<?xml version="1.0" encoding="UTF-8"?>
  <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
  <!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.34 (Ruby 4.0.2) -->


<!DOCTYPE rfc  [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">

]>


<rfc ipr="trust200902" docName="draft-wendt-stir-vesper-oob-03" category="std" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true">
  <front>
    <title abbrev="VESPER OOB">VESPER Out-of-Band OOB</title>

    <author fullname="Chris Wendt">
      <organization>Somos Inc.</organization>
      <address>
        <postal>
          <country>US</country>
        </postal>
        <email>chris@appliedbits.com</email>
      </address>
    </author>
    <author fullname="Rob &#x015A;liwa">
      <organization>Somos Inc.</organization>
      <address>
        <postal>
          <country>US</country>
        </postal>
        <email>robjsliwa@gmail.com</email>
      </address>
    </author>

    <date year="2026" month="July" day="06"/>

    <area>Applications and Real-Time</area>
    <workgroup>Secure Telephone Identity Revisited</workgroup>
    <keyword>stir</keyword> <keyword>certificates</keyword> <keyword>delegate certificates</keyword> <keyword>oob</keyword>

    <abstract>


<?line 56?>

<t>This document describes a mechanism for delivering authenticated telephone call identity information using the VESPER framework for use where in-band signaling does not carry the identity end to end, or where there is no in-band path between the parties at all. By supporting an out-of-band (OOB) transport model, this approach enables entities to publish and retrieve signed PASSporT assertions independent of end-to-end delivery within an in-band signaling path such as a SIP-based VoIP network. These PASSporTs are signed with VESPER delegate certificates, which identify the entity holding the right-to-use for a telephone number and bind it to that entity's domain identity. This document also introduces support for Connected Identity to the STIR OOB model, enabling the called party to respond with a signed PASSporT asserting its identity, thereby binding the identities of both parties to the transaction and enhancing end-to-end accountability. The OOB mechanism provides a delivery path for PASSporTs where in-band delivery within a signaling path such as SIP is unavailable or is not the path used, enabling verifiers to confirm the association between the originating telephone number and the identity asserting authority as part of the broader VESPER trust framework.</t>



    </abstract>

    <note title="About This Document" removeInRFC="true">
      <t>
        The latest revision of this draft can be found at <eref target="https://github.com/appliedbits/draft-wendt-stir-vesper-oob"/>.
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-wendt-stir-vesper-oob/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        Secure Telephone Identity Revisited Working Group mailing list (<eref target="mailto:stir@ietf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/stir/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/stir/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/appliedbits/draft-wendt-stir-vesper-oob"/>.</t>
    </note>


  </front>

  <middle>


<?line 60?>

<section anchor="introduction"><name>Introduction</name>

<t>The STIR framework enables the signing and verification of telephone communications using PASSporT <xref target="RFC8225"/> objects carried in SIP <xref target="RFC3261"/> in Identity Header Fields defined in <xref target="RFC8224"/>. However, there are scenarios where SIP-based in-band transmission is not feasible or the Identity Header Field may not be supported, such as legacy TDM interconnects or where intermediary network elements strip SIP Identity headers. STIR Out-of-Band (OOB) <xref target="RFC8816"/> addresses this generally for STIR by defining an OOB delivery model. <xref target="RFC9888"/> applies that model to interconnected service providers, using provider-operated placement services discovered through service-provider advertisements, whereas this document applies the model to entities identified by VESPER delegate certificates, with placement services discovered through certificate transparency.</t>

<t>The VESPER framework <xref target="I-D.wendt-stir-vesper"/> composes existing STIR mechanisms into a trust framework in which an entity is identified by a domain identifier bound to its telephone number right-to-use, carried in a telephone-number-scoped delegate certificate. This document relies on that framework for the definition, issuance, and verification of VESPER delegate certificates and does not restate them here; it defines how PASSporTs signed with those certificates are delivered out of band.</t>

<t>This document describes how the VESPER framework is applied to an out-of-band delivery mechanism corresponding to the model described in <xref target="RFC8816"/>. It enables authorized delegate certificate holders to deliver PASSporTs over an out-of-band path for retrieval and validation by a STIR Verification Service, maintaining continuity of trust across heterogeneous networks.</t>

<t>The VESPER OOB delivery model is based on a publish-and-retrieve interface using an open discovery model for PASSporT Placement Services (PPS). This document describes the publish-and-retrieve mechanism and its required properties, building on the concepts in <xref target="RFC8816"/>, rather than prescribing a specific interface. It utilizes the following:</t>

<t><list style="symbols">
  <t>A mechanism for announcing the associated OOB PASSporT Placement Services (PPSs) using the PPS URI attribute of the TN Attributes extension defined in <xref target="I-D.wendt-stir-cert-tn-attr-ext"/>.</t>
  <t>A discovery mechanism for OOB endpoints using STI certificate transparency log monitoring, where PPS URIs carried in delegate certificates become publicly discoverable when those certificates are logged.</t>
</list></t>

<t>It also optionally supports Connected Identity <xref target="RFC9970"/>, enabling both parties to authenticate their telephone numbers and establish end-to-end identity assurance, as also adopted by VESPER <xref target="I-D.wendt-stir-vesper"/>.</t>

</section>
<section anchor="conventions-and-definitions"><name>Conventions and Definitions</name>

<t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>

<?line -18?>

<t>VESPER: Verifiable STI Presentation and Evidence for RTU <xref target="I-D.wendt-stir-vesper"/>.</t>

<t>PASSporT: Personal Assertion Token as defined in <xref target="RFC8225"/>.</t>

<t>Delegate Certificate: A certificate issued to an entity asserting right-to-use for a telephone number, based on an authority token, as defined in <xref target="RFC9060"/> and profiled in <xref target="I-D.wendt-stir-vesper"/>.</t>

<t>Authority Token: A signed assertion that authorizes the issuance of a delegate certificate and represents the authorization of a subject's right-to-use a telephone number and any associated claims, defined in <xref target="RFC9447"/>.</t>

<t>PASSporT Placement Service (PPS): The service that stores signed PASSporTs published by an originating party and serves them to an authorized retrieving party, and that supports the optional Connected Identity response exchange. Earlier STIR out-of-band work, notably <xref target="RFC8816"/>, refers to this role as a Call Placement Service (CPS). This document uses PASSporT Placement Service for two reasons. First, the CPS acronym collides with Certification Practice Statement (CPS) as used in <xref target="RFC8226"/> and certificate policy practice generally, which is a recurring source of ambiguity in a document that deals with both certificates and this service. Second, the service places and serves PASSporTs and is not limited to telephone calls; the same mechanism is intended to apply to applications beyond telephone calls, for which a PASSporT-centric name is more accurate.</t>

<t>PPS URI: A URI <xref target="RFC3986"/> identifying a PASSporT Placement Service (PPS), carried in the pps-uris attribute (type 1) of the TN Attributes extension <xref target="I-D.wendt-stir-cert-tn-attr-ext"/>. The PPS URI identifies the PASSporT Placement Service (PPS) for the telephone numbers covered by the certificate.</t>

<t>PPS Discovery: The process of identifying the PPS endpoint responsible for a given telephone number by monitoring STI-CT logs for delegate certificates carrying a PPS URI attribute as defined in <xref target="I-D.wendt-stir-cert-tn-attr-ext"/>.</t>

</section>
<section anchor="vesper-oob-architectural-overview"><name>VESPER OOB Architectural Overview</name>

<t>The VESPER OOB architecture enables the out-of-band signing, publishing, discovery, and verification of PASSporTs using a trust framework based on delegate certificates and transparency mechanisms. The out-of-band path is a general mechanism for delivering PASSporTs from an originating party to a destination party, independent of any particular signaling protocol. It may operate alongside an in-band signaling path, such as a SIP call in which the PASSporT would otherwise travel in an Identity header field, or it may be the sole channel between the two parties, as in messaging, non-SIP signaling, or other applications where there is no in-band path to carry the PASSporT. Figure 1 illustrates the flow of identity data between the authentication service, the out-of-band PASSporT Placement Service (PPS), and the verification service, with the in-band signaling path shown as an optional parallel path.</t>

<figure><artwork><![CDATA[
        +--------------------+  Originate communication over an
        |   Authentication   |  in-band signaling path, if any
        |     Service        |  (e.g. SIP INVITE with RFC8224
        | (Originating Party)|   Identity Header Field)
        +---------+----------+-------------------+
                  |                              |
                  | 1. Publish PASSporT with     |
                  |    Delegate Certificate      |
                  v                          .~~~~~~~~~~.
        +---------+----------+           .-''             '-.
        |        PPS         |        ,.'    In-band         '.
        |                    |       /    signaling path     |
        +---------+----------+      |    (e.g. SIP), if any  /
                  ^                  '.___..~~~~~~..______.'
                  |                              |
                  | 2. Retrieve PASSporT         |
                  |                              |
        +---------+----------+                   |
        |    Verification    |                   |
        |      Service       |<------------------+
        | (Destination Party)|  Receive communication over the
        +--------------------+  in-band signaling path, if any
]]></artwork></figure>
<t>Figure 1 - Architecture showing out-of-band PASSporT delivery alongside an optional in-band signaling path</t>

