<?xml version="1.0" encoding="UTF-8"?>
  <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
  <!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.0.2) -->


<!DOCTYPE rfc  [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">

]>


<rfc ipr="trust200902" docName="draft-mih-agent-bilateral-attestation-00" category="info" submissionType="IETF">
  <front>
    <title abbrev="Bilateral Agent Attestation">Bilateral Attestation of Cross-Organization Agent Actions</title>

    <author initials="S." surname="Mih" fullname="Steven Mih">
      <organization>Action State Group, Inc.</organization>
      <address>
        <email>spec@actionstate.ai</email>
      </address>
    </author>

    <date year="2026" month="July" day="06"/>

    <area>Security</area>
    
    <keyword>agent</keyword> <keyword>attestation</keyword> <keyword>bilateral</keyword> <keyword>cross-organization</keyword> <keyword>SCITT</keyword> <keyword>transparency</keyword> <keyword>refusal</keyword>

    <abstract>


<?line 26?>

<t>When an agent operated by one organization requests a consequential action
from an agent operated by another, today's record of that exchange — if one
exists — is kept by one side, editable by that side, and deniable by the
other. Disputes reduce to my-log-versus-your-log. This document describes a
bilateral attestation exchange for such actions: the requesting organization
signs a request attestation binding it to the action and its material terms;
the performing organization evaluates the request against deterministic
constraints at the boundary where the action takes effect and signs an action
attestation recording the constraint results and the disposition — performed,
declined, or escalated to a human — by reference to the request; and each
party acknowledges the other's attestation. The combined record binds each
organization to its part, gives each proof of the other's, and can be
anchored to a transparency service so that a third party who trusts neither
organization can verify its integrity, timing, and both parties' signatures. The exchange records refusals with the same
fidelity as performance, and degrades gracefully when a counterparty cannot
attest, marking the record's reduced assurance rather than blocking the
transaction.</t>



    </abstract>



  </front>

  <middle>


<?line 46?>

<section anchor="introduction"><name>Introduction</name>

<t>Agents increasingly transact with agents of other organizations with no human
present at the moment of delegation. The transports are standardized — RPC
conventions, tool-call protocols, message queues — but transports answer
<em>how</em> agents communicate, not <em>who is accountable</em> for what was requested and
what was done. Each side keeps its own log, written by an interested party,
alterable by that party, and carrying no assent from the other. When the
payment posts twice, when the deletion was out of scope, when the delivery
never happened, the evidence is two self-interested logs that need not agree.</t>

<t>Classical signed B2B messaging — AS2/EDIINT signed MDNs, AS4/ebMS3 signed
receipts with non-repudiation-of-receipt — binds parties to <em>transmissions</em>:
it attests that a message was sent and received, not what an agent then <em>did</em>
about it. Such schemes do not gate execution on verifying the requester's
organizational identity at the boundary where the action takes effect, do not
bind constraint evaluation into the performer's record, and do not record a
disposition distinguishing an executed action from a refusal from a human
escalation at the moment of action. The distinction this document draws is
action-level, not transport-level.</t>

<t>This document describes an exchange producing a <strong>bilaterally attested action
record</strong>: each organization's signature over its part of the exchange is
durable, independently verifiable evidence that it produced that part, each
holds proof of the other's, and the combined record can be anchored so third
parties can verify it. It is an individual submission. It
composes with the existing agent action record layer
<xref target="I-D.mih-scitt-agent-action-capsule"/> rather than defining a new one, and
its records are designed to be consumable by the layers above the record,
such as accountability composition
<xref target="I-D.mih-sato-agent-accountability-composition"/>.</t>

</section>
<section anchor="motivating-scenarios"><name>Motivating Scenarios</name>

<t><strong>Cross-organization procurement.</strong> Org A's purchasing agent requests a
fulfillment action from org B's agent. A's request attestation binds A to the
order's material terms; B's action attestation binds B to what it did about
them. A later assertion of different terms by either party can be checked
against a record both parties signed, rather than argued over two private ones.</t>

<t><strong>Agent-to-agent service delegation.</strong> An orchestrating agent subcontracts a
task across a trust boundary. Each hop produces its own bilateral record, so a
failure in a multi-hop chain is attributable to the hop where it occurred
rather than to the chain as a whole. Chain-linking semantics that make the
full responsibility path independently reconstructable are left to a future
revision.</t>

<t><strong>Refusal at the boundary.</strong> B's agent declines A's request as out of policy.
B's action attestation records the decline and its constraint basis; A's
acknowledgment is verifiable evidence contradicting a later claim by A that
the request was never answered.
The refusal becomes durable, third-party-verifiable evidence — for B, that
its gate worked; for A, that the request was made and declined
(see <xref target="refusal-across-the-boundary"/>).</t>

<t><strong>Feeding shared history.</strong> Every completed handshake yields a
counterparty-attested record — the highest-assurance evidence class for any
layer that computes over action history. Two organizations that transact
build verifiable shared history as a side effect of transacting.</t>

</section>
<section anchor="conventions-and-definitions"><name>Conventions and Definitions</name>

<t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>

<?line -18?>

<dl>
  <dt>Requesting party:</dt>
  <dd>
    <t>The organization (via its agent) requesting a consequential action across
an organizational boundary.</t>
  </dd>
  <dt>Performing party:</dt>
  <dd>
    <t>The organization (via its agent) that evaluates and disposes of the
requested action.</t>
  </dd>
  <dt>Request attestation:</dt>
  <dd>
    <t>A signed statement by the requesting party describing the requested action
and its material terms, bound to the requesting party's verifiable
organizational identity and naming the intended performing party; including
at minimum a content digest of the request, a nonce, a timestamp, and a
validity window. A request attestation is valid only against the performing
party it names, and only within its validity window (with an
implementation-defined clock-skew tolerance the verifier applies).</t>
  </dd>
  <dt>Action attestation:</dt>
  <dd>
    <t>A signed statement by the performing party, referencing a request
attestation by digest, recording the deterministic constraint results
evaluated at the effect boundary — each constraint identified by reference
so a third party can tell which check produced which result — and the
disposition of the request, bound to the performing party's verifiable
organizational identity.</t>
  </dd>
  <dt>Acknowledgment:</dt>
  <dd>
    <t>A signed statement by which a party records receipt of the counterparty's
attestation, completing the bilateral record. Receipt does not assert
agreement with the attestation's contents; a party disputing a disposition
does so in a subsequent linked record.</t>
  </dd>
  <dt>Verifiable organizational identity:</dt>
  <dd>
    <t>An organizational identity a relying party can validate independently of
that organization's infrastructure — a credential chaining to a root of
trust the relying party accepts (a certificate authority, federation
operator, registry, or published trust list). This document does not
nominate roots.</t>
  </dd>
  <dt>Reduced-assurance indicator:</dt>
  <dd>
    <t>A marker recording that a given exchange completed with fewer than the full
set of attestations (see <xref target="graceful-degradation"/>).</t>
  </dd>
</dl>

