<?xml version='1.0' encoding='utf-8'?> <!DOCTYPE rfc [ <!ENTITY nbsp " "> <!ENTITY zwsp "​"> <!ENTITY nbhy "‑"> <!ENTITY wj "⁠"> ]> <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> <!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.29 (Ruby3.4.4)2.5.9) --> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902"docName="draft-ietf-tls-rfc8447bis-15"docName="draft-ietf-tls-rfc8447bis-latest" category="std" consensus="true" submissionType="IETF" number="9847" updates="8447" tocInclude="true" sortRefs="true" symRefs="true" version="3"> <!-- xml2rfc v2v3 conversion3.30.03.31.0 --> <link href="https://datatracker.ietf.org/doc/draft-ietf-tls-rfc8447bis-latest" rel="prev"/> <front> <titleabbrev="(D)TLSabbrev="TLS and DTLS IANA Registry Updates">IANA Registry Updates for TLS and DTLS</title> <seriesInfoname="Internet-Draft" value="draft-ietf-tls-rfc8447bis-15"/>name="RFC" value="9847"/> <author initials="J." surname="Salowey" fullname="Joe Salowey"><organization>Venafi</organization><organization>CyberArk</organization> <address> <email>joe@salowey.net</email> </address> </author> <author initials="S." surname="Turner" fullname="Sean Turner"> <organization>sn3rd</organization> <address> <email>sean@sn3rd.com</email> </address> </author> <date year="2025"month="July" day="21"/> <area>Security</area> <workgroup>Transport Layer Security</workgroup> <keyword>Internet-Draft</keyword>month="October"/> <area>SEC</area> <workgroup>TLS</workgroup> <abstract> <?line41?>38?> <!-- [rfced] FYI - We will do the following when we convert the file to RFCXML: - Update relevant URLs to be clickable in the HTML and PDF outputs --> <t>This document updates the changes to the TLS and DTLS IANA registries made in RFC 8447. It adds a newvaluevalue, "D" fordiscourageddiscouraged, to theRecommended"Recommended" column of the selected TLS registries and adds a "Comment" column to all active registries that do not already have a "Comment" column. Finally, it updates the registration request instructions.</t> <t>This document updates RFC 8447.</t> </abstract><note removeInRFC="true"> <name>About This Document</name> <t> Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-ietf-tls-rfc8447bis/"/>. </t> <t> Discussion of this document takes place on the Transport Layer Security Working Group mailing list (<eref target="mailto:tls@ietf.org"/>), which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/tls/"/>. Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/tls/"/>. </t> <t>Source for this draft and an issue tracker can be found at <eref target="https://github.com/tlswg/rfc8447bis"/>.</t> </note></front> <middle> <?line52?>54?> <section anchor="introduction"> <name>Introduction</name> <t>This document instructs IANA to make changes to a number of the IANA registries related to Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). These changes update the changes made in <xref target="RFC8447"/>.</t><aside> <t>RFC EDITOR NOTE: Please remove the note that follows.</t> </aside> <aside> <t>NOTE for IANA: This document specifies changes to the registry to update the changes made in <xref target="RFC8447"/>.</t> </aside><t>This specification adds a newvaluevalue, "D" fordiscourageddiscouraged, to theRecommended"Recommended" column of the selected TLS registries and adds a "Comment" column to all active registries that do not already have a "Comment" column.</t> <t>Thisspecicationspecification also updates the registration request instructions.</t> </section> <section anchor="terminology"> <name>Terminology</name> <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shown here.</t> <?line -18?> </section> <section anchor="updating-recommended-columns-values"> <name>Updating "Recommended" Column's Values</name> <t>The instructions in this document update theRecommended"Recommended" column, originally added in <xref target="RFC8447"/> to add a third value, "D", indicating that a value is"Discouraged".discouraged. The permitted values of the "Recommended" column are:</t> <dl> <dt>Y:</dt> <dd> <t>Indicates that the IETF has consensus that the item is <bcp14>RECOMMENDED</bcp14>. This only means that the associated mechanism is fit for the purpose for which it was defined. Careful reading of the documentation for the mechanism is necessary to understand the applicability of that mechanism. The IETF could recommend mechanisms that have limitedapplicability,applicability but will provide applicability statements that describe any limitations of the mechanism or necessary constraints on its use.</t> </dd> <dt>N:</dt> <dd> <t>Indicates that the item has not been evaluated by the IETF and that the IETF has made no statement about the suitability of the associated mechanism. This does not necessarily mean that the mechanism is flawed, only that no consensus exists. The IETF might have consensus to leave anitemsitem marked as "N" on the basis ofitsthe item having limited applicability or usage constraints.</t> </dd> <dt>D:</dt> <dd> <t>Indicates that the item is discouraged. This marking could be used to identify mechanisms that might result in problems if they are used, such as a weak cryptographic algorithm or a mechanism that might cause interoperability problems in deployment. When marking a registry entry as“D”,"D", either theReferences"Reference" or theComments Column"Comment" column <bcp14>MUST</bcp14> include sufficient information to determine why the marking has been applied. Implementers and users <bcp14>SHOULD</bcp14> consult the linked references associated with the item to determine the conditions under which the item <bcp14>SHOULD NOT</bcp14> or <bcp14>MUST NOT</bcp14> be used.</t> </dd> </dl> <t>Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval <xref target="RFC8126"/>. Not all items defined in Standards Track RFCs need to be set to "Y" or "D". Any item not otherwise specified is set to "N". The column is blank for values that are unassigned or reserved unless specifically set.</t> <section anchor="rec-note"> <name>Recommended Note</name> <t>Existing registries have a note on the meaning of theRecommended"Recommended" column. For the registries discussed in the subsequentsectionssections, this note is updated with a sentence describing the "D" value as follows:</t><dl> <dt>Note:</dt> <dd> <t>If<blockquote> <t>Note: If the "Recommended" column is set to "N", it does not necessarily mean that it is flawed; rather, it indicates that the itemeitherhas not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases. If the "Recommended" column is set to"D""D", the item is discouraged and <bcp14>SHOULD NOT</bcp14> or <bcp14>MUST NOT</bcp14> be used, depending upon the situation; consult theitem’sitem's references for clarity.</t></dd> </dl></blockquote> </section> </section> <section anchor="tls-extensiontype-values-registry"> <name>TLS ExtensionType Values Registry</name> <t>In order to reflect the changes in theRecommended"Recommended" column allocation, IANAis requested to updatehas updated theTLS"TLS ExtensionTypeValuesValues" registry as follows:</t> <ul spacing="normal"> <li><t>Adjust<t>Adjusted the registration procedure related to setting the“Recommended”"Recommended" column asfollows:</t> </li> </ul> <artwork><![CDATA[follows: </t> <t> Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval[RFC8126]. ]]></artwork> <ul spacing="normal"><xref target="RFC8126"/>.