| rfc8879xml2.original.xml | rfc8879.xml | |||
|---|---|---|---|---|
| <?xml version="1.0" encoding="UTF-8"?> | <?xml version="1.0" encoding="UTF-8"?> | |||
| <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> | ||||
| <!-- generated by https://github.com/cabo/kramdown-rfc2629 version --> | ||||
| <!DOCTYPE rfc SYSTEM "rfc2629.dtd" [ | <!-- updated by Chris 05/07/20 --> | |||
| ]> | ||||
| <?rfc toc="yes"?> | <!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent"> | |||
| <?rfc sortrefs="yes"?> | ||||
| <?rfc symrefs="yes"?> | ||||
| <?rfc docmapping="yes"?> | ||||
| <rfc docName="draft-ietf-tls-certificate-compression-10" category="std"> | <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" | |||
| docName="draft-ietf-tls-certificate-compression-10" number="8879" | ||||
| obsoletes="" updates="" submissionType="IETF" category="std" | ||||
| consensus="true" xml:lang="en" tocInclude="true" sortRefs="true" | ||||
| symRefs="true" version="3"> | ||||
| <!-- xml2rfc v2v3 conversion 2.44.0 --> | ||||
| <front> | <front> | |||
| <title abbrev="TLS Certificate Compression">TLS Certificate Compression</tit le> | <title abbrev="TLS Certificate Compression">TLS Certificate Compression</tit le> | |||
| <seriesInfo name="RFC" value="8879"/> | ||||
| <author initials="A." surname="Ghedini" fullname="Alessandro Ghedini"> | <author initials="A." surname="Ghedini" fullname="Alessandro Ghedini"> | |||
| <organization>Cloudflare, Inc.</organization> | <organization>Cloudflare, Inc.</organization> | |||
| <address> | <address> | |||
| <email>alessandro@cloudflare.com</email> | <email>alessandro@cloudflare.com</email> | |||
| </address> | </address> | |||
| </author> | </author> | |||
| <author initials="V." surname="Vasiliev" fullname="Victor Vasiliev"> | <author initials="V." surname="Vasiliev" fullname="Victor Vasiliev"> | |||
| <organization>Google</organization> | <organization>Google</organization> | |||
| <address> | <address> | |||
| <email>vasilvv@google.com</email> | <email>vasilvv@google.com</email> | |||
| </address> | </address> | |||
| </author> | </author> | |||
| <date year="2020" month="August"/> | ||||
| <date year="2020" month="January" day="06"/> | ||||
| <area>Security</area> | <area>Security</area> | |||
| <workgroup>TLS</workgroup> | <workgroup>TLS</workgroup> | |||
| <abstract> | <abstract> | |||
| <t>In TLS handshakes, certificate chains often take up | ||||
| <t>In TLS handshakes, certificate chains often take up | ||||
| the majority of the bytes transmitted.</t> | the majority of the bytes transmitted.</t> | |||
| <t>This document describes how certificate chains can be compressed to red | ||||
| <t>This document describes how certificate chains can be compressed to reduce th | uce the | |||
| e | ||||
| amount of data transmitted and avoid some round trips.</t> | amount of data transmitted and avoid some round trips.</t> | |||
| </abstract> | </abstract> | |||
| </front> | </front> | |||
| <middle> | <middle> | |||
| <section anchor="introduction" numbered="true" toc="default"> | ||||
| <section anchor="introduction" title="Introduction"> | <name>Introduction</name> | |||
| <t>In order to reduce latency and improve performance, it can be useful to | ||||
| <t>In order to reduce latency and improve performance it can be useful to reduce | reduce | |||
| the amount of data exchanged during a TLS handshake.</t> | the amount of data exchanged during a TLS handshake.</t> | |||
| <t><xref target="RFC7924" format="default"/> describes a mechanism that al | ||||
| <t><xref target="RFC7924"></xref> describes a mechanism that allows a client and | lows a client and a server to avoid | |||
| a server to avoid | ||||
| transmitting certificates already shared in an earlier handshake, but it | transmitting certificates already shared in an earlier handshake, but it | |||
| doesn’t help when the client connects to a server for the first time and | doesn't help when the client connects to a server for the first time and | |||
| doesn’t already have knowledge of the server’s certificate chain.</t> | doesn't already have knowledge of the server's certificate chain.</t> | |||
| <t>This document describes a mechanism that would allow certificates to be | ||||
| <t>This document describes a mechanism that would allow certificates to be | ||||
| compressed during all handshakes.</t> | compressed during all handshakes.</t> | |||
| </section> | ||||
| <section anchor="notational-conventions" numbered="true" toc="default"> | ||||
| <name>Notational Conventions</name> | ||||
| <t> | ||||
| The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQU | ||||
| IRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL | ||||
| NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14> | ||||
| RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", | ||||
| "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to | ||||
| be interpreted as | ||||
| described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> | ||||
| when, and only when, they appear in all capitals, as shown here. | ||||
| </t> | ||||
| </section> | </section> | |||
| <section anchor="notational-conventions" title="Notational Conventions"> | <section anchor="negotiating-certificate-compression" numbered="true" toc="d | |||
| efault"> | ||||
| <t>The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, | <name>Negotiating Certificate Compression</name> | |||
| “SHOULD NOT”, “RECOMMENDED”, “NOT RECOMMENDED”, “MAY”, and “OPTIONAL” in this | <t>This extension is only supported with TLS 1.3 <xref target="RFC8446" fo | |||
| document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> < | rmat="default"/> and newer; if TLS 1.2 | |||
| xref target="RFC8174"/> | <xref target="RFC5246" format="default"/> or earlier is negotiated, the peers <b | |||
| when, and only when, they appear in all capitals, as shown here.</t> | cp14>MUST</bcp14> ignore this extension.</t> | |||
| <t>This document defines a new extension type (compress_certificate(27)), | ||||
| </section> | which | |||