</section>
<section anchor="the-bilateral-exchange"><name>The Bilateral Exchange</name>

<t>The exchange has four moves:</t>

<t><list style="numbers" type="1">
  <t><strong>Request attestation.</strong> Before the performing party acts, the requesting
party produces a request attestation over the action and its material
terms. The requester is now bound: it cannot later deny having asked, or
having asked on these terms.</t>
  <t><strong>Constraint evaluation.</strong> The performing party verifies the requester's
organizational identity and evaluates the request against deterministic
constraints <em>at the boundary where the action would take effect</em> — not at
the transport edge. Verification gates execution: no verified request
attestation, no consequential action (policy <bcp14>MAY</bcp14> permit degraded
operation; see <xref target="graceful-degradation"/>).</t>
  <t><strong>Action attestation.</strong> The performing party produces an action
attestation referencing the request attestation by digest and recording
the constraint results and the disposition. Dispositions use the
verdict-complete vocabulary of <xref target="I-D.mih-scitt-agent-action-capsule"/>
verbatim — <em>executed, blocked, denied, timeout, errored, deferred, expired,
escalated</em> — so the record covers every outcome, not only success. A
performing party <bcp14>MUST</bcp14> produce at most one action attestation per request
attestation; repeated execution of a single request is representable only
as distinct request instances, each with its own request attestation.</t>
  <t><strong>Acknowledgment.</strong> Each party acknowledges the other's attestation. On
completion, each organization is bound to its part and holds proof of the
other's.</t>
</list></t>

<t>Attestations and acknowledgments <bcp14>SHOULD</bcp14> be anchored: registered to a
transparency service per <xref target="RFC9943"/> — carried, for
example, as the payload of a profiled Signed Statement per
<xref target="I-D.mih-scitt-agent-action-capsule"/> — so that inclusion and
non-equivocation are verifiable by a party who trusts neither organization.
An unanchored bilateral record still binds the two parties to each other;
anchoring is what makes it evidence for everyone else.</t>

<t>Wire encodings for the four objects are TBD for a future revision; this
document fixes the exchange, the binding obligations, and the disposition
semantics.</t>

</section>
<section anchor="refusal-across-the-boundary"><name>Refusal Across the Boundary</name>

<t>A declined request is not a failed exchange; it is a completed exchange with
a decline disposition. The action attestation records <em>that</em> the request was
declined and <em>on what constraint basis</em>; the requester's acknowledgment
completes the record. This has two consequences.</t>

<t>For the performing party, a bilaterally-acknowledged decline is evidence,
verifiable by an auditor who trusts neither party, that its boundary
enforcement works — the strongest form of refusal-as-positive-signal
evidence, because here even the <em>counterparty that was refused</em> has signed
the record.</t>

<t>For the requesting party, a history of acknowledged declines is legible too:
a pattern of out-of-policy requests is now provable by its counterparties.
Bilateral records cut both ways by construction; parties should expect their
requesting behavior, not only their performing behavior, to become
reputation-bearing.</t>

</section>
<section anchor="graceful-degradation"><name>Graceful Degradation</name>

<t>Counterparties will be of mixed capability for years. A performing party
whose counterpart cannot produce request attestations <bcp14>MAY</bcp14> proceed under
policy, producing its own action attestation unilaterally and recording a
reduced-assurance indicator in place of the missing attestations. The record
format is the same; the assurance marking differs. This keeps one protocol
across mixed peers while preserving the distinction relying parties need:
a fully-bilateral record and a degraded record are never confusable, and
consumers can require a minimum assurance level.
Degradation <bcp14>MUST</bcp14> be recorded, never silent.</t>

</section>
<section anchor="relationship-to-existing-work"><name>Relationship to Existing Work</name>

<t><strong>Record layer.</strong> This document defines an exchange, not a record format:
its attestations are designed to be carried in existing agent action records
— the Agent Action Capsule <xref target="I-D.mih-scitt-agent-action-capsule"/> supplies
the disposition vocabulary, effect binding, and anchoring path this document
relies on, and its selective-disclosure profile
<xref target="I-D.mih-scitt-agent-action-capsule-sel-disc"/> applies to cross-boundary
privacy (<xref target="privacy-considerations"/>).</t>

<t><strong>Delegation receipts.</strong> <xref target="I-D.nelson-agent-delegation-receipts"/> binds a
<em>principal</em> (the delegating user) to an authorization before any action, on
one side of the boundary. This document binds two <em>organizations</em> to a
specific action at the moment of action. The two compose: a request
attestation may reference the delegation receipt authorizing the requesting
agent.</t>

<t><strong>Remote attestation.</strong> RATS <xref target="RFC9334"/> attests platform and workload
<em>state</em> — what software is running where. This document attests <em>actions</em> —
what was requested and what was done. A deployment may use RATS evidence to
strengthen confidence in a counterparty's agent runtime; the two are
orthogonal layers.</t>

<t><strong>Audit and approval records.</strong> The audit architecture
<xref target="I-D.kuehlewind-audit-architecture"/> describes recording agent interactions
across parties, and <xref target="I-D.schrock-ep-authorization-receipts"/> records
human authorization of high-risk actions; both are complementary record
sources this exchange can feed and reference. The accountability composition
<xref target="I-D.mih-sato-agent-accountability-composition"/> describes how such records
compose by shared action digest; a bilateral record naturally fills its
cross-party leg.</t>

