<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.2.3) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-davey-tls-braid-00" category="std" consensus="true" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="BRAID Multi-Strand Certificates">Bound Routing, Authority, and Identity Data (BRAID): Multi-Strand TLS Certificates with Structural, Owner-Controlled Revocation</title>
    <seriesInfo name="Internet-Draft" value="draft-davey-tls-braid-00"/>
    <author initials="G." surname="Davey" fullname="George Davey">
      <organization>Davey Group LLC</organization>
      <address>
        <email>BRAID@cpu.io</email>
      </address>
    </author>
    <date year="2026" month="July" day="03"/>
    <area>Security</area>
    <workgroup>TLS</workgroup>
    <keyword>certificate lifetime</keyword>
    <keyword>revocation</keyword>
    <keyword>delegated credentials</keyword>
    <keyword>DNSSEC</keyword>
    <keyword>RPKI</keyword>
    <keyword>certificate transparency</keyword>
    <keyword>DMARC</keyword>
    <abstract>
      <?line 56?>

<t>This document defines BRAID, a negotiated profile and set of protocol mechanisms for publicly trusted TLS server certificates whose continued validity is bound to multiple independent "strands": the issuing certificate authority's signature (the Authority strand), an owner-controlled, DNSSEC-anchored freshness authorization carried by a short-lived Delegated Credential (the Identity strand), and an optional routing assertion that constrains the certificate to a network origin authorized in the global routing system (the Routing strand). An optional Witness strand adds an appointed third-party co-signature. The requirement to satisfy each strand is signed into the certificate, so the strands are load-bearing rather than advisory: a certificate that is missing or has a withdrawn required strand simply does not validate, and revocation becomes structural and owner-controlled rather than an optional status check. Impersonating a protected domain requires the concurrent compromise of two independently held credentials --- the end-entity key and the owner's DNS publication path --- not either alone. Because a compromised certificate can be neutralized within a short freshness window, BRAID certificates MAY be issued with multi-year validity periods, subject to root-program policy. BRAID support is negotiated in the handshake, so a server presents a BRAID certificate only to a client that offers to validate it and presents a conventional certificate otherwise; deployment therefore breaks no existing client. To remain deployable, BRAID reuses existing standards and certificate structures rather than reinventing them: short-lived keys use Delegated Credentials (RFC 9345); the requirement flag reuses the TLS Feature extension (RFC 7633); routing constraints reuse the ASN.1 resource types of RFC 3779 inside BRAID's own extension; witness attestations reuse the Certificate Transparency signed-timestamp and Merkle-log formats; routing validation is delegated to the client's RPKI-validating resolver rather than performed in band; large validation proofs are transported by reference with client-side caching to stay within the initial congestion window; and enforcement is staged from monitor to strict using a policy model adapted from SPF, DKIM, and DMARC, including a graceful-degradation mode that bounds the availability risk of fail-closed operation.</t>
    </abstract>
  </front>
  <middle>
    <?line 60?>

<section anchor="intro">
      <name>Introduction</name>
      <t>The maximum validity period of publicly trusted TLS certificates has been reduced repeatedly and is scheduled to reach 47 days. The stated motivation is to limit the exposure window of a stolen or mis-issued certificate. This is a direct consequence of a deeper failure: certificate revocation, the mechanism intended to cancel a bad certificate before its natural expiry, has never worked reliably at internet scale. Online status checks (OCSP) have been deprecated by major browsers for privacy, latency, and "soft-fail" reasons, and traditional certificate revocation lists are not consulted in a way that protects users.</t>
      <t>Shortening certificate lifetimes is a mitigation, not a remedy. It imposes a permanent operational burden that falls hardest on small and independent operators, and it does not repair the underlying mechanism. This document takes the opposite approach: rather than making certificates expire quickly so that broken revocation matters less, it makes revocation structural and owner-controlled so that certificates can safely live for years.</t>
      <t>The core observation is that today's external checks are optional: a TLS client will accept a certificate even when revocation information is unavailable. The TLS Feature extension <xref target="RFC7633"/> ("must-staple") demonstrated the right structural idea --- a validation requirement signed into the certificate by the CA, which an on-path attacker cannot strip --- but it failed in deployment because the requirement pointed at an unreliable dependency: a third-party OCSP responder whose outages made hard-fail enforcement untenable, so clients enforced it softly or not at all. BRAID retains the signed-requirement mechanism and replaces the dependency. The evidence a BRAID certificate requires is published and refreshed by the certificate's own owner, under keys and infrastructure the owner controls, so the party that bears the availability risk is the party with the power and incentive to manage it. An on-path attacker can withhold a strand but cannot make the certificate validate without it; a certificate missing a required strand is invalid. Fail-closed is achieved by construction, subject to the bounded graceful-degradation policy of <xref target="deploy"/>.</t>
      <t>Two design principles shape this revision. First, reuse over reinvention: BRAID does not define a new short-lived key format, a new requirement-flag extension, a new encoding for network resources, or a new transparency-log format; it composes Delegated Credentials <xref target="RFC9345"/>, the TLS Feature extension <xref target="RFC7633"/>, the resource-encoding ASN.1 types of <xref target="RFC3779"/>, and the Certificate Transparency structures <xref target="RFC6962"/>/<xref target="RFC9162"/>, each of which has deployed parsers and operational history. Second, keep expensive validation off the client's critical path: browsers do not parse DNSSEC or RPKI in band; those functions live at the resolver and in dedicated relying-party software, where they already run today.</t>
      <t>BRAID changes nothing for parties that do not adopt it, and --- because support is negotiated (<xref target="negotiation"/>) --- deploying it breaks nothing for parties that have not yet adopted it. A client signals in its ClientHello that it can validate BRAID; a server presents a BRAID certificate only to such clients and presents a conventional certificate to all others. A CA may keep issuing short-lifetime certificates unchanged, and a client that does not implement BRAID validates ordinary certificates exactly as before. The mechanism is purely additive --- an enhanced option a CA MAY offer and an operator MAY adopt to obtain long-lived, structurally revocable certificates in exchange for running the supporting machinery. It is therefore complementary to, not a replacement for, the prevailing move toward shorter lifetimes: the two can coexist, and each operator chooses the trade-off that fits it rather than being moved onto a single path. Deployment is correspondingly phased (<xref target="phases"/>): the earliest phase runs entirely on infrastructure deployed today, requiring no new client, CA, or protocol code, and every subsequent phase delivers standalone security value rather than a promise redeemed later.</t>
      <section anchor="goals">
        <name>Security goals</name>
        <t>BRAID aims to provide, for operators that opt in:</t>
        <ul spacing="normal">
          <li>
            <t>Structural revocation: a certificate cannot be used once its owner-controlled freshness evidence lapses, without reliance on a queried status service.</t>
          </li>
          <li>
            <t>Owner-controlled revocation: the domain holder, not only the CA, can neutralize a certificate within a bounded freshness window.</t>
          </li>
          <li>
            <t>Multiple independent trust anchors: forging a valid certificate requires defeating more than one of the WebPKI, the DNSSEC hierarchy, and the routing system; and using a stolen end-entity key requires additionally compromising the owner's DNSSEC-signed zone (<xref target="identity"/>).</t>
          </li>
          <li>
            <t>Long-lived, low-churn certificates: validity periods of multiple years without increasing the practical exposure window.</t>
          </li>
          <li>
            <t>Incremental, reversible, negotiated deployment: enforcement can be adopted in stages, with telemetry, without breaking any reachable site or any legacy client.</t>
          </li>
          <li>
            <t>Reuse over reinvention: the requirement flag, short-lived keys, network-resource encoding, transparency structures, and routing validation all rely on existing standards.</t>
          </li>
        </ul>
      </section>
      <section anchor="strands">
        <name>The braid metaphor and the strands</name>
        <t>A single strand is weak; strands woven together are strong, and the braid unravels if any required strand is cut. BRAID defines a base of two strands plus optional enhancement strands an operator MAY add when the deployment and threat model warrant. Each strand is an independent attestation anchored in a distinct trust system:</t>
        <ul spacing="normal">
          <li>
            <t><strong>Authority strand</strong> (base) --- the X.509 certificate signed by a publicly trusted CA <xref target="RFC5280"/>, logged to Certificate Transparency <xref target="RFC6962"/>/<xref target="RFC9162"/>.</t>
          </li>
          <li>
            <t><strong>Identity strand</strong> (base) --- an owner-controlled freshness authorization: a short-lived Delegated Credential <xref target="RFC9345"/> whose public key is authorized in a DNSSEC-signed BRAID Anchor record under the domain holder's control (<xref target="identity"/>).</t>
          </li>
          <li>
            <t><strong>Routing strand</strong> (optional) --- an assertion, checked against the client's locally validated routing data, that the connection originates from a network authorized in the Resource Public Key Infrastructure (RPKI) <xref target="RFC6480"/>/<xref target="RFC6482"/>, optionally narrowed to a specific IP prefix or single address, expressed in the certificate using the ASN.1 resource types of <xref target="RFC3779"/> carried inside the <tt>BRAIDBinding</tt> extension (<xref target="routing"/>).</t>
          </li>
          <li>
            <t><strong>Witness strand</strong> (optional) --- a counter-signature from an appointed third party, anchored in a public log, a public blockchain, or a secured private ledger, encoded as a signed-timestamp structure in the manner of Certificate Transparency (<xref target="witness"/>).</t>
          </li>
        </ul>
      </section>
      <section anchor="profiles">
        <name>BRAID profiles</name>
        <t>The strands compose into named profiles, each a strict superset of the previous one, so operators adopt only the assurance they need:</t>
        <ul spacing="normal">
          <li>
            <t><strong>BRAID-Base</strong> --- Authority + Identity strands. Delivers owner-controlled, structural revocation (<xref target="revocation"/>) and is the broadly deployable baseline.</t>
          </li>
          <li>
            <t><strong>BRAID-Routed</strong> --- adds the Routing strand (with optional address binding). Eligible for the extended validity period of <xref target="validity"/>.</t>
          </li>
          <li>
            <t><strong>BRAID-Witnessed</strong> --- adds the Witness strand, with an optional private-use mode that keeps a certificate publicly verifiable while gating its use to authorized parties (<xref target="witness"/>).</t>
          </li>
        </ul>
        <t>Profiles above BRAID-Base are enhanced options, not requirements; a relying party enforces a strand only when it is marked REQUIRED in the certificate or by the relying party's own policy.</t>
      </section>
      <section anchor="reqlang">
        <name>Requirements language</name>
        <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT", and "MAY" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals.</t>
      </section>
    </section>
    <section anchor="invariant">
      <name>Security Invariant</name>
      <t>BRAID validation reduces to a single rule. Let R be the set of strands marked REQUIRED by the certificate or by relying-party policy. A certificate is valid for a connection if and only if every required strand validates for that connection:</t>
      <artwork><![CDATA[
valid(cert, connection)  <=>  for all s in R : verify(s, cert, connection) = TRUE
]]></artwork>
      <t>This is a logical conjunction: there is no strand whose failure can be compensated for by another. The only relaxation permitted is the bounded graceful-degradation policy of <xref target="deploy"/>, and only when the relying party's configured policy explicitly allows it.</t>
    </section>
    <section anchor="threat">
      <name>Threat Model</name>
      <t>BRAID is designed against the following adversaries. Each row states the attack and the strand or mechanism that mitigates it.</t>
      <table>
        <thead>
          <tr>
            <th align="left">Attack</th>
            <th align="left">Primary mitigation</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td align="left">Stolen end-entity private key</td>
            <td align="left">Identity strand: the DNSSEC-signed BRAID Anchor authorizes specific Delegated Credential keys; a thief holding only the end-entity key cannot place a credential key of their own into the owner's signed zone, so credentials the thief mints are rejected (<xref target="identity"/>)</td>
          </tr>
          <tr>
            <td align="left">Stolen Delegated Credential key</td>
            <td align="left">Bounded by the freshness window (at most seven days); owner rotates the Anchor to exclude it immediately</td>
          </tr>
          <tr>
            <td align="left">Mis-issued or fraudulent certificate</td>
            <td align="left">Identity strand mismatch with the owner's BRAID Anchor; Certificate Transparency and Revocation Transparency logging</td>
          </tr>
          <tr>
            <td align="left">CA compromise</td>
            <td align="left">Independent Identity strand: a CA-signed certificate not authorized by the owner's DNSSEC anchor does not validate</td>
          </tr>
          <tr>
            <td align="left">DNS/DNSSEC compromise at the owner's zone</td>
            <td align="left">Authority strand (CA validation) and, where present, Routing strand remain independent anchors; forging a usable certificate additionally requires a CA-signed certificate and its private key</td>
          </tr>
          <tr>
            <td align="left">Simultaneous compromise of the owner's DNS and the end-entity key</td>
            <td align="left">Witnessed freshness (optional): the witness's renewal lever is independent of both and stops the certificate within one window (<xref target="witness-freshness"/>)</td>
          </tr>
          <tr>
            <td align="left">BGP hijack at connection time (use-time hijack)</td>
            <td align="left">Routing strand: origin-AS check against locally validated RPKI data; optional address binding (<xref target="routing"/>)</td>
          </tr>
          <tr>
            <td align="left">BGP hijack to pass domain-control validation at issuance</td>
            <td align="left">Primarily mitigated at issuance by the CA/Browser Forum requirement for Multi-Perspective Issuance Corroboration; the Identity strand independently rejects the resulting certificate, whose credentials the owner's Anchor never authorized</td>
          </tr>
          <tr>
            <td align="left">Stale or unreachable revocation</td>
            <td align="left">Structural freshness: absence of current evidence fails the handshake within the freshness window</td>
          </tr>
          <tr>
            <td align="left">Use of a valid certificate by an unauthorized party</td>
            <td align="left">Witness strand private-use mode: authorization gate on session establishment</td>
          </tr>
          <tr>
            <td align="left">Downgrade to a non-BRAID certificate against a BRAID-capable client</td>
            <td align="left">BRAID Policy record and preloaded BRAID-required set (<xref target="negotiation"/>)</td>
          </tr>
          <tr>
            <td align="left">Registry/resolver outage causing mass failure</td>
            <td align="left">Graceful-degradation policy (<xref target="deploy"/>) with proof-of-outage, bounded by relying-party policy</td>
          </tr>
        </tbody>
      </table>
      <t>The Identity strand's headline property is stated precisely in <xref target="identity"/>: neutralizing it requires the compromise of two independently held secrets --- the end-entity private key and the ability to publish in the owner's DNSSEC-signed zone --- not either alone.</t>
    </section>
    <section anchor="negotiation">
      <name>Negotiation and Certificate Selection</name>
      <t>BRAID requires TLS 1.3 or later <xref target="RFC8446"/>; the Identity strand inherits this floor from Delegated Credentials, which are defined only for TLS 1.3 <xref target="RFC9345"/>. The <tt>BRAIDBinding</tt> extension is critical (<xref target="binding"/>), so a client that does not implement BRAID will reject a BRAID certificate. BRAID therefore MUST be negotiated, and a server MUST NOT present a BRAID certificate to a client that has not offered to validate it.</t>
      <t><strong>Client signal.</strong> A BRAID-capable client offers the <tt>braid_chain</tt> extension (<xref target="transport"/>) in its ClientHello, alongside the <tt>delegated_credential</tt> extension of <xref target="RFC9345"/> that the Identity strand requires. The presence of <tt>braid_chain</tt> in the ClientHello is the client's declaration that it implements this document and will enforce the certificate's required strands.</t>
      <t><strong>Server certificate selection.</strong> A server operating a BRAID deployment holds both a BRAID certificate and a conventional certificate for the same identity (or serves populations of clients through distinct endpoints). If the ClientHello offers <tt>braid_chain</tt>, the server SHOULD select the BRAID certificate and respond with the <tt>braid_chain</tt> extension; otherwise it MUST select the conventional certificate and complete an ordinary TLS 1.3 handshake <xref target="RFC8446"/>. This mirrors the certificate-selection model already deployed for Delegated Credentials and for signature-algorithm negotiation, and it means BRAID adoption is invisible to every legacy client, crawler, and embedded device.</t>
      <t><strong>Operational isolation of the BRAID certificate.</strong> The remaining deployment risk is server-side misconfiguration: a default-certificate rule, an unsynchronized load-balancer fleet, or an SNI-routing error that serves the BRAID certificate to a client that never offered <tt>braid_chain</tt>. A BRAID certificate MUST NOT be configured as the default or fallback certificate of any listener; it is selected only on an affirmative <tt>braid_chain</tt> offer, and a server that cannot determine the offer state MUST serve the conventional certificate. Two properties bound the residual risk. The failure direction is safe: a legacy client shown a BRAID certificate rejects it loudly on the unrecognized critical extension --- a hard, visible handshake failure, never a silent acceptance with weakened validation. And the failure is observable before it matters: the misconfiguration manifests as a spike of such alerts in exactly the aggregate reporting that the <tt>monitor</tt> phase of <xref target="deploy"/> requires operators to run before enforcement.</t>
