<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-jms-mole-architecture-00" category="info" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="MoLE Architecture">Moderation of unLinkable Endorsements (MoLE) Architecture</title>
    <seriesInfo name="Internet-Draft" value="draft-jms-mole-architecture-00"/>
    <author fullname="Samuel Schlesinger">
      <organization>Google LLC</organization>
      <address>
        <email>sgschlesinger@gmail.com</email>
      </address>
    </author>
    <author fullname="Dennis Jackson">
      <organization>Mozilla</organization>
      <address>
        <email>ietf@dennis-jackson.uk</email>
      </address>
    </author>
    <author fullname="Thibault Meunier">
      <organization>Cloudflare</organization>
      <address>
        <email>ot-ietf@thibault.uk</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <keyword>moderation</keyword>
    <keyword>endorsement</keyword>
    <keyword>unlinkability</keyword>
    <keyword>privacy</keyword>
    <abstract>
      <?line 53?>

<t>Moderation of unLinkable Endorsements (MoLE) is an architecture that lets a party performing access control (a Moderator) bootstrap trust in a client from a third party (an Anchor) that already has a trust relationship with that client, and then adjust that trust over time in response to the client's behaviour, for example by dynamically rate-limiting access.</t>
      <t>MoLE targets open deployments, in which independent parties may be responsible for access control and for vouching for clients, whilst maintaining strong privacy protections for clients. These protections are designed to hold even if participants in the ecosystem collude or otherwise misbehave.</t>
      <t>This document specifies the roles, the information flows between them, the privacy and security requirements, and deployment considerations.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        The latest revision of this draft can be found at <eref target="https://moderation-of-unlinkable-endorsements.github.io/internet-drafts/draft-jms-mole-architecture.html"/>.
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-jms-mole-architecture/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/Moderation-of-unLinkable-Endorsements/internet-drafts"/>.</t>
    </note>
  </front>
  <middle>
    <?line 61?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>Traditional approaches to access control rely on long-term identifiers such as
user IDs or cookies, which allow clients to be tracked as they interact with the
system. Newer approaches like Privacy Pass <xref target="RFC9576"/> enable access control
without identification, but they provide no privacy-preserving way to bootstrap
trust in a client and cannot adjust that trust dynamically over time.</t>
      <t>MoLE aims to address these gaps and enable privacy-preserving access control in an open ecosystem. This means supporting a deployment where clients are trying to access resources from multiple independent services, each performing independent access control and potentially relying on different third parties to vouch for the trustworthiness of clients. Building a system which can support both openness and privacy is a key requirement and differentiator of MoLE.</t>
      <t>MoLE has three distinct roles. Clients seek to access resources protected by
Moderators, who set and enforce access control policy. A Moderator may have no
direct trust relationship with a Client, but instead trusts Anchors, who do have
a relationship with some Clients, to vouch for them. A given Moderator may trust
multiple Anchors in order to cover more of its user base. An Anchor may vouch for
Clients that a Moderator deems untrustworthy; the Moderator can mitigate this
either by withdrawing trust in those specific Clients or by withdrawing trust in
the Anchor.</t>
      <t>These roles interact through three distinct flows: Endorsement, Redeem &amp; Issue, and
Presentation. In Endorsement, an Anchor grants a Client an Endorsement, which
conveys the Anchor's trust in the Client to other parties. In Redeem &amp; Issue, a Client
redeems an Endorsement at a Moderator and receives a Credential, allowing the
Moderator to bootstrap its trust in the Client. In Presentation, the Client
presents a Credential to a Moderator, allowing the Moderator to make an access
control decision and to adjust its level of trust in the Client over time,
including by dynamically rate-limiting access.</t>
      <t>These flows are designed to protect the Client's privacy. Redeeming an
Endorsement does not reveal the granting Anchor, only that it is a member of the
Moderator's Anchor Set, so it does not leak information about the Client such as
which Anchor's policy the Client satisfies. In addition, a Client's interactions
across Endorsement, Redeem &amp; Issue and Presentation are unlinkable, preventing Anchors and
Moderators from tracking Clients through their participation in the system. These privacy properties are designed to hold
even when Anchors and Moderators collude.</t>
      <t>This document describes the requirements for these flows and how they interact,
as well as the anticipated deployment model.</t>
    </section>
    <section anchor="use-cases">
      <name>Use Cases</name>
      <t>MoLE is applicable to any system where Moderators wish to rate-limit access to resources without having a direct relationship with those clients, instead trusting third parties to vouch for trustworthy users. MoLE tolerates third parties making incorrect decisions, e.g. trusting a malicious client, and enables Moderators to respond dynamically to limit abuse.</t>
      <t>MoLE targets an open system like the web where a population of Moderators and Anchors make independent decisions about their access control policy, which Anchors they trust, and which users are Endorsed. This contrasts with a closed system where the parties participating in the system are known a priori and can be expected to coordinate their deployment configuration.</t>
      <section anchor="uc-friction">
        <name>Reduced-Friction Challenges</name>
        <t>A user visits a website for the first time, with no cookies and possibly through
a VPN, shared NAT, or privacy-preserving proxy that obscures network-layer
identifiers. The site has no per-user history and limited reputational signal
from the network path. The user then bears the friction if the site responds
with measures intended to mitigate volumetric abuse --- repeated CAPTCHAs,
silent rejection, or a degraded experience --- which also harm users trying to
access the site legitimately.</t>
        <t>However, other sites may have access to relatively rich context about a user, e.g. because
the user maintains an account, made a payment, or provided some other scarce
signal to the site. MoLE enables such sites to act as Anchors which grant
Endorsements to users, suitable for bootstrapping trust when users visit new sites for the first time.</t>
        <t>In this use case, the site acts as or works with a Moderator.
The Client presents a Credential whose underlying
Endorsement attests to a scarce property accepted under the Moderator's
policy. The site combines this signal with its existing inputs to decide
whether to admit, challenge, or reject the request. A Credential may be
one input among several; it does not entitle the Client to admission.
The Moderator can then go on to adjust the Client's Credential in response to the Client's behaviour, allowing access to be upgraded or removed over time.</t>
      </section>
      <section anchor="uc-agents">
        <name>User Agents Acting Under Delegation</name>
        <t>A user delegates some of their interaction with a site to an automated agent
running in, or alongside, their browser. Sites that lack a richer signal
commonly treat the appearance of automation as grounds for friction or denial
of service, blocking delegated browsing as a side effect of resisting unwanted
automation.</t>
        <t>Here the agent presents a Credential on the user's behalf, and the site admits
the request based on the user's standing without the agent surfacing a stable
identity or correlatable state. From the Credential alone, the Moderator and
site cannot tell agent-driven presentations from the user's own;
distinguishability via request content, timing, or rate is the user agent's
responsibility, not the Credential's.</t>
        <t>When delegated behaviour violates policy, the Moderator may update state bound
to the user's Credential, so the user bears the consequences for the agent's
actions --- yet those actions remain unlinkable to other sessions and to the
user's own, and the user's identity is not revealed to the site.</t>
        <t>Alternatively,
delegated agents may rely on a distinct pool of Anchors and Credentials,
letting sites and Moderators differentiate them from traditional user agents. The
same architecture can serve automation not acting under delegation, such as
autonomous crawlers.</t>
        <t>In all configurations, clients enjoy strong privacy protections from sites and
Moderators, while sites and Moderators are protected from abusive clients
mounting volumetric attacks.</t>
      </section>
      <section anchor="uc-access">
        <name>Private Access Control</name>
        <t>A user visits a site repeatedly, without persistent cookies, expecting that
successive visits are not linkable to one another. The site gates some
functionality on a non-public criterion such as a paid subscription, group
membership, or a per-period quota of allowed operations.</t>
        <t>In this use case, the Anchor's attestation conveys eligibility under such a
criterion, and the Moderator translates that eligibility into a Credential
under a policy that may include rate or quota state.
The successive presentations are unlinkable to each other and to Redeem &amp; Issue.</t>
        <t>This use case is a secondary goal. More
elaborate authorization policies, including rich attribute-based access control
and multi-factor eligibility combinations, are out of scope of this
architecture document but may be included in companion documents.</t>
      </section>
    </section>
    <section anchor="conventions-and-definitions">
      <name>Conventions and Definitions</name>
      <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
      <?line -18?>

<t>The following terms are used throughout this document:</t>
      <dl>
        <dt><strong>Client:</strong></dt>
        <dd>
          <t>An entity that seeks access to resources controlled by a Moderator.</t>
        </dd>
        <dt><strong>Anchor:</strong></dt>
        <dd>
          <t>An entity that grants Endorsements to Clients based on a trust relationship.</t>
        </dd>
        <dt><strong>Moderator:</strong></dt>
        <dd>
          <t>An entity that consumes Endorsement redemptions and Credential presentations
from Clients and issues Credentials according to an access policy.</t>
        </dd>
        <dt><strong>Endorsement:</strong></dt>
        <dd>
          <t>A cryptographic object granted by an Anchor to a Client.</t>
        </dd>
        <dt><strong>Credential:</strong></dt>
        <dd>
          <t>A cryptographic object issued by a Moderator to a Client. This Credential
has an associated state that is updated during presentation.</t>
        </dd>
        <dt><strong>Predicate:</strong></dt>
        <dd>
          <t>A boolean test that a Moderator evaluates against a Credential's hidden state
during a Presentation. The Moderator learns only whether the state satisfies
the Predicate, not the state itself.</t>
        </dd>
        <dt><strong>Endorsement Flow:</strong></dt>
        <dd>
          <t>The flow in which an Anchor grants an Endorsement to a Client, based on the
Anchor's trust relationship with that Client.</t>
        </dd>
        <dt><strong>Redeem &amp; Issue Flow:</strong></dt>
        <dd>
          <t>The flow in which a Client redeems an Endorsement at a Moderator and, in
return, obtains a Credential, without revealing which Anchor granted the
Endorsement.</t>
        </dd>
        <dt><strong>Presentation Flow:</strong></dt>
        <dd>
          <t>The flow by which a Client proves possession of a Credential whose state
satisfies a Predicate specified by the Moderator.</t>
        </dd>
        <dt><strong>Policy:</strong></dt>
        <dd>
          <t>Rules used by a Moderator to evaluate presentations.</t>
        </dd>
        <dt><strong>Anchor Set:</strong></dt>
        <dd>
          <t>The set of Anchors whose Endorsements a Moderator will accept during Redeem &amp; Issue.</t>
        </dd>
        <dt><strong>Anonymity Set:</strong></dt>
        <dd>
          <t>The set of Clients among which a given Client is indistinguishable during an
interaction. The strength of MoLE's unlinkability and Anchor-hiding properties
depends on the size of this set.</t>
        </dd>
      </dl>
    </section>
    <section anchor="overview">
      <name>Overview</name>
      <t>MoLE is composed of three distinct flows:
Endorsement, in which a Client obtains an Endorsement signifying
its trust relationship with an Anchor; Redeem &amp; Issue, in which a Client redeems an
Endorsement from an Anchor to obtain a Credential from a Moderator without
revealing which Anchor granted it; and Presentation, in which a Client uses
a Credential from a Moderator to prove that it is
presently in good standing with the Moderator in order to access a resource.</t>
      <figure anchor="fig-mole-architecture">
        <name>MoLE Architecture Overview</name>
        <artset>
          <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="384" width="480" viewBox="0 0 480 384" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 8,32 L 8,64" fill="none" stroke="black"/>
              <path d="M 40,64 L 40,144" fill="none" stroke="black"/>
              <path d="M 40,176 L 40,368" fill="none" stroke="black"/>
              <path d="M 80,32 L 80,64" fill="none" stroke="black"/>
              <path d="M 176,224 L 176,304" fill="none" stroke="black"/>
              <path d="M 184,32 L 184,64" fill="none" stroke="black"/>
              <path d="M 216,64 L 216,144" fill="none" stroke="black"/>
              <path d="M 216,176 L 216,208" fill="none" stroke="black"/>
              <path d="M 216,240 L 216,312" fill="none" stroke="black"/>
              <path d="M 216,328 L 216,368" fill="none" stroke="black"/>