</section>
<section anchor="security-considerations"><name>Security Considerations</name>

<t><strong>Identity is the floor.</strong> The evidentiary weight of a bilateral record is
bounded by the binding of keys to organizations. This document inherits, and does not
solve, the organizational-identity problem; it requires only that the
credential chain to a root the relying party accepts, and that identity be
bound to the <em>record</em>, not merely the transport session.</t>

<t><strong>Half-completed exchanges.</strong> A party that aborts mid-exchange (requests,
then never acknowledges the decline; performs, then withholds the action
attestation) creates an asymmetric record. Timeout dispositions and
anchoring deadlines bound the asymmetry: an unacknowledged attestation
anchored with a timeout marking is itself evidence of the counterparty's
non-completion. Policies <bcp14>SHOULD</bcp14> treat chronic non-completion as
reputation-bearing.</t>

<t><strong>Downgrade attacks.</strong> If degraded operation is permitted, an attacker
prefers to be recorded at reduced assurance. Reduced-assurance records <bcp14>MUST</bcp14>
be unambiguously marked, acceptance of degraded exchanges is a policy
decision of the performing party, and consumers <bcp14>SHOULD</bcp14> weight degraded
records accordingly. Silent downgrade is the failure mode to design out.</t>

<t><strong>Replay and cross-binding.</strong> Nonces and digests bind each attestation to
one request instance; an action attestation <bcp14>MUST NOT</bcp14> be verifiable against
any request other than the one it references.</t>

<t><strong>Key compromise and revocation.</strong> A signature valid at attestation time may
be produced under a key compromised by verification time. A verifier <bcp14>SHOULD</bcp14> be
able to establish key validity <em>as of the attestation's anchored time</em>, not
only at verification time; revocation and rotation semantics for organizational
keys are inherited from the identity layer and are out of scope here, but a
record without an anchored time cannot support this distinction.</t>

<t><strong>Canonicalization and hash agility.</strong> Because every binding is by digest, the
canonicalization of the attested objects is security-relevant: divergent
serializations of the "same" terms produce different digests, and ambiguous
canonicalization enables terms-substitution disputes. A future revision fixing
wire encodings <bcp14>MUST</bcp14> specify a deterministic canonicalization (e.g. JCS,
<xref target="RFC8785"/>) and carry an explicit hash-algorithm identifier for agility.</t>

<t><strong>Verification-cost DoS.</strong> Verifying a request attestation (identity-chain plus
anchor inclusion) is more expensive than producing one. A performing party
<bcp14>SHOULD</bcp14> be able to cheaply reject unverifiable request attestations before
performing full verification, so request-attestation flooding cannot exhaust a
performer at the effect boundary.</t>

</section>
<section anchor="privacy-considerations"><name>Privacy Considerations</name>

<t>A bilateral record discloses, by construction, that two organizations
transacted — to each other, and if anchored with cleartext identifiers, to
anyone. Deployments <bcp14>SHOULD</bcp14> anchor commitments rather than cleartext
(selective-disclosure structures per
<xref target="I-D.mih-scitt-agent-action-capsule-sel-disc"/>), disclose material terms
only to the counterparty and auditors, and treat counterparty identity
itself as a selectively-disclosable field where the use case allows.
Correlation of anchored records across a party's exchanges (client-list
reconstruction) is the residual risk; mitigations are TBD alongside the
reputation layer's, which faces the same problem from the consumption side.</t>

</section>
<section anchor="iana-considerations"><name>IANA Considerations</name>

<t>This document has no IANA actions at this time. A future revision defining
wire encodings is expected to register media types for the four exchange
objects and a registry for reduced-assurance indicator values. TBD.</t>

</section>


  </middle>

  <back>


<references title='References' anchor="sec-combined-references">

    <references title='Normative References' anchor="sec-normative-references">



<reference anchor="RFC9943">
  <front>
    <title>An Architecture for Trustworthy and Transparent Digital Supply Chains</title>
    <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
    <author fullname="A. Delignat-Lavaud" initials="A." surname="Delignat-Lavaud"/>
    <author fullname="C. Fournet" initials="C." surname="Fournet"/>
    <author fullname="Y. Deshpande" initials="Y." surname="Deshpande"/>
    <author fullname="S. Lasker" initials="S." surname="Lasker"/>
    <date month="June" year="2026"/>
    <abstract>
      <t>Traceability in supply chains is a growing security concern. While Verifiable Data Structures (VDSs) have addressed specific issues, such as equivocation over digital certificates, they lack a universal architecture for all supply chains. This document defines such an architecture for single-issuer signed statement transparency. It ensures extensibility and interoperability between different transparency services as well as compliance with various auditing procedures and regulatory requirements.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="9943"/>
  <seriesInfo name="DOI" value="10.17487/RFC9943"/>
</reference>


<reference anchor="I-D.mih-scitt-agent-action-capsule">
   <front>
      <title>An Agent Action Capsule Profile for SCITT</title>
      <author fullname="Steven Mih" initials="S." surname="Mih">
         <organization>Action State Group, Inc.</organization>
      </author>
      <date day="19" month="June" year="2026"/>
      <abstract>
	 <t>   This document defines a SCITT statement profile for recording what an
   AI agent did: the Agent Action Capsule.  A Capsule is a digest-
   committed record of one agent action carrying its verdict-level
   disposition (executed, blocked, denied, errored, timed out), the
   deterministic constraints that were evaluated, the effect that was
   committed together with a confirmed-effect binding that distinguishes
   a dispatched attempt from an observed result, and an honest human-in-
   the-loop flag.  Capsules are expressed as SCITT Signed Statements
   (COSE_Sign1) and made transparent by registration in a SCITT
   Transparency Service.  A Capsule is recorded on every verdict,
   including refusals: a blocked or denied Capsule is the auditor-grade
   evidence that a gate worked.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-mih-scitt-agent-action-capsule-01"/>
   
</reference>

<reference anchor="RFC2119">
  <front>
    <title>Key words for use in RFCs to Indicate Requirement Levels</title>
    <author fullname="S. Bradner" initials="S." surname="Bradner"/>
    <date month="March" year="1997"/>
    <abstract>
      <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="14"/>
  <seriesInfo name="RFC" value="2119"/>
  <seriesInfo name="DOI" value="10.17487/RFC2119"/>
</reference>