      <t><strong>Downgrade resistance.</strong> Negotiation creates a first-contact downgrade surface: an attacker who has stolen a conventional certificate for the domain could strip the client's <tt>braid_chain</tt> offer or simply answer with the stolen conventional certificate. BRAID closes this in three graduated ways. First, the owner publishes a DNSSEC-signed BRAID Policy record (<xref target="deploy"/>) whose <tt>strict</tt> mode instructs BRAID-capable clients that the domain MUST present a BRAID certificate; a BRAID-capable client that has validated such a record MUST reject a conventional certificate for that domain. Second, domains MAY be enrolled in a preloaded BRAID-required set distributed with client software, in the manner of HSTS <xref target="RFC6797"/>, which protects even the first contact. Third, a client SHOULD cache a domain's observed BRAID policy for its stated lifetime, so that any subsequent downgrade within that lifetime fails. Note that the conventional certificate a BRAID operator holds for legacy clients is, by design, short-lived under prevailing root-program rules, so the residual downgrade exposure against BRAID-capable clients is bounded by the shorter of the policy-record lifetime and the conventional certificate's own lifetime.</t>
      <t><strong>Coexistence rationale.</strong> This dual-certificate model is a feature, not a transition cost: the long-lived BRAID certificate eliminates renewal churn for the population of clients that can enforce its guarantees, while the conventional certificate covers the long tail. As BRAID-capable clients become the majority, the conventional certificate becomes a fallback artifact whose short lifetime matters less because it serves less traffic.</t>
    </section>
    <section anchor="binding">
      <name>The BRAID Binding Certificate Extension</name>
      <t>A BRAID certificate carries a critical X.509 extension, <tt>BRAIDBinding</tt>, declaring which strands are REQUIRED and the minimal parameters needed to locate and verify them. Because the extension is marked critical <xref target="RFC5280"/>, any client that does not understand BRAID MUST reject the certificate rather than treat it as an ordinary certificate; this prevents a silent downgrade to single-strand validation. Presentation of such a certificate to non-BRAID clients is prevented by the negotiation of <xref target="negotiation"/>, so criticality never strands a legacy client.</t>
      <t>BRAID deliberately keeps <tt>BRAIDBinding</tt> small by expressing every parameter that has an existing, deployed X.509 encoding in that encoding rather than a new one:</t>
      <ul spacing="normal">
        <li>
          <t><strong>Requirement flag.</strong> In addition to the criticality of <tt>BRAIDBinding</tt> itself, the certificate SHOULD carry the TLS Feature extension <xref target="RFC7633"/> listing the <tt>braid_chain</tt> ExtensionType, declaring in the long-standing "must-staple" idiom that the handshake is required to include the BRAID material. This gives middleware and audit tooling that already parses <xref target="RFC7633"/> visibility into the requirement without new code.</t>
        </li>
        <li>
          <t><strong>Routing parameters.</strong> The authorized origin AS number(s) and any bound IP prefixes or host addresses are carried in a <tt>BRAIDRoutingConstraints</tt> field native to <tt>BRAIDBinding</tt>, whose syntax imports the IP-address-block and AS-identifier ASN.1 types of <xref target="RFC3779"/> verbatim --- but deliberately not that RFC's extension object identifiers. The distinction is semantic, not cosmetic: an <xref target="RFC3779"/> extension asserts <em>resource holdership</em>, validated by containment up the IANA-to-RIR delegation chain, and a WebPKI CA has no authority in that hierarchy and performs no such validation. What a BRAID certificate carries is a different claim entirely --- a subscriber-requested <em>usage constraint</em> on where the certificate may be served from --- and encoding it under the <xref target="RFC3779"/> OIDs would misstate the claim, confuse RPKI relying-party tooling that treats those OIDs as holdership assertions, and force a criticality deviation from <xref target="RFC3779"/>'s own rules. Importing the types keeps the hardened parsers and the operational familiarity; keeping the field native to <tt>BRAIDBinding</tt> keeps the two PKI architectures semantically insulated from each other.</t>
        </li>
        <li>
          <t><strong>Locators.</strong> The DNS name of the BRAID Anchor record, the URI of the proof repository, and the Witness ledger locator are carried as GeneralName access descriptors in the Subject Information Access extension, reusing the access-method pattern of <xref target="RFC5280"/> rather than bespoke fields.</t>
        </li>
        <li>
          <t><strong>Delegated name constraints.</strong> The constraint set of <xref target="identity"/> reuses the GeneralSubtrees syntax of the <xref target="RFC5280"/> Name Constraints extension, carried inside <tt>BRAIDBinding</tt> (because Name Constraints proper is defined only for CA certificates). Matching follows <xref target="RFC6125"/>.</t>
        </li>
        <li>
          <t><strong>Witness parameters.</strong> The co-signer identity and inclusion-proof parameters reuse the SignedCertificateTimestamp and log-identifier structures of <xref target="RFC6962"/>/<xref target="RFC9162"/> (<xref target="witness"/>).</t>
        </li>
      </ul>
      <t>What remains native to <tt>BRAIDBinding</tt> is therefore minimal:</t>
      <ul spacing="normal">
        <li>
          <t>a strand bitmap indicating which of {Identity, Routing, Witness} are REQUIRED (the Authority strand is always present);</t>
        </li>
        <li>
          <t>the <tt>BRAIDRoutingConstraints</tt> field where the Routing strand is used, including its validation-method parameter (<xref target="routing"/>);</t>
        </li>
        <li>
          <t>the maximum acceptable age of the freshness evidence (the freshness window), not to exceed the Delegated Credential maximum of seven days <xref target="RFC9345"/>;</t>
        </li>
        <li>
          <t>OPTIONALLY the delegated name-constraint GeneralSubtrees (<xref target="identity"/>);</t>
        </li>
        <li>
          <t>OPTIONALLY a witness-freshness flag and interval (<xref target="witness-freshness"/>);</t>
        </li>
        <li>
          <t>OPTIONALLY a <tt>private-use</tt> flag and parameters (<xref target="witness"/>); and</t>
        </li>
        <li>
          <t>the policy mode and degradation parameters under which the certificate was issued (<xref target="deploy"/>).</t>
        </li>
      </ul>
      <t>This reuse is a deployment argument, not only an aesthetic one: a CA's issuance pipeline and a client's validation library already contain hardened encoders and parsers for <xref target="RFC7633"/>, the <xref target="RFC3779"/> resource types, Subject Information Access, GeneralSubtrees, and SCT structures. The new parsing surface BRAID introduces is a single short sequence.</t>
    </section>
    <section anchor="signed">
      <name>What Each Strand Signs</name>
      <t>To eliminate ambiguity, each strand is a signature over a defined structure:</t>
      <ul spacing="normal">
        <li>
          <t><strong>Authority strand</strong> --- the CA's signature over the X.509 <tt>TBSCertificate</tt> per <xref target="RFC5280"/>, including the critical <tt>BRAIDBinding</tt> extension and the reused extensions of <xref target="binding"/>. The binding is therefore covered by the CA signature and cannot be altered without invalidating the certificate.</t>
        </li>
        <li>
          <t><strong>Identity strand</strong> --- a Delegated Credential per <xref target="RFC9345"/>, unchanged: a validity interval and a public key, signed by the end-entity certificate key, with the handshake signature produced by the Delegated Credential key. What BRAID adds is an authorization check, not a format: the credential's public key MUST be authorized by the owner's DNSSEC-signed BRAID Anchor record (<xref target="identity"/>).</t>
        </li>
        <li>
          <t><strong>Routing strand</strong> --- no new signature on the critical path: the client compares the certificate's <tt>BRAIDRoutingConstraints</tt> origin-AS and address assertions (<xref target="binding"/>) against routing data its resolver has already validated against the RPKI trust anchors. The RPKI objects themselves are signed by the Regional Internet Registries and validated off the handshake path (<xref target="routing"/>).</t>
        </li>
        <li>
          <t><strong>Witness strand</strong> --- the co-signer's signature over the certificate's issuer, serial, and public key, encoded as a signed timestamp in the manner of <xref target="RFC6962"/>, plus a Merkle inclusion proof against the ledger named in the certificate (<xref target="witness"/>).</t>
        </li>
      </ul>
    </section>
    <section anchor="identity">
      <name>The Identity Strand: Owner-Controlled Liveness via Anchored Delegated Credentials</name>
      <t>Traditional revocation fails because checking is optional and frequently soft-fails. BRAID makes freshness a precondition of use, while reusing a standard short-lived key mechanism rather than inventing one.</t>
      <section anchor="identity-construction">
        <name>Construction</name>
        <t>The mechanism composes three parts, of which only the third is new:</t>
        <ol spacing="normal" type="1"><li>
            <t><strong>The Delegated Credential, per <xref target="RFC9345"/> unchanged.</strong> The server operator mints a short-lived credential --- a fresh public key and a validity interval not exceeding the freshness window (at most seven days) --- signed by the end-entity certificate's private key, exactly as <xref target="RFC9345"/> specifies. The server signs the handshake with the credential's key.</t>
          </li>
          <li>
            <t><strong>The BRAID Anchor record.</strong> The domain holder publishes, in its DNSSEC-signed zone at the name given in the certificate (<xref target="binding"/>), a BRAID Anchor RRset listing the credential public keys (by hash) currently authorized to serve the domain. The RRset MAY list several keys to permit overlap during rotation, and SHOULD be updated once per rotation period through the same automation that mints the credentials (for example, alongside ACME operations <xref target="RFC8555"/>, in the manner of CDS/CDNSKEY child-to-parent automation). Until the BRAID Anchor RRTYPE is widely supported by provisioning systems, the RRset MAY equivalently be published as a TXT record at the <tt>_braid</tt> prefix of the anchor name; SPF, DKIM, and DMARC each launched on TXT records and demonstrated that this path carries production traffic at internet scale, and a validator MUST treat a DNSSEC-validated TXT-form anchor as equivalent to the native RRTYPE during the transition.</t>
          </li>
          <li>
            <t><strong>The client's conjunctive check.</strong> A client requiring the Identity strand MUST verify all of: (a) the Delegated Credential validates under <xref target="RFC9345"/> against the end-entity certificate; (b) the credential is within its validity interval and that interval does not exceed the certificate's freshness window; and (c) the hash of the credential's public key appears in the domain's DNSSEC-validated BRAID Anchor RRset. Failure of any check fails the strand.</t>
          </li>
        </ol>
        <t><strong>Rotation at scale.</strong> The freshness window is only as safe as the rotation discipline behind it, and large anycast or multi-region fleets face real propagation lag: zone-signing latency, secondary-server synchronization, and resolver TTL caching all sit between an Anchor update and its global visibility. Three practices, borrowed from DNSSEC key-rollover operations, bound the fail-closed surface. The next window's credential key SHOULD be pre-published in the Anchor RRset before any server presents it (the pre-publish discipline of key rollover), so propagation completes while the previous key is still serving. The Anchor RRset's TTL SHOULD be a small fraction of the freshness window, so caches converge well inside it. And fleets SHOULD stagger credential validity across regions rather than expiring globally at one instant, so a delayed rotation degrades one region's headroom rather than the whole service. With pre-publication in place, the steady state always has at least two authorized keys in the Anchor --- current and next --- and an operator's rotation failure gives a full window of margin before any client fails closed.</t>
      </section>
      <section anchor="identity-twokey">
        <name>The two-key security property</name>
        <t>The check in step 3(c) is what converts <xref target="RFC9345"/> from a performance mechanism into a revocation mechanism, and its consequence deserves precise statement. An adversary who steals the end-entity private key can mint syntactically valid Delegated Credentials --- <xref target="RFC9345"/> alone cannot prevent that, since the end-entity key is the delegator. But those credentials name adversary-chosen public keys, and the adversary cannot cause those keys to appear in the owner's DNSSEC-signed BRAID Anchor RRset without separately compromising the owner's DNS publication path. Conversely, an adversary who compromises the owner's zone can publish anchor entries but holds no CA-signed certificate and no end-entity key with which to mint a credential those entries would authorize. Impersonation therefore requires the simultaneous compromise of two independently held and independently operated secrets. Theft of a deployed credential key alone --- the most exposed key, living on front-line servers --- is bounded by the freshness window and is cured immediately by rotating the Anchor RRset to exclude it.</t>
        <t>To preserve this independence in practice, the DNS update credential used to publish the Anchor SHOULD NOT be resident on the TLS-terminating hosts that hold the end-entity or credential keys, and the zone's DNSSEC signing key SHOULD be operated per current best practice (offline or HSM-held where feasible). Revocation is then owner-controlled and structural: to revoke, the owner stops refreshing credentials and withdraws or empties the Anchor RRset; within the freshness window the certificate ceases to validate everywhere, with no dependence on a central status responder and no per-connection privacy leak.</t>
      </section>
      <section anchor="identity-constraints">
        <name>Delegated name constraints</name>
        <t>A Delegated Credential inherits the full name scope of the end-entity certificate that signs it: <xref target="RFC9345"/> provides no means to limit which of the certificate's identities a given credential may assert, nor the depth of further delegation. Where credentials are handed to a third party such as a CDN edge, this over-authorizes the holder --- a compromised edge credential can impersonate any name on the certificate, including sensitive subdomains, not only the names the edge legitimately serves. Because X.509 Name Constraints <xref target="RFC5280"/> are issued by CAs and do not apply to Delegated Credentials, BRAID closes the gap at the policy layer: the delegated name constraints carried in the critical <tt>BRAIDBinding</tt> extension (<xref target="binding"/>), expressed in the GeneralSubtrees syntax of <xref target="RFC5280"/>, enumerate the identities a credential is permitted to assert and, optionally, a maximum delegation depth. A client requiring the Identity strand MUST reject a Delegated Credential whose asserted identity falls outside this set (for example, permitting <tt>static.example.com</tt> while refusing the apex or <tt>auth.example.com</tt>). Matching follows <xref target="RFC6125"/>: a name matches only if it equals a listed fully qualified name or is covered by a listed single-label wildcard, and a wildcard never matches the apex or a multi-label suffix. An empty or absent constraint set means the credential inherits the certificate's full name scope, exactly as under <xref target="RFC9345"/> today, so the field is strictly additive. Matching is defined precisely enough to leave no edge ambiguity in multi-tenant deployments: comparison is performed on lowercase A-labels (the Punycode form for internationalized names), so that case and Unicode representation differences cannot produce divergent match results; a wildcard is permitted only as the entire left-most label --- partial-label wildcards, including any wildcard within an A-label such as <tt>xn--*</tt>, MUST NOT be accepted --- and a name that is syntactically malformed under these rules fails the Identity strand rather than being repaired or partially matched. In combination with per-edge Anchor entries --- each edge's credential key listed separately, so any one edge can be de-authorized by removing one RRset entry --- this makes the otherwise weak CDN deployment profile (<xref target="deployprofiles"/>) materially safer at no added handshake cost.</t>
      </section>
    </section>
    <section anchor="routing">
      <name>The Routing Strand: Resolver-Validated Origin and Address Binding</name>
      <t>The Routing strand binds the certificate to the network legitimately serving it, defending against BGP-hijack attacks in which an adversary fraudulently announces a victim's address space in order to impersonate a service. Its position in the threat landscape should be stated honestly: hijacks mounted to pass a CA's domain-control validation at issuance time are now primarily addressed at the point of issuance, where the CA/Browser Forum requires Multi-Perspective Issuance Corroboration, and the Identity strand independently defeats the resulting certificate because the owner's Anchor never authorized its credentials. The Routing strand's distinct contribution is protection at use time --- against an adversary who hijacks a prefix to sit in front of clients with a certificate (stolen or mis-issued) that would otherwise validate --- which no issuance-time control provides.</t>
      <t>This revision removes the prior, unworkable requirement that the TLS client perform in-band RPKI validation. RPKI validation is a layer that does not belong on end hosts: in normal operation, dedicated Relying Party software synchronizes the RPKI, builds a validated cache, and feeds routers over the RPKI-to-Router (RTR) protocol <xref target="RFC6810"/>/<xref target="RFC8210"/>; routers themselves perform no cryptographic verification. BRAID follows the same separation:</t>
      <ul spacing="normal">
        <li>
          <t><strong>Origin-AS binding.</strong> The certificate asserts the authorized origin AS(es) in the <tt>BRAIDRoutingConstraints</tt> field (<xref target="binding"/>). The client checks the asserted origin against routing data its RPKI-validating resolver or local gateway has already validated, querying that local component rather than parsing raw RPKI certificate chains in the handshake. Hosts without access to a validating resolver treat the Routing strand as "unknown" rather than failing, unless policy requires otherwise.</t>
        </li>
        <li>
          <t><strong>Address binding.</strong> The <tt>BRAIDRoutingConstraints</tt> field MAY list authorized prefixes or a single host address (a /32 for IPv4 or /128 for IPv6). A client MUST verify that the server endpoint it connected to falls within the bound set, and otherwise treat the certificate as invalid for that connection. This confines a stolen certificate to its authorized address(es).</t>
        </li>
      </ul>
      <t><strong>The validated-origin query is new work, named as such.</strong> No deployed protocol today lets a stub client ask its resolver "is origin AS X RPKI-valid for the prefix covering this address?": RTR is router-facing, and ordinary DNS responses do not carry validated routing state. BRAID therefore requires a small companion specification --- a validated-origin query, realizable as a new EDNS(0) option (with failure semantics drawing on Extended DNS Errors <xref target="RFC8914"/>) or as a lightweight endpoint co-located with DNS over HTTPS <xref target="RFC8484"/> --- that returns the validation state for an (address, origin AS) pair from the resolver's existing validated cache. This document deliberately does not define its wire format, which belongs to the DNSOP/SIDROPS communities (<xref target="iana"/>); until it is available, implementations MAY consult a local RTR-fed validator directly (appropriate for enterprise gateways and server-side validation) and clients otherwise treat the strand as "unknown". The dependency is disclosed rather than hidden precisely because the strand is optional: BRAID-Base and the Witness strand are fully specifiable and deployable without it.</t>
