<?xml version='1.0' encoding='utf-8'?> <!DOCTYPE rfc [ <!ENTITY nbsp " "> <!ENTITY zwsp "​"> <!ENTITY nbhy "‑"> <!ENTITY wj "⁠"> ]> <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> <!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.29 (Ruby3.4.4)2.5.9) --> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902"docName="draft-ietf-tls-rfc8447bis-15"docName="draft-ietf-tls-rfc8447bis-latest" category="std" consensus="true" submissionType="IETF" number="9847" updates="8447" tocInclude="true" sortRefs="true" symRefs="true" version="3"> <!-- xml2rfc v2v3 conversion3.30.03.31.0 --> <link href="https://datatracker.ietf.org/doc/draft-ietf-tls-rfc8447bis-latest" rel="prev"/> <front> <titleabbrev="(D)TLSabbrev="TLS and DTLS IANA Registry Updates">IANA Registry Updates for TLS and DTLS</title> <seriesInfoname="Internet-Draft" value="draft-ietf-tls-rfc8447bis-15"/>name="RFC" value="9847"/> <author initials="J." surname="Salowey" fullname="Joe Salowey"> <organization>Venafi</organization> <address> <email>joe@salowey.net</email> </address> </author> <author initials="S." surname="Turner" fullname="Sean Turner"> <organization>sn3rd</organization> <address> <email>sean@sn3rd.com</email> </address> </author> <date year="2025"month="July" day="21"/> <area>Security</area> <workgroup>Transport Layer Security</workgroup> <keyword>Internet-Draft</keyword>month="October"/> <area>SEC</area> <workgroup>TLS</workgroup> <abstract> <?line41?>38?> <!-- [rfced] Note that we have updated the short title, which appears in the running header in the PDF output, as follows. Please let us know any objections. Original: (D)TLS IANA Registry Updates Current: TLS and DTLS IANA Registry Updates --> <!-- [rfced] Please insert any keywords (beyond those that appear in the title) for use on https://www.rfc-editor.org/search. --> <!-- [rfced] FYI - We will do the following when we convert the file to RFCXML: - Update relevant URLs to be clickable in the HTML and PDF outputs --> <!-- [rfced] Because this document updates RFC 8447, please review the errata reported for RFC 8447 (https://www.rfc-editor.org/errata/rfc8447) and let us know if you confirm our opinion that none of them are relevant to the content of this document. --> <t>This document updates the changes to the TLS and DTLS IANA registries made in RFC 8447. It adds a newvaluevalue, "D" fordiscourageddiscouraged, to theRecommended"Recommended" column of the selected TLS registries and adds a "Comment" column to all active registries that do not already have a "Comment" column. Finally, it updates the registration request instructions.</t> <t>This document updates RFC 8447.</t> </abstract><note removeInRFC="true"> <name>About This Document</name> <t> Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-ietf-tls-rfc8447bis/"/>. </t> <t> Discussion of this document takes place on the Transport Layer Security Working Group mailing list (<eref target="mailto:tls@ietf.org"/>), which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/tls/"/>. Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/tls/"/>. </t> <t>Source for this draft and an issue tracker can be found at <eref target="https://github.com/tlswg/rfc8447bis"/>.</t> </note></front> <middle> <?line52?>74?> <section anchor="introduction"> <name>Introduction</name> <t>This document instructs IANA to make changes to a number of the IANA registries related to Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). These changes update the changes made in <xref target="RFC8447"/>.</t><aside> <t>RFC EDITOR NOTE: Please remove the note that follows.</t> </aside> <aside> <t>NOTE for IANA: This document specifies changes to the registry to update the changes made in <xref target="RFC8447"/>.</t> </aside><t>This specification adds a newvaluevalue, "D" fordiscourageddiscouraged, to theRecommended"Recommended" column of the selected TLS registries and adds a "Comment" column to all active registries that do not already have a "Comment" column.</t> <t>Thisspecicationspecification also updates the registration request instructions.</t> </section> <section anchor="terminology"> <name>Terminology</name> <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shown here.</t> <?line -18?> <!-- [rfced] In the sentence below, is the intention to have consensus to leave one item or multiple items marked? Original: The IETF might have consensus to leave an items marked as "N" on the basis of its having limited applicability or usage constraints. Perhaps (Singular): The IETF might have consensus to leave an item marked as "N" on the basis of the item having limited applicability or usage constraints. Or (Plural): The IETF might have consensus to leave items marked as "N" on the basis of the items having limited applicability or usage constraints. --> </section> <section anchor="updating-recommended-columns-values"> <name>Updating "Recommended" Column's Values</name> <t>The instructions in this document update theRecommended"Recommended" column, originally added in <xref target="RFC8447"/> to add a third value, "D", indicating that a value is"Discouraged".discouraged. The permitted values of the "Recommended" column are:</t> <dl> <dt>Y:</dt> <dd> <t>Indicates that the IETF has consensus that the item is <bcp14>RECOMMENDED</bcp14>. This only means that the associated mechanism is fit for the purpose for which it was defined. Careful reading of the documentation for the mechanism is necessary to understand the applicability of that mechanism. The IETF could recommend mechanisms that have limitedapplicability,applicability but will provide applicability statements that describe any limitations of the mechanism or necessary constraints on its use.</t> </dd> <dt>N:</dt> <dd> <t>Indicates that the item has not been evaluated by the IETF and that the IETF has made no statement about the suitability of the associated mechanism. This does not necessarily mean that the mechanism is flawed, only that no consensus exists. The IETF might have consensus to leave an items marked as "N" on the basis of its having limited applicability or usage constraints.</t> </dd> <dt>D:</dt> <dd> <t>Indicates that the item is discouraged. This marking could be used to identify mechanisms that might result in problems if they are used, such as a weak cryptographic algorithm or a mechanism that might cause interoperability problems in deployment. When marking a registry entry as“D”,"D", either theReferences"Reference" or theComments Column"Comment" column <bcp14>MUST</bcp14> include sufficient information to determine why the marking has been applied. Implementers and users <bcp14>SHOULD</bcp14> consult the linked references associated with the item to determine the conditions under which the item <bcp14>SHOULD NOT</bcp14> or <bcp14>MUST NOT</bcp14> be used.</t> </dd> </dl> <t>Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval <xref target="RFC8126"/>. Not all items defined in Standards Track RFCs need to be set to "Y" or "D". Any item not otherwise specified is set to "N". The column is blank for values that are unassigned or reserved unless specifically set.</t> <section anchor="rec-note"> <name>Recommended Note</name> <t>Existing registries have a note on the meaning of theRecommended"Recommended" column. For the registries discussed in the subsequentsectionssections, this note is updated with a sentence describing the "D" value as follows:</t><dl> <dt>Note:</dt> <dd> <t>If<blockquote> <t>Note: If the "Recommended" column is set to "N", it does not necessarily mean that it is flawed; rather, it indicates that the itemeitherhas not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases. If the "Recommended" column is set to"D""D", the item is discouraged and <bcp14>SHOULD NOT</bcp14> or <bcp14>MUST NOT</bcp14> be used, depending upon the situation; consult theitem’sitem's references for clarity.