</t> </li> <li><t>Add<t>Added a reference to this document under the reference heading.</t> </li> <li><t>Update<t>Updated the "Recommended" column with the changesaslisted below. Entries keep their existing "Y" and "N" entries except for the entries in the following table. IANAis requested to addhas added a reference to this document for these entries.</t> </li> </ul> <table> <thead> <tr> <th align="left">Value</th> <thalign="left">Extension</th>align="left">Extension Name</th> <th align="right">Recommended</th> </tr> </thead> <tbody> <tr> <td align="left">4</td> <td align="left">truncated_hmac</td> <td align="right">D</td> </tr> <tr> <tdalign="left">53</td>align="left">40</td> <tdalign="left">connection_id (deprecated)</td>align="left">Reserved</td> <td align="right">D</td> </tr> <tr> <tdalign="left">40</td>align="left">46</td> <td align="left">Reserved</td> <td align="right">D</td> </tr> <tr> <tdalign="left">46</td>align="left">53</td> <tdalign="left">Reserved</td>align="left">connection_id (deprecated)</td> <td align="right">D</td> </tr> </tbody> </table> <ul spacing="normal"> <li><t>Update<t>Updated the note on theRecommended"Recommended" column with text in <xref target="rec-note"/>.</t> </li> <li> <t>For the truncated_hmac,addadded the following link toReferencethe "Reference" column: https://www.iacr.org/archive/asiacrypt2011/70730368/70730368.pdf</t> </li> <li> <t>For the two Reserved values above,addadded the following link in theReference"Reference" column: https://mailarchive.ietf.org/arch/msg/tls-reg-review/5BD62HBFjo_AsW-Y8ohVuWEe1gI/</t> </li> </ul> </section> <section anchor="tls-cipher-suites-registry"> <name>TLS Cipher Suites Registry</name> <t>Several categories ofciphersuitescipher suites are discouraged for general use and are marked as "D".</t><t>Ciphersuites<t>Cipher suites that use NULL encryption do not provide the confidentiality normally expected of TLS. Protocols and applications are often designed to require confidentiality as a security property. Theseciphersuitescipher suites <bcp14>MUST NOT</bcp14> be used in those cases.</t><t>Ciphersuites<t>Cipher suites marked as EXPORT use weak ciphers and were deprecated in TLS 1.1 <xref target="RFC4346"/>.</t> <t>Cipher suites marked as anon do not provide anyauthentication andauthentication, are vulnerable to on-pathattacksattacks, andarewere deprecated in TLS 1.1 <xref target="RFC4346"/>.</t> <t>RC4 is a weak cipher and is deprecated in <xref target="RFC7465"/>.</t> <t>DES andIDEAthe International Data Encryption Algorithm (IDEA) are not considered secure for general use andarewere deprecated in <xref target="RFC5469"/>.Nor isMD5or SHA-1andtheseSHA-1 are also not secure for general use and were deprecated in <xref target="RFC9155"/>.</t> <t>In order to reflect the changes in theRecommended"Recommended" column allocation, IANAis requested to updatehas updated theTLS ExtensionType Values"TLS Cipher Suites" registry as follows:</t> <ul spacing="normal"> <li><t>Adjust<t>Adjusted the registration procedure related to setting the“Recommended”"Recommended" column asfollows:</t> </li> </ul> <artwork><![CDATA[follows: </t> <t> Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval[RFC8126]. ]]></artwork> <ul spacing="normal"><xref target="RFC8126"/>.</t> </li> <li><t>Add<t>Added a reference to this document under the reference heading.</t> </li> <li><t>Update<t>Updated the "Recommended" column with the changesaslisted below. Entries keep their existing "Y" and "N" entries except for the entries in following table. IANAis requested to addhas added a reference to this document for these entries. This document does not make any changes to theDTLS-OK"DTLS-OK" column.</t> </li> </ul> <table> <thead> <tr> <th align="left">Value</th> <thalign="left">Cipher Suite Name</th>align="left">Description</th> <th align="right">Recommended</th> </tr> </thead> <tbody> <tr> <td align="left">0x00,0x1E</td> <td align="left">TLS_KRB5_WITH_DES_CBC_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x20</td> <td align="left">TLS_KRB5_WITH_RC4_128_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x21</td> <td align="left">TLS_KRB5_WITH_IDEA_CBC_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x22</td> <td align="left">TLS_KRB5_WITH_DES_CBC_MD5</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x24</td> <td align="left">TLS_KRB5_WITH_RC4_128_MD5</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x25</td> <td align="left">TLS_KRB5_WITH_IDEA_CBC_MD5</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x26</td> <td align="left">TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x27</td> <td align="left">TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x28</td> <td align="left">TLS_KRB5_EXPORT_WITH_RC4_40_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x29</td> <td align="left">TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x2A</td> <td align="left">TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x2B</td> <td align="left">TLS_KRB5_EXPORT_WITH_RC4_40_MD5</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x2C</td> <td align="left">TLS_PSK_WITH_NULL_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0x8A</td> <td align="left">TLS_PSK_WITH_RC4_128_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0xB0</td> <td align="left">TLS_PSK_WITH_NULL_SHA256</td> <td align="right">D</td> </tr> <tr> <td align="left">0x00,0xB1</td> <td align="left">TLS_PSK_WITH_NULL_SHA384</td> <td align="right">D</td> </tr> <tr> <td align="left">0xC0,0x06</td> <td align="left">TLS_ECDHE_ECDSA_WITH_NULL_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0xC0,0x07</td> <td align="left">TLS_ECDHE_ECDSA_WITH_RC4_128_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0xC0,0x10</td> <td align="left">TLS_ECDHE_RSA_WITH_NULL_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0xC0,0x11</td> <td align="left">TLS_ECDHE_RSA_WITH_RC4_128_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0xC0,0x33</td> <td align="left">TLS_ECDHE_PSK_WITH_RC4_128_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0xC0,0x39</td> <td align="left">TLS_ECDHE_PSK_WITH_NULL_SHA</td> <td align="right">D</td> </tr> <tr> <td align="left">0xC0,0x3A</td> <td align="left">TLS_ECDHE_PSK_WITH_NULL_SHA256</td> <td align="right">D</td> </tr> <tr> <td align="left">0xC0,0x3B</td> <td align="left">TLS_ECDHE_PSK_WITH_NULL_SHA384</td> <td align="right">D</td> </tr> <tr> <td align="left">0xC0,0xB4</td> <td align="left">TLS_SHA256_SHA256</td> <td align="right">D</td> </tr> <tr> <td align="left">0xC0,0xB5</td> <td align="left">TLS_SHA384_SHA384</td> <td align="right">D</td> </tr> </tbody> </table> <ul spacing="normal"> <li><t>Update<t>Updated the note on theRecommended"Recommended" column with text in <xref target="rec-note"/>.