</section>
<section anchor="vesper-oob-mechanism"><name>VESPER OOB Mechanism</name>

<t>This section describes how PASSporTs are delivered out of band through a PASSporT Placement Service (PPS), and how Connected Identity allows the called party to return a signed response. Following the approach of <xref target="RFC8816"/>, this document describes the mechanism and the properties an implementation must preserve, rather than prescribing a specific API. A PPS interface that provides these operations and preserves these properties is conformant; implementers may adopt an existing publish-and-retrieve interface or define their own.</t>

<section anchor="operations"><name>Operations</name>

<t>The mechanism is built from three operations against a PPS:</t>

<t><list style="symbols">
  <t>Publish: the originating party places one or more signed PASSporTs for a given originating and destination pair into the PPS, so they can be retrieved by the destination party. A publish operation <bcp14>MAY</bcp14> also request a Connected Identity exchange, in which case the PPS returns a transaction handle that identifies the exchange.</t>
  <t>Retrieve: the destination party obtains the PASSporTs published for a given originating and destination pair, and, where a Connected Identity exchange was requested, learns the transaction handle.</t>
  <t>Respond: where Connected Identity is in use, the destination party places a signed response PASSporT against the transaction handle, which the originating party then retrieves.</t>
</list></t>

<t>Each operation is authorized by the requesting party signing its request with its VESPER delegate certificate, so that the PPS and the counterparty can confirm the requester is authorized for the telephone number involved. The integrity of the published PASSporTs is bound to that authorization so that stored content cannot be substituted. The mechanism used to convey and authorize these operations is not defined here; an implementation may use any mechanism that authenticates the requesting party and protects the integrity of the request.</t>

</section>
<section anchor="required-properties"><name>Required Properties</name>

<t>An implementation of the VESPER OOB mechanism preserves the following properties, however the PPS interface is realized. Some of these properties are guaranteed cryptographically by the signed request and the signed PASSporT, while others are enforced by the PPS as a relied-upon party; the Security Considerations section discusses this distinction and its consequences.</t>

<t><list style="symbols">
  <t>Authorization: publish, retrieve, and respond requests are authorized by the requesting party using its VESPER delegate certificate. The PPS and the counterparty can verify that the requester is authorized for the originating or destination identifier it is acting for, consistent with the certificate's TNAuthList.</t>
  <t>Scoping: retrieval is scoped to a specific originating and destination pair, so that a party can obtain only the PASSporTs intended for an exchange it is part of.</t>
  <t>Integrity: the authorization of a publish or respond request is bound to the PASSporT content it carries, so that the stored PASSporTs cannot be altered or substituted without detection.</t>
  <t>Replay resistance: requests are protected against replay, for example through a unique request identifier and a freshness window, and are scoped to a single transaction rather than reused.</t>
  <t>Confidentiality of the exchange: in a Connected Identity exchange, the transaction handle and the response are disclosed only to the parties of the original transaction. In particular, the response is made available only to the party that performed the original publish.</t>
  <t>Transport security: all PPS interactions occur over a server-authenticated secure transport.</t>
</list></t>

</section>
<section anchor="mechanism-flow"><name>Mechanism Flow</name>

<t>The following sequence illustrates the mechanism. Steps 1 and 2 are the basic publish-and-retrieve flow for delivering a PASSporT from the originating party (A) to the destination party (B). Steps 3 and 4 are the optional Connected Identity exchange, in which B returns a signed response PASSporT for A to retrieve.</t>

<figure><artwork><![CDATA[
   A (Originating)              PPS               B (Destination)
        |                         |                       |
        | 1. Publish PASSporT(s)  |                       |
        |    for (orig=A,dest=B), |                       |
        |    authorized by A's    |                       |
        |    delegate certificate |                       |
        | ----------------------> |                       |
        |   (handle, if Connected |                       |
        |     Identity requested) |                       |
        | <---------------------- |                       |
        |                         |  2. Retrieve PASSporT(s)
        |                         |     for (orig=A,dest=B),
        |                         |     authorized by B's
        |                         |     delegate certificate
        |                         | <-------------------- |
        |                         |  PASSporT(s) (+ handle
        |                         |  if Connected Identity)
        |                         | --------------------> |
        |                         |                       |
        |                         |  3. Respond with rsp  |
        |                         |     PASSporT against  |
        |                         |     handle, authorized
        |                         |     by B's delegate cert
        |                         | <-------------------- |
        | 4. Retrieve rsp         |                       |
        |    PASSporT for handle, |                       |
        |    authorized by A's    |                       |
        |    delegate certificate |                       |
        | ----------------------> |                       |
        | <---------------------- |                       |
        |    rsp PASSporT         |                       |
        |                         |                       |
]]></artwork></figure>
<t>Figure 2 - VESPER OOB publish/retrieve (steps 1-2) and optional Connected Identity exchange (steps 3-4)</t>

<t>In the basic flow, A publishes the PASSporTs it would otherwise have carried in the SIP Identity header field, and B retrieves and verifies them as part of terminating the call. In the Connected Identity flow, the transaction handle returned at publish ties B's response to the original transaction. B can respond only after retrieving the original PASSporTs, so that it has had the opportunity to verify A before asserting its own identity, and only A, as the original publisher, can retrieve B's response. The verification of the retrieved PASSporTs, in both directions, is described in the verification procedures below.</t>

</section>
</section>
<section anchor="authentication-service-procedures-for-vesper-oob"><name>Authentication Service Procedures for VESPER OOB</name>

<t>Authentication Services that sign PASSporTs for out-of-band delivery follow the core VESPER specification <xref target="I-D.wendt-stir-vesper"/>, together with the additional procedures in this section that are specific to the out-of-band case.</t>

<t>The role of the Authentication Service is to author the PASSporT: to construct and sign it using the VESPER delegate certificate and the VESPER PASSporT usage profile, asserting the originating identity. This authored PASSporT is the same artifact regardless of how it is delivered. In the in-band case it travels with the communication, for example in a SIP Identity header field; in the out-of-band case it is the PASSporT placed in the PASSporT Placement Service (PPS) for the destination party to retrieve. Out-of-band delivery may be the sole path between the two parties, as in messaging or other applications where there is no in-band path that can carry the PASSporT, or it may run alongside an in-band copy of the same PASSporT. In all of these cases the authoring of the PASSporT is unchanged; what is specific to out-of-band operation is that the authored PASSporT is published to a PPS rather than, or in addition to, being carried in band. The subsections below state the certificate properties this relies on and the delivery step that is specific to out-of-band operation.</t>

<section anchor="delegate-certificate-requirements"><name>Delegate Certificate Requirements</name>

<t>Certificates used to sign PASSporTs in VESPER OOB are VESPER delegate certificates as defined and profiled in <xref target="I-D.wendt-stir-vesper"/>; this document adds no requirements on the certificate beyond those of VESPER other than the one specific to out-of-band discovery below.</t>

<t>For out-of-band operation, the signing certificate <bcp14>MUST</bcp14> carry one or more PPS URIs in the pps-uris attribute of the TN Attributes extension <xref target="I-D.wendt-stir-cert-tn-attr-ext"/>, enabling discovery of the associated OOB PASSporT Placement Service (PPS) as described in the PPS URI and OOB PPS Discovery section.</t>

</section>
<section anchor="passport-construction-requirements"><name>PASSporT Construction Requirements</name>

<t>PASSporTs delivered over VESPER OOB are constructed and signed as defined in the VESPER PASSporT usage profile <xref target="I-D.wendt-stir-vesper"/>. VESPER OOB adds no requirements on the content of the PASSporT itself; the <spanx style="verb">orig</spanx>, <spanx style="verb">dest</spanx>, and <spanx style="verb">iat</spanx> claims and the <spanx style="verb">x5c</spanx> and <spanx style="verb">x5u</spanx> headers are populated as that profile specifies.</t>

<t>The one requirement specific to OOB is delivery: rather than, or in addition to, carrying the PASSporT in a SIP Identity header field, the Authentication Service publishes the signed PASSporT to the PPS identified by the PPS URI in the signing certificate, using the publish operation of the VESPER OOB mechanism.</t>

</section>
</section>
<section anchor="pps-uri-and-oob-pps-discovery"><name>PPS URI and OOB PPS Discovery</name>