      <t>To prevent that dependency from gating the profile, the Routing strand defines two validation methods, selected by the <tt>BRAIDRoutingConstraints</tt> validation-method parameter and by relying-party policy. The <em>resolver-validated</em> method is the preventive form described above: the connection fails unless the origin is RPKI-valid for the bound resources. The <em>witness-corroborated</em> method is the detective form of the following paragraph: the client corroborates the certificate across independent co-located services and treats a mismatch as evidence of hijack, blocking or reporting per policy. The assurance difference is stated plainly rather than papered over --- corroboration detects a hijack in progress but cannot prevent a first connection through one --- and a certificate or policy that REQUIRES the resolver-validated method MUST NOT be satisfied by corroboration alone. The value of defining both is deployability without dilution: BRAID-Routed is usable on today's operating-system stacks under the witness-corroborated method, and hardens automatically to the preventive method as validated-origin queries deploy, with the certificate itself recording which assurance its issuer intended. A detected mismatch also changes what the suspect path may be used for: a client that has observed corroboration failure MUST NOT source recovery material from the endpoint or network path under suspicion except under the hash verification of <xref target="transport"/>, and --- more importantly --- MUST NOT treat fetch failures over that path as the attributable outage that permits graceful degradation (<xref target="deploy"/>), since an on-path adversary can trivially manufacture fetch failures. Evidence for degradation must come from a path the adversary does not control, or degradation is simply unavailable for that connection.</t>
      <t>Two further limitations are stated plainly. First, address binding is bypassed where the client connects through a terminating proxy, CDN, or NAT, because the observed address is the intermediary's; such deployments SHOULD omit address binding and rely on origin-AS binding, accepting that a successful hijack of the intermediary's prefix is not contained at the address layer. Second, origin-AS binding shifts trust to the client's resolver/validator; a relying party that cannot trust its routing data SHOULD treat the Routing strand as unavailable rather than authoritative. A witness-based detection alternative --- in which a client corroborates reachability through independent, co-located TLS services and treats certificate mismatches as evidence of hijack --- MAY be used where resolver-side RPKI is not available. Because a BGP hijack diverts traffic at prefix granularity (typically a /24 or shorter) but cannot forge the private keys of every authenticated service co-located in that prefix, a mismatch among co-located witnesses is high-confidence evidence of a hijack; this approach detects, rather than prevents, hijacks, and does so without trusting the local resolver.</t>
    </section>
    <section anchor="witness">
      <name>The Witness Strand: Appointed Co-Signing and Ledger Pairing</name>
      <t>The Witness strand requires an appointed third party to counter-sign the certificate before it is treated as valid, analogous to a two-signer arrangement: no single party, including the CA, can unilaterally produce a usable certificate.</t>
      <t>A note on terminology: in the transparency-log literature, "witness" has acquired the specific meaning of a party that cosigns log checkpoints to prevent split-view attacks. The BRAID Witness strand is a related but distinct role --- an appointed co-signer of an individual certificate --- and deployments MAY additionally employ checkpoint witnessing on the underlying ledger; the two compose rather than conflict.</t>
      <t>The co-signer signs the structure of <xref target="signed"/>, encoded as a signed timestamp in the format of <xref target="RFC6962"/>/<xref target="RFC9162"/> with a BRAID-specific entry type, and anchors the attestation in a ledger named in the certificate (<xref target="binding"/>). Reusing the SCT structure is deliberate: clients, CAs, and monitors already generate, embed, transport, and verify SCTs at web scale, so a witness attestation rides an existing rail --- it can be embedded in the certificate at issuance exactly as SCTs are, delivered in the handshake exactly as SCTs are, and audited by adapted CT monitor tooling. Three ledger substrates are supported, trading auditability against confidentiality: a public append-only Merkle log with independent monitors (RECOMMENDED, as in Certificate Transparency, with no consensus mechanism); a public blockchain, where decentralized anchoring is specifically desired, at the cost of latency and governance; or a secured private ledger for closed ecosystems.</t>
      <section anchor="witness-eligibility">
        <name>Witness eligibility and independence</name>
        <t>The witness role is intentionally open. Its technical requirements are only the ability to operate a signing key under sound key-management practice, to publish attestations to a ledger of a supported type, and to be named in the certificate at issuance; no relationship to the WebPKI is required. A certificate authority, DNS operator, registrar, CDN, network operator, auditor, or regulator can each serve as a witness, and a subscriber selects one whose incentives fit its threat model. One requirement is security-critical and is therefore stated normatively: the witness MUST be operationally independent of both the issuing CA and the certificate subscriber --- separate key custody, separate administrative control, and no shared signing infrastructure --- because the strand's value is precisely that no single organization can produce (or, under <xref target="witness-freshness"/>, sustain) a usable certificate. A witness that is a business unit of the issuing CA does not satisfy this requirement.</t>
      </section>
      <section anchor="witness-freshness">
        <name>Witnessed freshness</name>
        <t>By default a witness attestation is made once, at provisioning, and is valid for the life of the certificate. A deployment MAY instead mark the Witness strand as fresh in <tt>BRAIDBinding</tt>, giving the attestation its own validity interval, not to exceed the certificate's freshness window. The witness then re-attests each window --- an out-of-band, cacheable operation, never on the connection path --- and a client requiring a fresh Witness strand MUST reject an attestation whose interval has lapsed.</t>
        <t>Witnessed freshness adds a revocation lever that is independent of every other strand: renewal stops on the subscriber's instruction, on the witness's own policy (for example, upon evidence of compromise or a court order contemplated in its terms of appointment), or by the witness's failure, and the certificate then ceases to validate within the window. This is the only lever in BRAID that survives the simultaneous compromise of the owner's DNS publication path and the end-entity key, which is what makes it appropriate for the highest-assurance profiles. Two consequences are stated plainly. First, it does not replace the Identity strand's structural revocation (<xref target="identity"/>); it complements it, and the Identity strand remains the base mechanism because it is under the owner's sole control. Second, freshness converts the witness from a one-time attester into a sustained availability dependency: a relying party MUST treat a lapsed attestation identically to a withdrawn one, so a deployment SHOULD mark the Witness strand fresh only where the witness's operational maturity warrants it, and the graceful-degradation policy of <xref target="deploy"/> applies to verifiable witness outages as it does to other strand infrastructure.</t>
      </section>
      <section anchor="public-verifiability-with-private-use">
        <name>Public verifiability with private use</name>
        <t>When the <tt>private-use</tt> option is set, verification remains fully public while use is gated. The certificate, its public strands, and the existence of its witness attestation are recorded in public logs, so any party --- including transparency monitors --- can confirm the certificate is genuine and unrevoked without private access. Use, however, requires the connecting party to satisfy an authorization gate before a handshake may complete: either mandatory mutual authentication or a capability granted to ecosystem members (deployable today), or, as an optional high-assurance measure, a session key that incorporates a secret share held only by authorized parties so that a stolen private key alone cannot complete a session (see <xref target="future"/>).</t>
        <t>The result is a certificate that is visible and verifiable to all but usable only inside the authorized ring --- appropriate for banking and defense. One limit must be stated: the holder of the server's private key can always use it, so the gate governs which counterparties may establish sessions, not the operator. Clients unable to verify a required strand or satisfy a required gate MUST fail closed, subject to <xref target="deploy"/>.</t>
      </section>
    </section>
    <section anchor="transport">
      <name>Proof Transport: braid_chain and Reference-Based Caching</name>
      <t>A naive design that staples complete DNSSEC and RPKI proof chains plus inclusion proofs into every handshake produces payloads well over 10 KB, exceeding the initial congestion window (about 14 KB for IW10 <xref target="RFC6928"/>) and forcing extra round trips and fragmentation. BRAID therefore transports proofs by reference, not by value:</t>
      <ul spacing="normal">
        <li>
          <t>The server sends compact identifiers --- a hash and/or URI --- for the validation material (DNSSEC chain to the BRAID Anchor, witness inclusion proof) via the <tt>braid_chain</tt> TLS extension, whose presence in the ClientHello also serves as the BRAID negotiation signal (<xref target="negotiation"/>).</t>
        </li>
        <li>
          <t>Clients maintain a global cache of validated chains. Because these change infrequently relative to the freshness window, the steady-state handshake carries only the small Delegated Credential and the compact references, staying within the initial congestion window.</t>
        </li>
        <li>
          <t>Only on a cache miss does the client fetch the full chain, from the server or a public repository, out of the latency-critical path where possible.</t>
        </li>
      </ul>
      <t>Each reference is a cryptographic hash of the material it names. A client MUST verify that fetched or cached content matches the referenced hash before relying on it, so that neither an untrusted repository nor a poisoned cache can substitute different material; the URI, if present, is a convenience locator only and is never trusted on its own. Caches are keyed by this hash, which makes entries self-certifying and safely shareable across connections and origins.</t>
      <section anchor="transport-dos">
        <name>Resource management and denial of service</name>
        <t>A reference cache is itself an attack surface: a hostile or compromised server, or an adversary who can induce a client to contact many origins, could stream unique or unresolvable references in an attempt to exhaust the client's storage or keep it in continuous cache-miss fetching. Four properties bound this. First, the number of references per handshake is derivable, not open-ended: a server presents at most one reference per required strand plus one for the policy record, and a client MUST reject a <tt>braid_chain</tt> extension exceeding that bound. Second, admission to the cache is verification-gated: only material whose hash has been checked (<xref target="transport"/>) is stored, so unresolvable or malformed references occupy no cache space --- there is nothing to pollute with junk that never verifies. Third, eviction and allocation are the client's to govern: caches SHOULD use a recency-based eviction policy with per-origin allocation limits, so no single origin can crowd out the rest of the cache. Fourth, failure is negatively cached: a reference whose fetch fails or times out SHOULD be recorded as unavailable for a bounded interval, during which subsequent handshakes presenting it treat the strand as unavailable immediately --- evaluated under the relying party's policy (<xref target="deploy"/>) --- rather than triggering repeated fetches. Fetched material MUST also be size-bounded before parsing; the largest legitimate object, a DNSSEC chain, is a few kilobytes, so a limit of 16 KB is ample and prevents an adversarial repository or endpoint from streaming an unbounded response into the parser.</t>
        <t>Cache-miss fetches MUST NOT reintroduce the per-connection third-party observation that discredited OCSP. A client resolving a reference SHOULD fetch it from the server it is connecting to (which learns nothing it does not already know), and MAY use a shared repository only over a privacy-preserving transport such as Oblivious HTTP <xref target="RFC9458"/> or via a batched, prefetched snapshot; a client MUST NOT emit a per-connection identifying query to a third-party repository as a matter of course.</t>
        <t>In-band stapling of a full DNSSEC chain, in the style of the experimental TLS DNSSEC Chain Extension <xref target="RFC9102"/>, is supported only as an OPTIONAL fallback. BRAID does not make <xref target="RFC9102"/> --- which is Experimental, was published via the Independent Submission stream, and did not reach consensus for Standards Track in the TLS Working Group --- a load-bearing dependency. Baseline operation relies on resolver-side DNSSEC validation and reference-based transport instead. Concrete byte, latency, and CPU budgets for this transport are given in <xref target="performance"/>.</t>
      </section>
    </section>
    <section anchor="revocation">
      <name>Structural Revocation and Revocation Transparency</name>
      <t>Revocation in BRAID is structural: it follows from the absence of current Identity-strand evidence (<xref target="identity"/>) rather than from a queried status service. In addition, every BRAID certificate's issuance and revocation events SHOULD be recorded in a public, append-only, cryptographically verifiable log, extending Certificate Transparency <xref target="RFC6962"/>/<xref target="RFC9162"/> to revocation. Clients SHOULD consume a periodically synchronized, compressed revocation snapshot (in the manner of CRLite) so that revocation is checked locally, with no per-visit query. A ledger need not be a blockchain: a signed, append-only Merkle log with independent monitors provides mandatory, public, tamper-evident properties without consensus overhead. To avoid fragmenting the ecosystem, Revocation Transparency SHOULD reuse existing Certificate Transparency log infrastructure, Merkle-tree formats, and monitor tooling --- recording revocation as additional logged entries with a new entry type --- rather than stand up a parallel system.</t>
    </section>
    <section anchor="validity">
      <name>Validity Period</name>
      <t>Because a certificate cannot be used beyond its short freshness window without current owner-authorized evidence, and because its revocation status is owner-controlled and structural, the rationale for short maximum lifetimes does not apply to a certificate whose required strands include the Identity strand. A CA MAY issue a BRAID-Routed certificate with a validity period of up to five years.</t>
      <t>A governance boundary must be acknowledged plainly: maximum validity periods for publicly trusted certificates are set not by the IETF but by root-program policy through the CA/Browser Forum, which has adopted a schedule reducing lifetimes to 47 days. This document does not and cannot override that schedule. What it provides is the technical basis on which a root program could define a distinct, longer maximum for certificates that carry an enforced Identity strand --- the enforcement telemetry of <xref target="deploy"/> supplying the evidence that the freshness window, not the notAfter date, is the effective bound on exposure. The five-year figure is therefore a protocol ceiling contingent on root-program adoption, and the extended lifetime is the principal incentive this document offers operators and CAs for carrying BRAID's machinery. The deployment phases of <xref target="phases"/> are sequenced accordingly: BRAID is issued and enforced at prevailing lifetimes first (Phase 2), generating the enforcement evidence on which the extension request (Phase 3) then stands.</t>
    </section>
    <section anchor="deploy">
      <name>Deployment Model and Graceful Degradation</name>
      <t>The chief risk of any fail-closed mechanism is breaking reachable sites when an external dependency is briefly unavailable. The email-authentication ecosystem solved the equivalent problem, and BRAID adopts its template.</t>
      <ul spacing="normal">
        <li>
          <t><strong>Keys and policy in DNS, deployed at scale.</strong> DKIM <xref target="RFC6376"/> publishes a key in DNS and validates signatures against it; SPF <xref target="RFC7208"/> authorizes sending origins. These demonstrate the model in production.</t>
        </li>
        <li>
          <t><strong>A policy record with staged enforcement.</strong> As DMARC <xref target="RFC7489"/> progresses from <tt>none</tt> to <tt>quarantine</tt> to <tt>reject</tt>, a BRAID Policy record progresses through <tt>monitor</tt>, <tt>staged</tt>, and <tt>strict</tt>. In <tt>monitor</tt>, clients validate strands and report failures but do not block; in <tt>strict</tt>, a missing or invalid required strand fails the handshake, and a BRAID-capable client MUST also reject a conventional certificate for the domain (<xref target="negotiation"/>).</t>
        </li>
        <li>
          <t><strong>Aggregate reporting.</strong> Operators receive reports of strand-validation outcomes, so misconfiguration is found before enforcement is enabled.</t>
        </li>
      </ul>
      <t>To bound the availability risk of strict mode, BRAID defines a graceful-degradation option. When enabled by the relying party's policy, a client that cannot validate a routing or identity strand because of a verifiable, attributable infrastructure outage --- for example, an expired RIR manifest or a broken DNSSEC trust anchor whose failure the client can confirm cryptographically --- MAY degrade to standard WebPKI validation rather than failing closed. This preserves resilience during outages while still failing closed against an active attacker who cannot produce such proof.</t>
      <t>This is a deliberate trade-off, not a free option. The degradation path is itself an attack surface: an adversary who can manufacture or forge the appearance of an attributable outage could trigger downgrade. The "proof of outage" MUST therefore be unforgeable (for example, a signed, expired manifest that the attacker cannot fabricate), and relying parties in the highest-assurance deployments SHOULD disable degradation and accept strict fail-closed behavior. To prevent a first-contact downgrade, domains MAY be enrolled in a preloaded BRAID-required set distributed with client software, in the manner of HSTS <xref target="RFC6797"/> (<xref target="negotiation"/>).</t>
      <t>The new client-side implementation surface is correspondingly modest: each element reuses an existing code path --- Delegated Credential verification <xref target="RFC9345"/>, TLS Feature parsing <xref target="RFC7633"/>, <xref target="RFC3779"/> resource-type parsing, SCT verification and Certificate Transparency log consumption, resolver-side DNSSEC, and HSTS-style preloading --- leaving the <tt>BRAIDBinding</tt> parser, the <tt>braid_chain</tt> reference cache, and the policy-record check as the principal new work. BRAID-Base can be adopted by a single operator without ecosystem-wide coordination, and a client that does not implement BRAID interoperates unchanged because it is never shown a BRAID certificate (<xref target="negotiation"/>).</t>
    </section>
    <section anchor="phases">
      <name>Deployment Phases: Running Today, Strengthening Over Time</name>
