<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.14 (Ruby 3.1.2) --> version='1.0' encoding='UTF-8'?>
<!DOCTYPE rfc [
<!ENTITY nbsp " ">
<!ENTITY zwsp "​">
<!ENTITY nbhy "‑">
<!ENTITY wj "⁠">
]>
<?rfc comments="yes"?>
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" number="9788" docName="draft-ietf-lamps-header-protection-25" category="std" consensus="true" submissionType="IETF" obsoletes="" updates="8551" tocInclude="true" sortRefs="true" symRefs="true"> symRefs="true" version="3" xml:lang="en">
<front>
<title abbrev="Cryptographic MIME Header Protection">Header Protection for Cryptographically Protected E-mail</title> Email</title>
<seriesInfo name="RFC" value="9788"/>
<author initials="D. K." surname="Gillmor" fullname="Daniel Kahn Gillmor">
<organization>American Civil Liberties Union</organization>
<address>
<postal>
<street>125 Broad St.</street>
<city>New York, NY</city> York</city>
<region>NY</region>
<code>10004</code>
<country>USA</country>
<country>United States of America</country>
</postal>
<email>dkg@fifthhorseman.net</email>
</address>
</author>
<author initials="B." surname="Hoeneisen" fullname="Bernie Hoeneisen">
<organization>pEp Project</organization>
<address>
<postal>
<street>Oberer Graben 4</street>
<city>8400 Winterthur</city>
<country>Switzerland</country>
</postal>
<email>bernie@ietf.hoeneisen.ch</email>
<uri>https://pep-project.org/</uri>
</address>
</author>
<author initials="A." surname="Melnikov" fullname="Alexey Melnikov">
<organization>Isode Ltd</organization>
<address>
<postal>
<street>14 Castle Mews</street>
<city>Hampton, Middlesex</city>
<code>TW12 2NP</code>
<country>UK</country>
<country>United Kingdom</country>
</postal>
<email>alexey.melnikov@isode.com</email>
</address>
</author>
<date year="2025" month="January" day="06"/>
<area>Security</area>
<workgroup>LAMPS Working Group</workgroup>
<keyword>Internet-Draft</keyword> month="May"/>
<area>SEC</area>
<workgroup>lamps</workgroup>
<!-- [rfced] Please insert any keywords (beyond those that appear in
the title) for use on https://www.rfc-editor.org/search. -->
<abstract>
<?line 88?>
<t>S/MIME version 3.1 introduced a mechanism to provide end-to-end cryptographic protection of e-mail email message headers.
However, few implementations generate messages using this mechanism, and several legacy implementations have revealed rendering or security issues when handling such a message.</t>
<t>This document updates the S/MIME specification (RFC8551) (RFC 8551) to offer a different mechanism that provides the same cryptographic protections but with fewer downsides when handled by legacy clients.
Furthermore, it offers more explicit usability, privacy, and security guidance for clients when generating or handling e-mail email messages with cryptographic protection of message headers.</t>
<t>The Header Protection scheme defined here is also applicable to messages with PGP/MIME (Pretty Good Privacy with MIME) cryptographic protections.</t>
</abstract>
<note title="About This Document" removeInRFC="true">
<t>
The latest revision of this draft can be found at <eref target="https://dkg.gitlab.io/lamps-header-protection/"/>.
Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-ietf-lamps-header-protection/"/>.
</t>
<t>
Discussion of this document takes place on the
LAMPS Working Group mailing list (<eref target="mailto:spasm@ietf.org"/>),
which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/spasm/"/>.
Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/spasm/"/>.
</t>
<t>Source for this draft and an issue tracker can be found at
<eref target="https://gitlab.com/dkg/lamps-header-protection"/>.</t>
</note>
</front>
<middle>
<!-- <?line 98?> 98?>-->
<section anchor="introduction"><name>Introduction</name> anchor="introduction">
<name>Introduction</name>
<t>Privacy and security issues regarding e-mail email Header Protection in S/MIME and PGP/MIME have been identified for some time.
Most current implementations of cryptographically protected electronic mail email protect only the body of the message, which leaves significant room for attacks against otherwise-protected messages.
For example, lack of Header Protection allows an attacker to substitute the message subject and/or author.</t>
<t>This document describes how to cryptographically protect message headers, headers and provides guidance for the implementer of a Mail User Agent (MUA) that generates, interprets, and replies to such a message.
It uses the term "Legacy MUA" to refer to an MUA that does not implement this specification.
This document takes particular care to ensure that messages interact reasonably well with Legacy MUAs.</t>
<section anchor="update-to-rfc-8551"><name>Update anchor="update-to-rfc-8551">
<name>Update to RFC 8551</name>
<t>An older scheme for Header Protection was specified in S/MIME 3.1 (<xref target="RFC8551"/>), <xref target="RFC8551"/>, which involves wrapping a <spanx style="verb">message/rfc822</spanx> <tt>message/rfc822</tt> MIME object with a Cryptographic Envelope around the message to protect. protect it.
This document refers to that scheme as RFC "RFC 8551 Header Protection, Protection", or "<iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref>".
Substantial testing has shown that <iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref> does not interact well with some Legacy MUAs (see <xref target="rfc8551-problems"/>).</t>
<t>This specification supersedes <iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref>, effectively replacing the final two paragraphs of <xref section="3.1" sectionFormat="of" target="RFC8551"/>.</t>
<t>In this specification, all Header Fields gain end-to-end cryptographic integrity and authenticity by being copied directly into the Cryptographic Payload without using an intervening <spanx style="verb">message/rfc822</spanx> <tt>message/rfc822</tt> MIME object.
In an encrypted message, some Header Fields can also be made confidential by removing or obscuring them from the outer Header Section.</t>
<t>This specification also offers substantial security, privacy, and usability guidance for sending and receiving MUAs that was not considered in RFC 8551.</t> <xref target="RFC8551"/>.</t>
<section anchor="rfc8551-problems"><name>Problems anchor="rfc8551-problems">
<name>Problems with RFC 8551 Header Protection</name>
<t>Several Legacy MUAs have difficulty rendering a message that uses <iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref>.
These problems can appear on signed-only messages, as well as signed-and-encrypted messages.</t>
<t>In
<!--[rfced] FYI - In the following sentence, we have updated "page 5"
to "Section 2". Please review and let us know of any objections.
Original:
In some cases, some mail user agents cannot render <spanx style="verb">message/rfc822</spanx> message/rfc822
message subparts at all, in violation of baseline MIME requirements
as defined on page 5 of [RFC2049].
Current:
In some cases, some mail user agents cannot render message/rfc822
message subparts at all, which is in violation of baseline MIME
requirements as defined in Section 2 of [RFC2049].
-->
<t>In some cases, some mail user agents cannot render <tt>message/rfc822</tt> message subparts at all, which is in violation of baseline MIME requirements as defined in <xref section="2" target="RFC2049"/>.
A message using <iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref> is unreadable by any recipient using such an MUA.</t>
<t>In other cases, the user sees an attachment suggesting a forwarded e-mail message, which email message that -- in fact -- contains the protected e-mail email message that should be rendered directly.
In most of these cases, the user can click on the attachment to view the protected message.</t>
<t>However, viewing the protected message as an attachment in isolation may strip it of any security indications, leaving the user unable to assess the cryptographic properties of the message.
Worse, for encrypted messages, interacting with the protected message in isolation may leak contents of the cleartext, for example, if the reply is not also encrypted.</t>
<t>Furthermore, <iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref> lacks any discussion of the following points, all of which are provided in this specification:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>Which Header Fields should be given end-to-end cryptographic integrity and authenticity protections (this specification mandates protection of all Header Fields that the sending MUA knows about).</t>
</li>
<li>
<t>How to securely indicate the sender's intent to offer Header Protection and encryption, which lets a receiving MUA detect messages whose cryptographic properties may have been modified in transit (see <xref target="hp-parameter"/>).</t>
</li>
<li>
<t>Which Header Fields should be given end-to-end cryptographic confidentiality protections in an encrypted message, message and how (see <xref target="header-confidentiality-policy"/>).</t>
</li>
<li>
<t>How to securely indicate the sender's choices about which Header Fields were made confidential, which lets a receiving MUA reply or forward an encrypted message safely without accidentally leaking confidential material (see <xref target="hp-outer"/>).</t>
</list></t>
</li>
</ul>
<t>These stumbling blocks with Legacy MUAs, missing mechanisms, and missing guidance create a strong disincentive for existing MUAs to generate messages using <iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref>.
Because few messages have been produced, there has been little incentive for those MUAs capable of upgrading to bother interpreting them better.</t>
<t>In contrast, the mechanisms defined here are safe to adopt and produce messages with very few problems for Legacy MUAs.
And,
And <xref target="RFC8551HP"/> provides useful guidance for rendering and replying to <iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref> messages.</t>
</section>
</section>
<section anchor="legacy-mua-risks"><name>Risks anchor="legacy-mua-risks">
<name>Risks of Header Protection for Legacy MUA Recipients</name>
<t>Producing a signed-only message using this specification is risk-free. risk free.
Such a message will render in the same way on any Legacy MUA as a Legacy Signed Message (that is, a signed message without Header Protection).
An MUA conformant to this specification that encounters such a message will be able to gain the benefits of end-to-end cryptographic integrity and authenticity for all Header Fields.</t>
<t>An encrypted message produced according to this specification that has some user-facing Header Fields removed or obscured may not render as desired in a Legacy MUA.
In particular, those Header Fields that were made confidential will not be visible to the user of a Legacy MUA.
For example, if the <spanx style="verb">Subject</spanx> <tt>Subject</tt> Header Field outside the Cryptographic Envelope is replaced with <spanx style="verb">[...]</spanx>, <tt>[...]</tt>, a Legacy MUA will render the <spanx style="verb">[...]</spanx> <tt>[...]</tt> anywhere the <spanx style="verb">Subject</spanx> <tt>Subject</tt> is normally seen.
This is the only risk of producing an encrypted message according to this specification.</t>
<t>A workaround "Legacy Display" mechanism is provided in this specification (see <xref target="hp-legacy-display"/>).
Legacy MUAs will render "Legacy Display Elements" to the user, albeit not in the same location that the Header Fields would normally be rendered.</t>
<t>Alternately, if the sender of an encrypted message is particularly concerned about the experience of a recipient using a Legacy MUA, and they are willing to accept leaking the user-facing Header Fields, they can simply adopt the No <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> (see <xref target="no-confidentiality-hcp"/>).
A signed and encrypted signed-and-encrypted message composed using the No <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> offers no usability risk for a reader using a Legacy MUA, MUA and retains end-to-end cryptographic integrity and authenticity properties for all Header Fields for any reader using a conformant MUA.
Of course, such a message has the same (non-existent) confidentiality properties for all Header Fields as a Legacy Encrypted Message (that is, an encrypted message made without Header Protection).</t>
</section>
<section anchor="motivation"><name>Motivation</name> anchor="motivation">
<name>Motivation</name>
<t>Users generally do not understand the distinction between message body and message header.
When an e-mail email message has cryptographic protections that cover the message body, body but not the Header Fields, several attacks become possible.</t>
<t>For example, a Legacy Signed Message has a signature that covers the body but not the Header Fields.
An attacker can therefore modify the Header Fields (including the Subject header) Subject) without invalidating the signature.
Since most readers consider a message body in the context of the message's Subject header, Subject, the meaning of the message itself could change drastically (under the attacker's control) while still retaining the same cryptographic indicators of integrity and authenticity.</t>
<t>In another example, a Legacy Encrypted Message has its body effectively hidden from an adversary that snoops on the message.
But if the Header Fields are not also encrypted, significant information about the message (such as the message Subject) will leak to the inspecting adversary.</t>
<t>However, if the sending and receiving MUAs ensure that cryptographic protections cover the message Header Section as well as the message body, these attacks are defeated.</t>
<section anchor="backward-compatibility"><name>Backward anchor="backward-compatibility">
<name>Backward Compatibility</name>
<t>If the sending MUA is unwilling to generate such a fully protected message due to the potential for rendering, usability, deliverability, or security issues, these defenses cannot be realized.</t>
<t>The sender cannot know what MUA (or MUAs) the recipient will use to handle the message. Thus, an outbound message format that is backward compatible with as many legacy implementations as possible is a more effective vehicle for providing the whole-message cryptographic protections described above.</t>
<!--[rfced] Should "highest" be added to this sentence to describe the
"extent possible"?
Original:
This document aims for backward compatibility with Legacy MUAs to the
extent possible.
Perhaps:
This document aims for backward compatibility with Legacy MUAs to the
highest extent possible.
-->
<t>This document aims for backward compatibility with Legacy MUAs to the extent possible.
In some cases, like when a user-visible header like the Subject is cryptographically hidden, a Legacy MUA will not be able to render or reply to the message exactly the same way as a conformant MUA would.
But accommodations are described here that ensure a rough semantic equivalence for a Legacy MUA even in these cases.</t>
</section>
<section anchor="deliverability"><name>Deliverability</name> anchor="deliverability">
<name>Deliverability</name>
<t>A message with perfect cryptographic protections that cannot be delivered is less useful than a message with imperfect cryptographic protections that can be delivered.
Senders want their messages to reach the intended recipients.</t>
<t>Given the current state of the Internet mail ecosystem, encrypted messages in particular cannot shield all of their Header Fields from visibility and still be guaranteed delivery to their intended recipient.</t>
<t>This document accounts for this concern by providing a mechanism (<xref target="header-confidentiality-policy"/>) that prioritizes initial deliverability (at the cost of some header leakage) while facilitating future message variants that shield more header metadata from casual inspection.</t>
</section>
</section>
<section anchor="other-protocols-to-protect-e-mail-header-fields"><name>Other anchor="other-protocols-to-protect-e-mail-header-fields">
<name>Other Protocols to Protect E-Mail Email Header Fields</name>
<t>A separate pair of protocols also provides some cryptographic protection for the e-mail email message header integrity: DomainKeys Identified Mail (DKIM) <xref target="RFC6376"/>, as used in combination with Domain-based Message Authentication, Reporting, and Conformance (DMARC) <xref target="RFC7489"/>.
This pair of protocols provides a domain-based reputation mechanism that can be used to mitigate some forms of unsolicited e-mail email (spam).</t>
<t>However, the DKIM+DMARC suite provides cryptographic protection at a different scope, as it is usually applied by and evaluated by a mail transport agent (MTA).
DKIM+DMARC typically provide MTA-to-MTA protection, whereas this specification provides MUA-to-MUA protection.
This is because DKIM+DMARC are typically applied to messages by (and interpreted by) MTAs, whereas the mechanisms in this document are typically applied and interpreted by MUAs.</t>
<t>A receiving MUA that relies on DKIM+DMARC for sender authenticity should note <xref target="from-addr-spoofing"/>.</t>
<t>Furthermore, the DKIM+DMARC suite only provides cryptographic integrity and authentication, not encryption.
So cryptographic confidentiality is not available from that suite.</t>
<t>The DKIM+DMARC suite can be used on any message, including messages formed as defined in this document.
There should be no conflict between DKIM+DMARC and the specification here.</t>
<t>Though not strictly e-mail, email, similar protections have been in use on Usenet for the signing and verification of message headers for years.
See <xref target="PGPCONTROL"/> and <xref target="PGPVERIFY-FORMAT"/> for more details.
Like DKIM, these Usenet control protections offer only integrity and authentication, not confidentiality.</t>
</section>
<section anchor="applicability-to-pgpmime"><name>Applicability anchor="applicability-to-pgpmime">
<name>Applicability to PGP/MIME</name>
<t>This document specifies end-to-end cryptographic protections for e-mail email messages in reference to S/MIME (<xref target="RFC8551"/>).</t> <xref target="RFC8551"/>.</t>
<t>Comparable end-to-end cryptographic protections can also be provided by PGP/MIME (<xref target="RFC3156"/>).</t> <xref target="RFC3156"/>.</t>
<t>The mechanisms in this document should be applicable in the PGP/MIME protections as well as S/MIME protections, but analysis and implementation in this document focuses on S/MIME.</t>
<t>To the extent that any divergence from the mechanism defined here is necessary for PGP/MIME, that divergence is out of scope for this document.</t>
</section>
<section anchor="requirements-language"><name>Requirements anchor="requirements-language">
<name>Requirements Language</name>
<t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>",
"<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>",
"<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document
are to be interpreted as described in BCP 14 BCP 14 <xref
target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
<?line -18?>
<t>The here.
</t>
<!--[rfced] To reflect how their usage is described in RFC 8126, we
have updated "key words" to "policies" and "SPECIFICATION
REQUIRED" and "IETF REVIEW" to "Specification Required" and "IETF
Review", respectively (i.e., we capitalized only the first letter
of each word and removed <bcp14> tags around "REQUIRED" in the
XML). Note that all occurrences of these terms have been made
lowercase.
Additionally, may we move this text from the "Requirements Language"
section to the "Terms" section as the first paragraph since these
terms are not key words?
One example
Original:
The key words "SPECIFICATION <bcp14>REQUIRED</bcp14>" REQUIRED" and "IETF REVIEW" that appear
in this document when used to describe namespace allocation are to be
interpreted as described in [RFC8126].
Current:
The policies "Specification Required" and "IETF Review" that appear
in this document when used to describe namespace allocation are to be
interpreted as described in [RFC8126].
-->
<t>The policies "Specification Required" and "IETF
Review" that appear in this document when used to describe namespace
allocation are to be interpreted as described in <xref
target="RFC8126"/>.</t>
</section>
<section anchor="terms"><name>Terms</name> anchor="terms">
<name>Terms</name>
<t>The following terms are defined for the scope of this document:</t>
<t><list style="symbols">
<t>S/MIME: Secure/Multipurpose
<dl spacing="normal" newline="false">
<dt>S/MIME:</dt><dd>Secure/Multipurpose Internet Mail Extensions (see <xref target="RFC8551"/>)</t>
<t>PGP/MIME: target="RFC8551"/>)</dd>
<!--[rfced] To match use in RFC 3156 and the companion document, we
updated the expansion of "PGP/MIME" in the Abstract and Terms
section as follows. Please let us know of any objections.
Original (Abstract):
The Header Protection scheme defined here is also applicable to
messages with PGP/MIME cryptographic protections.
Current:
The Header Protection scheme defined here is also applicable to
messages with PGP/MIME (Pretty Good Privacy with MIME) cryptographic
protections.
...
Original (Section 1.7):
* PGP/MIME: MIME Security with OpenPGP (see [RFC3156])
Current:
* PGP/MIME: Pretty Good Privacy with MIME (see [RFC3156])
-->
<dt>PGP/MIME:</dt><dd>Pretty Good Privacy with MIME (see <xref target="RFC3156"/>)</t>
<t>Message: An E-Mail Message target="RFC3156"/>)</dd>
<dt>Message:</dt><dd><t>An email message consisting of Header
Fields (collectively called "the Header Section of the message") followed, optionally,
optionally followed by a Body; message body; see <xref target="RFC5322"/>. <vspace blankLines='1'/>
Note: target="RFC5322"/>.</t>
<t>Note: To avoid ambiguity, this document avoids using the terms
"Header" or "Headers" in isolation, but instead always uses
"Header Field" to refer to the individual field and "Header
Section" to refer to the entire collection.</t>
<t>Header Field: A collection.</t></dd>
<dt>Header Field:</dt><dd>A Header Field includes a field name,
followed by a colon (":"), followed by a field body (value), and
is terminated by CRLF; see <xref section="2.2" sectionFormat="of"
target="RFC5322"/> for more details.</t>
<t>Header Section: The details.</dd>
<dt>Header Section:</dt><dd>The Header Section is a sequence of
lines of characters with special syntax as defined in <xref
target="RFC5322"/>. The Header Section of a Message message contains the
Header Fields associated with the Message message itself. The Header
Section of a MIME part (that is, a subpart of a message) typically
contains Header Fields associated with that particular MIME part.</t>
<t>Body: The Body
part.</dd>
<dt>Body:</dt><dd>The body is the part of a Message message that follows
the Header Section and is separated from the Header Section by an
empty line (that is, a line with nothing preceding the CRLF); see
<xref target="RFC5322"/>. It is the (bottom) section of a Message message
containing the payload of a Message. message. Typically, the Body body consists
of a (possibly multipart) MIME <xref target="RFC2045"/> construct.</t>
<t>Header
construct.</dd>
<dt>Header Protection (HP): (HP):</dt><dd>The cryptographic protection of e-mail
email Header Sections (or parts of it) by means of signatures
and/or encryption.</t>
<t>Cryptographic Layer, Cryptographic Payload, Cryptographic Envelope, Cryptographic Summary, Structural Header Fields, Main Body Part, User-Facing Header Fields, and MUA are all used as defined in <xref target="I-D.ietf-lamps-e2e-mail-guidance"/></t>
<t>Legacy MUA: an encryption.</dd>
<dt>Legacy MUA:</dt><dd>An MUA that does not understand Header
Protection as defined in this document. A Legacy Non-Crypto MUA
is incapable of doing any end-to-end cryptographic operations. A
Legacy Crypto MUA is capable of doing cryptographic operations, operations
but does not understand or generate messages with Header Protection.</t>
<t>Legacy
Protection.</dd>
<dt>Legacy Signed Message: an e-mail Message:</dt><dd>An email message that was
signed by a Legacy MUA, MUA and therefore has no cryptographic
authenticity or integrity protections on its Header Fields.</t>
<t>Legacy Fields.</dd>
<dt>Legacy Encrypted Message: an e-mail Message:</dt><dd>An email message that was
signed and encrypted by a Legacy MUA, MUA and therefore has no
cryptographic authenticity, integrity, or confidentiality
protections on any of its Header Fields.</t>
<t><iref Fields.</dd>
<dt><iref item="Header Confidentiality Policy"/><xref
target="header-confidentiality-policy" format="none">Header
Confidentiality Policy</xref> (<iref item="HCP"/><xref
target="header-confidentiality-policy" format="none">HCP</xref>): a
format="none">HCP</xref>):</dt><dd>A functional specification of
which Header Fields should be removed or obscured when composing
an encrypted message with Header Protection. An <iref
item="HCP"/><xref target="header-confidentiality-policy"
format="none">HCP</xref> is considered more "conservative" when it
removes or obscures fewer Header Fields. When it removes or
obscures more Header fields, Fields, it is more "ambitious". See <xref target="header-confidentiality-policy"/>.</t>
<t>Ordinary User: a
target="header-confidentiality-policy"/>.</dd>
<dt>Ordinary User:</dt><dd>A user of an MUA who follows a simple
and minimal experience, focused on sending and receiving e-mails. emails.
A user who opts into advanced configuration, expert mode, or the
like is not an "Ordinary User".</t>
</list></t> User".</dd>
</dl>
<!--[rfced] FYI - We have moved this text to the end of the Terms section since
it does not match the definition list formatting of the other terms listed.
Please let us know of any objections.
Original:
* Cryptographic Layer, Cryptographic Payload, Cryptographic
Envelope, Cryptographic Summary, Structural Header Fields, Main
Body Part, User-Facing Header Fields, and MUA are all used as
defined in [I-D.ietf-lamps-e2e-mail-guidance]
Current:
Additionally, Cryptographic Layer, Cryptographic Payload, Cryptographic
Envelope, Cryptographic Summary, Structural Header Fields, Main
Body Part, User-Facing Header Fields, and MUA are all used as
defined in [I-D.ietf-lamps-e2e-mail-guidance]
-->
<t>Additionally, Cryptographic Layer, Cryptographic Payload, Cryptographic
Envelope, Cryptographic Summary, Structural Header Fields, Main
Body Part, User-Facing Header Fields, and MUA are all used
as defined in <xref
target="RFC9787"/>.</t>
</section>
<section anchor="document-scope"><name>Document anchor="document-scope">
<name>Document Scope</name>
<t>This document describes sensible, simple behavior for a program that generates an e-mail email message with standard end-to-end cryptographic protections, following the guidance in <xref target="I-D.ietf-lamps-e2e-mail-guidance"/>. target="RFC9787"/>.
An implementation conformant to this document will produce messages that have cryptographic protection that covers the message's Header Fields as well as its body.</t>
<section anchor="in-scope"><name>In anchor="in-scope">
<name>In Scope</name>
<t>This document also describes sensible, simple behavior for a program that interprets such a message, message in a way that can take advantage of these protections covering the Header Fields as well as the body.</t>
<!--[rfced] For clarity and consistency, may we update the phrasing of
"Legacy receiving MUA" and "modern receiving clients" as follows?
Original:
The message generation guidance aims to minimize negative
interactions with any Legacy receiving MUA while providing
actionable cryptographic properties for modern receiving
clients.
Perhaps:
The message generation guidance aims to minimize negative
interactions with any Legacy MUA recipient while providing
actionable cryptographic properties for modern client
recipients.
-->
<t>The message generation guidance aims to minimize negative interactions with any Legacy receiving MUA while providing actionable cryptographic properties for modern receiving clients.</t>
<t>In particular, this document focuses on two standard types of cryptographic protection that cover the entire message:</t>
<t><list style="symbols">
<t>A
<ul spacing="normal">
<li>
<t>a cleartext message with a single signature, signature and</t>
<t>An
</li>
<li>
<t>an encrypted message that contains a single cryptographic signature.</t>
</list></t>
</li>
</ul>
</section>
<section anchor="out-of-scope"><name>Out anchor="out-of-scope">
<name>Out of Scope</name>
<t>The message composition guidance in this document (in <xref target="compose"/>) aims to provide minimal disruption for any Legacy MUA that receives such a message.
However, by definition, a Legacy MUA by definition does not implement any of the guidance here.
Therefore, the document does not attempt to provide guidance for Legacy MUAs directly.</t>
<t>Furthermore, this document does not explicitly contemplate other variants of cryptographic message protections, including any of these:</t>
<t><list style="symbols">
<t>Encrypted-only
<ul spacing="normal">
<li>
<t>encrypted-only message (Without (without a cryptographic signature. See signature; see <xref section="5.3" sectionFormat="of" target="I-D.ietf-lamps-e2e-mail-guidance"/>.)</t>
<t>Triple-wrapped target="RFC9787"/>)</t>
</li>
<li>
<t>triple-wrapped message</t>
<t>Signed
</li>
<li>
<t>signed message with multiple signatures</t>
<t>Encrypted
</li>
<li>
<t>encrypted message with a cryptographic signature outside the encryption.</t>
</list></t> encryption</t>
</li>
</ul>
<t>All such messages are out of scope of this document.</t>
</section>
</section>
<section anchor="example"><name>Example</name> anchor="example">
<name>Example</name>
<t>This section gives an overview by providing an example of how MIME messages with Header Protection look like.</t> look.</t>
<t>Consider the following MIME message:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
A └─╴application/pkcs7-mime; smime-type="enveloped-data"
↧ (decrypts to)
B └─╴application/pkcs7-mime; smime-type="signed-data"
⇩ (unwraps to)
C └┬╴multipart/alternative; hp="cipher"
D ├─╴text/plain; hp-legacy-display="1"
E └─╴text/html; hp-legacy-display="1"
]]></artwork></figure>
]]></artwork>
<t>Observe that:</t>
<t><list style="symbols">
<t>Node
<ul spacing="normal">
<li>
<t>Nodes A and B are collectively called the Cryptographic Envelope.
Node C (including its sub-nodes subnodes D and E) is called the Cryptographic Payload (<xref target="I-D.ietf-lamps-e2e-mail-guidance"/>).</t> <xref target="RFC9787"/>.</t>
</li>
<li>
<t>Node A contains the traditional unprotected ("outer") Header Fields.
Node C contains the protected ("inner") Header Fields.</t>
</li>
<li>
<t>The presence of the <spanx style="verb">hp</spanx> <tt>hp</tt> attribute (see <xref target="hp-parameter"/>) on the <spanx style="verb">Content-Type</spanx> <tt>Content-Type</tt> of node C allows the receiver to know that the sender applied Header Protection.
Its value allows the receiver to distinguish whether the sender intended for the message to be confidential (<spanx style="verb">hp="cipher"</spanx>) (<tt>hp="cipher"</tt>) or not (<spanx style="verb">hp="clear"</spanx>), (<tt>hp="clear"</tt>), since encryption may have been added in transit (see <xref target="avoid-summary-confusion"/>).</t>
</list></t>
</li>
</ul>
<t>The "outer" Header Section on node A looks as follows:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net>
To: Alice <alice@example.net>
Subject: [...]
Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Type: application/pkcs7-mime; smime-type="enveloped-data"
MIME-Version: 1.0
]]></artwork></figure>
]]></artwork>
<t>The "inner" Header Section on node C looks as follows:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net>
To: Alice <alice@example.net>
Subject: Handling the Jones contract
Keywords: Contract, Urgent
Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Type: multipart/alternative; hp="cipher"
MIME-Version: 1.0
HP-Outer: Date: Wed, 11 Jan 2023 16:08:43 -0500
HP-Outer: From: Bob <bob@example.net>
HP-Outer: To: Alice <alice@example.net>
HP-Outer: Subject: [...]
HP-Outer: Message-ID: <20230111T210843Z.1234@lhp.example>
]]></artwork></figure>
]]></artwork>
<t>Observe that:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>Between node C and node A, some Header Fields are copied as-is (<spanx style="verb">Date</spanx>, <spanx style="verb">From</spanx>, <spanx style="verb">To</spanx>, <spanx style="verb">Message-ID</spanx>), as is (<tt>Date</tt>, <tt>From</tt>, <tt>To</tt>, <tt>Message-ID</tt>), some are obscured (<spanx style="verb">Subject</spanx>), (<tt>Subject</tt>), and some are removed (<spanx style="verb">Keywords</spanx>).</t> (<tt>Keywords</tt>).</t>
</li>
<li>
<t>The <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Fields (see <xref target="hp-outer"/>) of node C contain a protected copy of the Header Fields in node A.
The copy allows the receiver to recompute for which Header Fields the sender provided confidentiality by removing or obscuring them.</t>
</li>
<li>
<t>The copying/removing/obscuring and the <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> only apply to Non-Structural Header Fields, not to Structural Header Fields like <spanx style="verb">Content-Type</spanx> <tt>Content-Type</tt> or <spanx style="verb">MIME-Version</spanx> <tt>MIME-Version</tt> (see <xref section="1.1" sectionFormat="of" target="I-D.ietf-lamps-e2e-mail-guidance"/>).</t> target="RFC9787"/>).</t>
</li>
<li>
<t>If the sender intends no confidentiality and doesn't encrypt the message, it doesn't remove or obscure Header Fields.
All Non-Structural Header Fields are copied as-is. as is.
No <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Fields are present.</t>
</list></t>
</li>
</ul>
<t>Node D looks as follows:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";
Subject: Handling the Jones contract
Keywords: Contract, Urgent
Please review and approve or decline by Thursday, it's critical!
Thanks,
Bob
--
Bob Gonzalez
ACME, Inc.
]]></artwork></figure>
]]></artwork>
<t>Observe that:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>The sender adds the removed and obscured User-Facing Header Fields (see <xref section="1.1.2" sectionFormat="of" target="I-D.ietf-lamps-e2e-mail-guidance"/>) target="RFC9787"/>) to the main body (note the empty line after the Content-Type).
This is called the Legacy Display Element.
It allows a user with a Legacy MUA which that doesn't implement this document to understand the message, since the Header Fields will be shown as part of the main body.</t>
</li>
<li>
<t>The <spanx style="verb">hp-legacy-display="1"</spanx> <tt>hp-legacy-display="1"</tt> attribute (see <xref target="hp-legacy-display"/>) indicates that the sender added a Legacy Display Element.
This allows receivers that implement this document to recognise recognize the Legacy Display Element and distinguish it from user-added content.
The receiver then hides the Legacy Display Element and doesn't display it to the user.</t>
<t>The <spanx style="verb">hp-legacy-display</spanx>
</li>
<li>
<t><tt>hp-legacy-display</tt> is added to the node to which it applies, not on any outer nodes (e.g., not to node C).</t>
</list></t>
</li>
</ul>
<t>For more examples, see Appendices <xref target="compose-examples"/> target="compose-examples" format="counter"/> and <xref target="rendering-examples"/>.</t> target="rendering-examples" format="counter"/>.</t>
</section>
</section>
<section anchor="specification"><name>Internet anchor="specification">
<name>Internet Message Format Extensions</name>
<t>This section describes relevant, backward-compatible extensions to the Internet Message Format (<xref target="RFC5322"/>). <xref target="RFC5322"/>.
Subsequent sections offer concrete guidance for an MUA to make use of these mechanisms, including policy decisions and recommended pseudocode.</t>
<section anchor="content-type-parameters"><name>Content-Type parameters</name> anchor="content-type-parameters">
<name>Content-Type Parameters</name>
<t>This document introduces two parameters for the <spanx style="verb">Content-Type</spanx> <tt>Content-Type</tt> Header Field, which have distinct semantics and use cases.</t>
<section anchor="hp-parameter"><name>Content-Type parameter: anchor="hp-parameter">
<name>Content-Type Parameter: hp</name>
<t>This specification defines a parameter for the <spanx style="verb">Content-Type</spanx> <tt>Content-Type</tt> Header Field named <spanx style="verb">hp</spanx> <tt>hp</tt> (for Header Protection).
This parameter is only relevant on the <spanx style="verb">Content-Type</spanx> <tt>Content-Type</tt> Header Field at the root of the Cryptographic Payload.
The presence of this parameter at the root of the Cryptographic Payload indicates that the sender intends for this message to have end-to-end cryptographic protections for the Header Fields.</t>
<t>The parameter's defined values describe the sender's cryptographic intent when producing the message:</t>
<texttable title="hp parameter
<table>
<name>hp Parameter for Content-Type Header Field">
<ttcol align='left'>hp Value</ttcol>
<ttcol align='left'>Authenticity</ttcol>
<ttcol align='left'>Integrity</ttcol>
<ttcol align='left'>Confidentiality</ttcol>
<ttcol align='left'>Description</ttcol>
<c><spanx style="verb">"clear"</spanx></c>
<c>yes</c>
<c>yes</c>
<c>no</c>
<c>This Field</name>
<thead>
<tr>
<th align="left">hp Value</th>
<th align="left">Authenticity</th>
<th align="left">Integrity</th>
<th align="left">Confidentiality</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td align="left">
<tt>"clear"</tt></td>
<td align="left">yes</td>
<td align="left">yes</td>
<td align="left">no</td>
<td align="left">This message has been signed by the sender sender, with Header Protection</c>
<c><spanx style="verb">"cipher"</spanx></c>
<c>yes</c>
<c>yes</c>
<c>yes</c>
<c>This Protection.</td>
</tr>
<tr>
<td align="left">
<tt>"cipher"</tt></td>
<td align="left">yes</td>
<td align="left">yes</td>
<td align="left">yes</td>
<td align="left">This message has been signed by the sender, with Header Protection, and is encrypted to the recipients</c>
</texttable> recipients.</td>
</tr>
</tbody>
</table>
<!--[rfced] May we update "non-encrypted" to "unencrypted"?
Original:
A sending implementation MUST NOT produce a Cryptographic Payload
with parameter hp="cipher" for a non-encrypted message (that is,
where none of the Cryptographic Layers in the Cryptographic Envelope
of the message provide encryption).
Perhaps:
A sending implementation MUST NOT produce a Cryptographic Payload
with parameter hp="cipher" for an unencrypted message (that is,
where none of the Cryptographic Layers in the Cryptographic Envelope
of the message provide encryption).
-->
<t>A sending implementation <bcp14>MUST NOT</bcp14> produce a Cryptographic Payload with parameter <spanx style="verb">hp="cipher"</spanx> <tt>hp="cipher"</tt> for a non-encrypted message (that is, where none of the Cryptographic Layers in the Cryptographic Envelope of the message provide encryption).
Likewise, if a sending implementation is sending an encrypted message with Header Protection, it <bcp14>MUST</bcp14> emit an <spanx style="verb">hp="cipher"</spanx> <tt>hp="cipher"</tt> parameter, regardless of which Header Fields were made confidential.</t>
<t>Note that <spanx style="verb">hp="cipher"</spanx> <tt>hp="cipher"</tt> indicates that the message itself has been encrypted by the sender to the recipients, recipients but makes no assertions about which Header Fields have been removed or obscured.
This can be derived from the Cryptographic Payload itself (see <xref target="extracting-headers"/>).</t>
<t>A receiving implementation <bcp14>MUST NOT</bcp14> mistake the presence of an <spanx style="verb">hp="cipher"</spanx> <tt>hp="cipher"</tt> parameter in the Cryptographic Payload for the actual presence of a Cryptographic Layer that provides encryption.</t>
</section>
<section anchor="hp-legacy-display"><name>Content-Type parameter: anchor="hp-legacy-display">
<name>Content-Type Parameter: hp-legacy-display</name>
<t>This specification also defines an <spanx style="verb">hp-legacy-display</spanx> <tt>hp-legacy-display</tt> parameter for the <spanx style="verb">Content-Type</spanx> <tt>Content-Type</tt> Header Field.
The only defined value for this parameter is <spanx style="verb">1</spanx>.</t> <tt>1</tt>.</t>
<t>This parameter is only relevant on a leaf MIME node of <spanx style="verb">Content-Type</spanx> <spanx style="verb">text/html</spanx> <tt>Content-Type</tt> <tt>text/html</tt> or <spanx style="verb">text/plain</spanx> <tt>text/plain</tt> within a well-formed message with end-to-end cryptographic protections.
Its presence indicates that the MIME node it is attached to contains a decorative "Legacy Display Element".
The Legacy Display Element itself is used for backward-compatible visibility of any removed or obscured User-Facing Header Field in a Legacy MUA.</t>
<t>Such a Legacy Display Element need not be rendered to the user of an MUA that implements this specification, because the MUA already knows the correct Header Field information, information and can render it to the user in the appropriate part of the MUA's user interface rather than in the body of the message.</t>
<t>See <xref target="ld-text-plain"/> for how to insert a Legacy Display Element into a <spanx style="verb">text/plain</spanx> <tt>text/plain</tt> Main Body Part.
See <xref target="ld-text-html"/> for how to insert a Legacy Display Element into a <spanx style="verb">text/html</spanx> <tt>text/html</tt> Main Body Part.
See <xref target="dont-render-legacy-display"/> for how to avoid rendering a Legacy Display Element.</t>
</section>
</section>
<section anchor="hp-outer"><name>The HP-Outer anchor="hp-outer">
<name>HP-Outer Header Field</name>
<t>This document also specifies a new Header Field: <spanx style="verb">HP-Outer</spanx>.</t> <tt>HP-Outer</tt>.</t>
<t>This Header Field is used only in the Header Section of the Cryptographic Payload of an encrypted message.
It is not relevant for signed-only messages.
It documents, with the same cryptographic guarantees shared by the rest of the message, the sender's choices about Header Field confidentiality.
It does so by embedding a copy within the Cryptographic Envelope of every non-structural Header Field that the sender put outside the Cryptographic Envelope.
This Header Field enables the MUA receiving the encrypted message to reliably identify whether the sending MUA intended to make a Header Field confidential (see <xref target="status-overestimation"/>).</t>
<t>The <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Fields in a message's Cryptographic Payload are useful for ensuring that any confidential Header Field will not be automatically leaked in the clear if the user replies to or forwards the message.
They may also be useful for an MUA that indicates the confidentiality status of any given Header Field to the user.</t>
<t>An implementation that composes encrypted e-mail email <bcp14>MUST</bcp14> include a copy of all non-structural Header Fields deliberately exposed to the outside of the Cryptographic Envelope using a series of <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Fields within the Cryptographic Payload.
These <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> MIME Header Fields should only ever appear directly within the Header Section of the Cryptographic Payload of a Cryptographic Envelope offering confidentiality.
They <bcp14>MUST</bcp14> be ignored for the purposes of evaluating the message's Header Protection if they appear in other places.</t>
<t>Each instance of <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> contains a non-structural Header Field name and the value that this Header Field was set in within the outer (unprotected) Header Section.
The <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Field can appear multiple times in the Header Section of a Cryptographic Payload.</t>
<t>If a non-structural Header Field name <spanx style="verb">Z</spanx> named <tt>Z</tt> is present in Header Section of the Cryptographic Payload, Payload but doesn't appear in an <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Field value at all, then the sender is effectively asserting that every instance of <spanx style="verb">Z</spanx> <tt>Z</tt> was made confidential by removal from the Outer Header Section.
Specifically, it means that no Header Field <spanx style="verb">Z</spanx> <tt>Z</tt> was included on the outside of the message's Cryptographic Envelope by the sender at the time the message was injected into the mail system.</t>
<t>See <xref target="compose"/> for how to insert <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Fields into an encrypted message.
See <xref target="crypto-summary-update"/> for how to determine the end-to-end confidentiality of a given Header Field from an encrypted message with Header Protection using <spanx style="verb">HP-Outer</spanx>. <tt>HP-Outer</tt>.
See <xref target="avoid-leak"/> for how an MUA can safely reply to (or forward) an encrypted message without leaking confidential Header Fields by default.</t>
<section anchor="new-header-field"><name>HP-Outer anchor="new-header-field">
<name>HP-Outer Header Field Definition</name>
<t>The syntax of this Header Field is defined using the following ABNF <xref target="RFC5234"/>, where <spanx style="verb">field-name</spanx>, <spanx style="verb">WSP</spanx>, <spanx style="verb">VCHAR</spanx>, <tt>field-name</tt>, <tt>WSP</tt>, <tt>VCHAR</tt>, and <spanx style="verb">FWS</spanx> <tt>FWS</tt> are defined in <xref target="RFC5322"/>:</t>
<figure><artwork><![CDATA[
<sourcecode type="abnf"><![CDATA[
hp-outer = "HP-Outer:" [FWS] field-name ": "
hp-outer-value CRLF
hp-outer-value = (*([FWS] VCHAR) *WSP)
]]></artwork></figure>
]]></sourcecode>
<t>Note that <spanx style="verb">hp-outer-value</spanx> <tt>hp-outer-value</tt> is the same as <spanx style="verb">unstructured</spanx> <tt>unstructured</tt> from <xref section="3.2.5" sectionFormat="of" target="RFC5322"/>, target="RFC5322"/> but without the obsolete <spanx style="verb">obs-unstruct</spanx> <tt>obs-unstruct</tt> option.</t>
</section>
</section>
</section>
<section anchor="header-confidentiality-policy"><name>Header anchor="header-confidentiality-policy">
<name>Header Confidentiality Policy</name>
<t>An MUA composing an encrypted message according to this specification may make any given Header Field confidential by removing it from the Header Section outside the Cryptographic Envelope, Envelope or by obscuring it by rewriting it to a different value in that outer Header Section.
The composing MUA faces a choice for any new message: which Which Header Fields should be made confidential, and how?</t>
<t>This section defines the "<iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref>" (or <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref>) as a well-defined abstraction to encourage MUA developers to consider, document, and share reasonable policies across the community.
It establishes a registry of known HCPs, defines a small number of simple HCPs in that registry, and makes a recommendation for a reasonable default.</t>
<t>Note that such a policy is only needed when the end-to-end protections include encryption (confidentiality).
No comparable policy is needed for other end-to-end cryptographic protections (integrity and authenticity), as they are simply uniformly applied so that all Header Fields known by the sender have these protections.</t>
<t>This asymmetry is a consequence of complexities in existing message delivery systems, some of which may reject, drop, or delay messages where all Header Fields are removed from the top-level MIME object.</t>
<t>Note that no representation of the <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> itself ever appears "on the wire".
However, the consumer of the encrypted message can see the decisions that were made by the sender's <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> via the <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Fields (see <xref target="hp-outer"/>).</t>
<section anchor="hcp-definition"><name>HCP anchor="hcp-definition">
<name>HCP Definition</name>
<t>In this document, we represent that <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> as a function <spanx style="verb">hcp</spanx>:</t>
<t><list style="symbols">
<t><spanx style="verb">hcp(name, <tt>hcp</tt>:</t>
<ul spacing="normal">
<li>
<t><tt>hcp(name, val_in) → val_out</spanx>: this -> val_out</tt>: This function takes a non-structural Header Field identified by <spanx style="verb">name</spanx> <tt>name</tt> with the initial value <spanx style="verb">val_in</spanx> <tt>val_in</tt> as arguments, arguments and returns a replacement header value <spanx style="verb">val_out</spanx>. <tt>val_out</tt>.
If <spanx style="verb">val_out</spanx> <tt>val_out</tt> is the special value <spanx style="verb">null</spanx>, <tt>null</tt>, it means that the Header Field in question should be removed from the set of Header Fields visible outside the Cryptographic Envelope.</t>
</list></t>
</li>
</ul>
<t>In the pseudocode descriptions of various choices of <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> in this document, any comparison with the <spanx style="verb">name</spanx> <tt>name</tt> input is done case-insensitively.
This is appropriate for Header Field names, as described in <xref target="RFC5322"/>.</t>
<t>Note that <spanx style="verb">hcp</spanx> <tt>hcp</tt> is only applied to non-structural Header Fields.
When composing a message, Structural Header Fields are dealt with separately, as described in <xref target="compose"/>.</t>
<t>As an example, an MUA that obscures the <spanx style="verb">Subject</spanx> <tt>Subject</tt> Header Field by replacing it with the literal string "<spanx style="verb">[...]</spanx>", "<tt>[...]</tt>" hides all Cc'ed recipients, recipients and does not offer confidentiality to any other Header Fields that would be represented as (in pseudocode):</t>
<figure><sourcecode
<sourcecode type="text/x-hcp" name="example_hide_cc.hcp"><![CDATA[
hcp_example_hide_cc(name, val_in) → val_out:
if lower(name) is 'subject':
return '[...]'
else if lower(name) is 'cc':
return null
else:
return val_in
]]></sourcecode></figure>
]]></sourcecode>
<t>For alignment with common practice as well as the ABNF in <xref target="new-header-field"/> for <spanx style="verb">HP-Outer</spanx>, <spanx style="verb">val_out</spanx> <tt>HP-Outer</tt>, <tt>val_out</tt> <bcp14>MUST</bcp14> be one of the following:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>identical to <spanx style="verb">val_in</spanx>, or</t> <tt>val_in</tt>,</t>
</li>
<li>
<t>the special value <spanx style="verb">null</spanx> <tt>null</tt> (meaning that the Header Field will be removed from the outside of the message), or</t>
</li>
<li>
<t>a sequence of printable and whitespace (that is, space or tab) 7-bit and printable 7-bit, clean ASCII characters (of course, non-ASCII text can be encoded as ASCII using the <spanx style="verb">encoded-word</spanx> <tt>encoded-word</tt> construct from <xref target="RFC2047"/>)</t>
</list></t>
</li>
</ul>
<t>The <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> can compute <spanx style="verb">val_out</spanx> <tt>val_out</tt> using any technique describable in pseudocode, such as copying a fixed string or invocations of other pseudocode functions.
If it alters the value, it <bcp14>MUST NOT</bcp14> include control or NUL characters in <spanx style="verb">val_out</spanx>.
<spanx style="verb">val_out</spanx> <tt>val_out</tt>.
<tt>val_out</tt> <bcp14>SHOULD</bcp14> match the expected ABNF for the Header Field identified by <spanx style="verb">name</spanx>.</t> <tt>name</tt>.</t>
<section anchor="hcp-from-addr-spec"><name>HCP anchor="hcp-from-addr-spec">
<name>HCP Avoids Changing From from addr-spec</name>
<t>The <spanx style="verb">From</spanx> <tt>From</tt> Header Field should also be treated specially by the <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref>, format="none">HCP</xref> to enable defense against possible e-mail email address spoofing (see <xref target="from-addr-spoofing"/>).
In particular, for <spanx style="verb">hcp("From", val_in)</spanx>, <tt>hcp("From", val_in)</tt>, the <spanx style="verb">addr-spec</spanx> <tt>addr-spec</tt> of <spanx style="verb">val_in</spanx> <tt>val_in</tt> and the <spanx style="verb">addr-spec</spanx> <tt>addr-spec</tt> of <spanx style="verb">val_out</spanx> <tt>val_out</tt> <bcp14>SHOULD</bcp14> match according to <xref target="matching-addr-specs"/>, unless the sending MUA has additional knowledge coordinated with the receiving MUA about more subtle <spanx style="verb">addr-spec</spanx> <tt>addr-spec</tt> equivalence or certificate validity.</t>
</section>
</section>
<section anchor="initial-registered-hcps"><name>Initial anchor="initial-registered-hcps">
<name>Initial Registered HCPs</name>
<t>This document formally defines three Header Confidentiality Policies with known and reasonably well-understood characteristics as a way to compare and contrast different possible behavioral choices for a composing MUA.
These definitions are not meant to preclude the creation of other HCPs.</t>
<t>The purpose of the registry of HCPs is to facilitate <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> evolution and interoperability discussion among MUA developers and MTA operators.</t>
<t>(The example hypothetical <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> format="none">HCP</xref>, <tt>hcp_example_hide_cc</tt>, described in <xref target="hcp-definition"/> above, <spanx style="verb">hcp_example_hide_cc</spanx>, above is deliberately not formally registered, as it has not been evaluated in practice.)</t>
<section anchor="baseline-hcp"><name>Baseline anchor="baseline-hcp">
<name>Baseline Header Confidentiality Policy</name>
<t>The most conservative recommended <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> only provides confidentiality for Informational Fields, as defined in <xref section="3.6.5" sectionFormat="of" target="RFC5322"/>.
These fields are "only human-readable content" and thus their content should not be relevant to transport agents.
Since most Internet messages today do have a <spanx style="verb">Subject</spanx> <tt>Subject</tt> Header Field, and some filtering engines might object to a message without a <spanx style="verb">Subject</spanx>, <tt>Subject</tt>, this policy is conservative and merely obscures that Header Field by replacing it with a fixed string <spanx style="verb">[...]</spanx>. <tt>[...]</tt>.
By contrast, <spanx style="verb">Comments</spanx> <tt>Comments</tt> and <spanx style="verb">Keywords</spanx> <tt>Keywords</tt> Header Fields are comparatively rare, so these fields are removed entirely from the Outer Header Section.</t>
<figure><sourcecode
<sourcecode type="text/x-hcp" name="baseline.hcp"><![CDATA[
hcp_baseline(name, val_in) → val_out:
if lower(name) is 'subject':
return '[...]'
else if lower(name) is in ['comments', 'keywords']:
return null
else:
return val_in
]]></sourcecode></figure>
<t><spanx style="verb">hcp_baseline</spanx>
]]></sourcecode>
<t><tt>hcp_baseline</tt> is the recommended default <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> for a new implementation, as it provides meaningful confidentiality protections and is unlikely to cause deliverability or usability problems.</t>
</section>
<section anchor="shy-hcp"><name>Shy anchor="shy-hcp">
<name>Shy Header Confidentiality Policy</name>
<t>Alternately, a slightly more ambitious (and therefore more privacy-preserving) <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> might avoid leaking human-interpretable data that MTAs generally don't care about.
The additional protected data isn't related to message routing or transport, but transport but might reveal sensitive information about the sender or their relationship to the recipients.
This "shy" <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> builds on <spanx style="verb">hcp_baseline</spanx>, <tt>hcp_baseline</tt> but also:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>avoids revealing the <spanx style="verb">display-name</spanx> <tt>display-name</tt> of each identified e-mail address, email address and</t>
</li>
<li>
<t>avoids leaking the sender's locally-configured locally configured time zone in the <spanx style="verb">Date</spanx> <tt>Date</tt> Header Field.</t>
</list></t>
<figure><sourcecode
</li>
</ul>
<sourcecode type="text/x-hcp" name="shy.hcp"><![CDATA[
hcp_shy(name, val_in) → val_out:
if lower(name) is 'from':
if val_in is an RFC 5322 mailbox:
return the RFC 5322 addr-spec part of val_in
if lower(name) in ['to', 'cc']:
if val_in is an RFC 5322 mailbox-list:
let val_out be an empty mailbox-list
for each mailbox in val_in:
append the RFC 5322 addr-spec part of mailbox to val_out
return val_out
if lower(name) is 'date':
if val_in is an RFC 5322 date-time:
return the UTC form of val_in
else if lower(name) is 'subject':
return '[...]'
else if lower(name) is in ['comments', 'keywords']:
return null
return val_in
]]></sourcecode></figure>
<t><spanx style="verb">hcp_shy</spanx>
]]></sourcecode>
<t><tt>hcp_shy</tt> requires more sophisticated parsing and Header Field manipulation, manipulation and is not recommended as a default <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> for new implementations.</t>
</section>
<section anchor="no-confidentiality-hcp"><name>No anchor="no-confidentiality-hcp">
<name>No Header Confidentiality Policy</name>
<t>Legacy MUAs can be conceptualized as offering a "No Header Confidentiality" Policy, which offers no confidentiality protection to any Header Field:</t>
<figure><sourcecode
<sourcecode type="text/x-hcp" name="no_confidentiality.hcp"><![CDATA[
hcp_no_confidentiality(name, val_in) → val_out:
return val_in
]]></sourcecode></figure>
]]></sourcecode>
<t>A conformant MUA that is not modified by local policy or configuration <bcp14>MUST NOT</bcp14> use <spanx style="verb">hcp_no_confidentiality</spanx> <tt>hcp_no_confidentiality</tt> by default.</t>
</section>
</section>
<section anchor="default-hcp"><name>Default anchor="default-hcp">
<name>Default Header Confidentiality Policy</name>
<t>An MUA <bcp14>MUST</bcp14> have a default <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> that offers confidentiality for the <spanx style="verb">Subject</spanx> <tt>Subject</tt> Header Field at least.
Local policy and configuration may alter this default, but the MUA <bcp14>SHOULD NOT</bcp14> require the user to select an <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref>.</t>
<t><spanx style="verb">hcp_baseline</spanx>
<t><tt>hcp_baseline</tt> provides confidentiality for the <spanx style="verb">Subject</spanx> <tt>Subject</tt> Header Field by replacing it with the literal string "<spanx style="verb">[...]</spanx>". "<tt>[...]</tt>".
It also provides confidentiality for the other less common Informational Header Fields (<spanx style="verb">Comments</spanx> (<tt>Comments</tt> and <spanx style="verb">Keywords</spanx>) <tt>Keywords</tt>) by removing them entirely from the outer Header Section.
This is a sensible default because most users treat the Informational Fields of a message (particularly the Subject) the same way that they treat the body, and they are surprised to find that the Subject of an encrypted message is visible.</t>
</section>
<section anchor="hcp-evolution"><name>HCP anchor="hcp-evolution">
<name>HCP Evolution</name>
<t>This document does not mandate any particular <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref>, though it offers guidance for MUA implementers in selecting one in <xref target="default-hcp"/>.
Future documents may recommend or mandate such a policy for an MUA with specific needs.
Such a recommendation might be motivated by descriptions of metadata-derived attacks, or stem from research about message deliverability, or describe new signalling signaling mechanisms, but these topics are out of scope for this document.</t>
<section anchor="offering-more-ambitious-header-confidentiality"><name>Offering anchor="offering-more-ambitious-header-confidentiality">
<name>Offering More Ambitious Header Confidentiality</name>
<t>An MUA <bcp14>MAY</bcp14> offer even more ambitious confidentiality for Header Fields of an encrypted message than defined in <xref target="shy-hcp"/>.
For example, it might implement an <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> that removes the <spanx style="verb">To</spanx> <tt>To</tt> and <spanx style="verb">Cc</spanx> <tt>Cc</tt> Header Fields entirely, relying on the SMTP envelope to ensure proper routing.
Or it might remove <spanx style="verb">References</spanx> <tt>References</tt> and <spanx style="verb">In-Reply-To</spanx> <tt>In-Reply-To</tt> so that message threading is not visible to any MTA.
Any more ambitious choice might result in deliverability, rendering, or usability issues for the relevant messages, so testing and documentation will be valuable to get this right.</t>
<t>The authors of this document hope that implementers with deployment experience will document their chosen <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> and the rationale behind their choice.</t>
</section>
<section anchor="hcp-expert-guidance"><name>Expert anchor="hcp-expert-guidance">
<name>Expert Guidance for Registering Header Confidentiality Policies</name>
<t>There is no formal syntax specified for the <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref>, but any attempt to specify an <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> for inclusion in the registry needs to provide:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>a stable reference document clearly indicating the distinct name for the proposed <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref></t> format="none">HCP</xref>,</t>
</li>
<li>
<t>pseudocode that other implementers can clearly and unambiguously interpret</t> interpret,</t>
</li>
<li>
<t>a clear explanation of why this <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> is different from all other registered HCPs</t> HCPs, and</t>
</li>
<li>
<t>any relevant considerations related to deployment of the <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> (for example, known or expected deliverability, rendering, or privacy challenges and possible mitigations)</t>
</list></t> mitigations).</t>
</li>
</ul>
<t>When the proposed <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> produces any non-<spanx style="verb">null</spanx> non-<tt>null</tt> output for a given Header Field name, <spanx style="verb">val_out</spanx> <tt>val_out</tt> <bcp14>SHOULD</bcp14> match the expected ABNF for that Header Field.
If the proposed <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> does not match the expected ABNF for that Header Field, the documentation should explicitly identify the relevant circumstances and provide a justification for the deviation.</t>
<t>An entry should not be marked as "Recommended" unless it has been shown to offer confidentiality or privacy improvements over the status quo and have minimal or mitigatable mitigatory negative impact on messages to which it is applied, considering factors such as message deliverability and security.
Only one entry in the table (<spanx style="verb">hcp_baseline</spanx>) (<tt>hcp_baseline</tt>) is initially marked as "Recommended".
In the future, more than one entry may be marked as "Recommended".</t>
</section>
</section>
</section>
<section anchor="receiving-side"><name>Receiving anchor="receiving-side">
<name>Receiving Guidance</name>
<t>An MUA that receives a cryptographically protected e-mail email will render it for the user.</t>
<t>The receiving MUA will render the message body, render a selected subset of Header Fields, and (as described in <xref section="3" sectionFormat="of" target="I-D.ietf-lamps-e2e-mail-guidance"/>) provide a summary of the cryptographic properties of the message.</t> message (as described in <xref section="3" sectionFormat="of" target="RFC9787"/>).</t>
<t>Most MUAs only render a subset of Header Fields by default.
For example, most MUAs render <spanx style="verb">From</spanx>, <spanx style="verb">To</spanx>, <spanx style="verb">Cc</spanx>, <spanx style="verb">Date</spanx>, the <tt>From</tt>, <tt>To</tt>, <tt>Cc</tt>, <tt>Date</tt>, and <spanx style="verb">Subject</spanx> <tt>Subject</tt> Header Fields to the user, but few render <spanx style="verb">Message-Id</spanx> <tt>Message-Id</tt> or <spanx style="verb">Received</spanx>.</t> <tt>Received</tt>.</t>
<t>An MUA that knows how to handle a message with Header Protection makes the following four changes to its behavior when rendering a message:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>If the MUA detects that an incoming message has protected Header Fields:
<list style="symbols">
</t>
<ul spacing="normal">
<li>
<t>For a Header Field that is present in the protected Header Section, the MUA <bcp14>SHOULD</bcp14> render the protected value, value and ignore any unprotected counterparts that may be present (with a special exception for the <spanx style="verb">From</spanx> <tt>From</tt> Header Field (see <xref target="handling-mismatch-of-from-hfs"/>).</t> target="handling-mismatch-of-from-hfs"/>)).</t>
</li>
<li>
<t>For a Header Field that is present only in the unprotected Header Section, the MUA <bcp14>SHOULD NOT</bcp14> render that value.
If it does render the value, the MUA <bcp14>SHOULD</bcp14> indicate that the rendered value is <spanx style="verb">unprotected</spanx>. <tt>unprotected</tt>.
For an exception to this, see <xref target="fields-added-in-transit"/> for a discussion of some specific Header Fields that are known to be added in transit, transit and therefore are not expected to have end-to-end cryptographic protections.</t>
</list></t>
</li>
</ul>
</li>
<li>
<t>The MUA <bcp14>SHOULD</bcp14> include information in the message's Cryptographic Summary to indicate the types of protection that applied to each rendered Header Field (if any).</t>
</li>
<li>
<t>If any Legacy Display Elements are present in the body of the message, it does not render them.</t>
</li>
<li>
<t>When replying to a message with confidential Header Fields, the replying MUA avoids leaking into the cleartext of the reply any Header Fields which that were confidential in the original. original into the cleartext of the reply.
It does this even if its own <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> would not have treated those Header Fields as confidential.
See <xref target="replying"/> for more details.</t>
</list></t>
</li>
</ul>
<t>Note that an MUA that handles a message with Header Protection does <em>not</em> need to render any new Header Fields that it did not render before.</t>
<section anchor="identifying-header-protection"><name>Identifying that anchor="identifying-header-protection">
<name>Identifying That a Message has Has Header Protection</name>
<t>An incoming message can be identified as having Header Protection using the following test:</t>
<t><list style="symbols">
<t>The
<ul><li>The Cryptographic Payload has parameter <spanx style="verb">hp</spanx> <tt>hp</tt> set to <spanx style="verb">"clear"</spanx> <tt>"clear"</tt> or <spanx style="verb">"cipher"</spanx>. <tt>"cipher"</tt>. See <xref target="rendering"/> for rendering guidance.</t>
</list></t> guidance.</li>
</ul>
<t>When consuming a message, an MUA <bcp14>MUST</bcp14> ignore the <spanx style="verb">hp</spanx> <tt>hp</tt> parameter to <spanx style="verb">Content-Type</spanx> <tt>Content-Type</tt> when it encounters it anywhere other than the root of the message's Cryptographic Payload.</t>
</section>
<section anchor="extracting-headers"><name>Extracting anchor="extracting-headers">
<name>Extracting Protected and Unprotected ("Outer") Header Fields</name>
<t>When a message is encrypted and it uses Header Protection, an MUA extracts a list of protected Header Fields (names and values), as well as a list of Header Fields that were added by the original message sender in unprotected form to the outside of the message's Cryptographic Envelope.</t>
<t>The following algorithm takes a reference message <spanx style="verb">refmsg</spanx> <tt>refmsg</tt> as input, which is encrypted with Header Protection as described in this document (that is, the Cryptographic Envelope includes a Cryptographic Layer that provides encryption, and the <spanx style="verb">hp</spanx> <tt>hp</tt> parameter for the <spanx style="verb">Content-Type</spanx> <tt>Content-Type</tt> Header Field of the Cryptographic Payload is <spanx style="verb">cipher</spanx>). <tt>cipher</tt>).
It produces as output outputs a pair of lists of <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> Header Fields.</t>
<section anchor="headersetsfrommessage"><name>HeaderSetsFromMessage</name> anchor="headersetsfrommessage">
<name>HeaderSetsFromMessage</name>
<t>Method Signature:</t>
<t><spanx style="verb">
<t><tt>
HeaderSetsFromMessage(refmsg) → -> (refouter, refprotected)
</spanx></t>
</tt></t>
<t>Procedure:</t>
<t><list style="numbers" type="1">
<ol spacing="normal" type="1"><li>
<t>Let <spanx style="verb">refheaders</spanx> <tt>refheaders</tt> be the list of <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> protected Header Fields found in the root of the Cryptographic Payload</t> Payload.</t>
</li>
<li>
<t>Let <spanx style="verb">refouter</spanx> <tt>refouter</tt> be an empty list of Header Field names and values</t> values.</t>
</li>
<li>
<t>Let <spanx style="verb">refprotected</spanx> <tt>refprotected</tt> be an empty list of Header Field names and values</t> values.</t>
</li>
<li>
<t>For each <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> in <spanx style="verb">refheaders</spanx>:
<list style="numbers" type="i"> <tt>refheaders</tt>:
</t>
<ol spacing="normal" type="i"><li>
<t>If <spanx style="verb">h</spanx> <tt>h</tt> is <spanx style="verb">HP-Outer</spanx>:
<list style="numbers" type="a"> <tt>HP-Outer</tt>:
</t>
<ol spacing="normal" type="a"><li>
<t>Split <spanx style="verb">v</spanx> <tt>v</tt> into <spanx style="verb">(h1,v1)</spanx> <tt>(h1,v1)</tt> on the first colon (:) (:), followed by any amount of whitespace.</t>
</li>
<li>
<t>Append <spanx style="verb">(h1,v1)</spanx> <tt>(h1,v1)</tt> to <spanx style="verb">refouter</spanx></t>
</list></t> <tt>refouter</tt>.</t>
</li>
</ol>
</li>
<li>
<t>Else:
<list style="numbers" type="a">
</t>
<ol spacing="normal" type="a"><li>
<t>Append <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> to <spanx style="verb">refprotected</spanx></t>
</list></t>
</list></t> <tt>refprotected</tt>.</t>
</li>
</ol>
</li>
</ol>
</li>
<li>
<t>Return <spanx style="verb">refouter</spanx>, <spanx style="verb">refprotected</spanx></t>
</list></t> <tt>refouter</tt>, <tt>refprotected</tt>.</t>
</li>
</ol>
<t>Note that this algorithm is independent of the unprotected Header Fields.
It derives its output only from the normal Header Fields and the <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Fields, both contained inside the Cryptographic Payload.</t>
</section>
</section>
<section anchor="crypto-summary-update"><name>Updating anchor="crypto-summary-update">
<name>Updating the Cryptographic Summary</name>
<t>Regardless of whether a cryptographically protected message has protected Header Fields, the Cryptographic Summary of the message should be modified to indicate what protections the Header Fields have.
This field-by-field status is complex and isn't necessarily intended to be presented in full to the user.
Rather, it represents the state of the message internally within the MUA, MUA and may be used to influence behavior like replying to the message (see <xref target="avoid-leak"/>).</t>
<t>Each Header Field individually has exactly one of the following protection states:</t>
<t><list style="symbols">
<t><spanx style="verb">unprotected</spanx>
<ul spacing="normal">
<li>
<t><tt>unprotected</tt> (has no Header Protection)</t>
<t><spanx style="verb">signed-only</spanx>
</li>
<li>
<t><tt>signed-only</tt> (bound into the same validated signature as the enclosing message, but also visible in transit)</t>
<t><spanx style="verb">encrypted-only</spanx>
</li>
<li>
<t><tt>encrypted-only</tt> (only appears within the Cryptographic Payload; the corresponding external Header Field was either removed or obscured)</t>
<t><spanx style="verb">signed-and-encrypted</spanx>
</li>
<li>
<t><tt>signed-and-encrypted</tt> (same as encrypted-only, but additionally is under a validated signature)</t>
</list></t>
</li>
</ul>
<t>If the message does not have Header Protection (as determined by <xref target="identifying-header-protection"/>), then all of the Header Fields are by definition <spanx style="verb">unprotected</spanx>.</t> <tt>unprotected</tt>.</t>
<t>If the message has Header Protection, an MUA <bcp14>SHOULD</bcp14> use the following algorithm to compute the protection state of a protected Header Field <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> (that is, an element of <spanx style="verb">refprotected</spanx> <tt>refprotected</tt> from <xref target="extracting-headers"/>):</t>
<section anchor="headerfieldprotection"><name>HeaderFieldProtection</name> anchor="headerfieldprotection">
<name>HeaderFieldProtection</name>
<t>Method signature:</t>
<t><spanx style="verb">
<t><tt>
HeaderFieldProtection(msg, h, v) → -> protection_state
</spanx></t>
</tt></t>
<t>Procedure:</t>
<t><list style="numbers" type="1">
<ol spacing="normal" type="1"><li>
<t>Let <spanx style="verb">ct</spanx> <tt>ct</tt> be the <spanx style="verb">Content-Type</spanx> <tt>Content-Type</tt> of the root of the Cryptographic Payload of <spanx style="verb">msg</spanx>.</t> <tt>msg</tt>.</t>
</li>
<li>
<t>Compute (<spanx style="verb">refouter</spanx>, <spanx style="verb">refprotected</spanx>) (<tt>refouter</tt>, <tt>refprotected</tt>) from <iref item="HeaderSetsFromMessage"/><xref target="headersetsfrommessage" format="none">HeaderSetsFromMessage</xref>(<spanx style="verb">msg</spanx>).</t> format="none">HeaderSetsFromMessage</xref>(<tt>msg</tt>).</t>
</li>
<li>
<t>If <spanx style="verb">(h, v)</spanx> <tt>(h, v)</tt> is not in <spanx style="verb">refprotected</spanx>):
<list style="numbers" type="i"> <tt>refprotected</tt>:
</t>
<ol spacing="normal" type="i"><li>
<t>Abort, <spanx style="verb">v</spanx> <tt>v</tt> is not a valid value for header <spanx style="verb">h</spanx></t>
</list></t> <tt>h</tt>.</t>
</li>
</ol>
</li>
<li>
<t>Let <spanx style="verb">is_sig_valid</spanx> <tt>is_sig_valid</tt> be <spanx style="verb">false</spanx></t> <tt>false</tt>.</t>
</li>
<li>
<t>If the message is signed:
<list style="numbers" type="i">
</t>
<ol spacing="normal" type="i"><li>
<t>Let <spanx style="verb">is_sig_valid</spanx> <tt>is_sig_valid</tt> be the result of validating the signature</t>
</list></t> signature.</t>
</li>
</ol>
</li>
<li>
<t>If the message is encrypted, and if <spanx style="verb">ct</spanx> <tt>ct</tt> has a parameter <spanx style="verb">hp="cipher"</spanx>, <tt>hp="cipher"</tt>, and if <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> is not in <spanx style="verb">refouter</spanx>:
<list style="numbers" type="i"> <tt>refouter</tt>:
</t>
<ol spacing="normal" type="i"><li>
<t>Return <spanx style="verb">signed-and-encrypted</spanx> <tt>signed-and-encrypted</tt> if <spanx style="verb">is_sig_valid</spanx> <tt>is_sig_valid</tt> is otherwise <spanx style="verb">encrypted-only</spanx></t>
</list></t> <tt>encrypted-only</tt>.</t>
</li>
</ol>
</li>
<li>
<t>Return <spanx style="verb">signed-only</spanx> <tt>signed-only</tt> if <spanx style="verb">is_sig_valid</spanx> <tt>is_sig_valid</tt> is otherwise <spanx style="verb">unprotected</spanx></t>
</list></t> <tt>unprotected</tt>.</t>
</li>
</ol>
<t>Note that:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>This algorithm is independent of the unprotected Header Fields.
It derives the protection state only from <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> and the set of <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Fields, both of which are inside the Cryptographic Envelope.</t>
</li>
<li>
<t>If the signature fails validation, the MUA lowers the affected state to <spanx style="verb">unprotected</spanx> <tt>unprotected</tt> or <spanx style="verb">encrypted-only</spanx> <tt>encrypted-only</tt> without any additional warning to the user, as specified by <xref section="3.1" sectionFormat="of" target="I-D.ietf-lamps-e2e-mail-guidance"/>.</t> target="RFC9787"/>.</t>
</li>
<li>
<t>Data from <spanx style="verb">signed-and-encrypted</spanx> <tt>signed-and-encrypted</tt> and <spanx style="verb">encrypted-only</spanx> <tt>encrypted-only</tt> Header Fields may still not be fully private (see <xref target="encryption-vs-privacy"/>).</t>
</li>
<li>
<t>Encryption may have been added in transit to an originally signed-only message. Thus Thus, only consider Header Fields to be confidential if the sender indicates it with the <spanx style="verb">hp="cipher"</spanx> <tt>hp="cipher"</tt> parameter.</t>
</li>
<li>
<t>The protection state of a Header Field may be weaker than that of the message body.
For example, a message body can be <spanx style="verb">signed-and-encrypted</spanx>, <tt>signed-and-encrypted</tt>, but a Header Field that is copied unmodified to the unprotected Header Section is <spanx style="verb">signed-only</spanx>.</t>
</list></t> <tt>signed-only</tt>.</t>
</li>
</ul>
<t>If the message has Header Protection, Header Fields that are not in <spanx style="verb">refprotected</spanx> <tt>refprotected</tt> (e.g., because they were added in transit), transit) are <spanx style="verb">unprotected</spanx>.</t> <tt>unprotected</tt>.</t>
<t>Rendering the cryptographic status of each Header Field is likely to be complex and messy --- -- users may not understand it.
It is beyond the scope of this document to suggest any specific graphical affordances or user experience.
Future work should include examples of successful rendering of this information.</t>
</section>
</section>
<section anchor="handling-mismatch-of-from-hfs"><name>Handling anchor="handling-mismatch-of-from-hfs">
<name>Handling Mismatch of From Header Fields</name>
<t>End-to-end (MUA-to-MUA) Header Protection is good for authenticity, integrity, and confidentiality, but it potentially introduces new issues when an MUA depends on its MTA to authenticate parts of the Header Section.
The latter is typically the case in modern e-mail email systems.</t>
<t>In particular, when an MUA depends on its MTA to ensure that the e-mail email address in the (unprotected) <spanx style="verb">From</spanx> <tt>From</tt> Header Field is authentic, but the MUA renders the e-mail email address of the protected <spanx style="verb">From</spanx> <tt>From</tt> Header Field that differs from the address visible to the MTA, this could create a risk of sender address spoofing (see <xref target="from-addr-spoofing"/>).
This potential risk applies to signed-only messages as well as signed-and-encrypted messages.</t>
<section anchor="definitions"><name>Definitions</name> anchor="definitions">
<name>Definitions</name>
<section anchor="def-from-hf-mismatch"><name>From anchor="def-from-hf-mismatch">
<name>From Header Field Mismatch</name>
<t>"<spanx style="verb">From</spanx>
<t>"<tt>From</tt> Header Field Mismatch" is defined as follows:</t>
<t>The <spanx style="verb">addr-spec</spanx> <tt>addr-spec</tt> of the inner <spanx style="verb">From</spanx> <tt>From</tt> Header Field doesn't match the <spanx style="verb">addr-spec</spanx> <tt>addr-spec</tt> of the outer <spanx style="verb">From</spanx> <tt>From</tt> Header Field (see <xref target="matching-addr-specs"/>).</t>
<t>Note: The unprotected <spanx style="verb">From</spanx> <tt>From</tt> Header Field used in this comparison is the actual outer Header Field (as seen by the MTA), not the value indicated by any potential inner <spanx style="verb">HP-Outer</spanx>.</t> <tt>HP-Outer</tt>.</t>
</section>
<section anchor="def-no-valid-and-correctly-bound-signature"><name>No anchor="def-no-valid-and-correctly-bound-signature">
<name>No Valid and Correctly Bound Signature</name>
<t>"No Valid and Correctly Bound Signature" is defined as follows:</t>
<t>There is no valid signature made by a certificate for which the MUA has a valid binding to the protected <spanx style="verb">From</spanx> <tt>From</tt> address.
This includes:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>the message has no signature, or</t> signature,</t>
</li>
<li>
<t>the message has a broken signature, or</t>
</li>
<li>
<t>the message has a valid signature, but the receiving MUA does not see any valid binding between the signing certificate and the <spanx style="verb">addr-spec</spanx> <tt>addr-spec</tt> of the inner <spanx style="verb">From</spanx> <tt>From</tt> Header Field.</t>
</list></t>
</li>
</ul>
<t>Note: There are many possible ways that an MUA could choose to validate a certificate-to-address binding.
For example, the MUA could ensure the certificate is issued by one of a set of trusted certification authorities, it could rely on the user to do a manual out-of-band comparison, it could rely on a DNSSEC signal (<xref target="RFC7929"/> or <xref target="RFC8162"/>), and so on.
It is beyond the scope of this document to describe all possible ways an MUA might validate the certificate-to-address binding, binding or to choose among them.</t>
</section>
</section>
<section anchor="warning-from-mismatch"><name>Warning anchor="warning-from-mismatch">
<name>Warning for From Header Field Mismatch</name>
<t>To mitigate the above described risk of sender address spoofing, an MUA <bcp14>SHOULD</bcp14> warn the user whenever both of the following conditions are met:</t>
<t><list style="symbols">
<t><spanx style="verb">From</spanx>
<ul spacing="normal">
<li>
<t><tt>From</tt> Header Field Mismatch (as defined in <xref target="def-from-hf-mismatch"/>), and</t> target="def-from-hf-mismatch"/>)</t>
</li>
<li>
<t>No Valid and Correctly Bound Signature (as defined in <xref target="def-no-valid-and-correctly-bound-signature"/>)</t>
</list></t>
</li>
</ul>
<t>This warning should be comparable to the MUA's warning about messages that are likely spam or phishing, and it <bcp14>SHOULD</bcp14> show both of the non-matching <spanx style="verb">From</spanx> <tt>From</tt> Header Fields.</t>
</section>
<section anchor="from-header-field-rendering"><name>From anchor="from-header-field-rendering">
<name>From Header Field Rendering</name>
<t>Furthermore, a receiving MUA that depends on its MTA to authenticate the unprotected (outer) <spanx style="verb">From</spanx> <tt>From</tt> Header Field <bcp14>SHOULD</bcp14> render the outer <spanx style="verb">From</spanx> <tt>From</tt> Header Field (as an exception to the guidance in the beginning of <xref target="receiving-side"/>), target="receiving-side"/>) if both of the following conditions are met:</t>
<t><list style="symbols">
<t><spanx style="verb">From</spanx>
<ul spacing="normal">
<li>
<t><tt>From</tt> Header Field Mismatch (as defined in <xref target="def-from-hf-mismatch"/>), and</t> target="def-from-hf-mismatch"/>)</t>
</li>
<li>
<t>No Valid and Correctly Bound Signature (as defined in <xref target="def-no-valid-and-correctly-bound-signature"/>)</t>
</list></t>
</li>
</ul>
<t>An MUA <bcp14>MAY</bcp14> apply a local preference to render a different display name (e.g., from an address book).</t>
<t>See <xref target="from-rendering-reasoning"/> for an a detailed explanation of this rendering guidance.</t>
</section>
<section anchor="handling-protected-from-header-field-when-responding"><name>Handling anchor="handling-protected-from-header-field-when-responding">
<name>Handling the Protected From Header Field when When Responding</name>
<t>When responding to a message, an MUA has different ways to populate the recipients of the new message.
Depending on whether it is a Reply, a Reply-All, Reply All, or a Forward, an MUA may populate the composer view using a combination of the referenced message's <spanx style="verb">From</spanx>, <spanx style="verb">To</spanx>, <spanx style="verb">Cc</spanx>, <spanx style="verb">Reply-To</spanx>, <spanx style="verb">Mail-Followup-To</spanx> <tt>From</tt>, <tt>To</tt>, <tt>Cc</tt>, <tt>Reply-To</tt>, or <tt>Mail-Followup-To</tt> Header Fields, Fields or any other signals.</t>
<t>When responding to a message with Header Protection, an MUA <bcp14>MUST</bcp14> only use the protected Header Fields when populating the recipients of the new message.</t>
<t>This avoids compromise of message confidentiality when a MITM man-in-the-middle (MITM) attacker modifies the unprotected <spanx style="verb">From</spanx> <tt>From</tt> address of an encrypted message, attempting to learn the contents through a misdirected reply.
Note that with the rendering guidance above, a MITM attacker can cause the unprotected <spanx style="verb">From</spanx> <tt>From</tt> Header Field to be displayed.
Thus
Thus, when responding, the populated <spanx style="verb">To</spanx> <tt>To</tt> address may differ from the rendered <spanx style="verb">From</spanx> <tt>From</tt> address.
However, this change in addresses should not cause more user confusion than the address change caused by a <spanx style="verb">Reply-To</spanx> <tt>Reply-To</tt> in a Legacy Message does.</t>
</section>
<section anchor="matching-addr-specs"><name>Matching anchor="matching-addr-specs">
<name>Matching addr-specs</name>
<t>When generating (<xref target="hcp-from-addr-spec"/>) or consuming (<xref target="handling-mismatch-of-from-hfs"/>) a protected <spanx style="verb">From</spanx> <tt>From</tt> Header Field, the MUA considers the equivalence of two different <spanx style="verb">addr-spec</spanx> <tt>addr-spec</tt> values.</t>
<t>First, the MUA <bcp14>MUST</bcp14> check whether the <spanx style="verb">domain</spanx> <tt>domain</tt> part of an <spanx style="verb">addr-spec</spanx> <tt>addr-spec</tt> being compared contains any a U-label <xref target="RFC5890"/>.
If it does, it <bcp14>MUST</bcp14> be converted to the A-label form form, which is described in <xref target="RFC5891"/>.
We call a domain converted in this way (or the original domain, domain if it didn't contain any U-label) "the ASCII version of the <spanx style="verb">domain</spanx> <tt>domain</tt> part".
Second, the MUA <bcp14>MUST</bcp14> compare the ASCII version of the <spanx style="verb">domain</spanx> <tt>domain</tt> part of the two <spanx style="verb">addr-spec</spanx>s <tt>addr-spec</tt>s by standard DNS comparison: assume Assume ASCII text, text and compare alphabetic characters case-insensitively, as described in <xref section="3.1" sectionFormat="of" target="RFC1035"/>.
If the <spanx style="verb">domain</spanx> <tt>domain</tt> parts match, then the two <spanx style="verb">local-part</spanx>s <tt>local-part</tt>s are matched against each other.
The simplest and most common comparison for the <spanx style="verb">local-part</spanx> <tt>local-part</tt> is also an ASCII-based, case-insensitive match.
If the MUA has special knowledge about the <spanx style="verb">domain</spanx> <tt>domain</tt> and, when composing, it can reasonably expect the receiving MUAs to have the same information, it <bcp14>MAY</bcp14> match the <spanx style="verb">local-part</spanx> <tt>local-part</tt> using a more sophisticated and inclusive matching algorithm.</t>
<t>It is beyond the scope of this document to recommend a more sophisticated and inclusive matching algorithm.</t>
</section>
</section>
<section anchor="rendering"><name>Rendering anchor="rendering">
<name>Rendering a Message with Header Protection</name>
<t>When the Cryptographic Payload's <spanx style="verb">Content-Type</spanx> <tt>Content-Type</tt> has the parameter <spanx style="verb">hp</spanx> <tt>hp</tt> set to <spanx style="verb">"clear"</spanx> <tt>"clear"</tt> or <spanx style="verb">"cipher"</spanx>, <tt>"cipher"</tt>, the values of the protected Header Fields are drawn from the Header Fields of the Cryptographic Payload, and the body that is rendered is the Cryptographic Payload itself.</t>
<section anchor="example-signed-only-message"><name>Example Signed-only anchor="example-signed-only-message">
<name>Example Signed-Only Message</name>
<t>Consider a message with this structure, where the MUA is able to validate the cryptographic signature:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
A └─╴application/pkcs7-mime; smime-type="signed-data"
⇩ (unwraps to)
B └┬╴multipart/alternative [Cryptographic Payload + Rendered Body]
C ├─╴text/plain
D └─╴text/html
]]></artwork></figure>
]]></artwork>
<t>The message body should be rendered the same way as this message:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
B └┬╴multipart/alternative
C ├─╴text/plain
D └─╴text/html
]]></artwork></figure>
]]></artwork>
<t>The MUA should render Header Fields taken from part <spanx style="verb">B</spanx>.</t> <tt>B</tt>.</t>
<t>Its Cryptographic Summary should indicate that the message was signed and all rendered Header Fields were included in the signature.</t>
<t>Because this message is signed-only, none of its parts will have a Legacy Display Element.</t>
<t>The MUA should ignore Header Fields from part <spanx style="verb">A</spanx> <tt>A</tt> for the purposes of rendering.</t>
</section>
<section anchor="example-signed-and-encrypted"><name>Example anchor="example-signed-and-encrypted">
<name>Example Signed-and-Encrypted Message</name>
<t>Consider a message with this structure, where the MUA is able to validate the cryptographic signature:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
E └─╴application/pkcs7-mime; smime-type="enveloped-data"
↧ (decrypts to)
F └─╴application/pkcs7-mime; smime-type="signed-data"
⇩ (unwraps to)
G └┬╴multipart/alternative [Cryptographic Payload + Rendered Body]
H ├─╴text/plain
I └─╴text/html
]]></artwork></figure>
]]></artwork>
<t>The message body should be rendered the same way as this message:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
G └┬╴multipart/alternative
H ├─╴text/plain
I └─╴text/html
]]></artwork></figure>
]]></artwork>
<t>It should render Header Fields taken from part <spanx style="verb">G</spanx>.</t> <tt>G</tt>.</t>
<t>Its Cryptographic Summary should indicate that the message is <spanx style="verb">signed-and-encrypted</spanx>.</t> <tt>signed-and-encrypted</tt>.</t>
<t>When rendering the Cryptographic Status of a Header Field and when composing a reply, each Header Field found in <spanx style="verb">G</spanx> <tt>G</tt> should be considered against all <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Fields found in <spanx style="verb">G</spanx>. <tt>G</tt>.
If an <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Field is found that matches both the name and value, value is found, the Header Field's Cryptographic Status is just <spanx style="verb">signed-only</spanx>, <tt>signed-only</tt>, even though the message itself is <spanx style="verb">signed-and-encrypted</spanx>. <tt>signed-and-encrypted</tt>.
If no matching <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Field is found, the Header Field's Cryptographic Status is <spanx style="verb">signed-and-encrypted</spanx>, <tt>signed-and-encrypted</tt>, like the rest of the message.</t>
<t>If any of the User-Facing Header Fields are removed or obscured, the composer of this message may have placed Legacy Display Elements in parts H and I.</t>
<t>The MUA should ignore Header Fields from part <spanx style="verb">E</spanx> <tt>E</tt> for the purposes of rendering.</t>
</section>
<section anchor="dont-render-legacy-display"><name>Do anchor="dont-render-legacy-display">
<name>Do Not Render Legacy Display Elements</name>
<t>As described in <xref target="hp-legacy-display"/>, a message with cryptographic confidentiality protection <bcp14>MAY</bcp14> include Legacy Display Elements for backward-compatibility backward compatibility with Legacy MUAs.
These Legacy Display Elements are strictly decorative, decorative and unambiguously identifiable, identifiable and will be discarded by compliant implementations.</t>
<t>The
<!--[rfced] To improve readability, we have updated "at all" to "completely"
and reworded the sentence below. Please review and let us know of any objections.
Original:
The receiving MUA <bcp14>MUST</bcp14> MUST avoid rendering the identified Legacy Display
Elements to the user at all, since it is aware of Header Protection
and can render the actual protected Header Fields.
Current:
The receiving MUA MUST completely avoid rendering the identified Legacy
Display Elements to the user, since it is aware of Header Protection
and can render the actual protected Header Fields.
-->
<t>The receiving MUA <bcp14>MUST</bcp14> completely avoid rendering the identified Legacy Display Elements to the user, since it is aware of Header Protection and can render the actual protected Header Fields.</t>
<t>If a <spanx style="verb">text/html</spanx> <tt>text/html</tt> or <spanx style="verb">text/plain</spanx> <tt>text/plain</tt> part within the Cryptographic Envelope is identified as containing Legacy Display Elements, those elements <bcp14>MUST</bcp14> be hidden when rendering and <bcp14>MUST</bcp14> be dropped when generating a draft reply or inline forwarded message.
Whenever a Message or MIME subtree is exported, downloaded, or otherwise further processed, if there is no need to retain a valid cryptographic signature, the implementer <bcp14>MAY</bcp14> drop the Legacy Display Elements.</t>
<section anchor="identify-legacy-display"><name>Identifying anchor="identify-legacy-display">
<name>Identifying a Part with Legacy Display Elements</name>
<t>A receiving MUA acting on a message that contains an encrypting Cryptographic Layer identifies a MIME subpart within the Cryptographic Payload as containing Legacy Display Elements based on the Content-Type of the subpart.
The subpart's Content-Type:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>contains a parameter <spanx style="verb">hp-legacy-display</spanx> <tt>hp-legacy-display</tt> with value set to <spanx style="verb">1</spanx>, <tt>1</tt> and</t>
</li>
<li>
<t>is either <spanx style="verb">text/html</spanx> <tt>text/html</tt> (see <xref target="omit-html-legacy-display"/>) or <spanx style="verb">text/plain</spanx> <tt>text/plain</tt> (see <xref target="omit-plain-legacy-display"/>).</t>
</list></t>
</li>
</ul>
<t>Note that the term "subpart" above is used in the general sense: if If the Cryptographic Payload is a single part, that part itself may contain a Legacy Display Element if it is marked with the <spanx style="verb">hp-legacy-display=1</spanx> <tt>hp-legacy-display="1"</tt> parameter.</t>
</section>
<section anchor="omit-plain-legacy-display"><name>Omitting anchor="omit-plain-legacy-display">
<name>Omitting Legacy Display Elements from text/plain</name>
<t>If a <spanx style="verb">text/plain</spanx> <tt>text/plain</tt> part within the Cryptographic Payload has the Content-Type parameter <spanx style="verb">hp-legacy-display="1"</spanx>, <tt>hp-legacy-display="1"</tt>, it should be processed before rendering in the following fashion:</t>
<t><list style="symbols">
<!--[rfced] To make this sentence more concise, may we remove "of the part"?
Original:
* Discard the leading lines of the body of the part up to and
including the first entirely blank line.
Perhaps:
* Discard the leading lines of the body up to and including the
first entirely blank line.
-->
<ul spacing="normal">
<li>
<t>Discard the leading lines of the body of the part up to and including the first entirely blank line.</t>
</list></t>
</li>
</ul>
<t>Note that implementing this strategy is dependent on the charset used by the MIME part.</t>
<t>See <xref target="example-legacy-display-plain"/> for an example.</t>
</section>
<section anchor="omit-html-legacy-display"><name>Omitting anchor="omit-html-legacy-display">
<name>Omitting Legacy Display Elements from text/html</name>
<t>If a <spanx style="verb">text/html</spanx> <tt>text/html</tt> part within the Cryptographic Payload has the Content-Type parameter <spanx style="verb">hp-legacy-display="1"</spanx>, <tt>hp-legacy-display="1"</tt>, it should be processed before rendering in the following fashion:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>If any element of the HTML <spanx style="verb"><body></spanx> <tt><body></tt> is a <spanx style="verb"><div></spanx> <tt><div></tt> with <spanx style="verb">class</spanx> <tt>class</tt> attribute <spanx style="verb">header-protection-legacy-display</spanx>, <tt>header-protection-legacy-display</tt>, that entire element should be omitted.</t>
</list></t>
</li>
</ul>
<t>This cleanup could be done, for example, as a custom rule in the MUA's HTML sanitizer, if one exists.
Another implementation strategy for an HTML-capable MUA would be to add an entry to the <xref target="CSS"/> stylesheet style sheet for such a part:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
body div.header-protection-legacy-display { display: none; }
]]></artwork></figure>
]]></artwork>
</section>
</section>
</section>
<section anchor="implicitly-rendered"><name>Implicitly rendered anchor="implicitly-rendered">
<name>Implicitly Rendered Header Fields</name>
<t>While <spanx style="verb">From</spanx>, <spanx style="verb">To</spanx>, <spanx style="verb">Cc</spanx>, <spanx style="verb">Subject</spanx>, the <tt>From</tt>, <tt>To</tt>, <tt>Cc</tt>, <tt>Subject</tt>, and <spanx style="verb">Date</spanx> <tt>Date</tt> Header Fields are often explicitly rendered to the user, some Header Fields do affect message display, display without being explicitly rendered.</t>
<t>For example, <spanx style="verb">Message-Id</spanx>, <spanx style="verb">References</spanx>, the <tt>Message-Id</tt>, <tt>References</tt>, and <spanx style="verb">In-Reply-To</spanx> <tt>In-Reply-To</tt> Header Fields may collectively be used to place a message in a "thread" or series of messages.</t>
<t>In another example, <xref target="avoid-misdirected-replies"/> observes notes that the value of the <spanx style="verb">Reply-To</spanx> <tt>Reply-To</tt> field can influence the draft reply message.
So while the user may never see the <spanx style="verb">Reply-To</spanx> <tt>Reply-To</tt> Header Field directly, it is implicitly "rendered" when the user interacts with the message by replying to it.</t>
<t>An MUA that depends on any implicitly rendered Header Field in a message with Header Protection <bcp14>MUST</bcp14> use the value from the protected Header Field, Field and <bcp14>SHOULD NOT</bcp14> use any value found outside the cryptographic protection unless it is known to be a Header Field added in transit, as specified in <xref target="fields-added-in-transit"/>.</t>
</section>
<section anchor="handling-undecryptable-messages"><name>Handling anchor="handling-undecryptable-messages">
<name>Handling Undecryptable Messages</name>
<t>An MUA might receive an apparently encrypted message that it cannot currently decrypt.
For example, when an MUA does not have regular access to the secret key material needed for decryption, it cannot know the cryptographically protected Header Fields or even whether the message has any cryptographically protected Header Fields.</t>
<t>Such an undecrypted message will be rendered by the MUA as a message without any Header Protection.
This means that the message summary may well change how it is rendered when the user is finally able to supply the secret key.</t>
<t>For example, the rendering of the <spanx style="verb">Subject</spanx> <tt>Subject</tt> Header Field in a mailbox summary might change from <spanx style="verb">[...]</spanx> <tt>[...]</tt> to the real message subject when the message is decrypted.
Or the message's placement in a message thread might change if, say, <spanx style="verb">References</spanx> <tt>References</tt> or <spanx style="verb">In-Reply-To</spanx> <tt>In-Reply-To</tt> have been removed or obscured (see <xref target="implicitly-rendered"/>).</t>
<t>Additionally, if the MUA does not retain access to the decrypting secret key, and it drops the decrypted form of a message, the message's rendering may revert to the encrypted form.
For example, if an MUA follows this behavior, the <spanx style="verb">Subject</spanx> <tt>Subject</tt> Header Field in a mailbox summary might change from the real message subject back to <spanx style="verb">[...]</spanx>. <tt>[...]</tt>.
Or the message might be displayed outside of its current thread if the MUA loses access to a removed <spanx style="verb">References</spanx> <tt>References</tt> or <spanx style="verb">In-Reply-To</spanx> <tt>In-Reply-To</tt> header.</t>
<t>These behaviors are likely to surprise the user.
However, an MUA has several possible ways of reducing or avoiding all of these surprises, including:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>Ensuring that the MUA always has access to decryption-capable secret key material.</t>
</li>
<li>
<t>Rendering undecrypted messages in a special quarantine view until the decryption-capable secret key material is available.</t>
</list></t>
</li>
</ul>
<t>To reduce or avoid the surprises associated with a decrypted message with removed or obscured Header Fields becoming undecryptable, the MUA could also:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>Securely cache metadata from a decrypted message's protected Header Fields so that its rendering doesn't change after the first decryption.</t>
</li>
<li>
<t>Securely store the session key associated with a decrypted message, message so that attempts to read the message when the long-term secret key are is unavailable can proceed using only the session key itself.
See, for For example, see the discussion about stashing session keys in <xref section="9.1" sectionFormat="of" target="I-D.ietf-lamps-e2e-mail-guidance"/>.</t>
</list></t> target="RFC9787"/>.</t>
</li>
</ul>
</section>
<section anchor="automated-message-handling"><name>Guidance anchor="automated-message-handling">
<name>Guidance for Automated Message Handling</name>
<t>Some automated systems have a control channel that is operated by e-mail. email.
For example, an incoming e-mail email message could subscribe someone to a mailing list, initiate the purchase of a specific product, approve another message for redistribution, or adjust the state of some shared object.</t>
<t>To the extent that such a system depends on end-to-end cryptographic guarantees about the e-mail email control message, Header Protection as defined in this document should improve the system's security.
This section provides some specific guidance for systems that use e-mail email messages as a control channel that want to benefit from these security improvements.</t>
<section anchor="interpret-only-protected-header-fields"><name>Interpret Only anchor="interpret-only-protected-header-fields">
<name>Only Interpret Protected Header Fields</name>
<t>Consider the situation where an e-mail-based email-based control channel depends on the message's cryptographic signature and the action taken depends on some Header Field of the message.</t>
<t>In this case, the automated system <bcp14>MUST</bcp14> rely on information from the Header Field that is protected by the mechanism defined in this document.
It <bcp14>MUST NOT</bcp14> rely on any Header Field found outside the Cryptographic Payload.</t>
<t>For example, consider an administrative interface for a mailing list manager that only accepts control messages that are signed by one of its administrators.
When an inbound message for the list arrives, it is queued (waiting for administrative approval) and the system generates and listens for two distinct e-mail email addresses related to the queued message -- one that approves the message, message and one that rejects it.
If an administrator sends a signed control message to the approval address, the mailing list verifies that the protected <spanx style="verb">To</spanx> <tt>To</tt> Header Field of the signed control message contains the approval address before approving the queued message for redistribution.
If the protected <spanx style="verb">To</spanx> <tt>To</tt> Header Field does not contain that address, or there is no protected <spanx style="verb">To</spanx> <tt>To</tt> Header Field, then the mailing list logs or reports the error and does not act on that control message.</t>
</section>
<section anchor="ignore-legacy-display-elements"><name>Ignore anchor="ignore-legacy-display-elements">
<name>Ignore Legacy Display Elements</name>
<t>Consider the situation where an e-mail-based email-based control channel expects to receive an end-to-end encrypted message -- for example, where the control messages need confidentiality guarantees -- and where the action taken depends on the contents of some MIME part within the message body.</t>
<t>In this case, the automated system that decrypts the incoming messages and scans the relevant MIME part <bcp14>MUST</bcp14> identify when the MIME part contains a Legacy Display Element (see <xref target="identify-legacy-display"/>), and it <bcp14>MUST</bcp14> parse the relevant MIME part with the Legacy Display Element removed.</t>
<t>For example, consider an administrative interface of a confidential issue tracking software.
An authorized user can confidentially adjust the status of a tracked issue by a specially formatted first line of the message body (for example, <spanx style="verb">severity <tt>severity #183 serious</spanx>). serious</tt>).
When the user's MUA encrypts a plain text plaintext control message to this issue tracker, depending on the MUA's <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> and its choice of <spanx style="verb">legacy</spanx> <tt>legacy</tt> value, it may add a Legacy Display Element.
If it does so, then the first line of the message body will contain a decorative copy of the confidential <spanx style="verb">Subject</spanx> <tt>Subject</tt> Header Field.
The issue tracking software decrypts the incoming control message, identifies that there is a Legacy Display Element in the part (see <xref target="identify-legacy-display"/>), strips the lines comprising the Legacy Display Element (including the first blank line), and only then parses the remaining top line to look for the expected special formatting.</t>
</section>
</section>
<section anchor="debugging-and-troubleshooting"><name>Affordances anchor="debugging-and-troubleshooting">
<name>Affordances for Debugging and Troubleshooting</name>
<t>Note that advanced users of an MUA may need access to the original message, for example example, to troubleshoot problems with the rendering MUA itself, itself or problems with the SMTP transport path taken by the message.</t>
<t>An MUA that applies these rendering guidelines <bcp14>SHOULD</bcp14> ensure that the full original source of the message as it was received remains available to such a user for debugging and troubleshooting.</t>
<t>If a troubleshooting scenario demands information about the cryptographically protected values of Header Fields, and the message is encrypted, the debugging interface <bcp14>SHOULD</bcp14> also provide a "source" view of the Cryptographic Payload itself, alongside the full original source of the message as received.</t>
</section>
<section anchor="RFC8551HP"><name>Handling anchor="RFC8551HP">
<name>Handling RFC8551HP Messages (Backward Compatibility)</name>
<t><xref target="rfc8551-problems"/> describes some drawbacks to the Header Protection scheme defined in <xref target="RFC8551"/>, referred to here as <iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref>.
An MUA <bcp14>MUST NOT</bcp14> generate an <iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref> message.
However, for backward compatibility compatibility, an MUA <bcp14>MAY</bcp14> try to render or respond to such a message as though the message has standard Header Protection.</t>
<t>The following two sections contain guidance for identifying, rendering rendering, and replying to <iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref> messages.
Corresponding test vectors are provided in Appendices <xref target="smime-one-part-complex-rfc8551hp"/>, target="smime-one-part-complex-rfc8551hp" format="counter"/>, <xref target="smime-multipart-complex-rfc8551hp"/>, target="smime-multipart-complex-rfc8551hp" format="counter"/>, and <xref target="smime-enc-signed-complex-rfc8551hp-baseline"/>.</t> target="smime-enc-signed-complex-rfc8551hp-baseline" format="counter"/>.</t>
<section anchor="identifying-rfc8551hp"><name>Identifying anchor="identifying-rfc8551hp">
<name>Identifying an RFC8551HP Message</name>
<t>An <iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref> Message message can be identified by its MIME structure, given that all of the following conditions are met:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>It has a well-formed Cryptographic Envelope consisting of at least one Cryptographic Layer as the outermost MIME object.</t>
</li>
<li>
<t>The Cryptographic Payload is a single <spanx style="verb">message/rfc822</spanx> object</t> <tt>message/rfc822</tt> object.</t>
</li>
<li>
<t>The message that constitutes the Cryptographic Payload does not itself have a well-formed Cryptographic Envelope; that is, its outermost MIME object is not a Cryptographic Layer.</t>
</li>
<li>
<t>No <spanx style="verb">Content-Type</spanx> <tt>Content-Type</tt> parameter of <spanx style="verb">hp=</spanx> <tt>hp=</tt> is set on either the Cryptographic Payload, Payload or its immediate MIME child.</t>
</list></t>
</li>
</ul>
<t>Here is the MIME structure of an example signed-and-encrypted <iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref> message:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
A └─╴application/pkcs7-mime; smime-type="enveloped-data"
↧ (decrypts to)
B └─╴application/pkcs7-mime; smime-type="signed-data"
⇩ (unwraps to)
C └┬╴message/rfc822 [Cryptographic Payload]
D └┬╴multipart/alternative [Rendered Body]
E ├─╴text/plain
F └─╴text/html
]]></artwork></figure>
]]></artwork>
<t>This meets the definition of an <iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref> message because:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>Cryptographic Layers <spanx style="verb">A</spanx> <tt>A</tt> and <spanx style="verb">B</spanx> <tt>B</tt> form the Cryptographic Envelope.</t>
</li>
<li>
<t>The Cryptographic Payload, rooted in part <spanx style="verb">C</spanx> <tt>C</tt>, has <spanx style="verb">Content-Type: message/rfc822</spanx>.</t> <tt>Content-Type: message/rfc822</tt>.</t>
</li>
<li>
<t>Part <spanx style="verb">D</spanx> <tt>D</tt> (the MIME root of the message at <spanx style="verb">C</spanx>) <tt>C</tt>) is itself not a Cryptographic Layer.</t>
</li>
<li>
<t>Neither part <spanx style="verb">C</spanx> <tt>C</tt> nor part <spanx style="verb">D</spanx> <tt>D</tt> have any <spanx style="verb">hp</spanx> parameter <tt>hp</tt> parameters set on their <spanx style="verb">Content-Type</spanx>.</t>
</list></t> <tt>Content-Type</tt>.</t>
</li>
</ul>
</section>
<section anchor="rendering-responding-rfc8551hp"><name>Rendering anchor="rendering-responding-rfc8551hp">
<name>Rendering or Responding to an RFC8551HP message</name> Message</name>
<t>When it an MUA has precisely identified a message as an <iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref> message, an the MUA <bcp14>MAY</bcp14> render or respond to that message as though it were a message with Header Protection as defined in this document by making the following adjustments:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>Rather than rendering the message body as the Cryptographic Payload itself (part <spanx style="verb">C</spanx> <tt>C</tt> in the example above), render the <iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref> message's body as the MIME subtree that is the Cryptographic Payload's immediate child (part <spanx style="verb">D</spanx>).</t> <tt>D</tt>).</t>
</li>
<li>
<t>Make a comparable modification to <iref item="HeaderSetsFromMessage"/><xref target="headersetsfrommessage" format="none">HeaderSetsFromMessage</xref> (<xref target="headersetsfrommessage"/>) and <iref item="HeaderFieldProtection"/><xref target="headerfieldprotection" format="none">HeaderFieldProtection</xref> (<xref target="headerfieldprotection"/>): both Both algorithms currently look for the protected Header Fields on the Cryptographic Payload (part <spanx style="verb">C</spanx>), <tt>C</tt>), but they should instead look at the Cryptographic Payload's immediate child (part <spanx style="verb">D</spanx>).
<!--RFC Editor: the section references in the above bullet point are for the sake of the text/plain version. The text/html version doesn't need them because it has automatic internal hyperlinks. Is there some way that we can keep them, but only for the text/plain version? --></t> <tt>D</tt>).
</t>
</li>
<li>
<t>If the Cryptographic Envelope is signed-only, behave as though there is an <spanx style="verb">hp="clear"</spanx> <tt>hp="clear"</tt> parameter for the Cryptographic Payload; if the Envelope contains encryption, behave as though there is an <spanx style="verb">hp="cipher"</spanx> <tt>hp="cipher"</tt> parameter.
That is, infer the sender's cryptographic intent from the structure of the message.</t>
</li>
<li>
<t>If the Cryptographic Envelope contains encryption, further modify <iref item="HeaderSetsFromMessage"/><xref target="headersetsfrommessage" format="none">HeaderSetsFromMessage</xref> to derive <spanx style="verb">refouter</spanx> <tt>refouter</tt> from the actual outer message Header Fields (those found in part <spanx style="verb">A</spanx> <tt>A</tt> in the example above), above) rather than looking for <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Fields with the other protected Header Fields.
That is, infer Header Field confidentiality based on the unprotected headers.</t>
</list></t>
</li>
</ul>
<t>The inferences in the above modifications are not based on any strong end-to-end guarantees.
An intervening MTA may tamper with the message's outer Header Section or wrap the message in an encryption layer to undetectably change the recipient's understanding of the confidentiality of the message's Header Fields or the message body itself.</t>
</section>
</section>
<section anchor="rendering-other-schemes"><name>Rendering anchor="rendering-other-schemes">
<name>Rendering Other Schemes</name>
<t>Other MUAs may have generated different structures of messages that aim to offer end-to-end cryptographic protections that include Header Protection.
This document is not normative for those schemes, and it is <bcp14>NOT RECOMMENDED</bcp14> to generate these other schemes, as they can either have structural flaws or simply render poorly on Legacy MUAs.
A conformant MUA <bcp14>MAY</bcp14> attempt to infer Header Protection when rendering an existing message that appears to use some other scheme not documented here.
Pointers to some known other schemes can be found in <xref target="other-schemes"/>.</t>
</section>
</section>
<section anchor="sending-guidance"><name>Sending anchor="sending-guidance">
<name>Sending Guidance</name>
<t>This section describes the process an MUA should use to apply cryptographic protection to an e-mail email message with Header Protection.</t>
<t>When composing a message with end-to-end cryptographic protections, an MUA <bcp14>SHOULD</bcp14> apply Header Protection.</t>
<t>When generating such a message, an MUA <bcp14>MUST</bcp14> add the <spanx style="verb">hp</spanx> <tt>hp</tt> parameter (see <xref target="hp-parameter"/>) only to the <spanx style="verb">Content-Type</spanx> <tt>Content-Type</tt> Header Field at the root of the message's Cryptographic Payload.
The value of the parameter <bcp14>MUST</bcp14> indicate whether the Cryptographic Envelope contains a layer that provides encryption.</t>
<section anchor="compose-legacy"><name>Composing anchor="compose-legacy">
<name>Composing a Cryptographically Protected Message Without Header Protection</name>
<t>For contrast, we first consider the typical message composition process of a Legacy Crypto MUA MUA, which does not provide any Header Protection.</t>
<t>This process is described in <xref section="5.1" sectionFormat="of" target="I-D.ietf-lamps-e2e-mail-guidance"/>. target="RFC9787"/>.
We replicate it here for reference.
The inputs to the algorithm are:</t>
<t><list style="symbols">
<t><spanx style="verb">origbody</spanx>: the
<ul spacing="normal">
<li>
<t><tt>origbody</tt>: The traditional unprotected message body as a well-formed MIME tree (possibly just a single MIME leaf part).
As a well-formed MIME tree, <spanx style="verb">origbody</spanx> <tt>origbody</tt> already has structural Header Fields (<spanx style="verb">Content-*</spanx>) (<tt>Content-*</tt>) present.</t>
<t><spanx style="verb">origheaders</spanx>: the
</li>
<li>
<t><tt>origheaders</tt>: The intended non-structural Header Fields for the message, represented here as a list of <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> pairs, where <spanx style="verb">h</spanx> <tt>h</tt> is a Header Field name and <spanx style="verb">v</spanx> <tt>v</tt> is the associated value.
Note that these are Header Fields that the MUA intends to be visible to the recipient of the message.
In particular, if the MUA uses the <spanx style="verb">Bcc</spanx> <tt>Bcc</tt> Header Field during composition, composition but plans to omit it from the message (see <xref section="3.6.3" sectionFormat="of" target="RFC5322"/>), it will not be in <spanx style="verb">origheaders</spanx>.</t>
<t><spanx style="verb">crypto</spanx>: <tt>origheaders</tt>.</t>
</li>
<li>
<t><tt>crypto</tt>: The series of cryptographic protections to apply (for example, "sign with the secret key corresponding to X.509 certificate X, then encrypt to X.509 certificates X and Y").
This is a routine that accepts a MIME tree as input (the Cryptographic Payload), wraps the input in the appropriate Cryptographic Envelope, and returns the resultant MIME tree as output.</t>
</list></t>
</li>
</ul>
<t>The algorithm returns a MIME object that is ready to be injected into the mail system.</t>
<section anchor="composenoheaderprotection"><name>ComposeNoHeaderProtection</name> anchor="composenoheaderprotection">
<name>ComposeNoHeaderProtection</name>
<t>Method Signature:</t>
<t><spanx style="verb">
<t><tt>
ComposeNoHeaderProtection(origbody, origheaders, crypto) → -> mime_message
</spanx></t>
</tt></t>
<t>Procedure:</t>
<t><list style="numbers" type="1">
<ol spacing="normal" type="1"><li>
<t>Apply <spanx style="verb">crypto</spanx> <tt>crypto</tt> to MIME part <spanx style="verb">origbody</spanx>, <tt>origbody</tt>, producing MIME tree <spanx style="verb">output</spanx></t> <tt>output</tt>.</t>
</li>
<li>
<t>For each Header Field name and value <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> in <spanx style="verb">origheaders</spanx>:
<list style="numbers" type="i"> <tt>origheaders</tt>:
</t>
<ol spacing="normal" type="i"><li>
<t>Add Header Field <spanx style="verb">h</spanx> <tt>h</tt> to <spanx style="verb">output</spanx> <tt>output</tt> with value <spanx style="verb">v</spanx></t>
</list></t> <tt>v</tt>.</t>
</li>
</ol>
</li>
<li>
<t>Return <spanx style="verb">output</spanx></t>
</list></t> <tt>output</tt>.</t>
</li>
</ol>
</section>
</section>
<section anchor="compose"><name>Composing anchor="compose">
<name>Composing a Message with Header Protection</name>
<t>To compose a message using Header Protection, the composing MUA uses the following inputs:</t>
<t><list style="symbols">
<t>All
<ul spacing="normal">
<li>
<t>all the inputs described in <xref target="compose-legacy"/></t>
<t><spanx style="verb">hcp</spanx>:
</li>
<li>
<t><tt>hcp</tt>: a <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref>, as defined in <xref target="header-confidentiality-policy"/></t>
<t><spanx style="verb">respond</spanx>:
</li>
<li>
<t><tt>respond</tt>: if the new message is a response to another message (e.g., "Reply", "Reply All", "Forward", etc), etc.), the MUA function corresponding to the user's action (see <xref target="avoid-leak"/>), otherwise <spanx style="verb">null</spanx></t>
<t><spanx style="verb">refmsg</spanx>: <tt>null</tt></t>
</li>
<li>
<t><tt>refmsg</tt>: if the new message is a response to another message, the message being responded to, otherwise <spanx style="verb">null</spanx></t>
<t><spanx style="verb">legacy</spanx>: <tt>null</tt></t>
</li>
<li>
<t><tt>legacy</tt>: a boolean value, indicating whether any recipient of the message is believed to have a Legacy MUA.
If all recipients are known to implement this document, <spanx style="verb">legacy</spanx> <tt>legacy</tt> should be set to <spanx style="verb">false</spanx>. <tt>false</tt>.
(How an MUA determines the value of <spanx style="verb">legacy</spanx> <tt>legacy</tt> is out of scope for this document; an initial implementation can simply set it to <spanx style="verb">true</spanx>)</t>
</list></t> <tt>true</tt>.)</t>
</li>
</ul>
<t>To enable visibility of User-Facing but now removed/obscured Header Fields for decryption-capable Legacy MUAs, the Header Fields are included as a decorative Legacy Display Element in specially marked parts of the message (see <xref target="hp-legacy-display"/>).
This document recommends two mechanisms for such a decorative adjustment: one for a <spanx style="verb">text/html</spanx> <tt>text/html</tt> Main Body Part of the e-mail message, email message and one for a <spanx style="verb">text/plain</spanx> <tt>text/plain</tt> Main Body Part.
This document does not recommend adding a Legacy Display Element to any other part.</t>
<t>Please see <xref section="7.1" sectionFormat="of" target="I-D.ietf-lamps-e2e-mail-guidance"/> target="RFC9787"/> for guidance on identifying the parts of a message that are a Main Body Part.</t>
<section anchor="compose-algorithm"><name>Compose</name> anchor="compose-algorithm">
<name>Compose</name>
<t>Method Signature:</t>
<t><spanx style="verb">
<t><tt>
Compose(origbody, origheaders, crypto,
hcp, respond, refmsg, legacy)
→
-> mime_message
</spanx></t>
</tt></t>
<t>Procedure:</t>
<t><list style="numbers" type="1">
<ol spacing="normal" type="1"><li>
<t>Let <spanx style="verb">newbody</spanx> <tt>newbody</tt> be a copy of <spanx style="verb">origbody</spanx></t> <tt>origbody</tt>.</t>
</li>
<li>
<t>If <spanx style="verb">crypto</spanx> <tt>crypto</tt> contains encryption, encryption and <spanx style="verb">legacy</spanx> <tt>legacy</tt> is <spanx style="verb">true</spanx>:
<list style="numbers" type="i"> <tt>true</tt>:
</t>
<ol spacing="normal" type="i"><li>
<t>Create <spanx style="verb">ldlist</spanx>, <tt>ldlist</tt>, an empty list of <spanx style="verb">(header, value)</spanx> pairs</t> <tt>(header, value)</tt> pairs.</t>
</li>
<li>
<t>For each Header Field name and value <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> in <spanx style="verb">origheaders</spanx>:
<list style="numbers" type="a"> <tt>origheaders</tt>:
</t>
<ol spacing="normal" type="a"><li>
<t>If <spanx style="verb">h</spanx> <tt>h</tt> is User-Facing (see <xref section="1.1.2" sectionFormat="of" target="I-D.ietf-lamps-e2e-mail-guidance"/>):
<list style="numbers" type="I"> target="RFC9787"/>):
</t>
<ol spacing="normal" type="I"><li>
<t>If <spanx style="verb">hcp(h,v)</spanx> <tt>hcp(h,v)</tt> is not <spanx style="verb">v</spanx>:
<list style="numbers" type="A"> <tt>v</tt>:
</t>
<ol spacing="normal" type="A"><li>
<t>Add <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> to <spanx style="verb">ldlist</spanx></t>
</list></t>
</list></t>
</list></t> <tt>ldlist</tt>.</t>
</li>
</ol>
</li>
</ol>
</li>
</ol>
</li>
<li>
<t>If <spanx style="verb">ldlist</spanx> <tt>ldlist</tt> is not empty:
<list style="numbers" type="a">
</t>
<ol spacing="normal" type="a"><li>
<t>Identify each leaf MIME part of <spanx style="verb">newbody</spanx> <tt>newbody</tt> that represents the "main body" of the message.</t>
</li>
<li>
<t>For each "Main Body Part" <spanx style="verb">bodypart</spanx> <tt>bodypart</tt> of type <spanx style="verb">text/plain</spanx> <tt>text/plain</tt> or <spanx style="verb">text/html</spanx>:
<list style="numbers" type="I"> <tt>text/html</tt>:
</t>
<ol spacing="normal" type="I"><li>
<t>Adjust <spanx style="verb">bodypart</spanx> <tt>bodypart</tt> by inserting a Legacy Display Element header list <spanx style="verb">ldlist</spanx> <tt>ldlist</tt> into its content, content and adding a <spanx style="verb">Content-Type</spanx> <tt>Content-Type</tt> parameter <spanx style="verb">hp-legacy-display</spanx> <tt>hp-legacy-display</tt> with value <spanx style="verb">1</spanx> <tt>1</tt> (see <xref target="ld-text-plain"/> for <spanx style="verb">text/plain</spanx> <tt>text/plain</tt> and <xref target="ld-text-html"/> for <spanx style="verb">text/html</spanx>)</t>
</list></t>
</list></t>
</list></t> <tt>text/html</tt>).</t>
</li>
</ol>
</li>
</ol>
</li>
</ol>
</li>
<li>
<t>For each Header Field name and value <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> in <spanx style="verb">origheaders</spanx>:
<list style="numbers" type="i"> <tt>origheaders</tt>:
</t>
<ol spacing="normal" type="i"><li>
<t>Add Header Field <spanx style="verb">h</spanx> <tt>h</tt> to MIME part <spanx style="verb">newbody</spanx> <tt>newbody</tt> with value <spanx style="verb">v</spanx></t>
</list></t> <tt>v</tt>.</t>
</li>
</ol>
</li>
<li>
<t>If <spanx style="verb">crypto</spanx> <tt>crypto</tt> does not contain encryption:
<list style="numbers" type="i">
</t>
<ol spacing="normal" type="i"><li>
<t>Set the <spanx style="verb">hp</spanx> <tt>hp</tt> parameter on the <spanx style="verb">Content-Type</spanx> <tt>Content-Type</tt> of MIME part <spanx style="verb">newbody</spanx> <tt>newbody</tt> to <spanx style="verb">clear</spanx></t> <tt>clear</tt>.</t>
</li>
<li>
<t>Let <spanx style="verb">newheaders</spanx> <tt>newheaders</tt> be a copy of <spanx style="verb">origheaders</spanx></t>
</list></t> <tt>origheaders</tt>.</t>
</li>
</ol>
</li>
<li>
<t>Else (if <spanx style="verb">crypto</spanx> <tt>crypto</tt> contains encryption):
<list style="numbers" type="i">
</t>
<ol spacing="normal" type="i"><li>
<t>Set the <spanx style="verb">hp</spanx> <tt>hp</tt> parameter on the <spanx style="verb">Content-Type</spanx> <tt>Content-Type</tt> of MIME part <spanx style="verb">newbody</spanx> <tt>newbody</tt> to <spanx style="verb">cipher</spanx></t> <tt>cipher</tt>.</t>
</li>
<li>
<t>If <spanx style="verb">refmsg</spanx> <tt>refmsg</tt> is not <spanx style="verb">null</spanx>, <spanx style="verb">respond</spanx> <tt>null</tt>, <tt>respond</tt> is not <spanx style="verb">null</spanx>, <tt>null</tt>, and <spanx style="verb">refmsg</spanx> <tt>refmsg</tt> itself is encrypted with header protection:
<list style="numbers" type="a">
</t>
<ol spacing="normal" type="a"><li>
<t>Let <spanx style="verb">response_hcp</spanx> <tt>response_hcp</tt> be a single-use <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> derived from <spanx style="verb">respond</spanx> <tt>respond</tt> and <spanx style="verb">refmsg</spanx> <tt>refmsg</tt> (see <xref target="avoid-leak"/>)</t>
</list></t> target="avoid-leak"/>).</t>
</li>
</ol>
</li>
<li>
<t>Else (if this is not a response to an encrypted, header-protected message):
<list style="numbers" type="a">
</t>
<ol spacing="normal" type="a"><li>
<t>Set <spanx style="verb">response_hcp</spanx> <tt>response_hcp</tt> to <spanx style="verb">hcp_no_confidentiality</spanx></t>
</list></t> <tt>hcp_no_confidentiality</tt>.</t>
</li>
</ol>
</li>
<li>
<t>Create a new empty list of Header Field names and values <spanx style="verb">newheaders</spanx></t> <tt>newheaders</tt>.</t>
</li>
<li>
<t>For each Header Field name and value <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> in <spanx style="verb">origheaders</spanx>:
<list style="numbers" type="a"> <tt>origheaders</tt>:
</t>
<ol spacing="normal" type="a"><li>
<t>Let <spanx style="verb">newval</spanx> <tt>newval</tt> be <spanx style="verb">hcp(h,v)</spanx></t> <tt>hcp(h,v)</tt>.</t>
</li>
<li>
<t>If <spanx style="verb">newval</spanx> <tt>newval</tt> is <spanx style="verb">v</spanx>:
<list style="numbers" type="I"> <tt>v</tt>:
</t>
<ol spacing="normal" type="I"><li>
<t>Let <spanx style="verb">newval</spanx> <tt>newval</tt> be <spanx style="verb">response_hcp(h,v)</spanx></t>
</list></t> <tt>response_hcp(h,v)</tt>.</t>
</li>
</ol>
</li>
<li>
<t>If <spanx style="verb">newval</spanx> <tt>newval</tt> is not <spanx style="verb">null</spanx>):
<list style="numbers" type="I"> <tt>null</tt>):
</t>
<ol spacing="normal" type="I"><li>
<t>Add <spanx style="verb">(h,newval)</spanx> <tt>(h,newval)</tt> to <spanx style="verb">newheaders</spanx></t>
</list></t>
</list></t> <tt>newheaders</tt>.</t>
</li>
</ol>
</li>
</ol>
</li>
<li>
<t>For each Header Field name and value <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> in <spanx style="verb">newheaders</spanx>:
<list style="numbers" type="a"> <tt>newheaders</tt>:
</t>
<ol spacing="normal" type="a"><li>
<t>Let string <spanx style="verb">record</spanx> <tt>record</tt> be the concatenation of <spanx style="verb">h</spanx>, <tt>h</tt>, a literal "<spanx style="verb">: </spanx>" "<tt>: </tt>" (ASCII colon (0x3A) followed by ASCII space (0x20)), and <spanx style="verb">v</spanx></t> <tt>v</tt>.</t>
</li>
<li>
<t>Add Header Field "<spanx style="verb">HP-Outer</spanx>" "<tt>HP-Outer</tt>" to MIME part <spanx style="verb">newbody</spanx> <tt>newbody</tt> with value <spanx style="verb">record</spanx></t>
</list></t>
</list></t> <tt>record</tt>.</t>
</li>
</ol>
</li>
</ol>
</li>
<li>
<t>Apply <spanx style="verb">crypto</spanx> <tt>crypto</tt> to MIME part <spanx style="verb">newbody</spanx>, <tt>newbody</tt>, producing MIME tree <spanx style="verb">output</spanx></t> <tt>output</tt>.</t>
</li>
<li>
<t>For each Header Field name and value <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> in <spanx style="verb">newheaders</spanx>:
<list style="numbers" type="i"> <tt>newheaders</tt>:
</t>
<ol spacing="normal" type="i"><li>
<t>Add Header Field <spanx style="verb">h</spanx> <tt>h</tt> to <spanx style="verb">output</spanx> <tt>output</tt> with value <spanx style="verb">v</spanx></t>
</list></t> <tt>v</tt>.</t>
</li>
</ol>
</li>
<li>
<t>Return <spanx style="verb">output</spanx></t>
</list></t> <tt>output</tt>.</t>
</li>
</ol>
<t>Note that both new parameters (<spanx style="verb">hcp</spanx> (<tt>hcp</tt> and <spanx style="verb">legacy</spanx>) <tt>legacy</tt>) are effectively ignored if <spanx style="verb">crypto</spanx> <tt>crypto</tt> does not contain encryption.
This is by design, because they are irrelevant for signed-only cryptographic protections.</t>
</section>
<section anchor="ld-text-plain"><name>Adding anchor="ld-text-plain">
<name>Adding a Legacy Display Element to a text/plain Part</name>
<t>For a list of obscured and removed User-Facing Header Fields represented as <spanx style="verb">(header, value)</spanx> <tt>(header, value)</tt> pairs, concatenate them as a set of lines, with one newline at the end of each pair.
Add an additional trailing newline after the resultant text, and prepend the entire list to the body of the <spanx style="verb">text/plain</spanx> <tt>text/plain</tt> part.</t>
<t>The MUA <bcp14>MUST</bcp14> also add a <spanx style="verb">Content-Type</spanx> <tt>Content-Type</tt> parameter of <spanx style="verb">hp-legacy-display</spanx> <tt>hp-legacy-display</tt> with value <spanx style="verb">1</spanx> <tt>1</tt> to the MIME part to indicate that a Legacy Display Element was added.</t>
<t>For example, if the list of obscured Header Fields was <spanx style="verb">[("Cc", <tt>[("Cc", "alice@example.net"), ("Subject", "Thursday's meeting")]</spanx>, meeting")]</tt>, then a <spanx style="verb">text/plain</spanx> <tt>text/plain</tt> Main Body Part that originally looked like this:</t>
<figure><artwork><![CDATA[
<!--[rfced] The <artwork> in Sections 5.2.2 and 5.2.3 includes the
following attributes: charset=UTF-8 and hp-legacy-display=1.
Should quotes appear around the "UTF-8" and "1" values in these
instances per other use in the document? And should "UTF-8" be made
lowercase for consistency, or are the lowercase instances different?
Current:
Content-Type: text/plain; charset=UTF-8 vs.
Content-Type: text/plain; charset="utf-8"
Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1"; vs.
Content-Type: text/plain; charset=UTF-8; hp-legacy-display=1
-->
<artwork><![CDATA[
Content-Type: text/plain; charset=UTF-8
I think we should skip the meeting.
]]></artwork></figure>
<t>Would
]]></artwork>
<t>would become:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
Content-Type: text/plain; charset=UTF-8; hp-legacy-display=1
Subject: Thursday's meeting
Cc: alice@example.net
I think we should skip the meeting.
]]></artwork></figure>
]]></artwork>
<t>Note that the Legacy Display Element Elements (the lines beginning with <spanx style="verb">Subject:</spanx> <tt>Subject:</tt> and <spanx style="verb">Cc:</spanx>) <tt>Cc:</tt>) are part of the body of the MIME part in question.</t>
<t>This example assumes that the Main Body Part in question is not the root of the Cryptographic Payload.
For instance, it could be a leaf of a <spanx style="verb">multipart/alternative</spanx> <tt>multipart/alternative</tt> Cryptographic Payload.
This is why no additional Header Fields have been injected into the MIME part in this example.</t>
</section>
<section anchor="ld-text-html"><name>Adding anchor="ld-text-html">
<name>Adding a Legacy Display Element to a text/html Part</name>
<t>Adding a Legacy Display Element to a <spanx style="verb">text/html</spanx> <tt>text/html</tt> part is similar to how it is added to a <spanx style="verb">text/plain</spanx> <tt>text/plain</tt> part (see <xref target="ld-text-plain"/>).
Instead of adding the obscured or removed User-Facing Header Fields to a block of text delimited by a blank line, the composing MUA injects them in an HTML <spanx style="verb"><div></spanx> <tt><div></tt> element annotated with a <spanx style="verb">class</spanx> <tt>class</tt> attribute of <spanx style="verb">header-protection-legacy-display</spanx>.</t> <tt>header-protection-legacy-display</tt>.</t>
<t>The content and formatting of this decorative <spanx style="verb"><div></spanx> <tt><div></tt> have no strict requirements, but they <bcp14>MUST</bcp14> represent all the obscured and removed User-Facing Header Fields in a readable fashion.
A simple approach is to assemble the text in the same way as <xref target="ld-text-plain"/>, wrap it in a verbatim <spanx style="verb"><pre></spanx> <tt><pre></tt> element, and put that element in the annotated <spanx style="verb"><div></spanx>.</t> <tt><div></tt>.</t>
<t>The annotated <spanx style="verb"><div></spanx> <tt><div></tt> should be placed as close to the start of the <spanx style="verb"><body></spanx> <tt><body></tt> as possible, where it will be visible when viewed with a standard HTML renderer.</t>
<t>The MUA <bcp14>MUST</bcp14> also add a <spanx style="verb">Content-Type</spanx> <tt>Content-Type</tt> parameter of <spanx style="verb">hp-legacy-display</spanx> <tt>hp-legacy-display</tt> with value <spanx style="verb">1</spanx> <tt>1</tt> to the MIME part to indicate that a Legacy Display Element was added.</t>
<t>For example, if the list of obscured Header Fields was <spanx style="verb">[("Cc", <tt>[("Cc", "alice@example.net"), ("Subject", "Thursday's meeting")]</spanx>, meeting")]</tt>, then a <spanx style="verb">text/html</spanx> <tt>text/html</tt> Main Body Part that originally looked like this:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
Content-Type: text/html; charset=UTF-8
<html><head><title></title></head><body>
<p>I think we should skip the meeting.</p>
</body></html>
]]></artwork></figure>
<t>Would
]]></artwork>
<t>would become:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
Content-Type: text/html; charset=UTF-8; hp-legacy-display=1
<html><head><title></title></head><body>
<div class="header-protection-legacy-display">
<pre>Subject: Thursday's meeting
Cc: alice@example.net</pre></div>
<p>I think we should skip the meeting.</p>
</body></html>
]]></artwork></figure>
]]></artwork>
<t>This example assumes that the Main Body Part in question is not the root of the Cryptographic Payload.
For instance, it could be a leaf of a <spanx style="verb">multipart/alternative</spanx> <tt>multipart/alternative</tt> Cryptographic Payload.
This is why no additional Header Fields have been injected into the MIME part in this example.</t>
<section anchor="step-by-step-example-for-inserting-legacy-display-element-to-texthtml"><name>Step-by-step anchor="step-by-step-example-for-inserting-legacy-display-element-to-texthtml">
<name>Step-by-Step Example for Inserting a Legacy Display Element to into text/html</name>
<t>A composing MUA <bcp14>MAY</bcp14> insert the Legacy Display Element anywhere reasonable within the message as long as it prioritizes visibility for the reader using a Legacy decryption-capable MUA. MUA that is capable of decryption.
This decision may take into account special message-specific HTML formatting expectations if the MUA is aware of them.
However, some MUAs may not have any special insight into the user's preferred HTML formatting, formatting and still want to insert a Legacy Display Element.
This section offers a non-normative, simple, and minimal step-by-step approach for a composing MUA that has no other information or preferences to fall back on.</t>
<t>The process below assumes that the MUA already has the full HTML object that it intends to send, including all of the text supplied by the user.</t>
<t><list style="numbers" type="1">
<ol spacing="normal" type="1"><li>
<t>Assemble the text exactly as specified for <spanx style="verb">text/plain</spanx> <tt>text/plain</tt> (see <xref target="ld-text-plain"/>).</t>
</li>
<li>
<t>Wrap that text in a verbatim <spanx style="verb"><pre></spanx> <tt><pre></tt> element.</t>
</li>
<li>
<t>Wrap that <spanx style="verb"><pre></spanx> <tt><pre></tt> element in a <spanx style="verb"><div></spanx> <tt><div></tt> element annotated with the class <spanx style="verb">header-protection-legacy-display</spanx>.</t> <tt>header-protection-legacy-display</tt>.</t>
</li>
<li>
<t>Find the <spanx style="verb"><body></spanx> <tt><body></tt> element of the full HTML object.</t>
</li>
<li>
<t>Insert the <spanx style="verb"><div></spanx> <tt><div></tt> element as the first child of the <spanx style="verb"><body></spanx> <tt><body></tt> element.</t>
</list></t>
</li>
</ol>
</section>
</section>
<section anchor="ld-main-body-only"><name>Only anchor="ld-main-body-only">
<name>Only Add a Legacy Display Element to Main Body Parts</name>
<t>Some messages may contain a <spanx style="verb">text/plain</spanx> <tt>text/plain</tt> or <spanx style="verb">text/html</spanx> <tt>text/html</tt> subpart that is <em>not</em> a Main Body Part.
For example, an e-mail email message might contain an attached text file or a downloaded webpage. web page.
Attached documents need to be preserved as intended in the transmission, without modification.</t>
<t>The composing MUA <bcp14>MUST NOT</bcp14> add a Legacy Display Element to any part of the message that is not a Main Body Part.
In particular, if a part is annotated with <spanx style="verb">Content-Disposition: attachment</spanx>, <tt>Content-Disposition: attachment</tt>, or if it does not descend via the first child of any of its <spanx style="verb">multipart/mixed</spanx> <tt>multipart/mixed</tt> or <spanx style="verb">multipart/related</spanx> <tt>multipart/related</tt> ancestors, it is not a Main Body Part, Part and <bcp14>MUST NOT</bcp14> be modified.</t>
<t>See <xref section="7.1" sectionFormat="of" target="I-D.ietf-lamps-e2e-mail-guidance"/> target="RFC9787"/> for more guidance about common ways to distinguish Main Body Parts from other MIME parts in a message.</t>
</section>
<section anchor="ld-other-content-types"><name>Do anchor="ld-other-content-types">
<name>Do Not Add a Legacy Display Element to Other Content-Types</name>
<!--[rfced] As "Main Body Part" is a term used throughout the document, may we
update this sentence as shown below?
Original:
The purpose of injecting a Legacy Display Element into each Main Body
MIME part is to enable rendering of otherwise obscured Header Fields
in Legacy MUAs that are capable of message decryption...
Perhaps:
The purpose of injecting a Legacy Display Element into each MIME Main
Body Part is to enable rendering of otherwise obscured Header Fields
in Legacy MUAs that are capable of message decryption...
-->
<t>The purpose of injecting a Legacy Display Element into each Main Body MIME part is to enable rendering of otherwise obscured Header Fields in Legacy MUAs that are capable of message decryption, decryption but don't know how to follow the rest of the guidance in this document.</t>
<t>The authors are unaware of any Legacy MUA that would render any MIME part type other than <spanx style="verb">text/plain</spanx> <tt>text/plain</tt> and <spanx style="verb">text/html</spanx> <tt>text/html</tt> as the Main Body.
A generating MUA <bcp14>SHOULD NOT</bcp14> add a Legacy Display Element to any MIME part with any other <spanx style="verb">Content-Type</spanx>.</t> <tt>Content-Type</tt>.</t>
</section>
</section>
</section>
<section anchor="replying"><name>Replying anchor="replying">
<name>Replying and Forwarding Guidance</name>
<t>An MUA might create a new message in response to another message, thus acting both as a receiving MUA and as a sending MUA.
For example, the user of an MUA viewing any given message might take an action like "Reply", "Reply All", "Forward", or some comparable action to start the composition of a new message.
The new message created this way effectively references the original message that was viewed at the time.</t>
<t>For encrypted messages, special guidance applies, because information can leak in at least two ways: leaking previously confidential Header Fields, Fields and leaking the entire message by sending the reply or forward to the wrong party.</t>
<section anchor="avoid-leak"><name>Avoid anchor="avoid-leak">
<name>Avoid Leaking Encrypted Header Fields in Replies and Forwards</name>
<t>As noted in <xref section="5.4" sectionFormat="of" target="I-D.ietf-lamps-e2e-mail-guidance"/>, target="RFC9787"/>, an MUA in this position <bcp14>MUST NOT</bcp14> leak previously encrypted content in the clear in a follow-up message.
The same is true for protected Header Fields.</t>
<t>Values from any Header Field that was identified as either <spanx style="verb">encrypted-only</spanx> <tt>encrypted-only</tt> or <spanx style="verb">signed-and-encrypted</spanx> <tt>signed-and-encrypted</tt> based on the steps outlined above <bcp14>MUST NOT</bcp14> be placed in cleartext output when generating a message.</t>
<t>In particular, if <spanx style="verb">Subject</spanx> <tt>Subject</tt> was encrypted, and it is copied into the draft encrypted reply, the replying MUA <bcp14>MUST</bcp14> obscure the unprotected (cleartext) <spanx style="verb">Subject</spanx> <tt>Subject</tt> Header Field.</t>
<t>When crafting the Header Fields for a reply or forwarded message, the composing MUA <bcp14>SHOULD</bcp14> make use of the <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Fields from within the Cryptographic Envelope of the reference message to ensure that Header Fields derived from the reference message do not leak in the reply.</t>
<t>On a high-level, high level, this can be achieved as follows:
Consider a Header Field in a reply message that is generated by derivation from a Header Field in the reference message.
For example, the <spanx style="verb">To</spanx> <tt>To</tt> Header Field is typically derived from the reference message's <spanx style="verb">Reply-To</spanx> <tt>Reply-To</tt> or <spanx style="verb">From</spanx> <tt>From</tt> Header Fields.
When generating the outer copy of the Header Field, the composing MUA first applies its own <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref>.
If the Header Field's value is changed by the <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref>, then it is applied to the outside header.
If the Header Field's value is unchanged, the composing MUA re-generates regenerates the Header Field using the Header Fields that had been on the outside of the original message at sending time.
These can be inferred from the <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Fields located within the Cryptographic Payload of the referenced message.
If that value is itself different than the protected value, then it is applied to the outside header.
If the value is the same as the protected value, then it is simply copied to the outside header directly.
Whether it was changed or not, it is noted in the protected Header Section using <spanx style="verb">HP-Outer</spanx>, <tt>HP-Outer</tt>, as described in <xref target="new-header-field"/>.</t>
<t>See <xref target="reply-example"/> for a simple worked example of this process.</t>
<t>Below we describe a supporting algorithm to handles handle this.
It produces a list of Header Fields that should be obscured or removed in the new message even if the sender's choice of <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> wouldn't normally remove or obscure the Header Field in question.
This is effectively a single-use <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref>.
The normal sending guidance in <xref target="compose"/> applies this single-use <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> to implement the high-level guidance above.</t>
<section anchor="referencehcp"><name>ReferenceHCP</name> anchor="referencehcp">
<name>ReferenceHCP</name>
<t>The algorithm takes two inputs:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>A single referenced message <spanx style="verb">refmsg</spanx>, and</t> <tt>refmsg</tt></t>
</li>
<li>
<t>A built-in MUA <tt>respond</tt> function <spanx style="verb">respond</spanx> associated with the user's action.
<spanx style="verb">respond</spanx>
The <tt>respond</tt> function takes as input a list of headers from a referenced message as input and generates a list of initial candidate message Header Field names and values that are used to populate the message composition interface.
Something like this function already exists in most MUAs, though it may differ across responsive actions.
For example, the <spanx style="verb">respond</spanx> <tt>respond</tt> function that implements "Reply All" is likely to be a different from the <spanx style="verb">respond</spanx> <tt>respond</tt> that implements "Reply".</t>
</list></t>
</li>
</ul>
<t>As an output, it produces an ephemeral single-use <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref>, specific to this kind of response to this specific message.</t>
<t>Method signature:</t>
<t><spanx style="verb">
<t><tt>
ReferenceHCP(refmsg, respond) → -> ephemeral_hcp
</spanx></t>
</tt></t>
<t>Procedure:</t>
<t><list style="numbers" type="1">
<ol spacing="normal" type="1"><li>
<t>If <spanx style="verb">refmsg</spanx> <tt>refmsg</tt> is not encrypted with Header Protection:
<list style="numbers" type="i">
</t>
<ol spacing="normal" type="i"><li>
<t>Return <spanx style="verb">hcp_no_confidentiality</spanx> <tt>hcp_no_confidentiality</tt> (there is no header confidentiality in the reference message that needs protection)</t>
</list></t> protection).</t>
</li>
</ol>
</li>
<li>
<t>Extract <spanx style="verb">refouter</spanx>, <spanx style="verb">refprotected</spanx> <tt>refouter</tt>, <tt>refprotected</tt> from <spanx style="verb">refmsg</spanx> <tt>refmsg</tt> as described in <xref target="extracting-headers"/></t> target="extracting-headers"/>.</t>
</li>
<li>
<t>Let <spanx style="verb">genprotected</spanx> <tt>genprotected</tt> be a list of <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> pairs generated by <spanx style="verb">respond(refprotected)</spanx></t> <tt>respond(refprotected)</tt>.</t>
</li>
<li>
<t>Let <spanx style="verb">genouter</spanx> <tt>genouter</tt> be a list of <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> pairs generated by <spanx style="verb">respond(refouter)</spanx></t> <tt>respond(refouter)</tt>.</t>
</li>
<li>
<t>For each <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> in <spanx style="verb">genprotected</spanx>:
<list style="numbers" type="i"> <tt>genprotected</tt>:
</t>
<ol spacing="normal" type="i"><li>
<t>If <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> is in <spanx style="verb">genouter</spanx>:
<list style="numbers" type="a"> <tt>genouter</tt>:
</t>
<ol spacing="normal" type="a"><li>
<t>Remove <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> from both <spanx style="verb">genprotected</spanx> <tt>genprotected</tt> and <spanx style="verb">genouter</spanx> <tt>genouter</tt> (this Header Field does not need additional confidentiality)</t>
</list></t>
</list></t> confidentiality).</t>
</li>
</ol>
</li>
</ol>
</li>
<li>
<t>Let <spanx style="verb">confmap</spanx> <tt>confmap</tt> be a mapping from a Header Field name and value <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> to either a string or the special value <spanx style="verb">null</spanx> <tt>null</tt> (this mapping is initially empty)</t> empty).</t>
</li>
<li>
<t>For each <spanx style="verb">(h,v)</spanx> <tt>(h,v)</tt> remaining in <spanx style="verb">genprotected</spanx>:
<list style="numbers" type="i"> <tt>genprotected</tt>:
</t>
<ol spacing="normal" type="i"><li>
<t>Set <spanx style="verb">result</spanx> <tt>result</tt> to the special value <spanx style="verb">null</spanx></t> <tt>null</tt>.</t>
</li>
<li>
<t>For each <spanx style="verb">(h1,v1)</spanx> <tt>(h1,v1)</tt> in <spanx style="verb">genouter</spanx>:
<list style="numbers" type="a"> <tt>genouter</tt>:
</t>
<ol spacing="normal" type="a"><li>
<t>If <spanx style="verb">h1</spanx> <tt>h1</tt> is <spanx style="verb">h</spanx>:
<list style="numbers" type="I"> <tt>h</tt>:
</t>
<ol spacing="normal" type="I"><li>
<t>Set <spanx style="verb">result</spanx> <tt>result</tt> to <spanx style="verb">v1</spanx></t>
</list></t>
</list></t> <tt>v1</tt>.</t>
</li>
</ol>
</li>
</ol>
</li>
<li>
<t>Insert <spanx style="verb">(h,v) <tt>(h,v) -> result</spanx> result</tt> into <spanx style="verb">confmap</spanx></t>
</list></t> <tt>confmap</tt>.</t>
</li>
</ol>
</li>
<li>
<t>Return a new <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> from <spanx style="verb">confmap</spanx> <tt>confmap</tt> that tests whether <spanx style="verb">(name,val_in)</spanx> are <tt>(name,val_in)</tt> is in <spanx style="verb">confmap</spanx>; <tt>confmap</tt>; if so, return <spanx style="verb">confmap[(name,val_in)]</spanx>; <tt>confmap[(name,val_in)]</tt>; otherwise, return <spanx style="verb">val_in</spanx></t>
</list></t> <tt>val_in</tt>.</t>
</li>
</ol>
<t>Note that the key idea here is to reuse the MUA's existing <spanx style="verb">respond</spanx> <tt>respond</tt> function.
The algorithm simulates how the MUA would pre-populate a reply to two traditional messages whose Header Fields have the values <spanx style="verb">refouter</spanx> <tt>refouter</tt> and <spanx style="verb">refprotected</spanx> <tt>refprotected</tt>, respectively (independent of any cryptographic protections).
Then
Then, it uses the difference to derive a one-time <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref>.
This <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> takes into account both the referenced message's sender's preferences and the derivations that can happen to Header Field values when responding.
Note that while some of these derivations are straight forward straightforward (e.g., <spanx style="verb">In-Reply-To</spanx> <tt>In-Reply-To</tt> is usually derived from <spanx style="verb">Message-ID</spanx>), <tt>Message-ID</tt>), others are non-trivial.
For example, the <spanx style="verb">From</spanx> <tt>From</tt> address may be derived from <spanx style="verb">To</spanx>, <spanx style="verb">Cc</spanx>, <tt>To</tt>, <tt>Cc</tt>, or from the MUA's local address preference (especially when the MUA received the referenced message via <spanx style="verb">Bcc</spanx>). <tt>Bcc</tt>).
Similarly, <spanx style="verb">To</spanx> <tt>To</tt> may be derived from <spanx style="verb">To</spanx>, <spanx style="verb">From</spanx>, <tt>To</tt>, <tt>From</tt>, and/or <spanx style="verb">Cc</spanx> <tt>Cc</tt> Header Fields depending on the MUA implementation and depending on whether the user clicked "Reply", "Reply All", "Forward", or any other action that generates a response to a message.
Reusing the MUA's existing <spanx style="verb">respond</spanx> <tt>respond</tt> function incorporates these nuances without requiring any extra configuration choices or additional maintenance burden.</t>
</section>
</section>
<section anchor="avoid-misdirected-replies"><name>Avoid anchor="avoid-misdirected-replies">
<name>Avoid Misdirected Replies</name>
<t>When replying to a message, the Composing composing MUA typically decides who to send the reply to based on:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>the <spanx style="verb">Reply-To</spanx>, <spanx style="verb">Mail-Followup-To</spanx>, <tt>Reply-To</tt>, <tt>Mail-Followup-To</tt>, or <spanx style="verb">From</spanx> <tt>From</tt> Header Fields</t>
</li>
<li>
<t>optionally, the other <spanx style="verb">To</spanx> <tt>To</tt> or <spanx style="verb">Cc</spanx> <tt>Cc</tt> Header Fields (if the user chose to "reply all")</t>
</list></t> "Reply All")</t>
</li>
</ul>
<t>When a message has Header Protection, the replying MUA <bcp14>MUST</bcp14> populate the destination fields of the draft message using the protected Header Fields, Fields and ignore any unprotected Header Fields.</t>
<t>This mitigates against an attack where Mallory gets a copy of an encrypted message from Alice to Bob, Bob and then replays relays the message to Bob with an additional <spanx style="verb">Cc</spanx> <tt>Cc</tt> to Mallory's own e-mail email address in the message's outer (unprotected) Header Section.</t>
<t>If Bob knows Mallory's certificate already, and he replies to such a message without following the guidance in this section, it's likely that his MUA will encrypt the cleartext of the message directly to Mallory.</t>
</section>
</section>
<section anchor="fields-added-in-transit"><name>Unprotected anchor="fields-added-in-transit">
<name>Unprotected Header Fields Added in Transit</name>
<t>Some Header Fields are legitimately added in transit and could not have been known to the sender at message composition time.</t>
<t>The most common of these Header Fields are <spanx style="verb">Received</spanx> <tt>Received</tt> and <spanx style="verb">DKIM-Signature</spanx>, <tt>DKIM-Signature</tt>, neither of which are typically rendered, either explicitly or implicitly.</t>
<t>If a receiving MUA has specific knowledge about a given Header Field, including that:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>the Header Field would not have been known to the original sender, sender and</t>
</li>
<li>
<t>the Header Field might be rendered explicitly or implicitly,</t>
</list></t>
</li>
</ul>
<t>then the MUA <bcp14>MAY</bcp14> decide to operate on the value of that Header Field from the unprotected Header Section, even though the message has Header Protection.</t>
<t>The MUA <bcp14>MAY</bcp14> prefer to verify that the Header Fields in question have additional transit-derived cryptographic protections before rendering or acting on them.
For example, the MUA could verify whether these Header Fields are covered by an appropriate and valid <spanx style="verb">ARC-Authentication-Results</spanx> <tt>ARC-Authentication-Results</tt> (see <xref target="RFC8617"/>) or <spanx style="verb">DKIM-Signature</spanx> <tt>DKIM-Signature</tt> (see <xref target="RFC6376"/>) Header Field.</t>
<t>Specific examples of user-meaningful Header Fields that are meaningful to the user are commonly added by the transport agents that appear below.</t>
<section anchor="mailing-list-header-fields-list-and-archived-at"><name>Mailing list anchor="mailing-list-header-fields-list-and-archived-at">
<name>Mailing List Header Fields: List-* and Archived-At</name>
<t>If the message arrives through a mailing list, the list manager itself may inject Header Fields (most have a <spanx style="verb">List-</spanx> <tt>List-</tt> prefix) in the message:</t>
<t><list style="symbols">
<t><spanx style="verb">List-Archive</spanx></t>
<t><spanx style="verb">List-Subscribe</spanx></t>
<t><spanx style="verb">List-Unsubscribe</spanx></t>
<t><spanx style="verb">List-Id</spanx></t>
<t><spanx style="verb">List-Help</spanx></t>
<t><spanx style="verb">List-Post</spanx></t>
<t><spanx style="verb">Archived-At</spanx></t>
</list></t>
<ul spacing="normal">
<li>
<t><tt>List-Archive</tt></t>
</li>
<li>
<t><tt>List-Subscribe</tt></t>
</li>
<li>
<t><tt>List-Unsubscribe</tt></t>
</li>
<li>
<t><tt>List-Id</tt></t>
</li>
<li>
<t><tt>List-Help</tt></t>
</li>
<li>
<t><tt>List-Post</tt></t>
</li>
<li>
<t><tt>Archived-At</tt></t>
</li>
</ul>
<t>For some MUAs, these Header Fields are implicitly rendered, rendered by providing buttons for actions like "Subscribe", "View Archived Version", "Reply List", "List Info", etc.</t>
<t>An MUA that receives a message with Header Protection that contains these Header Fields in the unprotected section, section and that has reason to believe the message is coming through a mailing list <bcp14>MAY</bcp14> decide to render them to the user (explicitly or implicitly) even though they are not protected.</t>
</section>
</section>
<section anchor="e-mail-ecosystem-evolution"><name>E-mail anchor="e-mail-ecosystem-evolution">
<name>Email Ecosystem Evolution</name>
<t>The e-mail email ecosystem is the set of client-side and server-side software and policies that are used in the creation, transmission, storage, rendering, and indexing of electronic mail email over the Internet.</t>
<t>This document is intended to offer tooling needed to improve the state of the e-mail email ecosystem in a way that can be deployed without significant disruption.
Some elements of this specification are present for transitional purposes, purposes but would not exist if the system were designed from scratch.</t>
<t>This section describes these transitional mechanisms, as well as some suggestions for how they might eventually be phased out.</t>
<section anchor="dropping-legacy-display-elements"><name>Dropping anchor="dropping-legacy-display-elements">
<name>Dropping Legacy Display Elements</name>
<t>Any decorative Legacy Display Element added to an encrypted message that uses Header Protection is present strictly for enabling Header Field visibility (most importantly, the Subject Header Field) when the message is viewed with a decryption-capable Legacy MUA.</t>
<t>Eventually, the hope is that most decryption-capable MUAs will conform to this specification, specification and there will be no need for injection of Legacy Display Elements in the message body.
A survey of widely used decryption-capable MUAs might be able to establish when most of them do support this specification.</t>
<t>At that point, a composing MUA could set the <spanx style="verb">legacy</spanx> <tt>legacy</tt> parameter defined in <xref target="compose"/> to <spanx style="verb">false</spanx> <tt>false</tt> by default or could even hard-code it to <spanx style="verb">false</spanx>, <tt>false</tt>, yielding a much simpler message construction set.</t>
<t>Until that point, an end user might want to signal that their receiving MUAs are conformant to this document so that a peer composing a message to them can set <spanx style="verb">legacy</spanx> <tt>legacy</tt> to <spanx style="verb">false</spanx>. <tt>false</tt>.
A signal indicating capability of handling messages with Header Protection might be placed in the user's cryptographic certificate, certificate or in outbound messages.</t>
<t>This document does not attempt to define the syntax or semantics of such a signal.</t>
</section>
<section anchor="more-ambitious-default-header-confidentiality-policy"><name>More anchor="more-ambitious-default-header-confidentiality-policy">
<name>More Ambitious Default Header Confidentiality Policy</name>
<t>This document defines a few different forms of <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref>.
An MUA implementing an <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> for the first time <bcp14>SHOULD</bcp14> deploy <spanx style="verb">hcp_baseline</spanx> <tt>hcp_baseline</tt> as recommended in <xref target="default-hcp"/>.
This <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> offers the most commonly expected protection (obscuring the Subject Header Field) without risking deliverability or rendering issues.</t>
<t>The HCPs proposed in this document are relatively conservative and still leak a significant amount of metadata for encrypted messages.
This is largely done to ensure deliverability (see <xref target="deliverability"/>) and usability, as messages without some critical Header Fields are more likely to not reach their intended recipient.</t>
<!--[rfced] Is a "mail transport system" the same thing as a "mail transport
agent"? If so, may we update this sentence to use "mail transport agents"
for consistency with the rest of the document?
Original:
In the future, some mail transport systems may accept and deliver
messages with even less publicly visible metadata.
Perhaps:
In the future, some mail transport agents may accept and deliver
messages with even less publicly visible metadata.
-->
<t>In the future, some mail transport systems may accept and deliver messages with even less publicly visible metadata.
Many MTA operators today would ask for additional guarantees about such a message to limit the risks associated with abusive or spammy spam mail.</t>
<t>This specification offers the <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> formalism itself as a way for MUA developers and MTA operators to describe their expectations around message deliverability.
MUA developers can propose a more ambitious default <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref>, format="none">HCP</xref> and ask MTA operators (or simply test) whether their MTAs would be likely to deliver or reject encrypted mail with that <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> applied.
Proponents of a more ambitious <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> should explicitly document the <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> and name it clearly and unambiguously to facilitate this kind of interoperability discussion.</t>
<t>Reaching widespread consensus around a more ambitious global default <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> is a challenging problem of coordinating many different actors.
A piecemeal approach might be more feasible, where some signalling signaling mechanism allows a message recipient, MTA operator, or third-party clearinghouse to announce what kinds of HCPs are likely to be deliverable for a given recipient.
In such a situation, the default <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> for an MUA might involve consulting the signalled signaled acceptable HCPs for all recipients, recipients and combining them (along with a default for when no signal is present) in some way.</t>
<t>If such a signal were to reach widespread use, it could also be used to guide reasonable statistical default <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> choices for recipients with no signal.</t>
<t>This document does not attempt to define the syntax or semantics of such a signal.</t>
</section>
<section anchor="deprecation-of-messages-without-header-protection"><name>Deprecation anchor="deprecation-of-messages-without-header-protection">
<name>Deprecation of Messages Without Header Protection</name>
<t>At some point, when the majority of MUA clients that can generate cryptographically protected messages with Header Protection, it should be possible to deprecate any cryptographically protected message that does not have Header Protection.</t>
<t>For example, as noted in <xref target="mixed-protections"/>, it's possible for an MUA to render a <spanx style="verb">signed-only</spanx> <tt>signed-only</tt> message that has no Header Protection the same as an <spanx style="verb">unprotected</spanx> <tt>unprotected</tt> message.
And a <spanx style="verb">signed-and-encrypted</spanx> <tt>signed-and-encrypted</tt> message without Header Protection could likewise be marked as not fully protected.</t>
<t>These stricter rules could be adopted immediately for all messages.
Or an MUA developer could roll them out immediately for any new message, message but still treat an old message (based on the Date Header Field and cryptographic signature timestamp) more leniently.</t>
<t>A decision like this by any popular receiving MUA could drive adoption of this standard for sending MUAs.</t>
</section>
</section>
<section anchor="usability-considerations"><name>Usability anchor="usability-considerations">
<name>Usability Considerations</name>
<t>This section describes concerns for MUAs that are interested in easy adoption of Header Protection by normal users.</t>
<t>While they are not protocol-level artifacts, these concerns motivate the protocol features described in this document.</t>
<t>See also the Usability usability commentary in <xref section="2" sectionFormat="of" target="I-D.ietf-lamps-e2e-mail-guidance"/>.</t> target="RFC9787"/>.</t>
<section anchor="mixed-protections"><name>Mixed anchor="mixed-protections">
<name>Mixed Protections Within a Message Are Hard To to Understand</name>
<t>When rendering a message to the user, the ideal circumstance is to present a single cryptographic status for any given message.
However, when message Header Fields are present, some message Header Fields do not have the same cryptographic protections as the main message.</t>
<t>Representing such a mixed set of protection statuses is very difficult to do in a way that a an Ordinary User can understand.
There are at least three scenarios that are likely to be common, common and poorly understood:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>A signed message with no Header Protection.</t>
</li>
<li>
<t>A signed-and-encrypted message with no Header Protection.</t>
</li>
<li>
<t>A signed-and-encrypted message with Header Protection as defined in this document, where some User-Facing Header Fields have confidentiality but some do not.</t>
</list></t>
</li>
</ul>
<t>An MUA should have a reasonable strategy for clearly communicating each of these scenarios to the user.
For example, an MUA operating in an environment where it expects most cryptographically protected messages to have Header Protection could use the following rendering strategy:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>When rendering a message with <spanx style="verb">signed-only</spanx> a <tt>signed-only</tt> cryptographic status but no Header Protection, an MUA may decline to indicate a positive security status overall, overall and only indicate the cryptographic status to a user in a message properties or diagnostic view.
That is, the message may appear identical to an unsigned message except if a user verifies the properties through a menu option.</t>
</li>
<li>
<t>When rendering a message with <spanx style="verb">signed-and-encrypted</spanx> a <tt>signed-and-encrypted</tt> or <spanx style="verb">encrypted-only</spanx> <tt>encrypted-only</tt> cryptographic status but no Header Protection, overlay a warning flag on the typical cryptographic status indicator.
That is, if a typical <spanx style="verb">signed-and-encrypted</spanx> <tt>signed-and-encrypted</tt> message displays a lock icon, display a lock icon with a warning sign (e.g., an exclamation point in a triangle) overlaid.
See, for
For example, see the graphics in <xref target="chrome-indicators"/>.</t>
</li>
<li>
<t>When rendering a message with <spanx style="verb">signed-and-encrypted</spanx> a <tt>signed-and-encrypted</tt> or <spanx style="verb">encrypted-only</spanx> <tt>encrypted-only</tt> cryptographic status, status with Header Protection, Protection but where the Subject Header Field has not been removed or obscured, place a warning sign on the Subject line.</t>
</list></t>
</li>
</ul>
<t>Other simple rendering strategies could also be reasonable.</t>
</section>
<section anchor="sensible-default-hcp"><name>Users anchor="sensible-default-hcp">
<name>Users Should Not Have To to Choose a Header Confidentiality Policy</name>
<t>This document defines the abstraction of a <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> object for the sake of communication between implementers and deployments.</t>
<t>Most e-mail email users are unlikely to understand the tradeoffs trade-offs between different policies.
In particular, the potential negative side effects (e.g., poor deliverability) may not be easily attributable by a normal user to a particular <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref>.</t>
<t>Therefore, MUA implementers should be conservative in their choice of default <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref>, format="none">HCP</xref> and should not require the Ordinary User to make an incomprehensible choice that could cause unfixable, undiagnosable problems.
The safest option is for the MUA developer to select a known, stable <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> (this document recommends <spanx style="verb">hcp_baseline</spanx> <tt>hcp_baseline</tt> in <xref target="default-hcp"/>) on the user's behalf.
An MUA should not expose the Ordinary User to a configuration option where they are expected to manually select (let alone define) an <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref>.</t>
</section>
</section>
<section anchor="security-considerations"><name>Security anchor="security-considerations">
<name>Security Considerations</name>
<t>Header Protection improves the security of cryptographically protected e-mail email messages.
Following the guidance in this document improves security for users by more directly aligning the underlying messages with user expectations about confidentiality, authenticity, and integrity.</t>
<t>Nevertheless, helping the user distinguish between cryptographic protections of various messages remains a security challenge for MUAs.
This is exarcebated exacerbated by the fact that many existing messages with cryptographic protections do not employ Header Protection.
MUAs encountering these messages (e.g., in an archive) will need to handle older forms (without Header Protection) for quite some time, possibly forever.</t>
<t>The security considerations from <xref section="6" sectionFormat="of" target="RFC8551"/> continue to apply for any MUA that offers S/MIME cryptographic protections, as well as <xref section="3" sectionFormat="of" target="RFC5083"/> (Authenticated-Enveloped-Data in CMS) Cryptographic Message Syntax (CMS)) and <xref section="14" sectionFormat="of" target="RFC5652"/> (CMS more broadly).
Likewise, the security considerations from <xref section="8" sectionFormat="of" target="RFC3156"/> continue to apply for any MUA that offers PGP/MIME cryptographic protections, as well as <xref section="13" sectionFormat="of" target="RFC9580"/> (OpenPGP itself).
In addition, these underlying security considerations are now also applicable to the contents of the message header, not just the message body.</t>
<section anchor="from-addr-spoofing"><name>From anchor="from-addr-spoofing">
<name>From Address Spoofing</name>
<t>If the <spanx style="verb">From</spanx> <tt>From</tt> Header Field were was treated by the receiving MUA like any other protected Header Field, Field by the receiving MUA, this scheme would enable sender address spoofing.</t>
<t>To prevent sender spoofing, many receiving MUAs implicitly rely on their receiving MTA to inspect the unprotected Header Section and verify that the <spanx style="verb">From</spanx> <tt>From</tt> Header Field is authentic.
If a receiving MUA displays a <spanx style="verb">From</spanx> <tt>From</tt> address that doesn't match the <spanx style="verb">From</spanx> <tt>From</tt> address that the receiving and/or sending MTAs filtered on, the MUA may be vulnerable to spoofing.</t>
<t>Consider a malicious MUA that sets the following Header Fields on an encrypted message with Header Protection:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>Outer: <spanx style="verb">From: <alice@example.com></spanx></t> <tt>From: <alice@example.com></tt></t>
</li>
<li>
<t>Inner: <spanx style="verb">HP-Outer: <tt>HP-Outer: From: <alice@example.com></spanx></t> <alice@example.com></tt></t>
</li>
<li>
<t>Inner: <spanx style="verb">From: <bob@example.org></spanx></t>
</list></t> <tt>From: <bob@example.org></tt></t>
</li>
</ul>
<t>During sending, the MTA of <spanx style="verb">example.com</spanx> <tt>example.com</tt> validates that the sending MUA is authorized to send from <spanx style="verb">alice@example.com</spanx>. <tt>alice@example.com</tt>.
Since the message is encrypted, the sending and receiving MTAs cannot see the protected Header Fields.
A naive receiving MUA might follow the algorithms in this document without special consideration for the <spanx style="verb">From</spanx> <tt>From</tt> Header Field.
Such an MUA might display the email as coming from <spanx style="verb">bob@example.org</spanx> <tt>bob@example.org</tt> to the user, resulting in a spoofed address.</t>
<t>This problem applies both between domains and within a domain.</t>
<t>This problem always applies to signed-and-encrypted messages.
This problem also applies to signed-only messages because MTAs typically do not look at the protected Header Fields when confirming <spanx style="verb">From</spanx> <tt>From</tt> address authenticity.</t>
<t>Sender address spoofing is relevant for two distinct security properties:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>Sender authenticity: relevant for rendering the message (which address to show the user?).</t> user?)</t>
</li>
<li>
<t>Message confidentiality: relevant when replying to a message (a reply to the wrong address can leak the message contents).</t>
</list></t> contents)</t>
</li>
</ul>
<section anchor="from-rendering-reasoning"><name>From anchor="from-rendering-reasoning">
<name>From Rendering Reasoning</name>
<t><xref target="from-header-field-rendering"/> provides guidance for rendering the <spanx style="verb">From</spanx> <tt>From</tt> Header Field. It recommends a receiving MUA that depends on its MTA to authenticate the unprotected (outer) <spanx style="verb">From</spanx> <tt>From</tt> Header Field to render the outer <spanx style="verb">From</spanx> <tt>From</tt> Header Field, Field if both of the following conditions are met:</t>
<t><list style="symbols">
<t><spanx style="verb">From</spanx>
<ul spacing="normal">
<li>
<t><tt>From</tt> Header Field Mismatch (as defined in <xref target="def-from-hf-mismatch"/>)</t>
</li>
<li>
<t>No Valid and Correctly Bound Signature (as defined in <xref target="def-no-valid-and-correctly-bound-signature"/>)</t>
</list></t>
</li>
</ul>
<t>Note: The second condition effectively means that the inner (expected to be protected) <spanx style="verb">From</spanx> <tt>From</tt> Header Field appears to have insufficient protection.</t>
<t>This may seem surprising since it causes the MUA to render a mix of both protected and unprotected values.
This section provides an argument as to why this guidance makes sense.</t>
<t>We proceed by case distinction:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>Case 1: Malicious sending MUA.
<list style="symbols">
</t>
<ul spacing="normal">
<li>
<t>Attack situation: the The sending MUA puts a different inner <spanx style="verb">From</spanx> <tt>From</tt> Header Field to spoof the sender address.</t>
</li>
<li>
<t>In this case, it is "better" to fall back and render the outer <spanx style="verb">From</spanx> <tt>From</tt> Header Field because this is what the receiving MTA can validate.
Otherwise
Otherwise, this document would introduce a new way for senders to spoof the <spanx style="verb">From</spanx> <tt>From</tt> address of the message.</t>
</li>
<li>
<t>This does not preclude a future document from updating this document to specify a protocol for legitimate sender address hiding.</t>
</list></t>
</li>
</ul>
</li>
<li>
<t>Case 2: Malicious sending/transiting/receiving MTA (or anyone meddling between MTAs).
<list style="symbols">
</t>
<ul spacing="normal">
<li>
<t>Attack situation: an An on-path attacker changes the outer <spanx style="verb">From</spanx> <tt>From</tt> Header Field (possibly with other meddling to break the signature, signature; see below).
Their goal is to get the receiving MUA to show a different <spanx style="verb">From</spanx> <tt>From</tt> address than the sending MUA intended (breaking MUA-to-MUA sender authenticity).</t>
</li>
<li>
<t>Case 2.a: The sending MUA submitted an unsigned or encrypted-only message to the email system.
In this case, there can be no sender authenticity anyway.</t>
</li>
<li>
<t>Case 2.b: The sending MUA submitted a signed-only message to the email system.
<list style="symbols">
</t>
<ul spacing="normal">
<li>
<t>Case 2.b.i: The attacker removes or breaks the signature.
In this case, the attacker can also modify the inner <spanx style="verb">From</spanx> <tt>From</tt> Header Field to their liking.</t>
</li>
<li>
<t>Case 2.b.ii: The signature is valid, but the receiving MUA does not see any valid binding between the signing certificate and the <spanx style="verb">addr-spec</spanx> <tt>addr-spec</tt> of the inner <spanx style="verb">From</spanx> <tt>From</tt> Header Field.
In this case, there can be no sender authenticity anyways (the certificate could have been generated by the on-path attacker).
This case is indistinguishable from a malicious sending MUA, hence MUA; hence, it is "better" to fall back to the outer <spanx style="verb">From</spanx> <tt>From</tt> Header Field that the MTA can validate.
Note that once the binding is validated (e.g., after an out-of-band comparison), the rendering may change from showing the outer <spanx style="verb">From</spanx> <tt>From</tt> address (and a warning) to showing the inner, now validated <spanx style="verb">From</spanx> <tt>From</tt> address.
In some cases, the binding may be instantly validated even for previously unseen certificates (e.g., if the certificate is issued by a trusted certification authority).</t>
</list></t>
</li>
</ul>
</li>
<li>
<t>Case 2.c: The sending MUA submitted a signed-and-encrypted message to the email system.
<list style="symbols">
</t>
<ul spacing="normal">
<li>
<t>Case 2.c.i: The attacker removes or breaks the signature.
Note that the signature is inside the ciphertext (see <xref section="5.2" sectionFormat="of" target="I-D.ietf-lamps-e2e-mail-guidance"/>). target="RFC9787"/>).
Thus, assuming the encryption is non-malleable, any on-path attacker cannot break the signature while ensuring that the message still decrypts successfully.</t>
</li>
<li>
<t>Case 2.c.ii: The signature is valid, but the receiving MUA does not see any valid binding between the signing certificate and the <spanx style="verb">addr-spec</spanx> <tt>addr-spec</tt> of the inner <spanx style="verb">From</spanx> <tt>From</tt> Header Field.
See case 2.b.ii.</t>
</list></t>
</list></t>
</list></t>
</li>
</ul>
</li>
</ul>
</li>
</ul>
<t>As the case distinction shows, the outer <spanx style="verb">From</spanx> <tt>From</tt> Header Field is either the preferred fallback (in particular, to avoid introducing a new spoofing channel), channel) or it is just as good (because just as modifiable) as the inner <spanx style="verb">From</spanx> <tt>From</tt> Header Field.</t>
<t>Rendering the outer <spanx style="verb">From</spanx> <tt>From</tt> Header Field does carry the risk of a "temporary downgrade attack" in cases 2.b.ii and 2.c.ii, where a malicious MTA keeps the signature intact but modifies the outer <spanx style="verb">From</spanx> <tt>From</tt> Header Field.
The MUA can resolve this temporary downgrade by validating the certificate-to-<spanx style="verb">addr-spec</spanx> certificate-to-<tt>addr-spec</tt> binding.
If the MUA never does this validation, the entire message could be fake.</t>
<t>If there were a signalling signaling channel where the MTA can tell the MUA whether it authenticated the <spanx style="verb">From</spanx> <tt>From</tt> Header Field, an MUA could use this in its rendering decision.
In the absence of such a signal, and when end-to-end authenticity is unavailable, this document prefers to fall back to the outer <spanx style="verb">From</spanx> <tt>From</tt> Header Field.
This default is based on the assumption that most MTAs apply some filtering based on the outer <spanx style="verb">From</spanx> <tt>From</tt> Header Field (whether the MTA can authenticate it or not).
Rendering the unprotected outer <spanx style="verb">From</spanx> <tt>From</tt> Header Field (instead of the protected inner one) in case of a mismatch retains this ability for MTAs.</t>
<t>If the MUA decides not to rely on the MTA to authenticate the outer <spanx style="verb">From</spanx> <tt>From</tt> Header Field, it may prefer the inner <spanx style="verb">From</spanx> <tt>From</tt> Header Field.</t>
</section>
</section>
<section anchor="avoid-summary-confusion"><name>Avoid anchor="avoid-summary-confusion">
<name>Avoid Cryptographic Summary Confusion from the hp Parameter</name>
<t>When parsing a message, the recipient MUA infers the message's Cryptographic Status from the Cryptographic Layers, as described in <xref section="4.6" sectionFormat="of" target="I-D.ietf-lamps-e2e-mail-guidance"/>.</t> target="RFC9787"/>.</t>
<t>The Cryptographic Layers that make up the Cryptographic Envelope describe an ordered list of cryptographic properties as present in the message after it has been delivered.
By contrast, the <spanx style="verb">hp</spanx> <tt>hp</tt> parameter to the <spanx style="verb">Content-Type</spanx> <tt>Content-Type</tt> Header Field contains a simpler indication: whether the sender originally tried to encrypt the message or not.
In particular, for a message with Header Protection, the Cryptographic Payload should have a <spanx style="verb">hp</spanx> <tt>hp</tt> parameter of <spanx style="verb">cipher</spanx> <tt>cipher</tt> if the message is encrypted (in addition to signed), signed) and <spanx style="verb">clear</spanx> <tt>clear</tt> if no encryption is present (that is, the message is <spanx style="verb">signed-only</spanx>).</t> <tt>signed-only</tt>).</t>
<t>As noted in <xref target="hp-parameter"/>, the receiving implementation should not inflate its estimation of the confidentiality of the message or its Header Fields based on the sender's intent, intent if it can see that the message was not actually encrypted.
A signed-only message that happens to have an <spanx style="verb">hp</spanx> <tt>hp</tt> parameter of <spanx style="verb">cipher</spanx> <tt>cipher</tt> is still signed-only.</t>
<t>Conversely, since the encrypting Cryptographic Layer is typically outside the signature layer (see <xref section="5.2" sectionFormat="of" target="I-D.ietf-lamps-e2e-mail-guidance"/>), target="RFC9787"/>), an originally signed-only message could have been wrapped in an encryption layer by an intervening party before receipt, receipt to appear encrypted.</t>
<t>If a message appears to be wrapped in an encryption layer, and the <spanx style="verb">hp</spanx> <tt>hp</tt> parameter is present but is not set to <spanx style="verb">cipher</spanx>, <tt>cipher</tt>, then it is likely that the encryption layer was not added by the original sender.
For such a message, the lack of any <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Field in the Header Section of the Cryptographic Payload <bcp14>MUST NOT</bcp14> be used to infer that all Header Fields were removed from the message by the original sender.
In such a case, the receiving MUA <bcp14>SHOULD</bcp14> treat every Header Field as though it was not confidential.</t>
</section>
<section anchor="caution-about-composing-with-legacy-display-elements"><name>Caution about anchor="caution-about-composing-with-legacy-display-elements">
<name>Caution About Composing with Legacy Display Elements</name>
<t>When composing a message, it's possible for a Legacy Display Element to contain risky data that could trigger errors in a rendering client.</t>
<t>For example, if the value for a Header Field to be included in a Legacy Display Element within a given body part contains folding whitespace, it should be "unfolded" before generating the Legacy Display Element: all All contiguous folding whitespace should be replaced with a single space character.
Likewise, if the header value was originally encoded with per <xref target="RFC2047"/>, it should be decoded first to a standard string and re-encoded using the charset appropriate to the target part.</t>
<t>When including a Legacy Display Element in a <spanx style="verb">text/plain</spanx> <tt>text/plain</tt> part (see <xref target="ld-text-plain"/>), if the decoded Subject Header Field contains a pair of newlines (e.g., if it is broken across multiple lines by encoded newlines), any newline <bcp14>MUST</bcp14> be stripped from the Legacy Display Element.
If the pair of newlines is not stripped, a receiving MUA that follows the guidance in <xref target="omit-plain-legacy-display"/> might leave the later part of the Legacy Display Element in the rendered message.</t>
<t>When including a Legacy Display Element in a <spanx style="verb">text/html</spanx> <tt>text/html</tt> part (see <xref target="ld-text-html"/>), any material in the header values should be explicitly HTML escaped to avoid being rendered as part of the HTML.
At a minimum, the characters <spanx style="verb"><</spanx>, <spanx style="verb">></spanx>, <tt><</tt>, <tt>></tt>, and <spanx style="verb">&</spanx> <tt>&</tt> should be escaped to <spanx style="verb">&lt;</spanx>, <spanx style="verb">&gt;</spanx>, <tt>&lt;</tt>, <tt>&gt;</tt>, and <spanx style="verb">&amp;</spanx>, <tt>&amp;</tt>, respectively (see for example (for example, see <xref target="HTML-ESCAPES"/>).
If unescaped characters from removed or obscured header values end up in the Legacy Display Element, a receiving MUA that follows the guidance in <xref target="omit-html-legacy-display"/> might fail to identify the boundaries of the Legacy Display Element, cutting out more than it should, should or leaving remnants visible.
And a Legacy MUA parsing such a message might misrender the entire HTML stream, depending on the content of the removed or obscured header values.</t>
<t>The Legacy Display Element is a decorative addition solely to enable visibility of obscured or removed Header Fields in decryption-capable Legacy MUAs.
When it is produced, it should be generated minimally and strictly, as described above, to avoid damaging the rest of the message.</t>
</section>
<section anchor="plaintext-attacks"><name>Plaintext anchor="plaintext-attacks">
<name>Plaintext Attacks</name>
<t>An encrypted e-mail email message using S/MIME or PGP/MIME tends to have some amount of predictable plaintext.
For example, the standard MIME headers of the Cryptographic Payload of a message are often a predictable sequence of bytes, even without Header Protection, when they only include the Structural Header Fields <spanx style="verb">MIME-Version</spanx> <tt>MIME-Version</tt> and <spanx style="verb">Content-Type</spanx>. <tt>Content-Type</tt>.
This is a potential risk for known-plaintext attacks.</t>
<t>Including protected Header Fields as defined in this document increases the amount of known plaintext.
Since some of those headers in a reply will be derived from the message being replied to, this also creates a potential risk for chosen-plaintext attacks, in addition to known-plaintext attacks.</t>
<t>Modern message encryption mechanisms are expected to be secure against both known-plaintext attacks and chosen-plaintext attacks.
An MUA composing an encrypted message should ensure that it is using such a mechanism, regardless of whether it does Header Protection.</t>
</section>
</section>
<section anchor="privacy-considerations"><name>Privacy anchor="privacy-considerations">
<name>Privacy Considerations</name>
<section anchor="leaks-when-replying"><name>Leaks anchor="leaks-when-replying">
<name>Leaks When Replying</name>
<t>The encrypted Header Fields of a message may accidentally leak when replying to the message.
See the guidance in <xref target="replying"/>.</t>
</section>
<section anchor="encryption-vs-privacy"><name>Encrypted anchor="encryption-vs-privacy">
<name>Encrypted Header Fields Are Not Always Private</name>
<t>For encrypted messages, depending on the sender's <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref>, some Header Fields may appear both within the Cryptographic Envelope and on the outside of the message (e.g., <spanx style="verb">Date</spanx> <tt>Date</tt> might exist identically in both places).
<xref target="crypto-summary-update"/> identifies such a Header Field as <spanx style="verb">signed-only</spanx>. <tt>signed-only</tt>.
These Header Fields are clearly <em>not</em> private at all, despite a copy being inside the Cryptographic Envelope.</t>
<t>A Header Field whose name and value are not matched verbatim by any <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Field from the same part will have <spanx style="verb">encrypted-only</spanx> an <tt>encrypted-only</tt> or <spanx style="verb">signed-and-encrypted</spanx> <tt>signed-and-encrypted</tt> status.
But even Header Fields with these stronger levels of cryptographic confidentiality protection might not be as private as the user would like.</t>
<t>See the examples below.</t>
<t>This concern is true for any encrypted data, including the body of the message, not just the Header Fields:
if
If the sender isn't careful, the message contents or session keys can leak in many ways that are beyond the scope of this document.
The message recipient has no way in principle to tell whether the apparent confidentiality of any given piece of encrypted content has been broken via channels that they cannot perceive.
Additionally, an active intermediary aware of the recipient's public key can always encrypt a cleartext message in transit to give the recipient a false sense of security.</t>
<section anchor="encrypted-header-fields-can-leak-unwanted-information-to-the-recipient"><name>Encrypted anchor="encrypted-header-fields-can-leak-unwanted-information-to-the-recipient">
<name>Encrypted Header Fields Can Leak Unwanted Information to the Recipient</name>
<t>For encrypted messages, even with an ambitious <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> that successfully obscures most Header Fields from all transport agents, Header Fields will be ultimately visible to all intended recipients.
<!--[rfced] To improve readability, may we update the phrasing of "may not
expect to be injected by their MUA" as follows?
Original:
This can be
especially problematic for Header Fields that are not user-facing,
which the sender may not expect to be injected by their MUA.
Perhaps:
This can be
especially problematic for Header Fields that are not user-facing;
the sender may not expect these Header Fields to be injected by their MUA.
-->
This can be especially problematic for Header Fields that are not user-facing, which the sender may not expect to be injected by their MUA.
Consider the three following examples:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>The MUA may inject a <spanx style="verb">User-Agent</spanx> <tt>User-Agent</tt> Header Field that describes itself to every recipient, even though the sender may not want the recipient to know the exact version of their OS, hardware platform, or MUA.</t>
</li>
<li>
<t>The MUA may have an idiosyncratic way of generating a <spanx style="verb">Message-ID</spanx> <tt>Message-ID</tt> header, which could embed the choice of MUA, a time zone, a hostname, or other subtle information to a knowledgeable recipient.</t>
</li>
<li>
<t>The MUA may erroneously include a <spanx style="verb">Bcc</spanx> <tt>Bcc</tt> Header Field in the <spanx style="verb">origheaders</spanx> <tt>origheaders</tt> of a copy of a message sent to the named recipient, defeating the purpose of using <spanx style="verb">Bcc</spanx> <tt>Bcc</tt> instead of <spanx style="verb">Cc</spanx> <tt>Cc</tt> (see <xref target="bcc"/> for more details about risks related to <spanx style="verb">Bcc</spanx>).</t>
</list></t> <tt>Bcc</tt>).</t>
</li>
</ul>
<t>Clearly, no end-to-end cryptographic protection of any Header Field as defined in this document will hide such a sensitive field from the intended recipient.
Instead, the composing MUA <bcp14>MUST</bcp14> populate the <spanx style="verb">origheaders</spanx> <tt>origheaders</tt> list for any outbound message with only information the recipient should have access to.
This is true for messages without any cryptographic protection as well, of course, and it is even worse there: such Such a leak is exposed to the transport agents as well as the recipient.
An encrypted message with Header Protection and a more ambitious <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> avoid avoids these leaks exposing that expose information to the transport agents agents, but it cannot defend against such a leak to the recipient.</t>
</section>
<section anchor="encrypted-header-fields-can-be-inferred-from-external-or-internal-metadata"><name>Encrypted anchor="encrypted-header-fields-can-be-inferred-from-external-or-internal-metadata">
<name>Encrypted Header Fields Can Be Inferred From from External or Internal Metadata</name>
<t>For example, if the <spanx style="verb">To</spanx> <tt>To</tt> and <spanx style="verb">Cc</spanx> <tt>Cc</tt> Header Fields are removed from the unprotected Header Section, the values in those fields might still be inferred with high probability by an adversary who looks at the message either in transit or at rest.
If the message is found in, in a mailbox, or being delivered to a mailbox mailbox, for <spanx style="verb">bob@example.org</spanx>, example, <tt>bob@example.org</tt>, it's likely that Bob was in either <spanx style="verb">To</spanx> <tt>To</tt> or <spanx style="verb">Cc</spanx>. <tt>Cc</tt>.
Furthermore, encrypted message ciphertext may hint at the recipients: for For S/MIME messages, the <spanx style="verb">RecipientInfo</spanx>, <tt>RecipientInfo</tt>, and for PGP/MIME messages messages, the key ID in the Public Key Encrypted Session Key (PKESK) packets will all hint at a specific set of recipients.
Additionally, an MTA that handles the message may add a <spanx style="verb">Received</spanx> <tt>Received</tt> Header Field (or some other custom Header Field) that leaks some information about the nature of the delivery.</t>
</section>
<section anchor="encrypted-header-fields-may-not-be-fully-masked-by-hcp"><name>Encrypted anchor="encrypted-header-fields-may-not-be-fully-masked-by-hcp">
<name>Encrypted Header Fields May Not Be Fully Masked by HCP</name>
<t>In another example, if the <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> modifies the <spanx style="verb">Date</spanx> <tt>Date</tt> header to mask out high-resolution time stamps timestamps (e.g., rounding to the most recent hour), some information about the date of delivery will still be attached to the e-mail. email.
At the very least, the low resolution, low-resolution, global version of the date will be present on the message.
Additionally, Header Fields like <spanx style="verb">Received</spanx> <tt>Received</tt> that are added during message delivery might include higher-resolution timestamps.
And if the message lands in a mailbox that is ordered by time of receipt, even its placement in the mailbox and the non-obscured <spanx style="verb">Date</spanx> unobscured <tt>Date</tt> Header Fields of the surrounding messages could leak this information.</t>
<t>Some Header Fields like <spanx style="verb">From</spanx> <tt>From</tt> may be impossible to fully obscure, as many modern message delivery systems depend on at least domain information in the <spanx style="verb">From</spanx> <tt>From</tt> Header Field for determining whether a message is coming from a domain with "good reputation" (that is, from a domain that is not known for leaking spam).
<!--[rfced] May we update "genericize" to "generalize"?
Original:
So even if an
ambitious HCP opts to remove the human-readable part from any From
Header Field, and to standardize/genericize the local part of the
From address, the domain will still leak.
Perhaps:
So even if an
ambitious HCP opts to remove the human-readable part from any From
Header Field, and to standardize/generalize the local part of the
From address, the domain will still leak.
-->
So even if an ambitious <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> opts to remove the human-readable part from any <spanx style="verb">From</spanx> <tt>From</tt> Header Field, Field and to standardize/genericize the local part of the <spanx style="verb">From</spanx> <tt>From</tt> address, the domain will still leak.</t>
</section>
</section>
<section anchor="status-overestimation"><name>A anchor="status-overestimation">
<name>A Naive Recipient May Overestimate the Cryptographic Status of a Header Field in an Encrypted Message</name>
<t>When an encrypted (or signed-and-encrypted) message is in transit, an active intermediary can strip or tamper with any Header Field that appears outside the Cryptographic Envelope.
A receiving MUA that naively infers cryptographic status from differences between the external Header Fields and those found in the Cryptographic Envelope could be tricked into overestimating the protections afforded to some Header Fields.</t>
<t>For example, if the original sender's <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> passes through the <spanx style="verb">Cc</spanx> <tt>Cc</tt> Header Field unchanged, a cleanly delivered message would indicate that the <spanx style="verb">Cc</spanx> <tt>Cc</tt> Header Field has a cryptographic status of <spanx style="verb">signed</spanx>. <tt>signed</tt>.
But if an intermediary attacker simply removes the Header Field from the unprotected Header Section before forwarding the message, then the naive recipient might believe that the field has a cryptographic status of <spanx style="verb">signed-and-encrypted</spanx>.</t> <tt>signed-and-encrypted</tt>.</t>
<t>This document offers protection against such an attack by way of the <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Fields that can be found on the Cryptographic Payload.
If a Header Field appears to have been obscured by inspection of the outer message, message but an <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Field matches it exactly, then the receiving MUA can indicate to the user that the Header Field in question may not have been confidential.</t>
<t>In such a case, a cautious MUA may render the Header Field in question as <spanx style="verb">signed</spanx> <tt>signed</tt> (because the sender did not hide it), it) but still treat it as <spanx style="verb">signed-and-encrypted</spanx> <tt>signed-and-encrypted</tt> during reply, reply to avoid accidental leakage of the cleartext value in the reply message, as described in <xref target="avoid-leak"/>.</t>
</section>
<section anchor="bcc"><name>Privacy anchor="bcc">
<name>Privacy and Deliverability Risks with Bcc and Encrypted Messages</name>
<t>As noted in <xref section="9.3" sectionFormat="of" target="I-D.ietf-lamps-e2e-mail-guidance"/>, target="RFC9787"/>, handling Bcc when generating an encrypted e-mail email message can be particularly tricky.
With Header Protection, there is an additional wrinkle.
When an encrypted e-mail email message with Header Protection has a Bcc'ed recipient, and the composing MUA explicitly includes the Bcc'ed recipient's address in their copy of the message (see the "second method" in <xref section="3.6.3" sectionFormat="of" target="RFC5322"/>), that <spanx style="verb">Bcc</spanx> <tt>Bcc</tt> Header Field will always be visible to the Bcc'ed recipient.</t>
<t>In this scenario, though, the composing MUA has one additional choice: whether or not to hide the <spanx style="verb">Bcc</spanx> <tt>Bcc</tt> Header Field from intervening message transport agents, agents by returning <spanx style="verb">null</spanx> <tt>null</tt> when the <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> is invoked for <spanx style="verb">Bcc</spanx>. <tt>Bcc</tt>.
If the composing MUA's rationale for including an explicit <spanx style="verb">Bcc</spanx> <tt>Bcc</tt> in the copy of the message sent to the Bcc recipient is to ensure deliverability via a message transport agent that inspects message Header Fields, then stripping the <spanx style="verb">Bcc</spanx> <tt>Bcc</tt> field during encryption may cause the intervening transport agent to drop the message entirely.
This is why <spanx style="verb">Bcc</spanx> <tt>Bcc</tt> is not explicitly stripped in <spanx style="verb">hcp_baseline</spanx>.</t>
<t>If, on <tt>hcp_baseline</tt>.</t>
<t>On the other hand, if deliverability to a <spanx style="verb">Bcc</spanx>'ed <tt>Bcc</tt>'ed recipient is not a concern, the most privacy-preserving option is to simply omit the <spanx style="verb">Bcc</spanx> <tt>Bcc</tt> Header Field from the protected Header Section in the first place.
An MUA that is capable of receiving and processing such a message can infer that since their user's address was not mentioned in any <spanx style="verb">To</spanx> <tt>To</tt> or <spanx style="verb">Cc</spanx> <tt>Cc</tt> Header Field, they were likely a <spanx style="verb">Bcc</spanx> <tt>Bcc</tt> recipient.</t>
<t>Please also see <xref section="9.3" sectionFormat="of" target="I-D.ietf-lamps-e2e-mail-guidance"/> target="RFC9787"/> for more discussion about Bcc and encrypted messages.</t>
</section>
</section>
<section anchor="iana-considerations"><name>IANA anchor="iana-considerations">
<name>IANA Considerations</name>
<!--[rfced] We have included some specific questions about the IANA
text below. In addition to responding to those questions, please
review all of the IANA-related updates carefully and let us know
if any further updates are needed.
a) In Section 12.1, does the "Author/Change Controller" information
only apply to the "HP-Outer" registration? If so, may we update the
text below to reflect "this entry" (instead of "these two entries")
as shown in option A? Or if it also applies to the "Content-Type"
registration, may we move it to the end of Section 12.2 and update
the text as shown in option B?
Original:
The Author/Change Controller of these two entries (Section 4.5 of
[RFC3864]) should be the IETF itself.
Perhaps A:
The Author/Change Controller (Section 4.5 of [RFC3864]) for this
entry is the IETF itself.
Perhaps B:
The Author/Change Controller (Section 4.5 of [RFC3864])
for the HP-Outer and Content-Type Header Field name
registrations is the IETF itself.
b) FYI - We removed the blank columns from Tables 2 and 3. We also
removed Table 4 (in Section 12.2) as one table is sufficient to
show the addition of this document as a reference to the
"Permanent Message Header Field Names" registry (see Table 3).
c) We shortened the title of Section 12.2 as the hp and
hp-legacy-display parameters are mentioned in the introductory
sentence. Please let us know of any objections.
Original:
12.2 Update Reference for Content-Type Header Field due to
hp and hp-legacy-display Parameters
Current:
12.2 Reference Update for the Content-Type Header Field
d) FYI - In Section 12.3, we ordered the notes to match the order
in the IANA registry <https://www.iana.org/assignments/mail-parameters/>;
please let us know of any objections.
-->
<t>This document registers an e-mail email Header Field, describes parameters for the <spanx style="verb">Content-Type</spanx> <tt>Content-Type</tt> Header Field, and establishes a registry for Header Confidentiality Policies to facilitate <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> evolution.</t>
<section anchor="register-the-hp-outer-header-field"><name>Register anchor="register-the-hp-outer-header-field">
<name>Registration of the HP-Outer Header Field</name>
<t>This document requests IANA to register
<t>IANA has registered the following Header Field in the "Permanent Message Header Field Names" registry within the "Message Headers" registry group <eref target="https://www.iana.org/assignments/message-headers" brackets="angle"/> in accordance with <xref target="RFC3864"/>.</t>
<texttable title="Additions
<table>
<name>Addition to 'Permanent the Permanent Message Header Field Names' registry">
<ttcol align='left'>Header Field Name</ttcol>
<ttcol align='left'>Template</ttcol>
<ttcol align='left'>Protocol</ttcol>
<ttcol align='left'>Status</ttcol>
<ttcol align='left'>Reference</ttcol>
<c><spanx style="verb">HP-Outer</spanx></c>
<c> </c>
<c>mail</c>
<c>standard</c>
<c><xref Names Registry</name>
<thead>
<tr>
<th align="left">Header Field Name</th>
<th align="left">Protocol</th>
<th align="left">Status</th>
<th align="left">Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td align="left">
<tt>HP-Outer</tt></td>
<td align="left">mail</td>
<td align="left">standard</td>
<td align="left"> <xref target="new-header-field"/> of RFCXXXX</c>
</texttable> RFC 9788</td>
</tr>
</tbody>
</table>
<t>The Author/Change Controller of these two entries (<xref section="4.5" sectionFormat="of" target="RFC3864"/>) should be the IETF itself.</t>
</section>
<section anchor="update-reference-for-content-type-header-field-due-to-hp-and-hp-legacy-display-parameters"><name>Update Reference anchor="update-reference-for-content-type-header-field-due-to-hp-and-hp-legacy-display-parameters">
<name>Reference Update for the Content-Type Header Field due to hp and hp-legacy-display Parameters</name> Field</name>
<t>This document also defines the <spanx style="verb">Content-Type</spanx> <tt>Content-Type</tt> parameters known as <spanx style="verb">hp</spanx> <tt>hp</tt> (in <xref target="hp-parameter"/>) and <spanx style="verb">hp-legacy-display</spanx> <tt>hp-legacy-display</tt> (in <xref target="hp-legacy-display"/>).
Consequently, the <spanx style="verb">Content-Type</spanx> row this document has been added as a reference for <tt>Content-Type</tt> in the "Permanent Message Header Field Names" registry should add a reference to this RFC to its "References" column.</t>
<t>That is, the current row:</t>
<texttable title="Existing row in 'Permanent Message Header Field Names' registry">
<ttcol align='left'>Header Field Name</ttcol>
<ttcol align='left'>Template</ttcol>
<ttcol align='left'>Protocol</ttcol>
<ttcol align='left'>Status</ttcol>
<ttcol align='left'>Reference</ttcol>
<c><spanx style="verb">Content-Type</spanx></c>
<c> </c>
<c>MIME</c>
<c> </c>
<c><xref target="RFC4021"/></c>
</texttable>
<t>Should be updated to have the following values:</t>
<texttable title="Replacement row in 'Permanent as shown below.</t>
<table>
<name>Permanent Message Header Field Names' registry">
<ttcol align='left'>Header Field Name</ttcol>
<ttcol align='left'>Template</ttcol>
<ttcol align='left'>Protocol</ttcol>
<ttcol align='left'>Status</ttcol>
<ttcol align='left'>Reference</ttcol>
<c><spanx style="verb">Content-Type</spanx></c>
<c> </c>
<c>MIME</c>
<c> </c>
<c><xref Names Registry</name>
<thead>
<tr>
<th align="left">Header Field Name</th>
<th align="left">Protocol</th>
<th align="left">Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td align="left">
<tt>Content-Type</tt></td>
<td align="left">MIME</td>
<td align="left"> <xref target="RFC4021"/> [RFCXXXX]</c>
</texttable> and RFC 9788</td>
</tr>
</tbody>
</table>
</section>
<section anchor="new-registry-mail-header-confidentiality-policies"><name>New Registry: anchor="new-registry-mail-header-confidentiality-policies">
<name>New Mail Header Confidentiality Policies</name>
<t>This document also requests IANA to create Policies Registry</name>
<t>IANA has created a new registry in the <eref target="https://www.iana.org/assignments/mail-parameters/">"Mail Parameters" protocol group</eref> titled <spanx style="verb">Mail "Mail Header Confidentiality Policies</spanx> Policies" within the "MAIL Parameters" registry group <eref target="https://www.iana.org/assignments/mail-parameters/" brackets="angle"/> with the following content:</t>
<texttable title="Mail
<table>
<name>Mail Header Confidentiality Policies registry">
<ttcol align='left'>Header Registry</name>
<thead>
<tr>
<th align="left">Header Confidentiality Policy Name</ttcol>
<ttcol align='left'>Description</ttcol>
<ttcol align='left'>Reference</ttcol>
<ttcol align='left'>Recommended</ttcol>
<c><spanx style="verb">hcp_no_confidentiality</spanx></c>
<c>No Name</th>
<th align="left">Description</th>
<th align="left">Recommended</th>
<th align="left">Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td align="left"><tt>hcp_no_confidentiality</tt></td>
<td align="left">No header confidentiality</c>
<c><xref confidentiality</td>
<td align="left">N</td>
<td align="left"><xref target="no-confidentiality-hcp"/> of RFCXXX (this document)</c>
<c>N</c>
<c><spanx style="verb">hcp_baseline</spanx></c>
<c>Confidentiality RFC 9788</td>
</tr>
<tr>
<td align="left"><tt>hcp_baseline</tt></td>
<td align="left">Confidentiality for Informational Header Fields: <spanx style="verb">Subject</spanx> <tt>Subject</tt> Header Field is obscured, <spanx style="verb">Keywords</spanx> <tt>Keywords</tt> and <spanx style="verb">Comments</spanx> <tt>Comments</tt> are removed</c>
<c><xref removed</td>
<td align="left">Y</td>
<td align="left"><xref target="baseline-hcp"/> of RFCXXX (this document)</c>
<c>Y</c>
<c><spanx style="verb">hcp_shy</spanx></c>
<c>Obscure <spanx style="verb">Subject</spanx>, RFC 9788</td>
</tr>
<tr>
<td align="left"><tt>hcp_shy</tt></td>
<td align="left">Obscure <tt>Subject</tt>, remove <spanx style="verb">Keywords</spanx> <tt>Keywords</tt> and <spanx style="verb">Comments</spanx>, <tt>Comments</tt>, remove the time zone from <spanx style="verb">Date</spanx>, <tt>Date</tt>, and obscure <spanx style="verb">display-name</spanx>s</c>
<c><xref <tt>display-name</tt>s</td>
<td align="left">N</td>
<td align="left"><xref target="shy-hcp"/> of RFCXXX (this document)</c>
<c>N</c>
</texttable>
<t><spanx style="verb">hcp_example_hide_cc</spanx> RFC 9788</td>
</tr>
</tbody>
</table>
<t>Note that <tt>hcp_example_hide_cc</tt> is offered as an example in <xref target="header-confidentiality-policy"/> but is not formally registered by this document.</t>
<t>Please add the
<t>The following textual note has been added to this registry:</t>
<ul empty="true"><li>
<t>The <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> Name never appears on the wire.
This registry merely tracks stable references to implementable descriptions of distinct policies.
Any addition to this registry should be governed by guidance in <xref target="hcp-expert-guidance"/> of RFC XXX (this document).</t>
</li></ul>
<t>Adding
<blockquote>Adding an entry to this registry with an <spanx style="verb">N</spanx> <tt>N</tt> in the "Recommended" column follows the registration policy of SPECIFICATION <bcp14>REQUIRED</bcp14>. Specification Required.
Adding an entry to this registry with a <spanx style="verb">Y</spanx> <tt>Y</tt> in the "Recommended" column or changing the "Recommended" column in an existing entry (from <spanx style="verb">N</spanx> <tt>N</tt> to <spanx style="verb">Y</spanx> <tt>Y</tt> or vice versa) requires IETF REVIEW.
During Review.</blockquote>
<t>Note that during IETF REVIEW, Review, the designated expert must also be consulted. Guidance for the designated expert can be found in <xref target="hcp-expert-guidance"/>.</t>
</section>
</section>
<section anchor="acknowledgments"><name>Acknowledgments</name>
<t>Alexander Krotov identified the risk of <spanx style="verb">From</spanx> address spoofing (see <xref target="from-addr-spoofing"/>) and helped provide guidance to MUAs.</t>
<t>Thore Göbel identified significant gaps in earlier versions of this document, and proposed concrete and substantial improvements.
Thanks to his contributions, the document is clearer, and the protocols described herein are more useful.</t>
<t>Additionally, the authors would like to thank the following people who have provided helpful comments and suggestions for this document:
Berna Alp,
Bernhard E. Reiter,
Bron Gondwana,
Carl Wallace,
Claudio Luck,
Daniel Huigens,
David Wilson,
Éric Vyncke,
Hernani Marques,
juga,
Krista Bennett,
Kelly Bristol,
Lars Rohwedder,
Michael StJohns,
Nicolas Lidzborski,
Orie Steele,
Paul Wouters,
Peter Yee,
Phillip Tao,
Robert Williams,
Rohan Mahy,
Roman Danyliw,
Russ Housley,
Sofia Balicka,
Steve Kille,
Volker Birk,
Warren Kumari, and
Wei Chuang.</t>
</section>
</middle>
<back>
<references title='Normative References' anchor="sec-normative-references">
<reference anchor="RFC8551">
<front>
<title>Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification</title>
<author fullname="J. Schaad" initials="J." surname="Schaad"/>
<author fullname="B. Ramsdell" initials="B." surname="Ramsdell"/>
<author fullname="S. Turner" initials="S." surname="Turner"/>
<date month="April" year="2019"/>
<abstract>
<t>This document defines Secure/Multipurpose Internet Mail Extensions (S/MIME) version 4.0. S/MIME provides a consistent way to send and receive secure MIME data. Digital signatures provide authentication, message integrity, and non-repudiation with proof of origin. Encryption provides data confidentiality. Compression can be used to reduce data size. This document obsoletes RFC 5751.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8551"/>
<seriesInfo name="DOI" value="10.17487/RFC8551"/>
</reference>
<reference anchor="RFC2119">
<front>
<title>Key words for use in RFCs to Indicate Requirement Levels</title>
<author fullname="S. Bradner" initials="S." surname="Bradner"/>
<date month="March" year="1997"/>
<abstract>
<t>In many standards track documents several words are used textual note has been added to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for registry:</t>
<blockquote>The <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> Name never appears on the Internet Community, and requests discussion and suggestions for improvements.</t>
</abstract>
</front>
<seriesInfo name="BCP" value="14"/>
<seriesInfo name="RFC" value="2119"/>
<seriesInfo name="DOI" value="10.17487/RFC2119"/>
</reference>
<reference anchor="RFC8174">
<front>
<title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
<author fullname="B. Leiba" initials="B." surname="Leiba"/>
<date month="May" year="2017"/>
<abstract>
<t>RFC 2119 specifies common key words that may be used in protocol specifications. wire.
This document aims registry merely tracks stable references to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
</abstract>
</front>
<seriesInfo name="BCP" value="14"/>
<seriesInfo name="RFC" value="8174"/>
<seriesInfo name="DOI" value="10.17487/RFC8174"/>
</reference>
<reference anchor="RFC8126">
<front>
<title>Guidelines for Writing an IANA Considerations Section in RFCs</title>
<author fullname="M. Cotton" initials="M." surname="Cotton"/>
<author fullname="B. Leiba" initials="B." surname="Leiba"/>
<author fullname="T. Narten" initials="T." surname="Narten"/>
<date month="June" year="2017"/>
<abstract>
<t>Many protocols make use of points implementable descriptions of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and distinct policies.
Any addition to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA).</t>
<t>To make assignments in a given this registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines governed by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry.</t>
<t>This is the third edition <xref target="hcp-expert-guidance"/> of this document; it obsoletes RFC 5226.</t>
</abstract>
</front>
<seriesInfo name="BCP" value="26"/>
<seriesInfo name="RFC" value="8126"/>
<seriesInfo name="DOI" value="10.17487/RFC8126"/>
</reference>
<reference anchor="RFC2045">
<front>
<title>Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies</title>
<author fullname="N. Freed" initials="N." surname="Freed"/>
<author fullname="N. Borenstein" initials="N." surname="Borenstein"/>
<date month="November" year="1996"/>
<abstract>
<t>This initial 9788.</blockquote>
</section>
</section>
</middle>
<back>
<displayreference target="I-D.pep-general" to="PEP-GENERAL"/>
<displayreference target="I-D.pep-email" to="PEP-EMAIL"/>
<displayreference target="I-D.autocrypt-lamps-protected-headers" to="PROTECTED-HEADERS"/>
<references>
<name>References</name>
<references anchor="sec-normative-references">
<name>Normative References</name>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8551.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8126.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2045.xml"/>
<!-- [RFC9787] draft-ietf-lamps-e2e-mail-guidance-17 companion document specifies the various headers used to describe the structure RFC 9787; in EDIT as of MIME messages. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="2045"/>
<seriesInfo name="DOI" value="10.17487/RFC2045"/>
</reference> 05/12/25. -->
<reference anchor="I-D.ietf-lamps-e2e-mail-guidance"> anchor="RFC9787" target="https://www.rfc-editor.org/info/rfc9787">
<front>
<title>Guidance on End-to-End E-mail Email Security</title>
<author initials="D. K." surname="Gillmor" fullname="Daniel Kahn
Gillmor" initials="D. K." surname="Gillmor"> role="editor">
<organization>American Civil Liberties Union</organization>
</author>
<author initials="B." surname="Hoeneisen" fullname="Bernie
Hoeneisen" initials="B." surname="Hoeneisen"> role="editor">
<organization>pEp Project</organization>
</author>
<author initials="A." surname="Melnikov" fullname="Alexey
Melnikov" initials="A." surname="Melnikov"> role="editor">
<organization>Isode Ltd</organization>
</author>
<date day="16" month="March" year="2024"/>
<abstract>
<t> End-to-end cryptographic protections for e-mail messages can provide
useful security. However, the standards for providing cryptographic
protection are extremely flexible. That flexibility can trap users
and cause surprising failures. This document offers guidance for
mail user agent implementers to help mitigate those risks, and to
make end-to-end e-mail simple and secure for the end user. It
provides a useful set of vocabulary as well as recommendations to
avoid common failures. It also identifies a number of currently
unsolved usability and interoperability problems.
