<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 2.6.10) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-sullivan-mls-attachments-00" category="std" consensus="true" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="MLS Attachments">Encrypted Attachments for MLS</title>
    <seriesInfo name="Internet-Draft" value="draft-sullivan-mls-attachments-00"/>
    <author initials="N." surname="Sullivan" fullname="Nick Sullivan">
      <organization>Cryptography Consulting LLC</organization>
      <address>
        <email>nicholas.sullivan+ietf@gmail.com</email>
      </address>
    </author>
    <author initials="R." surname="Robert" fullname="Raphael Robert">
      <organization>Phoenix R&amp;D GmbH</organization>
      <address>
        <email>ietf@raphaelrobert.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <area>Security</area>
    <workgroup>Messaging Layer Security</workgroup>
    <keyword>MLS</keyword>
    <keyword>attachments</keyword>
    <keyword>random-access encryption</keyword>
    <keyword>confidentiality lifetime</keyword>
    <abstract>
      <?line 56?>

<t>This document defines random-access authenticated encryption of large
write-once files for Messaging Layer Security (MLS) groups.  A file is
encrypted so that a receiver can decrypt and authenticate any byte range
without processing the whole file.  The encryption is SEAL-attachment,
SEAL's named write-once attachment scheme (raAE), parameterized by the
AEAD and key derivation function of the group's MLS cipher suite and
keyed from the MLS exporter.  The encrypted bytes are carried by any
means, and a recipient needs only a small reference (the object's
identifier and length, and an optional locator) to fetch, key, and
verify the object.
MLS application messages cannot carry large files, and existing
attachment encryption produces an opaque, immutable blob with no partial
access.  This extension supplies the random-access layer those uses
need.</t>
    </abstract>
    <note removeInRFC="true">
      <name>Discussion Venues</name>
      <t>Discussion of this document takes place on the
    Messaging Layer Security Working Group mailing list (mls@ietf.org),
    which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/mls/"/>.</t>
      <t>Source for this draft and an issue tracker can be found at
    <eref target="https://github.com/grittygrease/draft-sullivan-mls-large-attachments"/>.</t>
    </note>
  </front>
  <middle>
    <?line 73?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>This document defines an MLS extension for random-access authenticated
encryption of large files.  A file is encrypted with a random-access
authenticated encryption (raAE) scheme (<xref target="I-D.sullivan-cfrg-raae"/>):  it
is split into fixed-size segments, each independently decryptable and
authenticated, so a receiver can read any byte range at a cost
proportional to the range rather than to the whole file.  The scheme is
SEAL-attachment, SEAL's named write-once attachment scheme, taking the
AEAD and KDF of the group's MLS cipher suite (<xref target="parameters"/>) and its
key from the MLS exporter (<xref target="key-derivation"/>).  SEAL is the
random-access authenticated encryption construction defined in
<xref target="I-D.sullivan-cfrg-raae"/>, and raAE is its scheme class.</t>
      <t>This fills a gap in MLS.  An MLS application message protects its
content with a single AEAD operation under a forward-secret ratchet key,
so the content is all-or-nothing to decrypt and bounded by the AEAD's
per-invocation input limit.  Large files therefore cannot be sent as
messages, and the existing attachment mechanism
<xref target="I-D.robert-mimi-attachments"/> encrypts each file as a single opaque
blob that is immutable and cannot be partially decrypted.</t>
      <t>The file bytes are an opaque object distributed by any means, and the
members exchange only a small object reference (<xref target="manifest"/>) that
refers to it.  This document specifies the object's encryption and
keying.  Upload, download, storage, and the in-band reference are left
to the consuming application, for example the MIMI attachments
mechanism.  This document introduces no new cryptographic primitive.  It
keys SEAL from the MLS exporter, following the pattern SFrame
<xref target="RFC9605"/> established for real-time media.  Deriving the CEK
deterministically from (epoch, object_id) is a new keying discipline for
SEAL, not a new primitive, and it carries its own salt-uniqueness
obligation (<xref target="salt-uniqueness"/>).</t>
      <t>This extension suits groups that need large, random-access, write-once
attachments.  Its confidentiality is at the granularity of the creating
epoch's membership, under a persistent key rather than the per-message
forward secrecy of MLS application messages, and revoking access to an
existing attachment requires re-encryption
(<xref target="security-considerations"/>).</t>
    </section>
    <section anchor="conventions-and-definitions">
      <name>Conventions and Definitions</name>
      <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
      <?line -18?>

<t>This document uses the following terms.</t>
      <dl>
        <dt>Attachment object:</dt>
        <dd>
          <t>The encrypted representation of one attachment:  a SEAL-attachment
object (<xref section="SEAL Named Instantiations" relative="#named-instantiations" sectionFormat="bare" target="I-D.sullivan-cfrg-raae"/> of
<xref target="I-D.sullivan-cfrg-raae"/>) in the linear layout (<xref target="layout"/>).</t>
        </dd>
        <dt>Segment:</dt>
        <dd>
          <t>A fixed-size unit of attachment plaintext.  All segments except
possibly the last contain exactly segment_size octets.</t>
        </dd>
        <dt>object_id:</dt>
        <dd>
          <t>An octet string of at most 255 octets (<xref target="object-id"/>), unique within
an MLS epoch, that names one attachment object and feeds its key
derivation (<xref target="key-derivation"/>).</t>
        </dd>
        <dt>CEK:</dt>
        <dd>
          <t>The content-encryption key (CEK) of an attachment object, derived
from the MLS exporter and used as the input keying material of SEAL.</t>
        </dd>
        <dt>Object reference:</dt>
        <dd>
          <t>The application's in-band reference to an attachment object, carrying
at least the object_id and the object's plaintext length
(<xref target="manifest"/>).</t>
        </dd>
      </dl>
      <t>Terms from MLS (<xref target="RFC9420"/>), the MLS Safe Extension framework
(<xref target="I-D.ietf-mls-extensions"/>), and SEAL (<xref target="I-D.sullivan-cfrg-raae"/>) are
used as defined there.</t>
    </section>
    <section anchor="architecture">
      <name>Architecture</name>
      <t>An attachment is handled on three independent planes:  a key plane that
derives the content key from the MLS exporter, an opaque bytes plane
that holds the encrypted object, and a control plane that carries a
small object reference among the members.</t>
      <figure>
        <name>The three planes of an attachment</name>
        <artset>
          <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="272" width="528" viewBox="0 0 528 272" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 48,80 L 48,112" fill="none" stroke="black"/>
              <path d="M 104,176 L 104,224" fill="none" stroke="black"/>
              <path d="M 224,128 L 224,168" fill="none" stroke="black"/>
              <path d="M 352,96 L 352,168" fill="none" stroke="black"/>
              <path d="M 376,176 L 376,224" fill="none" stroke="black"/>
              <path d="M 72,128 L 120,128" fill="none" stroke="black"/>
              <path d="M 176,128 L 224,128" fill="none" stroke="black"/>
              <path d="M 104,176 L 376,176" fill="none" stroke="black"/>
              <path d="M 104,224 L 376,224" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="360,168 348,162.4 348,173.6" fill="black" transform="rotate(90,352,168)"/>
              <polygon class="arrowhead" points="232,168 220,162.4 220,173.6" fill="black" transform="rotate(90,224,168)"/>
              <polygon class="arrowhead" points="56,112 44,106.4 44,117.6" fill="black" transform="rotate(90,48,112)"/>
              <g class="text">
                <text x="16" y="36">key</text>
                <text x="56" y="36">plane</text>
                <text x="104" y="36">(this</text>
                <text x="168" y="36">document)</text>
                <text x="296" y="36">control</text>
                <text x="352" y="36">plane</text>
                <text x="396" y="36">(the</text>
                <text x="468" y="36">application)</text>
                <text x="16" y="68">MLS</text>
                <text x="68" y="68">exporter</text>
                <text x="324" y="68">object</text>
                <text x="392" y="68">reference</text>
                <text x="304" y="84">(object_id,</text>
                <text x="384" y="84">length,</text>
                <text x="452" y="84">locator,</text>
                <text x="508" y="84">...)</text>
                <text x="92" y="100">derive</text>
                <text x="148" y="100">(never</text>
                <text x="188" y="100">on</text>
                <text x="224" y="100">wire)</text>
                <text x="48" y="132">CEK</text>
                <text x="148" y="132">keys</text>
                <text x="396" y="132">refers</text>
                <text x="436" y="132">to</text>
                <text x="24" y="196">bytes</text>
                <text x="72" y="196">plane</text>
                <text x="192" y="196">encrypted</text>
                <text x="252" y="196">SEAL</text>
                <text x="300" y="196">object</text>
                <text x="164" y="212">(opaque;</text>
                <text x="216" y="212">see</text>
                <text x="260" y="212">Object</text>
                <text x="320" y="212">Layout)</text>
                <text x="140" y="244">stored</text>
                <text x="184" y="244">and</text>
                <text x="224" y="244">moved</text>
                <text x="260" y="244">by</text>
                <text x="288" y="244">any</text>
                <text x="344" y="244">transport</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art"><![CDATA[
 key plane (this document)        control plane (the application)

 MLS exporter                         object reference
      |                          (object_id, length, locator, ...)
