Which type of overlapping encryption domain can be described as one domain being entirely contained within another domain?