<?xml version="1.0" encoding="UTF-8"?>
  <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
  <!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.29 (Ruby 3.1.7) -->


<!DOCTYPE rfc  [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">

]>


<rfc ipr="trust200902" docName="draft-johani-dnsop-dnssec-alg-split-02" category="std" consensus="true" submissionType="IETF" updates="4035, 6840">
  <front>
    <title abbrev="Algorithm-Split DNSSEC">Algorithm-Split DNSSEC: KSK/ZSK Algorithm Separation</title>

    <author fullname="Johan Stenstam">
      <organization>The Swedish Internet Foundation</organization>
      <address>
        <email>johan.stenstam@internetstiftelsen.se</email>
      </address>
    </author>

    <date year="2026" month="July" day="03"/>

    <area>Internet</area>
    <workgroup>DNSOP Working Group</workgroup>
    <keyword>DNSSEC</keyword> <keyword>post-quantum</keyword> <keyword>KSK</keyword> <keyword>ZSK</keyword> <keyword>DNSKEY</keyword> <keyword>transport</keyword>

    <abstract>


<?line 50?>

<t>Post-quantum DNSSEC signature algorithms have much larger keys and/or
signatures than the elliptic-curve algorithms in common use today. The
apex DNSKEY RRset carries the key material for both the KSK and the ZSK,
and grows accordingly; the open question is whether the rest of the zone
must grow with it. Because the KSK's signature appears only on the
DNSKEY RRset, a large KSK -- key and signature both -- costs little
beyond that one RRset. The ZSK's signature, by contrast, appears on
every other RRset, so it is the size of the ZSK signature that governs
the size of ordinary responses. Confining a large algorithm to the KSK,
and using a small-signature algorithm for the ZSK, keeps the cost of the
large algorithm contained in the DNSKEY RRset.</t>

<t>This document specifies the changes that make this pattern safe and
practical. It relaxes the DNSSEC signing rule that requires a zone to be
signed with every algorithm present in the apex DNSKEY RRset, so that an
algorithm used only by a key-signing key need not be applied to the rest
of the zone. It relies on ordinary ZSK rotation to bound the residual
exposure of the ZSK algorithm, and recommends a sequential (rather than
double-signature) model for rolling the ZSK algorithm, so that the rest
of the zone is never doubly signed. Finally, it specifies how a resolver
can use the algorithm number in the parent's DS RRset to recognize a
likely-oversized DNSKEY RRset and select a transport suitable for large
responses, avoiding the truncate-then-retry round trip. This document
updates RFC 4035 and RFC 6840.</t>



    </abstract>

    <note title="About This Document" removeInRFC="true">
      <t>
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-johani-dnsop-dnssec-alg-split/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        Domain Name System Operations Working Group mailing list (<eref target="mailto:dnsop@ietf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/dnsop/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/dnsop/"/>.
      </t>
    </note>


  </front>

  <middle>


<?line 77?>

<section anchor="introduction"><name>Introduction</name>

<t>DNSSEC signature and key sizes are about to grow substantially. The
post-quantum signature algorithms standardized by NIST -- ML-DSA
<xref target="FIPS204"/> and SLH-DSA <xref target="FIPS205"/>, with FN-DSA and others to follow --
have public keys and signatures that are one to two orders of magnitude
larger than the elliptic-curve algorithms (ECDSA, Ed25519) in common use
today. Signing an entire zone with such an algorithm inflates every
RRSIG in the zone, and with it every signed response.</t>

<t>A natural strategy is to accept that some part of a post-quantum zone
must be significantly larger than it is today, and to confine that
growth to the one place where it does the least harm: the apex DNSKEY
RRset, which carries key material and is fetched rarely and then cached.
The way to confine it is to let the KSK and ZSK use disjoint algorithms.
A large-signature algorithm can then be used for the KSK, whose
signature appears only on the DNSKEY RRset, while a small-signature
algorithm is used for the ZSK, which signs every other RRset in the zone
and so governs the size of ordinary responses. The DNSKEY RRset becomes
the only large object in the zone; ordinary query responses remain
small.</t>

<t>Asymmetric key strength between the KSK and ZSK is already common
operational practice -- for example, the longer KSK and shorter ZSK
routinely deployed within a single RSA zone (<xref target="analysis"/>). The KSK/ZSK
strength asymmetry proposed by this document is the same operational
pattern; the only difference is that the asymmetry crosses the
algorithm-number boundary rather than a key-length boundary within a
single algorithm. It is that crossing -- not the strength asymmetry
itself -- that interacts with the completeness rule of <xref target="RFC4035"/> and
motivates the updates in this document.</t>

<t>The deeper motivation is to decouple two requirements a single zone
algorithm must satisfy at once: a KSK's need for long-lived strength and
a ZSK's need for small signatures. Where one algorithm serves both, the
ZSK's small-signature requirement is the binding one, capping the
strength available to a KSK whose signature size is nearly irrelevant.
<xref target="analysis"/> develops this coupling, and the consequences of removing
it, in full.</t>

<t>Algorithm splitting removes that coupling. For the first time it
becomes possible to choose each key's algorithm for the property that
matters most in that key's role -- a strong, long-lived (for example
post-quantum) algorithm for the KSK, whose large signatures are
confined to the DNSKEY RRset, and a small-signature algorithm for the
ZSK, whose signatures appear on every RRset. Seen this way, the
primary effect of this document is not that the ZSK becomes weaker; it
is that the KSK is, for the first time, allowed to be much stronger
than the "fits in a UDP response" constraint would otherwise permit.</t>

<t>This document specifies three changes that together enable this
deployment pattern:</t>

<t><list style="numbers" type="1">
  <t>Distinct algorithms for the KSK and the ZSK (<xref target="p-algsep"/>). DNSSEC's
current signing rules require a zone to be signed with every
algorithm present in the apex DNSKEY RRset. This document relaxes
that rule for an algorithm used solely by a key-signing key, so that
a large KSK algorithm need not be applied to every RRset in the zone.</t>
  <t>A bounded ZSK rotation cadence (<xref target="p-zskcadence"/>). Rolling the ZSK
at an appropriate cadence bounds the window in which a break of the
ZSK algorithm could be exploited. For the intended deployment, in
which the ZSK algorithm is itself PQ-safe, this is an ordinary
rotation schedule; the cadence becomes a tighter security parameter
only in the fallback case where the ZSK algorithm is weaker than the
KSK algorithm (for example a classical ZSK during the transition).</t>
  <t>Using the DS algorithm number to signal a large DNSKEY RRset
(<xref target="p-dssignal"/>). Because the parent's DS RRset carries the child
KSK's algorithm number, a resolver can recognize from the DS alone
that the child's DNSKEY RRset is likely to exceed common UDP
response-size limits, and query it over a transport suitable for
large responses (TCP, DoT, DoQ, or another) directly -- avoiding a
truncated UDP response and the consequent retry.</t>
</list></t>

<t>The three changes work together. The completeness relaxation
(<xref target="p-algsep"/>) makes the deployment pattern possible; the rotation
cadence (<xref target="p-zskcadence"/>) bounds the residual exposure of the ZSK
algorithm; the DS size signal (<xref target="p-dssignal"/>) makes the resulting
transport profile efficient. The safety of the relaxation in
<xref target="p-algsep"/> rests on the structural asymmetry between the KSK and ZSK
roles (see <xref target="security"/>), which holds independently of the cadence;
<xref target="p-zskcadence"/> then bounds whatever residual exposure remains. The DS
size signal (<xref target="p-dssignal"/>) is a pure efficiency optimization that a
resolver may implement or ignore.</t>

</section>
<section anchor="conventions-and-definitions"><name>Conventions and Definitions</name>

<t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>

<?line -18?>

<t>This document uses "key-signing key" (KSK) and "zone-signing key" (ZSK)
in the operational sense of <xref target="RFC6781"/>: a KSK is a key whose role is to
sign the apex DNSKEY RRset and which is referenced by a DS record at the
parent, while a ZSK signs the other RRsets of the zone. This
KSK/ZSK distinction is operational; the DNSSEC protocol itself does not
require it, and the Secure Entry Point (SEP) bit is advisory rather than
normative. The normative conditions in this document do not rely on the
SEP bit; instead, they are expressed in terms of the algorithms present
in the parent DS RRset and the apex DNSKEY RRset (see <xref target="p-algsep"/>).</t>

</section>
<section anchor="analysis"><name>Analysis: Implications and Consequences of Algorithm Splitting</name>

<t>This section is non-normative background: it develops the motivation for
algorithm splitting and works through its consequences. The normative
requirements of this document are in <xref target="p-algsep"/>, <xref target="p-zskcadence"/>, and
<xref target="p-dssignal"/>; a reader interested only in what the document specifies
can proceed directly to <xref target="p-algsep"/>.</t>

<section anchor="decoupling-the-ksk-and-zsk-requirements"><name>Decoupling the KSK and ZSK Requirements</name>

<t>The KSK and the ZSK protect different things and are exposed in
different ways, and the property that matters most differs between the
two roles. For a KSK the decisive property is longevity: it is the
zone's trust anchor, referenced by the parent DS RRset, and the cost of
replacing it is high because the replacement has to be coordinated with
the parent. What an operator wants from a KSK is a key whose
algorithm is strong enough that the key need never be rolled merely
because that algorithm has weakened against advancing cryptanalysis. A
KSK algorithm is also subject to a constraint the operator does not
fully control: the parent must be willing to publish a DS
record for it. Because the secure delegation exists only through the
parent's DS RRset, the parent has effective veto over the child's KSK
algorithm -- a KSK algorithm the parent is unwilling or unable to
publish a DS for cannot anchor the delegation, however suitable it may
be on its own merits. This external, parent-side dependency is unique to
the KSK; it is one expression of the broader fact that the KSK alone is
coupled to the parent, of which the rollover coordination discussed in
<xref target="simplified-rollovers"/> is another. For a ZSK the decisive property is
signature size: it signs every RRset in the zone, so its signature
appears in every signed response, and the binding operational constraint
is that those responses not overflow the UDP size limits that much of
the deployed base still imposes. A ZSK is also cheap to roll -- the
operation is local to the zone -- so a shorter security horizon is
tolerable for it in a way it is not for a KSK.</t>

<t>When a single algorithm has to serve both roles, it must satisfy the
union of both sets of constraints, and the two constraints pull in
opposite directions. The KSK role wants maximum strength and longevity;
the ZSK role wants minimum signature size; and for the post-quantum
algorithms this document is concerned with, strength and size are
strongly correlated -- the conservative, long-lived algorithms tend to
have the largest signatures. In a single-algorithm zone the ZSK
constraint is the binding one: the algorithm must produce small
signatures, and that requirement caps the strength available to the KSK,
even though signature size is nearly irrelevant for a key that signs
only the apex DNSKEY RRset.</t>

<t>This coupling is not fundamental to DNSSEC; it is an artifact of the
completeness rule (see <xref target="p-algsep"/>) requiring one algorithm to cover
the whole zone. Operators already exploit the part of the asymmetry that
fits inside a single algorithm: it is common practice to pair a longer
(stronger) RSA KSK with a shorter RSA ZSK, accepting larger DNSKEY-RRset
signatures in exchange for smaller signatures on the rest of the zone.
Algorithm splitting extends that same, already-accepted asymmetry across
the algorithm-number boundary, so that each role can be served by the
algorithm whose properties match it instead of by a compromise that
serves neither role well.</t>

</section>
<section anchor="dnskey-rrset-size-versus-the-rest-of-the-zone"><name>DNSKEY RRset Size Versus the Rest of the Zone</name>

<t>The reason confining a large algorithm to the KSK is worthwhile is that
the two halves of a signed zone are queried very differently, and only
one of them is on the hot path for ordinary traffic.</t>

<t>The apex DNSKEY RRset carries key material. A large KSK algorithm
inflates it, and inflates the RRSIG the KSK places over it, regardless
of how the rest of the zone is signed. But it is retrieved only once per
DNSKEY TTL per resolver and cached thereafter -- a once-per-TTL-per-cache
cost, not a per-query one -- and <xref target="p-dssignal"/> further reduces even that
by avoiding the truncated-UDP round trip on the initial fetch (the
operational consequences are in <xref target="operational-considerations"/>).</t>

<t>Every other RRset in the zone is signed only by the ZSK. These are the
RRsets returned in answer to ordinary queries -- the bulk of DNS traffic
-- and under algorithm splitting they carry only small ZSK signatures.
An A, AAAA, MX, or TXT response is no larger than it would be in a zone
signed entirely with the small ZSK algorithm. The large algorithm's cost
does not appear anywhere on this path.</t>

<t>Two consequences follow that the rest of this document relies on. First,
the apex DNSKEY RRset of an algorithm-split zone is large by design: its
size is the accepted, deliberate cost of using a strong KSK algorithm,
and it is large whether or not any rollover is in progress. Second,
because the large object is fetched rarely and cached, the size
constraints on the DNSKEY RRset are largely a question of transport and
cache behavior (<xref target="p-dssignal"/>) rather than of per-response overhead.
The transient further enlargement of that same RRset during a KSK
rollover (<xref target="simplified-rollovers"/>) is therefore a second-order effect
on an object whose size has already been accepted.</t>

</section>
<section anchor="per-role-algorithm-choice"><name>Per-Role Algorithm Choice</name>

<t>The practical effect of decoupling the two roles is that, for the first
time, each key's algorithm can be chosen for the property that matters
in that key's role rather than for a compromise between the two.</t>

<t>For the KSK the choice can be governed by strength and longevity. A
conservative algorithm with a long security horizon -- for example a
hash-based scheme whose security rests on the hash function alone -- is
well suited to a trust anchor, and its large signatures are acceptable
because they appear only on the apex DNSKEY RRset
(<xref target="s-root"/> develops this for the root zone). The operator no longer has
to reject such an algorithm merely because its signatures would be too
large to place on every RRset in the zone.</t>

<t>For the ZSK the choice can be governed by signature size. The
small-signature algorithm that keeps ordinary responses within UDP
limits can be selected on its own merits, independently of what the KSK
uses. In the intended deployment this is itself a post-quantum algorithm
with comparatively small signatures; in a transitional deployment it may
still be a classical elliptic-curve algorithm. The profile of
<xref target="p-algsep"/> requires only that the ZSK algorithm differ from the KSK
algorithm, not that it have any particular character, so the set of
usable ZSK algorithms can grow as the post-quantum signature landscape
matures.</t>

<t>Because the profile is expressed in terms of the algorithms present in
the parent DS RRset and the apex DNSKEY RRset, the assignment of an
algorithm to the KSK or the ZSK role is observable from those RRsets
alone and does not depend on the advisory SEP bit (see <xref target="p-algsep"/>).
The two algorithms are distinguished by where they appear and what they
sign, not by a flag.</t>

</section>
<section anchor="simplified-rollovers"><name>Simplified Algorithm Rollovers</name>

<t>An algorithm rollover under the traditional model of <xref target="RFC4035"/> is a
single operation that changes the zone's signing algorithm everywhere
at once. Because one algorithm serves both the KSK and the ZSK role,
that operation inherits the constraints of both roles simultaneously,
and it is expensive for two independent reasons.</t>

<t>The first is parent coordination. Changing the algorithm changes the
KSK, and a new KSK cannot be relied upon until the parent's DS RRset
references it. Establishing the new DS, confirming its publication, and
only then retiring the old KSK is a multi-step exchange with the
parent, whose timing the child operator does not control. CDS and
CDNSKEY (<xref target="RFC7344"/>, <xref target="RFC8078"/>) can automate the parent-side DS
update where the parent supports them, but automated KSK-<em>algorithm</em>
rollover is not yet widely deployed, so in practice this step remains
operator-driven and its duration is effectively unbounded -- a
traditional algorithm rollover is commonly planned over weeks or months.</t>