      |  derive (never on wire)             |
      v                                     |
     CEK ------- keys ------.               |  refers to
                            |               |
                            v               v
             .---------------------------------.
 bytes plane |      encrypted SEAL object      |
             |   (opaque; see Object Layout)   |
             '---------------------------------'
               stored and moved by any transport
]]></artwork>
        </artset>
      </figure>
      <t>The CEK never appears on the wire.  Each side derives it from the
exporter (<xref target="key-derivation"/>).  The bytes plane is a SEAL object that
the application stores and transfers however it likes.  The object
reference lets a receiver locate the object.  Because segments are at
computable offsets, a receiver fetches and decrypts only the part it
needs.</t>
    </section>
    <section anchor="key-derivation">
      <name>Key Derivation</name>
      <t>This extension is a Safe Application component
(<xref target="I-D.ietf-mls-extensions"/>) and is assigned a Component ID, a
two-octet value, registered in <xref target="iana-considerations"/>.  All of its
uses of the MLS key schedule are domain-separated by that Component ID.</t>
      <section anchor="deriving-the-cek">
        <name>Deriving the CEK</name>
        <t>For each attachment object, the encryptor chooses an object_id and
derives the content-encryption key:</t>
        <artwork><![CDATA[
component_secret = SafeExportSecret(ComponentID)
CEK = ExpandWithLabel(component_secret,
                      ComponentOperationLabel(ComponentID,
                                              "attachment"),
                      object_id, 32)
]]></artwork>
        <t>where:</t>
        <dl>
          <dt>component_secret:</dt>
          <dd>
            <t>the component's exported secret.  SafeExportSecret is defined in
<xref section="Exported Secrets" relative="#exported-secrets" sectionFormat="bare" target="I-D.ietf-mls-extensions"/> of
<xref target="I-D.ietf-mls-extensions"/>, and ComponentOperationLabel in
<xref section="Component IDs" relative="#component-ids" sectionFormat="bare" target="I-D.ietf-mls-extensions"/> of
<xref target="I-D.ietf-mls-extensions"/>.  SafeExportSecret derives from the MLS
exporter, so the CEK is rooted in it.</t>
          </dd>
          <dt>object_id:</dt>
          <dd>
            <t>the per-object identifier chosen by the encryptor (<xref target="object-id"/>),
passed to ExpandWithLabel as its raw octets with no added length
prefix or other framing.  The KDFLabel structure of <xref target="RFC9420"/>
already carries object_id in a length-prefixed context field, so this
document adds none of its own.</t>
          </dd>
          <dt>CEK:</dt>
          <dd>
            <t>the 32-octet content-encryption key.  It is SEAL's input keying
material and stands in for raAE key generation
(<xref target="I-D.sullivan-cfrg-raae"/>).  Segment confidentiality is bounded by
the AEAD key length and the AEAD's own limits.</t>
          </dd>
        </dl>
        <t>The group's MLS cipher suite is fixed for the group's lifetime
(<xref target="RFC9420"/>), so an attachment uses the same AEAD and KDF throughout.</t>
      </section>
      <section anchor="object-id">
        <name>Choosing object_id</name>
        <t>An honest encryptor:</t>
        <ul spacing="normal">
          <li>
            <t><bcp14>MUST</bcp14> choose a non-empty object_id of at most 255 octets, unique
within the epoch;</t>
          </li>
          <li>
            <t><bcp14>SHOULD</bcp14> draw it from a cryptographically secure pseudorandom number
generator (CSPRNG) with no embedded semantics, for example a version
4 UUID (<xref target="RFC9562"/>), which is virtually collision-free; and</t>
          </li>
          <li>
            <t><bcp14>MUST NOT</bcp14> reuse an object_id across epochs.</t>
          </li>
        </ul>
        <t>An application that accepts linking an object to its sender <bcp14>MAY</bcp14> instead
derive the object_id deterministically, provided the derivation still
meets the requirements above.  Combining the epoch, the leaf index, and
a per-object counter, for example object_id = H(epoch, leaf_index,
counter), keeps a sender's objects distinct within an epoch and across
epochs while letting a receiver attribute each object to its sender.
Note however that such an object_id embeds semantics by design:  a party
that sees it, such as storage or transport, can attribute an object to
its sender and count that sender's objects in an epoch, a linkability
the CSPRNG option avoids (<xref target="privacy-considerations"/>).</t>
        <t>Uniqueness is an honest-encryptor assumption:  a member that controls
object_id also controls the CEK.  The per-object salt (<xref target="layout"/>)
separates objects that share an object_id by accident, and not reusing
an object_id across epochs avoids cross-epoch linkage.  These uniqueness
requirements bind the encryptor alone:  a receiver cannot detect reuse
of an object_id within an epoch or across epochs, so the unlinkability
they provide rests on encryptor discipline, not on any receiver check.</t>
      </section>
      <section anchor="confidentiality-lifetime">
        <name>Confidentiality Lifetime and Membership</name>
        <t>The component secret is derived from one MLS epoch's exporter.  A member
of that epoch can re-derive the CEK independently.  A party that joins
later, or any party after the epoch's secrets are deleted, cannot
re-derive it:  such a party either obtains the CEK by other means or is
denied access.  A holder that needs the attachment beyond its creation
epoch retains the CEK, together with the cipher suite's AEAD and KDF
identifiers (<xref target="parameters"/>), since the group state that would otherwise
supply them may no longer be available.  The confidentiality-lifetime
consequences of this persistent key are in <xref target="security-considerations"/>.</t>
      </section>
    </section>
    <section anchor="parameters">
      <name>Parameters</name>
      <t>An attachment is a SEAL-attachment(aead_id, kdf_id) object
(<xref section="SEAL Named Instantiations" relative="#named-instantiations" sectionFormat="bare" target="I-D.sullivan-cfrg-raae"/> of <xref target="I-D.sullivan-cfrg-raae"/>),
where aead_id and kdf_id are the IANA code points (<xref target="RFC5116"/>,
<xref target="RFC9180"/>) of the group's MLS cipher suite's AEAD and KDF.
SEAL-attachment is SEAL's named write-once instantiation:  it fixes the
immutable profile, a derived nonce, a segment size of 65536 octets (64
KiB), and the linear layout, leaving the cipher suite as the only
choice.  This document uses segment_size for that fixed 65536-octet
value throughout.  A receiver learns the cipher suite from the group
state, so it is not carried in the reference.  The object is keyed by
the CEK (<xref target="key-derivation"/>).  Its capacity and security level are in
<xref target="capacity"/>.</t>
      <section anchor="layout">
        <name>Object Layout</name>
        <t>The attachment object uses SEAL-attachment's linear layout in its
immutable form (<xref section="Serialization Layouts" relative="#file-layouts" sectionFormat="bare" target="I-D.sullivan-cfrg-raae"/> of <xref target="I-D.sullivan-cfrg-raae"/>).  The
figures below are informative.  The authoritative byte layout is SEAL's.
Each expands one element of the one before it.  Nh is the cipher suite's
hash output length.</t>
        <t>An object is a header followed by its segments:</t>
        <artset>
          <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="80" width="384" viewBox="0 0 384 80" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 8,32 L 8,64" fill="none" stroke="black"/>
              <path d="M 80,32 L 80,64" fill="none" stroke="black"/>
              <path d="M 152,32 L 152,64" fill="none" stroke="black"/>
              <path d="M 224,32 L 224,64" fill="none" stroke="black"/>
              <path d="M 272,32 L 272,64" fill="none" stroke="black"/>
              <path d="M 344,32 L 344,64" fill="none" stroke="black"/>
              <path d="M 8,32 L 232,32" fill="none" stroke="black"/>
              <path d="M 264,32 L 344,32" fill="none" stroke="black"/>
              <path d="M 8,64 L 232,64" fill="none" stroke="black"/>
              <path d="M 264,64 L 344,64" fill="none" stroke="black"/>
              <g class="text">
                <text x="248" y="36">-</text>
                <text x="44" y="52">header</text>
                <text x="112" y="52">seg</text>
                <text x="136" y="52">0</text>
                <text x="184" y="52">seg</text>
                <text x="208" y="52">1</text>
                <text x="304" y="52">seg</text>
                <text x="328" y="52">i</text>
                <text x="368" y="52">...</text>
                <text x="248" y="68">-</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art"><![CDATA[
+--------+--------+--------+- - -+--------+
| header |  seg 0 |  seg 1 |     |  seg i | ...
