draft-ietf-lamps-samples-06.txt   draft-ietf-lamps-samples-07.txt 
lamps D.K. Gillmor, Ed. lamps D.K. Gillmor, Ed.
Internet-Draft ACLU Internet-Draft ACLU
Intended status: Informational 13 December 2021 Intended status: Informational 14 December 2021
Expires: 16 June 2022 Expires: 17 June 2022
S/MIME Example Keys and Certificates S/MIME Example Keys and Certificates
draft-ietf-lamps-samples-06 draft-ietf-lamps-samples-07
Abstract Abstract
The S/MIME development community benefits from sharing samples of The S/MIME development community benefits from sharing samples of
signed or encrypted data. This document facilitates such signed or encrypted data. This document facilitates such
collaboration by defining a small set of X.509v3 certificates and collaboration by defining a small set of X.509v3 certificates and
keys for use when generating such samples. keys for use when generating such samples.
Status of This Memo Status of This Memo
skipping to change at page 1, line 33 skipping to change at page 1, line 33
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 16 June 2022. This Internet-Draft will expire on 17 June 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 15 skipping to change at page 2, line 15
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
1.3. Prior Work . . . . . . . . . . . . . . . . . . . . . . . 4 1.3. Prior Work . . . . . . . . . . . . . . . . . . . . . . . 4
2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1. Certificate Usage . . . . . . . . . . . . . . . . . . . . 5 2.1. Certificate Usage . . . . . . . . . . . . . . . . . . . . 5
2.2. Certificate Expiration . . . . . . . . . . . . . . . . . 5 2.2. Certificate Expiration . . . . . . . . . . . . . . . . . 5
2.3. Certificate Revocation . . . . . . . . . . . . . . . . . 5 2.3. Certificate Revocation . . . . . . . . . . . . . . . . . 5
2.4. Using the CA in Test Suites . . . . . . . . . . . . . . . 5 2.4. Using the CA in Test Suites . . . . . . . . . . . . . . . 6
2.5. Certificate Chains . . . . . . . . . . . . . . . . . . . 6 2.5. Certificate Chains . . . . . . . . . . . . . . . . . . . 6
2.6. Passwords . . . . . . . . . . . . . . . . . . . . . . . . 6 2.6. Passwords . . . . . . . . . . . . . . . . . . . . . . . . 7
2.7. Secret key origins . . . . . . . . . . . . . . . . . . . 7 2.7. Secret key origins . . . . . . . . . . . . . . . . . . . 7
3. Example RSA Certification Authority . . . . . . . . . . . . . 7 3. Example RSA Certification Authority . . . . . . . . . . . . . 7
3.1. RSA Certification Authority Root Certificate . . . . . . 7 3.1. RSA Certification Authority Root Certificate . . . . . . 7
3.2. RSA Certification Authority Secret Key . . . . . . . . . 8 3.2. RSA Certification Authority Secret Key . . . . . . . . . 8
3.3. RSA Certification Authority Cross-signed Certificate . . 9 3.3. RSA Certification Authority Cross-signed Certificate . . 9
4. Alice's Sample Certificates . . . . . . . . . . . . . . . . . 10 4. Alice's Sample Certificates . . . . . . . . . . . . . . . . . 10
4.1. Alice's Signature Verification End-Entity Certificate . . 10 4.1. Alice's Signature Verification End-Entity Certificate . . 10
4.2. Alice's Signing Private Key Material . . . . . . . . . . 11 4.2. Alice's Signing Private Key Material . . . . . . . . . . 11
4.3. Alice's Encryption End-Entity Certificate . . . . . . . . 12 4.3. Alice's Encryption End-Entity Certificate . . . . . . . . 12
4.4. Alice's Decryption Private Key Material . . . . . . . . . 13 4.4. Alice's Decryption Private Key Material . . . . . . . . . 13
skipping to change at page 2, line 46 skipping to change at page 2, line 46
6.1. Ed25519 Certification Authority Root Certificate . . . . 24 6.1. Ed25519 Certification Authority Root Certificate . . . . 24
6.2. Ed25519 Certification Authority Secret Key . . . . . . . 25 6.2. Ed25519 Certification Authority Secret Key . . . . . . . 25
6.3. Ed25519 Certification Authority Cross-signed 6.3. Ed25519 Certification Authority Cross-signed
Certificate . . . . . . . . . . . . . . . . . . . . . . . 25 Certificate . . . . . . . . . . . . . . . . . . . . . . . 25
7. Carlos's Sample Certificates . . . . . . . . . . . . . . . . 26 7. Carlos's Sample Certificates . . . . . . . . . . . . . . . . 26
7.1. Carlos's Signature Verification End-Entity Certificate . 26 7.1. Carlos's Signature Verification End-Entity Certificate . 26
7.2. Carlos's Signing Private Key Material . . . . . . . . . . 27 7.2. Carlos's Signing Private Key Material . . . . . . . . . . 27
7.3. Carlos's Encryption End-Entity Certificate . . . . . . . 27 7.3. Carlos's Encryption End-Entity Certificate . . . . . . . 27
7.4. Carlos's Decryption Private Key Material . . . . . . . . 27 7.4. Carlos's Decryption Private Key Material . . . . . . . . 27
7.5. PKCS12 Object for Carlos . . . . . . . . . . . . . . . . 28 7.5. PKCS12 Object for Carlos . . . . . . . . . . . . . . . . 28
8. Dana's Sample Certificates . . . . . . . . . . . . . . . . . 30 8. Dana's Sample Certificates . . . . . . . . . . . . . . . . . 29
8.1. Dana's Signature Verification End-Entity Certificate . . 31 8.1. Dana's Signature Verification End-Entity Certificate . . 29
8.2. Dana's Signing Private Key Material . . . . . . . . . . . 31 8.2. Dana's Signing Private Key Material . . . . . . . . . . . 30
8.3. Dana's Encryption End-Entity Certificate . . . . . . . . 31 8.3. Dana's Encryption End-Entity Certificate . . . . . . . . 30
8.4. Dana's Decryption Private Key Material . . . . . . . . . 32 8.4. Dana's Decryption Private Key Material . . . . . . . . . 30
8.5. PKCS12 Object for Dana . . . . . . . . . . . . . . . . . 32 8.5. PKCS12 Object for Dana . . . . . . . . . . . . . . . . . 31
9. Security Considerations . . . . . . . . . . . . . . . . . . . 34 9. Security Considerations . . . . . . . . . . . . . . . . . . . 32
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 34 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32
11. Document Considerations . . . . . . . . . . . . . . . . . . . 34 11. Document Considerations . . . . . . . . . . . . . . . . . . . 32
11.1. Document History . . . . . . . . . . . . . . . . . . . . 34 11.1. Document History . . . . . . . . . . . . . . . . . . . . 32
11.1.1. Substantive Changes from draft-ietf-*-04 to 11.1.1. Substantive Changes from draft-ietf-*-06 to
draft-ietf-*-05 . . . . . . . . . . . . . . . . . . . 34 draft-ietf-*-07 . . . . . . . . . . . . . . . . . . . 32
11.1.2. Substantive Changes from draft-ietf-*-04 to 11.1.2. Substantive Changes from draft-ietf-*-05 to
draft-ietf-*-05 . . . . . . . . . . . . . . . . . . . 34 draft-ietf-*-06 . . . . . . . . . . . . . . . . . . . 33
11.1.3. Substantive Changes from draft-ietf-*-03 to 11.1.3. Substantive Changes from draft-ietf-*-04 to
draft-ietf-*-04 . . . . . . . . . . . . . . . . . . . 34 draft-ietf-*-05 . . . . . . . . . . . . . . . . . . . 33
11.1.4. Substantive Changes from draft-ietf-*-02 to 11.1.4. Substantive Changes from draft-ietf-*-03 to
draft-ietf-*-03 . . . . . . . . . . . . . . . . . . . 34 draft-ietf-*-04 . . . . . . . . . . . . . . . . . . . 33
11.1.5. Substantive Changes from draft-ietf-*-01 to 11.1.5. Substantive Changes from draft-ietf-*-02 to
draft-ietf-*-02 . . . . . . . . . . . . . . . . . . . 35 draft-ietf-*-03 . . . . . . . . . . . . . . . . . . . 33
11.1.6. Substantive Changes from draft-ietf-*-00 to 11.1.6. Substantive Changes from draft-ietf-*-01 to
draft-ietf-*-01 . . . . . . . . . . . . . . . . . . . 35 draft-ietf-*-02 . . . . . . . . . . . . . . . . . . . 33
11.1.7. Substantive Changes from draft-dkg-*-05 to 11.1.7. Substantive Changes from draft-ietf-*-00 to
draft-ietf-*-00 . . . . . . . . . . . . . . . . . . . 35 draft-ietf-*-01 . . . . . . . . . . . . . . . . . . . 34
11.1.8. Substantive Changes from draft-dkg-*-04 to 11.1.8. Substantive Changes from draft-dkg-*-05 to
draft-dkg-*-05 . . . . . . . . . . . . . . . . . . . 35 draft-ietf-*-00 . . . . . . . . . . . . . . . . . . . 34
11.1.9. Substantive Changes from draft-dkg-*-03 to 11.1.9. Substantive Changes from draft-dkg-*-04 to
draft-dkg-*-04 . . . . . . . . . . . . . . . . . . . 35 draft-dkg-*-05 . . . . . . . . . . . . . . . . . . . 34
11.1.10. Substantive Changes from draft-dkg-*-02 to 11.1.10. Substantive Changes from draft-dkg-*-03 to
draft-dkg-*-03 . . . . . . . . . . . . . . . . . . . 35 draft-dkg-*-04 . . . . . . . . . . . . . . . . . . . 34
11.1.11. Substantive Changes from draft-dkg-*-01 to 11.1.11. Substantive Changes from draft-dkg-*-02 to
draft-dkg-*-02 . . . . . . . . . . . . . . . . . . . 35 draft-dkg-*-03 . . . . . . . . . . . . . . . . . . . 34
11.1.12. Substantive Changes from draft-dkg-*-00 to 11.1.12. Substantive Changes from draft-dkg-*-01 to
draft-dkg-*-01 . . . . . . . . . . . . . . . . . . . 35 draft-dkg-*-02 . . . . . . . . . . . . . . . . . . . 34
12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 36 11.1.13. Substantive Changes from draft-dkg-*-00 to
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 36 draft-dkg-*-01 . . . . . . . . . . . . . . . . . . . 34
13.1. Normative References . . . . . . . . . . . . . . . . . . 36 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 34
13.2. Informative References . . . . . . . . . . . . . . . . . 37 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 35
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 38 13.1. Normative References . . . . . . . . . . . . . . . . . . 35
13.2. Informative References . . . . . . . . . . . . . . . . . 35
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 37
1. Introduction 1. Introduction
The S/MIME ([RFC8551]) development community, in particular the The S/MIME ([RFC8551]) development community, in particular the
e-mail development community, benefits from sharing samples of signed e-mail development community, benefits from sharing samples of signed
and/or encrypted data. Often the exact key material used does not and/or encrypted data. Often the exact key material used does not
matter because the properties being tested pertain to implementation matter because the properties being tested pertain to implementation
correctness, completeness or interoperability of the overall system. correctness, completeness or interoperability of the overall system.