      <t>The staged policy of <xref target="deploy"/> governs how strictly a given domain enforces BRAID; this section states the complementary ecosystem-level path --- what can run on infrastructure deployed today, and in what order the remaining pieces arrive. The governing principle is that every phase delivers standalone security value with no dependence on a later phase, so there is no flag day, no stranded investment if progress stalls, and no phase whose adopters are waiting on someone else.</t>
      <t><strong>Phase 0 --- Observe (deployable today; no new client, CA, or protocol code).</strong> The domain holder publishes a BRAID Anchor as a DNSSEC-signed <tt>_braid</tt> TXT record (<xref target="identity-construction"/>) and a BRAID Policy record in <tt>monitor</tt> mode, and enables Delegated Credentials where the serving stack already supports them. No handshake changes: validation is performed out of band by the operator's own monitoring and by third-party monitors, which check that the credentials a domain's servers actually present match the published Anchor, and produce aggregate reports in the manner of DMARC monitoring. The standalone value is threefold: the owner acquires and rehearses an owner-controlled revocation capability (rotating the Anchor and observing propagation); monitors gain a signal Certificate Transparency alone cannot provide --- CT shows what certificates exist, while an Anchor mismatch shows a certificate or credential serving traffic that the owner never authorized; and the operator accumulates the misconfiguration telemetry needed before any enforcement is enabled.</t>
      <t><strong>Phase 1 --- Enforce in closed ecosystems (deployable today within private PKIs).</strong> Enterprises, banks, and closed networks operate their own root programs and control both endpoints, so they are not gated on public root-program or browser decisions: they can issue certificates carrying <tt>BRAIDBinding</tt> under private-use codepoints, enforce the Identity strand in their managed clients, and deploy the Witness strand's <tt>private-use</tt> gating with mutual authentication, all of which <xref target="witness"/> notes is deployable now. These deployments are BRAID's proving ground: they generate the interoperability and operational record (<xref target="implstatus"/>) that public-web standardization will ask for, in exactly the environments --- regulated and high-assurance --- that want the strongest profiles first.</t>
      <t><strong>Phase 2 --- Public web at prevailing lifetimes (the security benefit, decoupled from the lifetime benefit).</strong> Public CAs issue BRAID certificates at whatever maximum lifetime root programs then require, and browsers ship validation behind a flag, progressing domains through <tt>monitor</tt>, <tt>staged</tt>, and <tt>strict</tt> as their telemetry warrants. This phase's one root-program ask is small and deliberately severable from lifetimes: current CA/Browser Forum certificate profiles enumerate the extensions a publicly trusted certificate may carry, so permitting the single <tt>BRAIDBinding</tt> extension in leaf certificates --- within which every BRAID parameter is serialized (<xref target="binding"/>) --- requires a scoped profile ballot --- a permission-to-carry change, not a lifetime change, of the kind the Forum routinely processes. Beyond that, nothing is asked: a BRAID certificate at a 47-day lifetime is still strictly stronger than a conventional one --- owner-controlled revocation within the freshness window, defense against CA compromise via the independent Anchor, and delegated name constraints for CDN deployments. Decoupling matters strategically as well as technically: BRAID must be worth deploying with no lifetime reward at all, and it is.</t>
      <t><strong>Phase 3 --- Extended validity.</strong> With Phase-2 enforcement telemetry demonstrating that the freshness window, not the notAfter date, bounds real exposure, a root-program ballot can define a distinct validity class for certificates carrying an enforced Identity strand (<xref target="validity"/>). The long-lived certificate is the reward for proven enforcement, not a prerequisite for adoption.</t>
      <t><strong>Phase 4 --- Routing strand at scale.</strong> Once the validated-origin query (<xref target="routing"/>) is standardized and deployed in validating resolvers, the Routing strand graduates from enterprise gateways and server-side validators to general clients, and BRAID-Routed becomes broadly available.</t>
      <t>To be fully candid about its footprint, Phase 0 involves no protocol implementation at all --- no handshake change, no client change, no CA change; it is an operational monitoring posture whose entire mechanism is DNS publication plus out-of-band comparison. That candor is deliberate: it means the cost of starting is a DNS record and a cron job, and nothing published in Phase 0 is thrown away later. The per-phase status of each strand is summarized below; "advisory" means validated and reported out of band without affecting connections.</t>
      <table>
        <thead>
          <tr>
            <th align="left">Strand</th>
            <th align="left">Phase 0 (observe)</th>
            <th align="left">Phase 1 (closed ecosystems)</th>
            <th align="left">Phases 2--4 (public web)</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td align="left">Authority</td>
            <td align="left">Enforced (as today)</td>
            <td align="left">Enforced (as today)</td>
            <td align="left">Enforced (as today)</td>
          </tr>
          <tr>
            <td align="left">Identity</td>
            <td align="left">Advisory, out of band</td>
            <td align="left">Enforced in managed clients</td>
            <td align="left">
              <tt>monitor</tt> -&gt; <tt>staged</tt> -&gt; <tt>strict</tt> (<xref target="deploy"/>)</td>
          </tr>
          <tr>
            <td align="left">Routing</td>
            <td align="left">Not evaluated</td>
            <td align="left">Optional, via local validator</td>
            <td align="left">Policy-selected method (<xref target="routing"/>); preventive form arrives with Phase 4</td>
          </tr>
          <tr>
            <td align="left">Witness</td>
            <td align="left">Not evaluated</td>
            <td align="left">Enforced where profiled</td>
            <td align="left">Optional per profile (<xref target="profiles"/>)</td>
          </tr>
        </tbody>
      </table>
      <t>Phases overlap rather than queue: Phase 1 ecosystems need not wait for Phase 0 to mature, and Phase 4 proceeds in DNSOP/SIDROPS in parallel with Phases 2 and 3. The dependency structure is deliberately a fan, not a chain.</t>
    </section>
    <section anchor="deployprofiles">
      <name>Deployment Profiles</name>
      <ul spacing="normal">
        <li>
          <t><strong>Small business / independent operator.</strong> BRAID-Base. One DNSSEC-signed anchor plus Delegated Credentials via existing ACME tooling <xref target="RFC8555"/>; a long-lived certificate with low renewal churn.</t>
        </li>
        <li>
          <t><strong>Enterprise.</strong> BRAID-Routed with origin-AS binding to the organization's allocated prefixes; strict policy with aggregate reporting.</t>
        </li>
        <li>
          <t><strong>CDN / anycast.</strong> BRAID-Routed with address binding omitted (per <xref target="routing"/>); origin-AS binding, per-edge Delegated Credentials, per-edge Anchor entries, and delegated name constraints (<xref target="identity-constraints"/>).</t>
        </li>
        <li>
          <t><strong>Banking.</strong> BRAID-Witnessed with a regulator or auditor as co-signer on a public log, witnessed freshness enabled (<xref target="witness-freshness"/>), plus <tt>private-use</tt> gating to enrolled clients.</t>
        </li>
        <li>
          <t><strong>Defense / closed network.</strong> BRAID-Witnessed with a private ledger and <tt>private-use</tt> with mandatory mutual authentication; degradation disabled.</t>
        </li>
      </ul>
      <t>The strands can be adopted one at a time and by one party at a time: BRAID-Base needs only a DNSSEC-signed anchor and Delegated Credentials and can be enabled by a single operator without ecosystem-wide coordination. The lowest incremental cost falls to providers that already operate the supporting infrastructure --- authoritative DNSSEC, RPKI-validated routing data, Delegated Credentials, and CRLite-style revocation tooling --- for whom adoption is largely a matter of connecting existing capabilities; such providers are natural early adopters and can make BRAID available across many domains at once, which softens the bootstrapping problem that hinders new PKI mechanisms. One dependency bounds the addressable base and is stated honestly: the Identity strand requires the domain's zone to be DNSSEC-signed, and most zones today are not. The registrars and DNS operators who can enable signing at scale --- often as a one-click or default setting --- are the same providers just identified as natural early adopters, so BRAID gives the parties with the levers a concrete reason to pull them; domains that cannot yet sign are simply outside BRAID's scope and lose nothing, per <xref target="intro"/>. The same providers most often serve traffic through terminating proxies, where address binding does not apply (per <xref target="routing"/>) and a Delegated Credential must be scoped by the delegated name constraints of <xref target="identity-constraints"/>; the CDN profile is thus the most operationally convenient to deploy and the most dependent on those constraints for its strength. Broad early availability and the strongest per-connection guarantees are therefore in tension, and an operator selects its profile accordingly.</t>
    </section>
    <section anchor="comparison">
      <name>Comparison with Related Mechanisms</name>
      <t>BRAID is not DANE. DANE <xref target="RFC6698"/> replaces or supplements CA trust by publishing the certificate or key in DNSSEC; BRAID does not replace the WebPKI but layers additional, independent anchors on top of it, and forging a certificate requires defeating several at once. BRAID also avoids DANE-for-web's principal deployment blocker --- in-band DNSSEC parsing by browsers --- by validating DNSSEC at the resolver and transporting proofs by reference (<xref target="transport"/>).</t>
      <t>BRAID is the successor to must-staple, not a competitor to it. The TLS Feature extension <xref target="RFC7633"/> pioneered the signed-in requirement that BRAID depends on, and BRAID reuses the extension itself (<xref target="binding"/>). Where must-staple required fresh evidence from a third party the operator did not control --- the CA's OCSP responder, whose outages forced soft-fail and ultimately deprecation --- BRAID requires evidence the operator publishes and refreshes itself, aligning the availability burden with the party able to carry it, and adds negotiation (<xref target="negotiation"/>) so that enforcement never strands a legacy client.</t>
      <t>Academic proposals such as Delegation Certificates explore CA-independent delegation with built-in subdomain and delegation-depth scoping. BRAID instead achieves equivalent scoping at the policy layer, via the delegated name constraints of <xref target="identity-constraints"/>, so that it can reuse the standards-track Delegated Credentials <xref target="RFC9345"/> rather than depend on a non-standardized credential format; such a format could be adopted later as an additional Identity-strand substrate without changing the model.</t>
      <table>
        <thead>
          <tr>
            <th align="left">Capability</th>
            <th align="left">TLS/WebPKI</th>
            <th align="left">OCSP Must-Staple (RFC 7633)</th>
            <th align="left">DANE</th>
            <th align="left">Delegated Creds (RFC 9345)</th>
            <th align="left">BRAID</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td align="left">Independent of CA trust</td>
            <td align="left">No</td>
            <td align="left">No</td>
            <td align="left">Yes</td>
            <td align="left">No</td>
            <td align="left">Layered (multi-anchor)</td>
          </tr>
          <tr>
            <td align="left">Owner-controlled revocation</td>
            <td align="left">No</td>
            <td align="left">No</td>
            <td align="left">Yes</td>
            <td align="left">No</td>
            <td align="left">Yes</td>
          </tr>
          <tr>
            <td align="left">Revocation is mandatory to use</td>
            <td align="left">No</td>
            <td align="left">Signed-in, but soft-failed in practice</td>
            <td align="left">Optional</td>
            <td align="left">N/A</td>
            <td align="left">Yes (structural)</td>
          </tr>
          <tr>
            <td align="left">Freshness evidence controlled by</td>
            <td align="left">n/a</td>
            <td align="left">CA's OCSP responder</td>
            <td align="left">Owner (DNS)</td>
            <td align="left">Operator (unanchored)</td>
            <td align="left">Owner (DNSSEC anchor)</td>
          </tr>
          <tr>
            <td align="left">Safe for legacy clients</td>
            <td align="left">Yes</td>
            <td align="left">Yes</td>
            <td align="left">Yes</td>
            <td align="left">Yes</td>
            <td align="left">Yes (negotiated; <xref target="negotiation"/>)</td>
          </tr>
          <tr>
            <td align="left">Routing-aware</td>
            <td align="left">No</td>
            <td align="left">No</td>
            <td align="left">No</td>
            <td align="left">No</td>
            <td align="left">Yes (optional)</td>
          </tr>
          <tr>
            <td align="left">In-band browser DNSSEC/RPKI parsing</td>
            <td align="left">No</td>
            <td align="left">No</td>
            <td align="left">Yes (issue)</td>
            <td align="left">No</td>
            <td align="left">No (resolver-side)</td>
          </tr>
          <tr>
            <td align="left">Steady-state handshake overhead</td>
            <td align="left">Low</td>
            <td align="left">Low + staple</td>
            <td align="left">High (in-band DNSSEC)</td>
            <td align="left">Low (+~1 KB)</td>
            <td align="left">Low (references + DC)</td>
          </tr>
          <tr>
            <td align="left">Short-lived key reuse of a standard</td>
            <td align="left">n/a</td>
            <td align="left">n/a</td>
            <td align="left">n/a</td>
            <td align="left">Yes</td>
            <td align="left">Yes (uses RFC 9345)</td>
          </tr>
          <tr>
            <td align="left">Long-lived certificate, low churn</td>
            <td align="left">No</td>
            <td align="left">No</td>
            <td align="left">Partial</td>
            <td align="left">n/a</td>
            <td align="left">Yes (up to 5 yr; <xref target="validity"/>)</td>
          </tr>
        </tbody>
      </table>
    </section>
    <section anchor="performance">
      <name>Performance Considerations</name>
      <t>The principal objection to any multi-strand certificate is performance. An early design that stapled complete DNSSEC and RPKI proofs in band would have produced a server flight exceeding ten kilobytes and would have required clients to act as RPKI validators. The architecture of this document is shaped specifically to avoid both outcomes; this section gives concrete budgets rather than assurances. The figures below are order-of-magnitude estimates for typical ECDSA P-256 deployments and will vary with algorithm and chain length.</t>
      <section anchor="perf-size">
        <name>Handshake size and the initial congestion window</name>
        <t>The relevant constraint is the IW10 initial congestion window of approximately 14,600 bytes (ten segments) <xref target="RFC6928"/>: a server flight that fits within it completes in one round trip, while a flight that exceeds it incurs additional round trips and exposure to loss. The table contrasts the rejected in-band design with the steady-state flight of this document.</t>
        <table>
          <thead>
            <tr>
              <th align="left">Server's first-flight component</th>
              <th align="left">In-band design (rejected)</th>
              <th align="left">This document (steady state)</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">Authority certificate chain</td>
              <td align="left">~3 KB</td>
              <td align="left">~3 KB</td>
            </tr>
            <tr>
              <td align="left">Delegated Credential (Identity)</td>
              <td align="left">n/a</td>
              <td align="left">~0.5--1 KB</td>
            </tr>
            <tr>
              <td align="left">DNSSEC chain to BRAID Anchor</td>
              <td align="left">1.5--3 KB stapled</td>
              <td align="left">0 (by reference; resolver-validated)</td>
            </tr>
            <tr>
              <td align="left">RPKI objects (Routing)</td>
              <td align="left">2--5 KB stapled</td>
              <td align="left">0 (resolver-side; not on client)</td>
            </tr>
            <tr>
              <td align="left">Witness / inclusion proofs</td>
              <td align="left">1--2 KB</td>
              <td align="left">~32--100 B (reference)</td>
            </tr>
            <tr>
              <td align="left">
                <tt>braid_chain</tt> references</td>
              <td align="left">n/a</td>
              <td align="left">~100--300 B</td>
            </tr>
            <tr>
              <td align="left">
                <strong>Total server flight</strong></td>
              <td align="left">
                <strong>~10--15+ KB</strong></td>
              <td align="left">
                <strong>~4--4.5 KB</strong></td>
            </tr>
          </tbody>
        </table>
        <t>The steady-state BRAID-Routed flight stays well within IW10 and completes in the same single round trip as a conventional TLS 1.3 handshake <xref target="RFC8446"/>. Reference-based transport (<xref target="transport"/>) and resolver-side routing validation (<xref target="routing"/>) are precisely what remove the multi-kilobyte components that would otherwise overflow the window.</t>
      </section>
      <section anchor="perf-cache">
        <name>Cold start and caching</name>
        <t>The reference model trades a rare fetch for a small steady state. On a cache miss --- a client that has not recently validated a given domain's DNSSEC chain --- the client obtains the chain once, either as an in-band fallback (which adds only the DNSSEC chain and typically still fits within IW10) or, preferably, out of band from the server or a privacy-preserving repository off the latency-critical path (<xref target="transport"/>). Because the referenced material changes on the order of the freshness window (up to seven days) rather than per connection, the amortized per-connection cost approaches zero, and clients MAY prefetch popular chains. Even the worst case --- a cold in-band fallback --- is no worse than a single conventional handshake with a large certificate chain, and the common case adds nothing. This is strictly better than OCSP, which imposed a third-party query and a privacy leak on every connection.</t>
      </section>
      <section anchor="perf-cpu">
        <name>Client computation</name>
        <t>In steady state a BRAID client performs: the certificate-chain verification it already performs today (Authority strand); one additional signature verification for the Delegated Credential plus its handshake signature (Identity strand) --- the same incremental cost as deploying <xref target="RFC9345"/> alone; a constant-time cache lookup and hash comparison per <tt>braid_chain</tt> reference; a hash-set membership test of the credential key against the Anchor RRset (<xref target="identity"/>); and, for the Routing strand, a lookup against routing data the client's resolver has already validated. The client does not parse RPKI objects, verify AS-resource extensions cryptographically, or maintain Trust Anchor Locators for the Regional Internet Registries. Published measurements showing that certificate parsing and signature verification dominate RPKI relying-party CPU describe exactly the work this document keeps off the client; that cost remains in the dedicated relying-party software where it already lives and is fed to the client's resolver over RTR <xref target="RFC6810"/>/<xref target="RFC8210"/>. The net added client cost over a present-day TLS 1.3 handshake is therefore on the order of a single signature verification, negligible beside the key exchange the handshake already performs.</t>