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-ietf-lamps-e2e-mail-guidance-16"/>
</reference>
<reference anchor="RFC5234">
<front>
<title>Augmented BNF for Syntax Specifications: ABNF</title>
<author fullname="D. Crocker" initials="D." role="editor" surname="Crocker"/>
<author fullname="P. Overell" initials="P." surname="Overell"/>
<date month="January" year="2008"/>
<abstract>
<t>Internet technical specifications often need to define a formal syntax. Over the years, a modified version of Backus-Naur Form (BNF), called Augmented BNF (ABNF), has been popular among many Internet specifications. The current specification documents ABNF. It balances compactness and simplicity with reasonable representational power. The differences between standard BNF and ABNF involve naming rules, repetition, alternatives, order-independence, and value ranges. This specification also supplies additional rule definitions and encoding for a core lexical analyzer of the type common to several Internet specifications. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="STD" value="68"/>
<seriesInfo name="RFC" value="5234"/>
<seriesInfo name="DOI" value="10.17487/RFC5234"/>
</reference>
<reference anchor="RFC5322">
<front>
<title>Internet Message Format</title>
<author fullname="P. Resnick" initials="P." role="editor" surname="Resnick"/>
<date month="October" year="2008"/>
<abstract>
<t>This document specifies the Internet Message Format (IMF), a syntax for text messages that are sent between computer users, within the framework of "electronic mail" messages. This specification is a revision of Request For Comments (RFC) 2822, which itself superseded Request For Comments (RFC) 822, "Standard for the Format of ARPA Internet Text Messages", updating it to reflect current practice and incorporating incremental changes that were specified in other RFCs. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="5322"/>
<seriesInfo name="DOI" value="10.17487/RFC5322"/>
</reference>
<reference anchor="RFC5083">
<front>
<title>Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type</title>
<author fullname="R. Housley" initials="R." surname="Housley"/>
<date month="November" year="2007"/>
<abstract>
<t>This document describes an additional content type for the Cryptographic Message Syntax (CMS). The authenticated-enveloped-data content type is intended for use with authenticated encryption modes. All of the various key management techniques that are supported in the CMS enveloped-data content type are also supported by the CMS authenticated-enveloped-data content type. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="5083"/>
<seriesInfo name="DOI" value="10.17487/RFC5083"/>
</reference>
<reference anchor="RFC5652">
<front>
<title>Cryptographic Message Syntax (CMS)</title>
<author fullname="R. Housley" initials="R." surname="Housley"/>
<date month="September" year="2009"/>
<abstract>
<t>This document describes the Cryptographic Message Syntax (CMS). This syntax is used to digitally sign, digest, authenticate, or encrypt arbitrary message content. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="STD" value="70"/>
<seriesInfo name="RFC" value="5652"/>
<seriesInfo name="DOI" value="10.17487/RFC5652"/>
</reference>
<reference anchor="RFC9580">
<front>
<title>OpenPGP</title>
<author fullname="P. Wouters" initials="P." role="editor" surname="Wouters"/>
<author fullname="D. Huigens" initials="D." surname="Huigens"/>
<author fullname="J. Winter" initials="J." surname="Winter"/>
<author fullname="Y. Niibe" initials="Y." surname="Niibe"/>
<date month="July" year="2024"/>
<abstract>
<t>This document specifies the message formats used in OpenPGP. OpenPGP provides encryption with public key or symmetric cryptographic algorithms, digital signatures, compression, and key management.</t>
<t>This document is maintained in order to publish all necessary information needed to develop interoperable applications based on the OpenPGP format. It is not a step-by-step cookbook for writing an application. It describes only the format and methods needed to read, check, generate, and write conforming packets crossing any network. It does not deal with storage and implementation questions. It does, however, discuss implementation issues necessary to avoid security flaws.</t>
<t>This document obsoletes RFCs 4880 ("OpenPGP Message Format"), 5581 ("The Camellia Cipher in OpenPGP"), and 6637 ("Elliptic Curve Cryptography (ECC) in OpenPGP").</t>
</abstract>
</front>
<seriesInfo name="RFC" value="9580"/>
<seriesInfo name="DOI" value="10.17487/RFC9580"/>
</reference>
<reference anchor="RFC3864">
<front>
<title>Registration Procedures for Message Header Fields</title>
<author fullname="G. Klyne" initials="G." surname="Klyne"/>
<author fullname="M. Nottingham" initials="M." surname="Nottingham"/>
<author fullname="J. Mogul" initials="J." surname="Mogul"/>
<date month="September" year="2004"/>
<abstract>
<t>This specification defines registration procedures for the message header fields used by Internet mail, HTTP, Netnews and other applications. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
</abstract> month="May" year="2025" />
</front>
<seriesInfo name="BCP" value="90"/>
<seriesInfo name="RFC" value="3864"/> value="9787"/>
<seriesInfo name="DOI" value="10.17487/RFC3864"/> value="10.17487/RFC9787"/>
</reference>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5234.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5322.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5083.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5652.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9580.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3864.xml"/>
</references>
<references title='Informative References' anchor="sec-informative-references">
<name>Informative References</name>
<reference anchor="chrome-indicators" target="https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html">
<front>
<title>Evolving Chrome's security indicators</title>
<author initials="E." surname="Schechter" fullname="Emily Schechter">
<organization></organization>
<organization/>
</author>
<date year="2018" month="May"/>
</front>
<refcontent>Chromium Blog</refcontent>
</reference>
<reference anchor="CSS" target="https://www.w3.org/TR/2016/WD-CSS22-20160412/">
<front>
<title>Cascading Style Sheets Level 2 Revision 2 (CSS 2.2) Specification</title>
<author >
<organization>World Wide Web Consortium</organization>
</author> initials="B." surname="Bos" fullname="Bert" role="editor"/>
<date year="2016" month="April" day="12"/>
</front>
<refcontent>W3C First Public Working Draft</refcontent>
<annotation>Latest version available at <eref target="https://www.w3.org/TR/CSS22/" brackets="angle"/>.</annotation>
</reference>
<reference anchor="PGPCONTROL" target="https://ftp.isc.org/pub/pgpcontrol/">
<front>
<title>Authentication of Usenet Group Changes</title>
<author >
<author>
<organization>UUNET Technologies, Inc.</organization>
</author>
<date year="2016" month="October" day="27"/>
</front>
</reference>
<reference anchor="PGPVERIFY-FORMAT" target="https://www.eyrie.org/~eagle/usefor/other/pgpverify">
<front>
<title>Signing Control Messages, Verifying Control Messages</title>
<author initials="D. C." surname="Lawrence" fullname="David C Lawrence">
<organization></organization>
<organization/>
</author>
<date year="n.d."/>
</front>
</reference>
<reference anchor="HTML-ESCAPES" target="https://www.w3.org/International/questions/qa-escapes#use">
<front>
<title>Using character escapes in markup and CSS</title>
<author >
<author>
<organization>W3C</organization>
</author>
<date year="n.d."/>
</front>
</reference>
<reference anchor="RFC2049">
<front>
<title>Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples</title>
<author fullname="N. Freed" initials="N." surname="Freed"/>
<author fullname="N. Borenstein" initials="N." surname="Borenstein"/>
<date month="November" year="1996"/>
<abstract>
<t>This set of documents, collectively called the Multipurpose Internet Mail Extensions, or MIME, redefines the format of messages. This fifth and final document describes MIME conformance criteria as well as providing some illustrative examples of MIME message formats, acknowledgements, and the bibliography. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="2049"/>
<seriesInfo name="DOI" value="10.17487/RFC2049"/>
</reference>
<reference anchor="RFC6376">
<front>
<title>DomainKeys Identified Mail (DKIM) Signatures</title>
<author fullname="D. Crocker" initials="D." role="editor" surname="Crocker"/>
<author fullname="T. Hansen" initials="T." role="editor" surname="Hansen"/>
<author fullname="M. Kucherawy" initials="M." role="editor" surname="Kucherawy"/>
<date month="September" year="2011"/>
<abstract>
<t>DomainKeys Identified Mail (DKIM) permits a person, role, or organization that owns the signing domain to claim some responsibility for a message by associating the domain with the message. This can be an author's organization, an operational relay, or one of their agents. DKIM separates the question of the identity of the Signer of the message from the purported author of the message. Assertion of responsibility is validated through a cryptographic signature and by querying the Signer's domain directly to retrieve the appropriate public key. Message transit from author to recipient is through relays that typically make no substantive change to the message content and thus preserve the DKIM signature.</t>
<t>This memo obsoletes RFC 4871 and RFC 5672. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="STD" value="76"/>
<seriesInfo name="RFC" value="6376"/>
<seriesInfo name="DOI" value="10.17487/RFC6376"/>
</reference>
<reference anchor="RFC7489">
<front>
<title>Domain-based Message Authentication, Reporting, and Conformance (DMARC)</title>
<author fullname="M. Kucherawy" initials="M." role="editor" surname="Kucherawy"/>
<author fullname="E. Zwicky" initials="E." role="editor" surname="Zwicky"/>
<date month="March" year="2015"/>
<abstract>
<t>Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a scalable mechanism by which a mail-originating organization can express domain-level policies and preferences for message validation, disposition, and reporting, that a mail-receiving organization can use to improve mail handling.</t>
<t>Originators of Internet Mail need to be able to associate reliable and authenticated domain identifiers with messages, communicate policies about messages that use those identifiers, and report about mail using those identifiers. These abilities have several benefits: Receivers can provide feedback to Domain Owners about the use of their domains; this feedback can provide valuable insight about the management of internal operations and the presence of external domain name abuse.</t>
<t>DMARC does not produce or encourage elevated delivery privilege of authenticated email. DMARC is a mechanism for policy distribution that enables increasingly strict handling of messages that fail authentication checks, ranging from no action, through altered delivery, up to message rejection.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="7489"/>
<seriesInfo name="DOI" value="10.17487/RFC7489"/>
</reference>
<reference anchor="RFC3156">
<front>
<title>MIME Security with OpenPGP</title>
<author fullname="M. Elkins" initials="M." surname="Elkins"/>
<author fullname="D. Del Torto" initials="D." surname="Del Torto"/>
<author fullname="R. Levien" initials="R." surname="Levien"/>
<author fullname="T. Roessler" initials="T." surname="Roessler"/>
<date month="August" year="2001"/>
<abstract>
<t>This document describes how the OpenPGP Message Format can be used to provide privacy and authentication using the Multipurpose Internet Mail Extensions (MIME) security content types described in RFC 1847. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="3156"/>
<seriesInfo name="DOI" value="10.17487/RFC3156"/>
</reference>
<reference anchor="RFC2047">
<front>
<title>MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text</title>
<author fullname="K. Moore" initials="K." surname="Moore"/>
<date month="November" year="1996"/>
<abstract>
<t>This particular document is the third document in the series. It describes extensions to RFC 822 to allow non-US-ASCII text data in Internet mail header fields. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="2047"/>
<seriesInfo name="DOI" value="10.17487/RFC2047"/>
</reference>
<reference anchor="RFC7929">
<front>
<title>DNS-Based Authentication of Named Entities (DANE) Bindings for OpenPGP</title>
<author fullname="P. Wouters" initials="P." surname="Wouters"/>
<date month="August" year="2016"/>
<abstract>
<t>OpenPGP is a message format for email (and file) encryption that lacks a standardized lookup mechanism to securely obtain OpenPGP public keys. DNS-Based Authentication of Named Entities (DANE) is a method for publishing public keys in DNS. This document specifies a DANE method for publishing and locating OpenPGP public keys in DNS for a specific email address using a new OPENPGPKEY DNS resource record. Security is provided via Secure DNS, however the OPENPGPKEY record is not a replacement for verification of authenticity via the "web of trust" or manual verification. The OPENPGPKEY record can be used to encrypt an email that would otherwise have to be sent unencrypted.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="7929"/>
<seriesInfo name="DOI" value="10.17487/RFC7929"/>
</reference>
<reference anchor="RFC8162">
<front>
<title>Using Secure DNS to Associate Certificates with Domain Names for S/MIME</title>
<author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
<author fullname="J. Schlyter" initials="J." surname="Schlyter"/>
<date month="May" year="2017"/>
<abstract>
<t>This document describes how to use secure DNS to associate an S/MIME user's certificate with the intended domain name, similar to the way that DNS-Based Authentication of Named Entities (DANE), RFC 6698, does for TLS.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8162"/>
<seriesInfo name="DOI" value="10.17487/RFC8162"/>
</reference>
<reference anchor="RFC5890">
<front>
<title>Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework</title>
<author fullname="J. Klensin" initials="J." surname="Klensin"/>
<date month="August" year="2010"/>
<abstract>
<t>This document is one of a collection that, together, describe the protocol and usage context for a revision of Internationalized Domain Names for Applications (IDNA), superseding the earlier version. It describes the document collection and provides definitions and other material that are common to the set. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="5890"/>
<seriesInfo name="DOI" value="10.17487/RFC5890"/>
</reference>
<reference anchor="RFC5891">
<front>
<title>Internationalized Domain Names in Applications (IDNA): Protocol</title>
<author fullname="J. Klensin" initials="J." surname="Klensin"/>
<date day="12" month="August" year="2010"/>
<abstract>
<t>This document is the revised protocol definition for Internationalized Domain Names (IDNs). The rationale for changes, the relationship to the older specification, and important terminology are provided in other documents. This document specifies the protocol mechanism, called Internationalized Domain Names in Applications (IDNA), for registering and looking up IDNs in a way that does not require changes to the DNS itself. IDNA is only meant for processing domain names, not free text. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="5891"/>
<seriesInfo name="DOI" value="10.17487/RFC5891"/>
</reference>
<reference anchor="RFC1035">
<front>
<title>Domain names - implementation and specification</title>
<author fullname="P. Mockapetris" initials="P." surname="Mockapetris"/>
<date month="November" year="1987"/>
<abstract>
<t>This RFC is the revised specification of the protocol and format used in the implementation of the Domain Name System. It obsoletes RFC-883. This memo documents the details of the domain name client - server communication.</t>
</abstract>
</front>
<seriesInfo name="STD" value="13"/>
<seriesInfo name="RFC" value="1035"/>
<seriesInfo name="DOI" value="10.17487/RFC1035"/>
</reference>
<reference anchor="RFC8617">
<front>
<title>The Authenticated Received Chain (ARC) Protocol</title>
<author fullname="K. Andersen" initials="K." surname="Andersen"/>
<author fullname="B. Long" initials="B." role="editor" surname="Long"/>
<author fullname="S. Blank" initials="S." role="editor" surname="Blank"/>
<author fullname="M. Kucherawy" initials="M." role="editor" surname="Kucherawy"/>
<date month="July" year="2019"/>
<abstract>
<t>The Authenticated Received Chain (ARC) protocol provides an authenticated "chain of custody" for a message, allowing each entity that handles the message to see what entities handled it before and what the message's authentication assessment was at each step in the handling.</t>
<t>ARC allows Internet Mail Handlers to attach assertions of message authentication assessment to individual messages. As messages traverse ARC-enabled Internet Mail Handlers, additional ARC assertions can be attached to messages to form ordered sets of ARC assertions that represent the authentication assessment at each step of the message-handling paths.</t>
<t>ARC-enabled Internet Mail Handlers can process sets of ARC assertions to inform message disposition decisions, identify Internet Mail Handlers that might break existing authentication mechanisms, and convey original authentication assessments across trust boundaries.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8617"/>
<seriesInfo name="DOI" value="10.17487/RFC8617"/>
</reference>
<reference anchor="RFC4021">
<front>
<title>Registration of Mail and MIME Header Fields</title>
<author fullname="G. Klyne" initials="G." surname="Klyne"/>
<author fullname="J. Palme" initials="J." surname="Palme"/>
<date month="March" year="2005"/>
<abstract>
<t>This document defines the initial IANA registration for permanent mail and MIME message header fields, per RFC 3864. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="4021"/>
<seriesInfo name="DOI" value="10.17487/RFC4021"/>
</reference>
<reference anchor="RFC9216">
<front>
<title>S/MIME Example Keys and Certificates</title>
<author fullname="D. K. Gillmor" initials="D. K." role="editor" surname="Gillmor"/>
<date month="April" year="2022"/>
<abstract>
<t>The S/MIME development community benefits from sharing samples of signed or encrypted data. This document facilitates such collaboration by defining a small set of X.509v3 certificates and keys for use when generating such samples.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="9216"/>
<seriesInfo name="DOI" value="10.17487/RFC9216"/>
</reference>
<reference anchor="RFC5751">
<front>
<title>Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification</title>
<author fullname="B. Ramsdell" initials="B." surname="Ramsdell"/>
<author fullname="S. Turner" initials="S." surname="Turner"/>
<date month="January" year="2010"/>
<abstract>
<t>This document defines Secure/Multipurpose Internet Mail Extensions (S/MIME) version 3.2. S/MIME provides a consistent way to send and receive secure MIME data. Digital signatures provide authentication, message integrity, and non-repudiation with proof of origin. Encryption provides data confidentiality. Compression can be used to reduce data size. This document obsoletes RFC 3851. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="5751"/>
<seriesInfo name="DOI" value="10.17487/RFC5751"/>
</reference>
<reference anchor="RFC3851">
<front>
<title>Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification</title>
<author fullname="B. Ramsdell" initials="B." role="editor" surname="Ramsdell"/>
<date month="July" year="2004"/>
<abstract>
<t>This document defines Secure/Multipurpose Internet Mail Extensions (S/MIME) version 3.1. S/MIME provides a consistent way to send and receive secure MIME data. Digital signatures provide authentication, message integrity, and non-repudiation with proof of origin. Encryption provides data confidentiality. Compression can be used to reduce data size. This document obsoletes RFC 2633. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="3851"/>
<seriesInfo name="DOI" value="10.17487/RFC3851"/>
</reference>
<reference anchor="I-D.pep-general">
<front>
<title>pretty Easy privacy (pEp): Privacy by Default</title>
<author fullname="Volker Birk" initials="V." surname="Birk">
<organization>pEp Foundation</organization>
</author>
<author fullname="Hernâni Marques" initials="H." surname="Marques">
<organization>pEp Foundation</organization>
</author>
<author fullname="Bernie Hoeneisen" initials="B." surname="Hoeneisen">
<organization>pEp Foundation</organization>
</author>
<date day="16" month="December" year="2022"/>
<abstract>
<t> The pretty Easy privacy (pEp) model and protocols describe a set of
conventions for the automation of operations traditionally seen
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2049.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6376.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7489.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3156.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2047.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7929.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8162.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5890.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5891.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.1035.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8617.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4021.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9216.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5751.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3851.xml"/>
<!-- [I-D.pep-general; Expired as
barriers to the use and deployment of secure, privacy-preserving end-
to-end messaging. These include, but are not limited to, key
management, key discovery, and private key handling (including peer-
to-peer synchronization of private keys and other user data across
devices). Human Rights-enabling principles like data minimization,
end-to-end and interoperability are explicit design goals. For the
goal of usable privacy, pEp introduces means to verify communication
between peers and proposes a trust-rating system to denote secure
types of communications and signal the privacy level available on a
per-user and per-message level. Significantly, the pEp protocols
build on already available security formats and message transports
(e.g., PGP/MIME with email), and are written with the intent to be
interoperable with already widely-deployed systems in order to ease
adoption and implementation. This document outlines the general
design choices and principles of pEp.
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-pep-general-02"/>
</reference>
<reference anchor="I-D.pep-email">
<front>
<title>pretty Easy privacy (pEp): Email Formats and Protocols</title>
<author fullname="Hernâni Marques" initials="H." surname="Marques">
<organization>pEp Foundation</organization>
</author>
<author fullname="Bernie Hoeneisen" initials="B." surname="Hoeneisen">
<organization>pEp Foundation</organization>
</author>
<date day="16" month="December" year="2022"/>
<abstract>
<t> The proposed pretty Easy privacy (pEp) protocols for email are based
upon already existing email and encryption formats (such 5/14/25] -->
<xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.pep-general.xml"/>
<!-- [I-D.pep-email; Expired as PGP/MIME)
and designed to allow for easily implementable and interoperable
opportunistic encryption. The protocols range from key distribution,
secret key synchronization between own devices, to mechanisms of
metadata and content protection. The metadata and content protection
is achieved by moving the whole message (not only the body part) into
the PGP/MIME encrypted part. The proposed pEp Email Formats not only
achieve simple forms of metadata protection (like subject
encryption), but also allow for sending email messages through a
mixnet. Such enhanced forms of metadata protection are explicitly
discussed within the scope of this document.
The purpose of pEp for email is to simplify and automate operations
in order to make usage of email encryption viable for a wider range of Internet users, with the goal of achieving widespread
implementation of data confidentiality and privacy practices in the
real world.
The proposed operations and formats are targeted towards
Opportunistic Security scenarios and are already implemented in
several applications 5/14/25] -->
<xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.pep-email.xml"/>
<!--[I-D.autocrypt-lamps-protected-headers] draft-autocrypt-lamps-protected-headers-02 IESG State: I-D Expired as of pretty Easy privacy (pEp).
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-pep-email-02"/>
</reference> 05/14/25.
-->
<reference anchor="I-D.autocrypt-lamps-protected-headers"> anchor="I-D.autocrypt-lamps-protected-headers" target="https://datatracker.ietf.org/doc/html/draft-autocrypt-lamps-protected-headers-03">
<front>
<title>Protected Headers for Cryptographic E-mail</title>
<title>(Deprecated) Protected E-mail Headers</title>
<author fullname="Bjarni Rúnar Einarsson" initials="B. R." surname="Einarsson">
<organization>Mailpile ehf</organization>
</author>
<author fullname=""juga"" fullname="juga" initials="" surname=""juga""> surname="juga">
<organization>Independent</organization>
</author>
<author fullname="Daniel Kahn Gillmor" initials="D. K." surname="Gillmor">
<organization>American Civil Liberties Union</organization>
</author>
<date day="20" month="December" year="2019"/>
<abstract>
<t> This document describes a common strategy to extend the end-to-end
cryptographic protections provided by PGP/MIME, etc. to protect
message headers in addition to message bodies. In addition to
protecting the authenticity and integrity of headers via signatures,
it also describes how to preserve the confidentiality of the Subject
header.
</t>
</abstract> day="16" month="April" year="2025"/>
</front>
<seriesInfo name="Internet-Draft" value="draft-autocrypt-lamps-protected-headers-02"/> value="draft-autocrypt-lamps-protected-headers-03"/>
</reference>
</references>
<?line 1917?>
</references>
<section anchor="pseudocode-listings"><name>Table anchor="pseudocode-listings">
<name>Table of Pseudocode Listings</name>
<t>This document contains guidance with pseudocode descriptions.
Each algorithm is listed here for easy reference.</t>
<texttable title="Table
<table>
<name>Table of Pseudocode Listings">
<ttcol align='left'>Method Name</ttcol>
<ttcol align='left'>Description</ttcol>
<ttcol align='left'>Reference</ttcol>
<c><iref Listings</name>
<thead>
<tr>
<th align="left">Method Name</th>
<th align="left">Description</th>
<th align="left">Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td align="left">
<iref item="HeaderSetsFromMessage"/><xref target="headersetsfrommessage" format="none">HeaderSetsFromMessage</xref></c>
<c>Derive format="none">HeaderSetsFromMessage</xref></td>
<td align="left">Derive "outer" and "protected" sets of Header Fields from a given message</c>
<c><xref target="headersetsfrommessage"/></c>
<c><iref message</td>
<td align="left">
<xref target="headersetsfrommessage"/></td>
</tr>
<tr>
<td align="left">
<iref item="HeaderFieldProtection"/><xref target="headerfieldprotection" format="none">HeaderFieldProtection</xref></c>
<c>Calculate format="none">HeaderFieldProtection</xref></td>
<td align="left">Calculate cryptographic protections for a Header Field in a given message</c>
<c><xref target="headerfieldprotection"/></c>
<c><iref message</td>
<td align="left">
<xref target="headerfieldprotection"/></td>
</tr>
<tr>
<td align="left">
<iref item="ReferenceHCP"/><xref target="referencehcp" format="none">ReferenceHCP</xref></c>
<c>Produce format="none">ReferenceHCP</xref></td>
<td align="left">Produce an ephemeral <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> to use when responding to a given message</c>
<c><xref target="referencehcp"/></c>
<c><iref message</td>
<td align="left">
<xref target="referencehcp"/></td>
</tr>
<tr>
<td align="left">
<iref item="ComposeNoHeaderProtection"/><xref target="composenoheaderprotection" format="none">ComposeNoHeaderProtection</xref></c>
<c>Legacy format="none">ComposeNoHeaderProtection</xref></td>
<td align="left">Legacy message composition with end-to-end cryptographic protections (but no header protection)</c>
<c><xref target="composenoheaderprotection"/></c>
<c><iref protection)</td>
<td align="left">
<xref target="composenoheaderprotection"/></td>
</tr>
<tr>
<td align="left">
<iref item="Compose"/><xref target="compose-algorithm" format="none">Compose</xref></c>
<c><iref format="none">Compose</xref></td>
<td align="left">
<iref item="Compose"/><xref target="compose-algorithm" format="none">Compose</xref> a message with end-to-end cryptographic protections including header protection</c>
<c><xref target="compose-algorithm"/></c>
</texttable> protection</td>
<td align="left">
<xref target="compose-algorithm"/></td>
</tr>
</tbody>
</table>
</section>
<section anchor="possible-problems-with-legacy-muas"><name>Possible anchor="possible-problems-with-legacy-muas">
<name>Possible Problems with Legacy MUAs</name>
<t>When an e-mail email message with end-to-end cryptographic protection is received by a mail user agent, the user might experience many different possible problematic interactions.
A message with Header Protection may introduce new forms of user experience failure.</t>
<t>In this section, the authors enumerate different kinds of failures we have observed when reviewing, rendering, and replying to messages with different forms of Header Protection in different Legacy MUAs.
Different Legacy MUAs demonstrate different subsets of these problems.</t>
<t>A conformant MUA would not exhibit any of these problems.
An implementer updating their Legacy MUA to be compliant with this specification should consider these concerns and try to avoid them.</t>
<t>Recall that "protected" refers to the "inner" values, e.g., the real <spanx style="verb">Subject</spanx>, <tt>Subject</tt>, and "unprotected" refers to the "outer" values, e.g., the dummy <spanx style="verb">Subject</spanx>.</t> <tt>Subject</tt>.</t>
<section anchor="problems-viewing-messages-in-a-list-view"><name>Problems anchor="problems-viewing-messages-in-a-list-view">
<name>Problems Viewing Messages in a List View</name>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>Unprotected <spanx style="verb">Subject</spanx>, <spanx style="verb">Date</spanx>, <spanx style="verb">From</spanx>, <spanx style="verb">To</spanx> <tt>Subject</tt>, <tt>Date</tt>, <tt>From</tt>, and <tt>To</tt> Header Fields are visible (instead of being replaced by protected values)</t>
</li>
<li>
<t>Threading is not visible</t>
</list></t>
</li>
</ul>
</section>
<section anchor="problems-when-rendering-a-message"><name>Problems when anchor="problems-when-rendering-a-message">
<name>Problems When Rendering a Message</name>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>Unprotected <spanx style="verb">Subject</spanx> <tt>Subject</tt> is visible</t>
</li>
<li>
<t>Protected <spanx style="verb">Subject</spanx> <tt>Subject</tt> (on its own) is visible in the body</t>
</li>
<li>
<t>Protected <spanx style="verb">Subject</spanx>, <spanx style="verb">Date</spanx>, <spanx style="verb">From</spanx>, <tt>Subject</tt>, <tt>Date</tt>, <tt>From</tt>, and <spanx style="verb">To</spanx> <tt>To</tt> Header Fields are visible in the body</t>
</li>
<li>
<t>User interaction needed to view the whole message</t>
</li>
<li>
<t>User interaction needed to view the message body</t>
</li>
<li>
<t>User interaction needed to view the protected subject</t> <tt>Subject</tt></t>
</li>
<li>
<t>Impossible to view the protected <spanx style="verb">Subject</spanx></t> <tt>Subject</tt></t>
</li>
<li>
<t>Nuisance alarms during user interaction</t>
</li>
<li>
<t>Impossible to view the message body</t>
</li>
<li>
<t>Appears as a forwarded message</t>
</li>
<li>
<t>Appears as an attachment</t>
</li>
<li>
<t>Security indicators not visible</t>
</li>
<li>
<t>Security indicators do not identify the protection status of Header Fields</t>
</li>
<li>
<t>User has multiple different methods to reply (e.g., reply to outer, reply to inner)</t>
</li>
<li>
<t>User sees English "Subject:" in body despite message itself being in non-English</t>
</li>
<li>
<t>Security indicators do not identify the protection status of Header Fields</t>
</li>
<li>
<t>Header Fields in the body render with local Header Field names (e.g., showing "Betreff" instead of "Subject") and dates (TZ, locale)</t>
</list></t>
</li>
</ul>
</section>
<section anchor="problems-when-replying-to-a-message"><name>Problems when anchor="problems-when-replying-to-a-message">
<name>Problems When Replying to a Message</name>
<t>Note that the use case here is:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>User views a message, to the point where they can read it</t>
</li>
<li>
<t>User then replies to the message, and they are shown a message composition window, which has some UI elements</t>
</li>
<li>
<t>If the MUA has multiple different methods to reply to a message, each way may need to be evaluated separately</t>
</list></t>
</li>
</ul>
<t>This section also uses the shorthand UI:x to mean "the UI element that the user can edit that they think of as x."</t>
<t><list style="symbols"> x".</t>
<ul spacing="normal">
<li>
<t>Unprotected <spanx style="verb">Subject</spanx> <tt>Subject</tt> is in UI:subject (instead of the protected <spanx style="verb">Subject</spanx>)</t> <tt>Subject</tt>)</t>
</li>
<li>
<t>Protected <spanx style="verb">Subject</spanx> <tt>Subject</tt> is quoted in UI:body (from Legacy Display Element)</t>
</li>
<li>
<t>Protected <spanx style="verb">Subject</spanx> <tt>Subject</tt> leaks when the reply is serialised serialized into MIME</t>
</li>
<li>
<t>Protected <spanx style="verb">Subject</spanx> <tt>Subject</tt> is not anywhere in UI</t>
</li>
<li>
<t>Message body is <em>not</em> visible/quoted in UI:body</t>
</li>
<li>
<t>User cannot reply while viewing protected message</t>
</li>
<li>
<t>Reply is not encrypted by default (but is for legacy signed-and-encrypted messages without Header Protection)</t>
</li>
<li>
<t>Unprotected <spanx style="verb">From</spanx> <tt>From</tt> or <spanx style="verb">Reply-To</spanx> <tt>Reply-To</tt> Header Field is in UI:To (instead of the protected <spanx style="verb">From</spanx> <tt>From</tt> or <spanx style="verb">Reply-To</spanx> <tt>Reply-To</tt> Header Field)</t>
</li>
<li>
<t>User's locale (lang, TZ) leaks in quoted body</t>
</li>
<li>
<t>Header Fields not protected (and in particular, <spanx style="verb">Subject</spanx> <tt>Subject</tt> is not obscured) by default</t>
</list></t>
</li>
</ul>
</section>
</section>
<section anchor="test-vectors"><name>Test anchor="test-vectors">
<name>Test Vectors</name>
<t>This section contains sample messages using the specification defined above.
Each sample contains a MIME object, a textual and diagrammatic view of its structure, and examples of how an MUA might render it.</t>
<t>The cryptographic protections used in this document use the S/MIME standard, and keying material and certificates come from <xref target="RFC9216"/>.</t>
<t>These messages should be accessible to any IMAP client at <spanx style="verb">imap://bob@header-protection.cmrg.net/</spanx> <tt>imap://bob@header-protection.cmrg.net/</tt> (any password should authenticate to this read-only IMAP mailbox).</t>
<t>You can also download copies
<t>Copies of these test vectors can also be downloaded separately at <spanx style="verb">https://header-protection.cmrg.net</spanx>.</t> <eref target="https://header-protection.cmrg.net" brackets="angle"/>.</t>
<t>If any of the messages downloaded differ from those offered here, this document is the canonical source.</t>
<section anchor="baseline-messages"><name>Baseline anchor="baseline-messages">
<name>Baseline Messages</name>
<t>These messages offer no header protection at all, all and can be used as a baseline.
They are provided in this document as a counterexample.
An MUA implementer can use these messages to verify that the reported cryptographic summary of the message indicates no header protection.</t>
<section anchor="no-crypto"><name>No anchor="no-crypto">
<name>No Cryptographic Protections Over over a Simple Message</name>
<t>This message uses no cryptographic protection at all. Its body is a text/plain message.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴text/plain 152 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="no-crypto.eml"><![CDATA[
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: no-crypto
Message-ID: <no-crypto@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:00:02 -0500
User-Agent: Sample MUA Version 1.0
This is the
no-crypto
message.
This message uses no cryptographic protection at all. Its body
is a text/plain message.
--
Alice
alice@smime.example
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-one-part"><name>S/MIME Signed-only anchor="smime-one-part">
<name>S/MIME Signed-Only signedData Over over a Simple Message, No Header Protection</name>
<t>This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses no header protection.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 3856 bytes
⇩ (unwraps to)
└─╴text/plain 206 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-one-part.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
Subject: smime-one-part
Message-ID: <smime-one-part@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:01:02 -0500
User-Agent: Sample MUA Version 1.0
MIILGQYJKoZIhvcNAQcCoIILCjCCCwYCAQExDTALBglghkgBZQMEAgEwggFCBgkq
hkiG9w0BBwGgggEzBIIBL01JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04Ig0KQ29udGVudC1UcmFuc2Zlci1F
bmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZQ0Kc21pbWUtb25lLXBhcnQNCm1l
c3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2
aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxvYWQgaXMgYSB0ZXh0L3Bs
YWluIG1lc3NhZ2UuIEl0IHVzZXMgbm8gaGVhZGVyIHByb3RlY3Rpb24uDQoNCi0t
IA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1wbGUNCqCCB6YwggPPMIICt6ADAgEC
AhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg
UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIw
NTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D
9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs
165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZu
TtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDH
dZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy
6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/
BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VA
c21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMC
BSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEw
jnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBak
DKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdao
x644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Na
r2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtl
uLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK
49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vR
hZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG
9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8G
A1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAg
Fw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVU
RjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTk
fCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DI
Ls7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TC
NO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7
ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTM
SiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwID
AQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
MB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYB
BQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDT
IGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0B
AQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3Bj
JOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIj
So27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9
cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4P
GHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+u
CDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UE
ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1Q
UyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6a
qdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq
hkiG9w0BCQUxDxcNMjEwMjIwMTUwMTAyWjAvBgkqhkiG9w0BCQQxIgQgrhyFjywc
FLYzlCbb/xsgb5+a0sgYLUg094upq1ZXLWswDQYJKoZIhvcNAQEBBQAEggEABOi5
kcjRmMF4LK94svcfl92padnfUTSyjJtrIf6R6C7xy87VzsmPOPCmHgZOmTCuvY2D
iKuMId6WPVdjuRUaW6xkgYtgYjPDhy80NY0a9wXEQtjn448G0UHdM21cJyu9LTAg
orSzcT2pwEuGzNdsHW8LB5GtJKYct3RS0+jlbSr7WpZFY1mUrwpsm2r8za2KoOcy
t/E7Qz/8hT4HU52Na7pS1ZnxrasLr5prSjDSSKs4QK3ncJR8jhF9by0pDCoYgswy
zYaeJt0N+8uv7ab/kBaE3wfZlipMSFRJIlh+QeXCkIHo5fW5bn/REZHxMMdMfdPh
bqYT1i46156CSOqyxA==
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-only-signeddata-over-a-simple-message-no-header-protection-unwrapped"><name>S/MIME Signed-only anchor="smime-signed-only-signeddata-over-a-simple-message-no-header-protection-unwrapped">
<name>S/MIME Signed-Only signedData Over over a Simple Message, No Header Protection, Unwrapped</name>
<t>The S/MIME signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-one-part.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
This is the
smime-one-part
message.
This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a text/plain message. It uses no header protection.
--
Alice
alice@smime.example
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="smime-multipart"><name>S/MIME Signed-only anchor="smime-multipart">
<name>S/MIME Signed-Only multipart/signed Over over a Simple Message, No Header Protection</name>
<t>This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses no header protection.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└┬╴multipart/signed 4187 bytes
├─╴text/plain 224 bytes
└─╴application/pkcs7-signature [smime.p7s] 3429 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-multipart.eml"><![CDATA[
MIME-Version: 1.0
Content-Type: multipart/signed;
protocol="application/pkcs7-signature"; boundary="253";
micalg="sha-256"
Subject: smime-multipart
Message-ID: <smime-multipart@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:02:02 -0500
User-Agent: Sample MUA Version 1.0
--253
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
This is the
smime-multipart
message.
This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a text/plain
message. It uses no header protection.
--
Alice
alice@smime.example
--253
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"
MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTAyMDJa
MC8GCSqGSIb3DQEJBDEiBCAB+IATfw3+2kO9hwjUYxzW+Z12sfFp2dTb1pmXGS+7
DzANBgkqhkiG9w0BAQEFAASCAQANJdfU8DtOpINW4FeIWpdexndYvHYy7jFg5ICy
wIkh1DcqmbdvB4PXcksbJ0zKSVjdjXPdYQYRS4E5ClAEevEe+OkFd16UoGaadoaq
OjyGnuiEJJbRG2UUZZWMyJW2g8OZRAGZjYgEgvbVflmxqRjFRaeLGUorHaHoxk40
LomKSVRTUG11eEhmRmxIY4wKhwc0U9PKjCQFrhu3t1ZkGSfPn9jvdNTJkg85WUpk
WqmOyrup6DH4Gb84By+0IMk3vflrOyAw3kbsj6Ij+zymAlH61YypnAvddFBIuZPL
2LYdIHPLmq8KGrzcgjkjP+Y58hf9U+6gp0KPuS8DAGOvxYs0
--253--
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-signed-enc"><name>S/MIME anchor="smime-signed-enc">
<name>S/MIME Signed and Encrypted Over over a Simple Message, No Header Protection</name>
<t>This is a signed-and-encrypted S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses no header protection.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 6720 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 3960 bytes
⇩ (unwraps to)
└─╴text/plain 241 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: smime-signed-enc
Message-ID: <smime-signed-enc@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:03:02 -0500
User-Agent: Sample MUA Version 1.0
MIITXAYJKoZIhvcNAQcDoIITTTCCE0kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAGi78TIbx6BFPvdJW+VbgXY631bpi8XsHhD0
vTxHFViwRovgyH6v1vvobDE1xv6VdbyzVT4LEsiGbDzr0tO22oXSBV3JkzJez5fw
umUNX49fx31aXa7GDlp0G7YHzfxSCskt7rREceVzbp3qR46nGGbreosgbVqpiuUX
m3+ghxULxFZBggDJAFhWwH1cWtQ5lp6zAiior+Fc0A48OHErdNCqEO+21j3/3wIP
oQR6Aqx9beav1jJsjTVGm2BaCpCvLI4aooptm4LqMxXIe33FkzUDexJclwXJgx8y
r8yW3MroptDD7zJQMFu7LMgUYZ2VqTlbJBvpST13ZNQ+wxWHRz8wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAcBM/QDMNvyAPHlG0py8AovZ7
NHpupXUiRN6AZBINXb9rbgM5bv3XAuWKIeNg8cI4I+TF/RXYLnwTr8YSjThpl/+Q
DvcV5T1DyJBlHU5S7VFZHsMrJFw9+14nn83id60n5MSEqtn+Ec5DZaeKoOWXdfXx
Q/QqLoQVxlOX5awyChHk6s/oIdgXPAiF7ZJkT35FAGuv/Dx9o2chl7o1SIcgfOej
8K0txmm2e2ez8bluhZw1DaGDBiYsUIjw3VF9vQqUnhEisQZxOg5jOxGc2kE7Mk3q
wiH8xydBCzKRQfq4ze+ml3uyPPgMDJi5OpJqO0rarsKz4dV+YWbz/5YVKnlMZjCC
EC4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBRNCCx1UMI1OKK9qZck9jaAghAA
cC8Gt6ZgbCpV3HWObyl0nE4w+Vhxs8Z/1+nNlgrtaL6/ZDHZkfdc+lhk9LUeAr09
QfHkfqGMYxWF5BqUk3l5BI4OEyL8kU/dcqTFpWt/Fa4yWodfNGLThjoSfryHJFeC
vBjBcaOkiL9EsFpeFB4Qe5DY7/rcAGnCM5N6N3eRTPsIzguArEWX5fz7ulLuI3dt
/c3LsaGlmeHCB9bKhewhqa/jj3fxntB8CRDoSAUwt0t1lzx/GjHNXboz1vH623Oo
VPABjb/fqf6lzO3gszY2RE6wI7zHydlz2DgkpFdjyVk1Jub2+QkrQA7Brn9gES/I
gshjTIF+OL3me4UBxww0Bxtt46yz8FpVVOK4MunYel4U4p1SR1WEZGRLPDL+bydN
vXdstX39Eg8YChAdt5o5pPQ7bUo3Qkk0X9glJdyVNsTpWREj+F+/6do/JPStJSQt
TYgnXdjkHP4/w6+xqOcogfEVp6in7KkwfZ0v+SdZK++IPm/rMOsZlP9MbM9LkOA1
6xAB4MmPlOUDs5KQB5NYWvt034PQv8NRqfs7mlS7F4gvCaaAA1SZdqRn7kIdiNqg
RUFYTkhF5/g+pJ/Ysw9lVIvAOXHtnrbsTOxbrsIzL5wbkvCDW6ZTQIQ4kP9D0NTl
1JcxNVj10GprUztmYgqOy+wIJj3DlXHSSdugy3S/qEjiCCZwN8zAVl+c8AiifgfP
zpI4QU1552EC8HyoIUZSQP5O/dIy6ABLEDcwZKJ8nGJdSLurpD0V68p/hWk+Q6mu
I7DqidlNT0yehBKvZRE8jr7wclUm73xX/PhOqY158N6wNsekUHOHYERKU0BzRScQ
+YJ9tcsmPldE6jAzJB/vjjgoiLxIMci0PAXVdGjisxY3QhLh4DJTwKwhIr4kMkv0
OdciW3q2+9sxT4fbFMrOIXLUahE5qGbIyyvpPgwRmP/otP4jEyCgHuBxHKar630J
q381rmnb6Cqybc/Gmfxb0hX78DTn9hWag7fYh6u0yfMuH2bWvXW+ff+yeAy0/PCR
hxv0jZ+e3yx0Z4d8Q4Jk6kT6+HaP1tAMvJc4dubvP0+nQFZsHcxdLMrmBel+xpg5
DP1cGVtwQicVbCYWPkJINDcn9fExd1BiooF6yfaQ6a2h9zFpaevu5EqxRso57zpL
fv9PpPiuT9xQvFyYTg07cD8negTwJxVZwhP+PXdctwuwOkhCaW8I65SnKcvyYZpG
0t+Rr4Ul0oXs/0ERZLxQQbJLIRIxwsfekwvFBZ8QXp30mfQ+4M4lCO/f6cNO0TpF
LlNM6YyjWYQ38UDpirxgrp+ySOmCCFF+OjVC5AHsS+Orozv8IOWG8A8KKgryfNMs
tLrLctIOXLL900J4DOP3noqEQnYOI9Qq9X7f2Zv+f1G2sp0qrA8+frrxyB9H1VKu
Nqo+S2qq/c3d1EvDtVG8YYU4gCFeZzUq2nAsZcIoD157z7M512cQrCabLcZAYG4T
/PwRQpb9EqPwzuEBPZq997VbzzWKzqOuJPx4TeT8ksJawZzvs0/Gi5YL8inCV0Hx
vz2vmsWlL2sDDCus6vcl7X5pOqckNW5A7J/uGOXylkb2ZxTR0xP1wd4P3Ncw0S8m
3TVIiSKsNDHd3/ZEBkTeVIcmkprNeApZ6toTc3/izJO2OgLDtdjfu85nEVTIsalg
Syq8uGagBIQPpNb/EmICF1s78/b7MPu/NtF47Z0j8LIljS5xac1s/mT9XOEPw28z
ZmL6/5I+UKMKsJuaoSAJ5TcK13TONCdOteBt0dxMZHbw4Ix/YKESkCFu9B3IyoLq
kuCKtuGG6KNyIDYhkrLHs4wvQrhuky5r+wuzIE/HcM8mDWSaX+qEsGpOBUvFaDQZ
oNxuupslwKXsEO3I2WYOT4vVu6FbkQxVusmxL5KcXqJzaPu7bfaA9YpEyc0b0psC
YXMyUoplAtGQFwptKKxbhjBNoaIK26hnhREHgaOcD1YWTAU1p0bwTTRCqsYi0Vr9
iHmXjOrI3Hzz5Nks4OiF1tATULhL3dNzpZjIfdfMWsY6rFIfo+CaC/VpXFFvl9UD
1TDD7NYmSLNKgHMQ4yDBOQo9TyfiU4p2Asq3T+kFcS6X5WqdXeM2KwaDPuULl3J/
6ulUm5tm+8rQ5hf3jbxSmoC73HYywM0pdnv4BwghDetE3mdcVcSWYS38H5pOZfh6
NhTKY9PT7poeW2U/rmlfuOwKP97bIWVYiUM+F47fukbGymGztGJVqYtOJoLC3HT/
cVZhUaAqFkgbDBpGA+bANkzD1jHl3wZya4rb2LmhYSZM1xNqkKolQ+t3VhZ9FpgD
FFA7UWxGGjW2N2k/zJLdYNLjMtBRb2idEh0KXmxadRWRazIb1IJwGiXRtKmPRvWS
IPN138WtWF/fTpV5XP+Knk7SDZYzq2AZ8f98QDimmopz0N2cBDQRMUD32t4hFzHz
K7IBAx+fkQdw8JkX4JDJSGzMKM8glO5dpONZYSNb4ucEcmchi+7nMKszz5A0Nsjr
1V/khpZapoTjcTH9WZegiJMsaiU+sir1SadRTdnYxiwkJH5g/XfOe+3/+1+BDPb3
ac0vB86womwCoUgRnnFjWPLO7Dky5+p9BqYvKkmHuhzkL2O8+/gy+Z/aPnfZ1Syt
dz0gzSgvFrmRPKASmP3KVGmM6w/UwEhldO3HjNoOdv6qyQsy1dY6M4IA2tsCvKYg
qCwlzzZMs/P+PSkZtwwsQ9Zkn1b/wq1AFDqxjs3cysQeBLt0wAGBIRtnetvsWht9
yxAMLanLX01Wh8PtNewJY2LZZkhkOWCxP30VSqrzmwhGyX6lwMH2AAv+mu6hD3ci
tyhD44SvQUVVOVSCSyPSIcDZsdHL+XjuY7WDuiFh6v9Jb3KKZqbuoXoet44BtouY
RTit8UQJBGqReS9YJGh14U2ra1dvKLoZHIZdyxob12fu4QkTDAjGIvDzYuxuVaZL
W0NaHpBNIlOQUitx5e6JvyjIKtwM6Y/3/0o9pInhXDezk3t78NYctFR08xFQY3LJ
DN3S2EgXj1jWmd5E0/z+Tccg7d8hEn+0vVCRRQksqiPIEcZ1f/xgfm01FOfnI1Pb
OJfUSuZpTvnWtvCTOn62XmWj+4jzxBmopauAqf9XzDj6NsHGkrPVrdotEhFoYYRu
OHO0K4dUQf57JkVv56tuHkCAGUUgqVRzf9h2wcXP77vsUx0gpjXSKv4SMx7IUlW0
jCz1WNqQXPFny6j60BJzZ8wd6nFshHcYbvCP+BKxx7WB3j5Pqxr3/s9S9daCgMQ4
gWiPMOzuSgoTz2ggjqv31QMAXvkBSE+DIauh9BPw5pwoMsdMYT9eV+DrbN4dhy6t
P/4zCB4NQcyU2vP8P9piBLhcjunadSdITTna3D/fA6VdhidmuF5ieCzo1sTAGH6H
/VRPjxvA9gBeDtko120xoIaLpBF7I75UuFziIzuGuSE1lAf1S+I4NOD9tw0Gw+xU
/lvzqk4NHZ/j91GvRxTRj0eFWRuTKXDvVj6Z07vW1l8tJs+IpslaZgo5/sE7Ntx/
kTpAFcckTfz4iG0ngjlbVv7Do9fM1ndyUz8KxxznxBkS5kWw63rsobmlLpfks9zD
qIcxIldwnbKDufmd6kKgu66wjtfxKcGK+JQ09r2G+E0vDHLO3CUHjVafLEN1Rwt9
4Caj4WW5dcVQh+r3cYNeM50WHsKQ4leBxdVHLswnLa4PsIH5LqUDafFUVEOXbDOI
SnqIMMCdqGsGGsBIEDjopOrYj8rqyUP85j43/eTE2Jv7mQsvcyeAqH5fOzb8MkGD
8AsdOxVIbgYYalaB01pWcQE/jRv4D7cO0D2OM1DQzED9Ydzvl51jHE+71LVUbSkA
LQoYXJzLNj16DRYbSynXXFiRPmgAq9sfPEf+CoR47zpQUVXACRPLieRSDajlnj/U
XaoLV6JVFLY7+FQeW/W0YElIz4R2NJXdBXtaNNBjLnrS+8sW99cVY/yzMUjsohys
5Vjun8GPVRYVyAx003J5bdzefPLxoUhy7Of46lJxL0kBELzWAtCMm+MwBbrJCphS
0PlziAmYr5EGUEhA2pmv5O5Ok83Z7C4lmdbrRDraw++N0fq7mSm9ZgJRwbslrP+D
efLWEfWIeOz333XsmbJSi1E/MhJ3dCevVc33rEwaUvOJK8pOSMQj0ftl3yPYs+V1
YU/spQFYsXMhF8I4ZKQwGErIQEY5erTLbnhCRZgJgteQ0CkiQwB+U9JVnaJByjTw
DpY21mtfKIvNdc5rrThpDDI2uEiS+u42z5UxZiXiTYthWvrx7HQaCF9JP4INCe57
tvuGXDdfN2Hu5Yfnu6CdTqrovkbEzYt2kEzCXKvNZGcp58Nhbybt6Pw4Iju5XsA+
bptyQfmSSW6Ph6dXub9VJQKlFO0nhyyq6+Th+DXaNeRnXxl2jfykX+mUUFN6KHkK
9Td5k+yyIOGWe6oEeG4nwwytaDqduK9jBEna65cOBh5RulCvabCEXsHT3ovdvgrL
oJUO5WjAGGpdHpXUTlCwZHLo2zgD9L86zaZdi0fe9EcRxI/4NcbWkRhSoZTBur0+
KwuMH5ijXlI4Bb6YGt8Z9VUsTQr/QjdlnGVkIWSOqkw+3EVuHsB+ukx19hTXihCz
TDPgBaI8twdD5UfxnlglmM88304Rt4JsraLb3YtX8SD2p0g4GFfkEVKMJXYjWz6M
cTyDUBnyyShRHtInBjnn6alMBkq0t1vulRmUwOhd1Ua7ripH64qJFe938SJBu3yC
7divmSGh36en0ix6/hwq8uYVvO0RiyuMQmGs3KVVIByIL43RVhlthvccOO6I6l3s
U40BsdC/zXG4iZr5PT0LhAUgmX6OcPy2INFx+E/Idy45sN0pj7zfTSxrg5br72gg
dIZQkGYe3KJhMvHvkA40IEjGljU95Bx+bFoojWUaMUI4wlhhz0bppZF/bkENLhGq
IXVMYUfa0GFSvfhfXN7r3VvRpzkh7mgJrsIFwG035ZhZq904Z1Yw11N9pns8X2s6
PsSOZAO/E0NOMLSrOonmHy2wqGY7kSMprd9FI7ESe1hwLgqh2pVNesYGqx1Aw0AD
9rDktHKChXqAQDYElV/D1239rxc3tVFzoXtkk6BcNlwq/hvksAjk1/sMNA9x7OAf
gfE/zFZQNhWFNzuGd6ADf4Io+Wg9+L60JZmgBx6A9IiTygG9D38yREzQl0BgfGx4
xlkbs830dOgKafDVTMWCNomvOqIcU9kdirLuaOYl7N5yIR3TMH8p2kkkyYH0hMdX
TQ5v4K/OUYQteADMquJIJQiIfsOEdfd6to46yWIWlCQSJpN+M2iw0QoOPOjevCkC
RVZ0xXALDuEEuUJLjlSrwRVOx5drsqLoClAeH1Li/ZFm+I6qA2pVKrxohwndGimR
3FVKgLzC1srGGXsIGqoq5ueeN2ZTIQ6OyJh/ERLFd0uEeVCv7UIBRwQ9WrNaaFY1
1OtoJc+0XZ617xSFoKWnyA==
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-and-encrypted-over-a-simple-message-no-header-protection-decrypted"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-simple-message-no-header-protection-decrypted">
<name>S/MIME Signed and Encrypted Over over a Simple Message, No Header Protection, Decrypted</name>
<t>The S/MIME enveloped-data layer unwraps to this signed-data part:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc.decrypted.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
MIILPAYJKoZIhvcNAQcCoIILLTCCCykCAQExDTALBglghkgBZQMEAgEwggFlBgkq
hkiG9w0BBwGgggFWBIIBUk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04Ig0KQ29udGVudC1UcmFuc2Zlci1F
bmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZQ0Kc21pbWUtc2lnbmVkLWVuYw0K
bWVzc2FnZS4NCg0KVGhpcyBpcyBhIHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMvTUlN
RSBtZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2ln
bmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlzIGEgdGV4dC9wbGFpbg0KbWVzc2FnZS4g
SXQgdXNlcyBubyBoZWFkZXIgcHJvdGVjdGlvbi4NCg0KLS0gDQpBbGljZQ0KYWxp
Y2VAc21pbWUuZXhhbXBsZQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJU
h6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UE
CxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MTha
MDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5B
bGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqV
KfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfID
lB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdS
NRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1
ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv
9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIB
aVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQ
MA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxl
MBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQU
olNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpn
HGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9
eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLv
Lir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLro
r2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSY
kGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzS
WHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIIC
t6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTAL
BgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUg
TEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQx
OFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhM
QU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oulls
k4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpX
mFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2
GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wX
VgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7B
tZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYD
VR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYET
YWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8B
Af8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQY
MBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2
p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzh
W/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqEN
t1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9C
Dr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0T
zPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+Aq
J5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYD
VQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQME
AgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0y
MTAyMjAxNTAzMDJaMC8GCSqGSIb3DQEJBDEiBCDlUvgsJW6j30yo/fAeR1vd2Kst
erfZdXyjSKu5gnNGRTANBgkqhkiG9w0BAQEFAASCAQAYPeerPzpSeDL0FAep2p3r
y/xmN2pXvMsg1OQI/r6H/WIUpXga0Z3Z5Ml/VsZtKIbFGv/3en7GoqKc0w7/R26B
qKvtjt+0K7CW1BaWKRqcx7hTIVJXQhT7UnQLnT5daf/BiPbf73FEKoOE4N0cvsVY
237ni7VR/Rz/uz3TnheOsBk7H/AEmKIaPBnJj8wFoc6E8Vtusy5ZIrhX6YEq6e3A
YIJ01cm+cNWBa7kORT2pyKZ3yF2IIcoqyEfw/QkPkh6KM5hKSOUhvbQRPdKOv5u+
r/KmOuAbX04XzLZY+RYFdPG/grj+YxeJEgZlUfLgx8pJET9J0RkTImNh1zVVU+r4
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-signed-and-encrypted-over-a-simple-message-no-header-protection-decrypted-and-unwrapped"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-simple-message-no-header-protection-decrypted-and-unwrapped">
<name>S/MIME Signed and Encrypted Over over a Simple Message, No Header Protection, Decrypted and Unwrapped</name>
<t>The inner signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc.decrypted.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
This is the
smime-signed-enc
message.
This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses no header protection.
--
Alice
alice@smime.example
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="no-crypto-complex"><name>No anchor="no-crypto-complex">
<name>No Cryptographic Protections Over over a Complex Message</name>
<t>This message uses no cryptographic protection at all. Its body is a multipart/alternative message with an inline image/png attachment.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└┬╴multipart/mixed 1402 bytes
├┬╴multipart/alternative 794 bytes
│├─╴text/plain 206 bytes
│└─╴text/html 304 bytes
└─╴image/png inline 232 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="no-crypto-complex.eml"><![CDATA[
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="e68"
Subject: no-crypto-complex
Message-ID: <no-crypto-complex@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:00:02 -0500
User-Agent: Sample MUA Version 1.0
--e68
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="f70"
--f70
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
This is the
no-crypto-complex
message.
This message uses no cryptographic protection at all. Its body
is a multipart/alternative message with an inline image/png
attachment.
--
Alice
alice@smime.example
--f70
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body>
<p>This is the
<b>no-crypto-complex</b>
message.</p>
<p>This message uses no cryptographic protection at all. Its body
is a multipart/alternative message with an inline image/png
attachment.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--f70--
--e68
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--e68--
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-one-part-complex"><name>S/MIME Signed-only anchor="smime-one-part-complex">
<name>S/MIME Signed-Only signedData Over over a Complex Message, No Header Protection</name>
<t>This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 5253 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 1288 bytes
├┬╴multipart/alternative 882 bytes
│├─╴text/plain 260 bytes
│└─╴text/html 355 bytes
└─╴image/png inline 236 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-one-part-complex.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
Subject: smime-one-part-complex
Message-ID: <smime-one-part-complex@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:01:02 -0500
User-Agent: Sample MUA Version 1.0
MIIPIwYJKoZIhvcNAQcCoIIPFDCCDxACAQExDTALBglghkgBZQMEAgEwggVMBgkq
hkiG9w0BBwGgggU9BIIFOU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjUzMyINCg0KLS01MzMNCk1JTUUt
VmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2
ZTsgYm91bmRhcnk9IjkzMSINCg0KLS05MzENCkNvbnRlbnQtVHlwZTogdGV4dC9w
bGFpbjsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29u
dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZQ0Kc21p
bWUtb25lLXBhcnQtY29tcGxleA0KbWVzc2FnZS4NCg0KVGhpcyBpcyBhIHNpZ25l
ZC1vbmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NTIzcgc2lnbmVkRGF0YS4gIFRo
ZQ0KcGF5bG9hZCBpcyBhIG11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdp
dGggYW4gaW5saW5lDQppbWFnZS9wbmcgYXR0YWNobWVudC4gSXQgdXNlcyBubyBo
ZWFkZXIgcHJvdGVjdGlvbi4NCg0KLS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhh
bXBsZQ0KLS05MzENCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PSJ1
cy1hc2NpaSINCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5zZmVyLUVu
Y29kaW5nOiA3Yml0DQoNCjxodG1sPjxoZWFkPjx0aXRsZT48L3RpdGxlPjwvaGVh
ZD48Ym9keT4NCjxwPlRoaXMgaXMgdGhlDQo8Yj5zbWltZS1vbmUtcGFydC1jb21w
bGV4PC9iPg0KbWVzc2FnZS48L3A+DQo8cD5UaGlzIGlzIGEgc2lnbmVkLW9ubHkg
Uy9NSU1FIG1lc3NhZ2UgdmlhIFBLQ1MjNyBzaWduZWREYXRhLiAgVGhlDQpwYXls
b2FkIGlzIGEgbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBp
bmxpbmUNCmltYWdlL3BuZyBhdHRhY2htZW50LiBJdCB1c2VzIG5vIGhlYWRlciBw
cm90ZWN0aW9uLjwvcD4NCjxwPjx0dD4tLSA8YnIvPkFsaWNlPGJyLz5hbGljZUBz
bWltZS5leGFtcGxlPC90dD48L3A+PC9ib2R5PjwvaHRtbD4NCi0tOTMxLS0NCg0K
LS01MzMNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LVRyYW5zZmVy
LUVuY29kaW5nOiBiYXNlNjQNCkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0K
DQppVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFB
QUFjRWxFUVZSNDJ1VlRPeGJBDQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95
d2l3WW5DdGtES25iY0xrNjZzcWxUK3p0OWNpZGtFKzZLd2taDQpzZ3J6ZmNxVk1w
TDJqbzA0NDdnWURwZUFyaytPbkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldS
V00vdWxpDQp2ZFBmMVFaMmtERDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0NCg0K
LS01MzMtLQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQw
DQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg
V0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3Zl
bGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gB
UCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXP
mrszyidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEF
XgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41ko
aZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX
+TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iP
sIVKarUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZI
AWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQM
MAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkV
fAEj8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJ
KoZIhvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtK
tl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3M
RsMtjH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0
LIZRzWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXw
fDz8A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyu
OfQsqm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3
QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElF
VEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNB
IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIw
OTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEX
MBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo
7sHUa4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+95
0MFz/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYW
Tut3SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfC
n+IQsaqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9
COgEykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIw
ADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21p
bWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAw
HQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwH
Fwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4K
kkOHG25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30Uxf
yrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HV
X524bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP
0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+
JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSz
NnEmMYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q
UyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1
dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkq
hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAx
MDJaMC8GCSqGSIb3DQEJBDEiBCDw/DGldVr1aM/U2iIYH8C6YHSKLUihv8FIEUZC
JPECvDANBgkqhkiG9w0BAQEFAASCAQA/sn8ReNdvJH8O3Ejzs7eF6tBy6DYD5dFE
aLVxB6o3G6qHcupmwvHvL6zouALUoh+zkYRxuWNcPQGfbUqXoAC2cQ6ejwtz3Qnm
4L6amZZQC3NnwFfytOrIvGrMdT1M/39igmep2ZUq9BQS7vq0mYQzSgkGm148yOfI
QDeuJZGcw1EcFZuFUZPX4J9kvUu5twvDQoPnTitPVGJ9C2lB6PRkYjKW7JAmNtBL
qRbwZbtOjbrhAszzkRG5P8jR+35FIkG6abSF8hwYix0fJokUn3YnU7G6pRM7DSGg
S9MtDUy34GTkdUQ7OXFlLa5kpQfUFBbQ5qflKUvIrBsYX6qjWAVs
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-only-signeddata-over-a-complex-message-no-header-protection-unwrapped"><name>S/MIME Signed-only anchor="smime-signed-only-signeddata-over-a-complex-message-no-header-protection-unwrapped">
<name>S/MIME Signed-Only signedData Over over a Complex Message, No Header Protection, Unwrapped</name>
<t>The S/MIME signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-one-part-complex.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="533"
--533
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="931"
--931
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
This is the
smime-one-part-complex
message.
This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline
image/png attachment. It uses no header protection.
--
Alice
alice@smime.example
--931
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body>
<p>This is the
<b>smime-one-part-complex</b>
message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline
image/png attachment. It uses no header protection.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--931--
--533
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--533--
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="smime-multipart-complex"><name>S/MIME Signed-only anchor="smime-multipart-complex">
<name>S/MIME Signed-Only multipart/signed Over over a Complex Message, No Header Protection</name>
<t>This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└┬╴multipart/signed 5230 bytes
├┬╴multipart/mixed 1344 bytes
│├┬╴multipart/alternative 938 bytes
││├─╴text/plain 278 bytes
││└─╴text/html 376 bytes
│└─╴image/png inline 232 bytes
└─╴application/pkcs7-signature [smime.p7s] 3429 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-multipart-complex.eml"><![CDATA[
MIME-Version: 1.0
Content-Type: multipart/signed;
protocol="application/pkcs7-signature"; boundary="4e5";
micalg="sha-256"
Subject: smime-multipart-complex
Message-ID: <smime-multipart-complex@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:02:02 -0500
User-Agent: Sample MUA Version 1.0
--4e5
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0be"
--0be
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="cb6"
--cb6
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
This is the
smime-multipart-complex
message.
This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a
multipart/alternative message with an inline image/png
attachment. It uses no header protection.
--
Alice
alice@smime.example
--cb6
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body>
<p>This is the
<b>smime-multipart-complex</b>
message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a
multipart/alternative message with an inline image/png
attachment. It uses no header protection.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--cb6--
--0be
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--0be--
--4e5
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"
MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAyMDJa
MC8GCSqGSIb3DQEJBDEiBCDQTcb+2QaMhBSlslOnLpojyHSnq4gNzFYU45gwqAHj
7jANBgkqhkiG9w0BAQEFAASCAQCYM1/HD0Ka4aZwwLS4xMGoyFzGn5G2C3ph0jKS
mCVbpfAxeHnsnuFjdCYzgN/mdBCOQs4P2/rBGWy3DpDHnKdaB+Q2/IZmI1UgyRTM
oclbWWQfTLX1BuI/mJKqHBhJn0y17UXCUAnvSoYGFhjmqTQStR3k4PsdJod78pEa
9+Yx6lBGVyznuhHaGuB7lh/S9pxAYtoJFUuIVq+frSN5xhmisPXluFHC3UPu3Hyb
3w6gm+bTL4NDNWwXXSn5wfm9Ru05b3eAEv9pADPZ2TKZPxzrfe4wPNzArgYwdn3k
6NdLvgw4mZmSSiOyOlfKo3cgo4rZuN6CeLCgqZ0GjIJS43v+
--4e5--
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-signed-enc-complex"><name>S/MIME anchor="smime-signed-enc-complex">
<name>S/MIME Signed and Encrypted Over over a Complex Message, No Header Protection</name>
<t>This is a signed-and-encrypted S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses no header protection.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 8710 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5434 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 1356 bytes
├┬╴multipart/alternative 950 bytes
│├─╴text/plain 295 bytes
│└─╴text/html 390 bytes
└─╴image/png inline 236 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: smime-signed-enc-complex
Message-ID: <smime-signed-enc-complex@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:03:02 -0500
User-Agent: Sample MUA Version 1.0
MIIZHAYJKoZIhvcNAQcDoIIZDTCCGQkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAAWNP5pH9dbDPUdHQXSo0/ngHl7DGuH0uRFS
i68xp82mLO/liolbzronottFipHvmMHYZ+dL6fqVLlqY85FtCp/6r6iklmuQzP3g
TGRtiY5SvNBnm9bqSMcfOwHRaat7gKVKLktFXeQN5vUmaxW4H+RXBQHFXpoTljF7
z/z2oPxLYiazyV+srwrlSF7N8NvwXgtewhV/GDQZKGZEqQlX4XPRy1XDPdi+vHwU
0gxqwRzAhAkN8sAIs+82yMFf+OE60fqI+pPWxrR0YIEXEK/DBl4e1yA0u+keo/eD
NWFKE7g2BihWcp10wDEZHqEupPPN52LCHihyzpBdG0ubSpqYm3AwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAEALPDG2li48vBIODVbDuAZnJ
AIJPGuV9pVAU6AQq3+WWPd7kx8ct2WJPWpUOoKsvFyyNsTc8n6lVTrwflR1AcGhj
kkX7VGb71lpnC8ygaSqPF6KtkMICcW3nNdXBuqYR2n6npGD1z7CzElQbMgC53Ell
VqC56yHjeSiyLJKyyZBq/0bDjveFHndHCWoIQG7f1HcA8CY4bNNTC6YzQhQNbc69
hS+S+WwjOtpmNXLVZq491Rs1zPOUN2XjwE638rUqe1M/McBAwAXFQ+YBPdjWhiDg
SrAjN8xnTyi4XJIdabs5RIVg+NWDHuhdiTlzU8M5kY2ShAuGHY0FO445l/e/CDCC
Fe4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGsnW1gQI42Orjxx3Fn9pySAghXA
P71fxkSiJhQ9hJFUk1VtxPLYVxD6RroosTILpBn/eB28fOyA1z5pIhzx6CH35SuL
MzuFsnN99/LmvOe9z9Dc1UCrWLUhod5uVQilrdouxXljMdZlNGDj1zc10+82ahAP
KotYU/8AmtUHiGGs4BVr9tl5fBF2l72KYhlh1MHIU8x0C99vqOq41vBqtC9cmCzS
ht9TxlwRACQgAxADyzSKMc2rtqkAEqGRNBHxq09KxI9pJ6qkj3rQ5aL+epnkYoGN
B5thIQCoG7x/jNzN+mRdtvi3LhM7Uce1TU0N83VoBxpiH3o04re5CUb8ELEYssmO
4ZN/5AFQ3RQyZS0z1tgWzahrzo91VCvbdnM0irtXZPjpS/NoR/0ZokjE5Iw3SnJZ
35gdvu48eGStmKDFiTs/TXkuPQcMd2aO/joDD+/XNtuSdatXWp+PvELMYR5Z4Pbz
KMo1jMj5n3j/O+6WF8Fg1Dx8vr9JwHTP/4FFjh3qC1aMZxh4PjLEB4dD8rWJQdJA
p/3wS3+d+0kSkhnjG2dT5/6MtRwX5HFQlrVEAbdBIJee0GTAlLn974Li9JiutWzz
sVxTyD+6IBTYSoKQVbL8Th29J081sh5OV2bZ7EFpU6iwWMTEjKQBML9PLs/BO3ME
ZOsd8Lh3+RLMm3hsCh6ixAyDBX0xJUpW5dbbnKMffsUwdRxBBoO8rMFjURSSfJ4G
HzqXh1Lr5XEoKG7UQxW/2brMx7gf3OXsKq0YWQ7t6eniMkItu/lcndywe58q9nZF
h5NmmXH7Wf/YhcH3HywFXRv/0tSs3EgpjIgwGbeggwrND8LKx15kdRpT8egu6sOr
b4D8PhzYwKz87V+6fd6rDBvarWD6Oi+t847eVdaGPZ3qVVaMlQs5llAzLPUsqkU/
zLIL1c1SxCSoFWebd81CJ/6khs8tWpoiEQugHMrjyLykbax+jHeA7UD4+XZhgaBN
j6VJxeiQ3Euaqs6NdVe5KLGQVcpRayoifbsI/NogUY2WM0pfccGHtLA1KbZga5nX
ba6kox8cLSgf2w4B2CGEFAyl/yCXIvEbJE+L5vMYLd5dtW2UsR5HeD5i8NZ2+hYC
oDq8hcNYSCt1CX2BTd7bCrCOaP38pl2Q+k0VV6J2y+lyL+P5hVtcYOXaOfQqWjhf
7tpMXmMGqiaHP/Megtx5x9pudrERLHpJNnF57kx/YoiDOfKPSxNmKMfCWkJFOr/H
9PPYERlir51S62YQvqW9s2rwhjCSiL/YQVXpGoR16JRmcIBOVMsT4a9ArSFUdKNt
7x30W+CQ0ff4U+l0sfE/jfLwtPB29h1i5JFvbrzc9oyi+xDa4Iy/St4bbS6wulQ9
lo7PgPM/Oo8/Crav4vd20tKhNQQuR9YaC8a5n3fnclF256tcZunUg2G4MVm1ZJt7
oVslu/jaywsluQWdpA8ldSwnDq4wOFN5y9xCj0UgCaYqRSwB5auAlCUo8WXyIkyn
rhO+TwOigrJvZ2AgJjxh31CqClADwN2jBYkooDE71YfOOXjR6a8LBWrS4jCyInqu
ykdEdDcr11peNN0AhMKBfD670Qp/eQWtcrjWuM3qOsZfSF6YuKQJb1t0yRQontpo
dWFHw5RNI5p5lx4bl31XfpQ+dg6JECpbgNjcP03tVRMzAlvlj8m0P3dzr8XBr/8F
c1128rmsvIGNWPtU8N6sAzBvWC3hnuq0fmiyvlnF4+lk5DJWfXVPHtMTc24xOp0z
z1gM7+x/v+SIQuH3VvmEtQCCKtEXUHw+sSYRhAlwG1h8Ii88RNgg6TpTqicX2OpX
WICs5PLwa9BnYk3IAgyWfHhYEqY4ZYbq3lMnkaCZ0G30lXRqIZtumMTFK0j8RFt6
YI7wtpXImenNYZ0VSqSlS5hwLrYR3BjxjVO88ZhUao2cA+c+Gdown3j/v+BpkJgf
5AvNcx4z29oJmYq/lCcHU1UHIuKdu/zyMgljgJoTbvtLB/HoIYj1BCgIoknhrWz8
Rxsxdl+TUpdzN0fQw9jmzsQdwpalTL9gitqjeky3Lt8mfw+rl1aTiPSS667pZebq
fBdh+FlokKqhprCFYZbD8lV36anMHWkbDxj4/E1Ba58jZbC1w6GDdQ5uSLSXgbGw
vb255hmcWco8N78G3nsWtvygR9P4zRjfu/KM9IPzReHeQkE1CispMCf7Zx6+LJrF
wlW4Vl7l59d5qlKODKgInUpjGrBZo06/rb/QJYmh0CvAGbKVUnX7sWzoGIbzTN3g
zGEV/yAlROQDEAnmCoIKieVlThjDf++eUKiDbdbkhRP4OP4+b6DhSSdk3olNCQ/G
PO1HfVna9diWNUb35TsUy067EsNpNFlbAJ4/3/e46+h8JxSiD97umeFDeNECO0JA
0PcKX7x6kdFYZ7StiQWIgkK8lXrSv22vjdrHAUx0FP2m8mgnkWrOTeFRnvAZdYem
qUTR6g+eqq6+H9cE+VYutjzStfx5b8y34VEr6SmqH09yBggTG82zYii0o5d2qmbE
riuRHabQEt9ybAeY4BjaBR/o3iH2G45KVVUrOPlvXvAoGCcgzCMHqRC1zOZzcDO3
fXD2LSPHqf4IcqQcPetejTSiLjdzjkBsw8EZBCfEtZN3/BFyZRm7giiL4qLb6dM+
p4yzwC2qHe8g1AFhUx9BwynN8iSRgBQzCIgA6A8kdXXwWAGJCygs3FUKZ4mBO0LR
YxElYI9gaOBifFWOmdmLauNc3Lc9zORmd8X9vjLsEWcY5vQWQ1Ao/Yfj5cdBf3lS
jrDwKQf0B+Het9Y64x9wHrzsTyF337+PPVtw6PIru52GBk/Zcn/sCMmgcS4R7igf
eIyWagLmtwKrlZRGb8KYyElMDM5gT86ptGJyoyAhRz2dlvuHBXuxYZPlIAg1Rtql
O+rj/0d6b0ZfJW8fLhba957Gf0xLldXuuZIMqyJ+yOK20rsVWyYsR5hE4kXqXghs
aIZFbIsbSIfhRZopjKlUuVx6IPrcQ3qMmwlhnmGTTmDR//N9GRae8OulQmWkexdw
VzPflEjb2gTpBhNTEFvP4KePmBoKtFVjfSOF+OezE6aKDr1RID0ux5k1HgpS1gMP
CKFJmgCs07bKgnWiAYgEiYKIocXMvJAOZnzlXVuly6XxZk+SHqUggDnINxKusWwy
a+SrV4vgeQWs3qTFGvTKRGuRfygPergdA2h/Ra9VSJVARv08Ifo9e/H6kCq/ZaaM
qJoXVKRUp4QRtHdEV3e2qUcGBS00EGlxEpNBT9kp1RHnGzQGKDPQGTpeSwkZrVzP
NAW+cgRaCq3ebuGWZYddUpRH6cUhv9+/GYxA+g2LNtKu1544vmar+96nVjLkscw6
Elyl/xc4q5ADYEErCjgJTx1bGBH/lKdHGanC0JVKld+sImlXGy2BVAzR+fCYSAII
Z8WkZcu/Xkv3pVYIx/tnl8Lx8kktJltyxkm482hUnzZy2O8knv6lJr+BbzkvmV9D
mQJpjowoqG79tLqaJVuJtFm9IleTMRLiMxQ07TgHpd6GTpy6OSUks/F3Yn4ZYOa5
5lPDfuqK6yB54qXjCCGKuRWji/z2B+qdE+hL8RCUXBlKfr5Cvs0SpNKn4ccFrVAa
SX418VQHSlJZtwmRVeyX5LuCznF+g+vnn/g6h+fwGqzVLU4napv2IdU0ULxSB3eU
sWEzhcI7JRUsygOEeseQ/0N8WydYwYU8CSGmygTPfl9SIOojZowc8dZ1yaU037GP
/Y+7O7LyOHZXxheMVBomZTenvyfhRsHiNXgYRIRkL3YSCVmzh1oTN+IOXoLYxWVK
pHhzOselv4Tcy9wPzKdMOh/YBl1LLyskl6vXElLo45jTFpUr8SQ1OIxH8eeeUfw8
PJ6yfu/w8gwk6R2x9VbJTrYHuI451oKNZ89jHhhPH1x+PDjOV3ugKabNM0JD9u1G
t5fN+kFz8A3jKMAtkaBHHFmBJD8Y1lmRPazRSX8EF7hvtU+YgIc2z5yULwny2LWL
VTRQyGoj/NDDRRt9MsPf0ZBLvVBPHcJWdWY4kLQDPCE5CrH8F9fsIuh89icDUMUP
yOjI7rCydpceJdvOv65SSscf63MRdsZvYwOm1JgRdSqki8e+qy77o12qXw5eTeIV
7T+YWRbO5lWuVOZOJPv7tu3rdTCGslsTAe1FISU3AzrB9fNG5eHNmPnjZ1yqOlpL
J9BXVvNmWN2cVLutEfimcVRW/aeWuY3+HgSMHOhiqR92mRN6VY6PbdQ+rT914fUz
Vmy5LIN/kZjdeizQyTdgfrRG9pGDEimdlPPia5nCxhCwGqxkGPezjzNEWzHo/C4W
knfRMJpMbUJqZVe5uOSE466nhOKIF8nmR2fMzYYpnayCsJoh0AgghIAh94OFGz/T
Fp8hKykir4JuzspCI43sGwqZFVICfGOEtisIjZhPUn4VTvxdXsjMoC8ebVUpiMsw
/IihAFjMc5GdU5bP/F2oHiRh+B4e8OnSTdzS7PXb6tZ1g7ccazZ5ezp3rEOc5Q0X
yJ/UBiy29VmvLNPV5JBsZQdqCOkOHfz5zqXqnZLdp9XjuW/DD4uahd/t7fWkAjk1
IN82Om8GTMjrKSblbvSHRXXQk4sDC7+4K8a6M6hcDXZ51ggDdJkqgGDeyoquA2Za
+AX0XQPozqryfKggqqLL0kmBtfz5PJzDkgXof1VrbslAjQ4VsFjsIKeb4igc3IcS
snPjPC0ujVK/UpKOnci30yo6EreEsxvoRml1jUZ2NZycdJ+qGxL9hK5GWfqFxGDp
6eqt5X/bHLs+BK5R6G7qZRgk11zsMI+OLj9wkNRf65yxdWiREO/+0gewAX1sWbxI
soA6zPzvjk1hnz+rOHnip/ak+QIcdEBMWfUIpJXd92MW57IH5g93CL62vO/w2Kom
AoBVbHSbzFj97vbc6umT2CTM1F7NS4Rxb8xvuwgLAk11Li9QBhMcm47u1l84Jcuu
3IW6nC1v8SH77deDefBYZQJaeBH1HiBoC5Md1LgwP2EKYPEACnn0oPXW4hOjBRT4
yNVviniI7/4Pwdux39cDeXg4GbM3FDRtD/4srBF02pl9A9UsADNE6h83bCBTrZXb
9SNeObOhZ4sVXQ8Ofj7rr5oI8NmcFeI5wcogypd9esWitWGcE5i5wC+3n9nuFvfT
X8yOkEDXwDzR8qWgG1rl6A6JZnCL1N2fYJHkiOpu/NuFDCCXrlA4tvI8/E2ZmYy7
PtcEuz0NmkxK28pxKXleGX07ioVVMy6iHhEtGuotiFXjT6USG66KenDcXXRSle+O
T3ICsHy7b29G9D6ZKxgPA2KlOa8oTvvaea5ptclHchK5WCyRcvdpoei1Vz75K52p
HThqwLkRD7blE/iIva2R465ghWQLV/lc6L4jPIX6YQXE+uLt5TWQkWZ4gNsBVKds
KMgUQdy//yqmqxjImRsB/3wVcp947YOzbuQNKHH4Yn2cfsofnuWQRN6O0glCtX7i
HH1WTu4d16i2oDzWkgBhvfgJMwRFXfytDvc2AaHeBvzTsItyW6dV2YkX/P3Cx51e
8zTSzM/+ZLF02Mg+kY0+GUaJohjx06dt45xKSbUYq4beE22VVZO44ObuDgNPv7by
dp86PRFz7yLNKvglqD3XFg3EtQsG2YlS5TpGHqQe2ZxY7inlFzdnktxYAfJrXwkb
LGLVPNM0OipwTpPnAAShzwy763OX/Lh5Ou7MT2B7C08tCihanl3gQqvZvQ7ufNUF
3edpbAkvv23lVXIMPFCssgMpGFFnG9NogqXHJc5PzTESr+p7QuH+gvySHvYYkulh
w7ZtNiBBd7qu6ire1igXaYN0gVizoIyDintGWxHTaL6fN0AYf2CJRzvragn03t86
IkVIStrRaKh2eyZlwmG84wN4Vuj7dNARVcyK1HTIiz+zjReh2ouRW6ZMw4SVA5Fk
dUlQAHMmM4NG+BSek8qxIG02VXkaD+Bw9Z9oLcjE2lRfxc5QYc0smUD41m/dqbs8
kDYc8I1ONlf19073hZmAvqpDSIO/R2OF6v2rHpxRGgoY3GGz3vz1U+sAzwCdT25A
rqPwvAIS3ocPUXbzbX2BpoItIhM9GR+zy0DVxZ8rdGuisokRNaa67lzEsn3yTHth
3firVDH9ASlmKYJ7Igf/51Ms2KNm90x5794cE4KJG6k6I2exALrWJXEjdm+A2br3
O8kfGY7mi6PrkKyFLdTx6m84bSkuIstdfXvq2rrdS1eTqmEppIEuSx5i34L9AlY8
qMiUbQUpThLhoQ0fdfrKAAdJRPEYH8nn2yoiZnmEKaH3N97cRiYDZLa/YBZXGnny
O6uh3wezJRYa9QpSQH5mubiNC1fBoHzHGQEyTEZUaYJqqjAc4bx3yyacYnFTEPtX
mOT2S4o9Pz32f6wvOBT6xJzOFEMoh25gURmymISZKMU1pFePNNTmmP6x1K4pI2Pi
VAJUuyS7OARkdnjKwciPFU7VB4JubPvsdOTpihU4MzngSuohAcUhvRFYDNB7CwgU
igyOSURUVw0RnNslCSJxnalxpenfouN6vfuE48wkOtq/vGnJkiepuyuDm7b+qO0Y
j3iTqIJYVDlo9sNj1zjFN7T/zWgu5w32TU70eJ82PpBtjOFgWyaSi8dQGZgf4oxt
OhMKjRQAXPJs9f/NZzrR80oa04EZrTGoYu4+T97e5S19iyxKD4cLciqsLVAPISbh
BgYR+K6yHPT86vhql4dOrg07l9DYt3G1RiDHrCe12YA5iuNBBF2Wxbt5wZl29cdr
PFmHJvYg+jIC37UYBw9qv2ABsUI8AUJc8gMqvylNIuilwBPz4hYfo/AAYZe+o40i
cKwLe/UamiqdfPOVQeeN/BkXXaqr2EPDKUSeaShDrui+VKTvgKbJDbImWJjdhjQd
6ugnYd3ahi8Zk3+v6Taz0a7ZUtnGqvarOX6S4EH+h8H+CnLyuOPron5wJIssCMD2
cNDVB8a/n26EiQUG+fsakGyCIEqin5nSSdzgBlDiM0ghav5onizmKyqxHtHjZvRP
/1tGNa0yDwgfSDycM5QGsMD4JUFmozQ/NZsNeGfJEjyZpsI4v64jzcs4QxEbJoDP
/K8v9kiCQZ3NtkHGDRcUBWNDbKij8wgOPAJmHweFIA6UnHoqJdbPzNwsAAjMVN2Z
vtvsfFtuDu5BALHyKAlf67WbdKfFYqfktnmR2rPXa5U/3WWiS6cOLly6h+cseQvS
bPn77hbn6y2tRQOIMstJ7pBIlim6m/duKc7PZz1u/tANP/gKkHzthMyAErEOPmqM
Plfvt8ju0UpwGpiF1T1E3SRodx5/q8NV6TSKANWeKN7nahusiB5CVO2EclhjATXR
XmPo08kyxwYYK7P+oBOXsE2gM/uZy3If5hIEfmxxJ+5F19cNiotTQwJM7Jmbag1O
MtW7IWC7g+sDYln9L8hCxnCjoH331ss7c3470XB9pTy8EBnRdX5IRW9QuoRcMcZw
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-and-encrypted-over-a-complex-message-no-header-protection-decrypted"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-complex-message-no-header-protection-decrypted">
<name>S/MIME Signed and Encrypted Over over a Complex Message, No Header Protection, Decrypted</name>
<t>The S/MIME enveloped-data layer unwraps to this signed-data part:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex.decrypted.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
MIIPaQYJKoZIhvcNAQcCoIIPWjCCD1YCAQExDTALBglghkgBZQMEAgEwggWSBgkq
hkiG9w0BBwGgggWDBIIFf01JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjUwOCINCg0KLS01MDgNCk1JTUUt
VmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2
ZTsgYm91bmRhcnk9IjgwNCINCg0KLS04MDQNCkNvbnRlbnQtVHlwZTogdGV4dC9w
bGFpbjsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29u
dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZQ0Kc21p
bWUtc2lnbmVkLWVuYy1jb21wbGV4DQptZXNzYWdlLg0KDQpUaGlzIGlzIGEgc2ln
bmVkLWFuZC1lbmNyeXB0ZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQpl
bnZlbG9wZWREYXRhIGFyb3VuZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMg
YQ0KbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUg
aW1hZ2UvcG5nDQphdHRhY2htZW50LiBJdCB1c2VzIG5vIGhlYWRlciBwcm90ZWN0
aW9uLg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQotLTgwNA0K
Q29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIg0KTUlN
RS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQN
Cg0KPGh0bWw+PGhlYWQ+PHRpdGxlPjwvdGl0bGU+PC9oZWFkPjxib2R5Pg0KPHA+
VGhpcyBpcyB0aGUNCjxiPnNtaW1lLXNpZ25lZC1lbmMtY29tcGxleDwvYj4NCm1l
c3NhZ2UuPC9wPg0KPHA+VGhpcyBpcyBhIHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMv
TUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQg
c2lnbmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlzIGENCm11bHRpcGFydC9hbHRlcm5h
dGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZw0KYXR0YWNobWVu
dC4gSXQgdXNlcyBubyBoZWFkZXIgcHJvdGVjdGlvbi48L3A+DQo8cD48dHQ+LS0g
PGJyLz5BbGljZTxici8+YWxpY2VAc21pbWUuZXhhbXBsZTwvdHQ+PC9wPjwvYm9k
eT48L2h0bWw+DQotLTgwNC0tDQoNCi0tNTA4DQpDb250ZW50LVR5cGU6IGltYWdl
L3BuZw0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogYmFzZTY0DQpDb250ZW50
LURpc3Bvc2l0aW9uOiBpbmxpbmUNCg0KaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FB
QUJRQUFBQVVDQVlBQUFDTmlSME5BQUFBY0VsRVFWUjQydVZUT3hiQQ0KTUFnUzcz
OW5PM1RwUncyMGRxcGJmQVJRRWpPeXdpd1luQ3RrREtuYmNMazY2c3FsVCt6dDlj
aWRrRSs2S3drWg0Kc2dyemZjcVZNcEwyam8wNDQ3Z1lEcGVBcmsrT25KSGtJaEFm
VFBSaWNpaEFmNVlKcnc3dmp2MFpXUldNL3VsaQ0KdmRQZjFRWjJrREQ5eHBwZDh3
QUFBQUJKUlU1RXJrSmdnZz09DQoNCi0tNTA4LS0NCqCCB6YwggPPMIICt6ADAgEC
AhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg
UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIw
NTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D
9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs
165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZu
TtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDH
dZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy
6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/
BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VA
c21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMC
BSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEw
jnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBak
DKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdao
x644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Na
r2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtl
uLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK
49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vR
hZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG
9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8G
A1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAg
Fw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVU
RjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTk
fCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DI
Ls7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TC
NO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7
ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTM
SiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwID
AQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
MB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYB
BQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDT
IGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0B
AQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3Bj
JOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIj
So27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9
cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4P
GHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+u
CDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UE
ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1Q
UyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6a
qdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq
hkiG9w0BCQUxDxcNMjEwMjIwMTcwMzAyWjAvBgkqhkiG9w0BCQQxIgQgXYQxbGVS
YbD1RRyrYjMaj8vm0wJceMeGDm9qv/JsQlgwDQYJKoZIhvcNAQEBBQAEggEAbtxK
BK0ie88UC9KGR0/nHIWpXJOnN1/tXtEWsLoypwYiw8XKgcN8zgZ06RikcGX12ijW
Gz2wgA2yIRfnzWBvS6zmBc9r37klP8uhB0GgPrPFTtq+GeLn9hUApYQTb20HlSKM
e34oCU7qv0lYFfN0sDlwxkha1X3AAg4QFcUrnLJRkYFWDH6XvxsHNiLznwsF/+B1
uNiPIi7rhKgG3oLYu4H8qGolM5H+gyl7+h4t8hUHZVTxZ6QyTO0K+D2JO8aazcor
PgJsa85BUfcx0JXsixcqtLzTAfsPOAQBl1CUHEied1qX6nlMb2gCxP6psFEXPRGM
rxSLzwv5QtKJCaDfYw==
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-signed-and-encrypted-over-a-complex-message-no-header-protection-decrypted-and-unwrapped"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-complex-message-no-header-protection-decrypted-and-unwrapped">
<name>S/MIME Signed and Encrypted Over over a Complex Message, No Header Protection, Decrypted and Unwrapped</name>
<t>The inner signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex.decrypted.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="508"
--508
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="804"
--804
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
This is the
smime-signed-enc-complex
message.
This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png
attachment. It uses no header protection.
--
Alice
alice@smime.example
--804
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body>
<p>This is the
<b>smime-signed-enc-complex</b>
message.</p>
<p>This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png
attachment. It uses no header protection.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--804--
--508
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--508--
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
</section>
<section anchor="signed-only-messages"><name>Signed-only anchor="signed-only-messages">
<name>Signed-Only Messages</name>
<t>These messages are signed-only, using different schemes of header protection and different S/MIME structure.
The structures.
They use no <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> because the hcp HCP is only relevant when a message is encrypted.</t>
<!--[rfced] What does "the draft" refer to in the sentence below?
Should this be updated to "the draft message"? Note that there are
other occurrences like the example listed below that are used throughout
the appendices of this document.
Original:
It uses the Header Protection scheme from the draft.
Perhaps:
It uses the Header Protection scheme from the draft message.
-->
<section anchor="smime-one-part-hp"><name>S/MIME Signed-only anchor="smime-one-part-hp">
<name>S/MIME Signed-Only signedData Over over a Simple Message, Header Protection</name>
<t>This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a text/plain message. It uses the Header Protection scheme from the draft.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 4189 bytes
⇩ (unwraps to)
└─╴text/plain 233 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-one-part-hp.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
Subject: smime-one-part-hp
Message-ID: <smime-one-part-hp@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:06:02 -0500
User-Agent: Sample MUA Version 1.0
MIIMEAYJKoZIhvcNAQcCoIIMATCCC/0CAQExDTALBglghkgBZQMEAgEwggI5Bgkq
hkiG9w0BBwGgggIqBIICJk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1vbmUtcGFydC1ocA0K
TWVzc2FnZS1JRDogPHNtaW1lLW9uZS1wYXJ0LWhwQGV4YW1wbGU+DQpGcm9tOiBB
bGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NClRvOiBCb2IgPGJvYkBzbWltZS5l
eGFtcGxlPg0KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDowNjowMiAtMDUwMA0K
VXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0KQ29udGVudC1UeXBl
OiB0ZXh0L3BsYWluOyBjaGFyc2V0PSJ1dGYtOCI7IGhwPSJjbGVhciINCg0KVGhp
cyBpcyB0aGUNCnNtaW1lLW9uZS1wYXJ0LWhwDQptZXNzYWdlLg0KDQpUaGlzIGlz
IGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2UgdmlhIFBLQ1MjNyBzaWduZWRE
YXRhLiAgVGhlDQpwYXlsb2FkIGlzIGEgdGV4dC9wbGFpbiBtZXNzYWdlLiBJdCB1
c2VzIHRoZSBIZWFkZXIgUHJvdGVjdGlvbg0Kc2NoZW1lIGZyb20gdGhlIGRyYWZ0
Lg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQqgggemMIIDzzCC
AregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0w
CwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxl
IExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0
MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMI
TEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeN
SiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+Ithj
LeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/N
kug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSw
qpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQ
ury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwG
A1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWB
E2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0P
AQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSME
GDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4
oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIu
s8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2
AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gz
nbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqH
rg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RH
NrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcw
DQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg
V0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3Zl
bGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/
T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5G
Otz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnf
itOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjG
sgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/
N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ
45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZI
AWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQM
MAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIc
l64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJ
KoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xii
dfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2
lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh
2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2I
JCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcB
VyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUx
DTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1w
bGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/Qqmi
XDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B
BwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE1MDYwMlowLwYJKoZIhvcNAQkEMSIE
IHBk91pcJj0zJrTyROHOdfUnQMoctIHVb6WXTpS3gYxlMA0GCSqGSIb3DQEBAQUA
BIIBABWhy/yIy9RLS3OdZZTlUNChBhzNHjpSSoL3v0JmzOHeYJVblzBgpyPU33Tu
JALxlGuGp4ybO16yQREHMXNFZJkrqWcIAMZG/4tG7WIHXm0AGIcxl8BKKEpn8t1m
kiOO/NWzFY9TW1pYd/+CC7Q8Asc+S2Nd269HGrFFpL36r74Gt2xJDxn11N3coBh3
khaFt+p5GkqqrNUtfGeo0ifF+66x/oW9A/AtNE+iKwx7mEtukOhBgTXgyr3bi+ev
sEQzWYVLyVS7TCsCM5A1LxHZHv5gVcX1EMTZi7rRaNKKEmUcA9vbJYBSOWlmR/o4
FeLYNUvUvFXvV9YCb/0R0pgp9Aw=
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-only-signeddata-over-a-simple-message-header-protection-unwrapped"><name>S/MIME Signed-only anchor="smime-signed-only-signeddata-over-a-simple-message-header-protection-unwrapped">
<name>S/MIME Signed-Only signedData Over over a Simple Message, Header Protection, Unwrapped</name>
<t>The S/MIME signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-one-part-hp.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-one-part-hp
Message-ID: <smime-one-part-hp@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:06:02 -0500
User-Agent: Sample MUA Version 1.0
Content-Type: text/plain; charset="utf-8"; hp="clear"
This is the
smime-one-part-hp
message.
This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a text/plain message. It uses the Header Protection
scheme from the draft.
--
Alice
alice@smime.example
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="smime-multipart-hp"><name>S/MIME Signed-only anchor="smime-multipart-hp">
<name>S/MIME Signed-Only multipart/signed Over over a Simple Message, Header Protection</name>
<t>This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a text/plain message. It uses the Header Protection scheme from the draft.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└┬╴multipart/signed 4435 bytes
├─╴text/plain 250 bytes
└─╴application/pkcs7-signature [smime.p7s] 3429 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-multipart-hp.eml"><![CDATA[
MIME-Version: 1.0
Content-Type: multipart/signed;
protocol="application/pkcs7-signature"; boundary="78f";
micalg="sha-256"
Subject: smime-multipart-hp
Message-ID: <smime-multipart-hp@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:07:02 -0500
User-Agent: Sample MUA Version 1.0
--78f
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-multipart-hp
Message-ID: <smime-multipart-hp@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:07:02 -0500
User-Agent: Sample MUA Version 1.0
Content-Type: text/plain; charset="utf-8"; hp="clear"
This is the
smime-multipart-hp
message.
This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a text/plain
message. It uses the Header Protection scheme from the draft.
--
Alice
alice@smime.example
--78f
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"
MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNTA3MDJa
MC8GCSqGSIb3DQEJBDEiBCAIw1Q7hUXhrDaz3lXMFP0A3q3nvlhWh9ejLg/g9kjk
vDANBgkqhkiG9w0BAQEFAASCAQAcl0M6ZwFAzFvsP+/siWSN0EM0YWxuOzvCmSWC
0QwnAQ/dSwXcKMcej0wWMKTDTQSYBUjxFVE0chcK6FMH2gHDVb/PztWrSECmvh6F
utJ2SRxs0uGrFkee3hR0kowuOu9pDXasLtWP2MnB5pSMWX5QMpya1UxYcbIoaUOx
Jeu5zjbYf/Oo2tINvZHP+r+wxQZ7qTaEzviQ+IV0KoJanfU3Qd/giS6MuySwozwP
r3E7YAy3O9dZT7zL6AR5CsC1I0coo7X1PRNnBXXLMEcR/v5cXniGV+GNf8xYaiGA
iT9IwijZa6psfTSFjzUWTIc0jGx3GcLZr+BIm+MEBCSRzDum
--78f--
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-one-part-complex-hp"><name>S/MIME Signed-only anchor="smime-one-part-complex-hp">
<name>S/MIME Signed-Only signedData Over over a Complex Message, Header Protection</name>
<t>This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Header Protection scheme from the draft.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 5647 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 1570 bytes
├┬╴multipart/alternative 934 bytes
│├─╴text/plain 287 bytes
│└─╴text/html 382 bytes
└─╴image/png inline 236 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-one-part-complex-hp.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
Subject: smime-one-part-complex-hp
Message-ID: <smime-one-part-complex-hp@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:06:02 -0500
User-Agent: Sample MUA Version 1.0
MIIQRQYJKoZIhvcNAQcCoIIQNjCCEDICAQExDTALBglghkgBZQMEAgEwggZuBgkq
hkiG9w0BBwGgggZfBIIGW01JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1vbmUtcGFydC1jb21wbGV4LWhwDQpNZXNzYWdlLUlEOiA8c21pbWUtb25lLXBh
cnQtY29tcGxleC1ocEBleGFtcGxlPg0KRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1l
LmV4YW1wbGU+DQpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6IFNh
dCwgMjAgRmViIDIwMjEgMTI6MDY6MDIgLTA1MDANClVzZXItQWdlbnQ6IFNhbXBs
ZSBNVUEgVmVyc2lvbiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L21peGVk
OyBib3VuZGFyeT0iZTJlIjsgaHA9ImNsZWFyIg0KDQotLWUyZQ0KTUlNRS1WZXJz
aW9uOiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L2FsdGVybmF0aXZlOyBi
b3VuZGFyeT0iMjAwIg0KDQotLTIwMA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWlu
OyBjaGFyc2V0PSJ1cy1hc2NpaSINCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50
LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0DQoNClRoaXMgaXMgdGhlDQpzbWltZS1v
bmUtcGFydC1jb21wbGV4LWhwDQptZXNzYWdlLg0KDQpUaGlzIGlzIGEgc2lnbmVk
LW9ubHkgUy9NSU1FIG1lc3NhZ2UgdmlhIFBLQ1MjNyBzaWduZWREYXRhLiAgVGhl
DQpwYXlsb2FkIGlzIGEgbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0
aCBhbiBpbmxpbmUNCmltYWdlL3BuZyBhdHRhY2htZW50LiBJdCB1c2VzIHRoZSBI
ZWFkZXIgUHJvdGVjdGlvbiBzY2hlbWUgZnJvbQ0KdGhlIGRyYWZ0Lg0KDQotLSAN
CkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQotLTIwMA0KQ29udGVudC1UeXBl
OiB0ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIg0KTUlNRS1WZXJzaW9uOiAx
LjANCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQNCg0KPGh0bWw+PGhl
YWQ+PHRpdGxlPjwvdGl0bGU+PC9oZWFkPjxib2R5Pg0KPHA+VGhpcyBpcyB0aGUN
CjxiPnNtaW1lLW9uZS1wYXJ0LWNvbXBsZXgtaHA8L2I+DQptZXNzYWdlLjwvcD4N
CjxwPlRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtD
UyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxvYWQgaXMgYSBtdWx0aXBhcnQvYWx0
ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGluZQ0KaW1hZ2UvcG5nIGF0dGFj
aG1lbnQuIEl0IHVzZXMgdGhlIEhlYWRlciBQcm90ZWN0aW9uIHNjaGVtZSBmcm9t
DQp0aGUgZHJhZnQuPC9wPg0KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFsaWNl
QHNtaW1lLmV4YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPg0KLS0yMDAtLQ0K
DQotLWUyZQ0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtVHJhbnNm
ZXItRW5jb2Rpbmc6IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5l
DQoNCmlWQk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBO
QUFBQWNFbEVRVlI0MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVq
T3l3aXdZbkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oNCnNncnpmY3FW
TXBMMmpvMDQ0N2dZRHBlQXJrK09uSkhrSWhBZlRQUmljaWhBZjVZSnJ3N3ZqdjBa
V1JXTS91bGkNCnZkUGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQ0K
DQotLWUyZS0tDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaK
tDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q
UyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1
dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExv
dmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP
6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp
1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6h
AQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXj
WShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2
lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/
WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpg
hkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0l
BAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyA
KRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTAN
BgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1
u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZ
ncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fF
o/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmG
pfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO
7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQIC
EzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChME
SUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBS
U0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1
MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdH
MRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOw
I2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD
73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aR
phZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65
x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL
270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8E
AjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBz
bWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIG
wDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCO
fAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3
/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffR
TF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9v
sdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkK
TM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4G
Wv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s
1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExB
TVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24g
QXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgG
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3
MDYwMlowLwYJKoZIhvcNAQkEMSIEIGbRm8jphDRUXRWIk4vxhAup+YZsmtrednWv
3iPoigWSMA0GCSqGSIb3DQEBAQUABIIBAEHG833PIy7iky9Ok2pN22fjSF6xtjlt
h1Pi4Eh9PSjQ5Rdrsv9pJFFsBhSLOXv+O8fwYfS1rUrgwsCVMO64zz5MT1Kj4Y4Z
a6ztE9weXTlciQydOWER6lV1BDP4GwUaz+BBCoKKB0DTHq+nPNo97XtTCUfo55Vz
55vmNXxqWQ952hzw+qxxTxKzdYApFd9cZYzvV4otZgtvZDu3sn6GWFCtVpN4+6TR
xClE93q+LZwvJyXFRFWHcKqpUfQ16ZAomBadrJ1RU3BmRXnC6DAI/J/yhm7OegdN
0Or/+EuyWAzp0r/GCsSGXt2owaAkGPuZf6kPc0mLhb/VFdeY16wy9J0=
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-only-signeddata-over-a-complex-message-header-protection-unwrapped"><name>S/MIME Signed-only anchor="smime-signed-only-signeddata-over-a-complex-message-header-protection-unwrapped">
<name>S/MIME Signed-Only signedData Over over a Complex Message, Header Protection, Unwrapped</name>
<t>The S/MIME signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-one-part-complex-hp.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Subject: smime-one-part-complex-hp
Message-ID: <smime-one-part-complex-hp@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:06:02 -0500
User-Agent: Sample MUA Version 1.0
Content-Type: multipart/mixed; boundary="e2e"; hp="clear"
--e2e
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="200"
--200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
This is the
smime-one-part-complex-hp
message.
This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline
image/png attachment. It uses the Header Protection scheme from
the draft.
--
Alice
alice@smime.example
--200
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body>
<p>This is the
<b>smime-one-part-complex-hp</b>
message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline
image/png attachment. It uses the Header Protection scheme from
the draft.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--200--
--e2e
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--e2e--
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="smime-multipart-complex-hp"><name>S/MIME Signed-only anchor="smime-multipart-complex-hp">
<name>S/MIME Signed-Only multipart/signed Over over a Complex Message, Header Protection</name>
<t>This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the Header Protection scheme from the draft.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└┬╴multipart/signed 5520 bytes
├┬╴multipart/mixed 1628 bytes
│├┬╴multipart/alternative 990 bytes
││├─╴text/plain 304 bytes
││└─╴text/html 402 bytes
│└─╴image/png inline 232 bytes
└─╴application/pkcs7-signature [smime.p7s] 3429 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-multipart-complex-hp.eml"><![CDATA[
MIME-Version: 1.0
Content-Type: multipart/signed;
protocol="application/pkcs7-signature"; boundary="ba4";
micalg="sha-256"
Subject: smime-multipart-complex-hp
Message-ID: <smime-multipart-complex-hp@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:07:02 -0500
User-Agent: Sample MUA Version 1.0
--ba4
MIME-Version: 1.0
Subject: smime-multipart-complex-hp
Message-ID: <smime-multipart-complex-hp@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:07:02 -0500
User-Agent: Sample MUA Version 1.0
Content-Type: multipart/mixed; boundary="b14"; hp="clear"
--b14
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="f1a"
--f1a
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
This is the
smime-multipart-complex-hp
message.
This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft.
--
Alice
alice@smime.example
--f1a
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body>
<p>This is the
<b>smime-multipart-complex-hp</b>
message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--f1a--
--b14
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--b14--
--ba4
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"
MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA3MDJa
MC8GCSqGSIb3DQEJBDEiBCDKNV54rM1AYevevF+c3DI/JjX14STIx3nsp5B95mHf
gTANBgkqhkiG9w0BAQEFAASCAQBWQxNUY6IG27ju4XS4aApRfPoBUjk6m7uUMIQF
/VC9EpXLvWRkn6B9k7L9MMrMJPRKR03oCzimaPjTKH3JKTxdj0gWtb2eELmIaRWY
nOTaAK/3/h2dqMbPXYXgmWRQPsgFs42m6zWF4CH3YpurTvQC5gB0PSEPF0BOHdcm
77bRs4AcPf1mfGThUG3YUNXuJ99BKb3Zz3lQiTohvhti9eHRYAMXL/XdP7TLiGVm
Ee7uoUREekXvLmj8C6B3z8fiTfiWlqENU7J2BkrVF0KgW5X9ANwhekNROEx6X05R
NVcBYNKNxCxuKMbHcE47Ytt8AuV4NoDWk2yumc8T6sM0Wkue
--ba4--
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-one-part-complex-rfc8551hp"><name>S/MIME Signed-only anchor="smime-one-part-complex-rfc8551hp">
<name>S/MIME Signed-Only signedData Over over a Complex Message, Legacy RFC 8551 Header Protection</name>
<t>This is a signed-only S/MIME message via PKCS#7 signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the legacy RFC 8551 header protection (<iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref>) scheme.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 5696 bytes
⇩ (unwraps to)
└┬╴message/rfc822 1660 bytes
└┬╴multipart/mixed 1612 bytes
├┬╴multipart/alternative 974 bytes
│├─╴text/plain 296 bytes
│└─╴text/html 394 bytes
└─╴image/png inline 232 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-one-part-complex-rfc8551hp.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
Subject: smime-one-part-complex-rfc8551hp
Message-ID: <smime-one-part-complex-rfc8551hp@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:26:02 -0500
User-Agent: Sample MUA Version 1.0
MIIQaQYJKoZIhvcNAQcCoIIQWjCCEFYCAQExDTALBglghkgBZQMEAgEwggaSBgkq
hkiG9w0BBwGgggaDBIIGf01JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyDQoNCk1JTUUtVmVyc2lvbjogMS4wCkNvbnRlbnQtVHlw
ZTogbXVsdGlwYXJ0L21peGVkOyBib3VuZGFyeT0iZTY4IgpTdWJqZWN0OiBzbWlt
ZS1vbmUtcGFydC1jb21wbGV4LXJmYzg1NTFocApNZXNzYWdlLUlEOiA8c21pbWUt
b25lLXBhcnQtY29tcGxleC1yZmM4NTUxaHBAZXhhbXBsZT4KRnJvbTogQWxpY2Ug
PGFsaWNlQHNtaW1lLmV4YW1wbGU+ClRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxl
PgpEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjI2OjAyIC0wNTAwClVzZXItQWdl
bnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjAKCi0tZTY4Ck1JTUUtVmVyc2lvbjog
MS4wCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L2FsdGVybmF0aXZlOyBib3VuZGFy
eT0iYmJhIgoKLS1iYmEKQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0
PSJ1cy1hc2NpaSIKTUlNRS1WZXJzaW9uOiAxLjAKQ29udGVudC1UcmFuc2Zlci1F
bmNvZGluZzogN2JpdAoKVGhpcyBpcyB0aGUKc21pbWUtb25lLXBhcnQtY29tcGxl
eC1yZmM4NTUxaHAKbWVzc2FnZS4KClRoaXMgaXMgYSBzaWduZWQtb25seSBTL01J
TUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUKcGF5bG9hZCBp
cyBhIG11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5l
CmltYWdlL3BuZyBhdHRhY2htZW50LiBJdCB1c2VzIHRoZSBsZWdhY3kgUkZDIDg1
NTEgaGVhZGVyCnByb3RlY3Rpb24gKFJGQzg1NTFIUCkgc2NoZW1lLgoKLS0gCkFs
aWNlCmFsaWNlQHNtaW1lLmV4YW1wbGUKLS1iYmEKQ29udGVudC1UeXBlOiB0ZXh0
L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZlcnNpb246IDEuMApDb250
ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0Cgo8aHRtbD48aGVhZD48dGl0bGU+
PC90aXRsZT48L2hlYWQ+PGJvZHk+CjxwPlRoaXMgaXMgdGhlCjxiPnNtaW1lLW9u
ZS1wYXJ0LWNvbXBsZXgtcmZjODU1MWhwPC9iPgptZXNzYWdlLjwvcD4KPHA+VGhp
cyBpcyBhIHNpZ25lZC1vbmx5IFMvTUlNRSBtZXNzYWdlIHZpYSBQS0NTIzcgc2ln
bmVkRGF0YS4gIFRoZQpwYXlsb2FkIGlzIGEgbXVsdGlwYXJ0L2FsdGVybmF0aXZl
IG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUKaW1hZ2UvcG5nIGF0dGFjaG1lbnQuIEl0
IHVzZXMgdGhlIGxlZ2FjeSBSRkMgODU1MSBoZWFkZXIKcHJvdGVjdGlvbiAoUkZD
ODU1MUhQKSBzY2hlbWUuPC9wPgo8cD48dHQ+LS0gPGJyLz5BbGljZTxici8+YWxp
Y2VAc21pbWUuZXhhbXBsZTwvdHQ+PC9wPjwvYm9keT48L2h0bWw+Ci0tYmJhLS0K
Ci0tZTY4CkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nCkNvbnRlbnQtVHJhbnNmZXIt
RW5jb2Rpbmc6IGJhc2U2NApDb250ZW50LURpc3Bvc2l0aW9uOiBpbmxpbmUKCmlW
Qk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFBQWNF
bEVRVlI0MnVWVE94YkEKTUFnUzczOW5PM1RwUncyMGRxcGJmQVJRRWpPeXdpd1lu
Q3RrREtuYmNMazY2c3FsVCt6dDljaWRrRSs2S3drWgpzZ3J6ZmNxVk1wTDJqbzA0
NDdnWURwZUFyaytPbkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldSV00vdWxp
CnZkUGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQoKLS1lNjgtLQqg
ggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0B
AQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UE
AxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0x
OTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjER
MA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY
60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6
kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b9
7enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMs
wt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5
chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQAB
o4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4G
A1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUH
AwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3
DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0F
AAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX
/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U
8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXs
U4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZee
gSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo
2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJc
OvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UE
CxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MTha
MDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5B
bGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0
iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7
pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rB
X7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQV
tkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/
2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVC
CpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQ
MA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxl
MBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQU
u/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpn
HGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40
BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeq
AH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ
2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYTo
j1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6h
noQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB
/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYD
VQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3
QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzEL
BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3MjYwMlowLwYJKoZI
hvcNAQkEMSIEIPo6cfj2PNIuP7W8SRv7KpxepLUu9zPgalLeN0BNuSo/MA0GCSqG
SIb3DQEBAQUABIIBAIB0l2cJSO2iAJg5nB/+gal+wZn3hOPlWW6n8YQ957q/TxIj
Iny59ctj4CokVaRb3uAm50r1TpK1h1x/hse1MsZgWQ0ew+omUQQkJg3RLZ9R8wsv
Ol8SN5WMNdiNSRNC9a3MFtSVPEOCt90XdQdQ2kqeRkL/fthatcF8gI+p4+pOP2+U
dOfnKCjP9nPobyBcXkljv0pRriu7snqQi1O0I1aqd4VwocIm8YV65la0/9522f6e
/4Zi30oBLuIz1+pT2z6frPzUJfd6UbGtSiAwRHyfIJHZ2PAYt94iMv7U0VmK3GmJ
TkzFm1if4dpFLofdkEtUX8Is+DPf+/ZB1MvrrQk=
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-only-signeddata-over-a-complex-message-legacy-rfc-8551-header-protection-unwrapped"><name>S/MIME Signed-only anchor="smime-signed-only-signeddata-over-a-complex-message-legacy-rfc-8551-header-protection-unwrapped">
<name>S/MIME Signed-Only signedData Over over a Complex Message, Legacy RFC 8551 Header Protection, Unwrapped</name>
<t>The S/MIME signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-one-part-complex-rfc8551hp.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Content-Type: message/rfc822
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="e68"
Subject: smime-one-part-complex-rfc8551hp
Message-ID: <smime-one-part-complex-rfc8551hp@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:26:02 -0500
User-Agent: Sample MUA Version 1.0
--e68
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="bba"
--bba
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
This is the
smime-one-part-complex-rfc8551hp
message.
This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline
image/png attachment. It uses the legacy RFC 8551 header
protection (RFC8551HP) scheme.
--
Alice
alice@smime.example
--bba
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body>
<p>This is the
<b>smime-one-part-complex-rfc8551hp</b>
message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline
image/png attachment. It uses the legacy RFC 8551 header
protection (RFC8551HP) scheme.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--bba--
--e68
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--e68--
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="smime-multipart-complex-rfc8551hp"><name>S/MIME Signed-only anchor="smime-multipart-complex-rfc8551hp">
<name>S/MIME Signed-Only multipart/signed Over over a Complex Message, Legacy RFC 8551 Header Protection</name>
<t>This is a signed-only S/MIME message via PKCS#7 detached signature (multipart/signed). The payload is a multipart/alternative message with an inline image/png attachment. It uses the legacy RFC 8551 header protection (<iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref>) scheme.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└┬╴multipart/signed 5624 bytes
├┬╴message/rfc822 1718 bytes
│└┬╴multipart/mixed 1670 bytes
│ ├┬╴multipart/alternative 1030 bytes
│ │├─╴text/plain 324 bytes
│ │└─╴text/html 422 bytes
│ └─╴image/png inline 232 bytes
└─╴application/pkcs7-signature [smime.p7s] 3429 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-multipart-complex-rfc8551hp.eml"><![CDATA[
MIME-Version: 1.0
Content-Type: multipart/signed;
protocol="application/pkcs7-signature"; boundary="a61";
micalg="sha-256"
Subject: smime-multipart-complex-rfc8551hp
Message-ID: <smime-multipart-complex-rfc8551hp@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:27:02 -0500
User-Agent: Sample MUA Version 1.0
--a61
MIME-Version: 1.0
Content-Type: message/rfc822
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="91c"
Subject: smime-multipart-complex-rfc8551hp
Message-ID: <smime-multipart-complex-rfc8551hp@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:27:02 -0500
User-Agent: Sample MUA Version 1.0
--91c
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="b87"
--b87
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
This is the
smime-multipart-complex-rfc8551hp
message.
This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the legacy RFC 8551 header protection
(RFC8551HP) scheme.
--
Alice
alice@smime.example
--b87
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body>
<p>This is the
<b>smime-multipart-complex-rfc8551hp</b>
message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached
signature (multipart/signed). The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the legacy RFC 8551 header protection
(RFC8551HP) scheme.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--b87--
--91c
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--91c--
--a61
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s"
MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzI3MDJa
MC8GCSqGSIb3DQEJBDEiBCAYyptCVBhIbjLhlQOKunV/81vEiJSGLmos08/AoumM
FzANBgkqhkiG9w0BAQEFAASCAQCSBglwkJFZNTXSwtDjldQxDo4n3twmJl9VyZSO
AlO0EiVW2+9Tqu06G+mTSePraLq4L2BvutQ1rKW9jVXJXJ8klx3Y8aY6TGvJ5/RH
3GpwQPjfjauEVAplxnIeLdtUbwJJvaColBr6bPHUibtvXS14JqfHvEu7uTgHlxpv
KFZ/VEXf+Lx62gINfpie22d6UC3Nxif6EwPEDLmIjOYILjfMf9McQ2KzAPr6t6x/
hrz6NDG3LeTeLegQ4+onLotaBFsa0QPat0nSFjcaH8j9hFb4RB4avMbT1/5nRR6/
B49YO28fRuAztMvesvs4M8kW6DAJjYj2fFAgT87CdWErzM7r
--a61--
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="signed-and-encrypted-messages"><name>Signed-and-Encrypted anchor="signed-and-encrypted-messages">
<name>Signed-and-Encrypted Messages</name>
<t>These messages are signed and encrypted.
They use PKCS#7 signedData inside envelopedData, with different header protection schemes and different Header Confidentiality Policies.</t>
<section anchor="smime-signed-enc-hp-baseline"><name>S/MIME anchor="smime-signed-enc-hp-baseline">
<name>S/MIME Signed and Encrypted Over over a Simple Message, Header Protection With with hcp_baseline</name>
<t>This is a signed-and-encrypted S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Header Protection scheme from the draft with the hcp_baseline <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref>.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 7825 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 4786 bytes
⇩ (unwraps to)
└─╴text/plain 329 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-baseline.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-signed-enc-hp-baseline@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:09:02 -0500
User-Agent: Sample MUA Version 1.0
MIIWjAYJKoZIhvcNAQcDoIIWfTCCFnkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAERRjmiJrN88aVGFS2yaskouoeCwZ++b+Xx4
pJQ1bIG5PzkUkiAqDWKhdwAJT+f74rJIneIhgYQkL1NWefgCuO7UBT+ciHEBDEhP
+3jciOFRP3Hnynxdiw6DpGaUfyyk9WnOGjePADIipvHDkRJXWIuuHFCXpQPQthB+
mwYuv6G5Wm9MxHSpAid/UXMkUAYK2zkVMSoDM4BfG9TpmIUqjBm+uo0d3ZjIIcAM
wzDMpEEZyZc3ZO7jdC7DC1eQBm09co/RnhwpI56kEp2rtQqmRi1waXS3jqHf8EeC
u/X5xskoJlVakhdHteSMObqJ1v0cNnsSMYbHb3TLQRF+BhPIWt8wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAURM6vJvmBdyw0kwK73GhkCBT
DN26jSUwPbZg9MYXICPROANV4oU9gFTF0E/CA4JzCPhPeIyqGA9KHWEpEr9dljFg
HwFIg+jo0VVqa9yHyQ3NvPN9Bmm2fc9JFc9hCj9id/35tEfCVO8dUw2KctQaEPKD
OvoJfHrq54FwbCW5u+I/QszuN2U95gqNXg4R3GD3NFgB5vtUPk/hV26H5n0U98Wk
6Fqd76iQbY9SbqOqxQpdbDcNwdDWYHPDoyuXmmsgGIyCn17PdTcEURrPTCS059OL
oPJy7h8LA9QLdOjg31nF7sXtsJriCIpJ3CFht0fRdi12dVMevhTx3S0cQK1lVDCC
E14GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEECsbOPK1Byo8Yr3SVUeSGAOAghMw
Kd1hOujWtOvKraLc85HbQ5Lx9Z64dro+3EJj7zNUjPx33hYU+m25DXgdjB+ZsA2Z
1QtUO6MvLqsJKjC1Z9n3yrMc7gsom8PjF2KAia6F9x43EyNv7hagnPvawqKEFPCp
QLF3TTLs12i8rIcn8FwjrDlMqSmVlBIz1dvLD9JKiOKQ4IJxl6OjETniZvFZgsRJ
/PXZYzqq7cWoymZrPSX/UksUFr/8pc2AyQR0Ly3JvDZQ+3EykHcXQgRzqtT8TYyN
HB0e+Feo65sjxYQvwMYJJeMRjzercDgAwqYQ3XGroFtDTw+tDJdhIR8/yuXHeWuU
8PxAnaM1QnoZpRvHdIn3zLD6BalgMW98VSGFL54HQL8P6O888LxBvstfl5lTEyev
EnOUwa6Qx+B777Lzt9n6rvIrJQ5T+rIXBhH/U1RfOQtMxfZC5tSc3Lux5LPDSGdc
c5rM2nh26JCEpoY2FjdrikIJOBK+NUdkyu/mlCmjCFO3c7jQm6Q7JFdpG0qmjoQy
gZo8VL4g6gxq0mlaOG+pYK/3QUBAampxnx8kJ9zQ2NdVBEjdRxk7JD5fqVWa5tZb
RV4IA6bm+mfZzAviibnXI55m6E07wOfHHm/b+KKUmyB17WeKvNm3Z3iTkOtViqun
tZnXjyhVA9fGdwaNYs6njkQSuwQjGmjmLtokR0dh6LMOXg8cgX6us34BHfP0yNe6
HUzXhL0wKLQmTuvbLBqZRcNZxVgeSNRViL/n/O8DlLn3kXJpNL+1WUJZQhBLXVIk
T7Fucb02kDhDXufsjRed/uMizdX6lNHjRFObGARZp/SD6rn3X+WzJV2BwX8xpEph
iEr6I9hrVDytdoBFsGt/z9FVM04kwp+n6U02ipikVQdKPt1CpsBYkBzwfDaPFOmS
kbwuLZhZ1nj3tkAzv9sx5a/z71v92S7LVHDycnUcuvNK4AZB8wZvSXz/8WPxwk3O
zmdeeSsn6dyZ5Q9o203Zq6/7k9YhkYD3LDS3XWRkpJMfNmjDL5WEr5ifxVrIq3KM
MAEOs1tqfBMWF4AeA0KOoHa9NAhzLCMsfxNEtXd7l8Ur2JKkUGxtmCKD/3ep5e5S
smIS/Ty3aD47LQYD0kjWhvTnQF61v0vQHrEKLmf7rlrnAwL2fEwfnMvNZTTiTN4I
nfL1m49CxxzffSvlOECTlKs/RZq7JxcfvuW4qN3yjMKy1dwtRZm9pU5+R0p2Hn9F
C4nZQ4Dre2cPdM1JmvimOnVEyc37O3Mi7hF3Nuf7H2j0g4yTMu8Tuk+8J0OKukQD
dNz95Bzj89cCb9FJyq5h4Sk+TeVqJzhONpL0Q6f7xrJeJZVefq4RhMMtfFYgNAeZ
/G1f4xHGXFug9okJXFSZCcoLYv4qek5OjJrbWM3GeY7lj9ClxFbs0bqrtBXAImul
60G7uEJdsFR2wBLyv6i9lCwAVKeBSJx6FdfzKzRqsHYUFsMVeNw3kYPbbsXyj3Mx
PLCrB8lP71NHtIEHPkKFgTPvEaVWzXMvz6YA0g6mKxVjI8iVFSE6JBJHtaTX49kJ
w2XXS/eI4DD8y5exJVt1Rb6l/88eh9IiN60UXbUXmtDm/cKnnMD3Nt4H0weIygvU
BHMVw3+p6Uoj/E3lDExSGIX1BTveRZVGz11AOaz63UGz18KCzOhow+XJrLILJlnH
8MLEF/BarmHe5+O9XHF8otpOYPmdhL8RnFfvtStTthxhp2smd5IIblm13hj1CuV7
KTnVbyBxKX9utmIRmlSyOdvAMR2+jzloNCUTzWYCu2/IcYw23gW44pFQdUosKmyf
0gyFSNQVQJ+CKADEID9sHWm7yBWkkNEk5jExDn00qyU6B0Wr0i4RYY/J6LrQGMWG
YliQtmyVOfhDjzUATEAGumxVBWbCycDAl1DsEp0hSckgowk8aTlXo6tWPeXv5iMq
bCfxUGLY8gmHEf7n+v2yLoCJmZSyTMT0Bh0PjINnNYRWQnsdR+CELSxgmbE651K2
abaYEX/jBZvCvgILPuAHF14WVVHj/BbfMZTfxTRSnjZIKhcP32Bk42WIuo+Hkhtk
sG6xsLi614VAqqtRvpDzMK+HsK8YmyCT53d0mb9JEokmuOV4GaMRluaeBGxV88UK
t0tTQB1VZ+/kcSy7SBBuGtNz2kSapRDUjWgXnWDzMdQeMc5rI16WeCRgwVTiRBRb
EWrsrPtG5u/krSm/wwBdd3m9VDOmlTj+lUoH5+OXeReZjb0se7uQt2W/V/IWpGMy
EK/M/rThL4q8JjY3SNmlzYv9mtrUy+eoFgf+efOiGSfCynfnK4A12K9LPFvaPnS3
qcTH4FVjufs4THAfCp5rEoaefUzEY12DBYdLVTNMfKr517bnCs4wp82XGvf4kHJS
y5tM/H456uv1wQRDNJQ321Fbi6xkCC/KujRMYsDsfLgo0VSlKi+wVOIH5cvpem57
cKrgBwNyUYtk4l/s6tlSWNyDQvFYqCrhN5TEHu+JWCK7poGBdCLzUTtSHJeMOH0x
Jr9K+LiBnscmgDstq67x0rLwhe3r4PM8OcgSuV+Kz91j23RtksSghpeWe9vxCnkx
NsZ/ZddX8ZdNk7uihJZJ/M9/DWEGx4Y12Mk5XI0Shb53ZmlO3KuLlkN7qj8mdOp1
3tfr/FB82zXo5Hk0C7U3Nej9gmqr6SO9kSxwqPa04om342FJuYVZgsfwO09gSM11
Z5bYKrQ2ml+/oRawRLuU03fCM2tV+thgi8M9SIwl3FUZnGevyuGyudbktckRa4FF
wGkERAzpAag836wt3zUWbP4WyZpY0u6soeARvaaeYHpxNW3G8nI53fhwKlHeK0ac
geqC9Z7zdkDZRL6gqDjqZjU+sQZDoFPIRh39zC33YkOVm/0CRg02NSIYQ7C2tgxy
uE3UO6V1L1wbXcBkEJQ653/JYqUkLAOZ3bKRp7FhgJBblLg+Qe1dvg5zFPoOBRDS
b7RNyc5ItAJnciqpH5048PvvUgNwY8fNuKojNeK/9a1GLiE9YBeorWVb+rzkenxi
OgfS0LdgszpxfYs7ag/y4LGCN7IOa3rZ2Kshkq0uD+TUbcdni0vWPVco0Qa9VPjC
UVlyypzJdT6cale8SLK75/ABiIo8SEuqgQLbz+diq+AEPY1TlDW/isd9hCGDexFq
ZrPY/rBXLqA43l+EwqfCdN0lZLOaEvCJ3T71Fwt0JoW+/nn5iG3qfj87mzGbMLK2
wEzxxJnFYW9w5IWjL/YlplPRnNZUm6zsGZDd5x10tW+CE+FoklgU8p/MceR0oEwo
BLXknBDjaq0EDLocgmqIUrSvtKOnDgxgDCCqy3+DNt87YwunGWUFhjiw/SwSH7Dc
ONvvTVsJbMVS8r7G8oJXMGJ+OKpslVhQ0iZYILDHeX8hoUYyCyzQ/istgAVJ6Lvu
f2nhjw04Dg4ldYGBPVgpjwPO7dYaaPmn0pR7qbl7ui+FxLwGKZi3BQk0h9AUY/n/
BkyvsSJgx4TEL4G8JVgEm8+Zz+yDmNu/wDrxQrdIhzd+ws8D9kENuceuM1xM543n
nMOv6d20FygJFaLEQVgVGz+HlsfdHHa79vzSP6kz93+1naS3j/0iNThy3e/rrAAq
ORslyqepsr8XtZlCynxKrmGOpDHWF12iKXJdrN6YYgfhBgNXPuhwlVgfhiPny39+
j1SB8vXpYP2EW0EiiY9iwk/OsYxqsZz7RfvtYobZVBC2AuYFxeK/FfBsAMtFIY04
qz8/vrw7KviAAf/bAASBIAGfre9pwE3w8YF8OdQVk/3mHDs3Z/9v4TO5CKRBO3cY
5fu+GpSBS9EzuKvDmLOIYdq8SyGN/Q0emK3D4omiiklffzGH/Pj6pH50LCsCBhwD
PnathlA7jZ4+NURX/y487w4gATjTv1i/N1gwHxotOln5dC5X/ZrTWLcywS7GATko
2/y+8X5IE/0dWiv6tBkRTNIdBuhsuuKEe8H1rJIAoMfhy1xWIgGrfdWZNgeO8bJe
CZBfDI4NEoO2nOs9wPOWNHkkaTu7dRTKvxFiPqbwb0K7O2s0vGtnLb6TWqdVE4Bz
K5DmQXob00qX+srs2ULKaE9VhK4agziDGBIy7jy56PmDTO71WG5mGYZOLnVjiAbR
dnvia5+QGCcmwNHNg5EaKWOqul2ekrbN76wcT+e5indntAK103nrw82SR/jJIHCD
B+bS9FMoP6aIh04UWR3NQ0YCbxQzAqRQmJK7aFeBK1k7J/kzX0kEaDcRlqdFv2fs
QyiFnY04Dj+lsfGpdP3rTx9cfi6+bM0VY4aDonF1YZs46bLN2rdMKvG73fFZiCnq
R8yVA8gBre3x52tTvRqQxHAKH8CeBGBO5IZGYbA/d1uFpix1cBef8gpD2zFrfR1J
E0cd364G14p9vD+ItE+hHV+B504UmDeyN8r1ACUcPcYXwN9uWwqh1NAsPPgA72x8
bVC2hNGHzAn0p7X7CDK5Jj14lwxdRkOqntAeDZMaYdKzhS6MVRVVXn5e/0g2pX/z
V2rvaDPBWiKgLQJk64OJeBGVXOnLAJUqyKd/JkFwu0ON16lyG0kZ/YBduLK3xguG
YisTXzkYZod+4sbOgoix28Q1iYzMvtwqZ84qW5VcjM3nkdUa0UivyQXwyXXJ/Wyf
WWJkbLKfHZOtJP+Q8RNMYj9oQpqNl2ANd1+PBc86tPKi/u1V25EcDFgM3FFOcgr1
BKNNw3R9WCXJhP5ym1op3hQv/gI+45iyzsP1G9EtMcHhajM1hkagpKMW9naT1aFy
oi6h3jMatP+EQkO1fDYQo5bAkfvVJ/qDiVjLkz7CDNQsBcgx/XhV71iJkUhQb44/
KVGuAAuaYogwtIcM84doJvxEeuPTSObKUunYNHD8tAjrcmKwhhh7c7ihkGIn3p0Y
nDKb0sri0yQhiswNEUo4/lZkSoCYUx3xYyxJaUdkMJ0vuD98Afz5hIwD0WnTYQNT
T2YdoZO+Q2WotvcFyeVgamczb8nsMX0p1QFmbOoeEOwovWWLdYAH2uIIEecKs2Lo
1JfP5SOK8BtM08pdiPqycmf23sEkQVVI+EhPZNbmQUVrYZmYSHeaJPcrXjDK2gIE
997lSp8Iw9bZuQHg6E4Zb3AgIwQlkAJM7Li/VFnh31x5PivT9om1DDqQEUlQshZH
FudrMJlJ4Tn0i1whm33rC1LBElFh5e473ir7kFDhrQlztOgb0yRztTecyk8512PL
UuHX0SCmSCjzoLtpdyvwoVNjouKatxP7V7lrofI2HLqAVCbOdtdGsFREn4cGhi0r
g/l1rl+xac85KVf1k9SN0C84/WaSnylVU5/vNzD9ycargmIU3RE0DwU8X0C8ECUg
P1e6wdpuqpYK1bgtl9lG+2dsoFGBdq4b1qRry6reI8xMJwdcR9BWVKksRAMbSPBh
5gFhER4dG8cKiO0NGuL08m74UKgA6vsSz3rJJ5NyXvTGt1vP3j/EuWOUbOFzOSv3
Tq7q4N3yEgLSayg0YEvO8JY+0R2+1EQMTu9I9sv8dCRw+ALR+JI6vJ0gYTLM7A22
l3v7b1FlDWouT+RGrokL//Pnt99uYolCKnRte+LsGZ1/zk87Wx3jxdPHyrWXPzqt
VUru5O+u2x+xDAsyKiEzMvq6SICG5MT95vNQFiMcM/1cSrSsl5eahhigcdpuK+3s
gCkMyScHvy0iGrk+VAaarrdSwpMT5poPZbudr0K+K3MD7Y1Cp9o7ZBT1rjvKCNIW
vpwQdfVSZV+1Ji5sfyC2RLy7+2vwRU72yB3DJs9rFLk9XfjLHiv+BmVW6Ql4tovY
mn45thtn4zYQEtdANkR8aufQg0A+BDQg3XAQicCb2hhyH6j5VFACh3MPDj1tjy+r
YNi5VcHj1ccnXsk2EaYW2y+SkgcGg/ywmPZ50B/I8GLJWNeb7Ai5VBXCWfMeCIz0
NIPzxwdN+mceK4MfBFWM3GDi0hZM72hzMN4pFN/4GeLPEdZUNlOkNWT8hKEreX+W
PcL0faa1xbpEUTfWv6Vviq9VCVkc5q/wxdL1irkqLNR5Ht8PyZUjCH9GsVntgPu+
UDswKkNICxi0rUppHp0Nzr7HRH1Y76htABrX+wyFVtA6ttwbm8nNqSVof7wb0pYa
cHYMfJDCVJvCLCLy/sePxzwGbH8bW/Va4ebVQfNBgS49ATHNbv2HfjROYqgWAINJ
l8L3IqyUROBveA+3+a0wEZ/kJnlIJppNGqIhuS7SiKUBXN+lHvxoGAfeJFN8uQ2B
C5KuodUGgcTbVsxkVDweTfBdS8bG06OIAklSXvgE614E146DNKKlqD3nc8xDCzbN
+YZ9VjShMxepn6pJ06xOKW54NVTa3zy/R+HZ+/WixdzkAcn8gog93ybxg/9PhAi4
VauRPmbhrasLdiZwGyQ65shkUaJMwkjY+BpTK40M5KUV4yLr0ddkzbmKWo4Q50FY
NMc2AtCg1A8e9ziRU4Y2MD8abcs5S8rOKk5/R7o5gJGNHjlHpn9Xz+7fTpqtYqIf
UY+YJhE+LyJW2uu8Gu1tTe05BSdy13E367FpALD0ZTeQHQWKmAckvwjsQ29YcKFM
n5+AmwDhDdpWKXih4nxFgQ==
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-and-encrypted-over-a-simple-message-header-protection-with-hcpbaseline-decrypted"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-simple-message-header-protection-with-hcpbaseline-decrypted">
<name>S/MIME Signed and Encrypted Over over a Simple Message, Header Protection With with hcp_baseline, Decrypted</name>
<t>The S/MIME enveloped-data layer unwraps to this signed-data part:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-baseline.decrypted.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
MIINkgYJKoZIhvcNAQcCoIINgzCCDX8CAQExDTALBglghkgBZQMEAgEwggO7Bgkq
hkiG9w0BBwGgggOsBIIDqE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw
LWJhc2VsaW5lDQpNZXNzYWdlLUlEOiA8c21pbWUtc2lnbmVkLWVuYy1ocC1iYXNl
bGluZUBleGFtcGxlPg0KRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+
DQpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6IFNhdCwgMjAgRmVi
IDIwMjEgMTA6MDk6MDIgLTA1MDANClVzZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVy
c2lvbiAxLjANCkhQLU91dGVyOiBTdWJqZWN0OiBbLi4uXQ0KSFAtT3V0ZXI6IE1l
c3NhZ2UtSUQ6IDxzbWltZS1zaWduZWQtZW5jLWhwLWJhc2VsaW5lQGV4YW1wbGU+
DQpIUC1PdXRlcjogRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpI
UC1PdXRlcjogVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpIUC1PdXRlcjog
RGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDowOTowMiAtMDUwMA0KSFAtT3V0ZXI6
IFVzZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkNvbnRlbnQtVHlw
ZTogdGV4dC9wbGFpbjsgY2hhcnNldD0idXRmLTgiOyBocD0iY2lwaGVyIg0KDQpU
aGlzIGlzIHRoZQ0Kc21pbWUtc2lnbmVkLWVuYy1ocC1iYXNlbGluZQ0KbWVzc2Fn
ZS4NCg0KVGhpcyBpcyBhIHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMvTUlNRSBtZXNz
YWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0
YS4gIFRoZSBwYXlsb2FkIGlzIGEgdGV4dC9wbGFpbg0KbWVzc2FnZS4gSXQgdXNl
cyB0aGUgSGVhZGVyIFByb3RlY3Rpb24gc2NoZW1lIGZyb20gdGhlIGRyYWZ0DQp3
aXRoIHRoZSBoY3BfYmFzZWxpbmUgSGVhZGVyIENvbmZpZGVudGlhbGl0eSBQb2xp
Y3kuDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1wbGUNCqCCB6YwggPP
MIICt6ADAgECAhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUx
DTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1w
bGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2
NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL
EwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnel
N41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i
2GMt4jse2Dqs165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNH
T82S6DgCReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+
ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3
qFC6vL/PGeWy6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgaww
DAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcw
FYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNV
HQ8BAf8EBAMCBSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1Ud
IwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCB
SXignLEynBakDKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9
Ii6zyBZVjdaox644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz5
3PYDBh4zE4Nar2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/
eDOdu+F2MVtluLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744g
qoeuD9YSHjKK49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXz
lEc2tUpAr4vRhZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp
1zANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q
UyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1
dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExv
dmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5N
mn9PkrYo0jTkfCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDc
DkY63PQWl+DILs7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFt
md+K04s+A8TCNO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJ
OMayCQtws1q7ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFec
N7836IPPdfTMSiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq
90njlsJLOwIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpg
hkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0l
BAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0G
EhyXrilqkBDTIGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTAN
BgkqhkiG9w0BAQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7
GKJ19naIs3BjJOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd
6XaVWHg4eHIjSo27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7a
gyHahiXRn/C9cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazg
PYgkLD59fk4PGHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jM
hwFXLJtBiN+uCDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9C
qaJcOvT4as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3
DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwMjIwMTUwOTAyWjAvBgkqhkiG9w0BCQQx
IgQgX3dswDsmGjwXzejaB+kh8kzNOiNjkHpEtBXbJ8gjT5UwDQYJKoZIhvcNAQEB
BQAEggEASC6sf2ioO3Y7yVOzy/6sbjR6suLfigryPkvaOvuh1aHCP/I071/j3LYL
nER9aCGoEFXzxXzI1aiTjwlQp+Fg6qNz8avFRbSvecUpAsbihlRbbOSirvNwW6F4
McP6cbA4UR6M52M4mE8buxvDtwf6caf8gwtx9XbZy9a/FSr1YqQoB9ebotZDadDy
sh0hjzMTjvHbq6DTPytem6Dy7rBP7F32Z1SHNC1Wc2MaW4NKejRxubh4kKpopRvk
diHHADbm6WUwa3IsgU65HV7X/BkE4vQcYsWzYjqyA3WjpZZWlYus023kqug5sHX5
G5uhNtW6SURCQjN+d6PNa182OqCW3w==
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-signed-and-encrypted-over-a-simple-message-header-protection-with-hcpbaseline-decrypted-and-unwrapped"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-simple-message-header-protection-with-hcpbaseline-decrypted-and-unwrapped">
<name>S/MIME Signed and Encrypted Over over a Simple Message, Header Protection With with hcp_baseline, Decrypted and Unwrapped</name>
<t>The inner signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-baseline.decrypted.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-signed-enc-hp-baseline
Message-ID: <smime-signed-enc-hp-baseline@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:09:02 -0500
User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...]
HP-Outer: Message-ID: <smime-signed-enc-hp-baseline@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 10:09:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0
Content-Type: text/plain; charset="utf-8"; hp="cipher"
This is the
smime-signed-enc-hp-baseline
message.
This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft
with the hcp_baseline Header Confidentiality Policy.
--
Alice
alice@smime.example
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="smime-signed-enc-hp-baseline-legacy"><name>S/MIME anchor="smime-signed-enc-hp-baseline-legacy">
<name>S/MIME Signed and Encrypted Over over a Simple Message, Header Protection With with hcp_baseline (+ Legacy Display)</name>
<t>This is a signed-and-encrypted S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Header Protection scheme from the draft with the hcp_baseline <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> with a "Legacy Display" part.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 8085 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 4968 bytes
⇩ (unwraps to)
└─╴text/plain 414 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-baseline-legacy.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-signed-enc-hp-baseline-legacy@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:10:02 -0500
User-Agent: Sample MUA Version 1.0
MIIXTAYJKoZIhvcNAQcDoIIXPTCCFzkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFt/SL+2acYbbnElaXwsZy3nS97+v4FjebWx
L8Q/BXPJQQFAqPwXiBMf2vbpBoVz/mq7OOwPiCUbgG6IT2e432SJ72N+FsZhClLH
WSRu50QqqkFTrSzomm0iCcPEeU6dOL2THdDH01Ltp5zRarFzEFzXmjEIqVfHXFQH
2hmO7af4Usxt8cJWsLaQ8px6hm4KqSpwKSLEeXK7kiDYKJDsLlVeSHDfqiJfkoCt
iajW1C0MfjBTvD6upSlusILp3/wju0ZR3Axjr9svkyGBqkwQxUtNUev2JXxio+9m
A3xYUsHLgDjVNlImBN3q4yQfyTg7Byl5aS/WjdRZd4kB9Poj31AwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEApi17wPDNLbvOE+snTdjrgHyQ
V4DGBR/WTMW8Tzd7Zm6nh6h4jX7x3FX8NkyE380HkFgzZ5yitz+kB7WtcMr2Gij2
VBdJi9ey3pZyTZ1TCkwnF5q4ghqD0vfoPmKXIoPOyQUP7Ak9+EXA91QPYaMcTRxM
jvibAzsbnwQmmvnuuvlLhGqqDjv4woTJ8F/yOxrWaidf8nfWmCEzMP6kYl4sDxFT
xxm329jXEQ0olqYHzyIgYhRklLW09h2TpC7T5Yov7NfWZyQZA0F4j4TW9gCfmcfb
pwP5tcbzkxpclkklBBlnbezpVEMbMsaLCcY5c5RDRLPJPdhYKcUztCeZKbei0jCC
FB4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEHMz0B+KARgbNWCbbkfBkqqAghPw
J7tgZJiuXvnsaLW0qpJfTfd1NW11Y6uUmPGbbp6ukBFi4Ri+coXutASHHc8pgQMd
In4vIs48XWLTlRUuotY2JfBWrq67pCjsfv/s5TyRzEaBDC/lwYV0m7UdWiko59tY
+yOXqz0R5p/Rjj7U6RePNBv+QtQN0zXbECJxJ19IGExL14ziddgXGejQcMOJuxk9
9AfoctdteTMV8H3Keg+LGhbUhwhsHv+o9CQfWo/kEAQ9On20Zhb7ORggCLRJSg3c
G1kdv+ph3umi/bGZVupvdpKqBQe5nSJazx2Ej9jkcBX+W58csvteME+bYexzK7X2
v5d/ut/lmd+Ah+POkU+ZVYIAPHE5ORDrLSZjuUC3prtksHneNqx+DwA9MnjwRa4p
seLZWRCoEzgubftMk1zKBDRUJ9WCHxbvK7hLmpGRKpNHyHUAt4uBbHWERXBqvSG7
rmsN8rl07panMefhNZAf2r1wc3dEVtwoV315RFboof5sPyVaiTXkP3KlGC4JeKsn
3nqiP8sgNlkX8FLj2i6GDJYdcUCyzfURMGFGMqwvtqFIgN1TYJW35gFCitJYCAvW
MhUseNGQzlqigkbOjuHxSsgGt/OUwJf/5mhK5cV7KTYstnbF8tvxGTo5MFaRJEsh
s/WSxSQcr9P1T3i3bLQ3lYO63j28cWvMzrt/vZ671WnpivPawpSQlMePPKKHOqj9
ZLtf2iIc3Yn76ir3v8SSWpGsOBES8s1lhM/jEt1t5H8xUfVNz+WyhhnnL/3kdhv2
xXpnuSscxiQja9I4KOhqw5gHW0t//vnNZRRCXhWiVL5rEx0kK3UUnSJm63kkn+Q0
y/EykyK3sLCTSDQIwdbe3CoXq+smap61qDQeHgpBnOSz0/Sp1PvPS09g6fOWn6mj
ocXbrifW/y/uafC2Bs2rLEtfq7Tts0T96urEOBI95bEF53OuYj9xLahALFmIHi8p
DgHNaOymQcXwkooCT9JG5h4c/pZcM6Vbde1v0a4Nu9eoXC/ZIT7zloVV7e7aYvEz
QXaABEmmmHAySmPpBC75SegSLUsHwRbpS/AGQb8LStZAX3mh3fsDfHqcWiKAkin/
QZ2TwDanvMca9DYlWFX3WeWte/fQk4uXEEQdPnLu6c6q3+ls3seauYpfg7pnr+bG
50msWCSg5HDBZqlsw07/cp8VXSXYlI0xOiKZ6gWFtkqcDkAEX44eYW9OQ0V34fz8
yec/JTUTvLVoVRRjQCsg89Hx4dejSma2bKIjIdrF6HJfTwhs+XbDMxG5h4t2++/S
KFFDsmPtYjgcbQEas0ELKMdYTtTWy5jq2L2nVLScheryfIN1vq1y2lUEpK33c4U8
vCpOaVaRvylCi6TaWKjh8JlfJ6e/Sx6/WGOY0wmN9pYeBbRsUmSkjtV6TofOodGf
9tP2VXt/2jsO2RbDCKp3cC/VNgttVU3l6H+R1DvasOJIcVVeDVCQGiKnKLrAoUoQ
6ZOGLhfhT0xSufMPUyvZUqmgbvWn4OcQSYMajot6TCwQ6YSoN8LlH3CX1vZR1tCG
STXkEQ9BIL6TwQQcyraRuBUnabv3oS45HNIZo6uWxBDfS7jHYgdvtJVko6rKc+yB
nXoB9MufZfK0RalSFG5n6hh6wh5DK1/5BLbWvym0Xwp55fhiel82juyG6s5m4LFN
VpeDA1Xyu7yLIHwfMrKaKuzo1YWNU4mTjy1Y+v8WmVFlg3jiDLJGBN9XKsLV9tBp
chbN5lco/RJh7A2Z5FUU71sLFwbBpmSdjK3/H9jtg61QwqozKwIAcPt+NCUdiZE/
DUz9L1ul4qWd5FkoiuXVt7i6/FJUhtMWrP1xBtFXJDx1QQcYPgy9NRzJ07DpGWMK
XYB2aVIf2gGHVoSlO3HGdqMJ/eciaRNUT0le35MkIpLh3Myv3gv8xIG2ue+uiiJ9
tG0tmbpsG4R310t/KV/L59AaOX6y8dtrCoOIyD8SI5QburVh9FcXUxphMxgKle9h
scVHp+KYSLp6cx1zlE4OMUL3ipU+ZLpDKCM12VQS6gdv8xyr38c2IGg23QCk8Vfw
DBmKjJ32FaFJFgjMKcnEqpSJC2w3/i6odPJDNCV5kOQuQ6RTUaJpMLYcUTIlVtiq
5wGVlXF0PR6va7B2IE4zrjst2pQ1elwtQDjR3bwIQgL7/scNeTzmgzcTwWP71HkL
+xSoCu5bCxALqGOzZplcl/v/290M8sN8vDB1OR78YM+dbxej64BzaGaOGDinIJeH
o9hjjifOUcwrKuVRifpTdct+rPpKXkXbI/IyFMEeVLx1JZTLi2i7BcChty+JSUUV
Lb8RHEyRZcx/O3iO+kVqfGUjaEw3S52A69A00/tvFDzE+Yxe/1M6RZrG7VanhtwC
WU3XzKhg2Skm8KNTcG/c7cRw7tzZVwHpXHh16at+9GoIsXA9tiT5keFKJvNWWdV1
U7EswrW557JnqSa0V9WwhWastP3LaAGDsMuseIRDCg65CUMEVC239q6eXX6YBE8O
FnlxN+WluVNp5Q2MAX3nTt0Z4B5R7E2qP5jBL1L6sqzChyIBM7BBi6Z9Enz9lqzY
gLZTW7s0r2Gx9513voz5BbPyM8S9f+XzURH0LBbrhoIR9yk6QswNYS7RaGJREDL9
zv0Ird6mvTzRC8G47lbOY2q6TzU+SNVu1RVUdWj8X63SaU3p8F6HPqdItIfPc28C
NpJDpeMiAoMFt/Zd9ewDUbCV4aPMniYUNQBhVvfX+CFbtSY3Nn8MVD8XN4jC9UB3
+sECae1zD+hAG7j7vqvryKksejsX4tLrN8jIL+PhpU4bsTdC5kg3TAVQinf4Umc/
RcUaaMZItTuy+FG48sewznCd1E/6eBQxXRKfoHCnsBSgimiwqX2wvd+qvpgEzr7v
UTJgy+OMeTcbmnRz+UYIzUQrYYGGtg/vFYiKBM15xTu0qlGGWqC++l5V/Af11lp6
4wYXNGSwNkUm1L6vqQJPgCfJs4L+onRRzLrzVkBKQfZVSs7jHUyiS9ivoYTP+I7+
zhiW0XYkQYf1dcIXwGmVYD78tdv7ip9S0sJTTQj+WdWfdWNP4BP7H3DGKq3rUbts
y+ti5/9I5Z+k84CBpSO6cd6o2ByrHeAnqQ7Ti8GgM2IYvjijO4YFDxKG1EJAvQVJ
MXKiOVIh54rT/7v75k4Dc+uysC3r/7o1BQESxOC9H6J7dHGlrPOAJh36rhb59SlU
J5ea5IZrsBkqLS+3xMy7hlVcVfhuKu84zwD70RftXUqoC4i7NCmmgGZElrQ14sOf
BkiiIqTgHEAr3A8bYFp/QVdx4UVQAwPsTkN0+Gslhj6WJpr+LHME8tesFg2pY4tt
YVMRWe52oVSH0FKmhz6CR6DheUSiPbB9GZ7aYpodNZlUgGB2iyl6qlBHZvH0scFQ
tupRY3EtfZGe26Rh2btS+xrSwph9n2/2apD3jlPCdJkj1yUA3iVybjD0Ks5NCsTB
7hO+V5xbMChDb9PXHx8i9981YLInLjfkGgDA5V4HfwTeZNSMHYpKLQYaFRFyn0ud
ecgQCVHXnC0amgU+bQfreBpMB+PI8ouxR/W4jIrovx2iArGVhvcLdl66IvOO/GF/
Bwa6nJ2VoAfmbH4DF0Q5U6KjJklTCE6oGp0K14ONKy5Kw6nVAmvIcONsYHLDVAY9
ba+0Tjoi+cZAuKLmK4dXK3U2fMOb+tPqqomwaEkQVba9F8lUYdX7wywVTwcqDS/X
hl9CWPW3LKlW0LfMEfqWTwj87SCoT5wF/thc0nm6GTAKwEmP94AbUFtb8kqUxADq
yqvuLKo9tdab+ehAz5V2QZa7ObwuvmWmWGMU6g9i4zEXL4DTVrJJK9buA0SviZc9
v+OIc+fEiF3KBH8vqbfHkYdACn8ElbAYPmDIVbdNGN4+sNmSpCWT+vet9xcTUcU6
17g88jgc4vEEaWO1AA8G1khzRJNNzrbFZusDSGPE0CRPjOEo3zu9/nfAN+yXKuBh
zgAXM3VJmCbcVd95NaaYaw/D9/mm+buZf39tMVlPdUY36pbwgQtT95hfoyw0SAIM
fo4GyIEpd4KgQZdXycC0JJd3T4WPV7SCla6ErduMwJ7qBa7MG9x8HfX0kPNGIGiu
V2UWih9UxvY7wNLfqnX2CV+XLW+iwaeJo3zYzKIAcuFEz55FEl++mELC04gwmAkd
Eexou8/Vig1Cv8y/S++bS2YwYm9qZFRHk13zMS2QdcUBkqaAGF+/dfBka4lDlHVi
jqIAI5d5tXPq512OV3bJtqP5QNb1GvMwO1HrXLgN+OocomZfUKY+XejI2mrgF2rR
QhPYDiUfog/tjpsoZZLSjPfscqUkg3gCqbw7CXOgyU+Qi3o7u/p1cXeBdGDYbqfE
V8dG5owCq+LliK8PP/mi3M9hxvC8NizWmuI0MsRRZkcGB3R7E5MomZxKilhfZgSI
JRsPDYZmxwvtPdVo8kQPpVvbmJsLhp6AE4qoN9pGam8jEpFKD5ju1KoGGeN4Yrrv
3171UGMD8VdJJ/aNWucKViU3jYCNlcL/yOMy40M/KDT4pJt6ipol0O6ZXRDcLnXB
X5wuv/nV6tc/Qa8kW8L0dqcHyD94/Hyt2dtkepQVS3YBOdimvz1htXtlbR8XM07K
iYlF66cIm8dhfV93DhJcyInJhMRNCjSrTZ3saDQZGeJPzOa2kI556YAazjlNgAQ/
+/fL/mDldK+p9euwIevg3xeOl10jqdpTqe9D0PjtjjnVWEW9y+0zv4tFESMh8g5t
q9W9RJ5oN/C1vEFS69BFkSNP8gGiMngv3uxEXDmDNJQUCfwoStlItxIxcV+DjoS7
EDI3qU0h4Cdf53o2dfpc4+yjbvNSsassRr85dH5GmuMoYQa95y07YhiZFSOVRasS
bpcNbTtrqYgLtl2WyyvWnmKS4+IZPeIePdnOtu33nh8OouE0srONNDQM2I8BWE/Z
PFRXHPtlIDrPqciGG13snBoGfzCbGI2IYrBONgaETvBlBa7AV/in8I2oPClWTmNr
LxzJzI7l6iRHKxT9SmLNAZ2kUnolE0B08+DWWyn6+bVmrBv16XbaZmo0JnTJbCSk
IIJGz+yGlXHaIPLdIn3/ouOKdwDtBRwCGdE6DgcH0TCGJO0A73vsXIym45HxZ74n
Mv1mdrdyuIZr78JM5EOlD1czqspcCM73XZnRgT1DAfJtDj1HT2z6jsrlepJHAzxo
pBrJikkl51IkDlJp0IztwRa2a3Nscdr1KKd/FUKQEoj74ga3Lw8cSmOeYU9o3KQe
DzE02rVFbdFvgamhqYmdRiyKrRXLUmI0IpOs+ftAXPWm2MDr0YMlFTIHppaVT6oB
ICc15ZDoUoDdLBBwFztNm2H8UcnplrXLIZQEHOYnS55s72RPMlWcIdIVdZt/+Od1
BDgtMBimGJ7PmN4Qhs26ZxQkAaZBuvceWkiL9ZziIDQGbzJ5cwGMaUGGzF9nhrBd
3bq0friQkI7KcDKwVnyh7sWBgWJfM3+tdRMPCaWDgJ68V8wpd+qvVSQFxozpV59W
SePv7MwQddmvAVot+XtldairyZ29lQtcGPxIPQzyqoke/f78R0UKqG9ugI0cB0By
UR2TcAlpcxwOpEApQBboziLpragIqhd5NtEj2RVD8e1dtOY4CD/jxiVQKqJTTrun
nWBBVWMZOB6pMwoqDJAqjjRPOuaTHBMgI93vjllKfYIDcx0jZn2D21ey8J/LQJjn
rHL/XxJubai4EyhkxTmrafs4VZlZtoc2py99Za1zX90fu1dBXTQ3NdC2qmZ73Syk
SiNy7kOF8aCBcVmSbfcHfCZeKusCGe/KUeGbEUHqHxog8x0PJX0Zp9cMyc8WlhiK
Ky6x8BMTh6/GKHoi4ygDM+wcT06oh5pg8U+gJeDBO+m/TVQkDm9jWcPFqiTm6plb
48KuuU1jexO9/WXIGjYP5rlrViBRIQ1kBCSs/ZGgT+xHyL/U/8YzNtZo48pLtfKx
eKN725KJxEziRXGjKRjDUitJtc0KCYeXWWkgls2hQNkg3vFt+moLgV6UVnZwg+Tp
Kkk5AlXFBLDQUQHIZKBYI6mmzJntMMhtLtE7qR0S31wOLQxgR/KvClwJ41MfqXxS
ShSjgu3ZmAun4TIc5Er8xHtL2fw46cy8NMAAkMZgGRA5Lc0jcbgMWdqz868Uoumn
CABiaM/cw/fLIc9/MVDFrBM+m7GrJJJe+8+GaY9tV+psxo0SVGNI2kqoXVI0yrTJ
WhVik6d6oJaGviNjcZaw4C5kuZ5bKHUCiMLv05uAtQOOyPiddgfZXymBoKCjndge
MNRBo4MxXU9cYHzi0umhauiw9I3UG4HAKH75L+1DFf1wbbgu165dCSIo2wVTIgOt
zr3Y03kTJJidclkYzP7o2d80EMGftQQ4uGyEtowWJbEn0yWhss35Vs3Fyy10mwGM
pncS4Tc1dVGyddkDXyAZ1JvfFzsXnoX+38R5lI25aYHAbfij582/hv48FU1I3XoB
WXR/gIKr/hQ2cFLwHsiJlGRw6smfBGOzk/x4JhG7sCR2E0QmM9CYzmyhZAKXORaX
Ur75d8x99mIJdEO4uu4avHvaRouG6D9tPJWYIRioVDTPD1AU6qirN32hOupGwcz7
t8q70Jbv/tDpcLmLNX5VxsQzUfjpsGGvuz/Eq77raPG/TByissRMTjUuFv4BxS0x
wh//p9l2sJA4FWCA+Sr5YLFublQqRF1C3Vv0h2YEEz+sFA44u4VMmcCrwGBoJob1
4we46RXwzH3K7gRV/1tv2QB9pK4G8KxsbHXNV5RwVJ6xXI6JRvIJru3/w4nRPnrA
lRXXfx7senJDd2tXmXvYkA==
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-and-encrypted-over-a-simple-message-header-protection-with-hcpbaseline-legacy-display-decrypted"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-simple-message-header-protection-with-hcpbaseline-legacy-display-decrypted">
<name>S/MIME Signed and Encrypted Over over a Simple Message, Header Protection With with hcp_baseline (+ Legacy Display), Decrypted</name>
<t>The S/MIME enveloped-data layer unwraps to this signed-data part:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-baseline-legacy.decrypted.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
MIIOFwYJKoZIhvcNAQcCoIIOCDCCDgQCAQExDTALBglghkgBZQMEAgEwggRABgkq
hkiG9w0BBwGgggQxBIIELU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw
LWJhc2VsaW5lLWxlZ2FjeQ0KTWVzc2FnZS1JRDogPHNtaW1lLXNpZ25lZC1lbmMt
aHAtYmFzZWxpbmUtbGVnYWN5QGV4YW1wbGU+DQpGcm9tOiBBbGljZSA8YWxpY2VA
c21pbWUuZXhhbXBsZT4NClRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxlPg0KRGF0
ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDoxMDowMiAtMDUwMA0KVXNlci1BZ2VudDog
U2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0KSFAtT3V0ZXI6IFN1YmplY3Q6IFsuLi5d
DQpIUC1PdXRlcjoNCiBNZXNzYWdlLUlEOiA8c21pbWUtc2lnbmVkLWVuYy1ocC1i
YXNlbGluZS1sZWdhY3lAZXhhbXBsZT4NCkhQLU91dGVyOiBGcm9tOiBBbGljZSA8
YWxpY2VAc21pbWUuZXhhbXBsZT4NCkhQLU91dGVyOiBUbzogQm9iIDxib2JAc21p
bWUuZXhhbXBsZT4NCkhQLU91dGVyOiBEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEw
OjEwOjAyIC0wNTAwDQpIUC1PdXRlcjogVXNlci1BZ2VudDogU2FtcGxlIE1VQSBW
ZXJzaW9uIDEuMA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0PSJ1
dGYtOCI7DQogaHAtbGVnYWN5LWRpc3BsYXk9IjEiOyBocD0iY2lwaGVyIg0KDQpT
dWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhwLWJhc2VsaW5lLWxlZ2FjeQ0KDQpU
aGlzIGlzIHRoZQ0Kc21pbWUtc2lnbmVkLWVuYy1ocC1iYXNlbGluZS1sZWdhY3kN
Cm1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtYW5kLWVuY3J5cHRlZCBTL01J
TUUgbWVzc2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEgYXJvdW5kIHNp
Z25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhIHRleHQvcGxhaW4NCm1lc3NhZ2Uu
IEl0IHVzZXMgdGhlIEhlYWRlciBQcm90ZWN0aW9uIHNjaGVtZSBmcm9tIHRoZSBk
cmFmdA0Kd2l0aCB0aGUgaGNwX2Jhc2VsaW5lIEhlYWRlciBDb25maWRlbnRpYWxp
dHkgUG9saWN5IHdpdGggYQ0KIkxlZ2FjeSBEaXNwbGF5IiBwYXJ0Lg0KDQotLSAN
CkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQqgggemMIIDzzCCAregAwIBAgIT
Dy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJ
RVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJT
QSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUy
MDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
FzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cx
Qq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeu
Xq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7T
HNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3We
ag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukg
n+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQC
MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNt
aW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUg
MB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58
BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAyl
OvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeu
OA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9o
pwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4
oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPf
qmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY
1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcN
AQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNV
BAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcN
MTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr
+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7O
xsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTt
dg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZ
DQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj
0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEA
AaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAe
BgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUF
BwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm
ZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQEN
BQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTn
euK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qN
uz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt
9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh5
2MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4
DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg
UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnX
MAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI
hvcNAQkFMQ8XDTIxMDIyMDE1MTAwMlowLwYJKoZIhvcNAQkEMSIEIBmb56ZODWgP
A1SVa8da67RsNicfHZ2zJVUWYLTKrF07MA0GCSqGSIb3DQEBAQUABIIBAAou3+Ck
FB6wTfWUVq1ABIBF3AFS+wBR2+mDSQKXxlVCnt/cfY07qKDX2YsVkj1uXq3I1Ptw
6RHEtqtbY3iwAqB5pzgfcw7qZHDpRMMEwobNLzHBdSZwW+ljkQ3LvDAZao5c+Cmt
gSUCdnQ9Kvzdkl+xgtJQnjGGGNBiiWDb7NkZhlHYesV7QKNHTP+qP+awE1ZMrOP3
qBgIS1UH9nSNSmOfyTprD8MWoUKPkzFI1YUyPByE/QKjdV245YvYuZjz0cqn4VvV
2Y6t9DI4EmJJhay+P4EJwiggTjH9mJeeXIHyKpyELVSC5KCaIghQpTHV/pIH+fNs
WxxyPU2C+RwECSI=
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-signed-and-encrypted-over-a-simple-message-header-protection-with-hcpbaseline-legacy-display-decrypted-and-unwrapped"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-simple-message-header-protection-with-hcpbaseline-legacy-display-decrypted-and-unwrapped">
<name>S/MIME Signed and Encrypted Over over a Simple Message, Header Protection With with hcp_baseline (+ Legacy Display), Decrypted and Unwrapped</name>
<t>The inner signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-baseline-legacy.decrypted.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-signed-enc-hp-baseline-legacy
Message-ID: <smime-signed-enc-hp-baseline-legacy@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:10:02 -0500
User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...]
HP-Outer:
Message-ID: <smime-signed-enc-hp-baseline-legacy@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 10:10:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0
Content-Type: text/plain; charset="utf-8";
hp-legacy-display="1"; hp="cipher"
Subject: smime-signed-enc-hp-baseline-legacy
This is the
smime-signed-enc-hp-baseline-legacy
message.
This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft
with the hcp_baseline Header Confidentiality Policy with a
"Legacy Display" part.
--
Alice
alice@smime.example
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="smime-signed-enc-hp-shy"><name>S/MIME anchor="smime-signed-enc-hp-shy">
<name>S/MIME Signed and Encrypted Over over a Simple Message, Header Protection With with hcp_shy</name>
<t>This is a signed-and-encrypted S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Header Protection scheme from the draft with the hcp_shy <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref>.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 7760 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 4732 bytes
⇩ (unwraps to)
└─╴text/plain 319 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-shy.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-signed-enc-hp-shy@example>
From: alice@smime.example
To: bob@smime.example
Date: Sat, 20 Feb 2021 15:12:02 +0000
User-Agent: Sample MUA Version 1.0
MIIWXAYJKoZIhvcNAQcDoIIWTTCCFkkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACnWkzPI3J1YHJzg+y81VoDKI7z5vg2c74uE
gBsxorvh95LsdB/zaB4nLdCgQhV+XW5s1srqRKOioiQYbQi9txvMOzBb8ddZeIqw
1CGTLr7OXx5STs4flwJTYFBXOSrbAOYPGrWpHT1M+yIzDO3oAWJRy0Q3eRJW9O0Y
bC5+YSAjTdzdhMnn0483TQNyAun3CV1dTvQPEgrZUZi5/932YEN+sEA06SEPa8Dc
q8aH0843aTttnoRZGm+MGWOw3LWD/82EwRhucvLPhvusoKGIqGuEnvd0ETfTe3LV
CwoVEYotg57+Q1IW5dvio6fmXuvBARHVPOEf9K1Jp4yKgJ0Cko0wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAIYzFIRtcEwk97gg4gObZn6Ui
HpU7Sa/VV4edmxdBjOdBx1BJzDOhwM1kUXSqPgOZvRz9ehSGujeemC9uYfXhXo1J
AWf6ZW2i84zmQXkc23JlUwWajzraVfq6lJ17gy+iv//EtUvka/p874YRKnW6rDSl
PZzdYxcGKh81dDmwRWcvvNQbyMT21EgvjWxm5/Ca77aSseERt2LjnonrKRvSfwsa
j6NZDC95Pd9GplsvgZD1GfNmPtymQaK1VhRy53D3+Ne1xHr97C77XYdJQefaZH/h
qIB2PKhjo3hLpP4dCvBDLI2TwC2wIphQ5azqH3Lcv/imBYuVqZM5UTJlpK58pTCC
Ey4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEF5qWn/RJwrmJiPW9ewiei2AghMA
LYAJ/u8gGEAJbfFuXOTnN0ztW+UHE3nWkbWmNf2rYdRCTrt6/DnH43242t/LkEbh
2fk2eOyffUFnrHglZsRWqfn4UT6dqMFfmNDzgCIx4ZlqMUbkBRvn66S2/L/Sr1iM
wGZBfEAKhFo80ldzkl/aCaQUYVQfZkoI1clDg5ZxUGTVV55kirvTs0+PPir2ZVCT
aUhvZIZPsW0fJAqGjDxq29ByDe2hSxYftpiqequ+PHQuRLII7TEdUnZs8rOprsWj
gn/BkPUiYKAuwIE/QCgd1gBW+TPZRYO8TMeZHaFYx9F0MqDpOLjpgH5msFj973KK
cds0rJVZ2c3Ei/2VuxUvN0nEcRsd6Nfk+lny29hXuLCENLH5j+LlO12n59H81F5B
z0+29a1wRTJNt7ibVzrM/Bj9SDSPFzWrtaZ98UjnAmhTx/4X4O9XS7gEZBdbveYy
+c6Zp/3cUcWFHp64gN9Fyug+cTV6U04Y8X+DzxbFEeOjKfx5nzCy0m2c045cchGx
54vtFwihMrS29C3SXfZTRFHBT/zTG4PXkqKgw+ZbQYG8917ej2UqNf5+EDdK17cY
r5HGlz709hDJ8lMfDzfzW0PZ/60aE+OyvfZITLOZto3fUHM82+kZt09p9Gd81fVu
o4mrRTw5CAFbeqv0OpIKeHc4Buq0CnOQyAIJ9W2AEzhr13DuEHHBBB0hk1q+UOlh
AfHC00arooIC5q7wc8sBLJju35AO9msXje6mYGNewzZkVZWLYYHlwURtYbEkonJh
nct0ZA37gL9Emwi/byUScChMlx6IhPrWdRCAuiTWaJfmYR+Enq67wGrGPkU2U3eH
5XOLto815AtoouXP2C9nAvdGfwyHA8GvD28Ch8oDdof/xa4rZZGdLAsBxiUd7OJs
CBBfbSusJqoPvC4yfeR+66GLtvVpFtmVZ+mTir1ZXtckkn5Dn+NakfV2wWvQGTKF
/dzk6OQlu/cCqwBt2/Rr3+CNy1SgJLYstMPWJezWK5ATzmtTKZZ9snyibsskWXlW
QDjZO48lgWaeK3hh+EZ9B1P7tsvgR/E3owHaODrxmTgRGx/CCqlnZr0HPmPBg5h2
bSMYFybxr2CPgl0jrlNWvyZq9g8nFeVg3bqCncumOB57j1Rb4jtadlQRAHuvlpbO
mGcl/KzYqYUVq7/AcV/39O/09mW7xLzgpD9F7KSpC3KxRutZPG+f5o+AGTT7moxD
hqVtwYnZByekNRU/dcakGieb4ksjyeVC40c39Xf8QTfQWm2u7cEjnfZ83D6kwrdV
701NCvs3VCyJahysjUnzA4gRXuKzTI+GJungjP5PlO/DR2C3rimfqoEw+A6mpTga
SuTJQ6IruIlZTxfgAE41lF5RLkyAsMkFOHLuDIfaj6i7u/x1aDAY/9IDlwE+pA6s
IKx6dCyt4XIvTLNDkcQkjLMdl+i4B1O0eLJxanJdm3Ph+k50Xh1zNySbyy0NkmE9
uBJuE5gjjLCovq1o9rPR5l5YSZv0Rx6E2GuFkcbjCEh4WcOixb5CSDYgZSGZELGi
7smZ9W9WM1eadb8gCQIp00zdo1A7slnmG02ff03WAAXV1GYzg2c7UdgQdqhuL/eI
Q/eZhGeFFwA2m2e2H2tCIza1Ezmzd/xaeqChfjqxjanEUwBjtEuvi4B8hGGX4+0n
J8/7bKkNwibVQYHdEy+7fB716NJHrGTI7dzevIyqOWsZLIPYuIhn1SP/02C+Y8bp
ChduQbWqUq/EOm+miVEI2z13i/wWR1vT1ripJP9U4tgENzcjyiZBhzAIL2Ionf25
M17kjHQhxS54DGZJxiff5cxBWHG0vvuu4W9M+3zGPER4yWZML+5VrK5wNejz1PPW
5kt3i2QY5al5UjSL2NIKI81ZNJ9IkNGT38Hb+jSobs3pvkPdnUbl++TjAX1RwYgH
Bgr1XpD+ek8xoImLNcymaJDqApW/Cs/9I1GvVlXIT6BQi3eA0uy7LpaECi2gWMRJ
a0R0lNt31UGHRez6rv8G1VthzVLNOXYlRKD8p2/NjN/Giaa1yJPGAu+z87G04j/P
Zg82+8SWYM3A4crGKjk9bBAlm7Hk3qTVu1SeyBA0dcNyuVHlLYInmzkvo+KGhDhl
rGuM3SVRQdVay286AqX27HUiyHZ39ebqJwMWY+qBVKSjwBOI6z19JOBrMuyBOdzV
TH2ck9dLF6+fQzfLLspnBjbrdc7KwbjuIX2Nj1R9DQLMC6JpnByGeo9ctrVeC3Z7
KE5MbppSG7gcXTMdqohjauu8Ru+PjxPggjtazUymKoEoMJFY0kaww5dqpYuPxtjE
YRgYyMfRFYO7qnAU7+mdW2XzvGJAyVO8o4RcHnaiXenlZs+TAfQ0GovOAKyBwrtw
ob8B35Z/XPp3trlRuGgWaD7TDYSP9Sz3SvPhIpPUbScCFlHw+o5GsF5eoDGE63+g
N/ibjajDNHp3Dk1mIfMXAmErP8bqixSKXuPltf4U5L60pqhIsmk6rNdteKdlKBGi
/Xn3JXT4Qj2PicodzWDJDiaEjn9QKlFQyOXxSCdT8Em5kfptHcclRiNgsaIxOvpw
3RRsPNjG78iWQugl0XAK+HQUP2KxyGwWQX0oET7M5PLhPGhkya+hT14nuK3i0azy
ULFRCtnSFowW+q81qmJYUUfrcZ0QJf0ABVPbnVmLY9kOfG036N2NsPT1Q8alEzVB
/CmoRmtnfJnKJUZubbgTvdqaQnH/mBTg8FiA8i4MZAeFBRJcSRLE+hfL54uA8GNf
6xr4D5eWIMXmvlWKiQdOO0DW5u/c3leWzVyQFqm/Cw58cXnmTFE6mhTrWktkFlox
S0OQB/fzfKTuJuxiB0dFrPHuAIR8smUiWZiyz7NzXC2C7UI60t9FhpfQIlHjAI+i
ktxm9EdGq5cix4RtG6o8lts8kJl/kBLTmuIH95sfyNkbHQ2dYi4LjPR7PKBAZjJV
UyFI6FDvIOMUa6TJfK0kyb3y2eTp+iRzuys1APhEY2sAskL2q02ZCzTldHNJfwM3
qpKciyG0LTg542SfC2GI0SSHEh5jBVHy29liaw1R7ecM0Skjy8Z1MBiiHFn50QXm
5hJ+T2xI/214rUvESBrCpYkMTT8uKnAs6jRxoFvuK5QxcuOVIab1jA+tXsft9FW0
5kSEL3cxfBoXRlWfcLpTty3Um6AukDGMmleopM6iQMoBpeUqdWPmvi4SB8jMJou0
rL2mZcnai3w2tUe+eitwln6AIo5bOMv14NkWcFeArnLyguvjkZ0aOE2nFvaI/rc5
54QCW9/VRU+Ku/S77gleCNSyO/FMOEIwFIWzc0OY4fnQxSGmp90Y1AmB5/eqPD5d
1f7wF4OeNOUSkKCbXOA1VfmumJ+BzKdwZyjxsf5oDzMMfaShmnhtKz8lsfigHEic
1CFzufOwTjw3dnZrNmFIFhWBrcNtur3u8AMEqrmmWCGHnATxL7BUOTiFvtkq1SUa
/VqOk7gbvcAk3UdSVV4Ixr3AN3wiWHaX/Fmta4NJYM4xljrmWPL1nXUH0Nirv7aV
x0xHgzOQE8ftgIzkLjNqvQyuRaz5rJZzmHV20sxyKuK/GipCc8vx1kNrmUTjIjTS
0/9eyQw9I+efnBzydJRzDEoTwSh7Z/v7nJgMV9sxGy9MIX67z9WpCq0L3TuG+r1d
baCymEjFlWf/0l5nkNijswXyEglrgryCZkW0HHogwTAK+5efC+X7ZV0Uiyt8+HRJ
+63ZB86gTuKi8gM83p/ujliSjekCm0exPUEdU9LzIcPf+kkEDUZIBoKh558h/2nv
BWK+CVq0GFW+ztgLoGbDfR/iM/0YIUo71+gIR2GDZuVciMHm1wBrQK31BM/sfCcD
KCbCYf3aOJPOu9E44tHjA13pHy9d0uRHHAvLrPxRMCgDkDSi+xNrGeX0dDXfhCgi
iMvg2dxn3C09PkzOYXUQPvtUua/qbZNXZW22sg1u3iKaQ0z4rgNLed6i4jHu9KBS
GjHrN0l4qKrr7C0sD0dl3MSL9M3IRlBJeJBLw43NW7+0X8EE58UWHB1vLemQ9vLS
AXsnXM5YHKBBwxLqxgXFsjISO4ltTer2pl22zdo+Um6cBu4h3mS9AoD8gKhq0q80
MU6ldCmyaZy+9E10HeNNyMt4GU917r+YuEq9CCb7AtpWtJokTCBv0Vr7tLt4Bov7
kinWnCF/JUuxx9QdjEOHzINkQiEq6XyxTkoUcjWM+FdRXF1KKc52JpaMYzeMV+Ln
VSJukwaVCmWMSEeKdOGUo2m/KQO6gX0DReoG7An9cDnTYP5LaNeP/KTliiBkLyaS
jddvEeTizcqKFHFjaanzeEYVavnFASxmdlD1jv06EBQZeovH7NkZ5T3QheRkr68m
lnyBDs4R1xLSd+PRZhdFg5fL/mgdzYCmYNu6P+rwgsQpQZpSbcu2rAu24fEbH9DN
RIe2Woz2tMIx6jTsAOBDRsDtXMWn/bqZ/lc5YaVuGsR0vFf6eWK9jJH3VkZCYK0E
ukwFrEZGSCWVP0dOepYl9tIOU7o2BnQeVBAOas1jnr6gJWueoazZtgQHKtiXo582
nzLC/zS+72a/9JaoChclM97ED534fqkND2SVHPkClxr/wRk0zqSbOOkA/gLzis+s
RGZGMOsv9aCIMMUowMB3XKSn6qEXJvNHeN2uH8p5a0Eml6gm5jyYqJlV0q5a1lhC
6vTbPbFXCWxJS1daqiZWtdVp5RK7qoUJY0CG8etYQGUDKsvUqr2J59RXJKA4mBR7
8beQL7SvDvioaHL7sgoY8Nx9sgCtww8MEAKvRnOkfD6tfURjivu8qz1tGAF/INQ+
RvGuw514o8giG+WU4Jcoz+QUMpL7SBSekiGnPE6iz5gHIXNtM3FUTgHTaCVa87aL
Hh/idVK0/uV3Bj774fJhBrfLRxGfOPiaPwjdnE6W8p5colXpUw4MshD2zk27e2cH
W7hpSl7FI427vSKu+9CYDmn71FNkb3JRP2Sy4uBWGBftObmJKVvuwENpiL8D2QNH
f/tvY1zTXJTLzwWiV9vk82p12BKR6BdLY1hyUDEft+MOulXR5hFmuPdbnEdDUX9G
pvvYvb9y9SdwjheYckd3F5R5TTEHTHDyf8+zYEbtCazNNmboKgpvd9z4Xy2RUJK0
4+BCmCC2n4VDN9Ztaf8zVnBCA6vxBf8kSCIoFyMXazCukX11pDN7qhvkQG+BomwJ
AK0UY20qhfKpBRCmiGkglpjaBeyDsX8Bd27lurTRuVry6/YR1cw9zAhoOPPqE3bn
yFrSkQNaVCpAoqB1UitC8NWNsdCQ2h94w5Ai347vQf6SOR7SpT4zd5RNWXwVOlFT
UkBkocfG9JIFKsOapOpXeRc7J3quZEyo87to4U+12UGt1g77Q0aPT/n+StZJcNnu
MKQlj6UB2yQjv0FWBtjwxay4Dn1CKbgLFBT5qntcPBJ3gRq/4Wa4MOlkbDRdWVxO
LoLCgJRWI3aTR9FvjAmAIQjulvwCa8jNnwuXO6Hf0Cgep2/uNeT6BBzn492brQUh
/cpZ1L0yvSY0gCDBGKfcmLXxbm6jVA835TQ456Qc3MX6EEVJvBv0zoqh3EqqGd2S
+fKIGwolruj6Pu7eRDzI5rNmIPbg64OJVDnHxKCH0jhVFBkWGeI7EheYW49b7GPL
w1P3sMlA/67GXPJ67q9k0DZMPDxzTBw/iEnwT35vBaPp1RgW/dXXzdr6hS7kt6rd
Uxb5+ckIzCXX/BF1kh/yaXhQWAGNQy36g5uq77gWY5ypa97GXojuajqpjLrpPGom
P9TWlr1aXH8WOzFaZXMa5xa3YoD9unQIzWRMW3ysobjOvIp+Fmj1gsIlgrfbNI1O
RJaC0WXfX/3WuguukJzC8nAyTVM+Aj/bUZFoPgTCaZ37KXJy8ORZjhUmZ7wMZWh0
lprC6izOj7CUE+UyPUBDn1nIqWRclShIyUIvkGkvsqCPRseMR/K0ObLk7PgHuq7G
VfDTvOyeMGVjrJUPxsydbA9zF6GzTmT6PWNfsLlr4wX38CQkKQzG/8IEGvYQ6xWT
kADeNyrFvVVE0diZgyCcybjTAI1LGj8n36DQBmfpYp1w6T/EyrznwS7PtRftaTm6
bI3eXQqnO+I1HCR6+1gqcS70LK+bX+Cw0sNzLaUy66XVm7/CxYJrohRkNRxTGkHy
cqFFL/wBx1TK/jhARfxm4kWkW7Fsmo5t/ZRAv6jMAlYMjHdBF20HKMNDhZWtf/bC
mEV4/BERSfbHB60aM6ZXWUzBlf486ffAvxsQy5qGjQ/yJIwAMN84qHZvqoA3NwIs
JThbTIFM0Xtux76AITxAYIhtB07ChxXrXC/owJ35oFve+sq1HQGh0fQIGTgTtv60
tq82T7KLO6ervK1UVL6oxHkt/xbr3c6wu4wd2Vh+Kk3xn3wp7ShpT6sopk4GCdBv
mxxbUu50F7e7tlc/sxvCIU1ObwiF6WOJH+7RUJEGmWpvt7eGFZSo/h8oLjnxxvmK
Qyus5nGIIWDZgKWYxxIGpQ==
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-and-encrypted-over-a-simple-message-header-protection-with-hcpshy-decrypted"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-simple-message-header-protection-with-hcpshy-decrypted">
<name>S/MIME Signed and Encrypted Over over a Simple Message, Header Protection With with hcp_shy, Decrypted</name>
<t>The S/MIME enveloped-data layer unwraps to this signed-data part:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-shy.decrypted.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
MIINawYJKoZIhvcNAQcCoIINXDCCDVgCAQExDTALBglghkgBZQMEAgEwggOUBgkq
hkiG9w0BBwGgggOFBIIDgU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw
LXNoeQ0KTWVzc2FnZS1JRDogPHNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5QGV4YW1w
bGU+DQpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NClRvOiBCb2Ig
PGJvYkBzbWltZS5leGFtcGxlPg0KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDox
MjowMiAtMDUwMA0KVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0K
SFAtT3V0ZXI6IFN1YmplY3Q6IFsuLi5dDQpIUC1PdXRlcjogTWVzc2FnZS1JRDog
PHNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5QGV4YW1wbGU+DQpIUC1PdXRlcjogRnJv
bTogYWxpY2VAc21pbWUuZXhhbXBsZQ0KSFAtT3V0ZXI6IFRvOiBib2JAc21pbWUu
ZXhhbXBsZQ0KSFAtT3V0ZXI6IERhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTU6MTI6
MDIgKzAwMDANCkhQLU91dGVyOiBVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNp
b24gMS4wDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04
IjsgaHA9ImNpcGhlciINCg0KVGhpcyBpcyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMt
aHAtc2h5DQptZXNzYWdlLg0KDQpUaGlzIGlzIGEgc2lnbmVkLWFuZC1lbmNyeXB0
ZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQplbnZlbG9wZWREYXRhIGFy
b3VuZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMgYSB0ZXh0L3BsYWluDQpt
ZXNzYWdlLiBJdCB1c2VzIHRoZSBIZWFkZXIgUHJvdGVjdGlvbiBzY2hlbWUgZnJv
bSB0aGUgZHJhZnQNCndpdGggdGhlIGhjcF9zaHkgSGVhZGVyIENvbmZpZGVudGlh
bGl0eSBQb2xpY3kuDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1wbGUN
CqCCB6YwggPPMIICt6ADAgECAhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3
DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYD
VQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAX
DTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRG
MREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PH
HNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7m
ZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eD
hv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8F
kyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtj
hflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMB
AAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEw
HgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEF
BQcDBDAOBgNVHQ8BAf8EBAMCBSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N
83cPMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEB
DQUAA4IBAQCBSXignLEynBakDKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjo
N9f/gsOx/Ht9Ii6zyBZVjdaox644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUh
vdTxDNOOoHz53PYDBh4zE4Nar2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNU
RexTg+z3web/eDOdu+F2MVtluLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyEx
l56BJABb744gqoeuD9YSHjKK49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w
06jaRzWdNeXzlEc2tUpAr4vRhZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kp
olw69Phqzpqp1zANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYD
VQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQx
OFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMT
DkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
tPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJe
STulamNfCwDcDkY63PQWl+DILs7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/
esFfs+E7QMFtmd+K04s+A8TCNO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnh
xBW2RZAeLqzJOMayCQtws1q7ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNX
d3/Y0pG7QFecN7836IPPdfTMSiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJ
BUIKkO1zQ1Pq90njlsJLOwIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0g
BBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1w
bGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQW
BBS79syyLR0GEhyXrilqkBDTIGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2
GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9
HjQEQ+v6BdP7GKJ19naIs3BjJOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+x
h6oAfzcozmnd6XaVWHg4eHIjSo27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD
01DZZukKYr7agyHahiXRn/C9cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHB
hOiPU7IPkazgPYgkLD59fk4PGHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN
3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAw
ggH8AgEBMGwwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAv
BgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkC
EzdBBXntdX9CqaJcOvT4as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkD
MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwMjIwMTUxMjAyWjAvBgkq
hkiG9w0BCQQxIgQgL6N313auMszx5Byu+sPmUUoQvZ6glyBIgh0k1qycdmUwDQYJ
KoZIhvcNAQEBBQAEggEAmHzQqLkVTKl8TKMaeYFFuU9fLrHZbg3aZ5eP+Zt3OkIN
ErSsCBXE2V0u7yCmxk/PdfkTzOoSI9PW/seA5dd/W6yrCVX7EhqWWQx1vA+s+jtx
oZ+Fh5a1GO9W7XmcQBvpjJQL0hyt78UzZt+CL0K5E5oueKj9CxCBkuKlgzzvwtpX
CAK6iYUzwGRWkxqdBaClu1xi2OCEzu5mbpAUY8ra26hGGaExYIZRVbwNZ5uGjfCI
lsrsd5wFdxQbcWOF/M5QIjbed1Gz862IZxaOA/fRY126jdeJyG2VKdD/3XglLNx4
+6kU9F3BYb7itpwqnkY3MiKxLuofNQVx/ZQ1m9arww==
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-signed-and-encrypted-over-a-simple-message-header-protection-with-hcpshy-decrypted-and-unwrapped"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-simple-message-header-protection-with-hcpshy-decrypted-and-unwrapped">
<name>S/MIME Signed and Encrypted Over over a Simple Message, Header Protection With with hcp_shy, Decrypted and Unwrapped</name>
<t>The inner signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-shy.decrypted.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-signed-enc-hp-shy
Message-ID: <smime-signed-enc-hp-shy@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:12:02 -0500
User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...]
HP-Outer: Message-ID: <smime-signed-enc-hp-shy@example>
HP-Outer: From: alice@smime.example
HP-Outer: To: bob@smime.example
HP-Outer: Date: Sat, 20 Feb 2021 15:12:02 +0000
HP-Outer: User-Agent: Sample MUA Version 1.0
Content-Type: text/plain; charset="utf-8"; hp="cipher"
This is the
smime-signed-enc-hp-shy
message.
This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft
with the hcp_shy Header Confidentiality Policy.
--
Alice
alice@smime.example
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="smime-signed-enc-hp-shy-legacy"><name>S/MIME anchor="smime-signed-enc-hp-shy-legacy">
<name>S/MIME Signed and Encrypted Over over a Simple Message, Header Protection With with hcp_shy (+ Legacy Display)</name>
<t>This is a signed-and-encrypted S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Header Protection scheme from the draft with the hcp_shy <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> with a "Legacy Display" part.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 8170 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5046 bytes
⇩ (unwraps to)
└─╴text/plain 502 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-shy-legacy.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-signed-enc-hp-shy-legacy@example>
From: alice@smime.example
To: bob@smime.example
Date: Sat, 20 Feb 2021 15:13:02 +0000
User-Agent: Sample MUA Version 1.0
MIIXjAYJKoZIhvcNAQcDoIIXfTCCF3kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBADmQPwawzwzPKIJbuLJ1LeeMRHXlIoG7j/r1
tvkHMo9bUUhT8jdexlAgl1L7CKdQmfbXbMq/lAMUe8727BECAU/ZRqw9ZA+a71Y9
NfDivBgRdu0W1qlL0dcRiR3gU/Tbvx5g9kEbQxT4sAqrVVJFBxPxKH1E3NPicFkM
2Cfe18+fM+o6+45xZgKrV3tTO+xsoJe00OBOghFEItp2p9q9+ItOPnBCrFl1Mjed
B/5DmHDigcV/KcJqpQeZGifC9q/3uT5EIqoEq22gyTAg+q+SHASpbrUdtTAI0OqM
MeSl5Ou7Xr7oA++n5nn3KGm0NSbirWQ/luGC8txFEaEM1YCAHzcwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAHFfMy82jaRS88AdeeTpXTcI5
eIWQXlgopLfTZVNWouqoD0UNwE69mNURWUBUqND+ascj2aEc1SlzzZokWMzfAb8U
+HINE78pYcnd4PHC2EnMf6peasmfJwHgrNehJqy4J2WhaQpQD6em7S2wQXfCjxgW
UZdM8ouyXw7VMYd7CDQvY34VGxjWKooTwsSDriEL/CQ1ew2tjsXyznHDkfbFfpxQ
XtUciRQX+WHn6uZHDTGZ5/PArfp+hjsHmegmIttON0Ggk5Orh6Fw62+O56k8W3jQ
Sgtlbqigw4/GnkEYBZ8iYF9dJuQpMV41S3tMcZzwM1FBTwLpW70gMeDtpjOJMDCC
FF4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEG+d1PKP9Bv3wjYhP6kQiGSAghQw
PgNipAhO1AbBIDyP/wL0dgsWwC/KHSouWRESeutz2oMXMW6zDwFHwWVAHUX4uRmT
+ZZVEwiS+wzf3TAfdOXs2kYHfhaiFkrJUxYirdyaqzuT11sVzKLt2F1+uxqud9JU
vLwZo7INJiiUYpredI3plWznCZd0NMhUHiWHv6qT2fBU1KPBEiO0oZ3NZtO/ZnAV
jdMO2PHAUwdnmqPLDNsLnsaNZ7i+b0rRFEgT1qeZ4xhRp0zSsjwvQn7d/WBCNDpC
9KKAP9P+Cr12l6PTjQnFx4NrDNqupw2A6A+qv3NRq/ymn8zR8nm6zGLjje5RfftA
WVGQSajJNLTDir5TUAtb3lo7Cv1Zb8VQZhqxTJJrwW3piWUTV9xjMiVL+h2sqdZ2
LhOnQBNJmFHPhukkdvkCPxbM+vylJU04U+5ma+ZpDOBCgy5nWRgbQbFxcP5dpGkH
dZpcf164e23dKGNrYWK+gjVF0cp2VpEilgZCwJLJYgxnpH+tcoSIM7XfNe2IR1eO
L7pAhrzTrVWiBemph727lAXJM1tWhhgFL9GFWkbkQeJq2ndpGwz6lK4Bk8Ri+9j7
fkXo8qt4xGEcE7hjfHPIHcXr4FhjYRrk2h2bb4LPAeb7E56bEl7XTT9hWCAoAT1I
lcfY8giqsny9xDeb8Bww/i7dVCzpFZCSNKxymnuWybTqu8kmnh4FQttwJFvvDCoR
Xh2j6mMO7DpzGx5v8E74lf4cXwYKdlOer0L7rBCT7worv5OcH+Hf86Hgg5NzvWTn
ZdCioihv4Nh2w5EmLfWLcwP9tnMC+62jNFCIh9k8EQOs6uETEjN0vyFYWMM7aCIQ
JgF8fkEmAs690oU77Na5V4RrGvvyhKZv2EPGUTdwikls6YsYgEHReOQ3hBVqrn/5
/Pm5m3LKe90D3ksmeasjTLBCf29RT+vYpHlLPYNlJf1mTTKZmA6FjMi3yjlByJe1
TbrhXpmSxloX6fHeOMnq9JNqQEgrs2r17gyMULRxDRcVcSwpHYIkAjmjtyfRlVb9
5XfK9/7bwNAH0qoXQ//tppHMFoyK59YyD/aOVvHAFyHvFxY/R63JkYd2lX3AFevV
OHk+a86S8/rlcSW5NMKMEGIR6d3sbUkoTKhVt8U/PNMQgTVbROv6oQQf6wB+VM7b
etSPPJciKCa0zF/m2FU/6HEU8s1DI0lioMgo+Q1YJrqWnAGlJ528Sdc2GTP0LKub
+zMRCZsrYzPHklw0PxuXa3hdyke/c6SZz890Nhhh9jWhlk+1eju7NmNYhz3t9MjB
SumAvmHOMoLOy91dBwhcCnp+f4Y/Fx5NdIkj7VJVngCQiPQH/pi2LlgyYfcmqRld
n4ZwC4JZgjvz1Ui6Pd4iL6TTeHeQD/OtwxztqFqiQXZJyRNqbYYJyGZbBz3zFviq
aWahRK9rHYHVDqWKBy9SmyjiHmjVZluWXdK4zDkzWeqcwYHspKSYnymcBcrBneJZ
Hpy/bKK7RVNyUOE4V1duhaz6vUdkXG3KHIWCePPr3crlUHFB/H+CSQ3PXQAA7qNy
DvcD8jQ4TxDMhj3bWSaAKVL+SZiTBSVVXX5A+OkGHoe57TDI9zKqJSmyh1dr6V8P
LiFdSfmGKA5sWuTsta9SMslWobVguXuvYTxE2V1S3zoHgB0p1efJ0IaNH0i+gqJR
NquG2fjiQpMQVYypG6942C6RXNUU1aLg3kH11ELTOmNRCw6EnL7xYA+xwwWQw72Q
6o9xUyrX9AqEv8cH4IMelIpkBue1hhf15eFpvB5y+cUlnv6OjCaINXGXEcNPlrw7
0mvTezWJXIyP1E+x438ZSFkN8EL5DqvbttkzH+0qcUCKwp2/RADofAsRwDdDuIOF
UQby6oDzqLTZHNWvrJiLkgquJ1iXWiKEWPAppgLc1pYzzBDFuOIKb//tjUznp0l5
lyCNpkazuj2FGeDddz9jvWES5u3jATrG85wK4WTH2vjIh16Tk321OpwXeJP6M17O
cG+NuQVPR2r6K1D1IZSGOf9/nsDVtnB5LePXyczIPtPoJYGx20Kt2IUyjJ/00mxt
iGk3/KZsVJdukr8S6U/h5V70E/i5o3GYgG57iLX5DoA6uMTlxi5SEEv1qYMd/fw8
o0PCZw8N1kkkLxP4bKtMJJcAasns68CSu5kxC7bCynjEVR/Ea0YO7bAf6V+pDYYA
ABLNLdZBQuYJ5r4G5TSS6YQQ/uh1zOOg5tcUS3JPb3VYVXSthtpxaR6Z0bMv5tKC
ca4gleLxxv5qWetxcNTKR054tCIREGX9qUX7HhIWV7cd3tiaN3N4RHU17nfy2mr5
geyQdfQRckTzuH66/a7czTqlVMUw/3oXNwqVVyxgyg4TJ7cHwfWx5Em6VCdUAeYA
r/pxcMMlwboDg3gsUuhwBPInGrbs7fQwe2LAJw0zXIjw61dGPF3Q6IJHZuStrGvF
3GHO7/U/KW7P3aaVdBR484uaCf1QGVgkfZYLZNtdATh3uydDrhLot+DYUcD0RI5C
YIrZzUER0Wq2/HskDBh2O3LxGxAB+HAbgzIw7od23AIzrTvwTeyGY0Fotnr8y6ag
a2TjAEHxSItZ7/YT/SiRHJVPDilp8aptPKDQUZJS8POyxCy3zNKANzcDkspdcT1N
R25mBS39o5ab7q6eKiNF6moGRxG1ZU1ghXYFOTp6lHXv4YVpanOK2KKR3efly9x8
apD5Baaoo2tOmQ7Xb6d+NRT6RnrIIB2jUyqUSTADRnVQEsbz2nxd91+HFAChc+tu
7bn9swHrcgaBvC7ynFs1KIIx+UFPqEaOPwzbE0n5xGqja3+VFoEJ3hyOQ58N5Aw8
pgPavMZbWeBHwu8cos+FiTtRsNHY7KxYXPjirYRFU1d03jIWThwP3omjfS6cv0S0
wARwjaiLisgm4g8hj+7bAWjsXYNXbGhqeqbz3pYWYH5BQE0TIGdddXPjAFJs8hih
tn2bOXQqSuywiuX+RVXU0rPPoN8baZIqqLkxeAigsNzgFLhQoiS92hmoCsxgwoXK
EBGZdUd4Tq4V4BjhRXqdFf0OE9jh5pY4xzslnYkxSmemSGqEbYUyJQKQntzx9SdC
gdwsNGOr57z00ySoHMWvChgw9RKZXdLF1MPp3BjIaOXwUhQPOaQPhXxSyogY28V+
j4cGogR4dSdR0YhVT7HeaqjCVHbpxC9BJD7OXE19PEU6wBSInQVwddoYHgxJxEhS
o/GVUO9kqqL3ygV75MtfAOSFuO7RgkQY/geSQtdN6+DZ36LdP2xRdU43aICpyHku
fbUpAyIxpKYBndZAkf/zvDSX67SvhIWrMsuv3VMYZSArW9WWifvQQ3RsYl6Z1hot
NbJyoRPeh0d+18Gj/Nyd2gRlTPzIsfz/jdQqfczTK9d8ewTCAQl1ddTaezlrmT+l
GIniD99EIhouDeH97v46rJRtSTqRv5EtTFktlQHooHJWM/nRmvEFE62YqMrfT1c4
US4JkBI8MBL/oB1I0F0SBol1SWex96Ab1T6XdZihJXStL2gGJgQNQ+Obj9GvFfYJ
uEv+LUP88Cv1MWHV5OrCUXmUnuaGj6RLM27nL6pmXTQB8cf8CwkAlYP8pLzEn7I0
JigRcYCY6eevrctaIPkmmU7PKAB1RF/HUTdvelWzN60jF2idZKn0Oc0ks+o8IUpD
uoh14WwvAZnXbKZBWasPuw3VAKCNiJxik4F8/7S3w75dW2AUmwamSFWNCpU6B5+X
9w083nMsnDbvRai7BHPmpsGmppuH9RHFMFHwiV66UR3Q0aapDoalA6Xo6uFM3KtA
ytx8v1qaqmI9XyWO2CySqGMR+d/Vu1opugr8jIrJCo1FGNhhj387FCeZsBGsKAo/
Lu6DgvgnV/DcipEafi1O8uJrNcqM34FGNL8IGDcWAZGxORNIyIZ3x7dnLpykaoS+
CkABKOMiUYHwEqER1BptchQ7za3nh2IzYFXbPs/dfkLEPE53+RMe7KiDoNDp64Qw
QrZqT8powhIZEVsacVKBe8iiOsFYK1KuAL11zfvSBFWfXJC3pHZOJWqhlYjsATmD
FakLKn5FNuib4PXo52fcqz+EhlqxxxjXePjtIA3D1IzOfH7IofCX/crana7PNGzU
5/KX+1e1srAhSMuylPYSjJFeIQ+Hj63LKp0wisFSq5eAeSh6BbRqCat24xozeMs1
w5285nmwglBHXR9daIEyOZbN67Aa//9V+ANayy2sek4pdsTMyelCtYng/3el+3yS
8eYxeLFW4u/9xJsOg5zKwwKkxWUadRZrOYBBBjZJrwQj+/C/Ydl/xCXdCrzgX5tM
e7NfqrslEd4yaAAG0KfRgOzmhinTnH9xwMk929d/zgcYtcpBhOLXnsbMCpcOsBlg
9YFQTAINMeIXRU5JXUsOxufbDR/XPbLy9bgyKBUUvSvypwEa8yvVaoJvO1FxmC4K
Ne+843Wv0RR8M0QeTP3uDfqcw7Rc1if4Qa0fcZWpDGec5yqoiL8Rx6XpMUhxqZpm
KGw7waMxgP/wXouwXJNFvhUcl2klVG00affvlt5IxJFly6hckkGgsMaDrNduziPn
j00ugta2EgVnAa7fDe9MRXF40PSwR2k62T+OdxrRtC8Fvw5wlQi9etWG0VGuwxPN
kMTVWtOHRPaaySRXwOhw1j2PGUBBJAb/bFfHAFHHLeM3A2M32xWkkVo4y6bNGRq/
50XRISApwVZbpSUm94VD1++LYrRk/u0XUBE0vHUeP16ICKKWXk6W4sFfAqisuPTS
JzqrIaQcOEEcn8c//Jyo4HtmFmqDdVeax6lkNeQekyJDoc9U87Gie9E8bJWZ9F9p
jXod0zX7SQjS+FqXA3vPeSixDq2+4rJhUzsF8aPxm3/HjutoLlylXTi7V1W15oh2
fpyHBPSp9E851ZLlf+c0OXOA2HfixTjg7LVBwtf7jTZhUt9P95PIYQJNu0BhCe2w
TOMcwNVigbKw0ZV63nSs5zOJ7ZjMVr2eAONIYCx5trzS1bplUMdspJVkTUp4bycv
qgAXguOjMqxnS5ACuGIFiGRIyWMi6oVt/999wpSwJ71wV/rWZTgaAvU1h7lfqM/j
GxTHnuqVlpYPupUpNaHE97xbNbJoFTI77EnurLZssekD06jlzErtEkOvBZmj6KrF
StJMuCKE03KZo6BmOagisDD6RF74fMxgQ2MyC3KeWpjbE+VoMEbNEEcQYW61kyUy
Qgt/TuY0WmMyrfyZJf6/xd90zN8tLRqev4FvOtPxfHE4qEGzlRg3IMPKrdt0L/SI
B6nFxLwhsKLCzfoGYl2npk4IaQsU2v5obj7blSgNLhGGD//JQkbwNYp3UgToTsZL
QlpkEnAmardCEj4olwiOqwDWAZOCcicf8PcvZYRuTl8yZVlpndx5eGvmCdEyEayU
2LCf3Iiaoeb5gF9BWQt9c0nFXb4iDjbcK4ijMbpw5IYRHAze1/GMnbkJJwzItJM2
LXbJSyVC8DvUYjyJsBu7CGJpd53lks2Mq03GFGVo3sDp8RlAUddXOqnvKj9je5Qe
pygvaBbAFn9NaHNQOH0YRta9DEphGqMzjTgCtdQWhDHAUZ0P31fR2gcgBred6CuO
gwoiXJxTyhx4Vqeb7G+dqx9/TpFgN0/Ml2p10Bz5yXuDPAP/D3InjewCSgw4rOrB
6/W13FnQfpngWY3Q/HvQRVlArUbROy/qf7amnQ79CPzYKUIW8xn6rD47ssNT/9i5
anPtuUrX02E8Wg5GeB3unBvqsRliK3tbS5u4pBCEHWrvHQuDJF3VenPdAag0pM/a
SRMsrI8ScXsz5XeZwRCCkxIB/8GNwQuHsiVnKQ1tmBg9dn1DyxQfHyN25J4o5kSb
3hj/YtZk5pbOEtWvLOtMs+zBa83RaSWYaKn+sJESrx+pyU7YLxFKNmkbIVdB7m3l
4LXb9m0w5j+zXRPGvoY4hzVz1bTFqhXCKORnCjJdm/2J1vNMjC/FioeAOd/oGwBx
/knz5VWDpbxcl0zeituHT/Y9iZ0TUwDncB3uS/sWn1F5yEIFrgd4emtibETOS0Xb
aweHBTxxZ0IuCYhtbyqFPv+P32bK9dAsO7gVCCgrISA1TmTI9dRRJ7xE/P24OBSZ
Zl2/8xJsMjaxDvcS63hfWelbJRS3U1RRp9vZRbkggnutMrBu61NL/yLxPCS5OR6q
HVw2Pr0MvkRvZx+RHQf9oT8tc9owYhxwGhweF926OMlHwsYW28K/IKyFIaMWwlUH
cxYnc2yPckCN5ffTAdQXA8UNFBIBnSmartVGG5zxc1PoJCVax3Xz7Tgj+vISBaeA
HQHjNSzIa8APRIxE5jVMvzOfyvc6KtPLLgbOmvLmgyDC9rUVAuceVO9oyLS1MsCV
g3j4RmMIswPdagpYELQcwuek5e5ffD5bidL2Xn5BOXkMK7N2S1lXlmWn215NZG55
PoIAeXjgNDjdMmCXSt/frUvTsFOPtcCA2JAcI/e2dsyAF3iIRvPpDPRfUsvEzSQe
gB6OEFYkDOqcG7Lk9Hx5d78ZpJst+XViQAIDlgLHBpPuwkIvh9OOdeP/XKLH/1lJ
yOQ9mQCfuTx6rBtj2216o2L92OKFI27F/Ns4Lcir5VX0/6hrNe4/BlkAnexKnOgs
Ok3hIuQnB6C9Z2vtWt1P0lnsemX+AhIJPtgRs6aGhMUnIwtvb8aZwFsS8WvaA6PG
uLKBUfuv5V+mjt5vNNlnkaaF9bMGQVk9NmK6mgkqmjmoaXP+8MbKHJ7cf2Kt1Bpc
PJ8uPBQ302Qv3PjpFk/YYdi3tmmvaxbOlDkNCJ87xjN7Tlgd5jmBZRCDzxDBmbOs
1USxLB1yDN/k4soKAKL/Ze6rVusjC+GJ02TcWFQkS5eQjxoHNKIkU4fMDggw1vzJ
m5kyP5p5DST0+cko42Ae0yjn05T75MdYP0/l/I8YBes=
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-and-encrypted-over-a-simple-message-header-protection-with-hcpshy-legacy-display-decrypted"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-simple-message-header-protection-with-hcpshy-legacy-display-decrypted">
<name>S/MIME Signed and Encrypted Over over a Simple Message, Header Protection With with hcp_shy (+ Legacy Display), Decrypted</name>
<t>The S/MIME enveloped-data layer unwraps to this signed-data part:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-shy-legacy.decrypted.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
MIIOUAYJKoZIhvcNAQcCoIIOQTCCDj0CAQExDTALBglghkgBZQMEAgEwggR5Bgkq
hkiG9w0BBwGgggRqBIIEZk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw
LXNoeS1sZWdhY3kNCk1lc3NhZ2UtSUQ6IDxzbWltZS1zaWduZWQtZW5jLWhwLXNo
eS1sZWdhY3lAZXhhbXBsZT4NCkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFt
cGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQsIDIw
IEZlYiAyMDIxIDEwOjEzOjAyIC0wNTAwDQpVc2VyLUFnZW50OiBTYW1wbGUgTVVB
IFZlcnNpb24gMS4wDQpIUC1PdXRlcjogU3ViamVjdDogWy4uLl0NCkhQLU91dGVy
OiBNZXNzYWdlLUlEOiA8c21pbWUtc2lnbmVkLWVuYy1ocC1zaHktbGVnYWN5QGV4
YW1wbGU+DQpIUC1PdXRlcjogRnJvbTogYWxpY2VAc21pbWUuZXhhbXBsZQ0KSFAt
T3V0ZXI6IFRvOiBib2JAc21pbWUuZXhhbXBsZQ0KSFAtT3V0ZXI6IERhdGU6IFNh
dCwgMjAgRmViIDIwMjEgMTU6MTM6MDIgKzAwMDANCkhQLU91dGVyOiBVc2VyLUFn
ZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wDQpDb250ZW50LVR5cGU6IHRleHQv
cGxhaW47IGNoYXJzZXQ9InV0Zi04IjsNCiBocC1sZWdhY3ktZGlzcGxheT0iMSI7
IGhwPSJjaXBoZXIiDQoNClN1YmplY3Q6IHNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5
LWxlZ2FjeQ0KRnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpUbzog
Qm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEg
MTA6MTM6MDIgLTA1MDANCg0KVGhpcyBpcyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMt
aHAtc2h5LWxlZ2FjeQ0KbWVzc2FnZS4NCg0KVGhpcyBpcyBhIHNpZ25lZC1hbmQt
ZW5jcnlwdGVkIFMvTUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVk
RGF0YSBhcm91bmQgc2lnbmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlzIGEgdGV4dC9w
bGFpbg0KbWVzc2FnZS4gSXQgdXNlcyB0aGUgSGVhZGVyIFByb3RlY3Rpb24gc2No
ZW1lIGZyb20gdGhlIGRyYWZ0DQp3aXRoIHRoZSBoY3Bfc2h5IEhlYWRlciBDb25m
aWRlbnRpYWxpdHkgUG9saWN5IHdpdGggYSAiTGVnYWN5DQpEaXNwbGF5IiBwYXJ0
Lg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQqgggemMIIDzzCC
AregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0w
CwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxl
IExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0
MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMI
TEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeN
SiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+Ithj
LeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/N
kug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSw
qpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQ
ury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwG
A1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWB
E2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0P
AQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSME
GDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4
oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIu
s8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2
AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gz
nbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqH
rg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RH
NrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcw
DQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg
V0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3Zl
bGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/
T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5G
Otz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnf
itOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjG
sgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/
N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ
45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZI
AWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQM
MAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIc
l64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJ
KoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xii
dfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2
lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh
2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2I
JCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcB
VyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUx
DTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1w
bGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/Qqmi
XDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B
BwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE1MTMwMlowLwYJKoZIhvcNAQkEMSIE
INdmPheiziYcbAwKeKaDpmuOQFmVMdAqPn4+xeOFjp3NMA0GCSqGSIb3DQEBAQUA
BIIBAD0aQzYiNU8AycDkBbQVbuAjHzerZmO27QlIZ47Cw9QfNcJ3w40RJAohR487
1NpkFskR79WY6aHuiLxClWV0Jw/iuieAFfBZ8Z9t2hOt+F93M+9v1eoLzrgA7YZG
itp6r5zToKCdwNOc2futk/+dutbrTqYlFI8nnjLNqegBiGMMzVfateMc2fVnIVN+
7/4fyA8ASzseEis/HQTN7sEjw0pUCvU4JvQy2klVYsaTZO4bdKXW86DHEWjoiweF
liiKSueA3WB1jeJRse2/g33dL+5++UUtQLY3kdknM78705WOaFg03V57abGCp2r+
bgcHQNhfe0MXoJHKqYrnG++22tA=
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-signed-and-encrypted-over-a-simple-message-header-protection-with-hcpshy-legacy-display-decrypted-and-unwrapped"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-simple-message-header-protection-with-hcpshy-legacy-display-decrypted-and-unwrapped">
<name>S/MIME Signed and Encrypted Over over a Simple Message, Header Protection With with hcp_shy (+ Legacy Display), Decrypted and Unwrapped</name>
<t>The inner signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-shy-legacy.decrypted.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-signed-enc-hp-shy-legacy
Message-ID: <smime-signed-enc-hp-shy-legacy@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:13:02 -0500
User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...]