</t> </li> </ul> </section> <section anchor="tls-supported-groups-registry"> <name>TLS Supported Groups Registry</name> <t>In order to reflect the changes in theRecommended"Recommended" column allocation, IANAis requested to updatehas updated theTLS"TLS SupportedGroupsGroups" registry as follows:</t> <ul spacing="normal"> <li><t>Update<t>Updated the registration policy toinclude:</t> </li> </ul> <artwork><![CDATA[include: </t> <t> Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval[RFC8126]. ]]></artwork> <ul spacing="normal"><xref target="RFC8126"/>.</t> </li> <li><t>Add<t>Added a reference to this document under the reference heading.</t> </li> <li><t>Update<t>Updated the "Recommended" column with the changesaslisted below. Entries keep their existing "Y" and "N" entries except for the entries in following table. IANAis requested to addhas added a reference to this document for these entries.</t> </li> </ul> <table> <thead> <tr> <th align="left">Value</th> <thalign="left">Curve</th>align="left">Description</th> <th align="right">Recommended</th> </tr> </thead> <tbody> <tr> <td align="left">1</td> <td align="left">sect163k1</td> <td align="right">D</td> </tr> <tr> <td align="left">2</td> <td align="left">sect163r1</td> <td align="right">D</td> </tr> <tr> <td align="left">3</td> <td align="left">sect163r2</td> <td align="right">D</td> </tr> <tr> <td align="left">4</td> <td align="left">sect193r1</td> <td align="right">D</td> </tr> <tr> <td align="left">5</td> <td align="left">sect193r2</td> <td align="right">D</td> </tr> <tr> <td align="left">6</td> <td align="left">sect233k1</td> <td align="right">D</td> </tr> <tr> <td align="left">7</td> <td align="left">sect233r1</td> <td align="right">D</td> </tr> <tr> <td align="left">8</td> <td align="left">sect239k1</td> <td align="right">D</td> </tr> <tr> <td align="left">15</td> <td align="left">secp160k1</td> <td align="right">D</td> </tr> <tr> <td align="left">16</td> <td align="left">secp160r1</td> <td align="right">D</td> </tr> <tr> <td align="left">17</td> <td align="left">secp160r2</td> <td align="right">D</td> </tr> <tr> <td align="left">18</td> <td align="left">secp192k1</td> <td align="right">D</td> </tr> <tr> <td align="left">19</td> <td align="left">secp192r1</td> <td align="right">D</td> </tr> <tr> <td align="left">20</td> <td align="left">secp224k1</td> <td align="right">D</td> </tr> <tr> <td align="left">21</td> <td align="left">secp224r1</td> <td align="right">D</td> </tr> </tbody> </table> <ul spacing="normal"> <li><t>Update<t>Updated the note on theRecommended"Recommended" column with text in <xref target="rec-note"/>.</t> </li> <li><t>Remove<t>Removed the "Elliptic curve groups" note from the registration procedures table.</t> </li> <li> <t>For each of the entries above,addadded the following link to theComment"Comment" column: https://datatracker.ietf.org/meeting/118/materials/slides-118-tls-rfc8447bis-00</t> </li> </ul> </section> <section anchor="tls-exporter-labels-registry"> <name>TLS Exporter Labels Registry</name> <t>This document updates the registration procedure for theTLS"TLS ExporterLabelsLabels" registry and updates theRecommended"Recommended" column allocation. IANAis requested to updatehas updated theTLS"TLS ExporterLabels RegistryLabels" registry as follows:</t> <ul spacing="normal"> <li><t>Change<t>Changed the registration procedure from Specification Required to Expert Review andupdateupdated it toinclude:</t> </li> </ul> <artwork><![CDATA[include: </t> <t> Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval[RFC8126]. ]]></artwork> <ul spacing="normal"><xref target="RFC8126"/>.</t> </li> <li><t>Add<t>Added a reference to this document under the reference heading.</t> </li> <li> <t>Entrieskeepkept their existingRecommended"Recommended" column "Y" and "N"entries</t>entries.</t> </li> <li><t>Update<t>Updated the note on theRecommended"Recommended" column with text in <xref target="rec-note"/>.</t> </li> <li><t>Update<t>Updated the note on the role of the expert reviewer as follows.</t> </li> </ul><dl> <dt>Note:</dt> <dd> <t>The<blockquote> <t>Note: The role of the designated expert is described in <xref section="17" sectionFormat="comma" target="RFC8447"/>. Even though this registry does not require a specification, the designated expert <xref target="RFC8126"/> will strongly encourage registrants to provide a link to a publicly available specification. An Internet-Draft (that is posted and never published as an RFC) or a document from another standards body, industry consortium, university site, etc.areis suitable for these purposes. The expert may provide more in-depth reviews, but their approval should not be taken as an endorsement of the exporter label. The expert also verifies that the label is a string consisting of printable ASCII characters beginning with "EXPORTER". IANA <bcp14>MUST</bcp14> also verify that one label is not a prefix of any other label. For example, labels "key" or "master secretary" are forbidden.</t></dd> </dl></blockquote> <ul spacing="normal"> <li><t>Rename<t>Renamed theNote"Note" column toComment column.</t>"Comment".</t> </li> </ul> </section> <section anchor="tls-certificate-types-registry"> <name>TLS Certificate Types Registry</name> <t>In order to reflect the changes in theRecommended"Recommended" column allocation, IANAis requested to updatehas updated theTLS"TLS CertificateTypesTypes" registry as follows:</t> <ul spacing="normal"> <li><t>Adjust<t>Adjusted the registration procedure related to setting the“Recommended”"Recommended" column asfollows:</t> </li> </ul> <artwork><![CDATA[follows: </t> <t> Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval[RFC8126]. ]]></artwork> <ul spacing="normal"><xref target="RFC8126"/>.</t> </li> <li><t>Add<t>Added a reference to this document under the reference heading.</t> </li> <li> <t>Entrieskeepkept their existingRecommended"Recommended" column "Y" and "N" entries.</t> </li> <li><t>Update<t>Updated the note on theRecommended"Recommended" column with text in <xref target="rec-note"/>.</t> </li> </ul> </section> <section anchor="tls-hashalgorithm-registry"> <name>TLS HashAlgorithm Registry</name><t>Though TLS<t>TLS 1.0 and TLS 1.1 were deprecated <xreftarget="RFC8996"/>,target="RFC8996"/>; TLS 1.2 will be in use for some time. In order to reflect the changes in theRecommended"Recommended" column allocation, IANAis requested to updatehas updated theTLS HashAlgorithm Registry"TLS HashAlgorithm" registry as follows:</t> <ul spacing="normal"> <li><t>Update<t>Updated the registration procedure toinclude:</t> </li> </ul> <artwork><![CDATA[include: </t> <t> Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval[RFC8126]. ]]></artwork> <ul spacing="normal"><xref target="RFC8126"/>.</t> </li> <li><t>Add<t>Added a reference to this document under the reference heading.