              <path d="M 256,32 L 256,64" fill="none" stroke="black"/>
              <path d="M 376,32 L 376,64" fill="none" stroke="black"/>
              <path d="M 424,64 L 424,144" fill="none" stroke="black"/>
              <path d="M 424,176 L 424,216" fill="none" stroke="black"/>
              <path d="M 424,232 L 424,312" fill="none" stroke="black"/>
              <path d="M 424,328 L 424,368" fill="none" stroke="black"/>
              <path d="M 464,240 L 464,304" fill="none" stroke="black"/>
              <path d="M 472,32 L 472,64" fill="none" stroke="black"/>
              <path d="M 8,32 L 80,32" fill="none" stroke="black"/>
              <path d="M 184,32 L 256,32" fill="none" stroke="black"/>
              <path d="M 376,32 L 472,32" fill="none" stroke="black"/>
              <path d="M 8,64 L 80,64" fill="none" stroke="black"/>
              <path d="M 184,64 L 256,64" fill="none" stroke="black"/>
              <path d="M 376,64 L 472,64" fill="none" stroke="black"/>
              <path d="M 48,96 Q 50,92.8 52,96 Q 54,99.2 56,96 Q 58,92.8 60,96 Q 62,99.2 64,96 Q 66,92.8 68,96 Q 70,99.2 72,96 " fill="none" stroke="black"/>
              <path d="M 184,96 Q 186,92.8 188,96 Q 190,99.2 192,96 Q 194,92.8 196,96 Q 198,99.2 200,96 Q 202,92.8 204,96 Q 206,99.2 208,96 " fill="none" stroke="black"/>
              <path d="M 40,126 L 72,126" fill="none" stroke="black"/>
              <path d="M 40,130 L 72,130" fill="none" stroke="black"/>
              <path d="M 184,126 L 208,126" fill="none" stroke="black"/>
              <path d="M 184,130 L 208,130" fill="none" stroke="black"/>
              <path d="M 16,160 Q 18,156.8 20,160 Q 22,163.2 24,160 Q 26,156.8 28,160 Q 30,163.2 32,160 Q 34,156.8 36,160 Q 38,163.2 40,160 Q 42,156.8 44,160 Q 46,163.2 48,160 Q 50,156.8 52,160 Q 54,163.2 56,160 Q 58,156.8 60,160 Q 62,163.2 64,160 Q 66,156.8 68,160 Q 70,163.2 72,160 Q 74,156.8 76,160 Q 78,163.2 80,160 Q 82,156.8 84,160 Q 86,163.2 88,160 Q 90,156.8 92,160 Q 94,163.2 96,160 Q 98,156.8 100,160 Q 102,163.2 104,160 Q 106,156.8 108,160 Q 110,163.2 112,160 Q 114,156.8 116,160 Q 118,163.2 120,160 Q 122,156.8 124,160 Q 126,163.2 128,160 Q 130,156.8 132,160 Q 134,163.2 136,160 Q 138,156.8 140,160 Q 142,163.2 144,160 Q 146,156.8 148,160 Q 150,163.2 152,160 Q 154,156.8 156,160 Q 158,163.2 160,160 Q 162,156.8 164,160 Q 166,163.2 168,160 Q 170,156.8 172,160 Q 174,163.2 176,160 Q 178,156.8 180,160 Q 182,163.2 184,160 Q 186,156.8 188,160 Q 190,163.2 192,160 Q 194,156.8 196,160 Q 198,163.2 200,160 Q 202,156.8 204,160 Q 206,163.2 208,160 Q 210,156.8 212,160 Q 214,163.2 216,160 Q 218,156.8 220,160 Q 222,163.2 224,160 Q 226,156.8 228,160 Q 230,163.2 232,160 Q 234,156.8 236,160 Q 238,163.2 240,160 Q 242,156.8 244,160 Q 246,163.2 248,160 Q 250,156.8 252,160 Q 254,163.2 256,160 Q 258,156.8 260,160 Q 262,163.2 264,160 Q 266,156.8 268,160 Q 270,163.2 272,160 Q 274,156.8 276,160 Q 278,163.2 280,160 Q 282,156.8 284,160 Q 286,163.2 288,160 Q 290,156.8 292,160 Q 294,163.2 296,160 Q 298,156.8 300,160 Q 302,163.2 304,160 Q 306,156.8 308,160 Q 310,163.2 312,160 Q 314,156.8 316,160 Q 318,163.2 320,160 Q 322,156.8 324,160 Q 326,163.2 328,160 Q 330,156.8 332,160 Q 334,163.2 336,160 Q 338,156.8 340,160 Q 342,163.2 344,160 Q 346,156.8 348,160 Q 350,163.2 352,160 Q 354,156.8 356,160 Q 358,163.2 360,160 Q 362,156.8 364,160 Q 366,163.2 368,160 Q 370,156.8 372,160 Q 374,163.2 376,160 Q 378,156.8 380,160 Q 382,163.2 384,160 Q 386,156.8 388,160 Q 390,163.2 392,160 Q 394,156.8 396,160 Q 398,163.2 400,160 Q 402,156.8 404,160 Q 406,163.2 408,160 Q 410,156.8 412,160 Q 414,163.2 416,160 Q 418,156.8 420,160 Q 422,163.2 424,160 Q 426,156.8 428,160 Q 430,163.2 432,160 Q 434,156.8 436,160 Q 438,163.2 440,160 Q 442,156.8 444,160 Q 446,163.2 448,160 " fill="none" stroke="black"/>
              <path d="M 224,192 Q 226,188.8 228,192 Q 230,195.2 232,192 Q 234,188.8 236,192 Q 238,195.2 240,192 Q 242,188.8 244,192 Q 246,195.2 248,192 Q 250,188.8 252,192 Q 254,195.2 256,192 Q 258,188.8 260,192 Q 262,195.2 264,192 " fill="none" stroke="black"/>
              <path d="M 376,192 Q 378,188.8 380,192 Q 382,195.2 384,192 Q 386,188.8 388,192 Q 390,195.2 392,192 Q 394,188.8 396,192 Q 398,195.2 400,192 Q 402,188.8 404,192 Q 406,195.2 408,192 Q 410,188.8 412,192 Q 414,195.2 416,192 " fill="none" stroke="black"/>
              <path d="M 176,224 L 208,224" fill="none" stroke="black"/>
              <path d="M 320,224 L 448,224" fill="none" stroke="black"/>
              <path d="M 216,256 L 264,256" fill="none" stroke="black"/>
              <path d="M 376,256 L 416,256" fill="none" stroke="black"/>
              <path d="M 224,288 L 264,288" fill="none" stroke="black"/>
              <path d="M 368,288 L 424,288" fill="none" stroke="black"/>
              <path d="M 192,320 L 448,320" fill="none" stroke="black"/>
              <path d="M 216,350 L 264,350" fill="none" stroke="black"/>
              <path d="M 216,354 L 264,354" fill="none" stroke="black"/>
              <path d="M 384,350 L 416,350" fill="none" stroke="black"/>
              <path d="M 384,354 L 416,354" fill="none" stroke="black"/>
              <path d="M 448,224 C 456.83064,224 464,231.16936 464,240" fill="none" stroke="black"/>
              <path d="M 192,320 C 183.16936,320 176,312.83064 176,304" fill="none" stroke="black"/>
              <path d="M 448,320 C 456.83064,320 464,312.83064 464,304" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="424,352 412,346.4 412,357.6" fill="black" transform="rotate(0,416,352)"/>
              <polygon class="arrowhead" points="424,256 412,250.4 412,261.6" fill="black" transform="rotate(0,416,256)"/>
              <polygon class="arrowhead" points="424,192 412,186.4 412,197.6" fill="black" transform="rotate(0,416,192)"/>
              <polygon class="arrowhead" points="232,288 220,282.4 220,293.6" fill="black" transform="rotate(180,224,288)"/>
              <polygon class="arrowhead" points="232,192 220,186.4 220,197.6" fill="black" transform="rotate(180,224,192)"/>
              <polygon class="arrowhead" points="216,128 204,122.4 204,133.6" fill="black" transform="rotate(0,208,128)"/>
              <polygon class="arrowhead" points="216,96 204,90.4 204,101.6" fill="black" transform="rotate(0,208,96)"/>
              <polygon class="arrowhead" points="56,96 44,90.4 44,101.6" fill="black" transform="rotate(180,48,96)"/>
              <g class="text">
                <text x="44" y="52">Anchor</text>
                <text x="220" y="52">Client</text>
                <text x="424" y="52">Moderator</text>
                <text x="128" y="100">Interaction</text>
                <text x="128" y="132">Endorsement</text>
                <text x="320" y="196">Interaction</text>
                <text x="232" y="228">(If</text>
                <text x="280" y="228">needed)</text>
                <text x="320" y="260">Endorsement</text>
                <text x="316" y="292">Credential</text>
                <text x="324" y="356">Presentation</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art"><![CDATA[
+--------+            +--------+              +-----------+
| Anchor |            | Client |              | Moderator |
+---+----+            +---+----+              +-----+-----+
    |                     |                         |
    |<~~~ Interaction ~~~>|                         |
    |                     |                         |
    +==== Endorsement ===>|                         |
    |                     |                         |
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |                     |                         |
    |                     |<~~~~~ Interaction ~~~~~>|
    |                     |                         |
    |                +---- (If needed) -----------------.
    |                |    |                         |    |
    |                |    +------ Endorsement ----->|    |
    |                |    |                         |    |
    |                |    |<----- Credential -------+    |
    |                |    |                         |    |
    |                 `---------------------------------'
    |                     |                         |
    |                     +====== Presentation ====>|
    |                     |                         |
]]></artwork>
        </artset>
      </figure>
      <t>During Endorsement, a Client interacts with an Anchor with which it has a
trust relationship. The nature of the trust relationship is specific to the Anchor and may be based on some kind
of strong authentication, e.g. a login, or may be relatively weak, e.g. based on solving a
CAPTCHA. The Anchor grants the Client one or more Endorsements to signify this trust relationship.</t>
      <t>Later, when trying to access a resource, a Client may be prompted by a Moderator to present
a Credential. If the Client doesn't have a Credential for this Moderator it will then engage in the
Redeem &amp; Issue flow. In this flow, the Client redeems an Endorsement from the Moderator's
Anchor Set and receives a Credential in return. Redeeming an Endorsement does not reveal which
Anchor was used, only that it came from the Anchor Set.</t>
      <t>Once a Moderator has accepted a specific Endorsement, the Moderator can prevent a second use of that Endorsement in their system. This property prevents abusive Clients from constantly resetting their state to receive a fresh Credential from the Moderator in order to bypass rate limits.</t>
      <t>Finally, the Client can present the Credential to the Moderator, along with a credential update request. This presentation enables the Moderator to
query the state of the Credential and receive a boolean value indicating whether the presented Credential meets the
Moderator's chosen predicate. The Moderator can also update the state of the Credential, e.g. to increase or decrease access, but this process does not reveal any further information about the state of the Credential. Depending on the result of the applied predicate, the Moderator can make a decision about access control to the protected resource.</t>
    </section>
    <section anchor="privacy-properties">
      <name>Privacy Goals and Threat Model</name>
      <t>MoLE deployments aim to provide three privacy properties for Clients:</t>
      <ol spacing="normal" type="1"><li>
          <t><em>Endorsement Grants and Redemptions are Unlinkable</em> - During an interaction in which a Moderator issues a new Credential on the basis of an Endorsement obtained from an Anchor, neither the Moderator nor the Anchor can link the session in which the Endorsement was granted to the session in which it was redeemed.</t>
        </li>
        <li>
          <t><em>Endorsement Redemptions are Anchor-hiding</em> - During an interaction in which a Moderator issues a new Credential on the basis of an Endorsement from an Anchor, the Client hides the Anchor it obtained the Endorsement from among the Moderator's Anchor Set. Such Anchor-hiding makes an Endorsement redemption indistinguishable regardless of which Anchor in the Anchor Set the Client used, to both the Anchor and the Moderator.</t>
        </li>
        <li>
          <t><em>Credential Issuances and Presentations are Unlinkable</em> - If a Client engages in multiple presentations, then those presentations are unlinkable to each other and to the Redeem &amp; Issue flow that produced the Credential.</t>
        </li>
      </ol>
      <t>A successful presentation tells the Moderator that the Client holds a
Credential satisfying the Moderator's policy. It does not reveal the Client's
identity, the underlying Anchor, or the state of the Credential. Collectively,
these properties minimize the information Clients reveal to Anchors and Moderators
beyond what is necessary to participate in the system.</t>
      <t>The strength of these unlinkability properties depends on anonymity-set size. For
Credential Issuance and Presentation unlinkability, the relevant set is the population of
Clients holding Credentials under the same Moderator policy.</t>
      <t>For Anchor-hiding,
the relevant set is the Moderator's Anchor Set. A Moderator with only one
Anchor in its Anchor Set provides no Anchor-hiding.</t>
      <t>Further considerations for maximizing the size of these sets are set out in the Privacy Considerations section.</t>
      <t>MoLE's privacy properties are intended to hold in the face of strong attackers who:</t>
      <ul spacing="normal">
        <li>
          <t>May act in the role of Anchor, Moderator, or Client.</t>
        </li>
        <li>
          <t>May collude with other Anchors and Moderators in order to try to identify Clients.</t>
        </li>
        <li>
          <t>May have access to a cryptographically relevant quantum computer (CRQC).</t>
        </li>
        <li>
          <t>May deliberately deviate from the protocol and attempt to alter or forge messages.</t>
        </li>
      </ul>
      <t>Some attackers may exploit information not directly revealed by the protocol, for example:
 - Timing information
 - Network metadata like IP addresses
 - Implementation fingerprinting</t>
      <t>These side channels, which depend on details specific to each deployment, may compromise the privacy properties of MoLE and are discussed further in the Privacy Considerations.</t>
    </section>
    <section anchor="security-goals-and-threat-model">
      <name>Security Goals and Threat Model</name>
      <t>MoLE's security properties are intended for Moderators. Moderators can be assured:</t>
      <ul spacing="normal">
        <li>
          <t>When they accept an Endorsement, that it corresponds to exactly one Endorsement granted by a trusted Anchor.</t>
        </li>
        <li>
          <t>When they accept a Credential under a given predicate, that the Credential is one they previously issued with a matching predicate. Once a Credential has been presented, it will not be accepted again unless the Moderator chooses to re-issue it.</t>
        </li>
      </ul>
      <t>Collectively, these two properties allow Moderators to dynamically rate-limit access to the population of Anchor-endorsed Clients. If Endorsements could be redeemed, or Credentials presented, multiple times, it would allow malicious Clients to obtain additional Credentials which could be used to bypass rate limits.</t>
      <t>MoLE's security properties are intended to hold in the face of coordinated attackers who:
- Can control a number of Clients and deviate from the protocol.