HP-Outer: Message-ID: <smime-signed-enc-hp-shy-legacy@example>
HP-Outer: From: alice@smime.example
HP-Outer: To: bob@smime.example
HP-Outer: Date: Sat, 20 Feb 2021 15:13:02 +0000
HP-Outer: User-Agent: Sample MUA Version 1.0
Content-Type: text/plain; charset="utf-8";
hp-legacy-display="1"; hp="cipher"
Subject: smime-signed-enc-hp-shy-legacy
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:13:02 -0500
This is the
smime-signed-enc-hp-shy-legacy
message.
This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft
with the hcp_shy Header Confidentiality Policy with a "Legacy
Display" part.
--
Alice
alice@smime.example
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="smime-signed-enc-hp-baseline-reply"><name>S/MIME Signed and Encrypted anchor="smime-signed-enc-hp-baseline-reply">
<name>S/MIME Signed-and-Encrypted Reply Over over a Simple Message, Header Protection With with hcp_baseline</name>
<t>This is a signed-and-encrypted S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Header Protection scheme from the draft with the hcp_baseline <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref>.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 8300 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5136 bytes
⇩ (unwraps to)
└─╴text/plain 335 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-baseline-reply.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-signed-enc-hp-baseline-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:15:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-signed-enc-hp-baseline@example>
References: <smime-signed-enc-hp-baseline@example>
MIIX7AYJKoZIhvcNAQcDoIIX3TCCF9kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAGpRgu/+AsR287dW3Ygyjh1atM+HOIMy1LVi
g0Kr8xBysv4g5DuAWfNU5MC40hTQC/VzBNQEYq9XKLZojwJCSAz/doygseKYXqV1
I9Mwh3tWaoHHgLQxoP1zY+AI7jWNIwSbTtn9W2YGtZCeZ0oV/7QY18nes26aNDgc
aRdEhx2jmLKxvhTCpFy7scICBSERea5SgN9uRAUihwsEvJRhX9vjngrlKwbGKMz7
ewpe0YcoY+gGRYqUYLKIvu6jyd5A/dDX2Tc8z2Zvv2MxYmMdP0okeAiie7diTHg+
ae9CTZN6HP7vbKHaftgcKcP7JT9x2PfoRLBagy1xFG9sy0DcqbowggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAN08bq23teHvwfECD/cO1SAZq
OJ8aphPZfk0r4yfTge+uSLc/UUk5ipnFTHrUfmf78/BQmqSfaPRwHRhLREaZeFB6
aWgZN/DSe8BpkheW+2Y7L01NvmREQZLP69mwPg1WQ+phUc/NCUvz9XCMDbroiX5Z
XwauA4fjKKRhn25wdrb0EeVa5PRg2CjjpcFrLWUU5TvDbEB1Qss0X467REyFg0QV
mSke9tdTh+M7IL2t2on4DIlxJy9A+dVtwMgz8qd/bw6a5qGC+Hk6CgpskEfexANP
ypqF9iFQW/1lr1NhDOm8OQLgm4PG+/L5nX/xsI3QkgBbpC7N6po06+W8Es5lgDCC
FL4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEAYLQLnmoDE+1L9M+p4U5lSAghSQ
ukiRYivwnbEQfkBN8oIwjd6EBGHDfK53gjhPxRaaY43MwJqWoSjCQtJAzc9to2DA
gFyL/s+lMGXxapd8DHwDXu9Sota0wZ94gJYSeNMBJy+QTjw0rkqMrurVqTrlDs+v
55xulqMYcOw6WEAYdJwMZ9TPsaHb9af7k+KNghTBUpteD+HGozWGdOP/WN6I+zq6
HhwjXaEcideIxg32j8yT0bDHp3lz42eFzlFNCHd42bcHtEDFGKFUTZZVO2B54hcv
DRDqLSIIwAs4TmW7ajD+qcfM3ug5lRj3NJERbZyBjjxwXCDAa1P+3ERBc7KovqWC
0NOgBLcxQL97EA0YcnYuB9qZaNC4/Z9tnPdocCCMXViWkqGhfaRlCHLSKbySVOQR
3lqLSr8S3lzQ5L9+GFw/om/Bto2VJp1AHWa7wdZk9CDdZKHk93eEGPHpMTbzcW/Y
L5kaD2Yw+vRFIM4ZYYgya+WkXh6SQYml+dAKlsXE1aGOnsTYk6odoanC6Jv9Az0l
9FeNSeiH54hSyDNaDjcUvGOIm8b64pZCiZOc11qivKOmc//n3AmUTOk3+xvu/Icm
N+Jv2blnYEF5jf73Hfv/xFm9ZuEfhLsxCtjtUcBmUyKh13vcoMw8iDU5gfUoTtD8
ceN5XkTFELM44cc9M5Kec28gWHYUM09wpyGiq9/Z1Q8qS+RgRZV210Yikz886ATb
v4+m6kciaI95EF5X790zglLjODR8JY5gSOfbCGdb94XtPouGASa2J0TOO3f9AAE7
rlytRgPHMJyY7G2lNpSF81VhVlfY1RJZpPBbZ88tRvMENsyWQb+6+mMW/PrNy83L
ZxQ1E8gzA2oyOl8SIuRMgfYcSIGM831q/IiMTJI0cA8OX5iVD4KnBLoZlVCuQUwM
0WK/iGjJIgXDTsMLHNrlgZeulkfol/ryWU1M+CwJSetqorE3WBy4HxvUau8v20CO
pABkDZ29evve2X46KVmDDXGICE9O+q+fanmX4ZFzMsVmPS81s3JQhECigYJ62IPI
hl561lXJzkC8lcp25TcpacjjnvB3VGfdqDgTjmALJD4gDDgeGSWZHKWxEdIrzeXr
7yIoKC4H28yOtCwZ0UNQbeIVo6qcJjvTrSJ/ZD97L+jLQ5RMRwtGVoOhlS5tTRC4
l3SmVX7qJbX3I/W1AKBGFCtvY2k/NqzMJ88td0RRmbVvNwFC7iioWYUCmU/97a6x
1v73Kqpc73L7DTkofya+zAgtHqcRlOvZZ3Api3Spa83fYQc8kUA5n/Pq7P1LCbbq
yrv+2Y27If+bW0CNFP+4J8/hFdrQECTBhDgf5PtnizLORXFxCvZbqVdwN7qjocqW
U/gi745fcEOJjIMeECdhpY4sMsAaspxFH21puSdUv/bx/i3Eaz4B2pgtL/t957pT
oATDNublLFP8F/k+0Ml+LFFlg7YsbQG6l8Ki61xHyNp6HnK9XjyluLUIgTMV7KrB
DZwqygl7UJd1IIgBZL6tS5mXOCv/k3Pe9raQR8MmCPNIuQynBB9JjiI8DqcCE17L
siRFtb0SPRR1GNmIIm+30HOB1IaPqPE470J9AprPe+tg2umKnD1MST8qOUQ2c/lt
eSBzmJBHJKpOS2GHHIfOoDz6n6JvV1DUUtNi7LxJOm/cjrTxoviMR5b8hcOTvueh
nHtutZK2jrqGfMylRxPD06tRQ9cRv/svMlfXascl1apce0qwDGVUUVVxI8yvEwgL
MML9qVt8GIC3xMyU8UXlNhAC9iU3VHuU1i/mzIdVQmxXyKz/Csnvwe3jY44iW50z
dRKmrbr5JKf5HFGvucEsmz9Tiz8xziuoxURAensZT8NastY2rmnHqAITbJc1TALo
cHow0MWUUfyjRQgFoSVsQf5LpOIvSxj2dZ0k941MDjmH2M1Zm1ik9MQtbDWx4z3o
w6rlyBnUq9geh7Qt45nK1dyuoUaaueOoVq1HXt2qZ2w8f0DurR6XueEuakpl5ty1
NrxDi3oKNc68s6jBnHbcRjlmqB3g1C/iA/D8gLZRcVDbM8kn+KGDMBJ0J/DHZn51
enlAddnXgI1sEolNGlGWVFFlTCQuZpw2RohTcP1/+6yD3TS1BakjweiXKLAhKNEn
t4yWxQiGurwTO0d0VxUItt0d7s8idH4pxjayc652CK29Ov5Dz8ysKyqT+uIySPJB
yyWURsmpqYtoV8Ox1w11oWisBa/dpk6QhKSValXOU+RJre1p59WL7Bozte21Z09Z
g0uQEezaR38rByfeG1sExG1QJGcSgyELVUYVOFcdM6r5cfHlsqNJN2XMVwlZry/W
JgJKuHaw6LCC6+1gmselpXGkcpPLF02ZLBgDbC2AKZRT8e3T0j+SE53FQIyyZPbr
CjZ0ljtsWru+eWAlaaktJnRfokBpNCJ5GEyyd5asZu+oJXGIFZQNVQYe1FqLbrBY
Z4Rfdcu+cMvz2Viw9f6kgAo4nDEBHkoJzAM7+1h0a5mGfaQEuL+kcMIRPVEbJ9kp
cWMoSE0M9TnLJ926fhtSItZQOEItfO+Xs5y6KOJTLly02KdaCskyyIqju2AYAOhJ
UVdyzulqvURUIwIMCjyUh1jrmpCE7NtUx3/gXcxvEto9RjexlYHw++KCgoIZ5E4q
f/ZJjRMqBDu8CJpT7nHNv0pgRxplQg4x31A9ZDm6pdXF8U/ZNJrfSaSnaBOUrLDF
wbeN7vdJsW/7JssBuyVRIEjx2vIfZ0U5y2yy/hbLjhh01jt2zkJZC2dxLBH64UFD
pGsL+lmQHSQpL3cf00dNyrx5h0wDoz8/rC5w4/axD70KijIbKcssgSHUCd1oWBn/
c+i1hdqXfT/obUCDhgFOMlbrbC9juoSz3Bs1EnjWFt8unm+N8UaNuggTbCeujYvd
Mgh5eazSocQ82xqpwmIxvez7ahN4i0bLI58ZE7OSyFME1yFL0/fnD7B/Dy0ooATT
wFWF+hBfeGaWdXdPIbnOjTXjEpYchaWgN9nUon9DGlKYay4UpUSntUcnqI/CJEVI
U5FVWBaD5BY+nRymkTX9yxuB45z/AixvDMYBn69/LmcchIAYQeldMHwsy611it+T
cZUMtpemQoGqGdxP/uKkC0Pf5TFeq7v+1W9Q5ybxxJh5nrHTAcupH5FJBsqnySg1
jOd3xIO/sQNTfCWBIjN0YuedORUkdieRYuJ6ygazkCBQCr1k7/r/sQiO+F5PD1LB
J26sP0Ly+WXruQ00yA9tTRYiRgwqx/sjcv1Dl86kKMmKBNCVLyUdFPsgjToIhsti
DASDRZXEWlXfAJSwT+dyaDz+HOOtwOH6In8SNr6UPnSsoXofE2Kh4U7DNTot9k39
s1AQBG6FtYfFE2qZ+r7oaHCWfkrkUUCgBUUJcKaGv7mZptf3BS9WEkSHBZboAxse
yOfszNnagBOqVPK6Yi9JLleXEBNSa0CQuxuLDzEadDNLltcEKt/CWWXYcq4Mkqej
FyGNnNGoFRJy/ExL+IbaMVg9wmAhYLXr7vmPFQ0me59CYtbaNr5y8818Gvu5EHba
g7ZEubaE4qFnGX+jQ5te7cgoJ4aR0Aeq6fcV9mwBK3Cs60ejpCv60LYjDXrX5a/w
PMhFtY+KCVOyfgIG69vDh+MSSsRKe7VxIawTJyhDOmiF+iW/LA4zJKXgDdSXk0wB
+hECKChBTlBqF2SHE+8s80olKv3wbNp91cY4m4MV6+Rjo1x5eP28tGQOG/nx3Cs8
f/uvxTvOijAc43i3O7Hl1HJTY0keEzEVcmXh7eEhASYJxAELpLPXCVDmuohnIAIH
VUCx+jiWESllycm9QmCf7ItjnyyI+cQFjzS5hVQDpSVLm3NJVR3hcJey80OI43FW
gTpB41MR9jVDN/eQ+za+T9wNN16yKNKr1WXcT4Z6j4fMzoUdAmSVITjGGqy2vNX6
jZFVI21ne81gZifabkpxmmCig6pDkTlhsHA9dB0lywBqOo3KQ6E7t6TIiJ15ULr1
Rr1vxE9jw09DtSIqJfK670/ERJtIVRwHCeyBgLz7vV/IWcYeYtVyIJhuMpWtPuoL
BUf/Dnmd22fJh/o8fYrNG/OFwWX805gqsP9gwzN7TySxw5lnmeE9ggr1M8R9+xqY
hv3NK2I5rcbgraRT83X9qugiFFQtIAn0SZmP2Heo3YJ9MQUrarmvkMOXytKhBI7a
+WAm3VxW44u1SoduDQltkKVlbEwqDzVp5RSMuNInORSNP+RLYmQFpK8UD4cZb2lw
uEmx7rvvQMLsmfmjhEnQfh610CXt0q/gtnvZNlcbAPkY4m2T0czYuA9cL2ywArZM
Ya84vxqvCvXwqlwIK18UxhOyGfYEUCUfPc2vrHPWt0iu/dTLdzYCo8gfA7aWK2MC
DUg66Skfqxl27pFIUUz96RbXyR0tG9F6mMOdWgyuqZUh5Mr4S0yDyI1r+1ynQV6b
exdCUobNN+CaRyI7qktV362GBebeOiEe06wjrAAElXqLCbEslXg5myl0jVm+t+1K
2R+Jv8zcFsUCK9XFaK/O29qElZZPc715bcXS+FukyfR9wKvaRKc6u6WRJE02LzVZ
0ty5yfAOxFDKjxbYV/xfdUuVIKVA1Z7mMKkgk951zD4yUJYfgP4NKw2IRXTIEi+0
DSRfmEPIjOFHn5Ae9asKmXp+jfnvAOv9sKezmrrsmMsWpFoFAGyuSy5ZyXgjIEnm
TnW1kJwqDYMiNgzTM/X+Grac7oXYZq9Lw8vvDSPdn34Zuveul2Q6GlI98UFc5OOH
V/76smknnphD5Smk6VJEP7bvfvTfJvPQJ0/xIoPP0LFFa5+iZ4x5XsnHkhNXTLb3
6sDsZ1VX/jPmZRO0XpbO4jNIV4elCNHaBk7+UC50axW4KtMteG4F1mML/6yK+f4I
6O1UDiEcxxPvJfUDpkhSPSfoWLE43eJgbr0Arm4YKjdLyA2j+jAD1aqXNv81gh8f
7HlRVh+yiZ+bADj+Y2bYP98ppwMu9+zNEGUMBY7dG2r2WbzHrDBciTKQvy3ZsxFS
vXcO4p7Y++Zirsxum+o1/sXi3Mz8uIigzE3fUVmbysVJ4ZYWBhS+/NwvOt3ufxvo
Y3Ns9BalJD/ljbZGSEvFhpgClyNWHzLy0FFpZRvpCzWvV8pKmkbs4dyPFRp+cgKF
dXmkWfqf1CNh1GDg+0mWO+V1NticcM2aTdWjWR4itvpBPZir41YeSIYCT7blzoCx
NtlSnxNik0VaYAGNjYL53HS3kfGJuVpu6vwxCWJ6PIhkvJMW0/nrfdrrBLkRj5RO
NANnLc81IOciOEqE7GDP8c4HD2HxrFYY9CqrGJJaMDFuhAB+CNv4c5nqYBmkYefu
l/W1N3klgyxJoYP1m09J78zDhv8ZS9M36ofAwya7Wv8JE6UHE/1E1qgxg6vycFEH
zt0gM6uk7do50yHE3YVuFmsulKXKdzdCEmGxtkFEC4pUN1Tn9sRe3d2CW4MFtriF
8z1mH3M3uk6BEOkAUgbpF874AFAzGy/r5HWPv8QdSDVsZqEfg0Znh2cZGkXWXEUi
jSHlaUvVCJzAHXVmHNL7YLqLOU0aZM2ON8NHoAsVXmS1h3IGNIHto1lIFWv5UNe9
AhVRSP/lUhdXIf7q7UH/kNyUYpOsESB3ai/t4ubt4eoWD6n+BSM6CPGzDVURL7Rk
fYX28DTcr/fv5HC7XVLSycQ7mEz+QVFXh6gxFTTuxpGBR5Jiv3azwcNmSUlCdlwR
Nd5hKU8GFFfv2QOQlgyBif4mfJbGHJcYduoiIsTLvQHMZtn7QEQx3k/lvOyjYpqE
GlPrJ4yineubGfaGAH82fZcjrzsEFpSiQ/UxDOCx6yDWfCINZqXm3AqQDk3DdWMP
BjlZJJbQOlD37LqPjpB1zk/LM7PJNEJFldcSHKQs0T3kQyMONIJ6ih5Yowo/tOAZ
l1kKGvhQvYm+FHQow1e2nTFPc2L7QHmEmt0uJJME011PZ8jR/bccw90MTHuOPQPt
UJCpAcNHlO2D6csRGg0wTH/CXbFVkBfMWVFPndX3n/vypbHTRN+/GOL7wFiS4B+E
w0Ae1woY5uVLw3EMOwjK8bAEVWhmsZkg6E0XHwNUvH3KQfhR/7/2M0I7jJkaA42T
Ira7g7PiQ9WzmlOIfSBdQHblsaw6i99Tq92cCpvACUwm83cUK3K39TsXgaokNYj5
hxbW2ZMhHuxjF/rcZsjcRCA/zncX2OEaL58jWhRBmzpze2C3CPJmAm1eUdzWLurp
J4ndgRoShI2QkR9rpyNlMEB83P8fl//6vH4Jj/gKS90hMCTSnw6iv4QEAz4cJZEx
RLSdUEOcuEdgtqKA1XH7beiNs9/66I755G0X45DIiSkWSoNsofvNX5GMQi8KHfra
Lvkwj/tv9nJ+y1RdNfd19m2yp5kJwyqJvZ4q9CnKvQn1qXHNYbcHeCFLknfl+YzY
BAhaHwg47t/5F7I1m7CpkdlXuI+ByZiYaCtAZbkYElVYPpNLzvFmblwqA7UjPrL5
RzA9qsqEXuJBLqP13d0iciEa3AexWFU9om+lDNHc8bIoZfxk3wW4BITDoM7CwO9k
M3mPHTwIU0zwauzqgWkBS7XNWGuFdyphRf8Oos9nlDfZr5hnQsRDKwusMxQQMpyK
aamXq/Yhcr2flUZ9hffQwVffGlLT/4h4WhKrDcYlO4XwY85AOB+9MouvPIgUt5Pa
fyWG4tqcFy5DSKTiGpoO4Y5N51tQqnO0X6j8fd4DuI/WkMfib+84Os+ZnfQ4BM+b
AnGWAqHzU2mwg1vSR1nBoLNERKLnsTUM8OX0qkhqo4hxCjdh+Dc7gqbCNVtUfBbe
fqdfr1EdJoe+GEdrT8J3NVl1AYzS3t3zTQdQ5yNzrP0kVyOUIbiyd5MpNBxLquLS
TwpOTnEcj+46IC6cXcIeVmTWtEmnGvGcQHdw95waGV0BrpAyPjyEfZ48ubfY7i6x
eSC4YX5vzM0DEfkz8tXrEkA0PHbOvuEJgJE0iX52fYc4vnMquiEY4GDIc7WRJ62H
j4nVpvjAa34DWgZ+RgQCXF95kSztyoSAL3Jnq1fQOZ8=
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-and-encrypted-reply-over-a-simple-message-header-protection-with-hcpbaseline-decrypted"><name>S/MIME Signed and Encrypted anchor="smime-signed-and-encrypted-reply-over-a-simple-message-header-protection-with-hcpbaseline-decrypted">
<name>S/MIME Signed-and-Encrypted Reply Over over a Simple Message, Header Protection With with hcp_baseline, Decrypted</name>
<t>The S/MIME enveloped-data layer unwraps to this signed-data part:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-baseline-reply.decrypted.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
MIIOkgYJKoZIhvcNAQcCoIIOgzCCDn8CAQExDTALBglghkgBZQMEAgEwggS7Bgkq
hkiG9w0BBwGgggSsBIIEqE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw
LWJhc2VsaW5lLXJlcGx5DQpNZXNzYWdlLUlEOiA8c21pbWUtc2lnbmVkLWVuYy1o
cC1iYXNlbGluZS1yZXBseUBleGFtcGxlPg0KRnJvbTogQWxpY2UgPGFsaWNlQHNt
aW1lLmV4YW1wbGU+DQpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkRhdGU6
IFNhdCwgMjAgRmViIDIwMjEgMTA6MTU6MDIgLTA1MDANClVzZXItQWdlbnQ6IFNh
bXBsZSBNVUEgVmVyc2lvbiAxLjANCkluLVJlcGx5LVRvOiA8c21pbWUtc2lnbmVk
LWVuYy1ocC1iYXNlbGluZUBleGFtcGxlPg0KUmVmZXJlbmNlczogPHNtaW1lLXNp
Z25lZC1lbmMtaHAtYmFzZWxpbmVAZXhhbXBsZT4NCkhQLU91dGVyOiBTdWJqZWN0
OiBbLi4uXQ0KSFAtT3V0ZXI6DQogTWVzc2FnZS1JRDogPHNtaW1lLXNpZ25lZC1l
bmMtaHAtYmFzZWxpbmUtcmVwbHlAZXhhbXBsZT4NCkhQLU91dGVyOiBGcm9tOiBB
bGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NCkhQLU91dGVyOiBUbzogQm9iIDxi
b2JAc21pbWUuZXhhbXBsZT4NCkhQLU91dGVyOiBEYXRlOiBTYXQsIDIwIEZlYiAy
MDIxIDEwOjE1OjAyIC0wNTAwDQpIUC1PdXRlcjogVXNlci1BZ2VudDogU2FtcGxl
IE1VQSBWZXJzaW9uIDEuMA0KSFAtT3V0ZXI6IEluLVJlcGx5LVRvOiA8c21pbWUt
c2lnbmVkLWVuYy1ocC1iYXNlbGluZUBleGFtcGxlPg0KSFAtT3V0ZXI6IFJlZmVy
ZW5jZXM6IDxzbWltZS1zaWduZWQtZW5jLWhwLWJhc2VsaW5lQGV4YW1wbGU+DQpD
b250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04IjsgaHA9ImNp
cGhlciINCg0KVGhpcyBpcyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMtaHAtYmFzZWxp
bmUtcmVwbHkNCm1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtYW5kLWVuY3J5
cHRlZCBTL01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEg
YXJvdW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhIHRleHQvcGxhaW4N
Cm1lc3NhZ2UuIEl0IHVzZXMgdGhlIEhlYWRlciBQcm90ZWN0aW9uIHNjaGVtZSBm
cm9tIHRoZSBkcmFmdA0Kd2l0aCB0aGUgaGNwX2Jhc2VsaW5lIEhlYWRlciBDb25m
aWRlbnRpYWxpdHkgUG9saWN5Lg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5l
eGFtcGxlDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDAN
BgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UE
ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVs
YWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQ
J+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+a
uzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVe
A5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShp
lcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5
NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+w
hUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgB
ZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAww
CgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8
ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkq
hkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2
XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxG
wy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/Qs
hlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8
PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K45
9CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdB
BXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVU
RjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0Eg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5
MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcw
FQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2ju
wdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQ
wXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO
63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf
4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I
6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAA
MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWlt
ZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAd
BgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcX
DKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqS
Q4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/K
tmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVf
nbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/R
CGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4k
m3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2
cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBT
IFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqG
SIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE1MTUw
MlowLwYJKoZIhvcNAQkEMSIEIKHPvLfnw9dsDhrKZlaFW3+cbW6ewBQ6mkp22q7y
BhI9MA0GCSqGSIb3DQEBAQUABIIBAH3cRn5LOa7nqW8Z/czFCRpkU6j2e8xqaw7/
eCh6GvC4emq/eAgKhqpbhw+QwEOYZCMmTe7GFb/eSl82QjB+zYaR+pGgVhBH57Zp
IOtobnzbOEsgzmUKakI2iaAuQBtOxMPqDRTRjMPLMhc6ddIRBqNeDpC3hm+sOXrj
r8rQAMDBJTck7psP72DTyDWDeVPw7BRMSnxz7FwSbW1CXFeiJ6mWhZ0Va1YgDpJK
Ic2uW2Tq/ob8jTjnPrVIQhq0ZxKOiWsHTMfzxRnH3xyYt/c/huuoDtcf9P3j9GWa
a23tU+PDSpfcpG5MJPe9DBzExWII7Z50Om8g6tZETD0+pOjNTAg=
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-signed-and-encrypted-reply-over-a-simple-message-header-protection-with-hcpbaseline-decrypted-and-unwrapped"><name>S/MIME Signed and Encrypted anchor="smime-signed-and-encrypted-reply-over-a-simple-message-header-protection-with-hcpbaseline-decrypted-and-unwrapped">
<name>S/MIME Signed-and-Encrypted Reply Over over a Simple Message, Header Protection With with hcp_baseline, Decrypted and Unwrapped</name>
<t>The inner signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-baseline-reply.decrypted.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-signed-enc-hp-baseline-reply
Message-ID: <smime-signed-enc-hp-baseline-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:15:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-signed-enc-hp-baseline@example>
References: <smime-signed-enc-hp-baseline@example>
HP-Outer: Subject: [...]
HP-Outer:
Message-ID: <smime-signed-enc-hp-baseline-reply@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 10:15:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0
HP-Outer: In-Reply-To: <smime-signed-enc-hp-baseline@example>
HP-Outer: References: <smime-signed-enc-hp-baseline@example>
Content-Type: text/plain; charset="utf-8"; hp="cipher"
This is the
smime-signed-enc-hp-baseline-reply
message.
This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft
with the hcp_baseline Header Confidentiality Policy.
--
Alice
alice@smime.example
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="smime-signed-enc-hp-baseline-legacy-reply"><name>S/MIME Signed and Encrypted anchor="smime-signed-enc-hp-baseline-legacy-reply">
<name>S/MIME Signed-and-Encrypted Reply Over over a Simple Message, Header Protection With with hcp_baseline (+ Legacy Display)</name>
<t>This is a signed-and-encrypted S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Header Protection scheme from the draft with the hcp_baseline <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> with a "Legacy Display" part.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 8625 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5368 bytes
⇩ (unwraps to)
└─╴text/plain 426 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-baseline-legacy-reply.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-signed-enc-hp-baseline-legacy-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:16:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-signed-enc-hp-baseline-legacy@example>
References: <smime-signed-enc-hp-baseline-legacy@example>
MIIY3AYJKoZIhvcNAQcDoIIYzTCCGMkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACjyNrxVYj1Xb+ACrx0kFuDPNhExlQkEjbJj
EZ3Az3gK6rWKIcIfSUIlwhqWJn4Vqa80/fHS0WRkaYuLRR+WBBoXszR6j+cEhHwa
MHYVoj14YCg9+AmGbU1s2GNSrxqPFRFbrLVHCHdM26+7mpjWx6NhbVtPTsZ/+MfC
BPmKulF7rImdumm8nkaqdenbvp+AjPA82P38Ah6FTMUeC5ItSqr0WnvVMvcL6NA7
8BX/WlxEYVmcIL9B/EfRmC9f4nDYudwfMytHELddT9Gv7MejEqOB8B2+b2K0+z7F
DqxBUK3h5dXgIDoPadGkvunqnTLFak1JJyIeXftPK1GCnglXI30wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEABvIWkrAM7mEjQFyBhNeJwopi
KUcL2wEHZJkKZxQcx1nzWdNXGhF+JCY5H0KmZw3fbcH4VnGPB0olqC1yarSiLuHO
dfaZB0ioUwzLUKobv5u3gJ53vd7LwDvZnadXAWdwSXuxbp5XCRnK3UFE00/djZ6k
K037U5tydzJtCi484Yd5BfaQwF8UPW3/JNxGFs9Kw+jmVGjWJxDToZAhlKNzILmk
nj2OeZcUyQoCtmzXmpTHDENz60IJZJ9KvbLhCpJ6owwM7818kOn/69ffTYR8dV39
Liy0KUISCODAVtTAsioyQQV/wBgwkmE5iTILa6WKPogsbxWmGTjItdQm5Ty3NDCC
Fa4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEIZLVXkwIIvlTRvYBsWvNdWAghWA
/OKrDfplfnq8JqXGW2x4c7ag9bUaeknkbqeNFeWbtYUXuUs/qEjYEnwuGoxs4KoP
14FjMC15o/IFDzURsGR644EvdxjKTgdzDIJ03SoUIz+RgdNgGCkGbGoBbl3t2PQV
645X+7uSfUqCppTceJ5zFyIZKoYlkdP+nqMSKQItXPydmaw01ipeVizufHb09Fqz
FZxZthU8O41z2Glr9y8y8PDHD7EpgZpNa1n4vpma+612G06aIuVFoIxmjMi+Zbbb
yRfJcvpPR/iY0M1H09ZvR3za35m3ffSBdE4P/Be13CBhEO6kRQ8Wpvzg3Hk5vKo3
O/FMT9+EiF4BZ0lIkzUxK7BEZ0VsLK89KC96P1Jsp9PDe18/XbyW1bLsuLdMfCld
XDq+Obdtv236mRpDeAR5TNtcFelr35ZZf2KxFHnnNVl/OI+UEx7kI1w48m8CSvKm
KuMQRm5+oQtDIYTqm0hiIogOmw73q5pS8oXbR+Am6sGu/fbt4ucE9qpU0jk0IkHL
4rLHAj4Tg2NOecFBTECvN+Ce/QMPQSqOmBsoPnJO0dWt4veyxFlIxjlkty33PsQv
ulcAF6c6PVef6lFSHx65KJVUUtzbd66h2/LYb5zkV8OICa0UQxGX5hMg1METhVyb
108IwQ2eGbCyHBlErwWsUY4xca7WvTEOmYIDcEtIKwL3HYauTjn2qUkhzfXkrARI
eizjTTkxP2fPFCMRPrMD28nDObKqS8ChYXOgy2U4WY9DyiZ8iKu6C3itXCFW7vkZ
Po+IsclwXmwEqMotPMsjxuMtS4LTy8Wb/KUk4gY7OQeBEp+u3zIBUNl2b8LQ6ZLr
7ktrD9GrEx5l4eGfoNZZNC7+27HHo0wzFjHLSnAHO95iilKTLy7iwhcuu4bHNyOE
rq63jKdaABkDoktAaMcb9EYkXBMx31W3/rGtKK3NnjIimsztxu44aTcGthbF30to
dcKyZrK2s/6/LDYfwyt2zljaoQ1F+ozCpcx2Lv0oR/Qq4M2DY9YekJ33aAD3QsdA
+JhTVNpWvXykQp/UzHzjfF5J2XNGZrJtz7KHzXTATk0b3imqxlct13J7kyuaKTem
HYlH5lUegRyRefOVjAS9rft4fbelCUwzX8MclbLH9buDB0tIZafLHDjlhiLHaYsF
PmYFSDy7NsLPUjrHuxpyY355es2aKpvz3u+38N4ykveAY1Rhh4Z9HNMnSssSnyBe
TWn8LogACMHGp7QZuXqhcHJMJZIH9QX3mxs4hrXliXivQ6vpsNnZDEBapEpcfckR
riujD6mQV6y3mE+wjTiLaC9ZakKosB9W6465ca8F+bmlKuaaH0rJOLf4I9mJw5fV
7IFN6uXMLEb532cUE5bixUrIqWPyeX7mHfr6EOv94bLcuAss9dT9ny/TXlY/FSm9
4DjbaaP7MtF5RO0MyBS3p094dEF6lSkcZykIWMtJsqa7qIynZOBPOKjGgrwMkNee
llwFFD81SESUC/GSOVr6I3WgMp7ZydaZ7KR7p96Gx78j6ZL19HsbauToON6TI/uW
kTSKVzZW8spUz45pzGDVKBnvD7hE2dO3poQJ16VS8YAPrPgbAewmqSA6vYU9TuUy
D8lGbxe+THB7U7eYO8t/PHCsD5MbJNBcmxX2PBJgPUqWIjz4oush8aJ17z12jkTn
yXecwDQAkk4CH7QqHlYgtam4+mK/A9YydDPObCnPQK6KAvGLfNoJEkxe5KUfBP4D
+uzUiTu/WslArHTABROsrnidewhpeUwCZYv5g2gc/i3stk5Dj/M5hAd+TDohWY19
9kYPRMvEfSMVR0OrwwS1wv7gBZnyy+Ovby0skOPgoojnbrQyb8tS0TTeCfXyQ2T9
1HIzR1cdC/58VaM80zQUuajYyMa7JshYl/xz01ynL1YY1uBuGpBIW3Wb+OTTtnbh
CHCo4/NvnSd2eDJPc8/nlQzy04R7ML0wQATBArLtd2L2DqDJT1Kw4ZRrXX7qvwoY
B4VUjtAwCnoR20mzPeioI7dYSf/dIfg11IoDHCt++g26TRPW6RVoaVkPMFEqoaFp
LOnor7UoQ5o/pa1RgE4b0QdJ2PRZ/EvaAams7LkHrb/3HWhBSZ0Z3k1N7M5FFjPV
Euez74xXPKhYnpLFNc72RJ3tqjkAUbhbgvp9Nx7CC3TO94iyy1R7OZhRnZhrcv+R
9PsovDR+HvrFvxIQnFBC5rrkBxKcPMIobPlDDoawun1LJEq1D380u91BUupkMkvz
fdkRr4zGfW5xOFiIHMtoukrWPsxad7Gy0jb/thROWPdSvbtnEKpfvWtEIovnIo/H
BheLoM/6dbkvdagKwg4RhI674DXH1PlYKgTYPKjcoGrn3aYLAkDKK50E16NQSNAF
4j/CkJE8DHVye7Cx7ehNfqmBfgDXCi9pZpqeJq4UOCArNV3/zmMAkQMhFyXGzzpq
7JsZz0EOKhwP8HbLHsV9qpq5ZUjZ3wnvtuGq0Be/itv8DTI5ezuOpX3cemiy9INT
hbFpRvDeGHeq9lwtgkcWNZIS1x7BtvYce8dsDZM9tN/t2d6J1DtpIb7AjpWn7ke2
WlTNl9C3MVMBXn83mwGyHFtW2wfZOJxROWNfDssCGfS0BRodMsm4LRqQnc8MNK+4
A/6g2pMxj0wikABBMke/+YgwlAEt+VKGcIexo/LOAoQDpG+hI2dRGfZnrKz7Hc4r
R1v6gaCqqErVonHFPNX8bGYUPrEwBxPwdzjj8bbAczwC0Y4KsZqfABysXUzQ0nOn
4JQ491uuydJSBjgP0Qr2ZuBpuRKf/m8NamX3LEZUfeixvSNzh1eNVL/98EhdoEas
nT1bfFNSbg5+UmaiQJs2z9tGJokUXtPplPYKLgr6DfoPqUe2yNTrBn0SxDLZwN0h
RU7CoxoKKHQY8QtYdwXQiOh5PGFGCzRloeUaYq4KDYYr6dOD2Ok4Yu0NxqxYrkp5
RyBXAI/p3wpBK1p6lnHmybbpb2gpSY5HGmKDdq54yLZjDHM//A4I6T35Nx47uWS1
Ix/5McCzZP1gFHXjndRU+7Mdj2OkBsSpdVZ0+OemrEtjJGUpXJoC5xHN/cxLQ8jA
gJtbK6WuZ7ShAFe/y946Zh7r5xFtDhNqFTl3q8oHoiFPDW4qafryKcC9faClKiP8
TDBkQZ3qgngiTEvSrVkfASJEKFHfNSl4dgVK41YkUTMT9y04C0rvMBxHGhgxEVFC
eRuWXBV/RPa5y1RT7N1iaMDtlOpBrW2Qq/BLw1jma42QybmDhsfGtgi9O2NBPdyG
SjgsMNQoRHNQ4dUh+kTsDxaz09s9QDASGa/ePVbEPMsBVftbIphOWNkvwpC6+k10
oJZgx6dqxRoJPLXLF8qdaVq9sZJL9ISaLJqFZXflx8541shyyOzP03s8pzAGh9e+
u9oYtl+DwvBB+GoGqBK4zwGDReXBlQ5aJbq8QhzoHPnhlpfXsvssPXIZRX7Trq1d
z7J3iMJav9bDaAbuGWvP5jbMJ5GVypnjgbaDGO94YxkScou2yW+t696iVJaMVadQ
bm+N2pgJDiC2yCCzbEiWGTeMoW1irHPLnBugPxQinB4KQ+nOg6v4K1VbgZkWuafe
LbQb9+bwhiZ0YNinzaQ20fEf7qtEUvtJ1P3UkZzW/MD+eFRLHJoN40RDe10PaP2r
aMOwA8Fsj2FpO/8Y6tlGSEfZ4USeiivrd6vw2JWs8jKV+5EOSJwzeCmvi6uNQe8L
iJkkA684/Exp90W/ASQk1nEy8MvDrypH4UdQQ2+Iyef9ukOL1wID7u3BChaikbdw
2l1Ph9caHNGSMxr3CJU98mQo7NytCSHv9tD6BJe+Ilt+s5NwxVg9JD++hEN/agKS
NsYFRdOAW6XPZSN55zA1ypsVHGGUWaSMSvLogxlVDlzBzpnTXsidHavUwHI09fsn
LrD5FXDjjk3iU8O/ara4Vkg7y5UI8RS5SnU/N2MYVvP17Mt83/ax0D+J+hXKRJ48
fk8TP859Ec9g2LMZPUCsK0K85adKh5/ETjNo8stdhWkOfdapisSg3vkdCT1Btr2f
kTrT7z8mX620vENI4EBPO3tX6V9waWeQXA7ogDZ+arjh9eThdS+QZj3SpkAPPy3X
/FbPCaFm1IUO7V8N5qCpMlb2iarjvGVbtNFlTosbBYQuJ/ztSpZcF8lQ+ukTw9OF
4PxZmGtU/bmDGg/nwmIIzUliAKBQ8MTViWe4nk6r4fdr7cpNph7TiRhG8fM9zwVY
QqJP0tvy454q73DqhIbMZixjINeyq4C7HpFp85/m0/cSgGdqfyDjVTV4koQb/RPG
XEEpOSx72k0MVUoRF1hO83f/QiXZWdfIDTBbgjxZMtW4o8qG5xigFfAwpTzy25GX
l+EMbxgD+YSf7N1zdV7zWBy2UgV9OdFkWYd5J30ThaDJ+j6DsDRawz132INUWA00
WFBWH/jspgzIbCThPWt5E91flhm11qrIakJi9ivVjPOZWGVm+L37CA8PxK5cWfg1
v+5a+HuU5k2I5w02C6qvqLhAhQ9jX2VtvuOej3eLNoFbOYrJ8M7ZbRemcitso64r
6rdbFn72FwTiGQdgKp7p+jkSIIdK+GWT6lWVQ2ZPHyREZOMPGeZDtTW8JzfjS6ca
DpxURVz1VUEwQYxd9uCtjjslmInatBKUmWyoRmMMuYWEzsr6RkjZoOOqP0CzNSMz
PJGuRCrU8uvO6/xFu7wnk195O0sqAS2n0He6Ek3Y24JerOYwuaOsLeEymWt+KSZn
uG5LWvVpgot9yfyE1HJ9bIvQl/7qxKbXkKll7c1U+WzMpFQlIW1OgIi25n00Mr+H
YcYr6KdXizAhuPAjRQl7UFKIhT7D0qxHh8e7+gEhX94XPX1B9PJsdSq2lm3kvK2n
f8/MRKW1RphqZdXHkE7QtRanyZMxbC0+Mz85U3iCkkJqfzTnXYorvFNdTC5YBLQS
PFdlrhtUBgx82GlMC/OnDgF5RwIRBZsl+oZ46cgJxVjr0A0pWmYVfQ2mUmV6gqQx
kOOWwRGslcXN0KKfRITPbrIge/+68dwtR0ftuYMPZ5wmCCna2LbvQYGcKZ8NRtQu
Q3/fDGSZMMQo3FC1XHVDVlBRg2qLapJe9VZM08RVx2vBcB5IIVceNPwkZDPATtMd
lPBVNpwHnb5JIM8xiDHomjhPL8P0AuuMMDcmUsjlOJsgwyqJArI/JlhoFsMUh9NL
7jNcpyuk2YzizC5AOYUoa4XOpwLVmRShQ5reedn8v2oIch9KuIT6dewcELGQHdHR
0Y7UCwOsQYWxCIYu3NjkssO7+xrmqrffdgJdq7sf8tXZpBqhOQBtmrqydbnx96JQ
HRtZpwk+X2Lc1d2jd5jfQmyk+m6MyB11rMS47CGs39qWyXs5rMr6cFyHnQYfaXR4
o8rLT1A1f+K70A6JrEM65Ka8YkeUzSiNKDgPq/OThItAFe04GH3UpdBpoiT2oezy
rPL2ddLfMrOoiYIHJwSXPDlHdIYvbfxveZUJoAZcE0USPxneKVyb1A0G7rRj1ahw
bRdQ/voqOLQh+STRCZifHws6JbGfFikLH06TB737Qo4E4XxZegQFIbwgg7Irc/XU
F4fdtew5pMhEpGC8Im02j6QCs2Ls9cJEZo0LAqyjYXTxWgUATvy9gIoG/99AuG8O
wGnqMQmYrX+swf8QAK9wLxE4wSs1ZGyc8oWqyF9mfwdLSx4cfalR94930CgI6hBS
MEFAlTBVDKvEr21D74f1S/8Ya+pUD8Gxxnp4MDWtHEsls9w+Oc4UDgq6S4gcMMAE
sTry3u/D/hFZqRX8M2y7W7Adj21FyvC8Mm3OYCbXOGHF1bie4AQ1wSiS+fjEVVVt
XSzRozuULU9HIjemb/oLmVzs3Bx/U5nOIf5ucCbUxCOA+Ol6rHNMMmYQHwpu4rbu
+d7wMRrtVWLEShy5awYotV9XLI7chZUB+pXhOBljGA9h4DChE9cwvHJGCEwfOutm
63/6T8uNwI9OI0LAPbbbABSR8na9qzrpV0STxuG2TQ9Qh7cCHRnIfE+QRJuy6Xfc
rVhLZB24GlCEPf0kys4RPfrcHFBfC/rAdiF/KIjD2vw3oXdccd2gdn0FrJ9fFPfM
ZMWKFZKSB0vUFUFAyg90jMS+J0MoG1Dnmk9ZtddhLjh/IiTInTdrWU+T02XG6Vlb
/qNEFkIw6vbaPwoLzowSeprVWptogqTnfCaQPPFUv70+14mNTL6wi0ufinwhHtF5
fvuhUkekixn5M61+uE7czfflyZnxoXTzI8YhSdRnVCcrJ+9AV5dyx7Cr3ELipGLB
2OKWNHz8V/GddKLN2Wu+ls0CPiss/bCKW+UJb4wtxJz/fHp5gkH6qc3EqZ7i5crJ
ozY9n7Up6WSZgvgzwET0JCbcHsL2+wStkSaRlhTyczB52cNJTACi6uXEYyl9om8M
7BWq2FvDTeUJDawB+rBm+XzyL95ySrXhLhTN9N71U+Jk1CDbf/zJXVbu+NDPhEpY
7hTg/P/u83DbXkUR8w0Ja1nSjA8ze+Fxt3fbtNPSzG/bC7Ut+rGkJsnzBBYpTUjt
dbDoEdjj0cj2z8B7LSLdEdtlueLKLtIdYFPDdca5CjoEzja+4I3mNU8FxF/CC7Ci
KIGaRgwy1JW9Lsi3Z0QM1jnugR0RgsLisIU4yX9pogO9EvWmo00wj7kuM4OVGggg
y2/c8YlJJi3JvyBayMj22CrUtBv59fPz+biFloYe1nHh6jGJB+zxsobKpEZ0UMGk
1Q8k6PKznMicR0M8cummltrtNcwk13470zy0VCisjIq4j7YLfSkUH2Wo+3WgHdpN
wUAsTXpE2HR9Amg17uOU7qBqBkCC4nbArddaw9d/Jv6IxfsGx5kyDK1X8Nkalqvh
wT59cOw3GXzOeS3eIfvu5RO9o+d2mfRH+77sRkvPIXOkM/bDwZH3cPtT+YEveqOK
8RJTDQeLMqSX7lo1+VC+975x2Wsv1z1LBpWiw68tXLj4De9Pp8O5BXnfBS80vJFY
JMBtAg6MIVIQyblv+QxnYX09CGCxjqjka1PehmYpafcP10OUfU5tSqJb4kB7MyUj
NRn6yYcJXJBAt1lMRGlLDkUTN/mswR5Bzy4NnzThZb62sUZ23xwKJVOoApexfBVK
rJRaeuUaDx1upyGfMEVuIlmCT1aYIXBb3f/W2zK5219f2dbAFU0goYTKJoohBzGL
tJ3/dO5jLgje9H1AgZS22UVUI+FQo8uG8ApPJgts3AW91fjohjzzYCp7T/zR7x4h
UERWGfMG2fHYje5/QuyobVCKt8QfG2DhvSIMDPBY7KHO7bXJdEmUwb/aSeggmDCp
LHK2foRU983nLGdDrp2q4TWCoMGVSmOwBasUjVHiUA8=
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-and-encrypted-reply-over-a-simple-message-header-protection-with-hcpbaseline-legacy-display-decrypted"><name>S/MIME Signed and Encrypted anchor="smime-signed-and-encrypted-reply-over-a-simple-message-header-protection-with-hcpbaseline-legacy-display-decrypted">
<name>S/MIME Signed-and-Encrypted Reply Over over a Simple Message, Header Protection With with hcp_baseline (+ Legacy Display), Decrypted</name>
<t>The S/MIME enveloped-data layer unwraps to this signed-data part:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-baseline-legacy-reply.decrypted.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
MIIPOwYJKoZIhvcNAQcCoIIPLDCCDygCAQExDTALBglghkgBZQMEAgEwggVkBgkq
hkiG9w0BBwGgggVVBIIFUU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw
LWJhc2VsaW5lLWxlZ2FjeS1yZXBseQ0KTWVzc2FnZS1JRDogPHNtaW1lLXNpZ25l
ZC1lbmMtaHAtYmFzZWxpbmUtbGVnYWN5LXJlcGx5QGV4YW1wbGU+DQpGcm9tOiBB
bGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NClRvOiBCb2IgPGJvYkBzbWltZS5l
eGFtcGxlPg0KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMDoxNjowMiAtMDUwMA0K
VXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0KSW4tUmVwbHktVG86
IDxzbWltZS1zaWduZWQtZW5jLWhwLWJhc2VsaW5lLWxlZ2FjeUBleGFtcGxlPg0K
UmVmZXJlbmNlczogPHNtaW1lLXNpZ25lZC1lbmMtaHAtYmFzZWxpbmUtbGVnYWN5
QGV4YW1wbGU+DQpIUC1PdXRlcjogU3ViamVjdDogWy4uLl0NCkhQLU91dGVyOg0K
IE1lc3NhZ2UtSUQ6IDxzbWltZS1zaWduZWQtZW5jLWhwLWJhc2VsaW5lLWxlZ2Fj
eS1yZXBseUBleGFtcGxlPg0KSFAtT3V0ZXI6IEZyb206IEFsaWNlIDxhbGljZUBz
bWltZS5leGFtcGxlPg0KSFAtT3V0ZXI6IFRvOiBCb2IgPGJvYkBzbWltZS5leGFt
cGxlPg0KSFAtT3V0ZXI6IERhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTA6MTY6MDIg
LTA1MDANCkhQLU91dGVyOiBVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24g
MS4wDQpIUC1PdXRlcjoNCiBJbi1SZXBseS1UbzogPHNtaW1lLXNpZ25lZC1lbmMt
aHAtYmFzZWxpbmUtbGVnYWN5QGV4YW1wbGU+DQpIUC1PdXRlcjoNCiBSZWZlcmVu
Y2VzOiA8c21pbWUtc2lnbmVkLWVuYy1ocC1iYXNlbGluZS1sZWdhY3lAZXhhbXBs
ZT4NCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD0idXRmLTgiOw0K
IGhwLWxlZ2FjeS1kaXNwbGF5PSIxIjsgaHA9ImNpcGhlciINCg0KU3ViamVjdDog
c21pbWUtc2lnbmVkLWVuYy1ocC1iYXNlbGluZS1sZWdhY3ktcmVwbHkNCg0KVGhp
cyBpcyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMtaHAtYmFzZWxpbmUtbGVnYWN5LXJl
cGx5DQptZXNzYWdlLg0KDQpUaGlzIGlzIGEgc2lnbmVkLWFuZC1lbmNyeXB0ZWQg
Uy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQplbnZlbG9wZWREYXRhIGFyb3Vu
ZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMgYSB0ZXh0L3BsYWluDQptZXNz
YWdlLiBJdCB1c2VzIHRoZSBIZWFkZXIgUHJvdGVjdGlvbiBzY2hlbWUgZnJvbSB0
aGUgZHJhZnQNCndpdGggdGhlIGhjcF9iYXNlbGluZSBIZWFkZXIgQ29uZmlkZW50
aWFsaXR5IFBvbGljeSB3aXRoIGENCiJMZWdhY3kgRGlzcGxheSIgcGFydC4NCg0K
LS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhhbXBsZQ0KoIIHpjCCA88wggK3oAMC
AQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UE
ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1Q
UyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgP
MjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBT
IFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpM
LcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLYYy3iOx7Y
OqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF
5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEH
AMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z
5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAMBgNVHRMB
Af8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGlj
ZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQE
AwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0jBBgwFoAU
kTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJeKCcsTKc
FqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN
1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc9gMGHjMT
g1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94M5274XYx
W2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCqh64P1hIe
Morj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOURza1SkCv
i9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqG
SIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEw
LwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJ
RVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2Uw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2af0+StijS
NOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwORjrc9BaX
4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z34rTiz4D
xMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4xrIJC3Cz
WruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3vzfog891
9MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3SeOWwks7
AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIB
MAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggr
BgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQ
ENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3
DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sYonX2doiz
cGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4
ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqDIdqGJdGf
8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+
Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI
364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0wCwYD
VQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExB
TVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kpolw69Phq
zpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG
CSqGSIb3DQEJBTEPFw0yMTAyMjAxNTE2MDJaMC8GCSqGSIb3DQEJBDEiBCDlm+B5
0QBs78N2wRl0kf1Exib4redr1foUWvF3vmcyCTANBgkqhkiG9w0BAQEFAASCAQBc
m0fLRAACOYr8JymCYS4CYBWzMuTqh1DOat4MTroQLeNXvV8NijRWYdbHFcL1hrdy
uLBoqHTkv29eG3Lp5+Ah+uYLcPeamzoxWgfiLgPBaFSQU8ZyxPqVRj2xLq2EqG16
IW5DfieHgVN0bv9P+gmRdKdzG8+hiZcZXBm2aJtN8oifP/ahgTzePiBiHK4Qvecy
q+Cr1gFwVlT+1t/2MO1tGqif6R14NCmUaHzeOvzEpJs1HlE8W7yUjBdrS3my9KW1
fAv+chp5rIXeSrZGTg7ZhNLcq/uq1H9IpgnYvRXN/f6WhggdVUZ5BJwPqbNcCJFl
zAP8CJk3IK1fzZulSebk
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-signed-and-encrypted-reply-over-a-simple-message-header-protection-with-hcpbaseline-legacy-display-decrypted-and-unwrapped"><name>S/MIME Signed and Encrypted anchor="smime-signed-and-encrypted-reply-over-a-simple-message-header-protection-with-hcpbaseline-legacy-display-decrypted-and-unwrapped">
<name>S/MIME Signed-and-Encrypted Reply Over over a Simple Message, Header Protection With with hcp_baseline (+ Legacy Display), Decrypted and Unwrapped</name>
<t>The inner signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-baseline-legacy-reply.decrypted.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-signed-enc-hp-baseline-legacy-reply
Message-ID: <smime-signed-enc-hp-baseline-legacy-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:16:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-signed-enc-hp-baseline-legacy@example>
References: <smime-signed-enc-hp-baseline-legacy@example>
HP-Outer: Subject: [...]
HP-Outer:
Message-ID: <smime-signed-enc-hp-baseline-legacy-reply@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 10:16:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0
HP-Outer:
In-Reply-To: <smime-signed-enc-hp-baseline-legacy@example>
HP-Outer:
References: <smime-signed-enc-hp-baseline-legacy@example>
Content-Type: text/plain; charset="utf-8";
hp-legacy-display="1"; hp="cipher"
Subject: smime-signed-enc-hp-baseline-legacy-reply
This is the
smime-signed-enc-hp-baseline-legacy-reply
message.
This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft
with the hcp_baseline Header Confidentiality Policy with a
"Legacy Display" part.
--
Alice
alice@smime.example
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="smime-signed-enc-hp-shy-reply"><name>S/MIME Signed and Encrypted anchor="smime-signed-enc-hp-shy-reply">
<name>S/MIME Signed-and-Encrypted Reply Over over a Simple Message, Header Protection With with hcp_shy</name>
<t>This is a signed-and-encrypted S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Header Protection scheme from the draft with the hcp_shy <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref>.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 8190 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5054 bytes
⇩ (unwraps to)
└─╴text/plain 325 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-shy-reply.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-signed-enc-hp-shy-reply@example>
From: alice@smime.example
To: bob@smime.example
Date: Sat, 20 Feb 2021 15:18:02 +0000
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-signed-enc-hp-shy@example>
References: <smime-signed-enc-hp-shy@example>
MIIXnAYJKoZIhvcNAQcDoIIXjTCCF4kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFAk5Jw4mFC+UC84fvpvWVuVYa7lz/mqUPw1
jVB8JIsTrvGAEVoW5Jm9cei83og4JLMUOIxM9WAuJEUbUApScNRBgW0vSyl0qB8E
4VdNXWLA0Hsh2LYySirv0yxb0cGuvoWdgGxlqlUmgoHMcwcr3o0F9Y8HenqQkE/L
aplaZ7E1TW4OGmDmuxxUHUHPER5QcS3UKFHmOrQga7Ecnagzlw7SLiloFNwOFhMb
oqAbKADbMdgn27ThOoroxT3z02GDIHLaYa6uP9IVe/ysFPQTqjKZhd+6TETLh1/p
0SMix7NDaUnm9YiZYIzsqsQwKTCWYqgBhl7uZ0MrrooZNQNn1rQwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEACpVIIC327M39MPcp0ozCdnwC
eLqFcDb59GdezAghfnv5LE38ZBa8cl4Hq010yIE0CQlbpW0NRbQ4qa62PEHsRaHC
hJlBhkOSs5xw/ClO8RRPsQz01t2j5hA1F9Khe8z+OC+TaLBFVjXm7v6SOnp0GHSi
Rcy2QPTCU2xj/4u0wGNQ5SMxMg9v0RmnKs7I5fLHJDTgBQ2p+YLGp55LAIPQIA3Q
QD4TjlsZrCYCK1RK/qj2/0p+llf9X5lVPUe0kttJ2qu+lPWJXQ2+FYB/zh244v5K
fnD5DGok2NK96pr3HToJTRgTTRgA6wKF/6tlE00BZHRqr1xhUL/d4ZMkfsjpdDCC
FG4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEJua4/oTK5pBnB0FVr+FDv2AghRA
NffO6MgeUXY60oPjjAtWmKdtLrY3CCr/iioPo04wnBngRfEHJQNkqJ01gOScql+w
eFP5u+7znmTLC7ib9Y7Wed8KpObxTISfyLmd/xByN1fIuDyd+mejL3c5O9LnclI/
Kng0VGlxbQekkITS14iBrwgIvOSsNDBAKsVpyQDvq2gkOyR+e3fTAKFtDpEovs63
48iKvZu922TkdxTjyp/wQjtB9lVlWqPDnHr+boJ2TjGZomEIAwat3mA4+ESIbOkR
0qPjgLFqul1mH/XA7dvW5y7PqN8WiUKf6dBnesRIjv9Vhq0a3OFqdzYdKy9KpnXU
zI3o2GWC3xdGJ2WhX0L+J5hvW22k+CIgrB02Y+1ddESmC4gsr4LqOSz71erlr7cR
qSc7URAqQefd240iNaJfKv3pkTzUYXBnclIovijegtz+ypzbv9h4Ejr6CyETCqwV
+HNC9216ptAGhG4aobQ4cEgMx6AYgVWk21gXe8/ZsXm7xWmkdqAwCNNBUExdOQNw
cSFAVI+0IsyPSoUBTyA9CL5oQkODjviy4lvswBqjJYuQEGQnNZffMuuNKESJpA30
kwBPtVhEba6fK0HpW2XStVzhpgOjr/J8OHqfw4aTWFuHOcZbOqNQ424FSAZdNbsb
mUQWOCPvzdM4tGM27T2MbC0z/ux9PXRqola5/YcLkjm0ji5hntITDmBTY2XgvEgC
yr8UoUFJ5xEWFGQMcyUkN/WNF9MdGRvMqKpyKimRqn+lY3imYDOQlGDbXsufJAEj
9tFbxG58inPfQl9m+oQ4KnMGH1/wZisxJGzZT4mkBl7155+wfATa2Vk35gnHZJ04
8CrdW4k3y0L3Av5uDk4XIoWBrRk5xMUF+ESceQ32NGd/PXaifDe8P5NnxBYw+5Sr
+3+Wsl4v1CUZoDAEvCipqNKIT5MV8wrSADE8WC9lDYsTeRWx7dxeTdiIOQzKhaUL
8rjgmWF2+SMm0HL8eX3ibROVzNl4r6V3BKGJrbztHT9kKXRCPsOmpA5XLsObNCXP
vqcPKIk4XkzLvPgZ/znIa9bhnPKY3BqphyLDMVU5p/1Wp4UIztLmiqEGZLkpHpCM
pa5zd3r/C7Lk8EqOGIA8TmwY0iuiWZX3+Zegsl55QYsOBmSS2/2XKyPGI9+QPond
SOeyEJaxUhtJtXt9mqae9doxL4jzLfc2IW8Sau+WmdVXmyZtxPxDp9fZc5pME/dD
uL9RE774krvPtGvpI45BIAlKVxPpalicEURf2U8QpDBcCAO3hml9nY8t5nPGV1nm
gkV6DViWJkLPCSl3a6l3faIQUWR/ERLku0omu5zFToe1Xq8oxN/fQeVETMNasiTQ
n+ReCFvdcMbR3aD0yoC2obz5BImvIXwde7Tw7VWYRuuOgngluf6C1sv+uvURHj9C
eu7asNze8hCdhvkeVpE02ow+ou3nstMsbTo2xdjXPGlIalFO/kbZjOAlV/6E9GhG
6eSV36Rl77bj6pJW+XIkYM0UHUNNZoSrxwX6EuL/+P0nVA72tyP6T0ZubuJtSSk9
IeWI7Tt6l4PGdFj0UT22v8QXbfSFXSH3A+A6DUXOQn2Foe+pB5sLQBdrD3iJmBpv
j6hN2rZCd+N5WjRANUpToD9f82BE39fm8Cx/DdlZTSsBy7QA5a/Ho4Emu3mt0OzA
gUPPgru48T+/qZs2TAZ0i3Sv1Rv2orXrbUW9UWyv/T8bD5ICggHVRmisFbZyN1h/
ZBkZCAO0vVq7hbPOAyClb5/Fc8bHXk4iKlWCt1+4agzA/TjPZmN+6V4DFdJBLf3L
EPvWW381ejEIIeGx9wgMWiDxc7QZaIGIF7n9yKrtUeGgz8D2NF6P5cweiFJ1U5zz
VoqIyxwE0yySPzlItRl6rkztn69yDBfzUZTaX4oWxLyVW7Lv+F5Hn17HC4H/I8By
3aWPHbYUXuSXvXvXC+R287RjOyNi0efGQm+kKAOn6386fsw7MvJ0tCGIzLWdhWMf
TZtKSTOQ7753xxcQVx+4YDp6TaPx+qgT5MjS6baHVaUR7YX+oFQkY60bhh34fmzw
q5WA0MQH+310MbhadPvC6CcDtdz37iHhaGbMf9fc2OJY2VMMJx/unT9KTtYh/avZ
OD/7sLgkVCkkLbtpHchfHpGvQJkTA9cx0/lEYxKTb5VLo+pC5+x9CdoGvuI/hWve
igy5BF3wxfgNK61pusCXS6VRCJuG+ohtg1iQK5NRJA0W2JX60AlKaiRJawB0IFQu
XUrri1leiCD4zJHNixDMkawoi7X5TtcvKjOfhiRGifRULn73UFLL6tAo8Fy/hWGC
qYIFACU8RjrlvDPVjLiFPQCsDuPrxe5NSt7bI+C8LzeqI73pYGaK4kSNtSMYk0E7
Ls1jxKcRVh602gA2sNoRRxirScQsF2UW0BKWpKXIunzvL4SgzHo4yuS0U1H44M9E
kbR86G/KljXKBnVnW1H/ou9Os5GgCbJn76TxVRzpeRWAKOX5AhU2OQYCJb0MxZl9
wRD7Ehsv68CzE8Dw4VBIjMku4D2jRov3fu2LGmreQG4MJEQjwUNx4xyHNTfr7BDp
5Z87q/rCa/GNZX8zDXi+FrEy/4JjM8j8VV7MC6cGMnbAd8fqQPVPQLtcHUQgGbuv
Db9gQF573Ss8ttWm6n55pb5eUU7wLgcH9YbXdLLQENtJ62HTxeKY/HD206bCEQfA
zqb3/MWyIElvUiIci9hGZCowzcTm9+JCry3/JBr3hkZ8+OSvor/x1HRjRqtlYW3c
EvuyYXFJ7/dD6yHrqdwJG7AhJbzpq47Y4SUTWpDtpM+WHGaQFj1B7JVP2iYtxsDa
nTLg7Ym6GHtH5ZwizjkZlDR9WBWaOPgpknb3JMbI2pYLz8p/69fdOkMwudl4iE9+
iThb9nf2Z6iVhZzxpSei1EGh/5EMQHGLIfcrZwIu/vuk6GGIGYF/ktUAdHBdengs
PqRYP0tEaNQF40nG8RPLPiOPiUlxvOKUl4+7ChD0so5Y8fVDRlgK7GCJ8lfi4LoU
DLGF3sto76A3RgpmCjSh7fSk7IYRiZm92KwTGssRhfPnABqskxw7rXtDcAOg8uU5
sND5d41btT6GqAQHWiYrfAQN8cIZd2WBSiGZG1w7/KPRxcoiatkGDlYJd017ytbH
QI2C3m9v1GpykX3b4sYN3SkHU9GSkeAJHHa3bnXlzbsmudhAL4Ql9YayagABbdA5
VwzGFIZ/43ybp+MQYx5nBl9y7RwxDd2N/kZZXXaqq+9aBKLVhpOpngBbxrvOjiuH
e4SaMN9aOxJ1oiYufu7+azgIcqia6cDTlR8jgYXACPuvZkZQAwkmAvQlIvLjhv2X
O1nogIyWfhNYxJqpxrWexbtg9TYHDnr9JxAdi0dfrMIDx+r10MmF0Sd+Cp/LFMxD
jaR0Z1Gug4CAuypdypVnif+a3FiltDvtjlwaziKG8J5Qcm1X7+7gv+RtqcLnsaxv
70Gd7o1XbiAhNvEUWbM2wxSM+T7zgFdHI8cEjUl5MAT3Vf2gKxGfQibd8z9vmW9r
HZV9eN37qlQY1MS+rO2De5jCLdi6WcMP4CxPaRbbzXPmUm3bDesOf2CZihf+HLru
RPNI4Mg+xy1N9VcMVSXl1SlN1r4yMJdQubdzS722gw7GpIaxVjTQbr6qAtE0xon0
pUmaRwABerAeiFU61t+uAGeP7dCG5MkfL69YrBBVf+jvZeHzcnBNtBuNvBhQy9er
SHL6Gst/Uybdbc+VCboDX0FNb7FgDzD9sN8tkBhP2vYEu1peOqZeVZBIvJpipaSO
PJOVaqmP6Z8Yj/afEIfl5GY7+l0tKifew4gTIYAtdEUqc935yC9dvH2wjVv/OVSu
yfIpxao0AcjGCRdByH/yhl2cwvydVlcjdVjnFi8r0NWjuBozKcjB9urpjVdjoboZ
GHE8L8NGsjGQxzT7oAiTY5VfYnmMlPehsKXNJ84YYsRvK0P1fFk+YG7AATKrQQRC
K/R8v7ymePqfC88281jZkVA9deNoHgRdjdZDxl55vjH5+DX36K8DtSlANLavnZLi
uvltHl0pT0zPdg3XpFyqz1iZZUZe+M3O5EBpbDn7VayM75MwFO2gJhlykEGOBFAA
2XyrEl82tQ58q0pRZy5jW8jcaZhn84NuJGIwhmAoytcW5dqVnDvKMbQZbqiN/nhu
yj57eMnAfR4pl3MtFbI6zAZLnsZ2Re0m0TgNk62F7QR+pg37OMYNvp/P6Gong8zs
3+hDKpj8kfG1GgDf0PNzdnRGsnEcKDx5DpeaR7o43PQAPjIv8ESov7Xrbd+zilQ2
E1haaVh4NWrPT9lFApiDLQY9KFSGHeb/Xu3s+p7xZWmqgML4jgDXzcKCKPTuKDL0
qg+CVAeFLOG95pGrdTo30iUV232E0DV+OzhOF67B5GbDu4M27cAaCJoZN39wlz5Z
C80bYjd3XAJfGiBRWRSriu+HugTDUHS47oe3bJMSRd+qrQaUOy9cCqwOEgvQm+9u
rm1uTM3aeDJzQ8oToV5tc72OxvNRdv0d6sZPOStUD07u6IXSN+S2eSxw+jBl0jQ4
lSkXBKPpi2HW9Zvm/PuDdWA5cYRlgre+rxvztbg7KMzRheKJE9tz52FPybJftvyZ
1J3j+g6u8DC9WLetCA0/HXw3aiGF+vuBeaJM48jMNRxZGd3dRmwALHsRV53mFa5S
d4f8F4kTtXrqBa0Di9qPMKznp8Z+BbXtI602Lv3IdPEaboyFBVJyGMFxINDmuyIt
B3fWbEC8ZsZ6AxZN1nemckf1MEkyhNC4pwZx73nQ/qNleRVsbjXTX6qiGlrTaK0c
PZ5dPJFJuNeoCTtowqnsK7eElb/qKWr9SbjUq/Kmnla3FWxo4+P1goFnaZmacfEH
mhs4vTDHsgKmBB6rkIeUAxxolb6TzLDlZqUS/EWaJCA0gGJSCtdh7W17CwtRuL67
vygwTQqeKNi4P7/DGo45zhCjOsABBAQZ+0i9fVwAP9rTc3MFgb72jTfEIzqDSfzo
h0FE+9X5ssuYZUyPUi3VFCOm4Qxv/LVFCUKa3CskcssjhUQkbXVX4gltDigPRFms
7xV95x9/MEO6RzEZTy5IRmWVImePuKn7lH+TCoTJDxpHC+BmGxuMkuS0qYSLwlxD
wuOO876bUHHdfaJ+JfAs1c1aC76AmL44AfI0eBMoqPxaCD+VdCkDsTbU+vEAOZPe
gi6f6ta4DNMdDGk2unqrGGYaCY6n8ZOWowI40/Qtyq4AgQLT1TtVq7CYq3K+vNVc
vRvbsqwQHVKEwSA5iVVsOkb6YD+q1obEcgJRN+zHNC20jFDZMPaPRJiu5hk/JLTx
71IRKblxaYqfbO/TSNwlRezonDJWTQqvIt5erHXjjGmSYTddadf+dVsaLbuQv7u9
W/XFZzA/zZz+mhGHYeiRmMZ01eyxXCXiLKvc2DnXwT6+MMolOSpgdHgApfpd0uVO
yeiwtlTGUD+cJJcnqkk3rdOv8rm76ew3TpixPYh4xg9HBeeJKhkpIVowg9ihgUge
/L3zH1iMiSk1+fPbqFGmfXbLJ0sy2G83sIgvE4/88MrA4+mKGB8zORJhYdZ8TxuZ
r8GNW3hoXh6ov5v6jEYoGd3XJWsYcJJTtWNtPwMZua+u234unR2sAxwYw3q+w8yX
LjsK9nOXuhcZNTZyGIUEJVOBEb67nMK/UhNiFRYQAKEXJTvO8vAh+gzFgDlHr4+k
z23Z9v6Z2v1zwxAheWcYNER+Jyk04FiP8toA1qYPhx1jttaiffXxdHJWs+soQjv3
/mGD8vTogVJdGjyaJmab7jLTbp2zvMMLKqkN1byjbjZRhaH7rftMxoD06zG9Ca52
ehAhFfsiEjUjZzcUx9ynvBXsEyV4rpRzCREUA6NsL7zrYWIGSVeLn8pDBkk3gigF
JVg2mN9POZYSlZIctw9OhOUXhCViHM5+dceyMcIEUmMyFgN8yDe86sPSnXqJ6cYQ
xAB/TzIsoWddbLUNNzK1WnRaarXx7tU/2iEH9iR3A192b4pZ1126JfURFwhECP/M
cY1Q3lHSMB2Oo9RRWYvlpsGck011EcMwlYYIYxK50RtsmoL7PF1OFK1mYnTvPTyb
NntoJ/mem/T3rnmxTEFP1THxs545BoUFj2fCYjWsxXAlJSht5gH7rQ7cFFmNu3Rv
4dYWF0R9Cb5+JpY7MoAhXk9k4PqgQwn84XUuqdIYPNU/PmB28ObGb3e3zvihZvK5
nHjaAs/k6Z40gQZaAEBFD08yKlMTYYH0F/IO/Aey+mJe1n8SvWTVG0XTFZHm459z
kb9o2JKJmBKTHOPHFOI/dDXfm4kbHvn6T1y70Vke3ORySdHxxTXoEEchkJ65rT01
gJ/cA7EJSIzJ4DpcUlKk+HBVmvl0HX63NSTBEEfWrsWdoEUAktVHmTTMfxnvrtoh
LPnNUdEXJae+0kE+EyEWce9MbSPjsNFddHAdNpxthy04hbvQx6/YrUrk0BHGtzDI
lIdeatVgxlIb6XS3UzfS/DqHx6+FCGZ75ZYM5/IwlYXkNzXXibin6xqAL3UFAGob
kGeAoKE1bo4d4TJdoYafa+9KxU8DH8fQvMrfFBtS9327I4qWFv4fzPG81opU/+d9
kkKOvewfx99h4aMfflT0Y1bs8/mLMABnZiiyPdE4ZDIwoicqGsQgO1u/dRD7pHWt
J9Hv77iPBZMmURHGiRkK0hBxYlRGUFZm/6/Y/aX4vG/1K+A8l2ksWdLpqXRQpcuD
kqIBlcn++x8pyWyY1STAOF9w1IFp5wBHH1fy07yNBDj/xKMufz9j6hrYWQV8bjWV
TK3cb8Ar2Qr80TrUUCjyu+d+37kcsi2uMDkiRD/avJbLPwePFTuJZe7nZYdA1A2s
hxnJyBasTI4iMlxH11JYuMGHouu24u5BbCILf654lR+BIQ1d2ogA41eHPlZ7x3H7
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-and-encrypted-reply-over-a-simple-message-header-protection-with-hcpshy-decrypted"><name>S/MIME Signed and Encrypted anchor="smime-signed-and-encrypted-reply-over-a-simple-message-header-protection-with-hcpshy-decrypted">
<name>S/MIME Signed-and-Encrypted Reply Over over a Simple Message, Header Protection With with hcp_shy, Decrypted</name>
<t>The S/MIME enveloped-data layer unwraps to this signed-data part:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-shy-reply.decrypted.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
MIIOVQYJKoZIhvcNAQcCoIIORjCCDkICAQExDTALBglghkgBZQMEAgEwggR+Bgkq
hkiG9w0BBwGgggRvBIIEa01JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw
LXNoeS1yZXBseQ0KTWVzc2FnZS1JRDogPHNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5
LXJlcGx5QGV4YW1wbGU+DQpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBs
ZT4NClRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxlPg0KRGF0ZTogU2F0LCAyMCBG
ZWIgMjAyMSAxMDoxODowMiAtMDUwMA0KVXNlci1BZ2VudDogU2FtcGxlIE1VQSBW
ZXJzaW9uIDEuMA0KSW4tUmVwbHktVG86IDxzbWltZS1zaWduZWQtZW5jLWhwLXNo
eUBleGFtcGxlPg0KUmVmZXJlbmNlczogPHNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5
QGV4YW1wbGU+DQpIUC1PdXRlcjogU3ViamVjdDogWy4uLl0NCkhQLU91dGVyOiBN
ZXNzYWdlLUlEOiA8c21pbWUtc2lnbmVkLWVuYy1ocC1zaHktcmVwbHlAZXhhbXBs
ZT4NCkhQLU91dGVyOiBGcm9tOiBhbGljZUBzbWltZS5leGFtcGxlDQpIUC1PdXRl
cjogVG86IGJvYkBzbWltZS5leGFtcGxlDQpIUC1PdXRlcjogRGF0ZTogU2F0LCAy
MCBGZWIgMjAyMSAxNToxODowMiArMDAwMA0KSFAtT3V0ZXI6IFVzZXItQWdlbnQ6
IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkhQLU91dGVyOiBJbi1SZXBseS1Ubzog
PHNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5QGV4YW1wbGU+DQpIUC1PdXRlcjogUmVm
ZXJlbmNlczogPHNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5QGV4YW1wbGU+DQpDb250
ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04IjsgaHA9ImNpcGhl
ciINCg0KVGhpcyBpcyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5LXJlcGx5
DQptZXNzYWdlLg0KDQpUaGlzIGlzIGEgc2lnbmVkLWFuZC1lbmNyeXB0ZWQgUy9N
SU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQplbnZlbG9wZWREYXRhIGFyb3VuZCBz
aWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMgYSB0ZXh0L3BsYWluDQptZXNzYWdl
LiBJdCB1c2VzIHRoZSBIZWFkZXIgUHJvdGVjdGlvbiBzY2hlbWUgZnJvbSB0aGUg
ZHJhZnQNCndpdGggdGhlIGhjcF9zaHkgSGVhZGVyIENvbmZpZGVudGlhbGl0eSBQ
b2xpY3kuDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1wbGUNCqCCB6Yw
ggPPMIICt6ADAgECAhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUA
MFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhT
YW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEy
MDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYD
VQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWU
nnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6F
UH4i2GMt4jse2Dqs165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXy
CjNHT82S6DgCReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/
Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80
RuQ3qFC6vL/PGeWy6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8w
gawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0R
BBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAO
BgNVHQ8BAf8EBAMCBSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8G
A1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IB
AQCBSXignLEynBakDKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx
/Ht9Ii6zyBZVjdaox644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOO
oHz53PYDBh4zE4Nar2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3
web/eDOdu+F2MVtluLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb
744gqoeuD9YSHjKK49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWd
NeXzlEc2tUpAr4vRhZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phq
zpqp1zANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhM
QU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9u
IEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzEN
MAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNl
IExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4
Fj5Nmn9PkrYo0jTkfCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNf
CwDcDkY63PQWl+DILs7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7
QMFtmd+K04s+A8TCNO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAe
LqzJOMayCQtws1q7ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7
QFecN7836IPPdfTMSiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1z
Q1Pq90njlsJLOwIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAM
BgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYD
VR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syy
LR0GEhyXrilqkBDTIGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0
WTANBgkqhkiG9w0BAQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6
BdP7GKJ19naIs3BjJOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzco
zmnd6XaVWHg4eHIjSo27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukK
Yr7agyHahiXRn/C9cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IP
kazgPYgkLD59fk4PGHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s
16jMhwFXLJtBiN+uCDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEB
MGwwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMT
KFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXnt
dX9CqaJcOvT4as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqG
SIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwMjIwMTUxODAyWjAvBgkqhkiG9w0B
CQQxIgQgMahPfXeRTJKDWjCE/0llScBMuyD7DptAxoKsAmAzBdgwDQYJKoZIhvcN
AQEBBQAEggEASJuMfoErHP+bowktPN/yJIltnTlZUibkbJxhHPhR5EgNnn3JyMoW
l0yP6nJyH3sBQ2/CIBkmMSXmg+A0PFv3w40fUtX2oKVzT5TKnNsIDtv2Z7J5JRI3
TbATMRmw8VItmPGFCJsD9nXRc4cEgvrvojXSfv6bWp5hCO+8WNadiiGZNdoZduiL
rWNSwO9nQSxuNkqNo+wwaXF9Rynh1ZcazsVopBB4s5XuJ/Zcbbsaci1w34ywNCHw
5xx9Cgj+6+yUsFp33P2YVgdfK4beyoOZK27Rm9e7Mpi6QxUi+BCR/8DB9svZBwob
K7iaKJzRBDxl4Qt/m6VHxtvkTXjkOOD+7g==
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-signed-and-encrypted-reply-over-a-simple-message-header-protection-with-hcpshy-decrypted-and-unwrapped"><name>S/MIME Signed and Encrypted anchor="smime-signed-and-encrypted-reply-over-a-simple-message-header-protection-with-hcpshy-decrypted-and-unwrapped">
<name>S/MIME Signed-and-Encrypted Reply Over over a Simple Message, Header Protection With with hcp_shy, Decrypted and Unwrapped</name>
<t>The inner signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-shy-reply.decrypted.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-signed-enc-hp-shy-reply
Message-ID: <smime-signed-enc-hp-shy-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:18:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-signed-enc-hp-shy@example>
References: <smime-signed-enc-hp-shy@example>
HP-Outer: Subject: [...]
HP-Outer: Message-ID: <smime-signed-enc-hp-shy-reply@example>
HP-Outer: From: alice@smime.example
HP-Outer: To: bob@smime.example
HP-Outer: Date: Sat, 20 Feb 2021 15:18:02 +0000
HP-Outer: User-Agent: Sample MUA Version 1.0
HP-Outer: In-Reply-To: <smime-signed-enc-hp-shy@example>
HP-Outer: References: <smime-signed-enc-hp-shy@example>
Content-Type: text/plain; charset="utf-8"; hp="cipher"
This is the
smime-signed-enc-hp-shy-reply
message.
This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft
with the hcp_shy Header Confidentiality Policy.
--
Alice
alice@smime.example
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="smime-signed-enc-hp-shy-legacy-reply"><name>S/MIME Signed and Encrypted anchor="smime-signed-enc-hp-shy-legacy-reply">
<name>S/MIME Signed-and-Encrypted Reply Over over a Simple Message, Header Protection With with hcp_shy (+ Legacy Display)</name>
<t>This is a signed-and-encrypted S/MIME message using PKCS#7 envelopedData around signedData. The payload is a text/plain message. It uses the Header Protection scheme from the draft with the hcp_shy <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> with a "Legacy Display" part.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 8690 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5418 bytes
⇩ (unwraps to)
└─╴text/plain 514 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-shy-legacy-reply.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-signed-enc-hp-shy-legacy-reply@example>
From: alice@smime.example
To: bob@smime.example
Date: Sat, 20 Feb 2021 15:19:02 +0000
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-signed-enc-hp-shy-legacy@example>
References: <smime-signed-enc-hp-shy-legacy@example>
MIIZDAYJKoZIhvcNAQcDoIIY/TCCGPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACdv0XrIiYwOqFiCZ4pb4VxZQfPk+g7Kb7bD
45v1z22kXFlsbpOrdYsJCfyleCEN88RhU/gzDpyLHY4ESXAJ6fEvKWJn/1kRZEXO
LFVzbE3f5F1N0x0cLKa7r7Au0ryY8P8fvBM0Z1sgZToOL135JiiKm3RD7IKXCLxg
onz7kgGCrkby51sdsGAQgJ6rvFJlmvPQLdmi9YOOYpKiIR6wfAUu2mHOgBdEtsot
k7UfAloQ+AZXA61VSejFBwEWwKMSk1NiAj6S9Nppn+bOzEI/1qQsVJcNNcdA5kE0
BWRzQFs2f8HzaoitaeLQuI4UPjnasy86sX3kl+xK9MCe9iSASZwwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEACFBy5UfVv+8iiNnM1ZrlMISJ
ygBuyl2da1yDyv3d5J9El31g6QoJPllmkSC8loxIYPQGdAZ1OIEDBWV6bkgPGnZP
tL07RkYkNTAUwLJ5Ug2tKADNfkKWOZ4bNa8SbxKDmgx5CtleG2/u3X6xw0DEA5N6
m0s9vDa218FWKbe5wSKAA5mToCzWxEOzLLlKHL/a/7p5njtYxneRj2iRPSAOFmU6
uZ1c2UJDmd58b2JlrUxTxYf1+jJguej0/j2YannWR0w8LcF/jEXrMUn66CuxOLoZ
JdFTc5SmrHnJrjuE0U0jw6SW/R/IIF32XXEX7/4VFltbjzD8Xr/MeocHl7hTdjCC
Fd4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEH1amtLrDCmloM6pbsnGLNuAghWw
x8bEDtMcmKRFaclsZQSooeU5PEKfwytxagFordfhGUM8tkgm+ZIGq7mujmTz9AmR
rwvoKTU7j43XdwbT4QPzFwNZml2ay7z3qQm13qlR1wNNQgmnH/KWiku3iFYzvF9g
O17Io10kAfgcH02XtPxPUhKxNJxrW2fSpELB4olSyET1qpHQyrCf+4m4BK19M6sa
AwqBO+gj/hv2L5TNq21dqsAsTe7uNpM0++gJZqm8MQOdmTQrdOf1wxr3J6KRIB5o
JAFyLHikD5fKyzLaWfLaUPp36lrISZPOHodnHwYYQUuRZaZ30yABi/5KmPxu978A
ad7SAgBqg3ni8VrVKHPz7b8SngjPVWYOnlCjUC9jQlXZOz2mGeaP9ShiW0+Oh4HC
Czm9z6RJ+4B2pkkDtnPvxZnbB7VeMmuJYW88GfAka4HxSdMU34PQioy+egjdcPml
OwIQ059A+mZBDhEYdaNxLjHvbL7SBrV+AsfuwmOUmGgTXVnzRbd3qRqRt8UIU10+
H/vMN1W/HKeWvjsg3RAjFCY5B01CJO/+bp0I7JBQZn2p2Ke1hNTGThUCaVbX+0A3
9ivwOwws48WoynTr6M2upt62lpFqI4FaXwv6/M7UoprWrtppSMdlpFv5Cun8RPb2
ZlOGkcrHxEZJjbCA5uzPu8VrBAj9f0pM4pIcyXBtpboRBRWctlFH+7N6WFN0dojk
yuODty7pRnbpaZyll6GjzByf0hUsyuWbPp7V7moqTYqIMfkrOWWl8j9G/Ri5LNu/
gpuGBrEBhW3VDmya1axW3MegAFu25WTxtJ8lIeE+BIKidtEE3jhFpl46KsG9IPc5
6Ctb4kGm2sI+1O6EvkP4CvMo8/ZGwCSYLCsLwi6OXlRA4LbAHgwCx/UsXNcYXRAS
oEmVhlN9C4exEvVW38OB9KGIjX7ViCxjwaXpPhrnLNnxLWQLBApM58+4DgEa/jlN
rHL3c11S0/HFbJ+3RxA3jCE/CVFeOfoszrUNz/tSLqeoLxyeGixIEutTwIag+5RX
WuIa/vtBI9om6v2UqwgvijipClaFwBZBjZXRDxZjO4wbDgzmXT9uGKSLwgrnOwRM
Y/k0SITHuRKMYAnRqTj0xTqdiUznIMLKCRTlrqejCLREGUuTowoJGgpYLmQ1OdpR
Qx10qrtEG8pCMFm/GS2kdMXvSnlNDYFKiJUkVoIDEzjm43DhpIN5KGQwcfChAGX2
gf4T0PPGHVokXsurrqpLc7Uy3gSajfc9/4VWrALDRfBPh7NsXgWflMc0p5eIU8FG
i3pzph/J29SSN1+JAiIfeSoIdX3k5oHMgHwhKY4+H7U1RX/XEdNsM/twQpeC5Ri1
9WPx7ZcaQKRVQT0vBmIlgJFYBJY45emZcPaKMcN+hPue9Yt2+gQXD8xKnh4IGbZy
a6K+vlkoEpb9VrRhGjSarX8CzsnDlGTYjEfFru+qbYN8XYT8mtSUxbLYsnRo/skn
BcT3tHz4hi3MS6KjJkcnXw98dyH1IkJgYACSv2GjyEGEZpR3wadJP6Jcig9xX8Ga
f1OuyyDwTM4ZsMj8PiB+wd0KN/JmgGU5b1wkTcc8cVlRCmiN0UuqNAHsCO4pn2Qh
yhfdZUO5l8mOcmsZQ6fRu3UbVu1HjZZH1eGjxiPwtGUtBo8mhOQNOCZPbO4a2sza
QBOMx5uVsZoqB//p6oQFQZdv18nOah4T8JhoSoSnObr2NgJYSgLER/WzucP4zk5s
o7LgRTlb+IfTYnw9FLUvOHLEs8AB8TWTpkk8Pto+K3CcUyJMKYjbg/57teYT0T/U
/aYB+CuAatM7HOc03C0XcvfJuZsXEzSdu0Nuw/VYSwibXS7tgIu/w8TsfGZqAdEz
k+mCDx3NeCukg/t4/7ju3NPe8RqhU3lBer4r94jNoPG1VkCVeO9bUQw/6PAVmpeS
FkbJsAB1UTSCimrgZlUxQAnndDFZCdU/rmc8ogRCmHtxrgzGyHt803jdlEBQ6Ct/
rb4PcotIHQALRsc3dyL8BkwxW0N+nuB3Slxfr4ooOv7lEeAvZn/nizGGlxynFynB
DSeXi1NnMt+8ZeX+jQbPDQNnAONzlQG7LoxuFXS/7AIeF1V5MmWsge0n0SL128tj
8xVC0X1NUvTGVKcW73AXZ8V7oI7sVee/waRo7SdT4yzg0lSEzvRepNecB10smdnM
Z7VPXoazVhQJN5QprodedrLOdRD5KwifgrulJsDNHxsMl+cLYym8rx7ajyhofOrk
OcH2PNRyu14o9ts7jpPhghyqwG0P2A18RNHB7YcsPiy1MUftIRExzUZ2VCyYRK4O
DTCk6zatynXBEbr9olQdeQJHAYUF+D53RUJzDD/vTD1TpW35D6xY5s7PxajLaybc
4WMcZwJcLt2u+VznKgwlRCADESBE1XqScu7mfoB3jpc3pepdApHcNj4T+vBX/OwW
L5IcN7wcMRzdcfP1XlHii+WriJk4GM8Xn8HY4iK15csC1F5TxbPIT6r4SVdRoCFX
zpxEoYa3JvpAP2ek5LX+nTd2TZU4WcbSLG/Nn6y4K3KJNR+SuinwLqNrwXbXtKu8
BM7+bshaz35e6klKXyKksXECPS+qPjVkKMSVYoqg6go1VIxqDvPhtlr9IvKjWK7B
4mSWU4ZTaw61bTRw96bAjrjQA5O/pY7+RGxxAU6K3G1BKzL0z4rGCACokU7i/n+l
Rj2iyF0a9Qf37CLg5TQXqoDS+zgx2qb2YTos9MQj8jSd9HKS2B7VIXWJgTJf0ZE8
rlxZZUUx0BwehWBo9fJ1ysBQ/ZCyLV5i0hY5/93Jst8Q42ohT/Jjo/vxsYbruUdR
tGjePoIs0zY2i6pAhfx816/x5ULolpKBAhtVNByiP2TMDZ8FVSM6JmciNs81nnlV
AjDixrjl5PCY5sfW/qGhVp+h6PUoRjTXS+ybbJAzkVn7BAHli2sdW7OvS64yJfxn
2+nj3J+VpMrnH0YbaDzIcK6G1cCN7UaZolUcfgPdYQKdzogyRxBYgr3eAMEUwmrk
Gu1TLSrLtloSb+w/+mkQDg5LkidqVPpRz7IqlDhWVuZXI5ntzEhY+7DWJEocKSkf
n8vpIecLWn5wHTaGsjTzvwgZma/o4QDJrNH+pcFj56DBxVR0B9DyUiSBOrZGU/kk
ts1FOaFYGBg6xvk0S9qFfevizRZ4DTY+VZBtLpk/tvYU864FnSkff3ps3W+bEmlb
MgvVAW4UpLgVGe20V2z6QmUm+DRmF4/MXSmRJTIEv2eonDZQXZ2/16KaxL6RUTNP
d+ZgU1ZJfdvesVgoZCZQ/F3lsDlSROqDgufQsaxvbz0eVCTgSEoITfN+99AA6p7t
xmBblraAIfax15zG0VQAvEBhWZzqkJzdKRr57RUW/UVOqBKgYegKxBtTjdXHgRE4
pwr1kWlCDqF8GUjC4JX6oc57tQ+Wf6G0db51+jQoJ+XexKUCgyJFj942795Du47E
tzLS+GswkD0kD2JBz9fXj9iAg06RvN6clJhStTOFj7Ila/6DFL+GoV5d3TCNlZ4g
lYv+hUmiW8RPpZMSGChWdTIrp160ftE7fpHR/M0cNBO6zB42HtXWgJzGyr3TZ54L
FmfUEnklbvExdmZN/0G7eI04ZIZvQKZQYl8pSMQ4kZ/8hEHf7BkeHznadb5FGpS6
+ZTKy/pT5/ulpeyMUDlu0e3p4axhwGGaUnEpNRdUOhFT4jiil/hZzO1GN4GCBDsJ
Ok258Bo9xVHOeyDneHVbn6FKWkgASGGBzbJJwCybiEJIM/ixWgd36jg7IpbO35Fj
YPZYoMQjYGyyuq+PoNPlCj6k6jU3wYIbRoNpXso6eacAq1z62l2lWDQBdSSNReCq
gXeX/8S/qVXEGAR4Kju/MiROou9yx8TvWAmJ5RHaiOkDHdFvxRFbXjf4GrVMYpaz
gVLgFuvn3Imt78IYOu0rb53GazUYix9qEa6fdWAHK2RXrgJW0YKtlDRfZTYgjVOY
cdf5kQhYRSAktDOSB4LncLCTY6KDhrkrMshWgCOYgikhoe44enEPXKhWM9y1BVTO
ZvCjYR2uQ4ryIVnpinFhPhT8kZwqdia2mfiJpXmDMClDX+XV3TWTsMWrZ2c93miv
0KfaMJDOiFWK+zhlQrJ3aKpa1iR/+M0YkrxKxx1qOGz4LW0rCn1b2hHjW64fqq/5
rJRFcC1SQM/vYqtk0U6yUeImlfIoRIIUH++f8vd/7Uv6AmOOsgKEYp+pkhtl2nPQ
MtZ1NHw7oNmnLi4TeJbtLRU2M/7mChrL9C6BVDP6CZx7F310RNkxQ7wHapVSiU+A
LmL59uxWzXSyESQYojaV4hcM4pDjzP98X/N/qNwJPnY4K/LVacKBz8GZxi3KOEBa
nWxVlOf8RRpvi0AQb/t48FVGAVzC2Rvfg3MMvrmKMv8SXh/Vj2IsYuhDME9ns1P+
eJs9DCLp9YwJYpnstS6MRT9xcPwWAHT5PwQbqTlTFvAJgKL/UjxYlsjwP0Fa/aCk
CNlSMVHVgQSSAbaR6CN89Yok0tnDJ5VSG4X8CKbVQved21D2UBXPSoCsnuvgw3/y
jc9n7EyD+JsgmIZpbvQmJcoqvO1gxjmxPmFuM6Q4RO8VIY5FHoQZIArHo40brgZw
gpn4WjpGkyWBVunGsBX/WEhNoPlpvNDZHSmH2/j1cG5QWrV0x0ZRsQ/J/cpiOSj0
Ez4ib/yQaZWdKYtGd9SBBvPm4SslOaLm6eSLy88bBDJCRd8j77RMgjZVYzEMkjCV
0A9GHBX1yPcY5X3bxS3+D8QsyjUPNDDk1rwY4MNby6MsEsdwoZ+qFFWLXjzlLW1p
wHYCM+MH+vXwNlxBQE35FCIoNrBgzsuGonDoiawtcZ17LBnHLu9O+mZOw5E89ukj
NvqBY+Xea1jc1RjwAjD/aM+GKL1V7IoOsFwHZYSVADcvrjWBEbqu8Uaahb7YCh+D
5cY36IlaKvWircrjG4ZRLzI79e+lutD6JWASaQMfpJwP0FrY3Rt+KdSf1vXS/EaZ
bI+C3h6JxG1cOW1lJHG0u8rWVNQkN7uYVsw5IBDgUSIrOl5No5hcFbMrslF5X5XQ
lA/4tGJjT8tZVuksk2+P8Sq80Zs67Bsq2J9envNQIe/zXiBacOfpteUnQOBjH7Q4
dTz+NnO0bH4fQwg2jPMjArUvRgjexG0DpC/hbBTX1PEhez2djjXjbsbEoS5N7MwI
PLrI1F9yBhU4I/ZPVVqEXlOrSbgKyyKxzX95jXrfFplFVW+ch3RxPFGVk1gVvRUi
GmwNAjVQzU8rzJtzGKI8aWnQUfwpvEVBsXFWzn816oQxwfZR1aIHHKRQ+aTXyzr0
u+20U0DJP5ibVwSANUbbEcxG0vh1hJDbPGa+zhy+aWIWbAiZFZPHENPG4g//iww8
ol9NavfvvZMhaWNX5jfBr3j4mMCbRfMfq/ZgLtiCfQUXKraVQrDxSVWqzxSGMGm0
iQHoKKEO08DUvFQ6YlJse1N6MxQnL1tUKKPeTE90mXescLZsUg6lf1Z2NaBIVNoG
4UMKGJ1adznOKWVGZxBr/GBcQDA9OYTOOq/ylxG0hZetGixOGQYBsJx3U9fdDWYm
4o+nmEFhH1sr5QvSAEkho8uCZxTXx3zxh547nzzCibuG26uhGpZ/xbFA/PpFvkai
6tXDze0uK2rlz+gf8yRn1Yl++Lq3SFNrK/hisAGY2P3vYSa7p3k7cI4lfsacX7AR
gmkpCfY3gLDLHftoE+XHHFGNwoWo0mkiF/gViRv+rj2m23jtzs2RKckiDpHPryBD
6aktHPrs7ie+4e4Gj/8LEdp/czOG1r+QdhMYANSn2Tls4lQNu72i0BOBeVBszUaI
A1bEyVW7eOXQy1dqTkhTkF4YgoWbxi041p1E1hjGs3lkRuaSkbhW/JDJ+pWEmJwx
EX598fgRN/fnedEElqn99ob4iifPbRWl4gk0n6Gb2R12yzx81U1AJesPAPzwDiPd
rfp/JM69QgRUEs0ady10Xi/LOXehg6BBqcpVLPXtQykK1Vh2n2mlG0szjI2AHxWl
k5EDLIcoBwUdp6UqqZIt2WOtP1o/KT6xvb7oUBbHTDUt5gYrBOwNx+FSAW3MEI/k
zA4zZRgl9cPTSG3Om5dd7WejVxw7YLCd3HULWOCYb38id9//QmEPxAZaEemEFslK
WAEwKbqoiFi2fkTPjZlV+4a3wor+ZpjR8itnknFqMkRGewklmA4Q1hH8cW4L+TJK
5OA1HI8vTeigu3vog0nd8wlRr3hy0zNLr5b1QtpAfv+m3gaqn2DjHNXHU7aYsna/
+fZ5I2Kx4ja4vyDcx+vIEOiJVZ0SabINF4hsAyyF18xdo9Ox/rapKhF4HZcTGi74
YHw30ig+ddtvtRrdpfuZKW8OrEVgmvhIc6Yj/oVc/lTflJ5BEZA/pU45dH3NLWWo
gWqivq05ncRgbqPVNJyjY6XBELWWonQesu0TTq4PGESxKGeSBE9h4S21tYNhm6Un
SDm33C36ARtOljuvdELav8B1wqJNCjNU/PCPUI23txYMQP4lM6RkPWjNd9Z59Zpn
hgHXs4nF7ZWnNxEhnG8MN7D+kXG8UjBdQwyAGwkxUl0wPEbMcwkj0bmBVmEvWUFg
5MoJjt952bgNTa4tNu0UDzKg/eirLXMnlxgwE75ZHeMWYj7OJmDl27UDA2zy2o/U
gU5j1ovrtdMqsLtd2g62ccKDlzDJCVn9gP6nN/KXhKBQRhLATgo6a1lmyd3GNA12
CGizsLjg+UImbJkFUWp4eEZr9E7RcdJ6lC/Gs93K4aq/XbhJMdjfQXWLM03ndF9/
r7Cp3Z7TW2emivxYYCk7airndOWeIdZrwxoACNTQ+6IeD0LSet6iMP2EiLRRgfOB
2eU6X7yMWvTwRYbByybrKpqsM2moy4IpMS+DgaThSVxVHf3RbFvIXPUmhRCFFkS4
lmmm2czKN9wUaBLKcmeynBpRaunt9n0uFyWJgSbekqw3cet82vu9MOPSmM2h36UV
WgJDktehhr/gi23ON4kavEwGngVIvlq+Emm0SuUmKacqdaOmATxUhL92IA93L9pm
RvT6xARWsy0DrG/r362C6PDwp1fsTOQju6LkhFAOAvqDPKk+HOIjgBtkynHUPGwv
8EN9Gx2SWwDJahAjPoz2t9kByC7PdG9qyGAAAEU6G/wXjshmzgw3jdw/PRmfSdNs
gbky/4GGewNl06WC9c+6qN4ldDff+m83ABgWonCuamerjlaIFFbfBJEGX/CBz7GQ
QpfxuAEbhi11UloM77povWS5Cl8e0GSD2t2mt7E0aLgMT+L2TZXQx8lZmN8sWQq7
cP6aK8FpkDhidLIc9fneWucvMH5BKXx8em3ug4Bl8MUABR4K03ebuTLfDH+FGkD0
HNeqqUVBSzDveFdaylcw2HkJpm8D9BoC3Y0n/WMW5VE=
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-and-encrypted-reply-over-a-simple-message-header-protection-with-hcpshy-legacy-display-decrypted"><name>S/MIME Signed and Encrypted anchor="smime-signed-and-encrypted-reply-over-a-simple-message-header-protection-with-hcpshy-legacy-display-decrypted">
<name>S/MIME Signed-and-Encrypted Reply Over over a Simple Message, Header Protection With with hcp_shy (+ Legacy Display), Decrypted</name>
<t>The S/MIME enveloped-data layer unwraps to this signed-data part:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-shy-legacy-reply.decrypted.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
MIIPXgYJKoZIhvcNAQcCoIIPTzCCD0sCAQExDTALBglghkgBZQMEAgEwggWHBgkq
hkiG9w0BBwGgggV4BIIFdE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5z
ZmVyLUVuY29kaW5nOiA3Yml0DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWhw
LXNoeS1sZWdhY3ktcmVwbHkNCk1lc3NhZ2UtSUQ6IDxzbWltZS1zaWduZWQtZW5j
LWhwLXNoeS1sZWdhY3ktcmVwbHlAZXhhbXBsZT4NCkZyb206IEFsaWNlIDxhbGlj
ZUBzbWltZS5leGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpE
YXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEwOjE5OjAyIC0wNTAwDQpVc2VyLUFnZW50
OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wDQpJbi1SZXBseS1UbzogPHNtaW1lLXNp
Z25lZC1lbmMtaHAtc2h5LWxlZ2FjeUBleGFtcGxlPg0KUmVmZXJlbmNlczogPHNt
aW1lLXNpZ25lZC1lbmMtaHAtc2h5LWxlZ2FjeUBleGFtcGxlPg0KSFAtT3V0ZXI6
IFN1YmplY3Q6IFsuLi5dDQpIUC1PdXRlcjoNCiBNZXNzYWdlLUlEOiA8c21pbWUt
c2lnbmVkLWVuYy1ocC1zaHktbGVnYWN5LXJlcGx5QGV4YW1wbGU+DQpIUC1PdXRl
cjogRnJvbTogYWxpY2VAc21pbWUuZXhhbXBsZQ0KSFAtT3V0ZXI6IFRvOiBib2JA
c21pbWUuZXhhbXBsZQ0KSFAtT3V0ZXI6IERhdGU6IFNhdCwgMjAgRmViIDIwMjEg
MTU6MTk6MDIgKzAwMDANCkhQLU91dGVyOiBVc2VyLUFnZW50OiBTYW1wbGUgTVVB
IFZlcnNpb24gMS4wDQpIUC1PdXRlcjogSW4tUmVwbHktVG86IDxzbWltZS1zaWdu
ZWQtZW5jLWhwLXNoeS1sZWdhY3lAZXhhbXBsZT4NCkhQLU91dGVyOiBSZWZlcmVu
Y2VzOiA8c21pbWUtc2lnbmVkLWVuYy1ocC1zaHktbGVnYWN5QGV4YW1wbGU+DQpD
b250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InV0Zi04IjsNCiBocC1s
ZWdhY3ktZGlzcGxheT0iMSI7IGhwPSJjaXBoZXIiDQoNClN1YmplY3Q6IHNtaW1l
LXNpZ25lZC1lbmMtaHAtc2h5LWxlZ2FjeS1yZXBseQ0KRnJvbTogQWxpY2UgPGFs
aWNlQHNtaW1lLmV4YW1wbGU+DQpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4N
CkRhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTA6MTk6MDIgLTA1MDANCg0KVGhpcyBp
cyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMtaHAtc2h5LWxlZ2FjeS1yZXBseQ0KbWVz
c2FnZS4NCg0KVGhpcyBpcyBhIHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMvTUlNRSBt
ZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVk
RGF0YS4gIFRoZSBwYXlsb2FkIGlzIGEgdGV4dC9wbGFpbg0KbWVzc2FnZS4gSXQg
dXNlcyB0aGUgSGVhZGVyIFByb3RlY3Rpb24gc2NoZW1lIGZyb20gdGhlIGRyYWZ0
DQp3aXRoIHRoZSBoY3Bfc2h5IEhlYWRlciBDb25maWRlbnRpYWxpdHkgUG9saWN5
IHdpdGggYSAiTGVnYWN5DQpEaXNwbGF5IiBwYXJ0Lg0KDQotLSANCkFsaWNlDQph
bGljZUBzbWltZS5leGFtcGxlDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rO
QlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYD
VQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQx
OFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMT
DkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
mpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB
8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5
R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJan
Z/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9
yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJL
AgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0g
BBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1w
bGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQW
BBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2
GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD
5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GD
Eu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8
uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K
9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpi
vNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88w
ggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTEN
MAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBs
ZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1
NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsT
CExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6
WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZ
WleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CR
Q/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3
nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0
nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAM
BgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAV
gRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud
DwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0j
BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJ
ojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnN
vOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSi
oQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4
z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2Z
PRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH
4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAP
BgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFl
AwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X
DTIxMDIyMDE1MTkwMlowLwYJKoZIhvcNAQkEMSIEIDUClbNj9mKYodH3vCGfNVpZ
jSSWg3QZ6u/dLxbyfbvEMA0GCSqGSIb3DQEBAQUABIIBAHqRG2dp61WFSKrkBcj7
sVy7SmsllIQUOl3EO23T5h4PcL8PjggAJi/GHWaEsGviQEdS0QAbljEnzd2wjgn0
QDtLBAfpQtQR0byQGTzpg7y9Lt5WnuxQaZxsBPvENqeYSFesUVlW1JrJGXcqLH7U
cu1+bdDLEe0p2ITtazvmgJ5NvoHkucBk1v8fwW6uliGJCZC0Gf9WJDP1qay2Jexy
/TUzmr2Egnxq71WlAVql2kfUOfZkgALFRzhaHtonrST83I1sLK9ZxB8ZX8vJX56v
5hHRzhuQQyAVgOeVz7skKIb5ODfBHqJ1vEzvCjf72BgQLYGEzR6hmPXW1Ml4vXtV
lIw=
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-signed-and-encrypted-reply-over-a-simple-message-header-protection-with-hcpshy-legacy-display-decrypted-and-unwrapped"><name>S/MIME Signed and Encrypted anchor="smime-signed-and-encrypted-reply-over-a-simple-message-header-protection-with-hcpshy-legacy-display-decrypted-and-unwrapped">
<name>S/MIME Signed-and-Encrypted Reply Over over a Simple Message, Header Protection With with hcp_shy (+ Legacy Display), Decrypted and Unwrapped</name>
<t>The inner signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-hp-shy-legacy-reply.decrypted.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: smime-signed-enc-hp-shy-legacy-reply
Message-ID: <smime-signed-enc-hp-shy-legacy-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:19:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-signed-enc-hp-shy-legacy@example>
References: <smime-signed-enc-hp-shy-legacy@example>
HP-Outer: Subject: [...]
HP-Outer:
Message-ID: <smime-signed-enc-hp-shy-legacy-reply@example>
HP-Outer: From: alice@smime.example
HP-Outer: To: bob@smime.example
HP-Outer: Date: Sat, 20 Feb 2021 15:19:02 +0000
HP-Outer: User-Agent: Sample MUA Version 1.0
HP-Outer: In-Reply-To: <smime-signed-enc-hp-shy-legacy@example>
HP-Outer: References: <smime-signed-enc-hp-shy-legacy@example>
Content-Type: text/plain; charset="utf-8";
hp-legacy-display="1"; hp="cipher"
Subject: smime-signed-enc-hp-shy-legacy-reply
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:19:02 -0500
This is the
smime-signed-enc-hp-shy-legacy-reply
message.
This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain
message. It uses the Header Protection scheme from the draft
with the hcp_shy Header Confidentiality Policy with a "Legacy
Display" part.
--
Alice
alice@smime.example
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="smime-signed-enc-complex-hp-baseline"><name>S/MIME anchor="smime-signed-enc-complex-hp-baseline">
<name>S/MIME Signed and Encrypted Over over a Complex Message, Header Protection With with hcp_baseline</name>
<t>This is a signed-and-encrypted S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Header Protection scheme from the draft with the hcp_baseline <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref>.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 10035 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6412 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 2054 bytes
├┬╴multipart/alternative 1124 bytes
│├─╴text/plain 383 bytes
│└─╴text/html 478 bytes
└─╴image/png inline 236 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-baseline.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-signed-enc-complex-hp-baseline@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:09:02 -0500
User-Agent: Sample MUA Version 1.0
MIIc7AYJKoZIhvcNAQcDoIIc3TCCHNkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBADDPZm+dVU61KX+lmXLEuKI+W/hu1Uw0QmHq
Vi5HfM9uo9AMrXVl7PG2YzA75ItxhcJMjf8TwnKlA0YbrwGnhJAodi9MHCR+nqdY
A413rxKHU1hcJLn8oWck8ypYwzs3NBDJi7F+8aBmfEolG8xn42o5B1FlKCnKMlNg
NBTQpqruLd+n6iin0vGFPTJV7PBDdcE0VVeqiIoDAsZaTp25PYqEKSsnCO10zRF5
8v2BEAX6h8EpjqE5PX65JKus2NAjnJioN9eUjCQ6mn1XPBw4UYJEUqc834+17HcG
FjwDXIoJY7XuSNd2brm9JFYSmlyR6gzz3bRgIUqWYgjQhqulCRswggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAmxXv7vLaS7vcshZyoM5wgRsY
IUF4iPK6n1BuzbCZnexPwW5TGghgsO8zxA64/hzzqEwbVneZIfcooIij4bdQZx17
nbYpLBCC1Y35+gtsiLGgCyUvqymH9jg7znq617FNqgD6v+Oui7OF4ZX3t072I+4I
HDjfFLryn939vUwMpmTPUQ5Y1ZqKTNjM2jdDQ5/lJ5ndGYcC/wi1hiZt5mz44LvF
npGAXXVRn7bcYUtDRsFuuSmHbckCnbeI4C2yUOc2G6fmyHuOnpy5LL5US0hODca9
pMV9dn6cJH5T9bksl2eYiPGS9CrixOL/U+fXHmVKsyzm5cRU/CB3rwUDnLen0zCC
Gb4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBzMZlGxbLgauF9sIia9KrGAghmQ
avkXlQ62LNzHi7NtNtPLsiqIrji1UwDWe8cYPupsu+3hxQZRVMDHjC1ygNsK8BWA
P86t5gJaORrI4AvyO//4bEzZM267YRWiC3RgxM+p3DB161vETc1cXjZu+7qKJMdE
LbSH9iLue/iNi+xQxD0tGYVzuYPwHypts8br+Cs3Yda3aWK1ipJQUuCILbDCGvl7
ZC5eizwGufBEhje17iJkgVDyU6sAY10E38YFL/saDHjtryJLp+c0cV7R02UEmDPC
Jf/BfdCknCdo7gEu4lZitlkcr2T1h56IAyK46iyPLXZaZua5R8He6/MEdC5Ys2a7
gw3FwSgzjUlxOzIRtGwCqDk5dc1Up7PLOmeZ5PLaQglwB8fXYDkv9f/T/Sh0uJ40
xc/pcK5yjrcpFr0pVzcPVurzBpWtKwRNjiRnwFGhJafPfldxJf96WtgkkZcJNDmW
11yO5SwWHRUd5OpVvffdqipm88nL9tVfp31Jy3jbFR+7XTRPUy3QJ1l7d97aO3p+
aZLKXhgvMWN9R1MzqtF6wihpmPccLOX3Bd8bIwuGFeyZA4FR6iXicdql7nXWDSzw
1Zakfbe4EbKRg0yrRb9X9iMaUBoScwByEopp4jlGex0hGD5omujbvrd/tpR5amqN
Q+cY/J33oo8v5auCWQiBdr3NK9jG6dAyfXrhcvpVi/Ay9sSMGewApCTXkRRibbNS
jY+2szt81uo2Nfp4FWr36rfNmE7KmBHXWTs9U7ZW5yYJvBVG9VZDGk+7vt/KxNqh
JEXdQlW/g8XmuYDqtnx9VL+vAZqHvKkBqvSZqsTrEhOIJ69e4wTu+2/f5Kv5DYlw
pas+TKxRN2VZgGaLx10Jp1OTkyY846t4iud8pVR1v3MxuMSzS3JF6R+Ynk1uTmtD
xD27uKFT5LwS5+jvLOy/a6zk104pr5SvA/EnGJrVnODO+Rszw2JWxRdiE2Cejk1X
zXgLIdDvRF/tytRNN2UOhypvsdkZdjRT+MrT26ypkJSPEA9a/0LdiylkRJuFW0Fh
FDYIZ4TljFMkedTktD+O38TNVFE42LBF5dTm/ATz0Be00YQgRC+QSE6O4NEnCZhX
Xppkk1sFoPJvA8AAZANQyZ10wQuFZA/8S/6mJ/15Fh/pr8c/NU4NyM/vC1T6Pg5f
ZMFx/anra7iUCSyn6Muo7t3vyevh+QX0wn6aHWWe90NPsuLFd25EDYWrokrPo57t
/538uPU47RPCRKtG0tqmuNplh/8HshhP3e9082WKPyFaFixGaVVmhMjzU9+CFGQa
d6oJag2uudjv+e2mpwX5Zm4lROlIO0QH3ubhaHz9ZCU5S5Hckwb2yIvk81gFqmm3
/ykRWX30gl1J4tfb4+WpbcJWYsckwc8mvGizDEQTu6oStblDBqJXzeB+PdXlLZQZ
xsbAc6xRFyD8CJBEhAEzwQ/y9tVG3hLbNhg8IQ1XMCrVp3EypwDRdDEIDnIP2HUS
Iub26/ZnAXwzCT7jt5WGjsM73XHMruiL/4nwSGv+px7Zw59U+D7w3bxncqaJHUPe
jUxBIJadRSUkK0UgIMkshAQsCB6GyTcvddolFZF+keE+cyvn1wKa/pUPBYh1Hwmy
LZ5Niko2jqyuuufTAgB+u686Z7c36E3N+1xGUS6BQIoTKulEXmuvCdwC1xjmC9Hi
uHKb8tvlFaHfsp/Ilo2v8GgIL+pkJsZeHww6cM80qtuJKMMGz35SMdrMbInYK+4U
OdijBsBB2tCk7m5aRn6HVff14RBZDsqN+5xtuPYaE5Wmie/NMTOlKhvuc9Yp+Xl1
rvIe02kKZ5FjPYW5BQJuj3gJl3G6Z7Z9qrEpgqK6XtkMvEjxUbzd5PuhFDklPd9q
PbXD48D8LO3q1rLScuHgrRTaSXy9XfYRvBaNuGrGfD07ucM9LqS3Ugu6MPyV4wPs
2bvQkybHmuav5M+szPnyUVnYvS9LmPlCg3IX5YshrCyVYz2w6zZRF4J+hI3zIkla
huJgUoGumLSlea7qTwr1GS2MuaUfe5PZMn16qOaqXTMk68yEM4ugI9a6O33MJK1o
OTkWQvXFRQpb36NWAVHx5rGlk5+LG0idxGFjyI/AUcpoe14h98QtYROjas6UOIDm
/CVjFKsrzCsyWPjlxL1mLoe+0J8ErFY5X0ZHGYIP2AvgpTMZGReC9X5FZKeAs1Ny
WjiqUjjsxW7f15ynVpdHH2Z7M5rZgTdClC+sxn6qPq2uaOAGeMY5hQR8MfPX+aWk
4I62uThfl4lDECunGX22nIcsgpRfuW6ylmGlkpNZDNGf/ngrEkQEj4uK7CBx75Z9
jNubdl+HYWUQEEF2I+Gp665beYQuF4tpmI2Bh5TTFyF5+0Uj/DeEB3Ol6opPG29i
b4+cuKXFbF4F2ShtKqyO033vVeWKmDyB1TfcmWJx6Z/feQKrVRKJsOIp9KrsNVYo
K+xBtHHnnPuJiQM6HUsA7ttPpTCjQkMWz12trAvGOEcKaXAATfQ/upTBuk3NoiAo
q60bS80irMm1/W63hgPILubiXlMF0H1pQ/1k6FoxJfT8jlcXM8xyNxufux0O/uz4
aTStfUW85RzFBa98hoVGJrg/bKXH1Ffc84Z2cc7VMqsAZZcyKjzGIBso0MFTMN2E
JsTY0HtF3hzUcV/KrEU+4m3mSSauUpudyR4yLeFmPN5Fc4l4MYhh+vU+S/k4AQwE
QChtthYZmWcmhTu3Nmb8IINWLpUT8m6upYy9/YlVApQP4b4HosKdFb9ZTW8FXhhB
ASzt5f4G/cJhw+V2TahvFNyWGMskArEOsrv7Sg9GNRv7IBSGCB7g+c5A3cWBWGt6
xIy+HlHz2wxaIip+A7Rflw0plZjaxRq9hCtMEXM7pq4FK6MUzs+zVR7ZjFD7Xp15
SBlLkr9Shfo915mGbAvjT0/zNj87yPu/6IiZ3BXTF4mXJFh8LjRSf3WaFLmDGeZt
iX6y0U7wsLbkGLHOHvwMDCm7an8fUyCTzpOC6RwiV6gT3QOFhxj25OyTzwIuETXW
3oNSq37nLwZxXzj58jgsDcjPysfngGTld7PxDzRS3BOIk3YbDhCgYXYsy/Z43zmD
AqDqdoh8ab1foLtuiFbYQC+Ons9eAjbLzqdRzXJMyzKWQXkmzNM03TYx5Sto+G8D
tkv2bPbImfD4ElirDT7nquY6hBG3p1O7qUiFsOjq6RS4wb/v8TW2NqXwGoCplSHK
zg9MuzT+srDCY6qSAePqy2HZ3JnAYsk3Bs0oB79yWYLXkYzgeMZADP3C+ees7oK5
sA7X+LV9eA+dIjRSdXsAlnzviEhM7zSq+82V65GqcvNNFZYqkxsli67Kciy12XxU
pKYAc54MdvrJurCWVp3tWvKsqwdXXlZyrx3/a/fdzsiTD1k++REYhRTEwGkyZsK7
okSoR+ZkVAIRv4vto69DpkPmUX+M+56Wn/nmV3XZQ7IQ5CuF1XutC9NXF5mvnnnI
jIAf9HidAV8Xf3+ru0WzMxGzVtkW8qzz5jqJtDpYIa/IJDRC9DRLWaqJ6a3+c7B+
zbqggQd1Sikha96oqoQOC6ulcjWt+MuFvzjcICERkjFpCAgsCAAt8C1a+5ImnlDt
VNfZwvhhnfICwV2BRQDZl00flQwJTlSijK3cRO0OcgogL28a4ydWqVDO7Zmp/0bs
CRUckUdhmLd/vq4ctF+nsRObmtYQ8+By+QoH2NmWkiIyKatniZLBNnoWmQV4rqkz
X4MJxJlQkHznpxxYVJNvvBmjokw9OFeSkwfoAEWUzIi3WgY2TKAMI1kKj0XCsPSh
eFcnh7+HFHGACmBcpJpO7nWQzbIZNQzXFAdmI/jLTJ15SfDiJi/xfKLb8i6Vrf0q
6tk+90HRy44Mni6wCvg8fVJ+fY/UHGpwdWc33r5W/1lLJbo2QugsGkNBO0m18Mz6
IerbrP659NsqYgfXf1GzXQ5ySkkHL/YB0taljpMiF+MYTLbGu/DlxMG65nGyNADD
wbTOY0s6PeeKKvc69LzjugHlA9hgFhdGraNq0LIjX90POOkWbwFSmijELEgbbspv
UI7Oy+0z8iptfSN9P05V5blSYEx0KK7C96tKXcJgCmZlTnuOHJueoaUW18s3lBPk
WFX840ORfcxNHxVn62SQZJLP9fmOAHW5w44ZND5n32U/U7gqNxPZw9bbhsIWufjc
UsHZQns2Zoy9z+2D1f6zXRouU4DxkhJtLZDubYqyFO/yuYeG7P/1nmIzcmQXUX6J
G1BSZGcoFAuurvfJOOCKi6E90pmXPFxdOl0kMMXWFdnDiAa1ND4HpWKCo9SevZsx
0dxl6xFbBNm+ryjTm0pqzpHPo9EOwUdkol0LuYL/pLFE9t2LlGu20ILRp/gZsN0m
GNpTZkP3aNZ8y9tg/IO4DbwbdqYJFyEKmZUjxxdxyBNj4TW4Ih/HisVfsByRJn4e
yMGexDmMrxXTetCfMAISTPGk00hPFZRBLUXn0kOgefXln25xk2XqpgHFqKF8zSHk
9Ke2joNowVQjqvxJ+0VYgX0a+JjNS/x8p6g32HH6ajzHxQDzV9VFqHqdiYFB+ZkI
6ZTSLZesnOjxDmWYH2DQXJLwO5FBeioLJniUq3BzbVcilEZg9erp9KCuM8dZ6mkQ
olZXmAyKG5VSr5Fw3NFTCtFZ29gFAbkmAXHannZsGogAoAOTVegTgR8m9+jNNElb
SBKUxEny1EUtLlH4KaxDZqzHQtwjLldq+b7XZ5QsOG5aoq7UhbpkQboJZesYtqEv
+Xaqccw8InSNzUhXcgo2Om16C7OuxlBhF46kxcccmWj0G2sKAL8t4tp825bvJMmy
fE3b+DH120zVQ6AfX4ZRpjDk0Xxc/5h3SX2CmbkO5kedoJrh+USO2uVYMT/TAaww
BlbYwr3R0ikSF7dZK07vnDsvXV1MDZ+6iQHnLkXRmQxMYvcMoyp5uKdSca3hb8c7
lrePfaI8PG5+RQ47JbYjjg91cRzA8GC/l70KU0naxalgvf9FSsl8PLCjmCNuoS57
FB4+JC2u37iGmsDu94eUODwwzrBxzM3I6HZDAlhqTrABLztww9E/+qc43F/L+mgv
ndic5HuFseCHRilbLq/SrQdzWH/t7FYuke9mwqJ5fMozW/TGIGJy6kYcMWx4NGcs
Sgq4H9waeqVdpUCYi2rnBobfxwPp+iFzJLFcYyLYjKB4lPAZdn49PIO0o2cXXMKA
l+B5qMwIumPe5tx10ETUes8wW6Ma2BuuRpjX9YK/mwICAyOCmrUQ9P3hCaKdvkuZ
oW0h9bdZutmK9/eByk8ecjc1aYLuFcAzuLc2UHNhvNpqDntEhcxFOLhgO6FBQVry
n7j7NSc3tTR/PoyMmDXHIubDi8ACm126ju5ioyVxep7/DUzfXAAXY+XI1VkTlM+D
xwG+OZQK1hl6OOFqypmjEhcALxUcD3jxJcmnA0OoYNV+j+CQj2xi+To+fY1gMTT8
6BCg6dT2VwAJoYVaOzBFnFvQ219OvR2EFWnJuLBg28XExos4/4MS9Z6t9thWcu0J
uVoDVjkGdeQcyuG3Ey1YwSnKxapj+ZtQn7m7rR2YTGndDqVLypXZn0SQyrcamlgD
C0/+iW7fbnUevaruDyyXaz+Mlxv2KCPhP62qeAInbwWMdxkVBL7cWLymUZb6i+A0
HkraXcLbadGGjmd7sgoZRVDQzxj0on1B4iIgWigZ3RS+4QLf8L5Dmr3tnvslyeG9
OvtsdJaTJ+jGtUE1BZ6nyOusflL1k+t/PGrkBtv1AFsLu2YWvxnP5Ob1HsD84YXv
XA7ieDsgXXDSwn63VAUhoaMr1hhEFl+2JFwqDx9v1ZMwnmNANJUPT3J0DYKVjBel
nRZeOePzpYQGXxJapZhYshsMNjQpHieqm/yyU61i+NXuap6Cyqifab7xRSc2TQza
txISAuRxg1pfTu+anSmF33l57w3YFttJx/KzjAImNvVHYvAg3AYd11s2gaI7H2bh
MHvkXs2wcBimKSqkanMmzZ2Ds8K1OYsECcvqY7l72xEvxG2yhETAwiuXXgRHy88L
WnftnPJ+x8aWISWCoY7iGIdWTX9nqgd2fvPx76ZMgKDYYhUFU6jhRl8HwQQozesK
2qgMXy+tsMmO6pIK+dtsJX5vtr4FHVq12dE/2VsHqzfOu/dfJSkTYP4qsLZw9RRX
NfFCAnV+ZSrCMzQNS2B/1d6Aa92PC42QYxGtQebmPnzSvBpSbGAaFoQDVF4wCaY6
iRUegB4a52zfjEGmCjOYlllOW89ep113frCrqdual5qPKQw3XvAtQg9taTGM1RW/
kqSlw2ThmmPdik4/JriXTJYBP80b80FQBYFxbrO3H+6cxD9F8YcYCnQQ6RngA6xL
ZPGH+galIYFnp9sOX9iguS+r37pBoPWfUfXIrzZpoYOKL2npgjf9/qdWTF1MzMDZ
PbavWCdWOk4ZUksf8QlkXEoa8Rao87yUhxvyofcKNoX7UE2PBanu0BnvsGJZQq/y
6u9nNm+aB8gSzGaC/FQ5mRXvUU+3SmLW9oWrOD38HEQe7wtVUchez+NQukZfDf8G
uOuE6vBtXtHixn3vZa21Yp+rWpR7i2BOsKGMeUzKLsg9UvZkvfwnP4+zuZvffR58
82nMbLStjTBOZnqNDkLhIZueXGJgGXxO95kkqowlWv8QYyp5XQy2HaGjaULGB0Yt
VyCF+7RErqXvNDycnIc3aumJ7yJ5wygor3/z+SgEqVOE4iEkjaSvsRKard6vVdCK
KQG3LL6fKwgGDTdP+08KKXLyhZMsi8TtGLjye722CQ5wl7dfQex1L/vnHN5avW8B
Qdq+TEQowytWJC5qTe2EtwmRiCcBc1PNebQFM3cT2rX45cl6iiFz3zM2EYvTQBYf
LKkLudvH/4vd8oFWS8oKY6mzPtZKWZ4XgM9gxCsN59HZ/+CsrNFoEx1kTPVRpfD0
rgr/sfNpVKSS7E4hagMUbElSU9GlcyxX6DYoqy0sx23ErcOi+/Dl9MLNAny9+xO+
IplyP9dVbeUCSLBbzQIH57FN64h3iHXx6Q/JNnkmLNKwMXNIi+ekE6e/ikZLSBhg
cMrTtZO+G6P/7bQKOKYxIkdaoFRL6qkqKqzTbHXM9F0XlxcjBP4EhfSzS4zTk2PP
oQs9iebTozmbk2x6xjkW8/D27fmWFbWdjCLjCN2Z4xWkmkkXonwrdesjw4ORGxwk
AsS1VHW5akXeXr0xHx6wjS9y6sGftYWI5fghlJTxvvaSjBY+13BvLZboKLAw0/0j
5JiyQAB/t22zUaHvi/YEwL1aHtpgY/PUEatbHmU09kt7PY+3jiURxPHjae4CelqL
D3dFJ/I6DGPuLhLgxCUkTDXGDbReugmNA9rM0z/aS/yQuwRh+OiNLsJd+iifaX5p
VlDyRq6gOkRej31jO8fPKEHNDLgTToHbDzDhUTBKGcjePhMH0//JrOkH3izTpSWR
6IEfM6Jo8HvcZGPqO0Ra5HSOBPcQ/rEr5GiEtbEUqkJ3PonMEYelK2buI5Lw5sUt
W8/wt9YLuXap2OL4jnVAJrfLf5n3fOPm4F9mCPCzBCNzBv2U+cuASVh9HA4E8+dG
KqR4FEqqv7Mo5DONHdfYk8Sdw5IYx+XGahqk/qvrqR+QXPBbO6oeXLmbIl7TZKus
nqAg6PoENnxf86R3jPwrZOc11jasz0L6zQ6yVQTxlx/Jj3CbzhkYEHh6sU5EPkWu
H2B8lFifdxkn8CIs+cdWcSyVxJlYRU8qwqdUudsXbCfN6bW41/V43yrz4BozVuB8
N3vOTqoDZeLRRAebCaFGRmUGWW03/WvOqqdzMc3UFxBiMDol0Gyr/3tKff2kf/dY
KaHssQYIIC2hh+f5l+Ekp3XjaX6GFtAjM/scJlC0ftupzk9tJG3scEUTbK8MwUxT
pJ59+cj3CtdJHxMVIc904PlPqsocHzK5CpqQD5Clvqj1jFc+eZ9BICZ+s880Ie9B
bFpW1S8AN9UyHl6nCbllDOazUIhdRh5goDv1FRv47Wtr+zZCseGzIJ7oCAE38KDZ
u6QdAe2a16qibKGeOKaZEVm1DDIae6YCIUUJZw/PDmO5Bf8NkRSz2atY8UzyxSxi
K9HYKPDly0ILMF+aQzqvy36IttNYQ22nqN1XVCmYF0HFPnS6RFyDXU+Wa9RATL1p
u/kW8TwMOBveXstkJUm8TBhX5TDEFtg+Y+tyDNb4n4xwpuishLd/pMck6LNK3fO3
cOaqQssUWkpjJSzSeedcA4oonnq833DXP6SPF1ksXlArsDVWB4atlFRqbaUKKrpv
Hinhb+MUjANUW+TcAEznbTyHFvEuNCIX7WU7SlOglcrEjJzGnJZC24+l0KzxF3ed
7PndgDslLmJc4ExhALrKGFw57Muvy1UNd4f6W7AEraj/54FIoZzDRH+R/owcjuiK
Pza8vs8W8792ds1ewGcLs+B1g+l79IbO0+zR4eio1f+6kSsRf+EucrH4RF+lU+ba
w56nBq1EMoBJFuzPrLdAOD9vRVwi8cmKYYf/VgriDvZxqsDsdjC81fUEesG8/iVS
axpAOFhCp8oUQZVg8yRsR7x/m0EjFWZPu9JZwAge76HhwpSu+yg55m5ndeXEy55p
ss6t9jHwuFu7F8q75xTTVE+jBZomyxfYQV0qFvvelF86Hrc+FTobS2AzPRzhwj+p
Wfh8ORVoQaHb/BuAREB/xXCLhzDsirqoUKDcVATLnBUvZIawptgC1OjIaAX3Xgn0
VQXDSeABdtUDVBgI67OgFw==
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-and-encrypted-over-a-complex-message-header-protection-with-hcpbaseline-decrypted"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-complex-message-header-protection-with-hcpbaseline-decrypted">
<name>S/MIME Signed and Encrypted Over over a Complex Message, Header Protection With with hcp_baseline, Decrypted</name>
<t>The S/MIME enveloped-data layer unwraps to this signed-data part:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-baseline.decrypted.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
MIISMQYJKoZIhvcNAQcCoIISIjCCEh4CAQExDTALBglghkgBZQMEAgEwgghaBgkq
hkiG9w0BBwGggghLBIIIR01JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUNCk1lc3NhZ2UtSUQ6IDxz
bWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmVAZXhhbXBsZT4NCkZy
b206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNt
aW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjA5OjAyIC0w
NTAwDQpVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wDQpIUC1PdXRl
cjogU3ViamVjdDogWy4uLl0NCkhQLU91dGVyOg0KIE1lc3NhZ2UtSUQ6IDxzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmVAZXhhbXBsZT4NCkhQLU91
dGVyOiBGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NCkhQLU91dGVy
OiBUbzogQm9iIDxib2JAc21pbWUuZXhhbXBsZT4NCkhQLU91dGVyOiBEYXRlOiBT
YXQsIDIwIEZlYiAyMDIxIDEyOjA5OjAyIC0wNTAwDQpIUC1PdXRlcjogVXNlci1B
Z2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0KQ29udGVudC1UeXBlOiBtdWx0
aXBhcnQvbWl4ZWQ7IGJvdW5kYXJ5PSJlMDMiOyBocD0iY2lwaGVyIg0KDQotLWUw
Mw0KTUlNRS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L2Fs
dGVybmF0aXZlOyBib3VuZGFyeT0iNzk5Ig0KDQotLTc5OQ0KQ29udGVudC1UeXBl
OiB0ZXh0L3BsYWluOyBjaGFyc2V0PSJ1cy1hc2NpaSINCk1JTUUtVmVyc2lvbjog
MS4wDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0DQoNClRoaXMgaXMg
dGhlDQpzbWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUNCm1lc3Nh
Z2UuDQoNClRoaXMgaXMgYSBzaWduZWQtYW5kLWVuY3J5cHRlZCBTL01JTUUgbWVz
c2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEgYXJvdW5kIHNpZ25lZERh
dGEuICBUaGUgcGF5bG9hZCBpcyBhDQptdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVz
c2FnZSB3aXRoIGFuIGlubGluZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVz
ZXMgdGhlIEhlYWRlciBQcm90ZWN0aW9uIHNjaGVtZSBmcm9tIHRoZSBkcmFmdA0K
d2l0aCB0aGUgaGNwX2Jhc2VsaW5lIEhlYWRlciBDb25maWRlbnRpYWxpdHkgUG9s
aWN5Lg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQotLTc5OQ0K
Q29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIg0KTUlN
RS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQN
Cg0KPGh0bWw+PGhlYWQ+PHRpdGxlPjwvdGl0bGU+PC9oZWFkPjxib2R5Pg0KPHA+
VGhpcyBpcyB0aGUNCjxiPnNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1iYXNl
bGluZTwvYj4NCm1lc3NhZ2UuPC9wPg0KPHA+VGhpcyBpcyBhIHNpZ25lZC1hbmQt
ZW5jcnlwdGVkIFMvTUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVk
RGF0YSBhcm91bmQgc2lnbmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlzIGENCm11bHRp
cGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3Bu
Zw0KYXR0YWNobWVudC4gSXQgdXNlcyB0aGUgSGVhZGVyIFByb3RlY3Rpb24gc2No
ZW1lIGZyb20gdGhlIGRyYWZ0DQp3aXRoIHRoZSBoY3BfYmFzZWxpbmUgSGVhZGVy
IENvbmZpZGVudGlhbGl0eSBQb2xpY3kuPC9wPg0KPHA+PHR0Pi0tIDxici8+QWxp
Y2U8YnIvPmFsaWNlQHNtaW1lLmV4YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1s
Pg0KLS03OTktLQ0KDQotLWUwMw0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNv
bnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJhc2U2NA0KQ29udGVudC1EaXNwb3Np
dGlvbjogaW5saW5lDQoNCmlWQk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFV
Q0FZQUFBQ05pUjBOQUFBQWNFbEVRVlI0MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3
MjBkcXBiZkFSUUVqT3l3aXdZbkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3
a1oNCnNncnpmY3FWTXBMMmpvMDQ0N2dZRHBlQXJrK09uSkhrSWhBZlRQUmljaWhB
ZjVZSnJ3N3ZqdjBaV1JXTS91bGkNCnZkUGYxUVoya0REOXhwcGQ4d0FBQUFCSlJV
NUVya0pnZ2c9PQ0KDQotLWUwMy0tDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5
l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREw
DwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2
NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNV
BAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2
vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuT
SxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjM
UJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1
V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvw
DhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYD
VR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4
YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1Ud
DgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJ
KGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbM
l1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkB
D+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTO
kRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadR
lE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZ
kPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCC
A88wggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAw
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIw
MDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNV
BAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XT
vyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4
WHWZWleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6W
z+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+
SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4S
WcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCB
rDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREE
FzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4G
A1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYD
VR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEB
AHOJojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChw
KfnNvOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNa
ACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMv
cdH4z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXT
us2ZPRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk
22OH4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCG
SAFlAwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkF
MQ8XDTIxMDIyMDE3MDkwMlowLwYJKoZIhvcNAQkEMSIEIFPOmRBiI1gpSbRbrEhT
xW8uQ+V/G/cmOB6495mnsKVeMA0GCSqGSIb3DQEBAQUABIIBADgh7UBYrX+esUzQ
I9zNqk4LnbgdQoUdeJtdY2Jvyl6dlV8cfIFNgng8IluuuJI48a5yJwYG3060AkvF
JC/hq7sSBCLzNVb9UioTixGi+4nGB2iRb7TKsfamuyh5Zdjg4OrN8N1H4rwUQ1K4
Sis2TCi5/TSc+UYG7rH+YyIRSeVxNCII3rEA8E+dDRg6R5bqOTHxInQbBvG9q19e
pelntJeSxvRSOSYwcoNGXenZ6S7eqfB3iln65d0gURSV7hPSfZwh1QSZa47egE7V
9Dgce5pbZYQgeB27mLBCpsgRgYKbQ/+NBPBexT6Kxixd4sND++AZ6kUie+AvUpXo
+kGun/Q=
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-signed-and-encrypted-over-a-complex-message-header-protection-with-hcpbaseline-decrypted-and-unwrapped"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-complex-message-header-protection-with-hcpbaseline-decrypted-and-unwrapped">
<name>S/MIME Signed and Encrypted Over over a Complex Message, Header Protection With with hcp_baseline, Decrypted and Unwrapped</name>
<t>The inner signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-baseline.decrypted.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Subject: smime-signed-enc-complex-hp-baseline
Message-ID: <smime-signed-enc-complex-hp-baseline@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:09:02 -0500
User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...]
HP-Outer:
Message-ID: <smime-signed-enc-complex-hp-baseline@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 12:09:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0
Content-Type: multipart/mixed; boundary="e03"; hp="cipher"
--e03
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="799"
--799
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
This is the
smime-signed-enc-complex-hp-baseline
message.
This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft
with the hcp_baseline Header Confidentiality Policy.
--
Alice
alice@smime.example
--799
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body>
<p>This is the
<b>smime-signed-enc-complex-hp-baseline</b>
message.</p>
<p>This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft
with the hcp_baseline Header Confidentiality Policy.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--799--
--e03
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--e03--
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="smime-signed-enc-complex-hp-baseline-legacy"><name>S/MIME anchor="smime-signed-enc-complex-hp-baseline-legacy">
<name>S/MIME Signed and Encrypted Over over a Complex Message, Header Protection With with hcp_baseline (+ Legacy Display)</name>
<t>This is a signed-and-encrypted S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Header Protection scheme from the draft with the hcp_baseline <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> with a "Legacy Display" part.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 10640 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6856 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 2367 bytes
├┬╴multipart/alternative 1415 bytes
│├─╴text/plain 476 bytes
│└─╴text/html 636 bytes
└─╴image/png inline 236 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-baseline-legacy.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID:
<smime-signed-enc-complex-hp-baseline-legacy@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:10:02 -0500
User-Agent: Sample MUA Version 1.0
MIIerAYJKoZIhvcNAQcDoIIenTCCHpkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACLgXflY746FTqdLnYLWQE/uY53acAbSNoGw
OY86dFVtfd4kmtKoF6bqyRom13sRj228BwPm4P/SiMKTt40967XTuuuYFzWYOIl5
QV1W+59RRrZnNMD71rG6Cy/t2jcn55iGjpFhVUgD9LMD4YgO2LJfvOoQLFDDvI0w
Q09gy+4+ydc65IKk4qZcn2WfTK1TyVnHAAjc9vLItl0NPZCrPsfrm7JiKLtyBT/1
CsaVp7atHrCNZmUSb0wrcfdXkRYmMYu8Tws/+Ck/5LBKc6FRRv478oqZLpP88Bkh
37OF2AqrfJvdLQZFSfqxeVZbHBO6sx7y9IDQUAN5qCy72w6ULxIwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAOuP/nJwnkTi9bK5viGgKWQ5l
Me5kgUCfpiPFrKfzn98Wo/WeRhNuvvVbK5B+4TT7W2TC9FD+zQOdKtoU9i2EbBlw
V/nSbVJoUjnFyPYRcAKgw828RfQM1PGZ8pRUOBMlZuk+TkCPdUAIJGsI38trL7c5
pItqwKJEEoZqr2qe3/rt2eWStYDbZH6ZCp5SktozKYK2jlLxYZ15K1qQ9tnnf2pV
DIUf8UTHl2NFq9SWC/Vnc1ifoAmzgv/Q3CY5prl3Ucz69LpGI5vAQ25+iZoRyzzT
jsP7xbIHnYS+CHKS8sOIDL2vf3/b/cSOp756tuVd4kGBXYQdA5NV0ghvPXX9BDCC
G34GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEF9OiG3jOvWyOYsEwUhg86mAghtQ
J9wQwdRPPRIjqaFR9ciP9ECMC1tXw3uNHjsjl9tgTgzT0WxgwuKrHDGzYywRPtFD
pEYPXbYKmjH6w8fr2a46v8nQTgErdhO0gPQsc/FDPI4s1uR+aCd1H3pVDB2HJ4lW
uJhtyalcbFT9As8mNk9izHLd/K4POXKc4W7dhv66BbeBMVBseFDbGoqPalblRHsI
c7sjqLUsmlEWIkU6e18/KHFuxW/m7p+HPItcN+MzhsIrOAzpAb8tvy8a4z7FCrRt
BlNLjzGSk1qIswiUpkhWgv95ZjiJ2jX9+BuOGXWDn8c4NNlyQQSSOg7G9H4gS9m1
yx3D1UMHko+nqGuFdECX4yE96LnKFK1hhWKuIRC2L9bVaMB3lhf6D/K+k7A51DZx
mrOnb6q1rkAS6xr/IlUCPvogo8x+bEK8fufZM806AaL8cRPxGHxlhsV1KVC0TGka
sGm3koZZrSX4Q0MFYQsl6HHAFlnCN6agVFema6sbqC22oNtjsTd79Ee0S6VyMvh5
04jJJqbdrCNmh7LPThPY7sesrJwMy9VgWh3qHM8q04JLdQOssxss2WI4QFahFO7L
6Ldu4yKChpXME6dvuybeAjmKdiCBUt79BXhE4frn3LKm8UWQXUV0nUrGRdoFszf0
5+l+SEre/4oLtBv/IIKF9+rwZzScLvhZNhaZq/6rK2s1C/UlAPBKP9eP1L3TAp3m
na9wJ7kmaTwo9xKFlYP9yUv4sMe8pdMIZqGGh22ijtw0z8qKhi9AaoqXH41y6wmA
r9eZ/HIhXtTBfCpRxHqU47wgd4Cn02kk8is43xI0QjClAfNpWEGaGvpZjyy3v4jE
REQ0xJiu1nmUkyUorx/9N1uYo1XeErF5oZX2J00WR/YUQZhjvLK1uH8iEdXp59Q/
BLo7yKDkt/TwY/3IdjDsx2OSgVLekKrOcQC0iAchM0Zg37DGIQHZRknff2aAGhjK
oWXXlfb4M2ym+0BsBkgJHrH63Fk7kxgN9VwUyY5HxyWCQDKauMwUKw93I2tNm30i
7PfnkDlS0QmB3cw4XvQGgQWfmBEp8P9q04QVzeiZvOy4IoFqh0jiOLlkaup+WuOh
zk52lU/im2A9MzlW87UNNsFpTz3pP4k0ZA1lkVSH/HGhCIvHqp4xwIiIECyt6U56
S72X4sUedoBFrZgZYEFki8XJgaFQHjFlVSTqbBifQbWELa8l6cJrGy7W+Fb1d2oI
6hLQQP5r//j0cPfsTayrV8o7QxlcbW2bQsPkCttjB9tM9MDwR1ID4iywG80eF/fD
F1H0+6pmvcegREdmSYJr4QgnqY6thnyBBiFVdSGMUP+3Q8jZqHxiJUjYY2BYnNL1
kjIe+0M4Eey/U4/kUxrlNjzxvXd+7KWaVjJaLwPpVqbfBq8cBx03Q1yZPGRx2xVN
4Z8EbSAO1oPsdJSrjfgM6oYwz5k/92795rNB8nXAQTqcEGBKbajJbqEb2IjLXCzR
bvZBuwESmwuzqqiCpf7WYyJVOEfQXEdPzXtBe3TAy34J0RLaXKfCdKZ5oF4coh6l
WFlm1QqJfrsAuwb4L5QeOH0XQLCGnORRGtfL88TFLxd8quUnxHgg0lkO7UuT8VAS
6n3N882CFN22C9BNkR5+3bdpdQZOAxuJY/5jYPVSfX9p2y6gmJ+KLuX1vYyB6CjQ
sA+bQRqWeqHw5kN+gTXT0UHMOAdqw8D8MPHhU77MwRzaFb6DK4Y0LPBZoVUgXxg0
8Mv52yq5cra82c89712+fHaY43onEGJq2VmKnLkiCbQExVc4c6h+6AnQleZQ0skg
5Q8vzFONHIiHeGbuABnCHmmABs8RyWm1Txlr7MUJcm7gR850sZOe1KqRKWlGEM4n
5DH2JWl0cYWOQQpnwTWTl8y7hq2rzcLQEpzfthHQ9Ezu3GDBieiDdmcKDxtq2FrW
Uo4F+VbqnJLdD/h+QoZGNcCqWeZBeSm4qRKFhBZCTXE7pE6DOaJuwlShov+Lej85
xc+FMb81gonG7c3NQajMCOCyjewQULR/qMUURaZbQkQv+GDjkzAdRjZK1cc+JUaS
m6cj1xsZIwyxELtXNBfvtqPkjrjvzNQoatQhAA305TS9QlQAKJ1+LenQb+otDmGP
hQUaw5Db/w6lheBxqhW/rQC1Wk1YHcTl7vQr4kUK06TjRQ9RIV6ds2V5WDrhEFbn
O/KGHN7k+WNanxMmhyN3Vpnlz6J9OEaFTm548ElQUnEHeQ2z9pJc9TGAAzrSakn/
WgWgonMKkXuQVm8jb/CkpYWrXSH6TvofjMn2wL6SeB5ax6cmW/O318aGJ9otfcXe
0kyNGKbiiT+raZlt7Nno7B9JHLJa5estp3dxb3v1J1lN7diERT++8Gqo11cm15uV
cgdBmP0h1hFRSilr4Z+1DHJ3GRjHoDS5yMI57NpmKCO4AsM4ORXOMSQdm+RzrUfA
8j9LW3/5MsLOReNNioIz3/Zz25xpEwLs8VlCP4g8WKncrKlujFc2BECaA8KTCDai
elIDjix6aC9k2t7gwJKaWDmlUjGcrJNnxs462v4INJak8746dSi8rWYpnFYpcl/c
WPEHXmdVDIME6Sdomiju0tKhP+QrGmORQuRCHfyws8cLLDAyyJxmdQxi4Zbka+de
uBlJkntYvg8mFm5fKyZ2iUAPzFpGNVxA/eDYKPE4opLKdOrNtHakF2fhyq6m2LAJ
pGd4PJ6U5huBF1gazcSMDsOcP4vF6mBgUEBlDTUkFCisSgLHmDouZ2CLdsXcJ9ZU
WbjJbXl/ZTX9VWcd83AJW3HQDOvFHkNVL8GejHQLdLC3iln5D1I73CDT9AYINPtH
BsChRv2Au0eYpwuyEolBHX5QzFEUVh4wG5qDgzBBzx28sl2CGKvFsaAxWan/NdAu
g3mcMBeBtinMPxP2ifqaaxsRoRVjjCbhT7ouZMsPtgJ2oFJ9XGVBJ+c1l3bxDnmu
mEbiKmlz2g+TfjsqL7GIpctQKz6Nu9hr5sY1/Zvz4VrQxUOdp/WL+M4vGJRHCstX
n+kLYSnepevLEPPOj7sU9Mokt5jVNx1iEwJ3U4P9g+LI0oKrUSZczoZ+V/+MOvi3
oBS18iTfFR7840zWLD5DWK1lqIrnEzLSVV/pZ6ZmVxFK3zaN/AM4Y82IvzM8vci1
/eNI1Tndd1JAZU5zLak09u5eacl8GYkk840oqxHOX6wsMh1qftgg0BABoU27cJ3D
7xuXm7EWcUXrQMVpNGO/eG9VJ/it8NUrp1k8QP0KPTQs43jJAoHREYb6deyEwgTt
3L+yqE3xoUB0SQCsczkcXGg7ACv/sb0clhUon4PngjT8e+gc6SM1YckQT5KN7dTe
W14Slku9qpSMVJI5+XyvtK4OX2LLuKjUCQDz2tThVu+AhdfgUqyMiSJr1/fCDDy/
w3lQQioXXXU0dwJhgzmHG+016o4uOHxN4iYijfkQW+Zil4AGMF6xNYbw8iKhm08r
ksvdV0g2gCSwiISXH7bfynWXD1QrDSbr4DPW0U7/EfvH/wGX52wh7EprDPTMa9Xh
aekbxK3QiE2R/LPrcm7U4li+FmEw/d6cSK9Ge2HYufj6zlPpKX1tyLD+Ucosj+yD
dufxtdKIoXA3iYISLc95pWcAu9V+VO4lRv+OBH3vY4KsLLi35aF7F8xaj2HjFYiO
Q6UjTSxWSOmEFmRQm1KFj9brBWFeZUx+C/kFDdtRg9ZPhUKxjSQTgMuJoZyFq6B+
vIrmQTo07RTaQgZZDD6bY2cmuQAflEJ/4oszywS+yeiyl2KvNUVuQTZ6ofCZcTZh
7iOkjkH8hqM9xYFvHU/o8ymXKclJDDgDHfgN46NNNh0Feq56/ippiLLlIzCr5wtG
Yc48C4WhECxWIrx4TVktUHGgKJGLQYI2qii2kuvqKCavkf2z7NJW8781xZLzgOvD
6+19H0VhVreHwFpjg3axrJOiA4D12Jq7RgdBqTiB+rTqxTTSsvMldOad18IgFUyP
dk9kPP5heCtT/kNoqeMvTCYtv6SGgoT7oX76gUOzHvlbWq5nm8p7mIl+CumgeBoH
xhFUaLIpGVendGWAfqmnxDIHjZ46HvzLg2ANVxfNnxvHXVNHWOyOh7GqknmAWob3
GrFF9Td9/UoFD3+Y1r4FRUpHXUOqaJq6tIY25TttzYWcvJozJF/GK/77XVIqQ/lt
gLajNfWSKNOWv+1l4VkS/ioylcXGKMtPWYsEhyCdqtSnqf6cvcoEIyyjBlLJCI9S
og1FOm9Kul4HiAtXwPhSLEoipfPIVITOTcOpDp0ZtDK3FamrlIphyBe8tva1S0hH
9MOLtdwoRVbMUvSGy2gOgWVvpegVHtGNJ0nmdSpvMEEktjWUawtVQnkBWCvEaJaQ
bx6bH2fWfOvHvt0aLDk+51evRDovLAQof6s54hvdW8wT2RS4B9J8VFmMM2dvK+ku
t/6AhCpr7GCd+9LodG31XETykfwKjc3s+pKQ/eQtlC4X1ownt9IS7t9R1670pR/J
7qe8Yus3cqXS16PmWJRWMr6+qtNKOTwNRKVrg9CgWFSAytcTw1OmDrRLITDvQz+9
JTgvTaQfA6O+QqVyygi/JvU7reNiFJZ4GSfw/fvpfWS2bQuH7HWms04dG74n6ZBF
i3407k8HsNd6PGHDQeiZmKlwnmr79b9pmZfwO72QBmF1zxZ21+K2ts9S4Zjdmp6l
VEtvWFrmjWz/Z3h/yxQkqol+VZ3U6LbLh6MJ3QdVgTXCq0jicb2hs83an949J9SS
cFfibs77cXmRpGGi6QLhRySwfCNtrbFXgvmJXe3am6tlPAvuw+3hg7JzqDi3zanx
ymQ81qgp7I2/xHY17faGyKvOnBvwUTcJ1OYsbnCyLb3zhLPgW3WeWz/7MI6/V0aX
3L6acMB4yyMi0lGyQdCxyccMrqxjw5lq1kMMbJNISDTkCIqU+ROQVtz4f5TZk4Af
U+ATVySGZ23DAWsI7l8vX43wRtMn0Q5zSkDK/ulTGfh89rSbk+4bq9mbCzWNLjG6
fpXTRx0cW8pPrC9JGKDxjss1dAYK25GX512g63g+gWRcEzUEPTjpY48YjEcfonus
TIWEvgrdorecsRmwyBOvPYkEy52JnKjbppPTM2Weow3e46VVsrmgcB9Ev21WbXH7
RqK4EtgDpDKNJtmpw/l4wl+Tyr2IuOHXWOmfWkSz4JLZD6fOJS/v6DqYU8spfRwV
qN1lgvvcmwt6BfxKoym1JMM0kbl5iFxSkFSZLegDYRZmBkp1JRFpWM0qti/R0ngM
f/QfhOps5JLnzigPWk5XdIRE2N/53uDJ5FhGsUy7FnZYgmJiSXcOasNngmdQ9OZo
FQ/uijNReo/ozFhlgEIBU84o4qaUDYdyDAqq349npZt5XxbHpcHY4FwZhiQBmOA+
7rInBdHfrFiR1ZkEZtnGrlGV2KXZk8aPQsbQMzYELU841jSpumlw/NlTdgbzuGus
T8QH8kRbZLwItMQfofo5+VPJoPvldu8m7ezixf7H53fhPiNOjAnklMAM+mCPGBNk
W1G7GVAZA8eIqRoPVdVh6GCBauMrrLLOvjGX/wF+Wb1tR5CobfWFPQy58k31f9S8
AnyXUbuxEqHz1UZV/gS84sE0NxrB7bGj5+pFbOAs74G2qprKVuiCQ/OANa7r4I1l
r+NehvRu1f4piCbk5gutF12kig4pEpvzdfQSI3Zn8Y/nMj7nuzQjkkooh1wdiw1X
8DjTccNQbEuNUaBc4zFogJHIQve8GuXAZvhSlda9YWZtL6JfBw+sjU68I6/Ubc0g
gslspiJ3+EDxXV8UyT8+Nuw/000mGidIwenHENutknl25rgLiTSvdBASsP+Qo+8x
rczJqeqah8MM/IL4WRNI5GMDyGFZDWbVBxur6JuVS/zqYT4Fwk5B5aelCueLzoW2
7FL+9IKLVds9QPGGxz4MoOb1M6uknKllCtUMx4vI1VO8J0F/vtizCu8LqMm9YI8n
++OXIePV/isP/faYsFaLAc+Sv0aBniCWKxkIO6X8S6MpcVswKzFTpvQ7Neuinbij
eOSTpnciebKkKAw5nBtb0s6gPuvJg0ABVD08rYei8Rxp84WvUU+P3nzIv5StGDdi
M3SJ+vSVTZXY3CQGEC76Oi6YFsQFTD8ONz1vdbhgeF9kBQZUAcPJhfhfdkJhnjni
GWRW9ToyO7Iufd2Rqe8qZpl/5e8YeCjraE+8FYgRAmNCIPnl9dvBT0kRS1d1aV29
iZQWcvt5jCULyeCoQ+Qiu772ZlgToKMS6dP8Rzu0CKkLoRNQzsbTctEL+8wIM+Ym
u5y/nDH7Igvf1INUPuU84CghaRaocFfmTF7iPFbOsq2WBq5hvtGXRqh+k9vpq7yj
wIzbo3LbPalddV21gFhpd7ASg8u8bAgEkarf+C9cejIDtk+/WzilYuX/yzv88aiX
KwdXrwk0GLBHaRsNWPipOUxhleyfAOgzSSm57vGB48qsR11p/ZeWNSLabF9cLKJI
eTi7BEg4LjmLYKuLNsTj5ahbjrerLWiMgX+fUkss3mb/tYc5/FS+GL3t5gpt/z+v
AwauFCK5hrlmKqtzFRr0PNycXRhnBz8JKNJRCnhH/7pze40Zax3CpnllK/TmSPjE
s3X4vRFc2jn3KDbwd6me3AAkHikYmnLlE7I4WHyc14KtIvw6ZUcHvYNzLOrUJUdw
Gn9/wclMLJib02ZIm9JYgXIVYeLTd2zqEdTU8kA0ZSU4fib9yFSPzsTqfK1FWQqb
KxG1EkKMeSOOZXQieebr+V5FxISLdC3iShBCxouDlSVKYETC7O/Cmq44LDDtDC/w
ymdXt/kRTv/Bj4ymTCKzMpKZCKhtWCaEuQucNcVeVO1vj+iHxfZuIXxJE/Xc4+VO
gO/OnaEc+0N73/fNkV/QFrOnOC/u1jeRPSWUWkEK35UYCIx1/wuJXnXDDZMVYy40
GJOIKqOCjOjATNR2m8ParmrywvF+IEQvINz2G5VAyDeolRqaL5azDA7vuS1O5oeu
E0bZ6Ug9KUgmR12ZEu+28oEjrFLBNDP0s2BQQJxOA1kRYi5ba0rcqOoUWDnbXVW2
MywIzRNt5RgTxQEXh7PaauYMC0qSoxb/9lHzp63tnowQ6wSf1+9s6tkmqOcqHuwC
p6Sv+faNqT6VaS38LeQK61hgt9nBOOr2Ozcc2qYoc5QxJH0/dzpPNRutqaf7Lm30
GLvJiAjn16D5+Wm1M/gqTCmG8FRuf+KaOpVFeoXMNhFVjNPtJP68xl5WDOiemszC
qNTjE+Xy/ZOkeHNdPuhPA2BcGOlcnaowchEPibXFBHPlWxqo75f4bLZuG7mDkvdP
63Z3NO8XTMqWiWyuc6EpwIh1XZY8KH7zJApluCdovDjF3CmuwNFP05vGdu2zkx2Z
VMOe34JUy8/YlVfXm4L4gKJbjjByWuH0xCavNOHRknSPZRhrgNWZQ423TYIHjRxU
b5Bzg/bEXZntfWJs/j6mCTHrUepBA0s675njsNfdoiJW7Swa9Rm/XtZnKetNSBju
QcDglGqXmLhe4ELu6wLs7n2gIqHAL0XeHmObBbCGD1ah3SnTpYNkkKKRcbg3D7uW
c5ORsFu5EXiLza2xwlEOXh109Br4YW2aoM7W58Lb1AQ0uDx3wMISdWCcSuUQ75Tj
8XFAHLH4iITwsWvMcNP6+ExA2otAcFhuMCsMHLUm4m8wTh7ogdrkZhxFrd9M9/Qu
MbIbqS36eFtjZshXBU6iydu0jCWHz4r2aXl68XwunN6HSHhEmsU6+WKHbEKNkE9L
NWJsPljtDuM94Axjrf5MLugZge9Y7COkLvmVUn9p0Yl9CXEAGpGFHbSPYQCSkXfO
YZxU45ZwSKIP8P8QaomSD3y2xVFqUph0xm/CLPDwkSZm6Wl3ZYMKNuhROKxeP4tc
DUNFkRkyvZx0OM0atctx0McFN9JrnebOMh+20NEYlefiHI67lRUPOVguMOK/XIT4
weO+LLifJB9bFLDXd6aib3JY3jVf/1nzGKu7+Qr6XnL+Rh1qsBtt1aBWhPjwf960
1b+PbEBlZN+J8EErhbaNJBQFigS9fBE/zk/I90/fUqQxhX1AofJwH+jXH4XAfWTr
04a6dVJThq5yN8kWrdUP5TDY0dUf8gvML2s9BtVmRARquPBQGJLZfhh+6xJXdi5c
1qaCYxN6IwYc1v7ctxQtahSVdu89QXG/SxwmkLuvIbLfhJMnEOSz+xOiVa2tLJFz
2GyJb6NklwwklYvG2QALEaNl7jLP2YcQUdg8LbxKgmPOFhRRPZrwvzXcrgrHIQ1k
No4ZCWBkHs0HZEBzAeGKP0ZdRTleyOlG+RgkHEPgau5dLnlnaKlKUInzbbspvp/Z
Do6Pp1R+ezTkMoDFmiOUgGrHnhiWbrsciYeqCaCaCTHvCq4Yc3dry+nVFlxMqq95
X9LucfCcSAAvD0QA4ecf6LpdTIpNv4LcdlFqR8ea6uw3tQ1gqxUPVIoTsavfV+Nn
xCGcDCoOQqKmYzOWjEkpLqJUJU4B8VkdgjIz1/+kD0DZKWuo7WGiphhqv5M+VJRr
5hlDxDMRhyaNKAS6Sa8yN3tWHYoXmHPgU1XL3MT0QT2GR51QbWq16+lsCkeaFL5b
0jvQqWn6poDbQ0qNzCk+qqiJjD8UzOFkpN66amptse6KXgc71xp5fBE7m6VUHv+e
6yhJ+9NcCA64prKqBxosVOyb5SBWZGofFlpgmbStt+1hvcPA8TS1Y3LlVd8GCNP3
BysnpeELKcGGHjdUovPTWk7v/ewl/dJ1dVgEiRsnSU7G4bMhR1OY3lRER902wjLm
6zdOuNbd7LrTimhtu6lWIFtSgrJpPNKpDTgjGn5X8R8MuAFJFibkS4uMbL1Fty32
bESHzoLqSLRgWgLpZQjmrTyvOgvYyauKjZYslBnVqjd+oBq9JUgxh7xKsG+z2KQo
V4QC4M3z0ppx76fYMETfOMjp9Pm8KyuhEHXIbAXoVE1rer2m1ptaJGZF7wUJAqEL
uJiKSztN5S5sFe+a87BsIlDWkCLZRuDb04aO+ndSd343yK9CMfYKbknZXtC/cAVd
2cwFAg+qix+351gdmGd5L8tQC9V4FO3uy0JQU90g0Twq0nE45fvLj0J4rnivuQkD
NMypJdswmGcd8TWFdb8kQMtZPNWuupbV5w1lF3ibGEhGqtO+4/gu1ua3jg+cHI3o
oKBzUuvYGLXrbrYnPE1b3HQXvxDVd8m/+KLDNiwyQ7UT676iJn7ARCYZCwP/D3g6
zMc3NXJkUZ8KFOHqokaaJ3jleLoMi6JB23bhiv/RRJuYk+TCwX7uBKF8fnt+E802
YOhbKcnThdDUreGM2QrsjZeHZQ6qgIkLUedro8EsPI8=
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-and-encrypted-over-a-complex-message-header-protection-with-hcpbaseline-legacy-display-decrypted"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-complex-message-header-protection-with-hcpbaseline-legacy-display-decrypted">
<name>S/MIME Signed and Encrypted Over over a Complex Message, Header Protection With with hcp_baseline (+ Legacy Display), Decrypted</name>
<t>The S/MIME enveloped-data layer unwraps to this signed-data part:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-baseline-legacy.decrypted.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
MIITdQYJKoZIhvcNAQcCoIITZjCCE2ICAQExDTALBglghkgBZQMEAgEwggmeBgkq
hkiG9w0BBwGgggmPBIIJi01JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUtbGVnYWN5DQpNZXNzYWdl
LUlEOg0KIDxzbWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUtbGVn
YWN5QGV4YW1wbGU+DQpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4N
ClRvOiBCb2IgPGJvYkBzbWltZS5leGFtcGxlPg0KRGF0ZTogU2F0LCAyMCBGZWIg
MjAyMSAxMjoxMDowMiAtMDUwMA0KVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJz
aW9uIDEuMA0KSFAtT3V0ZXI6IFN1YmplY3Q6IFsuLi5dDQpIUC1PdXRlcjogTWVz
c2FnZS1JRDoNCiA8c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLWJhc2VsaW5l
LWxlZ2FjeUBleGFtcGxlPg0KSFAtT3V0ZXI6IEZyb206IEFsaWNlIDxhbGljZUBz
bWltZS5leGFtcGxlPg0KSFAtT3V0ZXI6IFRvOiBCb2IgPGJvYkBzbWltZS5leGFt
cGxlPg0KSFAtT3V0ZXI6IERhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTI6MTA6MDIg
LTA1MDANCkhQLU91dGVyOiBVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24g
MS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjMw
OCI7IGhwPSJjaXBoZXIiDQoNCi0tMzA4DQpNSU1FLVZlcnNpb246IDEuMA0KQ29u
dGVudC1UeXBlOiBtdWx0aXBhcnQvYWx0ZXJuYXRpdmU7IGJvdW5kYXJ5PSJmZmYi
DQoNCi0tZmZmDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1F
bmNvZGluZzogN2JpdA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFyc2V0
PSJ1cy1hc2NpaSI7DQogaHAtbGVnYWN5LWRpc3BsYXk9IjEiDQoNClN1YmplY3Q6
IHNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1iYXNlbGluZS1sZWdhY3kNCg0K
VGhpcyBpcyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1iYXNlbGlu
ZS1sZWdhY3kNCm1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtYW5kLWVuY3J5
cHRlZCBTL01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEg
YXJvdW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhDQptdWx0aXBhcnQv
YWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGluZSBpbWFnZS9wbmcNCmF0
dGFjaG1lbnQuIEl0IHVzZXMgdGhlIEhlYWRlciBQcm90ZWN0aW9uIHNjaGVtZSBm
cm9tIHRoZSBkcmFmdA0Kd2l0aCB0aGUgaGNwX2Jhc2VsaW5lIEhlYWRlciBDb25m
aWRlbnRpYWxpdHkgUG9saWN5IHdpdGggYQ0KIkxlZ2FjeSBEaXNwbGF5IiBwYXJ0
Lg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQotLWZmZg0KTUlN
RS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQN
CkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PSJ1cy1hc2NpaSI7DQog
aHAtbGVnYWN5LWRpc3BsYXk9IjEiDQoNCjxodG1sPjxoZWFkPjx0aXRsZT48L3Rp
dGxlPjwvaGVhZD48Ym9keT4NCjxkaXYgY2xhc3M9ImhlYWRlci1wcm90ZWN0aW9u
LWxlZ2FjeS1kaXNwbGF5Ij4NCjxwcmU+DQpTdWJqZWN0OiBzbWltZS1zaWduZWQt
ZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUtbGVnYWN5DQo8L3ByZT4NCjwvZGl2Pjxw
PlRoaXMgaXMgdGhlDQo8Yj5zbWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFz
ZWxpbmUtbGVnYWN5PC9iPg0KbWVzc2FnZS48L3A+DQo8cD5UaGlzIGlzIGEgc2ln
bmVkLWFuZC1lbmNyeXB0ZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQpl
bnZlbG9wZWREYXRhIGFyb3VuZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMg
YQ0KbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUg
aW1hZ2UvcG5nDQphdHRhY2htZW50LiBJdCB1c2VzIHRoZSBIZWFkZXIgUHJvdGVj
dGlvbiBzY2hlbWUgZnJvbSB0aGUgZHJhZnQNCndpdGggdGhlIGhjcF9iYXNlbGlu
ZSBIZWFkZXIgQ29uZmlkZW50aWFsaXR5IFBvbGljeSB3aXRoIGENCiJMZWdhY3kg
RGlzcGxheSIgcGFydC48L3A+DQo8cD48dHQ+LS0gPGJyPkFsaWNlPGJyPmFsaWNl
QHNtaW1lLmV4YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPg0KLS1mZmYtLQ0K
DQotLTMwOA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtVHJhbnNm
ZXItRW5jb2Rpbmc6IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5l
DQoNCmlWQk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBO
QUFBQWNFbEVRVlI0MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVq
T3l3aXdZbkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oNCnNncnpmY3FW
TXBMMmpvMDQ0N2dZRHBlQXJrK09uSkhrSWhBZlRQUmljaWhBZjVZSnJ3N3ZqdjBa
V1JXTS91bGkNCnZkUGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQ0K
DQotLTMwOC0tDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaK
tDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q
UyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1
dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExv
dmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP
6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp
1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6h
AQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXj
WShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2
lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/
WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpg
hkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0l
BAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyA
KRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTAN
BgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1
u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZ
ncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fF
o/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmG
pfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO
7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQIC
EzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChME
SUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBS
U0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1
MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdH
MRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOw
I2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD
73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aR
phZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65
x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL
270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8E
AjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBz
bWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIG
wDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCO
fAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3
/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffR
TF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9v
sdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkK
TM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4G
Wv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s
1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExB
TVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24g
QXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgG
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3
MTAwMlowLwYJKoZIhvcNAQkEMSIEIDe7/NLwTkHNon7IR1M1xiObMU+8qMIZ1No5
ANcjz5C9MA0GCSqGSIb3DQEBAQUABIIBABi/HvXTe3Z+LaltuFv57ZaUvY6kegwe
OGiZ5UPa5FBpQxoE/1vp8xG+UVIUnpdV/1THKPjKFr6bZZff1/4u4NFeBYwI9yg+
tK1cYz+B2cscX6FDAGjUr/6QxMOwd+ol7bnlzJJDrXvv8B5AOdHFosyOrDSrvn2k
Pzc6ush4JvS3aee5QFEgtd1bQx9fx3t/QhBsn5kGMC+3FzvKtmAYUlz0unqvk4HV
I40Goh/Fm3uzNxwTQ3/rzE7ws1Qkrp0VlBxVGgUa4dZ1VXVIizkRz1PRtis66F73
EXJlygf9Btm/TJDUivXGr7fCI2i+njByX9vqUf/0UANsPevCy0HQWCY=
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-signed-and-encrypted-over-a-complex-message-header-protection-with-hcpbaseline-legacy-display-decrypted-and-unwrapped"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-complex-message-header-protection-with-hcpbaseline-legacy-display-decrypted-and-unwrapped">
<name>S/MIME Signed and Encrypted Over over a Complex Message, Header Protection With with hcp_baseline (+ Legacy Display), Decrypted and Unwrapped</name>
<t>The inner signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-baseline-legacy.decrypted.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Subject: smime-signed-enc-complex-hp-baseline-legacy
Message-ID:
<smime-signed-enc-complex-hp-baseline-legacy@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:10:02 -0500
User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...]
HP-Outer: Message-ID:
<smime-signed-enc-complex-hp-baseline-legacy@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 12:10:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0
Content-Type: multipart/mixed; boundary="308"; hp="cipher"
--308
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="fff"
--fff
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii";
hp-legacy-display="1"
Subject: smime-signed-enc-complex-hp-baseline-legacy
This is the
smime-signed-enc-complex-hp-baseline-legacy
message.
This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft
with the hcp_baseline Header Confidentiality Policy with a
"Legacy Display" part.
--
Alice
alice@smime.example
--fff
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset="us-ascii";
hp-legacy-display="1"
<html><head><title></title></head><body>
<div class="header-protection-legacy-display">
<pre>
Subject: smime-signed-enc-complex-hp-baseline-legacy
</pre>
</div><p>This is the
<b>smime-signed-enc-complex-hp-baseline-legacy</b>
message.</p>
<p>This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft
with the hcp_baseline Header Confidentiality Policy with a
"Legacy Display" part.</p>
<p><tt>-- <br>Alice<br>alice@smime.example</tt></p></body></html>
--fff--
--308
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--308--
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="smime-signed-enc-complex-hp-shy"><name>S/MIME anchor="smime-signed-enc-complex-hp-shy">
<name>S/MIME Signed and Encrypted Over over a Complex Message, Header Protection With with hcp_shy</name>
<t>This is a signed-and-encrypted S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Header Protection scheme from the draft with the hcp_shy <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref>.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 9925 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6342 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 2003 bytes
├┬╴multipart/alternative 1104 bytes
│├─╴text/plain 373 bytes
│└─╴text/html 468 bytes
└─╴image/png inline 236 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-shy.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-signed-enc-complex-hp-shy@example>
From: alice@smime.example
To: bob@smime.example
Date: Sat, 20 Feb 2021 17:12:02 +0000
User-Agent: Sample MUA Version 1.0
MIIcnAYJKoZIhvcNAQcDoIIcjTCCHIkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAIT/yEi7AoxOH3WdBU9Ff3ge5PZyEKHiXwCp
exVEZRgKm2m1PHvc8STLe9siVkz9OH+MbPfTQ9RYRw+xiOmvK+mwpCPfAf9QDCWw
4dU75zCBVQOPy/m6+SDQRtvHyesEe4taEjnI07DcGj5ENoE8ugCcjr34HmBsIILF
+OLJQ9fTXTYjeXQbXjP0InPjQk1GgHnfNXgtIcTM4XEA/EEjPSrphXsifgnBf0Dm
smBfCKe7fSPN6tEeP+DIQkuQVZIrBZd7f+nzM99ixMH7kpI23Gl+BCLeSr6M4fjf
gMoL4tuj8WgT8kr1W6x3583fOonWNsVDW+9FJp5iefg5ou9g/y4wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAIN4h5gziR7BMQ587FEgEjT0P
M8QJzMfBPlgZL/POdBeNvMqLMABEZOna24NjftAZw887hhvv5nHujIBtEO3ezN6V
wZn0tzznuqMXBExxOHq+h47VahUNmg5zrlVYBVg5O01vXXPVoIWjW24vwZo9Q1hp
0QqGC0MItLN81RpwG9FTgvtGMx/uDs37IxHQDDH81VqSu50BbuDEYPgD6U3NtzkC
uVlW9aSqA0scGwib7bVLdmIoL3f++HUWD+YDKHnZ3M08E2u/trYTc3ofiU9RImKo
SjMLKQVGQYXg05sXb6IUWSXxKi43BfeI1YcQsHE6TMCcBN5v4esQ7rDyIKlzXTCC
GW4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEGjqoAw+Ed51rHpzWgYvdraAghlA
YTD4kIjvM0Lc1TM5w1rdgJ4hoLTX6BDFIUPye3MkOg20XYl+XKES4fW60C0vad0j
2A6N6TbJoxrHQFy3tSCnLScUqF0O4BY0Y8u300s7HMKV0cQFKFAzv8STtpu2uOUA
2pKrjK/BCYQ89GzGvhSInN+Lx475Hh8l11B8Ue3JrxI/x73cNufYsaPUmRQnYxPV
F0TI4k7kxaELKwradV/owDJnulGKq68tX5/GRoQMhFAZHrYDyDzvlG7FHRVQx8cK
2BZeCEFcCVbpYFu31hVmu+RB2MRFSmKt7FedNnc2cqNLTaCJURE6qSMcsBfxoGME
TjZJUVtB2Fsoe02UvVzOQvoJ9odB6oihKRsaEUe14w6aIpgwGS8h8LJiuG5yFlmj
j0kG4sQul4wc9zHGlP3MZ0ivrvUCxag9OOY/qI3aJNj/KgyGyx2ncuYps61w49kA
6QSnvPBtcoVGmu+VlmtSS5AscvHnUFcrj6HYIO68gVdJF5zW88qF7qN9rQaL62rF
Llt5TXz6TaM6+S0Q14QXA0nGk7Eeliy9e5Anu2DPm0jRZfujwouvzj+hBtelMX+G
kx7f8HiaSZP7wCAkw219gnaRQbyUvDaYDWlAS+lDbKk0jX+zH33T19F//aKw5grY
qAcCO8rXY6755AubfhUk1xmuR2nDeNIKx/q+ur/BUhrXH99788Tl9GHJVCqVUzkO
R6wAULl26kqU5HWrFxQtz6yjoWC+YU4tZJQrYFZmyU6BvSJhcKck38lwktrvXuvb
GBQ9Dmu+0qUk53SXEtbnxgpO54JyNRBpX+FP3MWqiMcQdlY+iI1eSNoatXEeLrTE
IzMiCYgx67jI3rgAshwBDBfxhXnqlbdby9/IJWsmfYlnhiubdlZ/wJMDnPMbE88r
pMw5IccDR2jM5PvQsRJrmPfUDkFXBio2KNUVMJy3AWpCUKu4/JxnR+Og1fs/ffbe
m1b794TlEctK8iXRzDp1CLGFTpsHtA3RYHHPd3DM2RPeYl1FYWILyuHTbZB7soKG
dJR0gpL6V/zpxo7y59v7yl7FEvq8+OwVkKgx8pGrAPPd9R/7S0jlqxSZVSzgIEWA
9fawyV7IcaSH6FhBSUgbQRm+javR4RgPHTSHrenFUm0/hPT1PL8GFDdZFnNhHZ+w
ktF9x98Lf/RlSwqT+01Hdgd1Hk6EytYuLRhT6h7YxBIb0iKPe21hVV0jFqnAqAlI
YhAACYQ32SJGZAfPQ1+tP6g9bGxKWb6hxn+wEhNR4BTbSujrR6dkFIQW7FfBZwDE
PMTZ8tJ8V2E1DgU0gD2RJabZ+FKa0DAArT4dFs5RsmCJBCBrydtE1Qn1QjoWsdC2
8HFI9h87fxcAs6tSTNtV6dLIignDCu2kBWKEMaAbuO7E0OUPV8708WbXGy4889CE
4SuGldMTX/h0r/wzSim+HFndJF+ocLL/7R/ynV6V70wYsGy3Qba1DrG6AHOQzIMY
uOtK2R/y6KDxKTQUOQpt4TBzDJu96D48b+BxIQpB9KXSbNsNQuHBql9A30FlZhxb
kELYZmenmi89slmRgdjQ6r5673r2kGAD5601XLhtT67QsrBNMe5FX9EKHIKdamSY
a8weblLDrpHI8K7tnuJiBPIF0/vAiJRkJ2ARDcuhEAHVu6ONX3+0dylxiwMkR8/o
ae7dI+RQWgl94g6kd1AKT7pOyA4Paah0fZZ0SYwmR0MTXMt74Xl0/AWgL0K/GunI
4eCrBCT1ewUae109F4ue/2vmO1wt590GApZM5N48LvTjLo77KYK1w5RlFawWCnGm
MHw5osNEEcntNcukumQkoNVbYl1PVH27L51Psm6g6sZJlaXuFz3o1k7mXUUjdqPZ
TPem/JqObrkuIAX01b6fYasm4eYZ4Jj0GvW0xZSVP3dcEj0+kWiug9/8UVjPqd38
GAaxDn9qoH4sVfFg0Qm9HLnZ4ebSePb5xe/kb1ft5iPv63T/1tWe5IOkqRlkTKbS
WqhiksIPGv2nruMokawTOe+lr+CCE64epfClN6YzE5zcx9ZzY67iUNljG2cBYXKR
028Ik9ayqjuwOYbFBET2yreVT4GK7Xn3fWAkqzkCjVt0I0w2g0pL46hq4got/D//
xT/xMCEnLSz9hZB0KAwO5FAaLzbEpPbS6HsfPAgithbCHSOLAXN/+qQtUrS2vtiB
YBF5sgUTtpOoYdOu5Wqnu/XbHmHvi+uBIMoTbASO5+D59mcIwVGdutjJ0lwWITQk
OliBQwd+OFe2Ro/yE28nsIg+sMzvYVH5gngAmS9+gmwNNr6j/MMeZTJeIdqpkjJp
98cAJ4iNRve1yTYuHAnBoxwl58RNpl+GBGB0NP25MWVs0pTuSc5MlyoufMB59hjj
SMboejGK2bBxRfSTGZ7BdDM7+7KY5mQotONOCpMQW9ubklhOkUUSlUeawRSr6pYk
Fml7mUWMUP23PESDEgNq8j6OGsZVT5fLxo2Sn97VhUXnXPCAE27GlN4VYu9U2CKF
G7aNU7GWnm+pz/Bf+VJ8VRIKoFwYNSHAajmhfizhz4SqipwLhfRMp3jGXA8F4cmM
lPKqqUZ6eleRH4bWUGPm2hynM2A9tFG6W03e+Z8PsCnshABKq/XBzkavRClK+Ry+
rH/D3L2RluVHbejNWR9qbumAAvwQf6CZX0yZc8FVXKZd9sPSn3h5u6Uub/01kl/A
kPN0aX5ld1+ZG623O1uO8OFFj9EMK9O5PJ9iinzeCFKHVjfdR23imO1WOF3QSRIM
iUyPGqsnlC2yg/CA1mZTmfnKg6rwUO4Zhd7bf9287jEOInJwrhFIZg5aFSn6hR6N
15eNF6CY3m6icjaT+Km800YjxcMNw5MmgPu0qXYC6J2NG8ppSpR6czacZJWgPKlG
XdFFfOQTcyh26KlP3P47Dp/ZK/ciDQ8ZoSxIhT7e8gI813SdwkTSy7e2razbi2vA
ZxDaqLpN1stx+doOIPjWiFrDWlWLwzcS9iOAZMHDnXY54l8zNXG70wwivj0t3nIl
4i/EQX6SF7W4o9wjM3rGdr9lclKpRMR5dWB/Viflyoe+9UdiC4emnXosdRxK0Umz
nJ/ej+oZGsTQ2QYgWvMFgKRrOP8tD7L6l1LMThXEvjff+HVILH7lPZioML2znenC
j4SGhvqQ78/vgAKSIsXCNy67bNY8BE+vUWDSoYpQ3JTuv8af6ou6LVSPmjIQRxP+
VCoyVS0ymqt/kHFgaNI5UMDQCrKX7gDD4E0RoM7t4o34MN3HwNVTriz5SnqjQxkt
r+3aUWndQchUHAmH3Sre3Kr+U5+VGSuRRVa07FqKXrbaGD7IYNmfBuaVOaA8CJqX
/0vxQv3F3zNmFCh8aomVmQcQdgI0ZRfso7t/sbT+/FpgMV9xXSzp69LwrpDME771
TEP3J4L1S5flNuy12MYr3Cfgq058erDbs9x6L172nP4WgQUDyJ9RR0wWpNUPyqlM
2YnFt1iwsGSHSzgv32ykbfHqcPujklZHm1omk0x+2KUkToYZwTa+OMvC7uXPxGkS
8vuBzJzQlX3fZYbsaiyJK5uQxMj2Yp2WTLsPFEkg0xSKl5i3vmCWq/kyZMwnrVr/
Ty/xHasuSlBaM+uZEVorN0yFdIwZF7aeAp2yi1j1lIzh52xY/hwOcDhoo0OX5a8z
V2gsdQQJ5FS1KjJzfs0nsKfxkQCLkzJPCdyzWFlmaUuotGvV37qoCqBWALzsw9l3
8zB5gTGDAvIZkfO4/HL9971ZcsxuPzmrv9u9NoS4lRM4OuGBqlhVaXnPPTSKW7DG
zwpOocCWhhJE5UrhDxWCZHYDmyBqxk77uGn18UzUQQ17t70/EZueLIQZROZG/701
IGaub+MlYXtBlPXPd8whCsd67NVSlqMkLADbu/S+Nr8Q/K0oVVC2kwrqb4dfHf4v
W224JE3WnFjtvkc6vDBIEx+QdO2yw5nR7Zo+XqVyoFoHgbUyhbeWTbM8hqIFUvfd
C+BY1wU8jvWCM15NNY8R2ZwUgyfeshwpmNUbuguwy6CIUHTblwJpYBw1juOggXp9
qESnDasfuZ5dIzuWMxxRwKn/GtmFejYuf4G5MVqgzH8GLB7bHMur6yEVhZjhNAWx
khcDD2o2+6vufzxbbOmxfsG0vKMgTwA43MhFJYnw5aX6ikQiDPl8HpQaJLZ5A3Ve
g9AeNhHqnB7pTz/4ZXy776K9AmyBxSXDz/9AJfdEq1bQDWlSldX9UaQjNIhCpKIt
wfulvdx4b9Fdrqo4Fm9V01uIioQ60xyahrS+ekBjPTl8oquDj1IgfeWWZQH206VV
ch/9mJmqJLKuqMEkhzVm2RQsbCwvALS2bXmBnIu68sAdrKY+G4Ph/QzoGpG20jJ6
XPGID2SHF1fYKhq8bpqgtzncLXtfCps2v5dr7ZMeKVBGC0zR/0Xr/YFHCW+E0CcE
MI6PJrXbwj3Vo6rGE6Akvi9t7BCVg+G02Lbh/cLTnClmebaXo2K7CV3913tFbeXw
FruMZbmU8aneltETSrH4BDL8pnZghhQQB+6zynFH71zRUhUSZGl3ko5GJ/XmjnUW
lMQkaUfWnLWUQNwvRDn0yO6q2hkPkNzJhhUwzPJfC3PhXJBZENVPSVzScX13GmAD
RFJL8HqvTdCXVlyz0HacK6Qzy5QR162gF0f+I0A70QQM8KnRKZvpeLAr+q3Ecv/z
WCWKi/c5RoTsF6U5t18oVTYZpJPuXhzlWgRPcEa6FH03nNkLdXCsYpd3/I3HqRSH
0ic92uDPGcEM9+zvV4IEwesAfKkgHpfbNXvl3QIk3hMdhjJ8Z04OOENThDGXimiT
KxXfIcujc5MGGPsSCIkRaQ0pOYIQkB+DIyEdJHvx2YDE0QFWuRm4ukFWN52LgaY4
s6SCHseFczVZ1Uh+dXJi6dadYf7zrEEcZWyQo2mzYqHqs7l9M3OuCOrmT1Akol6E
ewgMFhENK2hzCxCPQvKCN5sZBdq7UXYrALalxhVzPP148S4yYoFx7R37GZBB8Lmv
dCHESeIEXQ+Mk1gPo6TIgn8/0JGcFfYBlXWDzNSNtphIzN9o3TFsmicL2ofWfidi
L4QOa3qhvADS/7rV/cu0GnG1NUaLVgF532W6iMEHMyW882iGjp0D3rNm8sDx+jRI
FBbDAIrvFlHZwTfSX1v0umSCE7a4inm9n9xUWPvNGE1zIgGJ1y/1lKD3nQs6V89V
o6J74qxrJZpM+mrSkzPcXuIoa44vCiNcyfCceSSjCNSV2KQs03n0iCbC7HF/lDJp
BJR81nccq3A2i9UJsh0mv2tPtDVFWEJ5DORn1EdtMu1rHg4HYJFA4ZEEZAACPoKr
VvwVlGaYSEMYE/C4vMHry65qk3JiHkPL+ceFvlzxyL43F1xuZ0rEfUykpIuChCMA
I6NSfW/ykTdeKu3weFTDCEX0NxTfhqYLjUnmJwrHwdIVRwlKK0ixDTblNKDef0un
4R9LwN+nXpmbQYp3n+UIBqQn3+b98H4rBTyDPq30hkzK2ZkVsfnHKe5WA6x95RQm
zruzY5a48PuGAcRbGUt8Ne/lv4A5JFcliETkBCXOzSDdWrZpAwDUXnwYjwUc9Hon
aWC2g90gTT2DwFBdOWHJoDr0SfquNsiC1LWee25QoG9yP+AByxppJJDTyXae2PK6
tC8wxO58N4LnYIZhC0EoUEX5IqbNoNFWTjNeAScWXdBnN+NgvYkYPR/ATVH996aj
VpOdjJGVCFVaTphqroqer+f9PUk27qXbaK4tplwnNb2+zK6IVQsK81+7Bi8VBYKv
3jOgo23Cp+276nQbZthzfO1T8DkYs1E4lM46DFegPoTqFTn9Y9/CyFxQ0K/+uT3Y
yDqlmgJGCRj7LkyOgcZGW7OTkgyZar5VM+uW9M6ASqeNj61HrZZ7e1NMuHqNe0w3
cIERFOT6q/njz01e5VaWWqrcPudO0CPcTXzFfG9M6gEgUjzLkEg7E40XPiNFfrGZ
3RRLFP6qYJ/LFccRsD2gFQFGmOFmbK/rVGPn9c5mjfO74Tqbl9VvzGPyYHZB94LH
6hboBD4gH/DVKJmPnl57LZhj1ytsmG5tGYBzBaG5QR+C2VlYwNBFrs9A8m0hsIQu
srundztS8LickI6eR6hVp09bclXmxfA/YYPQs8pUIi2evAemdXPa6kZdQcU3bijA
nlsml4AmYNF1w192wDTZ9oVeAzH8AjSGRghRAa2r/G77oyge4EmmhqwWBxdshuii
N/2bpdiuYOGknJEoOSxTu9d6EncSxwwVhAudZ2mynG+AYgJx+LM4ZriVZ7DjuPo+
gU7XLwsEZY8towvuDZsht2/6UJTtaUtr/2RGUYH2zuy4fCeREJKu4wissg9vA60e
ucAGOJg3vnnZKy5hxgNJjJhJCuY3QZrEqbsWavqCuc/Iee/rBEdQ5gNZ4AZIEcvM
idqXhp2gLSsg2O+nUEVxsiQRCQZqQHwCRXjaienkctMxEt2rnGjvCz/ZDnEivLfD
a6vRTZD40Gzxgmk5brcltFvUJs9AY9dfEE+MlMefeb78pDbjwBb0CN6A+P59h+Z8
6Tz8US9RLWK0rr78voT8P0v60FVHiQhAKVjAHh1HRfGe/ic3utAY4YT0Yx9B8QIL
oSFZpCSyk8stO0JtmcXd10WJVTYwPzoFtR1Ebi2MvRqKKUHKPAuuVsk0s6ZUyzLk
z23Dqu73fvt4lDV/lvHXoFuTOdcWV+V3zo/fq63efD3ZKqtw4eEoBv6VRt6xpPdy
14YGOmI9NuGsUhUTsdNV3BiyjK8KBS43Vp8AemViMfaV0h8gjgmAs3kt6UPLNlUy
xfdfcAJlQ+j6NS7VsQ6a3VeDq6Om3qn/v+CARGFh9SG/sh+frkbtLd6wAdD033E8
4+Y/LJWElksOYfZZkJ8Pn94yE/kvRLRIui4gPosJkMmuhc/hCU0exFlkiqOdRJF8
qs9H4qmtEHCIMCK4tl/3/UA1dw4+4H0Gx5F/8mH6WTASSfQlPGzbBfNHBXYhE4Jm
JYdhpaz8rY5djEGrwd9gx0J/x0fuZQSTMQA4DAyb/keFZYY/obXoCpzTb3uASmm8
SGAiurgRPrzOlXUBz6eR6LGm5+TYJsf4tXF7ylURxM29ArS8Fao9K+RTZDRhWs31
uYaxGby/QFmKovpudaT/NPgVtpv3OihUgrEnMvh7nvAS2rk/2+tAsLAIpxm/l+HC
4zemv+joiSMzCKEEGy6Bj7amYpWlU+Ohr5thU4N2MyL4GRy4XEAfyfaqShRAcrAF
aYChXvfiQ4V2ld57/P6XUaKn4zn9FxzRb/b1y2ZOqCEmBI1n0sStaPiaYXfbIbt9
NtwWB7pFvdwwz84QXdEzEKfM3BRF4P0OvEyYqraFtDUchLi4jj1Cyk/Tpl6L1teY
q95nw4Kk/bY6Rce/cRzwJKBlf/33hw0A7aBxonntxl1qsIu5MKaoi7xhgQP73C9/
xQjlUsKIIQXw9u8G8I0BhWOAGFFRhfoYIjwXYD8VKcdzstOsCRPMZiNUsK+ElS38
NqCo9+09NZvyPF6uBErZMP/5CcX3r6owSfcSkOZXFvbQAUZMyBnyGorQ8MS4AQ/S
9RwND4aAsnsMeNIWXTavNDCHIaez5HsiGwhppqY9h2eCWegfreRe0diP85+xo5ro
+7KLUI0mW8B6zP5T2VSdFYQbg80jI4sRKa0EHWg1eFlrK3XXOy8+v5u5RUV8Pclc
C/6o5Co4VEogaY5mhimizvF7u0wV7lKNKGQUvBqsbXe4MjBj87pecPNKp7J9MkeW
rbG8Tqk8ZxFGeu3Wp5WAzIYV688tw4rZ0B/jQMsvjW/uueVXNA4tyLMfYuEFrDjm
4+1NTW/ynviO9Ztoc5rATj29mfqSX6pImpP/CeL3oSnMVSS+SfYOWT/p4tKYc/ED
ydKyUhr3fH7YsnC+m0xpxiHO7V8V0p5MP2+fq24mMco3O1aZqHboHm+cC4i30qNJ
t0yvxCDFt7UTgEJ4FEfq1AIpNtA1XtXT5vLSnBkX2UOqjL5FkhwEPHe6Wqw1l67B
x8uzVRuOsCSgLpo9Ljgp56ly2vEr7gDSWgqIit0cVIwXZlUcOzzaVrDWtDDfmXYF
stpjIHk4BsJGwoqJN8Gf9IGV6Pi6DlpUtifBcDEpCoBt7wkMUCHp/Bjq5lEsTtZA
86yRqNOZKLuyW7tqDfOPYQUsUpbAM4E8hrN84EDgLYMCg6AC/Qs3H/wDO7cJ4LCk
M5Hph06hiyehanuMCtUVyvyfSb1hWY5LELyr9UKLYHXMdCRm6SI4lhkcD/yd7YRc
8xXJwFVSBSXcuRFQD8ViGo84HNNw45Oa/kcT0tfJLNDk2psDgMICjWkiZDcOJ0fF
ExXO65SCDaVSK2a2hScuhLb4o87nkHPTtmCwse92gYQlgEJqhAUCe4tupS3Tlced
rYx5p0TRq0a4saxyQw3KOkvCYb00vr3e5ywj+I7FJmdT/3FRepXHAdJgeymSmelh
MUnQVvRetUv+tbsHk96DXjMHUfvCArWcjf4NfuweEud6JAtmIxZhmBFTlg/j+oB7
L3+nunA6/dDrIlBNCCQ/WWW3STpAhFC7jBCzIZMJMwyP7tRk6KL+PptfMMWD2rJy
QpFXwNDVCKOca+JCuhJ3lhlfjrexPJKD5/hhqGdKqc8=
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-and-encrypted-over-a-complex-message-header-protection-with-hcpshy-decrypted"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-complex-message-header-protection-with-hcpshy-decrypted">
<name>S/MIME Signed and Encrypted Over over a Complex Message, Header Protection With with hcp_shy, Decrypted</name>
<t>The S/MIME enveloped-data layer unwraps to this signed-data part:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-shy.decrypted.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
MIIR/gYJKoZIhvcNAQcCoIIR7zCCEesCAQExDTALBglghkgBZQMEAgEwgggnBgkq
hkiG9w0BBwGggggYBIIIFE1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5DQpNZXNzYWdlLUlEOiA8c21pbWUt
c2lnbmVkLWVuYy1jb21wbGV4LWhwLXNoeUBleGFtcGxlPg0KRnJvbTogQWxpY2Ug
PGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpUbzogQm9iIDxib2JAc21pbWUuZXhhbXBs
ZT4NCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTI6MTI6MDIgLTA1MDANClVzZXIt
QWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkhQLU91dGVyOiBTdWJqZWN0
OiBbLi4uXQ0KSFAtT3V0ZXI6IE1lc3NhZ2UtSUQ6IDxzbWltZS1zaWduZWQtZW5j
LWNvbXBsZXgtaHAtc2h5QGV4YW1wbGU+DQpIUC1PdXRlcjogRnJvbTogYWxpY2VA
c21pbWUuZXhhbXBsZQ0KSFAtT3V0ZXI6IFRvOiBib2JAc21pbWUuZXhhbXBsZQ0K
SFAtT3V0ZXI6IERhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTc6MTI6MDIgKzAwMDAN
CkhQLU91dGVyOiBVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24gMS4wDQpD
b250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjFmYSI7IGhw
PSJjaXBoZXIiDQoNCi0tMWZhDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1U
eXBlOiBtdWx0aXBhcnQvYWx0ZXJuYXRpdmU7IGJvdW5kYXJ5PSI2MDEiDQoNCi0t
NjAxDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lp
Ig0KTUlNRS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6
IDdiaXQNCg0KVGhpcyBpcyB0aGUNCnNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1o
cC1zaHkNCm1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtYW5kLWVuY3J5cHRl
ZCBTL01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEgYXJv
dW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhDQptdWx0aXBhcnQvYWx0
ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGluZSBpbWFnZS9wbmcNCmF0dGFj
aG1lbnQuIEl0IHVzZXMgdGhlIEhlYWRlciBQcm90ZWN0aW9uIHNjaGVtZSBmcm9t
IHRoZSBkcmFmdA0Kd2l0aCB0aGUgaGNwX3NoeSBIZWFkZXIgQ29uZmlkZW50aWFs
aXR5IFBvbGljeS4NCg0KLS0gDQpBbGljZQ0KYWxpY2VAc21pbWUuZXhhbXBsZQ0K
LS02MDENCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PSJ1cy1hc2Np
aSINCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5n
OiA3Yml0DQoNCjxodG1sPjxoZWFkPjx0aXRsZT48L3RpdGxlPjwvaGVhZD48Ym9k
eT4NCjxwPlRoaXMgaXMgdGhlDQo8Yj5zbWltZS1zaWduZWQtZW5jLWNvbXBsZXgt
aHAtc2h5PC9iPg0KbWVzc2FnZS48L3A+DQo8cD5UaGlzIGlzIGEgc2lnbmVkLWFu
ZC1lbmNyeXB0ZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQplbnZlbG9w
ZWREYXRhIGFyb3VuZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMgYQ0KbXVs
dGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUgaW1hZ2Uv
cG5nDQphdHRhY2htZW50LiBJdCB1c2VzIHRoZSBIZWFkZXIgUHJvdGVjdGlvbiBz
Y2hlbWUgZnJvbSB0aGUgZHJhZnQNCndpdGggdGhlIGhjcF9zaHkgSGVhZGVyIENv
bmZpZGVudGlhbGl0eSBQb2xpY3kuPC9wPg0KPHA+PHR0Pi0tIDxici8+QWxpY2U8
YnIvPmFsaWNlQHNtaW1lLmV4YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPg0K
LS02MDEtLQ0KDQotLTFmYQ0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRl
bnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlv
bjogaW5saW5lDQoNCmlWQk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZ
QUFBQ05pUjBOQUFBQWNFbEVRVlI0MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3MjBk
cXBiZkFSUUVqT3l3aXdZbkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oN
CnNncnpmY3FWTXBMMmpvMDQ0N2dZRHBlQXJrK09uSkhrSWhBZlRQUmljaWhBZjVZ
SnJ3N3ZqdjBaV1JXTS91bGkNCnZkUGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVy
a0pnZ2c9PQ0KDQotLTFmYS0tDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rO
QlSHoe49NAaKtDANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYD
VQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQx
OFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMT
DkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
mpUp+ovBouOP6AFQJ+RpwpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB
8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5
R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJan
Z/VmS4TgDqXjWShplcI3lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9
yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJL
AgFpW/jA/EB/WI+whUpqtQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0g
BBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1w
bGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQW
BBSiU0HVRDyAKRV8ASPw546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2
GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD
5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GD
Eu8uKveERRXZncxGwy2MfbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8
uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K
9JiQaJYOnUmGpfB8PPwDR6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpi
vNJYdTPUXTSO7K459CyqbqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88w
ggK3oAMCAQICEzdBBXntdX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTEN
MAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBs
ZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1
NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsT
CExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6
WWyTgBK9LCOwI2juwdRrjFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZ
WleYXFKlQHJD73nQwXP968+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CR
Q/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3
nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0
nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAM
BgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAV
gRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud
DwEB/wQEAwIGwDAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0j
BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJ
ojanzqmgaSN3/gqSQ4cbbmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnN
vOFb8lV1iffRTF/KtmVEDMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSi
oQ23WxHGVy9vsdVfnbhsplrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4
z0IOvg6mrYkKTM/RCGnumghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2Z
PRPM8JXNQC4GWv4km3M4rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH
4ConlB8f7R7s1LM2cSYxggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAP
BgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFl
AwQCAaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X
DTIxMDIyMDE3MTIwMlowLwYJKoZIhvcNAQkEMSIEIOk6rjm9vW4yAFhPqraTwTSM
poDXdAk+kSVCc47Smx1DMA0GCSqGSIb3DQEBAQUABIIBAAURi5oouLYIh9YruNpF
Se6sDsPTGmIcZsDjQ/MZV55S4pmhVBQu4SoVZDVM9KHKxqfBbj+aTs1Cyas8R88h
cWqd8xhiU9ufoC7p6qEMVIyMvyppeupRyjQWUCH+2XtQ5sAVmr+F+l/Valuj7JZw
JU8XS84oinCF6uApu7eucGblt8t7ek7j3JXoFVE7g8a/O1JKg4ezNV2RduQeNXLT
m/lBVIfeiiOsmgmJa5RTgbgAakJtdo3odHj0cI31eANSbQlE3XENz2E9L8JWxYNP
bBceEhIvu2AOtV2PYCBfrVp0WTVwWHorm8GG/DyvsAsa6eGJI55hA8VeBg170gT5
nzc=
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-signed-and-encrypted-over-a-complex-message-header-protection-with-hcpshy-decrypted-and-unwrapped"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-complex-message-header-protection-with-hcpshy-decrypted-and-unwrapped">
<name>S/MIME Signed and Encrypted Over over a Complex Message, Header Protection With with hcp_shy, Decrypted and Unwrapped</name>
<t>The inner signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-shy.decrypted.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Subject: smime-signed-enc-complex-hp-shy
Message-ID: <smime-signed-enc-complex-hp-shy@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:12:02 -0500
User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...]