<t>PPS URIs are associated with VESPER delegate certificates through the pps-uris attribute (type 1) of the TN Attributes extension defined in <xref target="I-D.wendt-stir-cert-tn-attr-ext"/>. This attribute carries one or more HTTPS URIs identifying the PPS endpoints responsible for publishing and serving PASSporTs for the telephone numbers covered by the certificate's TNAuthList.</t>

<t>When a VESPER delegate certificate carrying a PPS URI attribute is submitted to a Secure Telephone Identity Certificate Transparency (STI-CT) log <xref target="I-D.ietf-stir-certificate-transparency"/>, the PPS URI becomes publicly visible and verifiable. Parties that wish to discover the PPS for a given telephone number do so by monitoring STI-CT logs for delegate certificates that carry a PPS URI attribute, extracting the telephone numbers and PPS URI from each certificate, and associating the covered telephone numbers with the indicated PPS endpoint. This approach provides a transparent, cryptographically verifiable discovery mechanism that does not require bilateral provisioning or static configuration between service providers.</t>

<t>The discovery process follows these steps:</t>

<t><list style="numbers" type="1">
  <t>A VESPER delegate certificate carrying a TNAuthList and a PPS URI attribute is issued and submitted to a STI-CT log, generating an SCT.</t>
  <t>A monitoring party observes the log, verifies the certificate chain to a trusted STI root, validates the SCT, and extracts the telephone-number-to-PPS mappings.</t>
  <t>Authentication Services and Verification Services consult these mappings to identify the appropriate PPS endpoint for a given call.</t>
  <t>PASSporTs are published or retrieved using the discovered PPS URI as part of the OOB authentication process.</t>
</list></t>

<t>Implementations <bcp14>MAY</bcp14> maintain local caches of telephone-number-to-PPS mappings, respecting certificate validity periods when using extracted data. PPS operators <bcp14>SHOULD</bcp14> publish delegate certificates in multiple STI-CT logs to ensure broad visibility. The PPS URI <bcp14>MUST</bcp14> resolve to a reachable and operational PPS that supports the VESPER OOB mechanism defined in this document.</t>

<t>The mechanism permits a certificate to carry more than one PPS URI, so that an operator can advertise multiple PPS instances, including regional or edge instances. Where multiple instances are advertised, an implementation can select among them or fail over between them using local policy such as lowest latency or geographic proximity. The degree of redundancy that is appropriate is a matter of deployment experience and local policy, and is not specified here.</t>

</section>
<section anchor="verification-service-procedures-for-vesper-oob"><name>Verification Service Procedures for VESPER OOB</name>

<t>Verification Services that retrieve and validate PASSporTs via the VESPER OOB model <bcp14>MUST</bcp14> implement the following procedures in addition to those defined fundamentally in <xref target="RFC8224"/> and specific to VESPER defined in <xref target="I-D.wendt-stir-vesper"/>.</t>

<section anchor="retrieval-and-validation-process"><name>Retrieval and Validation Process</name>

<t><list style="symbols">
  <t>PPS URI Resolution: Determine the PPS URI for the given telephone number by consulting telephone-number-to-PPS mappings derived from monitoring STI-CT logs for delegate certificates carrying a PPS URI attribute, as described in the PPS URI and OOB PPS Discovery section of this document.</t>
  <t>PASSporT Retrieval: Perform the retrieve operation of the VESPER OOB mechanism against the resolved PPS, scoped to the originating and destination pair and authorized by the verifier's VESPER delegate certificate, as described in the VESPER OOB Mechanism section.</t>
  <t>Multiple PASSporT Handling: If the retrieved response contains multiple PASSporTs, the verifier <bcp14>MUST</bcp14> validate each PASSporT independently. All PASSporTs <bcp14>MUST</bcp14> share the same <spanx style="verb">orig</spanx>, <spanx style="verb">dest</spanx>, and <spanx style="verb">iat</spanx> values and <bcp14>MUST</bcp14> be signed by the same delegate certificate. If any PASSporT fails validation, the verifier <bcp14>SHOULD</bcp14> reject the entire set and <bcp14>SHOULD</bcp14> log the failure for diagnostic purposes. The verifier <bcp14>MAY</bcp14> apply local policy to determine which PASSporT types are actionable.</t>
</list></t>

</section>
<section anchor="passport-validation"><name>PASSporT Validation</name>

<t>Once retrieved, the verifier validates the PASSporT and its signing certificate exactly as specified by the VESPER framework <xref target="I-D.wendt-stir-vesper"/>, which applies the procedures of <xref target="RFC8224"/> and the VESPER certificate and binding checks. VESPER OOB places no additional requirements on this validation and does not modify it; the only difference from the in-band case is that the PASSporT was obtained by retrieval from the PPS rather than from a SIP Identity header field. The verifier applies the full VESPER verification to each retrieved PASSporT before relying on it, so that end-to-end trust in the originating identity is established even across heterogeneous network paths or in the absence of SIP Identity header delivery.</t>

</section>
<section anchor="connected-identity-validation"><name>Connected Identity Validation</name>

<t>When a Connected Identity response PASSporT (<spanx style="verb">rsp</spanx>) is retrieved by the Verification Service (VS), it <bcp14>MUST</bcp14> be validated in accordance with <xref target="RFC9970"/> and the VESPER framework <xref target="I-D.wendt-stir-vesper"/>. The <spanx style="verb">rsp</spanx> PASSporT and its signing certificate are validated using the full VESPER verification, as for any VESPER PASSporT; the requirements below are those specific to the Connected Identity response in the out-of-band context.</t>

<t>The <spanx style="verb">rsp</spanx> PASSporT <bcp14>MUST</bcp14> be signed using a VESPER delegate certificate valid for the <spanx style="verb">dest</spanx> telephone number of the original call. The distinction from originating-direction verification is that the responder is asserting control over the <spanx style="verb">dest</spanx> number, so the signing certificate's TNAuthList <bcp14>MUST</bcp14> authorize that number.</t>

<t>The VS <bcp14>MUST</bcp14> confirm that the <spanx style="verb">orig</spanx> and <spanx style="verb">dest</spanx> claims in the <spanx style="verb">rsp</spanx> PASSporT match those of the original transaction, and that the <spanx style="verb">iat</spanx> claim is within an acceptable freshness interval as defined by local policy.</t>

<t>If these validations succeed, the verifier can confirm that the called party has cryptographically asserted its identity using a VESPER-authorized certificate, completing the Connected Identity flow. Any failure <bcp14>MUST</bcp14> cause the <spanx style="verb">rsp</spanx> PASSporT to be rejected.</t>

</section>
</section>
<section anchor="security-considerations"><name>Security Considerations</name>

<t>PASSporTs in VESPER OOB are signed using VESPER delegate certificates, which a verifier validates using the full VESPER verification <xref target="I-D.wendt-stir-vesper"/>. This dependence on the signed PASSporT and its VESPER delegate certificate, rather than on the delivery path, is what allows a verifier to establish the originating identity independently of how the PASSporT was delivered out of band.</t>

<t>The publish, retrieve, and respond operations are authorized as described in the VESPER OOB Mechanism section, with each request signed by the requesting party's VESPER delegate certificate, scoped to a single transaction, and protected against replay through a unique request identifier and a short freshness window. Because the integrity of a published PASSporT is bound to that authorization, stored content cannot be substituted without detection.</t>

<t>A PPS is not assumed to be an openly writable, anonymously accessible endpoint. PPS operators are expected to administer their own admission controls governing which parties may reach the service at all, for example through operator-managed credentials, peering arrangements, or network-level access policy. The design of that admission layer is a matter for the operator and is out of scope for this document. Within an admitted context, the requirement that each operation be signed by the requesting party's VESPER delegate certificate is what authorizes the specific action on a specific telephone number. This is an appropriate use of the delegate certificate: the certificate is the cryptographic representation of the subject's right-to-use for the telephone numbers in its TNAuthList, so a request signed by it, and scoped to those numbers, expresses exactly the authorization needed to publish or retrieve PASSporTs for them. A party cannot use this mechanism to publish for a telephone number it does not hold a valid certificate for.</t>

<t>The authentication of the requester and the integrity of each PASSporT are cryptographic and do not depend on the PPS behaving honestly: a verifier validates each retrieved PASSporT and its signing certificate independently, so a misbehaving or compromised PPS cannot cause acceptance of a forged or altered identity assertion. Other properties, such as scoping retrieval to the intended originating and destination pair and keeping a Connected Identity exchange confidential to its two parties, are enforced by the PPS as a relied-upon party rather than guaranteed cryptographically by the signed request alone. A compromised PPS could therefore affect the availability of PASSporTs, or the confidentiality and scoping of an exchange, even though it cannot forge the identities asserted within. The degree of additional assurance an operator places on PPS behavior is a matter of deployment and local policy.</t>