      </section>
      <section anchor="perf-amp">
        <name>Amplification and QUIC</name>
        <t>Reference-based transport also avoids turning the server into an amplifier: the bulky proof material is fetched by the client on demand rather than emitted unsolicited. This matters for QUIC, where a server may send no more than three times the data it has received before validating the client's address; a compact server flight keeps a BRAID handshake within that anti-amplification limit, whereas a multi-kilobyte stapled flight would risk exceeding it and stalling the handshake behind address validation.</t>
      </section>
      <section anchor="perf-server">
        <name>Server cost</name>
        <t>A server mints a fresh Delegated Credential at most once per freshness window, not per connection, and otherwise serves static references; both are cheap and cacheable across all connections. The accompanying Anchor RRset update is one DNS operation per rotation, executed by the same automation. A Witness co-signature, where used, is obtained out of band when the certificate is provisioned, never on the connection path. BRAID therefore adds no per-connection asymmetric operation to the server beyond what <xref target="RFC9345"/> already entails.</t>
      </section>
    </section>
    <section anchor="pq">
      <name>Cryptographic Agility and Post-Quantum Migration</name>
      <t>Each strand is signature-algorithm agnostic and migrates independently. The Authority strand follows CA/WebPKI algorithm policy; the Identity strand's Delegated Credentials negotiate their own scheme <xref target="RFC9345"/>, which also makes them a convenient early vehicle for post-quantum handshake signatures without reissuing the certificate; the Routing and Witness strands carry their own algorithm identifiers. An operator can therefore introduce post-quantum signatures in one strand without waiting for the others, and a relying party can require post-quantum protection per strand via policy.</t>
    </section>
    <section anchor="security">
      <name>Security Considerations</name>
      <t><strong>Downgrade and stripping.</strong> The validity requirement is carried in a critical certificate extension, reinforced by the TLS Feature extension <xref target="RFC7633"/>, and, for enrolled domains, in the policy record and preloaded set of <xref target="negotiation"/>; an attacker can withhold a strand but cannot make a BRAID certificate validate without it. The negotiation of <xref target="negotiation"/> introduces a first-contact downgrade surface --- substitution of a conventional certificate before the client learns the domain's BRAID policy --- whose mitigations and residual exposure are analyzed there; operators for whom that residue is unacceptable use preloading.</t>
      <t><strong>Single-anchor concentration.</strong> Requiring independent strands ensures that compromise of the CA, the DNSSEC hierarchy, or the routing system alone is insufficient to forge a valid certificate. BRAID is defense-in-depth, not the replacement of one single point of failure with another.</t>
      <t><strong>Stolen keys.</strong> The two-key property of <xref target="identity-twokey"/> governs: theft of the end-entity private key alone does not permit impersonation of a BRAID-strict domain, because the thief's Delegated Credentials are not authorized by the owner's Anchor; theft of a credential key alone is bounded by the freshness window and cured by one Anchor rotation. The property collapses if the DNS update credential is co-resident with the TLS keys, which <xref target="identity-twokey"/> therefore counsels against; operators SHOULD treat that separation as part of the deployment, not an optimization.</t>
      <t><strong>Availability and the degradation path.</strong> Strict fail-closed operation couples web availability to the stability of DNSSEC and routing infrastructure. The staged policy (<xref target="deploy"/>), reference-based transport (<xref target="transport"/>), and bounded freshness windows reduce avoidable outages, and graceful degradation bounds the residual risk --- but degradation is itself an attack surface and MUST rely on unforgeable proof of outage; highest-assurance deployments SHOULD disable it.</t>
      <t><strong>Resolver trust.</strong> Origin-AS validation depends on the client's RPKI-validating resolver, and the channel to it is itself a target: an on-path adversary on an unauthenticated client-to-resolver link could spoof validation state or DNS responses. Clients SHOULD reach the validating resolver over an authenticated, encrypted transport such as DNS over TLS <xref target="RFC7858"/> or DNS over HTTPS <xref target="RFC8484"/>, and the resolver-to-router segment SHOULD use a secured RTR transport <xref target="RFC8210"/>. A relying party that can trust neither its routing data nor that channel MUST treat the Routing strand as unavailable rather than authoritative, or fall back to the witness-based detection of <xref target="routing"/>. The Identity strand's Anchor lookup carries the same dependency and the same remedy: a client that does not perform DNSSEC validation locally is trusting its resolver's validation result, so the authenticated-transport requirement applies equally to the Anchor query, and clients in hostile resolver environments SHOULD validate the Anchor RRset's DNSSEC chain themselves (the material the <tt>braid_chain</tt> reference already identifies; <xref target="transport"/>). The lookup introduces no new observer: it is directed to the same resolver that resolved the server's name and reveals nothing that name resolution did not already reveal.</t>
      <t><strong>Theft and relocation.</strong> Address binding (<xref target="routing"/>) confines a certificate to its authorized address(es); this is defeated only by an attacker who can hijack the bound prefix, which the origin-AS layer is designed to detect.</t>
      <t><strong>Delegated Credential considerations.</strong> The cross-protocol and clock-skew considerations of <xref target="RFC9345"/> apply unchanged to the Identity strand. Clock skew additionally bounds how aggressively an Anchor rotation takes effect; owners requiring immediate de-authorization SHOULD both rotate the Anchor and cease serving the excluded credential.</t>
      <t><strong>Privacy.</strong> Freshness and revocation are checked from cached and stapled material (<xref target="transport"/>, <xref target="revocation"/>); BRAID introduces no per-connection query to a third party and does not reproduce the OCSP privacy leak. Cache-miss fetches follow the privacy rules of <xref target="transport"/>, and the validated-origin query of <xref target="routing"/> is directed at the client's own chosen resolver, which already observes the client's name-resolution traffic.</t>
    </section>
    <section anchor="future">
      <name>Future Work</name>
      <t>The optional cryptographic use-gate of <xref target="witness"/> --- in which session-key establishment incorporates a secret share held only by authorized parties --- requires a concrete threshold or multi-party construction and a formal security analysis; it is out of scope for this version and is noted as future work. Also deferred: a formal model of the security invariant (<xref target="invariant"/>); the precise wire encodings of the <tt>braid_chain</tt> extension, the <tt>BRAIDBinding</tt> sequence, and the BRAID Anchor and Policy records; and the companion validated-origin query specification (<xref target="routing"/>).</t>
    </section>
    <section anchor="implstatus">
      <name>Implementation Status</name>
      <t><em>This section records the status of known implementations per <xref target="RFC7942"/>. RFC Editor: please remove this section before publication.</em></t>
      <t>No complete implementation of this document exists at the time of writing; Phases 0 and 1 of <xref target="phases"/> require none. The building blocks, however, are individually implemented and deployed: Delegated Credentials <xref target="RFC9345"/> ship in a major browser and in widely used TLS libraries and are deployed by large CDN operators; DNSSEC validation is standard in major recursive resolvers; Certificate Transparency logging, monitoring, and SCT verification <xref target="RFC6962"/>/<xref target="RFC9162"/> operate at web scale; compressed revocation snapshots in the CRLite style ship in a major browser; HSTS-style preload pipelines <xref target="RFC6797"/> are in production; and ACME automation <xref target="RFC8555"/> is the dominant issuance path. The authors intend to record here, in future revisions, Phase-0 monitor implementations and Phase-1 closed-ecosystem deployments as they are reported, and solicit such reports.</t>
    </section>
    <section anchor="iana">
      <name>IANA Considerations</name>
      <t>By reusing the TLS Feature extension <xref target="RFC7633"/>, the <xref target="RFC3779"/> resource types, Subject Information Access, GeneralSubtrees, and the <xref target="RFC6962"/>/<xref target="RFC9162"/> timestamp and log structures, this document keeps its registration footprint small. It requests:</t>
      <ul spacing="normal">
        <li>
          <t>a TLS ExtensionType for <tt>braid_chain</tt> in the TLS ExtensionType Values registry;</t>
        </li>
        <li>
          <t>a single object identifier for the <tt>BRAIDBinding</tt> certificate extension, within which all BRAID parameters --- strand bitmap, freshness windows, routing constraints, delegated name constraints, and witness parameters --- are serialized, so that no parallel certificate-extension identifiers are required;</t>
        </li>
        <li>
          <t>a DNS RRTYPE for the BRAID Anchor record and a record format for the BRAID Policy record;</t>
        </li>
        <li>
          <t>a Certificate Transparency log entry type for witness attestations and one for revocation entries (<xref target="witness"/>, <xref target="revocation"/>); and</t>
        </li>
        <li>
          <t>registries for BRAID policy modes, strand identifiers, and degradation parameters.</t>
        </li>
      </ul>
      <t>Several of these registrations require coordination beyond the TLS Working Group. The BRAID Anchor and BRAID Policy RRTYPEs require DNS expert review and are expected to involve the DNSOP community; the validated-origin query of <xref target="routing"/> belongs jointly to DNSOP and SIDROPS; and the <tt>BRAIDBinding</tt> ASN.1, including its syntax-only import of the <xref target="RFC3779"/> resource types (<xref target="binding"/>), warrants LAMPS review. Early review by those groups is anticipated, and the authors expect initial dispatch discussion to determine the appropriate venue for each component.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
        <reference anchor="RFC3779">
          <front>
            <title>X.509 Extensions for IP Addresses and AS Identifiers</title>
            <author fullname="C. Lynn" initials="C." surname="Lynn"/>
            <author fullname="S. Kent" initials="S." surname="Kent"/>
            <author fullname="K. Seo" initials="K." surname="Seo"/>
            <date month="June" year="2004"/>
            <abstract>
              <t>This document defines two X.509 v3 certificate extensions. The first binds a list of IP address blocks, or prefixes, to the subject of a certificate. The second binds a list of autonomous system identifiers to the subject of a certificate. These extensions may be used to convey the authorization of the subject to use the IP addresses and autonomous system identifiers contained in the extensions. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="3779"/>
          <seriesInfo name="DOI" value="10.17487/RFC3779"/>
        </reference>
        <reference anchor="RFC5280">
          <front>
            <title>Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</title>
            <author fullname="D. Cooper" initials="D." surname="Cooper"/>
            <author fullname="S. Santesson" initials="S." surname="Santesson"/>
            <author fullname="S. Farrell" initials="S." surname="Farrell"/>
            <author fullname="S. Boeyen" initials="S." surname="Boeyen"/>
            <author fullname="R. Housley" initials="R." surname="Housley"/>
            <author fullname="W. Polk" initials="W." surname="Polk"/>
            <date month="May" year="2008"/>
            <abstract>
              <t>This memo profiles the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) for use in the Internet. An overview of this approach and model is provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail along with standard and Internet-specific extensions. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5280"/>
          <seriesInfo name="DOI" value="10.17487/RFC5280"/>
        </reference>
        <reference anchor="RFC6125">
          <front>
            <title>Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)</title>
            <author fullname="P. Saint-Andre" initials="P." surname="Saint-Andre"/>
            <author fullname="J. Hodges" initials="J." surname="Hodges"/>
            <date month="March" year="2011"/>
            <abstract>
              <t>Many application technologies enable secure communication between two entities by means of Internet Public Key Infrastructure Using X.509 (PKIX) certificates in the context of Transport Layer Security (TLS). This document specifies procedures for representing and verifying the identity of application services in such interactions. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6125"/>
          <seriesInfo name="DOI" value="10.17487/RFC6125"/>
        </reference>
        <reference anchor="RFC7633">
          <front>
            <title>X.509v3 Transport Layer Security (TLS) Feature Extension</title>
            <author fullname="P. Hallam-Baker" initials="P." surname="Hallam-Baker"/>
            <date month="October" year="2015"/>
            <abstract>
              <t>The purpose of the TLS feature extension is to prevent downgrade attacks that are not otherwise prevented by the TLS protocol. In particular, the TLS feature extension may be used to mandate support for revocation checking features in the TLS protocol such as Online Certificate Status Protocol (OCSP) stapling. Informing clients that an OCSP status response will always be stapled permits an immediate failure in the case that the response is not stapled. This in turn prevents a denial-of-service attack that might otherwise be possible.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7633"/>
          <seriesInfo name="DOI" value="10.17487/RFC7633"/>
        </reference>
        <reference anchor="RFC8446">
          <front>
            <title>The Transport Layer Security (TLS) Protocol Version 1.3</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <date month="August" year="2018"/>
            <abstract>
              <t>This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
              <t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8446"/>
          <seriesInfo name="DOI" value="10.17487/RFC8446"/>
        </reference>
        <reference anchor="RFC9345">
          <front>
            <title>Delegated Credentials for TLS and DTLS</title>
            <author fullname="R. Barnes" initials="R." surname="Barnes"/>
            <author fullname="S. Iyengar" initials="S." surname="Iyengar"/>
            <author fullname="N. Sullivan" initials="N." surname="Sullivan"/>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <date month="July" year="2023"/>
            <abstract>
              <t>The organizational separation between operators of TLS and DTLS endpoints and the certification authority can create limitations. For example, the lifetime of certificates, how they may be used, and the algorithms they support are ultimately determined by the Certification Authority (CA). This document describes a mechanism to overcome some of these limitations by enabling operators to delegate their own credentials for use in TLS and DTLS without breaking compatibility with peers that do not support this specification.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9345"/>
          <seriesInfo name="DOI" value="10.17487/RFC9345"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC6376">
          <front>
            <title>DomainKeys Identified Mail (DKIM) Signatures</title>
            <author fullname="D. Crocker" initials="D." role="editor" surname="Crocker"/>
            <author fullname="T. Hansen" initials="T." role="editor" surname="Hansen"/>
            <author fullname="M. Kucherawy" initials="M." role="editor" surname="Kucherawy"/>
            <date month="September" year="2011"/>
            <abstract>
              <t>DomainKeys Identified Mail (DKIM) permits a person, role, or organization that owns the signing domain to claim some responsibility for a message by associating the domain with the message. This can be an author's organization, an operational relay, or one of their agents. DKIM separates the question of the identity of the Signer of the message from the purported author of the message. Assertion of responsibility is validated through a cryptographic signature and by querying the Signer's domain directly to retrieve the appropriate public key. Message transit from author to recipient is through relays that typically make no substantive change to the message content and thus preserve the DKIM signature.</t>
              <t>This memo obsoletes RFC 4871 and RFC 5672. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="76"/>
          <seriesInfo name="RFC" value="6376"/>
          <seriesInfo name="DOI" value="10.17487/RFC6376"/>
        </reference>
        <reference anchor="RFC6480">
          <front>
            <title>An Infrastructure to Support Secure Internet Routing</title>
            <author fullname="M. Lepinski" initials="M." surname="Lepinski"/>
            <author fullname="S. Kent" initials="S." surname="Kent"/>
            <date month="February" year="2012"/>
            <abstract>
              <t>This document describes an architecture for an infrastructure to support improved security of Internet routing. The foundation of this architecture is a Resource Public Key Infrastructure (RPKI) that represents the allocation hierarchy of IP address space and Autonomous System (AS) numbers; and a distributed repository system for storing and disseminating the data objects that comprise the RPKI, as well as other signed objects necessary for improved routing security. As an initial application of this architecture, the document describes how a legitimate holder of IP address space can explicitly and verifiably authorize one or more ASes to originate routes to that address space. Such verifiable authorizations could be used, for example, to more securely construct BGP route filters. This document is not an Internet Standards Track specification; it is published for informational purposes.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6480"/>
          <seriesInfo name="DOI" value="10.17487/RFC6480"/>
        </reference>
        <reference anchor="RFC6482">
          <front>
            <title>A Profile for Route Origin Authorizations (ROAs)</title>
            <author fullname="M. Lepinski" initials="M." surname="Lepinski"/>
            <author fullname="S. Kent" initials="S." surname="Kent"/>
            <author fullname="D. Kong" initials="D." surname="Kong"/>
            <date month="February" year="2012"/>
            <abstract>
              <t>This document defines a standard profile for Route Origin Authorizations (ROAs). A ROA is a digitally signed object that provides a means of verifying that an IP address block holder has authorized an Autonomous System (AS) to originate routes to one or more prefixes within the address block. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6482"/>
          <seriesInfo name="DOI" value="10.17487/RFC6482"/>
        </reference>
        <reference anchor="RFC6698">
          <front>
            <title>The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA</title>
            <author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
            <author fullname="J. Schlyter" initials="J." surname="Schlyter"/>
            <date month="August" year="2012"/>
            <abstract>