+--------+--------+--------+- - -+--------+
]]></artwork>
        </artset>
        <t>The header is the salt and the commitment:</t>
        <artset>
          <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="96" width="328" viewBox="0 0 328 96" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 80,32 L 80,64" fill="none" stroke="black"/>
              <path d="M 136,32 L 136,64" fill="none" stroke="black"/>
              <path d="M 240,32 L 240,64" fill="none" stroke="black"/>
              <path d="M 80,32 L 240,32" fill="none" stroke="black"/>
              <path d="M 80,64 L 240,64" fill="none" stroke="black"/>
              <g class="text">
                <text x="32" y="36">header:</text>
                <text x="108" y="52">salt</text>
                <text x="188" y="52">commitment</text>
                <text x="108" y="84">32</text>
                <text x="188" y="84">Nh</text>
                <text x="300" y="84">octets</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art"><![CDATA[
header:  +------+------------+
         | salt | commitment |
         +------+------------+
            32        Nh          octets
]]></artwork>
        </artset>
        <t>Under SEAL-attachment a segment is its ciphertext and a 16-octet tag,
with no stored nonce:</t>
        <artset>
          <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="96" width="416" viewBox="0 0 416 96" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 80,32 L 80,64" fill="none" stroke="black"/>
              <path d="M 264,32 L 264,64" fill="none" stroke="black"/>
              <path d="M 328,32 L 328,64" fill="none" stroke="black"/>
              <path d="M 80,32 L 328,32" fill="none" stroke="black"/>
              <path d="M 80,64 L 328,64" fill="none" stroke="black"/>
              <g class="text">
                <text x="16" y="36">seg</text>
                <text x="44" y="36">i:</text>
                <text x="132" y="52">ciphertext</text>
                <text x="296" y="52">tag</text>
                <text x="148" y="84">segment_size</text>
                <text x="292" y="84">16</text>
                <text x="388" y="84">octets</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art"><![CDATA[
seg i:   +----------------------+-------+
         | ciphertext           |  tag  |
         +----------------------+-------+
            segment_size           16        octets
]]></artwork>
        </artset>
        <t>Every non-final segment is exactly segment_size octets, so a segment
sits at a computable offset and a receiver can seek to any segment
without reading earlier ones.  Only the final segment may be shorter:</t>
        <artwork><![CDATA[
offset(i) = (32 + Nh) + i * (segment_size + 16)
]]></artwork>
        <t>To open the segments it fetches, a receiver uses SEAL's read interface
(<xref target="encrypt-read"/>).  The epoch-key ladder and AEAD are inside SEAL.</t>
      </section>
      <section anchor="encrypt-read">
        <name>Encrypting and Reading</name>
        <t>To encrypt, the encryptor derives the CEK, generates a fresh salt per
the freshness requirement of <xref target="salt-uniqueness"/>, and runs SEAL
encryption with the parameters of <xref target="parameters"/>, writing the salt,
commitment, and segments in the layout of <xref target="layout"/>.</t>
        <t>On StartEnc and StartDec, the encryptor and the receiver supply the
object's object_id as G, SEAL's global associated data input
(<xref section="Per-Message Inputs" relative="#message-inputs" sectionFormat="bare" target="I-D.sullivan-cfrg-raae"/> of
<xref target="I-D.sullivan-cfrg-raae"/>).  SEAL's commitment binds G, so a wrong or
missing object_id fails the commitment check the same way a wrong CEK
does (<xref section="Commitment" relative="#framework-commitment" sectionFormat="bare" target="I-D.sullivan-cfrg-raae"/> of
<xref target="I-D.sullivan-cfrg-raae"/>).  The object_id thus serves twice:  as the
input that derives the CEK (<xref target="key-derivation"/>) and as the committed G.
Both EncSeg and DecSeg pass an empty per-segment associated data A_i.
The nonce and the segment index and finality binding are as raAE
specifies for derived-nonce mode and segment AAD (<xref section="Derived Nonce Mode" relative="#derived-nonces" sectionFormat="bare" target="I-D.sullivan-cfrg-raae"/>, <xref section="Segment AAD" relative="#concrete-segment-aad" sectionFormat="bare" target="I-D.sullivan-cfrg-raae"/> of <xref target="I-D.sullivan-cfrg-raae"/>)
and are not restated here.</t>
        <t>A receiver opens an object in two phases:  it initializes once, then
reads ranges, and it needs the header only for the first phase.</t>
        <t>To initialize, the receiver derives the CEK, fetches the header (the
salt and commitment), and calls StartDec to obtain the decryption state.
StartDec checks the commitment, rejecting a wrong key before any segment
is read.  The receiver retains the state and does not need the header
again.</t>
        <t>To read octet range [a, b) from the decryption state:</t>
        <ol spacing="normal" type="1"><li>
            <t>From segment_size, compute the indices i..j of the segments
covering [a, b).</t>
          </li>
          <li>
            <t>Fetch segments i..j only, not the whole object.</t>
          </li>
          <li>
            <t>For each k in i..j, call DecSeg(state, k, segment k), which returns
the plaintext or an error.</t>
          </li>
        </ol>
        <t>SEAL runs the key schedule and AEAD inside these calls.  This document
does not restate them.</t>
        <t>Opening a segment authenticates its contents, its index, and whether it
is the final segment.  Whole-object integrity follows from opening every
segment:  the receiver computes the segment count n from the length
carried in the reference (<xref target="manifest"/>) and opens segments 0 through n-1
through SEAL, passing index n-1 as the final segment and the rest as
non-final.  A truncated, extended, reordered, or substituted object
leaves a segment missing or makes an open fail, so SEAL's per-segment
errors carry the whole-object check (<xref target="security-considerations"/>).  This
check inherits the trustworthiness of the length it starts from, so it
provides whole-object completeness only when the reference is
authenticated to the group as <xref target="manifest"/> describes.</t>
        <t>A valid attachment object has at least one segment.  A receiver <bcp14>MUST</bcp14>
reject the object when:</t>
        <ul spacing="normal">
          <li>
            <t>StartDec rejects the header (a wrong key or parameter set);</t>
          </li>
          <li>
            <t>DecSeg rejects a segment it opens (the contents, index, or finality
fail to authenticate);</t>
          </li>
          <li>
            <t>a segment it needs is absent (the object is shorter than the
reference's length implies);</t>
          </li>
          <li>
            <t>a requested byte range lies beyond the length carried in the
reference (<xref target="manifest"/>); or</t>
          </li>
          <li>
            <t>the object_id is empty.</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="manifest">
      <name>Referencing an Object</name>
      <t>A consuming application refers to an attachment object with a small
reference.  This document does not define the reference's structure or
its transport.  Those are the application's, for example the MIMI
attachments mechanism (<xref target="I-D.robert-mimi-attachments"/>).  This section
states only what the reference <bcp14>MUST</bcp14> convey for this extension's
guarantees to hold.</t>
      <t>The reference <bcp14>MUST</bcp14> carry the object_id, because a receiver derives the
CEK from it (<xref target="key-derivation"/>) and cannot otherwise key the object.
The reference <bcp14>MUST</bcp14> also carry the object's plaintext length, from which
the receiver computes the segment count used by the whole-object check
and the range validation of <xref target="encrypt-read"/>.</t>
      <t>For whole-object completeness and rollback resistance, the reference,
including its length, and the ordering of successive references <bcp14>SHOULD</bcp14>
be authenticated to the group.  When the reference is carried in an MLS
message, binding it into the message's authenticated data with the Safe
AAD mechanism (<xref target="I-D.ietf-mls-extensions"/>) authenticates the reference
a receiver acts on to the group and the epoch.  MLS does not, however,
give a total order across different senders' application messages within
an epoch, so delivery order alone does not establish which object is
current.  An application that needs a current-object notion <bcp14>MUST</bcp14> scope
the ordering to a single sender or carry an explicit application-level
sequence number in the authenticated reference.  An application that
does not bind the reference forfeits whole-object completeness and
rollback resistance.  If the length is not authenticated, the loss is
more than an unverified whole-object check:  an adversary that lowers
the length in the reference can present a truncated plaintext in which
every segment the receiver opens authenticates, so the truncation is
undetectable.</t>
      <t>Any locator or other fields the reference carries are the
application's.</t>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <section anchor="forward-secrecy-and-membership">
        <name>Confidentiality Lifetime and Membership</name>
        <t>The CEK is derived from one MLS epoch's exporter and, unlike an MLS
message key, is not deleted after use:  it is a persistent key for the
life of the attachment.  The MLS exporter itself is forward-secure
across epochs, so once that epoch's secrets are deleted the CEK cannot
be re-derived from MLS.  Holders that retain the CEK keep access and
others do not.  Attachment confidentiality is therefore at the
granularity of the creating epoch's membership and lasts as long as any
holder retains the CEK, not at the per-message granularity of MLS
application messages.  This is a deliberate consequence of making the
object persistent and random-access:  a re-readable, seekable object
needs a persistent key, which does not provide the per-message forward
secrecy that MLS application messages have.</t>
        <t>Removing a member does not by itself revoke access to attachments
created while they were present, since they may have retained the CEK.
An application that must revoke access to an existing attachment <bcp14>MUST</bcp14>
distribute a new object encrypted under a CEK derived in a later epoch.
This costs the size of the attachment, because the removed member knows
the old CEK.</t>
        <t>Because the AEAD and KDF are inherited from the MLS cipher suite, an
attachment inherits the cipher suite's AEAD and KDF strength.  The CEK
is exported from the MLS key schedule, so an attachment's long-term
confidentiality rests on the group's key agreement, not on the AEAD key
size alone.  A quantum adversary that records a group's handshake can,
once a quantum computer is available, recover the exported secrets of
past epochs, and thus the CEK, regardless of the AEAD key size.