HP-Outer: Message-ID: <smime-signed-enc-complex-hp-shy@example>
HP-Outer: From: alice@smime.example
HP-Outer: To: bob@smime.example
HP-Outer: Date: Sat, 20 Feb 2021 17:12:02 +0000
HP-Outer: User-Agent: Sample MUA Version 1.0
Content-Type: multipart/mixed; boundary="1fa"; hp="cipher"
--1fa
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="601"
--601
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
This is the
smime-signed-enc-complex-hp-shy
message.
This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft
with the hcp_shy Header Confidentiality Policy.
--
Alice
alice@smime.example
--601
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body>
<p>This is the
<b>smime-signed-enc-complex-hp-shy</b>
message.</p>
<p>This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft
with the hcp_shy Header Confidentiality Policy.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--601--
--1fa
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--1fa--
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="smime-signed-enc-complex-hp-shy-legacy"><name>S/MIME anchor="smime-signed-enc-complex-hp-shy-legacy">
<name>S/MIME Signed and Encrypted Over over a Complex Message, Header Protection With with hcp_shy (+ Legacy Display)</name>
<t>This is a signed-and-encrypted S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Header Protection scheme from the draft with the hcp_shy <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> with a "Legacy Display" part.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 10920 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 7072 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 2519 bytes
├┬╴multipart/alternative 1597 bytes
│├─╴text/plain 564 bytes
│└─╴text/html 736 bytes
└─╴image/png inline 236 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-shy-legacy.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-signed-enc-complex-hp-shy-legacy@example>
From: alice@smime.example
To: bob@smime.example
Date: Sat, 20 Feb 2021 17:13:02 +0000
User-Agent: Sample MUA Version 1.0
MIIffAYJKoZIhvcNAQcDoIIfbTCCH2kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACgBnn7CPutWy0itfe5dCraPlDXBE+WvvHIX
EhTzjfwj8Oy666bZWDo8VCr86IK1Ul3/OR6f1a/FyLJ04yLW+1Zn7WVxxS8PKGrO
oaE56/oJxgqRRL3qnY01rMIhqfFrG2DNh6rjRnd03witWba76ifzdWdCz3JRCsrC
3hlh5SMSLYH5O0TDFEJ9tGDGmxFZ5+x4FJ6D+lJ7OLRo64rtpHthyuO5N1NXPBXU
NIxSVFQ4f8j5AS7Z8oo/79IoX1wUlv7IEkq0mfrx8sXrcqZbkmw9bPRGZrWRZLDf
7EYCc0IF+sn6USXf6nd6G1vRAgWaUd1kiZChjVRwgo5SRsAk9nUwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAFOKeyT8lWzqPQF4leLhROrAI
pTb21ahiLRjfX4mWuotY32k8fCLeSEmH5bHrjdtn5FNI/jLC3t9bAtFMEkz7VPZ+
FgjlBT4Bteuw4g8miNcIU+xu7gL3n8HlkTxOOkAmGPZg/m0BYJZYUFXCSQB1OGja
slGNtLS0Km11f/u13p0CLRV0+nasldZxM7Rt7Zd0Uis0PDZfMeVWTS8s8l9ifpjA
YGRJpKwzty4BUMvxbgUBzySofIH0pc/DlcFIB+s/S0Dgc7xAU8CxU7xvo36dicgK
qm6TqyYQDvBBXfnc8MWfVmE64sWIQS+nWJIpvTzXh4pZ0FgjKhNUdOYEV1Zz8jCC
HE4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEMVrSF0MP06N6O1pRZNHTXmAghwg
JGppsM+z42CDVWr/cZdmJAF0qTh58Yba5feUKKVha+SVHfhjgaW4v27XT3kKnraH
7tkFxwXRvPa/qSYKSgCS8LZeHEj0mh6HX7mJjbWIeEogBw9CH7kUUsq+YDmZ4ReE
+teYWio5HaP6aXoiy8qSyu2kbzz/EmIUxEIHwDGtbZ4f8Hqpo9/j2cXR59xGspg8
0u588sbXipWzBv1gxN24aRgpBov48l8XHqw9JzLozzOG0bZwdGMwZeKrtSPjtE5K
Qt2Gonk30Ri3LmLPVHQ8TKv7ZeEUw3mY/95noB2rDvIfm3sX/bBIWTttWj2pnzQv
dWl8byZ0otx1QjJcaLbmL1Vxd2U6Lo5RNsyHL+BsfoE6roSBwk7UacD0tR/tiMKQ
aDeOsQArMHC8+OGV7uKV0p6puZT1RGEkVLW9Pz3MvHYfVQCn7UU4HWz3vjUoCCFn
KRj6CG7xKUHAdQDTmtfKf1F6t3ba7Q3sGi2Lw7FH2RG9u8SO0RUQvYTxWo0okb1Q
H163f7DLzIgyiiOaZmtrSOE1rHKhs3utQuYqvBtR7fvUWFC4GtqXTEThwYF84YLi
vvYhVQqP5TWF7uxxJUyW8cgYqAjNnqi4Iif+LXDtrbf97fP7cAmcE3rNxvDn77lY
Z2e+Khh/FgaMEFRzNN8P9itpd87YGY+mwde3bBw3fdzVInel1gFaxplGebabqpup
rko9Epu+i891NSkwnKYMDqb3azOUW7OzGbWOw2Fvn5VcD0FK/eTVLwpn6WHhg7zl
x2yZHQ7QMUCtKiAv78kjLuumezciX3Df4KUjYidPFF1lLI91tmZAn6exO9vtq55n
W9A5fznObqeN/xhBv47IWaHTYozgbCY1SoqNqSmpqax+WG1EivO9b7w4jn+yxFkb
smZ+WJJoMzJpvUCfZ5QeE6bVZhoFMPsDWa4UzzWhiwxFr2lj5guaWqJduQgv3qHE
qF82ovG4Q4gR35gGHebJ6dxV5FOWD/3Z53ZrYMZUZxdwW+bWr504UgFHOA7ngvau
vHgOyTnnxvRzvKSkhr3uRItr8jM4+yOa18HLUOmi0+/L45xJJwf8A8GKL0BCNabG
giTHu+/5KYG3j6foE8mf4x1UAVG1dxp6QfEXZG1mFV02/w4vGJTz0tOrYSPJ3bXF
+HahaZ0S7KXpN69rRqyFchtTC1Vbm7b75q37+lzLHisVebzvco92TyClaoKooLfZ
sifJRf8KudETwNkNGFIj3oDmmSUrJ+0YiB3h7zJWGiVGiNd9UBXOm63/7SpTIaYZ
eOUbCM+nQ5/SFTg4gqjQ2PPh7QSoOzioilMyosOAwWQ3E9ThEhKLzoaGzPx/dLri
HL1ZBjjdtGC1lSCFcjdYLC7sP3W2nbnyBMG6dqvwakWGlaAuXPZ1yl15jn7yJqPL
Pnp/eVU+9SlUfuqBfZQbVWPhIUmYg1KL23HzV0blIsKqbi1sjxo7DL4RrC1axRFu
E5gKB1VaUCiDkZhiKj6vPQetaCD3bTi6Zr/xjj8rH6G0Rr8aWI3HIVgFtwrtuAxh
D0YNl14Zm2K26c5FcrTVXh1XCpbRCjj0RqqsVUX3onamxH0nEdxSKObegqfBQwjA
rn8jWSo7jm40wmpiEjg2Szi43g9C31jwMps0Eu1zAg67/O0n/ft/+75/y6j1lSb2
thJp6L2z0VTMJDNbI75POhY1NPoqHWIZOV9PlOLOnH6hcUg5zt8JvXBeoxQdMcjG
uY9ly1w+gLMuFA7KdMO/sEH7GM2OwpIEU5gqzoDresGUCE9gAC8kz/M5QOw4dOmW
t85JlsTwmUbbYGcWjjZiDT2Gb6MrNUa14X10bsPO2hcceuvvEvLt9bBgYywVJcRO
uE7snAIXXHEXodMkwAxwhSlQLcBjDSVUQm2C8+lVhw1W662ogb4yFJNJc0H7c+9k
qTP2jJTSyMxG5ibmzF+apc7u3eL5/OU/prUmnZJAlr8DkfB1opYx/sCBQqJMJyIJ
/ixMsHyqcNUGCD0D4+qibWS1vbUQ3XZOmdN3qIUdvwzgP7YpX1MEUYnb39k4pe18
fH8fwkSpK3j2qJQ6mLPFMRRIL0zi0nkOEtFa8OUQgG0LpZKH2+Hqiyr7Zmparl0O
Wc3D/M0Kksp44y5hYt3Hexnz6t+fuUedb4N6V43KjFK+DAuU3SZZ170B8vPRQNft
s4x/AYMAcsqGieTau1uVEnqwUBoHgm8IRfgGcAwn02XFk9S1UXS/iFmKCl7dEfsH
OrIvM1d4R/+a220epCUGEcmr5653LtMOoQM3Tupdit58Rxv43pg3KOvzTKygJ4JW
02qBuNtc+B+llkKoilnQ1YJIqk6Fh7mOE31qo2isdLBd0niDp3vfQDBiFlTBHI/C
e/5rUmwND2ub3pd006cy79GrEUsDSedhciN6ulsrXONhBr7FtK8oO5IyNVFVHI27
QSiO5TNKllvyV7hWqCVIIuOVYwEvuaEI/TOMok7Pf7yUnJN0Q04t8co2BT7TiH/8
NcyZtmGJaf35R8s8YMLnbg7LUb9wqo1V6EPnLfCkt8M8fcnpOlnQ8+Ynpavvz81h
wd4v49COf5512ptCgdg5YZR/Q9v+T0c+fdeaF3jhR7/vV/D4NNN8LsthODqQ6Ac5
kzz4RbsLLXbK9ZELjgjyyIB0Uome5ytjDSuAPeqWgEo28DsTJ0vIECRZg25ZhKeW
cN8uuKI6WezjxeIRM7ZmDN3wvd3amjOSDvK5ASslaO3CyGWpZ3RJ0SknCRCo9Oxm
aSn9zuHGD1ZtYL8P5kfTNmhCq14ktAdH23Lhjqwr5FNbhEGI9rxT8CsXUweaqRuK
KeX3UdWOiLBTpcncaaN/3knX8EYdyOvNhQsqBtqu6gZhQTIZB8QiydFvf8ztCDgb
5IfeDoZUru8HzhMXm2+COxqMC+FKoFjVc+2s81MIrhpMnFXL5M9iPnUKL6f21q9m
c4KjLQdP20Btgeq0WKPdos9ZWTHyb4wWNZhbkq8AQ12MkThrHymiA2n9EaVO76sh
ceQwORLinfQVbkqja+tN0u2jDfKVrbI21h93kvK9ZLP/c1IEt3f7u3J4KgCr95kQ
SBNlSCpzALiazPSWB4Cbr0PKFU+mozln8IvBoYJWryoc4pbX162AFd7dUzXYOWOm
41nXvsg2jKtor6j/CUIeIog+GrPlkfuesFKihydC6oCEjpGI68qU+JG8AhM4ZCvx
4VfB75yJHJ7ch2hytw/UE7K6Vjz8lEaxS2LZ1DqiHoBo58QwgPbmmYUU/Mf5PlPH
ybr1KTSeNyFT1Mky+GmpcN5tX5aY+qeLQ7mu6rfYLVk8wA0aoc3N0sRGO+8eigan
01Jq4QeBmRbo5SDbe8PuRqGuGtCi1sU4vXbKBvBJt0DUZ+u7cTKHdZ20s08/JLVv
Ys+SYP6OSwgngI+E0c85XOkREcp011QymxOiJT7ulUJHISB9P/NFoA6ovCYBZyRQ
SfdYEKvW+0KpVsBLVdYEouJteWd1Utc6Hi96Ej6OS+WtFyV4YUE8MtDzLk1buy6E
YIOFJiowAWYFVwNVw6JPMF0yoHdk4FIj/lEChCLKNUgL0iABgkYOBpSnxov+Ur9N
0V7FQtTJ6/d4szAWZbApUeFqXliOb/py9El/DOTGy6oLUnL/iGVfTf+Ajg5+emCh
44Ahob2UH70VQ0HrMT2GDMizGvgzSPnMk22PAYcePvREiu4wJk2tue48CXUkVhKQ
l47MUmBKnC6gDnyjsQLB7WZ7PkizbmGC3d6vS4N3CcopEyDK7zBaWppewVagIKd4
qOMn6Y9iKm0y97Doc/y8VADYTN/EDQvji4j8Sg8I95cx1VInn46YDvH6HZH2zJGh
4xUC31AfOrBVe/v5oQEHDcCjFZKa72vc4ieANqQPX4G2j0TegJG8JzxLnHifud79
d+OPxcxM8U1w28ybRNWkP+TiDZZQ6L6lCib82fyMcXxeUiGRYRAhSNOQYzblDBfH
Z1H7gMFaWfJAa5XJtJSpJHEstbiWVOrEOY/kNEBkmddEP54uT/bcxkiQs/f89CfF
K9ShqAb7GEmdQMlnv6rf3dTiG8GGNBsztaZAx4/LK5IeoYQUTSrkGFgah0qsQO9I
TaESQK44gRjCe5F9PXjpPK5zpZA0Ti0yBJDPA1h+v2zNj5PklN3V4V02oWCwG8vx
XwaF5YE3dKcS6BVMnxy3lARxKtp4MIZRXpgma6qeIL5DrAXDOLMoTqZA3fiNguuM
Vn/LIEQxpbxhGpzVi3jcDCthvzdVWppl+VfG58ydngch1PuWNfkkA0oEt55ub78I
AGQRhm/QMgYkeXOWrZelfpIKGUFt/WkmhMPpl04sRaJLjRIo+lKXV39TYrlegf/s
2Js4HRz4IIdWufUQHdt0mQkNKnssMIVI30Lloli/0R+hPv1sAc7XshfPzqbIXXd5
ThQXoiSsPBVTy4yHI5d+0LLsx3zfSA+Xq4XRF7bxq4xoaDKBY0CoZe2qVi35Hz5i
sPb2AHT9qHZEV63YZ55+pCmH5kiVsgrlj0pQo8QUzYjCbGq6XOw60SbBUHmf0//0
aHB++zb7IsnYHNeEJFCiRCJxYAcHTVWc2RLyfxJz6tx6GidcnhgDMqw/h5Du4X+q
3WTRxMfFJVNjHkHiD9JsNUNQ1liu+I6LREW27IHaxJ3urfJggpEv7nNZKoQ2Fwnk
Hinnc1Wc1ZXZBoXpos6zQkmBbxOO9ciJKPvfU5vhkjgO2Ja7eMnvaGem3xw6ubLa
dMCW8zT+Y7lOAY3L5jfW6B4wKt55c0nJELUDrnLqR6ITI+b4Nq8+MuPPGkvXIosV
umZ6sg0MWPQfoGgR0i0F80QHkHylMA9L8cTXiC4B6lei5GvTHfoad+7OIzD6ygzP
4ITgaeSC57pB+3ZNrjNn1T2iELlXZZb4sqxwxDf7mw5FdcI3R2VNGH2Hu4krCWqd
4yx5laRk45ChF9Ygd7VexK7ELSRAd/Q3AvkFAyj6oL8Isy3AqruaGzvLPoqQGrTv
uT8DajAOtfV8r6EHf/im61Dwtk2ccGuBoP3qYXJ3uLqGQRyXW5KrPEeq2UxlbSra
nDGYPQ7+OBB2dg4exQ6ewCBAs6HaX3fHsAKJcOFCf49LClN7yu7ARvXZ/yUaGaHq
irEWffl4IC0FvYzMv5MYPczJA+c8G+vJZa3qeBm3ZAZWFMZ0zdkjz9joE4Ox8syE
7ME2a9uBwneLHTx0GGORZsrL4NFxt5wCG09nj43civVgBLwbjsya0i0/RH+67lfV
jmsvZ1M6i9LzhPuvDKe7Htvv6/wJGqBSAsY3PFoEMKQ7n7+Jb9Vk+29O6Ivi5+Zp
SVwmHH7KL7Z7/73U5PSjmuGtyPlvQT7RRr9kqk7BbvEbdpyIGHLrMPTf02hIDc26
BsuVkZ0pDrY0AsUHvIaEZWugmWfF5Dub5osg7S+lZEaZG1nr9jn7ZkFyBynC9eci
qQeh17PBaSPLBeAFgvsfoH5ynBiJMLnuWw9Mmw/G+mw2RMEeV4wMJqylB5mP2hR0
OD32KWcDtxx8NPHULbFtiAZ067raGGWkWYI3iIeBYpqCSJo0bFxcch1CfK8VR/WH
YDFwItvBvQ5k/ntvniCeh1JaP2UwelVV6mafH7qrmXmvqtq2QEFVbVB+aBnRK2KO
uFKbXka+PbZ1b7311HxAz+xsEAe1UXlnKi+aASl+Qn+pS3YKyuH0zg19pOAmCf1t
5OhS7j+0DBgHYFajNfLb7lJy30MceP7gkj6gW1vHMKHRSHVOC0KlbMyQ8JAgMJUj
8yfO9qgbXWzMxyFxJvHX5CyJ0KHA1JfQNF1yl3Ml58jUHUqP9Ys2gDMPrJv6xTsq
T1tvxFLT0IiOO7WsUOyV4LCGi+wnrUk5dbhfwV6FhdZKNpfFnwpdeLak/2ccMMMm
OSZ7WBFFKHBmmWMfozq5359OgGE3sf7/C45x/9SDiIsfWQZusA25XiJ0nrJxwoho
5mN97+DUx5nhbKzD/ajTg43kSldRJFvtbDHC2nYaIl6SLXg6HwhCk6qnAnb4Fxau
3M9M5XZuDwXQ0Z21yjh4Yckfi69GUO6qK3Dgc9wugvmz2WI6lT5oE2Od/4HdTf9e
LNEWzR67qvyUy6tILZi9R3LdAN3HukfmJjXCbaIOUFtQQUgRgCEdM5NbSp3UhTZO
3trXdXa0lifRJ5VfsJmGUiaZqD+yi/p+sYuwRDMu/sSPaSCBf70OtxsLRrScJ4+B
yqg+AOUxxWYCH/A7kAQ5Bxyyj/HxRRH7KlJRTxTxZChuad721D84Y7OOFjaRAx5G
yug48Ls6jJugo48ce0zVZKDQYW6cAoufc+xz4BLZobqoIjGn2vu+9pIvED6+Bud1
p4wsgVS0fM2ZktBIM39RDedb+90NxvKw+VO9Gdo2XmcMQtig2oTMLkUbNbiPC5Or
diokCwEwSAm/+uXU280GhFo8zHwIMpcfzs88kKHCInrTqS0mNFnXm1bGydDdtMqX
Mz0c57+8uCrQvFAa9yXcY+dCIxMNj595lldBMXCVzwUaJF3ITCJ0Juk0ZJE784+A
e+MSqOBm1GPHya7f7wnAnEz3d1qZ5yFgBV0B4kcXpAaW5lgt9xWk8TZ0K+o/+R5S
4VR+wb7cQnYHQNVbMrPCF93Btqw0d9fFDkmvjxAfG8IyPMyuEzfSRqhH0qU/K4Y4
fbggbxq1520vax+foW/nQNKFL7Bj4GqLKTLdS0ChQxT1YnwEuQ0cI2oQ8zzo9fFC
AiDYruczd8dA7mPuC4FQrCQjNXp7fzi2GKE8rN1aC6/EsZGFZujmVq48+yMQ6Ufv
byymZlAhAbFXNJlQjQ98rkyjooQr1QIjHpFn6wH6OfSt+1ncOVL1DMRM+8KpPp9+
U+khHu2wKDtFoOhw1+1seImM0cuIxGLfBQ3fTlpl9p9PcN/Db+eMuPjXv1i/jPyf
z3m8EIOg1YqsSX9IulrvH6OhslS5FLSvxG+tT+9U1pytiijH8M1UHUCYRd5++yZ+
VwS3SlyGFryw4u1vH1CT3rUbYpxbVkk0aW0e1HFbJST6WvSkB4OdxYmha2HK4mKb
aOc7QFDwDveewOfOaEXiLVysKhSZusmsIvS5l/oAZDdeC+qmeEH9yctRIJS3910E
DkI0HpM1QEuc/abzIJx3/KmKMHmVKfbVvwpzuiwByvxkIv0Y/enWILBWXQWLzpid
h1AzKiewpDZesdXXCw2pRgafPZRrjuAwInpakuU6AuU9TmhHeWgRD9OtpleyI5Xs
VimkL81rcuCBve5dXtziFZOYj1TfG5VzWAiSX7tajl5tvlhSiCmQN9Yz8CusOfP9
r2kDAroyIts2OmukqRYoavOC3vZVp30vUaxnPcRw7o+0sOpbCWRQen7PVtT75vz0
7YZLrXN2fBhzx5kxnBPD8Ucv5t9ixepy0/pSyztdejHfyTCT9twNeoDKfqkzJ/Mx
HWy3AzlNpSuT4Brqjsja7D1QJenDuCqcMsz6xVL1DM4w+JS5TMiOejWuIu5Ck9ey
2QIQMqEdYmIRyC0zevw260WsbCdwPMmYInUwoTFifcvtC+JLZvfFp7LgzKa6XCIk
dM16z6kOVZKKTjUfJewBdG6ezIecOQZdKlYcjSPy8R1uEPvqc94MTJ5uTdbh5sum
EYIkT6h6DHWjfBjoCTYpbFavprnqXmOPVvoTcifkUemh3sOu9Hll0Oa8wtIAZp13
gVqQXS1ErvzF6Sy4UKSqAu8liM2WUSZH4bmW36sEBEOykXh//19wqHW17NqGHrgG
AVMmRB42waFaTLysx/yNwyrnpNFIRQoRKi9DgfFvDCu94Q/4YfWojNgcooYC5SAr
lSLt6sjIWSp6neP603RDOXq910mbrM6dF9JAL3BAUK0Pn5/+zaaVva5IWyaL9KsH
2mJBvC+WIk40v9k+n9lH0c1eIkJZDCHVeqfM/FEafdhD7teusBcvxDPhZVQ8l0mH
phcUd3u0GEZC4LOfEYar1A9BOKEYslCodnDC2cKT3quqtWvhwej9VttZQgGNOn6w
GLeOsBP4x1pQ5apaSKJa3kVl+Gq+zZs7A+tsl3Z2BlkJ3quYpBkW7/39KTWPniA/
Sx++STetToLGYA7UuVndESoTbHMgjGbSOn94taPNmqejT5aSL/v4SKw3nUGnIeb4
kbuS7CHdTP7cNpo3DC8X2xprJJ3ffZIPH1HvIqjTA27lgs62676XJSG7BIgIrBiy
g6jWTh5X+zG2dRcjTafyPSzW+jf1U+cVFlvW2/cZKz//ku7W/1NOuMjvJGbUbjif
1m5R2PkjvwAYiDjvV8QmD46Xyh9lIumO1YYpUKZahTC+K7w3qs9gWweP+aUYOL8Q
0x7RFcCmWKvm6+u2SOfctuYWd9e57R+q555PanLTReyS6FaHDdqpvuoxxrkPUBT+
gtz1nduPat0SKm0+0253AoFFqozyJpMiDOmEbDKmQO5PHAfOX73ZIiUxAmyHFyNc
FJQwYiy/BmQ3H19wq9/0aSmt3CK06ouUPvTBhCQmwuw24e7X2LxY8J1rOdOSKt+s
IGsp1dVMh1bmiCQE5i1UZBxoBHLMx46ahaMgcd28B+pCoRkRUMUhZXcB59Jf2/qI
z8EgUqGceYMmA6XT13FvGqkc/MGo9MWC/Gt7yXO1Asr6iWzd3wCty/Pd8emwK3wq
rWq3BzmsCqFjtdMlBF5juAUA6WhMc3Hfj5RwCGgHr2fV9M49uYuZziG+aVypIKwI
fdc+hL4XrM+XL/QfcV1lpQo9+Smt+iLHwblykdWRBPKUJ4KXIR5jJel93lD12zuK
dQCUerq3hDVwsd5WWgQlaG8Iwf4misPoAAmpZpbp09XASCK1C2dQr9sX81+3AeQh
TPQam+QzlsR9lKDHlm1an4F7k0t2+xRcZu+YpVocsYeBCzmx6FsKKFJ7eGC9wvFr
T/XUAdhspNbo2OlRQuy4ixDC8gNxMuF/eQoI71ecHShiSsB3pThX9Z+sOCqYu8BZ
3q2Yerkjrz+/Lnbc+XJgtNYErzK00b2Yl+wSivCvgs2CZwHAWagb40ycaJcp1rGs
SHSAyMEe3+9g2Xd9Y5UyhPCePnIFtfvThUUWDMBbl4NkTZhci2Q+NGhwSfd//i/q
0dCdTZHj3ucJsNkCtfW7DtIykpy6Vld5smayE1zu5WjE2EzfumQHHqkOrfCNBBbi
plJwXI0WLdVCJrSAUoOTlZbE22r4tJnar1DA+V3Jep/VPZ1mNxa5Dh0fseI4h63q
eudtLO5NBMLMQxz762u9uB0y1vuFmKOX0VWz2aXZ6jHmN0z4zuwrqbS6yHYqEX3Z
4NzaoFOD7eRJbH92yFb1owGjPsb7QcRykQfBhmiIHeNJUoja5xZdk9M7vX5ygB8w
AIk33yHYWOumHHFeSPvHlTTsNvLel422gDyiDO0fXmJfGAsauqcX11jNB7RI+HM3
HnXNeubb3y3aA1bl1djZxngAwOQ1Sr9aLobmpbL/zsKrFXG7/fiz2DmachOLJL97
PU1j9MTspdH8VtBXX1KFyOSQKBRoGtYmG/OK5gilSXSSevz84KJiZw1ReIMXCa77
8Qxgzs7bIccDSBVzfzxjFADQxFY2jm+g8mr5b17byqO5wiNlLaGyneQeGMsI6H4Q
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-and-encrypted-over-a-complex-message-header-protection-with-hcpshy-legacy-display-decrypted"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-complex-message-header-protection-with-hcpshy-legacy-display-decrypted">
<name>S/MIME Signed and Encrypted Over over a Complex Message, Header Protection With with hcp_shy (+ Legacy Display), Decrypted</name>
<t>The S/MIME enveloped-data layer unwraps to this signed-data part:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-shy-legacy.decrypted.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
MIIUEgYJKoZIhvcNAQcCoIIUAzCCE/8CAQExDTALBglghkgBZQMEAgEwggo7Bgkq
hkiG9w0BBwGgggosBIIKKE1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5LWxlZ2FjeQ0KTWVzc2FnZS1JRDog
PHNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1zaHktbGVnYWN5QGV4YW1wbGU+
DQpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4NClRvOiBCb2IgPGJv
YkBzbWltZS5leGFtcGxlPg0KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMjoxMzow
MiAtMDUwMA0KVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEuMA0KSFAt
T3V0ZXI6IFN1YmplY3Q6IFsuLi5dDQpIUC1PdXRlcjoNCiBNZXNzYWdlLUlEOiA8
c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLXNoeS1sZWdhY3lAZXhhbXBsZT4N
CkhQLU91dGVyOiBGcm9tOiBhbGljZUBzbWltZS5leGFtcGxlDQpIUC1PdXRlcjog
VG86IGJvYkBzbWltZS5leGFtcGxlDQpIUC1PdXRlcjogRGF0ZTogU2F0LCAyMCBG
ZWIgMjAyMSAxNzoxMzowMiArMDAwMA0KSFAtT3V0ZXI6IFVzZXItQWdlbnQ6IFNh
bXBsZSBNVUEgVmVyc2lvbiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L21p
eGVkOyBib3VuZGFyeT0iY2Q1IjsgaHA9ImNpcGhlciINCg0KLS1jZDUNCk1JTUUt
VmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2
ZTsgYm91bmRhcnk9IjU4MiINCg0KLS01ODINCk1JTUUtVmVyc2lvbjogMS4wDQpD
b250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0DQpDb250ZW50LVR5cGU6IHRl
eHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIjsNCiBocC1sZWdhY3ktZGlzcGxh
eT0iMSINCg0KU3ViamVjdDogc21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLXNo
eS1sZWdhY3kNCkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KVG86
IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIx
IDEyOjEzOjAyIC0wNTAwDQoNClRoaXMgaXMgdGhlDQpzbWltZS1zaWduZWQtZW5j
LWNvbXBsZXgtaHAtc2h5LWxlZ2FjeQ0KbWVzc2FnZS4NCg0KVGhpcyBpcyBhIHNp
Z25lZC1hbmQtZW5jcnlwdGVkIFMvTUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1MjNw0K
ZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlz
IGENCm11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5l
IGltYWdlL3BuZw0KYXR0YWNobWVudC4gSXQgdXNlcyB0aGUgSGVhZGVyIFByb3Rl
Y3Rpb24gc2NoZW1lIGZyb20gdGhlIGRyYWZ0DQp3aXRoIHRoZSBoY3Bfc2h5IEhl
YWRlciBDb25maWRlbnRpYWxpdHkgUG9saWN5IHdpdGggYSAiTGVnYWN5DQpEaXNw
bGF5IiBwYXJ0Lg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5leGFtcGxlDQot
LTU4Mg0KTUlNRS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rp
bmc6IDdiaXQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PSJ1cy1h
c2NpaSI7DQogaHAtbGVnYWN5LWRpc3BsYXk9IjEiDQoNCjxodG1sPjxoZWFkPjx0
aXRsZT48L3RpdGxlPjwvaGVhZD48Ym9keT4NCjxkaXYgY2xhc3M9ImhlYWRlci1w
cm90ZWN0aW9uLWxlZ2FjeS1kaXNwbGF5Ij4NCjxwcmU+DQpTdWJqZWN0OiBzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5LWxlZ2FjeQ0KRnJvbTogQWxpY2Ug
Jmx0O2FsaWNlQHNtaW1lLmV4YW1wbGUmZ3Q7DQpUbzogQm9iICZsdDtib2JAc21p
bWUuZXhhbXBsZSZndDsNCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTI6MTM6MDIg
LTA1MDANCjwvcHJlPg0KPC9kaXY+PHA+VGhpcyBpcyB0aGUNCjxiPnNtaW1lLXNp
Z25lZC1lbmMtY29tcGxleC1ocC1zaHktbGVnYWN5PC9iPg0KbWVzc2FnZS48L3A+
DQo8cD5UaGlzIGlzIGEgc2lnbmVkLWFuZC1lbmNyeXB0ZWQgUy9NSU1FIG1lc3Nh
Z2UgdXNpbmcgUEtDUyM3DQplbnZlbG9wZWREYXRhIGFyb3VuZCBzaWduZWREYXRh
LiAgVGhlIHBheWxvYWQgaXMgYQ0KbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3Nh
Z2Ugd2l0aCBhbiBpbmxpbmUgaW1hZ2UvcG5nDQphdHRhY2htZW50LiBJdCB1c2Vz
IHRoZSBIZWFkZXIgUHJvdGVjdGlvbiBzY2hlbWUgZnJvbSB0aGUgZHJhZnQNCndp
dGggdGhlIGhjcF9zaHkgSGVhZGVyIENvbmZpZGVudGlhbGl0eSBQb2xpY3kgd2l0
aCBhICJMZWdhY3kNCkRpc3BsYXkiIHBhcnQuPC9wPg0KPHA+PHR0Pi0tIDxicj5B
bGljZTxicj5hbGljZUBzbWltZS5leGFtcGxlPC90dD48L3A+PC9ib2R5PjwvaHRt
bD4NCi0tNTgyLS0NCg0KLS1jZDUNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpD
b250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiBiYXNlNjQNCkNvbnRlbnQtRGlzcG9z
aXRpb246IGlubGluZQ0KDQppVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBQlFBQUFB
VUNBWUFBQUNOaVIwTkFBQUFjRWxFUVZSNDJ1VlRPeGJBDQpNQWdTNzM5bk8zVHBS
dzIwZHFwYmZBUlFFak95d2l3WW5DdGtES25iY0xrNjZzcWxUK3p0OWNpZGtFKzZL
d2taDQpzZ3J6ZmNxVk1wTDJqbzA0NDdnWURwZUFyaytPbkpIa0loQWZUUFJpY2lo
QWY1WUpydzd2anYwWldSV00vdWxpDQp2ZFBmMVFaMmtERDl4cHBkOHdBQUFBQkpS
VTVFcmtKZ2dnPT0NCg0KLS1jZDUtLQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0R
OZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjER
MA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5Mjcw
NjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYD
VQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg
9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07
k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74
zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY
9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r
8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcG
A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5l
eGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNV
HQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfx
CShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRG
zJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5
AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5U
zpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGn
UZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19o
WZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgw
ggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUA
MFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhT
YW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEy
MDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYD
VQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l
078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6
uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEO
ls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBl
fkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4Ku
ElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8w
gawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0R
BBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAO
BgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8G
A1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IB
AQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAo
cCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoT
WgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2z
L3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF
07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSr
JNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRG
MREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglg
hkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ
BTEPFw0yMTAyMjAxNzEzMDJaMC8GCSqGSIb3DQEJBDEiBCBllHSf7b+HyaqXmEwT
DQLFcyd845Y683fln5KaB6NJmjANBgkqhkiG9w0BAQEFAASCAQCRRSDM+MtNb5av
W1U6o2LxrDXrrIy7lb8Vw1D3gHSgEaeZ3ZvZ6OefQPh4OkHNy/oescj+rKZzcLHB
s3RZ9Tnybr7p3kawIEFv1DW3aiyXQ49gQyPHn2Nwi6hK7Gn5d7rjSFuzprWYACg7
hAVWBd4/prAE1mNMR4DOOXoPYZn+ggJb/oaagcbdEy3WrznO2n6TW6Eb7bBoUT4t
IrZRWxPrdP30T7N1eHMmCDNGSXt/fC9rgcRLz+cj+1czfU1Gf+qIxg05HyrVMrkL
+XiCEoOck2+pbpz5WFPcmnRXLgH2FMlSNWU5RwbRu5YZejoKBiUZNlUmlA08d5JV
U3Zqnl/G
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-signed-and-encrypted-over-a-complex-message-header-protection-with-hcpshy-legacy-display-decrypted-and-unwrapped"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-complex-message-header-protection-with-hcpshy-legacy-display-decrypted-and-unwrapped">
<name>S/MIME Signed and Encrypted Over over a Complex Message, Header Protection With with hcp_shy (+ Legacy Display), Decrypted and Unwrapped</name>
<t>The inner signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-shy-legacy.decrypted.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Subject: smime-signed-enc-complex-hp-shy-legacy
Message-ID: <smime-signed-enc-complex-hp-shy-legacy@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:13:02 -0500
User-Agent: Sample MUA Version 1.0
HP-Outer: Subject: [...]
HP-Outer:
Message-ID: <smime-signed-enc-complex-hp-shy-legacy@example>
HP-Outer: From: alice@smime.example
HP-Outer: To: bob@smime.example
HP-Outer: Date: Sat, 20 Feb 2021 17:13:02 +0000
HP-Outer: User-Agent: Sample MUA Version 1.0
Content-Type: multipart/mixed; boundary="cd5"; hp="cipher"
--cd5
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="582"
--582
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii";
hp-legacy-display="1"
Subject: smime-signed-enc-complex-hp-shy-legacy
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:13:02 -0500
This is the
smime-signed-enc-complex-hp-shy-legacy
message.
This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft
with the hcp_shy Header Confidentiality Policy with a "Legacy
Display" part.
--
Alice
alice@smime.example
--582
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset="us-ascii";
hp-legacy-display="1"
<html><head><title></title></head><body>
<div class="header-protection-legacy-display">
<pre>
Subject: smime-signed-enc-complex-hp-shy-legacy
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:13:02 -0500
</pre>
</div><p>This is the
<b>smime-signed-enc-complex-hp-shy-legacy</b>
message.</p>
<p>This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft
with the hcp_shy Header Confidentiality Policy with a "Legacy
Display" part.</p>
<p><tt>-- <br>Alice<br>alice@smime.example</tt></p></body></html>
--582--
--cd5
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--cd5--
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="smime-signed-enc-complex-hp-baseline-reply"><name>S/MIME Signed and Encrypted anchor="smime-signed-enc-complex-hp-baseline-reply">
<name>S/MIME Signed-and-Encrypted Reply Over over a Complex Message, Header Protection With with hcp_baseline</name>
<t>This is a signed-and-encrypted S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Header Protection scheme from the draft with the hcp_baseline <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref>.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 10575 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6820 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 2345 bytes
├┬╴multipart/alternative 1136 bytes
│├─╴text/plain 389 bytes
│└─╴text/html 484 bytes
└─╴image/png inline 236 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-baseline-reply.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-signed-enc-complex-hp-baseline-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:15:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-signed-enc-complex-hp-baseline@example>
References: <smime-signed-enc-complex-hp-baseline@example>
MIIefAYJKoZIhvcNAQcDoIIebTCCHmkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAB4+rUywYwd5++VSpboCoB0ZnRSxJI2onFBv
klMu5xi3XKYXOMBoxnRCzqXrG5U56fnqNGN61fytQNYOuPTYzb8PE4x22E1DGTGl
+PreSLEb/poN0c9k4Of72wBi31tN9e6cNJI45aulpg7lsyfqR2Hh1sNUkO+/qeBv
C4+6xvR1zudZARFPFBVbSg5Y78mHBc6Eyeu9Dprv3sMIej/t2WLkfzsyZQB3ip6d
y7r4Hrl4nTn3NWf1T5PiLU7Md0iAXmXk4+5ZMVHguq/YAQ1X24Nqloih4RJb4+tB
JKvZuwldG48r7Xh3N4sDuefzNJyZruC6T6bL6oKIydOxbftbBKAwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAoDxdIdVEOaRiQQ80GO/7+zdr
XaL2a/LqIOQgeDC7+NarHKxIPGromx5GGs/0A7Hc1WmUUAEl26/3yULmY1RIQ7FR
QbfUzddUUlt7nSm3k4J9dVENgfhpqIjZYp4xqsmJNYYbBH0+GL85BMw8MpB3ndvE
d7pzGCHWYtN/7mPYmf1vJmfC25u3kkmkcuFWafKBCfai6fSe85UQg2G5Y/Q44tNb
B5Q9N3QbFysX+u5etKwnPd08rEL76BflCBhTu6gOaO3HodL/A5jGu8kg9CXqkSwW
vJ+tVggRQTU/Z7hxav2kDa0weKsCdOhSCPbKl4e9E+l6bc2QLg6GnIu2Eu+bYjCC
G04GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEMIDwGtky+IO9HP6uP4Udg6Aghsg
v/eTch+9+5zUIxYIGGJHR0R2nyggJcHXvA8SU2XqzstdG3b7AzrDoIRcKjqiCVSF
4iojFAqAw0A0rFecSokWgHtqL3DAw4BTlIc/alh7n4IuENIEpdX8wIE3X4xd9np1
Vic3K4eq3Er3WoHNssA8gazrU2Xinftqt15S6sCy5pSK7PN1kxWUUBp14lWRMFRG
iWr6IfyVm9By2whh80v7p/bRqC+4rwmIqQU3SuWzMj8oyrrmAlt+A3zEPRwwjj5p
hRAUVeAZwFZN7BVNtqGN34LFdlsLs0YXWXWkrhFF48nL97yxufY6eJt5j/I+L46k
2gufwjkVM8JNQ2LeIdJgBfJDny/zXG0Uim4OOm1G4VrwfoLRDgbidVGWYShiyYd1
azu5pTjhnK+o0tn/SQ0y6wmSwUtHry5zAAI7oiMoAfQOvYRHZ0iE0fMUw45dW7jH
COFSIO6nh9ieAUPodc+Br1o+ICvD2I1VGXIEtUk3/nC2iXcaMxvAUNVN7f6YqM4H
0+ABTX3JUYvw0GvPWegMRZUax478CqIW6I29A8hbJE2/nA3YEv+TiRggBFKfJKS9
9CgLD09e0mD88+NZRW8Xh1UfGHg538KK6mZT6NooBdT+Q6TghMDsxWHfZGTMpacZ
HVQ0IPvC143eODBQ/dhI5ijA0teab/EPV1uevc8ezHKJymBMX+VJnBf7D/IPygjd
c42YtLuW7Gon/rWkhJiDNwJ/YUkUUSnRI3JKGqfuxQ5Q5nIfrQFziRKTHEvL3Xir
74jR+Oj5HuLVRhYV+uA3+DD8dwe8EGu+HPDfmzGkAWGWaLtrojPlyrzcEs12jPMq
Q4dpFTfEJsKV2vj0MkoK6pSmPYAcJsaRKyVykZwILOZ5O46E/wYZ+JV+bB7vgn91
7u+6ocEJbeNzloIkpkD56vDPEzNTDs9zGOZdA4q2FM31ITK/fdgtznQuu1/0FY0f
5O7fhnUIIfFGkEro0Fm1Cq4FjljsJIQF8zeIn623dFfW5E5wicuLXBWbx+lVlcI+
854RcFUrAjK8C0xUlJH3tK/DK3Pee0QVi20wbcdYWBYQ9mGA2kOaJO0c4Cd9fg9V
i1VoqxwW2RO3SBAilYBmZOQEaoyOTLjvr2TCK1LQQFv/rCi+Mv41ggF/9KAGOaFA
8b2hoYDWP2MIZBbZMlp+SVENRVmjdV5ok+NW/nFlC/eD75BH5AZyzkatfE4S1oXj
Qlyle+fGzD3ia0xuzOi++PsdU/7SRXefnJog1hpKormrLE4WACamfLVCFPiEepPM
OYCiy+2Yie+jRTEiGw5gSP6GLH3Q8QDPX7Ycd7bDTt7Kv1rJ9/u6nM3N72qfU0sO
KwDQf/b85KgbM5Dl1UWBG/oWmTSicq5rfKRknyJIUulfk13QxmYW1yk3ZSPSlA6x
opMhoGLOk+BJsmWWVPYuZb7X+UbpmaqPAX9jhezzpGo56Z/4o6lK+ydGs2IBMR4b
BXGozhRp+tTw+FV5NeZn7BbjgupRrMkybLP3ihAiMPpKBjl1+ZWV79SnwQmsRrmV
iGeLd9rH4A/Wp4Le8M88ZbCursTbGMZ7AcTZved4GdNFi5tAzieyUfuOgeQePKSR
GiJ8cObCYK23tDzBM4czpxtoT1hayHIgeRrKzE8Ve6K6fd56Ycaw/AdnB+orIpc8
ZC7yDKC9omlIYhs+v4iYpzSeAllZ1EMY/PUcAKMGpjj32fvdZD1mfO+5GuXSis4q
mpr8giCDhPCs5INWBFyFVAy4dXJSszOnfptphOBM+DXgU0opZzi46nRyDK4rH1XX
eAJj5Xn4vA8rMoiRZkzTBanMuDCMH7eBftzV6tE1LwJvGpsOtTsluYmY9CK/g6bG
AXNi3DZF6r4PYsSvhA4DvODVhu4ZyYuavo7KBwp+79oz9/oR+aWoQ4yyPH66tOQ6
v+PdlZ6j/KmLFDdZkGND0+4xJqrf6L2MIe3K+GFfuCW+QB9zu+prW627gFnL8EeA
M8EDJI7IYoCqcc5pjTejeOEyVTOjhxaTtbqKkYtvidDxQUYvlxVBzGClv/BuOhGi
8HntDWHPTHFfDvKeWJ44vAMATWzWtlEoAyMtpAWboN9CYv19V5GfwSdQdYEQTC8v
VAXvf2ucI7RFQI28Uv8g1IHdh+oHNq9QsY+d2ItswzJKRhbUU1GX9oXrR5snKTHJ
ZG/loE0tOzgmXX8AEmu7onPtAhF0jrnJ68EACVQpc4vWcJ8x2FyFwfUQTmcbqFPc
YUIDyZLJ1oV3eXPCSTYBc0LCFlkaaz8XXSLOEwBBcmvu3X5enPi3ac8LdPH7vjEr
ZvbbQHNgzvX/QubBGpA3gYb0sKMv7tZtoQ84ZLvPisqoNwzETQRRwljoomekk3Cp
gSLSy8xqc4Ip5Auf15Bu3VMp1J2XtFphfSIao2FYXkliiATRVCfV8LsKWWyfOYZy
owJrYBtJ+S0kRK8X1Lc9EYpBTJ+evNXjHO2t0S6B4j2y6VFePVplzEXWn377tZzu
su3AhwlQ98rkaZYHxCTS2klFlePjwJLUFmL4qly6jBBdGjMMxZWsgn/MMACJBYWH
qbhCvcxfl3D6AhED40/DnN57yh1nJDj6nVg8tq2KOIocom75nXoOEOmM7kSZuwIS
dr4HhRk2ZlzyPX3rrcX85VMGUjPaiI4/E3l0fWi0mk4ZRAih0fM3IfMFe0Wdw2O+
9umTwAvIYggG6ZqEiJz8uKpZk+0pqxXkaZlY0h203KHg3s1BKcJbfZOPPZ6tfex1
0Bs7B4K3z9swIct1uqoVF7rHjZ0VOINkLT38ixkrkk7/JGPwXyuwVBZP1JWJRtUu
0hDZUMXK+B3tD8W1M0Lq8tx0MSBPf3BIP8ttWSYUlc7IQYGRs52PoMNApWw80Vty
mjDwKZ/rS86T2wujRG3AB0hRIQcyMXi42dWsDSHIdzjexOILddgDbSMJiW2Vneg/
OEZ90WUxSi99ewLiB8Wjlh59942xIootNhKujfbFYgtUAbli43mXXqOzpsc5VbVw
7c5HK50g6C5TQDG0aNYBqutP3d7df8abe1rtsZBcG2mfh+Pxh0LtsZrTziourUtE
b3xnh2EkOpudGTuOCjAkyGHIbMPhkXpJWoHojj66F8iToH8jL1eTheBnWl/NWQ3O
U/1jquVs6a0GbMImg5/vxIIW/qnozyDfrwsmFSfIhs0cNyJ6pUSeNMYRVUEtoK6n
63DX9EQ0Bm/rKZhaznxHrH4u0b7amC8uXKHEK39JZaKg0gUNpjWXbVkJxBlNtORg
LoBZzt4u0JNoNl3zdDM+2/+JNP0Gq90SO3SkAY31InkSjSB98OBJY6V+f+02nPdS
QoB+DFXtAk5EV9DYcJRFI1wCLCIhGMcy5n0lPrjucaUPwfbFd3JDkk7AzNtBpQQ0
W/BXtyvT6GFvWnc2P8cnKrXvGcb6YvN+i7mh9JbIC9rIl8x+iM6oXE9c7Xxz1l/8
R2VatyR3S7v2gj5X2hbqz1xgZHuX+ZaXm6muozmspyM2tNMolYpvpX/kmHN/RPzN
vza7XzHXcZdqNWwHKub8Tl/ZIJeA12MMKDRpERDndaR4j0iyqZTMU8qCrtPhmmI6
A51LjLkN6Vy09AWmAEl35H+OtDOkwqE3E6DHgS8znl4oBfY+2+NtFdQmCKYF/EKr
s8NGezoAtPxq0Swh/crfgmfk3oOhv9FGM119qUU0LAMy9nUKv0Nsci+70cBR2Sus
WPPZJDJW12F8z+oATPT5+XjEsGzm1AcWSVf4PG1tlSmBPn7RWmSAE74T1Eu0EvfX
4Vv84/BLcTo31H/caIT+SInxeDAON2aFx+gNRteIo+MMQeHNU1C+iHZnZs6ye1Vy
ySJ7X2HijnisxBMkM0l5zJN75KdDpQrZt0c9/ko++AGIpYcSLzsyxL5PuQTAXWGA
1ioCI7A3icYsSly7SLUZQXAFMcV6xVXL4zx4ACohEFgydA9s7MNnuYg/DC71qtHJ
iWtODQK2cnP7rptU4R9u8524AwrZbTpvaJeaXzZ5gB57ziN9JFTNicUWf88UkJcc
Zjk1HxtdmtpP4kqiT8MEJQEY8Y4Q0Trn45GazsZnfZZxXxK2EC0w/Mj7/RJ7mCPu
SEOYDfAu2PtDh1jW1JjJv6AeqosoSpPuuvRZt8gBE38oKiHlRgkKRHdjEyVsg0yj
eD7qVk7DzYz+sZhRQyiGZY+p1A/hItQknAFbLiSB6X0ZCIml/+n0/lB7hkDSaT7X
wYTKdpA1bCgB1/9z8WAUwojaqu2wCDBG5wvKZsfeViSloxVgxezysvJCVFiHdgn8
8AuYmkph9MrjRvM6eq1bDZWQ0Pxb0kV15obEKTLk7tFbudaoEmYI0sGbQ0LWGRCD
DEu6sftmbXKQCTvy3HjXuZbgSt89VZIFJVu112qU4XxYPWC/vasCJ+atAgQk5Cn+
CD7i9psfPE9ENOnMdxCDu6GHkIYkYpY54dpKeRMKizr8vKrMr04DM+VON5/BgePv
AtgIXxQuQjlchz9z2/AEJsgLnd/61jv5BtJt1FB/mMfmZqRxi4ezRnK9tSiMLLDV
Y6Zj4qmSZxryosNvkUiq3X6ic0rCqlc4z17cQN5lVKJ9k+mb6MDpDUXsub11FnJb
V1waMVWvpPBZyDmrTB/Rtiinzg1p6kNuoS92Di7yGNpZUQOjxf75wdXLm9cWVtDM
9xlsBIPiTtIzyW+x+iYIBuFQLth0g1evYXmUZ4BV90hM3ysKH467v7VcdIhpJgrF
KepFhg+942rWXAgAe1aFEhq5bBgUgydqyJ+N5IIZUunphdodrNgSWI7RHQJfWktX
yi+BbcsWYWYxvouW3UIAr24OFpW7/cMPoRw8w6tPvQ8PCvVfkeG8Xxg/WxiVtpuS
CIetAqBBW4MI7C0icv9lTizUM81hCrcUOdcqtPdNUOXQziGqa/CICFHX/4sOMP0K
UMbP5Q1Y840283qajxk7sVEas4PiDaA1feIn3BhMwkaPXfleRSlvcO779SRhc2Pm
yBuc5UbfgSaZQ0gL/WsZUYLk6VAt4bbO62rntIn9dZTacjRl3uPQtuNQ4brG6IM6
08sfFERdIwRFVxSyT+chE23cMgdCszZ2EwpkDbld0ntdKtKd52FGEgvkfT3gYuDV
XyZc/17Iu9r6kD2M4/dn/W2I9vmBszc+NhXhA/fE2+X6pZgCyTFmbkH25Q3nDDjz
UcbjAmvMEGVI90Kv1kp6+qIdkUCkAAjigA1p4X44JSYDRjSovIreP8CawufuA+9G
vJ+5AyFnexRk4yCGa+IE5Rt5uTctcHXb6ZQKel61k6WLZlLfJ1wrzUObjpcEgNS3
PJ07n6QkxiBpqwnc89mAJOOrSAYxGe13vHpT48kX6CHdqV+LDr+21MNlBMlXBGXI
qRt6X5dG7zfhNCoGQICAd3yj8kGW99VhBBc2QZvK7EUVJF7LAqbfzS2EnZ5G4al9
Zq15tnQkcJzuNOvwaUkQAuGFri5e2LRJILklwskqJP/aMUaXU9XLff+n/ld4Gzp6
m+fgDU6mmkhWasYJtjR2UTdtu2VB1EoIOirhohnUyfyaFbqOkEka+pl6+5kr7ds9
fAbTJNdVjyC0cML77YWqBndfS4k/vs8DteMnwgE8VTZFc4FHBfRLD6rUzxLKkLr6
6tFOWbpHlXnmo6oLswnQBucyLUcZXDZ2PKjSlHbpn3o6FXSdUPTy0qt+g/a7N8q/
QC15Fs77G9kc+dLpETXCUX80/HO87v/74ACcFenSeGAWTwK3gszbmeyvyzqo8MZ6
8xZxoPbf2kglMS8Bbn50DDgU9lG/5Vst70U5RvzoBiHShBOQLNTuYn5dZCaJtW3p
U5StAaVlCoBbdvkCH6U9lGuSoEV+fpplZN/U5vY2PntEhEiUcTwTIHTeeJmpXAHY
KrwT/daJNS3hA1EXu4ZQIx+98lEehhkEqZuXhm+F6AZWCe/NilIAf9YdYrI7pXxO
Ec8jn9roFOSa2X7kDWJ3UrBjzUM7fmU4ypPi6vHlHF4RD6t+IOmAPmkNiMddOxCg
DpEVW9CjMCcZI0W4s+bpjIjwWM9j/TSyNrMp6EUr3QChgghCdVvN3P5WVjtDGZhU
KNWz+s0pB7zMEj8MVeu5RzO/E0J9JXyELJkMviqCRfAmqJ4OekZatX4ZJNYIdav6
C3qVaiBcumVHoQNMAAQy2LkdV6yDzPchMc6umzCeeyufkGs4RmWFaVietjuE76nX
fGfsVjcg0Cm+5BzYvCKmN/xEEYtMjyElByLzwcDvX/nedsZV2pyuggYZqjcC/qYC
1sHSBNjgVWQinYDEbtebj6I4i/0/0eRv4vfcdE7r8mFm5Ukx4JP9MJFKaNQPWDZ2
cyXZsH8/i4+/u+P99onw1y31qdpcU7Xtzo2UKpdNla4GjlfOij7i+Tuf057/13WA
XQBcvABU0H9l0zDNiCioY+A0+qHOWgS95Qgzqfl+wwEZFTC5r1V2yqO7eePrWO/M
Zy0HdPVUNmEavV9CZ2Cv8KQ+atL1uLkw24jNHYf2Fn1Mndb2+iSX9lqP2FfaHXbh
XSzsMcvxj55iA1mlBAFWoHR2yhJUJS+UtB38VxlbyWlrmUtZup61i9wFo89trRx2
S/xfeR8pdtg23ZutvETVfjFmNNG7w8Yx1yKT3gZo/eG0slrY7hR/WA2nARc55fAB
ELxGuZJp2H87J1noU/4L64IGHSNS5kzyStSvoihAg8a2bmV2j9FDBW2yUMdqUiXO
opb2fcM0J0F0SECNmz4n/EDzKlZjJmw8daMbElRVZ2Fz6EoUzmmYQG0BLeeFz37l
Ei0bjuKJAlaUpBfosaw/f+Ft/PUYlpJ5hXPFv8qJ+bpmHF2ACNPyrmYDJ0lTzvMs
Q0zDJUZsMSENb24FCR6eMLMBgA+Uh2ix7FafPTqx1p7B80F/f3royH0NgIHzkm38
SYvwLs6MYKlioM7+wMU8qDOYweh1IgR6oBDqaeC8lrFHai7c6h67QgV2qDlajIyO
ejoTbnWuRDmTrRdINTRpne3SQoKalSzUfARcbuWoVC5cmxdL+wlYT3PM1mWZ94cW
XNhGFb6qcwBtK5PWxxwIj6RxrwEK2Z/+EfWHHiqtHT8Ft73gILqMYMce0ve+8Adx
g4JBn/pKvTaEt+n0/cUJlN1zk9Cpf19ug8y798vMD4vQJ8Iv9xk+zaNZ4SrRVvZC
jbiEXAVuwkGzIRobUDC4gE/PnnPB6hbhJM3dSbHhf+LaZfR2lh3f4anQbunn/sDh
ohLXkzDz9K+9RN2P0uS+0M1IHnBqX7vHlSUXpw3s0l8JVEF8gigXF5GV7F/EXWlM
2LEvrVjXI3OlVHSbhPogCD+98smaAnIUuBQ7Tr+0nSIMKZ4Bct8jyx3C1dlZk31x
X4VrEMLatemExIVkIqk7VC9a+U8zV5vpyJO1SDJo9Bm/mbxi0M7DwSbaxJrOURPI
gFJveIetLrwTNeq0auBcuGXjyQVdNQtLIXydBGTzg6Rj9W0/yeHQYZh8IUlQB4It
TBTniPTYpfUiVe6acfDDKeESd+S6SH9ZNaXnZBTqxpJHeVUBtFnplZagjlZiKP9M
0CRAycswHBfIT9BGIr4odnvOk9aWifBHDqjGJ4XGaiKSQZ0xuZRZdEPyoRg9FsAA
mlyMF+JdANy9hGdbStDS3ok2tKiRPzArphUass9P30Mrp+hphehljDw58vQxyIj2
rTBdv9G4A8gE37hn1A9wo1mW0E0K2nLl/CVPNZDlavLTWcx/RCLUgTtgTvQsERVa
CktsA9Fd6jUK2bqZIcvS4lRXRHyWtLRQD/WbNR6iGFq3ou6iKSWiOAuwmMgfcnsT
yREWaTY3gs1eIHCRMU1qfxz6WecCM2DpgEQVL0cZBDJNB6d2MsDjkcGCrsi9hPda
vPDNKMsxAAfkeUT4nQ1FbkGFN19wfMvHzZdj3t2nv28ORyarOMR7JdZy8uH9ZC2x
MBUUpa8dcLqfCsIwfMqHSmHwoE7avo4B+j9gaFbONyUrpS9XivPaR4C/VdpvmEx4
uPCQcON3hnxts4H0Bbnxr567VRLH9M2lh95uURXg2QroDNXBKibYNLEXrGnsuR6e
G1+GPxXVk5LB3QavktPU9UUnCTU/yh7OJUUJC7LAIcOkuQfG8W/cVWa92dXoGFIc
sePH1GM5AmG3EkaeXItR5gT2gG6S2J6WfarVJSkvK2DL962V5btA9qFvu85hxjC+
/XcucUlbcEPixrv0ZfXeKeykOk1NKKiJ3bVnGZpQIql/dT1LxPFF9pEDQMOtucec
cuDbVmh691nt5Wx8Emk09BXRWOsxqgS9Rp0ZnYl9/0CYwJWH178sfRfuZvCG4Lv6
bd1a+A80hEshOhqZxXEZlrSGNSVw7jIN5CIXX0cs62UKsx/+PQQIV8RQZafy2vbz
N7PN501YdbE7nRjIMGMRcs5tibuukn9/HRY4+NsaLik+olW74q1EHp1N0gtRBiYM
wvFTWnTqguogKEWb1RAysycPUuTV8RvnGN95y58c4pnpTwZRFw8rhGnE0VHSTVq8
6796GuKYcExa3RoX2PUU4FDpufq0kfCRlWxvuUM5m2lr73TA2hb6icXhsNJ8OEGa
AfufQi+RH93+6UFTrmWlsxMhRxR2NpWxXNEB/7tkyjpK5jh+oN0f279PapJ3FfLO
AV7phEbm4W0BSBdNJmnzLQipGKzszyTd4XlgaXB2HqxFlWbKWJdAdHkFK8faN4SK
ztxxOBngAlBMdPtxEi4tev7S93SFKoqMwY18vHlLOHi/oFpaWMjJsE4uxdqvtz/x
aeZMmgstD1ZYRykBqGzjm8cMeoQawJ9HF6AkNFPo9+AsgXCuPNhutGZuCv3vAWTg
yXAiMHDuzahSggfr7r2ixkDUxD12/5RSeSDvCkeCWsjBKVpyzoWn2QksAMBoETyN
F2gcjouX2Cp+OkOQV0e8Y6zIOWE/SGUkFkUDRJUSA8gkpfXWDPV8MN6rAMULWUGP
jYcRtabSgnlXKn6VivRiBlGXvp7iOXpsoGtMwof9hUcoo/HYMAvdsd5anaIZU8tA
g+c+8OHky2OJ5mzUWmk1CcBIWO9yyAHsy7ivSVzJtxDuTrQAuuH92MZgyvGnoioM
uaKOwNzrmhAAhBruv0XpMd/RBIu5+e8EM+fIuYwwwYDWIpn9vMbkKiBv4h5PQ8+T
cunAwgNdg0qVFeZ96Gu1sIHttbexEvSADg9fplx7TG+DZgSrDkxhnJ80a0hZhZ2F
CYJJrvEcQn+/ItTftmmV5tpG2r/LCufYFL26h0RXdD8=
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-and-encrypted-reply-over-a-complex-message-header-protection-with-hcpbaseline-decrypted"><name>S/MIME Signed and Encrypted anchor="smime-signed-and-encrypted-reply-over-a-complex-message-header-protection-with-hcpbaseline-decrypted">
<name>S/MIME Signed-and-Encrypted Reply Over over a Complex Message, Header Protection With with hcp_baseline, Decrypted</name>
<t>The S/MIME enveloped-data layer unwraps to this signed-data part:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-baseline-reply.decrypted.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
MIITWQYJKoZIhvcNAQcCoIITSjCCE0YCAQExDTALBglghkgBZQMEAgEwggmCBgkq
hkiG9w0BBwGggglzBIIJb01JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUtcmVwbHkNCk1lc3NhZ2Ut
SUQ6IDxzbWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUtcmVwbHlA
ZXhhbXBsZT4NCkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KVG86
IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIx
IDEyOjE1OjAyIC0wNTAwDQpVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZlcnNpb24g
MS4wDQpJbi1SZXBseS1UbzogPHNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1i
YXNlbGluZUBleGFtcGxlPg0KUmVmZXJlbmNlczogPHNtaW1lLXNpZ25lZC1lbmMt
Y29tcGxleC1ocC1iYXNlbGluZUBleGFtcGxlPg0KSFAtT3V0ZXI6IFN1YmplY3Q6
IFsuLi5dDQpIUC1PdXRlcjogTWVzc2FnZS1JRDoNCiA8c21pbWUtc2lnbmVkLWVu
Yy1jb21wbGV4LWhwLWJhc2VsaW5lLXJlcGx5QGV4YW1wbGU+DQpIUC1PdXRlcjog
RnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpIUC1PdXRlcjogVG86
IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpIUC1PdXRlcjogRGF0ZTogU2F0LCAy
MCBGZWIgMjAyMSAxMjoxNTowMiAtMDUwMA0KSFAtT3V0ZXI6IFVzZXItQWdlbnQ6
IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkhQLU91dGVyOg0KIEluLVJlcGx5LVRv
OiA8c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLWJhc2VsaW5lQGV4YW1wbGU+
DQpIUC1PdXRlcjoNCiBSZWZlcmVuY2VzOiA8c21pbWUtc2lnbmVkLWVuYy1jb21w
bGV4LWhwLWJhc2VsaW5lQGV4YW1wbGU+DQpDb250ZW50LVR5cGU6IG11bHRpcGFy
dC9taXhlZDsgYm91bmRhcnk9ImIyZiI7IGhwPSJjaXBoZXIiDQoNCi0tYjJmDQpN
SU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvYWx0ZXJu
YXRpdmU7IGJvdW5kYXJ5PSI2ZTgiDQoNCi0tNmU4DQpDb250ZW50LVR5cGU6IHRl
eHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIg0KTUlNRS1WZXJzaW9uOiAxLjAN
CkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQNCg0KVGhpcyBpcyB0aGUN
CnNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1iYXNlbGluZS1yZXBseQ0KbWVz
c2FnZS4NCg0KVGhpcyBpcyBhIHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMvTUlNRSBt
ZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVk
RGF0YS4gIFRoZSBwYXlsb2FkIGlzIGENCm11bHRpcGFydC9hbHRlcm5hdGl2ZSBt
ZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZw0KYXR0YWNobWVudC4gSXQg
dXNlcyB0aGUgSGVhZGVyIFByb3RlY3Rpb24gc2NoZW1lIGZyb20gdGhlIGRyYWZ0
DQp3aXRoIHRoZSBoY3BfYmFzZWxpbmUgSGVhZGVyIENvbmZpZGVudGlhbGl0eSBQ
b2xpY3kuDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1wbGUNCi0tNmU4
DQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD0idXMtYXNjaWkiDQpN
SU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2Jp
dA0KDQo8aHRtbD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+PGJvZHk+DQo8
cD5UaGlzIGlzIHRoZQ0KPGI+c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLWJh
c2VsaW5lLXJlcGx5PC9iPg0KbWVzc2FnZS48L3A+DQo8cD5UaGlzIGlzIGEgc2ln
bmVkLWFuZC1lbmNyeXB0ZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQpl
bnZlbG9wZWREYXRhIGFyb3VuZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMg
YQ0KbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUg
aW1hZ2UvcG5nDQphdHRhY2htZW50LiBJdCB1c2VzIHRoZSBIZWFkZXIgUHJvdGVj
dGlvbiBzY2hlbWUgZnJvbSB0aGUgZHJhZnQNCndpdGggdGhlIGhjcF9iYXNlbGlu
ZSBIZWFkZXIgQ29uZmlkZW50aWFsaXR5IFBvbGljeS48L3A+DQo8cD48dHQ+LS0g
PGJyLz5BbGljZTxici8+YWxpY2VAc21pbWUuZXhhbXBsZTwvdHQ+PC9wPjwvYm9k
eT48L2h0bWw+DQotLTZlOC0tDQoNCi0tYjJmDQpDb250ZW50LVR5cGU6IGltYWdl
L3BuZw0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogYmFzZTY0DQpDb250ZW50
LURpc3Bvc2l0aW9uOiBpbmxpbmUNCg0KaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FB
QUJRQUFBQVVDQVlBQUFDTmlSME5BQUFBY0VsRVFWUjQydVZUT3hiQQ0KTUFnUzcz
OW5PM1RwUncyMGRxcGJmQVJRRWpPeXdpd1luQ3RrREtuYmNMazY2c3FsVCt6dDlj
aWRrRSs2S3drWg0Kc2dyemZjcVZNcEwyam8wNDQ3Z1lEcGVBcmsrT25KSGtJaEFm
VFBSaWNpaEFmNVlKcnc3dmp2MFpXUldNL3VsaQ0KdmRQZjFRWjJrREQ5eHBwZDh3
QUFBQUJKUlU1RXJrSmdnZz09DQoNCi0tYjJmLS0NCqCCB6YwggPPMIICt6ADAgEC
AhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg
UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIw
NTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D
9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs
165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZu
TtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDH
dZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy
6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/
BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VA
c21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMC
BSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEw
jnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBak
DKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdao
x644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Na
r2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtl
uLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK
49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vR
hZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG
9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8G
A1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAg
Fw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVU
RjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTk
fCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DI
Ls7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TC
NO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7
ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTM
SiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwID
AQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATAB
MB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYB
BQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDT
IGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0B
AQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3Bj
JOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIj
So27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9
cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4P
GHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+u
CDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UE
ChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1Q
UyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6a
qdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq
hkiG9w0BCQUxDxcNMjEwMjIwMTcxNTAyWjAvBgkqhkiG9w0BCQQxIgQgzz6zrLzs
Pn86IlgrGm7Fheev5QucTU+VJZWxIIrBFk8wDQYJKoZIhvcNAQEBBQAEggEASITl
JnQGy7Cb5U6BdSMX3mnksCOX8mvaxy3o0QqNUbUGhNNPKI0LIWOdjHUL2Eq8+99Y
2+WvVn3ZkAJ7KF/89ja3u4NTiwu30wWsd7DL7t1z8DJBK6JuyaY4xtohUPVa2gL2
1atPowCt0X5RF7lmihqZnDGGUAzjfLpVsFnyIVAL3QG4/vW609d+aeO+ccdwzzUh
lE03h3qpHK9wX5pWBNZCfdmjdXUFacU+fMe1mG9I8A1HMY09zj+rNz3onoIHJWJ2
FBWS2tqK2eW8yCf/LSq9M5k86VbTjPjvjPz8FqupzugC5sUAx2JMUfUOq4A9hW+j
g8PEOcwaEeYOMdSeKw==
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-signed-and-encrypted-reply-over-a-complex-message-header-protection-with-hcpbaseline-decrypted-and-unwrapped"><name>S/MIME Signed and Encrypted anchor="smime-signed-and-encrypted-reply-over-a-complex-message-header-protection-with-hcpbaseline-decrypted-and-unwrapped">
<name>S/MIME Signed-and-Encrypted Reply Over over a Complex Message, Header Protection With with hcp_baseline, Decrypted and Unwrapped</name>
<t>The inner signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-baseline-reply.decrypted.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Subject: smime-signed-enc-complex-hp-baseline-reply
Message-ID: <smime-signed-enc-complex-hp-baseline-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:15:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-signed-enc-complex-hp-baseline@example>
References: <smime-signed-enc-complex-hp-baseline@example>
HP-Outer: Subject: [...]
HP-Outer: Message-ID:
<smime-signed-enc-complex-hp-baseline-reply@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 12:15:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0
HP-Outer:
In-Reply-To: <smime-signed-enc-complex-hp-baseline@example>
HP-Outer:
References: <smime-signed-enc-complex-hp-baseline@example>
Content-Type: multipart/mixed; boundary="b2f"; hp="cipher"
--b2f
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="6e8"
--6e8
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
This is the
smime-signed-enc-complex-hp-baseline-reply
message.
This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft
with the hcp_baseline Header Confidentiality Policy.
--
Alice
alice@smime.example
--6e8
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body>
<p>This is the
<b>smime-signed-enc-complex-hp-baseline-reply</b>
message.</p>
<p>This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft
with the hcp_baseline Header Confidentiality Policy.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--6e8--
--b2f
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--b2f--
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="smime-signed-enc-complex-hp-baseline-lgc-rpl"><name>S/MIME Signed and Encrypted anchor="smime-signed-enc-complex-hp-baseline-lgc-rpl">
<name>S/MIME Signed-and-Encrypted Reply Over over a Complex Message, Header Protection With with hcp_baseline (+ Legacy Display)</name>
<t>This is a signed-and-encrypted S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Header Protection scheme from the draft with the hcp_baseline <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> with a "Legacy Display" part.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 11205 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 7278 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 2666 bytes
├┬╴multipart/alternative 1419 bytes
│├─╴text/plain 478 bytes
│└─╴text/html 638 bytes
└─╴image/png inline 236 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-baseline-lgc-rpl.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID:
<smime-signed-enc-complex-hp-baseline-lgc-rpl@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:16:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To:
<smime-signed-enc-complex-hp-baseline-legacy@example>
References:
<smime-signed-enc-complex-hp-baseline-legacy@example>
MIIgTAYJKoZIhvcNAQcDoIIgPTCCIDkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAGfiAnT52E4dOn3GCoKxpwxZ5jrJBpfmph0+
ue/FmZEv5klqdljABwTObNZZ4JUCbzv6MLOI1Xmn+00SQ8JXpX4WiQhIEOuejfcI
ksFg9SyHfxsqmW5bh9b2VvTC3mXRF9O+4bEkep7dcp60i2X33jw3E2rocPl1cdY1
CKYcOcUiIpf9guS0JPcenBq+OGJHjL7o3HC01fNJPc4XtaPao1xJNAN3UwOTrHNL
RGwkgtyG6Xw1B0U1+Kn/T/rkkUgqqWrw+K7nX5WtPUW1rQgFoUHJUzZx/fXMfeOe
wWrybho46jWISNF+xDiuR1+A4188E/Q7+4RJVIHoJCa3box7MEkwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAcq7+FdWfup7R9o64oTMQaqu2
Zj3DOLonCZ92tFAySyaZY+bCvA6/vLs5Et63c3ETWzFP7HUYnFjBDOTsgrnZAzez
bDsg3XVZGWf2vCYhEDe1RKchq5HlPPEjyg5Pj/HE2p8P0BGidOmsj1nSy23FWM9C
Y+Y3fhXtcV4qB7g7FQMmB4bghxgouiPVE3kt7wCuPw6ekuOWe+GnrmI8qoh7aFdz
ehgq2K1IAO9UXvNGV0r7XIN+w08iVxM6DAELNqZ9dVNZ5fpzOSsIPvGNCZZSrOjU
Lk4+6eyHo/5qLXDFhESGRe0XUe6VSAz3hN4PgOdsyoA02/emgR977VDsavjeVjCC
HR4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEELNpzmwBEJh+gxLdI2Gm1ymAghzw
mLnjPD9k41KZLVG+i7LyAI11h/fYPRxpnRjsm1Z2xWhHKQQmcnVFHf/kyqZDc5fI
Ud3SenoCrxO7gLELALwfH3v065D2ETNIshz/KoujlxswSettcE5LRBDsTeNwRgl7
lxSL1EjagWzAWN3i98C0M2xL679Z1RLVB+a2NjzVhDE/NktouFBQSq5qtlzvCByc
dtBpo9IW0w/COBfm8tuzR+Cs2uanYx751Ku/KDyJfnEl+mDaP65pI5ooKrMcazTX
YLzjwwDi+idhdZxucwuWj977fBe9bQ1R5tnT0jKuch9hTB6KZWAUNANINEA3SISJ
hFIf+bYE48cBaFhSMU+2ccl6qdWFzJeut+F8MESC7xpsZfoeHC3nXXcGEQ+j3UWo
Qtd48yP3mlx7m6Uvd4k2JPaoAu+N3uZhSJLwgePW/J9tMix+VXsiADBZSrV03nnH
Gd8QCyHZKAC8QBefhVaRHcxfFVmtT2Ru20tKZQN7kevlKSPkpFV1u/iJfKFUfYnY
KoPGrWS5HbyD8ap0UGmVHpXjwcmA6anerktkdeOSqohokfQgU9vOGP0DjtNOv+zC
tu96SSm3aEA11wefb1I/9NiAwgfyFdf1bTJEUvfMXERJOCWsfGhyYEQy5LAxq0QM
p5R75Uob2D5CaNof7Uyr0o1zY8aadZ10qQ+NXmFCQx/yG5nrMgv63By+gkgb4bbG
AuamBjdpJ3EGpJ/SMdl9X4vVZOIkqrJ/D0UeFklMMCbsrfRlCaB/OWc5l5wiHxFI
HTXRM8fcq27KCiE//L3OauQkBI3NaP2t2EuBvusEGtCSSBUtb8t2qZxW/PS3OS+b
0Ko/wnrQmoVxC4CqO6ZBozVs/PKZUE/TcWSX9PhRUcaK3236Co1mZVrajlFdcv+D
ktR/Sau12du4SVYez0MKTc0A63BUWuKNHdvI8IJueStL5BBSEWnnjnP7DRj1vvvF
mEIKebxZzeAcqwhHNbrurjazsQA9GXXQElXm9gWvMg+IM0BH+MEpmUzQis81mb3w
ghPeVB9U4RkGt1OYKcxuR6lQkvXzhfU5ePsVeTzZbWVopx5wNrbb28yyUdG3uobO
MuK1LCeutlRSYJcB4laeQGKEnMhBnxTAlKV2J9aUionWOKcjkPmAL2JfjNcBnUDJ
aUg0UblNss8X7zHhTpinKykEYPinab00YV8g1m3lkt+uam1Msn84u9TSK/a1V35C
qs2jbbqjaVEnV1BMKBk8JZgaQF8YAUPevrPsyFpzY9+Sf9kvJxx7zByV8YRCRBH3
2PSYrChFOog6hNa7dmNpLDix+rZgPiIqAeec4FUzwBJqcnOueHZBYi2k3ExqCX5S
FDwwy0lilHh2DgSl3u5q0ouXZJ3nahivC9JTpJKYpTipEtOD0K9VXExYG2oQ38fH
2J6R8neBfeDWcN2aiBHnDnnTgVMY66QKNYkJM6T9m1pWmjF40Re+cjKO8Y8a91q4
tj55/rPNWPhYrqZqERvda2V0Ia7ywLjPtrQuEbKLVXlts0KDJV6KACps0rTZXmer
Fb3LjKxTZYCDjgGOFIC8TpeGDEC2VTU1gLLN+Tsjx2ZGuCRqrIwzgdyMMwtPL7mQ
ORAK+Ff/HaOuDLGr0oyTpbBGgmKsZx/SEoS3ZL/c4IO29YwhlEyPSlDDMXqVsNE9
8mqbP6um2ZH6l4EzNm8sqPs4Wmxlp4AzNFy3yZPihZe7VVO2hrhPBjOLVVN82gcu
KbnOhhfLTbSvvSdR2/sUbQ9pUJUq8VR85py6OyGUaOEAiEIee7BGy4AjHBGinW3f
8z5qEewOT/Hn9BOHIPY8nNi3k27/RD8bvYXktWoROZ7n4UrkkBmC7ZwELunkp4N3
wzGA/Waff+rcdCl8SwoZQCocwyM9cmu6tcK1bnlVyp4WQVDqqlxakGkXdKcU2tGr
X7d3R/638v5R7ZcTtIscOYvjT/YD/9x9DoR1kqDGHOTP5v9nIyKuRVfvSpsPazBI
2IcZj4d/O42JYIAPKokr09/7DVjn2hODs5RGNWJxcn2gB8ff7MYuMQkn2WpzVcGC
4IQu4k3PpLMPFu4DAbq8qH/XeviqP8nTjURCbtJY2oSOvY02Wy9kAKGjq+JyTt3l
R3KPfydNjc+TckbDx1Ryxr1ZDgIOarfZaZmpWky33LyHfOfS2B3lsix8qQit5/Wj
8EvLPzsZxto31qDNO7AEhQvWD3aVLxfwHcEgrEqXwJBtNx004TfCDCrLR+X2b+iX
U7Va69ojWSmL6xSnXTLTzaJR0QttJ3AmR2gNLsCVH8gqkPuK83N4VyR88pVTutXV
a27zk0tCB0BB3w76cNXNeG2fmM2T7eJHjJlLg9voAgbRM8tva9uT5r6YExK4h0dx
fsNnZuHrWxaObb4AyUGiA/zMHuiLhASTu3Ueru3X/sMGNYxg3nCT1v9epe529TM4
eX66wEY/aPL/Ms4CpSXKfwy2PjU0oOu7JTDgmKc08cQqjC/mxEI25u51QKTAcYhU
dAzow0A8CpEwF1uKtRPaU5BPMoCe/+xdPlxXNSYcHr0yHHZJxrOkC03WJJBGlaEd
MZva54oMQxlLlxZeta2lrF66qMrPfp3uHf2d4I7H2pgDEoLygJBUwqy73jmzMiib
fxozGcbKHdE0VfykiyRgLRZXh7zEsvexyiss7/mhQIkrZkapNiYwzS8KKmcw7OXd
gKxW3dlQG4oa5eK3wYMgAZtpXxeMrx5jrbcYiT3bBatfa/GutvLSJjUog1kK7/MX
E19anA9JKBEFI4cB1jVSapS6oyxWzQ12cSjaVturSNNqlClSdu/nqYx2j2SCkokR
q7LX0Mi0JRyhc7fihBpjkvOQjWO8kfFz/H/EqV5SWabPUwLbMB2ccUQaHlhcofR5
xx5+BSbE/TMywN/ymHFybr+zfCwEaweXE3MxX0bxN2GK4nxSfW7NljEdEq/Piwv5
GnMIdA3OYKOTxXZPYgCSGE+X93aIimDhGySHR7sHtwdt6CfYyvCnU6dclKsFjx7d
nRRjwetZlzkrJ0hGWYEnia5EzHZ3fesqJ2u9JXFBBAUJWNe2nZk5Sj62kzLfsEab
WC5slugY2Ogghb3qkMJW9LJR8H7aU3me+rGR3UeDMqQyTbzUPnd8+pfBupRUNyUg
m9KP5JPBnDX8s0DWhiIQpQiDO9IlUpaRkVqtRQxernB0a5qHTo71q2BmbYoIn8jw
F5b40UAhbC0kvg9AM/5KDLzTSS7/DCFFDRrXUWW4E4kO70qFbahrFmGZmbBcMg7i
x+h7+HlhNRyEQwgEpsYDiCMna7uigdVo0oD1Ik9BXPrEEqiVx32l8d0U3tKrq285
u0EHQTfpG/LD+jeFW0E5pUPF0CfvC6ehmH1JcNoB7xWvf4YEJN8i9jhYxlwECWYR
Clzk9PlhkJvpMv85Du1jQUqHbHg0/w3uZnkP7sj46/z20YWGVKh53uXWqzs+77ea
x7JFKviVo89fALh3rxxrvQu7LVOdqSOnZ8eZtXqabIt2+k15O1DYCyxU32dbjUZL
gfwFdSn/QsNd3v8X+Sg/+95JUU2DihxNPsKZ0Ge1OEznOaxMm8u8Ry7WU38JUKNG
1XrHcgUZ9fqPvJCefZLKT6+H/BPYL5XUn4yxtmx56ejicSdQqmH8qYgc2nn6bN+4
EzsA8Mj0bAfziRD4sNmTd/pWSjWFx39Mhj+dtmNXS6ksXpl3OERv3ivlSfmkp3+z
egRpGurwB0RH/easzdkVSHYgAtmVeD3yvGxVpDVwlG9bz2pb597KK12HErQmJaCK
pqz/Yvac1qE6ZSm0FgNGVMspY9ttLqYUNEPJ+Hu2aCtOxiY9oNsoWFj/kFCZk4jg
I2khWehwOwq9qw5CwODXPhFnPWbsrheTNng60zeNfPkKG5IKIOmHpsg5/CFijV+h
lCYCkiUU9L9Z/ENd3XA31VQWDeRbFqlPIoCQY/8U4mbrH+zmpjPgYKIQ43Lt9UhT
NiwNs3kBcQ9NGy4AtIKjmxqnkcw1UXpFzLLHuPE44yWZ7d30/nv06Lud81tYDnSh
WNAG6z4PGMbwJKV4NePEnGi+HDHxpE8mg4YLpmN+Jo7dsRZ9zBtLcWayy7crQEjl
uGwVLKtp2K4ssFSPIMmIQjeTPCVWLZYwuHQxWmt2fhcgG+G4WQmHjjBeqXqftegu
bFX1HioRnjgWhC9f9JG39E4QvzxogsomX+X61UneCu8VOhohqOy8eIyFKI9piFJX
qBk02Yij5ilf0w9EmgAvMO4KgX50ofTC05G3g1r+/NXo5ojmcXR9vbHv3ZZQlAaV
9kntSirAyE3Ug6pBc3F1WRDH8WJ/Ysdd3s8j9BQpTn31hkqwHTadsOzCfKJuoGli
UyMCdcPoxMf7DwpX2LaqDcElgqLUzlzJLNtry56eLmbanGKoTgW5IDz2JTBIdodE
hvZS74pHATmajkAxyjUIGWpZDj81R8B8q09hp0kTUQ1sQpbtnvZaAANo1QcaMaGg
oc6l0/i8g9H++kSdZOSpJD++O15/qSklQXVVyDOS1hNCrwv5MCXD/iAIE2XkMZSv
63TyFubFwN8gK9rARSbWEiuzckuyxviAcP7cm6tsPvfQLnyqzC5is3Vv8GNrFPkX
zXigdLGL8sgQV8haNSY4HjeKBn9JwnqZg/nh5Zq2FRJUtH7kZXu57KLE+8QmV1V9
tniJ1081VjuqoYYsFO+JpjjVVex9gG7t4L+UAzAGiu+LHUHCLp/aU63w8velA6h5
kwt440g/Z5guB866OyhNQKb6yeOdOMtb8mycDA33daQvs6017rDosjKj4U3SJirq
nSsl227PCg26jTeNxBxHMJI6SK9KLPitZKEBgV0g6XYa2pldIC3FAQQ76++APlkl
ruxPv+gdd9lgZh/uFsr2+WswrlRBYyMztQbPEXlg7SWQ+xkRZxwK7+2PBLP/z8yM
sFfFBZhV81hNG0xuBT3r44kMnFxY8GnzR7fHX55Mr3TCV42q9nX2XOdmeHA+Nkci
vSuDOO2wH5f9hHNM1otmghimhbwTS/DP92JqOjwZHQQ9KlwH6AJrZ8YXS5xPRf0u
GBMQSpoF3g6nrvvxLM4T/VXVEarXAp2SsVE1L3EKmmxCujqKdEJ+wxf/AdkdIJll
kpab9Mks5fZLkpWWX2GfTC6j8FnnRWKc/fn+GsjFWaG23O7HYzMt40nxw0JIn3/j
i3xhoYoyoPAZZy6Sio46klwjWfn0XjReWOelgRHRIrVwp0uoq2vS5xoFzWTDla3V
scCei1QcMTvgJkXIDCYG+MZC7TrzNFZf15eOBoXODnT3FQjQcgxNMpiLcuyQ4rj4
hgllV2PjIdkz+MV0rrw3fTX3lVULU0gb1obMog6fUGKabTPgB10rBhjJp2luLyyK
K+siCjlOdEnEgyGoDvYdlaVuDbNhcTUl3kME83+0VoUPFaznTOumnRuVBUxY3scY
lsPe0rHgPu8uhJTbF6/mBHHZwX8EsnrRKCNWWoWdfJ055oyv3NgLSAJMT3ZLoR/l
eUN8f6VEN92ACF9d43j5r6XoeMJJExgi6Lnq+fKdvgbePoOYpN3kdbFQTaqIdeKP
pGMr5lBzW/MGg47EAbwqOd1cMYWCTEjVwhyF8nnfKNcvgVEHcbZ7FNZh2u3vGeqb
zUzDzH7nYtQhI8bJ1TxrS3g0jWnEq0K/HElNtY2uz65q9kbrwOL05hFrtTMsJBBV
L8IUsPy9m4CArNsJ+uZW4rKyw/zZGRmcy87UiCkmsKLUmjzhJSPI6ySxezra1WqW
eXP5mVK1KgLcR4yRpPfw2+DSeMz4wUi80wFR/mf+q+F3Pm0ZxTU6WclYo0Q0bHdL
GD/qNfU21GQRnDo3oob0t2obPVKYVCKNp33/A5KwwAD93bu1Al/vQ6H/zdMwxzwv
aqJog/voP8aVQUHx9demRIpYqj1v8M023AYzDwVbcidIT2tupNt3HIUjVuUCriuK
ZI6i02rSYN2n+YCTjuaSP6+9GzAktEZAeJoS7L2A4TKlCpXUawo1Lyu6WXiC0ipi
124DZg+ibs6BL8nHv1qy12D4yb8NV5qg/xY/gP/YDymLYGJMiUGUGjt33GwZd6Jd
G0CQfDGJekYYWkFyWDzBUuKdh0zHd8ZVd/swhx82bZz7RDrxYBt1IzU3oQwgvxjf
eEHVWX+NcuaMeZuhLKahNApli1mQ+ReY3wfAQey3zg1pYrQEHEGtoYiwDOageAD8
0CcUf6ZqoY3Mpn+qNwX95P09L+GfGK+WLJYyoUp0Mv7IlEDYpdQ28rowkRldB+ba
lt2dPacRH0xTglUXz1JzjvqLOYtPqfF0JQtYFHziTesBJf3tlhQrErV0Qb15fNAH
tspx1xQz5pFHTmCv25HBLeFO4I2Yy1aLmhjREVTs+lxBYFLjb4vV2z1J2ZypXAsg
Ydi9XTH49kXvMSP3Z4CpYzGR06xhEgUC26Rjn87fvFrTCchhRbcQkwxTxu56xQaV
qlBMTCIqKtNCIQwCz8CQey2aPkbLSY8DCwi2Idgy11NUPk1UWjgAYbC1oSdVnXaE
GarLMjmnJm26+ckeTBbMZH34Hw47+6YTirY3/c/cNIvichCMKpamJcKPWWFXpMps
FW27hjKNJ8Wb1Vvay+Rph0CzL54dntxioiPcAxeLA6Lz1l23g7aUygIZFfrb7VNR
Noh9yUrhzsSG3O8HvMyrF+iT0srvD/oSQHz2CasCgN5xz6X6defNayLrKwwIRxam
QNJ6xMFD+5ZHV+E9xaobzlBXY0D/NPYzeTF01UrPpd+o/qB8WZ+qlmR6YiV5KxM8
5CcjvBWhtSxqOmJXpyzhy9Pau8wVe6vGgGFxFeKPDGxQAoSCOW+5xXlg7r6BljZb
Tq2IIwILTcmJ7p7Y0JmJC+LVGClYETX+gt841A7wUMtZB5pgg2NVwS5oj1zOHLc4
GF5RvxsCdM1lG/7c/d8WTPSsIUXjmMo1uaoSPT2licvPYYab7p310GIxgokIpAjx
LDAknzbCgaWRVprPvbXMpGSDrxiW6eKj7/ZAl/GdK9wciOElICwAoDF2Ku8Y4N21
6QdVQ9/z5pXVAzblHBURHDZ+fv/4TlRDEbmNKk8bjcUj9EB4dUF7H7HlMHRUAGMj
MNKumY8GdyTqlQ2CLneUpq4YHdkeMU0H/lC20fRqLzGiuQ6+JUZ8lS6dd4fK4zM/
0844Eeq0plCtB3ptpK9+Al4jmX9deiVHs9S5rxkRkQXU7ghUC+Ovg3t8bkq+Xdg/
LCQAtc98/lGTgYoJUHblWZmACYowoQZeMHYofLgogXPJAg5rEsdxRuW1lOUn9GHG
9Q6yG6Qxo7+17jBQHbJk8MVxnKa8Vh1IDHyMS4KAuAJc3kG8xwZsPQHcJX1H+S8o
Me2cTdBNFFNkyKXcY5l4nOK9Leu+tGGsRjOJsI5bek+PKfzOC+U+nUJ238wnNcxe
sIklj4GOuE3AmFEoaqAQM9/UZtBtAIDmcqgzF1bAHtf1bIwMGO/etFmQzB1EgKMd
5EQXHRsWsD97k2QJ5SqzQslJTy6HTGWtMW85RKJPwE8d+Re4uZ+uMYOjm4pHV6hE
lmkzyiqw849RIwj+okEH7amdDS0vHI0U8n+hEJ44vUPpOSV9Zjsg6h95YwHb49rg
fg5FeKQC1KDJ3NfWy3KyjcnvblFAY+4U2tikqVTF6gHuKLl4uRqLe6sRIoHcYPjN
D+2ylKgwRyGtvMSJQ2NzFXb+eIz5F7PrqtUj+KKZ4hyT5qI8GL00/YBuFzQtR3ts
HU7A/aICewOfa0hvgTxok0OWWNPnYQYLcxBo251otY6eqHWacLqb+0rQyCE1irwc
KqEm5uTWwM7OEuUnCc9Rc8P3+78U/zNo42kz8Xmr9QQNA9u09zWKyYCGisSlou0K
eeaaViMiq0iBoqOvCYVxcAPUFLqFa9GlQDKweGeDXcobSI1LAa6F8lVUe16EU+I3
0dcgdsn05ge1tikSoBm635OM2bsXUahKXslzZxlwuZC5gDRyHW9mt8SiRcDBw1/k
+0I2G7Te8u8DDYbrRQay/g0OdWEoqZJ8HRXSgK4heGd9xtYemfvZcSvLDfSGr4Zm
x81Qix6s9LsWhHXx6EEem6xiXEfG/UoUiqToBTg+o0vx/3IR09Gtm5Nr7Kspt/AJ
RCuhq5nMp3tFWtoCpXem6CC4GyTew4wI9U8sv82Hzu9J7IeZuHwqgHvHqUm5if8+
Z86qkKjfuaatH1EHcahU6KvCY2fKTkw4k6ZZ1gb+A+qExuRVXoJ6lOiuzlhkpJhX
4JwV3ri9SjfND3aVDQnBKNdYP0LnVmJdOea+rh1Gj0kIL4IYa3TQoJzK4IEeQt/P
01/wDTLyzmX7BMTP9KLol/iO8ZbeRXefIva6CHVnSNXaJrk3rQ2LVfTJA3qE1Aud
BpJIx9DLYm5cyCD1AJIF4h44TXo1aek5WUFQoJmNM9QdKB1qwrB+oIAhAwT7Zwvr
Hdt99I98G/kyehjuJoJ0RNvJM9LPDgquYCW1jo1sRxv84cYM5/fGdFoDJZo0T35e
E+0WoNjrwQwJv1hdFATH/TVyqFOh2aJ2AXpkpf76h3b1gY9MhzNFVX2uhdMv5nU5
mjYVX6/HLdS5FsjUaDZa9DoYRqBJUv+2W7sPnf3mCvrzyqMP2IAbcSWOnHKovU4S
5JwF698f/nF2zpuAtaAo8CScFO40LNA1WMiOCzhGpaBneeytIUVREtz2zyYMTCSu
h1sP1UFReIei+mAiY12DRVrcVgrgCohoxueJjjtYCBsBv9Vgq1DNohPekjLbC+wd
VsQW0le4xL7OhJTREoW4jhoAmip1dZIp7VLNb5R0yXyKdUK+uRsiccz885vrUSer
ux2LT6mcutD64Y9drHfh1zRh2w0/NW+JqUupsOpUi9uNzMIcZMWrJm+F6ydwLuIS
1FCR121ku9lYhlbFhI9j84JdJAB1XG1l8gi755w/Rh27dxmj3r24iq4wB9Ozlu32
lix5u2oy+nSU/EHwbayAtiLeSm6FVNxzr1AO99xgTDkm8OWxCpSjqznzWffI+uPq
SoqL/FjUUV65GxqmvnN66kGPI9QeX+pmHA9DlsabqWgy2zQKmK5QQfRgOloU+kIG
Aq5U6m0FKBJILTa8gC8h4HbuacHiW9w9wiBFd7Nur6/ZhzZz+CFlyjlolu+SWfbj
M7mpNDtOfifB14SVjHwbupb9mwaToLe44llHrX860x7MTvR7AJZ4e9ATb5ZkOiVA
uzJiLcJbunOsEq4moIHDlPw4xs4U0+6N7qlupHeV1lx9mz392+9RW8/r8nZRkO8g
NBr1VhambZliGNjAF7gS+AoyZdSFHvjyUZ8dx0Tw4qEGvUparsp2MKHqmF0+29Ty
GkOgetOL6bcoW29PkhnodKSscod7sk4C70hJBJ7RrJNlA5YuwrWzokeD3rjEzqlj
dmRN2m9DQnXNeHKsxEsCkgIeLZVsrCxMVONTCrdfQnKnzZDgtoI4EYFfEElN6qQ7
v8LtiJyqtmYSPU3c3xb+zsWtElso+HfHELrwsY8ge485xBwtGTGKZtCcxsKtj97X
gb/4pfvziajCLU/MWnE4fzQXPjXk8NEQRdk+EsgoCOxnTPShAnW+MDN143ndDN+J
+BuTpFVF/duO+Vobv3N+3dH+Qd1qhui+q7R+ojXyp516X0IZCKr6211hAGgI7i+y
Z2RGCHIF3AA3ncH/An0X0RHgQi7ZIoSGDoHR2v0blOXDBNlzRXXiVEUGu1XuBp/o
BDnnXqcLT2Nng2tgdu6XvbIfgdr15/zrwKEAbG3yJa2iGsotgdiu1DgU7lfktlPq
ftTzg2nvDkTGT86AsTQNM2ClARtAmQnul5v/Oo926jCr+471rEXfN6Gm6zkwwoAG
ZyE19pnIaF/p7tczePNgug==
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-and-encrypted-reply-over-a-complex-message-header-protection-with-hcpbaseline-legacy-display-decrypted"><name>S/MIME Signed and Encrypted anchor="smime-signed-and-encrypted-reply-over-a-complex-message-header-protection-with-hcpbaseline-legacy-display-decrypted">
<name>S/MIME Signed-and-Encrypted Reply Over over a Complex Message, Header Protection With with hcp_baseline (+ Legacy Display), Decrypted</name>
<t>The S/MIME enveloped-data layer unwraps to this signed-data part:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-baseline-lgc-rpl.decrypted.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
MIIUpgYJKoZIhvcNAQcCoIIUlzCCFJMCAQExDTALBglghkgBZQMEAgEwggrPBgkq
hkiG9w0BBwGgggrABIIKvE1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUtbGdjLXJwbA0KTWVzc2Fn
ZS1JRDoNCiA8c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLWJhc2VsaW5lLWxn
Yy1ycGxAZXhhbXBsZT4NCkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxl
Pg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZl
YiAyMDIxIDEyOjE2OjAyIC0wNTAwDQpVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZl
cnNpb24gMS4wDQpJbi1SZXBseS1UbzoNCiA8c21pbWUtc2lnbmVkLWVuYy1jb21w
bGV4LWhwLWJhc2VsaW5lLWxlZ2FjeUBleGFtcGxlPg0KUmVmZXJlbmNlczoNCiA8
c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLWJhc2VsaW5lLWxlZ2FjeUBleGFt
cGxlPg0KSFAtT3V0ZXI6IFN1YmplY3Q6IFsuLi5dDQpIUC1PdXRlcjogTWVzc2Fn
ZS1JRDoNCiA8c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLWJhc2VsaW5lLWxn
Yy1ycGxAZXhhbXBsZT4NCkhQLU91dGVyOiBGcm9tOiBBbGljZSA8YWxpY2VAc21p
bWUuZXhhbXBsZT4NCkhQLU91dGVyOiBUbzogQm9iIDxib2JAc21pbWUuZXhhbXBs
ZT4NCkhQLU91dGVyOiBEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjE2OjAyIC0w
NTAwDQpIUC1PdXRlcjogVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEu
MA0KSFAtT3V0ZXI6IEluLVJlcGx5LVRvOg0KIDxzbWltZS1zaWduZWQtZW5jLWNv
bXBsZXgtaHAtYmFzZWxpbmUtbGVnYWN5QGV4YW1wbGU+DQpIUC1PdXRlcjogUmVm
ZXJlbmNlczoNCiA8c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLWJhc2VsaW5l
LWxlZ2FjeUBleGFtcGxlPg0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvbWl4ZWQ7
IGJvdW5kYXJ5PSI2M2MiOyBocD0iY2lwaGVyIg0KDQotLTYzYw0KTUlNRS1WZXJz
aW9uOiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L2FsdGVybmF0aXZlOyBi
b3VuZGFyeT0iODAyIg0KDQotLTgwMg0KTUlNRS1WZXJzaW9uOiAxLjANCkNvbnRl
bnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQNCkNvbnRlbnQtVHlwZTogdGV4dC9w
bGFpbjsgY2hhcnNldD0idXMtYXNjaWkiOw0KIGhwLWxlZ2FjeS1kaXNwbGF5PSIx
Ig0KDQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxp
bmUtbGdjLXJwbA0KDQpUaGlzIGlzIHRoZQ0Kc21pbWUtc2lnbmVkLWVuYy1jb21w
bGV4LWhwLWJhc2VsaW5lLWxnYy1ycGwNCm1lc3NhZ2UuDQoNClRoaXMgaXMgYSBz
aWduZWQtYW5kLWVuY3J5cHRlZCBTL01JTUUgbWVzc2FnZSB1c2luZyBQS0NTIzcN
CmVudmVsb3BlZERhdGEgYXJvdW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBp
cyBhDQptdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGlu
ZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgdGhlIEhlYWRlciBQcm90
ZWN0aW9uIHNjaGVtZSBmcm9tIHRoZSBkcmFmdA0Kd2l0aCB0aGUgaGNwX2Jhc2Vs
aW5lIEhlYWRlciBDb25maWRlbnRpYWxpdHkgUG9saWN5IHdpdGggYQ0KIkxlZ2Fj
eSBEaXNwbGF5IiBwYXJ0Lg0KDQotLSANCkFsaWNlDQphbGljZUBzbWltZS5leGFt
cGxlDQotLTgwMg0KTUlNRS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHJhbnNmZXIt
RW5jb2Rpbmc6IDdiaXQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0
PSJ1cy1hc2NpaSI7DQogaHAtbGVnYWN5LWRpc3BsYXk9IjEiDQoNCjxodG1sPjxo
ZWFkPjx0aXRsZT48L3RpdGxlPjwvaGVhZD48Ym9keT4NCjxkaXYgY2xhc3M9Imhl
YWRlci1wcm90ZWN0aW9uLWxlZ2FjeS1kaXNwbGF5Ij4NCjxwcmU+DQpTdWJqZWN0
OiBzbWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtYmFzZWxpbmUtbGdjLXJwbA0K
PC9wcmU+DQo8L2Rpdj48cD5UaGlzIGlzIHRoZQ0KPGI+c21pbWUtc2lnbmVkLWVu
Yy1jb21wbGV4LWhwLWJhc2VsaW5lLWxnYy1ycGw8L2I+DQptZXNzYWdlLjwvcD4N
CjxwPlRoaXMgaXMgYSBzaWduZWQtYW5kLWVuY3J5cHRlZCBTL01JTUUgbWVzc2Fn
ZSB1c2luZyBQS0NTIzcNCmVudmVsb3BlZERhdGEgYXJvdW5kIHNpZ25lZERhdGEu
ICBUaGUgcGF5bG9hZCBpcyBhDQptdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2Fn
ZSB3aXRoIGFuIGlubGluZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMg
dGhlIEhlYWRlciBQcm90ZWN0aW9uIHNjaGVtZSBmcm9tIHRoZSBkcmFmdA0Kd2l0
aCB0aGUgaGNwX2Jhc2VsaW5lIEhlYWRlciBDb25maWRlbnRpYWxpdHkgUG9saWN5
IHdpdGggYQ0KIkxlZ2FjeSBEaXNwbGF5IiBwYXJ0LjwvcD4NCjxwPjx0dD4tLSA8
YnI+QWxpY2U8YnI+YWxpY2VAc21pbWUuZXhhbXBsZTwvdHQ+PC9wPjwvYm9keT48
L2h0bWw+DQotLTgwMi0tDQoNCi0tNjNjDQpDb250ZW50LVR5cGU6IGltYWdlL3Bu
Zw0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogYmFzZTY0DQpDb250ZW50LURp
c3Bvc2l0aW9uOiBpbmxpbmUNCg0KaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUJR
QUFBQVVDQVlBQUFDTmlSME5BQUFBY0VsRVFWUjQydVZUT3hiQQ0KTUFnUzczOW5P
M1RwUncyMGRxcGJmQVJRRWpPeXdpd1luQ3RrREtuYmNMazY2c3FsVCt6dDljaWRr
RSs2S3drWg0Kc2dyemZjcVZNcEwyam8wNDQ3Z1lEcGVBcmsrT25KSGtJaEFmVFBS
aWNpaEFmNVlKcnc3dmp2MFpXUldNL3VsaQ0KdmRQZjFRWjJrREQ5eHBwZDh3QUFB
QUJKUlU1RXJrSmdnZz09DQoNCi0tNjNjLS0NCqCCB6YwggPPMIICt6ADAgECAhMP
LSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElF
VEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNB
IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIw
OTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEX
MBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFC
rS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165e
rnT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc
1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5q
DTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf
58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/BAIw
ADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21p
bWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBSAw
HQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEwjnwH
Fwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBakDKU6
8ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdaox644
DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Nar2in
C0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtluLih
ne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK49+q
YC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vRhZjV
D6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0B
AQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UE
AxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0x
OTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjER
MA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4
TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7G
xVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12
DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkN
BR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR
+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQAB
o4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4G
A1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUH
AwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZm
czAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0F
AAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd6
4roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIjSo27
PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31
wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnY
xs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgN
G/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UEChME
SUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBS
U0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6aqdcw
CwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG
9w0BCQUxDxcNMjEwMjIwMTcxNjAyWjAvBgkqhkiG9w0BCQQxIgQg4f753q+skjOT
bEsl5q6WUySCAbgxotWkN7Ci2/Q7J9cwDQYJKoZIhvcNAQEBBQAEggEAiUGuCHAe
JkzXXnkH3k8yFGtEkkMscuC0JOPwqnxHzILBDYt9udpeParT/drO0VgRKxCQ0mxT
sz0D65erzo+ZXfuXC5+Q4hzqdNkQhC8Vi7H2NL8KLsBrXNLZtG82xco08fTKTWVq
c2HwuAPL0+Yh+fTfqrr5oRnJvPVkTxl97KxTA1YNQh/s+Uuacumnmr/3iuHwjubd
+iesA8wZ9RWsmeg4FGUzaVrTRIHj8p6YQQYJcOomV9GuRbjUzMVTL/fOB0G6Jho1
aq6nGVcsoVTMIrH8nJv54eHQtWtYFBJI855oDbkIS4DxH0wR5121BayRN7MgC6q+
H+cJTAZUD2IF7Q==
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-signed-and-encrypted-reply-over-a-complex-message-header-protection-with-hcpbaseline-legacy-display-decrypted-and-unwrapped"><name>S/MIME Signed and Encrypted anchor="smime-signed-and-encrypted-reply-over-a-complex-message-header-protection-with-hcpbaseline-legacy-display-decrypted-and-unwrapped">
<name>S/MIME Signed-and-Encrypted Reply Over over a Complex Message, Header Protection With with hcp_baseline (+ Legacy Display), Decrypted and Unwrapped</name>
<t>The inner signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-baseline-lgc-rpl.decrypted.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Subject: smime-signed-enc-complex-hp-baseline-lgc-rpl
Message-ID:
<smime-signed-enc-complex-hp-baseline-lgc-rpl@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:16:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To:
<smime-signed-enc-complex-hp-baseline-legacy@example>
References:
<smime-signed-enc-complex-hp-baseline-legacy@example>
HP-Outer: Subject: [...]
HP-Outer: Message-ID:
<smime-signed-enc-complex-hp-baseline-lgc-rpl@example>
HP-Outer: From: Alice <alice@smime.example>
HP-Outer: To: Bob <bob@smime.example>
HP-Outer: Date: Sat, 20 Feb 2021 12:16:02 -0500
HP-Outer: User-Agent: Sample MUA Version 1.0
HP-Outer: In-Reply-To:
<smime-signed-enc-complex-hp-baseline-legacy@example>
HP-Outer: References:
<smime-signed-enc-complex-hp-baseline-legacy@example>
Content-Type: multipart/mixed; boundary="63c"; hp="cipher"
--63c
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="802"
--802
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii";
hp-legacy-display="1"
Subject: smime-signed-enc-complex-hp-baseline-lgc-rpl
This is the
smime-signed-enc-complex-hp-baseline-lgc-rpl
message.
This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft
with the hcp_baseline Header Confidentiality Policy with a
"Legacy Display" part.
--
Alice
alice@smime.example
--802
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset="us-ascii";
hp-legacy-display="1"
<html><head><title></title></head><body>
<div class="header-protection-legacy-display">
<pre>
Subject: smime-signed-enc-complex-hp-baseline-lgc-rpl
</pre>
</div><p>This is the
<b>smime-signed-enc-complex-hp-baseline-lgc-rpl</b>
message.</p>
<p>This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft
with the hcp_baseline Header Confidentiality Policy with a
"Legacy Display" part.</p>
<p><tt>-- <br>Alice<br>alice@smime.example</tt></p></body></html>
--802--
--63c
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--63c--
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="smime-signed-enc-complex-hp-shy-reply"><name>S/MIME Signed and Encrypted anchor="smime-signed-enc-complex-hp-shy-reply">
<name>S/MIME Signed-and-Encrypted Reply Over over a Complex Message, Header Protection With with hcp_shy</name>
<t>This is a signed-and-encrypted S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Header Protection scheme from the draft with the hcp_shy <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref>.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 10445 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6716 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 2273 bytes
├┬╴multipart/alternative 1116 bytes
│├─╴text/plain 379 bytes
│└─╴text/html 474 bytes
└─╴image/png inline 236 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-shy-reply.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID: <smime-signed-enc-complex-hp-shy-reply@example>
From: alice@smime.example
To: bob@smime.example
Date: Sat, 20 Feb 2021 17:18:02 +0000
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-signed-enc-complex-hp-shy@example>
References: <smime-signed-enc-complex-hp-shy@example>
MIIeHAYJKoZIhvcNAQcDoIIeDTCCHgkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAHlYUDAZJtrARL+kRtiQU4vNChzIMY4Kq+ga
tvbsejCyWpPOJ6bCjx7IuyFyTQzpi/rkcBdyphDz/sEzyF68mAtFvGBHhV3wi0Bw
V4+TCpXHio01a1fDbWQTmIRhNoT0CwkEq2AWzMerjlPk1YGzRWQ2F8v5conRtN3l
guvkXr3vyaD2wbq6UYIw/x16vTfEmqFVnRMSsdWdqjVrrPHTTVytUI5uBhKq7f1C
dWt7nVOqTglW8WKB0qgABKT6E7PqafUzXMBu1EmjFhJyNP4rrQYnY97iVbPnUyyz
SUUb5pLZ0aa/opENPk5rhCQnb4eEnbGS9lu/dE+6y/I9/l7eGFowggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAh+lzMZeSWj2T8iddrFSZOoV1
VYyCijzcJJEp4Mfq3Ta/ln6Z8wAvgJAuFaph1mMGKX1iZIN48te6SmQ82IyBqvkp
m76opxs26OnNZ1sVvwhTIWzQjNUY4sxTF5UDTqKuLAcrOBPTtVvgsJtMi4rWDbW2
MbzSy+mxyEWlDkDZ0/2BXgEVXNmBgJ5qUUMF+31WixM9Y+iN9kF6194V4TbBQ9U4
fksuKQliK+eOXqaZibATxgn8B4arubpnHFw0bjna2bMkHmQs/eT3VEI1RSF4Qg3p
FvDzXC/jHqrhbtnQkR/zY8bpNDFEiBv3e+myGaL4CsnUOMubx5tkhP4IzWXwRzCC
Gu4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBjNxqRyzAx39GzHbZO4CwOAghrA
KwtFLWZ1Im0uhZJ/SZ9TDEQXGF8Bt5WnyCp3PC8m2ygxoui8y0XLvH/X353IQzHv
ituNJd5CN8m6RWSHym7NGYwifFciv/usZk1/pvp+jVzvFW/GAaea3oyksAYJz4o+
y5IG/TFykybUNyDKEtJ3kMS5D07rbDgGJn7qoK/7rEbTsUf1NSIEdVkfM8SEHKOi
WdwV8uOJ59d4mx11uOBU7+VOVFbo+YVPBHuJYJz4U6Gp48Tu3IdAJQS+PPmY6IEX
+3rE1+jcf0KXxs7PRjZ684uwteMkekMEehxNSQg2HJw5W9hTtPI/qSdCfx1egfR1
+Lcj+sLi4fPXK8cdo2Kc9qGiRci4PRSLxsNCRX+Pk+YrhE1/L1x1Q+O6GmVR7XYc
fU/SOPL2LO4jFToHu27NF1lT7s4diVsWXl0Mn5umgo+cOBNGdAM6Thh50GuygOlQ
xI0VvwTbhNE6Cm4g2okhIYOj/Ko6SludZXlhCCAxsnG+80b8If9CjwVkb1dv8DqJ
81NPoiSaJj5RCbfNy1RE20jLjkAKzancfCXIzuBuReQaUnVkAHOh6Aj4ixx1awrX
F8hJm+i+WDrnGhkb0zsgR5n9zlIagCfiS6JWZ+N/lYeoeTuoS3dNPEw6wUXmC5h0
oXpJHD9URuOScbrQLF5Kx34B1Ppk/WVRJLxbSy72sm+7wEHOC+Ft200KofzJvZ2N
Vu5f18qGjklYSmJl7/jNVR6t1G4bN5wNIxZbdVeKWDvpv+iCFXbBlhSu1M3x9Dqj
zfzfTa02JlpHZhtxNywOa0OLFDQsbLyVYWJlAKG7mq34m4jKSKWINnbkaeMo0xEN
l5QxwLXbgrE8oeYifgeEsdV6ep7jyGaLFOqU5qXh5PowHiXAIWQO6FI2VVJwmjST
xmcm8iX6sGUffC+8C5Oli2T9whpkoj2RUx4udm2e29TAwHgCIOuwwKGIws3Wusu3
fqhYuzHCPCXqpqsfuJvt6l2KUqhAdrdPOYQNMbef3Pyh95qvHCtln/pNIwDjJHRC
w+BjdZcDIv1XOrAYid6OxFxJL5vjS9/NLG+TD+G3Th7a+TOItnK7RHjff+CSMfi9
68ismududaCBb1okq1yWJiQLxSJ9ozQnwC2Ic933DjXnFkw6PIgade8pNM6TM96X
NmN77vF0uKCmMoC5MRGk7FY2h1iQ/w85AZyUL17BRcUL8JH8zyaTMAZAP6Q5ejK/
XM01usJFBJiD6xVtMeqz5Efl8st6J2bcC8FEg22OEQELere/FkTw69i5XZGBZNEa
nXy0zF3wQUujqz/XHH/x33AEvjUfbkdJRyqPQMn0poM5NplvS7GVaii+TqdCgdOu
T3ROu8TIa6tsoWHMk7txFQnAVVOMij/F97vJQZa2ts3WK72I6S8zMpkx1kWxwzhq
Ov7ksP7t7lfrNHHFLSc3GqzcNwejgstoY4sS0JEuInkqCqAX+tC0wVmLGa8IfhjL
mYhFxSUazeWwcG/Q9na0ynI5X3z/ccLaUYuI590SmGjYawS5QjDj23s68OlSEba/
aNF6/7Y9JidaDJBXqFABRXlrrCqZ5l0OwvWnuuPX8daVas0P3b+5Y7YHZkG+6tEo
x9BhJ1ZpZbMpK7SxMTIZxEhSq3jjsHAuISceOP7FNWvnrrQKulD3eV3ywqrXeI5W
8rEukobJQgZrkOPPpHw2diFf1bk7YSfWFNk2iD1x0o+5Bsy5XrEUyrACIKzKn8cT
4jUMw/G7hBQJdrUlcsMtb65lEGP5RSjnzNFOksBYM0+Uh96xPf5FuF6B8IOhPrtv
HoDsypNnLNPLxc2I/RjjIjR2rC2vkJRwcnG/x2F8JztPwRrSQhgKkopaGkTLY89h
Dd9u98WAepIr9Wj8DumN3a1fcrsDcDOL//TuSepd9juMwKkTthvXa6fRcjJ2oxNC
EZLtwLh5wkfF7IdtNVGig2W02ykfDcCBq0TBdcTXTEJNjeGDUhAXFRwYB9rmm4nk
HkxXKyH2sK3JiUcEGREIfARSJfxAGU4oP328378006QvIoHGHgIP3DnsBMKsOJkU
2KbBAmT8T4X61x2Me76idmwJPsP+hnE4rPw9bKdn5u9eYlU0F25VoZgln18qJq1b
C6brgQTszKSHlgvy81ug/wV3PCpz6L80xW5c5J7ig+OWwb2tzfLMO4F3Tvssqp7I
MA8JFsHSF3pgSuEGenTZxBpR6eTo/VSIEI2rPrYKik1D4MxNzuU10ukL9FCYkWb/
Lcorm6OhJOPtcvYp1iJJx3MRtndalHNw1lMdVXEbJErpKxhSW/pgaRrCdX/I2prO
pZMthLKOwl73HAWYeVvGU3scA8mI002KGGFCGJvp4IbbQ4nf0f3M6hcHqsum6cRe
LgB5e02U1nA5pKR5iWAiMkmXWUTfzCZuYAOaBznTvA7zHNNf0BkQWKgieZjyckVb
8YaObWSsr98oha6hUOPCfdBtajXL2JrphGXtBc1DVLLf4VTgy+clVYZAXDdiD9Ov
KGrXftO3xo7cU2TIcFFq/ZbjWJud8Aj+s6jacBjjYoLuNBiNyWMVINjDviHA34rZ
XSEV5J50nuQtfUP8257z4UCqwk+ABJRW97tMxO1Lo3sCOi+Pyh+c2CdxvUFOt29i
okI9N5cc2aatwNHg3mHgkEhViDuHXF1v+WFFwjqB1tIY+amUDZsSnTAjXuJ88tAk
iuptLA07DzBa1Z1CunbQwddIgryiKrzw1T7b5CBaqpugg6V49pNNkXEtv0MIxRO3
QVaxfFns/ft4dXxKEBmWdj5AMekWDCG699IIAtuM7AYh59g/qRnpkZSSBluUG2zS
wvQi1iUhK6U0Rf9O4+cWfCIvZuL/FUAToUq892VsVrzZObeyLtqxGAM3yfO5jPpZ
yStYhYt1HWtX7v7jd6Ni98dNq+3gmfpq9z779aTxIckL9myqTNURGjrNyXf9lmco
qauyW8MagYn7U/Bwtax0h5qpjLqcmOPUGo/TmPmL6MN+znzxRLBsakvDNED4tARq
2QYkoR8HLKvbp8q8XBtf/I/23S1qEnqqprnotd0oRgaJUw8Z/QyVmwC3oxVlVQYV
c4391fZLwnVbky6v54ynmtjIf9HLNCl3fIA3p8DF1mzGsZidD4WS9WCIUOx/lRqT
hu1M9VMtKoO1sCJ2u2cmF3aYxTFbFH4j92zXv9ugW1EpY75AgyklIjExyIYTUQdq
PVLPsSG8HXnuoupDb21hx8WjIJCLz5hprxKvZ5UimjsAHb2AOcpIyhx8pfiPohDu
QL11dDHlRckYPBBm8cAsIP3NAKbOcIk66q+4xMPqxEoD6qXI0yUW22dju42PTT8+
MgpMRf7IOjlJ+cLoE9/QUcXCTxHOAbIQv7O8dLdfRY7H+Ssci6BS40G+SYpcGDTa
OTJluDN69HueqqfA4iCCJm0Et5AQ5wyCx492pwxNyeUdRxs0PMfiDAyuaAxQuLww
25u6R8adQG1x1+d0sotRg96VBNNGw0T6Tx4CFtu58CIWOEtd9m+rRoyKM7VodxSs
E0Wdga6CW13JOOlcm72S5BRJeBkhDQ446suFtiqjMJhPhS8nctY8esx4wEd7VhF9
MPmwaxlm54LjkSJQ59oXtQxiw+yQbep6uR4AaE2SMktz0TzuPtmILlHb8njC8GCM
7bDvosP+ja8FjF+hAw3Cnw47itF+ZmVGxsWmmt+RkiQo54+4uZ3Xi3IZm2/AM0FY
5TDElYiMK3KWai28NAnThHbl7mrKrJ3Y4LzImYW7sVK6Lim/lQq2QOwTFYs9LYBn
fRoFT0NuVtteN3eMa+ERIKCVBdunP6c6ufF4OZL/ltKGP0gko29f1EIl3R9VH0jY
Rvq5pa79y5WkihPUngA2rmZz3IpREvN6wE4c0rix54QBklaz1yW2LMVYXnI2Q0x3
ZZgC0hz0xjYqY/YeloXR5pPz24CJAbrMSCqAhtohYDmkTJUv/ov5YKvE8IbDvUVu
fI29aQ7vh504eAKG9HVK8nNV2GvuM/+32LP6alvX+yIUKRr6BLyt7H6lw76E1BDk
pgxMmU1EpPaSo3BTI8eALDTBNLyGOK98kZqXemnrYbVAJgMS2hUfeyZim8tFf5Ws
BMKOP14SoK0Emn4PJXV8A/2XMsYpTZz9nWGX25HKaXhaAIZGaB8D0Askil37VhmK
LGe7dEqg/CHIS0ydVCOCqFOdsIYVqpCzpO2XpbToS+kNoY9T430bUwIq7rdDRIWx
PUkgE8AIP0k8uqI6wCeF4giwUOjhjLj4K+ein293xEwKasXD+o7HNcyvluFt3g8F
s0eezk958peq4R2Jm4KySsuOsPfeq8YXpbdwpZjXRkK2sNQLiKLmBsrTr5OtJoQX
Paaut5ZMi63Pln8eWMfIFJ1/7lmDPYeTGOzrbyQXg+l111HKgsuBkrlN5iZuuCvk
sNgGhW26zDpWf2IXxOnAdby/+6ZvCh2PzTO94n9y5yo0W0UfoUK3RxHfleEcsdHq
3X2/utJZhmM1W3HPxyW8ClpDxkXKnTHArjRVmu3zCcUbeEJEGc/c9pmyzx0NEnlO
2yfUuM7UYk0sLCcMqY+8UNtOeY373e9RYx/JtRSnYzRQTOI5UdSGdug8fBMc1wkX
dsKLO/SP/xXo3J3ArIPesF+j8hSJItarYc1RTpcSHuqTZ+QbfXB0fqXIV9KJietb
3ufjGwvYIRv6fQ81rICQW6TeCRvLM8cX5PtPiEt1rQ7lc9BKgpqgfxt57nsd5b4w
T/nZ7mM/ks2m6NO9KxZ2H9QYSCCo77MbQCbxdVxhRS4aDUec1gkTQHLSdJDnpRSf
nO6JxmqSBp90tJ+LDHS50G0Rtlv23GQ1yrL3nWnL9S6s8ohFGlokNl3tgWYQe8Ek
YwZiyGw9Dz61JQYO6QWKWYkqfblJZqlmoZPxDJY42PqXz5gczGTyvorOXkapWfVz
l5OJeNPNQ7dZVqECSUh3dqJ6LxEPYTy703my4BPIJLt+ImT6bhFDieig7cf9oxqR
ZXeSphW6lKYyz3yFpQ+51E6/ebZtejvIdxn3YC65IogPRgdNmrx8AWuzQR/SR5/6
oiO2YjKc7BwCaZVTcGXHIOYbzplraACMCrrgz94XvbaPZ3WX7AbJZmxekAqMdQR0
i/OxyiojevnNhr1hfBTCagGJr3UiTKnQzYFBplNphHq9Je45v78N8A5ZjZQIeThg
pAPu9ZujQIeGQxWKWfsWIAKEmVUFiQ+7WDBf8GOFCRZLqUmitSNP72q5r6Ao5QoI
OKjIpF+QB1lhqQK69Q+Td/Q/Qsxl3W4OE5p+1qZNhJDgrYneZBxwNy3BU6GXQoCI
gxiAonb/XB33G463hDEui/MbuVvsM0thgFgvzko6wIIIcqrXYbjKsubVKeCWMs2/
O9XDeJeZjc2psmuUiOLR4OU+7mlE9YhRmITxkztlL8jJigSL1kmyTMz9EXHndIXd
7KZZzML0gdy7z3KaPQyPO2huJXjHlM5+Dd/+FI29S9uMLAQrXphJEsKHpnEtK6D3
H/5rYHV+2qWYEjI0cPnf8RzYkK0H/UI53zISf/sFC3zbbMNBC3+SPH2K73EjpWaz
zqkYDSWy4pfEn1+maXEaUbbgZsCEE7Jktj2TS44HvtL61UiRnbcPbwEZbn6PMKre
9vBpBrLJDpmIsbc6dHMnSG16+b/Z72orc1933yBuq98dZltlm7V4R0AqWHrcH5Rx
oXn5UpvZoqlWU0ounqRQ/DPnsPTPV/6fsQFu++RfrzkossP8Ukiy5VhIQK3LUf3J
PX+htDHqZg810yoPqj2Sr3tTeYqFeIefaJ3cJhp7YPICxJetCXGssGnOTtl/b+KK
ZHpaLdtDehkX2p/2+fhXV1a3QQ7vGXyK5oHJ3+FmGatoLqpVL0eRjRJTlTZA3Tq+
33y6gb8svU7v+CkDQXU3qg6u80LULvTilXhfJNStVwCsyTnY+K9meirGTmdvd1t8
08oCjTN4FOJpaXrfvHWdR+4anTnvEsCUsFOECQ3a/SrJbHP4zCozgNba8utPIf8n
P4DDlFKeaSvHr4KHS4hsuC3o4HSbFv0usr+aWZjsgKb0yhPKn0EwiurwbIS+CNiJ
Pw5ae7VSytlPmC+WfDyRqiflGFJHBTigwEdDTnuKsrYn/MsZGrpUgx0fHFMYBv/k
Avh3IBP3ky1D+leP/RxkXwvOiyxkFsAF4ewm7zq/Qkp5CYG38+vPuf+iF7fH0aOL
kk7GonZ69KvKBL5YJXr1oWqs/SQ2SJ8Yc/VvjOaDb/JxkvRXlID0ymvfLWl9K4js
syVaVsjn43hAP0rHW9atEYnvjU/3qyWSoq50Jxkrm/pgLwzTWol7t2V16uwnY97b
XVu2/2L/R/VXaLZwTOAqedQ2Xow0pn4qwpFCkvmT0Kci+Zxv5M3A9csSXjciW34Z
Uk7b16JYaT7Bug6zPtFFco4u2n6AWOr4cBY4uNYb/PKNG5C/4gg+LkuqffrfhHb6
OdThNppZ+F2KgexYHFaKbt7woVfAnQQvEETgDPlPiqcRp2mmhAzN8r2Ia2Cr0iSf
5fhLHnZVA3QSkMIyedXfHdFMO25ibApSM89IiEcwpNo71F+APthXCU/9C4fBCYim
C6N6ORb8T6m16C2rdHGfndZl9pkPfTQtNkTsWE8fP6LwV0V2w/I5h5hWre6Qpqrg
jjDuIMamfTNiV8RKVtXmXTzHa9cdUnqOWczpnzz+8nLB5vOqh6McrUquSSqxMhMY
ZeVK5hMssM/OkwcqMFCxCjZtAOidAVYkuPdQLR8Qw7Vw99BHFSV9fI/NCB0LXIPA
NC3nJELTq21ZI+/EHpIKrz3zDU+oV5ipm1wrFWEGcjSzbxA9+1vvU5Ra9P4tVOxQ
FfwQ6mojU02Sy4p1vQoaRhDLAN8DPHHFC5AU6TNMxka26OUC9sOuPIRIVFcdpqbX
QvnEIhLNT+uGt8DKhi3sb/T4GKUlcxCM+QLi8I+9aOsdHyiWGDM4xb3LPrwPhOU/
yHzOQSM0xwkCRai/WEroFSEP9weogqUq7uIrQBmwFkBQUneQV4KesfkD5H+vzZWb
opx56gTQRaACZpLCTn0jdIK/Iieeo8xy4h0AAs/nV3s5Qb2f9e15f6EnYfSiWd9X
dHfN+0txgDbqpUjRumoym0YjuNFwdTxnz8C+YCqkT90f9nzX7+bIz+Bq4CynvAE7
W5Mk6JRIIRcCwwwX2WSMX7RDVYRg5F+gxFFkxknOZS8UFbAvR/jkwVjjPEUS1FIm
71EhZW7vLo30aGku7kNiitTeW2qRHD1wZq+aoPG835iQLwgdH62tF/0tRUv/qtNG
Jox77mnuq1iW+I1FKvEibrNH1CDipCdE0D1+EXe4iAOUx/OOjKV4ONKy5eDk/t55
dzB+JpeHlAs2AUBbQeDwKo65R6sO08JC1PbiTXVskuvjmFS/8uzkDGc/JehezRN/
ZHg4TI47xzVwKABMS3F7nPYWZTKy+jwzdPmueCuDZsktDzlRbgIdDR3dNg87iNTf
03XfznIaTKplEqoxRMM9Q0LjmzNoDZtPOnWg4awzg/7aNB7BjN1IfXlKV7H5Od3n
RNx7rnVEFAX57JMTFAJcK+Uo4ibci2dMNqM5cpAX9LPBmsynfSxaTzhPWEWpPQwY
SCGCmiVvJFG/TbSCumjkIGBXPsJpPCJhx4d4hC1trjq96VjYkV09N20PO5JKlRo0
az4SI8kqj7Axa5UffXCpSSfbn8ehp78IxsxMG7tBZ0AEFVJV3679zZj2NVdhFNb8
CkmHo3ya6bdZ/NJdSy77Cd9Vt0jy912g4X3/s0ausdDOZoRbTFTU1VKupLDo9pQb
C69iMim2eRGg7g7wsh9YQbe8O9hwryUEtDeeeIPhbE5gEk8xjP2t101kmpk4ViRW
FKaTu/IKsh87trtQE89KCTppUDCEy6N5HEirPnW9vEJo4qRQZ2ApsUpnVYD4kR9t
sME+PuecHiRhqh+dEo9EHHdrhyu53d9fCcGhbBfNWy4Sf3nCnhO5hzzUw3fcpW9p
7GkKlO+yWcpxc1fOrvuq0OAnQihtlCQ7NydQ54x3varOZSLZ6dopsxXnjGSlfawI
GUKl06Cv9Gd8G6ZsMr4bhjyD2prNnJpOcadX1r+LEkfX44Xv3EHge3J9enOR+fMZ
tVQriToOEMB5mfEtOP07rwfDCiGXkAZPCukMC22y7Yksqib8o512oWcbx5l+FVFO
tfmy+c375n2x+wth+SPY/LarQUDs0lV/v+NC6u71TjyMhqkWEGDbxtDqO+hrUkqG
B95VNgIGFmdvV3+IlD13Hx/rAf/eMfadJ5F7HlwOjdXbnEQsYXkwtx6UOturVohH
lUFqqjdsECXP1o4QFiiO+a+WGFNEy1KafnBYBbVpIouu8g3SGtHKrFAPxH7i4uFb
nCGXYM1O6HBdQkF5IHeVH/Sh3iDPnK8ilfSUXIbo2QiFnuuvb280VD1hDWys4q1Y
82bQdIQOz/YQkDNmUoM09ZQEtRzGxGqqyDrKtoeGNuItavI/oQFs+n5f/p+B7ebP
+Dq4AptNdZliJTVrkKKw0buQJMrcUvWKKxkUC9/N5DeNVV7yVuyVBUOk1Q9Zub8X
SNFkFDZ4I+CfQDrN9YedY+lAMjcmiYIDn9s2RmYnGgAVlYweN7y8hE36sNAxDUKq
AEgC8bJrTAy7axaqj2m8c/F1nXzmKBn1+Q4zSW8oeNjvfSpfS5ZeljHnyHrZrUN5
fVyet/3gok33Qqh58j2kXSVgWJrtbsIk1x5Zu2Q+QeUmMykA2ltAe//NbcRm5NzW
fdAyOP3IIvpwp6wOrtDxyBeDDmPS6Jkthp/3A9CmD7jewnt2D3f9OG1jlZI1nvvi
VxqKkC+yHGxYKC1kdvZnkoVPS5sGA3STRxzWgfzZOrnvyNjKneokJY2CMA89A8wm
cdAbA8WTxoLo7ObjelYiyPgB5BWUqWvRbrVUYS6lrgLToUIfVSS/beNyjwwmjHgR
C3a2iQQ74kYyMr1iBj9K0cUeyVSBHOMvwG5Xv0Phovz6waVZdSWOcxjDslz+Ghg/
c74x37hFQSAiIUt9ZzrE569QNP6wcGe/S0MxL5MG6bqu5BH8MGrBeQ0IPRCwXFwI
+Hvwh/mIF5Uc0hssRDYNn9YxYA0jCLsjpxjMcDJCMUA=
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-and-encrypted-reply-over-a-complex-message-header-protection-with-hcpshy-decrypted"><name>S/MIME Signed and Encrypted anchor="smime-signed-and-encrypted-reply-over-a-complex-message-header-protection-with-hcpshy-decrypted">
<name>S/MIME Signed-and-Encrypted Reply Over over a Complex Message, Header Protection With with hcp_shy, Decrypted</name>
<t>The S/MIME enveloped-data layer unwraps to this signed-data part:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-shy-reply.decrypted.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
MIITEAYJKoZIhvcNAQcCoIITATCCEv0CAQExDTALBglghkgBZQMEAgEwggk5Bgkq
hkiG9w0BBwGgggkqBIIJJk1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5LXJlcGx5DQpNZXNzYWdlLUlEOiA8
c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLXNoeS1yZXBseUBleGFtcGxlPg0K
RnJvbTogQWxpY2UgPGFsaWNlQHNtaW1lLmV4YW1wbGU+DQpUbzogQm9iIDxib2JA
c21pbWUuZXhhbXBsZT4NCkRhdGU6IFNhdCwgMjAgRmViIDIwMjEgMTI6MTg6MDIg
LTA1MDANClVzZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkluLVJl
cGx5LVRvOiA8c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLXNoeUBleGFtcGxl
Pg0KUmVmZXJlbmNlczogPHNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1zaHlA
ZXhhbXBsZT4NCkhQLU91dGVyOiBTdWJqZWN0OiBbLi4uXQ0KSFAtT3V0ZXI6DQog
TWVzc2FnZS1JRDogPHNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1zaHktcmVw
bHlAZXhhbXBsZT4NCkhQLU91dGVyOiBGcm9tOiBhbGljZUBzbWltZS5leGFtcGxl
DQpIUC1PdXRlcjogVG86IGJvYkBzbWltZS5leGFtcGxlDQpIUC1PdXRlcjogRGF0
ZTogU2F0LCAyMCBGZWIgMjAyMSAxNzoxODowMiArMDAwMA0KSFAtT3V0ZXI6IFVz
ZXItQWdlbnQ6IFNhbXBsZSBNVUEgVmVyc2lvbiAxLjANCkhQLU91dGVyOiBJbi1S
ZXBseS1UbzogPHNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1zaHlAZXhhbXBs
ZT4NCkhQLU91dGVyOiBSZWZlcmVuY2VzOiA8c21pbWUtc2lnbmVkLWVuYy1jb21w
bGV4LWhwLXNoeUBleGFtcGxlPg0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvbWl4
ZWQ7IGJvdW5kYXJ5PSI0NmYiOyBocD0iY2lwaGVyIg0KDQotLTQ2Zg0KTUlNRS1W
ZXJzaW9uOiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L2FsdGVybmF0aXZl
OyBib3VuZGFyeT0iZmE1Ig0KDQotLWZhNQ0KQ29udGVudC1UeXBlOiB0ZXh0L3Bs
YWluOyBjaGFyc2V0PSJ1cy1hc2NpaSINCk1JTUUtVmVyc2lvbjogMS4wDQpDb250
ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0DQoNClRoaXMgaXMgdGhlDQpzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5LXJlcGx5DQptZXNzYWdlLg0KDQpU
aGlzIGlzIGEgc2lnbmVkLWFuZC1lbmNyeXB0ZWQgUy9NSU1FIG1lc3NhZ2UgdXNp
bmcgUEtDUyM3DQplbnZlbG9wZWREYXRhIGFyb3VuZCBzaWduZWREYXRhLiAgVGhl
IHBheWxvYWQgaXMgYQ0KbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0
aCBhbiBpbmxpbmUgaW1hZ2UvcG5nDQphdHRhY2htZW50LiBJdCB1c2VzIHRoZSBI
ZWFkZXIgUHJvdGVjdGlvbiBzY2hlbWUgZnJvbSB0aGUgZHJhZnQNCndpdGggdGhl
IGhjcF9zaHkgSGVhZGVyIENvbmZpZGVudGlhbGl0eSBQb2xpY3kuDQoNCi0tIA0K
QWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1wbGUNCi0tZmE1DQpDb250ZW50LVR5cGU6
IHRleHQvaHRtbDsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEu
MA0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQo8aHRtbD48aGVh
ZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+PGJvZHk+DQo8cD5UaGlzIGlzIHRoZQ0K
PGI+c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLXNoeS1yZXBseTwvYj4NCm1l
c3NhZ2UuPC9wPg0KPHA+VGhpcyBpcyBhIHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMv
TUlNRSBtZXNzYWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQg
c2lnbmVkRGF0YS4gIFRoZSBwYXlsb2FkIGlzIGENCm11bHRpcGFydC9hbHRlcm5h
dGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZw0KYXR0YWNobWVu
dC4gSXQgdXNlcyB0aGUgSGVhZGVyIFByb3RlY3Rpb24gc2NoZW1lIGZyb20gdGhl
IGRyYWZ0DQp3aXRoIHRoZSBoY3Bfc2h5IEhlYWRlciBDb25maWRlbnRpYWxpdHkg
UG9saWN5LjwvcD4NCjxwPjx0dD4tLSA8YnIvPkFsaWNlPGJyLz5hbGljZUBzbWlt
ZS5leGFtcGxlPC90dD48L3A+PC9ib2R5PjwvaHRtbD4NCi0tZmE1LS0NCg0KLS00
NmYNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LVRyYW5zZmVyLUVu
Y29kaW5nOiBiYXNlNjQNCkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQpp
VkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFBQUFj
RWxFUVZSNDJ1VlRPeGJBDQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95d2l3
WW5DdGtES25iY0xrNjZzcWxUK3p0OWNpZGtFKzZLd2taDQpzZ3J6ZmNxVk1wTDJq
bzA0NDdnWURwZUFyaytPbkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldSV00v
dWxpDQp2ZFBmMVFaMmtERDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0NCg0KLS00
NmYtLQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzE4MDJa
MC8GCSqGSIb3DQEJBDEiBCD0vcxZnCjxaOpfz5cIo9Maa0SVODPCXLJlV2Wbq4Z6
7zANBgkqhkiG9w0BAQEFAASCAQB3m6q708hB5tmuz6jzSJ+nCR7C0BRbfKypEnSP
k2tdLaOAJWrHqljSd4klEJWy3x2SvLL9q+rSbmIWpK34PWVL1E7gbbJIBjfpoIUo
+YMSIkhKFaKfUgulEi0zQG/HgnMENl6CDXa5ZrbW53SEpNpYgchUcqpg6Z0yOB07
oH7YOqF2111RRSzsjNMMDAm/1LvOFBR+nUERAhHvq1dpGpNuvbtAh4itWLLbDLlR
gIvrihHbqaUhf4VDQNg4MWjdHGATgPHNAb4hpfaxHxGEv+NYB/65VQWKGKMZujqk
aLH9nVThiAlEOyirAA7VlmvlUQgBem0pjh6ixnwK9HfPb7pG
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-signed-and-encrypted-reply-over-a-complex-message-header-protection-with-hcpshy-decrypted-and-unwrapped"><name>S/MIME Signed and Encrypted anchor="smime-signed-and-encrypted-reply-over-a-complex-message-header-protection-with-hcpshy-decrypted-and-unwrapped">
<name>S/MIME Signed-and-Encrypted Reply Over over a Complex Message, Header Protection With with hcp_shy, Decrypted and Unwrapped</name>
<t>The inner signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-shy-reply.decrypted.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Subject: smime-signed-enc-complex-hp-shy-reply
Message-ID: <smime-signed-enc-complex-hp-shy-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:18:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-signed-enc-complex-hp-shy@example>
References: <smime-signed-enc-complex-hp-shy@example>
HP-Outer: Subject: [...]
HP-Outer:
Message-ID: <smime-signed-enc-complex-hp-shy-reply@example>
HP-Outer: From: alice@smime.example
HP-Outer: To: bob@smime.example
HP-Outer: Date: Sat, 20 Feb 2021 17:18:02 +0000
HP-Outer: User-Agent: Sample MUA Version 1.0
HP-Outer: In-Reply-To: <smime-signed-enc-complex-hp-shy@example>
HP-Outer: References: <smime-signed-enc-complex-hp-shy@example>
Content-Type: multipart/mixed; boundary="46f"; hp="cipher"
--46f
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="fa5"
--fa5
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
This is the
smime-signed-enc-complex-hp-shy-reply
message.
This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft
with the hcp_shy Header Confidentiality Policy.
--
Alice
alice@smime.example
--fa5
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body>
<p>This is the
<b>smime-signed-enc-complex-hp-shy-reply</b>
message.</p>
<p>This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft
with the hcp_shy Header Confidentiality Policy.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--fa5--
--46f
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--46f--
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="smime-signed-enc-complex-hp-shy-legacy-reply"><name>S/MIME Signed and Encrypted anchor="smime-signed-enc-complex-hp-shy-legacy-reply">
<name>S/MIME Signed-and-Encrypted Reply Over over a Complex Message, Header Protection With with hcp_shy (+ Legacy Display)</name>
<t>This is a signed-and-encrypted S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the Header Protection scheme from the draft with the hcp_shy <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> with a "Legacy Display" part.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 11505 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 7508 bytes
⇩ (unwraps to)
└┬╴multipart/mixed 2832 bytes
├┬╴multipart/alternative 1621 bytes
│├─╴text/plain 576 bytes
│└─╴text/html 748 bytes
└─╴image/png inline 236 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-shy-legacy-reply.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID:
<smime-signed-enc-complex-hp-shy-legacy-reply@example>
From: alice@smime.example
To: bob@smime.example
Date: Sat, 20 Feb 2021 17:19:02 +0000
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-signed-enc-complex-hp-shy-legacy@example>
References: <smime-signed-enc-complex-hp-shy-legacy@example>
MIIhLAYJKoZIhvcNAQcDoIIhHTCCIRkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAGlAuaN5i488nW0BLsFYGGzv05Z7lYU/2JcF
bCWNgMWKZXJg15jwdzYH+xrTDHMk3Lm3+zgK9UoV+SCIBH2canLBrEgBk7KeqP6C
XSZ5q9yxGyZ+CqJ8oMsjvhezu/F/WROolCP/ALvzwu3TMlC7WGX2VId+dkYbJlqh
84usiISToli4K5GBGP5TwCt40qFNq0oiCh3PMUyZQO2RxCqvW031j8J7ASKxA4gl
ilSjC4Qs5kf+TEUc+iylX8DQJu5t2CMmvtaBShCBOkxnqQlQC78JQxojZ+xEP182
HHqi3Mqd45z2mRl2GuJaMnlW/OhaUolY7AgDOTGDIY+8QeyiFJEwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEADR9K8p6a0/i4HviQ9Tt9Pb7R
NtG9AajTJ6rALd1mRmDlpwQjKLduufYKBCxxB60LkiTUXGPddtruirSbEsjOa3cs
ueHgTUPxC8z7Jpmjk0ab3pgilymcCB3ajskxKFNC+kssejHIc/fE8KoJO89fYMjv
J8BPk6giYB+FCfz9FEDGXxWjU4OQdmYRQlhRBHmaF7CIpCyjo2VnJJllp7STKfAe
nKbbEbBOsFfw3U2F2AfEmobmNixtNCaNFbdMQLV/k1+oGuAkggZC0+N+sSfAZ5DV
ZQvdd5ex5lNjMhSVh1qp152LcGbtQhP3qOhWaqDYjmDlP6nWP5/PrFgQjOcZBjCC
Hf4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEFzxfgxbmalkU7vL68qwqfyAgh3Q
LvLr/03CJmjSYS/t5iURfgrocyJrvZk3RW3i14gxNLDFElcTKR1fCuUGnaV9irYB
A4FUWy0QR8NUPbEihtDXlDuhfIR9bzGO5am3GdoNJWbNPEcC9Vta7QlDWjfzxNF8
NJw6q/SlZ1mAQCHq8p5dtBsRWsOH7gokScgyB7oOXBHnOmQ0ObUbJ9WcIbA8FNCg
tJDPxBTI8kDqduwhStetZwl0HrXspvSojb6+siJIFcah2p/hFc0Wxf0h1sz754wm
13q0t2BGGWippElLS9Xysuof+zbmwwA57FkJp53n0PsnKqhvKEo0ZyEMPkKu5z9p
XN40X/3PwrBxo4HoHut/N3HNwyJs7tb71/8AbmrTltAAHUhDYc1dCpza8wF4wGnC
kFxFVOE+3rTKIZdTmNdywyoBpobY8KSLheKrpaRGaeBv6QnFavph/1w4sdlEPGVa
CXNn35GjtB5bAE5dMkxbrEiaDi3DupuQFSxhNWzBPLVILWxBnjgDWaUhfVRSx5OX
MzU/GSefZ6lC4eynr9KG3F2EiRm12yNj/ORlZTm3dbfUxSp+mRO262nkj1UMcyLe
3eTwxK5yKH8pMNOuQOpEB6CGJY19I5zryFtdNb5BaPNSGznwkgMnX4qPEG18UXlq
yKfz/hjcLXYyYbM4ey/xh3uDRWXPXAtMnJpXDyvfDMSK/DaFI2eN02fdZ1Hnr7xD
MRAKrFGR0NDirjjxjYVGHkUeBCn9H+zz6bl0HdcNM132QtZHsYhIe6PSvmybZ/oF
R2uqR2uEJIFtoPAA+0F5hj26RBAoLeJhGddyvXfNp0X0Nun8Fwzpsjn6nPwoyPN0
hedCV1Oi5XCuH6J6ShJD1etim8A7dxKduX6lp4ts/SHKN2wvnP95zZExvy9L3b9a
m/eWq28vri4i3MLcPbswFWkjBkgZ1DPuwwmv4c+6NeWyZSJMMK6ftZDuAKUfHwVR
VS+PHx4kT9vwg2KSzJKkbt9IaYDUrNbGsPJbZftigBS0z267GG2mYSjasSxv+uUX
bLkgoHEixJuUbg/Jvsncnby7JwJErgDnLN7S2ZGLyAaetyWBDWbZYFy0SQX0WrfZ
hEzgZ/F7oLfAqD9P5O+I2OSxl8tHVHCnRrAXaMUl7I1EArminSw+G8QTSoV8Hd0L
EwwpYKZMmaXf87+KApqYTYK+fv31eI7qaBB+8Hxia26eg9xMa/eI256J8MGPAPTu
3cwKCTDAG70GChrSIKZQJCNBZnbIq2gYWAyF2+BEVqsmy3mXXNcAuPxwbC4UUJQJ
lttVXZJpDrHqOrg17ew2WzvNTnVdPwvQLxSJsZpA1Yx7xnHKX3+U+MzLXfUkKg2E
LQ2O3o2OY0oaf7POL7yg9X0A/qiOsz7QaNQQTaG49M5G/GIXy5YifzbteZIa62RQ
GsCJfD8pibMs/rylNOkXpCXNwc5+gVJeb/9pAz+ZaAH3Bh8iHKtS13elDmudMcfw
/CnZiD9e3fmFuYZHAMQT4PwfRCz6VczxsJhNYTURJ6wiqybSoDXgXkHrx1jq7ZA5
LJmpXcSxAowigMM7bs0eQSzDCesSCFrT4AdsT02645pVS6nZex0P4MB0X7TPcB6x
6kelmj53tpG5zYlBon1A0tWz9rNPGU2AGrOuAMgotaol+q8Nq3r5bamJ7idQSUzt
Ow/vujhPnKU5Wt5XXBDaXl1+H5cfawdkDh8M+eaI1nGNQRhCI8+JNcRcLLMiZHDl
rcvkx38pksBWlEejze9y64GN0iA01tCdGTmIorxDjIJToeSOmqeDHTIiqFH2qsVA
O/zuWRE+3AnXrwivGePaCq9pO+ir4D/S8oZG0DJ6gQ29apgUJR/AxEd2w3g9vGC7
pnIp81vjZord15aGzSuM81+uk/By4PQ3kZm3Ot6vh0+/bSZK0VVo4Ow+wPfOna4F
Bj0AJi3s4oFwNLNq2qybjuEtS5ufImm5c9iAO+kIyXOMsLLJA3WJph0Ct+0dE73Z
89362hoH+JiDLp9jvsuECvaUIWSs5Y815GXrmtVbk4bgvNLX1X8619BjlPkMbMJj
eYSt/uDoOYth5VSJo1IdQGXznCXARz6QBX/UdoEqMNzAM7VOHOK2J6VpvN+WHxLW
hrIx6w3nEsfeikCm8s9sDkbrgJwmHT/WQDzfFArAkuRXNczJlEO1evLcz0YKnk/E
/IaFSs2dobuDDUXklmbxXYOW2Vk+VMt+svjEwCYLXpPOhqhufN1HIUqG9D//4RiB
/jrJOy8ci5fn2vM+czragUNNAusuCI9RnPgSyPHLwMyAXLZo3kWFtB68OKO9cT6Z
k1temLL7OOk0VBU4411Sc7S568kYXByU60JZtbdwnChId0YTszQ5cq5P/3tnlCbw
1HFc3yvlW2CLOB3wNmxo2jOmd48R2kmzV6Mc/C+P0VxIW0hh/gcVqt854WiQxVw6
aODr69oj59olH/bPa5wVICKO+3CrucfQWLi3eRNtGnQ2N23eZWFeayDZ+U63SDyw
Iubr9tRIwZNu2kvf2eHTLoLswoTF87SSbcHbzwpeLEbp250HodTkfL0KIAxcZMe/
zspTEUaOBysL/0z59X3Sk7lei4qpAP9uOGyvqK9iQw0N+G75v8VPWGwYDTsmAnb7
x/qZOpX3MS17i8f9rI75jYUpmU5l+HbOrPw6cywnvGKcjN+ElyE+VY1Eud/PL1hj
Q24GE8nC7EQnmKFuNXz0guDek/a7SMWgcp/VoPMd/1cI2Vr9Wwlhcf/FULqGROuC
ANeBlaUgZvDIWXqdimYAFjFBvx+pYlghcAyzymoKnK9wjW1xeyscr7vN8GKARjCC
WLMIhuX3AK2FQUcWpzjuAhQhleY1AbV0FKTk1pXLbfA526KxUDY9uEV+8M5iRpv6
uz4X01Pk7bwTSNkwGIRWT8SSbWA1VbGARsUinhFinhKmkvdc/CKDtPTdchkmcGEA
D+bIpuWKMhQdAnSCoi5XmcN+5q8PH7Ivw6iz6WHGjiQNoqYadiTr+AZu98uRnU0H
vbYXr63tBK60XIjPFcuHMnk8x6aQpUYAWYuaN+EvVvtecStf340tuPg0XWdh9ghG
/MfFiQMLOn4gT+vq6PZPlriCHU4Q97qmdwThrQQsr7kY0zcEF4zOuDxNAccK2UNT
Va1j0a/Ucn25l2UtMW+QSiz9IryWBhBAllqFdYOsgqYPMBnZx1fQ+DpNwmQ7E8XA
HES6WKGMZNZOJnpu443BPGHUnJk4SyrDKQwL2EfK5tsc0BoAGrGhKdSkdlAB9Z7/
rIfi5efz9HKv8rnHd2vxzXmdB6Lc3eKNC7ICNE5U9ow/Yd90aMBrIdK9f5imw3Uk
CL27LkV1x8aieahJTwwAVVBRZz27FgkmB1x2R42mj99zWZtecrSkGx8wj4/qscqq
39wi/tD8tR4iyqzoP8TDNP2YVmkFnSVSOYXeEMSrazTbdOi/sxKqTtx5sZQi9f/J
7K99QYOGkJmhjiCl5H/tA7kLD5HPC0fgPDB5m0lp31siMDij46r4ORahUjpPdtPk
IgtxhWdiJ+hn63rm6WFzoWRlfm/k9yxSsegOpYoCKgi24ZOH/84rtVOXfcMKz+in
+8mkwRVl7bQ7hKkNs9JwnQD37xx5HCw150wNivynBIGlP5ISsr2aRo+eids223FE
9R2TVNXtJp2Nmg6Y+LKbMdCUwaZ7w3vWT3sQmG0rn2nwb1ShnHvQ2Nlw7hAAEbqd
/I3dFrvVPxqm+Q60NVjXrACtIlfcTM+LSUc9MCXjgaxXlTMyiWgmO9m6UnEGtvWi
LGImq/0CHgW6YCT9bwLnPfkz2L1vk2p78gTUqlH77iXt8THE1WjBIB/GJl5LGInF
vI1lsLQMkK355Ztg5wk5FhD47k/EFzQWKfyn6+V1u3hfwG0Q5+FRwgYRS5nfA32T
XxFQIdL57tSXzSrQcDxIe6r2buKOW4glaHWF5kmbK8gchyes4fmvE+pL90s44SUK
ZqBkW3kjaGogZActlWZkq+0QcRYnti5KRyk7jzKT/9f1LLB4qdcrPwyotGKJWip5
pyiLwkxMgWxhociW9/3u1gPwu/K4w42zJQUtX3N5l7TvmPhfDU7L3ognCJeaZvbE
wEJ9KYb8JimYySr+IOrOQ12YVvm/Wq0ZCL9qb2E+Hbxxb9+1FvBt1WGp2zYnBVaY
RSuxr+TFu1IQtMgDjPD0glGiV8sCGXD1rSc4m6p8pSFlIrXNBEF26cianPaJV1DF
YSqqcopBNfM4zEIreRpp0Nhce6wKW7nhcxpwTnSrB+SZA8pjizoOxjSDllaX/wGr
ZDAEflXBwiC6cp9gWivHY2pA1d3LO9joVjfIfx5QxBc3vyYmJ1ATgoQIX6aLJq+/
Uh2hFTw//9lprqgpkKSdr/3TLKbXDlyY5ysVFKl7OAFUhbaLs6MbVrXaRHG34AOu
wTv2tsbFcq3qkqCrx7rf8mZXIyGEzbIhQ++I1jEVSzwz2E9ruH4jr3lM5d9uus6C
VMysVTCbLnwGKefk1Hh2OvSvF902US1PmbcwBFeoYy8XWdt+xHK8aIcbbj6xxBA4
tvBIsfAqCcKYovXdNtWO9Ex00eAIa77NUmLaRPCYWsmgGJ5NlYgNyP0yrsxz/6Xc
2lTcTotmEqMjWCRMdWvQnGUSWY0Qe/DsjtXrVcPjSCBdxZ8DWjCYI8mmmyo4lu1X
PSCMXwqcQDbGcvNHqzxy0eT72ZhL319aD7ealbqZ5got87H1fURQ/mkp/LRZyeu/
b9gAIL5UAQ+E+1NgQdY/meuOawNp3q0Wpkgl0bqglYdEUm77vGO+DlDTQ3ruxeb/
IdBiVypb7YlJcNx5/O3bf5JUyLpipeiwzXTeRH5vbzBKkmBsLFkwRW9H+AtI/DV1
OqhGyLon8JkPNO/1WC6c2ftQ2Kp73tT+dsQIObSrrkSXQ9nUaaPbStepczhPptwS
x4zxF8gsc68dZ0OsyjpcwiJaIm6gWseeB1bPW59IlinNHFhxq6lmt37n7a+VQCpC
oNvnfjGaVwoBW2SGX+Qsu6LQ/7ZBXbAn/ZfPABJOinn7xycBCArV1NAIr/CgrzUK
H3AhI+7f8UnG1JrOnMaJuIccp8LVzYlFIEleTOBLcKRK/5ye6dTR0OsX/bWLJiZr
wFLUpA1SH4KxPWQGFe1x+LCuXBIo6Q0q3STUkkgD07afCs6xaEZH9as/9jP2jpGO
ZLiV5Ii8/zZ22vHIt9EjjfvjPNDEgo9++RTw1cOJasWvgUAJcWhRwRzgTeXm8luk
IXnX/Q2HHCQthgIYTdPvJ81uH9TXfuKiT7kDnmbjXGhaPE4uUtV5mokuF65d2ZRy
nRYQTt7jEZ2Ve7+6h+AZi3KGW3xVvMibv2isGGI+tAUefrVAC1bKnRnj/3skzRz7
JyFIsOSEH51W6GiapYVwhwIya6Jbq2fCBY5c/0sEvjljQU845P6KjLfCUJ1UdOR7
aNp6L6piJ9V4b2vbVXeCmzVXAkphV1pkiz3H/KyMy/7HU77ROsrzWc1XPupAV9gA
4CaEAlOqx5VRgSpko0jQa+UJ6hvC8kOwhBx+Qq1D/GLAc5kL8nNdkLZfIyO/yLmh
+khKI9TEEEup5BJwGNw/DxZg+mnMG0wJdeT/y9oKqqBajQHgk2xRPyvEGjyi1zrq
HDgjY6YMalTwhxFNUSv8JoHbKU0WYjNDds1APqFbJq6EMs8HgVryDJjQT9ijrEE+
tWb+T1kPWxSWKR3sU6mXhVHqJVzcHMJbKj0kohDdb/LaNzD0SQr5RH/4uH3G57B/
n8PhgNNrkQ1snGmqw2JLfSRXpvdL2GA3ne7azpYRgELMs1FSfh5tTrFrWtc2dsvH
bxxPxQY7dBCC6qw02kTNHubYBuR0Dau4SNBivvFAVaqRpQ15OdeTPm8G5vEukpFc
Uxh8OcALRVOb5P3KjyIdCrDK3+i6Z7/dHKo+MeSbrKPdZtVWWPteUnB6pDt3GN1o
WLrJ2KIV7u2Y6NseJyV3G89BPUthwgY+WDKheo6vnNf284JZxfIqviIZIyrZcQWA
EhW5/b4KymtMHaB54A4MnhYrqqGQm918bgPJvQOW+cd2uEGe5Dli+Z2BxyHDhCT0
SPOgJLUPATJR4shHRpoduH3RWhTOe89s89LTnIRAjr+m17r10sTYbXxLwswUzQ6l
I5VXww6/HTp5Je2G1xtgLvOKYypTIFzxiPwjLn3rqfYJNQWcLQ8c9jWoviy3JSOb
xtwrY/fJ0mDceBFbUtgm/Gbeg5yXmN9EkOgRcdV7FWNGHziHIUQa1knXdEhWDLuu
0hqFcTUlRYMeoZCpnyEt75c8rmwmnVVGhb3FyLrUO9vVeyPvPuB0AiwK9dECvcz/
US+HkNoJSUdLC2/QVV2cJtJIb82c2AM1CaeMoTTjXMK9KyZOeWhBCYNULsR6FzeL
1GQwfJWcdiEEIbrvc/tkYHDnksSgDXxb14E5D2PWmkogtNAs+Uu0WLcz9AhhG9Zr
2YTTj1JA1vQ9Xq6XB/7cOqAXZx5dYqAJM1j7v0Ndget6bUUZluAEJzN5Q4xiK4Hk
BTJb/oSj1Ul2hMMsuQNeHVQYJQmlUpP43Nod6FdGlDsDSY/ZqMh7i6x4vqwjMjEw
LlGdpjgOrqB7RzBwFHzeP84vles38HBgnEIdnBQvQUEOoIMAHPrBNu4LJJgpQ47r
3C0F7J/1+d1otCFcfCmWmrwSrT2cSFVEmndEK39/TU5vSlKdm3Xtn6FtXA9iYNXt
5f3UGBNuuLfzp2n9A9pLTY2h57Hw2nJTZ1gZI9pA8H3akoSokGacL5ztXOONYHBx
4aC0uNNDPXzXCGlzTUjCKJyh+MhFSuFPjwRZNRgMintvJJlCs88A7x05v1B/+aEn
rz0eSyJoGa6AP1NJOfE7MzSL3bTzd/pi9fH4m3GuiOe1/v9O7GPoEmdJ8b3LhIKi
awgN4ugc4+SNuoNFOU1Z8fxejeMkGBot+3Kbuzbyq2i2qRIf6/O7owwFlA4urfEo
m/SvXwC+0069AqUVQfl3Bre/gnf9DweYOBGis4bKuWxcug4xYict9010eDU/8xeg
dfO59nBd+CMbqR8yAFu6buJB0E64sSJwWYVp4XWM+HRXSbJKrPqpb18Z2hzFCVN7
Hq1YNQGkGV1bn6z1uO08kY0gXY83qI2lfWtbX7Rf+sj1OuWdt6mkcq3Di0DamZNP
Kk9syvk6QndtHmHrivnXjWdMp6cjVnS8szBxBqiDKbvZHOrhfIIlBd/jIm3QbjXY
tPOooqqmIScHkWo+c5aSy7YUEXHNZO3DXWlyjAwYIf95gA752fPfaP7axmg7qFN/
d+KhAN5F+p5y+MYJYJmzEydWWuTNrAHjJXo1I+m6PKWm1Fpm5gUhrEyX6WFPxkga
IaF+Z36LenDmePleJ8YinC9FIzWaO04BC2Qc/K1JpCVWuHHQj9nfuc40lB6Q3O2D
A6HxBeE5vXHOFp6KWwDhucGSWeM/TILI/uiWH4lkvJVu6t+pGgOQl7+JHSDfPmgJ
oA3MVWdK5wPYekh6KtM2nLfpO8Coj+s7xXffq1haCcjnw3/qcQK84FcQrYKBX6Ve
4lM+bYTzvjfBY/TCDb9UoKuYsRdg1tPk3ACFaVso1nsHh4WM3ID5NyVBzwISn7D5
78Scp6oFZQ+5Bil8dSTfLhkCWN9DYP6TT4aqGUZlWYInbK5yMAIKMLN5heMjCziy
zvEsbjog9tCqiwSXLVz6CnqfB4swJe2rIiPi2dhR88Z825L5Fb/p6AUH/j/OkYrJ
9BITo8qSY0rz7Hac+WE+oPhL/BCcilVxZrDsGHhybup6qdJa1kjDaIadrJbe2Y/L
UoxPQomUoVzjPLyQ0IZFVx1CynBuJVtQzfGQ6HUaBApFWs3e19PlVikQOGiI7gad
aDAQrzR4zW1t7Wwfp1d8a9dNizwmmEn9VuycjLL7vFZ1Md1f3hJNFYFUS8dcS2ke
BHo6mMYE8zqEQ/MbSOTNFP7np1j0x/elqbF227CWL4bdUCPD5F7fM01lR6uvJeKh
xgWLeGNi+dtYAJ+x4Q8/Zp/zxq+djBlAuVa3pJWUENoE9qMOupvxIPTdihzWrEcE
y2tl6eO53d65H8FrvJBQ9zr7D0B742IDzXsCo+jx5tiR714DrGMQteXTrz+1NFMQ
NObzn4rCCFe//mcSlt8puhMhbe5wcvjA4bEpmghBjo0cOgegHkhPOPfFRRF1VD+T
Z8PAarUtXl7PM+mEZc+xQti3mNuDaPHGcbUWk3OXfX8ct4Na0TE4XaTEHKI6NaxR
7e6349X2JkULYoi7bFg2c1NZXDut+mnhtYYrPjdXbssljfZs/RBufDo2nWTHp01G
SYmlhr4N/TOrKfapzi91WUVltoGo+U5VyhXyt97KDcj0yEaCe3z3nNVhUAJGj2Dm
8ak/NmE+dShqxWOf7isCMr84lmUtQ/s/Qh3RUgKSf6qNoVZ2+pWhaXK+NuhKMnIq
MAF/NspdJ8r5uNhklb9O3MmzKuW26z3LgiVBfzkYecY57mre+iBo0zpioLBGk/pw
j1bXvQ/9Uo9frPPQQyHD/5M594sPZ+lu43ItvIoz0+SDcE9LlGQeO9KXaGC8R8Py
fx13oQ9IRbZ3BJngc4E9taY1KNWnj2rZY3GOtjfAVPXR2N6ARgFBWc0GIIcGJNc9
HIlw0rDaE8SHK0x4u6p67bY1R4qkpD5ejPHRUOQelIQ2I5oFJWwCqYYI5MeQ+DBx
oV0jfLysKAC14Vmc29pOxFh2tYJK/axLgSTCCP9a0bX2yS7gOonrmGyNm7qWJBXU
74ClITuOpPhbd7QZfekBjuwt+D9SkhEOJ6Ij8lf/pv+JzUgjkpe+lOxvHnfkIJqZ
IFbpokdcFUevEKWfHJQY08FYIlfHf91HQ/Lrb6MebrkW7bY1VKEROEANj3mlSQNX
GypZBRrCPJoDxRUHDyfH2t5GDzDv9eakpIuBm/fm9NSPgPkIvXbJkBqWrD+WjMNB
aRzi6C/HcQj9+eFVr9DfTBAJ90gkws0Fl/EmUMmTrBQzVj49MDbO7TyPntK1NYsz
csPeXy86g4+xbW0IAar2rXiJjVbcTZuPFCR/NtcRXwe+Gdw4MyPfcM8Y6Wa/ByQ0
3XbZdfwy69MuYnKJ5Ie22McGBEa3nODlpc23UeyDyxlf9jgsaktT1qIb+bFDE0YR
7aVZoyTzGZTWmw2Ae4rDQOW/SPq11roZ8vQxPeVnXVy4KJD/2JK5/sCXuRzXk4kX
0SVyOm0MeLNf+NWPIe4deeGaQAwtU2jQvnmuJkXHWcGAunwa4GW25ETxccqekt6y
k3PBKBeZejvoxsrteoYeOWHbPcvthlUkJfp2I9emnhTjELsqqvbEaS8DZ3nPbNnD
p8ug5WoUp9plX6gfl93Cj6I81B0KhtKzaiLXVRq9orNlacOyYieOKQhk+dpzIBDe
BqXB22FC225jWrKnwYzOVWFTyZfziarDDS+RjVjcWCDO/6OKsdl1d0zbp0VkXkEu
qix/0NgrilfwOZ4waYTLOu9ihN9KVHIgHOFn9q0BU9OngirE14bkuSu4KvIMmtyT
3eZo3Nm+bwWzJzlo4yogzlTgH0SGnxyoibzOXzMqFgLkVbWvqTnw9UZASvoLAyrS
SFctnufOoPlH9JrL+mfoU83prsRDMmOqudzyi5/xWh4IvamvvQsq5+3xsQr1duA+
W/HeZ8jx5hgO5UfexS5hAcgNs4Wz2NVCCl9fProSuYh9Caoz2PwlK87c/MliEqWc
jZ5oSk0+zwLXTp3xpv4MHwDzHwqV6Sdg+cOUtl6wlZp0vJVxPD5tljBU9EW2vjfF
Iq19LN50RLPQ7RpfCtJAIYUAuYGz0mwd66Q71d39Wx56wHA9TqQBTzNqI0CK6/mX
sRZKrMvLBTdHKk4Capu6ehFJgUt3Oifib6DWV6v5HUG14Dt4z8Bj9a3R66NBLWlR
K+2PoBYdd942K9XlMGBn3LJl4ALdvIcPBWj3GF+uGyuVe7wBlSx9CflX2WSI5YSg
UDSpg+5kGBqjvtMlI8+4lfWZWKxub8YY4IMzkQxJcbvfqIwwjrevtIArQbtPlZDG
q5zPmbmEot+ceJepsSmSeiEXJoDQJgbl6ZodjzNaAzLdOcGZI+qvi9m1S95VDfVG
qrLl6hDxECQwnHKXwGrH6Qt4lftSzDHOnWKRERbiAgu9JPEuek4MY4C3u6dteyC+
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-and-encrypted-reply-over-a-complex-message-header-protection-with-hcpshy-legacy-display-decrypted"><name>S/MIME Signed and Encrypted anchor="smime-signed-and-encrypted-reply-over-a-complex-message-header-protection-with-hcpshy-legacy-display-decrypted">
<name>S/MIME Signed-and-Encrypted Reply Over over a Complex Message, Header Protection With with hcp_shy (+ Legacy Display), Decrypted</name>
<t>The S/MIME enveloped-data layer unwraps to this signed-data part:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-shy-legacy-reply.decrypted.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
MIIVUAYJKoZIhvcNAQcCoIIVQTCCFT0CAQExDTALBglghkgBZQMEAgEwggt5Bgkq
hkiG9w0BBwGgggtqBIILZk1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5LWxlZ2FjeS1yZXBseQ0KTWVzc2Fn
ZS1JRDoNCiA8c21pbWUtc2lnbmVkLWVuYy1jb21wbGV4LWhwLXNoeS1sZWdhY3kt
cmVwbHlAZXhhbXBsZT4NCkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxl
Pg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZl
YiAyMDIxIDEyOjE5OjAyIC0wNTAwDQpVc2VyLUFnZW50OiBTYW1wbGUgTVVBIFZl
cnNpb24gMS4wDQpJbi1SZXBseS1UbzogPHNtaW1lLXNpZ25lZC1lbmMtY29tcGxl
eC1ocC1zaHktbGVnYWN5QGV4YW1wbGU+DQpSZWZlcmVuY2VzOiA8c21pbWUtc2ln
bmVkLWVuYy1jb21wbGV4LWhwLXNoeS1sZWdhY3lAZXhhbXBsZT4NCkhQLU91dGVy
OiBTdWJqZWN0OiBbLi4uXQ0KSFAtT3V0ZXI6IE1lc3NhZ2UtSUQ6DQogPHNtaW1l
LXNpZ25lZC1lbmMtY29tcGxleC1ocC1zaHktbGVnYWN5LXJlcGx5QGV4YW1wbGU+
DQpIUC1PdXRlcjogRnJvbTogYWxpY2VAc21pbWUuZXhhbXBsZQ0KSFAtT3V0ZXI6
IFRvOiBib2JAc21pbWUuZXhhbXBsZQ0KSFAtT3V0ZXI6IERhdGU6IFNhdCwgMjAg
RmViIDIwMjEgMTc6MTk6MDIgKzAwMDANCkhQLU91dGVyOiBVc2VyLUFnZW50OiBT
YW1wbGUgTVVBIFZlcnNpb24gMS4wDQpIUC1PdXRlcjoNCiBJbi1SZXBseS1Ubzog
PHNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1zaHktbGVnYWN5QGV4YW1wbGU+
DQpIUC1PdXRlcjoNCiBSZWZlcmVuY2VzOiA8c21pbWUtc2lnbmVkLWVuYy1jb21w
bGV4LWhwLXNoeS1sZWdhY3lAZXhhbXBsZT4NCkNvbnRlbnQtVHlwZTogbXVsdGlw
YXJ0L21peGVkOyBib3VuZGFyeT0iZDM3IjsgaHA9ImNpcGhlciINCg0KLS1kMzcN
Ck1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRl
cm5hdGl2ZTsgYm91bmRhcnk9ImQzZSINCg0KLS1kM2UNCk1JTUUtVmVyc2lvbjog
MS4wDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0DQpDb250ZW50LVR5
cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIjsNCiBocC1sZWdhY3kt
ZGlzcGxheT0iMSINCg0KU3ViamVjdDogc21pbWUtc2lnbmVkLWVuYy1jb21wbGV4
LWhwLXNoeS1sZWdhY3ktcmVwbHkNCkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5l
eGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+DQpEYXRlOiBTYXQs
IDIwIEZlYiAyMDIxIDEyOjE5OjAyIC0wNTAwDQoNClRoaXMgaXMgdGhlDQpzbWlt
ZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5LWxlZ2FjeS1yZXBseQ0KbWVzc2Fn
ZS4NCg0KVGhpcyBpcyBhIHNpZ25lZC1hbmQtZW5jcnlwdGVkIFMvTUlNRSBtZXNz
YWdlIHVzaW5nIFBLQ1MjNw0KZW52ZWxvcGVkRGF0YSBhcm91bmQgc2lnbmVkRGF0
YS4gIFRoZSBwYXlsb2FkIGlzIGENCm11bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNz
YWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZw0KYXR0YWNobWVudC4gSXQgdXNl
cyB0aGUgSGVhZGVyIFByb3RlY3Rpb24gc2NoZW1lIGZyb20gdGhlIGRyYWZ0DQp3
aXRoIHRoZSBoY3Bfc2h5IEhlYWRlciBDb25maWRlbnRpYWxpdHkgUG9saWN5IHdp
dGggYSAiTGVnYWN5DQpEaXNwbGF5IiBwYXJ0Lg0KDQotLSANCkFsaWNlDQphbGlj
ZUBzbWltZS5leGFtcGxlDQotLWQzZQ0KTUlNRS1WZXJzaW9uOiAxLjANCkNvbnRl
bnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQNCkNvbnRlbnQtVHlwZTogdGV4dC9o
dG1sOyBjaGFyc2V0PSJ1cy1hc2NpaSI7DQogaHAtbGVnYWN5LWRpc3BsYXk9IjEi
DQoNCjxodG1sPjxoZWFkPjx0aXRsZT48L3RpdGxlPjwvaGVhZD48Ym9keT4NCjxk
aXYgY2xhc3M9ImhlYWRlci1wcm90ZWN0aW9uLWxlZ2FjeS1kaXNwbGF5Ij4NCjxw
cmU+DQpTdWJqZWN0OiBzbWltZS1zaWduZWQtZW5jLWNvbXBsZXgtaHAtc2h5LWxl
Z2FjeS1yZXBseQ0KRnJvbTogQWxpY2UgJmx0O2FsaWNlQHNtaW1lLmV4YW1wbGUm
Z3Q7DQpUbzogQm9iICZsdDtib2JAc21pbWUuZXhhbXBsZSZndDsNCkRhdGU6IFNh
dCwgMjAgRmViIDIwMjEgMTI6MTk6MDIgLTA1MDANCjwvcHJlPg0KPC9kaXY+PHA+
VGhpcyBpcyB0aGUNCjxiPnNtaW1lLXNpZ25lZC1lbmMtY29tcGxleC1ocC1zaHkt
bGVnYWN5LXJlcGx5PC9iPg0KbWVzc2FnZS48L3A+DQo8cD5UaGlzIGlzIGEgc2ln
bmVkLWFuZC1lbmNyeXB0ZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3DQpl
bnZlbG9wZWREYXRhIGFyb3VuZCBzaWduZWREYXRhLiAgVGhlIHBheWxvYWQgaXMg
YQ0KbXVsdGlwYXJ0L2FsdGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUg
aW1hZ2UvcG5nDQphdHRhY2htZW50LiBJdCB1c2VzIHRoZSBIZWFkZXIgUHJvdGVj
dGlvbiBzY2hlbWUgZnJvbSB0aGUgZHJhZnQNCndpdGggdGhlIGhjcF9zaHkgSGVh
ZGVyIENvbmZpZGVudGlhbGl0eSBQb2xpY3kgd2l0aCBhICJMZWdhY3kNCkRpc3Bs
YXkiIHBhcnQuPC9wPg0KPHA+PHR0Pi0tIDxicj5BbGljZTxicj5hbGljZUBzbWlt
ZS5leGFtcGxlPC90dD48L3A+PC9ib2R5PjwvaHRtbD4NCi0tZDNlLS0NCg0KLS1k
MzcNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LVRyYW5zZmVyLUVu
Y29kaW5nOiBiYXNlNjQNCkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQpp
VkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFBQUFj
RWxFUVZSNDJ1VlRPeGJBDQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95d2l3
WW5DdGtES25iY0xrNjZzcWxUK3p0OWNpZGtFKzZLd2taDQpzZ3J6ZmNxVk1wTDJq
bzA0NDdnWURwZUFyaytPbkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldSV00v
dWxpDQp2ZFBmMVFaMmtERDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0NCg0KLS1k
MzctLQ0KoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
acKTg8cc2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrsz
yidmbuZmOpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOa
Gdmnx4OG/e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXC
N5XL7wWTLMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWz
B2zNS2OF+XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVK
arUCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUD
AgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoG
CCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj
8OeOr83zdw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZI
hvcNAQENBQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4F
zkgRyOg31/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMt
jH2x9SG91PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZR
zWmkw1RF7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8
A0enITGXnoEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQs
qm6hvrDTqNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV5
7XV/QqmiXDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYx
ETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3
MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUG
A1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC09InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHU
a4xQUl5JO6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz
/evPgP96wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3
SryCqeHEFbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQ
saqpo1d3f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgE
ykRiVokFQgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAX
BgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUu
ZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzE5MDJa
MC8GCSqGSIb3DQEJBDEiBCDmeJ6lsrSkjN4AZBIkFqDsd0GBqHEAIhAZzSPkodWm
CTANBgkqhkiG9w0BAQEFAASCAQA8+6A0jm2WrDdfvFYh0OQ4Rpy+6ofiRnx5jI8I
a0iD6U77+KS/1W9c4rm5Sk2ElE7gZb/XL5D7l9X5aoiuF6KgyPrzNCL4G3Zz9zLY
1l+7Cc+VsR8HcY9mgI5U34bmT1xZCHk3V+hTSUn+zE2XV5khxX0E5OxGzkrSz39Y
TReERGZGPPXorUIc/MPPKVNE0uhlVUY3WVp9oECnYOBnZ8Ed91rzJWH9hbvUq+jx
22s5mbPGSi5napgEIr/vv66CuCSBK9oqUG4/dyd/hvLVgtZ3knoxn8VPXUgf8Yw6
my5/oStqcO3Q9Sd176LsZ4Otgc4kG789qHAlTax4HGqU3bAi
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-signed-and-encrypted-reply-over-a-complex-message-header-protection-with-hcpshy-legacy-display-decrypted-and-unwrapped"><name>S/MIME Signed and Encrypted anchor="smime-signed-and-encrypted-reply-over-a-complex-message-header-protection-with-hcpshy-legacy-display-decrypted-and-unwrapped">
<name>S/MIME Signed-and-Encrypted Reply Over over a Complex Message, Header Protection With with hcp_shy (+ Legacy Display), Decrypted and Unwrapped</name>
<t>The inner signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-signed-enc-complex-hp-shy-legacy-reply.decrypted.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Subject: smime-signed-enc-complex-hp-shy-legacy-reply
Message-ID:
<smime-signed-enc-complex-hp-shy-legacy-reply@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:19:02 -0500
User-Agent: Sample MUA Version 1.0
In-Reply-To: <smime-signed-enc-complex-hp-shy-legacy@example>
References: <smime-signed-enc-complex-hp-shy-legacy@example>
HP-Outer: Subject: [...]
HP-Outer: Message-ID:
<smime-signed-enc-complex-hp-shy-legacy-reply@example>
HP-Outer: From: alice@smime.example
HP-Outer: To: bob@smime.example
HP-Outer: Date: Sat, 20 Feb 2021 17:19:02 +0000
HP-Outer: User-Agent: Sample MUA Version 1.0
HP-Outer:
In-Reply-To: <smime-signed-enc-complex-hp-shy-legacy@example>
HP-Outer:
References: <smime-signed-enc-complex-hp-shy-legacy@example>
Content-Type: multipart/mixed; boundary="d37"; hp="cipher"
--d37
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="d3e"
--d3e
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii";
hp-legacy-display="1"
Subject: smime-signed-enc-complex-hp-shy-legacy-reply
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:19:02 -0500
This is the
smime-signed-enc-complex-hp-shy-legacy-reply
message.
This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft
with the hcp_shy Header Confidentiality Policy with a "Legacy
Display" part.
--
Alice
alice@smime.example
--d3e
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset="us-ascii";
hp-legacy-display="1"
<html><head><title></title></head><body>
<div class="header-protection-legacy-display">
<pre>
Subject: smime-signed-enc-complex-hp-shy-legacy-reply
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:19:02 -0500
</pre>
</div><p>This is the
<b>smime-signed-enc-complex-hp-shy-legacy-reply</b>
message.</p>
<p>This is a signed-and-encrypted S/MIME message using PKCS#7
envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the Header Protection scheme from the draft
with the hcp_shy Header Confidentiality Policy with a "Legacy
Display" part.</p>
<p><tt>-- <br>Alice<br>alice@smime.example</tt></p></body></html>
--d3e--
--d37
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--d37--
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
<section anchor="smime-enc-signed-complex-rfc8551hp-baseline"><name>S/MIME anchor="smime-enc-signed-complex-rfc8551hp-baseline">
<name>S/MIME Signed and Encrypted Over over a Complex Message, Legacy RFC 8551 Header Protection With with hcp_baseline</name>
<t>This is a signed-and-encrypted S/MIME message using PKCS#7 envelopedData around signedData. The payload is a multipart/alternative message with an inline image/png attachment. It uses the legacy RFC 8551 header protection (<iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref>) scheme with the hcp_baseline <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref>.</t>
<t>It has the following structure:</t>
<figure><artwork
<artwork type="ascii-art"><![CDATA[
└─╴application/pkcs7-mime [smime.p7m] 9580 bytes
↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6082 bytes
⇩ (unwraps to)
└┬╴message/rfc822 1876 bytes
└┬╴multipart/mixed 1828 bytes
├┬╴multipart/alternative 1166 bytes
│├─╴text/plain 392 bytes
│└─╴text/html 490 bytes
└─╴image/png inline 232 bytes
]]></artwork></figure>
]]></artwork>
<t>Its contents are:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-enc-signed-complex-rfc8551hp-baseline.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
Subject: [...]
Message-ID:
<smime-enc-signed-complex-rfc8551hp-baseline@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:28:02 -0500
User-Agent: Sample MUA Version 1.0
MIIbnAYJKoZIhvcNAQcDoIIbjTCCG4kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAIGTjqXl+E6A5sPoSiC4rgKQPp/Sq9KlmiYZ
kHuhai6C1kyLR/I+dsQNtJb+T6nUMs6u0C8lHLFMolShXNbmU0UFxbzTjBmz6qdb
gqzLeYdkT+l+EuFrsgQ8XtDNqIZHHo6u0c4lZWxdJ1kBGaatjQjzo7qA4fG1uQ/A
NDPZHozuhLE5/Q2+0CTbAawvfXDmA+Ss+Sh5vVxtw7evOxNoRPzypAvcc/gLCly9
C5RJDy2ctavux6LmC89561I25uUHhgSxCaVT8lxhUMxvgCeN0nWBDp1n68Xy836V
d2LKSiEq0INfA4O0OrsujxP5WJaJm4xh+eSUQcCpPcJEGBMuWaUwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAMVD52+ksD3N5L7ElKbclg44f
WmBMTTsrUeL+q+sqHAzPNf+7x2Yitv9X4QjctucZQNo09s41d7WiaV6TtMvCExcM
Vi+bu0jPHiei2WxtASZ9arH0W2+aB46Iw7UTbrwl3EXSAN5IXFIyeQTl4mjte2Rd
Mxp3o0z42WOzsfAh+3mr6bNvoSiS2WUbvwP36VfWir1GT1wf2Wdv8a0iCcSE0jIE
5oKEenck4jNNxXe3i30L3x3FR51piNpxcxo60iuJcyNpBnzjZ6FLzPDKyqPLzhDg
mBMG4XyMsNeL8fq5Yjjuuz7xtUKQi8lEih5G1MeeLCy7IyPR1vzraIe42CNpwzCC
GG4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEFNM7bcQDJtZl9ZLfi1Ni2aAghhA
nYiY1WB73GOhddIjiceKCfuPfWFmUwC3zkyxz5Qgh/O7UYL2YXPH/+W2xZnSl1U5
eHN3eLqCmsRC2bRfPApVda/ZW7J2GCEHYORRg44m1k7bLrQACA5PDn3T5cYT+syq
evYnIqK0tAcqo7cphQZ/n/uwdvkPWvkn8dQe0H8RTw+CsMPo9SezKr3hyJTENhre
Tswyoow5httSgHf1vSv51dKJMuKAGvXW7AaAImuNh6rtknzXS+VzUNVh0FvzgLUA
36SzeFdJ1NTrpM04p/Du00S9saLdxF0O1TMLaungoLMZgM60ZCCLi3z4CFuQyIlt
UB2viRGOfJhkePgWaoty6eLvllTXKCXb10ehMU7f8VowVwRWm62h0/SYvPBuGuXJ
7GEVYHlrp4aXR2KQbeMoyxxY5hUGKWzDg4zJc1r80IAZXc64s7SR01x5BVinXhSE
w4VGQ7Qv3CpolKQeuyQ14XK7/nzlkYWdXLFefuU528gHy42Xt+FaKR6ZElFURPdr
0IIWN+Gdr28bpQomhbmhm71Srz7q3IIG3wXEh/qrxWf0yzSrrJluLcCAh9dyWM3e
vfuneXrnxTr9Tf1GW/rNygZoHMvrjpSRIrzEAqqCzt/Vs1+ds0TBHn5fs9E2poIW
9bXm54ucpXavu5ZafpHUReTrXLMGPJ+IkyGGVrACwAsIDYm/aPSM4HA41DzHtkY8
q/HRYWR6So7rlYEo74bY2e+TyOJhSApZ87b2I1JMkHUZeB3aAPswZeMdZoA0HF+K
HK2zXm1havuDecCc59q+DP4ROnfMbAU2ACTxvh+dJzX9GdifCUeh9NXn73fb8f50
7k3GRbg3TgoUDJmfbU8wxeHtx7DvaylbaRLAW8CT0fyedJFGl7qhL3izlhHp9Jjs
SzZpzlLCP/Yv/O6zNuP0RsR0WuaqYdK3qppgIoGta5Z+ZcHxLAhlrxr/mF1qxDoP
sFhG/UoPSLT/lyzYN4pbBqC/QRuC3gr0MMKHpBm7G6gJppBW74se9w4IwIBmlnO2
f8T2FgobF7Z3ne1LRpLCDcaQhFvCyN1IRu9PJH5Kcc0hGYqIAH7t6JPRfcImNbtS
W8Y5bcZ0/1S5kY/Q9NpeAiUDVNdt0qdYEOtcNSpPhi9TrtqULD5EpGJscO5Gmkcn
ATDL5nzJdLB7XvRQKi+FeWIzUzlr+IH7ik37WGkjZwwt+ClY1kAjgX39poUJTf+7
r/gaI0pg/vz88lqZk6vgRQmIRwBv2GvLEfvMz0Ohf9vAwzYxbc3uj64/5aXJbsxr
PxpatoiRJu+pF1nh6bPK+THYTnej2tlG1zLWuEvxZvHnUqlWNh4cRsuwm6Cf0H/2
kv0HY4Rcnjiz13aPMIU/zjg0rkfmPfZfofyPJfNsiXC1h8Cty0HKZC/nWlLg0pJg
hm+FbvUIrvhPhMKMJgY3nOqF6eEkwqnZpWzQxp8wcaVNsP10GoBG3Lef1MbSnsIh
rUx6OyXXdpxaIgRWJQpXkSd59z5VTIyEbJj8iil/GEqqXs0WMGOnlRE+o9sR21Za
+m65T7hsq0U776EWjZwcrb44rn/sW+mg+8+leuXL4UNADrm64qXvCcIkHrTpPRML
k/W71PtYybEx8eZRkEG3tIWog3HV8w+WRKS1smFYvFxw66eU9cFDnKoYJAQi7USq
fdkW/QLuXUJuGvpKGGWm8IJgOezbGPkbiYw+BTMJKExgXStAhAhhVFP3m/47AUx9
bGiRMGgEBvprT9Iu7mydHOjUO//qRm6fUXOYJ5Xm8OUjk/wI/wOCdtO66tw/d9L4
n2skZbRlMEdSja62427CHLCedZAWyyTaCdkj3QiC/vfj74okv+U7SsDyUWxnSK0p
pMZESdV8qUpPRjT9Eh6BSD4B3SrGDuhSEdNuW60Qb2Yab0ZjWaurJeGqVn23A+tR
u92mwIBB4K/9w9LGv6NXRVoLuSZ7wxcERmM9aXg4f6UjPKijbPzADnPrahqsZ4hb
TpbxZkU/U6KmNmO/l9M5KZjfRMO87dIA8K8e40eJoqGeCyTezC8SzuKy6w26bLQQ
TonyUBgbpnRzPg3dx6A6Qfr+H7E1XXDTTWcoY9FCGPuYkkmjYgjRW/7phcASXgHz
76+C15RI/CdZh5q2hCZE7L9dqHO3sX/12pyR/DCoGDNlO0x/u9xqBo6mxR3LTYf3
RP6TVLKnT70ynXDmYjaJMaMWj/+EKsip70TxZanpHeh74lO+YWpvKL5PQtxvSko+
EohJTUaPjxG6EJj4K7Xu4aq9UqW7c0fyYM1oOabQaB9ZY1K3aQdRwvY2D7//bCo9
56J84DhlKfp1MkakehPJFY3FvParM9kRYxf7CnhVdQX2UkAi5xasZRK020ksUr0k
sOM1TvefRZbgaffX+DhtvvbUvFlit7PVwjc5Q0c5YiLELlgSqTpKKnO+IL0u0X3H
pZmms25AZqtY8VZEtjuFv5XoZK/HtF646ipe0yawWi1JoNGSw50CVz5zy9YtcfPI
Gz56LodAyQVl7CHSZCRE9tTlyyFxsZzyfK+AqgcahrdT7sc83lpd3PiwAjUL0VCg
8EFNHILF3VT9+DsjGZJbqvoITgB51p0i4cdXgS3/yaZ0aESnZBAnEBUXtQQL9wqP
l8UcDog+kvMK37AYeqGgoseh6ZvJXd5hIMj6WesXUTOQy6IGzZciDAPeNUdMmW0U
NivI9SL8uxbSXG8NB9Q63xHj6J8WjNaNzWZPEr/qylfzQaP7uywTKXr4cVTVYwKG
TZGZt1OZnymvwWoH7LhJ5qS1pPqe/4gNijCcngBmRpeG0qDHOSFJ//3Lncg94gnJ
N8f9Y8zUkulrO2LHsTuzz0I2YCZsP42ZgL66H3uy7MkvgYYFO3IHrSim/evQqS/Z
WKpHRCO2Cof8hta9pZQsR6WBWCxCUSEbgcBskZVg2iApVXVDgDyYPHIt0KSUef1S
QKsXXlCT7IR4g//0MRP2RyKcrYiIkz09auKYex7CNyQYZfqeeMKUuKw5gXjMZS/p
jV2Enoo1UG2kzAYFL2mRzdbaxeoqXVvbgErM4c7WKkomfoGIP6Kk4mOWwcEvPozJ
pNxUOCPIUBoRcXMuoZp0u0bvU30EBRX+gJWYqRi9p1dnc9EXzm1MHX7Ui6xT6ZCv
DF7YhBWV2GvGC+YKR5IJpXEPO0l5PEnGi3cNV9htahhtQWK8DiYjR4BOtHQ0mZRL
NGWRyDbV60ac7pvl/wPwCEEfySu2dT4hvFIEn17B2oLKxowoJsEzOeOF+C23xR9n
HfMNe/Fd2JtxJ6WJfpYmG/hvdYY5FNt4VlNpK/guwMbjbYfuRbHhCb5AG0gbxiIx
bszWSIv/af5aFhQWh7eXZcSZoJ3PZIK2z6r9ALFaGy69Qiswbgop4VGs89kjBrZQ
42+eD859Xw2zr8YRuskKIrAdl1jB2txZQYZQkHhzMjagEgc6scYEgikMTRyMDY2T
PgJtyLi11Vec6ZQ29/go9N/rIYDmYx1wN/eBM7SqvQqkhE6AerBhiGetmllgRn8i
BbCgc8ClQUbVQ45XQzE3mhm5UnAbJWofEdHJabShy1hoMfuFQFXd4b4okMUFOw9H
hTi3daOLjmqgo47E1OHalXt4MItAhLXP9+GrhVE5vYN1h/cVRA94K8MlL+5HzT1f
l8Rgls8gLVKV1D+BlXFw7JfS04vAtfv62ttuEinRUicte2rMKi4RKa0m7FYGiD36
QleGa9W69kkJOxpykFAR6qX/UE0TVydER4+6f4/43Pu53DQs3HqoKsW65q1xb3vX
zci638qUL4lu2LjmxWmeBm8vRyhY84QR95qI/RHoYWIXNSEXggcX2Evvow+cOrc6
s3C3KjD08EyT7CKtqOyApOHcWhFI3gLvgJf7kd4hvZ3IsgZ0TPpNhPoOLw7OwWtX
qX3akv8xPBPQ2DfUSuoJyhoMQFLx3zVL2Bl7wm5Q+TqcjM6R56MGfvBGuMmbEIQ4
Wm4NY7I8LPN58UeKJ3A2pxhRXG/s/q8PMZUJeXL5QtYBonMFNnISS11T2cP8bB/G
LYTC3q8aejWKSg+mX15sovgxDGFFR/Ru2y/Rlx2Mk76tJPr+8nbCYVnNFfdlZEkc
htdwLlm1ocXvtb4bjKyMkd9LqH3bDfBAapQquQ+6FG3wTedEsEvPOxvg3byYYXb/
E/nvvKhX5Dp90jNkhlGhGfDmoJwJCXutvvd+tnhIFFlarvqfo6zFCQXetwFgBEgg
SYXUugaiovw5r09/7fJs4+9Lwr8phsH1tNibweWGmh9o3GM8tGgxfhaOtikRWx3y
MpKecxe9RWUufrUwScDYpTI7sjnqHAjm3qT4YCTnX0QsYeE14yXUo+fTU5WA4evq
xzNcaHo+61Y+/rgB6TFYIQg1tRINAp86EB930uKbJN6xga2QjICTZlvzF9aperRF
Tcmqws2kESiyvxZBGbVhqGSPn7fBknlbAA8MLHhBQVhiA7h28biGv5gOnhipApDo
lRDxJh1q37N0fLOxQXDzuqUt44MMY9CqFZxeRDTcq/dGHztoKum6NHHZTbA9ugnT
ZzcFrtK3yor5ahbjcsWO+44cq52TSRBZy4yGL14+oMD1TbePqRyKdpuUxNeaZmex
80fBFBDN1p095LRb85tOtLzXDALvhshpuWVn+sH8uC6clrJ/x+LRP6idSiTDlglE
+yRzeG3YXa2LtLbE+PjDmFla9cOeO89nNGvqYKoqjDYFdnAgX99stX2gJ5pZKuzn
k8lGBnH1/ytiRKMlNOVQSROQuRniUnlM7UjAuvDt4WhpOyo6d4n5EG03IrAs/0ms
0fd5KwaQV2kM7gLVWC8EDFFPAQtLjVXnbqrJHnpnzb8+3Umdc7bbtTHrHdvbOgXW
Qi2IOPME+CC4pY7QVjLdW7EUHtWzu577RVyjCgKnh4qVtPSqnDk0lfogprqO8Oos
9UUNreV+Ie06Mk54JjGsw4yeKYTYl0zEuxZ2X1ec6ah5pDdofAln5uOwAMBVBodL
q388bcdVtmLWKd0TEc+3Jx+fGCUQfQJq18lpzx6gPm1h/61QXF9R5JPc1fiA7gJ7
hpSLRkiQrXZ7tvpxRAFdK9xp/hyKfo8SBPYGZAKvt7H8Wv3akP3hPBhDsKdTg2yL
kZciqnm8fa+A8QM6fjHXF9CQ7kAKL5Kyzrn+hQ8gndovU5hKCmLOOPRKC488lXGX
sHqQMP/36DGjEGXyGmmlCIDWiuIfHxQ9vaDZB9c5muWYbI00anAUBiPsuQYDOvap
vyxeONavr53nofOv/AlrMUBiEaJcokDU9LjdqqbmO2DBwhqL7Qkju+fvgl8+jOtB
8BuGWtTHFpvXY0wQARIfEonj4qM4PM/TmZYggqaWkSgqCfcMKa0LoIEHLe3k927w
TKnKuorWmjdSm0PzWzekxVuEvwmMPWCkL/MRhDkbgm1tCrc58UsgdznEy2K15c/W
BPc9dhuzhyAP30tgN8NiPjANFymRYlZ1XRibTFrWbGZ4JkUr7rjLAJVhMb3a7TBB
16Bl226lYu2cfbEpJNr/yTvG67xEB8dGA0etD85ZaKGCtvTN4K13SsCEvkNydf7L
GjzW7UvGHnYQoPZ7c+rLLAvmQpLsbsvZDIidYvq7GjO5C+N3K/Kz1VL7RQOabErj
I+xB1lC/D+LOUjFsZiphJjI57P6wAL3euP9Y6Ytr+SJQmndw6Nkq3t8l2S0FWMVz
zLeAvJ4SaRHy0ERQ/nrfGTIx2GmTZUvrsrn9KUtBn7dPLmyKqzl3zYf55nLNA+Gc
LheU12GH5K4Qja3qKEnpz0KpDXuEFyxA7iFvcKEqJm2f3fEJ2KfSDeNdNDFf642m
oX3Z7y3dls4iKds83wjOPORCo8j9ro03GxSCjmlgTHnR5sM1bYrye6oh0pw3SjyB
8FAKn+qdH4Z/ndk/K/UqZ8MyDJAXuSQu6rHaEv9zz2K6HfyLqX83obnFYE3WNHzY
TFFLKqw31A5ZRtCUTN0D6LfZ0ikwrgB+pWzfzGvRbghK+sGKweMEFF2Cbn0z3A3g
bvC3sG6/rxBFZ/iU3Yd6hBiRMjqUUojsl9zSowRlkbUIRXZteaDnhz5qwcmPt3rO
iod4Z2QmnW8mJM0OT8uX0MBIFwCjKRgqKHfjeTnT1NCpxOH5+6DJrj0mEPhfOB1o
nHKJor6EOMU4zsDAZHCcepPyvRfLTp7TvUf0D5RBkqNf6JfGoPTLQ6JClQnMOPzS
SlFAodd2Qng3q5fQh9tiaohZdyf2hN+lb9bvac1LUblSZM6mS/JenvA/+NVVoqdh
3IEAepXOHv6B0PxN7V/R4JtTgVIJTWbC3TyLdseAii+Y3yEFFKIUABGGd2mSpJNV
mPze3fiKmsfj+O5kcKb7q+EB0/CDSU+upSFmRSq2YbyM+P5/1faoUz2Nny+ee5Z7
0YVfMt6jhWqZgvpdTaVzbKiQ/aCQmmRnxEwRQ8fhbtXrnzdebHK7sFuqn5mtsfgR
jL/s+D5nQLkc+VtpslqaOXFAFz+iGLFuA2FDuwIkECu4qoMsE0EP+gbcQlEbjAx2
oR82st4KgqDeBga/3GTqx5TN0nbn584ujZ+VAYy0UZjShlH+4NJY1GMRHlA1b3kA
hWtP//PnkX1aZFVGWAHhiPIneG/ZCtRGUWqWUMn9DRd5BNMS7S/xl17KIF9lFbLS
6b5f5R5J/wjdwCC8mH0CCNXrdWRID3vqVEyBvH4usBoA8v64+ttQIUSttweBoG6W
Al2Qorxi8wZGqZ6qLp4glATHp2Ni1Aq90kP2cBfUNkP5GLdBD61O2qoBLtUuRliA
T25cdgz1JOtHrFsKJ4t04Udb8PWSr5DuFINhjcDP/wMthFRhCrLSipJsOEzreASD
C1fuEYbwD2or7UiWaZC37ERT10VC+kyNS2j/bxNubKpXWgOH0TWT0LdXjCj3OsDN
llhPugAjgZOpx8f+wyaucDExq6ubMcMtE4QLng7ivqw7vJFs51FIigskVPRnB0ro
k6rPrEMP/zgVSEBt0ULp2CG0RdUnPCLTlGR/B9F3WRfjHhowbnYANAZU1LgR/doC
qEkgjxVKfThjV+Xf9BWU6sBAVvq/I8O5hdZEn6ALRDrSnusIwmfVTdkbl6uSQD1p
MZjuGe+TkSpUY2CUIVucmmV6HCVJm4H+J3U9bsmQOWeCtR1kDKLaquuqYCjJk1NB
vJOaDR/0NJizyCpC4seGJ8gPRKV4VDvcH3jCjNOXFc9sS3YQdJWS13NpYoZkBymg
CR6Gf4WX5Mt8yhWPBP2ZYCF9yj6B30SVd8UU/01/v3z3kH8gtni7rwq9YX5+SOx4
h5FKsYkYFbt+Llh9BEaHvYF7ENwT3IS6tIs+A5g06By7O8pPoEKrZclMYAOpZste
nKrOIJNLjUNtHyJFI5K6o98GGJ3REHJ3i83rfkWO31G5SVgYqk72m7j/dlJ28x68
A2iqgtcaZJgzgAKYQDz7Lyvbd5lYaEU0yt+CjhsJjS6JmTab23D5iovFfoD+AmpX
5GKRKIHv1JF6ok8wQp9dKYDNmocg4m+oqIngVoioLn1N0A370i8yhC1qmFXpEwox
saxFq/hBWHKmxJlCxEFBF/AYw8M9ibOwOJA5r0U4Lg/+3UiUKRimbX6X8R+FS3c3
5Eqs0RH1VDzTvu4aaIb5OfVZCjX/L9xT4ezXZqbR7JSGryHZr/CNH+8AtfTXEC4U
xAmFAXgfuNc18ZkVtSLPjJ418cSe+VOlQ3WH2Os2N3PP6UqR7hlgymJeisV80C0N
kuu0AYauvHf6mDPhbsvdtTLQUY9cQ991c1XFB3NZwZa1GL9BtYpLU9xsd4k+qyzI
5zW1UEG0B265+FhYBMz12KRvjfTMegaMCqo3WKG0p/HfdGRFXzYScZCDKe/n7pDW
45+PhVyrxqQpsdyxTHb0qetjbYM/OlydenM47tvb9D+UIpRjYLmk3RCMKfbAd6nE
ctVLhUHswCMx4lnVRdIXuIc4yQrquAVPvlfzBVIxDeemkf2kmrA1P5aYZniflr7i
SRG+XntvfKyyKqr09A605hOz8GyDSOIDRq5SykbeuUZd2MkhMHiqn3pkgWxfFADH
rptkhjQytcY4j8Znqg8O70da9J4G4sbILV5OgKaTt/7okM+rQ8ikzR9UJsAAgewn
DrnutsyrGrSmz7wIFkexxWnM6NZYMcJpdy0KXuctfBWIQs+ZyYrsd4pH3MP/hc+1
t2W57Gm57dXBh0lqxDnaGFGVBlYioWj/v1s0EoaVUM+XCYEsRKge45drULGh0qAZ
sG1/1VBptLyt3UY3jh1tUw==
]]></sourcecode></figure>
]]></sourcecode>
<section anchor="smime-signed-and-encrypted-over-a-complex-message-legacy-rfc-8551-header-protection-with-hcpbaseline-decrypted"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-complex-message-legacy-rfc-8551-header-protection-with-hcpbaseline-decrypted">
<name>S/MIME Signed and Encrypted Over over a Complex Message, Legacy RFC 8551 Header Protection With with hcp_baseline, Decrypted</name>
<t>The S/MIME enveloped-data layer unwraps to this signed-data part:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-enc-signed-complex-rfc8551hp-baseline.decrypted.eml"><![CDATA[
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data"
MIIRQAYJKoZIhvcNAQcCoIIRMTCCES0CAQExDTALBglghkgBZQMEAgEwggdpBgkq
hkiG9w0BBwGgggdaBIIHVk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyDQoNCk1JTUUtVmVyc2lvbjogMS4wCkNvbnRlbnQtVHlw
ZTogbXVsdGlwYXJ0L21peGVkOyBib3VuZGFyeT0iMjY2IgpTdWJqZWN0OiBzbWlt
ZS1lbmMtc2lnbmVkLWNvbXBsZXgtcmZjODU1MWhwLWJhc2VsaW5lCk1lc3NhZ2Ut
SUQ6CiA8c21pbWUtZW5jLXNpZ25lZC1jb21wbGV4LXJmYzg1NTFocC1iYXNlbGlu
ZUBleGFtcGxlPgpGcm9tOiBBbGljZSA8YWxpY2VAc21pbWUuZXhhbXBsZT4KVG86
IEJvYiA8Ym9iQHNtaW1lLmV4YW1wbGU+CkRhdGU6IFNhdCwgMjAgRmViIDIwMjEg
MTI6Mjg6MDIgLTA1MDAKVXNlci1BZ2VudDogU2FtcGxlIE1VQSBWZXJzaW9uIDEu
MAoKLS0yNjYKTUlNRS1WZXJzaW9uOiAxLjAKQ29udGVudC1UeXBlOiBtdWx0aXBh
cnQvYWx0ZXJuYXRpdmU7IGJvdW5kYXJ5PSJkYjYiCgotLWRiNgpDb250ZW50LVR5
cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZlcnNpb246
IDEuMApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0CgpUaGlzIGlzIHRo
ZQpzbWltZS1lbmMtc2lnbmVkLWNvbXBsZXgtcmZjODU1MWhwLWJhc2VsaW5lCm1l
c3NhZ2UuCgpUaGlzIGlzIGFuIGVuY3J5cHRlZCBhbmQgc2lnbmVkIFMvTUlNRSBt
ZXNzYWdlIHVzaW5nIFBLQ1MjNwplbnZlbG9wZWREYXRhIGFyb3VuZCBzaWduZWRE
YXRhLiAgVGhlIHBheWxvYWQgaXMgYQptdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVz
c2FnZSB3aXRoIGFuIGlubGluZSBpbWFnZS9wbmcKYXR0YWNobWVudC4gSXQgdXNl
cyB0aGUgbGVnYWN5IFJGQyA4NTUxIGhlYWRlciBwcm90ZWN0aW9uCihSRkM4NTUx
SFApIHNjaGVtZSB3aXRoIHRoZSBoY3BfYmFzZWxpbmUgSGVhZGVyIENvbmZpZGVu
dGlhbGl0eQpQb2xpY3kuCgotLSAKQWxpY2UKYWxpY2VAc21pbWUuZXhhbXBsZQot
LWRiNgpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD0idXMtYXNjaWki
Ck1JTUUtVmVyc2lvbjogMS4wCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdi
aXQKCjxodG1sPjxoZWFkPjx0aXRsZT48L3RpdGxlPjwvaGVhZD48Ym9keT4KPHA+
VGhpcyBpcyB0aGUKPGI+c21pbWUtZW5jLXNpZ25lZC1jb21wbGV4LXJmYzg1NTFo
cC1iYXNlbGluZTwvYj4KbWVzc2FnZS48L3A+CjxwPlRoaXMgaXMgYW4gZW5jcnlw
dGVkIGFuZCBzaWduZWQgUy9NSU1FIG1lc3NhZ2UgdXNpbmcgUEtDUyM3CmVudmVs
b3BlZERhdGEgYXJvdW5kIHNpZ25lZERhdGEuICBUaGUgcGF5bG9hZCBpcyBhCm11
bHRpcGFydC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdl
L3BuZwphdHRhY2htZW50LiBJdCB1c2VzIHRoZSBsZWdhY3kgUkZDIDg1NTEgaGVh
ZGVyIHByb3RlY3Rpb24KKFJGQzg1NTFIUCkgc2NoZW1lIHdpdGggdGhlIGhjcF9i
YXNlbGluZSBIZWFkZXIgQ29uZmlkZW50aWFsaXR5ClBvbGljeS48L3A+CjxwPjx0
dD4tLSA8YnIvPkFsaWNlPGJyLz5hbGljZUBzbWltZS5leGFtcGxlPC90dD48L3A+
PC9ib2R5PjwvaHRtbD4KLS1kYjYtLQoKLS0yNjYKQ29udGVudC1UeXBlOiBpbWFn
ZS9wbmcKQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogYmFzZTY0CkNvbnRlbnQt
RGlzcG9zaXRpb246IGlubGluZQoKaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUJR
QUFBQVVDQVlBQUFDTmlSME5BQUFBY0VsRVFWUjQydVZUT3hiQQpNQWdTNzM5bk8z
VHBSdzIwZHFwYmZBUlFFak95d2l3WW5DdGtES25iY0xrNjZzcWxUK3p0OWNpZGtF
KzZLd2taCnNncnpmY3FWTXBMMmpvMDQ0N2dZRHBlQXJrK09uSkhrSWhBZlRQUmlj
aWhBZjVZSnJ3N3ZqdjBaV1JXTS91bGkKdmRQZjFRWjJrREQ5eHBwZDh3QUFBQUJK
UlU1RXJrSmdnZz09CgotLTI2Ni0tCqCCB6YwggPPMIICt6ADAgECAhMPLSW9ETmX
Ss5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAP
BgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1
NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UE
AxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9
ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NL
FflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQ
lqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX
1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AO
EksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNV
HSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhh
bXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBSAwHQYDVR0O
BBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEwjnwHFwyn8Qko
ZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBakDKU68ro0RsyX
WAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdaox644DsiLOQEP
4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Nar2inC0D+VM6R
GDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtluLihne0Bp1GU
Tkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK49+qYC9faFmQ
+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vRhZjVD6FYMIID
zzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0FADBV
MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2Ft
cGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAw
NjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UE
CxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/pdO/
KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwXurhY
dZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVBDpbP
4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2wZX5I
CjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peCrhJZ
wLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4GvMIGs
MAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQX
MBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYD
VR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAfBgNV
HSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEA
c4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd64roAKHAp
+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIjSo27PmhKE1oA
JKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31wbqNsy9x
0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1FhdO6
zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0qyTb
Y4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UEChMESUVURjER
MA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6aqdcwCwYJYIZI
AWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx
DxcNMjEwMjIwMTcyODAyWjAvBgkqhkiG9w0BCQQxIgQgzbXAB7rXfNs26yYOHvuE
D4KQ9RzsSF5fL55lZZY7AjgwDQYJKoZIhvcNAQEBBQAEggEAAs1y7DQLS7S+Vh2b
Ju5W9UwkHp6lUk/F7mJE80FRc8K6z8pcSn4xTrlCaLgL7azQ0o/iNQEh2EVJqdy6
huwwtlaeiPa2gXwIHCKcLGhA2bW3/R+sEsJZi7FryqTakOZ9eXcYRXoPWv6ncf+I
eA7jlQX3Z4Ln5pP9p+Uw7H1oroH2Y4e0yAqIMtYXnS+GKALTtbxTa1p2Y9dsHQLS
2cXbfUsU2zc5bstgKXZyTkjuKJ8ivbYJ2ttk79AOMosWkDBmgzKTTS/0HptfO9SD
mX58BvQt6GHQZ4TR2NVDvq3z+/CAlzsR5xmNH1C+uDH99ORoy3w6CHmv4aTTmRM9
S+uZXg==
]]></sourcecode></figure>
]]></sourcecode>
</section>
<section anchor="smime-signed-and-encrypted-over-a-complex-message-legacy-rfc-8551-header-protection-with-hcpbaseline-decrypted-and-unwrapped"><name>S/MIME anchor="smime-signed-and-encrypted-over-a-complex-message-legacy-rfc-8551-header-protection-with-hcpbaseline-decrypted-and-unwrapped">
<name>S/MIME Signed and Encrypted Over over a Complex Message, Legacy RFC 8551 Header Protection With with hcp_baseline, Decrypted and Unwrapped</name>
<t>The inner signed-data layer unwraps to:</t>
<figure><sourcecode
<sourcecode type="message/rfc822" name="smime-enc-signed-complex-rfc8551hp-baseline.decrypted.unwrapped.eml"><![CDATA[
MIME-Version: 1.0
Content-Type: message/rfc822
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="266"
Subject: smime-enc-signed-complex-rfc8551hp-baseline
Message-ID:
<smime-enc-signed-complex-rfc8551hp-baseline@example>
From: Alice <alice@smime.example>
To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:28:02 -0500
User-Agent: Sample MUA Version 1.0
--266
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="db6"
--db6
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
This is the
smime-enc-signed-complex-rfc8551hp-baseline
message.