However, without access to the relevant secret key material, a sample However, without access to the relevant secret key material, a sample
is useless. is useless.
skipping to change at page 22, line 7 skipping to change at page 22, line 7
5.5. PKCS12 Object for Bob 5.5. PKCS12 Object for Bob
This PKCS12 ([RFC7292]) object contains the same information as This PKCS12 ([RFC7292]) object contains the same information as
presented in Section 5.1, Section 5.2, Section 5.3, Section 5.4, and presented in Section 5.1, Section 5.2, Section 5.3, Section 5.4, and
Section 3.3. Section 3.3.
It is locked with the simple three-letter password bob. It is locked with the simple three-letter password bob.
-----BEGIN PKCS12----- -----BEGIN PKCS12-----
MIIX6AIBAzCCF7AGCSqGSIb3DQEHAaCCF6EEghedMIIXmTCCBIcGCSqGSIb3DQEH MIIX6AIBAzCCF7AGCSqGSIb3DQEHAaCCF6EEghedMIIXmTCCBIcGCSqGSIb3DQEH
BqCCBHgwggR0AgEAMIIEbQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQI6NTC BqCCBHgwggR0AgEAMIIEbQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIe/d6
of68mzgCAhQXgIIEQDuXJ0vv86loQC7vz26FjGylSr7mt6epUVNUtlEn9tbsIjjw qDQ/28QCAhQGgIIEQJKA5kzRVm9d6rEwC/0RyBSgpPuSROUQTjspt6EhBZlgHc3u
IGpu0eRzEk8ezAfzL0R5NaeVKkoFDvihn7NOoclhWPt66SJmiss54pRRkrVlTVwf FTCPaO5P/vpeWaCnBRarGFn3DmqA3JT+59bmRpGdiP3Zrlk2EbHi0yrd2P3UFDnX
qY9tHeWQShQQjBU0suq9MOIJYZDfsT+aFJJNVSPNid4mj8npvP3p5d0M7Jh8kQUp qRkkI+7pf6eOHWJRntJA+KJS8v3tZ/hpiEKAEav/Mq0IFNFyEiZpCkbKCX5auDb1
Ia+/YWQD8KX7GtJ6ObyhF88gxuWs0a5GqXqE3qIC3ULOQVE13SORmql5Tvxyr9iK p5c3J2MNg/WNBfpGJUHKVIzuIF3H+8LfFgayRsDsppoUMffR+GmdL8nxLiqhraHD
f/J9pfWmmr7uHsztBO9mzze872PBQ27Zgc2sojR5FcxHZWFQvUxRkjzMGDh/QC15 +Iqr3LpEroNi/iZQWUTFTUlaePf/2KMqaHOuy41IVvcH1jIcLXHGNa66S8AP/Hj2
5j+Nc+eke8KJSh0PoO8/RPbDjbPekPd1JKvAr+eU/ksw205ldcZqVUVyQTLFghr8 TJPPg/lve76DVaGdEnx4QJd4pBFQac90zmhxU1HZrvzubK9t4e5lr80wpd2djvZK
G8thAh/SzUPeZ5Ag6FLLCxBuaj8HDyFC7hIoYjaNuPd3QxtTrgAuDFzB6+SlEfGj wSLzUgtQZXq8pSs1r85vrb3KItdYGF6SZpX029FS7rY3uYth5SYVUQWdUYYY3S0/
MFxd4m1gXJYOm0OaKE+rRAHZ8KtGnr43vK/QAnSkW6G1evZc0kcAW7fNfAg8Oqzk nsaLg4MCWUO4Sh7nYJZl5Ijkk9LS7JhmwKvizHRRTXbLyRDH06e+jCRgLcU2WSUq
J84xBrc9OwF+IFMYJteYEGcsb49Djzb5QDwusMDQ2SBJatNsFNMTv8+w79toyMWd 1bEr9Jy0ucK8zNPTf8HWBTS0ubvy4JfO3mVp4REX/8ozXlLztWGblFGbyaJ9Y4ga
fEaqmdQ6GvZOf9rNNSWVgT+g7EGAEUtA1cXrz5cuHdFN5qcKM0+948++A59BB9dw LM3JpKxMtb1UTxoAyj3iFwGlGZFGKBlWplr+OdkKkC4dloFE22IINfLdRNLV9mPO
2+J+YSZ/3XxUGP/4zFwJE6ZgrjZYl5h9uqxE+tABVZVvtv16hJgXojFlyRUe6DY7 aGZhsDheB8iVOtN01u91BlU68Q7AL1ryXWUSjouKGRSU6uMDLZ7rw0wlZC1m4oLG
Mxt0a/NomXzNM/cXrqJ1tnhaCSTBdeUSvgQi2U6k9y76Jj4Mc1T7tUG7rZHvyAyE BF8CmO4ELmbOci78fBs/qDXlf3BJazcNtciamEsQPYRGkHASBRYtoDfVy6mTT40o
q4WBZ6U+GD89Agrg2pSn+zVS2BJc68P1WRRqsX87yaD60UuGuoIphCkYnxfSCmdX obdrZigcvCwttDBu7RtynAQVZ8DvKzxFGhe2p2Yc9H5A5ML7IwqNtYzheduBAQTE
O3aZOG3/3l37FkViFooPJ+91t455P2vyiDS0gfUffpH+jWyC6c4lbs5mmQW/HlMy jAU2jMqwnZN5wULEnH2TF6KAQNrKdtBYMbqkToKgxf5Zf+cJZbyQq7WM6nVfOM7g
cKNbIzvlvRhC5xwgS6T8jaJjMTSOdX6G/gxIx+JOmPpZT3uJ1IQtn1Kec0uhq3B9 kcFdeHDn/CWoSNHI1+JA3wSDM06zkU5HMd2MpT1RLTSaemImUKCAGYieJmwNQxR9
i9pBQwPTzzE0oLac9QHiVDl7EWWfAQQENSKuGkZ2yDx32sdLU62l1N6w3anUIv41 aYHBBw5BNBw1XRB7WRka2Uah0Xq/wAgaI/o9L+mShDRFJjFi+t8AV3KR0WWHg02O
cAZjqEB5AWpDPCO/9yVtrpnN9FfFx0q4XC9qkTCwFh07YSXrZ/o1c9XO36wZ9Osp 9qchX7P5H3Sy/tq8yUQIol+hRiRjkfi9qy6AxIRttrK4WbW4scUtBZSkg9uFkTVU
YI3M4bWFDXOdMiNr/RxnBC/cOs3UsYgpnV7Po5hSmxb5Ncew6g7YN71lkY0UXk0k ybnV6WvBpn2SrnwF/E1ueKARVmouWJ/7fiLJXk6wVvVtuBZw2gE5QGfuCwq0PQsC
5zCkATF2Qu9wfA35BX+N4eghN5ArQjgS7so6ohw9C1egknScU5CiJJ2XsXGKPxsw xPx8MhNl1KZYDVCGsyUr/LMHeKNc31S2HLGQK7kh/o+QQazafiJocQ+kRbS1VX1D
L12O+kQRv5/s1QxGbru2C/oKeQnBR8cuWrtYXFLHXhGl8i8pcX0OO6ABYRenqJsq nQlIhz4zvKsBgzHpoe3wQcfAY5sp2ubepsZ5T/YHkmroBmvA4g1vi7nlCetgxXrh
EDJf5MppbN486UivL/mq0dgHHpl99rmtXJaBaq+aSF8bZGZUOTMOcI0mhlq2kcWT 2V6OXvaZ+BnfsYxJeUZGnNMNEDFlzS7xB18ojtT5JN0o+9tLsdikdikl69IsVv+2
F1wrwFt7iMPAg4SxJTAFaxnIlLvesxGQLWvnaQyK+l4Rua9C7HxONrp2tDh9Qwie eCv9Go+wh19cSAL24rkzdKVuiIAXS7tzel3eWGjdKoq3Ke+tfJtobSGrB39xgLVr
Yo30dRbOQR4xD3SEHloH9UMei2E8hXMztS5tPFIgKuiTVqQid26C5rcP7kV+MIIE 3ho63hd+qTUyjcAhVL3hAJinv+/KT0jR8fq+CDsXMnCEWugHhwB+66NOr876MIIE
bwYJKoZIhvcNAQcGoIIEYDCCBFwCAQAwggRVBgkqhkiG9w0BBwEwHAYKKoZIhvcN bwYJKoZIhvcNAQcGoIIEYDCCBFwCAQAwggRVBgkqhkiG9w0BBwEwHAYKKoZIhvcN
AQwBAzAOBAjEoygdzjeRWwICFCeAggQoV/qxKd0svQ+7Pkd6VDs7zPVlHbxynt78 AQwBAzAOBAjiGuDSkfG4UwICFLWAggQogyL08hPtUl52dkO+BVimcGXW3FmDrT0D
MAz98oshJ0OyG5RXL++heW2+x5u6lmNhD5LjgLjcUToGCYDwJFzqI8QiwgCvcpfE gU3Drd0P76KzYzd2lLuGb9dx84wx0XnFIXeBM4F3QSDbCK4tOuJ6JRaEeUoCAyZd
obiCI2+Ev9FZ7H8gRsASIP1DDaiYXuO3xJrAaQM77uLek6T18X+BsmvRWzRpN4Hi XyHtLjVeuozt2xHBDUgQVEO1dZHtk1VUgzLSCha1rXjcwpa4+8xqqoVM3Cl5uBh6
JyKFPX5mcBX6AgFaVLJKhZ/GXcTuxFga8uA2sFzxridzgW3120ghCLDx9aL/8JVo QLUNey8Z3YlKlk018Tdge6OOUrg72BPKppNfJlN4TnOFwMVMA/qHAJl4pL1YDpmc