<t>The second is whole-zone double-signing. The completeness rule requires
that, throughout the rollover window, every RRset in the zone carry a
signature under both the old and the new algorithm. Every authoritative
RRset is therefore enlarged for the full duration of the roll.</t>

<t>The two costs do not even fall on the same role. The unbounded delay is
a property of the KSK side (the parent dependency); the whole-zone size
inflation is a property of the ZSK side (it signs every RRset).
Algorithm splitting separates the single coupled rollover into two
independent ones -- a KSK-algorithm rollover and a ZSK-algorithm
rollover -- and routes each of the two costs to a different one of
them, where it turns out to be acceptable for a reason the other does
not share.</t>

<t>A ZSK-algorithm rollover under the algorithm-split profile is a purely
local operation.
The KSK, the DS, and the parent are not involved: the algorithm in the
parent DS RRset does not change, so there is no parent coordination and
none of the unbounded delay that came with it. Like every ZSK
rollover, its completion time is bounded by a single quantity the zone
operator fully controls -- the signature validity and TTL of the
data signed by the outgoing ZSK -- after which the old algorithm's
signatures have aged out of every cache. With the TTLs typical of
ordinary zone data (hours, not days), the entire rollover, including the
full drain of the old algorithm, completes on the order of a day rather
than months. A ZSK-algorithm rollover is, in short, a different and far
smaller animal than the traditional rollover it descends from, and
there is no operational reason to draw it out.</t>

<t>This rollover can be carried out under either of two models, defined and
compared normatively in <xref target="rollover-models"/>: a <em>sequential</em> model -- the
familiar Pre-Publish ZSK rollover of <xref target="RFC6781"/>, the same one used for
everyday same-algorithm ZSK rolls, applied across the algorithm boundary
-- in which each non-DNSKEY RRset is re-signed in place and carries a
single ZSK signature throughout, and a <em>double-signature</em> model, in
which every RRset carries signatures of both the outgoing and the
incoming algorithm for the whole window. For the large signatures this document is
concerned with, that doubling is exactly the cost the whole approach
exists to avoid, which is why the sequential model is the one
recommended for the ZSK (<xref target="rollover-models"/>).</t>

<t>A KSK-algorithm rollover keeps the existing DNSSEC behavior. During the
window two KSK algorithms are present in the apex DNSKEY RRset (|K| &gt; 1),
and the algorithm-completeness requirement of <xref target="RFC4035"/> therefore
requires that RRset to be signed by both -- a requirement this document
leaves in place for the apex DNSKEY RRset, relaxing it only for
non-DNSKEY RRsets. The transient double-signing of the DNSKEY RRset is
thus the ordinary <xref target="RFC4035"/> rule, not a new burden introduced here.
Because a KSK signs only the apex DNSKEY RRset, that double-signing is
confined to that one RRset and appears nowhere else in the zone; and the
apex DNSKEY RRset is, by the premise of this entire document, already
large, carrying the large KSK algorithm's key material whether or not a
rollover is in progress (<xref target="p-algsep"/>). The rest of the zone is
unaffected.</t>

<t>The net effect is a clean division of labor. The two burdens that made
the traditional algorithm rollover slow and heavy are separated: the
parent dependency stays with the KSK rollover, where the double-signing
it carries is confined to the already-large DNSKEY RRset; and the
whole-zone signing stays with the ZSK rollover, which is now local,
bounded, and need not double-sign the zone at all. Neither resulting
rollover carries both burdens, and each is acceptable on its own terms.</t>

</section>
<section anchor="costs-and-tradeoffs"><name>Costs and Tradeoffs</name>

<t>Algorithm splitting is not free, and the relaxation it depends on gives
up something the completeness rule provided. This subsection names the
costs; each is treated in full, with its security argument, in
<xref target="security"/>.</t>

<t>The first cost is the loss of per-RRset algorithm redundancy: under the
split, non-DNSKEY RRsets carry only ZSK-algorithm signatures, so a
validator can no longer fall back to requiring a stronger second
algorithm on zone data. Its place is taken by the structural
KSK-over-ZSK asymmetry the split preserves, together with the bounded
ZSK rotation of <xref target="p-zskcadence"/> (<xref target="security"/>).</t>

<t>The second cost is a reliance a validator cannot check: nothing in the
DS RRset, the DNSKEY RRset, or the signatures reveals how often -- or
whether -- the ZSK is rolled, so the time-bounded guarantee rests on
operator discipline. This reliance is pre-existing, not introduced here
(<xref target="security"/>).</t>

<t>The third cost is a cross-zone dependency the split makes operationally
visible: a strong child KSK can mask the fact that the parent's
DS-signing key -- typically a classical ZSK -- is the binding strength
of the chain until the parent itself transitions
(<xref target="cross-zone-dependency"/>).</t>

</section>
</section>
<section anchor="p-algsep"><name>Distinct Algorithms for the KSK and the ZSK</name>

<section anchor="the-current-rule"><name>The Current Rule</name>

<t>Section 2.2 of <xref target="RFC4035"/>, as restated in Section 5.11 of <xref target="RFC6840"/>,
governs which algorithms must be used to sign a zone. On the signer
side: "The zone <bcp14>MUST</bcp14> also be signed with each algorithm (though not each
key) present in the DNSKEY RRset." In other words, every RRset in the
zone must carry a signature from each algorithm appearing in the apex
DNSKEY RRset.</t>

<t>If the apex DNSKEY RRset contains a large-algorithm KSK and a
small-algorithm ZSK, this rule requires every RRset in the zone to carry
a large-algorithm signature, which defeats the purpose of confining the
large algorithm to the KSK.</t>

</section>
<section anchor="the-change-signer-side"><name>The Change (Signer Side)</name>

<t>This document updates the signer-side requirement of <xref target="RFC4035"/> and
<xref target="RFC6840"/> as follows. A zone <bcp14>MAY</bcp14> be signed under the following
<em>algorithm-split profile</em>. Let K be the set of algorithms appearing in
the parent DS RRset for the zone, and let Z be a non-empty set of
algorithms disjoint from K (K and Z share no algorithm). The profile
holds when:</t>

<t><list style="symbols">
  <t>The apex DNSKEY RRset of the zone contains at least one key of each
algorithm in K and at least one key of each algorithm in Z.</t>
  <t>The apex DNSKEY RRset <bcp14>MUST</bcp14> be signed by every algorithm in K. It <bcp14>MAY</bcp14>
additionally be signed by one or more algorithms in Z.</t>
  <t>Every non-DNSKEY authoritative RRset in the zone <bcp14>MUST</bcp14> be signed by at
least one algorithm in Z and <bcp14>MUST NOT</bcp14> be required to be signed by any
algorithm in K. In the steady state |Z| = 1, "at least one algorithm
in Z" is the single ZSK algorithm, so every such RRset is signed by
it. The case |Z| &gt; 1 arises only during a ZSK-algorithm rollover and
is governed by <xref target="p-zskcadence"/>; whether every RRset must carry every
algorithm in Z during that window depends on the rollover model in
use, and this profile does not by itself require it.</t>
</list></t>

<t>Within this profile, the algorithms in K play the role of KSK
algorithms and the algorithms in Z play the role of ZSK algorithms.
K and Z are disjoint by definition; no single algorithm can
simultaneously serve as a KSK algorithm and a ZSK algorithm in this
profile. The profile is defined entirely in terms of the contents of
the parent DS RRset and the apex DNSKEY RRset, so that compliance can
be checked without reference to the (advisory) SEP bit.</t>

<t>The common steady-state case has |K| = |Z| = 1 (a single KSK algorithm
A and a single ZSK algorithm B, with A != B). |K| &gt; 1 corresponds to
a KSK-algorithm rollover (the zone is transitioning between two KSK
algorithms, both of which appear in the parent DS RRset and the apex
DNSKEY RRset during the rollover window; the apex DNSKEY RRset is then
signed by both KSK algorithms, as the algorithm-completeness rule of
<xref target="RFC4035"/> requires and this document retains for the DNSKEY RRset,
see <xref target="simplified-rollovers"/>). |Z| &gt; 1 corresponds to a ZSK-algorithm
rollover, during which more than one ZSK algorithm is present in the
apex DNSKEY RRset. How the non-DNSKEY RRsets are signed across that
window -- whether each carries every ZSK algorithm at once
(double-signature) or the algorithms are rolled sequentially and the
outgoing algorithm's signatures are allowed to drain from caches -- is a
property of the rollover model rather than of the profile, and is
specified in <xref target="p-zskcadence"/>. The profile itself requires only that
each non-DNSKEY RRset carry at least one algorithm in Z at every instant
during the window.</t>

<t>The profile is defined in terms of algorithm separation alone; it does
not assume any particular character for either algorithm. In the
intended deployment both algorithms are post-quantum -- a strong,
long-lived KSK algorithm paired with a ZSK algorithm whose signatures
are small enough to be acceptable on every RRset in the zone. The
profile applies equally in a transitional deployment where the KSK
algorithm is post-quantum but the ZSK algorithm is still a classical
elliptic-curve algorithm. As the set of standardized post-quantum
signature algorithms grows, the profile is expected to admit an
increasing range of ZSK choices; the strength of the chosen ZSK
algorithm against future cryptanalysis informs only the cadence
requirement of <xref target="p-zskcadence"/>, not the structural shape of the
profile itself.</t>

<t>A zone that does not match this profile remains subject to the existing
completeness rule of <xref target="RFC4035"/> Section 2.2 and <xref target="RFC6840"/> Section
5.11.</t>

</section>
<section anchor="the-change-validator-side"><name>The Change (Validator Side)</name>

<t>This document also updates the validator-side behavior of <xref target="RFC4035"/>
and <xref target="RFC6840"/>. When a validator processes a zone whose parent DS and
apex DNSKEY RRsets match the algorithm-split profile of the preceding
section, with KSK-algorithm set K and ZSK-algorithm set Z, the
validator:</t>

<t><list style="symbols">
  <t><bcp14>MUST</bcp14> validate the apex DNSKEY RRset using a signature of some
algorithm in K (the algorithms present in the parent DS RRset), as
required by the existing chain-of-trust rules.</t>
  <t><bcp14>MUST</bcp14> validate non-DNSKEY RRsets of the zone using signatures of some
algorithm in Z.</t>
  <t><bcp14>MUST NOT</bcp14> treat the zone as Bogus solely because non-DNSKEY RRsets lack
signatures of any algorithm in K.</t>
</list></t>

<t>A validator that supports some algorithm in K but no algorithm in Z
treats the zone as it would any zone whose data signatures are in an
unsupported algorithm (see Section 5.2 of <xref target="RFC4035"/>). A validator
that supports no algorithm in K treats the delegation as Insecure, as
today.</t>

<t>The validator-side update is essential. Without it, a strict reading
of the existing completeness rules would cause a conforming validator
to mark every algorithm-split zone as Bogus. Implementations that
support this document <bcp14>MUST</bcp14> therefore implement the relaxation on both
the signer and validator sides.</t>

<t>This relaxation is defined structurally, in terms of the parent DS and
apex DNSKEY contents alone, and does not depend on which algorithms
appear in K. A validator <bcp14>MAY</bcp14> nonetheless apply a stricter local policy
-- for example, accepting the relaxation only when the KSK algorithm is
in an operator-configured set. This is additive local caution, not a
change to the acceptance rule defined here, and is analogous to the
algorithm denylists validators may already maintain; like the
classifier of <xref target="p-dssignal"/>, it is best expressed as a compiled-in
default that the operator can override.</t>

</section>
</section>
<section anchor="p-zskcadence"><name>Bounded ZSK Rotation Cadence</name>

<section anchor="what-the-cadence-bound-does"><name>What the Cadence Bound Does</name>

<t>The safety of the completeness relaxation rests on the structural
asymmetry between the KSK and ZSK roles, derived in <xref target="security"/>: an
adversary who breaks the ZSK algorithm cannot substitute a ZSK of their
own without also forging a KSK-algorithm signature. That argument holds
regardless of how often the ZSK is rolled. What the rotation cadence
adds is a bound on the <em>residual</em> exposure -- the window during which a
break of the ZSK algorithm could be used to forge data that validates
against a currently published ZSK.</t>

<t>For readability the rest of this section describes the steady-state case
|K| = |Z| = 1 with KSK algorithm A and ZSK algorithm B; the argument
extends directly to rollover windows where K or Z is larger, in which
case every algorithm in K plays the role of A and every algorithm in Z
plays the role of B.</t>

<t>The KSK algorithm A and the ZSK algorithm B occupy distinct positions
in a fixed chain of trust:</t>

<t><list style="numbers" type="1">
  <t>The parent DS RRset, validated by the parent's own chain of trust,
authenticates the child's KSK (algorithm A).</t>
  <t>The KSK signs the apex DNSKEY RRset, authenticating the ZSK
(algorithm B) as key material.</t>
  <t>The ZSK signs the non-DNSKEY RRsets of the zone.</t>
</list></t>

<t>The effect of the split is that the KSK -- the trust anchor for the
zone, referenced by the parent DS -- can be given a stronger,
longer-lived algorithm than was previously possible, because its
signature size no longer has to fit the constraints of the ZSK role.
The ZSK is not made weaker by this; it keeps whatever strength it would
have had anyway. What changes is that the ZSK signature no longer has a
same-strength KSK-algorithm signature sitting alongside it on every
RRset.</t>

<t>An adversary who breaks the ZSK algorithm can forge signatures that
validate against a currently published ZSK, but cannot substitute a ZSK
of their own choosing without forging a KSK-algorithm signature on the
apex DNSKEY RRset -- which the upgraded KSK is chosen to resist. The
adversary's forgery window is therefore bounded by the lifetime of any
individual ZSK. Bounding that lifetime is the role of the rotation
cadence.</t>

<t>This is not a new obligation invented by this document. The completeness
rule of <xref target="RFC4035"/> never prevented this scenario on its own:
<xref target="RFC6840"/> Section 5.11 already permits a validator to validate using
any single supported algorithm. What completeness did do was make a
second-algorithm signature available on every RRset, so a validator that
supported it <em>could</em> choose to require it. The algorithm-split profile
makes that fallback unnecessary rather than unavailable: the ZSK is held
at a strength the operator already trusts, and its exposure is bounded
by ordinary rotation instead of by signature redundancy.</t>

</section>
<section anchor="the-requirement"><name>The Requirement</name>

<t>A zone signed under the algorithm-split profile of <xref target="p-algsep"/> <bcp14>SHOULD</bcp14>
roll its ZSK at a cadence T appropriate to the threat estimate against
the ZSK algorithm. T is intentionally not a fixed value in this
document, because the appropriate value depends on the chosen ZSK
algorithm and on cryptanalytic progress, neither of which can be fixed
at the time of writing. The safety of the completeness relaxation does
not depend on this cadence (it rests on the structural argument of
<xref target="security"/>); the cadence bounds the residual exposure of the ZSK
algorithm, and matters most in the fallback case below.</t>

<t>For the intended deployment, in which the ZSK algorithm is itself
PQ-safe (see <xref target="p-algsep"/>), the appropriate cadence is an ordinary
rotation schedule -- the months-scale intervals that current operational
practice already supports -- because the ZSK algorithm is not expected
to be broken within the operational lifetime of any individual key. The
cadence becomes a tighter security parameter only in the fallback case
where the ZSK algorithm is materially weaker than the KSK algorithm (for
example a classical ZSK retained during the transition); there, T should
be reduced as the threat estimate against that algorithm sharpens.</t>

