<?xml version="1.0" encoding="UTF-8"?>
  <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
  <!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 4.0.5) -->


<!DOCTYPE rfc  [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">

]>


<rfc ipr="trust200902" docName="draft-bubblefish-npamp-01" category="info" submissionType="independent" tocInclude="true" sortRefs="true" symRefs="true">
  <front>
    <title abbrev="N-PAMP">N-PAMP: Native Post-Quantum Agent Messaging Protocol</title>

    <author initials="S." surname="Sammartano" fullname="Shawn Sammartano">
      <organization>BubbleFish Technologies, Inc.</organization>
      <address>
        <email>npamp-editor@bubblefish.sh</email>
      </address>
    </author>

    <date year="2026"/>

    <area>ART</area>
    
    <keyword>post-quantum</keyword> <keyword>agents</keyword> <keyword>transport</keyword> <keyword>ALPN</keyword>

    <abstract>


<?line 72?>

<t>The Native Post-Quantum Agent Messaging Protocol (N-PAMP) is a binary,
multi-channel, wire-level protocol for authenticated communication between
autonomous software agents. N-PAMP operates beneath application-layer agent
protocols and provides a single fixed-size frame format, a registry of
multiplexed channels, and three escalating security profiles (Standard,
High, and Sovereign) built on standard post-quantum and classical
cryptography. The protocol uses a hybrid key-encapsulation mechanism
combining X25519 with ML-KEM, authenticated encryption with associated
data, and a forward-secure key schedule. N-PAMP runs over QUIC as its
primary transport and over TCP with TLS 1.3 as a fallback, negotiated via
the Application-Layer Protocol Negotiation (ALPN) identifier "n-pamp/2".
This document describes the wire format, channel architecture, profile
negotiation, and cryptographic suites of N-PAMP, and reserves code-point
ranges for extensions defined in companion specifications.</t>



    </abstract>



  </front>

  <middle>


<?line 89?>

<section anchor="introduction"><name>Introduction</name>

<t>Autonomous software agents increasingly communicate with one another over
long-lived associations that carry control traffic, persistent state, capability
delegation, identity attestation, and operational telemetry on a single
connection. Existing transport-layer protocols such as TLS 1.3 <xref target="RFC8446"/> and
QUIC <xref target="RFC9000"/>, and application-layer agent protocols layered above them, do
not by themselves provide a unified binary frame format with semantic channel
multiplexing, profile-negotiated cryptographic strength, and mandatory
authenticated encryption tailored to agent-to-agent traffic.</t>

<t>N-PAMP addresses this gap. It defines a single fixed-size frame header, a set of
multiplexed channels each carrying a distinct class of agent traffic, and three
negotiated security profiles that hold the wire format constant while escalating
the cryptographic primitives and operational requirements. All three profiles
employ a hybrid key-encapsulation mechanism (KEM) combining the classical X25519
key agreement with a NIST-standardized module-lattice KEM (ML-KEM, <xref target="FIPS203"/>),
so that the confidentiality of an association is preserved if either the
classical or the post-quantum component remains unbroken.</t>

<t>N-PAMP is deliberately scoped as a transport substrate. It does not define
application-layer semantics for the data carried on its channels; those are the
subject of companion specifications. This document specifies the wire format,
the channel registry, profile negotiation, and the cryptographic suites, and it
reserves code-point ranges so that companion extensions can be defined without
colliding with the core protocol.</t>

<section anchor="goals"><name>Goals</name>

<t>The design goals of N-PAMP are:</t>

<t><list style="symbols">
  <t>Cryptographic agility within a stable wire format. The frame format does not
change between profiles; the cryptographic primitives, modes, and operational
requirements do.</t>
  <t>Defense in depth through hybrid post-quantum and classical key establishment,
authenticated encryption, and a forward-secure key schedule.</t>
  <t>Channel multiplexing so that a single association can carry several classes of
agent traffic with independent sequence spaces and per-channel keying.</t>
  <t>Interoperability across profiles, so that an endpoint operating at a higher
profile <bcp14>MAY</bcp14> interoperate with a lower-profile peer when local policy permits.</t>
</list></t>

</section>
<section anchor="non-goals"><name>Non-Goals</name>

<t>This document does NOT:</t>

<t><list style="symbols">
  <t>Replace TLS for ordinary web traffic. N-PAMP is purpose-built for
autonomous-agent, multi-channel traffic over long-lived associations.</t>
  <t>Define application-layer semantics for the data carried on its channels.</t>
  <t>Define a general-purpose IP-layer tunneling or VPN protocol.</t>
</list></t>

</section>
<section anchor="terminology"><name>Terminology</name>

<t>For the purposes of this document:</t>

<dl>
  <dt>Association:</dt>
  <dd>
    <t>A long-lived, cryptographically authenticated session between two N-PAMP
endpoints, identified by a stable Association ID.</t>
  </dd>
  <dt>Channel:</dt>
  <dd>
    <t>A semantic multiplexing lane within an association, identified by a 16-bit
Channel ID, carrying one class of agent traffic with its own sequence space.</t>
  </dd>
  <dt>Frame:</dt>
  <dd>
    <t>The atomic unit of transmission, consisting of a fixed 36-octet header,
optional extension TLVs, and an AEAD-protected payload.</t>
  </dd>
  <dt>Profile:</dt>
  <dd>
    <t>One of three negotiated levels of cryptographic strength and operational
requirement (Standard, High, Sovereign).</t>
  </dd>
</dl>

</section>
</section>
<section anchor="conventions-and-definitions"><name>Conventions and Definitions</name>

<t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>

<?line -18?>

</section>
<section anchor="protocol-overview"><name>Protocol Overview</name>

<t>N-PAMP is a binary protocol. Every unit of communication is a frame consisting
of a fixed 36-octet header (<xref target="wire-format"/>), zero or more extension TLVs, and a
payload protected by an authenticated-encryption-with-associated-data (AEAD)
construction <xref target="RFC5116"/>. Frames are carried on channels (<xref target="channel-architecture"/>),
each of which has an independent per-direction sequence space.</t>

<t>An N-PAMP association is established by a handshake that:</t>

<t><list style="numbers" type="1">
  <t>establishes a hybrid X25519 + ML-KEM shared secret;</t>
  <t>negotiates a security profile, a KEM, a signature algorithm, and one or more
AEAD suites;</t>
  <t>authenticates both peers by signing a transcript that binds the negotiated
parameters and both peer identities; and</t>
  <t>derives a forward-secure key schedule from which per-channel, per-direction
traffic keys are obtained.</t>
</list></t>

<t>The negotiated profile, the KEM identifier, the signature identifier, the
selected AEAD suite(s), and both peer identities are all bound into the
handshake transcript and confirmed by a Finished message authentication code
(MAC). A man-in-the-middle that alters any negotiated parameter or substitutes
an identity invalidates the Finished MAC and aborts the handshake; this is the
structural defense against downgrade, unknown-key-share, and
identity-substitution attacks (see <xref target="security-considerations"/>).</t>

<t>N-PAMP uses QUIC <xref target="RFC9000"/> (secured with TLS 1.3, <xref target="RFC9001"/>) as its primary
transport and TCP with TLS 1.3 <xref target="RFC8446"/> as a fallback. In both cases, the
application protocol is negotiated using the ALPN extension <xref target="RFC7301"/> with the
identifier "n-pamp/2" (<xref target="iana-considerations"/>).</t>

</section>
<section anchor="wire-format"><name>Wire Format</name>

<section anchor="frame-structure"><name>Frame Structure</name>

<t>Every N-PAMP frame has the following structure:</t>

<figure title="N-PAMP frame structure"><artwork><![CDATA[
+--------+-------------+-------------------+-----------+
| Header | Extension   | Payload           | AEAD Tag  |
| 36 B   | TLVs (var)  | (var, encrypted)  | (16 B)    |
+--------+-------------+-------------------+-----------+
]]></artwork></figure>

<t>The 36-octet header is fixed-size. Zero or more extension TLVs <bcp14>MAY</bcp14> accompany a
frame. The payload is AEAD-sealed, and the associated data covers the 21-octet
header prefix (octets 0-20, through the Payload Length field, the same octets
protected by the header CRC32C) so that any modification to those header fields
is detected on decryption.</t>

</section>
<section anchor="frame-header"><name>Frame Header</name>

<t>The fixed header is 36 octets, laid out as follows. Multi-octet integers are
encoded in network byte order (big-endian) unless stated otherwise.</t>

<figure title="36-octet N-PAMP frame header"><artwork><![CDATA[
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     'N'       |     'P'       |     'A'       |     'M'       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ver   | Flags |          Frame Type           |  Channel ID   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                                                               |
+                   Sequence Number (64 bits)                   +
|                                                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                   Payload Length (32 bits)                    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                   CRC32C over octets 0-20                     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                                                               |
+             Reserved + Padding (11 octets, zero)              +
|                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
]]></artwork></figure>

<t>The fields are:</t>

<texttable title="Frame header fields">
      <ttcol align='left'>Offset</ttcol>
      <ttcol align='left'>Size</ttcol>
      <ttcol align='left'>Field</ttcol>
      <ttcol align='left'>Description</ttcol>
      <c>0-3</c>
      <c>4 octets</c>
      <c>Magic</c>
      <c>ASCII "NPAM" (0x4E 0x50 0x41 0x4D).</c>
      <c>4</c>
      <c>4 bits</c>
      <c>Ver</c>
      <c>Protocol major version, the high nibble of octet 4. The value 0x2 designates the wire format described in this document (wire major version 2).</c>
      <c>4</c>
      <c>4 bits</c>
      <c>Flags</c>
      <c>The low nibble of octet 4 (see <xref target="frame-flags"/>).</c>
      <c>5-6</c>
      <c>2 octets</c>
      <c>Frame Type</c>
      <c>Frame type within the channel (see <xref target="frame-types"/>).</c>
      <c>7-8</c>
      <c>2 octets</c>
      <c>Channel ID</c>
      <c>The semantic channel (<xref target="channel-architecture"/>).</c>
      <c>9-16</c>
      <c>8 octets</c>
      <c>Sequence Number</c>
      <c>Per-(channel, direction) monotonic sequence number, starting at 0.</c>
      <c>17-20</c>
      <c>4 octets</c>
      <c>Payload Length</c>
      <c>Byte count of the payload following the header.</c>
      <c>21-24</c>
      <c>4 octets</c>
      <c>CRC32C</c>
      <c>CRC32C (Castagnoli polynomial 0x1EDC6F41) computed over header octets 0-20. Receivers <bcp14>MUST</bcp14> validate it before processing any other header field.</c>
      <c>25-35</c>
      <c>11 octets</c>
      <c>Reserved</c>
      <c><bcp14>MUST</bcp14> be zero; receivers <bcp14>MUST</bcp14> reject frames whose reserved octets are non-zero.</c>
</texttable>

<t>All multi-octet integers are big-endian. The Ver field carries the wire major
version; the value 0x02 corresponds to the ALPN identifier "n-pamp/2".</t>

</section>
<section anchor="frame-flags"><name>Frame Flags</name>

<t>The low nibble of header octet 4 carries four flag bits:</t>

<texttable title="Frame flags">
      <ttcol align='left'>Bit</ttcol>
      <ttcol align='left'>Name</ttcol>
      <ttcol align='left'>Meaning</ttcol>
      <c>0 (0x01)</c>
      <c>URG</c>
      <c>Urgent-priority scheduling.</c>
      <c>1 (0x02)</c>
      <c>ENC</c>
      <c>Payload is AEAD-encrypted.</c>
      <c>2 (0x04)</c>
      <c>COMP</c>
      <c>Payload is compressed.</c>
      <c>3 (0x08)</c>
      <c>FRAG</c>
      <c>Frame is a fragment of a larger logical message.</c>
</texttable>

</section>
<section anchor="extension-tlvs"><name>Extension TLVs</name>

<t>Zero or more Type-Length-Value (TLV) extensions <bcp14>MAY</bcp14> accompany a frame. Each TLV
is encoded as:</t>

<figure title="Extension TLV encoding"><artwork><![CDATA[
+---------+---------+-----------+
| Type    | Length  | Value     |
| 16 bits | 16 bits | Length B  |
+---------+---------+-----------+
]]></artwork></figure>

<t>Type and Length are 16-bit unsigned integers in network byte order; Length is the
byte count of Value (0 to 65535). A receiver that encounters an unknown TLV whose
Type has the high bit (0x8000) clear <bcp14>MUST</bcp14> ignore that TLV. A receiver that
encounters an unknown TLV whose Type has the high bit (0x8000) set <bcp14>MUST</bcp14> treat it
as a forward-incompatible extension and reject the frame. The TLV type registry
maintained by this specification is given in <xref target="tlv-registry"/>.</t>

</section>
<section anchor="payload-encoding"><name>Payload Encoding</name>

<t>The payload carries a frame-type-specific body. The body <bcp14>MAY</bcp14> be encoded in a
binary serialization, in deterministic CBOR <xref target="RFC8949"/>, or as raw octets. The
selected encoding is signaled within the channel-local interpretation of the
Frame Type field.</t>

</section>
<section anchor="frame-types"><name>Reserved Frame Types</name>

<t>Each channel defines its own frame types in the 0x0000-0xFFFF space. The
following frame types are reserved across all channels and have the same meaning
on every channel:</t>

<texttable title="Reserved frame types (all channels)">
      <ttcol align='left'>Type</ttcol>
      <ttcol align='left'>Name</ttcol>
      <ttcol align='left'>Description</ttcol>
      <c>0x0000</c>
      <c>(reserved)</c>
      <c>Reserved; <bcp14>MUST NOT</bcp14> be used as a frame type.</c>
      <c>0x0001</c>
      <c>PING</c>
      <c>Liveness probe.</c>
      <c>0x0002</c>
      <c>PONG</c>
      <c>Reply to PING.</c>
      <c>0x0003</c>
      <c>CLOSE</c>
      <c>Authenticated close; AEAD-protected.</c>
      <c>0x0004</c>
      <c>CLOSE_ACK</c>
      <c>Reply to CLOSE.</c>
      <c>0x0005</c>
      <c>ERROR</c>
      <c>Error report; AEAD-protected.</c>
      <c>0x0006</c>
      <c>KEY_UPDATE</c>
      <c>Initiate key update for this (channel, direction).</c>
      <c>0x0007</c>
      <c>KEY_UPDATE_ACK</c>
      <c>Acknowledge key update.</c>
      <c>0x0008</c>
      <c>PATH_CHALLENGE</c>
      <c>Path-migration challenge.</c>
      <c>0x0009</c>
      <c>PATH_RESPONSE</c>
      <c>Path-migration response.</c>
      <c>0x000A</c>
      <c>FLOW_UPDATE</c>
      <c>Connection-level flow-control credit update.</c>
</texttable>