              <t>Encrypted communication on the Internet often uses Transport Layer Security (TLS), which depends on third parties to certify the keys used. This document improves on that situation by enabling the administrators of domain names to specify the keys used in that domain's TLS servers. This requires matching improvements in TLS client software, but no change in TLS server software. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6698"/>
          <seriesInfo name="DOI" value="10.17487/RFC6698"/>
        </reference>
        <reference anchor="RFC6797">
          <front>
            <title>HTTP Strict Transport Security (HSTS)</title>
            <author fullname="J. Hodges" initials="J." surname="Hodges"/>
            <author fullname="C. Jackson" initials="C." surname="Jackson"/>
            <author fullname="A. Barth" initials="A." surname="Barth"/>
            <date month="November" year="2012"/>
            <abstract>
              <t>This specification defines a mechanism enabling web sites to declare themselves accessible only via secure connections and/or for users to be able to direct their user agent(s) to interact with given sites only over secure connections. This overall policy is referred to as HTTP Strict Transport Security (HSTS). The policy is declared by web sites via the Strict-Transport-Security HTTP response header field and/or by other means, such as user agent configuration, for example. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6797"/>
          <seriesInfo name="DOI" value="10.17487/RFC6797"/>
        </reference>
        <reference anchor="RFC6810">
          <front>
            <title>The Resource Public Key Infrastructure (RPKI) to Router Protocol</title>
            <author fullname="R. Bush" initials="R." surname="Bush"/>
            <author fullname="R. Austein" initials="R." surname="Austein"/>
            <date month="January" year="2013"/>
            <abstract>
              <t>In order to verifiably validate the origin Autonomous Systems of BGP announcements, routers need a simple but reliable mechanism to receive Resource Public Key Infrastructure (RFC 6480) prefix origin data from a trusted cache. This document describes a protocol to deliver validated prefix origin data to routers. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6810"/>
          <seriesInfo name="DOI" value="10.17487/RFC6810"/>
        </reference>
        <reference anchor="RFC6928">
          <front>
            <title>Increasing TCP's Initial Window</title>
            <author fullname="J. Chu" initials="J." surname="Chu"/>
            <author fullname="N. Dukkipati" initials="N." surname="Dukkipati"/>
            <author fullname="Y. Cheng" initials="Y." surname="Cheng"/>
            <author fullname="M. Mathis" initials="M." surname="Mathis"/>
            <date month="April" year="2013"/>
            <abstract>
              <t>This document proposes an experiment to increase the permitted TCP initial window (IW) from between 2 and 4 segments, as specified in RFC 3390, to 10 segments with a fallback to the existing recommendation when performance issues are detected. It discusses the motivation behind the increase, the advantages and disadvantages of the higher initial window, and presents results from several large-scale experiments showing that the higher initial window improves the overall performance of many web services without resulting in a congestion collapse. The document closes with a discussion of usage and deployment for further experimental purposes recommended by the IETF TCP Maintenance and Minor Extensions (TCPM) working group.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6928"/>
          <seriesInfo name="DOI" value="10.17487/RFC6928"/>
        </reference>
        <reference anchor="RFC6962">
          <front>
            <title>Certificate Transparency</title>
            <author fullname="B. Laurie" initials="B." surname="Laurie"/>
            <author fullname="A. Langley" initials="A." surname="Langley"/>
            <author fullname="E. Kasper" initials="E." surname="Kasper"/>
            <date month="June" year="2013"/>
            <abstract>
              <t>This document describes an experimental protocol for publicly logging the existence of Transport Layer Security (TLS) certificates as they are issued or observed, in a manner that allows anyone to audit certificate authority (CA) activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves. The intent is that eventually clients would refuse to honor certificates that do not appear in a log, effectively forcing CAs to add all issued certificates to the logs.</t>
              <t>Logs are network services that implement the protocol operations for submissions and queries that are defined in this document.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6962"/>
          <seriesInfo name="DOI" value="10.17487/RFC6962"/>
        </reference>
        <reference anchor="RFC7208">
          <front>
            <title>Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1</title>
            <author fullname="S. Kitterman" initials="S." surname="Kitterman"/>
            <date month="April" year="2014"/>
            <abstract>
              <t>Email on the Internet can be forged in a number of ways. In particular, existing protocols place no restriction on what a sending host can use as the "MAIL FROM" of a message or the domain given on the SMTP HELO/EHLO commands. This document describes version 1 of the Sender Policy Framework (SPF) protocol, whereby ADministrative Management Domains (ADMDs) can explicitly authorize the hosts that are allowed to use their domain names, and a receiving host can check such authorization.</t>
              <t>This document obsoletes RFC 4408.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7208"/>
          <seriesInfo name="DOI" value="10.17487/RFC7208"/>
        </reference>
        <reference anchor="RFC7489">
          <front>
            <title>Domain-based Message Authentication, Reporting, and Conformance (DMARC)</title>
            <author fullname="M. Kucherawy" initials="M." role="editor" surname="Kucherawy"/>
            <author fullname="E. Zwicky" initials="E." role="editor" surname="Zwicky"/>
            <date month="March" year="2015"/>
            <abstract>
              <t>Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a scalable mechanism by which a mail-originating organization can express domain-level policies and preferences for message validation, disposition, and reporting, that a mail-receiving organization can use to improve mail handling.</t>
              <t>Originators of Internet Mail need to be able to associate reliable and authenticated domain identifiers with messages, communicate policies about messages that use those identifiers, and report about mail using those identifiers. These abilities have several benefits: Receivers can provide feedback to Domain Owners about the use of their domains; this feedback can provide valuable insight about the management of internal operations and the presence of external domain name abuse.</t>
              <t>DMARC does not produce or encourage elevated delivery privilege of authenticated email. DMARC is a mechanism for policy distribution that enables increasingly strict handling of messages that fail authentication checks, ranging from no action, through altered delivery, up to message rejection.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7489"/>
          <seriesInfo name="DOI" value="10.17487/RFC7489"/>
        </reference>
        <reference anchor="RFC7858">
          <front>
            <title>Specification for DNS over Transport Layer Security (TLS)</title>
            <author fullname="Z. Hu" initials="Z." surname="Hu"/>
            <author fullname="L. Zhu" initials="L." surname="Zhu"/>
            <author fullname="J. Heidemann" initials="J." surname="Heidemann"/>
            <author fullname="A. Mankin" initials="A." surname="Mankin"/>
            <author fullname="D. Wessels" initials="D." surname="Wessels"/>
            <author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
            <date month="May" year="2016"/>
            <abstract>
              <t>This document describes the use of Transport Layer Security (TLS) to provide privacy for DNS. Encryption provided by TLS eliminates opportunities for eavesdropping and on-path tampering with DNS queries in the network, such as discussed in RFC 7626. In addition, this document specifies two usage profiles for DNS over TLS and provides advice on performance considerations to minimize overhead from using TCP and TLS with DNS.</t>
              <t>This document focuses on securing stub-to-recursive traffic, as per the charter of the DPRIVE Working Group. It does not prevent future applications of the protocol to recursive-to-authoritative traffic.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7858"/>
          <seriesInfo name="DOI" value="10.17487/RFC7858"/>
        </reference>
        <reference anchor="RFC7942">
          <front>
            <title>Improving Awareness of Running Code: The Implementation Status Section</title>
            <author fullname="Y. Sheffer" initials="Y." surname="Sheffer"/>
            <author fullname="A. Farrel" initials="A." surname="Farrel"/>
            <date month="July" year="2016"/>
            <abstract>
              <t>This document describes a simple process that allows authors of Internet-Drafts to record the status of known implementations by including an Implementation Status section. This will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature.</t>
              <t>This process is not mandatory. Authors of Internet-Drafts are encouraged to consider using the process for their documents, and working groups are invited to think about applying the process to all of their protocol specifications. This document obsoletes RFC 6982, advancing it to a Best Current Practice.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="205"/>
          <seriesInfo name="RFC" value="7942"/>
          <seriesInfo name="DOI" value="10.17487/RFC7942"/>
        </reference>
        <reference anchor="RFC8210">
          <front>
            <title>The Resource Public Key Infrastructure (RPKI) to Router Protocol, Version 1</title>
            <author fullname="R. Bush" initials="R." surname="Bush"/>
            <author fullname="R. Austein" initials="R." surname="Austein"/>
            <date month="September" year="2017"/>
            <abstract>
              <t>In order to verifiably validate the origin Autonomous Systems and Autonomous System Paths of BGP announcements, routers need a simple but reliable mechanism to receive Resource Public Key Infrastructure (RFC 6480) prefix origin data and router keys from a trusted cache. This document describes a protocol to deliver them.</t>
              <t>This document describes version 1 of the RPKI-Router protocol. RFC 6810 describes version 0. This document updates RFC 6810.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8210"/>
          <seriesInfo name="DOI" value="10.17487/RFC8210"/>
        </reference>
        <reference anchor="RFC8484">
          <front>
            <title>DNS Queries over HTTPS (DoH)</title>
            <author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
            <author fullname="P. McManus" initials="P." surname="McManus"/>
            <date month="October" year="2018"/>
            <abstract>
              <t>This document defines a protocol for sending DNS queries and getting DNS responses over HTTPS. Each DNS query-response pair is mapped into an HTTP exchange.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8484"/>
          <seriesInfo name="DOI" value="10.17487/RFC8484"/>
        </reference>
        <reference anchor="RFC8555">
          <front>
            <title>Automatic Certificate Management Environment (ACME)</title>
            <author fullname="R. Barnes" initials="R." surname="Barnes"/>
            <author fullname="J. Hoffman-Andrews" initials="J." surname="Hoffman-Andrews"/>
            <author fullname="D. McCarney" initials="D." surname="McCarney"/>
            <author fullname="J. Kasten" initials="J." surname="Kasten"/>
            <date month="March" year="2019"/>
            <abstract>
              <t>Public Key Infrastructure using X.509 (PKIX) certificates are used for a number of purposes, the most significant of which is the authentication of domain names. Thus, certification authorities (CAs) in the Web PKI are trusted to verify that an applicant for a certificate legitimately represents the domain name(s) in the certificate. As of this writing, this verification is done through a collection of ad hoc mechanisms. This document describes a protocol that a CA and an applicant can use to automate the process of verification and certificate issuance. The protocol also provides facilities for other certificate management functions, such as certificate revocation.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8555"/>
          <seriesInfo name="DOI" value="10.17487/RFC8555"/>
        </reference>
        <reference anchor="RFC8914">
          <front>
            <title>Extended DNS Errors</title>
            <author fullname="W. Kumari" initials="W." surname="Kumari"/>
            <author fullname="E. Hunt" initials="E." surname="Hunt"/>
            <author fullname="R. Arends" initials="R." surname="Arends"/>
            <author fullname="W. Hardaker" initials="W." surname="Hardaker"/>
            <author fullname="D. Lawrence" initials="D." surname="Lawrence"/>
            <date month="October" year="2020"/>
            <abstract>
              <t>This document defines an extensible method to return additional information about the cause of DNS errors. Though created primarily to extend SERVFAIL to provide additional information about the cause of DNS and DNSSEC failures, the Extended DNS Errors option defined in this document allows all response types to contain extended error information. Extended DNS Error information does not change the processing of RCODEs.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8914"/>
          <seriesInfo name="DOI" value="10.17487/RFC8914"/>
        </reference>
        <reference anchor="RFC9102">
          <front>
            <title>TLS DNSSEC Chain Extension</title>
            <author fullname="V. Dukhovni" initials="V." surname="Dukhovni"/>
            <author fullname="S. Huque" initials="S." surname="Huque"/>
            <author fullname="W. Toorop" initials="W." surname="Toorop"/>
            <author fullname="P. Wouters" initials="P." surname="Wouters"/>
            <author fullname="M. Shore" initials="M." surname="Shore"/>
            <date month="August" year="2021"/>
            <abstract>
              <t>This document describes an experimental TLS extension for the in-band transport of the complete set of records that can be validated by DNSSEC and that are needed to perform DNS-Based Authentication of Named Entities (DANE) of a TLS server. This extension obviates the need to perform separate, out-of-band DNS lookups. When the requisite DNS records do not exist, the extension conveys a denial-of-existence proof that can be validated.</t>
              <t>This experimental extension is developed outside the IETF and is published here to guide implementation of the extension and to ensure interoperability among implementations.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9102"/>
          <seriesInfo name="DOI" value="10.17487/RFC9102"/>
        </reference>
        <reference anchor="RFC9162">
          <front>
            <title>Certificate Transparency Version 2.0</title>
            <author fullname="B. Laurie" initials="B." surname="Laurie"/>
            <author fullname="E. Messeri" initials="E." surname="Messeri"/>
            <author fullname="R. Stradling" initials="R." surname="Stradling"/>
            <date month="December" year="2021"/>
            <abstract>
              <t>This document describes version 2.0 of the Certificate Transparency (CT) protocol for publicly logging the existence of Transport Layer Security (TLS) server certificates as they are issued or observed, in a manner that allows anyone to audit certification authority (CA) activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves. The intent is that eventually clients would refuse to honor certificates that do not appear in a log, effectively forcing CAs to add all issued certificates to the logs.</t>
              <t>This document obsoletes RFC 6962. It also specifies a new TLS extension that is used to send various CT log artifacts.</t>
              <t>Logs are network services that implement the protocol operations for submissions and queries that are defined in this document.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9162"/>
          <seriesInfo name="DOI" value="10.17487/RFC9162"/>
        </reference>
        <reference anchor="RFC9458">
          <front>
            <title>Oblivious HTTP</title>
            <author fullname="M. Thomson" initials="M." surname="Thomson"/>
            <author fullname="C. A. Wood" initials="C. A." surname="Wood"/>
            <date month="January" year="2024"/>
            <abstract>
              <t>This document describes Oblivious HTTP, a protocol for forwarding encrypted HTTP messages. Oblivious HTTP allows a client to make multiple requests to an origin server without that server being able to link those requests to the client or to identify the requests as having come from the same client, while placing only limited trust in the nodes used to forward the messages.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9458"/>
          <seriesInfo name="DOI" value="10.17487/RFC9458"/>
        </reference>
      </references>
    </references>
    <?line 427?>

<section anchor="changelog">
      <name>Change Log</name>
      <t><em>RFC Editor: please remove this section before publication.</em></t>
      <t>Changes from draft-braid-tls-double-secure-01 (this document replaces that draft; the "replaces" relationship should be declared at submission):</t>
      <ul spacing="normal">
        <li>
          <t>Added <xref target="negotiation"/>: BRAID support is negotiated via the ClientHello <tt>braid_chain</tt> offer; servers present BRAID certificates only to BRAID-capable clients and conventional certificates otherwise, with downgrade resistance via the policy record, preloading, and policy caching. Resolves the conflict between the critical <tt>BRAIDBinding</tt> extension and legacy-client compatibility.</t>
        </li>
        <li>
          <t>Made the Identity strand construction precise (<xref target="identity"/>): the BRAID Anchor is a DNSSEC-signed allowlist of Delegated Credential public keys; Delegated Credentials are used per RFC 9345 unchanged; stated and analyzed the resulting two-key security property, closing the stolen end-entity-key gap in the -01 text.</t>
        </li>
        <li>
          <t>Named the validated-origin (stub-to-resolver) query as new companion work (<xref target="routing"/>); repositioned the Routing strand relative to Multi-Perspective Issuance Corroboration as a use-time defense.</t>
        </li>
        <li>
          <t>Reused existing certificate structures throughout (<xref target="binding"/>): TLS Feature (RFC 7633) as the requirement flag; RFC 3779 resource types for routing parameters (see the -02 external-review bullet below); Subject Information Access for locators; GeneralSubtrees for delegated name constraints; SCT-format witness attestations and revocation entries. Reduced the IANA footprint accordingly.</t>
        </li>
        <li>
          <t>Added must-staple lineage and comparison rows; added privacy rules for cache-miss fetches (server-fetch or Oblivious HTTP); acknowledged the CA/Browser Forum governance boundary on validity periods; renamed the profile "BRAID Double-Secure" to "BRAID-Routed"; renamed the draft from draft-braid-tls-double-secure.</t>
        </li>
        <li>
          <t>Added <xref target="phases"/>: a five-phase deployment path in which Phase 0 (observe: TXT-form Anchor, Delegated Credentials, out-of-band monitoring and aggregate reporting) runs today with no new code, Phase 1 (closed-ecosystem enforcement under private root programs) runs today, and the public-web security benefit (Phase 2) is explicitly decoupled from the extended-lifetime benefit (Phase 3). Added the <tt>_braid</tt> TXT interim publication form for the Anchor per the SPF/DKIM/DMARC precedent, and an RFC 7942 Implementation Status section.</t>
        </li>
        <li>