<reference anchor="RFC8174">
  <front>
    <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
    <author fullname="B. Leiba" initials="B." surname="Leiba"/>
    <date month="May" year="2017"/>
    <abstract>
      <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="14"/>
  <seriesInfo name="RFC" value="8174"/>
  <seriesInfo name="DOI" value="10.17487/RFC8174"/>
</reference>

<reference anchor="RFC8785">
  <front>
    <title>JSON Canonicalization Scheme (JCS)</title>
    <author fullname="A. Rundgren" initials="A." surname="Rundgren"/>
    <author fullname="B. Jordan" initials="B." surname="Jordan"/>
    <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
    <date month="June" year="2020"/>
    <abstract>
      <t>Cryptographic operations like hashing and signing need the data to be expressed in an invariant format so that the operations are reliably repeatable. One way to address this is to create a canonical representation of the data. Canonicalization also permits data to be exchanged in its original form on the "wire" while cryptographic operations performed on the canonicalized counterpart of the data in the producer and consumer endpoints generate consistent results.</t>
      <t>This document describes the JSON Canonicalization Scheme (JCS). This specification defines how to create a canonical representation of JSON data by building on the strict serialization methods for JSON primitives defined by ECMAScript, constraining JSON data to the Internet JSON (I-JSON) subset, and by using deterministic property sorting.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="8785"/>
  <seriesInfo name="DOI" value="10.17487/RFC8785"/>
</reference>




    </references>

    <references title='Informative References' anchor="sec-informative-references">




<reference anchor="I-D.mih-sato-agent-accountability-composition">
   <front>
      <title>Agent Accountability: Composition and Conformance</title>
      <author fullname="Steven Mih" initials="S." surname="Mih">
         <organization>Action State Group, Inc.</organization>
      </author>
      <author fullname="Tom Sato" initials="" surname="Sato">
         <organization>MyAuberge K.K.</organization>
      </author>
      <author fullname="Songbo Bu" initials="S." surname="Bu">
         <organization>Independent</organization>
      </author>
      <author fullname="Iman Schrock" initials="I." surname="Schrock">
         <organization>EMILIA Protocol, Inc.</organization>
      </author>
      <date day="5" month="July" year="2026"/>
      <abstract>
	 <t>   Autonomous and semi-autonomous software agents increasingly take
   consequential actions across administrative and trust domains.
   Holding such an action accountable — to a regulator, auditor, or
   counterparty who does not trust the operator — requires answering
   several questions, each answerable by an independently-verifiable
   profile: whether the agent was permitted to act (CAN), which
   accountable human authorized the specific action (WHO), what the
   agent actually did (WHAT), and whether the runtime enforced correctly
   (AUDIT).

   This document specifies, in Informational terms, how such profiles
   compose — by a shared action-digest, each verifying independently —
   and defines a shared conformance-vector suite against which any
   profile may be tested.  It complements existing audit-architecture
   and record-format work rather than replacing it, reusing existing
   signing, transport, and transparency mechanisms.  Its focus is an
   assurance tier those documents leave open: most agent records today
   are self-attested by an interested party; this document makes
   reachable and testable an anchored, third-party-verifiable tier, in
   which a record is registered to a transparency service (SCITT) so a
   party who trusts neither the agent nor the operator can verify it.
   Self-attestation remains a valid baseline; convergence on the
   disinterested tier — by any conforming profile — is the goal, not a
   single mandated format.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-mih-sato-agent-accountability-composition-00"/>
   
</reference>


<reference anchor="I-D.mih-scitt-agent-action-capsule-sel-disc">
   <front>
      <title>Selective Disclosure Profile for Agent Action Capsules</title>
      <author fullname="Steven Mih" initials="S." surname="Mih">
         <organization>Action State Group, Inc.</organization>
      </author>
      <date day="19" month="June" year="2026"/>
      <abstract>
	 <t>   This document normatively profiles the per-field selective-disclosure
   extension point reserved in draft-mih-scitt-agent-action-capsule-01
   Section 9.2 (Selective Disclosure).  It defines the salted-hash
   commitment encoding, decoy-digest construction, disclosure format,
   producer requirements, and verifier checks for selectively
   disclosable fields in Agent Action Capsule payloads.  The mechanism
   follows the SD-JWT selective-disclosure model (RFC 9901) — salted-
   hash commitments, decoy digests, and disclosed [salt, name, value]
   triples — using JCS (RFC 8785) canonicalization, which is already the
   base Capsule profile&#x27;s canonical form.  SD-JWT (RFC 9901) is the JSON
   form; SD-CWT (draft-ietf-spice-sd-cwt) is the CBOR/dCBOR sibling.
   Because the Capsule payload is JSON, this profile uses the SD-JWT
   (JSON) construction, cited alongside the SPICE WG&#x27;s SD-CWT work for
   SCITT-ecosystem consistency.  Verifier checks are deterministic and
   reproducible from the Capsule bytes plus a provided disclosure set
   alone; no clock, network access, model invocation, or external lookup
   beyond the provided disclosures is required.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-mih-scitt-agent-action-capsule-sel-disc-00"/>
   
</reference>


<reference anchor="I-D.nelson-agent-delegation-receipts">
   <front>
      <title>Delegation Receipt Protocol for AI Agent Authorization</title>
      <author fullname="Ryan Nelson" initials="R." surname="Nelson">
         <organization>Authproof</organization>
      </author>
      <date day="13" month="June" year="2026"/>
      <abstract>
	 <t>   This document defines the Delegation Receipt Protocol (DRP), a
   cryptographic authorization primitive for AI agent deployments.
   Before any agent action executes, the authorizing user signs an
   Authorization Object containing scope boundaries, time window,
   operator instruction hash, and model state commitment.  This signed
   receipt is published to an append-only log before the agent runtime
   receives control.  The protocol reduces reliance on the operator as a
   trusted intermediary by making the user&#x27;s private key the sole
   signing authority over the delegation record.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-nelson-agent-delegation-receipts-10"/>
   