<t>The appropriate value of T is a matter of operator security policy,
informed by external threat tracking -- for example, the post-quantum
cryptanalysis guidance of the IETF (notably the Crypto Forum Research
Group) and of national bodies such as NIST's post-quantum cryptography
project -- rather than fixed by this document. Operationally, T is
expressed as the ZSK effectivity period and realized using the
established key-rollover machinery of <xref target="RFC6781"/> and the
rollover-timing parameters of <xref target="RFC7583"/>.</t>

<t>Signing implementations (including BIND, Knot, Cascade, and others)
are expected to encode per-algorithm minimum cadences as
policy and may refuse to operate a zone under the algorithm-split
profile with a ZSK lifetime exceeding those minima. Such policies are
out of scope for this document, which only recommends that <em>some</em>
appropriate cadence be applied.</t>

</section>
<section anchor="rollover-models"><name>ZSK-Algorithm Rollover Models</name>

<t>A ZSK-algorithm rollover -- a roll in which the incoming ZSK uses a
different algorithm than the outgoing one -- can be carried out under
either of two models. The motivation for distinguishing them, and the
analysis that favors the first, is in <xref target="simplified-rollovers"/>; this
subsection states the normative recommendation.</t>

<t>The <em>sequential</em> model is not a new rollover scheme. It is the
Pre-Publish Zone Signing Key Rollover of <xref target="RFC6781"/> (Section 4.1.1.1)
-- the long-established method operators already use for ordinary
same-algorithm ZSK rolls -- applied unchanged to the case where the
incoming key's algorithm differs from the outgoing one. The incoming ZSK
is first published in the apex DNSKEY RRset; it then becomes active (i.e.
used for signing) and re-signs each RRset, replacing the outgoing key's
signature on it, and the outgoing key follows the usual retired-state
handling -- it remains in the DNSKEY RRset until the signatures it made
have drained from caches, then is removed. Each non-DNSKEY RRset carries
a single ZSK signature throughout; no RRset is required to carry
signatures of both algorithms at once. The only departure from an
everyday ZSK roll is that the pre-published key introduces a second
<em>algorithm</em> into the DNSKEY RRset. Under a strict reading of the
completeness rule that alone would have obliged every RRset to carry a
signature under the new algorithm at once -- which is why <xref target="RFC6781"/>
(Section 4.1.4) reaches for a double-signature algorithm rollover
instead -- and lifting that obligation is precisely what the relaxation
of <xref target="p-algsep"/> does. The operational mechanics of Pre-Publish are
otherwise unaltered.</t>

<t>In the <em>double-signature</em> model every non-DNSKEY RRset is signed by both
the outgoing and the incoming ZSK algorithm for the whole rollover
window, and the outgoing algorithm is withdrawn only after every RRset
also carries an incoming-algorithm signature. This is the conservative
algorithm rollover that <xref target="RFC6781"/> (Section 4.1.4) prescribes, here
applied to the ZSK; it doubles the signature on every RRset for the
duration of the window.</t>

<t>An implementation of the algorithm-split profile <bcp14>SHOULD</bcp14> use the
sequential model for ZSK-algorithm rollovers and <bcp14>MAY</bcp14> use the
double-signature model. The sequential model is <bcp14>RECOMMENDED</bcp14> because the
validation correctness of the rollover does not depend on per-RRset
algorithm redundancy (a validator validates with any single supported
ZSK algorithm; see <xref target="security"/>), because the operation is local and its
duration is bounded by the operator alone (<xref target="simplified-rollovers"/>),
and because for the large signatures this document is concerned with the
double-signature model imposes exactly the per-RRset size cost the
algorithm-split profile exists to avoid. The contrast with the KSK side
is deliberate: a KSK-algorithm rollover retains the <xref target="RFC4035"/>
algorithm-completeness requirement and double-signs the apex DNSKEY
RRset (<xref target="simplified-rollovers"/>), because there the doubling is confined
to that single, already-large RRset; for the ZSK the same doubling would
fall on every RRset in the zone, which is why completeness is relaxed
for non-DNSKEY data and the sequential model is recommended.</t>

<t>The sequential model does give up one property the double-signature
model preserves. During the rollover window a validator that supports
only one of the two ZSK algorithms can transiently fail to validate
non-DNSKEY RRsets that bear only the other algorithm's signature,
whereas under the double-signature model every RRset carries both
signatures throughout and any single supported algorithm suffices. This
does not change the end state: once the rollover completes, the zone is
signed solely by the incoming algorithm, which a validator must support
to validate the zone's data at all. For a validator whose only supported
ZSK algorithm is the one being retired, the sequential model therefore
makes an otherwise-inevitable loss of validation gradual rather than
introducing a failure the double-signature model would have prevented.</t>

<t>The double-signature model remains available for operators who require
maintained per-RRset redundancy across the rollover window for
local-policy reasons; it is correct, merely larger and slower.</t>

<t>A validator <bcp14>MUST</bcp14> accept a zone undergoing either model, since both
satisfy the profile requirement that each non-DNSKEY RRset carry at
least one algorithm in Z at every instant (<xref target="p-algsep"/>); the choice of
model is not observable to, and places no obligation on, the validator.</t>

</section>
<section anchor="the-parents-signature-on-the-child-ds-is-part-of-the-argument"><name>The Parent's Signature on the Child DS Is Part of the Argument</name>

<t>The chain-of-trust argument in <xref target="p-zskcadence"/> assumes that the
parent's DS RRset is authentic. That authenticity rests on the key
with which the parent signs the child's DS RRset -- typically the
parent's ZSK, though a parent operating with a CSK signs with that key
instead. If an adversary can forge that signature, the adversary can
substitute the child's DS, and thereby the child's KSK; the child's
KSK-algorithm protection then provides no benefit.</t>

<t>This is a general property of DNSSEC: a zone is no more trustworthy
than the weakest link between it and the trust anchor. The relevant
property of the parent is therefore the strength of the key signing
the child DS RRset against the threat -- a function of both that
key's algorithm and the cadence at which the parent rolls it. A
parent that signs with a strong algorithm needs to roll only at the
normal operational cadence; a parent that signs with a weaker
algorithm needs to roll faster, to bound the window in which a future
cryptanalytic break against that algorithm could be exploited.
Either way, the obligation is on the parent's own configuration,
independent of whether any particular child uses the algorithm-split
profile. <xref target="s-root"/> discusses the special case of
the root zone.</t>

</section>
</section>
<section anchor="p-dssignal"><name>DS Algorithm Number as a Size Signal for the DNSKEY RRset</name>

<section anchor="the-truncation-round-trip"><name>The Truncation Round Trip</name>

<t>When a resolver validates a delegation, it retrieves the child's DNSKEY
RRset. If the KSK uses a large algorithm, the DNSKEY RRset together
with its RRSIG commonly exceeds the EDNS(0) UDP response size that has
become a de facto ceiling in much of the deployed base (frequently 1232
octets). A UDP query for such a DNSKEY RRset returns a truncated
response with the TC bit set, and the resolver must repeat the query
over a connection-oriented transport. This costs an extra round trip
and a handshake on the first validation of the zone.</t>

</section>
<section anchor="resolver-behavior"><name>Resolver Behavior</name>

<t>A resolver that has obtained a child's DS RRset <bcp14>MAY</bcp14> use the algorithm
number(s) in that DS RRset to decide how to query the child DNSKEY
RRset. If the resolver recognizes a DS algorithm as one whose keys and
signatures are large enough that the DNSKEY RRset is likely to exceed
its UDP response-size limit, the resolver <bcp14>SHOULD</bcp14> query the DNSKEY RRset
directly over a transport it expects to handle a large response,
rather than first attempting UDP and incurring a truncated response.</t>

<t>This document deliberately does not name a specific transport. A
resolver may use TCP, DNS-over-TLS, DNS-over-QUIC, or any other
transport it considers suitable for large responses. The choice of
transport is a local matter and is expected to evolve as the transport
landscape evolves; this document defines the <em>signal</em> but not the
response to it.</t>

<t>This is a local optimization. It changes neither the wire format nor
the validation outcome. A resolver that does not implement it simply
experiences the existing UDP-then-fallback behavior.</t>

</section>
<section anchor="identifying-large-algorithms"><name>Identifying Large Algorithms</name>

<t>To apply this signal a resolver needs to map an algorithm number to the
property "the DNSKEY RRset is likely too large for UDP."</t>

<t>A compiled-in default set of algorithm numbers that are classified as
"large" is a reasonable starting point, and resolver implementations
are expected to ship such a default reflecting the algorithms known at
the time of release.</t>

<t>A compiled-in default is not sufficient on its own. Until the set of
post-quantum DNSSEC algorithms in operational use has stabilized -- a
process that will include experimentation, including through the
experimental algorithm range suggested by
<xref target="I-D.johani-dnsop-dnssec-alg-experimental-range"/> -- resolver
implementations <bcp14>SHOULD</bcp14> provide a configuration mechanism that allows
the operator to override the compiled-in classification.</t>

</section>
<section anchor="limitations"><name>Limitations</name>

<t>The DS algorithm number reflects the KSK algorithm only. The signal is
reliable when the KSK is the large component of the DNSKEY RRset, which
is exactly the deployment of <xref target="p-algsep"/>. If a zone instead paired a
small KSK algorithm with a large ZSK algorithm, the DNSKEY RRset could
still be large while the DS signaled a small algorithm; the signal would
be a false negative and the resolver would fall back to the existing
UDP-then-fallback behavior. A false positive (treating a small DNSKEY
RRset as large) causes only an unnecessary use of a large-capable
transport and never affects correctness.</t>

</section>
</section>
<section anchor="s-root"><name>The Root Zone</name>

<t>The root zone is the most exposed zone in DNSSEC: its KSK is a trust
anchor for the entire namespace, and its ZSK signs the DS RRsets of
every TLD. The mechanisms of this document apply to the root zone with
particular force. This section is a worked example: it illustrates how
<xref target="p-algsep"/>, <xref target="p-zskcadence"/>, and <xref target="p-dssignal"/> apply at the root,
and recommends a deployment profile. The normative requirements of
<xref target="p-algsep"/> and <xref target="p-zskcadence"/> continue to apply; the
recommendations in this section are non-normative, with the
exception of the resolver-transport recommendation in
<xref target="s-root-transport"/>, which restates a <bcp14>SHOULD</bcp14> applicable to resolvers
generally.</t>

<section anchor="root-ksk"><name>Root KSK</name>

<t>The root KSK <bcp14>SHOULD</bcp14> use a post-quantum algorithm with conservative
security properties. Hash-based signature schemes such as those of
<xref target="FIPS205"/> are well-suited to this role because their security rests
on the hash function alone, with no algebraic structure to attack.
Concrete instantiations such as SLH-DSA-128s offer small public keys
and very long-lived security at the cost of large signatures -- a
trade-off that is acceptable for a key whose signature appears only on
the apex DNSKEY RRset.</t>

</section>
<section anchor="root-zsk"><name>Root ZSK</name>

<t>The root ZSK <bcp14>SHOULD</bcp14> also use a post-quantum algorithm, but one with
smaller signatures than the root KSK algorithm. The algorithm-split
profile of <xref target="p-algsep"/> does not require the ZSK algorithm to be
classical; it requires only that it differ from the KSK algorithm.
Selecting a post-quantum ZSK algorithm with comparatively smaller
signatures (examples in the current literature include some
multivariate constructions, with MAYO as one candidate among others)
keeps DS responses and other root-zone responses within a manageable
size envelope while still providing post-quantum integrity for root
zone data.</t>

<t>Naming a specific algorithm is out of scope for this document; the
recommendation is that the root ZSK algorithm be (a) post-quantum and
(b) substantially smaller in signature size than the root KSK
algorithm.</t>

</section>
<section anchor="root-zsk-rotation-cadence"><name>Root ZSK Rotation Cadence</name>

<t>The root zone has on the order of a thousand delegations and a small,
well-resourced operational team; its ZSK rotation cadence is not
limited by signing throughput. Given the root's role as the apex of
every DNSSEC trust chain, and the cross-dependency discussed in
<xref target="p-zskcadence"/>, the strength of the key signing DS RRsets in the
root zone is a security parameter of every zone in the tree. That
strength is the combination of the algorithm used and the cadence at
which the key is rolled. The root zone operators have historically
chosen and managed the root ZSK with this combined strength in mind,
and are expected to continue doing so as threat estimates evolve.</t>

</section>
<section anchor="s-root-transport"><name>Transport for Root Queries</name>

<t>The root zone is a special case for the DS-based size signal of
<xref target="p-dssignal"/>: by construction it has no parent, so no DS RRset
exists from which a resolver could learn that the root's KSK uses an
algorithm with large signatures. The size-signal logic of
<xref target="p-dssignal"/> therefore does not apply to root queries.</t>

<t>This document takes a forward-looking position: well in advance of
any rollover of the root zone to a PQ-safe algorithm with large
signatures, resolvers <bcp14>SHOULD</bcp14> adopt a transport suitable for large
responses (TCP, DoT, DoQ, or another) for all queries to the root
zone, rather than UDP/53. Resolvers make relatively few distinct
queries to the root zone in steady state, so the per-query cost of
doing this for all root queries is small in aggregate, and the
transition to a large-signature root then becomes operationally
invisible to resolvers that have already moved their root traffic
off UDP/53. A coordinated truncation event affecting the entire
resolver population at the moment of a root rollover to a
large-signature algorithm is thereby avoided.</t>

<t>A consequence of the preceding paragraph is that the size constraints
on the root zone are largely a question of cache and bandwidth, not of
UDP truncation. The root <bcp14>MAY</bcp14> therefore use larger DS-RRset signatures
than would be acceptable for a zone served predominantly over UDP.</t>

</section>
</section>
<section anchor="operational-considerations"><name>Operational Considerations</name>

<t>The large DNSKEY RRset of an algorithm-split zone is retrieved and
validated once per DNSKEY-TTL per resolver and then cached; subsequent
queries for ordinary zone data return small, ZSK-signed responses
that fit comfortably in UDP. The large object is thus a
once-per-TTL-per-cache cost, which <xref target="p-dssignal"/> further reduces by
avoiding the truncated-UDP round trip.</t>

<t>A KSK-algorithm rollover transiently enlarges the DNSKEY RRset further,
as it must carry both KSK algorithms and a signature from each during
the rollover window. Operators should account for this when sizing
transport expectations.</t>

<t>A validator that does not support the KSK algorithm cannot follow the
DS-based chain of trust and treats the delegation as Insecure, exactly
as for any rollout of a new algorithm. Deploying a large or
post-quantum KSK therefore has the same backward-compatibility profile
as introducing any new DNSSEC algorithm.</t>

<t>The ZSK rotation cadence recommended in <xref target="p-zskcadence"/> interacts with
cache TTLs, key-management automation, and HSM throughput. Operators
adopting the algorithm-split profile <bcp14>SHOULD</bcp14> verify that their
operational pipeline can sustain the chosen cadence before deploying
the profile.</t>

</section>
<section anchor="security"><name>Security Considerations</name>

<section anchor="why-the-completeness-relaxation-is-safe"><name>Why the Completeness Relaxation Is Safe</name>

<t>The DNSSEC algorithm-completeness rule of <xref target="RFC4035"/> Section 2.2
and <xref target="RFC6840"/> Section 5.11 exists to prevent algorithm-downgrade
attacks in deployments where multiple algorithms play <em>peer</em> roles:
each algorithm is independently capable of authenticating zone data,
and an attacker who breaks the weaker of two peers can forge data
and strip signatures from the stronger one. Completeness ensures
that every RRset is independently protected under every algorithm a
validator might choose, and operator policy can require validation
under the strongest available algorithm.</t>