This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the legacy RFC 8551 header protection
(RFC8551HP) scheme with the hcp_baseline Header Confidentiality
Policy.
--
Alice
alice@smime.example
--db6
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body>
<p>This is the
<b>smime-enc-signed-complex-rfc8551hp-baseline</b>
message.</p>
<p>This is an encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a
multipart/alternative message with an inline image/png
attachment. It uses the legacy RFC 8551 header protection
(RFC8551HP) scheme with the hcp_baseline Header Confidentiality
Policy.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--db6--
--266
Content-Type: image/png
Content-Transfer-Encoding: base64
Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--266--
]]></sourcecode></figure>
]]></sourcecode>
</section>
</section>
</section>
</section>
<section anchor="compose-examples"><name>Composition anchor="compose-examples">
<name>Composition Examples</name>
<t>This section offers step-by-step examples of message composition.</t>
<section anchor="compose-example"><name>New message composition</name> anchor="compose-example">
<name>New Message Composition</name>
<t>A typical MUA composition interface offers the user a place to indicate the message recipients, the subject, and the body.
Consider a composition window filled out by the user like so:</t>
<figure title="Example anchor="example-compose-interface">
<name>Example Message Composition Interface" anchor="example-compose-interface"><artset><artwork Interface</name>
<artset>
<artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="336" width="472" viewBox="0 0 472 336" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px">
<path d="M 8,48 L 8,320" fill="none" stroke="black"/>
<path d="M 96,64 L 96,128" fill="none" stroke="black"/>
<path d="M 368,64 L 368,96" fill="none" stroke="black"/>
<path d="M 448,96 L 448,128" fill="none" stroke="black"/>
<path d="M 464,48 L 464,320" fill="none" stroke="black"/>
<path d="M 24,32 L 448,32" fill="none" stroke="black"/>
<path d="M 408,48 L 432,48" fill="none" stroke="black"/>
<path d="M 96,64 L 368,64" fill="none" stroke="black"/>
<path d="M 408,80 L 432,80" fill="none" stroke="black"/>
<path d="M 96,96 L 448,96" fill="none" stroke="black"/>
<path d="M 96,128 L 448,128" fill="none" stroke="black"/>
<path d="M 8,144 L 464,144" fill="none" stroke="black"/>
<path d="M 8,320 L 464,320" fill="none" stroke="black"/>
<path d="M 24,32 C 15.16936,32 8,39.16936 8,48" fill="none" stroke="black"/>
<path d="M 448,32 C 456.83064,32 464,39.16936 464,48" fill="none" stroke="black"/>
<path d="M 408,48 C 399.16936,48 392,55.16936 392,64" fill="none" stroke="black"/>
<path d="M 432,48 C 440.83064,48 448,55.16936 448,64" fill="none" stroke="black"/>
<path d="M 408,80 C 399.16936,80 392,72.83064 392,64" fill="none" stroke="black"/>
<path d="M 432,80 C 440.83064,80 448,72.83064 448,64" fill="none" stroke="black"/>
<g class="text">
<text x="184" y="52">Composing</text>
<text x="240" y="52">New</text>
<text x="288" y="52">Message</text>
<text x="420" y="68">Send</text>
<text x="72" y="84">To:</text>
<text x="128" y="84">Alice</text>
<text x="232" y="84"><alice@example.net></text>
<text x="52" y="116">Subject:</text>
<text x="140" y="116">Handling</text>
<text x="192" y="116">the</text>
<text x="232" y="116">Jones</text>
<text x="292" y="116">contract</text>
<text x="44" y="164">Please</text>
<text x="100" y="164">review</text>
<text x="144" y="164">and</text>
<text x="192" y="164">approve</text>
<text x="236" y="164">or</text>
<text x="280" y="164">decline</text>
<text x="324" y="164">by</text>
<text x="376" y="164">Thursday,</text>
<text x="436" y="164">it's</text>
<text x="56" y="180">critical!</text>
<text x="48" y="212">Thanks,</text>
<text x="32" y="228">Bob</text>
<text x="28" y="260">--</text>
<text x="32" y="276">Bob</text>
<text x="84" y="276">Gonzalez</text>
<text x="40" y="292">ACME,</text>
<text x="84" y="292">Inc.</text>
</g>
</svg>
</artwork><artwork
</artwork>
<artwork type="ascii-art"><![CDATA[
.------------------------------------------------------.
| Composing New Message .----. |
| +---------------------------------+ | Send | |
| To: | Alice <alice@example.net> | '----' |
| +---------------------------------+---------+ |
| Subject: | Handling the Jones contract | |
| +-------------------------------------------+ |
+--------------------------------------------------------+
| Please review and approve or decline by Thursday, it's |
| critical! |
| |
| Thanks, |
| Bob |
| |
| -- |
| Bob Gonzalez |
| ACME, Inc. |
| |
+--------------------------------------------------------+
]]></artwork></artset></figure>
]]></artwork>
</artset>
</figure>
<t>When Bob clicks "Send", his MUA generates values for <spanx style="verb">Message-ID</spanx>, <spanx style="verb">From</spanx>, the <tt>Message-ID</tt>, <tt>From</tt>, and <spanx style="verb">Date</spanx> <tt>Date</tt> Header Fields, Fields and converts the message body into the appropriate format.</t>
<section anchor="compose-example-unprotected"><name>Unprotected message</name> anchor="compose-example-unprotected">
<name>Unprotected Message</name>
<t>The resulting message would look something like this if it was sent without cryptographic protections:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net>
To: Alice <alice@example.net>
Subject: Handling the Jones contract
Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Please review and approve or decline by Thursday, it's critical!
Thanks,
Bob
--
Bob Gonzalez
ACME, Inc.
]]></artwork></figure>
]]></artwork>
</section>
<section anchor="encrypted-with-hcpbaseline-and-legacy-display"><name>Encrypted anchor="encrypted-with-hcpbaseline-and-legacy-display">
<name>Encrypted with <spanx style="verb">hcp_baseline</spanx> <tt>hcp_baseline</tt> and Legacy Display</name>
<t>Now consider the message to be generated if it is to be cryptographically signed and encrypted, using <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> <spanx style="verb">hcp_baseline</spanx>, <tt>hcp_baseline</tt>, and the <spanx style="verb">legacy</spanx> <tt>legacy</tt> variable is set.</t>
<t>For each Header Field, Bob's MUA passes its name and value through <spanx style="verb">hcp_baseline</spanx>. <tt>hcp_baseline</tt>.
This returns the same value for every Header Field, except that:</t>
<t><spanx style="verb">hcp_baseline</spanx>("<spanx style="verb">Subject</spanx>", "<spanx style="verb">Handling
<t><tt>hcp_baseline</tt>("<tt>Subject</tt>", "<tt>Handling the Jones contract</spanx>") contract</tt>") yields "<spanx style="verb">[...]</spanx>".</t> "<tt>[...]</tt>".</t>
<section anchor="compose-example-payload"><name>Cryptographic anchor="compose-example-payload">
<name>Cryptographic Payload</name>
<t>The Cryptographic Payload that will be signed and then encrypted is very similar to the unprotected message in <xref target="compose-example-unprotected"/>.
Note the addition of:</t>
<t><list style="symbols">
<t>The <spanx style="verb">hp="cipher"</spanx>
<ul spacing="normal">
<li>
<t>the <tt>hp="cipher"</tt> parameter for the <spanx style="verb">Content-Type</spanx></t>
<t>The <tt>Content-Type</tt></t>
</li>
<li>
<t>the appropriate <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Field for <spanx style="verb">Subject</spanx></t>
<t>The <spanx style="verb">hp-legacy-display="1"</spanx> <tt>Subject</tt></t>
</li>
<li>
<t>the <tt>hp-legacy-display="1"</tt> parameter for the <spanx style="verb">Content-Type</spanx></t>
<t>The <tt>Content-Type</tt></t>
</li>
<li>
<t>the Legacy Display Element (the simple pseudo-header and its trailing newline) in the Main Body Part.</t>
</list></t>
<figure><artwork><![CDATA[ Part</t>
</li>
</ul>
<artwork><![CDATA[
Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net>
To: Alice <alice@example.net>
Subject: Handling the Jones contract
Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";
hp="cipher"
MIME-Version: 1.0
HP-Outer: Date: Wed, 11 Jan 2023 16:08:43 -0500
HP-Outer: From: Bob <bob@example.net>
HP-Outer: To: Alice <alice@example.net>
HP-Outer: Subject: [...]
HP-Outer: Message-ID: <20230111T210843Z.1234@lhp.example>
Subject: Handling the Jones contract
Please review and approve or decline by Thursday, it's critical!
Thanks,
Bob
--
Bob Gonzalez
ACME, Inc.
]]></artwork></figure>
]]></artwork>
</section>
<section anchor="external-header-section"><name>External anchor="external-header-section">
<name>External Header Section</name>
<t>The Cryptographic Payload from <xref target="compose-example-payload"/> is then wrapped in the appropriate Cryptographic Layers.
For this example, example using S/MIME, it is wrapped in an <spanx style="verb">application/pkcs7-mime; smime-type="signed-data"</spanx> <tt>application/pkcs7-mime; smime-type="signed-data"</tt> layer, which is in turn wrapped in an <spanx style="verb">application/pkcs7-mime; smime-type="enveloped-data"</spanx> <tt>application/pkcs7-mime; smime-type="enveloped-data"</tt> layer.</t>
<t>Then
<t>Then, an external Header Section is applied to the outer MIME object, which looks like this:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
Date: Wed, 11 Jan 2023 16:08:43 -0500
From: Bob <bob@example.net>
To: Alice <alice@example.net>
Subject: [...]
Message-ID: <20230111T210843Z.1234@lhp.example>
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
MIME-Version: 1.0
]]></artwork></figure>
]]></artwork>
<t>Note that the <spanx style="verb">Subject</spanx> <tt>Subject</tt> Header Field has been obscured appropriately by <spanx style="verb">hcp_baseline</spanx>. <tt>hcp_baseline</tt>.
The output of the CMS enveloping operation is base64-encoded base64 encoded and forms the body of the message.</t>
</section>
</section>
</section>
<section anchor="reply-example"><name>Composing anchor="reply-example">
<name>Composing a Reply</name>
<t>Next
<t>Next, we consider a typical MUA reply interface, where we see Alice replying to Bob's message from <xref target="compose-example"/>.</t>
<t>When Alice clicks "Reply" to Bob's signed-and-encrypted message with Header Protection, she might see something like this:</t>
<figure title="Example anchor="example-reply-interface-initial">
<name>Example Message Reply Interface (unedited)" anchor="example-reply-interface-initial"><artset><artwork (Unedited)</name>
<artset>
<artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="432" width="488" viewBox="0 0 488 432" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px">
<path d="M 8,48 L 8,416" fill="none" stroke="black"/>
<path d="M 96,64 L 96,128" fill="none" stroke="black"/>
<path d="M 384,64 L 384,96" fill="none" stroke="black"/>
<path d="M 464,96 L 464,128" fill="none" stroke="black"/>
<path d="M 480,48 L 480,416" fill="none" stroke="black"/>
<path d="M 24,32 L 464,32" fill="none" stroke="black"/>
<path d="M 424,48 L 448,48" fill="none" stroke="black"/>
<path d="M 96,64 L 384,64" fill="none" stroke="black"/>
<path d="M 424,80 L 448,80" fill="none" stroke="black"/>
<path d="M 96,96 L 464,96" fill="none" stroke="black"/>
<path d="M 96,128 L 464,128" fill="none" stroke="black"/>
<path d="M 8,144 L 480,144" fill="none" stroke="black"/>
<path d="M 8,416 L 480,416" fill="none" stroke="black"/>
<path d="M 24,32 C 15.16936,32 8,39.16936 8,48" fill="none" stroke="black"/>
<path d="M 464,32 C 472.83064,32 480,39.16936 480,48" fill="none" stroke="black"/>
<path d="M 424,48 C 415.16936,48 408,55.16936 408,64" fill="none" stroke="black"/>
<path d="M 448,48 C 456.83064,48 464,55.16936 464,64" fill="none" stroke="black"/>
<path d="M 424,80 C 415.16936,80 408,72.83064 408,64" fill="none" stroke="black"/>
<path d="M 448,80 C 456.83064,80 464,72.83064 464,64" fill="none" stroke="black"/>
<g class="text">
<text x="60" y="52">Replying</text>
<text x="108" y="52">to</text>
<text x="136" y="52">Bob</text>
<text x="196" y="52">("Handling</text> y="52">("Handling</text>
<text x="256" y="52">the</text>
<text x="296" y="52">Jones</text>
<text x="364" y="52">Contract")</text> y="52">Contract")</text>
<text x="436" y="68">Send</text>
<text x="72" y="84">To:</text>
<text x="120" y="84">Bob</text>
<text x="208" y="84"><bob@example.net></text>
<text x="52" y="116">Subject:</text>
<text x="120" y="116">Re:</text>
<text x="172" y="116">Handling</text>
<text x="224" y="116">the</text>
<text x="264" y="116">Jones</text>
<text x="324" y="116">contract</text>
<text x="28" y="164">On</text>
<text x="60" y="164">Wed,</text>
<text x="92" y="164">11</text>
<text x="120" y="164">Jan</text>
<text x="156" y="164">2023</text>
<text x="212" y="164">16:08:43</text>
<text x="276" y="164">-0500,</text>
<text x="320" y="164">Bob</text>
<text x="364" y="164">wrote:</text>
<text x="24" y="196">></text>
<text x="60" y="196">Please</text>
<text x="116" y="196">review</text>
<text x="160" y="196">and</text>
<text x="208" y="196">approve</text>
<text x="252" y="196">or</text>
<text x="296" y="196">decline</text>
<text x="340" y="196">by</text>
<text x="392" y="196">Thursday,</text>
<text x="24" y="212">></text>
<text x="52" y="212">it's</text>
<text x="112" y="212">critical!</text>
<text x="24" y="228">></text>
<text x="24" y="244">></text>
<text x="64" y="244">Thanks,</text>
<text x="24" y="260">></text>
<text x="48" y="260">Bob</text>
<text x="24" y="276">></text>
<text x="24" y="292">></text>
<text x="44" y="292">--</text>
<text x="24" y="308">></text>
<text x="48" y="308">Bob</text>
<text x="100" y="308">Gonzalez</text>
<text x="24" y="324">></text>
<text x="56" y="324">ACME,</text>
<text x="100" y="324">Inc.</text>
<text x="28" y="356">--</text>
<text x="40" y="372">Alice</text>
<text x="96" y="372">Jenkins</text>
<text x="40" y="388">ACME,</text>
<text x="84" y="388">Inc.</text>
</g>
</svg>
</artwork><artwork
</artwork>
<artwork type="ascii-art"><![CDATA[
.--------------------------------------------------------.
| Replying to Bob ("Handling the Jones Contract") .----. |
| +-----------------------------------+ | Send | |
| To: | Bob <bob@example.net> | '----' |
| +-----------------------------------+---------+ |
| Subject: | Re: Handling the Jones contract | |
| +---------------------------------------------+ |
+----------------------------------------------------------+
| On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote: |
| |
| > Please review and approve or decline by Thursday, |
| > it's critical! |
| > |
| > Thanks, |
| > Bob |
| > |
| > -- |
| > Bob Gonzalez |
| > ACME, Inc. |
| |
| -- |
| Alice Jenkins |
| ACME, Inc. |
| |
+----------------------------------------------------------+
]]></artwork></artset></figure>
]]></artwork>
</artset>
</figure>
<t>Note that because Alice's MUA is aware of Header Protection, it knows what the correct <spanx style="verb">Subject</spanx> <tt>Subject</tt> header is, even though it was obscured.
It also knows to avoid including the Legacy Display Element in the quoted/attributed text that it includes in the draft reply.</t>
<t>Once Alice has edited the reply message, it might look something like this:</t>
<figure title="Example anchor="example-reply-interface">
<name>Example Message Reply Interface (edited)" anchor="example-reply-interface"><artset><artwork (Edited)</name>
<artset>
<artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="400" width="488" viewBox="0 0 488 400" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px">
<path d="M 8,48 L 8,384" fill="none" stroke="black"/>
<path d="M 96,64 L 96,128" fill="none" stroke="black"/>
<path d="M 384,64 L 384,96" fill="none" stroke="black"/>
<path d="M 464,96 L 464,128" fill="none" stroke="black"/>
<path d="M 480,48 L 480,384" fill="none" stroke="black"/>
<path d="M 24,32 L 464,32" fill="none" stroke="black"/>
<path d="M 424,48 L 448,48" fill="none" stroke="black"/>
<path d="M 96,64 L 384,64" fill="none" stroke="black"/>
<path d="M 424,80 L 448,80" fill="none" stroke="black"/>
<path d="M 96,96 L 464,96" fill="none" stroke="black"/>
<path d="M 96,128 L 464,128" fill="none" stroke="black"/>
<path d="M 8,144 L 480,144" fill="none" stroke="black"/>
<path d="M 8,384 L 480,384" fill="none" stroke="black"/>
<path d="M 24,32 C 15.16936,32 8,39.16936 8,48" fill="none" stroke="black"/>
<path d="M 464,32 C 472.83064,32 480,39.16936 480,48" fill="none" stroke="black"/>
<path d="M 424,48 C 415.16936,48 408,55.16936 408,64" fill="none" stroke="black"/>
<path d="M 448,48 C 456.83064,48 464,55.16936 464,64" fill="none" stroke="black"/>
<path d="M 424,80 C 415.16936,80 408,72.83064 408,64" fill="none" stroke="black"/>
<path d="M 448,80 C 456.83064,80 464,72.83064 464,64" fill="none" stroke="black"/>
<g class="text">
<text x="60" y="52">Replying</text>
<text x="108" y="52">to</text>
<text x="136" y="52">Bob</text>
<text x="196" y="52">("Handling</text> y="52">("Handling</text>
<text x="256" y="52">the</text>
<text x="296" y="52">Jones</text>
<text x="364" y="52">Contract")</text> y="52">Contract")</text>
<text x="436" y="68">Send</text>
<text x="72" y="84">To:</text>
<text x="120" y="84">Bob</text>
<text x="208" y="84"><bob@example.net></text>
<text x="52" y="116">Subject:</text>
<text x="120" y="116">Re:</text>
<text x="172" y="116">Handling</text>
<text x="224" y="116">the</text>
<text x="264" y="116">Jones</text>
<text x="324" y="116">contract</text>
<text x="28" y="164">On</text>
<text x="60" y="164">Wed,</text>
<text x="92" y="164">11</text>
<text x="120" y="164">Jan</text>
<text x="156" y="164">2023</text>
<text x="212" y="164">16:08:43</text>
<text x="276" y="164">-0500,</text>
<text x="320" y="164">Bob</text>
<text x="364" y="164">wrote:</text>
<text x="24" y="196">></text>
<text x="60" y="196">Please</text>
<text x="116" y="196">review</text>
<text x="160" y="196">and</text>
<text x="208" y="196">approve</text>
<text x="252" y="196">or</text>
<text x="296" y="196">decline</text>
<text x="340" y="196">by</text>
<text x="392" y="196">Thursday,</text>
<text x="24" y="212">></text>
<text x="52" y="212">it's</text>
<text x="112" y="212">critical!</text>
<text x="36" y="244">I'll</text>
<text x="72" y="244">get</text>
<text x="112" y="244">right</text>
<text x="148" y="244">on</text>
<text x="176" y="244">it,</text>
<text x="212" y="244">Bob!</text>
<text x="52" y="276">Regards,</text>
<text x="40" y="292">Alice</text>
<text x="28" y="324">--</text>
<text x="40" y="340">Alice</text>
<text x="96" y="340">Jenkins</text>
<text x="40" y="356">ACME,</text>
<text x="84" y="356">Inc.</text>
</g>
</svg>
</artwork><artwork
</artwork>
<artwork type="ascii-art"><![CDATA[
.--------------------------------------------------------.
| Replying to Bob ("Handling the Jones Contract") .----. |
| +-----------------------------------+ | Send | |
| To: | Bob <bob@example.net> | '----' |
| +-----------------------------------+---------+ |
| Subject: | Re: Handling the Jones contract | |
| +---------------------------------------------+ |
+----------------------------------------------------------+
| On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote: |
| |
| > Please review and approve or decline by Thursday, |
| > it's critical! |
| |
| I'll get right on it, Bob! |
| |
| Regards, |
| Alice |
| |
| -- |
| Alice Jenkins |
| ACME, Inc. |
| |
+----------------------------------------------------------+
]]></artwork></artset></figure>
]]></artwork>
</artset>
</figure>
<t>When Alice clicks "Send", the MUA generates values for <spanx style="verb">Message-ID</spanx>, <spanx style="verb">From</spanx>, the <tt>Message-ID</tt>, <tt>From</tt>, and <spanx style="verb">Date</spanx> <tt>Date</tt> Header Fields, populates the <spanx style="verb">In-Reply-To</spanx>, <tt>In-Reply-To</tt> and <spanx style="verb">References</spanx> <tt>References</tt> Header Fields, and also converts the reply body into the appropriate format.</t>
<section anchor="reply-example-unprotected"><name>Unprotected message</name> anchor="reply-example-unprotected">
<name>Unprotected Message</name>
<t>The resulting message would look something like this if it were to be sent without any cryptographic protections:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
Date: Wed, 11 Jan 2023 16:48:22 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Re: Handling the Jones contract
Message-ID: <20230111T214822Z.5678@lhp.example>
In-Reply-To: <20230111T210843Z.1234@lhp.example>
References: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote:
> Please review and approve or decline by Thursday,
> it's critical!
I'll get right on it, Bob!
Regards,
Alice
--
Alice Jenkins
ACME, Inc.
]]></artwork></figure>
]]></artwork>
<t>Of course, this would leak not only the contents of Alice's message, message but also the contents of Bob's initial message, as well as the <spanx style="verb">Subject</spanx> <tt>Subject</tt> Header Field!
So Alice's MUA won't do that; it is going to create a signed-and-encrypted message to submit to the network.</t>
</section>
<section anchor="encrypted-with-hcpnoconfidentiality-and-legacy-display"><name>Encrypted anchor="encrypted-with-hcpnoconfidentiality-and-legacy-display">
<name>Encrypted with <spanx style="verb">hcp_no_confidentiality</spanx> <tt>hcp_no_confidentiality</tt> and Legacy Display</name>
<t>This example assumes that Alice's MUA uses <spanx style="verb">hcp_no_confidentiality</spanx>, <tt>hcp_no_confidentiality</tt>, not <spanx style="verb">hcp_baseline</spanx>. <tt>hcp_baseline</tt>.
That is, by default, it does not obscure or remove any Header Fields, even when encrypting.</t>
<t>However, it follows the guidance in <xref target="avoid-leak"/>, target="avoid-leak"/> and will make use of the <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> field in the Cryptographic Payload of Bob's original message (<xref target="compose-example-payload"/>) to determine what to obscure.</t>
<t>When crafting the Cryptographic Payload, its baseline <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> (<spanx style="verb">hcp_no_confidentiality</spanx>) (<tt>hcp_no_confidentiality</tt>) leaves each field untouched.
To uphold the confidentiality of the sender's values when replying, the MUA executes the following steps (for brevity brevity, only <spanx style="verb">Subject</spanx> <tt>Subject</tt> and <spanx style="verb">Message-ID</spanx>/<spanx style="verb">In-Reply-To</spanx> <tt>Message-ID</tt>/<tt>In-Reply-To</tt> are shown):</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>Extract the referenced header fields Header Fields (see <xref target="extracting-headers"/>):
<list style="symbols">
<t><spanx style="verb">refouter</spanx>
</t>
<ul spacing="normal">
<li>
<t><tt>refouter</tt> contains:
<list style="symbols">
<t><spanx style="verb">Date:
</t>
<ul spacing="normal">
<li>
<t><tt>Date: Wed, 11 Jan 2023 16:08:43 -0500</spanx></t>
<t><spanx style="verb">From: Bob <bob@example.net></spanx></t>
<t><spanx style="verb">To: Alice <alice@example.net></spanx></t>
<t><spanx style="verb">Subject: [...]</spanx></t>
<t><spanx style="verb">Message-ID: <20230111T210843Z.1234@lhp.example></spanx></t>
</list></t>
<t><spanx style="verb">refprotected</spanx> -0500</tt></t>
</li>
<li>
<t><tt>From: Bob <bob@example.net></tt></t>
</li>
<li>
<t><tt>To: Alice <alice@example.net></tt></t>
</li>
<li>
<t><tt>Subject: [...]</tt></t>
</li>
<li>
<t><tt>Message-ID: <20230111T210843Z.1234@lhp.example></tt></t>
</li>
</ul>
</li>
<li>
<t><tt>refprotected</tt> contains:
<list style="symbols">
<t><spanx style="verb">Date:
</t>
<ul spacing="normal">
<li>
<t><tt>Date: Wed, 11 Jan 2023 16:08:43 -0500</spanx></t>
<t><spanx style="verb">From: Bob <bob@example.net></spanx></t>
<t><spanx style="verb">To: Alice <alice@example.net></spanx></t>
<t><spanx style="verb">Subject: -0500</tt></t>
</li>
<li>
<t><tt>From: Bob <bob@example.net></tt></t>
</li>
<li>
<t><tt>To: Alice <alice@example.net></tt></t>
</li>
<li>
<t><tt>Subject: Handling the Jones contract</spanx></t>
<t><spanx style="verb">Message-ID: <20230111T210843Z.1234@lhp.example></spanx></t>
</list></t>
</list></t> contract</tt></t>
</li>
<li>
<t><tt>Message-ID: <20230111T210843Z.1234@lhp.example></tt></t>
</li>
</ul>
</li>
</ul>
</li>
<li>
<t>Apply the response function:
<list style="symbols">
<t><spanx style="verb">respond(refouter)</spanx>
</t>
<ul spacing="normal">
<li>
<t><tt>respond(refouter)</tt> contains:
<list style="symbols">
<t><spanx style="verb">From: Alice <alice@example.net></spanx></t>
<t><spanx style="verb">To: Bob <bob@example.net></spanx></t>
<t><spanx style="verb">Subject:
</t>
<ul spacing="normal">
<li>
<t><tt>From: Alice <alice@example.net></tt></t>
</li>
<li>
<t><tt>To: Bob <bob@example.net></tt></t>
</li>
<li>
<t><tt>Subject: Re: [...]</spanx></t>
<t><spanx style="verb">In-Reply-To: <20230111T210843Z.1234@lhp.example></spanx></t>
<t><spanx style="verb">References: <20230111T210843Z.1234@lhp.example></spanx></t>
</list></t>
<t><spanx style="verb">respond(refprotected)</spanx> [...]</tt></t>
</li>
<li>
<t><tt>In-Reply-To: <20230111T210843Z.1234@lhp.example></tt></t>
</li>
<li>
<t><tt>References: <20230111T210843Z.1234@lhp.example></tt></t>
</li>
</ul>
</li>
<li>
<t><tt>respond(refprotected)</tt> contains:
<list style="symbols">
<t><spanx style="verb">From: Alice <alice@example.net></spanx></t>
<t><spanx style="verb">To: Bob <bob@example.net></spanx></t>
<t><spanx style="verb">Subject:
</t>
<ul spacing="normal">
<li>
<t><tt>From: Alice <alice@example.net></tt></t>
</li>
<li>
<t><tt>To: Bob <bob@example.net></tt></t>
</li>
<li>
<t><tt>Subject: Re: Handling the Jones contract</spanx></t>
<t><spanx style="verb">In-Reply-To: <20230111T210843Z.1234@lhp.example></spanx></t>
<t><spanx style="verb">References: <20230111T210843Z.1234@lhp.example></spanx></t>
</list></t>
</list></t> contract</tt></t>
</li>
<li>
<t><tt>In-Reply-To: <20230111T210843Z.1234@lhp.example></tt></t>
</li>
<li>
<t><tt>References: <20230111T210843Z.1234@lhp.example></tt></t>
</li>
</ul>
</li>
</ul>
</li>
<li>
<t>Compute the ephemeral <spanx style="verb">response_hcp</spanx> <tt>response_hcp</tt> (see <xref target="avoid-leak"/>):
<list style="symbols">
</t>
<ul spacing="normal">
<li>
<t>Note that all headers except <spanx style="verb">Subject</spanx> <tt>Subject</tt> are the same.</t>
<t><spanx style="verb">confmap</spanx>
</li>
<li>
<t><tt>confmap</tt> contains only <spanx style="verb">("Subject", <tt>("Subject", "Re: Handling the Jones contract") -> "Re: [...]"</spanx></t>
</list></t>
</list></t>
<t>Thus [...]"</tt></t>
</li>
</ul>
</li>
</ul>
<t>Thus, all Header Fields that were <spanx style="verb">signed</spanx> <tt>signed</tt> are passed through untouched.
The reply's <spanx style="verb">Subject</spanx> <tt>Subject</tt> is obscured as <spanx style="verb">Subject: <tt>Subject: Re: [...]</spanx> [...]</tt> if and only if the user does not edit the subject Subject line from that initially proposed by the MUA's reply interface.
If the user edits the subject Subject line, e.g., to <spanx style="verb">Subject: <tt>Subject: Re: Handling the Jones contract ASAP</spanx>, ASAP</tt>, the <spanx style="verb">response_hcp</spanx> <tt>response_hcp</tt> will <em>not</em> obscure it, it and instead pass it through in the clear.</t>
<t>For stronger header confidentiality, the replying MUA should use a reasonable <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> (not <spanx style="verb">hcp_no_confidentiality</spanx>). <tt>hcp_no_confidentiality</tt>).
Also recall that the local <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> is applied first, first and that <spanx style="verb">response_hcp</spanx> <tt>response_hcp</tt> is only applied to what is left unchanged by the local <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref>.</t>
<section anchor="reply-example-payload"><name>Cryptographic anchor="reply-example-payload">
<name>Cryptographic Payload</name>
<t>Consequently, the Cryptographic Payload for Alice's reply looks like this:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
Date: Wed, 11 Jan 2023 16:48:22 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Re: Handling the Jones contract
Message-ID: <20230111T214822Z.5678@lhp.example>
In-Reply-To: <20230111T210843Z.1234@lhp.example>
References: <20230111T210843Z.1234@lhp.example>
Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";
hp="cipher"
MIME-Version: 1.0
HP-Outer: Date: Wed, 11 Jan 2023 16:48:22 -0500
HP-Outer: From: Alice <alice@example.net>
HP-Outer: To: Bob <bob@example.net>
HP-Outer: Subject: Re: [...]
HP-Outer: Message-ID: <20230111T214822Z.5678@lhp.example>
HP-Outer: In-Reply-To: <20230111T210843Z.1234@lhp.example>
HP-Outer: References: <20230111T210843Z.1234@lhp.example>
Subject: Re: Handling the Jones contract
On Wed, 11 Jan 2023 16:08:43 -0500, Bob wrote:
> Please review and approve or decline by Thursday,
> it's critical!
I'll get right on it, Bob!
Regards,
Alice
--
Alice Jenkins
ACME, Inc.
]]></artwork></figure>
]]></artwork>
<t>Note the following features:</t>
<t><list style="symbols">
<ul spacing="normal">
<li>
<t>the <spanx style="verb">hp="cipher"</spanx> <tt>hp="cipher"</tt> parameter to <spanx style="verb">Content-Type</spanx></t> <tt>Content-Type</tt></t>
</li>
<li>
<t>the appropriate <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> Header Field for <spanx style="verb">Subject</spanx>,</t> <tt>Subject</tt></t>
</li>
<li>
<t>the <spanx style="verb">hp-legacy-display="1"</spanx> <tt>hp-legacy-display="1"</tt> parameter for the <spanx style="verb">Content-Type</spanx></t> <tt>Content-Type</tt></t>
</li>
<li>
<t>the Legacy Display Element (the simple pseudo-header and its trailing newline) in the Main Body Part.</t>
</list></t> Part</t>
</li>
</ul>
</section>
<section anchor="external-header-section-1"><name>External anchor="external-header-section-1">
<name>External Header Section</name>
<t>The Cryptographic Payload from <xref target="reply-example-payload"/> is then wrapped in the appropriate Cryptographic Layers.
For this example, example using S/MIME, it is wrapped in an <spanx style="verb">application/pkcs7-mime; smime-type="signed-data"</spanx> <tt>application/pkcs7-mime; smime-type="signed-data"</tt> layer, which is in turn wrapped in an <spanx style="verb">application/pkcs7-mime; smime-type="enveloped-data"</spanx> <tt>application/pkcs7-mime; smime-type="enveloped-data"</tt> layer.</t>
<t>Then
<t>Then, an external Header Section is applied to the outer MIME object, which looks like this:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
Date: Wed, 11 Jan 2023 16:48:22 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Re: [...]
Message-ID: <20230111T214822Z.5678@lhp.example>
In-Reply-To: <20230111T210843Z.1234@lhp.example>
References: <20230111T210843Z.1234@lhp.example>
Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data"
MIME-Version: 1.0
]]></artwork></figure>
]]></artwork>
<t>Note that the <spanx style="verb">Subject</spanx> <tt>Subject</tt> Header Field has been obscured appropriately even though <spanx style="verb">hcp_no_confidentiality</spanx> <tt>hcp_no_confidentiality</tt> would not have touched it by default.
The output of the CMS enveloping operation is base64-encoded base64 encoded and forms the body of the message.</t>
</section>
</section>
</section>
</section>
<section anchor="rendering-examples"><name>Rendering anchor="rendering-examples">
<name>Rendering Examples</name>
<t>This section offers example Cryptographic Payloads (the content within the Cryptographic Envelope) that contain Legacy Display Elements.</t>
<section anchor="example-legacy-display-plain"><name>Example anchor="example-legacy-display-plain">
<name>Example text/plain Cryptographic Payload with Legacy Display Elements</name>
<t>Here is a simple one-part Cryptographic Payload (Header Section and body) of a message that includes Legacy Display Elements:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
Date: Fri, 21 Jan 2022 20:40:48 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Dinner plans
Message-ID: <text-plain-legacy-display@lhp.example>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; hp-legacy-display="1";
hp="cipher"
HP-Outer: Date: Fri, 21 Jan 2022 20:40:48 -0500
HP-Outer: From: Alice <alice@example.net>
HP-Outer: To: Bob <bob@example.net>
HP-Outer: Subject: [...]
HP-Outer: Message-ID: <text-plain-legacy-display@lhp.example>
Subject: Dinner plans
Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.
]]></artwork></figure>
]]></artwork>
<t>A compatible MUA will recognize the <spanx style="verb">hp-legacy-display="1"</spanx> <tt>hp-legacy-display="1"</tt> parameter and render the body of the message as:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.
]]></artwork></figure>
]]></artwork>
<t>A legacy decryption-capable MUA that is unaware of this mechanism will ignore the <spanx style="verb">hp-legacy-display="1"</spanx> <tt>hp-legacy-display="1"</tt> parameter and instead render the body including the Legacy Display Elements:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
Subject: Dinner plans
Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.
]]></artwork></figure>
]]></artwork>
</section>
<section anchor="example-legacy-display-html"><name>Example anchor="example-legacy-display-html">
<name>Example text/html Cryptographic Payload with Legacy Display Elements</name>
<t>Here is a modern one-part Cryptographic Payload (Header Section and body) of a message that includes Legacy Display Elements:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
Date: Fri, 21 Jan 2022 20:40:48 -0500
From: Alice <alice@example.net>
To: Bob <bob@example.net>
Subject: Dinner plans
Message-ID: <text-html-legacy-display@lhp.example>
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"; hp-legacy-display="1";
hp="cipher"
HP-Outer: Date: Fri, 21 Jan 2022 20:40:48 -0500
HP-Outer: From: Alice <alice@example.net>
HP-Outer: To: Bob <bob@example.net>
HP-Outer: Subject: [...]
HP-Outer: Message-ID: <text-html-legacy-display@lhp.example>
<html><head><title></title></head><body>
<div class="header-protection-legacy-display">
<pre>Subject: Dinner plans</pre>
</div>
<p>
Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.
</p>
</body>
</html>
]]></artwork></figure>
]]></artwork>
<t>A compatible MUA will recognize the <spanx style="verb">hp-legacy-display="1"</spanx> <tt>hp-legacy-display="1"</tt> parameter and mask out the Legacy Display <spanx style="verb">div</spanx>, <tt>div</tt>, rendering the body of the message as a simple paragraph:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.
]]></artwork></figure>
]]></artwork>
<t>A legacy decryption-capable MUA that is unaware of this mechanism will ignore the <spanx style="verb">hp-legacy-display="1"</spanx> <tt>hp-legacy-display="1"</tt> parameter and instead render the body including the Legacy Display Elements:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
Subject: Dinner plans
Let's meet at Rama's Roti Shop at 8pm and go to the park
from there.
]]></artwork></figure>
]]></artwork>
</section>
</section>
<section anchor="other-schemes"><name>Other anchor="other-schemes">
<name>Other Header Protection Schemes</name>
<t>Other Header Protection schemes have been proposed in the past.
However, those typically have drawbacks such as sparse implementation, known problems with legacy interoperability (in particular with rendering), lack of clear signalling signaling of sender intent, and/or incomplete cryptographic protections.
This section lists such schemes known at the time of the publication of this document out of historical interest.</t>
<section anchor="original-rfc-8551-header-protection"><name>Original anchor="original-rfc-8551-header-protection">
<name>Original RFC 8551 Header Protection</name>
<t>S/MIME <xref target="RFC8551"/> (as well as its predecessors <xref target="RFC5751"/> and <xref target="RFC3851"/>) defined a form of cryptographic Header Protection that has never reached wide adoption, adoption and has significant drawbacks compared to the mechanism in this draft. document.
See <xref target="rfc8551-problems"/> for more discussion of the differences and <xref target="RFC8551HP"/> for guidance on how to handle such a message.</t>
</section>
<section anchor="pretty-easy-privacy-pep"><name>Pretty anchor="pretty-easy-privacy-pep">
<name>Pretty Easy Privacy (pEp)</name>
<t>The pEp (pretty pretty Easy privacy) privacy (pEp) <xref target="I-D.pep-general"/> project specifies two different MIME schemes that include Header Protection for Signed-and-Encrypted e-mail email messages in <xref target="I-D.pep-email"/>:
One scheme -- referred as pEp Email Format 1 (PEF-1) -- is generated towards MUAs not known to be pEp-capable, while the other scheme -- referred as PEF-2 -- is used between MUAs discovered to be compatible with pEp.
Signed-only messages are not recommended in pEp.</t>
<t>Although the PEF-2 scheme is only meant to be used between PEF-2 compatible PEF-2-compatible MUAs, PEF-2 messages may end up at MUAs unaware of PEF-2 (in which case case, they typically render badly).
This is due to signalling signaling mechanism limitations.</t>
<t>As the PEF-2 scheme is an enhanced variant of the <iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref> scheme (with an additional MIME Layer), it is similar to the <iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref> scheme (see <xref target="RFC8551HP"/>).
The basic PEF-2 MIME structure looks as follows:</t>
<figure><artwork><![CDATA[
<artwork><![CDATA[
A └┬╴multipart/encrypted [Outer Message]
B ├─╴application/pgp-encrypted
C └─╴application/octet-stream inline [Cryptographic Payload]
D ↧ (decrypts to)
E └┬╴multipart/mixed
F ├─╴text/plain
G ├┬╴message/rfc822
H │└─╴[Inner Message]
I └─╴application/pgp-keys
]]></artwork></figure>
]]></artwork>
<t>The MIME structure at part <spanx style="verb">H</spanx> <tt>H</tt> contains the Inner Message to be rendered to the user.</t>
<t>It is possible for a normal MUA to accidentally produce a message that happens to have the same MIME structure as used for PEF-2 messages.
Therefore, a PEF-2 message cannot be identified by the MIME structure alone.</t>
<t>The lack of a mechanism comparable to <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> (see <xref target="hp-outer"/>) makes it impossible for the recipient of a PEF-2 message to safely determine which Header Fields are confidential or not, not while forwarding or replying to a message (see <xref target="replying"/>).</t>
<t>Note: As this document is not normative for PEF-2 messages, it does not provide any guidance for handling them.
Please see <xref target="I-D.pep-email"/> for more guidance.</t>
</section>
<section anchor="draft-autocrypt-protected-headers"><name>"draft-autocrypt" Protected anchor="draft-autocrypt-protected-headers">
<name>Protected Email Headers</name>
<t><xref target="I-D.autocrypt-lamps-protected-headers"/> describes a scheme similar to the Header Protection scheme specified in this document.
However, instead of adding Legacy Display Elements to existing MIME parts (see <xref target="ld-text-plain"/>), "draft-autocrypt" injects <xref target="I-D.autocrypt-lamps-protected-headers"/> suggests injecting a new MIME element "Legacy Display Part", thus modifying the MIME structure of the Cryptographic Payload.
These modified Cryptographic Payloads cause significant rendering problems on some common Legacy MUAs.</t>
<t>The lack of a mechanism comparable to <spanx style="verb">hp="cipher"</spanx> <tt>hp="cipher"</tt> and <spanx style="verb">hp="clear"</spanx> <tt>hp="clear"</tt> (see <xref target="hp-parameter"/>) means the recipient of an encrypted "draft-autocrypt" message as described in <xref target="I-D.autocrypt-lamps-protected-headers"/> cannot be cryptographically certain whether the sender intended for the message to be confidential or not.
The lack of a mechanism comparable to <spanx style="verb">HP-Outer</spanx> <tt>HP-Outer</tt> (see <xref target="hp-outer"/>) makes it impossible for the recipient of an encrypted "draft-autocrypt" message as described in <xref target="I-D.autocrypt-lamps-protected-headers"/> to safely determine which Header Fields are confidential or not, not while forwarding or replying to a message (see <xref target="replying"/>).</t>
</section>
</section>
<section anchor="document-changelog"><name>Document Changelog</name>
<t>[[ RFC Editor: This section is to be removed before publication ]]</t>
<t><list style="symbols">
<t>draft-ietf-lamps-header-protection-25 <list style="symbols">
<t>Address editorial clarifications from IESG review</t>
<t>Update acknowledgements</t>
</list></t>
<t>draft-ietf-lamps-header-protection-24 <list style="symbols">
<t>Deal with <spanx style="verb">From</spanx> anchor="acknowledgments" numbered="false">
<name>Acknowledgements</name>
<!--[rfced] FYI - We alphabetized the names listed in the Acknowledgements
section. We believe that was the intent as only two were out of order. Let us
know if you prefer the original order.
-->
<t><contact fullname="Alexander Krotov"/> identified the risk of
<tt>From</tt> address spoofing risk: when inner (see <xref target="from-addr-spoofing"/>)
and outer <spanx style="verb">From</spanx> differ with no valid signature, render outer <spanx style="verb">From</spanx> helped provide guidance to MUAs.</t>
<t><contact fullname="Thore Göbel"/> identified significant gaps in
earlier draft versions of this document and warn</t>
<t>Add test vectors proposed concrete, substantial
improvements. Thanks to show historical 8551HP variants</t>
<t>clarify PEF-2 his contributions, the document is clearer, and draft-autocrypt commentary</t>
</list></t>
<t>draft-ietf-lamps-header-protection-23 <list style="symbols">
<t>normalize on "signed-and-encrypted" across
the document</t>
<t>replace <spanx style="verb">hcp_strong</spanx> with <spanx style="verb">hcp_shy</spanx></t>
<t>Remove "Wrapped Message" scheme</t>
<t>Rename "Injected Headers" protocols described herein are more useful.</t>
<t>Additionally, the authors would like to "Header Protection"</t>
<t>Add guidance about From Header Field spoofing risk</t>
<t>offer guidance on handling <iref item="RFC8551HP"/><xref target="RFC8551HP" format="none">RFC8551HP</xref> messages when received</t>
</list></t>
<t>draft-ietf-lamps-header-protection-22 <list style="symbols">
<t>Reorganize document thank the following people
who have provided helpful comments and suggestions for better readability.</t>
<t>Add more details about problems with draft-autocrypt.</t>
<t>Rename <spanx style="verb">hcp_minimal</spanx> this document:
<contact fullname="Berna Alp"/>, <contact fullname="Bernhard
E. Reiter"/>, <contact fullname="Bron Gondwana"/>, <contact
fullname="Carl Wallace"/>, <contact fullname="Claudio Luck"/>, <contact
fullname="Daniel Huigens"/>, <contact fullname="David Wilson"/>,
<contact fullname="Éric Vyncke"/>, <contact fullname="Hernani
Marques"/>, <contact fullname="juga"/>, <contact fullname="Kelly
Bristol"/>, <contact fullname="Krista Bennett"/>, <contact fullname="Lars
Rohwedder"/>, <contact fullname="Michael StJohns"/>, <contact
fullname="Nicolas Lidzborski"/>, <contact fullname="Orie Steele"/>,
<contact fullname="Paul Wouters"/>, <contact fullname="Peter Yee"/>,
<contact fullname="Phillip Tao"/>, <contact fullname="Robert
Williams"/>, <contact fullname="Rohan Mahy"/>, <contact fullname="Roman
Danyliw"/>, <contact fullname="Russ Housley"/>, <contact fullname="Sofia
Balicka"/>, <contact fullname="Steve Kille"/>, <contact fullname="Volker
Birk"/>, <contact fullname="Warren Kumari"/>, and <contact fullname="Wei
Chuang"/>.</t>
</section>
</back>
<!-- [rfced] We have some questions/comments regarding artwork and sourcecode:
a) Please review each artwork element and let us know if any should be marked
as sourcecode (or another element) instead.
b) Some artwork elements are marked as type "ascii-art" while others are
not. Please review and let us know if there are any artwork elements you would
like to <spanx style="verb">hcp_baseline</spanx>: in addition have marked as "ascii-art".
c) Since the sourcecode type "text/x-hcp" is not part of the list at
<https://www.rfc-editor.org/rpc/wiki/doku.php?id=sourcecode-types>,
may we update to obscuring <spanx style="verb">Subject</spanx>, sourcecode type "pseudocode"? Note that it now removes other Informational Header Fields <spanx style="verb">Comments</spanx> and <spanx style="verb">Keywords</spanx>.</t>
<t>Add an example message up front for easier explainability.</t>
<t>Unwrap sample message test vectors.</t>
<t>Name pseudocode algorithms, number steps.</t>
<t>Reply guidance is also applies
acceptable to forwarded messages.</t>
<t><spanx style="verb">hcp_strong</spanx>: stop rewriting <spanx style="verb">Message-Id</spanx>.</t>
</list></t>
<t>draft-ietf-lamps-header-protection-21 <list style="symbols">
<t>HP-Outer mechanism replaces HP-Removed leave the "type" attribute not set.
-->
<!-- [rfced] In the html and HP-Obscured.
This enables pdf outputs, the recipient text enclosed in <tt> is output
in fixed-width font. In the txt output, there are no changes to easily calculate the sender's actions around header confidentiality.</t>
<t>Replace Content-Type parameter <spanx style="verb">protected-headers=</spanx> with <spanx style="verb">hp=</spanx> font,
and <spanx style="verb">hp-scheme=</spanx>.
The presence of <spanx style="verb">hp=</spanx> indicates that the sender used Header Protection according to this document, quotation marks have been removed.
In the html and pdf outputs, the value indicates whether text enclosed in <em> is output in
italics. In the sender tried to encrypt txt output, the text enclosed in <em> appears with an
underscore before and sign after.
Please review carefully and let us know if the message output is acceptable or just sign it.
<spanx style="verb">hp-scheme="wrapped"</spanx> advises the recipient that they should look if any
updates are needed.
Additionally, we note variances with <tt>, for example, Bcc'ed vs.
<tt>Bcc</tt>'ed. Please review let us know if any updates are needed
for consistency.
-->
<!--[rfced] We note that the protected Header Fields figures in subtly different place.</t>
<t>Provide a clear algorithm for reasonably safe handling of confidential headers during Reply the sections and Forward operations.</t>
<t>Do not register appendices
listed below are either misaligned slightly and/or have broken
lines in the example <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> <spanx style="verb">hcp_hide_cc</spanx>, rename to <spanx style="verb">hcp_example_hide_cc</spanx></t>
<t>Rename <spanx style="verb">hcp_null</spanx> to <spanx style="verb">hcp_no_confidentiality</spanx></t>
<t>Provide PDF output (the html and txt outputs display correctly).
To avoid this issue, please let us know if replacing/redrawing
the non-ASCII characters with ASCII characters is possible
(this is commonly done for structure in YANG trees; see
Section 5 of RFC 9731 as an example). Or if you have a clear algorithm
different solution for a fix, please let us know.
Misaligned:
Section 1.9
Section 4.5.1
Section 4.5.2
Section 4.10.1
Appendices C.3.1-C.3.8
Broken Lines :
Appendix C.1.3
Appendix C.1.5
Appendix C.1.6
Appendix C.1.7
Appendix C.1.8
Appendix C.2.2
Appendix C.2.3
Appendix C.2.4
Appendix C.2.5
Appendix C.2.6
Appendices C.3.9-C.3.17
-->
<!-- [rfced] Please review whether any of the recipient notes in this document
should be in the <aside> element. It is defined as "a container for
content that is semantically less important or tangential to compute the protection state
content that surrounds it" (https://authors.ietf.org/en/rfcxml-vocabulary#aside).
-->
<!--[rfced] Acronyms
a) FYI - We have added an expansion for the following abbreviation
per Section 3.6 of RFC 7322 ("RFC Style Guide"). Please review each Header Field.</t>
</list></t>
<t>draft-ietf-lamps-header-protection-20 <list style="symbols">
<t>clarify IANA guidance about registration policy and designated expert review</t>
<t>emphasize that Content-Type parameter hp-legacy-display=1 belongs on all main body parts with a legacy display element</t>
<t>clean up/normalize pseudocode variable names and text (no algorithm changes)</t>
</list></t>
<t>draft-ietf-lamps-header-protection-19 <list style="symbols">
<t>improve text, capitalize defined
expansion in the document carefully to ensure correctness.
man in the middle (MITM)
b) For the following terms, fix typos</t>
<t>Clean up from AD review:</t>
<t>updates RFC 8551 explicitly</t>
<t>add "Legacy Signed Message" both the expansion and "Ordinary User" explicitly the acronym are
used throughout the document. Would you like to terms</t>
<t>tighten up SHOULDs/MUSTs use the expansion
upon the first mention and the acronym for conformant MUAs</t>
<t>expand references to other relevant Security Considerations</t>
<t>drop nudge about non-existent Content-Type Parameters registry</t>
<t>clarify IANA notes to align with table columns</t>
<t>explicitly request <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> registry</t>
<t>add references to other header protections schemes, but move all the rest of them to appendix</t>
</list></t>
<t>draft-ietf-lamps-header-protection-18 <list style="symbols">
<t>only allow US-ASCII the document
for consistency as modified output recommended in the Web Portion of <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref>, adjusted ABNF the Style Guide
<https://www.rfc-editor.org/styleguide/part2/#exp_abbrev>?
Header Confidentiality Policy (HCP)
Mail User Agent (MUA)
-->
<!--[rfced] Terminology
a) Throughout the text, the following terminology appears to match</t>
</list></t>
<t>draft-ietf-lamps-header-protection-17 <list style="symbols">
<t>More edits from WGLC:</t>
<t>clean up definition of "Header Field"</t>
<t>note leakage of encrypted recipient hints</t>
<t>clarify explanation of LDE generation</t>
<t>clarify how some obscured headers might not actually be private</t>
</list></t>
<t>draft-ietf-lamps-header-protection-16 <list style="symbols">
<t>correct variable names in used
inconsistently. Please review these occurrences and let us know if/how
they may be made consistent.
Legacy Message vs. Legacy message composition algorithms</t>
<t>make text more readable</t>
</list></t>
<t>draft-ietf-lamps-header-protection-15 <list style="symbols">
<t>include clarifications, typos, etc from comments received during WGLC</t>
</list></t>
<t>draft-ietf-lamps-header-protection-14 <list style="symbols">
<t>provide section references for draft-ietf-lamps-e2e-mail-guidance</t>
<t>encouarge a future IANA named <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> registry if <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> development takes off</t>
</list></t>
<t>draft-ietf-lamps-header-protection-13 <list style="symbols">
<t>Retitle from "Header Protection for S/MIME"
Method Signature vs. Method signature
Non-Structural Header Field vs. non-structural Header Field
Outer Header Section vs. outer Header Section
user-facing vs. User-Facing
b) As the following terminology appears to "Header be used inconsistently
throughout the document, may we update to use the form on the right?
header protection > Header Protection for Cryptographically Protected E-mail"</t>
</list></t>
<t>draft-ietf-lamps-header-protection-12 <list style="symbols">
<t><bcp14>MUST</bcp14> produce HP-Obscured
c) In this document, "Header Field" is consistently uppercase; however, it appears
as "header field" (consistently lowercase) in the companion document as well as in
RFCs 2045, 3864, 4021, 5322, and HP-Removed when generating encrypted messages with non-null <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref></t>
<t>Wrapped Message: move from forwarded=no 8551. Please let us know if you would like to protected-headers=wrapped</t>
<t>Wrapped Message: recommend Content-Disposition: inline</t>
</list></t>
<t>draft-ietf-lamps-header-protection-11 <list style="symbols">
<t>Remove most of make
this term lowercase to match the Bcc text (transferred general discussion companion document and referenced RFCs or if you
would like to e2e-mail-guidance)</t>
<t>Fix bug in algorithm for generating HP-Obscured leave it as is, which is also acceptable. Note that this document
uses "Header Field" about 451 times and HP-Removed</t>
<t>More detail "Header Section" about handling Reply messages</t>
<t>Considerations around handling risky Legacy Display Elements</t>
<t>Narrative descriptions 42 times.
d) Please review instances of some worked examples</t>
<t>Describe potential leaks the term "NULL" used in this document.
Should they instead be "NUL" (that is, referring to recipients</t>
<t>Clarify debugging/troubleshooting UX affordances</t>
</list></t>
<t>draft-ietf-lamps-header-protection-10 <list style="symbols">
<t>Clarify that <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> doesn't apply the specific
ASCII control code), "null character", or just "null"?
e) FYI - We updated the document to Structural Header Fields</t>
<t>Drop out-of-date "Open Issues" section</t>
<t>Brief commentary reflect the forms on UI of messages with intermediate/mixed protections</t>
<t>Deprecation prospects the right for messages without protected headers</t>
<t>Describe generating replies to encrypted messages
consistency with stronger <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref></t>
</list></t>
<t>draft-ietf-lamps-header-protection-09 <list style="symbols">
<t>clarify terminology</t>
<t>add privacy and security considerations</t>
<t>clarify <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref> examples and baselines</t>
<t>recommend hcp_minimal as default <iref item="HCP"/><xref target="header-confidentiality-policy" format="none">HCP</xref></t>
<t>add HP-Obscured and HP-Removed (avoids reasoning about differences
between outside and inside the Cryptographic Envelope)</t>
<t>regenerated test vectors</t>
</list></t>
<t>draft-ietf-lamps-header-protection-08 <list style="symbols">
<t><bcp14>MUST</bcp14> compose injected headers, <bcp14>MAY</bcp14> compose wrapped messages</t>
<t><bcp14>MUST</bcp14> parse both schemes</t>
<t>cleanup RFC Series and restructure document</t>
</list></t>
<t>draft-ietf-lamps-header-protection-07 <list style="symbols">
<t>move from legacy display MIME part to legacy display elements within main body part</t>
</list></t>
<t>draft-ietf-lamps-header-protection-06 <list style="symbols">
<t>document observed problems with legacy MUAs</t>
<t>avoid duplicated outer Message-IDs in hcp_strong test vectors</t>
</list></t>
<t>draft-ietf-lamps-header-protection-05 <list style="symbols">
<t>fix multipart/signed wrapped test vectors</t>
</list></t>
<t>draft-ietf-lamps-header-protection-04 <list style="symbols">
<t>add test vectors</t>
<t>add "problems with Injected Messages" subsection</t>
</list></t>
<t>draft-ietf-lamps-header-protection-03 <list style="symbols">
<t>dkg takes over from Bernie as primary author</t>
<t>Add Usability section</t>
<t>describe two distinct formats "Wrapped Message" and "Injected Headers"</t>
<t>Introduce <iref item="Header Confidentiality Policy"/><xref target="header-confidentiality-policy" format="none">Header Confidentiality Policy</xref> model</t>
<t>Overhaul message composition guidance</t>
<t>Simplify document creation workflow, move public face to gitlab</t>
</list></t>
<t>draft-ietf-lamps-header-protection-02 <list style="symbols">
<t>editorial changes / improve language</t>
</list></t>
<t>draft-ietf-lamps-header-protection-01 <list style="symbols">
<t>Add DKG as co-author</t>
<t>Partial Rewrite companion document. Please let us
know of Abstract and Introduction [HB/AM/DKG]</t>
<t>Adding definitions for Cryptographic Layer, Cryptographic
Payload, any objections.
e-mail -> email
electronic email -> email
-->
<!--[rfced] Please review the "Inclusive Language" portion of the online
Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language>
and Cryptographic Envelope (reference to
<xref target="I-D.ietf-lamps-e2e-mail-guidance"/>) [DKG]</t>
<t>Enhanced MITM Definition to include Machine- /
Meddler-in-the-middle [HB]</t>
<t>Relaxed definition let us know if any changes are needed. Updates of Original message, this nature typically
result in more precise language, which may not be of type
"message/rfc822" [HB]</t>
<t>Move "memory hole" option to is helpful for readers.
For example, please consider whether the Appendix (on request by Chair to
only maintain one option following should be updated:
- dummy
- man in the specification) [HB]</t>
<t>Updated Scope of Protection Levels according to WG discussion
during IETF-108 [HB]</t>
<t>Obfuscation recommendation only for Subject and Message-Id and
distinguish between Encrypted and Unencrypted Messages [HB]</t>
<t>Removed (commented out) Header Field Flow Figure (it appeared to middle
- whitespace
In addition, please consider whether "traditional" should be confusing updated for clarity.
While the NIST website
<https://web.archive.org/web/20250203031433/https://nvlpubs.nist.gov/nistpubs/ir/2021/NIST.IR.8366.pdf>
indicates that this term is potentially biased, it is also ambiguous.
"Traditional" is a subjective term, as it is was) [HB]</t>
</list></t>
<t>draft-ietf-lamps-header-protection-00 <list style="symbols">
<t>Initial version (text partially taken over from
draft-ietf-lamps-header-protection-requirements</t>
</list></t>
</list></t>
<!-- LocalWords: utf docname ipr wg toc sortrefs symrefs Gillmor TW
-->
<!-- LocalWords: Kahn Hoeneisen Oberer Graben Winterthur uri Alexey
-->
<!-- LocalWords: Isode Middlesex DKIM DMARC cleartext DomainKeys ld
-->
<!-- LocalWords: Crypto crypto origbody origheaders hcp pseudocode
-->
<!-- LocalWords: ldlist bodypart newheaders newval pre renderer decrypts
-->
<!-- LocalWords: affordances subpart's stylesheet FIXME Berna juga
-->
<!-- LocalWords: Bernhard Reiter Rohwedder Housley Balicka Kille TZ
-->
<!-- LocalWords: Volker Chuang Betreff signenc UI lang IMAP md bcc
-->
<!-- LocalWords: Roti Changelog dkg gitlab newbody
-->
</section>
</back>
<!-- ##markdown-source:
H4sIAAAAAAAAA+y9zZIb2bUeOsdT5AEHLLQBkMX+Vam7pWKRVNNqNnlZpHhk
haKRALIKKQKZUGaiihDFEx4dz2/IMw88czjCQz+BH0VPctfv3mvvzEQVu3V8
497widDpIpDYuX/WXv/rW5PJZLAol3lxeZLsmovJV4NBkzfr7CQZfpely6xK
XlRlky2avCySi7JKzqr9tikvq3S7yhfper3XB7Jl8niySfP1cJDO51V2dRI+
mzx7+uxx0hp0sCwXRbqBFy6r9KKZ5BnMYp1utvVkRc9Otu7ZyYPPB4u0yS7L
an+S1M0Spl7UWVHv6pOkqXbZYLddwvfwr68+//x4MMi3FX1RNw/u3//F/QeD
tMrSk+Q8W+yqvNkPrmHV358+e3GevCmrt7AJyW+qcrcdvL0+SZ4WTVYVWTN5
hPMa1Lv5Jq9rmMWr/RZm+/TxqyeDQd2kxfLHdF0W8NE+qwfb/CT5Q1Muxkld
Vk2VXdTw137DfyzKzSYrmvqPg6us2GUngyS5xPfBZtMshvBBQ6MPg/ng57iz
8Hm9TevNr3GTpmV1iV+k1WIFX6yaZluf3LuHz+FH+VU21cfu4Qf35lV5XWf3
aIR7+Msq25bml5dw7ul8CpO8t3x7ea/nDPCHa9zjxvwUnp/Kz/Oy75fwzsHb
Kt0sy+vix3KLH9W4BQWMlS1/LNc/4trh7I7HST5O0nHydJycDgbprlmVFT45
gf8lSQ4/Sx5Nk99Ok9/k6/WmrOhjJqJHaZFn6+S36aoIvoVdOElON1kFRFsk
Z/lVvk6+z+dZ1eRZnbwukBLxuRrOLIOlHT/4PHlYlekyOW+m9M0CCOYk+SG7
Tn4PZzNOfvg9f1wu4bXH9+/f/0z+vSsaJM/X56f0QcYnB1v064v8olnBWmr4
rJgCbYVrejhNviuzIsuBpM2SHgIZ5ln0Fa1n+3iLN+lPsL/B5J/DuuCS/aZK
51mRfGam/9Vn9+8nb3Ik7Wa1q8IZn1/nzV+yag0kbWc+p/czza10EtPFip6B
e3SSKBlssy2eN86HyC5c3uk0eZati/xteWVWd7rO3mX78Bta3NMadjb5vlmG
5/JZcpbWwKDgF9e1Wdl3QHRNWYyTZ/lyuc7q7J05nldvjh8kD354EZ3Qb+0y
U5rIdCMT+XWO78fbAGykAM63SRu4U0iGi1VVbrJJXiyBmBo4zhMap0mrS5yi
7sZ8XV5O6dl8t6H9eHD/+Kt79z+/l12V6yu43RMeqZ7UwpDMmNNVs1nzuMyP
H8uPkjP60d060V8l/lf0A39h/DY/3uTAqs8Xq2yxgsOn75BVniQ4qcn9z+GT
s/Pz7pVcX19Prz+lJbx6iav44t6bRxN4/MGDCf7r/mfHD+7ZucIRLVIUKnB7
9nBW5ys4vDr5PruCu/kgeZld5chJ4c8jGCV5MH0wSs632SK/wHXoXQzXQUQB
bHG9BAIGyniTzZMzYCHAZmF/wwV9Mbn/2eT4AXz44jcvzp7/8Orl8++7l3bR
bKd5vaC1bXfze9vLLciUpirXwYJOYSrAuWV2SXmRvIZLkDXMn+FI0uIy69p9
mvXr1z88fpW8gq0vSiAK4DjA24rFNJ708f3Jgy950r97/PLpk99Pnjx/+ez0
Vf+pZPsqz2jy/5Kll+vs3q7OgFbvlTDdChdzBRzvYm+Xcp5fFkRGvEy4R3Wd
XuKUfkfPdn3XS1aP0qt8mZwl36fXVVYsMvjyu1fPvp88Pj87ffH4ZnJiIUub
mq7v/XkHogDFwr0/p5MMSAjEwR1YkZ3+6xonuFilVQo6R5XIY3AHQERWb+Ew
gH0hKfeS0Kdng8lkkqRz4CkwxmBwfo9UE9gqIspPp8cwGqx/uVuAUpMmGzg4
ECv1JmnKBPjbFZJfViwnTTmB/ySLQM3xAg/JJCOVCIagjUxYKNbTwXflNVyG
apxcgEDJN9t1hpoBbUSdXAJpVUAW+rM62dGqm1Ve+9mMaaU1DpOuk3V2mS72
raFW6VUGgv4qA/a2hD8KeD0OBZqcZx91DRufXAOFw/PFco0P1LvFitZOM5gO
Bq/w5aCs7XD0RBQtmBLcbt6/2l7g5OjlkzNUwka4aeXFBRxVmixz/AN/b/Z0
lTa6qzxeDaTVu6l1Mt81CUiqFW4djIrqRE2/9QuApc73uiWLdY5K13TwZFfh
tQCVIAMNo+FZwYbCv5Ps3XadgySBnU7n+Rq2ZQwvza9gAN1n2a3LXb5MgdRJ
G5ax+dVybLK9bidDEqh57odopkUssPdZW3NOauDmsFPL7CIvYMWwtAzOEgRZ
XSbpFteTzoH5wv6H7wb2wifWu8fwSrwiGxKlg8EdVIbpPtB739/JzT8/DAYv
eKPCfRKqquAQqqXZh/Y64OoKCeEAbnZEuvMMNhZOF3jvRQ6LxE2vQfwBO9gA
VT4r6yaBFxJNxbQPW7loWStbZ61ka/hvVRawdJqYfJOUBTyGdDgvl3scBP+W
HRzDSedwMdYZTA4kMPJSJHl4e1WWG5pe2jTp4i2cw2UKeg+Mh0R3DUrTxL9b
DwSIEn6RvUtx6mNQrBdv8Y3tPYK5g/YOGyTDw7dwrmCUAMNsdsAqzCTxY9TB
cDvv4YSICbauMFyZRQUqMDCJ8hpH692smCL5Rrg7G9wInIc7CJglrCZNnuH+
gsSsktNLfPXRs9enI775yutgUFJLtxVoCvwCsE/WqJ3TQkNu9BQvqrAL+NEG
DCi+7DDwEH8ABhdvEewYfMbvWpbwk6I0lMIsNeBc02ibmvQt/Gqbgpqx2IFp
lSzAiMSR0e7Ev3Bkd8FoDSBVYAJpDUJtDrt4na3XfPP8JPGK3bmTvCY2iqMB
uxSj9RSYwBqPX+437mqbIK5TN2+gJ3+FUHodvX//T8J+P3wYKc3mBWqQyATg
hLd4I9NkJhO/V10svnrwYMZGesnkQ1NOIyv+cQE6XLnNwO4EPXoZ0B2LR5xh
vIl0HHSStF2yMliCLru9wjEy0aEs47sXw+ngHKkdrloO4g4NUFzCCrcB6Lfg
gd3j5qz1RPwxEAMxZ5Ec1VmWvH+PmwC/xnsKjHNTw+bprQmFW73bwnIyJH73
xnGSgTxZoJEAZ460my5YaMMR5gXO+bpEOkppK4k9vX9/LseJxwYfuFOD9z4t
OqhzjJxAN+sJmLpLuH/AZ/r1EVz/JXFkvFOpKrL4AcjIeUbqVLlFKlrmFUxn
jQYFnVQWnf2LdL9Gkxg3sdw1opWkBe/xVUZ65SGSmuKiUpwszdEzwjGfSbgu
tNRJmM2BxOALmGZxwbIAdnOOm7wpr0TclvMaBQ9vODBisJFoBTDPzN0f2e3u
Q6VXiU5QG1JTiRYpBE5RCPkfmAVL3hVkYIsspwkSlRGF4r1FskTPFayl4sur
14C4wh28BUSATK79dwREcYtmQZ8VldBSOAlTVL+QiTV7owmm/vri/IitOqLG
ewy2dKKj85lstxnwQbwHIP+y5YQk5sbZEbBCumtprQ/AZkxaZ14zjdPBL9Ia
f0l/kzDeobBIL0m5gnfijvGU2/RlpB5yaRCSDV4SlCfJVV6unck2h5eARpYx
RVbZn3dA7+SQw6mqGgXPbnG4z/mC/gr24sH9z36BV/LUvYsp33MbIKZdASx/
SRrXHO8a7vEi3+akLddepSZ5xEsnzUDXjsRKqwZe5AX9ithnvbu8FIaXIpVd
g0qFGkygWSqfB8UNVn6BLA/+RGsW9RAa3yg/oV3CXBkuNVjX80y22nAEurgb
VLZYH6qz1rSRMkAdRgWmoE/N/IGbXOVg6IRz8LaFs4bwKWWarQfxlMJ9gXXm
tZ7wJt2jmyjfsm5PRxC7SFAvHJP2pm+hue8K1ZTTGlbFm9XSjrfiLQxVwung
DXr0xnT720Q+dgII30j3uXtxrbXALN/S8RGFyksX8GnVZO8aeZ9qjjl/jWIH
VW9iMcTQ3IxgmwMDyBPvmtVV2K5lDkyUnNz6vosSFU+c+raEhdQsf+BLpjVU
hUQPJD7WFlgnYEokb+jhkLt7arsEkfnTBJg1C4/a74ZtLNhMDQ2stggl+ifb
U9g36oxvC1K55yBCQA+YJN+xmkw0la0dTWXuh1l1lzVAJnm2ejt0eViGHAtJ
dDUpkA+FMgOYktW/0c4s6wOUiWTjzaZNuXTaYVOlIG8a1XRW2wlqIhsYviIt
52eekZXM8cHkfSIf9wFND50TBwyioSbbEpjKXiZ5uyNYrMp8kcnRyfaGC7tG
W7mlUxw8Cr5acOeE/3YuKqnTC5yXakjpYkGDkzWFF5q1LaPGbGD2Ff7hT4ZU
FtU9kdXWzW4zJ1/CfF3iXY2NiXFCsSl4wPlVxIbSz52OsgApBfuVIqss4Qu4
8jl8XqDeKiwlZ0nDOkvZ640ySsLDbJECIyVnlnvKE+JWfGkkLWDjUWmnL+CA
0ZUfTqAhGqe3L9ItMWa4s7st0BpdTZjSnCWnMxid2jfPGviIpSv5cdO6GQu3
1o0JHSbIwfDQiPkvy22jti3OOHKcgIja0xqdOoTzDYy60wJW+f6925sPH7yd
jL7Z3TpUF40eJhbvXtbo+bPRl0A3fJnXb+tuJ0E4m+Sl6h816InsDJtsdumk
whHIbYOLZKWiQ5OzTseQrcIHOMbkosoyNMusbQ47BdxVdLW88A69a+BNxPz2
do4o0vXf5zQHdTojQwemnCMhy/TMO/h6tbZghCdAA+Mlw6ANs+KORdDocIEx
GsQqf3sZwPhUMSAji7xCcB0ucpbIP0VmkYsoFkBTMvvb7GTrvNCLRVkp+fet
hoxhVKFRqZlcsP0ZMj4ymVDLVYsJXwYnYxRs0oXrXCyT1JwWaYHeEzKWq9oh
Srv5K28qvgo2FkNAsrdODyNnkX3fkw4dZ3bO7q1Z8GI09NCg6jBbncsC6Zbs
8oxt2GT2h+l0+sfZOHhrQMH0Qn4KSfeaeEY4C9K2gNKQxQMPVwdSzlok3Si8
Lbi4rb9xXad9wyEjkSTXZfVWXC/q83qU17Co/dA41fP6BrXMiBvhDEseheSO
tRztbkRvTB6zF60e2lNEFXGega7B3hfPAUB2GWJtVjHlXJOy4fbS2CG48jVH
ikC6Okpggc+6fsd25tZtBwMCKS4wpWMpigEOkb0D3SnH0BUTX2yzWcJgiQq/
2pPUwI2Rs4KDy0ByqIDXnei8gmMeAc2lGv2QexE7+KMfSn32LFKoXpAWpKdW
lC01abXY0tGdKq80WqbZk0W52cKdXTrmfouXik+kKI3PgyiaWBl6OvHHffsF
4pnsz5+o36tq28k2+VMytYM5GOZPbOT5BUb9yUqL2DyyTEegR0VZTEj/gRmM
upTaw7Oxwuyx2/oOedZFrcQtDwk2FP7PSlCTOEI+QH+6xgrxvixLunE7vBOU
l0QLW5I2x/oBaEfXZBjIKynAQVpi4N8HixbDWTjLKHoJC+yPy9HyFiBdqsAp
jC8ZU9AOZ9e69WMXwdS4yTxboAwDMiUBgXarlQJ96sKKdh+JP22cX56mU/to
Tu80SG9woRW8nKSqXmBskOyofQfDOoKNXe+WepFEIsgujtxh5sUVENAyVTXV
TxKUJ9R92bPCNFw7z6ChUpq7sFLyCLxrIi8EWD3h61XrTckpGz6cgPqSrelO
AMNdUPICpt/VjcR9jnZO+Ome3K0TSYwYoZW0RquEJQNeb7eydujWJ6fgLPov
OyvtacGqffu42xcKTxwVMdod63xf5Uu4tuwDRofREokgrfbi5irKclurl8p5
cR7iSV10nDLy+rY7ZRwE/1yGEGq4Trjodh8x06mDD+W4RixgydkjQhS45TZj
f5GbunWSGenX42m2oan+C9u+q6Gb3Dpy2zeavYAu2FlRIBpty6U4sR/CF2Qo
n4HMga1hyQGnHE4fNS5ynxp56kxO4dZgNgWhW53Jcuf0x23ZiJIZmFVjG9Bf
ZusceY3+u50EocvCpRToCRffM+kicIn/Qqt75XUP+R5dRXAtUpI3yREMjOcw
Ep+cqhR00mgnw5w5TyEkwVerHUsHIKA5qXi6UKauRCRIMtetXcjWrjOJ1qEP
qNj3ZYPA18pWKVNAch/06oCBCzSyZsuU9Ue92Nercg3SQLWIXprSoDLpWFft
vJE0F6u5tQTWK2LPhh4vcDz8uRcKUeRgnb/NOAsjZdVLzQvmhvy9ZdJ53RHv
ZsbRZQ4IEag1KPowURqqcDJL3R/gXhRHC4xfkk+hZsIqL/MeVP43IGr0qOhC
6WaK2UEWK11tULvK3eUqoVRSYKAJRjNAzGTqWDALyNB1x9JD/fZyRR8FF2Jg
Ahx0DqDtIGXcKPPdHZELhkZHDTRYO58HPFcExjWMDsR56/GDwUFq0vYDdyLz
fpXllffU0Omki5Ww0gYfXfpLiEv/DTkzSZhK6gjoS02mUlIzvzkSBdpIvQeN
cDPu8O7jtgapAbQT9YosUvGU8/wivRVFE5Eokz1lzjTicrjcpRUsLMP4C69Z
CSyvOlbUvmMLcmrU4k3La7V8MDDlr7VNbDu62f2qiVp5CfwSGCGuPSeGG7LV
5EiMu4WEi+ia6jUEMQf7pioE2kfwG9aMLnaktymNXKVVnuIqJDZFW0r8Ssba
gOYBtyXlzQSy3sFcVHaStQwU/py0CdSjy0W5JuoQpTp5PHlm8pH4YPAK1Bm6
xoEctmleidUuvyYVwPnzmP/0JXJpMkxnBqDXg06SRyU8UPw229fJU5/oRHM7
evTbp89GEoX84tMvv/jwgcKru5rteuAY85zTJ/lO8VgTjHR6PSlMXh0nL7Mt
Js2icKRcSWVJwDmOHj07fXmmb/zys68o7knk1d4NtxEp0J55L7DEXSMBmDDN
T24yTR/T0oB+LknMl5znsiEdcVfUJSXj+TjlUb1NNyOrBOHW4u78O5oxKAp5
k/kZ9Z4KxoZNGmK9AJOOtjQnkbBDIkKTHNPnOIuQ7GjgrDtUbegD5gsUUcGN
5DB1cvTs1SnM0Myp2W99HhUljcIjaAPDf8ycMOqQYbpQl5vGrQgYOf30tf2p
dzXNxQNvXk9pSm4KuiKbDTjHy1osvR+dFjjCadZ2VoH3XN1Jnt10vqc9rqY9
nUaBFaKMKqNUL1ixWYHmU2RV6BaQsBSwWnSG4PWfpMtlNYHjKC9gWEqfCYKd
ndRCrrkekumxU+QGIZP3ETyQR+UN8TCNyF5hdQ7qEJKfgpwN5yJKZWuK9sKI
89yFz7zx6Q4UrxDuvY9xxKdFCR0Y8nCRvaKk2cKFa5yDwFKR+BFCssQxaM6k
hJDMa6qcdB6+sWgebbASKRDnJqWzIEUYhpJEejprSU3Hd1Liusm3j1IQ6fl9
lmJ67Dn5xHym/4cPNAJ9FOTRwxf4MxIiS7Rb1/Dr71EzxAWr7i8TEms3mD9H
dIlubiaQiAZYHp1KXi6LSpRGku4aC3HN7TvgOLMzo8hdlGgMe0x5d6QTwqsk
Q/DIhac4xkjmWUVUeatX2bQs52SG6+0Sd49Yenx6/PkXLop5kIN4YjRpy+Lu
cKPaKRjD9Lz1LTub0iJd72s0cpARBXZQewIX8EfN7IfHw0kHhgddVU6RAMq8
ZDVbc8y8lItzsQvgdDW5HvCAdC1jHs4MBY+i0wC1JZRIXnPz95ZifzZn6fu0
AE3xMuP9fZvtMTYAuuXw2evzV8Mx/zf54Tn9/fLx//X66cvHj/Dv8+9Ov//e
/TGQJ86/e/76+0f+L//Ls+fPnj3+4RH/GD5Ngo8Gw2envx+yKjF8/uLV0+c/
nH4/7BETRDRWLKT1wFs58JuHZy/+1389/izhDNYHx8eggMg/vjr+8jP4Bxp5
/Da6h/xPdKkPJC8tp2xpjB2DZrnmfDROERWu9ckfcGf+eJJ8PV9sjz/7Vj7A
BQcf6p4FH9KetT9p/Zg3seOjjte43Qw+j3Y6nO/p74N/676bD7/+FeW6TY6/
+tW3gxaNnL94fPb0ydOzU/xd4qiDTxFrW+Gz3z19/GYolO+2NjxUsrhVndOD
pNogUNiArjFtXdMre84/Cc5fj/rBFyTEgeZfgQyvef4+GQlzvp3TiW6cqtt8
f8jsMhM9gVOXqy3lv9m9Z7t1k293FcZDvM1HevdjvPQ1pxVxxMVzTBxJL/IJ
pxJqPTHr4M+3WQEPmF8KJ8Rfik5+kpwWaoComk5+X0698NF99TSDwr12/k3U
tGDJQ+OrVJdd6OgdjmTP0F/JJbeopI1ZjX1YLve/TNwsP//0wQPa9CT5ocSa
NOCA6VWZwyGBlXG5I5dZdKfx69rEkvhcpHR8SBnc/Hc9DBLcmEdjeQR8C1Ry
ne5rTj0d2oWHqfxs0APXzJdo6l2wkY0EG25C+1cohCvcYd5EMg4/CbYYDiQM
J7N2RcYNvwiJeuy2k3cQBsRQ6vBkOIq/4h+Ra/oIrYdsJOFD2CE02fi5s5ff
P9Ej0CN8MH0gqeB8Ih06i5+8/AgOq00L5OGrQWRoeBMZApfFaPmcJLaQsoGp
znsQke8i/TEgjqTrRVzj4cnYJ5zG8bG6hPc0Gn7HJ54FIYmDLyA5n4LBFWSG
cNYvPyJkPzL2iJvOTVNB54b35LiX0WbjTeEtfkiRGMmmde/VRdAoTAfB+p1D
vSDPmHoYll6FiB4kuzPJNltgKsTG7ZLpA5o1BksoNxMtKuerRaIadVzsJHna
6NyP5mXTlJsROsB7z9Bl4krev32GTkp3mQ0s2hvhYjU/fCQOWzBbiNvCjo14
b0XA3//sc6Bw/FFT7RaNJW2T2HT03YvRyW3qLMNtrMkTz0nhGHuCd8/3FBOj
f7swXK2VUtamg4mEaSTfp3t0PHSWRMQfa8pJ/Pn5brMBbXCcnNNydxj3jMKh
zzDRiLbyBUx8TGVTkyediQRITpREVZGkZUEcX95/ejp5NDWoGtkD3quJ5qF9
+IBr9f7ik+6aKRNX7khpPWRxJsBbZfgfymLCO6JxH+CzPslvWbL5t++3RDAE
n0qRohk4HLQ1ZN8YLIe61gjU0E58pEvXWv3U7F8YlD7pCKK7KhDJ0yBp0ZFk
IsHnFdWLRAsIvCGl8SaG1mpB4dE40eyT3ojqbaYbppX83MmP/dQpHHcoj1j8
H3SRu1Z1Q+bMd2fIQzCWyNkQKO4Cn4ZLau/Lge7KnSMFmJNqetO6+qgmQSUQ
ppXkPuifiY97SMg21RWBTgz5NXkjU6jNFGopg472I0neHPgJvUJ+cSHMhB2g
/HJU+GCOu3qII53fJj0bH4RDeI75a2jvIts6kWCcZGhRwGtVOgGZcgJUJonK
Rb6BM/EJWWMxy8nz1R3sZloVTkBvwvFB0a25hC1dXiGHWzJdXe4qUT7pJQ0m
dmREdii9KEKofroCTFm7kiHbIo9U8T1HK6O/oBYxiTD6ONYVzrNVepVz8jis
G8gaboM4AF0FbMftY+0MGRKGSm/jnhlbK2mV+WxjEgY3ywJKhIn8JR25tN4C
xKBVK11a0lGvDsRH4vwcn8jSSqpSX48me0j08mnRfQ7knPqJh+FrkKNMsTEn
w2Ig14UysDSYaazBw3KlUa0kCz2M3pVpgpJzlvHxK6IAbJc7R4qgU/AELkz+
F7C2gf1S9N4VGuF7OR3AJ1uHPncOv5lYILNElJm9xSVshiwxjugHc+AK7dTg
HgcbVsE6iibEp1ahfjeZWEtONoiKi059UVR4b5C/FJdrk29F8ol+08Wn5VVi
L7hfh1MzuVtEhM/ZbecI0R+eSIXw9FoelCO6l5KWiWFWPV+NGSljXOZ1tdu6
0GKURy9BFDyWLCZdgzYSJDaA8CaljafYURwv4jZgI+xDe6UinjV/zwJ1kLRp
0HqxCwnqHmyKhy8yjIM2AXfVoRWqQ4w7eM2agvcU6XVR4xZNmZR6zyt9DMWv
tWayctpRWBRx9EZLe3oJQwSm2nKfTz/FkW/Bekfw2ldVDts/oRp9T5vwxXm7
BEKMKkvhtZ15fB16Jhykzgcm0ClwJ6Ilx9hTftx7qmNPGwvKx5y+p3XWshOX
RJyY3wTESAWhYUJCoWl/OCpWhpGleIP2nazL8i1Jb4plSO5kE7gL7ThwuP/y
L/8yOE3+/re//f1v//Hv//l/StCBMOq2bxf1l5NNvsnAgMb/TJBFfTPMxKBb
TjDlAEHwkr//639LjpYZbRfe2NHgYfJxg0rRjRsx+ft/+u+Ye4mHzyOeJTLk
/4AhnQl9L5VkeNjPXyar7TfDRb4F6h8OHtEof/svPAdkiffgduQFPhUl+n8z
PB4OHieJmTM9j7hjfY/jxg2ez1ExZXZJN+UHBGo7JdXsIRFIl7OyvyxjSg5H
GOLMJtTmJIHnk6JEJ9wjGv3xiI27ngEVnuDoNnoOxqXc1AOfVYN1ZmIh7Aqf
dHg0pMK84aita8v0e2qtj4Z5UXT9EK87PQk8R1x0VFqy2s6QgYL6gsgu3SWb
mr86O+MK4QnCUs5wiIInk3ovlMgFcodSpmJQ7orRdQnadxopT+EkyIPZNySn
mMPW1is0VIgPm8FdxpK66A1cyDwqEDqaGWqejVA3R5YvH6OYh09RkcPt8qwq
KnxNl1r3Ela9krt6UrMPhiyZHTr5fZBSTrjlfix4U0+J15DiJjaMMJNHhOH2
Br3sx8fJvwdG9uD+g0+T4y9O7n918tmnyeT+5/fvD55U5eYkeVjOk6/n5fzX
wusQB/LbwasSoRBzWNXXKf4n/FaSFk8SqkQaiLk+efroJPka33T/+Pj41YPj
+1999ul/mB4/+PSzX69X26kM8e3AkshJ8lPYHTLQye8YIO0kOZ7eZ1ZAe8bE
3bdnZ/+v79l3CsSFtPfvS3SBc2noohn8NttTQOyEIe/go3HyGmOyzc/c5Fvw
6vaefvdi8hwJEHH1brM5/vlD2+SfOrxh/rmI3PwXH7sn3fLioWSZKKMqlnK9
OlFgWKAQPk1aT4D/H81wd2bjZIarxv++KvH/+8kRi8CRSFtRV82RK9mTUIx7
RB07RzOlh9nIceeZLn8WTaxdsG24r4gCNi9FDsAqnD4dDpUrg9H4Bz3aw24r
rI/ZomRAhtrlsjLM1yVoxJ61g/A5bvE4D/jwnj56zz+niUFmf0hRRvZCmS3o
6+13c1MVTtnrB2d3TCzcKjhlc2tmegbKdI4ZRem20v/pRVtO1ZoQZTcL14r2
R3HX5X1ZSUbOM/2eicm429rqAqrVh3anRfOsY/STIsNwoBaB+jdpI4/6+G7I
p6yKiFHBOmu+Ge7qSVov8nzYowf+cvCzuevgBQjzmqAp0Q6gHKotEivtHGjV
FOQCIn212lX1MkVPcYM1SJh8DBrgP6HwSYu39XgAXA/hCvG/yW/K4i/pOvvL
4PQM02wIZLWbCZkaDlAX9JYxHyD/v7KN3vhLB/Fx5PYW5OcKBpBHcJCYshnJ
AvNRv/SiEV3KntqIuQQnfhptuLs4V+J+CiAoblI2CG2VA/ERJeIIIM+D4ZVx
faEH8CKdrM3btJCeU3DS2oVNg/V7dttJcd36cKty2eGB1G0Vl3TC9MAm0Y7K
Nim/lXEObAdy48sir7MDR8D8w2jJwC4o8kuVKjwzAfpRAeAZPoGaOmzUQy+Q
s5PtwJeYquwDG0wl7DwL+QEJI/hbgAMbMRCEbWsghpDV2D47yqaXU8fUWQaO
pHJT8FVJJaByz8w7vCb6ucvZdJVb5qupQJBKho6YD0+4Jsrk6ry/E0R0PkTu
B+8SrrJ1hl7bsStDmphKqsyPKPvR9+4jE18fMUAhpVs0+k5NGcUCDEx4Cp1g
Gmct4R68zTghVn3IFsjFW8UcbUH+mPMEJR5CjQXwALd1tgPyROhycsRYvpE4
+7GOXeYO77h2KIX8oDPaIlFs77jC5gjGHNcbu8qkWtDywsqj7nmdgLyBUwxM
3U6sPg42IztzD95mppTEs2QD+6gTV3Pkqh10WEzNJAwHoZkewzt4jbCeqiwd
p+t0VZAjNbL/g5ffdqADjE/VGpdSasxvOrFb5xe3eLtYzW66d30WADkMfG6f
mdDdrlR7TSX0ABlGtoC8fn/C+N/fDIFAwiMPKClIHvswoIP+Hfku/urLYFCj
+yvdaY6Z/7UVM/5r8ogmTs4FhELW//tr+Odf7YeDmXoo4Pd7WLz+f1Ao/8rS
xRbSk6fC5wCYE+v2c+Lw4heJxuf/f/sXjHveMNb8JB8aEf7nq+e4QIpjsVGU
UHNoXTQwho618KHmEAOXj8TkCIih5cb2SVCMwwJPZd3XgnJ1as0h74GDiYri
PbK7upVGXB2A2M1UdZ32LZ2ETLH8yAwAMhto17JNTkHncCvcFo0FRZsqKnvS
FLoRd8gaaCS0FY7ewTEieABHREG+hyHUFnVwOs2GEJMLBlOsJGO/F4rNu+06
8iuEG7sK0Cq/sllzPbyQpy96IkhzQV+UljQC62vLkPooeQPCLJXCYcul+4+q
m+R0ZspFYT6YwRoM2UXBSQiOH8RmDkvRSMVjoRrpy/0ouE68Fp3q4kfJXJZx
JEID4eAFUiBrZ8czLWg9LINTLCa94NAOKZywidE0Zi6gwb4Db+zO6EpyRD9b
rydSOBXc19vIRUQir/05dtwpPz9OsGH0UmatJtYMGl1ZcRi/B2RpyBvZYwAI
zedSG2or7K1qa0qOBSG1K6mpz+Rt44Ep+FvPrAqsYXb4CYIpGwN+mWRDdw+7
aiHHrsiR9hXzHteImbIXoM6G/FUVxpLjWTtwDhZxyE4UoS4wkvT2kitiW+Vc
BezNVXjp3VqfBMK8wBoHODaOeKRaZd/VOQD3ivjRGqgK6HBCdCjZ3QLAn2PK
V9O/nZzTFNJxmC46jV6CtP8z3sFXp/sVSyDeCe9iyxC3L+QSAos33WeCU7UH
6pji5QpPkTgYe1o7E358wRyoD9l1lN3vXWfKXUISqbXGcu2AdrorK7oZew8E
GTUqkJwyx7u00jEGzqaHdU312KfId4DqOIgAzE9MKy+ZgRPF0EDjSPkOwFGD
XWhVLD6VtAss9tuDljLPlktF2NrulYceVrEywi9Aha7udne2LJYt5hfciOY3
7TjGjFKYascgvIQ3qQ0246ekwmPq0iBNRvatEKYDqdE4ptrraf/uqfKBuBK7
eoL5DojfzUzIxxt7Hbq5QcuAM+smOvT6Cr4GY0/X6sGXWsVgRsFcA0yTXVPi
xBYOpFazuAVuWgGHiO+ZphweC7cOOd0rBLjDkKyWiZpZBuzeiMus5XTnvVM5
xQDEId0E3q122qLkc5GjyRo1kmNJWp6U+ShFCzj0AWqtCe5iThmbWO38juH0
ZC5Ktp3Mwt0KhamrMdOVVthLCL1XzHoQ6oCSbJ/NMIeZ2A3eR63ncw0fzGs+
lu31X/0LZvgtrkLkQbuPxYCXRVmZ5AApyGN4VYZdiNwBPkPU9hCiae5NoSLn
gxHaJzoqHqfUAgUd16xwmx0zetghPoXOIxf2Yh1WWFfMhyhfPnPol+wpPTLJ
JKNom6eH2IFtuuAyvrD/Ud0vqnps7ynBb91imbP/MGMQUQoq4Xs+gi58VQX6
o01ZbtG7REkwkc4N5PS2Pqw6wHcTu1JZHUuY4Gxh9teEhdXXNQTrB9WKfN7Z
IsT1I6T6pryRuiF6Y1GGs9f3CTdZqo8wYgd9DN3dmdC8FqmIJx2Y5/ymP3FQ
2bVqIZ7GSEVO13RppR0a4AHZw22TOrQZGZUm7/JouBVc+A7Ercc6R80p9JZU
xOSJVDt4u2L33daXIjzVqnnnJucHpZqZoQghwmBlwHYH43XkpdqofwKoOnXC
uYdbyRm2KdxZMdi7VdtHPgv3/R3QXbV3LpVmfBC8OS7NVBdxrL2qae1LcX32
4+nDH55Ivd3nDz79DDGE2H82oxdM8MJjAsWb8xf4n9+dfXf6csaW0uzJm/NZ
UGftarQ56nEyoMRFVc2pzeI38L+hSxoZJn+AQf6Y+Hclw5NkKC0Z2/+nQ02Y
JWAxY/gO+YJec/TJEY9Okx4ln8AaRpHPy/5qpvWPpFPDPZrtCuWD2XLGZGe7
Mj2Yfh4U445d+0EFeQSruVxjaGcGf010uJmUW1Po6nBlEhg2B0trELDg4Ah/
PEkOD4EDnL24+TGPnX6wnukmLHLU/FhB7tbbets4aVg0FjU32gJUxAMj+ewU
GIpGvsZ8Af432bUe+ompKBc1sbtNFKfA6Gbg1qDFTzh+ZEW5TPzCNz44uaGK
rKPrhDTC+FUrXsleOFz38CAFDIltYYUbowyST0tvrDY6JZW4ZMj7Cs+RG4zw
DnJzNq1CGzs7VDKlVpwmJS3tMo5Dkq29qErtl1NuNrtC7UYwd+DJvF5l3Erj
ModZEL9Hbw3VvdVjE8erN6R478DGrLg4lxLB8TF3SDqKtLYgN3Pqw5+pL46w
c/Uc2LMFKZCQcKq6F9FdpTV9kdwKG5qwzWDyT4+iGwUG3g8lQ1tWfsMYB4pf
gtMUqNvbxN+O+oFzR2OpIGJYcgEVh5NAr5dB5Kql+V4bt5pPJFQ+yC3fxOVM
6jxJ6z1sOR5oLqiWFmcA173O3uVUNoS96bSliMNtVVhD1le085cLbSAHqTLU
cIBEqnI75qQg9BaZVjiZlD23c6HUqelUvKZELzZ2nw660RmKKNAVIOpuajVc
KtBk76oxnepkKDreNdhQw2kITIf7Aden0jE6cNhR9ciYp/loftQ7ITgRNHtg
Kld5yh7326clsmcNfxwoGqvFduLrfz74hoP+7l9nflN4codFGTEfLbAF2bvY
zijZCv86YgANYLs/5sUo+fu//t/0N0xydsLvdT9s5GYfslJMT1jYphnpMIIr
KrCUzOBn/MIZza26VOeaINPvqoJZCNmJ5EwUgEbza5wiZVFd+H87PUKQM+Tx
Yrdez2JrIY6b45XQVtcd5cWOaNGCbCHBKK7tbRxkfKKZSQqRgPxWc1OoXqrc
ea8gvg8JvkUK7E9CfpbXijZJdMg7nxfotaNfFJzpMUE7A7PvyWbzSIXWt25S
MLztyYhNESqQxaex2h1QmGPfBuLwkANH4O2NkuM9pQczMpdZupauqIrggaZh
e7LO7EK3VG3qmsaB+8uVY9M+dnc1mdtWonnj9x2uHaHmI+4efDWUJiXDsSSL
IWM8W9wNoG/HLk+M87g0NSm4ymT87UU2Rc4oT6rCFBhvAmsYPY2NOF+jBi1j
keEHpPR/M5Q9+BHn9+NiMYWzG37A7ExOQn2HLSwG8L8fowf7GQf3dc8vEsTd
qeg5qhC6Kw2Q7544K4PvenKXdukufZytQbZ1/HixaP8O77X7Uetbnhonmj6h
zhD5ZSHV0djrG3GdMbcFlbBFFtf9knlGdNMy/dhi9ax+bBiQOtBMDoQz+Yjp
8qEusPFs6dggSlL4ro91JUfaMaCbc2kyZ4tXdXs6RvK6EIYILn/RkFaE5AgS
vxG0MJ/fwf9Gl2A6HyVfTuZA+uiLLpLT87OnTy2A0VHpm3vgtecHqBpY0gZQ
410ypfKX3kieyXcTzFOeeRwaNQSl++eXhN71SrQB6nQpKfj+PLQZLtygbLEq
cliv8gXFM/R3RPuQ1JphT4hR71BL4/tMoB5Xgp1GbFn8mZ6Vq7jEwNEFJWmu
Gy2mpzP1+SWYy6Baq+Jawht+eP293UmYoZF3fmWCW7dJG0HVRvgEcj4R6Xal
hnWKZ/WBwBaeMnDYGbaewOU+IXcPY7hmC1FOLLBrthA/CBd9hC8TGarRhoZa
3C2VwNd7VaTgzWM2gdQwQJB/16jdQeNLgABfjRk3CiurqlUX4Oyo1RuLbi7q
PUOc8dAxsBmriDO3MCra82qKllV0fN8+jcAUf/+ePsRMF/fjGl0Wu4Iyh+KA
FnVMWbpaR7QC1tmSKtdp0BCoKwQQ4OghpfYCs8UmfnbCFoweUV3QW3vBjRqp
FYqDQ30qutpLsuwoPQAtvjjAe6E9obxJXGXZQWU014JhNm5Y3wtask8kk70s
l/4WoKGykE4+hPWgVhwzK+0paPwIjmoUVgKWo9oU26KBB0EDNl7z9h1GkPdK
yXzGl5WMCSRnMUhEKsMWae6l4BeW2v/V29lsOpNd73DWmYFlV+V65wHJMJOB
IJEkM8R0gU03petE6hwFBDv16lRglEqE4B0cvVq5JO9ktd/iRFn44Asj/Siy
PD5wr4gxXZdY+qM2HcXccKscRVSOchTGeyUdtjl1zSF3514CT0faoUQaQt/k
oNPO0dRlS1AeEN3egvQEadiHB4yAp6OHkGie+pQV2EKH9xVBe3k35ReRm1Kp
7MJrr0N662q3SYuJ61QtVQdDYTs7YhJ5pZ8bpG2W+pLCgH6/EP68DloZ+Q4K
vivDMqUWVeRXSHvUXVOXd5GjNCOQHxQRCFqUX64aMd3ZmRd75M2wgh7h3S7B
UXHPK+oga5TwtLmF7h3JaVG7p4OHe9NwdHZGlNDUzM99WaFUdpFbSIJZVYpY
F+SciU5MlSzGPIFHb4hYdWrdSrr96rY+8b9ZzwYK/sPdhezT3XFy961s0t0/
/gz1e2ZX5Kx0ezXFHUh8SZKNs+sodUBZibujohVjEsMhiDLJnwZ5m7/NOJ7E
GWtRi4yyMq30tJmsqEfnq/2N/Khe7YUVBW0RQc1e4yXBpCKUzA7Gi2H+G9PR
jAoGQUYv9hMy5SqU7KMbXsw3kBO6NPrFDMXBJrFihV056D5hJ4GgRR0GhBck
TVGBYA+70UF8sSyNkUtF5TptgtYF2PymETXZMSIOzVACMs2zAomFBrI6IXqa
dGkTyUpYH70NT3OVb9sZzuLHGMIJDImE5rsc76u4uzzpCQo5qKRkjAlSLs/J
WR+SMMcROMp4oCwFrzuHmijDF7nBbLtJ5yNEvGXY6okinuG+YQD5L2gnSroA
F1BHWbqd3AOW2c844MsbeEYHy0Ae5vhFfiE/JcdQgfIrQQFGwex5+c5fdb3r
OH33lDcYNElTWEHHq5HbNCXyGbDv/3jbCUzWoFyYWayzRhdIqVOK0Wof909T
VlZK/mz6GmfBrzsJwp/oUha1/8DadBCgSZlCa3fM5x1bj2H6m7cen5ogydg5
mt1//Yoac2zC7e5zpsQSoi0ffrp4iIRDnzQAMp3Bl4ScLwCHdbldkaZPfAU2
uNaK9kABAM6Wb3drkznscjm9PEk5fTsUKm2Rouz9xm6r7+/0dHcdBG15xbdB
nZ22WE2AvelwMi7vKk2GvS8bytu0dM+3eO0Xb+oZDBJru9lGUf4YZ331cpH2
szcpIh0HHfT79vmFfFrUv1M8EcQeVS1UwFEFhvTOEpTZs+7ZzeKsDoyq8OHf
cK7yI5Xc7AmmV4pSvLzVQOw75gPrsh0OeJNTylqpYd7f231IiwghU5I3ufic
s0twYizTNLnWtzPQ2+WzRIFUQA6iop5SqHfa0swOmj//SIc4RaPDxl19r2Tr
mnwl4rMN7bAo0Nar5Y+CrAYYdNOhw/dlHEiUxMFWOqrQ6geysHbU/Jc8XTRa
l8EYYKInR0EvbPyN60DqEmIcuiVFk/3o3PEz6H5d70DfyyX1FWxSk8atLRYP
9OWWKJaPTD5Wl0QLVFWjFRuEjGw4qcQAtR+8K9ShHjsU5e7GBAXYlNatbFpc
oEy3pFwWgppqLy6Y1k+4UZ1L1ZdwtYgE5Co61zDNwKQ/e9T9i3xBKQFoQPPT
UT4DK7OYOMK9n5mPxXE8bYY30Ro5aczKTU4boEAiPFT10wpfw/67MB5vG6P6
Zh4gyggqkLuz2rp04QbU0HRLbrMYHbC7j82d5LkKqWcojk+dndJ9mp5Znv5e
olbU0zIycrqudXhl+yiSancC14paWHjctvt0rtaFRckkCpYMFQZbJgb2qhTG
cLaIg/TKDrCyc71nYuO78+zVi0TRt9hXTf0+GYdV7Z7p4HnlpyKIM7OX2uxJ
GdLTYvIS8xonOBNN//BrRi8QcVG+YBpZFjEPphtiAbdMScl80lfXyJryokVC
pgNvYO1yn13Hcp1LST1F7ArJOF+Ew5VMOdrlkANQ5NaT2V5mkoNd4ZzEMYoZ
MtJzOsTsWNHGBtVmrg/GEnar3NNjHoea3+kxP9hBtiprn9fWlw4hSn0lfJl8
xMwqZQx0RvKNeMyQ1L+x7Em94qYOr9fXzSETBrb2SDMDafdGRyxOU00l1YKp
ZRzB6eOl3FZrb7FdeYy93oELClst1gSrp9am80kTmzOIsGwYJzU7DXyrMrfV
VH1CBVlUJ6K2roOYoGRSVzgAN4RKMWAiMK4JlLHCRLI9OHKK48krCKOi4EY3
QOXS4I1cGjRJLoRB6Nm0MHDxe8nGZRB3HxTg9GXs/0qvraLwxkRKL4X2Ne1O
gn3G32EI0qQjEXSFY0kc4KBPJCx3+C6K3wdjHut1Vlxy+wsfx5CunDiV0YBz
JeL91RL/mpMfy2Ii4WNgT5gHwn61jtRP1uw/MrQY+WWn2kE8mJHREz5irBC+
OLUZOQZm2JWGBRxrkVfwMy46kC0UBIE0+dOubnxCrJLoMrvKU4XWRTmEtyJ0
sW/S6i3bccOX3sgcaghPwhsM7UCASliH1ZnHYU4aqB6RtVhZcVDaUl/1513J
CahogyjYNOowTAZ0Nz3E+GabLqj82vZbdjBBnN6DSThjR9TU2hd+hMxYg97d
egc7/6WXFog4jFegDsb7JNyEJ3QUWhPiMaBYIjo/uzdxqvlQ3Gl4zJKNZL9/
Depy/edA6dwvXSTUcev3d1x4dIKr9vZdCMyddjQd9z5P8faRvPH1yUo9Uuf2
qhWLtc/bOhHR2kWjxZgF4hO1c8pYsz9q5zG5+NJtUc38BZDiEOVavaDyrSLp
Z2jdkIdDKv65FKZv7oExHmhqGzeQjBHBRZ5haFGhJEld6jQ4HQYUbj/LwAvQ
iHVMBzq5ZIgBpo1sOZuGFMAl6lIds0LMvCzuh96uaeEM57CY46LcoeaQFnL3
qCeCNjSgzGVbam1x8p+6GnYqz1loa20qWwcStwm6yGQ8XQb7gT6YSUJpTh1l
vGHNmHDpcJhzRT+JHAmGgv1vJJGFfG9UKUgSx8IyU69zkNTU5Yk1XL7COo8j
bQYg+U7ZO/SYWb7clVOiabQCbzjZgMmDkmVSXnBiyuqCgURuuRu2stxO/4ZN
Ye+KbEwqVQtTcoNx0g/JPbN1smHRMFpp6410B8cgdRBUCuOmNeNXPGGL1e+Y
FHwoihsHKxnBbpIXE8Fblry11GYSaCN4Z/TGkKUptwhlbYahoWMc57i9kOZN
OEH/MZBWU8HDC3aJsy5soEiOrK90Txp6cV2d2+PMN7aIW1mYJFUKDbhzCKkv
p6rn0ZTvrWn2EKEmBNifB+AnHESp+K+VXjb4hjfMNrZsibZC6wcq3MZCS/JT
ygwKg1OuPtE36XC5KltSvPcRKbA2QVnwwYu1mBasvLxAaCPCtaQ1kRJOLoGc
u0NRhclB2+zaaV1c6SA5Yw3ade0+LSGmkrZE0nV392j0aco26Zd5f30z86eF
fQIT/IRhVAirgIWhFBx13CA85Hxpz3hOV0WyrUSP9SABDtAQGX57Du/v5P4n
mprqKZq1nJbwkNCECWOmBPNkzNhW4WYo5ND+dyit3aXnq7QOMcRmlC+Pqa4O
hg0FssNosscmAlLOzQtM1WWmA80RxzqOKEc8NY57kUkkRHAKfkY4kRCNSHt4
UQGWuBvJoOZKFrYUSRul22Eg/24AgtCWG4pzpbsrSLavgx4Gz7t6GMBBd8Bk
ySak1nHrfWckkhtu2toJJUe7JMPW1LaSoUl69IqEwj5sSDF6IBc2aaq0H6CD
7olbsLiQXE9lE27yDg4xEL8UyewGb7ipWnsaNyVO15fw1ma1cQUs3qehs5jB
R5v6kspRqGZCI3DB3vawhFhDjzoJuezp/poQ29b2Y/DGnOSNyfw2oJuHgStB
8eAripjrTxvjWqjVnYAon3nFHWyltejsaDW+GkWquiYY02fnWVOjXicczlfR
Rl/4sljgHzWqdtpzZ/AsA3GwpM471CgHWNJsNht0DnPEB8vhSvwHxXfQ93Lh
UR/o5wM40UW25PGOpyDYGyILmcQsEbhMJXddat+9gTcVDrDlRqRQ+8aS68ds
IkPXHUvii2nH8CrjTxvnieZI6DIxC93sBoV84TksvlpRQpcvh9BEAPj6HLQq
mNDVjBUOGOx4fHU8mqlf/SKvKF+T+jWf+LbY3Gl3j4muO3ay+XqEqR/+lDM0
/LD4DreDMsXHJjkt+A2tS37h9wtX/5JD2X6ocfyQUSMaBqhWJkMuj2WGLzH+
wQ7bQi8HaksUHeJOenK5yDBxUcmCXcSRAtSG+o+0wHnJaiLCqBBv6qlNCyTW
awSOcE2LO9Xq93e6wSYGg5cRIiZjNh32r9zCuu1inuehL8MJFF/SrQkG1gq4
FlbqkgPjGgmGvpSQL6MjzPdc+KO+OcpbpVpayT7BdLgiW+AMqlyc1IpJ5U1e
lg4Xu/U6xEh6SUh1Y+4KKs/WzhfYAkQlDzg1jLf4QK7Nq5jZu1oXfrHmEh/n
jqAeDtausKMHPXkYn2OkOD1RtaS2fMf8ZTi67F1KoEVdlU/W3qJF1VyAam3b
5Ej60rYkLDZgmxlsthn2yWbuKrOnMDnVMHCJieuhJsVcsAFrzvV3+qLmAboA
mzdo6X1Z0GgOXqnFjFRmfBMA1C/ZuELcw3pbcnEHAphXccICwcZkucQjWqCP
dulwuh59F5tsCFhGOFNZmUveXO8595X9dR17NBqo5975f9UgJRusrfCwT1Kg
ZIhXv39/2CL5MBL0IAq+dPVaQXs57HwYOT7iSXaaRk7BFdeBwlJ2aoOlKxcz
zi1HoZym0c2PnPQw/d9BxErkGZWDUARL2Von5u2J1Y5odAMu7bSj6AuvHRFj
2ppfiHZUd2pH0TBHoBqNk9U4uWIFyY/zI+1Bv2KE/lhRiNqtzm6l8dA2oc49
xUHP5CSO+mXuyKKQxGoejTSioZ6ybpaQ1iK9M4t4LNVfTueUokwairTI5Dti
0HCl9Bz0HLf8vP4RNvhHepI2YnYBvCSbyfsDdq09uvWV3QOw64XC9pzBmRsp
7A6ze3zHAMQje8HnQ4VkfYje/lFV8IKtKr0mZ/ShbkaEg4TrIaMZ8blbbHTQ
Ho3Z68FBLCcwqpf4In6e+sXuKlHAuhmBU8V0r1TzktDHDQqYw89AHterg3n7
1XdAcmLsAp1XjiqsQ5ryc3niKWGxZUuZNmq2gXxFv0ss1VyNDirbPuH/Oq0K
oxxwkCWtTXICMX1f6XTLBk+4uEdYQsDb2U1PFPWJJxpKC1Ry6sagZaJWtefI
qu9F4w3lyVU9kbAr6TOuG6tmVR7oUsiwa+q4gLd0oMROsSGSxMY0wtqOV8Vt
FfOo0ZXCbtr8yR5Ac3WTd0utKF2aFMJrRBB1nqw09mJJux8OLnhchOBrdSF2
n5soHt3xFmmbtSusUn446EJGpeURt9YBemIYnZJAe+QYEOu99VsZrXBMo8Rq
yUvnpmxHVD1WatbWn7mZGpcjzbPAosD17ZPJZCIJpXiEOHvT5ClvFMV4nu1L
5UedvX8pI2h3eYkYxHjPXazHmWPIOspqySkTlBeWVSbVyuVWXpfVWzWwHNyS
9AOiUNJugUYQ1mN5761Ox4RvJMFUe5Q9kyAePvrEII05L+jhcB9YJz6wdARM
Ef+G/4w6VFeYxyVWFlMgzKA1jROH5DT2idc+PsHEjbVnZcMfspmnXjGqLOAc
OnIoixrKgojqkNC2x/JcZCf6YgUyryOdOEA6W2NiF4FtNvutGM9EatioLS+0
+btkKQh0U7vz+83TkpxGF4uM6u3F3AnxUrtitCiPdYVhbjoTRd01enlhhW+2
7ByZpsbpXLV3jugQJlOSXvjqVMpNF0SwVLCN4f0qr98StboWZB+DJ8A9EJQK
eDDpw0UXrQNC3PrLu1inwRonW8DjQdX0wZ32rfB3hgoY9DK4CwKXYti1g/qz
oUWnDJoRIslFKAe4m9ROtvNQFFDWZ3h1/JzT6g9E9DsxEkYSrzshWWdFRddI
5PJQ/7sBRZJqU+nuUbaBPo8IFzhzWGtAOSPpmqaheyednWvSk4BsjYWyvyM1
Rb8jUwL5yRm3QACqeEiuC+e9lgMsygmpd0QZC314Qn6OiVME8VhvN+zBA3ap
p2zqeD1T8c3SABzCNzTVi8ymBf96nhdLoyu2zkjulxZRSKSDdPdYlheln4uB
xLGPpMm8Kt9KC6XDD0aL86wozNNy3g4kRDzZcFlzaYurCjlhy5rN6UEGOXhn
LFlLwsSGaUqSPa/TvU8DYuxPYmGrsqS0fufHCU8KBZ+yM5l/lH6lB8jjOY6f
BUuiWheQZUTr4s5L1dhpql1NCT7uBxQDo7xughYkRyaPz6X8hbMhKHeW8hjS
Qu4iSvI5C1y9sB0DpMmjH87PH59JyQN2+EMMoC9/8eAXHz6gxsL//ur4iwfk
a2K8ggRF6EcoSa64Ar1U4VnIMXB6vdv8aOM6tp9Se9HTxCfHwB2c4EGs/o0Y
WnjFDjJ5sciY0Rsu/6rUlFCeDmF2mHjkDcIudpjha/xxoc5A6Ipqx4a+tAU6
Nj1WChgm7NU9IHfEd2hKOjqll5whDHZLJto57C15KoNIAS2o1etDCAYqVLUK
6jWjTwb1OsbUEM2+3qYbyviF0Vey2xSel93GXOFgbzFnWyVh1z6qhtAmFW+G
vL/D22kQyyY+t2IAunyFnhVMixlzXZNhhqxh3ay1xqbbEYnVbn2wnUh4QBtI
647UNtOgU3OpMrDGCzEvMHckSPNF8gHj+v/3VGvqr7i/d6qVtD7FwSQomUoI
bUBGtRpiAiu4u2NhZfl25EDrabW+DSyjNvlsHarUwhyrbBnXY3ARUFc2zx1r
Bfr0mDZ1k/Hy0oVSJAXGxFZsdpzjaagG+CWzTC2BsVPxuLpcFULCXUGPGT0d
PKKbIIVgGs2UjPqEirjG+sfkFFskUH7lEwaqd/NA8z14qyBRVgl12da+I/Dp
PLfbZqpvlibvpTNj2lWUwd/P0On2hAh+t6Uqs8gtKfDYnNvEIrWeHt7UA80p
fd4VWT0ac+lLjOCOorwd6ja54RgE3ZhTGHHzYANyhtdy2W1RPiGbu8mzp6+e
SdFlVmlEuG6xr1BV7StIHGuNlWwO5rNJQx4OgRACGlW2ptikkPu4ENbnFrFW
fc6AgW+Lr4WibsVzp7Io12ftJluIfUpyy7lh467WRHQ9YFYHlTKXUhope4BE
y5fHW9ouKzZW7Q3MMtpelAdPrUX4gay29TRaL12JloFHx6VpLs1OJyEj0S/Y
8jKUHva9M7FL4SzPVJB6kxKEY5ehKaTPiDh0ukcMhxZhHX4YCTiBpB8e3ZyJ
HsQQO07KquTsNxb3iMXqu6D2z56VWVuDc3awqTfm0vjh6EIuVtnibdA6a7Ys
N9ShTvFLsPuLGW6esYwkcL2l6cED/OL1ZJ3Os7Uo259/9Yv76NH3Ce8e2ZI9
3UARplvtqfyacvvyVlWLDHmMQ77BI0d/ScKzNYOpfY818UcKEKBJhfz0mNON
MeWWcI14CXYFo2RIMyLYUewnb1husEFD7FeCCkO8rwI+eLtR9EM8RLPXVCVD
3lwQFmjgGBvoBLvpgGGSeNxU9UsK7OF6u4KlgDpmsULbCM9dQMhR2AZ3/vj+
p5/LYbamX7Nrx/T/oYWQpoEdwZuZaFL4FHobBLiTfN4kY9iRyb0DyAm9VKA+
gnMwvhqXuGhGJ2mLmRqKMzvBCjOsZYtWyzNwi1AVQCtMPJKmh5lyC02LpfhI
HS4k26HUlNIhVHJNQ9uLULsiB5eOEvS3xIsBWprxkdkFqgbQgYLDUJBUu6sL
DNIY0NF7ewvXwyH81JfduWNMDZ+o3pMaiwV43vJwRaudCQGo2YSpBCvJ3vmo
hPKxd9p1eJXbSSfLKr0uvIhrIRP0ztcn31JsTCNdTkaK2/FQM2RXZM4AnefG
d+zyY880nBipYtzhRZvkaO8gpXu8MmK1ht6KMD5lkkQQsOc0+fvf/vb3v/3H
v//n/0kubXbu3Nu+XdRfgoDbZL9MavzPBOtovhmKLxsBLqhx0N//03/H8MA1
jI73YTR4mPCA/wMG5BZpQO73UgHHQxr7Q/f2/DshMthG7HD6x8EZDv+3/8Jz
841WB4+SxM/ZNUdl9KFXUXQzAPXXrrcrg7GSSsmKL8/DcR7esAacW8/UDs0M
T0kmJPZZFLZM0ctJdEkyZPaQAqBNX6mTC8vFJWW2P5n0nadeJa46ta2hk4NY
m6bl3vdJtAKzeOiCpaa5vUt0kTQ0bQOPLgQWI1QRK6BKvd1mo72RUo4ot9rv
yumss0ehYzvdVwxN68dOvVcmhuUW9NikK0rz4X/vXXz8cXdRwUnsdfzX/5Yc
LTN6Dd/HJ8nPu+DtG/6b5B92xb9Leu740+Tf/pL/5qZL/l3v3Ppm9rT5uPv9
m595v026RJiY4S17m6kQvcV3dY2wyYplpBZJYxa44e2kBlf0AKsJ3Kh8b4xy
iOynt1mOHYbUuQMtKnN9XIqMUQet2fVHfgTtDmoqcO3v26WjLscb0SLCDJQx
VzMKelWw+a7Re98ZwCqK0utUNy3no2bal5BDmd6sq7b6T0vP0cIl0Pe1lw9R
j01usjZVEl+W6pu6JS6tipr4LHsrZfNCxMN3dE5PP14GPL6dDHhUJj+UjbCd
3um8v3OghTo1jolh07etRuvjWECErP4AmCMaCZpZ0zdDXOs8XbxFH+OEbKcm
F6gOepnBo1TA8UNVyojMR95pEBUl41+PY9AdqRlFMcZqrwI+YSk5TIOdM5TC
lCMISxtk81Ur7kqGdNyGnsKmvkK1b94mL9F1p60J6Fycs9eEeXbRYZKQEZ0W
NhwhmQG9KaLcnHfm+DtbHF4KiJV/c991DKwG5bfim8CV9yyVsPLgBDNduvpX
VvkShmphS2ATAHkCW7RtM2HfxreVos1z0UilN2FDEdy+9FfNTGfZNxoA9JYe
4vNhszbsL4HdHjD/+B0CPSNDWJbXBUp3/Fs76VEK7wUHnXCPMUMMv+fsR5eK
4Kup2VsjYfgeJYl5j8GNopuDK6YvejZTMzNsxXUKGokc3gGeoOUNHQwhbsGh
KIWGB0jLc+dKcyWc8GBXvacjkprcwLzbh2nMdZ+/DVEl5EDRyLw1ulUYyPvE
ccP/QAFkHqWomenRHVjp0T5JDzhOpVH7/Xim4bLclcDYSyaZQeUmbyb4SYvN
jlr30P6EPmr/ZhrW7sEfWbVJhrLGoQTQsWSm9saPYKUT+md2oom7vaWzKTKj
yzUn9435VXR8oiagaHRuyZ5DEicmClQGPbIpwdGyvjkOUoOZyJ/DJjSHiIB9
Hm73gMr79y3ggbdiehYRoEVlh2jlm+HxkJv1eQXSsQ0BTjAcT15uoHjSegWM
nsjzEYsnemItuIpralshdG4xOWg9uy0nfGuCq0NBoEpVhxc7X6fFWxoqoCfH
kPhnbBWCtn65Z4+3K0uQsNEqxfLmRKMbZDHidee7J5FXNUrDbeJz8tFXeeon
nD7eLT38rnvWIf/+P3D0otyaoixSqF89+z6ZfY3H/i07luFfy/zqW+FQs8U6
rRGoswGtaE6txFrVbDFvkwvOtOFe6FeAG9tgDI7DmNQwDchsod9jb0ZuTOXz
7gmTDOwPBIfdrV3aA2ef0CLqFFNE/0KFoxeMlIb9XGtEB41QFQVATylRCAZH
mSzSLfkmCLBMJ4QXYLlkOdUwig6+/P37s/NzILi62a+zepVlDIKmaLpAEmJM
06WCTZ3etHXJew1RnpC76JfJB7adUUZvHNBfj5sKpLJ7ZqLPkJs5X2fdUXLf
h4aKTNoNFwQs96LBJkXv2jMICmIIOSn8NWa3URmOL6bkBY5dqQ1H2DoGnw7C
XD2LYjYOcGTHHUCy7QKZBdwL3HbqZ2NKgskes/ghKISGDDw7JGBizPuvTXRd
0slTISw3Q60TNrHuCWqV8GtMy5tjAxNNi3JeeRci83Pn6uoFQZ5puTI+YvVU
p5OeE7Lh2sCaU3kEqanau3fWvS8JzxJ9FyxaPQElQz2Goe80TaNTvTWBpTgJ
7BxO+6COGmsyAng5k0iFvCi/gaT5JG4AICLtXtMApEhRgxfdFgxTi0Euw19L
oiuVOKL3xDau7QPnMnCXeR1CgkVOozZCmK0dI7O5F6QsKg55XYgLk/mUEKTb
ZwU8Jnw/yl7aYny0wE3uRJRuJKpHmQi7Sh6Vd0TZskHNRFAUXWWXhHOeUsGL
soUaRgGu+DZDwEpECAaV0TQWl5doQFAmgfvY3vYIIyEKSwnStg3sB7nP2BX4
tqOhnkEsvKD6onjLfG9RoVjVU9DWiQGztJSwRbaS/R21X3aYDeLjxItMhRKS
94HpkXkYVYvuJkI0cFWeutjrHWXChccRs9Yw9UYZUndrA76U0uXFzZTITqbJ
xYzc2MD3JrIgRwK97yZvfLZuxwk93HwJgt63v85DcxJZdTiH/ALkEYqZAG8c
7aNASvg6xw6HnppPXWKVDKdTgyqgBnx4OdR6D66F0j2m1rojcbmwaLTX9jnF
f7J9EsbRzvjDY5R/zA7R1/lrj8PESPEXeqGlIoLVdAXHGP8DKKH3+NFpR5av
dqcLD9z3FHB5Wxb8CuNowrCUAswJrMnr6fc9dQd8A0HQAtlBV3uQkNqmMdOt
4r4S7uqZnC+TbVnjJ2mcPE++2OWOPMuoe6LOwHkFCgZR+84VmEWklhcp8o+x
SMFh4znWs6ahidu5RXsG6xTbDpY8xVF9EkMH06v5qDVx5M87sFnQpsskYRP+
XgeUffiFZGdcAd2k3FzjVcn7kbndEJ+L7ADm/pSL3Dd6TZMuvtysOi9xBMSb
CQzgzsrRuBDENUQ7R5xnPPNFuiDK5P4VkhvcnsbdXsge19kA6dZfV60WkwsD
+p3ILzaw/YZOg+mAJSQRVdgfSrTCDb7FPo3dPCR3s2YnY7oMg+PKmddlcTkh
l5A5SLwLu8IdIWmqZJdiSXPN7j4nc/z0NMmDEA4jC4+ox3R0pYykukmpTsCO
Uoc5W7+4fak9qlFB44LTHdiTqY14Oy3r/Z1Uv5zInkw0tRFMqnO0dNwTWmSq
sXztXY1nWmRrlwrDnWhZZeD5RczYYhxLPajP50W6RHhpLslBWwuNXM5JhifZ
lYMZj4wwrjAuuwqmUWvNkpY6M3wdKqJbAl13toy+jxEnsYcB2f2ko+HtXFIU
kE5W6+sZMHdF+ZHc95TvNMmedw3zZ9gBMYx5s6wt0IuDe8mMJkMW4FLUZGN0
kx1d9wARumqCMPlLQ2mMOc8LoondrQ24OylptQznAAdDhOCgVY9SAi0Y7Yrw
GKVlcyeBXEvL2nlWwKQbJzvrzE0ogMiXKN5TbQCREBL9i27uY3I1OHml2Umn
Eq6403ppTiVsTdAcVqh39IQjXCpYKpjCFNw3o7RcBR3RWK1chRkxf4gvHNt+
WhNn4ZA709fcPfQcWnR31y2ol16obs71XXNleBEqcIft2AcsF9x7B5FB1SbY
3YCcU9wNFI73IhXyCq86lg3CXgkeJuNxLbBQqI5vhynFkpQnX8mI8si8lBpl
vxFDLy8YWMxyBZIK+Pa0IpAY9R38eZdhieTRdZo3WsIXLYaZTboeecQYPkiJ
xgnsIo6eFdJ9hxK9pZNKWCOfBT1IcDSZgs52MqE1KqB15XoemcKYpX+kyv5E
cPMEJXERnQW5gZB4U93BaIt1DrpG3w2V3miPDXRCLbsQDc6kxLd8NBqB6n6r
Czh1vVtdxPy5uu6jXWpzetu6pHdazsTRwA1vsy6aCcVFMw+MZPKog11al5dk
2VcZRlOlCqCqyFlrXi+NPlxI0WyOckhOl+hx/P9MzsgJ0KJEOaeLkWhtpwuQ
5UXkVdGi4/jWUhA4To8wUnEy0YQkGaGP3+roWlJE/NeFVmzoIsS/uQ0XFtee
5tWtshbWNl/repEW2uhamtP4GTBOtXawceqnf8BEVnsChGqt94SmtQ5aazKw
n2rWNx3n2ux5lxgaP4mRkyYWAh9hdTk6BxcERl+XFw0mbGDoQivJ/0KqtdY9
mR8j0w+VMs1bo/Eo8RpHp2IhseDWe26y1ZBTgAwNynjogECKujjNyKJFKrxz
/NWn5BkvdzUizb2xjqi7NcNqF0IUacIhVQLW72ScWmMvswYzemlrDU2w5+yF
HKNr8oaQY3zYM01ry7m/BoVtenNrTWuKujRs6IYdIQ+gD1f7NCFEdfK9ZOwB
dztQOJug5/B7blRL7TW5ESpOmOv2B9Kl4wnS+S3uDMoFcUhxqJgKDnOHh993
G7vixT5MPFLhy3ZiwddR2cNG8jWacsvngNWFZfnWKSCul4b6JISeNbstOTUI
TvijR9l8d3mpKUGvqnI3x6BdWTZs7i31e0oabMLvPwRtEpZXKVWgMhZV6Rxo
HHbBRKbA2xdDvAeGLz1kXoaCEv7e1F0lkZQ8TTa0dEiLH6W2jK7TPGwpfk6i
wCm6KhhtWMbB9ZCxEZZgZnzmEi2JIZEIvNctkBssx3cmZQC3tFYBuZQDNk4g
dqmReUhMjqMD9sSiE9EktOhjkDFZkQJPgl9jd9MAZcvYkIeCAb5UJqoSVp21
G2mS3V86Zc/tZedsa18ML/JeDdmBdhh6Xk48RVeMsytuufO65VEQCbFBPv/8
+LsXLoCUHD2UFErCHnUplCO4G+7pDwjA6v6FoKvuH4PB+/fVxQL/MVHC/PDB
5YaK0YzFRej1dZejbbTXi1W2yUIYAHkLJpJSBbhEnllBq/1qpkG7arTU1LBI
uHe8LNpdA+eztTmkSZhDmnpQAQn+S6ok6aZUO2zI1+x9R1o0+YS1wrEjKBS1
akDjp1ZgbpU4gb/BwAybBopEqjYS21o62HhnARgz9jIBw4Qb4HGzHqJVbTRL
VRBgKlGF3kTA+SZy4qstHo0+5QoGuh/DuemjcH+0tqT17ET75pHvbtDKUyza
VBx1gvGvJX7XfrzdAma+Z4gPyjH0BSzcI5KZpUdsvhFD42kj0EsYxJsgI4JX
9OTCkurI/WRRpEgLdLJOu1IiJZWIkEO4hxxOWd1vh1rS2Hy8mZDDPdyqBw9m
MoD8Pk7XhNk1uyY7VMfnzDLJ7BOP6M3r/6V6Z8aK+t9el4ck7tiRKcOMRCWT
PrsKlcTV9htKciLopkJzLHtXQ1IWZ5NvYOLkUqXZLFY5YVZ9J5qWM1QcxShi
ggj5TpC71p38aUWHtyp0evgPL3Q6CwqdAirqqXD6IxUn3lgdFVVBPU76yqCe
JIfroCi8njUaSnU46nw0rd1XxFO6uB30VVNtHeUZPZxJQ54W4VjQ4t4bOCYw
cOasXLBxxrW9Ae2eJNHdxDEpNXv2iIDWheY6OjAh94Axud0o38PD10YugptM
Ueo/HkmIHD2dUU8duUQNNYkOr504XnxMkbpEBzgqXSdgqqMnXjQFbPyNdKfi
3hig+teZqcfIlqEE7nrL2Ar0Tkke9B/3cjzX/k03ZSQdCjvMMQr61hlFHoaf
THhySBEBcg+MhABAwmqQwBRND/FiOfojd6xi+ClXoszukaoN9FVrt+7WwYuC
Sgd1p/fO4K7lnMQ0dTKPZgQ6/QxsEwb6UVQxRqQREL1Ge19E6PaEM9LVC4nw
RQrVrCJwf/+rqEcANh3gAjlX2F+bVKjA7uzNQDqU9+tOYOQwF039Yt1g8JXe
IlbVT9nMJPn6nyYTOL/kMWgiZXUi0VdeusNNcrC1nNY/BysiQxBfsFdIc9F1
1ngyCtPhU+IF1WOaEHfz2dKK9qHRbC5eAUXe4UjLnRXnISxL27YkK+AYFeh5
b2sY9mktDgwyF7A+VRqnka72NsuonmXD+8hA9DLj9ix/lSSTybcePr6/CCmo
06aUj0iBF49KIfDjgrPQ7i/W0/tE8lKsrse+TNu67Bbv7YA9x5NQvam4UCc2
3ehWeI7a8PjAYqiuBO6Bm/ascwFa00R3eN9zdSkrBeNGtrWXhy62mLTK6aL+
e1z/5UpiXdl7H3cznBQvmYameottnTeFA+IHGiVEOx+ER2KnfVBhZNGqhJGJ
7UcjdVxUyxdrh97uBiUY86ZCME0TevCBgil3wGww/5gca4hhiP6qBjYLgS2j
TN67dYgLrNkWCHwLtBC6QQpbwQUPrblHX0kpNrhKQoqRBBf2aAm62d3aQLib
zMNWk/i41WEr/bMlGQ2giNFDntORnpOLoQ70DTrsCTsfEACLnyQkG1e4q86E
pYGecncoyA8XUzHf+Mb3t2n2KyJV6l37kkadMiHmUMEOrivl3ng9ZCEu4gGP
ojvk5eOz58+ePf7h0eNHODPnHWHPn+DfuZ/WLKmQ84qGSNugS0av6zq9pv0n
LCPXB31blhVHyIPaW8L0Indc0XigRk5Dkt5cnuSM4G7VdHJphwkwOT8mNaNC
0qtFhNg10W7p7tHVwxjLizLnNqfoxMGfcCJ3sBnqKXBc5/37kGAovQiuCZOx
ZhkNwgQS7wwTVYLcxKKOij6wYzxjhq/sTTxnDTpKEepWR32TWI9XEPziNoQZ
w+Ly9HrfZYprQ7dYCI+I0Rnciciw0J7m24n7jGobi7UrvTnUx1M7h39MZ1pk
vUExhp8NByZ9uzyfYX6TbEyVE/Z0K2XmdGbOJRiR3NI+nUcF6BtJK+8ClxLs
AYnifODgJEWMUkwMu/YNJk3EW7oomIwCmpCmPBGNUjxR7jJPkiukCATd+Xyc
e7s7411aBciQbcQ7FTKf3z6l7w037hOY7oY9wpzQIHJUYmzYw9Y5nX13pLRi
e3+GnnSUGzPWm2HDXO8fK6xj4yv0bJF1RKbRkST87hk0w/nb6AnQHi9IbSG1
/bR3lLGZFswZczT34kF2DDjSjdy9+ASsf2mdONX1uV6lElGUnoyIsdw74kUo
W8e+I6Pwz7DnsWsCmwKdaWaDNESNamIcEIn0GqOD8fmrdBtxf4Li5JrB4Tsa
2kiAWJal7YWiFhhO8WgpvGB5hO1BTCr5TuOSs4eLRZwFw6nY5s6waYKAvzQJ
LHZMTDafIyHhch578IvppzgthH389AHDtlPjI9/UCQFg7EHSyTLPnnFLCF+p
dkDHUOkSRvbJ5+cVQZPtG3ZthJ//8/Tz+78IEPL/WaLnwtw6H6qTf6bz/v1w
xMozhfwxMR/YWe7ytCSBLTW3SZtQs9erk4XDZolvUm+7058x92lbkdnczbHH
Ei7BLmwagMbGcy4jRCfBrWhFU/dMRH+ZBr5qj3+H15bJMS/+xHzENeo0PWrE
acbyIPuhZDoLmx/2fomxOOH+Rcn00dEEMW4R3TvckTKecWIIbixUxc0R0V38
o1BzZ2PEU6IyJVDcAp9f4znbWHKRySpxuz3jvZ4FvZe7+QfLbduXOWB22thw
GbesXHGzY3mRBWQAjmT78ulUYml9I9ajHAh3JZB/GO2LM+U7IKTZBNIXBSzI
ewxZpJH0Ol2vPd23xGqkFHxAprFabIFjOI58FtlbL0oQqQqVauKwUr8cmWeT
LT3OIwunmDlQCANcLdednhA1N8o6F+T1IdXjDPUPXCD+Q3DE4c+sWYx8zcbF
ruAtb3GqxucjSWZcVz/fse2tWOzW6xmvBDul/7SFBOVZUuEsM6PQdfcbJYcJ
D2ZellgW79KZWP/EYVwP6WLfK88Y/3SdZ1cSKA8wBmHLSOBdCOahgxpH0eqq
WF21fOjBHvtUK1/Rrwgm3PQTBz/6rrz23bWkNS6TsNOz3UA5sVZKSySkVlY6
zEt/ybnIOSfLhWX8aJmJ9YnT4AaFM9BnstmILl5WkGeZVIFc3QkW3AvlNdac
Sk7fvZ7KobBi1dU3GQu3jVFWS49LgY4kXcnki/UnaPlEPUE7CdqiRTpEB+LW
KPYVOKTbmrIKXMZ7bTELzNR8QOKEYtCcfW4xL56hqxWDdByVkqmFNqnPsLa/
F7yUcIB4wqaE0mH0LrlMrm/f6B4qjL9AhrzAMHqWhMrWl7e1MGjaLuECiwxM
BoLYiU0dVGYmLtM+ba3QCnhjrjlV4oOR8Uai+wdukuSH5faYQrn4f8D/x8qQ
KKeGGh8zEY044HsbCU+te4Evsoky51gOp0B6Aa89iFUP6PQdkyFg+AFfYBXe
Z9yqbrZeoqEx4+7Smy1cZWN40FrHzF7UBJHf/3wNgsfBZbAxY/lHpMkfT4+n
D25HXqMTdyJu+MU2bEAMyoh5yiszOl3kdrIvAz+MfKKD0GbZhWiiNe0KGaRe
N8PtdIcqlRFi9DEHHxIGPX4/7DCkkmjPh+EtGCYz/CUDfeOvEQQn4AtlAHsV
btEppzqbITBjB4Rw1RxkDXyYTC5+cwoCqag1M57J0HGZ3lSSG/C8ZscOeGu9
nOBKAmyiYK2cDKWP4YKDp2gHRv/mSrDRy93Bt/Vhe4lb1R/+MuvLzrOmy7sn
IZB2l/SuSSBxU7RNaVs5jq6sg+noVzjlx6CPJEf5Ye4z+ofPmOJ09jqKLunu
NKl8Y68tx18QO3Q/cliqPnmITkeI2ht65obTRqmG+iPq+7xV7IiaoJsZM+k5
FrcUyAY3neD9XSqzrM3tryTwS55JqBnbLNkQAcl71EZm6uftqeOuwh8/FuWP
kfExC0UEKumhZGjdl9pfmDqgpX+wsFBShR/Q3nvWHgoUfQSl3lXE7lpj2G25
YTBPT6OYh7L04GdFhPwD9sEMEW0DlhAgxi+qctWSViJhPnQM+RZPwI7G5E1s
CDVhODv5X/91NkyOuOnHolyjAXf/3aenIzGEOWOTv663mG4NXz+4P5LqAmRc
wbKDpQx9CHh4Gy4os7/RtaE//jfwbMRb/A9ybHgfK6XB4CVy7A+9ynQHrYo2
IgU3I2QvxtNiTGKC4LiNkNDup9TzZZmh7zHqOU6GU+VKs8hKMf0gev2bomWf
3sJWsDkjZMO8vxMKbA6gePe2swzZYchYE/040dZXjul93Trq2NyDjJNmyE6U
/qJUf8FoaWRIweFQRYw2pS6Wrp86DjdFUBrpWqcRjKaSukr3W4cy4T2dvqUO
TBorr2R4AvGjDRB/ioWIbOFfGrBqDvFRnxqqwrohM/cmjUr7Tbp7RgFjC/7e
e9ZYe0K4WnG5nnh2WscbJYTg2f3haHi2QCcUSJ1F9mtFlyyyZgjM5mgoBV74
xKvVrqqX6f4uJ6DCxg9Hf5yJh/ygDczr0KoOyT3LlopbnteSIhzmifrxfqkI
mt+8fvVk8tVg8BR/VbzFyJ94a+q3uaZvZFxIQ+myb8SVAxZn9nEv+WXSAb+K
EFq0HxiWiHdjcLY4SVrb+BGTDfFq++rPGlew5ptjMqalzk14GkxHGJptTmXJ
3BMdnNafQW+wAU2XcEQNqmw4Kjxb81MVz3Gcuic6/YQwqTFJZpGZZsCkz5Ht
Rv6HWWdC9aw/5M3893q1xwJtwy5C6vcIWe3oRbAvjdmMj2bClEUY8WCyhhhk
68ZBWmCslNW3yRGTDh2gDjiNofjMbyx4b7fVNpoOnkqWJm700tU0On5BAeeb
pAG9c74uF9R/mCphsbpuk2sTdVMd2RUD4O2vWUJw0pWgtzJeqwKtEoqexQBq
Y7gSx70JxlVYudjGdFV8kaXvpuVdhjoRohhsXU5A+rAzf96BDBH0dpf/Ktgd
IiHJFR3s6e1ELFXgYoiNfLGCd4uZRtxcjaN/KBtzPoC6zjZzwcqkI9BuPqYd
SosAOLZIBERA7Fk1hxWDvfQ1zN7vvEjPnbDxLCy39cci+6RxxPhzi/XLnSIQ
w3wtjc45b9PwKQfeixnxAjOmkXeNH5tIOOVSYdGhpw9fkIbkJAh31f+R5LeU
5J3e8J8uyHG4lhz/Gj/99mu8s99+3eTNOvv263v6X/6UqGDw9fbbW4jRr+9t
4dF79JOv6Y3ffowa0DHFHi3g9vMG0k+IT30zvIkzDXGZcPE+WsWAZVf4Yrxm
P3en/o/oPyj67yTnTbadzPcTEJxb124MrbinzlvbL9B9MRcljVoxyB1hasK3
7Nf+0mLPLND1qsy6QE6AH2BVtdSob6scwyz5X+AoTbhQc6Aq3hxtTilv7ggJ
UoD1lUjHnAojONf6bcYbmC7gGDF5WMALFGHOYYoRJzbSluEOJPvbpCbZ1i6o
F5iKZkZ40fxlB9RLmeLyWthGQth0hyqh8q0rso7mwRIO6BhkisKVyVn0o2wE
KbCUC43WLWaducTlsYhrHh9hUzZY1G4pyAlyDiSGNEH3DjPjgJoF692U/RNU
gi+AgTlfoLZB6KOu6FrTEufZGiPXrQtNEJs+BY9yMbAEn3YoSPlpbA4aVmIY
AE9bPUzqB6Hz5h6JjKFEycXUUlXgglFfogA7uhVR6NVhYcw3nLufNk736ddm
oh9E3/Jvb1A9SYdFnn4rbRP9Ybm4HZxSE7UriLecfvXUc4PWhOSkOOuViqZi
tcktlywWwtA7PYAaQ76+gLvXbLJgTGyCY5J/SjEiXUFA2OLkQLzLtbbRBLJP
YE8/6Qgmx8iRUTa44PC6Zs/cOR37EdPZXyBiPF0l36MIBCG8GqN4p/qshuNr
14+IWlBkhGS/5Mw8ySMV1krwI5uc8Do9yL+tX3GGRcDWFbHhEGSPRvitnR5C
mWsEIt6sdnZn6uzEiGqddosvl6TOE9k9nMSMy8I9dhBVFWSIPLIEsZF2UZy0
lcNYo5HVm/xdtuTz9x8KpB36JoAhIRyDAux1rWzsO1zh5s21Uog05POfkfRA
3ZBd5gMjp0h7agIabhSWD56pV60rQfEkZsVOU6gD1O6wCd1NV47LcawuKteO
yzDESKXqdazeIY7Ore9o30l9OehFIBlIXlS/FKPj0IIlkygASvd5XD02Rx4U
wfjsEFUWfNVQgIePdvKyxFpKwsNHBwYKLop6qOfW3QF3Tm3YSrYxCUOsVtxe
1RiQKv3ceGrXtkMnPmDMNOqH1bhqulYg23IxLRjWzUSb3JSFmFqS2176CJzN
Z/q0a8+Tl4p9gtOStEFbmEOlX/zIh6h1woIDiWmY71fclO23q7XTGVcSc4Jg
0AitWKpjn/MTSU1swfDvpHekJM+hqc4L2QsKScjgSalE7s6XnAzMG9MnMZaC
0skUXqeusIi9C8b/5FAT7JZwXYXdI964JRMgulJseMjqX6s2JpbQXlqra0J7
keWbTE39GEcR+KIqsp5PMZKVDyVZPRAzBTF8TWxI8VUwGQ4Z2gl9hTsN0u0q
5z6PAYZbBxqU/sRESlzO596dM99W6S0oTQXVCXJNNZtI1XvBLSP48+9lYN+T
ucVUXnJfGUvhyBJNlJ6acxaKNGHraz67nSBw1VrKVhw1OIFD+2l2zJ+S+g1F
LaAsDhYAzMQmu21IS+SCQ0Zb7dhQ7O/P8TsO3jMIe4zB60gpbC2pDfXcDLmF
LUnfznaxYckuGiGUprqmdGiuyrVyV3x1sEJaKilZHGDtaDgZoBxHionHCsRF
mNwJX8q5KLe5Nca5L5Dfe+lH7AgvULJETjGzMbVNR27eo168QiklxNcpZbeT
ZNMWtVv4+bZjW+TABjnZrvb9kHq7IeOx39xcVIZxnMfiTVocu6hhlU2I6f79
siRVTFmJ22XYnudI3ytgzHADYRrjRLBTqXgUlAvOyE5rbbZxYluot3trBJ2e
nIbry5Apdg7zNaDX7WE6F9EheNoQv3gZuThwvb/FxtytbZ8pvFfUciy+vXGF
KMkDKja38JkthOCIaFjBVuRCgoy6Lg7XMzhYYzs2TJo903hOVKLubPHvzl6I
q1dCR2KqK66joHxrx5AbBt8VMnzXaqps4iGw41HE49S+bOL2WLKPThiV6ZDS
KWkRiF8FE0nXV1RWp1BohXh+3DH3XsN1uXBG08G2h/FFNP10ac9gRm6XJNfN
19eTptmsshig8SecjHuJC/ik9Y1DS2mBcNzOF7guakTb7H5iCaQEBXcBOIax
47y53BJyKqX50P3uSzVOUNoD6tdEPCuEaUNl6Gz1EeuYyAXXrpgaFbsuqaZA
3dcayxMfGIzxkLxg15l7If52t0VUUfZiae0bFZcUy3XGfYMIJp+znjJbF9pB
t6YfZEcYVXbH6pfU4Ut8nx7gxCEAH7z6bNYQMg2qg2vSSPFNplNM+94FwX51
mlutNk6nFKWYXuFumTXOXDUWnIhHXSUyC9Iyo/qbzMiUwCi/UjPa9TSCXxNI
p/k3VhK4y7dabOP6RTQhuCrE1pRpyXL72rrMUG1XfArWar5uJnkRlmOZfNKo
MY1xNqdSHZ6Yx3lGruzT05Ekv6mo65gbKkmmm4D7pVYPLRBpZIkWXhe8TDtB
1Nnrrltkud2ttbtKV828g36lRjdgZjUrxrSX0J/fH3Uoc6NSpA9GPJRSIkUd
Q9chM0TYrKqsa7VFqU5Hs96SpC3R3Ya6V4ZdeWtrISJx+wZXdOU9G/biwB9S
51DDKZkdwLRZ+R1zYEU5QpFkW0TMoObRhuYP1yG6uIhChb/NOe3NGuV8j/RJ
r2FLxUwdVczYG3KkFTCyOC5wdTPFZNvO+peO1O4oRbtV3alpm5qD2ZPVTOlL
rnuCyJkYFqdPueOjQYdtbTIjqYzg8TsEGm8M+BJloV84MTRzqeC8rLbQyXgI
BM2R6/jhgysGgqtnhuIwZRc2QKjEKlEd2ZmMZnZUQYr6KSPST0dhwq1Nqg3m
fGKy9n0hjjzGkzDJzS9ZiOiTtHXk/4k2grxjfhVHRKvd7TQYQdyHZKNDH7lN
wS82qeb1w19bgrbqMAJ6EorRDmKjONUMbUV/E7+KPE9J5DJpfQ9tSi4NCCjj
ftS5wR7LvXerNd9/t25cckjXDOK8dHjF8fjq2J9i63iooOqYU+tXUWp9/NbZ
1bGr2OCAEi8hmXyb6GNkcLuNN6nU7BpDyc23x52NBNuQvWvh7uwIz2MMK/sx
L2DyXCHqf0NwcdiPoBIWIV/8IfjdH+E553v2z/K3szhHkrqvLbM0UaZCKNba
NZcbKzhMpbbYmEYaA6iRJANr9kuvbL/sLdgyTkaqCYunel0GsCouMnZNgFUd
mQdOZ68tVpyWppjbhfN1OtkRiAbfV/6i3fvVJotTmSzr+q7EXoXewoLVpZh7
PUGDSfW8nFtRsKoSRPWJAXRbPNRcTFRXG5NWaHlvzYvmgWbZCnGtDBqm3GrZ
GgHH0qr3qTl5bgvNMFjaVtK+gdpBYXI4OpLVMSkl+GFXTLRf613bD+Bbcj+a
aRm9wtNhC+P8ivpLtjUT9gxomyLUcOZZNLTpU46eJFVAmFjR+PRtjvxWwvR9
6bTvIkMmtjQf6D4ZitwRwAvQxDlnjqIPjbwiB+YnXdXhAO+hx+NsEZvJXW1M
4hp2amhkn7MwU9z1BRQhNNlu49r3kZHUKH1WKQ5iGV5Vepl5T8ONPIFaklTb
0vksYLhixw03NOrLqZ8aviDFgeXZ5a4SnzzZbzW3FvS8IaWoMlk5810FV9k6
x5/57urOC66O767O6+K1tHj4UR/dszCbxPi8FoTZBSxKkzmMNx+1ZHERk8lE
hO3uDParR3f6E/L07bb8WY9XDH5dbn0nYfIxsLBQV1qbsI7EFmb6WEl+6JDn
BuMMR7JwX5qOmSs9eCNtP3Fg6CzRDJZCrQtBXbwwvucQ06TTsWEDJ1wtRFRh
XdCxn59BvIEqLplwL7Fys3HJDG8lzfUZrLas9kDiTW2qQW3loe92hnf3FDMD
cbcelnPX14MphGLbq8BZDA9pyNESKR0JZYPQ2++yBzJsUacqegyreWRWPYo8
P9zaBF+Kkd/ajG8Rl8R25NnL+eWc3RR1otDLaNpKdIWMa6WGHGE51RAkD2PO
3ZwoldghPGlMhwMdYS6GOsTM9lBY9nXfWWP8n+2LV9z2Hi40k9mE0n0nOUoT
+kYza9owG+vsEs4GW5NRTyzNSZEBcZ84edLlwpHb1AGeeL9SYvC/rWUv0UjU
hchQl3wIJ1vbUwJ2wFJH9JZHv336bOKwG4AfFKKBwxgMpoe/8gxI242PVVPP
3mkrckpCcY3JtR9OGHJepcYixoWus+WlZnOkEk8OPe22a1PaOL4WaB7XN22j
70tD81c/UWsg1+DbtbPvW994MGisNMcsUObOBLLGjXVVwhokxyi+49WIDrZz
rjcg42Yfnd1bunEN/aRYFcFJUZfHvdfBWxFclxLMiZlBvR6S7ET1jX4sN+nv