</t></dd> </dl></blockquote> </section> </section> <section anchor="tls-extensiontype-values-registry"> <name>TLS ExtensionType Values Registry</name> <t>In order to reflect the changes in theRecommended"Recommended" column allocation, IANAis requested to updatehas updated theTLS"TLS ExtensionTypeValuesValues" registry as follows:</t> <ul spacing="normal"> <li><t>Adjust<t>Adjusted the registration procedure related to setting the“Recommended”"Recommended" column asfollows:</t> </li> </ul> <artwork><![CDATA[follows: </t> <t> Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval[RFC8126]. ]]></artwork> <ul spacing="normal"><xref target="RFC8126"/>.</t> </li> <li><t>Add<t>Added a reference to this document under the reference heading.</t> </li> <li><t>Update<t>Updated the "Recommended" column with the changesaslisted below. Entries keep their existing "Y" and "N" entries except for the entries in the following table. IANAis requested to addhas added a reference to this document for these entries.</t> </li> </ul> <!-- [rfced] FYI - We have reordered the values in Table 1 to reflect how they are listed in the "TLS ExtensionType Values" registry. --> <table> <thead> <tr> <th align="left">Value</th> <thalign="left">Extension</th>align="left">Extension Name</th> <th align="right">Recommended</th> </tr> </thead> <tbody> <tr> <td align="left">4</td> <td align="left">truncated_hmac</td> <td align="right">D</td> </tr> <tr> <tdalign="left">53</td>align="left">40</td> <tdalign="left">connection_id (deprecated)</td>align="left">Reserved</td> <td align="right">D</td> </tr> <tr> <tdalign="left">40</td>align="left">46</td> <td align="left">Reserved</td> <td align="right">D</td> </tr> <tr> <tdalign="left">46</td>align="left">53</td> <tdalign="left">Reserved</td>align="left">connection_id (deprecated)</td> <td align="right">D</td> </tr> </tbody> </table> <ul spacing="normal"> <li><t>Update<t>Updated the note on theRecommended"Recommended" column with text in <xref target="rec-note"/>.</t> </li> <li> <t>For the truncated_hmac,addadded the following link toReferencethe "Reference" column: https://www.iacr.org/archive/asiacrypt2011/70730368/70730368.pdf</t> </li> <li> <t>For the two Reserved values above,addadded the following link in theReference"Reference" column: https://mailarchive.ietf.org/arch/msg/tls-reg-review/5BD62HBFjo_AsW-Y8ohVuWEe1gI/</t> </li> </ul> </section> <section anchor="tls-cipher-suites-registry"> <name>TLS Cipher Suites Registry</name> <t>Several categories ofciphersuitescipher suites are discouraged for general use and are marked as "D".</t><t>Ciphersuites<t>Cipher suites that use NULL encryption do not provide the confidentiality normally expected of TLS. Protocols and applications are often designed to require confidentiality as a security property. Theseciphersuitescipher suites <bcp14>MUST NOT</bcp14> be used in those cases.</t><t>Ciphersuites<t>Cipher suites marked as EXPORT use weak ciphers and were deprecated in TLS 1.1 <xref target="RFC4346"/>.</t> <t>Cipher suites marked as anon do not provide anyauthentication andauthentication, are vulnerable to on-pathattacksattacks, andarewere deprecated in TLS 1.1 <xref target="RFC4346"/>.</t> <t>RC4 is a weak cipher and is deprecated in <xref target="RFC7465"/>.</t> <t>DES andIDEAthe International Data Encryption Algorithm (IDEA) are not considered secure for general use andarewere deprecated in <xref target="RFC5469"/>.Nor isMD5or SHA-1andtheseSHA-1 are also not secure for general use and were deprecated in <xref target="RFC9155"/>.</t> <t>In order to reflect the changes in theRecommended"Recommended" column allocation, IANAis requested to updatehas updated theTLS ExtensionType Values"TLS Cipher Suites" registry as follows:</t> <ul spacing="normal"> <li><t>Adjust<t>Adjusted the registration procedure related to setting the“Recommended”"Recommended" column asfollows:</t> </li> </ul> <artwork><![CDATA[follows: </t> <t> Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval[RFC8126]. ]]></artwork> <ul spacing="normal"><xref target="RFC8126"/>.</t> </li> <li><t>Add<t>Added a reference to this document under the reference heading.</t> </li> <li><t>Update<t>Updated the "Recommended" column with the changesaslisted below. Entries keep their existing "Y" and "N" entries except for the entries in following table. IANAis requested to addhas added a reference to this document for these entries. This document does not make any changes to theDTLS-OK"DTLS-OK" column.</t> </li> </ul> <table> <thead> <tr> <th align="left">Value</th> <thalign="left">Cipher Suite Name</th>align="left">Description</th> <th align="right">Recommended</th> </tr> </thead> <tbody> <tr> <td align="left">0x00,0x1E</td> <td align="left">TLS_KRB5_WITH_DES_CBC_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x20</td> <td align="left">TLS_KRB5_WITH_RC4_128_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x21</td> <td align="left">TLS_KRB5_WITH_IDEA_CBC_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x22</td> <td align="left">TLS_KRB5_WITH_DES_CBC_MD5</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x24</td> <td align="left">TLS_KRB5_WITH_RC4_128_MD5</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x25</td> <td align="left">TLS_KRB5_WITH_IDEA_CBC_MD5</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x26</td> <td align="left">TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x27</td> <td align="left">TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x28</td> <td align="left">TLS_KRB5_EXPORT_WITH_RC4_40_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x29</td> <td align="left">TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x2A</td> <td align="left">TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x2B</td> <td align="left">TLS_KRB5_EXPORT_WITH_RC4_40_MD5</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x2C</td> <td align="left">TLS_PSK_WITH_NULL_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x8A</td> <td align="left">TLS_PSK_WITH_RC4_128_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0xB0</td> <td align="left">TLS_PSK_WITH_NULL_SHA256</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0xB1</td> <td align="left">TLS_PSK_WITH_NULL_SHA384</td> <td align="right">D</td> </tr> <tr> <td align="left">0xC0,0x06</td> <td align="left">TLS_ECDHE_ECDSA_WITH_NULL_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0xC0,0x07</td> <td align="left">TLS_ECDHE_ECDSA_WITH_RC4_128_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0xC0,0x10</td> <td align="left">TLS_ECDHE_RSA_WITH_NULL_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0xC0,0x11</td> <td align="left">TLS_ECDHE_RSA_WITH_RC4_128_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0xC0,0x33</td> <td align="left">TLS_ECDHE_PSK_WITH_RC4_128_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0xC0,0x39</td> <td align="left">TLS_ECDHE_PSK_WITH_NULL_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0xC0,0x3A</td> <td align="left">TLS_ECDHE_PSK_WITH_NULL_SHA256</td> <td align="right">D</td> </tr> <tr> <td align="left">0xC0,0x3B</td> <td align="left">TLS_ECDHE_PSK_WITH_NULL_SHA384</td> <td align="right">D</td> </tr> <tr> <td align="left">0xC0,0xB4</td> <td align="left">TLS_SHA256_SHA256</td> <td align="right">D</td> </tr> <tr> <td align="left">0xC0,0xB5</td> <td align="left">TLS_SHA384_SHA384</td> <td align="right">D</td> </tr> </tbody> </table> <ul spacing="normal"> <li><t>Update<t>Updated the note on theRecommended"Recommended" column with text in <xref target="rec-note"/>.