<?xmlversion='1.0' encoding='utf-8'?> <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.3.18 --> <!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent"> <?rfc toc="yes"?> <?rfc sortrefs="yes"?> <?rfc symrefs="yes"?> <?rfc docmapping="yes"?>version="1.0" encoding="UTF-8"?> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-quic-transport-34" category="std" consensus="true" number="9000" obsoletes="" updates="" submissionType="IETF" xml:lang="en" tocInclude="true" sortRefs="true" symRefs="true" version="3"><!-- xml2rfc v2v3 conversion 3.5.0 --><link href="https://datatracker.ietf.org/doc/draft-ietf-quic-transport-34" rel="prev"/> <front> <title abbrev="QUIC Transport Protocol">QUIC: A UDP-Based Multiplexed and Secure Transport</title> <seriesInfoname="Internet-Draft" value="draft-ietf-quic-transport-34"/>name="RFC" value="9000"/> <author initials="J." surname="Iyengar" fullname="Jana Iyengar" role="editor"> <organization>Fastly</organization> <address> <email>jri.ietf@gmail.com</email> </address> </author> <author initials="M." surname="Thomson" fullname="Martin Thomson" role="editor"> <organization>Mozilla</organization> <address> <email>mt@lowentropy.net</email> </address> </author> <date year="2021"month="January" day="15"/>month="May"/> <area>Transport</area> <workgroup>QUIC</workgroup> <keyword>multipath</keyword> <keyword>next generations</keyword> <keyword>protocol</keyword> <keyword>sctp++</keyword> <keyword>secure</keyword> <keyword>smart</keyword> <keyword>tcp/2</keyword> <keyword>tcpng</keyword> <keyword>transport</keyword> <keyword>transport-ng</keyword> <abstract> <t>This document defines the core of the QUIC transport protocol. QUIC provides applications with flow-controlled streams for structured communication, low-latency connection establishment, and network path migration. QUIC includes security measures that ensure confidentiality, integrity, and availability in a range of deployment circumstances. Accompanying documents describe the integration of TLS for key negotiation, loss detection, and an exemplary congestion control algorithm.</t> </abstract><note> <name>DO NOT DEPLOY THIS VERSION OF QUIC</name> <t>DO NOT DEPLOY THIS VERSION OF QUIC UNTIL IT IS IN AN RFC. This version is still a work in progress. For trial deployments, please use earlier versions.</t> </note> <note> <name>Note to Readers</name> <t>Discussion of this draft takes place on the QUIC working group mailing list (<eref target="mailto:quic@ietf.org">quic@ietf.org</eref>), which is archived at <eref target="https://mailarchive.ietf.org/arch/search/?email_list=quic"/></t> <t>Working Group information can be found at <eref target="https://github.com/quicwg"/>; source code and issues list for this draft can be found at <eref target="https://github.com/quicwg/base-drafts/labels/-transport"/>.</t> </note></front> <middle> <section anchor="overview" numbered="true" toc="default"> <name>Overview</name> <t>QUIC is a secure general-purpose transport protocol. This document defines version 1 of QUIC, which conforms to the version-independent properties of QUIC defined in <xref target="QUIC-INVARIANTS" format="default"/>.</t> <t>QUIC is a connection-oriented protocol that creates a stateful interaction between a client and server.</t> <t>The QUIC handshake combines negotiation of cryptographic and transport parameters. QUIC integrates the TLS(<xrefhandshake <xref target="TLS13"format="default"/>) handshake,format="default"/>, although using a customized framing for protecting packets. The integration of TLS and QUIC is described in more detail in <xref target="QUIC-TLS" format="default"/>. The handshake is structured to permit the exchange of application data as soon as possible. This includes an option for clients to send data immediately (0-RTT), which requires some form of prior communication or configuration to enable.</t> <t>Endpoints communicate in QUIC by exchanging QUIC packets. Most packets contain frames, which carry control information and application data between endpoints. QUIC authenticates the entirety of each packet and encrypts as much of each packet as is practical. QUIC packets are carried in UDP datagrams(<xref<xref target="UDP"format="default"/>)format="default"/> to better facilitate deployment in existing systems and networks.</t> <t>Application protocols exchange information over a QUIC connection via streams, which are ordered sequences of bytes. Two types ofstreamstreams can be created: bidirectional streams, which allow both endpoints to send data; and unidirectional streams, which allow a single endpoint to send data. A credit-based scheme is used to limit stream creation and to bound the amount of data that can be sent.</t> <t>QUIC provides the necessary feedback to implement reliable delivery and congestion control. An algorithm for detecting and recovering from loss of data is described in <xref section="6" sectionFormat="of" target="QUIC-RECOVERY" format="default"/>. QUIC depends on congestion control to avoid network congestion. An exemplary congestion control algorithm isalsodescribed in <xref section="7" sectionFormat="of" target="QUIC-RECOVERY" format="default"/>.</t> <t>QUIC connections are not strictly bound to a single network path. Connection migration uses connection identifiers to allow connections to transfer to a new network path. Only clients are able to migrate in this version of QUIC. This design also allows connections to continue after changes in network topology or address mappings, such as might be caused by NAT rebinding.</t> <t>Once established, multiple options are provided for connection termination. Applications can manage a graceful shutdown, endpoints can negotiate a timeout period, errors can cause immediate connection teardown, and a stateless mechanism provides for termination of connections after one endpoint has lost state.</t> <section anchor="document-structure" numbered="true" toc="default"> <name>Document Structure</name> <t>This document describes the core QUIC protocol and is structured as follows:</t> <ul spacing="normal"> <li> <t>Streams are the basic service abstraction that QUICprovides. </t>provides.</t> <ul spacing="normal"><li> <xref<li><xref target="streams" format="default"/> describes core concepts related to streams,</li><li> <xref<li><xref target="stream-states" format="default"/> provides a reference model for stream states, and</li><li> <xref<li><xref target="flow-control" format="default"/> outlines the operation of flow control.</li> </ul> </li> <li> <t>Connections are the context in which QUIC endpointscommunicate. </t>communicate.</t> <ul spacing="normal"><li> <xref<li><xref target="connections" format="default"/> describes core concepts related to connections,</li><li> <xref<li><xref target="version-negotiation" format="default"/> describes version negotiation,</li><li> <xref<li><xref target="handshake" format="default"/> details the process for establishing connections,</li><li> <xref<li><xref target="address-validation" format="default"/> describes address validation and criticaldenial of servicedenial-of-service mitigations,</li><li> <xref<li><xref target="migration" format="default"/> describes how endpoints migrate a connection to a new network path,</li><li> <xref<li><xref target="termination" format="default"/> lists the options for terminating an open connection, and</li><li> <xref<li><xref target="error-handling" format="default"/> provides guidance for stream and connection error handling.</li> </ul> </li> <li> <t>Packets and frames are the basic unit used by QUIC tocommunicate. </t>communicate.</t> <ul spacing="normal"><li> <xref<li><xref target="packets-frames" format="default"/> describes concepts related to packets and frames,</li><li> <xref<li><xref target="packetization" format="default"/> defines models for the transmission, retransmission, and acknowledgment of data, and</li><li> <xref<li><xref target="datagram-size" format="default"/> specifies rules for managing the size of datagrams carrying QUIC packets.</li> </ul> </li> <li> <t>Finally, encoding details of QUIC protocol elements are describedin: </t>in:</t> <ul spacing="normal"><li> <xref<li><xref target="versions" format="default"/>(Versions),</li> <li> <xref(versions),</li> <li><xref target="integer-encoding" format="default"/>(Integer Encoding),</li> <li> <xref(integer encoding),</li> <li><xref target="packet-formats" format="default"/>(Packet Headers),</li> <li> <xref(packet headers),</li> <li><xref target="transport-parameter-encoding" format="default"/>(Transport Parameters),</li> <li> <xref(transport parameters),</li> <li><xref target="frame-formats" format="default"/>(Frames),(frames), and</li><li> <xref<li><xref target="error-codes" format="default"/>(Errors).</li>(errors).</li> </ul> </li> </ul> <t>Accompanying documents describe QUIC's loss detection and congestion control <xref target="QUIC-RECOVERY" format="default"/>, and the use of TLS and other cryptographic mechanisms <xref target="QUIC-TLS" format="default"/>.</t> <t>This document defines QUIC version 1, which conforms to the protocol invariants in <xref target="QUIC-INVARIANTS" format="default"/>.</t> <t>To refer to QUIC version 1, cite this document. References to the limited set of version-independent properties of QUIC can cite <xref target="QUIC-INVARIANTS" format="default"/>.</t> </section> <section anchor="terms-and-definitions" numbered="true" toc="default"> <name>Terms and Definitions</name> <t>The key words"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY","<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and"OPTIONAL""<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described inBCP 14BCP 14 <xref target="RFC2119" format="default"/> <xref target="RFC8174" format="default"/> when, and only when, they appear in all capitals, as shown here.</t> <t>Commonly used terms inthethis document are described below.</t> <dl><dt> QUIC: </dt><dt>QUIC:</dt> <dd> <t>The transport protocol described by this document. QUIC is a name, not an acronym.</t> </dd><dt> Endpoint: </dt><dt>Endpoint:</dt> <dd> <t>An entity that can participate in a QUIC connection by generating, receiving, and processing QUIC packets. There are only two types ofendpointendpoints in QUIC: client and server.</t> </dd><dt> Client: </dt><dt>Client:</dt> <dd> <t>The endpoint that initiates a QUIC connection.</t> </dd><dt> Server: </dt><dt>Server:</dt> <dd> <t>The endpoint that accepts a QUIC connection.</t> </dd><dt> QUIC packet: </dt><dt>QUIC packet:</dt> <dd> <t>A complete processable unit of QUIC that can be encapsulated in a UDP datagram. One or more QUIC packets can be encapsulated in a single UDP datagram.</t> </dd><dt> Ack-eliciting Packet: </dt><dt>Ack-eliciting packet:</dt> <dd> <t>A QUIC packet that contains frames other than ACK, PADDING, and CONNECTION_CLOSE. These cause a recipient to send an acknowledgment; see <xref target="sending-acknowledgments" format="default"/>.</t> </dd><dt> Frame: </dt><dt>Frame:</dt> <dd> <t>A unit of structured protocol information. There are multiple frame types, each of which carries different information. Frames are contained in QUIC packets.</t> </dd><dt> Address: </dt><dt>Address:</dt> <dd> <t>When used without qualification, the tuple of IP version, IP address, and UDP port number that represents one end of a network path.</t> </dd><dt> Connection ID: </dt><dt>Connection ID:</dt> <dd> <t>An identifier that is used to identify a QUIC connection at an endpoint. Each endpoint selects one or moreConnectionconnection IDs for its peer to include in packets sent towards the endpoint. This value is opaque to the peer.</t> </dd><dt> Stream: </dt><dt>Stream:</dt> <dd> <t>A unidirectional or bidirectional channel of ordered bytes within a QUIC connection. A QUIC connection can carry multiple simultaneous streams.</t> </dd><dt> Application: </dt><dt>Application:</dt> <dd> <t>An entity that uses QUIC to send and receive data.</t> </dd> </dl> <t>This document uses the terms "QUIC packets", "UDP datagrams", and "IP packets" to refer to the units of the respective protocols. That is, one or more QUIC packets can be encapsulated in a UDP datagram, which is in turn encapsulated in an IP packet.</t> </section> <section anchor="notation" numbered="true" toc="default"> <name>Notational Conventions</name> <t>Packet and frame diagrams in this document use a custom format. The purpose of this format is to summarize, not define, protocol elements. Prose defines the complete semantics and details of structures.</t> <t>Complex fields are named and then followed by a list of fields surrounded by a pair of matching braces. Each field in this list is separated by commas.</t> <t>Individual fields include length information, plus indications about fixed value, optionality, or repetitions. Individual fields use the following notational conventions, with all lengths in bits:</t> <dl><dt> x (A): </dt><dt>x (A):</dt> <dd> <t>Indicates that x is A bits long</t> </dd><dt> x (i): </dt><dt>x (i):</dt> <dd> <t>Indicates that x holds an integer value using the variable-length encoding described in <xref target="integer-encoding" format="default"/></t> </dd><dt> x (A..B): </dt><dt>x (A..B):</dt> <dd> <t>Indicates that x can be any length from A to B; A can be omitted to indicate a minimum of zerobitsbits, and B can be omitted to indicate no set upper limit; values in this format always end onana byte boundary</t> </dd><dt> x<dt>x (L) =C: </dt>C:</dt> <dd> <t>Indicates that x has a fixed value ofC withC; the length of x is described by L, which can use any of thethreelength forms above</t> </dd><dt> x<dt>x (L) =C..D: </dt>C..D:</dt> <dd> <t>Indicates that x has a value in the range from C to D, inclusive, with the length described by L, as above</t> </dd><dt> [x (L)]: </dt><dt>[x (L)]:</dt> <dd> <t>Indicates that x is optional(andand has a length ofL)</t>L</t> </dd><dt> x<dt>x (L)...: </dt>...:</dt> <dd> <t>Indicates that x is repeated zero or moreinstances of x are present (andtimes and that each instanceishas a lengthL)</t>of L</t> </dd> </dl> <t>This document uses network byte order (that is, big endian) values. Fields are placed starting from the high-order bits of each byte.</t> <t>By convention, individual fields reference a complex field by using the name of the complex field.</t><t>For<t><xref target="fig-ex-format" format="default"/> provides an example:</t> <figure anchor="fig-ex-format"> <name>Example Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ Example Structure { One-bit Field (1), 7-bit Field with Fixed Value (7) = 61, Field with Variable-Length Integer (i), Arbitrary-Length Field (..), Variable-Length Field (8..24), Field With Minimum Length (16..), Field With Maximum Length (..128), [Optional Field (64)], Repeated Field (8) ..., } ]]></artwork> </figure> <t>When a single-bit field is referenced in prose, the position of that field can be clarified by using the value of the byte that carries the field with the field's value set. For example, the value 0x80 could be used to refer to the single-bit field in the most significant bit of the byte, such as One-bit Field in <xref target="fig-ex-format" format="default"/>.</t> </section> </section> <section anchor="streams" numbered="true" toc="default"> <name>Streams</name> <t>Streams in QUIC provide a lightweight, ordered byte-stream abstraction to an application. Streams can be unidirectional or bidirectional.</t> <t>Streams can be created by sending data. Other processes associated with stream management--- ending,cancelling,canceling, and managing flow control--- are all designed to impose minimal overheads. For instance, a single STREAM frame (<xref target="frame-stream" format="default"/>) can open, carry data for, and close a stream. Streams can also be long-lived and can last the entire duration of a connection.</t> <t>Streams can be created by either endpoint, can concurrently send data interleaved with other streams, and can becancelled.canceled. QUIC does not provide any means of ensuring ordering between bytes on different streams.</t> <t>QUIC allows for an arbitrary number of streams to operate concurrently and for an arbitrary amount of data to be sent on any stream, subject to flow control constraints and stream limits; see <xref target="flow-control" format="default"/>.</t> <section anchor="stream-id" numbered="true" toc="default"> <name>Stream Types and Identifiers</name> <t>Streams can be unidirectional or bidirectional. Unidirectional streams carry data in one direction: from the initiator of the stream to its peer. Bidirectional streams allow for data to be sent in both directions.</t> <t>Streams are identified within a connection by a numeric value, referred to as the stream ID. A stream ID is a 62-bit integer (0 to2^62-1)2<sup>62</sup>-1) that is unique for all streams on a connection. Stream IDs are encoded as variable-length integers; see <xref target="integer-encoding" format="default"/>. A QUIC endpointMUST NOT<bcp14>MUST NOT</bcp14> reuse a stream ID within a connection.</t> <t>The least significant bit(0x1)(0x01) of the stream ID identifies the initiator of the stream. Client-initiated streams have even-numbered stream IDs (with the bit set to 0), and server-initiated streams have odd-numbered stream IDs (with the bit set to 1).</t> <t>The second least significant bit(0x2)(0x02) of the stream ID distinguishes between bidirectional streams (with the bit set to 0) and unidirectional streams (with the bit set to 1).</t> <t>The two least significant bits from a stream ID therefore identify a stream as one of four types, as summarized in <xref target="stream-id-types" format="default"/>.</t> <table anchor="stream-id-types" align="center"> <name>Stream ID Types</name> <thead> <tr> <th align="left">Bits</th> <th align="left">Stream Type</th> </tr> </thead> <tbody> <tr> <tdalign="left">0x0</td>align="left">0x00</td> <td align="left">Client-Initiated, Bidirectional</td> </tr> <tr> <tdalign="left">0x1</td>align="left">0x01</td> <td align="left">Server-Initiated, Bidirectional</td> </tr> <tr> <tdalign="left">0x2</td>align="left">0x02</td> <td align="left">Client-Initiated, Unidirectional</td> </tr> <tr> <tdalign="left">0x3</td>align="left">0x03</td> <td align="left">Server-Initiated, Unidirectional</td> </tr> </tbody> </table> <t>The stream space for each type begins at the minimum value(0x0(0x00 through0x30x03, respectively); successive streams of each type are created with numerically increasing stream IDs. A stream ID that is used out of order results in all streams of that type with lower-numbered stream IDs also being opened.</t> </section> <section anchor="sending-and-receiving-data" numbered="true" toc="default"> <name>Sending and Receiving Data</name> <t>STREAM frames (<xref target="frame-stream" format="default"/>) encapsulate data sent by an application. An endpoint uses the Stream ID and Offset fields in STREAM frames to place data in order.</t> <t>EndpointsMUST<bcp14>MUST</bcp14> be able to deliver stream data to an application as an orderedbyte-stream.byte stream. Delivering an orderedbyte-streambyte stream requires that an endpoint buffer any data that is received out of order, up to the advertised flow control limit.</t> <t>QUIC makes no specific allowances for delivery of stream data out of order. However, implementationsMAY<bcp14>MAY</bcp14> choose to offer the ability to deliver data out of order to a receiving application.</t> <t>An endpoint could receive data for a stream at the same stream offset multiple times. Data that has already been received can be discarded. The data at a given offsetMUST NOT<bcp14>MUST NOT</bcp14> change if it is sent multiple times; an endpointMAY<bcp14>MAY</bcp14> treat receipt of different data at the same offset within a stream as a connection error of type PROTOCOL_VIOLATION.</t> <t>Streams are an ordered byte-stream abstraction with no other structure visible to QUIC. STREAM frame boundaries are not expected to be preserved when data is transmitted, retransmitted after packet loss, or delivered to the application at a receiver.</t> <t>An endpointMUST NOT<bcp14>MUST NOT</bcp14> send data on any stream without ensuring that it is within the flow control limits set by its peer. Flow control is described in detail in <xref target="flow-control" format="default"/>.</t> </section> <section anchor="stream-prioritization" numbered="true" toc="default"> <name>Stream Prioritization</name> <t>Stream multiplexing can have a significant effect on application performance if resources allocated to streams are correctly prioritized.</t> <t>QUIC does not provide a mechanism for exchanging prioritization information. Instead, it relies on receiving priority information from the application.</t> <t>A QUIC implementationSHOULD<bcp14>SHOULD</bcp14> provide ways in which an application can indicate the relative priority of streams. An implementation uses information provided by the application to determine how to allocate resources to active streams.</t> </section> <section anchor="stream-operations" numbered="true" toc="default"> <name>Operations on Streams</name> <t>This document does not define an API forQUIC, butQUIC; it instead defines a set of functions on streams that application protocols can rely upon. An application protocol can assume that a QUIC implementation provides an interface that includes the operations described in this section. An implementation designed for use with a specific application protocol might provide only those operations that are used by that protocol.</t> <t>On the sending part of a stream, an application protocol can:</t> <ul spacing="normal"> <li>write data, understanding when stream flow control credit (<xref target="data-flow-control" format="default"/>) has successfully been reserved to send the written data;</li> <li>end the stream (clean termination), resulting in a STREAM frame (<xref target="frame-stream" format="default"/>) with the FIN bit set; and</li> <li>reset the stream (abrupt termination), resulting in a RESET_STREAM frame (<xref target="frame-reset-stream" format="default"/>) if the stream was not already in a terminal state.</li> </ul> <t>On the receiving part of a stream, an application protocol can:</t> <ul spacing="normal"> <li>read data; and</li> <li>abort reading of the stream and request closure, possibly resulting in a STOP_SENDING frame (<xref target="frame-stop-sending" format="default"/>).</li> </ul> <t>An application protocol can also request to be informed of state changes on streams, including when the peer has opened or reset a stream, when a peer aborts reading on a stream, when new data is available, and when data can or cannot be written to the stream due to flow control.</t> </section> </section> <section anchor="stream-states" numbered="true" toc="default"> <name>Stream States</name> <t>This section describes streams in terms of their send or receive components. Two state machines are described: one for the streams on which an endpoint transmits data (<xref target="stream-send-states"format="default"/>),format="default"/>) and another for streams on which an endpoint receives data (<xref target="stream-recv-states" format="default"/>).</t> <t>Unidirectional streams use either the sending or receiving statemachinemachine, depending on the stream type and endpoint role. Bidirectional streams use both state machines at both endpoints. For the most part, the use of these state machines is the same whether the stream is unidirectional or bidirectional. The conditions for opening a stream are slightly more complex for a bidirectional stream because the opening of either the send or receive side causes the stream to open in both directions.</t> <t>The state machines shown in this section are largely informative. This document uses stream states to describe rules for when and how different types of frames can be sent and the reactions that are expected when different types of frames are received. Though these state machines are intended to be useful in implementing QUIC, these states are not intended to constrain implementations. An implementation can define a different state machine as long as its behavior is consistent with an implementation that implements these states.</t><dl> <dt> Note: </dt> <dd> <t>In<aside> <t>Note: In some cases, a single event or action can cause a transition through multiple states. For instance, sending STREAM with a FIN bit set can cause two state transitions for a sending stream: from theReady"Ready" state to theSend"Send" state, and from theSend"Send" state to theData Sent"Data Sent" state.</t></dd> </dl></aside> <section anchor="stream-send-states" numbered="true" toc="default"> <name>Sending Stream States</name> <t><xref target="fig-stream-send-states" format="default"/> shows the states for the part of a stream that sends data to a peer.</t> <figure anchor="fig-stream-send-states"> <name>States for Sending Parts of Streams</name> <artwork name="" type="" align="left" alt=""><![CDATA[ o | Create Stream (Sending) | Peer Creates Bidirectional Stream v +-------+ | Ready | Send RESET_STREAM | |-----------------------. +-------+ | | | | Send STREAM / | | STREAM_DATA_BLOCKED | v | +-------+ | | Send | Send RESET_STREAM | | |---------------------->| +-------+ | | | | Send STREAM + FIN | v v +-------+ +-------+ | Data | Send RESET_STREAM | Reset | | Sent |------------------>| Sent | +-------+ +-------+ | | | Recv All ACKs | Recv ACK v v +-------+ +-------+ | Data | | Reset | | Recvd | | Recvd | +-------+ +-------+ ]]></artwork> </figure> <t>The sending part of a stream that the endpoint initiates (types 0 and 2 for clients, 1 and 3 for servers) is opened by the application. The "Ready" state represents a newly created stream that is able to accept data from the application. Stream data might be buffered in this state in preparation for sending.</t> <t>Sending the first STREAM or STREAM_DATA_BLOCKED frame causes a sending part of a stream to enter the "Send" state. An implementation might choose to defer allocating a stream ID to a stream until it sends the first STREAM frame and enters this state, which can allow for better stream prioritization.</t> <t>The sending part of a bidirectional stream initiated by a peer (type 0 for a server, type 1 for a client) starts in the "Ready" state when the receiving part is created.</t> <t>In the "Send" state, an endpoint transmits--- and retransmits as necessary--- stream data in STREAM frames. The endpoint respects the flow control limits set by itspeer,peer and continues to accept and process MAX_STREAM_DATA frames. An endpoint in the "Send" state generates STREAM_DATA_BLOCKED frames if it is blocked from sending by stream flow control limits (<xref target="data-flow-control" format="default"/>).</t> <t>After the application indicates that all stream data has been sent and a STREAM frame containing the FIN bit is sent, the sending part of the stream enters the "Data Sent" state. From this state, the endpoint only retransmits stream data as necessary. The endpoint does not need to check flow control limits or send STREAM_DATA_BLOCKED frames for a stream in this state. MAX_STREAM_DATA frames might be received until the peer receives the final stream offset. The endpoint can safely ignore any MAX_STREAM_DATA frames it receives from its peer for a stream in this state.</t> <t>Once all stream data has been successfully acknowledged, the sending part of the stream enters the "Data Recvd" state, which is a terminal state.</t> <t>From any state that is one ofthe"Ready", "Send", or "DataSent" states,Sent", an application can signal that it wishes to abandon transmission of stream data. Alternatively, an endpoint might receive a STOP_SENDING frame from its peer. In either case, the endpoint sends a RESET_STREAM frame, which causes the stream to enter the "Reset Sent" state.</t> <t>An endpointMAY<bcp14>MAY</bcp14> send a RESET_STREAM as the first frame that mentions a stream; this causes the sending part of that stream to open and then immediately transition to the "Reset Sent" state.</t> <t>Once a packet containing a RESET_STREAM has been acknowledged, the sending part of the stream enters the "Reset Recvd" state, which is a terminal state.</t> </section> <section anchor="stream-recv-states" numbered="true" toc="default"> <name>Receiving Stream States</name> <t><xref target="fig-stream-recv-states" format="default"/> shows the states for the part of a stream that receives data from a peer. The states for a receiving part of a stream mirror only some of the states of the sending part of the stream at the peer. The receiving part of a stream does not track states on the sending part that cannot be observed, such as the "Ready" state. Instead, the receiving part of a stream tracks the delivery of data to the application, some of which cannot be observed by the sender.</t> <figure anchor="fig-stream-recv-states"> <name>States for Receiving Parts of Streams</name> <artwork name="" type="" align="left" alt=""><![CDATA[ o | Recv STREAM / STREAM_DATA_BLOCKED / RESET_STREAM | Create Bidirectional Stream (Sending) | Recv MAX_STREAM_DATA / STOP_SENDING (Bidirectional) | Create Higher-Numbered Stream v +-------+ | Recv | Recv RESET_STREAM | |-----------------------. +-------+ | | | | Recv STREAM + FIN | v | +-------+ | | Size | Recv RESET_STREAM | | Known |---------------------->| +-------+ | | | | Recv All Data | v v +-------+ Recv RESET_STREAM +-------+ | Data |--- (optional) --->| Reset | | Recvd | Recv All Data | Recvd | +-------+<-- (optional) ----+-------+ | | | App Read All Data | App Read Reset v v +-------+ +-------+ | Data | | Reset | | Read | | Read | +-------+ +-------+ ]]></artwork> </figure> <t>The receiving part of a stream initiated by a peer (types 1 and 3 for a client, or 0 and 2 for a server) is created when the first STREAM, STREAM_DATA_BLOCKED, or RESET_STREAM frame is received for that stream. For bidirectional streams initiated by a peer, receipt of a MAX_STREAM_DATA or STOP_SENDING frame for the sending part of the stream also creates the receiving part. The initial state for the receiving part of a stream is "Recv".</t> <t>For a bidirectional stream, the receiving part enters the "Recv" state when the sending part initiated by the endpoint (type 0 for a client, type 1 for a server) enters the "Ready" state.</t> <t>An endpoint opens a bidirectional stream when a MAX_STREAM_DATA or STOP_SENDING frame is received from the peer for that stream. Receiving a MAX_STREAM_DATA frame for an unopened stream indicates that the remote peer has opened the stream and is providing flow control credit. Receiving a STOP_SENDING frame for an unopened stream indicates that the remote peer no longer wishes to receive data on this stream. Either frame might arrive before a STREAM or STREAM_DATA_BLOCKED frame if packets are lost or reordered.</t> <t>Before a stream is created, all streams of the same type with lower-numbered stream IDsMUST<bcp14>MUST</bcp14> be created. This ensures that the creation order for streams is consistent on both endpoints.</t> <t>In the "Recv" state, the endpoint receives STREAM and STREAM_DATA_BLOCKED frames. Incoming data is buffered and can be reassembled into the correct order for delivery to the application. As data is consumed by the application and buffer space becomes available, the endpoint sends MAX_STREAM_DATA frames to allow the peer to send more data.</t> <t>When a STREAM frame with a FIN bit is received, the final size of the stream is known; see <xref target="final-size" format="default"/>. The receiving part of the stream then enters the "Size Known" state. In this state, the endpoint no longer needs to send MAX_STREAM_DATAframes,frames; it only receives any retransmissions of stream data.</t> <t>Once all data for the stream has been received, the receiving part enters the "Data Recvd" state. This might happen as a result of receiving the same STREAM frame that causes the transition to "Size Known". After all data has been received, any STREAM or STREAM_DATA_BLOCKED frames for the stream can be discarded.</t> <t>The "Data Recvd" state persists until stream data has been delivered to the application. Once stream data has been delivered, the stream enters the "Data Read" state, which is a terminal state.</t> <t>Receiving a RESET_STREAM frame in the "Recv" or "Size Known"statesstate causes the stream to enter the "Reset Recvd" state. This might cause the delivery of stream data to the application to be interrupted.</t> <t>It is possible that all stream data has already been received when a RESET_STREAM is received (that is, in the "Data Recvd" state). Similarly, it is possible for remaining stream data to arrive after receiving a RESET_STREAM frame (the "Reset Recvd" state). An implementation is free to manage this situation as it chooses.</t> <t>Sending a RESET_STREAM means that an endpoint cannot guarantee delivery of stream data;howeverhowever, there is no requirement that stream data not be delivered if a RESET_STREAM is received. An implementationMAY<bcp14>MAY</bcp14> interrupt delivery of stream data, discard any data that was not consumed, and signal the receipt of the RESET_STREAM. A RESET_STREAM signal might be suppressed or withheld if stream data is completely received and is buffered to be read by the application. If the RESET_STREAM is suppressed, the receiving part of the stream remains in "Data Recvd".</t> <t>Once the application receives the signal indicating that the stream was reset, the receiving part of the stream transitions to the "Reset Read" state, which is a terminal state.</t> </section> <section anchor="permitted-frame-types" numbered="true" toc="default"> <name>Permitted Frame Types</name> <t>The sender of a stream sends just three frame types that affect the state of a stream at either the sender or the receiver: STREAM (<xref target="frame-stream" format="default"/>), STREAM_DATA_BLOCKED (<xref target="frame-stream-data-blocked" format="default"/>), and RESET_STREAM (<xref target="frame-reset-stream" format="default"/>).</t> <t>A senderMUST NOT<bcp14>MUST NOT</bcp14> send any of these frames from a terminal state ("Data Recvd" or "Reset Recvd"). A senderMUST NOT<bcp14>MUST NOT</bcp14> send a STREAM or STREAM_DATA_BLOCKED frame for a stream in the "Reset Sent" state or any terminalstate,state -- that is, after sending a RESET_STREAM frame. A receiver could receive any of these three frames in any state, due to the possibility of delayed delivery of packets carrying them.</t> <t>The receiver of a stream sends MAX_STREAM_DATA frames (<xref target="frame-max-stream-data" format="default"/>) and STOP_SENDING frames (<xref target="frame-stop-sending" format="default"/>).</t> <t>The receiver only sends MAX_STREAM_DATA frames in the "Recv" state. A receiverMAY<bcp14>MAY</bcp14> send a STOP_SENDING frame in any state where it has not received a RESET_STREAMframe;frame -- thatisis, states other than "Reset Recvd" or "Reset Read".HoweverHowever, there is little value in sending a STOP_SENDING frame in the "Data Recvd" state,sinceas all stream data has been received. A sender could receive either of these two types of frames in any state as a result of delayed delivery of packets.</t> </section> <section anchor="stream-bidi-states" numbered="true" toc="default"> <name>Bidirectional Stream States</name> <t>A bidirectional stream is composed of sending and receiving parts. Implementations can represent states of the bidirectional stream as composites of sending and receiving stream states. The simplest model presents the stream as "open" when either sending or receiving parts are in a non-terminal state and "closed" when both sending and receiving streams are in terminal states.</t> <t><xref target="stream-bidi-mapping" format="default"/> shows a more complex mapping of bidirectional stream states that loosely correspond to the stream states defined in HTTP/2 <xref target="HTTP2" format="default"/>. This shows that multiple states on sending or receiving parts of streams are mapped to the same composite state. Note that this is just one possibility for such a mapping; this mapping requires that dataisbe acknowledged before the transition to a "closed" or "half-closed" state.</t> <table anchor="stream-bidi-mapping" align="center"> <name>Possible Mapping of Stream States to HTTP/2</name> <thead> <tr> <th align="left">Sending Part</th> <th align="left">Receiving Part</th> <th align="left">Composite State</th> </tr> </thead> <tbody> <tr> <td align="left">NoStream/Ready</td>Stream / Ready</td> <td align="left">NoStream/Recv *1</td>Stream / Recv (*1)</td> <td align="left">idle</td> </tr> <tr> <tdalign="left">Ready/Send/Dataalign="left">Ready / Send / Data Sent</td> <tdalign="left">Recv/Sizealign="left">Recv / Size Known</td> <td align="left">open</td> </tr> <tr> <tdalign="left">Ready/Send/Dataalign="left">Ready / Send / Data Sent</td> <td align="left">DataRecvd/DataRecvd / Data Read</td> <td align="left">half-closed (remote)</td> </tr> <tr> <tdalign="left">Ready/Send/Dataalign="left">Ready / Send / Data Sent</td> <td align="left">ResetRecvd/ResetRecvd / Reset Read</td> <td align="left">half-closed (remote)</td> </tr> <tr> <td align="left">Data Recvd</td> <tdalign="left">Recv/Sizealign="left">Recv / Size Known</td> <td align="left">half-closed (local)</td> </tr> <tr> <td align="left">ResetSent/ResetSent / Reset Recvd</td> <tdalign="left">Recv/Sizealign="left">Recv / Size Known</td> <td align="left">half-closed (local)</td> </tr> <tr> <td align="left">ResetSent/ResetSent / Reset Recvd</td> <td align="left">DataRecvd/DataRecvd / Data Read</td> <td align="left">closed</td> </tr> <tr> <td align="left">ResetSent/ResetSent / Reset Recvd</td> <td align="left">ResetRecvd/ResetRecvd / Reset Read</td> <td align="left">closed</td> </tr> <tr> <td align="left">Data Recvd</td> <td align="left">DataRecvd/DataRecvd / Data Read</td> <td align="left">closed</td> </tr> <tr> <td align="left">Data Recvd</td> <td align="left">ResetRecvd/ResetRecvd / Reset Read</td> <td align="left">closed</td> </tr> </tbody> </table><dl> <dt> Note<aside> <t>Note (*1):</dt> <dd> <t>AA stream is considered "idle" if it has not yet beencreated,created or if the receiving part of the stream is in the "Recv" state without yet having received any frames.</t></dd> </dl></aside> </section> <section anchor="solicited-state-transitions" numbered="true" toc="default"> <name>Solicited State Transitions</name> <t>If an application is no longer interested in the data it is receiving on a stream, it can abort reading the stream and specify an application error code.</t> <t>If the stream is in the "Recv" or "Size Known"states,state, the transportSHOULD<bcp14>SHOULD</bcp14> signal this by sending a STOP_SENDING frame to prompt closure of the stream in the opposite direction. This typically indicates that the receiving application is no longer reading data it receives from the stream, but it is not a guarantee that incoming data will be ignored.</t> <t>STREAM frames received after sending a STOP_SENDING frame are still counted toward connection and stream flow control, even though these frames can be discarded upon receipt.</t> <t>A STOP_SENDING frame requests that the receiving endpoint send a RESET_STREAM frame. An endpoint that receives a STOP_SENDING frameMUST<bcp14>MUST</bcp14> send a RESET_STREAM frame if the stream is in theReady"Ready" orSend"Send" state. If the stream is in the "Data Sent" state, the endpointMAY<bcp14>MAY</bcp14> defer sending the RESET_STREAM frame until the packets containing outstanding data are acknowledged or declared lost. If any outstanding data is declared lost, the endpointSHOULD<bcp14>SHOULD</bcp14> send a RESET_STREAM frame instead of retransmitting the data.</t> <t>An endpointSHOULD<bcp14>SHOULD</bcp14> copy the error code from the STOP_SENDING frame to the RESET_STREAM frame it sends, but it can use any application error code. An endpoint that sends a STOP_SENDING frameMAY<bcp14>MAY</bcp14> ignore the error code in any RESET_STREAM frames subsequently received for that stream.</t> <t>STOP_SENDINGSHOULD<bcp14>SHOULD</bcp14> only be sent for a stream that has not been reset by the peer. STOP_SENDING is most useful for streams in the "Recv" or "Size Known"states.</t>state.</t> <t>An endpoint is expected to send another STOP_SENDING frame if a packet containing a previous STOP_SENDING is lost. However, once either all stream data or a RESET_STREAM frame has been received for the stream--- that is, the stream is in any state other than "Recv" or "Size Known"--- sending a STOP_SENDING frame is unnecessary.</t> <t>An endpoint that wishes to terminate both directions of a bidirectional stream can terminate one direction by sending a RESET_STREAM frame, and it can encourage prompt termination in the opposite direction by sending a STOP_SENDING frame.