aDJSKk1D4L2I273r/vFNkCkabaOTihdg41ZSpFIEgGpiVIJQnp2+PJuc7vCQ
GsnzAv0Rzaba5ST+CuHlvzj+ktA8q9Zt0MfgqS8+/fILfCqKPp4rLct6SAih
/JtsshSNzItdnMPMd9QxBAztuP5YcKYEe0SwsZz5yXrGM9uHMhjvJPkePpt8
Qis/rRYrPKDJaTPQIIPzQ3JzVPisIjqKmzTjs0EPV4l8oKrJ6UqxuCeWI0hO
M5rFjKgtfzeKxAxDWtIjMsWZ++BcO0j7j14XdfvDp0v/93fZeuv/9aJEqBH4
l1n+jHM0XM7xuJeW/JU2zG2+F+xQgWNqSun+Kt5NSWtxc0eV93fYOEunkPyO
Id+9YoxTxX/hf8GgvygZNSzqfCZGQX1zUwfXX1SbrbZWl7exvZ1MZRVDkpQ5
JZ2drITRFRAOhfc3zIC7SCdifb55w8YCnoEd1MNJRzF72zs4cTdxEtaPWZN5
vCilz+fjq3K9YzxB5Hii6WTue42scd0yWCyYk1UzICzuRXWFgMn4b9fjkAqm
0Mmbt1ztmjeCWUWspQaJpZgZKYCkwvtEs4R/vZPcvGwNq6nKAt3BOFVkYzQo
9cwuskZVTIuo7fJZHXJ3U5ZSPZ3J50HXcG2D3nTuCarfro2BBFnB1FuXe3ER
U5974IGk2CHuVV5XO6mRJ0UnUwe7hulUoovtWGWK9MqVCiw8WJJIDqTU3Xm5
TXadC6bxVKm5CZfiq40Lty1tFqvpIRzrOgtf6ZHFKGKJyLaUsU4903eXlyzz
+HqL92gvigASZsNeBkyoWbFxtePc7OQRSJ1tf9kI2oBLeSRKLp/oFlKu3/4W
CGy+SrTLhtDm7h3aALcX59Pg+kdpUUG5o3H9oq0yYf4OlAWSKcXGIywjJBEn
+NnIezYM1wiL+g4i1cGGPnZ7ze9ZSSsMbn6DU+kubKld+1NugVR20KQzqarM
1R8WJXu2qWkdp+Oy6tx3mp3tiE+BhICNkHl3jc0p98ws+ubqFExtMgnUh+dQ
r3gLaaFSO4N5PRLj7lgTCg7JyaduKeNWEQqrVLViCCmYma+ODKA0fRzYAydy
Ps9FCkpTQsDdOCBx61VaYYe8Zab4hvyDcbJHepCcMjT7OMBfGfOlYGxn3O2a
ON5rUNDW4UqoYTXLDd4xLe6hoNna6bB5FRoYqh46UH8lB8dQa2mnlCbbjCJY
bRB6llobBnJEp7zunEWUPNWpGCRMOmmH6LjS3pbesdwtyR1N+Iw9E44OdW1j
cXPWP4U159QFwHdS7EMuNK0N+OyF3YIS8Y5ycLFHKWjL3JGbrXZepqihqNuf
bubIWnd18khI42CwtDUZejEqOBegL5mALpxYfWPehGuo6RyW0oCBQh0SLeJU
LPKNSyofCzgObmoXx5m0I2UsR70GQu4TeBKTV5xbXerEmtDUxlCTNv413RCO
OINDXRs9LFN9knlNqbVYew/6gKOgylhR1JJZW7LAdCiMite1o6NXSvbXOpXw
A1440HQERNNVy1GyYBoI+nRD0QLK/29SbLUngiLOc/a5J+u0usSXLMvCpjFG
SxEzKvxUW2PtavmApHNwV0gTobRwLIJctMpBqbNlSWgwmiXA+JwYjGPu4JQn
hyqrLeSxdot7adIrSE3ylhirIBwIYARw8YnTEqIrTRxxTX7/HfDyBUxFq9t1
J6eDZ1Qy8OpUfAMl9fdYppIJBGvnnl7G6vbdcsRBEvnRYLmE1sDuUqCiupXW
ks53lJSBd3ubbjZ7WqdTnwK9zVC4XKYN3Lx6o4YgdxdIWXtgGF1ObK04XBSv
zadq8VEEJaNpZVlWRDCwWeHwyImF4HH95Kl1XEgFFGVHck3D22gyR74hDIY+
R9bBADODh2s5hrklJj1tuop0g81dQHqR1KG04SbwnPQ3xaSMLVyIwgGxhhPG
ZyXZzNhE7v7qAeBSKFCORdbo2ESfAV6YAoe63HF+OxWPLnDb2DNuclEo74c2
Qe4haJ+LHZkrQAEv8ZYwBA0c1Badt8wr4Aq782nN/XJdzoE0zZ4z9DSo2Ot1
VlxyvQJ1WyabqyyxzoXF4wZvgGf4KbX2RUkK93IBvBzjZ1pU62Qivf8CDFQL
I8G6OwkmkbCi4mOYAV3U/pK4ez8OaGLMmQU5aDFU68A7DGPBuWhJTQFbsECA
Cjhf3FOWTsh804DnzA39rhVYmF2ZhusA03ESFfRcH+iwe0m/tcU/eQE27hWr
TViRJxJF1p4thTnRi2lqNEKAoj0WTzOcYSG/3yRH1Lzb6+Y8BfwxqaGF07S8
+UBOHe2Cx+7dQEVge408AHiC/w93b7LruJqli80J5DtsRwJVEVd7h6heiqzM
C1KkJKrvu7qFCoqkKEoUSbERJZ3Mgkc2PK8788Azw4CHF34A3zfJJ/HfspG0
94kT1VyUs+ogIiSKf7/+1XzrW4ltFXhJqgDE27GJ8WuoqHsyLR4asDDKp9xt
NBqaw+VUIpJwNIaow/92yo8AqWEiWRnXKX+3/g1S0NGEEbU2NpLkPQQuIDUR
aeqmQbhsiU0e1cH6qC78r+iVaMoT1C2EigWPHw9FewQjPG8D9yyaSuT0e+Z4
TqcAp5J9UG5pIt/ag+k8KLQT9Syx+2NHkhxlw+D0mFSPSIr9M+9YjKiGmYFB
EvwUxZc5JOLeyba5D1c9NoL3MxQEKN8SSivMjY5HjpLDrykn1hS5J7AdDt7l
BtBlHDNoqDa6W6KymsRUh+c51r0G0SRFNyR5hWtjzqIjYq9/eAtY6gR8GXtg
sDLoQ58Wgkia8ZJ/TqUbCXC3pFwF8kN9rgjRiHRvD5by+0IUNM0yUPFSaLXG
JBQxBBV58q8kxHtn1JHRqRj3ouK4dOx8omRBiJAxzmT0cICPapcvNK+FKCC/
/D5SPN+U1Fd/ede5BGkRNZe4itLJs+iuBUPGux3Ismuqp497Z3OlsGxo53ko
k8kwE1ST1P9pK7ZJgNYwLQtc9n7kzY46dLR9CKLRokA3/BW8NnEhwBRg8j4f
F8LzkUyGv43nC9tFvuxe08l6P8gkTgxGeOgTw8bSEvkgabESDpZPgus3tV9m
Ue1FsD6PAiPCTUSF9+5sdjSX+FaF4DLzRTFcME7MVkNQZhG/F8WT3+1hcPkE
XnRgUhmuCTIT7Kx5Wg804f+ktsXT50jWVoQsQ+Lq/cgaSQ1BTOcxlnhM+cqM
RGk7NOnE652wSvHQNGS4gUFgXQzm+eE70b7zDcsvA6S7gQdnCNEB5ENcHBPh
1Fxc/SrOXd1BQllIPAB0KTtxPFLKEjadCTkZLsxI3mvbaoT1R07fVAzkmaD/
mnj6rpz9v9pvHw/vBwW1Uyrq+zRxaNUfSrJSexdvjTg0RG5xEmtLqUpQS9Cx
gKdGApzfwKJOKaSMRYiAxNrEJ+aRugM2ilVlApRFHrmz4doWpj2jbG7YqPOI
T+RHlBVa/eW965RiQGN0SHze6XDRJnlXFmDSjJTS8PSM4zIrzxQnqoLLyDWP
GGqTlHAyyTs+o6pkAdLkyDthRAeMnJYZgTzEMZHcO7IGwb+QrzNJR4EMXujt
w2A0cJPrlg21YuRXT1X7TbqlkcMCx4/x1oJaNI4bBNbdqdIuyLGBuEdQ+yj8
bsTlQGn7icCfZgUEGfb1h9fgTrGynyQ9/8YFgtMMnfNQXLnIqtmacgRopAUk
n76UrId9V6oazgH93a8ohCSIg5J5IHmmocAukU+TH1LzivYRFbQjcFZUM1YB
1yc2KHDBc7T+QDmU4cX0hYzSUFHeDiy/mKqPh0BTeGweceGDZTpqb9EIURXY
f+NFen3X+tgEVE685wMl6ruPATs00y5OgFNfsUv8fgrJMtNXwvP5lRZIJgmF
DzLDiBRtan/GYhTrKlBYey8TLGohBUwLiimgldR3NnY8fZzR98vvoe8EGjJv
SSfye/5vOAJ54+HUFcpn8XELhNWLurk9mJ+OnCyRvIeKpeaHiCGPOsipfw77
wFEsCyYhQYFNosNIAyVcLPFNHd/1+FC5oGv2dutFLcSuHBoxf6A1QnLE9glh
haXp2A2NYu44b9GjBwJqAnd+wC8RUxxYLugCgh4wwhmLrj9EUptQo7EojTuA
ofFYU4G4pNd06ACOOjaQU45yHIMx3EQ+54OfkfwUu5wRpSwab1prAj06EkYU
iE8+AnVtR7YJfTdBcsB3YY6QAKz+RUb+LrAIWPCj8RLPmkf5KbaIcsehcV66
MdK2IcIJQ+ABmBoEioNYBeowIkk0z6py3QVLHqMjX6Lq8ThStdF2MqxwnlZa
cHQfuW6fzs49AJsMJ5Ic2BqKoixoPi0ckyfD+mxqkK4XhiDw4fpCAkKkBDa5
odMGIMM8CZVjFAVFjZDf3dcuvVNs0ixnHtSlPoS1xtAO2lrUElw/fBbBxkZ2
c4RbBXJAp947fDIxODrtA0JnIO1nJzxZKXnyiviXkHKA/4VgKkBIusj5zvSh
jQMegCENWCHFdKKWPZRdHtNsUVnwvt0Cpu8MNc4gEdzBOViYeoiMnTqQtci4
TmQ4X2RX0TY0lQ5phzKlNzxiJH+6/DqZj/d7RYwv7Yjigk9MA2TegwsQhsQ0
GsnzEvx5RGwRKjsM+/pCquMSZjqciA6dKppL4puf3/UmfUEDB2LEJ8YD9KG8
UucY2hxwWUgMMJ63tFsDoWRiY71MCvhWS6XcX/6C4GKGFSQKulM7NwKgkSjQ
JIvYrT6qvx5DaRJFg2F7/xOsGMxWC6DBzwkAJlAjKBWK+ibA6CKYu3pv8oXU
nIrKlRWjl5RLefgS8BA+DhvXllXz+uUr0yVOt9f0Wf14NqpkNgq5Uvk3zcaw
Ofy5+chFE1IrVVk4loGjWeB1JKiGmNyjmB916yTO93sjwx6ikJBgO6jieKKu
NOE6eqjPSOt9wL2P6pY9IlqgKtRAOQkkY2ACbuYt7Msvv4fzCfHv7ptHPvxL
hDN9kkVCIgKEhouc3LRrD3kAEzUSn6LxCWuNp8D0ZxKoI9R3FB9P+kq79RUV
2oQ0UAjzgR+iX75imXEHHEnhQCFGkWoAieemHCGYdTC76keobQxFvoNcP5sk
GD+jp+TrM9B8wt64S1OLvPKQSOIIkXHJVlJPpaeeZIdF7lIYAN0akKkZeXxj
WDZJNDsHpkXCW1CdiGc5wRYEo8UKkvPR8fE0/75KcNoNYlvPAW3vpaoDawaR
j3zDY/z28ndpTm2gvPwJQoEly0IPUbKSby8/9Dh5aGNvokdsVwePMAJGc5AJ
I/MD44lbYCbFb/uOweckA41Me8IpTRfbdo0bviNQChfO33vo23eY+IfSPtPA
ugQFV/L9uEBBYrOiwDk86hB/QT3DTxObuBdLhmpveuMdSR5mRPEYJdx6j+pM
BNggidIpgRWppk8OABgk8lsmw57UmEYQVpy/FKGQ8WTdrdH3tAcY50dT3xXe
sDiL3cV8MlNCL4MC1ZT4BOXJRtaNTXQUK2IUksmHD783EQNpxJ9if+hUpIpN
/GsqwlO/Rc6jSNug9IFoVRP5gIT5y7YPlKHwvYQm5LFGiqCLpvFOSCQ1QhQU
eCpXcf34RAUsmESN9UHFjy+r2HWEjix9WaKJb+nXxOZ6cqt/JhlIVI7Z0KYI
o2X+z1+gd4PGEe503EQD4bvJli+fk/ngO8p+SBuM+BmTnaJX6xdCdIPuynHU
/zHyKiSuy2hoby79Clyav/yCvkxyJcVPAj0BZx+AhY/sh8dpenqWpJQNd3+V
4AsDJfYi4QtpysitJic0tYer7TOmrHh6f6Uw/ySd8MlzyMeGThilzo7uBAVm
isd6zVHDaV7PGusZHr7nPt+Xggf/eMNzuoVJt+gpWBfy7aVvv8xRShA8ynVY
kR2ZVDxCuETZPs/faNlvSKKjo6zQ374hwOVbFO+E7aA0d1j6AamjNoJckGGl
KJpgYlDicjDg1YOSIyL7dpM4xM+nHDt4Y186kFMBDOWgyutOwoohCasytJWB
qPEC13ENDzvSkFHqY5eDF134ycD70bjAxUKLFu8FjEG6oyjz7mj1o/2LjCM9
iMjPbVTkAV0d0dY+IsoC6D2DrrgF4b7HKqMCi2VTCUN1gDr8MPcNpnISlSNF
Yfvy8vbC4XzcCGvz7eEqhsxSKUohvBTvbHEkAaN3xKIRtyaR2xD2lrKqfQI3
CTgLn9L8/viS/vXjkqg9SGtjPGhx8ORCGUV1DlzsGPlBESDh7oJGejOw8zH3
EaEIoYA+PCovPdS7O+KxtPLbC3FuEmAIhJXAyvIQ3YvQlXHz6NoOHJVyLCa7
hhqFWEToz4vD16BbcQrtvaq/MzC7BNkN+Se7IUvzQMBf07P2GRt60GV01FQM
06YXP7xiv7y3iSBGwnpzZOjXR1+iVHdIquf9ynp+jix5XDnRx3zNpHF47F16
1URy5RVpbigP8Ate3CkySXQbI7Mgekp72BX4FKOrMrm9H60C61E9pXDZz6g3
5OM3335DHr3He5xMFF6CrzKVf/EbvWBzNHwsN+IIVBJWnNJ06EWMlT6MwsUj
Tx8xnMtB0pcs+1nXUMkViFRLdHDzYQefqV7vdyh+6VcDvzbaETiUgeJ2aB69
9LLSouQPQ0rsKSg3oWKI2POviaviHfmEbVVgTqNDcd8/0sEYoGN4WGpE9c/u
bU56ouEGhNYyTqrdGHji6Fmhw0K3eJIMgJbNIM4CTflOpce7o3h3Vn5woT1c
YTHZDSUOm6MQU4qRCx3Xu7P8hXZiSnuAM/ASLk+M8cSkVsdn9w/0mJK79d1b
IKbtjOciLu3yVKy/vMQ8OjY1Cul60OVEY6MRRlRTFfPevdnbtw2BgToyUAFs
6wul2aAqJSoIgkQZybXbxV7sVEepBPmMwNY0NPeFCh36G7TQr8hLFfct/YrE
kmOcv4xSA5MjIw4IXHIKqm3xuxDsHvNyR3TfQMIgd3S8CWJPLd5/yf2BblYv
IJnkkOgbIbjiR5AfB9vr97JO+SFR8hxW8usyRflZmZKm2UodeAMZ5HgSUEF4
xJRBkjNiLvYfBHgljkqA3J9ecKRLH5dVxnyB1hukONVwSAt5+x7uUOyoeHIH
EtIolFlCWSBSBhmGMJKEOw+CoCBnLMJePk7qfyRBCIF5SizCMY8lWr07nRgd
O3Ju3ldAjIhyHrsJaEktKJWQUPps3AVvgVGI+I2ozojRA1BrjPwBUGBYmvkF
J6MhiYf8ykDV120b6hFEjaWf4mowcCd8oZC2DyaCGacs3vcHh5ZJkV2XOJkN
74Aj6p8g6Nt2YcQR1hXSYRSbbLtPiBsfihwyw2i18DahMK6UWxPI5YMGWffv
jpblw2jUJqoq9Gu64NeIoAOKeSAIEcQfXXrPeruJhB6dh8QOg7pZcnORjRlx
TMNWLBg4wlOEGqFvo47eu0oRER55C+yyr9TBD08inpFE4gVZ/gTOg15evkbq
pyKinpiFOulmUN9zY0QIrCQkDLNeQo9FfGdRJPFXmtMlbzx0+d5D+HGQE3mC
wI/hpEG/a0qLQJTo8hlIOSyn0iYKPi/er1/j9wttxBlKEOecxFQjmenEbA6Y
bBd6+HA4Ct2J2C2PZE3ytx8YGkmuNrocKe+O4RMC8C9f7w5Y0q7/oAUjrj6c
djnio2zDEDw5WyQDirptXI3yVUBPeKKeIRx2tNcIggFznaHilHYyKPOuy+oj
5xOmLaZsOL8idiJqtzSB/CQ4HuHZhPicACHYkaa0c2CRKZJUTYnfPPwsBJfj
Zyl8GYjYdMIxVcRIRgsxxOJ004iq664zBKlMCYTS33blq+Z6zzja6U1f/Fr+
YSj39J33k32LCmU4T3oR1b6Iadth+UNMrURZcx+CqhR2KMfUBfdlMpFua+AE
EKTaE+QQzLLgcWE7V6a0Nt93TjLtnZzau6LBqR0e8apQhno3yvOGXoDkCSMG
SaK0ru8SZv4kNRntOT54D0ApnDT2cfjr9ckE05IGaYTw3YBhkAprfN+pFvws
moQUABqLjiMRX7Ds/I7gxegFln2n4dFV+uw/g6RCstskGvfL1/tCQDvnLeot
TAtKq2F33JQJXBE4JSYWaB4kUjCOUXaWv3uEV9/FwpHC4t1FSdIldigzKnKL
+K+kxh7mBUho2dGyETgj0AYwQCmaWsoX8OBcwElMkE419ubCfKUPFtAjGm/i
fTgQC7a/p0H6DC8KGtJlArP45Pim66nQGhJp5cZED/60kfCKD3x0Np5Nwr2V
DmubO3hrxMFhlC6E+oJJv1DCDTAAUcIpyuCMqMfAvnH8V4LqgEDoxDLg+Hok
RmI/+kb7lXZfY10+vTiJ/Q9VQIOaC5gXgyxbqoRHksvwzlzCQ4w2UkQRtnvg
sMOg/XRKOGHxQnVkMdHwO8VSqDy9gyx8VPo5VVuK5m6iawoPBCpFdxFHXO4Y
o3qjaypRj+zpqOI82dgtljbJCKcDTlrTUCZLOjoCryVaq4BOZVIY4Au+LgfY
vkcQuZhxFQnfd0hgaL2pR9aQp7mMHxQQpHVQoaUClH0Ih0rgQMEVokMONmCh
wfx1UnuJamo4XfSdivOYaxA3f+8kRI4U5KAn9Zzeq2pP4904/QkCg3Chw+he
3NqY5QUY577mOTIpBh6jaT8FFnxGUz/Rg3lXYel509/QPkLILJTh/qShRCOI
H1WJOYZIRhd+DJaDl2GaZRItRiaJ1C/AcwW3SEJEQdCfSt+JOQLzbLGC01UT
jUPSJvgcYRuxEWk9yUUk7PU42PNG3xhz0ZJS9SnqQqKW+JBSw0fTTcubJao1
v18t9OWuiC9ar3dqL0fzQMfwFJ2fUIJgQQMoHYDtbyL0euxTwyJt49oHyOyL
y4Hg4rGm9oIf3sSTSl/w5ZXmo6LsGiRbNjgzFsngSFy8V8SbGAoPHaPil7zo
9XkInFQ7Q69Il8OxjwaZpzvOrr/8hWBTgBpEMvag7uGmav++vzqxr1VLlJv6
mfXF5UyfLS/8hty5kOgDmo2IoOhhyydh7wkKClTHGijqskO4xpAJtNHiJCyc
25wcMfwNLM+MjDzLOAbH12iHo9MHlL+/g9zTf/pO9Mi/+Z5sPW7t+9+Y/h/g
k3+joz/xw0C4wX+kGfXhsBO5MGAKYDfexEmdG4oT5JsE+yOw6NsTnUEb60mq
yd38IPoph87d80X5ub0FF+m9rbVFJDQ2LRSJb0iENZBdQ/M+3mWvL0rgY6ZV
5InC5QStWGghHx3cvXg9j5YMEaKEqYYmwyfK71JD9Y52BncVWPSJMDbxIKEN
5MGLGeyCB555WoAzKr/2K4tA7M73ToSHSeUocV5kuHi2STJYCEY0wWkH6yM/
Ke71wJv5IVkdLRmIJR8pJaTe3Q5xqAkdC3SzYPYlzMF3Z5mj0lkJl6sqH2Wd
3hbJysrJYtUvQxPx0l98Eqn2UMZobNDdVWDH9w+BdoPhR7BmH+GBqP2B3E4x
GRRQboHlizNGHNrgExbf6PJDr6SFsT5UKe2UMo5qQPuIHz7ZpqedAurT21x9
GCBCkZ93kfQx0caVpmBiUALsyASRzwXuA5nUd9jtN0LbStix7+o403wEOZHT
hDzNUBah1Jq3aIKIjxn5tCLx/h4274N8Yth5CByjGWPRsmB+68SCYKhoXFwD
ZtzQVUgU76T8h+p9+cxIMSfynlYwJJ5QFI3GJZXfmQFE+f9kCnCSRMKv8P5U
9YCS4MaJ9QnDKGbxfMgH2pAEAC3i40eIpXdawbwV73Q1Sl5KaPjP8MmUvilR
tRVLgyAtMUmf4f2lg6NhEhRNwh+OvPLPqFTA6YaFUZTHxCVw8LsoAIikEK0s
Tjhw36nPnDpphNQM3TJIMCGQ4wNMMiVuJgRCnL7RoprlhO/hvfLQkOQBplRy
GCmLRubDoufxCr+dvTcHj/gv7xfYfrhUIh8NSsvzHon4EwnRaFv8ep1enLpN
HcrJ2qURbJSUpIGkKN8pVyxmsKU510jsEOgctFEgpOiXX7CrM/INIzgUpNyM
KkN7dO/cW7QpDxqtkfqEGZ1wAPwnoAT/pxeHzDM2z+HseY6BEthRSQp80hNh
4ecTgjhb0nkdSLjcVfGipCXI0a+h3IcN2LJHyu3ynisiEkCIAAPplkhGobvo
N1THxvnIXxk+wMS9994IUuYR8+/YFjSvEa2K9+iDvvccJkg08GKTnFTkoCZT
jOUzSpALI14gQq+CVCTKEE9p3THEBDO4pMqMo4S2aO9D10C6CgLO1Lnbk3c5
PWmOeCZVpRQ0BvNFFLBg28BM+2rjxCEICURccbBWVwILDelHYA9DXJiEEHxs
tKtN3GOeEhW7ThHNTBPNxMEOwuAUIpZ5OJuWgixHKH9gCDHpagfHWEZQtiee
3ZisBbHJIbbth9LvUbSAmKuwxBIJYcaQ3CsFIziai8jYwaUQkTIixc1CNPBn
wvqDWJZcsMdDrMGkozl/S0khUckzDOtCU0eDA3KiaknkMY+rhECIn0HszXjW
5BfEQ4sxsyjYSaD3BJT+nhyug/bh3fEysyCjLvhewlS59GqGzYxpM++L4UgB
Q5ORYjbEiT8JEAbVuAlJSLpDGEhlmg9FEF4fji9WW6BngVRUoRybUGk2zSdU
nxSUTNBjiUJcJPdChnQa8Mil24p2NdwFqJrDFnG4vJKSKImjRBPUsT4S+dj2
WDnBPk7DxbDkKFcKuXkQVU6MgafiAeGbKTwgUXsBWP+ITYaDs3MP/8OofkpT
Rfg6oQGEnKMJCsT7QiJ3o8Asy6mdRtQ1KsJAT85YRSY7HQxuMHlFfNBo/4PL
zoc7ChmbaNjp4dAIh6Eatne1IJ87WAN4/MH7Ei5COVXKLUpcxAtAiKiPGwIh
iJP0Ef5Oxty/N9uCcKMXcFn5qFIhMjWRNPGCjW+i4uLJzS/HJWmQ5ZFgb0wP
ArplLQ0jzqhxQYq1PXWzf4fuRaKLf8e6WFQTKtYpNcpXja9WNblwwDzQYt8p
YdHHxUZQMg9qOhGWR7WgiHtooyik3jbOKYcheJOmhmPeWMQXTNwwpOQcU8eq
xCsO90WYifdSYKkQvldc3jVs8CWPqi8QpIZmEVadbVoxeEbiK+GxPqtd/1gs
LD3/KO5ML9p79myCzsZmY2J3pA5FKtqKJB2Yudg+jG7yBzbjj2o/0gziV8zp
EbieRlLzkWWBRa7tYh4FV/tGpw3fyh4hWYhKwj9WlYkTlFOj+Zr2Gfwa9dUz
VtiPaUuwRwOrXiYyXFBXse75cPs89BsG1ciNDE8BbJ+YeckJIL9O0jz/2kXI
w7obBASHsrjEC6zCAUxasHS4Igf4e48wOD+PtqByeNhX8FAPT34W/vqozFMU
viHplfCIk9p2WO3EgV90w5B+o1WCtdjRlUYBNaQukgpFNVRNYLlAmCPovdxF
rAkgMKFv2KjYGPQ4fb2vIIQYRgLEFYFEKTYfIuAFyawDsmVjX9D2f0jSfFLL
DdWyQ4XVaWeSFQa/Mo0AMlG4R8Te8rhLE0BWdLtAFiX57g7zvqHeEL9XrMSg
9YuUHagIEa/zNukbi4nLdrhsrSRQsT7Eil0HfBjvswnRmuGnn4cdcdL5Aowa
5aD5RImRkdjD/ZTjamiEry+pvDyonQj3hCEDkFkiXRgQGboqIjSNi7ylcVu0
IhK+BBVgLIBdmWalR6/HpxQ9mjyh+MbA9xMCB9CKi3gL/Jry2QMdhE4AcO4a
SDHsyd4Ba0lAcUS07LKFu3Z/zKBimcJWEtOb+IsRKQxEfAY+OgxvCFOJw7tI
FUBcpFHUCnFbJ50cUC+FnnxoIgDB++X1o7GrpLwOHTVe1ehoIk/SLpbD2Af7
FRfr0DDxImJLJMF6oFvFvX2lBNtpJQu3SVVgijawU5io++2SnnvEs5DYF5GK
iyEGKsZW39GxXyMSaqziwKkFKujd5OK5xfGDO3SRKVsqcT5SuUAQQhEIDKrI
BnZZRsgNdNVBbA7ynCQjaPQtFIoBoeWRQ5/siQfHF1J0Azda9ehEE/5eDDlH
8NJovb8+LeqIZxEjBmliwjFJrJwyeHBBAxSLS7s1o+mlVQawVwuxIVAqTZxp
ntqCVJl8gsjcIu4saIxijm9qNctJ4Z3Mn6ep7PgC+YSw2q7mBBhj9SmB5Eo/
TpcP3sbYA42z9HCuGKwxAKsV22QJt4/moQ0x+gjOeaQFq3YBmCSYHa3iGAP0
AOFWodfoOToY52SSiINx07LIdDAU8FdyrCCRXzJQmc48IdTrdA6iAwxHQvCf
L31EiTCOcZlgxQdnRPOLMxIfXWYEk5nkcosMATAVsWSkWeu//B67rd7s+MUJ
rGjK+YyrGDy6vr4kFzm+yt91VCD8GoyPIw58cHihywrb8tcnhiUFSSXxYe85
CrlnAVFELYH1aVTM4SnfLlzvuNB5TDKH7U6ii93pV0gIICWJqCUfeXUjVDsM
wB2QQQILqiWm3UrVCcbp6NstFFR4tz3Ig3cQOHeQJuybBnvR8xJUmmhL3uuM
QDvEGVgItwD9QhYq+kw1rEg3J6m8EbMopZd5eOEOVe14OuXQSsTb6Tt2muLj
mvZp0fwcUj2DJiHduxh/RL+lOCBS1/2O7IEA5LByQahIyLmjtSBoaUIy2O2P
D/DOVfxQI4DQPCVtsZSJEZV33lypqwJN93OPdoLHf0P3pv1sb5IwKCH9+TDD
H3kto5tuc6UkRAkdAYPfU+zuEEn6jtcde+k9zOErK1F5tzvmdbQh6DZLVHN8
WkT2JVlDlvqU4u7fQfDugX7wz8CPCITg7xMIg3fbiWMj3+Nso4RvSzVIZWAD
FSv78sh7b/jJAMtdVIFoRijQlYjPx+EzdGUgPDFBHUfeXBwWibA/Tgx5fQbL
x1kD8GU0mEbjf1DOCemKSmPktUFCm1cU9MTD3QI57qHr5x5sTY9j7Wvhx0C8
r3EpM9gYihMmPXUfIA7IGYiR7hgerxyArbB4H+SO8/LS1c1DsA4HiFN5vBjv
Gn3Hc4ElBRjB36Zda1SXTDuRErAoov5iqXf/eyDd06XVIWco8e2lQoaUg+kT
YQc5Ag3NVj+l16TwtYxXBbLfFfJ5hOZCZ+2Jc5FYkyiasNGS7vBnHaV1rxCR
GiYBfyWu4GdONDhbkB4hsQLYy5rIfrDxoUKi8LF76EpIwrQj0PuDq38Djzqw
KNFj3y2gRH+Pi6WQGkOwEg68tpFjAbYW+SdSHQfrgQPlMgHhJsB1VrSqkcOU
vOBxvZLeWLjr4+sI8y48r3QGA0ryewMlyjMW3BEbZvrqINcghi9GRD+os/i+
I/IoiYyAeduR1EtO+EP79gssSJr2ACHkFkwhmEZEI1c6PR6NbdCjEOEzDeuO
HxZB61+juDnaIFBsvN5PEfISofentidtTKYh0dfYNCewgDdk+LrocopJb1Ge
ClJObFoL7b3NmNDuHrUTshcwmhcZnl9TlZlRHAlDwaitSqn0MF+N9wwshy/Q
CCQfZWYYLmXNpdKDAtVRTUPbonkI15Q/7IEWUbtimD1xqdEgRPLUD6FBSUp8
pNM4fvgGSAQPohJixCNCr59nNGfM718krs89AFjSyper6YZHWKqpKE8PMw5t
RVkXMdnxB2lcWLZHFVY1zIcFW3OvybDfU781YWNLFFeDgkijJafxFT0mfceC
imhaqT48jhZpLh6eGWQIJ17xnCeR7s1PQw1WNUW26BPhAQxWMPef4iESqMun
9MMeunOAAgMsG4TkIUB3yFJaqJaLSP345duLD0689sdP1KuEZuNvf6QHfxv1
4NNfmIevX/78MoW0u3BG/4zuZ0T282dqO/8ZTCqxApm3h//9+eO/Jj5jEprv
n8H/oX315xil+GcwZEsLUxRsYKfju3cJ/ocBVRxif8jWMTEG3GuwyhLOycIh
DUiBByYEAXQ/J9MrS5RuFk3qlwQ4FC6mJE4bJFRL+OcRGCgePdqhyc19l/GO
iWt3DtrkO+cOUxxnpD4cOCQJkjT0d0cocciwiwdqxzDn6fOTZD3M3vv9of3E
0/dg5y84FI5gnZHdcdcH1w5/dteTacaucDeaTZ9UAgYLgiDW4Ah+iuYa/B5s
wuCIKdMSOYzA3kKIE9Cfb8lTIVLCadLR/1AHIz3V8HCgSMef0ZmA+S5FNp/7
CzAcJtGOxUg1NbJH08IKB61SEzTWYuft/4/n6OW//D0RF//lH9Ap7mshuRXc
K6Qkiy+z926Zp8fz4ZrAyFtCvxHtdXJE/v4Taig+8p9iFjXdtQPnHz7vfN/x
vmWzYRh+NWRLhvG4rOxBoxdltmXRlR8f/ewXvJLgbP/IIL5H+Lo0ryOcw9S+
+JGXPdkC74SWyZ4QkIKAVcLEFkB/j+o7P9kQH+2Qu3+lv2GQ8mvZ/3iHRIM7
pW/TsNQ9TA1dOfbb3ce4mEJ88dyVZPgCX8ncFWP488OEbFHMOgoW3DtLv718
Jzlej6wwcbWV7x3tGgK1wIvw76gGHPxnIpYNh0G78gOdX+HOezs0OwPcWNyd
VxoKeLfx12SwIEL2EB5gFPMh5Zboq8lN8wZRNN891F/Q+g/NM+4r8ej+IzRv
/5FYQshHiPOfkCGJM4/wHYdViPt1RVVRYHJPIi0YV1VGnlSs9lGUWLomH9XZ
VfXuSEHHUgBLqdh+fKXR4wIO2p8QTukHDg3mhIl8+1iOhAYkkvoTZj+LhMxR
Q9wbsFLNwaO1Q6KLFemFcYo+/E6NjyPywkYEwXGdmD+9cNY1lRSQGkkykQa6
6C08TWnwOVipN4i7c/2kqYLX9+XJAkMcsxp5AizYzEO7FNP4vR95Bz4lZAhV
E1JJXuTHtJATLtWzfZkMxbrUkOrcVBr0X8biaCaNReHrj/bh5fvq4y7YhHmS
egmePkRy2am2glv8jI9OH5Fmw2bAq84QQIfwIl9oNRsP66hjcS6Ji6+UAj3x
Ga1fjNkCNFTOGqzGyxFxPZEyS6RyMUy+bya5jJ//NOU0f3+VkW3JKRSuR3Kz
ORMcS+T07cDb7xzD6vExoqxQdzx2EZkVwcs9qXJA1FxYCkVTKbltvB3BNJKK
o9MdtJKb//3/2WhmsnnEDQYZm8AFr8sOxrvIrmloLo31ew+Y6VfqXMDALugY
cTVCKuYFG8SIhzI8cSWZI4W8ytYBRw4wwBwXTMJVKnDUk6YWedhbnSQ3oHpD
0j8NHbJwI7mkHHfgQeA4OU4x4gD+HJPleQkIPN7foEt3kszRbChAITQJaZRk
UvEkg9fTAqQeGa6uY4c/tfwT8/SN4WF88IUznVf0V4hGfRG//r//x1gzgIwF
H7rgaDZtSw2B6vPK1MHMvyxAr2HeOlM35UA17JduoBxeGUG2wMX40goMXQMz
Bv4NuvWyMMB2tl6Z//6/uYbyMr9aygH8sgWbtQyg5rlQXXtl9oEOXt8BG82X
X3jNsjTfB//WoMTn4ae2+cp0ocQd27tQUyGmlekZ4ByDJid+297BJvsGWABw
z3QN9bYBs3kwXpkBsC/BE5pmgnaHMpifBQr4gMeHiIZipcEvdoZpGs7LVLZf
mbG9gUdqAT+Sjx78AOaD9uTdFf4dqOIvYLBX0wjBPwNwEFoQ0aqBLydg14P+
Q+azAxgPaBYsUAe8BzQxt00YEOQNF0zWQobm0UsnOMqugTYRs9CMl/oukFF5
CKAqIaYseFyn1Hc29LQALJ0NTlAXyyUYqnCiT99M8ulD7bQoIz06eUhWxj9N
XT1fGRHWvoyKFmDqDcTwiEIMKIMYVuqN7rKU4+Oj/gLF9M8QGbiz1V/VQcGT
+D6eaL4HJQ81fuBvUE3jT2glP6GN/ilyUH7C5TPi6sEpyHy6Mi3ScQjAFfwI
PkK+ATdi3AP0hkRIBKiRsqlgnOz7tZKecEkkyCEee4BcKfELSA+iGYFuNGS7
YRZqIAcdWNcFZWTC/AEb8b2RbDQggSOo1rMWo6XDyh1sCDN5aH0b9zg1XJLE
G2e7HHElT1qr8Qdwzt7LZ1KXkmj58VdfUJfwSzXLxt8/TATp30v8tzvipx/q
RBzWeOhGshdv0e5HrcOsQgpXGpJicinCE3iNJbAnTwJrPwIFR9oMhpphZtWo
zCCORLzGgWSaPAcueEPDZPDWNVVakHQ3mbKBghy4biIqXvIrkT+cRkF5z6EB
jYtxIfi85iZbhxn4iE01DpYl0bn0etOs4IjSuxM9PRgWxpuRd0C4Nb7agGEC
YzIq3dSwgCtKJ4koXV4JVUicfJkuZBa3EvX8cZhGsiRjKl1dePYxkJVHMH/+
3TCgYqFFlaO8ZNFBhkMmLTRhCE1dmCjxtzM2Bka4P/kplypImeSBh6GQBOlA
VCLaAZcWoaIhC0GQsikWMCWRU5MsiI7UGaxcR/DzI+ITVVC2EfTxJUVtzO6I
VGnEDfiJ+LVeXzBsFOv6sD5sbLsikZ3AvDy8iYj2xzepwfF4jV9FQ/7kTM7x
Folj+ZiuB2YuwK9gktAsgbRJ9IhaxFjJfcXho0dgOo0WJ7kc48xvRKqzSZY5
xAP4ghJhIFSPsE7DpSevSg8gxLnJcdFZMpJ3e46YeMmb3ui2Tj3wmRQssUMg
aeOnqZEEkyKf//JxUpCD4XFinr9xhkszRyIH1ffDvlB4kqEKa0YB1R94Pllv
7Qcej+fKw+OBBatSqNO7x6Jxw9ongeEhRUk2ZSg4SPg4uGvz+SvvOsoRZwHC
URAUVxzvu3uAQKZ28MCjEkCkNFBcnDi1d54/QcobRXQoD8XsH7QjOp8QvhCx
EMXCDYMuCAAVxowpIpwWAULHNfFvJAi+0LcC+9B7ES0dRhNfPpFp/vYJZ3qr
1yi/OsJj4kw8mmeN4Mrk5/+aI36gL0GdIeApJEAxHDalwkHnWISIp7ztn3jN
BwJs+ymZS0YH+gkbwbi62efp+hW/Vvvy9OQnyy1FZz/NTg71PMQRSxA/KPcR
TTTcfl4CGoiFKS6SnagMi+mTZZgiRX/pUxYDEr+NEVfYwMXlZOF4k7XW04qg
pdohTTWEGwkhP2fSi0ZZ4MBpiXlqf3SrJQtPgYsAmiYQS4hwclrEZKFBQYs8
Ip4GvfEw05VJ19ZBnpWoaA8YigvtaxX08NsFDxlMyyf4Xdzn1KTj8hKaasQf
IxekhWkDvZfL108fymmwxUBjRBx9QAcc/ejLOyIdvOsUUGgaeCXauNg99Zz2
570X4YyVCDOEZxzNGeTAMjyK94VBnPf7ggAo1hXvMNSjRIEx1DfwEKZWIIIr
+9B9uhFJyhohXUEc9kTvS0xQLDvHtMdImYrAFJtrxB79mbiRSVkcODkflpl7
nyDny/3aYn8YxJigbrzd34zxmk/tj5b7195DBSnMAUOi4+WzKUPtd7r+QpYQ
QTvRlJLJTAs3XGQoKkuGKxenmHQfFpSGN74kJhP5IyCr0hw8aUchcnrCIj+D
h7380ZTGDH5pbZQmuSIaJ+J3IL9NsOhh3iXUO5SkTHz5SKgaMrCjjti8QZev
vUXKjkf4iogEi1gkwNeowE+yaiKR+IZPmLPetx4D71lGLsWQkUw5CpXALR80
XHCa0sohGp1kmQ0FsZXjirswQFrL58qUPDpZODl27ePU2SiHH1gOUo8bEnpL
mArz3TjKzrdsFuYRkiBLorqZcnT1r5bmZ7/DjXBFCHsYQIoQACl68MjLLhP6
WdQWSSiCsYGVHcRldyD7PqKoUmwnZl6D8wN3zRnvmoSIRr2lMdb3u/qdMNBa
93hDL2oRZmOhS4Ri1nCiNw4+QcF0z0xv0KIQQLuAzDPgugpchTCE8SROFxkS
D8uBXv3UnRHRxqClxo55tHGQAkgjgIjYA9+qkQv3YWdhkD6upU0TQim6LmkX
wlbILkz2ESqkd5V0gVwF955274QgzDr3aE6KYfeeDhRMFc5c7Nv3CP3EmRmg
gNnLBPU3kcADI7roR9RdGdOt4fbeT/hG8/v15UWCac7kesFyAbN4JtjeJMxe
kvahR8IBaE7/9E//BKZZMYw3IAyZv/7zP//1n//nv/7X/5Z4Wa6UxwRq8Fn4
Ri+me5HRO375RjYPcsNCDfGPn6LhfdWO5qe/oHZIt7LuVqnm80ySOe3bS+4r
yyTRE98SA/oDZT7946fA375VP8VPQqwq2IlAPwaNg8F9e6lsgFpHleyXqB9M
zAvx7eXvoo9povGfGFzFl4PVdGnBX+9oHLWv0RNT+xtKPEaVfu++g5bit5eJ
DER0nn1paBvwRz73kmO/seD/8y9vbIllmZiLAz6LdwTYy2QS0BzEdAA7jYl7
Hy/pv3CzMO9vlre3FwaNn3kyfLz6cLsTOT9JcHJjjQJVZ3+631/hGXl0Pf3y
e9QEeIcGMST+X5gEWV6S8zudhI3w0sNOffL7SqLlr6jMHRDnmCTwvWGCiYhm
7dmR/tkTQ6qpw7dknYPiVd7g0F7+Hk+iUzn+w0uhWiqTo/Ty1//1/3r5HFiQ
PBwKqi/gkydnL8+Wf+LspSf1/QP4wSGCYrpcvDuQz4f4h5dEq3Cgn/7AvOAu
+OBn4Au8kJAN4VN8MNOdTJ/O9Hf/Dkc099uOaE+Sus3Rqt2x19LurPS5kVK3
wWf1fb1eD1d1biRehCnX5XVT3x10fj3qiZwuhrreqPP64cTsDkazFrI8HzZ1
XRdvvCTxXTbXns5m/vw4vyp587zZ23pvUgyFkSNs8iV2vSix3fm4pDRnZUZq
jU2tNTorzctOXhQrUrNvr5bt23o5qknWnF0bbFHS2c4oXwvU5jxQ67mZcmwE
Sn5tKkauwWyO/fO6aQbrm633821H5dgOaGkmN82bBP9rje31iO0o+ZyzWcx8
0AOzu+R3ijXq1485k1EK/d06PwuEkd2vm2NbXvZ0+N9qwt/khRqsFyP4I0+b
8FMyNH2zmN+UfMNaT/g8Iy9EfSb6wuzaK0itvrMGLazF8U5tioFU50FPZv26
xe+0xeW8Wozoy9n1csd2C7zHrBZmIDVzJu2JJJqs1JqDOejpm2NVl5vz3bo5
v0ot/ropjM1VYexs8kXcY4P1GQmMebS4OKs8aOnY8ORF3xy1+r68yJnd47y4
WuTCDezFqV7nyyuwfMMhWPq6X+YEsJx1htv1ht3JoiZOj8uJV6rPJW1X2bMs
b5/YHsc265NTcyJtCsJI5IXRjOs1ZmRf9Oc8Z08ZXjQbc3F1EafcEH/oTevi
hZ/O+anUUFu9qRh2w5UwH40E8bqbkh7pU7HRnzV6OjMz+7wk9k3FGjvro7lf
LdEY9dFyzsrN2lVejku9OrcUpmIJvOzaE7h8fzq6DBr2SrhJIdOfSuFgKhV6
wirXF8TiYs9VeiM2rONWO2I4bo/n42ZvLIYC/qwrhrveaJYbza78khnfxGWP
nzW53EzkLr0BmVB92qzl14vLDvwdTJxo3M8HB+aDK0o8I4QcfKDD2RL4sC6b
E6tsVJtGsZi1uTlnlZpW/VActlr9vTvZLmaQdq1fzHWk41ye1gsCU7s16u6k
YBSHcm2tt65cabSttheF9dGa30qnSq9qW+tj5bjen0baptyYtYpGvtnzi3tP
ywsnj8mVS5prTWuDUr/b2Jqt2X42VuTC1TqJPD8vCsedtXaqmrA7F/yyurzW
9/3WtJqflAW9PtbWATP1e0ruds1kepeReVKt2mLd3Q24gaP1153mcR7utfk1
U20crrd6Yb/MjpRjZt2tn8zuaceHQotR16WTMJWk/HC+zC0LnUpWGfQvuzO/
kWdm9pDzQtW7zfz9bmteG+sqOw5GhVOjXj53s8Omtrgy5Ul9W6qqwSnLDcSD
V+cW5ibTE6qjVm21r9Qbk+Mpx+k9nuOae12uhrochgIHlnPMTrlRK8vwnBSC
Xb2Eu7A14URR4AY9LmzWj/XmhGuYXCjxPU4MWzr60ZjnlbCxEsGOhMs95xgi
KAJwPHebJe+tp9wUv2wmCgLX4XXd5XWxwY8UgQcvR9+Nqjy3rYLN0Ksz/IQL
WyP09gHPr8RGpz0dqXNxKHFOYxnyUlaw9qdsv1pQhj2+CjecKoWjVY+XuUZb
DJm9FbYa4dWqjg72erqS15eLrZ7H62cnEe48sNn4yRJcTl3xavHygRE6s3LV
tdmxd10uuOFhu9RHXf1aabqLysRda7xSkkRlb/dr26zuDS7Zll+TjPLtyq/n
e1W2mUu5WBQ8ozsYicPiqjepXIunWnHcaKhH9SZuhO7qUvO2s91ZnV6E/mBg
t26lwnAl8LviTSz2ZcbNG1adFTLzXnncFK7lcqdmZoTMxqwu9rX6tTlTco7T
68/G2mWqZ26FUNtkNWGgBplGvjf3TSboGjtLY3kn15xNDy57bPO2qZfVyUo2
q62wmuX6LecqXsxSmW9z/KZSLOonWwuE2mrS2nc6TLGWOa3qta3cOI4yx06V
NXe5Xm2s9qWK5+4ttttxAntTDtnyXh7fFmpfW95MUcn7M4dzi+cxs1vv50K5
sQKCUrjd6nXO1XS4eThdmvZZsaFpudyW7Ti2GZZrw93p5pyc3I3rw3sRXosM
vBe5EdvgBH7+WyQREESXXr3aZIgksmf5hg/uR1OKBCrYUBNeWC/brLxYg23b
AH/WwL3RyKlNcI8fTVabcjrTCNnLYAretufC/n7G9qY7uclVgfAEd5VwuPZv
kRANBzex3+M8JP7qu544mc1nzHgvjntcFX946UlUXM9Z5dK4cXMs6ntT4YAv
HdDDs3qceyvwdzBvPCPt4wnB8yE2OG4AFIsqBx+o6x2oZHD+cNIuN/RiY1/q
H63a8OCubHY/PTDb+rk43XJZRx1kO11nvWkPONFlPanC7eVBhc81g96s0dYm
08CUj/1tPRQU4bAqF4ajBdhxEtP1Ks3LPFwG7m6lrk15Xtops9OcUw7DM9C3
eSVbcG9FIat5ja2XESujXsM/qpkOW/QyXHVaZ/qDXF4Yz3nB2QyL7YZQ23lK
1XEF32keG4eKq7Knqn6ydhd+kR+vOa17urUHPflaH/mhlztVmIN/6PPjfLhe
lqQ60BkbuVW7sVsW967VCp2sIXabp5PcX6qF7Ip1mpVRQ1P6lWqhLA2H6nba
YybGcJxxtLq7a6/D7kQLN4tlt60V5r3z5jza23zPEVem3OZnUucwyN1GueGp
xlp702t3B6EkMNyI4+1i89yTmh6UhVDiiKHIZ8NRvcdxYSNE0krneS4U9lyP
1x2q7tW5KcczPb6IfzQagTtywYv5d5WMUMQvM8G7wrq+kjrhimf40azFhaNQ
wFJ3CEU12AxA+9iA5lj0ckEfLXh+Uql512t3zDbF3XXpGubpwAtTRmquj8qN
22JJ3BObArfQ+cm4J5Wq/EXpOVmx3WnO8s2jositDbuYpjceg04i2nkipxSP
Rv+0HZxk3pEK20zdaQu7ix+s88Naaz8SR5lzmVeHlWannatZsuQV+D3THqjl
omtznRbnZJR8tTg/X+fLRbtWa/SW1VN+PRv1Lq3MZVe2ue1NsW9HSy0v5fmi
pRe1lrRnJna+MjzuOmLO5tqdzk7YqBtRWS+7+cwlN8+oQfN6XPiywOaE9To4
dFZuRdavLXlnLMdWtl5jlGsBTPGp711rF3a7H470ckY4ATNm5PRuNVGStbJc
b7X43cAYzirS8CDf9OFKP3SFUm0LNA+m2bJWFy/X2KmD8m19qInVW2gqOa6r
r+WsMdkoN8M7KYd+4dTUdkLey5X3vV3YAJvN541+JmDqgt5vZgX2dJ1uVsWt
3jG0WeuS9VvBbebd1pf2vlnndKgGtapAseR7zTCcT2PBwlDJ8pFg6U25MxUs
nUYfX8ITHslHBgjIyYwV9VF+flWb5hHsQqBoAyPD4Hl1ObY3BWACtA518aby
/NLy1WWtfpLbyuA8LcpeWWZOqgIlcXslrSVuMROAvsDbzQM4FEkz6CD0Rl7y
sm2Bc6CkTJ76COjAF6Xf24thby+FvekM/MddgeJ5Tu68+mh0kfSR7u6ujf01
VJhGd3Uz65tN9uLpm1JGZj191Z3pbK0YOKcc2A8LD9hKyd4A7W3EiUC35PiB
UWIOyn587DWK3U6t6J2VrVnLO7JqbWfTyXXf9l1pWx6X65XLtVqZ37zjcDCs
H1v6enCc1oPzKi8wRifoSWp5MZyr+2A8kxfly0Ff+fpqPxR21yrbX7FyLVyK
I39vFYvVJjtrqb18Tmlfg1oXXiy2O7kp07wTikHz1le91qLa5UtNv91ZKX5h
PGEze3MzcSsLZ91Y5Y4zN3S8Y96t3uR8xx4oV8bPAkl7y1Z302JrVsr35Yoz
ya2tiyt7XbfkuJO9MJl0vOKoU7CU9ri63zVqmyvrCHV7pXvhlbmtZK3ts/1M
NThX5E32wMtiIdyuTcPpTRrjtmTuMiNtWT9ILbu0XZQ2VnYsrluXXk/tbdXh
jtmcVtOcUSznSuX6ZHC6Xrg//jFyDf0r+oZeIdcwrqyGoxI0uhA7E0jVs9iJ
8mPukIC+9zd4Jn/3467J3/2ab/J3zO+SPr7fMen+/S5y9SUf/Fl32O+Yf5k/
DPbh7e3ld9gv+LtnjsHf4eV/zzWIY9xgYFnct59yEEYv+QkPISSuRcx6cXXC
z/ed+vI/0Hn4f//1v/63h0kq5qqVyFX4z//7o2MwX4y/ftcDGY84ckN6//BS
KOZrP+1VjHr68379+8H+gYnSB/746YNBfPoDLWp0/eOnfKkA/YxHGLrSQed2
8lu+VH7wL0ZtPXMwRl/+O3gY87/Nw/gGRlP4N42QpOIM95N1F234idPG/Pxp
Y370tH0cryBz+C93ckcjufd0e5+QK7hd5B5cwW12Wq/XFfZdVzDUpeBvGPIj
Hvyo5eyBvVytAj2wU7A5YESMpLoYVv32hh0P1mrndmjPduVWMJyOmoY7QuoO
k9B3+kDfSSmOP6I3Mh8pjj+iNzJAcQQGPlDppgeghQKVjvoSd/oQ2NA58F+p
t1ciW7oneL/RDTpWwsaIuEHDEr9pmnvYw01hbW6ajT2zBrPNTaRn+p8A9L8h
J4DvR3Yd/J3n2qd5Z3vqhnJ3v8/o/Ky+PTCy0pnqVUXJD/x2bT3R1PKssJ/Z
xnru9LrKsNCbdfyu1tVrbu7IbSXBBEaguVGPsrocHl3vxlwN9bgJ1seBw5fO
9ny0Nbqr1bVgDC6V1eB0W7pmOVCHbOXAevPMTJ30x42Lu+1oNrDsl/pAZprq
0boUB82sVnByW6nTY9Xhbd21B1y7UTqWBuzlthx2K8Vbo75w8tvc+hCIRa5s
FnMHW14vgcFdWnYr4WLa7XW1/rbGXzelg9c5zYIT0MJ7as462v2evl/V5tv5
VnHPtbBYaDarDd+ZLDPTxY3h87f+JD9oZJbS3LqNmyVBs2fdU/Vcra5Lm64j
tbPWJV92q1xxMgELLs/PxXB44bY5Y+hJ8w4ju7M6F4ocJw9491bnXQHaxMDw
HPeQm4/bc+ADBXvuuNGoxxWhE7JDbQoGHgxgMGj4R6IIfSX6GOxIuN4z/rZZ
mP56UjK1Jvbs9IClBF/WBu/qcXaTqdfBvh/NGnzYE8HbsX2MLXaRC6WGJHAq
djwWxYY+mtlmn8/NRlW9fphvOXHPVAfawK0WbmpYDVvYIt/zvB42bG52mNYH
W05ZCp3tpT7Zmf2dY7Wau3ytcYg2HpM4iQLabVKjrXXqijftKI3TqOdM3Wuw
HzdvbXXFZcY1jecCoevJ/sbv+GaxwdwO+vg60Au5bKYeVlpVrcAaXXcoNcxF
P3fat9y9PrhKXokbZXf6pXvuGm5hJ87m+XWhN/Z6PrNv5S+1SbOWG4o9tljW
t0NLqem9Zmvfm+q501nuKN3RsDS7OeJq2HVtN78sDkvB8iIP2a60HjO3xfEQ
5saNSmMgVIZbsJ9rxV4pXykuV5dFflEMOk21Mmpas/V4MDlPVoemsRCcXHt3
WoZb4VZlOFazpGlzadnigWucz3ujftqVi8PcTtJ6trsvlB29m6vZi7VQXrm3
yaI1u+UaLLsPrsFgO/KY07G8O7vC9NR3Wv01myttB7PxTc5NDvWzUWs2jv3Z
0J7rDwEZbtcrjEbzElNZzrOj09FYCi6babqD48la/khAhgoi5mcDMjQew/xs
QIbGY5ifDcjQeAzzswEZGo9hSECGrUmWvRD0xfCQl7dsZuIb+0l/MK52srt+
VciYbKVqB6bpHYoc2A7h3qv37YrXmjFy8TKamaX2oDw/rXLVLtcPB+O9q9R4
eVns6cHN2zSWvFYOGrvcce4sj43LxJnx11GmVmJ7jRuT1c5DfVgrh/PMrTj1
uXABdnnRnRq3ogBuMbayXPUbM3Fgeln9MBvmm5fb9egN8gd5tZgGfoGZuNf6
SWuJjc26ceCLgds7FC+u1K4X6reFG0zyI7bR2vDm9qB3+qVwOdcPi8bWGATK
tm5lpBHjySfHzqmFbW0/OWx8bl4KC+fb1tartVytd+lItRYQwZ1ANC3Ob1d4
f614ZkWdXWtBrT7QReZ6GBtz+9AY6adRZdkXZhm3MNEGi/DgVT4KyNB4DPOz
ARkaj2F+NiDDezgew0QBme45f+tKPvhw0mprQWdxAoKup6+P69uzgAyNxzA/
HpDhb4Ys5Z1q2bGbh72aLXYOh0GLaeZL1irLan1uLJSzdoPNeivbWuZV27gp
zd6hVHCNQOdspW6VbpvbbpFtz9WVVWBnl+3VXZvMmLuJ20qzddL5bP+6H8hq
wVGd+UoTdkXF6Hf2Gy8ji/Z0oXMH+yT2/Zw3vpjKeVNpzZelfJHZdNZyzh5O
Z33zWB45xtk/CZJ6arbV5rbazd262yUf2GB6Cq1xplerC25x4Jzy7frhNmRH
O4epOLakKE2xLNWmnp4ZuwOuZtRH3tDKZYDmsdLUffM2WzTYits/TtnpbVif
32ZcwJtupt32b8ygc3Wuo4Jmr8viUL4tT71ri5sr3pFtSoVyURpw7KY6nLjt
vr/fZbhTuzTatjKsVulPbn1LPDK9lVRHetA2hFppuPmN8RWGBlh+Nr7CoADL
6MMw0J2e3NTlKbdKhYbqo96FKs9Ud+7xYXJDtfmpOGyE7BX6FYHyeenDP4W2
zMDupx4URIOvc3xG4qbbsJDJHwa1XbifrS63RWady3vbhpNXp5ucc1w2J5kK
I9yeBWYmYEK5flvdzqqCP3Ck/qLY0KSFo2oXS12dW6trZd/QS1L9yoTSYZcT
lNNxo5754nCpHLxNm711JvO9ul8O1dVoNZ4UxVLd5ETtLGqZwaGh5sozuynL
qi2fmMH+2rQCQ2y3N+NmfjZbrxe9a3uR16uD9ZhrrvcrXdTPm/nWPF5O431j
LGvd5sx2W3LLvhyKLNO1j6C18XTWzOU0cXccHy/Sqhh2dqHCzmrDzr4+ari7
oOADFbM5AdpDbX9W+9P2Qa+WFjPnwCxOx8HVDZyy0Co2N9Uif82wUu9QOG9N
d3DlwsJh4+3L0j4DhDFntsq51dWxuLOqNngpWA+7TL67UqXWsHs8VTtN96bo
+8N+mFmVqrttbZYp6w7bGQaTqsA1B+fLyqPm8NvbOxi0OyLbn3EwEeNWs5Rn
HqY0Uv7O+MXgbmL+aoQ3HPs7ZVQ84D8URq1cybORZ+l/+T9fPpOaxvcgtR+B
u9XK0aue4N2eA96KuZ92TcVr+D8c8hZtg+eot7inz9xS8bf/Dn6pwm9Gvk2X
aXeHYIPPpsAAF9kDlIMXXe+NYJB6x4ErXeC9pJLNJLXsn1GymaSW/ZGS/R42
i3kGzoK6L8TgcU2jUp1Km0uZbwzPanuRmW/05apcyG0co7r0WjuBZc7TS6sx
N8KxfdavrfI5dz7bG0HMXc7lubq53ubTYlf0jOZGuLmsP8jn7eWEnxfah1tb
u5W2IRMcZ/1lsba9FHLyUq40BdNhm5VV67a9TOrewa+4Y1HR5reNUziNi2Wr
2dy4mu3pm/nJMYLZkjkWMvruMuteGmugxQltrrFbhK2csvBHJdMp3zjDsN1M
Q2G5YnXQEl21Xz+Jg0w+ty9kC6E0ZOzRuMydLrWNJp9z+7a3n86bxzwv1536
uSsVZdt2/GOxe+pdlpJWKDQOt5mgXdqKGS7b+qV6ZdzqdVHoueAxQajc2qNe
I6h0wcKs1vn5aWpu2vzZmUxzhXV/lAkvi9b4Br1aTej64mB0k/mtXqp7JxXz
W71UOLrJV8csN9wZqzLTanYn5WLvbHrCcueM3o0dAvUiOxJ6/fOVG7bMJutc
q5x9XleYfssJnOXMGPfL3JqX+stNzd3ovdLmXFhywaIjaX29qkhFKTNtZMfL
VdcKp251NdlPd46ZzYwY4azMS9OccG3zZmtWmlTmjXXL67ntRljL5IqWVS0Y
apm1Sr2JePKtjKiUhLWsdezBYqlulxdmBIzcrj2aX8zBsiSH1/qudSh7WVtS
9eWQMxqVdfswLZQaXDM4Z4VLzc4rO7Ni5yaSom8H2p6pdlj/cjzmtbx2q27M
YLcOc4LcFHhj5c2kfViYN2rn0Wlm7UTDG60vA720H1yaSv4gVsCNf2JCo1W9
XFW+fuuMR9tT8aZljmYhuA6HOlC4jNLAaZ8GrCu7XudWVOeZ1WJzy5ZW845l
9tb7ep0R68X7eLGa0gFHkijy4369fsnNelJu0OnUTmvlUNvLnL7jOEYBKp1f
XuubujMvtBaDzdVkLbEYZua7i1ddZ3MZq2/qri93y9m10FoftqqSMXeHWnem
cS5bY4CafNiemr3VZdEo8afZoWCWeKk4EK/d6mGWVZXTtOEs/GxDLl4Xtrrt
N7vT3d6ebN1rq93Q6syZ3/OKPDgY3ZroNRytwRdHWklYVbKuwjWteq/UL/cL
2ng69KSbHnCuuFiWtrdKYHYDqaD6TFYpdD0Z7FutVedrm85OC3cnObvfF7YX
y+er9bFgT7hZ6LN+zrxdss19C2w2+5Y7t8r5wsBm5kOO32+y29O2bN4GBd27
rfJjsRxKlVvrqpq3vKAfnIa6v84PuXawyWdGB3fEVXjXquniJCsxurfbA9Gb
GXQLR6044y8h0G0vvl8sX2/VhjOfDzrFXmCtNLM4Kzq5yTi3ENfNcXcodDOb
q9pnzkvV85eFmghMmfqOU/2SXXKGo8pmZhdGhwO7rOlmW73O+97UWYzFfaaR
yZZVO9seTvz2ZOQz05VuLdX9oTUsZsNy5nIaKLa+FedO2bAqnUO4XbPnzERd
dzIZaXjMur2BtzaHtd6mV+seBlyOKV84vtg7Ds3BTPBKnRFf6q8WZ58tFIej
c7U/Pm29ytGcVBpF/VyXZY7LTdbqaWxVDpJq9E86M541VtPDrlHK6hmnnV15
Yc2cS2dusGz5lrvxpoPLxgUr2C2Fm8O5LizK6+lIGhUPw5rA9qcmk2srl/58
n2Objju7+ceVfhpcM6HU3hcEc9maTNRAvxYm2ZO4N+r1ddiv3ri5mVGqQFxv
9e2QuTlSEYizUikv1qutqy3N1pPRsDTIqtK1zPFdUVDCdaddtYDZOekGriOw
83LVye4Wh8yofAwYqSKcDNXsT9mrtuM75/VYrO7dSqiYs2OlcFlmh7vBaZUr
VfvlsO9ph1lr0FqJ486M5W/jiTJiMqt2zQc25dBUxfKeu7X57Hm/122je5F6
isEOueVcbe4N77IqjHbdXVFoT8NOuJPc4qF3OLPMQFWMReGUz9S8y7S43TR6
7kBadmfyTiydmhvpej07Qz0cH4dZ2x8W9+K1rrcC/tLqyG65wLaZU6Gac4/W
plw/XTdKtnncXjbsblmpClOrtlvIemW72pUD9rrtBa38ZnFeLjLbbeaqcVc2
O6yPmd3lzO7XGa1wvbDrolodFduH8mFazrTkYc7neue2UlSDzXnIZqxRY+21
lIva7blHXjMzF0cvMcIwpzTnfjgylPmmvloMD22pLyhWbSte1Bxv2HajfN3K
o7Kc39VuDUfWzkFJPF3Gnl2q3Jwusz3Xhs7QCKa1y+jcuK6mOltRhKql6dOw
fZmvw90wM1yqih8G4eCwq8uLqlQuTayOcr6u1k6TYf3M2C3OTNZeellWHK+7
l9Fo0+5KY+kSAq31EJ4b/Lo6WjoF9rgdZYq9olkfZLdlpT9gp06D6Zr9Xnl1
3S9Wo0J1JjiGe9FdJ3OdDI71egMc8/28XuJa3iQzcO3buSoNFs0qV+10dPe6
7fc8xu+6XcWXBstut8ay7aIwGBYs+ySOrNVAqo1OtWVlm1+fM9tcM+857Mnl
qpmt616ufK2Vm3cCpn+yM5P86QREm5oTz4I/b1ZXq1lRrze09W12yluct1Yk
W8iBOav0Srm8MnLr8qarrLlVszhlssNwPHI2NfE0DG+ByA/Xp1qtMt/cbovO
7TQI2sNLcapNqwevLYfr29ljs02jtOpWDas+Z1sX5nzLn4/ewuzmPUGoB175
rJiVZckZQKTWosRV2tmgOVhezcMmv75Mx+xlmAvV4rDQV0J2Uj0yhelcMiYd
ry+01EJ2LfKHqTaXlOPBcfsa56zLvj1VClnj1h7kB3pX8NX9NqiWLHE+lTzZ
1JnJ9VQNmrLOS6Oh099kxaNUb+S8SjW7qfSGQbbvN4qVNbuvdiVzPyldZCXn
ZY/T2nIgDsN89casj+DOKkmZWafX8dqBDC6BdmmqdHKF6aBfVwe+xvuseumt
W5uwKF2yq444OdQbQY0vSFe7e2IOQb3jB81mudO/SsJqd3C7La8YnkfAvj9c
S24mDG6SmG0pvepRWEzkZeYkek1nwM/ODVkYrRm7fwkCxzPDztITBwUpv1gN
psXzPCg3NofRZR54x0u31FGWp/ZNHgaVzVbmaitHvCrshnW8OrNa9q4z2zE5
vzlqhI7f6Vw2uz3ft2Wpky/vrN1YbOnyQBFyq8WUm+UcdhNOp+P6yVsZ7Nyt
MUbruNwPXKnQut1K/YNXHBgNcIyns+6uW1D7N2e9l7bqtrfwVmW3IW3tTF2u
Z+fOstE4m7WZwOSmQEPtr46Tbr+jt3qj4lXgByO7Nr1uDXCX5TnvVJhmDg1l
Ul6WFid1qfXynVAWhsGsaxbaWaYcAOlZ8o+Zqjsq7baF/eYyOdr1SqG1uoY9
1lGtc5EP9Z2g+WLhqCpzZbJYTQrVFthr6+2uzPR3086qNpxWHFtb5GdZ92hu
g0HYGdYqG2kxXxmzXgbshG1w2DSvx+bNb7bnp5U/aNvdeqE1zTLKfL2bydyp
cdA3Au80ucyG6x9uQm7fMgvh+ioX3U2+e9ytJute7tI/HTq2Ocr4hfluXWs4
usA0Glxltrg0m/tFvp8/ZG/trrrqd/c9nx9v8oYq7tjO8niR1fFiLN+kTU5q
h01jOfY7x+H4vJgw0rCfK1QX/qKR3U6deWk5zHSsQ2UirFe3U55bV7e16kgw
jkfbubH9vMILo3FvJhTyfnHXuLVuTKcCjKtLZnsYqWG1fVgW20J70rz1Or2q
bg5KqjPor1eT/qYYKKJyVHZGpmKBTQ/WnGP73t5lcvPsYeesZcee7pVpq7ZY
a7rR7nmyMct4hpubgM5PVWt1McJDu1XSs0ug4GYK2UwuwwvDTYGRFfbMV8uh
fQzr9kwfW1Zjvxh2BxUBnISMU+NPq3PncGwFu9uhmx9UM1n9mlln5aG1Xecm
V59Rb6x+m+jnhnscDzvc5DgsdIDV1CuH2Vko7kx1UGjt+/ZAPZdP15F3zamr
cq8ocXnfq587K5051UPzdlv3vCyQ/5PD2g9Db1RbH6zcJhueclxDOF32XkG5
eiON7/psyDV5aexbmn/2Fju/xlwvXK8rW90lm1vsqkO/r4XtVb67Xh92h8Gi
fhkW2Pnk5N6O4a55XZbNsNfKc9w5cwzKO6GgGIx/3QnF4uQ8mgGNbj6pT65D
YAoIa09tdTPLfbCqLITAaOzK51p7U+h01qdNYC9tzS8Wed8OVsx4avjV2ajN
N09jbVJbtZu7XHGWd+Wceu507XVLWqvXi73J5bdBcXSYCty+KZ2F2yq4BHN5
3WUWbF9uOXxfMgejmeFfSlq5fb7upY4fghsrW8iyds2RrN1S0G6Hgl+p9leK
3xiz1UtjtCp024zQL0zyor7c5/aLo1oS2ewtM1UUvaJWd6KVYc/z+ng8Ongn
YyiJyjq3zV707ZHNNQZbS8oNN8ygvZ1NgrUzPVsL/1yfDqxyfnlc7DPF/e3C
gw0sB9xpW1vehH2577WaB3c4d1XbF3cNe7UaB8ygNWA7RXU22pYq7cP8XCr7
AbAtueZspp/m49u2tsuHynJYqZy92YXVnf1y0jkXJ71LRZqZC5bZ12+5Rf80
Wg4b1rW8L7N8+7auhmrZani7lrLanOvDDN+5XCoLvrAvDU8Xt5D1apOaKtd1
IMAYfWEMe4NbMNHt6S2v6/vTuZAb9bjl+cBPxIwgycGuxg/DkhPaPU/traY1
bZ4R3E2/qO6uZZ8ZZou3Ol/sj5TrLH8eVoc1x+C7O2UfWLI6UaXp1JILQnbL
lefqzlCPQaNkaPWbnfOmXLNVbjHZ+Xi4v5y5ms5rgn+wc3n2Ykty1+EbFalS
mgWNmyHdgmYwEXMmt81NMlKxPxBqfsg2w8xlxmTN8+10KPZb6+y+lmuex+AG
3rNaYzEOpp2lcJ7vy2u2cl7kzKrf9jISuIPktW6Xsp5Y6fuXLHOYOlxDUQ7T
7a1oNFlL35ub+bki2LVtL2ep19mtCmbwZl34w6R0WITlguvZm6PZdbYHr3YT
mJOkXCRTDa1NRwi2R7V86OhBuRzu/e2lozQ7mfaIrbn5ZkZkz0KrOyjUZ639
XN52xX5uHILTWKzL++JiUQISf7TLuAVl1dd6JXbR8jqjoqnxF3Xe6nqh1ZWL
wPBrlbqnmSBvG7O5OFhuhIHETKyT1OvV1VPTazY9XhKFve0M3NW+6p6us2G1
tC8WstpUzLfPlePIOytAyT21StvBbVPtHZoCU+U8dXCZSxt9tZJNmWdzzkIZ
idn9+FwUKsqAFfKDXk4Y3UShtlJvZ7MEbgwxU8l157PN5MAx3RFKGu3297my
MF5tJldruWwY4+FR5041bzsUt5m6PS4CtRaIjCVXHw+7hjaeCPLetPbZGbOU
7e683J43uqtKpjHSFtnF/8femy07imTbou+YrX8o2686dUQvOFanzOgb0SPa
NzrRIxBICB7vl18UXa5cEZEVKyJrV+17K83SpBUCx5k+fXozh48BBlwjragF
a7Kf0v4UaRpdKd3V3hGjR5KJG+yXVXWq8VIsI4C5m88RguFagbtQDxBEZCxO
1+xsKI+LUywH/YzijfxQwJrmlNWjJkZtd+pMx1eZ6QsbAI1mLak2uGKc4HAF
BfftHdMxvSaQ8MCgTZvGV4u9RvNup4Hn4dDaLRnmsjXHY3M1diyQnRWPO3tS
pq8IgvhjG8t2CXF7tZCRlMnuboIgV26OnLsuH4let1WzAs9TgyxGMO5cCAic
/dibfDD6asETEhoezVngrpLJBVh2PSlxVzDW9sh8ykyQqUtzpncOKbtdJNNL
dZoBtg9gqJ3OR+mupQl2vZ6KnmUl+MaV9u6GwivmPMLSL0/BVHj36+MgmhHD
k7KBShqTYQdgut8En03PGizesODc3XAmPQ3Xy72OuTWY4JpbGf9410Ih6be1
XxEv8YQb25SxumH+SO2AuJ8W89zatocbBZ76t5h0ZfPY8DrYFcsy4LtTsWP9
SMuszn80cHVean/XOg6v4UexPgLkKcXq3bJIuuBl+IXLBLSb52WK2CG9HcmK
5roIxxKdLjDr1jD3KGY4fxRPyOWe3vOrAlxkR8e8ihKEPhV73zk1zByKygVe
c5ZUCHyNwrQEzxnJJdZD2qNaEnu1VdiX8ETfruAOOM43VcTKym8klI7xQJiI
kHSd8WRe92aVNp3g1pJn60M97xDOvYkjvbvVD4gsTn5ZMCtwYo2cjiRimlMW
c86PrsmbViUIBEStCZXHa6TESDD5hM3CPZijAn+uOfeoyn5QeSuuAslpYR26
Wxa7sMRJ6uiq6/CoUel6ACfofmus1pn1IoWc6HAtexFHB5nPSISwZfqGLAxw
SMt7awsFgmcdWD7wfTFvC4jAveugVS431WyFcZtyuBK9SAqKWG7RTMU9SXQd
l/AGGQEHBekxZfarL6BleMWME6gUlJO3Pq4nxgJLGv/YcXspXVBs1MC+Oqzn
k/245lh8PWzjCJBKoVkLQYYc5UK9i/eaQkGJq4SmckiMfuxi/nKpPCdSHQmd
m6JYwbjvQ34f15ymFMIASL6rBs45AgXevp+Ls68droh7t/q1Lg5tLl9HiZ8F
EMHCYlvPgWgIBTMEaWTfjYQPjzhgjLYeUvqeAzVdVeyrfulacYHnQQgOta32
15TkpQNnZ1AxK/lQwL2rZWMgDA+ImkGKBcgrW0/ikSn8gTLZLRa5exaCEfL6
SJDJ5deLP9U1TidaMw/74l6PVFVD+1HVKPJx0KkzkJ+5/cqHplZ4vLYNYSlO
sWdUuuy8nNwpOCiHbU4/cIqUytOSCySLEIvFrWYD0vlZeKDAY1tRjpvbpHp+
jM6se1I9Rru0d30bcRyyTsurcov0oDlo2CJZyEkViR6u63oJRLBQUx84mdgd
Pe51JzCnjGLV4SZLsllK51Hn0nO6rTtRfPEkr2FMW+61nQqXM2hedEOvsjtT
M4DlhuDDpxT2xnE3R1aqxr7Olqs/sPQ6DsqFaahMhJRyH/LtTsKHLWi6x+vj
UsxdKpStBSC8e8yVlYHGqyD4oyQMlwG7ZZkGhyfJxPVFLvacpfApeOMyl7kf
HIm2ZpP0rloU8QEEQPp0kZMd6Ic4dHjY/OXodcsfnBT5+Qzu//oLm3267Xfn
RH6fgfvqqMgnbthXh0me+OQfTS+mnx/5C4nGt0dKfjjT+PJ9do3naY0nN4Xx
NSBZUZ6A5KX+I26K5olseHlDTsF7z8SYU/84OcXLL7NTvLybnmKrUxe3bq14
7i2YweNWwheuCVRjtme5QtEnC/38v/hCN8FARdya01b7KumaOX0OErx6PzmN
9gJYNj2FvrYGXto8eSUiD+sknlZMSK207RnbXU9A3faWbm0JPBjYdJG0JLSV
mD/r83yLz7+gucRvNbbpOfCbMYb5+sNbCFy+PRNNGXKOBb6Pt3q+qnf+Ati+
mae+1my1vsULfQk9vg59KU9E+b7dWX3Mcn18Q8UG881GH9HRm22eSLAX4DUW
7AsUbPv1R/Hmmz+8QZy/F3C+efo7jip+K5f3Anwjm/cuyPnWL96Azt+LOd9a
8w3q/L2g8xfgLez8vajzF+At7vy9sPMX4C3w/L248xfgLfL8vcDzF+At9Py9
yPMX4C32/L3Q880f3oDP34s930p4gz5/L/j8BXgLP38v+vwFeIs/fy/8/AV4
C0B/L/78BXiLQH8vAP0FeAtBfy8C/QV4i0F/LwT9BXgLQn8vBv0FeItCfy8I
/QX44dj0HYDMC/AWh/5eGPoL8BaI/l4c+gvwFon+XiD6C/AWiv5eJPrmD2+w
6O+For8Ab8Ho78WivwBv0ejvBaO/AG/h6O9Fo28++QaP/l44+gvwFpD+Xjz6
NgN5g0h/LyB984c3kPT3ItKfsfr3mPT3QtJfgLeg9Pdi0rcI8waV/l5Q+taa
b2Dp70WlvwBvcenvhaW/AG+B6e/Fpb8Ab5Hp7wWmbz75HeqfH0WmP2fF3+D+
eQc0ffPJN+D092LTX4BX6PT1iU7/NjidbZx7PsoeXiHgctmfqcyC7il8HKdt
7L6ew9RfKvt4w/JOE6zTd9HpgZFlV2Pt7YxVQJ7KerhHri/Asn+0Gtz7d3XM
Id2U9ldc3HuS0/t5BIZIiKnN3h3D6SjFvHDfI1l3EC7DMQHnw96C8a1vDsf7
VE078HhgPIiOvKM1JI9DcZJc2TeL08HpTKU7YWl03tOlEZ8PCM8dLzqHamBy
H92tb8LIoSsPrrW31v1tRU5dkekjXR/EPcW1Ryky6E6uiG0SlOAc4U63ccFC
6Vr4eMANeIZQW2tKMggl7S7RPDo61Lp1gvvlGCILD0tSchkW7jzvzdqoC/yo
YsXR1p3iHpuWkR71O3bbbTOQ/bHVb1Tsg6i/KmGwswI+NYR9fq12wSOTuTxs
nLOSP4he5k6kDFr1SWq1Alpdd4uh6Ms/dWfjQyFv+DA+SEz8PB3GN3cz/k2p
MX6r6z8gx/hhnP7WdX4FqP/yg0fU38me8SM80k/xryZ7fItI+q/Jx9/+LELp
347tR830lCycnqpzvxPNip7yUR+Iwsv26ST9U7Pni4DLn0KI0ZaPrS0hFIR/
x4fx+4teV/BAvqLG+H++SZ4B4r+74vUxhGJqm78g4NfsGr+94Kc3hpFf4sX+
3Fp/Bo/GBxu9ZsfIcOK/vsGB/fmZ3+HC/vzzP/vYAfxuTuy//nV7o3cY5JU/
vDbL+QA+FUr+un3+UNQa//rBNf/rj578I/QaXzfAn0zn/XNdFfhdV/1jNo3v
Gu3ZYf4sm/3tWdjf//YMpH//2wc9zb//bf/58+O/Pt/578Df+r+/tu/f4r9/
ZeK/7eO/fzHz3/b9bzf96439uTp/m6a/b2b/W3zd//2D6T98+4b5NytMf3/e
tb3V0wB/+2D2v39slb/+9XMH+X3z/PboHz/19NTN+aRo9H8+vQIAlC6tWzN4
FPILtf2n2U7BOfn2jTaffzsMFWwfjFZaoPb8h4RrONO1UPjmPkHTFKBSuX1A
yE5HTr01w2A69PGZskyu0pe5nIOOmWr22MWJUuP4ODSn3TqRSZnW3A4/znUI
jPl1PSeDq/YKXF1AFD1sq8w+o671Tu9ksZYK6nwyrDIpty9YIF/nw726g6Fn
eer+1pTAPTXOkBnCNcuSj75PiflZUVq2HIy71nKe5//3/36y4nePGX6PzuzN
kPyDXPdvR+s/jfP+14ftf+HxQwzGkH9Akf/N6QFMEL8dNfzj+QFBwK8u/fYE
4fXBxW/PEDDs1RXfnyL8On3/P54n/BvR+H97gvHta/4bZhnvp/U3pPmr1KnB
swzDPqg/SJ266jdo/R2SliRed95D6y9AUCxafSLwS8qQU+QXTciOefAhrWgV
SVeTUuWs6iJ9TvlB6qpqzKf0LPAjT3nzkGL73iQt9jwxBwPh6e3T6lW1vzwN
U1due5p2jzuriTtzcsVmDk+XL2lM4EMes9oKgYutAK1JWbBMfXUKfK2KvLrc
arQNIBCvuGGz/f7clcYllrup1Md8MPCthPB70sHAG7mCKYDJD7tBGfW77Op3
s8JAyED3uH1gn1PBv08Eh31g06YNaidpTfLPiefXaV7gQ1UEHosFsgiZT6X/
gdXD3z0g7Tcb5HngoXnkYeP2f7O9ax97z2qTc9wmeeBbYOBpl+11Nluh+ds0
MfDePPHb/Vngc5r4B9r8kgrQqC90FW2vlsAuaNgyBCQLVCSw1kdP5/kx9MAS
eNgabtcojnsDtmarnyl3vaSQoG3AD7IN1ePD04zt8/mK2ycY+dYYnlBCQaw+
3ZrZqOb7U/oBCFmU2Fy5zk7o88bZeKVSkQrFZtQLEVTYp8zes8md6WPrQFUM
Q09XdlGDIUvj92n57UnU7nlzwmK/eaDA5b+BEMhbLNY54CzkB19/pVKRp21T
fEERLJ+1Mixua9JCKanc/VCz/gNOAHgNFIh9d9yacftBBhWY3767S9zy2/uH
ze8eADdgxNBFXNJbX2gf/fZeGtM209O7FIS+hZs3pqJVbD10+mD5kpZThoa2
ptsehN2lrQaBt3lnSc9A0pJb82gfNkuVzbIJ+8mYm+VTFp0UmyKCTrobn6jM
DUFelBX7kjYF3uZNN4M+b/xgxKdxY9jCPjSZaE3xs/ASnPST+tgc74O3Ar/F
uK89MPKg5zvfEwHrvudMwNObfnMmutwiUaNV5u8KtDYjJwK5Rh/zZFuMbG7x
M+BsXQB49j63lg2nS2YbTLsY5GnTeUZ292K5bvfM+ZrNh3+jXUejveffjqZH
rjSfap4Gth8qy3vwjhvaGitDbmMZmSDTz1hoeulJW1UsronVFWk7XaU5FPk5
aEPaaXg+qkkM2NoU8TyMTYWJs2GsDMDHVavCNfEezhHpQd3bQpcw8cc1VFJ4
iraC1xCR8bDVHm69ufKJlYd4pUCNTTvPsebQ4ZdomYy47qUIbC6mFzoOL29x
4Pk9gDynX9I1haMumL0mtQEXBO/pFii2kuGQp1vV5SO1nTiLbdBEpGtdTD+8
v1n3tnty+aSdjiGcdsbp9804Ke/AnrxGngA/Az15DTwBfgZ58hp3AvwM8OQ1
7OTHyA/+gOsQ+BnYyWvQCfAzqJPXmBPgZ0AnryEnwM9gTl4jToCfgZy8BpwA
P4M4eY03AX4GcPIabgL8DN7kNdoE+Bm4yWuwCfAzaJPXWJO3rKPv5joEfgZr
8hppAvwM1OQ10AT4GaTJa5wJ8DNAk9cwE+BncCavUSbAz8BMXoNMgF8Rn3pi
TIBfEZ96QkyAXxGfeiJMgF8Rn3oCTICfQZi8xpcAPwMweQ0vAX4GX/IaXQL8
DLzkNbgE+Bl0yWtsCfAz4JLX0BLgV8SnPi/7flp86gksAX4GWfIaVwL8DLDk
NawE+BlcyWtUCfAzsJLXoBLgZ1AlrzElwM+ASl5DSoCfwZS8RpQAPwMpeR1Y
gJ9BlLzGkwA/Ayh5DScBfgZP8gVNslIP4A/gJPOeFZrUvUKRunfgUgpEgsED
0T4qTlncCV7inJABZINj7ux30ST7sSOsTEvvskjoCFet4yHj8YlecDZgsZTn
gEhxHzR+QQR8EJNb38538a7g6+VGKc6l2K11YD1unpYYpnCOncG/UAycmHhW
zdOKmF0LoAoetWFoMojWzfx5mfSrdBeuanqC1D1ClnmbbSsRZyBp0z7cB7AN
zNXOa6GFUGLRzxJgstlNDoVkhriED2+8Exo+KpP13blh03zfFvBGdyonwxVk
koEbGjesOqiO3kGmWm2iFWCw4jmMJ72KrwU1rmu9TRMNorJ2CMZLtYBHsc0T
xRyUD/AsX2qnQ4LOOQh4b6kH1hZywCbVp7wlggqnOnXMg+7zjRJhdW+et2lb
bGLDuTk6d+lKj4GPD5VHueN7tVR+KPnwTxNT+bI5/WcgR/4gn40hyH99BFNs
317eU9R3MsEkAn0qcPv2YxCWz4nNP378T2m+fDbjP1X75T15oRfgJxJDP4R2
+b7Bv5dI/ll7/2gy+eVNNvnlmU7+dvs8c8ovv0sq/+7m/ykN9aXiv5p//tSc
f/3rq775nRz0HzbZ2xNx38hCP5/wq3nol19ORL/8cib65YdS0V/s+TTtT8kr
vS8p/aWUX8hK/7TO0r9nwvqbskwYjIB/AEP7lIxG0K8QaN9PR5MI8buLv52Q
Pnx10dcp6cM3UW1/gFv7V0lH/ZnQt1+QkEIz7F0SUn+U3P7qov+G7Pa7JaW2
F/4VUCEYZx/Qc9vnr0Pxkhj/UNj2+d8Kxftem/73K14Bv44j+zWBrO8a/98E
0vedpvo+sO//C432J0IDt9b9CA18dtj/QAN/FRq4WfGjOZ9h9D+qcv9RlfuP
qtx/VOX+oyr3H1W5/6jK/UdV7j+qcv9RlfuPqtz/z1Tl1j9UlWPNUxLvYDNS
C9puxkbvlP5SLaLdDWiurXzgoFg+D5RYAYfqe5lWJlChvciCxwiNwnlWbPSh
CpeFX4UOE2AG6QuwOtpAy7hxf6YemdiN3Y2vUiZYc23fpjSjmyNqwPsrLXgL
wvas2B3TiN6Z8F4KWwly8sU6qcAlaWLPM88nxYfom7Rv5eMg0oXcgQt0cHzG
obq7fQkEvqjaYWuPyUJq1BhT+ZIeiJ6LAHIXPPCGFtxl7W6FGAk3+tAUe5vs
H1QwXWTeuUnusDtfbQ17FG05Gn5z40UGcYwbIi4xgMx43u7ik4JqrObNvm93
2HxuSesGYjGSUdyd7CnWCOHTMTQe6/WcbdPErQmueTCnHVIDuJYq93xG27C1
7VJf9OZ8vCBJfkGv4U3DmUxh8iEEhUqSbRS57z4t5d6pKve+ffXfTq7/0cb6
P1Ve7t9zd/0Hj4MRB+jPUqPDUAT9h2p0397Ox75srP/Dw2XbFOP1td/ezCex
N9d8vZdP/q6Yf8b5sq9d819+wuyHVfP+aCf+66v+G7bi36+iF4pfq+iF7Ilh
BPN/vooe5WkG1otkGrOGk4qmb1/AfZeLzYEVbiJ4s3gbKHHi0RNwq+j7prw0
8Xq9dJdp4stevLeqGIS7VMHPg6s0Q0Bg/MT0e/yKl3XT3szVQHLgJFhTGWD2
XaO7lowHW03O+ixaUTQd8qN7VOqJ9zNTw+5OGz08VNxZPm2KvN9fTk3FH4B1
v8IX46EEZbQu7m68ztfG5g8aod1nP5+yuXD3AmuGRyHkBrPxUd+wFshnjbTc
3cXZAcD8MczWShVUrREjJY07Al5U/rzTORw8D9KuN7zH1QIDifO5456lGzSD
Fgq87ersss9YQPP4I3fIYbosvKSHwJnlQnHgbr1haBisMGJZLGtPpwJ4i+1+
CFqE+p+qosdRisEKcFOixJ2WdNaN2RsVdjJASbIh3FyydykHp8wB2XmekR7q
B5FMsCcbXu/ol+N455dFG08J0eGNe7rO58aCqEQoKqCu/YMrxAeo6TuGWPLI
HgweP061KjGJh3Rauk2ih8CCO7zrBRZaD8zKNWas5gyGcE0DuAOD4YtYZXa5
KPJxWUJ62IMxW90zXuxSkfEukikczpCYUAQToLGmnRg8WM3C1OIEJ4HC3tk7
b670qW81X3HDASUha4RWQ3c02K9mDkeIqzNkkLpXE5qaKZ83dwFtpJVXlGy+
LSipSiMe3WkpUV+W0igeMUty853mseKtSMtTszqEitUBbBfUTRADkNdRFGv2
2Z7ZJt8An/2Aip4wdh6UmxIK69fq8UD4juwXm8oLnwKMA3R+1HYpFyZZbJO1
GnKnh6EE7oPFrevlMp4kpae7fUbDxFlfKGjFeqlYHzgjIph9UwB1vfFjp5Hk
XmnvekauJJtADnP1FKe4pNjNNcvmml5uD7+p1DRsNIGtoDWBwK3PRAVlAMfL
FDh7gmonRywFYURp90pODXamebg5wMegaApIFSWHeIAMSd4HfUChOz1MDJm0
zGoDxUSeHs1sUYyZUw+KXVb7qCbwdRpqihsES6PFxwCSx4dE9jI+1BVyNbFI
2WV9VwcXQQNobCokk7kIh8e+0lZt11rpdC8RpVAPTpJBJwfUCMS90I++FJEL
iF4zjHFiglO4YBxbHUBDbY9RvIlY5hLa4ApNubdGxXW9kJDL3OO0U8HyOvmh
UfX2XrtYezC81BWHSTNid3IIIFie3m8okQn21B5ZvjyN+5Nf3wwzUVM40vfV
hWV3e1+bbvY2RPpevzPunKIGFhaiRrwCR/UCVWqFdUi113e4xxN8DrEP4n4l
5Vk8GXuU56sCGRgoUsNHgRqVwtFoyhJXTzZTmQL6PTLbyC7dgbVdF10lwOkJ
2+PqZM0+JvJmc3U5Kk5pSc4yUDhRjdKRB1QpSbm8Td66AqP7OC3sDpfoU2Bf
jqYbK8SpgEkZJKCxwHQXjsMDx/cOXs7eNkRVR5NWFdJQxj2tIyoHhPqYEkqB
7CxFbZFiZAq8fFALS/vgQ3Z6D0vjuDuq5/PozKn1oOmLTlxVvnIs2z7LqACI
6+AXkHLFfO5yFA6O+fD2cHxVH4f8jOj+eBzAwDMPE551pVpL022/jYDpMmcY
MZBdyAMFprWtLx688z4oEnFbncy8b9334GSPCJf3lZTPQpzl+XzVWEI5PiCs
Tq3+RGT5DR/1KxCjLGEUazAfV+Lg7vBzil9Z+h5dPRbXy91EoIfMTSPBCJHB
dSO1MUesaahVMZxxqJ09sCqSAiWQ/WDsC+9lcUpAjLzH62IkJq+/lJx5y0X1
Wi3KUsfRY1eJGXVwWHTnh0Ue0RpQ4a78yEoT4W7RMG4rIzfDjopguklvRcul
PMejtDlg7gSwp4L9OUkEcVIo6BiHeYR1PhBHeH3ZQrBi52d4RmmYEbYl6dLs
F8aX7lwsczsFu6uBkmLp5MHOaGFixmIloYXwrggY4MIORJFogc1MEOPD9Ck9
xMyV0SMDIfoGNnc16Lq4DC+7ZlF2Bla4UxLofqSfzcGrijNwmHrVb1VhKCPR
2KtZPj2wB9nf0itnKWIvax2PbaPEPriUrH4+GvZDaze3YLxa5vXrXgRIwwg4
qymvGGTjcGDeB48c4etcVIxdKvvAdP1euFgQLlttItG6q44nNCKpq8076VGb
gMMDAb0dY4LnM+rsGnA8c/vqrMyTQcNkAZWYzN/j65qQl6XcPdgIlZa9PaFx
bOPzrTFJoLkcjNxQ9/qF2DPX6I7eUxicjoVmmjeLDCKG2GyNnLuk4WEMn5Lw
1jk5LKCq20KhPB2Aizs2t30VLfP2aXppTxFNas8dO6CzzmvYQj6YCnRyJgoG
y55pLLpRDeNcCM9fpHrpgGuh706zXuZX+R7CVC5XjwKBmIFpKHbW4IoO6suF
5Q5QcNZ1v7LwiFBo72qjFbNI3XADljrlUja5QlCfaRq4TQeP9JnFD6DZ7zPT
m5Jr5d1UZNDH8GzzeHA7mnIMTeBimduKoL8AqceLM2ZpEtZjzQONGwTyz725
S3Nc5pg+zrUqMUBkci11pZp7UxEtaCDpeiV8+roneCCBIJi4tuNdEjTPmBxC
w0dqpe8egxTdbQDPbbncm45Hd02NsbJ39l1DnNRTAqMPvQdXYIVy9bB77O87
WzJvIuLeW24yGeY4cb4jzrvRDqyCamYBKgipJAhLy3P81J+GMvFhvfcBT2JG
zFDmiKS7oEYkKl+8s1gE3BCgYRAPSKN2dcSEoICAjW8NUjjdWvXEH8GKsPgJ
BwLpME+9L22raS0InxpddmNjxaxcAwuhq0fl6gTxlHi7wAm1S3ZCepmfEfy+
o/tazs8ARt215IGuMHmR22DYN0wiOpAjSrdjetuvi5o3VS5fTvF9Uui9eJGC
CqKZXLrUXXH1VgKwHuMjbXYnp09XDTybM1m162imcx81J4XMy2mosnpBlIlo
z/Pu2kDRqTRsG8cPfZjFA3Cm02LHN5f6OBT9leGDMGaJxkXwqFNFr47ZR4Xu
OYiOMKIKYwaacYFNTexmK7afx8IM3GMYw4o28ZILoR0IAelGb7ovuUUa6GpV
59v+qJKSsVqZmJk1BzHl2KvM+RA+8J0iX3lgbjzUbQ4NRqbY0Bx19phLndNX
wpUOLyC+v8Z7Uw7aAmTulBAfXafzD6O3XgQpXk/atl5YBc7dL1Rj6dt6iOpa
5iIdy8xtTkXFnne7zDmWbJzGdWEZqG6guxhnC9tOa+TSaIy5FwBDh8Sz20Vk
WnqaEyPYaXQWED9wo9ZrfBNTMrpH9hmK7wpCftglSx5ubcazmcYxOrgNrqCR
HP3DA6/TzX4HeypNT8rrI9H4V/sOw/cqvYqU8wB5A26JNu9q76qfMt7q7lSY
BlkLDM7JwvNdNgz4TiQTbucGt6la7en8wGJiQVCXu+J2O4ggudB5fhIIeA3K
ErxgKTy0MQdcy5slRrHJTeQSU1mA0lVEW/sLUopb3MGOrutcdaO5+/fnAdMk
XxlVHCwGWvVwTVgdAc4+Cyu2IQ5nVEoGMzGyKatOWzyt0rWq6XEmuJBmztwU
asie5pfQag95WSrooMR4qu6AHl3WmYEHMSNyiOIL50HS89JpRGlbOW2ujJRT
OEXUqe/PHiXIzJKPCO8cQ7SldVCxgG3B2wQSmUc6XZ55T2/TVoluWoIoCbnq
VpsSPnmvlJHzkgC7m54JUZd9cK6wJKXPSGMD1ZWdj+YZpHdiNpEBjj7IWbyu
42nhEeSwMwx3mnFDut4wWKDrfZh0+5FR2zyxUetQbr0xkxYvypV2mo/XJrSE
mDgGC9eorIrlJwLvJ0FeLgtVWCucNvebSPu3RxAazRY4IGsaGkDfXas9mOIx
GJ5ljzgrRRyR2EE4gw+lSf3bLZTUYZF3i36Ewevoekuwja8Fh9b+4OfFCERS
yMfSGNvSubDCS18dG+fmPnDJuCYmMqjt3BRdK5xOLWvt9xopWFFG6NuY1Hp1
9ki3deNqnBuuiuH81NOFti0R7wZ6zIyWvhwn3q3Ots7v9Gzl8OjIXiFLYsHb
A6shMe/tLZwaAHPk5TZnRvAQH/POK6kg58rgKF0SX73LlB52a+O7t2bB/UdY
72xxcPKc7STtcbyN3rwA0c6+uug93waRERlOvHA/HS3hZp2X3MiueUrBxd6K
SNeWXcq6g4R0vpDZXsRrZtiHUaQCg3zx3aPl9KhpTWLKuUgGD04i0DYIckLz
4HqNPpF1D1liJ6ymcGQNUzj1mT3X4XV7f0CjvF2SWxEzIFl8E7wwSFOnt0Q8
cYo7udsLwYPa5bCiTccbhKHovY2uOxLv3Eqpx2TGAa7Z5kOPBB0wig047sps
Mfj0gGKBFvfNMRWFqGNA2T026W6U2sYXFph2qdXanZnApiQJCAmvDpPb3q/v
SO8G0mM/dQ2hPIi6nuRmWh51ixJw4XRruMA6UXd3vJGvOzpe63vrkizQmnJf
XebLIBzISRki2b3JE9+SUpOdVEsp1YcJHk652Kf49uoLrttOPe55JOi2gUuP
MABrDPZ8G474QmPo4FcMIxxvlleV+xWmd0PK7QqFsBjHp5vj+Yox9xG0e+3Y
oUnCX10qAmwfhQjXFO1GDqe5tdxs8THlxqwdv8t3967b53ixO8/CsLqKg3ZR
f4el1AEd5WHTSOYAo8etRSIdZMsZl1znsjEz99s6y1vSYA4cgrGFdslPm7uS
tqRfqvAyJ0QaQkvkgMhBMIB9sDvoB2XRxdB/FJnq0pc2PGXdfdn6xiiWmp8H
lmTVCrLNRd12LaDLSdtJun9RgofnHoFeLFZ9zJo7ekoWcjbWY6rqxT6gG0hR
lrFu8LvPNcoFxarTtm65ErYJ6dJDJLIsc84zARgyvmzj10zkc41b8IN0Y/l0
DcSbhGLQ5aiFBFmJRWGI0GNnsJXuIrf8GMWaCsoseYMEYMLO2q7mV4JCqqNK
TXVEiyLf0jJLBFDTWka0WrZPcPyhuE/OLsilBF6xxVHmboEVTwHc07biFC7V
XmNZy5pIdTTOYEgrd5c2xET2Ui9Aa8VkDYbDmKtI8OR5lG4FQZYJ66iOASx6
JR2uzJL2SSand/2OY7Y9JmccUa10DO/BrLeQnFupPdQlke2G5XC4QPDgz1h2
yiQXOJx2gWfFOtZ4N1cPddm4H6Ybck1PjDA244nKIF6yHYRarzR51gQsE7XW
6KqtIQe96RVAJmnfvWutp8GJq9wm7ly2iWt5+yjzbgGyE3NbFfWiHCwSbi0N
dwPciFNzdz2REHp2VsBtF0yRtH0dVmlWruZySvPz1RLIXmC5sk0bwyi36Tbz
KJjNGx+1YGRrtWqct4qXPYN6QN2dLVXu1diRh3BbL910m0NxvCv0o8QTXWvB
Z3UNgr6LFmaULwVI5XkhUQWJ6ryw7k8A3xPFcanLKyrf1rFnJBQZhXkIeVdi
zoLOTeUoVWFhOB3qnu6P1B8r9cIQWew6famOM7CXyoLiKzXBhNTBYmPPwxex
tIodjW7hu7NP6WofDD/GpxDKD0kSrSGWrT1y5fQEM0EfWOS9Q5cLTLrtXdEM
F5OfJE7pwOi1Lp5XbFsZD12opD3pVzdvz7LoLSrS/XQ4e/VTBw2QNALWW0I4
qdX1aMdNfLdFy/fNGh1Z5rBDj0SEq3iRsH6IQVtAT+V6yAU2Wy7DjYLDCNhR
PuibxmUdrsv5mOfDoChg3dLT9nRDXtk69y9nyL3GY0NVJuqOfDVKxyxGyzxB
pMQGxs6oDAa8Ve5x7/RHvUvKJ+85zl0zbnzcL1bbQJUTwlq4JKm8G4SHQhZH
TPDOA/8Q2B7As2HC/H0sKuOOPmIWLhyG0MprCFpHVdrpSkXOtWadcWx5pF5p
cfp+B+bZTPnQ6MUPCRgvFL4a632zR9Gtu6sudmW/j+qdKSUpR6ve2ZF62U9J
WPWwgyRiOYkwCg7f9f0MHy8tQF1oNxbteOUr8nCPE/zWnmDmpEL8QdvmEI+Y
eNxvc65QW52UkjTpQk1a9HCDGgKVk9sNQCQP7xjoTtji4ZBmbHamg9CUo4wW
IbGkLwymppCSzwbMHQODo5iuAy+G76GFXtHWCQUWzb2XXSkd9qgxp7cHQiZs
5ueoEKsIz1oTu0fHK82DcN+QFOmMFKtxeEEgMUOfrqEfA6StZXqsFyE6ur5J
6OfqcL1iF4nQ2oTPJGxOLvnSp2Q2euXkCQmHldjM7JCO7G78/XwCfGLRa471
Z3a1iMHLBeja4BQuhx2jQBp8DmSxLvX+ttduT3Y9/9pQ6HSXiD0Hh22wHABj
SrjbCmpt/TjCRP84+k0m+OChvLiuuuClWHCTcLtMJe9XJ9yxBRw/Zh2b+L5l
N9lOB07ItmwTl0MMkwLJ4uHxkRsUfGz0iLic7vcoi7B+Shox2bzHYxYruaf9
JSshdz1gRwzuAfFUDLNSW+whbrh9Kd0j2EJxLC88U3H3TYIraGVIPh6YPre7
KRN28szaC9FcG2n3mI7AUc0dM132+2Voh0cltdZI75HZTXoSPQT6Gt9M7SiK
aNDByXm8nLubZ26RTQfzhpn8QwmIIuSdbmgK4SV8YVevzunifs5ldbZ4/7xM
7D2BqUjM6Pt6GqVp8fDUhYPa3xsI88CgDCDWk72q+12obG2t5rs6AHeCE23B
q3qAeDqh2GPr5U4woHHGwbDrhjqK6vGNzbUtfscLkPYEblj8elgU7XjPm4FF
fD5HtvXzKMDBtog99YI4mBkcPoJD2TX8mnb19Aios3z15zoGFEFxjW2k08t+
PvVGR1F2sc7LAUd0f68UmH47qCeYPjAgMTFlEXUNkpvDPbybh9tZc3gAydI+
pur7HUYa15dUg2fGMVd7gec7gdQu+eCLcoIZ64mzr7v+sK3wd/l9scV7ENS3
pgDmQzhpzwzGYbjh5TWDytyPAg3M3XK9SAtbdpPgPcRTpOBnDaSCM8zI1nq/
RnkHIhOBA1LtSvZ0taJjAWdL2MytQKCzhrq36pBqlOUmyxEST1K57tbKygr4
ss2g8FCdUdulML4GUqcxKVFtVVQTdrSd1cTwkAQQdv06Ynf0TIbkRUkqDm6s
82ML5EECjq3DolC7T4d4JICaDRJCgnStOUMkeECKsKXuQ89uE6K9Bes8foev
Yv+whPwSIIKwIvcVcnYjtS200hOMUcB1MOY7JdnIJTEcP15jH6b7izRJhbqt
DXbrArLuIySuqXArx0ttaVGEH5qVGztkOYlTASDn8uqyIknZTXsM5IOUn/cY
pI7wUWtJ8IEdSDTh0KMs4DUuwdmDUq6e7HNV2u4oOL4iwDZ7PQvBoS1x41of
F15JTw+8JdDYrm/SOKVn/z7A12tqQ9lpaLm+l7ib/cBKBFVIqgkIYFBLJzad
/lQoxcUEz+n5eqSoVLYMLhCJroOXSxl2LXeMREQjD4lVBmyoRNs0LvSFrlsA
Hb8VyJytshVEpNnbpoi1t7jUGOhMX8RVFExuOXGhEwXyMFRUgsYPZFmiJOj4
E2dMPtDqJ9hGL6SxIvAZn+86fcIf8qrznHopYCx3rHZpJTs8qg7U85mhaae2
NfAHdER7CTZKwKVk57bYB52y6rSrjnNSGrxzcOltvhAb9zHVT31ZOKi6drl9
uxTUcyFi8QGrbf1jzh2gzJdtBm857gxanTY2jC0/uqh59Fl3vtw0/H6+cSgx
1/o07O9CJ9dl1t+WG9se4t2ggwFQIeVpkOTAZZsLOWoVtFa8djjtVy+/YTMC
n5wDmMkEbPT0VOl87i2RXRKpKYT5Gb08JkAv1GNlmZRvyCN53mvherUI8BKB
KBdeT8IluKG7E3nIMBsiy+VxZNFEScphVFzKkOy4AOhtMr7blhuisa2U78XQ
oKl+zcFDQ7LBhAiQVbLilckgOKCw8qbRNA97j3jC5rCBySS9AgbfivI9yHeV
xCAHJ9i6z3CHKXp0JIJy5ITI1eG+NJp0K5uZNla0CM6XPUUFYba7oGAJJMdZ
yfZO1JZDejZ018wybU/Xvh8NV5gz2KNjZ5FdsNdbuXOPp3t+jGU2llpPrtKi
MlMAv+VdkCJRURJhjezu+ClawegQOlMnDPfoqvu4jXLiriDEHdMpy003rpcO
m2VpHBmVhYFEY12aiPYdjHOl6Qi78xjVwsJI3FB2WGfb6ZrTDVuqYF5Ed+zS
lWt7XIaHOIlVeLe2JQ80CVoELuycn212SVTMFEaVRWWHby+ruTXLqGXCWeaq
JexHCb3jaLUmI2o+uFi+sFsBR+JO1iVjhog21aLAWolDexobH8uKmHPdoORW
nDNeonCnEy+DnMbGqs0jRVWqq8EhcJ/u45mfbuwNoylFXI5Uc8YPXpwez3ww
nOvpOV2+Gn6EOXvE80obT3SlWbalYLKt7+42EBvd4VDEHb7Ak2XqkjpO8qGn
paZs8S3s3Y7JwQhX6LafKM3Y58daXKdCXShum+sa7aACRnO+T0R1A51+FvqS
h04Qh9jWJX1g+4HQXPxkHynNy47aoYuK21jSGOPqMJc0RUWdfAvwW+MCEvXy
mIPgeDB2F1r3Rw7O1f0tXBDpjBUSd24fD3mH8RCZaOVlOpmzrB7kNo5ySAfU
yTtIHnPIdyMbNB2pEAXz6JjqIiIINI6HBEEPoE+T/WkhOLqzUh+TLI80bxcr
UZNwfp9izA/yfPz3i+F+QQ/9m4viGpH5NbOzVzEMCwV/wOzs2d8SxfXYJ7Xz
GXyXKO6PcTvPOvOK23mbiX0mz335ZXLnl2+wO+ez9tvzUJU1/5Dd+eWX6Z1f
fpnf+QX4SvB3+UjY++Tr3e76QqWs5G9K+cTR+1GYV/H4W8hAzfbsJfPpzYpm
/k3CXn97izbJHe5J5qMiW4nNVkL3PCRGzp+pe6XN3jHibiV+m9JXEuki8x73
YHvKk4D4BQi29/kZTt9PlL5bCW/Yb3+Y1Pczp++zBPL20UqXJ5Pv1vYfWXyf
pX3veNSHa0+b31BPmeXXEs6bFRu93CzpF9vbFGDszW+ln9fN6msAN/1T/vmz
zDLkhdsVz7roJfVQKuqND8rbQKG1oS9NlodtLW0922PzqrSMfHMr4em9hvDh
eTvjw3uaO0P8jQ16szAYC86Tbvgza/RH2uHnfSK123rWbzTgYCQ4T4bj0ui0
abNwo/hfxKI3X1F/oxNn53tQoRrTQps/fGqp2/aM+XO575GcfgG+Zhp/n+T0
VodvcJF/Q3L6WeNvxogPMstfkZG/5SLfSvmNSnqr02su8q2Eb7CRf4eM/BWP
Nkqkorl7EpO/AJ8YpD8exzw9yqQkdt+XkNxad7vzg9W3ln7Sfb8A2ZMN/KP/
7b54KwNOHxjES3DSThT67dj58c1egM/v9j2B8tfxKmj5NTwF4OsStxKczb4I
va3QG/CjZ3/puR+ibeSGzAmSEZWbxBAmP3AnnxrNjbhtFQ7y9FNGVbY+MCq7
Lmu6zfMK9tQ2tsphH64OQHe0XN5zKnNJ3dA5IUVpms9exXfOmqwvgO5hhgpZ
s9MliypYj0SQW9OVLcvrjczfWhZqbiZiXS1uugWtpkZbz0wQfnSZCU/ZpnrG
h+1Xe4RtJL16+TP+pkvWhlXihlrCzUvUErPGmkgINdzmk3TSjtdtxXm0hUmO
OL7dehZP21tE6Z9/aW5zTLoESdseVvned5pUUxB3jLZap61lhhVveZW81cfE
MpGeQ7ZAnnZ4smnLR6dxIMuXr3abduEKkq9b8wNZ+MAwNB58dXzvBfgeiPVb
GNZvnd97+cdHif/BAb4X4GcFeT+f4HsBflaQ9/NJmxfgZwV5P5/hewHeCPJG
jd3hJSGUKLq/UC7VYULH1Kghilp1tc+e03VZo6HQUWrd6MQg7AtArjxztZES
NSIyzMWFwswzIXtI2G6DAzYcVOLShe1h87HBzGKcd0S0hAV1Qqsxg9lhfAEg
HMuu3YnUMU3hz43oVI6VRMjSDRxNbxOAtujCnsjY4o5sbuwvTKWJJwK2cTZn
rCzcYtRpUhNoXXY79WE2Q9qRXqgUOqX3mRYehdadq8xddgRfLyuDVP7eTNpd
qDBDowwFPbPiFuVCbGBP0rasd33IR46HfaJrj+JOx5HT7GtonNNxdaaqODcL
HxKgtfWzgWfwu7I3hMxbXgDcZs4Ykd6GPaVz9chQXhPvVJYwRTKoDgxvtwP0
Ryf5Np/8SUHez7H0OV78nCDv57N8Wx3sN4K8R/lkpi5nSFTP+zMt7dmuGvYa
gSTGtw7zvQDvF+RlaNvfpvcKt3R0tEX7bcWOE9cLaI2L71FGffZzU8mXg3D1
DvY1zOgEk7ikumjkeZ+P+mMvTqRU4utCh9tQFF1egAeOouxYKrrJGWig2ocF
HUjU4vm0TVcuZpXgQY5np7inpwer6fpFXDHECFi6QFcO1aKngHnZMSC7c1Xc
EtgFx49ks2N3cUN4FcksgpNAfa9qjpU9TvluReYs3mesnt52PKy60zbi3JSy
6DKQ7iHBOdVXsJXpS5PjqR1EDSHOxJ7SxH7hHg2G0zJFxwcUzYdLdmPJwBar
4zYTQ8ndEDDkOeJbc9ceCfCJlyWtVJMO47XqQOXY3y4xPoN4FVmrl2qZv25R
G56cnrqid2tb44SVy+J8sEVPdl0Zhrpm+dOLqPwPT9d9Obr2Anw8vAby1DtP
AX4+BPgC/OwxwA+nAE/UFmn5GXzop628ivrCDSFQxBZRt9k7Wy/a+iWyzvr6
NX5+i5N/gKB/kgd8RtCzn2bLWx3vaeuO2yyoeR7Z2NZ63zzQp2/rTIJ6XsHk
x+eak5oMW8b5HOUrTGs70qivwQWsTptXn5k7ejpT+z7V90elD2NZp7grOEoH
qor0Aw0JN9Xh5cw+3Zqo1c7MzCZsHeCIYXqb60nbDGQ8CA939m/XIkjDJnKx
InGGbQ5VG/csZelkj1xXlN1nI38ed9zBVPmpTXdHEB13FHHaeremQzBruTTb
xwYq8yxZjAnRX9mpF1q+PlxTcCDyoSsetAdbIZUpwyrrarQw5jSP0HB4Aeqp
1mgLnkMfk5gqS3gokPnCR6trJ879vuQUYRgizU+RfQD2wsHks0Q7EAguGUZ6
PqkvgF0a1q7PmGshh7NiZ3Ps+YqcIa56j+9mdaHVnguaSKYd6Vjr0GpCxkCC
XdWMsqLPEvsUk6foCyrcVUkYn/HxGYO4j+wNjEpRM/+RkCGnaWpmqye3RP95
D4ChThT9FA//yPnAmeY2fno0B39sd1P8tEJoXfTTiD9zH0trtsJmJg+k4xxs
JWwTGJGazZn9GIuNj2exzW1+Em8PBD8ySuSmR9P2gRyXRbFAgSsW/1o2Q02z
p+fuQdgmK3X+GJ9VTmApL6dtS5Uwgn4kar/n5KPgwEKbJJEYg94bKeinHcBP
PshRCdqW2nDWh4juJeS8Y3qZLR7TLYQNUqxMztzdcTo1DsJRhsgukkaE3maD
sp7i6PVCHUWq3yUwgbr3xfU9mSR51ScGOHRM9SHuHgV+oc5rclnbLsX9yPXE
HM1EaSvBvsAHoy2OHHSh5OOxeALuuCT0FXj3gNxdehOW1psiFoTYMLzVx+B6
iPJFjIrSt7o9Q25j1oJshh60cSEf4LkyzBzfsUM0lWavriQnRRkeMeK22NZL
wzlIRh2tuRHktcJi5HmbmrwAgtgFjxHii1TH17AmOWKdmwSilDyM9qUdJ2s5
DkmtIYOQFSw8QnilFjO/ed1El9pumz8wbK4JexYcllMcoOf8WGaO+NhP4m11
xjV8yJXAUPlzpiQS2wyUfh7VeX1SZyvhJ87qvD6q8wL8+GGdlKb9bkp9khki
OdHvJzQa8W3MGtLkA1/QZ56UbT5BX4R66yCv98lqVjXHt2dLkt/viTHmNl9+
JJpacbNaSbN6SmZ1pZZthnr/vTy6+ZByM/cD8xELrv0CBDELWdZyDSo1qoh7
C85ykqmZwLbkcN/Lo9nk3z1RFE+PbdSjj2CZEYTDkEfBAvedKHm9L+udBu0n
f+K8Ubks/RyUM+Ef80Qj1jwEcausE8GH4LLyNn9Y4Tmn4EWyzt3q0XcbX1s6
Ia/IoW4M4lZs3TM3rgZ/moadkCkdWThUH5inGAbFxj5uMSpD0AvjHIY72AT8
WQNHtpkfdRFtM0OKylGTT5xrp8hWHfAeK+L+/TGKWqms3Tzy+x0NbaO/VhpS
ebgWx1xALkpwQ0ViEC6Niom7fGkOuwKdiMIRQ/f0CHFzOengccfCsk5E0dbR
rtuqOZfHiMBo55w8QNkfy0cyTMp6os6joVMm3UCMI3JllkKDj3eNGsM58zDw
fuQ539gG5m0O87CVdb5j5nSUmYg9B/OTh/Sfukn9T9U1/8bG9D+bpRokPrNU
g8SfwVJNgOinArdv/zKW6q9N+q+UYX/5SQq+lx/n4PtBIuvvtcm/IZH11034
o1TW/9Pb8k/lut5a/AvX9bOH/4fr+s/jugaJ11zXv+O4/jScjB8GiPGLe3zg
OHjN9/m/PjlkWp43m2/G/cuYFNl29V8u569d48Pg89ulnyURPvNW/O8Po9Hm
WE+/+jSIbW12LtPt6nLzm2n5i3HZ3Gf5S5wl0fPCJwNGkfRP1/5Q72vWZPdo
K3susu5JxfHJrbffv3Sp//19au+vxR7s8iOfwOfh9QdUpov+TxeYfkVl8Tl+
fOmDTxN8XauPzfCX8/XSfrgivUbn6Z/LHIJCBPkPhKTf0nIgyK+LNRf9v5xF
44d0mov+DyWai/6fTZoB/h8Qfzdphsp9zYmqUk9O1P33OVHzXMK+oc4sDbQk
MfI7lGmBz9K0XyvT9qfUk4dnTlUv6W8Jyl4SCjwCpy8ispBssZfc+LyB4JG3
7d8+poG9YjaFLxsKu61wIWnJaSuYBj5SlFLE9/NhqMY01n27mIlhKTcE+R7U
v+VwgS8qrDl4fKYJn8l9B+ZBhaEWlaGF0JNytdq+29RDZS+zVl1mtaQmlXXm
ZwofcJ95vRKiQ9i9peyHmz/t00GuadNfMrmvc/6v88PAlwQxQo+B19zeCgen
QjDpjHSQhGLe/q62hWKRlNIXtWbgd3na7tsG/CMUAPAtqd73KPUC35Lqfa3U
+xkt8QErUf6WTf2ckwc+JOXFD8lZ6XNy1HmdHP2QatMu4fZqkhAu21Lzg2Kx
JDw9MQSB9+fsh83ls/bzzi7wemuXXcDmbnFYA151s7HFS4aSGhUdp6/0n37b
2AXeu7P7dl8XeO/G7tttXeC9+7pv91qA927rvt3UBb63q9v2Tr+73OnLTTdw
ijflndXPvc4+HmuAgx3UyBjSnzINsEu58ep5mvfJwxzACb2x8N0LaCLXHXHP
uBMc9lCyi26rcZTh8Ia1AV6L7a5w6Z00FRWgZNJBnHL8qmU3f8DA/el2sh8+
ZkESxPnCRPR4QZluRmGXEI7OYo7G5CHrXCK/rBa414D6lqNU7bdxfTiJWkLc
75XqyFEX7t3WRk85O/iVZxd9k0hIk9zvdKiO84RCe3Bz19aegaG38YuZUA/E
y6IcXBitglzSJZfbHmGrJIhnD27kM6bFqhirkBKgPpYU3lnj4lrDCxO4XZf9
+uia8Vbn3e4sxsN9ZgtZ2Vq89/YVtefovSft5sLph8mU2LfbucB793Pf7uYC
793OfbuZC/y2m+vkb3ZzSwcUXYtdqKPlEpRtzBiK39ezhrCv9nKB927mvt7K
zZ0GBS7y8lD72euppfl/2XuTJUfVLd9zjlm8w7Ec3TLdk6ITgrqWA1qJvm/L
ysroO4GQQCAY3kG9Sr1moWj29vDw8HCPvffJczJjEBbuLkCwvoa11rd+/08d
RWy1rnyCcmZ3hFCWRuXb/QLdwAvs5Z5qUkceYzJvi0pMn933mcnfgB7PXcdH
3Iuc3lRyz5dLTTGbwzqJ4zdxTFnD8II2vh+mGZaz6AjxEWLj+mJVFwrfJAsM
kJOfyneVcS/EuZsGcnuy1NrI8dutHIMs3za7jDtv9b44HZUwtBiH9Xob1XoC
PzZbJF+ANhqLpOKiICrRc4AMZJgYJ3YnEkKph4KvtnZz6DIK17SJMbC4kIM0
zU2ddDcblRcvR+Cab122QOfypmWXhhw9uAhqrStHRfATS7M9y1T3Iroj6PkS
XQ6bXlHPcB1DreWd8J1xBJSrI+riRgJ914f0TeEyL+imfyed+kim/tqh+md2
qJYssEwLX6X8jRV0W8DaibCo8ODuOF03LDJpmGeNc4m57mzllEhItDrxcHWb
EuNacZTp1fW+c7vKm3oSIXcHQB0WkOuyfKb36r13Ym5/Qd2jG7in1Pc4cR3m
ArNHWn3yNALDN+QWuVLeXitUkKGioM2AclAlLdfYqbKGJAfXx8TcZUMb+taP
jpoYTvvQ6IpAxZBEHHmxQ2PdGWpXP5ZYP1vVYY2baymWlPC2kwJGt5P+4GxM
8oy0VOLShu9seGx3x8UMLej75dJUDpJsYUU0buDatZh0CyibklkQD1zYcwVm
Fy+/oKYb02Dbr+7JPHsDZEnwHuQx8gFNC26pOzTdMUMMKhY2JgKA7iLaXPp/
7h2qD9Mz3fTbNpL7Ekyogo+BE4Z2YbfOdDPVBK38J+1QfVSFcxW2y6XJQ1NB
tvnF1NE4ipqk2hooSLHadZN71uZelkCSBXApKZM/W216EzGSLiYxa5VR5SL8
5EBllhkWtxWHxmEZ2dj2fnohjzgiyrsOSU8wcHIKVD0WMw9elNuyO5uFEpK0
WZ51GHHvx4MzE2OfOFkbFX13uro5oeiwG3V0I27gs1wA8Nk/gcF2Gj15IOID
VkXyGCdHdAF5dcyx5urXoiVvDfrQ3pq8uE++da4gdWZ2hx5lYB4Q6GmTebvV
9Sh2sBwphu9Ztx4ONEOTccFTdBo9uCNaN4iMXsVWYBKsaM86sfoT54WPKcCZ
50j3q+ya5yhjjBMh9jUMq0d0DVVPFJ7tjX0PSTIcm/59jak+ukHbh2Kh9Umx
EHhJB/09VVTASzroP1AsRJ5uiw18rdbeH2j3S32MTpMh1a2D4iv1XnJhpa/c
PGr1Ar5Wa6w5Wcc9xuLXGIlfnU8WWifZST6dH7f/9DhWNnkW4I9UTUBdLFTg
Ilyt2VCPapLZrS6f44E/OhHmelZnIrm/DqIXaq+Aj6KKlFvM25mfCUMyETUJ
Auu0BkAFVSzKsepM8ywhIyg0i3pMfcGJTsvq+MyajSDWDRBI6X463A4dOkcq
hM26wR5lT+ECob5e3Hhtt+CwRYfD3uWPXgOSBz6+n3BKFNmuxQeoAepSVbeK
u3A+YblQ5yfbDU3vV7+3jzcmrCQwRhwPV47rJAS77tHDAN8F5t5CkILEZ6pA
gLoIuWHT7Q715XJV7CE7pGewzLgNht23Z5cgt+SgsJtSnO77hh1utVpQueXl
8xWJyk06Aj2rL67vSLNj7i26p+UdCUn3Y3Acd7kTexArW0G5vxqhst51Y8ck
MUaCT5mqe2qM7RkFuFTyFXu0R84bHcKnoy1ogF3eEeT0H+/ddfWHibi/bsfV
ovujy1jfW2n4fq7ow1uTRR9+nC368Fq66MPb8kUf3pAwetty2ZD9Hf+3//W3
ovuPf4tPaXj9tx/t1Powxl+4Seu7c6vrDb6YXH3TGtZP7Sz59iT071t3/VQW
+qc3lPzPTVC/uHEkiiK7rzaOfJ583oH/2Zsyvpa6/ofsx7jHs/ftx/hyEvvp
5/+ALPb+vbswro/5Exvp/Vcywk9NzK9v47ha4R+/g+OTWwf+4ETz+k6Nn3vN
r03nfm0692vTuV+bzv3adO7XpnO/Np37tencr03nfm0692vTuf9mm85ZJPLK
pnPrUIP0fWF7xZUJF+TkyZwGksgFacdT4RZEWkn5NifqqgbGb8o7vmw6R8Yn
UMaCiSMXbuy1zRoCueb6pDK4jsibuox0Y7o0AOpTu766E3PyYlGO0wqcXFm0
mNVyPmVX9/X1A8ZFLGKcfITzI+NEW20Z3KvJ0s1YYBxwGwTYNO49eDtcuTpN
kcIA6/N0U29Ex3hhLw2uBssttetM2fV2q8cxh5B99+OIP4e2egfWkbtbqsjP
tuoZHnhlDI7a5rqZ7nqwv1ghu4ylvuEdUDwLYZvZiJ5s89LE5NtsTudl0oAr
wu59ckZUIgms/SJhpLGjexriwfh83nuQZigt5XmSzMbGdtzFXlsenM1ByfC7
H5YHEigtgp/KKgixrs8sk6vWjm/xMVgd7sghloLrhuKbjcxStGkszK35HMp9
d9O57yWcvyEr3lD6+bnS+68oAf0TN5X7p6kY3WHo/gcVoy9uD7fb/75X2492
h3u6Bd13NofD918f8u3ecDj85Ii/Ymu4F3rQv0ZV6+/3++qCxe+H/QO2hnt/
latufKtUpSsVTbMM/0qVa3B7oco1yCieP7jfF6r6pnAVeFa5+puy0ue6SuW3
akb7xKoliX/2zoYI3p0kjyrWeEH/XSTnUfrKUqev6k5bYYysc/7Fm9cOX9df
AU8KsB7lr3a0rAc3RMkzD90e4eWq19ookoeGy2NXs4SeHlWsudE460n8JFds
Lls8tgYi6z8+lywSWqMVhT45y0NWSF8fJ2r1jyc/LrjagFIcm81/M9iLukSf
tLG+1nCCuvTg1IA6U+VHOajViKkFloElnPiqz8MjSfCN0gcuN/Nfijhdew70
T3JIX8SQgO+rIb30rV8rRz2+HHj67Y+ayd++7ZHVeqEw93ldLvC8MDeeoSKG
lS40+d80yV4rmwa+1E1/v2z6/ChWPj/ksB7/kk/ltL+VTwOv9MIfanw9inuB
n6nufVrcC7xU3fsezS7gmWiXQjdPxJNm6vuSXZ+rg4EXy4PXobqedFrHQB48
BtNDP+dJefDT6mDg7ZJeL/cL4L2KXs/1vID3Cno9l/MC3qvn9VzNC/hKzuur
UvH1rh4TiJcP68jEJZjffNW51i+LGfTjBSbtSVf1zS8dRn/Me31qUpb0aZLN
o9+K/Ck4dNmPunHAQzjuNwkw9jFVsTeepuxPRexfS8OtFx8S9752KKpY59L1
73dwDX2F2yMBkzRffQMSesaZP3C3tXfeooci1doXnurCrZ+BySOvHK5dc7X+
GsKcwIe0WPB5xPHsb8Jw+hdhuI+hzlFZh7+z9hOqefAHj7HwsGYerM0XrBd6
qnS2tg6oleDwmKEfel2fp3bcb/lRaz51QOCF+lpcQtYTP1l5tb6wOvD1x2ZN
DlCvfRIlfOSVBml9LODpZPnC9LW+Ex42Iaa1M73Y4YBvetxBWKc0G1a+7vds
6ClThCjdx8G2Tm1fpM+Aj1NWc3L1mjCThZIMOBk/6VPtLMctOMdNHtpctP3x
b5yjg1zw8XNw19kVpX4Ss3IVLmIdwznxoNw6rsMSqF+zj0mVCiAZkZfTzVoU
O+YERK6oOvaoMqg507adC2Ahp7XNkyCq12YCDSlqhMo69LDSKveI069pq+/W
0ViHoH1V6gFZQ/0HJdHGbdf4COcClkfJctONMqODCpwExpE66Z5wFUHiZtbF
1XQLKjgZut2cqvDxc+UEZisgChJckooKAQcSPMskoOhQr1cOavvg323nPK93
w6peMcUHHU3Aj89PmyfBUWxn/axrAzgmtK+a0XxIsn0NJryFSwBeAxPekgIA
XgMT3pICAF4DE97CJQBvXdH6HpcAvAYmvIVLAF4DE97CJQCvgQlv4RKA18CE
t3AJwGtgwlu4BOA1MOEtXALwGpjwFi4BeA1MeAuXALwGJryFSwBeAxPewiUA
r4EJb+ESgNfAhLdwCcBrYMJbuATgNTDhLVwC8BqY8BYuAXgNTHgLlwC8Bia8
hUsA/ogczWNpHXiDGs2rS+vAj9bWf7S0Dvxobf1HS+vAa2DCW7gE4DUw4S1c
AvAamPAWLgF4DUx4C5cAvAYmvIVLAF4DE97CJQA/Wlv/0dI68KO19R9xCcBr
YMJbuATgR2vrP+ISgNfAhLdwCcBrYMJbuATgNTDhLVwC8BqY8BYuAXgNTHgL
lwC8Bia8ZWIB3rtU/nylHHgNTHgLlwC8Bia8gUv4uPb+XTCBP0RGg1ddwRi2
Z7h8jY73grx1Gz/om+GaJq07AkipncvcNV9aY//IJbDHA44gGj/vy3om1Bru
FBjOKpPD7kN1GoAC0kqULQjNrPSdkVz7kegEjuupwpRUb9yoeDb5mQld7Ws+
9bQjqxi6LDvZgsQK9dEACLFlYIkp9aw1SNXnRHVZA1v7OcVo6GGyw2VDUfRZ
FCmQsY6XTaspZ2LvDRZtZ+fdzlmA3W5sFO9+cXViBxfLtLnc79ZdXBKf7LiE
iAN/GR30PAT5MAbMDelb7OBy9OB0CrrBLAO40yeWQC4bKZhGYfY4g3OPsXjp
7EyHsIA8N1SYXAXIsBGqMbyWxhiS3wrbuWj2aponCgCq1+2Gvc0uuXTgdXug
e/PgDfB5Csn6oN2CDKu1GGykIto6XJL6EDbNhAC+m0v48TLRXwcmPFks+DlA
4cdZ/dc5hBfS+n8djwD/UR7hFR2xFE6/YRL+/vf1r3+GphgMgp8vCINvhCT+
Ak2xFxv3L+Qq3rNg+QH4gyuWH4B3chjfb4t/Qi2xF5rurWJi/6Jt+KdqiK0t
/UVD7OOI/qUh9qdpiK32fKoh9i6q6R0FFr9TB3+owuKn8aZ/qeKLF2mo3Q4G
v6KhXiyswGD894P+949KKwjwq4NfLK5AQPT5Qd+UV6Ag/NUx3y+wgP+zia23
lGf8Q8itKETfR269Xqjx0nH/gEqNd5Nc62O/YN//yg/9Zhc2gtBn9NZqLugl
c73Tfc2g8OPF1v/f5bv+BHL3KnD2pDH/8eDZT8qmvqia+mdyat9tlu+5sT/T
Km91YZ95sL87sC814sOD/cqB/Rn/9V+tOb885x91az+1+9///mWQf8elfUep
4AsOLfCH3dk/7M3+YWf2Tb7sZyt+NmeI/sI+f2Gfv7DPX9jnL+zzF/b5C/v8
hX3+wj5/YZ+/sM//btjn8ir2yYiKs0OvMkT66ZiO3CZGGH4rVB6EmhZ/R9q+
21HErjlmQP6NlvAX7JNy9bti+xh/gPfVDfVMNCQ7I9POlF3VWLO/2TKvc8DW
oQm286TRNeoWo4h6LxGyfJUFzRANEDnTyxrxaZUlHhFBtO5JBebuEMEpKzV8
aLg+0KpWSIpbZFvAyUWONM/38sY1dK3PuR6FG2xxOZQ+In53u1qjTu9yCtTM
1R4gpR6TuAH2+8joUTJeY6kmO1iFfUB8W/FuAkFQ4upRL8hJL61zMRZDSaRH
wydlT9p6iba3pPLgNACb7m9n22DT2hulpsJpjEIWPCutrHRP6+Cx9wJM1VeH
A8Xc3XnEOu0Xaa0YKnvHPHBnAIoTU74iKnf6fhPl6Biz6N4fBpy8OahyZtwa
nm9NjFtYL4NufUs/h3J/HPuU0jyM578ZHP03fLeD3oOBPhLC6yn//DTo6dkz
frtzy/9YP3t8dNT+j8+pjb8aDSWwt6ChX6Xe/wZhGPg1qfnyMgf0O8/5Q4B0
jz499mWC9Pd7/S5CSnx1mR8vcfwJDOlv3e9fCyX97bbfVHry29F/feYe/gmw
NHwBLHUfYCnnvwKWhuYLYGnIPMDS7Ptg6dPtU3bxwcaAJ3DcGDdBpTL8/BGo
+Q5M+Bx7BL5HW34LW/oon78HbfWExl9ySLG4c0x+H3EFvjCuzxDXOWhkVLHs
e3ikyCdU6jeoK/CcdX2Kur62ccuXfAGg5d0DUXzwTpbv6f0Db+XZ4OSXq6PA
8Hd+DerUiofVipx5GlyjMXJ6irkCTznX72CuIl2Cw8OIL7UM8FLTvIVI/dJC
wKOJ/EYo+PwsSia0/sz+kEZ9CqMCz2jUF6nDx2M8vWjccLcYDh5713BA1Chj
8IDllnOuwEKXkGfxGTQoPseanzY58HWbk+LvRB4q0m/gBIHvgYKvcILi2mt3
0YEoApr6uAtOsQ4oKDoa3afuTBTrz6e42T3Sm/B60d8wRv6YdMk6aH0X/R1l
eyeJ2gduUvhIndt1wPBMDgGKxebhwSmCtZ3plpojxDj5yKdcgcgJB/3TgOJt
us6/bGYjfWxyMH9AqcBjHNDNd8fDD/sG8GMitfuI/UrO2u6t8rgz7NO+RJ9m
J+Dp7k7fo5Tp/IyHR2OIGBT/+Ljr/18AVECjibV/G4+xjq93c/pIqh4+YYzP
mdEHbPkcRAVeIlE/zY02JLvFtH5BuQ7550Tqb5jrl92Qit86Df2Y4u47npPH
T+PiaT9YQxqT0k1Qsfgl/shJAw9Q+rETlG+iOc+tbf1O5Bl4zjw/Q55fpFGf
wqjAVzTqOroCmKvWgWIatZx/tINJnT9j0GL8FQZNnh+9Efh4kF3oovkbF/2Z
Tj3jD7A0OeqbR69bW2aWls/Jd+sTqfpINgAvb6U1jY8TP15otbrfEHX6qZk/
ksmPOfIxi60XFoHfJ8xv58Wnz/89DBp4mUp98hK112GOUGP8MPDHKe53Az+A
VOBnidQvQCrwApG6Tqxcay/xoro7TYaMyW7jWT4Y9/ggNLojGIbbaam3Ti7Q
6QboiHE12OHmN4ocru0QI1zv0AOWMA+QdP3M7GETSa5u3i0BImBBo9ydGpos
RrhECwkCCpO0rm1Mgc3N4TxoUd3xIXg6626w3r2wvkAfP/uQa3dzsiRw2PqT
e0pMBwTH5NGM76dRP76ATkqVD5J+yYH3kqjPQVTgvSTqcxAV+JmsxFMQFXgv
ifp8jQ14L4n6HEQF3kuiPgdRgfeSqM9BVOC9JOpzEBV4L4n6HEQF3kuiPgdR
gfeSqM9BVOC9JOpzEBV4L4n6HEQF3kuiPgdRgfeSqM9BVOC9JOpzEBV4L4n6
HEQF3kuiPgdRgfeSqM9BVOC9JOpzEBV4L4n6HEQF3kuiPl/tB95Loj5f7Qfe
S6I+X+0H3kuiPl/tB95Loj4HUYH3kqjPQVTgvSTqcxAVeC+J+hxEBd5Loj4H
UYH3kqjPQVTgvSTq89V+4L0k6jfR+3tJ1OcgKvBeEvX5aj/wXhL1OYgKvJdE
fQ6iAu8lUZ+DqMB7SdTnICrwXhL1OYgKvJdEfQ6iAu8lUZ8v3gPvJVGfg6jA
e0nU5yAq8F4SVa6+BlGBr0hU7YzFWQVrCn/T9i5uGuNe7O5pJ9k3YtHy8CSl
CkgpN/O8/bL2CnxDovIUeIJjwVThkhTyXUttN+uZmylokULVTq6LtbivE7v9
ZWvd+Qrg23lHxEO1NlXthEaE3MhmB14hqxOhArpviz6F5D7IXR1Mp825sXW9
FnLEkALCwKd+BNQTbio7V1aSUjENhSZCROYG09FYlR4I0Ev0RIfrS2rU0jYb
inCIOTznNx266VQN3thAomatSFca0WrnaKZirz5VI9gZ1/K279uLXkIqyEPr
qxN1pnPMN7jvYLtTCG6JHQxnWLp6KEGJgGdKuvELtOkseMGyq7bYQpZgdnQY
zJKcjOOc8cIxgDXSHwi0lMe9DTqNiBwaAbDqhWvWgYomHSeds6RmB9vD+X7D
aNlmG1CQPF6vev3HSdQfrlz99WTq70sQf3AHrU+l6l8d/yCQ3l7c/i3yieH/
jdYi/v739Xn/OAsQRZ9YgPX//wQW4JXm+Xki4PlC688TkG8AIF9eaAV+tND6
IwbgO83xT8UAfL/x/hQS4J+/Gf/E2v+1vT8Vqz8G9a/a/z9a+79a8UudyB+G
WN9eLvItFPNH6kX+WdjWf2ApycugKwaj34Kuz8pE9hD+nDh9uVBk/xRx/VGp
CAQizw5/GYl9eoP/+zv1IigMf33QvwAU+4Z6k38IGxti0M+xsa96e68c/g9w
995Nyq5G+LG1v26cP+JNE1D838zA6xP/Cf40vv/kT+P7fwq29s9wqP9ZmMwf
vomAn/O1X26qfypf+5WG/S+F3f5UE/+Zfji+/+SHPyaDX374H/XDVyt+Mufj
5fWLwf3F4P5icH8xuL8Y3F8M7i8G9xeD+4vB/cXg/mJw/7sxuPyrW6/6czfQ
DlXwUSUVJ10Vb62zxaGRLQXzIDXnHsS35PnWyMDqkXyHwaXN9danWuACxfLM
aWCqU6LfmTPaIsPUCCfCmQNTBciTCrKl48IbwrrcQOywaSwz1a6hdEElmBpv
gw5dRZeoHE/wBLw+3REfD33MOozCbmscAeTQTbpWZVV4Yx2yO91bPpWSwY4m
QRhD+nyirlikHe0yGkbPhFDhkh1H9ra/WfnxdO9GQOSCrcN62Ua6Y3DOK1lX
pjC8Orw0otzLDGMnjWWkhq9Un5eqTM4IOdZhcSG1KzZg9y1QXBdMYQ6IlFqp
lOY6ujm30nkIKa4PQV0LB7A1uSoOj3hFFFyEGhQajnJkQdtdaxjYFqBQwldh
PDNu5DLIY9qPPSrjtYsxpFD5FZxxZG7hezpx2esi76+fQ7nfGdwvSyphmzzC
uevafGnyZe2k/1iD0P+WDviYgv6ckPjbesbf0i9n/PvjwPmRBvh29W+Nm/sy
SdeDx/R07j798X9+Si0kZbYGkmvI+MKqxKfkQP/xi34/7vPqzRppZutF26EM
T+Uw/007r6Fmmfb//tKC0cdL/P50nxeKzPJTIvH7Yqfu4xaLuPt/HuHtxwTI
l5Wiz0mZ9fn/XnR///LxS4tED8P+ZqbnCZxb/1hU+Wyxr+yzWvqRkvwBdPxk
DeNLAulnRNA+tcXj168e9jVTz38tbLzH4d1viyj/7//3t/+RpB9N+JQ2fuOl
0D3+Owv8Lbj8t6+Xer4sCP38KszLXeM/Hfj9rXc9Z37/r3//93//v1/K/r/8
IH914h/8P0Hi3VDv6tl/9RpjzuvfMoumubZ+7OV9z3NZfxQdFo+aQ+brmkPg
PUWHL0UrwDuKDjXJdAnWajyz39EOnxb7an1M6nwBv7+3hGFUTSlcFRwPnQNn
wnPY1+fbOaWnYLOJNt4dBTpBhyL+sNOW2q5L8sK4YpFMpGBtsj16Ffg25Yvc
12sJUtw0y+mburcpaxOXx9VnZAsN2CBVXKqcoSHHdm7vSTlhTHcI7Wyea8Jt
1UOVaiTDl914ZGpD8Fz+djtytNfpmj4U1AZoJv82Yoed26zO/NHsyDLZ2p5c
26QvwkvtyOaZkVEqOxBW1/D2paKaze0MJkhQ8XxMysC0MHLHssEcxEig7quE
3jM0lOpUAxLxeWu0xdTxO6xmO/g6rBGpUUJT6JlIdTmubnZKA7ett7uvlhFO
TlgXyXFITVmNLgI0grHS9qbsR8cIsSTd4DZUofHu8EgPHh45RFI+TBPw3nTf
82wf8N50X3KsaXahcAMktaL0MeB4kEwMlcdTz3hFp7+UhGPXgJK0DRkbhbGh
knkC60ncI4eipikLYBQYq0x70qIgJ2Tf42nNUEnFQc82kXMWB7JbmkSFhdYK
LeXny4EkxKPLduyVSE4VlwPHiePzTXUGHecSEvNx9ZOVUVMIqmngLCYELiYK
uiLWxkV2A5vRjoon9gSL8aCHrCYygDqehex4vexQbopod3fb8Fu9X24KbBO7
/KJ4OWogBwZRuJzajYOt1dvCgbHjrgVtAndrAOMuyR4r9cgnzOiiXu56l0RM
rEwJ4/pHjTnPN69p+vzAz3QL7bXEilnbuGoWbYI7QpWAsybM+2KNkQldStQq
R6CW2/fe0AvXkuY7AaG5YgAzIykhOHHkdCysO2KCsS5CJ2f16gEWQp+OxCNp
PVJdT5xpnWdZuo9UTYSo+Yz7axzq2Kl5IFUyL+QJEBOoUG+VO6ijuLqjMb47
RvpOuhMBhibX8wZhhWq/KHal3RGk8O1NA+8YL08qahP0JBwAkD7YKiaP0qUX
xIqGAqJF5qsc7/P+3OBaxcEiWYYYR9xRhJ2VcV+EeauN4XQRWU6jO0CXOMSy
pB6CS/zKxy3OTdWVOckXs3FOFL9AySgxhCCWqqijvHA/YWrFWm0ZjFyQ94YA
bDUv8JfLZR+757kJrprpbe26t7nrFu9imJx1A5RmRBiZQF+fZ66PsafnxnIZ
LNzyZwU4UmC64dIztuuru6+Pk+wLQiob1ZJeYyYnp4uvI97heuYGxpo2AyMk
BW/g27V1j6l7swFcu5NtKEN6ew46YzwmfIssEoNR4SmXXQJ3zAMn7dCjLuEa
puI4Lt2psR+y0+5ksXM6Amyr2lOI6fcNtd/vpWUgWuw68ldB31mbK+9RxXFr
Q0am6oN8zwJ6N5gxIt3uO0ljzEMSA/HuKsNtAWMCzXbnNQarkmtZ84JKiRvF
Tur5tm1OdFPRnIrE+0pfw9m9wCXdAbw01VmfgTw4446E5lh+v4DNKVQPm84X
t4huU+T6Mru3d7wWiEWHlcSh2Cox7vVeYHbZxXHD3RBEgOGgPIlFzabJgoUc
yzJqPX63azAW3E9qdjw222gjinYzU9DeTcVRaZAAKa1aHZzycmuBIWi9ai4c
ksgOyRQqfo+1Va2bt0mvDk3VSMO5NsCkwCRZ9XI8zj3s1iModcw0cFbSdUay
F6+QwEmU9Ma6jZFEXQIjVoK7k6emYjiltG23Ks6cpBapPaFTpA3k2kKgF5Tk
OXwNWHvuFkcgXDMF492yvjLSZHuTyyXxsJNyrAxOjQ6kEXRbk8GuLeJt3EVw
YGry8HvHdgVQstc10i+uDjMPyXmNjA7DdiE4RwbReuo2LWaDcNmVtaMnojZA
dNdTD9GIKWNCjVMbE6ij6SYFRQC1FTLU5DIS/X0Xbpc9NBKwuZecIzPHrR3f
RkVEyYDCp2A0vWWLu9p9qhEVWJokTc2+xZI52OnEGQaR4IJt9zXhF7XPIBJj
Ip5r1J0gZ0pTMdJujbZ2ZXZ3rvwFEWVAJlm1h4ZLRskuh5IpCYrq+RgSClks
Ei332V1hBy/Zn3D7CgtibR/uQ0OLzBZJu126M4G+4c2tNSMhg+4l3WfAunKL
0Wp1DlvfbqN+vLKi1GT76+nakpMEZ+yUtfKoBJZVWgrKA20mQQ1K0Pf7kmXm
eFJZ2jqJ/dYILnvhHmfjzUUvCjJXsjhDyTQYQUN09m5jgB18bAkOoNE20FHm
msKxlsiQ0Ixlo7YOO8fIXkXkcl9wiHLL9ke4AnN0tuQbbt3qDS6AqnirdQZI
lIXYUUuFEzEdEZwwX3YFatYbK3UuwlKoSieBOpbt71chFQInzS6oUcjykHF+
rpBpAGwPUIbejwePu+XEuRY8zgzo+Cz5I3pJ651aCdfIlZFD6u9PFUGf7lzU
g9HlOlAeyTe3E4CBh/2NFZKeM+CJkuYRK4kTPZGOmFKmcMe4JFvExbj0R9/m
etlJlQmpfS2Kem+uEPkOaBJ9pfCTtoeU48CzR60WudzSRjZ03MWTxwXzSTDH
GvHuVDxeOpzJYgIlHIfQ8lCiFoAJ9jxzm/Iow+DzLr0LzgAZEXba4nhaEHyp
YKDtRbbXDEyzjcW2ldf35IAewWl9V+ejDVBH2ZmQTYfZ52rLIieGvZsH3oMo
a0yNwDksEESq4YIh9vojLtKLWpynjSdcJV4STu0RwGWJ5bZUeG2O6W6jEt6R
w89Dp/pakxQSbrRcNg7mYA3Fvejgvkl2PB+dGggpKoi+OXtAtFonmqm76BG3
oeGN5mTOajKSsgFvquV0VmjbWlyfvsFbPvYnGMldFO04PbHPvdjMGQDmM2cq
uqMLG1okGZZniP7oNvuZcutaYetdxd6ZFgQvs41RoHsFS9Tw/a2ASVf9ILsH
wD+V+tDMjpoVTLXYpMWSh1tzdyg3oueYIU8Q07MdWJhxnZ+nGg+tk3fGBldL
vXFXyhcgorO7fZB8PG+ObLZvNyM8S2daaAJz7bcWSBWgVvFKq/iGq7d9Ymxo
VjLveROx2A4SYSCMQp/1thUVjPSY85J2I48chLqOc6y2VJTJgZXdLcNsq4AX
i1hDYKpG4dVjPm+OdTHUQH/A7r1UYhDqkJfLYIwds8ji5tiLuN/MtLVDErCJ
CIE9181NddBDKBunW5hSh7uD47YIDOBg6RTkBJttHZvz3qSo22FQFrg2w85g
7MrNvdZdL5roqby+xngIc1PayCfHKg3KiADWvfZXbTjsbtv6ajbbaaKSBGkI
h1Gbk1VtTvb5uPYPLzXSoIrAPt3f9AF2t86Wd7uDPAOsuJW3V6uQ0AsuVD5i
Ks1p8UeiGa72vEnPXJ5t0kwtD2ZGz23WrjMrBIuEpHFjqLUmAlxi64hyTrW+
ElDrSGZ0t7uy5zDN7IX1IZih/ERyLEXOxOsO2kct3aNTh8PeYczQ+iiYwLwb
5O0R3WG3EZp0g1EEHYEhLiqxe03TW/FWGbLfM30m5as3a57EcjM5Kn/cxWOX
Nrs9EIvXnJqU2faHGj1te2w4ma4yM/rI+Rf6Wig7iz3eNoJLi/vufKASWlps
a3gk7GX1CN4B4UqIG6mk2j5ucqYfLtj+Dl6lqUiRK6rJuBrn5s3ZiAsBVTBi
DHVv5kWXuikx3um2vgNKH2yDJPHwIFHq/a0shEDYysSWcdnDHV2tINc7jwfN
Itoha0ypIuJNOtXK/lLhTaJ2EIAM2XXLUTi8eOfdsQbpvY0oaUXkzeWKmSpR
m/fpooUgem4QFOaEm++s7l02qSCRmzIEAcEu8sWrDjenzfZshJMh3WwQyWgZ
HpzNUOQlLhMmP50Qzg7aQzrOt8N8S6J6iGsjRDkOmA41a5BLR4Y5jmDTgCy2
G2moOwedD96w/pySxhiGqX/s7oqLHPCW3yFZMYmnYyqCYQzk6YUmgv2S1Exg
SFh+YapLUNmbXg+YM6fxRoEQC40gfq06zRZcOzEIKybv63saHvL7DNxYZPWV
HUhaA3IvpmpW0LEdshX8i11LpBogkWh0e67IBSo6SflGT1fnN98tnHZWKYMx
gWhvKHO84wdSaOPy0h13IIpr42jnyuTjmXITz5WSilsihA5SyRI+lZ6vrhNt
rkudtvcSUPPMBKUk75funvn9Psy3MyodaGXPqyFyDWCxL+oLeGM2lh3FSVuC
o6s58RnUQ8LRKhqwndM8d4uQWFgcnlLclMT9bktSJX/GTfZ2yXUpWjZJedmQ
rOZD1olxt2WfrJHYgUnv3AVY/XN/e6U86UKiyGnDTpeMThTwFEhqyI60gFh7
iJsGUDi7m23b7soDcskqfN8sh0iW1iltYpf7XWg53yWmHe9W0tY/dSfNaJXA
brClPwRMsrtD4OCuk+GGO9en3Ma7rRynBnhmpzOwent1SzFVeAFZRjrHaw/k
7as5DqLaMvk9X+Oqy4xsGGXA9/50aw+uzRVVOW3NyTzumRhQlXG0nF6IZMfE
r/sDfhY8+SBsVLHrT06hg2Xg8xJzTD28ONv+TM+LvhphyElnfTeMNyBbXfVq
AlEmR0+Jf6A0J++qSVP3iR+GWtOCnbG/RKd1mG24uzQdxKBEKL0GC4K0/dWJ
Bah6HntTyO+oxUroARecnG3wTbBsZqZRbtuJud71a8IXS7KZepwhala5xelN
hu7yDkVaoJXVEUtgkJtzgQslVnfy9ZW8OZ76LDkewz0xLqaG1QuBbKA2NJFq
C5aKVcxIur1eSfICqEZ/mi9p119xbwhO68R5F6/NQe2Yo8utoZzoCclVwXw/
zwoqVzztVkwnZ/2l1NoZITZABZkUPnqdr8GsC7Jl6RPlVG/V3r9f+mDZG+vb
3T9HgUPRMHnzufvarbmM6kl54HgfRIHLgm/H67QXx5Iks21EkibFk4fsmhLd
xCIT7nO4muhOvUWaI9MjwZYYUUvd0aJBrUGQD+yy2+bQmZRJsMtNHJlGUnk/
ueDmfFC2Opg2IsKss1FZ1qcsWw7HrVZhjxEn0T1NFRMDaG04FCdyXwXoGmQZ
3jqU8P2E5qRVWSNUbhUon47386Ce2l1C77xtcLVcKZ4nc38grfoMwNt5g3s7
nt2CiVuO2EDVhqXwCXUr+ttNZFP8CF0FnjzLWTFDd5fPD9cscQMlT1U8ElKA
DqiM4VGFPatwq/bE2odc5VjXoXXbJ4Yljneu1C7RFIHiXoV7cDwMrRRhlntJ
HBalFkDcMY3unaPVifE2/bWHbUkMWcIpRDTMl5I5UPy8r+YdpjWMpe4h97Br
Dn6gSq1TlWRkAEk7luFuox/ouJmUo5Lv2FB01cvtBKf1NVL22BRbm3RXtkk7
kCIEIu11wmHT2FYCf6QZgNpEJsHJZw0L+QJEbddAFB306eiuL+TF0BtB3Idc
SonQGnBu68UDazZkYuN0SbgRznpAn0uuXTsEs7oCfXboEg25WncizkpsE8mg
46Mhc245yA96FIskBb4msjge9kjGBSXdXgADnx0Sz6lritx38GCNxkW/H0nx
iNOrG0OpOz44+BG5TaAb15V3KKbSDM87Bl64a2ZAAsCCcYJg6AFCO2JkNvzA
boqjs6HWydlumHRW8CtE0nasxb43KcTNnS4FpJC9puXkHr7jQOTQcKEcjgu5
Dv29t6cZcSdUEHqa7olRq5fVcikTyKGfiEthYrJjOI7X7tItmMOdt10AB76O
IaNRbinmki7UGKoK6707ntpKpGBfZjHZCjU33UBVgbDTfADrYOtTyU0SkXt+
Wz3Vsre8pfaDc7JB+0jNz+UdxnWo9Bd5HKZLgKMXd+fElYy0dWKHoF2Os+5N
s+cJW3f1lV1XqCNJzI6BOgjaRscNRfYr4qx3F+UEk0oCbTQqxrFBE8vtDXLg
HRszXC4jHLf6HlcIoERlDWIMwqU9odB2cwOdO6TQx23Ob9BdOS+9Bh0IdpDj
YxFWMlTUYd6Jsku0oQWF3AycS6xAKjkctA2r1yqUMb5+3kVknY2OsL0wpVNJ
9bLaVtF7Ks7vW69w9lAp1HahRyi6BUTncCPJW+if82ngYxlHk7Mw3tn0plmm
Gon2rfWVI4MPZHWNG3EqimIf78uiPvAt0oE+0DLi6n9eS3DWi7KfFNY+o9tT
UJtn2rfvyN2f70JoJ7UsgOONIXAyW3YFPzGg21q+rliABfvJOVA3OuyehzHm
5tTJwyZeIrztZQ/sIJ1rIvWcsup0Hl1XSnzyCN94nk1jsYelMwAJmbYzVRGn
BhnEu2Qd/HPcZDDSs7XuOPyGLbRAiRrddq5+0PjmMQ0FLb56FSPCOc8CBLE/
mR3OT0QU3PRjjrFoECFkzk/6qSYFeS+VW4drCwS677RytIhzAzHMRWftk94X
wRHgbslVFk4CarVgCU1FgyBXGpIeaxbFLkX3SHnd1xxTXPXTMqh5BM7GMlhp
PNf4DoI1CbBvRw806cakq+UsDV0yj9PZUarzTQyHu7Z39qfrOePh4+pAOHSk
JkNyWMNktkXjQ1GCVyDfnqDraXMPY3wnOhlUE6YC0ji6dUOznU+OvduOysIQ
cxxe84a3EYMFmcnGvfUgln5ofkIpNiXd7dL5IhTlw4k4HTZw0p+51bG+oBF0
Ma4zdk15/C4LUxIbBOU6Yt0bpByZGlUAu5wrWANNDngsliqoHG4SiDd71BZz
Elvf2wtyFYSdMnujdRigUVvfruzNVe1I5RbVHBHAuuwvqILMbC6Z4ZyDPjuq
uOBvwDVyhVhdtm4ET/QjntDGtCElYyPw2CiAuW9J8p6EYeCEjPsI4lbn63yz
Nsbheq6l7VZrB4K4+ecTLbbGkG6k1VeCtkuN7907Ut0T7ThfXU9bLgPg2Nfb
Tt3c4PvmzpD9LJbsOhFcMJOnDzvZInajonOlHMtbKDavZn/apWFRlHm82k3c
ID2Q07U8m/FxnMHycK03DhmG12tiTp1s7bqzFkRrRwHFjYjIzN6H6I447wPK
gq7VKNIK7wJjN+lJ5piBs4GEctdnMw0b0rzfwONk2Ht4phBG6IkrJ9WEl1XS
sRw3VOO4mH5Ch/PoA02L7oZiaNHF19khIZXawMNbpucguaEYPUc8Ui9jOoKL
Yj5i1c7hSLpAZI2poKGaN1fAV8p1xjtWUBy3Xl/DbOi78Lwx6zw+rG7z1GjB
DqS2PH6QBFdJoz25Hk95tJvJKc0vIKDw2nKfEmXTxKmIyhnFPZI+TAkWgbyH
i0VW0I5TtughlTQ2CWzlpNaKa+GFyF5Tb+MCWiyBWRhC96hjbStzR8wZywvh
0E4d7y7b9e0gQeW1vkiKsTsOuDYHdkUfiUPvtEOu3TaAzfSTWCs8fV9Hht11
xw5Uluv+aBwhf48VA0ldvc00c85AYsMwRQ3eKhfTOWf71WXo/BCIj76cCQzt
CCMt0dK87VPtvkyH6IhHa4gdomnk6JlC5SZKkNZRiUb4mFWG6l9yl+QVATjh
EsJfZttQqTElN8gmBCc22NZCe+KFrlMOF764mXuzFG3KUzan43g/H8gsFTgF
v+kwBdA78XZO7EMeW5HT32uHmVIroxITjw4gpvJkfTK9MWcxCGUhFGMUUTxd
GKSN8TtDL5ECbPyAcCqzkO9p12KdAGJ3VXR3qOJYIbLMW2NzDDZbt7wnS03G
LZ6fcwKZo3u+JbSCLFHACW+G1kTFNeylpAymw7xGbWuYZIeCPNWVv6E6S0RB
eSfaDjpLVzBJ6iVqRPeM6juQ8wFFjmFyoHOIxFNiKQ0b9WGZwcMo7ndrAKGK
9W5r7M+7XDgox+p07FrCWzb7zOoug3/hM8D2N75QsBtpFlz4dsMPN2idM8Ed
ZSYzhLAItuc6UmLAwEr1o+6KDRnX41T1Okz4scjJQLvbkM3EFEzSuaJXFmh7
53L9P76rEvKnVaH8z78x6eerfCUS8vUS/zc6IX8bHrUpT5VEHtjPz9QyJF++
/g9UNTxXEnlzWcOH7wuZf9If4ZU6/4YiUfKFphkPf0XiW90/ytE+PNP4VnuK
55kL+yaN748iuh+A78norkd/o8cdmNBv6sjrVSrJLaYPgOQ+5E+djyrF61nf
FeN+qNc+xGsld/22GTrH9Opdesrpw0Nt7RbY1G8F/loOfqPE/ZoQ9wdg/V47
WtajG6LkmXsZwcILArGoQtcPiWb7o6B2Qk+5XJG50TjlB+Chyy1XbC5bJCYz
9fqPzyWLhGSGVJ7qcX9PjvsD8ESQe/2eQpdsAnoI7z6Uv59YMpJK9ObpoGhy
5GAhDrheGeNZaLXDZ1XewbTX72Du37X5U4vrh2d24G0a0hLPOMVru7/Hio9z
PwBPz3YO+Hpnwuivreivlv3eWU/P+QA8xIkfOro2zK2hMjnLNHUI1tB1tfUs
m+RdZs6Tap0nuSQHmbEnmfzaFmtbcD+299fW/lrF98NH5fnV9mhCE+tdcl1U
9bm/vujjVjklDFiud9tIVl6qM3WO1999+DSFa1vxa8979KUPQPhRSvn0SU57
ba0f9eKPfXg97otI+HoP5trf1us9ESp/qvpcrF74xxaN29O03mv9XAH6A/BJ
A9pZHuOS5yhJh+RKmUBxPetR0z/Ghy9S0FQRNwS0XjH/cn+Pv69X+CISbVLf
iER/ZZ8cfKqJnpuenicfx+ZnefXc/Kwcvt7HV8rhX5TC+UMwRzD4WRT6MbsE
jzkEWS3pGefPouRnH6Eyv+GW9e4fUsi/X5VdW7AJuuAhG344PdAfMDUpPYLv
3foUSH37uPFACQ782ls+92blFTFyhb7QNIX5H2GRjzPtU1zkxcqmlwqbvtAi
68j6CdW3pwVYj1nufbJvz3mRD8BLxMh7gJEPwEvIyHuIkccM8y0z8hkZCU9m
i5X4oVyD6TPpkO3u0NI1qh2PSnU1M9du23TtUQoKiXzjhBaNMMTC0VcTKVEt
JIL8OJM7PcMFFwma1ll2l72Mn9ug2TdBddHTCOPsI7rO1fBBHtCqT2Hm0kPY
Lr22FqHuFInLTke7so04ROb2wlKUgzJN0QYdnjLFiAxY4s10pRw/ABYOmxiT
00Ya3KxBjqFl3mzku366JC3hBlKhkmqXKoF4aJypSp15g3P1vNBI5W31uFln
2kCiLyfpUlATc0yC3YWxeB7WHA/yEHG/jVXlXoxUFNqnbQ31U9Iv9lAV2Wnm
Ahw0bvpqyQtHY6O01Q6pO2Mmne3w5HbZkipb9zTpnqLN6iLqR8Kv9jRnNhfo
OTeytsUL5Mh7wJEPwEvoyHvIkQ/AV+yI+Ykd+Q0dEQVLTxxW48mO8yaK3zJt
ddkqOBJrX9CRdbZ/AR55OztCUx8A01sdK4mdWyqsGdHG8OsZNPrZc0mtzrxc
l/J5f7i6e/MapFS849n1RaUQ2Tbv1fv2OBDrPZTYMlOBUyXh+Y6hKNOXkqqz
GurL5n5GLwRqcFzSJAsbMZJ/J/rMLsbEujOKqp6Py+4DgGg+QxXowqJKeIXL
lgaZjSNjxoGZMUwkThtmE51wtyLo+WDHUNfJim2kdyvfLMiURtsPQMqoyW3D
wbIznG5SWbQpSHXQwbbqK9gI1PmUY4nphyf8OOFbUjl2M3s/7TBKIKloj6Lr
m/dyTm8M4ZvHShRRYnPxaSILuUbfNCIOngpIJoxE4ff9tWpBSexu5wibQKwK
jcVNlNRb3zgnNoYHuyOv6GgUQeUwGOe/JLD+PZbjAwB9g0q8T2F99UCeaay/
Fzr5ADwXWX+vxvoH4K1lld8TWV/v4ZnM+ltU1gfNFDAuR7lqp3wAmpbQ6qt/
BiurzugRtTJy2yXqVpS6IBJUkr2CPb8nq3ANBqDDTbY5ITWt2ylslIyemHid
H2ofQzTdXTsfL/X7w92ZvNu18JPgFDq7IrYv66ivtTFNGCreItcFZbZpz2X9
ht3rMjes95BsRBDtNyRu0YoKwYzhUEwXaajAMUTRx3h3ZYbu0HD1/pqAFzy/
tMWdcmEjIFPpsggfAFUOZ1ofph667OuhVigDngJvx9NVGnOQL3CFh1bX9jh1
25KVDpdLqHgJsvXB7rDXuXR9CmWPIxivaUlmyWapGZsupa+FEEySmU6R60lC
ijjyGI16dabkjvVPoUDZvFir0KJD2holEWBbnXpBUqdPYuvv1Vp/xFlfq62/
V2z9A/Bcbv1ltfWIfKa2vif6eZYMcO2TbDF71/J0qan1XXMImvidcusfgG/G
5We99RhtSuWSqZeQ6ngk29CdwBT34RbAGnGsdFbfjBiVaPsPwEEUIKIN+R6h
KkFNMPR6JsUj2W1iGEedcXY8VyAITvbwCxzYunw/bu4FdiazJT4vTbvO9pgX
Ou4xR9MjX5lneK81hchCZ1IQxYKJkoiNA0+CN3fI2SS3w9y4Q8iAEBMEt1r0
r/vwA5DPx7AoPaPd0kQ8I6uhL0o/E3cwqzQ9xzbMZY3M9U5eCJYPUyykj0eq
UEvN3vNaHS5ra2p+XkvMjshW5+RwbP17D3FFomJLUBMsvkynGCKlPAi3pRnF
S9lf4lpBLoe0YODV36jktT9M3NrvBqpUNjeayZXDlgEvsxX5aJaLZWof79vh
eFvsfgnuQnWgyfzhKR3x1f+kHvXbH/5wAfeHn6zg/l3sfX1fhEL8VO39Adh9
ofIf6rznQ70OkK9kghlZ77/2Bh8lx/HTnkXr9p25x8oaTa8R9RpVW/bqqZLz
6qGOXx+nr341n+u5hyT9xPTNoZq8Ja1CalMXeL0oaqlU9bFjB8qLBDyvrJ39
TZn52qs/F5qbNNZncHlWEX8/O+oyb7E+qgysv0lZmV9nrR5DdbwVUHiktS0P
7qFthUj+6hW3rEGE9OHMct5y9xYeCkurmk56t+Fy7KIseDhyRmSOaby+Gvuo
LE5GFKlmeR2VycU4dI0vYg2LIxK1DUzewTLasHh0u4/MMGVYHGZ4Pg13wouC
mQi3nHmF/It+pog0Og8BEybM/AHoC7CoFtmqxmN0wRhLm4e0wZh5f6W0PYfA
AWQeFRpyY1gOXVQR08q436ICrdcXcGeM9frGKY9HkokazLWnEOH73MZ2R2fv
bamaRUc99nt38avLTCJu1QWBe/JvPQgj9eWW7/qjt/owh92tUAYXM22D1itl
k2CaEkI4rF5oF5n+4z8+/CPThR+v+UxhuFwjiOvPCwz/MEX4B2WGX1Zk+vBc
2ezl2/jwE1zThx+DTR9eI5s+vA1t+vAGtmmNBLS/q7chva5HfMVrPf3kZx7x
97Pf8LC/H/zqY/9+2BsN8PsJbzHFW8TYhuzv+L/9r78V3X/8W1x2RXr9mBJ+
Isj1AXi9u3yhKJ+e9n6Uc407/gjL+ftt/AzM+QH4GZrz8cB///vfPnwSWvvw
ktLah+/psf55eO3/2HxRa30Ib63z0P/xA+L275/0xv47gbefNdn+9m9fW+rf
Pq7m/LVULg7ifxqVS2D4e6lcFEL/ZCr3c/f5LwPnfn6ev57RfUzl72R0Petb
RtfTHozu8q/P6HLD1pQ2cBj7UdSyp9Cb+mBGWpPYb0aUq9LIvQMSrm8pTxN0
nSMv2uSVlJzBY9RRZ2fZNpe9qk5aSdtRfsB4C05RBDaFPaxsuD4o6JN0BFzT
uO1A/XKpOetqLuemAUs61tjUxhJVgq1jwhxBSBq63WKEV25hucVrKpa/ONnR
4/QjABeNug8z1O7vAx4Lbi+FOt7dsaJBxYvZTaIpsakn7uuS8UWB6aWTk5pH
JruUQlaf6QEow8qFaFDOKsoaGezWmadbz0sdsp2qGxgYCHmvrkQ/1vOButST
frcHxU5HWPDu5XlDNACJ3H27P0o5UznKiW+oNQZEZz2brXxPzaddaG7dKjGC
BK0pQjtXCET+qzK6XQntJ41RpGhU2U3fWkl1zY+zDjgoc6CMrWvJLm4tyT5o
sLbACrTy9neE83ClnlkEB481ly/Bbi6HZVNTe3eI5St8KCsYcKhEKIl0Rrpg
tgLIouup5XYXNC8uDDhmZ60RPf6sqbNua3uyJjasRxKQrvmhHFvGXQaqsYzI
pY/aSW+asb3dxpNUHC4XphrR6WwJOLed1fvVDcskw9vMbVYLyBpW+ye0Z+6c
BdzvDQITlcfq4Pl08Y/LzOd+YdQnyQWJArY6em/t/PO4VzI3mPWABDm0Qi2X
yOmsibMI6CZtN8TRUt+7+FTXJ4o6tVG6dA4rR3IfSnTs7+KdwRiSJmhJ4Yux
vQx0GohRWoIVTQMc9QZG9ygvILURSSOPFJeOojqj6suFzAttAoT9kAdCefPG
dv0+F7x0QmZlCaS4EORjN7vRDlHUYbea4krUKDfx2bsNpHk8xniX63IC8C06
8j2Ke65knQz7dh58WMgo93rB9h1d9dm47XfWbCxs+P+T9yZLEmJJuuYekXiJ
3iItzFOL9ILJmMGYhx2DMWOAMRk8feNRmVmZkRGVmdX3Vt3bvfCVuZlx9OhR
/dWdj58TeKg/4gAeKL8Im24kmDUGwNOK5gt2iAly2pbySef1NLkdtFfbhK8o
E3n1qyKMIolfHcGvpiiqSHq1dm5Y6vbtGIBhyzFfi/XlGQEtY9qrAnWpzvz6
qBd5B0eGt8twhLo7GIz1RuGkzijLqSped1S3wnJAQrpiB6ca24YGyqQk2Ka9
mLSZs1/E21XT64uKLdN2OReBIUHny76+DBHM4tf30qgIBXaigLYV6ocCZGvw
aXU+mASxwj5lkbAc4aO7Sbv5PDZ91m6R3y9z/oLCwTLGuz2cFJ+A5aUnocOP
4lVtWbkaHXJpnOD4KhPy8jfbNarWh0lytMmUT9lnV3zjMjkUnYibd1eigM+w
mPSnh6kpfRuvsjYTtkQ/yJFjhRisxxhgCOE8snEsieV5BmnjRd0T03qJx9WX
trwB7D03T3qpzL6L6Ifeog0pCWpc5D5/XqXvGNJDMuZjX+eHUpmIF6shRlQP
vlnVmGf3EDDquwGakn31c1N1mdVu8tddKmmFLP9QS4gYao3IA0rz4mV9Zw96
3b+SNxLGI3VUcamBBQrdr2vnH+aJeFiDZbqN9bFFYi1K5+FuXJ8V2hOSQsL3
1OzP9Jhcuzdez6emydbcMkCiryXaKDkWvymy+WA77brhJC0WJ7r0gvS1AbXi
iqyETH/9MjAvMDzr+v3WIawr6h0FvtH03twl/zZ2mzIKrln1fBCVHMIrBO1v
M3EcPqrDJtCJj/iFOw3z/Ts/BhLrujdow8AJiWd3atii854r2MpRZC+MH6MZ
XIZ0IpFZsF9yNXFvy71gyJ2Q5/50YaYiSyt8k0MLjHmUfZoyhE5oS0se5Rb0
o4trOVPeusAeQ24f0eIUhsjEB4FZW9wyXz2tWf0xKHJDT4BQyWZqnYOdR0c3
jrzHqBJR4zk0JblBBlnxQnY4xc2NeY0RDyWKR139GATUi0rjXbwAO0pZThyG
QWZPd3hOHE8R7qty9btdHU42uRAr2Rmtu2vCRthQY+UilPKch43Gds0bAuwE
9Q4hfe9GnjJC3IePCAtf4fqCSrvDt0gU7eL51jcyJ2cM7BdseaVbPJUVNb0/
YCYBBDwsIe9WhCxwydwvB0xB+UQHkRvFvQJ/rUZLyCp8rN2cCx0rRjj+ikPG
suEAw8uLBs5XDqme7+16MAaO09r8UtGM/MWLV+sOKZppSqsUnwcp36XurhFg
lAnG9ydMKwqCkAtoj4ewDM81bqs8s8V0gUVdM4rYW73wJNoZ1dF3oLv3JPM5
S8VE9hk50d4XJw3DctyngZ2frDRInf3s+Yb00lBra1rtS5V8Qe6XhELJiuFj
MJkpfnGZs/iD27VrQHpjaY2FVALM+kSDaIXQdrFQJxN4bcJyHgrMal0DH+tJ
GXQQYU8XS1XyIHgJAW9LjfbW9A87+qMNkIkl6XVZe/DX3Urj6Z974s9Dle3h
G7dy242NtB1X0uMPm4zd0aT1Xsb4CNkTB1l5CXDvAiHaDKfopHfYdn5+Umfj
/Hea7djo4oRsKslIbuGXE0qXauW4KvZVDbqR/Gg5eHLAOxo5xtjKpNRgJ+3d
h0S8ybomj5oQNAQiOD0L93OAo2MiiLJuXj2NttspkQsx4PqtVIPpJbBIdG7U
qSvyURofLdW2a0Ti0PTxwWtPJAZ3OhyCR19hbSPoqsSZTKQtesCs3ATkdWYS
/c8zU9SaYtGEePg+hSz648i4aXCLVsMgmWnXikTsYx4v7VDY/LmCJu8XTSJC
gOBfjI5sPT6HBfHoxrtLBivVkNBD9evVCD9P5Mutj0gVvsgdovhZnYzpXCpM
CZMUGhoQxRyaBkqJVpIcjG5vYbJUzIYKvfImdUzfg/sXRhidMuk1Zpw7Vu30
V5HQ7QVuTaMywCrB65BNi4Q7GHJXIS2AdIJhUysiT7pYP/xoKadAuwphZ9sn
qJlHHvnfqTa+lda/mLuo5oE8gVrs6hOZf5GrF3HL8HWsme4WpU+CxhsIGtgu
eW8f/T0/GJ2jilShmM13dFAegMANWqti6CN9qI+qNbT8Lc6Tq/LogUENORZP
VTD5gOgse7NJx/NTdTL0OPc9pQ/WZgaIQwr66AE/HXJPKQ5VRPz6tMuKTjby
6o/VFloHyw7FrnQKWnLz5V1DdeXeET4pRO50APy6I78RGf9l9VmyrmTq8x7a
IZSBDfruervAIZZD0bEBFtn31ZI4d6VSaklC81bUlwyMTN22TWn5+fHRtsBp
yskr8hX8PCct6qJMgZTzYYivQP8iauLpDdpQXM7X6wmqru8HgJ7RjiyeTpJ/
IQtrLLAL5lLy21Q8MJdAWZJhYRha94dwiWD8fUGIQTrJR6KC9F2vBw+EPhZd
Wl2hbjfQmunlEpRTuXNQ65UEhzxFco2Q6Qoy0qgst0hdG4/oXg9N3c0wLAIE
8ClxOT4hQVDqe3ZTOGDCow7TZX1iespKwmJsy0txBL4iCd43xIBHMWYmX1FE
xpxIW8Dj3X9NMOy3wJwIGzXu2v32VjjBOcKhRHR+Ei2nIzq5zBdfnwpnUBzX
kAkjvi+mn68YqPTEC6kFvrX3lyEQbB8vgsuep0G7TAlGl+/IsM5ln3pUHObs
SHs5zNilnFRSHVHQGeDaYeVTkMPuXQ5PSzjVZ1aMzqR3+aBrBhviBLcobOmI
xNzUxyb6rs/PuVBWpXzmKM0D5qQK08to2NG4x8ykYF6H4Gd8gKdP493Evmlz
dbCXEcg/stWNMfNNG4FARybe8ozPYQC4iHz6Qi4BrFmJaql93j+n1i2vdonw
Vf+YdKvo4LOefDxbvIInugrz2MBu3veoOOQQ4OR+mhqJsnrbCT4knF5ex/Xm
C0SEyBdnfyNHK0eZfy+cWzVDc8wReuwFOO9TJV4fagd8T61O0DJeXp4Nb+cC
/Vi5fPsTx5K0VtD+iBuNMxDi623w3EtSOPMg2BMBxJYI0k8kgB9xZEruYXb+
cO/WPtvq854l1AXXwfHtOJf+uYKO0+wyCdzlLsv+2bhMs4+x9wQVCgSuugnh
KO7suESKXIkOaQhigaLXYqeaiXHhRfU8uwXDIiyL0Hzi3JOSMUHSZuzjZ+sC
nODaEBCjEAnY0TjPTa5F5gU5otz5kV/se7Ypr6GlykCVeG+b1sLjh/DVJERU
2d0OVMCItMYKlJrAPx5E7RTR4UIObufCYx+IGhHOFt2vxTMyqVKFLPWfp8Wq
NUZ+6oxg3N4HVOKVEkryWe4hRndB7GucVN0HeVDWm7bR+HUIFOyUa+TPI483
lMkPQyUlYv+xEXyxSoDrmkaZvUoW2Q/G0ln8mCA7KL64H9js8Vy8zoRBaenr
lgzV6QPqsiHS62t5VOgU4+sKxIHhhC8CHQNXhh/aUF8k75BC/fLd5plxjJTc
YmoaCzPp/Uri0Obsybnn5GSX4SV/2MC6TU6M3boukV4o6dTonbDg9+MeU828
UQhNJwFr+ydfqF2LnD6LNcGZtQKsLYTJLx4HULUFBsQ3M/hayJhnJH/phmFo
JNaVt96WnVQJLBHgcnl4r8R0DTmeNN2O04fzON/wVgCvvLL5QI7ePJwOlQ9m
dvl5/bi7gk+FHrfvPZfjrfIZ9y/asB8puKd6vehJUtktC5IeEMAdKflW0WBk
yyGTceEB24RP3q2i6z1eJEdpgjUEt0ztJLSDfAfssCu5ZS6xrAsBGzNAloKw
1473RJmwm6YPGl5Et6BGS8PKwPU5z+NwpD9kWZYyD7r34yKijvMIvCOfBReK
gLpn+PAZYrrWh7BeGmI5h97R0pTLjx5xPKC1zuH3QEoeqx3i8GRwNvMfa0Z3
s/9lhRk4533TtZFZizQDXzV7EQFqJyllZce2D+EQSoZPVkyDX2Kk44IXfFRV
Y7KNhd29SXIG2EFLycFSbB6Yxsn0Pmel3MUFy79psc/Y+DkIyi25TcnEwcUc
3IkPPXB/rcw39/zcJwGEqmj6Fpn4LoppaCEsS9+zaH05qmlen+yRbIvgSk8R
5p1na4kjdm0M9C5ZEzwjbeNq4KrYyMACdeCzPCgYwkzTOD0ggYGGAcy2pMSY
1Qj6Z+HHGDllR2WvHkPU5XgesMsqBlCOuHQq4lTgWmUnRXTmPKyqBebh4TO4
I9mnpPgpNuNQqZlLKUNivrRcRnD3NCVFajYgQP2wqRn/u8fUYerl/I5QPgAj
PQSbI32p9zXHl3YLq+0hXgTxEHsQHESdh/HqGNiuAMTXd9xoKGgqhN/pE3JB
MHPR+IgHZk4ejtwh2GW4qH1PoveBv5vdA4SKkutSvBd6OWiAdlZYhSiINXrO
BIJaAZap693QbDNDpN04LET+RHplgtaYj0NS+loMRq9WQYdP9UA/DmDXz1ho
/HKsoLWdljFJdLd9lks++3cHqPg5Oyg+sqrTB+0GG6kNmpA8enGFJMTZXIpA
QBcSMR78DOp9o9HPJzQ0mMHU352nzeYKh02BjcVxki6XOOzut4RxX8hXa/q6
TCpXAVRneQpxMnzv+fpZBCPd2c8p2LNBXfR6IlkRn8d7WJDSgW7F6aEJRLsh
2ihJLxOPP58dwBAK8SVDoINCVaHUDLdcCxofa2Pe7HMdOi3jxGED0gQPn9SV
bKaxhy0yiRwh198RB0TEnfPQOyDXHLJTugtpHS7mXD4FBofkc0WLtXtNduBi
MWcVzbBfSL1Ga585dGTAlAY0cf8gyR9b4qIuAwYTajU/lbdaG47Jt+7HS7Al
Fey74KnPy0rRTiEIMmbTq+3NirUhAIRKHRqEvtDAiXlth/LaK+z7snoEbudi
8uYXI8DPdm3bdxCKIXOC8LXj60N0jZquiBWYmZBxVGI0IR7ZxYdLMtyjc80n
XUmN8a52bPuKkTD8PCDF58tjdNdeWb/KNw9AoR1dChAFBZt9uMb5oiSwES3K
KcfBs812013SZXE+NFHIhDRsxhjbKUOcMBXXTfJwrcBJFxfIptzMvPUzx5W+
9mh4nve0NWguDirJ86W8nsXbWjcMe9e0NW4ivHws0xTsu1XSXChCCfB8OJH8
vK9L+DznvJEkBFve3CiVF59Jyt1RP5xlVqno7Vx/n0Y2gJo3raDjk+9DbzA/
gP691EuherJxZO3rMe6gm2yCdv577EWYg2lQCMPzTYJZMHy4HSGjLE2GEVbf
nprxbgcoiipd4Cn1kZwqT/3nYXPQuFlacQgr5xy8VIikUOUy7PGSasEshe1L
pJzDPRB+Ewp/A8aODMWnOLe7Q1O0ahCi1QtIfs3LlPMGhUXJ26k8RGBLdRVa
RP5xqW6XT/+aVJm9viMwcR+16bqeQJRO6NUJVq71cFI0xcwlLz6IphXQw9ds
cWwpvEox/aBzd7Besc+MmGa/gFuEw+gneGTFY6/SoZ7joXCaU/s4ke4PCqxM
1gKWKxs9wwE1hA8cG/3DU+RpSgOPHDlA4XOESIR7jhYKneOOx7WaAyrTfv6e
+ruUKIktylb8dglioVDnafRhrhRKUCQrBFoFAnBCtRpcM0gq9RxM3K4XlEy+
dsemCbft+SvsGp1JrkYRbCm7VCI/JCP1Jel6MO/6wxUAls1w+WnsTqG0XNCO
4H3W1BJyVaiWBgauhWM8+TQUKpWkA/qYfjRm4NqP73hNAcGEgPt67pRx2EUx
7GwwruB9VIu0+ZwJyvT2mkvPr/K0r3MeuxdUUrQD+9osMVulwDkHcyfgO6iX
s/2Ufw9rEtnJ5rLxavTpk1bKXBeEuYot6tzy+oUUqxXjvAC13yawtfnWj5/t
DbxDjgtCI7E4cjKOcRZUdm5b52ltqSdzRqUw2N72vVbGipB/4TZ5owKKvE5a
hXRbbd/AR9ah6KtuWdrg4ll3X2/4pOWCB0mfrGOOTifDJClyRQxcbkjBRZ6N
mQWPzkNCYe7ZAW5jnlRnPeiU5/JgcLMyl0s+eWnbwksvSPNfUib68ix/x4r+
wk81gpOJyY0zp8O+bjRAO8kvzRleTUKSJo8NflaCAR65B5NjTUwV7YOV+hI4
CxwgL7A7YWDaMH8+5sYbyKnPAJzWts1H2tfXYqAwUqQ2fhKf/hM0nKPYSMfx
7gIlUuWBX/nUIR+i48tckxGnJ30ttS/w0kwKJTT1K16NE0mt5rSC36zqmsMa
H7+iMOyqfkFr27wb1f5YwWHUq4D0g3dyVKA3AVrXEew9fXO6YPu2rCQaFyvk
MFzqezWMetVXkZod2MWQw9Ltb+VA2s73h4ojRjlHXxdwa7etNiwZ2O2Ne0pO
iB/6K686Wh44mZ+0abBsZySV5LCEnsNtnlVGWMwXTdL+uA1vgGe5JjWg/LjL
u5Iz0D2SPT6cAQ6UdMsp9QXSoJTGzBqA0/IdYTeQTAXt5jEKFPj8eCoQ1kHT
kfeEoabS3phtnqQHfs9mW0JkmuzzjaHvMLGxq21Z5/PnvwNlEp0DN2p8+y6q
F2CYDjfixjfymTyWrwbehjrdmoNRMF/Cf57FQRE6iAiPEjmyrNoQkih4VxnR
W2sqlbUC1weLYazzVLUp8r6Lryd1NwcaFg2pXG0b36RTXMcjVDPxDZ9hvSwY
ESzY4zwReLiPNjC9cxf3cqQIpLMoOiE62QRR9/JxLdF7jECMdoheQYk0ltms
bFqCRqF6x+mHjyhYdFekMHKgStE+UG2j+UM/5KVRe8k5yGUoOcm6OuiLq7VE
LbyDirA9GAwfX8NZJ6wWWU4aAf6HIgr6yzCDohaihW8bnu7ynjrjJpECsz7V
MFacZgwE7ykgrE/OzcfE0NraJunILwpY6ZmC1WyHVmHK9burRETwXezLL2/F
JEn7dkHiTFGf9ClBHnc2d7c0vNbfHjvOfV34Cxw1BE1Mjy4qiz9CngXdDxHr
jy3r7dl5IDwW7HCNxqJ4gcuDxfEND4wh5z+HxI3qmCH36PvCSSc6LhnTqMoJ
IGTdUZtjJg2XaO27ZHJkBoRzBCr5jRRSdXZF/WwYdOBv5/n+sEDvRFH5pZbX
WxUKdI2GaI879r+AU/6d23n+u9HlP9/w8b84wWw9jr8jmC1e4Hnhnl7/mGB2
2N8jmO0vpyii7v/3Ecx6+O0T9NG+bFjz/kJEIqojjNXzz3f4R3+hOPtsMNZf
gFRm17/iGtdMCt5xaBJ/Tefe1yPlA7Pe1/InKzuW/jN79UMP/w6t3Dv7/dt8
hirVU1L3n2fF/tYM7VdW+lfW8x8wt79yt3/N3AbRPXY0CJegwVYIP+Tuv1M2
SGC7XJhE6vUrVSOI228pXeVhIvF9zGLsh89dNr0hir/jj02+4f4lHvwX4C8s
rYssSVjUMdazf0tw/w1Z/XcR/aFm/4hn+7t3/y4z/gvwD94lxvfqfqjuOLKX
H25cEZM+bu5IC8r3jtWdUVYrHtYde4WHD9Njj99S0r+N/W8jf+/mb2Jvo8xW
/NCxPOK/Iu7n++99qGEd45Y47Dfr5NpUetznJYCfrvorBRWvFq9Qgj1WP/n5
55zUQ2fKf94VdYzSin/EQHv3J/wTp+ePzs7/C4r6LzvfmXfdGpD+T1z8vzHA
vTOmkVH9/MQu95fruWvBv30admt12bnPJufpMKL+AtyVpPp3tplD7u/ekpOz
Xdj0lCs3+eGO6hAsGcb1ifjzfACxiiN1L+5P/OG17734Oev/9sqm8Jz/w0Pn
0oPIJKa+v+dPZLfTv2R7v3ex/rlB/6+v+xdAEXv4h+RO7qv+lZAW6z4O71xo
OPvOYPgnyr/utmzeuxjckeaGn8z+Ezfd3fVheAzFnQcF2sO3WP6VyU4l84jQ
f4//X33qT50c0vCHiXemnxPxy49fZ+VLzA+rRChyMRV3wY3vPVG6P+2ay4lp
ZP7w4ITS/PDiKqz/mgvjqrs//BD/J8Lt3ts/NGcU7Pmu46/h96jBuz6ccL87
ItHDH8vuXXl84YzJptoq/HPU4C/APzDB+4fU4C/Af2RW9c9Qg3fX+wNu8J+9
0esX4I+4wX+WGvy18/6FGxwmfwLHnRs360myD1sFnemYLOH7vWISfiO9SmCT
9zLdW5GG3bEe0M812DO84puA7mHM0ZXlyxAfrGgyITmYbtdTU9FkI4aY7OQB
rAMOVNa61V8KJa8V+TFfd1ZHMwFD3ua534hwEAURI2mlJ7Jm7eDFEmOCpqVc
4RlDvd4BXY2XA0Nmt1U420VD1lH3XshmTu97a/hq+k6gewDEvUqYozZ066nP
FazP951LjOVYcQSCZXUf3GOeXHK0c/aLhT83f1fwyZstEjABc24QJrR5nB0h
2qslYWaGnBmIHuMRkddhaYpZZ5K1vX1O6Pq++2Xr7q73Bks5m/dDqFX93vkp
hFoWEjkoVMCj9qd5tf9javDeiz/gBv9ZavBexR9wg/8cNejfq/gNN9j4sBw4
wslqTkCz7vMgcHK/ShMT/oAa/AX4I27wj6jByu/xUT2/xnSEE3v2d9fbNfKO
sdEjlUDICC7yuLF9Z2SDZzSqIsvlZIUUygjCdWG5ZX7pKttCV2EQY+Fs/GSU
xVJKc3WcAEp336M3bX+JjhMl7/wrHSdqlJmMKBnm0/bltTNHg8WFskf8Mr6W
EM7M+AswHSsL9Z7VORW9bc2elBU0EOVjhOyl7mUzTT0hEKPFx58LQ8sDhFXX
O9vron1kSdbcSnlMsJVNC6cXCY1RGztVY+vtD9JUcvTzeQgOmddG8npVrs2G
IGgp2ix/KigUa/xstmf5CzAP7B6hddI9p2Y31bjwnn7kuRal4QTDn3M2S+Bi
WiPa5cjbi3qacGTzE2i2BupwHMa/AIgN1qHwO7bQf8Xv/Zbe++ubO38B/rO+
0H++CfWHWP3PGUP/2Rf6zsn/pDP0n2+e/uWPDVn/gTX0n52hfxTpP+ENrXtw
86pji4tBL5kgj9BQzVRgQj4+vwCgiB1PMvL2syHD8PQqTmN03joUtN2Owvm0
D86Nuo6awqmNjoXFWEKy1gt+TGV18pT1C/BdgvxBzXgoh0nYv+Lood3nXhUo
7G0f0ZMhaZCFsA8XUc/aggUuS95ls1r6s3qKR+vd9aGo4HupZHiBvGNDcSY/
tfSgUmeqE4vECm1XtAnP7WDtQltuyOX0WmmpOj3XzXQj9OQnDn6xSAHosiP2
5oqQd+IAVEjiS2slXvPfeR7aACsg1NScDb5zTHhBJtgIFxbBlzi2vwBwOUfV
jLthzsPvRUL684xWxNNRClZI1runEDVs7IDnJ2HNb21F7oWKExnvXsuv/tB3
Tv4nHaL/bBD9C/CftYj+s0P0/Qm/7xEtHb/xiN6gzFgauLiVXd6T+JROd+07
ueFWg2/jP2US/WeP6F+J1X9ziZYtdWzT9zUPVeqaGFTNro3nWTYULeTgMCc+
P2AVeeC3aYoyQRvdPOLTe/8CvDaNZPn60Mq3uVuPjO4DpClLx3tA2joEomA4
0BK/ZlamMc0gJuzVo31Q45Zcnwo839ewXcTo1mbK8m4z2igWfuVb+zP7UgTl
O6uXqf+EFWPaaJhN/KCB6GjU6Bj3cAIde/Qz8zK5RLaZseeFjF+wYu0VOXzi
TvMMyOGl9zZU9feIvbFFrFMgpAUXUEXlD7CMiFua1MQvAGpkphNH3ragydN5
GrQamTaPS+GOdwNm4B/t589AZP0ebeZWHOOl5Fxwnpkdt+Wnqu5aLTj7wWhL
h6KWjPPju+foknKoBdENNHfjb1Upvz5hAfrhNLy/5TR+Ks0v/9iE/h9YP99T
8z9HavxqUf17DtU/+mGR+PDPz2mxeTb9+S9/9Teepewl6n/diblbI8h/olR+
+ZP/ePcwbDoSPOWe9ZVbq4rIXc0Pox9/VvDXFLdouIqocENGkMndOKvnzxMv
3CCli5SknMVs8lJO0EsN/DDWPe3zgKk/xEnYccNA/p5QHhx5eGXoBzNyv8I9
MPbhggfnoOAguLYWffuAf69QXsYwNWtChMZL0LXIFs2YgjzXu1aTjiyu85rF
WHOwM0dMV1XmBzUnsjA5hiEeY2bql8wVbnKEYN92NqbvApukI5GD/HDnZOX6
fPG2GW2/iq4Hv9Wq2u9WkiSTa5pQyCizS24VEL+WgLI1U/ae4PwE00NEEuNj
PX+eysNViov4MvN2TXewytObPgJthKOvPbvroSCxfz65U4RsrS0CFCfiPd6S
9oLz+Y0H+9030ZhcGUHBxUFV6/QEn7ioHk1Vea3MDOrrFSnyqU2nqAcuT2h8
qlT1PW3LATQpMliayy9A+P2eTx/lQecQeVf5L+Cu/+M/f/6Xodh//yfP/04i
+09X8y+A2b9l2v5n8tl/hbX9D+OzfwH+eUL779f63wVq/00k/meB2ndo7sX/
25r/z+Lfzsj//X8gf09w/2up9S8Q3395z/9fwe8/0cS/AL+PE/+3YuFLff4B
/n2/8v8N5Ptnif+dNssUCf8Ps1nG0H/ZZhn5H2WzfMfxf3uI+17Db8Ht3zlu
v7a2v6vqf9jTiP8LQX8qOQjD/4KdcvQ7dsreD6rd/e+PavPvsLueCqYisaxe
FXjSSDAKmkJdxF6hOYVvIlBxy3f87DVD6EvBQVfK4W+94Cu7DsAoJBZk+cyO
ZjVjY8eZ3TDrdzesi8vookheynwACC95+oeyoi/hegte9ofqxQ8ustxPxlrx
U/qEk+whBngql2BhIxuqzgnb2MtRQ8aCYyDjCTB22dYrrqI23m8YpzHPNk92
e2N8gBTebj/F6pP4yc9d6Rgaiya4iCxMuuIzpYUcmOlUhmkcS711fY9OIg2g
IYXWgemhANGoeDj1lu/6s963ZdQkZZY28b0XsOiV3gvTA4A/xnsHx7UiKNBG
lJAo9mYkyyHado515OBpiSWjIeqEn1qlwnw3wv+7otpKfA8hzpqLR8dQ9wxc
WVnyJv0GkCefclMoCPBXMXwLrrUK7otw6r1n9WEgnR+587Oykt25mFftSlv7
eg08s8VlVEcjogJsWJJJiDY0fg121OUopvb+Eabt9UmDciZ7FaGqE2x2CBJX
f+9SaKIpPHa0d0h+BLcHnslVxN9c0moaKYThcMJ83007Ow0PRcRqb8PvQEB8
SlGpu7xEZ0X19j2+P5qzu+WxpEBLmonAM8SzYKSpX/YqERCpNIfneg52qiFB
7ZwEJmCg+UK+8oeheIqK4kK1X2WayFANzAqHPrW6HbFan554we+coCuod/Do
oUy1TaTXLGN6vkPNwMVbMCcG4XtqP2kEPXk/dsrnP4FqP4g5fEOOenwGtXmG
zOtoXg36Y6fMAnrMqtBG/+SWmpWPLbK8twlfawj6sojdxzkLB7NEP3Hh8N5n
JSHhLeMYiqMrpHdiVgNo2aEv6yxL//H+yFWfLE44l2/c98hiNh7lYApXxStf
POlnw886ztnfJOmikA65H6QxgENKuFJktfox0nBfXF0PpXxq+3Fgl0k3Kkje
CxWRfH3JCwKC6JrP7i0w+Hw2HzQJeA9I/XpPlOS5hHCpsrPUCt8ZZbhTeKG1
+43LdWrm17yBT9neHF1RKE8s/Hey0B9r+ixhC1RviOuefhNr7HYo96TMVwVS
cSHoPRMntmjPeCVy+oi/zAM2ZmGy9HaqZGJYHi1DYZoG5MUCf9QgQXNMbCA0
2L7+bsJvMXeWgjTLDuzfJ8rU0abzoqnLRAvqvYWgb4KRaeRBcMAFgyiTIofj
qeZKNVlwfQyIaxlXcJ+PK/ysacLQfvtmh9r7QniEW0zkUpWYcEW2v+ITAHMy
mSAs9/PwIU8kXpnM49wqMPcC0ofxmI5A4fpmD/FltVr5Jd4Xf8IDmsM4kee1
9AUIfF8fR1MbHxdleMyNysRzHjLnQZcn4c+om7XqAJPMjiWaQahXi/qzWRKg
KBQaQuUx8CFkqb8omKkFle6NUrjKK4SfCUTCqQha514miqdbyTpipS8bNAp2
yQozEyMVNFIGGzDiw8fxDoJnH9lr3mFrUrSXnOPcNsP827JPVlGZEGXFq/4g
mLCJssxxHFx3yAz6Vl8DbCnzMHzrzVHhiZk6cnrhdLXdMIK1mGGJ2hc5xJL5
Oq6kC5JQj2O5P3xnjTOxG99qDbzzFU5YjKp0RhyOBspO383v6tp/SaV+fsL7
CLBb44WpWg6xA4rvmaQO6SM9Ox/1sZcMEJGlryONEOw6jlv0RHnmze6FVB6n
fBfmXUBpvqZHoRhL6JvinySRCp1duG/jF5SlLgDPcWXmbos6j8+dx8/y5YAk
KenrHkyPdQgScPCaD5JEa951b0J4g2balQF6hLst3YUdgO7zQ1p2v0E5Px/c
ikLOBwN580TcStXjZTWeofq6Qo1gvWtYPS1JmOV9NtmydGHUh4AttImF030V
pi8Nq2tQTBgOeVLrXd0cSMTGQ04t4fMdvMqRvhDPz/07+cDyc7i1CFGjQOYa
8ePMvh+Uf1Y93H56M9zPZGYq+v14BRWWzfw73waLI6gWcTK8XdOitx1W3vZ+
yixgkPIe0q54jv1gpiA2DyCMsSCYGULqq1/VJDAPSnMnHtO+zrYmTwksiRFk
Jc+jhvErAPUcrEf8Trjz1ZmODxV52knNK8O7pT1fAY/DOcZEJW17pR0O6Ebl
YvsuExoTyO74FAFAwYjJ7wsW8Kea1ufS+u+LxSsn2rTLU0BJ3d5V+ySevQUJ
Dspjn2Yo51E8QJYcJq9Kb3XqqTapfDalT7xvWbEijvQPwtG7k12M7mHJ+iYo
ZdqSDbVBXyQV2BhiFKE/RHBiyQVQtC9Z8OeKR8ru6abQ5XbX6kbRgw3OIRb8
0tVv+laLAXvWYEfAUY1c5ulm5wmb3SAywMapm0hUbavz4z4jI/N5OkRPxG6y
w86XFFFpe3R51vJijYe51XwzgneFuEpcKRF1qQGoZUiYkAkN5J6gMrribWWC
4asYEZZa+vcgwWhZwljIslGASPH1o+78orKLud506KUANvRKaun1eBwsOqAv
VEZXXrlSRLyGq7iz/zXzddnO3zZ9i/7Btau47ffi6FqSIhyE34BKQ1SmdeZx
l0M7lgvxBKmSoxDSVOWP5ClUcb125ZytcEl05RlvSv1G3CcEozwY09kE8HWx
2Vk4+zMkWgM4NIGooBeCNdAROsjuIZ9mUp+Mj6+VaF55ezYJV1+soqPKPS6i
BGAgVNfKdv11CVyQEvXblCWRf7lQluB93zY8ZAwQu6Sn6OBnmBg6SAQfjTjM
V3shz2cIEN2KNagdE2lP+K2ro6aiKTSSmCqjdKbkYbScga07Zgs27d2zePtZ
D4Jey0aIc8SVDHDVB4kmAXx19HdUBt3MzyFVhZmdQohf7pRBpD3oI8UjObvB
Xiy8nZQ+pSLfoFVoOCqQwg7cmyuG+JLsvC7ys9MSEqz1FeimFcW9own0hEJm
a0JSk6bIqT4ldgMvmpJgvIWeQFLdlZp2w9jAWDz/SFrbMRnH9gMld9jsBRvi
vk6OhYvcPLdA7vVYeQ9Xt4+gJtVC3QMfaTMwN3DsIkhPlCbZOUIp2W9OOcGY
VzarhxHG4MwFmtsenKWQF8KoFvcxtpOziisAPBnNO6bQHyRY2lep68v05trs
U+SUdmTtpkSoeRcSRrB1gyfV+8VTeo1Mvn6CF48lFKCJhJFNkytRVR55RjGP
dZtuG+3ckqD9PqvqrkCXfw7aKI6G+ojhLj0OopineHt+11YEYqeKT6N0HrFF
zW/Wp8ChCNHo2iWVPQOLHnEnl99pE73et/wBPba0YWncLVY7ueOzHsCY0RxG
JFD0nLD10zubdJdXgfKE2H0y7oW5+7NWpqef3e3m0csHOBLS8iBeoyCJJAZW
gAk1WZu2gilPmNAhg1IaETuInyedzc3X1aLt2a8l7hM6CU9zrSxDR37MYn1p
Ra9x93GGojemRh5ut+izuQf0KxRUoUnvwsfYWv+wz3uacvnCo8WB6MpplfO8
dxqzWlLla+3TAWCOszzNVqLoJrS3u7BHrAbKtv9Ete8pHaEdwaPoUQbx1Oun
VHdnCtYegr83DWvg9DoBX384/Pp2H+MRgjONzIMa+375yRPYVkuY5YJn9g4G
PWY6q5RgjDRRc3l6iE2nvXgFHADxw+gM67tU35rqJ1uWVd5ezKn9lqGB8yr6
0bB0gxsJ+3pwjpq7ji6CdakT+Hb3XrMEyO8HF4hXqBjRsPeh1tiFZcFCSNzN
Eutf4RWc9mMeIP4g6Dx6D95DJG+99Qm7tXv04xdwYcvmoPIqNW9Tt2/DwcXj
85Q3VnHoZfCbMGnOizKviEd5yldIeGUe9VTaSi+3rAI2QLd+B0YspJnImy/u
rBI50v260J3aQx2ne8OmyMyPc5zZZbKNFnGD6+3ToZ4axyatGgD++VDIh7Ar
luGnpKeWGtydGXaiL28CG+fazgW55zMxRhd26XR0htGEv7y+kE21PAwMmCct
b04J1r2KwFG35FFJgV1XFmui5QL5Vql9kx6IQ71yA3a79qQTxOCaRn68CdiO
BoCoVdBDvwqEIvjH30WX+/BT3BmeR2/am13I1vmOj33TCPubb1agpBnSsuAa
LeUdjRC+a6Ir6lj+LbkxcvqwzPXJW0/MH0h26wTJGPrXOBlkYxsjN738uQif
w90YXI5uDXXcYOCjo0OS38cNO9DVf4GvZj36N8kqI5FZxo7gZhfmjxf7eetn
te1tl8CpJaLvx54q0Ccnbqlr8yEDBY4PahvkUlTVv3jTPS3oYViicjyU8Mph
K8bLt/11pWFi4BhhB46AXvNTIAoAKanjgVsv0/LdTuOzyGKRoBy2QQW5SyuO
5Gy/y61JhMswytSth3e9ahfdL2VTyWKTAwj/uLbSOrz2wIpbPpnDQ3nUIffJ
zXX7YBvNGuL8GYaQl+Q36311ivMtr3nsazcjrp8CUDBbHVVle852mF+49xCt
fD8Ya2JHE8ppBD2GNcVNNTbwb99+hvCpI+/Il2Hznp6oNAC+8FeuLssW6XKt
lKvTW3Pe7XNz0ov4qMk1yAEKL99T27S7MUx8Tu9fpDM/g++1Suu5AAwxr9M+
GAV8lW/uOgvVuQRx9A63phJop95qZQTM8pVOxlAikrqYcOJnWMe8TQI/SAFk
KX8OYvu4UwCCe+LdmU27HNEpVv2n+px80oWwLI/V4d2FhniVPBhRSQDfjWOl
QflubSCJJRxNVt6mNXRl0NgEbW3fuO2r4wf49X3695jH6JeSP0uw60TBTxRu
1GqCoGsIfe8AF2ogH8yw9AjBa630UcqE0oEaA4JjxR8pBKwUB5WEZAvyxpAH
5OA+toYhnAEtJZ8LwL31fFxiqaU+rY0RcXy9zzmCTfLJFPDmyDK765/n1zH4
SugEtwG/5kd6RXAhRGXNVw3QGHuFFt83xsPMs7usOPLt5776WwrNWWJGSYii
S4VsWKOlNnzhn8rUXwXZ4K28MRrnAlIrf0y4x2ft86F4eBHgoscMV2cMTHF6
Tn2pnH7gmBlSIBzRokjQfihzyK6/BpvZdRdgo+UdGUQsaxx3fPX5W0WPpVVc
C+9X7/VBpx5Fb9EH3scz5za8xgaXYUeBrrR6hmcaBgyf7At+ONPkBBkRgeWX
aZ7Gikv+PSV+wHgTZ4bnM4pdp3BVx87juR0OPtSqrzg37hTQNe/wzT8g1d++
X8YuWtGSL8Xs7Eacyej8et3o521ogI/CiR6IpuUEqk6pEV8vIwD1NxC46tYd
acAPoeGKd8ezJH9EB0izLbKKYMF5jRLFvplceHvxk9BT8/WENK9vGq7Tz9QF
2qLYxZfXXPmsPeRHm6bv6yXGQbq/H6z7HYpeQNodJkXOTl7jLv/8T57wMLt+
Od2HpAfgnu45YcEd5Ku7Bfh0krp4VMQPeVwVV8wPsbmRT/BzVIs92cnkZvmG
ftgNxUsxkxnBBBzlhYbjha6G8iVbb2EtTnAWYY2M8A1lcwL1ORGnwSYtDrw/
SvIVakyryljQJXyswSJwB+DxERPJ5cPgCRfWa4p7ZlUsnxpR7m2/Ao610gVp
3x+yUsPtNaZXsla2rK1NNBI0CrwvnYcuF6TQFGLUdOTrvDcYShQIDC/nzhRQ
N5CfHd9/P9DhdPA1u5lldSxU6VezgAvgSIlkWMvOpLxiGP54GBwWae6bnMVI
3c07LdBNpicihcWhJ6uBaM94VvsAnokU6WseIHcve2aPiA+/qosU6dwk4VoE
E+Fo1Dz6agzzEv1aY1vyBW3Z/fmDqgTjRKrG4gPnUACdvWydcndhb8ZU1qml
GmPa/DJLxa/HQRsiq+3O2+pKgVxL32mbfaPnC1kl9gEppg0Czi5tB4HgI101
Ehj6uJqPF2j7xnR/LOe+ukZ6P0WyuYhKViJzNbCH71Wyl/JBSlOpDsg11BSB
BkNbgHEtReGlWnOfUne+Umk9m/R5tMVbJMM7DPnYR5N/4MZSC+jVodQLzWUg
pOrJ7amHgqPU7mobyPCxMLwp5HELAkx1nqh74hsXSly5WtmgasG+HaI5NTot
oLYpAyW07jFyeZHq6dcRNgGzdzQ6ISinOSRX6DFSn74glitoWFsfOUT9GLZn
kb3FQvAjRgKmfY/3jDkZtzja+hXnXYHdgyvheaLsycJZ0uAVi9nKp5dpDtmo
VdNeMBcenajjqxoM4CDHDzyPvvFAMJlkTUv6Ct4cz5L7lyvpzuWV8XEaUXrx
WxchyCSY1FzvnS2B3DgcKsBqsB+j8FyX2sQ5/NBIXdVPbcq9TmGJaK5AqX77
eM4WfE4Sih0kP5iLrUfr+ZxFLHsD5+PjdrZ5F4SJHWcO8ZuVp83QXAreRmsG
Pwi2wXBqt0vStRzKnTz8KgjHDKMjsPqHB/gd1415KTGq8tAWK52sKXo5OaVi
85aI50hT64j7IIL60opUFGXD6dOD3qC7JmpuvjfA0Oy+JX0OPe27bjxCbm2P
b3riwhvhtazSH5xHzO81f3IqVjkzhIcpblh9lwlOEQZfC9BHna9UJ1Sw1HOY
x96yA6vY7dbvB5/Srfk+tsgi5RLmq9c9vW3m6x4AueuNM2j2sf0agPIpQXT4
3N0YrniBk7QyH/Tomw1kG7A0Rng2TpB2jhkRKYqBut9F+RrnGhPnWSpQFwBL
TZGOsf9sLfncqJcjXApx6xTlmVU/Xu2B8Ja/Gi/DbR08uC6UXgol3vkS4kxG
SU8dOJAnthg9C5GUFD1VkpqZDhYS4yl8L487oEZ8Hx5G7Fz6nBCnCqEiiq7i
Q9Yu1a3kpwD8b0aAeadcfBRB3APpauhMo9oOWcm0T4ysiG2+pVsYE+eUMveX
jO2WtvPU6p/pKY0D8GS8sP8gaSTToXU90iQyUuKbYvEoMNvbVq7QMULsXMas
tXZlAh9Di1SL0lefMjMVxAIcNeXhMCojCAu3ats69eLpN3t6gQGyLZT5yWN8
Vh6fJhilRepJW07S1v6QUIeRhDUM9NOHv8uF1VK8L4L++fS5OwXeyhw6ee/W
yukreyd1+zLzT2d5GQ6kwVamd9Szku/FSUBQCt5unS9DCtqP6j+/y1lkLHM9
SOnyBo98hma56P0HPyKM5u1Osy8JohVR2mOb/IYe0LHCyzw/jz0IRLhokurk
8zNrPVZBdKml3xgp2NxQTvGEHKQHiefneh8u9Vydck29gQQyBXtF9vy2QAWR
eYcEkWrOXQrWNTCLQP6AF/PSU/8kySgYKIj/xupnrJ3OdL6e1MknkM+Phw4d
3BfxNKitWaf8DngXdiH1WIaRWKHEYXeyNdg+Nlq54B4oLGuGKdR39S+hjAcG
McAhTnTcMpM5Ek4NMolC/+L6EqfJsmT372KfxCy1NnSqysEaJo3PcrLPI4uZ
h7IAqldnnvIw4GjdvtQ9J3hfNlbqlYMpvv5Gn4iHxkPFiHtqeYHLjMi2VMP3
0CZ5lbfuJAysM416lKZb5Ouza4gf6OT4lbsV+mYfLCePDT8KNKhBrcNuKXdM
lFtPHrmMU4dLfMHtwPD9Zv5GwA/qRa19Di3fnVd8xMqO5kGGliqD1F08RWkI
p32lXtIjcUeopke9fX+/+6ABtzBfiLekKKGQVFoYf7+KNP3PdENe6vO/iyb+
udvgf3GC2Ez/niA2ox+COKj+Iw9k/3c9kB8/HsjVfzVBHJnjv0IM//CYOVr/
hQ/+1R30PySE/xEf/Avwjwjhf8QH33vR/seE8D/ig38B/hEh/FsO9rfxulfx
T0bs97yHf9yO70je6/zDqP3Wd/nxawT/xi/6h739g98Wf989+t+9o33S8H4c
jH/co7WLPX51j/5bejjI0Z9su9d85+CvFPGf7ycJAk55JH3+/mFOf24g+Z2M
JfKf7/9b1pRSJHOM771IIptR3ve1NvB9XpV2+eF+GWUwp1yq751UfutH/EOR
mv8Pd++17ap2JWrf09p6EtppJAHikihyznfkHCQQQU//M7dd3tNVtmt7nvJf
p+p2TYEGI/TRuxbf+NjxH1HtX31+tWH9C8X9Z0PyX8jeB1/9TvMK7z9drZ9F
yHwx6YFVeSelOx4iSI+/ELFfbuE5HbLK49cvDyN23bFPxy92h9rjwP4irGvp
IZxXP2D+dc9/43z/9Be1oSv/i6IVmboIji26vuXPPPBfMdFf7f4azT+3vGHk
nP3if/3Pn7laKQ6E7hrZyhPl7Rqf9s+vaXwitO6vuVDFf5pRzp9421iU63i0
rh77Ez37J9dx3WYC9UnE7u/ajH8znP/FZ/wTm/EVfb/5jH9iM/6TuffffMY/
sRn/Av4eA/FHbcZfFuXffcY/sRlfK+vvs79/yGb8RVv8x7et/hmb8Re1+rvP
+Cc242tOfvMZ/8Rm/EV8/O4z/onN+Bfw3Wf8E5vx1YZvPuOf2Ix/Ad99xj+x
GV9j8c1n/BOb8ReN9bvP+Cc241/Ad5/xT2zGv9F5f/EZ/8Rm/Av47jP+ic34
F/DdZ/wTm/Ev4LvP+Cc241/Ad5/xT2zGv4DvPuOf2Ix/Ad99xj+xGf8WJ//p
cwm+n0rwC/jJuQTfTyX4BfzkXILvpxJ82YP/+XMJvp9K8Av47jP+ic34yie/
+Yx/YjP+BXz3Gf/EZvwL+O4z/onN+Bfw3Wf8E5vxFaO++Yx/YjO+7vCDcwm+
ZyG/VSj/5LkEf20z/mrD7z7jn9iMfwF/5FyCf2QzvvaLbz7jn9iMr13vm8/4
JzbjK0Z98xn/xGZ8teGbz/gnNuNfwHef8U9sxr+A7z7jn7w//Sea+//ilAH2
F/CPzkP4IzbjKxv85jP+gzbjr+j7F5vx778/fPmMv2zGKqFjCJa8teVz4Mz5
Bhdz8LzJ2mKi6k9Gqmq4Q55nlg9/shn/Av7We96D+LGeaue7Sn93FS0pIkF4
e1SpvsQ4rbAkxgsTjFfM6KRrNPmXs7BMyKM+/CZPdjg66IownfsxJkeizABa
ChrPcyggzhfrhyRfP4PAOpCNBhewXY+vUy9AocYT5GFQARkOmcVscytbKlyf
K3n3PvEKsiqs4Dw+vQvl2vgPluneSl99Ptu+zleUY2mFaCLvsz/soDueOZOw
/Rs5GtRg+c8bH9KZ9qL7K0GJ+vFI+OMaG9tPdz3G34+2ZKVr919eS47vQn5Y
aRYYAqThltSmRY48PncCleIjMWiotCMEJdq8kM8H6is5B2Fh1av6cdW8INF5
lIAxUUo267w/xy7CtEY51PdU6pZ/QLGFDFTy2v+lNuO//rnvX07P/vVPfP8d
xOzVgj9AyX6Hhv6lZCz632Eu/uun+/cs7N+EEf+agf0PD/lH6Ne/Yqb+H9IU
/zYj/veBqv85A/nfTqH+YS/x9eH/VUri/3Rs/jttxAj5XwWv4vCN+GfhVRxG
/+vg1f8tIuLfH+VfgrJi/zTKGrZ/wzpcfqGs2P98lJUbLHNP9s/+MRVJTt+q
jKhFodli2EvTg2yhFwKsWydqE5V6Xu3erwTv6OmqR1SSVXJrKNMw1Z5QT2te
cSdRkuFZ2oNi+7lTMQ0mJBJRgF5yzZWV2/kbDpBnr8J5Zjc2VnmQm24HXlEd
n1qHe1vo58v3ZYE5zEMRER7TzSYTOg1A2bJA7mCpgRMB3vAjrpSXj62uAR7L
JBcwbDBGVQu8tM7oTD0pUFoNc2TYl9AjWntldwyEc4PINVXmQ0omP2eriB9N
yVJPCHu7OC89J/6JotXp0hX4BB2Rdub05eWrS0uw8dSuaev0uPEmwxc50SA4
4uOIKY8B1p20eQUW1L8f7H09BD7hNSRiafGT/U9FWUWh1M472ia2c7/TeVG4
c+hmEg4UUmCFfTXNaunGvh5M7+fEwZ6+8wQ16J4deIz31DnwisUtmvAZ4vSf
Tzx1gfYp6fTuAaAo6Tx5n6NszG+myKL8qJXEXCTLUMq7WL30opaf501Ggzqx
ZosjioF00N0KS7Y9qgDw4ly7T+8z3Elfi3KS5awtwm7+42gDZZrcfXG4V8Or
EGshxY6u7RKen1HkujIVyvmwgHD1ssa2QjAQR+Idi5z7iHHIpF/lDNbtIg5F
NUjraujwo+pw41UTwk6goIET3T3AWgtwqrVPn02136DH2PERE9+bSKBy+W3N
mn9DHGzVsviza4jAuLs6ByRcaQW3zq0ha9yXdVj4AyjrA8wRUzEpZsP2NqpN
orOah0NXtbUDZqU3M10bCJ0yEnea0H6tp2oJdhZSRGd6BzbvFO/1g05aqAXE
h9sFcQ98WvTC29seXACMY5/fGwfcPyXm0mVuhAvaRWJZJ43QvWTviJpXfibP
z9tFkMX/KOqKCgj4Pp7vnJI9YFP3eCIlXW4aL5pfRS5hcx98RjbOYV2rPbEJ
xI14umjJeIhiMnxjwFOM6fFqQPFI+0CbawZqirS35+PwNFVOX9RxSfSYbMAU
ftkCX7nIs4hvR23P8MdZ2n2zRvKqkxlW52YWoBSFNikTZF8I2hOm21qjcNz0
F6c/3/OO0gQNPjdMt5/QOYz3j30fB+LzUNu2wO2yXGkg8B+Wk7Syrrpc88Jd
j15TrJ9IdkPi9O5bcf08XFl+7QE2N4Hn+tTRao2vgjW6PPMYBdTaGC1GlwdB
NOt31+Vbx5pHqoHb2csefPNAfEjAeOYMhq1OfAzsKrVS4chMPJ8fnQjk8ZyV
CHErUCxXHvorChSwan0BzmbUn/mmr2J2l1U5qo5xFsE1mxxJI8NSL1DJRgoD
UMlrFrw+7ssPGqYY5voKvj0dyhqyBnVdCSr1EIIu7axCfqLj9aX7h+iVG9Pd
7QakWhIou3C6P9fb8eAznqzbUjQlMQtfN6FuI/vVoTWapjfVpIuU5HEi5Xsy
dF2qDlh6ol1EAvqsjO5V81zGkzq4Ir0z+w41ZO6zn1mIWUdXjqv738GZus/3
vRvG+iZY67rLwrZx7GQDYY22xKAZJDd/Hge+3Xny1pe3LNwjJe+N4gWr5Ith
XXKfXhtuZCIolndCrCpc/2yBOwJxzjZTU283vUZ3nB/UMlCz3aTWUWNBAm11
gZVqqrvzlrEQb97lWx3eTiEKNI1MWMkC5Eq4lx0/0AtBwZNHknqC+zf79di2
s1biDeXNh+fme9P1CxEtUcWLdmFYWM34z9cI4QBkDviAqUpBwRzWLcMVy1pX
ZdgSpWwX3KJZ7FUz0nu5RAbXVeKBJoRrJmFn2zOnXCCAm77qcB6co59CohQL
QxuflKw/Lb56Lejri+3XPNU+ODvzM2efxUjq6HZo17O0ez+lADwsFQoi012n
Rfg5hRYErfMsasJ0KjgVnRyUGP4m0sIpbsIRQTaByV2Uo32I0UKx+YAhdmBy
J5w79OozJ8B1TdH4h2QTObakXje5Su2vdw8ydc2qXD+1jY2YLKskdgb0NTIF
itUxTTlrFDaBPwI0oIIHESLv3ReEk+C+mbRqAi0kkl/PYKQfvYyjdyfP0Idr
wqryTgHwo9lsvLyijyl2/Q6bxztMsDo/uwLKCCf+3ClYr+uaaoO670CkaN+k
PuhR/cFWSmuZK8cc6G0QDW1SjZNCcmavM3acwfIWQcKB67nUtaQv+2PFWo1p
idDcoGpfnVGZDU+7z4HxFu/sTY6rdvsgXkOY+a1RCdctxMLiIGPdj8/6FJ6N
FcbyaevPNIrk8xGnzAf7CFvzBJIgqW2FeomR6HPPQGFOyhnOthGH1o/7dxDm
yu3DdZ+geGZ7JC6z4kTjOWRM9mLGQo4BcT6hVFFI29dPz+BvPpK/6+RDbF7e
hQ9MEaWALUzzhWWv3hMFBhJB1rEwM7RomnzqJ8BtGXdvrZt7cFrdYmngJLRy
RSwnblzG8f0wxGnQ6B7iVOCky0nUR3nKVxtrJH8R/t0E1EbInXJ4KDS+BG93
WRPK0ZY+mFK/eofvLXIPHvWvHe4ziRUDz0hRyrCU6CLcgNVTtoEr+D7Qsv36
Wdzyo3N+ENQNZQk71D0PSdQK60QE4VXXGHSb3Ql+VMkjosFj3wNrJ1ELICbq
8M5XSNFPfrtn4k3Sil6aO+ZdIHVdInghzBuDn2Dm9eNGGC2bSHr4CPlMN/vX
TgLwsLnFJ5BD6TQRHjxu2D12hE6/8yrOPbd0XbuPCMLPzGOVfUYhm+amkl7s