| <section anchor="negotiating-certificate-compression" title="Negotiating Certifi | ||||
| cate Compression"> | ||||
| <t>This extension is only supported with TLS 1.3 <xref target="RFC8446"></xref> | ||||
| and newer; if TLS 1.2 | ||||
| <xref target="RFC5246"></xref> or earlier is negotiated, the peers MUST ignore t | ||||
| his extension.</t> | ||||
| <t>This document defines a new extension type (compress_certificate(27)), which | ||||
| can be used to signal the supported compression formats for the Certificate | can be used to signal the supported compression formats for the Certificate | |||
| message to the peer. Whenever it is sent by the client as a ClientHello message | message to the peer. Whenever it is sent by the client as a ClientHello message | |||
| extension (<xref target="RFC8446"></xref>, Section 4.1.2), it indicates the supp ort for | extension (<xref target="RFC8446" sectionFormat="comma" section="4.1.2"/>), it i ndicates support for | |||
| compressed server certificates. Whenever it is sent by the server as a | compressed server certificates. Whenever it is sent by the server as a | |||
| CertificateRequest extension (<xref target="RFC8446"></xref>, Section 4.3.2), it | CertificateRequest extension (<xref target="RFC8446" sectionFormat="comma" | |||
| indicates | section="4.3.2"/>), it indicates support for compressed client certificates.</t> | |||
| the support for compressed client certificates.</t> | <t>By sending a compress_certificate extension, the sender indicates to th | |||
| e peer | ||||
| <t>By sending a compress_certificate extension, the sender indicates to the peer | the certificate-compression algorithms it is willing to use for decompression. | |||
| the certificate compression algorithms it is willing to use for decompression. | The "extension_data" field of this extension <bcp14>SHALL</bcp14> contain a | |||
| The “extension_data” field of this extension SHALL contain a | CertificateCompressionAlgorithms value:</t> | |||
| CertificateCompressionAlgorithms value:</t> | ||||
| <figure><artwork><![CDATA[ | <sourcecode type="tls-presentation"> | |||
| enum { | enum { | |||
| zlib(1), | zlib(1), | |||
| brotli(2), | brotli(2), | |||
| zstd(3), | zstd(3), | |||
| (65535) | (65535) | |||
| } CertificateCompressionAlgorithm; | } CertificateCompressionAlgorithm; | |||
| struct { | struct { | |||
| CertificateCompressionAlgorithm algorithms<2..2^8-2>; | CertificateCompressionAlgorithm algorithms<2..2^8-2>; | |||
| } CertificateCompressionAlgorithms; | } CertificateCompressionAlgorithms; | |||
| ]]></artwork></figure> | </sourcecode> | |||
| <t>The compress_certificate extension is a unidirectional indication; no | <t>The compress_certificate extension is a unidirectional indication; no | |||
| corresponding response extension is needed.</t> | corresponding response extension is needed.</t> | |||
| </section> | ||||
| </section> | <section anchor="compressed-certificate-message" numbered="true" toc="defaul | |||
| <section anchor="compressed-certificate-message" title="Compressed Certificate M | t"> | |||
| essage"> | <name>Compressed Certificate Message</name> | |||
| <t>If the peer has indicated that it supports compression, server and | ||||
| <t>If the peer has indicated that it supports compression, server and client MAY | client <bcp14>MAY</bcp14> | |||
| compress their corresponding Certificate messages (Section 4.4.2 of <xref target | compress their corresponding Certificate messages (<xref | |||
| ="RFC8446"/>) | target="RFC8446" sectionFormat="of" section="4.4.2"/>) | |||
| and send them in the form of the CompressedCertificate message (replacing the | and send them in the form of the CompressedCertificate message (replacing the | |||
| Certificate message).</t> | Certificate message).</t> | |||
| <t>The CompressedCertificate message is formed as follows:</t> | ||||
| <t>The CompressedCertificate message is formed as follows:</t> | <sourcecode> | |||
| <figure><artwork><![CDATA[ | ||||
| struct { | struct { | |||
| CertificateCompressionAlgorithm algorithm; | CertificateCompressionAlgorithm algorithm; | |||
| uint24 uncompressed_length; | uint24 uncompressed_length; | |||
| opaque compressed_certificate_message<1..2^24-1>; | opaque compressed_certificate_message<1..2^24-1>; | |||
| } CompressedCertificate; | } CompressedCertificate; | |||
| ]]></artwork></figure> | </sourcecode> | |||
| <dl newline="false" spacing="normal"> | ||||
| <t><list style="hanging"> | <dt>algorithm:</dt> | |||
| <t hangText='algorithm'> | <dd>The algorithm used to compress the certificate. The algorithm | |||
| The algorithm used to compress the certificate. The algorithm MUST be one of | <bcp14>MUST</bcp14> be one of | |||
| the algorithms listed in the peer’s compress_certificate extension.</t> | the algorithms listed in the peer's compress_certificate extension.</dd> | |||
| <t hangText='uncompressed_length'> | <dt>uncompressed_length:</dt> | |||
| The length of the Certificate message once it is uncompressed. If after | <dd> | |||
| decompression the specified length does not match the actual length, the | The length of the Certificate message once it is uncompressed. If, after | |||
| party receiving the invalid message MUST abort the connection with the | decompression, the specified length does not match the actual length, the | |||
| “bad_certificate” alert. The presence of this field allows the receiver to | party receiving the invalid message <bcp14>MUST</bcp14> abort the connection wit | |||
| pre-allocate the buffer for the uncompressed Certificate message and to | h the | |||
| enforce limits on the message size before performing decompression.</t> | "bad_certificate" alert. The presence of this field allows the receiver to | |||
| <t hangText='compressed_certificate_message'> | preallocate the buffer for the uncompressed Certificate message and enforce | |||
| limits on the message size before performing decompression.</dd> | ||||
| <dt>compressed_certificate_message:</dt> | ||||