Deployments that need long-lived confidentiality for attachments <bcp14>SHOULD</bcp14>
therefore run a post-quantum MLS cipher suite.  A larger symmetric key
does not address this threat.</t>
      </section>
      <section anchor="capacity">
        <name>Capacity and Limits</name>
        <t>An attachment inherits SEAL-attachment's capacity and security bounds
(<xref target="I-D.sullivan-cfrg-raae"/>).  For the three AEADs that MLS cipher
suites use:</t>
        <table>
          <name>Per-suite security level for an attachment (confidentiality is an upper bound)</name>
          <thead>
            <tr>
              <th align="left">MLS AEAD</th>
              <th align="left">Confidentiality</th>
              <th align="left">Integrity</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">AES-128-GCM</td>
              <td align="left">128-bit</td>
              <td align="left">128-bit</td>
            </tr>
            <tr>
              <td align="left">AES-256-GCM</td>
              <td align="left">256-bit</td>
              <td align="left">128-bit</td>
            </tr>
            <tr>
              <td align="left">ChaCha20-Poly1305</td>
              <td align="left">256-bit</td>
              <td align="left">128-bit</td>
            </tr>
          </tbody>
        </table>
        <t>The confidentiality column follows the AEAD key length, but it is an
upper bound.  As <xref target="forward-secrecy-and-membership"/> notes, an
attachment's confidentiality also rests on the group's key agreement, so
a suite's figure holds only when that agreement is at least as strong,
notably against a quantum adversary.  Integrity is the 16-octet AEAD tag
floor, about 128 bits, for every suite.  An object's maximum
size and per-key write budgets follow SEAL-attachment's analysis
(<xref target="I-D.sullivan-cfrg-raae"/>).  An application <bcp14>MUST</bcp14> stop writing an
object before a per-key budget is exceeded.  The CEK is fixed per object
and cannot be rotated in place, so continued storage requires a new
object under a fresh CEK.</t>
      </section>
      <section anchor="salt-uniqueness">
        <name>Salt Uniqueness</name>
        <t>Unlike base SEAL, which keys each object with a fresh random CEK, this
extension derives the CEK deterministically from (epoch, object_id)
(<xref target="key-derivation"/>).  SEAL-attachment uses a derived nonce, so the
per-object salt is the only value that separates two encryptions under
the same CEK.  Reusing an (object_id, salt) pair within an epoch reuses
the derived nonces, which for an AEAD that is not misuse-resistant (a
non-MRAE AEAD) such as AES-GCM or ChaCha20-Poly1305 is a two-time pad
and breaks confidentiality.  The encryptor therefore <bcp14>MUST</bcp14> generate a
fresh, uniformly random 32-octet salt from a CSPRNG for each object, and
<bcp14>MUST NOT</bcp14> re-encrypt an object under a previously used (object_id, salt)
pair, including after a crash or retry.</t>
      </section>
      <section anchor="constant-time-comparison-and-derivation">
        <name>Constant-Time Comparison and Derivation</name>
        <t>The commitment comparison <bcp14>MUST</bcp14> be constant-time.  The CEK and epoch-key
derivations inherit SEAL's constant-time KDF requirement
(<xref target="I-D.sullivan-cfrg-raae"/>).  A variable-time commitment comparison
would leak the expected value one octet at a time to an adversary who
can retry tampered inputs.</t>
      </section>
      <section anchor="writer-attribution">
        <name>Writer Attribution</name>
        <t>All epoch members can derive the CEK, so per-segment authentication
binds an attachment to the group, not to a writer:  any member can
produce a segment that others accept, and this extension does not
attribute writes.  An application that requires writer attribution, or
whole-object authentication against a member, <bcp14>MUST</bcp14> sign the reference or
the object with a per-member key.  Binding the reference into an MLS
message's authenticated data (<xref target="manifest"/>) attributes it to the sending
member.</t>
      </section>
      <section anchor="operational-considerations">
        <name>Operational Considerations</name>
        <t>Superseded objects are not deleted automatically:  the profile is
write-once and revocation re-encrypts to a new object
(<xref target="forward-secrecy-and-membership"/>), so the application owns garbage
collection and any link from a replacement to its predecessor.
Revocation cost scales with the total volume of attachments the removed
member could read, not with one object.  Recovering from corruption
means fetching the object again, since there is no in-place repair.</t>
      </section>
    </section>
    <section anchor="test-vectors">
      <name>Test Vectors</name>
      <t>An attachment object is a SEAL-attachment object and uses a derived
nonce, so it stores no per-segment nonce (<xref target="parameters"/>).  SEAL's
published example vectors use a random nonce and a different layout, so
they do not apply byte for byte.  Its derived-nonce example vector is
the closest format reference but is computed for AES-256-GCM-SIV.  Test
vectors specific to SEAL-attachment under each MLS cipher suite are TBD,
and this document defines none of its own.</t>
    </section>
    <section anchor="privacy-considerations">
      <name>Privacy Considerations</name>
      <t>An untrusted storage or transport observer does not learn the plaintext,
but it does learn metadata about the object.  It learns the exact
plaintext length, which is recoverable from the object byte count
regardless of the reference.  It learns which byte ranges each reader
fetches, an access-pattern channel.  It can link fetches by object_id or
locator, including across epochs if an object_id were to repeat
(<xref target="key-derivation"/> forbids that repetition).  This unlinkability across
objects and epochs rests on honest-encryptor discipline in choosing
object_id (<xref target="object-id"/>).  It is not a property a receiver or observer
can verify, since neither can detect a repeated or predictable object_id
on its own.</t>
      <t>These metadata exposures are by design and out of scope for the
encryption layer.  Length-hiding by padding and access-pattern hiding by
full-object fetch or oblivious access are left to the application and
the transport.  Transport-level sender metadata, such as the connection
and timing of a fetch, is likewise out of scope for this document.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document requests one registration in the "MLS Component Types"
registry established by <xref target="I-D.ietf-mls-extensions"/>.</t>
      <t>The component identifies this attachment encryption extension and is
used to domain-separate its uses of the MLS key schedule
(<xref target="key-derivation"/>).</t>
      <ul spacing="normal">
        <li>
          <t>Value: (assigned by IANA)</t>
        </li>
        <li>
          <t>Name: attachment_encryption</t>
        </li>
        <li>
          <t>Where: ES (an exported secret is used) and, when the reference is
bound in an MLS message, AD (additional authenticated data)</t>
        </li>
        <li>
          <t>Recommended: Y</t>
        </li>
        <li>
          <t>Reference: This document</t>
        </li>
      </ul>
      <t>This document defines no new registries.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC2119" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC5116">
          <front>
            <title>An Interface and Algorithms for Authenticated Encryption</title>
            <author fullname="D. McGrew" initials="D." surname="McGrew"/>
            <date month="January" year="2008"/>
            <abstract>
              <t>This document defines algorithms for Authenticated Encryption with Associated Data (AEAD), and defines a uniform interface and a registry for such algorithms. The interface and registry can be used as an application-independent set of cryptoalgorithm suites. This approach provides advantages in efficiency and security, and promotes the reuse of crypto implementations. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5116"/>
          <seriesInfo name="DOI" value="10.17487/RFC5116"/>
        </reference>
        <reference anchor="RFC8174" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
        <reference anchor="RFC9180" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9180.xml">
          <front>
            <title>Hybrid Public Key Encryption</title>
            <author fullname="R. Barnes" initials="R." surname="Barnes"/>
            <author fullname="K. Bhargavan" initials="K." surname="Bhargavan"/>
            <author fullname="B. Lipp" initials="B." surname="Lipp"/>
            <author fullname="C. Wood" initials="C." surname="Wood"/>
            <date month="February" year="2022"/>
            <abstract>
              <t>This document describes a scheme for hybrid public key encryption (HPKE). This scheme provides a variant of public key encryption of arbitrary-sized plaintexts for a recipient public key. It also includes three authenticated variants, including one that authenticates possession of a pre-shared key and two optional ones that authenticate possession of a key encapsulation mechanism (KEM) private key. HPKE works for any combination of an asymmetric KEM, key derivation function (KDF), and authenticated encryption with additional data (AEAD) encryption function. Some authenticated variants may not be supported by all KEMs. We provide instantiations of the scheme using widely used and efficient primitives, such as Elliptic Curve Diffie-Hellman (ECDH) key agreement, HMAC-based key derivation function (HKDF), and SHA2.</t>
              <t>This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9180"/>
          <seriesInfo name="DOI" value="10.17487/RFC9180"/>
        </reference>
        <reference anchor="RFC9420">
          <front>
            <title>The Messaging Layer Security (MLS) Protocol</title>
            <author fullname="R. Barnes" initials="R." surname="Barnes"/>
            <author fullname="B. Beurdouche" initials="B." surname="Beurdouche"/>
            <author fullname="R. Robert" initials="R." surname="Robert"/>
            <author fullname="J. Millican" initials="J." surname="Millican"/>
            <author fullname="E. Omara" initials="E." surname="Omara"/>
            <author fullname="K. Cohn-Gordon" initials="K." surname="Cohn-Gordon"/>
            <date month="July" year="2023"/>
            <abstract>
              <t>Messaging applications are increasingly making use of end-to-end security mechanisms to ensure that messages are only accessible to the communicating endpoints, and not to any servers involved in delivering messages. Establishing keys to provide such protections is challenging for group chat settings, in which more than two clients need to agree on a key but may not be online at the same time. In this document, we specify a key establishment protocol that provides efficient asynchronous group key establishment with forward secrecy (FS) and post-compromise security (PCS) for groups in size ranging from two to thousands.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9420"/>
          <seriesInfo name="DOI" value="10.17487/RFC9420"/>
        </reference>
        <reference anchor="I-D.ietf-mls-extensions">
          <front>
            <title>The Messaging Layer Security (MLS) Extensions</title>
            <author fullname="Raphael Robert" initials="R." surname="Robert">
              <organization>Phoenix R&amp;D</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   The Messaging Layer Security (MLS) protocol is an asynchronous group
   authenticated key exchange protocol.  MLS provides a number of
   capabilities to applications, as well as several extension points
   internal to the protocol.  This document provides a consolidated
   application API, guidance for how the protocol's extension points
   should be used, and a few concrete examples of both core protocol
   extensions and uses of the application API.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-mls-extensions-09"/>
        </reference>
        <reference anchor="I-D.sullivan-cfrg-raae">
          <front>
            <title>Random-Access Authenticated Encryption</title>
            <author fullname="Nick Sullivan" initials="N." surname="Sullivan">
              <organization>Cryptography Consulting LLC</organization>
            </author>
            <date day="25" month="March" year="2026"/>
            <abstract>
              <t>   This document defines Random-Access Authenticated Encryption (raAE),
   a mechanism for encrypting segmented content that supports decryption
   of individual segments without processing others, selective re-
   encryption of individual segments in place, and content-level
   integrity via an accumulator binding all segment authentication tags.