<t>In a Connected Identity exchange, the transaction handle and the response are sensitive. The Confidentiality property required in the VESPER OOB Mechanism section limits their disclosure to the parties of the original transaction, with the response made available only to the party that performed the original publish. A further concern is that the existence or pending state of a transaction handle can itself be sensitive: to avoid confirming a handle to an unauthorized requester, a PPS should not distinguish, in its observable behavior, between a handle that does not exist and one the requester is not authorized to access.</t>

<t>A PPS handles identity data and is exposed to request-volume abuse, so operators should apply rate limiting and should retain identity data only as long as operationally necessary.</t>

</section>
<section anchor="iana-considerations"><name>IANA Considerations</name>

<t>This document has no IANA actions.</t>

</section>


  </middle>

  <back>


<references title='References' anchor="sec-combined-references">

    <references title='Normative References' anchor="sec-normative-references">



<reference anchor="RFC3261">
  <front>
    <title>SIP: Session Initiation Protocol</title>
    <author fullname="J. Rosenberg" initials="J." surname="Rosenberg"/>
    <author fullname="H. Schulzrinne" initials="H." surname="Schulzrinne"/>
    <author fullname="G. Camarillo" initials="G." surname="Camarillo"/>
    <author fullname="A. Johnston" initials="A." surname="Johnston"/>
    <author fullname="J. Peterson" initials="J." surname="Peterson"/>
    <author fullname="R. Sparks" initials="R." surname="Sparks"/>
    <author fullname="M. Handley" initials="M." surname="Handley"/>
    <author fullname="E. Schooler" initials="E." surname="Schooler"/>
    <date month="July" year="2002"/>
    <abstract>
      <t>This document describes Session Initiation Protocol (SIP), an application-layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants. These sessions include Internet telephone calls, multimedia distribution, and multimedia conferences. [STANDARDS-TRACK]</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="3261"/>
  <seriesInfo name="DOI" value="10.17487/RFC3261"/>
</reference>
<reference anchor="RFC3986">
  <front>
    <title>Uniform Resource Identifier (URI): Generic Syntax</title>
    <author fullname="T. Berners-Lee" initials="T." surname="Berners-Lee"/>
    <author fullname="R. Fielding" initials="R." surname="Fielding"/>
    <author fullname="L. Masinter" initials="L." surname="Masinter"/>
    <date month="January" year="2005"/>
    <abstract>
      <t>A Uniform Resource Identifier (URI) is a compact sequence of characters that identifies an abstract or physical resource. This specification defines the generic URI syntax and a process for resolving URI references that might be in relative form, along with guidelines and security considerations for the use of URIs on the Internet. The URI syntax defines a grammar that is a superset of all valid URIs, allowing an implementation to parse the common components of a URI reference without knowing the scheme-specific requirements of every possible identifier. This specification does not define a generative grammar for URIs; that task is performed by the individual specifications of each URI scheme. [STANDARDS-TRACK]</t>
    </abstract>
  </front>
  <seriesInfo name="STD" value="66"/>
  <seriesInfo name="RFC" value="3986"/>
  <seriesInfo name="DOI" value="10.17487/RFC3986"/>
</reference>
<reference anchor="RFC8224">
  <front>
    <title>Authenticated Identity Management in the Session Initiation Protocol (SIP)</title>
    <author fullname="J. Peterson" initials="J." surname="Peterson"/>
    <author fullname="C. Jennings" initials="C." surname="Jennings"/>
    <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
    <author fullname="C. Wendt" initials="C." surname="Wendt"/>
    <date month="February" year="2018"/>
    <abstract>
      <t>The baseline security mechanisms in the Session Initiation Protocol (SIP) are inadequate for cryptographically assuring the identity of the end users that originate SIP requests, especially in an interdomain context. This document defines a mechanism for securely identifying originators of SIP requests. It does so by defining a SIP header field for conveying a signature used for validating the identity and for conveying a reference to the credentials of the signer.</t>
      <t>This document obsoletes RFC 4474.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="8224"/>
  <seriesInfo name="DOI" value="10.17487/RFC8224"/>
</reference>
<reference anchor="RFC8225">
  <front>
    <title>PASSporT: Personal Assertion Token</title>
    <author fullname="C. Wendt" initials="C." surname="Wendt"/>
    <author fullname="J. Peterson" initials="J." surname="Peterson"/>
    <date month="February" year="2018"/>
    <abstract>
      <t>This document defines a method for creating and validating a token that cryptographically verifies an originating identity or, more generally, a URI or telephone number representing the originator of personal communications. The Personal Assertion Token, PASSporT, is cryptographically signed to protect the integrity of the identity of the originator and to verify the assertion of the identity information at the destination. The cryptographic signature is defined with the intention that it can confidently verify the originating persona even when the signature is sent to the destination party over an insecure channel. PASSporT is particularly useful for many personal-communications applications over IP networks and other multi-hop interconnection scenarios where the originating and destination parties may not have a direct trusted relationship.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="8225"/>
  <seriesInfo name="DOI" value="10.17487/RFC8225"/>
</reference>
<reference anchor="RFC8226">
  <front>
    <title>Secure Telephone Identity Credentials: Certificates</title>
    <author fullname="J. Peterson" initials="J." surname="Peterson"/>
    <author fullname="S. Turner" initials="S." surname="Turner"/>
    <date month="February" year="2018"/>
    <abstract>
      <t>In order to prevent the impersonation of telephone numbers on the Internet, some kind of credential system needs to exist that cryptographically asserts authority over telephone numbers. This document describes the use of certificates in establishing authority over telephone numbers, as a component of a broader architecture for managing telephone numbers as identities in protocols like SIP.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="8226"/>
  <seriesInfo name="DOI" value="10.17487/RFC8226"/>
</reference>
<reference anchor="RFC8816">
  <front>
    <title>Secure Telephone Identity Revisited (STIR) Out-of-Band Architecture and Use Cases</title>
    <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
    <author fullname="J. Peterson" initials="J." surname="Peterson"/>
    <date month="February" year="2021"/>
    <abstract>
      <t>The Personal Assertion Token (PASSporT) format defines a token that can be carried by signaling protocols, including SIP, to cryptographically attest the identity of callers. However, not all telephone calls use Internet signaling protocols, and some calls use them for only part of their signaling path, while some cannot reliably deliver SIP header fields end-to-end. This document describes use cases that require the delivery of PASSporT objects outside of the signaling path, and defines architectures and semantics to provide this functionality.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="8816"/>
  <seriesInfo name="DOI" value="10.17487/RFC8816"/>
</reference>
<reference anchor="RFC9060">
  <front>
    <title>Secure Telephone Identity Revisited (STIR) Certificate Delegation</title>
    <author fullname="J. Peterson" initials="J." surname="Peterson"/>
    <date month="September" year="2021"/>
    <abstract>
      <t>The Secure Telephone Identity Revisited (STIR) certificate profile provides a way to attest authority over telephone numbers and related identifiers for the purpose of preventing telephone number spoofing. This specification details how that authority can be delegated from a parent certificate to a subordinate certificate. This supports a number of use cases, including those where service providers grant credentials to enterprises or other customers capable of signing calls with STIR.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="9060"/>
  <seriesInfo name="DOI" value="10.17487/RFC9060"/>
</reference>
<reference anchor="RFC9447">
  <front>
    <title>Automated Certificate Management Environment (ACME) Challenges Using an Authority Token</title>
    <author fullname="J. Peterson" initials="J." surname="Peterson"/>
    <author fullname="M. Barnes" initials="M." surname="Barnes"/>
    <author fullname="D. Hancock" initials="D." surname="Hancock"/>
    <author fullname="C. Wendt" initials="C." surname="Wendt"/>
    <date month="September" year="2023"/>
    <abstract>
      <t>Some proposed extensions to the Automated Certificate Management Environment (ACME) rely on proving eligibility for certificates through consulting an external authority that issues a token according to a particular policy. This document specifies a generic Authority Token Challenge for ACME that supports subtype claims for different identifiers or namespaces that can be defined separately for specific applications.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="9447"/>
  <seriesInfo name="DOI" value="10.17487/RFC9447"/>
</reference>
<reference anchor="RFC9970">
  <front>
    <title>Connected Identity for Secure Telephone Identity Revisited (STIR)</title>
    <author fullname="J. Peterson" initials="J." surname="Peterson"/>
    <author fullname="C. Wendt" initials="C." surname="Wendt"/>
    <date month="June" year="2026"/>
    <abstract>
      <t>The Session Initiation Protocol (SIP) Identity header field conveys cryptographic identity information about the originators of SIP requests. However, the Secure Telephone Identity Revisited (STIR) framework provides no means for determining the identity of the called party in a conventional telephone-calling scenario. This document updates prior guidance on the "connected identity" problem to reflect the changes to SIP identity that accompanied STIR. It also considers a revised problem space for connected identity as a means of detecting calls that have been retargeted to a party impersonating the intended destination and preventing the spoofing of mid-dialog or dialog-terminating events by intermediaries or third parties.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="9970"/>
  <seriesInfo name="DOI" value="10.17487/RFC9970"/>
</reference>

