<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.2.3) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-nobuo-scitt-composite-evidence-verification-00" category="std" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="SCITT Composite Verification">Composite Evidence Verification for SCITT Statement Graphs</title>
    <seriesInfo name="Internet-Draft" value="draft-nobuo-scitt-composite-evidence-verification-00"/>
    <author fullname="Nobuo Aoki">
      <organization>The Graduate University for Advanced Studies (SOKENDAI)</organization>
      <address>
        <postal>
          <country>Japan</country>
        </postal>
        <email>n_aoki@ieee.org</email>
      </address>
    </author>
    <date year="2026" month="July" day="07"/>
    <area>SEC</area>
    <workgroup>Supply Chain Integrity, Transparency, and Trust Working Group</workgroup>
    <keyword>SCITT</keyword>
    <keyword>verification</keyword>
    <keyword>composite evidence</keyword>
    <keyword>statement graph</keyword>
    <keyword>supply chain</keyword>
    <keyword>audit</keyword>
    <abstract>
      <?line 78?>

<t>This document defines a common model for composite verification of SCITT
statement graphs.  A composite verifier checks a set of SCITT Signed
Statements, receipts, object bindings, and relationship edges under a named
verification profile.  The result is a structured report that can say which
statements passed, which evidence is missing, which evidence is stale, and
which statements conflict.</t>
      <t>The model is intended for verifiers, auditors, deployment controllers, update
services, and other relying-party tools.  It is not a new Transparency Service
requirement.  It does not define a universal supply-chain policy language and
does not define the payload format of any statement type.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        The latest revision of this draft can be found at <eref target="https://aoki-n1.github.io/draft-nobuo-scitt-composite-evidence-verification/draft-nobuo-scitt-composite-evidence-verification.html"/>.
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-nobuo-scitt-composite-evidence-verification/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        SCITT Working Group mailing list (<eref target="mailto:scitt@ietf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/scitt/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/scitt/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/aoki-n1/draft-nobuo-scitt-composite-evidence-verification"/>.</t>
    </note>
  </front>
  <middle>
    <?line 92?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>SCITT lets a consumer verify that a signed statement was registered in a
Transparency Service.  Many real decisions need a larger evidence set.  A
consumer may need to check that a firmware SBOM describes the firmware measured
on a device, that an update authorization covers that firmware, that an
attestation result was issued by an acceptable verifier, and that no accepted
statement revokes or conflicts with the set.</t>
      <t>Without a common composite verification model, each ecosystem defines its own
API, result terms, freshness checks, conflict handling, and evidence bundle
format.  This can lead to tools that cannot work together even when the
individual SCITT statements and receipts are valid.</t>
      <t>This document defines an information model and an optional HTTP binding for
composite verification.  The model is intentionally small.  It provides common
request and result fields while leaving domain policy to profiles.</t>
      <t>The composite verifier can be local software, a remote service, an auditor tool,
a deployment controller, or a supply-chain risk engine.  It does not have to be
the same component as the SCITT Transparency Service.</t>
    </section>
    <section anchor="working-group-context">
      <name>Working Group Context</name>
      <t>This draft is based on the observation that SCITT can register many statements
about the same subject, but the basic registration path is not a full graph
query system.  IETF 122 discussion noted support for multiple vendors or
organizations making statements about an artifact, and also raised the pattern
of "statements about statements".  The same discussion noted that reliable
locators can be used as pointers.</t>
      <t>IETF 124 discussion raised the question of whether graph information belongs in
payloads, COSE headers, or later auxiliary services.  It also noted that SCRAPI
does not currently provide an API for graph work, and that adding such support
directly to SCRAPI would be a larger effort.</t>
      <t>This draft therefore treats composite verification as a verifier or auditor
function.  It can use SCITT statements, receipts, locators, and graph manifests,
but it does not require the Transparency Service to make composite decisions.</t>
    </section>
    <section anchor="design-goals">
      <name>Design Goals</name>
      <t>The goals of this profile are to:</t>
      <ul spacing="normal">
        <li>
          <t>allow a requester to identify the subject of verification;</t>
        </li>
        <li>
          <t>allow evidence to be provided by value, by reference, or by graph manifest;</t>
        </li>
        <li>
          <t>allow the requester or profile to name required statement types;</t>
        </li>
        <li>
          <t>express issuer, relationship, freshness, and conflict constraints;</t>
        </li>
        <li>
          <t>return clear result values for pass, fail, warning, unknown, missing, stale,
and conflict cases;</t>
        </li>
        <li>
          <t>support online and offline verification;</t>
        </li>
        <li>
          <t>allow evidence bundles to move between tools; and</t>
        </li>
        <li>
          <t>avoid defining the truth conditions of domain-specific payloads.</t>
        </li>
      </ul>
    </section>
    <section anchor="non-goals">
      <name>Non-Goals</name>
      <t>This profile does not:</t>
      <ul spacing="normal">
        <li>
          <t>define a universal policy language;</t>
        </li>
        <li>
          <t>require a Transparency Service to perform composite verification;</t>
        </li>
        <li>
          <t>require the SCITT Reference API to support graph discovery;</t>
        </li>
        <li>
          <t>require a verifier to fetch all evidence automatically;</t>
        </li>
        <li>
          <t>decide whether a payload claim is true;</t>
        </li>
        <li>
          <t>define SBOM, HBOM, CBOM, VEX, attestation, vulnerability, or audit schemas;</t>
        </li>
        <li>
          <t>define best practices for software, hardware, cloud, or IoT supply-chain
design; or</t>
        </li>
        <li>
          <t>replace SCITT statement and receipt verification.</t>
        </li>
      </ul>
    </section>
    <section anchor="conventions-and-definitions">
      <name>Conventions and Definitions</name>
      <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
      <?line -18?>