</t> </section> </section> <section anchor="flow-control" numbered="true" toc="default"> <name>Flow Control</name> <t>Receivers need to limit the amount of data that they are required to buffer, in order to prevent a fast sender from overwhelming them or a malicious sender from consuming a large amount of memory. To enable a receiver to limit memory commitments for a connection, streams are flow controlled both individually and across a connection as a whole. A QUIC receiver controls the maximum amount of data the sender can send on a stream as well as across all streams at any time, as described in Sections <xreftarget="data-flow-control" format="default"/>format="counter" target="data-flow-control"/> and <xreftarget="fc-credit" format="default"/>.</t>format="counter" target="fc-credit"/>.</t> <t>Similarly, to limit concurrency within a connection, a QUIC endpoint controls the maximum cumulative number of streams that its peer can initiate, as described in <xref target="controlling-concurrency" format="default"/>.</t> <t>Data sent in CRYPTO frames is not flow controlled in the same way as stream data. QUIC relies on the cryptographic protocol implementation to avoid excessive buffering of data; see <xref target="QUIC-TLS" format="default"/>. To avoid excessive buffering at multiple layers, QUIC implementationsSHOULD<bcp14>SHOULD</bcp14> provide an interface for the cryptographic protocol implementation to communicate its buffering limits.</t> <section anchor="data-flow-control" numbered="true" toc="default"> <name>Data Flow Control</name> <t>QUIC employs a limit-basedflow-controlflow control scheme where a receiver advertises the limit of total bytes it is prepared to receive on a given stream or for the entire connection. This leads to two levels of data flow control in QUIC:</t> <ul spacing="normal"> <li>Stream flow control, which prevents a single stream from consuming the entire receive buffer for a connection by limiting the amount of data that can be sent on each stream.</li> <li>Connection flow control, which prevents senders from exceeding a receiver's buffer capacity for theconnection,connection by limiting the total bytes of stream data sent in STREAM frames on all streams.</li> </ul> <t>SendersMUST NOT<bcp14>MUST NOT</bcp14> send data in excess of either limit.</t> <t>A receiver sets initial limits for all streams through transport parameters during the handshake (<xref target="transport-parameters" format="default"/>). Subsequently, a receiver sends MAX_STREAM_DATA frames (<xref target="frame-max-stream-data" format="default"/>) or MAX_DATA frames (<xref target="frame-max-data" format="default"/>)framesto the sender to advertise larger limits.</t> <t>A receiver can advertise a larger limit for a stream by sending a MAX_STREAM_DATA frame with the corresponding stream ID. A MAX_STREAM_DATA frame indicates the maximum absolute byte offset of a stream. A receiver could determine the flow control offset to be advertised based on the current offset of data consumed on that stream.</t> <t>A receiver can advertise a larger limit for a connection by sending a MAX_DATA frame, which indicates the maximum of the sum of the absolute byte offsets of all streams. A receiver maintains a cumulative sum of bytes received on all streams, which is used to check for violations of the advertised connection or stream data limits. A receiver could determine the maximum data limit to be advertised based on the sum of bytes consumed on all streams.</t> <t>Once a receiver advertises a limit for the connection or a stream, it is not an error to advertise a smaller limit, but the smaller limit has no effect.</t> <t>A receiverMUST<bcp14>MUST</bcp14> close the connection witha FLOW_CONTROL_ERRORan error(<xref target="error-handling" format="default"/>)of type FLOW_CONTROL_ERROR if the sender violates the advertised connection or stream datalimits.</t>limits; see <xref target="error-handling" format="default"/> for details on error handling.</t> <t>A senderMUST<bcp14>MUST</bcp14> ignore any MAX_STREAM_DATA or MAX_DATA frames that do not increase flow control limits.</t> <t>If a sender has sent data up to the limit, it will be unable to send new data and is considered blocked. A senderSHOULD<bcp14>SHOULD</bcp14> send a STREAM_DATA_BLOCKED or DATA_BLOCKED frame to indicate to the receiver that it has data to write but is blocked by flow control limits. If a sender is blocked for a period longer than the idle timeout (<xref target="idle-timeout" format="default"/>), the receiver might close the connection even when the sender has data that is available for transmission. To keep the connection from closing, a sender that is flow control limitedSHOULD<bcp14>SHOULD</bcp14> periodically send a STREAM_DATA_BLOCKED or DATA_BLOCKED frame when it has no ack-eliciting packets in flight.</t> </section> <section anchor="fc-credit" numbered="true" toc="default"> <name>Increasing Flow Control Limits</name> <t>Implementations decide when and how much credit to advertise in MAX_STREAM_DATA and MAX_DATA frames, but this section offers a few considerations.</t> <t>To avoid blocking a sender, a receiverMAY<bcp14>MAY</bcp14> send a MAX_STREAM_DATA or MAX_DATA frame multiple times within a round trip or send it early enough to allow time for loss of the frame and subsequent recovery.</t> <t>Control frames contribute to connection overhead. Therefore, frequently sending MAX_STREAM_DATA and MAX_DATA frames with small changes is undesirable. On the other hand, if updates are less frequent, larger increments to limits are necessary to avoid blocking a sender, requiring larger resource commitments at the receiver. There is a trade-off between resource commitment and overhead when determining how large a limit is advertised.</t> <t>A receiver can use an autotuning mechanism to tune the frequency and amount of advertised additional credit based on a round-trip time estimate and the rate at which the receiving application consumes data, similar to common TCP implementations. As an optimization, an endpoint could send frames related to flow control only when there are other frames to send, ensuring that flow control does not cause extra packets to be sent.</t> <t>A blocked sender is not required to send STREAM_DATA_BLOCKED or DATA_BLOCKED frames. Therefore, a receiverMUST NOT<bcp14>MUST NOT</bcp14> wait for a STREAM_DATA_BLOCKED or DATA_BLOCKED frame before sending a MAX_STREAM_DATA or MAX_DATA frame; doing so could result in the sender being blocked for the rest of the connection. Even if the sender sends these frames, waiting for them will result in the sender being blocked for at least an entire round trip.</t> <t>When a sender receives credit after being blocked, it might be able to send a large amount of data in response, resulting in short-term congestion; seeSection 7.7 in<xref section="7.7" sectionFormat="of" target="QUIC-RECOVERY" format="default"/> for a discussion of how a sender can avoid this congestion.</t> </section> <section anchor="flow-control-performance" numbered="true" toc="default"> <name>Flow Control Performance</name> <t>If an endpoint cannot ensure that its peer always has available flow control credit that is greater than the peer's bandwidth-delay product on this connection, its receive throughput will be limited by flow control.</t> <t>Packet loss can cause gaps in the receive buffer, preventing the application from consuming data and freeing up receive buffer space.</t> <t>Sending timely updates of flow control limits can improve performance. Sending packets only to provide flow control updates can increase network load and adversely affect performance. Sending flow control updates along with other frames, such as ACK frames, reduces the cost of those updates.</t> </section> <section anchor="stream-cancellation" numbered="true" toc="default"> <name>Handling Stream Cancellation</name> <t>Endpoints need to eventually agree on the amount of flow control credit that has been consumed on every stream, to be able to account for all bytes for connection-level flow control.</t> <t>On receipt of a RESET_STREAM frame, an endpoint will tear down state for the matching stream and ignore further data arriving on that stream.</t> <t>RESET_STREAM terminates one direction of a stream abruptly. For a bidirectional stream, RESET_STREAM has no effect on data flow in the opposite direction. Both endpointsMUST<bcp14>MUST</bcp14> maintain flow control state for the stream in the unterminated direction until that direction enters a terminal state.</t> </section> <section anchor="final-size" numbered="true" toc="default"> <name>Stream Final Size</name> <t>The final size is the amount of flow control credit that is consumed by a stream. Assuming that every contiguous byte on the stream was sent once, the final size is the number of bytes sent. More generally, this is one higher than the offset of the byte with the largest offset sent on the stream, or zero if no bytes were sent.</t> <t>A sender always communicates the final size of a stream to the receiver reliably, no matter how the stream is terminated. The final size is the sum of the Offset and Length fields of a STREAM frame with a FIN flag, noting that these fields might be implicit. Alternatively, the Final Size field of a RESET_STREAM frame carries this value. This guarantees that both endpoints agree on how much flow control credit was consumed by the sender on that stream.</t> <t>An endpoint will know the final size for a stream when the receiving part of the stream enters the "Size Known" or "Reset Recvd" state (<xref target="stream-states" format="default"/>). The receiverMUST<bcp14>MUST</bcp14> use the final size of the stream to account for all bytes sent on the stream in itsconnection levelconnection-level flow controller.</t> <t>An endpointMUST NOT<bcp14>MUST NOT</bcp14> send data on a stream at or beyond the final size.</t> <t>Once a final size for a stream is known, it cannot change. If a RESET_STREAM or STREAM frame is received indicating a change in the final size for the stream, an endpointSHOULD<bcp14>SHOULD</bcp14> respond witha FINAL_SIZE_ERROR error;an error of type FINAL_SIZE_ERROR; see <xref target="error-handling"format="default"/>.format="default"/> for details on error handling. A receiverSHOULD<bcp14>SHOULD</bcp14> treat receipt of data at or beyond the final size asa FINAL_SIZE_ERROR error,an error of type FINAL_SIZE_ERROR, even after a stream is closed. Generating these errors is not mandatory, because requiring that an endpoint generate these errors also means that the endpoint needs to maintain the final size state for closed streams, which could mean a significant state commitment.</t> </section> <section anchor="controlling-concurrency" numbered="true" toc="default"> <name>Controlling Concurrency</name> <t>An endpoint limits the cumulative number of incoming streams a peer can open. Only streams with a stream ID less than(max_stream<tt>(max_streams * 4 +initial_stream_id_for_type)first_stream_id_of_type)</tt> can be opened; see <xref target="stream-id-types" format="default"/>. Initial limits are set in the transport parameters; see <xref target="transport-parameter-definitions" format="default"/>. Subsequent limits are advertised using MAX_STREAMS frames; see <xref target="frame-max-streams" format="default"/>. Separate limits apply to unidirectional and bidirectional streams.</t> <t>If a max_streams transport parameter or a MAX_STREAMS frame is received with a value greater than2^60,2<sup>60</sup>, this would allow a maximum stream ID that cannot be expressed as a variable-length integer; see <xref target="integer-encoding" format="default"/>. If either is received, the connectionMUST<bcp14>MUST</bcp14> be closed immediately with a connection error of type TRANSPORT_PARAMETER_ERROR if the offending value was received in a transport parameter or of type FRAME_ENCODING_ERROR if it was received in a frame; see <xref target="immediate-close" format="default"/>.</t> <t>EndpointsMUST NOT<bcp14>MUST NOT</bcp14> exceed the limit set by their peer. An endpoint that receives a frame with a stream ID exceeding the limit it has sentMUST<bcp14>MUST</bcp14> treat this as a connection error of typeSTREAM_LIMIT_ERROR (<xrefSTREAM_LIMIT_ERROR; see <xref target="error-handling"format="default"/>).</t>format="default"/> for details on error handling.</t> <t>Once a receiver advertises a stream limit using the MAX_STREAMS frame, advertising a smaller limit has no effect.A receiver MUST ignore anyMAX_STREAMSframeframes thatdoesdo not increase the streamlimit.</t>limit <bcp14>MUST</bcp14> be ignored.</t> <t>As with stream and connection flow control, this document leaves implementations to decide when and how many streams should be advertised to a peer via MAX_STREAMS. Implementations might choose to increase limits as streams are closed, to keep the number of streams available to peers roughly consistent.</t> <t>An endpoint that is unable to open a new stream due to the peer's limitsSHOULD<bcp14>SHOULD</bcp14> send a STREAMS_BLOCKED frame (<xref target="frame-streams-blocked" format="default"/>). This signal is considered useful for debugging. An endpointMUST NOT<bcp14>MUST NOT</bcp14> wait to receive this signal before advertising additional credit, since doing so will mean that the peer will be blocked for at least an entire round trip, and potentially indefinitely if the peer chooses not to send STREAMS_BLOCKED frames.</t> </section> </section> <section anchor="connections" numbered="true" toc="default"> <name>Connections</name> <t>A QUIC connection is shared state between a client and a server.</t> <t>Each connection starts with a handshake phase, during which the two endpoints establish a shared secret using the cryptographic handshake protocol <xref target="QUIC-TLS" format="default"/> and negotiate the application protocol. The handshake (<xref target="handshake" format="default"/>) confirms that both endpoints are willing to communicate (<xref target="validate-handshake" format="default"/>) and establishes parameters for the connection (<xref target="transport-parameters" format="default"/>).</t> <t>An application protocol can use the connection during the handshake phase with some limitations. 0-RTT allows application data to be sent by a client before receiving a response from the server. However, 0-RTT provides no protection against replay attacks; seeSection 9.2 of<xref section="9.2" sectionFormat="of" target="QUIC-TLS" format="default"/>. A server can also send application data to a client before it receives the final cryptographic handshake messages that allow it to confirm the identity and liveness of the client. These capabilities allow an application protocol to offer the option of trading some security guarantees for reduced latency.</t> <t>The use of connection IDs (<xref target="connection-id" format="default"/>) allows connections to migrate to a new network path, both as a direct choice of an endpoint and when forced by a change in a middlebox. <xref target="migration" format="default"/> describes mitigations for the security and privacy issues associated with migration.</t> <t>For connections that are no longer needed or desired, there are several ways for a client and server to terminate a connection, as described in <xref target="termination" format="default"/>.</t> <section anchor="connection-id" numbered="true" toc="default"> <name>Connection ID</name> <t>Each connection possesses a set of connection identifiers, or connection IDs, each of which can identify the connection. Connection IDs are independently selected by endpoints; each endpoint selects the connection IDs that its peer uses.</t> <t>The primary function of a connection ID is to ensure that changes in addressing at lower protocol layers (UDP, IP) do not cause packets for a QUIC connection to be delivered to the wrong endpoint. Each endpoint selects connection IDs using an implementation-specific (and perhaps deployment-specific) method that will allow packets with that connection ID to be routed back to the endpoint and to be identified by the endpoint upon receipt.</t> <t>Multiple connection IDs are used so that endpoints can send packets that cannot be identified by an observer as being for the same connection without cooperation from an endpoint; see <xref target="migration-linkability" format="default"/>.</t> <t>Connection IDsMUST NOT<bcp14>MUST NOT</bcp14> contain any information that can be used by an external observer (that is, one that does not cooperate with the issuer) to correlate them with other connection IDs for the same connection. As a trivial example, this means the same connection IDMUST NOT<bcp14>MUST NOT</bcp14> be issued more than once on the same connection.</t> <t>Packets with long headers include Source Connection ID and Destination Connection ID fields. These fields are used to set the connection IDs for new connections; see <xref target="negotiating-connection-ids" format="default"/> for details.</t> <t>Packets with short headers (<xref target="short-header" format="default"/>) only include the Destination Connection ID and omit the explicit length. The length of the Destination Connection ID field is expected to be known to endpoints. Endpoints using a load balancer that routes based on connection ID could agree with the load balancer on a fixed length for connectionIDs,IDs or agree on an encoding scheme. A fixed portion could encode an explicit length, which allows the entire connection ID to vary in length and still be used by the load balancer.</t> <t>A Version Negotiation (<xref target="packet-version" format="default"/>) packet echoes the connection IDs selected by the client, both to ensure correct routing toward the client and to demonstrate that the packet is in response to a packet sent by the client.</t> <t>A zero-length connection ID can be used when a connection ID is not needed to route to the correct endpoint. However, multiplexing connections on the same local IP address and port while using zero-length connection IDs will cause failures in the presence of peer connection migration, NAT rebinding, and client port reuse. An endpointMUST NOT<bcp14>MUST NOT</bcp14> use the same IP address and port for multiple concurrent connections with zero-length connection IDs, unless it is certain that those protocol features are not in use.</t> <t>When an endpoint uses a non-zero-length connection ID, it needs to ensure that the peer has a supply of connection IDs from which to choose for packets sent to the endpoint. These connection IDs are supplied by the endpoint using the NEW_CONNECTION_ID frame (<xref target="frame-new-connection-id" format="default"/>).</t> <section anchor="issue-cid" numbered="true" toc="default"> <name>Issuing Connection IDs</name> <t>EachConnectionconnection ID has an associated sequence number to assist in detecting when NEW_CONNECTION_ID or RETIRE_CONNECTION_ID frames refer to the same value. The initial connection ID issued by an endpoint is sent in the Source Connection ID field of the long packet header (<xref target="long-header" format="default"/>) during the handshake. The sequence number of the initial connection ID is 0. If the preferred_address transport parameter is sent, the sequence number of the supplied connection ID is 1.</t> <t>Additional connection IDs are communicated to the peer using NEW_CONNECTION_ID frames (<xref target="frame-new-connection-id" format="default"/>). The sequence number on each newly issued connection IDMUST<bcp14>MUST</bcp14> increase by 1. The connection ID that a client selects for the first Destination Connection ID field it sends and any connection ID provided by a Retry packet are not assigned sequence numbers.</t> <t>When an endpoint issues a connection ID, itMUST<bcp14>MUST</bcp14> accept packets that carry this connection ID for the duration of the connection or until its peer invalidates the connection ID via a RETIRE_CONNECTION_ID frame (<xref target="frame-retire-connection-id" format="default"/>). Connection IDs that are issued and not retired are considered active; any active connection ID is valid for use with the current connection at any time, in any packet type. This includes the connection ID issued by the server via the preferred_address transport parameter.</t> <t>An endpointSHOULD<bcp14>SHOULD</bcp14> ensure that its peer has a sufficient number of available and unused connection IDs. Endpoints advertise the number of active connection IDs they are willing to maintain using the active_connection_id_limit transport parameter. An endpointMUST NOT<bcp14>MUST NOT</bcp14> provide more connection IDs than the peer's limit. An endpointMAY<bcp14>MAY</bcp14> send connection IDs that temporarily exceed a peer's limit if the NEW_CONNECTION_ID frame also requires the retirement of any excess, by including a sufficiently large value in the Retire Prior To field.</t> <t>A NEW_CONNECTION_ID frame might cause an endpoint to add some active connection IDs and retire others based on the value of the Retire Prior To field. After processing a NEW_CONNECTION_ID frame and adding and retiring active connection IDs, if the number of active connection IDs exceeds the value advertised in its active_connection_id_limit transport parameter, an endpointMUST<bcp14>MUST</bcp14> close the connection with an error of type CONNECTION_ID_LIMIT_ERROR.</t> <t>An endpointSHOULD<bcp14>SHOULD</bcp14> supply a new connection ID when the peer retires a connection ID. If an endpoint provided fewer connection IDs than the peer's active_connection_id_limit, itMAY<bcp14>MAY</bcp14> supply a new connection ID when it receives a packet with a previously unused connection ID. An endpointMAY<bcp14>MAY</bcp14> limit the total number of connection IDs issued for each connection to avoid the risk of running out of connection IDs; see <xref target="reset-token" format="default"/>. An endpointMAY<bcp14>MAY</bcp14> also limit the issuance of connection IDs to reduce the amount of per-path state it maintains, such as path validation status, as its peer might interact with it over as many paths as there are issued connection IDs.</t> <t>An endpoint that initiates migration and requires non-zero-length connection IDsSHOULD<bcp14>SHOULD</bcp14> ensure that the pool of connection IDs available to its peer allows the peer to use a new connection ID on migration, as the peer will be unable to respond if the pool is exhausted.</t> <t>An endpoint that selects a zero-length connection ID during the handshake cannot issue a new connection ID. A zero-length Destination Connection ID field is used in all packets sent toward such an endpoint over any network path.</t> </section> <section anchor="retire-cid" numbered="true" toc="default"> <name>Consuming and Retiring Connection IDs</name> <t>An endpoint can change the connection ID it uses for a peer to another available one at any time during the connection. An endpoint consumes connection IDs in response to a migrating peer; see <xref target="migration-linkability" format="default"/> formore.</t>more details.</t> <t>An endpoint maintains a set of connection IDs received from its peer, any of which it can use when sending packets. When the endpoint wishes to remove a connection ID from use, it sends a RETIRE_CONNECTION_ID frame to its peer. Sending a RETIRE_CONNECTION_ID frame indicates that the connection ID will not be used again and requests that the peer replace it with a new connection ID using a NEW_CONNECTION_ID frame.</t> <t>As discussed in <xref target="migration-linkability" format="default"/>, endpoints limit the use of a connection ID to packets sent from a single local address to a single destination address. EndpointsSHOULD<bcp14>SHOULD</bcp14> retire connection IDs when they are no longer actively using either the local or destination address for which the connection ID was used.</t> <t>An endpoint might need to stop accepting previously issued connection IDs in certain circumstances. Such an endpoint can cause its peer to retire connection IDs by sending a NEW_CONNECTION_ID frame with an increased Retire Prior To field. The endpointSHOULD<bcp14>SHOULD</bcp14> continue to accept the previously issued connection IDs until they are retired by the peer. If the endpoint can no longer process the indicated connection IDs, itMAY<bcp14>MAY</bcp14> close the connection.</t> <t>Upon receipt of an increased Retire Prior To field, the peerMUST<bcp14>MUST</bcp14> stop using the corresponding connection IDs and retire them with RETIRE_CONNECTION_ID frames before adding the newly provided connection ID to the set of active connection IDs. This ordering allows an endpoint to replace all active connection IDs without the possibility of a peer having no available connection IDs and without exceeding the limit the peer sets in the active_connection_id_limit transport parameter; see <xref target="transport-parameter-definitions" format="default"/>. Failure to cease using the connection IDs when requested can result in connection failures, as the issuing endpoint might be unable to continue using the connection IDs with the active connection.</t> <t>An endpointSHOULD<bcp14>SHOULD</bcp14> limit the number of connection IDs it has retired locallyandfor which RETIRE_CONNECTION_ID frames have not yet been acknowledged. An endpointSHOULD<bcp14>SHOULD</bcp14> allow for sending and tracking a number of RETIRE_CONNECTION_ID frames of at least twice theactive_connection_id limit.value of the active_connection_id_limit transport parameter. An endpointMUST NOT<bcp14>MUST NOT</bcp14> forget a connection ID without retiring it, though itMAY<bcp14>MAY</bcp14> choose to treat having connection IDs in need of retirement that exceed this limit as a connection error of type CONNECTION_ID_LIMIT_ERROR.</t> <t>EndpointsSHOULD NOT<bcp14>SHOULD NOT</bcp14> issue updates of the Retire Prior To field before receiving RETIRE_CONNECTION_ID frames that retire all connection IDs indicated by the previous Retire Prior To value.</t> </section> </section> <section anchor="packet-handling" numbered="true" toc="default"> <name>Matching Packets to Connections</name> <t>Incoming packets are classified on receipt. Packets can either be associated with an existingconnection,connection or--- for servers--- potentially create a new connection.</t> <t>Endpoints try to associate a packet with an existing connection. If the packet has a non-zero-length Destination Connection ID corresponding to an existing connection, QUIC processes that packet accordingly. Note that more than one connection ID can be associated with a connection; see <xref target="connection-id" format="default"/>.</t> <t>If the Destination Connection ID is zero length and the addressing information in the packet matches the addressing information the endpoint uses to identify a connection with a zero-length connection ID, QUIC processes the packet as part of that connection. An endpoint can use just destination IP and port or both source and destination addresses for identification, though this makes connections fragile as described in <xref target="connection-id" format="default"/>.</t> <t>Endpoints can send a Stateless Reset (<xref target="stateless-reset" format="default"/>) for any packets that cannot be attributed to an existing connection. Astateless resetStateless Reset allows a peer to more quickly identify when a connection becomes unusable.</t> <t>Packets that are matched to an existing connection are discarded if the packets are inconsistent with the state of that connection. For example, packets are discarded if they indicate a different protocol version than that of theconnection,connection or if the removal of packet protection is unsuccessful once the expected keys are available.</t> <t>Invalid packets that lack strong integrity protection, such as Initial, Retry, or Version Negotiation,MAY<bcp14>MAY</bcp14> be discarded. An endpointMUST<bcp14>MUST</bcp14> generate a connection error if processing the contents of these packets prior to discovering an error, or fully revert any changes made during that processing.</t> <section anchor="client-pkt-handling" numbered="true" toc="default"> <name>Client Packet Handling</name> <t>Valid packets sent to clients always include a Destination Connection ID that matches a value the client selects. Clients that choose to receive zero-length connection IDs can use the local address and port to identify a connection. Packets that do not match an existingconnection,connection -- based on Destination Connection ID or, if this value iszero-length,zero length, local IP address andport,port -- are discarded.</t> <t>Due to packet reordering or loss, a client might receive packets for a connection that are encrypted with a key it has not yet computed. The clientMAY<bcp14>MAY</bcp14> drop these packets, orMAYit <bcp14>MAY</bcp14> buffer them in anticipation of later packets that allow it to compute the key.</t> <t>If a client receives a packet that uses a different version than it initially selected, itMUST<bcp14>MUST</bcp14> discard that packet.</t> </section> <section anchor="server-pkt-handling" numbered="true" toc="default"> <name>Server Packet Handling</name> <t>If a server receives a packet that indicates an unsupported version and if the packet is large enough to initiate a new connection for any supported version, the serverSHOULD<bcp14>SHOULD</bcp14> send a Version Negotiation packet as described in <xref target="send-vn" format="default"/>. A serverMAY<bcp14>MAY</bcp14> limit the number of packets to which it responds with a Version Negotiation packet. ServersMUST<bcp14>MUST</bcp14> drop smaller packets that specify unsupported versions.</t> <t>The first packet for an unsupported version can use different semantics and encodings for any version-specific field. In particular, different packet protection keys might be used for different versions. Servers that do not support a particular version are unlikely to be able to decrypt the payload of the packet or properly interpret the result. ServersSHOULD<bcp14>SHOULD</bcp14> respond with a Version Negotiation packet, provided that the datagram is sufficiently long.</t> <t>Packets with a supported version, or noversionVersion field, are matched to a connection using the connection ID or--- for packets with zero-length connection IDs--- the local address and port. These packets are processed using the selected connection; otherwise, the server continues as described below.</t> <t>If the packet is an Initial packet fully conforming with the specification, the server proceeds with the handshake (<xref target="handshake" format="default"/>). This commits the server to the version that the client selected.</t> <t>If a server refuses to accept a new connection, itSHOULD<bcp14>SHOULD</bcp14> send an Initial packet containing a CONNECTION_CLOSE frame with error code CONNECTION_REFUSED.</t> <t>If the packet is a 0-RTT packet, the serverMAY<bcp14>MAY</bcp14> buffer a limited number of these packets in anticipation of a late-arriving Initial packet. Clients are not able to send Handshake packets prior to receiving a server response, so serversSHOULD<bcp14>SHOULD</bcp14> ignore any such packets.</t> <t>ServersMUST<bcp14>MUST</bcp14> drop incoming packets under all other circumstances.</t> </section> <section anchor="considerations-for-simple-load-balancers" numbered="true" toc="default"> <name>Considerations for Simple Load Balancers</name> <t>A server deployment couldload balanceload-balance among servers using only source and destination IP addresses and ports. Changes to the client's IP address or port could result in packets being forwarded to the wrong server. Such a server deployment could use one of the following methods for connection continuity when a client's address changes.</t> <ul spacing="normal"> <li>Servers could use an out-of-band mechanism to forward packets to the correct server based onConnectionconnection ID.</li> <li>If servers can use a dedicated server IP address or port, other than the one that the client initially connects to, they could use the preferred_address transport parameter to request that clients move connections to that dedicated address. Note that clients could choose not to use the preferred address.</li> </ul> <t>A server in a deployment that does not implement a solution to maintain connection continuity when the client address changesSHOULD<bcp14>SHOULD</bcp14> indicate that migration is not supported by using the disable_active_migration transport parameter. The disable_active_migration transport parameter does not prohibit connection migration after a client has acted on a preferred_address transport parameter.</t> <t>Server deployments that use this simple form of load balancingMUST<bcp14>MUST</bcp14> avoid the creation of a stateless reset oracle; see <xref target="reset-oracle" format="default"/>.</t> </section> </section> <section anchor="operations-on-connections" numbered="true" toc="default"> <name>Operations on Connections</name> <t>This document does not define an API forQUIC, butQUIC; it instead defines a set of functions for QUIC connections that application protocols can rely upon. An application protocol can assume that an implementation of QUIC provides an interface that includes the operations described in this section. An implementation designed for use with a specific application protocol might provide only those operations that are used by that protocol.</t> <t>When implementing the client role, an application protocol can:</t> <ul spacing="normal"> <li>open a connection, which begins the exchange described in <xref target="handshake" format="default"/>;</li> <li>enable Early Data when available; and</li> <li>be informed when Early Data has been accepted or rejected by a server.</li> </ul> <t>When implementing the server role, an application protocol can:</t> <ul spacing="normal"> <li>listen for incoming connections, which prepares for the exchange described in <xref target="handshake" format="default"/>;</li> <li>if Early Data is supported, embed application-controlled data in the TLS resumption ticket sent to the client; and</li> <li>if Early Data is supported, retrieve application-controlled data from the client's resumption ticket and accept or reject Early Data based on that information.</li> </ul> <t>In either role, an application protocol can:</t> <ul spacing="normal"> <li>configure minimum values for the initial number of permitted streams of each type, as communicated in the transport parameters (<xref target="transport-parameters" format="default"/>);</li> <li>control resource allocation for receive buffers by setting flow control limits both for streams and for theconnection</li>connection;</li> <li>identify whether the handshake has completed successfully or is still ongoing;</li> <li>keep a connection from silently closing,eitherby either generating PING frames (<xref target="frame-ping" format="default"/>) orbyrequesting that the transport send additional frames before the idle timeout expires (<xref target="idle-timeout" format="default"/>); and</li> <li>immediately close (<xref target="immediate-close" format="default"/>) the connection.</li> </ul> </section> </section> <section anchor="version-negotiation" numbered="true" toc="default"> <name>Version Negotiation</name> <t>Version negotiation allows a server to indicate that it does not support the version the client used. A server sends a Version Negotiation packet in response to each packet that might initiate a new connection; see <xref target="packet-handling" format="default"/> for details.</t> <t>The size of the first packet sent by a client will determine whether a server sends a Version Negotiation packet. Clients that support multiple QUIC versionsSHOULD<bcp14>SHOULD</bcp14> ensure that the first UDP datagram they send is sized to the largest of the minimum datagram sizes from all versions they support, using PADDING frames (<xref target="frame-padding" format="default"/>) as necessary. This ensures that the server responds if there is a mutually supported version. A server might not send a Version Negotiation packet if the datagram it receives is smaller than the minimum size specified in a different version; see <xref target="initial-size" format="default"/>.</t> <section anchor="send-vn" numbered="true" toc="default"> <name>Sending Version Negotiation Packets</name> <t>If the version selected by the client is not acceptable to the server, the server responds with a Version Negotiation packet; see <xref target="packet-version" format="default"/>. This includes a list of versions that the server will accept. An endpointMUST NOT<bcp14>MUST NOT</bcp14> send a Version Negotiation packet in response to receiving a Version Negotiation packet.</t> <t>This system allows a server to process packets with unsupported versions without retaining state. Though either the Initial packet or the Version Negotiation packet that is sent in response could be lost, the client will send new packets until it successfully receives a response or it abandons the connection attempt.</t> <t>A serverMAY<bcp14>MAY</bcp14> limit the number of Version Negotiation packets it sends. For instance, a server that is able to recognize packets as 0-RTT might choose not to send Version Negotiation packets in response to 0-RTT packets with the expectation that it will eventually receive an Initial packet.</t> </section> <section anchor="handle-vn" numbered="true" toc="default"> <name>Handling Version Negotiation Packets</name> <t>Version Negotiation packets are designed to allow for functionality to be defined in the future that allows QUIC to negotiate the version of QUIC to use for a connection. Futurestandards-trackStandards Track specifications might change how implementations that support multiple versions of QUIC react to Version Negotiation packets received in response to an attempt to establish a connection using this version.</t> <t>A client that supports only this version of QUICMUST<bcp14>MUST</bcp14> abandon the current connection attempt if it receives a Version Negotiation packet, with the following two exceptions. A clientMUST<bcp14>MUST</bcp14> discard any Version Negotiation packet if it has received and successfully processed any other packet, including an earlier Version Negotiation packet. A clientMUST<bcp14>MUST</bcp14> discard a Version Negotiation packet that lists the QUIC version selected by the client.</t> <t>How to perform version negotiation is left as future work defined by futurestandards-trackStandards Track specifications. In particular, that future work will ensure robustness against version downgrade attacks; see <xref target="version-downgrade" format="default"/>.</t> </section> <sectionanchor="version-negotiation-between-draft-versions"anchor="using-reserved-versions" numbered="true" toc="default"><name>Version Negotiation Between Draft<name>Using Reserved Versions</name><t>[[RFC editor: please remove this section before publication.]]</t> <t>When a draft implementation receives<t>For aVersion Negotiation packet, it MAY use itserver toattemptuse a newconnection with one of the versions listedversion in thepacket, instead of abandoning the current connection attempt; see <xref target="handle-vn" format="default"/>.</t> <t>The client MUST check that the Destination and Source Connection ID fields match the Source and Destination Connection ID fields in a packet that the client sent. If this check fails, the packet MUST be discarded.</t> <t>Once the Version Negotiation packet is determined to be valid, the client then selects an acceptable protocol version from the list provided by the server. The client then attempts to create a new connection using that version. The new connection MUST use a new random Destination Connection ID different from the one it had previously sent.</t> <t>Note that this mechanism does not protect against downgrade attacks and MUST NOT be used outside of draft implementations.</t> </section> </section> <section anchor="using-reserved-versions" numbered="true" toc="default"> <name>Using Reserved Versions</name> <t>For a server to use a new version in the future, clients need to correctly handle unsupported versions. Some version numbers (0x?a?a?a?a as defined infuture, clients need to correctly handle unsupported versions. Some version numbers (0x?a?a?a?a, as defined in <xref target="versions" format="default"/>) are reserved for inclusion in fields that contain version numbers.