   raAE is parameterized over an Authenticated Encryption with
   Associated Data (AEAD) algorithm, a key derivation function (KDF),
   segment size, epoch length, and nonce generation mode.

   raAE does not define wire formats, IANA registries, or key
   management; applications instantiate it with a chosen parameter set
   and protocol identifier.  This document also defines "raAE-v1", a
   concrete profile with test vectors, supporting five AEAD algorithms:
   AES-256-GCM, ChaCha20-Poly1305, AES-256-GCM-SIV, AEGIS-256, and
   AEGIS-256X2, each with HKDF-SHA-256 and 65536-octet segments.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-sullivan-cfrg-raae-00"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC9562">
          <front>
            <title>Universally Unique IDentifiers (UUIDs)</title>
            <author fullname="K. Davis" initials="K." surname="Davis"/>
            <author fullname="B. Peabody" initials="B." surname="Peabody"/>
            <author fullname="P. Leach" initials="P." surname="Leach"/>
            <date month="May" year="2024"/>
            <abstract>
              <t>This specification defines UUIDs (Universally Unique IDentifiers) --
also known as GUIDs (Globally Unique IDentifiers) -- and a Uniform
Resource Name namespace for UUIDs. A UUID is 128 bits long and is
intended to guarantee uniqueness across space and time. UUIDs were
originally used in the Apollo Network Computing System (NCS), later
in the Open Software Foundation's (OSF's) Distributed Computing
Environment (DCE), and then in Microsoft Windows platforms.</t>
              <t>This specification is derived from the OSF DCE specification with the
kind permission of the OSF (now known as "The Open Group"). Information from earlier versions of the OSF DCE specification have
been incorporated into this document. This document obsoletes RFC
4122.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9562"/>
          <seriesInfo name="DOI" value="10.17487/RFC9562"/>
        </reference>
        <reference anchor="RFC9605">
          <front>
            <title>Secure Frame (SFrame): Lightweight Authenticated Encryption for Real-Time Media</title>
            <author fullname="E. Omara" initials="E." surname="Omara"/>
            <author fullname="J. Uberti" initials="J." surname="Uberti"/>
            <author fullname="S. G. Murillo" initials="S. G." surname="Murillo"/>
            <author fullname="R. Barnes" initials="R." role="editor" surname="Barnes"/>
            <author fullname="Y. Fablet" initials="Y." surname="Fablet"/>
            <date month="August" year="2024"/>
            <abstract>
              <t>This document describes the Secure Frame (SFrame) end-to-end encryption and authentication mechanism for media frames in a multiparty conference call, in which central media servers (Selective Forwarding Units or SFUs) can access the media metadata needed to make forwarding decisions without having access to the actual media.</t>
              <t>This mechanism differs from the Secure Real-Time Protocol (SRTP) in that it is independent of RTP (thus compatible with non-RTP media transport) and can be applied to whole media frames in order to be more bandwidth efficient.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9605"/>
          <seriesInfo name="DOI" value="10.17487/RFC9605"/>
        </reference>
        <reference anchor="I-D.robert-mimi-attachments">
          <front>
            <title>MIMI Attachments</title>
            <author fullname="Raphael Robert" initials="R." surname="Robert">
              <organization>Phoenix R&amp;D</organization>
            </author>
            <author fullname="Konrad Kohbrok" initials="K." surname="Kohbrok">
              <organization>Phoenix R&amp;D</organization>
            </author>
            <date day="29" month="June" year="2026"/>
            <abstract>
              <t>   This document describes MIMI Attachments.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-robert-mimi-attachments-06"/>
        </reference>
        <reference anchor="FLOE" target="https://eprint.iacr.org/2025/2275">
          <front>
            <title>Random-Access AEAD for Fast Lightweight Online Encryption</title>
            <author initials="A." surname="Fabrega">
              <organization/>
            </author>
            <author initials="J." surname="Len">
              <organization/>
            </author>
            <author initials="T." surname="Ristenpart">