<t>This document imports the terms Protected Object, Statement Reference, Receipt
Reference, Relationship Edge, and Statement Graph from
<xref target="I-D.nobuo-scitt-protected-object-binding"/>.</t>
      <dl>
        <dt>Composite Verification:</dt>
        <dd>
          <t>The evaluation of several SCITT statements, receipts, object bindings, and
relationship edges under a selected verification profile.</t>
        </dd>
        <dt>Verification Profile:</dt>
        <dd>
          <t>A named set of rules that tells a verifier which statement types, issuers,
relations, freshness limits, and conflict rules apply.</t>
        </dd>
        <dt>Verification Request:</dt>
        <dd>
          <t>A request that identifies a subject, a verification profile, optional
evidence, and optional constraints.</t>
        </dd>
        <dt>Verification Result:</dt>
        <dd>
          <t>A result object that reports the outcome of composite verification.</t>
        </dd>
        <dt>Evidence Bundle:</dt>
        <dd>
          <t>A portable package that contains statements, receipts, graph manifests, and
policy identifiers needed for composite verification.</t>
        </dd>
        <dt>Result Code:</dt>
        <dd>
          <t>A short code that states the result for the whole verification or for one
part of the evidence graph.</t>
        </dd>
      </dl>
    </section>
    <section anchor="why-this-is-not-a-transparency-service-requirement">
      <name>Why This Is Not a Transparency Service Requirement</name>
      <t>A Transparency Service should be able to stay small.  Its core job is to accept
a signed statement under a registration policy and return a receipt.  Composite
verification is different.  It applies a relying-party policy to a graph of
evidence.</t>
      <t>For this reason, a conforming Transparency Service is not required to implement
the interface in this document.  Deployments can implement composite
verification in one of the following places:</t>
      <ul spacing="normal">
        <li>
          <t>a local verifier;</t>
        </li>
        <li>
          <t>a remote verification service;</t>
        </li>
        <li>
          <t>an auditor tool;</t>
        </li>
        <li>
          <t>a deployment controller;</t>
        </li>
        <li>
          <t>an update service;</t>
        </li>
        <li>
          <t>a compliance system; or</t>
        </li>
        <li>
          <t>an auxiliary service next to SCRAPI.</t>
        </li>
      </ul>
      <t>This split keeps the SCITT registration path simple while still allowing
ecosystems to exchange and verify graph-level evidence.</t>
    </section>
    <section anchor="verification-model">
      <name>Verification Model</name>
      <t>Composite verification runs over a Statement Graph.  The graph can be supplied
in a Statement Graph Manifest, as separate references, or through another
profile-defined package.</t>
      <t>A verifier performs four kinds of checks:</t>
      <ol spacing="normal" type="1"><li>
          <t><strong>Statement checks</strong>: signature, syntax, profile, and optional payload checks.</t>
        </li>
        <li>
          <t><strong>Receipt checks</strong>: receipt profile, inclusion proof, and registration data.</t>
        </li>
        <li>
          <t><strong>Graph checks</strong>: object binding, required relationships, conflicts,
supersession, revocation, and dependency edges.</t>
        </li>
        <li>
          <t><strong>Policy checks</strong>: issuer rules, freshness rules, required statement types,
and domain-specific acceptance rules.</t>
        </li>
      </ol>
      <t>The verifier <bcp14>MUST</bcp14> verify all individual statements and receipts required by the
selected profile before it returns <tt>pass</tt> for the whole graph.</t>
      <t>A verifier <bcp14>MUST NOT</bcp14> claim that a payload is true only because it is signed and
registered.  A registered false statement can still be false.  Composite
verification only reports that the evidence set satisfies the selected
verification profile.</t>
    </section>
    <section anchor="statements-about-statements-in-composite-verification">
      <name>Statements about Statements in Composite Verification</name>
      <t>Composite verification can use statements that refer to other statements.  This
is needed when the evidence set has history.</t>
      <t>Examples include:</t>
      <ul spacing="normal">
        <li>
          <t>an audit statement about a submitted statement;</t>
        </li>
        <li>
          <t>a fix statement that answers a vulnerability statement;</t>
        </li>
        <li>
          <t>a supersession statement that marks a newer SBOM as current;</t>
        </li>
        <li>
          <t>a revocation statement;</t>
        </li>
        <li>
          <t>a failed-build statement that records why a build chain did not complete; and</t>
        </li>
        <li>
          <t>a graph manifest statement that records a selected evidence set.</t>
        </li>
      </ul>
      <t>A verifier <bcp14>MUST</bcp14> treat these as ordinary SCITT statements.  It <bcp14>MUST</bcp14> verify their
signatures and receipts before using them.  It <bcp14>MUST</bcp14> also apply policy to decide
whether the issuer is allowed to assert the relation.</t>
    </section>
    <section anchor="verification-request">
      <name>Verification Request</name>
      <t>A Verification Request identifies the subject and the verification profile.  A
request <bcp14>MAY</bcp14> include evidence directly or by reference.</t>
      <sourcecode type="cddl"><![CDATA[
; This CDDL is provisional and needs WG review.
verification-request = {
  subject: node-reference,
  verification_profile: tstr,
  ? evidence: evidence-input,
  ? required_statement_types: [+ tstr],
  ? accepted_issuers: {+ tstr => [+ tstr]},
  ? freshness: {+ tstr => duration},
  ? relationship_requirements: [+ relationship-requirement],
  ? conflict_policy: conflict-policy,
  ? result_options: result-options,
  ? nonce: bytes,
  ? request_id: tstr
}

node-reference = tstr / {
  ? object: any,
  ? statement: any,
  ? id: tstr
}

evidence-input = {
  ? statements: [+ any],
  ? receipts: [+ any],
  ? graph_manifest: any,
  ? embedded_bundle: evidence-bundle,
  ? evidence_locations: [+ tstr]
}

relationship-requirement = {
  from_type: tstr,
  relation: tstr,
  to_type: tstr,
  ? required: bool
}

conflict-policy = "fail" / "warn" / "ignore" / tstr

result-options = {
  ? include_graph: bool,
  ? include_statement_results: bool,
  ? include_receipt_results: bool,
  ? include_missing_evidence: bool,
  ? include_conflicts: bool,
  ? include_warnings: bool
}

duration = tstr
]]></sourcecode>
      <t>The <tt>verification_profile</tt> field names the policy family to apply.  A profile
can be general, such as <tt>scitt-basic-graph/v1</tt>, or domain specific, such as
<tt>iot-device-runtime-integrity/v1</tt>.</t>
      <t>The <tt>accepted_issuers</tt> field is a constraint supplied by the requester or by a
higher-level profile.  This document does not define a global list of trusted
issuers.</t>
      <t>The <tt>freshness</tt> field contains duration strings.  TODO: decide whether this
document should normatively use an existing duration syntax or define a small
CBOR-native form.</t>
    </section>
    <section anchor="evidence-completeness-and-discovery">
      <name>Evidence Completeness and Discovery</name>
      <t>Composite verification cannot assume that the submitted evidence set is
complete.  A presenter may omit a conflicting statement, an old revocation, or a
newer superseding statement.  A verifier therefore needs a policy for evidence
coverage.</t>
      <t>A verification profile <bcp14>SHOULD</bcp14> state at least:</t>
      <ul spacing="normal">
        <li>
          <t>which statement types are required;</t>
        </li>
        <li>
          <t>which issuers or issuer roles are accepted for each type;</t>
        </li>
        <li>
          <t>whether the verifier must search for newer or conflicting statements;</t>
        </li>
        <li>
          <t>which locators or auxiliary services may be used for discovery;</t>
        </li>
        <li>
          <t>how old evidence may be before it becomes stale; and</t>
        </li>
        <li>
          <t>how to report a result when the verifier cannot check completeness.</t>
        </li>
      </ul>
      <t>When a verifier cannot check completeness, it <bcp14>SHOULD</bcp14> return <tt>unknown</tt> or
<tt>warning</tt> instead of <tt>pass</tt>, unless the selected profile allows closed-world
verification over the supplied bundle.</t>
    </section>
    <section anchor="evidence-bundle">
      <name>Evidence Bundle</name>
      <t>An Evidence Bundle packages the evidence needed for offline or asynchronous
verification.</t>
      <sourcecode type="cddl"><![CDATA[
; This CDDL is provisional and needs WG review.
evidence-bundle = {
  bundle_type: "scitt-evidence-bundle/v1",
  subject: node-reference,
  ? profile: tstr,
  ? statements: [+ any],
  ? receipts: [+ any],
  ? graph_manifest: any,
  ? related_bundles: [+ digest],
  ? created_at: time,
  ? expires_at: time,
  ? bundle_digest: digest,
  ? attributes: {* tstr => any}
}