<reference anchor="I-D.ietf-stir-certificate-transparency">
   <front>
      <title>STI Certificate Transparency</title>
      <author fullname="Chris Wendt" initials="C." surname="Wendt">
         <organization>Somos, Inc.</organization>
      </author>
      <author fullname="Robert Śliwa" initials="R." surname="Śliwa">
         <organization>Somos, Inc.</organization>
      </author>
      <author fullname="Alec Fenichel" initials="A." surname="Fenichel">
         <organization>TransNexus</organization>
      </author>
      <author fullname="Vinit Anil Gaikwad" initials="V. A." surname="Gaikwad">
         <organization>Twilio</organization>
      </author>
      <date day="18" month="May" year="2026"/>
      <abstract>
	 <t>   This document describes a framework for the use of the Certificate
   Transparency (CT) protocol for publicly logging the existence of
   Secure Telephone Identity (STI) certificates as they are issued or
   observed.  This allows any interested party that is part of the STI
   eco-system to audit STI certification authority (CA) activity and
   audit both the issuance of suspect certificates and the certificate
   logs themselves.  The intent is for the establishment of a level of
   trust in the STI eco-system that depends on the verification of
   telephone numbers requiring and refusing to honor STI certificates
   that do not appear in a established log.  This effectively
   establishes the precedent that STI CAs must add all issued
   certificates to the logs and thus establishes unique association of
   STI certificates to an authorized provider or assignee of a telephone
   number resource.  The primary role of CT in the STI ecosystem is for
   verifiable trust in the avoidance of issuance of unauthorized
   duplicate telephone number level delegate certificates or provider
   level certificates.  This provides a robust auditable mechanism for
   the detection of unauthorized creation of certificate credentials for
   illegitimate spoofing of telephone numbers or service provider codes
   (SPC).

   The framework borrows the log structure and API model from RFC6962 to
   enable public auditing and verifiability of certificate issuance.
   While the foundational mechanisms for log operation, Merkle Tree
   construction, and Signed Certificate Timestamps (SCTs) are aligned
   with RFC6962, this document contextualizes their application in the
   STIR eco-system, focusing on verifiable control over telephone number
   or service provider code resources.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-ietf-stir-certificate-transparency-02"/>
   
</reference>

<reference anchor="I-D.wendt-stir-vesper">
   <front>
      <title>VESPER - Verifiable STI Presentation and Evidence for RTU</title>
      <author fullname="Chris Wendt" initials="C." surname="Wendt">
         <organization>Somos, Inc.</organization>
      </author>
      <author fullname="Robert Śliwa" initials="R." surname="Śliwa">
         <organization>Somos, Inc.</organization>
      </author>
      <date day="31" month="March" year="2026"/>
      <abstract>
	 <t>   This document defines VESPER (Verifiable STI Presentation and
   Evidence for RTU), a framework that extends the STIR architecture to
   cryptographically bind telephone number authority, domain identity,
   and originating provider authorization in a single delegate
   certificate.  The delegate certificate is issued under the
   certificate policy defined under a STIR compliant eco-system and
   carries the assigned telephone numbers and authorized originating
   providers in a TNAuthList extension, the responsible entity&#x27;s domain
   in a SubjectAltName, and an embedded Signed Certificate Timestamp
   (SCT) proving the certificate was recorded in a public transparency
   log prior to use.  VESPER enables relying parties to verify that a
   telephone number was assigned to the entity whose domain is
   presented, and that calls from those numbers are originated by an
   authorized originating provider.

   The framework defines a certificate profile and issuance process
   grounded in existing STIR and ACME authority token mechanisms, a
   domain-hosted certificate repository with domain-controlled
   certificate discovery enabling cross-channel trust signals, a
   PASSporT usage profile for SIP signaling, and certificate
   transparency to support ecosystem auditability and detection of mis-
   issuance.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-wendt-stir-vesper-07"/>
   
</reference>

<reference anchor="I-D.wendt-stir-cert-tn-attr-ext">
   <front>
      <title>TN Attribute Certificate Extension for STI Certificates</title>
      <author fullname="Chris Wendt" initials="C." surname="Wendt">
         <organization>Somos Inc.</organization>
      </author>
      <author fullname="Robert Śliwa" initials="R." surname="Śliwa">
         <organization>Somos Inc.</organization>
      </author>
      <date day="6" month="July" year="2026"/>
      <abstract>
	 <t>   This document specifies a non-critical X.509 v3 certificate extension
   that conveys a set of self-asserted attributes describing the
   telephone numbers identified in the certificate&#x27;s TNAuthList.  The
   attributes are declared by the holder of the certificate about its
   own telephone numbers and require no separate authority token,
   because they describe or constrain only those numbers and grant no
   authority to any other party.  The extension defines an extensible
   framework with an IANA registry of attribute types and seeds that
   registry with four types: a PASSporT Placement Service (PPS) URI, a
   do-not-originate indication, a do-not-originate-messaging indication,
   and a set of authorized originating providers.  Relying parties use
   these self-declarations as policy signals, treating communications
   that do not conform to them as candidates for blocking.  The
   mechanism is backward compatible with existing STIR certificates.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-wendt-stir-cert-tn-attr-ext-00"/>
   
</reference>
<reference anchor="RFC2119">
  <front>
    <title>Key words for use in RFCs to Indicate Requirement Levels</title>
    <author fullname="S. Bradner" initials="S." surname="Bradner"/>
    <date month="March" year="1997"/>
    <abstract>
      <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="14"/>
  <seriesInfo name="RFC" value="2119"/>
  <seriesInfo name="DOI" value="10.17487/RFC2119"/>
</reference>
<reference anchor="RFC8174">
  <front>
    <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
    <author fullname="B. Leiba" initials="B." surname="Leiba"/>
    <date month="May" year="2017"/>
    <abstract>
      <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="14"/>
  <seriesInfo name="RFC" value="8174"/>
  <seriesInfo name="DOI" value="10.17487/RFC8174"/>
</reference>



    </references>

    <references title='Informative References' anchor="sec-informative-references">



<reference anchor="RFC9888">
  <front>
    <title>Out-of-Band Secure Telephone Identity Revisited (STIR) for Service Providers</title>
    <author fullname="J. Peterson" initials="J." surname="Peterson"/>
    <date month="June" year="2026"/>
    <abstract>
      <t>The Secure Telephone Identity Revisited (STIR) framework defines means of carrying its Personal Assertion Tokens (PASSporTs) either in-band, within the headers of a Session Initiation Protocol (SIP) request, or out-of-band, through a service that stores PASSporTs for retrieval by relying parties. This specification defines a way that the out-of-band conveyance of PASSporTs can be used to support large service providers for cases in which in-band STIR conveyance is not universally available.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="9888"/>
  <seriesInfo name="DOI" value="10.17487/RFC9888"/>
</reference>



    </references>

</references>


<?line 287?>

<section numbered="false" anchor="acknowledgments"><name>Acknowledgments</name>

<t>The authors thank the contributors of the STIR working group, whose out-of-band work informed the mechanism described in this document for PASSporT delivery signed with VESPER delegate certificates.</t>