- Cannot violate the endorsement criteria of a Moderator's trusted Anchors but may control other Anchors.
- Do not have access to a CRQC.</t>
      <t>MoLE considers a CRQC for its privacy properties like Anchor-hiding and unlinkability, because a CRQC deployed in the future could be used to analyse protocol transcripts recorded today and so identify Clients. By contrast, MoLE's security properties hold until an attacker gains access to a CRQC; once they do, only future protocol sessions are affected.</t>
    </section>
    <section anchor="flows">
      <name>Flows</name>
      <section anchor="endorsement">
        <name>Endorsement</name>
        <figure anchor="fig-mole-architecture-endorsement">
          <name>MoLE Endorsement</name>
          <artset>
            <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="176" width="304" viewBox="0 0 304 176" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 8,32 L 8,64" fill="none" stroke="black"/>
                <path d="M 40,64 L 40,128" fill="none" stroke="black"/>
                <path d="M 80,32 L 80,64" fill="none" stroke="black"/>
                <path d="M 224,32 L 224,64" fill="none" stroke="black"/>
                <path d="M 256,64 L 256,160" fill="none" stroke="black"/>
                <path d="M 296,32 L 296,64" fill="none" stroke="black"/>
                <path d="M 8,32 L 80,32" fill="none" stroke="black"/>
                <path d="M 224,32 L 296,32" fill="none" stroke="black"/>
                <path d="M 8,64 L 80,64" fill="none" stroke="black"/>
                <path d="M 224,64 L 296,64" fill="none" stroke="black"/>
                <path d="M 48,94 L 64,94" fill="none" stroke="black"/>
                <path d="M 48,98 L 64,98" fill="none" stroke="black"/>
                <path d="M 224,94 L 248,94" fill="none" stroke="black"/>
                <path d="M 224,98 L 248,98" fill="none" stroke="black"/>
                <path d="M 40,112 L 64,112" fill="none" stroke="black"/>
                <path d="M 232,112 L 248,112" fill="none" stroke="black"/>
                <path d="M 48,128 L 64,128" fill="none" stroke="black"/>
                <path d="M 240,128 L 256,128" fill="none" stroke="black"/>
                <polygon class="arrowhead" points="256,112 244,106.4 244,117.6" fill="black" transform="rotate(0,248,112)"/>
                <polygon class="arrowhead" points="256,96 244,90.4 244,101.6" fill="black" transform="rotate(0,248,96)"/>
                <polygon class="arrowhead" points="56,128 44,122.4 44,133.6" fill="black" transform="rotate(180,48,128)"/>
                <polygon class="arrowhead" points="56,96 44,90.4 44,101.6" fill="black" transform="rotate(180,48,96)"/>
                <g class="text">
                  <text x="44" y="52">Client</text>
                  <text x="260" y="52">Anchor</text>
                  <text x="88" y="100">Trust</text>
                  <text x="168" y="100">Establishment</text>
                  <text x="148" y="116">EndorsementRequest</text>
                  <text x="152" y="132">EndorsementResponse</text>
                  <text x="96" y="148">EndorsementFinalization</text>
                  <text x="40" y="164">|</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art"><![CDATA[
+--------+                 +--------+
| Client |                 | Anchor |
+---+----+                 +---+----+
    |                          |
    |<==Trust Establishment===>|
    +--- EndorsementRequest -->|
    |<-- EndorsementResponse --+
EndorsementFinalization        |
    |                          |
]]></artwork>
          </artset>
        </figure>
        <t>The Endorsement flow allows an Anchor to provide a Client with an Endorsement, signalling its trust in the client. Depending on the deployment, the Endorsement flow might be triggered by the Anchor pro-actively, or it may be requested by the Client according to need.</t>
        <t>An Anchor will endorse a client according to its own criteria for trust in the client.
This may be because of some kind of strong authentication like a login, weak authentication
like a CAPTCHA or any other mechanism that the Anchor deems suitable. Moderators will choose
whether to trust a specific Anchor on the basis of its criteria for endorsing users.</t>
        <t>In order to be useful, Anchors will need to constrain how many times they will Endorse a given user.
This is because Endorsements are valuable to Clients and Moderators insofar as they are scarce. If
an Anchor gave out a very large number of Endorsements, this would reduce the effectiveness of rate limiting
applied by Moderators.</t>
        <t>Anchors furnish each Endorsement with the necessary metadata to identify the Anchor that used it and for the Client to evaluate whether a given Moderator can consume that Endorsement. This metadata may enumerate specific Moderators (in a small deployment) or identify authentication material like a public key which can be used later to evaluate whether a given Moderator is authorized.</t>
        <t>The specific properties of the Endorsement vary based on the exact protocol used. Important properties are described below:</t>
        <ol spacing="normal" type="1"><li>
            <t>Public Verifiability: any party with knowledge of the Anchor can verify that the Endorsement is valid without needing access to secret key material held by the Anchor.</t>
          </li>
          <li>
            <t>Blind Redemption: a Client redeeming the Endorsement does not reveal any information other than that the Endorsement is from one of a set of Anchors trusted by a Moderator.</t>
          </li>
          <li>
            <t>Unlinkable Redemption: even if the Anchor colludes with another party at which the Endorsement is redeemed, they can't link the redemption to the session in which it was granted.</t>
          </li>
          <li>
            <t>Expiry:  A Client redeeming the Endorsement can prove that the Endorsement was granted within a particular time period.</t>
          </li>
          <li>
            <t>One-Time-Use: A Moderator can prevent the redemption of the same Endorsement twice.</t>
          </li>
          <li>
            <t>One-More Unforgability: A Client granted an Endorsement cannot forge an another valid Endorsement.</t>
          </li>
        </ol>
      </section>
      <section anchor="redeem-issue">
        <name>Redeem &amp; Issue</name>
        <figure anchor="fig-mole-architecture-issuance">
          <name>MoLE Redeem &amp; Issue</name>
          <artset>
            <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="192" width="448" viewBox="0 0 448 192" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 8,32 L 8,64" fill="none" stroke="black"/>
                <path d="M 40,64 L 40,96" fill="none" stroke="black"/>
                <path d="M 40,128 L 40,144" fill="none" stroke="black"/>
                <path d="M 80,32 L 80,64" fill="none" stroke="black"/>
                <path d="M 344,32 L 344,64" fill="none" stroke="black"/>
                <path d="M 392,64 L 392,176" fill="none" stroke="black"/>
                <path d="M 440,32 L 440,64" fill="none" stroke="black"/>
                <path d="M 8,32 L 80,32" fill="none" stroke="black"/>
                <path d="M 344,32 L 440,32" fill="none" stroke="black"/>
                <path d="M 8,64 L 80,64" fill="none" stroke="black"/>
                <path d="M 344,64 L 440,64" fill="none" stroke="black"/>
                <path d="M 48,94 L 128,94" fill="none" stroke="black"/>
                <path d="M 48,98 L 128,98" fill="none" stroke="black"/>
                <path d="M 296,94 L 384,94" fill="none" stroke="black"/>
                <path d="M 296,98 L 384,98" fill="none" stroke="black"/>
                <path d="M 40,128 L 64,128" fill="none" stroke="black"/>
                <path d="M 360,128 L 384,128" fill="none" stroke="black"/>
                <path d="M 48,144 L 128,144" fill="none" stroke="black"/>
                <path d="M 296,144 L 392,144" fill="none" stroke="black"/>
                <polygon class="arrowhead" points="392,128 380,122.4 380,133.6" fill="black" transform="rotate(0,384,128)"/>
                <polygon class="arrowhead" points="392,96 380,90.4 380,101.6" fill="black" transform="rotate(0,384,96)"/>
                <polygon class="arrowhead" points="56,144 44,138.4 44,149.6" fill="black" transform="rotate(180,48,144)"/>
                <polygon class="arrowhead" points="56,96 44,90.4 44,101.6" fill="black" transform="rotate(180,48,96)"/>
                <g class="text">
                  <text x="44" y="52">Client</text>
                  <text x="392" y="52">Moderator</text>
                  <text x="164" y="100">Anchor</text>
                  <text x="240" y="100">Negotiation</text>
                  <text x="88" y="116">EndorsementRedemption</text>
                  <text x="212" y="132">EndorsementToken+CredentialRequest</text>
                  <text x="212" y="148">CredentialResponse</text>
                  <text x="92" y="164">CredentialFinalization</text>
                  <text x="40" y="180">|</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art"><![CDATA[
+--------+                                +-----------+
| Client |                                | Moderator |
+---+----+                                +-----+-----+
    |                                           |
    |<========== Anchor Negotiation ===========>|
EndorsementRedemption                           |
    +--- EndorsementToken+CredentialRequest --->|
    |<---------- CredentialResponse ------------+
CredentialFinalization                          |
    |                                           |
]]></artwork>
          </artset>
        </figure>
        <t>The Redeem &amp; Issue flow allows an Anchor's trust in a Client to be communicated to a Moderator, enabling a new Credential to be issued with an initial amount of trust.</t>
        <t>Redeem &amp; Issue is likely to happen on-demand in response to a Moderator's challenge for a
Client to present a valid Credential. The challenge should contain enough information
to identify the Moderator and the Anchors whose Endorsements it will trust for redemption.