9DaxMqo8aS0gL1yasjidAd6bkiPnZNztEIYWBHy7jq468KjmxO6XL3sn6VOIgjRL 5BZm4tMg0HvPiz96uwjEhw1GZFGOgZIogeVJuqCNiZPDjCFEDgnCw6sciS5Bi+dX
PSSYcPKktZWhxlQgEg+OdOLzli4PqA/7ILbcPQ/wk6XA19uzmxTO2zhk8lBaGb+p Km0VUdamSr93e2eEPLbzxZR0E0A3IcOj66iHuZpU9YhKzsAIhLMxT8kF81I0ZZzj
C84Kf2cYaI1RkpHzEmqPs3EpJMbBhwxVT7Gw2nfTmMIKCUfRfxCqtWOhC3pEo/Nn 8N+P1hnkjdVWuJLg77pkXxQJyvuT0e2oc9r/DCHjckneen3+E66IKsYbib7sX4g6
9MnZq5iqb5tJ6tUAqSkXYN+/JEM5g9Yf94m5JAlbnxYDMhWU5Mz0v00hxCd4jn8/ 2oFBJs+7xQopy69pC8jCn3fx61t7AFx2RIvuVHY/eU4sXoWkJNqQ3Vxj2SPWKjzJ
fK0st+vTPpbIFXH6XeKrGwYyKBluycM2jExXsjbLnX2aINShCDuxn/LOO6hYGkcc 4IIvWVxIFiQjjOtDFdGYPGukJXn62Lbb8CFgam9s4jDKnr0LHIngVeUIgi4wkvva
7+G/kQjacDlbdJ5LtaZwbfU7p4AR+OxaqA4lr5uk+OFcMW2lF+Bbwim2F5gs3NW3 QzZTzXfUApezQgQqy4x+ogdiYF1UOa0OaqvrGRiiJlMdRi0/MDy+jzkX5cULhxkF
1KDtsrgyHTPNal8vjuWtPmZhqBR+0lwmTmaGdVmG0Q3EOthXPmB7k/iRobS/JwFV vdBNCirv+3zBaiJ5Eu6q0zP5Cxi2qXhSbehZqvTPB4dD/vu9yxHpZmUCvzm7H213
oi0u6wkwelCkYplObE9RqCjx78Xts+0M/WVlGkjnuhWthv8pvK8L3C/eQLVXLlrn Tdrb9WxHOc92ZpBzsfiCA1smVwTDFVGa/kqN6noPw0qWZANIk27/+apsTkBYaVpa
Yf2DlWVQH64S3U/TjEwVrOVNpfqAST7KJy85JWTnShGqySRB8h+LYBHa60YiCBg3 jpfn9eydi5eV2+pEQV08fh4OJfiKbHS0l2E3Gp/rPm9lVgmCmjBWh+Di1k4qgF/f
Qn6ZOn/aJN+dxOm1JthNJojB6DSt+gEIDr1XWQJjmiy2Bg4DnM8wRa58jfxWi/wH lsxWgzXNOxPntpohnM6AZDxW9Sk+BElDLYS4WFwUg679BsJG6hQqAZKvG/8agSH2
a8tHGpq8DdJhKRIWvOK2YveUQ01KWVAxNnzYmREGHQGEc9d4kp5hBltX7Xh1+OWT k+TKKYUbXbFVCB0+iuNZIwgf4qxGzvI5+Iok+OcxuGCqwOu30QbfECEG01QbKETn
zDa9Zqgq0+l2SffVerERsY0KuCo6g7DCOieyDsWJEtKF3LsAcYclWq7X0RYk5ta0 ic3kMiZ5Cxt7NQSuyEYAQ/AmvM4qo0x7Tw1r7tR8BcAEF6fGxd2VXIV8Tr/pXGO2
MKcG4kXZ6KJOkTynZQTtuBOJ8t7g2u0PxzxZxgLit2ukd5zm8KIdoTdUgz7Q5ZVO HL+0iIHs+Ob67zlTHr7wUB4tCp9LC3IIWdsr7KcSRNEMXpUIFI0etCjNgCU3iT+R
ukxK4S9mn6Slfkea0k4mxRh6wttcDJ5jr7yv5iEIvQ3J2XqH64W70fm5tbD3l3W5 915215OfWNGxQfaXTEyMVNaT1HpwihIisSb9QHbagaRLbYmqJ+ILSECADYQPEWf+
fyaBxTpmb5rX7oqE0WOjtr1GVurbydUVnvBD7Jxir5tmnGsdUvRPeGYy6x4K86wH LTO1tcOhkIb6BiwVWUuOOqNj6ILJM2XvmknATyUj9MYcd77xOJzMrJE5VtaM5BVT
b7IU9GEqyS44J/P2p0s+6/tOCtiS1kGRGkf5UEkEqmKu0rzhZVBx2ImqjwmOqy0c oRpcOLfhYOmihceGSEqXX5golkqfLUze7zlslNWMYTTLw6tC6I+c/IUIWJnZT4m2
xYnPItLdV6FVRX0Pvc7ROnqdRABpNo9bClEENR80v+hnqyh1MARDWOdUCZtccf6l RbTQ0krfPn94zbTjrG42HS5+Ke3ySV6Fv8MZ+s93yY1v9iB6cVPEUteLRc+C7e7t
ttG5ihCcK8LunDF//qXcgFZsRvSwzAWhJkHbubpAJmkbDS7Zv25yvo/bG5VyXGqF lw0bQ2+MyAkjenS5Td+3tC7lR42O2CSfY2SaOsRv+EaYjTGzf9F3TM706o5+VZrM
eAbSQHM5JJQWy9daTEeo41n2tyZu9Ubjxo7w3QhtF3UwggNnBgkqhkiG9w0BBwag gtIKtw2okRcjRhaKDfhui6jo46YYzWbrgOS3vzc60VcwggNnBgkqhkiG9w0BBwag
ggNYMIIDVAIBADCCA00GCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEDMA4ECCwvAkUo ggNYMIIDVAIBADCCA00GCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEDMA4ECEyHXPVs
pFtUAgIU0oCCAyAyxF7F1HQNryZd8PlbEy/f1R8MWtVQDEIJ30eTlaate/rS5RO9 ncxTAgIUQ4CCAyDSBlYeFnsa4vtKApbLnd9FENDYeYqkKmj0lkDagMqHC22/nQ9v
9MOlglCc43bhk6iHzZuJ9FV/fWlFaJ6JmFPkyLPif8Rn/9EFTXGVq7smLvk0POCU gz2lOo5FQJoaJx/WSorQt0Jny1QP9vZd2t+bkfoaXOR0MtmFY5SOtYEudJplrCz+
BBq/rI378tu9DbVT1JiWULvvD4bzwvChBSTlzNUo5HGRNfS/J3mLmm35c1ETYktH ZEw8JlePJRP0Q3lnwEiSk5NnXLRWNzurIeuyZEd1VbTvi/rF22sRWlmU335L67zj
L05NM86Yv2RUiTpRYDDK99heCYRwflrV6CPv+pJ5mNtniN0L4VtIPhSNczLoUZgL P1sPeXkBpIYCPLHw8E4rkaC8G1ko5wyrnhuqL4ItzhvOORvgRaDflpP9WTj9LVUv
hraX4qqQ82NN9VR+WBoQjvLfJSMtYxqCxkEc7uKG/cu0EJ5QAv3ufvTLq5TajXRd FD5D59zgb0ptaW0jIw4JplIGXIEZIynW4KfkWy2YJvsXiuLHvN3Z8qL6VtxNGk1s
Yb4Vvjxuik7WLKK4lXSMyFgvgY/NRL9zLFETTEJgpDHcfYgMmSKVy9gxZ+8S6i69 g340uKkUUlzmtDJqGT9RVkoYBXxN7KYesbSttONhPwdv/MxHrEo8TGHZAvbmwgft
8okItTqJxnKZM1c/C+aAVaQb+ZiB805ntsp06zCYQljN4cnIlaMphAqf6ht6eg8M hOUrc/WVtUopPEs4QgrsA8d0MrSd5lVtPW0XPsBPEnLuh7dqAlmgztYlP4Yztk2/
77I2/ZTnDw0ED/0ZGVvNKoqSE+Twito4KcZ3b9e8B15gZYhtzoE62x4kHEYYqM4+ JJ+E4MosmhRjbKzM2N5WuGlDC5m9KF/5JjNVwQ7e8gMeUv/3gizgCG/4Mgng0VGG
TVxey+9pkTGK5Y4xeDld/WiML3t/7G4jdub05Wwnu4YzqHGqKFV6gFgLqSAVlWvU IxGzzBoQXPWCKdT3sLQVyt4/pqPBpZYnP09bmkkY/UIa1unNB+WWpLOkKSzD5wRv
Ytn5/Ox+MjHet0tSU4ByIkbjL8G+nInc9KFBZ7udc/Qwqsn394BT0k/b4LNSvatK /2xmNO2D37DnHwTFYC51ZblKz7FGjOgCwG95VPc8NQ8aG5rqpQ+muq/Jil5mXgNw
JFl1z/VlnA//DyiGc1l1KWqBPLJ+0Bq0gzKse9bCFtNuYPnQf1INuRuCjxhdsCbu IDeM4bawa01UKEzqTGQUb3gsJMGiVOhgtOrBiO9Kx/2PJolUuwZGcbo4oGSVR7KH
CMgu2r3l7lVRscL7KbpD//cjjWza7C816hzZ21TJWLAe5HxmLs7Etnpu+/R7LwYI lLgIuC8aIQDyFURVYRCNwOw5U7JN5arkvZ4ty0/qk5UbjxQuDkF8o6ZdViO3l0Do
jpeQPVTNzdnt7FM+bf4rWwkxfoEx/lSvV/Fdp+WGrMZ7+2VK1PHThIUo9yJRN30z C+6zvncDx4HvUd6uQ+u/kZfr8qfwM5o6D2qXhS/ZHSkq2xwIzb47uUUqaeg3yOZJ
aLpRyzLR5i9qt6yyk1cLxtztoBIBmb/GvJEXEOWF80r92+LlI53sHdnqD+0+mgRE ++na7gC+ibtHXXnNsHUvPbpCn9qViFhzilcQZYq0tZxDKa0E/pzEP/IA4IG24wEL
LfnsE6vCQE5hyI9lxXalyqVUdspAsMQA5Zs94fctvZ27UzVtE5EuY6X9/4UrE7Fj GnyuUIHXBS9T0MchTxl7BglycOPRDnFKzMQfUXY1rAErK76cs3y4VQDbfYDiOzsa