              <organization/>
            </author>
            <author initials="G." surname="Rubin">
              <organization/>
            </author>
            <date year="2025"/>
          </front>
          <seriesInfo name="IACR" value="ePrint 2025/2275"/>
        </reference>
      </references>
    </references>
    <?line 604?>

<section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>This extension builds on the SEAL construction
<xref target="I-D.sullivan-cfrg-raae"/>, the MLS Safe Extension framework
<xref target="I-D.ietf-mls-extensions"/>, and the attachments transport
<xref target="I-D.robert-mimi-attachments"/>.  The random-access goals follow
<xref target="FLOE"/>.</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAJUxTGoAA6Vde3PbyJH/fz7FnFx1lrIkY2nXzkZ53Gktede3fp3kTSqV
utoCwSGJCAQYDCiZsTef5T7LfbLrX3fPYACS8ibxXSUUCcyjp/vX78l4PDZt
0Zbu3B5dVXmzXbduZi/aNsuXK1e13s7rxr5+dXNksum0cXf0HP2VPnFkZnVe
ZSsaYtZk83bsN2VZ3GXVeFX6cdY9OH7yxORZ6xZ1sz23vp2ZYt2c27bZ+Pbs
yZNfPzkzWeMymuHG5ZumaLdH5r5ubhdNvVljXud9tiiqhX2VbV1ju6du3ZYe
nJ0ba8dYLP93MjP/3WTVrF6NszyncayTzRZ1xT/mdTUvZvRskZU0pC2LuWuL
lTO+pdd+zMq6ov1tnTd+lTXtj3/d1K3z57aqzbqQeds65//2ddM2bi6T+u2K
P5ts0y7rRp4sKnrzzcTeKKHoS2uFgm+K/Lb/fd0ssqr4W4alntvnWHS9aLL1
cmuf1xXRumWKvHrOT7tVVpS0rCJf1mXmJ+EsvihcO//PBX6d5PWqW8b1xF7X
U9e0ySKuafTMlekP/VW8W9auKj7Y63+/tN+upt+lU/NEjYzQ8AA8oanqZkWv
3znQ4PrF87PT01/rx6enp8/049env/pKP/769Osn4eNXZ/zx5fhygvGZs9yH
1lWe1uPDT5Hx8nmzGDdZRnOZopoPZv7102dn4eOzJ0/D27LY8apYFSnX4ucX
r95enfMm26xZuPbcLtt27c9/+Uu3boqqnRRZ3kyIRr88e3L29JdnZ796Kk+r
ZF0L610I611cXVyyWL3IfGtfFYtle+/wn/ZtVRaVs1eRN494mI538E8P7mJC
75NELrL+9/81sa9c1f/uPR1y4Ylc60zPM/70Lf20mRbywoyk89xiD/ynd03h
PAgY5j56efH8+oh25N5h3zZu98iY8ZhkburbJstbY94vC28JGDYgop25OW3M
D2QQ+4LIARRmiUTaem5LENrck3y7cV3lzs6L0ikaHcABe0yif2IZLvzE2gt+
xxbeuIhsvrbtMmttZhuXO+KJxuZZRevjBywtr7cq+mJrp1v6QCvHego6iU1r
102NHWAN9LC9J2GTFdK07+mLZC9Ehpuri1cJS40MvnjsWdpmNtlj94z1+dKt
nD1usourk5Glg6OHWzqQv9Er0y2mNcxIWDLhH22hId7nKeebKg90xPKYIjQf
gDsv1kvatN8UvLsZsJNGnDf1ip/FM+7DmjDMNf3N8LwEepZAmojWEG/wSohE
ZuWyyo+EfKBssS6wicq5mbd1VdJTloCzLOnHuWscNnuM6erpX1zePvZGwHde
0NowSumqRbvUEWkjTMustGVNx1I3J4S2lhA6p0doA/ycocMs5kwZHXZisJts
vS5xmCDIilmH9kCHXtUtb2MrvCYMJjO6DyQtdLgmOZDkSOn0Z5sclMDKsr9u
3MgWq9WmzabEBtOynlowCikHnBtUihGOZ4ISQ0ToonPA6mgorLovHSUzN/Gb
d3bjSfOAmhORs1Uxm5XOmEf2ZdXyaliTHZA6WqYca5gVUvSAKJo9oijkSaUq
4QvebdYf0hyUbuHpyOEfP+7H7p9+Ojm3tmgNTeWJSC0BFk69+OBmY09yQPi0
YIgeWUenRD/P3NpVYKRyG0SajwTc0VvOCEAwwAAyPWYDebeMFHntW0NnDqEQ
LmzrcF4L/Ge75IOiMfSHHTzQvRIUDbHA/mwsGJHyuVXE6UT/+8sXnxVzInHE
D09k5RcLMouAG3slH6/Qj+MOVOg12gsWi6PHEn4mlpNlRTpBGFQ5kiavzOFj
FxkEk2AqWmcgX04WjZ8olxN1S5rWLrI1DYfVgzmF0/eIPIS2JUzgAQ0tqgVl
lXEB5HRgTNR67Rp5c0OsRGgEabnPGuI54ijX4rxpOS3jjvFy4GE8WheB3Lhu
xoQuSz6suqdcpjVGDQjOMxL40ZTjorqrdclFtSYdU5Ih0tKeXnXih3cIQGsG
YAawKaSAJs68Cdgm5MPoAcZSXlq5nBi18Cs9gANWz08/hTP0Ilws9JnviCXA
ZxjtWKXirCIIYgndEhUFO6lkIINg8LCdWomAqghuZ7SDpphu2qhrbKJrwIYr
t6IdAFOxMaJUT93oMInW+fhxRfufO99CErByw796HBUTvA+ifk3qbB4gOuir
lMNVixJZ6OUf1mWdEb7M6vtKPnnSV3Qu3bEU1XjKHB4Xha2Xbt6aNrKT36z4
5DpOHjFsuw/Zak00Y4l9+fplz82Jh7uzi0LVBG2DtFLl7m3eeRJFTtIBbiMs
pDdfttiOmC374QFLKcv6Ptg/a1qEayp78wIoQ5ylpjW4yIMhCr+EkQG147Jy
DM+KznFWZDTdJTAmjPT86nszA07R7sG8OXMNL+LYrWvoezmCH4vZCYsbb0bI
D24h4GMbmuZirB1Z8KA8FTc5UgRUM0ZAhg7M+qxsx5uqIA6soMNqWvpChJIY
Z/ArIFHBKFXoGEtsUJELqG3RoaO+hhwlcJ9YGp6PwO+4pNhsq0CfVRsaEd8q
9hMyZWyxMJGIP1UslsV6FIGMYMazG8Dg1VdcOEVCIQURo5hnGfNynuaQLaVw
7e5q1k6qD4iTyYHdh0CN++umaOAMuHHihYO+asiPwf+0dcFhpfMjuLt3IAd9
xVNeQpkU/LeACTaFOIC3R69/uHl/NJL/tm/e8ufrq//+4eX11SU+33x38epV
/GD0iZvv3v7w6rL71L35/O3r11dvLuVl+tb2vjJHry/+dCSEOHr77v3Lt28u
Xh1BLbU9KYScE2GmwADi8TWpE+INwu6Z8znBHGtG+83zd//3v6df2Y8f/039
ZJIj+QPuMf1xT6pWZmOwkz/pCLeGDshlDUYB+uXZumizEkdESnQJDocCIWr+
4s+gzP+c299O8/XpV7/XL7Dh3peBZr0vmWa73+y8LETc89WeaSI1e98PKN1f
78Wfen8Huidf/vY/GAvGp1//x+/N0DqGTc18n2AZ4Q4MjC66pWhzbs4HrlBD
nr+D6s2CmVxXqdFGpms2dPzIiVZ9RMzOBh9pfQSYSMSFrY8Zc9/gJ0Qlej+e
/PaQwUSz09MP2NHCiaRjiBrEHeRZwImlRcgnEbAbsaax1YvUyibAa7G/RITX
ZQYG/gBteUF8FgxxKGG3xj7XNXnH01KsnBJxDphI9BYUWA77XN/5keeo89a1
oHwEd15GJT9Y2AB0PLwIuyJz3J49faovYRvy1riY0U4Ad0Botu04rhHcH1Ef
gslEYT84sXA2EKs5O65AcsIUGiJxrvdaxsaQ4gpMosZgAm6MTMf0yAnvodqd
dSRT8LHvt8ixLGJZwIVaETASVfGtMoQGyDOh4cFCtKC3A8snrC6BcFITu7YI
A/e+BbKvDBVjcQqlw6F2JhEdWTRwopEU+UT9eXq1b39Bf0LmZM/Y77EYD1+d
PeGzDGS4yebOXnUOLOwMxIaNuo97ooL8PpbEMvWQmwlcNoG2wUVpFSkf2Ysm
XxbwHTb0mLnoEYcAhdQn+eKAYnqncS71Q0GBCnFiAgPwAP8pRqect++5Dwf9
sVFiGYu1zCMZZmZyNmcyTgdP4dAkIoPxm7pMpo+WT2YOGMrZqlabTE0JosXf
//53m2X+jnig281xT8edWP3Xn5ODPQnrnRjTZ+9D/4br0kDkp4Mv2OPIkKMY