<t>In the algorithm-split profile of <xref target="p-algsep"/>, the KSK-side and
ZSK-side algorithms are <em>not</em> peers. They occupy distinct,
structurally asymmetric roles in a fixed chain of trust: the parent DS
authenticates the KSK, the KSK authenticates the ZSK, and the ZSK signs
zone data. An adversary who breaks the ZSK algorithm cannot substitute
a ZSK of their own choosing without also forging a KSK-algorithm
signature on the apex DNSKEY RRset -- and the KSK algorithm is, under
this profile, chosen to be strong precisely because the split frees it
from the ZSK's size constraint. The peer-role downgrade that
completeness was designed to prevent therefore does not apply: the
algorithms are not peers, and the algorithm protecting the
chain-of-trust step is the stronger of the two, not the weaker. This
structural argument is the basis for the safety of the relaxation, and
it holds independently of how often the ZSK is rolled.</t>

<t>The relaxation does change one thing. Where every RRset previously
carried signatures from every DNSKEY-RRset algorithm, a validator that
supported the stronger algorithm <em>could</em> choose to require it on zone
data and thereby refuse any forgery made under a weaker one. Under the
split, zone data carries only ZSK-algorithm signatures, so that
particular fallback is no longer available. Its place is taken by
bounding the ZSK's exposure through rotation (<xref target="p-zskcadence"/>): the ZSK
is held at a strength the operator already trusts, and the window in
which a break of it could be exploited is bounded by the ZSK lifetime
rather than by signature redundancy. For the intended PQ-safe ZSK this
is an ordinary rotation schedule.</t>

</section>
<section anchor="what-the-validator-can-and-cannot-verify"><name>What the Validator Can and Cannot Verify</name>

<t>The time-bounded guarantee of <xref target="p-zskcadence"/> rests on the zone
operator actually rolling the ZSK at an appropriate cadence. A validator
cannot verify this: nothing in the DS RRset, the DNSKEY RRset, or the
signatures reveals how often the ZSK is rolled, or whether it is ever
rolled at all. The relaxation therefore asks the validator to accept
ZSK-signed data on the strength of an operator obligation it cannot
check.</t>

<t>This is not a new property introduced by this document. A validator
has never been able to observe an operator's key-rotation behaviour,
and in practice a large fraction of signed zones roll their keys rarely
or never -- historically because rolling was perceived as difficult or
risky, and operationally because nothing forces it. The absolute
forgery-window bound that completeness is sometimes credited with was,
for those zones, already unrealised: it required both that the operator
maintain genuine multi-algorithm coverage and that a validator choose
to demand the stronger algorithm. Against that real-world baseline, a
diligently rolled ZSK under <xref target="p-zskcadence"/> is <em>stronger</em>, not weaker,
than the prevailing practice.</t>

</section>
<section anchor="the-zsk-need-not-be-the-weak-link"><name>The ZSK Need Not Be the Weak Link</name>

<t>Some of the language in <xref target="p-zskcadence"/>, and the threat model below,
analyses the demanding case in which the ZSK algorithm is materially
weaker than the KSK algorithm -- typically a classical ZSK (ECDSA,
Ed25519) paired with a post-quantum KSK. The intended deployment is not
that case. The expectation is that the ZSK algorithm is itself
post-quantum, with a security margin comparable to the long-lived
classical keys (such as 2048-bit or larger RSA) that are, in practice,
rarely or never rolled today -- chosen for the "ZSK property" of small
signatures rather than for a short security horizon.</t>

<t>When the ZSK is that strong, the cadence recommendation of
<xref target="p-zskcadence"/> is a conservative margin rather than the sole barrier
to forgery, and the net effect of the profile is almost entirely on the
other side of the split: it lets the KSK, for the first time, be chosen
for strength and longevity instead of being held down to the ZSK's
size constraint. The proposal is better understood as a gain in
trust-anchor strength than as a concession in ZSK strength. (The
cross-zone dependency of <xref target="cross-zone-dependency"/> still applies: until
a zone's parent transitions, the strength of the parent's DS-signing
key, not the child's KSK, caps the chain.)</t>

</section>
<section anchor="threat-model-for-the-transition"><name>Threat Model for the Transition</name>

<t>In the intended deployment both the KSK and the ZSK use PQ-safe
algorithms (the KSK a strong, long-lived one; the ZSK one with small
signatures). Against the arrival of a cryptographically relevant
quantum computer (CRQC), both the trust anchor and bulk zone data are
then protected, and the ZSK rotation cadence is an ordinary schedule
that bounds residual exposure as a margin.</t>

<t>The more demanding case is a transitional one, in which the KSK has
already been upgraded to a PQ-safe algorithm but the ZSK is still a
classical algorithm such as ECDSA or Ed25519. It is worth working
through explicitly, because a profile that is safe here is safe a
fortiori when the ZSK is also PQ-safe. The relevant threat is a CRQC
capable of breaking the classical ZSK algorithm. Under that threat:</t>

<t><list style="symbols">
  <t>Long-term data integrity for non-DNSKEY RRsets is not provided in
this transitional case; an attacker with a CRQC can forge ZSK-signed
data within the window of a published ZSK's lifetime. The
<xref target="p-zskcadence"/> cadence bounds this window, which is why the cadence
matters most in exactly this case.</t>
  <t>Long-term trust-anchor integrity <em>is</em> provided, because the KSK
algorithm is chosen to resist a CRQC. A validator with a stable
PQ-safe trust anchor retains the ability to detect substituted KSKs
across time.</t>
  <t>The combination is therefore appropriate even as an early transition
step: it upgrades the longest-lived element (the trust anchor) first,
and exercises large-key handling, transport, and operational tooling,
while full protection of bulk zone data against a CRQC follows once
the ZSK is also PQ-safe (as discussed for the root in <xref target="s-root"/>).</t>
</list></t>

</section>
<section anchor="cross-zone-dependency"><name>Cross-Zone Dependency</name>

<t><xref target="p-zskcadence"/> establishes that a child zone in the algorithm-split
profile is no more secure than the parent's signature on its DS
RRset. This is a general DNSSEC property and not a novel weakness,
but the algorithm-split profile makes it operationally visible: a
child KSK that uses a strong post-quantum algorithm can give the
misleading impression that the child is post-quantum-secure
end-to-end, when in fact the parent's DS-signing key -- typically a
classical ZSK -- remains the binding strength of the chain until the
parent itself transitions.</t>

<t>The operational implication: a parent whose children adopt the
algorithm-split profile <bcp14>SHOULD</bcp14> treat the strength of its DS-signing
key (algorithm and rotation cadence together) as a security
parameter of those children, not solely of itself.</t>

</section>
<section anchor="transport-signal"><name>Transport Signal</name>

<t>The DS-based size signal of <xref target="p-dssignal"/> is a transport optimization
with no effect on validation. A misjudgment about an algorithm's size
results only in an unnecessary use of a large-capable transport, or in
a fallback to the existing UDP-then-fallback behavior; it cannot affect
whether data validates.</t>

</section>
</section>
<section anchor="iana"><name>IANA Considerations</name>

<t>This document requires no IANA action. <xref target="p-algsep"/> and
<xref target="p-zskcadence"/> update the signing and validation rules of
<xref target="RFC4035"/> and <xref target="RFC6840"/>, and <xref target="p-dssignal"/> is a resolver-side
local optimization.</t>

</section>


  </middle>

  <back>


<references title='References' anchor="sec-combined-references">

    <references title='Normative References' anchor="sec-normative-references">



<reference anchor="RFC4035">
  <front>
    <title>Protocol Modifications for the DNS Security Extensions</title>
    <author fullname="R. Arends" initials="R." surname="Arends"/>
    <author fullname="R. Austein" initials="R." surname="Austein"/>
    <author fullname="M. Larson" initials="M." surname="Larson"/>
    <author fullname="D. Massey" initials="D." surname="Massey"/>
    <author fullname="S. Rose" initials="S." surname="Rose"/>
    <date month="March" year="2005"/>
    <abstract>
      <t>This document is part of a family of documents that describe the DNS Security Extensions (DNSSEC). The DNS Security Extensions are a collection of new resource records and protocol modifications that add data origin authentication and data integrity to the DNS. This document describes the DNSSEC protocol modifications. This document defines the concept of a signed zone, along with the requirements for serving and resolving by using DNSSEC. These techniques allow a security-aware resolver to authenticate both DNS resource records and authoritative DNS error indications.</t>
      <t>This document obsoletes RFC 2535 and incorporates changes from all updates to RFC 2535. [STANDARDS-TRACK]</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="4035"/>
  <seriesInfo name="DOI" value="10.17487/RFC4035"/>
</reference>
<reference anchor="RFC2119">
  <front>
    <title>Key words for use in RFCs to Indicate Requirement Levels</title>
    <author fullname="S. Bradner" initials="S." surname="Bradner"/>
    <date month="March" year="1997"/>
    <abstract>
      <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="14"/>
  <seriesInfo name="RFC" value="2119"/>
  <seriesInfo name="DOI" value="10.17487/RFC2119"/>
</reference>
<reference anchor="RFC8174">
  <front>
    <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
    <author fullname="B. Leiba" initials="B." surname="Leiba"/>
    <date month="May" year="2017"/>
    <abstract>
      <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="14"/>
  <seriesInfo name="RFC" value="8174"/>
  <seriesInfo name="DOI" value="10.17487/RFC8174"/>
</reference>
<reference anchor="RFC6840">
  <front>
    <title>Clarifications and Implementation Notes for DNS Security (DNSSEC)</title>
    <author fullname="S. Weiler" initials="S." role="editor" surname="Weiler"/>
    <author fullname="D. Blacka" initials="D." role="editor" surname="Blacka"/>
    <date month="February" year="2013"/>
    <abstract>
      <t>This document is a collection of technical clarifications to the DNS Security (DNSSEC) document set. It is meant to serve as a resource to implementors as well as a collection of DNSSEC errata that existed at the time of writing.</t>
      <t>This document updates the core DNSSEC documents (RFC 4033, RFC 4034, and RFC 4035) as well as the NSEC3 specification (RFC 5155). It also defines NSEC3 and SHA-2 (RFC 4509 and RFC 5702) as core parts of the DNSSEC specification.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="6840"/>
  <seriesInfo name="DOI" value="10.17487/RFC6840"/>
</reference>



    </references>

    <references title='Informative References' anchor="sec-informative-references">

<reference anchor="FIPS204" target="https://csrc.nist.gov/pubs/fips/204/final">
  <front>
    <title>Module-Lattice-Based Digital Signature Standard</title>
    <author >
      <organization>National Institute of Standards and Technology (NIST)</organization>
    </author>
    <date year="2024" month="August"/>
  </front>
  <seriesInfo name="FIPS" value="204"/>
</reference>
<reference anchor="FIPS205" target="https://csrc.nist.gov/pubs/fips/205/final">
  <front>
    <title>Stateless Hash-Based Digital Signature Standard</title>
    <author >
      <organization>National Institute of Standards and Technology (NIST)</organization>
    </author>
    <date year="2024" month="August"/>
  </front>
  <seriesInfo name="FIPS" value="205"/>
</reference>


<reference anchor="RFC6781">
  <front>
    <title>DNSSEC Operational Practices, Version 2</title>
    <author fullname="O. Kolkman" initials="O." surname="Kolkman"/>
    <author fullname="W. Mekking" initials="W." surname="Mekking"/>
    <author fullname="R. Gieben" initials="R." surname="Gieben"/>
    <date month="December" year="2012"/>
    <abstract>
      <t>This document describes a set of practices for operating the DNS with security extensions (DNSSEC). The target audience is zone administrators deploying DNSSEC.</t>
      <t>The document discusses operational aspects of using keys and signatures in the DNS. It discusses issues of key generation, key storage, signature generation, key rollover, and related policies.</t>
      <t>This document obsoletes RFC 4641, as it covers more operational ground and gives more up-to-date requirements with respect to key sizes and the DNSSEC operations.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="6781"/>
  <seriesInfo name="DOI" value="10.17487/RFC6781"/>
</reference>
<reference anchor="RFC7344">
  <front>
    <title>Automating DNSSEC Delegation Trust Maintenance</title>
    <author fullname="W. Kumari" initials="W." surname="Kumari"/>
    <author fullname="O. Gudmundsson" initials="O." surname="Gudmundsson"/>
    <author fullname="G. Barwood" initials="G." surname="Barwood"/>
    <date month="September" year="2014"/>
    <abstract>
      <t>This document describes a method to allow DNS Operators to more
easily update DNSSEC Key Signing Keys using the DNS as a
communication channel. The technique described is aimed at
delegations in which it is currently hard to move information from
the Child to Parent.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="7344"/>
  <seriesInfo name="DOI" value="10.17487/RFC7344"/>
</reference>
<reference anchor="RFC8078">
  <front>
    <title>Managing DS Records from the Parent via CDS/CDNSKEY</title>
    <author fullname="O. Gudmundsson" initials="O." surname="Gudmundsson"/>
    <author fullname="P. Wouters" initials="P." surname="Wouters"/>
    <date month="March" year="2017"/>
    <abstract>
      <t>RFC 7344 specifies how DNS trust can be maintained across key rollovers in-band between parent and child. This document elevates RFC 7344 from Informational to Standards Track. It also adds a method for initial trust setup and removal of a secure entry point.</t>
      <t>Changing a domain's DNSSEC status can be a complicated matter involving multiple unrelated parties. Some of these parties, such as the DNS operator, might not even be known by all the organizations involved. The inability to disable DNSSEC via in-band signaling is seen as a problem or liability that prevents some DNSSEC adoption at a large scale. This document adds a method for in-band signaling of these DNSSEC status changes.</t>
      <t>This document describes reasonable policies to ease deployment of the initial acceptance of new secure entry points (DS records).</t>
      <t>It is preferable that operators collaborate on the transfer or move of a domain. The best method is to perform a Key Signing Key (KSK) plus Zone Signing Key (ZSK) rollover. If that is not possible, the method using an unsigned intermediate state described in this document can be used to move the domain between two parties. This leaves the domain temporarily unsigned and vulnerable to DNS spoofing, but that is preferred over the alternative of validation failures due to a mismatched DS and DNSKEY record.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="8078"/>
  <seriesInfo name="DOI" value="10.17487/RFC8078"/>
</reference>
<reference anchor="RFC7583">
  <front>
    <title>DNSSEC Key Rollover Timing Considerations</title>
    <author fullname="S. Morris" initials="S." surname="Morris"/>
    <author fullname="J. Ihren" initials="J." surname="Ihren"/>
    <author fullname="J. Dickinson" initials="J." surname="Dickinson"/>
    <author fullname="W. Mekking" initials="W." surname="Mekking"/>
    <date month="October" year="2015"/>
    <abstract>
      <t>This document describes the issues surrounding the timing of events in the rolling of a key in a DNSSEC-secured zone. It presents timelines for the key rollover and explicitly identifies the relationships between the various parameters affecting the process.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="7583"/>
  <seriesInfo name="DOI" value="10.17487/RFC7583"/>
</reference>

<reference anchor="I-D.johani-dnsop-dnssec-alg-experimental-range">
   <front>
      <title>Experimental and Private-Use Ranges in the DNSSEC Algorithm Numbers Registry</title>
      <author fullname="Johan Stenstam" initials="J." surname="Stenstam">
         <organization>The Swedish Internet Foundation</organization>
      </author>
      <date day="12" month="June" year="2026"/>
      <abstract>
	 <t>   The DNSSEC Algorithm Numbers registry contains two code points, 253
   (PRIVATEDNS) and 254 (PRIVATEOID), intended for private and
   experimental algorithms.  These code points identify the algorithm by
   prepending a domain name or an object identifier to the &quot;Public Key&quot;
   field of the DNSKEY RDATA, overloading the semantics of that field
   and forcing every implementation to special-case algorithm dispatch.
   Because all such algorithms share a single code point, they cannot be
   distinguished on the wire by the algorithm number alone.