<t>Channel-specific frame types begin at 0x0100 within each channel's frame
namespace. Frame-type code points at or above 0x0030 that are not reserved here,
and in particular the ranges enumerated in <xref target="extension-points"/>, are reserved
for extensions defined in companion specifications.</t>

<t>The Control channel (0x0000) assigns the following channel-specific frame types for
the N-PAMP handshake (<xref target="handshake"/>):</t>

<texttable title="Control-channel handshake frame types">
      <ttcol align='left'>Type</ttcol>
      <ttcol align='left'>Name</ttcol>
      <ttcol align='left'>Description</ttcol>
      <c>0x0100</c>
      <c>CLIENT_HELLO</c>
      <c>First handshake flight (client); cleartext.</c>
      <c>0x0101</c>
      <c>SERVER_HELLO</c>
      <c>Second handshake flight (server); cleartext.</c>
      <c>0x0102</c>
      <c>SERVER_AUTH</c>
      <c>Server authentication flight; AEAD-protected.</c>
      <c>0x0103</c>
      <c>CLIENT_AUTH</c>
      <c>Client authentication flight; AEAD-protected.</c>
</texttable>

</section>
<section anchor="close-frame"><name>CLOSE Frame</name>

<t>A CLOSE frame is authenticated like any other frame. A receiver <bcp14>MUST</bcp14> verify the
AEAD tag before honoring a close. An unauthenticated or forged CLOSE frame <bcp14>MUST</bcp14>
be dropped and <bcp14>SHOULD</bcp14> be counted as a security event.</t>

</section>
</section>
<section anchor="channel-architecture"><name>Channel Architecture</name>

<t>N-PAMP multiplexes traffic over channels identified by a 16-bit Channel ID. Each
channel carries one class of agent traffic and has an independent
per-direction sequence space and independent traffic keys
(<xref target="cryptographic-suites"/>). A peer that has not advertised a channel during the
handshake <bcp14>MUST NOT</bcp14> receive frames on that channel; frames on an unadvertised
channel <bcp14>MUST</bcp14> be dropped.</t>

<section anchor="channel-registry"><name>Core Channel Registry</name>

<t>The following channels are defined and maintained by this specification:</t>

<texttable title="Core channel registry">
      <ttcol align='left'>ID</ttcol>
      <ttcol align='left'>Name</ttcol>
      <ttcol align='left'>Purpose</ttcol>
      <ttcol align='left'>Min Profile</ttcol>
      <ttcol align='left'>Direction</ttcol>
      <c>0x0000</c>
      <c>Control</c>
      <c>Connection control, handshake completion, capability epoch</c>
      <c>Standard</c>
      <c>Bidirectional</c>
      <c>0x0001</c>
      <c>Memory</c>
      <c>Persistent-state create/read/update/delete and retrieval</c>
      <c>Standard</c>
      <c>Multi-stream</c>
      <c>0x0002</c>
      <c>Capability</c>
      <c>Capability issuance, delegation, revocation, lookup</c>
      <c>Standard</c>
      <c>Bidirectional</c>
      <c>0x0003</c>
      <c>Identity</c>
      <c>Identity resolution, attestation, presence</c>
      <c>Standard</c>
      <c>Bidirectional</c>
      <c>0x0004</c>
      <c>Governance</c>
      <c>Policy proposals, votes, quorum closure</c>
      <c>High</c>
      <c>Bidirectional</c>
      <c>0x0005</c>
      <c>Immune</c>
      <c>Anomaly reports and defensive gossip</c>
      <c>Standard</c>
      <c>Bidirectional</c>
      <c>0x0006</c>
      <c>Federation</c>
      <c>Cross-instance synchronization and gossip</c>
      <c>High</c>
      <c>Multi-stream</c>
      <c>0x0007</c>
      <c>Settlement</c>
      <c>Agent-to-agent settlement and receipts</c>
      <c>Standard</c>
      <c>Bidirectional</c>
      <c>0x0008</c>
      <c>Compliance</c>
      <c>Attestation and regulatory export</c>
      <c>High</c>
      <c>Bidirectional</c>
      <c>0x0009</c>
      <c>Sensory</c>
      <c>Bulk telemetry and low-priority observations</c>
      <c>High</c>
      <c>Multi-stream</c>
      <c>0x000A</c>
      <c>Telemetry</c>
      <c>Operational metrics and health reporting</c>
      <c>Standard</c>
      <c>Bidirectional</c>
      <c>0x000B</c>
      <c>Audit</c>
      <c>Audit-epoch commitments and transparency-log entries</c>
      <c>Sovereign</c>
      <c>Bidirectional</c>
      <c>0x000C</c>
      <c>Stream</c>
      <c>Multiplexed full-duplex streaming (tokens, audio, video, file transfer)</c>
      <c>Standard</c>
      <c>Multi-stream</c>
      <c>0x000D</c>
      <c>Bridge</c>
      <c>Encapsulation of external agent protocols within N-PAMP frames</c>
      <c>Standard</c>
      <c>Bidirectional</c>
      <c>0x000E</c>
      <c>Commerce</c>
      <c>Multi-party agentic commerce and payment mandates</c>
      <c>Standard</c>
      <c>Bidirectional</c>
      <c>0x000F</c>
      <c>Interaction</c>
      <c>Agent-to-human user-interface events</c>
      <c>Standard</c>
      <c>Bidirectional</c>
      <c>0x0010</c>
      <c>Discovery</c>
      <c>Agent, tool, and service discovery and capability advertisement</c>
      <c>Standard</c>
      <c>Bidirectional</c>
      <c>0x0011</c>
      <c>Workflow</c>
      <c>Multi-agent orchestration and task delegation</c>
      <c>Standard</c>
      <c>Bidirectional</c>
      <c>0x0012</c>
      <c>Knowledge</c>
      <c>Retrieval queries with ranked results and provenance</c>
      <c>Standard</c>
      <c>Multi-stream</c>
      <c>0x0013</c>
      <c>Spatial</c>
      <c>Physical-world state for robotics and IoT (high-frequency)</c>
      <c>High</c>
      <c>Multi-stream</c>
</texttable>

<t>The Min Profile column gives the lowest profile at which a channel may be
enabled; a channel is available at that profile and at every higher profile
(for example, a "High" channel is available at High and Sovereign). The Audit
channel is enabled by default only at Sovereign; other profiles <bcp14>MAY</bcp14> enable it.
The Control and Immune channels <bcp14>SHOULD</bcp14> be scheduled at higher priority than bulk
channels (Memory, Sensory, Telemetry) during congestion.</t>

<t>All N-PAMP channels are full-duplex: each peer maintains an independent send and
receive sequence space and independent per-direction traffic keys, so both peers
<bcp14>MAY</bcp14> transmit on a channel simultaneously. The Direction column classifies each
channel as follows:</t>

<texttable title="Channel directionality">
      <ttcol align='left'>Direction</ttcol>
      <ttcol align='left'>Meaning</ttcol>
      <c>Bidirectional</c>
      <c>Both peers send and receive frames on a single stream.</c>
      <c>Multi-stream</c>
      <c>Bidirectional, and the channel <bcp14>MAY</bcp14> open multiple concurrent transport streams within its stream family.</c>
</texttable>

<t>The Stream channel (0x000C) provides general-purpose multiplexed full-duplex
streaming, carrying concurrent bidirectional sub-streams (for example token,
audio, video, and file-transfer streams), each with independent flow control.</t>

<t>Channel IDs not listed in <xref target="channel-registry"/>, and in particular the ranges
enumerated in <xref target="extension-points"/>, are reserved for extensions defined in
companion specifications.</t>

</section>
</section>
<section anchor="profile-negotiation"><name>Profile Negotiation</name>

<t>N-PAMP defines three security profiles. The profiles share one wire format and
differ in the cryptographic primitives and operational requirements they
mandate. Each profile is an escalation of the previous one in cryptographic
strength.</t>

<texttable title="Security profiles">
      <ttcol align='left'>Profile</ttcol>
      <ttcol align='left'>Code</ttcol>
      <ttcol align='left'>Summary</ttcol>
      <c>Standard</c>
      <c>0x01</c>
      <c>Baseline hybrid post-quantum security.</c>
      <c>High</c>
      <c>0x02</c>
      <c>Stronger KEM parameters and stronger hash; downgrade refusal to Standard.</c>
      <c>Sovereign</c>
      <c>0x03</c>
      <c>Highest standard-crypto strength; downgrade refusal below Sovereign.</c>
</texttable>

<t>Profile code points 0x00 and 0x04-0xFF are reserved by this specification.</t>

<t>The profile is offered by the client and selected by the server during the
handshake, and is carried in the handshake transcript. Because the profile is
part of the transcript that the Finished MAC covers, an attacker who strips a
profile from the offer or forces a lower selection invalidates the MAC and
aborts the handshake.</t>

<t>The profile invariants are:</t>

<texttable title="Profile invariants">
      <ttcol align='left'>Property</ttcol>
      <ttcol align='left'>Standard</ttcol>
      <ttcol align='left'>High</ttcol>
      <ttcol align='left'>Sovereign</ttcol>
      <c>Minimum KEM</c>
      <c>X25519MLKEM768</c>
      <c>X25519MLKEM1024</c>
      <c>X25519MLKEM1024</c>
      <c>Allowed signatures</c>
      <c>Ed25519</c>
      <c>Ed25519, ML-DSA-87</c>
      <c>ML-DSA-87</c>
      <c>KDF hash</c>
      <c>SHA-256</c>
      <c>SHA-384</c>
      <c>SHA-384</c>
      <c>Per-frame AEAD diversification</c>
      <c>Off</c>
      <c>On</c>
      <c>On</c>
      <c>Downgrade refusal</c>
      <c>Off</c>
      <c>Refuses Standard</c>
      <c>Refuses below Sovereign</c>
      <c>Mandatory key update</c>
      <c>Yes</c>
      <c>Yes (tighter bounds)</c>
      <c>Yes (tightest bounds)</c>
</texttable>

<t>The server <bcp14>MUST</bcp14> select a profile from the client's offered set. The selected
profile <bcp14>MUST</bcp14> be no lower than the server's configured minimum acceptable peer
profile. A Sovereign server with a minimum acceptable peer profile of Sovereign
completes a handshake only when the client offers Sovereign and Sovereign is
selected.</t>

<t>A High or Sovereign endpoint <bcp14>MAY</bcp14> interoperate with a lower-profile peer for
read-only or capability-discovery operations when local policy permits, by
accepting a lower selected profile; otherwise it refuses the downgrade as shown
above.</t>

</section>
<section anchor="cryptographic-suites"><name>Cryptographic Suites</name>

<t>All cryptographic primitives used by N-PAMP are published standards.</t>

<section anchor="key-encapsulation-mechanisms"><name>Key Encapsulation Mechanisms</name>

<texttable title="KEM code points">
      <ttcol align='left'>Code point</ttcol>
      <ttcol align='left'>Name</ttcol>
      <ttcol align='left'>Profiles</ttcol>
      <c>0x11ec</c>
      <c>X25519MLKEM768</c>
      <c>Standard, High</c>
      <c>0x11ed</c>
      <c>X25519MLKEM1024</c>
      <c>High, Sovereign</c>
</texttable>

<t>Both are hybrid KEMs combining X25519 ECDH with ML-KEM <xref target="FIPS203"/> (ML-KEM-768
and ML-KEM-1024, respectively). The two shared secrets are concatenated as
(ML-KEM shared secret || X25519 shared secret) and supplied as input keying
material to HKDF-Extract <xref target="RFC5869"/>. The ML-KEM shared secret is placed first so
the FIPS-approved key-establishment output leads the HKDF input (<xref target="SP800-56C"/>),
matching the X25519MLKEM768 construction of <xref target="I-D.ietf-tls-ecdhe-mlkem"/>.
The suite name lists X25519 first, but the shared-secret concatenation and the
on-wire KEMShare/KEMCiphertext layout are ML-KEM-first. The Sovereign profile
<bcp14>MUST NOT</bcp14> accept X25519MLKEM768.</t>

</section>
<section anchor="authenticated-encryption"><name>Authenticated Encryption</name>

<texttable title="AEAD code points">
      <ttcol align='left'>Code point</ttcol>
      <ttcol align='left'>Name</ttcol>
      <ttcol align='left'>Key</ttcol>
      <ttcol align='left'>Nonce</ttcol>
      <ttcol align='left'>Tag</ttcol>
      <c>0x0001</c>
      <c>AES-256-GCM</c>
      <c>32</c>
      <c>12</c>
      <c>16</c>
      <c>0x0002</c>
      <c>ChaCha20-Poly1305</c>
      <c>32</c>
      <c>12</c>
      <c>16</c>
</texttable>

<t>AES-256-GCM is used as specified for AEAD ciphers in <xref target="RFC5116"/>;
ChaCha20-Poly1305 is used as specified in <xref target="RFC8439"/>. Endpoints operating at the
High and Sovereign profiles <bcp14>MUST</bcp14> support both AEAD suites because per-frame AEAD
diversification at those profiles selects between them. Endpoints operating at
the Standard profile <bcp14>MUST</bcp14> support at least one of the two.</t>

</section>
<section anchor="signatures"><name>Signatures</name>

<texttable title="Signature code points">
      <ttcol align='left'>Code point</ttcol>
      <ttcol align='left'>Name</ttcol>
      <ttcol align='left'>Usage</ttcol>
      <ttcol align='left'>Profiles</ttcol>
      <c>0x0807</c>
      <c>Ed25519</c>
      <c>Identity, capability tokens</c>
      <c>All</c>
      <c>0x0905</c>
      <c>ML-DSA-87</c>
      <c>Identity, audit epoch</c>
      <c>High, Sovereign</c>
</texttable>

<t>Ed25519 is used as specified in <xref target="RFC8032"/>. ML-DSA-87 is the
module-lattice-based digital signature algorithm standardized in <xref target="FIPS204"/>. The
Sovereign profile uses ML-DSA-87 for identity and audit signatures.</t>

</section>
<section anchor="key-derivation-and-hashing"><name>Key Derivation and Hashing</name>