digest = {
  alg: tstr,
  value: bytes
}
]]></sourcecode>
      <t>A bundle can be used when the verifier cannot reach the original Transparency
Service during evaluation.  A verifier using a bundle <bcp14>MUST</bcp14> still verify the
statements and receipts inside the bundle.</t>
    </section>
    <section anchor="verification-result">
      <name>Verification Result</name>
      <t>A Verification Result reports the outcome of the composite check.</t>
      <sourcecode type="cddl"><![CDATA[
; This CDDL is provisional and needs WG review.
verification-result = {
  subject: node-reference,
  verification_profile: tstr,
  overall_result: result-code,
  ? request_id: tstr,
  ? verified_statements: [+ statement-result],
  ? receipt_results: [+ receipt-result],
  ? missing_evidence: [+ missing-evidence],
  ? conflicts: [+ conflict-result],
  ? warnings: [+ warning-result],
  ? graph_digest: digest,
  ? evaluated_at: time,
  ? verifier: tstr,
  ? attributes: {* tstr => any}
}

result-code = "pass" / "fail" / "warning" / "unknown" /
              "missing" / "stale" / "conflict" / "not-applicable" /
              tstr

statement-result = {
  statement: any,
  result: result-code,
  ? issuer: tstr,
  ? statement_type: tstr,
  ? errors: [+ tstr],
  ? warnings: [+ tstr]
}

receipt-result = {
  receipt: any,
  result: result-code,
  ? errors: [+ tstr],
  ? warnings: [+ tstr]
}

missing-evidence = {
  evidence_type: tstr,
  ? relation: tstr,
  ? expected_issuer_role: tstr,
  ? message: tstr
}

conflict-result = {
  conflict_type: tstr,
  nodes: [+ tstr],
  ? message: tstr
}