</t> </li> </ul> </section> <section anchor="tls-supported-groups-registry"> <name>TLS Supported Groups Registry</name> <t>In order to reflect the changes in theRecommended"Recommended" column allocation, IANAis requested to updatehas updated theTLS"TLS SupportedGroupsGroups" registry as follows:</t> <ul spacing="normal"> <li><t>Update<t>Updated the registration policy toinclude:</t> </li> </ul> <artwork><![CDATA[include: </t> <t> Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval[RFC8126]. ]]></artwork> <ul spacing="normal"><xref target="RFC8126"/>.</t> </li> <li><t>Add<t>Added a reference to this document under the reference heading.</t> </li> <li><t>Update<t>Updated the "Recommended" column with the changesaslisted below. Entries keep their existing "Y" and "N" entries except for the entries in following table. IANAis requested to addhas added a reference to this document for these entries.</t> </li> </ul> <table> <thead> <tr> <th align="left">Value</th> <thalign="left">Curve</th>align="left">Description</th> <th align="right">Recommended</th> </tr> </thead> <tbody> <tr> <td align="left">1</td> <td align="left">sect163k1</td> <td align="right">D</td> </tr> <tr> <td align="left">2</td> <td align="left">sect163r1</td> <td align="right">D</td> </tr> <tr> <td align="left">3</td> <td align="left">sect163r2</td> <td align="right">D</td> </tr> <tr> <td align="left">4</td> <td align="left">sect193r1</td> <td align="right">D</td> </tr> <tr> <td align="left">5</td> <td align="left">sect193r2</td> <td align="right">D</td> </tr> <tr> <td align="left">6</td> <td align="left">sect233k1</td> <td align="right">D</td> </tr> <tr> <td align="left">7</td> <td align="left">sect233r1</td> <td align="right">D</td> </tr> <tr> <td align="left">8</td> <td align="left">sect239k1</td> <td align="right">D</td> </tr> <tr> <td align="left">15</td> <td align="left">secp160k1</td> <td align="right">D</td> </tr> <tr> <td align="left">16</td> <td align="left">secp160r1</td> <td align="right">D</td> </tr> <tr> <td align="left">17</td> <td align="left">secp160r2</td> <td align="right">D</td> </tr> <tr> <td align="left">18</td> <td align="left">secp192k1</td> <td align="right">D</td> </tr> <tr> <td align="left">19</td> <td align="left">secp192r1</td> <td align="right">D</td> </tr> <tr> <td align="left">20</td> <td align="left">secp224k1</td> <td align="right">D</td> </tr> <tr> <td align="left">21</td> <td align="left">secp224r1</td> <td align="right">D</td> </tr> </tbody> </table> <ul spacing="normal"> <li><t>Update<t>Updated the note on theRecommended"Recommended" column with text in <xref target="rec-note"/>.</t> </li> <li><t>Remove<t>Removed the "Elliptic curve groups" note from the registration procedures table.</t> </li> <li> <t>For each of the entries above,addadded the following link to theComment"Comment" column: https://datatracker.ietf.org/meeting/118/materials/slides-118-tls-rfc8447bis-00</t> </li> </ul> </section> <section anchor="tls-exporter-labels-registry"> <name>TLS Exporter Labels Registry</name> <t>This document updates the registration procedure for theTLS"TLS ExporterLabelsLabels" registry and updates theRecommended"Recommended" column allocation. IANAis requested to updatehas updated theTLS"TLS ExporterLabels RegistryLabels" registry as follows:</t> <ul spacing="normal"> <li><t>Change<t>Changed the registration procedure from Specification Required to Expert Review andupdateupdated it toinclude:</t> </li> </ul> <artwork><![CDATA[include: </t> <t> Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval[RFC8126]. ]]></artwork> <ul spacing="normal"><xref target="RFC8126"/>.</t> </li> <li><t>Add<t>Added a reference to this document under the reference heading.</t> </li> <li> <t>Entrieskeepkept their existingRecommended"Recommended" column "Y" and "N"entries</t>entries.</t> </li> <li><t>Update<t>Updated the note on theRecommended"Recommended" column with text in <xref target="rec-note"/>.</t> </li> <li><t>Update<t>Updated the note on the role of the expert reviewer as follows.</t> </li> </ul><dl> <dt>Note:</dt> <dd> <t>The<blockquote> <t>Note: The role of the designated expert is described in <xref section="17" sectionFormat="comma" target="RFC8447"/>. Even though this registry does not require a specification, the designated expert <xref target="RFC8126"/> will strongly encourage registrants to provide a link to a publicly available specification. An Internet-Draft (that is posted and never published as an RFC) or a document from another standards body, industry consortium, university site, etc.areis suitable for these purposes. The expert may provide more in-depth reviews, but their approval should not be taken as an endorsement of the exporter label. The expert also verifies that the label is a string consisting of printable ASCII characters beginning with "EXPORTER". IANA <bcp14>MUST</bcp14> also verify that one label is not a prefix of any other label. For example, labels "key" or "master secretary" are forbidden.</t></dd> </dl></blockquote> <ul spacing="normal"> <li><t>Rename<t>Renamed theNote"Note" column toComment column.</t>"Comment".</t> </li> </ul> </section> <section anchor="tls-certificate-types-registry"> <name>TLS Certificate Types Registry</name> <t>In order to reflect the changes in theRecommended"Recommended" column allocation, IANAis requested to updatehas updated theTLS"TLS CertificateTypesTypes" registry as follows:</t> <ul spacing="normal"> <li><t>Adjust<t>Adjusted the registration procedure related to setting the“Recommended”"Recommended" column asfollows:</t> </li> </ul> <artwork><![CDATA[follows: </t> <t> Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval[RFC8126]. ]]></artwork> <ul spacing="normal"><xref target="RFC8126"/>.</t> </li> <li><t>Add<t>Added a reference to this document under the reference heading.</t> </li> <li> <t>Entrieskeepkept their existingRecommended"Recommended" column "Y" and "N" entries.</t> </li> <li><t>Update<t>Updated the note on theRecommended"Recommended" column with text in <xref target="rec-note"/>.</t> </li> </ul> </section> <section anchor="tls-hashalgorithm-registry"> <name>TLS HashAlgorithm Registry</name><t>Though TLS<t>TLS 1.0 and TLS 1.1 were deprecated <xref target="RFC8996"/>, TLS 1.2 will be in use for some time. In order to reflect the changes in theRecommended"Recommended" column allocation, IANAis requested to updatehas updated theTLS HashAlgorithm Registry"TLS HashAlgorithm" registry as follows:</t> <ul spacing="normal"> <li><t>Update<t>Updated the registration procedure toinclude:</t> </li> </ul> <artwork><![CDATA[include: </t> <t> Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval[RFC8126]. ]]></artwork> <ul spacing="normal"><xref target="RFC8126"/>.</t> </li> <li><t>Add<t>Added a reference to this document under the reference heading.</t> </li> <li><t>Update<t>Updated theTLS HashAlgorithm"TLS HashAlgorithm" registry to add a "Recommended" column as follows:</t> </li> </ul> <table> <thead> <tr> <th align="left">Value</th> <th align="left">Description</th> <th align="right">Recommended</th> </tr> </thead> <tbody> <tr> <td align="left">0</td> <td align="left">none</td> <td align="right">Y</td> </tr> <tr> <td align="left">1</td> <td align="left">md5</td> <td align="right">D</td> </tr> <tr> <td align="left">2</td> <td align="left">sha1</td> <td align="right">D</td> </tr> <tr> <td align="left">3</td> <td align="left">sha224</td> <td align="right">D</td> </tr> <tr> <td align="left">4</td> <td align="left">sha256</td> <td align="right">Y</td> </tr> <tr> <td align="left">5</td> <td align="left">sha384</td> <td align="right">Y</td> </tr> <tr> <td align="left">6</td> <td align="left">sha512</td> <td align="right">Y</td> </tr> <tr> <td align="left">8</td> <td align="left">Intrinsic</td> <td align="right">Y</td> </tr> </tbody> </table> <ul spacing="normal"> <li><t>Add<t>Added a note on theRecommended"Recommended" column with text in <xref target="rec-note"/>.