<t>All key derivation uses HKDF <xref target="RFC5869"/>. The KDF hash is SHA-256 at the Standard
profile and SHA-384 at the High and Sovereign profiles. The HKDF-Expand-Label
construction follows TLS 1.3 <xref target="RFC8446"/>, with the literal label prefix "n-pamp "
(with the trailing space) in place of TLS 1.3's "tls13 ", providing domain
separation from TLS 1.3, from QUIC, and from earlier N-PAMP versions. A conforming
implementation <bcp14>MUST</bcp14> use the "n-pamp " prefix; use of the "tls13 " prefix is
non-conformant. The full key-schedule ladder is specified in <xref target="key-schedule"/>.</t>

</section>
<section anchor="key-schedule-and-nonces"><name>Key Schedule and Nonces</name>

<t>Traffic secrets are derived per (direction, epoch, AEAD suite, channel) tuple, so
that no two distinct contexts share a key. Each traffic secret yields an AEAD
key, an AEAD initialization vector, and a header-protection key by
HKDF-Expand-Label. The per-frame nonce is the AEAD IV exclusive-ORed with the
left-zero-padded sequence number, identical in form to the construction used in
TLS 1.3 <xref target="RFC8446"/> and QUIC <xref target="RFC9001"/>. This namespace partitioning prevents
cross-direction, cross-suite, and cross-channel nonce reuse, and supports forward
secrecy: on key update, traffic secrets for the new epoch are derived afresh and
the prior epoch's secrets are zeroized.</t>

</section>
<section anchor="random-number-generation"><name>Random Number Generation</name>

<t>All randomness that participates in security <bcp14>MUST</bcp14> come from a cryptographically
secure random number generator. Implementations <bcp14>MUST NOT</bcp14> use a non-cryptographic
source for any field that participates in security.</t>

</section>
</section>
<section anchor="handshake"><name>Handshake</name>

<t>The N-PAMP handshake is a 1.5-RTT, mutually-authenticated exchange of four frames
on the Control channel (0x0000, sequence 0), after which both peers are
authenticated and a forward-secure key schedule is established. It reuses TLS 1.3
<xref target="RFC8446"/> constructions (HKDF-Expand-Label, CertificateVerify, Finished) with
N-PAMP framing and context; each divergence from TLS 1.3 is noted inline in the
relevant subsection below. One construction serves all three profiles; a profile
selects a parameter row (see <xref target="profile-negotiation"/> and <xref target="cryptographic-suites"/>),
so H and HashLen below are read from the negotiated profile.</t>

<section anchor="message-flow"><name>Message Flow</name>

<texttable title="Handshake flights">
      <ttcol align='left'>Flight</ttcol>
      <ttcol align='left'>Frame</ttcol>
      <ttcol align='left'>Type</ttcol>
      <ttcol align='left'>TLVs (in order)</ttcol>
      <ttcol align='left'>Encryption</ttcol>
      <c>1</c>
      <c>CLIENT_HELLO</c>
      <c>0x0100</c>
      <c>ProfileOffer, KEMOffer, SigOffer, AEADOffer, KEMShare</c>
      <c>cleartext</c>
      <c>2</c>
      <c>SERVER_HELLO</c>
      <c>0x0101</c>
      <c>ProfileSelect, KEMSelect, SigSelect, AEADSelect, KEMCiphertext</c>
      <c>cleartext</c>
      <c>2</c>
      <c>SERVER_AUTH</c>
      <c>0x0102</c>
      <c>IdentityKey, CertVerify, Finished</c>
      <c>AEAD-sealed</c>
      <c>3</c>
      <c>CLIENT_AUTH</c>
      <c>0x0103</c>
      <c>IdentityKey, CertVerify, Finished</c>
      <c>AEAD-sealed</c>
</texttable>

<t>There is no separate Finished frame; the Finished MAC is a TLV inside each AUTH
frame. Each frame is a standard 36-octet N-PAMP frame (<xref target="wire-format"/>) on channel
0x0000 with sequence 0; the AUTH frames set FlagENC and are AEAD-sealed
(<xref target="auth-frame-sealing"/>). A server reaches the Established state only after it has
verified CLIENT_AUTH; the master secret is derived at the client-authentication
boundary.</t>

</section>
<section anchor="transcript"><name>Transcript</name>

<t>The handshake transcript is a running byte buffer; a transcript hash is H over all
bytes absorbed so far. Unlike TLS 1.3 <xref target="RFC8446"/> Section 4.4.1, which hashes whole
handshake messages, N-PAMP absorbs at per-TLV granularity and absorbs only the
2-octet big-endian frame type of each frame: the remaining 34 header octets and the
AEAD tag are NOT absorbed. For each frame, the 2-octet frame type is absorbed,
followed by each of that frame's TLVs in canonical Type(2) || Length(2) || Value
form, in order. Five transcript hashes are named:</t>

<texttable title="Handshake transcript hashes">
      <ttcol align='left'>Symbol</ttcol>
      <ttcol align='left'>Absorbed through</ttcol>
      <ttcol align='left'>Used by</ttcol>
      <c>TH_kem</c>
      <c>CLIENT_HELLO and SERVER_HELLO TLVs</c>
      <c>handshake-secret labels</c>
      <c>TH_sId</c>
      <c>... server IdentityKey</c>
      <c>server CertVerify signs this</c>
      <c>TH_sCV</c>
      <c>... server CertVerify (excludes server Finished)</c>
      <c>server Finished MACs this</c>
      <c>TH_cId</c>
      <c>... server Finished, CLIENT_AUTH, client IdentityKey</c>
      <c>client CertVerify signs this</c>
      <c>TH_cCV</c>
      <c>... client CertVerify (excludes client Finished)</c>
      <c>client Finished MACs this; master derived from this</c>
</texttable>

<t>Because both peers absorb the identical decoded on-wire TLV bytes, their transcripts
are byte-identical.</t>

</section>
<section anchor="key-schedule"><name>Key Schedule</name>

<t>The key schedule is a single HKDF-Extract <xref target="RFC5869"/> followed by sibling
HKDF-Expand-Label derivations (simpler than TLS 1.3 <xref target="RFC8446"/> Section 7.1's
three-stage chain; N-PAMP defines no PSK or 0-RTT in this binding).
HKDF-Expand-Label is as in TLS 1.3 Section 7.1 with the N-PAMP label prefix
"n-pamp " (with the trailing space) in place of "tls13 ":</t>

<figure><artwork><![CDATA[
HKDF-Expand-Label(Secret, Label, Context, Length) =
    HKDF-Expand(Secret, HkdfLabel, Length)
HkdfLabel = uint16(Length) || opaque("n-pamp " || Label)
                           || opaque(Context)
]]></artwork></figure>

<t>The KEM output (<xref target="cryptographic-suites"/>) is the 64-octet value
(ML-KEM shared secret || X25519 shared secret), fed directly as input keying
material:</t>

<figure><artwork><![CDATA[
handshake_secret = HKDF-Extract(salt = HashLen zero octets,
                                IKM  = ML-KEM_SS || X25519_SS)
c_hs_secret = HKDF-Expand-Label(handshake_secret,
                                "c hs", TH_kem, HashLen)
s_hs_secret = HKDF-Expand-Label(handshake_secret,
                                "s hs", TH_kem, HashLen)
master      = HKDF-Expand-Label(handshake_secret,
                                "master", TH_cCV, HashLen)
]]></artwork></figure>

<t>The Extract salt is HashLen zero octets (the <xref target="RFC5869"/> default). The master secret
is derived only at the client-authentication boundary, from TH_cCV. Handshake-phase
traffic keys descend from c_hs_secret and s_hs_secret; application-phase traffic
keys descend from master, using the traffic-secret construction of
<xref target="cryptographic-suites"/>. Because the parents differ, an identical
(direction, epoch, suite, channel) tuple yields different (key, iv) across the
handshake and application phases, so no (key, nonce) pair is shared across phases.</t>

</section>
<section anchor="authentication"><name>Authentication</name>

<section anchor="certverify"><name>CertVerify</name>

<t>The CertVerify TLV (0x0A) carries a signature over the transcript, structured as in
TLS 1.3 <xref target="RFC8446"/> Section 4.4.3 with N-PAMP context strings:</t>

<figure><artwork><![CDATA[
signing_input = (0x20 x 64) || context || 0x00 || transcript_hash
context (server) = "N-PAMP draft-00, server CertificateVerify"
context (client) = "N-PAMP draft-00, client CertificateVerify"
]]></artwork></figure>

<t>The context strings are fixed protocol constants (they are the values bound into
the reference implementations and the interoperability test vectors) and do not
change with the Internet-Draft revision number. The signed transcript_hash is TH_sId
(server) or TH_cId (client): the transcript through the signer's own IdentityKey,
before its own CertVerify. The TLV value is the 2-octet SignatureScheme (Ed25519 =
0x0807) followed by the signature, whose length is delimited by the TLV Length. A
verifier <bcp14>MUST</bcp14> reject a signature scheme it did not negotiate and <bcp14>MUST</bcp14> check the
role: the differing context string makes a server CertVerify unusable as a client
CertVerify.</t>

</section>
<section anchor="finished"><name>Finished</name>

<t>The Finished TLV (0x0B) carries an HMAC per TLS 1.3 <xref target="RFC8446"/> Section 4.4.4, keyed
by the sender's handshake traffic secret:</t>

<figure><artwork><![CDATA[
finished_key = HKDF-Expand-Label(BaseKey, "finished", "", HashLen)
verify_data  = HMAC(finished_key, transcript_hash)
]]></artwork></figure>

<t>BaseKey is c_hs_secret or s_hs_secret per direction; the HMAC hash is H. The MAC'd
transcript_hash is TH_sCV (server) or TH_cCV (client): the transcript through the
signer's own CertVerify, excluding its own Finished. The verify_data length is
HashLen. Verification <bcp14>MUST</bcp14> be constant-time and <bcp14>MUST</bcp14> abort on mismatch.</t>

</section>
<section anchor="auth-frame-sealing"><name>AUTH-Frame Sealing</name>

<t>SERVER_AUTH and CLIENT_AUTH are sealed with the negotiated AEAD under the
per-direction handshake key and IV (<xref target="key-schedule"/>): FlagENC is set, Channel is
0x0000, and Seq is 0. The AAD is the 21-octet frame header prefix and the nonce is
the IV exclusive-ORed with the sequence number, as in <xref target="cryptographic-suites"/>. On
open, exactly three TLVs -- IdentityKey, CertVerify, Finished, in that order -- <bcp14>MUST</bcp14>
be present.</t>

</section>
<section anchor="handshake-downgrade"><name>Downgrade Protection</name>

<t>The negotiated profile and algorithm selections are carried in the cleartext
CLIENT_HELLO and SERVER_HELLO and are absorbed into the transcript that both the
Finished MAC and CertVerify cover. Stripping a profile from an offer, or forcing a
lower selection, therefore invalidates the Finished MAC and aborts the handshake.
N-PAMP uses this transcript binding for downgrade protection rather than a
TLS-style ServerHello.Random sentinel.</t>

</section>
</section>
</section>
<section anchor="extension-points"><name>Extension Points</name>

<t>N-PAMP reserves code-point ranges for extensions defined in companion
specifications. The core protocol in this document neither defines nor requires
any extension; it only reserves the ranges below so that extensions can be
specified without colliding with the core wire format. The algorithms and
semantics that occupy these ranges are out of scope for this document and are
defined in companion specifications.</t>

<section anchor="reserved-frame-type-ranges"><name>Reserved Frame-Type Ranges</name>

<t>The following per-channel frame-type code points are reserved for extensions
defined in companion specifications:</t>

<texttable title="Reserved frame-type ranges (companion specifications)">
      <ttcol align='left'>Range</ttcol>
      <ttcol align='left'>Reserved for</ttcol>
      <c>0x0035 - 0x0036</c>
      <c>Memory-channel eviction and revive extension frames</c>
      <c>0x0060 - 0x0063</c>
      <c>Capability-channel token extension frames</c>
      <c>0x0080 - 0x0080</c>
      <c>Control-channel flow-extension frames</c>
      <c>0x0090 - 0x0090</c>
      <c>Audit-channel per-frame integrity-extension frames</c>
      <c>0x00A0 - 0x00A3</c>
      <c>Settlement/Audit batch-commitment extension frames</c>
      <c>0x00B0 - 0x00B4</c>
      <c>Governance-channel quorum extension frames</c>
      <c>0x00C0 - 0x00C4</c>
      <c>Immune-channel propagation extension frames</c>
</texttable>

</section>
<section anchor="reserved-tlv-tags"><name>Reserved TLV Tags</name>

<t>The TLV types 0x0010, 0x0013, and 0x0014 are reserved for extension TLVs defined
in companion specifications. TLV types in the range 0x8000-0xFFFF remain reserved
as forward-incompatible extension points per <xref target="wire-format"/>.</t>

</section>
<section anchor="reserved-channel-id-range"><name>Reserved Channel-ID Range</name>

<t>Channel IDs in the range 0x0014-0xFFFF are reserved. Channels 0x0014-0x001F are
reserved for future core additions by this specification; 0x0020-0xEFFF are
reserved for extension channels defined in companion specifications; 0xF000-0xFFFE
are GREASE values that receivers <bcp14>MUST</bcp14> ignore; and 0xFFFF <bcp14>MUST NOT</bcp14> appear on the
wire. The specific extension assignments are out of scope for this document.</t>

<t>No algorithms, parameters, or semantics for any reserved range are defined in
this document.</t>

</section>
</section>
<section anchor="iana-considerations"><name>IANA Considerations</name>

<section anchor="alpn-protocol-identifier"><name>ALPN Protocol Identifier</name>

<t>IANA has registered the following value in the "TLS Application-Layer Protocol
Negotiation (ALPN) Protocol IDs" registry established by <xref target="RFC7301"/>. The
registration was made under an earlier version of this document; IANA is requested
to update its reference to the current version:</t>

<texttable title="ALPN registration (n-pamp/2)">
      <ttcol align='left'>Protocol</ttcol>
      <ttcol align='left'>Identification Sequence</ttcol>
      <ttcol align='left'>Reference</ttcol>
      <c>N-PAMP, wire major version 2</c>
      <c>0x6E 0x2D 0x70 0x61 0x6D 0x70 0x2F 0x32 ("n-pamp/2")</c>
      <c>(this document)</c>
</texttable>

<t>The identification sequence is the 8-octet UTF-8 string "n-pamp/2". The trailing
digit "2" equals the N-PAMP wire major version (the value 0x02 carried in the Ver
field of the frame header, <xref target="wire-format"/>). The registration policy for the ALPN
registry is Expert Review <xref target="RFC8126"/>.</t>

