested
protection present
-- bits calculated using MSG_MAC_ALG or MSG_SIG_ALG
]]></artwork>
<t>genP:</t>
<artwork><![CDATA[
Field Value
sender CA name
-- name of the CA which that produced the message
protectionAlg MSG_MAC_ALG or MSG_SIG_ALG
-- any authenticated protection alg.
senderKID present if required
-- must be present if required for verification of message
-- protection
body genp (GenRepContent)
CAProtEncCert present (object identifier one
of PROT_ENC_ALG), with relevant
value
-- to be used if end entity needs to encrypt information for
-- the CA (e.g., private key for recovery purposes)
SignKeyPairTypes present, with relevant value
-- the set of signature algorithm identifiers that this CA will
-- certify for subject public keys
EncKeyPairTypes present, with relevant value
-- the set of encryption/key encryption / key agreement algorithm identifiers that
-- this CA will certify for subject public keys
PreferredSymmAlg present (object identifier one
of PROT_SYM_ALG) , with relevant
value
-- the symmetric algorithm that this CA expects to be used
-- in later PKI messages (for encryption)
RootCaKeyUpdate optionally present, with
relevant value
-- Use RootCaKeyUpdate; if backward compatibility with cmp2000 is
-- required, use CAKeyUpdateInfo.
-- The CA MAY provide information about a relevant root CA
-- key pair using this field (note that this does not imply
-- that the responding CA is the root CA in question)
CurrentCRL optionally present, with relevant value
-- the CA MAY provide a copy of a complete CRL (i.e.,
-- fullest possible one)
protection present
-- bits calculated using MSG_MAC_ALG or MSG_SIG_ALG
extraCerts optionally present
-- can be used to send some certificates to the end
-- entity. An RA MAY add its certificate here.
]]></artwork>
</section>
<section anchor="sect-d.6">
<name>Cross Certification
<name>Cross-Certification Request/Response (1-way)</name>
<t>Creation of a single cross-certificate (i.e., not two at once). The
requesting CA <bcp14>MAY</bcp14> choose who is responsible for publication of the
cross-certificate created by the responding CA through use of the
PKIPublicationInfo control.</t>
<t>Preconditions:</t>
<ol spacing="normal" type="1"><li>
<t>Responding CA can verify the origin of the request (possibly
requiring out-of-band means) before processing the request.</t>
</li>
<li>
<t>Requesting CA can authenticate the authenticity of the origin of
the response (possibly requiring out-of-band means) before
processing the response</t> response.</t>
</li>
</ol>
<t>The use of certificate confirmation and the corresponding server
confirmation is determined by the generalInfo field in the PKIHeader
(see <xref target="sect-5.1.1"/>). The following profile does not mandate support
for either confirmation.</t>
<t>Message Flows:</t>
<artset>
<artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="160" width="560" viewBox="0 0 560 160" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 8,48 L 552,48" fill="none" stroke="black"/>
<path d="M 176,80 L 192,80" fill="none" stroke="black"/>
<path d="M 288,80 L 304,80" fill="none" stroke="black"/>
<path d="M 176,128 L 192,128" fill="none" stroke="black"/>
<path d="M 288,128 L 304,128" fill="none" stroke="black"/>
<polygon class="arrowhead" points="312,80 300,74.4 300,85.6" fill="black" transform="rotate(0,304,80)"/>
<polygon class="arrowhead" points="296,128 284,122.4 284,133.6" fill="black" transform="rotate(180,288,128)"/>
<polygon class="arrowhead" points="200,80 188,74.4 188,85.6" fill="black" transform="rotate(0,192,80)"/>
<polygon class="arrowhead" points="184,128 172,122.4 172,133.6" fill="black" transform="rotate(180,176,128)"/>
<g class="text">
<text x="24" y="36">Step#</text>
<text x="92" y="36">Requesting</text>
<text x="148" y="36">CA</text>
<text x="380" y="36">Responding</text>
<text x="436" y="36">CA</text>
<text x="24" y="68">1</text>
<text x="76" y="68">format</text>
<text x="120" y="68">ccr</text>
<text x="24" y="84">2</text>
<text x="240" y="84">ccr</text>
<text x="24" y="100">3</text>
<text x="364" y="100">handle</text>
<text x="408" y="100">ccr</text>
<text x="24" y="116">4</text>
<text x="368" y="116">produce</text>
<text x="416" y="116">ccp</text>
<text x="24" y="132">5</text>
<text x="240" y="132">ccp</text>
<text x="24" y="148">6</text>
<text x="76" y="148">handle</text>
<text x="120" y="148">ccp</text>
</g>
</svg>
</artwork>
<artwork type="ascii-art"><![CDATA[
Step# Requesting CA Responding CA
---------------------------------------------------------------------
1 format ccr
2 --> ccr -->
3 handle ccr
4 produce ccp
5 <-- ccp <--
6 handle ccp
]]></artwork>
</artset>
<t>ccr:</t>
<artwork><![CDATA[
Field Value
sender Requesting CA name
-- the name of the CA who produced the message
recipient Responding CA name
-- the name of the CA who is being asked to produce a certificate
messageTime time of production of message
-- current time at requesting CA
protectionAlg MSG_SIG_ALG
-- only signature protection is allowed for this request
senderKID present if required
-- must be present if required for verification of message
-- protection
recipKID present if required
-- must be present if required for verification of message
-- protection
transactionID present
-- implementation-specific value, meaningful to requesting CA.
-- [If already in use at responding CA CA, then a rejection message
-- MUST be produced by responding CA]
senderNonce present
-- 128 (pseudo-)random bits
freeText any valid value
body ccr (CertReqMessages)
only one CertReqMsg
allowed
-- if multiple cross certificates cross-certificates are required, they MUST be
-- packaged in separate PKIMessages
certTemplate present
-- details follow
version v1 or v3
-- v3 STRONGLY RECOMMENDED
signingAlg present
-- the requesting CA must know in advance with which algorithm it
-- wishes the certificate to be signed
subject present
-- may be NULL-DN only if subjectAltNames extension value proposed
validity present
-- MUST be completely specified (i.e., both fields present)
issuer present
-- may be NULL-DN only if issuerAltNames extension value proposed
publicKey present
-- the key to be certified (which must be for a signing algorithm)
extensions optionally present
-- a requesting CA must propose values for all extensions
-- that it requires to be in the cross-certificate
POPOSigningKey present
-- see Section D3: Proof-of-possession profile Appendix C.3: Proof-of-Possession Profile
protection present
-- bits calculated using MSG_SIG_ALG
extraCerts optionally present
-- MAY contain any additional certificates that requester wishes
-- to include
]]></artwork>
<t>ccp:</t>
<artwork><![CDATA[
Field Value
sender Responding CA name
-- the name of the CA who produced the message
recipient Requesting CA name
-- the name of the CA who asked for production of a certificate
messageTime time of production of message
-- current time at responding CA
protectionAlg MSG_SIG_ALG
-- only signature protection is allowed for this message
senderKID present if required
-- must be present if required for verification of message
-- protection
recipKID present if required
transactionID present
-- value from corresponding ccr message
senderNonce present
-- 128 (pseudo-)random bits
recipNonce present
-- senderNonce from corresponding ccr message
freeText any valid value
body ccp (CertRepMessage)
only one CertResponse allowed
-- if multiple cross certificates cross-certificates are required required, they MUST be
-- packaged in separate PKIMessages
response present
status present
PKIStatusInfo.status present
-- if PKIStatusInfo.status is one of:
-- accepted, or
-- grantedWithMods,
-- then certifiedKeyPair MUST be present and failInfo MUST
-- be absent
failInfo present depending on
PKIStatusInfo.status
-- if PKIStatusInfo.status is:
-- rejection rejection,
-- then certifiedKeyPair MUST be absent and failInfo MUST be
-- present and contain appropriate bit settings
certifiedKeyPair present depending on
PKIStatusInfo.status
certificate present depending on
certifiedKeyPair
-- content of actual certificate must be examined by requesting CA
-- before publication
protection present
-- bits calculated using MSG_SIG_ALG
extraCerts optionally present
-- MAY contain any additional certificates that responder wishes
-- to include
]]></artwork>
</section>
<section anchor="sect-d.7">
<name>In-Band Initialization Using External Identity Certificate</name>
<t>An (uninitialized) end entity wishes to initialize into the PKI with
a CA, CA-1. It uses, for authentication purposes, a pre-existing
identity certificate issued by another (external) CA, CA-X. A trust
relationship must already have been established between CA-1 and CA-X
so that CA-1 can validate the EE identity certificate signed by CA-X.
Furthermore, some mechanism must already have been established within
the Trusted Execution Environment (TEE) (TEE), also known as
Personal Security Environment (PSE) (PSE), of the EE that would allow it
to authenticate and verify PKIMessages signed by CA-1 (as one
example, the TEE may contain a certificate issued for the public key
of CA-1, signed by another CA that the EE trusts on the basis of
out-of-band authentication techniques).</t>
<t>The EE sends an initialization request to start the transaction.
When CA-1 responds with a message containing the new certificate, the
end entity replies with a certificate confirmation. CA-1 replies
with a PKIConfirm to close the transaction. All messages are signed
(the EE messages are signed using the private key that corresponds to
the public key in its external identity certificate; the CA-1
messages are signed using the private key that corresponds to the
public key in a certificate that can be chained to a trust anchor in the EE's TEE).</t>
<t>The profile for this exchange is identical to that given in <xref target="sect-c.4"/>,
with the following exceptions:</t>
<ul spacing="normal">
<li>
<t>the EE and CA-1 do not share a symmetric MACing key (i.e., there
is no out-of-band shared secret information between these
entities);</t>
</li>
<li>
<t>sender name in ir <bcp14>MUST</bcp14> be present (and identical to the subject
name present in the external identity certificate);</t>
</li>
<li>
<t>protectionAlg of MSG_SIG_ALG <bcp14>MUST</bcp14> be used in all messages;</t>
</li>
<li>
<t>external identity cert. certificate <bcp14>MUST</bcp14> be carried in ir extraCerts field</t>
</li>
<li>
<t>senderKID and recipKID are not used;</t>
</li>
<li>
<t>body is ir or ip;</t> ip; and</t>
</li>
<li>
<t>protection bits are calculated according to the protectionAlg
field.</t>
</li>
</ul>
</section>
</section>
<section anchor="sect-e">
<name>Variants of Using KEM Keys for PKI Message Protection</name>
<t>As described in <xref target="sect-5.1.3.4"/>, any party in a PKI management operation may wish to use a KEM key pair for message protection. Below possible Possible cases are described.</t> described below.</t>
<t>For any PKI management operation started by a PKI entity with any type of request message, the following message flows describe the use of a KEM key. There are two cases to distinguish, namely whether the PKI entity or the PKI management entity owns a KEM key pair. If both sides own KEM key pairs, the flows need to be combined such that for each direction a shared secret key is established.</t>
<t>In the following message flows flows, Alice indicates the PKI entity that uses a KEM key pair for message authentication and Bob provides the KEM ciphertext using Alice's public KEM key, as described in <xref target="sect-5.1.3.4"/>.</t>
<!--[rfced] As the text preceeding these figures and the titles of the figures
are very similar, may we remove the preceeding text to avoid redundancy?
Original:
Message Flow when the PKI entity has a KEM key pair and certificate:
...
Figure 3: Message Flow when PKI entity has a KEM key pair
Message Flow when the PKI entity knows that the PKI management entity
uses a KEM key pair and has the authentic public key:
...
Figure 4: Message Flow when the PKI entity knows that the PKI
management entity uses a KEM key pair and has the authentic
public key
Message Flow when the PKI entity does not know that the PKI
management entity uses a KEM key pair:
...
Figure 5: Message Flow when the PKI entity does not know that the PKI
management entity uses a KEM key pair
-->
<t>Message Flow when the PKI entity has a KEM key pair and certificate:</t>
<figure anchor="KEM-Flow1">
<name>Message Flow when When the PKI entity has Entity Has a KEM key pair</name> Key Pair</name>
<artset>
<artwork type="svg" align="left"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="688" width="560" viewBox="0 0 560 688" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 8,64 L 552,64" fill="none" stroke="black"/>
<path d="M 200,176 L 216,176" fill="none" stroke="black"/>
<path d="M 312,176 L 328,176" fill="none" stroke="black"/>
<path d="M 200,288 L 216,288" fill="none" stroke="black"/>
<path d="M 312,288 L 328,288" fill="none" stroke="black"/>
<path d="M 200,384 L 216,384" fill="none" stroke="black"/>
<path d="M 312,384 L 328,384" fill="none" stroke="black"/>
<path d="M 8,480 L 64,480" fill="none" stroke="black"/>
<path d="M 496,480 L 552,480" fill="none" stroke="black"/>
<path d="M 200,560 L 216,560" fill="none" stroke="black"/>
<path d="M 312,560 L 328,560" fill="none" stroke="black"/>
<polygon class="arrowhead" points="336,384 324,378.4 324,389.6" fill="black" transform="rotate(0,328,384)"/>
<polygon class="arrowhead" points="336,176 324,170.4 324,181.6" fill="black" transform="rotate(0,328,176)"/>
<polygon class="arrowhead" points="320,560 308,554.4 308,565.6" fill="black" transform="rotate(180,312,560)"/>
<polygon class="arrowhead" points="320,288 308,282.4 308,293.6" fill="black" transform="rotate(180,312,288)"/>
<polygon class="arrowhead" points="224,384 212,378.4 212,389.6" fill="black" transform="rotate(0,216,384)"/>
<polygon class="arrowhead" points="224,176 212,170.4 212,181.6" fill="black" transform="rotate(0,216,176)"/>
<polygon class="arrowhead" points="208,560 196,554.4 196,565.6" fill="black" transform="rotate(180,200,560)"/>
<polygon class="arrowhead" points="208,288 196,282.4 196,293.6" fill="black" transform="rotate(180,200,288)"/>
<g class="text">
<text x="24" y="36">Step#</text>
<text x="64" y="36">PKI</text>
<text x="108" y="36">entity</text>
<text x="360" y="36">PKI</text>
<text x="420" y="36">management</text>
<text x="492" y="36">entity</text>
<text x="80" y="52">(Alice)</text>
<text x="368" y="52">(Bob)</text>
<text x="24" y="84">1</text>
<text x="76" y="84">format</text>
<text x="152" y="84">unprotected</text>
<text x="220" y="84">genm</text>
<text x="76" y="100">of</text>
<text x="108" y="100">type</text>
<text x="136" y="116">KemCiphertextInfo</text>
<text x="96" y="132">without</text>
<text x="156" y="132">value,</text>
<text x="200" y="132">and</text>
<text x="80" y="148">KEM</text>
<text x="144" y="148">certificate</text>
<text x="204" y="148">in</text>
<text x="108" y="164">extraCerts</text>
<text x="24" y="180">2</text>
<text x="260" y="180">genm</text>
<text x="24" y="196">3</text>
<text x="380" y="196">validate</text>
<text x="432" y="196">KEM</text>
<text x="496" y="196">certificate</text>
<text x="24" y="212">4</text>
<text x="376" y="212">perform</text>
<text x="424" y="212">KEM</text>
<text x="488" y="212">Encapsulate</text>
<text x="24" y="228">5</text>
<text x="372" y="228">format</text>
<text x="448" y="228">unprotected</text>
<text x="516" y="228">genp</text>
<text x="372" y="244">of</text>
<text x="404" y="244">type</text>
<text x="432" y="260">KemCiphertextInfo</text>
<text x="400" y="276">providing</text>
<text x="456" y="276">KEM</text>
<text x="516" y="276">ciphertext</text>
<text x="24" y="292">6</text>
<text x="260" y="292">genp</text>
<text x="24" y="308">7</text>
<text x="80" y="308">perform</text>
<text x="128" y="308">KEM</text>
<text x="192" y="308">Decapsulate</text>
<text x="24" y="324">8</text>
<text x="80" y="324">perform</text>
<text x="128" y="324">key</text>
<text x="188" y="324">derivation</text>
<text x="76" y="340">to</text>
<text x="104" y="340">get</text>
<text x="136" y="340">ssk</text>
<text x="24" y="356">9</text>
<text x="76" y="356">format</text>
<text x="136" y="356">request</text>
<text x="188" y="356">with</text>
<text x="104" y="372">MAC-based</text>
<text x="188" y="372">protection</text>
<text x="20" y="388">10</text>
<text x="264" y="388">request</text>
<text x="20" y="404">11</text>
<text x="376" y="404">perform</text>
<text x="424" y="404">key</text>
<text x="484" y="404">derivation</text>
<text x="372" y="420">to</text>
<text x="400" y="420">get</text>
<text x="432" y="420">ssk</text>
<text x="20" y="436">12</text>
<text x="372" y="436">verify</text>
<text x="440" y="436">MAC-based</text>
<text x="404" y="452">protection</text>
<text x="96" y="484">PKI</text>
<text x="140" y="484">entity</text>
<text x="224" y="484">authenticated</text>
<text x="292" y="484">by</text>
<text x="320" y="484">PKI</text>
<text x="380" y="484">management</text>
<text x="452" y="484">entity</text>
<text x="20" y="516">13</text>
<text x="372" y="516">format</text>
<text x="436" y="516">response</text>
<text x="492" y="516">with</text>
<text x="404" y="532">protection</text>
<text x="488" y="532">depending</text>
<text x="540" y="532">on</text>
<text x="400" y="548">available</text>
<text x="456" y="548">key</text>
<text x="508" y="548">material</text>
<text x="20" y="564">14</text>
<text x="260" y="564">response</text>
<text x="20" y="580">15</text>
<text x="76" y="580">verify</text>
<text x="148" y="580">protection</text>
<text x="100" y="596">provided</text>
<text x="148" y="596">by</text>
<text x="176" y="596">the</text>
<text x="80" y="612">PKI</text>
<text x="140" y="612">management</text>
<text x="212" y="612">entity</text>
<text x="20" y="644">16</text>
<text x="112" y="644">Further</text>
<text x="180" y="644">messages</text>
<text x="228" y="644">of</text>
<text x="260" y="644">this</text>
<text x="296" y="644">PKI</text>
<text x="356" y="644">management</text>
<text x="440" y="644">operation</text>
<text x="80" y="660">can</text>
<text x="108" y="660">be</text>
<text x="160" y="660">exchanged</text>
<text x="220" y="660">with</text>
<text x="280" y="660">MAC-based</text>
<text x="364" y="660">protection</text>
<text x="420" y="660">by</text>
<text x="448" y="660">the</text>
<text x="480" y="660">PKI</text>
<text x="100" y="676">entity</text>
<text x="152" y="676">using</text>
<text x="192" y="676">the</text>
<text x="256" y="676">established</text>
<text x="332" y="676">shared</text>
<text x="388" y="676">secret</text>
<text x="432" y="676">key</text>
<text x="472" y="676">(ssk)</text>
</g>
</svg>
</artwork>
<artwork type="ascii-art" align="left"><![CDATA[
Step# PKI entity PKI management entity
(Alice) (Bob)
---------------------------------------------------------------------
1 format unprotected genm
of type
KemCiphertextInfo
without value, and
KEM certificate in
extraCerts
2 --> genm -->
3 validate KEM certificate
4 perform KEM Encapsulate
5 format unprotected genp
of type
KemCiphertextInfo
providing KEM ciphertext
6 <-- genp <--
7 perform KEM Decapsulate
8 perform key derivation
to get ssk
9 format request with
MAC-based protection
10 --> request -->
11 perform key derivation
to get ssk
12 verify MAC-based
protection
-------- PKI entity authenticated by PKI management entity --------
13 format response with
protection depending on
available key material
14 <-- response <--
15 verify protection
provided by the
PKI management entity
16 Further messages of this PKI management operation
can be exchanged with MAC-based protection by the PKI
entity using the established shared secret key (ssk)
]]></artwork>
</artset>
</figure>
<t>Message Flow when the PKI entity knows that the PKI management entity uses a KEM key pair and has the authentic public key:</t>
<figure anchor="KEM-Flow2">
<name>Message Flow when When the PKI entity knows that Entity Knows That the PKI management entity uses Management Entity Uses a KEM key pair Key Pair and has Has the authentic public key</name> Authentic Public Key</name>
<artset>
<artwork type="svg" align="left"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="496" width="560" viewBox="0 0 560 496" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 8,64 L 552,64" fill="none" stroke="black"/>
<path d="M 200,208 L 216,208" fill="none" stroke="black"/>
<path d="M 312,208 L 328,208" fill="none" stroke="black"/>
<path d="M 200,304 L 216,304" fill="none" stroke="black"/>
<path d="M 312,304 L 328,304" fill="none" stroke="black"/>
<path d="M 8,400 L 64,400" fill="none" stroke="black"/>
<path d="M 496,400 L 552,400" fill="none" stroke="black"/>
<polygon class="arrowhead" points="336,208 324,202.4 324,213.6" fill="black" transform="rotate(0,328,208)"/>
<polygon class="arrowhead" points="320,304 308,298.4 308,309.6" fill="black" transform="rotate(180,312,304)"/>
<polygon class="arrowhead" points="224,208 212,202.4 212,213.6" fill="black" transform="rotate(0,216,208)"/>
<polygon class="arrowhead" points="208,304 196,298.4 196,309.6" fill="black" transform="rotate(180,200,304)"/>
<g class="text">
<text x="24" y="36">Step#</text>
<text x="64" y="36">PKI</text>
<text x="108" y="36">entity</text>
<text x="360" y="36">PKI</text>
<text x="420" y="36">management</text>
<text x="492" y="36">entity</text>
<text x="72" y="52">(Bob)</text>
<text x="376" y="52">(Alice)</text>
<text x="24" y="84">1</text>
<text x="80" y="84">perform</text>
<text x="128" y="84">KEM</text>
<text x="192" y="84">Encapsulate</text>
<text x="24" y="100">2</text>
<text x="76" y="100">format</text>
<text x="136" y="100">request</text>
<text x="208" y="100">providing</text>
<text x="80" y="116">KEM</text>
<text x="140" y="116">ciphertext</text>
<text x="196" y="116">in</text>
<text x="112" y="132">generalInfo</text>
<text x="172" y="132">of</text>
<text x="204" y="132">type</text>
<text x="140" y="148">KemCiphertextInfo,</text>
<text x="80" y="164">and</text>
<text x="116" y="164">with</text>
<text x="180" y="164">protection</text>
<text x="104" y="180">depending</text>
<text x="156" y="180">on</text>
<text x="208" y="180">available</text>
<text x="80" y="196">key</text>
<text x="132" y="196">material</text>
<text x="24" y="212">3</text>
<text x="264" y="212">request</text>
<text x="24" y="228">4</text>
<text x="376" y="228">perform</text>
<text x="424" y="228">KEM</text>
<text x="488" y="228">Decapsulate</text>
<text x="24" y="244">5</text>
<text x="376" y="244">perform</text>
<text x="424" y="244">key</text>
<text x="484" y="244">derivation</text>
<text x="372" y="260">to</text>
<text x="400" y="260">get</text>
<text x="432" y="260">ssk</text>
<text x="24" y="276">6</text>
<text x="372" y="276">format</text>
<text x="436" y="276">response</text>
<text x="492" y="276">with</text>
<text x="400" y="292">MAC-based</text>
<text x="484" y="292">protection</text>
<text x="24" y="308">7</text>
<text x="260" y="308">response</text>
<text x="24" y="324">8</text>
<text x="80" y="324">perform</text>
<text x="128" y="324">key</text>
<text x="188" y="324">derivation</text>
<text x="76" y="340">to</text>
<text x="104" y="340">get</text>
<text x="136" y="340">ssk</text>
<text x="24" y="356">9</text>
<text x="76" y="356">verify</text>
<text x="144" y="356">MAC-based</text>
<text x="108" y="372">protection</text>
<text x="96" y="404">PKI</text>
<text x="156" y="404">management</text>
<text x="228" y="404">entity</text>
<text x="312" y="404">authenticated</text>
<text x="380" y="404">by</text>
<text x="408" y="404">PKI</text>
<text x="452" y="404">entity</text>
<text x="20" y="436">10</text>
<text x="112" y="436">Further</text>
<text x="180" y="436">messages</text>
<text x="228" y="436">of</text>
<text x="260" y="436">this</text>
<text x="296" y="436">PKI</text>
<text x="356" y="436">management</text>
<text x="440" y="436">operation</text>
<text x="96" y="452">can</text>
<text x="124" y="452">be</text>
<text x="176" y="452">exchanged</text>
<text x="236" y="452">with</text>
<text x="296" y="452">MAC-based</text>
<text x="380" y="452">protection</text>
<text x="436" y="452">by</text>
<text x="464" y="452">the</text>
<text x="120" y="468">PKI</text>
<text x="180" y="468">management</text>
<text x="252" y="468">entity</text>
<text x="304" y="468">using</text>
<text x="344" y="468">the</text>
<text x="408" y="468">established</text>
<text x="220" y="484">shared</text>
<text x="276" y="484">secret</text>
<text x="320" y="484">key</text>
<text x="360" y="484">(ssk)</text>
</g>
</svg>
</artwork>
<artwork type="ascii-art" align="left"><![CDATA[
Step# PKI entity PKI management entity
(Bob) (Alice)
---------------------------------------------------------------------
1 perform KEM Encapsulate
2 format request providing
KEM ciphertext in
generalInfo of type
KemCiphertextInfo,
and with protection
depending on available
key material
3 --> request -->
4 perform KEM Decapsulate
5 perform key derivation
to get ssk
6 format response with
MAC-based protection
7 <-- response <--
8 perform key derivation
to get ssk
9 verify MAC-based
protection
-------- PKI management entity authenticated by PKI entity --------
10 Further messages of this PKI management operation
can be exchanged with MAC-based protection by the
PKI management entity using the established
shared secret key (ssk)
]]></artwork>
</artset>
</figure>
<t>Note: <xref target="KEM-Flow2"/> describes the situation where KEM-based message protection may not require more that than one message exchange. In this case, the transactionID <bcp14>MUST</bcp14> also be used by the PKI entity (Bob) to ensure domain separation between different PKI management operations.</t>
<t>Message Flow when the PKI entity does not know that the PKI management entity uses a KEM key pair:</t>
<figure anchor="KEM-Flow3">
<name>Message Flow when When the PKI entity does not know that Entity Does Not Know That the PKI management entity uses Management Entity Uses a KEM key pair</name> Key Pair</name>
<artset>
<artwork type="svg" align="left"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="320" width="560" viewBox="0 0 560 320" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 8,64 L 552,64" fill="none" stroke="black"/>
<path d="M 200,144 L 216,144" fill="none" stroke="black"/>
<path d="M 312,144 L 328,144" fill="none" stroke="black"/>
<path d="M 200,256 L 216,256" fill="none" stroke="black"/>
<path d="M 312,256 L 328,256" fill="none" stroke="black"/>
<polygon class="arrowhead" points="336,144 324,138.4 324,149.6" fill="black" transform="rotate(0,328,144)"/>
<polygon class="arrowhead" points="320,256 308,250.4 308,261.6" fill="black" transform="rotate(180,312,256)"/>
<polygon class="arrowhead" points="224,144 212,138.4 212,149.6" fill="black" transform="rotate(0,216,144)"/>
<polygon class="arrowhead" points="208,256 196,250.4 196,261.6" fill="black" transform="rotate(180,200,256)"/>
<g class="text">
<text x="24" y="36">Step#</text>
<text x="64" y="36">PKI</text>
<text x="108" y="36">entity</text>
<text x="360" y="36">PKI</text>
<text x="420" y="36">management</text>
<text x="492" y="36">entity</text>
<text x="72" y="52">(Bob)</text>
<text x="376" y="52">(Alice)</text>
<text x="24" y="84">1</text>
<text x="76" y="84">format</text>
<text x="136" y="84">request</text>
<text x="188" y="84">with</text>
<text x="108" y="100">protection</text>
<text x="192" y="100">depending</text>
<text x="76" y="116">on</text>
<text x="128" y="116">available</text>
<text x="184" y="116">key</text>
<text x="100" y="132">material</text>
<text x="24" y="148">2</text>
<text x="264" y="148">request</text>
<text x="24" y="164">3</text>
<text x="372" y="164">format</text>
<text x="448" y="164">unprotected</text>
<text x="520" y="164">error</text>
<text x="380" y="180">with</text>
<text x="428" y="180">status</text>
<text x="504" y="180">"rejection"</text>
<text x="376" y="196">and</text>
<text x="428" y="196">failInfo</text>
<text x="428" y="212">"wrongIntegrity"</text>
<text x="512" y="212">and</text>
<text x="544" y="212">KEM</text>
<text x="408" y="228">certificate</text>
<text x="468" y="228">in</text>
<text x="404" y="244">extraCerts</text>
<text x="24" y="260">4</text>
<text x="264" y="260">error</text>
<text x="24" y="276">5</text>
<text x="84" y="276">validate</text>
<text x="136" y="276">KEM</text>
<text x="200" y="276">certificate</text>
<text x="24" y="308">6</text>
<text x="168" y="308">proceed</text>
<text x="212" y="308">as</text>
<text x="248" y="308">shown</text>
<text x="284" y="308">in</text>
<text x="312" y="308">the</text>
<text x="356" y="308">Figure</text> y="308">figure</text>
<text x="412" y="308">before</text>
</g>
</svg>
</artwork>
<artwork type="ascii-art" align="left"><![CDATA[
Step# PKI entity PKI management entity
(Bob) (Alice)
---------------------------------------------------------------------
1 format request with
protection depending
on available key
material
2 --> request -->
3 format unprotected error
with status "rejection"
and failInfo
"wrongIntegrity" and KEM
certificate in
extraCerts
4 <-- error <--
5 validate KEM certificate
6 proceed as shown in the Figure figure before
]]></artwork>
</artset>
</figure>
</section>
<section anchor="sect-f">
<name>Compilable ASN.1 Definitions</name>
<t>This section contains the updated 2002 ASN.1 module for from <xref target="RFC5912"/>
as target="RFC5912"/>, which
was updated in <xref target="RFC9480"/>.
This module replaces the module in Section 9 of <xref section="9" target="RFC5912"/>.
The module contains those changes to the normative ASN.1 module from
Appendix F of
<xref section="F" sectionFormat="of" target="RFC4210"/> that were specified in <xref target="RFC9480"/>,
as well as changes made in this document.</t>
<!--[rfced] We note that the following references have citations only in
the ASN.1 module in Appendix F. In order to have a 1:1 matchup between
the references section and the text, please review the text and let us know
where a citation for each of the following may be included.
Alternatively, a sentence can be added before the module stating that it
refers to the following (and then list the citations).
[RFC3629]
[RFC6268]
-->
<sourcecode type="asn.1"><![CDATA[
PKIXCMP-2023
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-cmp2023-02(TBD2)
id-mod-cmp2023-02(116) }
DEFINITIONS EXPLICIT TAGS ::=
BEGIN
IMPORTS
AttributeSet{}, SingleAttribute{}, Extensions{}, EXTENSION, ATTRIBUTE
FROM PKIX-CommonTypes-2009
{iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)}
AlgorithmIdentifier{}, SIGNATURE-ALGORITHM, ALGORITHM,
DIGEST-ALGORITHM, MAC-ALGORITHM, KEY-DERIVATION
FROM AlgorithmInformation-2009
{iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0)
id-mod-algorithmInformation-02(58)}
Certificate, CertificateList, Time, id-kp
FROM PKIX1Explicit-2009
{iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)}
DistributionPointName, GeneralNames, GeneralName, KeyIdentifier
FROM PKIX1Implicit-2009
{iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)}
CertTemplate, PKIPublicationInfo, EncryptedKey, CertId,
CertReqMessages, Controls, RegControlSet, id-regCtrl
FROM PKIXCRMF-2009
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-crmf2005-02(55) }
-- The import of EncryptedKey is added due to the updates made
-- in [RFC9480]. EncryptedValue does not need to be imported
-- anymore and is therefore removed here.
CertificationRequest
FROM PKCS-10
{iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) id-mod-pkcs10-2009(69)}
-- (specified in [RFC2986] with 1993 ASN.1 syntax and IMPLICIT
-- tags). Alternatively, implementers may directly include
-- the syntax of [RFC2986] in this module.
localKeyId
FROM PKCS-9
{iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
modules(0) pkcs-9(1)}
-- The import of localKeyId is added due to the updates made in
-- [RFC9480]
EnvelopedData, SignedData
FROM CryptographicMessageSyntax-2010
{iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) modules(0) id-mod-cms-2009(58)}
-- The import of EnvelopedData and SignedData from [RFC6268] is
-- added due to the updates made in CMP Updates [RFC9480]
KEM-ALGORITHM
FROM KEMAlgorithmInformation-2023 -- [RFC9629]
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-kemAlgorithmInformation-2023(109) }
-- The import of KEM-ALGORITHM was added due to the updates made
-- in [RFCXXXX] [RFC9810]
;
-- History of the PKIXCMP ASN.1 modules
-- [RFC2510]
-- 1988 Syntax, PKIXCMP, 1.3.6.1.5.5.7.0.9 (id-mod-cmp)
-- Obsoleted by RFC 4210 PKIXCMP, 1.3.6.1.5.5.7.0.16
-- (id-mod-cmp2000)
-- [RFC4210]
-- 1988 Syntax, PKIXCMP, 1.3.6.1.5.5.7.0.16 (id-mod-cmp2000)
-- Replaced by RFC 9480 PKIXCMP, 1.3.6.1.5.5.7.0.99
-- (id-mod-cmp2021-88)
-- [RFC5912]
-- 2002 Syntax, PKIXCMP-2009, 1.3.6.1.5.5.7.0.50
-- (id-mod-cmp2000-02)
-- Replaced by RFC 9480 PKIXCMP-2021, 1.3.6.1.5.5.7.0.100
-- (id-mod-cmp2021-02)
-- [RFC9480]
-- 1988 Syntax, PKIXCMP, 1.3.6.1.5.5.7.0.99 (id-mod-cmp2021-88)
-- 2002 Syntax, PKIXCMP-2021, 1.3.6.1.5.5.7.0.100
-- (id-mod-cmp2021-02)
-- Obsoleted by [RFCXXXX] [RFC9810] PKIXCMP-2023, 1.3.6.1.5.5.7.0.TBD2 1.3.6.1.5.5.7.0.116
-- (id-mod-cmp2023-02)
-- [RFCXXXX] [RFC9810]
-- 2002 Syntax, PKIXCMP-2023, 1.3.6.1.5.5.7.0.TBD2 1.3.6.1.5.5.7.0.116
-- (id-mod-cmp2023-02)
-- The rest of the module contains locally defined OIDs and
-- constructs:
CMPCertificate ::= CHOICE { x509v3PKCert Certificate, ... }
-- This syntax, while bits-on-the-wire compatible with the
-- standard X.509 definition of "Certificate", allows the
-- possibility of future certificate types (such as X.509
-- attribute certificates, card-verifiable certificates, or other
-- kinds of certificates) within this Certificate Management
-- Protocol, should a need ever arise to support such generality.
-- Those implementations that do not foresee a need to ever support
-- other certificate types MAY, if they wish, comment out the
-- above structure and "uncomment" the following one prior to
-- compiling this ASN.1 module. (Note that interoperability
-- with implementations that don't do this will be unaffected by
-- this change.)