bdg7jWHVbGO/KvMa0UvgRxbglAJLAN6CwdMT1Cbca01MrmK9pcZBMKuJDcUibmQO 1qqMApIX4i/qKFdRvDuLxtZQbVA/rNumm40LPUQ5OvEngIESA74G+//YQbVjbMjP
mzeunDJBT+BVbNRSo0zKAAfEWonFNgNdqjE9uMXzlhaIbGFlDxXhfPt9NDCCBZgG y+hm7/15q5LRo9YxCS49KGlz4NG1QMWjnfkpOCNVZVpaQ7TPGOIYzBL6kTCCBZgG
CSqGSIb3DQEHAaCCBYkEggWFMIIFgTCCBX0GCyqGSIb3DQEMCgECoIIFLjCCBSow CSqGSIb3DQEHAaCCBYkEggWFMIIFgTCCBX0GCyqGSIb3DQEMCgECoIIFLjCCBSow
HAYKKoZIhvcNAQwBAzAOBAh3So2X8cem5gICFDIEggUIhIUw+YkTW0xCm9S8Kn3k HAYKKoZIhvcNAQwBAzAOBAiO/0ICbTbZLQICFOwEggUIFwT/JI8UjJQPfYTFonJE
Fm6mI68Da4CD0b/5H2QU0UaMg1DT05TwCybWFIsjdEmHhXALvxQ53nTZyIEYp5Jf o8zEbpYWXKboqw6/zZsMGmAnUPgQNQDxyuLVprs5jUc437kVB2M3F0x8DjmEppeb
6ICOwXBm3Vn5TL9472L6e5RPG2li1IrowR0nzFxr7oiSNWMhmv9NZbBNtHbH9KfT tHfIoyjoXF7jdnA4EF38tsso0K1nMPmSgl02iYZtOqsOvBpfeO5Hj4Ovhi26J9Pz
HCMlouIhOnxFX+yP8YzGfiiqNLgHX7xEVWVhLBglJeet6c1xxMHR/b7z2DuI6k3U TwPcgl3QQPqfWv7CwgGVn4/hntBAriPSE4gAlfAcqkxtJBm01QwDoAdsOKOMsYnt
p5NArfNwbZpT/SzLO+jqBwfFsMPXa1jmqi3W+q0xUt+obsfb7jK7ha9e+oegW7yY gWajpr1J3Hm+34NPL04Usf1OpcesPUJ4CBxNyLXxjjsOzD78WVvKY+N+j89xTsyt
fklgXJObY0YxuFbiJYJb+vnOb/qBiO15/b0xifxA/R6X6cv96T79I+9fvUOHQnQ5 z5Y0fEkFqrcl8pgBQxH72jBwSCm5YwHz3BhWQgr2bpWJ1f2LWcVsnrN9tx6RhQtA
bEKXFymxd9FD2UtxcWAOhD7R3iwtPGNx4WgEOe2nOPBP4OXgk/Rvq9bTkF/1mojn AkcyNgX/ksp5EW4JTo+o6oXLRhXIYauRrUrisMY++b8ZJTp6C1t0RW2QdqgMZghS
MN7oer90NsvVEEx0x6Yoayy+ncolfxAeui9LJ6Cso/bYNA7fw9GvEkC9tSCiO65L ZgaW6FSC6Dy2Dd/ezdkYUCgiEtq8eSxF/8WDw6Va2iGVSNt4/p/OJ97yN5yOJ0K1
He9O1qHss08eXUi4Nrp7zh95T5/sC8HU+blhj8asE3ofJGb8l7SrAREoVLI4D3iA g0hATebU+I3E74PQ9RK84FfJvyHDBC6fvYZW/ouMcgp3YmAF+dTm74Hq88X4daV+
xHE7E79i5Lf/J/3eisxZXdL4nU+4bk3fuZqqScQL7BlkZPtzcDJTCcoRG0jvNCA2 /UPYf/cVpyiwcBTg6H3jrkrs0yKoWLIfrIvMNBeeKZ+fl2Enw1MFzkLI4VGD/UeR
lWvzfwzrNmo5SWHXQ29It5wpGFJPRKFRIdg88GNxGwzNoxye1pnaQR/9JCjL2RSW wrbhN0SHkh5lIGtu0yRTfq6msYQpkw+jr7QwJIdQyrAoaaVaRotVyvgTOLlHw8r6
RhuS7bIXLKC8DlLlCUgzPoiD8UEPBhNcX7OiOSlgL0KW70qcH+jqVuSq/3t6kWlE o7v36yoNov3kDPW7DfbSVTWX5lIyQn8NqMwa4N1clWT8ukfZXSaYykFSqF3w5zal
i0fL2OZU3s8r0hq34nuXe4pkO1VUTafZ4nOlrLFYsLj67+P/abtH67LUYgI0xZQ5 a4iIhu03GjDcfiWLMUlYVAUcvSmcIULE1oW7FKiJc8OadeIu0JBySRSEvf7B3w8l
VcywY0BN6CrxCKY2Dgkvf9+YtidysDkS5tfDMYmSEQyAORJVHKvipXeMjTblV5v/ eYUs+u/h1ptrZZKhe1JdAtlszvHJ0DD0kMqA6Ig4yomscGSol/sRUqpecIQwVZTC
FhgoxXCS/FeqzEHQLioCxVsnluEaE4KukXBdJYpUJg26kuTp+kY/plzq9hLU4aF4 RRq9dJOFJkKhKD5Eo9E0Z2snp01fpUF5qlMeBjpYgkX7jhyFyvq+qDqBAY8izvkc
37ah/yIwI97SmulsM799Ru1tx0bigIdoB354sj6S2UcSQaEXAEf8i3ljXvK63zC4 ruE69WooBVyorqKHURjWtY+rhzcB4+HL72wZKzLnY3iUjJ1UANxM8mC9fpD1NJt/
pDA4i37IGUqHVaH1I6bmmPqBgw3jNW7NMNUsldwawSbDAyRAw2LtI62U4DL6B6Lb 7epqzPyZ2Kd4GJVYi8sQpFKf4tRHDr0tI5iUB78qj1EBp1w4qvRn/jC4ii7+Bas8
1Cri2oAydd6YogP5eGYxfYEpjzIQ+jmElUctKPc63Fc8OVINytooTi6o/SIwDovp mz/AJ25QeviC44Vj+eT2YYXafDivrmoeBuVMIBbD066YnuBC2CeKydNWdiARzc3I
WT+6liQ8M2vNcH4NSGitMcp98K1RnlstAErNtNf+pfe0NoUP9f7xpajiEFKjjTtC fhcuhVwq7riotYfyDqd4e0Jy7Y57pbwv4Qwz1yCxRjSwiFQ7/fRa2Cx8xtxKcC/A
FHY2eOrdaaiZG9xjOuviDmJ/4gvtdfCjpfOrwtqeYiHFvmWYgxiUfMFvuMYTYGJ9 4LGnXAKISy+uNbDWA7AYaP6RmGgMCaNiXy3F1zvxnE3bv68tXRF9vjuEChUq56N6
LdVS+rWYrjC+srQi2lPyci8JzRZFG3SV7OktujZFHANqpRVF4mFBV+hR7AYouU89 992qhoBuHP0J/mRItw+JoI4m/OFnEUGT3bNyxpEFyA7aXBE91aQdSXl4a97nC0/R
BpkjFSkOFSOBQF9eEbK3O+6iiWYznrDie3CW2chuK7eeYEj9z69xBKJ+pfNuji1w SFH/fRwPFYgxr3XdCIf3Cw5PDs25YNsXWCsDCVejWMFrwOzmDwa8sBkY270+rGv7
jx7UiSd7Wfdhohc2MKPuSJYVXCK36xeN2sh0YpmFX0o23PL41XooO9M1oTKGxPNJ 6qXvb/uGD3M2C+DySVy55Zd42wjghSezgY6taT0tqKfLOS6Vl4ELU78Q6va2o8Ml
u1O3gGOV9Oeczd8+mta3OEM0TbGhA/Uwgpq8itG1CkL4nzaH3Gt59l3bL7ACyM5X cUdi343tOi60MZgCDUwPP8TjKZINh8u1KNhzgpwNLz1gE0dd200l3bbzdZ6uio3R
Pl8eve57SsQcarGbLs8pN3KBOC8p/ETo24WZdDJSzzAf+Kk/ObsXgFcH/u+0bi4Y 52WQWRCk17Z9lUesCJavytcAi0mMefMxBPMOdnUi6O8TPDRA0mcohbE5rybwDXAo
TnnrZg1O4Eiw3WJHpaRshAwrt1l4wK6R5QDIMRS2WxTzW1k+CuP13LG2c6x+SexW B/VUbwgM0/qCpZ7VcSKN1lUuoe9+Kho0NK/gyMEvntMxGNNI8arV8UkeFollPhrt
zMwhkDCrNGVubXnfPwbwUGXes1+jMr4vWkklFSFJG5vR0ol8wwVbTFt/cFgv0QjM umvdwqbVCeN8TBj5vXo6Hu+eKB7AVwjBk/rRHpZxnnVGXbm8HzM+kjib2cY1dius
BOsZDYlXzziQAoERKa6EBvl4d/ygICU3KzE8MBUGCSqGSIb3DQEJFDEIHgYAYgBv VRJ/1+Q9GXuo135tQbobgcMzAmqAqZp9kDE8MBUGCSqGSIb3DQEJFDEIHgYAYgBv
AGIwIwYJKoZIhvcNAQkVMRYEFEqzrDFTAkmcTeNueeAlYZU+iGIlMIIFkAYJKoZI AGIwIwYJKoZIhvcNAQkVMRYEFEqzrDFTAkmcTeNueeAlYZU+iGIlMIIFkAYJKoZI
hvcNAQcBoIIFgQSCBX0wggV5MIIFdQYLKoZIhvcNAQwKAQKgggUmMIIFIjAcBgoq hvcNAQcBoIIFgQSCBX0wggV5MIIFdQYLKoZIhvcNAQwKAQKgggUmMIIFIjAcBgoq
hkiG9w0BDAEDMA4ECJJKzeDj9Jy9AgIULwSCBQDqW3Z5nt8HxRRIJlcwYDdGa8lE hkiG9w0BDAEDMA4ECCNi2K1bMEiBAgIUdgSCBQDLIXo4ExcyE8+4aiZIj/Wnh/SV
TK58VexJYzhLMwO6OtM0J6JyhKcknJYIWL754aozGhFh3wJfP0YJ5u2x6lWeNJwW VVR0n7s4PGCbXt+VrOHd9YzTuUicAqIcHH62dv7NSy+fgqZG7SmVR1IodadFe+5u