If the Client wishes to complete the presentation and has suitable Endorsements, it will
begin the Redeem &amp; Issue flow. In some circumstances, the Moderator may not require any Anchors for redemption, i.e. it has some local means of establishing trust in this case.</t>
        <t>In Redeem &amp; Issue, the Client redeems an Endorsement, proving to the Moderator that it holds a suitable Endorsement from an
Anchor trusted by the Moderator without revealing which specific Anchor was used. In order to translate this into a tangible privacy property for clients, the see the Privacy Considerations section for a discussion around anonymity sets and maximizing them. The redemption must be unlinkable to the grant of the Endorsement so that even if the Anchor and Moderator collude they can't link the two sessions.</t>
        <t>Further, the redemption of the Endorsement must ensure that even in the presence of a dishonest client, a Moderator will only issue a Credential once for a given Endorsement in order to mitigate attempts to bypass rate limits.</t>
        <t>The properties of the Credential issued by the Moderator will vary depending on the exact protocol used. However, they must support:</t>
        <ol spacing="normal" type="1"><li>
            <t>Unlinkable Presentation: A Client presenting a Credential reveals nothing beyond the result of the Moderator's predicate. Two successful presentations cannot be linked to one another, to the Redeem &amp; Issue session that produced the Credential, or to any prior update, even if the Moderator records every transcript.</t>
          </li>
          <li>
            <t>One-More Unforgeability: Even a dishonest Client cannot forge a Credential or derive additional valid Credentials from those it holds.</t>
          </li>
          <li>
            <t>Rate Limiting: The Credential enables the Moderator to apply a rate limiting policy to the client which may be dynamically adjusted.</t>
          </li>
        </ol>
      </section>
      <section anchor="presentation-and-updates">
        <name>Presentation and Updates</name>
        <figure anchor="fig-mole-architecture-presentation">
          <name>MoLE Presentation</name>
          <artset>
            <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="240" width="448" viewBox="0 0 448 240" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 8,32 L 8,64" fill="none" stroke="black"/>
                <path d="M 40,64 L 40,128" fill="none" stroke="black"/>
                <path d="M 40,160 L 40,192" fill="none" stroke="black"/>
                <path d="M 80,32 L 80,64" fill="none" stroke="black"/>
                <path d="M 344,32 L 344,64" fill="none" stroke="black"/>
                <path d="M 392,64 L 392,128" fill="none" stroke="black"/>
                <path d="M 392,160 L 392,224" fill="none" stroke="black"/>
                <path d="M 440,32 L 440,64" fill="none" stroke="black"/>
                <path d="M 8,32 L 80,32" fill="none" stroke="black"/>
                <path d="M 344,32 L 440,32" fill="none" stroke="black"/>
                <path d="M 8,64 L 80,64" fill="none" stroke="black"/>
                <path d="M 344,64 L 440,64" fill="none" stroke="black"/>
                <path d="M 48,96 L 120,96" fill="none" stroke="black"/>
                <path d="M 312,96 L 392,96" fill="none" stroke="black"/>
                <path d="M 48,110 L 88,110" fill="none" stroke="black"/>
                <path d="M 48,114 L 88,114" fill="none" stroke="black"/>
                <path d="M 312,110 L 384,110" fill="none" stroke="black"/>
                <path d="M 312,114 L 384,114" fill="none" stroke="black"/>
                <path d="M 40,160 L 80,160" fill="none" stroke="black"/>
                <path d="M 288,160 L 384,160" fill="none" stroke="black"/>
                <path d="M 48,192 L 80,192" fill="none" stroke="black"/>
                <path d="M 320,192 L 392,192" fill="none" stroke="black"/>
                <polygon class="arrowhead" points="392,160 380,154.4 380,165.6" fill="black" transform="rotate(0,384,160)"/>
                <polygon class="arrowhead" points="392,112 380,106.4 380,117.6" fill="black" transform="rotate(0,384,112)"/>
                <polygon class="arrowhead" points="56,192 44,186.4 44,197.6" fill="black" transform="rotate(180,48,192)"/>
                <polygon class="arrowhead" points="56,112 44,106.4 44,117.6" fill="black" transform="rotate(180,48,112)"/>
                <polygon class="arrowhead" points="56,96 44,90.4 44,101.6" fill="black" transform="rotate(180,48,96)"/>
                <g class="text">
                  <text x="44" y="52">Client</text>
                  <text x="392" y="52">Moderator</text>
                  <text x="216" y="100">PresentationChallenge</text>
                  <text x="108" y="116">If</text>
                  <text x="152" y="116">needed,</text>
                  <text x="212" y="116">Redeem</text>
                  <text x="248" y="116">&amp;</text>
                  <text x="280" y="116">Issue</text>
                  <text x="92" y="148">CredentialPresentation</text>
                  <text x="416" y="148">|</text>
                  <text x="184" y="164">Request+CredentialToken</text>
                  <text x="200" y="196">Response+CredentialResponse</text>
                  <text x="92" y="212">CredentialFinalization</text>
                  <text x="40" y="228">|</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art"><![CDATA[
+--------+                                +-----------+
| Client |                                | Moderator |
+---+----+                                +-----+-----+
    |                                           |
    |<--------- PresentationChallenge ----------+
    |<===== If needed, Redeem & Issue =========>|
    |                                           |
CredentialPresentation                             |
    +----- Request+CredentialToken ------------>|
    |                                           |
    |<---- Response+CredentialResponse ---------+
CredentialFinalization                          |
    |                                           |
]]></artwork>
          </artset>
        </figure>
        <t>Moderators trigger Presentations when they want to perform an access control check.
The client will consult its stored Credentials and identify if it has a Credential for this Moderator.
If it doesn't, it will consider triggering the Redeem &amp; Issue flow described above. The Client must never
present a Credential to a party other than the issuing Moderator to avoid spending the Credential unnecessarily.</t>
        <t>When a Moderator credential is presented, the Moderator learns
whether or not it satisfies the Moderator's policy. The presentation
must not be linkable to past updates, or to the Redeem &amp; Issue flow that produced it.</t>
        <t>After the presentation, the Moderator may provide a new Credential to the Client, which might be based on fresh state or derived from the Credential that the Client presented.</t>
        <t>To satisfy privacy requirements, Clients are limited in the number of Presentations they can satisfy within a particular context. This is discussed further in the <xref target="privacy-considerations"/>.</t>
        <t>Moderators may also Update Client's Credentials, typically as part of the Presentation flow. The Update may allow the Client to modify its credential, or provide an additional Credential. This process must satisfy similar requirements to Credential issuance for unlinkability. Provided that the Update process does not reveal information about the previous state of the Credential, then it may be performed multiple times within a context.</t>
      </section>
    </section>
    <section anchor="anchor-feedback">
      <name>Anchor Feedback</name>
      <t>TODO: Discuss use of <eref target="https://datatracker.ietf.org/group/ppm/about/">DAP / PPM / Prio</eref> in Endorsements which feeds into Credentials to measure per-anchor abuse rates.</t>
    </section>
    <section anchor="deployment-considerations">
      <name>Deployment Considerations</name>
      <section anchor="anchor-policy">
        <name>Anchor Selection and Policy</name>
        <t>Moderators seek a deployment where honest users are able to pass as many challenges as possible, whereas the number of presentations that malicious users can pass is minimized. The exact weighting between the risk of excluding honest users vs including malicious users is deployment specific.</t>
        <t>This guides how Moderator's should select suitable Anchors, seeking to cover their user base whilst minimizing the number of Endorsements that users hold for a given time period. Each Endorsment can be converted into an independent credential, so if a malicious user can perform <tt>X</tt> queries before their credential is revoked and they have <tt>E</tt> endorsements then their total access is <tt>X * E</tt>.</t>
      </section>
      <section anchor="discriminatory-treatment">
        <name>Discriminatory Treatment</name>
        <t>In general servers already have the ability to deploy access control mechanisms to protect resources under their control. MoLE does not change this but does provide a new privacy preserving access control mechanism.</t>
        <t>In <xref section="5.1" sectionFormat="of" target="RFC9576"/>, Privacy Pass Issuers were encouraged to support a diverse range of attesters in order to reduce the possibility of discriminatory treatment by token verifiers. However, arranging many attesters to agree to use a single issuer is challenging. It requires coordinating changes in the trusted attesters with each downstream verifier. If downstream verifiers have differing token value requirements, this creates friction which leads to partitioning by issuer which reduces client privacy. There is also little incentive for high value attesters to share fate with low value attesters.</t>