warning-result = {
  warning_type: tstr,
  ? node: tstr,
  ? message: tstr
}
]]></sourcecode>
    </section>
    <section anchor="result-code-semantics">
      <name>Result Code Semantics</name>
      <t>A verifier <bcp14>SHOULD</bcp14> use the following meanings:</t>
      <dl>
        <dt>pass:</dt>
        <dd>
          <t>The evidence satisfies the selected verification profile.</t>
        </dd>
        <dt>fail:</dt>
        <dd>
          <t>The evidence does not satisfy the selected verification profile.</t>
        </dd>
        <dt>warning:</dt>
        <dd>
          <t>The evidence satisfies mandatory checks, but the verifier found a condition
that should be shown to the relying party.</t>
        </dd>
        <dt>unknown:</dt>
        <dd>
          <t>The verifier could not reach a decision.  This can happen when evidence is
unavailable or when a profile is not understood.</t>
        </dd>
        <dt>missing:</dt>
        <dd>
          <t>Required evidence is missing.</t>
        </dd>
        <dt>stale:</dt>
        <dd>
          <t>Evidence is older than the freshness rule allows.</t>
        </dd>
        <dt>conflict:</dt>
        <dd>
          <t>The graph contains statements or edges that conflict under the selected
profile.</t>
        </dd>
        <dt>not-applicable:</dt>
        <dd>
          <t>A rule was not applicable to the subject or profile.</t>
        </dd>
      </dl>
      <t>TODO: Decide whether these result codes should be registered with IANA.</t>
    </section>
    <section anchor="example-iot-device-runtime-integrity">
      <name>Example: IoT Device Runtime Integrity</name>
      <t>The following example is illustrative only.</t>
      <sourcecode type="json"><![CDATA[
{
  "subject": {
    "object": {
      "object_type": "device-instance",
      "object_id": "urn:example:device:gateway-1234"
    }
  },
  "verification_profile": "iot-device-runtime-integrity/v1",
  "required_statement_types": [
    "device-identity",
    "firmware-sbom",
    "firmware-update-authorization",
    "rats-attestation-result",
    "vulnerability-status"
  ],
  "accepted_issuers": {
    "device-identity": ["manufacturer"],
    "firmware-update-authorization": ["device-operator", "manufacturer"],
    "rats-attestation-result": ["trusted-verifier"],
    "vulnerability-status": ["vendor", "authorized-third-party"]
  },
  "freshness": {
    "rats-attestation-result": "PT24H",
    "vulnerability-status": "P7D"
  },
  "relationship_requirements": [
    {
      "from_type": "firmware-sbom",
      "relation": "describes",
      "to_type": "firmware-image",
      "required": true
    },
    {
      "from_type": "rats-attestation-result",
      "relation": "measures",
      "to_type": "device-instance",
      "required": true
    }
  ],
  "conflict_policy": "fail"
}
]]></sourcecode>
    </section>
    <section anchor="optional-http-binding">
      <name>Optional HTTP Binding</name>
      <t>This document defines an optional HTTP binding for deployments that want a
remote composite verifier.  The binding is not a Transparency Service
requirement.</t>
      <sourcecode type="http"><![CDATA[
POST /scitt/composite-verifications HTTP/1.1
Content-Type: application/scitt-composite-verification-request+cbor
Accept: application/scitt-composite-verification-result+cbor
]]></sourcecode>
      <t>The response body is a <tt>verification-result</tt>.</t>
      <t>A server <bcp14>MAY</bcp14> also support JSON media types for debugging or deployment
convenience:</t>
      <ul spacing="normal">
        <li>
          <t><tt>application/scitt-composite-verification-request+json</tt></t>
        </li>
        <li>
          <t><tt>application/scitt-composite-verification-result+json</tt></t>
        </li>
      </ul>
      <t>TODO: Decide whether the HTTP binding belongs in this document, in a separate
binding document, or only in examples.</t>
    </section>
    <section anchor="registration-and-retrieval-timing">
      <name>Registration and Retrieval Timing</name>
      <t>Composite verification may be run long after the original statements were
registered.  It may also be run while some evidence is still pending.  A profile
should not assume that a <tt>POST</tt> to a Transparency Service always returns a final
receipt synchronously.</t>
      <t>A verifier or auxiliary service can encounter:</t>
      <ul spacing="normal">
        <li>
          <t>a statement reference with no receipt yet;</t>
        </li>
        <li>
          <t>a resource that has moved to a different locator;</t>
        </li>
        <li>
          <t>a failed registration;</t>
        </li>
        <li>
          <t>a sharded service that returns a different status location; or</t>
        </li>
        <li>
          <t>a bundle that was prepared before all related statements were available.</t>
        </li>
      </ul>
      <t>The result model in this document can represent these cases with <tt>unknown</tt>,
<tt>missing</tt>, <tt>stale</tt>, <tt>warning</tt>, or a profile-defined result code.</t>
    </section>
    <section anchor="asynchronous-verification">
      <name>Asynchronous Verification</name>
      <t>Some evidence sets can require network retrieval, large receipts, external
policy checks, or manual audit review.  A composite verifier <bcp14>MAY</bcp14> support an
asynchronous mode.</t>
      <t>In asynchronous mode, the initial response can return a status resource.  The
final result <bcp14>MUST</bcp14> be the same <tt>verification-result</tt> structure used by the
synchronous mode.</t>
      <t>TODO: Define status codes, retry handling, cancellation, and expiry rules if the
WG decides to include asynchronous behavior.</t>
    </section>
    <section anchor="privacy-considerations">
      <name>Privacy Considerations</name>
      <t>Composite verification can reveal more information than single-statement
verification because graph edges show relationships among devices, software,
services, cloud tenants, suppliers, and auditors.</t>
      <t>A requester <bcp14>SHOULD</bcp14> provide only the evidence needed for the selected profile.  A
verifier <bcp14>SHOULD</bcp14> avoid returning more graph detail than the requester asked for.
Profiles <bcp14>MAY</bcp14> use encrypted statements, salted identifiers, selective disclosure,
or access-controlled evidence bundles.</t>
      <t>A verifier that stores requests or results can become a sensitive data store.
Deployments <bcp14>SHOULD</bcp14> define retention and access-control rules.</t>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>Composite verification depends on the integrity of every required statement,
receipt, and edge.</t>
      <t>Implementations <bcp14>MUST</bcp14> verify the relevant signatures and receipts before making a
<tt>pass</tt> decision.  Implementations <bcp14>MUST</bcp14> apply issuer authorization rules for each
statement type and relation.</t>
      <t>Risks include:</t>
      <ul spacing="normal">
        <li>
          <t>accepting a graph with missing evidence;</t>
        </li>
        <li>
          <t>accepting a stale attestation or vulnerability statement;</t>
        </li>
        <li>
          <t>accepting a relation asserted by an unauthorized issuer;</t>
        </li>
        <li>
          <t>hiding a conflicting statement;</t>
        </li>
        <li>
          <t>mixing evidence about two different objects;</t>
        </li>
        <li>
          <t>confusing statement freshness with object freshness;</t>
        </li>
        <li>
          <t>returning a <tt>pass</tt> result for an unsupported profile; and</t>
        </li>
        <li>
          <t>leaking sensitive graph information through result details.</t>
        </li>
      </ul>
      <t>TODO: Add detailed error priority rules.  For example, invalid receipt should
probably take precedence over freshness warnings, while unsupported policy may
return <tt>unknown</tt> instead of <tt>fail</tt>.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document requests no IANA action yet.</t>
      <t>TODO: Consider IANA registrations for:</t>
      <ul spacing="normal">
        <li>
          <t>composite verification request media types;</t>
        </li>
        <li>
          <t>composite verification result media types;</t>
        </li>
        <li>
          <t>evidence bundle media types;</t>
        </li>
        <li>
          <t>result code registry; and</t>
        </li>
        <li>
          <t>conflict type registry.</t>
        </li>
      </ul>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
        <reference anchor="RFC8610">
          <front>
            <title>Concise Data Definition Language (CDDL): A Notational Convention to Express Concise Binary Object Representation (CBOR) and JSON Data Structures</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="C. Vigano" initials="C." surname="Vigano"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="June" year="2019"/>