</t> </li> <li><t>Update<t>Updated theTLS HashAlgorithm"TLS HashAlgorithm" registry to add a "Recommended" column as follows:</t> </li> </ul> <table> <thead> <tr> <th align="left">Value</th> <th align="left">Description</th> <th align="right">Recommended</th> </tr> </thead> <tbody> <tr> <td align="left">0</td> <td align="left">none</td> <td align="right">Y</td> </tr> <tr> <td align="left">1</td> <td align="left">md5</td> <td align="right">D</td> </tr> <tr> <td align="left">2</td> <td align="left">sha1</td> <td align="right">D</td> </tr> <tr> <td align="left">3</td> <td align="left">sha224</td> <td align="right">D</td> </tr> <tr> <td align="left">4</td> <td align="left">sha256</td> <td align="right">Y</td> </tr> <tr> <td align="left">5</td> <td align="left">sha384</td> <td align="right">Y</td> </tr> <tr> <td align="left">6</td> <td align="left">sha512</td> <td align="right">Y</td> </tr> <tr> <td align="left">8</td> <td align="left">Intrinsic</td> <td align="right">Y</td> </tr> </tbody> </table> <ul spacing="normal"> <li><t>Add<t>Added a note on theRecommended"Recommended" column with text in <xref target="rec-note"/>.</t> </li> </ul> </section> <section anchor="tls-signaturealgorithm-registry"> <name>TLS SignatureAlgorithm Registry</name><t>Though TLS<t>TLS 1.0 and TLS 1.1 were deprecated <xref target="RFC8996"/>, TLS 1.2 will be in use for some time. In order to reflect the changes in theRecommended"Recommended" column allocation, IANAis requested to updatehas updated theTLS SignatureAlgorithm"TLS SignatureAlgorithm" registry as follows:</t> <ul spacing="normal"> <li><t>Update<t>Updated the registration procedure toinclude:</t> </li> </ul> <artwork><![CDATA[include: </t> <t> Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval[RFC8126]. ]]></artwork> <ul spacing="normal"><xref target="RFC8126"/>.</t> </li> <li><t>Add<t>Added a reference to this document under the reference heading.</t> </li> <li><t>Update<t>Updated theTLS SignatureAlgorithm"TLS SignatureAlgorithm" registry to add a "Recommended" column as follows:</t> </li> </ul> <table> <thead> <tr> <th align="left">Value</th> <th align="left">Description</th> <th align="right">Recommended</th> </tr> </thead> <tbody> <tr> <td align="left">0</td> <td align="left">anonymous</td> <td align="right">N</td> </tr> <tr> <td align="left">1</td> <td align="left">rsa</td> <td align="right">Y</td> </tr> <tr> <td align="left">2</td> <td align="left">dsa</td> <td align="right">N</td> </tr> <tr> <td align="left">3</td> <td align="left">ecdsa</td> <td align="right">Y</td> </tr> <tr> <td align="left">7</td> <td align="left">ed25519</td> <td align="right">Y</td> </tr> <tr> <td align="left">8</td> <td align="left">ed448</td> <td align="right">Y</td> </tr> <tr> <td align="left">64</td> <td align="left">gostr34102012_256</td> <td align="right">N</td> </tr> <tr> <td align="left">65</td> <td align="left">gostr34102012_512</td> <td align="right">N</td> </tr> </tbody> </table> <ul spacing="normal"> <li><t>Add<t>Added a note on theRecommended"Recommended" column with text in <xref target="rec-note"/>.</t> </li> </ul> </section> <section anchor="tls-clientcertificatetype-identifiers-registry"> <name>TLS ClientCertificateType Identifiers Registry</name><t>Though TLS<t>TLS 1.0 and TLS 1.1 were deprecated <xref target="RFC8996"/>, TLS 1.2 will be in use for some time. In order torefectreflect the changes in theRecommended"Recommended" column allocation, IANAis requested to updatehas updated theTLS"TLS ClientCertificateTypeIdentifiersIdentifiers" registry as follows:</t> <ul spacing="normal"> <li><t>Update<t>Updated the registration procedure toinclude:</t> </li> </ul> <artwork><![CDATA[include: </t> <t> Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval[RFC8126]. ]]></artwork> <ul spacing="normal"><xref target="RFC8126"/>.</t> </li> <li><t>Add<t>Added a reference to this document under the reference heading.</t> </li> <li><t>Update<t>Updated theTLS"TLS ClientCertificateTypeIdentifiersIdentifiers" registry to add a "Recommended" column as follows:</t> </li> </ul> <table> <thead> <tr> <th align="left">Value</th> <th align="left">Description</th> <th align="right">Recommended</th> </tr> </thead> <tbody> <tr> <td align="left">1</td> <td align="left">rsa_sign</td> <td align="right">Y</td> </tr> <tr> <td align="left">2</td> <td align="left">dss_sign</td> <td align="right">N</td> </tr> <tr> <td align="left">3</td> <td align="left">rsa_fixed_dh</td> <td align="right">N</td> </tr> <tr> <td align="left">4</td> <td align="left">dss_fixed_dh</td> <td align="right">N</td> </tr> <tr> <td align="left">5</td> <td align="left">rsa_ephemeral_dh_RESERVED</td> <td align="right">D</td> </tr> <tr> <td align="left">6</td> <td align="left">dss_ephemeral_dh_RESERVED</td> <td align="right">D</td> </tr> <tr> <td align="left">20</td> <td align="left">fortezza_dms_RESERVED</td> <td align="right">D</td> </tr> <tr> <td align="left">64</td> <td align="left">ecdsa_sign</td> <td align="right">Y</td> </tr> <tr> <td align="left">65</td> <td align="left">rsa_fixed_ecdh</td> <td align="right">N</td> </tr> <tr> <td align="left">66</td> <td align="left">ecdsa_fixed_ecdh</td> <td align="right">N</td> </tr> <tr> <td align="left">67</td> <td align="left">gost_sign256</td> <td align="right">N</td> </tr> <tr> <td align="left">68</td> <td align="left">gost_sign512</td> <td align="right">N</td> </tr> </tbody> </table> <ul spacing="normal"> <li><t>Add<t>Added a note on theRecommended"Recommended" column with text in <xref target="rec-note"/>.</t> </li> </ul> </section> <section anchor="tls-pskkeyexchangemode-registry"> <name>TLS PskKeyExchangeMode Registry</name> <t>In order to reflect the changes in theRecommended"Recommended" column allocation, IANAis requested to updatehas updated theTLS PskKeyExchangeMode"TLS PskKeyExchangeMode" registry as follows:</t> <ul spacing="normal"> <li><t>Update<t>Updated the registration procedure toinclude:</t> </li> </ul> <artwork><![CDATA[include: </t> <t> Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval[RFC8126]. ]]></artwork> <ul spacing="normal"><xref target="RFC8126"/>.</t> </li> <li><t>Add<t>Added a reference to this document under the reference heading.</t> </li> <li> <t>Entrieskeepkept their existingRecommended"Recommended" column "Y" and "N" entries.</t> </li> <li><t>Update<t>Updated note on theRecommended"Recommended" column with text in <xref target="rec-note"/>.</t> </li> </ul> </section> <section anchor="tls-signaturescheme-registry"> <name>TLS SignatureScheme Registry</name> <t>In order to reflect the changes in theRecommended"Recommended" column allocation, IANAis requested to updatehas updated theTLS SignatureScheme"TLS SignatureScheme" registry as follows:</t> <ul spacing="normal"> <li><t>Update<t>Updated the registration procedure toinclude:</t> </li> </ul> <artwork><![CDATA[include: </t> <t> Setting a value to "Y" or "D" or transitioning the value from "Y" or "D" in the "Recommended" column requires IETF Standards Action with Expert Review or IESG Approval[RFC8126]. ]]></artwork> <ul spacing="normal"><xref target="RFC8126"/>.</t> </li> <li><t>IANA is requested to add<t>Added a reference to this document under the reference heading.</t> </li> <li> <t>Entrieskeepkept their existingRecommended"Recommended" column "Y" and "N" entries.