</reference>


<reference anchor="I-D.kuehlewind-audit-architecture">
   <front>
      <title>An Architecture for Auditing AI Agent Delegation and Interactions</title>
      <author fullname="Mirja Kühlewind" initials="M." surname="Kühlewind">
         <organization>Ericsson</organization>
      </author>
      <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
         <organization>Fraunhofer SIT</organization>
      </author>
      <date day="18" month="May" year="2026"/>
      <abstract>
	 <t>   This document describes an architecture for auditing of agent-driven
   interactions on the Internet.  Autonomous and semi-autonomous
   software agents, including those based on artificial intelligence,
   increasingly act on behalf of users, organizations, and services.
   Existing auditing mechanisms often capture isolated system events but
   do not consistently represent delegation relationships, user intent,
   or evolving authorization.  In agent-driven systems, auditability
   requires linking intent, delegation, authorization, and execution.
   The proposed architecture enables this through distributed audit
   record generation, propagation of audit context, optional
   attestation, and additonal logging for transparency.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-kuehlewind-audit-architecture-00"/>
   
</reference>


<reference anchor="I-D.schrock-ep-authorization-receipts">
   <front>
      <title>Authorization Receipts for High-Risk Agent Actions</title>
      <author fullname="Iman Schrock" initials="I." surname="Schrock">
         <organization>EMILIA Protocol, Inc.</organization>
      </author>
      <date day="6" month="July" year="2026"/>
      <abstract>
	 <t>   This document defines the EMILIA Protocol (EP) authorization receipt,
   a cryptographic primitive that binds a named, accountable human
   approver to one exact high-risk action before that action executes.
   An approver holding their own signing key produces a signature over a
   canonical Authorization Context containing the action hash, policy
   reference, one-time nonce, and validity window.  The resulting Trust
   Receipt is Merkle-anchored and verifiable fully offline: a relying
   party can confirm that a specific action was approved by an
   authorized human, exactly once, without network access to any EP
   operator, log, or API.  The protocol additionally enforces separation
   of duties (an initiator must not approve its own action) and one-time
   consumption (an authorization, once consumed or refused, is
   terminally unusable).  These invariants are machine-checked in
   published TLA+ and Alloy models.

   EP addresses organizational authorization of agent actions (approver-
   to-action trust).  It is complementary to, not a replacement for,
   user-to-operator delegation work (draft-nelson-agent-delegation-
   receipts), service-to-service identity (WIMSE), and authentication-
   layer approval (CIBA).  EP is the human-authorization apex of the
   agent stack: it composes with, and does not replace, the agent
   identity, delegation, machine-policy, and transparency-log layers,
   supplying the named-human authorization evidence those layers
   reference but do not themselves produce.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-schrock-ep-authorization-receipts-06"/>
   
</reference>

<reference anchor="RFC9334">
  <front>
    <title>Remote ATtestation procedureS (RATS) Architecture</title>
    <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
    <author fullname="D. Thaler" initials="D." surname="Thaler"/>
    <author fullname="M. Richardson" initials="M." surname="Richardson"/>
    <author fullname="N. Smith" initials="N." surname="Smith"/>
    <author fullname="W. Pan" initials="W." surname="Pan"/>
    <date month="January" year="2023"/>
    <abstract>
      <t>In network protocol exchanges, it is often useful for one end of a communication to know whether the other end is in an intended operating state. This document provides an architectural overview of the entities involved that make such tests possible through the process of generating, conveying, and evaluating evidentiary Claims. It provides a model that is neutral toward processor architectures, the content of Claims, and protocols.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="9334"/>
  <seriesInfo name="DOI" value="10.17487/RFC9334"/>
</reference>




    </references>

</references>


<?line 342?>

<section numbered="false" anchor="acknowledgments"><name>Acknowledgments</name>

<t>This exchange pattern owes its framing to discussions in the SCITT and
agent-accountability communities, and composes with the work of the authors
cited above.</t>