<t>The earlier identifier "n-pamp/1" is deprecated. Implementations <bcp14>SHOULD NOT</bcp14>
negotiate "n-pamp/1" for new associations. Future wire major versions will use
distinct ALPN identifiers (for example, "n-pamp/3").</t>

</section>
<section anchor="uri-scheme-registration"><name>URI Scheme Registration</name>

<t>The "npamp" URI scheme has been provisionally registered in the "Uniform Resource
Identifier (URI) Schemes" registry, following the template and the
provisional-registration procedure (First Come First Served) of <xref target="RFC7595"/>, under
an earlier version of this document; IANA is requested to update its reference to
the current version. The registration template follows:</t>

<t><strong>Scheme name:</strong> npamp</t>

<t><strong>Status:</strong> Provisional</t>

<t><strong>Applications/protocols that use this scheme:</strong> The protocol defined in this
document (N-PAMP). An "npamp" URI names an N-PAMP endpoint and an optional
resource path within that endpoint.</t>

<t><strong>URI scheme syntax:</strong> The "npamp" scheme uses the generic URI syntax of
<xref target="RFC3986"/>:</t>

<figure><sourcecode type="abnf"><![CDATA[
npamp-URI = "npamp://" authority path-abempty [ "?" query ]
]]></sourcecode></figure>

<t>where "authority", "path-abempty", and "query" are as defined in <xref target="RFC3986"/>. The
"authority" component identifies the N-PAMP endpoint (host and optional port).
N-PAMP does not reserve a fixed default port; the underlying transport is
negotiated as described in <xref target="protocol-overview"/>.</t>

<t><strong>Encoding considerations:</strong> "npamp" URIs are processed as defined in
<xref target="RFC3986"/>; non-ASCII characters in the path or query components are
percent-encoded UTF-8 octets.</t>

<t><strong>Interoperability considerations:</strong> None beyond those of <xref target="RFC3986"/>. The scheme
carries no protocol semantics of its own; all behavior is defined by N-PAMP.</t>

<t><strong>Security considerations:</strong> See <xref target="security-considerations"/>. An "npamp" URI is
only an identifier. Connecting to an "npamp" endpoint invokes the N-PAMP
handshake and its authentication, confidentiality, and downgrade protections;
dereferencing an "npamp" URI <bcp14>MUST NOT</bcp14> bypass the security profile negotiated by
N-PAMP.</t>

<t><strong>Contact:</strong> Shawn Sammartano, BubbleFish Technologies, Inc.</t>

<t><strong>Change controller:</strong> Shawn Sammartano, BubbleFish Technologies, Inc.</t>

<t><strong>Reference:</strong> This document.</t>

</section>
<section anchor="registries-maintained-by-this-specification"><name>Registries Maintained by This Specification</name>

<t>The N-PAMP channel registry (<xref target="channel-registry"/>), the frame-type registry
(<xref target="frame-types"/>), and the TLV type registry (<xref target="tlv-registry"/>) are defined and
maintained within this specification. Because this document is published through
the Independent Submission stream, it does not request the creation of new
IANA-hosted registries for these code points; the registries are normative within
this document and are extended by companion specifications and by future
revisions of this document, not by IANA registration actions.</t>

</section>
<section anchor="tlv-registry"><name>TLV Type Registry</name>

<t>The following TLV tags are defined by this specification. Tags marked "reserved"
are described in <xref target="extension-points"/>.</t>

<texttable title="TLV type registry">
      <ttcol align='left'>Tag</ttcol>
      <ttcol align='left'>Name</ttcol>
      <ttcol align='left'>Length</ttcol>
      <ttcol align='left'>Description</ttcol>
      <c>0x01</c>
      <c>ProfileOffer</c>
      <c>var</c>
      <c>Profiles offered by the client, one octet per profile (handshake only).</c>
      <c>0x02</c>
      <c>ProfileSelect</c>
      <c>1</c>
      <c>Profile selected by the server (handshake only).</c>
      <c>0x03</c>
      <c>KEMOffer</c>
      <c>var</c>
      <c>KEMs offered by the client.</c>
      <c>0x04</c>
      <c>KEMSelect</c>
      <c>2</c>
      <c>KEM selected by the server.</c>
      <c>0x05</c>
      <c>SigOffer</c>
      <c>var</c>
      <c>Signature algorithms offered.</c>
      <c>0x06</c>
      <c>SigSelect</c>
      <c>2</c>
      <c>Signature algorithm selected.</c>
      <c>0x07</c>
      <c>KEMShare</c>
      <c>var</c>
      <c>Public KEM share.</c>
      <c>0x08</c>
      <c>KEMCiphertext</c>
      <c>var</c>
      <c>KEM encapsulation ciphertext.</c>
      <c>0x09</c>
      <c>IdentityKey</c>
      <c>var</c>
      <c>Sender's identity public key (handshake AUTH; see <xref target="handshake"/>).</c>
      <c>0x0A</c>
      <c>CertVerify</c>
      <c>var</c>
      <c>Signature over the transcript (handshake AUTH; see <xref target="handshake"/>).</c>
      <c>0x0B</c>
      <c>Finished</c>
      <c>var</c>
      <c>HashLen-octet Finished MAC (handshake AUTH; see <xref target="handshake"/>).</c>
      <c>0x0C</c>
      <c>AEADOffer</c>
      <c>var</c>
      <c>AEAD suites offered by the client (handshake only).</c>
      <c>0x0D</c>
      <c>AEADSelect</c>
      <c>2</c>
      <c>AEAD suite selected by the server (handshake only).</c>
      <c>0x10</c>
      <c>(reserved)</c>
      <c>var</c>
      <c>Reserved for a companion specification.</c>
      <c>0x12</c>
      <c>AnomalyCharge</c>
      <c>32</c>
      <c>Per-frame integrity charge.</c>
      <c>0x13</c>
      <c>(reserved)</c>
      <c>var</c>
      <c>Reserved for a companion specification.</c>
      <c>0x14</c>
      <c>(reserved)</c>
      <c>32</c>
      <c>Reserved for a companion specification (handshake only).</c>
      <c>0x15</c>
      <c>PathChallenge</c>
      <c>32</c>
      <c>Path-migration challenge nonce.</c>
      <c>0x16</c>
      <c>PathResponse</c>
      <c>64</c>
      <c>Path-migration response.</c>
      <c>0x17</c>
      <c>KeyUpdateMarker</c>
      <c>8</c>
      <c>Key-update epoch marker.</c>
      <c>0x18</c>
      <c>ProtectionMode</c>
      <c>1</c>
      <c>Protection-mode selector.</c>
      <c>0x8000-0xFFFF</c>
      <c>(reserved)</c>
      <c>--</c>
      <c>Forward-incompatible extension points (Type high bit set).</c>
</texttable>

</section>
</section>
<section anchor="security-considerations"><name>Security Considerations</name>

<t>This section follows the spirit of <xref target="RFC3552"/>. N-PAMP inherits the security
properties of its underlying transports, TLS 1.3 <xref target="RFC8446"/> and QUIC
<xref target="RFC9001"/>, and adds the considerations below.</t>

<section anchor="hybrid-key-establishment"><name>Hybrid Key Establishment</name>

<t>Every profile uses a hybrid KEM that concatenates an ML-KEM shared secret with an
X25519 shared secret <xref target="FIPS203"/> (ML-KEM first) before key derivation. The confidentiality of an
association is preserved as long as at least one of the two components remains
unbroken; an adversary must defeat both the classical and the post-quantum
component to recover traffic keys. N-PAMP makes no claim of unconditional or
"quantum-proof" security; it provides post-quantum hybrid security against the
adversaries addressed by its component primitives.</t>

</section>
<section anchor="downgrade-unknown-key-share-and-identity-substitution"><name>Downgrade, Unknown-Key-Share, and Identity Substitution</name>

<t>The negotiated profile, KEM, signature algorithm, AEAD suite(s), and both peer
identities are bound into the handshake transcript and confirmed by the Finished
MAC (<xref target="protocol-overview"/>, <xref target="profile-negotiation"/>). Altering any negotiated
parameter, stripping a profile from the offer, or substituting a peer identity
invalidates the Finished MAC and aborts the handshake. The High and Sovereign
profiles additionally refuse to complete at a profile below their configured
minimum.</t>

</section>
<section anchor="authenticated-encryption-and-nonce-management"><name>Authenticated Encryption and Nonce Management</name>

<t>All payloads are protected by AEAD <xref target="RFC5116"/>. Traffic keys are partitioned per
(direction, epoch, suite, channel), which structurally prevents nonce reuse
across directions, AEAD suites, and channels. AEAD tag verification <bcp14>MUST</bcp14> be
performed before any payload is processed, and equality comparisons of
authentication values <bcp14>MUST</bcp14> be constant-time to avoid timing side channels.</t>

</section>
<section anchor="replay"><name>Replay</name>

<t>Each (channel, direction) pair maintains a sliding replay window over sequence
numbers. Frames outside the window or already recorded within it <bcp14>MUST</bcp14> be
rejected. Where 0-RTT data is permitted, it <bcp14>MUST</bcp14> be limited to idempotent
operations and protected against replay by an anti-replay mechanism scoped to the
current epoch; the Sovereign profile disables 0-RTT entirely.</t>

</section>
<section anchor="forward-secrecy-and-key-update"><name>Forward Secrecy and Key Update</name>

<t>Endpoints <bcp14>MUST</bcp14> perform key updates within profile-specific bounds on elapsed
time, frames sent, and bytes protected, with the tightest bounds at the Sovereign
profile. On key update, the prior epoch's traffic secrets <bcp14>MUST</bcp14> be zeroized so
that compromise of the current epoch does not expose previously protected
traffic. Rotation of the master secret requires a fresh handshake.</t>

</section>
<section anchor="connection-migration"><name>Connection Migration</name>

<t>When carried over QUIC, an endpoint <bcp14>MUST</bcp14> validate a peer's new path with a
challenge-response exchange (PATH_CHALLENGE / PATH_RESPONSE) before accepting an
address change, to prevent off-path migration spoofing.</t>

</section>
<section anchor="authenticated-close"><name>Authenticated Close</name>

<t>CLOSE frames are AEAD-protected and <bcp14>MUST</bcp14> be verified before being honored, so
that an off-path attacker cannot tear down an association with a forged CLOSE.</t>

</section>
<section anchor="sec-extension-points"><name>Extension Points</name>

<t>The reserved code-point ranges in <xref target="extension-points"/> carry no algorithms or
semantics in this document. Any security properties of extensions occupying those
ranges are the responsibility of the companion specifications that define them and
are out of scope here.</t>

</section>
<section anchor="implementation-considerations"><name>Implementation Considerations</name>

<t>Where the wire format requires deterministic encoding (for example, deterministic
CBOR <xref target="RFC8949"/> or canonical integer encodings), implementations <bcp14>MUST</bcp14> produce
byte-identical output for identical inputs, because non-deterministic encodings
can invalidate transcript and integrity computations across peers.</t>