   This document reserves two small ranges of DNSSEC algorithm numbers:
   one for Private Use, requiring no IANA registration, and one for
   experimental algorithms, registered on a First Come First Served
   basis.  Code points drawn from these ranges behave identically to
   ordinary algorithm numbers and require no overloading of the DNSKEY
   RDATA.  This enables clean experimentation with the growing set of
   post-quantum and other candidate signature algorithms.  This document
   updates RFC 6014 and RFC 9157.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-johani-dnsop-dnssec-alg-experimental-range-00"/>
   
</reference>



    </references>

</references>


<?line 1068?>

<section numbered="false" anchor="acknowledgments"><name>Acknowledgments</name>

<t>The author acknowledges that Ondřej Surý arrived independently at the
idea of splitting the KSK and ZSK algorithms, and thanks him for
substantive discussions on this topic during RIPE 92.</t>

<t>The author also thanks Joe Abley (Cloudflare), Christian Elmerot
(Cloudflare), Peter Thomassen (deSEC), and Erik Bergström (Swedish
Internet Foundation) for valuable insights and suggestions.</t>

</section>
<section numbered="false" anchor="change-history-to-be-removed-before-publication"><name>Change History (to be removed before publication)</name>

<section numbered="false" anchor="draft-johani-dnsop-dnssec-alg-split-02"><name>draft-johani-dnsop-dnssec-alg-split-02</name>

<t>Relative to -01:</t>

<t><list style="symbols">
  <t>Added a non-normative Analysis section covering the KSK/ZSK
decoupling, DNSKEY-RRset size versus the rest of the zone, per-role
algorithm choice, simplified algorithm rollovers, and the costs the
relaxation gives up. The three specification sections are no longer
labelled "Part 1/2/3".</t>
  <t>Distinguished the sequential and double-signature ZSK-algorithm
rollover models, grounding both in RFC 6781 (the sequential model is
Pre-Publish, Section 4.1.1.1), and RECOMMENDS the sequential model.
The signer-side profile now requires each non-DNSKEY RRset to carry
at least one ZSK algorithm at every instant, not every ZSK algorithm.</t>
  <t>Noted that the sequential model makes an otherwise-inevitable
validation loss gradual for a validator supporting only the outgoing
ZSK algorithm, rather than introducing a new failure.</t>
</list></t>

<t>Earlier versions (-00, -01) were superseded in rapid succession; their
change notes are omitted here.</t>