        <t>The use of Anchors in MoLE and support for multiple Anchors mitigates this issue. Rather than requiring Issuers to coordinate with their Verifiers as to Attestor policy, instead Anchors can individually issue according to their own policies and Moderators can choose which anchors to trust. Moving the decision on aggregation from Issuers to Verifiers resolves the tension inherent in Privacy Pass.</t>
        <t>Further, the use of Anchor-Blinding prevents this from being a privacy risk for Clients, since even if Anchors are very fine grained and specific to a particular attestation type, the Moderator does not learn which Anchor was used and so cannot discriminate on this basis. This relies on the Moderator's Anchor set being large and not being partitioned on something specific to the client, which is discussed further in the Privacy Considerations section.</t>
      </section>
      <section anchor="centralization">
        <name> Centralization</name>
        <t><xref section="5.2" sectionFormat="of" target="RFC9576"/> identifies Centralization as a major risk from Privacy Pass, in large part due to the motivation for sharing Issuers as described in the previous section. MoLE aims to avoid the same centralization risk through a number of mechanisms.</t>
        <t>The Anchor / Endorsement mechanism means that parties that have user relationships and parties that provide access control can be distinct parties without compromising on user privacy. Without this mechanism, only parties which access to a scarce resource could also be effective Moderators, which would encourage centralization.</t>
        <t>MoLE allows each Moderator to make an independent decision about which anchors to trust rather than requiring shared Issuers to be established and coordinated. The dynamic rate limiting supported by MoLE enables lower-accuracy Anchors to be used than could otherwise be supported. The Feedback Mechanism also encourages experimentation with new Anchors by providing Moderators with insights into Anchor quality.</t>
        <t>However, there are residual risks. Moderators inherently benefit from scale which provides more insight into Client behavior and means that decisions to promote or restrict access are consequently more impactful. Sharing a rate limit across more sites means the amount of volumetric abuse that a attacker can inflict becomes smaller.</t>
      </section>
      <section anchor="deployment-in-a-web-context">
        <name>Deployment in a Web Context</name>
        <t>In a Web setting, the MoLE architecture may be deployed in several different configurations. For example, the Moderator could be deployed in front of a site, mediating access to protected resources directly, or it could be deployed as an independent service which the site interacts with on the back-end, or the Moderator could be a third party service which communicates with the site through an information flow mediated by the user-agent.</t>
        <t>Many browsers limit the flow of information between distinct top-level origins, for example by partitioning cookies and other state. In a web context, MoLE endorsements and credentials may be used without partitioning to enable a limited form of cross-site information transfer. However, user-agents must employ suitable safeguards to ensure that the information flow is limited in line with the user-agent's privacy posture, specific recommendations are given in the Privacy Considerations.</t>
      </section>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <section anchor="key-compromise">
        <name>Key Compromise</name>
        <t>Anchor key compromise will enable an attacker to produce as many endorsement as they wish. For Moderators which trust this Anchor, attackers will be able to run the Redeem &amp; Issue flow as many times as they wish. If any Moderator allocates some rate limited access to each initial Credential, this will enable the Attacker to bypass the rate limit.</t>
        <t>Moderator key compromise will enable an attack to produce as many credentials as they like with arbitrary state. However, this will impact only the Moderator and not any other parties.</t>
      </section>
      <section anchor="state-management">
        <name> State Management</name>
        <t>MoLE requires all parties to maintain state in order to uphold its security and
privacy properties.</t>
        <t><strong>Anchors</strong> which grant Endorsements on the basis of some long term account
will need to maintain state in order to record when a user has been granted an
Endorsement (see <xref target="anchor-policy"/>). Losing this state means over-granting,
but not a privacy loss.</t>
        <t><strong>Moderators</strong> require state in order to prevent the double-spend of
Endorsements and Credentials. State should be bounded to uphold <xref target="privacy-properties"/>.</t>
        <t><strong>Clients</strong> store their tokens and <bcp14>MUST</bcp14> burn them once redeemed or presented (see
<xref target="concurrent-contexts"/>). Ensuring that they do no replay state is their responsibility,
as it puts them in control of the <xref target="privacy-properties"/>. If a Client is unsure
that its state is valid <bcp14>SHOULD</bcp14> discard the affected tokens. This might affect
their availability, but still uphold privacy and security.</t>
      </section>
      <section anchor="ddos-mitigations">
        <name>DDOS Mitigations</name>
        <t>The server-side cost of Presentation flows needs to be as cheap as possible as malicious users who receive a challenge for a presentation may submit responses which will certainly fail but cost server-side resources to verify.</t>
        <t>The Redeem &amp; Issue flow is particularly susceptible to DDOS as it is the only flow which is triggered by the client. Moderators should give consideration to suitable protection mechanisms for this endpoint, for example, using a client-side puzzle to ensure that clients spend at least as much CPU as it costs servers to reject a faulty Endorsement redemption.</t>
        <t>As the Endorsement flow is triggered by the Anchor in a context where it already trusts the user, it is less vulnerable to DDOS.</t>
      </section>
    </section>
    <section anchor="privacy-considerations">
      <name>Privacy Considerations</name>
      <section anchor="anonymity-sets-and-minimum-thresholds">
        <name>Anonymity Sets and Minimum Thresholds</name>
        <t>Client anonymity sets depend on the total number of clients that share the same configuration metadata. During a Redeem &amp; Issue flow, this corresponds to the number of other Clients that possess valid Endorsements for the specified anchor pool. During a Presentation flow, this corresponds to the number of other clients that possess valid Credentials for the specified Anchor pool.</t>
        <t>Client Vendors may act to limit the use of Anchors or Moderators where the total anonymity size is too low. For example, the Client Vendors may allow Endorsement flows to succeed but program Clients to flag the resulting Endorsement as unusable until a threshold is met across the fleet of clients. The same process may be applied to a Moderator's credential during Redeem &amp; Issue, ensuring that a minimum size set is reached before the Client will present a Credential from a given Moderator.</t>
      </section>
      <section anchor="configuration-consistency-and-partitioning-attacks">
        <name> Configuration Consistency and Partitioning Attacks</name>
        <t>During Redeem &amp; Issue, if Moderators can rotate their configuration material freely, they can enable the tracking of users, e.g. by restricting a user to a unique configuration which it can later detect. For this reason, Client Vendors should ensure that their clients receive consistent information from Anchors and Moderators.</t>
        <t>Deployments should make configuration material consistent across
Clients and resistant to split views. A deployment can use a
<xref target="CONSISTENCY-MIRROR"/>, <xref target="KEYTRANS"/>, <xref target="SCITT"/>, or another mechanism which provides similar global consistency properties.</t>
        <t>It maybe that some deployments are comfortable with a weaker form of consistency where Clients manage configurations locally and limit how often they tolerate updates to it. This cannot entirely eliminate partitioning attacks but can make them less effective in practice.</t>
      </section>
      <section anchor="side-channels">
        <name>Side Channels</name>
        <t>MoLE does not address all channels that can identify Clients. For example, side channels may reveal information about the user's Client, associated user-agent, hardware configuration, network address or similar information which can be used to cut the user's practical anonymity set. This type of side channel exists largely outside of the architecture's deployment and needs deployment-specific mitigations.</t>
        <t>Timing side channels may also reduce the practical anonymity set. For example, Redeem &amp; Issue may be performed in response to a challenge for a Presentation by a Moderator. Based on the latency which the Client takes to answer the Presentation Challenge and can likely infer that the Client's presentation can be linked to just-issued Credential. Further, the Moderator can even control how long Redeem &amp; Issue takes in order to actively cut the anonymity set. Clients can reduce their vulnerability to this type of attack by imposing a limit after which they will not attempt a presentation with a fresh credential after Redeem &amp; Issue.</t>