</t> </li> <li><t>Update<t>Updated note on theRecommended"Recommended" column with text in <xref target="rec-note"/>.</t> </li> </ul> </section> <section anchor="adding-comment-column"> <name>Adding "Comment" Column</name> <t>IANAis requested to addhas added a "Comment" column to the following registries:</t> <ul spacing="normal"> <li> <t>TLS ExtensionType Values</t> </li> <li> <t>TLS Application-Layer Protocol Negotiation (ALPN) Protocol IDs</t> </li> <li> <t>TLS CachedInformationType Values</t> </li> <li> <t>TLS Certificate Compression Algorithm IDs</t> </li> <li> <t>TLS ClientCertificateType Identifiers</t> </li> <li> <t>TLS Cipher Suites</t> </li> <li> <t>TLS ContentType</t> </li> <li> <t>TLS EC Point Formats</t> </li> <li> <t>TLS EC Curve Types</t> </li> <li> <t>TLS Supplemental Data Formats (SupplementalDataType)</t> </li> <li> <t>TLS UserMappingType Values</t> </li> <li> <t>TLSSignature Algorithm</t>SignatureAlgorithm</t> </li> <li> <t>TLSHash Algorithm</t>HashAlgorithm</t> </li> <li> <t>TLS Authorization Data Formats</t> </li> <li> <t>TLS Heartbeat Message Types</t> </li> <li> <t>TLS Heartbeat Modes</t> </li> <li> <t>TLS SignatureScheme</t> </li> <li> <t>TLS PskKeyExchangeMode</t> </li> <li> <t>TLS KDF Identifiers</t> </li> <li> <t>TLS SSLKEYLOGFILE Labels</t> </li> </ul> <t>This list of registries is all registries that do not already have a "Comment" or"Notes""Note" column or that were not orphaned by TLS 1.3.</t><t>IANA is requested to rename the "Note" column to "Comment" column in TLS Exporter Labels registry.</t></section> <section anchor="expert-review-of-current-and-potential-ietf-and-irtf-documents"> <name>Expert Review of Current and Potential IETF and IRTF Documents</name> <t>The intent of the Specification Required choice for TLScode pointscodepoints is to allow for easy registration forcode pointscodepoints associated with protocols and algorithms that are not being actively developed inside the IETF or IRTF. When TLS-based technologies are being developed inside theIRTF/IETFIETF or IRTF, they should be done in coordination with the TLS WG in order to provide appropriate review. For this reason, unless the TLS WGchairsChairs indicate otherwise via email, designated experts should declinecode pointcodepoint registrations for documentswhichthat have already been adopted or are being proposed for adoption by IETF working groups or IRTF research groups.</t> </section> <section anchor="registration-requests"> <name>Registration Requests</name> <t>Registration requests <bcp14>MUST</bcp14> be submitted in one of two ways:</t> <ol spacing="normal" type="1"><li> <t>By sending email to iana@iana.org; this email <bcp14>SHOULD</bcp14> use an appropriate subject (e.g., "Request to register value in TLS bar registry").</t> </li> <li> <t>Using the online form at https://www.iana.org/form/protocol-assignment.</t> </li> </ol> <t>Specification Required <xref target="RFC8126"/> registry requests are registered after a three-week review period on the advice of one or more designated experts. However, to allow for the allocation of values prior to publication, the designated experts may approve registration once they are satisfied that such a specification will be published.</t> </section> <section anchor="security-considerations"> <name>Security Considerations</name> <t>Recommended algorithms are regarded as secure for general use at the time of registration; however, cryptographic algorithms and parameters will be broken or weakened over time. It is possible that the "Recommended" status in the registry lags behind the most recent advances in cryptanalysis. Implementers and users need to check that the cryptographic algorithms listed continue to provide the expected level of security.</t> <t>Designated experts ensure the specification is publicly available. They may provide more in-depth reviews. Their review should not be taken as an endorsement of the cipher suite, extension, supported group, etc.</t> </section> <section anchor="iana-considerations"> <name>IANA Considerations</name> <t>This document is entirely about changes to TLS-related IANA registries.</t> <t>IANAis requested to modifyhas modified the note applied to all TLS Specification Required registries instructing where to send registration requests as follows:</t><aside> <t>RFC EDITOR: Please replace "This RFC" in the following with the RFC number assigned to this specification.</t> </aside> <t>Requests<blockquote> <t>Note: Requests forassignments fromregistration in theregistry's Specification Required"Specification Required" <xref target="RFC8126"/> range should be sent to iana@iana.org or submitted via IANA's application form, per [RFC9847]. IANA will forward the request to the expert mailing list described in[This RFC, Section 16]. If approved, designated experts should notify IANA within three weeks. For assistance, please contact iana@iana.org.</t><xref section="17" sectionFormat="comma" target="RFC8447"/> and track its progress. See the registration procedure table below for more information.</t> </blockquote> </section> </middle> <back> <references anchor="sec-normative-references"> <name>Normative References</name><reference anchor="RFC8447"> <front> <title>IANA Registry Updates for TLS and DTLS</title> <author fullname="J. Salowey" initials="J." surname="Salowey"/> <author fullname="S. Turner" initials="S." surname="Turner"/> <date month="August" year="2018"/> <abstract> <t>This document describes a number of changes to TLS and DTLS IANA registries that range from adding notes to the registry all the way to changing the registration policy. These changes were mostly motivated by WG review of the TLS- and DTLS-related registries undertaken as part of the TLS 1.3 development process.</t> <t>This document updates the following RFCs: 3749, 5077, 4680, 5246, 5705, 5878, 6520, and 7301.</t> </abstract> </front> <seriesInfo name="RFC" value="8447"/> <seriesInfo name="DOI" value="10.17487/RFC8447"/> </reference> <reference anchor="RFC2119"> <front> <title>Key words for use in RFCs to Indicate Requirement Levels</title> <author fullname="S. Bradner" initials="S." surname="Bradner"/> <date month="March" year="1997"/> <abstract> <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t> </abstract> </front> <seriesInfo name="BCP" value="14"/> <seriesInfo name="RFC" value="2119"/> <seriesInfo name="DOI" value="10.17487/RFC2119"/> </reference> <reference anchor="RFC8174"> <front> <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title> <author fullname="B. Leiba" initials="B." surname="Leiba"/> <date month="May" year="2017"/> <abstract> <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t> </abstract> </front> <seriesInfo name="BCP" value="14"/> <seriesInfo name="RFC" value="8174"/> <seriesInfo name="DOI" value="10.17487/RFC8174"/> </reference> <reference anchor="RFC8126"> <front> <title>Guidelines for Writing an IANA Considerations Section in RFCs</title> <author fullname="M. Cotton" initials="M." surname="Cotton"/> <author fullname="B. Leiba" initials="B." surname="Leiba"/> <author fullname="T. Narten" initials="T." surname="Narten"/> <date month="June" year="2017"/> <abstract> <t>Many protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA).</t> <t>To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry.</t> <t>This is the third edition of this document; it obsoletes RFC 5226.</t> </abstract> </front> <seriesInfo name="BCP" value="26"/> <seriesInfo name="RFC" value="8126"/> <seriesInfo name="DOI" value="10.17487/RFC8126"/> </reference> <reference anchor="RFC4346"> <front> <title>The Transport Layer Security (TLS) Protocol Version 1.1</title> <author fullname="T. Dierks" initials="T." surname="Dierks"/> <author fullname="E. Rescorla" initials="E." surname="Rescorla"/> <date month="April" year="2006"/> <abstract> <t>This document specifies Version 1.1 of the Transport Layer Security (TLS) protocol. The TLS protocol provides communications security over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.</t> </abstract> </front> <seriesInfo name="RFC" value="4346"/> <seriesInfo name="DOI" value="10.17487/RFC4346"/> </reference> <reference anchor="RFC7465"> <front> <title>Prohibiting RC4 Cipher Suites</title> <author fullname="A. Popov" initials="A." surname="Popov"/> <date month="February" year="2015"/> <abstract> <t>This document requires that Transport Layer Security (TLS) clients and servers never negotiate the use of RC4 cipher suites when they establish connections. This applies to all TLS versions. This document updates RFCs 5246, 4346, and 2246.</t> </abstract> </front> <seriesInfo name="RFC" value="7465"/> <seriesInfo name="DOI" value="10.17487/RFC7465"/> </reference> <reference anchor="RFC5469"> <front> <title>DES and IDEA Cipher Suites for Transport Layer Security (TLS)</title> <author fullname="P. Eronen" initials="P." role="editor" surname="Eronen"/> <date month="February" year="2009"/> <abstract> <t>Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346) include cipher suites based on DES (Data Encryption Standard) and IDEA (International Data Encryption Algorithm) algorithms. DES (when used in single-DES mode) and IDEA are no longer recommended for general use in TLS, and have been removed from TLS version 1.2 (RFC 5246). This document specifies these cipher suites for completeness and discusses reasons why their use is no longer recommended. This memo provides information for the Internet community.</t> </abstract> </front> <seriesInfo name="RFC" value="5469"/> <seriesInfo name="DOI" value="10.17487/RFC5469"/> </reference> <reference anchor="RFC9155"> <front> <title>Deprecating MD5 and SHA-1 Signature Hashes in TLS 1.2 and DTLS 1.2</title> <author fullname="L. Velvindron" initials="L." surname="Velvindron"/> <author fullname="K. Moriarty" initials="K." surname="Moriarty"/> <author fullname="A. Ghedini" initials="A." surname="Ghedini"/> <date month="December" year="2021"/> <abstract> <t>The MD5 and SHA-1 hashing algorithms are increasingly vulnerable to attack, and this document deprecates their use in TLS 1.2 and DTLS 1.2 digital signatures. However, this document does not deprecate SHA-1 with Hashed Message Authentication Code (HMAC), as used in record protection. This document updates RFC 5246.</t> </abstract> </front> <seriesInfo name="RFC" value="9155"/> <seriesInfo name="DOI" value="10.17487/RFC9155"/> </reference> <reference anchor="RFC8996"> <front> <title>Deprecating TLS 1.0 and TLS 1.1</title> <author fullname="K. Moriarty" initials="K." surname="Moriarty"/> <author fullname="S. Farrell" initials="S." surname="Farrell"/> <date month="March" year="2021"/> <abstract> <t>This document formally deprecates Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Accordingly, those documents have been moved to Historic status. These versions lack support for current and recommended cryptographic algorithms and mechanisms, and various government and industry profiles of applications using TLS now mandate avoiding these old TLS versions. TLS version 1.2 became the recommended version for IETF protocols in 2008 (subsequently being obsoleted by TLS version 1.3 in 2018), providing sufficient time to transition away from older versions. Removing support for older versions from implementations reduces the attack surface, reduces opportunity for misconfiguration, and streamlines library and product maintenance.</t> <t>This document also deprecates Datagram TLS (DTLS) version 1.0 (RFC 4347) but not DTLS version 1.2, and there is no DTLS version 1.1.</t> <t>This document updates many RFCs that normatively refer to TLS version 1.0 or TLS version 1.1, as described herein. This document also updates the best practices for TLS usage in RFC 7525; hence, it is part of BCP 195.</t> </abstract> </front> <seriesInfo name="BCP" value="195"/> <seriesInfo name="RFC" value="8996"/> <seriesInfo name="DOI" value="10.17487/RFC8996"/> </reference><xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8447.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8126.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4346.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7465.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5469.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9155.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8996.xml"/> </references> </back> <!-- ##markdown-source:H4sIAAAAAAAAA+087XIbN5L/8RQ45sfaVyQlUpQsKblsJJGOtZZlnyjH50ql VOAMSE40HMwCM6KZyKm8xlXdVd2z3KPkSa67gZnB8EOSc065smtXYksYoNHd 6E80gFarxbIoi+UhPz06P+IXchKZTC/46zQUmTR8rDS/PBtykYS8Dz8wMRpp eXPIH/UfY/vaUSxUQSJmADTUYpy1IpmNW1lsWnoc7Pd6T0aRaXV2mclHs8iY SCXZIkUMBpdPWQAAJkovDrnJQpZbgIcchzGYdoexKNWHPNO5ybrb2wfbXSa0 FIe8MZRBrqNs0WBzpa8nWuUptF5qkZhU6YyfiYXUvOp1LRfQMYR5k0zqRGat PmLLbmSSy0PG+f0gOLeYN97AjFEy4d/iEGyfiSiGdiD6G6S+rfQEm4UOptA8 zbLUHG5tYS9sim5ku+i2hQ1bI63mRm7B+C0cN4myaT6yAOeTrYqPDcZMBotz JWKVACYL4L6ZCZ1d/T1XxLlEsTQ65N9nKmhyA1RoOTbw02KGP/zAmMizqdJA cAsm4jxKYNDf2nwIEOdyQW12Mf+mZK0VkBVJ9JPIYAUP+XcyEeOIPkhL/Y9K fmNs/zawtzbBsM0vc2C69uAPpUj81jp8k+zo0AdvoPs31NoO1IyxROkZ9L2B tWNRMvZ+a7VaXIxAQkWQMXY5jQwHCc1nMsm4kzCeTSUPpiKZ4M+qJvNWyLUV 8ggYPBOhBDL4xdMTEsw2P824CEPDBU/knN+IOJe80W+Q+oSRCVSuxUSGDCDj RBcSMIbpQxnyQMX5LOFqTF+MjGWQQTPOW02JuDA3Q+OExmaNYigAFXHMgTgg 1x+UTUUGlIIIZEzEoCXhgk8F9FkF0uZPowSgLJo8qjGFOXi0CgD877k0Ga4h aGCAbaa9iaUle+wKzKIwjCVjX6DCaRXa4cuDC8jGch1om4nr2tIAj/PZCPTQ sQz7MY9qLWOBHMRV3KC5/BGw97FdYJGJiRYztrkvysBjkNepNBUilsia2KBY gOTxn3/+FyAdKX//Hmj/SpgI5AWU8jpU8+TfGqNYBdeNr0GWkUOD/unlywt+ /vJycMhfxVIYXMOZurHAYe2kXcixikGXgN1fbRHEr+8EjfBI/JA9h7zOZJPK IBojszy+4my6sOTwu6UQbdwSjZxo9EisEKJpHPTAisxD9IKv6gV7sF7wu/WC 3akX/D698GkqKIqNqtmNh6jIF/xS6lmUqFhNFghUcnBAHD2Q4Y0Xr4eXjab9 F5cOf74Y/Pvr04tBH38ePjs6Oyt/YK7H8NnL12f96qdq5MnLFy8G5307GFp5 rYk1Xhy9hS/IvMbLV5enL8+Pzhq4rFlNTMCxIhNHuOLgIlMtcQUE+HdpAh2N 4BcYc3zy6n//p9NzYt/tdA7evy90oPOkB7/MpzKxs6kkXrhfgXELJtJUCo1Q 0IIFIo0y4C70BY5PQaL5VGoJ3PvX75EzPxzyr0ZB2ul97RqQ4FpjwbNaI/Fs tWVlsGXimqY105TcrLUvcbqO79Hb2u8F373Gr/4aR4nkrc7+X0GXQGQonsK4 ouFpRoOfkGj+xfDvUKGMlSZf3laX0jNXq86nyZSOJtb+ozbZdfVUnFQphKVH qDq0itxETW6CwQtJMQBL0ivh1Bxmb/QrFW+QAeUpKkGGYnRjcXf6XSfQKTDI