ncu5t2QIgGelJzFxn6fqxqIebC+5Ubvq+ZaRJgwahQ9Mep4rNUPm6PNhOOFt
SEp6LbjW+4wz3ONAf7L63CWfd4sKj4LL8w/VbgHv4G+spd3X447vyi1wRXRr
pRoh3A5DEWPew0I2CQ0hDSB7gPrb8k0bfREKwiFS7DyMkoLGhfPXkcHVwgzP
7COZqznJ0eNAYWVFJe9sZQiGh2MFmkeHQUq8+HL+7l53h/CgGvdJmIcafMIe
UfXAyUYNcW6iibfm9keDOzy/Ic9Iy6FyvwMTbLLxfteRruvUw7ylyqrJckYn
y7gQd9Z5493Bkil7ji3v2xCfwJFBpnRJ+ODMRREN0Iyqq3nMWO9Ixl+3B+46
DhFZFvSukY9hVPiaeQ4mmynmR37orPU6H4lNxHCqbfiqsECW3Kq+UI9jw59B
sR6Z7io2jN9WVrL5R0g9vZAUaynwySzH1ibRMf1mix5CjuWJDi8cqIrTykvL
zjr38xYJAkrI7OM+e1/zdgibQn1/+v55VGd1c2UyE/cyOK7tg/DZ3KOL6xFe
0Hxkmtbv6cRVWLV473pnTGl8vNKFLK29QFVa3uFPKLU7geQPU/h6m04W47ez
XpuHAGAP0SAhD1IC0sSSxM8Z+3a/vRO2RKyHX3VlHKmxvua0W2PvM+detTqt
IBd5GQfbEs4CkfSKPx5vw8EThcSl45gaNTD1eBw0A4p0Wn2knZxyFKOlz8vd
drc4HxEsTOv4up9EUgEJ6rY0Lx6OtMYkFLmQ09ii7Jtc08/3ZF5NhbO8WHbu
pnEe7Il9dIXWPxnXLXOeuYgO2Cg+MA5GTXiSkk+iUBpdIIbpYR8PJPaQqg4j
wXBnohfD7Rb5czIaCqooNlaU/ZUQ3IFk5nAmSaYJXY3BIsOUyEHddgl7fF2l
J9p659NzXJqzR9/il/SDjkdOIaAo0GydgesbINORWnbxlVUJs7HkOQoLokjS
AXqC+eQTw9w/KQ+P+PF4tgkG+sLEy1h9GhZ+13H6mspzZSabFqdBwYj7+55N
Cyg07movuhiRyhGFZtu8IlvwkBzGWilw693EpqEtHSLbYAcGdtre26RRm6Ua
btW9bsFrpgdXWRHpYfqon8Uz/WBzFEQizlg87EqPPM+vu9KCvNzrpgbWEU2N
0Ho673Nv3iFo+6EHv0xz0u9pEkvPp9odBd1Ui/65UrbamhqHQuthYpej2qdQ
AXjmEedefnOfN//GtLUdPnOhhA2eamt8jm7HZ+nHqDucoRicx5NPI++ULcUa
189BOTkLVPm+6A/jhZMfGD6dSdSCja2rnbKVOMxVAdHMGWNaKTHC3ast00gs
sw4P55yqCL37INDessdU2bfcyW04qn2XFIvk2bK+mM4HSzEyRxohj1Am710p
gSONlr/n+RSJ1SEffO0AE/TwPYPqrofFzsoncW0tacO5gidpV50VQVXhWGuu
EyAXY4Sam+hh594NSyR2PsXuDZSpN9OndMxKxIx5THcl9Nk4JyRIZ7vCwEtb
3ht2FYSxQ78CKgiacrMszF6inoiReloBPZXPyTaLGs5B5P5oIf3M0cruXfMj
LeUHanPrWV4RQqHye7G7LG31SJ67SfHpX4ML9sBDGhuOonipnt5cIVLkdiNe
sr067tPecH51hW7tLXGaRDnQoNEeNl7gCTR6aq/SRbIb4Dk3uWOku8ao0MQg
EizADjP1iBMUB0XQKeISYR43tXzFQxWtHnJl6RZopC11RZMykoE3v4GqZ97v
V4miBaJ/FaesFw7e+E4eLWGrGkqOKjEPoWsx96y8s3tH95F5n9UPP5ISDMhN
ZWcRGxFFsb2yNZHMbhg80lRoBrEFSLzS3K24yjidgFsBbfJYGWEjg7sFnO6S
N3PAe6qRW7BvdDyGqRIzQbKY7x3zaYXVG/louptwh0gH20k8D1DaG/ZkcIRA
Z2ePYHAwBKgdvmOjtoxcutlJQzKiOczLY5jnt0jZoqBdhWrjE4RnYxacXNFj
SnqaCCfiLWiYclVt53rcr40qeQ4SFZ6BgbLnVUlrNphD/huZ5nf1urfSS2Yn
RHhcCWOL3UmBLeKFeSwKPUGA+ia4aqtGH+KyZuaTskGM+1t+6dlTw27XNepd
enBZQMePw7B16ZRi7CDzUZ3PLpkcEGA7mlEM7ap7xZ1/8jbCzGtWW+QnwcYa
lT6REKbmAuVlp/Imj2OgrRWk0nDTVbYSt6t6t17x073P015LMe8vSeYrTHFv
GmMRIgVR3rSKIJ9ycxghKEOZxWYxNuTgWfdRu9DuwAFC0qnKiAv6u0lvZjjh
aJk9PyBf98/jONqwMNtVorErcfgYpUhKU8mGUPZKxoQ09cfHA3BICa8UGlle
dO1o77M3I6eVhUKyQLElrlJmhvdmEZwnXtCFUxNMaj/ZZEVvx/QptAUB9it9
x8dhr3pGDG0qTyT+NOJUJ0g6gSDKB2k9OU90KbrbnC+udhY9u0ZjBWFFD2Kn
A9yL6ChUIbi9IeqQlysh+Cj7rnRH4CW5Hb+MiGGYNr6qb6sFIRaK8h462DBn
X58qxFcNKEi9fL6Wns9vZ0LTD1gp7cr4DHUzuqNIHbvWUSiVQ58qi9ZsZmpD
Dccl1dg5MxamrwAqEiyXlnStkELbw+XQW4zjXaacDYVmqp5UWp0K43mbs53z
zif3c/OTSd4MRDgG9qYAegHeb1iwwbZ912CrcE3szZVXak/aGdKUNyuByywO
Zu5RZPj5nBr1bh9EOGtefTzjeQCUx07uiXZUJrSH03sPZV3Yai/r0a73HzCc
lOXWr7h0yEJ/EnXWdY9q0RLupefvT2OOQAvD72pNUL7yRzohS66gNDsUbrDp
7DbaEagLGvnxslf2Lmw7vvdWQxVr8ID9x3s/TB3oNNcPVkO0zSQ5HTvcjXpH
WvSqdxlGplMoFcqraBRFtdAwGtUw9Ai6zp9uJ5HqD/sJATgc2pJDz7sfp7Pj
DdTN5xAQVKOX3UFvOPQYHt5ErzARQmIVJQg7IrgtQkk/m+Vtug4gf54vKbEy
g+ez8Z5B0BWkb+I6CMOTy/0iOYi+0wur6E6ZmzLKu5OPpqD4eyoHMSVQM9CG
U37lYKRjtQ4oPEMa28zCaQ7uiYK3l1x7n0W4J+YxYJDYvtdJ7c8+dBvSRwIE
n2oUKK/9hTGd+bopjsRqX4IZbIQGjYplc7htRao+s68l2bpx7a2USeGmFFmy
/oaZmi3QHXANLdt1v6lSZYdjn8BGZ8E/hkzGrea/0II2dCliD3x9fRwknXtP
y5dZ9jvXm2/pmW3As6LD6m202vMYHZxm3w9JaB62dAZaQ0z+ClEUtc/OLpPI
7kOvIHarhN48pCb78qlBLfA4XHF8P/1+jsz37M16IvIUeaTXljcJrkSS/Ph+
qfFyLUcOJtr+w79WvjM2Jh5aQnkJgLPK2ptVeBhT4olgBiOpmoXjCFsgb+U1
QS1UO1lMKYK5TXnQnzQ+1a8Bs6KAQLrTOwGrWiH3HcHBoJ2v8ozlkoCuRA7+
6PdVtZ/FdhM2YzWPUuRvT/7x6e0KkzRTeeUrrEKOBDDEKBzqXi+Kyn7K6RH1
6Dh3t2tqLB664VPakmnvVLpaPx7cNUusLt31aMa8yp3cJVYBq587fqSH5JWz
fHub+r0xnjt3hXGDzZprMzSzLY7st9vfz/jqqTE/8OKxDWzOn3xyegCqsiUm
NclUpHglUExgrVQGj1cwvzVcm2bKrWm1dN5xKbJF+lMg0EMb006W9490dR8K
qGEqO6fP3rnNi9pTXpg3yT7kOcexvltQ7QljD+HhT9jCzXe7p70rSzSe46a0
VFvgVgHMZ7UlTEoLI3WNoG4ZIhzZVwXO8XP9eGqf1q3YNbeCmhNpL4ZNDClt
tMoq5lXkBPs2gCtbbEL5cM/6uPnPIiUfYP48KMidhUqHIa1HZwRmPvgZvjmT
NiEOk8a22Fmn2m8v48UABBQgmDBa5TxWQYRZkLhZtt/TLy+1jRN6lmQyjBZJ
seYnUjwpuB8j8eJu5LLoLkQ1OJCM5vr2XiGM8vegwh8Fg71HZnsudt8o2Jpe
NfBtZlheDF6baL05WcD8YjRzOqngWYMSwLG15SXdnSxcPnhYxLvNst0hMdD9
oe/WW1waf1QsZB2YispHhDsPqxRPHcXl24R3TgpgdQtFa9zhc2rwa7Cpxqot
4IdJ7pidOEGUKCO4yLzzOsD59MhIPQRFH7pUusozcsB64HaNIzXAO96Cn9A2
H9sU3eqP/0FSV3jWIasY9si2cj5AqIxsutaykNBM1yrPoemxMwcAdeMH9wNu
To+shz9Fs75FF4qoJoZdb+fG7OoTB1qCERHwk5eEV5XfimFtUt41HDhMgWQv
RMY9jhiW3mxUr+n5FMwNNDE0vZJTejHIymfZ6nUFXsQdXInKbVsmDx4y0ZvB
ODEQ9yh0v3ZVrU0ObsscAqvLoOhT2XYwD7HtmdpiO+2qanyv2ot5E4iuQudV
57MObtjEExD9HTVfsLZ19hYfoC1aJTW59zWjpj2qj/1R74VAoYSh9eK+RAF6
VyBJOQUp0YK990QgO6IxQ08z61gdL0uXzq2Qvnu6wEjM6FyLdPUfD/xzZIg5
yayfHFj4Id2qBTfJYZKCBkRLbHXnIyV32rSlg8dbX9uubObcMkJZTVWtUmPY
1KE6OZZ6eT79zgrfoKZTdRBtYX2gwtqbPWjSspt5Us0Rr1rZ/i46vLjaw+Fp
k6toOOKMEXaaQuqog/RhPwQjiuB6/MBxwJwkugjbSufaXBvYKyeHype3uYtg
mGvG0l9YmgQVaL6ctIA1kr2ZM2fapbds/Me5lnPFEAYvRB1nPLMHqXaUeOA5
eY9neVnB0G8sWuL6ShWZ+UqhO2mrKcPICxMKFVWEkF4GriKWGiy2fLsH8WLW
FkURYkJVCjUUQUJJAdKXm5o1L9wPYYioX3pxg5i+o8fiUEajWgCjw2rpbY0M
wVIxuq3BiphwPy7FEIJ0LcnmWtkLkTxqzRulfd3SexLvwuLcgy2hCfMBvNUr
AyrfG+6DQ7vim673Y5ckApVqD8vvKH1QiKHqnkM7TElognctVUSZzEpUWa+0
OANM+f42GQuDUWvDzHYWOiiK8gZbh2FLjtTouU5n5Tt5tDrp9lWOtwMT2yz3
OThmSI0FQDznUBnk5HSouy2TQisqFBfEy38vLQs+ZBh1s0CwOgcvrPaYRF2R
Ou/as7iq2pHtIwMD3p0mPuOc48Jg1k03lC7gsx1h3L2K0DwyYaiHpHvEFMu/
FDL+f8hi/O1Fkf/H8WPDo/+jwNhyWZZr4X8kMMb/Fn5sP78ExnH334Aff9Om
st1fUMvV8SxC4o6/L3C9rv0FFH9XtxufKQoTEv9nGIQ7/qZ06xfwb6ix/7hf
n5a3qKHv0UA1fwNn/AJ3/4NE90uS+tcaXaPlP/9OovsP4dnrDn/GZ7/Bs38F
CHuY3ySD337BzMF5e6s9/Fd47i/A+OeExV/Y51/Jnr/0w38fTv4jaPIv4B/B
yX8ETf4F/H04WSP+CJr8Be7+fTj5j6DJv82HvwsnS+3ypYb+6sF/m7Nr/Og/
X9cULtxojkReo3llAKYjt0nITNczNn/S/36Dyv8TVPxL7P27kPjf+v/fwFDz
8Xdx26+x+00N/Qv493Lo/6iG/sdI+JcEkf5Lv6sujfzW7z/CsL8/ze9C49u/
v1v9JS3+8x3qdLDW30azzcZ+v8a5kwRtc71etx3mL1D3l5r4K/JIAqNaiNbq
O6xc13yBs1t2XfML+DpAIHKYOhso5LrnX5DvP/37rbrm6hdQvUdhv6So0P0b
Gn594y1nqd/wIWFOq79qeeWE1hcK3v+5D34HqAXmTDH7GuU/vX6WoV8xKr56
R3r8Fo/+jF5/RdD4K05iSWhPf4a6pwhjyq/++vc65C/N6u9C5L+pQ3boxv3z
av6KUf9eh3zNqG9C5J/okH8B38HDn+iQr53w74CHfxQ7/Iq0fxs8/KPY4des
/tvg4R/FDq8o93fAwz+KHf6mOP2b4OEf1SH/Ar4LkX+iQ77mwzch8k90yL+A
70Lkn+iQfwHfhcg/0SH/Ar4LkX+iQ/7SB/5t8PCPYoe/gL8HHv5R7PBrPvwu
RP6JDvkX8PfAwz+qQ/4FfBci/0SH/Av4LkT+iQ756odvQuSf6JB/Ad+FyD/R
If8CvguRf6JD/gV8FyL/RIf8H9S//7QO+Rfwt96P/Wdej/06vuR3IfJPdMi/
/th73f9Ah/zbzvsXIfJPdMhXrP4mRP6JDvnKq78JkX+iQ/4FfBci/0SHfK2s
b0Lkn+iQrzn5TYj8Ex3yL+C7EPknOuRrdX8TIv9Eh/x1AMrvQuSf6JB/Ad+F
yD/RIf8V8qr/RId81TjfhMg/0SFfT/FNiPwTHfIv4LsQ+Sc65F/AdyHyT3TI
V4z6JkT+iQ7561Cef/4woO8EyW9HA/xThwH9ex3yL+C7EPknOuQvsffvQuS/
r0PW/q4O+cqK9Xww66L5NFGW0rtSKAk3D2/DEgZfy+mnOd7AozCEdsb0v8W5
XG34jXSBE+sTNbp3p8+M65jU8tM33Yqf4hUPBkpavRTfSHanrFLPZGy/wbZM
T7V9u181L6LPV/7b2SQVREQivhv1YPvAh+Udat5NQQslE99jakVrYwUFCtNA
akOKSf28KpqM4sdXnJyJF/5xJ4XNd93I0PK9dhCYv9f05T6jXpDu49iq+rOo
mOahaR+/TNZCuz7nj5Kvg78AErqVJ32lSZ+l4JsFEi1XJxe+3eHZYzfvJm/W
+fW/x9GSuLFxS3MlDO4EJ/JBOzV7IVwrq2kU513QWMAgbSHbS4FCFYblKoiD
oOetlnpV/Hk3auSdhPHASIQKxq7pkKQPdkZfVxvSKhMtvS4LWAsnWVSe0Wt8
gCCKrvS/Ftz+bzYh/82fTf+bkO4/7j/+GyjdvxTwxv6bAO//3Hn8L+S8sf8f
OO//Gsvx97nz/9Ms+GNI+v9ihfI/Sz9fPfuvsifbxdyf/zcy+r/Nq//Fg/36
uv//Dmb9j4mv/8VsOgb/l7HpCPZPs+kYhv8Xsel/PUH+x/Ppf/04/55R/wcR
9R8F1H8UT/G/xNM/QqxL4//5baH/n69v+4cP8HvT7eLq7uuvxfKHL/kNjCf/
BhiPfYHx1P98MP4x29UbAunFRu9kHmBRdbY1kqwaKBqSdiKq3wAVrLzuB3Mu
263CuTcdlLqHa+wNrl2LhfwPo1t89KRCRY2ndpdZh/5A+XRWS6FE4dNHAInS
9hpbg2QSxUq1jslEPhFIS2Qb6NLupO46UgEaPdaYLWJ48iHSipD7WCwokehc
lQGJnfP1gbaDqhxb7bKzcJJLJrGMw9tFgjuVTr1t2mvqfeE32a5DamvH6tUr
Vzcq2ocEin0u4CibIrB62NHTi1RF2t5Ee+Y4DeVciLrZ/YPG24ZqRzRouQlP
XUE3TUHmjStWIJAUFOvGOiGa5JYq4hVKq0zJTFJ2qQM1y8lWmaQ6kUN4UMsJ
c9kznf6ngvE6fE+fKLYW4raXPMtBmYE4dPwEDPmezLUZlx38up2lWxXg21Ez
yPM6vJlHwRVfXjmU5B1irOHplIlp76JdqzafxIXAEEASVLEOcU5xZ+auLgIQ
jUgVRvRtsHkrVk2CGnazQgILnGsvg3TW2z5UyGpc+pqaEI+BcE/e9K1sFcWu
RxTf81cK84Wf4KZdoWzbzpnwUgPPw92NS3kGsZYFDm8EafPnVeNZPjA4XUGt
uVuDGimp6IpO442T+kM+KRrM/XXXqs/9mUPpTiT488GCYkew1bx0fFkctG4C
5/wUqEawAgjpX4hec8ZwNyy1Gm7mA4RUfAyhY5Ewq6uYdGZJnZgnmACDO7/g
ffUbGK/+ATCejlRLHYeJ40FEpTRwvnl4/wXGOxbw7ho7arZ9THmr7Bj9Pkl7
mxM88xC5UsGxqq3Nw06S6IZpu/wMJqdlrVWmPxm1TihHA5VwqtAC9tojPJI5
v3PizoVvypnWBN5j6lbJkVPoGiOfoOVeZfere2qv98t/uq+eW8ANwPHj3T+1
KDN2Irjamsu7FlOuuSRiSiUl2YGKXtUu412JEAeKj+kTPHLDhAKdkMDP85qJ
9d6GCZ9duYZ0VBja3k8XTjlxxvrPDS2ETy/orJjf0DQTV54THorguXHsGyiD
3+psAzibe6qOJO30cnOHgExaDnxmpYa9K7y3W0yXeTuNT6Ztjz1kOTpBTBDj
bSYjlWl7BiwA60bFqNlhqRTJ01dkGKM3Qz3jRGdvUEyto5lPGctqod8E3fNR
l4nds6LqKOnp+IZlA1h/NeB1d64WW7hKgQ9hh6YBYq4u9uUZocUgIfc87iiW
y2NF7Cis4B+mOGtu+skCKAJUvEs4NNrBzRYk7RZHV+RNwKALa8KxoqEHc1rp
l5BHkocxLm7UEVM+JSNLyBtFf+AeoIRCd4pGvHrEOTk94drM2x6GNNxT4jbH
bBMbGYI8m00xhgyCRowePNfoMPDY3pCUDYAOyhua9mPEC3hbkphYbtAhDFT8
5staXQ52bVcvYwbvVGoE27JJ2+8N5+FV6U3uyt2BrNDxsHMFXtVutyyjNFwp
MvReBWLkaTC1z+ejeVJQjFj3pwPalR37KAJHTfe53wnaTYHtBg5ElzWJROFX
I0KSgj9Vr7YGZ9/lCK8co0zZR55St3A1p/eDdhJUhl3DwEqKpnkSePXnalem
qMlnRD7QXp8d4Y74td+XEWLL8WwyaXy/r/am8fpyBlYKEuCgBZD50s87pgLx
YSH8vfrQ6HQa/d2R3rZWlVHmSA/tjiFPSGo0V5bgjL4bId743E0ZGXWKe599
W96uAXCgQM2jlaUq5NxFU0X91Vdx8e67K1GGXmfgIRrI7rJTrM/pxWMBc97E
Y/OS931DYdYAZprpuBilim0r0CtWKf7AceFDYnnKAJ9gmYxDeIuFj7b4g+nc
kQWTrZpnmyqSCVQyJaDucQLpQ/nTsfc+m1HczeYka9txYzD/UeZPrnLbgVZl
7lZxXFU8nCAWleDgc+n1KcIXQJ7SpLA3Eb2fxsruMezpVlpI/kQ8M7nd3Jcj
QzFHkSrYqhZua/a+PvzJqHsHX12bvQE95gx+SD7lNMQkKEBohXkI7LpFaAfp
z48mXyOQw7Y9pP6m7wJLNs0URB47eBBFJsQBIBuJKc85IzGV5NxuKq+V8KGr
VXxmdm9scYzRc4M5c3LHysjK7p1H4yNkPkkTUdk0fQLna7v2EpSUSjANYFYX
TPAm36FayF8Wz7pMzVUlbq5j81ENOxQOdovTp5/vOvlsp+wZAB5UNeQNLzPe
kFtJK3g2r+fotmgLnSzzIYgoMr+d3Nug9IAajE8+Nwadq1WFVgonZxeYaJfT
32mvCuZdgDoQ1npQFYS+IqMltR5Ef1caAjnEU58JcVSosD37t+pJlav5pPJi
AC7en2fVk56cI5J07QUqsTr4EBrsBnWYWVCvxLLv2sCauvS2zpFhKLltpDv3
zFgeIVVgaWxhTWHHtG3koQ+SNIAYLBoMIiXm0+RvJCxT9PwyC3Ct0PegjByi
Oe79aXgWmkH9ChQO8xlkRpSV2XDQhyhKpTFxH2K8Qo6PcJ636g2pHrIxQFn7
co9pazQbT+91Zrjbu6iBUVzfa6yg7ev5KLWztw+Tg4nVtqjM3qBl0/oyvIrE
HknmrICfO/fwPc/3D+l+bvxeqYCmqdTTX+/X7McO7fTuXtjrNc1SjYf54ttD
Gmj4SLlvDUd4Kh+IXcZtL7A2ut2aAIc/QG4rwyt94bJS4qLw2N4Zvwwfym0+
9+PTvKfDs+liXGL3rifLGqGvYRSftOSmcoZcCfsEZOK0w9qVQZRna1uVMDn+
YpW4OhvS5hwtmsdwR90QjWsHEdWQeECajtKsNeWC4/bBJmAnrpjEjN6Tqq70
21pv+Kgg+fmevCR5F8bkPxExXNFnjO73EubeL5sI3wX/Trq5x9cTAfTXwTXY
pOgZcV+IlhnFNLPbfngyWIWwUEND3L1SYzvzuVS7dyOoPLhrr4ZliBPjEUeA
YuzpPB/DSkIWfur1R/8I/Gsmuqz1jucdtafazUwEAomTw1wHYZKu3Yvmyt7p
WtH5EVhvZ3BYzeP92l0DzmH/8KR1hXNyuTe5eJuPNjkzAkdZBaWMDec+93NR
zqcLvqXTMWUGOK+oZy/D/IzWyb8bB7IjyBQ0C5NA+dwRVq04ftKHhgfa8qtA
ZpwKVJKZPmuBIjFMxVfB8bb44pPY2P3FnGXxuJ7keCCW/Mic6uRV34t8Q8hy
jXjhWSn2y1OXdTTU/L2PXycUAHIlK28x2QmVZb8sV8NV183ho8tmUxVgNL5K
My5lUVqJbfdeYC7cgg6PY4IlnWdspi+AbWO4b9cleL3BIqD7JOlWebTLqWNm
nZXxB39epUOyxG9wkq9oLcSW7ltRgQhPNX0xERDf7DLP3mCmbR/Ub3aqJLqK
nm4jxzNiN8kfWiNBpIYTfHiUicW/VbDLNMk2fT6VqW4GskCbHB7WKHdUZQol
ynr9Qtwtg5fW0gDDBT8JxZBdtT9hVMkTdunOU3q2b5SOaKOWAc/Pz8+Vp22e
7Um7pLHt6dVI+xpmlif11TswqAqzY+PXibLb4ugjcQdBha0mKcb52xMooVhu
be3JcO87K88uOYr6Bs+Vfcy9Vd0ODKGpmBuIOQ+FuwfFuvwqncQZE8bwXion
AHta6OSWy0sAkfKyMO/TtyW+PdBNKq9dBj/R84TqVG3rGkbaFf10csyi+aEy
InHzBA6YH4sK9oMlOtasYlkJw7l+vg68hndu+tyhF4vvNyg5OBJWmlZKlWxZ
Kkf02Pyab8wIARnYIHX+DEsXmlKP5epKMLQ+faUs1b4n54MxC8KPbSCs9/c4
gPrdS/R3VbkpW7zbaMsBrarxIvk4U2bd0eM574N0bMWHTGr91sCpKuH3mCcN
5xQ0HjkFFYbKkSMZiDvh6doSXGAXAgGsmWsOJ0Ee5qaUjkbrhi0/R1l91UM6
NXrTSHGPXomS8+bNnjNeWdf4lCBW5n0J8HDBD5iEw5kIHO1z6NyQOo83c8M/
EN0cG6dFzEhQkDpkWS3RkVX0uSbuy0kgSLOCLpDFnrbOxWBNj+cjP0zorXQs
bJa4KxRPcgORgLLwMz0OucbHl+jS2XsWcUFmlud4OhUCtEaOHZIBLZbulmzA
SK0OR+8iN2yvy5vCjt4ycVbJlX8wFvtCOhJ6XZ9tDFDATQ5RGUBGicWE1RMM
wtfbguGTpq7EIWrsan8e0NJmG8L1d6JTtEFhdNZXTy8XzKVq3Umql7UBONrh
7Djkgz4sadnZXTA/E+4Dioax7oZISOPd0V+EZ47OMoVTyaNKffNITnenleow
ClgQ2mIehLBGpcBfwRd8kVMiskHZvTrPYyvG8+RMSR4bOcTzWmKMQwV854hM
nE70sRTAaZTLRx+TijGevqkQUUPJal+EPKM7CXxF1uOtch8+yTld7deMV1aI
DYIwyp43rXsWLSCcD33UH5NgyyfEHyoopYnmV9Q+0HWkhi9yG0zBgocCp9ho
TRP9hZ/3O3K/9jCcF9MEqMiYf6fJtTCF8RGCrYWvBZlVk3xLrgq/eBJl5l/l
M6Ng7ELARTuzGwGrUcuFrxBPoB0wtfp6/muB+8ZZVtKDoDbuKoMdZ7GVgrx2
4WR35fOroG0EsAkglb59ZCWsuNwJO3hnAPBKOxW2ZtyeeQqoI/LgfbnDU69s
2J7qM4Vk0W24aT4B2u2EHHhhovf1YRkPaDyuRt2vgPLeDnczmpbObliDGaTY
I6LsRnBX8B/ez4awJgu+pp1IPmhenVUzZH1ueE/1KNGSCPgee4BtE/BO35/Z
QFkDW5LS2o5X5AMzS2g/Dl77Fjc7vjpcRaBvY3UmF+cdNqQbJgRA5c7MtXvb
VOtzOlRY4CcBXWrXdYQ4FV15IUGYubeYaG+l9pm8nB4cX3Lbx+N5opseEkAb
C76EImNxR6q4KZO0m49huLJxYuY6t68XkaZyBu7PnXkaE6ZYBE+uhCs1MoJ7
6gsB7BeyHTx1ldUUdwX0p1wqBAlDvC2vkm/vIlucTKV+yM2HpCCLimj1T0mu
39ocrOZ7UgHGKyFuHHIULeUamu5l9NIfkCHsQXiH8eq5mFS1f3TSPZ1jx/tx
KHiqql6Idrcp8HhGX+oeXUEl/JWl1Su59j8spJ7vqhEEa5XoEXbiwUTFYsIi
+cpsvFfyGrZOM8JzVWpGIhMADOgB84/gdnsjzpS/OatfO8XvU35/cp8vx6+j
vXVpNGxHN0FbjQZLmJW7x92yOEX7HXjzw0G+ts3S1GUoh7bmR6usCQRmwxV+
QtU6brHeZyltdteMQl04+0RvmspU9NzpV6wBUXK/bcdzY7dwf/a7pCB376iN
81FGvMd6pZmh20s0gxVu3lDuql/e5ulelTSZBAqqsQDnVQThdOXz6FFyFiTP
+1CEnYanDa8PSvg6rC0PqvP9jL0a1143Bz65U0JeIHKOlk+kQHHkrDelug6y
iX1K5LNbfYxAH0yRFkbDFzCxt6+rRO3D51Wh8EsfVvhw9nDrD+AKIgqA2lf1
ff9kwuKxVzUgJApkoNST7+PYzEgET7PQAYV3d5Y2tStbYisZ8SYCW+ZhVP34
MQCvJ36WtHEInNIeaeRDR5l7b19SfBqJyUFTuqqjcOTD3U5PjsrKvOnKjkp2
6Ep8A8IA59jlwJtSawjiiNMFlSzKEM5gW44bbWzUohSf4fVaBm0JZmES6Mf5
dk48PsOqlfhxANwxQDr5GvNIa/Tq42pQCD5eSUZOYRQ/KXW/bxvnmPmI3eL3
dpXEqEU8eom6e0KGG8a1nCGSWIZuHOeaw52hI3yZN8l0Kze3lDfTkmHokCbz
2joEIcHBJr4deLiMYlfroaumGEAs3BIjfgi15hDbBhzOqXFrdcm/FT2riwnT
kaDH4nByTVZl1dbicROQQVOha7WD5U0CCAPxuIbPjsPc5NLj5q52TKecApW/
YYVcpS+Yfg23SGlz9aTRFmxpDkmeob5d67++l8AVwWy/Bs8mBlOaa8EITSOT
us/zrr0p8KPzD09jIjJ/oC80SD/ii2OyxlWs7cTi5RAcYAsz4zaTEQjGzWs5
3gM4IdASNpj2ub+lpvrwWOn5Q3ouvnyLo4CpHRDS981YsXd5bBMQYfpCMUkv
c1DfpvHD4Tehniu2P/VA/KgnLAhzbG8z+wk2/z4rQ5cut/w0BXsGs0oRgDwc
uqB8lgir18iDq0B4CAzQR/S1yTINTdw8aAP71qzbzJhXI29IVDhSxLpk2n8m
9gD0tXfGQ2862E8i+qG3kYpjooN15UN++/Ob2PaDDWTClOpuk7UAhsZXmb9e
jNrZLW4bgE7ro5rdEcnIGoN/8uSDM+/ZTeRQ8XgJUUSxz9dDlhONE941zYCs
vt0yfHxGzNBFRfkGeihAdKzrq/OQp8hEBpiSyfuHq7d77FAaRkwlvZ8JGWx3
mSc8kYcQHnlWR0VsZybwIvBZ4Uoj3h2ZTzh8ijwW+W9hWN69Eir5J2f54XGs
ncCzt9nTEXekFrvAcpQNbpqwvhoBuH+QQcQ07N0RDG90tFels3Anb7RAfx4n
9MLFwNzuVu5w/hI/+bKC47FGs/jRhUHIew3QOmKfeJvPXpWBGPqDqKtkpD5V
w4OTWEMN/a6LE7344eAgNSY9dElcJ6SXhGDDPb2gALr2bceEeq/OQ6kkn6Qn
Qp1+etFsLLzDYEkDrbd3ut6KKeCIEWQcjWDNx4fzPVsl7Q4ooxC9c272gsoN
F1ky9FXnzCxy4D+g5QthTVSH4LrvY34wNi43G5Z89kwfHK9n8363AT3Ha8W7
PwSh3FDLsK7hYJryNpRy+hDlLMrfUyMtrrpZohavI2nx1oF1UL8ZZxvNTx54
9OZLvp3NWLzTqyh60OIdLeOsfX0WXpidxoK8gzPY4ypcg5KV9PgZDhj9tLgO
4/JAMwGm7WNZTi2j5zBSfZrtzCCfDlI10pR1Xhb6PHNExVpgF+usUzN0SSaa
Go+mfYJWg46BHumUx1ZbWzSAgmhNO1Kgoytc+4lKWuLADyv8lmWNhxHEjO+t
DaVZtlOw5opvw7TMFfBkdqYzXewNlCOyxX5U8O6KEBumgt8xpXZV4uaYh9gI
beeciq6tg9DDUMldaJwbA/LAfuVyyD5F+NtXd4zXjL1V7inN+0E9LHFXETwc
irvubeKVXJS1DZEQqsES2cpdQt9QF5BeCVmRZmNRwWfoDal0mNwS0365quGG
otwnhWbsvNGstw93LPMUTMEodwmrZOr0qMWB+kgDNNZq8X20AvTK4itBt1ka
+oxZiBp8ouL3NqhtZvjMnwJlMdaUB3pACi//BOr7NQPybcwre3JqCbU6m3rN
p95rPHPHzHvZQxCxiTe5hSrFoeBaY11nvBq23Sye/twyOeYPwFad3OON7M3n
1fpUaCQUybRorjgHEYRE4vgDDm84JzVOFziTvkzllZvhD81q7opYvhJA3bq9
hdaNGmXwROxcL3OEGtBzxq/96nzKW3x7UuyobNaIPENRj9JMLFhB7cayB6NP
BDB0nYh7dSNXCBdICRlIdu7yPnxLIHPGTZSwKx2nXcT3fmTOuvrZhCHt9ydN
eq35UnHA/tDUc3ny4VtmromIYDncZA2fYHRxBIJHTQPYc7qY3VNpisujw/bg
xkguN2kkuxtUB2jYYIruLnnwZ0/en2cVdIxDhnrweAv5Odd2eTemhRp7roxf
eD1ai80p+3vRDsvS5v+PvPdYkhRd1nbnmNU9HDtTBoEM4JidAVprzQyCAAIR
iCBQV/+T1WJ1V3f2yt57r61+KysrkQl8wt0/90ie13cVSNMuGi9xdZuQovUT
qioKew2KQmw174JVWFipE3eLWxOL1pjEaZMBKb1/L5Zc+jNupUCxhyI2jzdh
xzlX9R7i0JtYjBs4PH+0EIeia00WOca95UvY6MUjA0nMfIHJs7AxRgczgH6K
IT1Kh490awkvrgM/mV4zeEfVni/P10kzgsamGnus2tg6r0DuRpRjxhrB7BdM
dgeKMS8mmM+V/g6KfD55pIIaQQvT8eGiM3p4dn5WrsYxWVAT7KYvZ489x/XB
YDZtfGsu4K2D6T35Ww1iV5m93qKbfA86L5z57iku4s2W8pXC11QMIGYa6N2q
d75IMPKdFTHxuG7A3WWxOMKXQ4c4vmgOco4mvqEhS8rM5c0r5ZmOPSIcKeIb
tjz18f3gY0zk5BtxZmpXRAJq7BkMS02nKMaFZQI6pc1GAoU37jHvvUtrqPIc
4cI2E/KraP6/9/2m/yok/4f3Y/67Y/lN+UcsvzxYlnuSf4Hlu8SfYfnu6wPL
H/n/ZCw/VKobErzOq1stUtqbuH1gpV8GzL8BNxZ+xJHRZmL7Pp+xJxHzuvvM
73t7/wXY/IG8/jna/FWw+QOq/6zb9QfY7P8ebG6DI4nk2T5nlz3tn3H0n1+c
MAKfL39d+we9afUHRNu+teCntTnXfvmz9fhYyV+R+3+sxw/r4HdBl5yrnHVn
6Xr8vvf6uZs/AOJxJxzJuWLn/X8QPPgdEv/rTn+XBsi0B/aOfkDvOfuPfcz/
rIv5uQ5/ePY5xy5YM+lH0YXfjeHXnvDf+0j/867wv7/6d7v90Vf8s/3+3VV/
kGf4RZzhe2/zX+QZ4B/kGX4nePBZ9/gP/PjP+8f/XtDgc7s4/eKPUgyf2sXv
+70r7Ydf/4TEJ5H+19IYv/HfH/rOcx8r+fe7sv+2J/uHRMLf78r+W/v5sKhf
LKgx2O5X0Y+f+ou3Tv/RFf3nzui/zu6Mbj+tG6rg5xjOUScs42nQ99hY/gPP
/+iUfq7mztguZHjycTufcO5kF7wylGmT74ITHwIH5xyX/Lznr7IDP33lLbOM
/wH130QBz0SqOp/yszzB79bpo7f5b0Z+7jv0IUdw7s1PkP8/IH779APowxe/
24xk1GfacO4b052zOD3kZ/y/uXVCl5/WlCMtlLI/CQukorFGyD928+vSAF8F
/r8BnyH/XwX+P/ph/r1Owz8C/9+Av9tp+Efg/2Ml/16n4R+B/3M3/2an4R+B
/w8Jlb/XafhH4P8b8Bny/1Xg/xvwGfL/VeD/G/AZ8v9V4P8b8Bny/1Xg/xvw
GfL/VeD/zKM+Qf6/CvyfkfZvdhr+Efg/Leqfdhr+a+D/3ItPkP+vAv//yCd/
RP6/Cvx/Az5D/r8K/H8DPkP+vwr8n7P4BPn/KvD/DfgM+f8q8P8N+Az5/yrw
f8bJT5D/rwL/Z5z8G+/9/tlrv9+Af/Li7z8F/s886hPk/6vA/zfgM+T/q8D/
h2TGnyP/XwX+T5v8BPn/KvB/3uET5P+rwP834DPk/6vA/zfgM+T/q8D/OYZP
kP+vAv+nPXyC/H8V+D8j7SfI/1eB/586cv8Z8v9V4P8b8Bny/1Xg//SsT5D/
rwL/34DPkP+vAv8fAih/jvx/Ffg/z6xPkP+vAv/fgM+Q/68C/2cu9wny/9VI
81H7/zUb88/QmDOv/gT5/yrw/w34DPn/GvDvn3HyM+RfViVr0YrnSuUvrprU
pE2FEAVvWXi9r4x97ZoBQUbirBZPH6A+JXgk9OY8cc1MiecYksnldgisMzT+
tUbu5DaegepyVgdsdRUXFrt34+VOl2o1Dlm1gvbKm3HC6p13J0Qhu9zdlkTs
mgGPOHXAQSyDipFwIjmzQdmc++x5ZCb/Ko/OV9NGRh4p/baZ2dx0a+Qcz6l1
S9Or2zXPZYcZjTs3sGjVgS8zmupvwERONq1zjOLdzmD9sgiE83Yu5O6BtRKM
o7vP7SCE1c1CmI2E+0O5dmGVQEEKxyU3KKdnyTfkHSLeeOkzsvbqpzUFsl2N
ULKp5iN8SZ5eHJvzlNBtj+fL7VK93/0ZCwvKQmtKDM+8OkXQ2Qctzh2K2yDi
umLdKY45y5ZQlokEh8yOLK9zwnscBA5mbZylyJeB///AD2b/5aD/px/G/lfA
/r8fzBeA/0/YxH8p7o3/Tej/3wAofvs3EIpfUhf4BvxzfYFP1/RHjYG/XN3f
aw18us7/XHHghxX/e4oD//juf9Mu/OPyf8t+/Avb2v/oKP/7dAS+SKT/d5IL
+HLH+19372eBi//rhAR+0ID4f34vAfGvVRm4Ivh/lMoAeiX/rsoAhlz/o1UG
fmtE/3vEBn47q/8EzYHrv0hz4Eelnq8f7H+48uOH0TH6RwWC+PBYVtT/5ysQ
sPVuTFsQ13CUgTQ7bVAjvDnLqPitPSulOlNqgE9Q+kBL9TqFqnyTC9eX27Ua
Q+WJBWNKQpdCcqHQadL4rTkOGDJMH70O51qDN76S1hTQpTg4C2EsZksKpDsx
8+EXIhrutI2W4AjZpAUSK+U6cgWJbqjD7WpUWTBb3iu5gHrBAozVqe9WICa5
y99dRz6bdDwDXLYMIF1bNIlYKElXV8HT/TuLy7M7TlD4XIKzQNeuBk0AJBNd
wnbj46C7yRrFXPjC6ViqwJ5c/M7XQt9nidfy3KPEhdDvNT+aDMkgYIaoEHjW
RQA3boyvohWeR6XM9Vaai83yfo5PTxPSBlaUXb5HxWypsMg+yzaSUeh/qgIB
s8hhM9E60fG1LexMZdyVtR8egOrfNGTlpURp1GSzbxv8PMLciMRKABU2xiVI
7ZIVLbKbhAVP0WKgvh1ZeE8n96G9JRPIizRhoEfvr4fmq3224G+0VHB0yQlt
5ZbkmeYRHearG723bMAj1nmqqC/wEHTJ6+TaACqEEj4+7/mhzOwDI7E4x5ki
tVeB9K0QvSjGJgovSl3BugvEOlROP+wTumpV45C1rgGeNWLek5u/2z07d0fU
DZ7E8cZxhWQlUSh1ybSKHZRrv646QcJkYz4vV6oovNgh8wClAO2xQ6ovu6zJ
0cHs0Wd42m07uKxMuTYdjz88WUuvoWr15Svbwk70annO7Q73dtT4rkCQfkGB
QE60IGpWWV5az1li5hUuRh7SZRXSwMVUJ64Y2uI5ksoYiSGyYTciLanMT+/N
s8nGuyHcw2yO/ejtvy4jX8f8c32L/fbC1N4CYEyodRbG+4sscIfvvETnimH8
km+16pX5wckKhLq9Lx+gU+ZGKbKNmIk9k7XojFh2AFwxPAKJt1v4IzsM3u2u
4Iewy4nax22TW+Bz1F3VlufI2vMuXSH4MdyDx/EupAyihPEAhGRL5sonTQw+
ELGdqJ3cSYuTOIIfymQwUviJLUOXglcYEaFrKr8DoZe3rtYfYJJlGbA7hXJb
Bsu5PGJIhyWIShYHPVIU79Di451LHrMuzB1GWabizWvj2GQ4LEeJSg2+qD0K
mBdB9yiQfwgYk0Ct3Bz+phIMn0DBS1NJSmWpqwUrr4GyuDtMXqJsD+FMe721
/IxHbQ5E3AiaWT4vCHrtnIG70w7uGfNNuLcTiidJgaibID2fRtBeTBn0+Y1o
ZHjFyI5k3UXtAPWt206Hg709c3LsjR1UPeS+NLuVQEd8cMk+ypwzWF5f4vtS
ZDP2vvHUOPhQ3UByI2kANmkSXWNeiRjm/SYwHs8uBsjeL7Zu2e5odsyrt56K
CeXhjC33fRNaeavbZt5R1HrZC/Bub7RwvV2t4F5cW8GVtiuuKoHvz0eWX68V
ctHiDD+agDRlNoV8exMjvNJLWOe9KtgzAIZIebWRu5ixu8S0/LSGLz/GttvH
u94eb3axzN34WVZXDZXi9O3VT2T0m+ooojO+ODJwfxy15zWbhRSWwOqONekc
Qj45M1NHl2SrODLLHfGxMKa4/ZGQD/V9ZdHHHLFCSCxNAlg9KL9u7Rp1Kz/q
/Wzpr3p767OLad5OhtlF9RusjAnTvjP8AL7RQ2Z8o0UyUrOviTYBRDNPHCVO
/Ia32F0seiNJDJYAEUKSemg9hFrS3CctmRT+eLSqp+3EY61u7zeWScZu8sA0
XtFazdMPHYG+melUv2UUHzcRo28ofIakSZxVFTWetfzoXse8vTEs9W7iXGUC
Cs09kN/UPZlU5HW5XjQuLtZ9Ro62TnsbFsD+YIfbhmgL1DsXe8R0hIup+N4o
KJrSHGq/choAlcoLjCFcor2xh4t/SEddCLiCRIaYTMp8EKp0RB7tNVCGPrpx
a28zjCpEs79T1bt3gBS3Et7699LZz0TJDGrapaZixors3rJnqI5I/dZmmkRl
b46BZjlJC03i6rZ6aFIavwTA6mLB5XbCeGmWX0/Sexv2GMXx+wtJ1dPt0DeI
kga2N8udjmGnqrCEkgz96b5e7nNn7oAXPkmtL2lWl8SBsJN3NFY3SdGVRJYo
O0K7M3JVU9Q+osdiX5fhZTwTjmfSgR9uxa1xgOnxrrlrZwfXHe14cK29h5ay
VJI2av9iqPCKXfFbSgpg1rXqO00laFJMrcBkqlNWvAgAQhaM6zvSNT7DUeTm
83j22PxJHkNrv0dEJxXTlTcXCsu025t+vagzU3juFy9q44vgdhSAcXWWphah
zwLumJB+HtDoAFFYzgvX1m1uyd7IoT4rrzElRnl/JiZjmWotltOqN8b9DrTt
KggcCbtnZsBeRNcMpquMhqU+EMmepwmhOsRAXcWNIOvTdGFKemWnS/WmcfXk
yzsEGs9VgyMJydfgHxg+HCIXqMxz4YiKR3ITHXpbga+BS8a0NVllRt/XbnTp
6xL7lPf2d4AjWzHb7qAnMYRP3GOTnC+WxL44XM8Ug7l1W4RYjFJa/hjK9YH1
71dFpgpMHDBSN94T2KP7x89h6abBWImwR6mNyzntMLBTLzQV7zlnmRn7tGz1
qtKLqBVGr/DNdsdVv2AsjAPA9+E/vPclfLX0BwvLOOZrep6l7FoNd39lk3jB
S6S8XR7oa25wrr7oeEXnoMf1VRjDFEA1seXoC1+4euBA5rSuLrwuxHmyPvcd
NJdsh16NaZV9Xz+zyd4zcnYhz7uzRbTbiEcBsCQfDnzL2QtOBqlOQoftv9M6
3vWUUF5V3F62A4L3pwbHMfxm3uLAyCEaZqDpefMzqwBWYnvsYixPN0funGLd
yMuztY8dwhxC16DVpj2GnrQ5RzSEGznFg9UVS5wpiohxWfsYYLDAr2d6ZZ+9
g0DdYd0fvUzksVtccrkoYVjuOYmdQbBErp5jhVcn6NOgsXSBH/tUGADNfPYT
4ff2ecAPKeyUPJZBdq4glpNc+CWl0+5FaI00ZRdUCivGTaAEbWCD0HFBqK0A
4N/3g8C2yFKr+DlognEjEEdB57FuaD+rsnIZKGMjWBb1TAp77DvsEGZSOc+k
mm4L6ACU9eoXzgGlZRKWTbafAsPi09Qwm3qzdLnPrJbj+nR9P2FN4UeYQ0no
TcGM/x4avVkOoMgbZ8IOsQjxzRQesqTP/buZQuu1pTkh7lCdXebKMUMrd5ds
fvLqUCzhzMv98pT7iwQw1V3r9cs1z5olT0t1LTGnkq8ExkUSbLWxWnqxpda3
XpyeaBprdMOpKg7x8NWwXYMWAKy+sI3Ck5wU7HeC3Yh7ZRRjxxQlF7EPakiG
8a6MmG+y9GQE6OXodLqx9UrYI/E4hhE4rSU5IN5Uq9UipTN6voLz9B7xxK8T
dH0u81scIeZ+ecwLyXkyfj/e5hCht3v32CnZ8IDzfBichbuL0n2k2nUum1to
JLILbwQzL/HtTuYvLtGp2bjMSH5VYG4e5Iyg6yF8Es0dAcLWM1qKRfVAZ6In
iXaruEvCHCJrkZjKdq6eUXCvFysWLsQ4fa6/OkxzRvt5I3VDBTGAvlxLZNC3
GlofDc0wenO/gHG5tjQ/g4Eq3uT71l80k+5tbhDBSkZyRyyS56QehHTDJsCB
l2uZsuPIT0H/lATLiMhMjH1r4ldms9b8qGsyy+jbsbJQjKmvZCxoZn9F/mFD
T/MJYIqNUfD7veeKy9SlBdkTkryZ4e2oxaUjjbSLUI1P/OL+2BbXOCr4bgTa
hSL5Ku/59AU8PTgrBMPNShz0u/RhKy/koGZR6Rs/mq2htWJVK6crV/TW6N+R
3fAm5gm5G6clqwFVgOMTbL/1qirZMWnPcb5G9sOscEsURPZw2v7up/GIqVwc
T9fc5BCzweI3ZGzjFk/NgAPOzkS0fBnQdWBUeLi2T6nbs+ys3svBPUsmsVO5
fMSxXUtqTtIvFxqTrx6KGxtGvEMXBuTtgus39kgsuBSkqH7mjg8Sen4WMg3z
coc8SCDQvHcTP9eK6A+R0rP4JhmX26bZZE0DpTJn6jV8J4Rb0cL9slPYNamI
Cd+EmauMUfBadCR7qX8IFhdiY1pMu3o7a+OUbdWHRQIexzR2go7ls3x4/OJO
QVPQrsKrglQYbovlZaBicNz43plSn4GOhaZFZzZJrMqNDwQWuDvvMGKCi2Ol
+BksPMKAH6nOza05MFOI2OOF0Va47lIMOUNyx1WvQpzLB2UiBmPluwi4dfnS
Dbt3JMPGcr8CG+/FbekBUS/K5mhXTC93K8j4M/1jgmLO5KE6rbtZ1oG9gg0M
Ab2SlNs1HzenVywt0gRyzNNgpF6JolGym2rKKCRR0W4kjsGvat/Nw4LQFzkc
tFhRdxB4U308tyC3LgwDir04Mip2rCLn3COmtfFUyUbSro5esp5VOxTRa3m9
rEhOnIjwphHOgYNQ0IeupAuVcSmdvcVwsfA60xVcDPbhWZdZyolnOI23xr31
b2QPwflKXR+BkupBmttA1oEGMpQK92CRnWWPjH+EonfX+xB+TJKlPZl3aW32
48lgqg0+zfK6YCocZGXShO+0uANaZmcUmK3VI4Fi4/E8UhuBCr4gxpn3l1mB
LdRvkiO86Bx4FxxNUnoDg5yz/IGs1EImINXNlSaFV40Ig3kh4+vciu4HseO7
98djmfLrsiJK+CJrNQBx3nSV9biz3fK4vg37TmrAQ2ka+kpiF34bKCi80K7d
wE9+J/WFm/ZBwvzcthFQ3u8F9W5MDV5ljnijDFuljybLVwBpYauibqlkiK6+
TSir+BTZ2T1h7DPrSgs1c1dGuYNyO4Mv3Fi3oKQUDgQr3ricp4ALGK9YcHKT
Dq+RlbgGjh80vA+vQBJFP0xd3V3ONHRrA649mGN4etHrkUvp4q+SDFHF6wlo
E4cLEVfXDfo469dLOqVY0JTEjvsy6bi4+/QvBqLHwWLBZy5Iopd0gzhQAatI
dRSMBIqG9CwSp/gbVSKanlg++1IhlcTTXK3wC+/VRk++5rwKG7PI0+Hxckt0
aXLWg5l5QoozzZs84iC76IpAC2/IGH8mkugcXQNqTcO7HdFEX3IJmE71able
lbugndSoOzS0Ze1oBFyEzGJToYNl3yQC0sDPIl5vM+RxXrGIQTYbQuv1r4yJ
7bdyOWZ3SG4C2drgu/FWyjzPRmtLOnH2L6eriuXluXayfPjtg1YZm9S94BHe
sWdznbAin4jbYAwV4T2cSiQLnTrWIAbsUbGgedkxHBsJlBsrOdOTx1bLxn0f
MZaQBmEg8UsHXW5uKeZjsXN14AVY09vZGUREIOL5wXQ3AmkgPfB7R4Ark0SL
i/2IkjAvZM5jsrLeEn0OsZ4cRXx7lEJBr4N37AguRkAL8nq2lRx4plVnNDry
gDhC5iw1y4Ayc6EJ4xxXUMirUk4B6yv34px0PWAUkQ0/pCEICAUmlC71aygP
OWO9ygpnnKfgoq06GP5oON8oD+qxBLVlJqEYdKCGEixNWpuK38IziwMWEE9B
6e3jDSLjK4Sw13EZtYqubKqOkGBe3ua9Ru+a0QuZGU8KqRNJ5ty722N+9dfz
cL1OeSY8CURYvYdo56U6EANYN64s5yooht61DQMbSSxpd/jE1C3xnnCzF5LK
UdTu9ZYC3LD5TnDAgc+vdrzl1Jud6/rVdvIznRnV78K9dzpdf8chf7ymq9PU
SW+aowWxh+HqB2Ap4tthJ598L+b1sglvYn02MIWb0GukXeQJSfcr36Axgin3
yYzXd2q+tDu/d+EMqm7yBN4iroVLMJT9TO3FzsOSQmXyYrcXYtzULGrUtiVu
sA+Ghz4IdiuHsFnKDwR/QpA+gRIQ385TV82jx0FXb4uuHbslfEGVK4/goHGT
KvJOgCVfRRQWWRHMUJbyyt0RaTu0WVTkCRTkRXfUEHaGakzySGp4wp6d9Lkn
+paxEKgfJO6jD7ZplLE4vGcU99MiGLnH4jGj2S5gCXk7VbPPlBuJiK3OXswn
V54l4Co7TPJqwT7BrrdS2YJ6gmhoCLs4KGyk87vgWo72BjSmGa6O+GpvkQGp
auHInpVNcnmmWlcyX2cHKuZ3rFsJvnYs+0wRLVvsWLypCWk4s/0GbPRScKKb
6LrdowILR1LABS3jlMiopYNyp4JEh0gn2JCFuTG4LAe3u2GtTcJZtDfrOdBa
TGAMq/TMcEXWye3BSX1XV5ZGWhD9fus6d+v8V92ayqv8wHfpSb4obdULL92v
KEMDiNq4Dfu7QeLjcbA4bcZ+n2KROaxa0DluZePT/Z4/yQXp5VtFqW/Zu54l
3Y3XRFvKJQeAYsJnV/Nlx+HGyvEbNerm9TIJcJu6cSqKvFTykXgV5BwlAzNW
ps3M3TTuefbcqKtiA5IzJ8PagBGi3eAcqXO8Luxub8DuehbiMDzpLkaw4gul
xnCPXvikT9ebsEtPOy7SyMGAnpw0D6bhAlQJiL4qE69fcTUl4+buH+7DULnS
Gi+mV8nzmUJBmCih/pAzQ//wkP5+7MBkaUiea4U+mf0jliVldSOLa6Vcjpes
2JZ74is9ndx4yHet7XlXgz2DaUgkJqeG02oFMie3L0s/mppdga7nsMmjkNbX
VcnEQng0mgRdPYZACbvHeCzakntpC3K2liUhT7dL5APCGW7n+4oPesUPIkvK
HYTUV5t9IdqLuil80kMaPe51HHlbWPq0t+xUKffihaLot0iawCo+R93u4ikC
X2tB2rRKrdrGY6v7ghNxv5F9OO4C1RVrrrkbdivS1qEwCoXYUr6eZSSg8wLd
ekzAqQs/ITBHYAXsnnlCCg4+R4rb9hwwnQtniX+1L2oFzRvmc+V4dbHypus0
D7y8aUffF+5SCcnoRKSO7ERI0GeqCwv7wpJ6h5oxm0WmKAlw9rhjtA2v7sMF
i5oPgmAGIvdw+uPtaz4lyfW9yy691gXHC2W2i48/TbnA3zc28zfWpEGzvU6S
oetdbEvr8Mam7A2AObHqzjQHoca71Y6na9zPARVpMnGrEp8Bh6gymbYWaarC
OLbiqdu6SIrI8mthvucOuKKXq0e+jVWmTPlccCs76xvGdchnSo3HNASQ621v
EfFsyq6IGys5T7ngQdtR3vs1Km7AFFRawiCY2LK8VUDN/sIcq5huksAU7GWi
84dwUeWaQ5YV7aP8dsuRMn9CwqRQhWAVOpDooSokqstAiy/4Ar2XFFTrLqhA
ei/C3LNrqGTO80qrq4v88OSnl0+hD3oQEonXoM2Ay2jwQiOv1yVLrbXXjn51
78MUhMPcl6P3LNjUtizBXwgIhLHO8LTr+oDexeO5VtIs4ECxvCu/uTeP7Ynr
Vxh888TtKIp2T55bH3mHTMaVmzvPgL1NCkjRAZ7vG8FOKK89BlFjAMRUQ0M6
yOAi5rmqGUj4BtsXxFqP1+uSsWoI+kqGrfOmHJdCGvCyka7jDeXHhHjg5z2B
/oipJ+EP19BNyqU8Vt6DFDa7SS8NAVd3btzUaStvvx0MjtwMxaPZM0mN+Hhv
qb4jdYBgwhERFs67+wqXrgw4MR0YHbtG4bs7RZVWeQZlEOfRpDQwy2XF5VCi
IHuDBmed7hcDROWVF+vyJlHuPMd8h1whJYWfbk2Txx0UthktzkTLcg/xnBDh
z+AkNsrreTBMPHh+PQN5xvV8XtfQrUYOkiE0V8v5fG7fd03VZjmPz2Itv6U4
W/f8UacgJqOd4ZPCJlxYlmAfgCqLqXMGbFgJKe31QBPI1uH6+S4dyClf2uMl
+9geUUNfmhS/hF0PQWtNNG8dM4MPahrYkcuNjFtFeaDKsjPprtcIch73M7Pg
VGEdYPYQ2j6+w0+putaiwoDH9uozdeATyNfFBoBtsrla6vHUHzcH0snbu+va
eZqN29rAKEZAxw4F7ONVyyNWE7FWuI0vIWEPomEp5YMBrD798qKBRySHorsS
Jt6mT4zMyDQsiz0zesrzdKXyi7Jc5a14iRve7JwKR6TRpO24VMDq4dTNXFEx
Osy7i97l0zRxx6R6MEe6wpFAgng5zWLJkdnol4xbEwm9WbMHxvxyH00VIB3F
4+y7po9uRLQ9DAYsSBH4hoSvBT5gjRnCx3o9zyWtxrg7ZQ2kiTPRs2BcEloU
IQYUnZnp8qrLgXyWtu0C2tszjiCKFdmtHusmha171cVDWtwsGDL9wsdndzyt
u2EIffdrwHCe1z2+KZHC0DPc6o7YatxZahuX7rU6OHPsmPE8vCrJrsjLTxB0
W1UlMHt6uG8FE6jApDjp/e2n3Aa/h10sdD54y2131hNpLEdMdqbNIXKoOAJT
BZJntOBDZR97qtL3FXOIGjAr6CU38Vor6zslwXSZuAjiB74MCnZPnkcHPVhK
Ob9QOjwT4Lqv6uOI2YHwLodDbFgF+LwTns8VkUKK6zt+sd97nwWsOpN2ISJc
tbiyzllMTKiSSWSRkvOdv2aX1L2XZcexA6BJKlL0zlnroU9NzLlpQEbMC9le
FwO3M1cmffl1ID18+j9NxuGvO4X91yg7/O6dpP/mAg+Wuf5B4MHSOJbl9vIv
BB6C5s8EHj7a08uC7/8XCjz80p39F5kGG1L/mSzAOYY/lSTw5+znLuS/yEb8
gJ//XUmA9gOgZ9gMkUtLVJa4+TNw+buYhChAifcd1oc0lt51lhGTUP4Qf9h1
l950rt+Mul/1Bz3rnL9+YPvfgM9Q/09B/xCb/Z+w9TkQyQ+RiS9i+L+u8g+Q
/zfgr+QfPhd/+MdKfwN+WOPfiRn4aPBIu6D+mF24Y2+thX4vmfB9DOd8fwHZ
Z9e3vywu8Muszr34ROTj99IIyZ4h0Pnnz+A0t/0Kgp328EPv1z9KIHxuCx/X
fMgS/Nkzf5ID+WsxkPi7GMjpF7/IgfxeVCI453t63OkPpx9+F5f45SW3D/cV
kvb2NL6/03bGh5+89rd7YLAPRskesPt9fVz4u7DFZ7v8Dfhsn/9ilz+e4Cbh
OY4ueH8DTm86/kqe5QdxllcS5lWM/kPK4/Tu78IaxpI9P8QF7DmQ2vXDu871
wHKWOscgDFn9KmOkqs65tzkHPc6xdJpXPsz1u0WJH5bya2Rp0sj4uAq3XHn7
rZjEb6UkfmurH1IZf2f0zT/kJH4WpTjv8DdlKX6MX98t6kP4Zv5V+Oa7qMLg
p2J7yN9/8+U/xie8f7qrsd8j5ozZ9jkLf6cM14cFWfzVw8r8HEPW3Uqfnz9E
CdDzjucqf+Cv1JqEzoeESSWLwp6hH7uZsL9IYPz0Fe1Bl8GHwITEVPdwW+Lz
OT9LZZwWX0EayrzisH3/Mu4PWYJz5KcN5uyHNEZw/Cw4ISeh0Jw+UvqSspw7
W//8Ft5x7mp7rnyZfAj0nHf9gOHOf0lKlTztcyXzIT+Pru8iF2JV3wTqN/vx
j7vaCPVOurb58JkPmYrT5yMHlwVm+fD5+4ewYOT05wqe1qvoP+9ieeaIx4fA
xt2VPwQ49pzFvu/o6ZsuVJ5z+gkYPs+oT8+N82vniSwN9e8x7A9oWD6LXXJW
Msgxk1w9GsWvrtLb8mzxMf3hpcI/YNhfk4j4Kwz7wx6+9Pbjpxj2B379153X
vwhH/kXn9X+GYX8D/tB5XRkDtRi1NdXqGiwZny2a9KZ6JXm7IeasUIl7z68+
Wvv9IwkG/dzNm4Xqvjprd62kJrijC5lrmcvaZnmX5pHVTa9jf+RddtqQOTD4
0gd28dDieEcf5kbE3wBzPKKpvb5zCyIa6BWAfu4ajrBNhXrvbV6ISjMV8+65
YaZ4uaMDXMiqDuXWkWi9SSvCNwDvcBPajsjSCOwQ2HBACjhp3jxGX1sMbvo0
iVgDjzRiDT1N1+5GQTF7hjcvdfTfIy+dFqXn8LPrDb2sYyooguI2LdSKoaJI
CvPgRqAXHgxyGC5iCmAkB8/DEXHu3vvaSC4kmZxjyLRBVi7PDblOJI257rnz
abBgq7XRBfywXnKgppP/KYZ9juGfdF7/Zxj2GWH+Sef1f4Zhn2NYZUH+ofN6
3xoM7NtkyTZBQfM1ad7NiUSPfCX/gGF/A/5Z5/U/xbBlQbmr7O3lqbdvgDDa
+uBN+7t2xEPJYxp0qDtDvzntlc7ZrM4tJhxngDlTHhS+gOxKSOQdhR7aZMlC
GxrfAHispakuzV1+4bR9qcpNW7THhFa8HyAJqjsvfa4lZKNckYItXoewa1lY
zxtV6qJU66dnlfC4pOpNsy3cPwY+trSpn5AIs/B3tKUWpMmJc4Rds8KOQAgm
R1jFadoUpuMIgUXx9g0IkRB7q2JO2OLTTxzTXdy4ER8hN8BKNUZrwR0kDd2f
sidGz55vaGFZ6gc7VlfMgiv5fsaHfqrR61BqMNWHCXeNp8MNJf+ABQiq3/vb
LOzX2F2rZeK80RgkI4FgvDB950hht2GXb8CDEoXO8K0+KM/oaVlnzcPOV/rD
iti/xqGh36PPDGf79N8Bt38BCs748G8Et38hCs51YOmI83j8vN9+5nS/iP7E
3CGvxhlVTU9Gf42sNU38KFj0DfgrySLn4COd8X8RLDJ/EbHzRAo5c4nq/Pv6
PU4+/gxfoDGZ4Vb6XF1epXv5/D8WouRnH3JlaDVIWkCgOz9q9xtgmA6pXiqD
5MAWIsj+3bavBqNPs1jrF2v0xEvyU2yz/RZXzGswxjCp0cZqOvV0o5g0+gZg
evk+XpkQMffrW6jgLhiiTtjcwWd2G6RwSBeOy32xSou6rgF4YN5Mr+Fp79jk
PQ7sjPbnAQcRUWwIPm+2r0vZ+BYibsfevUykSePQe8+oO+3seJd4IUuEhsHe
k95g2yQrLMqeGUg4vV3EhgQpY9qiKVUDX6OgbEKheJjvW8E+Qdl+pePQwzla
ULXbZDMd4Cu6HEVfkhT8DaD0TZUp6QzM6ptvn/SsEMyc3F4tkZ8p1ptizZLf
G+cR9I1gl6NNRAbngxPq3s1wbV7EGaNKnaFpsS7TMydI14/4+BGDvJ/EeOT1
tO/oJ3kdmuc52vwQC2K7X+B++Yy0Os2v0k8SPg7DnOdnzHufV6+099PdfJ7j
aJUpy+lDpoIXGPvGMef9f4qV5HchjTNXYJkXvUr297ubDBPzgrYghybP5/+5
knJ/q+F45g9nNlImXXLoDPlTtF/tWGdSWlD4tX6ukrDuT9Ju+sSL02Tb+nxx
kt9a4DfgF7/8sEHaZo5HKiMDeR16sanzC6Y2jSmJCP6ML9DdoB3ueukF6PKK
+2eE5P3j+MiK9QZHp8e7pM9s/Ikf2VGFFyXI4ycK+VuxT0nr0AdfEKI0lszF
2GszzdEhH4L4zlXYeYeHodbZC0z53gtLuulH3pjhl7O1tyUjpCDCESxTkxTu
Lc832u5qD49lHjk5H0UlF4tvAKnBh1ZEzLs/FwmVHFCnWG7CzGFEFLY5LMiu
BmLo5dtN5K8y5b1K0JlMmnqw9st6wuA34ExO4ntei4cfChAxGZ0HeYfFBodP
v5l2AhVlPkx1H3YbvffJlbfSIxr1XaKD26uDRPkbgF4x2aShjLTcSTHmugLp
UcHtQgKhO2G4h/HkOz2W2e+ZUrF+fDa0Zr+RRvsGfEUc7a+k0c5ZfEEc7bs0
mi17BsQL9zsMF5A69O16paxq/AYcwzjAx4+fWIll6tHxb2UrWFvf2N9/8sXo
zHpG+99EN4XxeEtYof3MgvczS90Mj0d0Tkk/ZvC77+P4s5bn2g5kzlgN2cyL
IA1kdVqoKWB+e2TYdM8nuOj9cBHQpbvtrPdnomruuarMefp3UKE5NM2a8UQq
e8fGLsbGTHjob2+sYM5MZ0z3pt4+s7hoCUjjUTthnGeScNPgasr3b8BbY/pR
8poFoe4iqg04SFfgOz4T1XvaHf0Wlmf+WVpMKri2Tyb7Zo2BUyObNiL8KMIf
nwWFOFc87lIZGFC2UBZYdk6u5odIgtUjuZ3lf4ekymyQ/aOwLmlVesfdejAP
ScXs5f7R2nwE2QkuhTVoPRCeL4huwrM4PoqrA59lUOen0nE3l4MflBcstTwZ
ErtfM/nkot1OqeEZJwt6AW/VgE9ydHenRPRKIqkM7TZe3iMsUfJQPuPFiYxL
cT3LiTIP/ARnlNUaM+PGKsJZ8x60RbJKg8oqXBzJu3XvWfOfJWTx1x9N/+dp
W3zycfR/qcTFb8f0d5Qu/hSM/ZcKXlz/ZYIXPzKuf0P34o+X/kfLX3yy0P9l
KhjXf78Kxjn/f8/m/PY+/46N+rouxvmc804/b0T+UwT5//9f+I+CGf8Wl/s7
Mhu/v/L/VrWNn2UbvgF/rtvw30CL41Xtn2hunF/536Sz8THRv1ZG+deqaMAU
9B+logHh2N9V0UB/1fD496po/GoW/+OVM36dyY9qGX/iht9TgT8cRJ/mAPj/
B5Mfhw8IQf9R+hjnaP+GJsbvvvvjZ/bR8486GFHtsayA/c/XwRDoBldWrBNY
0GdJrFiGJQzeQZwS7XHpRt9aYaAOGFKRX960iDQf9CGudNTt/iDRvsQUTfdN
edOpkH4rvJ/59ODeDIcpQ2hx9xYaGZIHsCA3olCjIelVIVq8u49pgfYtg27i
e+nDvDxL0rH1u7KX9Nt6m9AeEqiYlO7P0W74iwakpysmBA97IWaKHde9t82X
fMniHdy+uaivClJnTnaZEvztmZZHuxKu9mh7wVhNodIzoB/pTKW5TM/LJ0J4
ldlP/eahB4SInCxpaZxe3xYlB/fL/hIs2xtrNaly8OrxnlbBlwGAXP2xEQaX
+s+Oih9JLB+v8WWvqseG8VgyVUu8E0ifpr5PDNt4wpP9P1UHgx0CWWZRhNBR
SrduA9QfbP5cWeCujcKNy3BKzO8HXVbFc8E1HiUTJiVvLSaNEAztMg+xdpsN
IWQ4mY2N6RWxeOnlpBILVErLVI15Wue2XtjWJB3HetkHBM9IjVc0LFBqdScP
0GRBL9UYIaijjliurvkcIFFyH4Bz2xHb8lgf2eoL9oZW0bBxV9/0klogp3uq
L0LGC01SOK9kbGQAY00ccFyjZcuWadQGbA7z6vaVTGzMqrCjXsYauUAD2LYF
FeFtYPl3qJlnBRnfYGuFSmQjoBAzl6NCMGzBVaB4cjgn9g1iqNR1mFDJ6xXP
Kb3zN31dVeFynVsegphEcsYJ3ipfu+RYojfFqx7y7zoY4hd0MJR3il16T8UH
5slAQjCBArcg55I7NGAUhXnVy7sfxVeot+qansNOzWdtilGWnS6PR2/1ELY+
mWfpFLyk2EYzKhBcmu5tbMEVuAsW/gaJ49l5Gks8MiomwntOqoOZbZ7sFrvW
5ZeN2Q24kN/cnoPdvdbQG25S2vPWyhdAfZZQILZbZt+bRvZcGHsw01rKy7mz
BsfQ6isYdptbRqRszN0B72jh0aowcwPfL68rCmDkQ12SN4UgXpNvXr0Pl9Wu
Z4ZqgzYcLe4pTWDWK4hXi0nf8TK9pjPa0RjIn6tmNg4AjVZdasL4buFOukQ0
kS8hvhPWaJDhw1eLa8487y9HrhcqqEYoRU1hzI84V3dKHZ6RDxwy2iNiyKJb
LipIWEWQBip4tYQI0oCsXE4MhMQgnOe827FY+ZowbTTdg4DvUzsRNwcY3Rvh
O/Ro34scwaCHkSqFuqBD4x1+HDEfC9Uvj/pezge4D0e2UBXG19OV3XmPHdcA
ACWDpRD4Osy0WIlY2p/OcuNLfbvScRmEDQKX0Z28JK/TBbawa/KRXlnDYHx+
y03bWIGbK9CBDELya7fc3me8naZYDe/txuTq5bFj7fJambFW4rfNi/bTSIpC
f78NlXeVgUYhoFkZaw4qPkuvhQpJQ4hE7hwc1VCa9XRRSFMaixVLvVB4S+Yt
yczRsDEEE1w6yY3slQGdb4cmay1HrmOzqJ9xFdEzFjou742yImfs2xS/xDet
qTuofuDVc5Y9rmO8GInKhS9ZYJ9Iv/cFBd/4UBBt/bb7jXEJDYHSc9FZ9FEd
dvXROeMTbGP00cWcabcil0Wvd6HQfA1Qs5BtIk4+nlZht1QH9jamPnVRgi9r
8nhtingkHtY1TEvAOA6uBe2lSNCgePmUEgXCAJKd8hBr0B3SUHrB31yDRXIf
MpPT4JvuC6fF3e42ihhifrGi9FFwd9LCjefGxCuIuxMAomD4arEFZv2k52h+
YR/DaKiyh+sBuU4uzfFkyFItF7+8uxNuRL7dvfwhm/ahVqmvAeRUl10oIKCr
d5CkkfcIfWSOGRxGi03XAGVUUZmyY5Y8qlEjh7VeZjfQeKS9zMxgIwtYxpul
yue4m0NbrDK5HE85pbLqaakxyoxDtWucHvj4cIHDAfPlY9a6x8iLidYM0sDq
wJDiR45OF5bQGpIfTVGmSa9bY+jxfoRJhILJvXy1OG7HL5PpXBe5IJG6W6JM
gbbVP3PANe87r6SbX83KHM1UN6Z3Ku83DasPrbghcki66RsMuzyIuj2ZN2vj
BqpIbvig85ecA94a5fAEgTXTYs3iMsgYzsh0qwabNXxklLzvFIhP2gPH3Fja
RKuupZ4xOeNPSwzgZweUTXDlgkeoNJrFui2aXlu0SGXbD50L72jNG+q7N34I
Xn+Ho5HsN+NS2PeA93QjfT08G3iCzp0VlvymZw6actDes0ifHecwukWO1vxO
eCsRhLHzfpvls2zfxZWFXwv4XnxHqqnzbHwT6cs47mTF5tXS3IOBh5B+Bfs3
+nzN+ivzemTL68gSWzltBfPSZElt0m1wufLUGQCA690N0KvTEkRWXwclBCO5
iXXoTHMMI+ndaVujK//WLqAFPQOaQObdunpQ8s7eyuy6DQXI91AmvPnaYpaY
CzXkewiykHaUFa4QuRJKg/SV8yPTfiJCfwcHBn9pNpNPHPpQOmZYgPpaGciU
sDlo4GHt0IY/eD1HFSTC8ChVdCS7Xbi8TTz3xeyETePpReoxvnuj3QyZBw2U
vmWV0xsjPfAyJi/EoxPogboL7CxIP0VT5oeUH+7LxSMzDpfZspQCp3u8hCw5
D5vqAiRMk5z7Cy3BSFSZZdI722b4RbiRmRQ12ENtQ3aGQezM8OiLV1tJZ4DX
AOOEXGG0AtUA3lrCECXhe83L8l3cqLXUwwe33Qg7SWVRFogntavT7N/F8iA5
xBCuFn5b7w9BgX38OICgH+V9W3lo313raOXZaa9Tc8zPK7VzTHH4iZdGWB9u
2h6EhLaAAi49YUJiMekik8wOoGloSdmHBJUbLecvFnQQknBqczce0L0Q7Q5s
VNp8XlHyWrxWQl8UaGZF+dDCvAr1AvCSWXU90yYIHN22mx1sIBZzw9VLrQ0c
yzOu1O41S6Ug9R0ijsBesJszEciqCsWK7liBEQ9pSLclEIUhPavS3FrYK3vj
5vxAiYdUpWKmF9TplqYSI4GuK9vl/fQo1Zvj6pIuCWByF+KlnS7FNo2WzYN0
qwppEBdbaTyaum3QpT1rGdXL8EDrwYHFwY1i815c3vKlCpc78Ch3nBHQdStK
Q73Cw/vFRu41cFjlLYJ9NZfww1Zxw1FoKESU6Aqdrp4+HCVdGUgW7DcQ+dP0
gNv7g+WwQ5GMx8bpTbr2DyLCvfm2qLVZVA9HfBSOrz0J1Bc07TrTPSns5whE
FhhjWaBZn3TqqV04K6i1x5nVsy/ubU3bHTfcmchkkCW14z7KBDrEYqpijWvM
rh43EE8A2guuN/XmBNUVQkoaeRm942yPyb3ZLwHxQ4hRw0GN5PfzWDTMLY/T
E/a3C/mwhGE6xQNN5pBX8aK2daQyz+AZwtKlf1PmCxdLNlOexNXbAucYzjOB
Vs3orN58xLRjVskgfUtaClgdjuCr13Il2YMnuRULGLnWmzfGIbXTL2jxRjSx
m+62iOkKb9erb2zYtkuGV0wEww0AnpDEeJnY9CIaSUQeXPQAhYnfL5hS62RN
BgGhs9ebqD8zOieL0bYCy9bmm+TbpZi9F4DLqNIWcAJ1X+R85pjXJ44PGX73
fWLVyptExVmUa5rNG/NH10lvu6vxReIQ6JqxvF3QwDFm6EUPz5KgXfyHfHtQ
lZiw/XrcvI4CFXba0YvCTGjVJCRouks/XTZYcmpnnNs4RG8Av7z3OBIU4jwk
rrs0jfmqiARdKdkxjBgRY67vhQM3DzoYSmJqCzXMEEpgIY943l5cCjw9rSTi
7ipKs4Qn6+Oom6TlHCpkwtS0yqF5npWSnsnIEGsHOXxI3uVmo6/vvMUePAUC
D6/KqGeBJNdHUCXHNrj3B8yL1QXnTxcTNbm4Tckqvy/Lu7mKoizGwqWZfTqX
mPz+LF+ANTqxBc18atgCBj1F0rE062FaD7/dFlP1Wwwk2IqDXj0ek0XAOW2p
EiKrkG3xwLTeBzhNFNDX3BNXGnXKoWNrtyIKtyHk2HkkHYWoqye+Xk5VWE+a
GV/NthJTNHM32izJt48DZ0qO5xiczd5VHGlbCh/xVNC2Qd7kJEdCxn2IiQiv
xEW1nO3WP9K5Ebk2VnIIJvY5kwBbRli0oxZYHPYmQjPsFRuo20g+JbrNnVYk
KUWzZ9Qe2at75xWtYWcqFqd7WtJMltM4EKyHKMjJBUP3bAB1O97wJ9NSO+Gs
G5cjxqVJkihKxxGkUkbVgmowh2fJZNu0mPXjLQF3zE11g0rNTYH7R/wu3gSY
HqV8Gx/p9cZ5rUPWZRzRrPVekiax6bXp6MVu5UWrqwWJABN+9qW8h0VlxJsy
DtsU3rdsLikvlrjnRCkbnT+gvJh0mdvA6QycnQC5OcgOF03QNw6oUwdKYPFd
Yiz93od8H4LnowBTVHi0M7fMdbumx0MVSQW3bx0cESBRLqAzjzft+Uq3BSAg
MSd6OMoedGUsvB9mOrJurg56xFEKuSSTN772W1ynPTQokFLdxMJ+ZDl5UEsX
UhMgJQF1N1BibO0Y1l1wMhHujteslj+u4U23MHazUifLjsjq/A7NuPvLLBA2
eVQFKGnTG3AsQ/4/5J230uPImqZ9RtQ9rA8DkiBojAGtCK3hQWtBgIS6+gWr
uvtUazFzdmZ3rWLETyYTmZ9k5fMmphTAtsPq3U0U1/Jb2GpVeMJ2RUqNd5we
1g1BivXGj2K0ubVtxBP+JF8stA09dBmdLjJXksom8kyYDg6/gDfJZ/otpfnr
2eE+8HswUZSbA/USZsKR9JT6ot7qQpXGfs+miyU8cH5+gc4ep3ECuHQ8MD7E
qfGNK5iDuc8q8WqoUkeWgH3DY6Y9w8wNKXGRxmqMLO2iS5obPTsdD4mgBqOc
FfP2ygc3oIVecpVnK1bYYkC+UtZ5Jnf0utP3dBGQtXYXUHOt92XPxXGLBohM
ap42U2oXwL1skWRd9tRtkzp1656riAlSvfpNDYec1NT9PY21m9ZDPIQXXmCJ
B6Hyc80b22HfBrKyg6ubB32ntHpWzrKvSgQWBLO5yJAO51wDBGfIIm15MgyT
vsigSSy3vcv0Z04TBELAddi45D3N1EEozLROQ2Y7i+2lFq4A46O4TDAvqyXV
R7T04aO6vJf2JbTQaEOHnhaoP3L784CrMHTCDFBQ7cpSY8z0NzfaldtVWTkN
KaSy3RuW1yiOJC+Iv09sSyAv40o8odEM92vtEXUShWVPYOpb4sW17MhhfyXe
NX26PbPISmyE8bNSwb48F7G+3jKlJ3MTG1tUOVswET/I8DT0EDEzqIPsQm1w
hLsZJjAW6E1TAnUZQR3nh74gjvmCAiUjjzXR5DzMF0wO6eqR9iY/92wiM9uV
GbPIvA0YqhukXosLwVrDcjvrxxQ4qtZALixcRpFbYqo36fa95cixYh5GcJc5
ixeyGPTf6AyMty30umehnG1IwfhHItOybr9l5gFdngVAu2TGPTT+fh35KbUH
FKocF0ERFmJcQDtKjcNv1JWPmTd2drYJGdHSEKrofW2Pa3ihCSgO6hT1SSnn
K8r0TGuq3oDwLmzGESzsNmRoLCmWmQLPyYgcbb8nZ9uvscVyVoD392Xq4Let
oFHGSIdBDPbgXl/JDdG2RTXTBUrxOdQ16+Uw0O2Ni76lAhaSWdsK1FQL1QZ2
aa3Gp2R9rBDBu4dLB+pvJvXIaxKcKWTKgGlbjldc3GTlMMtMltj767ginL7H
Uv5a9vACS2gNFPibYOi798heNAmBgr+iUcVzwPKmskhSMKJWVHML+RRNzW4l
H8Jsule046KrdUmxnOCwxn7505OKIKa6P3VFPvqRCAEq9l/iWTo9FlRMdTaK
h52jXGnnFW4TVaZ77+LrQqG5F7M0Ec4hTm6hCvdZlzQ5rLDNXqo0Nq7h9rku
C3yqbWa6c1z7to8/K76d7EiGkoseXlNd4qS3mg20/RrWZz/Lt4xtY/Ape9Pd
imvnCcpd356B2tsGDNDhYuD6KOyiJGeFS1fO2GIzwlzIHUWdlb6YOeS2DW2M
28eDacOnY4GsF0nn4hS8ZNGvtLx58I1eX+b7gd8uy16stvHMZLXC9BvI8AN2
PUq61maSokgjBKDqnrsrqd8nO0EVrohvSG2fget4MlZ+DJcS4ljg7l/n+R2E
zq47FepytNZhxraAj/OlI0coPTfJPNelYzSx7/pYceacqtBNrpsvt829X7c7
qLAabh5saO9X0ew8VzxDzFvub60A2PRgS8w2CjRAdfz2PqtIC3oG1mNtz9S2
vjWNuOGxIwhpHkmAlJMznMARfVYc3QPDyFyEMkoZnvoW0QzgpnTDzHbsAAtL
aqGeXYoKz/FXhDGqkjJ8g7z758TzQUQHeE+EmjesIgaBxmt/YmRhPGzYfp39
HR08URlYVDe5LOYSz8/VEFyZXS3yWrnurDUxHjDAEx5iNikkUwUOQaURqOaY
UNEj3ZSq97VsQOlhb5cbLJpy3G5R8MxjDbQtdW3N7Bh6RvLO3VnE1zWbBL+u
+c4K7DSN0hxI3Tl6xG9jub3vFw/0ufDsKY/wALqSF4KsMjslhOBs33zarx7y
kiBM7682DijK0GrWWKRCQY75mEJvV7vsWbW+Wpt3GCCRpKR/Ng06pdpCTN0N
z1bUHqtND0psK+4ClWWSXDaj6A5rca/KwimyC/hADwGulMpqYCDX4yfHd7kf
PyRo3hGeQGexWFgMJAhlIj/CkjxFHJoplUEaEvb2Di8TwaseWg5+iQ/LdcFr
NhhOt/Ulbw7OKdkvT33pqxK+I+CNoNi7N5GZ3NZgRZ/ASuz+5VHP8r3X/HeZ
hKod7rzosJKrUWyM33pFBp1SrTgzMEiZ9SV70YiFLIHiOFN3K0wY0FwOBA3v
Cx4iC3ysG1lmXhKorAlIewNhXKUTr4GEn4FebnD9ekVVnvtbKpzzA+bBqBf0
AnY8Qyz2ULhSytd7JHVRfKsfdjwix6IoD/nZqHC813EdmmUk3Kb8pWwDA+EH
f6ejK3LJSrLk8rk6K6k6PBJnu+/9Qvkzu7vYNJoHbbIOiavz43ZMgSfylps9
emJkqHO3iqrgLpJbIJ1617UwsNpQTF7rXSs1xy9ptxKUK5Am2a4kIut0ys4V
KrEzGYHPutX7TwlPAuOykRRoH+I8eGkaPxxVPWTY680omvzt9nJApGKFe2Wi
JHxHYmwMYRjBpdwxubVkaR1ULkkAG2grWAqFaMPdNL1gaceZTxoIhtlEWdsg
EM/m+wqZr7kbHjedgzVOhrugtxfd3uOL2r8GCeyyDrTRqe82m+V02Ba2+Ypd
qcHhaiSng9qbN59sJat8XYtzIY1bwnGd+kbN5YKlgcdB5p2Or4A0BjdlIEu/
uTeY/iyM9SwRfOf9TMVAVx1Q7yiE0GI+RjP0WKoyXOTrpRfqiJzBBg8xqDDC
iGQpjoGIXW4VOwgEiANFDSSzHeikDO4Ja/Fsl4d8mwuFDrvej7N3vg+IJEsd
JduCpgucJp4NoJ93WBMLS4/b8H6D3CZDNXO3UmHbbH9g2aRsJPw62RB8KSQw
IW+sZImHhDFj4rRyAwiU2y0tJPg4qlo2xbK5N81eOpwm0bxcobNtJd/6ZXoN
5eWh96qTnnYeZQDUsAC7s16S3ZXY0utZ5dJUIFN13F7lDmFlvBgbDgaTMzUQ
JfCvgxEvrZhm0csttlaMcd9CnSO3QOYpbDjA0Xx4u4aBcgXFczv9Rj18v4qr
Ht+e5AN1OJIf4kvDZ+Qgs3A8YClmS+kQRHkE3OXNIRiByI1FmXKOell3FLmJ
2NPjFiw/dJ6Ah9EBgfR+aRpZW7I13+73EouUPG9tKIDjmQC7h0JSfVhVu56y
WMiI61AlT342Cg1+g6nJ3EbBe12ku7DcbpVOhUrnmAJfmY0MldQWtCbvcGEH
ns8MRj628CAsAyTRIs25nI/x6ZvGmLyZS/MUqTbpAWAjxt3bA9iySY27r7DI
jdeVEgQ436HbrlJMDW6y8s6Pe42Xp2MaLhHXnnuxZTSJCXJCjImA7Mlx6Hp/
AymA3s50WCFvhWkqkwGjRYof+prpnP2WwuzWh0FKwiQyX8qtl3Yqmm0Rq5R2
E2BYCt4KLwzvN4K9r1RMi48cv2KtCVCiAafIUJAYnAl6G942VLj9m0+uzuX+
3yWe8K+jKP/DBRM01/iVYIJm1jTNNOIfCCacG/obggnmQokiG0H/hwUTfHX4
OwIJ3+PFCVJePyP8sSDCn8kh/ABl/4Egwp/JIZwj/EIQQWN+LojwZ3II5wh/
Iojwh8IB5xp+ufxSIODvyB98W8n/lNxBRamfp/gB53Za9k9A+SMSfkTLfw3I
/2zcH3fyZ3fbfr8v38/1y+Uz268r9ju7+Msn++WOfgC3n0tcqPZPOzopDPl1
R38uoOAe578v43zyuDc+wMK/8GTVddjiJ2+qyO1R/0oG4VciBl8uf7Zbf7hX
585/tai/vPe/GO2rp3+s+quvX5OPzINgtplgLB+EPPKwm8irQ3DabOgbd7E/
16GCsF/KD3xwJPEn2YC/Khrwmc+PPv2Bqv65SMBHIuDL5T8jEvCRCPgg9v9c
JOAz7zNG/SdEAj4SAede/L5IwMeTCot3y/C0JpFVl7gLx/P1+xzx4zNQZlHG
l0uMnPEPbc6ZfWQtoJd4WvEPcKVKd9+EQ4wf7aT7yR5U+knTFB58hS5/haz+
5qG63zpT9wHjTs/6B8jq92f/PpILfx9Z/R5YPefwD5DV7zGyr3DZ30ZWvwdW
/4Xx/g6yGrVWj1cEX2EYOJAu2V/5nj57DEFQ68nKPefLpe+zVsVgWezcyKZR
5n5w9GShFaZH97AQdvJq5ITkoWHXu8f1eVOIoQ+7WxfWTyOLce7LxRGwCuGV
F1bPGcI8Zxi/ZlNv37Wr+uDyVnBqx0widO+fLEW5GNOVfTgSGVMu6AtP/XMl
6VoVbAKxcKagzSx82y8lgY8dAJTNaJ9pf/fCR6mR2pipocyfob7O3B0guGY/
aLT2wTPjJB0QPuhn+3iW1MoIaXh9MrYoIrrrwz4q38BEU7dyoeLIacEGntd0
PpxXXebtzoXEGaPMt4E+ORpfHqDOZ96OW3R+JdL3EyQ1tplp0mtjQGEIQ7gH
9Y3mrO4Jfw+snlb9D5DV74HVL5d/gqx+D6z+eMv6d8iq9QtkVZZsI3VZXSRH
zl8pEWT6+gmqBJroH2D1y+WfIKvfA6sfEY/za/2zyHywe09FDSM7ODENkDnv
vkfqTe4XxqPYb/zk3awpzKjkKrIfjZx7Dhaztn25gMLrLlb4sVPhGc6iYcMx
jJmrh2awOhYo1m3HnnfM5Li0Sw82Zh7Bdp9zp1xSe2NU7VyHQTiuqB4wVIkd
LKZGE1L1NMQAroKbPLPjuHxvAQaIW8Kr7/TOOwk8jorqmNlmF8CBfrmsWQxm
jJa+AQ5R3Ff7flRln0HUCPOO3UxQJ1FDW+CpFUQtIawESKrCuLNbe8UpiaTi
L5cbhhXPIXsz98ASalnG7sAz+Cjfc50BdDIBtSWs3M1UFW/zVPfQQx7fQ4yv
EF5H5uGlXy5q5h8tmyAvZyQnbDHLsHYZnAvO2MkcB02TU1Z8rIgs/gQd/QWW
CXHkd5DrHyGup2f9Bcj1jxDXj3TVd5CrTRbcCm2afY5Wkz/Jo/AksSufLMo0
u3r8FFdX7WDVD9b910/0foQzfjzRyzTfstFnDtuSdu6ZUdX2c4hcrH8LVdXO
Xof4eqc9Xcifvod86ZaEc8XZe3H1Ve36u95MwQDVdpPTC2bnJDimGig/xjCW
NJKdoFm8kXWk3SiYfysOJ2WW/W6jTs3PKLcyCdMEOKob3ml84mO+8Zu7+u/p
8/tiG7nXMnGep9c3+pKlDJWA6HRgDJjNXD4D7O3cC4V7dSkgQ9gMkIRNqxqM
MKZLMWOsYxLH3Ms5IcaJeY18xzW3KYWeRPHsy43yEDMks7N+eB6SpkQ7bbzW
GX7emlejUiayhv5VpOss4eBA4kofq6deWEewYh/88xmpfoqCATTynzlwWaLe
CBQXdT3NbcWqdBMYM3oqpXB9WNkae/5DylBXWeLFqAdKGdmgjSTKEeVGg88q
yID15x3q63aWHtoqMqRBUgPGL4rIz5/4+IlA7DfhElohyZX7JkVSUBS5MjWp
fKLc+GMnSpM2SSnUN7kT1jDO/OlRLPK7VcjKfsu8JtSew610EYjyGlCU4Qjk
aqzMt1isf4vfxlmdxKRCQd/EVArDoyjrdp/3M2c9TIhny92fqvbZUGeu4cMu
Ocj8W3xWWJ4hvYKyTEW8EtSWKCPISjLvIHyXJJEQnxnH+xUuDf1ggyyZYF2l
PnPtGVGjiOYAPUpMub3eIaLfhdpgDWA5uwMq1W+8LMH3PhJnlKolLcWxaSBl
gRyBBCEwd9ld35Pud07xiScSOoayCcBW4gOZH8nZ6x1dn+J+5HpCgWWCWFsD
ctO7UmbhgZRkuWTiNGaT0H8gwAa7QPrmPwLrEQPBTBi+G/mso6ZbVOxCVFa+
2YP0PdnRc6Gf6rzfNyivdaPAAeYZvSpjVI47K0YZHtHCWfRqle7cRP3LpYmO
Qg+K5sFc7/lZnPBCH2wzzJWphh9hc2eJY20TmHwUYQRWVpwc1fxMGhV98lnJ
IGevB+O1Uq7caXcvqlKBN80UKg8y0HO34wDLC7nKHGEDX8L7cOYj3KSap8ni
UykJxFl/foQj+HX9z7ADXy6/FJL66/BASlF+//pySf07/YykRFtsLJrx6Jkm
n/gs/SgRdNYT1MA3p4N8/1tNwyjG/PNq8HPaPfm5MMBZLW+JqtTsqtTiqtjO
2YeS+1mhLt+/74xRhrGJhVEoUannfmbaksx4Nc2CUNtaCaW8d+bGjC9yG+SZ
7MiDSoufEQ6f7P8vxsGS3ko+sJOgA/GwNi9dBXdJbF+93YZOFTextJWCXppX
tlD7HpV2ZfC+XFpo1/Fe2gV0pgwEpEWq6RTL7wqAhHRuQVcMyp2Xjwyye9hX
W+7VWWReCxLepKtkimfutmPSVsxuJVzx1ek8R0szc+99M/mc/V6mZah9K1/w
2BuvJa0BhKdGaVXxoZoOYfquHl8uk6daq3bvDWt7q81THYB1jXzubu59CYdJ
dMzuMFIUNl/9twSGSRzPUVLBK4rtq0oLZzV43bY7XdQADuzOzI0oqiOBW6S5
jMXZPmihjNzM7p7dlLHCjc2pAIo2QYKh7vMSUutw1g/yrYpk6TApZmsx4wV2
uCtsr6Wx/brRNAa4Ff/xH/9u7P/nP57+2/H+3/rB9L8D6f9pHn8B4/81pfdv
RfeJ/3J0/3sU7y/g+j9/+19A9P8c0P+tJfwllP+b6PHPYfxfreRfwfB/RkL+
Ywz/L0D4v7duf3PB/zpq/0ui/k/Z+O+s/v89Hv7P8er/IbD7rwVW/oB//17F
4P8TDP4HyYL/9duKBf9eRh7/r2PkMZj4u4z8Fcb+Cxn5nyno/L+Ayv+must/
JTF//68n5n8ppfKX0u+vPvT5L9yQ+TU/H4A2TfP6//38PJ0ukD+JVbBqT66i
Q2yMMXcLjVxvgOImx7eYuWDXBT4QpPG5do5HbUqDWaLzvc1oViUIs3TA4mDG
/SEEGGv5pITn7CJ7Ug/CjRmyvnZ5cO4Rs2h+5WAV2qDkIUe36Ua+oWkPCJ3I
F0qBQnguQnvQHjB6lapK7lCTuYmyTz+24jL0x60peHpq4v0Kz+lHj7WQ8Gnh
pLZbdOORdtU90LRglCvRxNecdN5IJ2gFlbKveXhdmpuTk+1gAGTokzjsWlnN
USvrrbJiNbBakTVu3dVx7IFYO1gRhJ/G7EqJqiYpeW3YcxE98zC4GckJ4YiG
6hVlD+MtYo5e99G8E/jso00LbPJdobN7ZZFWuP5fy89z1H51cncBiKpSewUO
p1YRLemyF9R7b5E0gndmX9D0Kt3ZFoUL3BgkvW27xqKJdtjEQDf4lAxhTWQZ
ynPxuCl0vg/1y+sB3cwmaFSbdNaHdHUK5CWTjJo3sqeFWKxGhBVvMtMV25V+
tRmPgG/Ux7cVYljyquKXDprvCxMhMMF5cpxdV0smyWtnD/Thbax2PB6tLDzA
CLyN175+BVufmTVSmbpFalzn4Jd3CCeIIzFdeiViRGonZ7O3IIeBWireWQ2B
NRJEfe+Z0Eo8Eg6sWX9SnB7H6femPYbwIqWcnVytbhJ6aarfLORA9YpbHmiC
osihiO+z/g3EXK59xfXBEP4EKtmQCO2ttNP6w8+nf4GfF+Coez0mhu7aQcHH
eO75h/omi9JbLxsRs8xLSTrZ5KKknUPDGobMueqs/LmEfosKbpjSvOQdhXg1
RQeEIv+8de+6s4872ZmXaV0G2XZuNYb66RrbmKEf3KqecQWJ9tuBPo0ORp+t
Ca+qahRdL4CyVzVvtOKCY+HuxUWDb+IAQw2ZF4kAIf5L33SnlDdV2iYPya2R
fVDY0Fo7a8PPUTD2ic4BrMMoGb4r+BxdyPVJaUBRg+WCPK62+kTg9DmfQTG7
vdVRgQCgkMJnRyiGlna2MaVaDq/bhEq4bIrUdbhIJHeGm6phrrm8H4/Iyx+R
o48o3k6iFeqaMKS9sAaB4bzNMApRaCepCrzKnb697zeCvETpzSIL6lmgfUW4
kysL+nGLCasvat31Aq1v6dqh77XR+qF2IB2fRfrdKisPArQSE+gLfXT3Azcl
AKOQsWmYV68vW9jH1M3NlO4tBR5B8DnZRJiwWanioJhuVMMOZEWdJnrXXrRV
NKDrnQS6kGJKNkgjdXvUwhI/bhY1uQA55++105yOL2z/I54dp+jTfJovwhEd
GAIuArgoKuyBgpx5Sz0XqEnWHB1cKQimJQ0E4hESbxJlhD0yInIGl6rN26VD
R27sAxCJXu7VsmrrOmOEN+y9PeEK8h5fONKO3FPEuMhfFxxUbs4wTt70GkdL
Sc8/LVf63ROmHiOXsNX4JpmEjQ2lOqbJ6/vQ3+dqUmR9z6FRwUYx2X3qNcaD
SZle8mo5AbipuMepUDrUzWV/a8xrv41mH49RuLctztcHtedQ6cz724v18ebe
uuFpB09RyZtJ87yWqO88aFbX0x/ASzG+eWpiqdJDXabbIzjaPFTJCpJ7I1fP
3l4S0YoZC1CiXKUvlkXrkhtbDJdn/i7qyfWC068Ya/gOmUUA1nB2aXSMXpSB
AEN+pa3gQc+PtcI1vzVJ7BGTQrHSG+jMvpqcOZi0LgPbuWWr3mks29jF9VBC
o+4yL9b+za3orV4jf9TLqX+o/fbwjAdFjsqVADCmYCOwbtXLJDzQBIYtCBS4
WAJQcyPRz8+CtMtlWj7Mx+SoB/iyHs9seGx7xlebyL5f9ipGBXA1/Yv3FiNw
eVHifejwBXGea7FUdTXSbcStVEjVoW8yW1hr2BozxdH59v3Ny9ZjLaZeW03l
EoANZIm28DZlJSB782nX0GY/08o5elF5yLRpt9Mzq+mHyfLO2x7WQeKLMXh0
Bqylo3kxNhh6Ti+WJ0Za4TqQt5AmVfzF6luVCTi5kpzGHUSGPeoOQ5lyFNWr
zBtrktMlyfvIpcgxG9J1XnCHxp/f0/QcH8nN2dHCiuo8uZ/x1JvIB2PmlF7e
1NkvvLxVEmi8ZqJDcPylQsdjLEEJuVuWCgMSWYl5Zg1iembl6yAohbCWcoAB
ws2BTR/02VSdFfC1GmNGX80Kvtw9fbuFSWTIpmvY0EJ1YltIXEBJAXbNujDR
I1lJVKDU39k9eCHAWXoxxCb3JSbycbhfIlwGlrYZ2DG+u5NZ8rUVTT5BH3PP
tLwd1GzOTW/gGQcq4Qc20b0sZ4sfwdybAzg3/YVKbPQlHFhZoYqFy7XUJL2/
3ol0F2CxkYqApK0F4eud5dlwNNE1SiUdl5KquG8+wUeXHNbe+86stoKFs1IT
ekUBawrJKih1Be9cY3ht7CQhErc16a5SIef9VElhpjVs7BGjvOxlnoaOdm2J
Tku6M6/guflGndh9w0IdhgKc8fVW6euLd17UQHSlZqgaHeqxhkXIfEQXg9KU
7fp253B4UiA44oPBGWG6wESvRSVmE1I5WIPVa/GEqIUUWMWDNUHveCc6djTX
+TLcHsVpbDEg5nbQr3fu4Sya8GBngqQI27PPQEvorwGQUTpxdkmRgzouwOvt
lQU2ZIPOBYwCCqDfZPRSboKWQCgN+cmSS+9w9tnDSt+Q+l5BN7DWKvat26sQ
3+BK2HPOh08yZY9LA3Q0s6FqRr+bAnxh4K1+o6qeEeazdNCWyiZsumO1Oug8
7Da0m2n32DFWENdJtxsz68I1sTSTFOzYFl11UxG2zmaQfZ8yXEinDjh1CTEU
5wYIr20qDn4XXgSE1mnLUsYZjMDLFGN6MrxEwSAf5pyg6f4gqGbdPEgF+jeF
Wu2WT9gwaMutZTNyCXuwrw6eb7e95/aeujBW5lfwWbe9ACLMfKA2Yp0x1J7U
1KM1+Ntj2N6cb4E3Usw42L0qnTcXGdRD1gNGiFd9ITb3XDZYdRabd+XEu6Gk
HxLubRBvs5tl4BqZw81KbWw/Cqi12GM5uzE1SygYmru0Vy7hzdX9ITrc0pDU
qzFOZ8ucTg8tNZmrvFZ5Mb1baWZUYZuVFkgewd4R03aL6r0ccm1qLloiILpq
7m8YG+6v+VafIbQo9+fKQzpCwoSpCtQtSGa92mHFyV+iyW6HEyIuvQemjGkX
xqYb/Ihee+9TbDzdh9ZIM0MSyMDhAOaKmo50MAy42Axsjx56ZfAtuM43fYvq
R7THyQXzlCRcpeTxQt6Ae/RysZ5eQzKsRbGw/7SS963LBwqtxwQdszElRyFR
a8wGFsoHtdW7PK5iot7WRDGPNMl12G+FqgK8qZIajFcIvyfObqmS4Wsy0zB3
tbdYF218wiw3NQea8y/HuLFDEKHSMpI6kjXXhw/0dorYoYN5SWw9eFDt8R2T
UVlSTcB6V/36eKrT6sf+S34TF0q5AfFcRgd6zfCmlf1dbk4voHULeOq125yd
jxsMzwIvBtgVtyez6OWrne7iIteefKMuWGd5Dhba0YrDsW2udzwm66k2yKsG
jsENMPltIx1cRnmYko8HdGATT5P00Di3CuyB9vIpvXcOiu5Gjt7oR3G1Df85
MBZwFBvyjJHAHua7YtREbaV3QbaQs3gSfU8qbCmHQpa4TO0Who6zQdSalR41
3HMJ3mfKAEN6f7jXCiqDK3hHpflFGBgylDYo1QO4bHMQT28nNS8vvs70QZyh
I0AqfCTLfCNgHNyuzmNoR5kiy5erUnulI7bChATnWgoudUmlzgTc9617IWum
2qa6vepnZTXnHvjkS3cESlx3BrO2fQvY41gij8btbxQptBUyp95NW85Ga5fy
rb8gQF+jEuCOytQLUBBHzCEmMs7DCa3enCgcWifJCz0NDDk9hmI3NyooJjQj
FdZZu9MX+DdsP6zp8WoHKwZWEOgagymuj6ZKn64+msdNfLZM6bnv0Bev/etg
ywC4MZ7EDolsNfmlJ5ZRzJKH119XwY74ubaPZS3CLgIHzGCkSRWAMeHqK85Q
m2tC1J3ZncqitCnkHbBpLq8Z5rSIC3iqwLflrBXuTy7PluowQ4yxA8ANqddj
bMDXEjgEjnH9+a05Os6oB8Rs18YXpVhc0sOc8VG4fIZALnLgRud0AGN2HAYq
vtWZki2yC5INPRMafoiAMC5H2wM3HVvVLykQFg4cSnm6ZLNbDCEdGiCHno1s
a5nakyneufGh1OMDylzaLix2EO1cBe53ksTH2+uydVTcThEp5tEGXw8ecg1y
+ZSN4fFspCOVzel6Mx0PdFztSclFkBXyRr3sOvWFwmSxy7hOcOO1NPPkCN6p
aUzy8SE5M48BeDnOQ2l8PXvIsw8G/GyTHbrYJa6+Y8jtfmXe2I29vI6HBfDz
2jBQwyASddxzv75XZAHh5qLiSSuV1svWuPomthGIM9wD4Af3mqI2rbYhVlza
YAFKp6u8s/YeQ8Xi6dJLbXEaYRzKX+wtHwUTVKBEpTT8oDBEePleIZ0JZkLt
8Io9LlyXO2zftPHCbmkXqiDE3zIRwkIxXAw5NIKWOEt8A2tCkChZIb9RTSYc
fXQ+GsePFn4BQlvewdG+gu92zHbFYdo3lKEjFm3lyvOR07OjaqaOVnI2VldV
C5bhocG8eja8FDNLF61BrsTpxZsraNnO9Jngxj3OyV5TkBbPU0csSSu9xxUr
iQpYbV6Ronhd3MQx1tArV18CPQyGM2AE/L6/n4A+qPrZp+ENXjvoGoixOaij
Pw94FiXkEz7OVgZpPcag0rMqNDP6eSn8zAcJC3y6PsuTJibXb1CpTG143/eN
sBeP7KSrKUSV1jBCyi2bycV+nWP85CrBGB2Xwn0U3HvpUbF73Qgx0N7QFF9R
PjqcoNruTzbC89QjBRkx/amQPCiQX+1Zt4Z2UNSuFlySNL82RhmYFtm8GM2i
sEefPGg7wGWmnJpJmUuvoLWgqJpyyDAs61ndl0tPue8w5draJVzoOjCRt4FN
u+j2Y9VzpV7aRBOuZ8keIV1eSaPfMQrdMj7gu+hZN82KN4VIcke7arlAch4p
EqNVnCcDR9kak4RG8hjBlQkCChQ00yZvG/zU+AN7eNBE93CMlELt4Vj+fILX
z820XELDlqGAS/B8NZCD704mdm0uDqYoOgIA5MSSgjdnwclO0+ZCZoMRGJsz
vSC9blyUVwirwnob1K5/VJidSfHrYTqIAt46upwedxqnXEbH6XC7cSgMmWqz
GbdViEbXqhyAvDy6x/X+3rzDt3bWMoKhjlysTM6Gk6kP/U74oAo+1VXS+wCT
wYcbJTJ1EHy4VaissVR06b3NbbWcMM1xqSDSiM9S74z+POkeNGIueYEqyjJ1
srIQll+Cbo2Ic/AuGYW99zOsA5dMmu8M/RjvwSoFYz+/LFwx7fuW6Ou5+/ZV
X434abc2t5BSIT9Ap96Cdq5XHeIiMKKby+nVluIKbmFYFhlHJk6rxD0YGujV
M9LVtXjsbB7k2DWWLEVgBnEoX7cGeu7fS7Gi4H6pk3t/Y3cGkOaiE8MxXoxO
SobnosHFVneb3nFvBTcwUyNcMbhywmCEIjkJAwbFZ1m6nr1zj3n1yDe7R7nv
np/PysVjy7O0bcdFZULB6gQErOGEvxre5EIbFJqzAUpgMlaaVUMX9sCqGNyN
KPRSOXjx6d2iqEXvMGtutejR4Zn12AkiphiJNlOivt1MpahDNzhYpalp9wKR
d16gfHjXk+Dqo/FmoQBDGPNeO7rKMA08rQGmqPGOKzM7p+sQAk+O8x5+fbQP
Dx4vqxDQCqAIwOKvartRBnuGCVoc1IkqjvnNn9lkqKL1lYTw7UH1wuN914Au
1NYrS9zfTX1RlycVnCE7gusENuv1TPdgpAC8/IDdmzhoM7cKYWC5JJMsU+2d
teTzTThRVMa3gC4B5nJNAhQ/I7a8eNWUTDWPhebjEG/3DGjfLwaXPNKKDCUf
pc/WTwFqvgA5tXJ4OStwNgovHxkntMSl7awINA9uJYGH3sTkuarRqLd34M7r
VaSYwrHESWuv6nAtEy5Wprnlrv7VNy4tCWIvXqpt4hW672ZuEEAnrCcBhTN+
o+YnIt2zflENMQMPv6KiRMvHV+b0hkbVws3ALql9AGqvQbGA5cZaILWu1OTk
LGZRZxsPMSMNljFl+7DOltmBpHXt1/Ecs4N1VW/KKl70xyTC3H2nSgcTwVB3
3Sfrt9pkxYW87/J2+Pdr7U85N7ac6wFJiZqbzvFuAxfuYjrVhe9Wlaxd43CI
6ZBeBy+LROT1hpOv48K61Oxz3tGfhdtgbGsemnAkCoJsGkBk+/sxQZc3gEAO
xEj6tYrd1SJVJ47Z5Jz8UsKlxMQ6H52RbgciT/Risgq5UBdYVeexAgSrdSUu
Q3tXoyVfllApI0/1r3VOTWiNdQodm7mSP8GweLwqOjccX54i15iYzXK957FZ
vMJ30KUyhEGWWQ0iGGfhDDw4G5wMVnFlM/oH/HJkWc9s9g51fjYnj3B2CrzN
4RBRI0p01YG/YI4i8xIcpUevyZ57xipqAnkqMRjyrgW2pj3BvT2fqAyzF19t
Gm8E1CxtqHPPU8YLugs2AH3HcqUAz9PVWCySPRMI8T5jqO1v6LGVV+zWHwdd
xW8ewd8lP4bgFnMkqI/c0kTVBX/5zJFBbxmZ2gMocmI3ezhoAeDxRC1OnWSw
rGaSDxAdXQIruo1oc0tErM3nKPFvpHkpumak8wAtHsxDyF8DC/iCwPHqOngD
1DUVBxZuZS7AVCMdgtavY0ZMOWkqZhT0aaeYCx41r/PlfKsyAMswvgaJB5uO
YHJoPDwBRloqAalaPWK3M9Ya6vuGVBClUdlpIocTiRcSjtmPrl2m+cYOp0+7
Ke2Gw4Ji8OKtgjB4hFm4rPkZbRvzHVlN/Lm7iZGA0WM7ad0urH+9E3lhqmDe
ZynLts/+fh9irKpyPTa9FisaqMf5GDFhZD/OXsKBSSmbdVI/VqbS08uUj6Ck
4HejMB12hqJ0hyG/Ah+an5UFTlHPZHQfuv8y9kaG3RLpka7lofmoRYQUNq+9
NFeWeYjJQK1OOuLO8xmKL8TTXjo8gLJ91t/xbXCoWLAZ53UtgonSVnUDOIv0
UIUVweZykNgRmkV7T3Tb4lGtu6bpzctqd1tvwYNOUcF5eBodxChRpXcQNDpW
38gwYrPTeuZWvngku8rxc6i4CskbW6/D1gWwCF2HCQjH2iSqV9/03FNpTD5b
m7YjMQMuBSLxsAdgS/LlqpGwIBKLnVXFG12GAupT4myfJ7TcoUN9TNcYNl4j
mS9AhxbRs0eYWlB9wblFwdxH4AXIw6uIyBtWR9iyM8kGLCKrVZIbQlYUiyqH
lTO57xxMbOlw1zZwika55DAhTGy+umGXQFhRqCqANH0tL3NKx/wdyh6hTaxb
dEspJnhQg4ObgK2dt9KVYkMSHB3smgqo+vC84VJ4z2p5Qtc+MYv4qbuqtNcB
7lPs56+9kc1vyLafmM6z1ibzmUWx9xKzEPgVqGWHO/3FYjoUpVGcNF9aW7+X
lH1EC0HB61NS6fqjPEDrjoigry1QDB1rFdxsdK9W03t4vYdjfykLwZ+xnruF
Xq9ubNnzhKLeGKDxeeJz7ZGx7iS/NpvTQqvOxkqyNjUUd5TbsYvncMXlqgxS
/bpfkbhQ7Qh7qW/IYQ65ALNqevhK327Fyt6uoZApXlDfNKljWuTmMCRy7MgA
OpfCudbwsEyvVHnOj1eKFDiSJDLTHmc+d/t7oeO9Csp+KVOGWT5IuxjwCG67
PUV5lYSRC81Xx/yoC8ARu1hqOMcbsYwNpzt7M5NUwlsa5Oc7KmPRE/TjUlLS
Ojd876FAaJ9yd/Ay3egRDW+2h2Rn4boFAd3comrqU83LxDSc1m0gadU2AFzM
GOhhZS+8UnSErR6mWeQadUEyB/dvu+It9moGMbXv8SSPz1lBumHHxFGxAKaI
7NJyz5YkR82YW0Rfd7rSpDmusbBL23Udkhyyel+diHrISZftPTWa0bt/3Xvo
ze2eVFhx1jxXNMleBLK874qmW52ClCjuuJezBWOaV1aWE1hUCKqpWBMt7Mr3
hSsu7RNguw6y3k4nR8kzjbSOtDenfNwRkbyjj/vYXczldHrS9OYdYiYenFAc
oXGdWUc4n23NqN/4oyk5UiOXJ6N/VCI0sS6oV7P3gqPz63IhWPXOb4jlrYwU
lWStDwfyujfUTt/0lL8/d54kSdbBeXD167nsjrO8rNMV1M0ut1J1vhRxs4MY
f/q62kK4R98TAH+qWJsyeQ50BEpSxekT9DvqsqluI5Hj4pySWN4Haeq48cbF
GPPtTbJxWcGw0w7K7TYOi2dd6ZbIIN5ikBdyNlMsFD0KxQYeiB36xka0YacS
s2c8b5dExyOZ4MaGKav0DI73Mzh772RRhCsl+xuRdei7wKiWUBySOps6CM3i
t/3IGQHg+LPhvghq9nw6LmUdzJJxabS3yYoIjTR2BHOnBhoNoB70FO/qsv/x
7z/2+8cXff0fl1H4nfu+/keqKeh+8Ss1Bd0+aJqB5j9QU/CE31JTcDFKFLmU
/W9RU/j11e3NT/zzy3KM31UTOEf4QU/g16P8i9L/xuiHe4xAuMh+Y3bOEf/g
0mP9KwNOnO+WlqAiiaC7V79B+XzYc/bLJfDN9nxOO/CNWWTEVWTD9vzUrjDi
JjLsqtXsVavJXaShVbXJz2q6CfJZO67/din610//eM7JdSmRC9ukV78ea/ph
/X/F3H/PyJ9P8VtUure1IcLVf0Vp4UON/wHf/jsjfa8q8FVFAA5O5w/Qc8e4
+f2orukvWH+Vrij191QXvlx+T3ch5t0+8NTr72hn/EJNwfyQ6PZQ/NHF8D/X
Q/iqpVHFiER+5vAn72bNMv0oDHBqmdLrR3WhMDu3+uy8UrPF6Zu2gyt2g5/7
X8gHuSrMrxQUfrb/v9z9z0r+av9/ppjwZ2obHy2En+tt/Ms/fukXP5uXFXrn
N3fuOcK5csdf0cT4cW9+qcnwIfh/ihh/R5PhYyOf0T/qGj94dMi3x+dTmQ1V
iiWenyxX3ZLqyKeGc0+qrxoB7XfW94NvfI0wf2zR32m5/Gg3P/LwOs/NH7/4
TcLv84xf/dA4Y8O5/l+t59ckNaaeGaD5Y4tRbPIne3nYJPzVXr5ToTht8q/q
UPzGU8We+7mq96tGDfZLdYvyXKkfRyrj7pvNJH27nvbQiJyy2E6rmhb1+pdW
iii4xyfaixz1MGClVldIPj/1UQ44d9ZtPvokgUWVSXeHzxF/Urz4cvn2F6w4
/e2jKLEGfjvHCNf8qI1xfieW0vdzdbkxLr7N/Id5F5ZvFB927YxY39biXwoS
HLXHqHnu+7djoAmiDuG5RiL/NeL/oDzxyVkh9FWfA418c/hB1WIIUCr/rJzI
lm3gnd5VUZ9M10Xn67g3x08MSYWmcPj7J29cT98UvilaBBZZ2T/Y/icPRL76
mflVrD5PJkHf1D+G18P6eP+3rHO+rzz94nd1YZ5nJs663+KumR1qF5O9ttCk
fbkYrSUMGXZXyUh+MX+fu/5NTYi/xV1/4sNvXC78N7jrM+v9QF7/U+763M0f
1vWfctdfLt3ojMCwUMNb03GSMyTAHNdRY7btCHCoh8+OGB3tTLUqqfWa9bWC
yWY8oRf2ZpDFC85YTRSaI4C0+0LCEU6A6H3osoSE72sX4I3QAaVLAeKrrB+Z
eBNeBT6p2dt/XiHQftvW5p8WZcIizPr8ixjxkjTcjLwOIRLlQoHF91vWu0Qx
HCYEqs1Z2JON38XNzRbUhFiWWnGkqD99E3Q7C7ML5unXnlWObSKibbIsVKjM
6wuDQUiQls5an6OFD0ZCbqiXRQW002oNu3f3/uWyv0GUqZMgXj2klfKrGitC
rMCPAPOvSenlKhs3Kl4a72kHj61v53dT9EAuxM9lZUrp8blWnRs9sCZBlgI9
EVhLZ3y+jL/OXX90Kb6R1/+Uu/541jfy+q9z107xPXf9mYNVOZDgmsxOyqZL
kJa+XjF8OXIVZf4Cd/3l8iN5/UfcdeG02CDtmzKu3kjurbbI+LnCSgsXp29e
BRhjaUx5b0/4DT0Rv/A1ixJEnMl9EHswc77dckt8z0ThuQHqPZXsrZE3sToa
igH4cwT2TbzlJWNN0w/7ZOPXHVHyWIDFGHUI47DrJ0UA6YGQa5Apm8Z4z/sw
ri8SbG2tMQviy+X9rpYwL8DumnMDaMxlK6hRZDMu688Ops93QuhAtDj6eCnT
movDuMKGEH2RUWq27FX+crlLlRFJgdY7HT/mFKHrK2PiSamEWVZYBukBgCbK
T2EqPv/Tgu3VW8+fHbn4SBk2+lh9uSyqFKS27vi2pd1k7Hqn92f85IFZ1Qak
SeDe9lviagrq5MqGDDygwAtgAyi9zzXrxFetlEJGB/K0IkP8iYD+Lf75F6e/
Vcogv3Laf08T4pen1H9QCPt7x9TPeJ+oZzVwjnZWB0wAf7l8Vfkpi89/RZz5
lrwqdfJTZFWY+U8Vis4K5Hu+wkxWzviBr1ivP+jNUUqMfjSluDq0z9WzxN/m
rZmiYPWv19gbA32+psjHWZJlZaBRAWCHI2hfZURWRegqrBPAoquO+/ayV2d3
4Hm7XVDy/UFrq4jU7zU1p5qjLL9pbqM31v46kyh55bXXAXFjXuz0TdtmN+Fu
T8wTvPAcoc0Cn5NPv5eYj5T06ut3nABIEJ0o/6aXGsRQcdjn1Ut76IXOrrX9
SgvofFDcOwDaPPMmGMSCLkfrLTLHMtRwNJUXUR6xxHBfjWcIFT7vds3PRfNI
Hmr0vj5CxnDSmXcBixzQL5eeSj3aDFxAxK8bIedYSW/PZ1e7aAoiqmy+odPG
mAxUgYo5UB862KGG8qdfPDHLS+izAulnHm733X/B9gO5QSJO2rLJS15luDQ9
Mq8EUm18SSXsGtPWcXbyK0uSkUZNB01NzDddijMGmcpX9R2yJs+AmXyNYCJp
GAqJfdSB5B9p/k/Pf8bQ7NtnWPaTP0+/MNXfVadTKOXraNI5mEIOPE1/ABOH
o1aFPUf/+rcz836L4OxZn/DnF6bfFIEwlisM5w3GylxB6VldJi2OjdF4xr6d
6sJeWYVv0bn+RNpi5QbSaWxay8nEZ+R8o62yVcuxF/gSuXPNb/kl89XqBE36
chnqqD+eXRFZKgoWT8vAkjju0ho0MYhi9QkofBvYqirNQ6R6qGuw2332lnGS
Llc570+rXjQuJloXrvLctDlQfnUuyygmOAfZkxQIVFauI5q1SOuWmCaUuwg9
1fdxHaxSjUjaOmPUYCCotwlnHXpf5tTN+7icx3byirtqIF480p0MIINSIkPQ
QiG4Lr7yuic8XsfKkqQC9uVyQKK2FHg3BY1sK6BJ8/27K8ptDeyhhrWdufIz
xiCiRK9A7l/P0qS8IkqsmoFvv2fk9Avd1BVC8lWDxnhvwZoOVbBJ7iUmxct+
MO5nxTEcYkK5+x4bQZ1PRYEx5rLe5blBEE34csHooW8pIr+Ztxl+KEhiBVtR
iF9rJfADctk/B7l+GWm+2eTfIbl+CXJ9fk36XZQLNQz3evNd0Hh2lc9MEMBP
Wvfs/U90pr1vOldnjDorCjKixrOA+J4qkciDfXyfiamzRhB+rm7BKQbhn1Zt
i9vZhZ11KgufMXhV2uHzBN+/kz37T1ZkHLqN1freycGQCuhC87nqjude1Jbl
FagR4m8wfWzxnscL+7u8mfA0eSQdcdjjLHlqqKS+fbnM7n6zurltRcPRWpTV
ENS+lpiePAi9LgpSqkBe8CJ25pfKYFMLMsi4rdn+SJG1LvozwhjM63EGh9F4
GSYU7wZvH2Nx2++P19Xr35sRhdtM6QurPrPA4rLZcVsPliaJ95PnQ7g5Z7f4
hoE4ZR5sBo2IaL+iY+kK6aoug9C8E6qBFyJfPfzdVrxEhzTE53dPYnT4Ge2I
lG37lwtoO0c3IWzRb88b7LWk+2yRJne0PGwK8sGZRxkJr6GfLJtARXh+yPdw
o4jQJxbJv+LLWQWVwvmmt2HspFtomXvc5kYW49MBckr43+y92a6s2LmoeY+U
73B0btEWPQFV3paCPoCg7+9oIui7oOeynqMeoR6ymCu9bWc6M53by96ntupM
aSlYTBjNP/52BuNjlJGVP1e2et9QJjfVUORPiyxaI/CRZ4OvwXx5ueax/VeQ
K377T9j/JTCLX/mz9f8qpsVPX3r/j++q/ZcSLuh/BeHi53tmfx/o4m/v+h28
ix+A30e8+BXJ/heCL+j/KvDFb8nxH1uH34/BuJbjauRPws5+9AP//j+Rv+Vj
/Cet57/IAn4nt+OnY/v/Ib7jZ1iIS74/4UL8E+Eef4pFbP910/67gtHXV45N
2b1+ieSR/tjO10L+x2X/5SSPdmnm8ktOUNxcRtnFc7m+/tz6j5Ltruj4bQ5l
+xWmhqvDeJ7jtGivpfgngD/+LKPfprT8SwEfCAxjxD+J8EHiCPp3CR//z9XW
X4Tflvu1tihM4H++8brs//75ZX+9RgiC/uTi/+vb9T8Dh2AU9rNr/houUsxt
8z/wG/XXl/zp939Z6j+tPYqR/wwEyS/o/H9vBMkvTOjnCJLfiBS/FSh+NU6g
/wf8lzjxe4AkX48mpLe/pYSkmMOykvbfnxLCcUbUgpnnkogSgE0bqPyiPEAf
KhbE3WCzlUbAKwnp/aSXnr4/P4HX3AwRDc/7jXjMe5HKz+pNOVunNHc4TD6b
2BXy/dI1+imxFtiNWQjccQT77IrkItflakf1flpTxxBu54RpDCeXNwGkYqZ9
830jUnuHoz3BIEKjsJ3ybLQc0BjHHMbPomZgR5ZlB6+iYDiydzMYLkt52PNe
Y/noufsUxc6AEkY48oo9dayOwKclEAC1ogx/D8iC4odq5AkjIAlZWSZUu1ed
XPYa/XIr1iTbDgkMZsPdUP56UyOF4SByk1IREKqNCx69HN6CxdYyNPm0tCyE
dtscFpmfJ5ZY+cMd/TCvzGJcGtaa/rtSQto9WG+rGtu3NZ2K6OifxJZbUwg8
XAEvDYXsEGY5EzbqXrux+YQj5kU+6dS530kcKs5z5LfE617R4532/aOs8CQz
ox25AV0SDirDskiIEWA+T6Uq5uzhruPRSnSV385uJJGboI05R66gvpQ3XcCj
AJvhG/oA8QcgcdVbUD9HR2P06m7PoXUM1yRCJBoVR6ueaJVxJgE1MtFlYpiy
0FYiRRnNRHviuLoKQDeI9yDwrO6WpKE7c9YkLIvdSklas13yeuAserh6iork
uz2kRe+Gg1BVwrXhQufSmAaGp0dnHZnKEuHQST016CssDdGm2U+56yrkgu9A
aj1lOs6WSC0XYhnss7lcp746+GRZQEx+ByWEOZ9RI+6JmseLQE+PMqaVj3jP
i9YE4rUOGpNEVe2Uyps2a7OhTuX4+FTlZbGc/6LS0FiGaQGxYjcjy3tyUsUi
R65NCsX4d8CgyJnI5Vi3Pg/8vh46BOEJf0ZPlLyFll+ymJXvT3DAOAYhkZV3
UiQNqmgBb6MiPzMeUBNbokt1eUGlVoK7uXPwLIbeuYTGJn0Ffir5gOyEhVmM
xb6ClINsugv7UBOOFdfmBkQs8SrPTVzeDF9UL+RWynXucYdLTvcQgXmMCgUV
muJr4PPnkNUBTOHUu1kw6vItZ7CA/IaYd8bWHZv1t5xf8CYq56ZOP6iDFAT5
uB8KTpaHoQZRHC0xYVHSi4SefMYS4YTGNyDfMGGz87Nym10/H9YsbuzI1USW
Iu5wM1S9fUWEocZm3mwM9Q5Crl7pN+RAdgEvMg4DewoNqUIc1ScdhA88eGdq
eMvnZAZ/VjZLq0qr2wSxkOO38W6yXX7TpD/ndR2lssa1PoAgh07Ymy9Zbkbo
g7e+39lYDi1FdSo9e+8BQ+QDqxLBAm+BYxnugZky0twy+hbr2AACcaQqQZGv
T1+jLeR5jrNAbmUxtEaaqnqAMRmVPLZFFF5HdMcFiyyDMs3G5tYFPmefG4BE
cf1OXjifKFYOHx8roQO6fMYu09vpxhx8Pwx41YivHS5EjujbpUrWTwbNg0XE
7agBJpiGkIxhfU+tRLywvlky2QfTFLoSyex+vINPka6DV0L3g57sp/ja7gPr
BLVllUmi2UAVguh0zhSy9Kj2HnDB/2Dk5621/E1pGSnwnYl2b5FPHKG8Mp5I
exEn1uBtnSFl18YCkPkgMxsfyqmgXUJunLud9lRwvUejtCo1M652NE7Ohy/0
h0zSL3xzFhCF3oSyElzYbMAQT6Cj7JaGelEuxuqOwPKA6E59hBROzni5ZNTg
WciKPfflaZ82JgukBYZdjSxOO3PAzqG3RREcQt1sAqxWVT+gmDxrBMaHD2Gv
d4jvRPnjdTqng9Z0bqjs71ZW8ij7qmokAM4gVx8Zt1oCNB+zpWmoqxfHsE5Z
HWWV5YDPj4OSx1DLtsHf6RiC1aw8mtqSF8GHhQIQuPAR4U5TCc/6lTn1zIE6
RjmaJ/A4qjICkTktdHdOmHnBcGjmFguaNk/quMZ3bFQEQDAMdY1MQm/I6526
36O7Zh4RAm/mIkT3r02VZCtDCCEU0PChUkhzce14QiuLOKSRE28gego7FHef
+Fa6rH105HPpbzO2Hq+1AM0A3joylnz/RcOaMS2qkKEEz4X+p68/Rk/cZgAi
MGoxXPxmGaylzCI8j+2iDU0BUdJUFAZ23UqhvmIcQiyUuxh7Xls8q9OlQVYQ
zRjIyF6Oc3RZsmoFX2g7bAERtXhj6c1Dh00JW5Iilk46Yl3CJqS03hL0eKw1
heTC2LYYAB215QcYnDeIjM/vBAf9IUllP5yua1OqXcXy5HjTWcjenpOGY0Y5
OF8MaGRBo0ZmBOxTck/J3RIOjmLly63d+XMzoeMyZREr1EQrcuphIsGT/XgD
xh/DxlkZxz+47mGgkmsDjyVBSSjq7sF2ss6tmglfrKbnDQuk52cpVQjvNltc
wWG/RRtBuyB327Bk79IxliXXeAGVuzMPOc4s260V2M0fz3oq7ubEMqR4OOma
ZX0jRAJYv3gwPdYO2ZQYGlyDCQtE2toDUCNCK+sercZjWZa3c88ZcCEpMrql
GMljGojsomuTjPnoHWVp+MvkVjbbWGSvWpaWSmCRlISa10aIpfc0QI+mR1dK
zB8qeGnvFL2kbSPTJwWP8yIrz6d4YoT9zD7P5NGFCoi7gJ6VFTMxDDqz9a0l
YqsjJe/9RnCLibhp1EBinxcjjHnCb8sXpD0dvVGKdUnpcACDBgE+6+MFo7US
EUJlhD7BmPJSYbncYOI1jYgeP/yQjwoZzPVz5avdTc6MMJZC4OrGyOgRMJKA
wymOUnVsRD6qnS5S/rGc2A4OOniH1srE2iJ+xPfX24/TJ62ONubmC/k0Dg/f
jAlAk9Wsj0Rql3glnuB0Gt3hel242rTaGg2bY4/gikHFhz288EQ38owsAZfB
4oGdj7qJgWKRc7cXl1a1m1d8G53tg4g2+lxi9/0ijOjZIeSox2PgPGuSOvgn
vuQPOiZ1DHvKCtIDl/PyzTUQLHNIMFLz7560Ex+xqQlQFeEy20WhOh7Q3U2H
/oXgBU2Zc2jpVTyRrv7gWgBivUpQps/JTodvVM2uIq3av0BYpviPEBIBHEli
eKntfc0H5xmJ1oulA0KIlNd9QrQD8KtydKtq2v3bGyGOzrtyUQmNbk/iE+VO
xjYsOO0dORojusT6XXw9Q6IwLer5NgIw9msAf5Do4hTvBm84nl06MUDR7pFO
+WC9F588mvaazqBFnCa+oS7/8LXJV/ii3FhmvxERDVTakmQNKIW+a/K8cCWP
4kCSRPIKL5+Gz0P7QJmCcBzhEAgQdiuIe/EMpjdkP1y1DV0ClwNIFyUQEgEX
ULuYlfHQYQxbvZevtNzBIM47bX15JyPo/TKVj2cp8qQ/hitNmzQv7AEF3JlZ
krrOWOTSfJKSO91v82wMDluZ9dM/EXT+3FdR51MlDu53521Cy+AwS41pfXnv
gZGEE5uCy8+zRSCfxIrceKhLUgbNU4AlZDAhpCaF/kosHKpq0uBJ7Ye2L+9l
h3VoOXEgduz57foUYZ0CE9NU0XtXIMqhRAkkRHinFB6haXrznuN0j6L0UKpT
fDBTDz8F56mhPCBPTghLs4AVp5t6kPLhXRBvsda248Udluyw8EN9Ca2hEUKK
N/gzLApwdUEbqvG7ufGAyRbzXIRR66dt4SyY1ibU46H56uA6VEsuQ3jQUNh4
98E08ASX+knJhISOHJ8SgqJggLt9zsQbF6FULjbQQ524WAXt8MXnVN8/vD59
1pud06JmrbcHY4ssc8vBlLhjqc/44kwC++MApUa67GyPH+UA3m/Wu9ngoYmq
eLdGumDnJx88b8OICwr5dM8JPD3rFlUCdwsGhABsplHrD20X755GiFZM7mvl
wNCpVdTtMBaIfJQRxgSOgLeBLBSUWln2G/NjQW058RXNQBmQB+zetklNalGV
dGndnhzb3uKOersH65yDzpLWVnpk7mCmLhR7hRL64ZzbY+GdwAewXrNH7Nap
W7QHZ0VQVT5xaWUc07vLRafJbsbOnZaNMfqjxsKEK9g8DMLpgCIcO1sOuI/c
mPUFFSfIu1fnpRSS0GRBvZvo171K1HPMrDOQn8ep+GZQt6f2hDEn3Al77kGR
4oC5XtHESB7tm8P5pvxwzq0bl5AsGBG7cqXb6JbCpFcjadn4lkAr5fioNgab
2LNDY0sKcOb0czkdcPpwbEiO9v1ljAcqRZjc3cOpxpgJ7pkbffihGtThmb+e
0Z0zMBZ8vaZbrxDAZToBqHrXeMHscUk4C6Z7051ryRfP22mPIIV6JCGO6app
QhSO9T41JXlT0vJA0GB3gUEJ7ymBP7P1Iy8f1r9C8OyvyjRuWRA00fHZMSiG
3tk5lQ6H1CBo8WFhOfwm1kc0KTegr+3eAqPauz+sFV/nnqS5oTZaNwCfIEH6
HdS1HhZE5u1hEuwiIMEys7QWCES7dl33AKrH/X3FyOzuUcEbAz8L7J/PXTy/
ntShxvMkqlGeuSF8xNBD5iyW5izVj0eZjDEwvTEgcCZjnpsZYpd1EdNkP/bm
pTlLk1b+DD4XYT2r9MHyVl0JA3vPJ/Z+nykWiUHi0XYNNwOe9o62tSi694Pd
PJSxTC5qYPjdmJvsNHZZKVhq6bCe5n2uolSMH5k/epx+i9oBgpMJYC03rd2s
aNUMWkc8nQWwmyw9aefQpEDmAM1eQrXWr8vHocRzV0Yqo3W935oe/hnrEwjw
p7zLjVlLZzfse+jJ2roybdXXG60LL7ve3v2d993zUWJ+HqKOcn8+kFqp4ICd
DLsAXkLaFTdQEiTxzrZMOsiDfut880wekWaegXDP2gdUqY6MEPabK+US2t+K
mlAl6X3e8AiQcw3SsGQdOP7sSnJj15x6ezL4DiFXEoct81MM+xA+hDSqnPSo
ueSTWGuMDrcI9TxJ4PH6JB+DJGhtGsP8HbwR8QxM4rDrWlKhkIHnuKmGZymA
z9BRE3GBuGZ/iiTRiYd25zhgSxw9hCfSeL0UZU1JWj2rJZeaO13kQpGJn1gb
YfVRBTRs6HrtJ5tgt2XFq3yeJNOwAu7jph8gfFLlML9tjTZgwiOSxg75HVau
CEiTsxKkcs62UeN0iy7Jy6uPXR+hJqxhjBrwhYDCYd16p7sm7V5HorYZyapB
v1v9LvnEhuORxhEdhrqQe8tHbTeijU6SYnr4y7tKAXeSIrOb0Kg/6BNEOeRN
noHVLy7O7XUhz2rELUk4HoIOHUv4Em8GhHTt40xbM3ADUgZEhLEjMe2F+7J8
1res66xSkjwND21gCHumN3D9fAa+kHVceY8RjcOlwVfYnrZfazTtAJztDbkL
CaO14OeonBYexnOQjJ7m9c3N6r6B1SVUoUEVeHpG1UZcUPihWgOUR5MGt4Co
DU5UG1isRdSVoufQQ8e5ZEuyMZSFg1fayK32PdsP5gv95eOPApLKyXtPzGHJ
Hf4CjquY3bn2+dkD5zWz7+f9YTuGWMNwYQiRxahu0MG1nr/eQdOhxF6jwTjk
kjAqAnXaUg3Qyguteq3fPLMa110GYS/MAzgG5UqzoZ0ayBxDJYmMq1PaTe70
aE8YpTErQ4G5/NADICPHVqPX1OnVNRA/lFDODGR10wmBeZW9KnelO2LMmXhp
2fBRTr8+V3bCLk8qi8i2NoG+iYL2figi4dkfQtgwTXDYWYhQOhfuSd3eAynu
umgS+/ze33XHe+VOblEtDVaaxjfJFRsVd+e7A+HdWW0kXIl3LhpPyZy3Sm2y
EUxuQUSYky4ScT/e3CIZajPp5WvQ4TzyKwAG8ZimG/XobO10i+DyPKjeIiR7
05e9YQoBJ+s9Ta9Eq4JFdFLuKjVfyRuFEskqP6+K5c1jCchJCAqfnkne3wEe
WUPF1XCwpxBRYHaAsm1S68RVGPfypwBdW0cXL3w6kHOPtw1gmiTcPpgFl7Ut
3LJIgW9rx01r4CFPLgLJ0pQ6tQ6s1tyf4Zo++2MgFiWz0xgrEiq9Ac3nZbzj
B2WIBGiZ+E1OwqrKaSS1zjslslBzgxUX7uI9bvL1TQv21FCGyl4Fk7b0NnED
BAYHZRZdsFspthO30PjL1bltOz/Mfj6xBylF3L0pRudzZ9Rz3jaah8AxxTEB
UsE2X4EuK1NCWoTpxUpW2STqCNkfMzt9CZpvQrjUL7rdRpl4P/vThxzxIcoH
WYfp099xTUwnwM5HXKK3+DV62eCyYYl+OqZP3vtmDGApnLIqpOGhhpXC4I1x
j7IOp42rqu7RNAieyh1oQIYYn1e+0hovYt4RmHfc10RtPvmMUWZZriUJ6FCB
2u3B3g+dbT+uSRtYwcZKttZLBPQ+XNBJFi1zq9DQizlq6pVWKRKH6iKk93NR
U9SVtGLVhpHrZr5Id0FXi1wnBcb0PgfQ3aqbZqfY7FiQ0R/Plgukq57mSuoK
EwhKVgtR9oe3v4YbxLnn+8q3gxAMHohXO80T5IB9E0E9MhWkaEhdF8ZjaKur
m7u6uymHVbuctt0d1vtQ88AKZM0K3UvQ6a+4geRPx6EAkmFzMnNQb7vLfejF
+skInbCaKELrq4Xygt/Ji8rkKBXwez/hEP606Yic6bnw0wWWgcXrOa+qxexl
psciYvyBhJvdKXs8VGA0m92tvX0sNHTELuNGTz2GIOpg2zw+adw2OQewMASW
V8GVdO5rjT8LdxxBfILPZl9RhTUKg0TH1/3RJZv/zPbaY9Rb6qtH60YJWYJ3
GJDqTxykahJnoli12W3K+8jyOPPcK7jvEAYvH7lf5hFm2SBuqm9KJbj2g83d
OjXHS6QBfZ2nTI4dGazE2eURJiK7Q1+md6NeKdUMGeKnZuYVuQuTuqChv+6d
QegJIk0chYfBCgT3W/nipjwIOHvrSMy7u0UfPz9IUfBCA6KysI3cTq9I9Ny6
Vrtrsms4mAxzoeJVzKsBOit66S/jHEJTDHY5HqLiKrWnp1aZg1S+xhY6DpdE
SlALlngg2WMs33Fy2y07RR3zjIF5f9j3xdpzZHg7Cxh3ditgWEPcNiwU5lne
IeWs7o9WWz0pXO85dg8zBJnQPH7cJDQpgKe01sGEbilTtoo91nH3bM8I5SZK
QfRw4tl0HcNbc0N3ft1F9Ch4576VSxDklnRQlAr43XvuDBncqdh/2D7bh5dj
eGS+E9DdmGfoezX2Gxk9c4ULw8IVXLIqrK+XaZpmf74mBUDH/Bkc4Dw9W50c
HgqYzZMcEOv8wQXJGxE04yHUm6TxfOsLlL1lu3ZCAx8n9YrylhUA2ltg750H
RvaHfZ6mZqMMhGTkPaZRg8VRM9zF2XwlrdGd9soMdiLeY6E3OU/ANzYOSaC0
3FfO4DGBnu+KF1u20sOmaXSfol8DgmDvD/sZsyVuiNFQzA0L1vts5vQcO+IT
sXwIqEe72VCnaFsjK2sckj9l4MghY1BwQsGCyYTCnnx0TALJdOdogQrTkO1M
k7S6/E7uKhAZogTmcfMIhW6gJz2gy3yxwQ92G5je8N/uO3h8zmjoQ11R0W7I
qzcNjZeQBeR5Xo4fMJJ49dnM12s8cuvpTZlNHfB9TFlxfxV+brGvR/9OFa0P
bi6PGkzcLTBzWYIoR+YIHQC50N2VnMQMldunGLOQYBKtFayuC2J2q/p07390
DqMk3nzdttlz0+J1gpq51NGbe1MisOgLT67MHMxSuXfYGsUoEg7gxx+sW4ky
+qSIz5d7KuqU0+4a1et76wwcPJdofb8tggIotHsmqj1XDqNH3ahxtVo8ouUV
iHJ+GYdOE3U99lvjr5QZXmEtMK+SLBar2FVFBg6veuFgBfBm8Z8xWDXuSLtH
isVLK98OmdiOvP9g0AnaOT96Oo+XfF3F9jpZSvzJyNXLWAVQTBFTVfKtbLnI
OZkBwpSiBOpRRM+ppJxZVKvjdUNR1iS25pa9zdeOqNDaSRpxSZ9iAPPKIRze
7Ldj9mWWGJ0Xys9ba5VsyqSIob0SU3hiqYN+ApxIG7K8ohV2PlE+XJ1LSd6A
qtTqkq0ShK8Z1Qu+TfVKSLanMUeKH+FB/qTznZ00gpYiCGSnjyb0/I7UjuFZ
w5uDgU/+gaa3NniKbd94vIjzp5vwje3SYpMee0ByYT8e8LSjGP9J9RK80n36
qWr37qDBXQeBx9AcBp15yctlbZVJTvMhETdBI/ECK6VgJ01I1rq6VTVlewba
owRfNU++oLKOVJspciB9fpw50kGRNKBbYiq6Eu6POot7wVLJsR6V8XQSKXjS
Ahw0e1oxBs4Xb/u08dOpUcMAenOiy1fi9OeVCaE7uVdXwQlx6O3d+kLiZxWr
VqyGRvju121dB323fbLXVG24bon7VgP3yUa8qy6I6+AVfOBd2smtsumDnMT3
HPoP4p0Xjezs6xrbFROCCMasapT0inrfYAiuAEIuD/POQDOKnm4srSUU8puK
xNI85CFkuHw8J1LrwnQ934wQxKrStXZDquIXzr6aUQU4LBNk6EFyorGohXot
mVs7XCByifVa8isQ0J8nfEKxDR3mslkFqJeaOskZWF7uPSAGwGu4wxrJXK+t
V4UhlU69DYWXNE7NHaeXEu7kCtdhFDGtXkbxlGDo8jl6LWHl6Qy2bwHkg38/
SbmnpDWNRGPUYSsmJFtnjNSEPvyHEEt+Tnh3rGXM6LsnH74aBU2WB6FuxOTO
wCXybaavfCaIB1RX8arz7vLnrb6vOuutGy0u0C1rsCfDaiezoi6YLnfbK2jp
jvMUmImAMlq4wI/jenv2BKdrUvYOa8rONuIR7mAgxsVYQ+P6GS3QDAwm0cn+
Faht8mhuTqQsE9CN95w0el7r9jdFWlhlbJ9ITxGkiqcTVsnTJA/PdPZmh+QK
Y5OzqENeKsjJJXij9hdAQhmqEcr3lTx0FPuYwPSqlu0rq5Kb0HKpcRszd8mm
IGHfGpn4OAJ5OHZ8TpzpT29hKEDDVt0Zey56qZZ1fyVsLIhW64q+D2OQv+rj
mJ3PFHOFnSmf3FXDiccHwmbl/UbrN5SFgBJL02SGjweLFgX4JhqQrwcsqOKA
FIX5Xj2hKZUbFn7Py3DW9CyL2JTyrpMo1HNzdwcYZIIG02t2cyZL+9N7pDSM
G40xTn0qnQrBDqPJEWyzjhVSCSn4imjmwUbgRFHw40UzQCIMPmJTd412D6kh
OzZpGk6PT/dRZFZB5D23IoK14jd//oBnxE4v8XzIt5698xilXIFlIc3s/kJj
hBzLRBFfuhJHvNciHPf1kteQfbiuHG2QwbU6wbwprbbsE43nkHLPY7f3ElBo
KVQMrjmuevYpgLF5juuBkY951kITRS9HjwQe24YCLAlGZ5NfX0gFLujHtHV3
VGQAFuiyf2d76sz6Cqa5lt2WcpgiIByOF+YcDMH54LQE7/B9G5ZyKtQMGp5p
TV4u6lJVDEj1eDSnyfXroZIvR/N6Zekd7/uuGykM4wKDtA0BqaeguX8mzvOv
TGBuBGtMYldRPsMKSGVXJODTre6a64NOeufPLnEOSVj5RWMfwc13b3aj5036
4Sv5FDs5YlEcbGDl3AXslQE3o8tybmrUVk5xfi/u6kcRhY24PZf1QFwtw9+k
f7vzn7iCCFx49NHJWRJoQf2WVkupAMYZU+tE+dSNRrMJeW1iqk4gg+Rgc6Mf
iQ6Dp4VfRTTyBsnanqw3yC/pR8ItAWxcMImBjSA7ZkT4Z8/IwnIaHzW76xy9
Wt5WUmmrhOEb8vJPya3RPk7cdHlZCnm7/GsSKaj0bCDeh7suFOxA9a4ZeTl1
WJN126EW5ivBj4yFvtTgnr9upFRsg72AR04QLdFlr4A/iMulTdNVPFTStgjL
TaDGG7E7jseDFRP17bG/Q9ODR2FdX41AkdInBQWnT2z0fhrWWWwVOAD+u6B0
y+vNWEogZrlbPAPtAasWJzeVn7F3FS71LpXpmCu9eMTbMOcsoleP+B5gQd7B
gGdeafrrzmSzy3lM/iBvei5s//57MUvf8UTw/xKm0i89fvn/caaS/TT/hqlk
PyqW5Qv8N5hKRfxLTKVCZR6PhwX/KlPpbyhJX7uFf85J0tZvj7EF+TfKR9gK
Z+TvQ9K6v0hJ+gH4ZdrSr7Xi/Q0l6Yvb8recpP8MJelPLKGfcZL+DiXp0Kv7
nylJPwC/xEn6HZSkn5GAXMwr49arMq7P/QNf1Ab+KfHmmsGD/2XW1H9mLX4u
xR97+AH4E1VHTFt6vj7/tNf6ktSvkYl+RuT5Rob6XZSZn3F8/iztLzrV35f3
n6T9E8aQ98VaKRHmiy3lLV8S/AsTBPFMm/GjQD6/EUA4fnneYcVE6eXqf8lY
xH0FzFf/c+bv8KUPAVOknblecsUvad4eorxmPlGHgUwYttw8uWepH0yfcnAZ
os0Wf3Fd/oOf4ruXPjw3WPmRRYP8uV+9vO9q9UVXudal++K1mLMnNVvk9HkS
eFMmNj+SWNAvjs+XZJJWgOMgaq6+ygTzlkgUji+mkHbWxJ/7c1JCN/92Nt/W
Ar5kDqsYM4V+s1ytVPHVwqWj8DULJD2QIkW1IbYfX7b5N1Z/zeJXWGq/TlL7
4hpZfRw8869/X7Movigyv8JU+w1f0f6o5V+r6S4/bze0mT+3dI3nR8YTJhOp
ZDURyzjqjz4s/2uWEINc81qigzFtWHMeZ3r1cUmr9aYEY5roGyWLzy/5f1vp
P3OGrvNfs+CXB8u4XxyfVBSIRKSLq59vRKJrdt+05j905rKVS+ry8vUAd9b+
bAw/snxEYXmIzXJZ13Kdu2zj63f0lrRfYxLgTBSudUK+9GN58A38RTD64hk9
f2QD/YX8Y152Cn/5429aLWnXXd4lZab9st8/EYPqtBXa7NL2axZoA8fsjzSi
WNS2AJWv9fcuv0k0v4cn9I0tRfwaJ+jXKUF/0dEfgF+wuR91FC3gxN9+ztg6
VV84LwsbvrT9y55+AP6+RclF0mltFDxm69KyBLUujUovP5mVcWB+8a2utgzx
W3/g9XnN2wQN6VqtrxhRbetlh/BXFDBYuo98oTaqLz9mEV/xw5Du4A/AXxGp
fuRcfb1b6VdYV5eNfJPDi/3GICvDy099YyotkbOtYYX/Wde/NP3qc/uPfn6L
e/XFGvtl8tXv5V79B9/qb8lXf4d79TVeJJG+9sBftnBkLF1c/2vSlvh6QB2N
fjKGP7GnfDy/xvKjponN/I2mhzFf3LdrVJelwKGv9ZelXHrxIzvr95KzvuTw
y+ysXyJn/ZWH+XOrPwAP/tKeNhqiL70Umy9Nhl82YyboFfWw+idrcukJbJTw
/BXb0pICv9hrX2wplwq7x2q0v0z6ubSJUrHrzku7Ug6nVFReI6n+pmGZ+EWO
+2pftWFMd+pZNf8SSb7iyC/YzE99xqX9l0b9Pf0Xv6zdRbWfRr4fOWDYF5Px
2/aCy+//x0p987pt45s1bWcno1potn6BNUyXcDy/EDw/u44F1v12TvAu64aF
6NsVMDG4FaN/O/Y1IeE9y2se8LPzfI+n8bDmvyIOEyFP7Hk2i3NqbirI2BVx
qstjBUwZ1YLtut7oYM21ilmU1JeXgy01aeXKESdU67Q9EczPqzOJyz/UMex+
tHq+WoiR/os716Xd0IaY4DsB83y2w/rkTFhDs8iSmMYM5I8C04tdFx/bL5io
sUy3bar4Or40qvIiu5MxDYvGrGJiD5EDx75sRKyvlqPaFcPd9frjGg+vB8WW
iiaewd9kwNqNfMlBc73rt0P39d4O469X84Dn30NN+wH44qZ9DzXti3jy7ew/
TE378vbR8D3UtK+s2Ny/h5r2A/C1N+Z7qGnfSED376Gm/QB8cdO+h5r2A/DF
TfseatoPwBc37XuoaVfMoj36e6hpl0YVsvo91LRrDBacfw817fK0P3rTf5ia
ds0iN/3voab9AHxx076HmnZZN5Jz30NNu2YBitz3UNN+AL64ad9DTbtmwRPK
91DTrjEYQ/k91LTLuilq+x5q2g/fvWvvh39k295PqGlX1ONC5HuoaV9+8mf7
Tf+T1LQfgL/aI/gPUdMuP3mU5PdQ034Avrhp30NN+wH44qZ9DzXt8tX3Hvse
ato1i5SFv4ea9gPwxU37HmraD8BXBP0eatplWV+Mye+gpn3z9tX3UNOuMUi6
/D3UtMtXvzvte6hp1xhYu/weatpVJWUS/j3UtB+AL27a91DTfgC+uGnfQ037
AfhHdrb/9cb2Sw6/vbX971LTvmxTaL6HmnZ5WpMK/oqahl256q9T0wRDby2m
fCD5YCdW8uGLay12n1pM0INEKG11hsRpou0mxXv9+v77vLi5TPgJwNfknuZV
b9KnNta42iV5ZvZu9pLnLLwqwqMhs8aj0vdD0PIupx7NsizyA6di4pC3UMRg
Er7X6zULmYWK8TbZDKuempfQbtk75S6WIN6JDFpayc1RpnfcLkdBRFmV4/pH
ozREwj+bayLK5WntckIdtiQgx05BNxRvHwkMj4dlv7xdYx8P7MPfKR7MOCsn
LSIZdUfaH52ZMKtIjwj9+gEYXk03yy97Xy1bt8Mt7TUxeHURad9e45vByqYj
iQzOXcv2boVhv6OtQEw7ivHbK+dvV8yiuTx9EUMShWb+YtBbqzLsMOVWHiqJ
CYEaYzCv3SGVvdwzfNI4ELxHZO2WL/C+ukNw1f5gLS4dZP5uato/5xupfy0i
7be/hfrHEGm/znD6hd7+HgHtt6Ae/zr+00+4Hr+PgPbPgJL99mR/DiX7zWn/
FE72qwL4+4iyn4niP4co++lXkT+D7Pyf/yP5wiLFn+Pf/+cLxv4WBvZv/3ad
/uE3KXw/a/evqDx/3fqNpv/U4HX0+7hl0799oxf9z9/u/tcggH8PGPaLhvC/
Dhh29f0Pwad+AL6TPvUzwNjvxE/9Lo7Yr6/1F2vpn7nUf/hq8I9/KK4x//EP
czlfhvUH6D8+fzyb9NlxWdsfhj/+RC/+kPzx96jGH6Dkj39Rjz9Aw0+b+t86
8gs68mcp/WGe/3gpyx+SD/THb/ry7egXVOZas/mPX7dd4v5arj98U5Q//kmT
/u3f/soj/VSp/mqq/4mnM77QeP1Uzt9U7UehffVQeoxubbAi5v39+tFst+Dd
/Dq66pTrx2Xv4fXBaqUFa18nUr7hTc/C0cVz9D25f0HZc/uG0Z2OOYO1oXA2
Dsn7bpl8pR9buYUdO9ec0iWpWpPkNDYOeF7lQ5nVPEgqWx1d7ir/nO909J6D
ilY9jOO3POSG1/1Tg3onS/WjuL8dwyrT8jogQvmz3dZqhSPf8p/Q0nzB6TPj
jZgRWnMcvQ9DRm1fY2VkyyX4Ty3nef7v//5neX6J9l9P/ftbDu3vBAH+Cev4
v3mAvxf7+D9+Sn38F8MCSRz+Z8ECKYL8x2CBGHn7/bBAHCH+LiwQv5F/DxZI
YuT/Wljgn+zivxEzEPh9KffPQbf/MnYgAv+n2YGvz9+yA1/dFztw+O/PDmTV
PHg34Q0nBWfM1C5UfZOHlpDA4vSe2FovboAeUmQmePM7w+t2VnqBTMbD6lsE
m6wKRSlmM1rcgOzyqTgzDtPkLXCWZQmF0w/1R0MApof4IEFb1ifqtCd3Qz4i
yR7QjFZpRxClWA1C4bk5R6tPDg9zHVXl96r3pipw3PqAN8CE6fwAcfDIUpJ4
KDU+RmmH+m9HQZzD66T7vUrpVX3MDawZEfsxpvenvcmlos4H40AIwE6xN9zi
WfqwWtS6dgJvn/SdBbUVts9woZxtgkC2hgiVUVJSsL6e/6b6MVIHg6KYugCw
my6g9/HzltdMNSPBfo/7y4sSidHJab8d9IO7RKoRI3vc0I101f3x35UdqC8G
1MlbVzslnSjEWoq54ptEc5k1Uecu+x5KQ/go77OjKb+H/JdVaMu6ete1DIg7
zs1HHZYWOPA09UyZe5cuUT5hmksGUGcnnty7VSccRmildyXfKJSy3uYTMcSI
GixXZ55NtNSgU7NG5t4fsjg9MGr+qLeUAIbHPG6KzPN9NH7Q8YVBnxl9+fYc
ckkkkRE7EHY996cSKmjVqHsYIYSCjCY9d90bHTyAe7hvynWkBtWEkbZ9FvK6
FCnf/b098xUyMTYkhk+DuelJ0uogPoj1bqIEWEa9dZynA1STcduTh9SFNshK
ik1N+oNT0fWNQQmU2vpwI8h58S5LEZkgNLM7oXlwXqxGENAM98UOxH4HO1Cg
9VLEKn31j68dh5tb5BTZ3vNiNgGZ3swtswzDelRjLFhXHmnQPPtkkTnYsEWT
qqlq6Dl38tOB/T3fFuUjceIZHptlzAIHDHxoBEmotJVEbtT7g8Y4uVKd6eT8
Jyt0ODfMKYUEznjgE7JYYMxmiIQNHsegkow3PrDIxXzETZoIDn2fqFar6fKU
1AxScEMPlBT3b1mxkiSTvJinx0wvgUvEfjTiJmksaXoA6W2qRtWd2ob3H7VL
vhAKUiRh2X2ovQ2gZDzmVAOfZzE9Pvr9HO5fSKqDivHzJrAfawaYRlOrU7Rr
ZHxMW+kOdeHnK01EVSmjVUCDzKKLgc91VIprWnOYpm3r+U2kJTy36RYBjh3j
EPcp1T3YjeIiZDwb4AdPk2qnCApSFL6yPCwWVenEi58M1hRvkoMUsL7dCYSL
dqD96F1Cjsinvtvk/oEejcsaa5/31A4mvEK9l3f0pGDyHqtUahm7KO1NMXmI
4rGwI9YxMIktVvdR9LED3ISfQmhODSlJd6HpWI2Mc094tTE5JSOLor02V5OT
3Wj+BdukdzzXggBgvJLlMckuj9YWN9VwCiO8XZnnR96eB+3lfoGN0pMaYVxW
M1Ofpn2aUP+Bm0JcCPpNBUg1W/BDYYshePJkti5H8rpXrZKVLOPON5oJCh5/
fzpMVVrK9c3A9eDO/YhW1gvT+YYBAmxAm/+8ILxXZ2aFHg9FoMHPFp12qq5F
pBVxNELkR0EnhIXc5gp+ikG/DETFnPuAtUAX05t8q9vY2Xp6V4QmNOjDXfHp
+aKG7PmIRlEsULSs5g0+qVEpSvoe92Mg4chBbu0d+NCvCJIeRTA7zJsdrF0a
Xfy25RnOdjBa11Q54dj+gM2Kbe5vbfB5MRbXIaqOA1vxigcs3oR3uVyQrnXr
w+0/O0RryBL2SPDiPwLRRwEqw7BvQaFrRkW1qgqySFTJZ8FA0CYEMGp/OxSu
niFnCyHskVXctKO6nXvqq1Y+emqycHlPiycc5diNEx+mFFl1936j8V0sKgXo
/SBo3gn+RI8WhJmJqXNZ+kgkJtS3es812tvcIySk/fBZk1Pi5bm5ykZjD3TW
WgwugZvx7mqusWGzZbB0w4PVFHPTf7cMP1AGfa2/6Z2vMlr1A3/0wljAVamr
TR0vA+gvegGcNYE2LlS26J1+no1P3VxNm4TBObHBwGs4uiNN7dkSJIkF+1il
ccD37VE+ePaYSZcgAfuGBvjkvrKeET5RHoW8UJdUIOexYEqV0Hi2MyZM+TYT
n1djqiFT+SMeNx8UEiRD+wdAFqppGsQHgio4Nd6TEx8fj+pv5n45GR9NzMmo
2XmuGHp+0k9us5AHh5fHJlLwS4DeHCAgEgySQ7umr9zis9a+CmTczLsxJOei
OximFLzMFp+uAWImVUWjtJeyW4UhyoSdpiJAXT1eIPzE+dcBuThUu/un0apz
X4MMvCl+7FVyrG7G4I3JmxmplNlhzESOyBCtHd09DcAjik/su470xpTJ9qd6
50+yD7eTqCEavdHER2OoLribzpjyIqMkcSUnI5+gj0oN2NMCkjVilo232205
x7Fkh/fNDw/Z0/m3GfCZcQYz87rs5sBwGbbUOFDebKZERC/gaV+QDeALTYuY
o/z+TPdlS3CVMF+6BAemyoqdblni/FYpyhHUPaPGxe12Kc/hptZv7uJQ3t0G
yA7TKAplBQ1FWZrRaosAsSQbMjPS7/sihxBRhYZnvwN6QA8yb2VQUZcAWcOD
IdnKBKY7mJjW6L9GaSNqDcydwIFd6anfs3GjOOppSIV7uz0364yFhOQUPIRV
g4n6K/cL9hwGqOdKoMdIpJ+YQlOKviEo+JbiEMf6jhflEfVapVPrkk1MfvdS
PCULkLx3ZvOKTHiqc4AwqfUUdE16lNJLTJY707FS296ZibIOv0Wcvfncnq6c
trfcogh4ivQXooyW4jci/8Q7gOAkVPYbOA193TSHbnN8p6GOWzGinzNVTX44
33MhmTR/LpjIMeWr5LI2Vbh9HlHh4wNujwugl4zd5XQ5qADNPhK1lL2EEjEv
u8WvvoSCiVgn4G8DT3J6LC9bYxf9CqqviiKAPQWFZ0Ihed+JtxTTzLh6sjp7
VK/NdFULGp+ua8VRYtbmCopcVZ/3zKoiBUlTUHZjG2jJtEL2KXpsx86rc6Ax
73Uejbr6VOupmX08m8X9jsGEY9NmY94VGbm67swE7GeuFQ2gMN14I7gE2sim
eDH7WPjQx2QRv0ZCKXWa22p+8NpVYNKpLJO2Hh6ZTahH+Nyn4IWkA3RIESXt
VoO+Fnf7sy0ODfOGrjlJmdb5WHBaAqf4xnQ7XnqZ6EkPcko74v1+fuy47iDA
z/1r+k+lDhbTa6kqgdh6CP1PYEuks/bv6tmhm0raL4aIdzJtfUjHECoWZbqf
32nwAuD60EQlKUsH/MRRM9+0rr8xtCypcky8pnnAsj3BVkRGGu2WlbzlgCAl
jj2CpC1CLB6Q5hnTGnCBFIJll80Hj0CEk2RMtCqp52zieD6Imza0Cqvj9+mJ
61agP20za0Hr/LjvO0BVtOpjEPGcVN16aVrZP04Mik6U2Ier2Jsor2ENPKd8
pUs/SrNUQooyPBvfKcVhubgEXs2Dq8qdjFm6RudbvslK7HNt41Zi+pG1bp9w
El3xhybHNXWVb5ldUh8/HDohHNIGSgHf4KWgzTzucUV3O+vbslrgWSkM0PyI
rW6Zi8VK72ObqFRVuftxyHubmXuJR0kdg9kLWJhGrrs5XHOqFVrirRwRWrp3
4xQGUfP2O/TiQsXg8X5QlUz/aLMU1wL6Lo6RbFH1LgODmOGGfIWIYmEEJI/P
1H5yk54a+CqQLZO7PNNwjlsLbDnZuSq1XL9EKKtmU5DKdOQCfnI5yaCBIieg
PT/NKOwu+5hkcvoqSLXmqZT4qiRTzVT269togkMeN4zlrqw0fGjGLAHMxBbW
it4X+BUO23LwfcNIAWGeAu96Bb6JxMjlJ8OcO0pNDcqKyipM8X334w7SsvsC
5FibPpkXM5fd09gNtHyPcbxPVm95VcUmhXO7hvycjDmX0V6Q6UD0GBlMkQZL
dq5rF6Dlk1JpmxPNQeddTaN6Ex9DOpvKSWoLXXyIKUSgaD1x72Purp4NkK+C
T3wVZUtipzkAOrBWQ7t7Da9V5Q1Dr26TSz/7eiYqT9uRkt9kzMUNOgfVB9wr
H9eO0rOPQA8Cn/paYkDP2AhVOm/BulE4fPoqR3C+gjTj49Pxp2p7HjREZNR6
u6BgZ6xB9yceUuhjPZ/UmpYIAL20B+J0WYbI98glTjWuYXohXnHaUGJ4JVk4
3I+7pAfkNj0LZHzPV2Bh7kzvordUxjjgti9Be+P91A0+5tMbNFGHXiLtyVA5
U5r7GZCaMg1YMRzzStcq+d5LFh8mZPY6+C13ZgBTwWPksb13Gdg22Sk96zQQ
89udXaEpgdOmcPsON7q8cqgXmKek/UTCtDYdQrnM23kBPoLbTb3Q42A/PflB
gMGxzgquB6iqLkrlXpnVic5O4S3gvcjeuTsez9KWPwj0ZjnugIANa0yz7IMg
cOFsk4v8bCURhBGyxxdd2jW8DMvqXZs+GJUNfhefArlrYbJRpVK0MPUB6mnN
rkIQzVl7Kx92IN2S99H5AYeYH85OPjhn+LB7g/j3KkGbGBDoVtz44cMZzjOm
gwKIX3WyK5hZ8qgFqcbnCmEu3pSg0PIblJGprdDiC5XC5V2RZ2MMSoDMh8qB
btpPFXhwQLa89zlTHn1wx8rwYaspTQx+el9oD/R0vLFWUGckbA1xZVLVEiNi
4SZQe1yhVw4Xljpgkm7l2Ltv6y0vtJbZIopQ0cmH8YVX5O4gC9UCl81WTkdG
4Sp7ZV8l5XOR++gQRpIBgfXxaU2nh2+WE5t5FHEcmYRo2i7m/d3w8lVGTOex
2eDxKo8GVVbN9RbTicj+zUapExXArdTrqpaoYnzSeyiskgv11NFeJWcjc1zO
Se9cw0lN0wpYeI0ECZXDUKpq8zjZD7HNIhCmOMXifsGzu//47Ljj1bMribki
i6oZPtCxLNF6WUeFjdf6jZ43Tb7SYQrZI/XM9ZUDSBChJdgrvM9L2oShyrF4
/8h6ecc5BJXHm3XFjdEpGfDjjLvj2NP6bDI9zhDqkQvuYQBZTdeGQRQvdnag
WuvH13N12HBeSVvM+8udBDcyd/VTWpvEH4mupYZb+2hAdmnzF9NLwF4Ibqw+
BtF7dZno399j2+3cQ6oinJTWU83R++Wc31eAWKXA0yRfP/TiJo511979Pvl/
2buvHtextDHU9wTqPxi+JQzmdGAfgGISo5jTnZjFKFIMEn/9oXaH2VPdM9NV
nu+zjWP0xQ5dRVFrrTftKj6FAdIkioybMZA3iDwGRsiEi7Z3P4feZbwqIznL
EUq487xHQboqw66IkKRCFBX68mhB7QyU2rU2isBRjUuwgkiL+40D3YZXe8Sk
qs9mED2E6sVl4+z0Y0GmazoI8utVn1pN4WTGAYYSES8doy4tfr6xc7iZlaMJ
w+1emLIvuxc3vdz5OxzPvIqJ125q5Xv1OuX0vF4RB67OAKNftDnbjiSc6N7q
SC+0vJSBv97z0j/PkqHAfZc591UXhGaug6OdmX2rb04BtwpX5WoByZNMzmgR
FJf1vM7wVeMbkEDy1eaHVWOtoSAfBF6tWUBvLmo7+NE60L7Y6TqarSrYLMAM
kWzF3SdK4jKQ0YZMwpBQcF9Nsal1ij3Au2pBuTW3HB4iw9bPjOxQM2MjJAXf
bUgBqDGno+WBpWPoIKTZBYod6BMJjrOhXtzNsFV/KhmuDESHfc2puyGXjp9s
TXb51dpBBlDccj3CqGDJC2iN/utV3iBl9agpN26iEuOSU2xQsd6PjToGqOVM
nYPuAeOZROE9GZ9E4IbhMNXQ54eRkaZ05q1jRuzUduu7iWIS5t7FxXahUOvU
icj+jFEEVNH5wTh4XGfd/Rg4fGFeA3Hq6mCHYqyCXk+rGYcW9GPMI7VEq0hd
wazMP8YAbjyGzjRBqweNXXsGZxTGcYBULG7Jg6LSsLPvknQjLa2yX85WcMY8
JWJYrp0S5ti1I+fWZNdlA7GqpJR95G9HoeqfwKuzaGQs75SMQs9zhFDFVXqp
66U/rZvnpsqb60p67qUl2F5pZhlgQX7cLKXLJOTD1/AoLOT1qO/460j3cCu9
rIx7vtJUn8ZnvRHtiDS6niiG7PBuw8mjB9oXy593vCDcuMHZAvBA1vVfjhSj
GM8GD5lq6TXEsc2e9R62iN1peBVaWlcqKpqZnKQB8WRkuoTbA0OrJRIo7qFr
P+E0oO/mxDGKdIwS9eOBZGykosRRBxC0JLESLAM7FXZPMN36HuF0VAtpMfTL
A3DlQFjLKRumPH3Y3fY6XVYzaoQXgSq9Wif3+1FB0CAfNizHSd9/TF2Znhhh
RZEgOcoQYI8qLswlf+dVQ5m7+wa1+NaC7mtC5aO2hcGlK4LG2XFFi3myuCgO
tJL8GHn0417Ymw+MBtKW65p220yeiqc6vDpE0XW4SVriJj6dRnRiLS/5yI67
U3NHFFu8Bzo8zjfIhvtSBwrIKqrL/UEoWr/fSjNoiDCTbQE1IAJbeIUQK+nh
vSixj6Nj6rw5YXq5Poy+PPpV5hIPgGhBy6027HyAhl2s2lKQTx6ND/h49fgo
e/HsOGI409/jmQifyfmeniNc3OLqdpzuCwsC1CT3p+xcTOLNRuJGiOdemlrJ
R9UwbuiraT0SS98jQTuuitTOfenaDTJaNyuTfZHeu0BbZ7qxk1jb5Fm3iqEY
CNA3lcFc22yhOyrfb8+COhNYUZk341KzfdPqrA52nCkdo/bRoUiU5LMxS+fy
aA+mn/kVKXGn66JPk6Zd1loKoU0EgwSZbYIbkiIQTetF0A2GFIxDA2z/Cr1k
eQrjeUe82IdKh8YfAmw8pxOVSDUB3sXkwj4oXELH+6T6y42zoAtrXKkJl5EW
mEAjr1Z7QQr8fkzYDVEus4igza3E78J93bPCcmQs7ukI6vWa6pfdqptmGCpk
y24bEgI0X7tpaliJsBje9ZTiuziUylm21pyWlpCN18ppsysTBfGskUpx2sBH
7ZH0EYxeksIlUD7ax/2mYKDAP0Of9l4uDRrLBsEw3Em3TN7y/iwYy9z0LUpM
pXZznTU7sc7jGGkGkH4CU7orYz5eK1rXIVnDA9uQCUnnX5IY80Hin57LRCqL
70D7GLnHCWiIY4LMW27JtX0IUIASNZCRVc3PHoxlStJzx/XhkiA6uTS92rbc
7OlPfJUR/0IrsAit823nFlob9Y6JZLoHQPASyrnpQ7eHCRXX6CFeNTYFnRW+
nvobF6jPRr6QIe2Q+j31H5u6i+59tSgjX259cquB/OK49z695YnaqOxG9Kc5
gR9kaS6rUsLsyeePbjLKb7T9vNN48MboTKzf5ZVwZonPboCOOQq4Or4bhxHG
WZLAUeTlRkbiwxJdnr4YO7JmSVXmItOcrNhjU1OpiqrIGqXq6/4GSIEdMO7w
ulDyUmSofRSqMb63EHEUrJyrp6sA0mJU2mxncLLZt0y2nly4sR0kQ64+ygC3
2Do6h2M+4TztlXODBVq3haLQuC3dQdUdMjNpe19gTm20wTas/ZG46SxoIL3J
Ohh1wEK8oJ4/U3K5FohseOZyhB1XVlf7Ohw1o3NF6mYeh/kxosFpJKp1lkJ7
rMCGWe8j9aqBTd6TAdMS89pmmY8ipVjdM4p1SnqhE7YUmutUgByT5rXMzw0I
BfutjZYQeu0rTV9vIaBuWThtDSxpp/PVfhiBebtfvGfV5q+CvZS743QEtUon
nB4fNoLcoTgPDEe7JiKTaqoiA7l7o05CiWt1p0XqohkPtyauVVJP+aQFN70M
wcJrHg+sS6A5SglIdEBJw2aivM/QDq4Au10XkVOJamo7dZx30Z5g03iloV31
p51Wjlxtc311hqj7nuNwfH1i3L1vWxVyO8esBeCBhfhqiyla95jKJ1tGdjnG
ss351kRdr7UCJePB+ZUiuDrL60bGXnpeI2PXLpOneNkGSD0DbWmra8otgdFY
7hglKkPZj3LNzdB9FDLXoxsWjh0PP+o48xIdc3+4Y6EiYmCNCaA+JURoVD13
Lpc4tG55nkygT4jPY/bIjoHdqU7cc1j41vHVSHA56gJx3YjjGs/PPAdtR3nP
whlqbHeFTjX+6lxO3fW7GnNqNQfcVVisJTVSP/cvyFqDt/OziBc5fCoCFKb4
MdMA5QW69FchBWGDwqDCaHzIEqdLf+GgBalz23QCL2gEFSO8iJOfCLQtStiH
PB/rfvTCYUBS3s+2Xbj6SNiuYaMdbV6nbnptqwjKgrXKxo5KhM+++Hxo7fGq
EdedZ6l1cZALMeQLIMBJTHolo3plZyNoLCwgSg9CPYnayeBN+IGeLEt5Xlik
saMbkVzhKR0vgxfwfRL6R0bSX8dhto2ZsEv3aQlhRZnX6xLpHDw6wzOBmPa8
30ls7ofNIjenQEDmQc5NN17S8bxsHHAnnRUsrsbokv7VwWgtt1QSqcqZ6U+X
y4Re9jRFx2hICeupnGEo2++mYS/zeC0orcOONdBW5cbWPULyBBh0iA6Vo8t1
Ei3aSwGq18vdF/Mh1I1K9GvDnBWTpJ8tEfCXW949du7oD9xaOCZuKL40+dnI
zKUyWfSUSpc27a/DllaCeUtC8XQ22+A5DhRR4IkWLxLV8c2amQCJxZhxoUNX
H4Nb8FpSUrhvcoWEcUSrZ2pX2Hu7cNmw8rWIcd2yGaIJE6uULejePNEY8PVL
juGK96LfP6qiCDtcw4+ZL6nr0ytYzvDzGPeMy9lueseM7WoqjSC2cBRzo2Ou
sp8ekBCnvYQSIYz7uQiUB1STHeeeJy+/n9gjPVNEXz+MIhtuSkA525WxOyic
417NZ8M51QtgpXzZSmPYaVWOC9pCbtqD6tFSHs+sBof5ubskp4STeORaYU7v
3iOjaVTVTpMS46klAFLi8v45d4QQ3rT9ij639v1kOgIzpwmPAvQ66FRA0FqC
sBa88E9s02UnC7jUWTyLItwaoEORPWtn/Ca72yNY9dQwSVB4sugws6lYLTr3
0M+a1+HdMfNU1FBmUxNXT3HKGJ2BrAXQEzkZHYzMxbmOH1V48sjbK1vgmgvO
Oz6h17Al6XBbeoM8O+dK6B4eCQbqORFUoxEYDTCOhTPbeuYXncHZZz0VhK4t
ZVzmTERxl0ZbO9/rmTsctQwXCqx0l8Rz4piRxTlNWFyAKH56OBFvjiqbtElb
16FzeOyFPn1x9O4V/OwgTjP5rXHijgxaLI501Vgq+6I+cxOfU4D3DLGxm9ca
P+GLDl/ndH7CeioajDL1eXLRKxCFDSFq8+J2lkmqtT3z4peLflGhUHZxYMsv
oKbdCuXEJKLGhxl5vSWYEmG1X0BIv0vqQoHWRIa9BtoVMj5O84xcT0Fl1lvB
kDCAJKCZCKc2NkCFFoSpSq6GcrLEW+kwxUmA9gaSGRgqvNF6ViHCDoWyncE6
POMhWwTuBMD4lcx8xa1G4mXQTTBlnkm4fARnXkGXq66hD+Y0+53N2uNinizp
6NqLqgLJpxJmNyIFkPHKRU+DlLcoRVbqWAFrvlaOf3SpjBVKkPPcukZbVjnR
ikrRe+Hi7ODzcvOv6Kwp4g6g0ktJSKNpt61po1VCLVYTrkZL1ZqJRqnlZeVx
Dp9q2ZkXsbJtM562dQ/TqZyOXhBpAGPAYy44NecHfI6F087mkmrCcWa7R3m9
tBJol81ZMMvrQmRa3/ZXtVU9ud9//OyEo9QC/ECad8QG891t9IEXu9vFK6Xp
3Fe3IJke6S3KR+56/OeeV27EoxTLphfY+2L71MeRIYCQ0Za0OIKDZVcetlg8
TwtSu2eufDdWXEuzVhxtOr+Sy4bNFlKOT8/05cF9XNfCB40eeHJSynPDxRrV
LtovQS00d21UjsKJn2i/ycpa3hEIbHiYj9VgGahAut2ranz/OClfsSeAqFr+
yet29boaKuuQzpV+GdgcnKMh7M5m6SGhhukubLmoZBOIlQQjQoLtg2vyq6gR
CQDXqzUGPXkf+MSCR2PnGnAcb0rN095+EZu7QZLX7j4/clINy5RCnnfiOGBU
R/reeQVzgHxVCsgYKceS+DEOjKfn8PAvr4R4O1rSUIjtvewSZ55BpFpTk6Vd
B4kwrfUzWuIMEwNOr0d/zwVNTSXpXGfesJpu0FArlG8tlCnIMfgLN/vROx4l
4Yle2cc0jrW2YDMwutVaB5B7dlmMJKO0yb111byQbSCLs1NOylGC1DvvlrXU
EyFt0/rCiop4SxoHX/REQ8T5haFAIjjnfdBGR7PLoNTusVV3k/taL+Uava6L
WsfRoz31/lhn4HAaGcUrnxX1VB8SuKOqNQA+bnG4ju3w/f6kyCLSBbe46PWd
MTtafS2VcA7lhA0HX0COvg3tkPt8VaRYpDZPYUdBAxblpjr7bBAO8RBz8EpT
p4fc8kHDabG98MkRrRewz5wMw7GXynB6EalJ08fhzEEp62cAmm4iW4Lj7Qli
BFJmnZQRGj1bHOPj4gVbXrBieQxcwu42wr2AE8Wq1bCCT/1tXayGBwz9dVey
x9ZJaUa7gZgldGPpc2wawbLcE5/YkFbEbokkVNI4X0AcKhdkuWJ1CaZnGRuA
QT3t3rJGkhZOyRT1poAk2NkK1yd/bHUHgarGG7ftZVGeS1LkTekp1uaimNtM
iMdKEnh7r0aoNF5Mq+LlPA7N9apgdZtrg34jlROKJdVthWxbWaIGdLktpJaT
KtJFP4MCDaNAdKkSNe3dKuO9KZd01JoedZyfY4scS7nRvDybBlp4mDL9nwBT
/sk3rf/vYlX+9t2//5uTlW72R7LSjd9kJSr/E7Kyy/+MrOzMkywrt/8osnJO
JL+PAoM4rmT8hlp9AJp3tFdvivFXevGrV3wzJgZhSX8HTn4JXTz2p7XX46O5
BJVLU1LWqPlz8PKNeb2BQQ8VYY1jXzp3kuJAfuN+9fEnh33q9fDU+WHTb+ys
8972phF/wxT/GaX4BoL+hik6Iju7mA/HoUzKooFEx/mMMOv4/WPRbkT2mWt0
f2LxEMXmB4O7sfSv73X+jSL7Afu9kDpB3+vk41pQbVrwN7bu2Ivg2caoWOfe
6e/e99/dj/CDB/tTJPQ3gJT4x58t/vOVfjNof/aab1DQe69FlXFbeax2aXf+
7U1b6rVQ6q5M6i5L6vx7LzSXRXSe/cxi/mVO9E+pRiJ9v770C9b2K9U2X8Oq
jflHGf1A3+wq7RtGrvXtA7hwMiVL1WY6Sn0NT8PxLm4/CLAbPOs7i79jwPEQ
UfN/f13yZ0rzB1n5B0zzH7CIn0nNLu6i2wfw2+vFx5//1ev99mppJy4pGr/P
q3jsZmes8RvX24fSQJV79ufQ5z+EMT+ATzQmddxT+Y7i33KBFhyr+f7M8L1y
wi9r1P7txH8A8vmvU4C/IJDIIw6yKsIa440T/gkw+AVc8H3FH1nub9f8CRj8
q5Tmcar/BNP8CqX5plz/iGl+hdJ858k/YppfoTTfZ/KPmOZXKM1jHf4E0/wK
pfnOk3/ENN+U5u88onXUkubXPOacfiH5jrWRb6cfIOyRH76DbgZHFP072cw/
YWuPqMKzXxHDf8LL/oihYx3+VRTVzx9XMo9ff4U3j7Ngvyvem0/8QRT+QnRe
33gjj78J5yZ/c8L1s7mGURmhzyrFdEbuftsDZPt5Z3+qFw7S/L7O9Y8rHB/5
oxL/oWf4ub7/Am/+tZ5hOO769PrBHR/3fGQl9HhHR6Y1f4q/X4DcgY5q4i/3
Eu97+PvXMjnm9q5Af4uP94qx4PvKKU8c0famO3/wnT+Yz3eefFdXcfklkxiv
Iy8eq2SV3ov5kXWPuvFbznhjnO+zUHrC/Ob9sGON3oRp/6akmC0O7DffXB2x
+PqBFHO/ZZRf/l67saX/jrbzqcqD51EJrF9x4Pe5/wwf/8we/909/BJxVfLG
L7tfCM8fcPf7/66pRPTveMjOdhWh1fyjAt5OSsa9c5W//xq/8vtUHSe89M5H
ZpL8+lf08tjn47Pao/Mo415ZE+eXyI6PmIh768i+v8TpL7xoVaci83eZ9m/X
fVeauGub9+tfgyNOQ5uQxdP6jtP895wlHDVO0X/NzuUbYm33I2qr3JHLX+r0
z7uH09nZAjUHfncfL/PX6P/x+1+50Q/gq+DoL9wo8q66P7jRH5V31lx9u/x5
vfwDOPo5b7yB4q+Bo5+50V+r/xfA0c/c6LEOXwRHP3OjH8BXwdHP3OhxhS+C
o5+50aP6fxEc/cyN/rSb3F8DRz9zox/AV8HRz9zoB/BVcPQzN/oDD/8SOPqZ
G/2BmH0JHP3MjR738EVw9DM3+gF8FRz9zI1+AF8FRz9zo28E9Wvg6Gdu9AP4
Kjj6mRv9AL4Kjn7mRo97+CI4+pkbff/rwdfA0c/c6Bta/Bo4+pkb/QC+Co5+
5kaPe/giOPqZG/0AvgqOfuZGP4CvgqOfudEP4Kvg6Gdu9AP4Kjj6mRv9AL4K
jn7mRj+Ar4Kjnx/0/QC++qjv5yd9j0z7RXD0Mzf649+CvgSOfn5E/bjCF8HR
z9zokaO+CI5+5kaPufuL4OhnbvQ4D18ERz9zo8eZ/CI4+pkb/QC+Co5+5kY/
gK+Co5+50WMvvgiOfuZG//ivav8KHP3MjX4AXwVHP3OjH8BXwdHP3OgH8FVw
9DM3enSDXwRHP3OjH8BXwdHP3OhxD18ERz9zo0fl/SI4+pkbPXqYL4KjnzPN
8S6+CI5+1jCO6eCL4OhnbvQD+Co4+pkbPfKky/5jcJTPKcjQNrc5G0NPyTai
I8/bJdE9kB51OUaM4cgPrJHWO8Ex/xDtON2g8xq6ORaD2rWdF3ElqPjqrUfj
mJdb/gFcpFtMeOaVEE936zkIELLe6acEer7s9ffMhxD3rJq1Kk5kEsdFgUD4
ghtifoo2mXmV4DEdqEga7eAJTR9pSIo8K9XeBJHWU79sGTi0VNK3u6LwU7iu
9IlgL9lZHB6vy8Q709qjzQdg7im5PCpcWR3smueEJQrlnCGJ9WSKJzZDVnV6
9EQj6RyIift6xBAbee0OL/24NvjZP7I9DktDBYkdtuzGc3MtDJp2gdoeiNVM
d9hvT09fKr0rnsWIH/rvPsbeEdOebw+SFKljL4RQaV9lwZzmDnIV3rutoTRR
BSejN7CvT6+QWUevgGCPNR5mvnIv+GwFXPSfwY3+868z/qcLpH/82uJ/AkT6
64v+nUf68U0x6D8SJv0JDfq3waT/5d/ynv9X+aR/tyL/QT4pBtN/5pMef/3v
8EmLovj1gsfvvsdQfsU0fX/d/NjJXzbwv2W/RPz/+K/Ij3v4XtB8Azz9/XP/
r3v6JWbvA/hzZ+8vqqj/zhP2jyTVf3rAvsClZrf1v6Tt9fH4H/+1+rEy/+3+
+8J+uvp//aF9Tu+c8b0T/N+hXz77v0PHq/6/35Raf73a/wVb/92H+0841981
1y9irkcA/Ia5/kjf/xdz/bdhrsd6/odiro/q9S/Q1uMj/n8Jtb5X5p+DyP+h
DCvDoMS/S2HFcPR7CisMY39dYUVg/F8qrBiF/SuFFSfp/zUK67Hh/wfJq/98
pDjey2ds9U9S+o+B6Q8zwj+clKj/5/2jC9D/AsLwX+dV0/6PvGpav3lV+f98
XlV2oZdwo9jheTljQXbyGLHAypww45egnm/hxt2B/OkLsV2qHdoh5nlNacfV
cuZx85uduZxBPTEL12LsyN7A5+3SrSrYbXfOLNiCsXgu2AA88yhi506+dTFf
UEeCDm/Z83p+5Q8hx+erUPcyTPGpVBOCMQj0UnJpPWH4uTs9ZFkTAfCiKRZT
uKEb1XloJWFtwnJv1laDSOW5L4ywnOXU1fFQYCFBqE1nulfh41aU/amA+e6Y
PU4Fp+ZU4ZgGOQu5CfKy1SyWH8vTKc6oAux3nWFuT/1MNXcZxaQWPHFa7kyk
jhd1AZT6oOHzUtNB6dLNhATkEyNorLgMfWA8fD4AGVG5E7e8KIlhYUrohf+f
yqvKBl4R5X6zqePFCJoShVKoXdgEdNpSdr04mW0Za5B5yU65seqjprMnIb70
VxQ36mJm442mqapaV6I/L7V8moULlu8G6QNb3MPzvvfLqIcn4XkcuRGscMq/
Vp7RlcQ+tX508kviAiNrGJr+IAd1gOLrFg+MhVR3ALZGiYN1edYMGrHvm8SI
brnOkv6EFv6BUfLzbPH8mUb80VkI+JQsvBCZJU96mDHvDQcsfhswV2dk4Ucq
bbeESnwt6+RBwwoQPHsBD0a8eu5jTIdpAV2geYrcFBuKm8fYcqcOgFPrmmr5
khWFJUw8woSUvcAJn+oNx05FLiNRaj3OAunqXHoyiBXPHxY18S9ZbffQffOq
wV/gVaV6HNgNFDICmc73PSij9ajvbFm1LBC5PN7I9arDWoq4OrEhU1YqeDVo
bkieeFH2zFeO6c2lROEwasFQFRy8CEiYg9drBtcAypIG6SbK8JzOlvjCZofr
NSf1RhG+4KcIjugFg+EHddbV4yBaoiqy+3rE/Hxf0OXisQB6V6dahU5cZNGM
tEtr5ci9AWpPnCLOFd0iyIn2ckyZnjL0pLDUWIrocTW9zrb66Gn6gAi7Mv7W
I6+Cph51PPOhYeOVfmkldSTpOSQgyR4svRLZ+DxF/Ivf11aixLPtW086VQH0
FOecIKacn9wjccGQyu8W0D6hui06nTpTYp4ZfYqmo6G5V07xbIEcHT19nIrn
IOkC4Nax4vnzCRUfQw6j3urvF2sdFGbITuRwq1T7cRW8HME38irfy01y6IrW
lNsiES+x7WqghhsJf1hLi28ps5+l1sT0GL6t0+pxz2vJXC4RNMrYVTFqSC1f
0uuJ9ukS3R8ksuFMwwKk5fSreZrTwZeOe/fbbnYcgn2k67n3xHSqyXMkX0i6
9DNFJPaApkeRGg1msq4aiU4ioLUz4YY76V71I6HCFoJbIQv3UkMJx2j1YnKC
7ReUNzu4tuNiqbdhWfcarE5z3uohKAHNkyro8+3qxCa1cWyzoQhT9lfbSl7e
yl8jPmhZB2z5RG3gOgT3M4a5CCNC0FXdiHKKgJFNuQs9hRFJEQS7JEXlNciz
W2y053NDVp/QCC4TdPKqKTwzDEXTbstIZ8XnRt/bmwtgkxvraS1KNqNHnINJ
fFrzTr7qIeDAyMPnWLGmSIy7l0eeVkepUjVtMLrdmnlaw2VNAOlkMfyxevDo
NQTmhMKc9M/yfiFw5WXYp3sIise+BONNT62sjcCbjOSOMVznUMi1yRUAeddv
XFQ+SaqWsalkH9V24o9DUoX92CZZ8mIgWQkeXRG1fXVbkqyNoU3R+d7UE4Gm
J+Cub4ScpryN1jphrtbDVqbOLDy+EcPTbUBVw/N15YWxwZ3z1AWHlGdvg5cS
KR5QUSQ50CEJxeBuK6SzSt9Ce+fvCKdJont/nGcWs6Pz2cwwXkdtM49aRIwC
WXstZzeJT9RjUCUgU2y4vGukD+3350C9CGalXu2RtdeRBi+b36jlk75LE2ua
GWNDlAPX7fh0Yt/ZS1kIWIAprtvLp+T06pxJsToqS5lYdgfW19XG7dI8u855
ynvR62CoMl3E1GhJ5LNY7I3qHIMb0Mwi82RorYDs1tlGF4SRc1ZmyLkhhdcc
LZpduWRFRc+TnMA31czRI159uBbHnh3ZVgai6hh4IwtDHUWK2cK0EHA2yZJJ
pKcaJGT17MFNqAwbP7mJs9STTWaNKFsBJRaneOMFwNTdmJ4V2kcFhC89uORR
W7kmMSiqV5hn2cnFM/FB2I+OU07caXpls4BYPWIdR+2RcShAn0WZqWiqeKbs
g5wd15h9MtPkozXluQVtToEq6Fc2WS6UAF8806cpmA6SUHrhNM1wAoA7i9Rm
uhtCFTxB2+7cOvAs9kfsgkOqaRBlQ6/eJ30K3qKH9MKs5Irwk0Sy54u1y3oE
LJdZRY8PIlX+qbqWd7HuM+6edl5ZGJLH6QQ8PWXrfmLU0EmMh2Et59PYMiwG
i21cPROgEbQoPibH7kYzj7azy6y2yIkgKWxCG4nlCRJGQq2aXZKyHtPJ0HNC
DJmjyZPV7No5EXCltzxpNX66n2VapeZ+UW4nUxZhaGVvit0oKGvz6VIJ7Nlf
yIsRYiCcvdrnbdMbm4YG4JpTmQzaVlC2DF6STYawqkvdLy8WN6/XCi7iGHai
rbPhY530mcLDFobYoNRgFZKWXgbwnJtOnIvkm3fNEZgR8SWH0LW7INtMMLDE
3mOdMHBaW91aGyhKjVRkI+xWvG4B10sdoJ83YngYgpD2s5EuzdJZzWD4yRE4
pn9GKY1AzEdHluQjVtpruIg7NiAN1YWeV2ejGQOumXeQMl6SqVlkNoSRhCyi
66PD8yjGlRqW1gB+xo5vYlkq1DDYBLelZCDa82tzzDAakNjrk++ZcTjjD78Q
S9jqmLPWx3ieOLmZEM8cahKkmImbuZKYCyFzkBPypRnttnHVxAGCsbo1D9mU
VrSfFn1orpt7ycF2AjlOIPH8XnCtQUa7QOzpk4n3I/nePKOtJTQ9RaFqAzBK
yw1zfY31sl2iRDwJLvqact/FJZUKe6wI2GY8eqHan2EZ3tASvms4WY14OcwQ
D0HA04WeOiccPcHOVPEJVtntQojsVdsT4W4mDnl+FCZb3uYq4c7ORWNDAwJH
a/YmB13n2wmITiLxKL2jYbgMUXZZiGDsFyhMzt15vYHLSdYHN2GdCwHyBNOl
8uZL2TLXCtxugexaDXBpbydry8CLmKP2cAwoKN0/5BJ86Psa+Wei7Eu2cxiw
7DbDmMga0vU8dpVczsZ7Uyt3gKFTVsFvhr3myMuNljPbn4bn1hK0bdxbUDpJ
J9gwUUIP/Ad8dxcnJfT2NSyFfiKYqq4BR0+GvJZUNDk97cJxpZg6ZbxOgceZ
IzprmC/GhbvrVsAsSdNWl8bznNbLr5t9TAz3qAHErqU6L9A9E8VMweGF0hjp
mrxIj9h3iUJ7DqjTM5RfeWEfmhwroJTUGrgfLYyHcqoISNTV8Cgp6DvwvkOn
AvSP9GbL6iBukeGc2WvdVcVtr3bcGW/3TasKW79jtRSytIinnQ60pjqOXkzm
bW6f8STwJLNDq1evoywzixIZwFgOxrT54PpHxZ7UEQpPe3PkfK5VQfsFAtMZ
4jENtdvFPyd5bQQ2MyZLx7LrZhUkF4fwK05p0Q/VOGMeptNjFbGQ3pJAMNK0
EAs0pgFfQ6LNEDCWSBS7IMuFvohizQi6ylwIU2Fut37POVE9+3WR2Sh2O2I9
uIiY5diyDty8lymNj77l0FcJcSzSxW5X9GpJTpt3weMqo5KCQWmqFi5yr2xT
JcpxSVxFpycrmzQAhMgNkeQirCNvaX11QbWjYTiqn6lubITeleYCj2HEkQpq
SPT97txtMt2vaawEpam2EhBmolhcLDd9VSipHk2eiVP8HYpVKL3xFh0PzlOu
XCqnS5lGMCfbGtd5UTk6Xffkhq4sED/566jdDeQxP8FsuMhmHdzE6eitAm3b
U4e5XdhYP/N9GBF4S+9GKB0lYrutNTxjvdwC+A0SrJB0RCrAB2ardWySsolp
01a927pNZMEJ8m/FcXpzkPGyG4fnXR8Oj8x+qrDX7UCvQHkNDrH0cC3Uispg
1cVStaeLSc88pZEtouluFQprXRTg2Ze1M9Wa8W3QNXTv854DatyRqnW0KBpa
S1Z15EfIGS+SSoyIPgngekxNzhDdLUxxl5W+FuSwkJrvmF0tW/bTBAGfG16+
A7+6cYaas1heDZnwdN7iJjWkSp7HBdgedGrGBwzXDey8Gb473XbC6cfaejYz
MIHY1Qv6zEor78x2Z8yZckydQI8AfclZbNu/wpQ4quGUXCWekiOjK07L1b9c
WZpTxhCA4PVprZiI7UYnchV9HTq/s46esJTh2C4eAzVDj8QFIfFe6j7zDJ39
TjLaNt15XaAoBHAFE1NwDXGIojWWF4Lq0YRxRTnCBJ1PfPJgnqSGUGhv4kFp
efxLYWwb3oK7cUxjY6sDaNSLM3LbHpJzPhqvFUNfTVKcx9Rc6qaNzx0ydA38
BFHVa9whijf3Cl70laOW0HxKjQPQ63Lald1qQ6yIo+Rxvb0UlVisp16j0R0N
XO1hikJTwk9HbYkbtnZcMELNK9a3fvInCHBf0PN8fSxOe7rq4BIL/jAZ8EvM
5C0WqWvO3tHXDamRVt4rAn1GULVdUr4aBvgSEld6B3y0fGSWpRCig6i1shcP
uH+oxbOxOK3ZFZPLXvvbeL96yzBLq49R48CNp4DV9sfGtBhA7yeidCWeXeW4
KS44dNaOqQCJ08dzMfduWpmFMQYHb20dvyzS0d5U/jXsTdN11IDiJWDfjoqS
ckFVKQLhTRX/DLj4HPHd6zQ+G4papB6hvd2zLISaKRgS4iXXZCu2L7EEUTAC
yNJ1SUC9jcL51JqhmdFbxT0ykjJ8px31RmP5ZIEc0JhoC1Lhwfc5tNmmMcGz
4lzgKxCgKK4IWNCL9bw2KbnyJ1l4glZ2QV8b0dtUPIDh6L8GcTiXifeqkjxw
E52uRln01iIDOPAUIZtH12vA6QhhHDFko/Hmla8iP4aPe2d4yVIu24vkZO/o
8ttNuUenDamXS1mGdwYYBafnr49iiYlM3pdAfz7tTe0hae7EvI6WApcI3R/L
/UxL2olKzvoykS/Br+K6MtjgCTRVyvPogILkuhT7M0ku3bN4SPCq6qW7sTh2
jN1K1G/ENSRvjXXjzZY+362rosUEi/k5UDJsfnT+Y3+i7u4O4XH4oihSZdhj
G55OyO8QwypFJoxIYh15zmmzkPGuVm3IFXdX5RnYiqVdsyeeMGI2jQMudowP
I4t8GywSfr6u1eSAeXOqTbelh3Hha0QuizwIYuuMwqTvA2kFMZ3SjYqmLqMu
NNXud6htPRJuW1nNQZOwO/XyQtIPNpvUCJRws4KsfZDuEgrXCgmEpiTzqHMW
kSJSq5FO7mM5732qhXPB3R/oSmQTFeu56p8kDt5tCA4nKBLPXAAKMJcKgC6T
pjKFyVZj/kBOkkCyzXpjZurE+SUowaiWVFCquT3XdnlyDY9BkOJ8jEGwWUzy
cAPEo7eLk86jr33ezoLrTGf8xGv0vY/LqrKsE0jur148U8hue5XnxFKLNQMh
KVDY1b0XAK1uNVevCHot8CxjW22+h18XckSrxmyMXakqb9tNpeAwswqVUywY
vun4u5OGCCZ1LA/YoqLR53F1My7029cOn6+pSlr7i7BshERLES5AGWYp2LJ0
Wu1tNV7vucZO4IgJ6QrtQMAF6g1KCXtwHyLpETNCD74bxXfFXMJqb4PSNlPh
SopnGOuNRstC7hHdMwySsfNoO2cAvqUMuvCmlAo6A+6rj8vClj/YQm3K871I
jHBtMUtusErPqlqhYxi/XATDrXgpvHU3F1CfYSGnS310b5JkPhxObuyrBd8v
kWw1J5CXX0KmnNcnGvECbInBYnf40oiBQaBaeY1w4EE63PmRi+nux4hXgVmo
3MjsmkUFtU/HFBEHL2tAuz0az+ODahkduyzcZepchG2GlhSAfCt1sRIMFa12
7smZ1qpyBvGIT9lIeWE0sdq1fVb+bpoITjv4KxrEJ2VjlBSfTrTWrUDGnQUn
l4XQAvUGKc2BdOWypyFYkVKxiE5tGPC74RjzvZJ3gxkwV3x0t1RDhyIobtkN
0HDrcsXGamV5B6ImH0oXWOolxPCuml+KBIYG5E0XzvoroGn0/aPMYB6bjI5+
8E+wtmVAPCU8K0+r2J6PqlM4IbLCS+dwAnXFb33H9MzTC8zVkARkl0tJQV4Q
0qo81lsP0qcZHxhIhcLH56TEdx3sJqfZzTRc5OGK4yt3M9JXwaW549Sc4fio
aj2O0wDfuISjziLU8ke3flJsGunTdMRY9MZ4yqOCuxWdzZn3xUBQCP5i94iQ
zfqCTOcSP0eKyOKxIMQsy5mDOgH+uvmtdI0cQY8EiMNX/Ty9SGJsMOV2bkwN
THNxbffnS8MxEXkuMTwJhfdq7vLCVZzOAjJpOEUAvRo3y9UF23LR5TkhhI2n
W1RjpNVe3x3t5XnLZN/eWlWFb0/+SM6GyucFvPQAbh/dggH24b1LrOiO9aAn
n0arx8CEoc/4dHJfvDlicNXsKho3/qPoz2pOBCz5ZAjb6oB9WvaIuOK0uUhs
aieSN9NGDrUrzhKKmLY3wW1OXHjZHT4LpvjObvwxOWxRvXkpcx564BpwaMnA
peui/CaesktwVgZ+gp1iXIzHjUO0IM9Rwhok5mWC7On1vN8VhXdf4TVHTZUE
Zo7enheCNnCtj+S44mBh8ISQkMfEGAwxcGsjZ500CLNTb4BGuUZNZNoQ6/pn
hiGvNeDfL1mtSD4n+lf3Xo3TMOYTWDCm16DUGCZXFZ/v7dYbCQruKin71kOl
EZA63Wj/FKkrgNWXckAx7g6iFNlbSTxXe3FBXJpvogci4K2Ok7yYH0HijqLb
MxEDcS/xacEqBC4uFgEvfmy7UpE4u6a05nUp01gKqIvblK/4OhH+0fYEjE6y
zpgbNYmcpzimcsTQl/No5PCGAaks2OLFJUeor3cYyQn/GgTjdDRp2QXmzNQN
d7GQjkuUQunVu9YIJSXgcGjeDLGYpBjAbFsTTXKMFEgT09R+8EcitUSpu4hd
okKTL5k9kxJdXVwo3B2TlvHXXTJf0Tk+Mbh2BsgqGU48Xh6zl68qndm3BKXF
VY285kcnEbMUnfbTVTpyNMihfhttxkmcHgxLd3D1kK0FeExLn+2zQ2u3tJHJ
3CYr/w4zSdqGR51noSgyrQd99+Qbmq9s3mWheSWb+OitPSy51SzQt4+uxdku
MkRkQxh0492YGfycPToKtnYku6xs9opOkERRw6vMcaHrqnELTs/sUS23G2BA
aHLPbkt0kZpeEYaL83QXJiOFPnWe2+ZX7JLFaPfqJZCNSuUJajoeTzc/pvh6
MQcQKD0q1LaHEEf0PGzrwsePakYh0lPc+erNE4Takhed0X154QWX24KiLvh2
ezxKZmVJOAeWlJUuSomtfR+rL6J6loZSK5XCLRFmxZMwJo/guo7ckkJynkPT
ScgsojRinI3lo7Ydg2c2htUdLTXnUaIXsPcE//m4WTZnxaN13jg7rK+3vG/S
WX8KMzr1Ur1yOxTzvXBbtYIHruRquzGPw9L+LLuGSKa0ncX1yG0MGzFZIQhH
F6rnRZ5Q9J1P6u2UwJxBsqBJMNUxlQOku9Oew9haoMLTRNHr4NImvJKw6J9v
VsWqfs2eK+RsF1IO3VJsmdkIj1w4ejIn2pI1YHDE+M45r4Z+zBdYmbs0zBA4
UI4KvZn7IM42Ihwjqr7ao6p6Z9Vkl8V/NPCDjL3XcbKBHcX4caGwYp3xlveP
VHQOB3FxL1ka+KCP7QNUjCSWFzwWq+O84bkwnFbSt2fyeTezF4DgkXTpZMZY
pMfRwriPzPCx0+1Vq7R6cnDMv9PH+fNvenH14You67JjH1gzk56pGa33Ap5F
VqSs0lpgfeRnyn9Y5PVoQPmRvHTY2EMryLG2JFaMI0GPCiymJpm1jNzYjIcx
TKABHIwgTQmEtnlcoiKOG4U+wg9/CVCz2potLzf8SCYPpdG7pUqhivPg/Cm2
zW28ZLYi0sD4YM742M3CmZN17shfLYRBHotkGw7iZ1h6EiJEd2cycFnHKazW
lPbkVBjnUxhVAq50gBJl1f2601NEZLUgTVvGlE9YgZ7w0cBbjqtbLM6zrwRq
cjGOImhIwoG7726CLazTdTTgSOxtmY5Oatovbeid9ndEa1JHgG6kPAp8DkXq
1Xr2U0cZdnJo8TowKvg+e3YVPDAEWKLrU0pekCV26rDel+zqQoZZ+vN9xS63
yisnodfXiupX1kGnBkLBmX1orHx/dlALnjkA3/NuBevh5ug7pwqC9CJPNXXt
onvQeuClmoi58nAD1Y/qKtmv95fgi1dxHZ0jTaQTKwLXiKvCtbhZuI+2GUFB
Jhl6V7XH954Rn7udQAnyQuPLyAndSUZ6+OHMV/N2jcIikZOZAYz5yC7UXVyz
bdtp3AozYRfUQsdOtoib8GUVXtE4XcWZ99JKu+F1jXCvBnLv7TGTz3kEjAzR
b7jaQElE2mkOpfa+KeqpLSAMq7ajx72enkPfz88WGR/yQujqdbhRz6q0TArj
GAh4WnXrPVRZtsKNWWiJluFTFVxYSRTtqhgiud7CiKd9Nc32I9wenG3q8c04
PgUUWgejAWPkBgaEGSNeX6ZILidhinUTIrg0xCZy2JwidZpLHIprYrFerL9O
/UsaJovWHZy1IAdg7M3g8Sv76B96bshB6F5Xg+fO8jXfifPjJm3V/T5GTIXm
XJCXxZTbOZzdTJoAnwMxDQBIqZonw11An8jdJFzUdzIxspKShmsZf9jqFRbO
QYnkYjupWBheXjS4Egthez5tpm0KcBA5ENyA+8Jw9M5EVx0t+L6K1AJvPtWq
hipZ3noaH0mY43p9qmnqnqdvJpFSGL3JA2BKJNodGzp+ilK+YMH9aH92OfJJ
mj6yxxTDJ6i29MdaB9Cy5H5osPj80vQiWgRx4uvuCGfEcI8urV9vFyaeh5SY
WLdGma4YnZC8y93dhLhcwwan133HAZ0iugQudMdnNUohgQdemfryqgkrzlT0
6Dmwg5/35+18oXzah++EbqJgMaJ4p6cDdkGu8XhOhnMHphx+w+DRUIAZfq1P
jhdnynNLQcFFoRiRI1aMmUXCOXSJVXP6UxOi3mWsNUJsqk0wzzkZjBvSktQJ
eNLL7tvLcUKcUrsPjFaXd4JsX+gqTFTJO0E5yrcZTn15C+PWSy/7fvUnPph5
vujCSAQe872Wzw1+eijSNoyKQUsFI0s+ad5Ivr178604pbxw54bTTG2N7nHn
O3SqR6IVHu4cswBNvuzRuMSqtrwCah754mJGlvfw7gmr4wJdTQaNC3ypRTpX
kiwHWQ/sDG38hUoVXOMaQCfO9womq9srr679onOz57/WV+EkSBVEhCZor4nx
VC06h3rG2R3pyHhbNSkPvTIqslOAfobKJvrOyQnTxRatI25u0kDjZ8PYcOJy
hZrUhedC0Qy+Qe8PvtRlrg6aW8ynFwUuREB4hheScDj+6jsqekUrJ10qLcEH
muqbs+nOHbc9cgYtI6s9dmmsWI/L8Xm5O5jbpnkGTNGTuMOuPcJX/HF9vqwN
Uy/NykUJDK8TlhOvrQZlSlS6zIUw0c7v4ZnNlDJ/dU6XtxWge73lr3Y+eys4
J49zw5B8WOtnr1g5dgrSusCNYtlyYclIhZ07+RlX3Ul02xKqweFEARoG9kvP
klDGT3J7MjjOgoIgwBz3zlYiR9UnbpdjXdG3l0nNdkOqGmje50LXAx6dlBdg
3cXwyAg+p17SK3h0NpWCtVVb1FP+NBWVJ6CqGqVMHdP/SJPyUb3+V9uT7+95
/N/cm7Sh8g/epE3tHCfkj3/iTZb9n3mTZXSSZVkU/p3eZIpWf+dL/tAlf7IQ
30riP9EQQ2P4bB/ab8PIHUrrhyD5dpJM6R/aFm/xykv246M75ibzz1uCKn8w
J4938Vasmr9iGso/TMPfRcP27a3Jx7uwjveW9NaPz/712+kM3xPK31fxd5Xs
7wzE31f0Azj+lBwdxhJan63F352o2fGOV/gHLudb//rj2n9yOP9OqfxtJX+z
ON978Unj/Hwvv2iRf7qK8Q+b52tKZPr7iqo7u71X9C2xfU+J/M2I/AC+p0SK
XeT8YkT+UBL/qEQGcfVX1cYP4OtKpIzqvPD7q30ARs0+/9S8PNttfrbWt6l1
DfDjKsZwXOE4hxYj9/6uBeIeoe39A5B/9fG+q+MdV/jVx3u7jd9RG48TxR2n
9Pw9pfFtNB6x+T+hNL6Nxg/gf0ZpfO/ZW//6vtL4Nho/gP8ZpfFtNL7dzX+h
NGJHrvwnWttxD3/nteE/dvUtrx3v+RfR5Ijgf+jy/oju46Pfp9T4rpZ43IMj
v62yf1Rhfj7tr+Ms7HH3jv7jPKBMcw2I/p0nWSzqWvivmIp/JioesfmLqbh9
Vyr8xXp8Z9evyoS/uYTvU/09mfA3l/CtJH5PJvzNJfyhA35LJvzNJXzbwN+T
CX9zCT+AL8qE71xSOu/dPO5XFoz1bT3G9/idd6X2LbTARwxYCXqcYqxZjv3Z
3vtjnlnQPNuweWTWdxeQ3mjw1/6BPu6hl9fftMHvWIO/x8UPbfAXne6oJtZf
twbf3uQ/UUr/gjV4XOEnbfA71uCvvuCv2uB3rMHjPPykDX7HGjyq/0/a4Hes
waMD+Ukb/I41eET3T9rg77vp/HVr8FjJn7TB71iDH8DP2uB3rMF3ZP1NG/yO
NXhk2p+0we9Ygx/Az9rgd6zBD+BnbfA71uAH8LM2+B1r8AP4WRv8jjV45Oqf
tMHvWIMfwM/a4HeswQ/gZ23wO9bgB/CzNvgda/DIUT9pg9+xBt/38Ddt8DvW
4Afwszb4HWvwA/hZG/yONfgB/KwNfsca/AB+1ga/Yw1+AD9rg9+xBj+An7XB
71iDH8DP2uB3rMH3A+vff+7t19n/aw++/cEaPCa1n7TB71iDR9X7+YnNb1iD
bwP1b9rgd6zBD+BnbfA71uBxhZ+0we9Yg0fd/Ekb/I41+AH8rA1+xxo8rvCT
Nvgda/AtmP5NG/yONXjExU/a4HeswaPy/qQNfscafGfav2mD37EGP4CftcHv
WINHhvlJG/yONXjcw0/a4HeswQ/gZ23wO9bgB/CzNvgda/AD+Fkb/I41+MuZ
/Mqz4Z8fDT/y5D9+OPwvWYNHjvpJG/yONXic6p+0wR/59x9Zg5eGnOqOWQP8
xYqVOU5Xd3OdIzbvAx9mbAM2js+lOOV0T4T/h0+ws559I4bh/2PvTpodxbIF
Uc9lFv+h7A5qgl0TPciq6pnR930nmNGLTnQCBL/+IfeIyIwIjy4rI1/dejk7
LtdBsPfaa691JD4taig9buG06AN/9hc5PrOz6QqdlEYzW1tXLfIxzEGH7iwl
rQV1ej9ife2miMp7LOikBmJ3hpg9nkmbJB9nlxSMGfl+VN5tKXqGGPCR0/zz
otZ9GPJlsPfaCjxGBOD7y8Jmyu8mgAfaqx+3S03I0blvyh55d0i0r54Mjy/U
sBD5kgpJ+yJfRN4QNSLf+3PyiZKMrwYkKyWaH7oP29li5fpdPXec7trSvlTk
VWXMXdnJMWa7ZVJScSO/sh7pM7EGzyIVyindSayWQ+6cfsDcTSXl4B3qZ0Ql
dJpzD2ldYMp4+bAZMnQx+cNZV/lbIPZTRwrCld3XmZpjPBdkCcMeFOmfmQ4i
wNI96+rnkf6V2uBP30H6l6mCP33X6C+UBM8X+u4fQy/+Ui8Q/mu9wD9zlT8X
Ar9JlP1UBvzFxf4RE/An9sdfZgJCRfwtE/B8+J9hAuIg9P0Bz5/+nO/3j/lu
f4Lw+xLp/2b7fh9d+oMm36/N8K/5ev/oBP8Jeu/P+XfnSPzbvPtTkfEN0O76
o2h3/ZOk3Rk/P5B2X7LPv0m7fxppd47nX07a/VJf/n3l7ntp8t/Y3W9gkv/t
25bkXyrhQeDtLEX+ORQeARL/IIWHQbc/TuFhN+J3KTwM/zmX9wsKj/jRuPvX
U3g/iOH/F4l4P/e1/5kwHvKnYbyi+CWMVyQfGA/+rw/jMSX9fBKMubyCHaxe
RY5lzBSbLXunOSBYV1G6X7iHe9TFVpPGjuN4EgVsT/rMROKSAnktcjVsvIDi
K7+rMojuagBA0ZMI/PfbIU1FmIxLH3MYfu3ldznatoqMzxCEJk16jAU/CTCr
P/Cptp8ZiJy5K0hiAq+KIwsy5kBkm5kn5oI82gfmaI4aipgBuizPybeXwArd
m48w4I3yMs4CrUwYqt3j6PQaxNdjXwxMh/S7Sd+9iy69HZ+30IKsMcohIrLv
r8RN6u/Q5rUrIXHNCHbF9Cbn+5SOUdJ02y0xbSGaAjtS2eJCcCGTghIPzE/c
c+4F/sxwAVptqgxiL4OaKmIetW9vZY859kw1t6f3XxXG4w0l312yDY7RtHi0
zdWHbUyUdBncBIbiR6XadXFHu2DpXyECN2TxEQS5TsQScaqz1xPjdelaqwzy
uiXUi9e45iB8MwIufFm3tIvSr3zZ0JLsKj2VPOC9EKWKPEmxbdy3YTRUJ5hR
ee1AOpSj0OPvjGPRkCHU8WVuBf2lOqDSQVBxXSBkABnV9kHgGc9tFr01wn4R
UQZ61QyabFRouR+4DjmT7a0qhpq6hIItD8p2vHaU9rT1nZQefexOX0giOKRX
tk15iQbmqwOyZUq8KY9k3h7xXnsEz6q0VC5jh7vjHlrsStP34pmSWlD4HYej
cyBZDvAMZGlY3eP+QIcIPK9XeeheZoScD0UHWTPMReT+AIyn+ZPDg5oJ4jpu
QIMd6aJ776jysZUXWRiGWQMOFGZYP5iuaZR1MsWDo/vAyDCJsSL3FMV/xIDj
i8WjLuMAXWHi7iKN8pxi8UK8Gv693e3VjK+jEypOyTikGuUiV4PdAxfvRCfX
SSDlXF/S240Ricbz5hEI2S5C7Zy7AK88DKoeE2MTj+99tZOjsy9wkxzHlesk
781J4sYKryQ615s4Dv3tWsPpmaJub2EeSvICLhhJzsm9GoKDXqHyrcNobJcD
3a8o2ZJ3cdxu8qH2x2EIYBJtmaBtUa5ML8esXxymXKwXLPTPBgHtClE71fRF
i3SVlYhyztuQLrzesGdPwxO7SkWHzPdrQkuB+3oFNTw8D2u9ZEFLJnsE9q83
ZNVyGqtJp0L+O4M9XO0xW593UQXoueg5fOodemsIL05Z8GWfPaOmWJeYzY3Z
oiZNZEjAEHxiUXxwwIclciFb4BpfDW7mgWirGBa+xTwJz0PF4EDW2usZhn9e
FLvGGYF4K55IZRbrdq9CKSAefyFnArSQWahgdSN4EbaF20I6Bmh71hq676AH
+yaBrIsI4UhBsOohlXtVGXHUvSbH4KBJVB4zsrysJRxX+mUTxeoFPIMKr/Hu
cu5jC3kSDdXqsq7hw7dGE3MDnljeb9nbAzItw5Gq9edYoVJVAOqdfU1JcSMK
k0ipLuWQSX+v7JMg2vASwTmgPB5Xvow1jrcPXSfNW/U6WwoiFEKg27IcSegN
KbLDl555C5V8/B5aIU/iZByW4TI1/Y0bFqAib5DuNNtTCTV2TJD4MLyAMA4h
CYwN5tcn5p9jzyvX3PXVbXjigfgoiaO9vOE9Ei3C0jzmpVTUSpBNrS5Llx9p
dUfYAlW8Oqwyk+ehVpVu0KuLqCeev43b+hox7HkJbhRWHE8jGXP9+n7QK0pI
QSy6YX+UCRNCTj/qo9MNY/wGAgHiqtW4JcSG1k9gf/NNcpm7CAhkudcOeVg9
pogwK+fwxI8ePa+ZMxvEqHccwaPa3vwEtzVWLnEwytlilSsyitxl5Em4XwXU
QksbwUpBzBMZz94+xhsBe0UiDImmUIu86J1tAZAEEwaiXsmLBkU8yzVeLqtY
Grv7fL5X+1iVz2eRkMWWXhNZayiwGzFEiqpndBUIXFUUe8vyVpDnnqOoIM3o
cSJcysoVF+CKKaGA1PgZ8WRXoG/Io3wByt4DbhXcPRKgjvdB+LqhqyC7B/gy
ptAxZSS58xdAjB9xBDqEch90/DbZ486nj5fLQH7SEQmBjQgBtIcqVrOfJ8ea
9jfY3Zk27pW+V4voMleFbBeksmScu+mNLvBSjfRs1zneJANgWNHIgzjkQKh8
odKzm0ffjQ5HroQzuFIcRpfc8BJGA54WdnV4t0TLsbZg03wQltMbR9VXrbb3
s0FtgYVwN/fBPRT16GPhMN/XTJ2qi6hCEV2fm5fAQK3D8GmdhSpDzCYSwM/k
udOagGfjusVNILQxtdzNCNpbCKufxC6Ppnoxn8M19z3g5rResYx0EVmJH5gP
yevCElJUGBEPH0xaaVbGpILm+t2faxe1JwaK3za/XDisVGjIjz2mYpvoUSk1
vppW/ooZFkncCo+m67uuyUnEBdCeyDiQEFHyS/61Ta+Fej8uLBjqLYRGHazA
eIrx6eT69wd0Z4bEZuoatMdx9r070p91/FsEn1z2dhQjycuxoK3t3BunJ1kH
Tk/UHQpu3VBxdQk7R4Ui5Y1BoHrThhnkFuigSpy4GuDzWryuAIFdd7w+xyyB
L6+HPOAqfIC+q8msnkgEZhqPENLNfhQDKTL8m9kaqvEU8UfqldjxIuX1Tuf9
28q0tBYuS3hrd2gDSlVbeIpQMs24zpxICBpsbIPEeVg5Hj075bPgMdytpBiy
Oa4aZhkbmhldcHmRmNzO7tZ5SRIKaVDXUcW6sJDg2qR7MYTeITCZTQN+pGm+
rCu3qmeNQpfhvvlyahuXhSPmJyXd7yJ37zOt2aj39nBaS03pmnV8z+rgM9+3
/mODAhyH+zJBd17W5RQUiRS4NZfRNeFadp1dewtYlXQHD8RDSixIrmJXw7sO
k9c9I5lqJ5JtChrqh/B9nRnaGmVN3iX5cq3e2izuY6p7AsOCLAqMVRI40Jp4
FnKPjC7TkVHysnU7SpMIhzukcV74TJBbgw45RF4KkSy2xhkUpIZH2cLP7ZHX
bFtSwaMCn43BvfiYNDyrFEB1iBQRBsSx2ici6s72uAWNS5Ai7FUDlWYeUHTH
HuELEfP388BfQLF4eZagOu6jiFLzCsBSi4c4UQQRIE2upm3pxesyo+8rFWpU
Oo9ClbvxAi0+9xw3j+7FsiMluyiFlNqeIHznm5sDeXfnWvGdwrRExhWzeDEm
adWgDLWvQAzDYD4wnsCl3YThGKK+NKO3NMRdhqx6YaT9XlFkKBHFWA9X2UsZ
lYMLCI/0or9SgAbatlHO9f+0oFCWxgbnH0RncAg09nA1Zyqdgc+KHZC1sFi6