</t> <t>EndpointsMAY<bcp14>MAY</bcp14> add reserved versions to any field where unknown or unsupported versions are ignored to test that a peer correctly ignores the value. For instance, an endpoint could include a reserved version in a Version Negotiation packet; see <xref target="packet-version" format="default"/>. EndpointsMAY<bcp14>MAY</bcp14> send packets with a reserved version to test that a peer correctly discards the packet.</t> </section> </section> <section anchor="handshake" numbered="true" toc="default"> <name>Cryptographic and Transport Handshake</name> <t>QUIC relies on a combined cryptographic and transport handshake to minimize connection establishment latency. QUIC uses the CRYPTO frame (<xref target="frame-crypto" format="default"/>) to transmit the cryptographic handshake. The version of QUIC defined in this document is identified as 0x00000001 and uses TLS as described in <xref target="QUIC-TLS" format="default"/>; a different QUIC version could indicate that a different cryptographic handshake protocol is in use.</t> <t>QUIC provides reliable, ordered delivery of the cryptographic handshake data. QUIC packet protection is used to encrypt as much of the handshake protocol as possible. The cryptographic handshakeMUST<bcp14>MUST</bcp14> provide the following properties:</t> <ul spacing="normal"> <li> <t>authenticated key exchange,where </t>where</t> <ul spacing="normal"> <li>a server is always authenticated,</li> <li>a client is optionally authenticated,</li> <li>every connection produces distinct and unrelated keys, and</li> <li>keying material is usable for packet protection for both 0-RTT and 1-RTTpackets</li>packets.</li> </ul> </li> <li>authenticated exchange of values for transport parameters of both endpoints, and confidentiality protection for server transport parameters (see <xref target="transport-parameters"format="default"/>)</li>format="default"/>).</li> <li>authenticated negotiation of an application protocol (TLS usesALPNApplication-Layer Protocol Negotiation (ALPN) <xref target="ALPN" format="default"/> for thispurpose)</li>purpose).</li> </ul> <t>The CRYPTO frame can be sent in different packet number spaces (<xref target="packet-numbers" format="default"/>). The offsets used by CRYPTO frames to ensure ordered delivery of cryptographic handshake data start from zero in each packet number space.</t> <t><xref target="fig-hs" format="default"/> shows a simplified handshake and the exchange of packets and frames that are used to advance the handshake. Exchange of application data during the handshake is enabled where possible, shown witha '*'.an asterisk ("*"). Once the handshake is complete, endpoints are able to exchange application data freely.</t> <figure anchor="fig-hs"> <name>Simplified QUIC Handshake</name><artwork type="drawing" name="" align="left" alt=""><![CDATA[<sourcecode type="drawing"><![CDATA[ Client Server Initial (CRYPTO) 0-RTT (*) ----------> Initial (CRYPTO) Handshake (CRYPTO) <---------- 1-RTT (*) Handshake (CRYPTO) 1-RTT (*) ----------> <---------- 1-RTT (HANDSHAKE_DONE) 1-RTT <=========> 1-RTT]]></artwork>]]></sourcecode> </figure> <t>Endpoints can use packets sent during the handshake to test for Explicit Congestion Notification (ECN) support; see <xref target="ecn" format="default"/>. An endpoint validates support for ECN by observing whether the ACK frames acknowledging the first packets it sends carry ECN counts, as described in <xref target="ecn-validation" format="default"/>.</t> <t>EndpointsMUST<bcp14>MUST</bcp14> explicitly negotiate an application protocol. This avoids situations where there is a disagreement about the protocol that is in use.</t> <section anchor="example-handshake-flows" numbered="true" toc="default"> <name>Example Handshake Flows</name> <t>Details of how TLS is integrated with QUIC are provided in <xref target="QUIC-TLS" format="default"/>, but some examples are provided here. An extension of this exchange to support client address validation is shown in <xref target="validate-retry" format="default"/>.</t> <t>Once any address validation exchanges are complete, the cryptographic handshake is used to agree on cryptographic keys. The cryptographic handshake is carried in Initial (<xref target="packet-initial" format="default"/>) and Handshake (<xref target="packet-handshake" format="default"/>) packets.</t> <t><xref target="tls-1rtt-handshake" format="default"/> provides an overview of the 1-RTT handshake. Each line shows a QUIC packet with the packet type and packet number shown first, followed by the frames that are typically contained in those packets.So, for instanceFor instance, the first packet is of type Initial, with packet number 0, and contains a CRYPTO frame carrying the ClientHello.</t> <t>Multiple QUIC packets -- even of different packet types -- can be coalesced into a single UDP datagram; see <xref target="packet-coalesce" format="default"/>. As a result, this handshake could consist of as few as4four UDP datagrams, or any number more (subject to limits inherent to the protocol, such as congestion control and anti-amplification). For instance, the server's first flight contains Initial packets, Handshake packets, and "0.5-RTT data" in 1-RTT packets.</t> <figure anchor="tls-1rtt-handshake"> <name>Example 1-RTT Handshake</name> <artwork name="" type="" align="left" alt=""><![CDATA[ Client Server Initial[0]: CRYPTO[CH] -> Initial[0]: CRYPTO[SH] ACK[0] Handshake[0]: CRYPTO[EE, CERT, CV, FIN] <- 1-RTT[0]: STREAM[1, "..."] Initial[1]: ACK[0] Handshake[0]: CRYPTO[FIN], ACK[0] 1-RTT[0]: STREAM[0, "..."], ACK[0] -> Handshake[1]: ACK[0] <- 1-RTT[1]: HANDSHAKE_DONE, STREAM[3, "..."], ACK[0] ]]></artwork> </figure> <t><xref target="tls-0rtt-handshake" format="default"/> shows an example of a connection with a 0-RTT handshake and a single packet of 0-RTT data. Note that as described in <xref target="packet-numbers" format="default"/>, the server acknowledges 0-RTT data in 1-RTT packets, and the client sends 1-RTT packets in the same packet number space.</t> <figure anchor="tls-0rtt-handshake"> <name>Example 0-RTT Handshake</name> <artwork name="" type="" align="left" alt=""><![CDATA[ Client Server Initial[0]: CRYPTO[CH] 0-RTT[0]: STREAM[0, "..."] -> Initial[0]: CRYPTO[SH] ACK[0] Handshake[0] CRYPTO[EE, FIN] <- 1-RTT[0]: STREAM[1, "..."] ACK[0] Initial[1]: ACK[0] Handshake[0]: CRYPTO[FIN], ACK[0] 1-RTT[1]: STREAM[0, "..."] ACK[0] -> Handshake[1]: ACK[0] <- 1-RTT[1]: HANDSHAKE_DONE, STREAM[3, "..."], ACK[1] ]]></artwork> </figure> </section> <section anchor="negotiating-connection-ids" numbered="true" toc="default"> <name>Negotiating Connection IDs</name> <t>A connection ID is used to ensure consistent routing of packets, as described in <xref target="connection-id" format="default"/>. The long header contains two connection IDs: the Destination Connection ID is chosen by the recipient of the packet and is used to provide consistent routing; the Source Connection ID is used to set the Destination Connection ID used by the peer.</t> <t>During the handshake, packets with the long header (<xref target="long-header" format="default"/>) are used to establish the connection IDs used by both endpoints. Each endpoint uses the Source Connection ID field to specify the connection ID that is used in the Destination Connection ID field of packets being sent to them. After processing the first Initial packet, each endpoint sets the Destination Connection ID field in subsequent packets it sends to the value of the Source Connection ID field that it received.</t> <t>When an Initial packet is sent by a client that has not previously received an Initial or Retry packet from the server, the client populates the Destination Connection ID field with an unpredictable value. This Destination Connection IDMUST<bcp14>MUST</bcp14> be at least 8 bytes in length. Until a packet is received from the server, the clientMUST<bcp14>MUST</bcp14> use the same Destination Connection ID value on all packets in this connection.</t> <t>The Destination Connection ID field from the first Initial packet sent by a client is used to determine packet protection keys for Initial packets. These keys change after receiving a Retry packet; seeSection 5.2 of<xref section="5.2" sectionFormat="of" target="QUIC-TLS" format="default"/>.</t> <t>The client populates the Source Connection ID field with a value of its choosing and sets the Source Connection ID Length field to indicate the length.</t><t>The<t>0-RTT packets in the first flightof 0-RTT packetsuse the same Destination Connection ID and Source Connection ID values as the client's first Initial packet.</t> <t>Upon first receiving an Initial or Retry packet from the server, the client uses the Source Connection ID supplied by the server as the Destination Connection ID for subsequent packets, including any 0-RTT packets. This means that a client might have to change the connection ID it sets in the Destination Connection ID field twice during connection establishment: once in response to aRetry,Retry packet and once in response to an Initial packet from the server. Once a client has received a valid Initial packet from the server, itMUST<bcp14>MUST</bcp14> discard any subsequent packet it receives on that connection with a different Source Connection ID.</t> <t>A clientMUST<bcp14>MUST</bcp14> change the Destination Connection ID it uses for sending packets in response to only the first received Initial or Retry packet. A serverMUST<bcp14>MUST</bcp14> set the Destination Connection ID it uses for sending packets based on the first received Initial packet. Any further changes to the Destination Connection ID are only permitted if the values are taken from NEW_CONNECTION_ID frames; if subsequent Initial packets include a different Source Connection ID, theyMUST<bcp14>MUST</bcp14> be discarded. This avoids unpredictable outcomes that might otherwise result from stateless processing of multiple Initial packets with different Source Connection IDs.</t> <t>The Destination Connection ID that an endpoint sends can change over the lifetime of a connection, especially in response to connection migration (<xref target="migration" format="default"/>); see <xref target="issue-cid" format="default"/> for details.</t> </section> <section anchor="cid-auth" numbered="true" toc="default"> <name>Authenticating Connection IDs</name> <t>The choice each endpoint makes about connection IDs during the handshake is authenticated by including all values in transport parameters; see <xref target="transport-parameters" format="default"/>. This ensures that all connection IDs used for the handshake are also authenticated by the cryptographic handshake.</t> <t>Each endpoint includes the value of the Source Connection ID field from the first Initial packet it sent in the initial_source_connection_id transport parameter; see <xref target="transport-parameter-definitions" format="default"/>. A server includes the Destination Connection ID field from the first Initial packet it received from the client in the original_destination_connection_id transport parameter; if the server sent a Retry packet, this refers to the first Initial packet received before sending the Retry packet. If it sends a Retry packet, a server also includes the Source Connection ID field from the Retry packet in the retry_source_connection_id transport parameter.</t> <t>The values provided by a peer for these transport parametersMUST<bcp14>MUST</bcp14> match the values that an endpoint used in the Destination and Source Connection ID fields of Initial packets that it sent (and received, for servers). EndpointsMUST<bcp14>MUST</bcp14> validate that received transport parameters match receivedConnectionconnection ID values. Including connection ID values in transport parameters and verifying them ensures thatthatan attacker cannot influence the choice of connection ID for a successful connection by injecting packets carrying attacker-chosen connection IDs during the handshake.</t> <t>An endpointMUST<bcp14>MUST</bcp14> treat the absence of the initial_source_connection_id transport parameter from either endpoint or the absence of the original_destination_connection_id transport parameter from the server as a connection error of type TRANSPORT_PARAMETER_ERROR.</t> <t>An endpointMUST<bcp14>MUST</bcp14> treat the following as a connection error of type TRANSPORT_PARAMETER_ERROR or PROTOCOL_VIOLATION:</t> <ul spacing="normal"> <li>absence of the retry_source_connection_id transport parameter from the server after receiving a Retry packet,</li> <li>presence of the retry_source_connection_id transport parameter when no Retry packet was received, or</li> <li>a mismatch between values received from a peer in these transport parameters and the value sent in the corresponding Destination or Source Connection ID fields of Initial packets.</li> </ul> <t>If a zero-length connection ID is selected, the corresponding transport parameter is included with a zero-length value.</t> <t><xref target="fig-auth-cid" format="default"/> shows the connection IDs (with DCID=Destination Connection ID, SCID=Source Connection ID) that are used in a complete handshake. The exchange of Initial packets is shown, plus the later exchange of 1-RTT packets that includes the connection ID established during the handshake.</t> <figure anchor="fig-auth-cid"> <name>Use of Connection IDs in a Handshake</name> <artwork name="" type="" align="left" alt=""><![CDATA[ Client Server Initial: DCID=S1, SCID=C1 -> <- Initial: DCID=C1, SCID=S3 ... 1-RTT: DCID=S3 -> <- 1-RTT: DCID=C1 ]]></artwork> </figure> <t><xref target="fig-auth-cid-retry" format="default"/> shows a similar handshake that includes a Retry packet.</t> <figure anchor="fig-auth-cid-retry"> <name>Use of Connection IDs in a Handshake with Retry</name> <artwork name="" type="" align="left" alt=""><![CDATA[ Client Server Initial: DCID=S1, SCID=C1 -> <- Retry: DCID=C1, SCID=S2 Initial: DCID=S2, SCID=C1 -> <- Initial: DCID=C1, SCID=S3 ... 1-RTT: DCID=S3 -> <- 1-RTT: DCID=C1 ]]></artwork> </figure> <t>In both cases(<xref target="fig-auth-cid" format="default"/>(Figures <xref format="counter" target="fig-auth-cid"/> and <xreftarget="fig-auth-cid-retry" format="default"/>),format="counter" target="fig-auth-cid-retry"/>), the client sets the value of the initial_source_connection_id transport parameter to <tt>C1</tt>.</t> <t>When the handshake does not include a Retry (<xref target="fig-auth-cid" format="default"/>), the server sets original_destination_connection_id to <tt>S1</tt> (note that this value is chosen by the client) and initial_source_connection_id to <tt>S3</tt>. In this case, the server does not include a retry_source_connection_id transport parameter.</t> <t>When the handshake includes a Retry (<xref target="fig-auth-cid-retry" format="default"/>), the server sets original_destination_connection_id to <tt>S1</tt>, retry_source_connection_id to <tt>S2</tt>, and initial_source_connection_id to <tt>S3</tt>.</t> </section> <section anchor="transport-parameters" numbered="true" toc="default"> <name>Transport Parameters</name> <t>During connection establishment, both endpoints make authenticated declarations of their transport parameters. Endpoints are required to comply with the restrictions that each parameter defines; the description of each parameter includes rules for its handling.</t> <t>Transport parameters are declarations that are made unilaterally by each endpoint. Each endpoint can choose values for transport parameters independent of the values chosen by its peer.</t> <t>The encoding of the transport parameters is detailed in <xref target="transport-parameter-encoding" format="default"/>.</t> <t>QUIC includes the encoded transport parameters in the cryptographic handshake. Once the handshake completes, the transport parameters declared by the peer are available. Each endpoint validates the values provided by its peer.</t> <t>Definitions for each of the defined transport parameters are included in <xref target="transport-parameter-definitions" format="default"/>.</t> <t>An endpointMUST<bcp14>MUST</bcp14> treat receipt of a transport parameter with an invalid value as a connection error of type TRANSPORT_PARAMETER_ERROR.</t> <t>An endpointMUST NOT<bcp14>MUST NOT</bcp14> send a parameter more than once in a given transport parameters extension. An endpointSHOULD<bcp14>SHOULD</bcp14> treat receipt of duplicate transport parameters as a connection error of type TRANSPORT_PARAMETER_ERROR.</t> <t>Endpoints use transport parameters to authenticate the negotiation of connection IDs during the handshake; see <xref target="cid-auth" format="default"/>.</t><t>Application Layer Protocol Negotiation (ALPN; see<t>ALPN (see <xref target="ALPN" format="default"/>) allows clients to offer multiple application protocols during connection establishment. The transport parameters that a client includes during the handshake apply to all application protocols that the client offers. Application protocols can recommend values for transport parameters, such as the initial flow control limits. However, application protocols that set constraints on values for transport parameters could make it impossible for a client to offer multiple application protocols if these constraints conflict.</t> <section anchor="zerortt-parameters" numbered="true" toc="default"> <name>Values of Transport Parameters for 0-RTT</name> <t>Using 0-RTT depends on both client and server using protocol parameters that were negotiated from a previous connection. To enable 0-RTT, endpoints store thevaluevalues of the server transport parametersfrom a connection and apply them towith any0-RTT packets that are sent in subsequent connections to that peer that use asessionticket issuedtickets it receives onthatthe connection.This information is stored withEndpoints also store any information required by the application protocol or cryptographic handshake; seeSection 4.6 of<xref section="4.6" sectionFormat="of" target="QUIC-TLS"format="default"/>.</t>format="default"/>. The values of stored transport parameters are used when attempting 0-RTT using the session tickets.</t> <t>Remembered transport parameters apply to the new connection until the handshake completes and the client starts sending 1-RTT packets. Once the handshake completes, the client uses the transport parameters established in the handshake. Not all transport parameters are remembered, as some do not apply to future connections or they have no effect on the use of 0-RTT.</t> <t>The definition of a new transport parameter (<xref target="new-transport-parameters" format="default"/>)MUST<bcp14>MUST</bcp14> specify whether storing the transport parameter for 0-RTT is mandatory, optional, or prohibited. A client need not store a transport parameter it cannot process.</t> <t>A clientMUST NOT<bcp14>MUST NOT</bcp14> use remembered values for the following parameters: ack_delay_exponent, max_ack_delay, initial_source_connection_id, original_destination_connection_id, preferred_address, retry_source_connection_id, and stateless_reset_token. The clientMUST<bcp14>MUST</bcp14> use the server's new values in the handshake instead; if the server does not provide new values, the defaultvalue isvalues are used.</t> <t>A client that attempts to send 0-RTT dataMUST<bcp14>MUST</bcp14> remember all other transport parameters used by the server that it is able to process. The server can remember these transportparameters,parameters or can store an integrity-protected copy of the values in the ticket and recover the information when accepting 0-RTT data. A server uses the transport parameters in determining whether to accept 0-RTT data.</t> <t>If 0-RTT data is accepted by the server, the serverMUST NOT<bcp14>MUST NOT</bcp14> reduce any limits or alter any values that might be violated by the client with its 0-RTT data. In particular, a server that accepts 0-RTT dataMUST NOT<bcp14>MUST NOT</bcp14> set values for the following parameters (<xref target="transport-parameter-definitions" format="default"/>) that are smaller than the rememberedvaluevalues of the parameters.</t> <ul spacing="normal"> <li>active_connection_id_limit</li> <li>initial_max_data</li> <li>initial_max_stream_data_bidi_local</li> <li>initial_max_stream_data_bidi_remote</li> <li>initial_max_stream_data_uni</li> <li>initial_max_streams_bidi</li> <li>initial_max_streams_uni</li> </ul> <t>Omitting or setting a zero value for certain transport parameters can result in 0-RTT data beingenabled,enabled but not usable. The applicable subset of transport parameters that permit the sending of application dataSHOULD<bcp14>SHOULD</bcp14> be set to non-zero values for 0-RTT. This includes initial_max_data and either (1) initial_max_streams_bidi andinitial_max_stream_data_bidi_remote,initial_max_stream_data_bidi_remote or (2) initial_max_streams_uni and initial_max_stream_data_uni.</t> <t>A serverMAYmight provide larger initial stream flow control limits for streams than the remembered values that a client applies when sending 0-RTT. Once the handshake completes, the client updates the flow control limits on all sending streams using the updated values of initial_max_stream_data_bidi_remote and initial_max_stream_data_uni.</t> <t>A server <bcp14>MAY</bcp14> store and recover the previously sent values of the max_idle_timeout, max_udp_payload_size, and disable_active_migration parameters and reject 0-RTT if it selects smaller values. Lowering the values of these parameters while also accepting 0-RTT data could degrade the performance of the connection. Specifically, lowering the max_udp_payload_size could result in droppedpacketspackets, leading to worse performance compared to rejecting 0-RTT data outright.</t> <t>A serverMUST<bcp14>MUST</bcp14> reject 0-RTT data if the restored values for transport parameters cannot be supported.</t> <t>When sending frames in 0-RTT packets, a clientMUST<bcp14>MUST</bcp14> only use remembered transport parameters; importantly, itMUST NOT<bcp14>MUST NOT</bcp14> use updated values that it learns from the server's updated transport parameters or from frames received in 1-RTT packets. Updated values of transport parameters from the handshake apply only to 1-RTT packets. For instance, flow control limits from remembered transport parameters apply to all 0-RTT packets even if those values are increased by the handshake or by frames sent in 1-RTT packets. A serverMAY<bcp14>MAY</bcp14> treat the use of updated transport parameters in 0-RTT as a connection error of type PROTOCOL_VIOLATION.</t> </section> <section anchor="new-transport-parameters" numbered="true" toc="default"> <name>New Transport Parameters</name> <t>New transport parameters can be used to negotiate new protocol behavior. An endpointMUST<bcp14>MUST</bcp14> ignore transport parameters that it does not support.AbsenceThe absence of a transport parameter therefore disables any optional protocol feature that is negotiated using the parameter. As described in <xref target="transport-parameter-grease" format="default"/>, some identifiers are reserved in order to exercise this requirement.</t> <t>A client that does not understand a transport parameter can discard it and attempt 0-RTT on subsequent connections. However, if the client adds support for a discarded transport parameter, it risks violating the constraints that the transport parameter establishes if it attempts 0-RTT. New transport parameters can avoid this problem by setting a default of the most conservative value. Clients can avoid this problem by remembering all parameters, evenonesthose not currently supported.</t> <t>New transport parameters can be registered according to the rules in <xref target="iana-transport-parameters" format="default"/>.</t> </section> </section> <section anchor="cryptographic-message-buffering" numbered="true" toc="default"> <name>Cryptographic Message Buffering</name> <t>Implementations need to maintain a buffer of CRYPTO data received out of order. Because there is no flow control of CRYPTO frames, an endpoint could potentially force its peer to buffer an unbounded amount of data.</t> <t>ImplementationsMUST<bcp14>MUST</bcp14> support buffering at least 4096 bytes of data received in out-of-order CRYPTO frames. EndpointsMAY<bcp14>MAY</bcp14> choose to allow more data to be buffered during the handshake. A larger limit during the handshake could allow for larger keys or credentials to be exchanged. An endpoint's buffer size does not need to remain constant during the life of the connection.</t> <t>Being unable to buffer CRYPTO frames during the handshake can lead to a connection failure. If an endpoint's buffer is exceeded during the handshake, it can expand its buffer temporarily to complete the handshake. If an endpoint does not expand its buffer, itMUST<bcp14>MUST</bcp14> close the connection with a CRYPTO_BUFFER_EXCEEDED error code.</t> <t>Once the handshake completes, if an endpoint is unable to buffer all data in a CRYPTO frame, itMAY<bcp14>MAY</bcp14> discard that CRYPTO frame and all CRYPTO frames received in the future, or itMAY<bcp14>MAY</bcp14> close the connection with a CRYPTO_BUFFER_EXCEEDED error code. Packets containing discarded CRYPTO framesMUST<bcp14>MUST</bcp14> be acknowledged because the packet has been received and processed by the transport even though the CRYPTO frame was discarded.</t> </section> </section> <section anchor="address-validation" numbered="true" toc="default"> <name>Address Validation</name> <t>Address validation ensures that an endpoint cannot be used for a traffic amplification attack. In such an attack, a packet is sent to a server with spoofed source address information that identifies a victim. If a server generates more or larger packets in response to that packet, the attacker can use the server to send more data toward the victim than it would be able to send on its own.</t> <t>The primary defense against amplification attacks is verifying that a peer is able to receive packets at the transport address that it claims. Therefore, after receiving packets from an address that is not yet validated, an endpointMUST<bcp14>MUST</bcp14> limit the amount of data it sends to the unvalidated address to three times the amount of data received from that address. This limit on the size of responses is known as the anti-amplification limit.</t> <t>Address validation is performed both during connection establishment (see <xref target="validate-handshake" format="default"/>) and during connection migration (see <xref target="migrate-validate" format="default"/>).</t> <section anchor="validate-handshake" numbered="true" toc="default"> <name>Address ValidationDuringduring Connection Establishment</name> <t>Connection establishment implicitly provides address validation for both endpoints. In particular, receipt of a packet protected with Handshake keys confirms that the peer successfully processed an Initial packet. Once an endpoint has successfully processed a Handshake packet from the peer, it can consider the peer address to have been validated.</t> <t>Additionally, an endpointMAY<bcp14>MAY</bcp14> consider the peer address validated if the peer uses a connection ID chosen by the endpoint and the connection ID contains at least 64 bits of entropy.</t> <t>For the client, the value of the Destination Connection ID field in its first Initial packet allows it to validate the server address as a part of successfully processing any packet. Initial packets from the server are protected with keys that are derived from this value (seeSection 5.2 of<xref section="5.2" sectionFormat="of" target="QUIC-TLS" format="default"/>). Alternatively, the value is echoed by the server in Version Negotiation packets (<xref target="version-negotiation" format="default"/>) or included in the Integrity Tag in Retry packets(Section 5.8 of <xref(<xref section="5.8" sectionFormat="of" target="QUIC-TLS" format="default"/>).</t> <t>Prior to validating the client address, serversMUST NOT<bcp14>MUST NOT</bcp14> send more than three times as many bytes as the number of bytes they have received. This limits the magnitude of any amplification attack that can be mounted using spoofed source addresses. For the purposes of avoiding amplification prior to address validation, serversMUST<bcp14>MUST</bcp14> count all of the payload bytes received in datagrams that are uniquely attributed to a single connection. This includes datagrams that contain packets that are successfully processed and datagrams that contain packets that are all discarded.</t> <t>ClientsMUST<bcp14>MUST</bcp14> ensure that UDP datagrams containing Initial packets have UDP payloads of at least 1200 bytes, adding PADDING frames as necessary. A client that sends padded datagrams allows the server to send more data prior to completing address validation.</t> <t>Loss of an Initial or Handshake packet from the server can cause a deadlock if the client does not send additional Initial or Handshake packets. A deadlock could occur when the server reaches its anti-amplification limit and the client has received acknowledgments for all the data it has sent. In this case, when the client has no reason to send additional packets, the server will be unable to send more data because it has not validated the client's address. To prevent this deadlock, clientsMUST<bcp14>MUST</bcp14> send a packet on aprobe timeout (PTO,Probe Timeout (PTO); seeSection 6.2 of<xref section="6.2" sectionFormat="of" target="QUIC-RECOVERY"format="default"/>).format="default"/>. Specifically, the clientMUST<bcp14>MUST</bcp14> send an Initial packet in a UDP datagram that contains at least 1200 bytes if it does not have Handshake keys, and otherwise send a Handshake packet.</t> <t>A server might wish to validate the client address before starting the cryptographic handshake. QUIC uses a token in the Initial packet to provide address validation prior to completing the handshake. This token is delivered to the client during connection establishment with a Retry packet (see <xref target="validate-retry" format="default"/>) or in a previous connection using the NEW_TOKEN frame (see <xref target="validate-future" format="default"/>).</t> <t>In addition to sending limits imposed prior to address validation, servers are also constrained in what they can send by the limits set by the congestion controller. Clients are only constrained by the congestion controller.</t> <section anchor="token-differentiation" numbered="true" toc="default"> <name>Token Construction</name> <t>A token sent in a NEW_TOKEN frame or a Retry packetMUST<bcp14>MUST</bcp14> be constructed in a way that allows the server to identify how it was provided to a client. These tokens are carried in the samefield,field but require different handling from servers.</t> </section> <section anchor="validate-retry" numbered="true" toc="default"> <name>Address ValidationusingUsing Retry Packets</name> <t>Upon receiving the client's Initial packet, the server can request address validation by sending a Retry packet (<xref target="packet-retry" format="default"/>) containing a token. This tokenMUST<bcp14>MUST</bcp14> be repeated by the client in all Initial packets it sends for that connection after it receives the Retry packet.</t> <t>In response to processing an Initial packet containing a token that was provided in a Retry packet, a server cannot send another Retry packet; it can only refuse the connection or permit it to proceed.</t> <t>As long as it is not possible for an attacker to generate a valid token for its own address (see <xref target="token-integrity" format="default"/>) and the client is able to return that token, it proves to the server that it received the token.</t> <t>A server can also use a Retry packet to defer the state and processing costs of connection establishment. Requiring the server to provide a different connection ID, along with the original_destination_connection_id transport parameter defined in <xref target="transport-parameter-definitions" format="default"/>, forces the server to demonstrate that it, or an entity it cooperates with, received the original Initial packet from the client. Providing a different connection ID also grants a server some control over how subsequent packets are routed. This can be used to direct connections to a different server instance.</t> <t>If a server receives a client Initial that contains an invalid Retry token but is otherwise valid, it knows the client will not accept another Retry token. The server can discard such a packet and allow the client to time out to detect handshake failure, but that could impose a significant latency penalty on the client. Instead, the serverSHOULD<bcp14>SHOULD</bcp14> immediately close (<xref target="immediate-close" format="default"/>) the connection with an INVALID_TOKEN error. Note that a server has not established any state for the connection at this point and so does not enter the closing period.</t> <t>A flow showing the use of a Retry packet is shown in <xref target="fig-retry" format="default"/>.</t> <figure anchor="fig-retry"> <name>Example Handshake with Retry</name> <artwork name="" type="" align="left" alt=""><![CDATA[ Client Server Initial[0]: CRYPTO[CH] -> <- Retry+Token Initial+Token[1]: CRYPTO[CH] -> Initial[0]: CRYPTO[SH] ACK[1] Handshake[0]: CRYPTO[EE, CERT, CV, FIN] <- 1-RTT[0]: STREAM[1, "..."] ]]></artwork> </figure> </section> <section anchor="validate-future" numbered="true" toc="default"> <name>Address Validation for Future Connections</name> <t>A serverMAY<bcp14>MAY</bcp14> provide clients with an address validation token during one connection that can be used on a subsequent connection. Address validation is especially important with 0-RTT because a server potentially sends a significant amount of data to a client in response to 0-RTT data.</t> <t>The server uses the NEW_TOKEN frame (<xref target="frame-new-token" format="default"/>) to provide the client with an address validation token that can be used to validate future connections. In a future connection, the client includes this token in Initial packets to provide address validation. The clientMUST<bcp14>MUST</bcp14> include the token in all Initial packets it sends, unless a Retry replaces the token with a newer one. The clientMUST NOT<bcp14>MUST NOT</bcp14> use the token provided in a Retry for future connections. ServersMAY<bcp14>MAY</bcp14> discard any Initial packet that does not carry the expected token.</t> <t>Unlike the token that is created for a Retry packet, which is used immediately, the token sent in the NEW_TOKEN frame can be used after some period of time has passed. Thus, a tokenSHOULD<bcp14>SHOULD</bcp14> have an expiration time, which could be either an explicit expiration time or an issued timestamp that can be used to dynamically calculate the expiration time. A server can store the expiration time or include it in an encrypted form in the token.</t> <t>A token issued with NEW_TOKENMUST NOT<bcp14>MUST NOT</bcp14> include information that would allow values to be linked by an observer to the connection on which it was issued. For example, it cannot include the previous connection ID or addressing information, unless the values are encrypted. A serverMUST<bcp14>MUST</bcp14> ensure that every NEW_TOKEN frame it sends is unique across all clients, with the exception of those sent to repair losses of previously sent NEW_TOKEN frames. Information that allows the server to distinguish between tokens from Retry and NEW_TOKENMAY<bcp14>MAY</bcp14> be accessible to entities other than the server.</t> <t>It is unlikely that the client port number is the same on two different connections; validating the port is therefore unlikely to be successful.</t> <t>A token received in a NEW_TOKEN frame is applicable to any server that the connection is considered authoritative for (e.g., server names included in the certificate). When connecting to a server for which the client retains an applicable and unused token, itSHOULD<bcp14>SHOULD</bcp14> include that token in the Token field of its Initial packet. Including a token might allow the server to validate the client address without an additional round trip. A clientMUST NOT<bcp14>MUST NOT</bcp14> include a token that is not applicable to the server that it is connecting to, unless the client has the knowledge that the server that issued the token and the server the client is connecting to are jointly managing the tokens. A clientMAY<bcp14>MAY</bcp14> use a token from any previous connection to that server.</t> <t>A token allows a server to correlate activity between the connection where the token was issued and any connection where it is used. Clients that want to break continuity of identity with a server can discard tokens provided using the NEW_TOKEN frame. In comparison, a token obtained in a Retry packetMUST<bcp14>MUST</bcp14> be used immediately during the connection attempt and cannot be used in subsequent connection attempts.</t> <t>A clientSHOULD NOT<bcp14>SHOULD NOT</bcp14> reuse aNEW_TOKENtoken from a NEW_TOKEN frame for different connection attempts. Reusing a token allows connections to be linked by entities on the network path; see <xref target="migration-linkability" format="default"/>.</t> <t>Clients might receive multiple tokens on a single connection. Aside from preventing linkability, any token can be used in any connection attempt. Servers can send additional tokens to either enable address validation for multiple connection attempts ortoreplace older tokens that might become invalid. For a client, this ambiguity means that sending the most recent unused token is most likely to be effective. Though saving and using older tokenshashave no negative consequences, clients can regard older tokens as being less likely to be useful to the server for address validation.</t> <t>When a server receives an Initial packet with an address validation token, itMUST<bcp14>MUST</bcp14> attempt to validate the token, unless it has already completed address validation. If the token isinvalidinvalid, then the serverSHOULD<bcp14>SHOULD</bcp14> proceed as if the client did not have a validated address, including potentially sending aRetry.Retry packet. Tokens provided with NEW_TOKEN frames and Retry packets can be distinguished by servers (see <xref target="token-differentiation" format="default"/>), and the latter can be validated more strictly. If the validation succeeds, the serverSHOULD<bcp14>SHOULD</bcp14> then allow the handshake to proceed.</t><dl> <dt> Note: </dt> <dd> <t>The<aside> <t>Note: The rationale for treating the client as unvalidated rather than discarding the packet is that the client might have received the token in a previous connection using the NEW_TOKEN frame, and if the server has lost state, it might be unable to validate the token at all, leading to connection failure if the packet is discarded.</t></dd> </dl></aside> <t>In a stateless design, a server can use encrypted and authenticated tokens to pass information to clients that the server can later recover and use to validate a client address. Tokens are not integrated into the cryptographichandshakehandshake, and so they are not authenticated. For instance, a client might be able to reuse a token. To avoid attacks that exploit this property, a server can limit its use of tokens to only the information needed to validate client addresses.</t> <t>ClientsMAY<bcp14>MAY</bcp14> use tokens obtained on one connection for any connection attempt using the same version. When selecting a token to use, clients do not need to consider other properties of the connection that is being attempted, including the choice of possible application protocols, session tickets, or other connection properties.</t> </section> <section anchor="token-integrity" numbered="true" toc="default"> <name>Address Validation Token Integrity</name> <t>An address validation tokenMUST<bcp14>MUST</bcp14> be difficult to guess. Including a random value with at least 128 bits of entropy in the token would be sufficient, but this depends on the server remembering the value it sends to clients.</t> <t>A token-based scheme allows the server to offload any state associated with validation to the client. For this design to work, the tokenMUST<bcp14>MUST</bcp14> be covered by integrity protection against modification or falsification by clients. Without integrity protection, malicious clients could generate or guess values for tokens that would be accepted by the server. Only the server requires access to the integrity protection key for tokens.</t> <t>There is no need for a single well-defined format for the token because the server that generates the token also consumes it. Tokens sent in Retry packetsSHOULD<bcp14>SHOULD</bcp14> include information that allows the server to verify that the source IP address and port in client packets remain constant.