-- CMPCertificate ::= Certificate
PKIMessage ::= SEQUENCE {
header PKIHeader,
body PKIBody,
protection [0] PKIProtection OPTIONAL,
extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
OPTIONAL }
PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage
PKIHeader ::= SEQUENCE {
pvno INTEGER { cmp1999(1), cmp2000(2),
cmp2021(3) },
sender GeneralName,
-- identifies the sender
recipient GeneralName,
-- identifies the intended recipient
messageTime [0] GeneralizedTime OPTIONAL,
-- time of production of this message (used when sender
-- believes that the transport will be "suitable", i.e.,
-- that the time will still be meaningful upon receipt)
protectionAlg [1] AlgorithmIdentifier{ALGORITHM, {...}}
OPTIONAL,
-- algorithm used for calculation of protection bits
senderKID [2] KeyIdentifier OPTIONAL,
recipKID [3] KeyIdentifier OPTIONAL,
-- to identify specific keys used for protection
transactionID [4] OCTET STRING OPTIONAL,
-- identifies the transaction, i.e., this will be the same in
-- corresponding request, response, certConf, and PKIConf
-- messages
senderNonce [5] OCTET STRING OPTIONAL,
recipNonce [6] OCTET STRING OPTIONAL,
-- nonces used to provide replay protection, senderNonce
-- is inserted by the creator of this message; recipNonce
-- is a nonce previously inserted in a related message by
-- the intended recipient of this message.
freeText [7] PKIFreeText OPTIONAL,
-- this may be used to indicate context-specific instructions
-- (this field is intended for human consumption)
generalInfo [8] SEQUENCE SIZE (1..MAX) OF
InfoTypeAndValue OPTIONAL
-- this may be used to convey context-specific information
-- (this field is not primarily intended for human consumption)
}
PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
-- text encoded as UTF-8 string [RFC3629]
PKIBody ::= CHOICE { -- message-specific body elements
ir [0] CertReqMessages, --Initialization Request
ip [1] CertRepMessage, --Initialization Response
cr [2] CertReqMessages, --Certification Request
cp [3] CertRepMessage, --Certification Response
p10cr [4] CertificationRequest, --imported from [RFC2986]
popdecc [5] POPODecKeyChallContent, --pop Challenge
popdecr [6] POPODecKeyRespContent, --pop Response
kur [7] CertReqMessages, --Key Update Request
kup [8] CertRepMessage, --Key Update Response
krr [9] CertReqMessages, --Key Recovery Request
krp [10] KeyRecRepContent, --Key Recovery Response
rr [11] RevReqContent, --Revocation Request
rp [12] RevRepContent, --Revocation Response
ccr [13] CertReqMessages, --Cross-Cert. Request
ccp [14] CertRepMessage, --Cross-Cert. Response
ckuann [15] CAKeyUpdContent, --CA Key Update Ann.
cann [16] CertAnnContent, --Certificate Ann.
rann [17] RevAnnContent, --Revocation Ann.
crlann [18] CRLAnnContent, --CRL Announcement
pkiconf [19] PKIConfirmContent, --Confirmation
nested [20] NestedMessageContent, --Nested Message
genm [21] GenMsgContent, --General Message
genp [22] GenRepContent, --General Response
error [23] ErrorMsgContent, --Error Message
certConf [24] CertConfirmContent, --Certificate Confirm
pollReq [25] PollReqContent, --Polling Request
pollRep [26] PollRepContent --Polling Response
}
PKIProtection ::= BIT STRING
ProtectedPart ::= SEQUENCE {
header PKIHeader,
body PKIBody }
id-PasswordBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2)
usa(840) nt(113533) nsn(7) algorithms(66) 13 }
PBMParameter ::= SEQUENCE {
salt OCTET STRING,
-- Note: Implementations MAY wish to limit acceptable sizes
-- of this string to values appropriate for their environment
-- in order to reduce the risk of denial-of-service attacks.
owf AlgorithmIdentifier{DIGEST-ALGORITHM, {...}},
-- AlgId for the One-Way Function
iterationCount INTEGER,
-- number of times the OWF is applied
-- Note: Implementations MAY wish to limit acceptable sizes
-- of this integer to values appropriate for their environment
-- in order to reduce the risk of denial-of-service attacks.
mac AlgorithmIdentifier{MAC-ALGORITHM, {...}}
-- AlgId of the Message Authentication Code algorithm
}
id-DHBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2)
usa(840) nt(113533) nsn(7) algorithms(66) 30 }
DHBMParameter ::= SEQUENCE {
owf AlgorithmIdentifier{DIGEST-ALGORITHM, {...}},
-- AlgId for a One-Way Function
mac AlgorithmIdentifier{MAC-ALGORITHM, {...}}
-- AlgId of the Message Authentication Code algorithm
}
-- id-KemBasedMac and KemBMParameter were added in [RFCXXXX] [RFC9810]
id-KemBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2)
usa(840) nt(113533) nsn(7) algorithms(66) 16 }
KemBMParameter ::= SEQUENCE {
kdf AlgorithmIdentifier{KEY-DERIVATION, {...}},
-- AlgId of the Key Derivation Function algorithm
kemContext [0] OCTET STRING OPTIONAL,
-- MAY contain additional algorithm specific algorithm-specific context information
len INTEGER (1..MAX),
-- Defines the length of the keying material output of the KDF
-- SHOULD be the maximum key length of the MAC function
mac AlgorithmIdentifier{MAC-ALGORITHM, {...}}
-- AlgId of the Message Authentication Code algorithm
}
PKIStatus ::= INTEGER {
accepted (0),
-- you got exactly what you asked for
grantedWithMods (1),
-- you got something like what you asked for; the
-- requester is responsible for ascertaining the differences
rejection (2),
-- you don't get it, more information elsewhere in the message
waiting (3),
-- the request body part has not yet been processed; expect to
-- hear more later (note: proper handling of this status
-- response MAY use the polling req/rep PKIMessages specified
-- in Section 5.3.22; alternatively, polling in the underlying
-- transport layer MAY have some utility in this regard)
revocationWarning (4),
-- this message contains a warning that a revocation is
-- imminent
revocationNotification (5),
-- notification that a revocation has occurred
keyUpdateWarning (6)
-- update already done for the oldCertId specified in
-- CertReqMsg
}
PKIFailureInfo ::= BIT STRING {
-- since we can fail in more than one way!
-- More codes may be added in the future if/when required.
badAlg (0),
-- unrecognized or unsupported algorithm identifier
badMessageCheck (1),
-- integrity check failed (e.g., signature did not verify)
badRequest (2),
-- transaction not permitted or supported
badTime (3),
-- messageTime was not sufficiently close to the system time,
-- as defined by local policy
badCertId (4),
-- no certificate could be found matching the provided criteria
badDataFormat (5),
-- the data submitted has the wrong format
wrongAuthority (6),
-- the authority indicated in the request is different from the
-- one creating the response token
incorrectData (7),
-- the requester's data is incorrect (for notary services)
missingTimeStamp (8),
-- when the timestamp is missing but should be there
-- (by policy)
badPOP (9),
-- the proof-of-possession failed
certRevoked (10),
-- the certificate has already been revoked
certConfirmed (11),
-- the certificate has already been confirmed
wrongIntegrity (12),
-- KEM ciphertext missing for MAC-based protection of response,
-- or not valid integrity of message received (password based
-- instead of signature or vice versa)
badRecipientNonce (13),
-- not valid recipient nonce, either missing or wrong value
timeNotAvailable (14),
-- the TSA's time source is not available
unacceptedPolicy (15),
-- the requested TSA policy is not supported by the TSA
unacceptedExtension (16),
-- the requested extension is not supported by the TSA
addInfoNotAvailable (17),
-- the additional information requested could not be
-- understood or is not available
badSenderNonce (18),
-- not valid sender nonce, either missing or wrong size
badCertTemplate (19),
-- not valid cert. template or missing mandatory information
signerNotTrusted (20),
-- signer of the message unknown or not trusted
transactionIdInUse (21),
-- the transaction identifier is already in use
unsupportedVersion (22),
-- the version of the message is not supported
notAuthorized (23),
-- the sender was not authorized to make the preceding
-- request or perform the preceding action
systemUnavail (24),
-- the request cannot be handled due to system unavailability
systemFailure (25),
-- the request cannot be handled due to system failure
duplicateCertReq (26)
-- certificate cannot be issued because a duplicate
-- certificate already exists
}
PKIStatusInfo ::= SEQUENCE {
status PKIStatus,
statusString PKIFreeText OPTIONAL,
failInfo PKIFailureInfo OPTIONAL }
OOBCert ::= CMPCertificate
OOBCertHash ::= SEQUENCE {
hashAlg [0] AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}
OPTIONAL,
certId [1] CertId OPTIONAL,
hashVal BIT STRING
-- hashVal is calculated over the DER encoding of the
-- self-signed certificate with the identifier certID.
}
POPODecKeyChallContent ::= SEQUENCE OF Challenge
-- One Challenge per encryption or key agreement key certification
-- request (in the same order as these requests appear in
-- CertReqMessages).
-- encryptedRand was added in [RFCXXXX] [RFC9810]
Challenge ::= SEQUENCE {
owf AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}
OPTIONAL,
-- MUST be present in the first Challenge; MAY be omitted in
-- any subsequent Challenge in POPODecKeyChallContent (if
-- omitted, then the owf used in the immediately preceding
-- Challenge is to be used).
witness OCTET STRING,
-- the result of applying the one-way function (owf) to a
-- randomly-generated randomly generated INTEGER, A. (Note that a different
-- INTEGER MUST be used for each Challenge.)
challenge OCTET STRING,
-- MUST be used for cmp2000(2) popdecc messages and MUST be
-- the encryption of Rand (using a mechanism depending on the
-- private key type).
-- MUST be an empty OCTET STRING for cmp2021(3) popdecc messages.
-- Note: Using challenge omitting the optional encryptedRand is
-- bit-compatible to the syntax without adding this optional
-- field.
encryptedRand [0] EnvelopedData OPTIONAL
-- MUST be omitted for cmp2000(2) popdecc messages.
-- MUST be used for cmp2021(3) popdecc messages and MUST contain
-- the encrypted value of Rand using CMS EnvelopedData using the
-- key management technique depending on the private key type as
-- defined in Section 5.2.2.
}
-- Rand was added in [RFC9480]
Rand ::= SEQUENCE {
-- Rand is encrypted involving the public key to form the content of
-- challenge or encryptedRand in POPODecKeyChallContent
int INTEGER,
-- the randomly generated INTEGER A (above)
sender GeneralName
-- the sender's name (as included in PKIHeader)
}
POPODecKeyRespContent ::= SEQUENCE OF INTEGER
-- One INTEGER per encryption or key agreement key certification
-- request (in the same order as these requests appear in
-- CertReqMessages). The retrieved INTEGER A (above) is returned to
-- the sender of the corresponding Challenge.
CertRepMessage ::= SEQUENCE {
caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
OPTIONAL,
response SEQUENCE OF CertResponse }
CertResponse ::= SEQUENCE {
certReqId INTEGER,
-- to match this response with the corresponding request (a value
-- of -1 is to be used if certReqId is not specified in the
-- corresponding request, which can only be a p10cr)
status PKIStatusInfo,
certifiedKeyPair CertifiedKeyPair OPTIONAL,
rspInfo OCTET STRING OPTIONAL
-- analogous to the id-regInfo-utf8Pairs string defined
-- for regInfo in CertReqMsg [RFC4211]
}
CertifiedKeyPair ::= SEQUENCE {
certOrEncCert CertOrEncCert,
privateKey [0] EncryptedKey OPTIONAL,
-- See [RFC4211] for comments on encoding.
-- Changed from EncryptedValue to EncryptedKey as a CHOICE of
-- EncryptedValue and EnvelopedData due to the changes made in
-- [RFC9480].
-- Using the choice EncryptedValue is bit-compatible to the
-- syntax without this change.
publicationInfo [1] PKIPublicationInfo OPTIONAL }
CertOrEncCert ::= CHOICE {
certificate [0] CMPCertificate,
encryptedCert [1] EncryptedKey
-- Changed from Encrypted Value to EncryptedKey as a CHOICE of
-- EncryptedValue and EnvelopedData due to the changes made in
-- [RFC9480].
-- Using the choice EncryptedValue is bit-compatible to the
-- syntax without this change.
}
KeyRecRepContent ::= SEQUENCE {
status PKIStatusInfo,
newSigCert [0] CMPCertificate OPTIONAL,
caCerts [1] SEQUENCE SIZE (1..MAX) OF
CMPCertificate OPTIONAL,
keyPairHist [2] SEQUENCE SIZE (1..MAX) OF
CertifiedKeyPair OPTIONAL }
RevReqContent ::= SEQUENCE OF RevDetails
RevDetails ::= SEQUENCE {
certDetails CertTemplate,
-- allows requester to specify as much as they can about
-- the cert. for which revocation is requested
-- (e.g., for cases in which serialNumber is not available)
crlEntryDetails Extensions{{...}} OPTIONAL
-- requested crlEntryExtensions
}
RevRepContent ::= SEQUENCE {
status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo,
-- in same order as was sent in RevReqContent
revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL,
-- IDs for which revocation was requested
-- (same order as status)
crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL
-- the resulting CRLs (there may be more than one)
}
CAKeyUpdAnnContent ::= SEQUENCE {
oldWithNew CMPCertificate, -- old pub signed with new priv
newWithOld CMPCertificate, -- new pub signed with old priv
newWithNew CMPCertificate -- new pub signed with new priv
}
-- CAKeyUpdContent was added in [RFCXXXX] [RFC9810]
CAKeyUpdContent ::= CHOICE {
cAKeyUpdAnnV2 CAKeyUpdAnnContent, -- deprecated
cAKeyUpdAnnV3 [0] RootCaKeyUpdateContent
}
-- With cmp2021 cmp2021, the use of CAKeyUpdAnnContent is deprecated , deprecated, use
-- RootCaKeyUpdateContent instead.
CertAnnContent ::= CMPCertificate
RevAnnContent ::= SEQUENCE {
status PKIStatus,
certId CertId,
willBeRevokedAt GeneralizedTime,
badSinceDate GeneralizedTime,
crlDetails Extensions{{...}} OPTIONAL
-- extra CRL details (e.g., crl number, reason, location, etc.)
}
CRLAnnContent ::= SEQUENCE OF CertificateList
PKIConfirmContent ::= NULL
NestedMessageContent ::= PKIMessages
-- CertReqTemplateContent, AttributeTypeAndValue,
-- ExpandedRegControlSet, id-regCtrl-altCertTemplate,
-- AltCertTemplate, regCtrl-algId, id-regCtrl-algId, AlgIdCtrl,
-- regCtrl-rsaKeyLen, id-regCtrl-rsaKeyLen, and RsaKeyLenCtrl
-- were added in [RFC9480]
CertReqTemplateContent ::= SEQUENCE {
certTemplate CertTemplate,
-- prefilled certTemplate structure elements
-- The SubjectPublicKeyInfo field in the certTemplate MUST NOT
-- be used.
keySpec Controls OPTIONAL
-- MAY be used to specify supported algorithms
-- Controls ::= SEQUENCE SIZE (1..MAX) OF AttributeTypeAndValue
-- as specified in CRMF [RFC4211]
}
AttributeTypeAndValue ::= SingleAttribute{{ ... }}
ExpandedRegControlSet ATTRIBUTE ::= { RegControlSet |
regCtrl-altCertTemplate | regCtrl-algId | regCtrl-rsaKeyLen, ... }
regCtrl-altCertTemplate ATTRIBUTE ::=
{ TYPE AltCertTemplate IDENTIFIED BY id-regCtrl-altCertTemplate }
id-regCtrl-altCertTemplate OBJECT IDENTIFIER ::= { id-regCtrl 7 }
AltCertTemplate ::= AttributeTypeAndValue
-- specifies a template for a certificate other than an X.509v3
-- public key certificate
regCtrl-algId ATTRIBUTE ::=
{ TYPE AlgIdCtrl IDENTIFIED BY id-regCtrl-algId }
id-regCtrl-algId OBJECT IDENTIFIER ::= { id-regCtrl 11 }
AlgIdCtrl ::= AlgorithmIdentifier{ALGORITHM, {...}}
-- SHALL be used to specify supported algorithms other than RSA
regCtrl-rsaKeyLen ATTRIBUTE ::=
{ TYPE RsaKeyLenCtrl IDENTIFIED BY id-regCtrl-rsaKeyLen }
id-regCtrl-rsaKeyLen OBJECT IDENTIFIER ::= { id-regCtrl 12 }
RsaKeyLenCtrl ::= INTEGER (1..MAX)
-- SHALL be used to specify supported RSA key lengths
-- RootCaKeyUpdateContent, CRLSource, and CRLStatus were added in
-- [RFC9480]
RootCaKeyUpdateContent ::= SEQUENCE {
newWithNew CMPCertificate,
-- new root CA certificate
newWithOld [0] CMPCertificate OPTIONAL,
-- X.509 certificate containing the new public root CA key
-- signed with the old private root CA key
oldWithNew [1] CMPCertificate OPTIONAL
-- X.509 certificate containing the old public root CA key
-- signed with the new private root CA key
}
CRLSource ::= CHOICE {
dpn [0] DistributionPointName,
issuer [1] GeneralNames }
CRLStatus ::= SEQUENCE {
source CRLSource,
thisUpdate Time OPTIONAL }
-- KemCiphertextInfo and KemOtherInfo were added in [RFCXXXX] [RFC9810]
KemCiphertextInfo ::= SEQUENCE {
kem AlgorithmIdentifier{KEM-ALGORITHM, {...}},
-- AlgId of the Key Encapsulation Mechanism algorithm
ct OCTET STRING
-- Ciphertext output from the Encapsulate function
}
KemOtherInfo ::= SEQUENCE {
staticString PKIFreeText,
-- MUST be "CMP-KEM"
transactionID OCTET STRING,
-- MUST contain the values from the message previously received
-- containing the ciphertext (ct) in KemCiphertextInfo
kemContext [0] OCTET STRING OPTIONAL
-- MAY contain additional algorithm specific algorithm-specific context information
}
INFO-TYPE-AND-VALUE ::= TYPE-IDENTIFIER
InfoTypeAndValue ::= SEQUENCE {
infoType INFO-TYPE-AND-VALUE.
&id({SupportedInfoSet}),
infoValue INFO-TYPE-AND-VALUE.
&Type({SupportedInfoSet}{@infoType}) }
SupportedInfoSet INFO-TYPE-AND-VALUE ::= { ... }
-- Example InfoTypeAndValue contents include, but are not limited
-- to, the following (uncomment in this ASN.1 module and use as
-- appropriate for a given environment):
--
-- id-it-caProtEncCert OBJECT IDENTIFIER ::= {id-it 1}
-- CAProtEncCertValue ::= CMPCertificate
-- id-it-signKeyPairTypes OBJECT IDENTIFIER ::= {id-it 2}
-- SignKeyPairTypesValue ::= SEQUENCE SIZE (1..MAX) OF
-- AlgorithmIdentifier{{...}}
-- id-it-encKeyPairTypes OBJECT IDENTIFIER ::= {id-it 3}
-- EncKeyPairTypesValue ::= SEQUENCE SIZE (1..MAX) OF
-- AlgorithmIdentifier{{...}}
-- id-it-preferredSymmAlg OBJECT IDENTIFIER ::= {id-it 4}
-- PreferredSymmAlgValue ::= AlgorithmIdentifier{{...}}
-- id-it-caKeyUpdateInfo OBJECT IDENTIFIER ::= {id-it 5}
-- CAKeyUpdateInfoValue ::= CAKeyUpdAnnContent
-- - id-it-caKeyUpdateInfo was deprecated with cmp2021
-- id-it-currentCRL OBJECT IDENTIFIER ::= {id-it 6}
-- CurrentCRLValue ::= CertificateList
-- id-it-unsupportedOIDs OBJECT IDENTIFIER ::= {id-it 7}
-- UnsupportedOIDsValue ::= SEQUENCE SIZE (1..MAX) OF
-- OBJECT IDENTIFIER
-- id-it-keyPairParamReq OBJECT IDENTIFIER ::= {id-it 10}
-- KeyPairParamReqValue ::= OBJECT IDENTIFIER
-- id-it-keyPairParamRep OBJECT IDENTIFIER ::= {id-it 11}
-- KeyPairParamRepValue ::= AlgorithmIdentifier{{...}}
-- id-it-revPassphrase OBJECT IDENTIFIER ::= {id-it 12}
-- RevPassphraseValue ::= EncryptedKey
-- - Changed from Encrypted Value to EncryptedKey as a CHOICE
-- - of EncryptedValue and EnvelopedData due to the changes
-- - made in [RFC9480]
-- - Using the choice EncryptedValue is bit-compatible to
-- - the syntax without this change
-- id-it-implicitConfirm OBJECT IDENTIFIER ::= {id-it 13}
-- ImplicitConfirmValue ::= NULL
-- id-it-confirmWaitTime OBJECT IDENTIFIER ::= {id-it 14}
-- ConfirmWaitTimeValue ::= GeneralizedTime
-- id-it-origPKIMessage OBJECT IDENTIFIER ::= {id-it 15}
-- OrigPKIMessageValue ::= PKIMessages
-- id-it-suppLangTags OBJECT IDENTIFIER ::= {id-it 16}
-- SuppLangTagsValue ::= SEQUENCE OF UTF8String
-- id-it-caCerts OBJECT IDENTIFIER ::= {id-it 17}
-- CaCertsValue ::= SEQUENCE SIZE (1..MAX) OF
-- CMPCertificate
-- - id-it-caCerts added in [RFC9480]
-- id-it-rootCaKeyUpdate OBJECT IDENTIFIER ::= {id-it 18}
-- RootCaKeyUpdateValue ::= RootCaKeyUpdateContent
-- - id-it-rootCaKeyUpdate added in [RFC9480]
-- id-it-certReqTemplate OBJECT IDENTIFIER ::= {id-it 19}
-- CertReqTemplateValue ::= CertReqTemplateContent
-- - id-it-certReqTemplate added in [RFC9480]
-- id-it-rootCaCert OBJECT IDENTIFIER ::= {id-it 20}
-- RootCaCertValue ::= CMPCertificate
-- - id-it-rootCaCert added in [RFC9480]
-- id-it-certProfile OBJECT IDENTIFIER ::= {id-it 21}
-- CertProfileValue ::= SEQUENCE SIZE (1..MAX) OF
-- UTF8String
-- - id-it-certProfile added in [RFC9480]
-- id-it-crlStatusList OBJECT IDENTIFIER ::= {id-it 22}
-- CRLStatusListValue ::= SEQUENCE SIZE (1..MAX) OF
-- CRLStatus
-- - id-it-crlStatusList added in [RFC9480]
-- id-it-crls OBJECT IDENTIFIER ::= {id-it 23}
-- CRLsValue ::= SEQUENCE SIZE (1..MAX) OF
-- CertificateList
-- - id-it-crls added in [RFC9480]
-- id-it-KemCiphertextInfo OBJECT IDENTIFIER ::= {id-it TBD1} 24}
-- KemCiphertextInfoValue ::= KemCiphertextInfo
-- - id-it-KemCiphertextInfo was added in [RFCXXXX] [RFC9810]
--
-- where
--
-- id-pkix OBJECT IDENTIFIER ::= {
-- iso(1) identified-organization(3)
-- dod(6) internet(1) security(5) mechanisms(5) pkix(7)}
-- and
-- id-it OBJECT IDENTIFIER ::= {id-pkix 4}
--
--
-- This construct MAY also be used to define new PKIX Certificate
-- Management Protocol request and response messages or
-- general-purpose (e.g., announcement) messages for future needs
-- or for specific environments.
GenMsgContent ::= SEQUENCE OF InfoTypeAndValue
-- May be sent by EE, RA, or CA (depending on message content).
-- The OPTIONAL infoValue parameter of InfoTypeAndValue will
-- typically be omitted for some of the examples given above.
-- The receiver is free to ignore any contained OIDs that it
-- does not recognize. If sent from EE to CA, the empty set
-- indicates that the CA may send
-- any/all information that it wishes.
GenRepContent ::= SEQUENCE OF InfoTypeAndValue
-- The receiver MAY ignore any contained OIDs that it does not
-- recognize.
ErrorMsgContent ::= SEQUENCE {
pKIStatusInfo PKIStatusInfo,
errorCode INTEGER OPTIONAL,
-- implementation-specific error codes
errorDetails PKIFreeText OPTIONAL
-- implementation-specific error details
}
CertConfirmContent ::= SEQUENCE OF CertStatus
CertStatus ::= SEQUENCE {
certHash OCTET STRING,
-- the hash of the certificate, using the same hash algorithm
-- as is used to create and verify the certificate signature
certReqId INTEGER,
-- to match this confirmation with the corresponding req/rep
statusInfo PKIStatusInfo OPTIONAL,
hashAlg [0] AlgorithmIdentifier{DIGEST-ALGORITHM, {...}} OPTIONAL
-- the hash algorithm to use for calculating certHash
-- SHOULD NOT be used in all cases where the AlgorithmIdentifier
-- of the certificate signature specifies a hash algorithm
}
PollReqContent ::= SEQUENCE OF SEQUENCE {
certReqId INTEGER }
PollRepContent ::= SEQUENCE OF SEQUENCE {
certReqId INTEGER,
checkAfter INTEGER, -- time in seconds
reason PKIFreeText OPTIONAL }
--
-- Extended key usage extension for PKI entities used in CMP
-- operations, added due to the changes made in [RFC9480]
-- The EKUs for the CA and RA are reused from CMC, as defined in
-- [RFC6402]
--
-- id-kp-cmcCA OBJECT IDENTIFIER ::= { id-kp 27 }
-- id-kp-cmcRA OBJECT IDENTIFIER ::= { id-kp 28 }
id-kp-cmKGA OBJECT IDENTIFIER ::= { id-kp 32 }
END
]]></sourcecode>
</section>
<section anchor="sect-g">
<name>History anchor="Acknowledgements" numbered="false">
<name>Acknowledgements</name>
<t>The authors of Changes</name>
<t>Note: This appendix will be deleted in this document wish to thank <contact
fullname="Carlisle Adams"/>, <contact fullname="Stephen Farrell"/>,
<contact fullname="Tomi Kause"/>, and <contact fullname="Tero
Mononen"/>, the final version original authors of the document.</t>
<t>From version 17 -> 18:</t>
<ul spacing="normal">
<li>
<t>Deleted last paragraph <xref target="RFC4210"/>, for their
work.</t>
<t>We also thank all reviewers of Appendix D.3 this document for their valuable
feedback.</t>
<t>Adding KEM support to resolve the DISCUSS from Paul Wouters</t>
</li>
</ul>
<t>From version 16 -> 17:</t>
<ul spacing="normal">
<li>
<t>Addressing DISCUSS from Paul Wouters this document was partly funded by extending text the German
Federal Ministry of Sections 3.1.1.2, 4.4, 5.2.5, 6, and D.3.</t>
</li>
<li>
<t>Updated IPSEC -> IPsec</t>
</li>
</ul>
<t>From version 15 -> 16:</t>
<ul spacing="normal">
<li>
<t>Addressed IESG review comments from Erik Kline, Gunter Van de Velde, Orie Steele, Zaheduzzaman Sarker, Éric Vyncke, Education and Paul Wouters, except Research in the DISCUSS issue Paul raised</t>
</li>
</ul>
<t>From version 14 -> 15:</t>
<ul spacing="normal">
<li>
<t>Addressed SECDIR, OPSDIR, and TSVART project Quoryptan
through grant number 16KIS2033.</t>
</section>
</back>
<!-- [rfced] Please review comments</t>
</li>
</ul>
<t>From version 13 -> 14:</t>
<ul spacing="normal">
<li>
<t>Implemented some editorial changes throughout the document, specifically in Sections 5.1.1, 5.1.1.3, 5.1.3.4, 5.2.2, 5.2.8.3, 5.3.18, 5.3.19.2, 5.2.22, 7, C.1, each artwork element and C.4</t>
</li>
<li>
<t>Aligned formatting of message flow diagrams</t>
</li>
<li>
<t>Updated the page header to 'CMP'</t>
</li>
<li>
<t>Removed one instruction to RFC Editors</t>
</li>
<li>
<t>Fixed let us know if any should
be marked as sourcecode (or another element) instead.
We updated some nits in Section 5.2.2</t>
</li>
<li>
<t>Fixed one reference artwork to RFC 9629 in sourcecode throughout the ASN.1 Module</t>
</li>
</ul>
<t>From version 12 -> 13:</t>
<ul spacing="normal">
<li>
<t>Updated document. Please confirm
that these are correct.
In addition, please consider whether the definition "type" attribute of "NULL-DN" in Section 5.1.1 and Appendix D.1 and added a specification any sourcecode
element should be set and/or has been set correctly.
The current list of how the RA/CA shall generate the rid content to Section 5.2.8.3.3 to clarify direct POP (see thread "CMS RecipientInfo for EnvelopedData in CMC")</t>
</li>
<li>
<t>Added one minor clarification in Section 5.2.2</t>
</li>
<li>
<t>Updated reference from draft-ietf-lamps-cms-kemri to RFC 9629</t>
</li>
</ul>
<t>From version 11 -> 12:</t>
<ul spacing="normal">
<li>
<t>Adding a paragraph to Section 5.2.8.3.2 to clarify Indirect POP (see thread "Using cms-kemri this CMP Indirect POP")</t>
</li>
<li>
<t>Updated Appendix F addressing comments from Russ (see thread "WG Last Call preferred values for draft-ietf-lamps-rfc4210bis and draft-ietf-lamps-rfc6712bis")</t>
</li>
<li>
<t>Extended the Acknowledgments section.</t>
</li>
</ul>
<t>From version 10 -> 11:</t>
<ul spacing="normal">
<li>
<t>Updated Section 4.2.2 addressing the comment from Tomas Gustavsson and as presented during IETF 119 (see thread "draft-ietf-lamps-rfc4210bis-v10 Section 4.2.2 - removing normative language")</t>
</li>
</ul>
<t>From version 09 -> 10:</t>
<ul spacing="normal">
<li>
<t>Implemented some minor editorial changes modernizing "type" is available at
<https://www.rfc-editor.org/rpc/wiki/doku.php?id=sourcecode-types>.
If the text in Section 3, 4, and 5.2.8 as proposed during IETF 119, without changing normative language.</t>
</li>
<li>
<t>Added current list does not contain an applicable type, feel free to Section 4.2.2 two ToDos
suggest additions for further discussion, based on the comment from Tomas Gustavsson as presented during IETF 119.</t>
</li>
<li>
<t>Addressed erratum 7888</t>
</li>
</ul>
<t>From version 08 -> 09:</t>
<ul spacing="normal">
<li>
<t>Changed reference from ITU-T X.509 consideration. Note that it is also acceptable
to RFC 5280 (see thread " CMP vs RFC5280").</t>
</li>
<li>
<t>Deprecated CAKeyUpdAnnContent in favor leave the "type" attribute not set.
-->
<!-- [rfced] Please review whether any of RootCaKeyUpdateContent the notes in CMP V3 as proposed by Tomas.</t>
</li>
<li>
<t>Updated Section 4.4 incorporating RootCaKeyUpdateContent as alternative to using a repository for providing root CA key updates.</t>
</li>
<li>
<t>Deleting an obsolete sentence this document
should be in Section 8.8.</t>
</li>
<li>
<t>Added IANA considerations addressing IANA early review.</t>
</li>
</ul>
<t>From version 07 -> 08:</t>
<ul spacing="normal">
<li>
<t>Aligned with released RFC 9480 - RFC 9483</t>
</li>
<li>
<t>Updated Section 1.3</t>
</li>
<li>
<t>Added text on usage of transactionID with KEM-bases message protection to Section 5.1.1</t>
</li>
<li>
<t>Reverted a change to Section 5.1.3.1 from -02 and reinserting the deleted text and adding some text explaining when a key expansion <aside> element. It is required.</t>
</li>
<li>
<t>Consolidated the definition and transferal of KemCiphertextInfo. Added a new Section 5.1.1.5 introducing KemCiphertextInfo in the generalInfo filed and moving text on how to request a KEM ciphertext using genm/genp from Section 5.1.3.4 to Section 5.3.19.18</t>
</li>
<li>
<t>Some editorial changes to Section 5.1.3.4 and Appendix E after discussion with David resolving #30 and discussing at IETF 117. Also introducing optional field kemContext to KemBasedMac and KemOtherInfo defined as CMP-specific alternative to ukm in cms-kemri.</t>
</li>
<li>
<t>Added ToDo "a container for reviewing the reduced
content of KemOtherInfo to Section 5.1.3.4</t>
</li>
<li>
<t>Added a cross-reference to Section 5.1.1.3 regarding use of OrigPKIMessage to Section 5.1.3.5</t>
</li>
<li>
<t>Added POP for KEM keys that is semantically less important or tangential to Section 5.2.8. Restructured the section
content that surrounds it" (https://authors.ietf.org/en/rfcxml-vocabulary#aside).
-->
<!--[rfced] Acronyms
a) Both the expansion and fixed some references which broke from RFC2510 to RFC4210. Introduced a section on the usage of raVerified.</t>
</li>
<li>
<t>Fixed acronym for the issue in Section 5.3.19.15, resulting from a change made in draft-ietf-lamps-cmp-updates-14, that no plain public-key can be following terms are used in
throughout the request message in CMPCertificate.</t>
</li>
<li>
<t>Updated Appendix B regarding KEM-based message protection and usage of CMS EnvelopedData</t>
</li>
</ul>
<t>From version 06 -> 07:</t>
<ul spacing="normal">
<li>
<t>Updated section 5.1.1.4 addressing a question from Liao Lijun on how document. Would you like to interpret less profile names than certReqMsgs</t>
</li>
<li>
<t>Updated section 5.1.3.4 specifying establishing a shares secret key for one arbitrary side of the CMP communication only</t>
</li>
<li>
<t>Removed update to using the note expansion upon
first usage and the security consideration regarding combiner function for HPKE</t>
</li>
<li>
<t>Added security considerations 8.1 and 8.8</t>
</li>
<li>
<t>Updates IANA Considerations in section 9 to add new OID acronym for the updates ASN.1 module and for id-it-KemCiphertextInfo</t>
</li>
<li>
<t>Added new appendix E showing different variants of using KEM keys for PKI message protection</t>
</li>
<li>
<t>Updates ASN.1 module in appendix F</t>
</li>
</ul>
<t>From version 05 -> 06:</t>
<ul spacing="normal">
<li>
<t>Updated section 5.1.3.4 exchanging HPKE with plain KEM+KDF as also used in draft-ietf-lamps-cms-kemri</t>
</li>
</ul>
<t>From version 04 -> 05:</t>
<ul spacing="normal">
<li>
<t>Updated sections 5.1.3.4, 5.2.2, and 8.9 addressing comments from Russ (see thread "I-D Action: draft-ietf-lamps-rfc4210bis-04.txt")</t>
</li>
</ul>
<t>From version 03 -> 04:</t>
<ul spacing="normal">
<li>
<t>Added Section 4.3.4 regarding POP for KEM keys</t>
</li>
<li>
<t>Added Section 5.1.3.4 on message protection using KEM keys and HPKE</t>
</li>
<li>
<t>Aligned Section 5.2.2 on guidance which CMS key management technique to use with encrypted values (see thread "CMS: selection of key management technique to use for EnvelopedData") also adding support for KEM keys</t>
</li>
<li>
<t>Added Section 8.9 and extended Section 3.1.2 regarding use rest of the document?
Certification Authority (CA)
Certificate Management Protocol (CMP)
Certificate Transparency logs</t>
</li>
<li>
<t>Deleted former Appendix C as announced in the -03</t>
</li>
<li>
<t>Fixed some nits resulting from XML -> MD conversion</t>
</li>
</ul>
<t>From (CT)
Diffie-Hellman (DH)
Distinguished Name (DN)
End Entity (EE)
extended key usage (EKU)
Key Encapsulation Mechansim (KEM)
Key Generation Authority (KGA)
Local Registration Authority (LRA)
Message Authentication Code (MAC)
one-way function (OWF)
Public Key Infrastructure (PKI)
Proof-of-Possession (POP)
Personal Security Environment (PSE)
protocol version 02 -> 03:</t>
<ul spacing="normal">
<li>
<t>Updated Section 4.4.1 clarifying the definition of "new with new" certificate
validity period (see thread "RFC4210bis number (pvno)
Registration Authority (RA)
Trusted Execution Environment (TEE)
b) FYI - notAfter time of newWithNew certificate")</t>
</li>
<li>
<t>Added ToDo to Section 4.3 and 5.2.8 on required alignment regarding POP We have added expansions for
KEM keys.</t>
</li>
<li>
<t>Updated Sections 5.2.1, 5.2.8, and 5.2.8.1 incorporating text of former Appendix
C (see thread "draft-ietf-lamps-rfc4210bis - ToDo on review the following abbreviations
per Section 3.6 of Appendix C")</t>
</li>
<li>
<t>Added a ToDo to Appendix B to indicate additional RFC 7322 ("RFC Style Guide"). Please review need to try pushing each
expansion in the content document carefully to Sections 4 and Section 5</t>
</li>
</ul>
<t>From version 01 -> 02:</t>
<ul spacing="normal">
<li>
<t>Added Section 3.1.1.4 introducing the ensure correctness.
Initial Device Identifier (IDevID)
Internet Key Generation Authority</t>
</li>
<li>
<t>Added Section 5.1.1.3 containing description Exchange Protocol (IKE)
Internet of origPKIMessage content moved
here from Section 5.1.3.4</t>
</li>
<li>
<t>Added ToDos on defining POP and message protection using KEM keys</t>
</li>
<li>
<t>Added a ToDo to Section 4.4.3</t>
</li>
<li>
<t>Added a ToDo to Appendix C to do a more detailed review</t>
</li>
<li>
<t>Removed concrete algorithms and referred to CMP Algorithms instead</t>
</li>
<li>
<t>Added references to Appendix D and E as well as the Things (IoT)
Lightweight CMP Profile
for further information</t>
</li>
<li>
<t>Broaden the scope from human users also to devices and services</t>
</li>
<li>
<t>Addressed idnits feedback, specifically changing from historic LDAP V2 to
LDAP V3 (RFC4511)</t>
</li>
<li>
<t>Did some further editorial alignment to Directory Access Protocol (LDAP)
Organizational Unit (OU)
-->
<!--[rfced] Terminology
a) May we update the XML</t>
</li>
</ul>
<t>From version 00 -> 01:</t>
<ul spacing="normal">
<li>
<t>Performed all updates specified in CMP Updates Section 2 and Appendix A.2.</t>
</li>
<li>
<t>Did some editorial alignment following terms to the XML</t>
</li>
</ul>
<t>Version 00:</t>
<t>This version consists of form on the text of RFC4210 with right for consistency?
certification authority > Certification Authority
registration authority > Registration Authority
boot-strapping > bootstrapping
key encapsulation mechanism > Key Encapsulation Mechanism
off-line > offline
on-line > online
b) We note that the following changes:</t>
<ul spacing="normal">
<li>
<t>Introduced terms are used inconsistently throughout the authors of this document
document. Please review and thanked let us know if/how these terms may be made consistent.
Protocol Encryption Key vs. protocl encryption key
X.509v1 vs. X.509 v1
X.509v3 vs. X.509 v3
X.509v3 certificate vs. X.509v3 Certificate
cross-cert* vs. cross cert*
-->
<!-- [rfced] Please review the authors "Inclusive Language" portion of RFC4210
for their work.</t>
</li>
<li>
<t>Added a paragraph to the introduction explaining the background online
Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language>
and let us know if any changes are needed. Updates of this document.</t>
</li>
<li>
<t>Added the change history to nature typically
result in more precise language, which is helpful for readers.