        <t>Depending on the configuration of clients, other timing side channels may exist in the protocol. For example, if the Client is programmed to fetch Anchor endorsements on-demand (rather than pro-actively provided by an Anchor), a similar timing side channel exists between Endorsement and Redeem &amp; Issue. This timing side channel is particularly severe as the Endorsement session may have context which identifies the user or their device. For this reason, deployments are discouraged from fetching Endorsements in direct response to a Redeem &amp; Issue session.</t>
        <t>Particular consideration should be given to designing flows in which Moderators provide all the information that Clients need during Redeem &amp; Issue and Presentation pro-actively, rather than requiring clients to interact with third parties, the Moderator or their Anchors in ways in which might lead to timing side channels.</t>
      </section>
      <section anchor="concurrent-contexts">
        <name>Multiple Presentations in Concurrent Contexts</name>
        <t>Credentials can only be used a single time. Consider a malicious Moderator which begins a presentation with a Client in one context. From the moment the Client begins to present their credential, they must mark it as burned and cannot use it in another session.</t>
        <t>If the Moderator simultaneously issues a challenge for a presentation in a different session, the Moderator can conclude that the Client cannot also answer that presentation (assuming it has a single Credential). A similar pattern holds for Updates. A Credential being Updated cannot be Updated or Presented in any other session.</t>
        <t>In order to avoid this behavior being exploited for a timing side channel. E.g. an attacker holds an Update on one client and challenges for Updates in other sessions in order to link two sessions. The client must only never offer the same Credential in concurrent contexts. That is, once a Credential has been used in one context, it must remain locked to that context for a period of a time.</t>
      </section>
      <section anchor="multiple-presentations-in-the-same-context">
        <name>Multiple Presentations in the Same Context</name>
        <t>Every successful presentation of a Credential reveals at least one bit of information about a client. Answering Multiple presentations for the same or different moderators within one context can lead to greater inferences about the Client.</t>
        <t>For example, consider a Credential Instantiation where the Moderator assigns each user a unique integer in their credential, a Presentation operation which checks the integer is &gt; 0 and an Update operation which reduces the integer by 1. If the Moderator can repeatedly issue Presentations and Updates, it can recover each user's unique integer in a given context, allowing their sessions to be linked.</t>
        <t>Consequently, the Clients should limit the number of presentations they'll make in any given context. A context is determined by the boundary of information flow. For example, in a web context, a context is governed not only by the top level origin but also carries on through navigations to different sites as bounce tracking or use of tracking URLs can enable information to cross to new pages.</t>
      </section>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document has no IANA actions.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="INTERNET-END-USER">
          <front>
            <title>The Internet is for End Users</title>
            <author fullname="M. Nottingham" initials="M." surname="Nottingham"/>
            <date month="August" year="2020"/>
            <abstract>
              <t>This document explains why the IAB believes that, when there is a conflict between the interests of end users of the Internet and other parties, IETF decisions should favor end users. It also explores how the IETF can more effectively achieve this.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8890"/>
          <seriesInfo name="DOI" value="10.17487/RFC8890"/>
        </reference>
        <reference anchor="OBLIVIOUS-HTTP">
          <front>
            <title>Oblivious HTTP</title>
            <author fullname="M. Thomson" initials="M." surname="Thomson"/>
            <author fullname="C. A. Wood" initials="C. A." surname="Wood"/>
            <date month="January" year="2024"/>
            <abstract>
              <t>This document describes Oblivious HTTP, a protocol for forwarding encrypted HTTP messages. Oblivious HTTP allows a client to make multiple requests to an origin server without that server being able to link those requests to the client or to identify the requests as having come from the same client, while placing only limited trust in the nodes used to forward the messages.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9458"/>
          <seriesInfo name="DOI" value="10.17487/RFC9458"/>
        </reference>
        <reference anchor="PERVASIVE-MONITORING">
          <front>
            <title>Pervasive Monitoring Is an Attack</title>
            <author fullname="S. Farrell" initials="S." surname="Farrell"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="May" year="2014"/>
            <abstract>
              <t>Pervasive monitoring is a technical attack that should be mitigated in the design of IETF protocols, where possible.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="188"/>
          <seriesInfo name="RFC" value="7258"/>
          <seriesInfo name="DOI" value="10.17487/RFC7258"/>
        </reference>
        <reference anchor="CONSISTENCY-MIRROR">
          <front>
            <title>Checking Resource Consistency with HTTP Mirrors</title>
            <author fullname="Benjamin Beurdouche" initials="B." surname="Beurdouche">
              <organization>Mozilla</organization>
            </author>
            <author fullname="Matthew Finkel" initials="M." surname="Finkel">
              <organization>Apple Inc.</organization>
            </author>
            <author fullname="Steven Valdez" initials="S." surname="Valdez">
              <organization>Google LLC</organization>
            </author>
            <author fullname="Christopher A. Wood" initials="C. A." surname="Wood">
              <organization>Cloudflare</organization>
            </author>
            <author fullname="Tommy Pauly" initials="T." surname="Pauly">
              <organization>Apple Inc.</organization>
            </author>
            <date day="30" month="January" year="2024"/>
            <abstract>
              <t>   This document describes the mirror protocol, an HTTP-based protocol
   for fetching mirrored HTTP resources.  The primary use case for the
   mirror protocol is to support HTTP resource consistency checks in
   protocols that require clients have a consistent view of some
   protocol-specific resource (typically, a public key) for security or
   privacy reasons, including Privacy Pass and Oblivious HTTP.  To that
   end, this document also describes how to use the mirror protocol to
   implement these consistency checks.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-privacypass-consistency-mirror-00"/>
        </reference>
        <reference anchor="KEYTRANS">
          <front>
            <title>Key Transparency Architecture</title>
            <author fullname="Brendan McMillion" initials="B." surname="McMillion">
         </author>
            <date day="29" month="June" year="2026"/>
            <abstract>
              <t>   This document defines the terminology and interaction patterns
   involved in the deployment of Key Transparency in a general secure
   group messaging infrastructure, and specifies the security properties
   that the protocol provides.  It also gives more general, non-
   prescriptive guidance on how to securely apply Key Transparency to a
   number of common applications.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-keytrans-architecture-09"/>
        </reference>
        <reference anchor="SCITT">
          <front>
            <title>An Architecture for Trustworthy and Transparent Digital Supply Chains</title>
            <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
              <organization>Fraunhofer SIT</organization>
            </author>
            <author fullname="Antoine Delignat-Lavaud" initials="A." surname="Delignat-Lavaud">
              <organization>Microsoft Research</organization>
            </author>
            <author fullname="Cedric Fournet" initials="C." surname="Fournet">
              <organization>Microsoft Research</organization>
            </author>
            <author fullname="Yogesh Deshpande" initials="Y." surname="Deshpande">
              <organization>ARM</organization>
            </author>
            <author fullname="Steve Lasker" initials="S." surname="Lasker">
         </author>
            <date day="10" month="October" year="2025"/>
            <abstract>
              <t>   Traceability in supply chains is a growing security concern.  While
   verifiable data structures have addressed specific issues, such as
   equivocation over digital certificates, they lack a universal
   architecture for all supply chains.  This document defines such an
   architecture for single-issuer signed statement transparency.  It
   ensures extensibility, interoperability between different
   transparency services, and compliance with various auditing
   procedures and regulatory requirements.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-scitt-architecture-22"/>
        </reference>
        <reference anchor="RFC9110">
          <front>
            <title>HTTP Semantics</title>
            <author fullname="R. Fielding" initials="R." role="editor" surname="Fielding"/>