</section>
</section>


  </back>

<!-- ##markdown-source:
H4sIAAAAAAAAA81923LcVpbl+/kKNP1gUpFJXWx3uciurqYouayWLKtEut2l
iYkJZCZIopQJZOMgSdMqf8i8zVfM27xMx/zX7LUv5wIgaVfEPEx3RFkkM4Fz
2ffL2vP53PV1v65OioOz9XXb1f3NZn6xXdd98eLtxcXL85Pi9cXrxx8uXhfh
78VFtS27sq/b5sCVi0VX3e79+oFbln1Ff7k/KXy/cqt22ZQbet2qK6/6+V/b
m7Kp56vGt1v8r6+W83J9Pfd4xPzJM+d3i03tPb2qv9/S1169vPzG1dvupOi7
ne+fPXnye/pU2VUlLeFV01ddU/UH7q7tPl537W5Lv6WFfP+u+JF+UzfXxZ/w
2wO3265oXf6k+PLJF1/Nin/8+ssn7mN1T99bnbhirqvHv7at7+f/sSubfrfB
z3Qc+M8H+Q997vXLv+BffVc2ftt2vbutml1FTynCCtpNWTfFW9p4cXHv+2pT
fL+t5AT9AX1Q9nYwWGNR0NfW9Hs+nn+pq/7quO2u8YeyW97QH276futPHj/G
5/Cr+rY6to89xi8eL7r2zleP+QmPD5zzfdms/lu5bht64X3lnSt3/U3bYdP0
3KK42q3XckP/irspLvqqoS9t+I/0WLqun3nhJ8XlDW3nrlrV/qawoy++aXfN
ij/A36hkC3zPx16f9S+1ftr39VVfrX1Ff6ucq5urttvQl2/5+L559e7i2ZMv
T/hBRqXftavdupq/Kfu+Xlbz56WvVsWL+rruy3VxUV83Zb/raF3YZ9mtDuTL
ZXdd9cmBLX23PG5q3x9ft7ePt7uFf3xVb/1jeh39oynX8r1wNvx/c+yfHvKW
t0eve0W7qftdXxXtVXijL+i/xWW1vGnadXt9Xxy+fXVxeSQPBNGdFM+ePPty
/uRr/o2vurry2Lm9Btumt9BSDsIhfJUfAr2Ljq3yvvi29Df/7w/hq/9/DuEr
Itr5fF6UC08ctuyde5cwpPJp4cOeSxNDvrgpb6tis1veFGtsvSuIwXlhj9vO
hW/4oged90TM1Xpdb4ms5stdd5s9irh32W42bVPsfFX07aq8Pwb9u3Jb/aRC
oHj/3hMDLMsOm+EH0guJh4nWazooou1i0fY3/BeSInxE+DeJkpnDD9dg1qJc
LkkKkRxY35/y39tt1RT/sas8TryofXF3U9HvO/4jbaDHyePfPxNXuw2JRX5S
cUdrL+r+uHheLUtet7z4c5+e13ZblZ0v2mZ9T/+Dz7h0P7OilOPjJdNFYE9Y
bHwEb4r+sqSL8QUJbiJSt6juW95fSctrKnkYnxn2my5hVizu6bsNXa/H68KC
XHVbdbQo3qsuxre0I5wB9uLrnyvbOzRUXBK/lqiapIx36Uf5ZEt6Kp3blqRv
5Y+L87Yhcofgta2Gm6ertlOTK9p5+ZzflOv1fILs+JrtVumwqq2sFYeja3XD
l2DzpCCIh2shxPQCjp27vKENk+bcbaqmL/y2WtZXRmJLIt5rIeKeaO0j9k6f
3pJ8pM0XvryqcF1uC+apl+X6uHjV0+7X5U/6hISFsLeOxKs8rav+Y1eDQUqm
LJzFomLGoZUycckFxY1s6dNYom5jxBx8f/zssnHxazuILyZAooQSFDa31YDa
mor+3LQ9vR3Usa7pR70XUL9LqN82h9MhYg63Dero2p5lFu8DWsqeUK925dpV
P5Gmx1UmBBWWOGOS7yoIgaqBeCOZRSzZ9ODsQ1Llwo+0rVW7W5CCCqRxVGza
VSXs37UkYWhXE8+3g5naFei9wVkX/PD7Qu7guPgGUnp9PwNPRLK4Id4v8ZB2
Td8hA0yl1k1Kc81us6AH6k2RPUd7Ia58caFijA4J26VbIMYp3br+WK3v5+Ao
sNIql3ksD0ghLemf0RAq/I4UEh0G752J3gW2oxO9beuVnQZZcw0sxTn90My7
qgeLyiV19RZyI2EBs96K99+cswHHC8APsOOORWFs6tWK5JD7DLZJR1bDko0S
N9YY9F2QGfZFF4vfEHnwCbAYJRMUVhNueq1SP7UJp3WPV0XIZ0VUDfUHGfnd
m/mLizP36ZMaN7/8wu+/ePMtfl/Y77/65ZeZsNg3b/kP+BALQo91XREd0crI
eGcdR6p7XS+Deity3dbznpSB+7sWXIHnEIFtSrrffrdSkdT9FlV4+PKcFjQr
Xq6effXV098f5brRqW68UP6lx4FJOiVk3pKHSqY/RGIkzb/mC2WB4t6/v3j1
JyNNfE/YT/WZSh2VQ0ZQdOtnBe+aGBKmAnkd96woWmjUatvLWfh2w+TOwrjM
rPtEfy4qkYdXJDGbnjguPR9VQNioLIxesWQdIoLTgWyg50VGYd/bdbmsoLfp
IOjrq1Zl77oinUeGSrc5GUpMpxLz7qam4zKrIrMo8G5ayVXVL29wFHTP63sz
K+hWSvz62EHn3pX36TJtC7SAPrNHIJUgLMio/2tLZnpy88d0wHwMk2pvKYTT
4OhYnpsehOqkTbS+cg9aHQNFQdsmwTFStInWoA1kL/ogL8Jp4eNKTKn5kJIU
a3MSumokZPbElJFwOVgh7ZOovhLrgrchWr1d/BViMHnTaXweaYz0qfQvOIaO
9wgC9vekXkjgLUUg9SSUr4mQFlV/V1XN6KLoBMo1ub6re+VA15pbSdShGr+C
2MEZVT+Vm+2aeIkJr21Az/Y0TxY+ERV7tSR2e6IR2tGq2q7be1X2tCO6DZil
ZMyRRGJ+Pvz0qaR33fva//LLkZySxgtcWH6p27qnJbXEcCIR+8yoMYsOLnKy
Cad2jBrCOOZVfXVFbNQsK/mS6sz4kmXXei/8FallrvqOFT9fbVTZanKs9bDt
E7Zpp5sOz2Ijw97Nb4Oko1OGjcK7GO3c1T3pxyt8iL/FDjBdjxehJgYiboc8
ZLh1bIQRJX769A+k1qDiRFG4TUveMYtKfMf0IFNbcpxsMxITk/VJe9TvqPNA
TL8i0t1tYebdtWbl4Ws+3rCwSOA1FoqenuGvSMDAol+SC1eqN8EGGut4oqr5
mtz3VXIGtOpSbf7wQab4RE8dFz+ybARNxbeSW3hLu4N/wVTr1HMY2N7JDoyO
FnXDpgXrjiVJG7UzEqK8RcwExgkUBDMCC6lEnbM4YNOr7Ijw6o7Ea3Vb4nhT
sqfjvK3WLdv59Gk+WnrdLPh3SzA7jMVlxVqXltre0ieIKGa4OoRcwP1x34h+
9WyM46Omxu3JZPepyLuqO7qXvt5AojuVSNBpvtadLW9abKoiVQAi/9xPeCrg
yqrr70V5bZjjPFGNVzFGr5avkvnK0qTE7bbYYnLhh4mMyQyko4lXRqWgYjMx
WUiLOdVTwc4feKR0sL/BBXMf4lvS57PugdYRBaGe6YVIWLjX0Ov4/rarN5AE
FUmcpXpvA6ElLK8yCDLZLuGuIl+sO8W9pGLqNYvtWTiIeIO0LRh1sueFBi7k
nMmID4bZwRWJkoKF8Q8v3gVdcsBURmYPdPZdu1uruXhX0+bpdjf1w45kVw1c
yb69liBD1QiX0FedKAT+sgrmE+eeHhcvak/kukythfSq00gHVMYWMV5fbVll
iD3+uUfgh4zNjleW+KLe+DtzQ4uRG4rv/3ZPdOBRmEOMh4jvu1O3JbNT2d4g
t6ra46oGN44Xk8RNEr9r2plNSDG1HejOnh0XZ6KUqlXuxy7LFatBPtGf/Uf9
mU/1fe5p8np63swW7E7mY1+FB/DTRXDekeAkz4KWIJZUWSzIwPhokQt6TOa3
QiYRqdFeyH1et3XPXqnePJQcrzqSDeQdHiIPH7nB4CjVlO/+PEfsYiYsB0sn
uvN4QjgFDyOXbktMhLAlZUNyR+vrG5g2viLqqknKIXdBSpmYChFtmBR64FfE
gIty+ZEe4s1Yn1yi8HZwlvCc/JJTWUhLWK5LkshLssnwqBUtI3i95CrX2MYR
3fQXx8UP3v5EjvjIWSc6YTm2DrSVkjSWwaSw8vIpJoQ09jf28tNg5ZIs7pXu
JdMT8vZZElNgaz+GB666dhMXDcvB2Cg8Fy9NrecagUKEFJj4f1qCK9SLJLHG
F6ySbc5qeF2TBPMi+sWKJhcGpvvegAOeIYcU7e3Dy/N3s+JFe4n/+fOsYP5m
OXlEdiVtCK4eFJyFJkreicYmVpnEHat3SBGy9dT4ymUqElJBpoqdnBt8kD+S
NskFJMf05ILG0jeoeiF+4wm3XzKkvG6hr2Ii9BVtv1O7Wb4Hpb8hnSWrpKfu
1jBeXLwXEjlXcOdIkdbLGgYqnwAYnBhS3xqPAEIiPQQOiHnzE0nL7Zbi50ej
f4+L5GCy0L17uopPn0wE0ILNU7xp1yuoUzpbyCr29XU9eminbniI6ufKQd4R
mXNobnya4t2Z73jhHjxASLhii6/ZIS1pJVuyDDTfpqEcF3hwQy59DRJiiiBS
pme1HVTGZwhp3yLuQqTJR/GiQoSbfxbqhH+JZKcvDr774eLyYCb/Ld5+z/9+
//LPP7x6//IF/n3x7dmbN+EfTj9x8e33P7x5Ef8Vv3n+/XffvXz7Qr5Mvy2y
X7mD787+ciCMfPD9u8tX3789e3Mw8mA4ZiWann0l0udgwBI2iF929UKC5c/P
3/3v//H0S/WTnj19+nu6Hvnh66e/Q3SNxHgjb2NRLz/SBd47tQNhSpEvQk4C
smcQMR7u8F1TQAHQaT76LziZ/3pS/NNiuX365T/rL7Dh7Jd2Ztkv+czGvxl9
WQ5x4lcTrwmnmf1+cNL5es/+kv1s55788p/+uEZgaP706z/+sxtaijsIz4OB
sXNQHBKnHclNwlgZ/JHY78ipak3jEmSXeXVu/0j39I+/+/rpL7+oMylswMTJ
Zjt7HOy0cvBo2paT4CCzcw1JquGBlZhoJLmgqbpVIfrIiRaMESbLHIn4SsJF
vsgyCzgSZ8UQK7V41alO9neaJlVI8PXtsl2bVcOBP9I4zmzauo9+4gXEU1W8
bCDQ3nH07fDi5TuS2RKuK1e3tW/z2IVrLGMuYib8CLW0Eo4fM9eqZROUw4Wa
86MX4T3ksJAbUZUrYRJmQxJoJHS8pqfIlwgHk5j7anC7LKEQDQ3b4/jyVDan
PgEk2Jn61yfFK5JxZDxFYXY+8KeTwpTgOH/6LDjoSswk/O22mraZx4OCyXfN
uYYTjs1Gb75KQycwKcoJF52Jj7Q7e1Ht7hohap/5/IObcVnEZeRU4sTpENMT
mRVDFcRE43IdcsoGGn2iE5FJOtPSamzOqzk2dv84Q0SUykZYMINI+KZrwKV8
RnrEghCjYOT7ZFeiY4aeH5gBfrRF8LAeepJcqhJaK2Tm4mfIG/eRR7JYRZHF
KuQrPjUFHAe4YAKIVyIyRmypZe1x++GBsEjha9+SgXASk8wOzE/WK5cb0TKW
Ny2ZwrmQmSD4NPrDiV+6dSQBcHLy7BvyS+CmBOtcPiDa/Kb0qv2WrXg9vTq7
Lr4MQTNx6kT80AbvStAU2+NT8jSPnktwgRx8ptpgr8eUK9s1C5bCa/p5U0Fg
uLjmMnH4ecnsGMEtL69h+fQQWXRk2PSyu9/2xpPk0rrXQ6+KlG+LZBvHzzko
l4Q0ohJpuyhFETnT2oF2fZLeg2Vx7mr1g1vJkvkbVglOVQL8tGGFhBcxvKrW
1bWwfvVTLfYn2EKZPGqSxJ+apUvAgUjkCHR2W9ES2GFJfaLXqaUtobX8XJLn
Id/R2H5o3TsNzLQu3RlviRga8l2oVenddjNDfphvNnhLNTgJFwtlAOkF64du
m/6pcZLqJ7gb5XqmiyFVv2KHhI3m5b0sriaBh/WoaDhVSkfQRnUITlN1x6Jr
WVZdlcskhCa7l5y3kyh1CAKa4qYHxPgBaJOPNTAK3kHqeblTlUVi0sNOhqxb
ze3zCNxyVKEVj0zEw4cHxIPLI8MsI9JE0yh4o9UqSamLs7xX3UxnMaPYCBHs
xHKK/JDEFNlMCh4urh3bu0J+GM+By5p40Co3EVskmRS9SggyRD3IqiFjmI6r
5azXWcwzeQSTq3LLlQF0iJLLqGLKSSQoohx6Xxyto0958LJlmEIYhn6uf+Zv
uZ4kdBcKBepewptIWdYhyHpl4psU0Y/wv0KqIhdBiJEgbSBVSSz7uTwiy2Bg
3USuQoz8QTP34hEnSgdaJPkDSRKcEbJtdEx1X6nShIESUmBiuoo83pQ/1RtU
CiQ5kahsTp0pyPQr5K5tsuICXOIpfzPE7dPK1MQUGwWpl0jXdBYuneXrYOJA
zF3UActTZDpY48gdizXT3bL5kgX907dWnAmXigROMSL44vssy/Mq3ts83puE
dTXwkAj9cTLnJDc75Va3XN1RSUIgKeyzC4ylTHwg5Ol5CyRM5IIsPYHqM/Ay
S/vfkBRSCoX2lEIDiAanOmMqAq12aTCojNCRfsRChZHEkTBRigBu19csMzUk
O84bji1q3b8eYl7etoS4YBIkE2Ftzs73qmtjhlkDvCaJQ9FhjMFw4FvTE6wf
xixqhpWG+kKKGuq5rHF+kph2h5b5OOJkM6fnEOqPggS/5gSPVHdgb1qkIac8
l6BokviB0P1JAnIxCQmRFD+iIaZhUeXxZHIOSlFiabjuUlI4fFhzWRMHLOx0
Ss4Uu4x+h1npWAbGCTuWBzDOke+AUDNrM7EZxE9WNYVQLtnEyxsRouzIsYi7
Z2tqQx/b1Gq6Oc2uNlXN3qQIn4pTkbD0Ux/tAkT/b6Q0d8I575Pz+YB4L9v7
tHWPtMRvKqfkODrd5I244arPnInbm3J9K95daTqSpQTcBMR/kTZhBRochfV9
DPM4fFTWtxELhF9703Lk9IZvPxRlkLBBxE3DtvsLetPSG2jGieyOC4VM5teH
X/CxcV2THQBb+15sQny8IwOtW6GqG7V/N6q/h6TIhruW/z3f9cpPCDzX1a35
e5D3yPpZJe/l5Rv8GOP3WJqUB+HBdHFXYCm2P/HdOX14Tl/i//LnHNyYGQuo
Eo+aSxBeNTwelzujJMY6IasKspltJAlhOhDjVOnfas7h9VD0Z7fGgUvUT6PM
qTjMbA41ikI0IDjPySfm+ASJI+23kADDy4dqg+IZh6pU1U6s3r2QIRaicSI6
/l2n9btl4+8kV5OV/YCCVJsudmtOqNHlGPE5PURk+bpiKszA0RiQ4r2sSSoo
sqpnVGg1xdmsOKP/mxXf/TsnOC7//TLmLFjHDIvZ7iyHx2YXV37o7qV0b30f
q1Tia5NymEvT9vGXn3t2fJ25apZ1L5v7O630KKxQ+QaspyZWuEktccxqYsfB
klDqi1rYjijUTQeZIEeSRK70F4W7lrUvUPCEjUNJeWeKnh+o4nwGP6pegJRi
RXcoCRd3OhMIUjQuPCpvsdp9uhlx0e6jC1OzjiIhfQ1fCSUJCOLNXBolyKvM
Jov/hLHFF8UuXGq7ThTbMTXzc/GA2GmA0w4pHMSb+MFEKGTi1bT+UQ4jrami
L0NMBMrDBsl90HJESXziBk1OVA2vQHIZV1Gn6hI1acoegAsHdrjPtTvSm+sq
EvVsiPBRzrn0Vb1yUhIcO5GjtDIRunS4EWb1LBBJsusXzfiOtvUeyjLaBOc3
LVkxokBCoX1SNrLKw2YhKmVqb1AP4qQeZLJoR82BJZbbTJfwWFjMTVTvpFck
BmtiFqRJNFojbfebpIhD4hbYqC1CaifFKpn2bRDoSZ2HZCNqzuGjY6cwL1ks
SvIq/M18wX1OSPhvKrsw+2aWIsSnYUhLxFfiCfRIcjVh4HDgQ8IK5SCuJ9zq
J4uSlAzgJ6QceR8LimIt60gCIavriULbflQwZneIP7JI0jrKEO6CxJZyTdqX
48J8JtlxHbVE6EJUMYs9+Cjn+7bVHhTY3VyanFdDDUpQjAo+/DoVZH6SFMvv
r9NS4kSLzLjk1uovUQ6gsYtgCqPTgJXzIFo1G2dy75LIktt5dUL76fKUwopN
NF0zqA+Pdh4TLziH+2Bvq6CQ43GfijqNJR4kEZI3acxN4i2LvEpkX/G90IUl
09urYZJc23XU50yK0uKRi7kcKzayAOQslrPVvbTPQT/B26uXO6IYlDNAvKEa
xLcaLeXo9s6z/5y9TC6MeyhKP4pYJLSyJrbz5JZXKD4UQ8ZldSu6Yw5E/vZc
FEI0f1cuaqYOLVZmiihrVErcl4QlLEnZLljOcRxLzhcSSkxEJ0IIrw4mkVBq
EBmW3dNM3GRi7FK1R7JZSCbJRl7van8jfBiKl+6j4bUKvHDP9p3cNruG5KNc
i3K7COo0UW/vTbEWnz6b1LcOhmc8pqCfxZwVI79cGRdIP9SwuhnRDSu1jjFF
KXwNhYkikrR7kA2C8FIWX7xvpwXKMay/t6w4xpyTPBXuE4YkHhODm80Ni5gQ
DwsG1VUSaqR1bXbrvmyqdufJI03MP6LcquGYMgt8usREVqnv7NUJlapQto6Z