</t> <t>Tokens sent in NEW_TOKEN framesMUST<bcp14>MUST</bcp14> include information that allows the server to verify that the client IP address has not changed from when the token was issued. Servers can use tokens from NEW_TOKEN frames in deciding not to send a Retry packet, even if the client address has changed. If the client IP address has changed, the serverMUST<bcp14>MUST</bcp14> adhere to the anti-amplification limit; see <xref target="address-validation" format="default"/>. Note that in the presence of NAT, this requirement might be insufficient to protect other hosts that share the NAT from amplificationattack.</t>attacks.</t> <t>Attackers could replay tokens to use servers as amplifiers in DDoS attacks. To protect against such attacks, serversMUST<bcp14>MUST</bcp14> ensure that replay of tokens is prevented or limited. ServersSHOULD<bcp14>SHOULD</bcp14> ensure that tokens sent in Retry packets are only accepted for a short time, as they are returned immediately by clients. Tokens that are provided in NEW_TOKEN frames (<xref target="frame-new-token" format="default"/>) need to be valid forlonger,longer butSHOULD NOT<bcp14>SHOULD NOT</bcp14> be accepted multiple times. Servers are encouraged to allow tokens to be used only once, if possible; tokensMAY<bcp14>MAY</bcp14> include additional information about clients to further narrow applicability or reuse.</t> </section> </section> <section anchor="migrate-validate" numbered="true" toc="default"> <name>Path Validation</name> <t>Path validation is used by both peers during connection migration (see <xref target="migration" format="default"/>) to verify reachability after a change of address. In path validation, endpoints test reachability between a specific local address and a specific peer address, where an address is thetwo-tuple2-tuple of IP address and port.</t> <t>Path validation tests that packets sent on a path to a peer are received by that peer. Path validation is used to ensure that packets received from a migrating peer do not carry a spoofed source address.</t> <t>Path validation does not validate that a peer can send in the return direction. Acknowledgments cannot be used for return path validation because they contain insufficient entropy and might be spoofed. Endpoints independently determine reachability on each direction of a path, and therefore return reachability can only be established by the peer.</t> <t>Path validation can be used at any time by either endpoint. For instance, an endpoint might check that a peer is still in possession of its address after a period of quiescence.</t> <t>Path validation is not designed as a NAT traversal mechanism. Though the mechanism described here might be effective for the creation of NAT bindings that support NAT traversal, the expectation is that oneor other peerendpoint is able to receive packets without first having sent a packet on that path. Effective NAT traversal needs additional synchronization mechanisms that are not provided here.</t> <t>An endpointMAY<bcp14>MAY</bcp14> include other frames with the PATH_CHALLENGE and PATH_RESPONSE frames used for path validation. In particular, an endpoint can include PADDING frames with a PATH_CHALLENGE frame for Path Maximum Transmission Unit Discovery(PMTUD;(PMTUD); see <xref target="pmtud"format="default"/>); itformat="default"/>. An endpoint can also include its own PATH_CHALLENGE framewithwhen sending a PATH_RESPONSE frame.</t> <t>An endpoint uses a new connection ID for probes sent from a new local address; see <xref target="migration-linkability" format="default"/>. When probing a new path, an endpoint can ensure that its peer has an unused connection ID available for responses. Sending NEW_CONNECTION_ID and PATH_CHALLENGE frames in the same packet, if the peer's active_connection_id_limit permits, ensures that an unused connection ID will be available to the peer when sending a response.</t> <t>An endpoint can choose to simultaneously probe multiple paths. The number of simultaneous paths used for probes is limited by the number of extra connection IDs its peer has previously supplied, since each new local address used for a probe requires a previously unused connection ID.</t> <section anchor="initiating-path-validation" numbered="true" toc="default"> <name>Initiating Path Validation</name> <t>To initiate path validation, an endpoint sends a PATH_CHALLENGE frame containing an unpredictable payload on the path to be validated.</t> <t>An endpointMAY<bcp14>MAY</bcp14> send multiple PATH_CHALLENGE frames to guard against packet loss. However, an endpointSHOULD NOT<bcp14>SHOULD NOT</bcp14> send multiple PATH_CHALLENGE frames in a single packet.</t> <t>An endpointSHOULD NOT<bcp14>SHOULD NOT</bcp14> probe a new path with packets containing a PATH_CHALLENGE frame more frequently than it would send an Initial packet. This ensures that connection migration is no more load on a new path than establishing a new connection.</t> <t>The endpointMUST<bcp14>MUST</bcp14> use unpredictable data in every PATH_CHALLENGE frame so that it can associate the peer's response with the corresponding PATH_CHALLENGE.</t> <t>An endpointMUST<bcp14>MUST</bcp14> expand datagrams that contain a PATH_CHALLENGE frame to at least the smallest allowed maximum datagram size of 1200 bytes, unless the anti-amplification limit for the path does not permit sending a datagram of this size. Sending UDP datagrams of this size ensures that the network path from the endpoint to the peer can be used for QUIC; see <xref target="datagram-size" format="default"/>.</t> <t>When an endpoint is unable to expand the datagram size to 1200 bytes due to the anti-amplification limit, the path MTU will not be validated. To ensure that the path MTU is large enough, the endpointMUST<bcp14>MUST</bcp14> perform a second path validation by sending a PATH_CHALLENGE frame in a datagram of at least 1200 bytes. This additional validation can be performed after a PATH_RESPONSE is successfully received or when enough bytes have been received on the path that sending the larger datagram will not result in exceeding the anti-amplification limit.</t> <t>Unlike other cases where datagrams are expanded, endpointsMUST NOT<bcp14>MUST NOT</bcp14> discard datagrams that appear to be too small when they contain PATH_CHALLENGE or PATH_RESPONSE.</t> </section> <section anchor="path-validation-responses" numbered="true" toc="default"> <name>Path Validation Responses</name> <t>On receiving a PATH_CHALLENGE frame, an endpointMUST<bcp14>MUST</bcp14> respond by echoing the data contained in the PATH_CHALLENGE frame in a PATH_RESPONSE frame. An endpointMUST NOT<bcp14>MUST NOT</bcp14> delay transmission of a packet containing a PATH_RESPONSE frame unless constrained by congestion control.</t> <t>A PATH_RESPONSE frameMUST<bcp14>MUST</bcp14> be sent on the network path where the PATH_CHALLENGE frame was received. This ensures that path validation by a peer only succeeds if the path is functional in both directions. This requirementMUST NOT<bcp14>MUST NOT</bcp14> be enforced by the endpoint that initiates pathvalidationvalidation, as that would enable an attack on migration; see <xref target="off-path-forward" format="default"/>.</t> <t>An endpointMUST<bcp14>MUST</bcp14> expand datagrams that contain a PATH_RESPONSE frame to at least the smallest allowed maximum datagram size of 1200 bytes. This verifies that the path is able to carry datagrams of this size in both directions. However, an endpointMUST NOT<bcp14>MUST NOT</bcp14> expand the datagram containing the PATH_RESPONSE if the resulting data exceeds the anti-amplification limit. This is expected to only occur if the received PATH_CHALLENGE was not sent in an expanded datagram.</t> <t>An endpointMUST NOT<bcp14>MUST NOT</bcp14> send more than one PATH_RESPONSE frame in response to one PATH_CHALLENGE frame; see <xref target="retransmission-of-information" format="default"/>. The peer is expected to send more PATH_CHALLENGE frames as necessary to evoke additional PATH_RESPONSE frames.</t> </section> <section anchor="successful-path-validation" numbered="true" toc="default"> <name>Successful Path Validation</name> <t>Path validation succeeds when a PATH_RESPONSE frame is received that contains the data that was sent in a previous PATH_CHALLENGE frame. A PATH_RESPONSE frame received on any network path validates the path on which the PATH_CHALLENGE was sent.</t> <t>If an endpoint sends a PATH_CHALLENGE frame in a datagram that is not expanded to at least 1200bytes,bytes and if the response to it validates the peer address, the path is validated but not the path MTU. As a result, the endpoint can now send more than three times the amount of data that has been received. However, the endpointMUST<bcp14>MUST</bcp14> initiate another path validation with an expanded datagram to verify that the path supports the required MTU.</t> <t>Receipt of an acknowledgment for a packet containing a PATH_CHALLENGE frame is not adequate validation, since the acknowledgment can be spoofed by a malicious peer.</t> </section> <section anchor="failed-path-validation" numbered="true" toc="default"> <name>Failed Path Validation</name> <t>Path validation only fails when the endpoint attempting to validate the path abandons its attempt to validate the path.</t> <t>EndpointsSHOULD<bcp14>SHOULD</bcp14> abandon path validation based on a timer. When setting this timer, implementations are cautioned that the new path could have a longer round-trip time than the original. A value of three times the larger of the currentProbe Timeout (PTO)PTO or the PTO for the new path(that is, using kInitialRtt(using kInitialRtt, as defined in <xref target="QUIC-RECOVERY" format="default"/>) isRECOMMENDED.</t><bcp14>RECOMMENDED</bcp14>.</t> <t>This timeout allows for multiple PTOs to expire prior to failing path validation, so that loss of a single PATH_CHALLENGE or PATH_RESPONSE frame does not cause path validation failure.</t> <t>Note that the endpoint might receive packets containing other frames on the new path, but a PATH_RESPONSE frame with appropriate data is required for path validation to succeed.</t> <t>When an endpoint abandons path validation, it determines that the path is unusable. This does not necessarily imply a failure of the connection--- endpoints can continue sending packets over other paths as appropriate. If no paths are available, an endpoint can wait for a new path to become available or close the connection. An endpoint that has no valid network path to its peerMAY<bcp14>MAY</bcp14> signal this using the NO_VIABLE_PATH connection error, noting that this is only possible if the network path exists but does not support the required MTU (<xref target="datagram-size" format="default"/>).</t> <t>A path validation might be abandoned for other reasons besides failure. Primarily, this happens if a connection migration to a new path is initiated while a path validation on the old path is in progress.</t> </section> </section> </section> <section anchor="migration" numbered="true" toc="default"> <name>Connection Migration</name> <t>The use of a connection ID allows connections to survive changes to endpoint addresses (IP address and port), such as those caused by an endpoint migrating to a new network. This section describes the process by which an endpoint migrates to a new address.</t> <t>The design of QUIC relies on endpoints retaining a stable address for the duration of the handshake. An endpointMUST NOT<bcp14>MUST NOT</bcp14> initiate connection migration before the handshake is confirmed, as defined insection 4.1.2 of<xref section="4.1.2" sectionFormat="of" target="QUIC-TLS" format="default"/>.</t> <t>If the peer sent the disable_active_migration transport parameter, an endpoint alsoMUST NOT<bcp14>MUST NOT</bcp14> send packets (including probing packets; see <xref target="probing" format="default"/>) from a different local address to the address the peer used during the handshake, unless the endpoint has acted on a preferred_address transport parameter from the peer. If the peer violates this requirement, the endpointMUST<bcp14>MUST</bcp14> either drop the incoming packets on that path without generating astateless resetStateless Reset or proceed with path validation and allow the peer to migrate. Generating astateless resetStateless Reset or closing the connection would allow third parties in the network to cause connections to close by spoofing or otherwise manipulating observed traffic.</t> <t>Not all changes of peer address are intentional, or active, migrations. The peer could experience NAT rebinding: a change of address due to a middlebox, usually a NAT, allocating a new outgoing port or even a new outgoing IP address for a flow. An endpointMUST<bcp14>MUST</bcp14> perform path validation (<xref target="migrate-validate" format="default"/>) if it detects any change to a peer's address, unless it has previously validated that address.</t> <t>When an endpoint has no validated path on which to send packets, itMAY<bcp14>MAY</bcp14> discard connection state. An endpoint capable of connection migrationMAY<bcp14>MAY</bcp14> wait for a new path to become available before discarding connection state.</t> <t>This document limits migration of connections to new client addresses, except as described in <xref target="preferred-address" format="default"/>. Clients are responsible for initiating all migrations. Servers do not send non-probing packets (see <xref target="probing" format="default"/>) toward a client address until they see a non-probing packet from that address. If a client receives packets from an unknown server address, the clientMUST<bcp14>MUST</bcp14> discard these packets.</t> <section anchor="probing" numbered="true" toc="default"> <name>Probing a New Path</name> <t>An endpointMAY<bcp14>MAY</bcp14> probe for peer reachability from a new local address using path validation (<xref target="migrate-validate" format="default"/>) prior to migrating the connection to the new local address. Failure of path validation simply means that the new path is not usable for this connection. Failure to validate a path does not cause the connection to end unless there are no valid alternative paths available.</t> <t>PATH_CHALLENGE, PATH_RESPONSE, NEW_CONNECTION_ID, and PADDING frames are "probing frames", and all other frames are "non-probing frames". A packet containing only probing frames is a "probing packet", and a packet containing any other frame is a "non-probing packet".</t> </section> <section anchor="initiating-migration" numbered="true" toc="default"> <name>Initiating Connection Migration</name> <t>An endpoint can migrate a connection to a new local address by sending packets containing non-probing frames from that address.</t> <t>Each endpoint validates its peer's address during connection establishment. Therefore, a migrating endpoint can send to its peer knowing that the peer is willing to receive at the peer's current address.ThusThus, an endpoint can migrate to a new local address without first validating the peer's address.</t> <t>To establish reachability on the new path, an endpoint initiates path validation (<xref target="migrate-validate" format="default"/>) on the new path. An endpointMAY<bcp14>MAY</bcp14> defer path validation until after a peer sends the next non-probing frame to its new address.</t> <t>When migrating, the new path might not support the endpoint's current sending rate. Therefore, the endpoint resets its congestion controller and RTT estimate, as described in <xref target="migration-cc" format="default"/>.</t> <t>The new path might not have the same ECN capability. Therefore, the endpoint validates ECN capability as described in <xref target="ecn" format="default"/>.</t> </section> <section anchor="migration-response" numbered="true" toc="default"> <name>Responding to Connection Migration</name> <t>Receiving a packet from a new peer address containing a non-probing frame indicates that the peer has migrated to that address.</t> <t>If the recipient permits the migration, itMUST<bcp14>MUST</bcp14> send subsequent packets to the new peer address andMUST<bcp14>MUST</bcp14> initiate path validation (<xref target="migrate-validate" format="default"/>) to verify the peer's ownership of the address if validation is not alreadyunderway.</t>underway. If the recipient has no unused connection IDs from the peer, it will not be able to send anything on the new path until the peer provides one; see <xref target="migration-linkability" format="default"/>.</t> <t>An endpoint only changes the address to which it sends packets in response to the highest-numbered non-probing packet. This ensures that an endpoint does not send packets to an old peer address in the case that it receives reordered packets.</t> <t>An endpointMAY<bcp14>MAY</bcp14> send data to an unvalidated peer address, but itMUST<bcp14>MUST</bcp14> protect against potential attacks as described in Sections <xreftarget="address-spoofing" format="default"/>format="counter" target="address-spoofing"/> and <xreftarget="on-path-spoofing" format="default"/>.format="counter" target="on-path-spoofing"/>. An endpointMAY<bcp14>MAY</bcp14> skip validation of a peer address if that address has been seen recently. In particular, if an endpoint returns to apreviously-validatedpreviously validated path after detecting some form of spurious migration, skipping address validation and restoring loss detection and congestion state can reduce the performance impact of the attack.</t> <t>After changing the address to which it sends non-probing packets, an endpoint can abandon any path validation for other addresses.</t> <t>Receiving a packet from a new peer address could be the result of a NAT rebinding at the peer.</t> <t>After verifying a new client address, the serverSHOULD<bcp14>SHOULD</bcp14> send new address validation tokens (<xref target="address-validation" format="default"/>) to the client.</t> <section anchor="address-spoofing" numbered="true" toc="default"> <name>Peer Address Spoofing</name> <t>It is possible that a peer is spoofing its source address to cause an endpoint to send excessive amounts of data to an unwilling host. If the endpoint sends significantly more data than the spoofing peer, connection migration might be used to amplify the volume of data that an attacker can generate toward a victim.</t> <t>As described in <xref target="migration-response" format="default"/>, an endpoint is required to validate a peer's new address to confirm the peer's possession of the new address. Until a peer's address is deemed valid, an endpoint limits the amount of data it sends to that address; see <xref target="address-validation" format="default"/>. In the absence of this limit, an endpoint risks being used for adenial of servicedenial-of-service attack against an unsuspecting victim.</t> <t>If an endpoint skips validation of a peer address as described above, it does not need to limit its sending rate.</t> </section> <section anchor="on-path-spoofing" numbered="true" toc="default"> <name>On-Path Address Spoofing</name> <t>An on-path attacker could cause a spurious connection migration by copying and forwarding a packet with a spoofed address such that it arrives before the original packet. The packet with the spoofed address will be seen to come from a migrating connection, and the original packet will be seen as a duplicate and dropped. After a spurious migration, validation of the source address will fail because the entity at the source address does not have the necessary cryptographic keys to read or respond to the PATH_CHALLENGE frame that is sent to it even if it wanted to.</t> <t>To protect the connection from failing due to such a spurious migration, an endpointMUST<bcp14>MUST</bcp14> revert to using the last validated peer address when validation of a new peer address fails. Additionally, receipt of packets with higher packet numbers from the legitimate peer address will trigger another connection migration. This will cause the validation of the address of the spurious migration to be abandoned, thus containing migrations initiated by the attacker injecting a single packet.</t> <t>If an endpoint has no state about the last validated peer address, itMUST<bcp14>MUST</bcp14> close the connection silently by discarding all connection state. This results in new packets on the connection being handled generically. For instance, an endpointMAY<bcp14>MAY</bcp14> send astateless resetStateless Reset in response to any further incoming packets.</t> </section> <section anchor="off-path-forward" numbered="true" toc="default"> <name>Off-Path Packet Forwarding</name> <t>An off-path attacker that can observe packets might forward copies of genuine packets to endpoints. If the copied packet arrives before the genuine packet, this will appear as a NAT rebinding. Any genuine packet will be discarded as a duplicate. If the attacker is able to continue forwarding packets, it might be able to cause migration to a path via the attacker. This places the attackeron path,on-path, giving it the ability to observe or drop all subsequent packets.</t> <t>This style of attack relies on the attacker using a path that has approximately the same characteristics as the direct path between endpoints. The attack is more reliable if relatively few packets are sent or if packet loss coincides with the attempted attack.</t> <t>A non-probing packet received on the original path that increases the maximum received packet number will cause the endpoint to move back to that path. Eliciting packets on this path increases the likelihood that the attack is unsuccessful. Therefore, mitigation of this attack relies on triggering the exchange of packets.</t> <t>In response to an apparent migration, endpointsMUST<bcp14>MUST</bcp14> validate the previously active path using a PATH_CHALLENGE frame. This induces the sending of new packets on that path. If the path is no longer viable, the validation attempt will time out and fail; if the path isviable,viable but no longer desired, the validation willsucceed,succeed but only results in probing packets being sent on the path.</t> <t>An endpoint that receives a PATH_CHALLENGE on an active pathSHOULD<bcp14>SHOULD</bcp14> send a non-probing packet in response. If the non-probing packet arrives before any copy made by an attacker, this results in the connection being migrated back to the original path. Any subsequent migration to another path restarts this entire process.</t> <t>This defense is imperfect, but this is not considered a serious problem. If the path via the attack is reliably faster than the original path despite multiple attempts to use that original path, it is not possible to distinguish between an attack and an improvement in routing.</t> <t>An endpoint could also use heuristics to improve detection of this style of attack. For instance, NAT rebinding is improbable if packets were recently received on the old path; similarly, rebinding is rare on IPv6 paths. Endpoints can also look for duplicated packets. Conversely, a change in connection ID is more likely to indicate an intentional migration rather than an attack.</t> </section> </section> <section anchor="migration-cc" numbered="true" toc="default"> <name>Loss Detection and Congestion Control</name> <t>The capacity available on the new path might not be the same as the old path. Packets sent on the old pathMUST NOT<bcp14>MUST NOT</bcp14> contribute to congestion control or RTT estimation for the new path.</t> <t>On confirming a peer's ownership of its new address, an endpointMUST<bcp14>MUST</bcp14> immediately reset the congestion controller and round-trip time estimator for the new path to initial values (see AppendicesA.3<xref section="A.3" sectionFormat="bare" target="QUIC-RECOVERY" format="default"/> andB.3 in<xref section="B.3" sectionFormat="bare" target="QUIC-RECOVERY" format="default"/> of <xref target="QUIC-RECOVERY" format="default"/>) unless the only change in the peer's address is its port number. Because port-only changes are commonly the result of NAT rebinding or other middlebox activity, the endpointMAY<bcp14>MAY</bcp14> instead retain its congestion control state and round-trip estimate in those cases instead of reverting to initial values. In cases where congestion control state retained from an old path is used on a new path with substantially different characteristics, a sender could transmit too aggressively until the congestion controller and the RTT estimator have adapted. Generally, implementations are advised to be cautious when using previous values on a new path.</t> <t>There could be apparent reordering at the receiver when an endpoint sends data and probes from/to multiple addresses during the migration period, since the two resulting paths could have different round-trip times. A receiver of packets on multiple paths will still send ACK frames covering all received packets.</t> <t>While multiple paths might be used during connection migration, a single congestion control context and a single loss recovery context (as described in <xref target="QUIC-RECOVERY" format="default"/>) could be adequate. For instance, an endpoint might delay switching to a new congestion control context until it is confirmed that an old path is no longer needed (such as the case described in <xref target="off-path-forward" format="default"/>).</t> <t>A sender can make exceptions for probe packets so that their loss detection is independent and does not unduly cause the congestion controller to reduce its sending rate. An endpoint might set a separate timer when a PATH_CHALLENGE is sent, which iscancelledcanceled if the corresponding PATH_RESPONSE is received. If the timer fires before the PATH_RESPONSE is received, the endpoint might send a newPATH_CHALLENGE,PATH_CHALLENGE and restart the timer for a longer period of time. This timerSHOULD<bcp14>SHOULD</bcp14> be set as described inSection 6.2.1 of<xref section="6.2.1" sectionFormat="of" target="QUIC-RECOVERY" format="default"/> andMUST NOT<bcp14>MUST NOT</bcp14> be more aggressive.</t> </section> <section anchor="migration-linkability" numbered="true" toc="default"> <name>Privacy Implications of Connection Migration</name> <t>Using a stable connection ID on multiple network paths would allow a passive observer to correlate activity between those paths. An endpoint that moves between networks might not wish to have their activity correlated by any entity other than their peer, so different connection IDs are used when sending from different local addresses, as discussed in <xref target="connection-id" format="default"/>. For this to be effective, endpoints need to ensure that connection IDs they provide cannot be linked by any other entity.</t> <t>At any time, endpointsMAY<bcp14>MAY</bcp14> change the Destination Connection ID they transmit with to a value that has not been used on another path.</t> <t>An endpointMUST NOT<bcp14>MUST NOT</bcp14> reuse a connection ID when sending from more than one localaddress,address -- forexampleexample, when initiating connection migration as described in <xref target="initiating-migration" format="default"/> or when probing a new network path as described in <xref target="probing" format="default"/>.</t> <t>Similarly, an endpointMUST NOT<bcp14>MUST NOT</bcp14> reuse a connection ID when sending to more than one destination address. Due to network changes outside the control of its peer, an endpoint might receive packets from a new source address with the samedestination connection ID,Destination Connection ID field value, in which case itMAY<bcp14>MAY</bcp14> continue to use the current connection ID with the new remote address while still sending from the same local address.</t> <t>These requirements regarding connection ID reuse apply only to the sending of packets, as unintentional changes in path without a change in connection ID are possible. For example, after a period of network inactivity, NAT rebinding might cause packets to be sent on a new path when the client resumes sending. An endpoint responds to such an event as described in <xref target="migration-response" format="default"/>.</t> <t>Using different connection IDs for packets sent in both directions on each new network path eliminates the use of the connection ID for linking packets from the same connection across different network paths. Header protection ensures that packet numbers cannot be used to correlate activity. This does not prevent other properties of packets, such as timing and size, from being used to correlate activity.</t> <t>An endpointSHOULD NOT<bcp14>SHOULD NOT</bcp14> initiate migration with a peer that has requested a zero-length connection ID, because traffic over the new path might be trivially linkable to traffic over the old one. If the server is able to associate packets with a zero-length connection ID to the right connection, it means that the server is using other information to demultiplex packets. For example, a server might provide a unique address to everyclient,client -- forinstanceinstance, using HTTP alternative services <xref target="ALTSVC" format="default"/>. Information that might allow correct routing of packets across multiple network paths will also allow activity on those paths to be linked by entities other than the peer.</t> <t>A client might wish to reduce linkability by switching to a new connection ID, source UDP port, or IP address (see <xreftarget="RFC4941"target="RFC8981" format="default"/>) when sending traffic after a period of inactivity. Changing the address from which it sends packets at the same time might cause the server to detect a connection migration. This ensures that the mechanisms that support migration are exercised even for clients that do not experience NAT rebindings or genuine migrations. Changing address can cause a peer to reset its congestion control state (see <xref target="migration-cc" format="default"/>), so addressesSHOULD<bcp14>SHOULD</bcp14> only be changed infrequently.</t> <t>An endpoint that exhausts available connection IDs cannot probe new paths or initiate migration, nor can it respond to probes or attempts by its peer to migrate. To ensure that migration is possible and packets sent on different paths cannot be correlated, endpointsSHOULD<bcp14>SHOULD</bcp14> provide new connection IDs before peers migrate; see <xref target="issue-cid" format="default"/>. If a peer might have exhausted available connection IDs, a migrating endpoint could include a NEW_CONNECTION_ID frame in all packets sent on a new network path.</t> </section> <section anchor="preferred-address" numbered="true" toc="default"> <name>Server's Preferred Address</name> <t>QUIC allows servers to accept connections on one IP address and attempt to transfer these connections to a more preferred address shortly after the handshake. This is particularly useful when clients initially connect to an address shared by multiple servers but would prefer to use a unicast address to ensure connection stability. This section describes the protocol for migrating a connection to a preferred server address.</t> <t>Migrating a connection to a new server address mid-connection is not supported by the version of QUIC specified in this document. If a client receives packets from a new server address when the client has not initiated a migration to that address, the clientSHOULD<bcp14>SHOULD</bcp14> discard these packets.</t> <section anchor="communicating-a-preferred-address" numbered="true" toc="default"> <name>Communicating a Preferred Address</name> <t>A server conveys a preferred address by including the preferred_address transport parameter in the TLS handshake.</t> <t>ServersMAY<bcp14>MAY</bcp14> communicate a preferred address of each address family (IPv4 and IPv6) to allow clients to pick the one most suited to their network attachment.</t> <t>Once the handshake is confirmed, the clientSHOULD<bcp14>SHOULD</bcp14> select one of the two addresses provided by the server and initiate path validation (see <xref target="migrate-validate" format="default"/>). A client constructs packets using any previously unused active connection ID, taken from either the preferred_address transport parameter or a NEW_CONNECTION_ID frame.</t> <t>As soon as path validation succeeds, the clientSHOULD<bcp14>SHOULD</bcp14> begin sending all future packets to the new server address using the new connection ID and discontinue use of the old server address. If path validation fails, the clientMUST<bcp14>MUST</bcp14> continue sending all future packets to the server's original IP address.</t> </section> <section anchor="migration-to-a-preferred-address" numbered="true" toc="default"> <name>Migration to a Preferred Address</name> <t>A client that migrates to a preferred addressMUST<bcp14>MUST</bcp14> validate the address it chooses before migrating; see <xref target="forgery-spa" format="default"/>.</t> <t>A server might receive a packet addressed to its preferred IP address at any time after it accepts a connection. If this packet contains a PATH_CHALLENGE frame, the server sends a packet containing a PATH_RESPONSE frame as per <xref target="migrate-validate" format="default"/>. The serverMUST<bcp14>MUST</bcp14> send non-probing packets from its original address until it receives a non-probing packet from the client at its preferred address and until the server has validated the new path.</t> <t>The serverMUST<bcp14>MUST</bcp14> probe on the path toward the client from its preferred address. This helps to guard against spurious migration initiated by an attacker.</t> <t>Once the server has completed its path validation and has received a non-probing packet with a new largest packet number on its preferred address, the server begins sending non-probing packets to the client exclusively from its preferred IP address. The serverSHOULD<bcp14>SHOULD</bcp14> drop newer packets for this connection that are received on the old IP address. The serverMAY<bcp14>MAY</bcp14> continue to process delayed packets that are received on the old IP address.</t> <t>The addresses that a server provides in the preferred_address transport parameter are only valid for the connection in which they are provided. A clientMUST NOT<bcp14>MUST NOT</bcp14> use these for other connections, including connections that are resumed from the current connection.</t> </section> <section anchor="interaction-of-client-migration-and-preferred-address" numbered="true" toc="default"> <name>Interaction of Client Migration and Preferred Address</name> <t>A client might need to perform a connection migration before it has migrated to the server's preferred address. In this case, the clientSHOULD<bcp14>SHOULD</bcp14> perform path validation to both the original and preferred server address from the client's new address concurrently.</t> <t>If path validation of the server's preferred address succeeds, the clientMUST<bcp14>MUST</bcp14> abandon validation of the original address and migrate to using the server's preferred address. If path validation of the server's preferred address fails but validation of the server's original address succeeds, the clientMAY<bcp14>MAY</bcp14> migrate to its new address and continue sending to the server's original address.</t> <t>If packets received at the server's preferred address have a different source address than observed from the client during the handshake, the serverMUST<bcp14>MUST</bcp14> protect against potential attacks as described in Sections <xreftarget="address-spoofing" format="default"/>format="counter" target="address-spoofing"/> and <xreftarget="on-path-spoofing" format="default"/>.format="counter" target="on-path-spoofing"/>. In addition to intentional simultaneous migration, this might also occur because the client's access network used a different NAT binding for the server's preferred address.</t> <t>ServersSHOULD<bcp14>SHOULD</bcp14> initiate path validation to the client's new address upon receiving a probe packet from a different address; see <xref target="address-validation" format="default"/>.</t> <t>A client that migrates to a new addressSHOULD<bcp14>SHOULD</bcp14> use a preferred address from the same address family for the server.</t> <t>The connection ID provided in the preferred_address transport parameter is not specific to the addresses that are provided. This connection ID is provided to ensure that the client has a connection ID available for migration, but the clientMAY<bcp14>MAY</bcp14> use this connection ID on any path.</t> </section> </section> <section anchor="ipv6-flow-label" numbered="true" toc="default"> <name>Use of IPv6Flow-LabelFlow Label and Migration</name> <t>Endpoints that send data using IPv6SHOULD<bcp14>SHOULD</bcp14> apply an IPv6 flow label in compliance with <xref target="RFC6437" format="default"/>, unless the local API does not allow setting IPv6 flow labels.</t> <t>The flow label generationMUST<bcp14>MUST</bcp14> be designed to minimize the chances of linkability with a previously used flow label, as a stable flow label would enable correlating activity on multiple paths; see <xref target="migration-linkability" format="default"/>.</t> <t><xref target="RFC6437" format="default"/> suggests deriving values using a pseudorandom function to generate flow labels. Including the Destination Connection ID field in addition to source and destination addresses when generating flow labels ensures that changes are synchronized with changes in other observable identifiers. A cryptographic hash function that combines these inputs with a local secret is one way this might be implemented.</t> </section> </section> <section anchor="termination" numbered="true" toc="default"> <name>Connection Termination</name> <t>An established QUIC connection can be terminated in one of three ways:</t> <ul spacing="normal"> <li>idle timeout (<xref target="idle-timeout" format="default"/>)</li> <li>immediate close (<xref target="immediate-close" format="default"/>)</li> <li>stateless reset (<xref target="stateless-reset" format="default"/>)</li> </ul> <t>An endpointMAY<bcp14>MAY</bcp14> discard connection state if it does not have a validated path on which it can send packets; see <xref target="migrate-validate" format="default"/>.</t> <section anchor="idle-timeout" numbered="true" toc="default"> <name>Idle Timeout</name> <t>If a max_idle_timeout is specified by eitherpeerendpoint in its transport parameters (<xref target="transport-parameter-definitions" format="default"/>), the connection is silently closed and its state is discarded when it remains idle for longer than the minimum ofboth peersthe max_idle_timeoutvalues.</t>value advertised by both endpoints.</t> <t>Each endpoint advertises a max_idle_timeout, but the effective value at an endpoint is computed as the minimum of the two advertised values (or the sole advertised value, if only one endpoint advertises anonzeronon-zero value). By announcing a max_idle_timeout, an endpoint commits to initiating an immediate close (<xref target="immediate-close" format="default"/>) if it abandons the connection prior to the effective value.</t> <t>An endpoint restarts its idle timer when a packet from its peer is received and processed successfully. An endpoint also restarts its idle timer when sending an ack-eliciting packet if no other ack-eliciting packets have been sent since last receiving and processing a packet. Restarting this timer when sending a packet ensures that connections are not closed after new activity is initiated.</t> <t>To avoid excessively small idle timeout periods, endpointsMUST<bcp14>MUST</bcp14> increase the idle timeout period to be at least three times the current Probe Timeout (PTO). This allows for multiple PTOs to expire, and therefore multiple probes to be sent and lost, prior to idle timeout.</t> <section anchor="liveness-testing" numbered="true" toc="default"> <name>Liveness Testing</name> <t>An endpoint that sends packets close to the effective timeout risks having them be discarded at the peer, since the idle timeout period might have expired at the peer before these packets arrive.</t> <t>An endpoint can send a PING or another ack-eliciting frame to test the connection for liveness if the peer could time out soon, such as within a PTO; seeSection 6.2 of<xref section="6.2" sectionFormat="of" target="QUIC-RECOVERY" format="default"/>. This is especially useful if any available application data cannot be safely retried. Note that the application determines what data is safe to retry.</t> </section> <section anchor="defer-idle" numbered="true" toc="default"> <name>Deferring Idle Timeout</name> <t>An endpoint might need to send ack-eliciting packets to avoid an idle timeout if it is expecting responsedata,data but does not have or is unable to send application data.