| <dd> | ||||
| The result of applying the indicated compression algorithm to the encoded | The result of applying the indicated compression algorithm to the encoded | |||
| Certificate message that would have been sent if certificate compression was not | Certificate message that would have been sent if certificate compression was not | |||
| in use. The compression algorithm defines how the | in use. The compression algorithm defines how the | |||
| bytes in the compressed_certificate_message field are converted into the | bytes in the compressed_certificate_message field are converted into the | |||
| Certificate message.</t> | Certificate message.</dd> | |||
| </list></t> | </dl> | |||
| <t>If the specified compression algorithm is zlib, then the Certificate me | ||||
| <t>If the specified compression algorithm is zlib, then the Certificate message | ssage | |||
| MUST be compressed with the ZLIB compression algorithm, as defined in <xref targ | <bcp14>MUST</bcp14> be compressed with the ZLIB compression algorithm, as define | |||
| et="RFC1950"></xref>. | d in <xref target="RFC1950" format="default"/>. | |||
| If the specified compression algorithm is brotli, the Certificate message MUST | If the specified compression algorithm is brotli, the Certificate message <bcp14 | |||
| be compressed with the Brotli compression algorithm as defined in <xref target=" | >MUST</bcp14> | |||
| RFC7932"></xref>. If | be compressed with the Brotli compression algorithm, as defined in <xref target= | |||
| the specified compression algorithm is zstd, the Certificate message MUST be | "RFC7932" format="default"/>. If | |||
| compressed with the Zstandard compression algorithm as defined in <xref target=" | the specified compression algorithm is zstd, the Certificate message <bcp14>MUST | |||
| I-D.kucherawy-rfc8478bis"></xref>.</t> | </bcp14> be | |||
| compressed with the Zstandard compression algorithm, as defined in <xref target= | ||||
| <t>It is possible to define a certificate compression algorithm that uses a | "RFC8878" format="default"/>.</t> | |||
| pre-shared dictionary to achieve higher compression ratio. This document does | <t>It is possible to define a certificate compression algorithm that uses | |||
| a | ||||
| preshared dictionary to achieve a higher compression ratio. This document does | ||||
| not define any such algorithms, but additional codepoints may be allocated for | not define any such algorithms, but additional codepoints may be allocated for | |||
| such use per the policy in <xref target="registry"/>.</t> | such use per the policy in <xref target="registry" format="default"/>.</t> | |||
| <t>If the received CompressedCertificate message cannot be decompressed, t | ||||
| <t>If the received CompressedCertificate message cannot be decompressed, the | he | |||
| connection MUST be terminated with the “bad_certificate” alert.</t> | connection <bcp14>MUST</bcp14> be terminated with the "bad_certificate" alert.</ | |||
| t> | ||||
| <t>If the format of the Certificate message is altered using the | <t>If the format of the Certificate message is altered using the | |||
| server_certificate_type or client_certificate_type extensions <xref target="RFC7 | server_certificate_type or client_certificate_type extensions <xref target="RFC7 | |||
| 250"></xref>, the | 250" format="default"/>, the | |||
| resulting altered message is compressed instead.</t> | resulting altered message is compressed instead.</t> | |||
| </section> | ||||
| </section> | <section anchor="security-considerations" numbered="true" toc="default"> | |||
| <section anchor="security-considerations" title="Security Considerations"> | <name>Security Considerations</name> | |||
| <t>After decompression, the Certificate message <bcp14>MUST</bcp14> be pro | ||||
| <t>After decompression, the Certificate message MUST be processed as if it were | cessed as if it were | |||
| encoded without being compressed. This way, the parsing and the verification | encoded without being compressed. This way, the parsing and the verification | |||
| have the same security properties as they would have in TLS normally.</t> | have the same security properties as they would have in TLS normally.</t> | |||
| <t>In order for certificate compression to function correctly, the underly | ||||
| <t>In order for certificate compression to function correctly, the underlying | ing | |||
| compression algorithm MUST output the same data | compression algorithm <bcp14>MUST</bcp14> output the same data | |||
| that was provided as input by the peer.</t> | that was provided as input by the peer.</t> | |||
| <t>Since certificate chains are typically presented on a per-server-name o | ||||
| <t>Since certificate chains are typically presented on a per-server name or | r | |||
| per-user basis, a malicious application does not have control over any individua l fragments | per-user basis, a malicious application does not have control over any individua l fragments | |||
| in the Certificate message, meaning that they cannot leak information about the | in the Certificate message, meaning that they cannot leak information about the | |||
| certificate by modifying the plaintext.</t> | certificate by modifying the plaintext.</t> | |||
| <t>Implementations <bcp14>SHOULD</bcp14> bound the memory usage when decom | ||||
| <t>Implementations SHOULD bound the memory usage when decompressing the | pressing the | |||
| CompressedCertificate message.</t> | CompressedCertificate message.</t> | |||
| <t>Implementations <bcp14>MUST</bcp14> limit the size of the resulting dec | ||||
| <t>Implementations MUST limit the size of the resulting decompressed chain to | ompressed chain to | |||
| the specified uncompressed length, and they MUST abort the connection if the | the specified uncompressed length, and they <bcp14>MUST</bcp14> abort the connec | |||
| tion if the | ||||
| size of the output of the decompression function exceeds that limit. TLS framin g | size of the output of the decompression function exceeds that limit. TLS framin g | |||