Note that our script did not flag any words in particular, but this appendix.</t>
</li>
</ul>
</section>
</back>
<!-- ##markdown-source:
H4sIAAAAAAAAA8y9a1vj2JUw+l2/QkN/KJyxDQbqAp3kfd1AdTFVVBGgupP0
9OlHtgUo2JIjyVCk0+c5f+N8m98yP+X8krOue68tyRTVmcw7zKQLbGlf1l57
3S+DwSC6O4h3o2xZHsR1uarqne3t/e2daFZM82SRHsSzMrmqB1laXw3myWJZ
Dcqr6d7OaHuSVYPRq2ia1AdxVc+iYlIV87ROq4P4GX4f7++92n4WrZazhD98
vj/aeRZNi7xK82qFn8B86bOoWk0WWVVlRV4/LGHCk+PL19E8ya8P4jSPltlB
FMd1MXXP01+zdFnf4Ez4d/WwKNOryjxRFWUtH10l8wo+q7N6joPndVrmaR3/
cfh8ez8+W03m2TR+mz7AN1dlUsEA03pVpjEAJo4P07LOrjLYYxqfJnlynS7S
vI7PygKWUMzjzcPTs16UTCZlClCEP6KkTBOARzqN7mH978anZxfx90V5m+XX
8bdlsVpGt+nDfVHODqIBvTBYMwl8cfb2JLrO6pvV5CDeYNjfX29NF8uBAHUD
wAT/wAFs3NT1sjrY2tLHhvziMCvsC1uPHObwpl7MNyJ87iDe2d55HiWr+qYo
caGMCW/SfFZmt/E3ZTG9vUlWFUCoKGGbFxkuGf9UUPhPAKJpCiv8HsFeDu6K
fCBfDi5qAHiVxiN4bFrMYIZnr7Z3d3fxAKdZ/XAQn67ybHpDX6/yuoRPvk3L
RZI/wEfpIsnmB/ENL2o40UX974qHH06LBTy2KjN4SKBzf38/tF/rzo6Su2wW
/z2G1cUfbtJsMfmfsLUZrmoIww4LWtOv2dlpdpvGH1Z5BThX3+iujnO66mZX
/hPd1Wj06mV8lpS38dk8mabwTZlewyWFMd/7XT1/vvty3+wqy/M0WRbzrLJb
+5hndTqLL2pEwri4iseLtASM93tdwDqHha7zf6e8nHU7tV/rTv+tuMnhiiUP
/3M3+RdY4vAalvgl+4uy/KoAzKizuxRJ4fnrQ6Ss/tcd/+su/noyOBqGN/zF
y9EO3HB5bvRq76X8uvN8tO1+ffVcfkWC4H/V4fd2t3f11+ejkfyKRF1+fbHz
4pX++tJ9+nJn/4X/dV9+fbW3p5++ev5Sn331Ys89sL+vy9kfufXuj17sBFtM
8myRDCZldZsNkrRj97cPE7iaU09iCQrvTy4uhxdnw1fb2z/tb49L2s3J8fEx
fLIzHI3PBzvbo1dAFz6cDEfbw9Foe38Lv764PBriN8NXezuAEnvIIr47hoe3
Xw22Ry9oS8CekvIakUtPNL+bDfMMjvO6uNu6W83zrVlaA0JsBe/yq8yl3sNp
F3kyj7+Dp9MymWRzwDwgU3UySYCsDOL2q0qt8fcB3wA3zElewcgrYDCAlhfT
LM2naZzks/gynd7kxby4fog3ESg9ep15wDMe//lgRGQLsB6Y2Fn1h6p7l4i3
K2Dt2achTL4FfP4qLXGiLf4UeCLgef0w2tmqcVY4jfmgSonxV1vLMoWnalrw
FtB0mCotLUie8fzxn4pVGZ9VtHpYSnwEIscU38KtfZ/N0gqGSmZAlJNb5OtV
nOXx+7QGunILD99l07R6tg5gzy5kkc+eAQIjn5+m6Qympftc36Txzqiq448X
x+9P/hj7LcYwvb6K0siyqLLV4pkMzfTpfTLLEuShfmtCqD4exhdJHh9l6XUR
vPLn5DYr46NVuSJKEryTAzkoK5wPVnYKrCS7TvLg7WN4Jf4eyEhZ3H/hq/82
jMfz9FP8JpnPiCs98X0VHkY7g+1X8MkfQcbCC7PfjTI3cIjzdAiYOczyems0
gsu2vbMF/9neGu0BvwwQ4ETpIAC79ng7iD8sUwD/Q1Wni4oFPDiZXLBiEF/C
sR1lJfxdIJlmkW8AYhjhUFLXZTbBq2GIRAyi4CJFlFmPKyxJ6g27TOcpUOsF
cnX6rEI4wfybJ5cfeyFw9gej7cFojz6s4GDTCkn8gcAYnj+Iz2kwEG14uyys
bo62t/B1HO7k4gMA9vne7sCAV0XcbjgNPIryBfzrCvgUfHwJIiTDAnbyUGVV
vEhhu7MqhoHiEr4pFvEkq+PrFIkRgLGK70G8hIsFywDCeBiP9l/ub9MY7pPn
e4QCT4DdhxLwJ/sbrxinBBYKOy9n+tkmDNoBw3UAvPgAZAEFXTdQ7EEFD41P
LnZH64nYpMqGk1U+G87SrYsbEOhnR8W02joq7vN5kczgt+Otby5Otv7M+PK3
LC1X+fUW7QloD9OwNN+CaX7aHf30epVPeaMA+Z+mc5QLq59gmz8xZH/KVwvg
UT954P6UDpezqwD3x/GyLICqALTgzYM4GDSWQe1x8aDmxPoxXVqA5s5wey1S
v07hvuORXMFFSGlAi04OgTYBAD15McuBDH8/jN9m8zmQCqUVTEm+L+ZXcLrX
zW9ptsuB3tpvj0/ibxeTN40hL4C2IIkowzFJ3m59+Ss34JjdaDTYBrR6hcD5
dgWAe6hW3ViSLkugV8MsmZbE60Bb2tl6uR2QK+AdxdUA/h9OTbgcrebt8aml
NFW8qpCtweHAJ8lknuqZwQutU/IU+jJbuEU2vjq7AWlhGb8pZtdp1fju2xTW
G78DHGl80dIT7JdHxeoaUAyuUwqSSNIcE0RmYFWwg9X0JmleyviwfFjWTILS
M4RbPC7h5O7S4ELv7MCfr1d/ySrgeV7w2t5+uVVtb4/2ng/wfPZHo70B6lRv
iitQifK/hU/uv3w12B3sAnF4uf18e3uw89MIhz2+vDgZ7H57djbc3R3usmwb
Hqrc/N3r5ZIO9Kpebl0sU7j1qBQPcCNboL3BPPB3cDGdZFGAiG/x6/3RRe/r
eAyHB2KN8IT4tbKVeHP8urf2FuJaQ+gAv9hZQ+7w4fjyAt6izcWjF8MXQ6SN
H0GgO/l2eLGaVGkNQtzL9SQP8G2YroDC4D9bFV3KratsnlaI27sA+62qqHZ/
gvuWftp+tfvT4KfKDfvTHQC/RbGOzy9PL7aOLw8v4g/5YJ7lKVlZjBXl9evX
JxdrYcCrD4n+8w4oxH5//fi70XAb9h7lDYVpZ98pN/Crah67L3ZU3QA9x2k0
O065eu71rOcvnMLy/MVzVVie7z93Ks/etlNj9ndVU9rf3nNqzN4rnWJfJj69
+/Dd/suAeb+BqzkpilvSH5fLeQYaJd8g0BuXNw8d4CJiOR7Gp0AN/uZuPN/N
1scs5j6zr54N4zsQPz8Ak5jeFHXwfvd3HYNcDOPvEtAygPMFA7Q/ty/zyY72
91+sQe7D80MkpUA/ga1/8z7eHrza298dvHoOSPkyigYgvSQTkHCTaR1F0eUN
yC6zYroi/AJVYAqiHZBYFNyfbPjbPHsLnOFJlr9h7D9YwBrhKVBMYIxZegUI
P0OCH9F8d7uBeDkFFYUIAkpMCzf8EC2CyOnvUI8BwMKSkylLkxMgNGmaR1NA
CVhIJYwTB4AFgy4CSgdIHXUVV0CGY6DWCUiR1xkCh6YaE9IQbTof9/DFKDG2
x8Yjh+PesAnQZDbD0ZdLYBHEy/zKEV0DrgYSOKi4pLElBOXjfJosq9WcZzoF
ARRkvmoRbwJD7MVLPg4VykFjjI7zu3ReLEH6Aq0XkaxGtQ7mgZHwQqSz75L5
Kh3GjUXOqwKens5XMz55tUDHFRB0WB8cCxNqWsgOzQc3DWTt7BPclx2cAu4o
ma8JBGmsIyCJx13Fk2R6e49yJYIddiT6OQrFdIRO1Irvb0BDhD8jFAMyYO/D
+KOMVheNZxFzsgUdP4CNNlnEyTWN3Y/TTzWuEb7BTS2L+Rx/Xygg+3g8+Eme
3osI4ZAyRsM6SIAk4/NTPFo6Q3M0gJswF2YDvANudfXAwIIRcIVwLWGRQnVE
Jq+GweJ346yKADhlMVtNGfFjXJgMixdwfPF+OAK8BQh+6gNcMsRS2LEiVHEV
HnmfEOoQdGyG601S3Yzn1/347AP8X5ndIVbRN8l1maan40PaYHReFPVhAl8y
nGGAGvECTm16uwIB1N3UFn47DwadP/kwEGJAekEdAgDQZGutaxE+mwkChkMR
Knkke83GBDu1YhgeraLmvmIi2tiGTOwW2Qwk3ij6CukZAZse/fmrCl4ajH6J
oh/wjeNZVqOasJynaC6apbiWgyg6AuEEDv/k+OJb0AHniDs1HQ6epeKlW9Q9
EpEl4iOcKMwCdxrGJbUS3ovYueGoVaKmw4nZGFDI7wRFBtvb7X1XN8l8Hk1S
QbwpYBygSwD+O/f+CO91UQK2KKwcjrm7DUgYbGb9PQeIjmNYDFoFiHzJULC8
5C4BMRdlcRjt558Jtte//NJavpAHvhhVe3f3WXXD6J/kt/FhUs6zCgYdz5IF
3EaQppcgHMavk7JM5/N+dFkssvhtAsSvL8a5sohPixzpep+2C9fvOkOV2Uwp
UO/TnYOHsjIiCZPQMb/LgN3Ap0AfcrjzuJqrVUnofFfMV3A3UtQN4eO/FFlO
kwzwAJHtwLsPUYK0fCDzwYZ/DFEsis4Yx5ZpiWoWjXAFxKm4R0xDKZEsj3AG
8HL0G1zuH+EnHgx+T8+C5ppdI6/M2cgFm8Ph75C2y5YQpKjO49z/FSw+Ihb/
NOfeOhYfGRb/NNZOdihY4CLaMM9vxAR1u6kyvYIzwSNJxPID0oNdbFK52Qk/
RWj95ReA8FdfxYeCyKfJLI0nD+42RT8fwDX73QaTiuFoA6gFvYxfAnbPsiua
+KosFjwqugfgC8ELf6ro5KwO6DhxUyh/GFFAmQ5QBlQh0BlKAMnwmgIvoxtx
j5bOhK/jFN3DOEOZ/nWVlbAtfZXIL+L9UkxF8gVA86JYoEQpZllEvbScP+A6
Zgld6avARIJGLaJjwo10RBhCx9Tt6PrRvJup4cDxWeRDQitmjN4JEC6gYg80
wJj4b4s74/yePfYBcZdlilIXs/O4mM/0JVgRm99iQ5tBiMsrYpNzkCbmbq3h
d0vF1KyqViKKso2VMCWBo1gmSDxhDodudNLIw375BYnMiu/SpQ5a2fMrUwKi
2SnIK3DJ4FAb0KINBJtGyMPZwq/E5WI1UcEJLls3LP2kIKZ10xZZEnZbx9mF
7Iv4KjInrBhwAwAFSgOMvMhQLHZzwMRpDmNPCVlZgGahCyZLPy3ngMiEPzWS
Sxi1QvEtUZgiEYM7puzF3jHk8o07toN3zLIjAjY+CNcKZ8bvQKhBoftm4b8e
wdcsEsxic0X7Kiwp2jRuHohOpRifA2EXH32XXd+ABoH/pbiDM7liOuUuDv/Y
TR/PZkilAeoqO8ZGdkQyeJeUWQH4Y2RGETzT4fWwT65VVUci1WLxciIkpoEm
4r4j1gTHQipg7ZitWob5+sNglgTfFOi1ICEF+ViFyhC+miGtIZjisvDdBvxQ
BKn5Hh/rHvFFZjNLnXGxmtcZiFaEU3I5YJXTgqTkGctIgDHAyOMp8Maqj0hH
IJgkNYi9S/QrVWT3w+G8PPqb+GOV8qX3Oj/wsFMhSRckPSNnuugJ4X/xHC4u
byjUmGTTS2InSFRBgUeTqNek0DQW6FK4C9AzgUk5qTzUQmKWrmClcfwajc2A
HYhtKD6BJoRSZo4HRQcKX8Bxp/n0gYUXWWMwIRLTCaq1cePKz+dxMZ2uSnKv
VcQ9iZp4vc5Cn7RPoDRIhmEosaASI8nuECUAUxENeXL3htdX+zhay14rbhCW
xsLpQKkrporJSxBiljclHjWoowXZ6okbMUtFtEpYDDPaTtyp4DJLC6HUb6la
lqyiYoMCWEAlYZhMdPWKSS8iYzAjHeL7Ag0w4ymI1axaFo7ejJAgOPF5OAIQ
FWi93efTxPGE+TbO1JtS9HQdu0txf7Dgq+SuKP3rFg7u7aFdCTzLQpGdDiU7
P1miCN6CHx1fMAusguwX2bUYR2DfTeDgbfyAs6IY5gQQ0UJjIK1zgj0KZhjy
saoscaZrLxTIIhqyvTSdVXzTlGkSmYFHb8hqg/JwwltSzsBfzwoYMy9qR8iQ
iDoeSEuzr/CZk3wKd3PlmAYu5w086y5VpUYTEoZYRFB3xWo5RQ56DYdf1YO/
ggJdrxZ+FiZanjV0Gh6Y86O3EVjPuHHvkhguHn3ODK9Pm7LkXF+tU6Aw+ASo
QYE8fO7uInA5eHDz8PxdT1XqNjUXzFUZDRa3HG1PS29vAE4Ff8FWFnzzgXwi
slgyfUQaNY/nRU4PfBVgvf44He4IzyeC7MgwTK+X7CUuy4gABrYaPMFUdebY
vLyKksNvaZpXwxd4b/2fL8M/9/FPXIX/aMSaQ5fqQPhxJJJiQ7bZRdlmnQHF
6hU8m5N7hvFJHRLylhKPU69R3A/ZQBfIUZXTA2cG4CME+BDhJ/wY6PFaowvJ
jmLHtGtfKxDpwchku0NQqIZ79AZTZr1tSKS+dR49b2IN8dIMg2gCklLCBFmQ
1aI7i+YJcsaHeF5ci+DgxEUaaa+1mDV2MSQ5c/HG36VMNdhqC5SgqDKWhUEC
mJJuRrdcb6y9ycMWTJ4TTECutMbghiiFBg0Qwk69ykWLYlUNTaeqjboRd3Fj
9mYYezT6VpHT0x9dDJ3Ym8Bn16GmjL0zfIWX48rf9YaAZ/fFtypcVd+Ol+rf
REVpNDEPXzQ4nh15h5CWKYyyTIA0n9o4z4010/HQ7oOlQU68vWzmNGykpbrB
SXqT3GUFkuzpPCmdAC5WAL12QJMPm1fDLBvv2eWNuD0yPVtAK0TbSyHbZE7M
7IIAO4Otj+RE6D7a1aAahlbfC+CMgERvxUsgnzpb8OfGf7UWcToPxQlvj8mG
bKLCG4lSNlnWVfZoCJ8NtocSMho/U7WRr1/o02n/KCT2z8M/X3XQ/pHQfjQ2
Ap9nPz1RXIqZzWQuMTDv/MIWT1T8MIi9ijdOP15cbvT53/j9B/r9/PgPH0/O
j4/w94s343fv3C+RPHHx5sPHd0f+N//m4YfT0+P3R/wyfBoHH0Ubp+M/bfAu
Nj6cXZ58eD9+12FDQ8sHi1iZhuUAJMlwZjjFN4dn//kfoz2Ax7+gtWs0Au4o
f7wavUQCen+DpldGNuAf/Cfg50OEtqukVF1lmiyzGqSoPtLT6qa4z4l64Sn+
gJD58SD+7WS6HO39Xj7ADQcfKsyCDwlm7U9aLzMQOz7qmMZBM/i8AelwveM/
BX8r3M2Hv/1f5OEfjF79r9+3HLFlOs8wIpp5aW0QbZ0Zk8xwIHCiZQbuaIIn
GuAjnu8ctUuQFeDW3gNH/j3QyYN1Dk36+vTs4HNGX37u4uBR/ZseOn938JgQ
ys+cvm4+xORXx3tNcQr47PExhqejmlLLcoGZHTzmOaVnvh0frJUw8IF35/DA
u4Ks6p3OYHzodHx44JbUiFg5LGYpPgNM+uARizo+8eFMop5AbYrPHKXE73AV
6+e/xM1fYsA7HOfxJyB39AwQ5KwschI9kUKhscYc2QdQiO8ykEaENu0KbSKb
DoyFl98tcOYVLjZK1MyN1S6BJowI1aq7bLaCeww3veBRkhlgK74Cd71mbwA8
w74N9GDK1xxkF9Ggq3xSrEisY42UlTYiIGQlERc5mQOKq/oekVlN3/1osvJO
bBQ2jZA89TpltZrUoF8sYOrklmT1JI+CxaCW5Iafpczc0IkJ5KpMAZ9IipiU
Bcj6ZYQLQ1tpRbb1bJEB/50/oM0OhsumpDyGe2UATsmIiwbXyBm7K55kip4s
8j3R/kUfFbMlUEZzlmqc5YutpBBfcfYSiSGyMRGRxER8LpjDBEcM2W6VfkrQ
WgXUOlq0V4F2gRvCn1VFBIZnWRstEWG0BDvX4yA8g0Ekrm5imsskK0nhrqpi
ikahGWqzbiP1fQFUTA6ZDM7xtISbFCQwkMiRJjBmgX48dvo0LscpXNt5oLDt
ssPnmxTeTkXVeiDFPoGhp0BevNjL8ZKVmr2m6QxgCbztHr7KSiBuTLfpLMlm
mlG0yl0xv2Ni3rCrilCHW7fHt4lsG7iBC65vvKYenMrdDnTHfU/z5vE1ZdPB
r2jkcE/CkCCXoPUXVRYMoi5QKDbCnIQ4cKwl3f0Ipk9Rz5etEES/AglcpdlK
bcXH8kQTsgzbyyeCQ5RfAZ/M+xBvZsN02I8cUEntAjq0cFYbZSNktAHkmPW8
vGxRM/KmdR40toM63KqaAyN4x5E10xsjPV8KokwkVq3bHpsSAH4Xq8lf0qmg
keNtndDz8EN8iDcqfnUDd0p3kFRBMiNd8dl2QynqhFIfjxk9y0CAMSrN+URk
GryB8ut4Xr+HJ8S8h0qMhQ9iH6Lefepc+zMAFdyiFfxJJ1cXRMXy2ZYlv0xH
HoJJN9kjkIAKD0sLVm6dqaC+z9Nen+eczx0NDQAV4/1Y4gsbw+gkVzNc3zzp
EW0j3jw+hhHhhG/YTZJHDuJ9BJv3GQTX6a7IyKx/tSINyDFQAlaEkAUAoXGn
MnIbvAjUP2W0CzAebwmdK+4r0kvhWOXNCsCA2+Uwh2TJjBOvYz92TNJ+jAew
qFJAy0qhS/Hfb4+3Ts4A2XrIEmecAqQPABGpaQakTTNMlsnwMAo0nMw1yq6n
ptKrBJNI4Mmr+SoVdpxGnnu5Ta53zMGGvmYKLjwoMlvwGEOTAUUuSNC9TeeE
57d5ge43WAUpI5hAavGGHHOVE5CdOx2PmJ3BHqYoyrw9iZrer0zcxgTc4Kj0
zsAM/jQfKBYC2X+dLVDQ6b5e8drrFawfTdVNdsd3DleEkUigUpMFuBOvI7og
yrYttQg2gqIdbhExbQ0IMDYIhgpeE2iyOp7yrUUWQ47Jgn3OmUk1GAwiktRQ
ZlqsFn3hgKgaIpSEuToLAe+JviGyczjmKCtUpCh5CTFAZOSJWDJ5331hAgna
5J5VNpZyEyCaRFeUcUY5C8ppzTP3DF3Y1/xKAZ/6sCsMbHPhUOm8Sul5vBEn
iL4LTdqrQI34E1GnAEAYXgXQjciqhshMuEirF8DoTQy5IewDIRXIPUCmzV0Z
OMeHgXpP4mwoFAn2KtMz6UScju6SknKhyL5FIe7ETuAupuUApJyMAjrE76n6
X13cYmI1jR3ZQ8bxGeFJG6A999056ewUOSEUFSZDAEbing12/KgOFG+CntTj
i4l0IEdzxhnK3uiXcokHwRtnF8ccxlusrm9Qz/KiXYnGv4dCxIdqWizTdgDb
prvigA6orqM5kAha7llOP04BXikKdj3kZ8R86FgwE49s+zItYQGsgnxOqvsj
NA4CPosbh5NYYqUIlUn7gFapt5GJvRVRbpJGeN+d2LFOSG8LHTsqdKyJPaAo
aCDjDzHFOj8QxQDauyJJYpKSjRy4xQYArZyRIA3MlRCrdbTsOwUAo8oKiPSH
VUbZuLUYlCK474ykfvx5we4pOiAiDDZRrolAKFhltSpMRMKukywnySEUGg7H
G+tkKUu/I5Keys/IQhnx+zxFOpiwq6ApEzmmBmC8ScrZPVvnkGFawehw3LnW
QLah47KfMdAIjk6unhQYFJzHG8XVFWmNG14D5Lh3/C5vftX3Es3h2JJmlkc8
FWSQRV3De59qP74p7jF0CK8E4D4aEBD9M6WacHMjuF90MxmIdLXLdJ7eJeKY
QSdlNn1gORZv8vdN+Igrhg5U3cKee8Qd3CMiW4HBzq/10b6QbtwseXvUh8XB
mIQBMl9kGIgwRgm7AnkKLeUT5Ekw3XITpSeCCS04Y2PIIoUtRrhmAMeDGjXU
r2QQKsPFsExVF0taQw6yYQbEBmjLQz+qzAhydIC+ZGaToDWlxgoIYREOdBFe
bQljhpOQF2Ce6Q3Leo7aE34UHAgO+1RPWRRei5OcITHNSiCjyE5QUGRrURyK
+XjLI2K8HATLgi0K3SSahyMAkvAbLCTF8kok8bN4rPEyRYSznwA9AGqMPo4x
Oc5XOX8LyPTeyeU8nZL9iiROILYufdt6cdlGq2gYMRoqjBETYZINC8INm7zh
oC43JXK8BmXuLF+5jEiP2ljyYKbm42RS3FlPUzRJ2dBk7pAUE1A51GYe8H6n
SY5YOFHf8yxKkyqjEM4xKVUUDoNnhPNnaLtO3YUiLuBwVaKurSKf5ZHiH+zy
A9N4MtmZYZlwySrC4bAIjIp2iA+1RGnQxdFgA8fv1thV2+yOHPaAnBqhJoLx
wMv9GJA4BjKAZWjgKydIVDEqz7rVKP3EcV1CEh7LMtKAU8cVozXsWeU2Z8hx
FzqIGjTmCLgK06TE2P2VcAES7WgiCojCkDz8F0GIgoKwh4gNQOhPu0mnWJip
z/Id8S2qBQAz9d23XbEonOyRhKZyFq1RxKco/b6JESNfOkUG9SMW/inqnaWn
hNJhE+RizkZYGaGqlaeCIgQz//MxsYk8VpeM50QH5KxS9lzUkVyKvqOSZIVc
LZxtXHmbhypPAdKLOxZQ9dYquaER1wktVh4aqDwUhfKQlVWM9NAX5cRJF31n
jNXdi/xK0gTJgSSzxhvnVm7oBcQOwHVO2wdaD6Q3ZIZsYNQUCQaQvDafR+dj
3hy536d17NWlQFV0+hg+f5PcpYErOOLhyCxEMMd7VbFre4ipzfdIyL1V1oo7
kVovld2G81Y0Y0YokQXqmViTnY0xSMKRuBvEE5f4dT5uiMXOhsFGWCDchiAZ
+w7D1kPGSXfWGk5oGTlrMHJRfntRsOKBOVQ5DYYXnRJa6HWvQ+LXIIjAePNK
TEaT1NxXYhlTkpo6OXK/YRUgl4Wr4JF6uYlzzFBAB3EuV31ZkUiuVdOxQKIe
cijQD0KDKpsGA9g2lV/aM/M0PFHiAtH6tXmxx9nqQLaHdd3QAFY6Uaax1mfY
Zht7yDbGa9+IN99+C4Qeca47nNrVM4CjAfSPiLwhN8fYE7h+ResGjpm4wbgu
kpc/8R6UOkIVuLK2DCUFetXwBj1COnH0dbRzGKg2Ra2HHHGgOgUa02J8qQaW
WdMZWZufQmAjJbCwEEth4ydQ2DDZGLnqekrb1DxPOPAZs1jrpLqtnLWJk5rm
6TUHCxUqgzrfWV+MA/wM7plDWYOIfM3sBAmL0vpcyD2Qga68gU2j1u9hwIrS
6gM+g1nBV5phbuAdMkurVWH8xWo+c+EypINmC28nJsMQ5ScM8IEYg0NyjTPC
hwvK+Jj7yBtJM2Bz8Ndk7iF6guKFfxuAc10Us7417/LvFUjs9xotz9fZC/nO
xSs5E7r8OcWX4AUuliDJX6EGCcDPyBTj1PZZ5LIWGGwnV4qAeppVE1fRmI94
13c3AY6L3eNzNGGhlugoy/lYqEbTx3jOeh8JiC264WwrXiq4zpB8EvVcpGnd
CKwszWgU2RVYZmEFo2Er0Qx1DPRHUN4hA0TLD+0/398bvNo6ufw4uOQkugir
/nE5IDSOjCgOVQMFNDubaef1irzfEiBKGqcjPaL7YZTy1VUqvAse4MPUx3iC
Sx9tTJHexLsTTaRYKz7JomCK23RZ82mpsdQSecq7RAv0kjgafmeFdnifeRVW
AMNL1FgCO/RYeeI9U6wnrAMAsRAYPb7IBE+P4C7bdG5WivMnf8rDQMHeMKr6
IHI27q3PhRpGYlZBs4GGQADMCaMwNhEw+ZzV25CJUkYTGr6nGXFlXCXRJ0rJ
j80SQDtDcs/hgHjp0MCqp4k2jCdAQziFd+62yBXliiD7E6HIrHaKwkrJNoAH
vp64H/r9cAzixdvUpLZQBGLyIMnmmCjjbfOsNKpeulyVmAOiLmzMLvQbuE/p
5nO4cZNKAHfkFBxEcVfHIHacGF1UGA3g1G2Wrf2e+kxjyPbwFPhprIdn6gq7
MMHrCeDLFR8UfjDCkQ8BaHgukK37AIFA8SU186YACCK65MoKxAxBPqkE0OlJ
tyXYn0/ep+09EkpWUUJD1aO9KLkMNA/KaRQ5FujCAiOCVFN1iGC00Ubyk79e
Qg1nBUXaqM3qPjH2NSAgQD/QxIfsKqOaqUldJ9PbylZ1UILad662BeYUkLUu
LZ8CrYnTjzivjtILU2LGMOWGy3rd8Fm2SEg0IxRN6KzxUyJuks378ZsH0GEw
rxM3LDG7Jt/7zeXlWa/vIuH+sEpX+C6W9lukQMh8Umy8efqHy8se5qocAgLB
WsiVMTaeXJNGXoxxWAoiFYsxOZ4GZNdiULw2Wf2IzldNFcHnlZd0qkbwH1Ie
F6ojIf3zNnK844EqC3gcJiVxoITeFlWGuNjJPb6CwdWCUunsa36KCVBNRCEo
nkgOAzIaV+o6SWaU9YzZIXQv6T3jsEYsslloRIKXqjewGZxtq8xoKfq4T7G3
TNXcBdi0Ni3kCxXRIYm5PhzDRVL8miZLRjDEKEqUZkmEXU82b6lq5vmTP5zR
vaYEVPbbNMJ0CKhkg1fiIjJ6UntoxptYJig2QWkKXJAEy1qMHQDObIbHSubc
mX8d1XGU/Igyw7jiMsD3QfauA90cx3WcCilshfZszDlEoN5nVeqNYGkzOihe
AVDnQkvYwEnh7hSwGlPyGkbopvcYaY3mMZJMJPEgT+/nDwNC4nQWN5z+DMGz
D2dkOZBE0tkQT5tEbMzWCvhBc2nw9iaZu9h0jFoHKsg4ZOA45IB3igNJiFWH
lyCM8Wtn2ohMMnohufLNNSheIam9xZO/QokCrw57DgUewr2Oj2XvtPMpCv2Y
Hih2aQcFog+gCZfJNL1aARWrgN9gUNBMjNcDoo+EWEi38yIf+GhOxHgSJEV8
FTGZaoFsAjqQKkZirr8WwqcQM3ODWJlTLIT7m1nQ2DkQe4c6KL0YK7VBpFpG
QpEVYVTJjMvn0clSHAOFouWWuWGkArBh8mK7TH9BLXLYmbAHk6/l9++2qXIT
qq8N1ZzKMD6EF92XZoSBGMFIScSSDW7OYUwhbkGQSeh5EyzH1wSEdCBfuhr2
3gQrUQAYj+Wmi/1h4yLQJhZ1WCMIlmIAB4e6QR5afHWDE2iarmwk9oEc7/hM
z2s93pzB5h224/Wd5tyUwJgAGsGrz/QZhE+044E8682IbLYVh4ETGsz1m6Xi
AFNTStvQp05UspuY0hAsCVPpCFg4AEtC5NI4KO6LgGKzYC58V9gw5u2i6NG2
6OHadFbgc0Se9FU5AsFTf/AiKJq089ZKGOTfq03SzOg4V+h0DAqzqQJlUOCO
M867lk+ULZmxjz9dsOBD9MHkRblFlsxHiaFb1Lzjqm0icbILlJk/mmiqG44/
0FoSIHtWfQk8oXoJkkTCBRwCwYOFI9o0xrBbuxLm+l1R8B/WXdd4YyL57KnW
bC5b1UcMcH8coGIqcbSHAb3vSCDp2TzhLqvJBxcK2LKZ7KrNxJOvWZbANVtQ
SlElrJcTQaqbbBl4Q1wQiO6BVZTPxFj7yES5UHOq/4C2eSbMsgAXW7DhbtxG
R0hg4iBYpXXUrrDhDJdicGK9kQJdOKKdF8mLADKHwjJB8v+GnzhJqjusj/Ov
g8HgX6k+JJ7+0Iky8oNfux9+Lv4LvPb3mP7320HXD37lE3DgD32MXjykl/3P
tf2ja74NEwexQUOkjSEaP3+P/6/mR1htmgsC/T0uP/e2fK0+B/yofuydhN6Z
0O/WQbHlAfWE6Rpx5/jN1hNfdRwQSCFKMA9fNLF7m7l65yGtezeQaf3r5/g9
4uvGx4vj84uNxuvf6euBW5fIDb3+Dv7XgVf/OvjX4F//S/DjN0/0Yvx+/O3x
6fH7S154AzXgAwsseOzk8uT4gr+0B2s/8Hts/3zX/Bje6ERaxHvdB/49azy/
pOeDG4azjumR3/r39PnCnslQx5J/+Om/2+crtx5/5816pnrI+nz2OErEzecf
vTIGUt8116/ACX9alCEzl7mbDsEPD3k45gXKh7+nNx/sfDefna9NheIQ4A3K
qTDx+Gb0rvD9w/N33W8rMD2RfuxH4N8M+84KLRT/uZ+UhrhqD5E+cQBLzRw1
ePKLT372uyc/q/j8xMeB7o0HO18+OnJUFEG+WoHqtrzNfBwQlaL+3TOb8PQs
TkoqdD4A/e46/93GPL2qyTGMPP8mu77hwnR9EQjI4WiyHlCeYmuJ8el0lkwW
wYCyuyhlW6QhkgJA1EU3fFUnhHgLinMhP6H7jAVbVon6ztWJkYhctzH2aRES
eB6YYpWBIn5jiMAnrdbUkNJF1zm2UV9W+z1oFKzihBgprCExlHGz7LExq9iw
QxDkxFfMZYgqr6HDGGSzW1fIDAFmL9VB/J0I1uZwfDYoSe5qaIRNAxgbpnes
BUeYBiMrqALxYRpOpxWGRJXBOB5BVNJEm7Go4lFAC7aLz+Fgd/KCHZLCdD7u
yxhLimwUJZVc7tWKYdxMK2nkT8r7oXaoQWgpHQXBRCPiZeliZeLoFR6iWlEK
yNVq3uN9khQsa0mb2heH94lZA3+8m96hQl9wAVRJdXbZIYzn1w6hgSVYp6nj
LbJt+YouQ3n30m6ONHQKo3Dpcqgs9zXZzxW+k5c36FZt9NXYbw3uGIAUmoNE
tO/YujMgNINomqYHEwfFQziLlcYtuznhejsTubllEuwgFQllFLak/C0ti0Fd
oMtDtUEKg/0Gbiti93JJVXRA7wVwXnCOC/vk9KeZe/zN+QVmH5PREPuZYRmz
Ul/9Mxb3vcTpzAiUXI5qNE61efHnyzN9/flLtjkW8rRmOZGqPM9mbCe3J75M
6hvKd+ZYNgyc6nfhnk2ONKXJWpA0TlG9fc41KgShIZQfxMcUq+A+tuNreUvn
bZdBRdEGVMWGfDI3E3QdR5wp/GGb4Qe7IBO8X2Fb9D/AcKOAPADNz0rGvgdv
oCCEl7Aqso1doan2hh0GErKfqSbuU3BuEiUUEmns12KtgGYttGFrserbJznK
SMlXNyS/9qkH3vFgsvOZDeKPskIDoLYgpmzpIP5AIXfesoTQTTQOWLfZFMPY
Mp3k7LchV/brDt80klklqRIv0G+EiLAdwwgLaCOON1ozbnA0WhszrMvGZSce
uihSfYrTXjgkSsJRp5zELinNXG8ALj+2FvLGaAUBG4wFeGSN9UnYQZ1SLY8o
jiLLl+z6nlUaHuqvwPr0GxnChNFy0CRCTA2TTZhKXgFSlINHTjLjQHDy78Qb
FL05EMt91yFc2X3IoFRuVwFc+SQnt2rFV1NsAuuS8TTV17LhcBllsn4ZMrBz
cA1VgInj35PfLB4dMNtvZhZQusLaAUkONn5YlV81bakBC6nkrXz3vUmJbqTG
+MqQRODdBPj+thKi6fjQDu+b2KFhVP3wmDyfk73Q3XC36Z0Dcqa2Iv1tam17
730YkIzjEiAtY/51BdDAYIR+LCm4ylnzWQryXFGoZ6N6yIv8YUGWXdzYZ5Eo
cTZZhTueUnM3u7gbQ4w6imYwikuCjWuSA/A2mUZ9ECjQi2syorQiB75OeLvu
cnSU5VCaivXyB9qSQcrlX2WfhFdg2XtfMV6zYBg8z148G/7YcRGVXUihFhaO
qenRvIPsSWFNyS1CUU5k5FauddTQGNItVPOBlLCFzigNB1SAvaF3oE9pnVrR
cOA2EntJ3bK6RSDJ+FexQRKt/poyclgUrkFXdG58/Fm6oocBF+iz74mDyKhE
4MqpjAGf50BezROj5zdsrSr0CkhKCQvGFLku2qwysY5uM75UG2awjna1ip75
jKp3wtLs6IW5aiqabr47Gp8Fkaa9jkKY0quXBU8p6f8K5FCVtShVwnkkAHnO
vHHfZ4N5z8EfdXPUqIniaG0FdisLOvuQHty4FUNhvxfUO0+fhmkWz1yBDdTN
0JUUKJTIZDfmoBRtkASLtaYMmrWM0LROV/CXIgZLLepzS/Ig0CuQi/WYXRUP
fBDVOOPpokWx28nVnVaRp4cn7GV5bCgED6+WGoLTNzFsXDoIH4HvOQZZiaEr
I6RysmrIGCsjgfWc2KtCsWzUCxqVnT3YottcRbqjKsQqH8DOrosa41Ow/jUG
5PBiEdg0EAicmCiTUf2SxLpZ8UfrfavwwZfO1nyi8DM9GIcgPort6SjSbeGI
YrFxELJiiLkk76AeLR8HRKlt+T/AIAUNgMeSj5SPD8ILqHGk/ON54Dk47iVU
2rnkRQZvJ5rpVLJxDHuwO/6e816c6OFElvBBOUP0jhdC9uGBPmsj/PfZyXvM
NpsOe49WBYji8LJzslYhdJFtUBo6t4ks5Dxdyt894qdoSUry2HWJmSTYahZp
CJ6zcUQGmalS9ytMLiM5Ce1hVJQxIb3ehRRoiyyW5wIH52sJP/EfkryDvnNM