1mRW8htE5MR1FntBeQC1+KrhmwDXhPe03/r1yiefs6lq33MuB2N9WZCCKr7SLcFA sAzXoyyhhEe2c+ToeVbr5rs+vBvQUyh6X5XTV5QVOAkwSyKGjyfdy86x1Q8cL2D2
0UdVZNM5sbm34/7c2QMbl/yp20mE8dypNsjVFuUX9ermiBkTQiNdp5mENpYkualW BM+Rpkm1cFtjgWcB46U6S6w50sG7XOKSCMI4a6rnHPVgPPdXMrj3VSPJY8bhBqED
I22asZVowGOQdIgwnW238RMO+Ai8/1tY3H7kvR50aziujLDwVY9LDRZLEsmD5YXt PVTnfSHf/wKZrIi54O3F33B5jt6Cm9+9m9Fed8n+81w59rRom72CY9Xii/ULER9T
BR9BjpGwvPMx9kq2pKvpbVamS7N4jdEWdMNc/v0/hl/ZIBmxroztkd+IseV3ntJH HwjxOZOQ+dIml23KauwexuOGjii0UR8MeM/A0n7UNys+bZTulgdpWW/mDhJ+eLAT
gCufXSNzSjb2vOUB2Ouu9mH9J2wpIW80Q9g297aOoV+MOoWrqkjJzcKz887/MZ9z nhJw5ro/AWa6YVXG+t5k9LjdJ1ZmqS4bJxvBwilpEGoh0MM6Yp0dr1XM4mT/E0JM
UeTBj8eLxUgvw/udhCt7t6C+xfyNqvMEVKRb4TAKu7f9vsI750n1fXkIuS7h9qQV WD458Ngs05CuCpwAUXGdQmgrVsFrrV0HTyHeVLDhe43J3GI6HCWJVOeDQzzmaO3A
H1PKyVCl+WmfV4soJ71UVW86oMdow09PCmzIDAut0mRJ6640Tez7umv+PJd3WLk/ M+IooRDkTHnJMaxUXphKTag5+f/smNYEhzVjZeIc8GFZ36eSI4BNGHSXFACwLu2T
j8ge3RtFP0S5sQ4fyhmaP43ZkOJkybLvap1EW/OLPaqd/rSS1sLQwdQ4kaqJlouG hkzpXMmg50JAUhBYxqE/fVevLUH4JPLgz869wk8gRlUBo6ihQGrnsx7ZO5IsYahE
1iyVK8pLgobITNwZfRzvOakKTmo35dQkYzixB2zuJVY7ZXuiDD/7sWRNfcU8J8XT Yjz0N05PVPJYMLSyMovG9i+LpzQ49gIBzPu2fdLR41u5n5O5mG1Y4aJ7OCJxMORY
z6Y+p5Cr+3MKbrWzw5agJ9+TtH1fORqr6Fm0bvgfhVDl5lGgBQNTgwg+2Gy+qFoF hWHuctHdGdpJsgiq8+1iiUwmfyCfb0ZL3ePMU+W0zkAsyn22aK8jDBLLVZlvOZIV
qVoFwKpnCRutB5rFiUHW7B1fKp9RL9BZhdvNfTb5tlvDlK06uiemwI2nvnEQabAN qR3Gx4QFPSk6qCMQ0E58VkMUMxYvClzTwSeEMu66eND/AKTE+XXV/d9bmSmWGk7Y
Toc8eZ6d6yqrlSkYj4xbyneoL7ydkViKt5gCB5+F+diTt40IN5PDJKLkemUOdwGy 8XrDKLKfmRdrlIeondVJv5mk12YKxBPQGeUqK5XJUa2dzH9zvfEX8iYzdt4281QC
BTbWvcwAFhL5hChoHQguJOqG1J7zq6Hsh4H893s5gVWBOshfadz78vwE3aPnCZ4Y iXJ3qwmbT+8RoOLBt4KyOs2e2ZSZnjrL9OO4oUsHIOyEfjwnWoLhKbkmun8GJxoB
ZX/e9uiVsq67N7EblcB7IcE15y1bR0H7MXoJXumjCJx0VxZbRv228NrvUsFx+mFn 2yCzTawVQf9/qIUXaSzcp23AV6Lf1k9Of79HYPW3cQJAtjf6XBVE1xVZPkfTuC3y
so6xsGZCrH62hkqI9lSdlRyCLxd+vjyg7xQOIXqVTIeGHP/Kie0SJNzYf2bsdrNU VLufljs2ed/ctpHg9nuId/xHFH7t4HbmU3/ZufE1GHnsRQ3kbnqA5WXerd9UzeoD
A1EtlA32ti+My8eko2X1PFYCg3mX9NY3XoPJpacvpzZ5Uj/ie0Vnl6q8S7PdOjqx aVDjFXGrITp8env08GXYvwWGXLL150l0DuJSv1E+1yww86SNjBYUTx0r0CJjjTk2
YlT7QBk/qPGKCiIYyG+TRKDLNr8vTNnOGVUVxsp5vp36Pf3vaCzeddrUvd6P7Puj 7vIUhAYUEA+J71IeifqqPDKYXnrCdUEajbfEdek30WiLR+ChEvEp48Mla6UVTLm/
1ymz4dmvd/OOuOCtZ9lFiOqD9bHZ4BSwJR6Myr/jrprRIBGQn7QCqFDSg2N1lXqa mjziwbsxm5QlGccmz13e32RiyrfseB+RyllmzeJtydP2IHkWK7pww9yOlPK0QtZs
1tqxKF7tRJIkq2UDQmR3Sgiv+wdQGlGNRiwNGZmNme8O1kRTbT7mCjmLfYWD50z6 66IGZKqeXrWBk9QFYDX42gAy/xTfglco4KO7akhp3UzTIQyTXnt+OsOScc+ArVm/
JP8q09HS+1gXfYqfbvDLQTHMQl/fxL/zmkF8xlMqtoLSIDkNvesyiT9g/JwN9X0G dwClm+ZxybtOcVyadjpKWydyfAr3aTkGxX6RmHrEWr1R9BnMGPYesDs+yeVNs1Qd
hanzi3B3kMWI7lqkhO+If5SNI7Ct928YQTEfPEm79J1UGmXZBtdt9lOKK7M5b6F0 Dhff/bQLwCLXdGLWwLe6kitUiyi8F3bdfPjR7R61lEUvJrBm7YLmgdxRCJ02LFLG
5TCkOp7RN7SXw+UGYx53kUspR0HNwqRa7rqXT4RodxVcnghGT4qA/rb1uQZZzWnv n09iSMNe5vmiNaKiuzfb4Dp9dqEMhmJfdsTURagfJIyqULoe08EIIozahivbzoWV
TuuZolIhOxpdmhJVZdQoEWVx/w/EERdNLivqzHykeiv7OiSy4FhrgWWmWipJRB2v A6oPAkk2D8DnTiMegX4IZ/Zb3LPxJKAeXO3Ys1YQrNSNZ3B2ZISBapzGzhFZfRVz
cgezn/v8XSIG+KJKRLzyfx44P6senjcgmKRBITgJ85rU/uoLNGjLjEfwQb6x5Lit POmXhN53pDhlxkw0btkKblYA9CvP+kzgwekzCy/Mlq/HbO38CV1NKzay3yg4nteh
KqNfcqN2PB3q3/Om4Ft5BeWk2uGXAObLe98s27rZe0iOT5eqyftyiWlMXLS0bIkg J+v9/k7gaqKmo3ZWMGk0WGBv/GFxYhmeNd14Y65D9TlypM/zrXSyGoOqZgSA6HlA
xSrxDA2LJW5Gf8F58zE8MBUGCSqGSIb3DQEJFDEIHgYAYgBvAGIwIwYJKoZIhvcN gogzwwSaGwx9n/o6czE8MBUGCSqGSIb3DQEJFDEIHgYAYgBvAGIwIwYJKoZIhvcN
AQkVMRYEFBfFhHvQp+92kDi4s28IvJK1niuUMC8wHzAHBgUrDgMCGgQUFQ+BtZ/3 AQkVMRYEFBfFhHvQp+92kDi4s28IvJK1niuUMC8wHzAHBgUrDgMCGgQUgwafFeGU
gX+Re8eKDEP/OBp2V1YECDNLqWo6a8ZVAgIoAA== n9Q1rAOUCgw+KWxk+8EECJ1vqXe6ro0FAgIoAA==
-----END PKCS12----- -----END PKCS12-----
6. Example Ed25519 Certification Authority 6. Example Ed25519 Certification Authority
The example Ed25519 Certification Authority has the following The example Ed25519 Certification Authority has the following
information: information:
* Name: Sample LAMPS Ed25519 Certification Authority * Name: Sample LAMPS Ed25519 Certification Authority
6.1. Ed25519 Certification Authority Root Certificate 6.1. Ed25519 Certification Authority Root Certificate
skipping to change at page 28, line 14 skipping to change at page 28, line 14
7.5. PKCS12 Object for Carlos 7.5. PKCS12 Object for Carlos
This PKCS12 ([RFC7292]) object contains the same information as This PKCS12 ([RFC7292]) object contains the same information as
presented in Section 7.1, Section 7.2, Section 7.3, Section 7.4, and presented in Section 7.1, Section 7.2, Section 7.3, Section 7.4, and
Section 6.3. Section 6.3.
It is locked with the simple five-letter password carlos. It is locked with the simple five-letter password carlos.