| imposes 16777216 byte limit on the certificate message size, and the implementat | imposes a 16777216-byte limit on the certificate message size, and implementatio | |||
| ions | ns | |||
| MAY impose a limit that is lower than that; in both cases, they MUST apply the s | <bcp14>MAY</bcp14> impose a limit that is lower than that; in both cases, they < | |||
| ame | bcp14>MUST</bcp14> apply the same | |||
| limit as if no compression were used.</t> | limit as if no compression were used.</t> | |||
| <t>While the Certificate message in TLS 1.3 is encrypted, third parties ca | ||||
| <t>While the Certificate message in TLS 1.3 is encrypted, third parties can draw | n draw | |||
| inferences from the message length observed on the wire. TLS 1.3 provides a pad ding | inferences from the message length observed on the wire. TLS 1.3 provides a pad ding | |||
| mechanism (discussed in Sections 5.4 and E.3 of <xref target="RFC8446"></xref>) | mechanism (discussed in Sections <xref target="RFC8446" | |||
| to counteract such | sectionFormat="bare" section="5.4"/> and <xref target="RFC8446" | |||
| sectionFormat="bare" section="E.3"/> of <xref target="RFC8446"/>) to counteract | ||||
| such | ||||
| analysis. Certificate compression alters the length of the Certificate message, | analysis. Certificate compression alters the length of the Certificate message, | |||
| and the change in length is dependent on the actual contents of the certificate. | and the change in length is dependent on the actual contents of the certificate. | |||
| Any padding scheme covering the Certificate message has to address compression | Any padding scheme covering the Certificate message has to address compression | |||
| within its design, or disable it altogether.</t> | within its design or disable it altogether.</t> | |||
| </section> | ||||
| </section> | <section anchor="middlebox-compatibility" numbered="true" toc="default"> | |||
| <section anchor="middlebox-compatibility" title="Middlebox Compatibility"> | <name>Middlebox Compatibility</name> | |||
| <t>It's been observed that a significant number of middleboxes intercept a | ||||
| <t>It’s been observed that a significant number of middleboxes intercept and try | nd try | |||
| to validate the Certificate message exchanged during a TLS handshake. This | to validate the Certificate message exchanged during a TLS handshake. This | |||
| means that middleboxes that don’t understand the CompressedCertificate message | means that middleboxes that don't understand the CompressedCertificate message | |||
| might misbehave and drop connections that adopt certificate compression. | might misbehave and drop connections that adopt certificate compression. | |||
| Because of that, the extension is only supported in the versions of TLS where | Because of that, the extension is only supported in the versions of TLS where | |||
| the certificate message is encrypted in a way that prevents middleboxes from | the certificate message is encrypted in a way that prevents middleboxes from | |||
| intercepting it, that is, TLS version 1.3 <xref target="RFC8446"></xref> and hig | intercepting it -- that is, TLS version 1.3 <xref target="RFC8446" format="defau | |||
| her.</t> | lt"/> and higher.</t> | |||
| </section> | ||||
| </section> | <section anchor="iana-considerations" numbered="true" toc="default"> | |||
| <section anchor="iana-considerations" title="IANA Considerations"> | <name>IANA Considerations</name> | |||
| <section anchor="update-of-the-tls-extensiontype-registry" numbered="true" | ||||
| <section anchor="update-of-the-tls-extensiontype-registry" title="Update of the | toc="default"> | |||
| TLS ExtensionType Registry"> | <name>TLS ExtensionType Values</name> | |||
| <t>IANA has created an entry, compress_certificate(27), in the | ||||
| <t>Create an entry, compress_certificate(27), in the existing registry for | "TLS ExtensionType Values" registry (defined in <xref | |||
| ExtensionType (defined in <xref target="RFC8446"></xref>), with “TLS 1.3” column | target="RFC8446" format="default"/>) with the values in the "TLS 1.3" col | |||
| values | umn | |||
| being set to “CH, CR”, and “Recommended” column being set to “Yes”.</t> | set to "CH, CR" and the "Recommended" column entry set to "Yes".</t> | |||
| </section> | ||||
| </section> | <section anchor="update-of-the-tls-handshaketype-registry" numbered="true" | |||
| <section anchor="update-of-the-tls-handshaketype-registry" title="Update of the | toc="default"> | |||
| TLS HandshakeType Registry"> | <name>TLS HandshakeType</name> | |||
| <t>IANA has created an entry, compressed_certificate(25), in | ||||
| <t>Create an entry, compressed_certificate(25), in the existing registry for | the "TLS Handshake Type" registry (defined in <xref | |||
| HandshakeType (defined in <xref target="RFC8446"></xref>), with “DTLS-OK” column | target="RFC8446" format="default"/>), with the "DTLS-OK" column value set | |||
| value being set to | to | |||
| “Yes”.</t> | "Yes".</t> | |||
| </section> | ||||
| </section> | <section anchor="registry" numbered="true" toc="default"> | |||
| <section anchor="registry" title="Registry for Compression Algorithms"> | <name>Compression Algorithms</name> | |||
| <t>This document establishes a registry of compression algorithms suppor | ||||
| <t>This document establishes a registry of compression algorithms supported for | ted for | |||
| compressing the Certificate message, titled “Certificate Compression Algorithm | compressing the Certificate message, titled "TLS Certificate Compression Algorit | |||
| IDs”, under the existing “Transport Layer Security (TLS) Extensions” heading.</t | hm | |||
| > | IDs", under the existing "Transport Layer Security (TLS) Extensions" registry.</ | |||
| t> | ||||
| <t>The entries in the registry are:</t> | <t>The entries in the registry are:</t> | |||
| <table align="center"> | ||||
| <texttable> | <name>TLS Certificate Compression Algorithm IDs</name> | |||