dNPY9jFZG3QcZksklkE8Jcf1tVIm21R3vEPNCSwqMZrJ19iiZYcs/HUSXU+S
GS4kuTznSF566D4iMXs1nvziYiYOf7eR1JbXbiTNNcBstBgYSsb6OhS/taSM
QooKp1bPfV9tY4zGnI4kYw+GQkmMPoLTKOO8kGWE6KhQkUZLOFc2P5Sag999
8eWXklbFT18/+d3XMBkhrcpd38LJT45Ech0vLrTrLCkM1Nvxuy1MZD55kqEL
8srtMbzD+aNwSY9cauxjqfckkO7oBUm7heQN0ugY569xNlpS5GzL81VXw7E2
u4XM5BCLD7knevSusQpSOJou5cYJtg0BOvommQcNO8L4A1mHH6GriYWb/sao
VWxraUwmJpizW5W0QXLJ+uXNVIuD6SwnVrAm17j7Ls3tSFXqbJ+Jon5xmWRo
RPIEFgetGYuDbBOVKpEAaXKve8nQhxrF6EKofxKj78g9xvO2GraW42cmpqUj
WqstOAKCGtNQyAb3BmJDTifeEVFDyRmnMhr2+oLX7PATPR4mBBjzcEdSfZLc
AzuAEoVSuhg/9EN46FRK62g6+ukFBKSy1ikW3Jaxi6TUSNOhS4UdrcuHZOd8
ggBFcn1I/xgZR0MlaFNCXKnkVFaSp8GRs2kfawgkHOiEP0MXHmI2RM3S6rlI
7Xt1jTSgyQTEbhMEjMNderKDpOXww/QOouYbBh0SY0YK/tb3TtJmQdkcW/mE
GCSQsaH+QW4cSh/rqJtbBPRWw7yIMIcbWj5RQLKENSOus8DQhLph8dnEeOqI
TEVDg5QD3sCb+mOlFPQhcddnWhnDQoCVOzeu+FDdzraIUhJbiXV/H5g8yLwi
y/qHqFrk/dtyXa/wVcaguHxjmRKS3iGYrCE9uvzrFtT8QcANJA4as8ssN2JM
K80miHkMiQAKolfIhjlGclz8aAEzer8Hvgsb9kSDwdERKYklHZLA67yYY6vy
3h/JtWvfbHJ6zXK9s7CpE/kDI8RuJlvsLEjb4BVL8IND6vQaDQVIZ4nK82Iv
PdfsW0nyZZbxFmcky85ZNqVs6g1SV9awkuqa+DgILb/k9AlsZTEUUlJMQ7zG
hy32e8eV37uQP4sFABoZ4XC93IpwoSY4cEokINj69IjkSYcRB7bYk+PGDC3S
kqKpT5/s6XP5mhQqPoq9/4/UmtVk+FW5qdc1mdvvumr+Tssy1KaUVQ7qHmdR
E4AerKFVoC9wS/hTciH2LD8L3SOSWBoIAMsoIbAcmjlYVqL4bViK34miFq9K
AgISSJTMR7DLhyAbpq3N1nw0BD/Q4+G2D11DosLt+WkC7ipR2sacKvxIh9BF
5Va/aWPJXYqdEDtQRmGcYWrcDVPjLM14F5qSrX4qpRzuRiO+8W3cSkNH6rQ+
CEoHiY1ZLEa9u7lXLzmARQi9aGAZci2gSuS9zLBVR9R3xDpnj9aMYCO8IGxA
y1AtZHtcvAjNJ05bfcATr3O3Hdrl1xqoisO/vf5b8c/F0yNxcnJVN+htiMn3
odcXDCwXwhd8BQGEIrZ6kcg2pJkye2Z2qW5dlbeS7BVCtiOd8Pa540Ar8tjY
BecN+UNLOmLEOrdsTfgOWIpkmeZKg8DP9g3r19JpMEgXOxLO8DIFqoK2K9Xn
5sGWavnBNttfU5DSb1yhkHnST5lC8gjnallS04pxBEiuvIXdWHBMB9AMVgNJ
F1L7KqRpVIPZ1YT0uAQfZ2K2my83kU79fIB3MMydZM5UkjkZ9RheTidS3a4p
2Uni0P4l+wa9he3ZPlsSNaGa7La20rV1uWi1gQecI/cW4HdWlRvqvAlG9chs
4URviFalxtqsabHk3MiwB6DIfdIt/jrRKbPEJc2v3tVRyEodUNZVa9UK416y
eOGZKyH0NFjKh8FSVPQRLUk52MypfSdaIjRAJkuNl8IlpeS4v7WqhNBNlOh5
2RALAz1/eTTrt9qnhnwSIuZooUS5ztlJYPOQbqpqr678dP+11eR0VVKalzYq
2R2xkXVNhgMR1ZZBRvoQJxm7vUSot+RvrbS6EggzWp0O6D0J4bAjcxr21NNV
9aKgYfnNzNr2MQVCt7gLTZZpt1MWVWIlpupnDcNBM3UqDSK1ViuYEER7J9Gb
cXw0s5ER4dPUdG5CpvVYqAR0bJ6zIQ+LLSY32DXm/su+TQqWytAErYGGJB5L
BxbMaKAyeJX52B4qkU0wxZYxRMYYxWjOoeqkdqkqzD+rJEA4iz3QgdaVkl3W
h8s6bdAidph1m+WBEruBkiNxJWo1yiI7FXHRquXHE5AfE5J6dHmlcS77VdEl
5k5H1la5FkSollwbTqyRjjNBqq6T1nhKmXeI7MM7m5trdr0j8dT0VRUSbdEf
Q7FtjeymNsnEbdUci5+bOTJTnzXTcW7yqGjTXXpSbONqZCkKxXhr0n+YOA3k
VUNoL9aMU6G5eYkXajSUvuM/SignK0G2QCiddQZDhsMSP47T5HlTL2cXhUS0
WtESogbkRS53PY63WqYppok8DiRudx63a60xodv+LJps+7rtP30WFCFLPpzt
uXbZv98BH+tCJc+z42dD64x74XDfJnnss18dP30aPwzQLfqwMygd7RyPi7Ni
fPZutIlZK02Oi++bQLUVYBlXALi8NH3AnXZcfDzs+S/TdyAcxoWaHGiDTU43
djQ0YrPyywPkASWsw42QU9FFbv6Q5WuIMXF/OMczWIYYUpFf2URzg7LPV1d7
TGrFAfRWOJdIUbvXUtOpmUeoTfJZRHVvrBQln9iLG78kgWSUOyQfmbSO5u52
HYrCtUhaK/z6CTTDmCQ7jiQnEf3DC77l4oJu+WjUZKhgNpEaJPL+kPsgXVCR
CEGwUjnEwQwhobO/JMQTA3PyOZgWj/bE6B4dF2/o9F5zzjzkOjNPKbnvyVyj
8WVEMQPi1gfJ+EKLVpstqW7NoiZPDgBcTGbkDWqnlYQeoTbDh4+yvLCTlmY0
up4494j/NFkQFaPngex6BSTDbyHyENUCMxV5aFFJcc+n889+ON6/CGbuzMEb
AkriZQy3RJeIVazMrOYqh+SLHKBEXiKH4QsLkCh/YrZkAf8JNhmvjVE94o7z
XfKJWFuwJNmYalcjH7Zs7kfnGWoSuGKXjf2+Kv724W/FH4qns+IgO+oYEi/4
1QcRDjUEaXJgSW01QblICPmEBeEp2o/PuBd4K7n1ZE3W3ooJQvXVnugg2LDA
U9NakKFNdBr8t1Q0JcLVYFwGJxvwMsre4EkSm9uyLrwOja0AYmQXm2nYCpGg
ewiAL+5N88ZOXHSWSM1J+p1ZHtrwwgBbCX1rhzJRflZI4YtRSERocfy9vGLi
2Bmba1pfZACXJloH/ymYf9T7QgaNy5PP2geDYrZBU1lIrwwzBuQS667zUhOI
aQ2XhpLQYf0FpIh2tP69VRdW9M6OkliO2A6XuZERrCofAd2QkjYtc2hlE0dW
N6EGpHYYCEPNhaGYvlHdh9DVH4y/6Bl2nHkx95kBTU3wVfFcPbCz4h/+UDwn
EazhMOmeQQ3TitvW9+a4DpNARGL+gdRDHZ6E5hK6monXGzrgIobBrx15ZoSk
GDSDJOvpHttEZEzjBsG4PHI4s0KffZHAndUtpaGwADNs3JqU94piMi2akY1T
UI/pAtDjIMjyC9mbV5zZocjJsiaRStZmAgIotyzHYbHj4lst4B+7yhzvkWMM
sXtSLirbyJMIcrJMkD9DPi1lZCl0cYdj0OG2G8qfsgudvDEcHfFCXQy3J/G3
YQlkhCiT1BNbJ5zz8uoDlW6YXh6I50GVcB/ljNZfemet6SvrhE/1yEA0ZVI8
KX5z09kOteMnFapqckOYRQMN+bwuYRZNMFil70g6pkIxLTiyeRlSi3pqGLCc
SyY3kqh9b6WdFMJKNCwpWxCDwU0VMTJjDsP5aeVdCuHnkm6+XEugIcu8raG2
GILqOaZproC0dvJhSv2BClPBVNbTlLQW0Tutdi16Zn8VZQx85p3Utc93vNhN
FUNyVQ3qLxNv3u0vvjzzqReQITxnrZiTgNCM7T9Lqd2KwpZWi7za1AyMTr49
Mp4MgMduk5oJUnbrTy2kJfXWIbzABeEZdFNow7/a8XKyHvxCpm0k6QTlMDdy
uIbYEwnOqSExkVeytRIBl/Mmp6y0xbNMahCkUS0zz7S8KUUBSNNZE72OQ4cw
jWZIV1LiHOofHcIXY9/030IEbtI95SBE6qOGiJ24qaEtYrAkN1wGY502WciP
wTcYtFYxDrWrL+hzBlEd6hgfjnB/lUkQsNWyQljKaaBZrZfcNvHs7Cqgx+D3
HwQSM6yZfUt2ePRX1R7DIbTHBK4A87SbauxVHg401iB8MzBvjmBtuCJ6Whrs
DclPjrjN26u51PgzmOTxeNljBZ06x7L8PEM9tfoP8cnwADlcn6Q1fPG8vd75
AB6pab3xu9fl8iM9O38hdMPAYwRTRQKSdhmrQ2SM88HZQgKmQQNes+Nl+myd
oSEML02IMVTPJOYAt7u5XaNvThvCpXw5BgxHwcUjBGjCDly+g+FKXxfJShNk
Dlrvq0YAO5gaBH1e1POAP7V6E0LXezF+pEyn5S7KmajEesm1uMwqSgaRnobS
x1oqLEWLuFgrhbDJxlpi0+7jMLSRtqAZdRwz1hELXoU7kkZdOZWBbcyk1of6
xIgEN0hRtQ0bBC6G1ZjDI+3gdHyopklyW9GsiYKeh00MPL/9Yir4hGz2zPaV
vw8Dxgk02+uMSjiWh2I0ei2PP4KxcB9uruoUgGLbrusl175kwOexU3x0RgoN
F2PoiZHg6iYF2Zlz+PN617EhbUiyjM+F6NRtpYsgqhBJK7lqLWq21KsYRvBk
WY/ZSeM+zQwuoKrb63bn9VuJZiddfL/mqpNwOJ4RAa1xDYoUztMp42xKRpFt
HDKrO1PrsXlvplXqC2TJY5MFBw9A96RLVnPgMlVX5W6dZEtCFggZFVj5HZET
pymeJ5i17y1Xdq7IlMhLJEYFK+Mf7Zn2IX5C8QKGsuTPMrzIPfiZ+8Ai3a+C
RRpayKrq2Bxm3yOmpk64F2QF/5Lh4W9awcb1E5al5vB4dIgMxxILWpZedw4J
aQtqsGVBhHodOhynYvKgM57lIUleQa50sWm80KZxyfON0nrH8XiHAMK0qZUQ
sM7F0bN7ZJCWjyKmpWYMLQ6XesylS6GC9+EEWw4I+1WlwrRk6piY37CjDA4a
VehSSifUpB1poPNyUa+tSDTrELZ8uqFFGuLHIBrk8kiQ2UTJws8CdSSxHw2S
6FU4A4JIsdMGYRWvrgo3Dn0I7cBc1Snn5zg6NRUA56Chz6KGsqqJD39w4w8/
P07w2AYbG9/U86JdLnfb+wBxWDDIDWcm2Re7qn8CWO+NVZ7CuBIY8MuxkTYL
FztASvtcijLyx8yczpuDfl4GSztByyoOkx0cHQMd27YWMRwnQozJQwew2MkD
nx9B4GU4DwBlvryJlY9+T0wnAwvh005B4y1LHVGbwjg1/DPtQQ3g9ZIxegho
DiPXtAVTmkBCpYR49VU3ROmRoMtdyaY1OSscJjYM4VnaNzoAu8p7UJl/FQpm
0Apl9MRtDe4ySiHx+FaVgWfrBBAOhUjhYkDSDa6tmaKCKXRTsk16h/FCP6Zt
Yemp5hWq+apLx8W04fF7BC39S5Ed8V22Hbk+MAwnkiwuOt5+szJQcTcYzOSC
D/KrMk/aivaoFWdqRVmqbdlpMf3yq6rFMEDHzhsHI60Yfre9RrVU6NrSkANX
63iMkZSJiHYon3vZNY9SEVT5tKEmKfrHw9c16Xb0A4i7g36R+lYAlRl3g22B
kAcKn65zUZeqN0PBNtNWiVDqLVs622vr7ANU8sRQmnHTkpuMOQhOIjhKniMK
aFk1ZVe3SQXaiZuKRkgxhZltMqrBZ9EBOuBAKOyOOrhmmpWYcL2MPVL7aFXD
8mbW5yGBpVNEhClyiHhYedBOCrgGbqeLKyA2ecSK/pHNHQmVXFVIMu6JVDhD
EKeVByD+XdNUCIwMB/bsmrDEk9TUIa9ghe7PMsqQzEa1U2aB62O7fzBvYjMK
YGpiU7pZTDmmUjqCxorlYlwpAUQNEbBREcIDcZusuVvAoDlZwStmCcPyQm3l
y2yyg3oZwKBHOJukxSYRM24ko+hqpIa2F9RwjrwKt4i6pzvfVSFJGCt6U2iS
dAHy+UGedjpGKQZnjE2Skg6VvLMATxVSXqryeFlOpb4Jjjt6ZOg2/G3eQgjD
p93YEG4GoV/3++HnzRbnlFZSxDaYRfH3Qu4LYY4H8QxHVCyqNScjfmXgxq9P
23A6bWOi53w2ulrbVp3P5BgN5DDrRnqL5p58YgVzv0VNomR8tRQtG/llba/G
rSEqRA9M6W20GS7+0oi6kwTEomtRB3pnef0cinygdIpE6ZAVKPrs75kosn+c
iHtgnIgZm4hB5JNFJsaKuH1jRSRXisufnC9yKqp3Rozub9ioWlQKzrWyrO0e
cVEMkH5RgYRe9oCYNmR7Os1LbetmGuaZeiaD46lxkGamU7+1/kdxZm0pGPn8
UaerjWbYZUmXPLdxvatXHFxR9sLY+OKQ6KNcaLLjHJ9v0Sm02wDPrsK4dMeT
1wXSnr7ZGJ0s2hX3KTHgiudhnp8PMkz8fhJa5fbmHgkQzl/QqjPAHRalYzPj
+7RsdcZn57IYjJGNtXTz8RHNtNLVTEe15jTUzsbHuMqa9SsebjqPOdiSvKmG
wc/yTrSQBw5NR9poH6jbx6/87quvv+C6cpvzWQ8Cl4exWfH5q7cvZsVrOvxZ
cV568JMi9eFk/JFT6O+QCCN2a1eMX5dYJwaIquzoEe0VClJhCeiYK5nOrcQW
JkbtVbchU5UkOYNMkKk0cqCwZXgF5XFxASrgV9c6rUwbQP2S3qv+W3K/VkzJ
siEZIcxc9Qix+kducipTGBAlNgVyMmNMjuI7bg0rPn02bBZ7oDtZWqjYlki1
Q+iv0ymgcJmSRs/ci2RZaiUDCrC0rwXTTbVgipbOEfZTJBMl5U1ovHCBvdVK
vEXQk0UtY79pF9C+kpBTsV2SZguOA5lHb+MAwg1pKzbLuImOz8ydiK09DE4V
J0RWLusExTkZy7yu7uMtDpnx0LyDL4+f4v+PnGpTTten3I1OkzaCYEToMvBC
CnTp9rWSMjloM+muEa869Ajls7BiC+YQl8zQ9wOyUEobctUpeQHAWvpRopu7
r9WQYwS9zJZVHSyY6of1MXl3YQisFusfqUycK5JBaWWPsyJi8Gcr5L24zB1O
53Kkn7PqYnGI/Y67k1ERt5KooqPTW61VY7HpKBntiQr0pBcgBanVNjIOeXCN
DXYXq2xmchKcqsFsyNVx8XJvoQuGO2T1a1PNu1xPmLQCx7pVqROf6M5Ni0sM
awc3LMWiqHaJFfJlE5uZjeSykA06RCIR4IxDh4gPyH1JjfYjBZUYHOdx8YOA
Zw7SePtxktWs4RQnh6f5zDkyUK2yYhU7iwmIERYeKaKInUiMnWgfcMrfLuPv
LwHQLDVUAjwxLOeaaCJ05ooqHAbJuz6ER9LoBsf6lrVnGM+IphnGjQ09TThE
KQCdYjZVkAv1kmkgFWms/3qbNEmO+RqjR6CytKR5X0+4HvBUO3peY+gyHjSm
zHTVvn7wcFgGIDNi6cwQhxUAhAFNCAoYREIHTlDwrSu+CYvYl6+pvQWoUhBE
N6GR+dr2a4AvpZdFUhkz6ZtKpkeqfah1ZThun8uVYfWVBZmH+DWhvu2sGZh0
I5i1QcBCp1Wpb+ZGDe9447Q1IoWfyOzal0fkz49Qr36ikz4Ze5U6iBZe5VQX
ikCXfaOJMo0ZytlPZKRDQ2R6VyHGg4rhGAQLmSu1Iidicy4j0tNiYhxd6thO
jFTQSJVLAZ4GEdQkyqWjufeUxkrDvr3QOOZXsRIGYwQeuCmbH5GBJ8QeU04o
GJaC20dQA1AFC8aSakDdZtYIjRi943IFA+c92Y8tZDXF+HJep/Xr6AVSvxC2
PMo2KXDUA0ef3nPasq3Nxtah7axPXygpAsvLLalZlKJFMLsDRiQ8TlInBji1
d0ZJpqOynVs5CC3nilvug6TmtK3J0imOTDAtQu/r4FPMdUhcFbst+w8Jhm01
0oBOvhSac1Mki2GudRSiDhEkpxitIS4Ab2QCszKAPQAToqzXaQh+DBAh71gE
DFhmxj6r100rqWcSCyp9YkHs4aMpsBRWiRmbBsw0bld4MDVAvwPceKVzfdwA
EIrXAhHItuyJ2DHZCQdQoVkgIRuNU6WjkTMVnQQ2bapwvCAZzCJLdWmqw55P
Zyf0ptAAMqknPkDK0wQUfVrgJmgrdE1cVys2+2yagEOSSpMSZROHac+JPW91
bpK1zyd6BhkydgqSEX1mzkoODvS0G6M1pNeeWKMhq6RstOcb5mbEzA17fsEn