            <author fullname="M. Nottingham" initials="M." role="editor" surname="Nottingham"/>
            <author fullname="J. Reschke" initials="J." role="editor" surname="Reschke"/>
            <date month="June" year="2022"/>
            <abstract>
              <t>The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document describes the overall architecture of HTTP, establishes common terminology, and defines aspects of the protocol that are shared by all versions. In this definition are core protocol elements, extensibility mechanisms, and the "http" and "https" Uniform Resource Identifier (URI) schemes.</t>
              <t>This document updates RFC 3864 and obsoletes RFCs 2818, 7231, 7232, 7233, 7235, 7538, 7615, 7694, and portions of 7230.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="97"/>
          <seriesInfo name="RFC" value="9110"/>
          <seriesInfo name="DOI" value="10.17487/RFC9110"/>
        </reference>
        <reference anchor="RFC9576">
          <front>
            <title>The Privacy Pass Architecture</title>
            <author fullname="A. Davidson" initials="A." surname="Davidson"/>
            <author fullname="J. Iyengar" initials="J." surname="Iyengar"/>
            <author fullname="C. A. Wood" initials="C. A." surname="Wood"/>
            <date month="June" year="2024"/>
            <abstract>
              <t>This document specifies the Privacy Pass architecture and requirements for its constituent protocols used for authorization based on privacy-preserving authentication mechanisms. It describes the conceptual model of Privacy Pass and its protocols, its security and privacy goals, practical deployment models, and recommendations for each deployment model, to help ensure that the desired security and privacy goals are fulfilled.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9576"/>
          <seriesInfo name="DOI" value="10.17487/RFC9576"/>
        </reference>
      </references>
    </references>
    <?line 587?>

<section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>TODO acknowledge.</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA+V9aZPjxpXgd/wKbHfEtg6SrfbYa7skeVyqLtk17mu6quVR
TEyEQDBJQg0CNBKoEtVq/5b5LfPL9p2ZL0GwWvZ4NzZiK0LqKhLI4+W7r5zP
51lf9bU7yx88b1euK/qqbfJ2nQ/Ns6p5Wyxrl182q7bzbuea3ucfPW+fXX6c
n3fltupd2Q+de5AVy2XnbmmMZ5ej78qid5u2O5zlVbNus2zVlk2xgwlXXbHu
59/v/HzX1m5emLfmn32W+WG5q7yH5fSHPTx+dXnzddYMu6XrzrIVDHqWlW3j
XeMHf5b33eAyWME/ZW/d4a7tVmdZPs93YUv4l4v7wD+HpqYdVnXVH/CDfVfd
FuUhu3XNAKM/zPNN1w572NZ501fzr7tiWOUX7W43NPBG/gf88gE+xgt8MPXV
rqhq+Go/LOuqnBcwzhqH+f3dPy3abkOP4MbhkW3f7/3Z48d15Xu/4O8fEyhv
nX/8igZ4PB7n8YMMVln122GZnOC8Xc/jCc7tCT6umt51jevndAAeR6gBnL43
i9iNRqp1JANDv+CJF1U7HvPxPWe72Pa7+kGWFUO/bTs8JlhAnq+Huma8uC52
g6vz63JbO181G9fRAwCOoql+pEWd5X9o2w2g5rNnF/SlYzj7jY9v/X6DHy7K
dnc8x1PXNJXP/6Uo33pEjqPxn7c/VnVd2MEr169/v6IX59/zi4vh7fHYN9tq
WQx1nz93gA2Tq7+o22G1rovO2Qnafk5z9DIAjp41bbeDt24BITMkoPBXnl+9
uLl8/eLyZn754un8zfXl67P89dcXv/nNbz+DL19+9ezqm6uXb67nf7y5eUXf
/PaXv/oNfPPq8vU359dX31zOn798cXXz8vXViz/Q97/+BX1/8fLF9dX1zeWL
i2/nz69ev34J417Nny5wbXOhkX3h/RzJD5DVNeVhvqu6rsWt/uny25vX5y+u
zTtAkX1XND5BA3j0+uLq5sY858uq78cP4bqfPPnsTH791a//FwBisVhk2Xw+
z4ulh6HLPsv+Ju4FR180uZ0p77dFn9cOninyfdEBEe9dh+AGXMqLsnTe57Dh
vmvr/KMil+na7uN82bY9rmKPTMj3wOZgiLKuYMJ83bU7+AtOtFvJsB/BzOdN
ucVXadKi7lyxOuTbAufmMTpX0178ttrnd0Bm/CiPOoPFr+ADBxOtvsfH6Ut+
s711Xd5XO4fr6JzfI4/M+xafl/cf+XzptsVt1Q7dLIc95u6HYrcHWC0P+eoA
WFyVRV0fctigm9fVruojEBYIamDyfdFtEFrtHpaxcvu6PRCIZzjv3bYqt/AL
fA4MAwGBe6+cB354gMl1YRUeEC5gBGDcH3582w5wRDA3/sGLhwlg9Bp2CkTT
9PAffg/wb+EfwU74t8VzRQDaVxdAmw6gYb8GGoTl+2rTuBWCadvWq9yBCMir
Na+6rPYF4g7sC2HoytYfAOt3sNq6HlYOaBtId+u6uwrGBplFwHUAKOAEPgd5
NyBkcr93ZbVGIOAwsE0He8FfA1kD7q7r9g6Pp79zjubb8TO6M4SMd+XQoZjp
3F+GqnMCd/wqHkRO1Kk04YVedtVqVbsMxM4VQno1EBRgpV2xqvDXAoC/B/gU
5RYX2o5PBhDzkMM6awD3HHj+Lq/wfHFfnc89HFde+GzwgIRXTz2Cpmzbt5Xj
Y8Nva9ihHghOANiAJPwWwF8QaA45SROgasV8lzHEF/kLdwcjmxXW1VuXvxLg
vAKulL97J3zi/XuQ+MQC0j1kOGo79GHlJYFoli+HnueH0W/hy7xpFe7A9wBx
ulvEtTtAYVy3kn12TPZ4FGXRNG0/QaGWwgK1KlkV1Y7Bvlp1uOaeEHZT7D0N
KhuaWNXonHA1DRNnQFhEf0DInQNeDEe137cdE7ZFmztAZBfOB6mj7w74VMQF
mBQ4B/zK7G0HoqpC7mHpnZZV4rE7OCjLS+1TE2S/B9KEU2H+A8iGrwC+rar1
GhbW9IaXVoyhxCSIzJFQCMagAMJjDY4NwiBQ/1dDVa94x0LCjJNwVAoPOFZA
OYQbvU0rEuxCoZGDLLNkx0Sna6tQIOCMeJR6olvC6s4BmwFhWTWA1kT7C9AC
GMjeubeT4BU+BZSxPGRB4hAptfBWLygBWy/HSA5wBEXxsMjPo6gi5ousCRA7
W8EOyv6kuClkdUwVVQPQKlb8tBfxJetYtTRmVkyM4luQQxfKt8dntcPVbSrk
tekaaZos4JVMhzgNij0STAvbRMrZtYCfAO8KFkU8Z1l4B6OqhKXRwpyZApzF
rpl05RyQ3dBE5Dl8TtgUH0EcQUG4AZmIOOgzVyHTR5mJewWN947IRJkB8Big
XGH6ZTjs9uQbGU7I6ybZgYRPmBL5IeBRO2y2Y3wioXFmNZ1Z/trhpvL/mV95
PziSDtkrZBcgM/GQFiAB0jeCXgJmDwk8xQH8JnmSqAatr1t3YGnGL4JiYbav
J4/HRfJRiZamPlqfPJ11jk8jnTQfnRhiPiCwQ+MI38W3iG3MWMIQYEFwxDcs
yyaEmVgqrcxCaWa+zPb8RTofEW5cWDp9nky/K0BWod5JlJoppa4AQ9DMZa2u
VYmBS6xBEakRwafAGmTHDAyDEjQRnPTnaXCMXKxrjBUgYTpmpkdeeeBCjo0G
azJ7PqsWDgIFXgdrRrDA64RH+CyjxwwYOayJqK/qmZ/uHBr0tEV7Wo+UyeTX
DhDOt/hCmKJ2xdtEayqW7WBXHBQR5u8BO5kpJg/CAH6tSAlSt+JjL+LelfqQ
s2VF2bXAZe8hNTpGi0ME4WhCzwCYqF8awJCcMQye5SppRfhQZFtK/a7qom5K
cwhqREHPem5Qh0EAk7ycUnczUnfv0J4w68nNekTTPVJpYaSyq5aq0hp1VHl8
RDMYcQuaX6LgzTIQjneurkX1yxFfaE8u0WXRHVEvUG19AwNeAJMHPe8hcPx5
ib+/F1GLGLXfwxGTkoSk1ByipEe9xuwJtPUtPhNJREUofhhksCqLaC+xrsSC
c8pCQ4YfrJREZjI/OK24RLlDcgywkY0sYP+4Pj96GTgJq1Jl29FqlIegvrXY
LOKkQGEFAARMPZ9Yj6xIegsQ3jaYZauEhcDHAp0lLG1s/qmSKVAmdRwP8s4t
BeRgTrf7oQ6muZkRF6IYR8zR6oZhS5G6qyNDkQlabQsdi3CMQMCb5W8JsEQA
Qr0rUYhpsAIVG1F9yhpOcpViDhlhAn5DenQKhvRo/LdNe4fWANBf21VqDaCl
437Ys0JHKgxoM1XD+gTuLTXe1tVmYOMNEf8hcpmhdKv5111FvCi/2ML5uGbD
tFDO1/IFUMM5a0O3AEASV3Aa8JsLSvK66tAmQdnBe25atdNECfdomx+U5YBy
982rF8CHt7C9Vf7i/GaGisyEGQKs5gdh8e3Sg52KLNshbr+d18XBdZmxF4lP
5bQy1JLR3HLdnJYO5wIowvYuoZ9Deb8fmKWCfEEWVtQZc0oYRSaBs+m3PC6N
Q16SpSsYK3KFERr3vc4tWO/JMETzyNOykUkBKtJZBc3vtq2B9fUwDNNDjlY1
LMwRy7o4f3Vz8cdzP8t8VeM5du57djQQvNDQApmIYyIidECOJY+gtrFHZRqM
asbVYHllypl0ybXbwIpA+oGFBOjxx/YOeDgKWNKz8BEftX3L1mryHqJmQIYP
YL77oRcKK2ha4SBLVxbwJymlBEl1t3hRYdoBeckOdkMeswPLQsIKsp5XrP3L
isoCuGnGh6beKFymMDplRyS3eflkEPUoGJSsGUikVGSJVw8eJYABgg5VX6hT
Kah7+6hmk5Rj6BJ1AN7cyYTHxAGQvWpI2cdXcpQ1s3gGsDqPy4PXEPMC9wgM
boF6lioa08rjHcmMAdCsI1M3S1Ve9MozJASCKsoPdKh7xDl6OVU2H/lMzb9A
YGW7W6JFzNuRg6AVI4twP1RemBnQGE2J/HflQINydIKkmAIZzPJS+Q6dNmN4
kP+wYLTqzBbZ45e1jePB82KHrjqPCFvUnyeKHb7S125kPOC8FAhigKY2GRH4
pkUfQdSdE93VrGXCJXox4RINKnykHODdw15ol3a9A/V7lfhvHpJ20uXnGzrn
85IA+oaO56kDimURSLy6oGcip17x90gBRDRrEQlG91T0otMk3SYvhr7dEeOh
8bJuaBo+RGY36KRDH+BMRlt2oIm5bpFfM4WRyxuUTBgV2QFxDuKqgCw71tU7
VzA4gYqAixbIsGB1MjNpt57CZMA/iYIChyWzugGoZ/C8uINm+bJuWanVHa94
VQRtT9sDhuLWa0QqeBGOSzBzaO6A8N0qi3Mj51PZTBA4QWUtS2iEtBx0vQ5O
dCFmxG2fGTQmX8Jq9K7v4S1yAopaGKcGobEuSvEuERMSUQfESm7QjrgvcSf4
Hlnf1yq8zFrx0ITLJNZuxlTMTsWeVGacdr7qyIGyNwaH2g9x2aCOfJ6xu2Az
gN4rQU9ggUXYLskCZOGAzvAYEzeKvMqHoXhOYC/Bf0/jzIh40408Qjvzz1sK
DoSTVhKDiVuKOQYFLt0v8oxhj0FeBhWwckCwTEhWNmVtfh+/MdKe4sOwu6Y0
7F23IBYdid+D60V91087jMk1xmyLXgwwOEQvZXsdDdcI54hX8llAgsrax26V
SEFgBDVGUEU6z7IINGYVBBJ1vhfR9bNvW3IQWMMtAgYUkdr1RD4s40Z2nfVc
EhntgukZwgHx3Flfy3wBHCqJnZH/FCjcWb5Azu9SSHcVeRwpQ2qf4/NNuyPr
pCvualQKSegCC06VYBDu6pR2zfft4d6QD+4hbHjkOa1qNw0M1Nyjx5Ujd6Di
wYHozNkOlR7ckVUD+x6DwSwAKBIBoDxnwXEhZgrzfPpsQjsXJZR1yPowC8wF
JD0HWPsYRWELgu3Jos8AkDgqLlLH6xw7SSziNmhaE/oalSAKnGw9NCWfN7Er
RLGmbeacbgBHA493eKhybqTxVaDhDUt0AOz5UClbImOPDprFovOiTo/KbrvK
/zK0fUHyAyUscte9CVBN61rBecPqECOX+h5dXW2ECQmW8QqzsORIj8YXh9Ho
uggy0I4CErdNpEfG4xbReVT0RI3sdHPMJGFU3hyzdlJUzNmk7Dl1COEBUZCE
2YtwldSppJ4XBQ07z7wDOKwKMJM2bVGjKt25DITMsqU1cYaFJB3w8gmForeQ
jACAa1cth97NWeKNomW4HnLFz0G8IfQstFirVALFfSHeosAv4WhZj6mAzC23
CN4jjCxIPFhguUINDcbcFw0uWZ8k4kJiIreZst6nbl01FbvlCN4Ym8HUH58/
eP7m+ubBjP/NX7yk319f/uubq9eXT/H36z+eP3sWfsnkies/vnzz7Gn8Lb55
8fL588sXT/ll+DRPPsoePD//9gFj2oOXr26uXr44f/aAHQPWXUbRtJb3C9gJ
SEEM3mfqR6P9f3Xx6r/+88kv83fv/sfrry9+8eTJb9+/lz9+8+TXv4Q/0Ijh
2UhJ4z/R6ZGxlkbRP2SgxR7MoRpPBuh8i04J9GUAND/5d4TMf5zlXyzL/ZNf
/k4+wA0nHyrMkg8JZsefHL3MQJz4aGKaAM3k8xGk0/Wef5v8rXA3H37xz0Bj
YGA/+c0//y5jHFm3wT3vup2QImK9eDpYpzOHdgbA+oSNhLNPPsnOMLgkAp04
AQbv/KTnUAiopvBdahfCkMzWJoeU8MvYxFU3cNBLp5JFaOww0+TwqBXB1pIJ
cmR3u30kLqORJrwry1ky6mLw2Qo5lNXHCB7k3NqopcLwEasU12gml1WCmDns
+xZ2vwdDP2+XZFgSMASEIUDFLJpDNnQ+Yep7x6KFjk8jGYwdgob555yWg2aO
b8uKNDJWSTmM4UVPXeWroWMHmImx4dpewWCYYuB0aUtQ2Rxark7zAuxq3G1R
DySaig16W/pEGIEY3FarFTpccRGwPJm2yNPgXmoow3wdHKxyCzbot6pchxgI
DIefhhVHvZ4fBPXC1evx8eVfA0Xx5ojCML8j5AAdBxXTsJ4B/iyxuGAto6Di
iZwogwajQMy961L/ws8ON6LchEUBzx46tK+X4gxL7BDV3FjJJ0PReKYDMvP+
zHyKKTFoNLF4jBuni0dXGxlRXowS0q2OHUyKLOGkGV/4lENiElFGoinxsoho
eS2vB/TSEcM8piJF3ZRjGG6Hwby4J0xgMJYLrzRhenb8uwpNXnJ6Kc4fqUg4
T9scdsjqpqYKTIs8UApLzkAQiFbo900sZVDQlMbw/I1HRlTpHgyoDSaNcN7H
I59mFpsoxxxoV5zkEo9DAqaIh1dHg69+DHoTrptUn5e36D9xdzHOhUoSBSno
0YlsgCwJUR7jfcDfFO/RAVStyRUZY+QT6SFK1p8fBfLvI7HEvckWluXpvKYU
gSWD0iICkVj2ARKr+s+PIrFTiwNcBv303hk5KH6rLB+RRHMBajQDQPtuV6lr
aGRw2MwVEYVF0BTghP/617/mReFvN9mnc/n5NDc/05+az/Gr7CeFwU/2mZ90
pz+l7/5k1vcTzfvp5LzHn+q88v+MR5v6mf6UvuG3vsCdXxknJ/z9uw++9XfN
9emX8JPgOvz9f2Kuv/59P/8dME5/9wWNOwYvAvgfORdhQf7R1TpvHNDQ6uN8
Pv5ZTL/50wfmu2fSn8LMMLc9U/rkdx989b8x609f8KyGY1ji/MfPmn93BNDx
z6N/OPIQtQC9JDrJl0Qxf+dciOLvzvKH62pzXBSSU9zny+P6oSD6HrzPsqcs
h9OstSC5Bc39SELxn5KR3rM6n00YTiTMm4Im5fjLlPRDoawpfeLAlWnIT8Le
jKDHUjDnLSgUFANhhyV6ZRBvNOuYoq1FXrcbCduEFPkQq71zxVsNy8aha05I
ySTozBtIlW2bLdaQk4oyJseWpQh91jkmbcpnoNZ1M46eHuUDR1FmjkN2AYJz
t+8n1UURoYnwXeRXa7tqjAw2j3qJYydSmtz5lbdStmctkUKCoJMVGyfJGdnI
MkAViRK+aAT8yyb6nbIJQlTFBlqjZns6J5Hjjmg3pAl0+X0JdJxkqThcsNY9
SqEr0RUflhWXAif2EiN1FuKE+Bo0LiIWJ9R0nPMqyWrB20guSKIPWIJdP0O6
6vIk2TzEq2UcH3zqqozT8tEnAfpTT0nfXkIWMhxb262CFlayhme2RyrbaZVr
SfVK7KilZBI0Sr6uGsxvSg5eNuzJMk3jckLsSaJnq9pekZfxSQlchWi4wMHw
Uc12GGeIZvBGdzAGt/AhGx6MOAazqisBDS/KniKuQipxNPJlapc4dXbOMX9I
ci5LtMEIBGwajv0ICB9KUpE93rNSTURr0bfbOfRZU0RYfmfWoTUXjCjETMZk
gCl866Gj3UynfJ5YwCJ/SpaVFBBwZNdjXZ48SqmCbhV3O4X+nLNrcnQ5UybN
QhPciMEjo9o/DNUpf2jJMwYHeLOlsDrOhLGhmEalZqEmNJq6KqwMUUsEQ+Rs
9E1keCJjFNo6y7Inizzx1fxBvTAr4kTB5QdS4U2ISHySz/OnavMmOQjGfjKk
xv6/gnJpjsPuILIqqsMYMTy29kKorQlZwo1k1qen0Uj8VrgcHg6ul1FAvB9h
efihneuOshTE+dJOv1PxY8z83WpxDLwxxBKr/v8O0MawMswLluFsNj5uKMB4