            <abstract>
              <t>This document proposes a notational convention to express Concise Binary Object Representation (CBOR) data structures (RFC 7049). Its main goal is to provide an easy and unambiguous way to express structures for protocol messages and data formats that use CBOR or JSON.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8610"/>
          <seriesInfo name="DOI" value="10.17487/RFC8610"/>
        </reference>
        <reference anchor="RFC8949">
          <front>
            <title>Concise Binary Object Representation (CBOR)</title>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
            <date month="December" year="2020"/>
            <abstract>
              <t>The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. These design goals make it different from earlier binary serializations such as ASN.1 and MessagePack.</t>
              <t>This document obsoletes RFC 7049, providing editorial improvements, new details, and errata fixes while keeping full compatibility with the interchange format of RFC 7049. It does not create a new version of the format.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="94"/>
          <seriesInfo name="RFC" value="8949"/>
          <seriesInfo name="DOI" value="10.17487/RFC8949"/>
        </reference>
        <reference anchor="RFC9052">
          <front>
            <title>CBOR Object Signing and Encryption (COSE): Structures and Process</title>
            <author fullname="J. Schaad" initials="J." surname="Schaad"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines the CBOR Object Signing and Encryption (COSE) protocol. This specification describes how to create and process signatures, message authentication codes, and encryption using CBOR for serialization. This specification additionally describes how to represent cryptographic keys using CBOR.</t>
              <t>This document, along with RFC 9053, obsoletes RFC 8152.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="96"/>
          <seriesInfo name="RFC" value="9052"/>
          <seriesInfo name="DOI" value="10.17487/RFC9052"/>
        </reference>
        <reference anchor="RFC9942">
          <front>
            <title>CBOR Object Signing and Encryption (COSE) Receipts</title>
            <author fullname="O. Steele" initials="O." surname="Steele"/>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="A. Delignat-Lavaud" initials="A." surname="Delignat-Lavaud"/>
            <author fullname="C. Fournet" initials="C." surname="Fournet"/>
            <date month="June" year="2026"/>
            <abstract>
              <t>CBOR Object Signing and Encryption (COSE) Receipts prove properties of a Verifiable Data Structure (VDS) to a verifier. VDSs and associated Proof Types enable security properties, such as minimal disclosure, transparency, and non-equivocation. Transparency helps maintain trust over time and has been applied to certificates, end-to-end encrypted messaging systems, and supply chain security. This specification enables concise transparency-oriented systems by building on Concise Binary Object Representation (CBOR) and COSE. The extensibility of the approach is demonstrated by providing CBOR encodings for Merkle inclusion and consistency proofs.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9942"/>
          <seriesInfo name="DOI" value="10.17487/RFC9942"/>
        </reference>
        <reference anchor="RFC9943">
          <front>
            <title>An Architecture for Trustworthy and Transparent Digital Supply Chains</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="A. Delignat-Lavaud" initials="A." surname="Delignat-Lavaud"/>
            <author fullname="C. Fournet" initials="C." surname="Fournet"/>
            <author fullname="Y. Deshpande" initials="Y." surname="Deshpande"/>
            <author fullname="S. Lasker" initials="S." surname="Lasker"/>
            <date month="June" year="2026"/>
            <abstract>
              <t>Traceability in supply chains is a growing security concern. While Verifiable Data Structures (VDSs) have addressed specific issues, such as equivocation over digital certificates, they lack a universal architecture for all supply chains. This document defines such an architecture for single-issuer signed statement transparency. It ensures extensibility and interoperability between different transparency services as well as compliance with various auditing procedures and regulatory requirements.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9943"/>
          <seriesInfo name="DOI" value="10.17487/RFC9943"/>
        </reference>
        <reference anchor="I-D.nobuo-scitt-protected-object-binding" target="https://aoki-n1.github.io/draft-nobuo-scitt-protected-object-binding/draft-nobuo-scitt-protected-object-binding.html">
          <front>
            <title>SCITT Statement Relationship and Protected Object Binding</title>
            <author>
              <organization/>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC9334">
          <front>
            <title>Remote ATtestation procedureS (RATS) Architecture</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="D. Thaler" initials="D." surname="Thaler"/>
            <author fullname="M. Richardson" initials="M." surname="Richardson"/>
            <author fullname="N. Smith" initials="N." surname="Smith"/>
            <author fullname="W. Pan" initials="W." surname="Pan"/>
            <date month="January" year="2023"/>
            <abstract>
              <t>In network protocol exchanges, it is often useful for one end of a communication to know whether the other end is in an intended operating state. This document provides an architectural overview of the entities involved that make such tests possible through the process of generating, conveying, and evaluating evidentiary Claims. It provides a model that is neutral toward processor architectures, the content of Claims, and protocols.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9334"/>
          <seriesInfo name="DOI" value="10.17487/RFC9334"/>
        </reference>
        <reference anchor="RFC9335">
          <front>
            <title>Completely Encrypting RTP Header Extensions and Contributing Sources</title>
            <author fullname="J. Uberti" initials="J." surname="Uberti"/>
            <author fullname="C. Jennings" initials="C." surname="Jennings"/>
            <author fullname="S. Murillo" initials="S." surname="Murillo"/>
            <date month="January" year="2023"/>
            <abstract>
              <t>While the Secure Real-time Transport Protocol (SRTP) provides confidentiality for the contents of a media packet, a significant amount of metadata is left unprotected, including RTP header extensions and contributing sources (CSRCs). However, this data can be moderately sensitive in many applications. While there have been previous attempts to protect this data, they have had limited deployment, due to complexity as well as technical limitations.</t>
              <t>This document updates RFC 3711, the SRTP specification, and defines Cryptex as a new mechanism that completely encrypts header extensions and CSRCs and uses simpler Session Description Protocol (SDP) signaling with the goal of facilitating deployment.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9335"/>
          <seriesInfo name="DOI" value="10.17487/RFC9335"/>
        </reference>
        <reference anchor="I-D.ietf-scitt-scrapi" target="https://datatracker.ietf.org/doc/draft-ietf-scitt-scrapi/">
          <front>
            <title>Supply Chain Integrity, Transparency, and Trust (SCITT) Reference APIs</title>
            <author>
              <organization/>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
        <reference anchor="I-D.ietf-scitt-receipts-ccf-profile" target="https://datatracker.ietf.org/doc/draft-ietf-scitt-receipts-ccf-profile/">
          <front>
            <title>CCF Profile for COSE Receipts</title>
            <author>
              <organization/>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
        <reference anchor="I-D.nobuo-scitt-hardware-iot-cloud-use-cases" target="https://aoki-n1.github.io/draft-nobuo-scitt-hardware-iot-cloud-use-cases/draft-nobuo-scitt-hardware-iot-cloud-use-cases.html">
          <front>
            <title>Applying SCITT to Hardware, IoT Device, and Cloud Compute Resource Supply Chains</title>
            <author>
              <organization/>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
        <reference anchor="TODO-POLICY-LANGUAGES" target="https://example.com/TODO">
          <front>
            <title>TODO - Add references for policy languages and audit result formats</title>
            <author>
              <organization/>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
      </references>
    </references>
    <?line 645?>