          <t>Witness strand: added <xref target="witness-eligibility"/>, stating that the witness role is open to any party meeting the technical requirements and normatively requiring operational independence from both the issuing CA and the subscriber; added the optional witnessed-freshness mode (<xref target="witness-freshness"/>), giving the Witness strand a renewal-based revocation lever independent of every other strand, with its availability trade-off stated; added the corresponding threat-table row and <tt>BRAIDBinding</tt> field.</t>
        </li>
        <li>
          <t>Fact-check corrections: Phase 2 now correctly states that public issuance requires a scoped CA/Browser Forum certificate-profile ballot to permit the BRAID extensions (a permission-to-carry change, severable from lifetimes), rather than claiming no root-program ask;  the resolver-trust security consideration now covers the Identity strand's Anchor lookup, with a local-validation remedy and a no-new-observer privacy note; the TLS 1.3 floor inherited from <xref target="RFC9345"/> is stated explicitly; and the DNSSEC-adoption bound on the addressable base is acknowledged in <xref target="deployprofiles"/>.</t>
        </li>
        <li>
          <t>Incorporated external review: routing parameters moved from the <xref target="RFC3779"/> extension OIDs to a native <tt>BRAIDRoutingConstraints</tt> field importing only that RFC's ASN.1 types, on the semantic ground that <xref target="RFC3779"/> extensions assert resource holdership validated up the IANA delegation chain, which a WebPKI CA cannot attest --- this also removed the criticality deviation and shrank the root-program ask to one extension; defined two Routing-strand validation methods (resolver-validated, preventive; witness-corroborated, detective) so the profile is deployable before the validated-origin query standardizes, with the assurance difference stated normatively; added operational isolation rules for the BRAID certificate (never a default/fallback certificate; loud, safe-direction failure observable in monitor telemetry); added rotation-at-scale guidance for the Anchor (pre-publication, TTL bounds, staggered validity); stated plainly that Phase 0 involves no protocol implementation, with a per-phase strand status table.</t>
        </li>
        <li>
          <t>Incorporated a second external review selectively: added <xref target="transport-dos"/> (derivable per-handshake reference bound, verification-gated cache admission, recency eviction with per-origin limits, negative caching of failed fetches, and a justified 16 KB fetch size bound); added the suspect-path rule to the witness-corroborated Routing method (no degradation evidence may be sourced over a path under corroboration suspicion, since an on-path adversary can manufacture fetch failures); tightened delegated-name-constraint matching to lowercase A-label comparison with a whole-label-only wildcard rule and hard failure on malformed names, resolving the internationalized-name item previously deferred in <xref target="future"/>. Rejected from the same review: fixed arbitrary constants in favor of derivable or justified bounds, a mandate to fail closed when no Oblivious HTTP relay is available (an availability regression; the SHOULD-level privacy rules of <xref target="transport"/> stand), and a nonexistent TLS alert code.</t>
        </li>
      </ul>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA6W9a3MbV5It+l2/okL+YFIDUJYs2zJ5z4Om5G5F25aGZE9P
x40boyJQIMsCqjBVBdJsWf3bb66VmftRAGj1ORMTbooE6rF37nyuXDmdTh8N
9bCsjovHP7SbZl6ct5uhbq4nxelmuGm7erifFKX8/s28auST98WrciiLgx/O
T9+8Ojwuft4sh3p6MXT4zOVPF8VZ1Q31op6VQ9UXd/VwU8gfN7Nh05XLSfH2
rqm66VnbDF27XFZyu+q2lc/WbfP4UXl11VW3eBJcPL90etnHj+btrClX8tDz
rlwM03l5W91Ph2U/verKej796qtH+OB1290fF/0wf1Svu+NCHqMfnn/11fdf
PX9UdlUpN7qoZhu84uNHd2334bprN2v5rbzG40cfqnv53fz4UTEtZvHmxbJe
VEO9qvD7Ljw8/jWvltW1fGRezLqKq1Uue/zh1S8XF6/P8NP5u7+8GV8Q79ev
5YGa2T0//fPp+dmjfpC3/q9y2TbylvdV/2hdHxf/79DOJkXfdkNXLXr56X6F
H/6/R7JoXz8quWF44EeF/F/d9PIufzqSDZPVeczf6aI9/lPVdtdV+gf5d9nU
/+C7yAf4l+JPWI/ip5/O9DPVqqyXvjv/e7beHNXt40dN263ka7eV3Lg4//Hs
+bNn39uPL59998J+/Pq77/y33zx/+ZX9+O2z59/Yj999+/XX/rUXL761H7//
+oV8oG4Wo5t8+/V3/pFvX8TLvXj53H/89vuX/uN333/nP758Fj77/fPwge+/
9a999/wr/+13L176E3/38pvw2+9f+GdfPg8Xe/nipb/oy2++8Vd6+f0z/+33
z756Hn4Md/v+Ba77aDqdFuVVL3IwGx49uryp+0Lke7MSCRKZWtSNHCSuuRzE
ohGpFsGClK27dlEvK57OvhqKdoFfiYi0y2JVzW5kQ/tVX8jaFevN1bKeLe/1
DFR6Uvuqu626VBblwN60fVXM5HzWzUY+d1su6zlOvTzUFfXD0BYrHMy13Llu
5tW6aiDrxeOeB7V/LAftRv7U9xtRI5mkl65RvuyLvr5uSlEKVXGAjwdlU+hl
DqF0ipbaYha0xcSO0rRsZvJxeb5FV/U3skC9X1xFuJiVXVfL36/uZc16+cMw
XYr4zItX4ZCehUOqjxAUXPIEcz7FGpeUj3WqGouy7/FWcpvhphywWviKnDe+
eXa2W27ZAO0iZ6y+rpvwoPIIdcNvXC/bq+Ty/b1s0Uof6tx/p890VJwmz/O3
euCr6x+Lcj7v8bzlet3WDV5xuKm7+VR0i7zVrJ2GNT8qLuXaXfXfm7qrKGfy
oL2sXL+4L6pyduOXrHWj+KjykdHrQRXxd7b1hSixYtmW8+lVVXZ47K6UP3dY
Jnms+W3dUyOX+RphDeVGKxEZfEfE9aaUa9F4iH6/a/xJ5/5Yfb1aizDPW5HY
ph1USvlA+GvUysVVNWtXFVfITBA/MZar/DmTFRYtPGz6YnZTzT4cFW9W66rr
5Q8qBTxt1QwLPW9FN4bnNDloGzEuHVZXHkI+Ky9Y4ZCKNKQnR17kplpmRqOA
SsA15BNTk0qxR3x2/JrPL4dIToMdbX3dtbwGv4tFqWq+E03IUfFDNSs3cv8y
eZh5tg+zEusl0rqRRV5SPrEDkFg9Qclhu5Pnb+8mqpZyDfLz6d9xGZx/u4Lq
i+m9yETUJ7KSdTuHDdtc/SqLCAns2naYyrNdd+WqWLfyWvdHdot+I0LdUU4S
DWjn5wbCd1N+UIEsXbGt5XFl8SBKW89ZtA20IT49W9Y8ARDDdrGQHcbvXaSK
euCyJxeTjb3FplBCsmtiwe9kYU9Eb6+X7b0eLfllJUq4KsS7KT9AYovqt7qn
EOnN5TzK21eUIf1mebWsfHm7Sjauj9+ha1B2POz5FrqYy6dTie6qWp9Yviy/
XR1nGlEEqy8gGrtUY18ciKEqYIcPT7jYqdZYLMtrfzz8DVblx0rVevXbUDU9
pJJXgH2XK7iOCzpTVpQX4PdPL345eib/7ttNN5Nf3a/lwnJicAF4EPBp6nml
6yLyL+cg3ucEwqamYBBBHHgk0qsnLmRxmThdpuKm8Orka6s11/XnqvuwrKbL
9rpQ76OPT2/CgZeDsQ7r5iqSmyrPB3dv6h+GOpQ3W0I0092Rk4AbqDhfya1P
imUJ9yy5ixyKdqH6Vd1F2T61biJaFd6i0qOmt55ylWaiyLnlLUTm3k8zrXNT
0/DJNlzLO+MWeqRP+O4VHK6Z7jFMwFBe09a2q2LVyldFRfOiXS0Hd9ObNuSB
lQ/IeoiyL9eDf+fi3Y9iuf/y5mfVz3RwJ/IMs+Vmrt+VEz+rFpvldF7Jj/bS
uJIeS3oeKmLlrTih5VW9hBLp6v4D5GMhv5vOli1UWivrye8fqWe1qufzZfXo
0RfFG6j7uRwQXPzjFzX++QkOV1Wsyt/q1WY1Vk90qXa5TpnGg7W6qiqcM7k6
rImodsjDUjU2VlAsyHyzVBHpaGFffFfMy/teTTGkVf64EsV2G+RKPrqsV/Wg
luC3ddvjXOk+4clE0Q3tUu4r2yHqfGoqN3k2XFwuVENrzeXQztRZkRNMieE1
5pU8bccllMsfZ/okWtIJHyJ4lXAHYL34PmI4ZthyEd5cHV2p2qvljNPvEIGT
16g7iSixZk2FowDXiGu2rEXpyYoNvHgnXpMsW7mUl3jbLMUJzoyx6KW3Zxfv
DuVCt5WuvihOecPSzsWq/FWW5apr73podDrBnSzuTG6+lA81M4trH/etRJB4
/cfYGTHvvf5BDpqIwraWT9yLpWhkPZUwuFhasXR6kMV9kSNH6TU3gUq260Us
L6B9q2bsHntkaRsmO19f2+Lj8iUsRDUXk/hGlmgl4lDhY7J5q7LBSQ2SLw98
telEg+v9F+VyCSmV3/TyqaboV/IbFc3Egdevt529vshd8K9EoMu6owjIQay6
5T2ePUiDiVkIWgYxxXpaW7HafQ3Xfy2rIGJ/nKm+VflhtAi9SkhViJGZfRBx
oIcJFdC1H3jEwuKvoOZla5ei8id43BVvm3zij7w+v3Z2f7hBfbmo5N6wj5Qc
uC7YuEu6dfJ07RV8jHhScZWhlfP8ZU+D1FFoVFAhHu5Qwvel/lCf467GPsxm
1XoYOcVyNEQl3+RvHOJgveumMWW4NId+t/n9+NHC60+fioPHK1FiUzlJEr49
PpQzs1JDrNGCCHd9fTOkCyeGpKRLWab2KHUCHggQcBBpeU8n8jK1aD04182U
fqpsXzn7gAC0bCBkMCdr3upqM2A/cSb1MCXe1JX5sWNXxEOeEu6aLI3pk6pw
AZ8x8EgjIigQmOR1C5m20FcsvBg7iUbKecUzQ9WQWcQNdJ86aCJBupW9f4IH
BypF5EckhwdX/n+5PAre3BBCRXM80veIKlZDmfVSLKN+Or6Jbnd1W8+px3f5
tyEUEUGhCetvsDq8Jv14VZOjDTOfiidlomdd/UNVFouuDC5mDEQKO1J9iAd1
ffXc4ujssdx1n3ya7gv/2d4hbOENZ/BCbxlHi5KTjZHV1Rh4hxDxEjethFKl
B4qQJBMvaIct+QxePr7aUuxORifRw9JyKwqFZW14haPix8QDgfYWz6u61SVW
V1fdjizcwcPQs5HP7XSAzKMSM/3xox6BT5+ghSR+FFUusgOT1syQihEX46Zc
4wVrqsAaR18eq+76YWI+cEvP02MB5PlUbIKa12QTMxZ34xDBnOCJ/TUR2Smj
gKBv/BMimS29OyhQT4G4ay+iIr/VD6b5z8TdPsFBQqxKO7c7NqFqQ2zy6dPk
gQAk0YATUxz6GNPwkBp5hICD30DEgW941L0/fohhF7+IhOKnT0/16Z7h54lm
VeTKqgbh/uiOIo8nJwSGjDYqseGylWKO5bBfVCJD84lsQ7WGfcRr3WbxgcSt
eeQx68R7EO+JKYHj6AfNW+40b2nJNOwEApUYfgzUhItNM9MQinawHMLSMYTR
AypvMa/V6RKNC7fAlCtU4J2sDxR/pdpCfLuleFhzOf2bRs2lSLOpLlF61yqG
Ny40uFBdmXW1By/nYkpFMnRXaCzMIOzOEBx8/Oj/klf59OmQ39Glx33qIUbl
e+5MDxP3vq/s/lTyoobcjDOvtoQ2oK97xt/+uVouzb+oqYSisuErn/yLiYp+
M7sJxuZzMxJIcIiLwcREjyc+OxVFeK+S5ClaP+nqfebekMgAd2Zu2dAsWxIU
B9Jxar70+f1N5Sx1crzK7n7s45UzGEgGTogR1KAl4QWMFgQKSc2aJoA+iIT7
zQ3Cjbm5VPJE8krIOTF1E1O26svyLyozshTtFUxvsZSgVxXbJPF0lvfmasFp
yJ62RpJBl4HSIdLbWCrFpY7uMMPtqjMHvU8SP1BjukBYiqGNDj3Nu+ZS2k6V
k+wrLCUv2dL2yTma6y7JG4YoQfPsSCZCuGYt80O6TapsfA1mN23rGRoENdVU
1QVCA8iriGfqlF9VfmtZ5IYpMhjAZUVdciSqODhj8pLiDpsLhc9I4CyqTc8d
f+rlyOmDih8goiMBCH+PRYTPNNTcZXVuU+8iaEfqiYkZHDxZ09JsqCBO6Fsy
uLPKhyh0ywMjvLyHwdWA1+88r7D3XW95NKRH5SBqHRCSu6nydHDhqVsYHkRg
jB87UV1ffFF4AbG4bmmQvuD/fnK1VtYrxvFyCThrE8pPCLQs5wiF1qAOlFRK
E7d/nC83f+aqQjyJLZppiL0V3sR0bfAUl+W6h/F1d4deMlMBeFFZJRZNLNCG
dqpn1ZE82NuthHnyePRNNQEO7wueIx5QFZd5/xDRmFkevVFIM7s3NE404xF+
3lV0Yk6m0GqQHAhZ3Wv11aiBdjvE4uVUmo5btTRMjEk0My9P+7fqSoyhHkUz
kOLLdWU3u7mPvkBeq9GsmSfCLCszyt2H+6tGg6pe3sdkvCuUJLWPQpcFV//A
A8qZqq1GJacKa/JTosmW7d10drPpmkx5HW9l3PGeoYDHwDY6v80MGRB/lDUK
knQiRskn3PoNPkuNtsThxIGqGRIlxjeGbcdZAGWVhmBLG80wmlwWQwVdOSBN
5E9GG83Vbe41f0Y1zdQCHEn5LfxD8cUsoS5PeL7H6d2VxJ5sZcQn7rNOQzra
ncVJ5rIm3p+Vn7aTxLDBrue20/iqSWAAiV4QMyjh+U3bBWHz8trHL+wn0S+n
rpRjMHIna3QSPnzXIoUwtNeVloE6frTF4/t19XYSK4uHA/dlYcu7FebMNoOH
r16QRrYvlrP8puul6I1QPTNbrVkCLxFuGee55jkswnXTos8oWz1YRlmMoFxB
nuN1Xp8sm0wjJLn/IlSJqVzmXPeZKw09uVS7T56My89PnhQHeL/DUIn7z6Nv
vvo+L7bo0WSFeStJLE4J3X+AHeD+S1xzrdnSvVHEntDhiA84Kk7nz7ejUr6v
MH78OeXwJKyyrIi+H/VY3Y8q2OVIV6mcnHLtRZjEQZhbJmHLUCBQ0Ufeodye
PMmL33hnF63w3qEUP9F0G3Ic18ivDHk8tBRrBX3rnmk8pvKvcmIZPK3aNpWW
CLReTxeQZYxYyd8u4Z+7kninK/UXWak3uUdzgCDr0Lb5BcTiqf/MCNHfTZ5S
PGYJ2FReZL/W1QwSU7x5B+dwUf8GnWfHX85PxwSo6Gj8EB8pldVNUOr7SmxJ
xBvAE1Ztw9fec1d/qOnmvU+Lex8/2kqGbcthCTu2TRYZObQuAhJsgbewC5ob
moxOskmjnKlJ/NeVbPEHsQt1Y7kF+nSEyaCmIr5PNb+Gb0I1Djnp6dmOSn9x
v2wZV+JuiezKEu09ubIGVnrkGkCb6yEwhA40t/9oBSdXh5bg0Owp0FkB1tNb
zqD0OpuEGmJkFefjcULdQt82momMfqVGPMEBk0MiPiXcPEbhTVXNTe/xMac/
iCaRbcLeREX4b2NATA/X31znbWBOv8t1pXSEfyH6NqWt1qctUSKLBW+aFJR6
jpKHgxKo5vZ4hLhs42KKAzoOwfDYoSiuVF4PxWgs5SzjFnDAtZ5mBawdJb+P
H/2Xrn71UUywt58ml3hzY1IcicngFB5JLGsiCu9HvnCwJLLO8jsuy90NYF7X
6rTWWkiiaohqyDMWY1F85xJYXiGWjPtNh2AUTPcTq/YE56g/YZSq9R5N7Jgj
18ckK+WMNrxWIE/Jit7563//65vz16926SOU5u7NE0subulng37wIJ0nDyPh
S3O9QRb44xfykPiXHScYJqA1++Lxz3+9uHw80f8tfnnLn/1R8PPFn9/+9afk
J/sMS4HikDzWx03LWay6twS1QGvJuRtUfcyrftbVV6qWfjh7Vzx7oXoUGEjR
o/wZIEja0arRu4TlmlhSbL0GMqZWN3FWrmvxqekUxujyTXNbdhKpDaxb288h
yswKMyhB90UatncbFIh+Es1xjpegR6lqxLXQeMe2CwO2Y3mOzyE6p9knZek0
+lpQDScGlQ6mLYD8rPH52N2MuSM9qgqws0uI2vrnP//5iJ85wE0nyR8Pi+L/
+R//s9D7ylIyc3NeHOtRuj8Q8d7+yv8oLs//+ppXfRSL5WJaGPjIJ3+1NOix
5nOYX3SH17wjq517XAOdLtaRXsZC161smILTNBffX1ay/M3S/FW3qoehiprx
Xy0KjARr58GSV1nU12oR9RLiMcj/1kzELSV8RCaIYnepfvfP9Ls/fqFueJA2
Il7M10t9rUWLizBIm8NIiJBWvbnr4s0oxsFKQazajOIbwhhCBpAbbyXwyp7s
9+JUv/h78a6rV8ilxSJ58bv8HVrZ/iv/utgKxN0XgL74fWzgjpOYf6czG/Rt
H32ynQ40AsgTrTZWC/q6BDa6PR5lBiyhw1QgDkx2HbP2dUfNGIqsniZI8gNa
jUyqI8z38QlWxFlBj3XVr4pYzP3tdLn2vZEs2A8mmKYfxmma4oDRGoIr1q+B
bzk8sSJh18b9t/UcAIQDCIgou3ol3g8SB7JKeJyfI6RFPiuu9AYImiYr129v
Iup1q3IQmQsFRV+rdC9P9ntzuEjsSsj/hjAOW4nnkxAvwXXKgyRR6JZkIU3t
MpU+P/PA0YzbwuZJIPN+t+GufAz5zFP7XPI4Fs34hZg/+n0LZV0cyEtE60H3
zAs2Vl6YjF0tgylmMbfm306S/NumH+fR87xXzIbtWRiFoPT5iYWQ1khelU0F
z3eEqx0hY129jI7b70Xw4xIJjjGKqgHzor5ENbWp7uQILAlXYtE3Ac0sRFvT
2YMBa9fbEHBLbmID/JQEH20a7u9n8Ic/vStu6l+pHVPDV7A0cyCOH2MV+4x8
Z7Q9xxa1Tk8vNCAOKno7AmbRD+HvyV7POQ/vxk+IxLbEFhbTeziQJb4GVpkY
e7jSrpdBbSteI3wioEWe/qD1yuLHttus8mwd8kbEE78TG7PG6ohf+8YvcdZK
5HzVag1VAatjBZFDr1Uh9l7bxJVzRNLEeyJGmtUlzXSZgtmSo6watVzSdQIe
xZOWSXj0e5rxD7JwjG4QB+g5hDyk8OFs9DnsOUV2bulkPMdfewP7bafF6ZwA
SpTHEskx8XUbxzDHo5aLa61Wiu7vmRlAQE3cCfeNqkrWDI6M90W0zXS73uny
arXQqTjEqkq08Pi7qfF36sNYfsnqoeg9cKM9jY6lOLvbdWA80Hl1Xcvb3T8N
VW2F/xQoKWtNT97f3bvfiz894JAdRHfsUG0PQbtT/D8vOgl+3R5HWh6JwcxI
YEXGbiqJlAHNkEuKt6jtOIYZBehRFCBcaiAdolE/jgUXq3SP2hM+oyehr0Ts
h539CKlidk3r6B4oBsUcefD3QFljZ78C3NBf4oYVoxZAiYyWlQN50411JzW8
KhAhz46+xiFk2c6Cshcvvv30aZ9+kMeoqRJklRfLlt5Hu9qNQQnANtYskRs3
RxyKym+eJFQ1BNibTqsT6IZIlKlhESlrbfis8jthharYdkEKPJUf69OMldn7
4bUbL/cbQsGDafcKdiIVtropCPJtratCs5lJW4Xs8ZMnZymC4ujJE4kldx57
b8zA2rFs8V9M9Y0ykQEbjzO4jcaYULiuY1IzIPf/K2r39JKeF7VceEgSj0XG
pU03V9dI1Xf+sHYYUoCIhXwhUT2vZstSzVcAj4T97ceZCYSg2GxLyuyA843C
656rfrHV+ScbbQdKN8H23eBIdOm8/hNKNIhrenN/doiD4UX2QVM8EdeX4s64
1hI3rNN7i+fXrjdLa+KAITToi0Sj7eb6JpZzRCcxZ9wfHhVvFlsLbJKTbcTE
kiB8R0sD6QLwD7vfxWAOMa7YI4gnsQ8Im8ejk1x874KwmYdAEf4jQmdci0R7
n+gww16vavF7ui3vcxq21fsyDIEV4BXYht3gOjzPgoUGS9JPy+U1ooebVZGo
3IAWX1Vy+GztmIA2fVY3QCPiLCPeY84nq9VOROOVd0uk5onaWF1V8zmrx4o+
EHl9m6DiarHUDnrbvVuQ4Eu6c3BLWeOJQuvAU918bZQRI+jZkVAkE11eijM4
zSAEmyWhJeIu9ffi9nVtQ4dJWx7LJTxQsRXLqhq0BtEUF7+8mXqlqcIW6aE2
Ed8tbFt6VH1L16KZ2B25wsyuENQ1s1Eh71M6jpivxqhaQoIruPJZqk/rwGhu
kNCnO7G0roqSmzfa5KJcLGrrzB4dBz7tyIpoMk+zHXOR8m4Fn4buAcFb9Gj8
wHS31YPnRQT/rnWHCKlva09WP76eb1CJkM1Wnew+nHbBmGQC5o+9zsQR5dG7
Zg+mWmOFGtHUZq6rMLApAn7otUpDsN/RjmjVC2jySeGHIZ5me7aJxxBy4pjn
0MaAMvR2ob5fNdU8CbCAhdZ39heU17LmBBZUvAPHuyU0uB0LPIpc9aJiMwsT
++v6A+WAoEOJYbrBYHCK26Ovd33dUWsAxWYQuGAg31ub2HvDXGXZyuicJUio
lqBQe94ELMLzHwMHbG3PNcEpTz1EQFcGJhQWAD0zGpWnFWPp3+033UL892MK
ruPGJbijn2Kgnc8wWFbBnrWb5dyaFjILvuMcaL2WPcuiIwFvD0bE7rtfyk0M
lwbho0IlMqJCfljEHEfyjp1khvaOwHwH/vd7ivR5EJVHMAx632vt8b0WrWoD
svc7fbQ+br8tEU/yAx7jyb4gL3iPMVmhkuiPyisHD/cPtoyuMh4oIqn136FZ
uWoMNaHl5YcCSbgdXX21Gby52bVGwDtv1Y3/fHF5YWX/777/Dtl6DRlCXxiT
pTzE2MDCJJeWHRojGAPzVNDXiUSxvsSXfuDDrlo0iZeHA2xxouNGJ6HtCUo+
QUfGgxLSCfKhAAtm3uGo+KX1lv2HnRl7loD1UWcRz5RpW9RbJgiItaSQ47AU
NZLgYbMGcVjj2HISdH58jYBa85TCbql1ZouYfnWorRfauZ5TE72wIB707lsD
K2b65zXcUZQuowP3aMxfgV8vz585HOqzsSK10K4GRw4z0qlV8bX9oGo9Apt3
GK8KvaSKZvGMpsIFXa9Ffzt3t9VmhxADInW9KYHFqioNf5cPW2r5w60Hb3jE
YpDtFMu1T40oaYMdol+NgujBGzjNQxkdGtTDF9D/qsiUwCDsXdo7GDoI6uCX
8deyxOLdzKwi5o6axexZMuJ17DT5wiN2IPS2N0GRNaz5u5egwLKkfSbPDUws
IsQ9VW2kZBuhYuvCKFtcr9j2IUek4jsC7qHBN1LAFmhoSRRfWUVuiICL8FSE
1YXDs2aQNqiPnekIHluiG20FUm09To+nUOuBZUcQLvRZAJSZDJpA6ATrfTBn
aZ7mFrXwPc0rynSX3qk1CmJuZmXkfieZyagk7J5RTSRBkDo4WYbRynG6cght
1bsLuzcGrD7y+HpZX0FnIqOnAJFRski7d6/uHfHF0IJhVdj0aEDLCDidxKDP
ZM6bn1zXh1/k+Heg7UFDpZCh8xF0FtrrTROqO4EDIXlz5EHydxAlUi0Xky1p
CBau63SN/7ildWlw2u2IPBzLy/t1lZ4js9BUl5RT/DLrjC3qed2uop2Lznqd
pFSG1kgMqiSSWyHLKAG0BebXNRSKkhDAP9CIaDNHW3/bLoPX7IE5O7P67A0Z
MWhiNdR/05KIg6TZFSEWIwdPRk3gcXGS6jdKotOLotlI3N0d9IfWQnNv8VTA
HLKZR8w4UvNaJKpUB0W0oMiK7rPd+yySfLwX3wYJ5ab0fs6xmjM9fS+H8ze2
t3dWlXnzbmo3nBLjxwc8vZhqzkgu2z3QvQdFdyX3XIXG4uyAQV1x+eUL1rpt
mT/t0oz3sNyeZ508gqzEzRM5nxgBQC8rXc8YYaQPEa+reNW+eBIQmIqE7W/q
9ZNJ4u9q4yj6lbTnWIOMN6e/nE6Hdnr+5txpR+gCKOxRg21tYEB5WvOvkXYr
HPTQ0KCFEyUgUVwL9GGqMP9G4XzAlBm5BJMTKM4vS1ns0NijkS+8TCKlOjrT
FSHSTzY9Sy1BSJ4gnA7dgnkTbnkPP93cXGbjFQA8T7TYkMCM09V/++YV4PAI
19DMyySDRmzyqEQDLWD9WA7N6zLZCaV1gkhCTnlNWd64exGKbH0A6i6VmSZE
Tku3jO+QPKV5i3RqyTQVQmoH6aoxUG0EcodR5yijviRPtihXojNK7PsJv+tX
e/ggJrdBTQhrAkmpEamww9VFnsXkGowXZSB60b4zIp2og36Cw9FGzYOqPECu
eeoug4qrTfjr+ZsIc23lJ+QYemQUkh4cr08qsFe9m7bLdJLs0J+QwyqXv+C2
yKj0jttbM/FgtuDC2rLfJBQLp/rpxDVDH7Uvo15rKgf+psVOwKGMFQN1kkZ9
df26/WDr3+sCxcwrlyVhRfIli79y0F5a40vJl+xF5U1EUrFRqkptGdOn4lok
yjl9xRH2eyQcB+4rb11CE3EKDhtVwc4yfCDS9D8DoKPNtgo80+j42fNvHHDr
e7ttvYzHDvfyooFxBSw3eIWpCkziAEcGqAsmPxLX/TKjfFq216lVSdq6fVu3
2zO2ELdUmJp67vefsqw91Jx2OliRuqAeVuUaRVmyuwX3H4/i9adJZGu1BfuU
hwU7uRWpspdIGXly5vDkkdZ3/8h8R+08QgXVBCXPU1YnBIrRksSD4j5qBi3x
B3AiJst9IiyEkTAh3tHReLAL9HCo9ljxZZVRm+zEtfn9EAoEzFpa9MODvX13
+ebtL6c//fR3y5+nh3aanNDxEcxBdqNLlcUWCkgJ1VScB+Rwl/vAQlvXep/A
M97H6yTHIBNUdizamifEXfxOBm6I398YSwqEcAvkVPbO+JdmEY8MU6snUD2F
pMWru2YZM2kXRbwhB/IGXhRjDuLDvuwjRmhdr9kikLWjf5lKmkQEEgZ0kW3A
/KhoNrUDxOym21Boqi2iiNSNyHtmJg+YjMlYENRmXZxdJjpF/Un47HgCHiXN
T5tVrI2tzF0sb/djIsMpvJicoMYhzNa4kqHm2C1IdQeIfBvTP0W5uqqvN9Qe
I6rPMmFlbbUU4co8PPf+hjnHiHC/RhfC7zXofH/5w0WigN/D+8zzClGDpHHk
fshEaMmt2A8d/mBaO0AodMEd2Dbqz79laS0A0JLnZ1k2tFyXy4GfjC2zCb3f
6FTs69xTn3inOgqL4aQmgX/h2NFbFgaqdtBDELvzJklX4givkx5XfjKUIGJw
G996rbIXLrQPFGwBgld95721ZI7YeIFE9NSlnpZj212/2Jd92mTogJQ/gsY+
1HP4WR2FCj5Swpsosk0uesqhEos8LNOXAUiVpXz3W9AIzCyVrJdAyxg15Hif
kLRO+xRpUwNWjfkd03ExcEwh+Qxpsh55PQT8vYa4fIdVXy1vLZzPBQgIOYYT
b5yTzzBzzGIm7RrzwEETxYkMTZ/TIOiqI/h2uzVIvtK0N90EQWGNJnQq8+Qk
7OjzK2Kf31aVJvHvJtrHXBoHaPQtLRhJl9iCD23d29HptNUbyA0ISuHCULtb
vPg/id/IRZKA0QR7T7suNH0QdNH1CW1hAjVV2Ki77zyQpgYj9rchIJrVoKUy
+Eyt6uOprQ/shQ2dxQQfgvrDc6Byba8IeKxUhkb3LUqp2O2RxkmRq9aAgF9Y
oBGZO+1tpym1ljN5hmsG7igtliKiB+2UUzCFbgxtNCVt0J1Yt2dHIqGXe1Te
ZKyho4L2+CRDTpGZ0/LUycsnLR5qDLimqQJUxb6t8AmUpE8bwvnPacLgbT7H
NHyZIe4nKVNP+tbW/uJejL1zT78j1wHBymSqHpbj0XNf6R3a21czaxeP9eyJ
o/t24EktZcuAGtnXZs+xTLGVZf4M5+eItdPMcrJjcZdEZctiihq+OXScNpYq
2iyUIgKQxWvQVMC8AarPuAl3qrO+IYJn2RFGxbeUGHC+UTL1dkgQV5YqBw3M
2hQw/WNvtbHOMrS0OmSOtU3mQTZDu0owhiqj+XvKy8ElFgEAJC2FTp6e/fw6
pppMMDD3QL23kV49e3Xx9Ey26S+v/y5qp17Okb9kP82QPMfhUfFXue1yOy10
fn7593evyW8hN4deUsollWQS60A1RzKWXl33uMRIlcvZ0d25qlI6RBzMy/+8
DDByQ6/8F+sI70O3vRo2a8OBYJ3s5DRWf3pZQidwP5Jr9xZaZXybvB9KSzCU
nlBdR5JiK0Fuc+JOUgWhXBrwmLSAFrAe0TbLc0zhd/k7yIvHVfGSjSUrbMFN
6KghQ7H56NHXfmgj1Zz3SN6aXVEEqblKkbdpuNkGzvKprRZJorLFseivw/0u
Z+wO1XA0VUqpWd6t3U7kwB6Oz3PdO+AhZCy2fGxF4vpvQqUzyS7kOnSslJUg
6GB2aNqxv3Gh2ucBa1dwyE8GrMfW1m4rLmWjpOekSD5tBIqNI7r4BCScu6oo
nW3ZFO+WWYGn0KglAG7OwYRB18zrHkyUCM2vKlnNeWDpUzZzeZBZ2RN1qPMA
OrqWCpdEkwUgERV75dt1aYWNZXl9TK1ODQ8pCtzNPT0PifOnbn0CJDPRksFZ
vrz8KRCiszkYzH/VcAfmaHE6bP1UlYbmMxvMEQtwR+yNDdRIMERXrXF1aI+A
duLJDk7hyLUJiJqFgQhSTDnLLfL3lMBvgy06iRyzHsyo9UU3TaMmMzHJ7JeB
6QjzGRENyssfaHI9XCTdQJEbUlbZG2jzQbovjlPuE/hH4KMwlhgxnlhnkIg1
1/pq6ePJu2FP4guVVtlecG0jvnd76gQK68BA9YoIgXTdVfJNy1krRezcJcvx
3UN5DU99NlImTCDPurZHZHVNg5Z6o6SjhtCoLChBOdwMqJoSySv2ZYhlKu/J
KuPHgUm0iuwcdmFr5JEQInd48ZJ34uFUgXEN2dybuDmB/ll7hA29PjDw03KW
pXMZEYrjUuGgoXyT+CL0LXIxgVPo/WUQeUqe19USoia0Efh7Oc5U69riuW5k
4SMn/apEB2gqemYHVPuovEfCK3nGKcQl8O+FBqfEy5cPyWfMv1ddRsqwal18
DZUKBW40AbcsrqZGwZh7rMbJFGLGYt8SVBhJxf1vk6AEUsZ82VBrTtCuK11+
4lTBSuyN7/eElWKHTOPu6ZsCrmrF0s49IX910qK5J9bD9mRGj/yF3kKuEBWa
K6SCjPJl3AFbOw6cN2g7ie82gxU2UweQLnR4p+kMH2hS/zfW4uKb26M4ogjX
dLc2Ml18ZiZH9Zjn2voK2WjW7R+izduaiHOE+BGPJ98kfD/fptgIlzd2/sMW
NrSyme8kq0M/DWACRTU27QNNzJj2ki+/grk1j97q/mdd/7pofhstXIeDnE0h
0kSVJTGz7r7+gTbp3a1+262xevyr0AVIHb4YfGyEYYlGBkrl0RM6jEOJw1QN
NAGXsIb2OJkNAuLG40cV7m045pYrEljpyAiV0AagsZKKysmuUjHK2AaOmBSn
PdT4LOvrnpH9yY184IJ09yB5Zaack3bH5K6RXgbWjfhUdrKp9F/+dDHVDgh9
XABrnHAYFOajY9t2o4VOzh4ENZIFuKOUewthLxEfus6/Ih2rvWVx0C4Wav27
4s8XP09vYsFvAVbIq2UlUVrCjKBqZAf3nDbDe2Pzsc48uW0/VCk2XbvljYye
Pdej3iMf/0XcUbVaGyNzvqsnD/Y+j6P+WVX2VT7eicg5vqVlxJu2SMSAvKhg
oe/iNLA4MsDO91pf31v1bc4IzPAHNXX7y/zb2Sz+mvDRnQFQ0p1aqfHlJfuZ
7LB7THuy/tp5xBxNPRxnVsT4aanKtI8rDJ8JVecdGVh9cgW0aqpllpZW7y27
jcy/9U5U64EXW2w6OkARxIRKAmQtE4NOU0mVMeElnHCG3CSBxKtfCmRhJ3qM
4bFOE6oWRlyaP3L2uTgADd9LHxr6vg4KVj0YRaxs5ZDSSlVfMUC+RZPJlTUX
jFhwcRVzBnBPeW35wkr1ljoVEYirpbItjEWK4Si7MGNNtN7ZqeUXjCV9vVbS
8D0ty6OeEnCLrT35YdVguLPd8Y56dya9Cfbv84p1o7zbFmnhfhBLViOsms2K
Co1fyuQwj+wjtxIEiNKoJCeRbRHZP4cBJJg6iurRv5TICA0pO0+uAhz1GfDC
fgUdzyMOjvUlE1Y4jLJv9h64/XvSm86O7G9HIs7vQ859kQCU1hWJIt/jLGSf
/gMEDkqN3Gny6FR9IOwSbSCLwIOp3YFzaqD7Ar9EOtgkpO2UGTwUVcPHDZi9
LK/A6Fov5zP2xGkyy/9tSGm/e/oupeUO9AL9ZrGof6PnDftAK0nqjGEMmzKd
Nkr8pKp0lL/JFWuWB99OPBlFuXWiKFKGATB6pxIO+2TZE5xUJHCoGk3TtjAd
HDqguiJU7HFKdAEwgYbjYR1N0R9bVbLu1TTHsXLIo2CmygydeKe6dr3G/+82
zT2qZCzKascQ84wGImTgSMV1GNuGeBns2F+bmt/tqnWKqncs6EyHKWlcwmqy
/InRejPo5hrhCqmywuZnh9YzTmrVgCmVpVkMU/qVKgTQ6WQ/LJcjueqzGXPN
fbyHE443vhzBmrz/rZlOn7yfZC20Ckaq5jE2VtnwyaV59LYql7bwAY7aa+9w
n+TgtigEthj4degWQdr+grw6TsX8CJh72fCr2uIAZRwRy0eJOc1DFTw3c9P4
43ZSyQ9niK80qdHcM3mhJlKp7ebVNC/Jd9WqNYfeU+646b1FAOwhCcPABm+L
RycrzXaCBvJpxgE/FBhTPx0GUD1sZck5DwORzWwUj8UmtEKFGqvX+r3Eem6p
wOl/hNzpW5vIC0C51eO9v+fjF1611rzDCO8GI7Zz3C9NvdEEb9l4hcVNSEGv
twmtaX96Nw28T2hNZa4mzMyKEWvkQSNcSjRGo2Sct6Jr6tWXfUAW9OtS45i2
oxi2uWMTk01vAN9srZvM7LBRby+xtDMMFupvGIdehVmFN7LjvTzEsbFByU6T
1XceaKEMuvV57FDaUsdJenfwoI0oylsN5tE9qZV2y7+ZDJjZyxzVfzZlVIyq
HqaN0iECD9BGZYPK/ogrimmm6KAdFdsSh4V0xgsuJXpQLQqzRlJbUt4Uq0lt
5WxK46yHb1rpRS62TaHIoYF52gOodLZ5/XTX6MlD1YiasYinPcRaeCAV6aYN
+6d8Zi4dHohE5KCW91TRmCIR8Wg5ngynzDi1klHW3rSTDNozYyhvN70ivx8A
MGmbw+gXxgIKH7jIm9vEWLSavxBZ0Kj9GIvWILu4jLn+STIZ6dyoON9lk5GS
goW91zkHT1xt6iUbxGKNh9lu6yqoqnlPUBB5mB0aw0mzaAzhH4qD88vzwzgT
RZ27l88C5zhm14P/yK+TYIB8qRp0r92vBzTbrmXTjJB4ZgumIYR7j6GybDak
bhsDCr4NqCfz+wOOO82TWVcMXb0d3UkH4oC4ZvojiHIWYehJctSWzmPkTdwL
95ns+8BWeyf4ttpwsCTtGUZ97kRjTThT5T70kOhXiEzhyM5sDrDBQLvyTsUx
y1zcEE8+Hnh9VPyZeSNPkVqDA4PlXU+tBeJh257Jwz/eNB9E+TaPs6daaOs1
Thu7YtdOGeAUDn7MFdp1mvMH+mb/0aYFJERKQ5e0nQX4a9p/VhyUxdOvn9Nt
ffPu9gU++PTZ85f+i28Pk/AtrTQHDWFlMWcQ0olzzOOoGdPQLMkwafmur6yy
GXVcXNhcrh0guovM2DoEycTRGKG2kkHkLgXkMFkXe3ucCZZwsb5B4KYm0BQ7
AzVxxO7EIGoo34qvS/aMNplB56qCsYx4LopZGjZXvoAleHNS+OFj5FpC/+B/
JkcltpSraWEkqGegDv7J/3osLtnlORsqqYWmi3JW+3iS0PuLtKsm3JCrsPyG
9oduz3Kga7JNb5aQjWqJkZFSAz3vPL6q9bM5p6PFnLA6Xf9DexJ664t9Lc93
8NWhTyNTHnqvkXmrlDy3HGpLe7924nm82WtlbVKd/P2zF/B1FZ6BkPn6Zrir
OJA1SOisnWoXt7FP4CI0An++vHx34cRQL8E4rh44m1GGTWfhb2LitHK4UJ6i
gzBHImyp2A8M/WUBzdwcbvyXySj6kYkaDwLOei3HYyZr6q2uCpMl1TVQA9u7
Ly0v+Pbd0wtRHm/l/WTjVpumdqr7umxKNjNsiB1SnqIwFHcSidMMqQQ1Y1Oa
SfINZSwyOF1EUh3w7JIjSJ74gFOLxdvwhaqU/x0H3tS+pt1SMqkRnW5wonbp
ih3K19pMw6hXZgrq3oACqWa+qecY8RzTB6nHGUH9cfRwSv4/aqHzB+kqy+jY
uVBhb3yUk04jCKNSQxElFB3TB6fgXMdijMVzk13mx6cKoTaViKj2DIHkw7mn
rCS035481HHEwG0fiT2W/YnLeMTXPLGHCMNq9W1tMvQqmQHACQsGE4/FAI34
zXgyFtDzVfe7FKbalzAl1Z7KG4BmIVLZfi7wac3iYzl2InCyYxXoyY2A7OGK
29GsoSJSuuNE/Vj4aM2n2htbRvbtMunRkofRcGOiU1qoCbuENwpFqXQf4sCS
mExKKU+Xstng7s28pzWzjVSGBDakYZ0tD57QomzW98S3pbMSpwS7MJeRiycw
MBuK0uub1oCUz0gw90h7yrUL7yLTnglyyzYwzTT18rQ9E6ns/07fQHlRC7P2
G64qjw0WkCSMdR+OqbIF+EmdizlSXrt0pIr27PFIt02YXh4YH6eKpsSaw2uO
rdW7pNHeRW239ln1Ad2paTHT58n5sfdPaZ5Si1tX/j5Jr0o2aIIkEoavjA2S