</section>


  </back>

<!-- ##markdown-source:
H4sIAAAAAAAAA9096XLb1nr/+RSoPFNLDUHHSxKHzl0o2W40E1uqpSST6bTX
IHBIogYBFgeQzJvlWfosfbJ+29kAcHFuflUziSkQZ/v29SiO41GTN4WaRic/
vLq5fvUuumqbuFrE50mZRVdX5yejZD6v1Z33Aj5Mk0Ytq3o7jXSTjUZZlZbJ
GmbJ6mTRxPeqzJpYN3kd3ym9UXVcVfP486cj3c7XudZ5VTbbDbx++er2dRQ9
iJJCV7BCXmZqA2NV2ZyMoxOV5U1V50mBv1zOzuGfqoZP725fn4zKdj1X9XSU
wU6mo7QqtSp1q6dRU7dqBPt9OkpqlcCss82myGHDsKqO8FjvVFLEt/lanYzu
q/rDsq7aDbx3o9K2VtGtKtRmVZUqusSN5M0WBtzlOm9UdjL6oLYwJpuO4gjP
B/+kqm7yBS6gNPyawfAlfO4+BwiM7lTZwmaj6JOWjCIG1smPsNm8XEb/iqPx
+TrJC3iOG/lrrprFpKqX+Dyp0xU8XzXNRk8fPcLX8FF+pybmtUf44NG8ru61
eoQTPMKBy7xZtXMYmiDMVDbPG/1oD05xTIEHbLzleJJJWq0fHT3NKGmbVQXo
jGKYMooWbVEwRV2s6lxHP+Iw+gb2npT53wmd0+imWlc6uizTCX2pGCIpjvmr
tzhuhl5Iq7ZskGy/v+kv9a6aR//84OPnj7+YvSjy++To9epq/l8aR/x1iQ8G
VxuVVb2GWe6IAN69vnj65MvH5uPXz7+Uj8+fPHnmPn7hPtoXnj82H7/+/MvP
zcdnz74yH7/+ip5exi8J2wxsjxrjpk5KvQHuKNOtebOHl4EvcI64KeOkaepY
fWymo1FeLjrH+vr58+fwRRzHUTLXsFTajEa3K8AhCIl2DeQNLKLTOp8r4MZo
rdIVwFevI5gImQdmqpHIkSCQF3DHWdRYDkmToohywyZ2/aqMWo3jYFQkkmpR
A1qRw2nuVqvofqWA3fIynqMc0PmyTAoclFWwmbJqYPa63tIcdgk4f9RU+A+J
H56i4YlwkJ1ukzSraK6ae6VKmgJA3OR4ygYEXDGJzreRbjebCp7iAcuoYllL
o09Brp5FjBp4I1pXAIwxzAOLACXXVZKuYBPJvIAZaWs4NWxs086LXK9IstWq
qXN1p+hoALbr2c0NzHYbJVojAaAE9IRsVC3wXHFTxXhKgf42ugcOzkvcYR9U
dErdwmYSxN/N5TW8oWGtH6rL66iE4wPAJ9HtSgG8zfrwZm03hbMbFA1KyzEA
OYcFGAULxodgY1UVmUFznS9XDW4eUYsoTjw6Yf1AUJnDkaO8QWA1K0AGT/UQ
KRLYtbSoxl37dIpaCSDQ1FXWpgBsQR4tdVGVpUqRNK3IpulVdHN7SUrSYJBw
ZraM1KsyogwaUAOvVaXAJNmFNhgMQszuc8zkN9/SyczU8i1SBaB1XsGEhgBl
Z0RcwI/ILAgXVQLrpTjeI4IkJamVzPNCQKL4NJZRgRbvYDHEvqUYogqEi8N4
yGs92tpFUkBQyFdtmdyh2gJyR67LmT2Zq+BtwHjmgRZlxiJXNR0VbIFFXq/p
ZQBgleYsH3zWBLNimZcJgXaQZgIR4NDAaoqfEXgR1vguaNIkg7FC12CE6MYJ
oAkLxHWeZYUajR6ABmGqwo2heBSycRLLcDrOjZBiiZHJSdmaobWdYKzW67a0
hg5LQ0tJP/8sGuXXXyPQVkC6moQdKEjAEUGdXkGtBK/AI0vX3yo62etcFRlw
h1rkJQ8ycz779ddJ9G11D4KnFtpkfk/hFHVeGVpwssJQBVGkWIQGxwuV6FzQ
jqcf3AeYPlt6e64MWyJBGCJCoZJuo9uXb5B/VZ0yt2onwOnxGizMBGhSpFYE
sETGB04HMbohoNjVV7S6ngh/e1YyS24GBihngF6SZcDYmtAHp1qqUtXA+Fvi
EBoPvEuAFEWADGY5hOTGhCdEbYoTkimjWXzR90jo/tEAqECjd3mqDH/WIEeZ
CMyDuAK9Tup0UyQpHdUMArzmOq1gfVS2KzAwlyvzXWzGw7nukA80Q2nMoEzk
lE5s2s0qt1crm0SoI90BEA6oAZSKx+3VGxj59s2EuatnEfz886DVA7AGPtpU
iDv1MdfE9IQxK/9Qg8KBki6PI0ew3gKEGvOke94k1Dkos0BUt2xioIzvCSNf
yY19lvWUXczvxgCVjcoGodnVbbUiHFUl01RoKiHmmDxRlozhGLoFTQHrD4mg
fTikAda6AqZoCEErtY6Qdl6gWmaJokG133vqwzcWQObq7ry1MhwDb4EhRUoP
VpvstjZxgUHzkE0sdBYQDR3DzPGl1YBpVYviJv1ReaRuVvMEJMmESXTZWKEu
WuTvO3BFRo4oM1ndAwwSfnePVv2KAZgUjCnQr5koP6Q9IuQffPTdMEuN0ZUE
pc8CCUQK0H2LBIwahsg8SetKAwgViJwKBVrVaiM3dchkfWGGAGbBj5aHsVhj
2GJsLVYSZgtgdRFaeEIwUy2vm6l8IyO6trLhxsiG0+vrm7MutTsaIAtiaH2H
3YSsRQ2w/O82R+oC+bdRZEmNo3mbswFasSEBsErVBo2zAN3jCAQtUDhyVwkT
8Pp0rgjkTIoYcEcm4mgbsLj+LltcVEVR3cP76EpFs46blJQlyIzUWH7GyFEU
sTkIHX3muUrwe/T9u8sIfbp83gLxiUFz+zaamWcoCxtVkpYO9P8BBxHInnbv
4TA4B+4WRm+qHJUubwpodKcwj4pqCWRQUlioXIoCMmcIDJphaTRXIN2FAFLQ
x2ZjZGbCZOUuUQMLLxXKlktxC6oN8g8pdbE/9JBPwEocPHIkCWuudo1z39dF
4Od1Tw+wJEX5yd6eZ7H7Zmpbi5zWvM0kg40Gqnan4pugXQpHuMPZTKjspdUC
mnn8gwITvqrBEDx58/3NLUbm8N/o7RV9fvfq376/fPfqJX6++Xb23Xf2w0je
uPn26vvvXrpPbuTF1Zs3r96+5MHwNAoejU7ezH46YQ10cnV9e3n1dvbdCaK6
Y32gd16hXUjsBayH50/0KJDM5xfX//s/j58BNP4JEPTk8eOvQfPzL88ffwUG
LVEDr1aVgGT+FXCzHYGqUElNKrgogOY2eQOwJphrUDElaTaA5r/8O0LmP6bR
N/N08/jZn+UBHjh4aGAWPCSY9Z/0BjMQBx4NLGOhGTzvQDrc7+yn4HcDd+/h
N38BklZR/Pj5X/48Go2YyqaiZYivkKOvQQICdhLre75CixJIleTAu9vv99Kl
kWjT6Bo4AdkumpmARnRbfQC+TQY9ky9o+EsjCy4cW09BLPliBk0cq/57bt8R
kYaxp+FKz09scHvjof1h+A5t+5I0zCIvdkhVDxAzOy2dGg8hdpIN8LA9Zy0M
VifGgEPhngzbHBw+2jCeeJSZxFp6oLta8h0f6hAkOwIvSbn1lVNaJPkaGKUH
iGfPvgrw3NdcrNanFI0wfg4dVIMqULobONFGx4vVXQYOP0dfKKwFUzGI1oJ6
zzQT08COGEtgAFc1Ip9iCaIKhuQ/m4kAIfURFd8SVP2rpC7Q7CdjzDfi0JQa
o50MXLPtGBNqIfYgCbu6KhSH3y5QBA1A62LACGrRqdkDYrL87zEmlQCPgaf7
Oq91Q0IvgvnIBCy3aP0WBcV/yDZ3PIVEco3xXpzsBg19mp72grttdcicXwrx
+1S4qUAxb4EfZBrrOtuYIJ66xrQJRYl11dZC1ut5vmw5Jkxulpya8JUpkNC8