T9foPCWywFCAn2fpnUZaULgAI5NW3ciqRhcKV6VbMqMiCY1u7aRp7SDTksmP
x5ITpKutKMBmYaJPzflyCYSY18kGU8x8cYU+bh4q1O4jSXGU/AGA8buE6vwr
Z3LHKMZbF7TtrLSN3hME3ij0H2tMpT8tLj+e36UP8l6VupuP5tFIHf1B1K0Q
Hj2QAxMv2VdAHnBQZ4RRm8Db1vblojoRf7i8lPi/YnzmQst3MBYMIfz5ShgU
JKDWJsfaNb0VM4fHvj6NKwhrAEFFP4OYQz0MBSh25XDAxpqZ8BweVKMn4GSV
ESmr02sKFTUBIu2kVI7GMcZkm0YGFD/31WqlcZZbgcNjjQNFN3+GylhQAQV7
VGN5GXdFwpwZIspsNKVyIBQBN8QkRzJQYMUKV23PJWGolTS5S6sZAHXJ+Q6r
OkN7FGOfadFl2l0X0TVXtbLJDrHrN08R4WjuQx0GBCXuOGZGIHiVVCOPeX8V
NbKJmm0nGkkV8Clo1vAYuUOc7OR4X4WR0toQZfIgtsfLdxdi59vbIwnwyH2y
P9p7KTIhFbHiT1/u7MNzLODtbu9yEV+qkjnGON+lj2s/1wKOpozv3i9UM9CE
O5wEttogMmXPF2dj4zxafY0h2/s/AKETiqAlWaShGviIv6AfQLefA981GXHO
28Ht+JplKqj3A+ZICbCdPU6T6r0BmM2VuHnZcZC9vhX4ShpQ0IwmYRZEjjEU
c6FFOcVzpcWnhCKvzQJtptc2ahBSTHfhmBHqrJii4hKGKT/Nx/XNVk4dKkmq
4g4H2TRLjVOCSl04RulSJpEGS1ybD6+qgiU9mLw+ygoBMOol1jQSakOucWuf
dw5FAfRMK0hT4SpgrcPQbpJSEHi0ITNhVWhkSVTBblquMIv5AJfGBkODmUSm
nPxFfqioEe9mS4igBnGTzDA5eokBzsitiCZOTRFZwNh+BIwNE7ZuWEXF8OLs
Tguvt0vmu2hXxHbYMBVRbXkhxAmBroTAk4B1bAzXS/JskQwmZXWbDZJUPA1/
vjyz7gOOn+faCEHuICATB/ZJHF9q87e5ejkyFV4hpXB4lW/LdA+ogtQPxBCG
hCBGliqL/dy5R6FIJfjFa+DKpazKJ5XtvoEVZ/jTSPu1iA5/XVADL485/i1d
jHRvgrVg53jU9yLfoIy0Bt/ShQs1lRgun+VUAyqmpo33XiZ3/eV0fCqq55gW
ReVKpr3tFUNjsoWNKGSO9Wowf51uwz066O6dsAernSRzsnlpIODVPP2k3Wip
dQmHz0dhvC2cjHiF3NF4KhQC1DW+cfuYzUruXRWtSZmyDTSV05k+KA536c+Z
aasZHjpluAH7QATydQsDwxEWUbtP8SxcIHmjzVnc0eYMR75aYacokJWKRdtz
FpRqpepNAO88hWs5kF8JNCfFZWQ2js4ILtvMaY8+21TL6TT70HNQarQoJrjC
nDvJV1Jpp9W9XUJYzwGymH1fKNOcFShSkZSIb1K5CS+hOnm+jfGuX6hrVMYF
pqQwzb0zJjH6txCli7GFFF6nkoK6hyBwoWUBm5zNmtyVpQwqTsCsWad5OoPW
OrInXSGvKtY6orN0zRjDLMiaSvzZFTyNnRm1BglQK3OSHS8kQZkFSTyvL/Tm
mVDErnlaZIv1IdEZAL5QE6rGYh87EVfOmevahZmjzuATsR0jT+cYeg3qJAfv
Yh4gyFbLmyLXChis/3G1ce9Hj4mDRaEfvcXCOlhUT0q8OVVgXmjSPhHQRgnZ
h9BMdqip6oFsq0aJD1SWp1HgvgOHXOq6auwOd/Q0OvJPXUoXVUJLGuV8uVqg
nzglUxkoV8KfTPI7J8iTkBzZN5ir8BakCppbV0fJQS1Sh6i2eTjeOh9LIZQ2
pe1LnmdYzYh6AItNAbd7XwTOZNBvuS1k9bDA5MhseuB6wcp8LhqnsTKxVALE
SyBNXFtu08ctN9aBsVa+bRZVnZJXVNB2PctF/XSj9mC0OyA3rbp0tHwBvV7s
9rRe5hCpPiKPu+h/Xsuw5IXatiQGJh+lmZK1C4fCv8sTpFgo9pLjkFquL7a1
ZBrLVPYKCz05Su9OjuIfTo6Pj//zP15tAyaPz3/c/Ar/Hsqfg53t0asep/um
kpUUBNO5RiqYmFmSQwBWgla6FRuFOo0jdGdX1a/VA4RLREH+p6be8DURYx9f
x2cGlwa/79QzH56FJVI6r56YGUcHWPFJqhmhq2tlOo0ajBBG8KxzPlyIiVTy
s3NCPtXq1FZ7mNLiehywTE4JuQmKkJnqkZG7fVLhEBPcnSoxCPO2fCRBDsfJ
rnFOOOsOn6Jy105jDerr6UVs3wcF2A4ZvZ9wrp7XuGwP1Nsjl4P2OAVrH5xe
5qh1mb0fBlsys+QcYyhV3XMs4Z1Jfw+rGXUwAS2W10UuN8JCCRtc3xeFB7a/
Ot4fOd6fZrUmksmxUYcypgm+OCmFpzmfFPdaoNEqlkS9iX3YiiFw9jpXggK5
ENXNIddEo7qDZO+7YhNfM85zFrNbAlqXUaKMqEmr76vqRQayIWhefDprizGu
NMfhONLWcptsKk1rDFlBVUhEZVxor7lSMRVtaV62q7cebwIeUAWftuE2OLKe
o1De2F/flKnKGagvZV4idkIHRYA0Dvsgam4vcWUuAgnk0DbEhoEuXKBo/Dkp
lkpuvfYxOo2o3HUhpbqiyPQgxrT/klREDazmUgWTBzVTNIRObIGNDb2pWQ3t
wIS4sk1j6bwLplW6JhVugkYjyWIda+81g6CGjaRJ0P0bncR5Bleoh7kvRm93
ki3Heuk8/F8d7B2FVrqVREF6WivsmgwZKO9oFcAASQ5M01bHSFi/+bxJMb5g
hah15r4UtepIUmCECuxcsV81KQEQ3ijxBfpXHB+zl6liu6AI108fQbHnChsb
tbpiRkR0p+oGGjuvMxUx0A4+BEsdz4ZHRNItVWvUUMalSqVVw3AQW8NBafV6
UwHcUz0GeBve3ZpiQ8kVeyITFBqIYoI0iZlyU7nCNdlXsBSOK3tC1JFFZKug
MTEXPYZBTZ6xw/HX+GheNLWODrlcozbpjRYzemSKRrW1HW7P2dOZOy+emW8Y
Asx1CwIkCIFkyjQ5L608HbnsC3zcVMSgyNIW8xAh3VKBSP1RtSS9lqlWtm+/
fNEp+keGmqBbje31rpZVqEW1lDC/E7HvildCojxiDqlTtxqXQXG4+U1SATUa
B2LNWhzd+bU4+iTsMxXA8bn/Gnyz/YzWI1vyCK6hg5LKBLqKdkBPlLQ2utOh
GLd5Mn7bU/okclbi1VIh9RGVwHEfWnVM9NGna2SMaWid4WAeTRsJNCmNa2At
a40KFRkVymQ4P3bLOG5i2pCM/cknVSQJUwcYt2ISlJ78cz7eouyk37mfp733
O/ujWQ328tkCy7i37lPVN/3hdqr/tErUu46PUdF/G6AlfHBoJKbOePaI8i1E
l2dvJKECTNnKpeMUzO5xYpef+YU/UuXBL+cLfzRv51cPwOV4XMGj1gCcobqu
M8dvNXGZKicFw8jA9pI/BlJ60GG6+fZXw/TRmf/L4IKrTqa3IPOKl6Tnv+2A
C2Vc+uKmwLeCTAFT1qibPF5h7QqmAXxFKaaEiw3Rp1RkSYlXQM+oEJGzEkjc
K0mwkS/9RBXanOuGIwqwgIV2P/Y9PePNsw9nPRLXhJBiJlTIwEiDPuvonMzv
KpNaWzZYrIgRwwgDBxqFgmk/vgETh1k4sh6FFUgoQporkNqiPUi3naPXV3zh
WCGQTKn2WaNsNCyf3GBCiGhkMZNh+YsJlQytqLoO/IPVyTiR8V9sTRLq1SyC
veoZYnzKfCFajk1HtQzF9g5YcjDy0HQ+7Yx/9NI2l1/FAoGZl1ajdjQHGzrv
Us27hKNggU7wKKz4IgkuCAEcjlt99ppHEreOxNhD8HufJZw0O/mZamlBIyBq
ls1Bts46jeW0xPVAZaTk3HkTGblWuQ4z1XXEZCk0tqcYiTLlYlwaf2Z4lxqz
krmIt9gga1U5fSXypWTYptXDwwnrb4deIpcV5OrgoOMlaPgSu0ApyXvxrVG5
TFa1hQXfiQ6Y9UcSTSAr1Q4Z3viB9inyLXMYC5YMo5j2woeCm652Gble400X
qjcH2JdFDqeGIXiN2Ez0DWlIOpe6F9uqtSxgbwUWZjJGhrCSjbcB5rOogUUA
lI9UiM4s1ixBZ/QllCKdY1ML7aPBAV3TuYZl99kufw2IIT0ZYAlvj0992l2P
u15I5iFGnE8ykIrrYqV1sXWWKdWmlwZRvv63s6IJ0beV8bcoXvvSR55J6pQO
KR0cOl8MG8uran6CwXZ5Wktr3AGS50Z6KkIZ482pZj5iC9E6ij1AtIFPr1Zz
oCxSlq9ZoMlfN7Jn+wpNq2VYo4mIsbnZzU6m7mZLyLpzvWgsFfnIJfPYpwxu
Os/H+cWYvUTkq0F8Nq0CNYoGo+11QGcrpmpbuGuT/2a7MZDhXgMMOAtD5+/H
2sXdlTFyaehEZkydZiKkkaGYkkRlG380SSX5YNx9wYpm1P5WbFRhpIR5kJRY
ibqlsBLXrcCY+NAiM89SV0+K3VjEXojc57azBvzqTerUjKmmBig+6d74pEW1
56GcuOEU5U0cVNKV09m/wHbCZswBB7qXzBy5O6jTmSRIF58UUeFEPAFerz17
d9f1bPC6uAzQXDwrEdwtljACeNidNYQOAeBMnO1219TwB4s5lujNkQK6PthM
EA04PZ0U3WVqn+mD9QQ7NelMwi+IorgYSqB8i6wWcztTOrqnwJ/CYBYxflM7
XgeMt9iEpCGssT3stSWQPvIrKLSc5PQIFeQV+aeF4G2EbvTvA7Y93HEmO2xx
rwkynYvb0cV5kr1+ddrKq3mlgMf7+2n6w/I1BLj1Oha5i3IaGfeFJPmmqsbi
I6B49NK3YQK4ciSZQdRGjAeReZz7T0warphkS/6BNe5KUVMtfLrmMRNgIQVS
XXCpM5+xWo1udWoYk2A46QxbKt2gXxEjSwGOQsqxyQywt8wqS6a6aWg6ZGd7
a14zU1DlQppteUMasoGmhckFPDW+MNUJSQRLJCQOlq5nRjy7USGD1K8Ozcv1
/xXySs1g1iyc/HSS4yJBwSoNmGaH1PqGemEYc2U3cc+RmJCTVBJJ6g5A+iZo
kQtCyQt045eJiX0qHLMyKelMrcXrbCA3MyVGfxYu3Xfn3A8g9Utcl8SfiyuX
w6CeVzLNjFW26r7gu3rBAzms+44rZ+pUGyMt1Ch5cFLV1tnmkBrfJCXlblCk
CDHb1r1dR/kfv882cYnwi2q6ouyL5X8q7iRR2oB8EZVwnw5fUE4J2iclToHh
aAHfG4oJGBa2z9LBGxBUMExSeky1Ggqh2jPXavZ8LbT9AQ6ZLFLqnqI2cQ+D
Q+4Pot5fAmFR1gPKEscWwwUGR2aLtBe2ySBEt/zYzEIpIa5sgcUU4AXJslpx
lcv4VMtWdOPNnsWbNHjTFbyIN0GS7/0P4hfRWn7xOfyy7CL+72IXYoRvpBk+
AvC2t5C9dC929vuaCh1TW49/nBWpVpFH/72sqIlIGtnQJi5wviT8chmUBtwC
ImsrWH85Z3MNwywOS/axOSVBK1Rup9nyhvsh9GWVHEjR3EI/Xsc0+9LFnC9Q
giTyxtoxfw1vjf9R3hr/03irC/CMfg1vjbt5a/QFvDW2vLXZoE/dEc5cTMZF
OmgDw4s343fvaLugMHxA8y0SXZeJJtzoOGfk4PYRN0XGdTXInPvhyhuC2xQQ
qZ+WfCiWhe8ezSnBfz2trlGbprIvVBgfV+h7uctcNoeA9Jf4XBJocLUfuUxj
yAz2OISCui0YO+qczAFzaY1yODYR4M3OyC4Jp5GIhUUJQPP8m0Rzq4fRt+3l
QJB8YD6KuAEcBT9UrrB7a0YyNrT6OOLuI+kZLaUH2SxIKR1B05ur7HpVutRF
rbW3qiSNm6MT1kdtmixsQVeJ2POFJFw8shEHJAqHSvRFmClvSJe0YCBCJNlS
zeBXCjxD+2mCi15V/YjEAbr6XKyERrb9/kiCcRIIRufMs/w2zAbZQJM7CR6w
pA2aaQMXx22b57MNx8xw49SADjfeGshbLrDsdi5nR2Up4N5ElEDlEBZnASRO
bNplKS10CokfTPBpADji8GECGMwIfFggoSLeojW86sIlONWUK93eJZqiNLsp
aJUHRAaLggiSYaZHVrlsRC3VqnloAmbuPU+uCtwHAKsjUQ1vzjWjvct30xOI
gucomQum5jjIoEiRqVHkQiK+d6fuEsLNqePaUFJ11wJ7KrApaKoylSw+jIbF
MNGg8q3YwSltE4tTcOc2rfBShRfeNWLQ5FLxrDVbJeDK9RrfJ8BhLq0hX8Wx
YB0m49cWY5RGVRIdCSQrSDqg5hAmwA6X04H7IaLHHzRa2CpOCjZh2ssUm9yp
VTnq3Cc5HkiFwmrkDhbrWqRH1DLCNVFHMQLRQSW9pE5ib4F2uCleeB2c8s6a
p4qULfKlChNfoIAKa8V3uwGb29Rqs9xdwwUN+Y5DPTW5S0UJmjpcYSA08k3D
gCJUdaqA/ndeGtcg91bb40VuqX4ZXFmAsUa+HoXduaxjIIl0Kt/RxMVGatsQ
6paLnAVJLMnajXZfTP6cwONWhRXttL+wac7UiMshSwz2S8fQyAQwDisSoOnf
AYmKk2hULgWmsJF2oi3xODYPXXCUdWlM1aJydbMB2/wX0FusnfhGoztSRPU2
aIM4gL3ezwJYiO/GrUpjo9NFhWPMVhNiYNqzArbnw2Y73uNIfR/+FnWsrWqV
vxKHvaOtjRYxkXSrx+xiyaBNqZcY/dpgevYO6MQRT+yP59IEixXoxkGx2+vL
1Be+IvxvtU+JOPf1MdLY11gw1G8q17mFympS9zb+rmqUtcVqm8BtU2mdjV2T
5HY1ABOFJtSAx3DtHnM3jBPcp+TBwXBUF99kuaimEJzeez7lzVb7EZ86bbMq
vLJMVhrqbD2lfl6WseJdV4fGHPNU0b/jnGlaLfHovU+ddcHUSdBw2N9Uyq/D
dT1gy1hEelcLr0Rjg5ABDh3W3tSVaxqKPZA/xiknCEsHcpR5ymx2rWlCYgxZ
IyFI66xxfPReWDmHw7cr11XTNEc3ctSMiHNBdUY+pWDesbRMge/H0oS+IfhL
gYpCpxYdRm/I4di1ZHbZipQsUdsY5gMus/StN3LZkrNSSpvjgtY21OmWFAwW
R7F7xsrE3KeyaX9C0FD4as2FU6lcG4zgWX3zxktR8g8iHs4fDvySmyLDo+vm
Gued9y/oMkUEKJA8wnLh/8iCAglgzYKagNxsU8TOBZ2JNMwydqOMcNXdN4pE
CaZ7MGZW6/1sy3Nkee4U9UUO0q2F/l5ySYIcgqpxWnrDIelGlpFELdKPkA9g
yQG0PnpEABqFmEm0vEyp9qYEeZDY4AtKdxxw69x8W8AOKbkiuZFCBiQjNRQM
48vmUet7HZDYZB88SQBXonMD2Fczjm/uMai4v5w5OdV8YQqKwmiWj2GBWPSW
zn3Iua2/eSyDCVlvtmrUEtZF/Q2JcRGyHWdWnNBnPG9Rj6nNNz3w+VPG6Jik
8ZYOy/3CZdRvZA4zLHUAVCYp0chhKdDL1tl/2Y5J/EsWadRYQFI10KoFTKnu
HexrIhVooseOlxDaHa8Y09eg5qaIZyylOKHlC89A/amPiGG/BlBsVbArUait
XYkXPrS2hw2Q0vJVifc7YdIem/Nd70jtTGF1m47eA4Q71kSH1AOr3P7nf7x6
sbfvbPzPf9z8ClP74TPnDPyOohUoH8Xqr02WTh7/91QrEUv83Wjc1IOY2X0U
F1FG1mHL2AWLbiYLIB4q5mEgSdXKPWtynLBPANIqAkFpw/BI8ZD+DrHGcKDx
nW+Sqiu1UyxBY9N6TMStbC6Z2h/YbkK2Ji3ARFDF6tj3ADhuT/N3hl1GdUaD
Lpjvj7+3i1//4Id3R8GD0d8PqOHQwbpWRM3ORE9+ENZ8QcB71vCyVyaFj1kn
rt6peH+PD9G8NmIbnTtXtKA746npjhhkEsq7O4130SqTVc66HQJrGH/JUhF+
zaXuPj5dCHK3yL1ftUHNIvrOxo1j4T5SoEdENvbad8knuxG2kbrduDgUS02J
r/OgllpAM6OuOmfdi3WbUfcOCzgRVdAUWtaowYUcX8rG4oW5cZnUZH5Zv/F4
p2PHmjpFxtqdxmaJIl+ndSN6vGHIFhqAXneextZ9ckKZ1SpwyaLM2/meBZxV
amlJOwgZ41nlO7/Q12aYSpDTDvI1yqgcEoxRqEiSxDamhXwC7HpE3am7mHHb
dN42SUWxz5Omgn5YPpddiKaAGAvUyGD6zjZquIYoRL7xeVAPkE/H26E6uXEo
4LNDapqcUI8Blx+gTl5XijuWLFAuGk7+6ec7r7bFd5+5kFC6EXPvamFc1ILA
FK9qBP+w9NW8KG4xxLZxNTRIVyvJJ51W8mE4CVU5hZW9hn8wdZ8JjZkMDv+2
NZNWatYUyw38shqgV2wjPjy9UCtzYzKsJdU5iboYWzsi8miaV4RuBrWT6XQN
r+HucLQ/HD2ngABZxodaklL6dE9b84XmfVHBcu0hQyrGfQFS0IM3a0kdZdhg
UJgvtAZqYLoIg03TXRS76CNtz2EaWpCrExXFenozFEHH3WCSVnCAsIO0Nedu
+uYkAV0WHBTdFU8IyBCtFKOTqX6eJuj3vfRL+kynwR7VV3vNTFBuQHAa0uUj
FHi3gwLvWgq8+zQKHPbUblHg3S+lwF2ks4P+riW93RT8y6nrWuWA9d8uOhrF
X0ZJQzraPOJ1lHStDkZXlCp2fwEl7aCjWHj8n0ZJ/9sI6T9OR0mlxch/NX9Y
IcsQAt1LKIf6g5Y4NI/cPocdxQHOQfLtjuh+wCooWAXBU1Ep7VlvLS03gSk8
yj+XlP9zKPl/MyG3VvF/JiFHPPkvIuS2kcIgPrxRHZUjbFrknIg5NidDS8W9
LzrQTmENjeMTdBui8RTNXpRAlH7ylaxaWrSI/qJFG9WBnOCwdU5VNH0YBHqi
UVj3ipgv6OPzd85MC2eFaTw2zvOG67yRBQSJodwb6egBCrQQ/CRP5g8mWiao
fCs9LlW/abQ6iSyYpGBMfPxJ4tQopsnFbNm+q42DeK5lYlJ9lSNuqOfC8duP
Peu0lY7t0ntT86Z8JhZe8aDMrzhZfS5U4Hqm8DcOXa4UPq0Dj1wAC4bGYNwV
b7mieDU5nvuEs6Vm6Ty9lrhgbjODBz9b1RKs5SsvNMO8M/ZiUwmRqdYa4wL5
DUfmBAbRTFbyLvGcel3SnBJWpRBsqtXE6PQQs1yzA2nxYWIog8GGWN7pxnwQ
aeQBVaX4tMSauRxhZmoOqQtBE7gaAV3k0yL/bKyVaqfOOF/kLgzV7InOoyzm
qfaR4YQutptrwaoO6V1C0UwDgKDOfam3ieIj0P8vlcWatbq0y4EvoGEXyEVo
EO70nJilyAqLoY84G5wT4HE19K1J71ITe9YYyTde4aqFvmjL1HV74dh5hEk/
7JCk1jW8Tx9OjlxjSgUGG0twNWifO9AKHVU+HCHhnQ1ul4PpYooOym/+7fjw
Mj45wk7sr0+Oz+ODg9/FPzMPy6pic9Tz7trZoCivAT8ZlzZ3eyA/zjZf9LhB
Qp7W8DS/qa0UNp/3THA1/rW8zT5tvuzFt0t8f+dl/Etkl3T+f35Jr8Ilvf32
//iSdndgSbYEg8qvILtuO+H1xd72zi+/uIT5ijGDQmkjK16emjx7lO9QCNw8
PD3sKYaj9HeIjZiisSgH0s9A+kRwI1py4XBWOoYgONJJt/YhYKWGBvoCeFoj
C+fi+9ujilQGceFqaXA0fC34Lhm+LuTZHBO8x3VkYl9HBrlQjkfzu419YEFI
JuDRg+iAKEaDBqgSkklAIMbcUtpEao7XxWr7maO4g61JbR2ZkXpBazNp4zyt
Y1+asEDr5E0yv+L2Tvhso56UiBQc0em6mriKiBwJie2yPCez5B+bKTEHnWA8
/lVCraVMK8hmbARVf9CNMAtU1kee5KrBXmBYbH6rvMceTgff19j6QFtxTSjW
VxAm2uigFsTUXDY5nmhxys9mmMOz4HaXN2Wxwu7vYjk2/KsD+tyi5AiZyIUP
spOuJM81flt5unNbMM2W6FoZdV2kXqQilLkvrjqvKiov4IorI6BmDhiVn1Gv
O2JHWSlBql5LoARojoIH7Rwf9f0er0TH4PIIWPGjswwHB7J/uEP9iSvrSjHP
QMp7ztb68dzlhbtQUO343FEtX2UB21K3UalWSkCY5q8OfE3mZlp5IY2+OP7D
x+P3h8dKrG/SBLOW/A88/4Y+k5bak2IW1puCB76Bz+RrI1rE8Q/bP+LXZ/6z
D2eXJx/ej9/J00Z3hadHP/rlXJz8+TjeHA2Hp+M/9uIPr5FMHLa09taPjg/f
E5Pyu63C7bbG908KJ8Gb4jbvETboSSQOeYyfZBMP1dwgLPFVo2UgBJIfRr73
2RG2U5F7x0NOeohxvzA3yiTThvA20NbMP3Q6hbcRYNIG1XKWuNkwHDysmYCF
QSU+DBTybJmlXa3csyrwHKl8Slma+DqKyCk1pWkVC29PntW+o6E4oDAVAT2o
jWieeDO7CvpkumAwORhn7AuC+hoGGGTOidPx2/lfPVuPN6LNMgxdVV4bXahA
taoTKTFJfUN1eCMHR6/PomZVlDUaBrD+ilgCtYgpFXDSgmA4AqcnNd0OLt1Q
iMFCouwMMYoZmZs0yVOloJ2CBkpSpJrQBYv9JDm5liFczwUDD5JpEMQoirEW
bBT9yg7Ell9mQA5XJAhfqg/7e5LmdyDcL9OggM5VE+8DD6+YhVvzqvHBFJ6l
9K7oXuooBckf0sOKbTd+ZRol4klvIxTeZGr48pbhSjpotJCdLhK9vIN1NX5O
3l8efwtiN/78HE8Xy9H+/j7I0X38fWd7e3tzp9d/arU0emVnhJL1L32VxPOQ
LcAPx1PO3yeLVJ7yqP3YU3JElxj6EguX+NbHjrvPLT1vcZfx/FpYxlgznX18
+8/jd99+OD+5fHPaj38eDoeuK+4jHCPY6NuTI/n6h50fG7Hza1+l3fs34x92
n/yquTf0/g97P8YfDi+PL+OLy/OT999+dsHvyfBGsz5/8qu0YP9m/MOLJ7+K
CeeXGCqke31JnP514+OuV8XKfALoz6++eoTtrz83fP/yYZmO89l3lC1tpzLs
3y3pcfb/8fL1K5Bb0dXp2b/LI2OtRDSzMOY63sT7SEXvGh2aiby+dLnQcoWE
/yoHJxtz4sPR5Cnf3kaLwrP8TI9uZsS8/yJaJzNSh7hEDrWMTS+WHodAWX37
K0rCFRuieskc5wjCPqyliB0yKlhQRSe0PhHtd+39ZP2wVNTncvX+VRJkr5Uc
XOso0oJcv4Egy1UKLTfYMXFN5Lo4Ppbfw8yC+Cir0HK04hpW7wlKR++B/KUD
qmOGcOvHJ2fKsKQrLnMGEm82eOUbckDWigWMaOP9x3fvBkfvN3x6P2kqmo9H
M3KC6zAam8dJG3VoB4jGTYHuqFCQWTIukCR76rGDKfAYWEp+C8pllv4D2592
gZhT2zApQMS9JTzokQCZLdxwAqBNKZAc5sTXXZV2aD2Rm7x1WboOsiuGBaOg
CJNNJ4/Cbp0dyBTKpJ5ZfOZK+AfFaRy0SvjMtVCiHN6KyN0KvOOSW/UY2jfW
HvIhXr+3K7EDQetvdKTCNS+RnY9Eeu2cR5WoNnNXeSRQCTDPQglez4g45vRh
fwVXk/oa998xjVYMC4SkcAR9AvbuUYzr9grD4zbtCkdHWdiSQgl+JOZSo4mu
zEAV2jbdiNKoTGJEtRKAMwQwYQjbtdqBVqgmN2qnbB69ocoY8CfaG6b/+R8g
yMGqmo8dH+KDuOoepdNh5Dw7DRUgrKtfBfU/VnkGxAtLtGrLIqoH4SjdVZDh
5hID2l3e2aYtZBTxmldhbvfFmw8f3x35hfgeM0EStEvrcxYb9pP5gVBtk1AJ
+GYqnfT2drB9XV9gnHG6ls0RZFu64BXujHUgbfEe9GzyRxT5WPtQ2mFkM845
PURVOQLrPbbOctXcA8rgCjawpF0SoRXXEMMWIX9dIIs3KzBmQ9mDtmA1D2kF
H4y0rmqqhORO8y/ktEUIXs/TVkcTTjFijbk1YOQH/MwITOHL1Vy7HjkTLrKb
6ZyAQPi5LJarufL1LkhnwVWJHNlFJgEUnIUpvE9Y4/Ftujh0pURQ5GoEBYyw
UA+2Hz3h5Az2gFEUKnFVXdn4T59fmCP3tH8pGRlJkIXwoErZng9xSLhq7bpR
q7QmszkWbGUIVRKq8OgaBPYqvmAIv2aKUvxH57KCWuOJxgpHHRMJtc2efmiR
vRr+0NonxG+sPRFZOJ4IAeLzQBhyGabHrkO85jpEX4rMBN1/CD091nENbVPa
Kthr3xhXDKYycY3WveXsQ9ztMcTVJlJEvwZX4yauRr8CV2OLq91XqBtXuyYS
IfnJuNpcF88gqxh4v8QJdki78D29ZEWVyBb8tnBdaon9CCxk71QexRWES2ce
DnwZ+BpocfJwIMrXoiq3ZGNVTmxpK5aEpTSzkJdbq1eQ9dOcgWIZrksqEFtH
yLUp/2fTVDBnKKHN8YJ+4xuiZa3VJMfSBra614TBcCbuXtS31XhqTMKm2yZi
GrFIDOOPnBDibX9uG4263iHf1JINfTaLmt4w7i5IHqLPKf+ZAdoPV/xLVK+W
vK6Jbo8soOiQ6dhgMifAB08DjeTGd9LtT7UrOcLKN8MjyDvT4hzmmIf293F4
ldVdx5deiTAxbXv2EhvmKkl5LHmcufccORVS1+AYUvdarM0s/mSkxC9S4WXc
Usp4u6JNX1DDFAlv47z2B+ck0Z6SnXwWTbD/ASz+uCyL8rS61po2QjHQtgKq
9apMiesgHpqxZyf5R2QdJ1Lb/PDD6enx+yMtb+4pLkUtztcSE0qtHu28YoUF
69Evq3Q1KwY9LRmncSt86+qkrNsnA1IjyOmrqVYCLCZaXI2KGbsDbt1XBJu0
W2SMCIw5bDtzqhD/KcpCwyGjFvgEm7RVWMpzOU+o5DJAWRuW2lHp4tgzjA0U
om4oeNo60ZapOKAYUhKtgqxLjch1tcy0gl3dWEJAzl3FJ2dhZ3uQJQkagODt
ux2qPac81j5STZUdbs0xs4KOCudNh5RcgiBXtC4iIWlbrgZ9Vor3mial0C+W
WdJ8+mAqHlE+aO67KsbVAzyzUNO+mhB5N7aiOHpuUgoJoT7mA7xLRGC9LhI6
z8hKQYX5XbO3OahgK678FsfH6HX2xkgqbg66GTd9lGqLz1/soZdb34vr5Lpl
0XNfis1EjgCXDDvhOAAmZ+7J0AWtTnFnDaJ9SLVy/xLHbFIRNoGWte+uB5g2
Xhe/Fofq+d6GhM7e/OQcj6GnxUwV2bI7VOTsinZLEWkg64odgxpZDrUZ+YJj
86SdY9stJtUnRD20dQiPjxniUrEwNe5O8WE6en1P1Qh421GrvoQvmkilO1r9
XaphOzgtqwdZuPR1AVj0cDzaRf9HY7csSONTaKsUo/eJywy8hmtdK8EQ8bWQ
rfe93qJWX9SPbHyqkj1xYzU1CifmAxwdoODA+PK3BvLFE71cnLciw4Puks1e
nd8nWY0UqeOQd9YdsnFh26OGNWNfERKsKDAf43bISHEPk0TKitYetFQFoOY+
ro9mI/Ufg4jqDq7UjQ3TcI+fwYY9xIYGWDw2NDxxghgMS2yzbuIk2qDkWHJq
MoCXTgkXboKjk7jttDJDx3WwjKuEdJorHfCfAJka7XK7Ds8em1ae0pyMjqXo
tXVpB3ZtVMermHEtNdMi0rWbmM24UqQ+ZOo4Cw2UmCN2madUj8+QrJ4iBfzn
PpFO2TecfdDaKXXTXsBUnNcWxD9wua0sN9yVaieAMlRxFL52Z3FSLAGD9eaz
D2c+7CCw54sV3EEOgOIt4mxzlBut5f6o49TkIfJnsQ70E2Catzp/O89AS6jq
SNSlQMTesAxpG2KkMyWSMj/rqOm8R+65j9y0A98PUdyYHDLXgOXGoGHOjYuc
x0rpk69Jl1DaN2or9iAvb9iIQwIwjLR+2s/NSRdNp3O9VMxYPpBOG2S4SO7c
a6ocPSIiYufb0pAKw5i6qVAR7uFxIvQciVC4a0+DTNRWQH8wgumMG8p2EJ+9
zzFrEY98QVqDZdqnVuP2MdpKrVcuuyR4g6tgtREVBCy4i5zI3c6fekEI10XD
/d4eB93OiOi3f9zD7Qvc299rNBkH2ixH29PSozHRjeYMTiR0tpAW2nVAlD2b
wzicEFh7uTUtt25X5RaQ/MWvnxqp5tppY5cA5MVtU6wYjhDYnVFtW0EFUjmt
ir383PBSTPg+XN48tgxN11u7L3VWFO65L19ikBRB93lI/ZoXyxozzUidYBMN
NgRes9Yup5SKYJLE8WtWN1T2sB4ETkkkWty1PtTNMj3UXwUjsTxTWSytU/Pl
gCZnJnttPdw6gLZQRaNlpu6gXpT/NaYIPAl0IKeJaWAQ1nUnvn86PhywVasj
tYfdffgWdQBwlXvYadPrkLg8K/VGa+NUW9fOkVtQavx+4mweHY+SYzYJ+q/F
XA+f64EGdbk6qGTb27GGVvLz8eU3R6P4F+oh23jRU8326TCJfF1IWdJZWmN7
ToQLFjRfC/Buz9hFmwloX0PWqG3rhZ/9sl0HJRvAidy3hTykwDQDCCncGLd3
+ObDiQ8ezDQKDaPuHP4Ls+1rcNVgIP17NW8BHpL3l/r+yL2/PFXi/cj71ZIH
mLoF7Dy6AB/sHcw/dfPvPjp/83WdnhldzCF2cfDUudbqx/fP3h5exF+NtukR
KhT/16GMUCxn6XTKkXZUaf8onb5NHw6xdYUQjz6MAM/Fh9rOwr5acqSdeRWX
596UV8+DDrXAJ32g3SNQ8yX043PbOvh2JXDDaLtHwBa8Hyyg1AXsf3YBWFSf
EnDcqd2WOv1om4Ii4RFYgN9z99t6aKXDmRFg3Xl6BwM33qXXTeJzsPvSI+2O
vN+cu/2+3f1UsfaHEaDdI0hLRVE9yvglTKcOAns/Poa34Qju1tyukpxSKkaA
dYdjrj7Z3AO8brsoAPfPBWmn/Da+/4Knh+9aILDXxr5d+rdfEvy6Xg7hZ6Yu
57p0wL3D83drXsZMbviqWIEwQEkt9PnyNqNezPD2PoWYiuEiHAHebnWFFjUJ
CQ3g3Hv6SwBuXh4M+BuXr0PvkkhKG94Z/RjKBcGaxVjSenkpL+/Qy2uwTV8O
US1Fbwu/DajW8L2Yk6ZvwolRZkI4wKuCY13ACg9ZbZ8M7GI+B6zFuQHLzviv
DizBb1C2CDCcX17iyy/0Zd133Pmy2/YvJubW50mC7KW23HZc7XPsdOTyfFt8
0kTJNbkl2agoFyHIdiB/yyQ1yQBcS7lOr0vOb3NmDnToVQ+LBZZzmZpIP9uT
Qbw/PihJs820CWUkog5WTihyhJFrTeEz98U552LzGkl+LtsBbSKawWfzArEN
wgd5keJAsG+5y5eQ+rt+BbiB3M1uZg2NRepjnbjseq3cb6fux5OVSyUKvqEu
DqY2SERaiTaNMAIV6iImOrErvU2B3pFCYdLOUA765kTj2g22ZTmZsFntgk1M
TS+lcAgpAnEEAibF43KKbRQuK0z9aK1JUesMnZSPZ9+tT7sT2S68NmWqXo4O
C2C4EQ8HbLswS+dws9BpOOew6vUYbJtaa9wpawxU8ZvjAXvO28wItzQZbGjv
LNH4B8NjT+q+XrpITplKl8OuKS6Eo5tdz6BmJ1zvq4qCdEn0obE1lAR2inVx
E1vcEts0ZneLV+05pofjPb2QvPP4lAwbVMKCnhm92nsJz4TN0VpRydQ4TxoG
CPxJGt8kGKltV+TyOsFmc3wjI9eh1lu7GwlLrnTMNCnLzJsjdIuRy5NHbyJ7
3zF+GG7Qja8YTTl++UMDOj7FPvIRG+1miRoxIDV4SaFjUjLAiNegVo9U7U8k
SKMjTt89w/iCK0LLs2lnPWDjyCwI0Yi5uxCHtWhKwCTsScgEXHMLrjPqz5VJ
S/BBKXImWbwRGNIFWhLtSInfmBRFPcD3lktY9gZat7H2f1riPqaVBnZSMxu5
eXUkNM+1QAyUYnMTXc9EX5Ql5kqe0dWKK+BmV1uU99lxRtLzRhwOVBjDuQWi
cN2uNL8YQKS8S7gaXjXW9AF5r6T+AliEm3qjc33zo2avhGlWTlcL7jYgQ4dj
UrgCDuwyKSK9I2PPEfDJwwLu4ubp+LCnJUmoGBPxL7lGjsxGDGnqEYdVRA/E
zHLB6QgX3N3uxLSuackApmwqJa+GORQ+pINc9pTmoE3zwsRFTLxxaTWYYlpi