UXg43JJdAkxrwurCI1RZqBKqeIm52zCC9i54hxsmCxSdaR3orPfKCTveQXUa
aJjyjXNvIOyztZHhuUnb4cmtaGqDuU9GJ/MpdBfwYPWs5jA5zo6Pm0NoYRqp
aekkIUaNk3M5/lCZFkomNfDL8JRqpRYV1sdeIcSbpS1KGcY5MB2hsqQMyvoh
JnL7MMgiay1MGwUdrJKOh08RJfI09a0nQJsNiH04NSp7uqPidSDJhhlP7gVu
j4KsQo4HKk2g4m2Cf2K5CFI4pheBAlISt00TnIydjr3O6PYaJ+uo5oHoGL5U
iwXatjH1OoAQ90ikVWnfbVDcvFmkQy2LFE0gqu03OTZnr37hW/xyejnJE1Iu
qn5TsyLM/hNP0YkyONG0eFJkcERBi8rw+IEVb6msiO047J9YFj0SnuDiiFYh
F6aUzWrlT+FRRB13p2ThxI6pPwazNZHibesJiv6mXmDF2A/lNDWOYnb9/DT4
gdujj1L+Sr0KA6I0Z2Dr81CcnQpPRrRjLZWllopOg6K94kRdM/C0BFaisanI
MVG806wb87wxc5u4JEZ9klp15Mx2WfaMjMPUZtXvtvKqR5RZbxOlN1hAusk6
cVy3NKxHrICX6ZwBlo2GPoXDm0zI4Ww2S5JcFAfD/dpsTVk8fc50gDG5HaYm
HkMqHLEaoHhsFlUWJexDRYaLxM1J18hZVPQZJpnXs0JyMA/SGqXKkXe9kVhu
ynBfVyxdOndMjOCKkUfJw0fHZZI7O0Z/NfE07sSq/6iYt8HuU0bd/dZoxzch
VEk8AvAqyWkYwHfWTi8MS4SL/6SNbu9KLYJ//MLb2rQ+MookYsi9Z6YfDmA6
BnDLukfqUugmkntGXwHvKw7RNdBtigy5C7QQnBN6XenY2cbJwHySYN5d7KOJ
JaYkOzylx6uVu6aYHAGY07Q66UA1bivPcX8cCifJuBiRgmvR/riucvc9tjV7
rNnCmfNIwdnwgUIoVdNBXtBMRb3TKnQH12QmU0mvdbq0Oq39Wm42va2rOy8i
HSXMdaMdYoYbU6gYVm2GWF7oAEX2+Zph7yLvBrsKSExxq5SL6ba5Z5waDZvz
Gqe/VCv8MXkNPyeWI8GC0KdR7as9lsrWz3nnNjQxPRI4VuJ6Mya9SVlCYlNa
HO1In8i64z99ZqeoZikeYgKxMon62GE/tRw6kIJMcdVsxHXHKQyrJX3WZ3ST
psnt84SPJmMX0FjAky/HnoTAtHTTFUbQG3PW10TeANZEBm4fctx2luu03Knc
hhjzu+rKW5EIgLcNzF6pI6QsoaCTHau1Yl+HKdCB73vH66YFwgSBoc/QkdON
Aynjt2MteOfnA/ma4VLmJev6snS2Hk755I0etiEgsBrUnNKD8xY0rpI6P7iq
W1kvJ7iuR1VPfn8ce/UBhW4k3EEYa13GONgUoTTgDtt0cP767O3PP7/+5dXr
VxNNLO8dYRWRjMSuNxIvRGA7qD92zUxVIz2vDOyoqWbKqjmjIVW6XCpda8cx
EU4E2/NsWHsOF/oa0UKDzTt5aCIrPWjLb4nvZk18Cpx0nVVxfKctblaMnVXR
FE2Tj5lZcrGkTiPGd6iaoIck2G20/i1G9qap1UImAyfLrkrGqMbpJganNXXh
cFuLzpjDQQeQhCqlGqIUSxzBwslZMTNmK0LdH/sco/LQMZR71UNyXk6w/VTv
uDr4yczjNXq4hMdwPMAx8MVNNL1sXSATtrHgGHQWWXhoGj/BU4AfmN65BjcY
NhcqgFQjBFtTzdrGBIb4wBBnuT5tnFHMHEJDpgz6YlGr052OBj8q3jZ5CZgQ
Ou0omQZMohm9WBawOKxpjcEeWIYkwRFIKBJWNVKebU//YtAiCw9BODuNzMDp
fI34guzFNqyNtoGIm9bO2dNmvy3n4ISiymFbpUekBjgWDUc+apO9Oh80TabD
rVywcuRsKqMytZyxzhcITpK4xmUTWDvoaaovdKAFd0W+7SAkmiApgbjscLfb
FMOZgJoqxevoa/4KKf0Q/MV1DBG5psXu1TVONjpTElU6zi3qhPiQjx79cB+G
H+y2WMQrzSu2Uk80zoj9xRMXoTxnC1LhHfhozTQFeBN8INgEsbWk1d2ZfrfG
URztMT3mtfZNbHkNg/IGbrWt7mLAerhHVX3FuEsVQBdTvVmv59dg9T5zfjNg
utUV8bSs/2gCKEIgbHBFM06KM/uS5FDHCFsnRBitTwaybbJ1cEVhHbpwr5fl
WnvNdskHqWqyzi8d7+fCOTrlGhmyhBMG7TmLtjYy2EvGYw58fGSnmPgH4lzB
OOl4hPXdrJHZS2LDtH9HR+puusFgXVANcKc9MqVyrMDmCSOi3jsE8HCSDF2O
DxFmT+zSWZSBHT0TSUE8ik4dkkg0mDYtsQnFWPQebCSWdhDPQx1KCWRqV0NX
eNi8scoriN4PqMjDeijGZTw6ihKLi/RMY7bY8YY6WCTp+nswa1cn2KCu0hmu
O+BjX/b7J6SnFHEKQYjznryHehcizUkGWThCVS82NiaU5nWauw9jY+EOmVWJ
KbN4PEIrZWoPLXWKbmxF6/H8aXKd46bVAsBv1IRObZynXhI83sqoZawFemBz
9TavmqSAUIamoCZMvc8o5Sz9tk/BqlbxOcmWUU1OZEKfukLIziIK8wmjrfjs
ycxsxajt/CQT3e25NFnOPJoLErzLRM+MjLtavHfqvvsFY7UnuNay+aCitLkS
OTlgHM1EIEtWLXCZ0iqwhQnaXGAUfuxrOBpDuCY6rFU/bxzncbni0AMANxWv
tGV7dTwxajmqyexiEhb1AY+sUqNJz5DHSQf0hniJJUDLC9Tdart41CPi3TiT
ICb4oEMtMrv5Siqk6ggzNCfFTXsHvTYZj1JUyxYTxW1wWba40K6T5FaZxKso
MHlb/bEPQ1yBOQmst8VqMyDVkiQnWdyhOcD8BJWBa45lYJwQQilRC6D2lhAy
KeKz3EebMHG2faeBYpYyqsWV6H+1EGGyJ3xWY8SQ7Vpbnrm0PlH1TrWplEft
KuPEIZRd85ReB1DUUzZQMu1qjkPRwhMc9BXIGRcbnAknmnQkrjqXW51vcNxs
9lLIZ9S2GKSEQBIsFESV3NgnBSbPTweFvsvIqogf9MGTpQR495VGJtpHxxJU
gE9rpGFtaWbyFEWSMzBRhq27XxV66DOhIGmM3Zvls4SqLzFEKkxh9bWzvjRa
A4vbjmxgHmsTtiBOyjIeIMisust2/CMfhtocHoWF8wgKlCNTLhh1InPP78ik
duk5puMioe7nEp5XVvgnYmVenBl5x8cvYjGTydgSEZKOjzE3gxz+fZSbMEbb
gL/K4maQSlK9jRjeejVp6vUlfHZOyLku7zEhqFfaCRZFn31V/OWHyYibqwZU
iYBPVJatT8NIuq6gZJ69kG8pXvFvcgXLLD5/SQJA4xDHxarf5KVRaWJFpl7b
dL6uvA7opm3YW1in3t+K4BdbVhWDq3uNConWvYyQyL5CfwNxcjkNfphlxob4
+VN5dJB147fuWqUAHi9tH/iIcu6vpSLSXv9JsAmjvTgkAx6tWDbdAZWqhLda
A4AwenPHpE0W+Y2+oUxn76VzPHQQ6fa4YKBb/ZDAQpJQtnSCGJ3IJDKV4OEo
XdlsFfLuoTRBmx549jRJcxu6R7b5TjSIR5Z2qqC9pOPFSKNCkkoBjjsbEIOL
b7saRAH2dSjpliWu/V7hxVq89RmA9u4g1jf/JRaptTzPd0I/nSUaA8rBmfK6
mJBMad5xPkwzWlZxmjFy+pz6tqdSF61CDtzwVmYGMgx7yrwUZFOUM3vcHkIL
81W0F4svPNfAyzvZKu8EsXvP9U5Xjj9Vn5fxemyka3ziMepPrNXBvIQVYNN0
iYaXvm0cYUl7wGx0PWyGKhm84K+jZRI5kxO0bFpn3sQWgwOUaq6O0+Ub77Ix
ICpIXB8lpheOqH0tEBKr5EC8mpQzNx54acDlTWcA59g0q3u3i2jeAroQHoJi
CxVjFnMDvcF/Uby3JPC5Ey8n+VQ1sg22j9TdWqRNbMN03moXfZQHXUDEqQoc
CmMAk8mABJjXOrQ97RNXWfWpniMCEa2GacnQQUGtj3HDU9/7C03i2MCqXCHv
9d+bMCAelVnrZgkNlNqlCDd5tbZ0zk25MZKzAF4QD6ojTXrH8Q2F9vHgAepm
w/garz7lIaUks8Lxo6zqrgGadT5KUCfDFBzCEJ5rTf7ZZCiO+DH1raJu2fYu
Md+UiKvjIsz/DPRTzlCp3Ei+P6QuHHkbtM74WJxSlowsnOQJpLwJe9+c6NRE
y4PwrWMMjMyr+piOEHGpSeOk6bU6cTw8QZGoDeLJRwLqCtxirHFW8+3p1Lpr
dJLafPvRUxV6SJM1b2ezzfqeZR0+kzb4GdWK1vxk6ekkocjQLpcbS9YUv26a
D650sBP6Lgow5YzBiu2DxqYtFsTTE2UGO/qS4an6nMfOwWUxt6I2OtSPRFMr
ZiVc1XYtNKl62028EZ1kDfTSdDQ/xjiua+/mtAmGpgzGwZDnkOZBVFEyCLVh
L/8tCYOotDUB4fKm2xUxZOw0Yd2X94nkKSEqHaF3iJ0PbDUx82rUiTauLU5Y
DAcmDF7QhtCdiPD0RinHDXt54bPRvMfUTpZY+TI06mRDPfHdfOBaDU406zZW
iIVaOqgAM3lBvHm86EUhjJFgaBqIetTOWQfTidnsDm5D0gRrjNOTQFDpHoEN
OLwrPtTiT90PNtaxtMhJ9vnZt/CT8Tm49Er1HEbARX1cM7cWDGibtPbQ61C1
q8ZIls4f3/tL4ngtHQog5udspDirPiIkuypw9OuXchoYgl0MZG4jeSPjKiD9
cvhZiH57dvEuI5qAJtA0eBRWk0aV1nrY8qI005dkIuRNDlQCl1WJENF1Q5qx
9OI/eg8OVZuiUKFn2apM6YLS69PJAMZyMzUOpZiJ4XwCa6d/ewW+J1gg9KcY
acKLbyS+webAsZfzox3tE+KpTOb6plz3N+1wMlLuWPaK2MPxaluIwiOgzU+R
McY2IXkRliB1CKQm2DcdOtgevbH+UIaQAYVD73UkspbuH+6XkXbnN/DtMiBb
Mjyxr5wx5nmdT6/7/tlXZBqHHQiFXqc7EOn04R5hoqXHd2HvVmESvF4raa+V
i75OHmbC+RyRLNIDqjdJkeNic+WGT0+JQcrquaW2S+YXHE4A1XdhvN49wniF
1OOqePO/tR1zIX+SkHVtIaNOSa90BF9MCst7ia1Q4inPv0KZaVQzQg3aiqY9
5E1iI83sRDm0ihsZ4JCbqgqol0lkEcXXz979tbjazK9JQ0o3g4gzv0bZJTzS
Hz8mTIKWyriIif2EHUtzGOGfKT4D5ALhL+KkppxaXjCp04LBMU+89dqGk0+q
E6sQGaOXlwh89GUck5OVGfIOT03rK+R+7iRXkR0gznacWEZkaxhcOqBFNyS8
kCnpHcZUZy0z7pukeJhJHrMpI2JM1i3b64l6c1tzWPM13oPSMjIy72P2oN4n
T6I7DLUN4862+yet2qh1IjDQimLypq6zioNtDuzzn0TTH4bIr8tI1NxFJEJz
maB3oOKQshxUo8FGOECsquaFjyRJYDzHAcA2+dchRoEELGSdJ2F/gIQDucit
ktglUYPny6NugIG44am7FBV829YxU+WJsZCcnuw9I7YhOjooAMj2bjdeLS+V
TOytp2CSMvheDn4L8/3oF4U2kmR3yj4BLuIe1/BqnZlR8X5oA40gvy0fSwfh
ihYkmlM2GGwzfHcqj//wwv075Wr/+IWX8oFXCGjofPKiT6Mhuvqqum+NqlSH
A23R4IUtMi2hhH1JTtvVhK5OLB72mXyrYqj7PyL807AxjLemTtUnc5otn8Pc
J56IU5bl76o++igq7LOxq6OyKE7J2aniLdD7ExCZ1vWUXV13MIAnjC8fgyyI
l1ogLXcPHm7ifiOgTZ3+knUZTeuLARQfisczFImPwwuP7qB2Rs8W3toSLumU
PK05V4Nnafmmry9/ZJWCPJfJKPTQdRZ5/sdUKJ6jIfB43hL2KLoC3taGKQdx
Y4m1DVsj7//iO46P2GrrDZsWZyNhaTotl5BKXK9r44HqISoXAwlEwJ3YbHKL
hyYGvFrhr6b5EmsZLgNIecLpvayQ6QoTRJiunzVroFE8Ti+fbxXRnanUPqAM
IhXK7zjReS0XjtryPugwt62BTmA7c+uVFvnf0wWczbnWSo3RarGwnk1NvTA5
oTPrtcAK+ZtC/uSnawtqY36/jF37s4osDZbyIcMWfKdURrjpGcNN5Z3oYSx6
6HGVJa7XpEgz5J06RUECWmQd+1BA0qQdSAi5DVh0PA3P3ZewJ8g40YLhrVLS
pxuCS7jM+rNRGzr2Yo76q+plnKfgGxn1IX0c31ptybhVwopEkLWT8+Adrl88
lzDHoM5hI5Otj7Abl8ewUkZDw/G1frWvDxUkQyXPdGXxKsF8AZ3IZ/yTN8C9
SvACH78wyXJm67paFF3df3De/pQiPiGt7osrccc/qKlibw+ow2tlY1c6ezxw
B5OVN5Jfid1a5P1ruiWo+i+no+JyrCDTBTehiWMjRLLkAhYo+AQwEbLeQEiK
SjpSHpi/VNYrb7pKfCRx5pOZ5OkAAszVMAfu6+++BT+pD34RoSeDNb+tddww
ESJMjOoDALseOKnDBvs9/wqBZ0IN2psT6elmrEVfpVM61JHjPtaOhtQWP7Kd
5OlItScgmq/mqVRxIEZvM0L0UV68/F5pV69tkja98PdN21TvOS70vzclavm1
/1vTmu/jqJp32Z2TK7kVeG9ejnznvT7Te92q90pM+J6+ffIpZyoIOK8wq76Z
W7N27ARlx4iycdD9PCFo0a5sPVG9NXo7B8o4uRvZ8EJmzDO6arKJbFhWWQqA
CaiQ5NWKhvlnqWn3fLENENpZ0JMNvJZVY+06NKNjs94GvYZ8JtSf/pmaSh9+
msSg4ligt1SzVvLexJyIvg4e/oLq3bJkqbqpUS7BK86VSyGOh8ggVK4UdHkp
j07i6swJ5W5Mkup8cus2fit3J3ZnDCejzmaz70EoytDw2CYjeJ0Wz1xHpk1i
0DbJW4RHeGXrGPYScpw4ZNMXwKD15hxRiah0nSAiMU/XfqgaTwikM+48r2t5
4KQemeKBtmNM71q0yQ0E8fjkMgPNJ3u+gyPJpxuot+Tc4mwtrZdadLPMsMO+
FFilgzLyi2TEbeojaK2KI1jbMbEm820slztxmg1b9RYg9qlUU7HbYQwjoiIX
DzXL6dhX5RN4oFK2qwqW9ma3XdJpqcz/pfc6NjtbxtXVs5y0HNy7hhuhT/dY
QRv4f376sWEHgzeEcKjhHXnN0fCqEBW7RAVpCt5bWF/vEy3FXEKXHPoomXhc
6ipycW0BSXf0S4vbyqdK15iKjj3Rfq5Te39V3ZS3NbA5CcWKsVJMvbQY1mhi
eq73vtuqsdBMsyzy7G0JV0/1alTElfb9cS+cU8hOi/PU7Zjp9eeLS+Ma+va7
77/TIdhj9UqfBrGxXk7zdzkhT5h4y8x1Z7zqdPWo4/rh2GhL9UuFTTtPO8rI
QBvw5LtnRqUAx2y6KlKVP1Y28dTo17IZwLvm/04Z5tvHJ+y7y+5AV/ihNIXm
mMwZ35XfVHnDIk81wWz756kKsAO78zpi2tbCxWQHXmZUB49hgKr9qTkSOl+l
HAcCTiN2lLIIWQefh5MkevbKnY8/9NxDcCanGOMma6AMXzEiya1OCDGDxMSx
yFVn7Vd9nL44QjxrlbO/Aca+3M5X7pTXzHWne98fF+ebhi02l0rxfDHIEl7D
S8Yv33KwFAKnj19Y9KJiby7gTkCwI/bk2RKGaMswm7diLkKvT24t4b1VOggB
cuBpOE+iheMSA3y/jKfizux40W0aojpy+xtccOOxVtSxfsu4Y+kt4NGoAOtK
QfEdiQrwwvpSyjxBkVlaMFkOljPm+ni/Zm+WlSjPMPtH25P2DWFgf7ZexiGQ
XvPWced8dtSO6YpQ9Yn1HdTPWkS2H7n1ctmHXip9MCNnpyR3mny5K2ubQiq3
W1WkQl6ySvTkiUZ/X3F13yqXxja89sQnC6tgT9ht3nZJ1C666/APJl0Wo9GU
rFzlI3PCuMJkkmGS78+npBqwcHcUUSfxgHmZGmHjpfo9E4kikt7rgKQMCrVF
K28pyegRWAcT+Jpy7hyPqFcT7nIFgV0ZdVeKWrUWGnteRxgpLinU/Dy57ekv
VW/B5mfDJuKQPZ9HA1fGKAFYrjfacqrGUE1z/KIWpY06YBRX9Ns2VKPB+PQ2
STWei9Ctx/m1C5ELBQ3r+BQjD/Dg7AZJSjWNW9nZJIebQMUPdk3KIfbqyvcx
mfh2eBLrBNeKfTSo5F5TN5pMxfQfDwwa1W9QyVK9lCbtaNZ9gnAcyxf4NfR7
W6xbCZ95UosmV0jYal22MfXySTCDwWKJT7ZZoXPVlOxWQBfTgyjDRPgDUjZ7
gzvXGc+4BK/1Y0RpjTuftxWJozIdFy6hSE+98TrwEWK0YNk4EYhd0/pz+9Cu
LK9Tdzw1aY5VZcgZmNnQ6rCJ3lXtvXFzD9r/AaXokM00yQgYvGWd52gxBaDv
WL9PlBwT8tmOh2ThyJFRYEvSt0Jt6Q9ly7wr/28nre4MLjiP5AeRl4JfzJuD
MLs9a5Mx6kLao53dFxMbWWqqJRn0TYaQPiVkW5LYPCaYYoSAdfVEKU+J3POa
SG9bOCdmMFCuuz9JN3zat5Tof/ENtGYDpa+MNdyyKbkbLLT1tpQ7xKDgeF1A
l8EHMf4EzZDe1l3b6ANrsYy93ZaBHXWMBOLRu7IJqCYFEYcmOw1kknPxnF+z
xiY84L5s7oFaGvMZrmRxFkqpL+HjelnNY308pLXtQzwydgfkqlUat5xDpbeQ
57cpJHnJanRyBm2TpS626pnKP4px9Tq1azYVtaS3Mgn+CNEQrXfyfWbqzhx0
EfKojLxRzfMPWNYvbf5kVggAkW9vQHE9EglLq46iJroN6xjW/ThUD7dI9lNl
HPY3n9ATEuh9qPnvrntpGxR0gs4cjWNvuO0aXOydLlSjjbdc5LtJD1gVqB7U
FMQQyUHpYQNBxopoRrRiIh9JhDETZh4mVmAsaGuDM/WJiaMBHbvWn9TL8cRL
kCT/tcGHPtRmiWx0AbNslfIRzZjaRTcBa7063zEAutDP8EHRjduhDlusXnw3
Ja1zUuix8awegdgRdS6yPLHqlJcPuRYPzGGbeD9UyGqdnaYtv45HSlEJqVf1
wAAqZHnyQSKySq9UF2BtFOOlOn6orp0fzDp3yoT4I5aXvKQrtnNw9rtgCZo2
UQXVXalTw+XrPjBU1jZRa1+rufdKm9eBoYk445Wfmj7fU36MhYgAV/6X6oxM
J5MBbhkqixOrsAZ9YOIL+7xVZo2F69kSIz22qqzBfD9UY5XDFEANzsmP8u0U
weB83JapwSZXdqHR0m3VpAvkB0nMAw8lSl+KxbUSZ7L+L7j+YxK+pNT01mek
7qFQl2f3QTCO2nbDadYvhM91s4tzv99JeIys3YYrSDVbfT6xNLmjWvMKlrlz
kwEdrioWJWCQyjmEPpT8tNTgVM+y8UD5aUNazTPVDgjjZaE9zpVQuuV0iKaN
4esomafHgOvdbMd4DM3DIIbwGygC/uvE2bubvA07RncivkxX3Pl4VHCHZ2XR
La4ANg9ElopkQhaEUJMic51WlrJl1dnAMGM2kn1XsuLaInB3tSx5Jeqz+LW9
8ryCquZsQHdYTDX0SE1hcAQTG3ooALHSfISBbUA9QeKcwNnWb1YYjcPxS9US
k+Ufl/NbeaXu/rE9dWxCi4W7USgd5kUoAkGRA96BI/Lxu/EBFr+Hpz4wztDD
8LtnxcFW8BL+2hfPp9MXxcE6eHTyJ7kuxGPHf+Uvp047JL977arkACqavcr/
2m/lekELyaVthSbZIiRfrZtxtCB/jamQ6f8Mfpj9rF5YBq7HPf2U/1780g4J
TP/34q21V09o7ZSMMVLO/26JmGkgOjdy5Ez9nGyxj2sOzqBorvHwIB7bbD9I
eGdrn1MnJn1EpeOO47jSQVy/P3pk24uM37JcZ4UwUZkbOT8uHklMGwCLyKpR
WbtcYQSy0SNiU/wl6PRUhHqNZgDUTQTSxfcWeeP3v94i0N9Dises66Js3Jow
Tb6VBnZ31rEaYS0U1XCx0sZx4zF6mvPGeHu1mJmYNdee8DyDZ4VL6qvdSTYI
Tah5nJ79/DpgF3XkwzfffIN5PuU+u8qFEnURWGtmN5vOUAwxixCf1GwIv7bN
pGtdEilbFAaPLZ311Ee3nHhlK+3/GefGkPvic8CPe4osyqzsh92PMqYcbm1O
4MGaxFTpUdnBQBzG4+0Zi7pnfN4fOqHbyVYd4usogx+UGSC+UmQkMgRi5EqD
G6MkavBOE9LNiJZWCPTdDlYjL/Af7OToOpyohO1Mc6C10GuGpgL14V+Z6/50
lFV64G1G/H4MXLN7ak7lYW6Lk6xYagXU+ZEXWBSZMqpAIU5hvKP8NJoOxi81
GRz+lM3CaKhmtPVi97nEhXYfSwNAasU1gCv+j6pg7hbfIU1So1vBOknogOgk
InK9MpHaWXHFk+xJhs8T7nuY4TKa6VBwTOdcVfOM03qy77iw0Elku5Upk2gw
RVYvFJMRIYhQxGwP45KnbTiheynWdz1jXVfORx6XgDnJUlsvqrLjvECv4NjO
sEvGwGmhn866jtmZ67kXFLtsnCDb9toFsgpc0CtxiCFx67VlxQF70/VHSge3
Q5kHCJHgj/aq5xM7ZMEYoQaqxvgsVz6PJc63iKMVd+U3M+qZULLAEHijh8xk
2AHvIkP4iHlIns1VoQu8jrpsKeljH7AdKt+Bc9BjKM0LYK20NAV2KNEfIHPv
AtleX2kOh/LnxSJo0biVv5JO3Xkm2AG5e2eZF9INvQ5kYo7JCHMiSD9mLe/a
+CPnpNeu3jXauVCMOkkSbxHpdF/plHTFoSrhv09n9kStjlvHYkEnurtPCyJm
iG2Bnz5ZRSd/T+175npp2TAWKgy8PaLxpwFSX21s/Ubg+S0jaKHJTlBEoKPR
XJbV1h4wcqxi7zZz2vAJ8+1eI0OcjdVP+MYZh2bgIWBLu6XkvRDDzydeFHJK
bb+d9mHDg9Xjj4ofEOW6qKTYOb9skoPOOwevFWlZGeY+IoqQzXJ6Ea5kExW6
k5TWSq7Cl06QyvQjz+I8ZsrluZFt/xx0hLiVMSRFv4fDm7Gpr05/eX3E/xrU
5tvvXxKGQpI5NisTkG5McRJJKwru6t7DTk+bjqplEUArauJk3FaYktgZ7A1Y
T05XSLthJpmv66zWPGFrpfmaOIXNtTazpo8RlJgOUmVmhJnnpSti73ck3pNd
RD0XYyoXRAVDeZIMnpJAyolGNZZVH/dpKEGH+MgKhSw9yVLv08SNswWFTnMd
d0c58qZAO5xjTp1xl/9RsqVqmUkmxs4jnsCpchWFGESEoRqsNQkDtqhBUpRS
lXeRKk6pWMsvqipQyVPxT+tQmIhjUR0zuia9jwu2/tbAVTne3QCAI97xv1Ed
JS8Qob1KsRdg9NZcmBH/p8VW7y/16qO3Y3ByMBqjrTl7DlCTZn4cPGlhLAz1
lKRT7LNahoHLc4wlTwb7+Vua4CXtG8nzJLgLbSzF61QOhETFz+zfFkb3aoOp
R9ECmctpdFpaCPAzQfbRlHZoC48UWgXTxLChmhyVjdb6cnZv7jo6lGblvFqJ
LUHhvu3hoHojttkA3OssL7jLwemw3tP0OM/jx/lCmEk7QKL6zZUBVZKYCMUO
+S6w72JNiGVwsJYS3qL/o4KtTroH7KNxrjMjRKqZSagI/J/Zo0ixYzTz2kQ4
BHxFN++nA3uWd7v1CUgwy2/oAmks1shLZ7ngBISgzYbmrpY+OmDmE7Q9XFFI
U2kUBqHNcNzEG8jnYyMfUqYuhcqBjZzdWUR3/A6t8dT09+96kn7Geb3Q83og
L1hAeyCDRhvz+2gtev0MVgGf0Q19IIM3yualveXogHXrhISU/+fvVe8//oR9
R+S64qBuNSeaU3v7QNFpz9X4I9JxWZ9tDDjlQEIg7NMXri8ntHRBoWhe0Jnb
0wSZfPHpqd3nIDY+6vP+GMNxVzHJw19hb5qnpfx3h44r7HXJl3bIW5piOtg0
uigYs51+Spnt4nJdlAuthmTaoQ8LtPu/B65+AInZUkZJanNacnZ1uvD5Fhw4
kaRlYc0EOyxEn/ip8vCZPd66BCvzh8nvDzKYrL3obkY07z6GULV39t9/M1JA
+eefa3GyD3LP4NA+dvBv/3xW/OWH8M+EfOffildndl+0slqKDa6UKhel7Pd+
Ad/i9L/JYtPQJqfrEe63K283Yc6OubpslTBJvKYgxmsfaM/qN8V9hy1MKm7I
2n6BBmMnLgAdAhays9kDH79IWQ00xRKdK6VtMUokhMx6Rk07jap3yYWOitPG
PPJtesb5H9AzMvGrtQqqzZvyNhAwziOl1GKp83Ejp5PY4EAjU4y+H7wUPxR4
IfQR9dkAeHFkbQ5lJ4YL85dsaEzeBImA/aZE9JSNxhi86Z1IKu8NGoF4NXQN
wanTT2TzwBxQ03sz6LV2XqHso5MpAM5FcWtVilMyoCEaRH0rrSvCidSJWMXr
s1cXp8W76fNvvs2xRywFLVGJ6Dw7u7xGduhmpRkUUpcsNcYiGdufw0EDA1CI
rvYzXapsTfHpT87SKtF5qUPszGi7g0wWzP3XUkpzBMXm4z17Mfn2q68K3ewD
DapJNNAfpmSax1sCo6R+RkV8Q970IJAUPYXNON9mgCRm31ep65VubbbJwqMt
sk6vv0M+lm1vm6oNMLQPZT948ftXrQG5krLTE1zLjAvSHmgsnVrEc0ZZbRux
j8bx81E92y0O/N5QgXnT94HeVXNUe2p5WRVva3y9fOqfX4PHKfzvo7HTYf7T
gbtAh0HD/fOro2+m02fhayM60Qwj/XvxDB/mPVzb/I4SZhqrncTWi5D3NEsH
VaBKD06Q2j08yfPp9Juta2aW6UTJ7xpTMIdZLe7pNs2sPOl0+tzXRK7/TKT5
h8Tw6BX2dHL0cXXke/LC/DK+8OTJZTsYGjYI/ZMnBf4in5X7fPNvclf/zYvp
9MXRN/YLz7AnMpYVYkyKwBhqMBo7Qjy8XmYPBynk+iwnHs+FJgwzoBFC3WdH
Xyfm3Caav/gW+bTzvUQ/Y3o9jd7S1hpPaSeIvBzbUbIa6oNR7pSnZdXeWg8w
bZ5blniGLHeoRibO+IYXsoCexnedNhX686wl/WPZOXuCsxpTS7I1J6hJzypo
/zE7+Di0ooyjT3WuEquQ6flE8jnnZlV02nhkrSZ80OO/vE9xA1k7ik5hiMfN
Y3S7WHs1hDEE+gHNozu7KcMbV2XOZuXcZIyEA3ltdhualjDS0ZokE40NcTsk
gTmJwwBaHBX4dzPNbvOWpQxni4cYZ8fpnZTdNyV/DZR5PlPYhn9oN43P5h7T
tJgDhzxYQ96NnKdprdM+LG2pqKJyhWQUadXzpCaLRj5EUh7gH1XXOjZcXR80
CjrjmkTfa4zRDKzFr29tcsBdyynYqFGYBEF+t3aTyTaig/CFykGEduSzIx6P
tlULWQnathbJSJJ2tWLvAjt05oHJLk4dCSjGq4q1JN4ekVUYCcKBgfMRIZwi
vDRJbmIB/OiHQnmruvt8pi9Or89XXa03g7M46Mldbz6BPy47hhGQqd8z57g/
HqdlpyryWR9hHat7/j0r3hxEI6tOOMrdTZV6H4ELIb+md8XvtLrKhD70yRbF
yxyMylCHQQ1QuW8VLMs+QU6m+RS2hZyo4ke8NOgwEVVVy7b9AKqkxgiUY3ac
4r/HDp4YIfkU7aw27YATz1KW0PieHDBgQNSk9+X8HF8fz2MpORjFli0H8U0I
t9AHtstls4CjjkzmCysBj+1r0Lg2T0OlJKTi2cyZuSMTJ6U+vZh6P2oKrt7q
ap8om6wRll8yBWPv+5MSQPfx7aprS0ABENLIYpxrYZBEse8ClM0mQmgIgY6c
AE7NkOAW3DODtVsaxbyg0mWvaP3VdjZByifmjrOUsl4ETpzLAzFwHvdBdesq
nhQ+NXUIQ03MG5lXcxvum9/SG56t2pacvyWjNSvSLtgpuWd3SY55fnlu0cfL
Z185/dzL5/hZNxprW3LoZRjY3A+RWJO9ZgRsb/tDGQPQ2KwEjbt7wTGQ65oj
ElF3rsJ0CxwIiWWUmx6/iLcbayBVg6fi3+UNz//+1zdnrgrL1Zqkhvt8tbSi
I88Y0unOZMppQg2pXjlzQLXl1Wb54d5GN0Tq9j4ws1sF050SJGtX9AITE1oZ
XGjT9Eg310Nga3CcOM4C3iWUXP2p0JcAuhjYuBWnK5BAl0NCjS8LooVzX6tv
ZdQhoT0sKTFlsmNV3ROr/yAfkceqKt5uSnL76bOoQRUzLbNtIXmuvYfyneYu
rEcxdhf1YMk0ErMp9WDcbqJL/MHjA3hHi5Wlo2etUqLRp8q2ZwH4K/Ky+7oy
me8D33bPLQhs4UYSvhv/PvaP2BkVHHLj4uCwoVkSQp1omgbHHgPs1sErz/jp
4V+nCFnNDs24Xw1NXGZENuu5pcNaxfol1KZkOW8HO5DVb9VsM0TxpTEtN0O7
MlDQaQgfDQtmWEkVzw2nrOA+VzZ6K0P5+vyncY7Ohxriyw/N6NueKWL+19jd
LPv7FVoWZGnjm5qStI02mkLGVbk/oBoGvkO9VA6ts2xow+l1rOS/E0GY/vtG
xH2zKn6ur7vghP33JxsAkWClfbmmSVbrugHD/0xhMbxAlY37WxpL2djHCvyr
Z6deV4lX1erVyS68zpf7IJ0h426dXACEgzdvVeUkFRYoQWnqgAVAV9JhDoMl
WW/lOM6MbxFg+el/2zrt8Ocib2dX+cTNkaScZC4PViBvmLTmj+Tp43okA2OY
BQ711RmVZkRYOH929rzJU1omzrbAn9lb891z4TEPs2TzEXNa/2PeN78L+hhc
1uO4NVQedTeV29cbDbcy5t6C+AnNJq+ciMWpMGtixby3P3TRjIbU6vQWI2kJ
oWZ6WpMJN6Abt5q3KYs/BAZMovsawJ0GeQqsLjmDmTaxO1sMdBnrrFk96CTy
ASlbDvcFxAUsgSgR1CbgqYjA29WZls2T1OYTd49iZXz79lFq+v2EOIFahsN2
fV6KXfAB2jCz1YknYezpGdjOegd15ZRhA8gEsbf1dRmnmID4ab5Jeq9oZkq5
5/0/FKvRYTR2gNoFoKSRBOPblQ5wVKIgmqRNnxLCsNfpgl6fVU1ZVQB0WS2I
iOB5GKya1vj9FIO0twuEmVuDOEFakeRmbuRMoyyikQXzHh4UKVegtv1zhGq/
AbLNYV7KBmVsq/mk3ACSsT7BaW2AgtjZZrAkY59UpaC+rvL7y++c8UvzCg2V
gi6PDpgTN7f3EznctVO4vUZkfD+CE8if5a+RrYUu6CIEk8nc0e2pdTF8Y/Mq
cg+inNqmjOKn+VTDxqtUTbKRzQO4IPdaDm/FTxh8nRvD5nuqN3ISn7rcCoB9
m8IMh/vdWSn6Qxzbblhq83Tch7HOJV/HmWgZzPHswblicuP+UPIIZHyaUsSx
o6G0AZWGfZqEpvrtPYn2A/Pu+moZ+B7Tw2TMWz5aA4VHna5tvM6wDr6fsSZm
SCwlzltZbwOF6HQXqHDMmQbxutgm84o+kTap99rhnl7RnaXBfwGKkFgY9UM2
mgbqnCEJ21DakzR5gBp/lMu05nUThrEU9EoQXGnYlpC2mdF17sFsQRLAc9CE
jC+IuQN/ZPLhB8jmeAeb7aNTx1KitxEv3Mm/RshWKwfBucfvBKmwLzS0jyQF
gwicy0O4FD2f9n4mOcwbEL8sFdaXvmwxIP05kFCvbaY63jgQ6zG6hvqPrREh
aYD+8pB3kOjsg8+WWrdxEl0gjIK21qZFnXXSb1Hf64iH4aba1cVqyYmmyJ4E
RBxMOWWSFTBniHtIkfWTscV999JHf4S/YS7IhVd5Xr4wnyWDXvJFUXvqvLqb
zxyiJyZPgLRLfIos6XI6cgod722gJJ/ERsbzNIXXtDYS3PcvGVi8nRAcj+3J
qvlp2wVt54KtY5BzO/vesqMndV65d0rTFApVeua3gwxTy5aQ9LmAIaZMGhEC
IrpkD/uqmnMy8076Ncv77Bi8YdMKmJDCImq6IKbCvuwzukxOZg2zSzMpmsZN
S/1jn5wsv3JcRZKtZe4+r2iQPUuntwWxzZhLTGqC3zlO/o4LXQi05JTeOutI
SDvhH/vY9TyeDSFQDzROXja6jKnuxJk1tjDrs+2OTVPMZUFmQ0w62ra5wjJX
MTI0hzGyhEyqH3pbMeL06WAcBBYus7EOq3k2Eki/RO14SS9Cr+QDu8hpPOpH
yOupJE1SatpsFm9LMUl8F8sfHVT9oaFkaseFV8kI4WaLAVVU/a88PzfOoK6N
h+48aG7U9TihpXppa+9i7wFOGd9yZ+5ploV97j0yKTQNjfAqhO3sw7T/ALq3
PFTk8U3yHezViMSFtqtbUwzOcMGCF4x1nWVoIwJ9IDsp+14nnEW2LPfMxLRw
HiN7vE/UN+ztiPG0+lQxWYVpPqTax7UgNcbLZYdFYV9lHxnf6BT/xpkMKRBW
iRi0soa1i9BIE8t0zJyPQWHV1oZsWvKReco4SzY7TiDpTKbpoGYTmCKTkzVK
WI1HRDlcG1CYpBMime5FoGZaJbShmPlwME0SaWBtn+02S6e4zx7b1fAe4olc
62eKoByNf0TuZYYItEk8D08bWX/glSVAsy9CB0wTHWC9SMx8/MjZ2pzkVHz8
wiZtKzIhjArPh6uKNeZcRH30SIalnRjeV6dTqBl8hdnUmg/5vxgmPiLoCbg6
5Od7ZiZQBmP+27JCCSeipY0IW1xGainG6X3dOzOFZVa19SvMiYKn5tfQxh1t
XtMFM87UUyTvoNG6Tml67F4K7Ajjv+3GoEsXQW+0GOn/oGSrXBGjIu4CycRn
LXRv71fZM/XSGGFz4iQfshBlMaeaZL41yQ71kS1PM9948T3iGyCR20gbiteb
nDzkQvkuPn6RsJaJ8rhMMZP2EB4nGT8Gxq40Iy6S3hrx4HJ+/+I5oUM/nhWv
2Vd9XMhHS06VMXRPcg+fZBhZRI6ePHr0SxvRqiPWky1UKDtXez+jrG2DIq5j
xvLEyQoUKPVsNPnC85QYA6BeAhovaFvZ1iTRluj9SiML5k/n9S0DKzhi/mAj
Xprjz2hyYLmcWchV+WtC4kepRn5vDhPDcUNw5pe1SBn9Sx6dlEP26t4AHWgH
DNH4yQ4HMuHSUf4N3LjDIeiVcd/4c04eZFO+Zt9lpIlRWd4iZd43Dcz7pgHh
AiseWlpP/mDAVygka/OzDQHcs4QnO3ici3W95sS7PiPR1h1NhkzocSPbQywJ
pYQPDpvVQjpzyjaFTas3l+ZqIx8C5sBmruPPmOpFFoVZYFNV8qZK2Gi0P9Ov
wpys8ekKRB3TZ8YKMI3DQjKAMZ9P242diEZ3yAqwGiwaSaoqhtNfTrez7aIB
SzRIKtzeXY7PSIDjY7tYvDmsS171YkNkRfGm0S4dXOCUXXqT4k/KsSQfwQix
PqrJvbPlUAjGqDRrDb6O5COkgdoGLWjEpO3XhtAx8iVF9R0VbwYfOtMfg3Sk
5FuHaZKX92aNcsWfzGLMP/ofYJUN97w/4RWdrkCXIhZvQoFlZDj2VCgylj1E
tyOOPbXTXiGoh1W5nmynmiYhBE+auiYPtIJNDMeuxanR3XSYkPP6JcPX28gi
kwKxktbHWMMy+dXmAV0yJDDOzy///u51WKTMeGbkUPYP6wPLP59ZWL32g+zx
VRw1t1BmCXWoB6CdkvPpQ7PTWYw2uO4g8c52uM/y7UdTl5DaWgmykgfJ+Seh
0hoXyqlS0qyob4ec7gtr8VVfpa8y0e+D+UtpMbxu7NKcTRZVDbfltGQLq5sU
L46N46RWjmGsq7tgw/BbD7SN8Mwz2G/fEYW4EXVoVd7P89rRqwHn7FfUKDSH
oVejkVJCo+hUjU7Z6cUvR88mNuvO0yv9vWjh33SqI1CNMYm9X8vl7buTwBRa
/HT687sLW4aj4jWryLYoLAegqAUu2rXOE0HCpl6XQYcPiXnRxQu9G/NahBbI
Ugw63oSB6gi3QW8QpoJ0rSg7FgOrZqMCa5NmDV+N8VFIF0ucT2SAgpR+agGZ
1hBaDgVcxf8rB+/McLqMPecSBQ1TqtPpsOyn81Y+XE01zTj96hmSQakmDx35
mjrDt1VGHvtfHiNxokIOL0GcCOsEnVezJYcsozwRJvAeUtGfEiA2Kn46R6Vx
vNiUc+vcC22zmtn9cyWx6MgucHDbSSA4d17zHSS4Cspud05iCozRO4uofYTd
2CzTWJZFIQBe3yyyfmYF6ElS2jRKdf2zAeXRA9ArFaHhVRZLVFuuquGucrSL
F9L38sTSOrM9cjqLiF5ZYq29gPjo53L3eMk8cvRYLEeNHm+bAycNTMmFkCmQ
6JcHeDcgV+meUA87eaAUSLccAY93FMbs0olTylDHJYVnS8jSkbJSaIg/vZY3
oW8X0HlaRI2lT37puly7r4GTMcgaY/V+KVfVnuzGQT9srtLaxaHjsJVFJ0aW
RHqOCPAMqk/s0q4MvJ6zW6YZf2a8/07kfG1jFt+4e3zWdl171cZqYMnsBaM1
q0HjNc4rrm0kI0oMc/TsCqNuQYIg07THmYOatFyXXhWL2W6QQp9wB6HCxwqc
htzeNHFwDvqqsrV/Hmb+TV2Db8S5GbRdUFZuv6Or3cKGBj4Ze738637n6wSx
1tQ8m73OyLYTgoOsvZw8ZHD6o+ubMam4JkzpJhA8YWSUdxsZRhwh14kha/P0
m86l3ErXHRjBqnZByGfygfVwhtK5roqHGNFf75oK63mRZOQrZLcJx8I5Yx6r
lnilJoZoo+oxhPdx2nP1OP8yTcxn2KqjxIp4joHZJ4wV9YEscRYnZ365+z6m
/TzGdBHuc6Bm3kMLlhKujoZz7KD+O8RQGm9scIZl1QMYPzJiGk3CzJQYIxsW
kDO0p9dPZh4lRPgjKvk4KJQDHH5bM05lD/MWw7xPUJ2OqebjfNAj2wH6d+mg
FjL516uMsJbL6+GBWY61zd+5ePfjU8zFfKqDQ2B5uOiBm4jq5fsXz/ek1voq
DK7McXzHdmAiZ2BFjDhNIck0wpwQS2r5Me9apXoScxF6w23sSlUFoHOc9Jvo
O1ULjWoi1i9iXSLl/42AJSeTYU0C13XY4tlprGhurrRjoHMtMKTp6kCZGFkR
Gcrs50u8rkN5I180BnVk0rRybaLhyD2WM4EurJ+IjlFoH9FR7FiLDAnik/rM
dqevkk1JY3a7HKYKC+sMqzNyeiQsW86x6T+Ws2Gq4294FUUyO1nrc4yn8D8s
7+OQqTA1IuaWtpnwHxoJMB3R5A/O6p84SUkHy8HDFPr7xhMA6pJU28WrrldY
IlEm4+EHJ8UIXUAIQFADWfXOVuVW+Rb/sOw+CT1tKI5Ps/o3yuyWDmjaqYjO
1Au9wVSheHASIl30fSzkuhAlebF6cM2TJm4jaWDUVDGgNIcz8C6GMdOMvsYk
hPBRU2tXN2FuWaQAhii9iZWaeRw1rG7H8S4/BWFYojbTSDU65W/fvFJCBhD/
wVtTSTYH7yy6HCbUFv5SY2gDqciqXBibgsjZM3z2uj3aQQD8vrYO5ABEHz8J
0pa95gfMCdOhXOlADzSRrKPrkvAlWfOiDzM3qDh4zhUOq76Rdc9hyXWerS5R
Gr5AzOayprHJpr8RodNy99ZED1k4TijzlzgxMv85/PtA3uIg5yiYyjPdJ33s
4Q0nCd30SUCnzILrjE8YSgW04AbtSCgAk+E3Ca52X8Eocin1kwgITFBc9cIx
FibyiflwJZnZDnkhO33BB4w6JxsHaGOhnLDyaWhszfDwy3aDDGK5qKZai6XN
NtSpnmabbxsy52GWw6E/oVfnp6K5lUHzeiPrQfuWW/4DWf5p4h5MisvLn6z+
T6uMOalVHCpxGKK9tai/cCT+BQ7/oL9SIvrOivBwIgadHzBSASzWts2WLjCW
RG5Q9DJCEVycVRS9DuRo1bpwuG1sVoiYGr7zJKvoTNXz1LbRcm4GY6Ld7KJL
5QFmkb8MFzZpY1tUz1Y4VTPegm8IYigqjQ68nwDUpEpK+uxbUDVosED6Ez7Y
YWqh+w2jTQXyQe7G6K70/ITo1dneOfcwJk8DgRS6z0DWSXU0D52CuIf6vrMs
oMVDiC3Aekj8TgTlDnDheGKvUQrYhG9Um9EYVjVVQn49JWQgIW7hXDYjkAZ5
ccc27dOpuDPIrI8oMEtAdyQ+4V81iXlXL+cz1AC5WNr5283jscIzLm0aIG7e
+8xUd8zoSDd26JHk5zOKX1WtqMAQzdF91/K7mjXDM5BTwthWIluAIqPUmoHH
HOnhqxoEufeha5lFwEV527LxMoqw/DvKi5/V0rjHKAzkKjRgMDu0ZNPzsJNZ
DCLrIpbwAPinbCZ4peAfqHrGB4Ts+OjPB7EnqmsPJ8EdaZjhgKcKx0N0Ujcw
/jp69P8DTRAMqCBIAQA=

-->

</rfc>