</section>


  </back>

<!-- ##markdown-source:
H4sIAAAAAAAAA61c647cyHX+X09Rmf0hqdEcry6Bd3scO6MZrVfJStpoZr0w
DCOoJqu76WGTHRY5rV5BQB4iD5BnyaPkSXK+c6qKRXaPVgZiGNA0L6eqzvU7
F26WZaoru8ou9NnLsjKdbU2lL7vOus50ZVPrZqWv2sa57F27NnX5i1y9XNu6
05c5frgzZZbL1t6PacgTA6UzVTR5bba0VNGaVZdty01m8FS2DG9lZng++/pr
ldPlddMeFrqsV41y/XJbOkc3u8OO6Lx+dfudKnftQndt77pnX3/97dfPlGmt
Wegbm/dt2R3UnT3sm7ZY6L/wYnOdrDHXcem5zvmYTXLMub65en17OyfypnY7
Ilznh7lu7ap3pvqrIip18e+mamrazME6Zfpu07QLpTOl6X9y2pvO3ttavyk3
fJEWWHjO0S1aXP+xbfrdXL+u83N+wm5NWS2029n8n42wGM+dm1LVTbulrd1b
WkO//+7q229fPMefr7Prc/DT5WXXea7Kq1ludq4nASuwMHk7vmK6Jr6RN33d
GWIKcS7Lm+2ucSWofNkambNVVpQuD4/XtnJ0W54tbGXXItrW5rbcdS48d9fb
TWX3ZV1kpi9Kotvmm7Kzede3cbMu37RNfpfZXSZ89lIaUQNPnj9/sVBZlmmz
dCS5vFPq5w1JwND/WSubHUm8s4VeHjTJTqcyJ+n+R0/64bTROXEev+quJI2W
s6pV22xPkzJ1021sS+rSFObwyBGpnDQPJtRtTKfth3xj6rXV//uf/6XLFZZW
9kOJtfiK03d214VNubKwc22JG2ZZWVxlInKZ9E4Xti6HW1bx4uf6unS7njSc
Vi/63NJm9PaQVc06u7et6112aPoWv8/17YbWJKvstzhKYV3elkt606hoFqm1
DAcgRdKuzzeeJ26BDQTOlfV6xFHlynUNdvr7I5JLkjleKDtsFFSEJJ+wJM5s
sQ+wn/7ZuguFR4jnUOXpQtrem6o3OHuyHRKUKcmC6HwgUdbE8DJXkC0pR1lD
0h2/sCTlL0x70HtipE0305k7ImpXK9JI3pk/Uh2UIj2SSB2bA4VhHbpBRoLl
iABukaUE+2IF8MeyxVwVNq/Kmv6iA2qSi6lYyYhFRm/6rZEXSPDkiyzckg3s
86e+4FWsyTeK/FZHypnf1c2+ssXas4fV5ZFLpQGNwI63S6wd1BcickJqxG1a
EAIC+blek1eRh/SubUjjWenjKqKxOe17aZWpc7LecJzUt2pn2/uSDuMa0Xa6
vSlpD3KG/aYRT+90bUtQHu8I9EnJy9WBd0Y8t2vEALLIEtoiu1jSnphgad0j
lqSBm3Fy+qjjcnoXvL3Te1qRz+TIrasV2SG8pDYuCI7OFU1z3RqyJ03/5PR+
VbFS1exTyMPaVg5EGyaf4bVnTrre3gW9keUfBTMuaB3Xt1hCk8Oho4NBxM6K
XKJ/RzErRSPPFXvAbVkUlVXqK4ouXdsQJVZXxdEZHMopWDp6nzYY3paDGnkC
kuTVUkZ7XtSN6KLaEffgQbwdbRv2J/Tq4PKFuSLrpoURkIVx/DRkK7/Q+aDQ
73+8gmHew+PSMvCkTUXRpaqgVV2TNxVd3FrnaHuaFJ1UXSyh70bEa7cn5Zht
mv0snITUetvXJSDFnLbe6RnUiRxgjHqVnbFn20Pz9sYFWwLz60LFywW553P9
CroOb0xe2+4ca1yzrzV51rnek9p1JG+OCqyIrRBiuc+VqeBdU78uN7yZtO0B
MiUGk9TBSw460Z7ONccziHxnDsxsciS0frcvoYJ7f5f5z5aBbTc9y8TlFLPG
z5DttgdVE0xp9cbsdpY9D27aezogdK4E8Ybss1plyXHosE72X1v6CbaadWst
qd9VRXsndldsYnTz5bOXXnQ4G6R2efPsN6+uX79+exueeXP9lgR8efPiN3b5
5ua5v6xChA96h5i/I6Ag8b9ZBQggusD+yhs4fMyMNcMjRzcjJBRikAteJqgU
+CSqXLP/s8SaQtSFxR/jfgf2zYqymBH4BWfL7lzfICQSTLFEjrSEX1sD4dkP
hEYFTgcPNdi56Bg5yZEzI76B9R27mL8nPs39ygp8SMOPj454nn5KtAghp41o
xTsw2byPAEaloaooOcb3pdvgEKb2x4OZyHYEIgXPGX6Kr/DBjEP81F1418Wu
QlbxxxvjlNbsydwIbQv4rEhvK5FRdAFykbTwQYiToJkdO0Y+i57NIvSpDl5L
4sGU8GM2W0ikS+VFDIyhRDewpBAcQyiM69HWi56tf06SKCzZGyRN67FqCKiL
lscaShoru0TUDO5iLkF501TQ9wejbncipksk1jESc7ylQKuC2YxC6bl+3bGn
hOYUJe2sh1nHbAz3lWQLNomTjG2ZrWwyXjn8DipzIA/98eOvZxWfPo0iXmFX
hOFYWLXdAyrzMRXYHWI2ggvJWnwKqfpScBgp4ICXZQf07JKklYTcuRJkmwQG
Tod0kg6l+/6S9OnTp3PE4DcNJV+GWXKT29q0ZeOUms2ujjJPiJPyVwutPZ/N
NCXf+pJUbNdTYsQB2zN1yFYUwYxVWVXbhNdseURXvwTQwwvnTOYhJO70pceR
5IsK9goT/C2UPEQ/evsl3t57hSXnqNk3ArNvaWHNhsUhrQ21haJcMYDthD5k
I8hOR4TE0tvY/I4CQcDyJoLTBMz5aDEfqYtp1z0pAVskItiuhQgs9Madg/kM
hbIgxIhAE+hC/L+kzRLnLXxpotJkAqRXnGNCAp1xd8QcSJOBLSHV6LQ9YNg0
u2DJA2QYsq3gg8keSaCmrOBNSuDGLaUOZYbXSQHoSsnInZxZL/mhd+h4QMID