| <ttcol align='left'>Algorithm Number</ttcol> | <thead> | |||
| <ttcol align='left'>Description</ttcol> | <tr> | |||
| <ttcol align='left'>Reference</ttcol> | <th align="left">Algorithm Number</th> | |||
| <c>0</c> | <th align="left">Description</th> | |||
| <c>Reserved</c> | <th align="left">Reference</th> | |||
| <c> </c> | </tr> | |||
| <c>1</c> | </thead> | |||
| <c>zlib</c> | ||||
| <c>[this document]</c> | ||||
| <c>2</c> | ||||
| <c>brotli</c> | ||||
| <c>[this document]</c> | ||||
| <c>3</c> | ||||
| <c>zstd</c> | ||||
| <c>[this document]</c> | ||||
| <c>16384 to 65535</c> | ||||
| <c>Reserved for Experimental Use</c> | ||||
| <c> </c> | ||||
| </texttable> | ||||
| <t>The values in this registry shall be allocated under “IETF Review” policy for | <tbody> | |||
| values strictly smaller than 256, under “Specification Required” policy for | <tr> | |||
| values 256-16383, and under “Experimental Use” otherwise (see <xref target="RFC8 | <td align="left">0</td> | |||
| 126"></xref> for the | <td align="left">Reserved</td> | |||
| <td align="left">RFC 8879</td> | ||||
| </tr> | ||||
| <tr> | ||||
| <td align="left">1</td> | ||||
| <td align="left">zlib</td> | ||||
| <td align="left">RFC 8879</td> | ||||
| </tr> | ||||
| <tr> | ||||
| <td align="left">2</td> | ||||
| <td align="left">brotli</td> | ||||
| <td align="left">RFC 8879</td> | ||||
| </tr> | ||||
| <tr> | ||||
| <td align="left">3</td> | ||||
| <td align="left">zstd</td> | ||||
| <td align="left">RFC 8879</td> | ||||
| </tr> | ||||
| <tr> | ||||
| <td align="left">16384 to 65535</td> | ||||
| <td align="left">Reserved for Experimental Use</td> | ||||
| <td align="left"> </td> | ||||
| </tr> | ||||
| </tbody> | ||||
| </table> | ||||
| <t>The values in this registry shall be allocated under "IETF Review" po | ||||
| licy for | ||||
| values strictly smaller than 256, under "Specification Required" policy for | ||||
| values 256-16383, and under "Experimental Use" otherwise (see <xref target="RFC8 | ||||
| 126" format="default"/> for the | ||||
| definition of relevant policies). Experimental Use extensions can be used both | definition of relevant policies). Experimental Use extensions can be used both | |||
| on private networks and over the open Internet.</t> | on private networks and over the open Internet.</t> | |||
| <t>The procedures for requesting values in the Specification Required sp | ||||
| <t>The procedures for requesting values in the Specification Required space are | ace are | |||
| specified in Section 17 of <xref target="RFC8447"></xref>.</t> | specified in <xref target="RFC8447" sectionFormat="of" section="17"/>.</t> | |||
| </section> | ||||
| </section> | </section> | |||
| </section> | ||||
| </middle> | </middle> | |||
| <back> | <back> | |||
| <references> | ||||
| <name>References</name> | ||||
| <references> | ||||
| <name>Normative References</name> | ||||
| <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R | ||||
| FC.1950.xml"/> | ||||
| <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R | ||||
| FC.2119.xml"/> | ||||
| <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R | ||||
| FC.7250.xml"/> | ||||
| <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R | ||||
| FC.7932.xml"/> | ||||
| <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R | ||||
| FC.7924.xml"/> | ||||
| <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R | ||||
| FC.8126.xml"/> | ||||
| <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R | ||||
| FC.8174.xml"/> | ||||
| <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R | ||||
| FC.8446.xml"/> | ||||
| <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R | ||||
| FC.8447.xml"/> | ||||
| <references title='Normative References'> | <!-- [rfced] [I-D.kucherawy-rfc8478bis]; companion document RFC 8878 --> | |||
| <reference anchor="RFC1950" target='https://www.rfc-editor.org/info/rfc1950'> | ||||
| <front> | ||||
| <title>ZLIB Compressed Data Format Specification version 3.3</title> | ||||
| <author initials='P.' surname='Deutsch' fullname='P. Deutsch'><organization /></ | ||||
| author> | ||||
| <author initials='J-L.' surname='Gailly' fullname='J-L. Gailly'><organization /> | ||||
| </author> | ||||
| <date year='1996' month='May' /> | ||||
| <abstract><t>This specification defines a lossless compressed data format. This | ||||
| memo provides information for the Internet community. This memo does not speci | ||||
| fy an Internet standard of any kind.</t></abstract> | ||||
| </front> | ||||
| <seriesInfo name='RFC' value='1950'/> | ||||
| <seriesInfo name='DOI' value='10.17487/RFC1950'/> | ||||
| </reference> | ||||
| <reference anchor="RFC2119" target='https://www.rfc-editor.org/info/rfc2119'> | ||||
| <front> | ||||
| <title>Key words for use in RFCs to Indicate Requirement Levels</title> | ||||
| <author initials='S.' surname='Bradner' fullname='S. Bradner'><organization /></ | ||||
| author> | ||||
| <date year='1997' month='March' /> | ||||
| <abstract><t>In many standards track documents several words are used to signify | ||||
| the requirements in the specification. These words are often capitalized. This | ||||
| document defines these words as they should be interpreted in IETF documents. | ||||
| This document specifies an Internet Best Current Practices for the Internet Comm | ||||
| unity, and requests discussion and suggestions for improvements.</t></abstract> | ||||
| </front> | ||||
| <seriesInfo name='BCP' value='14'/> | ||||
| <seriesInfo name='RFC' value='2119'/> | ||||
| <seriesInfo name='DOI' value='10.17487/RFC2119'/> | ||||
| </reference> | ||||
| <reference anchor="RFC7250" target='https://www.rfc-editor.org/info/rfc7250'> | ||||
| <front> | ||||
| <title>Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Tran | ||||
| sport Layer Security (DTLS)</title> | ||||
| <author initials='P.' surname='Wouters' fullname='P. Wouters' role='editor'><org | ||||
| anization /></author> | ||||
| <author initials='H.' surname='Tschofenig' fullname='H. Tschofenig' role='editor | ||||