</section>
</section>


  </middle>

  <back>


<references title='References' anchor="sec-combined-references">

    <references title='Normative References' anchor="sec-normative-references">



<reference anchor="RFC2119">
  <front>
    <title>Key words for use in RFCs to Indicate Requirement Levels</title>
    <author fullname="S. Bradner" initials="S." surname="Bradner"/>
    <date month="March" year="1997"/>
    <abstract>
      <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="14"/>
  <seriesInfo name="RFC" value="2119"/>
  <seriesInfo name="DOI" value="10.17487/RFC2119"/>
</reference>
<reference anchor="RFC8174">
  <front>
    <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
    <author fullname="B. Leiba" initials="B." surname="Leiba"/>
    <date month="May" year="2017"/>
    <abstract>
      <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="14"/>
  <seriesInfo name="RFC" value="8174"/>
  <seriesInfo name="DOI" value="10.17487/RFC8174"/>
</reference>
<reference anchor="RFC5116">
  <front>
    <title>An Interface and Algorithms for Authenticated Encryption</title>
    <author fullname="D. McGrew" initials="D." surname="McGrew"/>
    <date month="January" year="2008"/>
    <abstract>
      <t>This document defines algorithms for Authenticated Encryption with Associated Data (AEAD), and defines a uniform interface and a registry for such algorithms. The interface and registry can be used as an application-independent set of cryptoalgorithm suites. This approach provides advantages in efficiency and security, and promotes the reuse of crypto implementations. [STANDARDS-TRACK]</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="5116"/>
  <seriesInfo name="DOI" value="10.17487/RFC5116"/>
</reference>
<reference anchor="RFC5869">
  <front>
    <title>HMAC-based Extract-and-Expand Key Derivation Function (HKDF)</title>
    <author fullname="H. Krawczyk" initials="H." surname="Krawczyk"/>
    <author fullname="P. Eronen" initials="P." surname="Eronen"/>
    <date month="May" year="2010"/>
    <abstract>
      <t>This document specifies a simple Hashed Message Authentication Code (HMAC)-based key derivation function (HKDF), which can be used as a building block in various protocols and applications. The key derivation function (KDF) is intended to support a wide range of applications and requirements, and is conservative in its use of cryptographic hash functions. This document is not an Internet Standards Track specification; it is published for informational purposes.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="5869"/>
  <seriesInfo name="DOI" value="10.17487/RFC5869"/>
</reference>
<reference anchor="RFC7301">
  <front>
    <title>Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension</title>
    <author fullname="S. Friedl" initials="S." surname="Friedl"/>
    <author fullname="A. Popov" initials="A." surname="Popov"/>
    <author fullname="A. Langley" initials="A." surname="Langley"/>
    <author fullname="E. Stephan" initials="E." surname="Stephan"/>
    <date month="July" year="2014"/>
    <abstract>
      <t>This document describes a Transport Layer Security (TLS) extension for application-layer protocol negotiation within the TLS handshake. For instances in which multiple application protocols are supported on the same TCP or UDP port, this extension allows the application layer to negotiate which protocol will be used within the TLS connection.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="7301"/>
  <seriesInfo name="DOI" value="10.17487/RFC7301"/>
</reference>
<reference anchor="RFC3986">
  <front>
    <title>Uniform Resource Identifier (URI): Generic Syntax</title>
    <author fullname="T. Berners-Lee" initials="T." surname="Berners-Lee"/>
    <author fullname="R. Fielding" initials="R." surname="Fielding"/>
    <author fullname="L. Masinter" initials="L." surname="Masinter"/>
    <date month="January" year="2005"/>
    <abstract>
      <t>A Uniform Resource Identifier (URI) is a compact sequence of characters that identifies an abstract or physical resource. This specification defines the generic URI syntax and a process for resolving URI references that might be in relative form, along with guidelines and security considerations for the use of URIs on the Internet. The URI syntax defines a grammar that is a superset of all valid URIs, allowing an implementation to parse the common components of a URI reference without knowing the scheme-specific requirements of every possible identifier. This specification does not define a generative grammar for URIs; that task is performed by the individual specifications of each URI scheme. [STANDARDS-TRACK]</t>
    </abstract>
  </front>
  <seriesInfo name="STD" value="66"/>
  <seriesInfo name="RFC" value="3986"/>
  <seriesInfo name="DOI" value="10.17487/RFC3986"/>
</reference>
<reference anchor="RFC7595">
  <front>
    <title>Guidelines and Registration Procedures for URI Schemes</title>
    <author fullname="D. Thaler" initials="D." role="editor" surname="Thaler"/>
    <author fullname="T. Hansen" initials="T." surname="Hansen"/>
    <author fullname="T. Hardie" initials="T." surname="Hardie"/>
    <date month="June" year="2015"/>
    <abstract>
      <t>This document updates the guidelines and recommendations, as well as the IANA registration processes, for the definition of Uniform Resource Identifier (URI) schemes. It obsoletes RFC 4395.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="35"/>
  <seriesInfo name="RFC" value="7595"/>
  <seriesInfo name="DOI" value="10.17487/RFC7595"/>
</reference>
<reference anchor="RFC8032">
  <front>
    <title>Edwards-Curve Digital Signature Algorithm (EdDSA)</title>
    <author fullname="S. Josefsson" initials="S." surname="Josefsson"/>
    <author fullname="I. Liusvaara" initials="I." surname="Liusvaara"/>
    <date month="January" year="2017"/>
    <abstract>
      <t>This document describes elliptic curve signature scheme Edwards-curve Digital Signature Algorithm (EdDSA). The algorithm is instantiated with recommended parameters for the edwards25519 and edwards448 curves. An example implementation and test vectors are provided.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="8032"/>
  <seriesInfo name="DOI" value="10.17487/RFC8032"/>
</reference>
<reference anchor="RFC8439">
  <front>
    <title>ChaCha20 and Poly1305 for IETF Protocols</title>
    <author fullname="Y. Nir" initials="Y." surname="Nir"/>
    <author fullname="A. Langley" initials="A." surname="Langley"/>
    <date month="June" year="2018"/>
    <abstract>
      <t>This document defines the ChaCha20 stream cipher as well as the use of the Poly1305 authenticator, both as stand-alone algorithms and as a "combined mode", or Authenticated Encryption with Associated Data (AEAD) algorithm.</t>
      <t>RFC 7539, the predecessor of this document, was meant to serve as a stable reference and an implementation guide. It was a product of the Crypto Forum Research Group (CFRG). This document merges the errata filed against RFC 7539 and adds a little text to the Security Considerations section.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="8439"/>
  <seriesInfo name="DOI" value="10.17487/RFC8439"/>
</reference>
<reference anchor="RFC8446">
  <front>
    <title>The Transport Layer Security (TLS) Protocol Version 1.3</title>
    <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
    <date month="August" year="2018"/>
    <abstract>
      <t>This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
      <t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="8446"/>
  <seriesInfo name="DOI" value="10.17487/RFC8446"/>
</reference>
<reference anchor="RFC8949">
  <front>
    <title>Concise Binary Object Representation (CBOR)</title>
    <author fullname="C. Bormann" initials="C." surname="Bormann"/>
    <author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
    <date month="December" year="2020"/>
    <abstract>
      <t>The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. These design goals make it different from earlier binary serializations such as ASN.1 and MessagePack.</t>
      <t>This document obsoletes RFC 7049, providing editorial improvements, new details, and errata fixes while keeping full compatibility with the interchange format of RFC 7049. It does not create a new version of the format.</t>
    </abstract>
  </front>
  <seriesInfo name="STD" value="94"/>
  <seriesInfo name="RFC" value="8949"/>
  <seriesInfo name="DOI" value="10.17487/RFC8949"/>
</reference>
<reference anchor="RFC9000">
  <front>
    <title>QUIC: A UDP-Based Multiplexed and Secure Transport</title>
    <author fullname="J. Iyengar" initials="J." role="editor" surname="Iyengar"/>
    <author fullname="M. Thomson" initials="M." role="editor" surname="Thomson"/>
    <date month="May" year="2021"/>
    <abstract>
      <t>This document defines the core of the QUIC transport protocol. QUIC provides applications with flow-controlled streams for structured communication, low-latency connection establishment, and network path migration. QUIC includes security measures that ensure confidentiality, integrity, and availability in a range of deployment circumstances. Accompanying documents describe the integration of TLS for key negotiation, loss detection, and an exemplary congestion control algorithm.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="9000"/>
  <seriesInfo name="DOI" value="10.17487/RFC9000"/>
</reference>
<reference anchor="RFC9001">
  <front>
    <title>Using TLS to Secure QUIC</title>
    <author fullname="M. Thomson" initials="M." role="editor" surname="Thomson"/>
    <author fullname="S. Turner" initials="S." role="editor" surname="Turner"/>
    <date month="May" year="2021"/>
    <abstract>
      <t>This document describes how Transport Layer Security (TLS) is used to secure QUIC.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="9001"/>
  <seriesInfo name="DOI" value="10.17487/RFC9001"/>
</reference>

<reference anchor="FIPS203" >
  <front>
    <title>Module-Lattice-Based Key-Encapsulation Mechanism Standard</title>
    <author >
      <organization>National Institute of Standards and Technology (NIST)</organization>
    </author>
    <date year="2024"/>
  </front>
  <seriesInfo name="FIPS" value="203"/>
</reference>
<reference anchor="FIPS204" >
  <front>
    <title>Module-Lattice-Based Digital Signature Standard</title>
    <author >
      <organization>National Institute of Standards and Technology (NIST)</organization>
    </author>
    <date year="2024"/>
  </front>
  <seriesInfo name="FIPS" value="204"/>
</reference>
<reference anchor="SP800-56C" target="https://csrc.nist.gov/pubs/sp/800/56/c/r2/final">
  <front>
    <title>Recommendation for Key-Derivation Methods in Key-Establishment Schemes</title>
    <author >
      <organization>National Institute of Standards and Technology (NIST)</organization>
    </author>
    <date year="2020" month="August"/>
  </front>
  <seriesInfo name="NIST" value="Special Publication 800-56C Rev. 2"/>
</reference>


    </references>

    <references title='Informative References' anchor="sec-informative-references">



<reference anchor="RFC8126">
  <front>
    <title>Guidelines for Writing an IANA Considerations Section in RFCs</title>
    <author fullname="M. Cotton" initials="M." surname="Cotton"/>
    <author fullname="B. Leiba" initials="B." surname="Leiba"/>
    <author fullname="T. Narten" initials="T." surname="Narten"/>
    <date month="June" year="2017"/>
    <abstract>
      <t>Many protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA).</t>
      <t>To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry.</t>
      <t>This is the third edition of this document; it obsoletes RFC 5226.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="26"/>
  <seriesInfo name="RFC" value="8126"/>
  <seriesInfo name="DOI" value="10.17487/RFC8126"/>
</reference>
<reference anchor="RFC3552">
  <front>
    <title>Guidelines for Writing RFC Text on Security Considerations</title>
    <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
    <author fullname="B. Korver" initials="B." surname="Korver"/>
    <date month="July" year="2003"/>
    <abstract>
      <t>All RFCs are required to have a Security Considerations section. Historically, such sections have been relatively weak. This document provides guidelines to RFC authors on how to write a good Security Considerations section. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="72"/>
  <seriesInfo name="RFC" value="3552"/>
  <seriesInfo name="DOI" value="10.17487/RFC3552"/>
</reference>

<reference anchor="I-D.ietf-tls-ecdhe-mlkem">
   <front>
      <title>Post-quantum hybrid ECDHE-MLKEM Key Agreement for TLSv1.3</title>
      <author fullname="Kris Kwiatkowski" initials="K." surname="Kwiatkowski">
         <organization>PQShield</organization>
      </author>
      <author fullname="Panos Kampanakis" initials="P." surname="Kampanakis">
         <organization>AWS</organization>
      </author>
      <author fullname="Bas Westerbaan" initials="B." surname="Westerbaan">
         <organization>Cloudflare</organization>
      </author>
      <author fullname="Douglas Stebila" initials="D." surname="Stebila">
         <organization>University of Waterloo</organization>
      </author>
      <date day="26" month="May" year="2026"/>
      <abstract>
	 <t>   This draft defines three hybrid key agreement mechanisms for TLS 1.3
   - X25519MLKEM768, SecP256r1MLKEM768, and SecP384r1MLKEM1024 - that
   combine the post-quantum ML-KEM (Module-Lattice-Based Key
   Encapsulation Mechanism) with an ECDHE (Elliptic Curve Diffie-
   Hellman) exchange.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-ietf-tls-ecdhe-mlkem-05"/>
   
</reference>



    </references>

</references>


<?line 926?>

<section numbered="false" anchor="acknowledgments"><name>Acknowledgments</name>

<t>The author thanks the reviewers of earlier N-PAMP drafts for their feedback.</t>

</section>
<section numbered="false" anchor="changes-since-draft-bubblefish-npamp-00"><name>Changes Since draft-bubblefish-npamp-00</name>

<t>This revision makes the following changes relative to draft-bubblefish-npamp-00:</t>

<t><list style="symbols">
  <t>Hybrid KEM combiner order (wire-breaking). The hybrid shared-secret concatenation
for both X25519MLKEM768 and X25519MLKEM1024 is now ML-KEM_SS || X25519_SS (ML-KEM
first), replacing the X25519-first order of draft-00, so that the FIPS-approved key-establishment output leads the HKDF
input per NIST SP 800-56C Rev. 2 (<xref target="SP800-56C"/>) and matches the construction of
<xref target="I-D.ietf-tls-ecdhe-mlkem"/>. This changes the derived keys and is NOT interoperable
with draft-00.</t>
  <t>Handshake binding. Adds the normative 1.5-RTT mutually-authenticated handshake
(<xref target="handshake"/>): the four-frame flow, the per-TLV transcript, the single
HKDF-Extract key schedule with the "n-pamp " label prefix, CertVerify, Finished,
AUTH-frame sealing, and downgrade protection.</t>
  <t>Handshake code points. Assigns the Control-channel handshake frame types
0x0100-0x0103 and the handshake TLV tags 0x09-0x0D (IdentityKey, CertVerify,
Finished, AEADOffer, AEADSelect).</t>
  <t>ProfileOffer length. Corrects the ProfileOffer (TLV 0x01) length from a fixed 4 to a
variable list of one-octet profile identifiers, matching the other negotiation
offers and the reference implementations.</t>
  <t>IANA Considerations. Updated to reflect that the ALPN identifier "n-pamp/2" and the
"npamp" URI scheme are already registered, requesting a reference update to this
revision rather than a new assignment.</t>
</list></t>