SaDJSYdaxM+EIf5BoQItB6yuCNBc4UpGaQfjSWfJW1Oi5EPkliIM6wXALDKZ
HdlT6S1jR+QnngwHQeQhwMnbg0VWdtUJ5l/1cJPkTu9LJ2B1Nnvvo8Uk2IH7
UXu1z4vcWIsjttk1VZkfztUDShrcg8AephTzzCRQLsnASNNpCTVkTWxWxPRT
Llp0oChzUQ2v53llyi0U+pJZqNKcFDhD8JZAVVucq1u+L0xY0k4ZRIQ4wd45
Y5vITm0BwAfY9eVcFsORGHrsm5YM54JvXspNPd3JlnIVn7dI2qkeO2v1x49+
O5nodEbvZUEunz49YbF9R7iP9WVjEEgo3HaNSO0VUCV7TQKhuEUr0FOkR4fS
ImQZlSZDWQy23rRxJFbpcg3Dy4YEaGA8MCYfzdQHxQ5dTohVuQjCdu9VIexN
35IfGOczwhafAKllX1ZFKunx4cRqGPr7kgDCbsi96jX7+qshjWHWXnPY4t+K
RX1nDxAO8eHszU83t2dz+Ve/fcd/v3/1bz+9fv/qGn/ffH/5ww/xD+WfuPn+
3U8/XA9/DW9evXvz5tXba3mZrurRJXX25vLPZ4INzt79ePv63dvLH87gZcY4
CyYrsZMBPyV5jIQIvHgUVeCdl1c//s9/P31ByvIP77+7evb06bcUr+XHN09/
+4J+INOQ1Zra58GcXBwUUg3Tsn8jp0LhvuwMEjyA8A0cIxwZtOwv4MxfF/p3
y3z39MXv/QUceHQx8Gx0kXl2fOXoZWHiiUsnloncHF2fcHq838s/j34HvicX
f/cHdkjZ02/+8Hul1Puhmsb2sVALBsYjmPD4vjTsvtg9PklLcKfLlz48KQ0w
N8k3ostV6sehwvbli0uRM9bg2KFw3mCdB6a0bJJTh0LF+2M0gvUuQ1LI1W9W
SY/c2glrAq6f5lQRt+sHyolzOfOkdhbpPkrdvdJTfg35GZGozTYsD3OhOFik
dUqmd4GCS9XDX2JLFFXJJWz7rciq4wBXrsEKj+P9hubAuo1Ul1DKApe2O7Ep
Q5SI5WWBjaCC3uwBtU4hPEQvPCl2GKDUuKBK1ISlBB/QvnCp5RIwA/Lo3HRF
/VhqRuB0CX8PaUlyznCdeJGjUJW5O4LsHcENceRYWzgML73bVYTiEFYuj2L3
5xViyuh5rIuKJXhuMNMTzHrw7J5ParajSvGJCi7RCWpeBLziI0HM0RG9OElM
XheFocMWo9ItkXPNpNQJ3NtZ8or7TQkiwL9DCigXZTe8ks/ziFKaqU+1aKTs
U559obKzdFJQ9LBkZJfGn2iop0qpxm8uhQCP3FhC84AegmCmQPlcv/fUioac
DJefOLsAHdSheCsxIU1IP3LB5AjphS0W3DoRlUn4CK6CPAmJoTihfu9XNdBy
RCzEmj8NmOEB/jG7jlzv4EqIVnUYPBvn4TA2YLkxxG5WtDH2uZM6RFmvWiPY
G+kD64fOCcD4SMDQn1kKrWubpvO0OGERjUn3QHmtRfHtMVFB5rbiIqr2TThY
24pot8bzSlpiTQurWpMJtQfuYuz6ZVW6DRJyXod+dE+OelBejESmbkg3sQ42
6DhMsPInOBDFiBxLiQ6ifE5+JLVlLu6hN5GUewZEyoqxsvuYGtHRkd/AIK1U
pAaNofMLKA41/Uyq/EYS/CeM+hAjhx74K7+kAL64AUrgCbP2rd4SOnULpZ6e
a+Q/Rx6bcx9LVmpPWiyim5tPIhc6yHI3ppmnO2+SET/ccAMhDpJSj4t1SoQR
Mn9xJgvECeli+KyHlOxAJ7xnKyJ3zy0s0EqvaS7qWWf9Cko9AwuuThUrwYTb
U6f3gWPU7OMyqv58pP57uoREKm0Uzn61ErtvekodUI/1EWHG9seeqWOWpm0Q
jXbcuRavkYtc1ry1WDFeoAvgj1okgWzsJ+mZk2jvsWTEmuAnGLhFWUZ6UwWz
aefN9kL/mm4/h4CO4/KD0hm0rx5Q2CQbH0L0SBKnQnQoyItlB0Z+WXNVeuL+
h9O9sz5Wgq/I2rPgEvR9k5tlX0G0ZP1fVp30hJa04y0Lexbq4XNpz+EPNOu5
qULorelRum1bVF5xh9jAf9kPuxJ/gGDs+Yr+uABQpXoL2yUd4QSbqKFWIAVw
xmmuJ4ftyG4v2RlMJcOpkxcPg9AGgLO2pyomO/anp3Tugq5T9gY3mnQ3VpwY
1+tqEGeJkO87hBIYaY9MzMUi//AwRl3ItTupbYuHDmWyEwpCivlCFDOFJFx9
4Fb039H6fleLtQvggFEd1fhxloihYnkfGndcg2fzknUAmdI4wrB9tGGnfaqZ
1OQXPnza0ClXJzvlkNDHj34UiLJtaAsaiKxtJHhlPxgcibNqjiLmUDWmEFnR
jlcl7ULfCH67ifht9+XV+aigqPsiwXE+nih06khoJcxKdKu1aV0F7dEHe/sj
1p8rAk19HRsWUyRIyLMktCxlaPaxqPUOPUCRJche+PkDnjpxUq3ecv+s7IbK
EmpKbF8wDFs5lCF+JuvUdLeBC5KyEyMGhPJm+Teb+7b27ctrqUn5OqcOdc4L
rrCoiHZW5QevkQEbzD3MlaGYhhCT1KCTVk4KTGORlsFHqKBeSgUaD78Mgerj
V5+r5ZGCxtpfargctjTq0GzmsscLMKqU+aiApCK2gcEqE6urIy98uznpY0Ji
MIMCzabFyTgKwwyYIcRKgW9crp1dTGHAxMRU2KxLPKmHnwBk0JcYQnPuDXzn
BXycXRqddAmzxL/EEioYFJRpriYqT+fHlBuPGhxpvV/Ct/1cxBrKYn4v9ylN
0965WCElTjQ1R0nsE5Ydhe0y4f+9zbg9Wam4KxSZDYIhYxieUQSx2WhCpRtm
IYgiwhGY5dvyCSMHbk2LKOBWKJxyj/eYWejm6oq8nTQymoWCVyAVaTmkUIRD
j99Dmdjx8jiUXNh94KwU8uP2S4jx5cRT0BN9J32jvTlwxym2KthGYzdpw1iO