RtKw0chOJpOTbgg5A3tcOQQB6ADvyTA56Y32SZ++Ozzh7tMk6XYs/yyb0vJ5
Mnza2uh6mAeH3T/NgX/Dpd71n56MP/dvYlImC7N3zMUCpQezbz144Vi49TeE
884qFr1ibXOy+8Ljzy7p8XDH8KqcQM6qvuu8w5ZsYw+eArOaj+cSg//dEaBP
xFNEcgeIj34SIxJnJ/wgtpQXwXbMG3SCV/CGYZ3aIMGkHoPQms8FUDBDSlv2
YFJ6MjYMhEU2K0Yv7495hsw5XmaBUMGt8zq6jGM6QS6hJJNYF8uCS8Ok1n7j
8owAsFPk7Iy3Jq9Xa/Xo6/ncO8TakqE4AqsLU89ew73iFTYt4nccBWYk/Z5A
47JTpR8fDUi0400JeYD9Fwk5sCrS3WRQPYj+4uTRCGSKLADpGbkQ+qZ9eUk7
Me19PRYT4y4rEcZt3AIeUiOW+MePRVZlO+6IWj3EQYglsR2pbhggDciIgNVs
U4pnTx4fqcGxdwjCtSH4Qxicrgb0ebTrC5sX8PnBcns0cgL59FS+rGuvQelU
Je/TNAPb5Jyh/e8mEvZHjXX9jol/xUx9w18dx0W/vDyB1UPP0O80zx/J3nqV
TV15PBxmdACu4lBvQ8xN3k+mOPTqoX9HiUCfHHo5URBfnp3I1s099D0RYrh4
2E1COf0ewR+RcnWPIUBDMoHvkmAnrPPwksYRyXC9CsPIO2rh72Xm1MTf+4Co
+gMUDUuIeyBTmeZP+e9fmnwfAQLXpfYMjdJZNBo6BQsRsZq6bkXoinboB4Tg
hEJkkirKkR2pQjS1k4WhTwCPhGAAZl09ZFcYfbD0m+w+uBQhe5PNEKuNtit5
fOQXWRq/5sgJrFCJ+gF4v798IeNJuJuMRaBCYs7CcC6RZdhG66sTVHjsOtNY
5qGZWVrJeqa9ljOlWIHCgi6iMJsholc5RSNEsTpvBET58kwRbr/oc7ApJCnZ
IejcCpooOhbgLq6FwCOaQLq4YrBbuEqZTez7g3Y22EQUzL7gVhcap2FCcJwn
ELJE90KC5hyv4xi511jywfwHZws+aAAyzZTEKo+B1+GHPlCMFXjyO2wv+UJG
Rb1ZICssEP4cMMzeajzbj486ZmQHYkkH5tuOXwl2xpbjLwLiiFfW1dit1ojw
xXH2+r/B3yWiiccrogBn9zc0qgZcZuDuYKhk/eAvh1g59kZi5t1mVkuY0lYb
GP40sJ4wBOv5zbvrN9+eRBGBb8BS4t0KsYrc9+PUmb1D1JF54yv7ww8vL4OL
9/TZGRP7npawxBndFU274cXkNXEPXhrPyWL7DWsxJRAiQo2DrdLXc3lTo6oH
2+YITtUzoCTnnyM4gVOvJFJZRaOrljST40Dp64s/oTaiJUlV3Tnwc3cC1CNk
l+6KmbiNabSAnihLs3JAFU4ZSvBTjaxpzQF3wuEpjaZqP8YpYLplc3YnP0iG
O0thMCd50Vh8R+5ukb+z34WIOYb5UYYx+tYJ8uZuzfkc3vXjAEaecy5FlbeB
n4hOPJA4k0xoCTN7nF3JFqYEeTvLkGRH0jZivOyj88S8IciPZiwfkd/wNMk2
mL98x13A+pmDQcdONWzMrbjB5GgAyEc6iA+JF+B19ApGnOrtVpfygEl4gPNX
IJWua0ijhCywiMFS2bQAlLHxLlKiZQs2u6tZ3378uAZj5PsD3D/ExAIbrQEl
xp1WIw22Wa2lBIsmFb9c3Xnxtr1JRKIkGAvfB1WruiphIyQ1eqFAEwzVbrdC
g2XI0MUp4HPlOeO42B/ItUA6uXbioHwGgvB3Y+EtpuBC8+Xe2SQJ05MZEpTZ
QNlrcd4gn4+lQFBzWZEz4vB1SxpyN0ZKVxktlE01ON5tEHca2bPHk6ymy0FJ
6okThNtkaUuX36qqGCjBV6qOmJSvYwKH9MdAXY6D4lKfNdp1apCK9cnxREF8
GAgxBtoZsA3XcwgfGXZh6JyFGlIRMU7wjw21tMSCX2YBlBf/UhNqmjJjUAI1
advyczZvXdOB22Nvgw3M/pErHddkyKmZbtoCYXQRZx3JFWx51VPEkiNXgxHF
JOPkMCYvkFSpUKIUS28uOFIWJEZqk9jT7vT81G1rqY3QjBrpLaEHrTadkfC5
XjiekjUhewiJzfHY96yEpLzJ75RjjJBSz11nmcDQajVOd19vypls7r4gLuaC
ITZ3V2ScbaGCif0XNO+UdnKXFSW8dRXzQ2yD+gfvIF958F2JYwbpQRwN+8AH
03Ls07+LWyE+Tfa1J1K6kxA5zkjHsh92O5tzRlejFz8nP/IPZEceyo2MxPOz
uhSpp+PVSLqOyPjy4s0F0ZLkfU0sLikHLVslx0vT3adfw3b8XC3OgC8mw3qg
xBLfqQjq0YJLo9islWqcrvSCsAlVFVBLAQMqvD9iXS/mtyRd5vbZ06dfPouJ
lGdfme+Lb066SoVevojtiBic6NcRanFEVW4NWbBF7nYKENiC7uV8xBjPWrXN
eSniqhgOxqSWNYS3C2DRmlQSe6uIniYT37AQMYgXTNZQ71eImynWmAbJerEz
PCxVkVPV5oQwB+J5nKjP1lkO/GYfKRSjlmTVlCpExCLhIZGaR/2QKEmOql/B
892kFJNvwCvswKQJPXaefcIKqHzGysEPY3kIMsQenRZzG1nBPy8/QjozLxYb
xCjJAa7vddux8FrJK3XMRcvfSZldWHng+onh+KpjF10ydKQdhBJzZTJ6VWqg
uFrnzVIL0gZyZpaZJ6W+abmWij1I8Qu6Q87skoQejjxngCUyJ0bgQmu/k5TH
FyEWve+Dpf/r/jSfwsifUEW9sE/Ch1ONpuufBX2YTCb/0NgcrQI5dYoieKZl
GwWXDAJyjCWdm2xB3iDo+GIwiYycBPB5tE/JOGnI/jNv078vz8InOp4u7sY4
Ixv4gc3sIfp1CKWVf3KmHASRVNapYoRts8XIBC9UswGMc70dM5HPuzUP/32x
u/xP6aQ2+RpT2j10+BljWtvHvu7f6bN91LkinNtyDGBeoOA0ocoD+XOtatVf
jAcBtYJ1EMbvKrW7+lfyn24l+xsHj/XuiFoB+QlsyoJTZZxveBtC/f1Vwi5B
YeKSbcwQXJaZj4sTck2PiUG+IN44of8s7C/scW83XxBVQlj2fY2KTIHrmJ2A
5pPUQy8dEUHysZdqXq6ymWc5B3jURB/jly4Zw9bdmKNMiPaJ5ycqmjGMMz2a
UifYDq0ZHD6Y2Wuly8dHvdF52frNMEyfRuPZkNTgCiL3pMIcgRYLH1ljrHz4
K/YKEz9IMHmnHk1LsTaVkCGt445WameiySCpKSoVaUHFY3gEDAIEjFTBhUPQ
mhJBcB4r+JAoP6jsTUsmOxFMkvD449LlQ3IExIqH2Bm4JtYRJH6kt9/GmulF
WU8RmvS+zgvOrMyyNpMQJk5cK9TG/AUpvnfk9b7WcuCX/N3DNTWfCWXKIhKI
hG/K62MxvG+QQK8bsyr8ICA4JzPdD4BaHMMuyHifbeMgXBVZOzY8Y+nDOHkX
oXz9/K9sqbOBsMp2uYEqbJhb78mog4+t1iZHidl6G/DzXkNJ4CbdMQ7r24n5
hhwbyNSNW2hJH39ErJ4dcw6AIlgRoGV41hc/FhNWhpUUzSs3RbxE0EsqeoBQ
sMtwSCy+DdutiGKbrsZ3HiV0NpYhV7D7E8a3Fxccwuw95c3xpdrab/it1/TW
4ZMYcS6mggvswtbGWTYzxzfdJP+0RWaY2o3TaAzbwbNQ+JfY0cDVJF3IAn1f
2zUZTlyywh0XBfuOf+NqKfgQRN3KAOS8tD/4WEvbOdRqmHAiOITc50XjWxl7
wvDYDT3qA8AOQIYsczI0yklMtHg6QVDfBUFZHyEHSk0CBhqdjaDIpCEfLDzI
IjgUTCSFQR+JcIpAQl+oEZqqy0L0jkpS3FEaOxDXnhPmtROnhAuEu82ZbEFP
C5FYi4m9I80mf85GdnrSuTrDzZCyPZ3YF/g5VakjNQGclo7NCjj+xWTyl2BW
B1iHzZLXaKWibcpsE3NGQ+IQEvDnVyuEvrGFNja9hM6rL+mVkLq+Zc+E3hjx
yaiUH6uDdjuKonUb0wFEsg05eVgNK61YSMYqw7qmqRvULCIcwPqu1frfLvMe
9Ljq8JbDiswZQ+fUxKNQaeHwCpQYSYgce8SfpM1FLVRJq5EcFKwUQ7AeVbkc
H5IOph0riRbxR1AsZjVpmAV7juKNaOa01iUgRr41+u657YuMHq7vYZ+Er6uO
VzSPecgHHrZGcHkxQ0Q89SfBJ7fV+NSEz1JmD8zGQgVy6fcA+H3bsNP3nrtW
oo3LPn5LZ6kNWpxfnuFT4+pmhpIMjir6zdS3RbvpqtwM4hLOJ6cUNW5Dtuht
aNQjKxKKl9WzKu9EtRjmKa8tgZGhY7aFtfPDRerCVkYeLSo6/ELTPtzjTkob