H3jvt4cMYzSapVBesvsQLoLagg0DimVi8uqbjTMyOUMsvAVpWztIUjiD8MGD JoxRQYSOgwbPJFq8yBCEcZSRxcJ+aa5TBSYaf59Po2CK/nIOWIRyDIsXtmn4 CaA+zmOOtgU546gslsNaigKkP5cNh2QgjRHODANLNMV4Fs80jYEToyhG30Rw gYIShJ3+smAPcD8OAQvH26qfo5ysXhzBkji6a+CbfJQDcRGoZqrVDbqa+vSA FjAZCLLgCEJhG0DfFxa0sDLpeFBRC+RXlOIiggkFQ2N5APyJAGxuUP3PN4gA LTGKAFrykZQJlyhW5P5HNkgtJcUycFl2yJ8lqqIEAkWVV0JkcsDfZ7YvKR7b CwcrLS4FXVG8cOIkkmr2unDFYi7DphVK6gLoVCIt34FrMUvLOosmU7d4nvAr DtEDerGEGGMoLiCDDT6gAROUDBmBv6YFQRYDGBRRJwXLAqZhCUB//fWBBenf tSDIiErxHWsQF5zGSiSIB6ws+X2QqiSLxou62jmYllAtTR6jR0UxHMVIWkRr sSAXhZAgoclBF4UVHsHnUlzzQC/STEF0l4KigoeBvBLyKBI84S2CN1MgAJjL UsDjKTBXBSeqqROQ8TRWCxSXNn8D3qykTlQRFHyEvx1Cv/36X/3ffv3vJpeA gNTODo/BuSUgKNwZAhd7GGfgObm4KAniHITU5GOIqSL47vBzGY6iQCcE14zh hQSjtLBC5lBCKSfVoIXF9TidpTHJOtgVSiwQHtANvzl/h4uNHEc44JJQiHSF racAcyCnWvhMOQtQ4EKRowIxsRaATJmzmuWgysUiGwqvXkgIyNpQZpnlrXUs QG3jbQM7YySJrMPInaawTki6jmOtZn5XcoobXA1GbRHIGSP9GqK5FRiZHZFD tXQO3oE4ZLBuNxEEsxhaD4bf8qMUbaOIy5CnuwcxMT+n2DJ2muicA2YHFWzI OIJrzAHAZkirDCOMdDNWI7HNj8CSEq/QtCgUoHkELqiI4kPUOBhGnDl3jtbR BR5lFIvkmpyNdbnOTaPiJLCU0QQQw6mAeqlv4Oc8icF4VWE8RgUAHoPYL2rR wznmJj9/Ae6lhWnKe8YGaK1wFbxo20XWlMioxBlAkXhucTUigXTU6oSf2KFR yY2x0QklBfnIYLSNGY10kQ+FPTRXVCRpIaPlE9AJZB5EuPBRhbigcFiREaZI syDwQPLgHzB04/VCU2M7Jc7rHABRy4jp0KO0+F9ySBhgKWlctMGUOnPhXBwj Pc6mWuWTaeXHKhcAkojTNmnAWoMOfkazyJB5I36T20HhKJYb1Q7soJGmzZHy TSrDPOqBfxusP7ndu1W8CelECqBxNfLUSQjoc07G7cuaMcIZfvv1P41vjhD5 IBaYq7cpasYUcfAO6MOtxctFKl2cXO5TMnYKiaVGYwTYAyjMLWtprhOwNfs0 oA3K5oFNRjsUkSlSPqvCXqS9EZHSSdTkrcWPwh9zk63mlLSuYa6lv7lhnF3E 3uBfPFzB05To+hP88ssvZKD/XxaVIHyoVcUxv9+yfu/s6g9tIoEYFZKvdUJg 9w9q+Q65GsvIotPUBuO4HeV2qjdjXjq2QiJIoWiNRxLYCboxSOxuIIdEXqbY OdI2XKOMDThE+TVEXtL2hI+BTKtUomiOErdGxGwBUQaGe2uFS9xHt4NtSuhA 7S1JHb+tZJHf8+e2Jvm37PawhX/cP/f8ufV/OYTBPQAIqWmCBi68ms5EsG7G 4k8f59vd4beg94m16ldRyB+BkQBHgyAerx3S2+a3F4UL20hXfcjehw6pJMd3 Z2vMhJUf+S6zmXTpIt+T9DnnxutcadLyYnslDhh94SqXwaKb4JAVNYT5fN6O RKDL2kF0I3E/TlD0293udLaebD/Z2d7Z2y9/aKfhuIbHHGdwjHBRAuRBN3Ij SqWB3ITW5tLGzEy2qBgkJ/A/avzW7nF/r/vs+OmP6urIvGm93VfT7/I3A9mZ nG6VJv0kStEXDiEjq9nyobyBKB13j6hyhBoFcUVAvY3tjMGO75RQSyYyoWHo 7mh3XUs/YYK4i7ETHwh5Zux9/vrsDNSL+IvK5HYSixTZBb1jm9gI9Lq2NoFx lARLR/uYgCIQ1eavtMoUMM9tZVpfbUMZxEiNQWUxXqEwjZG7Ipu6PAUijRGO 27ROKXcBj2i3rVmNHcse2K6mKv3+EuEVVwb/8erlxSUxwSZYthuhPpfI5FJJ ASbDVeu0Oy4y7u309kj+3UKuQBfJKjNxEwELVEhnsf2KfNKS3eQxriCYS1QQ lbRSgVFelkFUbYpedYy4w4gtYXRx0kNTK3yqCAKa1hoAO/BJb2+XBvYHtkx0 2h8c0XSIOwYsgLuGEbQecp28LSFX1Q12e3sHNoHQOP2L/i46xOGzo1bH7WGg dV8lzY4+6OxazD5HOJ8jnH+SCGepuFXkYFSFv7YmZKnMhRW91svnVY3nlhcx ku9l+LmYyd8TKD0wUlobMmHExLffbW83t991BjAD4Hr1/OJ49+rN6eWzK7A4 VyfHJ1dgEJbDlD7n3tju9spYMHNXne7+A8Z2VsaihXvgxN2NSKMxu3tsbyPS 94/d3Yx0ffCasXv+WOvm6qj3ti3ltzZ0LAc+2TTw4qTrD1wet795XG/TmIMH IImULo87egCO68Yd34PjujEnbsyr4XPbF6OlddTsHy339MVzqfPx9iaw3d29 lc6dTZ139nte5xPsvF2s/OCk/2yAfw+PNiJuRzzZNGI9ATSos10bdHHfJJ3O +v53TLGzUxtyD1vtkIP1QzZhtXN0d//6Ytghx3cPWbMkx4URsBA3AD7erXoB kDqsj5KnubxjmKd4LATG0OmuT7ONtILEpgDLc/v1AEtBYkEFRVdQ+Bwt/XNG S7VgJ4eMf10Qg//ZSATsEO6td/Z2rjulCqKHd626at3xWrtla69oPfD77nqt Vd8919rd8Wd7UrV6EPbL1gOvb8cBTjt7237zXtXsweg88ZorNDr7RfNB1wdy UDV7QCjQwuZut+fzqFM1l70/0v7RRXU+rDGI4yiF5JgHtJh0aNU0LHyqgC2b ApClMtsyhXy5zSApgmlRlSnE8e6NIBtRA0xXvFzZCAJqBZ68vJa62giaSYla sdXp7G/NgB06ErHZMjGkzaYFjcunhbe3vZ19MoSanwnQPN8abz7YuSHVLBTP B8sc2Mq+gtL6sO405u0HZszrSVi25Sdka+6kABd4WDtvd2FtbGirsXVLWtGC RafPvmC9L3CGfK0ZX7P6ayz7x9Jzzyv5cLSKZamllj12IxV3rUx1UNRVMA+p IOwPsvuJtM3ixtNGl3eorzz81cSDsLQaHTrrObihEqSrQEaeopS1z2KHUtRP gtKRP7Y6tV83t4eNAJxKJrhbmrgt21L+8XgQLGi5PVgaIcHTfAQhDp5gu8G9 Z9wXrM2PdXRWP+vPH9myrIHwiHQV1zHB/WQLzUyLnUks0z9mdHCk8q2ofCKh gjw3pfCOVIinqJMwJ7bgbiBoe5TPmixPIoBt6OhUlIFRlVnQpr08e84olp7D difNYB0vq3WeiUVJ/ExpPPbXCiGImDoJMPbMlpVa4ZSEmSmdurGnpMDkX8vE kQXCqLSxJ58qibLWKUbr1KZjR8xNT0dfgQR7eLisVVNPu4OKtXo65gNGwqqM GrMU2ix5R8OT01MMovAsPm4dj2BhEzIlpAoNm2YOLhptF/LgZjWr5nVnpFTi zUrneIEtchy9Qypwx8euiiWBkWt7J/DcS9O2Gd64lgtrqGbCILngq7XMhIZW YZ3DKApDmTiPi3cUiFg69VAdMa77vXZZrQB2WdEDm79IP1H1eRWLzxuzf373 0v6o+e0zYaZH5dk4P5wiI29LJtuEQ1HQWa71OBN+cAAmvOl6dcmWMzo8TkUP OmSiUImimWzzD1cCtqoE67OiJSXYQOBDE+dSAf74eOlPKtGv7+K3f6XEpqtr TxPxur2octQ+hSW20rp+u53zpe32lRMIHFO0BH3GLX/LXVrLZ+FutZ9LKe1U LGWzU9HtVvtTPddEm1Fvqzx2KuzO09sqiZ2K3U63bMJ8Ei89RSAJgWt1jP8I +1MUT4GA/kMr8Roq9WdN/oM1+Q6mb1BnIGmd+799uDYv187WKzOeFVjMVG5u +Xmp0NqIUuVQ+UL6/bxUZxmEXg/c+5Fhd3eX9nUqRZVhr7dfaTMq9gSyA73T 62x3tzvdK6v/Fuze7spnq/jnH0XFXSwZ47FvL5ajSvupPTgfYRT9qRT+j9P3 e2lmH7wD/ln9P1D975e7+6zBWlvwAa79AdbAKf4Vbissab8pGisTgD0hS5Th VTgtP/Rc75UPu26ETKeQImsRw8eri8FwcPHdoF/btcbhd/eibeIxZtY//SSu wplZA6hXGKk6NXu7NcyhR4Xi3l45Zt3XJ848EcCa4dr3v3x8m/XKXD+Xi8E7 axleqFB+kgR4DRqf7cY/bkq7FBEPA9TIT1OwXcLhs9QtS93vK2j+iUQR1Ioq v+WTAvZaH1svP859rnnEoF51qy5EkfxsOoHpPh1VB4pb9l2L4sAxP5cTlUVW 2h4dnb06f1x9O+0XAE4EyG94Wt02XJ3D32QE9CG+pEd9eJU0eODuDetaq4e9 izaFl5YyHFEQfsJfqQik4ilhZ6pmW9mmLU/XiCco7LVHkEZ89aMYxB/5n/AL Dnvshr02Ur8QaQqsX6W8VPKKVvcF90BWGo/opR33ok0Nh2KUFDobSZHxF3h7 bFKnwPsKfmwFB2toXOuq33MfnvefrmH3cHj2fPD27OW3T0/PBq4s6QqqeMoB N9W9i3i40R/HD3tRg1USjdYGN89NKdxU64CRlJnQ5UadAsJ0e9slJDvtDfqi qx15guprzIoWucPoy4XXwiiTui4ZsDHKkKYb4WAfXqnMHrWvLpOfXsAPfWeX ykcYMq+SsqEwG0xVFMjyaa0Ag5JU0c33yLhXS9ScvkthFnW/QLfdqhHLl3FZ Wr9PUEigd+vTVoHIedDLKPECkkL4R6VU+sOj6/YWLNpwoNFdccYjsyNBl7Zl MKV3TCJ3tcJCWwGCLEAAWwQtw+varhA1wqcQEsoxAwUOOUpE5UgKD/rmW1y2 0l17LxBolWok2dW8isuiJCHCYIbprrBWoBgoQqRNedHSu0Z7Ewn7pFTTq4u6 gpcpMA5lQG9zVKyvLYu9hVg4KWPvODOrAU4d7B3sUKWZvW5bMQ7pUcZdS6Ee yAvQAHoQbe6eFrMHO4pFodu6eJ3GtZMEX/iCcmGVBQSz1ux0yF0CGdElWvci B6wGLgoK71zxuVigh+m0+TFe/7X3M4lPFJGIRHyDf+Fxji8t8+1He9mT2WsO tdWCmX7EgOuRbE/a+EyNeymHlBlRlLp4O4TEjY2ELlW08RhI3GmDPS7iGZXQ iqBj4iJbug9lEdvCj1uFSrTsbWe6ts/YBuW0hW9bjC5jtpJpQssSVywNj/HE CL6KoqVszaW8diKJ75xEKixCBxHeoMYDZ4nB2pZuV6WtzZ+pOZafm3UzQDDK ABThuEtawFn8rJgtfld19tUSv6HasS0JL8WaiiIteo8HS9HQaOhaOZkM+67C 0qNOVKYfyapKTvJXPpl14m7AWN1ACaxCJ88kOW5CKGnL7Jtuy9jnOHADynNE 7nbwtGDYhscerB1MhQZngQVnVqA+0grL4PiMi8SCOGolFv7tPhe+6GaPBZiI bhgVL8vUY2R8NiQv04ZSXmIxwcr2NHKPtswgz8ZXWMibhDcC7y3jjR/CGWQ1 XpiIrlsvvczgXmUoXgcABx9cV6hspNgdTAwgXooSmxz4l9PKO2gxWmx8gae4 NoY3mlblBu+Wazu0LgXIoJVDF/bAwAKljd15UsF2jHShMhsPKbA1hxQC7w5Z EzB1ATA+A1IclCXDaI9YUK2EoohlyVx6fA6JzcAOIEH0Dkz9ScBWUQNfehFw U4wyU6E9seAyCfcER/FiH0VePkdZaYb8aKt42AnPSOB7WLYCn4R1Ja5slGFV gvmgx+e8d+fSWIAtaBBboENZY6/yj9JH43j7Eh8V79xDEkXCVj964z0RV/gl 6+1Ki2xWDisu/mI2RFBM07m4KpjAhx2KTAmdkD2dCDpXO9P0fUGVd6YJ89HT cWEWw+Y6u1kJJi4mLTQygTgDdp+j3TcUhDCkB08CBSCUqeUpaiEEWnWP6Z5E HIngmv0fSJbSfoRVAAA=H4sIADV7G2kAA+087XIbN5L/8RRY5kfsK5IiKeozqWxkio61lmWfKMfrSqVU 4AxITjQczAIzohnL73LPsk+23Q3MDIYfkpJ1Und7Vu06EgZodDf6Ew2g1Wqx LMpieczPTi5O+KWcRibTS/42DUUmDZ8oza/OR1wkIT+FX5gYj7W8Pa41bh7L QhUkYg6gQy0mWSuS2aSVxaalJ8Fhv38wjkwrxo4ZS/L5WOpjfnTYP2BqbFQs of2Y5RbSMcf+zOTjeWRMpJJsmSLGw6vnLIAOU6WXx9xkIQPEdlmUAqhM5ybr dTpHnR4TWopjPhoO2ELpm6lWeUoEsBu5hJbwmDGc55j3Or29VrfDApUYmZjc EBzJTAakXotYJdBpCaSZudDZ9T9yRdgliqXRMf8pU0GTG6UzLScGflvO8Zef GRN5NlP6mPEW4/ATJTDob20+AogLuaQ2y6m/KVlrVXoqkuhXkQHRx3ywBC6d 6Bv6JOciio/5L0p+b+yIdiKz2hSjNr/KdSK1N8NIisRvrc9gkl0d+uANdP+e WtuBmjOWKD2HvrcSeBYlE++vVqvFxRgEQAQZY9/+Bf78CVZahj/z5+/PeIu/ k3wRxTEPFc9mEiQrBqyjZMoXM5nwheTA9VupM/s1iiXPFL98Pvj7q3ME78SK axnLW5Fk/O3lucEuYxgZR8GNGMOQKKHhL65enZN4vjl9zlWepXlmAMPvGLua RQZQCPK5BBhOwGhMMBPJVBJI/HNdwLUV8AjWfy5CmgvQI9ls87OMizA0XPBE