DBAeh/wgI4lmxUh+PQTLWp0XSBFHojG6jyfcJ53bFN2qlmqcxFqX3EkjRM2G
WOBR3r5Y1EbVGvup8KwMGFHOFxT3HzsBppD9ah0VF1YcqNokVKAkDq0ZKxic
L/C3B/Zw4RPqCAvUPdXkyXkZXoZBYwknrofUJU/JIEeyZFskoMQ0b9R7DYTY
F3g4qlQIafKgIE2n9WvKVMhvYTSMWWwx39+6mSc49AWGR0rNeei1OFNZGahJ
IK1/ZDljmb/qDrqo9kTierZ0h5YSgNlX3ziEIAZMkZOGLF5VE1V14VCRdezx
0lK/nlmo8eEV6oGco9MRvXmL/GusPTrGzeNKgWSCmcis2t0WVFHXaypOklAd
qprwjKlcwMRhYnIgZW1EBAmRGFhbSuCz7NS0p5jE+cg7xzoqGBxZpPKqt++o
FKOc32R2XJFI+7SAleTarvgBEUJxNvpK8XS8k+wH8vYOoVxG5e9FOp7nbBFJ
aI81LuNqCZsGTMXBMuy64FQ4NesoDcSxIxuDhvnz4kAZrPI8lnJFf/fMapJB
Yi/kNa0sZmgSNE5UZlg1t2e8lgTrg1KJDjrKBS7SGJkWXPKp/wUQtB925GYe
QJLlH128/teLj3Uo0FuqJVUm1PjHLaUPBSUc9aC2lHpOzNoAyUAzYooTbhaO
EkyzHZIicFo4gWu0kyME0XZ0P4Dqg75WQ/bIh7j8gtYqeVQStNBZk4p26gJy
U0nhaRgJP30hCeM71xegzBZcu3D1Sktv0TkPkgFH2QUCXVNnCcAUSgPSQirK
WSy3RdO4OhQ6M0+g2lWYoapTxwHJhajezWjPCG0AIpaR846OEFJiDAzZjpz+
5eDRJRB15HuQnvTRay0fn1ZIAz2EMvNTBIFwjqi4SAqGuNwBrK4BuBGQwzz/
MwtNp6nLR1WFwajFTEnOyCdI/VDQeaMDw6ocNjDMTguncZbF5HRWy9Kcno0m
T0YLoDgy/VARaxwPhmYsFtOg45+jyWIAAmJxqwJjPIkNboZCI3zpYr4mKjjq
tkDsXjpjo28kA1Ez/41lsm1b7yTfYE4LgWHgdBOBKnwR0Dw5QirAT+t+pksG
DbM4kjrKtaUfzCowG9SlEv9S2Q71ih1arFgzvzNCysAiaFyYU+0ZNvQ+rzrW
MoWauBg1WoWURTu4VHjrIjjX44RL4Oci/glJEAt6VmNxMM8viibWuefcxyiJ
SVL3hhOcdMEDIIZI5ix9bZrxaI4eZ9clojqlDR/SrnQ1iXzBmZ62hItH8gJF
gNZ/qXD28jkxAxTyE0yLGGtqROBuR8qOFJzoeMwbXQTywKmm44Ms4MAP3ggd
Su6jpETUDzENhR5cFdI8Y0JA5l8dQhHYLL8HC+jUMQW0ppQQOeN8w5HUEag+
B65RCttYteK5k22E1cZkYiyVo7R3Mj0fUgKAp6RSQ04fDhWy994GBafDf+St
13jhifBfGOvTDwX6xMdP///iyy9vyId8SWnwYAXiymPo4NNRzOa1JKBj3EZG
GD8gJRu4BvM5efA0vTFdw32LvDcQYRtcJUEJMy+GIm7G9jSyJ2JSPo1pq78m
2JcanUhkH9ddUDT7qDS9lNSkI3eWVR+O7Htil9Vm23ODlWoDektUlmR9sLh5
EcQFuwxC+IFOJb6ivQBsZhdG/NA2NbEWEGQCQtMOxb6D+8NMxMCwQgHsaMOc
8aohFeEOqHBrUCU/FVRhjhNiKhg+GT2RyRMSO6FE5eYgrHDnUJer/C5qA7I9
DgtokVmi8dDOWS7bminemHG3y0hjNw9CJYEIA5Gy533Iio8ebWKA6wG03ZA/
QzqE09rSBivfAKBbEpuwN5KozI3o0ctwSqwE4TQC88oHeKf5OMCjKMdHnBtW
diU2iW/XRRfa+ZBNRuVrqB1kJiUMJQxXHt6i47vGomIjG+3kM3YTszbQUS0s
y0DimbgD8S9FkY4aujp5AYmNqpplCjVQmxssBCd9PPEYahZH9BkES8EaWQY7
CFtILlV9aGFlSMemSCmKFEcNUEpWFDBF8yjIEjr4yELIUAJ4kSkWccycxUeU
T+N3mA4c+cXHROu6hRHxYEVZh8qq0IgUAVB2dWiXoxIYdZHuZ+4Mc9YlJZ3Y
BjlZdM2pkTNmZ7cI/6Qgi8yCKEcHKucGa63tMI400fJAEqyXDhPryF/IPRXz
b2C360r0kDPiA9ypjVAAa7nBytwE/5XxP9/im4fIJZJwmEdSqVYhJRBJM60p
9BgM6QmwAeZbV4+Y9AKX+lVdJR77s3F2lbpE7oso4s6sOd2Kl52qKKe3QJoo
hY7XFAFMMvZUsRxnN8N6o3s1WbT2VbNwZFdHiNrHTjEHTMKcdudX3lgTxGPg
OB71MSBg/NEfcPeLGUmrvvxhX2GjUixg/RBwOVQYssLuCzjgzogM2eMIRpR0
6OOqGJr6ZePmN/DZ/I13Z4lHzQZhR1sTjCTXXpJUe1dh7EmGxaoQOBB0ugQk
DxvUNY78+VJnyI6aognnwiidJq5ybwLjz/6ZSuopnfVDautYofsZeWyn5/tw
DtuJWYOuqz+K0C/cpsV6Ok2YkR/QbROVNhzih+YYq8s37VvXfBpN3Kg+W/1Z
f3L7YFCjLaTjA1P69Mmd/02wul/lrtQfbvXtFKVU5Z4KnIy1btuFqjCyd0lF
8NihtywkDpg0bqKoPOfSj2JyUrNj/T3ISCqOyFNRYGjSBAQxWmTFFjC3Utli
hQ5QbjMHBKDiibQkPTXdQ6k9N8nM4mY0S6EQkrRRFQRUfNNvSWVC+xb1QddQ
DyHrDB2rM2mXrcirJ3O0Q9INgXxNtfGK24sszebBljvstUJPZ+169XPaZknY
J6iISvZICZTpsqXbiLVwKrWHzISy6sphh6klpXbbTKuMWTxS3yKSj0EvTDYC
8y5AeZX0MRq5bktKo8BeinD2Tm3dUQ84TNUuvHSSGKdKG9BMpxzN2Hxkw2ki
wleFyN4kvDRarHEYI7DTwU6VLYytFk1DIgCbuIOUU/J+pYISYL6pTLPKmAqU
NHNl2ex+RqSGaUBd3txYC8vCY8hNQkCUiGcDRdwQy0rOHR7QchysxTWQQJxS
QanEHItFj3WYxP4JwZspvQR9seryiaGu2QnBbqenFWOzc+1VzOtoDAVJawaE
0BZ0Nm/6BY8LKcgXxX7jUaeEUniNaO+jDK9w5qEhjsR3/Emn6s3WTSj3iXtd
q7LGSAkLJcV/NfZ8TCr/oQkOAZ7gJU09Wd03OqkNuhplSBgRywCzQiYL0qWJ
viWq3B+lFCVBdJNEhac+Hb33qmotHWEJyyVTrz07kTOg+ux9aQMcgOc2aNSL
SvK2ZgkSR4izu9TjtxhKDI7UKVXSBV3yEseyWBeT6YwOmWAZelI6SmGLTvux
HAtdLFDkKKOjlbxG/HomFj4X+JjBTyXXUb4XWiqJgyBUddsG2cL9xPVkgyPc
X4Y9tA9HXf4AI94QeP3/Twpw1DQtNEJvstzuid9gbTnUCxz1T7Qq89++qogJ
yel8eCsMiFzUaaNgk8KdKM1/18IiuHLVxD+9Tzn/f0EzT/OMjHZuYfvgfWZ7
V4qveZRzdRfCsdjFhzRYbgltqoM1IFVuXfmWWygoPVbcDoR4LbpKsTmcS7kF
KdOqxlbrkOt/f9I4qahVSDSP0VgNcOl+1AcwZYFE71KxbG8la1bz4FEONchR
s6izj9vHsrsj8cewvYGzpkzstsW+GyoPR6J0aNRbWVFfOAqCW+FfWrFrA68p
t+R64eDHpuxL0jZjAemRuDMNxyzaZAyAKOFU2QJVoRd55FVQnQJwKuQo0n2+
7tP8ZtOvN1XxYwTm2KyLGrimbYSYSfA2cra55LCp5FrFIK0dcZR2FwCMelCr
KXdBI0779wdveudCy0PR76JLPKUqVTHDyFOuJmnyJ75jbG1wKmnk3TtNRU5z
r96/XyQkjlClNHCWd1Ot1lCzP+xVanLLTNWSEsbM9hpijQzGg/OpW9f5rl0R
ZVOgJNFwwgGfSAKIpQjEZlgzFIB5ADQCKeldi6GNVD8tVC9OgtYL2Ir0Ogwn
L7s4lc4+ncKuWSWnk+nRQ2+ic8I83WqUMRERQE8dQ8lipnwN8nZZlG8BF18+
fXmWP2U80IqOf396/ip/nL969Rz/D+rif3yk1wFhsIEvaejoqha6m4ja/Tze
73ePaSOPP0Y0SnwDTFFrmFasQsuv8Ui51SZ1CCrElKKmmtTzlpb+NPZETa1C
UsBCRmEtJiJlVLJG9+4hDzlnzpQKKWq5P3HvgWiwsVWs4VbU7JFCaWXsvFp4
bZbqZjyGdDKOJLsfkSy1D9I8Fp6JfLw4QxWTXldMFWzq3DlkS2x7hKtB8q7y
b8n58IM29EnWf+tNq5/xlJW3u1dDX/sMbQbKztzaTKFHXn1JnuAdXQ7hPgAE
q3gruEF/TyU8oTV/uLqF96gSbDriF+JpnSReWLvU+s/zyxi8C7558vY1sAZm
o9yGxPYXtkwEk0LWSa9kWjIdi6gp3/3bdzmW56DsW7p122nX3lSkAiG3dJUJ
24eSdfnd5Xc2WcczOfP7fdsXtapAMMJ3/5Z/kl9+xxYGkmiH6YsFdcO9wTQ9
zgO5avKNa7CFJrdeQ3wNFwndSk9EyVSmbp541mNNK0S6ve38HlvYhPThqtN3
pGFr4Gs4wEY8P5hZRF+kIjc6gE7dVhLWwX6yd++uhZ5/tXiCaBFudJmld72Q
ioB+SaRd15Sw7GLDJrTe54GGKUIHmUrDUTxuJOZG2bMmpswUzbCD51fpIfR6
COSyIOOAAoHc0Th4IYoOJ2TSaw5mUkTFDRbvcNtaagDX4GVm5AihMKkyGEyI
xix8kU4+ppjhuAz6cDGRevfiTOSq5kzT9g4TAlyxC2ulTL2Jzz3jD7cGZGKm
LVKJWaqxsHsTwUF3wUjjT+b6oEJy/iZpIviFXE8gu+SnGOjamjxeM3BD3BgD
xqhmwEH0dL9MiYR2y5J4CxxRVpXAlnpU52sKReP+UZMYPSZeKZF75nqRkFur
2ENJ5+N7SNT3Jb10aUPklQjqO4MJN6wYmvb71uQCIKtvAtgLeuqcFhky9GMf
eZ29ZD5WAYENpF2JG8/m2PDQmGWjXd+OOvpjlgFlq4RGPRLUlZwVpPNbZdCh
/A1F7GbTaS9b0oHNFuNmkIfUt2In9K6R2OuW7/CpmoSOx57Q5GDmFPuWzNpb
4Z4aml46dtYFjRoloqmAw8wqVN3U3xWy6DGTBZ1ca2wQtum4SIpO3iRpJ2q0
bT+IFz6OTQ17O0XXpGVO6jfXDERxjRnG4ti1WXlOCRKVtXM1+UybI3NLBsaI
PMOAc2dwfLa1CGBKerEanR2Y4xL2MjGB7jMRPlhM8fDhf/3nhcNcSnVYZJnl
579I+Hm8PQyMh+Qt7jK5K75HvySdKp63xRrq5sLbJutiNQQn/q7tsQ+nBg2Q
JVhiLHyedNxLVXDZSp7ex0V2d4i2l+laaYF6PYfN7o0CVniOnNvj1LcfEs44
nsTmrl4UgX8QSyadxBbmS7N++2CQvCOXCmtEsW2svKOBn1B5IE52mipw4z+H
ZseUfCSLlYzWMBSzEZMEKy3LVZ2Q3F3i6EuTuGXYkmIgZ3kFgT4Cd7grjQO/
JOAmL9qZuk5CrK5ppoeGxwQTl2sPDKPD9WvET8jaZH+z5i5+45G/WSSLpqSZ
3vfYEbXDLrGw5zJGIkO234qXxVCMFw4uXRyTJ1Y7L38e8IqAHuDp5fqBWNfC
l0CArhaSxNVvknigRKUAkYTmiBh1gtJ/Gah5rL2NoOcLQDrCARJXRClpqYgK
hRoN28atKwlbAvbUKpxCuRi1r5DpxaRkzUFaS0sbjkhF8RYRVnCBMzhu4O6x
e2+ocSg60y4a18Iz7fZgfa0H0HqvhYfY+EEutwHRs3LpgkztTF7A0Z0R0vQv
5I+zSF/XuJ6lA1rEtryYsocZmWQGREuNjPs/uyX1FgYDn7sl0yfSN0EFE1KI
7aSi4QyTWC9N+M3temnPZSpd1Fqqo/J4TcW3I8LR8aa5rfEMALKqCnP7lDE0
TKG8D3VdmoZ8PDr3YZy4ZNAkiVFf41EnmJBqW77F7O5QlTqxk/Sm1nR4kzvi
Y3Yod+NXzt8c3eUp+4/xTeSs3P4f2RhaBtKV3wtO4UP0JmYFm9HU8A88vG/3
c7kgrKvAVPBHd7kmqre930UamXMXesIfvK9HXEYzZUs28xcZnHHeCC4RVwrd
qu1smBEql28GZybZ0Vgng0Qzl6OKG6R44xoNk8BAIrDEbed2ZMYGz4Mv1m4z
FJ2UipnwOHnQx4dReetZpeaw4STjXLYWtPVIO7OoMWGMdAdAWZmSb3ZJ/A2V
dxOurD85/Fjr/zRBmZJDTVmg5NczYE0FChMVGbDqpLKFDJqJjQk4TNOWpTP1
dHxxRqW65czWMOG0y+gN64aTuTdhfvZHpjNjnX1jMrFJhJfx3ovIWmMfai2W
1Hyr1Cta+QQmlJRhgCIZCeQsC2NbZ/bPAvAUeC016CYpYZrzw7plBfjcHZTI
jEzUJbNw0YY+47Qrap8fShL05kTWr6/JSwzMA9CVvUFEscFLgMne5p4xvblH
u7gap8ew50K23tQ7Ycv84you08bTf/KJvYsnddqNCxskWUoaLuvFQVlSrXDP
AjklgcOHfD9RrKGMuatJX8mPMJ3o3bvU+/v+40X+rPVyD5s62iV9Cw5mrncV
zjL0YhH0AxeoW+/TxsoIAk0bO160TdddtQPg0txzMfA6vbhodFsDaBnckHer
AonuvWAgyVHFGI1pF/N+EbtU49IoPBr8i2+dNHWmFt/LoeOLpTnZR/OoOZCi
nYIQhmC2gUQApEDFYC7CwRMkL5HR6h0EjPsrLBrEWwzq4qAg8bKE0W0heOkf
CDq+aAgXUsXSSAl9nNhl0qgDey8Tw88kF87HeTmZRLqNozELIoK1MimxE7Bo
QQXpk/xdxmsubouqjsWJgBMgdutaj2HqPm7R1Z6+vM6fs4so9qZnH+2cK8Vb
349jeXJLYkOxElb5C/QDumJvYwzMflJPPl7CG1tCjVJG0+RKFNt+WKKaoUmn
yv856A2QBjrEOkXYPe2aFmtXH1U2WCZXQCxOJ+dW3vhQapzdY3lzJYKEgMXo
IE0muEoSXw3OiKPqNa2IswEdJpkN3dZhpSv7gkVdiJeEWNd3yAoAEt23FTpC
1lbtHfh2IpmWobAffvxROrwYpUNvKGFqL8gX5En87rCRzsWrN7JZhKoPjnvi
c9ShvADADzUw4enmOhj39kepgQroU1V+Nh4ocS60XSRaIHc6qwo0k7OgqvPb
ocYQgzmspKPVZETONGAWroPBnmFHTQY8ZXFlmsg8ytyMLRPIa0iBkehLCXfG
U9t98vJGf4w1W0J91CI0ZJrCTfVfp+0G0ngUS9/k3mhptn1cChGvGIoNtSWq
ibf0mMUcEf7PX0p5eilJ6tzRSs7NSgL8v2ElkWPuZFIYI2TkHh8rjXrxlsSv
4kliUxbExrbNKbZ/ZEJOTU4B/zFSsz8fEycRpwfyboGc3tnq/3VdsI+aMzFH
/UGR3IZm8ITCUriN5hojYs61dGrGs+XluMgpXBp/ozgW8gfY9tHKwuOk/RgQ
nGxUPmOWEcRnweHQYcegk4Y7HSq9VK+mscaYRV+HHNLJXtmjujt1yiYkQqSL
VwuJDHtljTfWoH1ouHrU4ns9DiUAX433mI6IUUvb1p3TrhSctGJ09nDXMUBe
rnLkdqeH4Klh0uFLPRHkYIv/ZRhTfijtovZwVJu4csjyGQ17dqoXHjOFRmgo
EmRkQ1aR5FTGlgq6tDkNAX+6Sw+cwFPTyU9mIi/lCViZORg5Q5cnbgCJX0oe
nQc0xLYQ7s5jKyZ7iWzRcIARNLmLly+ur65vLl9cfDt/fvX69cvXGEx99+5P
l9/evD5/cc1/XV9c3dzgr2SEjKuhR744TZ3Z1O3SLnlsNlxR1spSYEr2QNLX
kDxvuzUWbiI6SD8VLNp2XfQZmNGZ9yhAdmQGjRxXXJ5Rm/tjKZehXfeahqhX
K2sKGpem643AHJ9BsqI711ytUZrEySFXf7GepM0iSaMl6Rk93BWW8GGhfSkX
RV6jDnEhHYO02aMGkKQBEV/hI8+IfoEepqPuFQmDTXoRya1x92Qe6V16WigQ
bzmJ/pAZ3km7uhMXaYTyLFy6qyvGWItghZ3uuGwYw6HpCgQ+qShxeiAYcCNr
0uyOLy31HALCBkFgT+DX2t7T+D4fJckuZF6Toh0/nAcHzy6q7qjXcu+oY6iS
R93mDJxaf3I6IzXkKJvrqBpsrM4nqsOo8Db/yhZII/djalHnqObSUQNHSojx
d5JDmQwbk7f15mqpX4MzdUe9BR+NmtvKMcdiBsyYn0uRh03KS0K+ab0rhWvV
JETCJQfCCHi8j/RqBWmYrbg1OgplGSSxwtEBi1c9N6TL9BbpxAmEuQt46QYL
IgkAUBZqAPEhdnLSvmcjC0y4G+eUGk2BBzq60eSo50cqL6Keolc/96fwlYgl
Bjulr1CKnVVSrccpk6hv7fgg166PIW2XOn20nPEjG0Gz7UXitdD2JqePZxQo
YJYxsXalcXV+J6qdVMQbgAmzmBjnyA5Fb5wTz11a5yWFNeH67Gg5kW4RA9bK
vSSgQDe4Y8BgQtcYCzx0SWiyEikOBNuR8krIzXGREVeYrgUCfHmVpP0aKzi6
lCR/DlPCqO87zMm6dqiMN7pdCCdzW/XUXx9vX2LHxbS6e9zlMu06Mx1yLaOG
r+EcddVrgKY6rugMB2Fyeu6Kg9kbe3owOYnIfIJaWEA/16SfNOG6Is1ZfGIa
gvP5u4dTnrIssyYZMh1ybqgMDHlfdH90MKaTNERTDUfLp7JXf4KphIsQqH4s
pH2HW4Z37U69kiFqSsOZeuJxTqOtptsVIOorsqnQiahxb9aVBq7SqmKvgIiV
V+NCM6B4gG/RONNJz3/IeVVxlZlGKmX4KfGBhyElmGk+vqyVZHeQfkWfzvMR
di3kjpFaQiIHFY/zY1S1lW/tkdd3jZTi4sqlDmx0Ezon5byR++Ji3Z9+0oai
GdYEovvfgNKKO8lJqXwMf/Mc0jzTac7sBJ4v8ku6eMIEkaSUuNEc9lYQSX01
K5v4bLZJGGfXmUplLn61ha9coW7qY4guqEgGRNradqxNL1GIVKboTYNRc98Z
+7On2y1yV56EMMjRteO7LuiuZ7yZXNuDF2ECxUS+wJYC2/G+99NcAjdwTRvQ
MP0l5ZudauI8vrdNS06DDxFXvqz6cVRY+tEHl+g5YTUlbUw2r46eIVwcpq0F
gtqlWR4ptFgNFLa5oZTPjvVBvl07WhThPr5EtSgjd7OdkPnWh0rNBPUpmVCY
RyElST58FbVa/igXNiEzbcS1RppyuGdYbREsMfMi0mQYn/8u/4w7q0YSGL2n
+ar2RdBnnoR7S1JGFC91lizNUSPyWDI6U6cFBryQDsKG6T658YbVyRNwuQjX
mvKlGUqIHEpgZZz6g8YUF+uMC06J6P47XcDgDo9AHSBjV7hUshjkeoo1VGWA
gT/KrxS3NAW1MDY6wuX1sbuwOspNKOzYGwQVjoyclIXrQZyS+9zmRpCJTmy/
LLou5FRy2kYDrHOju2utiOFrwj2tuLReqi5cg6IfvXn9zFuvVqIptbl4GFtO
iJe2xw/zq/MX50du9Jvk0mDkYU3LT8rt9PAqlpFyLc/D/LzUJlWkNWbvzvjs
3OrLB2vYNHdPefn0Jbwf2lktsv8NrYhsO/ydAAA=

-->

</rfc>