ojISezpa2arkcEsLRIs0JwZefiZVl+EZLqQiTitMLvjayNKaNtSL/+iRl74e
kBdZ7UlAptTV6JBkdfB9Fszakk9Bf3cX2pbwRAdaCHjgSJUVKaAbJeEBzQeA
cCLoOoGTbZNj5oO0k0KFCGee9NJD1D5h8X2d9thTYEdRrn04zUP6vauIIaF4
wP1nvJVsLqQroKhk4pWnV/zglviJgXiYuZJGpPMeQUZ64PvD3JHyfT3h784C
gO035Bg1Y5v2PhaPksGFNI+GnDAkA+XmibDsKIYxMIgAPV4l65ReEekpzJob
Qgiv0tPGTlAmgKQQocxQVoyn9OMQqW4xDFwGTvGUCy/i6EwEoSSgyKSG25Q7
aPCr0ND/mdyP9OyGXr5kAuNpixUbdzJrMfchxR9NxLPgbtVIwU418AXUQAc+
N1jgVPCK6Yy6vhK08oWQniC0FCPVdE5zSBDmseQn0dqXYyO24KboqKNCqg2a
uvHtEJza2YpowD1jbrpqHPCCR2VfhL/izDXt2ldQwTAJ8jF2cNebnOfjjx/9
nxmUpwxlGxfaedex7R0KdQ6ClZ382jg3bUEAmFEzWoZSu52pZvpxGEVbS++c
4kj7hCFtrUeT3CRmLnaY+uCFOidmqTANHax+aKmP9c2DPwrks1F3bybwGfP0
SLMHj/SZ8SOBAzzRskgKyKkX25rR+O0mnRmIVc5wvkmSixxW5jHEjLZNZ6dp
9fvL2xsP7Z8/RyMtzKyRC+w40EOJgASA59WMa6+SLjJEcs2q28OQkIH1NVf8
uF4x5VugO/PT3ExDnZ6C1JMpSODGXdXIECI4AkDBOx8GmBpF0dXWa56Zgw8L
M4XTedjY5qftIlG+iEiejqGalli55nqOjO7I+AaQlJjejqFAjPOhNGHkieSL
Am9Yn/3qgPg9TIsl8Yn3xw1Rz60QGLyPF9OWBX71iwWMNnmvJVPdY3MgnUTz
O2tLnivh5S4EukCugmi51dKG+rpylI3kDHKBQGPNk2ivrBdhVNoAyf//xpwS
nm0Im/EkVTihNycALt9P94YoFZ6LFFWHAMHzdAwTMNrEEzNKXJvAU7I3jlTh
ax+03ROvBgV5HWp/HgSsqqZpg26IknYl1/Is8VocwfFGKG1jtyOtm1GStkIr
n53uyOtMraysyfbKzoUBS1/odk1179O+cdEyi0VLUmsK+VvOu3yQdwFwihNT
0+p+Utp/sJ4fUkrTDfXRpVWjJtHMTzxK3CaoYQXmJiVMZ12c4fneVKvsOCtk
U7zUSUZhljynvS2LLOro44Ds54o9hZ+PmRZvfM5wEbCsVMBrzjylDDOUY1N/
/QQtEN+YJmR02G5t11I0iJmgVObSaM+lmqRcUFhTSL7imcRIUigdFqDb16P8
Jll++OpBWqWhEhgBaMnabavV4DlPt8hQVBnKVOf6R0BvhH1fQ+pwTA3XU9Px
xk9jfONkAkKRn8A6A0/smk7BQnu9GuBoLBZjq1JM5hqnqf0bSAPYtzgP2QK0
RKg9+owBvbsp0g8ZGrCpIgLEzu2yXPdN70jvuL+DBVl/jedQ3F/UNilOSEaC
8gHXXgIzTyTzfkxakLRnoncGsVgeJ0tzHwkqgh83DJXJlgPngovxg3vbpuAR
GkGyyGN9uKcILomPh2niSsDwt2jzh9mJNYdlnuPm+lWKPiiqAhdNC6cXQ719
9HiYl4FYkmqE73ooIK5AqklmBTc8KCmOxwcNCbv/aiVStA3lYNaHlVDmE3Mf
xqFl6sCMS/vQfyAGyDk2tjmZJOHdjcizz71PmyR4GeAjDg/E+qkK05BYiDuO
TCwOLMxMGEaZtIOHr5KItjg8JYMS3fHaF8lp5fCNP9YwN4nEe+zSFQcKhmQS
DGi1+GVH9MEyxsaIBqPkyVcbXKmZ88cuxmskexM8A7GnJwh5PDIZuGnJRIbc
lKV4ZWo4CeLNL8NRNsbh8x+O7tKBlDKRtBviB3sunZ/gGDQlNmIzHIivkZZI
eyReExKi1JQYtiBSRB8AQznuP8bZPE/mDNn7mR8TDtWJYXzYW4vPwoLXON6U
raEgTuhkaOUT03uPQ+TLSSjWpHKLUi0w+35cAmarkrziwJn7aG5kuvRje74+
1/9ydTNXfkDut9/8IyVew0c/kirv4M87lkNmqjV67JvtMDzSSnHZCwhiTPuH
5OzJhq+bG4juT/FTk9M94MdB6TJBDbuKWCZqNFTyn0BgW+RlKIURvOJxeVMn
tR6fChxVl5KuhrfKfGPNjueDoQtk74kzOllqkpRQJaR5Ajm1SB6X9i+nX5Az
1GNl9bZgP2wMRg+Mit+9PDC+w6DyR580jzGl/vjVAyk0quhHwNGn9UgMJpXG
MIw7HUaNn/H5j+JG3QtfOVjpMZzIK4rknf2QzBi1/PkcPDtL5zqmaTHGeUHj
w7iykzvpoHikiWngE1WKOGHivrhZlBQrnswjayZDeeJ1w5h6Woxm05bKeUCv
gnXSh4JKK4+mZFg3HKA6hCOwyq0wiZx08eHncoOAVlXNnkLdVdO2vgrGmUHg
+oAH/LR/SGAHFPKYcCpYgEEXlczDB5MSYO7kYxqkeBeEh7vQ8ImdJPznBdZc
/oCTHcCbxAl85CNzViuT26HMGZKGIb4IxNlJkCJyrOKvL99eHuVM47wF9f66
kSd9DipGgyP4MDz1luEbnam/5JQU5XSp6oUGJyUWRUmI+LCzk7Za4KaK/TUu
kYbBIn74cwVjjHrwl70vr/0XsUsCqjj5uGPs1MdF3W+XaLb+09nKVM6effKc
GL4TCy2Jvf92Y9X6oc+GdbmXDwxlktrKfztCMogTeXP4HnWoGRx/QIXaToyi
XBmggMaogT9aOlf/B+hNLGS/QwAA

-->

</rfc>