| '><organization /></author> | ||||
| <author initials='J.' surname='Gilmore' fullname='J. Gilmore'><organization /></ | ||||
| author> | ||||
| <author initials='S.' surname='Weiler' fullname='S. Weiler'><organization /></au | ||||
| thor> | ||||
| <author initials='T.' surname='Kivinen' fullname='T. Kivinen'><organization /></ | ||||
| author> | ||||
| <date year='2014' month='June' /> | ||||
| <abstract><t>This document specifies a new certificate type and two TLS extensio | ||||
| ns for exchanging raw public keys in Transport Layer Security (TLS) and Datagram | ||||
| Transport Layer Security (DTLS). The new certificate type allows raw public ke | ||||
| ys to be used for authentication.</t></abstract> | ||||
| </front> | ||||
| <seriesInfo name='RFC' value='7250'/> | ||||
| <seriesInfo name='DOI' value='10.17487/RFC7250'/> | ||||
| </reference> | ||||
| <reference anchor="RFC7932" target='https://www.rfc-editor.org/info/rfc7932'> | ||||
| <front> | ||||
| <title>Brotli Compressed Data Format</title> | ||||
| <author initials='J.' surname='Alakuijala' fullname='J. Alakuijala'><organizatio | ||||
| n /></author> | ||||
| <author initials='Z.' surname='Szabadka' fullname='Z. Szabadka'><organization /> | ||||
| </author> | ||||
| <date year='2016' month='July' /> | ||||
| <abstract><t>This specification defines a lossless compressed data format that c | ||||
| ompresses data using a combination of the LZ77 algorithm and Huffman coding, wit | ||||
| h efficiency comparable to the best currently available general-purpose compress | ||||
| ion methods.</t></abstract> | ||||
| </front> | ||||
| <seriesInfo name='RFC' value='7932'/> | ||||
| <seriesInfo name='DOI' value='10.17487/RFC7932'/> | ||||
| </reference> | ||||
| <reference anchor="RFC7924" target='https://www.rfc-editor.org/info/rfc7924'> | ||||
| <front> | ||||
| <title>Transport Layer Security (TLS) Cached Information Extension</title> | ||||
| <author initials='S.' surname='Santesson' fullname='S. Santesson'><organization | ||||
| /></author> | ||||
| <author initials='H.' surname='Tschofenig' fullname='H. Tschofenig'><organizatio | ||||
| n /></author> | ||||
| <date year='2016' month='July' /> | ||||
| <abstract><t>Transport Layer Security (TLS) handshakes often include fairly stat | ||||
| ic information, such as the server certificate and a list of trusted certificati | ||||
| on authorities (CAs). This information can be of considerable size, particularl | ||||
| y if the server certificate is bundled with a complete certificate chain (i.e., | ||||
| the certificates of intermediate CAs up to the root CA).</t><t>This document def | ||||
| ines an extension that allows a TLS client to inform a server of cached informat | ||||
| ion, thereby enabling the server to omit already available information.</t></abs | ||||
| tract> | ||||
| </front> | ||||
| <seriesInfo name='RFC' value='7924'/> | ||||
| <seriesInfo name='DOI' value='10.17487/RFC7924'/> | ||||
| </reference> | ||||
| <reference anchor="RFC8126" target='https://www.rfc-editor.org/info/rfc8126'> | ||||
| <front> | ||||
| <title>Guidelines for Writing an IANA Considerations Section in RFCs</title> | ||||
| <author initials='M.' surname='Cotton' fullname='M. Cotton'><organization /></au | ||||
| thor> | ||||
| <author initials='B.' surname='Leiba' fullname='B. Leiba'><organization /></auth | ||||
| or> | ||||
| <author initials='T.' surname='Narten' fullname='T. Narten'><organization /></au | ||||
| thor> | ||||
| <date year='2017' month='June' /> | ||||
| <abstract><t>Many protocols make use of points of extensibility that use constan | ||||
| ts to identify various protocol parameters. To ensure that the values in these | ||||
| fields do not have conflicting uses and to promote interoperability, their alloc | ||||
| ations are often coordinated by a central record keeper. For IETF protocols, th | ||||
| at role is filled by the Internet Assigned Numbers Authority (IANA).</t><t>To ma | ||||
| ke assignments in a given registry prudently, guidance describing the conditions | ||||
| under which new values should be assigned, as well as when and how modification | ||||
| s to existing values can be made, is needed. This document defines a framework | ||||
| for the documentation of these guidelines by specification authors, in order to | ||||
| assure that the provided guidance for the IANA Considerations is clear and addre | ||||
| sses the various issues that are likely in the operation of a registry.</t><t>Th | ||||
| is is the third edition of this document; it obsoletes RFC 5226.</t></abstract> | ||||
| </front> | ||||
| <seriesInfo name='BCP' value='26'/> | ||||
| <seriesInfo name='RFC' value='8126'/> | ||||
| <seriesInfo name='DOI' value='10.17487/RFC8126'/> | ||||
| </reference> | ||||
| <reference anchor="RFC8174" target='https://www.rfc-editor.org/info/rfc8174'> | ||||
| <front> | ||||
| <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title> | ||||
| <author initials='B.' surname='Leiba' fullname='B. Leiba'><organization /></auth | ||||
| or> | ||||
| <date year='2017' month='May' /> | ||||
| <abstract><t>RFC 2119 specifies common key words that may be used in protocol s | ||||
| pecifications. This document aims to reduce the ambiguity by clarifying that on | ||||
| ly UPPERCASE usage of the key words have the defined special meanings.</t></abs | ||||
| tract> | ||||
| </front> | ||||
| <seriesInfo name='BCP' value='14'/> | ||||
| <seriesInfo name='RFC' value='8174'/> | ||||
| <seriesInfo name='DOI' value='10.17487/RFC8174'/> | ||||
| </reference> | ||||
| <reference anchor="RFC8446" target='https://www.rfc-editor.org/info/rfc8446'> | ||||
| <front> | ||||
| <title>The Transport Layer Security (TLS) Protocol Version 1.3</title> | ||||
| <author initials='E.' surname='Rescorla' fullname='E. Rescorla'><organization /> | ||||
| </author> | ||||
| <date year='2018' month='August' /> | ||||
| <abstract><t>This document specifies version 1.3 of the Transport Layer Security | ||||