</t> </li> </ul> </section> <section anchor="tls-signaturealgorithm-registry"> <name>TLS SignatureAlgorithm Registry</name><t>Though TLS<t>TLS 1.0 and TLS 1.1 were deprecated <xref target="RFC8996"/>, TLS 1.2 will be in use for some time. In order to reflect the changes in theRecommended"Recommended" column allocation, IANAis requested to updatehas updated theTLS SignatureAlgorithm"TLS SignatureAlgorithm" registry as follows:</t> <ul spacing="normal"> <li><t>Update<t>Updated the registration procedure toinclude:</t> </li> </ul> <artwork><![CDATA[include: </t> <t> Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval[RFC8126]. ]]></artwork> <ul spacing="normal"><xref target="RFC8126"/>.</t> </li> <li><t>Add<t>Added a reference to this document under the reference heading.</t> </li> <li><t>Update<t>Updated theTLS SignatureAlgorithm"TLS SignatureAlgorithm" registry to add a "Recommended" column as follows:</t> </li> </ul> <table> <thead> <tr> <th align="left">Value</th> <th align="left">Description</th> <th align="right">Recommended</th> </tr> </thead> <tbody> <tr> <td align="left">0</td> <td align="left">anonymous</td> <td align="right">N</td> </tr> <tr> <td align="left">1</td> <td align="left">rsa</td> <td align="right">Y</td> </tr> <tr> <td align="left">2</td> <td align="left">dsa</td> <td align="right">N</td> </tr> <tr> <td align="left">3</td> <td align="left">ecdsa</td> <td align="right">Y</td> </tr> <tr> <td align="left">7</td> <td align="left">ed25519</td> <td align="right">Y</td> </tr> <tr> <td align="left">8</td> <td align="left">ed448</td> <td align="right">Y</td> </tr> <tr> <td align="left">64</td> <td align="left">gostr34102012_256</td> <td align="right">N</td> </tr> <tr> <td align="left">65</td> <td align="left">gostr34102012_512</td> <td align="right">N</td> </tr> </tbody> </table> <ul spacing="normal"> <li><t>Add<t>Added a note on theRecommended"Recommended" column with text in <xref target="rec-note"/>.</t> </li> </ul> </section> <section anchor="tls-clientcertificatetype-identifiers-registry"> <name>TLS ClientCertificateType Identifiers Registry</name><t>Though TLS<t>TLS 1.0 and TLS 1.1 were deprecated <xref target="RFC8996"/>, TLS 1.2 will be in use for some time. In order torefectreflect the changes in theRecommended"Recommended" column allocation, IANAis requested to updatehas updated theTLS"TLS ClientCertificateTypeIdentifiersIdentifiers" registry as follows:</t> <ul spacing="normal"> <li><t>Update<t>Updated the registration procedure toinclude:</t> </li> </ul> <artwork><![CDATA[include: </t> <t> Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval[RFC8126]. ]]></artwork> <ul spacing="normal"><xref target="RFC8126"/>.</t> </li> <li><t>Add<t>Added a reference to this document under the reference heading.</t> </li> <li><t>Update<t>Updated theTLS"TLS ClientCertificateTypeIdentifiersIdentifiers" registry to add a "Recommended" column as follows:</t> </li> </ul> <table> <thead> <tr> <th align="left">Value</th> <th align="left">Description</th> <th align="right">Recommended</th> </tr> </thead> <tbody> <tr> <td align="left">1</td> <td align="left">rsa_sign</td> <td align="right">Y</td> </tr> <tr> <td align="left">2</td> <td align="left">dss_sign</td> <td align="right">N</td> </tr> <tr> <td align="left">3</td> <td align="left">rsa_fixed_dh</td> <td align="right">N</td> </tr> <tr> <td align="left">4</td> <td align="left">dss_fixed_dh</td> <td align="right">N</td> </tr> <tr> <td align="left">5</td> <td align="left">rsa_ephemeral_dh_RESERVED</td> <td align="right">D</td> </tr> <tr> <td align="left">6</td> <td align="left">dss_ephemeral_dh_RESERVED</td> <td align="right">D</td> </tr> <tr> <td align="left">20</td> <td align="left">fortezza_dms_RESERVED</td> <td align="right">D</td> </tr> <tr> <td align="left">64</td> <td align="left">ecdsa_sign</td> <td align="right">Y</td> </tr> <tr> <td align="left">65</td> <td align="left">rsa_fixed_ecdh</td> <td align="right">N</td> </tr> <tr> <td align="left">66</td> <td align="left">ecdsa_fixed_ecdh</td> <td align="right">N</td> </tr> <tr> <td align="left">67</td> <td align="left">gost_sign256</td> <td align="right">N</td> </tr> <tr> <td align="left">68</td> <td align="left">gost_sign512</td> <td align="right">N</td> </tr> </tbody> </table> <ul spacing="normal"> <li><t>Add<t>Added a note on theRecommended"Recommended" column with text in <xref target="rec-note"/>.</t> </li> </ul> </section> <section anchor="tls-pskkeyexchangemode-registry"> <name>TLS PskKeyExchangeMode Registry</name> <t>In order to reflect the changes in theRecommended"Recommended" column allocation, IANAis requested to updatehas updated theTLS PskKeyExchangeMode"TLS PskKeyExchangeMode" registry as follows:</t> <ul spacing="normal"> <li><t>Update<t>Updated the registration procedure toinclude:</t> </li> </ul> <artwork><![CDATA[include: </t> <t> Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval[RFC8126]. ]]></artwork> <ul spacing="normal"><xref target="RFC8126"/>.</t> </li> <li><t>Add<t>Added a reference to this document under the reference heading.</t> </li> <li> <t>Entrieskeepkept their existingRecommended"Recommended" column "Y" and "N" entries.</t> </li> <li><t>Update<t>Updated note on theRecommended"Recommended" column with text in <xref target="rec-note"/>.</t> </li> </ul> </section> <section anchor="tls-signaturescheme-registry"> <name>TLS SignatureScheme Registry</name> <t>In order to reflect the changes in theRecommended"Recommended" column allocation, IANAis requested to updatehas updated theTLS SignatureScheme"TLS SignatureScheme" registry as follows:</t> <ul spacing="normal"> <li><t>Update<t>Updated the registration procedure toinclude:</t> </li> </ul> <artwork><![CDATA[include: </t> <t> Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval[RFC8126]. ]]></artwork> <ul spacing="normal"><xref target="RFC8126"/>.</t> </li> <li><t>IANA is requested to add<t>Added a reference to this document under the reference heading.</t> </li> <li> <t>Entrieskeepkept their existingRecommended"Recommended" column "Y" and "N" entries.</t> </li> <li><t>Update<t>Updated note on theRecommended"Recommended" column with text in <xref target="rec-note"/>.</t> </li> </ul> </section> <section anchor="adding-comment-column"> <name>Adding "Comment" Column</name> <t>IANAis requested to addhas added a "Comment" column to the following registries:</t> <ul spacing="normal"> <li> <t>TLS ExtensionType Values</t> </li> <li> <t>TLS Application-Layer Protocol Negotiation (ALPN) Protocol IDs</t> </li> <li> <t>TLS CachedInformationType Values</t> </li> <li> <t>TLS Certificate Compression Algorithm IDs</t> </li> <li> <t>TLS ClientCertificateType Identifiers</t> </li> <li> <t>TLS Cipher Suites</t> </li> <li> <t>TLS ContentType</t> </li> <li> <t>TLS EC Point Formats</t> </li> <li> <t>TLS EC Curve Types</t> </li> <li> <t>TLS Supplemental Data Formats (SupplementalDataType)</t> </li> <li> <t>TLS UserMappingType Values</t> </li> <li> <t>TLSSignature Algorithm</t>SignatureAlgorithm</t> </li> <li> <t>TLSHash Algorithm</t>HashAlgorithm</t> </li> <li> <t>TLS Authorization Data Formats</t> </li> <li> <t>TLS Heartbeat Message Types</t> </li> <li> <t>TLS Heartbeat Modes</t> </li> <li> <t>TLS SignatureScheme</t> </li> <li> <t>TLS PskKeyExchangeMode</t> </li> <li> <t>TLS KDF Identifiers</t> </li> <li> <t>TLS SSLKEYLOGFILE Labels</t> </li> </ul> <t>This list of registries is all registries that do not already have a "Comment" or"Notes""Note" column or that were not orphaned by TLS 1.3.