<section numbered="false" anchor="design-notes-for-future-revisions">
      <name>Design Notes for Future Revisions</name>
      <t>This revision treats composite verification as an auxiliary verifier function,
not as an extension to the core Transparency Service.  This follows the concern
that adding graph discovery to the basic registry API could make that API much
larger.</t>
      <t>The IETF 122 discussion is reflected in this draft in three ways.  First, the
model allows more than one organization to make statements about the same
subject.  Second, the model allows statements about statements, which can help
when a later statement fixes, updates, audits, or explains an earlier statement.
Third, the model allows evidence to be identified by stable locators, so that a
verifier can build a graph without requiring the Transparency Service itself to
become a graph database.</t>
      <t>The IETF 124 discussion is reflected by keeping graph discovery and composite
verification outside the mandatory SCRAPI registration path.  The draft leaves
open whether future profiles place graph hints in payloads, protected metadata,
separate graph manifests, or auxiliary services.</t>
    </section>
    <section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>The author thanks the SCITT WG participants for discussions on graph building,
opaque payloads, receipt verification, and hardware and software evidence.  The
IETF 124 discussion was useful in separating the core registry function from
possible auxiliary graph and verification services.</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA61c63LbRpb+30/RS/+Z8ZCUZWuSCT1JVpEUR7O2pZWUyaZS
KakJNEWMQICLBiRxXc6z7LPsk+25daMBgopdM6mURYKNxunT5/KdS2Mymahn
z56pZ/rC3r/UD2V1lxW3Oq3Mop7C1fPKrk1lU72oypWul1ZnRVZnJuchk6Kc
N+XEJVldT5JytS5dVtuJvc9SWyR2cm+rbJElps7KYrpKxzAjznF5dHp1pV1S
rq02RapX2aNNJ642tV3ZooZrJt+4zOmirO2YhtAte2dH53plbQ00wlRp5pLG
OZhbr+DWCsiaan11dnwG36s7WzkNtOvcLmr9sLTw8ac3QP+6qTXObW1q0ykt
v87q3M706MgvQZ/IEvTfoyXoRVkJ8ZeB2DeVWS/dSJn5vLL3MAkPaKeKZxgp
+Gtvy2oz065OlUrLpDArePZn83Py4oVyzXyVEQfqzRomOT25+l4VzWpuq5lK
4Ukz/fLFyy8mL76E/1VSFs4WrnEzvTC5swqofaWARWamL0+OFO7+bVU2a/ja
rNf5Rh8tTVbo0wJIrrJ6M9ZXlSkcSkSRbHhjrqrG1fonEZw3eLu6sxuYK50p
PWF24YeYdvwelqf98vBqKwS3yFe6xLQkSAt+N02a1ereFo2FJ2hPMT9HMyO6
9GiQhywHjiNf/z2z9WJaVrdw2VTJcqaXdb12s709HIRXsns79YP28MLevCof
nN2j+/fwmVm9bOYzbcq7bFLs73325sEcOSzU1e3TZa4pzz3Nys+f9fPvmC7r
Va6UaeplWeF+AWFaL5o8Z6l8j1PpQyCNfgCGmCL7H7p1pq9AlUH60wZWon8s
gG0VPGlDWnKY3ht4GChuDdtlnf7D5dl/nLw/Pjz9I82UlE1Roxb8zaxNQZcs
b1JxjZyAXbKWdkkVZQXqDbPjbl98f/Ryf/8r+fiX/S8P/Mcv9l/4j18d+AFf
vfjzS//xq4Po4yv8eDo5nsbMWldgb5IabFE5/wd8mMyzIgUxmhF93kj0DcCF
zYkhbpmtSSXO/TT6jKbR3/E0I57GVLf2M/d9F2GfMVR2OisWPXZ+9erVQfvx
z54vqAAypUtAFbMeEz7TQPyBuPZHYNbCVmRYD89P3TBHwHCZujIJWPBWD8FQ
ymq3KNvbJrmyic3WtZskyQJZsshy213A0dH3uFH4Awns0dnlCVDHt/2zdA09
fm9A4JamSh+AWZOsBFXNyyadNM5OEuOs65J7iOxGi8bSV5f6B7l3rE/LK30M
6p2IrzzCicgBNaCYF9aVTQUMj7dsxwo/RRafovkzh7NMssuenJ+9PT36efL2
8P2bHw/fnFx2109efQJmJdWVFyFHG7cu8yzZgDktbhtzCxeRBeQjYKRr8lqz
xO9Ysn00q3Vup2Ao9/AhMOgZ8Xjy7vT9j1cnl5P9l2Q3nrXEoJvVcFk2o+Ns
9LusALbT0559ogwJpNmDKfc8knF7K54Iny+8BF/+5xevXr548fLVC3T/A6Qe
DJN68K8n9WCQ1IOI1P39Fwf7XyCp+0pNp1OlJhNw33OHs9ZKXS0BhoH+NGRG
U7vICtw+RAYrxHRlanPa4hYqxL5Llwvx+j3Q4AAFHm7dZGGepU3u8AnO1uFu
fZndFjZVwaC7sfb6O9ZsRLUYUccKVsUW36YodE2RwgOMRreZqg6Zov8ITcFh
ikxmREZdNUndIL4GnF1WNaBjU+vEFNqZDWDWLFm2i3N6bZyz6Zh/CLAJ5yIU
WNwO/QT352wYFP8YTQiIcAHaA1BfIW3McbgnA4MOC0qJ+559uHhUqxI/pXad
lxviOUxSV2We04hmjbBTOVuhPRJ+lQD6K+QaWrAJeAcACXVZ5rhRpwzGyxqZ
Zx86DkRf8jSqsv/dZBURzbekpeWbWGrg3obxB0QmjBcnhBf71oHY0L8ZQ5K1
2eSlScVWoHCYYhOhUYSVIsCrLE1zqyAAOcWFp7CFiOgUS1Nua5ZhANorK9zb
8MbCjpOsRfM+GAeMuc0cqBL8ABQbNcQCWPY7pAjAOsReNskQ9HMQA9PmqLpV
u+0g36gDKlCxAnGiseA4SAs8QYusWqF51pffnb2DicGjZnNgD/Ik/LayxqGU
KpBmA4PY1fAMhWy5Zgwp4BDWj7vBY/w84RZlasS+PFIUAhkBQtwAjfMNTmuS
xK5rM89bBWZpokmKUgYAVS03IQAr74B6shks2k4/gDOj9SBXlPoJvpZN3dqZ
HdaFlGGsrUF9Skq3gS1aBSuVwcTlQ6EAxYz9EmALVyDxC/i6hDFO7M040KKX
QH9OeooLCds1B+sBEsWyR3YCVAKtQG4NbRkpSzAOKLoYq8FlMNhL2nhbYIhb