</t> <t>An implementation of QUIC might provide applications with an option to defer an idle timeout. This facility could be used when the application wishes to avoid losing state that has been associated with an openconnection,connection but does not expect to exchange application data for some time. With this option, an endpoint could send a PING frame (<xref target="frame-ping" format="default"/>) periodically, which will cause the peer to restart its idle timeout period. Sending a packet containing a PING frame restarts the idle timeout for this endpoint also if this is the first ack-eliciting packet sent since receiving a packet. Sending a PING frame causes the peer to respond with an acknowledgment, which also restarts the idle timeout for the endpoint.</t> <t>Application protocols that use QUICSHOULD<bcp14>SHOULD</bcp14> provide guidance on when deferring an idle timeout is appropriate. Unnecessary sending of PING frames could have a detrimental effect on performance.</t> <t>A connection will time out if no packets are sent or received for a period longer than the time negotiated using the max_idle_timeout transport parameter; see <xref target="termination" format="default"/>. However, state in middleboxes might time out earlier than that. Though REQ-5 in <xref target="RFC4787" format="default"/> recommends a2 minute2-minute timeout interval, experience shows that sending packets every 30 seconds is necessary to prevent the majority of middleboxes from losing state for UDP flows <xref target="GATEWAY" format="default"/>.</t> </section> </section> <section anchor="immediate-close" numbered="true" toc="default"> <name>Immediate Close</name> <t>An endpoint sends a CONNECTION_CLOSE frame (<xref target="frame-connection-close" format="default"/>) to terminate the connection immediately. A CONNECTION_CLOSE frame causes all streams to immediately become closed; open streams can be assumed to be implicitly reset.</t> <t>After sending a CONNECTION_CLOSE frame, an endpoint immediately enters the closing state; see <xref target="closing" format="default"/>. After receiving a CONNECTION_CLOSE frame, endpoints enter the draining state; see <xref target="draining" format="default"/>.</t> <t>Violations of the protocol lead to an immediate close.</t> <t>An immediate close can be used after an application protocol has arranged to close a connection. This might be after the application protocol negotiates a graceful shutdown. The application protocol can exchange messages that are needed for both application endpoints to agree that the connection can be closed, after which the application requests that QUIC close the connection. When QUIC consequently closes the connection, a CONNECTION_CLOSE frame with an application-supplied error code will be used to signal closure to the peer.</t> <t>The closing and draining connection states exist to ensure that connections close cleanly and that delayed or reordered packets are properly discarded. These statesSHOULD<bcp14>SHOULD</bcp14> persist for at least three times the currentProbe Timeout (PTO)PTO interval as defined in <xref target="QUIC-RECOVERY" format="default"/>.</t> <t>Disposing of connection state prior to exiting the closing or draining state could result in an endpoint generating astateless resetStateless Reset unnecessarily when it receives a late-arriving packet. Endpoints that have some alternative means to ensure that late-arriving packets do not induce a response, such as those that are able to close the UDP socket,MAY<bcp14>MAY</bcp14> end these states earlier to allow for faster resource recovery. Servers that retain an open socket for accepting new connectionsSHOULD NOT<bcp14>SHOULD NOT</bcp14> end the closing or drainingstatesstate early.</t> <t>Once its closing or draining state ends, an endpointSHOULD<bcp14>SHOULD</bcp14> discard all connection state. The endpointMAY<bcp14>MAY</bcp14> send astateless resetStateless Reset in response to any further incoming packets belonging to this connection.</t> <section anchor="closing" numbered="true" toc="default"> <name>Closing Connection State</name> <t>An endpoint enters the closing state after initiating an immediate close.</t> <t>In the closing state, an endpoint retains only enough information to generate a packet containing a CONNECTION_CLOSE frame and to identify packets as belonging to the connection. An endpoint in the closing state sends a packet containing a CONNECTION_CLOSE frame in response to any incoming packet that it attributes to the connection.</t> <t>An endpointSHOULD<bcp14>SHOULD</bcp14> limit the rate at which it generates packets in the closing state. For instance, an endpoint could wait for a progressively increasing number of received packets or amount of time before responding to received packets.</t> <t>An endpoint's selected connection ID and the QUIC version are sufficient information to identify packets for a closing connection; the endpointMAY<bcp14>MAY</bcp14> discard all other connection state. An endpoint that is closing is not required to process any received frame. An endpointMAY<bcp14>MAY</bcp14> retain packet protection keys for incoming packets to allow it to read and process a CONNECTION_CLOSE frame.</t> <t>An endpointMAY<bcp14>MAY</bcp14> drop packet protection keys when entering the closing state and send a packet containing a CONNECTION_CLOSE frame in response to any UDP datagram that is received. However, an endpoint that discards packet protection keys cannot identify and discard invalid packets. To avoid being used for an amplification attack, such endpointsMUST<bcp14>MUST</bcp14> limit the cumulative size of packets it sends to three times the cumulative size of the packets that are received and attributed to the connection. To minimize the state that an endpoint maintains for a closing connection, endpointsMAY<bcp14>MAY</bcp14> send the exact same packet in response to any received packet.</t><dl> <dt> Note: </dt> <dd> <t>Allowing<aside> <t>Note: Allowing retransmission of a closing packet is an exception to the requirement that a new packet number be used for eachpacket inpacket; see <xref target="packet-numbers" format="default"/>. Sending new packet numbers is primarily of advantage to loss recovery and congestion control, which are not expected to be relevant for a closed connection. Retransmitting the final packet requires less state.</t></dd> </dl></aside> <t>While in the closing state, an endpoint could receive packets from a new source address, possibly indicating a connection migration; see <xref target="migration" format="default"/>. An endpoint in the closing stateMUST<bcp14>MUST</bcp14> either discard packets received from an unvalidated address or limit the cumulative size of packets it sends to an unvalidated address to three times the size of packets it receives from that address.</t> <t>An endpoint is not expected to handle key updates when it is closing(Section 6 of <xref(<xref section="6" sectionFormat="of" target="QUIC-TLS" format="default"/>). A key update might prevent the endpoint from moving from the closing state to the draining state, as the endpoint will not be able to process subsequently received packets, but it otherwise has no impact.</t> </section> <section anchor="draining" numbered="true" toc="default"> <name>Draining Connection State</name> <t>The draining state is entered once an endpoint receives a CONNECTION_CLOSE frame, which indicates that its peer is closing or draining. While otherwise identical to the closing state, an endpoint in the draining stateMUST NOT<bcp14>MUST NOT</bcp14> send any packets. Retaining packet protection keys is unnecessary once a connection is in the draining state.</t> <t>An endpoint that receives a CONNECTION_CLOSE frameMAY<bcp14>MAY</bcp14> send a single packet containing a CONNECTION_CLOSE frame before entering the draining state, using a NO_ERROR code if appropriate. An endpointMUST NOT<bcp14>MUST NOT</bcp14> send further packets. Doing so could result in a constant exchange of CONNECTION_CLOSE frames until one of the endpoints exits the closing state.</t> <t>An endpointMAY<bcp14>MAY</bcp14> enter the draining state from the closing state if it receives a CONNECTION_CLOSE frame, which indicates that the peer is also closing or draining. In this case, the draining state ends when the closing state would have ended. In other words, the endpoint uses the same endtime,time but ceases transmission of any packets on this connection.</t> </section> <section anchor="immediate-close-hs" numbered="true" toc="default"> <name>Immediate CloseDuringduring the Handshake</name> <t>When sendingCONNECTION_CLOSE,a CONNECTION_CLOSE frame, the goal is to ensure that the peer will process the frame. Generally, this means sending the frame in a packet with the highest level of packet protection to avoid the packet being discarded. After the handshake is confirmed (seeSection 4.1.2 of<xref section="4.1.2" sectionFormat="of" target="QUIC-TLS" format="default"/>), an endpointMUST<bcp14>MUST</bcp14> send any CONNECTION_CLOSE frames in a 1-RTT packet. However, prior to confirming the handshake, it is possible that more advanced packet protection keys are not available to the peer, so another CONNECTION_CLOSE frameMAY<bcp14>MAY</bcp14> be sent in a packet that uses a lower packet protection level. More specifically:</t> <ul spacing="normal"> <li>A client will always know whether the server has Handshake keys (see <xref target="discard-initial" format="default"/>), but it is possible that a server does not know whether the client has Handshake keys. Under these circumstances, a serverSHOULD<bcp14>SHOULD</bcp14> send a CONNECTION_CLOSE frame in both Handshake and Initial packets to ensure that at least one of them is processable by the client.</li> <li>A client that sends a CONNECTION_CLOSE frame in a 0-RTT packet cannot be assured that the server has accepted 0-RTT. Sending a CONNECTION_CLOSE frame in an Initial packet makes it more likely that the server can receive the close signal, even if the application error code might not be received.</li> <li>Prior to confirming the handshake, a peer might be unable to process 1-RTT packets, so an endpointSHOULD<bcp14>SHOULD</bcp14> send a CONNECTION_CLOSE frame in both Handshake and 1-RTT packets. A serverSHOULD<bcp14>SHOULD</bcp14> also send a CONNECTION_CLOSE frame in an Initial packet.</li> </ul> <t>Sending a CONNECTION_CLOSE of type 0x1d in an Initial or Handshake packet could expose application state or be used to alter application state. A CONNECTION_CLOSE of type 0x1dMUST<bcp14>MUST</bcp14> be replaced by a CONNECTION_CLOSE of type 0x1c when sending the frame in Initial or Handshake packets. Otherwise, information about the application state might be revealed. EndpointsMUST<bcp14>MUST</bcp14> clear the value of the Reason Phrase field andSHOULD<bcp14>SHOULD</bcp14> use the APPLICATION_ERROR code when converting to a CONNECTION_CLOSE of type 0x1c.</t> <t>CONNECTION_CLOSE frames sent in multiple packet types can be coalesced into a single UDP datagram; see <xref target="packet-coalesce" format="default"/>.</t> <t>An endpoint can send a CONNECTION_CLOSE frame in an Initial packet. This might be in response to unauthenticated information received in Initial or Handshake packets. Such an immediate close might expose legitimate connections to a denial of service. QUIC does not include defensive measures for on-path attacks during the handshake; see <xref target="handshake-dos" format="default"/>. However, at the cost of reducing feedback about errors for legitimate peers, some forms of denial of service can be made more difficult for an attacker if endpoints discard illegal packets rather than terminating a connection with CONNECTION_CLOSE. For this reason, endpointsMAY<bcp14>MAY</bcp14> discard packets rather than immediately close if errors are detected in packets that lack authentication.</t> <t>An endpoint that has not established state, such as a server that detects an error in an Initial packet, does not enter the closing state. An endpoint that has no state for the connection does not enter a closing or draining period on sending a CONNECTION_CLOSE frame.</t> </section> </section> <section anchor="stateless-reset" numbered="true" toc="default"> <name>Stateless Reset</name> <t>A stateless reset is provided as an option of last resort for an endpoint that does not have access to the state of a connection. A crash or outage might result in peers continuing to send data to an endpoint that is unable to properly continue the connection. An endpointMAY<bcp14>MAY</bcp14> send astateless resetStateless Reset in response to receiving a packet that it cannot associate with an active connection.</t> <t>A stateless reset is not appropriate for indicating errors in active connections. An endpoint that wishes to communicate a fatal connection errorMUST<bcp14>MUST</bcp14> use a CONNECTION_CLOSE frame if it is able.</t> <t>To support this process, an endpoint issues a stateless reset token, which is a 16-byte value that is hard to guess. If the peer subsequently receives astateless reset,Stateless Reset, which is a UDP datagram that ends in that stateless reset token, the peer will immediately end the connection.</t> <t>A stateless reset token is specific to a connection ID. An endpoint issues a stateless reset token by including the value in the Stateless Reset Token field of a NEW_CONNECTION_ID frame. Servers can also issue a stateless_reset_token transport parameter during the handshake that applies to the connection ID that it selected during the handshake. These exchanges are protected by encryption, so only client and server know their value. Note that clients cannot use the stateless_reset_token transport parameter because their transport parameters do not have confidentiality protection.</t> <t>Tokens are invalidated when their associated connection ID is retired via a RETIRE_CONNECTION_ID frame (<xref target="frame-retire-connection-id" format="default"/>).</t> <t>An endpoint that receives packets that it cannot process sends a packet in the following layout (see <xref target="notation" format="default"/>):</t> <figure anchor="fig-stateless-reset"> <name>StatelessReset Packet</name>Reset</name> <artwork name="" type="" align="left" alt=""><![CDATA[ Stateless Reset { Fixed Bits (2) = 1, Unpredictable Bits (38..), Stateless Reset Token (128), } ]]></artwork> </figure> <t>This design ensures that astateless reset packetStateless Reset is--- to the extent possible--- indistinguishable from a regular packet with a short header.</t> <t>Astateless resetStateless Reset uses an entire UDP datagram, starting with the first two bits of the packet header. The remainder of the first byte and an arbitrary number of bytes following it are set to values thatSHOULD<bcp14>SHOULD</bcp14> be indistinguishable from random. The last 16 bytes of the datagram contain aStateless Reset Token.</t>stateless reset token.</t> <t>To entities other than its intended recipient, astateless resetStateless Reset will appear to be a packet with a short header. For thestateless resetStateless Reset to appear as a valid QUIC packet, the Unpredictable Bits field needs to include at least 38 bits of data (or 5 bytes, less the two fixed bits).</t> <t>The resulting minimum size of 21 bytes does not guarantee that astateless resetStateless Reset is difficult to distinguish from other packets if the recipient requires the use of a connection ID. To achieve that end, the endpointSHOULD<bcp14>SHOULD</bcp14> ensure that all packets it sends are at least 22 bytes longer than the minimum connection ID length that it requests the peer to include in its packets, adding PADDING frames as necessary. This ensures that anystateless resetStateless Reset sent by the peer is indistinguishable from a valid packet sent to the endpoint. An endpoint that sends astateless resetStateless Reset in response to a packet that is 43 bytes or shorterSHOULD<bcp14>SHOULD</bcp14> send astateless resetStateless Reset that is one byte shorter than the packet it responds to.</t> <t>These values assume that theStateless Reset Tokenstateless reset token is the same length as the minimum expansion of the packet protection AEAD. Additional unpredictable bytes are necessary if the endpoint could have negotiated a packet protection scheme with a larger minimum expansion.</t> <t>An endpointMUST NOT<bcp14>MUST NOT</bcp14> send astateless resetStateless Reset that is three times or more larger than the packet it receives to avoid being used for amplification. <xref target="reset-looping" format="default"/> describes additional limits onstateless resetStateless Reset size.</t> <t>EndpointsMUST<bcp14>MUST</bcp14> discard packets that are too small to be valid QUIC packets. To give an example, with the set of AEAD functions defined in <xref target="QUIC-TLS" format="default"/>, short header packets that are smaller than 21 bytes are never valid.</t> <t>EndpointsMUST<bcp14>MUST</bcp14> sendstateless reset packetsStateless Resets formatted as a packet with a short header. However, endpointsMUST<bcp14>MUST</bcp14> treat any packet ending in a valid stateless reset token as astateless reset,Stateless Reset, as other QUIC versions might allow the use of a long header.</t> <t>An endpointMAY<bcp14>MAY</bcp14> send astateless resetStateless Reset in response to a packet with a long header. Sending astateless resetStateless Reset is not effective prior to the stateless reset token being available to a peer. In this QUIC version, packets with a long header are only used during connection establishment. Because the stateless reset token is not available until connection establishment is complete or near completion, ignoring an unknown packet with a long header might be as effective as sending astateless reset.</t>Stateless Reset.</t> <t>An endpoint cannot determine the Source Connection ID from a packet with a shortheader, thereforeheader; therefore, it cannot set the Destination Connection ID in thestateless reset packet.Stateless Reset. The Destination Connection ID will therefore differ from the value used in previous packets. A random Destination Connection ID makes the connection ID appear to be the result of moving to a new connection ID that was provided using a NEW_CONNECTION_IDframe (<xrefframe; see <xref target="frame-new-connection-id"format="default"/>).</t>format="default"/>.</t> <t>Using a randomized connection ID results in two problems:</t> <ul spacing="normal"> <li>The packet might not reach the peer. If the Destination Connection ID is critical for routing toward the peer, then this packet could be incorrectly routed. This might also trigger another Stateless Reset in response; see <xref target="reset-looping" format="default"/>. A Stateless Reset that is not correctly routed is an ineffective error detection and recovery mechanism. In this case, endpoints will need to rely on other methods--- such as timers--- to detect that the connection has failed.</li> <li>The randomly generated connection ID can be used by entities other than the peer to identify this as a potentialstateless reset.Stateless Reset. An endpoint that occasionally uses different connection IDs might introduce some uncertainty about this.</li> </ul> <t>This stateless reset design is specific to QUIC version 1. An endpoint that supports multiple versions of QUIC needs to generate astateless resetStateless Reset that will be accepted by peers that support any version that the endpoint might support (or might have supported prior to losing state). Designers of new versions of QUIC need to be aware of this and either (1) reuse thisdesign,design or (2) use a portion of the packet other than the last 16 bytes for carrying data.</t> <section anchor="detecting-a-stateless-reset" numbered="true" toc="default"> <name>Detecting a Stateless Reset</name> <t>An endpoint detects a potentialstateless resetStateless Reset using the trailing 16 bytes of the UDP datagram. An endpoint remembers allStateless Reset Tokensstateless reset tokens associated with the connection IDs and remote addresses for datagrams it has recently sent. This includes Stateless ResetTokensToken field values from NEW_CONNECTION_ID frames and the server's transport parameters but excludesStateless Reset Tokensstateless reset tokens associated with connection IDs that are either unused or retired. The endpoint identifies a received datagram as astateless resetStateless Reset by comparing the last 16 bytes of the datagram with allStateless Reset Tokensstateless reset tokens associated with the remote address on which the datagram was received.</t> <t>This comparison can be performed for every inbound datagram. EndpointsMAY<bcp14>MAY</bcp14> skip this check if any packet from a datagram is successfully processed. However, the comparisonMUST<bcp14>MUST</bcp14> be performed when the first packet in an incoming datagram either cannot be associated with aconnection,connection or cannot be decrypted.</t> <t>An endpointMUST NOT<bcp14>MUST NOT</bcp14> check for anyStateless Reset Tokensstateless reset tokens associated with connection IDs it has not used or for connection IDs that have been retired.</t> <t>When comparing a datagram toStateless Reset Tokenstateless reset token values, endpointsMUST<bcp14>MUST</bcp14> perform the comparison without leaking information about the value of the token. For example, performing this comparison in constant time protects the value of individualStateless Reset Tokensstateless reset tokens from information leakage through timing side channels. Another approach would be to store and compare the transformed values ofStateless Reset Tokensstateless reset tokens instead of the raw token values, where the transformation is defined as acryptographically-secure pseudo-randomcryptographically secure pseudorandom function using a secret key (e.g., block cipher,HMACHashed Message Authentication Code (HMAC) <xref target="RFC2104" format="default"/>). An endpoint is not expected to protect information about whether a packet was successfullydecrypted,decrypted or the number of validStateless Reset Tokens.</t>stateless reset tokens.</t> <t>If the last 16 bytes of the datagram are identical in value to aStateless Reset Token,stateless reset token, the endpointMUST<bcp14>MUST</bcp14> enter the draining period and not send any further packets on this connection.</t> </section> <section anchor="reset-token" numbered="true" toc="default"> <name>Calculating a Stateless Reset Token</name> <t>The stateless reset tokenMUST<bcp14>MUST</bcp14> be difficult to guess. In order to create aStateless Reset Token,stateless reset token, an endpoint could randomly generate(<xref<xref target="RANDOM"format="default"/>)format="default"/> a secret for every connection that it creates. However, this presents a coordination problem when there are multiple instances in a cluster or a storage problem for an endpoint that might lose state. Stateless reset specifically exists to handle the case where state is lost, so this approach is suboptimal.</t> <t>A single static key can be used across all connections to the same endpoint by generating the proof using a pseudorandom function that takes a static key and the connection ID chosen by the endpoint (see <xref target="connection-id" format="default"/>) as input. An endpoint could use HMAC <xref target="RFC2104" format="default"/> (for example, HMAC(static_key, connection_id)) orHKDFthe HMAC-based Key Derivation Function (HKDF) <xref target="RFC5869" format="default"/> (for example, using the static key as input keying material, with the connection ID as salt). The output of this function is truncated to 16 bytes to produce theStateless Reset Tokenstateless reset token for that connection.</t> <t>An endpoint that loses state can use the same method to generate a validStateless Reset Token.stateless reset token. The connection ID comes from the packet that the endpoint receives.</t> <t>This design relies on the peer always sending a connection ID in its packets so that the endpoint can use the connection ID from a packet to reset the connection. An endpoint that uses this designMUST<bcp14>MUST</bcp14> either use the same connection ID length for all connections or encode the length of the connection ID such that it can be recovered without state. In addition, it cannot provide a zero-length connection ID.</t> <t>Revealing theStateless Reset Tokenstateless reset token allows any entity to terminate the connection, so a value can only be used once. This method for choosing theStateless Reset Tokenstateless reset token means that the combination of connection ID and static keyMUST NOT<bcp14>MUST NOT</bcp14> be used for another connection. Adenial of servicedenial-of-service attack is possible if the same connection ID is used by instances that share a statickey,key or if an attacker can cause a packet to be routed to an instance that has no state but the same static key; see <xref target="reset-oracle" format="default"/>. A connection ID from a connection that is reset by revealing theStateless Reset Token MUST NOTstateless reset token <bcp14>MUST NOT</bcp14> be reused for new connections at nodes that share a static key.</t> <t>The sameStateless Reset Token MUST NOTstateless reset token <bcp14>MUST NOT</bcp14> be used for multiple connection IDs. Endpoints are not required to compare new values against all previous values, but a duplicate valueMAY<bcp14>MAY</bcp14> be treated as a connection error of type PROTOCOL_VIOLATION.</t> <t>Note that StatelessReset packetsResets do not have any cryptographic protection.</t> </section> <section anchor="reset-looping" numbered="true" toc="default"> <name>Looping</name> <t>The design of a Stateless Reset is such that without knowing the stateless reset token it is indistinguishable from a valid packet. For instance, if a server sends a Stateless Reset to anotherserverserver, it might receive another Stateless Reset in response, which could lead to an infinite exchange.</t> <t>An endpointMUST<bcp14>MUST</bcp14> ensure that every Stateless Reset that it sends is smaller than the packet that triggered it, unless it maintains state sufficient to prevent looping. In the event of a loop, this results in packets eventually being too small to trigger a response.</t> <t>An endpoint can remember the number of StatelessReset packetsResets that it has sent and stop generating new StatelessReset packetsResets once a limit is reached. Using separate limits for different remote addresses will ensure that StatelessReset packetsResets can be used to close connections when other peers or connections have exhausted limits.</t><t>Reducing the size of a<t>A Stateless Resetbelow 41 bytes means that the packet could reveal to an observerthatitis smaller than 41 bytes might be identifiable as a StatelessReset,Reset by an observer, depending upon the length of the peer's connection IDs. Conversely,refusing to sendnot sending a Stateless Reset in response to a small packet might result in StatelessResetResets not being useful in detecting cases of broken connections where only very small packets are sent; such failures might only be detected by other means, such as timers.</t> </section> </section> </section> <section anchor="error-handling" numbered="true" toc="default"> <name>Error Handling</name> <t>An endpoint that detects an errorSHOULD<bcp14>SHOULD</bcp14> signal the existence of that error to its peer. Both transport-level and application-level errors can affect an entire connection; see <xref target="connection-errors" format="default"/>. Only application-level errors can be isolated to a single stream; see <xref target="stream-errors" format="default"/>.</t> <t>The most appropriate error code (<xref target="error-codes" format="default"/>)SHOULD<bcp14>SHOULD</bcp14> be included in the frame that signals the error. Where this specification identifies error conditions, it also identifies the error code that is used; though these are worded as requirements, different implementation strategies might lead to different errors being reported. In particular, an endpointMAY<bcp14>MAY</bcp14> use any applicable error code when it detects an error condition; a generic error code (such as PROTOCOL_VIOLATION or INTERNAL_ERROR) can always be used in place of specific error codes.</t> <t>A stateless reset (<xref target="stateless-reset" format="default"/>) is not suitable for any error that can be signaled with a CONNECTION_CLOSE or RESET_STREAM frame. A stateless resetMUST NOT<bcp14>MUST NOT</bcp14> be used by an endpoint that has the state necessary to send a frame on the connection.</t> <section anchor="connection-errors" numbered="true" toc="default"> <name>Connection Errors</name> <t>Errors that result in the connection being unusable, such as an obvious violation of protocol semantics or corruption of state that affects an entire connection,MUST<bcp14>MUST</bcp14> be signaled using a CONNECTION_CLOSE frame (<xref target="frame-connection-close" format="default"/>).</t> <t>Application-specific protocol errors are signaled using the CONNECTION_CLOSE frame with a frame type of 0x1d. Errors that are specific to the transport, including all those described in this document, are carried in the CONNECTION_CLOSE frame with a frame type of 0x1c.</t> <t>A CONNECTION_CLOSE frame could be sent in a packet that is lost. An endpointSHOULD<bcp14>SHOULD</bcp14> be prepared to retransmit a packet containing a CONNECTION_CLOSE frame if it receives more packets on a terminated connection. Limiting the number of retransmissions and the time over which this final packet is sent limits the effort expended on terminated connections.</t> <t>An endpoint that chooses not to retransmit packets containing a CONNECTION_CLOSE frame risks a peer missing the first such packet. The only mechanism available to an endpoint that continues to receive data for a terminated connection is to attempt the stateless reset process (<xref target="stateless-reset" format="default"/>).</t> <t>As the AEADonfor Initial packets does not provide strong authentication, an endpointMAY<bcp14>MAY</bcp14> discard an invalid Initial packet. Discarding an Initial packet is permitted even where this specification otherwise mandates a connection error. An endpoint can only discard a packet if it does not process the frames in the packet or reverts the effects of any processing. Discarding invalid Initial packets might be used to reduce exposure to denial of service; see <xref target="handshake-dos" format="default"/>.</t> </section> <section anchor="stream-errors" numbered="true" toc="default"> <name>Stream Errors</name> <t>If an application-level error affects a singlestream,stream but otherwise leaves the connection in a recoverable state, the endpoint can send a RESET_STREAM frame (<xref target="frame-reset-stream" format="default"/>) with an appropriate error code to terminate just the affected stream.</t> <t>Resetting a stream without the involvement of the application protocol could cause the application protocol to enter an unrecoverable state. RESET_STREAMMUST<bcp14>MUST</bcp14> only be instigated by the application protocol that uses QUIC.</t> <t>The semantics of the application error code carried in RESET_STREAM are defined by the application protocol. Only the application protocol is able to cause a stream to be terminated. A local instance of the application protocol uses a direct APIcallcall, and a remote instance uses the STOP_SENDING frame, which triggers an automatic RESET_STREAM.</t> <t>Application protocolsSHOULD<bcp14>SHOULD</bcp14> define rules for handling streams that are prematurelycancelledcanceled by either endpoint.</t> </section> </section> <section anchor="packets-frames" numbered="true" toc="default"> <name>Packets and Frames</name> <t>QUIC endpoints communicate by exchanging packets. Packets have confidentiality and integrity protection; see <xref target="packet-protected" format="default"/>. Packets are carried in UDP datagrams; see <xref target="packet-coalesce" format="default"/>.</t> <t>This version of QUIC uses the long packet header during connection establishment; see <xref target="long-header" format="default"/>. Packets with the long header are Initial (<xref target="packet-initial" format="default"/>), 0-RTT (<xref target="packet-0rtt" format="default"/>), Handshake (<xref target="packet-handshake" format="default"/>), and Retry (<xref target="packet-retry" format="default"/>). Version negotiation uses a version-independent packet with a long header; see <xref target="packet-version" format="default"/>.</t> <t>Packets with the short header are designed for minimal overhead and are used after a connection is established and 1-RTT keys are available; see <xref target="short-header" format="default"/>.</t> <section anchor="packet-protected" numbered="true" toc="default"> <name>Protected Packets</name> <t>QUIC packets have different levels of cryptographic protection based on the type of packet. Details of packet protection are found in <xref target="QUIC-TLS" format="default"/>; this section includes an overview of the protections that are provided.</t> <t>Version Negotiation packets have no cryptographic protection; see <xref target="QUIC-INVARIANTS" format="default"/>.</t> <t>Retry packets use anauthenticated encryption with associated dataAEAD function(AEAD;<xref target="AEAD"format="default"/>)format="default"/> to protect against accidental modification.</t> <t>Initial packets use anAEAD,AEAD function, the keys for which are derived using a value that is visible on the wire. Initial packets therefore do not have effective confidentiality protection. Initial protection exists to ensure that the sender of the packet is on the network path. Any entity that receives an Initial packet from a client can recover the keys that will allow them to both read the contents of the packet and generate Initial packets that will be successfully authenticated at either endpoint. The AEAD also protects Initial packets against accidental modification.</t> <t>All other packets are protected with keys derived from the cryptographic handshake. The cryptographic handshake ensures that only the communicating endpoints receive the corresponding keys for Handshake, 0-RTT, and 1-RTT packets. Packets protected with 0-RTT and 1-RTT keys have strong confidentiality and integrity protection.</t> <t>The Packet Number field that appears in some packet types has alternative confidentiality protection that is applied as part of header protection; seeSection 5.4 of<xref section="5.4" sectionFormat="of" target="QUIC-TLS" format="default"/> for details. The underlying packet number increases with each packet sent in a given packet number space; see <xref target="packet-numbers" format="default"/> for details.</t> </section> <section anchor="packet-coalesce" numbered="true" toc="default"> <name>Coalescing Packets</name> <t>Initial (<xref target="packet-initial" format="default"/>), 0-RTT (<xref target="packet-0rtt" format="default"/>), and Handshake (<xref target="packet-handshake" format="default"/>) packets contain a Length field that determines the end of the packet. The length includes both the Packet Number and Payload fields, both of which are confidentiality protected and initially of unknown length. The length of the Payload field is learned once header protection is removed.</t> <t>Using the Length field, a sender can coalesce multiple QUIC packets into one UDP datagram. This can reduce the number of UDP datagrams needed to complete the cryptographic handshake and start sending data. This can also be used to constructPMTUPath Maximum Transmission Unit (PMTU) probes; see <xref target="pmtu-probes-src-cid" format="default"/>. ReceiversMUST<bcp14>MUST</bcp14> be able to process coalesced packets.</t> <t>Coalescing packets in order of increasing encryption levels (Initial, 0-RTT, Handshake, 1-RTT; seeSection 4.1.4 of<xref section="4.1.4" sectionFormat="of" target="QUIC-TLS" format="default"/>) makes it more likely that the receiver will be able to process all the packets in a single pass. A packet with a short header does not include a length, so it can only be the last packet included in a UDP datagram. An endpointSHOULD<bcp14>SHOULD</bcp14> include multiple frames in a single packet if they are to be sent at the same encryption level, instead of coalescing multiple packets at the same encryption level.</t> <t>ReceiversMAY<bcp14>MAY</bcp14> route based on the information in the first packet contained in a UDP datagram. SendersMUST NOT<bcp14>MUST NOT</bcp14> coalesce QUIC packets with different connection IDs into a single UDP datagram. ReceiversSHOULD<bcp14>SHOULD</bcp14> ignore any subsequent packets with a different Destination Connection ID than the first packet in the datagram.</t> <t>Every QUIC packet that is coalesced into a single UDP datagram is separate and complete. The receiver of coalesced QUIC packetsMUST<bcp14>MUST</bcp14> individually process each QUIC packet and separately acknowledge them, as if they were received as the payload of different UDP datagrams. For example, if decryption fails (because the keys are not available or for any other reason), the receiverMAY<bcp14>MAY</bcp14> either discard or buffer the packet for later processing andMUST<bcp14>MUST</bcp14> attempt to process the remaining packets.</t> <t>Retry packets (<xref target="packet-retry" format="default"/>), Version Negotiation packets (<xref target="packet-version" format="default"/>), and packets with a short header (<xref target="short-header" format="default"/>) do not contain a Length field and so cannot be followed by other packets in the same UDP datagram. Note also that there is no situation where a Retry or Version Negotiation packet is coalesced with another packet.</t> </section> <section anchor="packet-numbers" numbered="true" toc="default"> <name>Packet Numbers</name> <t>The packet number is an integer in the range 0 to2^62-1.2<sup>62</sup>-1. This number is used in determining the cryptographic nonce for packet protection. Each endpoint maintains a separate packet number for sending and receiving.</t> <t>Packet numbers are limited to this range because they need to be representable in whole in the Largest Acknowledged field of an ACK frame (<xref target="frame-ack" format="default"/>). When present in a long or shortheaderheader, however, packet numbers are reduced and encoded in 1 to 4 bytes; see <xref target="packet-encoding" format="default"/>.</t> <t>Version Negotiation (<xref target="packet-version" format="default"/>) and Retry (<xref target="packet-retry" format="default"/>) packets do not include a packet number.</t> <t>Packet numbers are divided into3three spaces in QUIC:</t><ul spacing="normal"> <li>Initial space: All<dl> <dt>Initial space:</dt> <dd> <t>All Initial packets (<xref target="packet-initial" format="default"/>) are in thisspace.</li> <li>Handshake space: Allspace.</t> </dd> <dt>Handshake space:</dt> <dd> <t>All Handshake packets (<xref target="packet-handshake" format="default"/>) are in thisspace.</li> <li>Applicationspace.</t> </dd> <dt>Application dataspace: Allspace:</dt> <dd> <t>All 0-RTT (<xref target="packet-0rtt" format="default"/>) and 1-RTT (<xref target="packet-1rtt" format="default"/>) packets are in thisspace.</li> </ul>space.</t> </dd> </dl> <t>As described in <xref target="QUIC-TLS" format="default"/>, each packet type uses different protection keys.</t> <t>Conceptually, a packet number space is the context in which a packet can be processed and acknowledged. Initial packets can only be sent with Initial packet protection keys and acknowledged in packets that are also Initial packets. Similarly, Handshake packets are sent at the Handshake encryption level and can only be acknowledged in Handshake packets.</t> <t>This enforces cryptographic separation between the data sent in the different packet number spaces. Packet numbers in each space start at packet number 0. Subsequent packets sent in the same packet number spaceMUST<bcp14>MUST</bcp14> increase the packet number by at least one.</t> <t>0-RTT and 1-RTT data exist in the same packet number space to make loss recovery algorithms easier to implement between the two packet types.</t> <t>A QUIC endpointMUST NOT<bcp14>MUST NOT</bcp14> reuse a packet number within the same packet number space in one connection. If the packet number for sending reaches2^62 - 1,2<sup>62</sup>-1, the senderMUST<bcp14>MUST</bcp14> close the connection without sending a CONNECTION_CLOSE frame or any further packets; an endpointMAY<bcp14>MAY</bcp14> send a Stateless Reset (<xref target="stateless-reset" format="default"/>) in response to further packets that it receives.