-----BEGIN PKCS12----- -----BEGIN PKCS12-----
MIIYJAIBAzCCF+wGCSqGSIb3DQEHAaCCF90EghfZMIIX1TCCBJ8GCSqGSIb3DQEH MIIKzgIBAzCCCpYGCSqGSIb3DQEHAaCCCocEggqDMIIKfzCCAvcGCSqGSIb3DQEH
BqCCBJAwggSMAgEAMIIEhQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQI7xhQ BqCCAugwggLkAgEAMIIC3QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIwS3R
zoEDt2UCAhQIgIIEWMgzPbEtNf6qVctx2p5i7x6wAz15AjqfNv+qiIHQtPljZ23b pT1mkyMCAhS7gIICsGKkBm0nci9VHfqxOTWy/lkKyQeF5bwsF/9gZrqUym1KtHZF
BjHWAdxuri+jbwV+jY1JWwMG7CvikBZN0EeWkjeTC5R6RFz0QPoK5cetdcu1gyX1 a4rSJIPUctmzqVnhGmfW9m+LEi7Em9rRmUIQbDZt4kQDG5eDk7AdhyDnB3uZDG1W
/ugrG48vgnrNwxfZOaBzRUuudLB0FI0ns436XPPgAPx9lCZ+jZesjfj38mSB+qb6 4cAeUVXJMzGfnwtzy5TzBZzEo5nnVX74Al+PDW9wdpbv2TIriL0m29fBT+7HVS9F
SxFbZc9ix4bMgPMqCyjF6o1TL25HGCfN562sNcG/xLqNT94wvw1Ofibd1ywuunlE Z/95XokSwbb6mmCYeGiPpNEaoeUeuU4zrh/k+JJqDuqNsU66I30wH0CFmk3aarBV
Mm/L/G31U8ZehA27XHHSKXOTkSxQ7cNCh9ZfU9tpFm8XMo6s30BQRCHubF+VLzso 3LkEeCjKFkngzMOZqiKZu8D2hEUjsGQ9ALsRn7P+hIWNFIgjvqgcCMTF8fLK1C/8
7xPhtc8/ldcl9MyLnpSBzYhPbHwIxbDo9DxqN7N8latA+WKXT0YlR+bCfF9XQnbH vYGD+HOpnn23nLele4b/qpFYx5kJ0bOK1Zo1SpgUQ7Bu6gectUceyOgi7CjRScuV
xFKk08U51XCT8mBp8BdAHp2n60XwDfBm3eQPJfc5TOyfoLOEkJNbC+dA88hb97zv ew7918ZY0ugyYoIWAT0kecPM0TFtxAn19JPXo4jBYAlwUtx7GYAlDkgZCb/0dbkv
Uw8bW91YtiU2XvIrKUajJVlXHCBFZnCnFwst+f19T5PFGPAj7s4mZdPWnQTtLyjw 4L+PAeJK4kVDREDQ6ch/6/hlqU8xHeNzdagEWYL6FxWDiHebASxIvZzqkLd7RV9m
pHnuT4/U5w1sHAvf2oZ0PdUNq/yqjdKARxsRvS7lBTcci89Lto0OwF4TRzi/vdFZ dL1FXst9R9G74jOs0WMMFmd9toyOhD0q6Gl9catOrolCVS/CKaC0CucsJfiKrlJ/
X5bBhf/WYY6gacG1X9pzTPl5qp3doOwwhxXIvoneQFVAP21yI0imrus+66mxB6Gd duQkt/JwcELveuOg60u2uaGKUqHmFhd3+6omk+wNBoY+0D5MmBZ/xnrVELGmzp94
wQf8iZMniS/1Gpu1N5XUUSL1B/qcxYK72YOK12ChpgzEETwJ7Y0lYrbOsJt8IhE1 q0f/HfZPT6sxkYBGuP2eUA/qr/zimNG3TuGVch/MdnduuVhvAYLyh1gbA8yRm+I/
WxsDy6nWLA2c8/1OU16l1mIgrVoKVOs0ZkK2dCDYdr0qKqeKgdHqp3INeUKX1ZQo zGCVuAqhsHITTx7Fqc3tyVp/mLYUO0QuwmgAw6NhzwKZf5N+tR0DZGcgw8rZpeJA
k/kYAD6Mo0QkjW5fPbt/vQWSspjTKzpcz3NgQYKMcFqlB8P186nb4BvrDky0BM3i yTxVFcjzXvoShxog7RroR9Nc4FwJhWI4BO241OHFEiQZeRk8vzI8WIFXnn6t42/q
P7mXpcRb42WSY77xpeUDhUg1q6fnlTdtm5NdUZkuSgpHpQUrs945KTkxfLReErSd j1mV7Ba42zxPEGoY3mObKwjR6rDp6KwmmfkghpwMPU3qP2/ASV8WT1+9GIYHc5Am
15OAAnODb5T8+5JdXOLAgHnPPezRuof1LQZsytsx4nC92OrboC2Yn3hHEqcgqQYE 9CmSOTiQMluW70Ra2k5ZMlwnbKNyMRbjUB/yHwwwggKvBgkqhkiG9w0BBwagggKg
BywzDNGuA8ISEmdKvo7AgaJvoFEvLDmas8T5I2yuWQ9mDXMurgKFxheMSpHpZiPc MIICnAIBADCCApUGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEDMA4ECOMzXMste/8a
JE/n45ooSH+uX3HDUVmjUOYQf35udyurbS772Zrptguek6VdjV3F6GV0Q4X3wIo9 AgIUlICCAmgXa+q2JhTLvWsj5SKLdMninTk5uB6HhOsDKYR9GDg/cABqUFxycROG
llV+aFe2/v3Mm/tt+h0KW8XVfBOB62uvb7ac7ipBjAHBeGYFQeVkmI0Nzvizk1lA JeJuewIRkJhsfdXJi+TSRtnQOqpyVM9oRUdxcbGuCI98fEbLmVyr7KF8GudTgC+b
jKtmIGZ8MwBp2e6rpu3g9rCbCz53LxWB4yJYgGc6NQmWxWQGjLUqdOkYuQwEdjr9 eaLjn6HYkWpv7lWdvsFG8BEy6Jqi3/tP9PgNvpCYgVVM7yx6SX8QArcLSQkxbTsv
6hpZbtXvXs+jcDO8OACg9kfjX6EzK2kVXoGdy7tPMH6ElXEaSf4tzIhfwvwNapj5 Ae0iN18H89W9xOHEz4Z2qHYyb7f0pPHrmpTGC6qmtvo1gNRsKTF0wYeQ5Sy/9U3f
7smeQbXQj/v9HC9XbgdslB89V1wAcU1PG/xBjEulm6O9EN8xhEXfegzIGxJ7JcVq oM6bIcrOvHDksaco4+5n0zeySDETY8W4mO1K0uC/t0oTOScYGBeRhVr0DQapZGT/
7kaxdX6BPPH4iW2Bwbv+FFvSQOwMf1SVjpE/LcV5JxkYrfT2cEinTcZsEFfP5XOZ Ej5LpgjXOuosAoT3IKnMwK3C0OZ8oBzcvgSpeAa/V/OTKDpZb22yq6sEaHAPoUqb
aJw3xmya24L2ynjNfljmpK1xg38OkzeCVebkeQ82OAYequb/iTz2yyfaeUoXbNlR cKRJmB6HC5mdLs3n0uP1vlZuYsHu7Evt0Uhns9pbklJDiCgM+4SFgKTRbd6Xt8bf
wcc++JwAWlkj6FS/dy5gwLTGvUBkMIIEdwYJKoZIhvcNAQcGoIIEaDCCBGQCAQAw GHkWnmpv4pQL7jjzA3epP2DHyC8MJaDvleWY7Z3t/IEtkzVxflLo8kT21edz12cm
ggRdBgkqhkiG9w0BBwEwHAYKKoZIhvcNAQwBAzAOBAjBHiWMROp4AgICFOKAggQw uFVK9ilMW3eJuyiRyFXFPgVsuNi/HFnijXFgxzAncP7fFP5MCsOo6daiEjJjemKf
FC71dSM3kMdsEhcjRPE+6YRmvktReM0XxK7+5FTD6tGJsl6gglHIre4gC3LKekFp J3D+HdD60gFih/eX9V+tGl4y7/jtxCRA/54mit4sCy3LC0++lEp9AtFwGYrDw825
4P346gebmSflwp1v/7ReLpNPXngK98HXfVcxHYFXWKOYdgHSVqGBbpH6v961C6XW uGj27a7mE26qgGdGXdzT9UJ8FfUsIoRPrG38Q4mhS10pTarNucWOGjkftZiKJLay
PGwIvQ9+H6R6Np1gw3CZ2CJN1paFKmciHmCDkc1iPKbr0I8J5fruol7SS1WMnWFQ rfMRf3HYxOI/7iupfxYLK/4/FODijaHzAfSdQf2Bo7csPaz2HQkK/0nyO+tt68S9
AWk+EuR+Di9vNYD0+7QyNANu1Ud9yvlLaPxCcrgZBccXe/om07penmWPwVuXq2aq pUCjEfV6Liy22tang/jXxPFbBDK/P68MnmgR8C3PcYhPJCo/K0JR2/8F8pVVEqd5
zc2/vUq3JLqrg5d5OiP4ZEwksvSIBzZSNlAM08D1Ez4fDmMt9iRvlztujOKad/Gc MIIDPwYJKoZIhvcNAQcGoIIDMDCCAywCAQAwggMlBgkqhkiG9w0BBwEwHAYKKoZI
bwhhy/kUZ+HliTA5ItnZRJSXtsICwpH2DqJ4MnvtQtOjcl72uyFOigC/DANDjSYo hvcNAQwBAzAOBAho9g0tQyYTvwICFIGAggL43SpNCoshZX3ikmK1mOIJpS2Ah8Xv
YJn44h4dx351AyuF6wpyRwYfaXzjAaQ39SsEQpvSzzZmKYrsgjQEwIoWv0EcBvqR 94S/5NA8kwHtaNXpLrjYr3CyRL93USm55uvGAtECR/EblON9zeo2p0gK2JPSbDr6
AQjHVBnJK/ZFNhTHDlD5RrXtkM3VLU5zhiNtsMWAj0gAN0DNBqHP8y9ZqVInWWjF /1oovo7UoZNRoRBZ8pUegVWJswNWjqvzVu5JIRmpD05XjVDKHbFqiXAqtj9/w3q0
YvoThcpHuwKI+pRto0fLsZxwWaZiCqAs8tJpF/iXcUoCm6+eGXNBBbBwzABaMC0S Qq/p/M9UrLWD93hyLNdIppWr2KR2it9mASTKEHX9dqXcTOG0Kp2GmrfGNteGL02j
c3HyhQ9luuQeq0m5WbulGfXKFA7OAo+pWnivbHjIoEOVeJgnLYLT2ImOOypKYepN qVKZaZyYI8gkSxhVLS9zzgf1OynAkzYQsoo+GKhdAW1fJECemAyPc3L+eeARw/SY
48kyVBAJ8y5QDnG82/4GU7VSW8ZztIbAWzhVFuEejuhd3V6bvPxI36lYrPeObees q1d5QVwxKfYpIJ2wiiavdeRVNbWiwV7Ti+P9PtPx/hV22NNLwMhvnJcHaSS1PaOi
c1WuaQgDvHf1VFjoGCZRDW0Nw/kxmvWqwnfLmhZVo8LbIJGTstMt+rNvAD7zhtCM SjoxFJ1EJWGEs0QwcdwM8iN3oVuqT5HU/edMgx9TLNTiE1g2GEq59I/RwBtCL8Dh
M3LhWfT/IYI4xCQFpP+ENG9DZFHpVorRrAVu9OwbXGSJOGUx0ISlZiBA3Gtou59W OzKnUb4PU1Z81+HimV3KPI8g3cduhYaBR4HfqAhMnc+w5HXI6J3C1NtAE/izZ1Y2
NN089EprACk7VDIQlzOS8Ox5vwo8UwqEKWt+537xIbclanc6pIYz6F6RgwEHb+T4 Od7l+GTJfjPgzIy0hjqfbMt8uU9D9aPr2XjNOWoKRSojae16v8bLx+dFn6RMxFUS
4xKEbE/cNLJHQEJJZ8tF4afN3DENPLMnDoyAbetPrJILomZEayKfkY+dkXFGiyxU g3nLEZ6EDpyrJfpGPm6mPgZKSXtvnHuFcbS+utkRuVAtqu07r2XpkGBIJLNVIRHU
xslhk+JR7Utc4e+WNCZ0hnUyid0ZE7qjMUFSzdYoSmPZttM4zRh4qpCfXTyhvQkI 5gLACbTj9TPcAce6RLoaYSDgOuFK0YZMdwzhsAI0YMpyHsUEZpQ5tjWSBY6ENbvF
G88dNenQ/b51VCCNfWqRKytrpnhZQYKd7SuNQLh2GAL/urlWtYq5rDRDKGLv7vmu 7+QhmDnf6N3Bj+vxUtGS40pVsYCGbmOD7UM5QpUxIgVkpPrfRokOZs/fi9sW+Xy6
0NloL4xJjWVlUSGsSjlOigZNfvphEDqYimIGXhiU6uAQN64suvWMVMNoNIwcZVrP eQ2Brbn3t9C2TAsORYzFbuBwuTCqFW/rXHS6iffJpx2eAg3DCqaUAJjptSV/yzj4
zZQUky59Ct6ahnc5cdSwWWmwKxJj1GHtvn82tMoR2LtERJMx/hEdqrCSNXvrIeZl vxiXlDB3fMRcpNd5Je7DoHS4axuj7SLHdpNoUHs+qQsG6yDM5BEuXWGxo/L9sGhe
ozwSh9mXupO6Fa0KIpf0txZl6zK1/8F3xvly0lyxpsYwrTeTlGKm2y/RMUYp8tDJ XQrUnkZ4m4g01sfgTOfDNurXx/oP0ym+B50q6nLUWv0tYZpmCVil358dIEGPPSMY