4DoV2iqYugFJkUi71Xg2X2zdKDq+N3mWTnca40IHxBhMMjlYML9rvAYP+eHq
6txbSFQgNcxRMYBdI8NTACxxK/jDyg0GEznjZINI+0FchHZ26ZnNU4fWLscA
39xT1qJcRSoPbBPL68S8DXkEWMccZigTNBzlomY5NfCcFeBoLXZsTALJxo82
Y6zMsAkco+yZrg2qMnenbXELHO1Zr6W5t0jo3CoSUHAeTGVBaRAXZUsGjYJC
K9T16UdAin0M3hXxGDJ7DngLDDEJCDg1XBdvKQkVPwKZ4W0RWIzY/jll5qg0
gUrXkGMcg+zyVXhAlsjtlTg+A4oXjDsGlRLUw3ZWMDlpFHLEw6kooYOZn5TY
iG4R3dAK9j1bkzUoUvBBwGgVx6PgBA3xIZZ2Ihr3rqqzhUF6SXhzV+rKZMgS
Nv5gj6pCgdUfbd3dXhiJBBMDtmglRoKPy9BkKZQo9JRewhp8FmzoukSxr1Ak
AzSLpoqIIpkXmAOqTXpO7Oto5NzmJeASuKbEhYG9oVhmCbaDXDLwDnMNIJbN
YwbkIevFPbM4EjuiRVweXYBZa91k0lQgdjUoqWgmchRG0LYwSWiOIutsUrIF
rkG4wXuoUnDgCU4C8s5PgLuaPEXutB5sAXPW04704sotXAZNAe9HqGXQYBv0
u0GzUQ1ZYdWiKRIxQKeMrmA3tkxjjPr87vGSeImgENkCtsSNFcp8FqmxwBPa
tiE9xSWDcMYWKLjwKarwsUVgoN+UsBVsq27xI259jYwQQ0YGuy5nSj2HTcvL
BzJUJCgW7ZJGf1Iz3AgqipPEfHodbg7+hyyQ31zyv+AVGrB6800bbZEgwYUu
N9rZagK3nhgMzIRomB1RsedS2kNVDqewj+sKPSYhgGrcQdiRR+X9CO4U4Q0Y
G9AomqSygKXBn4M/qLyjoIVIoGhwgoXJwKuDmS/IDzfFXQF+fNwiaMbLmBzs
PArjVXyIN0llkRPwRHi7WNDn3+Eye3lHwgDoCFheP1h02ejcXxMyhXvuyyxl
94sahEyFIAHsKFAC0kx2DjaUXd3ErUGM4JEevrI0vS+LSRClSHq8vJL8DADn
HlZmlrJkm51yvbYVWqMdShnP0fqyThIIJ/FMZdlCe4jwcdOlIKg23LCwNZgW
YHDLXsCfJRrFBOHEa1phgrbK204TMH6Sm2yFjgk4a1+3vEAIPNY/0L9H9O/f
T/4LRK4Fq2N93+SFrcwcDCmmu7yV0Q6w3sq4aLY5QpY1RrqZT1W0AGMZkjeU
EqGJMI0T4wYQwZTswmt0dciJdW6SLcMVQ7ou3kJZADhwzyiLsd8xSRZ9Z0Nz
ZzdovQFMjd79eHk1GvNf/f6MPl+c/OePpxcnx/j58ofDt2/DByUjLn84+/Ht
cfupvfPo7N27k/fHfDNc1Z1LavTu8OcRa/To7Pzq9Oz94dsRRkB1B4qyzUMD
RZ4T7ERNrlT5YIWipu+Ozv/vf/cP9IcP/yYp4o8f5QsmieELwmMJR4t8I19B
MjbKrNdoMTD2AoFKzDoDE4C2BoLnJRgHjQ4IuPn8F+TMrzP913my3j/4Ri7g
gjsXPc86F4ln21e2bmYmDlwaeEzgZud6j9Ndeg9/7nz3fI8u/vVbMmaT/b98
+43qxwXZCvWUcSmFO1vJ7nEnMx58h2RWVedSlEU5SW99pa9bWaPKo/rw4VNz
9R8/wk4NF99mimsWFp1CSCE5CJ6qgVDp97JAoJ5P5IGczZkrg6kgpTplxXOf
oJ7pQ84g+QxV1ZDHQExV2zzvIJxeNoed6VhcqBvH9MVBaZ6tsrrvSfk5Bo1P
n7gL9ulMnA/FiCJBGxkl7UJAYAaXPA7hItDlbbaoo48jI3e+TQR6c08DeXbZ
E4HdrVgCZgdfZJF7O+JQpUJ19zvyyTwvTkHphrVJ7jBXxPE2xFOYMN8hGX1s
KJIhrjRwqPL15ifymUAXLxOMdio0gf2pkIZUqCEinGAtn9ymrw/LMu/nRyv6
FYJJpMhUNePJtuDK1EsUudxw3uHUAYCod3n8izYTp9Th8Bgg2uP6OeM/IDuO
8BHCg1X/RzknL+xTOWogP+b1qRtYMnfZ8RHmM35LYP6g/N00LJqxbEHWR5KI
KO4svN3UZJtAMLK/5UJ5ngG3vieWZ5i4Mw5BAaX7EAUhZBtkSdYJFCink2HZ
gfjIbRVgThfo3vsOEGg9DpkGjifDra0k9dZa4K777V6UCESRNgIQjuMHSXp4
c0KA1ac9OpNJsEgDulkQvmcwDyKjJTcYT0E0QxhKeUpKAQi+ocl7ESpozWPd
Row+MHQwQQ3Qxa7jFMl28sERpyRNBNE0uHcjvFAhp0cSaB8BcxWcIPY5W9r7
SQ7+oYWZBKo6pukd5rNil9NhXtUgYL8nGe55NskmsIRJmoDwX2ZThWBkyxW+
EzPD0AQ7c5C5bT2MYGS9rMrmFsBxQWl3JQZ4wrA09dZtiuobfImgeISpTaXv
wM9RmMEJTJCX/al+/rwlh68/fz4jhTVYwoDAaQOW8nHcWvyOcQ/gm26dqpc4
o6CCaD4PZMMkWZHkjRNPUi58ASbaaaxTTdUrnI/Z1M7W9dvjVv9izx0laMlr
4iaAwbaUkRlTTjkR9I/PBnHH2ghqN7n8qTrAR5+z0WifzX6YPWvsf+XCrmiY
KKDn9EI8yYej2tAUktQMW0hQVCQXcWyUBd6V/w00zCljoAJo8RHjnPMuVEpF
O+v0DUbRNz2v493IYY8aRKIcbEm1wQuBxF6MxOc2MZiQyShRKR4A3WhbF6GC
XlQmofaliHNUMSP1Bh2iH3f7AXpmCxhM3XWJCLwcjHSEa7hswFwZruqR87zs
Jw2jC6DJw3B0p83wGapo2wTlLDj65Xpa+7OUDFToagu1gO66lmA2YByYb0R5
J1z5dqxiiDgiCx/Hl5xE1dRsVtexyLJBX2SPsRRzjcc9UP9dN2Du3xlrWn8K
bOFzXBSExVJ5CsiXXKT3Vl41t0gysDfpZN5kedqfGMSf4t0HQDxG8xBO1KdZ
yglP9FAQZoakTA/m7Zoxgv2dUty2ZlAmEzcIttlgKhvsE7q9fhDCQCVWbbgn
q1Qwuz2NFoVtnCSPVtEElOYliB8hHE6SKJ8kISjChgsr1OgrGa1g5bmqBXjm
bX5hKFTA5Q5djwOGOEHJaWM7HCphGdNHHRC9emFtGRzyypyeDN4QyPvtt990
kqa5es3Q9uj4+K3mhNg9ZV8NF7NQaRw2h4JAZfZh2tH0iX/61/qD0p7oGQhK
aidtdhR+iu+69k1HugZHhb9+G0iehU8T6kblX70xvg67f00OYaZ/+RNN8iuP
82XPawn0ZvoD/66//iYM/chjg9fpDEob9pwf/YNbX3gdVdr5yfGvk+hXocZ7
zmsWqVm4MOEL/hEYq1wzGHAz+T6R7zymKIk1801tXcsRYPx1ljIX1UdsBoy5
DntCi9qjrflW/P0Ma/c8ReBldC2errsRssXRbcwDuPVXTxIrWu8ymYdrbx6i
Z9nV3KZgkK85+RvtPF/oCsZ1LuYs2nSkctceCL2YIbnmvlcvbP6O9kpd9oa0
EgdMBzCPD+ptHsw/Qks6AgaPMGVOH8D0gI3Bj8RF1d3MwENR1GviDT9i3Pmh
lXOewQ0NEoY/NUQy99etem2PCQBv6EcpBriWD15DRL7QkDDauhnS8RsuR1Pm
hi2bsG9hVhkXvDizgihG7lEC+G8tesd8zLUycAU3nN6icuqEeLd3v39DyF7q
2x4RhnvUDfbWcVvGBAKOOluhQEtPJt4uWPGmbzs85ZlvWeH0SwhDBBh26zrY
nqGW2S34CwmO4g6nThfBVpfObV7OwejmAEIoOsXeUIx2mBxPZjBbnr6QhAkb
A5Tilkm//6yf7McIWgU6JCERGolhTxBfwQ7YR6CEegfCxBTFELs90ZS4UEff
nV1MCrqfuoQY+YVM0pFgBsL4lGn3VYyncB6Vxh326LRQtMVZHfAGC/K4RAQJ