| (TLS) protocol. TLS allows client/server applications to communicate over the | ||||
| Internet in a way that is designed to prevent eavesdropping, tampering, and mess | ||||
| age forgery.</t><t>This document updates RFCs 5705 and 6066, and obsoletes RFCs | ||||
| 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 | ||||
| implementations.</t></abstract> | ||||
| </front> | ||||
| <seriesInfo name='RFC' value='8446'/> | ||||
| <seriesInfo name='DOI' value='10.17487/RFC8446'/> | ||||
| </reference> | ||||
| <reference anchor="RFC8447" target='https://www.rfc-editor.org/info/rfc8447'> | ||||
| <front> | ||||
| <title>IANA Registry Updates for TLS and DTLS</title> | ||||
| <author initials='J.' surname='Salowey' fullname='J. Salowey'><organization /></ | ||||
| author> | ||||
| <author initials='S.' surname='Turner' fullname='S. Turner'><organization /></au | ||||
| thor> | ||||
| <date year='2018' month='August' /> | ||||
| <abstract><t>This document describes a number of changes to TLS and DTLS IANA re | ||||
| gistries that range from adding notes to the registry all the way to changing th | ||||
| e registration policy. These changes were mostly motivated by WG review of the | ||||
| TLS- and DTLS-related registries undertaken as part of the TLS 1.3 development p | ||||
| rocess.</t><t>This document updates the following RFCs: 3749, 5077, 4680, 5246, | ||||
| 5705, 5878, 6520, and 7301.</t></abstract> | ||||
| </front> | ||||
| <seriesInfo name='RFC' value='8447'/> | ||||
| <seriesInfo name='DOI' value='10.17487/RFC8447'/> | ||||
| </reference> | ||||
| <reference anchor="I-D.kucherawy-rfc8478bis"> | <reference anchor='RFC8878'> | |||
| <front> | <front> | |||
| <title>Zstandard Compression and the application/zstd Media Type</title> | <title>Zstandard Compression and the 'application/zstd' Media Type</title> | |||
| <author initials='Y' surname='Collet' fullname='Yann Collet'> | <author initials='Y' surname='Collet' fullname='Yann Collet'> | |||
| <organization /> | <organization /> | |||
| </author> | </author> | |||
| <author initials='M' surname='Kucherawy' fullname='Murray Kucherawy'> | <author initials='M' surname='Kucherawy' fullname='Murray Kucherawy' role="edito r"> | |||
| <organization /> | <organization /> | |||
| </author> | </author> | |||
| <date month='December' day='20' year='2019' /> | <date month='August' year='2020' /> | |||
| <abstract><t>Zstandard, or "zstd" (pronounced "zee standard"), is a data compres | ||||
| sion mechanism. This document describes the mechanism and registers a media typ | ||||
| e and content encoding to be used when transporting zstd-compressed content via | ||||
| Multipurpose Internet Mail Extensions (MIME). Despite use of the word "standard | ||||
| " as part of its name, readers are advised that this document is not an Internet | ||||
| Standards Track specification; it is being published for informational purposes | ||||
| only. This document replaces and obsoletes RFC 8478.</t></abstract> | ||||
| </front> | ||||
| <seriesInfo name='Internet-Draft' value='draft-kucherawy-rfc8478bis-03' /> | ||||
| <format type='TXT' | ||||
| target='http://www.ietf.org/internet-drafts/draft-kucherawy-rfc8478bis-0 | ||||
| 3.txt' /> | ||||
| </reference> | ||||
| </references> | ||||
| <references title='Informative References'> | ||||
| <reference anchor="RFC5246" target='https://www.rfc-editor.org/info/rfc5246'> | ||||
| <front> | ||||
| <title>The Transport Layer Security (TLS) Protocol Version 1.2</title> | ||||
| <author initials='T.' surname='Dierks' fullname='T. Dierks'><organization /></au | ||||
| thor> | ||||
| <author initials='E.' surname='Rescorla' fullname='E. Rescorla'><organization /> | ||||
| </author> | ||||
| <date year='2008' month='August' /> | ||||
| <abstract><t>This document specifies Version 1.2 of the Transport Layer Security | ||||
| (TLS) protocol. The TLS protocol provides communications security over the Int | ||||
| ernet. The protocol allows client/server applications to communicate in a way t | ||||
| hat is designed to prevent eavesdropping, tampering, or message forgery. [STAND | ||||
| ARDS-TRACK]</t></abstract> | ||||
| </front> | </front> | |||
| <seriesInfo name='RFC' value='5246'/> | <seriesInfo name="RFC" value="8878"/> | |||
| <seriesInfo name='DOI' value='10.17487/RFC5246'/> | <seriesInfo name="DOI" value="10.17487/RFC8878"/> | |||
| </reference> | </reference> | |||
| </references> | ||||
| <references> | ||||
| <name>Informative References</name> | ||||
| <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R | ||||
| FC.5246.xml"/> | ||||
| </references> | ||||
| </references> | </references> | |||
| <section anchor="acknowledgements" numbered="false" toc="default"> | ||||
| <section anchor="acknowledgements" title="Acknowledgements"> | <name>Acknowledgements</name> | |||
| <t>Certificate compression was originally introduced in the QUIC Crypto pr | ||||
| <t>Certificate compression was originally introduced in the QUIC Crypto protocol | otocol, | |||
| , | designed by <contact fullname="Adam Langley"/> and <contact fullname="Wan-Teh | |||
| designed by Adam Langley and Wan-Teh Chang.</t> | Chang" />.</t> | |||
| <t>This document has benefited from contributions and suggestions from <co | ||||
| <t>This document has benefited from contributions and suggestions from David | ntact fullname="David | |||
| Benjamin, Ryan Hamilton, Christian Huitema, Benjamin Kaduk, Ilari Liusvaara, | Benjamin"/>, <contact fullname="Ryan Hamilton"/>, <contact fullname="Christian | |||
| Piotr Sikora, Ian Swett, Martin Thomson, Sean Turner and many others.</t> | Huitema"/>, <contact fullname="Benjamin Kaduk"/>, <contact fullname="Ilari | |||
| Liusvaara"/>, <contact fullname="Piotr Sikora"/>, <contact fullname="Ian Swett"/ | ||||
| </section> | >, <contact fullname="Martin Thomson"/>, <contact fullname="Sean Turner"/>, and | |||
| many others.</t> | ||||
| </section> | ||||
| </back> | </back> | |||
| <!-- ##markdown-source: | ||||