7a/NIAQtZHZsgoPLGUKKKKGB0vhQMk1UbghTDoTYSyMU4u+SQx8IS4enZ5HL
j6ucCejFcCR9G/de+WaNRpDxySLZbHCWVNV9Uc6+QbvHaTLlVKcrNYb6WnF7
rtTG3s5oJLRU219NHmTK7b3nFDBMpAkFfXg5HOkFGsTcWLxGuswYkYTuMRKa
4Ag4hmcYnxZ8FeCKhJWb8NzmWVW3xm+M3mFsau16jaFpFO/Er/a249Fo9/nu
bvwyfvFCHO5n35yeuRvexe0rWGvc+LH5d8L6i/ur5lNdSY/ydFZLTYJD0KRk
eMkO1fxL2MwTxmvI5V7IIevjNcNXawZq19BPy4Q99yZk31VzRGulRzLXzJgi
e1EMk6wnzaqfJ+U1JR2JCb/K/uaxPU8H98nDQCuvDJuVX9Zgo0FB18SJUZAp
QbgJ2Ry+KPvN1dUq1tU3eFETf8M4tDQcJatMhoQifimNB7UnDs1eUBQuxz3Y
lSOlm6eJ5hBfreghavVFNcepSmRwJ1CgMNkc3Svyp6Nru/Q1wejz1mu+XwN9
/zb+ffyGi6+Hjxr6ULeRxybSDLV6tcQwBnROiDLekzv1wgJLc3ko9C1R/ciR
Z8Ak9q9++P61673hBMzwdlCTIJNnGOFULqNNZf5ASeCgKTdOTAqV1guJpMof
ukncI30zCElwtdwOQuRVvVy5zDYXZOdeli4a9ikMlAFJwC9hE7UvAMHGN+OL
47fHf9qQ9TCXd1l+fY3c1Iu08WaD8lbv5cLhcWCVNxfp4pVcqh0jLpwA5c01
jt8OJhl1lY0QNd/Gv/1d/MYqkdifDzk7SYfYLtwFdcrCJZGMbslVRMgl7ydc
MkWfy0xhs86h37hIScHNPqLD5sZoI/73v//733WgXmsk6n/QHi7SlYbD7Tx5
uKhzdX44alNSxIgt3HQFdywA8slz0nB4GP/7D28QZTc4wxRHGV8cnpwAl6UO
MaKfGsfney78javdwOBTrrJAfk2U1HNGtn//0Zk51sftSoArCpCWw7FXjVKa
aqoCyOWDNDHYGVpsrlMQPU2O9ygrt7Lllpqytpa3Gf7b4+h3F8KLkjsqy023
W9Ri20gWV3UYE3b0hqykZwnc5Q7ZkPwp37vc41Am5ExY7T9Cvpt0IH4zn1w4
oNxCdhVFjQzDoIo3F0ER0g0QgaX5Vur9ZhvxVsYkEg2bG821l30zd3uBffy7
bSUNE+KNDYVNXEWzVnMrD9faz4bRY+Js7MVZGM97SEmQJIyOwpV2C71qogs4
SkfxvqM3v0Zo292mkgHw8mfEti+TxwYD/PJE0gpBm0kH34NC9FoEly8VyXhE
JcM0shHUHuOkwg6VE7rg2gprnAn/aWKquTux46nCjITrxAHXiX4d14kN14ka
XOfpbCdmtvPvnu9EX8x3cDbDeKJfzXgcaY/+Icazho89nfF8jo89ifHoNR1G
/xDjiZ/AeN5gn3kjUbf6kmDvEJb+Xd3FhqJHRQyN2mvVSF8ZUo0GamroYAS7
jxoJrP3LGSzCsAY2AhLvr1oks2mkDmgmKzy6tMdMAUoVAUQdJEPqW86y66zG
vAa3zqdbEOK2BSHabWjPGufyEB9b22gHTClKzzUPMOAMUri5Z01rvPjUFQDe
fHt82jMNpbNW9xpnhMHzsZUq6K3Phc9Iz3U7Jr7i3DmB+WoogYdkfcQMDopz
aYd3fH5DnsJ55DamC2O4eLGzj0qtreU5psAaP4SrnAyyWOrLlOKjv8G1fJvm
m7148Pt4c3nbj6vbHnzxe9sn0/ZUW972pPqpig6bDE4+hU14fYjj+v2l9A4O
P8XaZpUMn2lKX2P0Pq6XJLzExjnByzJxFJ7iZlXxjEepn7GCjeALOGvHjLah
ZCUbYktmMJ9fCjGkrmkvC00oQYj4cO/gBJxN1NUvplp9hnC0IqF8rDZaabMn
xHlxQoSsRQPFLEx67uRZm2yux09pSqB8+ZT24JtTmvBBOXXdODGuFbeP8C6N
MLL2h5PB0TBL66vBPFksq8HtA3AW23u2+tEZgL7BquBuhxl1885nVnr3qghN
1AhUczU9hx1DoSkbq+WSBSJHX5Rm96hwbgp6CiPMyuCQqyFXTxQ5Cd1aSS7m
5FRr98VYhDXeGAOg0g2upy5FYILTE0RSjtvGpZvCHK7GEj52siwPbHxTTB6Z
VhImaXX/3//z/1aeGDYPVxfRLOgYIphBLNfxYvLA42NxeSzBhxPCqogx0BfP
KprF9qa+8VVvq+at9sGQofOOCABqodQqm7NqaXwJU25FgTq31FCeI/uEtnap
3EGERMNlk3QuaZa2lnQTRJTSTm0Z34/S8gCBTLKZ5JBp7aPNt0evgYpVxIFK
sdV2MEFdVnvFuAp2ybFTG+8GHAqcweOuC6PrqT89nbnbkNTtVfT/QXXvbbr4
VUb6F6Tv4duPK3y3s6vPamY/gxA+ODo+P/lujI5xLTvIOuBtyhE4VBcP4y6D
Inthebx5moeTaWVHjebnx1oKY9ea8IZ1VUIMa6WTWieVLRrQxMo/gIXcH6AI
WOiAMqPLKUbacn33RYry/gADFTZ3enDimwDxHhZxqtN5nmKrl9tqk0+gR7Hc
q6rGGu6/9LUnajAZXr7x+/GAG8fjVDaPnWtYV0zeOGBhnkzJwqsrpbyWSYn9
VDSxhZyZ1O1RS793eXqo7Jo1IwARQiTImqW9jJ+s0OynokK7+NHrvvQFerD3
2Jp2VEzl+2lM2eZq4MQeeURk1xeVbMUmb9avzWe5yNvGccmJUNx4pSWjrm4X
zv/AQmbfiZ+7sKB56oJhxBIgfhsBAezd94GQ66tpw9aFIzUHrXD9qDweRQv2
PT7xDAJ7wZNPw9EsZ3PgEiIRe8Hc5kK3j8be8MyOqqpG1daj2t7XFqPR4y0t
ew/YB7cwWBcZT56mRwsF+SCqJPDotqPVTWExOIDWUkVJCuQ3DKHcolBImymD
M2mhvDVzUXOxR1ITbGhMYFWWhsAYNtiqUjUacuOqk4Y/qh9L1QS4KLrOKywt
EKJjZ1ZF1tiKyRVQLx9VD1YXH4ovXvQ3CpBKS7AHlnlEshCwsvcIw1iwDZ5m
v3bKrLFYf6RkC2YANbIY8KZRi7bKgigl4HwrgNAQjdcACMdvk+ruOrqo0+VX
srrP/MBuoyd2FH78BxjW6HOT6Q/AgcyIDXVkTRXZ3w4G9KS/FvgRPLzTGMoo
U76Isj4QimD+e6a2DqvIO6HfdWHWmkUOQJONXdFk/Qge3v1SoKxb6JN+RHB3
C/+yt80uO044FowKg0RZ2MTdduAECTA/H8Rf4fGAUjJPf/esC33Zjc3Di03J
KEnPQKwguWSQzEHu+N3GPL2q0T41GtLcTm2x7ebXKjvLW3eD+xJ7xqFRYfIg
LyFovU5KOFdZ5ORzsh26hnHYNlp6vzmwcL44hvNyOz78zCs/TVm/qrq0CsNM
prVXWJu3x2sVZMlX7au1e4aZy9Ck3jQs1vDsU7ZldLb+Mp004tfMPtE5BJpH
n+kmm2M+x8c4qNPuo1NQ6LD6SJfAiko5fIka+BTeCecTKC3484iZTJ8nPORV
eA1RWEfrfLs0zNapGkLmT5XEXeMR1BOtbtcs3dqWaMm3zt7mlx47x02o3Rpe
RdIjB9VgMkOf5LMrYFKG4TP4OSnCFc1yxPDizfjdu8BmzprnJHGpHlTwQA98
Ld/kgSZseMnyhKvExLEDP+vQnUI6QP/W9SAEAZEtXq0DUg8NZjpSLMgtRa5i
LCkI7uq3Ic3Bb8QI2ypDrxe6TXjOxNlYzA1oSNtdNm+aHobuOynXaeEqjrKc
jJcyU43Qau2hPs2wAMV4oEWs4XtqGxre3L69RpTV0bcAUx3GQGkNbsI3m1je
m/Ygr/UGv4fPbkPkbJ+RHqV1pXWKgMY2JYwiwA9UOx9DEt0ADAIKmA8z+O9B
mOA95+//7AFJbbnVtPZRXbRT9MORS84xhgqNjP/cw0OYOxdLN6xxNhZaFOad
Z9koHB1wYK2FRVs0sknljp97WnXOL8K779DGlGQtUsFCrlZlzQ0kRamppFY/
btcUSJ6u4BZykkC35brpjcKCFMWDVFYvape2gPA+eXvaj9/1yTzQC7soWiuA
twFg6KQrC+AD+6TuC7mWYMwwds5irupGdHTO1S/Qk5iCqpLABBzZcTYKMQys
t7Zv8G/idxyZLMZ5PdoGDbRRB75YZ6d7cE3LTKnKL0ulCyeIMiumqwXHyv+G
AEo6YG4NNEEsId1BP5S31ITD8T0Niug94cK6Cmh4Jq3LFrzUFeWCpRQB3aUM
Hf2YbhqqPTQbl3QGMIcG0PUWUHr6l8jf82AJak/agGMZgIyyQUQkXIC1OTE9
dMjTKJ3sCm8F0hJAvm1HwWm8qbRVQNO5m/OKwF5gGBygElqXLImREIoOXJuk
9T0FWWRXFDSz/maL80h7zHU+wlgdVqhNP0n75bq1A1fln2z+D0Dr2sYTKfBN
HnuRxtlLkzylJnMgS3tjRke/D54Xayyg7obZWOTtVhNF/zPLF/cEnlfDauq8
E19qKaWb/MGTM+GlcGpUTUWZsZHCnmTMpLKPzI+RfoQUhWSQNkW55KrFpe9G
CGdVUSk6by7SYlk0JB4Vfri+iEi/YQSihUu5Cxbd2qfpGBvN5Hw7iI+NBvJV
BztpaUeweJewMZcOxp12P5HftR9fGOsBR3eXPnipRFHLlpJ+RIl7ZKVqOyRo
UHLYDK85eTPYhI73DaNc+RRMnqIpH9Vhv83MheLaKUnLEmjUfOYBlICw5ChQ
8qWlHJWP+XguZGBIhRypPXZoO/TQEPPpI5ZEiv0KHNeS+ulhIGegEYVw/WhO
5y0PPOV9H48j3eIEcTzVa1FGacSZsRuSeu3YMN5TV+3skWxvLqzzPTtptZhz
YtK8TUhWf12Jm36s3XiTPDof94moSK0+PgkXFzQj84P2JbK6VTx21AfBoUWz
oiANXTwJyfV1SV1kZxx4KTe/SqnDKJ0zJ8EhgGhtpuEkkCxEVqyVx9n9lbrs
vRmJMMr32A7z1GVn3G0w9kX7XHuVXPqGEHkcr6n1MwXZMMWO8rpqt0kuEV5q
AW+ZjoyKVrVwJ95a1IKRd5LU05uhliHw4wNiwlANpRWz6/H5eLWEe58mC6y7
7kaMD8e9rz2poMvCtSjcsFHsLPJdw87gvJsDJ1QKE/Pg0bvpCqj2sDTGa2Mh
7GiiSYbLSZnNrvm6YLf4wRwkOjzUXDVRlhxQDrovOo/B1eWtUoM1VAce00WX
kqQIdzc3pCqoA0+glrqKpnMRKdBO2uTKbo3e0oHM2VWBY021P5U1GHzOCkvJ
rg/t2lRcdnFNvVGbl/2YW4m2rdm07jKEXCEKuMKuRj7Gh9z/tdH8uEGLKKvg
Gy7zySKH00wbNS9sD1b1agut5k679yrdcyXSZr9kd7203F4oDEqnIKSg546J
N2qCUGHK5gY4afY73wu5qxFz3Eodl5MQ51Vtylb4koyFb/cl6SVuE7bLEtXn
oADiqBkkpk244ZNLKcBojbSEko0GtEUZcWVSOQ487oXQ+cyFxfnedmHnbxeC
PoyCSbH+5IxNBVyq3MKWi2JwRDwI8bzXiP3EoBqrm/UYAxazqyb46MKmVKoh
7DZmSok2Skybdfa5Ky/295J2EnKhBOLewmBz+IFO1Byex8WpTYsWvS1hQ91o
lQNpSZe1NppghyQjmvZ+0T9NNWduNxC5IjY+xQUQQWUArRXtb3oW1grcxHTr
hE4EI8l7lN1Pr33mldi9Qs0lriNNWwAddEX+5Y0y/QuJDBvUnSOs6tZd0i1i
MSfVupMc3G5KV9ud+hBGLRC9vvpov4HKRvaXa6H4GAWeiiS+zXKid12VSycg
FC9B2a7DxKN5mpRSTyTiwuzEL0USrcKLqUS2q4Tv+oKoCM4fDs9PX/+4+ZXk
vfbYBhPc5wdQ4z6xeDtt3LlEK106Q4b2OXT3zNUo8UmJVBe/LOaVdzfUN67E
JQHFw89qkiRYzwYgpB3W5XyQzGu7Uh22byl94irDSi5QUE2WgxeoWUge/3H4
fHv/bndNWY0hle/G5jCkMWVtYOAVYWgoEND+m2CvpjyVutokytORKTwcLFpV
VtfvlJvTEXby27Y6wHphYP2A6ws6UpiZJLmrL282KMrrJJcyg9ixeFbMNl/0
qHBTmac1RqZVUs5l83lPOxBrEQ34CEuMfcI4NPh3iX/LwvDNlxQiOG6sENcz
rmuQClZ1ahVKEV8uNLhKM7B3hDiE1SRz0t25aTxZphoNvU0lg/+fvXfvbuNI
8gX/z09Ryz57DPSAkEjqafXtPTBF2by2RI5Iu7u3xzunCBTJGoEoDAqgzBl7
P/tmPDMyKwukZHum757Le2fGIuuRlRkZGY9f/ILBBIIqho0SFYjrxsBT/Wgx
Xd0t4VTHUXXP8X11iSq9FDf2vP5QGYA/gjMjrQMM3VMhNUTdugqcb8uybZfX
K7Dcag5eE2e0QVx3y0q1YbkfN7X2nr2ODBpiRUETgazXNXM8pxZsSK/oDEDB
RdqPmziGQAfqZT8wxiuS0eghXSbNKrq50Kyu+SXQQEJA2rsx2NmE77NfyfHQ
+NN/MYJkDTNRSYpwIIjJAORhGAkESFs0fjh04sGx0OBfDuH3zdWqXF4HAAUM
94yuGRy+PRtGNEn0gmi9SAYZmnzfKjSXCLhGFUwcTxBCpVMe5CEZ66Cf/gO7
gwJrjIvGw/YgH77RcNIMvhKvmaXygntZ3qrJukU2zwNnQk66HX2NHZlF3kZz
1A3e+2F0jkWJOcN7hdId2tWTKUh8K925mld2aUBh04I5TYJs/D+voBmof3kJ
RaG8MMm8QZ+0et3uNotdf9fuxxqTg/KS8DhoPKx66dzyr3PdSEeEyDbE9vbc
gj4sTQ2HC0BAZmP3OmhQHPcndOnuoxMMbbp7FrpHbTGyU9C4Ug5k9Kf7PP1p
VTOit6KzFHJsBtyJ/XHBtXsvJdpJLsgip9lX4MbS9AoI8sAzEJ+zsC13+FUR
h1NURsW20ERTeV6QT73wRc0DpDUa2Bzq0MJtOgL2OYNPPrSQAAoMkf55+fQF
pQIokfcROK7EQz5D9Hi8cqMUc+qKkMvUcjrD/ob/fvHy4ABew3h0xlPAJuXy
OLh9QgE0dCW9QZyfrM9afwp9ze/65sl/A7X5ZOZ5XtPtyqozE4ERKZmHkZO8
SpBCQbh41eHHFVqNhRwuj2KX76m56S8XUnb+iOIT8jfMa6e5pbT7k6MBcMHq
ZbNZcVpZQxBrb9YhzZy0omIFZgDnuastLibqm8a5ZO+fs0uzqtDuhOzRrddA
6OBykEOHSbtT//lF7GtKI+JeWFpUc0kxflKXxE1ktAyWVmFgeHHHpP9wBWnD
0EKJIx/+T16PY/bhBkdpxCZdky4VarCs4kH0TekWSYMwUiJt499zxsqrVUWj
+/QZm8i9v2q6wgg+b7r2c9NVoraAshXky7OZky+LTxms1yRhuPJMTlw+eLxG
pcKIn/xXLnAPIuTXbpBPmsRkxbNaBs5Wzqe13QU35TbWPuS8D/k9SlOVnSvO
jkMKXmyhUBvpJOiUmwH8HOLPNGyGVJs0hcQx67/401ykQDdAjhBa5xSrtjwK
k7alageQBdQoWfgz0bWD3Pqa+yNiB8dl47/lLgyKI9hnFJ4D+khCGXNPUkv/
iFNv2KG7DjH1LcNOtTHElHmhJXaITihHBFM20soFMBR3+zKNCFPn0g+Hhw6e
pRT5sWtJ8dNqlqDoB4+5+o+681Wzv/i5fNvMWr1gTy6gUCV8e/yEfbkAWtUp
sMdccBCeIHbJX8rVQi8dPOle4KU1tFoYPJULPiBHvd/i0QOKwbOhqUF8L+lo
Kq4WI9UwPZMHauqXMYpiZt9RhP6SFx7FKDPdtlltzAct035RzgDB2pkTnfYU
VtyZdn+B+Oj5afcXYIe+3mn3F4DHf5ysfZh2fwFYdez6hwt02j+umsVVsEz1
gmdyAVAFYp9UCUDwBc/lAu4FDgP1MnojzRMGL8wYwJDtfMVLuWCK8dPb5kMs
w4O9x/YK5p631wz29qLvOBb+dXPFfjTbfKhQx1q+QmcT+P28dE7UWpMrdDol
WVHNTknByBVPu1ccqcbEK3RCy9kMpCp90WDvuRnpmWmsG77lRbLuGmPUK3RO
0RPxD1ifQ+GsTtpgX+e023+Zr9gL36JNUH9g/5iu0Dn1x8AkwALCSPd1Tqk1
7vcLNIHtFU/iK0QRmyt0TmcbAMn47+RAu17BusEqyF6EIuth/tHrR/avAl80
0EX8a1x0HYoO5FFWWVh84i+mH10UmpOy62mO92afWG+OTU6FD8A7Sx1iA8Ch
EdoxxWZdm1Lec9okDfvxPXFI+MQQEK8af9QfTopTLuCp0o5C+4SZwVbEcjER
lwifDPABzC932Tm21hwy0F2ELvNog7TXCIgR3LIx5yD1Boeq2zEUyTvcpgzS
ac1VhTHBXCOyeb34EL2cXVRIcyNSIsCDi+Iv19Cqi6EyEYf2RXXXsHXUThs0
n1yCvw0J92yuHVtSclQLCczDGyLgHgMPgM/6Y8Pssm3wJb8sjmpOA2F+TYIA
jiexoh5ZPVM/ouLPOrJMIB8bfFWYbUxQ4oOb1R0y1UN62BsskAjS3KR/e3hp
6a4hb4lWpX88AWu1CTeC7OX0by5xiNo2Q/qabtqQ3pwQJtpkN/yzLEP2DJja
IbnCTxQZDHIj22PSwTf2yWUsSKnkaNtHkqD3/oWH5bdivwhYZZCkLp/+8ssw
NTROTr6CDUj5AtOb2BApJ9n2JBtNkAeYAHQs0rDfeZJaDfGT8N3aqMFQiMnG
dFzKWaNABLflbHMBFiPpBP/lJhD3St7b0jUMV2031Uo+RjuKCvAB72GcgNyW
9IIvix3oPL37+t0O5x8RPchXT+brd9g6EfqDFPw6/aVp9i2vlvQzdZO7rbT1
KmHYEFCGkqufIy15L4ldFqXDPFg0WbupCcpASVsz0a6IcQQkQhgUVfdGEHqd
mZPHh+H1yRKCBrLdQvwfxGCFJFKO/i1z2E2NfQld3HL2ZuY2eNsPZTjxTT+V
mCkcG2Jb5DtqD+VvJmDP4g4CecANBCF+if45rb9J7huI6uoy6aMK4PJkf0r2
7H/CZpRrCtPimThZTa9B+5wQS0PnEHwGh6AgpFZK/mRqdtfXlTBAETgZtSI/
VsPkDg86/Iyw3/zF/H5+vckp5c/1zB3REU9bl9Rwf++D/fHzz/ssOchL1z1x
+TIzgjj/0P9FnVviT/Ka/xKW+5SJrqBSsxdfN35BDYAxLkP3LcN9XaiifLQm
I0I3aSfFDDiCk0vz/hghAp1DpYMpwVuUgD6hn083d+bR3RyzaV5d6DYHrSmV
NUG/h/0MfQUhEeJX5lsI/dBfkvgWtl+EK0+9kMaXadQTH3gQXQZXyV5HDHYY
YHc5CC84WUADZoWUgIcfbhpzP633E6EpaLWDOGLngrDBDClQCVqGa9BSMga5
ZR/4oRMIjOF0/k38lDaF4ACe9rqcX+KRsJDG79zsyhoZ4Px6M8ermpE8E78v
/TassPIbiVLDZ9+cfP/d69wkMBhDcpzwYbZruX1FaOCuXEbStV16j3Mh0gV3
tGFjWuGY/rM4HHfdzGeBNifiFzvnVyYtaDtI8KSaCiemD2QbdEWuX3iGsgUT
cNUCigakZ9LEkMhhoQMKYSzxQUVkRBKhL9KqPitbdcsnvVLpxTHnll6kyCq9
ke6KzGEjXgZ0lhXU7ioQkuoG625RTTGjusU0JF9uUn2mkifWSyb90qeZ4odm
qwNBV7YfjrGaEZRSfA/9PjEgQvjX2Cf9xNlGt0WmBoUHsi/MjhSqHFAKE9UK
b6A0H4yfmzFiR6pwwVLMYSgiPf3W/2/CedFff5Er9bKsGW3GrE/oGSoShW+Z
ErIi0umwbG5vGIO63Kz8AlWtem1RkzTSKZOzd14YoGkUKHvKkPjdO8EGG/VP
xWHaQcWraLLdQSEiYGDdRNhDgjcTsVjDIf8YOycowR7WjP0xCWQK8BzwZ/U8
bhhXx1pzO6wN2fu8Da38igvB8FB1gg1ZMl9BhOiVkuHZMtxbqYKcckwrKi0w
9oJ8S/bmBGs4xAPSTsWjdAoUEy2QAy386k5DoaZoK/qLmnd3oSQ07pbCCgtC
Zg23TJ71v37F5NlHGz92By/YobrhNq/96Cb/1GEg+kKp9+cVk03zEXg4eeQP
N+IDev1Nl4sHGgEtoHxLK3Yi0PY9Z0ac7yV2an6K9umUPEef/sb+Ommyz7J6
C4RXSAqhyL0z83oV/Bp7q9GpIGcKWw/2GGU7b+sZevC5Z6iKqgbLtp6lioFi
ZrN4cv9LzlaZDgsftZzpprERUmxDSe62s3cfV+nJ+OAhZ7C8POMXgEoXFCgc
X+FIyGJOQRWQm7LWu7yncJb+Vs6Z2TUIFLgI9z0Y1wMvBkdBzzd5UGXhjdBy
PYImhZOxM5JcWhSfhtG1kJILaCrIJBaMEJczEc1qjgrLQCHiaUdFIKG2Cz4E
NHnUqar43YCHf8D9dwxZZiuwp8LIlAnRv5Amhoiu4k5loZ2edJIiCBm/7Ak2
TTZy3z50u1zcJdxaAReWAQPa8gn+VX4zBarHbnRDLAWDtbWfSoxNeFwJeMsf
ZRR8CRX5nS2PlDgQX3iTlGBY9ZXUpyG9SZAJiRaAqOSr00dbpkgpKkwNaQry
C2KJhJdm6sB2MEwwvbM2JDwkNLftA7T2WmD7MQQl0jU8qgxiurCIafslmHvR
bYjz+PgxMAR3CoVyS8Adkfvh3wx76Y4xmTlBTScea68cQwCgDzAeYU6DhkQY
CIBXCFG0vrY9YImhAOkA0R7rUBDZ93/EZBUQichYeyHXhIHHrEZ8nqhSoWxP
8Zb2za4pD7EJipx+2ZeAWi0P+S/QM1yqzu7+qvIzvuDMnxSrRgWHKVI6CSSQ
PBeR7sgF/6zOuuhwN+jJ0zCgaSEWdnJsZYVvHJGoFsmPtwv7ft5PHh1OOjcU
RJqJPytNnuNv/9y9+E948aryh6P/Cpy7IbNq9jwZWAOKAVyIIfjh9ieTGRDQ
MIagE2XHVClCKKki23pezezZGSSATW6/9BcCBlauHoKthErKS8l4JgIhaiWq
riQJiIQSwlUWGs8WOh4q7K3kX0xOE2x1TnNzM+lEpaStsKVJDb7A3hKNP312
cxE6AkVd0kJATWukoyDeIRRuQoWgzpN/GhCXaPZUo7IS3U8HQy2hcvNZANkz
rCZ1Ap3q1LQWT41wPZ1xmHDv0fbVzgr/mZjORMip174Ya+ZAKvqQla6eKfUR
cGasUF5M0a18yznClkvoSnZXzJsrQYmHvnYcoRW9C/YBUwLZjncZtpQ4fRwz
FGEMmZTLMQRzDfYjI/swbpzQWUWuj9ZS2VM8OcQIkk/12XFNfPx9zCmwWYho
ieD31Y1QITz2cmtlZ+a8Za8o5/Mg+MyASdE1lDHv1gdW9VU9Y8MpQsH6/Q72
inracxwz8jpcLRDztw7H2uvkUDsUN2D3vUA4T9kizx5tB3K0/bccbEYn+jEz
NUUZfJldxaGqWzEIu12xqX5WvZhMlXoLjpzXFQS7cDq4QzBcs8pcAxP1CjcY
Em4OlYdMYlXK4rSY8e+WbyNl+tnHaey0fe6ZaijpeSQfm42XKv+dgEGwngGx
yC5u61WzuOHCVCpJouQTRe35SGAJXHBVXZ+XEE6qKHMUry8SpxF5UNFOqwWQ
Z6j6xRYYreR31g0BF2YQX8BCITp25oqi2Z6/EvoB83KpDiLaiCBM+HXzpvlg
CVuKATf7KZEz4osQrhErtp5buD0eO0QqsCC7jAVz+OUn2Dv+e8xPr7UDr9pm
hqBEFf02DWyoIn9//m1fPOjqP9HVyz57KvNstK4e/GwwrHqefd+773tb8nyx
2Ijii+QEepJfiBpEahSgxrBN2ZVZUNMHxvJGHwKq6qAfqeQGiIiFUf3vq6ua
QpFROR1ZEPXitpkLGes1t3DxY4M0xF2I5sZ0J5CVFQoEpS6ZripUTsGcyalt
rFKjrTLWknOjNJBBJdCVEZaTdzy1XFXNzCet2GWBPywOGg7QKuOLZxWRT9NR
SPUO/3srPfjvn7a5foet2N1KVe5EVxkBfd1jPcQltqUyRtURIpCq4sVQpNok
aevx9vbkh5fPIYG+HD95/MSGpIfiDWcGp9uZmpfY1tq8bfxRgAb29rDNgDoY
yEneuZpfx7y2UAUg5Vs0OUOpxIxtaTnMo2gbPuVCrOlA0xs3Og5Ig2ys3ZhN
lptMU7Qnb4KJiRFr/Vc+lQtNonN4vDQn7md2AZ0lcrS5uj7xX7NxeLW938Ns
dCklLMcuhdzxwuzYvfcjoXfNxZMtb7LkNsz+NuE1QSVHyFCBuHIZT23gzuaw
uMSIFYVkxaj9TYOwvK/eR42ptkRg8cLQgeDzA6nEQhFWkp5JUB4pERfmIrvK
/6v4ptGMPdjv4+lOZpRxdBYoRLDfxewMeXbfUUqF/QHjBJcFQ4nRYyWArc3Y
4veht2meQ6PtupnRUKNIeLqMDw6D0+Rsj4Oncv/AyPdW0Up2wIAsKgXOBUwA
vIX8oa1J3YuKaI9n1VC3U4nuht03CZ7CfzgRj4ShDvBPMg6hv8ttvyHzjewG
ihE6jf5Ose7HP46RnDuYg9JjDp7BxaiB7N1wLyitJFHYerNyVYsbFeZsVPTO
Ge875bIDqAYSp6V2o38XQdnhHG/QhC4C0JbxhZf1WhDk3hm9o6tev2slt/3R
3wA8qgUkzrVqF+5qr9HrFV934IUSb6bgDZeutoECjCKayFgJ4+LWeOEm+ijE
Ya9sHHJWIfCvhB1HXYnULCgvLiBcgvLSgbEnIYe+45VPHD5STixdb2Z7iHbX
OArrJMy+yEfPwnq3zpAfM0d6qcGRHjgjPxN39boCv4exM5alFt0A5SQ+29zc
QLoHghXNaS+2/AVVhGF6zVL+t3Ef3MCdK60EceBcAwWLAnECw3vBO23n7Nsd
FOQdQVh4gd0ZFTtH8vu4oh3+9O1E/tYBsexwW+Bvj97aa/oq7+kOtN50ZOLk
tDg/xDmcssOhVTIR3OsrxAV86z8Q/+sI/us8pPledc0g/wX3XoOPsaRLr8Kd
3V/77+2/3Lzo9TdvJ4evus+HKFjuBeH3yRv0D/icQxsmM8+Jf88lMvKs6I9j
3k7SAh2282pVonyySAltFWKGmLK0/YDcdF2OSUjdoCrCqK/Ukor1TbgqBvPQ
caItMNda3038ACEgaOuwhnQoBw/5auO3ARTztaLnpvOSe0jDEGrv4WuNP0Cb
wX8Hua1WEN8P4sSBQokMILwbmATA5XolkbVNoJe7pA7IkKmhjAwc9rcCxqfM
EQblmJfapmKqlprQSoBwBGqfZ7mh/u+1VBRx3gmAlNdN0zI/qW4cKJ2AVf1S
qqn8tQRcMztbQWb0gXimwsBhlBwZDf4jvJSpq+x4mZISQo6oI5OV8eNId2Ax
CFvLn1KdTZH8vbPzRpltN8rtuS/BcMLMEEARiUgbwk3FZhk1LovShyCJRAtq
FnpsZpFoJFrK3t3C2VYTo0gAk7VUjpeZz8SN6SJscRtNr6EnOP11YBk4CBIH
4XjBAkTQIbZX/EGmMSHZTozK1GGQWT5kP2PlD3jeCzL3sI6dlYO3dtdL9qqa
tX0xPQIY5LUg09qZTOpGhFrSBZcA0zLLlAVihvnV7CVjmukwAsuZV7KcUwME
es60Wd4p6jlKhpmmCC2e9UTH32IhhK663X0YEqQsqtF2WHtWhuwCa7+jI0TT
BoxR9yzoiDz/MnMKjDJHwCin/2k6cspfl2JZTz+0EaoXXIGebIuY3bF6ULOL
OLEwxbpEQ6XCcCjDWiLhHsv7We/NGgacEmkWrKj/zfoVq8YWdPed9feZ25DF
BnpkLtYi8uOIePHSiNOqgsCP2ng7xFaxI00GTaJ/BZEv+r7gc3J/yqA6uasz
GPbpZJHvMYLDEuy0kZj1HW0AOGd/ul4JSWOGlRLhJezaouvC6fAb/MK2vDM1
PJnIXV/qC09bSnJhns6E1MN62KIVmNhNq/MUvAvxAyArBk8Em3g+r6/ASBQF
azLwicKyujMcdnkpk/o/DjeBtQhkJB0r+iXY0MlFxB4EbRVm4DFTjYOqWu3z
KM3psqxbT8Z7QIJgmbf2XzwmVBXw/Z9IbGX3TJj7t3P/Y7aZ0FjY+oj5ioXQ
Nb1aC+eSy9Moa6ilbiUE9BU22XZpCneWEAHS4sQk8oqvshWeAwoXi1iNshUu
I0CoQgAJpvgH6DHi7UUnR2dgvebKd2YsZX+Aw7TodgPjhHm5C5CvAYS1OcJ7
Wc+rJOZG3dQhOW/XcG8kJ9d0/OSXXxyxO+IvZuPnCerEsCZIhDw0KiBKg8VM
2xBomyftdoMb7bJeIeaVl83vA+dv1Ai0FsLacpdAOpmweNgFjAtjO2JESqAj
R/t9cpQ0Ur1PkCTv3yNH12V73/qVCaELygLk06RIpYOVYivZy1Fk4A0WsEpz
ykRH1JQJl2wrFcexYDgQjGf9K5+s0AEIjlkRnQmhOzbRp1oDsU6uCp2JQIZ2
4g5H5r07JOCm/BGtrOHIrUl/38W4G2FgDKHraem3pNDY0+ZyyiK6ZsogNJCE
TsM+kE0YbRU17lDcbFNXRJ+WXPzfoKzaz1MT+4VRDFMI27t7FEPxEMWg9ble
HoyWaLi0XoF9pimd/ZbfQFdkWqvJrEufqXjRBLGDeemYcYgifhFaC55H56te
6bKPM36EH/n+yxfPkFq3f6lc31I92bJxqRmrjpn3gEIj4cZMUwom6EicaVLn
DrsIhJ5oxB3jLZzpHZNctaaqgAAONbL0YyMUP5ZmceVnbVa3bP6RPYZxXAxD
XLTNfIMNXRQp3rf1elT8k/ze++0VvLZC4caarO9dZk4rNgUksD8X3ywi8RkJ
ZZ8z67j1SCgt1ttCXZOIc/JNuSQnq0v9wXIouebs+P8+8j7qePx28tchpn7f
nlqsfC9OIMnu6jKYnyijjOPkheW8rP1dfuSazwo/cbY2Jkajn+j0NUQwuJmR
srtGspjDzO86n9UuA1mafLlt6JpOB90GEAkvDM0VdI9im4j6gMDTdjfryxen
uPVaIm0L3N908yWyZePFyLseKmo5F7T3o53E6Cv6JvJk5f0v9Lzo59D+jj+X
BQ2KSEhUMLluSnV6Vt8PGdvayOBIA1G1NabJsfjVf+mY35NwoSCXR5ciJeGj
c8mgM9WCdofKB8QSzSOuIl+UNoX9UkP04zfy3uNu5qRV2iWINuQOA/yGRMu4
1BE7/fbw7A97j+PzgtroBfkfOxMBiDO9YhNF0cxoNE732GC6HOpn2HayXkR3
98aQiopKogNZ4IC6m4R9NdSEunJC+bMsFcahOELc7s80TkIDOtIKgxBvYWAF
7W6wRAAvYRlppbCbaXiJ4dWbkFy9LePXdKsykQmbMY5jLNkCWwGFAiERzFU1
r25L8vpNEgkXIToO2McjO0daWUoYT2N0VDFAZHIlUXw4U/ajpeEJlb42UqOV
RkA2IFfQFIfAoyOLlq2zgKTAwGSoqSCQYLeVnLvwBzXkV2Wc2k5dSaxgsPCN
EHG6k3iT9X+q20pxzf6sxzAZw7safKyyx0s/NA7fh7SLU4ZBAevr9CdukU2C
0/Mp7uZk/rdVc2AXWebe0mwOmbtAqUn/DkzRCFSmyHnzgd+bKcKB76cVcSCo
a2z9egWwYmR3tbiyDHUPrDDYqbPGi7mT5tRpAJJwkoyX4cBapJ7rvta+Sanj
r2xR4kyLkt5K4YAeTYP+juqF24cVDKOFCB9HDIXaGUjaQ6RWIhJ6vuEaem4R
owbwOuD1Ex8iUI1+TgSoSCNAzvZ27A0AcRrnQnrZZII/7gFe3UHs1T3bFu5x
1qlzPU4dijtHi3FgqLfUzfM7cLFL+2GGkSb4d/XTElyDYdzca7BOewbh7qhv
sH0mQ9K8FkSbecfWMNFy7wR0F2zRyUKWFGOfoI3KKXG02z1pwA18IFBbQTG3
LbSFy9KIsNVlrhiUc+h6fUXbd05k7csVIMumpPiJUN6l0JoOqLoTcvncoFi0
Hfhw79sPz7L7gW4y3LudeI9uCDoi1MBPm36GYEon6PapESbzde+pZPDu3u3+
3H7eSu6KNjx/j5LhJaN3ndHzG+MliGLDLksiitkpUA4ddVB01YGTnYZq4Y7T
3MRmkoWrJd1OW/X3f7VUJZG9EmkcvZpA3txa+9zO0o6mSOypw9ciNNMNAcv7
pVvi1gRIsuj3CPWLnlWPxLrDrB8kWuxJt9WeBL1W3WNLumBLRo45QsCmXsaz