EWeYcip0mtgsUOFKECRHriELozFmP1hHjTxPK3mCWP09OMli2H2nfSUSXaRz
SU/ahuJzzpuhEAZ21k4EYpn5ru4TTnjHx4lOQY7OCF4mSTNeIyc5I9TKM31Q
T9GVji5apjRVe4JkppoH4d3EW2yVVY+TIheIpIgjDRb0P+priQnY0UlIxMP3
xhN1hijBlDusknZVfKvOjQ3dE8Z29EdgRk92xd2dOjoMeCK5NtIqonP3p8ad
E57oS2k6+kBOfwMTczzIUMJPhO3EEdprfVNznhp5+vgoDoJj39ty1JUn7q0J
ju1zqCA1/WBarw81wKtUxPSZFcmArmCi4SRcTNfxUJwQ11Bsr3p5f0dU2krT
tbuFwoSD/W5BfBHB48AYa4IoY9p6052CpOvRkhKMnLRy7bE3iw3xLzGiY/oh
9aB1CsMxIuAkdUlTLcjL9tpFXHfFuF60hw1uTYLF3AHLVTfPZN9iJGk4WNGe
Su6RTM/K2vxcXcQl1tND4GqiamC5YByKzRVD930ilXGHoZEdYVKk04ywmJRN
gdh5Hm1N3fSIPJm83LBDAMZL2855/1A82nrgN5xIQugyvu+1vsJMnT2MuKzq
94B0KuTSpBCaOEfRTQltz3hXf3w87LZlTyg6+KjEMnBSdnj/UJlkz6bpLdKk
Kf1cUp19XRKysQij0D6R7wjiPgq5/ZFZgGoZvdqiR6HhOIvkWmfFnOcKOXb/
eH/DvnZzdEl3j8basuBAmY6IPHAHNrHzUE3KiN2GFHijmmtPmYgAf2b1qcBd
NCQeYSnxOWkb02OQtu5aY7WGADWZLElY9AfMQoeZTDfmFIEJiTgttwl2Wf+I
U3Dds+jOgo358Y7RCJ3mDtz9oLSYPdKCBEffUpFJBr30/EDNdQtmVTNSZ8zR
m4rvZACL78r7OXfmZDPUB2WN5pARhm+8Saccyg1ildp7BZYKFmMCUfSKABMb
zRGEejClzm/K+jHhr2NKAbJBVRrKCDivigzCNrQTJJWAKNDzOwvVFgvRXaan
u1gzx5tLnvdsSdLNh6zMf7BuoNe6nm/H9MC46wxNKt5/bsEAphhxRcStG2CW
XMRRBE1fSm8jZ/4J+DWe4HfbUDVCYJCcDoZxp5nVl+71ihAvu3LOZX3d/tCc
s1u/UUtiPZQ17K88iLErLUCYuq70YRZbk2gl33H9gNbDiFcf30U5VWh+hTgx
Y8AIAj0gtZ31tKf4sY2N/WJomAd6fO1uj6/cmZKhGIXMdBQEcK9+tTVa8rBT
vsBiLDKR9P0OW4txvPvgONhKfJ6A4SmHsG1SV4DXV92FFSr5ydnLJQ9JP7SW
8LCGh7CNOCUhWQtx9AI09zkoxAwiBobqnOHmlFtMaGrmYzx4RcySnEqS0mu3
qu8kCKAFVx3WbgMrcvezS3ufk658PjeGwELMVLInUXGgIJaUf2w5dYKJ9cA6
3pzsLWlckVu5Z/Jq79UP7Jt1FypoU7weTNfdE7rFwdRBBqQ6GZU9qumlUQM3
o6ihpwUFfeHt7FhBRunUUTLeVvW9ID2xqGzRfJM83quylWQMe9TD24rStC8s
t/TSnp4T/kAdBlwQSREL3CDgXiR1/r0J0zDTbq3wY5G/MUpEzVDSY71YtKAe
eym2WTTOCcm0aCySAB2oTF62b9jd/uuGHIvNaqg8iam5+z2LQ6M30S+zW9aa
IyMx8vi6muqcQo6lQyMe5i7Ua/U7HRC5MGtEAALGigG4SZAFV5I1szIJc8RC
bmxjYi7duqy34p8lNySAaCVz25Bq0BCpU6c2d4eZpK+BCsSN47C3IWcw3fgW
hgaX8q0cSUHOtI3inM1mDUvQkgEZUqt1emmBxysuOUdNXqjo2Kl0Cky3W6+x
v1SEK9+9+Uzp/AuNpEsXG2jqOwSTrRreqmd9a8wn/oWJn2Sxh8bDJ1whpZHH
T+bT+W4+e/e79Bt6h+a4GZ+efT3+9vnrOA/+nhZtMnP3TXjn7Omz3jv4+6F3
ni8z+v+zJ+N3dbk9/fLJ08++0zUAIvkndUKDEp25hJSTAzzed/UGWbPrNcrs
cFgnR7Hysv9kXpebVRVDuD3uD87ldNMGW6gyyaBgUYTmPmO0/QRmlbyL6TPX
YC3sy/8cxPE1+XkBFqWQR5uK0wAjKgnCO3oZiQQDudQagbuRoZVl6PrnFAZ+
2oUq+BSR4TQwHos6mFZttjDzska7bjZFbpkOlPyaNsR7xKgPQl11QYpV9qFY
bVaKliRhUP58KQjUBtF9tnB8oykOZ490ZlVWbsmw+JwkDjSxuIRtvY7ZczoZ
VashSRSXIouQQo6ccM/NOpXTNaqsucaVbZ7+TUpNLdk8Usjk7+SifxDvLKoN
UFpL3uMdK6zjw2LihVZcZSAal+DtBnm0pPqcvI9BYQHKddjin2beabxfbC7u
bk5L/DUkKFNoH4nUyyI03nV2DtPGP/vSH/PA1WTjYcvOTgmkeHhmWP9edAWM
NhQfctl/qIRHYrSrpvBCSjZeOFkvlfXXUvkOrEib0DHDiV1nRbNTc86V6WIE
9RbqA30VnEQu9JYtsMKq8PTmOLjqhFkZp1JeX19c8dMnsQ0CQAuQpZF28ZMN
eHTBsv+4zmbMb1PSfbc7gNK/DlK0kSpgFoFQyGIzw8fPnUmoASy3gRNiMxpT
XZuRtFliHtKFyd0FJun5CY0QScY6XmxEJnBRbzxNxDHGHeobUB/pgBDsE78U
jVBcJcgOUrONZflM0/F70ARNkuQPebnoK2lfjqX3sYCje5KXPRV/iIcCeRNB
50smQ+WR6VjZB+Ohqy5JBmBLNakC+ixOES83BYw6eX3vWo1UmBOU3waLj0hH
RBQ54NZCPjKuJONxNB0Qjc/7ZW2kX6CFKZqt1tpAjRIboekfgcANnGB2Pph8
6KEWMQh3uMlVrGnHAUtsrwCki9hgECm56avvNECp6Wmpx8ESOOq0DT4ITWj0
Ns8k+8OCpv67NI0FO7fXnB4MR9O1E/Ec/kBgMYKyrCR2IfHdbnVjeiGy/j4T
hSorH6nWKRbD8FgtsNSHY/GCxe3ins9vNLw8CElXcrRJVGd/sHmYKg4E4NI8
pT+ioOgDknm16jm0JWflIOZlzM0Gbj00Yuw7CkUsMZq0aWtUFLOC0CS4lrsj
UpfenqlXksU8VkAPcZATzxdC9DmL6ySGBtNDre9JXsnXmeLCNLQsSuJIip0Q
JSyq24BxjWN1HfgT3gGB1szBZUclw3W3VjjV5F9mpUa9xejnyPkdrEvXv4wp
RB3ZtzaBr1mmEUgRAeBxWJTDjQ/XLlZ58BLJc2w2chOb9NBw1U1gkcCU4MIk
XtE40Ue4Roj3h30S0nJw8z0y/H+g12puDWnRy3Ynf+64TGlN9lCRJ9cy9XW6
6XQ6Z9D5joyqDxdSwzXsuInVe2a9CZcThjSiLtFq9k07YSNTZUnGIvRFkP3M
wRuJ9TGP6C2y0Gn4oJ0C/cqy/oxgYI5SlLjFobVSPJ8I51Tq5NVpl2bmxIka
37z8AzQMvWvCHrSujSugduwj1p2scHfvhaaDff/N5chE1Nu5U3i35/yRfSfd
jbvR7ANtj8wFm4qLIxLjNe3XpNPnCsQk6sbtH/2qoJFRn4ofkgfosDPGKvEh
krwnd7wnTSRcUW12M5yxMVkDItJSESJBwcDfctiTdmF2Ax9p1qabU8btSgDU
gG6k+qsrbK40pDcO12sinVe5UgaDrhSE0fK4aa9VvDHxzqPE6ul1YRbDhkgn
1xOSDLus3Wdng+emxSwGwNeu5fsXY+681yoZeoUjmgejx3de6U6Pa3KFZ1FJ
OzyUSLfKwdUO8f4CueYT1zQ7bjlMUj1N5CI2U+Se8ABjlbYUiu3B/aKZkgCa
qGGcLvI2iUPTMkxdJaz/nmvLIschaOa5GwaCFBuWpaJKaqU5gxhTH0mdNt/6
jVt/5SqIZcEHN0Un5WwWys4HfBEfMvMNbh8WzmS+kM2TdQjzOKYn9LrZoKlT
pQajW3JgSQlG+CwZy5DfDPvtOq61+KbSCgpGj2IVru4LF7YXni8s4pKEPeRI
0IZRhbvvdiBl38U8wxsetd5G2ojkZp8m3LDMa+X/KZPuFpT327XzR0af3Pbu
rqUTeOgClGEfbuz31HDi/ovkO1tSriqSS+hwZXT/yiBmtYfuGdrvFKPg6g+w
4s/JPQyXINFGQNET+u0N/699dEv7MbmOdYyShYZ+vrqhl6thIBiHiMWeSEJw
fw2albhWV95gY3kDaqjB0GoL7pqYWB9slNWKqwDP7Z/4i3CZ4aCA88DF93rV
sR5owRVu4/HYIs3NN/vlSEKUbqa1rx/PJQfvZr87mmeld0e7V1JNN4VExqTY
AgWo6RXnD95rHo7u4G2Gn73gp59fSSqlPnedd6hJ7l3avqhpkxoPowHwP3MC
Xv5/6+hklhVoAAA=

-->

</rfc>