</t> <t>A receiverMUST<bcp14>MUST</bcp14> discard a newly unprotected packet unless it is certain that it has not processed another packet with the same packet number from the same packet number space. Duplicate suppressionMUST<bcp14>MUST</bcp14> happen after removing packet protection for the reasons described inSection 9.5 of<xref section="9.5" sectionFormat="of" target="QUIC-TLS" format="default"/>.</t> <t>Endpoints that track all individual packets for the purposes of detecting duplicates are at risk of accumulating excessive state. The data required for detecting duplicates can be limited by maintaining a minimum packet number below which all packets are immediately dropped. Any minimum needs to account for large variations inround tripround-trip time, which includes the possibility that a peer might probe network paths with much largerround tripround-trip times; see <xref target="migration" format="default"/>.</t> <t>Packet number encoding at a sender and decoding at a receiver are described in <xref target="packet-encoding" format="default"/>.</t> </section> <section anchor="frames" numbered="true" toc="default"> <name>Frames and Frame Types</name> <t>The payload of QUIC packets, after removing packet protection, consists of a sequence of complete frames, as shown in <xref target="packet-frames" format="default"/>. Version Negotiation, Stateless Reset, and Retry packets do not contain frames.</t> <figure anchor="packet-frames"> <name>QUIC Payload</name> <artwork name="" type="" align="left" alt=""><![CDATA[ Packet Payload { Frame (8..) ..., } ]]></artwork> </figure> <t>The payload of a packet that contains framesMUST<bcp14>MUST</bcp14> contain at least one frame, andMAY<bcp14>MAY</bcp14> contain multiple frames and multiple frame types. An endpointMUST<bcp14>MUST</bcp14> treat receipt of a packet containing no frames as a connection error of type PROTOCOL_VIOLATION. Frames always fit within a single QUIC packet and cannot span multiple packets.</t> <t>Each frame begins with a Frame Type, indicating its type, followed by additional type-dependent fields:</t> <figure anchor="frame-layout"> <name>Generic Frame Layout</name> <artwork name="" type="" align="left" alt=""><![CDATA[ Frame { Frame Type (i), Type-Dependent Fields (..), } ]]></artwork> </figure> <t><xref target="frame-types" format="default"/> lists and summarizes information about each frame type that is defined in this specification. A description of this summary is included after the table.</t> <table anchor="frame-types" align="center"> <name>Frame Types</name> <thead> <tr> <th align="left">Type Value</th> <th align="left">Frame Type Name</th> <th align="left">Definition</th> <th align="left">Pkts</th> <th align="left">Spec</th> </tr> </thead> <tbody> <tr> <td align="left">0x00</td> <td align="left">PADDING</td> <tdalign="left"> <xrefalign="left"><xref target="frame-padding" format="default"/></td> <td align="left">IH01</td> <td align="left">NP</td> </tr> <tr> <td align="left">0x01</td> <td align="left">PING</td> <tdalign="left"> <xrefalign="left"><xref target="frame-ping" format="default"/></td> <td align="left">IH01</td> <tdalign="left"> </td>align="left"/> </tr> <tr> <tdalign="left">0x02 - 0x03</td>align="left">0x02-0x03</td> <td align="left">ACK</td> <tdalign="left"> <xrefalign="left"><xref target="frame-ack" format="default"/></td> <td align="left">IH_1</td> <td align="left">NC</td> </tr> <tr> <td align="left">0x04</td> <td align="left">RESET_STREAM</td> <tdalign="left"> <xrefalign="left"><xref target="frame-reset-stream" format="default"/></td> <td align="left">__01</td> <tdalign="left"> </td>align="left"/> </tr> <tr> <td align="left">0x05</td> <td align="left">STOP_SENDING</td> <tdalign="left"> <xrefalign="left"><xref target="frame-stop-sending" format="default"/></td> <td align="left">__01</td> <tdalign="left"> </td>align="left"/> </tr> <tr> <td align="left">0x06</td> <td align="left">CRYPTO</td> <tdalign="left"> <xrefalign="left"><xref target="frame-crypto" format="default"/></td> <td align="left">IH_1</td> <tdalign="left"> </td>align="left"/> </tr> <tr> <td align="left">0x07</td> <td align="left">NEW_TOKEN</td> <tdalign="left"> <xrefalign="left"><xref target="frame-new-token" format="default"/></td> <td align="left">___1</td> <tdalign="left"> </td>align="left"/> </tr> <tr> <tdalign="left">0x08 - 0x0f</td>align="left">0x08-0x0f</td> <td align="left">STREAM</td> <tdalign="left"> <xrefalign="left"><xref target="frame-stream" format="default"/></td> <td align="left">__01</td> <td align="left">F</td> </tr> <tr> <td align="left">0x10</td> <td align="left">MAX_DATA</td> <tdalign="left"> <xrefalign="left"><xref target="frame-max-data" format="default"/></td> <td align="left">__01</td> <tdalign="left"> </td>align="left"/> </tr> <tr> <td align="left">0x11</td> <td align="left">MAX_STREAM_DATA</td> <tdalign="left"> <xrefalign="left"><xref target="frame-max-stream-data" format="default"/></td> <td align="left">__01</td> <tdalign="left"> </td>align="left"/> </tr> <tr> <tdalign="left">0x12 - 0x13</td>align="left">0x12-0x13</td> <td align="left">MAX_STREAMS</td> <tdalign="left"> <xrefalign="left"><xref target="frame-max-streams" format="default"/></td> <td align="left">__01</td> <tdalign="left"> </td>align="left"/> </tr> <tr> <td align="left">0x14</td> <td align="left">DATA_BLOCKED</td> <tdalign="left"> <xrefalign="left"><xref target="frame-data-blocked" format="default"/></td> <td align="left">__01</td> <tdalign="left"> </td>align="left"/> </tr> <tr> <td align="left">0x15</td> <td align="left">STREAM_DATA_BLOCKED</td> <tdalign="left"> <xrefalign="left"><xref target="frame-stream-data-blocked" format="default"/></td> <td align="left">__01</td> <tdalign="left"> </td>align="left"/> </tr> <tr> <tdalign="left">0x16 - 0x17</td>align="left">0x16-0x17</td> <td align="left">STREAMS_BLOCKED</td> <tdalign="left"> <xrefalign="left"><xref target="frame-streams-blocked" format="default"/></td> <td align="left">__01</td> <tdalign="left"> </td>align="left"/> </tr> <tr> <td align="left">0x18</td> <td align="left">NEW_CONNECTION_ID</td> <tdalign="left"> <xrefalign="left"><xref target="frame-new-connection-id" format="default"/></td> <td align="left">__01</td> <td align="left">P</td> </tr> <tr> <td align="left">0x19</td> <td align="left">RETIRE_CONNECTION_ID</td> <tdalign="left"> <xrefalign="left"><xref target="frame-retire-connection-id" format="default"/></td> <td align="left">__01</td> <tdalign="left"> </td>align="left"/> </tr> <tr> <td align="left">0x1a</td> <td align="left">PATH_CHALLENGE</td> <tdalign="left"> <xrefalign="left"><xref target="frame-path-challenge" format="default"/></td> <td align="left">__01</td> <td align="left">P</td> </tr> <tr> <td align="left">0x1b</td> <td align="left">PATH_RESPONSE</td> <tdalign="left"> <xrefalign="left"><xref target="frame-path-response" format="default"/></td> <td align="left">___1</td> <td align="left">P</td> </tr> <tr> <tdalign="left">0x1c - 0x1d</td>align="left">0x1c-0x1d</td> <td align="left">CONNECTION_CLOSE</td> <tdalign="left"> <xrefalign="left"><xref target="frame-connection-close" format="default"/></td> <td align="left">ih01</td> <td align="left">N</td> </tr> <tr> <td align="left">0x1e</td> <td align="left">HANDSHAKE_DONE</td> <tdalign="left"> <xrefalign="left"><xref target="frame-handshake-done" format="default"/></td> <td align="left">___1</td> <tdalign="left"> </td>align="left"/> </tr> </tbody> </table> <t>The format and semantics of each frame type are explained in more detail in <xref target="frame-formats" format="default"/>. The remainder of this section provides a summary of important and general information.</t> <t>The Frame Type in ACK, STREAM, MAX_STREAMS, STREAMS_BLOCKED, and CONNECTION_CLOSE frames is used to carry other frame-specific flags. For all other frames, the Frame Type field simply identifies the frame.</t> <t>The "Pkts" column in <xref target="frame-types" format="default"/> lists the types of packets that each frame type could appear in, indicated by the following characters:</t><dl> <dt> I: </dt><dl indent="5"> <dt>I:</dt> <dd> <t>Initial (<xref target="packet-initial" format="default"/>)</t> </dd><dt> H: </dt><dt>H:</dt> <dd> <t>Handshake (<xref target="packet-handshake" format="default"/>)</t> </dd><dt> 0: </dt><dt>0:</dt> <dd> <t>0-RTT (<xref target="packet-0rtt" format="default"/>)</t> </dd><dt> 1: </dt><dt>1:</dt> <dd> <t>1-RTT (<xref target="packet-1rtt" format="default"/>)</t> </dd><dt> ih: </dt><dt>ih:</dt> <dd> <t>Only a CONNECTION_CLOSE frame of type 0x1c can appear in Initial or Handshake packets.</t> </dd> </dl> <t>For moredetaildetails about these restrictions, see <xref target="frames-and-spaces" format="default"/>. Note that all frames can appear in 1-RTT packets. An endpointMUST<bcp14>MUST</bcp14> treat receipt of a frame in a packet type that is not permitted as a connection error of type PROTOCOL_VIOLATION.</t> <t>The "Spec" column in <xref target="frame-types" format="default"/> summarizes any special rules governing the processing or generation of the frame type, as indicated by the following characters:</t><dl> <dt> N: </dt><dl indent="5"> <dt>N:</dt> <dd> <t>Packets containing only frames with this marking are not ack-eliciting; see <xref target="generating-acks" format="default"/>.</t> </dd><dt> C: </dt><dt>C:</dt> <dd> <t>Packets containing only frames with this marking do not count toward bytes in flight for congestion control purposes; see <xref target="QUIC-RECOVERY" format="default"/>.</t> </dd><dt> P: </dt><dt>P:</dt> <dd> <t>Packets containing only frames with this marking can be used to probe new network paths during connection migration; see <xref target="probing" format="default"/>.</t> </dd><dt> F: </dt><dt>F:</dt> <dd> <t>Thecontentcontents of frames with this marking are flow controlled; see <xref target="flow-control" format="default"/>.</t> </dd> </dl> <t>The "Pkts" and "Spec" columns in <xref target="frame-types" format="default"/> do not form part of the IANA registry; see <xref target="iana-frames" format="default"/>.</t> <t>An endpointMUST<bcp14>MUST</bcp14> treat the receipt of a frame of unknown type as a connection error of type FRAME_ENCODING_ERROR.</t> <t>All frames are idempotent in this version of QUIC. That is, a valid frame does not cause undesirable side effects or errors when received more than once.</t> <t>The Frame Type field uses a variable-length integer encoding (see <xref target="integer-encoding"format="default"/>)format="default"/>), with one exception. To ensure simple and efficient implementations of frame parsing, a frame typeMUST<bcp14>MUST</bcp14> use the shortest possible encoding. For frame types defined in this document, this means a single-byte encoding, even though it is possible to encode these values as a two-,four-four-, or eight-byte variable-length integer. For instance, though 0x4001 is a legitimate two-byte encoding for a variable-length integer with a value of 1, PING frames are always encoded as a single byte with the value 0x01. This rule applies to all current and future QUIC frame types. An endpointMAY<bcp14>MAY</bcp14> treat the receipt of a frame type that uses a longer encoding than necessary as a connection error of type PROTOCOL_VIOLATION.</t> </section> <section anchor="frames-and-spaces" numbered="true" toc="default"> <name>Frames and Number Spaces</name> <t>Some frames are prohibited in different packet number spaces. The rules here generalize those of TLS, in that frames associated with establishing the connection can usually appear in packets in any packet number space, whereas those associated with transferring data can only appear in the application data packet number space:</t> <ul spacing="normal"> <li>PADDING, PING, and CRYPTO framesMAY<bcp14>MAY</bcp14> appear in any packet number space.</li> <li>CONNECTION_CLOSE frames signaling errors at the QUIC layer (type 0x1c)MAY<bcp14>MAY</bcp14> appear in any packet number space. CONNECTION_CLOSE frames signaling application errors (type 0x1d)MUST<bcp14>MUST</bcp14> only appear in the application data packet number space.</li> <li>ACK framesMAY<bcp14>MAY</bcp14> appear in any packet numberspace,space but can only acknowledge packets that appeared in that packet number space. However, as noted below, 0-RTT packets cannot contain ACK frames.</li> <li>All other frame typesMUST<bcp14>MUST</bcp14> only be sent in the application data packet number space.</li> </ul> <t>Note that it is not possible to send the following frames in 0-RTT packets for various reasons: ACK, CRYPTO, HANDSHAKE_DONE, NEW_TOKEN, PATH_RESPONSE, and RETIRE_CONNECTION_ID. A serverMAY<bcp14>MAY</bcp14> treat receipt of these frames in 0-RTT packets as a connection error of type PROTOCOL_VIOLATION.</t> </section> </section> <section anchor="packetization" numbered="true" toc="default"> <name>Packetization and Reliability</name> <t>A sender sends one or more frames in a QUIC packet; see <xref target="frames" format="default"/>.</t> <t>A sender can minimize per-packet bandwidth and computational costs by including as many frames as possible in each QUIC packet. A senderMAY<bcp14>MAY</bcp14> wait for a short period of time to collect multiple frames before sending a packet that is not maximally packed, to avoid sending out large numbers of small packets. An implementationMAY<bcp14>MAY</bcp14> use knowledge about application sending behavior or heuristics to determine whether and for how long to wait. This waiting period is an implementation decision, and an implementation should be careful to delay conservatively, since any delay is likely to increase application-visible latency.</t> <t>Stream multiplexing is achieved by interleaving STREAM frames from multiple streams into one or more QUIC packets. A single QUIC packet can include multiple STREAM frames from one or more streams.</t> <t>One of the benefits of QUIC is avoidance of head-of-line blocking across multiple streams. When a packet loss occurs, only streams with data in that packet are blocked waiting for a retransmission to be received, while other streams can continue making progress. Note that when data from multiple streams is included in a single QUIC packet, loss of that packet blocks all those streams from making progress. Implementations are advised to include as few streams as necessary in outgoing packets without losing transmission efficiency to underfilled packets.</t> <section anchor="processing" numbered="true" toc="default"> <name>Packet Processing</name> <t>A packetMUST NOT<bcp14>MUST NOT</bcp14> be acknowledged until packet protection has been successfully removed and all frames contained in the packet have been processed. For STREAM frames, this means the data has been enqueued in preparation to be received by the application protocol, but it does not require that dataisbe delivered and consumed.</t> <t>Once the packet has been fully processed, a receiver acknowledges receipt by sending one or more ACK frames containing the packet number of the received packet.</t> <t>An endpointSHOULD<bcp14>SHOULD</bcp14> treat receipt of an acknowledgment for a packet it did not send as a connection error of type PROTOCOL_VIOLATION, if it is able to detect the condition.FurtherFor further discussion of how this might beachieved is inachieved, see <xref target="optimistic-ack-attack" format="default"/>.</t> </section> <section anchor="generating-acks" numbered="true" toc="default"> <name>Generating Acknowledgments</name> <t>Endpoints acknowledge all packets they receive and process. However, only ack-eliciting packets cause an ACK frame to be sent within the maximum ack delay. Packets that are not ack-eliciting are only acknowledged when an ACK frame is sent for other reasons.</t> <t>When sending a packet for any reason, an endpointSHOULD<bcp14>SHOULD</bcp14> attempt to include an ACK frame if one has not been sent recently. Doing so helps with timely loss detection at the peer.</t> <t>In general, frequent feedback from a receiver improves loss and congestion response, but this has to be balanced against excessive load generated by a receiver that sends an ACK frame in response to every ack-eliciting packet. The guidance offered below seeks to strike this balance.</t> <section anchor="sending-acknowledgments" numbered="true" toc="default"> <name>Sending ACK Frames</name> <t>Every packetSHOULD<bcp14>SHOULD</bcp14> be acknowledged at least once, and ack-eliciting packetsMUST<bcp14>MUST</bcp14> be acknowledged at least once within the maximum delay an endpoint communicated using the max_ack_delay transport parameter; see <xref target="transport-parameter-definitions" format="default"/>. max_ack_delay declares an explicit contract: an endpoint promises to never intentionally delay acknowledgments of an ack-eliciting packet by more than the indicated value. If it does, any excess accrues to the RTT estimate and could result in spurious or delayed retransmissions from the peer. A sender uses the receiver's max_ack_delay value in determining timeouts for timer-based retransmission, as detailed inSection 6.2 of<xref section="6.2" sectionFormat="of" target="QUIC-RECOVERY" format="default"/>.</t> <t>An endpointMUST<bcp14>MUST</bcp14> acknowledge all ack-eliciting Initial and Handshake packets immediately and all ack-eliciting 0-RTT and 1-RTT packets within its advertised max_ack_delay, with the following exception. Prior to handshake confirmation, an endpoint might not have packet protection keys for decrypting Handshake, 0-RTT, or 1-RTT packets when they are received. It might therefore buffer them and acknowledge them when the requisite keys become available.</t> <t>Since packets containing only ACK frames are not congestion controlled, an endpointMUST NOT<bcp14>MUST NOT</bcp14> send more than one such packet in response to receiving an ack-eliciting packet.</t> <t>An endpointMUST NOT<bcp14>MUST NOT</bcp14> send a non-ack-eliciting packet in response to a non-ack-eliciting packet, even if there are packet gaps that precede the received packet. This avoids an infinite feedback loop of acknowledgments, which could prevent the connection from ever becoming idle. Non-ack-eliciting packets are eventually acknowledged when the endpoint sends an ACK frame in response to other events.</t><t>In order<t>An endpoint that is only sending ACK frames will not receive acknowledgments from its peer unless those acknowledgments are included in packets with ack-eliciting frames. An endpoint <bcp14>SHOULD</bcp14> send an ACK frame with other frames when there are new ack-eliciting packets toassist loss detection at the sender,acknowledge. When only non-ack-eliciting packets need to be acknowledged, an endpointSHOULD generate and<bcp14>MAY</bcp14> choose not to send an ACK framewithout delay when it receiveswith outgoing frames until an ack-eliciting packeteither:</t> <ul spacing="normal"> <li>when the received packet has a packet number less than another ack-eliciting packet thathas beenreceived, or</li> <li>when the packetreceived.</t> <t>An endpoint that is only sending non-ack-eliciting packets might choose to occasionally add an ack-eliciting frame to those packets to ensure that it receives an acknowledgment; see <xref target="ack-tracking" format="default"/>. In that case, an endpoint <bcp14>MUST NOT</bcp14> send an ack-eliciting frame in all packets that would otherwise be non-ack-eliciting, to avoid an infinite feedback loop of acknowledgments.</t> <t>In order to assist loss detection at the sender, an endpoint <bcp14>SHOULD</bcp14> generate and send an ACK frame without delay when it receives an ack-eliciting packet either:</t> <ul spacing="normal"> <li>when the received packet has a packet number less than another ack-eliciting packet that has been received, or</li> <li>when the packet has a packet number larger than the highest-numbered ack-eliciting packet that has been received and there are missing packets between that packet and this packet.</li> </ul> <t>Similarly, packets marked with the ECN Congestion Experienced (CE) codepoint in the IP headerSHOULD<bcp14>SHOULD</bcp14> be acknowledged immediately, to reduce the peer's response time to congestion events.</t> <t>The algorithms in <xref target="QUIC-RECOVERY" format="default"/> are expected to be resilient to receivers that do not follow the guidance offered above. However, an implementation should only deviate from these requirements after careful consideration of the performance implications of a change, for connections made by the endpoint and for other users of the network.</t><t>An endpoint that is only sending ACK frames will not receive acknowledgments from its peer unless those acknowledgments are included in packets with ack-eliciting frames. An endpoint SHOULD send an ACK frame with other frames when there are new ack-eliciting packets to acknowledge. When only non-ack-eliciting packets need to be acknowledged, an endpoint MAY wait until an ack-eliciting packet has been received to include an ACK frame with outgoing frames.</t> <t>A receiver MUST NOT send an ack-eliciting frame in all packets that would otherwise be non-ack-eliciting, to avoid an infinite feedback loop of acknowledgments.</t></section> <section anchor="acknowledgment-frequency" numbered="true" toc="default"> <name>Acknowledgment Frequency</name> <t>A receiver determines how frequently to send acknowledgments in response to ack-eliciting packets. This determination involves a trade-off.</t> <t>Endpoints rely on timely acknowledgment to detect loss; seeSection 6 of<xref section="6" sectionFormat="of" target="QUIC-RECOVERY" format="default"/>. Window-based congestion controllers, such as the one described inSection 7 of<xref section="7" sectionFormat="of" target="QUIC-RECOVERY" format="default"/>, rely on acknowledgments to manage their congestion window. In both cases, delaying acknowledgments can adversely affect performance.</t> <t>On the other hand, reducing the frequency of packets that carry only acknowledgments reduces packet transmission and processing cost at both endpoints. It can improve connection throughput on severely asymmetric links and reduce the volume of acknowledgment traffic using return path capacity; seeSection 3 of<xref section="3" sectionFormat="of" target="RFC3449" format="default"/>.</t> <t>A receiverSHOULD<bcp14>SHOULD</bcp14> send an ACK frame after receiving at least two ack-eliciting packets. This recommendation is general in nature and consistent with recommendations for TCP endpoint behavior <xref target="RFC5681" format="default"/>. Knowledge of network conditions, knowledge of the peer's congestion controller, or further research and experimentation might suggest alternative acknowledgment strategies with better performance characteristics.</t> <t>A receiverMAY<bcp14>MAY</bcp14> process multiple available packets before determining whether to send an ACK frame in response.</t> </section> <section anchor="managing-ack-ranges" numbered="true" toc="default"> <name>Managing ACK Ranges</name> <t>When an ACK frame is sent, one or more ranges of acknowledged packets are included. Including acknowledgments for older packets reduces the chance of spurious retransmissions caused by losing previously sent ACK frames, at the cost of larger ACK frames.</t> <t>ACK framesSHOULD<bcp14>SHOULD</bcp14> always acknowledge the most recently received packets, and the moreout-of-orderout of order the packets are, the more important it is to send an updated ACK frame quickly, to prevent the peer from declaring a packet as lost and spuriously retransmitting the frames it contains. An ACK frame is expected to fit within a single QUIC packet. If it does not, then older ranges (those with the smallest packet numbers) are omitted.</t> <t>A receiver limits the number of ACK Ranges (<xref target="ack-ranges" format="default"/>) it remembers and sends in ACK frames, both to limit the size of ACK frames and to avoid resource exhaustion. After receiving acknowledgments for an ACK frame, the receiverSHOULD<bcp14>SHOULD</bcp14> stop tracking those acknowledged ACK Ranges. Senders can expect acknowledgments for most packets, but QUIC does not guarantee receipt of an acknowledgment for every packet that the receiver processes.</t> <t>It is possible that retaining many ACK Ranges could cause an ACK frame to become too large. A receiver can discard unacknowledged ACK Ranges to limit ACK frame size, at the cost of increased retransmissions from the sender. This is necessary if an ACK frame would be too large to fit in a packet. ReceiversMAY<bcp14>MAY</bcp14> also limit ACK frame size further to preserve space for other frames or to limit the capacity that acknowledgments consume.</t> <t>A receiverMUST<bcp14>MUST</bcp14> retain an ACK Range unless it can ensure that it will not subsequently accept packets with numbers in that range. Maintaining a minimum packet number that increases as ranges are discarded is one way to achieve this with minimal state.</t> <t>Receivers can discard all ACK Ranges, but theyMUST<bcp14>MUST</bcp14> retain the largest packet number that has been successfullyprocessedprocessed, as that is used to recover packet numbers from subsequent packets; see <xref target="packet-encoding" format="default"/>.</t> <t>A receiverSHOULD<bcp14>SHOULD</bcp14> include an ACK Range containing the largest received packet number in every ACK frame. The Largest Acknowledged field is used in ECN validation at asendersender, and including a lower value than what was included in a previous ACK frame could cause ECN to be unnecessarily disabled; see <xref target="ecn-validation" format="default"/>.</t> <t><xref target="ack-tracking" format="default"/> describes an exemplary approach for determining what packets to acknowledge in each ACK frame. Though the goal of this algorithm is to generate an acknowledgment for every packet that is processed, it is still possible for acknowledgments to be lost.</t> </section> <section anchor="ack-tracking" numbered="true" toc="default"> <name>Limiting Ranges by Tracking ACK Frames</name> <t>When a packet containing an ACK frame is sent, thelargest acknowledgedLargest Acknowledged field in that frame can be saved. When a packet containing an ACK frame is acknowledged, the receiver can stop acknowledging packets less than or equal to thelargest acknowledgedLargest Acknowledged field in the sent ACK frame.</t> <t>A receiver that sends only non-ack-eliciting packets, such as ACK frames, might not receive an acknowledgment for a long period of time. This could cause the receiver to maintain state for a large number of ACK frames for a long period of time, and ACK frames it sends could be unnecessarily large. In such a case, a receiver could send a PING or other small ack-eliciting frame occasionally, such as once per round trip, to elicit an ACK from the peer.</t> <t>In cases without ACK frame loss, this algorithm allows for a minimum of 1 RTT of reordering. In cases with ACK frame loss and reordering, this approach does not guarantee that every acknowledgment is seen by the sender before it is no longer included in the ACK frame. Packets could be received out oforderorder, and all subsequent ACK frames containing them could be lost. In this case, the loss recovery algorithm could cause spurious retransmissions, but the sender will continue making forward progress.</t> </section> <section anchor="host-delay" numbered="true" toc="default"> <name>Measuring and Reporting Host Delay</name> <t>An endpoint measures the delays intentionally introduced between the time the packet with the largest packet number is received and the time an acknowledgment is sent. The endpoint encodes this acknowledgment delay in the ACK Delay field of an ACK frame; see <xref target="frame-ack" format="default"/>. This allows the receiver of the ACK frame to adjust for any intentional delays, which is important for getting a better estimate of the path RTT when acknowledgments are delayed.</t> <t>A packet might be held in the OS kernel or elsewhere on the host before being processed. An endpointMUST NOT<bcp14>MUST NOT</bcp14> include delays that it does not control when populating the ACK Delay field in an ACK frame. However, endpointsSHOULD<bcp14>SHOULD</bcp14> include buffering delays caused by unavailability of decryption keys, since these delays can be large and are likely to be non-repeating.</t> <t>When the measured acknowledgment delay is larger than its max_ack_delay, an endpointSHOULD<bcp14>SHOULD</bcp14> report the measured delay. This information is especially useful during the handshake when delays might be large; see <xref target="sending-acknowledgments" format="default"/>.</t> </section> <section anchor="ack-frames-and-packet-protection" numbered="true" toc="default"> <name>ACK Frames and Packet Protection</name> <t>ACK framesMUST<bcp14>MUST</bcp14> only be carried in a packet that has the same packet number space as the packet being acknowledged; see <xref target="packet-protected" format="default"/>. For instance, packets that are protected with 1-RTT keysMUST<bcp14>MUST</bcp14> be acknowledged in packets that are also protected with 1-RTT keys.</t> <t>Packets that a client sends with 0-RTT packet protectionMUST<bcp14>MUST</bcp14> be acknowledged by the server in packets protected by 1-RTT keys. This can mean that the client is unable to use these acknowledgments if the server cryptographic handshake messages are delayed or lost. Note that the same limitation applies to other data sent by the server protected by the 1-RTT keys.</t> </section> <section anchor="padding-frames-consume-congestion-window" numbered="true" toc="default"> <name>PADDING Frames Consume Congestion Window</name> <t>Packets containing PADDING frames are considered to be in flight for congestion control purposes <xref target="QUIC-RECOVERY" format="default"/>. Packets containing only PADDING frames therefore consume congestion window but do not generate acknowledgments that will open the congestion window. To avoid a deadlock, a senderSHOULD<bcp14>SHOULD</bcp14> ensure that other frames are sent periodically in addition to PADDING frames to elicit acknowledgments from the receiver.</t> </section> </section> <section anchor="retransmission-of-information" numbered="true" toc="default"> <name>Retransmission of Information</name> <t>QUIC packets that are determined to be lost are not retransmitted whole. The same applies to the frames that are contained within lost packets. Instead, the information that might be carried in frames is sent again in new frames as needed.</t> <t>New frames and packets are used to carry information that is determined to have been lost. In general, information is sent again when a packet containing that information is determined to belostlost, and sending ceases when a packet containing that information is acknowledged.</t> <ul spacing="normal"> <li>Data sent in CRYPTO frames is retransmitted according to the rules in <xref target="QUIC-RECOVERY" format="default"/>, until all data has been acknowledged. Data in CRYPTO frames for Initial and Handshake packets is discarded when keys for the corresponding packet number space are discarded.</li> <li>Application data sent in STREAM frames is retransmitted in new STREAM frames unless the endpoint has sent a RESET_STREAM for that stream. Once an endpoint sends a RESET_STREAM frame, no further STREAM frames are needed.</li> <li>ACK frames carry the most recent set of acknowledgments and the acknowledgment delay from the largest acknowledged packet, as described in <xref target="sending-acknowledgments" format="default"/>. Delaying the transmission of packets containing ACK frames or resending old ACK frames can cause the peer to generate an inflated RTT sample or unnecessarily disable ECN.</li> <li>Cancellation of stream transmission, as carried in a RESET_STREAM frame, is sent until acknowledged or until all stream data is acknowledged by the peer (that is, either the "Reset Recvd" or "Data Recvd" state is reached on the sending part of the stream). The content of a RESET_STREAM frameMUST NOT<bcp14>MUST NOT</bcp14> change when it is sent again.</li> <li>Similarly, a request to cancel stream transmission, as encoded in a STOP_SENDING frame, is sent until the receiving part of the stream enters either a "Data Recvd" or "Reset Recvd" state; see <xref target="solicited-state-transitions" format="default"/>.</li> <li>Connection close signals, including packets that contain CONNECTION_CLOSE frames, are not sent again when packet loss isdetected, but asdetected. Resending these signals is described in <xref target="termination" format="default"/>.</li> <li>The current connection maximum data is sent in MAX_DATA frames. An updated value is sent in a MAX_DATA frame if the packet containing the most recently sent MAX_DATA frame is declaredlost,lost or when the endpoint decides to update the limit. Care is necessary to avoid sending this frame toooftenoften, as the limit can increase frequently and cause an unnecessarily large number of MAX_DATA frames to be sent; see <xref target="fc-credit" format="default"/>.</li> <li>The current maximum stream data offset is sent in MAX_STREAM_DATA frames. Like MAX_DATA, an updated value is sent when the packet containing the most recent MAX_STREAM_DATA frame for a stream is lost or when the limit is updated, with care taken to prevent the frame from being sent too often. An endpointSHOULD<bcp14>SHOULD</bcp14> stop sending MAX_STREAM_DATA frames when the receiving part of the stream enters a "Size Known" or "Reset Recvd" state.</li> <li>The limit on streams of a given type is sent in MAX_STREAMS frames. Like MAX_DATA, an updated value is sent when a packet containing the most recent MAX_STREAMS for a stream type frame is declared lost or when the limit is updated, with care taken to prevent the frame from being sent too often.</li> <li>Blocked signals are carried in DATA_BLOCKED, STREAM_DATA_BLOCKED, and STREAMS_BLOCKED frames. DATA_BLOCKED frames have connection scope, STREAM_DATA_BLOCKED frames have stream scope, and STREAMS_BLOCKED frames are scoped to a specific stream type.New frames areA new frame is sent ifpacketsa packet containing the most recent frame for a scope is lost, but only while the endpoint is blocked on the corresponding limit. These frames always include the limit that is causing blocking at the time that they are transmitted.</li> <li>A liveness or path validation check using PATH_CHALLENGE frames is sent periodically until a matching PATH_RESPONSE frame is received or until there is no remaining need for liveness or path validation checking. PATH_CHALLENGE frames include a different payload each time they are sent.</li> <li>Responses to path validation using PATH_RESPONSE frames are sent just once. The peer is expected to send more PATH_CHALLENGE frames as necessary to evoke additional PATH_RESPONSE frames.</li> <li>New connection IDs are sent in NEW_CONNECTION_ID frames and retransmitted if the packet containing them is lost. Retransmissions of this frame carry the same sequence number value. Likewise, retired connection IDs are sent in RETIRE_CONNECTION_ID frames and retransmitted if the packet containing them is lost.</li> <li>NEW_TOKEN frames are retransmitted if the packet containing them is lost. No special support is made for detecting reordered and duplicated NEW_TOKEN frames other than a direct comparison of the frame contents.</li> <li>PING and PADDING frames contain no information, so lost PING or PADDING frames do not require repair.</li> <li>The HANDSHAKE_DONE frameMUST<bcp14>MUST</bcp14> be retransmitted until it is acknowledged.</li> </ul> <t>EndpointsSHOULD<bcp14>SHOULD</bcp14> prioritize retransmission of data over sending new data, unless priorities specified by the application indicate otherwise; see <xref target="stream-prioritization" format="default"/>.</t> <t>Even though a sender is encouraged to assemble frames containing up-to-date information every time it sends a packet, it is not forbidden to retransmit copies of frames from lost packets. A sender that retransmits copies of frames needs to handle decreases in available payload size due tochangechanges in packet number length, connection ID length, and path MTU. A receiverMUST<bcp14>MUST</bcp14> accept packets containing an outdated frame, such as a MAX_DATA frame carrying a smaller maximum data value than one found in an older packet.</t> <t>A senderSHOULD<bcp14>SHOULD</bcp14> avoid retransmitting information from packets once they are acknowledged. This includes packets that are acknowledged after being declared lost, which can happen in the presence of network reordering. Doing so requires senders to retain information about packets after they are declared lost. A sender can discard this information after a period of time elapses that adequately allows for reordering, such as a PTO(Section 6.2 of <xref(<xref section="6.2" sectionFormat="of" target="QUIC-RECOVERY" format="default"/>), or based on other events, such as reaching a memory limit.</t> <t>Upon detecting losses, a senderMUST<bcp14>MUST</bcp14> take appropriate congestion control action. The details of loss detection and congestion control are described in <xref target="QUIC-RECOVERY" format="default"/>.</t> </section> <section anchor="ecn" numbered="true" toc="default"> <name>Explicit Congestion Notification</name> <t>QUIC endpoints can useExplicit Congestion Notification (ECN)ECN <xref target="RFC3168" format="default"/> to detect and respond to network congestion. ECN allows an endpoint to set anECTECN-Capable Transport (ECT) codepoint in the ECN field of an IP packet. A network node can then indicate congestion by setting theCEECN-CE codepoint in the ECN field instead of dropping the packet <xref target="RFC8087" format="default"/>. Endpoints react to reported congestion by reducing their sending rate in response, as described in <xref target="QUIC-RECOVERY" format="default"/>.</t> <t>To enable ECN, a sending QUIC endpoint first determines whether a path supports ECN marking and whether the peer reports the ECN values in received IP headers; see <xref target="ecn-validation" format="default"/>.</t> <section anchor="reporting-ecn-counts" numbered="true" toc="default"> <name>Reporting ECN Counts</name><t>Use<t>The use of ECN requires the receiving endpoint to read the ECN field from an IP packet, which is not possible on all platforms. If an endpoint does not implement ECN support or does not have access to received ECN fields, it does not report ECN counts for packets it receives.</t> <t>Even if an endpoint does not set an ECT fieldonin packets it sends, the endpointMUST<bcp14>MUST</bcp14> provide feedback about ECN markings it receives, if these are accessible. Failing to report the ECN counts will cause the sender to disable the use of ECN for this connection.</t> <t>On receiving an IP packet with an ECT(0),ECT(1)ECT(1), orCEECN-CE codepoint, an ECN-enabled endpoint accesses the ECN field and increases the corresponding ECT(0), ECT(1), orCEECN-CE count. These ECN counts are included in subsequent ACK frames; see Sections <xreftarget="generating-acks" format="default"/>format="counter" target="generating-acks"/> and <xreftarget="frame-ack" format="default"/>.</t>format="counter" target="frame-ack"/>.</t> <t>Each packet number space maintains separate acknowledgment state and separate ECN counts. Coalesced QUIC packets (see <xref target="packet-coalesce" format="default"/>) share the same IP header so the ECN counts are incremented once for each coalesced QUIC packet.</t> <t>For example, if one each of an Initial, Handshake, and 1-RTT QUIC packet are coalesced into a single UDP datagram, the ECN counts for all three packet number spaces will be incremented by one each, based on the ECN field of the single IP header.</t> <t>ECN counts are only incremented when QUIC packets from the received IP packet are processed. As such, duplicate QUIC packets are not processed and do not increase ECN counts; see <xref target="security-ecn" format="default"/> for relevant security concerns.</t> </section> <section anchor="ecn-validation" numbered="true" toc="default"> <name>ECN Validation</name> <t>It is possible for faulty network devices to corrupt or erroneously drop packets that carry a non-zero ECN codepoint. To ensure connectivity in the presence of such devices, an endpoint validates the ECN counts for each network path and disables the use of ECN on that path if errors are detected.</t> <t>To perform ECN validation for a new path:</t> <ul spacing="normal"> <li>The endpoint sets an ECT(0) codepoint in the IP header of early outgoing packets sent on a new path to the peer(<xref<xref target="RFC8311"format="default"/>).