zUZu34oeOogonerOnSIU7kEM0slXJs16lIrReFI46ZQ3XGB98MLuCser+5SzzgvY AMXh05tIPFdYSJ3WLs0cxy5X4sXZl5w16Pzeb9SF5topqRUb5PDTfVr2bQUMwTbp
Bf+alMAiz8qUTFMBuLFFoM0IRCsSmaaclSBB2NjpFOVjR+sajmxWEcN4lPO604Ru 99FcOQf6cg8HXyT+8b4qKp9WyjCBxAYJKoZIhvcNAQcBoIG2BIGzMIGwMIGtBgsq
N0cFylKAYe9BJlxhNFx1AjCCA2cGCSqGSIb3DQEHBqCCA1gwggNUAgEAMIIDTQYJ hkiG9w0BDAoBAqBaMFgwHAYKKoZIhvcNAQwBAzAOBAgNhfODEdzSrQICFF0EOCEq
KoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIkUQBCq0OgUgCAhQ3gIIDIFJKEkt8 Fie1peicS9OSXNQjLwbN3kO8lYM2HqeSZoEKJ4JSFlV1kWW3xwfu5aZKrGEYBfGM
ErFDpHJT+IOyrxR/ULSFmO5aBopLCJd44vSqxcHl1EEH0LQ3bAedxiiI8Go4iy3H d8renRijMUIwGwYJKoZIhvcNAQkUMQ4eDABjAGEAcgBsAG8AczAjBgkqhkiG9w0B
Aw9nvpyvkZTrXWfhZqgsLsuD3AYHVHVCO/9pmZe4gWuWosR7PMI6RUoE4f00My5+ CRUxFgQUgSmg+iOgSyCMDXgA3u3aFss0JbkwgcQGCSqGSIb3DQEHAaCBtgSBszCB
kmm5gRpJ6Ol0SUG7yZ5P+ESc7emwkjzPqQds29WegzFgU4lLVk0UMq76a14m80or sDCBrQYLKoZIhvcNAQwKAQKgWjBYMBwGCiqGSIb3DQEMAQMwDgQINFcqIEMfd9UC
kWpjWpWddkid+Ku7cr8vU9BOpkTObmg9Gd8T1GGliQa1UvvyOxRKtdwOMOjM0OBs AhS1BDgZruEsSaBY+Cm9WKR8HhH3JXh+AoMSrwkDCKytWt+MNIXB0jY2QZHDbN3u
pmc4RFNk49zLbsTaOZIgiv2CN6aCL7ZVqGNrnHfkglKV5uq119hnTkr8rPvXqgcK Fn7qHw06MDthnKniazFCMBsGCSqGSIb3DQEJFDEOHgwAYwBhAHIAbABvAHMwIwYJ
vnc6bvMQUp388wzYzjkLQw0oS8+Jr3NaJefj65e0MZlPOOA+uGPHKo2XXRndy6np KoZIhvcNAQkVMRYEFGSF4zucHVrN5gu6Gn8IvsSczIQ/MC8wHzAHBgUrDgMCGgQU
/ASNEj7nAYQUTBwu4/GIdjmaCwauTiyvYMZOyVlp0mISZ4+YfeZTFqpjX/K39RFK 8nOYIWrnJVXEur957K5cCV3jx5cECJDjaZkfy4FnAgIoAA==
ubLSQHpevhn5vFUO90/94U1FQkLCGQ1V4xcDe2SZe0NF3B+dJw5R+NjE8Nvv1VfQ
isw/Qv3MlTTqz8VFBtbPdg77rwzVnSJuHinrVW9FwlDTNA9hhDbnBeZdyZkeEBUT
ddjOGGeudc6SYbp4Dy9hsmr5x4o0GKsUJWyItO8+NPbKfFYpYB97NsaoiNQN1wXG
LD8zKNZ9VKlpeW9n8b8/j61jxCiWwQILeGAuDsLpFxaQEtOBiDmzXKZjC45Efp1E
+Wps/rpEIpYnAF6hoj292amDbenkPsq0TlYuo3u1M4PqqBwQ0FC72ssNlM9uUNTI
G1q83GH3snnarr59+DpiIaTZkEhj3fBh+9dJnbzxPhHT2d0cze4eTF3nhG9u1cxL
fE1qruycIWkHXF0XsVnzw6CwEToLWNr06QOjsKBTAsMmMd0w6WWeL+b1DO26avlu
6tx83SCPp7EoxPdwFYB2Jqg4+KT/L87RtuPzHlGeFsh7QhCfI8Qk7CAkfk67Zhv1
PFWsYKcJZvAuZHZXiSrMPY9NEB2DaDBGN/DFnwk4JVjlj9ACJ98MY+c2id8dkuTd
ejwtalC1VPehC2HhqRR/9oGnIFzh0drCi20JMIIFogYJKoZIhvcNAQcBoIIFkwSC
BY8wggWLMIIFhwYLKoZIhvcNAQwKAQKgggUmMIIFIjAcBgoqhkiG9w0BDAEDMA4E
CPaeHSwq2qj1AgIUjgSCBQA6OexrotUYcswY06ija4HfeLQQYbDA9+UjC5xEi6QX
FRIAXfT1zoqZ6R+9sYnyCNqZWRzsKR6+OswWSlPjsgC6CXI3YO/MjtDo/MSif6Mw
O5ZIxqPYcbslKDF6Og7MQ8C+tRu2qfu7e6ufkw/cyO3BXNyOU6tS7iCbNlVn28EF
6W/14HvXsQ4mv1yAwvoWa5G9hettvwxMIL3KADLkEI40abpzbH/LOMXEAPHghunQ
xijllviwYQKEJGqJmtShpBOxBGHkTik0b8xJK5LfX+oSowehO8yv7/z52c9x9RKY
p2jLPudBByeA93iWhaUIe+p3ueexS4hmjegshjXE3LBm9ppZ1zWhJr8ipA/DY/1g
KGy3tM5OUYc8CGbWstJfQ9dxsse8qG1WmwhNtCj5heXWMGZgsbt53+eSoirgJVFq
40NzVryc3BEc+JS/d+U7MeL7ySdvGRHZ9kb8ItdsDcNAPMhvN/XXhALSBs5GWec5
dqAUYyd5GREVCOqoPkKx/secOOGUkHl2unUD3ub+6JDXplSyiQulS04EXLZJqPWN
yEK2wWCPsWquhTvVJCB6W/xcgtdY0zq7fiq0sZf6qPjb4s+hIDZXSWENh1VnuJBg
9e40G/jh4M+vEdrLPpOLLCEhpiVxzRyQG0eP3EL8EWBZd71lX45VgGt+ZXVoNuDY
PcLuQAHYcN8Sixg+8gTakuJGUwYGBy5tRjAWGGdtd2cuWrvtKxjooP/gLQ8hVAFi
Dedo7ab5t8xar5lhG2ftAH59CqP5+Sr3ZpIkldu1lxlJHxDO0Pws1EyVkwllrxNO
li3ETTwUeyENPswGPN+cTgKMJvPf5sCVlUWCS7I7pRPUUx5F4mebz/Drgeuqr54D
feXu4zvDxUHUQGrb6g2bIxlvDU6/CJo11LVpRLRWWc3YfBSvOYwUjCehyK2kaC9/
FhlRvqDZGuFFjKB04QanP0M7H6f31iH05a2gakxYhWw9wPysEw+Te/KJp/TBJnsX
YjQCDDi1A69Pq/Xo1IONutCKKq/gQKpku53acvTYtdEscbNEschY4PWjbsy8h/tF
HAm90g3eCxGqIU18Vb6bErm4x/wurBw2025yXTK4LEOc6ZyZi53RAsUBPjcob+xh
urBScAwv1mEIzH5luy5yvF/jjkJBl11SgYVfRZFTEGZs/l6h4REGwe1SaCyCa2pn
eojFOlxk1pHe4QTlbjfv19xAvurpzUu9e9Hfl7M7c3V3WFXiyMUlqNS9CNRDEj4G
Re35XVrehDrymodsAsIzyxU1iQvAN2BD1BeZI286YagK2mZX/q/YWCq2s0HGyESa
XdBoVm7JzkrQt4q+Am4fi8SNrKNVQD8x3b7UQ1EQ23L/MnS3+p2jaw4evnrnuoy3
eihOofuRVdbECvMCurGom72zCjC8KcVZ8yssWYIZKQjRr3dgdGUFiaJ6jA+Xgxws
2GGMgTu6G3/Y1AOrF96qC0G6geHjPbByWGKKSPEqswyllsYlk4m2j+JU/BEh44+8
lCdPfg0eAkanNdyJoXbYBxFRDaAxeKUEnNtwZ/wo4yLAJBdoo2extWP/9kvrEfII
qqiVUAZNS2pKx6apysRtRDWzmm4leoc41lQ7yK+OT+d/Kkq9iiFrpj4esbJYHe7C
RA18+Sc4nwNAsJrF4zBWN3eBfxk1YRDT8zTEsIyyMpes1xHm6KJq1rpfWDdjpEgJ
IzFOMCMGCSqGSIb3DQEJFTEWBBRAtwlRIx9e+C9k2MGQwb2AVNthojAnBgkqhkiG
9w0BCRQxGh4YAGMAYQByAGwAbwBzAC4AMgA1ADUAMQA5MIIFogYJKoZIhvcNAQcB
oIIFkwSCBY8wggWLMIIFhwYLKoZIhvcNAQwKAQKgggUmMIIFIjAcBgoqhkiG9w0B
DAEDMA4ECMEFrpUx/mJTAgIUIgSCBQAJ3iJnERsIV+zUmXifQtXp08dtGZ4th5vJ
1sGGtredTpyG/xZCI91P27VtdvAJLJO1fvqRVTqwztJJ109vimnYaeMlnQPwFjmE
tHATQcrpVPd4k6Vq3DnRKu71118pR4nTNnCS3IzwnTgGZeZJvz0wOWdqOgrUX7v4
DuLvMOmecTBWvJcy8ypN2itfuDQ2J9o/G3kmExzmDkHRuFB1LtkCZTus1JS7AJ8Y
MnoWJmmOItF3lDURRxOCFY4fhs+EEhOMz7gvvRWxtnUXqNj7hq02shVO8zDjUgxL
oKMOfD3hj2O+3+woRrvvTgVHKP/rlorn/m0SYy7JCcJ+oC3PPhFqlDLKFsBZfqgE
DWezGXAvevOnHVVyqmNo32iSV8kJggFwv1K6tJkR55lILvwl/dKeSiPk7NpImngw
/5vhTCLAelZMU4QqdTp5tFgzKcH25kU4b6DFKs4IGRDXbrdKEk8TV4jNIoivv4KS
kKjPVdkXZkqmn39e8D2VGDb6j/t1hD3kI2WgYwWN5GKQlcWIwYdVncINkimkjmlM
1rTk6hF8rma/BiN6RfJMs6JsNduLIKebtiMoVLFc91MwQbAbY0GZ35GTKunQURrT
abAJZiVOSFzrArLEsEteQBBu9kph2rdwMIv3+cAVQDsYckAhQhRDXQwvOjYnUwsM
XB/Xde3hkngm6g+4ZYSftC5pKOhBamHoR8q0xggFmGA2gsmA/AMCkamhrhfYDYlG
Bg5SZJwZVI/Wq+8mpZ+mXKsIkKo/piYVXl/RLSJLmksBwg5nETOsQtAh0wzn5Fv9
sqbcJzVboZgZ+zxbGQW6d0MNFoFJ33G6CJ1tGmqS5TK1BuADGGCZNNSph4IK/WW7
/8XHS1Vh4fs3XMoqlA50XNtk9Rymxb9Vwr5CbRGUzVT0mkJbPm8M5SzMSWKawhfv
F/ecrBdz+Z+nN05ULBIEJXv00fLZZ5dNNWs+Nwa+A1NqSIjrrvy0rkd42dneA0ss
kjMCsI1qy/pwmpxBOnvGu2/GN6pWqTm2kNuJtFSWnGUU6zecz0jP0jC10j33EQAl
d22usIzIA2VGoojA7xO07UacQ+w4axa2eOOATApdU8Vs+621GO2Yb5On27aEMbs2
dm9D0XoION5u1hXfgSg175sVA0IStIT/2ktkyC5fUJJYDB4klpPG0EBTwRfqOvqG
Kf27ZDhxHY8DZySh6idUJMAGfMpUnpIOlX3tWroRMEMWBnao7Pfy9n1Q1ySGWFRo
DD1BkfNZXabovM6qdpGD2zbp+MAFF7l/fsV4otDH2UjC1jpPyibVyUYme3/9et65
H2WtzCC6+ARR3FHGiR+6JBcKbov1VEy1XW2IeDLdUCOFWoiRyWDkUFyKLtKPOncH
+4NczdYh+EyvHijf3N8Dyiw/lnSLHmYFlBULYjRFbplIlPw0iJdDLLW6A8z78cO5
hqkKRbXIxM9jKMM3ccqYFiKeVAHmbEX5AEvQau387acVkEwDORqXuvXN9GVdteNn
BIe5kd9p+m+SONqUkmPJGRUJdt2kwVFvpW/woLS+tAk5Ys3u5eDfH0av59lp8xKa
/vLaoBTtSiUIU/KuXt3D7yas/Ybo1etc02KO913dd8ByjWdozhD8aLF0o9PEeBPC
ttm93YSrv7ttH1LF5vfhi9xq+yGhbEvbJHtD6y5g7KeUekwfXMxd0C8M1OyakcHH
Arh3TJZ3WDFOMCMGCSqGSIb3DQEJFTEWBBRB2kp/JAu+EV0KnNDuwZWyHH7/azAn
BgkqhkiG9w0BCRQxGh4YAGMAYQByAGwAbwBzAC4AMgA1ADUAMQA5MC8wHzAHBgUr
DgMCGgQUS7gZkMK++JTD92Cctznb5uLKdvEECJmBdZIPusX5AgIoAA==
-----END PKCS12----- -----END PKCS12-----