</t><t>IANA<!--[rfced] May we remove this sentence from the end of Section 14? This action is already listed in Section 7. Original: IANA is requested to rename the "Note" column to "Comment" column in TLS Exporter Labels registry. --> <t>IANA has renamed the "Note" column to "Comment" in the "TLS Exporter Labels" registry.</t> </section> <section anchor="expert-review-of-current-and-potential-ietf-and-irtf-documents"> <name>Expert Review of Current and Potential IETF and IRTF Documents</name> <t>The intent of the Specification Required choice for TLScode pointscodepoints is to allow for easy registration forcode pointscodepoints associated with protocols and algorithms that are not being actively developed inside the IETF or IRTF. When TLS-based technologies are being developed inside theIRTF/IETFIETF or IRTF, they should be done in coordination with the TLS WG in order to provide appropriate review. For this reason, unless the TLS WGchairsChairs indicate otherwise via email, designated experts should declinecode pointcodepoint registrations for documentswhichthat have already been adopted or are being proposed for adoption by IETF working groups or IRTF research groups.</t> </section> <section anchor="registration-requests"> <name>Registration Requests</name> <t>Registration requests <bcp14>MUST</bcp14> be submitted in one of two ways:</t> <ol spacing="normal" type="1"><li> <t>By sending email to iana@iana.org; this email <bcp14>SHOULD</bcp14> use an appropriate subject (e.g., "Request to register value in TLS bar registry").</t> </li> <li> <t>Using the online form at https://www.iana.org/form/protocol-assignment.</t> </li> </ol> <t>Specification Required <xref target="RFC8126"/> registry requests are registered after a three-week review period on the advice of one or more designated experts. However, to allow for the allocation of values prior to publication, the designated experts may approve registration once they are satisfied that such a specification will be published.</t> </section> <section anchor="security-considerations"> <name>Security Considerations</name> <t>Recommended algorithms are regarded as secure for general use at the time of registration; however, cryptographic algorithms and parameters will be broken or weakened over time. It is possible that the "Recommended" status in the registry lags behind the most recent advances in cryptanalysis. Implementers and users need to check that the cryptographic algorithms listed continue to provide the expected level of security.</t> <t>Designated experts ensure the specification is publicly available. They may provide more in-depth reviews. Their review should not be taken as an endorsement of the cipher suite, extension, supported group, etc.</t> </section> <section anchor="iana-considerations"> <name>IANA Considerations</name> <t>This document is entirely about changes to TLS-related IANA registries.</t> <t>IANAis requested to modifyhas modified the note applied to all TLS Specification Required registries instructing where to send registration requests as follows:</t><aside> <t>RFC EDITOR: Please replace "This RFC" in<!--[rfced] IANA provided the followingwithnote when they notified us that their actions were complete: NOTE: Some text at theRFC number assignedend of the IANA Considerations section concerning request submission needs to be removed or replaced. Details at the end of the list of actions. Per thisspecification.</t> </aside> <t>Requestsnote and to reflect what appears in the TLS-related IANA registries, we have updated the text as shown below. Please let us know if any changes are needed. Original: Requests for assignments from the registry's Specification Required range should be sent to the mailing list described in [This RFC, Section 16]. If approved, designated experts should notify IANA within three weeks. For assistance, please contactiana@iana.org.</t> </section> </middle> <back> <references anchor="sec-normative-references"> <name>Normative References</name> <reference anchor="RFC8447"> <front> <title>IANA Registry Updatesiana@iana.org. Current: | Note: Requests forTLS and DTLS</title> <author fullname="J. Salowey" initials="J." surname="Salowey"/> <author fullname="S. Turner" initials="S." surname="Turner"/> <date month="August" year="2018"/> <abstract> <t>This document describes a number of changes to TLS and DTLS IANA registries thatregistration in the "Specification Required" | [RFC8126] rangefrom adding notesshould be sent to iana@iana.org or submitted via | IANA's application form, per [RFC 9847]. IANA will forward theregistry all the way| request tochanging the registration policy. These changes were mostly motivated by WG review oftheTLS-expert mailing list described in [RFC8447], | Section 17 andDTLS-related registries undertaken as part of the TLS 1.3 development process.</t> <t>This document updatestrack its progress. See thefollowing RFCs: 3749, 5077, 4680, 5246, 5705, 5878, 6520, and 7301.</t> </abstract> </front> <seriesInfo name="RFC" value="8447"/> <seriesInfo name="DOI" value="10.17487/RFC8447"/> </reference> <reference anchor="RFC2119"> <front> <title>Key wordsregistration procedure | table below forusemore information. --> <blockquote> <t>Note: Requests for registration inRFCsthe "Specification Required" <xref target="RFC8126"/> range should be sent toIndicate Requirement Levels</title> <author fullname="S. Bradner" initials="S." surname="Bradner"/> <date month="March" year="1997"/> <abstract> <t>In many standards track documents several words are usediana@iana.org or submitted via IANA's application form, per [RFC 9847]. IANA will forward the request tosignifytherequirementsexpert mailing list described in <xref section="17" sectionFormat="comma" target="RFC8447"/> and track its progress. See thespecification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifiesregistration procedure table below for more information.</t> </blockquote> <!-- [rfced] FYI - We have added anInternet Best Current Practicesexpansion for theInternet Community, and requests discussion and suggestions for improvements.</t> </abstract> </front> <seriesInfo name="BCP" value="14"/> <seriesInfo name="RFC" value="2119"/> <seriesInfo name="DOI" value="10.17487/RFC2119"/> </reference> <reference anchor="RFC8174"> <front> <title>Ambiguityfollowing abbreviation per Section 3.6 ofUppercase vs Lowercase inRFC2119 Key Words</title> <author fullname="B. Leiba" initials="B." surname="Leiba"/> <date month="May" year="2017"/> <abstract> <t>RFC 2119 specifies common key words that may be used7322 ("RFC Style Guide"). Please review each expansion inprotocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words havethedefined special meanings.</t> </abstract> </front> <seriesInfo name="BCP" value="14"/> <seriesInfo name="RFC" value="8174"/> <seriesInfo name="DOI" value="10.17487/RFC8174"/> </reference> <reference anchor="RFC8126"> <front> <title>Guidelines for Writing an IANA Considerations Section in RFCs</title> <author fullname="M. Cotton" initials="M." surname="Cotton"/> <author fullname="B. Leiba" initials="B." surname="Leiba"/> <author fullname="T. Narten" initials="T." surname="Narten"/> <date month="June" year="2017"/> <abstract> <t>Many protocols make use of points of extensibility that use constantsdocument carefully toidentify various protocol parameters. Toensurethat the values in these fields do notcorrectness. International Data Encryption Algorithm (IDEA) --> <!-- [rfced] FYI - We haveconflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA).</t> <t>To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework forupdated thedocumentation of these guidelines by specification authors, in orderfollowing terms toassure that the provided guidance fortheIANA Considerations is clear and addressesform on thevarious issues that are likelyright to match other documents in Cluster 430. Please let us know any objections. ciphersuite(s) > cipher suite(s) code points > codepoints --> <!-- [rfced] Please review theoperation"Inclusive Language" portion ofa registry.</t> <t>This isthethird editiononline Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language> and let us know if any changes are needed. Updates of thisdocument; it obsoletes RFC 5226.</t> </abstract> </front> <seriesInfo name="BCP" value="26"/> <seriesInfo name="RFC" value="8126"/> <seriesInfo name="DOI" value="10.17487/RFC8126"/> </reference> <reference anchor="RFC4346"> <front> <title>The Transport Layer Security (TLS) Protocol Version 1.1</title> <author fullname="T. Dierks" initials="T." surname="Dierks"/> <author fullname="E. Rescorla" initials="E." surname="Rescorla"/> <date month="April" year="2006"/> <abstract> <t>This document specifies Version 1.1 of the Transport Layer Security (TLS) protocol. The TLS protocol provides communications security over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.</t> </abstract> </front> <seriesInfo name="RFC" value="4346"/> <seriesInfo name="DOI" value="10.17487/RFC4346"/> </reference> <reference anchor="RFC7465"> <front> <title>Prohibiting RC4 Cipher Suites</title> <author fullname="A. Popov" initials="A." surname="Popov"/> <date month="February" year="2015"/> <abstract> <t>This document requires that Transport Layer Security (TLS) clients and servers never negotiate the use of RC4 cipher suites when they establish connections. This applies to all TLS versions. This document updates RFCs 5246, 4346, and 2246.</t> </abstract> </front> <seriesInfo name="RFC" value="7465"/> <seriesInfo name="DOI" value="10.17487/RFC7465"/> </reference> <reference anchor="RFC5469"> <front> <title>DES and IDEA Cipher Suites for Transport Layer Security (TLS)</title> <author fullname="P. Eronen" initials="P." role="editor" surname="Eronen"/> <date month="February" year="2009"/> <abstract> <t>Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346) include cipher suites based on DES (Data Encryption Standard) and IDEA (International Data Encryption Algorithm) algorithms. DES (when used in single-DES mode) and IDEA are no longer recommended for general usenature typically result inTLS, and have been removed from TLS version 1.2 (RFC 5246). This document specifies these cipher suites for completeness and discusses reasons why their usemore precise language, which isno longer recommended. This memo provides informationhelpful forthe Internet community.</t> </abstract> </front> <seriesInfo name="RFC" value="5469"/> <seriesInfo name="DOI" value="10.17487/RFC5469"/> </reference> <reference anchor="RFC9155"> <front> <title>Deprecating MD5 and SHA-1 Signature Hashes in TLS 1.2 and DTLS 1.2</title> <author fullname="L. Velvindron" initials="L." surname="Velvindron"/> <author fullname="K. Moriarty" initials="K." surname="Moriarty"/> <author fullname="A. Ghedini" initials="A." surname="Ghedini"/> <date month="December" year="2021"/> <abstract> <t>The MD5 and SHA-1 hashing algorithms are increasingly vulnerable to attack, and this document deprecates their use in TLS 1.2 and DTLS 1.2 digital signatures. However, this document doesreaders. Note that our script did notdeprecate SHA-1 with Hashed Message Authentication Code (HMAC), as used in record protection. This document updates RFC 5246.</t> </abstract> </front> <seriesInfo name="RFC" value="9155"/> <seriesInfo name="DOI" value="10.17487/RFC9155"/> </reference> <reference anchor="RFC8996"> <front> <title>Deprecating TLS 1.0 and TLS 1.1</title> <author fullname="K. Moriarty" initials="K." surname="Moriarty"/> <author fullname="S. Farrell" initials="S." surname="Farrell"/> <date month="March" year="2021"/> <abstract> <t>This document formally deprecates Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Accordingly, those documents have been moved to Historic status. These versions lack support for current and recommended cryptographic algorithms and mechanisms, and various government and industry profiles of applications using TLS now mandate avoiding these old TLS versions. TLS version 1.2 became the recommended version for IETF protocols in 2008 (subsequently being obsoleted by TLS version 1.3flag any words in2018), providing sufficient time to transition away from older versions. Removing support for older versions from implementations reduces the attack surface, reduces opportunity for misconfiguration, and streamlines library and product maintenance.</t> <t>This document also deprecates Datagram TLS (DTLS) version 1.0 (RFC 4347)particular, butnot DTLS version 1.2, and there is no DTLS version 1.1.</t> <t>This document updates many RFCs that normatively refer to TLS version 1.0 or TLS version 1.1,this should still be reviewed asdescribed herein. This document also updates thea bestpractices for TLS usage in RFC 7525; hence, it is part of BCP 195.</t> </abstract> </front> <seriesInfo name="BCP" value="195"/> <seriesInfo name="RFC" value="8996"/> <seriesInfo name="DOI" value="10.17487/RFC8996"/> </reference>practice. --> </section> </middle> <back> <references anchor="sec-normative-references"> <name>Normative References</name> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8447.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8126.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4346.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7465.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5469.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9155.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8996.xml"/> </references> </back> <!-- ##markdown-source:H4sIAAAAAAAAA+087XIbN5L/8RQ45sfaVyQlUpQsKblsJJGOtZZlnyjH50ql VOAMSE40HMwCM6KZyKm8xlXdVd2z3KPkSa67gZnB8EOSc065smtXYksYoNHd 6E80gFarxbIoi+UhPz06P+IXchKZTC/46zQUmTR8rDS/PBtykYS8Dz8wMRpp eXPIH/UfY/vaUSxUQSJmADTUYpy1IpmNW1lsWnoc7Pd6T0aRaXV2mclHs8iY SCXZIkUMBpdPWQAAJkovDrnJQpZbgIcchzGYdoexKNWHPNO5ybrb2wfbXSa0 FIe8MZRBrqNs0WBzpa8nWuUptF5qkZhU6YyfiYXUvOp1LRfQMYR5k0zqRGat PmLLbmSSy0PG+f0gOLeYN97AjFEy4d/iEGyfiSiGdiD6G6S+rfQEm4UOptA8 zbLUHG5tYS9sim5ku+i2hQ1bI63mRm7B+C0cN4myaT6yAOeTrYqPDcZMBotz JWKVACYL4L6ZCZ1d/T1XxLlEsTQ65N9nKmhyA1RoOTbw02KGP/zAmMizqdJA cAsm4jxKYNDf2nwIEOdyQW12Mf+mZK0VkBVJ9JPIYAUP+XcyEeOIPkhL/Y9K fmNs/zawtzbBsM0vc2C69uAPpUj81jp8k+zo0AdvoPs31NoO1IyxROkZ9L2B tWNRMvZ+a7VaXIxAQkWQMXY5jQwHCc1nMsm4kzCeTSUPpiKZ4M+qJvNWyLUV 8ggYPBOhBDL4xdMTEsw2P824CEPDBU/knN+IOJe80W+Q+oSRCVSuxUSGDCDj RBcSMIbpQxnyQMX5LOFqTF+MjGWQQTPOW02JuDA3Q+OExmaNYigAFXHMgTgg 1x+UTUUGlIIIZEzEoCXhgk8F9FkF0uZPowSgLJo8qjGFOXi0CgD877k0Ga4h aGCAbaa9iaUle+wKzKIwjCVjX6DCaRXa4cuDC8jGch1om4nr2tIAj/PZCPTQ sQz7MY9qLWOBHMRV3KC5/BGw97FdYJGJiRYztrkvysBjkNepNBUilsia2KBY gOTxn3/+FyAdKX//Hmj/SpgI5AWU8jpU8+TfGqNYBdeNr0GWkUOD/unlywt+ /vJycMhfxVIYXMOZurHAYe2kXcixikGXgN1fbRHEr+8EjfBI/JA9h7zOZJPK IBojszy+4my6sOTwu6UQbdwSjZxo9EisEKJpHPTAisxD9IKv6gV7sF7wu/WC 3akX/D698GkqKIqNqtmNh6jIF/xS6lmUqFhNFghUcnBAHD2Q4Y0Xr4eXjab9 F5cOf74Y/Pvr04tBH38ePjs6Oyt/YK7H8NnL12f96qdq5MnLFy8G5307GFp5 rYk1Xhy9hS/IvMbLV5enL8+Pzhq4rFlNTMCxIhNHuOLgIlMtcQUE+HdpAh2N 4BcYc3zy6n//p9NzYt/tdA7evy90oPOkB7/MpzKxs6kkXrhfgXELJtJUCo1Q 0IIFIo0y4C70BY5PQaL5VGoJ3PvX75EzPxzyr0ZB2ul97RqQ4FpjwbNaI/Fs tWVlsGXimqY105TcrLUvcbqO79Hb2u8F373Gr/4aR4nkrc7+X0GXQGQonsK4 ouFpRoOfkGj+xfDvUKGMlSZf3laX0jNXq86nyZSOJtb+ozbZdfVUnFQphKVH qDq0itxETW6CwQtJMQBL0ivh1Bxmb/QrFW+QAeUpKkGGYnRjcXf6XSfQKTDI H3jvt4cMYzSapVBesvsQLoLagg0DimVi8uqbjTMyOUMsvAVpWztIUjiD8MGD JoxRQYSOgwbPJFq8yBCEcZSRxcJ+aa5TBSYaf59Po2CK/nIOWIRyDIsXtmn4 CaA+zmOOtgU546gslsNaigKkP5cNh2QgjRHODANLNMV4Fs80jYEToyhG30Rw