LvitiHPZ5I3TBmlQGJlA5VpMZdhkDn7jUgJHAYtQhg2gPc7nCVcT+maAxiCT ISFRTYv4MDdLY0CDs3IogBXAXeA+rIc/KJuJDJmeqIyJGFQhXPKZgD7rQNr8 eZQAlGWTRzXmMAePxASA/yMHtUUhA/UIsM20t7G2ZJEVkXkUhrFk7Ct+lmRa hXb46uACsrGcB9rm4qa2RMBnMhoFy7Af86gGMRHIQeh6pUViUlBLfi6WMGIk g1xH2ZI/AfY+tYssMjHVYs6290U5eAoKNZOmQsQSWRMfFA1QDf7x41+AdKT8 06eCOSaVQTSJAsvGx8kL3yQv7NHywu+XF3avvPCH5GUzXbFRNc16jPB8xa+k nkeJitV0iWAlB+vM0Twb3nj1dnTVaNr/8ovX9Pvl8L/fnl0OT/H30YuT8/Py F+Z6jF68fnt+Wv1WjRy8fvVqeHFqB0MrrzWxxquT9/AF2dd4/ebq7PXFyXnD 2hZfSsGvOAMUJZnUqZa4BgI8nzSBjsbwB4x5Nnjzz//p9p1A9Lrdo0+fCuno HvThDzSAdjaVxEv3JzBuyUSaSqERCup2INIoA+5CX+D5TC0SPpNaAvf+6yfk zM/H/NtxkHb737kGJLjWWPCs1kg8W29ZG2yZuKFpwzQlN2vtK5yu43vyvvZ3 wXev8du/xlEieat7+Few5CAy5BLQhdSN6YCE82vDf0S1MlaafHlbX0pPkTcZ 5iZTOppa24gaZVf248dSw0mdQlh8hKtDT6GbYAxCUg3Ak3RL2K8c568UnUwL T1EJMhSjW4u70/CN3gLkDzzj+2MGsZCdo1BfsogQHoHiGl5GM+U3GyJkco44 eAuCOEALSeEcPL8HTRijgghNKg2eS7R3kSEIE3AWaLawX5rrVBlJfy9mUTBD T7IALEI5gcUL2zR8AKhP8pijdUG+OCqL5bCWogDpz2UjGRlIYwSEmsD1HFii KUCzeKYpBANiHMVotQkuUFCCsNNfFewB5schYOF4W/VzlJPdiyNYEkd3Hfw4 z2xMk2p1G4WrswNWwGOgx0IjAIVpAHVfWsjCiqRjQUUsUF8RimsIFhTsjGUB sCcCsLlB7b/YIgG0wigBaMrHEqIsiVJFfnFsA8xSUCz/VkWH4pxEVZRAiAfh VClDJgf8fV77guJxnTv3Li0uBV1RvHTSJJJq9rpsxWKBXpBkkroAOpVEyw/g WczKqs6j6cytnSf7iseS3FhiGQMh/A2Za/AADYBf8mMsTFSuh+PhLUqpE4RV GdOwDKDB/hrBopzetyjrqh8ZQginsUIJIgKrSwEMSFaSRZNlXfMcTEusliaP 0amiKEIgDF8jImBJXgohQUKSgzoKK0ACIm5xwwO9TDMFoU8KugpOBlKpKJuR 8AlvIbyZAgHAXI4BTk+BxSo4UU2dgJynsVqiyLT5OwzwC+pEEQ4sOXyEfx1C aCq5hMmlLizeBJxbEsgGd4ZgLYYhHxclQZyDmJp8AiFIBN8ddi47URTrhOCb Mb6AJGS2tGLmEEI5J+WgZcXVOJunMUk7GBaKuREeUA1/OYeHS438Rjjgk1CO dIGu8VVgAQRVy54pZwMKXChwVCAk1gaQLXNmsxxU+VjkQ+HWC/kASRvJLLOc tX4FqG28J6ZhPIm8w6CWprA+SLqOE63mfleXPG30NRi2RSBljDRshPZWYGh2 Qh7V0jn8kGL+dilvI4hpAejZcPQDP0nROoq4jHl6+xAR8wsKL2OisfQOGDhX sCEYD24wgQCrIa0qjDHYzViNxDY/AVtKvELjolCEFhH4IBeWorM2OIw4c9Gw ntbRBS5lHIvkhryN9bnOS6PaJLCU0RQQw6mAeqlv4fc8icF8VVEvBgUAHqPY r7jHPKRR8o9fgX9pAWbyE2NDtFe4Cl7A7YJr7IF23ZpAkXh+cdOKQK5m1cLP etCo5MbY8IQyg3xsMOAGy22kDX6aNvSh6aIihQkZraCAXiD2IMWFoyokBuXD So0wLnc3EHx8PKZNkE/sOyIWLN498UptFSjF3OQRiHhGawA9ShfwDYcEAlaW xkX3OztG+pzNtMqns8qjVc4AJBLna9KAjWYdPI5mkSEjR2tJDgiFpFh2VD+w hkaaNr+PbOaRjTZuixMgD3y/rjchsUgBNq5JnjpRAcXOycp9U7NKOMPXxrdK iHsQC8xm2xQ9Y7I4/ADk4Zba1TKVLl4ud/IYO4MUU6NNAuQBFGaZtWT3PosB aqFsRthklMUjr5202VHbEGhULqImbC1+Ev6Sm2J8La2kFQ1zLf3M3zjLuB1H Hzya5n/Lllo/9hvtKY75/Tb1J2dRf25b9qCkimrV7eZBLdEhF2PZV3Sa2Si8 Xe2yhdsRLz1aIQNxRCsylsBG0IRhYrfIOOTvMsWekbZhGiVqwB1KqyHkkrYn fAxkWmUQRbPjXrVPmOEOH4Z6pTSJh+l1UE0JF6i8IzHjd5Xw8Qsxl3z7z13N rN+xu+MW/rj/PPBz5/9xDIP7ABBy0QQtWHg9m4tg04zFzynO1+/wu8vC/2xF sj5k/zcP2dvld2BEEusprqOQPwGLA+4LEX26aciKxPg+7B7pkR8ymz+XnvET CZ/zaLzOnKZb57o0YNjl7Y2VsaKd6JjPsiw1xzs7i8WiHYlAt5We7ggdzKJb uQMRvqDQt9fpdncOOge7nd39w/KXdhpOavgsFC9Z6YIESIRu5T2oVcq/FTXc YncYtbE6UqK4MzfTHSqVyCn8H1V/Z+/Z6X7vxbPnv6jrE/Ou9f5QzX7M3w1l d3q2U5rzQZRi/DyCtKxmx0fyFsJ03EGiagmqF4QWge1tbG8MeHx/hJozlQmN Q1dHm89a+nkTxF6MDWpQyB9j94u35+egc8Rl1DC3o1hkyi7yndjcRqDLtcUF DKYkGD3azwQkgaw2f6NVpoB9bkvTOmobMyNKagJ6jBELxWqMnBWZ19UpEGuM cdymbkrpC/hDu63L6gxZdb92SVXp9VdJrxgz/Pub15dXxAabZVE/i/xCIp9L rQKgDFeu2+66ALm/298nfdgGXSTr7MTdBKwyIaXO6SJn2G0e4wqObTVFJa1U YJiXZRBZm+YWhLhDiK0gdDnoY9AifKIIBBrcGgA78KC/v0cDT4cjXmzQnGFa lRCKIFi48Q4uo5SSkzIDfXJ2Ojx5SsuLhGJsA4RqgE/LJzfJ5yZaLCp7/f0j zDpene65QOuk1SXgtFuNM/wesEfdPUvhHx8o1VT7S4T0JUIiofrs0RGvF+KK BA3gUgUO7cxKobSBlbHW65deUeiOFxHWKWWRVrcf/tkSZj0yztoYcGG8xTsf Op1m50N3CDMAstcvL5/tXb87u3pxDZbpevBscA32YDUuOuXcG9vrrI0Fc3jd 7R0+Ymx3bSwat0dO3NuKNBqz+8f2tyL98Ni97UjXB28Yu++Ptd6wjnq/Yym/ s4FnOfBg28DLQc8fuDrucPu4/rYxR49AEildHXfyCBw3jXv2AI6bxgzcmDej l7YvhlWbqDk8We3pi+dK52edbWB7e/trnbvbOu8e9r3OA+zcKVZ+ODh9McR/ RydbEbcjDraN2EwADep2aoMuH5qk293c/54pdndrQx5gqx1ytHnINqx2T+7v X18MO+TZ/UM2LMmzwghYiFsAP9uregGQOqzPmeW5TGWUp3jMAiD+gOex/txN p9XJt4dTPtn1aEpBCkIFSFd/+BIe/X8Ij7bFNhsiF/yfDT/A+ODme3d/96Zb 6h26ddeqq9Zdr7VXtvaL1iO/757XWvXdd629XX+2g6rVg3BYth55fbsOcNrd 7/jN+1WzB6N74DVXaHQPi+ajng/kqGr2gFB0hc29Xt/nUbdqLnt/3i2nSzlX t4W4DuMY1zPgkAneSj51xoGmoGLZqhkAeSrTKlPImNs4kiKYFQWcQiQf2jSy ITVAXS11VptGQLnAQ5Y3UlebRnMpUTt2ut3DnTmwRkeQ1u6YGDJm04LG1XO3 nY5XASBTqPm5AA307fD2o5Jb8spCARs+XGbh+iYW1NeH9oAhb99bPaghv92O D8jW3JsV0wKPaifZLq2NDW3htm5JKypCrEh9cQSrjsDZcbDiabZmxTcRssG0 r3mUf1Pbt4HSKpalrlo+2W1X3OAqJam9od55tTLabkLSJA4QbY555wHLU2NN PF1K69OlM6LDWypaupplZCphLsukxbamqB+5pKIiW5/ar7jbg0oATiVT3GJN 3EZvqQ54tAgWudxRLC2S4Gk+hmgHj77d4pY17ibW5scKPLMbezJrneJxf/7E VnANRErk3nFlE9yGttDMrNjMxAL/U0YHTirHi7ooEirlc1OK81iFeDQ5CXNi C+4JgvpH+bzJ8iQC2IaOXUUZ2FiZBW2qONMRpVh6ztydUYP1vKrWey6WJe1z pfHAYCsE0Z05STBNOu5lBVk4rWFmRod17AErcAA3MnFUgVgqbeyhqUqyrLWK 0Vq16cQSc9PTNiRQgOcVvKo29bSbrljip9NBYDWsFqkJS6HNkncyGpydYUyF B/Bxs3kM65qQbSGdaNiMc3jZaLsgCPe3WTWvO16lEm9WOgMMbJGT6ANSgds/ dlEsCYwc3QeBB2aats3wxo1cWss1FwbJBQ+uZSY0tArrJsYR2JfEOWC8mOBs OuqUf0K5dIPtssIBzLJyJzmWjP/cxGFt9i8bsV8czFpu+0KYWVXI8AIqKqt0 CIei5rNaWnAm++gITPY3rlePbDejc+ZUk6BjKGoOPIvmss1/j9yzdbnn2+W+ RlEl8+zR2XIp8n9snPR/Uo7fPpLb1RnzjceMeN1EPDpPxVs5fGWHfe3IAscE LUHfcMffc5fU8nm4V23hUkI7Eyu57Ez0etWWVN810f7T+yqLnQm72fS+SmFn Yq/bK5swm8QLQxGIQuBaPe5/lh0pCp5ARj+H6jb/16juOllf9PcP1t/7WL5F iYGmTX7+7vE6vFok26zCeHZgOVe5ueMXpRprI0pFQ5UL6e+LUollEHo9cL9H hr29PdrLqdRThv3+YaXDqM5TCP31br/b6XW6vWur9Rbs/t7aZ6vuF59RsV3E GOOZcC9yo5OGZ/ZMfYSR8n+Cmj9IZYP99j3uL1r/G7T+4RV40AhsNAG/wY8/ wgg4fb/GrYIVpTdFY6X52BNSPxleh7PyQ9/1Xvuw50bIdAZ5rxYxfLy+HI6G lz8OT2sb1Dj8/l60IzzBdPnXX8V1ODcbAPUL21SnZn+vhjn0qFDc3y/HbPp6 4KwSAazZq0P/yx9lqt6Ym5dyOfxgzcIrFco/Nbtdn/73FMa+GI0/MWX9DEJX RiujABXyzy3E1uf+Im7/2eIGJNHUZXHL3tRmbK0ou+m5gnq9rLr1RAKy7S6J +3RSHRlu2ZcdiiPF/EJOVRZZaXpycv7m4mn17ey0ADAQIKHhWXWpcH0Of3MQ 0IeAkR6r8c60euAeChaKfv6pz6JN4Z2kDEcUhA/4GxWBQDwn7EzVPKBCJm1V ukY8+2BvNxbHb90g/sT/hF9w2FM37K2R+pVIU2D9OuXrCY/7UNvJKJaCHsNx T87UMCgGSaGzsRQZf4V3wqZ1/L2v4KDWMLCGxLWuOzT34eXp8w3MHo3OXw7f n7/+4fnZ+dCVFF0ZFM8o4Aa4d9cON+Xj+HEvZ7BKntGe1La5qSwBAynPoAuM OgV86Y62Sy92SXtWrMcEF1fTnWx86EZl9pR7dZ377BJ+OXW2onwFIfMKEluq ncFMRYEs334KgG+poqvnkXHvhqgFfZbCLOv2mG6ZlQNWr8KytH6QvxAN786l LaWQ3aanSeIlJF/wH5VS+QwPgTM6R45kogkFKt0VYzyHOhZ0aVoGM3pKJHIX GyzEBwHZZze4q+qM8UWChHK6QIEnjOyx9eoEC3Ln3Q94hL/0k95LAFqlOrJP FuGKFRc2qbAnDKZz7iJpBYoNZiLSprzf6F1mvY2EfZSp6dUYXfXIFBiHMqAn MsoVqC2OvQNYeA/3KIEVUCet9h50qNLMXnmtWIfUKOOuhVAP5ARIKL3Che9q YS97YqLgJt2Yxfssrp2k+NKXlkv7GAwIZ63ZvRHjrmCM6RqrexYD1gKXBAV4 ofhCLNH8d9v8GV7BtVcjiUsUDohEfI//4BmJbyzr7Ud7z5LZ8/21tYKZfsE4 54lsT9v4Vox7roZCIERR6uL5DhI4Nha6jFoaT4HEXhuMZRFQqITWA70Gx/ck apeSLGI7+HGnUIyWvXFMF+cZ26KgtoRsy7plxFQyTWhZ4orOdIKnMPBhEi1l ayHljRNIfGwkUmHhz0V4i1oPnCUGa1sFXZe1Nn+hFljIbdZtAcEooz6E425K AWfxs2K2jFxVrNeL5YbKsLa6uhLoKYqA6FEcQMtAo6Gr3WQ47MsGK+8QUcF7 LKt6M8lf+aLTwN0osaqBElgl1J5hctyEWM4WrLddE7GPYuB2j+cn3MXcWcGw Lc8tWGuYCi3m+DSAYQXqY62wooxvqUisLaNWYgnd7irho2O2wG4iuuFTPO9S D83w8Y68jNZLeYnFFIvEs8hdzJlDdotPoZBHCW8FXhrG+/iEM8hqvDQRXXVe eR3BvYxQ3NAH/xvcVKhspdid+gsgmIkSG537d8PKK2Ax2mx8Bqe4tYX3idbl Bu91azu0LgXIoLXjC7b2vkRpY/cW/W3HSBcqs7XezzbU+/3rZE3A1EWn+BBH cf6UDKM9rECFCAqEVyVz5W00JDYDO4AE0Wss3oUMdIFFVXnl0bq2F2bPVRg5 7XElT/f4RfGMHIVDPh9ZaXz8EKh4U8m+4meTMDTDG5/8wmiA3fN0QOEMSLdq AIrca7M5bPj2kGnkhefB8UGDNWeAGlX5FHStyJqvDfOuFpLRbqKRpMQM36b8 uW2ZSpu98HkBVsEpVeklvCNE6Grs0T745J8BYlvOANlLcvTqBb7uA5I5xSSi DZ3k+tlDL/WlEyB0gJaY50S5zFXc23tjAMz+BfgBpRrzUwAA --> </rfc>