X9K9PReFwCqEBS4+mAkY7m08aiM3VPtU4wU3UQuzi1Pk67xhQRLGrPULng58
Ds8KysmbxGgsyx7wQrbmgw3lzNUWY4Sd+caEMPE47WbABiuBbNMIUxo4/brC
aEwKAEMvEHiMjSUUHWj3cdDn6+eIDBNvZTP1EDMGziiZ1Rsdt5iscbbkKWau
osdnh4zKYyxJ4n1jrlr3mVnw0F6tV9s3q0wgYc5hZt9lZmC9NMYrSx8Q1UAH
FGP14WVsaWPOGs6nSBZrjCV4RGVfUM63nkmLUiG+uEV7U5uMyIAdS2kKQVPP
gO+qmiOMdLD8POdthrnCBiQZ0EwRXd0hJNV9z8dL3GsqiFf6Qk1il2MjkOmz
9QeGAwqOscQV7IVarKrdHXQI/AYXvGEy6vnOJFZE2OzOSbmNLepqPaxWKDQE
0rGhx7BF0R2dtAuqRvIA0rYAY9ILhtdVU4GIJZ8Qo5wStANjsyqXGmhud15m
HCZmJFdmwlIBo9xXbQEQRB/1PtfkZt0pejkpu0HPaIEhV8p+5bynuWJhhnoI
YVXCUD+8jmpE/BsyfWDaNTBNsiT0l1UZ4/bs5mlq2kso+A7k2jDWb/N15mSo
tpZIkY+jvChazEA2xqkGl9rxLRwvS5ok2LfniCHqtImOdKn6sGw0OYSAtu18
EtUaSkVyMoT8CMRj6cwLAChmjwp6BXj2t99+oywz/nwWD/x8FkVXQp+d9IAJ
Itnxv8B/s/Dw9HAXneVEwcHwyILAPTxVk+WE4+hvf7i8fcUHl6yBN/r0yuOj
a2SYM5xyMPR/NnBo7/hDkPjMDnE/v/QfBV8PDnk8ia4l3eo4CY+0ewj8DPkf
u1e5272pyW/2Z3IACv6o+OHDYJqH8aSDOfhBPdJ7OJ7QyEuhAjvBwHj/xzx8
hP/rkDZ9f9TmaRZLQWeG6GDaAaj9Z//Rw8nf/va3icBsgr/g7w//KFp4Mone
meChJYb9Q45c5SBG+0No7iCyu2PBX7qYC5n2l2/2cQ8w6ktPs1lGfadSBTpy
SMaASDkopA4IGZRzVqbHvnWiSFBSNHZIONsgdKA6rTwdXrZjC70xtoCkFbTi
/HmYVQjrHAbzEjZTdYxlje/jvAMeZYKBYb2jmABgUroyAuN8gko04WTWcqac
BLYWuJnNnqB5GB9v2BKWsDhZJOsNZ08Z+Ws02CiaAL7SUdHw2fXlBJwSlEMu
F0Demy04aKiohA0iG6I0i5ivvW3lmooBsEKobF64LaLdj2YMRUcp4GNSfQdS
E2QOomktUVrQ0mg8P4iu7J7YTA48PMwZNGwyAhGo8ATLJC8xv4IHp2C/KJhp
r06B8Sx+KDoQsBvy7nrBD9/f8GfgdJZvmuY1ZzPFfQEDkj5vgbawYMIWFFn/
qGfZIs5MCZI9V/Rm9hMHoDGJouh8A7RsgiJjZ6SmiVbWmWKC1uQAuNIVGJIV
QhodP9BGWQCORjhPh/cdVXPMd4X+ox83+hQgEseadMTeo0b3iTZAwYqFQiW1
bKJ/Rj4GJRqnMvnA1BRDiCg9PHxSE7roygWvzkiocHgbY8+BGHB4MG1i6ART
ga9ItFhSyIN8p5CRQMDNYmpcTOINaYYsK3ywJ8MsFJs0lmiMeKIyJlXz9EjO
fl2QwUDd2d6uOAFA+K4qgA/Yf0SJsKxNgtSlFAMuRM43qf0gKCvOQOVFMDNK
uqLUTTG5J3Utc4BQAy69rOqECoXSuNTpTnEo0x6iLyUlNGWCApx4HxDZIBEp
mFv6eTq7c5Og0sMIlDB2Q2U2zRCMZAgLzHcmuXptxfVoNOvtSYZ6CtmvQ/ME
v8uYBunaFVclWeJwohzDqCrBjCtA9wazgrxWqEFQnS9bcLxgHCKp3m6aalkn
G2AISv4JPVvOEmknNNiRzMRIWNmEypAnV6ieUscYRMEc48R6hLjdGDbm+CFV
jCNQLzC4lFkcW7sk12nrSo8y0muu5A+5iWrlYZ9lSuwaRzOfLqeGlseWqceS
HOBSRTkjb/8IzuYYzgE2dtG9nexLnvTW8fohFvYlFeltJxa94pu8oeEpvQZD
xwQegBryonXTvZ0+1NHtW4TYdznSchzdpNUGE/Ve7QXaiVyKQ9Ega+IcViNG
KCSROzgrKk5DhsrKho65KMApGT6V1CfiJi8NM053ZXasDq+7mO4IMk9tGJmV
NxIL1qE4FtHmNuyEW1I0bCHXvpwjiKPRnKmGCZpVIGgwyqUAyDGNNQ2JUMQO
ZsFEj9U0giPk6mOCMsWzv8FFgdHueI4aSJCCpab0qsQgL8iTrLpn+ueKRg+r
gMUiVJe+lVsrFNK4/QvUO7RGUnji0CBrygmLvebRsF62vGIVOnkfIAGKiuOj
ha1KNtUGsrhQYuHPOgEq8WKS43BqTCUk6EG5stzO9MKbIDrR4lZZuJDQFwLk
1ha5a5FmU0qlWwHN+4HNYtpCYlWcdanjsC9AcwONLZtn5WKdtug16AS2yJ1+
MMKvFx+0qgUUQqM2GtxNhPATrinAIt9EAxcP+ggUW+y2MDhOEeN/yH46nZ0Z
KPZNt9PzM7OZp7SZZ3Yz+9KOA4b1uWdN77QD8QAzcSXpXC7MOAuCdGdhVMEP
HvHPeRAqONsfL9r7jR+xGIi/neqz48bCDx7vFDHwp9kYYf2nc/C1jxwbaroZ
qIEj9ww/gwn3Y8YOBUzi+M9HrntqzPd84RHJkXv2c9jirZwdNXYggoQ/R687
+E40GG4D3B9NWEO4P3pwiPzzh/rokUOoP2rwIBiPBZbPHKefibo4bmhAK4YG
jgPzDlr9g3h/z9inE+Mms8lW683RY6Oo7wZ/wljDYo5Cjh7KlBRSyB9EGs88
ZiFgHJi1c95AH5gT/n+Vk/+gvELw9sP/x40dfmfnWC8Q/iSKfadYTJJH1hw5
1WzAxE/OuIbxCGPBDHoaPzsbjS5Lz+RB62bsAn2qGzUDB6CbUF4lmBAIK0QG
GmpMbhk3ee7CSF5dgKnP8huuVL223VsSCCfrlUqV+ifk7e8wotksQuehsU4Q
mcrInNZEEgtt2G4+Jz/NuE1kFycL9Ey9ErJgtIWc85cAhCs44ioRu5kKzMBT
4dC+OL8zcJ0WVNATNAZistg1B9qa1Rnl3oescCxX5C0LvfhnZV+812i28qPB
3gEAt1RTleU1u2z4TIeNEL1MOFXRZG1NNdmAHSpB6SSgTU7k2r2L8siRPddD
9kdInxRauZ2g+GBfB3sGEnSobbDJeO089c6qTKCraqnI77PhgiTLcpO0d5s3
pcomVMOOPnqVJj5giMzbJcbDpb2Cqv4EEztAldtycgmCuMpZjhaCu9OmHJ8i
8ORNv216Z3mo946VeK1OlsrUr449uuw6O50mW96j3+uaa1cgh07oArgLKG6Z
1MClXHCFKTEObdgUm2V7k82jBAI2+1JBi/ZiOH5yMgwNkAO+Uzi9MBTcxYvs
JQiJUKzd0vzRdWl9z893wky7YacfqVOI0+s/31eF8zsrbpBkKZbeq7vxy4Pq
thwuV0qrjY1/EKJd1c4ll9PbICwCOChDxj0vQqhSnzArL8DSPYlRHbCTj7Ig
JWFjVIOE6ML5FOqhXJSL7fBRS8vm8NIYAE+tU07hUTMaFyy3c+F5kXaRbYML
i19d3JnLfG2PnuE+i3vU1KI3jjgwR0UGy1AkDk8NnaPRhV9FZ5IMHTkKRwuK
APfKDe1XIx5d6f6ik4kGQBMt1t5mbQOWdxhTKEs9PK4zsXJROWLjUu0EmetU
MmrpdUdtWKCObYSfEO9tg7o8mEP8NK1tU9pdL/uPl8l6XUbuLDLt0X1iIpyS