gYIShJ3+smAPcD8OAQvH26qfo5ysXhzBkji6a+CbfJQDcRGoZqrVDbqa+vSA FjAZCLLgCEJhG0DfFxa0sDLpeFBRC+RXlOIiggkFQ2N5APyJAGxuUP3PN4gA LTGKAFrykZQJlyhW5P5HNkgtJcUycFl2yJ8lqqIEAkWVV0JkcsDfZ7YvKR7b CwcrLS4FXVG8cOIkkmr2unDFYi7DphVK6gLoVCIt34FrMUvLOosmU7d4nvAr DtEDerGEGGMoLiCDDT6gAROUDBmBv6YFQRYDGBRRJwXLAqZhCUB//fWBBenf tSDIiErxHWsQF5zGSiSIB6ws+X2QqiSLxou62jmYllAtTR6jR0UxHMVIWkRr sSAXhZAgoclBF4UVHsHnUlzzQC/STEF0l4KigoeBvBLyKBI84S2CN1MgAJjL UsDjKTBXBSeqqROQ8TRWCxSXNn8D3qykTlQRFHyEvx1Cv/36X/3ffv3vJpeA gNTODo/BuSUgKNwZAhd7GGfgObm4KAniHITU5GOIqSL47vBzGY6iQCcE14zh hQSjtLBC5lBCKSfVoIXF9TidpTHJOtgVSiwQHtANvzl/h4uNHEc44JJQiHSF racAcyCnWvhMOQtQ4EKRowIxsRaATJmzmuWgysUiGwqvXkgIyNpQZpnlrXUs QG3jbQM7YySJrMPInaawTki6jmOtZn5XcoobXA1GbRHIGSP9GqK5FRiZHZFD tXQO3oE4ZLBuNxEEsxhaD4bf8qMUbaOIy5CnuwcxMT+n2DJ2muicA2YHFWzI OIJrzAHAZkirDCOMdDNWI7HNj8CSEq/QtCgUoHkELqiI4kPUOBhGnDl3jtbR BR5lFIvkmpyNdbnOTaPiJLCU0QQQw6mAeqlv4Oc8icF4VWE8RgUAHoPYL2rR wznmJj9/Ae6lhWnKe8YGaK1wFbxo20XWlMioxBlAkXhucTUigXTU6oSf2KFR yY2x0QklBfnIYLSNGY10kQ+FPTRXVCRpIaPlE9AJZB5EuPBRhbigcFiREaZI syDwQPLgHzB04/VCU2M7Jc7rHABRy4jp0KO0+F9ySBhgKWlctMGUOnPhXBwj Pc6mWuWTaeXHKhcAkojTNmnAWoMOfkazyJB5I36T20HhKJYb1Q7soJGmzZHy TSrDPOqBfxusP7ndu1W8CelECqBxNfLUSQjoc07G7cuaMcIZfvv1P41vjhD5 IBaYq7cpasYUcfAO6MOtxctFKl2cXO5TMnYKiaVGYwTYAyjMLWtprhOwNfs0 oA3K5oFNRjsUkSlSPqvCXqS9EZHSSdTkrcWPwh9zk63mlLSuYa6lv7lhnF3E 3uBfPFzB05To+hP88ssvZKD/XxaVIHyoVcUxv9+yfu/s6g9tIoEYFZKvdUJg 9w9q+Q65GsvIotPUBuO4HeV2qjdjXjq2QiJIoWiNRxLYCboxSOxuIIdEXqbY OdI2XKOMDThE+TVEXtL2hI+BTKtUomiOErdGxGwBUQaGe2uFS9xHt4NtSuhA 7S1JHb+tZJHf8+e2Jvm37PawhX/cP/f8ufV/OYTBPQAIqWmCBi68ms5EsG7G 4k8f59vd4beg94m16ldRyB+BkQBHgyAerx3S2+a3F4UL20hXfcjehw6pJMd3 Z2vMhJUf+S6zmXTpIt+T9DnnxutcadLyYnslDhh94SqXwaKb4JAVNYT5fN6O RKDL2kF0I3E/TlD0293udLaebD/Z2d7Z2y9/aKfhuIbHHGdwjHBRAuRBN3Ij SqWB3ITW5tLGzEy2qBgkJ/A/avzW7nF/r/vs+OmP6urIvGm93VfT7/I3A9mZ nG6VJv0kStEXDiEjq9nyobyBKB13j6hyhBoFcUVAvY3tjMGO75RQSyYyoWHo 7mh3XUs/YYK4i7ETHwh5Zux9/vrsDNSL+IvK5HYSixTZBb1jm9gI9Lq2NoFx lARLR/uYgCIQ1eavtMoUMM9tZVpfbUMZxEiNQWUxXqEwjZG7Ipu6PAUijRGO 27ROKXcBj2i3rVmNHcse2K6mKv3+EuEVVwb/8erlxSUxwSZYthuhPpfI5FJJ ASbDVeu0Oy4y7u309kj+3UKuQBfJKjNxEwELVEhnsf2KfNKS3eQxriCYS1QQ lbRSgVFelkFUbYpedYy4w4gtYXRx0kNTK3yqCAKa1hoAO/BJb2+XBvYHtkx0 2h8c0XSIOwYsgLuGEbQecp28LSFX1Q12e3sHNoHQOP2L/i46xOGzo1bH7WGg dV8lzY4+6OxazD5HOJ8jnH+SCGepuFXkYFSFv7YmZKnMhRW91svnVY3nlhcx ku9l+LmYyd8TKD0wUlobMmHExLffbW83t991BjAD4Hr1/OJ49+rN6eWzK7A4 VyfHJ1dgEJbDlD7n3tju9spYMHNXne7+A8Z2VsaihXvgxN2NSKMxu3tsbyPS 94/d3Yx0ffCasXv+WOvm6qj3ti3ltzZ0LAc+2TTw4qTrD1wet795XG/TmIMH IImULo87egCO68Yd34PjujEnbsyr4XPbF6OlddTsHy339MVzqfPx9iaw3d29 lc6dTZ139nte5xPsvF2s/OCk/2yAfw+PNiJuRzzZNGI9ATSos10bdHHfJJ3O +v53TLGzUxtyD1vtkIP1QzZhtXN0d//6Ytghx3cPWbMkx4URsBA3AD7erXoB kDqsj5KnubxjmKd4LATG0OmuT7ONtILEpgDLc/v1AEtBYkEFRVdQ+Bwt/XNG S7VgJ4eMf10Qg//ZSATsEO6td/Z2rjulCqKHd626at3xWrtla69oPfD77nqt Vd8919rd8Wd7UrV6EPbL1gOvb8cBTjt7237zXtXsweg88ZorNDr7RfNB1wdy UDV7QCjQwuZut+fzqFM1l70/0v7RRXU+rDGI4yiF5JgHtJh0aNU0LHyqgC2b ApClMtsyhXy5zSApgmlRlSnE8e6NIBtRA0xXvFzZCAJqBZ68vJa62giaSYla sdXp7G/NgB06ErHZMjGkzaYFjcunhbe3vZ19MoSanwnQPN8abz7YuSHVLBTP B8sc2Mq+gtL6sO405u0HZszrSVi25Sdka+6kABd4WDtvd2FtbGirsXVLWtGC RafPvmC9L3CGfK0ZX7P6ayz7x9Jzzyv5cLSKZamllj12IxV3rUx1UNRVMA+p IOwPsvuJtM3ixtNGl3eorzz81cSDsLQaHTrrObihEqSrQEaeopS1z2KHUtRP gtKRP7Y6tV83t4eNAJxKJrhbmrgt21L+8XgQLGi5PVgaIcHTfAQhDp5gu8G9 Z9wXrM2PdXRWP+vPH9myrIHwiHQV1zHB/WQLzUyLnUks0z9mdHCk8q2ofCKh gjw3pfCOVIinqJMwJ7bgbiBoe5TPmixPIoBt6OhUlIFRlVnQpr08e84olp7D difNYB0vq3WeiUVJ/ExpPPbXCiGImDoJMPbMlpVa4ZSEmSmdurGnpMDkX8vE kQXCqLSxJ58qibLWKUbr1KZjR8xNT0dfgQR7eLisVVNPu4OKtXo65gNGwqqM GrMU2ix5R8OT01MMovAsPm4dj2BhEzIlpAoNm2YOLhptF/LgZjWr5nVnpFTi zUrneIEtchy9Qypwx8euiiWBkWt7J/DcS9O2Gd64lgtrqGbCILngq7XMhIZW YZ3DKApDmTiPi3cUiFg69VAdMa77vXZZrQB2WdEDm79IP1H1eRWLzxuzf373 0v6o+e0zYaZH5dk4P5wiI29LJtuEQ1HQWa71OBN+cAAmvOl6dcmWMzo8TkUP OmSiUImimWzzD1cCtqoE67OiJSXYQOBDE+dSAf74eOlPKtGv7+K3f6XEpqtr TxPxur2octQ+hSW20rp+u53zpe32lRMIHFO0BH3GLX/LXVrLZ+FutZ9LKe1U LGWzU9HtVvtTPddEm1Fvqzx2KuzO09sqiZ2K3U63bMJ8Ei89RSAJgWt1jP8I +1MUT4GA/kMr8Roq9WdN/oM1+Q6mb1BnIGmd+799uDYv187WKzOeFVjMVG5u +Xmp0NqIUuVQ+UL6/bxUZxmEXg/c+5Fhd3eX9nUqRZVhr7dfaTMq9gSyA73T 62x3tzvdK6v/Fuze7spnq/jnH0XFXSwZ47FvL5ajSvupPTgfYRT9qRT+j9P3 e2lmH7wD/ln9P1D975e7+6zBWlvwAa79AdbAKf4Vbissab8pGisTgD0hS5Th VTgtP/Rc75UPu26ETKeQImsRw8eri8FwcPHdoF/btcbhd/eibeIxZtY//SSu wplZA6hXGKk6NXu7NcyhR4Xi3l45Zt3XJ848EcCa4dr3v3x8m/XKXD+Xi8E7 axleqFB+kgR4DRqf7cY/bkq7FBEPA9TIT1OwXcLhs9QtS93vK2j+iUQR1Ioq v+WTAvZaH1svP859rnnEoF51qy5EkfxsOoHpPh1VB4pb9l2L4sAxP5cTlUVW 2h4dnb06f1x9O+0XAE4EyG94Wt02XJ3D32QE9CG+pEd9eJU0eODuDetaq4e9 izaFl5YyHFEQfsJfqQik4ilhZ6pmW9mmLU/XiCco7LVHkEZ89aMYxB/5n/AL Dnvshr02Ur8QaQqsX6W8VPKKVvcF90BWGo/opR33ok0Nh2KUFDobSZHxF3h7 bFKnwPsKfmwFB2toXOuq33MfnvefrmH3cHj2fPD27OW3T0/PBq4s6QqqeMoB N9W9i3i40R/HD3tRg1USjdYGN89NKdxU64CRlJnQ5UadAsJ0e9slJDvtDfqi qx15guprzIoWucPoy4XXwiiTui4ZsDHKkKYb4WAfXqnMHrWvLpOfXsAPfWeX ykcYMq+SsqEwG0xVFMjyaa0Ag5JU0c33yLhXS9ScvkthFnW/QLfdqhHLl3FZ Wr9PUEigd+vTVoHIedDLKPECkkL4R6VU+sOj6/YWLNpwoNFdccYjsyNBl7Zl MKV3TCJ3tcJCWwGCLEAAWwQtw+varhA1wqcQEsoxAwUOOUpE5UgKD/rmW1y2 0l17LxBolWok2dW8isuiJCHCYIbprrBWoBgoQqRNedHSu0Z7Ewn7pFTTq4u6 gpcpMA5lQG9zVKyvLYu9hVg4KWPvODOrAU4d7B3sUKWZvW5bMQ7pUcZdS6Ee yAvQAHoQbe6eFrMHO4pFodu6eJ3GtZMEX/iCcmGVBQSz1ux0yF0CGdElWvci B6wGLgoK71zxuVigh+m0+TFe/7X3M4lPFJGIRHyDf+Fxji8t8+1He9mT2WsO tdWCmX7EgOuRbE/a+EyNeymHlBlRlLp4O4TEjY2ELlW08RhI3GmDPS7iGZXQ iqBj4iJbug9lEdvCj1uFSrTsbWe6ts/YBuW0hW9bjC5jtpJpQssSVywNj/HE CL6KoqVszaW8diKJ75xEKixCBxHeoMYDZ4nB2pZuV6WtzZ+pOZafm3UzQDDK ABThuEtawFn8rJgtfld19tUSv6HasS0JL8WaiiIteo8HS9HQaOhaOZkM+67C 0qNOVKYfyapKTvJXPpl14m7AWN1ACaxCJ88kOW5CKGnL7Jtuy9jnOHADynNE 7nbwtGDYhscerB1MhQZngQVnVqA+0grL4PiMi8SCOGolFv7tPhe+6GaPBZiI bhgVL8vUY2R8NiQv04ZSXmIxwcr2NHKPtswgz8ZXWMibhDcC7y3jjR/CGWQ1 XpiIrlsvvczgXmUoXgcABx9cV6hspNgdTAwgXooSmxz4l9PKO2gxWmx8gae4 NoY3mlblBu+Wazu0LgXIoJVDF/bAwAKljd15UsF2jHShMhsPKbA1hxQC7w5Z EzB1ATA+A1IclCXDaI9YUK2EoohlyVx6fA6JzcAOIEH0Dkz9ScBWUQNfehFw U4wyU6E9seAyCfcER/FiH0VePkdZaYb8aKt42AnPSOB7WLYCn4R1Ja5slGFV gvmgx+e8d+fSWIAtaBBboENZY6/yj9JH43j7Eh8V79xDEkXCVj964z0RV/gl 6+1Ki2xWDisu/mI2RFBM07m4KpjAhx2KTAmdkD2dCDpXO9P0fUGVd6YJ89HT cWEWw+Y6u1kJJi4mLTQygTgDdp+j3TcUhDCkB08CBSCUqeUpaiEEWnWP6Z5E HIngmv0fSJbSfoRVAAA=H4sIAPDdA2kAA+09a3PbNrbf8Suw6ofaO5JsyfKznbaOrTTeOk6u5bSb6WQ8 EAlJrCmSS5BW1Dr/5f6W+8vueYAkqJed9DFze+PZaWwQj4OD88bB2VarJbIg C/WJvDi9OpXXehyYLJ3LN4mvMm3kKE7lzeVAqsiX5/CLUMNhqu9Pao2rxwo/ 9iI1han9VI2yVqCzUSsLTSsdeUe93uEwMK0QO2YiyqdDnZ7I46PeoYiHJg41 tJ+InGc6kdhfmHw4DYwJ4iibJwhx/+a58KDDOE7nJ9JkvgDA9kSQwFRZmpus u7t7vNsVKtXqRA76Z2IWp3fjNM4T2oC403No8U+EwHVOZHe3u9/q7AovjoyO TG5oHi1MBlu9VWEcQac5bM1MVZrd/iePCbooFklwIn/OYq8pTZxmqR4Z+G0+ xV/eCaHybBKnJ0K2hISfIIJB/2rLAcw403NqY0z9K9a11jgdqyj4VWWw6RP5 o47UKKAPeqqC8ET+EuvvDPdvRzqrLTBoy5s8jXTqzD/QKnJb6/ObaC/13ekN dP+OWttePBUiitMp9L3XgLEgGjl/tVotqYZw/MrLhPj6H/Dnz3DO2n8nrwBJ MpuoTM60nKh7LflYfWjU0gBiMkk02JSzSeBNpEoSrVIDu8AeIs2jKIjGcqKV r1PbKl+fP5dxniV51pQK6TQELJi2fB1qZbQEApK5kXdRPAMynct4+Iv2cJem LcSrNBgHkQrhQLbOt9cTsDjL01RHGfR7Arm3Wt8s7NzCAqehYY8IhiU4I7eG eh5HiILYWOzwtov9EUa2BfJfDj3iSE6yLDEnOzuz2awNC7S0H2Rx2oYj3IFz Sr1JWy6D8PzthWzJn7ScBWEo/ZjmZmQhTmcTHeGxAMHfI4z0NQhh+VhePz/7 98tLPFu7RZnqUN+rKJNvri8NdhnCyDDw7tQw1AXgL25eXhKqqhNahZtn2lM5 bT0wAJeXTwHRljIMrk0835QJ4VCAzAn0jBbQaaoyBcAkQDlARYiior8UWxvQ xCN3rPzZFgilSyjBSM7jHJExCtIpAJ/KOAkioBo+oQj4X8YjhGKKQqVCSMaI hZEZboP6OPtqMwJuVu6VBk5UNNammGeZ2lKmtgDobApsgMgu9tyWF0A8PhCV khHg6F6FOfBS47xBqPED48FO1Fj7TWHnb1xr4GeAwtd+A6AO82lkNwY8HwKn AF5x7WpZhEfYVRpnNDgrh8K0CsgLeB+kgTuI0AZUF8WZUCGIYX/OImB5krZ8 jjwZzpsyqCFH2PlISMHk/8lBZSBTgWguWXo1aksUsYCaBr4faiG+kBdRlsY+ D18cXMxsGPOwt6m6qx0R4JkUVoEy7CecXQNZsHyL5U2qIoOEKi/VHEYMtJen QTaXW4DebT5koMlxqqZifV+kg20Q5xNtKkB4kzXyQdIAwSx/++0fsHXc+YcP BXJMor1gFHiMxqfRi1xFL+LJ9CI304vYSC/yMXpZva/QxDXOegrxfCFvdDoN ojiMx3OcVqOgliypGy/fDG4aTf5XXr2i36/7//Xm4rp/jr8PXpxeXpa/CNtj 