ILAsr3ef8+o111l9Ja4bujSJmxO5pwkFagkXyzu2+v73lQYURffFyds+kN3/
TY1tAYBV5Td4W/Bt++jJ34fOUvfpi5faENLgckxnqtT6Rh4KhqZFAdhhKmRp
80VmYeiN07reE31/e7amQjCjdJiODOqkM20oHLAEpZGc+qnzU9aHVPR/ZfvO
0bVi7fVFGeTvdgmVMo0vW82PvEa4s5ceBTLiWK62rvQ9SmLvsQAPzfrac4zU
Ef9bWNxsdRN2gPY7nGzdADtquWlMrA4VJSsv87cPJq6tluWKTl0dBQBhN4tp
1E9cAtX24WyOuCaloKrMwWCe+7FsQ2RyPMyt9ScopP4oYU5N+WGwqgEVtSXC
WCEJc6qnViI198QnwxR857VMTov0NjFYeY8rn+fplyHMT9OdWax4q84qQmRb
6SIan7TeyWkdpfN6HjOKeP+REx2xVeLmSrie2tWhU0rAJe1Ox76sUWvejZVA
hnGgnVIhJMJmA0iT+/JLnFp+9oAMkpz4IN9ICcduhrsAqNFFAyAKGNvhBN2M
qwq/uI67RCTtCZHcgCmufxOTOi8c92mY/X7pYFNkm3iI/btNOtSi6RePRePy
3D4cdWPz5HNMcS8HxteYWK3VOycHesJi1EgcSMgWAdFgzBTYe3x6YXHGHRWF
SSoYgy2dkyzfyiCn5rxFBQ2l3nmXMDY4cqFivvhkbtIQ3bhyqs+a+azzCqSg
z99FAe7DCQ3fjj0KcE/5Ar8SP+zzmMOv+LZc2Zy98YDGn58vlyGU65lZCT1/
2PjViasVorDR78csJybTc6LBRE+jJL6C7rQgBkqRjVQjQ6VJo74v5NbNWsJj
RAGTfrrGNlbHH0ZFNwJ9Oxp3G+nY7dTdRk+U8S7aFEV+UzBJtoRdk+y6LRt6
WEp/DUhA7lM3qC8hJDkMXfnIvF1Ao7JqV8NCDCLEYl/D0N9cRnbzKwMPz739
IzV7JlxBCRj3UfHX8dPHjx1bbL2vSb+6kyg1spBvWpKamNtX6Gms6K7R9sKg
GJGUQz0RtGvT4PEIe1lKE6S4XXLNhXlQ0YdNY6yulbj8QJBCXqtOvVR6H9Xl
dWF1m3zs/a5nt7HUtOq2yyDrTRqXeR/4q4rbn00os5iAFE1bsNp/zmvjsuav
9IZg6kRE7kHGupsgwZOfPThriX4gmUBggypXC3TmFtDDz0tzyL5j1B7bNkUB
lrB8F+QGSvx7KOssFg4iUl0WkSpVlqb2wNjrs3rGhMbeOLhcNTfOWP2gz/yI
qKUiuDHpdCdtZjDgBLhQv88lZARRzwq8LbwZTtRyFrUc5gTL4fvvWj303393
j+Q/iyUfhbblt8Hd5DOj3MKDh5mj3j1Eq/Ud9f6hfeKdcRHM3obK4UNbhd9r
xTxX9dvj10stqxxZyicg1BfQPcCZWnzvS661ObS4n2gV1tialbUt0iswmQeq
WkeqVm5sa9H4wbufAkNZRQWBIm0QsLNwk0yfSJ4JO49QXMwT9r1JXMqJkSKL
IkYDfx14FaZ3/Cun2Tcu6g40Rf6wKrFgdtnYAsjSDIwqdRLYDRnEEoqUTCfI
0BqoT0CRlsIXhG+Gk97h/Fp3gup7pd9hF4lUPVBOXtwnJ+ywcPE1xHsr7PQb
Td26cQHVj/U0MC5qmp4ChLJHW2Yp0y1Bql1QFKYlay6OgwR3RZEja7ConBwa
h6AbMQY202AJ2jn1tHL6z9fHXx+dne9Ovvv65P3x+TdvR8V/jsdj72oW6U/m
NABNKS8gDZnIHlW6LWDHVhLUTdsOayxeh5eLwdDRMNXmnoH1GyEeEBXHzk6m
GzBqDXdy/NowAkN86KbCFkV4PnVuapOiNvh7Wk8oDnIo7+h+gy0gx4Tv7PXZ
JDPInmKBA0Pm/fLJiz2ENm6wkp6jFPG818KpVc144PjCqFuMTOk32gHLaeWC
0uibbwJ9mQy3bPXsIPYjNM6pdYpLlywkWUC3/HYTe3ypH887n3Nrb0/Vm1Hq
OCdKIcUmMBOCdEwLLCDCGbKI2miGjTwCJyWi5GsTBLqTt7esXUr2FfBinYUY
HBLDal31EzQzhUJ80h5ChDJIa7XtG0SHQUhI3HptZFQvsoMdQQOO63LJ5Pqb
GbVw1lYf3l5TfQk9hYgnuqsI42kpreYLQN4YO5X0YjJpez3xiS5Rz6JQO6Ez
HJpSd7WGIE2UDcVlFPigLP6jWjW7UPrkp1ZU9DA1luSVLnojnHY67OjoKIok
WsbEZSNHVbGA391EcqSbk/Z0stIuA2cZG2OLbXzpR95/jmJeJjrWQBrO75bV
ZDHrbyRT80XpsfDV/zw6PC+OXx+9Oz9+c6wnFFxOD4t+Ju/+Vrw+enP87uh1
8dXfzENT/KE3zuiM+E9s7PRL8T/wv5Yf6p+KJ/ivveKgeFbsFU/9/3vuf+fQ
z3nbXvWSQSSfaVuOQetasS9NVtU6rt2JNFz5Vli0dFNirAmlonc+GAuldKm4
ulDUATZLW2MDU9txdbZZmc5kOMyx8hvQV38J00uTVez54+JPBA5bF3+mS95X
y/QSa4P9bG+giTk6aqPmX6FSkKmLEyfOhDTq1rEGCSQWjIaHKCemGGEpOjVt
MKv7D5tVxIhA+tNvn3DWhMPqIwZWJK/T7VXDS1BTgpkUElvAd9smd//+yYVL
Picdm7HQHtaISVyiUbFqSyO/yJh2Xe4/fQaK+/3Z5MiQ0Pilchr4KVeVEh9r
mCh08SU2A8p3IDMp2vTtBwR6jIqd49bC+Vi782RipeiZRen/XzvyRRBLhDY6
QkkCxZ9+eFOACd0KvY2EEkd6mZ/maqqQEH8Xus+tS2mzoMryCVRZomnEX4WV
IyNE3y6hZqIEgxLfp8IapukRPD90L7xfeg+2SW/wTVIJDtwpjyBzFKhSVKDb
WKIz3ZdUol13EbZJ9MH9En3wO0n0P+j6nypi7kzZ0YN/kln1J5+26oeT3aW+
QgnYXWV2ruqxS7ZG0fnBWYQJMIcDpaaYeQpsPtEGM2VfZs1pOnEPorBvrQwW
WA7vxHm2TBgxMNswFeMApUeKqKbhNoF7cr/AwSX9wkOr9D1DOTl3BvsytzZP
t60NHcIaCcMom8Hv2aBY/qh98UsnqWGti5SX/oCTgcpseJm80UZTWxXIw/ff
5T7t2cPFzpJYILgSk/Hvv9v2cc/uX6dnsR2RhAH9Gi1CJuiEFFdYzawCDfHA
JLDTVivsbdBIA49StWdDTzYtsgniXpv+YABe8ybIf6CjpGBsMcbwSV61crs+
eqWjKYymKPn+59sUY9c6juZGD5NTDUvkJuTF/faQ0odfA9U38DnaUAdZmeh3
MIhBjEml1pBwI96JenUXGbv08MGgquM8NzndkQZJBmERuqej4p8JxP01KCjB
UeB1r795BIERrPRoVvYppcS1P/ozYZda58np4Oh02LovH/uF6Uw/uBUDVSss
Nrv1bJi3kffySihnLE8W8pvg+bAbSw82Pqsa0jq9LooC0ddIUEf3z3iLSW5W
G45MjgowuUYtZTZ0seMBmeQk9DMlrC5C40Ej3jY1se2u6/WGjqT1upx+QM1O
8mvyd6dl2y6vV2WmmNRL8Mv7JZhjtUt9DoUHKE57Gdu9ECA0I6ZgNmi0KOMj
giSsNHG7RiOgTgp1k8Zei0aYyQNvEAzKzJXNOPl5Mcr+oqf/iCbjbcifSe62
yjP4FEndXEZiE+ckxGk/q4iFlvn4hmJRHDjJOsIIADxLmy0LIAjVEthltXol
PB4Z90F4Hb/mL2W9zhC00Ov2sq/bf/DrnoTXnUj76ZBAyr5yP/vKgwe/8ml4
5ZmeiN95M20De/C8vMrq/r28O4HMmcLilepbMnufPYHqlLm8YF1eSbShXjjD
on1jUPfXSrQL/4eQROpiy6CdPLPFrYVUlaPipmnXxdIUmhAx6PCVpI+I+pNO
bnIWwQAHAqa6va4CA1MxIM8Ay3a+P3/z4owqd1HtMQdnUTr7YeMhoEdjDDmW
RM3grx0nAqKBQNvkBC5Dg0IF27//nm096MNA8/syd3d6ozUNDm31fd7R3PsE
nyNm5th+cD5/QPBoq9WzDW+egLIyBykfLcwnQgZ19vO3mvWJ7avFTBibzpCV
jBzl8alRRRQxvwBOg5iX16KWYzAUGo0dmJYt9BSeffO4R4FaoZlVc8Yg+HOR
02mBDg2hE1RARfwr/tOm15TfIicEZpf8j6QKBD5jBL6vkkpmKFugJkXOuq0x
sMfq9egL48XMik2fr5STgwziMLwKQUUxf0IXlxgu7QHg/f8CyphGU7Yj8wYk
5h8xUKL84phqsEjC4cj9aqCeewBQj5Wd+TaBiUspQ3brf5Lbu7Z93blWkWEb
FDTqIXEBe9ebRps1d6uqFBrFJO9UbdUy38ThejXf9Qb9MRVqml+uWpjG76oF
jlZo1BODENjkWjpnbXjPYfuNXKjaBPZgNOkgtBgsTWMJF39ZoCXYXK3KpZcJ
44sM4vbSQFv3PCGtGzKjIbbsiULONDfhYYILgERz37tdGbK7MrPEZ5EUhBkv
R3Jk83lxC9zY3uNBePuVk/KSkGQXx202xgi6+qwfpb93nJAnmoY4xEjV6ub9
UU+DOGppMJavAmMYxSFj6v+5dtALMAYuAqDKI9N38pR/z1nbNrVEn+DDE1EI
oifiEJMVYuhOPz5aSBeoDS3zvwJJ/VG1mW+QR7/g3Ckv13ty6JHYsN/MePkA
M+MlB5e8UhB9IHrovhMjuY1TkQJG7T7Qde/ZdhhMTbWVPQu6RVh+JoDQsWMI
ifYQZc60K/Lr+K0de3MiuilKaPoHdPRANwYCT/5PL+kNNzYvzA7ZbVZX3hel
Al3oiTJrZoNnQ1x2byKvwWqVRpmDp3y7OrCt/1UBKdrBc/y/S/g3Dwfu3Nuj
r5zAyOCXOJYcLqkLSIq/LQj2P9T37dP3vZfR6TdK13lZQ+OZZyU1gpqCW+UV
HSMMVOxiILkri8sNpkAzZ5mypEjGJGqZEj0VnCLHNUtcwytJGoZC2o4wxCdi
fDhRZMFdzIYTRxJ+xL1huoyEt554by4v5pC1MczJIZy3Et0jGil6ZKR6ZZ8Z
Ltc6Sh7JAfiMsLVv39gyJxOWD/QAfqjVbZm2BiWL5fnDLRaG9vop4rlUMFSz
WSGQiFKt/hJN6ICLweNQaps4zI9BwMBpPUpM/Qlew2/woyR2PaZ0uIBz6TX0
1IO18JNyChTL76hRhYQ4pYdTK/A9wCpThRtLX/4JgQt4zQ31ylaYgFcA7EU+
Z4r7GwMChhvas1BmIOLsXhDeGxGqH8s7or74kCQSLqs1kCPBVGImAGw8eCl2
ElwHW4/voOMQUY3sJToq38AnEH8PsAQChT+EPIinhjZZs6hsS9No6be6WlvB
BPBmhptmgQifm7dNczqFP3DvO3H9SEh+umxhs+Ui9oOysiDQIeq1FNwfK118
TMpX5ysuaBj8ITIsfrrZKl4sAcRvTmCDCPr26G1xWC+9/EMzleym7k3MILRa
dKNJ+8Izp/pMtL7eTg53L0q4T8Lxpt0cASHhri6Tq7f3hKDIvIzcO0aIYaUA
3K1pHiIoD2kaMxgoEWV3rVx0IWEBbi1Nf7+tbsL8IKAwgHpNDqRloWHTPrxQ
mcricItp01EtQpKCiLDuHZgAV5EqfsuuOv/q9QNAUnxV50tz4t+djoxofqhu
4m2Ws338inUB2SS903V8e4QaN+EAeA/XPWT8IC2gB9nQvwsd5p1t0hg8npG6
kFECzy4o6LGpFlyYvzSb9XJjkq3w3iPT8/dys5hy5YS3PI7wiPZatX+tiedO
SpwzTfdojPOAc+208oMrtW0mpJDJoUU3PN1te+OntNs6aMt7C5f3H3fgliRn
n4hSPCKnFYdKD+ADR7gM1B6SGDmdTBC+12mhuP+UGlSgR2/0WeAAO4Lo+L1A
0v29voKMRBtCDwvoVwPmGaItvPF1C6gdfI1FskDTIVWfXSsTUbhIJg3Jlnl5
B4UA1bxGShr/OVrDndZt4Af1IUP50FhGZRT6k+NfwIEfNrME2yo2vtmdcXgP
7+uU3MEr3qyq6hx2SnxfVGthioN4ggMjARgefuNiTRpjRWkSTWtG6VPDoAZO
8awNb8DIWkdoOjNaW2gITcGQlgc5hCfR7pF5pk5HBKCXjceAe05q3wKdG9cS
g2vRt+Q0SMnY6ARwjAfwSlys75ZdKvi09Rpj6XeYdWhH+1FwnF2Ey5ucFGUr
+xKkXvoxQ2o6/wjMRCWUHzKi/jAt9gXCSaXqKVvt5crA0MjTZRYOyoIhjml+
g/XEcHRe+XXAjLwfyTLihWcCaYkvRkXj0p8Su2ky8Lheu6T4I3Ss4e5bUUWH
N1yGUoHnJ3YFM6r4/O5HsA8A5aPw1nL+EZqPwBMpBwjy5cILOH6E6pYXQyLD
cEr1NycI4GE0eJrLoOSTImxvmM/mfuzeTC9XdYMzatpV4hQ5begIq5k4D3EG
loULEkwLOPCwWwjFmoV2VXqYcdRR5TAomdAmSYgzO50PYTq28AhtZXYWDYU2
ND2o9xx6yIOkTu26mn6YXK7RaJc/IYQfFRI0uamgM1Ir9DXYUKqr/DqG+PeL
OfQxrhmAEFfymanShhBeNK68zGGatzYURAjxK4AKY+r/B1mGR8WHDfyv1QpP
pul01e1LJHoAJYe29cyJJVov/dOW8Bj4X6slP2bZS5SO/GiJCsKItEPdDTY1
HmI9g2B7WQeiJjGpxrRGhnsVdV94HhnZ03mJDepEz2GPPn5leBR4tRIMWnMf
7w3AZolmbzNf19446VRZCR2xQxtbihiCUmDQwapSvmBI4Quvll09RAP4GXfZ
GSeqWKWjt8VHhJ4lnzKuufLqxWsPmPb/sfN/zrza2BtDpCuVmb5V1vWhbnD4
AVJwKtMAYbmCmod23i9JJSzvweNvyreElifwEOLi5De4QoFSpAZMR+vufFnS
Z8FIs4KCqSzww4Dab5P4WanQ4FC7+yk6k13RJ3BUja3qQ2JyHFwid3FW/RTq
xgx9fWJZ5kfnB7G7xySnnBxDFd6AxWxKmf2SZ9ZYpnKkcDNcS8GYbhEBfywj
5AQWGWM+kL5bw82S+AyqKV55jA9BqIrjZ1jCHrZwgZFUYCoIXonVDbVpFfiK
rqEaTzxKzeD525b85Wqt8OnShivCvTCttG1sc1/mh4EvVF2uLThwtsMhQMYX
t7IMQQX6Fp5tP6I/I4397tGsXjerL4tTeBlMxU8qE35DS06R7Eag4gJMHh7J
B+MfkzbNZgwUBvVG520NzTIwFa3JVhshDzanMwyy3AmOiHCUX5lOLlYqW12Q
oDqlMae0TL+ur66LeVOqZUYGxRctduSuoElbc3k5R7OC/VoI+erzFNL/scna
zDVQWDUrZSYAn4uYfeGgARSKn5qo0V0yc3hmg97GvOoVGKvzO14CDtay4+1M
wRDHM3XIpkwNRG/bSldetqQbCnLde0VeLza827948oVf55zo9u9M7rsoEm1i
y6bJMiis8k5MWKam1QV8xR1azevueDdGzAjU3dEVnTdZcooO92EjoEPJz1Ag
zx7LYH7uwuyivgM5nV6DUMhB3aphcIle9Ky+rWebcu5yWr8teIdw7ltOgY7N
o9Zm2d5ebSUOPTufvD/fekVR/HzP32+3/f0MC1BW973CC8Hnv+UQxJ4PlP6r
cF8TRLD4027Pzz9tHcXUUMP2fMi9H3rP3/H+f+ob3p9/zoz8nzr3978l9xf7
u+T+AVk8Q/37rfxBOX+7909m6JnZkfISRULNXySX6/1oQM2JEVd+ci3k6C9y
RvMN98z/o+Jftv79nvsf+f/xDxhgGXoYaJie7v0Dc9Uj/M3WEWx7/yP+v8kD
6uXD7n+k/6UP6MoZyj9/n53aYfGDeZT8N648mx704qN3r2nhaeOrDc0/+Eu2
HYxUA0q8Z+Bdgf1/+H+iqx5898+Z3/bdnZmezG+3qIxBNIXsDh+nGZJQ9ivR
Iw6bQUnwYmXOB7AWrAkK6FCwXcP5Y9T+2bpaQg3szP8PPi7/Az3o+tTNJ/34
adgrcKveQM0WqPz9zPtgy9er8A9/2UHvBJofDvTgc5885AZvUm2wxnINptmC
I2r36GfzE7WHw+gfqn//gKeZq73Qh534J5yNZwV0iGqmGPyA/fG80OnhPeB/
+SLzMJgjcQ15jl4+ZMhTcxAKwV9gzH34p0duDlXdeTfHFXuPH3J39In+u/f2
MhfBfPEVPF97IC0fURPsHaSP8TO1l1v17kzt5Van+4W/0UzB7ksIFGSunj3k
ftktME3PM3/vitUeCIxsBrjtZXiMqFtX7OdWCiZLNTJO1n5uaTo//Dbz9NzG
7vs27w/5O3J7HGXgQ00HBH7c/pOiu/D7uRXtLvz+gyY8t/Ax6PtBT8ku+X5u
BTs/Zsn3c5u/u+T7sMRmyQ8eF5klP8itZXfJDx60dp0lP3iQkrZLfpDbr50l
Dwi6z3ebSg0SuTRq+3BPCH7OIAPyACm4z8rHa8jYYZ3ygBsSB8eaGdDpA/zX
4IFuMUDuczF6PwOcsEfT5SPvhz/ybvgj74I/ouAguvDRlehDp7d3Qnp977Ux
st9i5Lc9l2Vv5In9s6akHnpj5Od8yhvjG60N/Ek3doTgdx7q58wqCWTGOvzz
P+V8bhZdNQSS2Iw8/N6frSGI4htSZnmh6/ugX/lO/PHG9+cY/RpsFQCMxvUl
xe9Cw8XQnkMimRHRwj+ST+C/5ibvFcB2hL/yfz/IJ+Ajih96v0uA0xPlPyAa
Lb2Ve8z6+Ie/I0YxqLp7oPlATOqaSNF+ouwxJD9wYNL7xK0AI0PcCqqAJSei
41lkXAZrNZG1fL9Fn1pMadTzoWZTV5Z5GaAR5cMeIab1/VZrxwfJCJ11Qci0
BqFjDyRniOZci+6M3m+G/u4z+mA3Vyb0fsM1bOEl+yDJD8wmYj0LcVSM1Yq3
cWWwc38o3vpfl9guDZIfb0Py4w1jCNviP/+AcJBnUK/faPumNFlyqdc3m/U8
abdyQL1NVpWL8D+I2WEA3Vh6BjDkZlaVc865h0crJHznRsa9ozmICk4UumI+
t4ocVDRlIgH5gMMlMLrmToWLIqDQA4iynMMzdNzCnI5YLIgLXV7CiIFmlItL
qK6Mywp6ZokeSoBDaWesvCTU1W7krpuPwM81Cgm57Hz3Tmkxa5zQ2HJ1C5T1
AfqjvY54YXGUkhHrdst5+ssvDjBTzKkKNn25EB6AmnhRyPznOgeb+DurKpfr
FvY86v3JvA/asicImfZ3UbCqy88bta4k4pcpMjMgNzL2r9AC+OOoZWKEd3qG
/JP/8ndDSnGQ8GDA2d5MN/BhX7SWoMIPd4cLwHfG//Ij4seQVd5LxZQzWFIg
Xmv2aN0sKUsP839dexWyml7fYep40yKRurTwwiajbTW/3DUO786o0Cr7mGw8
yfBbuZTVFZaNnVCHveNibxohFsFQCoX+gV6LIIfIWQESdlN+qLi69gsQw3i8
sCaXG+xeqbuzluWcNVRfMsVYH+/o5P7b2s+CVy/A2nrhpWeHBJGaWkOfZ6zg
h2QqT5sfs//aq2q1XEHbaczsxd0SxmgbJmMJg6jb6AFYygY7HUaCgILMcJDV
CVOZxOS8ZUJKSE9fAxUBWZ/kzJlCaQbhIDKoWlX1gjObCY5DWaTL1epO8qQ6
au7iC78+OfnqkGlxk5rXfcBkE0ZQN0vooJRsFOoehYLQFoOS+PvJY4BfDanN
F05+vQbQ9GVF/R0WXGPMvamdaSDcIL7Cz1gz89v3omxr4VCJgqDvVFxH7p0W
yxPY/iTU+1vI+ZPxEzh/lIKYJZs5yZixrp6FNsFWOoElsrhu5mTlC1kE74Ro
wwz49f7/DDExDbl7Ug8qN5yvhpo0eIRL+CIG4euG9Ek8NOqGEY/K0UzC0MJt
xGFN4hvGEwYAWwDFkrvPQHWZfjdIFYvAWdTebLvaRE6dz9ebcSc1Up9vpLTB
CwQyNoO77S9OjlNBRXD9Y9IPF1Sri58eda+IoQr2roUxH1gIsVu9QFemlTaY
x6fF78iooYUBRAijloNcFE83lN/RxZn5RWKarwj+I1WAyGBp9sVIjxtvtvoD
mU54IKaUIwI6nThqaoIDlLHtYI5xR7je8egluJsfE3djWXF1rJP9iU0+pL0k
fwOszbGpPmCAcfIxtveQKbQaQEXDe6pqODoamgpYkeaosAH62zi7IQ1cGIsj
uCsRovtwnaClYNTMBvj/kzYjFlEtUP24WSYoDTISsZ24QLqGpACpHsAONADW
4iaH1Qo7dDIo7VKLvPg+OEKoN7fWczE6JsAEhWkfiz+qdKAYbzi+NAZUQJ1G
tIDAaEyNkHGbwpKYgSBPQ0x8I3bXmupUoTwhAsOr72MuTCjyRlpoS99iH3lk
XXraexb+Bd/AEHu1YEsAzxdU9QfK9rpEGtjKG17raFa5SzKQ4n30G5YLBf3N
dBZCx4NJoAc23SJC9fJ4bwgiyi/G4i5ltLUces2CjWTq6tRGaPwB88MaH4Vq
bIMqNnt7KDqi2+gx2VvPQttYae0aVB6cc7ARGFiFjZtYeSFBCkvvFN5ijZRX
ZlVn9MT0EVxh2veEcWZQIr47myUKw2qzWGCkmmGODMtmB6XzTFTUS0a5cYe6
k0W1+5dSG6/vKr7lzLv5N9WX6WQJ3bzfQ5mnt3gTenhtSyzB2Cwc8oyAc9O3
v2Jq1JZLEfyCQ0TIG7pMVaVXwiRu5utWIZ7gGHCjOXgsHPLdySsErGdIdvT0
6Vzegkk1Dei8HcyXz+oVl6ntsB4hDT9BWD9AsUYOV0SrbcrspIRPGeAmqASG
6mi6hurF6+ypgxiqWQE8AS1T/auVAZ3qDykKwmYzDhGf/kUbamW8vel/dUcW
JKpPL4Y3/glY196i3w1MXrhNk75/VEki5npkByk3DkaAxHuPvz6AO6jozM/w
a/S9keDly3w/VVvrAH4fLDRYzkjAWrbx5hrLEVTObvxd3sCHGIf6amETau1p
IDNaE9c0su6bcdwVcYSatzDI0hJFSareYHocqDA/BWwKTZsZq+D45nh0oE4r
qnzL3A8Hn5100oqdFtTelo6eqq81OiN+bbUgMl6vHTJvZcssVoTGU1VBh/ub
xS4ChCUVwAor81jbliFR94TpX1dXwHUi7RpaCRehBbzA2TCcwWUgK0enWs+w
vq9aRN18onsTOmLh3pzEo4QyS7+F/Jnn7cCG2rfp4apE52M3SO4DH7K0PXVA
eeMX0XjM/uQOabCH4DXKhg5bHsl0Odi2IoYPbnoEBYyWARa7wAVO/hYL6mG7
s8uv52q8p7HDEsS4ylXd+qNhmDsQee25SFDa36VLk1GA0rO+GEynq6GUcV76
r74uvLc3806LNH4Nb4z+MBx3x4MKWcpHKyydSgoz7e6jB2BNQKsRP7k+No+w
QPzG2+uqjbgwMLKX1llR93sgNLhbatmpGdyoq1VkFWlb6qBYAZGhVd5WbbI3
oxki41C1kpP2y535lfcm84slVTil4RkDLMVHTv2KBJLLOYfc+zGMJeqSZuug
XEefmI4RuPm14ZbteK2TY+w/Q4ycU6/8jzY8B0XRpacRmzdeFpfD2GLeIh7u
fvEotouH2yoey1Q8zITlxWNAFfbKo8mVmvG6QiP6IEb0lS56eGbWkvK57Ny4
T9s6nbnZdmSa0YEz+nFVxxTXVdRKVza7d5SatsacDOk3CAABAXCZyueyXF9j
0QgGAskSzq5KMhGft3PRVUQtBZU1OLApmDHeDuJwjB5NzlS2G25X8skpMrLB
GEUiI1Fs1FsTybfD9xbJ90KqpP2SqmLOE+2JJq2w7ZXFjoCTdvKG3SsoFBNb
Hg5GlhRqtyipfAjiiBJSyZVqpNI/4quyraeHOMoSTVJluhyq2xP46dO4ALDx
TMbmc0ItIZfVW/rAyIS1s+cP36KzyliEs/S/qRbrzPbEwZnAtSN2nzhCGXUp
gDA4JhGSKDjzu4E7MJh4rQhXe8W+8IYWooBLCughPS9i/zK+BlkcVBgFCSWY
QK5DDmXlgRRL4kRt5NRi2D1Qf9K2RjNipbtsxLMIpss6RPZjo5W/iPAe5F9R
xSkLMr+344+h2sBmzGFUDkelLQnrxW0zv60oW0bWIk0Mx+29zwUpxjmwsF15
y+UG4vGwDDcQfzC5Ni+1Fxvpsxu36qAQGnJIcMhU97jYP3AurqUzIpbhqWsD
RxuU4NczDhlMmyVnOEPHTVo2MLgwWmGgLVuDx8jkNmGt7U3EURznlg2jQVpm
0EtDtv4mpzfx97am5NK7nF7Ml6gp/kiy0moIOgl6wRXb/EQE+jfNejeyAbyo
S0UmVSjSCw1/TCUmb0mxwhWrpxkOxCXMLY/8Cm8dBb4sGgIyV0AoZNL9PhOZ
TVcgBELsEN4f/fP3x++PXvvFp0lL8x/p5/9R41rsefLGZIqSUm4ammvke/Ak
KwKjkWQapfQ4euC6uarw4+lINp0nChNex1KPVgZu2n6hLagsTravi9a92tdB
jTilmNtQ/aTtxzfoZLnJjBYxaSU1FS4+LWHgEGRIWgcaZGB+gSlt/Ize2ccM
I881pDazh5izQT4TjPK75hvBE2D4W1gg7oqPlWRfCVXBKIokQmn0K8Y0wlfK
KWBRBOSlEO4Wgl5kHd9QnNk/nCI3uQ9oUe9deiUk8dputFQiHYE7S7wE0/IL
muC4i410CEN1uPgC0SHNRxzF0EQma2K7Cl/FyUL+7Fkfec2zkDf9Q3FC+/Ur
ELEfkv1qkqqdDYj51InNOpHi07QdM9BRSiy4Hc0lfjjvlrEDjk8vzNcNJQ69
vwP+9ZoDEAHg0plPMZnhZHKdNLVNJuv5SGPLJcDD2vPjNSGu37Npt+AExlFj
kGfa9iTp/TLmkyZDd55M8AueXnOI2OHBSod8SFGGvRzZo2unnFADaSLHYZ6h
HNzyGNl/N+WsMmZxVuC9A7ey/ttxR9wlMGp5CKXJjnIRDthBiZsCR7lem1Qw
1daFMZlx4Ou7Jaf4LqxPxAlzGhTkcWtvjvhZUsc2kBJxXxJNdkcmZH1pfWkK
EouaQl0ntBXLt1o74Li/VxaO8NLkFHU+IOK2IfKOn5b1Sp0eVtz59XelAbe8
Ct4ApxMD12OpagWTHxRGiLw5AkTBx4clalZov0pnsGm9mm5uWmw3LRnczjPW
kq6Wxwxj/xI+1IgZfoDj9hwqYR82QcQgdqJtZXA8uJ9jQxIzVjt2a9HM74Qc
wHCbrAbOTPdZsholwDQLaUIZ9wtqkQqq+3RBLWJBdR1BNZ0GQ0DmwyYEZAJG
y7V33nGbrnnEFML3/82duToS7/4AZwh2tH5XXTWYDvP/zXDM5790AJMA7GrF
LcT7FuY+yfxKq75m7g0KpwgKJcJgMjPy9gG43o4ZzsZ/AZ9fiLS5xTO/b9AO
jWUTtxmks9yhhVeGVuQG4KeBWICo5L0wf7iw4nI1Z6KZv8c8Rw8zoAaBdZPZ
iIaGeTHq5ObCMEmk9VPVg4Jv9gtZru2nmq8TC5EltX9wIXqfjq5eBzsTPoFA
qLZMoaI8k97BzUUkLoA8ysIT6UVX/oxi95NDjH01M9A/xTRg92GkiTLJJqJS
qmaW7ocIv7/Hb8DHP34sOSwvfiXYedj2RLId2vjOW7mrsui4nI7hSB1hZejT
ZUNhIYjnr+uLeq7Girw9QfSO3Q/J5NDXowcL88NTgAyA6XAKZO46WtxWc6/k
Zq/LdTlykFCYzK+wN1fgwfJSeHri/9+qvoVTidQZ9BjGSBmwplDTIvxDvvWL
7CqWIEMhFHP06vxIB06VNdoIdr9rW6WEMc0CLCz0SWKtjh8g4v/gMaEQr4Cy
yYupNDDpjDHeDxI9VHZL5ZzchOamsozQDgMKM6TrIPgFXoF3iGhjvsqhzZpz
OFn3WSujVi5x3oouKAi+WI2kMMU8jrjyxEJd0n2d0RKvirp/cDiRTscG/2xN
10r73P6RudzK86O2DCzR9N7NbjvLJQSHqma7q+Zk1dDVzmk4IxdoVq1XURhU
FGDQt2NGJeLtSF/55rDYf7r3GNspGg0QmYYc2tBrZzWx2EtXBXjlRXVd+rMI
4StpfQCtD1D3KTpuDeADec4GAqvITMlRtzWx75WsbUAHhuVxiO4B9KAXz7/I
9NXQOYGBf2EDU7xTu24/2d97/MsvZMKGM4EfDf/JX7FZURU0YCKQmZMDQoe4
oG1xXs4/MKWbTsoZnfLpxNHUHV96WxB5rEItXKILUitAouN2l3ltvPfy5cuR
U9myvFNZ0SqtVpP7I3XiygswZGxcyjKkxrJsdBmEoWn/plaDfafrvtOL6swL
zqxi1mWi1YL3p/SyoAjs7/wpAqEHwL0CMHPIdoCuQVvdlGANtqS4OHiL1RvT
66YhpqsZkNiFHhUxfy1cKo/vnSZ7j6RzHrQAMhkS6GCZ4UpY+BRz7sKFFnjY
kax9kqzsQXObPEcJGUVV3AJBBMmvw7kLol8uxFrhHGzPw+6f5YecWzJZZWuq
mvxc31YmPPScgkNgzJ9xHxxgAEeatzKqr3rxC6q4E1LM77AcEq6G+O2q8Tbw
yeXuKTlVaQz3Be9V9AWhv3MEAlZnddUwU1kMIiwmlMGkktd1I/grvQ9bZ2mu
g5EqyBso8Vnj/y1XNTaedopUjsstjhleTahH74TQNbZXcHMhxKPWG0vIp2PX
0YxM61aQU1C5BumN6Mkj1sx2HVa6aBwUfG7Uy0fHjv7WZTkFOxQTQDdl68+r
VQljGDOVK0gTPAnjXNN5Va7IcZA2SMXVpkROXUazzqHTa52AzqnPA+FkaDr6
Z6O0Xy+LdichXRs5TObMTPklIK7OlaKRAnzC5Dyy8t0WO/7ij+WKFo56WGMR
3mSJJEs/FRMQsr9/vakW1V27+RFCDE5SdjVx2M4BIETxSDo7+EHeiIalh2zB
okSc0a6eyd5MBQd+FxZul+O8+gBKfdULLcWsgYMP1yBGXTozyTSzHSE1kwhj
xYO+lSBUZi+Kunxdaew5DfK+IJ2H9ZNxn8BprAxg9j96dX2t+cE5drMjggTv
DY+lgj147iGZjNqHcagdedIot9+cEAeuRDb4jAUGzih4DnOYVDh6R2kOvaDo
KXw9iotfWkDESxw+wi9zcJRBoQjGgdylwxRW+38MQ57kdjOH5ZPW4NIkXexl
HnCjWON4xDGiVJ552TRz3NDIMU7XI3jblStvqK6AllO/i88QCAqppoE9jH03
7JAArDmZQ2736joUXtpUKMiwsrxSto69l5Y5vFEfOGKv1QwEZ3q0cIZnACM3
02mFKXBcFy85cGrCZLmQU+GmZXCw1lA3yDkUL8QlpLox6QirV99UPO9u2awV
4NxZA8LZ0e70C/lGhkXcrV7WAIZTr0MHE9mAq82cd1JqVYcWVUjzOvUTcLmZ
OyzqiFZIl2cnND/Z4RW6rco5UQJPvSgDWHBnOQe8BV5D1jiN3e8UjLpVkeYB
JAcEoHQZ5LNBuddYNor4C0PtzyzAFO3gvu9EjMvmPknpnRfuNeMTNIjCPTip
kQ5wJmPvHcJlF28xZTPKPTmUKBNEJ6JJEh5puO/1pzzqPTpm2VLf8f74xfgA
GrGPe/UdNCH5CeATUj7MJ0lX62FpGJIKI5QDxaGSW+NTn00JKtTG8PMSX+3/
v9FToYkCLCbVO4Z0FGi6Vd36c2Sg3XLdBhBRXiWuKVKB+jy8iWngdV+ERgYg
PIC1AMSPM1nm+R2GF/RYWjGsdeZ9NnzCl5B0PvqpWk1rLELerNmVa6s5aFJU
PgHIy8Xk9XQz97bC6cmpMy0Sx/Csk4WmzKBE5+Q0/B0tBwQ2llKAFM1q6FyB
T6IkSfiWEVdiXmPwSxsZ+SvmosXCOQSZ8HV8PpbMNS804SuGEPHk4mxiJei0
Wd4pKKleRWPkkg+k0qhm/Cja4en38CE8IZ04YWPhtbfy6mr3G39K+nMF80RH
HNNL5BFL6SZFewPwrnZzcbVqoACFHqedXpLnwRg1RkigHAeSBycuqKyylS7k
QC7vr4D5At1i07nlHRJbX6Ci9HPJDsfr3W86EARvdoHyrdfUFWMFUKkBZ1Fg
50MfDT1YLvDEvaRoND7NWtKCvA7fBtmhIDBYrys61BS1wIesbgKU1YuRQv2o
3BoY9FGNo6N0kYF1GxWEEI9oXE74yyF6RBWetvDWn1RHR/sjGbb/7y9aA396
4FfI6LH8jxpvKowC49JOjAqJLWPD6Ol1OOZHRPXpvcuWWAnEe15VLvR7LApo