</section>


  </back>

<!-- ##markdown-source:
H4sIAAAAAAAAA8196XbbSJbm/3iKGPlHSlkErc2yLHV2jyzLaZ30opbkrKnp
0ycPSEIS2iDAAkDZLNv9LP0s82Rzv3tvLABJ2ZlVPWdclTYJIva7b5EkiWnz
tsiO7Mbb5OLkzcWRfZu2+X1mL6qmTf51npbtfGpPbrOytW+ypklv8/LWXtRV
W42rYsOko1Gd3VMrbm0m1bhMp9TdpE5v2mQ0H42K7CZv7pJylk5nyfaOGadt
dlvViyOblzeVyWf1kW3redPubm8/2941zXw0zZsmr8rrxSzDW5NsltFfZWvS
OkuP7MnltZlQL0d2d3v3wJgP2eJjVU+OjLWJnWHef5V584MUc2/4Y1unZTOr
6pa/nby+eGtM06bl5Le0qErqb5E1ZpYf2X+j1Q1sQ2/W2U1DnxZTfPh3Y9J5
e1fVPBT9Z2l2zZG9GtqrdDpNa+qr4seyCVd36cey/1NV3x7Z57wxL2lj7HU2
viurorrNMxrpvBwP+bVH9jL76zyvs8mRTS2t7wNt/MC+eff2/Prd5dkLm03T
vLCbo6yoPm4N7fnVmR1XdZ3RArFZ42xg27vMnp9dv9QOx1V5U+Tj1tKJ5dnH
gaWV25P316/2D+1NXqZFMqur6samRWFvK9vS/+/yxqaTCfXaDO0Jb25aaHf6
3NIr7y6uz9+9PXlt5zR0bcdzmgcBzOXLU3s2yduqtrM6Hbf5OOMxqUU1zds2
m9i7rM5kwbyeIytwknGr/xngZ9jcGVNW9ZShE/tPne/u7DzTj4c7T/f145Od
nQP38fDAvfB0b3tHP+49O3QvPH3y7InrYXtv133c3/P97u+7dw+f7bunz7a3
t8NH7vfl+cXV7vbeEa/F4dSbajIvsuR12mLtyfO0oSX/ki2Ss3Kczpp5Qaup
SkKs8V1a5s3UXgEa03qywd0EYMOfREDnLbdJCwKVhsaZt5mlM3MNG95gD1ML
u/n2/Op6i7vwOLPPX5usJpADEroRsAa8sOfXs/8d63mR3+YEFfYqvy3Tdl5n
/5+sAr9fXRxubydPDk6767jMxtV0SkRF9v+GABSn8oL6undHQpOmeeSlnBfB
/aggOJwCrq/Gd9k0a/57l7edbB/KpNP6NmuP7F3bzpqjx4/HTT0eErS0w9vq
/vFsPmoeN7PHtM7HTw4ejx/Xu48ZmdfsDkYiyjTLxjlN72JOqxrLknWniO7c
D+2uMWjVxbfDnV2HDHtPnjC2nCcvhnnW3iRt0STZeHKXJdPiQzY9MiZJiPiO
mhaYb8w10aLfw1poT5ilbIFapHZES6oXAzOdF22eAF3KrBjYj0QgkyK7zwqi
MNoQp4lDoX6xNIJQHPa8dOscZe3HLCtByquymlbzhij9TfuRmIsyi6GyM1vN
spp6aKhNmaXtnU1nM7dfSZEuiNZxC+MGl5Olb/f5JMO8ae9vi4zI66dskjT5
3+hjTbzBytYSCSZifEtnWS8IQGR1syL7hEnLGhsh0+1dnWU2a8YpaAbtU5MR
lc3bBQa7yQsabNOB18C8ym/vpN1VdU8UljBzy47medFa2oBG3+vwSn57XKTE
eWkMM64Xs7a6rdPZ3WJocXh+f+cNr+xuMarziSXmm2QdajZ11MzQvtO5Ybb/
a/fJk51ndFy0h29eJ7+cvRn0zoj6wJDogN+iiVQEovQTeH0qq0mxb3RQtJVY
fobRbUPYCLLkT62el8RgaN32X9+fn1JPNicBYFbnxIYXQQjgHvm169MLGfT6
9ZXdGe6hCQ1FfHCUjj8MbEkCS8tzsfd5asBWTyJAeM2A4AH3rb6NpWxCyCAQ
hvSS3+T02kaZgMM93t0YEk4QbJPINGeqQgAzrvMRbS4GAGR7KFFYsGk9vsvb
bAwqO3Anb8owoGxTdHj52DbzHCBM9Ef2R94h1p3V9/R8XE2yZFblBMW0M7f0
BAiUfWqzEkIYTZAYcElLJ1JIBzqjowUMgYDc6A40Q8H2aT6Z0HzMIyJ7bU28
YoxfjTlZi2nU6ZhkOsaSRYSnmZwHCWU02Yr2o+aTMiSm3SYFEZGJBxCeY3uX
tnac1jU6wdgFzvmGJkjblNUNYRi2mCC/pY0jaE1HeUHYYyZZkd3q1skpEUoR
e8vwqt9QoQNC0VtqMc0YYUuP4ATqdEC83KE9+0TDAeo9qCmtCFSimY8B4h7g
Pn9WWePrVwxoGHD5IUSNr18V/FdTn6hfforNGdF2AY6mAwIwEpxaO1rw9yYr
cOpKomgBtOEEmBOlsB3yJIfQkGQGNHVQGKgUS6QKhUmEJD34IyG6vG2VIE1B
e0i2W5i1+N+SIFhhFSSB8gKTtkpkpXqoBG+K6yqEMtIQMt2mMxKFW4XZhwjw
XZaSqAoC3GTtOtprs5TOieEK55naCZ8sidBMKYFTnXlFtNpE+7FMqxle76pi
0sd1gC/oM+39Hb0ZUXwmO92dBUnLwVKbJSitRXmYCjs7IYleOIibgcmms6Ja
fBcdt5tEr7dsoOY8E8cqlLZDC6PNoDGYmAkNZ2kjcfyGNp/OX0TIQkRISz3b
TccRPn9WKfrr162BaSrZJh6NVBdBzxRoyxtfxiQAUsJMaRqRqhub5Uw16C8T
plrxgy7fA00jOlNCLSIVhIjJvBzV1YesDFAGMp0VRJshDRRgObTXE2ETgZ+Q
5gppp80EBCs6FiCewKJZRl6HWEJxMTFwOgY3ICQWRRTSweIxvVE1hLE1Izb0
5P8gioOtWEuWbZfD6K8rOIwAl3IZJ5F43LZLHGYZFoXLyK85sZJl9mKVvbhz
DbOOmM04hYDmeQ7AqJq3RF6LIp8A9hiwBCTqIJTQUT16ZH+u0qIRUZOYKQk9
pMbSk8D6sHkkmf5oTztzJ8mToQp950zUIe13dkhkoA5xdAdMUjB27jZzkqVH
suMV+xRwdgBccFsW4S71F2MvjTPElF9kN7RJGdjwJJvxJtTV/PbOIfB6YY6l
pCzWYAbGrhW/vkfS4i1UaIm5gT9bT3djFMXZCo9uSGKvaWI8RZZNMKGYkso5
R7YfavPXOcwaBMXpWCkebZrTBTBBGpKnRtJHVvOOCpe36biumsafyyDMk4Cv
nAh46hGAzmMBdyRDk8RhPRK8OfkLTcj17ESU1BbVR5qGe2uWEWZ/pJ2l59j7
WUVYv8BM6dgbgdO3RAI8rHZEQIDU23fXDKOX2ayglbKMAAJREQVlFv0xG3lG
aAOFms1rgoEsETmfWsghq+QlDHRgOwqU320Wg9cIVw76cghjfycR6/RlaUYA
g0Rnbs8vtNN2jrdxFNTnrxdve3h+jc0U1dmYl46oSyeM7W28q7SZJ2E5R+bI
nkRLHXTxk2T+RQ81qM8m0htt+7Fy5k7roacZBCF/AlnLE5FobHv+ghagiCMT
8cJVB42KtMw8NerwueVhdg6SUQ4i5BDy/MUgiCyQoFfLKophdDjVx7KHXTTL
lyB1mCPoHglsU2pBoiLzG2Z5aqQdsMSiAi/GEFHL7h0k1bgl0UoFLZpgNVPh
xNN7gu1flQDSMk/OTl4Aj6DgUA+zdFFU6YTmciG4hdm8KzM5YAgzkYjFNgBe
5Grh82EiG+nOVnTnoDcD5OxpVd5j28Gi0BODcM7fhd+APMII3diNN++vrjcG
8i+QGZ8vz0iivzx7gc9Xr05ev/YfjL5x9erd+9cvwqfQ8vTdmzdnb19IY3pq
O4/MBtGlDdnDDWeH3QCX6CCBiA0VeCvTMJKVWsZz49ROVvCen178n//a2SdJ
7H+ofZUUEvkCCyt9AWlTllUSqshXQpcFBJwsrdELDMgkScIqiNMlln8HGBNb
r/nx37Az/35k/2k0nu3s/7M+wII7D92edR7yni0/WWosm7ji0Yph/G52nvd2
ujvfk790vrt9jx7+078UIHLJzuG//LMBCHn7wDuCLNjf7edHjqwllT77Gouc
zuoVqJ89o/cWHg+7di1uIRJKQEmzHiXt5ufPbD8TeQYyt/0bcTfQ3CmEq5Vo
ahQtbUBUkKGySzSTIE8koDNJMOckzB82gexbhrWdWuwEou/Cev/169Ay/WkY
bCNe4hUzmrt+TmKjCCsOrLTRukmDog93kNLLjigBsWFCK5dhl0jfSenFxa6C
4WUoR3tpBpPmLv2QsTRBjGZnGL0UWcnU/vUnNX4RQqS1KIaEh8fG7A4DMWOt
tacxQk8Vo5ltvJk9LW4reulu6vAxc0cHWy82WKVyGmBv2Dmgxo4qIooQVhos
BZ2Khsu0nQjCrBUJiUBwIvpCoLbofpbigFq0x+C+O2dFySH+wpRh9ocksNai
pT4kVRLsVlM9tEiwG3SPC2M7DkatBUKqUZtCXxgKMY74gt8/rAA7H0xx8ixs
Z+8X02SFwHfYyc1ma7B2uTwTkL5RNYcSVLIDLTMRkIS9ZQEdSm09dcD0kjgK
g9aUjeFZfGAsPpO2YDbfnJxuwRVHYkOSl0kLgzub3VSgLfRIFp1dcIcFAGE1
lX0SjQFiOKtXXt6Tcj1h6MDO+PnQkIL7I9Jy5Te/pmNhM3kjW8a4PIdoP1F1
Jb2FTg3R9mNJTHlCRzEvP5T0LYHJgRGB99S4iSR+glh12rbp+AMhfEMM//Nn
hxgJk7iJ8vOG8D5o62yg7lvQ0AFAbtKx9A78KzvUhZqKrZqKTddUvGQl7hjt
Yosx6f+lgMg4baBuYG8i0TnY0mnfomOaN866ArNxRH95JHgwwYBVATYrjcog
jHlapiv355H9MzTal6K/fn4UU38WrJno2is9xcwY4Te6r2o4SwUEbkglrz6y
0ufeJwL4n//5n+ZPif7xH1Z8W372J/PFvhLO9MWe+bVb+nahPCf8+SJYeZ3e
0mdquHdgn/NjsCq7eZ/WW/iGDwOn3GYTebZD725xJ398qljn5yNxKP600dkg
vx0bX4Uc9fkuHXowRw7t/17Pc1nnTMdiKSEaYXgE9cfonlBvLDg3WVpAnXHm
mcBxVSODjCFHt7sjEzI6IRIGaUJ2kx82djvZ3R548wIauP1/LbI0wVwxUfKJ
FUs705EImEpI96eXp3u7p1uR0r2A6cPbqSTSAAqgNuD+G8NWN+2xgtXDiRTD
CFgFYmSjRcwJu0xAIVMbkEZFXLiat0BUgdxmaN+wLixnA6n4lkknwT0BDBFb
lohL0vqq+gMtCT7cmuWmUX5LAs6E8GyLiFmBIAj2LNAIMDp+zBuIEQARu22X
/+yseLa74tkemu/QT3t23z6xB/apPbTPfs8zgu+/83+EWvjzw9sfPOLx94ve
95Pe9zf++z9kDr/StqPvl0V62+gY4uxnIECkUIc4RMrwP2wOf98fmsOKp1dO
9nw7n44AWgf7JHG1zdaKd/8hc/hv2Yceedjc2127iP+2OQiREUNWRMf+n+7D
7/nTh4dL57v4E23nhE3dmzs7nn5BMevt57fn8B3r7DEyz6q6LJ8pqmNnQp3V
lP7Fvru5gQfti72Cc41QFD/Tvy8yEXVB4IlDE9fs/Ectt5M9em/fHdcX+ya9
JameWPvV6fm53XhLUyCBZvvT/pnd/vRkm/7a38FfL0gCRgf73BygZoVEfAla
9jT9D+KpYHlspGJ2lBM7K3OElEE9lIXuCzcl0XeeUd+76jnwUnDsm+uYSrrm
lU1+rzOo3V01TUfBMChxoeX5OEmXtz65weuQ3rinJ8kBNd0NOxaRP/elxRe1
HcZenU63eCl0+zQ57HYbUU+Zad8H/ID+LV0+S3Yw1cPQZ5/U0VmRXrfptTyv
4W2RcFDSKZYw37lGJTcagM/Wzka/LUPtPAWedwCpR5C+2Ofg3mPSy8R+GYlP
QYwNEov0S1LS7n63XyUy/sPmaUoTui2rIoehf1FWU0RVbX/aOXtxevByf4e9
prM5iwagTCqbRARqSJg/znKWzdgM5pQw0kTsKLtRL9cYRmgsm2QniYeIZSWd
8JNk7wlNzpMN+uzJyhfpfZQxKTm2dXfUOmNn4o1YXT6yNObdqdob9NuyKhN0
gBED2XgZkQmlD6AWcDtP18hYNghRgoG/uqZq74nQj9HKKFqJU83h6/ZuFPXa
iCSp6tOaoJsgOgoqfn4UY5qQuC5ixodG0OCmd1PNacbUilGbaeHzHITwLTqn
/c5Stqn0iB8IH4jaNgHHF/v+8mf8XXOYA+mdFVt91CQCf5aAODfYRYOzt6cR
gDvh32s4Cgn8/j7eP31HZLzTABDJMRP68h6/fIiXX16e/OwJibMn3jKBYzti
gVBEOIpu2a+ohopVsMC7uSFa5VlHpzGmo/CAdiWCp8mvfKib9NZW7BPuKUFW
laAzmPnoXegJTmBPm74Omqz6JMqmkxq/ODoBLsJTEOZJ+37gyHb4pO8+76iP
a0fpstfOTsik6YyZsWIuUN20e2CIeHZIwwBDYqaj6LNSLTl2TdUWM+qQPN3a
bWDIwZMne0/YiOSIgOhlmM+8VPuRs9LwTJkeyByd+s/MFNMj4Dnc3t4mSlfA
/M/UhOZb1WqRovZLQ5lvDGW/MRQEDh6orTMaIm9NGhsX85KBpc2BwEGjlrA3
pnOtc+YL7cHAzDdd6INBJIjYFEWZpU3txFZgl29pPTAsE1dti/vEtf36VYiM