8OLVm8vz6rdq5Nmrly/7V+c8GFplrUk0Xp6+hS+Ivsar1zcXr65OLxssXF0q RfHDEjgAmZMmqcYzUGB1aeOlwRD+gDHPzl7/z393epYgup3O8YcPBXV0Dnvw B2oAXi2Owrn9ExA3F5U+Qt72VBJkgF3StqC0Z6CQdKoBe//8GTHz7kR+PfSS Tu8b24AbrjUWOKs1Es6WW5YGMxJXNK1YpsRmrX0B03V4T9/W/i7w7jR+/W0Y gPRvdY6+BUle12UXkeUElP6ehkMB9QpijCkwIJ1ASiRmYi7NS5THoN/uUb9D x0yD0knlNA+zIAm5AZk6vdP+t47ZItFGQypFCxik2niSLUwsy4nB3nOnwdNr XDVkzLYVzDNUBgAFZg5A4sEsaBaEwTQgckoSUO9qGIQohsgUAblAywBLwcaQ e17rdKISMGkGMDQPVbr9KQA+Dh/hEnt+CpCvUrn1OgSxFn4cdE/EXQHbJ2GQ bIMv2MjCsXXtfEbS7ksjf0Q5bVg8uQJsWTY4mmGVpm+K2FISMDyIaBYVv/1W qgySzz4Aj/OmvqMhmqBdfJK1ACdbrfwVid3RHKSrZIJSNUM03DPsFlMrzQ8Q aGBrvj0R4NjxGoU+yIqjmsABOGdkv7HHg4QBMDgcjjDg6aBYm4Ij48ymjIm9 AHU0DZ5qVKCBoRlGYH2gHsR+SZ4maJ/j3+ybwMcZQOHrEUgDv03DzwD0UR5K VFeIF7vL4jhY9RRTumuxY6Y9bYwCRwKwngNKUvI2Gc469Yx4B+UUvHxJyYD8 0AcoLG6rfnbnROOWMGlkffphnrGXkKTxfeAvrg5QAY5hPzwbTVDoGvJtaGbF JGlRUG0Wdl9t1KF+9kIjEj7gDgCnXq2hAMv6hmyDoQa/RSNVkaE1ZG+5JBTG 3yLpkOEcxdVOwGMFB6WkIZMD/C6uXUJxsC6tvagZlmJfQTi31KSiavU6bYVq hmYV0aR1KRyK1u/BVDELp/qJ4r1EyO+W7+ebDmSZ7QOGBZdhggTygJMlaxio CjThaF7nOjsnbzTVBtQfCiQgQ3Ar4WtAZzEnkwdnasJJYZiAiUeB/6rupJfO kywGOzoBPgWLZQwyLpsQ4SnnEJyVyP+04RKwoGKQVgUmqqUjoPEkjOfkxcmf 0F0udqcK23Iu4SP81wKEYlJqWFynhbQbgaUEhkFDWiGwZBCTwRREXpgDiZp8 BPZsAN8tdDbQwhaED4YeGqvg0k/mTGIWIKRxYgw6VjyNiymYEbgQCBVy4HA+ 2DX8Za0nPGrEN84DBg6SUFqAa1zyn8GGqmPPYsv/BSzW+wVfm/if5JgVmeWg ymBDPBQ2YkEfQGkDnWWMWdYpsNvGW0IaOieIO/SQaAnWP9p2HKXx1O1qQxEr 9Qz6AAFQmSDuGqCsVWjnn5I25X323ycYDbnmoANMetEffC9PE5SMKiwN6O4B uFcY3yILmfnQagb0wqq5wbPz7tAbBYmhmRWGaC9morbFtjwFOUq4QsESIwnN AtA/1sdBRW1wGGHmqsFa1u4L1MkwVNEdaRrWt1ZDI9tEcJTBGADDpWD3Or2H 3/MoBNFVuVBoEMD06BJ9IR3kcQzvty9At7QAMv1BiD7KKjwFx3uznhr2sEYS CUNHJ646EXD8mS1cFxqFSm4MmyZkXOdDg94bSG1jI3lNNntouaDwh31BJ6gq a9wqqYJikD6YaqqwIRgev51QNPeD+IY2CxJvg61SOwWKV6zSBrR5QWcAPUrx /5UEbxROlsYFmxWdIH7OJmmcjyeVNqsUAVAkrtekASvFOmibVASG3RA8S1I+ SCTFsVOA0VNGm7bctG3hbBtl3BolQNp3M683wUtNYG48kzyxpAKMnZOU+6om lXCFL40rlRB2D/wM2BxQKnrvlwNgWdge3g3czBNtbeUyRisEuGjgzaNEjnEq DFnUIiebJAawRczhhaagkBDi2o1hN9YB0KhURI3YWvLU/yU3xfhajIJO1M85 uliEkYyVjOthdKdH0fy7ZCnrsY+Upzjm02Xqz1aivmszepBSVXXqHImqOTmk Yhh9RacJW+DtKmbtrwe81GgFDYQBnQh578AJ/YjjrVLeaZ1gzyBlE42cNMAO xWjA2tLcEz56Oqm8h6LZYq+KumcYL0czr6Qm9fh+7aymnLe9LtRPYjjVRO8W AVYfACQ3FKvvOHwgJvGsMrAsEooTf5yyrf/6QO3yoeotr9RUy/U/DzUN8yAe Tlr4Y/955OfB/eMEBvdgQnCJIxSm/u1kqrxVKxY/57heb1c+XBeqcC2Q9SEH Hz1kf08+gDyLWGndBr7cAuEHmhQB3V41ZIF4XXW6gZD1+4zd+FJJfyA+sMpV 1pHTtCRXJ0y0AJ2Yb2m28kIntSuoQHl8q4JXT8G93gE/Q5EV3t3tdHYOdw/3 dvcOjspf2ok/qsEzi2WJSkuf4I/d6w2gVXJoLWh4cWkhauONcwniztSMd+j6 WY9bfJ20s//s/KD74tnzX+LbU/NT6+1RPPkx/6mvO+OLnVKznAUJmvID8A5r KmWg78FjwMgo3UAjp4OV43Fvw72Ro1zViEw81hGNQ61Llyqpdr03MAOFOKvN QqYBdr96c3kJ7E9YRg6zkfLCYbdG+IjdLIXan69s0a7TIH8pTg9Awrba8nUa ZzGgz4bq2WZg8x1BikfAx2g8kdkoSF6QpF9cAqFGc8teViTkSYFq5usKUUfI oiXARxqXBsji1ivE9P/9+tX1DaGBHT7qx8DPNOK55CqYVODJddoda6v39noH xA/rZlfRMjoxqIE397hTq/8RM+I+D/EEh3xNGketRKHFmWVg5JvmGoCkBUgs AHR91kP7SbmboilQ9tcm4IGHvYN9GnjeH8giTnSBHl5EIAJh4YUSaK+SSk5L Z3jr4rx/uk3HixtFMytgJUHHp1fR56q9MCj7vYNjdIBenu9bm++01aHJ6RYG V/iUaY87+7zDP99mq7H2Z2Pts7FGRPWHG2qyfsFc+IowL90so5xZSABo4I1v 69UPzmXngywsrHNyaJm3H/9ZY2Y90c5aaXChvSV33+/uNnffd/qwAgB7+8P1 s/3bny5uXtyCZLo9e3Z2C/Jg0S46l9IZ291dGgvi8LbTPXrC2M7SWBRuT1y4 uxZoFGabx/bWAv342P31QNcHrxh74I5lbVgHvbfLO39gw7MceLhu4PVZ1x24 OO5o/bjeujHHTwASd7o47vQJMK4a9+wRGFeNObNjXg9+4L5oVq3azdHpYk+X PBc6P9tdN213/2Cpc2dd572jntP5DDvvFiffPzt/0cf/Dk7XAs4jDteNWL0B GtTZrQ26fmyRTmd1/w1L7O3VhjyCVh5yvHrIOqj2Tjf3rx8GD3m2eciKI3lW CAGecc3Ez/arXjBJfa4/0suznsogT2xO3PeY4/rXxr8WF19vTrnbrltTMbgg dA9qr0I+m0f/H8yjdbbNCssF/8fmBwgfvAfoHOzddUq+Q7VuW9Oqdc9p7Zat vaL12O2777RWfQ9sa3fPXe2wanVmOCpbj52+HTtx0jnYdZsPqmZnjs6h01yB 0Tkqmo+77iTHVbMzCVlX2Nzt9lwcdarmsvcfG3K61tP4viDXfhjieXoSPMF7 LcdWONASdG+3KAaAnkq3yhQ0ZgNHWnmT4i6pIMnHgkZsUsOsi7euVdAIdq4w df1Op1XQaKo1csdOp3O0MwXUpAG4tTsmBI/ZtKBx8S3D7q5zGUGiMJWXCjjQ lcPrU4DX+JUFAzbceQXP64pYYF93tkcEeXvjRUYN+PVy/IxkzUavmA54UMvQ vGYZ6/Mdcl2SVrvw8XLssyJYVARWjoMUT7IlKb5qIytE+5JG+Z3cvm6qNA51 yauMJw67YoCrerGx4ur1ZmE0ByFpETsRBcecPNcyea2JWdN0Ph3Kfe7f0/2p vT4NTEXM5Y1tEdZU9VRiut8Uy0u7l/+cLwXTxdEYQ6yRDfSW7IAZTnDIZUSx lEhKJvkQrB3MwLvHkDVGE2vrYzKA4MCezlrn+IRKbvFlsgFLidQ7nmyEYWie zUyKYCbmGmwLyn2pFC/yooooq0CakpyHsY8p95GfE1owJgjsH+TTpsijAOY2 lP0VZCBjdea16fKbMqVC7ShzmyoH53lTnfdUzcu9T+MU8xZbPpDuxFKCaVLW GROyslwjzITyhjjPCxTAnY7sroAs49Rw7lZFWSytQpRWbUqcEnZ5CkPCDjB1 wrlgp54cdMVsA0pUAqnBXBSPRAJtvL3TwdnFBdpU+KwJg81DOFd+jUQ80WCP s3/daFsjCOPbolrXZnlhdm+5KuW2A1r0KHiPu6DnSXQovAVBiu69wtydJrcZ 2bjTc5ZcU2Vwu6DBU52pFFoVq4lhAPIlsgoYn3tZmY485Wbel2qwXd5wALKY 7rTEO76/1nFYWv1zIPazglnybV8oM6kuMhyDiq5VdgmG4s5n8WrBiuzjYxDZ TdurS7Jb0PsJupOgjJh4ii/vprotP4XuxTLdy/V0X9tRRfPiyd5ySfJ/rp30 f5KO3zwR21Wq+8qMJ1kXEU/2U/G1mVyIsC+lLEh00OhN4YN8K61TK6f+fhXC JYd2ohZ82YnqdquQVM82UfzpbeXFThQHm95WLuxE7Xe6ZRN6k/gQLgBS8Gyr g/0/JCJFxhPQ6N+LdZe39Zl//2T+3YTyNUwMe1ql5x+ezsOLl2SrWRhzB+bT ODcP8qpk49SoktGQ5Xz6+6pkYu35Tg+M92i/u79PsZyKPbXf6x1VPIzsPAbT P93rdXa7u53uLXM9T3uwv/SZ2f3qD2RsazGGmJ7uWG6UGnbB6f0BWsp/BzZ/ dJcN8fEx7s9c/xFc//gJPCoEVoqAj9DjTxAClt9vMVSwwPSmaKw4H3uC66f9 W39SfujZ3ksf9u0InUzA701VCB9vr/uD/vWP/fNagBqHb+5FEeERusu//qpu /alZMVGvkE313Rzs1yCHHhWIBwflmFVfD61Uoglr8urI/fJniarX5u4HPe+/ Z7HwMvb1X+rdLi//KRdjn4XGX+iy/gFEV1orAw8Z8q+9iK2v/Znc/t7kBlui pcvLLX4wLsTSpeyqMhz1+7LqARYRyLrkf/vptEoZbnHFkiKlWF7pcZwFTE1b p5evr7arbxfnxQRnCijUv6jeNy6v4QYHAXwwGKkAmJPT6kz3mLFQ9HOzPos2 rtyDI4qNn8nXcQAE8ZygM1XzGV1kUqjSNmLuAz+0LNJv7SC55X7CLzhs2w57 Y3T6UiUJoH5558sOj/1Qi2QUR0EFxmwhrxoExSCt0myoVSZf4vO0cR1+5yso qCUIWJDY1mWFZj/8cP58BbIHg8sf+m8vX33//OKyb68U7TUo5ihgANx59odB +TB8WkUYUdEzypNamJuuJajimE11jtME4KWn4ta92LPvZ4rnMy/VHCthpXR3 zTKhfEJY3lPjs3qAuLxj6n3LW1H8N4HPMFbvaIrOh/XKY/bCgK6kqCoNx6xT Ct0/Erkv3yHSM+9VN8611znQxxEH6ZMuB4rqa5uvhEkCLUjgkbRl07gKWJzx S4HqZf7FNfxybuVtWdCiKpyl190Ye5M48HRZk9AD2ktiqiIQGFtTKJ7RZ63M vK7T6NFgOWDxZbNI6o8hCvZyntDydRTpPipbFM7BgYV/4oSOGRPpBeXi4zZR DcEu7YtxzOUdKnoDr70JlRkK7OMQnvHRibgkj7Q3Y0MsLhGRX+zFYE0EnPpf ZQEhdn76HsmjtDWcog5pnKQB13PDEyve3xIlKoMusX0XXE0lziYqoJJ8/FzV eZt8HyguF9h07mntDZwpIPa1R+VzyhOoHQ4/6Sw0sK0vwUxuuYmftftxkvEL 5gp1uJvY2Kc11AMxAVxO1SGx3iP24qyTApv0ABrfBNl2ouJrl1qumSWBOGvN llPtM5YhvUq2FU7gLIrqcLNYztQcVWinLZ/hi2p+6UpYIpNKReo7/A/mmXzF qOeP/GxW8BuJ2lnBSljBUG7p9riNdaRsKSsSGQiiTotKLERwYqjSkk0b27DF bhsUTmGUxRGdB2peiaVBag+7GLAd/LhTMEaLH5BzNTuxhkH5Gp6vxkurs0Qa V8xjWNEgGWEmC9aYSbVuzbS+swSJdWOC2C9sIuXfI9cDZgnBKd8kL9NaW76I Z3gZ3qzLApqjtJxxHvvaDDCLn2PBV/HVrf9ywoGhq2y+oV4wlmOyIqlgFoBl oNHQS30SHFyoYqFGGSUNDHV1Z0/0V1Z7O7Ovcpg1kAKroIQjmCw2wR7mS/91 T224vgmGzBxda99ZTwqEramewdIwUSkoDLz/FgXowzTGW3ksi6Pxfh65EtMQ ODKHBQk5ScEE9EqqqNRTN2+xDkteejwlvYRqjBftk8A+bprGBsWFRxrFv1f4 BhzLKxDMQKvh3AT0cn2h2IUtdFEUXAAbxrurQFm7Y6u4sZRjELGH476vK5/R hSizsaJR8fIN32Qt0w0+0095aJ0KEEFLKSCcvzBHahMbEye4Y5AWLLM2Z0Ks yJlwn+Q1AVJr4WNdlSKHlwQjJ3zQZQ5ZD4uUuVA3ETebgRzADVFhHedRC6rA 4mZ+oaBl27FNprEfWO6x18a2lklRYpJMShePohQ+rhlZlMfiEqfsyKIYXlkO EK0BUTnGrlFIgNmDWEwuJPCogCrpZviTQXdKUwWpULZIF1miQPwJljZGZ/rq 1U3/RA4ono2+nU1OsRYmGQDLOC9qXyB5ejqN2GmjXQhZ1Ucmoi8qtKY2G5MK fySh8rAyzLnOgOTMilWtVS6sTWsrvMmq1AY9OqyCF7Oqdm3JyxtOuylWVQFm DBSFBW3W8opSvsGo9loKX2PiVkmE1mzrQoGzWVCqLrOUcjr/0qwxN3GaFNdx zC70CAq3GRU2J5kCwmrZaD8TY4AqbAoKmVhn4eAd19ewasRvrtIzFSNj9hBV FoU50LIj3IKqlKgqUQA8t1vDXC5PF6VySXLB2dWtjLZbzJieF3GqXQ1PNeYo YjOrkdOws5ThlbWoqoGBRFjZTGA62mlwn3AQziNkMk2aaArQGlQa/F2RZUVq CDrMQPtJTu7FWdLKJnKSDjeck00afNe0E1S5g0zlVLYH62bBgY0x9NDGPnpD xMxOxOljRMeEWSvDy0CHLZqwlPn4ycfhml7i047CHoJ4/BDKMxDOGXws9sWa nM21mF+FeOGEKh9F+aZyGTZGFiHYistXFLZjJfG59n1gV+YKvQT3XvsAxSei 6HCv25VbDfx1kM0Bou9zEN9ggBfizCpsymQvFxP2eEtl6nFNwZCutawN4cXA wF4WITZAgXzco+8VJbjrGHDFsfPEQ6dTUwUKsSq2rcpONdSoOHKGOfmUwFi5 cLCfszAnr6S3t/u0suz2RT9aJVtmW35Ts1OgRaD3KK0D/43r/q8tve6UDW9c YCDbYMHhS+CPXI11Q6K1Y52CyisSzsHJrzeVXcd+Y+y2AzZy1t35IijWuA3t Gt+sqjK+oMOk1WGy/L9dKAqIc/xNZvOEq3OJqjwe0TdeoKMTXqxWlNCHoRMd JliVkiUJls5HHFfF+LG6Od99Sj9gy3EEpjfBxpWPsQYfbCvwsKhrkakblCpK mMx6Azatm3OPocFgDQU0HzzNgg7ToYbA0eJ/AcZrjGNwYgAA --> </rfc>