4luXFqUrc8mv2DlRm87CS4IMGQji6U7chInzZtbJs0da6fjSztPd0B/0RPAv
hewNTNp1n/dFCSYullMZmKsrbbvuPvEIxrMfkxbDDzduXWJOurqG1jeEWRC7
95R10ALRF5n2MO0SbiVeyYue7tGrE+S4QDD7rGBDTX0mJaF6yW0be8jHOfOp
FkzzIjWySJ+DcV4iCYTPIV7Xg4Qely1DV/TGGAWGQfDwYsqsxMLIvlq3FXDB
FCiyPOaR+mET19W/sqh+bt/q/HoY7GjhVIpdmuNA7WRW1Xui3CJOrct63yUa
9Poux/bXuR4WyszHoOR6mGRnVwZXiWPsqISx6KHkwSXVyWVRJDzIj/qdS7Z2
xhirI9uaIXFXGw67KmczNrexgTC7EAwRYsug0zwZm+lvxru7xM7zdiyiwELR
K1RJE2sKV+8ezAihzYvKRBhRH/W4TWfDkTw4QbpNb5dk5ru35fFoL8pFye+I
lwVGpdLukD7TONavSPO8k1yY7caqP6x5pF/jgpfRw3KliCatas/4tSCPF8OW
yQWTipztI29aSPF4aPcOBhjjPWoMwCs9X/spAM8kpEnTY9Ce/F3FtFtlPj1F
xQsYGm/dJUWVWrUyEwbpV5mPYKCYWT/fosAV9wTdAj16JM1IUhYEa437mMS9
qyj4eeNi3yDw+XFJc2szbLV6FpZ/PrOOgZcOLnDNFoo/JRIMPW5Is54TpJrX
FJK411kULoiMKiUz3bDGuji0fu5ow0GpVXyYTkCjTDKBpsJ7QNcf7ZOUVroP
5WDa+xQdkjuEwxSfEZl33EMjMLoLCj3v61zCtfLqPwol40m51JeAMJltUyz5
zCvVY88YvGe4ehAknBw9QBZI6qGhEbO+L6hf0AS2y6JMpA/4sb+2q8cRCu7X
B9ly8duB1Qhix0rs6R4jra00k64LPe+qFZjZmuJlTyZIcZ1c33kX0podELoh
1bHXHYtDYMxVi+gWfCpC1W/IjQLjPkV0cLYFAyDzqoyfFxCSR9TK6c5Ozv6c
TXLSXOxRWIQXc+7FHrqeIU6vtPwCWS8CFiJ1FTGLYHAGyaus+uslnAEnNHHD
2cpnKQEcmJLY3WhsLh1ACLL27m1UskssrSeLkkPfzKvO9xTer0xIR7t9zkKR
hZyyBgCoDP5Mq/75z36RX3mQQd4rxcXqhnP1+QJA8OJ3Hw09jtRe7KE2ULLs
OHcJJYOXq36jgpD3N93fcNnUeHDvxaxBz3rp2nLMg1EV3StVsKLosgkNenCe
734FvOmmX0Cf4K2XK+PXDJ0PKogSavByfry3lZFch/3GtVfWcIUd71XvqV4r
wS/cAqDqEgPyjnlcUJR69AnsiQToW6A4aefGymrVIazl4ZhPrYFhkwrT3Fxt
rlrQTW7g15KjJHP3Gv9x9kwtSmheRytPBi/Z517PlkoTQUSYTXUkncAgGb46
qI4waT9wO6sQBx0Hw5BvflxKSoZeRkN74uGtUjpwvxFsn1530qfY0NWvHGut
dYXWpFOS0g1L39DZcjxRPGRXERcjET5k4byEt3eWMlRhTLSfX1esPxtwNmVq
PlJiAl5TtMopfbTMOyrANejm5RnG8vFWn2JVLBlxu2SAYb7Tt0Z60AaTe2Lr
QWMCbsVGkYWreMtUCQkXu5be37lXCXZoUw9HN6zwSFqWLsRLBIlEqfFxUMhU
jN3ll+wMssjNr6QKfGPijPDa6BzddFnGmRi6uNckfTeVNV8L8sYU/EW5OY+R
SgiB6zJLa5/rGfhI5lYCKQg6PR+vOKLe6FVVMCnvQ8tznakRzg7tAY6zZdyk
ixtzjqWgZ7tRMznG38x7PZgKdgwRBboVuNMya1LQA1jhQ68xs2l1xEfP0r8P
mE0gz+V832IeCzkkU1IHp33t+d6RlrLfymtANSmy70PZxfiYSyrGTtSdNVSt
d8eIQopKL5dFu/jPqypx1ntI3g9hOPwKqVOWeT3WI/PP+W4BvxAwcs+eZfqA
zCXQi6ahwJ57YdiSEKR0oQTLfnRXSyvDJr8bwRTlbTFIiuDxr2vQdA/NHFoQ
ne1YVmtb6oFWufvIzQ2nNi+L63yB5RkV7QOVpCxYCs8SsxfYWY2uPOdZk3wJ
AdW2b6sraAMPc4VmKiXu86MwjzE5a8MMu7gP695XzmzSvrujuyhhGQCq6vxG
jsKhgPuI3m2eSN4j+u5jVqFDkOmjHB7Pa8XEA6sus5nAlOjeRjHifBwJIwwD
BqYTsaby53Jqa3CwetLyjrBmEmHE78aGg05Ce2JXgNcreIlFGgCOhJDmZyjq
OSfzTGUz8jukUtH1gxS21b14y2fV9saFKkufj5LVxu36wNgFvQPjBQlc+60V
vOzrtdiIFXuTZ93TLaitFkDCVZsLYEIS47eMLFMhl+XArcRTj5Tegvnt2VzE
6vlMoSCFontE9/ehn/HDajo6eRvGLa1kxVwLD1sfTV0asBwTufZcYyHvkPeG
L4kaXzKNCcjDBUKiNagQUbG6CHAa3ZRzolPwKXOqx05PdbRxyZWAs+wcSUBb
TFNo1rvUz/5l6SJ8LkEtMK2iF0obrECeBK3zavZWo24qmbr3ikFpvM0rTFhd
sejjDCAM6WDxvTzMCyq5ZZw7DEYMNIBE+lTrT8iFK05t71GUoPP43t5sQXQb
xmephNiwrwsiLC5oMzHBmF3Q/Y21sd2gGPPgb2GZEX7+VghOdWwqu1oItTY8
tddnSiWleUeocVrOrnNVz47IEiZ3vSwuycY1ZbwKn5xwTiyuVYdD7PZq4DQV
Fro3kTG8n1OgjmfQ7/cAUyaTy0fYe7eJM8WXJyuEpkUABk3DWYnmbwvPN4am
ZlyM70ghzpQipwbPFOhNZVqd2BeCstd7dN29WIjF8VJNXFAULSoxIL+Gh7Zi
Wmimh0wBKSkAqxzFyHjunEhERQGvReCRNfVxq3sONd7kvHMXQuPg+LbQ2zNX
RfcNCoJhR/Okojr/fmEbI4C3Z40iabX6Ja1uST3v8TlTV1sEcKIt/EvdzWsE
aXh1U4+HuayskhPia13x6yYLI+1Qc4iYfM9pikU8CUBObn4DwDcDl9YKA6Lh
4vhbJ4qEohIRcSUQDzOdujs3991sV8slbHu6NWND0MnKJdmwS4KoTprpFiD8
kNgUxi/0vPhNBA7sFILU7ImrFHNRsJRdUPDnekmwfi4JB2gjLo4E6Dndzr4/
avid3p/MLU+ry2jlD4gw6dgxVTqn+HKdi17E9iddyWfhvgTbTeu2qwB0G2xr
XO6jmyaPe0tjnQk/bPBisAisBCn7er9J3RQ9NeFfFRWBODHFghA0QSghlZTT
4TAyjtyDCf9Oz+zIFArp29dAvIQsv0mvlV4trLk+X+uzYs5TkmMTPqvh1vfx
Li5EYpy6e7eOrxG2ON5PfBqI6aetwMrZ+vJKcm9iwEwiKCEQCBLf1AG8Z47K
zw6tfSoVEFNOC1hPYHCQUNkXETxK6DYYVMcU0OuCGQ+HqAGQpUsx5ONaL9SE
aOUdAbWzKCDKpsbLAFpFTRFtR/QNBlTaRNstUqZKTfbqC7kXxm0sk3twaO+d
f8ureMeYXQYVkYLkwtJ5aG8RrcXI2hO90byFM3wmNXOSV/ztzuPFhV7rm1dd
UKoMgwhmzzgrKZURKmB7Tl6DZcmj2PyzBcwiRR8K/rkNWa7GzfVca5qmdRfD
iYiA5nlFpLsu0Ir+GDEEuxmlwCFzQVwZFHtfbw5bSXMRWNEyUzB2r2TwOcnv
rX/0F6zTbwTAem/s+UiUg73GtVuiSOO0H2lrfSWsyMDPMJZa3FHvJS5uD6bB
xyf1TFD+HS8XRLtp2D1a2O1ugREM7fUDDdOmqPCb4Bn4qCBsmd62pVy7Aw4k
vHWxnoON7IqKmVvc8ouqc8Fh48S47t6OvyQ1qm42omaUjohLU3RyfWeSWDLO
rdKyvNIuGS7TMD1xBsR7uJFxQV7TPbvHYFsVtoz5xSx3glfF0cgCe3UdgDlc
NpvVluvsmLHD0AUBGq/3rNqTk8ooQF/2sQQow3u/g5ARrxTRUBZGv/e9vopv
2z6XaSvb7tt9R8xjiTMChlgSDQnD4OvYpt6YcNmXEj1bUbyWl7JHyTQHDz9S
WCsM8JTqlyIF3gdKq1GfjL1UC094XYDbIK0ciwP0kkGXAd3m0nfAQoOj5kVL
GnKz2TxLgBuov1dlA3zjJmQ9fO9SzXpVJdy7mtp4iZ5UJoMZ0yWr+obZuM2h
uiuw3D2YBIUH35OHuEnakBbHTJKNIjLSc3JHB+x0/nnvoETYMzZ7aeP9oh1g
ihEAuTCTtfJUfNvvaQhkjPTWzqLqhrVtRmt3xj82L5Z5RHIZGZSXBoxkjiBR
gLrkgOaMBt1BginuMVEQ2xkj3IFk0BhhO1/SPkijTXofqM89tuXr9g4a0o1A
BeivgI05Z9NlA1tCpNZZHli6n2iTyfA35Ox2NzC7FTzbdGv9pgqBlHZT2xfu
LFzs8SGCo3dV0BC9FElZngUMhMHgGr+Bog+uT0tXeJWga1QYVcVVMwdkHtbb
hcLnxi0WmEpwb5HH0Z/HZy5UxYbTkh4ZmVFEZy4MylsTY9X6fSCKo4IFhSMn
HYoZ/MrNkcBHS935I0oCu2bhXrFekn3vopZ6UAl/1+XWqq0bOTV73ffWBFlS
LQ78E99E3CicFwA9U8NXIVazNYBUBnO4ARcPaB7iAm8K++J747FBADTnUqeB
6SK9BbWgLaRw26G9DTcz1a9sAuRnfVHfV6i61uZeXA6kIznJKKFwnJ37TVra
6WwnjMfcOhivOutbAF4ucPOgYX9VVS2SGnRmJia0MwwA9gi4+JuDOO0u8NO+
ocuZ/CDGRSYvCYd34jcNGAdgDol8IjsuHqxOQ6NG9g67RwyLCtopySU2UsLi
2Y1d83wzCiPm7pXq77PycM70083S6mDttaciNssZYOxyTrzt6cuWZAe5QSB3
YRsJFAcNsrglvcbJIclv5Kp0iiZ2vlIk/roNx1Jt9L6+G2kFw2v+DCSVDu5W
oB5DlV0eEHUoVb4NbJTP2f3ObPBgl3FhRvZUL9QmPYe4WTycWryb2z3EPCht
9ma8hjbfJew+X/yqa1QSmtKFodccy+6vo+IjI6wh96zz/SOgKudOvOK6xV5r
+3AqprP0W3iQzDIbhXm7THDDUlO/S68ZNrqlGe2wj1eDQdbIHxBw9eL300zt
jegBcDaGhAlsK38Spv9yCWw9wAsRRup01+GCfhxvrHk/aZMlvXTFXrfqnQ87
eB2c/XhleS0Wu8u4t9em5z2rFGNzyFftfRGDs3Y7Wn1wFhelp7Ge65hgIUvO
n+zCjKk2H/j7S/ShGyA7mKtVRl4Hi7RgTHPL9wtsSZY2clnYSfbOgEe+bjAO
BnPCZJupdaH09Lbe5asiXV8MIKvRWvADoZaHEuN3RmrOWhnCD7wxzkSouLVX
yPlGZwKeH1KeGlaUKW2Y1o65kza0cOY6pjdUc2Vscc89D5uX7sKFUuPiD5wV
g7qg655xwyHh43WYnuO9M0x/7d20Khov7x7IbCw3sW1BIya3l0RFA4RcSn+0
7g7ETevB486OeoozUgvZVhoceE4kokkXIPjM0ZyxN/fH9QrdtlEMIEIfBXEq
hQvla51No/DZPsauus/v665v+/QcdF6yrd5WqhtbFvzKMssNta5oWAR9rZdp
34cM5lDTpXXUFz7XUuAM+DM3cRCxWeM+nmHeJZOGZ/xNplSEpjwFNJ/YFTji
2F9jTAr2WL0ps3iBO5leGSCQGhRcbw3wvLUimEK51MgRy4h+PhbalefiInuw
xCtfZjpd36z5iHyLbMFOvAyP1MuQBRS4iEFVo+DCeIKoG20oXDi3TJ89WQZO
FRcZl/EVrI8tr2/+6xVZpaAbZ666CGpuzLSJvqHBwuIhdhQ5Rhq/BYQROKKZ
oIDX3CIRTLeNfB4kHOgmIK7ITXED81lR14vzBgDHzV9urwohRXiL/8w4p3cT
UStrIXGM5w19xabejXntYrGjXlfUUTbk6QlPKU/QS5MsDsGcxYJJpPrQIyxD
3uH3MMkyUhSRZIrQWf2OtUvBRFvOOIwT+F12BIKWSmmiq/1S4nXgPrA7cAhw
Zqe1Gxe76RwBUBeQB6Q+364BfE0j5bhem4UIrpBuLFq9ykLiJXVVXKAOs2Gz
qdeNCiu2Xn3S6lgUv++PWystnQGF4eApUfxwGUAhNmScb2Ww5SYQe6GhktYF
fBM2nzJdoKwdDiywYxTpawmD7JZjhA2MGIaZ8VN17Xx3cD4W2Wwc1qV/v6fG
9GgXuJSvA3pmixm/QEfpQACEMYTqeX7sj10etIo1Oi5hlc4yMFOkCuNOIJFU
eW+q20V+19MLL1tbWO1XurMQ8RPntysYO90LYRQQ7xfPXF36wVjdtmwwmhN3
WH2HpAxNRmY4yguYL5IwD1Dmaw8o6SrG4rAK8iL63dOiqr1RPH7EWplmMEkD
A9Pbje1p3iO6pzR2kwv4OkqXg+RKbxTSPNQ6Cr+7EMKvwtikV03ob1rAXIUX
sd8NiJonvAqODNmY1341MzLvNgXZxssUjAh9dDMz8vUr01qax85s7lF48NBS
RCxqzD5bt1Kc4MK/aehtCZfoqAQg9vdBUjbpUmQp8FDR+6QBd/VqFakPtYPV
34BzHIBKFbek3ZsssGlT8WRUuUs2Vst5e0NaFoKPRblkFuPl04g8WH+bMywI
SquNz3JkK9Cums2eorohGpIBvN0ph1EgBs6s6TbfSQhAqNx6XFzTijvAOtrZ
vrUKK7YdFD9RnmjAFwy87TRagHDw+3QOc5o5ujfOz4rCy0QuMLdt5aeLe717
VPaYBz3pYaO1rWVHq/e5Ikr9rS38Nbd6iYDyVHQelTPTyOA+7rcImA1mDBeS
ji7ICIf51NTTAVzVZ5ICd7l86SE3HQoIJnDYAptTrcxazjATbSIVxGWCgnsa
y+kATcJ8cUSH2s9+EAFuJXzPbiHm7Q+Tyc2nxL+K1X14XsBqdNKieuNGj7SC
LUAXHptTZNdrdR0vYMZkbiTWyJLKs94wryIg2Je0N8OO+22GzV28c9CxYEHN
wWeNt3SWKI6NMRWMTtNJdRlaebtLYKBmPiNPDuX1httGCQfDE/qSn2d+YynA
R+R8uPpmBHX6O8bYB1ichRT6wJHxki/ZSzUwndZUzXofBA4vt4UGd2hd+E4x
7qAfHHB8j/Ba7HTwQI/l800jDr6L4cjdkeiC6kfc8wZL5LaciDd45xOo34Ta
nBPCSu29sc59u6skMddlr69j7B1lzU0j1ju2lzS5XSipQZDzcIGxdKLI5465
iq3rzvqq5i0Knz3ifi5psLh3ciFQc7yM6R2Cap0mbAkQNeQiPu96viQJsiMx
BSUtlNXR+1lSm2FBznSL1T7phkS9HrMy8XeBuBbVAbNdnD4MVVZvxMX0oPqm
ufOQiaT/ou93SOF3w7EU2u6FV9gJV0PByqp17o6TrweJKnIVbZCdS2cTEBPE
hbTe5TETyec7Fh3aP4rjXfMUa735EK47oCS7CUsgItlHA9sqvVVjYX/mVi5o
s4SLqPWX3rn4jQ/p/x/AYf7wuef/w1VMj/uliulRHxXzSv6GitkT31Ix+5mW
JEX5p6uYavBuI5ivcws8K40f/DBIttn+Y1qKv6/rfW/rvRLBf4aB/hPr8bvL
eWbCR447z+p7Q4Iif1V3+4ho7RfbkUlgqTSFj5sXNr/UB74InAIPfsQ3D+ZB
lTlzKUMLUSB9fMddc6i3Vvdv7ei3cy4q6qWx3vbxEf273qYVREewv2Tsl9/+
XjCCfMuhfxQKf/AUP5Lkd5e/yZM6FJ6hGCIfY3Ne1ArLfuZZ6kxF/8IZ/dG0
fP2uM+pAcxRkjxBpqb8fl1+IlD+M6q8KDT93Nr+7+AL5UbzWb43oL1TOb4zu
R3v72/jqx9fxPUd30lhq+2G0/jZWX1XSvzdJv7v8tkr6S8/vY8T9TYiDhu8u
ueA3xk5XX7Q5gd9zF6xC2IKkei7PqL5JnT6kwuOcZel7WxCqI9b70fs7x+G3
xb9vaZ2P8+c27bDPZ63hj9T6c7fTQ7UfXw+EDPa3fcGf6KDfFAb/5gt+2948
x+EP6JvnmHzi8bNGv4+q5hUJ7fH5vY9ACFaa8/WsPcSv4s6vP2vij8bqeYQf
o7U5rzfaExjEJe57bYt9/2psml8kT/Jje3JnPJ4r5BzN6lfk3I8j2H4xV+/W
/FFbJS5qz9/ZNVZ6f3RQbjdq7jDOuJQYcNNdavu57fnVVRz+hFj793nx71zF
nxukj4/oecbD19z4SLqvx0yf7Xau00bitfWrfUq/fsgJH3fzM8MST6sWpNX6
9rH7zt+Co+B9zqjffNZe6NCP9EuEWT+ajV8fR0uJ/+IZnmuinROYbz624zkO
AvfxTX81aqOfnMNX0zAM0B+1vs8R2teXrIXQS3Se1Tnu4JnR+/P6l4xBS+du
fTTI9nt79W8CIk/vCfKJyRD5endKCut9dM6kJHyJie/txE+kR5+I/iqWflUZ
+xChi8+IfwzS8whfFdJPzHdx8MkF9vDZLzKxKT3h9oks7Mezd6jK/X7X+cTJ
RyL86F48JlX014xRfm/nOZ/s8jUuP1Lkr+fM/swPqnuu5v8NtfajQab4j2rt
P6CUfvYLfYgdiTjP6JPVftxd1eCcXYSew/sn63wv9X7DH/3irP6mQPq9P9rE
97AM4fcjRbQzd/7gwH6ctL+XYH9cDw7UfBEfP6NcfxVM0+7LOv0nVCC/VLXl
7g0avyK5nfmhixCL+ImuzURzxr5+tKHPufj7CsOJnhk7/0FlW/tiQn/i4Xtn
+6NvivKX7GUyt8/IAR/T8xcmcf2uzL9ziX/MD79bO/2a5Pqpo37bcv09yfVz
Dr9tuf6e5HqOw+9Yrr8nuX5/Dr9huf6e5PqjP/yrluvvSa4fb/a3LdffkFy/
nPu5ss6zlxhZ+9vO9+OarD5jkz6tXzdfa4z+5Kgz/7hf/vXreyRzAzP26/x/
4uLMLNiXNSza58pKWPSL0K275X5WHD+rdH6ZcX42wn+oAqGr8Mz2ev3THGZ/
qR9ux5cM89Ue/8Gd/iKVDoPfyKb3TDcHzJ7JV9fU8CC/t33/+UV0bb88do6D
7+l08EV/1Y3Ylza3+fI/tR28ec+PHJ2VIb+1zVyQ6Y96ftaSrn5oWNKQhy/S
zjmbh7RFIr+FXUR7Lc/HzQ07ZwkJAozNhBfnwFgVgu9Jr6MjDd6eggygEZzd
jPDilSNSzyPAr/hTG0SIjEed/vYbaHNZeUwOCtTZ7Bl49hZ5/B7vLzNpBikG
294KIs/j5TNHtf1H3Q+hwBv27Mjg+BluQZs5Pgiu2ZnFziPDEU93ms/HWvfi
bLZFU5FuDPGLfUtbzXBehe/6fNq9lAjOnqb7k9n8ovmenaM41F+9wp9ohRv5
khPQ/u5iRJlyNLL3wMXFdC2hmn5xm9+PXuG3bkb8CAV/3Cv81t2IXyTnP+wV
fksr/Gjzf9wr/JZW+EWs/cNe4be0wo8GydGUPPpKMapbrNY1UNIeUzRxqrgl
maaw8ZJvkZNnuIfUXl9F/qCpqYlonvJSc/XcL24T1FGFxLb0dWuTrIuzu9lN
87FXWZcsUWcMNLb2vlVUahjuSGW8idAYj/vU4ktmgsR3lwacfcDLHN3m31Oh
5L3F8ffSiIWse75RQ7jmyAAVkqKBmXkGcW9QMo91mAG+j7upEh8vjmeCAS6g
qFk4lMJbFGr6OLozOnZXiS1wVU3N9eJ2Fm5YMyujt4ycSGkZ9Ox6XSvr8LwK
v/CLdFpvG4oIAsm/BucOuMFBw4fuwAYP3CX/edgCxua9p47kSpIRlqiDJF+f
bxifvruQFOo458zH/opu5psqoMqcJV+JJ+8XXuG3tMLvLn/GK/yWVvjpFv+4
V/h3WiEvfa8Vfnf5wSvsW52GPIssmcYvKK4mjdyYSOTINvJHr/BbWuHZuf9R
r1Di5Vxh0tlVUn60tMGd9qW2z3E45CykAPuW09TCqnP8Sl7Kq0X5oynt3SgR
6AowGyGSOQJW6mRKfBvo0FiLU10auzRjH5nz+ijf6qpWE/LgPB+OEM2etVct
wu+bI9wgk9NAFC8L85neSk0Qa80toXGNlVS1TMw7z+FsxEx16if4jprYcn/H
JqhKkX0EXbNBNk98/pBrFmdo31ANgwn0Hr4DOEAXRcgIS3h+d/Ei23BWJ2yE
KmAHSH6M961gD5IC86fkCvdnzzUUv651xYwPHDWhh5Rr/VQj+FCq0O3MtEHE
4uF0OIHoHRAPgvWyL0ZhzWOHP9aJdUd9EPUIhLDC8OwjhpyGWaubwHe6Z/Z+
+cV6NU1NkpgXTn2iiPltN/Cnt86zlveRXH5DOPwjt/h/epxfFw5/7R7/M9/f
WZfDzqN9vDX2q45t8H3InjugfmZVw5WQHzNrTRF/Wva+a7T3g+xt/FCBu8Lt
05ee1djnrnau+mFMvrv8PShAoRLNbtTnGQrVS+djDHiTnn3AloHZwHEBAs6r
qh3dsEnl+tBJFjjXJkiQ/dK2c4NSZ1hs9czoPTGLXoy+La/FZAP3xxAiVUrf
DLue0hsd38/GbDnmhL/TOf7dZeEfUOcP945/O4NH7xZww0CNP675apbmDd98
4EDdF7UFZ7yjk1sdKHtubyBxD3Xe44zvLu18LRvPhIX3sXezATdxGLjLC3Gm
nRlzkeOTiG9odJm0Bn1PkswgzBFMiwNbIC8m9HkVRVMqOrbd/bIJ+KIylrRg
noBkzfE49FCGFLfaaZIX5WMbsh5FX5I36Ka9FekmnmlZWb67cO2TesnE2Z6n
c0tkZ+m+3Bij5PbGrvy+4a1ytIi7znrAhDi5EWzNTFDlmSspoS7jL4JxvH3y
4ycHuV/Vamk74/v+1aGmOI6ljI+qzXRfFcyPF69R3CZ+la7tj7N67qAh5/76
32Yp9+vRPI5lKYUuy4kuubOASVn6PPr33qxFfsngZ63A0DO1idaX4xs0HXK8
usKHKr3OxxxRzhclGM/cp5VRFx0aTf6Q7Tcr1OiY4mVuq5/bWdntT9Jq+sgN
4+h99rmrHX1rXX4i8JPl6KOKJXgg8aEXmjq7okpz1loCjD3DK5jrlM3i154H
r3PYP+9w1ldnLas1GDJVS0l9+aaYJ3YkxyO4yn4WPhHQexf7FLU2dXAFIYhj
SV/1vTbiDBmywQ9z9oGmla7UyQzEXH+u7qCkmn7k9Bc02+82XRNC9O8YjCZK
FEO96Xp62+HWUK2vkZWyUZAzoSBV6FCLO7308FlXq4hoA9qNYSfUGEZYZprD
BK3HQAy9lKYCh0s3dy4BezKoW8VYs/mEgLM0CfOsFg4v4D8ra9I7F3QPk/EP
j1rodgJk+XUYyj7sFpL3Ec6Z8XEftV2k/HTuQEFCcFQyKDAhTefcu2X9VT8A
apQxqxABMCd059CfXKeFEvOlViq2z3sYW/Ir3yFw5qjvc80/+h0CX77v5su3
CHzzOwQsydVBjs9zCCpAZejbDb+Zj/EYxgE6vr6v8nkP5Yd3VoQydqnw731X
xtLezE/U1pTW6O0nJuwZ1S5n8hu4n1Xwftapb/3gDo2V488V/P0zaZaraIZu
W9EpiAQQ93i8d9z2+fYBS+XTPSNRLMRJpGifmBLTuC533/z2AeccVca2HVYD
tJeeYPF6RhTk4T2svif2Pk3STrQJ6W8Qi5SiU3JxHiHRGuFGXljmAzUaUd+v
fT6nNTApZ8+jiue6mBE7urnPPZmIAWni7RzJFWIDJK72u4XeSms3xSesbxX+
UAjhiWXEVDv8cgxTEFJMeVakD8oP6Ay9DhPFQZ2u2ShrGPfeDKMnUJZycu3j
uEyTjNuRYDqeBvzE3QDnEiKhe89FP98cNEVnW2dOmYmALqFDuah1DKsLzv11
LZjbVKa2egDnaUPpUXiQUACj9C5BTNwnX5uas1MD7hXD9UbawMCQDAcW8Gba
Pe27Woowr7WOHniYvSX2goVRXvcKXXmR3npdS4FkhslnLech0fhsr8Jf673+
9rum/0oC9pfvlP61Euz3r/fnQNifm09/qQuL/PNd2O8uf0qG/eXl/guBWOSv
B2LTDPsWEHs+/M8AYjES/v6A50//mAj6Z1DZz9v857R9nbL/zL6u5v/1H1+R
2j+9Kv5Fcf3nTNsfz+7ftO2fJRbPGfmJsfgH4dt/ZuT+Gpb7m4H7J0TcrFr/
W9rG8/y//uPxZWT+c/hxTH929P/4QrtOn0D931oZ/719/Y9vjNx/L1//42/r
4/OkXyyRr0/5g6vkf16/nuv/vJ7X+P/8efr3+3P/twD8T1xA3/CBf+SB/6QO
fC6yH3TgL1vPv3Xgf5oOfI7nH9eB7Xxo93+kkP4M/pdo/W0V+Ien/ef0eaH/
X8rAP47Ub+Pbf7EAjBHYP0kAxsm/YcJ/TgBGUOyPC8DQT+nebwrACHn7PQEY
JdH/bwTgn0b+/zUK8E8v6+cS8G8Uz79VO/9WUYD9WBT8ERdYev7nl5T2n59X
+0MX8rdLsPNz+M9n5fOf/tXPB4rzb3DE+ReOuPuvzxHTKDB5+xZunxsofWdI
eqanwehpO29ZgvsnT6+XptUW7F0hdyW8Gxrdv582c4z3ScA8DC+eoy7oOFTs
L0sPjcV0wyMhTQ59wzAHsYIrtBfAnHJH5ZLr0OtgemtQoyDgja4Q6KXfcjzV
ZQnF4qUdSqKd92K0YfEBzbrXGMB1zM8zYFAAf682dCxZRNm8ydN+4pRYSJCd
SKc4t+fLjR2mFZk1Ka+vLzhQm+KY98iikWrAs8tOTKg4tejTfSJ6UEAuZlaq
R2gZWFH37t6gABZpvlgu4zWkLOgOo/rY9tUDteUEBV70RVbWaNnaTEDJibg/
EB2d2SUvDl3eo2lhcBdPVLxXpD07S4vildAK9V+VI+7ZdyZlPmfEdmVZJCgY
VwI4sulyj1U4vqqjZFhlzjIEoMeTqLwlUzhzxBsThPkKUoSYQkHneRTXwvgV
2T21CyFbsgjevlhJ4R1Z5nnti3g6HdKg8u18Ib0sHsMo1VE4oO9x7mQ9DBNa
BAFBJTFa20htoJFntnKXjBgOgRGD8KVfic4MuwJa5a5gYGxBmqZr0oUP4kKh
mSKu8MLJScyzSljAwquFoi89udCYddMRK+H3+Q4sWP5StqeZgeTEqQROFy1D
P9wFL43YQMQ+U68UVgsL2ZQ35j42zhZcVhl4+WVpW653jYjHO17Pyi0Gt1yZ
mcx4OIyZKC2a3zigxZMUttQSF57SAnMLkIQfjlgA/whHLLGb8Gp2QDJuookv
JuplJU6Vj7m8rNfcTR/ADcAOT3qHkiDIog3a8HMvSzkV7ytFOh58H4/5lQlI
QlDHdGYsO1XqsWJ8h7+gVV/z1EhtIAVOfJ46fROU4mtUEZbaUNptpfTcsR/E
E5UWTpe4IbuTm8Qhd/Sd3Z4DdPGrFFHQfES4CQl6UZ9niizjYzpftXoWr/EF
YQ4+Mzs2OAph6lDzDjyPHiC0DWyNt4VLFUy4VOx+d6N3eHs8SHAlhmtijwyA
TlsnjZaHOEtwaDXZ79PUUe0LoJCDM+1tq2tsuDxsyvNzKtr4SCdoX3+Ngo6g
Kp+1szqD4T24B8304HmUfKo3Yn8vRYjn8gurrxKgonhzgcul2OrG10hZt2A1
lzK5pAuZfe7X4y6AXtWhhtFBAupPW9GrNlsmVeYLQeg8qj3MoEt8LNjg1o+n
AvTg63l1LHDHt87ZvJc47dhBURLRV1pPFZaxhrYYgRUHFpq3oVgWELV4YQze
kQz8+bhVOeWZfZYC9AT1gMSsLCxBvnCXuJfXINcnA1f3NNbeK+Xpvk4UeDhq
qHgBAYp274jshesGCqsZ5KVmR178RgmSGaUAl+AbRT4SmYOvTwoJuRVwK7ss
aV4pZMW5XW5MqbLgLQc7liQBPbID8v6AvEIQSwwhFQXvIhfX+57OXMDC3fLx
+XhQIBaR4GpDnEYX0bdAyVwZCEVyg6Wta/aQsKqmwFceJ1fO9KElX1MyP0RF
3jtauwO+/KQLgr1K5l7W2SVF4fClLgEhnDXPFDQPuWL1Tb6GXuN5ztOWEFkR
xmJ5W5iFPaVisvijshVX5FYVuVfThUBrGzBqTFxU336EPrBQCMCyZLblJCcs
gGiyRXcIDRUIQay+pr422306Um6G4NrUxouFZgPvFpw8Kz681qDW9Ao+OGdq
oVJ5jm1l9/cm2iTViDADxbnrFkaA7AMJTazl8wZdiAXA+5STk1w/2l5qhobF
8JU1uUN32fl2CEaUUegI8xoCSa5yLbLydTytZYGuIB+CxQUziOLx9CSp4IWG
m3qQ7yBmRPm6rWdZsnjyyKUnDiMZXwQYh21Vuqh3OkjeQOu3qQRcSAy1U96b
qFohGfDttbKIvJQrqyBmnoOWX8HglqRZGNChdesECm6MWDbAFGWyW1He/EsF
+f343gLYNhCHpqo2pLvIsLi43w1XrdcJdhkFUi2LX68TUwHaikJlyV9vCiUY
MU9dyAR+9CEbmLAmRXQSae0AOGdat/2uznysbwA9uD75lrnmLIHRIkZF+9HE
r4JDHai/1xer3dscKISDRaoYfC+HUQGAOWfelXDse1485b6EHoPST92kcmhA
MXFXqD7DmxWXD6Z2MUKm2gE4rHKgtl2uEjasdExcUEXEIi3WvBNhmhEJ674I
ZYUm+XZd8KeG6AQ8Fh44Gxfl3A2La0JiSploGNtCXkAL1z7oXKdKR2wqFLt5
7rLkLW3RQIj17s4abW+QyDGdlsLfl37QHr2gGg1Ay3MXBL4ZLlFC3AEvGbp4
NKn7rX7kxzEIPYZHV7THWwU49+4ZlmjNRs+d6S70x8MegJe7AbyP6Xn0JOik
LpfBnrRmT1QTqR5UpZmDQtctBESBT9yc52Z1sz115zQKuZrdJhGlrsGAqjmp
kWSUMMs0u4mgRQSVutGaZ6iQ6XyFvaijynevWIwyt3JTceyLUMlkaiRMqMDI
iz1oDU2P4f3qXegR76JU5vakHBzp57iCFxmGh2m8XansSQP9JA0peYkYYmcV
5tZ3rRQ+ZmBFq/D/Ze89lmXFsnTdPmbxDrePXUM6onEbaOXgCEc4PRytwdE8
/WHtyIwTsTN31I7Mqjr3mFVvKSaTOcf4xz+Ww8dwOinTNCEi6C/IdGNG06Wh
qjA0W5OQR9rsAd6kJXDKCR+BdvhQecnxhclNN8XwWfEQPebAk0B1pvPRZcM8
FA9WB/kgd+F+CM8SJzr7Oin+kZEgAFJGrW5Bh1818KP3pR3W55ONOn3hOV0m
UzabT4+YBeS+qas0TI/5OTXLq33RnAblxFsCmMAoMT4UiQ9uviZnLRicXx+8
Vyx4eLyWaO1Jjd0GkKT7k4Z6G4z83sKPw5QJYn5YBLCCZtKERAVp7V3kk7CW
DB4G8V0dPxlxvxIkxTRQErOF80GLpc8FHD4+gZK52N0pIWUAnRJ4VSGVV8+N
cXwbqmdapQ/h8J6P6rIbz/k9avVrXsuE361L+5vdYy9P1KwQuzwKqQQouZt5
Xzafspjxq5b6Kn6th848/dOfG6FnDn0eGP/dGzT3WhHau0nZ5iRW8hKsJ0et
gMcEa4YusULaoqWglLtSOaLISQFetX6krekFJujVSG+nqtnF23URKaD74GPf
pu7SZhUIJajpBXh+nHkbBBQjtAvZd+bMFCJcfTqVoASG86whxlc/VqkdvbZ5
y1zr2cbvUTRj4OUq/BHeVaT3sDQwOef5YmP4zolNHUUnFQTO/SFsLBu364IF
t7QzSyyKqXtiyuRaCR8gXN9vSzbycw0ga3mz0sBg+esNT5q+knM49xaFh/fV
LKexN7ZTeFq2vTVV37dpXWPcAOTO3TmofYxxZbgxS4bc2AXz9AFR0WAWhyJz
lKhHxVdQN2XJPG2PyzzqPmm+f2SPV3gA/aZ+Xuysgg5c2xoVIPeYFl4D+1TB
dDWCSn6gM+wQLF6hB+GJqekNzSkEfoeR1wTPBZgWjCm25huBJwpf8s49HbRu
xCY1q029u2J7x8fmIKrL8UuVru+hP+UdpOsMp7IvXwbGd8Gt8Z41GE8whcDj
MMR3xo08CqRT+YrovJyaR1R7KP3VApO3LugfwqPVydq5Oh3FAZKrZSrsGg2b
8zAD7POJA+rm6ZJbmVGp4JCANXDml3Bb46HNlMVlbzAl08UU9pMNfYAAvbTP
jVmV19UIEeEolOpJLdoQ1iA8jHtwXVbzggsUxjQ5xyaE1WL1nYUP0wyJOUt3
BIDZiWRxDTvpaVPiGVnG3hPJj1yFsPdQjPr+xKhyrz91TUKqZG7BsWweG5qI
6qv27C4AXPChqwcayF6KRvmIDt9Hat5h3WHNDGMVk5pn33m5TUwq1kuypxtq
9rrBDP5Gwd58AG3Fb1oIfRyKeKLb112hGMPCxdXPxIcelDia+BPvyEpyVun+
UO5JkvNvR1dLH/W6NIeAhxDSsO/uTknT6XYvWcqvmuJG0zi6K30/G4W2VNlb
fOWzy7ybEseulBkf5zDFN+/tbQAZ32TtBucEd3tavARHxosdl9nEEjLJqOid
Ip95CtlYQtusAM29gO/X95/nWfbLx50F4I3tXYEK9WNYEum5PLiKqQ9JVt66
WdTBoF4Ovq8qghCp8tnLVHVH0meRsp3fQIZvYQ/AhZBqXLyJiGDprSttfoPW
XVF8aOz68+Czzza1opMpxQTHxqESg+ukhv6yPVeYLzfVAQTGB7RgwWwLfbSw
iM5ul686tcBvMmo5agk0WdAwWg0jLYdz1xgqP3h7tbqzjTE/7By492x4ztcB
qtEbDXYmvA6iEKgaJiyNNOxcvqVmXpfB6mqncliaerDqi/DADITRq71zAKtn
QV4MZqa+CR7Nv2LVFhVk4+6cUkh6fNw6uDE/1RJHrrldu5FgKn8FFXMaMztY
Fgz4EBvMx/okJHH1uxg1qbjTPsEqxW/itRpgSbYFrb4Vjv4oDbWDpU70gUDH
ZLCfSANRgI160XzYmEOuaH7VKLR4jyey56G8BGAYBS3RLv3ZTsOho7Oh981r
WIcAqlvZgGzzNID1jMjglIM4TEbD32RteVPPBgoVNWUQVNc13h4Em++SyMYr
uDzG8Km71Mh9ZrNoW4UAmBtyr+61QXgHTDN+ezXo2E0GHzP/qLdRwASCl3OH
OrsG79nsBaKgMYuJ1XLaS4QE7QNMlCGlZ8/M5j7CzlZA8SfL26zG+kex0qKk
Iwg9ui58Z/SD7lxthY0pLkESjlkbdZYJ8K/MVnnVR9DL1YI98zSfNzCohEk6
W4SJfcfLcFNC5sZpWbMjbb91GIHEn4iwwMKaBQDurRQOsff42WOIDMWR8gQd
pdtTnnkYaCTuYG7Yc6r0oK5bqWy4CAeWctiFE3GkiHcAh6OSASqXVVdOO6vX
OtzcTtUgb1rCD9YnnOGYhuoeBBlJGV6xcz+nY7/fzMV6MoEvMQBS9pxCMlgZ
X+6gOUjn7oZWwIh67BG7F9zxc8cZri8EMT8Shp5I3eiWVw7xHImM81UbS39+
8JaGxp1JfobZxW16oW4ozmyf8P0c1khNo+AMbzl7I8/SoFXxaZSx62cU5dZq
HANhVSPyPiftPJh4PZZPShdUS3hRL9yCn58Ov0nROYVdFoZ7sGuowMEbpFck
ZKtky5kL4AiPF58xC2rOfIFUPqJW6kow6dhPvTOYy7La4UzlrIBRvVbKjZ3X
mi0n1WVBphw+KuAy8aNXk/z5OsEpLGzrKKXwBQ4IAxXKbNUdI77vpcMSARxy
SttAYAdDDUsWNe9ETzIAttdTSwYGeXM5i0D0SfmMu/VVNC7oxvGsdNtWLZyy
1Cudpt+9fE/PY1pVzhNLOck7CqCYy7TVQ0Hrn8pedSIdkTcf+hZs7m+49pBb
/xa0570mZ/G9JFEvtC8FnqS3Bd99yeZ4gBcWYsrm9h1oFvdcD0yugsuu585M
0V6oiKq3IAg6uniwv0yfg9Zo4lQwmpncqm9cBwIcT5b0MGWmQAvGo9OTneMX
QpJr5VW/htftaiu11Na18vxQq/bRPzB+aZb3MG4Qm6fmCjBzrgS7tVhVExcn
faIQczWh+b1LIAKp1ttlHWZEZKFWz9pwtPcST0+70+jZKfX7nfeAFxFW+Ng6
4f45+slYa7ccsYAoY/jDjU2MnwgZW8at8TSVrsH2Tej8wLvBtLwRROzUN+Ah
W6R7/jqYbHjw7efJQvZclt2ZIwNRG0vv0ChfkodkDKFrPao9I29bEtxbOva9
mdcBem+mq4SWz1k5Dx+8RO+lsIto3ecCzpF0fQWtG+KsR8OFjh2TJuMEuZJe
nCjFoOYfEdDSQSxy8CqFHz9gciZFIlEoxtubzd0rfcZDBY2booTu0g1F0icf
I3f8y5XKlpr59RwARwmy73jyX/5rX/vFx1yF+aD4Qxx8Eop1s7c3aiNmc7Uo
k1u9rE4lKthzyN9Lbx4WB+CUdGZGlvVxXSE5uIxXunmWp6tTSMF9YveRxONs
Job7CKyzlMYI4hROlAMInx66CWuAq7/Nm4W8KBxGKWyMqr0mJ0+IJtws+YhB
sqt5x9hC3+rIDLImtZ1mjR/k1bjZxVVFWuBgl/jmvrPciUILzu+QP4Xu614T
HjPj7/eDQD/drHR0Ej6juLIbbDGteTEs/P2RCEUnAJiaMlGwE2WzRW93jicY
FwKKxXqecNMZosI21Py7SeBuTrRZS26oKAn5WmfPyxEvVyAFRxhDCKks9Ieo
eVTHoaSDfFSh15adzhg0iqBgoExAwYAYwpw7nmL7rmX0ZmEdz1cn4MbvimlX
XZA8hYav/roeCHBUktrlaoapypxBBjzAcdV58Xbl9KvySU2Ki7YlWxiQlr7+
p3pjDrFLd7vGD06KQEW42fNtecZzLAdvIrS0tCGQmvDvYXPPVGT7nO7jXQ2x
kBsOBpgqTHaEVe8lO4xbF1N0y6iPx8dhXruUItgqD0+cqgOCk5PRA+/8B0QR
3WhYvQlYKVCA0Z6J4JZI5JkVBtdLlsIxCXZUVC35NO0VV6uBWuGqkYLrqSJ5
Z8Z3djqo0IU3CY8aGghH5DZ3Vh2r52I81i1ya4tZJPFT3lL0bqvKvW62qR5V
E4p0NwpcOrhnGdhBzdWQnwMBtGCW8y7RtnXhR9NLnSsbdZ/JvKAeiwi98ig/
RV907pEdkfgeH7VQR+DQEOCt/pDJRAMZ836qRuJVBwfH+p0kX/7Idknm4DW0
ThQ/p3q35Vf7/gzFGBdlNrPvPPFxz/2u1fcPARCz+PDfg9wEXdsT/X3aOusK
zuPuxmHAh6ipVU4jv4cO6wkxcBLXfB7wOIM5FJEGNUKAxSE3cSJJia5jMLkP
wjPg3ICCIflBkStEXoUxFtPOSSXGf24alk/nu02P9TjHntJDAqD2cO/Nd4bW
eaM7FPvubjDP5y7dSNDNm2YSdm/2evZsKTsF+7DuxnN5dbck5CJ19rEBcG/O
zERew/XsO1lrTia+jl2cXri84DA0oQG5t/WFmt0sFELpxs/tqcjPNFXbIWDk
F6B9tieUROoVVAWDCMHV9VvKDtJUI6RFUQtjuARFC4oEE/pcChllozAZ/Upe
H4Ucgv0BCDFVdfSnFx9OhAZkzfsq5n7Y6pIUMmtd/BjMkljlRhZxmydmUHm0
jNnWRqknyWPncoAfBM+nuUrn4lCBfXwC30OlVJuv0xX0dA7jow+E4H4wiyvy
vOASbzUw8+Z71cxLYeECmuFfZRkeWPLUhYrSvXS52ecDEmCVVoNDuKu1vpYj
Z2dMO6r4I63DaA7wUDVeShKtBMBhoxeVbLy0ntxbhs4w1oHe68QjDv4040KP
iaU9uTQ9lqyWJtxufTHyynSuFoEkugDIpGzyqjiHuRa8sedr5bTWgHZBeM16
dQgNe9zPLeav1rxLkyn00OFY8vwVjlXMQeOLA5BJdlijyj3fKrsXL7zn9F0R
Cl5CMASn9oqvWZwI5Idqxfbm1juumrSuilpkWKZ/RSoQH0E4yRRU4iC0gCZN
992GHBgyJkPsksF89qirDYnRRLhUNdmjrMgSfC4ZfCMhBPMZILDYeGVYF5bp
Bj55o+TK/gUyMDjKDz936JuVn2PWgNsmhOKTu30QDz3GB5mm5sd/QDoQHrCc
mJ5rtEK0ejQXotxKadZlIe7Icq83FK8M+ZWhYofoXfJGwdIJ6GY0UTGLLsUr
gMA5Jz1e9+p2KxmkbVhGvBo1Gz0K1VUd0J1ZjPL25n34zad153AZCKSkN7Gn
6Plj7yjgQHuW2tSQzDmKhcu8Ck8vq8TWMCRyo147cmhXBQh7KJXgqfm8yMKG
fAbtGDu+3TKGBYT7Li2hOqAyRapI17sQfidwRZIdw7nV5+HMztqXBZNTEfpu
PbSiRZ710cPVk9EtgwfQD280i3VYhUXYETijPfEOEvhTa8JKbTcqifS30Nhe
iIonIfTu2bYvS4LZe5qKJ0Y2gFDC72rRVKaJ3IHN+inaoAwUZ8h0X82g3orA
FFdqVK8UaWURZTjDPD7ti1fh5nmu+gRY196pbjjpjmC8UVzkbCLV7zqbM6Bb
oOVOilFmPscdGUiWgkUowz79IcNGrshn3WIU4LzW7T4R+ktryl4nwe2rpeIf
ry0tECW3iZ7lxyjlqOYjylFJxkRBkFbuoSPfRJVyPIC06p/vzl9svn1+riJt
PO2hSzHH6rWocU43u5b7vfi9x93idk/u4Na8npipI60f0njsA4FRSOKbGOON
nbWb6e/7plSEvX82QUNDCBQyX5bLq7V4UuJMYrlyH/WXHqfwmoIUk+xAjqts
Bw3a+oyE+cuJx67aGMhZ09yQIfSSUwdJU6vO46ulUspK7zV4RkaIOx/bW0MO
qN6lEDDestXSqdj92+U5PBcgs+tMlijehapjifOWiwy8R2Fmo02BZXjUWe+l
66CJL4C+uAf1yZ+0BtK2gZrw4oCwjihyx44BeYmh4wbDhk1wQ6meIFJ5mQfi
TfLIq+0M/EYH0LuwfrwqULBH48nOuzD7nOMvVZ7aiOkUd2Et8vkB4c5RdO1y
nPFMVceOcUjShDWG7ECAex9Bv0dz2gq74tXKWJMeR0egS53ebR0O9YE4vNrT
bAu1772EdZLfnHe0q5+Ha5sKkIvqml5e8X7VByMd4Wi59FEKqsPyEsOa70pw
JKz0PHPCrmgfho5Utl5hQSluY7G4MgNP9tmV5vM1ZG7ppUQUZzyvpYKTgA7h
yHRoREEXslcoDqqcei47i91VrqK8asJSu9QNgDmbOeJpu+q28qRZSfngfdKt
j5qO/DJjZX6sJBUPpKjUHCuE9yW0w0Qwj97OaXFiGKBtDl0E1YQxDrqQkrcz
8w7W1+islbZ5Mp+hcKNpok0M1j8DWAxFWjQVv92o1doPpUKBq0FIVlrCGSoX
MLLoEIbe+itOYQHW0O7eQJxnGuEV+Ov96cc7ZHN3N3/O+XO1JsH2IoCr54mh
xYSoXA19j6ESrw7e2IEtH/58ty0e8t+GTZSSOGL9QlwX4pcPZtlaPc/ibnoC
hy340fN1GQckVWTO1l1kzPaT8NOY01F+yAXLu8NxyPKqwRIJqk98VccS95lK
ujCTCFhN3tD0aWeYqxVwn3hnIeK7lkQDobdMX+UzTCpsRrsVpR72EX0euk2q
SXhQy7VFHLoDOuu6Q0Ql8X3MuEm5Dhplp5W3XiCjtcdZsKLzy549jMP9DA4d
lKsZ2TgHecmwXqGHA4vJWfHDwIpunydchi+Ps39uBOnZd5nWr9yhb4trBzlq
fXreCFitfL+MuxB8pG5aLvUCJASUzD3w6tudxaxorWfTpV23454udBTkQ3Vd
lbsMqhI/6sXKJMqHYs+PaDQJeklUYmBKTRmR9BvTStjlIdMvgNItf6K5RDio
SvhZ9PFUp141lL/TBOrd3jNDj+K6ULdirzgQgIJ4id3mHQtmuX9WOMyCVEuP
+lEjhqaVKvb2OikcLGVsoOSJ3HdTFOlB4C39MS9xGgPxwr+9tiBopJtv/k4J
bQ3TbGD7j2kfr+JqD3DYvRoagrnXpvoyQl4tjp0t4cpJ+P1yKO8EiUCGggth
Kh7FGO6BEDYfRzIcbyMrxbhxShDA8URcVX7aIdC0LMWjbCuMsgNd3ydgkKZx
g5FX8hbIzq4UXdLteLrN5XtZ6o6GZPuFg8YU3csa7BufxEdEkAfEgPPZZsuX
Dmyr+PS755gvfa4J/hu5knM6YtNdnteJ1k4y6Ntxo2J86IbnFtriRn0KqRPg
S76e3kgBBEkT0qK9YmGPMLsPUNN1cZEflmyE64yzG39fF1e/tWjzIbEngxbv
q7UPislQqYcgRQCTLZlVgrZMYyDhis9P6zfTrhf2bqPG4O+BIbAQOddHNWi3
qgB7A85QkjajQcXE7P4AGI8cCuHd4j7MOmxiqG133q1ykLRzOo9nggdNHgUs
Ko+72Phvzb+kI5FrUaOyyMAdDTjnfX+wXc5cbVRizrtQ4nO6kg6NOaLWj/r2
QqhL3O8PuYR6cYh8vVInAV/2ZFznE9qBKA31Np9mHglf9lGzo3RWLRXraW9F
m0rLl8uuDdHsaZCZ8oBbTKNYZilcuBVbrw4iB46AKXWZX86ocPI8+5Cfq6bX
vLvzCArdbCd1+JWrU86fKlbzhuPs/Q616onR2V54HgYgonlc9UuAcgP4qB+W
B6fUiziVhy9AjuTWYu3ytuo6l+TVQxb4vOlRukF8GN29+65kAtUrtufo7eRd
E2gd4ZWrXbKNFKwDWT6CYeqlWd/6jC7cuO8h+aUzazIlt6iLlNClZgbIwRik
HnJ9oA/11p6u39YIF7OK/6CPg5GngyxXxzvVeeeX5+dqKS8lQvUwP1ap6y9L
AiyR9tiM89MWDFOwn2WFg0FPIJtVlhuYUoIOZsry2rbtxfvK0NGr/q61kl3x
4mZaFPi8srFjttxIcnj0xDT8CktkUuR5fqe7sDoMn9PZ0OzkUwL5MHc+fL0X
nUrBEVyExWXdAO6lqp9ViK0OhJT5mc1t693mQUI/0J1bspd4R4kCtoOEp/6/
n3z+89++ef3/NC33u3uE/39OzH361j8Qc59OxXEC/PoTYm7L/TNibnOyiqK+
4f9MYu6rFc/Q/8Ysm+PW297yF/3rV7pZiH6xRR3XIhR+/6ekyf94tIb5eur9
dzTc/7NMTeSPTM3Bi9EvRpjYfXHDvh399/uDPY9VxLCJO+Pb7cDXbv66xuq7
RJzwuprUQb4x+n6SKFz+Anyxx75RxVz2D9fotl4bBuoX7a6J/2TEa4TvxvzR
iH+k1v5vwu+1Dv+c8Zt/R0o2uGu1/xk19ZrD99xUXy2uVfxG3LxfV3HN4Q/E
5H+k9n7PRDSlH9IQ/+Hon46HP2X/Xrv5T9jKxvMb+/c3svKfsX+/VvI3ctgP
2L+/oxtfe6IIzXL3fl2fu2evvwCPH6zxn63wP7Covyc1O6F/RW37Rb3zzv/o
DF/cvj8/x39EEv4FSDh6joKiCfnvCMKtcoSlQipSsZmOWl2Op79W8Fe+ZwnP
r0ptvwh4XwqDiHfvt1wj/k6qtlB6Sb64hRzipgH7ld1z4u/wNdIXkXB9XV9f
efMVk4E9JK1LfrGgE/9WvwL1ZjoKGj7z385ntC7+b7KH/4Sg+kWz/nOG6h8I
qn9k7n5jbF4jdD+nJL9lvYMc35Tob0TfL8bqj5m+P0P0/dLqHzN9f4boe2X3
nzB9f4bo+/s5/CPT92eIvldM/gnT92eIvt8y6x+Yvr+rbv8hX/OLRvmNsLn8
Pf6Ur4j+VfGuNfih4v0Wq9/m8E+j9StWv5iZ76+MQ4srF4wm4eEyCa5YCYwq
8uvy5zMrbsUlRsMvQq54VaA1/IqsqwoZqPrFFmW+8YapX8+HU3/n7V7XCn/p
wxfT8zcuL/rF2rXAL8p9KNfg13FXTP6e8fq1mle0mpIC/qzyfUX1H6vLj5iy
PyLKftGLf44p+yOi7DXCTzJlf0SUvTTqJ5myPyLK/gL8LFP2R0TZbzzLn2LK
fkeU/U1xvvzk/x73K4rCtqm/zh/5V0QH9u3KsvXLz6V/2JMrXmQLvDvw1xsY
JPW4n3/jWX4RY0sK/DGja1u/jvzGnq229Yvy/EV5/xZr8NvfwG8s7GfYPDh4
/q6y/JO69at2fPGoflWPn8mDb1n/fP2BW3+N4H4j5K7x1059qwO/7dQ39Y28
kHsiKqYLsxyi9Dcy6rMxvEjwvBD+IsVarmp/46V6Hm95zddf8M+2cXTh9u2v
X7A32Z7ou5V1JF7oPrGitL7eaXG5VfeML7V/+DdTR+zN7eJDl+w9ltTW8lTb
9gczDa5dRJrFwuyPLczLqzX06Nr3GBMnj5uJhG+qr4i6futMqIMlH/+adYwm
R9qGVeyFRixsR9RSm8FbWIg0wqX6bNxOnyd60xxpViNBbH8BPJF1LiUbvr4z
vEaLuxhL2gHVxSFwm8S4Y1fuXrNOWtsKK9H2K/Waj3VLZXYL+QL7WocvQq6q
uY2L2IH6cdqkC0+Y/v1ufuMBjxzHEq/te97hL8CPHs/7Z0/nfZHVvucd/gL8
O08Rfj1V9gvwV4mH3/MOfwH+KvHwewrZVXn/IvHwe97hVXH+SDyMGqcjSkoq
cRzqGY/pblLH1bgpy0b1cTLf7bq0MXBEU1ovenIY/wtAnyL3cbASNyM6zOWD
uVkZpfpY2F5G6jaSOtV3YUteMTZa6ZsQXRkvUUmf8WpKUX6cfgEQ4pZ+uif9
uBl3MWtkt3LtOMKObhRY1sP5tujCgUr5YsWuMA4OrjLkJ4U6BJ9zdhpeGvWc
9Rg5DxDUd6sZk472w3vxYB5DaoSadLWlVeodICXWx8lhVQBZcQuGd25s7mPB
brx86WR4G/mnoqCmFyABppFQ/DD2YmXfkdtANTJtyXS6c1VkzSGGFGxfeTaK
HLHeIVNK/csVEw6X3ahkGSHmIdQTx/jNG9R5ypLpV0VyotOOyO+Jh9/zDq+Y
/IvEw+95h7+9oeWniYff8w6vOTjfEQ819WklnmAqzCAGG6tAfFeNkEFhsflF
PPyed/gL8FeJh1fUsU5Q5t1dODo2utSe11yC+vSwPR2Bz5h1FuTWPT9I6eOT
zidM2fimCF/ND51B+fTYIXmmlZI4Dzb0qiTqfwF2Asf5qbw/LMHEX7pDHvhI
47YoJm1yCm/+/trpKXOLNXnuvPF49PJ5w8wXzxb4KeBG9AvwQcuOg3nQ0wlb
4g+C0OgG5MF3Q/kVzR2SGyPDoBuune7PHDyxLX1DKf9IFlBEdW++Ks7VdBdd
CrMDIrnP+gO3Kts3OZE4r6ih5I2CGEMeDmFvbgSrMuybxPF87NOFp1+OXGna
LwBOg+OLo7NIbC2w1Si4KRCdthNDIadP1cF3bVj6N7HBRBXZp58YaXBeqo3O
7sB88NX+BSjCyuMJ8XWpJ3+eHMd80vwripj8T8mDvzH9ruz+RvWDReYHjMT/
iJD4jYj5p4zEPyUkPplLacUN3h/Pa7yK2f5O15YY6lLUy63x9WGcvynr9jj/
8cngSyf/5NngL+7y358N5v/2fo1rjmvSetPVZzRfD6Nfvf8/JR0+OMaimK+/
4HLt6797zHw1voSY42J1M9qONuvPq4er5xXVGbfiz4yBhuQBafchfKsPRvjA
k0IyVfQgWURadFdUU+e5NFFrZNzGx3z9IjDT8q/QUy4HMpHS7m3B8ileSdhE
3q2I3fHyULW5pgnPxhD2OXEeSicxm0CBtHRxbhNQg/EJZKjnld3GA0F522P5
4W3iqsjTxRRTw4efB6kVa/KTwCOVj12xsz5qh0x6H0/1oUcHZ83bhIxfVO+5
Nlgb3cLgpnBVGovISxWLAK8+nbwNUCncpXGMjCDBoBc8SKQlprFBUhihmGaS
PfWrQylNGxxS7lOo4XZ30u3tB3c1xTx9fa9W1bP6ILyaSGVdRasfyGkh5kjD
XdVM6v2xKfwXIZVhe1xadUWavvTxS4OEX7nXnM4wm/gryTpnWWbjqy8u9/D3
/7ZyzJO5dlNnf6VlC5Z11U+fFX78do5N+HW05hps4/KXom2va4TLwMjMZm38
r1ps/kqstS5/8r5OCP/K4s4tn2Udkp6O427DklAcwadsxprln19vqgnb+GSy
X/VZFySe8XPWsXXlRrF7rA+QoGqSi0ptHEfyG/aff4zAr3WA/xaDAhPjbWmM
2WOM2EHBMpAbVL7Y5yVETVquLMECV4JNTFLSVITuImXC2MsNqo+EwD89o8nM
cLVnFO6thxf4Kk2LekCNaOha+i6De0H0THbG/dl2CRFEni/neCor1whOj5Jm
W2gC0jOqphX8O3kLcRjcUXBHPDBZpKP154iHET4Ml1p7fcgoP+SoKAO7gzj6
qlkHdi30aEwHvcNZZVo5AfJjNJfWoJ+0oEQpEXHy1Vw9StMlFbOOztx85fWd
v9HZZU1+ASS5e+0TIhbJgzjDmhaoc2tihLnnYQSVzjs+y2mMawMbpbTg0Qkh
Kr3YxCvqZrY0wMs/cHxuSBAPj8fz/cKzXCtTV96hWV5OdzrDXa0kjsm/nJJM
XQ6U/YIQ/J5BcI3wL1AIfg8huPzkT2MIEpYNujkJaG6M1PixPvFoIq6aNSbx
lz6rfyfMX36C7aX6SpDffyJR87o1ff/UfPzHTx846/LLe2zolbDplbLpz3g3
nsxxOdT1j/xZa7+6wvw8ifNzPy8vZ3YUoTT5R2pJsUjT9WYt8dMFPfWyo4ry
YcWa+iErwVGeV91UO0s6SO59c6+AdfQAa7vLTT0Cql2j/cB62BoN9+1KhWGY
mgLfFf+RVLJ7R4WRAmn69QuAgv7qdVhYMyqpiRBFVxG24Maz3BYM3vwpIfk7
OSMnxausRqjLEb3wfe4L1/QiNL+jlyONZrPfuBkObrZINm1ZjGHHS5LLnFV2
H7xJ7A7FY+6YJeHQ6hMwnYBR+gDjONnO0y1+ARoBxgpsHGSN3oLb4LNGyGVJ
WyWBK0axC2Z6irQSrVAMIusvmD4r8GOcWN/1iqz66jUHkfUddB41NPWpg8ug
uzPS+q2mCO/9rMxqrcyTEsdlOJecu00us6Oq7mbuY8QZuvDBKzdzyhQe8RYJ
6euhJ06qbV/0q//+Tw3/22ixP/yk8L+QGPvHc/4FauwPGEH/pYTN218kx/4b
oKBf/g1S0E8ha38PrP0F+BfX+nts7Z+u+h/xtT9c//8YYvvdTvw1iO3vmb3/
1v78fqB/Z69+mqr7RrN/RtW9fvyfQdUlUupvA15f/TVC7r9GMv0LiNrvReJ/
MLU/yfv7SRrtj3b8R2TZf3XD/wJ09q+xWP8YIP/DY/3rkfJPsKvQb9xV6C+C
V694+jt49Zs6/Q949T8NvHqt538nePUfX2PwsyzWJo//38/Q/A+N9WdByP/P
HznI/7WoVgSF/7NQrSRKUv8aqpUgiJ9HteLI9xjWf0S14r+byQ9QrQRG/R9G
tf4tMf4vgrX+bHfwtyv7b+C1Ev8yr/Wnr+WPb+j4fTf2rw7xdXtr/vxHfmtu
PjlO4f/v57dKWcl0zxsq4MmjwySu1/Zh28Nb9VHZIWuHAgaBJYXENhTWW92M
SVMx7PZ8vI0wxFWXe58rod8fChK0HQjDjkWpwRDgfmkVivBY0iqLFaCexJx2
Djnbp7H1b++CfqPe+uSwNrBF+gHib6FOBzKJBwIu0QDDqg0T0E8fmw0SJy8E
4LRX/IjdUhkyOl8cWDXjtGNH8CGpcnUne0zmYCQzrh/jwRyZUY/sqsEYmLs9
nh/ZuAO2tNX5fEhEsCEs7CKg1kFP6FPXbj6O/mcDNbILbv5suj7ysXKxd2XV
PcMdygI9Sx8psPmf4130OFH5imOI4M6Xi42ADI5QlABZJIjbqqfIvcpF2Lvf
SV2o/2/lt8YjCYqJny0DadM9gfdP3fpiawBhhfGPe99xIY3OInM4RxS+wDe3
MgS03qebMBNYjAlP/xRNUnZfnVix/ON5Wa0uZM70BL7u5cICL5T8DF25VyHw
KWJrcTHe5MY0herIb2YFyQI6UCbMSmXyaKcK6ZwDxURfpzngBb6wrAjm2MNH
lsxJ0dJbFn/nxZ73S2l6AlbP5MYt5kak9fLwU1DqPq1CjX1BRmJyAmmRj6iG
KMyDdoPVkDz4QwaKAW4wVXq7TvCMcDfGkE48I7xlw/lwJsVcJYMLQ+fzqFzg
XuMgkR5yD93Ge8CLheBIdgoHbkp4DnNihYGb+SOZjp6BUShtc5smSY+forVK
vS9+q2z/BL/1bgxnu7GCWoD5fk8UVGqRo2Xy4tyA9t5VJk/XOKKFd08CS/J+
MAqCFFD2Mu196OxqapEQ3f1C1iyrjTtPlDOoPsaQj2+ZArgJ5qRdz332B5nf
hTtz3zIZW2HixqPC01Cm4oS0fqmafdqcdJ5j4Xa3WX56psZm5w0JNLtzR4Qq
yv2T8Q2spCkO1tH9TpB0iNh3jwUj1KhOr+AFyKjnfhFZyxlv49ycK8ceMZDM
7NDTig9vEPdgs5aal9MGuQldou61kzdEWyCNP9SsExqw5SOTuA3Kre+1jx5H
5zMAXvez2ja+BMukSMJ9ibfFr66FztiUfluIfZu7J1xpS1zQxZMltNBn3EsP
FENgMEdxVKAQlQx8vwScitlILBzdBdE4bogx8cVTTZcZFKkrRzlyH6Yw61OZ
w7ogiCXBAivM9XvAmhOcOkysbXayJdw1wWtUvYSHWUADW8LCUe9bnpo+pNKz
Xu6gF0zlVRuuKPJgrOtkQEooizvkUGM4ymLTrPAiW473TPTa+YnaCwrPWmgZ
ZJ2ujeaY9SB6yAKVaqaJbvbqXoDWm9LHd27y++CpaIBdqfXkIai2uGWIqEs/
9Vwn6cO5Yr+vMyt36fUhmTBfzcZjBU8OmBeacJwWiwQGQbY0eyMKRBsls+XZ
ISYZ8n6qgrtmeiDY6oPzp0wqjpdgHbc7s4+wpQPDzSZvbv9G+RsXGX1GuscH
7pHzRUVREiLwaIFG0IqctUOHdOs+er4SGHuAeZ2/8fcXLXGJWrZKBhUTpEGF
HD1p6ABfvfCh1ONHhXjYTcW60XXuPX0yu+EiFnr48a25baW8iwogPwNbp64+
DiU1rhQg6I49osWqWQUzIhOdUWFh12USpJlzHNad39SMjuHuQ6aDPRzwDcBa
D23dx2p7b+dwbnwQIduf3gSZWugK0DP2nYA2C9uNIw27DCbXI23ofaKqEZN4
BXmgnm3IiRYETRbc8V7pCevaM4aZ60Jdf9EMOVkVSlGX1JnvN5Z1BL/rqs4k
ebtC1nUVgVZQtPS9h2d6Ce9WyMb7s3yq6JwshpaCwBKaoKVzf9VzUNFhVgZ1
YWjd0yonCmnf2AbkhZl6LO3idi3NyOOlxftiE41Vr8FZZO4tNScvfZ7h2/f6
Yb9txuf9RqnjcBMJW/r3A9AXDblzV8w3tvNSYxZvotSSNKHTC7bbn0yjeahK
R+5lzfyHFle12TJ3VM0qI2Y7l1eByM1h990Y00QF5CkXz6HstKMWXmbZRW8Y
fnlUjrRYU8/gteGIPnUUvtBPR4MixMNuHDBOaPV+j1XkCZ2HsLrG1pQa5pEl
Ui/GNdP1Y06HOJwvGnQyul7VfSdP9vCol83ZrIwBqOm8PlwhPvqcKIyITFpj
uPNX2n3C3CyVkUnTGBfdc2PVMe4uWyKH7KtEa0zYRy64OYDIb9sBN2UjFyif
Ow223Ea4X4JQxbqoKFeOVp+Dqr2GZzkI84OHNdoLhP0lob2FUZkMoCphU13K
ZinvxwYalazc8V33zD39RRCWZrxqVSeedIsMfluJOGynYFxpD+pKFhoZcWCu
bjfoYxq+Wbw+YzgK9ppEqAcrEXls98qcP9YivLW7FzTzBGu86hGXdAwT/HmG
QZt+APGN3Sttf4Yvjq9y6SEqHPUcUokXONR7ukh+vxvgc6p2NJQWzh4/ynbm
yaHr22zeydYCHjajgWIGydFj4e/SlcrHc3izUt5q0+WEHKF3sPAOxbjyQOnX
VjTCYToNz+vB6E2GQANUO75NYmnR8OsVucJptNQ0mhPut3sz4MxpiAd2hGZZ
hCnpeQ+0+BQmWz3unmdQaB4vgPbuHkWR3Z9vZ12dxEahyX1b9OCq7kh5NnUb
DuJxSG70EJhSUNKUZKUDZyr58gqdj2UAdd5GIb1MHyR3NPuQFfNFdUaJ1SgJ
2Tz1Xl9BPfu9/QjJDncv+8e2HBluwn3p6gE3MGA7JQbyoywDP3HCNZSz9aHF
9fF26HTcLsQca8i7a7xjwH3L48ex2aNaqoNEi110lj5AQCaYDV0d63qJYxg/
Z2WKH6+1ekIvHqJ3mu9tpB55SX48zdtKd8qhLbaXrc4wmdHJKgCqxGGFJ9AD
R9WXwphaX39gGiJ5r+rQ4sFPN1syfHWPOzRnqSwj9deiW3WH+sPpxRIH4Iq1
4DVmDnfdFBecZ94jNcpQkK7laFLds3Jt7j2rL7R3HusLRv2DrhlNqkZQPZ4z
1gA2ppnZkRhVDD7j+s3viH3sHyTkc+URfbIwCtvBrw8Mu1+O/pE5KIs1U7lT
o1XON8ivAEpY7+Z5xczcY8jIGw+SEQpr9Xks8u57tsmxkH+EMdhUdjZ2GMaf
Gcdzn7sNBugbLAPAJb2IoPvKd9o7sTtd8Lw/z0i1YWueVYxpbTQ37hPnyVQ+
1uaiUZiBe4dNUYP3XObAAyKUPGt45liYZbGNJGIjMFIJzVodfZLp1TOozT2n
157J31f9mNeIXp63D/ESdg0v4GQHssnowkX++Hv0eL9x5nClkoFOXV7Ke8E4
zwVz08+CBdCkS8Zrz7GOeyIrnQ7pDaWfOg6kAUFswguKzDukTzg3OIGWbQdq
Vi7cPxZSffJXXsUwFVtjxUHtLijobbkhlvZk4lfhAglz9hvMUNwgbCKyaLNt
Ru6NNfWeSyFwT8xmDwznFcsf+JDlUN0/j5qDMV9VWamJhATQwzW64b1u7c29
2cN0jtDmIxLEqH/MbMAWOUMTXCFldMh5ob8fucq623iQWNWeelm+gWzvTyl+
a3IiwF521OVh53c7DAryFKY13Y9ymkioLSyl/oR1NBjlazsdStPaeCMfQQLk
2u5jSWNJeB/dUg3bXnrOhPMQ7Kn+2a8W8x2/yif2ZqM5iyBpmde7o1ZunyO1
RkJ6AAgIHXUMrWqsICp4zCKV50SDQ/TH7p8WgsbOVTLm5eMYxthwjZMsUDe+
drRCHa7uaxsYyXsA6yWs2kcRk1lZsENVrw+r8h9UnYknJEPC6N0cP3qb7nZ/
6+zlAl0rkpsi7jP7Buz7DWSd9+UE9GMzoKOVxeP9Ac+M24RoSwMB0/cAfu8G
Kml4tzuZTxpNJSTCCJnltt4AqdOVhMGusvx47kFovnLOkQQwoLFIKVu+kA5H
tslJnrdkJrjsdaxc5xJJ3GiTWO1kAnS2XW3pHDZn/VHhQvJfQldGN+GUQyxL
p1FFF1oNRJZlXNU3UrQL65tTEWh93rNJiN6Az92mZslf6CPPizc21rrq03fV
pmQycrE2BT+SfUUzr4/W8XyfrtklFDhk7DLYrnG4OdDSmnlTTbbjA2qCeb8o
FWuwSv5BK407RHbtjbNt7emnY+HoNsrPnkRGlG3fr17pqGoDxNsbh12meHNw
veY0o0M3jb+fT8chIZ4TRd7+BK7v4wJeP0h4FN9R8RFbKWzfbKznZAnsYEGC
154Y9iFYWy4M04svOb2LyKXME6+Hex5RapoNzI8gjFcjh6ENlcAuNmufEaVu
wAILsvXMBgm682CVij4s3AbXFGEuWzkiLVoZUWOjZ8ndXzP8JagGVdJV8dqb
TeD8lw1w1/LTZlPU6jroK3XjF6Sy3FF+yzkMbZfh72qTnCqcgE4UfvmSpxU3
bAn88ZxAkkwjYCdVUVtLr6fojLkX2GffP6u1kHfvkYzOowupNJyDMXorMwrW
yO2B8C/u2F0MTd6VG96BPNvExOkgazISbKUC0MkhkL6provyZbEb5qSFsJQi
D+HsHtGut9RC2QfpuxilupohAUjwkePcDelsNFeVS7Pwrj0JUIZY83W/BW6H
H/vc7jcircrYSayxlanxlcdo1xFvA8QB4ZwYSq/gN5Odpc3jk9E+E2jwncoX
d4zWiwpM5tYIHKKegqHBHpeFwcq1cbK2HjDwar5ze5CWz8bCtgyl0XQmtefI
r5yZWy/lsWOVdm/gva2R6PeJDu8bTWoagsrC5c/ViNOAYTyh1xrFyCgQodPC
Yn518Po0vOh5vo8v1xBMFZQXNOLmx16+6N6Yel+soFrkwhqvckBB68JPi+2x
jfS43bjtwQdmIXamfzUYRfo0upyAz9TIzFqTboqmPFp5mPIbxIll5YEF0HAv
ri5dl77TISRcOxEwGOJZPp/ab3FsTKXnrBdEuXj7/sjg2Q6Vmb80xcKx+0y7
xRMwys2YsJqNLdr48i6zolXtPnZ1vCFuMIjn/S4vpoDjhx9eVgKGuqsxvy8J
hcwvvnMKwDcYiThxU9Lfm6p5uJGaQieVoMzL+yBQbY6/7kNrgGpPJpMd0ic7
32M/Og4y/lhC1QCLtHl3bR5QDZ8m0TEVvVWsKn2anOffw9e2yNbutzOaFXEu
gdLlc1q5qth0DMZsTvMFeIsBIpe93VW5X3B0RqsSRgu4tZ57n099G4ABgbhd
yi2U9yj6YnwcVKocoqbQQymqATCyNYy+yupWNhm80UKbM6v+wLU8uMF99uTg
m4TlyAeEjKC/9VUbBza9vuUVC0OrYSIPoOtudsoPcwiYmxMDG2Mi4tu8TPkq
9JqSBJuoimat4dlhSFGPm/yMkulxcpmmLr3UlIB76FwSm/2uZyS/DQF6j0Y+
Fpp8vLtnc6p3Y/4cVybc23fUSVr/zP2bwp+o+mSVpE8EoFhDh8QHmXm2UVUz
+1G5iuQPIV9RiE2x1AjTxQDXT9dCJmt4z90aRgxj9IgVR3ok5UAfEw0MlVRO
yyBYO0n4cAaVB8EHcoNGp26swPMO/uEghcF9rkKicwEPlYwioEGth84KENjz
EJe3uBlUrtEfxnbevlAuZ1wvx76WTGyScUvMk7lm1r07xpO7lRPmrZRkfESz
DoAzuLTzLt2pKbc8qoguM4HLVaqxHa1u3RjmUFfcwhEVbdWdZbIOg+VGancB
pKzWQzwamLtSRWAK8apl7F+vSXyA6lBVnpfudC6RM34HXeZkpHIB77Irc/cB
ilwC26g1bRiiuAH1NuM4nEPhLV9YirisfWFY2ps40kfy0K9mvT1insGwJLLW
iYAR8sP3U6VVuIs5avkZgc6ZGhQlTS5HieqZGju7y7qqEI5Ga3eznENNYHMP
zongFaFDkygcJjKWRRIgyJhN3QCfZTdXME8SusnDAlrE6YOC/rR9Gpt9Hfo5
W29TCJqcdHwL3Gs73DeNBFGTvZvQSR06MImZyIaFR137JMH7wj6xD47Xeifu
L0rqTpvM5OB20z/Yk/NwdKS7AA0eSZvKDGjUcQmszsI/Hugm3zL6av51pJ/b
vCjb4r09HYg3aVQdH9UWypZFa80mE4z6CalX4Nx2087gBZBY3XKGXsRyovus
637X8SfkBZ4QfQJmQJ3JE5A7Jmhtu3NLNWqJoILbnkFMUieK2jRAPURvWq+n
21UQ6sH3A1S6cpCoKLHrbF+LoawDpakS/UhCsQcpv059xuFu32BV6TCoAkps
L/pXf/QmE4YH4ZQ9TtTNVvlZBweVnfqPtMlt2VY+3jbASz+i6zX7Xjz9J99E
2P9i7756HEe2BVG/E6j/MDivxED05mLmAhRFL3ojkm+i9xSdaH79para7LZ7
d9c+Z2Zw56GR2ZUSTcRasVZkSp88YIrZtDwzQ3XeuVz70o0NBFANWdIZzz1j
mMF4ql97X791DsqblRnnm6a+ynu87CY2VhhQ5E3jna21lNQHqHrQOK5o5vho
47l3F8ojuI/UPicyV1CekWPkVxgar0Ulv5Bmue+7AijgVLJVoydcx+W70N/e
QdI8veUWaUXsuA1aqxyFgpDXn03D8+gcfWk7a/Gu7hagUxwAzWSk0CjmxkIt
hexEPHFpr2dbvvoUN3WjpbDa49E/kkyGcLzf36iW321GVp1zR91blwZIXY3K
CI/TaIRheTrB0OrckPh9qsoyt+Ulce8GMFOSdx6lRq8HLw2tk4g3necgJali
AC9BHfHmejwuqpBjJMdE66AncKwGD9bhKm8tdp7qukzR4nfucWIchSSvhQWy
oG8hHSLgcI/bIZJdMJuFREUy7GyjjeZQ9ei4AVIuItdoc4AsB4EPdB2Nq36H
8IIfZ0ed5OvVA+6U5E7GTrcYy4zaJINL+MBGZV8vRyhYbbxTpFuydTspd7et
jkI+aw+x21t6jE/4MTzOPZOBt54CK/k9trDdehnZioA3O1UPbHVLClp569Jm
4ADyqNFC4ea4xCNugh4yoUhM7oBwuwxa5iKwYFrdrUf7PoJmpI8MTwk8VtFe
KHphcGVdmRuNRgvMNJe3SYiXI1HX7VjfwHOQ+/zy7g3q6ZmuuNFJ2lrSKxgq
+E2pEIIywXFbvSguE8lB5uWlzagouZW3uOxYLgoQSkQJIaMdaEgHBqxTLU/b
IEBaOJh65kImlXubvCMM5igN+/Ld59rD930hHn7JQuWrBGAEu4U5WEYTcb1T
nfiGhx1GbtgeUZqHD/llCy65cQlue3sPBFktXcEVqhlFhTVMCDkBBIg1s5sg
p3UQPGp+f9yOq7soSQEdYkKFXnKZ1mKjkCg8SOs2bsF1hqXDRfuzsX5vVQak
nOg9fFCLl6eahktxV56FxryaEm5N0EoDdM0YM93Rj/MdnC2FyAlzH5TrTX/m
KXOjAIiN3YwIz5qAqq8OHLTVp3EDou+gkAkK+LjLwd67L0h9k1LD3YJXYiLU
2K+11SRXMHoCzYwkxjO2RGhz8sb1D1g+qvdw14PZGDIeks054MWjdNLpKmfo
3BTmyI0eZEYwnmmMCMzTa4M388BfvOi07BvBxes95XVMQoIdft7borI4z5nA
ZrsG/L2KsLeHnGdBwv3lM1MOBElJ+46I0bX/Vm0DDc8NfHAIFkRsBZe7LEJY
VUeR2ZsfHTYuCiuKzXrdnG3Bic08O5ShuaoOKw3KrLGSubIHxZ5jhjyNOrrb
AXVj1xKRknyHYc01ath9VDkTRCzc24nX+U8OEJ7jXa3aTm4RAozr1LlGaiii
mLhiJEgETjkG6CW+xJr0LuOCVZXXs5VjxXg8eP+lviaAfyBkUSmaTD0i2Hs/
d9B6FRB73HEs6eat7EsjZrb0zhD3A24QND93g3suhXw2RqSnWYDWF/TujsUx
2QKqU+Jb3UceLB1oGt+3S2+b4oGwz4nNNXw7CJ9I0kx77vfxTC/J2p4tYGoy
san8DcRD0QM5env20dFc/QC6XTQjOFKHh2B3NF4J2F+GK/UIwaFpLSIoPVzZ
VArA2bh6Xx/FbG+D3sr+az+KnTaeC7V6KfEWcoHf+HPtuwmbyfQ2qz9AfPtU
65G4NlUYAc6ASNIq3Z24lckXGUByK7Pg3RPYJuAcH8xnCoMZcnXVObzirzxH
NG+1z5YTPnTxHmOAwOPWe5vYRIUb4ULGl4R6OIY9Sa5ftWoPL8/eNhykKeO3
EQTPiHyhMCRIW97X0oupNuB+Y+ruiNj8+bC812i8I199CfaZd+WDSJWKvITn
IiQkCr3Gpc41Ersy/Y1HlIUKMA2BAcJMPJO+nKHse8wRNeLVtcRbCGbvC+Y0
1o2LWk2pqaiK3Yrmrlji8qRIio0qWi4jqBWgasrSnr1IsjtDYyLsvUvd14AF
YlKnqguJl4ZFoMwa7sfZqJkEKLsh1dhEkmCZgh3qBYAoDOPSAXo17HxFX/NL
oUGmwarWP1fH0hMn2sbHszeqTd8l88JlQf2dozMV1QPoJ/kFuLMmM8c0dWkE
Jw962RWj5hG2DBv0a2+GqSoGfXbP+9w3ZCbHR25KNmt5wI3udrQgCgBtErtA
mFtPgjBZXU0xkmtK9bZOeVJeAUs3cVdtTGEWRo7RWqC2NZwMU4zlc58C2lQP
qCkSO8lV43mt3hU/DvAG63SFvqcLOAvCZFW6PEl4lNagoWSHzoIu2LkyglJr
p8VbCkxS3VSYoC8cyrQ81z8HxlTpixvO15mRbm085AcPR4w4Z3AkraqgX9KZ
b83jCnO5oiYAzpm+aE2P6UaTNWLKuD0c5tTIzk6IjvCY1QeFW4psrByVnIss
toTgogZ61Z57DI8oOKBp62Mvh5XCaEtaK7CvOZF8tsnNht6iBLlUBxbc55O6
XOOl2x4dVlNOFDQerGKE0WMOZDl+5orJwspNRrXssaPKXsXdO2p4JgAxF5nL
evAcnsjFRbk32HKGREpMltSLcWBUGnADkb1R8tXahflcFGUT0Q7ej8BUOnCe
NMZhditQUUKs2B18kCjhDkGX4Lrwhzlb6DwBoksyl6fEpquePaHinTtbX0P6
46EZXWAG93i79gh+NsABkQ7i4xnfhwiERnNnObgc1xhQBq7FF+exqqTOLW7H
xrQVUwYKkpR7ObQeQ+qD8tuRNk2NoReIPh7KHrBCOdlNv0AKkKbPp1eq5QCV
137Q32zgbTFjuPx94J+00Jg3ZU2F9ObHfWRL8J15Ejx1NpEpTHAuKKEAlMR5
MnUQnqfwOV52f20JFNdVJJrOWl4o/tQc4dasS8ji+c3axQfdzpRdWvHtusKX
GgAhCRFIJ6UW6nYLotEyn/slh/TkwfVDKFOi5du5ghWpkNDbHKRt9g5j+32/
ZbYwYmELbBRslhsx0ffpUYj+RnBc2hJb6XOZcHF7txyc/urkYA+9twsqWRAt
zC2ujaQyveYLIwMWuxQD3qkvdOYfc382IefzWRYTdiddsVWiXWp6U4h4LLRM
SmcDIK5DLr7FwW3xMqNAIKSIoVaqbHk+ZxE+G8ln4RLKOZZIpjj1itVEGMJ5
BDLgwG2L5fm9TDT6uTNtivolFz6AyauHjiVtV5n2+ZPAzeyuipYEBnTvvFZO
9PQJjgUsVFAt3TEpeKKO2cuHgklcas4XA4Dgy3pz7vvR+uRZZo1zs9c3l1Kn
wij9fNyj9H4SrOh1tuY/5bFGRxO5e5kjM+jAwcySANeXLG307R60eLyzN5iR
JR4rMMzxe/iZ1vjD5c8ztppKm4lyhYd1vIK9xBTM6pDh+h4BMZlpWqIp4VLv
aVEtci9DlvaWVfpu3PJhCdgHXPXwZG1vCosDFb9kQsL3NznsIQfFU4ADoUev
VeNqrvIbLhKeccSL4+0DrxfIU0YY/1W/MpIo0AjOA1otzo2Q5yNLkahvvHNx
oK0Czycu4j2xcX6q3OctfNK3PrCGq+y+QeRBTkaXoWfzMx77oBqIxESx/dA7
UenfLmYDuLzyBE1ll45HjtfCzE+mp1g7Prsk6K4x8EMtdfYohNfz2qXpPkuu
Z3HzgRx7cHY29gIU8GTALm+lUlqCLVMGX99nPcZePuZsX/TbkspVNQfsdbq+
aS8f4NvZUhhpXd0jFlwTwJvMB9Sk2HYn9XPPZHH9A6uKnmnLF5yE0ov07lqE
W9Du70riKuBiTWUcHxSFv0fXTkdg2ZC7Q7TxMt8ILKCTUcwK+LAKZIUu2gOU
B3d5TfrLLelFO1QpDtXHKH8+fWFP1vsi2QDMsxaMwPVCN0HRRHwh0RWFyYnM
XGFfgBsqL0kcXy/nIclkayt0RLBywNYrrR/NgiJAU274gvQ72NnuhRPX6Lkz
c3lP7ZbgPW07RpjRaXrLnVvdUvpjY192NRzd8cgyCVyMAbD74X7hK9f1CFzY
hvbdaQRRC4ZEm6kPvlqRoW/N9IyGR74jh6m0Cm6amZXrTe+CtSQAzIC7RAvx
ylU++5wnlbNUgYnR8ozF8kGv9Fpe+YTUlpG4hMURHiDLN3vV9M0C2o8sOvsD
sn1pt1nPyuwKY7ZXnXexvCK6XZ9Of08xrGnE0acIaCPP/blFMnKIpTTjRHhY
66XHAMshn1txOVo6feIGrO0l8dYYK7ZNmAuBhEYOzfISUw9uNro9UBoBaetB
XUaqC61ap3JAu46wVzzbKGxKQasYnsxtkOn3MLF58V3tZ0OSbJCzYgMnvN3X
c5xeiKqIQ8tDIEI7OyDUep7O+p2I4v6B0EZddH2i2FPcJ+RUYywJFfJVJq1R
1hoGD5Z1fBx9nd7QseKOoamApLU0pKXPhcjXUlGZNm5i61xK76E3jeymerrm
sGOSmZ3SHeEtn3sJ4wI+484tMTGYJPCm7nMp78PcBrbhojG6ReAxPWaumXpQ
zETuPq5TQOUpRuHbdZ0FR1DCmY23SZkrmvSBPLpgr+x9lM+KvbsX9dxzY9lh
+kbl15TGmVZSg9yU96y+dWcDWjDdA1RvGoyhXXLTQBkAr4vz4j3+kiw66PXR
G9VANBFBM4GHYinBgbTAvvL3Fw4TPiSFrDISCAwXjJBLZAnuQIhYAitKPMow
aBeLF6aDfMgSc7MkQ6m3hdvn0yPeUNTo/u2qNYfl+6XHucIC+8v1demB663r
/CG+O4jW5cicJwvhvyMpy5MRxi/HuCocEwnoLj+RUpj68wHlAt9yl2yyem7O
XMhm58iR7n2rHcGhCGZyTE1F2IaxZqY1u6XB3xe9pxGiYkcQI+GR8zONEFri
qNe1ZwQg3DmYfnXSk7+8yDk+UkPLl/x//pepwb/zzov/bSDhH1/B/r85Jey+
8t9Qwm5zsCwvq39CCY/G71HC4+clzsqb+8+ihCMhqe6+vEYMpPxIy349wp/i
sn9Kyz627is+u8fCxvxdUvgL8CMq/HdJ4fMafkCFfyCFkb9KCn8BfkSF/4AU
/qfj8/ts6zlCTYjwVfrnvPDXo/+EQ/2V8f/F0c8j/BNs+J9Rw/958fAP8G55
FeKWns+v38BB+5zxf8AGz5H8BZD1m2d/JZ7NM0bOqCojRP4NUXjexW+f9acY
9a/j5kO/fY2cX0LHH8K0hK8h4i3J7Std/AOYBHumff0JoP2Qnp93/f1qHn6F
DX8FiP8E8f4C/HEme13w0P6UdP5E2Idt/WWM/dUZ/QL8UQT/Mwj4vCvsvBvy
w+j8EgBWkbNX3699fIPKAGnW54dszb+SpvPdCY5g/SXp+yERf0Z9f0n6NuuH
kP4zwvM8U3mO5IcFFfg9daBSvzH/cL58Vf+EEP7xbB9s9F8ghH/n2s5rwRKW
/ro+8K+o+mMeVj/v+wMz/zTiNlw/fe2cF/4zbh8w/etV/7YO/KtV4IOu/rIO
nEf7DQT7t1a57lvWrx9K+Ecy9Ruz21j9B1v9/BfY16+z+e1KgzMmvh4blfFY
tJqQvTr3b5B+/jMj++FTmyXcr6YNaY50xB+UuT3jrvWmCL02IWcVicDl59x/
jbKfWOVv/75I7NX9UKrxOYqRQBfnWV4f0uhanPf+u3T1D3D1P17DN3ZY4Jdz
nJaf0NVzlD4/pdczBj58MJQIfPU8N2Ln/C9ntkMfsDk87/sr28p9IN4zN8ur
ea5+0HmEcwa/rhbiOf+Cd87itf2siz9QsXXc8u2H+v0Bnv0Kwj4FbfWRbyP/
GUn8H4/7oVDb5+MTf9brs6ImYp27Av2pwPhPcPM5w1L9LcK+AKl95X6MMam8
fsugH3PD/sT/t/r9oW1/r35/qzh/JZN+nUdfgL+YSX0iwNOZ1eeY8WeH5J0j
adgyHO/wOSra62lL5Hk9+Sfuf1wn74+vMOwU+DUtVdw3frzavh7JOL9+5oKv
z+9+ZpPRMwY+K121vn/klT/QbfqpK9V25mVw5vFWxKhKS23x6UC+zgG8fub2
x5n9vUyWqq9HOB/3dc3+KZc/9Pxfy+Zf5/I5Duc68+24PXU/RzSpMOqvUM//
5IMEfs7y8+jS5+rnH1nw+zlO8Q375OZ5b8avcv6vZPzXzPpNzv+VjD/Xyd/J
+b+S8V+v4Tc5/1cy/sM6/zbn/0rGn9n9Ozn/VzL+HIffyfnfzfgfZu/r3J1Z
kNywT/afHWnQSeAPZC31+f6voNAfEvrsH36BQp9rRPkzCq1VWvVnKPSHhD7n
4jtQ6A8Jfa5R34FCf0joH0Dkv4lCf0josxv8DhT6Q0Kf6+R3oNAfEvpTL/4+
Cv25069A9h+i0J/Z/DMU+vOO3zMevgOF/rwx+QvwPSj0553Jn48q+fso9IeE
Ptfq70ChPyT0B7j8+yj0h4T+AnwPCv0hob8A34NCf0jo8wjfgUJ/SOgvwPeg
0B8S+gvwPSj0h4T+AnwPCv0hob8A34NC/96e96+h0B8S+gvwPSj0h4T+ML5/
H4X+kNBfgO9BoT8k9Dmb34FCf0joswP5DhT6Q0J/Ab4Hhf6Q0Gfd/A4U+kNC
n+PwHSj0P+CzfxOF/kamfg8K/SGhP+vk30ehP9zA57cofx+Flr5+CND3oNAf
EvoL8D0o9IeE/gJ8Dwr9IaHPePgOFPpDQp/j8B0o9IeE/gJ8Dwr9IaG/AN+D
Qn9I6K9Y+d9GoT8k9HmE70ChPyT02U9+Bwr9ycrzGr4Dhf6Q0F+A70GhPyT0
uVv8DhT6Q0J/Ab4Hhf6Q0GdefAcK/SGhvwDfg0J/VprPBzL9fRT6I5t8Ab4H
hf6Q0GfN+g4U+uePAfhdFLr6YxQay0gcHcCprnTn7EC4qcEH4uHuNstE+dbP
j1oj2RK5mKRMx38IsJSusLAic3aDcn34fleLaE3tvDBzda1O8cJCsm6sQ7eJ
h3S/3oL53Mq9UuM5Opdk1CEvt5SNNaF2O69hOqDb57NGjh4M/WzxWRw0seIY
Eq02C5bySlJEtDul3Kfr6Gv3cBYoZIt7iMqcz9+0hs/fUMR1YYw7BAYFmDnZ
MI54//l0Q8Orna2hSWVzGDjQzOIyge7yjJe2a8cLWi7iWi1Rcq5yZTox1BrS
1mNq07MmCO7x9EbHksSKehGBeY5DrPetRwuLFVXuoXrO/ZLp5/JByEV/5sVz
IDrBi6fec1RpFKnz7PiZeOb8mAP+KksUjve3qJZs7LaJ0GrhMAJfn7ulkWrO
EgN49nJgLDtM6N4QiSfN/0IU+s//KPxf70T/9g/B/xVS9A9n/YUV/S8Lxr82
yv5TvWjiO7zof/2OfsmM/QKO/vsH+c8SpH87/v/LDGni+w3p//bvmbGfj/dv
mbt/WZQm0Pj3ROnzn/8dojQFIT8c8Pzu75HBf0Wh/rwi5ByWb6Px35Nv6+P/
/A/46zX8zRXm7xjVPz35/yrVf8lB/QL8PoT6LxrW/84Y+yP3+k9D7C/g1kn5
/m9x85ym//kfxdeR+e+vnwb2V0f/j68q8/hJ678Zw//j8u3p/+Nynvb//buw
9g+H+7+09r87vH8H3v7J3f6L7PaZAj+y21+X8P/Lbv/b2O1zPP8L2O2p2P8J
r30+4ptx//9LV/szPn/O2P/nqtlnjP271GyChIm/p2YjJPqvq9kwTPxTNRsl
fy1r/0bNxkjsf42a/VO8/x/EZf952/7THf2ayf6dtf7rxvM3+5s/3HGS/w9M
ffY0IAT9dRj7n17171rYf+FZn5dkp+Jv+ev05rCsmP+fz1+LTeDemFCeR8a6
g7U1l6aLvTW2OCQ1wJQBzJ/A/I6mtGL3x8vQZSJiq42Ulp3fHfN4lZexjq/J
/ipux2Xijp0nqJaZ+bdwFQsPXUvougIeBjrsyxfLHoKfcHaLHqbTSlah9Q7E
rjU3IMzjUNOxaowaDoTDepgIT73xMw+tWUMbIF/etT+i7/15Q9ZoINxAWi8b
TLydjGsH3uss1Z6SRzJU3jgaouN4++xK+HItlIHMYBZIHjPZefrg5M2DeihX
aMiZq+IQHGkMz8w9fPW6wFxb8YW8awY2jmbQBTRZepHRuft+ALbrRvjrHkLP
56V/cZpR42PBml2EpVwXCTbdLJfkrPL7RaIvDZkKfP9/Kn9dgM2hhqn9qBCH
KpNk5O1Q7z0Y8IKdLasjlmXuhanZgDrPS9MR4dmBvHOZWfjnq4BbVVB8uAwl
DaPmlLBbk0Kk/Tq86xfQkkT/2iaE0DsthCfvvRaO9DjMSnMDbNocHndvzqAs
dyYe9avhzN47n+RZLbHxcQYNAqjRYe9gu+3co7nVtxC6IFc/5zxfa6+5jA+u
q/IgCj/KTaUDsNTomidgGvMwJ7qatIsBWT0titmUCpjq/vAMy4hxtryjrthz
XKJXJ/IrFFXdE4nUWmzN6ZI6qMdJsGXzmJmjL4B/3w6fvVTiMBbR3Jm1dTkC
KnppN54rr280BdtdeN4xdupcXV2iDZ/rwsCk4+Gv1sGygLD8C/z1tdK2wdoP
ZkNp4RCjUMfYVWfyYmQAZZ35+yOEpRZailC+2CHt3DjTF3jqOuOPbmdfqMFS
LbLnW7+U1A7597d48VEclcxDfAPlvGhygrMa1RLWwxb3ltSEYC0zPi7fl2UK
a/jyer/Ayjve/OMiMM/0ifZ7PZ3L4IH1ILDjknBx+L3eI1fbbwo3y2it2vgN
IsfolgtyRw69ciFHLnImN4M1W+ISr85UyuZERS+BR7J61KLLOJ1g7QbDi351
SdDTPT7qwcAzruIif87lEsILo5wFlRJGNm3QMNqAkDgfANGRg8EqziDF3ybS
sKqQoLBlnVO1TmuVS4tNs80cEeUVf9CFMxvSZbATNtvgNM8sGADvcQVO9xLL
DF+h4qRHlJgehNKKS8yw7Ps2aazlg0YNBmPBwZc7vMEmqBNC61mkH8RA5l5s
3bgjdx2reKcXF4TUeLhxyAlLSm96+A2kdvjS5j0Y61dNSBiVcIoCh4Rlz/XG
BDYJOuPfiQqNI9gWy5G+LqRAry5KT9jNkoR+U7Ass02dAFJQREkZzVarV0dw
8qZugwxQsGb0pf2UK9xio0zbYYtDoOpe1YxyPLs4Y33pWK6LlZpPt/NqRtQL
gqmwctvg5zr6AE8VcguW4OM2dkJRR9Ax5Rbe0UcjPXM2K21CfoSgdmmCtE+d
pbfRRDO4lVhdv2XxAgJ6/yWLN9q1Ft2Oo9G887iyodgVNl715eFZ8n2L7J1E
phYkV07UWZCfEQhS+uyQ3yGiAd6CZzA1CFXdBHYrN+Sl0jyLmGEBizR81aQt
jBIvVR639+sNlizvR9emsBdYRTf6NlTAkR2Z84QQuXmJYTFv2r7qT0i/8zdz
iu67FzzkhlEEsh1QrMUqxVYektZF9TNVe2jjNKDBzW29+1E+clSfBmWWp9yU
eET6IqtPHvP64OKDX+BGv4qlz0gPUyd4CfE8eW0r2wG2Nm6p0icmwc0yFqRY
XG9KxKHX4lX3FWK5G7YkLZIitMOsYs5K+rKuiiCtE/pYpgUFsqEIlkNkDdYf
XsOULfJ7JhpEcYeCScbE0ANTU6M0Q429oPHhLbJzc/aAmrTeKlm0WGAFr1US
xjfpDfv6yARlQugbv8l3/F3Z9EW7C6BzAwXUKcgn6OjS3CmkJVZZBrK2mpU0
QFDl1C7JkjzZawT39QDvD7k075st0/1hdiuLSDGNorfK7/h6JQwpP3cz1Es7
I1qlCR/QWo0k3zy0KGyr9iyuWkJN8gFSwKV5WSmcCXf3DpNXK3bvlCxSx/50
VCZkDMLE00q5AL4Kwcsk81e5vBGbN6vpcOBc1lDTTMhIFLMUz+UIonMmdz+b
uAtfOytBl7gfCtdQ455A5+/QwaOr6S7VcFx8UbxsKMpw78rNojqRrX0wTLWD
Xr2Ka6/mbZOC9yxL0BkSNk/0BXBQS18oR3oS89Q/RLUm5403O8bzdLWsLjxN
vmUzfCLzOW0KiUiETR3qq97g+rGtRzEA+pusJ4OcySYbNVHk73aMCsMRa2ta
5dPcn/XNhmRukbp6YAfGB2cWWr32LjzPzC6qO9AGBb/Z7vNIH2ssXEy6e0J7
J+E+elzi+P50g0XCachuhSp4rjZuVrcKQSeC0hubi54X4KnxxIUMaLlMnjf5
6g88c7X8ZhzZIcQbSF/fj25ZDJ9Knt5zggw0AvGADMSwFkBi5npgo6+FDIev
MFJfCmmfHYgUblxhD2hVTSKzSHac6gbJa493dzZIytLc0NRD93UY/VTCHwA1
ckvdR7KZh2OtG8ZLXJGk5DM4qsnAzh68ViPlDd6gHsSv0477I+fuI8NKyqF0
VOwAWOWq60Ugi6spJ6PbxJM6RwTecIKBW3bVHRqv19M1UCHQLWhiMzKcX3ji
Skl6YYzzGxD727S/tO6uGfctRqSLVVVSZSEji7xr2VrjTrhsZ2spH7OxWqNt
FrlS96+nUDv3gKIL4JbQC009mPQljfSjom5Lq6FnyxqP0y2+6ffLxVns9JXQ
1aKuSu3Mxdt/EpkVVzLSbxoLcOF9Xu8FvtYZT0rJrHlCmSMPCNnr7Baz1wFy
rkns+A4na1Uq3NyC8XlrDa702LZYVwNivfnKLiKTgsqlG3OCxUkZY9lytjGC
i/UGilAoSUEQYb6lXhTEXDLQWzddVWXS5doFECW6Mq1DOZhPwBuipiRRJu0q
G5MBFh2HjcZKR0pyFic6DRoX4hHc68O86c6VWB7gCGCJaMxNZzoUW2zy907B
S35ZvbOpeB3EnYK2Bx7jMlnmoP5YI2Q+sruqYzzqvKdpeJHS5wVWMj+JNo++
cnvhhLRzwu36sojU6S/e2QxIyGiMgVLW8A1TN+1YXBha6jvNs0H9iC7APe7H
ltALWTfm+B284FKWN1S15i55NqK2wo2aeD4Xydz4UrbCflxe+dMa2cS/SMhr
1IFXqM7FXdHXhkRF5hGk3ltw0SlmqFaCIEQRBJ4V5PcLk6LIxLoMylCVKGJx
mJaWiK0UuOdXPIUQF+4Y/KVYePlgSrVu/YfrZAcbLgGjP69H57wZ8hA1LYOu
tflQ8jINqz2uvQiggqcePexppKm+eBKFqxtsllznZ+XfEXl8FYI/X2P45t3v
GeY5+Q7GjReEjH9LyhutvwFFGP1s1tGtJ2MXcaSY54dLGFUPeUko5mxeiOoZ
X6sq6O+Ldi21/aF6klbd3qXIoNgYAr7NebiMQ91izplrUAhOnh0VO6w1+Plt
4YMmZ3XT4XuPTqxegmd5AWOETba3y+szQpdAX0u0hscx8nzOqybmaHtueLnC
K2+L6PPwG3zw/FoNV3iWAvDZurdwsjuHqfxFpqiZqYFyec13BiJvx/UJhzC7
dJG5JomUj3upjMcKO2SEs9fn8FrynPAw+qVptc/Nb0iVNktHAdN7bhnfTZds
xhJ/U7hr+0gqnFHT+nFjBYKmJYmZF5VkggKn88tgda86tO1rs7gCctjA+jZL
uHQLhXAhK6N1DIwfGSu9w+V+4V3G6d2BohFv8sYj1KN0v8/DJjAqumc6Xhmv
ENjtOSiCGRYfs0++ySohtJKmEm0A0bzNXgN9kCT9dDYpPsO33QdHcy2hGrXd
z+imjXtgeC77g1KfedCR7uW6zs8NKvDhVd2HuNUNV+gvTmu0d0LVwKM7Nut+
nZ71+6ZxN2xmrAFAzKDuLUq8K+/oRQ2Uf52zi3RBUBseuG4YXmPXzwnUW/lT
dlcqvJi7164s2m9e45mBB8QYSsNZeF87L6p34o1je9fO1dlPineNbdBMYtAX
dePh9hCmsExu2MOmH6zk6tulsQYHKM5+i/bUWel1eGJlZEHilkefwblfi3gR
q2jk8N/0kj9g7hWQOJPvdSNV3LZLgeOayQAY3t2YbIES/W7pl89bKeBiox6V
JLP3Ay9e46a8Q9wt22pixAhh9Pgl7ecjXllp9MVtAcw7DCc3sbHiOjCu15aK
melc9TRGifRYqgliALFNNYaN62/E4EvQ7j4QJKkWDDEchwIBNX+pVkZKetXI
YHzvOfpiurHPOpuoM5FkvkmdSu5JZgWkCNpTXBJXG4ME0A5esXBznoDuyM1y
0whaXNJhyBisZFm5hbgZZ0x83dkNo5HXevafqZtY21ldz87qxuzLk9nM5X5u
/xF8ISzqmZjCuZMAE2jqZyunCe+qacIKOYSzYSw/LzjFSg+dmxO6BUer3xWV
9PpksyeAgx5J/iTYB4zKut7ELYnY+NWS02td3EwMI6aFn8uhUuXCKGyqi+eA
SqcNW7mE9AqeBlSjXZ9b0+LYuUWwZROne382t3IFdzNKX8RiYcyTQ2y1ng/I
ORZjbqV7I0ZUV7GUwKoAGd3e/VlEqifFVzxYMCvKditGljMPhq0nbNOjbWfQ
qkuzxzEQW0LUL1EpbJELo0J8AODnPrUJSlVBlcezRCiN6ZxCjBqyHZVRRgPs
fkht8CAnTyHuZXtpzAEx9dXhg4m+B9cOyKyedyBt8eY51dBUfYKcJSmsd02W
ziBiYsl4TA/vl2ZWBAPK6x6hM5iTGtSiPRGqAsB6D/jrSdI7/qjLwnC7nEHG
NjxQ6WVxb41YOSyGxnLDMfNaN8/j7ISRu+oFfichJrShQBjmLFQc0FYFQ3AJ
0qb3LfxlHAjGykw0qvbZ2xVzXwS3tnZk933p33igvDlKOgfP9RYgkxD6aZLv
cyeIpefWhBY9heo0DxHei3oBUeRuEM/m7YO75CrWSFzv+0yKRLOSBAdfbzXw
yje1dc9UM552j14diUqZ+825avdd0BWaqsPBT9tuDCKPkXPVRgo3S/ewbKmZ
z/DHBJyNgm7AmN0rENd2mCH7HsVcEF+dgpcTHnT3EHwEF5WnXzwZKRSeV+oG
MVNdNugZSK0C3IWUTLghv7CiZEN74rE6O/B6MkmBN7zY46Uj/ityehustT6g
HQyFIneVBnJMbpb02ADDrXOOYiQDqqllkIiVTXksL1dXr85OuMIUMC07hEY3
blWek38De1LU4v3dnBGO5hQPTFCaHjWNU690wCxEbjFlt6dFn4wsHajgPHuy
vsLKt2oFmTTzXir39jqNzojrs9ybPmA8n8uMh2pJoEbTUelDzSRehi9k096M
IHUE/Rij3fRzsIFhWFTyabnWY6PhZbgs7LsGJi0XigdCHLfXI0Mkf9M7Jon2
C0iEb7ZAjMPRaaw742zvoQfkZr2roNYmZk3KxVMiDgDqI5dllsOiVeEHKhrb
WSXY5nXbal/pHJEZK8trF/RgYzdKOZkT4ktMv9r92CCN6xodQPbMPSufG9TQ
dGdjdQhAytVmPQ1QEk1pK9gu8mzZXXBY5rnrw93EFpIlp7KrGsNr7QPJpNz1
i21cNr9HZZQZJSOdeLCiCluW5ucYxLDlvGJbXAYnBM0o869Qdi6uHq3IZTpH
ALpklbC+A8l6E5lJwaPEmg/CSVnrfVep2MeN2Si5GR5Nsonpq5K/hjzbZpzs
pgSPsBVwLl1ItuqlnpCW0HRa2UJEpM3AZtmeJNXIZKMt8bbCsrHnzU1jOK8d
U7zbiXzrXpadAZ1OyFs72NcXDc0yeL+JNg4JkDU3bwQVTHgf72j36O60TUxn
G8YLTV9rDTrnj8BMKa4GgjUsd2GlbwcBy2agE2cT9wjqIYsaORyatg+N7SYH
ZxkZ/APP40Nw9nc/6n79POfdO4AG1+VUMzSTTEJv4FjbLdBkkIn7xhmBs5MQ
2u7Y1ZDk+wxKrUNEBX8r0zIn44zut8ECQj+1X8WDaJRgP9Cdf5kgDnPEJY3C
Oa3eUrJ1aMASuNTnhpUnWjtuFPNYDtO62BZ+IYC+1JGgUmLyurLP0HNiwRcl
PYiOVzM+GVZlxzE/aMx/R08jRB8+yURy2G5pzQxqYloQUF70bS/7Kn13WjHC
RXZ12GcuyCPqlo7SmUfAX1+N9irEgZZTDH+TlEYxeFiFppQ6RQ68GGOhw6U6
/1cwt3MAs+khMQrXei5fmiD5uF0zStB51grvg9uWs60ZJDLgI8H0uNlLgK5U
0osHzSvcFIOpELQJOsnFvJjT1qAPTOfwFwgPoVbIt3wMujS8bqu2o1eXEHyz
ZyUg30qm76KLf0VRASPQ4sYt5UWNFu89qdBc5Hz+PuqeWCVJis/dahBVyrRE
npKyD3VCLoBO+7dUPpv3GHlN7eKW+t3CdBck24ajg8JqJWerj7m5U5Vc5vYd
rtvd+bwo3Re7RPITgFTC8FDvUJ7s5IEqT8PcDR0pFtmvxEbFwVtyAflz6bfp
Rb0z5ui/CpmbFPHVcbNC3FBAvOBjIHogMjwCrpKg2OgyyjqCWoHEiyvh6CHZ
2WXiWfSIIlW7sihoGyKikChXvR7PAziGOrjZjx17ZVwHg+3T555uFOXhxHIc
KddzhTg2honv+U7Abml1UWxEKxdGHWGoypgC9Pv6uo53+fZqpSmKiURUO1uA
CTC6hCTSjzFMo+h+XYaz/w2buWlJD7MgZniIYyzi1gb0foe7r3fYD83Dhfql
GyzzcjO6yXAM70Jkk8kvIGhl4zkV02RQbl3uuFdIpoLe3QyVAcMHi/kmDmFO
wdDeG0OF2CM6O2kw8KmUZk8ZjeXiRQaGxG5yOrO+ME1Cpztzc4lARQFC8fW8
J/MtLWofeV0QMCt8D36i5llwBX9X8F6UUZBvhefc34eXd4dSq7Jkp3FCBnUG
EDhvkMgjanq75Btk65vpu+iQEwsF3d372ykbv8hkzZ69lZ12pwtAhW7TchSc
Nnkn8EwBENWzlaNhvC6/nv6YvcVHYoHYs3O6Nzex7sTrHGuiz4s9ypFoYAfb
H7kWPallNqSM6gADu90aXkmf9lscMUW0sWJazm4eE+2If0PLNILPx8c2VSJo
Lwylg7i1XMY1kmyQ1cpzEFf8mZKevc+N0bLgI7vt1lBmjcDL4tUp87MfvDnd
okxnJl3UKRTGl5tvUCbyanB9X2qAeReodDXQeodvYJMaF+usSetbL/et5ieG
x9K1JY/hYtYvnA0ElALfxpKBJU9mIvTU70Bdk0LfhQStvJXrHQ9kf4T7xzBd
bBOxZSqIL9670p+36CJv9dvyG+kG7e07uz8aWsGqCZh27+lNVYehBWNAo/ig
nzMXdO/KvaDD/rD7AYfOp47tue2/r4fz6BtyRjyYWNbPH+0iwPcW5ILcL9bF
85/3cHV0ZkgTE/H7FXp12LC+eLZ+tw6kxCUYbm9cRRk6nmy/issHioWAW5MR
TMjB0yGvS04cxszzcY8tSEcwD33E4muALVoQXQxFE3D2guU5eK+XIcvG7Oxo
CUBPnEJ7vUKQR5Q83QKRfyrRTK69lzGdab45zslvRmOUQ2y9kLYtmEOjRkR6
IuwIlWdpw7PiLnahx6CmXavSniZ+Jia8qiN4GTEvW6VoqeTi9aX1JMyDjDEX
PuteaBbLrmxQtgBLaIRuRZRDtDDBImMiCll3Ji79qo3MMWetdqYHR2UGcV89
yEPWi4QXePEYU8J8DWMOVNVtkdRnmzla6VGW4s1+6zuH+KTjxO0G/REfr+44
QKq7X/G3PhSEGo/usNj2sKmFGgBh6il4oU6TetHrNR5Unt3YKpwZvUwYL6gX
IzHvFmWupLfS9FXkbY/OpIvGXqG7LxkMoLFoJ3N3Z0DgUAIvnPiSlPFAj5sL
9h5evlp4HfnH2RpV9hFtDA3C77eLW0/awGZP30yAz1aTaPvKhRD7XBjht9k/
reJ2ZzTqZogiz+KMSziautVPhNBdlp70xZAsyePj5DVEPmC+O04q7poDLsJM
3ZSiRKfo4mCC4jbxxqrg2VtSEkg/9bOp28uHcFOxLULvxrgahe5egF08dNNW
oW2tWetZXh7c2PM2Z9Br2ueDO5CLNJrXduXrq+l2qelhSjpl9Q0XwfcRPiLg
84mVRO6Y1lnLw9eddTqoSiTlIpVp2lPbjhUQw0yXzkMn3IyQjE5hPCO4Lsjs
8pHQZ5snZhoIzVt+i4aXW1lL2+8tFFSLxq+Js3UHxYIBO9QODWV0d/gkGEkH
eB0wdu/eDEcCD1ytCdmSJCtm13X1kYet+qR18wIrx3kw33i+3upOD23K5SPm
bV2qevWqyuBcG+alFiBhrggf5Pveo9BTqBey1sryXNUfyGCJN3gNB/DZGwKF
4qV5X/NEJJCZv0CzdW6fhlkTALnfSLLtlgEuH6AE8+d+qoxGTYTZW/liEw66
wSDnp1jJ6O520fVK8TBdU3Y8vdWXGceB5LiC8isVG2ZCGPcameltVXoCt4hJ
hyiZhY2odHxvqpd31fL2hVqO+nZ23HJapIelXc7CkmOOhJHb4a0Kc1VtlCc7
I3iEjrKD1XokRruk7HILp3q+HY0V5dK510ETLafIUnMyAEL97Oikp6O8Gm7o
N0tVaRO6V+2h9bdwNvTukWPP9cgv5FO7ktdKg6XMbxSPFHE9QTvA0jZy7DyO
Z3yclFWHZ+RYAd0eK6O4RBJVG1Q8fjE+fTeu7bR3mb09naMwHtzjZZhrANis
wLal95Z54eJENru0VS0JV9+Y5JfBysWGJVjBwvNYDTThVUHtQbSGQIaOy0pj
9RDwPDBbouqhIpntibtZ5rMv286ic/t01mRK2qZNFcj5GkIMx3uyhxIkfYQV
onlJwWsRBbB1K/bo/iSiJLxocmLvJMkmtDdD1U7DSI756GWCnsuU3PSwtyKH
d1zYU5bX/dbTL/Pzi2m6VMsWSS0hJ3NynQo6MKOU0uliHXeXOwt/mkpGEXF4
ztXUVhnIDENnr/aqMa+0HgCvPJ3lIilTQZHzOJscRSus83q5N5bbCQ0XuXI0
ugf95uQeO7uXEGFek/vqvOCG1RY9A5PKgcaSxmJpFUMBJlxPc6KYjMW+4GhC
Z2wsFNE10842zM7Qju0KHS+Ow13RLH496BdACrXS6OD+iF9bDGf6+F4GSD9L
QlnMDWuS2p6YOLah7+d4JtQ9JJL+NW1+Vwl2kz1XCRBcpYEI9k0LCSUQ4aSO
WFRU+w15jVonv/T4mfjwCN65OvOxs+tHOTFPUZlOO90CMzUEZs8cS6fXOfWK
txk36wZEjmt2Y0vBr5nQYJdaZRFkJ4N6GsqI6nEY6R9xtOENyHu8DsxZu4Mx
SuIdsoHrXJx9aHC5P0fTvU1Q413eoMYSCwk71a4WQ32uz7dom2+DDhajWw8C
cKVxT8slgT+bJg8FpeYGo+J2GZnskqrZM5FxnhSbVa8SP+o482MsrfNGuPq8
jF5fiEDj8sNQJRPH+gbcYyZfljr4BB8Cr3E7rDyz7hpcI+8l9ctC5agtzKIy
8oyxiWSJLXwEdKzgByqsE+I1MWsel8TUEy92gZZnu6pQZZPZri9FPWKWfLcs
7wihIO8GF7fHPmEDHAAUEpmJZOrHJTDrm9a6vQrRocnN1iFswjDst1GZ+1TQ
lnMn/ZYuvclPYIdnlxd4JdPIAMDbgDGvWTsLcik73lgrygpFiymrY+y+H4qy
1Wc5umj4LdU8j9y9Zfeurl7D5rnTiigfsDW+5m8hJoFsZt5GjQ7SJAAbRq3i
tgykW0dPiNUGnZAzXhOsqUbuVMGhxKQx281VBoDhcpaK5NFhdvK5Pc9eu6Xi
Cw93/tEq13MHYWKH/aD6VKvemf3KbDxMm0rsdnEMR1fDgczb0/mC5n2NouZQ
4FSF1L7t5Q95nKNJquENDxfEBM3UbdW9ZpBmZtLLRYtiq8W14wFkCbPrBipJ
79f6IlZ9nG/bfk1vt9awiXPDUrwuZ1vGtjeyStduRm5oRusCXDWhBHfvdwl4
26DULLiLwhYoLFwn77Cre8+w8UlgUNuxtuORZ0eoj9171yqlS/taDhBWZSia
odYWiBMmYqiHs/X3ntSjKm2CcjfyK359uMPjbUWj5wY20Yz53eldKfNs+xKl
2l6ta1uJuQWw6BMpz90FVge7OsLltaIVKHbT3bOvoq6+VwH335BR9O+DWJ9e
mNgPPd6q29QcoFDkFyAmz2QnC960mVJyZzo8Rg4/N8CaQayxkF5sSN3uuCoQ
0bDgV5FShfGampBkWOzq8+d6AIrvtbi0Eo+7MVRMk3ULtI4OtoCBKvY+Va+t
UuObzKou85/OAE/F/r+a+/35pbf/mzu/Dsf8xvl1GIdluTf0J85vjf+e81sP
V0mS5frf6fzGSIHf/W+26HkE7SeXzW04/V+3ZX2tT214/+re/sr7/AJ83kQd
OX3+o1ZkCH+oL3xsuN8orT9dw69s14/a5n6U2iJh11ytmNxqvfIjtKoVl6uO
RKhOTqg3Kf8C3B0GVm+MxjYfZ02azfMeo878+uwfXnKpeS6X/zSqP+mD3+zV
r17hN331X9VQP2PyD2PxTSv+ld+bGz+Ogf+DRcfC58/UOUDor89KWbiP2XMO
z672o7L+oW37j3Mf3c8C6Ju/VGQ/tuEXwPnJpvyq9f6F89dz3Hofx/O8kn9B
6P0Ttfk3Ou5HcBbkd1D/9tG/fqwl8B8B0/lq6EJ3ltlV9iqED+kz/7tqM5t2
9Jt+61e1ZMZzxtffaLq8d3xG8q/EwC/u8Kvw/DnCT8bzX5rFP7WG7fARNuc4
LwHiHf8s0v7BVP1VrP2rzu7HrzTJXzm7kNYGf+Lsmkj4D1rnVyn4T7zOf+7s
fgE+0u4/Orthy8E/ne8RFpr5u3dzzmYB3dHPSAaPZvlH2fNXrud5TX+4Zn4V
/z7j8FUR3IMHfoTtx/z+zAFdPx94d94ZGrQN9GuV9iM1nkf4eyvtzwLmN5vX
/QL8pG0KXP7zfPPLt2jS9vO+ofPoubvTmu2em27hJzE3T87I+yi9cf7ZILm7
ip7HPOcgbKKzgoQP66NYF2c3vn8dafZHW/Pbv99L5szCj0YqidcifWzv4DzP
V4XzHPs/m71fXMOP+mQR/Wwl5mdefH76jgW8+2iwiWgVAVLMX0f8zKaE/aid
3vGDZSl9M1XP/Mxd8YxLwat+eMn7cT6rOXMhDz/1xP5mXIaiXISdqbHdN7Ey
+XYXQlHFPP1ZtXL7o7B+Ipg756MNX+EnioTmsz5BqX01I+SsSmi9/KgRSl9F
1B9q1cfq/KNa9fXRn1j9PYnyM5JWk4rm+ylac3T7Y735U3U/s3n3zsz/ZskT
Pzvg/4pfqSHyK/lqMvfUt7Nh1MeePUfy/O68V+hTWQ2W/lmpRT4SqAkaZ+aH
Yv3Vff097/WsWX8gvv5pB+Cs7+Cj1bbwp27+YDp/FT7PWDdEBjxj7eOqfrVV
f1JYWbiI2m+5E3fNet51LfHq+6xZX9ea608Z87FSP3kp8de7CauVtkLK+ayP
gHhGmVd/akRgn6tcS8PnEfNP//Dtyr/9BMsl/musnRHdTBHC1z9k3eeK4Ui0
XvGZJwlLF+f352qMFx+VtUHCX1zDD0LqAzsjHP/mq/6DPvqxR8/MgoKH1kdf
hdyExXLbNz+Z2pz3/TV6f4pN/nrmpdUE6Lc3/JzrVh+e0SYJXz8N4aeo/qxP
4ccp/WbMfsuYPkCv2Wd1+We+6xfgR+H1j9zWoJPexg8m2hkb++d1O/9Yxz+r
3M+1+RNR5zOpO8p8ouvs1Sz8q3v8LQZ/yo+vtuc58+fXc304q8vv1oj/j733
2nkdWdo0zwXUPWz0QWMGxICeFNHdA9CI3oqiPaP3VqRI8eqHWmX+VW6X2aZ7
D+pgYQn6pGRmZMQbEZL45E904uuI+pEqn2r/gy4z1RlFrV7/mPt8P3czEc7o
//b2KeIHDq/1RWlPnXQb2XT6ZLOhtI+/sFp5w4Hd4e66/Rdia/vlOcZ19LNH
/DzWjciVtkfz5fn6w57eeccNbZ2TYbe9m5kgM59IPmuKh35oeNxcD1dk7PSQ
tlDkt6ALGafl+aih8FMn0W8unodzqbDcbASvAmif9To8Em93FHSEDO+MCWHh
lSNUU2SJPlkmRGUi7PTdbeDtwclndxAfNKRzae859y10+Hf0Xsy4GaUIagfL
Cx2Hl08N+zwOYM8Z3+mRIlEfbF6b2i4EnZF11gPjOTYS8kynuXykdcvtzrVY
IjKNIaZfbGA1o+0+XD7pFiVE0t58/GQ3F/W069nXiGPNsvT1evYvCjrQn3NM
JPa2XRc5hu5GmCpHIzslIa7mwxKq+ds7k765fHVvks5Y9M84W791B9Wpk7/B
2fqtW6hOO4jNJjGJrj2az++htx8IrWVhnnXlqTE0rtXJDzRCjXv+iC/7zeU3
7/27JxtvfXfv34Z/d34Fo8XoJ0N/PCo8u0Laln7pfi2uKG4mzZ1/twb2fMzQ
8uQq+aRukVrXQME4bN6cmTdRHsU1SRBjkanQzlLCQWtnqEJ31NTERDVHWdRM
LagZ7uhc4loG3No47aLUN7v5eVbF7yrt4jXsjJHBX4Nr5ZUaBG+0MnYyMKbD
n1tiTU2IbKCnCziprd/5fc6VbLBuvF8Y0TcXIe36HTMEMENHOJcUDUrN04kH
g5Z5vMMNaD98UyWxg2e9EcnhsFlvGE20GNwMUeizp0fhvkpu3kPV1EzPqVMY
8eapTM463URaS+G+G3StqAPKzd08mV/UhqGCcOWX0faBh3eugkEO3UYMHvAl
tz/uAs5lg6NO19f1GuKxOkoy2O8IMV9pzLbPfY/cF7aZO53DlfmU3DPrRbPD
0tuNpiODmQ+WmbkPVVB3xbv2hZ1K1/T5RPItDZW2LI3GPmxX5XsS2zeXTx9P
P+js23fdbh/qZHHXf7Ur0hjty2jyOZhGD8I3F5Y9Y+ATgJt2O8f/ljD4LfXw
Rm8SL3GfO8o+PFfsxheWM7Q6AzvWtWAbN6dvp0ddjcyYr+iRbtdN/JZqWDNM
sfED7TQP1sjpxOeUfGftstXLsReFEqH45gcP/ObyVVxyX/xO4uVMYZPnQ0n4
ydLGx/xe67twyGlAA3cqY+iVU5/REi/K0mL8N5ejKe5vo0BhEGA3UrxmKFSp
synxrafDUy3OdWG8pSdOW2BZ7OpLrWa0vDkuEqLa/amdGacWkZ2yBQo2bxqE
EUVu9glVaIJYn909PL0iJVEtE3eO8RaY6jzMiI+Z+OrvkQmpUng/5+B1zQbf
eZI3ONLMT9emMA1HSMwPdg/xsFURUtISeie8G/bLDhqh8rgRlsvJ33LuuJ67
CWW99BD8frg1NP961RU7lQRmwqWUacNco8RYqDA1eCFHBPNhe6JzwDwE1et7
NXLr7FCmjihfM/eY9FHUQwjGc8O5HxFsN+yrogS+0x1zcItfYl+jluXi31xI
3wWtqat8boYAYTa6qfd/L/v6o0zfXP4R9vXntuTPWUd/nn39IV+fWv0PsK8/
5OsvHM8/zb7+kK/PEb5lX0OU1A8eV3hmg0Q5BNhLVdu6cb8qYKlfOaCFyOuw
tu2zwejTLbb6yeoD+RQ/nRq2W06LywbhTgF8VWl9M+71nFBM5GNasR7PmPeZ
jFj5Eu7c0e/43R4d5m0BFA5p/KlRYPYyC5MiNhc4sMdCb97p8dj8qA6MOxMc
RPqBzjs3o32CReOYiLAf7+5pIE0UeI91OS1pz292ysQbH4d8w2DrrDXYPksy
i7KHN682YkG8GDNt3hSKjm++WzQen1fGmuRsD0jWN5dnNI0DnKI5VdtNvNAu
vqGvIx+KKwVT2q5IlHgKs7Le2p5eZPIsfpNnS6Zn+7lSrFHcznzR3Ct3aHir
mCzS1zkHmFE7M7yteZK/xb7+kK8/jN0/z77+fCL49Wdif5B9/aS3D/n6rAa/
Z1+rL+RQpeV81hblbFW86dQ+rQi78Pg19vWHfH0q7e9mXzNHFUnIeCXGQWjq
FMSU5qy0zryJ4H0AQplO3zkCHHgIfAZD7yPpUJ21rNbg6FytBT0kbI8f8VF6
oOymQY9Czp6/58+nKHf6uOWkIE4FA+rv2ohSdExHN8i4EksqXanjJxDdhodX
0M0w3fTlc2xrm7xiUnR9HMHOelIJI3gwH47edoQ1Vq9l4qR0EuRUyK8qfKi5
z6zDaSJUvAMaxXIzZowTIrPNYUJWedZR5DhISSLcCIl6PAvgPhs0VbHW0+xh
4CxNgiythcPxeIic9e4BPQ6TdQ+HXpl2BmR5OePCUN7j20KzISRuZnT4k/YW
aTd5dpAgoQQmGTQUX017lvWlLgF6knErFwEoI3X70PtbdypMILFfaqV8+3zC
vsV/kGR9WvIrlvWfIVmfOvlhWVt/l7n9k0/9hSJ60MFPqaza/uG7fvX9AaMx
29eeJTOPm8lv0Pusgd9nlbrrxw3TOPmsxD4r+NEruVvFsBz0SvawPxu/yBjz
A0+kgdKiCLJdgzNZX5VbF/HiCQuJczePnxKIPwxs+7Qqg3bERELXksGXbj2I
+rBloGfvJAsx9zg/9/DW2+Y3lwZZUjU6az9vFqe2tlOsaW+y90Z3xH6pKjUB
sx13kjcqKGZ6rgrfyCKOZYmp89OTnOGbCxBottSUCh8puVOs7a2CDksAxaLX
zoxEsJwf4eEcezhq30Z9DIqkdJJpLIgQehsMRH5zGcRP7cojMAzf7/bxrHXt
TE8dCKsvg2fuQO/c7nQpviY4HYVRX1+nEpZYtXiqGnNqe9YPhfSaq1KMp8gp
c8zlLL3ANK9ORYF+fD76pWOsHPNoF3fh9gL0gAEJ3LU8RVC0cK2nT2WuilTv
PsqKbm/Gu5ppmnTb7tU6VsFkHTTWJVHt/aZQYm7G5Cj8y6mtP/4O799GZ/2l
7+3+hVjWHy73zT/CwPmXYliv/wCG9fcDbr75c1yc34Va/ebyt3/IuD9lrP4i
Q/HHbNWf2fj3UFV/RCD651BV/5wl/+RW/G5yKkbkv0ROPZ/+Z5BT8wj/bsDz
0R+joP45BuYf4Jx+Fe9/AU5/G0j3O+mlv7bPv0Yi/bPb/AcgpX8MFPqDW/xF
CP1D/vEL+E/wB/4n+AcBoKcXfQ8A/aJEfwFA/2kA0NOe/yYA6M8Z/7+DCfod
NPgvNOhvYXj/9ssU3n8tNxTGoX8WN5TEoeuf44ZeUeT3c0OJs5r7LW4oTv6U
LfozbiiJXf/3cUO/jon/IHzob2D/f7qyfwlGlPrXYUR/elzBH+qafvbmz+8/
S/XnUNFSfLCsdP/Ph4oKLb1GOl5h12vvQYz65ANBOF4QHpJt4ICInPCXmPX0
QvOU0JcLGK+39AhEYJ8fnKg1qNqhwFEolDO4gM1KjIgkUa8y861gGlLJJpNg
L74d4hP13oV3CLCTfB20Z/0qs2MFedC7G0PLmiCtvo5tRR9ay5IfrIErpUDa
BLHcTuXlip05RLIfp9JiCi4wgok/NnbBoInXJ2io2BI1NecdWgZy39np5UEo
XF9lkraVncaK9lK1ds1i1hNvcuBxcxKgerf+lbPkFV8QVuteS8TYJcsYzd5P
Vmux5FW29qEOgf1mwlfkIopThWpTiuEH0t1bRFjlSOtbDzTKyBnagKQLzngI
nBQAVyt7V5/Plv9DoaLcnVKuIxFBYIWJr8qiHgtlxuT9oi8CRUf1QyZmWk3h
7t5x7bhZtaKm65oHCsPuO0NAalM9HF8w0/TMbtVsx7dnbURo8rysmVg8HHNn
rwcpj13dQFGMjkXVvruEZdCofjb7uVYWaJ7PrBalBMxvV2WQjSuVB1r9ushX
xmyIogoYgGfzg+JvnODvXu1ghpV2wd1qyzsjdhFPstLIvusBcXtZbtuRtB9K
TmeXXonjW8wYTz7fUAfhETq/dUPc6dW+6Gyk83GqWaoLNjAwCCvdFEXIQoAO
PO2cDnHOvYTWK03xbMdbvdZK2y3haYRxRE2EeLFKE52M0osmLqhP25hE75k4
aM58YdVGEjI1y17E/HdARfljz4s97qK2cciXSlynbcrfdFGi1kV9qTMIoazc
1XZggwteOfe8mIfkLc+vsEHvHlrBWLHrKsff2uSh3OGcXR2hj1yqmgPmQmO8
470h637VHTO+VeXC+S23lrl0p+JDMPCoQ4V00GUv1s1bwlLuEpFWy3l1fuw6
f73o8kZMoN2GcEdbrDhdRzxdmOfdexoiWQyNnRRvhhwMnxF7o7MgI3ZimfIS
Kaav5+4Wl0XmzP3DQ2m4KV230l6yJdxaSJz95/iyhzomgGclS3wSlcgIlnwC
eXsOlfDzIHFs6y4wOkELwgiCV43jrVVtyn8/1yEHjrjbNhon+UYecbSHzGev
TOVLuQ1Q+L5pZqOs+EGNF1/HIB9EzW1m9gETB3FdQB0V9e0tP8klJmHwSsfd
/GgXmhadkgsSOGXHI7puPLYJPXtp+J13jRuAzg9FCtNHp6fv7T0w4xAHV8VW
y0yZx+guRBnzIqyej15jCcIb9kzbmym40YX19R7FhXph8Ji+4anW7PF8qyKu
Qrl1XC3e3kvdOxhTdSXV25m+Ljjv8+G1e7d33PAv2uGAgp3lIdGyWPbuZ0oR
UB65VfcORt56DRr3Nnx0aBrnzm6PQHc3EALpmxp2tOStZhc0e2y7gr8V8Tpq
urFaxnhjCFaQA5iS8GN+80uqxzgTmbotHP3WFFrvY5N5E+Cr47fT5a3kB1jW
ieoH7yDWzkmAe4mu3N3zTZ9etF4efe79yjnNVkAu4iUk0yEkT0NY7Gdy5y7a
nVZmXjhbOK6a63qvA1cQGydj2J4SgeMg4tMn0kTXYBSxllB8BqWUEab96t5x
CA785Y6s0/nvdrrKMpg0DUA8XtYIcT+zrprJpZCm75ef6yPkQ/raX/ntGJ91
T/TmNrxNHbqUWcq6sFHhPruKhEzYpczB2VJ1V5pMdyVdfaIdseUJ2qKiI9ur
Nyn8CG/7602paExFlw7MvAm5vuYKO/ODmpjxc+O9pmaaIoQ5c9227oUlAKFn
3ju0ZU1TiHwJuZVWnFzc3PvFtQFT3LHmQb22AlHsQ1aaeKGkKOCcWY+FpynH
Yb5UBWNDB0KQgoB0gV1HT3t/AavjX2K1KQbxVu3y6sQFKL+efdLHb1Le5Ntc
cL2qkzYSCuqbjrLl7TGcF4cB/4Zsy4e8OQ8v5e0oQpAnBzWnJ44ycQOQEMPe
2+siuiLb32fajzSnJSX4Rs9d1dsbIFythz24VzGF1Mtt28ZACbUu8vMrCSj0
OAWPQAHyFwpnEjlFDANcxb2KECIrqF2LwExCcEK+aoJJm4/1giabwj44WiDP
KqWcbUkJLZnVmbCPpQkpAo9+8wjA3Nzp2b3Rzvf1hF7NfYtZzHFkS760y+L6
oTxyszgZcwGT2YZ4x0t/9G5qbq8vgNRnONJwsJN7Lyo+CjiAdqh+7jRKgdwu
qoUY6IAYATREOWkaKvkuKB+iwakyTtGxIt2yHpGAURougILkv/Ggyo94yUIp
IpC7dRGerJxz17GKtSc4v1vdaPzxjPEtwYHClbMYpEb6AMKIFlGmvFaistgw
mrVct6Zakm8XkO3DiqMyNO/4NQhFWrMemLnld/Yg3OTYn3KpBw/nLhNbNb1j
e+D8wm/EeYfriQxp/KLK3egn9k6frWWhaWT8hDLLPjg2e9osPz8wOn0+IITA
8NG1iT7MdsjENAbyyYeZMMR+IZqs7WocXUYBP4KWGXqYhhbvoGbdFByEFmZj
pbViWKKhBaarPqEzHkedTFapZTvHcjE28LXWpdkrDu4tuO8zXOS3MCDiSR5t
acOVVw3IIgnuBd26l6x0BWQ9uSeqqlWhyLWXOXk1O3odmyfjtbesPjLqTWCC
DlU0BC9sKjw6aZh3rpbkx5DZRjdlnPiQqokXkenp0hcDPFbvfqoy3fvzVr2E
zIzYiRoNoJoxDrSvQyhAnEychRMVjYUj30F6v6XIhhbUS2DJy9hL4xV+1eEw
pzAeCYe9alcYWBuQeWOmhTZhhxoL8SohAIztUIFcd8CMDdjM3OgjjL8wNUTL
FfrEBn7TVX1Czr2q19ti42sudR2eUBVtAI309g3tqaoyjXryWELsAkDpjUTD
y5VCCaQcRECuOHWk6tdzvbGvyJG8s6gPrjAu+HO3uHGDxcVLV33YvxIwxXx4
/FqsyfUlC+wFXLnBCJYSd215gKXUEvyjZ336fhAW44NOOtwmTT9ojXQN0VAQ
mXDHlw544q56l3KWdmJD+9vZrlYN212f1JNr4rmQt058gJ7FHTlPz3Sz3s9A
POT2ZsDZS00OKFD6BrxdQCni7SeSDvHKcY7ftF28+4HhIW4DuNoCPF/1bWMD
1R9No5zKNddhUXImgeJAELtXzAWsZ9l4X5MKz3vkpQHJMUeFo+v0+lxZibr3
ZmG/TVHdtDftq+GANh6/MMTVUAwqeRDhpYGXrFNV0jAayGUcDINhOyFtnLg2
gc+8HQKSwyVOt54tpRQKHs/DwpMJN0F06Vs23i6wyCfo+9V6CKsaDLrp3T4g
tdGl2PWONN3hEloCsoAJubvkQWUJFok7LVcc8yprdzfiEhncTFBDjVNDK4Kx
GeGbK7GKAaDsvCa55akVmt3Pirq3EB1Bs9Djs+jNhYBDoDb33i7SGs/Ucpe2
UF+R5pUjmfhQB/W5DQ/+Stp2nIjxsY2ZeotHBIfEIX00uQopEr0noZaBl+M5
np1OZDDvpwpCB075qN2QbVZh00ib1GoI79ekUJW1QTogkPjr6pqecHahj2dH
9zF52cEpNEYf1WyYrK45NUskXgfO2Dl4C4ixMZsbkby3/iUoSa0Dt/Z9A9wA
vq0paKpwWV8sBBNu154lb1bfKfyq+wdUrFzWgBFpa16RjKA7mFoKwomEuDPl
bW2Z5CDvqJNwN1b2QusZ00ZOEb44yfOntOoCmq955rUDY3CWzAn9Pt7doPQK
tdUevGfvZzKTL/0qKPT9U2x7qiaVq4/SCsJbTuKNR73SpVW2WQDTsQvxyqOB
R1+NcxpHCGV3uIBaby5w1fDqPr6Iy3pgPgSbDRlvD1tvNkG6e4/raX2Pht1Y
oO9Pp+pL/vyndM0rPX1C4RbzkSZl0yVn93fhgFgaV0/RSiule5sdzlKjS3QA
n66mSEqvjagOwhOFurL0YQqitHrMAB2u1HW99w4kXl5x4M8EujAKAflSbfLJ
Kmp9c92JyBqdgPaCs38Hbi/3tWSJveQoBi2rWUC+l5ZUUQoXUMv5ytJUo8eK
B/CaCDM027liRQezKHLq0u1Rzpb1nMkmgI7kxmOHsXK7TieJgjj64+JGcA1F
oJP0CN4izqJ5gGVXByXNZzVRMnTbTnwaGM9iCkyN6cMdzi2AG/Wts8jb1acv
4s0mPEXQQj005H5cMQxlTEF0ernB7PfMKdamIrdcwZdnAjHDmWiEUkntJm1p
hgpJ8DJLeYVnZ78nKq/r3Isp8toPv0sZQk3QTNFZUmL1G+5QwwYGKQVFGjNL
qULleNWdbV5zYVWEVBsX3q9RlUWl/DibBNdl7uGBkHzRdAy8I3cM6WqKOrzw
NORsN8J+3WoMnJ7JNF1QaqvAhbsud6x6T8dgXh+cbiKB2zV8b7u2EfjZTbPn
6HjEqVGBz12ZHsuOP0OronJQvpAKRVmBITRyV9YV2+IiuNDk50Bs0WShvDA5
Bu+gdkThZ6VxVY0RM2bco9KpRzNdzOYiFcteemklA2VPoHNHePwxePc278CG
eu/2MyuMMRhYpagQLDRE8IrNi2v4eaIpB1D1F+DaNdvdbcnYIkul0Z+UvPUW
h5L7jovsBuPQplevd89IQmvikv2ckeg+AFmVPhEE5W8X6o48XN1f5BHRu4II
AFWJtZR1tigkN/TlPdCn1QnQ3CP9FsN22YuvU9vajSxp+hZP6ZkX0JSfX665
Tx1gEZDu1v5Ms4vU5slDA1TbSSiN9esi2v32ob0rr+gMqiOc/iYsL6+6qILU
TSDEioVHBOyDije1N/PmQFT41SAjeS0eztSKJFn5y/Uh3mCvZiQGFOQWP9/a
85eXBLdP1dIaBcXxcCnwrcH5ksPIM23xh+Up+bsnABde0TLfBMjCAf6+FcHd
xvucRpHHxd95S0pVnFxs/7BnK+H2syOZkXhVDA8r2kj0eLzpYuVaJOU7e2J5
97oBo0pBTwyzHeUSTkzjoU0dCUMR0snSemEzAZCV3IN+qXDl/m7I+lAeIJXD
qspgU5qcOvseFkGRz2YXv4zvSt2aXSu8vRySyqNAdIULc1tBBdsw5JAtZ/FR
HW/Jx6szy5xzSBUdip6Vsyh8xbfLdpMpJYiv8qmmb3sGJGM2LPh05VcHehMU
sio1xcjtVPh9jykA5l/MAnvCiBxBz7hRcLnb6z4DD36FJWvRCq42Oahohcq9
PlnB5+DZTrCOGK+jzbfS7OvMjUeIpIp6M5JdmOMvgT1NyTAyeq5hx02as/s4
QnqZZMSmeGRfJvu4PXp7ZgA7pK9jXR2Dsdc217aRD27CfAk5+pa3PrNVLJGM
VOFVLzFAzvI+RVWDqge3zqV8x62dSdDXO+hkmH4UgyX5RKTKEwBenBIp+ccG
glQ7zlMxNoqdziD6OD3a59p3gL+fLq+0pEHzThlH6pPQYnf2o7sooBhtrJft
8UKWZ8wnEzo1Ezvv5Jxfu9CX3sLtiKXSAgAJrm+ufWwHcqPmVcTqGW01PKXW
9UmwF1c7L/FgY7XfBCXLG1gsEeNlv3gKQhwbNrs42Rg+G4L39VTyBdhF5RpJ
SRzXxL4zNHZZXoz0PBs2NlGC4eWn+uIZ1G2HoIyWIpLUnU6N7iYbeM+uEGRc
b4NCf5vQe37uB0j4yQVpH8ljWLqzEqw99q6l3svqBcf2AsjKQO5ZL/7sJmZt
s0y6h1fOq9lAunZd9x6wdoX9i2mzmr9NicXFQvLSxenY31D2IJGwVFGYijgy
i9p4CvGzZbiSIpw7dwvsmhFU7+E7W8FLTBW0pOIObQE3ANYLKw3ALluNaNNH
dIK8sSlaKJ6KNkhvTkeSL8EAuJZ7WOi87mdHdZFSpnLfY0wGrZzoOw4aaJzj
svNWx2rMqu3wH9ldxF/xwSinyD9V/lRAjxIBepFAzoUvxlQKb3Xor3Jj6gYI
e6c/IfliIcpIossDSJ+WZMT2PDe2b1G9E0VmbC/ZmBylOS6bfdmxY+evxTMh
rmkIGc93PSZbJUdSRxTeM8sYODY9nJLaqtdFvtwnou0WlOzJCHAtdmQvg/7q
81qI3G1gPMQWfMB6roRqgWTI+DHdg2Fu0oxsVH1P7u+EYenZhXVamkG2mI9T
UESULiWAzK9OL8DybPRaJK9SkoxX1T27OF66tdnDYNREuSsg/s6I9HE/J+qD
safKVThfNl51ztCxRUzZTc8S+AzeAZVdfUYaCAuaUPvhNE3BQWSUs09ij26h
SEVPkKpNpB4F4xKqlYtL1RU8QgR5idJC3eo6f9Wmzt2KgQKA+2ODE0OOnt6r
cGg58cr7dj+KR+Z313Y9U5vf+6CFiCJrLWUhBY/UfMlXeBWph5+vSvUgG67v
4toXysi8YauzuHg3NCtP4CkS3t+X/h5Yj4WsbyHiZiRAlGcFVaGK4KG7+9Kq
+IVUT0GQgIV2snx2aRaOlf7e1yD6bI77QV7kNy89Dfsm4rBHCFU0Bu5WbtI7
IuR4QnKWCfAEhJ63V93WlnPFcJNQajVnHRl2UuNOXiJ9JFRirGTKxWLkFbt+
xp5dgk83Y+nCY1MdqAgqb+0NkqJDknfjOR9eAvvmOtLuGQYXjI1udGtMO+7e
C3tsBqi2IsCRifLFXhtjK5kdsCaYAwWVTvBGvfZ62qhhLr0N8K125QVoSkWi
HrfbbR1xRt4EfQO5PSyArtcEaJPT7AG+qUGZJiaqLbFokP1uvl83oX5X8DFP
F5Er6oAItKh9bOXO6479usqDGCsO5AW1zqVPmDYnPpYn4qY9r2Lhzm9Orq0H
VdXz7QZcFi8GHnBjervtKXf06RCdX7riJLtHImpyrNRQM5RcGoNqpB8cZFsz
fhdBbBVRAScZ8NJfzbLQ9bmx4GcvdNOGyGpu3/3xlaqIQKN9RkbHGNyLm6o9
Yd7OS3x5zPzsLQmSPl/i5cxY5m4FZMqwLDFtENI8dHGNA2a9Q1y0YrbOVK8X
T7vRdB8tGDdOo5jdVcBft7UZ+eTi7OXVSGj17hoxbqJK/ZZS9ixQUaAizkI0
FZUB0DI7nhUzDRfX88wlc3qGGLkFFXR4OBuOWUYUySVXJCD0Zya/XVS4Uozp
LOVZSAAep5TZQLx6PUeumBzuuTS9KimU3nOYWB59uZUeDsaY8u4WTYwYHKMx
rS+DeZoEq6Pga1yY8ssyPCBJkc95HTjXVkCIMPtb5Er2AV1s0yhk1THph3zH
nqV4H4f0tPDdKx9GdqWeV0p99NKdrmegg8kZhp6PIPZ3dXtuzmER7UXCXX/b
CFB8jLicIQK8L4X6MpTgPT4k/tgrc6vVHp2nPJB1y0tU65pQtTe8qjcq20Z8
2ZdtDsBchjouyRg+dpaiA4U4K/C33+nUrTGKe5K6JO/pgnhUZ+tvRXDT++m5
dk5d1wtUTnzycNp7oGVDyI79+7aQeHKdu63rXVcoY5R/q7NjUC83e5svc2Ug
utoUKr2xr+Q407sNiI0+yLaTqiwCWq6LJPIiS/EVSRBag9nPoVKPR+1rCqW8
QyPzSoYNdEd93gn+yNQLLFhbLntJWt1uUjy/EnBpApHrm6ddcP4ew9gN5xDT
65qhWHT6CTgr5KnJQdFlKVCnqCLBOTws0/DLovyJ8BmQTIyJ9sMdT4OJljW4
Jl+QnhbZQsSOE7YrfZMPHbewvVIwsbkwDzkGB7uGnRYpNe25WnomulYgW13r
jCaG6kNK8KnQck/ODsBw0kqyInbsNW21Vt+2i9oK6VgXxjwx5P1gNl48MvOK
vdrsiV5FpuhvUtoz1stybsYgabRozoy+YqosF6OFkfMFZSGelEEYSOFhYfkk
Zzuvmzd7fiCJzbu3rk9vCkqBDwd/2a2Sdqi/9AS/+DRVBWebcMFz1BHOMVc1
P0akp2hqVB8BUuKkuCG9/AjhIpSokb6KaNQM9tAIUaLix+Ibhh6IzH7BIhZa
dZ0z/cNnhfZ4ODWryO8S0EreXnmz3u6hfi+0ql9estyyz+uVJncIf8EMCES3
/jIfUGa/5UGICNqEddnIb6R22CoaP44UHM/OTMQ6VFgrI4PBF2WQgjnculS+
xqhaSkp1ibZCx9YiwQBbXwf9c4N5eM33rM60RmCGBUCVeD3i94RUyHSXcgI0
yGHb+JbG1jm/DZcOtF/+xgIQRFD05LhW3qLMnIFFn1PclgUGI1RPLFZWb0/W
AtuDKlkoCIYyzgGve1Zc0tzAqZ5JAVaLp/v1TfMrEa8yA90I7GnLmxe4I+Z7
GiDefTuWldmcxhi+hkh58KyrkxdxggPdEhrBheOeOODVgK5no1/4wRWdJKTN
vSX2yXsOPGvYWM9Sk+ias6rlqlMxu1A3L0pDPd+vhrD6dBE7ca5evV97qTYS
Se329vV5MDszVZwSv0LRmMtcklomBWupQ60zZweXxTSGYZo6yU7ExhuABI/s
Nxk4N1/UQwPlfK991/QWSDmFFzSJI7mZRyYZ7V1BTrwOXlJAKWkd54ERfwNa
IAdyd9zeqeetD32mxVr2B1gCOsJUvA7mxw4vnHK+vf2zRTb3poguUsQDIUqo
Wc91mdlm8jWoepbipcOLDAhjWMRKQAWWR9b1VlG0aqrP1wSDWoawUAPhLjQh
7kx2w1++aPAjoXgbV66JYHuZBj4kVQLXyhOxtnnJ7koswCgUhtWSgCzaXG52
hXwZaFRzvVTBNzPImpJQFg3p1Xw0ruxQA09y9/N8gsuITep+Q8GzqFauGJ9Y
c6AwPuFmF6zVgDh4HK86ZwLwwXIx5QzKGjzvaQEvZoPSLB+5zwHun2KJeRoq
cbj+dpljk+ye5PALebWTkRj40AJwpmqvqf3I1bJhPZ3iApN4PLBoEk4h8gKp
jxX8rdGSoqk6XmZazR7V+3K8bs8Pc4da2KnabP8sLwm2n3IGe25nnpilyqyQ
tLxfr+EVwVWcj8GRoB0RrEGjCWb5QjHSY7hOdgDNBylGCeDdgMEsVZBhk6p1
93DmnoJYvuN1JKZUPnNCzUVSlM5ynCEBqF6cYTetoXMG96hN9W1BUsi7O8y+
e2aV3cU6csEiRCdi6JH3nmgGU2brVo1lCJVEFlF6iTjamo87dnjwQnpbPsLp
NaJSvTq2rrv1lLu+k1pVyRcfwloK52gp63zAO/Y1TWykyS6MOBCdFtyux3Sz
QC22jYfOm2Q/wjW0g1k7xTyCkKynYnHqsCaH82SuQXB7J9aXnCnlZS88NRP0
CkiXgJaBHbOuYDiCxz4Bac209OpG6Ch7zk0fbtSkGev42iXzkVbl4c235HZ5
I0tLZAaOpgQuXvn5JTMWdcwkBzEkhkjc4T/ZAah3fKnuJIxxs6BZS+Y/5uPs
sHjNuuhGfPTYzLJ8BoJdYrfLdVxLrYwzfEteNY3Ft7ErSqYeoMQoskJsStMw
c/5+52GXAx6X8GrS0ewsfkuaGtDdwgTYraVCO33lIlMUktjxGtTwc/+aLJge
QY8b5kePm6hIhB7t9wuZEShG+YjcOGowVGTMF0gC66HPrctZrZZLEMzmhyj6
fLZ1Hj7BO7Pm3ID03kMcIVi42EHXljOmgw9jVvJoPCoK9hy3XQZhABzcfZf+
e6FIhUtq6H2L2Aw90F53y7P3EGqE6y7XqAH17gakdjntnpGT1ZPV5ivWds5i
gU/QKtG7Uyh2Tkz64IYIMHpl5CuAvpaK1kvTRaN5UH+OZ6aY8VUvmzamDFTr
jlPHEeJA1aJymfxogiwJcLKbM6BiBugYq0FlhAYct0sNx/7LAs8YpvLZNC3r
LN9AXMMp7GmGQLtiqLS8pOGAAJtLbtSZzK3MoBQ/Etjr/Wq+L/kOo4NFSfc4
RBm5P1PUjVqiAFZ0r6+ROQxQwVjqnHZN/47oBH0veMZLIEGSEkHWE+oiSu0G
zVx0u9qiAu3YSowEGQfwHZuakcOz2hTvjmFlrWQhEj7wsrexUxBIuJZZAHdm
58GF6lx9P5WzncLcLkGo0dj5ElkCWQGjXS3sB8uaVATFPvK2ycIY+rkT3npH
Tp7M+M6FxNhWeqzGaJZxSlphnjVMvW4LwFF2U94MmZDqa5uD4wuQD6eomzED
WmN/iX3eSPIUXiQ+HocmTXgne90ULxdlK4CufCC1uZhTsGiB6hwTWhbPjfdZ
mqvc7saN1mu0a21L9y/CewyZ+8ya8sDtd0fk3rmILLjAHdyLyqJmlFamA/OO
0m2zMBvp5cdyw0zezAFerenMJbofFcGCYnKmDCDj3Zni8gdDyxRUNNsT4lvw
1jla95gZ63BrjNK42CAfb7NfFFgPnscleZqZ/74SBQbssQdJZ2Qhs1/JtRsn
j3A1efYO6kty97cMENIN095mnmjXgPAikDkV8IL6cZjm25ugtDXoFRmXMgTR
EoG5RWhvcO2YIKiTvbn33uZUXTyjZnnAkxQDMc/doOCMxsgNh/fjEMKH120I
nWEzd/YXoG1OMDwP4fVl7Wbm9r77xhSZAxFZwcEn66/3w2+wxr9Atvs2OkjL
VD0HdM+UMizNMiGy6G1xkNp69d0qN77oJQK99luECR6C3x57kkxZsxDvS4Oa
jMJkYVa/hv05L9kQZIYnxmbyWsrWaeR8RCQqO5XhUd/U5zS94ltkX7kQ7c1Y
77nLeF0L3BuckRpbnyjylkLZmpCuMAMp5aIcUaX67n2ihllvo8R4B1VmKFbZ
AOl4SAx3yvrkMwjCswiC196s9FtwGK7HP95hflTRzHE2cK/dOvFYzgAJQ3mm
LZxCRzxCbuM3t/UyVTsI6cVctflmhNgWBQ/VWKmq1CnFFaXirBp6aoIYhzL6
oppvMBY3q71iykvSuuX9uKBZOKB6B8Sbd8hHO2DvoTjaRyFCttDv76GKD8M/
tIkv1MaNvdf06DfKCWn7Naj0e7YvNp8s/Zobg9mKlDyrQJcPzhUd5+ed0zpj
WtPjXeHg7pWY9Iq618t6TjiA7k9rhtOVBi4eKGbh9UwcZWHgTp7tNl7SSaE/
Me9AdJdlWyo358Feg5Jio+FAzK1VrmQCam11m7zkUof4YDcQcGyq/xjRfXxh
mrhxh7hNLmGnBZAYzpm7tjYcobNO2s/suLT1aZKbh5xVDX+RJpg6Cw7orpoW
eR9zdpFpKXDoNRAOqNtSgrBIOEUpb8eJTaSpx2Qxj0OfJIhVCLDzL897qMza
S2UeZ6PeYGw0rkRW8nLhLKhR5VVMcJ5LvHDREc7MuGDHlampCL0ThM6oXnu/
KABiDkyQphSGKJTfagLTo6rcYrSavqTEZLwaFXhgFd6rm5Eb09o7xebth7Mv
4YFdXBzOHgsAP3uDqX4tWitdAeyssENP2df4GgSYpB2NtctJ/MonadvqOXst
Ej1b8WK2ISdcJvwwu7i7na1FksnZ+LQ7O6tu/ilQllzELREOaX3oEX2oqZEI
oQRMr4rqYJvCXS53zwFmtSVKbr+x1vb5ocsmzCJhLecsFvvgRKP3lPvtHld0
sVKyeVuzBtMCjEVXIl2yNwv8G25a/oU7UP5PYBH/6Of8/4cjiV3n50hi1zrz
Lf/4e0ji5ReRxMsHSayG/3wksbe3IcLXPyAFLUj5Hl37ZYQPvFZn/wiK14af
oZeWAdosH0CDu/0cZPsFtkdIt28BeBK3/x2I7Qdl+AVce5NfwTmPoKOqXwEa
fxCbH2DpI/Ct5wdPLN0+wI7zXW+Nk3aJu72N+oYbNf2WWGjTH/THcm6CfIB3
fP+B4H159/e/7HddRuLDLzieL7jI7239BUz7R7C031y+xvue1uoDT8ct4Uez
/7tI2g9y9PfY/NeRwd9cfg+8WLr9gBldbMf6AjP+fnXfXH4PvPj71X2PYP16
lT9HEn+PrP4pbuaHVfxkft+cBeUHDc18AVb/1qul28/R1d9cfgyvTgjt0XyB
VysHvX1BV/8YFfwz//hgcH/sIT/xj69XeMYO8zN/Ob36D+Cgf8lffmbJz3X+
Eajxr3rQr0OGTzt8AdXCYya4zc/gwpyGSvWzOJWGkjp9TISyTSrpO6Qh3GhH
op/q+xvA4K9Rr5Lwc2joR2Hw8gs09PEsgi8g0nuZ9M15TesI7a+u94HM/sLV
Tq3++fV+A0/847l9kOXn7L7D0J67V0YeRkqCPpz2OUL/7AB791A9/giQdjxt
8tmrz+5+pZPhF5TmXn4sp303awd1q6hz65Qbit9S3zM2f0F/v1Xf5ncp7qlR
X0Gt/4zinrH5neb+fcX9h+HOv5Cz4q9yFvbFen8Effs1+PYT3X8cffs1+PYc
4U+gb78G334/hz+Gvv0afHv65J9A334Nvv3m8mfQt9+Dbz9z/8B8z9nbdPX4
TsE+HhP5+uk9PC5VzLeg6+8B5PZHeb/1zw+++uOf527+Qk3wLa78jG7rv/Do
vwZHP1Xui3LJZdzrn99+LPdz72PktEGXEBKXVpFv/aLKnb6BnfszfFYBP/8O
9Jz85MiPb/6Q+bxzd1Hmc9AOJdW36qPVwwcBPHxGMs//P+DtDw74B0z0uSfp
J/I+UN/PfnHYJ+qa7PEFHfwBG/lBESB7maDaqWzf7wG8nf4HffL5Z+1fxUXz
g5Xrb+HDH538ErE/qxN/b8Sde/GTmPvpcRNyt0MG8qsY7+4cAbXIHx08wYbP
lFt+OZfbYZ9yzx8dP/GBO//aARTf5vAfjp/4gJdF+YuWmeyp334AfIDY31y+
0oVPfHysU5n978/GX/LmjyqcD5L5c534hyMfvkU1/wz2/R1u/vta7vcD53+K
m/949R8Dzv8UN38qzB8Ezv8UN3/65B8Ezv8UN/8F9v2HgPM/xc1/8uZvAud/
mL3Eytp3mfHjVV9i9FPDNNXHOklv/Qidbop3yPxg6rm9SurvQMKPL4//UVQ3
p7f/heqGz+j+1EJ/obr//4Dq/m43/0J1/4Xq/gvV/Req+y9U91+o7r9Q3X+h
uv9Cdf+F6v4L1f2/D9WN/11Ud5fJRPuc7abWMTpkpIafuGcKCcwk3mippMPD
Npsh9U5Lso9fQ3XTV4CgobpDvJlL8xcflJBhYffxDRBDXt37Ha+l61k/RFDF
EQ5JAooNwh6VYHOH2w1ya29kEcagr+Ic2VI+Hg3VyhNK8TbnQ2dVTEDDgzrU
4JsL3AIkmwDu834Vk4DqCgl3UCzuHvAesmKDukD5sJ0eOG6I7+JNufvQDTd2
4Whm+0Cpc4THPbvdhVAwTX+YHSkBNdNUXP0GrWXrOgHquSM13Ng+MJg+vN5S
Cp4P2ROpMn45E1CfeRNBnngXm4Jd4X00FjdpBl8vgmBX1mYUapgcAQPTdwqW
L9UtlhBt+mHvr67pO0V+DTbim0v3xsHBXqbEQC3KTmGSUJ8hZixFgjUCeaUm
kW4f0Y6JwuSgMV39O1Ddf/9b738rvftXvun+F0O8v77qj1je3/xZIt2/FOpN
/Suh3j/lzP0xtvfP3/07EN9/++dY/N9I+qb+cdL3udB/cF++Huof26Pfzf5O
UfKX2N/n0/8M9neKZj8MmP05zPMf4YV/fsxyWuQ7b0q/Vb7/9d/gL3P4k9rx
b4r6Pwgt//Ec/2KX/1Fi7rkvP0Lm/k6y+T/Ti3+Nhv53nfgPIM/T6vW3pI2e
z//138ovlvl/xh9s+pPR/9sXavf8cdd/QpT893b5H79gv/9eLP/jv2Ll86Kf
hcu3L/mdEfM/wW9n/D/Bc6X/758gvH+9gr9A7//EYPoFDPwPFPg/CIE/A+57
CPyXlPQXBP6fBoE/7fn7IfC/1oZ812TcefZvVxyH/15b8tmGL377PQD+E5Lf
hdX3kfmp/M9hzgD9/tX/6fz39icG+laK//ZfUvy3/+v82+dPovl/fx+dP4rG
H+z2989e+JdC3yn8Cv2TmO8EdEV+H/P9R93g3+Drjwntv0KGh6/IV5T230TD
wwTxo1f/IhsepZCfvuhncHiMgn70ml+nwyN/mg7/uwLmPxEO/7sW9lM2/N8p
yf9eRf53ygvkv87W+j2k+M9v4+P+57j2uH6wrID95+PaJeFRT34L3Agaf5qD
XbHYXCiWOYL2RCltVwXhpRHXMqoIFm7e6h2UPhAbfZFj4EH0jvYkVoi9tqLK
a0Nrl74edw7k8Ht8PGqmO4gpjS/FdKhZkDYP4LzQys/Pwrr6C6dPUiiKwzlA
grWht6cy3DBCFC21VR8DOdFYLsCrBdIXnTNDcTjWUr3hoIUAEPuI6Wh75T7X
0YD9BOwSf7n7spHZy9j14W4e75F+JQlYqGz7pi4sfpe5N5Is0WvdCbVjrxRO
wBKCr45YFvbORu7j2u6lo+2vgs10qPcYboR74uq/ryjhXlJEVezqNkGSntOY
ARnzc613E/fkSO6wvQQy27ESdjQT+SYw2upFzn8qrl1zORwBmieH6rhK3lol
TtoCw/KL1zHa4/GcnUwFJuA5ifRh6jlA7khQLS/Kx6z6TENJaOkDRD0xOCW9
KnKJx6K9Tm9PtItbAfEK1aZYZRXi7Qtth1Q0i5CHABGDEdJGOo943lr05tu0
jks+L70z69FiXb1kyD29aPuIDtCBIZ5xPHO6BNBuJmL9dfqtjXhO/NrMc7Ny
r5ph4QFvOeKlr2sEVWxi36Baul3wQbmdStRgta7vfoZWKKSiO8rfcXis9HFP
9oGAqlVO3vrI9EcdErx6mJzynkz1KLnicppAwPy39tQz9ZpPeFDX63qQ++Io
VnVtb1WJC7CWZSr7JqW3eYdfxxxJGYaw+rgdLHsRhN+Da9c1Mk4sTl7ClgrV
vIL1ConooizpSx9UAewxJCoYZZpK9SmNCpuvZu7xnbOx6NG89wO3ihI0SCdQ
kcA3RRDwkD3s7RZ28Esm6mimTmz3vLNIfM9NenTTCAw9UkYE9iYGxv1+7ncH
N2SszhbN0rjJ9egDT4IH8HxPl+wV9NKkQAudTAOZjKUVgj24bumrMb1X019T
K4PE6/2xAexTMwfKzg5lRsu3fMZAOWeXx3N7D8OGl8tiF2IOv+wXDqeKrK0K
Lbx8j6QjWupWvSTmpekP3wbcw9HdEuJfR6E69AUl7CPjT73QH/OoQdgIcisE
2dQzUtOdhwz4oanR2heDqoWFRkAhy6oVemAsv1pvqV0uDoO8qrtg5HLZZGbh
RcPyJjL11bYPX2H9GIayUnPI/OoOm7vdvY5ASgi0g5fJrMLqyxdSuLmB2M4j
dmovolhxpg3vfQ/w0hEU7+AK7JATeL5CEh36CYE9SfsOwTvOuFXvl/btsmGu
YJHWC2XHoVWsbH1bMOYrJNgfbRN4qa/yWb46OHItxDeG+AvAR8qdCM9U4tzN
dL5AkuTpgJDOyDUeraEr467sSNieD3JCJUlAN/9WgtO8ezn0Pux5lttVTVi6
pNK3p6HZ5ZWvfebP/f6YqUcOCx446+8iHETtNdejfZfm40ZPE3ssoPuET9WH
HozY4/mTuiHjIHkXKvY7HFuT0T9VFQ+jfBSde/aYfVUTTBmQmrcguDPNbvRT
4oIOjExbw0Qag7lDXJrgeplA8R54d8IeyLkNbgOJxQGSAY+3IZc2PYZXMkYk
WNYa0QkzBo1o87mFmZaGAw2JPKBcRAU5/A4uz+tzWcImODUBnIndjT7XYtpB
aPaxv0oglQ+fEtIqZ52spHS/J9E8vuY4dCEbVLjHBfooBoeTuzx2rtueictO
cq+zY4iju0p7V/YB5e8slXmhJadSRaujLcWRkuvnxT7C8WhV1gSDF2gQh76a
0P15h7w1moJUQadxLKRBWCI8BMJE3FW6bOd9BjsennZuMC9PvhRAZzBt9QG2
7yPQsTFmJha07iuLFjOkaYo4Mh0pEIU8joxHYs+M2jBpk5iu7Q3kkl8fCF8M
MU+GaJ/B6n1UWS6JrJJ/sW8dlu4rZcoiriQJVArBJNEiuRCyec8TqdPjxb54
1wCPkxACYRtvAtCi9LMbrRzO1dMFmtLgZiyJ/v+19ybLjitH2uAeZvcdWKmF
bhbzJOfpVkn9YyYJjiBBEpDK/sQMkJgHkqAks7Ze9BNU73rfm172E9WTdEQA
4HCGvCczVVJZ/UqT6WaeA8Tg4eH+uYfHh1UAnMhgHSWhMKE6dMCOY3XeYd2D
6mH4mpp0vMtYmxC93ZFfcnaV0beji3Bxoupo2LMPrd6WPeyl0ympko7YOOB7
c9caBL4wXgP/gUU1Ux7VA7N2vPT7TigdukeTX7oj/kQcm+xxQhvH6aU+t4zB
ET9dxLOittJ9t13ryLuxEp8jbHEO5MS3+XFaDZiGZ3WVBVddD8W1p++bicM2
LpNtSh/P0nHoCaEDvGVb5eP05HZJoz6sNbHDsT4U27zq7e1LoyUvpiOhdtmb
9ehguAtDMnwjW4yNWWzvyIbVJ5OsPuQksuZtnYlZD8YmZrlVRjkKo+hoLawp
Nx2bYsubh0xXpw+n0JOC7WV5DvonVd7M4kWjzvoE25roRmOqrLx4ZGGRcO7O
s91OC87yyOS342WwO6y0zuDS2axHGa2M933bdmosHYa7uL6dsnPP4emqP4j5
ZkOSsarb7ax7VhzWhV6vS2+BuNVIabcjrxZvq65Z7VcdPd1N2sIMpyK32w53
R1IdHYbROljw0wl2qG17jUUiZgp97usSf6DZVjLa+mZruOmfqlueWzVilxGP
zPnU7erCQGUoj/PFMb60e8IqxAztsK0tJ+lOGKfsMeBYduv2R2Nzrl8UdnFQ
bPFUJdbTMUefzd0qwS3csjbMouXW2j1cOA8whbX5KWvSxDGI1oNR2nMzbTjf
C/NaLeTdriHs5uK4s3P7c2F/qJ1GtdOc1JJ5t5ucatpg0sa8ZnyQFN6Z0tpq
L3eb7WaPHE5IXZPwbZatZVI77FtLm6wdjX2v7R+OVaG3iqlM2J69FVcPsGAq
0Stt0w8FIJP9ekBbXWJFtYnWKmKpFNhtbZZuu/Wl0hRlpS7tt3IajXU23HjN
Fl5NeCwdNF2wNYk2VxucBhP22J3t+I0/SVdS73RWad6dDuSd2Ta6wn7B2Xtl
ccEpbxHJVhhLbUvB1oFylg5CTehy7syd15zBtMNJe4Ofzvs9bYT3ub7erutj
P2R1MlvrF7K/uqRc1j01u8pkuQRxkZcJhKkEHn9ZmC3t3MW7SyOqDnt0Y7ej
1uut6osDhmQXqXg4uHvR3PPbWi+wVHy1M4cXrNetko0OP6qRmmR1wqZFSnRv
MtDC4bwV72qNZpDxNYr0WWrmzOvnWjo4h4Tfdc98a7IWjRbGL7rrzYTz1r16
5gGELu7l8VSebve1Ks3FdtCrr8+S7AVDEKC0nXlV3AZHbtJZLJPzcXXwqxjt
W+O1IC/2Z7ZLj/dtrrdL23I4EMJtTwWmWJw2/LmsLGViIIkNriUvNf50FJtU
r1ZTSH+AwW9BtCnL4YygMT3IB91ajBmxxRwXcjQdHHjxbPRIz9poy11TOOB2
5yzHEs/Vm/VDLET1AxbPp431UTd4STFlw9hVKSs5HhXhyDh20ltsTnu1s6yr
HdGe0BPHXIXrgOO8eXU0qaf1XWuIgTDNjZsdXAoTsb+R6GSfMsfOzpe42jBh
uu2uHej1TD5t7cbYn7GrU6dObi6dSzYQE9VYjDD20ulOfA3PlhsHKPFKInl6
kKydLGPOsXTJDK6Kh6YqW5G27sVqv+UEWmthn/C9MKlvSBPrAxQ5HE2Y1mY9
qFLxnpXGSnj0R2uTAGC3brdVbWeuWrVMluoyvfIkAvdoQtgly+VkcAoXmNMX
QKxrVg/HKdfq4aIesqYf61ZXOo53WscaTffdrR7vhPV8mXVH7EVSbQpf6DNB
m7rbuoDN7ONosJr007Oy2rH9GTFYdlvn4R4sznY/k2eXrbSgo1qYOcZlKS96
aXZac7uorW7WG/HEsdhaYqWkMZe8zD2etv6wN7HGnXDVCBahXmubM3tPqp5J
uHygs/WQGs5XzLhWa0081Ry0TW+MzfrGQOxfhEPqRPPmZBiv08ulPmqKpBQv
2k3JnHS7w1aa9aaHoymKzLw1GkYr263px2W4qknYlguGPDlvkr7RtxJ5EEjL
mO9uiS15JoUVrZgqASzOxmzaAETvNpRJZeJiOErq3EoAxn2FLbl4t3PIdW/E
t81arT7lF00+49RItEeHS30gp5yon3vkLFuKkhHq+pQTUu7UMXf7qbSqBdh+
06Q9328IbPNwwUVm0nT5i6bIZ90Pd5ujYtLRtK32ttzBdw2fHS263KHtzrcn
lT4u/MsYC2ZnYU4uRgLh8+pumvpSAHQU+KpWnSb4XdUcb8WQtwdBQ/PUAb27
uI3pcNcT7O553ZXII0YxPdEithvgiVmyKnJ8ZzQOdvRiXnc6C9pj7ZY62wyA
dCwrWW65PmWLe75NzJPhsu5K/ASbsVs+o5RNty6rveDo1E6LE0nTRrZKm9q6
bR2ZEe01ekTTn3Bn/+SPY/oy1+dMlWy2zvzAw4bGdKbXGK05Ts7j7nZsBKLL
1qyjJoodZpa0N84s4Gpmepoqe0U0Ul4ZWqTSwdm6qZzt0RlT4st2NTrWZKMj
M9Zya/X0naSuJH/cWkgjACK70QCfMDKbdQdLOz4pph8AfB73B4c9EUlLrN2s
6lS/M9idmpeoL/JpfOBGEa45jT3RTM4SWLzlYWhdpnvZpE21G6sibdqH6ZrP
ppTYXGMLc5xkE7vR2OhqV1o2BzXTH8xq0UgE9vHcOM1qOjHtrUKgdweL7uJ6
RFg2qyeu45i817cxQiFNtU86S0HZLNud3fJCtwDg7wgeroy3vkFrw7GsrKys
YflTI2WWzE5rK8DHTQVmfhoMMWtttzR5Ptm7oem3gTOYD2Vnl7SnI+CJJ7vF
oMpG1obuHMVZw6qpGx4ftLn+1JlUO8PLumEAe8CbTtw3Jxtu06CqhLNjTr2x
saq3j3hiHLvNJElp2+MFWwXRejTl7DbPyXW3x4isTbW62NLRWXmw7Q4Oh/H8
HGQHBue74a4m0PX1JtNovl3tGu1au7VIOyA2jlvD0OfibbcTNs5K67jDLqrd
bQHfPGk7aRNM5Lx1dcLtH/nMEvvtJT/ohKMaP/TF7Wg3W9E701R3Tfp49E9V
dR6pXSxukS1uT9X7dLbukVwSzjM8mA/VrcWMWubkaI6N3kEDGim1RrEp1deL
YGYt/Pnk1JuftskOC3ct+XDsnxfEYtmkDGGV+uMMCHzJTM6ty2bSJJzeye0s
q+tQ3U+7fKc7ZY0jwaZTV6FHyza2ddszsTfqTxazTl/QuXELbwZni9+xtbgW
9hdTSRjru0lnmYiE702ZmTdarRqNdVNd9BWixmITcU22wr6s77fcyqy6u0Yn
9o/mmWIZhq/xaTOr8c65OT30usl4EVX7nkKKG2/GGJoj0QcVsxLtNHHchq/u
jonSVvZcNj0A9BQOWwplELgcLMN0We0yIIJc6xodAzsyPx/NlpKJ4k6pYXTN
Ox45a9ehgkF9PztYDmuxBuX649OY3KXAT2rVxLNGDOPI0TE0/O6FIZc7PTkx
JkGbJrYSd0JqyrZ/PHWi+qDWM8ZxuzqYnKJ+YMXDRjKzlZO+ZV1r4LfYaT9h
zbNhyfPEPvDbcyvDpgGnq2d9wG+F1IiE00qlxGA96sV7Lxzie7cVrtsiufZ2
9WUs6nSjne0Ev2qshc4Wb+vHEDtfZqo89KvdhlitRSbRXTPiaGk2En40w4N+
lyYGrXrKKeNZ92zKzeV+RK4l53hhBnKgRzyDrVU3PMXNA72yMxBWEKyysUJ2
tfB6BnHwHAXH+9PJ0CKWG8vGexYI0W322DHnnmUHeED5mMNT57HVCFu9Wd2Y
zM/LHXVJQyFpt6dTcUCGjHTWeWqthjWNHV4Sn0vd7mw4lNYKPkhNb41JF5WJ
Eq6V+VFHtpS9Gm/n1XZbDTvN9YonpKydsZNGu+pPqcZa0Rch8DpakArnmS5L
rn7G+nWDYAhqBrDAoDPhlX4nmSeTy47CJ0crtoJ0u/Gq8bCfkl3Vica1c3UC
gJ2trew15ZgOjVUz/qKzLXEnNyfJRKGriz3lgjUfqMB49wfejD2GIueHe0pk
NA83d4NBnOya5rgTSFx68bBD32EJb9ioZYnNc1NnNt8sV/x8mfKeLXjOtCfs
8fRIJe2tFcwzv6u1vQ7N1lvA8Ma1uhtjdUPrcCd5uWkepj1gl7Zkn6YYZoEv
k8l+s/OUMBoPvcC7KP1qS3A1tacoyXoYDbWjMjd3W2xpN0fzxZSukmQ7EHvL
zX6ibXu0MEy2l7TT6/GbbE+anGe1w02yWIUedag7hm8GUTjvz/0YGwjCLNI3
1ZFe704PnfZ4z8andqZz4lp06hc6PUvNXQOYfNnqBJTmG7jjddL5CZ8SG8LX
JljY6vcVVdsk7mTLafU1rVZb43PVYElhaSzHYaPvBJdz11y4wCh3G8sdM+A7
44XaMIBemeMeZgWrCX+wl9FO6iXH4MzjjMYNzkHNyjjD76+IhchKOHdMesP+
9gis16JlLQiLijltbTYzEPYB2BZ6bt+Qq3h/Oe0a+yHohFz2DjgA5Vx2ibyq
teybnuYfhY7Fke5kPl/wHNkGsfqO3WHxMFxOF7VWl2L3NLvLWNd1yBG1tdOR
MTwvB0eZkoiB2nHTraiM6nXZwwXCXsTpUqTmRznAjtlZn8/kY9Rpeb4xP9Zw
J5qCR2h5rPoHShhM9loYKu68SREnK5z0lod9WjWOptOv7ucJgfWJlN2ChWWC
406sn5Y4PzJo39u3w2l7Ma2tXUk0zVDeHlZmSMLvl8j1iT+ihxO9dRg0eyds
zXlc6kdbd6+t3Prisr3oh/MmpY8nd7rYkodJbcpb1EEx3UZCRiqw3LGpXTw6
a3KNjlrbYsRCHWhWerEyfNGqJ+asP7MXe3zGZC4vOlJjx9vKmom2Ciu1xwch
6kX7CT7eWFOlJffWBIE1uoTTbHYdMW2qhkIH41lUy9ZHtts700RfY/G6ngAA
IskcSybH9azNNVqrmKSPh1mmGb0Jxu4v255wZIeeuPQXUk+tRpMJfnSXwSRW
4qNEjWxNPIY9dj/vkNVZi6txl8Zm0uOXIJKioz02qp6JhkPWqOoEhNdMLNmB
Nd6POr1F94RPWnq6GIhdMYmqq/HS9bRTd3YIW0nfaa7qzHa6uWCXiY4fx+2V
zA+zOs0va15ksOvRucm6a0k4RnHkDTghIbyetpi4GRdenNZFNDodbzLDq6yK
TSxdaDTZYYdrL/dyK+RoL7jUuYDapTSTnfGezRxVjg7HbtNoGfS4yRkrSp9p
M4oxuu2mi/m7ltTLWpoTt21Oi/ut036+mPOk398PIr/eYs8rcu865nro8Z14
2lDEKNO7vlUPTq3VPgOKxOCcVw21YVuqedqhxtWEUOpPM2qM79LVMu1GQ5k+
Di6XJtcdGtkk3PVbvuIxIt3azoYXEVszzIQLT60G3pH4hBTWszrVnRhS3T6c
gJ+pBtuLcWGPvGJaXDVmuZM+pRmmSSpe/dLCWyamHMlWzHZr0ZlgpJottESt
axE2P92HguDvY2dwWfkn3jkowojfSYkuU5516YQn1V0krWiO2b7WlppghbZ9
dzytz9f9dFefEiPmRO453gy5obHX1966MSOD83zYqXapcbSvu/TCMuZEw8e8
ITf2oy49nwrtS0zh0pBU9WCRHXljsg5666Ng1KkOTxzCmdEdG6y/WE+W3TFA
pt50vrissJXD4L6mNZee2Qo7xtIaJLbsW5KWGU1rVnWUgXKU1cZEUJyVNO26
q9pY9454rTrbbPxQs7DWiMb1YDcfHrtEfXGe9TY1vj1O1uZmNF5vFbK1ziZa
rOO2XRVbGZAfNxJwgmW1prsCG2eDuYuL3jJszo2NfXXeOaic0gurNFGvkdRK
qKbBinH5VdgUlWxaXXRqDUP2hUtz5mVVXe9IPawuboxp0t1b21Ayj4G2ljcX
hbOXNZlcui7vnekTv+wblpLsIu+i6cqQ68VMGnodN4kNk8f2k1pcpTrecnJQ
q5skiJ1Qnu8YnLlUbXbCpHiTodLT6ECTaTv0pzFdpxdVU1GXDq3s8XMT8/l+
M07anBlSOmHKtRa7Ds8doE6e4nX67XQvVTe4mNUFab+ynGG1PRuLDXbKDx28
obQOOGZtk0WttvAOu4YsMRt2iw8tezHydLYmkQnPCttwK0y9AcVrHWI2XfVW
tbPT6HEjZuAwymSFdZWO0QG+pnbaayeS7LvDOknOdpG25UdU6xhu6Iw4Dttp
TPh4/9htV5NkORJWSXLSCZ/tbjHcaS796Gz3TxIbSt1wErRNB18Pg+bMbuDh
oH5YNFXCEGaHRYedaATVbcyboU9MEiHlHRvH1s2OqpmXxhiEkhETc+N2Um8L
mtJfbFdRh0qZ0czaq9SidpomFsNbZDRZ2cE4ntOXSMdXFEY2jJQWlRPV9CMQ
0G5liWz1aH7dqG/I6iGbrZr7mnKepQoX7LbmfFhfb9f1ibbbk/vWPKZmmONY
i9TE96Y0D859o3rK5FSl6HPYTZWpOk3o9nLimT37GJ56xzETdxrMyDbjw2bB
e0Q98rFDN1pENPCOF3OzoomkLkyCJsnWeU3wFuRk7bB8jRgwrS0P3K7lnxRP
xGe4JDQmJl/TfBIL6YO5P284Y23tN9WdMSC2Qjcm8M0xrI36846lSbTXxSc8
Fa28NB6dXGOz1g6K0wX2imoE2FTap6xeXR9WgSA2SWG0SVXX3XSH5GbstofV
cUsYKLG7nG91oBaNA8VN5DBNQ5Hcjw+NGYEdx3OZ4mv12di+ZGRAtmOdHfdN
gAA27Q11VIctIK4ZUG51EK9a4lIbb1eN1iwQfelAZK6JkXyXNdrbXWea9DNr
C0KnpiSSzCDbd4lWfbXR+oJQqzdqx9aldRj2zcSze9EpHIi7TnU1P7cxq8Nw
sXgQGSWpThxrQNDy8CgyPXp2WrdGq24yiqt4x6x3iaw37wcLn+YiSXWmIj4P
pDiBH+mO5qPxbLIXZskwGzOjDtf1B32WHbd4ejhu2f1WZBy281aD7aw2phge
ek23t69pzrjZP3f7GN60QzNRZWlsXkycE5fUpTfJjorWcUSZFupZUiX3Vjze
r7pjdy0rzRbVAeENY/hUFXeDHdZhOZ4bDY+NMdP1D/3TMhhonEjNXF81227V
D0eeufFtf+I1ZnW81avbQFRkI3SZXUCf/DMWy2cmrFnEdsi557FDnmmGYGq4
eOpPB7YyP83HOIilhPbErAGoawscb7vKrrvr81Vm1VJbWIcO4zo/bGyoy/qY
tmV5pHTmxkYi97vaZHBet/XLTgoVvjdesVE2lKIaORtW+yCyX+9osi1gZ9xl
8J1ppDO10ZcOm2Q1WezH7UZfXenVzdxZtrbD5jxuzlqLRVcI+Z7lmJk71u14
06+T9Rl2SNM6LsrpcWh0XWphAVSiJcB3COJAXQ4GDbWxY4jWTDpJcoOdDIhE
DCbC4Bxr7UM1zC4jrHPZNgQQABDNbqfKWCIxvTSaHH/cG+upbspTMvRbW46t
B7WhobE8s7uIK1UiKU6veb2A2mLtTnVhbbLoHC6DWMvO66FSD/Vkr4jT2tzJ
NN2btgGIVgZUVRgF/F6cuIcWT045Q8G1rkdjarKZWMIwPpHTc9vxNrw22qUj
tZ0tozDFN4ujY1yIzehM6bp7MJoHN8Ibi44sSp5tOFHPxlY8W915ydHgMgCA
QPCLd+sda37psxm1mo8oPuyssoOip4KkgRjemg4BNm8FB3N7NhicGmJRkBys
/TJLVLG970teaPbnvbomD8Ztth0ro8mmMzc5eZ3Uev5hWo2Wfftw4QfCOMZx
Uz95GBV5aRJnERut3EvvNGIO+vm89abdmSRO1XGgZXVul6qJQWxHy7gqZWIE
ViAYtoARs9RqA0ua206PdTs9bUdYdSc8U57MMuyGcETb3+5rx0Zcp315I0yr
O1KkY54z9XZHi4QJa9VDXMJitlFrbIggmWRJSxBbe6uRCKff/e6dd+b+imWq
fzuW2PeV9f0XJ4nlly9JYvnpmiTp1ddIYrXgNZJYTSZGo+HmGygVf8LuaJ6O
qivt59QoQ3Rlb7TynKYIkrTcKCG/Rgg53YvNkfkGUS2i27qRG94oyPIxCY0p
pDfcji21uUFEeGB8V6LSnzBIVXpPUouIzG5kXjfC1N3YFS9mY7ZmIKEXokqC
NEiIaO5G4mQGrOoOEjDCgpQG779JULpuI7JEIMlfoUu8JzJ7jcYMkvaMutO9
eU9kxm3ACFW7QUjNTQqJIG8Xrxub5Yq4Et+NKDqFpfQ+N1nVs9lefIsaj1s2
B6kGqbLIhqDvCEjfmGhbSEZHWJDOYnkEc62Dt1JYEqm5Qm/Ejo/atnMAq9tZ
rMYHcS/apAlJ+Hh7Zv4QGaYZIMKzyeZKogolCeYyxd9PyEmawY1kbcj7YDUL
Qsnv0iwXUt0WupU+tM0y6QhITmyNOyqYoQQp0e7IH++pJCEJw+zyOpVk4LyH
vg1Sk71N4CYug+uqvbJmJiSjA7NAdHREC1E5otEXtF8rAmgx/N3gpLjqO2gk
S9K7ETNmlxnenq2F84i9kkE+EBGStrXiD1P0DNibDB6MhrO9zG6S61juaCVF
l7lI25xU7kpWeUfphmjiclK3ZVCSuqVI/1ZAm3PKE+5tAmE/geSoLzX1Xk9z
erbYFJsWkObM0ai6re2mCbAPe3l7sN8mqn20h2/TTEIKxyX3nSSQ3KvUhdyC
HVW/xeKB1byzedL6dBT37Re0hZAucnFH0ArpR0vCVLgWQM9Z5k5T30dbSLpA
s9xN/BOmtAhHQsTMtAlsArIsV4LW/OfpiCQEqHUqy3TAPrFAb4jIFZKnghZ+
hT7118hTgT4g+tRfpSwsiXRN4SBRIwpKkTblG/Hg8IFSlePg3shlPRLIw41i
dfiCwtCGu7tYhztqRGibJdc5wPHIWyaGReikQxyhF9Lv1wfoDVgLqg33QF/0
RsdFQZ26YMfZ5NJ5k1TrnqDwJ+wVikJEYgcsfDJZ3nzJKz4D2Q/ou3MLcv+E
6jKp2pSg32IUd3aU4Cwvvol2+lqs3++Zn7C3qQl9TgbB1Loxbk3pZCg1B4h8
b+3MNjK92UiIpHDM/4QhSr7NhlpuHPgEtXad1ZTuoKfF+ibmN8xWAABf20jC
umXZy2ekhGBnfYWW8D2khD9hJS0h6c081QtcscVs1ztiOnWD45Ra1mdNTeKH
hLPcjSOuPkhXBytabS1Ccvil4EKqWxn+a7+RVt64NWtJobYn5E1jvFuvBg2F
PXCayy+lPcNv9+OIp5cdfUicJMpqodkLY+4nTHCEBg/aX7maJ13qA2Qj16Pm
zK4nZEiSRFd8jUzresUB2Oq7Sw6v3XH4GpkWvImRkxd9L5kWvIoBNOoHyLQg
ldZP2I+QacF7Az9hP0KmBam0QAtLUnZWXtfus3a7XfPxDe51WI88tBdD4Ayj
lbEVPE93Zu0GN3I38ppsUYMLQ0arlt1eyAMgB3OY4Z2l0R9vW5ILQFMn7E37
vie5PYBcwqWudBlh2Lab7DRp72O9SYVxo9vRI289mHdmk58wxnCGwl7gVbmV
eSFNEJs25VqeFPR1yjq2kq62y8j9bLjuN1ddyiR5XUrXyVRtXLJqdXpe/oQ5
oeYNttLEmuPzQJ9JHOtuTnt9k1X7zCG7kK39rrZU3ao0IUNnElrEiRpqUiek
1qNRc7EBGtXYtbheTZ3PztaRUGTBqR0a8UmLL0KytwwnY6R+nU+XrZAhu8dJ
bcHq26y7Io1OX0vDGj7/CaMPMYlvHaU6pfrL4UDc90hm5YaN95BpQW38CfsR
Mi2II37CvotMa5WTaUEqLbAvIJkWN14vtQ29GOEBszsRoxrl7cParN9SF18j
04JUWjDOeg+ZFuh2B8LMCZ15hHygOKHbj/w6H2dgLbb44mDszOXEzHpstO2t
Ikkn1M6Iht8PGBg1M56fa8NkMLK7l4yQNntN9s/ddpuK7cl8SYPd3Ranq17W
DgdtnmE0V7vQCjURz4PYEKyjtj5Ts/ncH146rYVIEVb7QrdnctS0PbJOVTfT
LrDVLJV1u9zAqVJVxelv9wMyYwW1EQTTmcDr57VZvbROulLTqbmWVpnmdJM4
6cS2PL1OBA1W+AlbH6K6OyZ8x+xqK1F2+sNTv4bPhkFGn51OlxjjhNJrt83Q
11NqIK6Ge45rD6qhSA4MmXGBVlddrl93rMZ0wGuzUS+O9l59wgWpr3RP9e5e
5i9bbabvLg6tNhMhwKP2kbeAaaa6jAhsJ/UTdrmQJB7pJtQi3PwqqdUzuqg6
g1ME0MlvtE0vyLdgnPV++i1EvrXGTeZUP8/XoLU9DrBcSd3K4n1gUQFKow7Z
7HK1rKf55ev3qwAqfnbDClJ6ljesqAKRgDEeIfID0YMDr/SN9jeZ5KReOYnW
nMSXfRw+QZoczH3gCQg2u4zZZvadmesNFodI9Ov79cEgj+21gdcCbV4DnncS
SMp4jtNRPR718L087xENNp0KzFhfrVNHdmcGeaJU6iB2W4vlFqjeaBL32PPm
tEsjSwQ4SnLkTcdShRDs+8PiqGsUodZa0aVN1fSYMeIq3VtOmcTVqly9HVfx
/pqczRtNit8QVKDAfTFmqIEVq/0gopKAdZlDL9LqYd8MPetMbJu8hOuT8DKe
T+WMXCanuBH2DslhRvDNk7TrjIAk97rKNMQxY+3a+8gbnoKaTU/YMJRnO61V
E+sB21syujrr9Vvd0WKhGevpyl7w1UAnI2ss/YSdJiv9pGx3k7He2kyPynG5
94lpQIuOPCaEEXeYNy7LxiIc1L29E48n89OIwpc44bfZ43TExjB7cEI2iM4p
Vckpjp+YnCTVJAj8RO0h5WtQ5qJIfI0TUyKnYaWXS2BhpsSWoN+mgD/ReWsO
aOxEmuKIO4kEAC9D/LQ8UWZBPLjILfgS4BMFdFjPaV7N5ZYgVr1BnGUTvs7S
VraLbCc8EMDXsJKrXnCjtPZTmqXwrUms+Omo0yfO6jSo0WOOFZqsq6ryUKlv
X9C41QsNpHGws9quPQuNeSgTwahlVMlgTFnnJJWai8Fwv6SX1WOX0BY9lhs3
Bp48ilvEfjzXuu3Ix7khDjAMCMv67c0x2+y248GAme76YVMSltPzsHq2uj5u
XFT/4npadydvtkOzrQ9H+5Xf7C1ci6MbPhjDmOMsStEUWpV2k2b13NhUtZTN
3G0iU/UGJUnpgROjnmxmQ9myd7xXIwdq1gJiDmdxNgBxd93YL5Zmt0qFcmIv
g+llQI9kvSuTwyFhze2F0BstDvLFXIjmYUJ1BgaAJrDU4Rw3GEubd4GVkw4D
un85OWoDn5iSXLNXinqx41A9zFohq1tUEyCO/dQ6MUDrEsKeVVOSMmdsjaqH
2VoBMU7bMDlbF4bnWjJML0J8kc7jPUviJsRKwz5AoAS8yvnWTU6ok++7y/nW
VU6UPfjKZU6NIHZeou0GZCiP1flx3ZbjrhxqKrTOY0heDLDcVqAAoiB89gA2
yH2+9kBNl/Hzu4fqvWaRS5gDoc7qDH7xe7ofnaZrNZtTeAYQ6vHxyeUZRIDm
RdnhRC/aGbO42c3E+fCYAksLArPlgL/EK6ZjTDogUpZEYOvMN2+c4nEj61HL
yaq3qm6sJliLcdrZDoTTYRh0HeFQY3rumO7XGV7tc91LP1BXXvu8jhxSnpiT
nnxZ1v2aPVvSVpPejEMtA/pgpadT4si6vZCb5u40GpKcOmEtvKlsWzW+GtPx
WLJ7TJSFa/kwlwb6ThX5nb/YHruealSBJHW8twchUEtqT7xOsBgEVeHUGzb8
yB82xbZez/BwBLMu3qrKcvhknSjntdwImuJAi4dgMj9hTXWnGEIsNC9qR4kT
k9tJ2fqwT7lx3z4q4riZJIfeAGA9P94eKMI1L9x6varVh0FizAcrYGHcHbAJ
x2XSZYdLqb3mm7MNdQxbl2qNxJ1LzHfO7mzYIKspNRwM5ryftU5dcuge2/J6
7fJTgMxXVQALESHI3/N45T+BjvBbj1S+j43wGRnaw/P5scizV95Py9bsdj88
52J616T+O/ErPD0BMXyDFN8ioVOALCHhjdL9Jja5r/X8Os8Xdk/ihn3LqpXM
U3dsN17lxnEjX2lrvkZ38x2UU9/JOPUm4dSv0t1gP0h3g13pbp6eKjlb22tk
bW8v91u0a9+z2u9lY8Me2clu5GTvUg7ITfZATfbATPYPNfmampTiujGR1a5U
ZLVv4CLL9enpqTRKb/CQfQPHzissZNgPc5D9MAXZDzOQvYuArJAiEGfOPob9
BmGKQhwVOl+KuPKn36jox2CjFD8q6cDiAlf4BhAy+Geig/2SPcH/VspnwS+v
Gqremv8MgU5lpp9e++XLLkGPeCXJAluVHeSi7p+2wVpGhgz8ZDEQqJ5AyyFK
An4F/DzxwUMaLLLQ0S/LPiNdtQMb0j59Qj+Pc1//Ce1h+AOofZ+htsS2htq7
7/cE2vRPFcN2HLDX/TSpKNmtb8c+gAb9kvFLjo8mVvn89F1/PmN/rjz/U6wV
MChQigXguP0a9QSMyJ/vX63+ak9V8EZlpYPp//n2KgQaf36EIsW6fPb05PdF
4/Dh38I2fvvtvd71D1+9Yq4/V4ZgKRw4SyjYse/pOVVXJKvJM4H8+Vt7vZ/1
n7Fvef7xZdDrwtGBYQH6dLTBYkDtAUA28oF19qMKQLjISALtWFtpFGty9qli
J7+N0YDVCGgTUOt/erHCX/3z51dU4hteXVuydwBa/x2vQsj5nb1+5x/4KvAb
3/sqHDDrexfZ0S/f+CpOTulPlZGnfv7mXr/zzw8pIjTkIB77TbE7n0orerOQ
CBf97kNh3K9m497wj8qHP1SA2d1auockCHRYPcSVD9A4fPhUgfYfGmIQPOgR
sKtx5Sg7KfiPATT+yy3++fKp8gWGMl9yo/oFBiZfSrzA2LqjxflvwK4GgW0S
PxhoaH+hfffRT9GeCiIbmnHQjSsnn3PSTMErQAuww+WrL3zIU3p76i95gBvp
MYRUwLpcQZSfOlrF8f0DsN2unljwl8iUo5JC2wAbt3KSoe/zEgSGoN1H0M83
QfRq2eodgIpz619EY1td+1RpNCpjANJANNaqNLq/1Pu/tFtFNJZHfNeI7t7E
oljvTQN8i1G/Yi3vY9LKv8L+6w14bbVR77db0udGs9X+H44V3ELIH4zSsO+0
iVd7CJcIGSkMiCSPNO53Mnbbm9fEyV2WBOHUL/cg9Qsaw+MHGTBsBjy4Wvr3
e9UDOqfoV/XWiqW34+IXD0suO05WYn7YyTUY+FRg/iG5eDaYG8b4kuPwL2AD
AdVWwK5E0ArqNgMkpQPs/rBfPkEV+W2++wI5hmjeBtsGZl5Qm2gfgpZBRGE+
F8HnHLhFepJGXr7VYvhe/g7cujrYhNmz/vSzqgcJeFqGNbSPLf784UuhfV+A
Vfjw5Ssa+OXDx0qGdjx4DvFQfvnwuUh4kQ87aFFEPS/3cBEPFfv39bfgOMH6
Ow5cp7tVSaApu8VpQA5orrHt2o4cVQojk75iS2wASf/0NXPyl89AkQpwKWua
XcBiIK0nFMZ9ueP2/wKLkYHQgZVFEkc6cL/ZvhQv3Zu7L+VXCR5tZ25tywW4
dfYKcfm7u33cIRXa0WHoWPkZKYuN3EYQ66nmPxUBI5Qt1ECwyDZaek8/Qd34
COUG35pC/lYCmvIFZKb+X8Qm/svrBPL/UsHuv/TwiuV8/qmMX5PR8w90vC6t
xy90vC23tz4s8vp3Rd4ltfetxd/DYQCPcUaZFKfcVqsi9fEV+4Jo21/ag9I0
/aVIMIEAMU9nl9vgfj8/tjyBafX4M7L3CGcUbZbuI88jfSoc0F2zQCO+vHV/
4K27Al/yLP6nygl0bcEG4fiAP/iehp/xDBdtowyqjlrRX5cvSmjB9kF3heH1
oXJVUMLML8LwfIQQjcU3EPa3xlQvGJO/zVL8bXmeX1oTpOqFc5KT3OyXDuPR
l0DeckUHy+YrsZpGunavsQDggK33Ek2gdQsABvYN1DY5XZW3c6DmgqFFcrng
+cRhvtXXCp8MYXx8TbWUjdwS8b/5zV2iQy4+x/Wn36DPRdwlh2ZAzSon/Ybk
5IdsEXr8lieCiqVHOnwh1vVCB9AzyDT5BcAqvf/r+x36/Dw6yt8v4yM0xA+3
Vl6ly3/I2b44qPtUiaEQbNNK0ABfiUT+KmmlIrHEP8688vOHV8w0WZhpgOG+
M7X01eTSqzv0MTCufHd66asJJl7/qlt6NobvTjH9YJIpTzPNvV8zeCg4AIbc
h8bxr5KQyF/+/XekuO5efnTU39jzDw37BxJdv/+RVNcPDvsH0l2//5GE1+//
DimvH0rwFXk6ZILHunewQVj7rS9/34x/eM4/ZAyep/pyj3h1ceBvNjyFeyvh
lzvSa6oPfv9DB2Grrn1EWb8bXlB0VU7jwkkWWQeI3U5yBM9bXnNeAKUePP8E
gGoJOFQ/isBv74BHETraYGfqRx3iY5StKJJrJQD5DD+nIjuxXzQIHJR89G2I
UFUn1UqL/UbEWsDuMAVD02pykkS2kkLvC+O2fHYQUKOm9Lh8HH2LKUcDwMHP
PbUECBAe5TJCz+WYwi2rb0BLucN+K3f4D4/9bT3fjeEfHvubbcvf02P/0LBH
v3WciqmDHYh2EwwcEiSiXxvDD/fMAysSad8OFe4c0Hf2/N1//uE3v3lL/orf
fLe/vPeWr0SBxSkZyn7+tU7JAj9IHdQICuLvPnNbvnb7XO2rR2zIkz6cs+VO
7IdO2R5C8b/iGRsM0POjloejNtnLfuC4rd3/pdl8SA29nQB6KK98PTX0K57o
zaRRu99sSp873V7/MWn0+OXid2SZHr5P/Dc40/s2d4Zh3+GEsOe+B8Pe9gkY
VlrtogrxVpBYWrUXad+5ARYIdKZ/yvWtUEddPlQ8H7buZAVoLb4IB1BuiX6v
cE9JC2D6/Mk86VOi7+vzADuedDCL4tOAr2fg/glb+Q9A++R7v00qmo/A6r8U
6V/TL5CfGulwj77xRca7c8w4VVzwbrG/gQqf/Ojw+e0TU8//n+pjJd/rZ6fr
u1Q1mFmcusg2AVx9PwlUb/hWu5+QzF+mFSE2B1YLKIamGzIwIAhhaz5oCi1S
HiBAHYp0F2oTtAvPTB4KLE53h35AbmDWQ/8EDzlRg/knGvM1MVNbkyHcR6d9
KM54glrxl7/k1hOdKLryAdV3lZnKu3M5AyVRiyji9ZODq374QJNt76YglZ+/
cp7wEa6cBg/uXLhZ8qjKL2VQZiFVGLeUdujV7j+hU7pbzSa5qPz81rp8hBvi
CKSNjp/zqaXAQ6SqBcOytV9JA8t3tFL/Hz6GWcgG2G2wHL+9+jy0FGWa9eYb
9bOupqVXu/9mph7ElZ+ho1Sg9YDtwq152zrI5d350NqDS4QfcqzEln/yPqJj
WPqcRwe52yvMplYGokZ+Lv0zTLf+6U96/iwYRnHGGYNV+AWrVJ4qX8C7fr7g
cNsD2xn/gr42+ZR77V89kvhSPv2Vo4nrM189org+9XhUcf3xNx5ZfLnO7+rC
/yvO8WsFBt8986cKHgSF3QeAJQBYAuhi6iFYcV14+HPt51IBPr4inV/BFA9z
/rpUHjDG47p+K0q4vviNaOHLi3lfFeNvOPf3rPffTiJP6DgqLUo99ADWxEfA
jn8pteZ/AoP6pbQj906ksB+3zJoM3ElhXcoKmzvbFunX6pzP+TpAK+vKwU3y
hT38+UPxFqy/+RWJffhYefp9/hTSqQ9foBdPYzSYB/dZVNFAFP4lxxf5oFDF
kXYtL7r3CWU8ASz+bSJ2fHecGL+q1xDxQ1uOpmMbtxLqq7uHwdZ9gXYFObDi
8+kQKuRwC7wOQxcfDrAoxQYO5rfx8/O/z9jorhfYePyidQAfPpufP0FH+259
rOArfPEl92zPFAKBh38Gc/nnK3axizpzsJIJkDySbAXNMxdtgSRUoD5RUQsW
J5HvmWDMhdd65ng/3WI6OEDoXIEDhOgWIhYZ/EaOfQ+VmCHnf4VerwGAzwBG
A3wb6bC67XZ27PjwUBW+fneCb9hRfK2aBw8+m7xdqOrdgf8pR3gAZRgJUCIQ
fYB5XVft2smvlYc9Bp+34jBYsa+HKZiOU0jljVIOINQSq+ZK8q3FBv+IKP+L
VETdL8Tziqj3VDu9vTivVERdjdc7qqLeWprbm9+8SLdXv3W53q9p/y1i/WtR
5i2uMEDQDMxvjIKC5Cu1mdDyP6+PfJ4fe1dZ5qdbR99bl/mVU66/Zl3mj5bE
vW6O/1EQ93cuiPtP8FFfL4r7+3uj/z5Vd/fH429m5/IcJsRzlnyEOT+EyeH2
uGXQ/hbVekA3YM4HtnV3fzQqf/hrN0jLXOKrRibOTV2RbEXpyleTbXSxOB9z
0RfR0hvmM85rDMvjnht+ecPQoSTpG02BmZam79HMP6EWwZyHMJyCG7002MDl
PsEL3W/09vMzGwHXAEr+IxS9fEvx5jFQUcfwxugerAQT2Z8qzauVaIL/+6UN
/tf/61kJKmcPAWMAfvnBUEAh5yJ5JqfHvfxrlBN/Faz5HFn+mmD+05HlV1Hl
OyX3xiJgEz1BZxgAXQGF4WVXBv/k/cSurCw/gD/rBy5SMtMvnRDQzgNWRNo6
zDYjy5ZfwAamQikoQ1B8C2JF3/Tsi/5OuAN7ym3DWzalIpd6+9cce0F8UDDP
APV6UuVALqeSFKFp6l2LnBAEcXUYpdqxm08WAAg/+paZlnH+8xm/p5aplMJ/
+sI+t4WQd+Gvagphgw+W0AXeBUCt/3UtIZTIjxvCtxhV/vvawV+V2zcww2j2
saI6chz/7kMePD3dqgqe9fEBUplE+u9fXd5/rcFfYf9aAw0iypO/ztbMCVRq
xWALMpS/siF25fiASCxesUJfwHS+fKpccdxXzPUN28Dm0Tb+hwX/W1pwAMLn
8N+v8L+tEIUPNM4+fOIpp/SBYPytN4on8qgCRSnXBHuBvQM5BpHF9UwdBCqx
Xt69AdELelGL5JMiw7qoGMQlUEniANqpClIUKB05rxyGVb6oC7CSINBAHqZY
apS8R/GJYqND5p/BAKDDsNUU3t5Fz14V9OMnEHerB7jyKH+OSiTAgFCQYxQn
06hNL89b13z4z5z+KdHfrjD6/Bi3OHacFLMqRZXPoYj5EhAzlnskSJUy1rxq
pOarKcri+HlMBn6W+BG6t4QmrMdFWqYyLysG3ub3A7gv55v6058K3qa//KXy
813lCUwGAfsEdg3Yrj6It/70p/8NPNnpoSehcuU/aPXhDz7CwNFGl6dR4IeE
+SCXl/qCdh6MaD2oDvDAAcWhJxCsVmTND/Jlhj3Bh+Ci2AaYLRDATUeQQYtu
aZDbrkUqB6UGSx0+Yyt0xlZQdT2VWgNmAtNoLtzaYC+raRxfJQ5/YpQZhWLC
V4qr4sVrGQh4yfJPcBQWTJPqhfI+Xk5bRHoClJGW4wz83T5CVf05oIOPebYM
/A388+6ZIH/mI5T06In6HOjBU14c6ID+wRzQAVQc6CoQDKyJOPnXMSd5LqhU
tHus88pSwLmsboVBtzof/cmV7WvlSZyXu1wHo8Nf/uUvv2BzTy85v56e8oqJ
4gwPTopGbTCoPLDSqPy8oJmnxkf4JKxQupImJP4JZmyhVc5P8vLdkdf1gXZK
s40yW05ui5FteqNr2E2z6CVFx3x6coJmCXUAl9sHepfrjqLf+0ZkH0CPQG1y
oaATqasQoJuA44Oe03WheUAWDr2A4U6Rf4HDy4dQDK882XJ1qMN5pw/jyp9+
9NHxp+LH195d4CdgkX2KLD2ay53vyh+G9i5P/6kwyQ6Gkt3Z2cIlKbLmZB8/
X/kLtTQvALtZv9tucmzXzg0vTILg8auzQ8x2loxKZRA/hXfNHV03Tvn4zyUD
XcmAAG9fQo1F2dyPZbb2Gd/Cy2bys/O7ffkxT10pcgwjAjTCfCckUarCZH6R
EZXjsqCrcLZ45T/+/d//49//3//4v/6/G3ferUTuD/M8w5ovw79hRAU8/3//
x7//7+D5h8ygGdwK6zCykrf6/ClfTfTkCYxJl92ShO8Pr0Yz/4ZRFdDI//n/
VH4uEAy82vIRoyuV1waMeEkxplK5G94t+YGx11+g1x4JU4f5L/+P64j/MEKw
4zrnUaXyxnzgrA96FuewAi7AM6EDVUUR25fhXU0CXNKHLopdkSvozarDo3eg
diOkEgBRxGh3QKMlg40IzEp+cxfe+FFVlOssz/e1VNWfh3wWzNN7cW6sj7fS
iRdDLswG7OdxDyIVg6U9EazWfPwl2HEeNA5gGnnW1bDzs+rnrTsgis1T/Vf4
Id/tuNyzIZgKD5duZ0eFygMQinL+0PfCQkNUDmC7D9LJT/gL2rq8g8exwu0u
GzBzfF8yaD8jkckt3n0eGZ7RgUmWlhj0BU03AkzRw+Xom+iLYZe/RBsVJb1B
PBg/Azh2bv/R0iLaypdL8FjiCQ8OEWzwsptPhi9Zd4eW7ueSNSIfyjMvdkMC
ZQu51/6AEMSTnCY+2n4fSscJljWXEoDkhVO8PvTkgLgyfrrWQN1KA4GkYzWy
FR1FP7kVe2bl3oLWV1ev3dBNIbI7VF0GHnC5NbQmb+VdQHf6GYBIVP8BtRPu
0Gtdo6M93VKIYLk+vSIJ24MQBM7Eg7yC6GubxVHjh2e9wlNDdMkhjWEaxzay
MgZ6tjHK04bXjCHaeGABUQNQDm8k//NriPeQ8RaOXiMGKFffRY7f9a85f+hQ
378tH46DUY0p+gkMIz7cb9VrbIi2KwAA8Sub855w6KWsX9qXl7RSqh6h84uT
pSNgdKuszeMXrTBn92F4iX5e7O7Pf2Pb9PXp/71NFQiVqdI+kagCyfFNDPvj
H/74BxRm0QDG+DBxdR/yXRnA8sJzCPWg03gI7/74b3/8Nwz75zxQebL1xCiM
x8vkUrODofI+XNNAtJffMAURIJikCswHUnUE0fIj9hG9Yov6CvSWEGjoCoAK
cbWja2ZuBt7bdzvvm9JBd3n5P7qEBIyS7xtQhpEdH37JC7fzdAWq00OoqXg0
D07ytz0flnrbOY0xqrIoc0aP76BqejnyyolXEhDnVo5gVDAohVoBA6+7WLgA
iAUAjdF7uXiywofAJp/pVyVH8okcZe+VRyuXR44/YPoMrOWH125XfAAij4Dq
5zFloUPoXahh8IIYOqrN6/W+3F2tiK0sL6vl82sLH7ZFiUGBlj4UfqF4BpG6
fRghk3zzTWjnfHjhUj5c5Xn1l7ICEwtQ6o+Hzg8LjF5DJ7CPwW/pZ28I/Rqw
FKX8qg48ufZe6TahdP8ZzMqPTBllJ6/oAFX5gyg5zxloRY7nM3oeTiiP5nVg
CJ24mNRjlujZ2n8uekLyQ4IHxsUGi/olN/H3101+QeUdJWnb9WIFnPmthAda
O7DFik0fF0HqyMsvyOWxzqPR+kLm6hcXToTTs5MPYuEvt1mhapD8sOVKER7A
jV5IBAAbGxaonpG/fhBK/qUGiHHv377fR/lzMyiAvCwIHuMDiGqCPZVYLkBb
XuoqMNKGFy1KgcESyJv2wALQvCgFbcvC0N4uFxWv3ev6L6A9PwByOsGaLijD
a+ZeA1N/p6o0clUpvdCdnyr2Vwx/xxcWGMoXPnplDYAxTX45CVW7PnfMECQB
0ULnKjsqulP5eGFFzpN9JSv769W2N5HB/X5/JHOXNv7yAi7+7moOgt9d8UWR
iv3dl3LsOkzUxTraikbxbElhHd9qSgoggGKalxATRE5+7hfLT6KXG+7GPpkz
P96afgVmJFFRlFSYvyvD/QPmAPq6T4H6oV/YST6Ru6l9KIqpIKjSjnb8clWK
SWVl0TK6IVriiuAZQC+3Gdi7caokEENc02RoRfLlWZRRRJEHvuo/avhaEJ0h
IHIzeTDVeQ84yjp9LbcL+T6BYmDyLXGrnCm2BOUX6SQTeLFCnOVev5KBWqD9
/6mq+ckK3KilbSqevD7wwpp5qXNnyl6pCHrH5F/sCfXuZkNwF6gkcH8Aibxg
In33dq7n27l02SN8hj/3UbmkiuqjAH03IHfqeg4mYOLyDISc3ODPP1d0N7DA
Rr4UWYA39uDLs50GcDYgVjdRwCCja31Aj9BZTh4v5Zms6zFTEe8UcVAxF4D4
gbmu3cDCnZm9UrnCJcszzYh05GcAkW6rkFe9xx/fKcbGIBcjQN2oqBa2+AmY
sMBO8gGU+XqIpYF9N+wzzBD6MXqLLAacA0mcKuT4C/plinBkfDtcgD7HVm2w
r9DvgXu8Rn/FR4mugAVO7sMc2hmAtCrwkzIf7l5HpgeOB7WTwKJeHQ1jNZwL
EyquTYXVOr8PD3UYCtPLU6D5Cp+DvErkmrWHDhpZqAgsxxE+vNKhu06ySsnT
n29E9L4WAWfkpZpZ6pkHBIkiZAT67xVmUSpMXCpj9lJrwabOxwAkbnrF1zDQ
Squ+k7reddTl9CN4DQGYRbjpH5qFIn1tWi++whGXGf/81nF+2xXobB5Uu2gw
MPul2ef3KlI/V6T8UgZMmFaE1RO+IkcjmCG7RuK3WkEweuAyNGjgwc9xYsbA
bgHyUa339tnL+5xCJJdfuUGKuGUn5C8POypX45JC94pzkcX5gJ6Ei4AubCO/
Y9zFmDd7Ztl5oHBbPwSjvOv524Siy4MKeHZ2/ySMPlAa4VqSWdr/nOIHWnYA
EVIUn8ODDHiok+jvlUS3sIYFKdIzWwEM0WufxLgBN/QyuoeMTAqCxjlodt49
hE5hSYrTo8dQ81NuNT5V9ETNF6mIpOIr5C8dIVy99/bZzvss83plPH23B6AR
eNGS3swPrJ5Kh5HvME/1UzmC27pipCjJlO9PIEPtYbPBG2Xw35qOykJRuJGg
BAYIed479lYZuqDqkVwoLwOw/MwNncG+EaKhJ8gXOZ5b9pFGc/3w3nEVIRW0
odfU+B0SLpFxCZRR2FYqPVi+F2wBcRnIe08QYkDBoQ6eRam/5FYIieEaFPzO
Q5UJLwFv+U25Vxu6HrhdjfGr3+R5nzga5TKh4bl+fD2sIlS18MBJURoOxVOc
vN6fE0OY+1zjPqJWGeBOldRE0eIDkLoT6Nuyvxm/PIwt3NEtyL6nEys89oM7
uwYj5RswdM/eSgQXwV8U5cn2PEEd5A3BAgho3SALBIJVeU12jluLTDaAYEmB
faGhRf7p9rWcAlDk1lLTgVRMMKIaiABTGG5Zvo+kIewqsgEkhIT43qRUowCL
ZfMI2aEN7OsxpMOQ85vafmVV5Jefh975RKDjBxJ+8o0nlCP7MAc+sjKKY+CO
P5TWBz1KgPjGuMsWQVAojO4+XFTsClSRAcwLLMzPD+XuvXQhvgBemMxBbOTD
5H6S27WHpor8RbHni33yKP87pYIhbxGBv7VhrxdD4YZ9n5zrg0dQnidgfcc3
b/ikqFbIA74SZakvUVbZBlym64efUIlmkWTJH7vt9buMDEQcxQ2Fq7mBfX/F
jP2M7lXHRfiGmIHRZror7kDRZ3kID34X50dJqIYL/vUr1waKod4VMdxlVd4r
3P6dYS6IPYqTlduCf6pMcfH62/Ku0YMJyA07qpVS/ORaZHTDS7BiAOHj22HL
NR35zqEWwOxm0Z9FPddjJKiAr0dEcXkb4zGOeu8ICkB0K4ZSQBBxzLfXy0qw
a2yQU0FqaX5krZeJ6VulKAJTt9zUdy1kgZRgLHU7kS8+KlEu2fe0W6Ah+Vn2
+xZtPc79mgIuZgdNWKqUVuydfRYoRjuYJQKCRVpozQk98mx0Pg72vAuNoJwC
OxVdc5VCXBbe3ZvO8uCzqFOC545qUrCGxa8kt1Gs+CKdjZoaeUkJYF79mGAl
/5ggqhd30BvwQ7gWsBuv4uUHtLiChYbIV5UqhriT0EfcgBM0QAT0Kd8A+SlO
xSi+GmcCuCcr75VvgcbujnDyAL9Su8bsIAIxUzDW9zZZIBq4AhTHwvVR/ae7
pYFHsLAnHuVbUTSEK3HORgCFXUo1P5b6w5Co4dMaaOmP/1a2C83nLeKKXyLU
vHzn0+MPkX298grBnl63ppWfr/geyBO9lZ/Sfw3hwzPGP/7hNkq6rECajtZT
4CKv4SH6rl8ewkxlFRgg/alSQ51MdU1zgCxt7wmY+ifXhv9EAija5HVHhh78
MdicP+NlKm9cwgKt4oQWAsos0FEvHx6rbT7cdzBFxzsucFkRjCgdoP15/WNZ
EoAXQXvlZxQF5WkCJYMnkXZUCiuvLgNWFZ0B+55eNlKU3xblAznk+Hjff340
qFVWKlwGWEZ2i0ImMBaKH/PDW/YOBqO+ixhvRK8ZgMr6943PFSONC5xz9epF
aA1HjAKhgk0DKsftDAD+M289r1JI7di6Omr64SOqgneDO6XZe1zCAg4U0C33
AB8fT7oYmN1gbBN6xp9thB71orq0wAgo75RfK5ZR0dxJjq+SfOc2LTDrqKB9
OxYfUP4ZhRxBvkchaAVW17tZ3VwOv948VA47Ko92//WfIOXnBFJkbOGB0i+V
SpoY0LSh/LAdRJUTXFEVoPwoAdsvrsSZi/7L2o4D9LGy3mKVp6ffv9YUJ1te
ZegD8GPHYKxzBWzeqMJGsqLDD4hDCJxYaVQBulHBHf2sZ282NYphKnSKtl6s
n4EBG4HdO8V5Ms9HI+FQPtRuTs/iiqO92VRuXIrqCMSelt8+gCQBRWoG+Pm7
DOybLTkarNlGGAVhGk8/lS2Avx7B4gXRtVotKm8YxG+2dxfgQI8M24QffUgy
GAfBcn5mtAP4CfpXubJPTfnNluAjFjxL4HUb4hjet07AikFQ76exo2cVAl6v
OcgVDn5xtLKW3mxq4zsH6EGtFLgb0DDUAiOnCfRUGNtAN1QZTfFFxQUgXVXf
bAldQbjWRiDokPtEKC0oxPzN/x9cUoDv/gkJAA== not the same for everyone.
-->
</rfc>