wENRS3NPCbdIHgLlvFMHp+6FMk87oQxWLhRjK0FhaecmekZbcgk1WPaVJoh4
2bYdKVpvN7bsenMtqWx6iob15tY4rkcNZjMp+e/N1OswSsQF1+CjrDKX0V7E
mTJs3sGZ+N4W44SFrbA52Vns8qc7mCNR/1C3o6ClIRT4y6HCOu2JL/vjvJ2a
1rJ8oP0I+yuj23ALYqISjQkVIz0MxdvAlkiroAmdUx7rx10tBGOp0SuJBBPb
n3C0+YSxY6RD9kuybDdSLb3BhM2NmM0bsKOgxAbroBIeYlk1Rz2Iw6e2iI2o
0mHhC5gzeSirvBdaUbqENcGbIXKW047CceoWJK3oX/MpDteNgKIErK/Y4t6B
wifLqizKxnXI+GfwY8/Li0/kL+KGR2zneyPBWI/GT6PMb/UAtPyXARYCDgGv
8G1pBrwMgA8jFxhg4C50NIJgHtegoq53VRbM989kHkGxNRjwOTYNAzR9HqAp
0PGRHDANFb6Z/LZdKxX0BSbCSPLMh/KkTrPNTrWo2CpgqaDKbjPcxDhnq3zO
FlwCKn9bLeqaRI6xjH80hVicg2gjNbUr8wIqk6VcEo9ke6DkMRBLkdLvqHjU
nTY3Uup/YRxET/4nwyByEXkugC6EAljiGEb9fFXYHkVHLJvhq5DXFfsWNlIk
Q9e6A7fBI4yUi0E5e7EOTxewcme+FkvCEPnSHcGqN6QTImlbyuVFLubH7+hP
xFUE8WiVCbt30DweScLPYtXhM52QaP8bCSNoFLki+uRXTl9AoyZUSEmw2LM9
B8cI/W3yUrQVnu0UC3b0gzZvK7CxVVVWW4FzZ2ui2CqWCqFLLv4+VZ/zpL5U
ybNC8LcdnvVjOLKz5EwFwF8j7ol/B8zgwPO1AW5PSuWZIWrvPhN1eWsxW1N2
pVpmlItbi8ApnyKQ7Pczb9Ww8KkvLfilOktcJ20mSARxe7emtbKGma0Uinlb
5PfYeTCZu6sujwqyNUWIY3iuzSfNJBx5gh5YZooYchMaxX0zbVj1omywX7Xt
/sJIngrBocbKLSrYJM65OTolRoVMIEJU2xPRukIJiLw3NKEhMW4/X2JnjDSW
R0dKgIamMPd4Whbru2XFI0xAeFLtpNqtq8sS+8tF+pGSC192GDjBMiVbwSX5
k+hngMsECg379G45RSDltBV3v2Aprm3X8JFq7tjwVX5uhOB6cyftr6NN7Vo7
6UdACvD4AgVz4Ue/JaENs4rm4aD1uB+0YjpY1AptjIu2Oap+0IGG08P3hwyI
OY0/i44B6gtOArQHMzmwbpVGTr1RG36eN1xLu+eCjACGfziQNlTtkaxgNCNN
hwtl93u4QtoPl0eSi8DAAAtWBGnjcVmKoyCkmAkhM75jdgv782A2k/2Xrw74
vN5H+JcSlaMhXIHT/E7ygx4+2pVdhQl+4UV5milHXW+E5pE/vDJx83K1dZHr
25PO2Rc/CFjqJlHzoBhM/3OnMEIvP2joJB6Z3VE/U9Myv08nLGAElqTB9vam
stXo108iEm+TqUoI/9EOYZve4Ey7VoJzSApn4k1LuGlwfXgH9+/jwzxFcHu9
zKqU+y9Gv4YtD2reLn83LaPzq5cHPzzJXhz05fEozL8z9R3EIkh4SLLiJENC
EU3HKiBHqdqfJQXbmSBbgTeMZ2AxhTFYIGUNGD9BydNC1qNJznENk7RTZwdp
CoLaKwDQ4hBktr79rHNOSM7CP3HgaOe5oqjTRMz2g8H6pJKule3zPdJi4ecI
Z1F+95Ahm0A8CavOzyCwk1c/tG9TiI2RI0r39qf7ik7fAMq9IhgkzoBezdB/
HcNQielPybys1CGp/mfdjVvON4dMNVxc4/s+9LxMN5zgvRm464ZydZi2wtLk
4c9cJfT92H+7PHsPACvNjOTjeBfmze0t8rOzJeh7QbUziqIwo3fz2ctHl3Pz
mXfS0vnGnV61K0ntkZluo9WYOoBDX43y49vfqZku3+A48VuOs8AXcT8KRtIX
FsIzjOf0VbYicd+RA5bMHzgujVRps6iF5pCciEDLA/j/blvEaU1T0K7JPNLt
hBmB7jlgzE1g7wrCrLgUEdLj3Vw0CAzK/g03wg22tZkcnLULzSHYCoAdnr6J
J0qtEayI4PxQ1pQwJ8yPrwbBF9hwi0B0uNNX/QgAFWVoFtrY0BAg7zqgBWC7
A5604AJ22/3nc7dxq0CnpUiaE7BJn1px5bADl/r9Utvp2LloX7zz7Ww+MySW
CtMt8jIlyfNil47k2/qbrAO8ngZ1RlQohyf7PfJ8ck8qAoIj6cQKsyrkbcfq
RnD2zVjfENDGDz6TK4cX+x1jESIlxHkY7Wuvo+WyI3XOSsOiP8RR2JoOrlZe
PcZ88CtqqLWPeBQPhGgdN1QRZYhNMFMl73agFNWOk/5oybwRw/PGMcUrXsdp
obcujzuvuAomlJcgjaay217U2MUoEnzPKcoFzm17WnLQ8rbH/zlh6Zuwtkn1
do3qUfJ8ig/GxMlNdK44Qd+d51G/GqVmN9LhnVGKUP30Rgpm1PvoWyo67Jjb
pbnPyop2/LzK7g1sBrg3zFuylrgnG5hgf/Co+ooKGtGBRQrhUAJBwILQd/P/
viGMgzeO0jDK7XbtabNCg8mwBTgRDtdELx+gwzUaPLKhtm2pJ/hzff5tBmSZ
2hKnZBr8WUey+LsKCUMFDmpZ6ect+FwXCxFlLZAvctzJQnCat7FtS4lxd/yc
qZIjAo4kG5kDlFSbddd0wApNjpeivvOx0IfRHRah8hIh4FihpgPQcG4Smna3
TqS7rs2WDvQSu46ESIqjJckq2XdKRaMbBVHhp5ra8G1TFXcyC2ekzIrHeorg
P7ukhYbHZ+B5kgYDu08VRe7WdP7kcwgMMVmOBz82A42YY+/ARIFSqmie+qZr
wXy9piwUTrBo6A6e7s2SU8pGSStllHgZfAR3bEmds/uSBdZpX+iM3oOAYK3z
phI8W5C5u16vHwFNrmLIMV70FuIhgjC87g0ltxGfikMZeKrNL7rX0yP9ZOFl
D03RxoKyViqUZinfN1iNxRGr7DGmVZoVwctE/pmTDlS7xXm4cNMyq80l0fKl
ZzhcbU+WMimybdHxC6JfvE1rBnzVNrdyLD0oxPYpbt+zLZOyRXDB8uNbj/ga
6iimnOEhYJuR1awaWuOhBAGlCGTptQ4BIDHCw1bwOWAKkFc8jLzGX5lrVHGN
+CD567Fgyc7q2C0D6FRbVeG4EIyw6oZUFjNVW+rajf6CNQFQR8MNHdhGYBeY
4GfgATFcIxUgid5xMtx38EWRzOunRjPU6g7umcb+zxFG8rRtvASE5CKppf9V
3iYzN8lddAT8fVmLSn/fEDS4sFyic+rDjN/saNOvR9TjPPoofKxkzCcckI/P
WLRZZjkgP1YcA3BnTI0CW4bUMh3Z2fFqGqKCs4tOBgOrqkLFbwPoHe7183Ze
HLGhE8GcnaYT8zQBXls1YOH4LQECiYdeG0HMWIg/DjCZX4JBamYxVbshhckq
PEmBcEhea8Lkk2cmZ0xHaKI3TIRj/FvviPBAT0mqFKYHR1UWKQPKzvxPvGDC
v76Jcu82XyvJq/PrGyKLlT3a8K4l/1omxsiA9nJKdeMWmgrRTtTTg+JSDRHV
exVAwA9knx0fi2tfiuBKiRBbmEO+n1qpY1+Cy2P/6g+zD5+OqgGjADItVYAP
IiwAHfDNJd0dP9i540AsHgoakjY+7jh8IqCpQzW+rcnIOyq2DhVJTomFCl89
Y50qpUxCCYcFK65/+QwfuhJ6lpkcCWhf1hEOsoJJqQ2uGBGsnO3ZOl442G3E
UVmCVhg8xC2/sGWHufAvaiIRv4uPT0FQgPnXLMnWCJdD2xIzmiAUk0P7jNEG
rNuAZY0WM3QOnVGUP/FOXzxWb49VcRQ1tMEYOQPgXTQU9wpnvDiRUQq2w9sx
PjMMW+0yFNyWYUx/OOLVO+EGfPx/91zZ6hBZAAA=

-->

</rfc>