8. Dana's Sample Certificates 8. Dana's Sample Certificates
Dana has the following information: Dana has the following information:
* Name: Dana Hopper * Name: Dana Hopper
* E-mail Address: dna@smime.example * E-mail Address: dna@smime.example
skipping to change at page 34, line 30 skipping to change at page 32, line 50
[ RFC Editor: please remove this section before publication ] [ RFC Editor: please remove this section before publication ]
This document is currently edited as markdown. Minor editorial This document is currently edited as markdown. Minor editorial
changes can be suggested via merge requests at changes can be suggested via merge requests at
https://gitlab.com/dkg/lamps-samples or by e-mail to the author. https://gitlab.com/dkg/lamps-samples or by e-mail to the author.
Please direct all significant commentary to the public IETF LAMPS Please direct all significant commentary to the public IETF LAMPS
mailing list: spasm@ietf.org mailing list: spasm@ietf.org
11.1. Document History 11.1. Document History
11.1.1. Substantive Changes from draft-ietf-*-04 to draft-ietf-*-05 11.1.1. Substantive Changes from draft-ietf-*-06 to draft-ietf-*-07
* Correct document history
* Restore PKCS12 for dana and bob from -05
11.1.2. Substantive Changes from draft-ietf-*-05 to draft-ietf-*-06
* Added outbound references for acronyms PEM, CRL, and OCSP, thanks * Added outbound references for acronyms PEM, CRL, and OCSP, thanks
Stewart Brant. Stewart Brant.
11.1.2. Substantive Changes from draft-ietf-*-04 to draft-ietf-*-05 * Accidentally modified PKCS12 for dana and bob
11.1.3. Substantive Changes from draft-ietf-*-04 to draft-ietf-*-05
* Switch from SHA512 to SHA1 as MAC checksum in PKCS#12 objects, for * Switch from SHA512 to SHA1 as MAC checksum in PKCS#12 objects, for
interop with Keychain Access on macOS. interop with Keychain Access on macOS.
11.1.3. Substantive Changes from draft-ietf-*-03 to draft-ietf-*-04 11.1.4. Substantive Changes from draft-ietf-*-03 to draft-ietf-*-04
* Order subject/issuer DN components by scope. * Order subject/issuer DN components by scope.
* Put cross-signed intermediate CA certificates into PKCS#12 instead * Put cross-signed intermediate CA certificates into PKCS#12 instead
of self-signed root CA certificates. of self-signed root CA certificates.
11.1.4. Substantive Changes from draft-ietf-*-02 to draft-ietf-*-03 11.1.5. Substantive Changes from draft-ietf-*-02 to draft-ietf-*-03
* Correct encoding of S/MIME Capabilities extension. * Correct encoding of S/MIME Capabilities extension.
* Change "Certificate Authority" to "Certification Authority". * Change "Certificate Authority" to "Certification Authority".
* Add CertificatePolicies to all intermediate and end-entity * Add CertificatePolicies to all intermediate and end-entity
certificates. certificates.
* Add organization and organizational unit to all certificates. * Add organization and organizational unit to all certificates.
11.1.5. Substantive Changes from draft-ietf-*-01 to draft-ietf-*-02 11.1.6. Substantive Changes from draft-ietf-*-01 to draft-ietf-*-02
* Added cross-signed certificates for both CAs * Added cross-signed certificates for both CAs
* Added S/MIME Capabilities extension for Carlos and Dana's * Added S/MIME Capabilities extension for Carlos and Dana's
encryption keys, indicating preferred ECDH parameters. encryption keys, indicating preferred ECDH parameters.
* Ensure no serial numbers are negative. * Ensure no serial numbers are negative.
* Encode keyUsage extensions in minimum-length BIT STRINGs. * Encode keyUsage extensions in minimum-length BIT STRINGs.
11.1.6. Substantive Changes from draft-ietf-*-00 to draft-ietf-*-01 11.1.7. Substantive Changes from draft-ietf-*-00 to draft-ietf-*-01
* Added Curve25519 sample certificates (new CA, Carlos, and Dana) * Added Curve25519 sample certificates (new CA, Carlos, and Dana)
11.1.7. Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00 11.1.8. Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00
* WG adoption (dkg moves from Author to Editor) * WG adoption (dkg moves from Author to Editor)
11.1.8. Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05 11.1.9. Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05
* PEM blobs are now sourcecode, not artwork * PEM blobs are now sourcecode, not artwork
11.1.9. Substantive Changes from draft-dkg-*-03 to draft-dkg-*-04 11.1.10. Substantive Changes from draft-dkg-*-03 to draft-dkg-*-04
* Describe deterministic key generation * Describe deterministic key generation
* label PEM blobs with filenames in XML * label PEM blobs with filenames in XML
11.1.10. Substantive Changes from draft-dkg-*-02 to draft-dkg-*-03 11.1.11. Substantive Changes from draft-dkg-*-02 to draft-dkg-*-03
* Alice and Bob now each have two distinct certificates: one for * Alice and Bob now each have two distinct certificates: one for
signing, one for encryption, and public keys to match. signing, one for encryption, and public keys to match.
11.1.11. Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02 11.1.12. Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02
* PKCS#12 objects are deliberately locked with simple passphrases * PKCS#12 objects are deliberately locked with simple passphrases
11.1.12. Substantive Changes from draft-dkg-*-00 to draft-dkg-*-01 11.1.13. Substantive Changes from draft-dkg-*-00 to draft-dkg-*-01
* changed all three keys to use RSA instead of RSA-PSS * changed all three keys to use RSA instead of RSA-PSS
* set keyEncipherment keyUsage flag instead of dataEncipherment in * set keyEncipherment keyUsage flag instead of dataEncipherment in
EE certs EE certs
12. Acknowledgements 12. Acknowledgements
This draft was inspired by similar work in the OpenPGP space by This draft was inspired by similar work in the OpenPGP space by
Bjarni Runar and juga at [I-D.bre-openpgp-samples]. Bjarni Runar and juga at [I-D.bre-openpgp-samples].
Eric Rescorla helped spot issues with certificate formats. Eric Rescorla helped spot issues with certificate formats.
 End of changes. 24 change blocks. 
309 lines changed or deleted 248 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/