Q7kzPWYhLY7vOCqi4MwcOXFD2FE10bBLfGIMIModqaWpUd8AInyJY/zNeQdL
1pnhH4UDYGxPn7+7VEvVs/1niCRDeGxj6/Sj0nUeJ1g7HVRihSwJFWoz68oT
ibi3vTNJdkWYq4nEEuFPvCGeF4WfA/kVicQYxmonZbgwLuelvPESTmN1OkS6
6E+y/ekl/VETPi8oMPa4FfDK8zUNC2B3lXMsAEjuUgmeE+vGVOi4QaAKm8PG
zoHraIgn+Q/IvCD7PFVYoNwMtiIOfWydFwxHPW9cfFGYvZBr7mUHJP38LYj1
a0BhJtENo/idXbzzjt9BKMECqI820SuQv09fv7s6g9DdDZkuCA2Pey7ZqOW+
a/nbyekv8Qj8MHoRAsnZ5SUBIf1b1wR8dQaT6gN9Q3D85ewvv72/eHFyjamd
w9UKkQjugvmMpSOJNiAYXSVBRp097XSmsz0Zg+AQYN/GfUatIA9fnFy/+u0U
3sWztz+fMQ8lHjXNb2u1x98R4BDJjds9c+0uz65o769WNBNZpYlbnYDnvn73
57DiUx9OqtHtNwTLiQttHdfIj4lmHTiMx7EY6DdjCN8Cu1EBPxCc+PUREbKS
BWwSUghgFfmzCDN/aKSFQaKTIt1Lj8fsqrASF4F+QHE4IBWr3dtWKyBLk23A
RriHB4bjx0p4LAgU5yRwMCJq6FhGagDH3kyE7HraLhFmDQfKRhhu/lAoM8ju
qdtqp+8I8sJFAKLYN4GPH9pPhOLgddWpgz+IlCj/hTSnP0JQdpignL4+P3t7
/durs9ev37EKXjdtNM5NQRyU2Oe4yAnDt46FVbe0MR4Id5ikXJ1d/np26fu5
ygjiJis64t2t13S0GzpCchn3g9f7/izpbC0d2FHqxCvTjk55Ad/fUcALPU8f
+BStKZyUyqtCERmcSYfRrzdeJu7QySL/kEVKmcoUkbgjOh0x6Ru2iRt2W7RQ
GkS3uyNdtxbXK9NcagyBqDsKQTG9fEuf4smga4NgybqacTgq8j0kyGGkop9j
It6fnCGMRUJadCdOIvWduPFKrd671kKQdNONHfP8c3V4UmRREMHduINwctAD
gUrCkvtefPOQF1/CUCOXf+wyNjBexFFCibjJ2XhxIm5dCdBOJYI3ndAS25xZ
cpBN5rVaDSIPr2fhev5OoYaTg2NepfFx9Jzl3zCC3xinruvpigh1CpBxe3np
MofCqXkZVE11fQIlApAjgxKP/7Cgy0SJ7UBKki40WI8UXCKjGpoFUuWPYoW1
ry8BOfIaczqXuTGIkBNUushEtA1ZG5YkiDHMOi5qCxae3MMCiaUdQelNRprm
QgxOmgmSsL8GjJT+eUx/Tx4LN32MhJA2U12hJdC8R3fxSOI1QmBZOu1KW6dh
hp0vedPMU87IjdNN6uy+Guvnoqo+zGfftSJQxXPns48+Es+rirlG8MYJLBwW
D8z4nt4h1/0MjC5TaXKh8asEhVXD8Vz3FQd6/3Ve1QifJ6IFyvGFA+fWdww5
8BzhSnj1pKymabFQUVCEbgkYAM7cklCef99mQFR8mTk3N3YdEn2Scw4FiMGi
HN/VVan6EQ/ku9cJrz7Pp8y32raQAMEvkqgYMlGa8JvACuH7TAyd35z1IcM9
QXaum3wSzkt7u0UWBqA2+8QBCN/a3mc83bIRQH8+Lz5EiUroEvKjty9VI3Bw
zZ36xkZAOL32XX2x76IsEzxD6C9T6Cwt2js9UrZ7fcdOPGfFY8JmM/43EdRG
ZFveSvw7O7Q5EoNoVzlekOZ5S5Jgy2zjS4jUXD/KKc9FliWr1Dyfm3lRJJM5
vllZN/tdWmR/IOCNZlQRwBNPo3+YzvFEbkj2+R6aAKr5vM6hZXyx3ZRvYnKQ
S2vMs5/EpfJ27IL5PrgSzWFKIjJDlUwKkvRCxoD93v3M4fPpggFYcrK+c5CX
rJDR1FOl9gEz7uZTcDOCrYTtAjfgxCxxfFfXO9vMRhqOVFi4jgekVYIpYMKA
WmQNTfxLHEcVKK3no4q03x4TDOLPVf0BCpbfMzmRikSgjDN6HF62afMhouHf
NQAYwy9e24Sm7LgKCSwMwxzRQ3D1IeO0TJpBSCPOHB3+FrDtgC9cwejF/Ori
bsG5H8nHqi4mEp7AOnNdjarW4ex5dW03YV5LbmqRnxZba+lBLEzXy9lCzj0Y
SwUEzvNpyYYy0ZiQK9G0PqUibTXeL4hV03RBUo+hdY8KGEXCL5C979O84Kj6
VMMTfU+IT2vVQCOpGz4/dlO0wBSiBCIoN7C+jbX98uq7udNiimMCZaJmOkkI
TsS90jmnVyN/oA1tj1Uz8Kl/sOVJQ5u3w46yyUciPNLLa0Ggd3GSvFC/RKXo
tBmlHRHZN77lpsg9A8cXBoGMbznplUQu0qs1pgbuGiU6HXExopJHYgVgEdlJ
jkvhtSRtsGxpnBD8Ddm8K8jHkjon6oRIVYO90+SDVtJv3Wk0OVSTtMyqeVOo
6TRIpAqHkhHFCXBZrIOEmCCWdiNJdpUTxyyhun0egmnd4ldoAD4pSlBKNN0u
knV7jnLtnFJAG1DRvnlFDCfoyq1EmYjcneckMJ/qCDfE4rA/HXR2Gk0YmUDK
4bMyzq4h5HQrFDnoZ/FMVzNY4xlslJ4SzX7U2dNmPkrcKmL8tcybB6bLmrFN
nITs2LPbga2BAOxSNhmTe1U4Qk4OKTqi8RVQE9TItKRbaTb2OiuV+b1WqvUJ
9+YBK9UjT2XjggOcU9DJx6anQX93BnXJn1nKS/aVHoRUcXAua+ZxFAQwe5Lf
YJedS+CPZCVL0oiKHurNc9Q8Z5ricp+9XwGqzH2OMgKYE4x48cDG5foMgcRB
MT2FMZJ443zK9R+WzWgRa4XdCViYNhmnb6zKrXS7JvirvJI90SxlgqLWHGre
C5Fv3G93aXN3HAKiaVdu5g0qC1R+KtJ3LNrSAHvKmsFBXU51Ilvg85xW9csl
okJnXeS/6sMA8D7w72DHBd7zOuBZZn9LF4hXWg/UmhqdawXACSGiY7XosXBX
dKJHxci40s4ycGWkXGqIAuKqUPuhfZ6NUxJKFYLcTAyQ1wFWP+thKf5domcH
nOjCEemc5cn7ns8apMVox5zEgOa8ULXccb6qJIrqMtmF2Au41zh7syrOvr+R
1LQm7bENcVgXnJfKNoEIoBU8I0haGYpFQhsx0CmD7RfNVnnzmr49PTjsPtjZ
5qCYpSfUyQlYKLJaXEoFpP6ziaS++E8D5MC8uDpJDqFiR5+ph19evGTswIxf
nSS7Tw70097hfvzJSPCQmEHZojrhWJbgnuW4NPxd6l/g60uY4d66xHeabrRx
7lEPeYRnuxoWsUPqi/0LLxh/b7awSNNhcypIs9V9TOjrn0eYeLF0to4FKyaw
RVDAh6BpCeAElX4IKNZkmrbuMMsDqbMtlpUCJYuPAel+aCQ55ZYTJqYKHOl4
nM0kqRWyjusNNtOwPzpXzY1e09RPHkWxXFOjxj7Jm/KY7NMMY3rBS2yiYTvy
OrDbrRlyrWABoWJ4w2d9/46sbvhxYCpMeErUXVA8k6CRen7XrE8DHxCNM7In
YvqPSUPIWjoO8eSIBqsVJDnJ2sOyS6807GIT036HH19J/Z/Pj1bavEXsX8vB
2Q89WkT1E+xs7nLgHBPStPZfCBnWFLZrQKFOPTeJrMlO1ljl3drZycaryFE3
Wdf6lycrSVUvobeDc6B3EZMDwrEsj3Uq76dXGrtUyers9MWruJxVXLvEFTRJ
aLbsz9SvmM+A/b9gAPdZsVDFEhnlnYxAzXsk4Zggskw1U3dzVfKg/eLW3H2+
JTx1jqwj8QLl5WzeapkEkrtaDhyB0PGKyG5y9okLtWkS5uHBMyRhsj6/alCU
G0BxAojd8DU2FXs4sQVJOmPDhZaU6RTOq+Yt5lAQEgkYY2id2Obnz75aH6dx
0hTHdy4wswcDnbxRIiKfP68rRIdoHKaBAHeuy8nCfeM2jedP+DgXpi/LTHSZ
4QS8BYjEEM5prTmd8AqvP6YPp/mMMBWeUNRg4kST2u1dwmPIbgYwdNYJ7zIS
etBbqWBWNzbjzOfWrsMqYOIXlJlg0xGSpL7hk4HQe3J2BY6b/HwKGWAP4iwb
rxDI2/Fy3KX0/93t5KIqFjt7bNnvvR0QjJlzD8PigfLGh7q46jSiD0lD3tVG
1CifHHxslqewsh/XDPU8Ac5nrlhDt9YHznTZ6BNZbJjvEiZBtWZrRJRbS2xU
pMtZRyAxfYGEx4F6HLQrpvZNqCtxl03XzZGxy0snHTbuJpYyXjWt5AGrWPux
EgDytTnXEuL3nHK6niAHaDlk30iQ65wHquOhExO6ZaHQgc8zBpVY+gtNU3YC
OL/eQyQ7lBntgZWb0cOgsL23C1AIs9BwyW5dqmTEpU0nWtp0Rc61Z35c1Yq7
15KpSjjNEiRJYmoYGWAeas7BbMSbEMTnwFajyqR48RXJyBxRiN2FDDoJv/Mg
TFeXSLkXr/PGy9eq7DjYMrFB1cnb+s4DOCL9KyOZ0TvJ65Qk525+v9rYVuXP
DkJdJwIfrg1UoAOXmqgB3HbDbPoXiV/lXCOGrYpbbI/hgjkE/DoEybEbxA92
9uzGQA1WaDCpYLskEREaukwNQrTPCeZvSCBWyxK+ZmldIJRcBSENRueqyBCV
K0Rc3pocEixYnco/QFCnevo16KKO+RfFVDdNt2CSYBFqr12TMqAFqOZy4IlP
mi/SiWY79oA9fsuFpAKUrlxLLI1ZBEqYqNE1Fj8kaZ+LLNlNb5sbCJIOIhro
61Nu2XbONnYWBwhqSL+AbBOq5lUlWKSzLKVYipp+2s4M7EKTjKQqDIrLDdwX
y5VXfMwrHcWYdDFXtkqC9V0YEH4HfpC4vQScauzyZLtkdinkQAY6/9Vmn8bF
HF7p5N2lyx0HuSiym5YTIehMJxMWjHqZKoLZEiPLpjOXnNDBCaZUBItrCkF2
09h3BJGRNO7C7sQEia4A2LCPcbVzDmxNokOTB3pcUiMUD5xVV9ZeZzSdgRcc
2QqhMdWGz2W8OLK6o6L1DnrnFqpAldlHJecxLKU3RNaYiBixxuQwfeK1H5oO
8GFrQVk1cpgaEA5q5tDPbHDW0qKEDzX/yjGw4hNiq2w+Y8NKXgYzJ6MjifKq
NKfLpZ+M1qWQLvUs1cJNQDa05x0Eb0LAD3A55fSYnlGymsPdykWJy4VmuDw4
TVbhXnn99/OjECOoZZT7cYScqbEzfJJcXl+jwlc7x1qSXoW3T1qljiiOpK6w
Y8JUolivCXgcBMDeRu2Lm5YNX/DZRRVEkDPdHe2bNeR69VS4ZCLDn+cPJsaF
GGkau7mEzAN7Cscvi1vZrxxuN/AWvC3GWxM51CWVauII0rF4CVhmu+XFxgyB
qzRUYs5nq7BYG01NAtw9SnWiYIUSGzYXDblMVQfPtRpiulSI8ziYcoyTCNOo
YEddfXSpe6ss+0Il1sazcRXNV15meJ3pDNV0m06C+Wi5aIrg3hutRvKSmkF4
fCkxoC5LyEesSuEF2hrORtmSiAdX0nW9+gHNoxe+6sNaVRZ9B2PPAOqWfiIR
UD+BTIefWRujdj4qVZOhlgJbfcCrjnDFGy996Ecaw33EINEbkar3wFAaseoj
Yp2o+ws4GWC1D6T2S1zHQTOz+gGwPi7293cXJOhAWyRy1tkZ60wg3apgFJnA
mVYcL5vFmfIgeybnaiOCRpiriZO0QuxsqD2+OtN4qSRVVPTJaPSgFiV2VElm
xfujrlZkByG3D6lyTIfqLN4LhH+CWAnb54dEDjT4U82XNRaiprazQKU0jkKc
/EwKc44SNRzgm3N8rj8umdiUVDI27Tm7iWeFbWTQTLohzYbtw2m90HqH3jsh
DGBlRSHe3npesiDAyV+jOTDjuFvUycn/ryRulwgSZ4o1KNVf1chtJopxkxKr
e19ycPMqyeRKqd3+cH+4MwiFtu4kd7SIQ2I1SbAZeBsiD8SJARC+AD1Et0p4
Ub0ipK/wRoPU7iqwhKTRKG6bg6k8nB2JK5Zr+WIr9vZ7WbfOjOMjsQEfbIDR
HRiiQk7Uo2SPuylE4+Zh1waabyTWUleBjPk8N/ihEQKZcxlU5DaTYAjKuYms
TpdVqF84WQ+5C1NO6GKCSpNCNEHvJDWjCeLghL1AV4vpiONqT9xxujouUPFl
dsum1utXv33Ipn1KzKpeTDh5BV8C+DkzGatqbDFAT805iM9wOHTIFNEq+kEf
BpplXUJFHro4/bXbRfT2JovkE8Zz/i1w+S/9R6BR3Z7H/cm5Vwcx6g6cn6E7
dX344NTHfurLb4ep62/x1HuPwtSPHQ1xlENZNo+5iqovwQibtdVMFUttDCIM
3EFZmWSSY+iMnEBPJhCMBXkd9d4YzuOmHxPffoWe+flRRxUN9TJjUdDHxqwz
RtsYv5p8BJq9rNNFhhCUDGN1XL1bD9Gxp8OdHxrDghkiw2854CYvj20vbIJ4
48XVL3D9bEPW9mUgUCSP5rM1XDEjLI7x3k0gGjRYPXSg2OhhgsHg+4wezoag
KdBLU9m8YnQdWCcxi/A7UOKzZX/iO2Kidr7Fqw+TG22lLxv/yP5k53nZ7hxs