V8opJVhqxSUIOhxWRtNfodOow36KagXH6AW6WDEn0p2H80lrJ1A6ELvBfvR+
1Etk8lCOivGdtBD8tgHwvQTjUYwYqdRlfDvjXciuitaICvlbb24EwMjREQDu
tn0PJu4wWqGOVEG1Izjh0KmU7oApBTMHzC8wgglFSMj6GsVi0XBiQUFtmlng
/pPUEwHU691QQNproWov3h8dnrx9e/Tu9dFrse4JawdmDrg44LN7sUpPNaxh
/c77v7vQsSYcPSEdqQg0Bu8V7DNRVeL0rhgsLwGthfpY+63R9MqhPdcXYJ+W
GdloYnBI/QN0xVzhO0P7KrPVWuKuV1AUFOssr1dAjDEq/BiKef0BDPsa28J4
x6OEzMTfqjUbmcIfwh41lEhmGiuGklitgKHYr3jZ8IuLalriIRZo+GPiESyu
QdoLpRFEqcRNPa9vajFcx+6NTYxzA5x6bRagjpCPIedVi83FMJnm0gy+xLM1
sYSgip1bEoi9Q4XW3R4kMNiwfgAl8mJ1tEhMRfP8fWLFiTrukVlw+PYszkQh
5f/TZ0/3f5SMsiYnm0vsEHDZjqW1cMuVb/OujGoacGQXs5UkYtL+r8E+sMbc
wI3OKKIW3hkqcc6/O+sg8rhrIVYBVi0bQByVtmYjQess3OCMMQNI3uMHKnHa
U5W6ZFM+o6PdK0D2L2j9QeISzo8IjwDvZdwml2zRF4FmFgnH9TjVtBpBCOFz
/cZcVNJ6B33cj6U/utDC3VDRPJVHggZSUpv2zpuaNxrIDWf5phXmm8gmRA6Z
GrECCGImhxFL7wk7AGVxN5ubsSBv1yuyttDO92rwHZVQjNAyOvVKuCXX4Ywq
pc+oUroPIfqCMLpJnoUAanrOLcAZZUS01T6ohrmSo14sIX5xTsYm5lsW5czv
UKxlaKvNrImLfPjpjTeMBqfv333dDi3mz8WBFHwdNWQlwCEgQNfreUU2v+6A
MfT/ER+esIZeKQCe4AYE2euSmiyEVSVQS/Rx/PstRkZ3Aq/DNX8w4gngbWCe
SDYWGjpBip3MzgoLM4LZQVWc4IesNutq168C+K74APBf4BkfryF2C4vfLkvI
H024XFzbTyz9StZTKrWNK2eE6OXwh6Pd/cePX+w+3nv27JdfXmHoCc51XDn/
CG/B7lYsPPEjuG9LO920Lenkv7+lwNnfIO5+Sgv/z+2Pgz/Q70/bf/bHG1ok
UlNHQSa/2GhoJc8HswOMbi/v63Hx9+Ozk0fHR4fF/uOnTw6+3H+899I/2f9y
jL/YhV8MR8Xf3x17h/bstHjx+PHuy8eT4n11O97zV8Lvx2enY//7f/W/X+3B
xV+dHReT4zNg5/1hf/zYX+b/dbDHPCukAqL4TcuKFdQ2TuvVxptQiK1nS8nP
Sklppl7OAWz+rQczNuOMxBYPK4ZSRnPiVPiLweGZF76hxH3a8pKiY9gzrDBY
Xd33qGXskCJwOey4eYtaERK11NsdI/N+m+C7pM51lDzY9X9n0hKIMZoyGCME
zJhIhRRKc3Hj992GH00QUco6+vFpYzqdRxwr+Ku7+isnpA6G5qJs+9dlxH6o
fJuOxOlIqGawskaFN3ZBSDEkxHRlDDmzTYvUJHNh5cUUIw/ZS9F1I8CqZO36
p9gcRzTF+kpIq2bsQIuFxIJzFCFzPPqJn1NyoBQ8AEfD2vUKxYIW0EuYPEux
C1tFHs9dNIFcSMHII9pR9K6swEYPpBGDcV+xqtV77TipqZ127tH3+WkWexGb
oyrlmmESCj4jsZHR3LaM4LSrJqj0QIdmY91svk3L080FLjgyMTKO1HvxQ5x3
CN1CUcjMYWIHbNo5xAi8NYEhqsHF0PAlPGCmEUjVQm6Uvzv3aW26nbc/fQSc
fyw2D5GZIpaZKp41ApnRsBQbaOIN5w+QAAwmOUof4icQW5sU+WDYVQrA+gZF
k8NRvfsGdchAXSUTRHtByqn6NSy1caTyLZQ2qDjoDEmLBovrjR9DRplJTtE4
qvRstLkz8wSLI45Sg5wzi6t5h4XSMqcci9fH5GARgaQg7jvcS6aABuZGaBuF
DbleZRbAdtmDI/R+uh33XAjp4GHofn0v/XCh57k6Dvc6B1gB8EYiKb17nzbv
28khUwNlXF2q1oPL/AgSDr097y4+EZhO0pR9MFTKzlHkclJ8CK42Hd4H0zXF
K+ItMWgBeShxfBjKB3SmMk1EUZJRH8yZLbD+D6Wasp4fqaDeKYlQ1fAUFKh4
WBCNA6m5IeJVTIlhlL1RdFPFkZo4TA9JFuIlNS7jJVPLhNBjZJaF2VUZdDgj
JmF6gQ0KqBifgm1sYmmz4AgwQKG4GynvaLGLbKhyLeO3SbqXpmIX5T9UmEq1
m/kgDXx03qvpIWJXk6Ayrgj67nNEB1rfFcMA+y8e/8g5BHXSF/Qf4F9twNWz
Q+bAMtmzcEJiKG9T+2XkwCci2YpyVi4h0wvR6Raw4EEiOUY+OH73evfwcLI/
DEuJ2Y/wvd45cczJQ4sA1X3AHEK+tubc5UnhQTixpqSQvXeigWOOsqp4s/m3
ui0/1LsnH8qbxv9p8OZkyFELr6WKv8sFP8JRWrrb0g9rocXwb07std80l15d
Lf7jR8r3SQ9H4rEtTQDFLJyQfyVfgELpdM5HFGgkgSCtrPSP6vFHIRiimygX
QOFk8SkSE4Il/aAqb4uSYq15jufvBM9fUI2EKSQtKjGNLEbrBVXUTCTQswrl
qmy5SgyKzzg/F8CuTIXMKL8YsrzakBJxVrNQyRrlVVtWZu9OzkOdbLN7Ue1K
Pi42r1hZ2SjkZjEXeIty/3pfZN7c4esExIKRAQpW4zw78qU0/BBAUopoOzqi
b8aHtzENqRzdF3cOeo+ySX5DEXf4Ppqt1rtvAByBMG9FuzTqudn5mjL54E6q
wK5CVIyvgCWyPBUbHSNbtPMC9rg0fQ3kD+RlSid7fwqAJ2axUvAOGS3A4rgM
1ylzXSQnWv5ugvaJPR0btGwXC1gnNI8JFbbzuxGnGmicKVyNR0V8X8LOAYdV
s1lNK5eKsqBTYh4PcNtBnS7o4Js3UKjDpblo5IhT6ECd2l3ab8RK/5YyVMzF
W9gZO0OquTKUzHgQw4EtboU5+cL3OrXmOLApuVO+AvGnUnKbRF+5HP9MNtTR
t9+nGmLvsSm6kzK4LZg9rHOesVO64boLKX0mDGWKRXgCpbVMouc/cUWlj941
q64sVWu8cLi5hcefEgGIzTAlrvGcrqH8dOzOwKI2z64ZjHqHxPI18lUI2lYM
JrZ26dCgTBoUjcJ5KLwF6/JDtWBAFjYLRhHZJA00tfR53TijpGjkJu1pGA6o
A03fdDvJYvqVo2C7Gs42yH4OB+GyBEbbu+K75qqzyHtE9NyK10GlY5pEgXSJ
KvCI14X69EbMzV6V9b577t/NHsDeM8iKMCYAkL0E8qE6CYFkWjabDjKUCa41
dJHoU+1jjmHdk1PyPcEeVVrF0iTx/aJDPQ/6n5eVAHs63xe4Cw7P4XPEPGO9
1PjTqUF1nPYuljp8nMyAQ4MKuDJ8qxZhcZ0xjFYTQGwbNfDqJcyVPagQdgNQ
AxDLBoFkvEiKkLe8McSQHj8FCxqE6ITNU/5KDJuTqEOW8QPC0y6Zahczb5nl
MqEEpl7xd1W8f2CvipUezQ0MAg5C1GPF8eTdpAdJ/VJKIyWTzRWaZCVMzt6N
94BhZcN9BuD8/Z4vCBjW8b56pI9/+YVk5OT4dXH+1ev9YlDPdv0TdqnI7GD3
sTeHYXgrv1WhYi3gh3fO3h4H5Pcl1Rz8tXiLry+OhcZxtcP3rnAdmd6R7F0h
SLcDH2sjI//8XYmi6yN63gpfahmaz++WgBAEt/WZd16f+v/3fPxkuEPs6dfr
9bL98tGjjx8/jr0BXY6b1dUj72P6swuLhB+1N7W82v73+Kfr9c38D+Y3u+kb
OtgzP9HP91++9BsfSmakAj+EfiGN3gAgxX/4CVOlQhDoLlzib6pmXzrot/La
C5LfwF/CYu3xbwJPp5/d3Xq9+211c6juDcwKXvi+YoLvL9HT+qv/+ZGQgPBK
EIA9yAs/eex148HTgwP/Oc/8lz1Llx8gcguyM7DrwAze9xUc9m/LqQgHpohy
z9N7zRMZQIdS2MpDTzlQpE9GjMNs9/U3+hs8oMCAAt9cjLSVfCaqZZx/qKWA
4zaqN6IWHboNINb268QikGmBSvr8TRIwpCtv7JdTgSrFHxbhWeAcLCYxZRno
jPRXv1j2z5CPVWXyEXnLEMy4+FAcliuvFv0wJ7PyxqtbaOwF6uuN9+Wr+Xzk
zpubuvgWAgA0nefVqvGftvCCzrEM7TpkXhmtAoMXADzTrD6APxHwlH4IEHWB
irHqY5Ubb7hbM1mXVTWDcha2q9m3lOM9nThS/+UKQ4QbNOI4VPq194y9kfGm
mqET8ZboWTG0fDTbGGLU9xUnRGsFryM/1z9vGsiGYSR5hXGjK6iNEA9579m3
x2f7j/228Dof2i/CoGEZ3yPko1VYxymSmk3RwHk/0ZOgVD5suhzP4n/zG0t0
69LcR04s40Fbf/Cs0Z1zJKraeohJJQiICl7BJVoILVuDcK2y5ntD9KpcsGmK
3EBFICDQB8joLFOUFvmNkXvJn9PerZh9JCZ+b1JSmotC01yshJaA7XyEfSKk
2wbTwQXeX0b1KBcu0KKQp0uM3+8tSTBEJYpogNqvLelpNCCWhkDehsYUxH8I
/kk+1BDRqGfEO2Hpvvx98B2KSp2WSwlRBcPFxY2RX1HVyEiGzUEJZp6+K1g/
iD+Erz6nS4WnRcCLRObBkUMDm1IDHWPs3kiDTyHasTB4rwSbKRE9oy6q1yPK
4mh9UQQHpW5r5uUz3nfCO2HTd2K0gj/QtMhcZJtxJXIWyXu5utoEKpFY4h1g
rVd5kdMMxg1Y4lMoU9JSEC6ApKTjOm2Wxc57EcsQJYwaaTeQtMJqOrLr7x8Y
o9BPinhYuAPSvh3hRRQwvIABgL1IsnYkFXHo9zLhXI04fDt5jCBR2IeG6pCX
MRTRmNZLWP0CYWNCWiMgFN4IL+EZvKhwA7AgWgNvWTUQvBHvFJuq7yBKatV4
7bCD1WhtZB0rnTK8fHl91yrm8KZhP0Q2e2hiAgN6I5yBBt7dSpgSd4KQt2By
gYaLn+efZ8i3Yf1D7yGB9fuJmzGFqBJMcMEhCZl/iBdLXGpA3EhnEtnyBMIP
KYoJrNsbTkCJQCt9DxNwNze43bgr8e662ZUGxdZ9gf5D07vpvLKBSIxa23wU
vPW7+up6/bGC/43W8il3zTINzMj9AP3xPeWS3wc1caroSjmBLjCO2tUkBdPt
T5uVP3MRlCZE+RoOV9RdO3KBI5fCcgn7+CiiiDPy66++YAXqCNzM/DVeWBde
nqC8gmuFTJXPpMvtBJ7h628eeTuhPzfGjLjyidAuWUgEDfEMb7xMwZTWbAiK
BOtCvJMinCYup5KpDZ3QI/iXwha2RGfxVLmwhZkcjoseIzYmTojwSb6w3Ocu
oCF5e+u+l2qrkGaKSzEgEdAAl5orcR2QJlJ7oQgXm3S+UU6yCMAr9bWrKm3O
cCndGCKqqAj0PsXEzIzkbXrtOgxUn98bxXk3aCQLZ7ip0AwwcuDul4OB0LcC
8y9GXnVPkPngeroNDkE53i8j6CRtAzOxEWirqIUeyXwdLGOnt4KsDxtJbHeE
MYHJneJpwYdt4eEb8ok6fFwwjztZFPcOqAYRU67zwn2uOCXBSgzqcYUMxV6H
Coc/1nCHhxVeESllQwk+ll8mkQgE49OUOZmMAQQoh1Z6ZUK4jIuLErE3hxVd
+ZJXtPw0biA/QZ5noarqJB5M86zQjOM4J0MpVUaoG4OiBVlX+Z6MCMh05cHz
OBknp+fHJ+8m3xmhRpZrCp9B7RevZ5Tlw0S9Fgw5MUYhtMCNEDaWH9qW5h2M
916OIUjC3JRI2YTRuLgRExzX60LZCjFbGN0QIHlzjHwUEZcOeN/feDuA8n7w
GMOTYR4MZSfHCwNUHrHZp5B3wBsHS6GHQVOA8GK2mzFe4yjI1M6GfoWhH5jG
IVQLsQXQZXRLFH4OrbjI6kvMR9FYzSoXmceSPEpFDTlfRI232j4JKTiFHnHR
sV5Anlo2ZHCjjKkwLwb8Gwwm8XfWae3pxd0azWR0RPiXwkqBC6rP5T/+IPts
+4PBLYFHy7T7h9Od/FC2ym4aYVXUko66jVvMYmqwiCsCTDELkoP6Leg96GoF
oakpeWfH1MYNVIjmSuP9b2d6EO0dqFLcunuGdsuEdKfyyiOEuxDutrhzGafc
yA9uJRwnfIYXKLs4iuG9wxgLQ1X3O2MeY/Ol3a1rE71228KkRxs3fKj14nsG
Hzy47Ks6OgL3ZkQuoYnmwowhsHJxO2Yws0zdoFRXp5TOCZuZkK9KCXrMtreI
ublcoUlXbRHoj9J/I6Nlh1qwNsuQWi6xSh8/mF6AsrAmJ7Lm87Eiu8Trt2Po
6sT9WjHuFe3hso2kwD+KYq0vXzyFWDc9Cuf8m1o2LT0l2rFefUPMQzsZoDmp
YdFiQLoGt63RNtDEAA740APYSBKmPYeMI69bqpfA01dJyo3ehbWdrqNNl1i6
GReHlCRtKlYqaRyEavk5uXdxF2RjqFGanO8knEBtCk/rMV/BeX9Qc7+RiEu/
tuFgDvVuAUVlq6lp0xAC4Vu/t2hBeduGLQPHcdTGAVdZSDGx0hpV6k295gPL
iFuzChKjnIxvmpVh5ooqCvsOKAYuKJfj/t7gQHY+0TjmN7ygiOUUMo9UtjlT
Qia0dNG+8AJbT6tI0sFWiNNCsi5oIABl2nUluAimf4SqV36+fDqZDKgjIFiM
RZcRf2Qy/OhI5OwqMoQLJ6yEOem8x/oPqnIKbu9luru8PT6HUvFaE9NQpr3b
IHnN7sca42kdTksT86d8Iw6yDKPkWdOUl/eX/eYpWUQuy1siRtFve039fL9X
ooZgBXc4Y/oFnive2V5KOsxilpsTlNbm7OJ+EP8ZGnkm3Q20cJc5RhR8mTf7
DS0Y6LFiEPRAVHeK45LUAjbvoVLlTbvVokCold/hQ/x43qkjORXNTpDuUbmH
BOhWp13c4soxT0vOWZXzTa0vpjGmUkJr1JJ733UXNQaPtMiQEuNTNsQuODhs
aRY6dkZ3cLJ+I+U7ZEInItUve6NKhW3b4uitse6Q1nqgxxdgFwTkln/LakZV
3PANkVvYE6TvTlzkDYydNkOI0LnRcKiAlEdaR65/mIe1AXnaDp0KR7M7iRpD
fyyhnV3lZN8QOqjnBEVq74ESkcMToejZWa1Lzp2ZveBt9MyVi4QtlOhEHhPU
wehfMMJtQrLB+CfKu5iYRcJvLYSxr+KSN4tyQ+iyrFV2OwSW3lsFUrludJKX
i5Q459bgflqHWZN2a2yEg77zvos7aVQRSIZ6NYULxWHCt8ZfHhen5j6Zu0s1
MRu+krRLXD3uWm1GQZ1oIr54TdjMtLnU9r2E4aC+p0s0sctIXwqfHvUmRjDc
2xBaN+UYWBZSDCT+N5S4+FQwOqUgbqTPXuhAJFUl/FLIrNp21oj0E4sj4vYG
F7NZ3SAfQVK1PDAFG8+8L6gGFP9uCiAHBD38Cf89w94T0w0qlb4iiZbyCknf
Zho3lvZEeS1kcIOv9QLEbbgekHagUVSk3EjoQNodlSVhLfXMqxdsTwYfcNyc
BwY/mR4YIdCyElCUkydmyE4zJfY79TF+sk7jNYlXZNMGRRlCb/GsuTBr0nIP
+5tTjyE2MgTngdc9iltw+qsuoMNacsgTuRz8NRe+8b8OTP2Ih/yagc/vN/I1
x8CZ4k/LtW6Ac8R9yydH2MgpUW5Cm7a/4AmgwUDIkxy9mXz/3bnscPhM7K4D
o23YuA11ipAU51egNNwZLgb2ykNfJAkbheaJEKYEb1/8qBUqYOR7QR2GgfQy
B5ZEjKiMscVcNP46blOwYOcPcglvsT8QdCaMPw3DY/pxzIJGzE9+Ii+I6h+d
FjJs0bvQrVutUz/ZsKcOx2aSNZboJX463SCGHbPTGLFuFuoG8ERS1rGtgGEJ
c+c80VgbbEtWtN+elm8E1BGTGJgYqBkGizA+NHoVPXJS7HDidqf46/jp48fF
63foFwPMkyLlO+++/+673dfvdjgWTg2SS39hcPnJjfuPatXsUrV2ceYV6tG7
w6Pi5E3xngP6r0NZTzV7B3ljSKEDnPP10XvwChqiaEHLd1F8ceA9qC++iSa4
lH0Bt0ekkZRxwWWnxBlQKnDK0r9GI/ghpSp1shEPJRMmtOZYI6ivfwbAsHCA
fsSQ9g49aqp0WGRb+0fTpPIU4udi2B5uwWsjF/bwm5NjP2V0f4im8N3JRPCq
Fs1NTb2mLGk4fS7NiRnaiBLvTOFLjw1TQ4Pm/ovBoKQdHQXKJNBK7iiKuulr
ygUOEf19YaILWAtMrZKlGZf5MMj/31zUXkywdKtGTD3lRfykY/L1krf3SFLI
MBH+FYhFgN+1odvMzqxZ7yC9JKVNaNF3QAmfV/7whd3F6bwdVBPlIm7RSJ8h
aAz+J+8P+5RkeXbsDoAcMZDQEkyNoqGqCXjjYEQIFOVqRYgDxflLukmSE6Lc
NEFZ2e2GsBT8yOnq5u+PfxxPsXPLv49zn0x4RCpggy/GJ4e42mW98huAWr/8
OyRwWCgFZJ0YhTwFgOQ0xEnBdzaacwqFqITt/BP/wps7WrpcMoQqTqY0mn/h
UBx3yiZeKg3YlSRt0uC1e5uJAzP8hPrthJsATEYWu634aQ2iSY0/SvJKU0vv
ODUzyKX7J8AGo1yu/zXHfZhnkxQzsS/r4Yl/+wlydJMFhNhiA4IkkzO/6rXz
UNh4x0Yg1MimyMYa63uoQLicvoGcljovQ6nM0QrT74PZkVgd+1LI3KEqMQWq
tTm7hBOdcVsYxVrQPcDO0G8qj4ollNVXJMKwyhKPez7eE9x8PqIaUSU3EXVo
/quQJhQw/rzzpAQYun4EH08V3rJZ6j8cvuXk0rxDj+ch+YtSdpPSHTM4w1k6
KE4oSiqDdy4Xf0YNqoQ8inPvkR+mETpNOvop+fkNDvnngoJ5PxeH2KRhXfzs
fv5yF374/+j/9f/lfs6ZJP7mt2df/+vZ8df/Ovnua/8vLBSyDcZDvTqHMw0A
skBiVXitueVnPZh+Jk5Jr4KnWLkuhW3RG23cmWN1KIT2IgSqZ8AjIkcHicyc
Zvhe7UIl/NT5tXK8Vgn1oFmpYvtKhZ4AyrjKuohwsYdSXhSZFh1l6jUUu0P+
oeWM/EwIYnjjmbJfiLibNdltMgAMRxDLkUupuZnzEnsO3TC5ytAkGv66C5Ne
LzC62tN3MBBBXjcfscRG+jZBRAk4q27IagZTy0lfUkTISuUhRqe0k7EELkll
A0BxQdVEuCRYlHhKT5GMbdyI4FSImqGTD37W0LYtRZbIGCnEDUs5zEPzqnhc
dDBggv2XDS6IJ9hRE7GiDKaCLJ/pRksURXBQpHhqbKhBVtyyJDJ1Dfnge9T+
bCnGDzD/QP0mK6N914pOAENOA+5x7K174wrH8zXAVuNY0RnOsTN0hIeJhn3C
LTAHm4Xpgjm0pnkASxUDNEyG3fq20iGR6l/ExsUOerz7OM2acTSjLYct0uL3
evGp9P6koBGsBaGkPac3YhN6V1ob5AKpWqfzwEltO8HQOmrqAblb7ZyNpZUe
EdSb9E9Mdiobp4u7c5ifm9/tGhLOQBgwCFFCU/uLW5a/SttXUzdKxMyFliSh
7WQlPE8YyzOsWt1dnoEDRgNJe+UyYNC5WMYgpCid5YKORCaHBWfBY+7RQIWB
5ekUJwZVKr6xDRlJB17bjRNT+YwRzFGAd1muXYq81wR9z4rgYVNp621scL0n
ObeobW0HgkYda3UNyfZDkEC3V2HuoQEgR5YiSMSdtwPWKz80b0OyxndOXUEv
jH58/6//Kcqyvb1yUGJEDdb5mf0/fqrd7m/x479vzz+PjNkCYer72Tfu7v7Z
/28va/Ivf+XBlhFGP0y9jo9/8tCbZExLf9PT7BV/2t2FMS31X/7KZ+Z1cOfz
8CQ5y/1vX/R/o5749I0vP/Ebw0v2Hn/il7Le83fu9X8uX8Sfu7cf3iy3g0QJ
M1owcqCjgxyrIYmV7k/BEPkd5vjIA3UAz/rYDK1Hi35soKFSNBLtA3o8ZFSL
AXSGF+IJ7nDO9ykCyERIBPlHOQN4iNZ1h0asNLKAnUfIkwRqW1QAqvrAeQNW
ECrkFEVHUOFI68INRvPWbXR2v4l6q+NsojZPprQOnWxtiz4sK3cwlTz2RSNc
qTsfyxo88R0BMhFUq6tAwaSFaKjRRsIUXgdO9EqQhxhjipqVxc2jErInychz
mSVRy+LxIxP73d/wkpmNRlIPKfWqsfkqh7GQ5YqiJQ6v6nZeKtYSVilMY/AX
4+fcGFxZC5NmOs1C+Ua3ESsihjgCg74PFQxeF9FOIe8t+UFXzjmA+y4RbW1+
vIaH73GgLwhLUt6Y8hbgdAXhoaB72X5QY5KF3+Zl4hAE/4Cv5U8M8LXoJXhO
+9/c5/+xeI8KiYnhvZp8SVKlcBoFRJP5sUIQvlJ/K7VTmvaHj75GWmXBOTGj
Cd/c6SU2WDdX1LZDhTackEMrs2Fg7MXSI+OQxq4SBOHWGeEh7Z8G1TBIZc8D
kZIp/MffAeLFZVHMBKi9vzk+XRaKJ4w2NT2AOlMTS7Ai3H50PKXvoIguTGk0
+r39F8WAeJF3h0wOC665u/RO3zmQctkfcLyoRQzBYDFOlv6ADSjKWUwwlz1E
tH8l6XSj0vPXoylDgsZzf8mFgxGkwPQ6GgWPg1Ug3bj0tjzyMWLHlK7NSBYq
Hy92wDrWaBYhAAHd6j4S1IF4abEhUvUlh3BNVBodH7qR69NEPfNDhxT33bM3
8UlCN/DXh/KAUWBqQ7TlB84bKGPrbsTYOnQuCSzT913WP1WzUOEBMW1YCb7o
WDYRQ7opejurflIyTlahNqotENn4fR1RjMLw9JrICJBYt/F4eIOh+/ERKyEW
BAXF4La8cNksx+OxLqCCcEOO5NLSwflroOkyM8MDXhCmBdzSLZF4ChXnBNYG
WFjyMt4Gg2tsgy4mJOIGMyQrIGVKHvJ6fGCFbZhf0O734lwDMKCZt2Nqb1JR
M4w26FdrimFDTPENWS11/B75Nttwh3sG+T9+1thoUVCpcv1IfnAi7OZ6kMfA
iA5vHdMY9lIBTAQesC70Byvyhb76wdIOT8i9z3xoV+b5RR22On/8ANWw7YxZ
A62dSn64N9oCkkMSu4C6Mmgh7HXo042ocX4ErRUEDbCnFpMy4e47xREAQhiQ
6yy18Sf5ByDptiQ+FyEoa0LLBNxg8FC40yafvzo+L87O3x+/+1pzJOkoYOsi
xV54AvehIsYBZF9UKzROXyC8VnoihfuXhttjVV1xB0pcbaQM7PJej113scfR
Yhd/b0h3GTR9OIzu+Tl9f3L+r0fv0AD70Ync6B7hCB8AnL8l7SXn4gO9CTIX
/G+8pWFEHcvw/AXES1mG6EESzxlY3vloq4RdOlQGBEEPsp2G9hB1dxyUenN4
F7G40WryhcOkoVvv6/3jlUYhgFxlSKk2+Cxt+TmPSJWaMaLDT2Ra9OdJxCwn
H7vjXbB/CtKwfIB7wZ5S/PMQ9yJqTyH6j//vOcC089+FCG6vWsgAOpyE53SJ
Cn8bf4SLhbJuxkP9DD0B+9yMUH2HRv5v52YwGgQtkagKqg5lSL/C3EfvMrmz
dwD2PcjD2jOeX+FDLMWHWLJJ3uNCaHSm+slPH7sTpjAs86PNzkLdpf88xg5Q
iMhm+7i/lzH9QxKDTaaImNifBVOw972yb4QPjjAYA4Zli5X/yvGBOwVT314v
xj4KtzFU0QaxZWdwu8I54rEtZobFg/V9a48Fuj0+G4ZjR8MfJ3P2IMdAahy1
5ijlIaR5UOT5ImyVXhni4VA8SkbFUzKCdDvRZnLfK972X8LgOIQV/+xQ/W41
2xkVO8gDVc3+4lf4bTNrd/LyskC6zvw7sj+m9G/r8Kkj90z6usLztCwwCHj0
AP4mKtVPXxKPov8l7C1jORR0aup9Sf8X6izCnujOo42rdQbEbMpBOX4h2dv8
+5jXoptMgs+iVqaZH0kziy/FaergU4VqZj/Y7ZMWjTX/uphzPTvW/I2Q0N0+
0MRmoNsydgYHBZgqWNqzZYEIgWdzEOl4rMZoIXbJXpRXhs6RgtquEdhz+lSF
wIrukzXC3v/aGqFv+L+pRugs2W+gEcxs9YT0PlUdODbnOdSS/BElAZBqUckz
9gfKV15aPPGIbt/g7bYUk+hmotLPB++y32uT/RaeAJY/gjqzMt73DWwZgBcv
4JJS+c87rMrsP9ngNTselm+ZsRS4fSX3+JmuRxxf1TgF5Eo+OxMCabd7kiC/
zhBHo0uJHNpPNciL38kiX/5OPpXQlSC+hDW+vwsSTgxZMAjfXM5HuHE4iRHY
j46ODIhh7P4xc0N518Vk9jkzEBTNwXjvhT9lwM84NLCjgglVdpSGNZj2Ftml
cACCsHL2iECSkj85I1WdlI+E0PIlJUaRaxO3spopCLvWgHVEzY11MRVSAfx2
EYtoBvx9ghn4rRXGMq8wkgQOPhF1Bm1tWcVPUwgJQvO/RwHkh/L7bP0H7Mzs
LpHF/u3ECfCM9izi/HqCUXwqGMUHIBS7yETQIANGoDpibhl+BlTRGkSjVOk8
FKrozuWF0fUBsDjCCqR5w3XnHbCis2DFogtW1PqIsOrikyCh04wunzNP9Zoh
uUl9yMip7gzlmkTQLai4P0bbLxQmqmPzx6Q8IsGAd+tzB0Y8mNhGmIIDjgZG
qigFcUxGunFwBsltMyBQmbNXYdjfMs4Y9yv+A5gsk8hNVOMW4jcW7Y+P5MoT
b38jS9gy/NKwRORz5kbnU/UcRa78W8w1XL0tYfUtaNNiK7qx6E0vR8lUUypH
jlmz2CUGTjyhLZkBEpKbuiIMPwDf7K1fq1exEJBSwPKboBiAFIzzNU23psYx
/xwjn8HdoIYMPYri2a9XFOuG6RdwNAqQ9bLyCLt9WBstQiIh8H0tkBDHmWJA
sv5vXfMrdc3e+D5l46/4R9Q2OvDfUN34Z4q++bBBhfNhszS//y9WOVlYwaep
HFY4ZEF/usax+iaSg1+hcOhRq+rqcL2aFydzjDcez4zo4cwMOCxKPeOoqhCq
HhskNzQ4Ri3BB9vojhFCkNOPitvj5gqIRha1wkWRxM2PlSAPYdcQpJGya8x+
K3YNpg21GemkTPD354SQNsuWwOGPUWEli+0jzS0BC8TKa+aEITm9rhjs7X4s
wVv8o4Z2E1pQsmihU9kKGzjMpDbAxCXcd8ibB/2ipRYzXmLYZdT/DKeBCXMa
AZG4ZTqBZj7mNeKQCcE2MIR+xAZlmzt73cIYiyHxymb4mxJ+DBNZgz8dvv8u
/tVnEWWMo+N6RkwZx/aY0K0dikXvL36dUfFr/kH7+qCzan65e0YdHGxLu+RZ
VHIqNf6XxTXSV9m5CcS1rCV3gGpsl5pD7FBgBXLWsTevGGfAPyMtJM8REoWx
KAelqO0HocOGclqgQgcpWlXQfOsu5q15ghqRpIighLPQ3shxPIJR42tcmTDG
od9TP0Pfp+Ln4g13YNAC1FB3ioWnfsQQJ37nB/4zVNzbz7czRXWRIddpVL4c
yJtWaD61W2NlqmgGQBZ3da2FCLD7uW8fQNevVlI5s+gQOX30eqptoEBwiBWt
zXwWBi3RpMzES5MP3EuwNha6Yr7+BEt284sXPUPfFT/ITew8WvkahLoEpXUJ
LRGHxBbGs+p2sAuhn8MdSWzgys/nEm9KaPO48JkSL47RWZP5GkkxtIG03UoY
blvxJSPiRY2f8gHoJ0NluR1fxPBLAxwVFRgSUHggXbx5AoN9n+xJKlLUiZau
bXC8K6QLCLYJdm2oROLToVwsGi/adFrGTNFU3Y9Vq4aoBHrtIfcA2sZw1AWe
vKEYEGGNLJcT9Eqw5rit/yX+ODH2hIUgpoJy0w8bP1657cvPLxNnM+Rnibbr
//25QHlGq/Hngt43gLU4LP1K0EJwkHMoF0dbPwPM/dk2PvfKVPVRZ+d86s3R
/v3Um02Spedmy+/gF3aHE0E7cVJFCD7s73ivb7TCNFEaoH6I9sDbNrbLHvuw
jwT2lQg9Rr2SEh6scDXdeQ1DB9tXcqDDYBhmTMyWgueLvAwi9u2lLxtDp55H
hxOXOq1pd2BmvMVGWWLiC48me00O92bNA2EmPT8GTAei/PtxeQ3R2Zv12hLg
KilwaKs5GRkm40aaZ0irwJTuHRt3VVYilG8vsVF/zR6GSlKxx99A1fDnVWr+
TmWafokg+dIp1KQaTfhr8WklmlxByM99WIWm5PL8TdkKTSrOhL8WmdpMvIuC
yP4/3365JQOxpRbrvgRk2cbMO9FZyMmY0KwYWi/iBQlRkJW/bEjfxiKgKUOI
XHD2eXGXkNIYL7ecX43dWSainwkt0OOkMWtf7CGiM2kuY+haeHMWKvgQpKBf
sFUxQAL9f5cDxhHtvnQpoJ/qZun3hnAs8VxgU0M+cjPOnv/IXH7i09IT6Sqo
oJ1uE7SHw3I7eW7IdmZBufdlgD5TXrIZoN9dYLJZJdzhJA1LlYbDiXfB1keL
aQ7oNehi80MRSPLjR2Ph+MORtANVdrXMj/SLoATzhbaZskcxhGJaC4e3sniJ
RE4BsMF2g/UAiFZ12iDxC3dib4fOgYfKiB5qw2u+PBl8NM5rIkxkfhhyn/LM
T6HS+JDIZjhxjVqKBtat3GqdX4zOuD5tYCFv/SjmqOkfpzwjDPbecZ5iItOL
5tndzY1sml8jOmd/e4uiU3yy7MCna2VE+MhoAaqfgIKrNYImcCVrnUnUDBOZ
YR6HLrHXeeQdC3ckHVcyP7lVg1hL8uhtAC6cF+bepySQf0ao54SYw+FEnwRG
8DgguBNAk91H3oLfENMxD5FdwACDxuyM2N41G3PFYNFEJfXaER3NTlkdLgsw
GR3qnYi/ZF+zhlJxsKdhsg83K+C8hmiYEZOeye7dDSmAy8/l8o6C6UpVAK9Q
Cld/3+VmPkdqJrFvvdQOf4tEfHp+fBIcLXGasM8K+ssPQKKNiwm6C1gOOCOu
vgiSh92pDUwA4rYJL1TqQWncNvakMC14uKpM1oIJJNJgsKFXWGPaxIsIwDOY
jscZ54pXkcl4uGafvR1coUx9I6Q4uq+cwshCkVUsjtKjIITtgBTjNAE+cq1S
D33N++iJyAIcgm3UZFqMEUn0DFjQ7jCfK60aOkQ2QyZpFWaswIkuTdjw9XbS
suQ5+gumZIgG5ooYhqxje8jIXNEdmyQDzkM4tC+Lqoi2OPMLPQwqIkmsDYvj
DKJaN+gs8GJ22ySlPV+cjeA+He9B6FvYn0JeRDKtqsiENoRTMNj4kKte4izw
/W5ovD75n0iEfg+XdDrtoQ4inxT+zv96sFMaKHWmn8IbJH7pdNpDHESOKfyd
/xV7pnAfqS3/3q3uwlZ/IVmWzyvpy4LoEn3wm3GRZOsHudPgJd+T9RCmdKxq
eWGkZfMeUNfn+TSmS0l75QsLf3dHSHEA/6VvzcIifwUxSrROW2lR0jMtT45i
6k8ScpTo/h/zCM1fw5HysAJHVEIPpEkJPCn3EaR02VGAA2Ep1sk2npT1dUil
uYdxpEQUGPmp47Axnz6O09fJoG/3sN/YAYNaD6Du/+T/6+5bl9vIkTX/8ylq
PRHb1FmSw4skS+6djZUl2q21ZSkk2d19OvyjTJakWlEko4qUrPHxA5zn2hdb
5A1IoFAkZfdl4rAnxiKrcEskEolE5pfvXr/9NTkfHp6enAzfHQ2PBEFXL9yw
NaUuMHsguwMgMmKEje8xtRZq1AzU6k6LXIekRg7RocidB+3zDbnrCsbh9YXv
cwWgXSLJ/Fuy0pn8bH62GZzexw3koIo512tCuFs0fRBa1geElU909mYTosSd
Ntiy+A3d94yWK3o/txgNKycLEXaRsjYCyaZsZ0FFl8/ilW7na6uhjKV6qdQc
L9IYY3B3w9tOV7M63eXWRi/na8EQC5XwRhVApjJ4HRZwNHjh8HkVKoxg4kdP
ZpsezVaexWqppXMHogGwLjDoxm2xGCUBa8cau8T1RDSY+XdpME/SM56kwTxJ
NyLFBQ9knhbyh+kvWln+Q/QXP1bhX0N/iTa7gc5RG5wF2+3KoIzvwUmwZW0k
iQ7EqO3H96kPmyIkhNoDn3y/VVP4FkXBHrdjU9yIRuU6f1xTEcU0oalPXvY1
zask+hbkNUEvpxf0XpJI9CqnR6BrQT9ctWWX/9TtShIXGwC14ZHeRuh6eHyU