| H4sIAAKSE14AA5Va63IbtxX+j6dA6R+RZkhORMuWI2c6kWW31tSXRJKTaT2q | ||||
| B9wFSdR76wJLmrGVyYO0L9cn6XcOsLugREqO/mhvODj3850DjkYj4YzL9LG8 | ||||
| fHUhT3XtzMwkyml5WuZVra01ZSHSMilUjo/SWs3cyGg3G7nMjpL++1HSfz/K | ||||
| 8MA6oabTWi/vJk0P5mW9PpbWpULVWh3LC500tXFrsSrrj/O6bCqmIYR1qkg/ | ||||
| qKwswMtaW1GZY/nelclQ2rJ2tZ5ZXK1zfwGuc1VVpphfCaEatyjrYyFHQuLP | ||||
| FPZYnozlXxc6NYXhZ17EkwycYZu63HhZ1vNjeZqVTTrLwOVQnhXJmN/oXJns | ||||
| WKpu3Q9J99kYWtnY8uex/FlZkxm9jPb82SSurDff8IZ/Lct5puNtlvTNcvnD | ||||
| nN8wfVGUda6cWWqIJ8//cnrw3aNvw+Xk4OC7cHk06Z4effdw0l1ODsPlk4PJ | ||||
| 4+7yqHt6ePi4vzyiy7PR8/HHJlnoWq3Wo3qWPDk8ejI19lgIU8xuMPNoQuvF | ||||
| aDSSampdrRInxFnBTrGAvuxCfdSwVuRLMlkoaEuWM6cL6fBeNpVwCy1z9a+S | ||||
| PAOvJN1P13A0CaKFzY1zOh0Lcbkwlmzf5LpwMtU2qc0UXy3K1bZNElXIKe6C | ||||
| T+pUulLWOm0STVsIlZcN6GDDVDkV7yXBvVTL0qTwvlxLOCoeuNpUduwFzk2a | ||||
| wnziAbzF1SVoOvJ5Er+sU11HW1HIFMmaaRqwUi61rHTN2izw3riW08bqWZP1 | ||||
| S1kxN7jUnyBdMQePKSKpmEu1qW/w9z4Y/ypSkZK5poXG5pBdOTh1Vq7oeQK/ | ||||
| BH2WWFpdLz3zLL3odEI7RSrGwgwBna4lNgWzCAFQkFrVoFb33AzltHGQEHlG | ||||
| 2+IbJxc6q+RqQcaHbGHvpCwKnTjL+7Y8QD/8zczU1klnYAZQ7Qi1+y8U1Pmx | ||||
| KFeZTue69R5P4xt72y3ucKNbOlqVTZZ6TW0KDz6nWkSO1doiyyLPH5N7vCmd | ||||
| ItdQGZJjscSOuLHEBNjWa+xRp1YOXr+7uBwM/X/55i1fn7/46d3Z+YvndH3x | ||||
| 8uTVq+6i/eLi5dt3r/BehKt+5enb169fvHnuF+OpvPHo9cnf8Y+MPnj74+XZ | ||||
| 2zcnrwZkRAfdiE43MK2XFa+criEtB4ftlMaGf3b6ozw4lJ8/h6x0fe2vKdVc | ||||
| Xwuytt+qLLK19LcwEiKiquAx7DtQXKIq41SGhIENLGK6gLfU2msRlcQZxW64 | ||||
| q954u+pPiDa6l7jhDW1TVSgh4HVl3IKj5WD8UL4PGfCKWSv0StdPpZmF9xOO | ||||
| IspwVwjozrFBswis6JSlQCjr2kq2m5kjX2vWYc/HFoebmYLdDZtG/Lp1peVe | ||||
| 61QfIofbmxzt7w+hOZMsRJ8rOJ9ZbArfYqfvBI0qtvRZ23bxFKlP5FTY5mzj | ||||
| VpSxlL/AQppCEJkJjFtierqOA1YR96d8/VIjPGQgJHpp9jr9Dqnqk9fLwzEU | ||||
| C0GIbpG2sdRzTjzGURUyQRx6d7MXFhB7IpLzXP+7AWqR93H38BZ34gZ3cTFp | ||||
| k1fMnRDP1sRR6jPzNmP2XAwDzwXVi0ghvTF4+40UFhlWZXOqmIvcBk2sTJbR | ||||
| viAA72B2Ux2tGHPSGXT7f6CCMkCC1chynDg34sdnGuRmpyhCY4VGYXfSc7FU | ||||
| WQNsIH777TePa4oml5/5kv5+zcx072B/2D2Y1qXLzN4kevQroOLew+jB3uNH | ||||
| jx4+2uf7a3kPC08FfwcognIc7XzPskiT30/G48k/n4wmf376dVvapywua/Zu | ||||
| a5OFlGwKk5raexzCNlgdN09lUcL3axCoSu8//tLeoFFonTIaetBlPzhjnBRf | ||||
| h2AUZ7POk1CWbOdjqS9v8Jrg2jZ2rGEXRkXn5CgXXWASTUOREPMa7x+SgZV7 | ||||
| fWgdjifkYp8//ykE3vX1vqANyP2JYu6rD7tt3pbxXsAt9OVeratMJezygHNb | ||||
| Ptkfe8vcTcdwcsx9ZZuVDIwiN77lTl/vT0/7NQ0q6OQQ9u8zyIdMF3O3iD4q | ||||
| K4VMFSWZ2JU+BH6/PyAfnRyODnon3SZf8MyOGYFWi/Bkx2ZbQmLDxtkGuXZz | ||||
| ARc51B40abAQ9nbxayszY52HBK3bfWPviQoYaItKAqv+pnOGLaYrA4CGCWMy | ||||
| 4By+j4YWKVRuJkGfcyudgBR4DVsQqkQAOrQhLll4uRLXIEL9B5yqQapSNVoU | ||||
| xK82y+B3EBeJD51CyxNrSU2pYrBCPbilrRl/eEKDqdow7oC6zNoFlROzmkRr | ||||
| s7LP0QGzE1XPAkN1YqvWI3rJuuHuqZnNIgwd62arHikSmZKmLo+aFgPUTwCK | ||||
| 17efWfMraOsZoZzQwpAWblQZcbf/BuPigybjvgYwMFv32mxz1NZa11ZHaKdE | ||||
| GhRyqzgReuf+YKrRcDBQAMDbVU9Xil1AUD9PsTGWcVLf5KLFcNR5eoP6fjW4 | ||||
| /t0KaK1Zs3PAiD5ovGTbJRp3ybx33e2cwVmo0LLDFrviRrSRHLlF65zyH6/O | ||||
| nm0nPvTQn0TnKH8fJhJX4z/Ana/6w50hTayJHaw947U7aN/mjYYhV5wLxNeq | ||||
| DvjjbtZuNH691niCpepdxG9wt2vQckWW5nxWlSAxzRic+5UEKO/Dgt714b0E | ||||
| gSkthP4cQcWQo15zk50sDCC0XJj5QtcblGpCI5yGNnoW5EdB+bHlpKC+Cpmy | ||||
| z/6+1VdpagK2oQCtSvi1RVZdk7e1KSploM/rCahW2mepqsxMsib1fP5c6zmK | ||||
| Sb2+vu5dP+S89J5yjgaJOMV+fV4KzZqIknEbAqgRSGLKxcbclZ07VnxTdVdl | ||||
| IrSXgTbINraFKB5YbeQE7vqosWCgdftVVymtd+kJws3L4hOoHzv4jaK9Ixc1 | ||||
| Baqy8oixnb/SLMIa9B0qjCNOqFZuJvJ74wBlp0z8HgQuZ1SI0UWjC/TJmfVZ | ||||
| NmQKHh/F5Znda6XWoYdWNetIeSwooSS/J/X1nME5flVO7VKQAJtXxBt5uvXz | ||||
| hCjjGz+G5Plplq3H0WSO27gdcYTYmKFYsoMwwE1cFnhsqE3jOiW2Rx5rBeJW | ||||
| jevZpRZL+HIELmn4Z9Kgr4I+DI0rd95CXBgq+ltGmTyIWVd4BmECPCCPJQYo | ||||
| fkYBstPQGWIKeoTQquVUWUMTFYQggsuUjeVyG3Tb4x5WGvV6dZnJ0qP/NRdj | ||||
| MEw4aFarOaUCK8zOsjLEhSq8syvnbRKiMdPqo+xGyMT2tPR6ErG4UEdepmbW | ||||
| wQEAfBo9feLYy6tMEw/eaWWYeU39cJZhSl4iwTXspDxkjBy67RLuyh1bNmGr | ||||
| MhryRiUEVLb5qA3AONF4kxGa2qw5GxisRZXB4dd3gEYz86kj2jg4WbjbhLed | ||||
| ++pPCTpF603BAlDYISZgSUJtwuQoMTD/weOjo6PJwWOGMEHUgPuSLcFPjHSM | ||||
| 00A7VpdAoyg9YfhcqzbFBQ3YlRO9KvjRU4rRaYmMmyhLxwSRHggQdjEkPBmf | ||||
| YopyE7Mh3XAfA8v9sjCZ3p2Pi27yR1OOIqnXVZjhGRRtAvaUSmi6lqIm03EH | ||||
| aCMcAb7rMt+AwW1fMuWoS1ttrdDYBx3TNiHYqeuvqCxC5f18eS81NmlCfm5H | ||||
| UFY+Gh+yal9gPczbTan2fZ/W0BQWjQnXXrTPKlsjvMebkHEzOzmaTrqvaaaG | ||||
| ojWqP2EgxsIiggK6okFV0flG6I8oZ1BaaAnH/aM4QQ4JsksLsJMTd5TcQ3Rv | ||||
| MxQNKgiipCn3pJE0guoJmKLGBHo1c5QomnEZqwgnkY9krpxrUK652r3mQ5pp | ||||
| +YkRAzx0ajI6fATCQmPKTUFnQ38owuNU5giCFk0+hcdCsLwlxBAfKk105Y9M | ||||
| AFEEuOUOsG2+tkl177ENV0RB+TOEbLwnP0hLOvfgMsRY8/4JiciB74iSnWpO | ||||
| 8LQqRd2M8ksgrtKycrvK4lg804kiqMZGVs5XxLtG7aFIwNYeu5R+sL6iif6t | ||||
| qWaEW7rA5FMBQgieP7CyZDeL1UKBKTp7kFYNs8b5ZsgbBga2TPw99mU/OTt5 | ||||
| c3ILET14IN9VbNPg2UTuRSvyJWGz8wBShTitNX1JR2AooUAMu8b4w1Yz+hOW | ||||
| +imfJ8KYeJP+3o1+xqeCocepg5BnBtgra/LCj1+t8GDLakdRNDh9OZSn5+1R | ||||
| zzmVipziOO2WbX7/d20H4x3Cv2yd9WuF32x/9yaP7hN/c4e7xX8OlkZv/7Yp | ||||
| /oY0IpLmPNomPjWS0fz684Ou67h5ZqMRcdPM2AWn845nKGfHRL6PhPhM4468 | ||||
| B7+lX2vASDvOt3pOxdlzC4tyJthU5uCSzmv5sOKVWuNth/f3oK393n3tQC7Q | ||||
| E2BNmJCS5Uw/wOgkBPA8FuJLv7l847PiF/mczwArBhu3/75A5aGCtk/El+PR | ||||
| zb8tjzbf334Cbr7dtltI5Fv/vtx+AjIHtz+j2cl2Ev79exf7xRWTmdz+zA85 | ||||
| /hiZh1u4sW6HQLvJHDx++OSQYplPTuSGbsj5X3xCc2AYsmXyHXL6Nt2wT/iE | ||||
| 0p4K9z6BCM2yzX7e++Lg7MXlX7Db0ujVoG3nyf8DJaw21FBJS01ZCwYnjx63 | ||||
| zjy48HA5dCd0bgdMlW6jhVUjEvWhT21+/f9+/89N8f73+39lSYhgZSDrntXa | ||||
| 55KDCepAmI8KTjQ8t6CQrnWmlwQAeFdExT4Q1i21RY15fCRLiFaATlWbJUVw | ||||
| oR391sn6A/BliFi0rgX9ckTXeB9CkLtpoAPtz2prf2hJYR0bQsvtOkKnoRBq | ||||
| iFfR9xw9tJQHRxGgPLoKP2OZquQjVcCTpPsJhW/yxC5ESW0sMsHcFNyKmvDr | ||||
| l77k//Tu7FSeUhEvSSRXIj8PhcdrpJ+1PElVjvxUzDPtfxXziypGl3ohTwki | ||||
| 3TovJ0A41QVMxOmUwDg3qmbaeADDx0jNfE7aonv+5LkC+AZuKf5F3c5Qnq9h | ||||
| pJe4BkTE7emippxJzxrQzdVQtt/Kv6m0+TiUZ5mqjXxlGrtUqlZD8aMpHVKq | ||||
| +VjiTp5h7cVKOyCO19Q8oL9YlLkl4hdAcfKygW39IVpOvTQ7oR2L/wMVQrpr | ||||
| mScAAA== | ||||
| </rfc> | </rfc> | |||
| End of changes. 53 change blocks. | ||||
| 526 lines changed or deleted | 271 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||