AS1uy01LmcSvkDWqjenNzn9h9A6eISQ4R1Ze0cSdqrskZlWXkJHtevBLXQ/q
pz29FcGC+8hNQt49UdRoVSw4R/Me9d77cfQepfp7NsjeA9zfSweEZef3H79I
3/PXH79o35secw5qV5u2SLh3KTJlEHQIoV1l2i6RxrytBrSNx3Hqcjs9KMZs
ZXF4ur0KcrzPJAldhu4FF670oNMo7dOaoHaA1cae9dIvQtiTPCR7cy8t20p5
SXQ53jl4f4lNNezg8mOr4j+xilsMK7uMpGQCGfTt7a2VQnuq160zYMvXXfm2
bYHoVET/jgr7Ti5t9COWEiR77dC9le+oC/GGsaYxmnv3BVu+Erz1a8VPuQT/
jJpNGe6Hr1Hi6ilHstxoql2nKd7mNZeUzZ3tjZtQDZ292eGefM/KSm475d4G
gqxCJ/L3tBGIOYeKagCcYyTFWlKjw6ilcjsZRykOhbUfAYNS6szcwmL8dXN5
Q29CrzA6kxSPT5eGxk0Bm3cVjcNGMx7I0zuYD3Yjc5eQu6eApGk0z1EC1+zG
IQarUkxnNOBAwlJJybKtwwtmehdxiKB2C5smEnY9TeUahV+mo9FjrKk6kgkc
/0jycpArpLuROLfDIJZQxtL/YC6nurm4nYye4FY8ujKlU17hBQ31QzXhVleY
u3b3ZcC62A9aVxWgSe4nkGGwIJOLkJ0Oic5cctFUMZ5xDUQAOwLYPp3s0D1M
n0P3HXARRFs0AnkzGd3C4d86RZS2qVHwh+09PkdS+Gn0bNIpA3VOhLuYAX5x
Gsu7xsRiLbxViKyR8GxCOtiKHpTKaKq5M9c4AFZgV7CzdCVJ3wNgHJPEV8zs
PgIJRygwQa3mVaa5TZ4PIYjCayySJpnQKVj9VsDL0ods9PKwCEKfFPCQb7hR
2AotujJGo+ymm5VYfnpXUhmAka0NW8fiLCazGmVQYmSttQYSzi/32zcHa4sC
q9JzRSbd8s4NhiKxDiG8tMB0ppDSJc8DpZxs2ivzKC28yK22F+w4oHBSnOse
KNqWFi1dQFGrJR8LAxkZFn2YtybRj+TA2znsN2zKmEUo7NqtuMJtgCmrMEoE
jL/k4CussUjygm1zL8awFkpgcpPuTXsLU3WP9RUoQ1GxwhxLZYQy0vFH7JUU
fGZqSZWxCzhX1pZZgiOMg+tzIXVqrUG6wUbg7UxtimpLdq/6iCRKmX3EvL+l
sd+iaeznzDTqPxiUEfvijsMyhbZrQ6reBSx+qPwuT3pkRxebECVbZNA7QU2b
F0b0LHZxdg29LhB0hExUeuEdXSz+PefAqpjdZqZ/OcQDk1OS22V+cLfLXLNQ
ovJlYcx3yJMtV5S9VByxV4GNZCzG3X2RIqSDS9p2yC84RZ2jeCUz5A9tqBz/
fkeY5XggP2Ln/Fhw0r0GWDQTRNmP82SC2l0RhJnUcttqpW4wdrAQPKgitea6
uVrv4YEy3CEYDfVRuBhBHL2xQs6A5FvMyVA13WU35WBTMeiCU+X2ujtcj4Mt
M0tZHiTb1HNpbT9mgUXshZeV4YF6ZUptKFS526uHFVoxNmjg3Pq5pjoUxw+X
PV5yT5PLuIKU1d7FTZ0TiU6tFd7CQF+haYA5BMUGoLyAvgtJEJgOlShRfp4s
y0o3VMJU0x1nfqoH4YVV+9SCHshzuobKcDBXEzkHHlxZUSuEVvJqwvCPkxOj
0RVKZ4vTzuFCc9Bl5aVudSjUpj7CsgXdxujEukD9+DvfTIG7f3OdJ3Ftm4wT
o9783SyJuZMTLK/0gw4CS1KIX1Z+hqgfZcp9AghvUANVgaZp3ryQUCZdYrRY
qJovUzFlZmE2xAt3u7ZFABlXljLEXPWqnaQT9pam591xoA41+dDES5YNJIJE
INp5yJf91KJJddaq2MqFW3njTCfvAiTuDjdJmoGcE0LAXp0ESyhUOPtuNKNs
h5b4GPkB4PHI/SlDxzfxNab8gQy0zwMS5dh3W4iFwen7Wm/en3G1eqcVZ9Bo
Of0B+8fyxkoiw1R8Z2CaVnVGN8GQp+1dT9Ul6yPYhvFNOzyOW1FMuP04R2gX
dZBW4drmbTey+0LUg8c8nFthoY1GUTevug/iQyk+DPV+NCZ/55gdQW8uKtjn
tdPJrdXDaqRv9nQLdLm2QcIHtpafWNEj9dhm30P28llf6hOkYN4mavGYdVXY
dk2zM3OtEXeEDeEzCN8xRPwuFFiW5zDXA95IZsT24cjGWLOyQuW1JU4uSOmA
Hoz/1NwJuaec2buuhyZxAXg8v7viGnhCbRpyGF3hN5Uhk6HrMgzzUC2iB26S
lU5cYwQSJuzptrABSfYUNHBi9Uc/bsV4UllwAXSH3GLPagtsMrzKtFA27Laj
MgaMH2AvYylI8qqVNrwO7PlmNTY/6D68B7s6UvzcTj9lGLDNMXeBJ0NmwmEJ
sl94UWaEjUCU7S7N4KshI9D2Wr++mpR5gruxqSSGEtTSv+udB1Wgvddvtwrz
7VVTDNHT6LuvRFWH+nr8ptSws+dTTXu530L0OjdZhAZxt0nokHOxv+9i7Def
9bpAouMbP/SKrnfvtH9MonPlGCJoa0sGGv8O9P2Nj2r4G2qEGUlzNFuCeNnj
mmEyV+a2VLyoEPaGwgyBgtd1gVWDYiRF/5wyEC6WHobrqBvt44ZBiJDOwN7P
qcGqMc3O9JBv6xa1oaMlKg5SDcypptOECkGIBoirxD5hDhjuzDF7iddJmSyp
3U5J3wzIgY2Sroq6xoIPuYIaphGbLS4U3mDDJzUyWmJLVMJAugLXt2cA6hBt
aCJKtnnMROUkbiTcRHQoL/leffSjUyeZhNfFfBhbgjf5WTZfwybZnsv4aRzi
pEt475+1gKTkka7fdWZRx/YQkZhTP78fc2udph1afdqL+ktVVKDO3O2CQUxj
x42Cu9OJeHl241seZKIkA5IG3QWKeXlxEDQaZCbMb23knnbjRzarbnNcCbqc
Bwcdcp1OBJv/XFM/vOndQ0ZlwYHtUy7b5Cbb8Wcrci8bhbdBo74g89GHMowV
0d7JEYQNt/5fNPCFVxgPoSqLAF/seErrMKoeo9lQbszVKqEMMO5aA+imwyp6
l3O3z00IVJ1gF1jWLonBcrBswATGIDZtR2DNYlosOnvfJcBpyVkY03XY/csO
WMR7RRrcbx42cWzNHZ6eiywOhe2/PCq29kGpDZtt+4qwU69b0F4KHxTyfVLX
cGCZ/J5O5gLwizTdgzjVe+PcUpG8WJiQlLQI5qbb0QvPCVennZZIw6VS5Oe1
so7ZWUdluFxxoylhmnDKSHB/98Qay2zddzMLXtDFXpUcpGDs3RoeiVf1npRD
N88wobr5P7CZE/+oWY5/XYnP0m0lFWrdurvKjzDP+I5KLVpd2kXb2ta4H9Eq
6t1gZrf7h3SHAqEt2poolm5Wr0MXlu5pYWMdsKU40MbFlMTpA2BFx4uLs0jJ
GnhSQXRyV+WZccuYNc3lInQZbFsG18GKNB1LkgCsRWQBko98fUxL5rUoKE6S
EywMJY1t6iwJbjGxop7OJwX8qiPDjd3ndoSbTCUZzLYhT6o7N9yJDQParpKS
Tpk1vquKFsut53R7CF1rbsxBOR2Hg+kCQiIbWwDEX4NI9P+CEq/HDRCY/8OX
tZ+DLfCPreCWEw6WRZezt7Oe5xjeW4uOcVnxm9IZLH9PZ56kH6hxIP1QVvfg
Si+5rPDnKatRlf3pZAHGozr51elJPBxKww9GEnGaBx8LxdPNvPfyx/boT/Wh
F0rhhs51vfL3x4Sa/fRx4C75pwn+foGr5z3yT2NNRv8H7TjgbrNxAAA=

-->

</rfc>