VanRqMbvavYmz1S0Okxrpi82snXDtuO1evEmg+JEUJUxuYlWo4455ZgVAvZ5
kKVlo1Fp53cZeTSW+Cm1ht1q6FA7lOQEt6UbElkHrk9ikvFPljztZMBS3o3/
+ps3iqZ1mzeBxbdfYtY333uVMr8OxXv1WLxXlV9kYEN9vh4nXrTwmfOVBYVL
+abgHUSKHhuHB+0e+WxB8rpWJRMq6FJ8KdZC/KisnX0m5NhGzNlWoHwwsyGh
mzfFO3dLWvwFXToWheEMI98m5ORyA6G2lICTjq2YnwyjwTXgrUS6QscpRYGp
ryHJGPFXm19NzJrDYdQxWFyGPj1Sp/zUmZyhid3MNukauRmgW8sljM38NPyc
jcjDdOjyvybNy+Fwi+IcMOEMgOGcmeMd8tkFg+X6Jc4uTAnWpsxwyJVotjSq
IGV2NUewMJsoEIcNzNrh2xt0L2mmKOgbXkJf0z8vgCGNTbFNv+OCljAgv91r
qUaEC9DewDc9MAAgkM0ECwkDMdOmth8HbGgTmFpQelMNO2JNQ7dwi7o4A+CK
YlGJrGlgLBBSYINIIHEnC+OBGt+UJoFbxdcblXCgNdFAXpoEOVQ3maqRZ8oh
Tl97R3KzNPzJlOQgK33rOeWKGVDju9pGYvpt+yTU7qFmSRJmE6T+QUYyHDC6
mRVyrBwOfyiBh7f+7FjMhQu/x0nmnLOrEgmoMD+8JaFMxXod1CesUlH/CNgl
bqtbP4aBoQj+UNHAmhhQ4Y/fQkU2KJ+cO01w0uZV7BDGGq4IAZO4k1SxNJaO
NwDJLcVkkxYFR+rkRcWBcE1sqSQh9gJGc4zfyue/a6Tk38yh3Kh2DEFAO/2b
4Ql4V5O5BMOGXKyQNMohQhlkLz0obdI7nXYTrqcGyJSopFCyYFwydS6kKM1B
MYBeozEY+2Jv7lWomxpQJ3mJYS32tpuS2QJFbLc6lKIA+lHbOIpg3g7wLaup
IJrCI+YHJOBZL59eK1hu0sMrzP9i0wGqcAo7LMzrAYsOko8+zLjnkETQwd63
kMGNCvhwQ0gVoh9x91y0lB6WPHzALKCaih1wviXofIqPMDu7fs75Gqn3CCfL
9rvZ3ScUaJjwFUWQxdkb54X4iwWCgOGylAKCOPkrSXYwyRHkZGzVWG/A2DQm
MV7BHsG2DCvs5eyTiwqBOqGwWXSGppDQj7cBbNzilUkDLXDuXMnkwd0pBT0E
PcecCn6f8aDlRFPsxlVVUP+JTj+fj5o4pq0VpeElQ56tP+KudjnlpZqNxeWX
TzdXuKLs9zfZ3aGdDQaEpg+sQHDt4XsljbSGc6i1PncodDI3flecBC7MT7wu
dsp70Icn3B4nRvgghjFUMZyO0nm5ZKjoeA6ayCdO5nnN2bjmE87FRp/6Cdvo
Q2tRNhy3EPmCvPrxfLz5Kh0S7mgiHmWaiHvqKSw5s9+Cgpcr04ERbtdGTpXl
bYPS7zA9Rch7nnBGIeI8ncq8WZd6B5lLqiHmqkm1EyPO6l5v9NFD68UXQOTD
hzE71CdPqtDFCpNEizDf0/hTZT8WSWeFien7xkvSzh1bI+vdGNf3fxNLU83H
BYXB9EH6Q6NiTcxA4nLhf6L7oxhQKdMSLH+eCc1qrpcY2syOQ/b3+C5gqpMF
xbYDdwSTKOM6rchWzacaOZNwuGJsQYg3E4Sj2DHytLqjljZJVFWGpmHaLbJM
fXmR/M2s7Dbsqr3E1DLJ/vFDdatduc3+YDQso18Vt20js6+n/3g2ya4WYKNa
u2WD5cM6QddpWTFlBDZ26IjnsKYOrn/MTg+b+DruZHXgd93r6/cxkDuBSLWC
39/FnSamNnHtErdWYWjZR0B9jqetLB69rt1StY/9JVujDkRk+7dt+v5+tfGm
/3tvDzU7buTz/SI2voniTl79RGTjN+3qtbta/YZVXefRvSu2YYlC8O3i9hsE
rj8LdZIqIn9rp29judyvl8t/ljytFfEEnvjli+3r16/2JMdY7PliKTAAcBqH
N4nGVWMDmihUOCdlp8LxwEWkFJBZg0sLhmqBs30rtJYeH5HBSNCEdP4MRTWS
6xg+VMJ9/3h2l7qrWG1kG+dXCMy3WBGn29hg37Ouw+ha9fT5+q+1va06E8Q0
RnfGnfrKoH2gdpgVR9Ngh3mqHqzPhFlRzIqnCWoUOHzjrKGnn1SJvmt+Wsln
D8Vsen0syB3PsCrDY0+rpcY4sNHHsyDU6+4JETeR/Ql19zrjQHWvxYgDsNli
Rp6HqdiwX+XXmBuYIhMqMnewscz93rVcK1obfwNYiTmz98HFu07PKDRXeMsF
XntsJL4SHKmS14lOuMpwG+Ok3+32uY672XjJFyFfvpy/OtzZ7xmp3TAEkpfR
AGee7G/vdcH2htVzMbizSkcs2/k387444+0TKpitlqDv+D3VM7jbIiFug5Km
dKdxnwX9LGZ3DZu27ZWtf7vfM53jW1AE2NX4Xar/LRjaQzaZYAg5t4nwIiHO
V0fEajnt9MBx5pfDk7N2v9sfIGd/SfJy1uxtuYjFcXtWXKdTvnFsDrZMVePm
7hYlc51mC/M2FpXsp82dLXefXMK3+W3+ufkc6mybATe79D59a2MYX3/Q7vab
ly+P+lvJ18bR8NXxu2PAErtIhr+cvT0+PL5MLg9eXyQvXvyj8XL4+vhd4/jk
7PT88qLROFgQvFF2kS2+fG0lFxhqZX+Fn4bWWRO//XI5fHdhKm8lB5eX58cv
318OG6/OT0+An39pA8zJbIoxp4Ys3X0iy7dQRVMEa1lDFaEIPKBeAFF2nm+B
K0Q1QxoO9vj1u4PL9+fD9sHb16fnx5c/nZhR2T+x1aPj18OLS/0CqIDq65vh
r+2j4fnxhwMgOZHCtefu4f5kcmgmSWPdAeLsAXEO9XW1+vI2ByBFcLBsQUW3
czfNveFnSo38F85xr51JJ2AoPRjKkULrOpuZhggFicHP0KPa+9aCezbHE2qA
x3f/AgOUBNQ4wH2ZKwkIaCXV2MKWy8PwBm5NCAmRODkIhWghJjrkTGsl59k1
f7mA3NCmE4ym6ChyeH7yShHjzxd0xd2VaX4HabEDcg4eclCyIdSsQNcyPXz0
xR2DmW68tKg7AkcF4l2qMFL+N94MPnaCTBZu91Z3cdQen9wIwgHPIXhTXtIt
PTqqMdolx8eqpWZoJKi4TOLDi3av+1dw2qjsdXFmm7vAY23Ig6o3SiBNf39v
9yMppL39/QHvv+Wj2a0/46jNhoIbDRRfpNcIpHswwTt62LAnhhdttBLCjplj
HN1aIjocecLZKHys1syma1o2YtryDSkRyRRXryKgv1LvMshO0Ib7+6bZGZdl
c2/bDLwo03GZN3u9wc72PlBmVMLb8G97v7nP1MN2SiAUPwABE2U515O1DCca
MIReCcM1Gl7mFdiCwSsG/qaRHQI3zq6LdH6Tj3j1XiCJzKwFLPM9Qy7vjKhv
9gxbqcFbNYO2c9oyalaeGgXyhBsI+WnDkHf7u3sfJfEVrJw15EqMfsUwc6Wm
GWjhdhMmOpmfavbd/sCRfLe///EvEmG32V1tB5u97n6tUPMGSzlWniDWfjGf
j40fwbyW/GQ2yFlho7ZZgfXU6bLBpOrv9AylKXy2t7+3lxDTtaRUK4Gr991O
r7Nj/nve6Xb2k6ZTS7e46OmncgaxU2hXMdUmoJbX19Hb5XJrPk2tAHe7W9Jr
qP1pve7tRitLIHAFTzK258B7K0a/v1HPvbb6vfbenu07HIik73gcC/qOS7Da
8E53fcPBCM0uuskggTV7EYp1N2ixbrzcslvLT+Kw/Tr61ZPsm0dQ0/Mk4Gm7
xnSbg2qbcD7bnGxh8wNNOFrSq0f9zT2ItYvC45LwGBYiPcIzO4OLJ2MwQRja
nB4fYZbMBnn/E3wt+ECaHuo8IuZYmhz+dHp8ODRC+fNOd/9+YHZzgJLyjiaQ
ZP4r9QNsGTzihxvw2QQfvLYRpaZb7QcwCwvizSSzcIMYO7QAJIZinPxiVs0+
9dQiDz5TzT1rkct0KSXJu40AdMy7V0sM/PKcTxFoqYnuWUZEYwtQMpXDtBcc
0AIPxXGbYrjQfuM/nRWMDQ3QOfmUIA/1K1suK3peenlZHMo4FD7jDNYtsG6h
KzhpsgC2m6RFTqkCGZmCnMv40g+BEZHeYIsJEMPJrMKuq6DrQsBlapVkrF3g
LiBgjsAuKuQ6Ofi1xVlUyfWwBVNHFvPlQohP2KAOyhm0i2eQiR3ffBZ4s8FF
wLzIwTFvRrwHNjILOqQ3O6OlNl0Sdtzn0VBPE93AaGXDPTVjn/6AFMBabQbu
aXp1RSbfT48NgcPi24gtXEcx9tcWSueHj88EUS/5ghv7DQKRqPVqwUnomFeJ
ZjPPX5rf6KkXLQNJdOEM6X4TDHp62YuKgQy6tisXx/8+TJq9Tufk4Jet5PRV
MKaImVdqTr7qAZb+CCvVujexFI0zRpX5/XQWNnn87nL4eniOf38BwCtzdAE9
viXgV0ZFbkW6GvvwHgBK4dcWK4HVKFptWrBamKiXkngYiuHDWLTsBjUAl05B
/bPl+bznB8TC5HJtEPzjBcr609xu18TN6uDVpIl3Y2jfVmPAmKxJbpa7ulW0
AMx2VTwrlzncd4JcFaAsH9cLe0BoswsupPArlnMM1xhl+XyxFTAyBeoCe8bM
fMpS98XsIF+/rpzwCmEcfIGFhBc3byZS4AmueMOF3P7W/+hbmmqbDGN1fxts
WpKDyuhFi1NAMHuu84E/Rhjw+9v2x+T08HJ4CQgRx+9er6RNwJeqLp5kXzIi
91OYgdTgR+6uSN7SolTEnNKMS9skkI7kLm74t51NRxIGHP+2+wQaTKFcaUHV
BCYO70C061hLd9ASENLnlVmh8MQQXgz2fn/1/ah6qUqn1L6CXHYV5oTaQvEI
sog/PbqFF5MkYbsdfD0Mo/7tOe4br2LR1VWmxOr8DDXiW05BoZ8XDromZzWR
sSGwhqbCCkSSca+Bn2+WdyleaJXLOwZZhFLabQl7vLdi86qVCFAcrjIOpmwL
1ANcNT7Tn/vsMTY6e+qPDQ5UKaO43BmtjHMmrBonbaR2ElZvpO8vX+1dLAq5
G4d+Q6HM6FBjuvs0b7T3QMeCpQiHjAGaShqsPvhaOn3cGnRDRPUjI22JZlDi
knFHqlqhbV1B1KuYR7GKuVTRs1VIUL6tIVYFg8fB05HtRn9lN6KghVSD7cVg
ZS/CGlQn5r0u9QMEbRIzB7ewCjEwO8MZmkGpjtl8nI1GJOIgu/npUQZAMIc3
5sTCmLwtU4d5L8Hfsul1pkoWJOJUSeiiLcglvW5D7iq78lfQLpLzjYoz5WAZ
riCcV1w3X0jz+2ubPxeUXq8DhXSg18X91LzlAIxbdRWoLhSWe3qGBc+ze4eG
7UZgajh3yXp0BwrHwH0uHrZeLa6ZV7j3t57hvRXMi1A5hxgK57HuyBJg++Mq
1vXK6w5QgguowHCdwMOGQzAV6MQgycF0SjvIiApD8V1q3zyqEEAvHVW4cIWf
I/FiZX3iuYaLifTb8N7h+duasgDheqAyjtB6uc0hKBcK739Uwbd+BaawitzF
glOENodW+4bf3uE3prYq227TE4nvk53rjgbb76EC73DWvQ5LQqeg7JzL9rFs
DZfZZFB6hsWHxhQ2LDaEb5Gm22184jVrE+H+1mfmitHJn1x+g8XSZGKYFVo2
vHVG3yLMAU9gc9KMTWXnUHZXysqYk2hZHjLtnuroC/vby2NR+jCrFLlunUFk
+MqDeO0JXPZO01g+bp+lZfkwK8YvwbfxJB0lpy//z/DwMjk+Gr67PH51bI6q
0Iy9mPAvc7DqZZnSjc50gbc5A3MenZZTuHKwJ5Wyubu7BUEbXxtnL09M743O
vYifmst0EkKseaqvVeLIiTM5DuwgAIQh8aKT/A4yaiL8C9qzSnPstDqc6JWs
X0AKKYIE0+gmjBUA8boO1UDdZhjaZQVhGSKiJaLR5eUt1G7OImbnh3BogHuF
AMZ0sUhHtyXJgdnDVTjQ6HGx6u5Bp0ZLCVPo2KEanE6z9s9G95MkXKStLNjV
89CIE6Yv2yLcuYEypwNZ8js+QJ3+/CqhbH/mQD3+3UmPObiIfn8u7e8Mq29C
+8CxRh3XLd3Z8izmsQM/yvRwNlYw+g1adUc//SnrbdAF16uf1iy4P4AN0zgT
/oVER9OA0aXuLOHRc9R8V8RBhzy6xvTuKRtB0T9URu6aOQv6FZm02/HVejr6
bmA188WUBA3pyAZNuAx+jorYbEYbKB6w4ezkGSUq52wPlMgBEjkDlj2i8bG0
cho1BwV/nGJAlYOkbQudTFlqwfECElnS0G6zRwwoZ/dqMOLPl/bG6M3RK6nC
JWfFq6T0c363pHASv0LDn8nVSsb+k7jaYmUhiwhpiEME9CxYb82uI9njbJlc
zyA3YIo+L5DxEH+0cIekwvlQabamXrUmgB6CC6BrI/9vs0iFP9qolHZbYUhG
kO/TEnQ4BWMjYQwj3kYc+q8/wL7fLboSgcif3Ghu6BKlkUiySZlRiAe7WN8p
LfIhzRHqK6ThYEuZkhzmPSpZgGmBUSlgOXnMFoS2xBDy2fhHztcB90BcxQ1k
/cWOUb4OzD3xAnFKzTcEBccrJKuuMBgc05ADoWCtLRl7Z86apenY3wujiXoo
SuJHpTZS8YPe6Qw6/f6Phsk8Lympjim0BKPh5FHbbaxxfZI+mj5DXxBpCqGo
lgu6opR7wSK7TovxFk+inI9+TouppXVzeysw1vnQRmBmfOACaK5PdUpa58qT
3wFyGysN7g2jvzhjSHNnS5lO1YNqxTCtmEq1YPLdSkYSr/dJc3dLauRc8IK/
NYaLQJuM16aF1s5tUlLBPrNZLc0nywKTnwQnA7Pk4SI5R5zjDMPEIL4CKC6x
SJT69SF9/G/w6skM76PHmTUT2m0P7y3pJjm/+jverQgKJKlOn9JxAMfsS5Xl
FDJIXE/hhgeujJdTl+U5lqdHKpXD6E02uq0IGJesdYTPryjVNKdFcqin45xM
lhTbtyV1n0vQTExKqEsCMndCCobFgnpv+y5VBeiuvjTQF14PLAPK5ZVhKbBk
GxHL+FiMV/RohN8datvucqe0vgqfHsl9AdZfPnqUDjDLqA5sawYO8Lvgdh0B
lZeQ2CJdjG4csBUHjI+KHHdGaQC8415RtBA3sOPLuzG4z5XLT0wlCcHD2ByO
MyLxCT/AJjYrbICXWRpeXal9LAZ4y4UiViHWwYawSaZEe5KY8gVFmJ3DEPk2
48PPFC91Rgv0++N+PI/K8Kz4oaTx4emEy1HWJDOZafGY8HmCcdvvckwMAjNu
tuI7tHU091zdNvgGz1T4BogzKpV8Wi7EBYK0jsIOrGmmnybecvHZ6Vmw7Pb9
QcwjgNK0UqxRBAxSt0oraPa6fh1eCh1w62PJhdtYQaU9E0te3Nn6jHL7hNpG
Utpxiw3tkvrUOg0iwoWGMDXREFiEZZLkocIuBYkHhNp1QsUhFSc2P2hzzraR
xEUHoyQyXJKO/TxpgHwMZ0yAuk+V1OErLLnJa/YG3l7D/XBXXXh11pI8LDJC
UzutLckDRaDSZhc7sIGEWPu2T/zLiwPDzXiLXc6WxSgjjLZFEOG+nIqueIb8
RnXtxNfHGGplxpTqnHznG0PzSlCzDdhJwJu3pmYHLL+uYrNbwTboUaDZC5a0
OnFE0zyydISGPtllh8pNuZjNxpSNM0IvM7MXIZh0s7cXm1lBsls9rWAa0dLd
S6/Q7O3HaiZouYW8OXPVUmIf8KgND1OIbWh6vRCQT6i+r9Y/vWB96XhFLKeE
9clrZ0GFiQ3VXb2ZEUj6ZmoMZIDeX1XavLwM8nwwy9hJ/yB5I5r9vl+jZJQI
OhpyDdm9DY/QHvNPJ6b6gQbP8yRbduoKmK36Lr1ltRpkw1jpvbJDgRMDgw94
7yWpOyPSZv9+irxk+7EdP0nA3QSyJecEsn7VrDIsp8yS5BPm6mcd0dYfX8Vr
67+iarDoeDnHcJ6MFVKq2Gm4nr5h6xU03WyUEmqfrSZWThgBEXpL72hr1d3Q
TuwBiNvXW+ohXS4nFb8A307hY3UHerbnI3Z6+hJdQPHa2Xcuk2c/peVN1DBv
fhetGewmTzGwNZKajz+OkdIL4U66oidGS0HHPqQT+1RdN/A8yRu5h1cN95HI
UkfDc7qyt2dUO8NlNrlqM6Cqnm2LR6qkAfb+qINTH70+9qkK7n32Htk0dQpI
9/IDLEaV4xKWp58uFL65DsEKVYu5yeon+gWRiZkU3NKuHzRTw6k9x5JhQp8O
2hszidk6R+QZGyHhmxZdp6tc872W2VrGqbBBu12BWJWjYG52Q0faH/Fsb16b
sfJP59U2pQw2Z4ISKDRVJaCimhlt5ldcmGtDLAxqF8YuSKvIKndGT4RbAQI+
d3IY6O/a0mlQt/C8aphtaibGH3t4n2TFY7mcEBz8fI4WDurLNIOskNbmlzRN
7xB7I+XClCxi8tiW3PVje7uSHHS0P2/qzjJcVsx2Hr6shdG0Y+ugwB3Zoa4e
TaUy515qnTUc7rHhTwf5L8TQC+gqQSZuElZMqtDFPeQkXvvgmq5Rkx/nGc2F
6lg65eTcngXZ9pTcWsOeSiV0/0TItI4iyER2zhgnP1iGZBpqI/5+Wznk2xM5
hvkJuCRokOKiLRVyeQbLTZKgARLvfuCZds9SJJAltGZ6Qsr5UxonlJtSNphV
5zXjVCN2cmluD08ugt5bfCCug8CwLEaERTevsEKFCQAtnuoQE4dne+yb//iu
Ji4yOc4OHwbSUsoArqwdXz69n03urb3DgXSb2bbKmssBgX75jpuKkHXq5BiM
KZ9WLq39C1aRMCwokoqgSA6SJsYU4DqP5kNSjtiqSnrVHPQQ9BpQ8Tl2lbos
fgBb/taq/KsqOyv3SPZV6eBfvatysI9R6rL7GN3oFsGcxwliveHRR84Kvnuv
k64UCO08kGJK3Cg9MxscT8bvFHsg/r5BrhxP0dEZfL5KR/l7rJtEOE/3C+/6
8VizQNBmd/eiNLOoF7QhtDJB0DV+u+dvuhA44zogJzIdu60UxBpfa8oFN0Kb
9YSs0+SluBXR/OnjHRecPhxmojmM/BbMRDmvJO6JeV6HLrdGIE5m17OlBYYh
wAKoq71cXO1Ba9bVhMWflAVhzu9ieLE1/Ev0aO9jw4FiuM7XzP1pMZyO8KBC
n0P9m4TcoGS2iepoz1IwBREehQvSLHNdoj2Iwp0wH4acAjr2BoNR6tBmG0AY
GCp5DSI+J/vyzqw7fVAIxLC/Oalw4wAkR6pwKAryy3sLeDe6mYHVLmgF0tXG
tAN7rPGVBB1MRcQNcmuDpIik3PaOlt4ceX7Nmpdt/iOYL1/EcHSUjISnH5rW
ZF49M8l/6akxVA69bNfbFVZKmGn2cJFfq5UWnZnwmF7N6bR6L1l5irOflW3e
ksCASHvXZv/72wwFkuZozx+5omKYp0eUJRbf5L/rJJo81g1byBkrgSk21jkV
gDkLNx5k4TuOgcWoTswh/8mwSHhX0UGpRhuQd6PszMb2gobuHin8ChDS8ikX
LNHP5B2504UmZNrDRsVkOF0Uj3pkCtSKzu/wY7jPKOs1V+GKNYTsG/P3yijH
kN3JV8BX4EBHF3OBN+Os1twTs8OqWKEskaWqst1ArHZ0OqDV6nz4PaNxWmqX
6xdaCDQVCasREwHqjudvSwiVAd8RvkT3LttR4RavdOfiHXXBm6B3zbvsobKS
W6hnTcawq0hyItTSIKsTbOMiiaCCU0ywGqkAXw4qwEqDCmI9SOoqsD2gM1vg
gF9n8Qpfq+51jmQfGAezSsUWnSLBEpQKD+iCA5LE57PZ4jB9I14awpsYsg/j
lTM0+bVQJpbIlMENtG0raeFlBZw4o7XLDSEfKYKZD+3GXujApvtRYO3Wll8t
IgVlC6IdX2Z883tAW0AQhtuyN1vgRHKk8ixGXzQLKpTJMfEVLiAM3oaFY1OE
sxA19bH7MURapiUEJ054tbeSbDHq0GrSsRJVg7C/fPEOwff6xyKQ3brRiAVA
4GOdwlQdQ2W7sfxn8Qh1NF4LSgw/z1MIkqtFMGunk4W/haEHoP9b4l6+NhPp
F8df0GcQfmjRQZseFiVw5Nts6hVRv4Kmdi5fEVAN3BQqrq9sbIkPP8Koo/Di
smarRuOgOf9MJnwrYAs5LAUdq9cmkI8Lyu11JinGUYXm+Mup3b5tXWj7end6
KdY+OpyinmmUoQujFiTBR5DnKtY6sndLGKVoFBGfJumurWlN/GOUg8SaXvqH
ZoC6U6dB89JXBZTpBYRiowFk5hdCKjFloszpYDPZk9l/+h8N3MujvJv8h8+o
6rviOcJJadTV4TUPjX1JLn89G4ZrwnlcHyUvf12xoDi4pe5prf+2LZI8R/oG
5eCtVZMmMwbnJXszT/7w+gBHuCOoJpj/ISbL/UCWhjNSegjBPo3r6cUSYRWl
oIKQPvDbBlTp9Ygs0goSZFOAA7Af/HTw9u2mq0nT6fziwNHA8lUtHTzxVk8L
V5FPD/f7JjTp42nHa1F7Y8uK35wEZrDK6Zx2obiq0YK99AJde0iuw1fSFzyB
7oNbNWr0lqpM97TCpKpa8phAESxMnZAq1U965Sum687GpirCQPJdGCvJTHmR
SJOMoS7+K2NnxRQVF+oJ3vZUbrwuj3ds036xir5Zv0RzjvSLtBya04puPJ4r
Z3egZhxcFi8kwP/CBQh/1JcHpbTiYgf8eWdvMZ5zy2LwCEwqHEmbIBCvd+gH
L70wA4tE2pzCcsYfauNsqmWrfbvN7vyNOx75clITqNSOxL247DRwuDyxd5te
7MsovODRVmHZ+Z13IgeZiLuqzoDjxY6gVUrRJjIZEF43El+WxHNnCa97nwHQ
mhk8AvKHQCr1F8USo4O+VRSHZzvu8l1YPA9xkeQqgpWgXDSbowUgVcazwm0W
S6S0sO+JJDJkPn736rQN20P74N1R+8PB2/ek7eBPTsJDKsoAYiNyKsv5Hfg7
UnEnakD77/m4+eVC5Dw0Y7Srr+yhBTUKosfmNUIfInV++d/Swa+A4NkIX4i1
wFsbq2p4jsHE2lXIEb4ytReNLfRjliS1GPmZIcLeYhYmQm1ahDQbDuLh5tNF
NN4UgxYcBIOmnOFYhYNuvTAvEoCg2ZTBNpxClLS6AanZw/HtpPfVgg8eHqiC
DlsldmpXzYFoZ/MnIsyvbq7vmrsICkqLK88MG2M1xoQiq2Kq89l05PV9decH
rvNDv6Cl1p/ZeThFZhCJc/F4ByC2qzu/7Tp/FhTUlN+s6ZFTnvgqZ1XTO5rH
vIIe3ap2J1usXdPuQ+oZph6URcvrLgQsTRdgd6HPyu7uqu7agmo9SHcDa4tq
T/nwIt7m6vaeu/be+wV/Z7aKjlz3m69JMPAWHV1Xi46u6/gbv6TX8Sc0OV/X
ZK+uybnX5GZcbDZ0gH+Y3xQpeR6sblvJrnNdMhCV3nWjY+BvvXFUVWgo/c0v
HVUFgt8d4vzCs2+5eVTFI85j6vJRU10SKLBlch3VldA99kt6M45GTb3k6Z2f
03xBAWurW1HS8dAv6bUS2IJ1g4bfrhVI6LoGlUw89Uo6bgqNsXrTNVLirSHs
ZXpdxpe115iSaBeqpJZpoS1ZYZN5cj+4u13drpJsh1TSF6Nhu98l2ZLwdB7Z
Paj3ETOvlgq+cWDdGPeUVPBLepxTcxETdjFsfHVXR75tel1X99V0+CX9fThq
8a5SM2h8E6oqV4HVamI3pGqgkyb1ammFmtjoekIa5fcqn2Sb9K7nE5JLet37
XfkaPuGCDGZCer9mnMWEbB5v2RNi9TjVjmetJVAy2PF+13G6lqrj9Hq/dqSB
y/vKkQ68kVbF1O880qju6I90nZiqmorWDfLy5ZGnPgXlecxQoGquCDtYbb3m
tpvOpggwoc+pkJOjrre2sbW5QOybq1PvxPOBICkYCZ+JupKC2GXUE3ggCHlv
MfTRQuOlLDVqGPk5orkTsgAkgbByoPAWEd66moJqZ91SXa5cxJ5nJNX2fFnM
IZyeL5FThZW35cqA4YABDQAJHtcV/ATB/WI0UgYFyIXqQdxV3aMDe0iDxoIe
IOgL8+kxGQ5byfkBQuYfHiRNzzVeY1lAVzuSyMBaUp0taG5BgIz2WzHEwMU+
2lke5znlOQjCChB/gy2dGZlzSrahoM+0bZpNeuiuBNC6iIh7PaUEUo9iepME
CoRMj+vWpqKyoA+Q3/aKCEHK/hAqOzwgUxAFfZQZFpaQf4XTbagFzjTgtE0M
+vh3MzAvgJdbR6ixjKerzucpNl3hkIFz147VDpTu2mWsjUaAShgFgvdiGe0n
4mKFgIeI8+N9NGo8i/MK8LWHxeawbwlCEaE+XAsV340IdHLou7G6AfbnEDfl
iNtF6KnBm1zD/V3n/YcxlUkNCiDwDEQoWv9+7fnkUlujbxi+5wNa0VV77tCy
EUuCTpacHzyEMbBR/xVn+9VO9iOFyLnC0R4Ae5TjD7GMHw1bjeAE89dTw0qj
7m0+iWAEYI31IOYh5opnxfqFE3DWu1MXoAR2erNuyTOSAJag/kgHVTBBLam9
q/XqNEJkiwfRWeG4DUIk1Dqz9dUKlSfVxz5TAFxzcLUIwnpsnCBOQY5Y9LB7
G44QnCvwh0rCj16x/hUc2e4ZqBsukpecf1zQFWA6bS7gXKDiKbEZ7o42L3ir
mtUrzEXraWcgV4dv3pcW4siIc/Q3OsDrgSKj4DXYFg5PDlsa7cbdUu9udzHl
lKD23c7bo7uRqWnFbfztPOk/p1Q8tsT52hJ7poS8/ub1utcHeNM/fHdEiZch
1bHKXXbIdOEEx9c2zTzqSamkApbMA+OMkjXZMFu4zgpwDVSG31dAMnnce560
/5c5er9oNP4tOeKKJqnRmkBdwKx8UIVNP3zUGRBKZjmb3NM6PDq+OHx/cUFT
cZYuJ8nPsyVkQWyEbe1iW8+xrYPxuMgIZaK2AtB+kNUodBLvQq8kyq9MBp2e
+a/fSrY72y0M+ttpJbvkvWD62YFm3nNG5+Ozi+EhNH98Zmha6dkO9mxX9wwK
DS9eg69wbpROG51CikiR3yZvJobbWsnrJejKyYcUMrQnH7IJ3GKdFnmWXCwy
Q9FW8u/pTTZe/vOfKYDcX6TFLfgm/r//LMyW9+FxOrpljws99JYZOMCdeBTG
i3h6rUhzAJIJx7GN49gJxmGGfnRsxMLp2QX+C41dXnw4OL8MR1epcIAVbmOF
FqPVVInaYDbODcsCDqLNZH1TzJbXbLN0XNey6jFqli5UszTTZiaxRf90BvTH
QOazT//s0QMz33v877486pt/n7eSQ6gDvVY62zj2CblJkKa3YDwB0ZavIJX5
OAf2vis1l2BsJ7zB4MeG038wguwHeOecc50CSpRK4wDvQF65IdICa3uVfxYK
TXO82vQjU907UBfeIAEUodQEORxlLdOF5gleaDYqk9PHyRm8CIcQ5P0Cg277
6N0zvyOG3kgxtbTpBxLTqZsyqegG07tnRgL/3UjQEuIdbewpObQDmAzvcmYw
etBmCklyjCYpqkKUHRXCYJMm5NYynANQSM8gaNiCHZFnppH/vmUet5fDZ1vM
5UzIu3wKugXWL72OkV4o5QiPS3pcpFeLdp4trtoTc7opMSnobXZX5HpiKnPQ
wznoy4qjmHYnOyNk6GsyHE/rCMEh6a4TmAft5MwrQjSQEakk8akTr77kOl+W
pd/Qz6+TtyDwD2E+gdgVShRXI8g7+SmnYPDY893nvb55Tv2xGgOy8AggfybZ
+Jp6URI5OhVKdpGSPY+bhXbbMHl6UKTv0u0/jutydmc0gNdLo+rel6DkICuX
gkGBige6vRwPL1+ZZvZ9IqwYc/vedM3vSJsyH0N1UzpL3gPi5vR6aYQH0MAf
Wncfh9aNS1Hi26osvTMHrcKcDGW47Ipiu2Jk4jYJPeQsGuwMrBiVsbbsTRJW
Hu93xy0nxbU04MXDzFD4aCYmkAL9Kcd5OVoiNFyLgM0kWn/NzKyYlY6/c5kT
oVHa75Lne3t7FaruAVW7+0hVuRMMFvXx5fv2JXvc8Sre6e91/bnHVXVfwlN4
+GyrQ8qQvQyPhXEAGt49ZTKqjd3Aij8MvJkxKg0SpBNn821CCpzPCjoe1dSN
8HcWWJXOViR6zJFvVuaoSXJCrPuczoPOOVDS6Xas0odljZDnxJ9ockEqKn7b
M9LLscjxwbsDNNnlY9Hw9frEx1laoIsXqBiV9d5FzbMLmqfasPEwW5guITvZ
hK1t+XMQI5vRGBTvopo45ZMKqL+e7xo2AD59n/A46VzSLNafJ7LNLkmb/31G
PsW8PMO3jE5CHNfu9tngSKmqLOQw69bYPd5m4RmKAEpW9Hk+Yd83RHpMcaoy
cLIXIDuHngosb0g+m+TRbR8awHFfYSYMSLIcmpk7TK8UbareiDs7YP/FXHnQ
m6qFmrUTnYbqCkFUoV0WjDIPqDXMnDE2xF4kxoW8IH/HBB9IRZ+02z61Uf/r
7QENLmrU0HBytn1VZ5ikeHh2Aoz44ii9RwzFkrE+/jbo0o7H78EqWYisem4o
CEZqTSoLFUPhJMov0XQpAhnvnDVT3NydLSxc3rd3QHWrDqiVCHKZ4/5hoTnw
UkhkMFagJH6DVRq5Kg2XY6YcTzf1WWTA2MvQHEe7+bfv1QZ2XAOg7UCXgRcw
g19FT4JUJhLEM2bwjZHl7SunYts+lhzc+amY3bL45zTfLPphP+8Y9Ymmi3Rc
wfdkOGqRGUX6ATPX8lIjbR2hGPAIFuBcAzvutFQ8JzZuRYWYNyIa5rzNorjd
226RfXg6S1AOsAt4+5ZjjJU1TMPvWcDCaXCF24lqhi/VtIkUHMekIHlPMjkq
SD6hLMeTffc5yXJptPQYZltvD2mCvUcLElT0Nk9n5v/+73KqRAbeQZlNeJFM
AHVrzvey05QyikDCOAtvUdY1DGuf4yKgYcDNNWQtb6gX5hBTZKiTQjNAauBK
OE2kxafcSFAA6YWMh2xGgQ0dlJvl1J6LppNHfTxEn/wZm32ZbZeENq03SzUN
pr5POWBlWkww6MNPZ2+Gbr3EKynNnkxnNrM3OwKUtPse+q+SKRDrR13IzAZK
/lOzKYqJjZmx6kcLL9RcV7pOQm2pE7HlDfnpOsDle3PmSRHh44rFvl3/Ykes
cqIel9cvMAvbA0/IkGjQ6e7WMyTwRfbZqsNAbtoDaPGZjv2PN0evSNEqZ3bp
1Z8Swx6gKaa7E+1BWTFz0CTuP+Xcdtw+MocrqO7FqiNbu7vdWXxewKnE7yCa
drrbrH/hDDo9FMjjWDQU19USQlJ1J6mESTDZMFjL36z4ecd0qOZ6aVQbRKFH
qQ4iqBYujO8WcP4CTLKyYl54AWCSDtd5XaUV88OzLWIJUeA4tfhq+uDcThmX
WD8AI2a/upfq+KFLTImQwiYHMO4k68RWCxYuIzusgD9EluXra7tbtLuDmGUq
2LF+OXkLPHFyRBk+kU9CrkGbU3fgs7U6v5j1ybYNp/l61iiQEhLz/yyI8UI8
YhBzc7P7zsb+1PEODlYIRC+m+w9J7aziy1Sd2kaEepJ3sh2o0/PM5SYw02t4
ErmhsgRMJ2WSYye4EmvrsdlSnc4NWfyDnVizg/kz9R9ubJkwdMBBYd/RjqtN
9Z6BLLXDV6qATlWrImG4Lsl1vzB74HyJO2Yj8XDuHDHLhDRsu4pDtkEzWbcf
EzYDVg+0Hi3hVOQlSjkPBd0/LnxAI1XRQ+OsHBW5hZwMXEplALhlNyDXXZFF
Dx4+9yA0FbEzcwSed9bJu9gs6BUzWDlNh+j9MgOkTHAroNtxtHTALGnVw4wK
1JhMB77SUZRiFNB3wigwB+4x40u4DihtWnfiiPyjEaYlm0wY/MZobNc3i4cM
/h9rZtc5Q1FtJtLhU6ahl8XMKMQM4TcyUpUoTymAjfgreMtFpx9Mj4CNS64E
30CUj1GQXRle/ZSOboOLBru9Uwt4w2bOVm+PDs6SD33Km0NfBkkT5MtOr4eL
5ihnMSljcGdMJxz4FtNIzZDb0ZTZ7RG3nxGcN8qViVWx/JB8QzvRcYQz+v6R
9QAQLXXP1vXog+2M6QZeHEr3UIcsSQ2zhkWwY5GAdQ4FLtaKD9Y0IHWCWti0
G6VNKiSXPqwBp9Pb6ovcFDPKAhPzPcyK245eCp4VHQ9f3DBlW3LmEngGs39d
YGqSsCPasGlvnZkbHqluda3aafx/LfGA6vH0AwA= should
still be reviewed as a best practice.
-->
</rfc>