</li>format="default"/>.</li> <li>The endpoint monitors whether all packets sent with an ECT codepoint are eventually deemed lost(Section 6 of <xref(<xref section="6" sectionFormat="of" target="QUIC-RECOVERY" format="default"/>), indicating that ECN validation has failed.</li> </ul> <t>If an endpoint has cause to expect that IP packets with an ECT codepoint might be dropped by a faulty network element, the endpoint could set an ECT codepoint for only the first ten outgoing packets on a path, or for a period of three PTOs (seeSection 6.2 of<xref section="6.2" sectionFormat="of" target="QUIC-RECOVERY" format="default"/>). If all packets marked with non-zero ECN codepoints are subsequently lost, it can disable marking on the assumption that the marking caused the loss.</t> <t>An endpoint thus attempts to use ECN and validates this for each new connection, when switching to a server's preferred address, and on active connection migration to a new path. <xref target="ecn-alg" format="default"/> describes one possible algorithm.</t> <t>Other methods of probing paths for ECN support are possible, as are different marking strategies. ImplementationsMAY<bcp14>MAY</bcp14> use other methods defined in RFCs; see <xref target="RFC8311" format="default"/>. Implementations that use the ECT(1) codepoint need to perform ECN validation using the reported ECT(1) counts.</t> <section anchor="ecn-ack" numbered="true" toc="default"> <name>Receiving ACK Frames with ECN Counts</name> <t>Erroneous application ofCEECN-CE markings by the network can result in degraded connection performance. An endpoint that receives an ACK frame with ECN counts therefore validates the counts before using them. It performs this validation by comparing newly received counts against those from the last successfully processed ACK frame. Any increase in the ECN counts is validated based on the ECN markings that were applied to packets that are newly acknowledged in the ACK frame.</t> <t>If an ACK frame newly acknowledges a packet that the endpoint sent with either the ECT(0) or ECT(1) codepoint set, ECN validation fails if the corresponding ECN counts are not present in the ACK frame. This check detects a network element that zeroes the ECN field or a peer that does not report ECN markings.</t> <t>ECN validation also fails if the sum of the increase in ECT(0) and ECN-CE counts is less than the number of newly acknowledged packets that were originally sent with an ECT(0) marking. Similarly, ECN validation fails if the sum of the increases to ECT(1) and ECN-CE counts is less than the number of newly acknowledged packets sent with an ECT(1) marking. These checks can detect remarking of ECN-CE markings by the network.</t> <t>An endpoint could miss acknowledgments for a packet when ACK frames are lost. It is therefore possible for the total increase in ECT(0), ECT(1), and ECN-CE counts to be greater than the number of packets that are newly acknowledged by an ACK frame. This is why ECN counts are permitted to be larger than the total number of packets that are acknowledged.</t> <t>Validating ECN counts from reordered ACK frames can result in failure. An endpointMUST NOT<bcp14>MUST NOT</bcp14> fail ECN validation as a result of processing an ACK frame that does not increase the largest acknowledged packet number.</t> <t>ECN validation can fail if the received total count for either ECT(0) or ECT(1) exceeds the total number of packets sent with each corresponding ECT codepoint. In particular, validation will fail when an endpoint receives a non-zero ECN count corresponding to an ECT codepoint that it never applied. This check detects when packets are remarked to ECT(0) or ECT(1) in the network.</t> </section> <section anchor="ecn-validation-outcomes" numbered="true" toc="default"> <name>ECN Validation Outcomes</name> <t>If validation fails, then the endpointMUST<bcp14>MUST</bcp14> disable ECN. It stops setting the ECT codepoint in IP packets that it sends, assuming that either the network path or the peer does not support ECN.</t> <t>Even if validation fails, an endpointMAY<bcp14>MAY</bcp14> revalidate ECN for the same path at any later time in the connection. An endpoint could continue to periodically attempt validation.</t> <t>Upon successful validation, an endpointMAY<bcp14>MAY</bcp14> continue to set an ECT codepoint in subsequent packets it sends, with the expectation that the path isECN-capable.ECN capable. Network routing and path elements canhoweverchange mid-connection; an endpointMUST<bcp14>MUST</bcp14> disable ECN if validation later fails.</t> </section> </section> </section> </section> <section anchor="datagram-size" numbered="true" toc="default"> <name>Datagram Size</name> <t>A UDP datagram can include one or more QUIC packets. The datagram size refers to the total UDP payload size of a single UDP datagram carrying QUIC packets. The datagram size includes one or more QUIC packet headers and protected payloads, but not the UDP or IP headers.</t> <t>The maximum datagram size is defined as the largest size of UDP payload that can be sent across a network path using a single UDP datagram. QUICMUST NOT<bcp14>MUST NOT</bcp14> be used if the network path cannot support a maximum datagram size of at least 1200 bytes.</t> <t>QUIC assumes a minimum IP packet size of at least 1280 bytes. This is the IPv6 minimum size(<xref<xref target="IPv6"format="default"/>)format="default"/> and is also supported by most modern IPv4 networks. Assuming the minimum IP header size of 40 bytes for IPv6 and 20 bytes for IPv4 and a UDP header size of 8 bytes, this results in a maximum datagram size of 1232 bytes for IPv6 and 1252 bytes for IPv4. Thus, modern IPv4 and all IPv6 network paths are expected to be able to support QUIC.</t><dl> <dt> Note: </dt> <dd> <t>This<aside> <t>Note: This requirement to support a UDP payload of 1200 bytes limits the space available for IPv6 extension headers to 32 bytes or IPv4 options to 52 bytes if the path only supports the IPv6 minimum MTU of 1280 bytes. This affects Initial packets and path validation.</t></dd> </dl></aside> <t>Any maximum datagram size larger than 1200 bytes can be discovered using Path Maximum Transmission Unit Discovery(PMTUD; see(PMTUD) (see <xref target="pmtud" format="default"/>) or Datagram Packetization Layer PMTU Discovery(DPLPMTUD; see(DPLPMTUD) (see <xref target="dplpmtud" format="default"/>).</t> <t>Enforcement of the max_udp_payload_size transport parameter (<xref target="transport-parameter-definitions" format="default"/>) might act as an additional limit on the maximum datagram size. A sender can avoid exceeding this limit, once the value is known. However, prior to learning the value of the transport parameter, endpoints risk datagrams being lost if they send datagrams larger than the smallest allowed maximum datagram size of 1200 bytes.</t> <t>UDP datagramsMUST NOT<bcp14>MUST NOT</bcp14> be fragmented at the IP layer. In IPv4(<xref<xref target="IPv4"format="default"/>),format="default"/>, theDFDon't Fragment (DF) bitMUST<bcp14>MUST</bcp14> be set if possible, to prevent fragmentation on the path.</t> <t>QUIC sometimes requires datagrams to be no smaller than a certain size; see <xref target="validate-handshake" format="default"/> as an example. However, the size of a datagram is not authenticated. That is, if an endpoint receives a datagram of a certain size, it cannot know that the sender sent the datagram at the same size. Therefore, an endpointMUST NOT<bcp14>MUST NOT</bcp14> close a connection when it receives a datagram that does not meet size constraints; the endpointMAY however<bcp14>MAY</bcp14> discard such datagrams.</t> <section anchor="initial-size" numbered="true" toc="default"> <name>Initial Datagram Size</name> <t>A clientMUST<bcp14>MUST</bcp14> expand the payload of all UDP datagrams carrying Initial packets to at least the smallest allowed maximum datagram size of 1200 bytes by adding PADDING frames to the Initial packet or by coalescing the Initial packet; see <xref target="packet-coalesce" format="default"/>. Initial packets can even be coalesced with invalid packets, which a receiver will discard. Similarly, a serverMUST<bcp14>MUST</bcp14> expand the payload of all UDP datagrams carrying ack-eliciting Initial packets to at least the smallest allowed maximum datagram size of 1200 bytes.</t> <t>Sending UDP datagrams of this size ensures that the network path supports a reasonable Path Maximum Transmission Unit (PMTU), in both directions. Additionally, a client that expands Initial packets helps reduce the amplitude of amplification attacks caused by server responses toward an unverified client address; see <xref target="address-validation" format="default"/>.</t> <t>Datagrams containing Initial packetsMAY<bcp14>MAY</bcp14> exceed 1200 bytes if the sender believes that the network path and peer both support the size that it chooses.</t> <t>A serverMUST<bcp14>MUST</bcp14> discard an Initial packet that is carried in a UDP datagram with a payload that is smaller than the smallest allowed maximum datagram size of 1200 bytes. A serverMAY<bcp14>MAY</bcp14> also immediately close the connection by sending a CONNECTION_CLOSE frame with an error code of PROTOCOL_VIOLATION; see <xref target="immediate-close-hs" format="default"/>.</t> <t>The serverMUST<bcp14>MUST</bcp14> also limit the number of bytes it sends before validating the address of the client; see <xref target="address-validation" format="default"/>.</t> </section> <section anchor="path-maximum-transmission-unit" numbered="true" toc="default"> <name>Path Maximum Transmission Unit</name> <t>ThePath Maximum Transmission Unit (PMTU)PMTU is the maximum size of the entire IPpacketpacket, including the IP header, UDP header, and UDP payload. The UDP payload includes one or more QUIC packet headers and protected payloads. The PMTU can depend on pathcharacteristics,characteristics and can therefore change over time. The largest UDP payload an endpoint sends at any given time is referred to as the endpoint's maximum datagram size.</t> <t>An endpointSHOULD<bcp14>SHOULD</bcp14> use DPLPMTUD (<xref target="dplpmtud" format="default"/>) or PMTUD (<xref target="pmtud" format="default"/>) to determine whether the path to a destination will support a desired maximum datagram size without fragmentation. In the absence of these mechanisms, QUIC endpointsSHOULD NOT<bcp14>SHOULD NOT</bcp14> send datagrams larger than the smallest allowed maximum datagram size.</t> <t>Both DPLPMTUD and PMTUD send datagrams that are larger than the current maximum datagram size, referred to as PMTU probes. All QUIC packets that are not sent in a PMTU probeSHOULD<bcp14>SHOULD</bcp14> be sized to fit within the maximum datagram size to avoid the datagram being fragmented or dropped(<xref<xref target="RFC8085"format="default"/>).</t>format="default"/>.</t> <t>If a QUIC endpoint determines that the PMTU between any pair of local and remote IP addresses cannot support the smallest allowed maximum datagram size of 1200 bytes, itMUST<bcp14>MUST</bcp14> immediately cease sending QUIC packets, except for those in PMTU probes or those containing CONNECTION_CLOSE frames, on the affected path. An endpointMAY<bcp14>MAY</bcp14> terminate the connection if an alternative path cannot be found.</t> <t>Each pair of local and remote addresses could have a different PMTU. QUIC implementations that implement any kind of PMTU discovery thereforeSHOULD<bcp14>SHOULD</bcp14> maintain a maximum datagram size for each combination of local and remote IP addresses.</t> <t>A QUIC implementationMAY<bcp14>MAY</bcp14> be more conservative in computing the maximum datagram size to allow for unknown tunnel overheads or IP header options/extensions.</t> <section anchor="pmtud" numbered="true" toc="default"> <name>Handling of ICMP Messages by PMTUD</name><t>Path Maximum Transmission Unit Discovery (PMTUD;<t>PMTUD <xref target="RFC1191"format="default"/>,format="default"/> <xref target="RFC8201"format="default"/>)format="default"/> relies on reception of ICMP messages(e.g.,(that is, IPv6 Packet Too Big (PTB) messages) that indicate when an IP packet is dropped because it is larger than the local router MTU. DPLPMTUD can also optionally use these messages. This use of ICMP messages is potentially vulnerable to attacks by entities that cannot observe packets but might successfully guess the addresses used on the path. These attacks could reduce the PMTU to a bandwidth-inefficient value.</t> <t>An endpointMUST<bcp14>MUST</bcp14> ignore an ICMP message that claims the PMTU has decreased below QUIC's smallest allowed maximum datagram size.</t> <t>The requirements for generating ICMP(<xref<xref target="RFC1812"format="default"/>,format="default"/> <xref target="RFC4443"format="default"/>)format="default"/> state that the quoted packet should contain as much of the original packet as possible without exceeding the minimum MTU for the IP version. The size of the quoted packet can actually be smaller, or the information unintelligible, as described inSection 1.1 of<xref section="1.1" sectionFormat="of" target="DPLPMTUD" format="default"/>.</t> <t>QUIC endpoints using PMTUDSHOULD<bcp14>SHOULD</bcp14> validate ICMP messages to protect from packet injection as specified in <xref target="RFC8201" format="default"/> andSection 5.2 of<xref section="5.2" sectionFormat="of" target="RFC8085" format="default"/>. This validationSHOULD<bcp14>SHOULD</bcp14> use the quoted packet supplied in the payload of an ICMP message to associate the message with a corresponding transport connection (seeSection 4.6.1 of<xref section="4.6.1" sectionFormat="of" target="DPLPMTUD" format="default"/>). ICMP message validationMUST<bcp14>MUST</bcp14> include matching IP addresses and UDP ports(<xref<xref target="RFC8085"format="default"/>)format="default"/> and, when possible, connection IDs to an active QUIC session. The endpointSHOULD<bcp14>SHOULD</bcp14> ignore all ICMP messages that fail validation.</t> <t>An endpointMUST NOT<bcp14>MUST NOT</bcp14> increase the PMTU based on ICMP messages; seeSection 3, clauseItem 6ofin <xref section="3" sectionFormat="of" target="DPLPMTUD" format="default"/>. Any reduction in QUIC's maximum datagram size in response to ICMP messagesMAY<bcp14>MAY</bcp14> be provisional until QUIC's loss detection algorithm determines that the quoted packet has actually been lost.</t> </section> </section> <section anchor="dplpmtud" numbered="true" toc="default"> <name>Datagram Packetization Layer PMTU Discovery</name><t>Datagram Packetization Layer PMTU Discovery (DPLPMTUD;<t>DPLPMTUD <xref target="DPLPMTUD"format="default"/>)format="default"/> relies on tracking loss or acknowledgment of QUIC packets that are carried in PMTU probes. PMTU probes for DPLPMTUD that use the PADDING frame implement "Probing using padding data", as defined inSection 4.1 of<xref section="4.1" sectionFormat="of" target="DPLPMTUD" format="default"/>.</t> <t>EndpointsSHOULD<bcp14>SHOULD</bcp14> set the initial value of BASE_PLPMTU(Section 5.1 of <xref(<xref section="5.1" sectionFormat="of" target="DPLPMTUD" format="default"/>) to be consistent with QUIC's smallest allowed maximum datagram size. The MIN_PLPMTU is the same as the BASE_PLPMTU.</t> <t>QUIC endpoints implementing DPLPMTUD maintain a DPLPMTUD Maximum Packet Size(MPS, Section 4.4 of <xref(MPS) (<xref section="4.4" sectionFormat="of" target="DPLPMTUD" format="default"/>) for each combination of local and remote IP addresses. This corresponds to the maximum datagram size.</t> <section anchor="dplpmtud-and-initial-connectivity" numbered="true" toc="default"> <name>DPLPMTUD and Initial Connectivity</name> <t>From the perspective of DPLPMTUD, QUIC is an acknowledged Packetization Layer (PL). A QUIC sender can therefore enter the DPLPMTUD BASE state(Section 5.2 of <xref(<xref section="5.2" sectionFormat="of" target="DPLPMTUD" format="default"/>) when the QUIC connection handshake has been completed.</t> </section> <section anchor="validating-the-network-path-with-dplpmtud" numbered="true" toc="default"> <name>Validating the Network Path with DPLPMTUD</name> <t>QUIC is an acknowledgedPL, thereforePL; therefore, a QUIC sender does not implement a DPLPMTUD CONFIRMATION_TIMER while in the SEARCH_COMPLETE state; seeSection 5.2 of<xref section="5.2" sectionFormat="of" target="DPLPMTUD" format="default"/>.</t> </section> <section anchor="handling-of-icmp-messages-by-dplpmtud" numbered="true" toc="default"> <name>Handling of ICMP Messages by DPLPMTUD</name> <t>An endpoint using DPLPMTUD requires the validation of any received ICMPPacket Too Big (PTB)PTB message before using the PTB information, as defined inSection 4.6 of<xref section="4.6" sectionFormat="of" target="DPLPMTUD" format="default"/>. In addition to UDP port validation, QUIC validates an ICMP message by using other PL information (e.g., validation of connection IDs in the quoted packet of any received ICMP message).</t> <t>The considerations for processing ICMP messages described in <xref target="pmtud" format="default"/> also apply if these messages are used by DPLPMTUD.</t> </section> </section> <section anchor="sending-quic-pmtu-probes" numbered="true" toc="default"> <name>Sending QUIC PMTU Probes</name> <t>PMTU probes are ack-eliciting packets.</t> <t>Endpoints could limit the content of PMTU probes to PING and PADDING frames, since packets that are larger than the current maximum datagram size are more likely to be dropped by the network. Loss of a QUIC packet that is carried in a PMTU probe is therefore not a reliable indication of congestion andSHOULD NOT<bcp14>SHOULD NOT</bcp14> trigger a congestion control reaction; seeSection 3, BulletItem 7ofin <xref section="3" sectionFormat="of" target="DPLPMTUD" format="default"/>. However, PMTU probes consume congestion window, which could delay subsequent transmission by an application.</t> <section anchor="pmtu-probes-src-cid" numbered="true" toc="default"> <name>PMTU Probes Containing Source Connection ID</name> <t>Endpoints that rely on thedestination connectionDestination Connection ID field for routing incoming QUIC packets are likely to require that the connection ID be included in PMTU probes to route any resulting ICMP messages (<xref target="pmtud" format="default"/>) back to the correct endpoint. However, only long header packets (<xref target="long-header" format="default"/>) contain the Source Connection ID field, and long header packets are not decrypted or acknowledged by the peer once the handshake is complete.</t> <t>One way to construct a PMTU probe is to coalesce (see <xref target="packet-coalesce" format="default"/>) a packet with a long header, such as a Handshake or 0-RTT packet (<xref target="long-header" format="default"/>), with a short header packet in a single UDP datagram. If the resulting PMTU probe reaches the endpoint, the packet with the long header will be ignored, but the short header packet will be acknowledged. If the PMTU probe causes an ICMP message to be sent, the first part of the probe will be quoted in that message. If the Source Connection ID field is within the quoted portion of the probe, that could be used for routing or validation of the ICMP message.</t><dl> <dt> Note: </dt> <dd> <t>The<aside> <t>Note: The purpose of using a packet with a long header is only to ensure that the quoted packet contained in the ICMP message contains a Source Connection ID field. This packet does not need to be a validpacketpacket, and it can be sent even if there is no current use for packets of that type.</t></dd> </dl></aside> </section> </section> </section> <section anchor="versions" numbered="true" toc="default"> <name>Versions</name> <t>QUIC versions are identified using a 32-bit unsigned number.</t> <t>The version 0x00000000 is reserved to represent version negotiation. This version of the specification is identified by the number 0x00000001.</t> <t>Other versions of QUIC might have different properties from this version. The properties of QUIC that are guaranteed to be consistent across all versions of the protocol are described in <xref target="QUIC-INVARIANTS" format="default"/>.</t> <t>Version 0x00000001 of QUIC uses TLS as a cryptographic handshake protocol, as described in <xref target="QUIC-TLS" format="default"/>.</t> <t>Versions with the most significant 16 bits of the version number cleared are reserved for use in future IETF consensus documents.</t> <t>Versions that follow the pattern 0x?a?a?a?a are reserved for use in forcing version negotiation to beexercised. Thatexercised -- that is, any version number where the low four bits of all bytes is 1010 (in binary). A client or serverMAY<bcp14>MAY</bcp14> advertise support for any of these reserved versions.</t> <t>Reserved version numbers will never represent a real protocol; a clientMAY<bcp14>MAY</bcp14> use one of these version numbers with the expectation that the server will initiate version negotiation; a serverMAY<bcp14>MAY</bcp14> advertise support for one of these versions and can expect that clients ignore the value.</t> </section> <section anchor="integer-encoding" numbered="true" toc="default"> <name>Variable-Length Integer Encoding</name> <t>QUIC packets and frames commonly use a variable-length encoding for non-negative integer values. This encoding ensures that smaller integer values need fewer bytes to encode.</t> <t>The QUIC variable-length integer encoding reserves the two most significant bits of the first byte to encode thebase 2base-2 logarithm of the integer encoding length in bytes. The integer value is encoded on the remaining bits, in network byte order.</t> <t>This means that integers are encoded on 1, 2, 4, or 8 bytes and can encode 6-, 14-, 30-, or 62-bitvaluesvalues, respectively. <xref target="integer-summary" format="default"/> summarizes the encoding properties.</t> <table anchor="integer-summary" align="center"> <name>Summary of Integer Encodings</name> <thead> <tr> <thalign="left">2Bit</th>align="left">2MSB</th> <th align="left">Length</th> <th align="left">Usable Bits</th> <th align="left">Range</th> </tr> </thead> <tbody> <tr> <td align="left">00</td> <td align="left">1</td> <td align="left">6</td> <td align="left">0-63</td> </tr> <tr> <td align="left">01</td> <td align="left">2</td> <td align="left">14</td> <td align="left">0-16383</td> </tr> <tr> <td align="left">10</td> <td align="left">4</td> <td align="left">30</td> <td align="left">0-1073741823</td> </tr> <tr> <td align="left">11</td> <td align="left">8</td> <td align="left">62</td> <td align="left">0-4611686018427387903</td> </tr> </tbody> </table><t>Examples and<t>An example of asampledecoding algorithm and sample encodings are shown in <xref target="sample-varint" format="default"/>.</t> <t>Values do not need to be encoded on the minimum number of bytes necessary, with the sole exception of the Frame Type field; see <xref target="frames" format="default"/>.</t> <t>Versions (<xref target="versions" format="default"/>), packet numbers sent in the header (<xref target="packet-encoding" format="default"/>), and the length of connection IDs in long header packets (<xref target="long-header" format="default"/>) are described usingintegers,integers but do not use this encoding.</t> </section> <section anchor="packet-formats" numbered="true" toc="default"> <name>Packet Formats</name> <t>All numeric values are encoded in network byte order (that is,big-endian)big endian), and all field sizes are in bits. Hexadecimal notation is used for describing the value of fields.</t> <section anchor="packet-encoding" numbered="true" toc="default"> <name>Packet Number Encoding and Decoding</name> <t>Packet numbers are integers in the range 0 to2^62-12<sup>62</sup>-1 (<xref target="packet-numbers" format="default"/>). When present in long or short packet headers, they are encoded in 1 to 4 bytes. The number of bits required to represent the packet number is reduced by including only the least significant bits of the packet number.</t> <t>The encoded packet number is protected as described inSection 5.4 of<xref section="5.4" sectionFormat="of" target="QUIC-TLS" format="default"/>.</t> <t>Prior to receiving an acknowledgment for a packet number space, the full packet numberMUST<bcp14>MUST</bcp14> be included; it is not to betruncatedtruncated, as described below.</t> <t>After an acknowledgment is received for a packet number space, the senderMUST<bcp14>MUST</bcp14> use a packet number size able to represent more than twice as large a rangethanas the difference between the largest acknowledged packet number and the packet number being sent. A peer receiving the packet will then correctly decode the packet number, unless the packet is delayed in transit such that it arrives after many higher-numbered packets have been received. An endpointSHOULD<bcp14>SHOULD</bcp14> use a large enough packet number encoding to allow the packet number to be recovered even if the packet arrives after packets that are sent afterwards.</t> <t>As a result, the size of the packet number encoding is at least one bit more than the base-2 logarithm of the number of contiguous unacknowledged packet numbers, including the new packet. Pseudocode andexamplesan example for packet number encoding can be found in <xref target="sample-packet-number-encoding" format="default"/>.</t> <t>At a receiver, protection of the packet number is removed prior to recovering the full packet number. The full packet number is then reconstructed based on the number of significant bits present, the value of those bits, and the largest packet number received in a successfully authenticated packet. Recovering the full packet number is necessary to successfullyremovecomplete the removal of packet protection.</t> <t>Once header protection is removed, the packet number is decoded by finding the packet number value that is closest to the next expected packet. The next expected packet is the highest received packet number plus one. Pseudocode and an example for packet number decoding can be found in <xref target="sample-packet-number-decoding" format="default"/>.</t> </section> <section anchor="long-header" numbered="true" toc="default"> <name>Long Header Packets</name> <figure anchor="fig-long-header"> <name>Long Header Packet Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ Long Header Packet { Header Form (1) = 1, Fixed Bit (1) = 1, Long Packet Type (2), Type-Specific Bits (4), Version (32), Destination Connection ID Length (8), Destination Connection ID (0..160), Source Connection ID Length (8), Source Connection ID (0..160), Type-Specific Payload (..), } ]]></artwork> </figure> <t>Long headers are used for packets that are sent prior to the establishment of 1-RTT keys. Once 1-RTT keys are available, a sender switches to sending packets using the short header (<xref target="short-header" format="default"/>). The long form allows for special packets--- such as the Version Negotiation packet--- to be represented in this uniform fixed-length packet format. Packets that use the long header contain the following fields:</t> <dl><dt> Header Form: </dt><dt>Header Form:</dt> <dd> <t>The most significant bit (0x80) of byte 0 (the first byte) is set to 1 for long headers.</t> </dd><dt> Fixed Bit: </dt><dt>Fixed Bit:</dt> <dd> <t>The next bit (0x40) of byte 0 is set to 1, unless the packet is a Version Negotiation packet. Packets containing a zero value for this bit are not valid packets in this version andMUST<bcp14>MUST</bcp14> be discarded. A value of 1 for this bit allows QUIC to coexist with other protocols; see <xref target="RFC7983" format="default"/>.</t> </dd><dt> Long<dt>Long PacketType: </dt>Type:</dt> <dd> <t>The next two bits (those with a mask of 0x30) of byte 0 contain a packet type. Packet types are listed in <xref target="long-packet-types" format="default"/>.</t> </dd><dt> Type-Specific Bits: </dt><dt>Type-Specific Bits:</dt> <dd> <t>The semantics of the lower four bits (those with a mask of 0x0f) of byte 0 are determined by the packet type.</t> </dd><dt> Version: </dt><dt>Version:</dt> <dd> <t>The QUIC Version is a 32-bit field that follows the first byte. This field indicates the version of QUIC that is in use and determines how the rest of the protocol fields are interpreted.</t> </dd><dt> Destination<dt>Destination Connection IDLength: </dt>Length:</dt> <dd> <t>The byte following the version contains the length in bytes of the Destination Connection ID field that follows it. This length is encoded as an 8-bit unsigned integer. In QUIC version 1, this valueMUST NOT<bcp14>MUST NOT</bcp14> exceed20.20 bytes. Endpoints that receive a version 1 long header with a value larger than 20MUST<bcp14>MUST</bcp14> drop the packet. In order to properly form a Version Negotiation packet, serversSHOULD<bcp14>SHOULD</bcp14> be able to read longer connection IDs from other QUIC versions.</t> </dd><dt> Destination<dt>Destination ConnectionID: </dt>ID:</dt> <dd> <t>The Destination Connection ID field follows the Destination Connection ID Length field, which indicates the length of this field. <xref target="negotiating-connection-ids" format="default"/> describes the use of this field in more detail.</t> </dd><dt> Source<dt>Source Connection IDLength: </dt>Length:</dt> <dd> <t>The byte following the Destination Connection ID contains the length in bytes of the Source Connection ID field that follows it. This length is encoded asaan 8-bit unsigned integer. In QUIC version 1, this valueMUST NOT<bcp14>MUST NOT</bcp14> exceed 20 bytes. Endpoints that receive a version 1 long header with a value larger than 20MUST<bcp14>MUST</bcp14> drop the packet. In order to properly form a Version Negotiation packet, serversSHOULD<bcp14>SHOULD</bcp14> be able to read longer connection IDs from other QUIC versions.</t> </dd><dt> Source<dt>Source ConnectionID: </dt>ID:</dt> <dd> <t>The Source Connection ID field follows the Source Connection ID Length field, which indicates the length of this field. <xref target="negotiating-connection-ids" format="default"/> describes the use of this field in more detail.</t> </dd><dt> Type-Specific Payload: </dt><dt>Type-Specific Payload:</dt> <dd> <t>The remainder of the packet, if any, istype-specific.</t>type specific.</t> </dd> </dl> <t>In this version of QUIC, the following packet types with the long header are defined:</t> <table anchor="long-packet-types" align="center"> <name>Long Header Packet Types</name> <thead> <tr> <th align="right">Type</th> <th align="left">Name</th> <th align="left">Section</th> </tr> </thead> <tbody> <tr> <tdalign="right">0x0</td>align="right">0x00</td> <td align="left">Initial</td> <tdalign="left"> <xrefalign="left"><xref target="packet-initial" format="default"/></td> </tr> <tr> <tdalign="right">0x1</td>align="right">0x01</td> <td align="left">0-RTT</td> <tdalign="left"> <xrefalign="left"><xref target="packet-0rtt" format="default"/></td> </tr> <tr> <tdalign="right">0x2</td>align="right">0x02</td> <td align="left">Handshake</td> <tdalign="left"> <xrefalign="left"><xref target="packet-handshake" format="default"/></td> </tr> <tr> <tdalign="right">0x3</td>align="right">0x03</td> <td align="left">Retry</td> <tdalign="left"> <xrefalign="left"><xref target="packet-retry" format="default"/></td> </tr> </tbody> </table> <t>The header form bit, Destination and Source Connection ID lengths, Destination and Source Connection ID fields, and Version fields of a long header packet areversion-independent.version independent. The other fields in the first byte areversion-specific.version specific. See <xref target="QUIC-INVARIANTS" format="default"/> for details on how packets from different versions of QUIC are interpreted.</t> <t>The interpretation of the fields and the payload are specific to a version and packet type. While type-specific semantics for this version are described in the following sections, severallong-headerlong header packets in this version of QUIC contain these additional fields:</t> <dl><dt> Reserved Bits: </dt><dt>Reserved Bits:</dt> <dd> <t>Two bits (those with a mask of 0x0c) of byte 0 are reserved across multiple packet types. These bits are protected using header protection; seeSection 5.4 of<xref section="5.4" sectionFormat="of" target="QUIC-TLS" format="default"/>. The value included prior to protectionMUST<bcp14>MUST</bcp14> be set to 0. An endpointMUST<bcp14>MUST</bcp14> treat receipt of a packet that has a non-zero value for these bits after removing both packet and header protection as a connection error of type PROTOCOL_VIOLATION. Discarding such a packet after only removing header protection can expose the endpoint to attacks; seeSection 9.5 of<xref section="9.5" sectionFormat="of" target="QUIC-TLS" format="default"/>.</t> </dd><dt> Packet<dt>Packet NumberLength: </dt>Length:</dt> <dd> <t>In packet types that contain a Packet Number field, the least significant two bits (those with a mask of 0x03) of byte 0 contain the length of thepacket number,Packet Number field, encoded as anunsigned,unsigned two-bit integer that is one less than the length of thepacket numberPacket Number field in bytes. That is, the length of thepacket numberPacket Number field is the value of thisfield,field plus one. These bits are protected using header protection; seeSection 5.4 of<xref section="5.4" sectionFormat="of" target="QUIC-TLS" format="default"/>.</t> </dd><dt> Length: </dt><dt>Length:</dt> <dd><t>The<t>This is the length of the remainder of the packet (that is, the Packet Number and Payload fields) in bytes, encoded as a variable-length integer (<xref target="integer-encoding" format="default"/>).</t> </dd><dt> Packet Number: </dt><dt>Packet Number:</dt> <dd><t>The packet number<t>This field is 1 to 4 bytes long. The packet number is protected using header protection; seeSection 5.4 of<xref section="5.4" sectionFormat="of" target="QUIC-TLS" format="default"/>. The length of thepacket numberPacket Number field is encoded in the Packet Number Length bits of byte 0; see above.</t> </dd></dl> <section anchor="packet-version" numbered="true" toc="default"> <name>Version Negotiation Packet</name> <t>A Version Negotiation packet<dt>Packet Payload:</dt> <dd> <t>This isinherentlythe payload of the packet -- containing a sequence of frames -- that is protected using packet protection.</t> </dd> </dl> <section anchor="packet-version" numbered="true" toc="default"> <name>Version Negotiation Packet</name> <t>A Version Negotiation packet is inherently notversion-specific.version specific. Upon receipt by a client, it will be identified as a Version Negotiation packet based on the Version field having a value of 0.</t> <t>The Version Negotiation packet is a response to a client packet that contains a version that is not supported by theserver, andserver. It is only sent by servers.</t> <t>The layout of a Version Negotiation packet is:</t> <figure anchor="version-negotiation-format"> <name>Version Negotiation Packet</name> <artwork name="" type="" align="left" alt=""><![CDATA[ Version Negotiation Packet { Header Form (1) = 1, Unused (7), Version (32) = 0, Destination Connection ID Length (8), Destination Connection ID (0..2040), Source Connection ID Length (8), Source Connection ID (0..2040), Supported Version (32) ..., } ]]></artwork> </figure> <t>The value in the Unused field is set to an arbitrary value by the server. ClientsMUST<bcp14>MUST</bcp14> ignore the value of this field. Where QUIC might be multiplexed with other protocols (see <xref target="RFC7983" format="default"/>), serversSHOULD<bcp14>SHOULD</bcp14> set the most significant bit of this field (0x40) to 1 so that Version Negotiation packets appear to have the Fixed Bit field. Note that other versions of QUIC might not make a similar recommendation.</t> <t>The Version field of a Version Negotiation packetMUST<bcp14>MUST</bcp14> be set to 0x00000000.</t> <t>The serverMUST<bcp14>MUST</bcp14> include the value from the Source Connection ID field of the packet it receives in the Destination Connection ID field. The value for Source Connection IDMUST<bcp14>MUST</bcp14> be copied from the Destination Connection ID of the received packet, which is initially randomly selected by a client. Echoing both connection IDs gives clients some assurance that the server received the packet and that the Version Negotiation packet was not generated by an entity that did not observe the Initial packet.</t> <t>Future versions of QUIC could have different requirements for the lengths of connection IDs. In particular, connection IDs might have a smaller minimum length or a greater maximum length. Version-specific rules for the connection ID thereforeMUST NOT<bcp14>MUST NOT</bcp14> influence aserverdecision about whether to send a Version Negotiation packet.</t> <t>The remainder of the Version Negotiation packet is a list of 32-bit versions that the server supports.</t> <t>A Version Negotiation packet is not acknowledged. It is only sent in response to a packet that indicates an unsupported version; see <xref target="server-pkt-handling" format="default"/>.</t> <t>The Version Negotiation packet does not include the Packet Number and Length fields present in other packets that use the long header form. Consequently, a Version Negotiation packet consumes an entire UDP datagram.</t> <t>A serverMUST NOT<bcp14>MUST NOT</bcp14> send more than one Version Negotiation packet in response to a single UDP datagram.</t> <t>See <xref target="version-negotiation" format="default"/> for a description of the version negotiation process.</t> </section> <section anchor="packet-initial" numbered="true" toc="default"> <name>Initial Packet</name> <t>An Initial packet uses long headers with a type value of0x0.0x00. It carries the first CRYPTO frames sent by the client and server to perform key exchange, and it carriesACKsACK frames in either direction.</t> <figure anchor="initial-format"> <name>Initial Packet</name> <artwork name="" type="" align="left" alt=""><![CDATA[ Initial Packet { Header Form (1) = 1, Fixed Bit (1) = 1, Long Packet Type (2) = 0, Reserved Bits (2), Packet Number Length (2), Version (32), Destination Connection ID Length (8), Destination Connection ID (0..160), Source Connection ID Length (8), Source Connection ID (0..160), Token Length (i), Token (..), Length (i), Packet Number (8..32), Packet Payload (8..), } ]]></artwork> </figure> <t>The Initial packet contains a long header as well as the Length and Packet Number fields; see <xref target="long-header" format="default"/>. The first byte contains the Reserved and Packet Number Length bits; see also <xref target="long-header" format="default"/>. Between the Source Connection ID and Length fields, there are two additional fields specific to the Initial packet.</t> <dl><dt> Token Length: </dt><dt>Token Length:</dt> <dd> <t>A variable-length integer specifying the length of the Token field, in bytes. This value iszero0 if no token is present. Initial packets sent by the serverMUST<bcp14>MUST</bcp14> set the Token Length field tozero;0; clients that receive an Initial packet with a non-zero Token Length fieldMUST<bcp14>MUST</bcp14> either discard the packet or generate a connection error of type PROTOCOL_VIOLATION.</t> </dd><dt> Token: </dt><dt>Token:</dt> <dd> <t>The value of the token that was previously provided in a Retry packet or NEW_TOKEN frame; see <xref target="validate-handshake" format="default"/>.</t> </dd><dt> Packet Payload: </dt> <dd> <t>The payload of the packet.</t> </dd></dl> <t>In order to prevent tampering by version-unaware middleboxes, Initial packets are protected with connection- and version-specific keys (Initial keys) as described in <xref target="QUIC-TLS" format="default"/>. This protection does not provide confidentiality or integrity against attackers that can observe packets, butprovides some level of protection againstit does prevent attackers that cannot observe packets from spoofing Initial packets.</t> <t>The client and server use the Initial packet type for any packet that contains an initial cryptographic handshake message. This includes all cases where a new packet containing the initial cryptographic message needs to be created, such as the packets sent after receiving a Retrypacket (<xrefpacket; see <xref target="packet-retry"format="default"/>).</t>format="default"/>.</t> <t>A server sends its first Initial packet in response to a client Initial. A serverMAY<bcp14>MAY</bcp14> send multiple Initial packets. The cryptographic key exchange could require multiple round trips or retransmissions of this data.