un6IhFWzlBj0ZlgCaBze3jIPFSzxDXVuW7wShhg4IdR/sD5/w6nvB/tKrblO
wO/0nAzsDdv+oDyD0a9xneg2e2r4m3b7UweGN5u04GcqfkuFTanq8tBW8J/z
X95Yaiuz/+3qKkyZvmyZ8W93zdKo0Xn3p/btATfG9q7ZGChDGLhZb5nmHz9U
s2YopXb85x80lHQpgxGBjgbz4OVIDh8X5KPl87KbAK2YJmnUp7rxOqKeiUQ9
FxS6Vt6zTt5T26NMcxisAMmMKHlmOoUvUY0mc+bJGBTYfhO+H3eqdnNHzmpj
ljuSRQyiWoT6buQTi11vZh0u9uJuELuPYva5aGu+8CQuG1phXVxpWHRWQemE
y+6wYTC/33K53N10rLR7aYrlxUtUKZFyacymry2aYC5WVCEFrmI8N1hywrHp
6RHysTxz17TRwOzBOGFEOdmKcv2DI6GSWggxtx6E0oHqsF1pFoyF7z3hIC5q
V4gmByWVt64UhtZ2/U2I2E+Y1O62/UQ0kim1a/RFXHz4N0zpNwgQxr3i8j6p
E1fyUO55FDuRl9Q6ZpiN0FzzT1c2j6SlXnOPor3lSWwyl/zz9TTd7SmCqwt3
WYawgSaqzGpESWAwgtW3Z9Zzcbd5/yYBjt4Ri3MjLvZJxZdAqHHNM2pOkSiz
NnmBJfKVi1yEQkyKGpcjdT162w0oFDHa+A0niUOFV7eJR8txa6FeI3eMKB4U
TYhNBUazTl1BhQCvoRCGlNZRRuq0Hu91k7vv7Kbztv1kxCW41RHQ3CRSualK
inoUvj4JLlOZ5lGsH8YV6YGUcKdN153SRDHyNDIJUr4n+YQDdr31is9EDL13
2fiDGOqqQtVCoRwaeRwBE5G9D1p4ua9vzMt5I6kBDefoYvdNtG9CCJzYLpDq
hXhHBJ5HRKC0r2A6gVvlW+i9PwCpp159SCTu16Rz7VgAIvu7ovyNjv8bxOxV
PBQBrmw62nCvorj8RsQYJWX5Ny4dii5oyptxt4M+2Cov1Z45ODPiSag7HH3F
4j3RF0MJb4q3TmjsycnpDxOzBj9I0erjBx59B36YDn7E1jNR0Lj6iWKIO0ot
Exftigdno5s2tNyNYzYuyM7RpKTNpxF4cpQnzFvTvOFQF4Uk6J+JFuIV0xRp
UCvsVcbElkZ0G5sKQfjU9OdJUmThZduHXNaK/ehmYATg4judkJTyK2TurkeR
dtgZ2XK2uQ18YjJtifMesA0h+yte2dYsGnjwunVoO2UGnQfUkWDnlmOKvd4j
t+yASzVuZJ148q40SKXAoacs6Ithno0cSfJtC+tA1D+ub4F5UxuXkS8pt62e
aIg7vQheycitk/hgvq/r6peLJBNiD1wMcbdAvgvHdzZp87A5x9lGveXPlSxf
LgJfqdtzqSZ4RCg5/nGIEPh8NpOwxk6MalpK2ObABUXzO6YXFc1mhlq51B+p
SD7slAFn9Txajmrq7I8LMZSRt7hO2ztnMkghfyVNuygyrWHxKiMeN1R3JI44
J3hnh10o7XUh4TufHy3lffg0jAdux/qOiiVm+Zav3nVYy/UpS70PLVgyapeN
gSrwizDmsc01jc3Psg0VWMR75Co5L13cZUIQgl7dZddd3bV0uZYHbxa/TLhY
SHBsPJ7PmAs2fjKcnTLnIH6+kS0UBQrXngiMm++r/LJUpCph59al5PX0SirE
l0+FGlbd2jfrs3y+Z0Zs0eXBbVTJEf1009G4rM4Tm8iHA+tKHvjpkfA5jpLL
72FJDnXRXIax9nSwrT0dsP8pxDj7S6MQ27W+/aFrfxhVegg7hUT0tW2fubbP
0FYywl3LEKnBhfD4FoC1HZ24jk44L9Yn6z+WbPMRGG4SsszXr+a56+h5tzSC
n5bWQVjbwanr4BQdSHpnWBMpF6kmE6/oYV1dJ4E0xYLNdeCzpfVsfFtIo9fp
rUKyK3rXaPL1QPOIBy7LZ3tn/wEIFkapUGwewqtoJOVQPHMr1fxc6Tbx2ITS
TWnzrXp+imSQJXtuwx4qu2pX5y8Em7r5fr05YdluTvHqh66bJrxE//BLprNF
N3MNTwRvnUzkmqjV+VHH3Bfu+v50pgOaNdvtU3K/g3Cg25d+b8/YTv/z5dnJ
1ZnThJmm9mrAStXGYz1+3oAQnCyXO0mwiMFmqwrrCl5FZRa5QpbWbvgmhca1
HVVE+wdR2hxLCt0L5sCq/AbJkcUVbfLS9Ht/ZM9P3p6ADkX3YRB3XnVLhth5
UDzW15E+91VkjeGOUBRIUkE5yabt8ATVnQWiNqDerb8o2qy4KDoM+6LZCFeD
9y4eiq4DkVBTfVG6+kgTnEKqEfkeiZQau+gKU/dvyDuWLcobFgkypL4akgQ1
sQmaULCUuCA2zdrVLl0Gmkz+i981VYV87WfOq9Kelt2Q7n7qVbW0OfjhAIXA
d1/QX09RDfwA1cAP/Nfdl/TX3q7dDOV+4Vjb7Ky1m3PFZ93ZvU3XdstlX+Xd
tXg9Q5WYQ9Vh3l+/TA6dOSEqOCwZHuq2MRxRbDd2Nyx1g7tJI+fPimVveuOV
1jruSvokeRuJKNMw0u7dxv1gCplLZ7mal+Si9rAfxoMdrfDsE5IK6dTkxjK2
U+zsHjCJRWcOtFYUW97ZEFMPKUMcE7YcPBduZAu3JcfNMSvEEXZuo7Qvhbwu
7xby3Qu+n974iNNeJehuMvnAD7a3sSU84/3luVUT12W0T7LYjRIvb/BLaoIC
NRjpna9i4eMbJCMC4YjB+zLnKFDiShwSaAJlsZvU45aOG+H9oFedvMWlzc7G
xXp7GDTpHisqhk+wTZtSDPAUUY/y8UpLj3LaDAjJk2dPEIHN5ML8MXJh15ML
s4JcrABEv7ZQieHHH/UkEN5w9OOPlrefnxMEzRs8ugg7gB8iats8DhV1mNuJ
KwIcmHtF6+u7SGeK+CpeM6G2v+DnFpfmi2GglCvqfKken1SYyoWW7sJLsHQJ
AyUh5i4U0+Way9IE9yL+GMFVsyAs+eTm6AbVH30WIAemEvPlhtxCPDJ0qnvP
DglLxR5IenJ5Y7iPBK/+pB0ePX68wfUMpYYIJpekIzoI+vJvduNfNrhEzcL+
u5j2PnKI2IZvAJNh3MbdQsmNNsS00BFXookJ34r6iu7h9ujaoY5+czfvqqbV
0gJaVwChylte8fc3b6ug4C9AdEVapP4s+maYL7gURaiegdj7YIFJm+69DxyH
2bu18Ssfnyv0bLtSBQ4xghoRirSkv+vfSy/RFh1zNLHchUHCH7yTmgslDrWW
U1rlhPzmSSzuDCWeyjZxBaOFN2m5Z0x16Ybk5Sm/RR7RKFtUTGsqSVXon6BC
pHHG7bIK+BQEN2qo5tRjuSAvu0vvEfmdh7X7HFOen69KsDyvq4fvgVtC0hwh
zsUieBxBcYe+7iBOvsKPro2Hs7y8rz50YLDnWcSaun7cQf+i+oG6iJYNTc2x
mWSOTko4cmfaoRj0YpaKY3OpXkdsKBwtTLR/0LoJXni/7tKPJIGlqH7RpmU1
sM/nuNngJYmT9job3/FFyjncouflWFqLL0vLoxRZ/Qf78bKe0LGeXP7IcVgA
zptOGUp+9ypWaTqR7/3SU/FtJKFKy9YgiERJt7r7Zv8elFBpZ6kUPDrvlnff
6hfRjKvFe+K+VAoj8ofHFiq+udsJ9+qkEFt3VK7maj7S+5a1ss2AnV+B0DEf
FskcNS2VbZPwxEpLApLJ1cX8hqvE13QMVscaO+nfkiLNEB9hMpK1mZUWNlEA
J3J+6/RSuTtzoRqycU7R5Tu7B7wsepMljY6gIGXn1FrHFg020YVaqJ3D6hvt
+HjT224d1NWlS9hUQhJmjbpsG07p3DDSssMRliv8cA0aTrx1CZb+LprvuBjp
UxyczvHt9PU+reP8zJWFVAaS/ckKySyqsxCCZti0Gwqk7/aD4K2E5LtiFGuK
sqztD9Y2F6jv58wp9Cvn69vty2t+Drvyfc34vhkSSl02gB/uajlb0w/vWx7I
i50BVzT0E/ANn+pMNddATwUYPLY+xsy/fShvd3IG/KbgroWoWsLYv+Sbx/m1
EoOqS3SOYJ8/OpMZwGMXHY7EoUv6SFxq3A+A6p6RD2d5C1fEqfyuAVDhM8pJ
kO7VYaqac8et83v6PtUkh+7xx8nZq6sNrYXeF9q8AxWhv9+LDTtLlz3IDDum
/HQdtfS98CSkYi5x5pq9AZxwf7FsEWdJMVxJwFUh//4Z7Pd74eG/r5P1uwPk
xeUIp+4iBb+uNRctiC/Ytz/QVy/1RgX6erC/3Lx/4cLOU6mQ8J711Teg79iS
Q3maqBoruYtM/T252TkUyqgi3BspLLbTeZhM8VQApfItY0N3byuTBBjyXZbu
TbkWx12H02TtVreY15Lwwh4A66XpJSPoOjEabJO9+t3MbYb5WV7L9fOiDDx5
wgn17tr6kkhY3nblVdgpYEbiOu+iC6xSvEhyfCgN1kRpsJrtO9EyIt3ZaxIe
CwivtIgLStPEpUjc1cad1Pw0qvki6nlUgoUV/ZVxxFIxqDSrgolX1YWRmiNb
7gaAbv6+8+Z21AiuiV+a3nX0s3CRTWOLCjpEs64MRKwhiqelMfNyVMOVd8xV
zVA5t0GBvOkc13WT6B45/rV0JhIEnKAc18QzQXknZarOxsI1omhVDyASaEV6
IvWYTzHDeYlbJnJV5avabGivSOKubjY8GLFn2ped7NTk03PzCpK7dRxGMrcy
lmcnE7n6DBQccBgmHooeCeS8CBeWv9cLy0EervyF5aH0+lV0Yfn6G+jp5Aer
KkkMHrxg3l2L7qTx7uXyq1PB0v7l8nHwhGEuu9KKMViXZArTFy6WdzcQhuUZ
760ZSC28VZEfGD6EfoTr3eXNLAtlMMwfC/mQ6hNL5SlcMYvGu+HUOHvDaljl
rhfgsr9hzhLjINkuoQya0VpmD1fkCVUVUCUuvc2E2CBNXW/+8vafcFc2n39U
4GZor+NAb37fpflLQYbvCJl2aXkuppiX7goExAn/RmOdfY9NDJGNlgtQ7+PQ
+rS5+xXBbrA8wcqNdQl1A7hEV5V7u5d0y04QsfMQ26vzRpRB0wuPV6fl6og6
mG/uK8J++saZMUhE9fNVQ8OsSBd6udjKK0c5/DuqaGwbDVqpuSnR+HJCQMF0
zXmAjESaNXr1UQNPJw8O4HQNkGKJROsFk8V6EkwEeet3TUJcoWT8mW2skl3E
UYZ5o0XjWo44822si6Cl5dOYRMVwr4WJqs+lUkJcwcxRRF3PiA1isM8l+mTq
arWJp3ainj7jTPcMZWIgWK5sM8k5RrbRmePo6qzQ9FUVbuyVlJDgiYEhiwBG
p+JLHvHaFISiKhO+kLEjTtE9eaijCLd0VpAmBb9ljoRNnwkMlViMDujGb0dU
b6ZXk9EXxOkTEQQMditfLBWw6NfCiG9c5TJBri4KX8FZTfNQ/6Wzy8Gwg9sf
mlD3ljFYl+CSQYb2surcvtdLOXZRXnyVHIpvxDVF+UoZfwHLGyczG/NnlC50
3kaGelcPJyqd2LmuVig57QI8dt7PYVPjxffESeKhFsVm75K1x93b07yMFNVK
JDFImLiVPnA/gKNr4DIJjx3EfxqSzq+8XUW3T3HjkjHRpUpNyBaPcMfF7I40
AjgP9G2UYVZ8ixPAyp2wBDvKXHzB2DHRHTrUFpEUsAkzCkYynZaejK96GvZu
UPXBhXS6yYoAQ/GrqVi4HF24xlolBbkhlcUWkzqKwesHFMLMvugYpCMBPwoL
lLA9cWBir6PIPTE1MkTk6oVwyLDOfMhbK1Y7vDiVcrn9GBOQUNm3rsO5p/4w
kNeOWof61h5huhdp+nsxux7kzkumf9umVAl1+d56gavvCsJeP/NESGBdTeZj
ucM15Na69MdQN0w6pWeoKKrWZTiNVs+8MeM0rjrcFxkjIwJfWu34iKZCIWeY
tjUhhXVE8AzFMtyjyOE+pIkKS8wmP23cpEWTuRgK8fNxVO0HjSfliAI4tDh7
v1Nci7OCvImaGPNNlk0wpr+4DDB0lUOEkQyiEbsibkhUTMTNub29bjLsttZk
HFFGuiE8Y+2e+JdYvYm8rB3kiPbD65hcSxR1QrnuM2Jv+Fb4ZET8/wOnB7Oc
6nSV9ZUmjeW1sw7QK3yJc+qXOOWiHR/XZIk6pRN9sto5EBFg3K2sKTUqddp0
IlFel8b6sjT+R+p70siSegaD9NtzAu+rC6uFPhFYMsR11d3in7xMTorIgoIf
Jx3ahyt+igPJnSQn/mgqpgjUUjwc3rUowavIqFsmwW7xQxyuV7A0dJwonzM7
BM+IFl9aV3vJs1waoX/po4Lf3JnyECCrwoVWx4gzBNmswpnyxnZz5TsZ9V66
CQnYcWr5moQG6pKzT2Qimmiy3oXZ3Z7IjURbFN2S+V1XL9LQUvYn0RI3zswQ
3vauG9jFE7bWbq5L0qDuQppGVCQoGHe3MPuOh6XQ/LNT3Cc/Vh2z8wZuJrdy
c7sm/2gdMQkv2GdVhIbm+t2w4KHSLLCJ1Da1dfsC7iEkaWA7lW7luphI/aYO
tdy125O1eYtY04pox6GK2hOxztwUcgW2InUvRCqKXfNxRnZV6BPHd3jdxsU7
DZwzUrT7MFW1q7JWkeO8PRXupFy4gC8NIR2a/wt3+I2zpKwAAA==

-->

</rfc>