RH5SBZmzyiCULQeZnCi3BE9oyFiIP7I+mmvoRWErbTyJatmZAREr0DyPmUHj
QDcoW5TuXi6FymI1Yptp0EARhIiol5VSfxzjk5QOp4AwNkFjb/m/+83l/wMw
kVPLZNQcXXRZMCBBgO1bsTZ1ygMQraJR3soM0ngSMWv0zqojLgbZ2eKcm9df
XBSvPD4VSgvOrAxF+p7yoteQophopNDOg+iKjQeacRTXSiesAsl+HsFuk+8m
yMgxpGQQmUFbhmnQFzHFHNvqs0VoZzO3E5T2JLWNNL1Nvz8PlRlqEwjguflH
x8Urwf4PufqYjg9zerTpmbV5+jmXZNrzxQdXoqtU2iVFKqfpL1xuh+gQRMG2
rRqDAmEKWZDevar7JGFdFtf0O+Sa0qYaQXU6MZYRwDRpWMKl81iVexeidJxU
8EiaNx9D7Vsd28PS8hPDypGZRqNWnjiKLshIEaGDbgR48YZBE84iaUwLiYWQ
dOCQZIBsjzBgxKrDUFOYrKiBUvSFDglOAlvIOZ8ZmE6cyhRGCQkqRHwysGl8
GHAmTqBwBscH1/k0Np0PHWlz/AbJ57h9b7giGYQaMOSqZO5J8MFiZLbU9g2X
p0il2G5PiiaU2+nUJuiPlyJO78p7ofQ8SNCmNfZWnKWFroLlm0N4XoUutVHj
Eq6ao8cPRNyPixQPX6f1qdOK5i8+X2+onREbXwAwLhJw6rcyQokrVXlO0YVM
2J7qGeSy01D0GmTupUygwUm852u47OptGDMXhuZER6/M5inWfZi/M5BxiVPA
csgcFomtD2emjDFdAgKNC2g/MkMowPNKkkJe+5K+evjkKJ9Sz84WUweGB0gA
ldfPqCdtsazqteJV6FRAsUyyqYCHV53YSPTGp8++eObaZU+GL5fw420yDIhj
sJwiyzch03G8DFuQUT8urC84cpfnjHqezU6Ns865gYOoT+NX/EInvecg00ZE
6pwOUmtwbHCJhmGWiviEDGNXJlOGnPT4Imzrb1AZo4wgwenEsssr/Ihy3tvi
nmvnD2ybsGI7cmIzNbbKse5Lgh5J37EMBTv0R4UN8AhfQN8lcceqkvlQrZ58
ImKnSC4sCm4ZCeWfmfpQrx9lqozpFFuaBC4HZVI3I8yIGc2LHUbvUG8uNbBC
nA5km9LkPM6jnOXr0yBS3FQ2QiOU1+q9x+E0teX9WbRyCL4K/BVma7o8F4v7
RXp6Iy0BWKFM7EJRgtjqgV7DQ46HbWEx5oDQt7lTgPGCgpE+1mVKjmcuUnUp
WZrL83czbFWAqS7fXCQ//fmHV+cM7QQxy16Iy/Ztw618HOcKPsy3rgHdaLUm
j2BBxDEmTdZr80GWkWWU4VAmYF92YXCDfsKfDqJG0tYgX3skYveRtiKJXg1y
oG+LgeVjoMhIQ/+s0PevYtWnFQaJyux427QDZPJcYlsz6+56iD1Iq5w/w33F
7hlGwKaf7pGBx9guTjazX2x9QEQpc9hu81DhEfA1WTC8goasrxjZ8A3fQ9BW
aGRotWtFygRFWSVaJlgIm3KbT3fRYYHaCxJMs4MHmVCnfTFR0MKPDyClko6O
wjo6huA2+jr1DsD+oX8ENQnugJ97YEBm8AOZ+shp6viYtoCumGkyTjc3KBMY
pf79Tb01HWILIzMT815GAw988bGBlWJTA7WOB7Zr6QWce2qf6qpJIKQWdHCr
0EQOKeTkBJInK/JQONUc1CO1CXcKMIH8bC01GQy4rw2ehYKYcOId9RGy+64O
R5KjPMdR08nHMkhJjtr43fW1THtf3LtPn/74av7i+K8t8jXzVePbLf7XV0t4
IfP0QXP+OhlgqFPRK3LDSg6VyeqnaJdbsAotMeQ3ZoIiO+qyeLQOvkZjkOZC
4q0YTS0t20788waaQQmEfdpMUykXKFX4YFPFT8Aw0mSBcFeNPpl1zeSZdXkZ
DCJzCJZFOrAJjnXeQSBNGgNE4KQVfZBHE79THTRN1WlHvWJ4DVZt87B4LQMM
nxGHs30fhwfZaLl6LSdMByZbZ7ND3pakH/p4NHdWCobAFFBfGzZrb6uxDSZR
qQylMRWL7gGxSIJXni6tJEjdcz+ndgbz+rIIeqn9MUfSW6lN6lz5GyuCd4JG
ZjhmpId4Nlc2s06LswXm1adpIPYkQCTv4VtwZcanz9Ql0Xmm5nQYnXAlJldu
2jhSomBzxiFCwjgTdqld3tFhcLgM8bktl1WsP867S8zaYygdiUVdvnmh5TLG
bn48DFHVSltkHhMTlkscNFrO0rKTVgnDi75rO2DtaI2djOpdr3do74DTQxZn
NnBqNoEMMDEIVFs0+7AqST8lhVBlykYZ/lBalRPCe340+cremgW3kCqqGx5I
L2s4VYMjLe/xVtIcTkLA1Zp5ePUsZrtgz26zcR/KG/NIc/nzFYmVqSp+CCcl
vr2CK7LvKnKWs7pLG0ZtL/BO40BrLTBnogXmRaRUEF+Shd03u6zQ2WVJPjqW
ZIYxwsfFt8nEvdgaw+VNsRJSKuP4Pr559e7i2RMG5etkkPA8ztnrFam/SvNf
dVIMynFEt398n96C9IVXi64ko9oqseWK+55EzrE7b4Ge0VcWvq31nm3FF2++
nb+4OJs/ffY1CAnD0ET+yNgi9n2YQJnvEnCUCLNrjU/SbjjKm4YJO9Wcni9q
MQcljpPCBzgqAYhb81TT00wTCviQUcCHSAGCVvEAGUhDUZAPE7OwQ/wwUFfa
LrA/tDPqXQhWtrWC9DfDKmgu1nahoPlUYiqjeXYobxgPsEvW5S4qsxUHG/8w
VrYT8/sYgTScwKGKwlC+ZeXqtFvYNtwxonYcY0LwFKvbUus4uTNux0TslX7J
4f/efO0lUZl2f20QhrRyWOmGIyUQRyGGalm+C4HBHQ1KRLV1U15XrATZxa4a
njNploGYC2LIiYGenA8K86+ZvkGdeI2L0MrOvS03qqzNpc2yaw9XwE5J3qwE
LFBvfOgC2G5HA+JtVu5wcST9b6XhVxnpYjxJ3rQ4omCXUErKQ6P+9KEBwIGc
0RQV5CY81wSEaKA3zDgsasbjRjEDt911qLNPXQWyCDenQfsPe7LVTZHJl3G2
ZuIWbHf9cfGn+raKW7Qhr2VSmBBMCPVdJNjPWaIYZxO44QRY2SKyK1FgQzX/
KyH/xIJRfLTMlConOydsgI7ZVRJpqLTv3cWmUCuo2ixsRNGwNEmazMdpAhfT
BFxmGHvj89uOeVNpPCUDlx7MGSqnPUxSc97w/J+MgtVY4JAjVijoGbr0BkXk
KzGAhq5vsFdWnPxEp50vBh0ZXuMsmi4MRgc4jmn5zzpp3CzZxOaYsGnLPNYe
IuYXQe//HBwFtbmiYXcCmkxlnMwMTeZIcbsg/RQGCmpJD8tuy20E90JSFuS7
d00uGLTxW2Lm6TROPuqh+jXH72dNkq9Jh1+TuBqtP8lgpUPKrXufftKx7aOQ
Xy9FATivu7Jbzddt+1HlKffanLD1w+A4q1vtQnHZoO9QgWaXwbiE1oQ1tcNE
Lc2iVRi0/arlDHo0Q8fBQBcVxqEEHNtL/M+fNbrI+uVIbBNavc2sT9wJa0lP
oqjk8z3+6ovjEAvX7lKUDalavaruApKAm3ho4PcU+jZg0KNAQaLBam454Y4w
OBlLTS+Ly0fZnsPxX18DH6OPsxtc7IiSMxfXMWnkbNtBrXmOKV83iiqfWecW
7b+NTWtcm61Wrjy0KxFxcrAJ7djO4qg1zlmENBQXfajXaoEvcR9j9Hjbbnc6
1U+5ZdOGqbXyzlheisELw70O62M4lc3FdlxuciZOAvI+sZEqAImx6OZ2p0yT
a21fwAQwkz5e9f5h8zJenmsT6X/u6hUGMnFZxRWCC8n5JAIbKZTIybB4teiE
pJiVGwaUQoE/sNzoyCKXFl3Ul62w0RWql8omZBwQPkXQIGnXKs41/K7K/9Nn
CbnMl9kfVQKPh61I9+E0NBTX0kluUUaVRTgNLs7aYqf8rDkm3W1lZIoQiNJ8
Iwe7OpU5I5zHC5yYNogkI+kkZadWDNftaoVXECIC2HXFGYgNPUU662Ret1yP
bLQVJD+mkR0airDsOfia1sv/lWsHf5tXPBDUV7tObN9KegIW946pNHY5apZm
zlmmkNp7aFZWWuGnoz39OMymbyaFLY0ZEat6Avw2oAWPBwRIS6ZmsrOSKmv+
g7EhfZkgS9pCH81oDlkSY/EjgoQX20FIawoNLii1CB82DJQqnIS0tLB4DKo/
x2URUvp1BDYNjbpShbPpvJ0KpcHo1Rcc9hG/QqmlywPur6WyVbn7Rg1brnNF
hJHVL7txfa1IQAYnUPoiq7ujpfC84kEEX8vqJk3wdDDbVPkU9zKXCCuyCy10
jHmPM265FPNQInMyDtgmIhffXnyXmfGBBhxr8lGqY7rWnqiovoqT3oEqlUim
bb2tMJOF6508XWJpTqxYsLHNUGwguwsB79YoHMTdhRnrI1kXCtgVvks7a9Ma
4vex0/4VmStk3mhIf3APkzjRe6E9R5iaOZhGLB3X8snkPcRzDcOYOIkYsYsS
44+G08Se/HadpZsYu/3Rtqq6RwIVduKG8w58OtQbQ0olJs3UnyMQBVmr3kCj
ESweP5qByWhPuPZO4vU+qWHDI/gJ6HrapvGbECIJ85O4Ey+7nqrxphj7vER8
uBOtWwvgFUPsqXSu0wYN8goBoq2+lgvSulGs36JBMVHrYkG0rhmiJ5S0pkyr
zUW/ET5jZsJPoCChRz+EH3Kg5EckER/JKbMaux/CYc1cioYYRkiRiyET4Pdj
ZIkBZfBNboxzFSb+spge/fmDDXW3+BmnDJIwTfF3YRLlSEIuB6ibRhJ6CKku
75+cDFxar9pYE2GIoHQK56MXIsTQwmgiaWdLe2bk/jGoDaraBeKnTXHxfWaW
KlQZXfKcAyZBKLAwzVsFAZmzqtT8SUTKPvdRBvgNqAp/ZZqKFzguCdXW/UEF
L899r/2Ak0P7QkRjFjmhhf1TKCX6EFLwdYTUz1FSYl+gTOStFWdwIAx+BWpQ
Qw05yIq1GAgQNKO0/CjDJhOxE2HJnDWRDyVaiGbB5h0MrZs9hE6UHWA8/YcQ
i2zAnEsbXthNUqwBmBUGcsXoZjvtQTWhDYn7w3B6XrSzranj1+fm8WbSLJ4l
WaX6V2HOgrDcMw1PRjEmCHifJ+BHVm8QDKHDoclzFNCWnKItFX8n2hITqhW4
OgsCBeDIup8oXZ3odUuBGrKyrn2oTGEkcMDIsWiLNE8B5TXDsylGeDbHOUhp
hAs/LyUeeC4y9d/YLNMxdtMz9KYmBmaV9PnAc7IxBQsf/JVcHh9+MwXOk2Mr
q7AP9mLth3MFE7zGoRNkcwXTxMh4ruBICPDXrERYukPAuU4nUFgzz0BQRKFa
+o8DmHUOYrDL7hKHlNkoQjOFkHQC2JtVOhuInuPRMpPYcKGyKplUOAZtSQ+Y
w55caLBAbb1lb6UdpErXIiNt54G4tERi14kZyENsDf7IKrf4FxIi0U2DPOSg
VVtzxWZXounGoVWvUpSPNHQd1KVREeNAVt2yEpBIz7k1iJceflhX+4/3qfUW
524ZdrlQENcT+IjvtvDtGgaFysW5srsVuA+R6WrBKwenkI4glmWWlzaS0s+c
KCqIZt51aIUkUcu4Nx4zc2O6cBUbBzJpFNqe0FGxqxs18ROBu4RbXl5b5QsL
tmQqJ6sHxwW4m9D6OFInRBdpRT5WOL9ru7UUUsMfmzGoCjAGWJUqPzDiCuuJ
sZvpi0f2okei7kW7zGKLB/RmKYXcRj+xpQjPfoupu2/pq8/FXPoRAvdN3Xx0
7qLdhPDemlT0Dmcw4e9GAa5ZCWl9YhCymWKzVBYfwBExZnopk6QfgCCL8Ffu
YfirBwdwHr48f3FxNnMvV8+++urp748G40uGUQVDJBlPT9HEmxAqCgn5k0m0
ZYQ3OgWolr5vFvpNzJPelDChLQGt0oLPP9QbxGS4MPehFTA8e/Ll13NUyltg
vyveX5wdFVamOUuFCGqeuRMvCAWlNwbKZ8gesbDNHDzAhkwAHrDIQQwwE/5p
FTXHTf0Npxxsd5ir9zMX8/14k6sGaZCRwTNZbm6QG9ZkzZANyqxsxU4xXQ8z
JZeZsGHF6PsqhyL5JkO+8/lD/I61VHnZmDOFRpXsOzuMKaIvS5511Sf+m52k
FJhDrM0YE4nPmaVZUFOM2wG+ZkCvFFuSm1TZvlrx6OoA8cA4NVO+DF1Z67nW
ES1eyKiyOCHx3yqMO+QSj6mEOTbX2rTEcisbg3tHybOX6iXxM/VDx8XhJRyU
yVm8bNPsmVtrY3ZktM+JIN+40tp7rX0qzsCdTjEn7YlhwjkxR3SBkh48TJff
WjsO7fz4SOUhi67vAiYFPnAZXhwCC3vnKgWxlPjh0IZqTqaO32H4bKD5pJ6I
50DZE6wOZ8RtR6lCQfKkq285G4uLipBzKhRD315ApSMJswMxHJ6///P50Szu
IcOc5pzLbv0x8UyA69Jrg6IEfvLYw1TBQmo+m9UsglQhMMfwl6WgBIKR1W3c
SDQyVyB+OAOKM5GZXsFBo8XJzAO2xAJk8Z4EazoXqg7ToBLZm3bOi/xlPQN5
qprGsL6465JrKCWIKr4UnBh0ygLXzwynMsgbqw3jVbEzbD+UkBS0166OFcu6
SA7C6Fbydk1TzHxcuHCXxB/Zxwoj6TPdmVgv5quW9jCe8/MGZIuZH0Ibea3Q
GA9BrWmbci8DOdl8zu4QV3uaRz61pZeWnoQ4o7VPj+EFJHCeal0yQ2SI2Z/7
4CEKkGcxUSM6RGhlECCBCspwMRJdRc8ZIrPGinAGjuXmg/TQMokbD+9R7R+F
Q8oRYF4zNn1mWAzRtvWc8vkoobGVi8CKQPEZt6cIKGGAAuxa8HkSEmSgb0xY
MkQAHKVN803rb7J24NQbrRiWXvruyg4nFCVtwZEtVqDKpT6YQOQKq5SstC3n
cCizjhT0D8vDKISfyJHhgbWS5UZ9j0GxzWJdxMifQYcMf4aeI1VyVzspkrMu
bbDOQDQGsHYmVEOEa4U49nBqccgOlpVVmerhHLaAFmo37JEY7uesSbks/UVU
sp8+m9awbmwvRYxAa+HRFsG0wGpfCWfSUi65vWheBSU8wMuDVra+w3H7uuZ7
gmvNpfnicZPbtWaPBu7gzJlI3hfaF0iOuh94pVqWccKTdrBNSR2WvTXbWvR4
uiga0obBaGDsbWq/VvC4esMwrBKbKBMrYzhicC7n5OhG5n07p//MRHJjSGa5
7PcZMFyJlns2LpfO3JyzCRy7qEUxjgcAwr4LmILW9a7zMRPbSvVsygQMViSl
FSexnV2Kk3m3HfiYi4z6ByCbNC8ZZ5+laxQKSe22dPQGtwQMTQrrfj4SM8Ec
DJdVDfbZKsUWVBwaeauMIMzq5aRF3JqLJqvdhkUI0QThJ6Rtic5K082paJKc
FuQz0dNfd6trSQUvBKlngA30Mxf27Na9DxjSv6nbJRVtrFxcGUPDgw6dBxoX
T2NgTKuOnMXuWOSF1nfOCL86e3s2zgbXZVP+MqyVC0XcdDz8NYllHRfDBo6x
ANOBbUxHyivJ4DKe9MQz2IbzhIe54cmuFO1a1PYNBhCb6Dd1bg7McYzko22f
LdFwSN4z36R3n06kF61a/eGA25sOtMRHZsvTVu3zJoK/b1b/579Xfy0udt1/
/i8x5tk8SnMrCjhBKyrZ/QaHhYqAdFpV9DTMMi+bj764qRkF0YUi6dvK9A5f
lAHc9y0JHAMLf//q3cvi98+O8/WvJe+Ap/5rWxVnRG/EtOfrdre6IiqsyJ84
v+lAXESrL9ebijjY5X9/x2x6edNuSkzdKw5XFemBI1nxy67+WDyvumuSE//5
PzfF4cVdRUu9IScMMODkpn8Dw4zvQioTgS/OZE/SEElmKbrR/kcVbp/ZRM9v
OfhJK5b0oeKlWsGD9HvIs6evkkTGqiuv+vm+Xkq+m/mTZ9Nff69FkGDD+ZOn
bEifrVbckpd1GBVnhmtsTUgcikzu/LHMKlpVy3a3FZMmS4Cx6ELedxfGDITY
hhRtbjXVmVmV0g8+KyJY3QTQaJK4ERCFnm3pJGgPvemJXcUZgdtQhTYBTaHI
viwXqtkqesq6XFQcjzpgRKOnj589/uLgmA7qRcSBttRdROkawPCJEZJP9S4G
U6dpF9ed5b7YCSYJSyKiANqmWJcTOHawoCPW6awYgjLL0QT4yYvhQgW3kp5y
eWPDF6XowDQmyYcoIqcRqwIOb5FPrR5NAs9Qq0QPTswMx+G+bSUfalp6uPEH
Uc9oHYkIZgg0Az27GiCzae5VQKANGE+RV+kxgybXNI6XQ6YhKaOwacTfL8mT
wAxD0KZgzc+fPJmBxY7IjOwY947+VGnZVldua4iIpQa1TiVlYvMY6ZgU3aLd
kKDVEYzH7v8ClKceaRrfAAA=

-->

</rfc>