</t> <t>The payload of an Initial packet includes a CRYPTO frame (or frames) containing a cryptographic handshake message, ACK frames, or both. PING, PADDING, and CONNECTION_CLOSE frames of type 0x1c are also permitted. An endpoint that receives an Initial packet containing other frames can either discard the packet as spurious or treat it as a connection error.</t> <t>The first packet sent by a client always includes a CRYPTO frame that contains the start or all of the first cryptographic handshake message. The first CRYPTO frame sent always begins at an offset of 0; see <xref target="handshake" format="default"/>.</t> <t>Note that if the server sends a TLS HelloRetryRequest (seeSection 4.7 of<xref section="4.7" sectionFormat="of" target="QUIC-TLS" format="default"/>), the client will send another series of Initial packets. These Initial packets will continue the cryptographic handshake and will contain CRYPTO frames starting at an offset matching the size of the CRYPTO frames sent in the first flight of Initial packets.</t> <section anchor="discard-initial" numbered="true" toc="default"> <name>Abandoning Initial Packets</name> <t>A client stops both sending and processing Initial packets when it sends its first Handshake packet. A server stops sending and processing Initial packets when it receives its first Handshake packet. Though packets might still be in flight or awaiting acknowledgment, no further Initial packets need to be exchanged beyond this point. Initial packet protection keys are discarded (seeSection 4.9.1 of<xref section="4.9.1" sectionFormat="of" target="QUIC-TLS" format="default"/>) along with any loss recovery and congestion control state; seeSection 6.4 of<xref section="6.4" sectionFormat="of" target="QUIC-RECOVERY" format="default"/>.</t> <t>Any data in CRYPTO frames is discarded--- and no longer retransmitted--- when Initial keys are discarded.</t> </section> </section> <section anchor="packet-0rtt" numbered="true" toc="default"> <name>0-RTT</name> <t>A 0-RTT packet uses long headers with a type value of0x1,0x01, followed by the Length and Packet Number fields; see <xref target="long-header" format="default"/>. The first byte contains the Reserved and Packet Number Length bits; see <xref target="long-header" format="default"/>. A 0-RTT packet is used to carry "early" data from the client to the server as part of the first flight, prior to handshake completion. As part of the TLS handshake, the server can accept or reject this early data.</t> <t>SeeSection 2.3 of<xref section="2.3" sectionFormat="of" target="TLS13" format="default"/> for a discussion of 0-RTT data and its limitations.</t> <figure> <name>0-RTT Packet</name> <artwork name="" type="" align="left" alt=""><![CDATA[ 0-RTT Packet { Header Form (1) = 1, Fixed Bit (1) = 1, Long Packet Type (2) = 1, Reserved Bits (2), Packet Number Length (2), Version (32), Destination Connection ID Length (8), Destination Connection ID (0..160), Source Connection ID Length (8), Source Connection ID (0..160), Length (i), Packet Number (8..32), Packet Payload (8..), } ]]></artwork> </figure> <t>Packet numbers for 0-RTT protected packets use the same space as 1-RTT protected packets.</t> <t>After a client receives a Retry packet, 0-RTT packets are likely to have been lost or discarded by the server. A clientSHOULD<bcp14>SHOULD</bcp14> attempt to resend data in 0-RTT packets after it sends a new Initial packet. New packet numbersMUST<bcp14>MUST</bcp14> be used for any new packets that are sent; as described in <xref target="retry-continue" format="default"/>, reusing packet numbers could compromise packet protection.</t> <t>A client only receives acknowledgments for its 0-RTT packets once the handshake is complete, as defined inSection 4.1.1 of<xref section="4.1.1" sectionFormat="of" target="QUIC-TLS" format="default"/>.</t> <t>A clientMUST NOT<bcp14>MUST NOT</bcp14> send 0-RTT packets once it starts processing 1-RTT packets from the server. This means that 0-RTT packets cannot contain any response to frames from 1-RTT packets. For instance, a client cannot send an ACK frame in a 0-RTT packet, because that can only acknowledge a 1-RTT packet. An acknowledgment for a 1-RTT packetMUST<bcp14>MUST</bcp14> be carried in a 1-RTT packet.</t> <t>A serverSHOULD<bcp14>SHOULD</bcp14> treat a violation of remembered limits (<xref target="zerortt-parameters" format="default"/>) as a connection error of an appropriate type (for instance, a FLOW_CONTROL_ERROR for exceeding stream data limits).</t> </section> <section anchor="packet-handshake" numbered="true" toc="default"> <name>Handshake Packet</name> <t>A Handshake packet uses long headers with a type value of0x2,0x02, followed by the Length and Packet Number fields; see <xref target="long-header" format="default"/>. The first byte contains the Reserved and Packet Number Length bits; see <xref target="long-header" format="default"/>. It is used to carry cryptographic handshake messages and acknowledgments from the server and client.</t> <figure anchor="handshake-format"> <name>Handshake Protected Packet</name> <artwork name="" type="" align="left" alt=""><![CDATA[ Handshake Packet { Header Form (1) = 1, Fixed Bit (1) = 1, Long Packet Type (2) = 2, Reserved Bits (2), Packet Number Length (2), Version (32), Destination Connection ID Length (8), Destination Connection ID (0..160), Source Connection ID Length (8), Source Connection ID (0..160), Length (i), Packet Number (8..32), Packet Payload (8..), } ]]></artwork> </figure> <t>Once a client has received a Handshake packet from a server, it uses Handshake packets to send subsequent cryptographic handshake messages and acknowledgments to the server.</t> <t>The Destination Connection ID field in a Handshake packet contains a connection ID that is chosen by the recipient of the packet; the Source Connection ID includes the connection ID that the sender of the packet wishes to use; see <xref target="negotiating-connection-ids" format="default"/>.</t> <t>Handshake packets have their own packet number space, and thus the first Handshake packet sent by a server contains a packet number of 0.</t> <t>The payload of this packet contains CRYPTO frames and could contain PING, PADDING, or ACK frames. Handshake packetsMAY<bcp14>MAY</bcp14> contain CONNECTION_CLOSE frames of type 0x1c. EndpointsMUST<bcp14>MUST</bcp14> treat receipt of Handshake packets with other frames as a connection error of type PROTOCOL_VIOLATION.</t> <t>Like Initial packets (see <xref target="discard-initial" format="default"/>), data in CRYPTO frames for Handshake packets is discarded--- and no longer retransmitted--- when Handshake protection keys are discarded.</t> </section> <section anchor="packet-retry" numbered="true" toc="default"> <name>Retry Packet</name><t>A<t>As shown in <xref target="retry-format" format="default"/>, a Retry packet uses a long packet header with a type value of0x3.0x03. It carries an address validation token created by the server. It is used by a server that wishes to perform a retry; see <xref target="validate-handshake" format="default"/>.</t> <figure anchor="retry-format"> <name>Retry Packet</name> <artwork name="" type="" align="left" alt=""><![CDATA[ Retry Packet { Header Form (1) = 1, Fixed Bit (1) = 1, Long Packet Type (2) = 3, Unused (4), Version (32), Destination Connection ID Length (8), Destination Connection ID (0..160), Source Connection ID Length (8), Source Connection ID (0..160), Retry Token (..), Retry Integrity Tag (128), } ]]></artwork> </figure> <t>A Retry packet(shown in <xref target="retry-format" format="default"/>)does not contain any protected fields. The value in the Unused field is set to an arbitrary value by the server; a clientMUST<bcp14>MUST</bcp14> ignore these bits. In addition to the fields from the long header, it contains these additional fields:</t> <dl><dt> Retry Token: </dt><dt>Retry Token:</dt> <dd> <t>An opaque token that the server can use to validate the client's address.</t> </dd><dt> Retry<dt>Retry IntegrityTag: </dt>Tag:</dt> <dd><t>See the Retry<t>Defined in Section <xref section="5.8" sectionFormat="bare" target="QUIC-TLS" format="default">"Retry PacketIntegrity sectionIntegrity"</xref> of <xref target="QUIC-TLS" format="default"/>.</t> </dd> </dl> <section anchor="sending-a-retry-packet" numbered="true" toc="default"> <name>Sending a Retry Packet</name> <t>The server populates the Destination Connection ID with the connection ID that the client included in the Source Connection ID of the Initial packet.</t> <t>The server includes a connection ID of its choice in the Source Connection ID field. This valueMUST NOT<bcp14>MUST NOT</bcp14> be equal to the Destination Connection ID field of the packet sent by the client. A clientMUST<bcp14>MUST</bcp14> discard a Retry packet that contains a Source Connection ID field that is identical to the Destination Connection ID field of its Initial packet. The clientMUST<bcp14>MUST</bcp14> use the value from the Source Connection ID field of the Retry packet in the Destination Connection ID field of subsequent packets that it sends.</t> <t>A serverMAY<bcp14>MAY</bcp14> send Retry packets in response to Initial and 0-RTT packets. A server can either discard or buffer 0-RTT packets that it receives. A server can send multiple Retry packets as it receives Initial or 0-RTT packets. A serverMUST NOT<bcp14>MUST NOT</bcp14> send more than one Retry packet in response to a single UDP datagram.</t> </section> <section anchor="handling-a-retry-packet" numbered="true" toc="default"> <name>Handling a Retry Packet</name> <t>A clientMUST<bcp14>MUST</bcp14> accept and process at most one Retry packet for each connection attempt. After the client has received and processed an Initial or Retry packet from the server, itMUST<bcp14>MUST</bcp14> discard any subsequent Retry packets that it receives.</t> <t>ClientsMUST<bcp14>MUST</bcp14> discard Retry packets that have a Retry Integrity Tag that cannot be validated; seethe Retry Packet Integrity section of<xref section="5.8" sectionFormat="of" target="QUIC-TLS" format="default"/>. This diminishes an attacker's ability to inject a Retry packet and protects against accidental corruption of Retry packets. A clientMUST<bcp14>MUST</bcp14> discard a Retry packet with a zero-length Retry Token field.</t> <t>The client responds to a Retry packet with an Initial packet that includes the provided RetryTokentoken to continue connection establishment.</t> <t>A client sets the Destination Connection ID field of this Initial packet to the value from the Source Connection ID field in the Retry packet. Changing the Destination Connection ID field also results in a change to the keys used to protect the Initial packet. It also sets the Token field to the token provided in theRetry.Retry packet. The clientMUST NOT<bcp14>MUST NOT</bcp14> change the Source Connection ID because the server could include the connection ID as part of its token validation logic; see <xref target="token-integrity" format="default"/>.</t> <t>A Retry packet does not include a packet number and cannot be explicitly acknowledged by a client.</t> </section> <section anchor="retry-continue" numbered="true" toc="default"> <name>Continuing a HandshakeAfterafter Retry</name> <t>Subsequent Initial packets from the client include the connection ID and token values from the Retry packet. The client copies the Source Connection ID field from the Retry packet to the Destination Connection ID field and uses this value until an Initial packet with an updated value is received; see <xref target="negotiating-connection-ids" format="default"/>. The value of the Token field is copied to all subsequent Initial packets; see <xref target="validate-retry" format="default"/>.</t> <t>Other than updating the Destination Connection ID and Token fields, the Initial packet sent by the client is subject to the same restrictions as the first Initial packet. A clientMUST<bcp14>MUST</bcp14> use the same cryptographic handshake message it included in this packet. A serverMAY<bcp14>MAY</bcp14> treat a packet that contains a different cryptographic handshake message as a connection error or discard it. Note that including a Token field reduces the available space for the cryptographic handshake message, which might result in the client needing to send multiple Initial packets.</t> <t>A clientMAY<bcp14>MAY</bcp14> attempt 0-RTT after receiving a Retry packet by sending 0-RTT packets to the connection ID provided by the server.</t> <t>A clientMUST NOT<bcp14>MUST NOT</bcp14> reset the packet number for any packet number space after processing a Retry packet. In particular, 0-RTT packets contain confidential information that will most likely be retransmitted on receiving a Retry packet. The keys used to protect these new 0-RTT packets will not change as a result of responding to a Retry packet. However, the data sent in these packets could be different than what was sent earlier. Sending these new packets with the same packet number is likely to compromise the packet protection for those packets because the same key and nonce could be used to protect different content. A serverMAY<bcp14>MAY</bcp14> abort the connection if it detects that the client reset the packet number.</t> <t>The connection IDs usedonin Initial and Retry packets exchanged between client and server are copied to the transport parameters and validated as described in <xref target="cid-auth" format="default"/>.</t> </section> </section> </section> <section anchor="short-header" numbered="true" toc="default"> <name>Short Header Packets</name> <t>This version of QUIC defines a single packet type that uses the short packet header.</t> <section anchor="packet-1rtt" numbered="true" toc="default"> <name>1-RTT Packet</name> <t>A 1-RTT packet uses a short packet header. It is used after the version and 1-RTT keys are negotiated.</t> <figure> <name>1-RTT Packet</name> <artwork name="" type="" align="left" alt=""><![CDATA[ 1-RTT Packet { Header Form (1) = 0, Fixed Bit (1) = 1, Spin Bit (1), Reserved Bits (2), Key Phase (1), Packet Number Length (2), Destination Connection ID (0..160), Packet Number (8..32), Packet Payload (8..), } ]]></artwork> </figure> <t>1-RTT packets contain the following fields:</t> <dl><dt> Header Form: </dt><dt>Header Form:</dt> <dd> <t>The most significant bit (0x80) of byte 0 is set to 0 for the short header.</t> </dd><dt> Fixed Bit: </dt><dt>Fixed Bit:</dt> <dd> <t>The next bit (0x40) of byte 0 is set to 1. Packets containing a zero value for this bit are not valid packets in this version andMUST<bcp14>MUST</bcp14> be discarded. A value of 1 for this bit allows QUIC to coexist with other protocols; see <xref target="RFC7983" format="default"/>.</t> </dd><dt> Spin Bit: </dt><dt>Spin Bit:</dt> <dd> <t>The third most significant bit (0x20) of byte 0 is the latency spin bit, set as described in <xref target="spin-bit" format="default"/>.</t> </dd><dt> Reserved Bits: </dt><dt>Reserved Bits:</dt> <dd> <t>The next two bits (those with a mask of 0x18) of byte 0 are reserved. These bits are protected using header protection; seeSection 5.4 of<xref section="5.4" sectionFormat="of" target="QUIC-TLS" format="default"/>. The value included prior to protectionMUST<bcp14>MUST</bcp14> be set to 0. An endpointMUST<bcp14>MUST</bcp14> treat receipt of a packet that has a non-zero value for these bits, after removing both packet and header protection, as a connection error of type PROTOCOL_VIOLATION. Discarding such a packet after only removing header protection can expose the endpoint to attacks; seeSection 9.5 of<xref section="9.5" sectionFormat="of" target="QUIC-TLS" format="default"/>.</t> </dd><dt> Key Phase: </dt><dt>Key Phase:</dt> <dd> <t>The next bit (0x04) of byte 0 indicates the key phase, which allows a recipient of a packet to identify the packet protection keys that are used to protect the packet. See <xref target="QUIC-TLS" format="default"/> for details. This bit is protected using header protection; seeSection 5.4 of<xref section="5.4" sectionFormat="of" target="QUIC-TLS" format="default"/>.</t> </dd><dt> Packet<dt>Packet NumberLength: </dt>Length:</dt> <dd> <t>The least significant two bits (those with a mask of 0x03) of byte 0 contain the length of thepacket number,Packet Number field, encoded as anunsigned,unsigned two-bit integer that is one less than the length of thepacket numberPacket Number field in bytes. That is, the length of thepacket numberPacket Number field is the value of thisfield,field plus one. These bits are protected using header protection; seeSection 5.4 of<xref section="5.4" sectionFormat="of" target="QUIC-TLS" format="default"/>.</t> </dd><dt> Destination<dt>Destination ConnectionID: </dt>ID:</dt> <dd> <t>The Destination Connection ID is a connection ID that is chosen by the intended recipient of the packet. See <xref target="connection-id" format="default"/> for more details.</t> </dd><dt> Packet Number: </dt><dt>Packet Number:</dt> <dd> <t>Thepacket numberPacket Number field is 1 to 4 bytes long. The packet number is protected using header protection; seeSection 5.4 of<xref section="5.4" sectionFormat="of" target="QUIC-TLS" format="default"/>. The length of thepacket numberPacket Number field is encoded in Packet Number Length field. See <xref target="packet-encoding" format="default"/> for details.</t> </dd><dt> Packet Payload: </dt><dt>Packet Payload:</dt> <dd> <t>1-RTT packets always include a 1-RTT protected payload.</t> </dd> </dl> <t>The header form bit and theconnectionDestination Connection ID field of a short header packet areversion-independent.version independent. The remaining fields are specific to the selected QUIC version. See <xref target="QUIC-INVARIANTS" format="default"/> for details on how packets from different versions of QUIC are interpreted.</t> </section> </section> <section anchor="spin-bit" numbered="true" toc="default"> <name>Latency Spin Bit</name> <t>The latency spin bit, which is defined for 1-RTT packets (<xref target="packet-1rtt" format="default"/>), enables passive latency monitoring from observation points on the network path throughout the duration of a connection. The server reflects the spin value received, while the client'spins'"spins" it after one RTT. On-path observers can measure the time between two spin bit toggle events to estimate the end-to-end RTT of a connection.</t> <t>The spin bit is only present in 1-RTT packets, since it is possible to measure the initial RTT of a connection by observing the handshake. Therefore, the spin bit is available after version negotiation and connection establishment are completed. On-path measurement and use of the latency spin bitisare further discussed in <xref target="QUIC-MANAGEABILITY" format="default"/>.</t> <t>The spin bit is anOPTIONAL<bcp14>OPTIONAL</bcp14> feature of this version of QUIC. An endpoint that does not support this featureMUST<bcp14>MUST</bcp14> disable it, as defined below.</t> <t>Each endpoint unilaterally decides if the spin bit is enabled or disabled for a connection. ImplementationsMUST<bcp14>MUST</bcp14> allow administrators of clients and servers to disable the spin bit either globally or on a per-connection basis. Even when the spin bit is not disabled by the administrator, endpointsMUST<bcp14>MUST</bcp14> disable their use of the spin bit for a random selection of at least one in every 16 network paths, or for one in every 16 connection IDs, in order to ensure that QUIC connections that disable the spin bit are commonly observed on the network. As each endpoint disables the spin bit independently, this ensures that the spin bit signal is disabled on approximately one in eight network paths.</t> <t>When the spin bit is disabled, endpointsMAY<bcp14>MAY</bcp14> set the spin bit to anyvalue,value andMUST<bcp14>MUST</bcp14> ignore any incoming value. It isRECOMMENDED<bcp14>RECOMMENDED</bcp14> that endpoints set the spin bit to a random value either chosen independently for each packet or chosen independently for each connection ID.</t> <t>If the spin bit is enabled for the connection, the endpoint maintains a spin value for each network path and sets the spin bit in the packet header to the currently stored value when a 1-RTT packet is sent on that path. The spin value is initialized to 0 in the endpoint for each network path. Each endpoint also remembers the highest packet number seen from its peer on each path.</t> <t>When a server receives a 1-RTT packet that increases the highest packet number seen by the server from the client on a given network path, it sets the spin value for that path to be equal to the spin bit in the received packet.</t> <t>When a client receives a 1-RTT packet that increases the highest packet number seen by the client from the server on a given network path, it sets the spin value for that path to the inverse of the spin bit in the received packet.</t> <t>An endpoint resets the spin value for a network path tozero0 when changing the connection ID being used on that network path.</t> </section> </section> <section anchor="transport-parameter-encoding" numbered="true" toc="default"> <name>Transport Parameter Encoding</name> <t>The extension_data field of the quic_transport_parameters extension defined in <xref target="QUIC-TLS" format="default"/> contains the QUIC transport parameters. They are encoded as a sequence of transport parameters, as shown in <xref target="transport-parameter-sequence" format="default"/>:</t> <figure anchor="transport-parameter-sequence"> <name>Sequence of Transport Parameters</name> <artwork name="" type="" align="left" alt=""><![CDATA[ Transport Parameters { Transport Parameter (..) ..., } ]]></artwork> </figure> <t>Each transport parameter is encoded as an (identifier, length, value) tuple, as shown in <xref target="transport-parameter-encoding-fig" format="default"/>:</t> <figure anchor="transport-parameter-encoding-fig"> <name>Transport Parameter Encoding</name> <artwork name="" type="" align="left" alt=""><![CDATA[ Transport Parameter { Transport Parameter ID (i), Transport Parameter Length (i), Transport Parameter Value (..), } ]]></artwork> </figure> <t>The Transport Parameter Length field contains the length of the Transport Parameter Value field in bytes.</t> <t>QUIC encodes transport parameters into a sequence of bytes, which is then included in the cryptographic handshake.</t> <section anchor="transport-parameter-grease" numbered="true" toc="default"> <name>Reserved Transport Parameters</name> <t>Transport parameters with an identifier of the form <tt>31 * N + 27</tt> for integer values of N are reserved to exercise the requirement that unknown transport parameters be ignored. These transport parameters have nosemantics,semantics and can carry arbitrary values.</t> </section> <section anchor="transport-parameter-definitions" numbered="true" toc="default"> <name>Transport Parameter Definitions</name> <t>This section details the transport parameters defined in this document.</t> <t>Many transport parameters listed here have integer values. Those transport parameters that are identified as integers use a variable-length integer encoding; see <xref target="integer-encoding" format="default"/>. Transport parameters have a default value of 0 if the transport parameter isabsentabsent, unless otherwise stated.</t> <t>The following transport parameters are defined:</t> <dl><dt> original_destination_connection_id (0x00): </dt><dt>original_destination_connection_id (0x00):</dt> <dd><t>The<t>This parameter is the value of the Destination Connection ID field from the first Initial packet sent by the client; see <xref target="cid-auth" format="default"/>. This transport parameter is only sent by a server.</t> </dd><dt> max_idle_timeout (0x01): </dt><dt>max_idle_timeout (0x01):</dt> <dd> <t>Themaxmaximum idle timeout is a value in milliseconds that is encoded as an integer; see (<xref target="idle-timeout" format="default"/>). Idle timeout is disabled when both endpoints omit this transport parameter or specify a value of 0.</t> </dd><dt> stateless_reset_token (0x02): </dt><dt>stateless_reset_token (0x02):</dt> <dd> <t>A stateless reset token is used in verifying a stateless reset; see <xref target="stateless-reset" format="default"/>. This parameter is a sequence of 16 bytes. This transport parameterMUST NOT<bcp14>MUST NOT</bcp14> be sent by aclient,client butMAY<bcp14>MAY</bcp14> be sent by a server. A server that does not send this transport parameter cannot use stateless reset (<xref target="stateless-reset" format="default"/>) for the connection ID negotiated during the handshake.</t> </dd><dt> max_udp_payload_size (0x03): </dt><dt>max_udp_payload_size (0x03):</dt> <dd> <t>The maximum UDP payload size parameter is an integer value that limits the size of UDP payloads that the endpoint is willing to receive. UDP datagrams with payloads larger than this limit are not likely to be processed by the receiver.</t> </dd> <dt/> <dd> <t>The default for this parameter is the maximum permitted UDP payload of 65527. Values below 1200 are invalid.</t> </dd> <dt/> <dd> <t>This limit does act as an additional constraint on datagram size in the same way as the path MTU, but it is a property of the endpoint and not the path; see <xref target="datagram-size" format="default"/>. It is expected that this is the space an endpoint dedicates to holding incoming packets.</t> </dd><dt> initial_max_data (0x04): </dt><dt>initial_max_data (0x04):</dt> <dd> <t>The initial maximum data parameter is an integer value that contains the initial value for the maximum amount of data that can be sent on the connection. This is equivalent to sending a MAX_DATA (<xref target="frame-max-data" format="default"/>) for the connection immediately after completing the handshake.</t> </dd><dt> initial_max_stream_data_bidi_local (0x05): </dt><dt>initial_max_stream_data_bidi_local (0x05):</dt> <dd> <t>This parameter is an integer value specifying the initial flow control limit forlocally-initiatedlocally initiated bidirectional streams. This limit applies to newly created bidirectional streams opened by the endpoint that sends the transport parameter. In client transport parameters, this applies to streams with an identifier with the least significant two bits set to0x0;0x00; in server transport parameters, this applies to streams with the least significant two bits set to0x1.</t>0x01.</t> </dd><dt> initial_max_stream_data_bidi_remote (0x06): </dt><dt>initial_max_stream_data_bidi_remote (0x06):</dt> <dd> <t>This parameter is an integer value specifying the initial flow control limit for peer-initiated bidirectional streams. This limit applies to newly created bidirectional streams opened by the endpoint that receives the transport parameter. In client transport parameters, this applies to streams with an identifier with the least significant two bits set to0x1;0x01; in server transport parameters, this applies to streams with the least significant two bits set to0x0.</t>0x00.</t> </dd><dt> initial_max_stream_data_uni (0x07): </dt><dt>initial_max_stream_data_uni (0x07):</dt> <dd> <t>This parameter is an integer value specifying the initial flow control limit for unidirectional streams. This limit applies to newly created unidirectional streams opened by the endpoint that receives the transport parameter. In client transport parameters, this applies to streams with an identifier with the least significant two bits set to0x3;0x03; in server transport parameters, this applies to streams with the least significant two bits set to0x2.</t>0x02.</t> </dd><dt> initial_max_streams_bidi (0x08): </dt><dt>initial_max_streams_bidi (0x08):</dt> <dd> <t>The initial maximum bidirectional streams parameter is an integer value that contains the initial maximum number of bidirectional streams the endpoint that receives this transport parameter is permitted to initiate. If this parameter is absent or zero, the peer cannot open bidirectional streams until a MAX_STREAMS frame is sent. Setting this parameter is equivalent to sending a MAX_STREAMS (<xref target="frame-max-streams" format="default"/>) of the corresponding type with the same value.</t> </dd><dt> initial_max_streams_uni (0x09): </dt><dt>initial_max_streams_uni (0x09):</dt> <dd> <t>The initial maximum unidirectional streams parameter is an integer value that contains the initial maximum number of unidirectional streams the endpoint that receives this transport parameter is permitted to initiate. If this parameter is absent or zero, the peer cannot open unidirectional streams until a MAX_STREAMS frame is sent. Setting this parameter is equivalent to sending a MAX_STREAMS (<xref target="frame-max-streams" format="default"/>) of the corresponding type with the same value.</t> </dd><dt> ack_delay_exponent (0x0a): </dt><dt>ack_delay_exponent (0x0a):</dt> <dd> <t>The acknowledgment delay exponent is an integer value indicating an exponent used to decode the ACK Delay field in the ACK frame (<xref target="frame-ack" format="default"/>). If this value is absent, a default value of 3 is assumed (indicating a multiplier of 8). Values above 20 are invalid.</t> </dd><dt> max_ack_delay (0x0b): </dt><dt>max_ack_delay (0x0b):</dt> <dd> <t>The maximum acknowledgment delay is an integer value indicating the maximum amount of time in milliseconds by which the endpoint will delay sending acknowledgments. This valueSHOULD<bcp14>SHOULD</bcp14> include the receiver's expected delays in alarms firing. For example, if a receiver sets a timer for 5ms and alarms commonly fire up to 1ms late, then it should send a max_ack_delay of 6ms. If this value is absent, a default of 25 milliseconds is assumed. Values of2^142<sup>14</sup> or greater are invalid.</t> </dd><dt> disable_active_migration (0x0c): </dt><dt>disable_active_migration (0x0c):</dt> <dd> <t>The disable active migration transport parameter is included if the endpoint does not support active connection migration (<xref target="migration" format="default"/>) on the address being used during the handshake. An endpoint that receives this transport parameterMUST NOT<bcp14>MUST NOT</bcp14> use a new local address when sending to the address that the peer used during the handshake. This transport parameter does not prohibit connection migration after a client has acted on a preferred_address transport parameter. This parameter is a zero-length value.</t> </dd><dt> preferred_address (0x0d): </dt><dt>preferred_address (0x0d):</dt> <dd> <t>The server's preferred address is used to effect a change in server address at the end of the handshake, as described in <xref target="preferred-address" format="default"/>. This transport parameter is only sent by a server. ServersMAY<bcp14>MAY</bcp14> choose to only send a preferred address of one address family by sending an all-zero address and port (0.0.0.0:0 or [::]:0) for the other family. IP addresses are encoded in network byte order.</t> </dd> <dt/> <dd> <t>The preferred_address transport parameter contains an address and port for bothIP version 4IPv4 and6.IPv6. The four-byte IPv4 Address field is followed by the associated two-byte IPv4 Port field. This is followed by a 16-byte IPv6 Address field and two-byte IPv6 Port field. After address and port pairs, a Connection ID Length field describes the length of the following Connection ID field. Finally, a 16-byte Stateless Reset Token field includes the stateless reset token associated with the connection ID. The format of this transport parameter is shown in <xref target="fig-preferred-address"format="default"/>.</t>format="default"/> below.</t> </dd> <dt/> <dd> <t>The Connection ID field and the Stateless Reset Token field contain an alternative connection ID that has a sequence number of 1; see <xref target="issue-cid" format="default"/>. Having these values sent alongside the preferred address ensures that there will be at least one unused active connection ID when the client initiates migration to the preferred address.</t> </dd> <dt/> <dd> <t>The Connection ID and Stateless Reset Token fields of a preferred address are identical in syntax and semantics to the corresponding fields of a NEW_CONNECTION_ID frame (<xref target="frame-new-connection-id" format="default"/>). A server that chooses a zero-length connection IDMUST NOT<bcp14>MUST NOT</bcp14> provide a preferred address. Similarly, a serverMUST NOT<bcp14>MUST NOT</bcp14> include a zero-length connection ID in this transport parameter. A clientMUST<bcp14>MUST</bcp14> treat a violation of these requirements as a connection error of type TRANSPORT_PARAMETER_ERROR.</t> </dd> </dl> <figure anchor="fig-preferred-address"> <name>Preferred Addressformat</name>Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ Preferred Address { IPv4 Address (32), IPv4 Port (16), IPv6 Address (128), IPv6 Port (16), Connection ID Length (8), Connection ID (..), Stateless Reset Token (128), } ]]></artwork> </figure> <dl><dt> active_connection_id_limit (0x0e): </dt><dt>active_connection_id_limit (0x0e):</dt> <dd><t>The active connection ID limit<t>This is an integer value specifying the maximum number of connection IDs from the peer that an endpoint is willing to store. This value includes the connection ID received during the handshake, that received in the preferred_address transport parameter, and those received in NEW_CONNECTION_ID frames. The value of the active_connection_id_limit parameterMUST<bcp14>MUST</bcp14> be at least 2. An endpoint that receives a value less than 2MUST<bcp14>MUST</bcp14> close the connection with an error of type TRANSPORT_PARAMETER_ERROR. If this transport parameter is absent, a default of 2 is assumed. If an endpoint issues a zero-length connection ID, it will never send a NEW_CONNECTION_ID frame and therefore ignores the active_connection_id_limit value received from its peer.</t> </dd><dt> initial_source_connection_id (0x0f): </dt><dt>initial_source_connection_id (0x0f):</dt> <dd><t>The<t>This is the value that the endpoint included in the Source Connection ID field of the first Initial packet it sends for the connection; see <xref target="cid-auth" format="default"/>.</t> </dd><dt> retry_source_connection_id (0x10): </dt><dt>retry_source_connection_id (0x10):</dt> <dd><t>The<t>This is the value that the server included in the Source Connection ID field of a Retry packet; see <xref target="cid-auth" format="default"/>. This transport parameter is only sent by a server.</t> </dd> </dl> <t>If present, transport parameters that set initial per-stream flow control limits (initial_max_stream_data_bidi_local, initial_max_stream_data_bidi_remote, and initial_max_stream_data_uni) are equivalent to sending a MAX_STREAM_DATA frame (<xref target="frame-max-stream-data" format="default"/>) on every stream of the corresponding type immediately after opening. If the transport parameter is absent, streams of that type start with a flow control limit of 0.</t> <t>A clientMUST NOT<bcp14>MUST NOT</bcp14> include any server-only transport parameter: original_destination_connection_id, preferred_address, retry_source_connection_id, or stateless_reset_token. A serverMUST<bcp14>MUST</bcp14> treat receipt of any of these transport parameters as a connection error of type TRANSPORT_PARAMETER_ERROR.</t> </section> </section> <section anchor="frame-formats" numbered="true" toc="default"> <name>Frame Types and Formats</name> <t>As described in <xref target="frames" format="default"/>, packets contain one or more frames. This section describes the format and semantics of the core QUIC frame types.</t> <section anchor="frame-padding" numbered="true" toc="default"> <name>PADDING Frames</name> <t>A PADDING frame (type=0x00) has no semantic value. PADDING frames can be used to increase the size of a packet. Padding can be used to increase aninitial clientInitial packet to the minimum requiredsize,size or to provide protection against traffic analysis for protected packets.</t> <t>PADDING frames are formatted as shown in <xref target="padding-format" format="default"/>, which shows that PADDING frames have no content. That is, a PADDING frame consists of the single byte that identifies the frame as a PADDING frame.</t> <figure anchor="padding-format"> <name>PADDING Frame Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ PADDING Frame { Type (i) = 0x00, } ]]></artwork> </figure> </section> <section anchor="frame-ping" numbered="true" toc="default"> <name>PING Frames</name> <t>Endpoints can use PING frames (type=0x01) to verify that their peers are still alive or to check reachability to the peer.</t> <t>PING frames are formatted as shown in <xref target="ping-format" format="default"/>, which shows that PING frames have no content.</t> <figure anchor="ping-format"> <name>PING Frame Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ PING Frame { Type (i) = 0x01, } ]]></artwork> </figure> <t>The receiver of a PING frame simply needs to acknowledge the packet containing this frame.</t> <t>The PING frame can be used to keep a connection alive when an application or application protocol wishes to prevent the connection from timing out; see <xref target="defer-idle" format="default"/>.</t> </section> <section anchor="frame-ack" numbered="true" toc="default"> <name>ACK Frames</name> <t>Receivers send ACK frames (types 0x02 and 0x03) to inform senders of packets they have received and processed. The ACK frame contains one or more ACK Ranges. ACK Ranges identify acknowledged packets. If the frame type is 0x03, ACK frames also contain the cumulative count of QUIC packets with associated ECN marks received on the connection up until this point. QUIC implementationsMUST<bcp14>MUST</bcp14> properly handle bothtypestypes, and, if they have enabled ECN for packets they send, theySHOULD<bcp14>SHOULD</bcp14> use the information in the ECN section to manage their congestion state.</t> <t>QUIC acknowledgments are irrevocable. Once acknowledged, a packet remains acknowledged, even if it does not appear in a future ACK frame. This is unlike reneging for TCPSACKs (<xrefSelective Acknowledgments (SACKs) <xref target="RFC2018"format="default"/>).</t>format="default"/>.</t> <t>Packets from different packet number spaces can be identified using the same numeric value. An acknowledgment for a packet needs to indicate both a packet number and a packet number space. This is accomplished by having each ACK frame only acknowledge packet numbers in the same space as the packet in which the ACK frame is contained.</t> <t>Version Negotiation and Retry packets cannot be acknowledged because they do not contain a packet number. Rather than relying on ACK frames, these packets are implicitly acknowledged by the next Initial packet sent by the client.</t> <t>ACK frames are formatted as shown in <xref target="ack-format" format="default"/>.</t> <figure anchor="ack-format"> <name>ACK Frame Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ ACK Frame { Type (i) = 0x02..0x03, Largest Acknowledged (i), ACK Delay (i), ACK Range Count (i), First ACK Range (i), ACK Range (..) ..., [ECN Counts (..)], } ]]></artwork> </figure> <t>ACK frames contain the following fields:</t> <dl><dt> Largest Acknowledged: </dt><dt>Largest Acknowledged:</dt> <dd> <t>A variable-length integer representing the largest packet number the peer is acknowledging; this is usually the largest packet number that the peer has received prior to generating the ACK frame. Unlike the packet number in the QUIC long or short header, the value in an ACK frame is not truncated.</t> </dd><dt> ACK Delay: </dt><dt>ACK Delay:</dt> <dd> <t>A variable-length integer encoding the acknowledgment delay in microseconds; see <xref target="host-delay" format="default"/>. It is decoded by multiplying the value in the field by 2 to the power of the ack_delay_exponent transport parameter sent by the sender of the ACK frame; see <xref target="transport-parameter-definitions" format="default"/>. Compared to simply expressing the delay as an integer, this encoding allows for a larger range of values within the same number of bytes, at the cost of lower resolution.</t> </dd><dt> ACK<dt>ACK RangeCount: </dt>Count:</dt> <dd> <t>A variable-length integer specifying the number of ACK Range fields in the frame.</t> </dd><dt> First<dt>First ACKRange: </dt>Range:</dt> <dd> <t>A variable-length integer indicating the number of contiguous packets preceding the Largest Acknowledged that are being acknowledged. That is, the smallest packet acknowledged in the range is determined by subtracting the First ACK Range value from the LargestAcknowledged.</t>Acknowledged field.</t> </dd><dt> ACK Ranges: </dt><dt>ACK Ranges:</dt> <dd> <t>Contains additional ranges of packets that are alternately not acknowledged (Gap) and acknowledged (ACK Range); see <xref target="ack-ranges" format="default"/>.</t> </dd><dt> ECN Counts: </dt><dt>ECN Counts:</dt> <dd> <t>The three ECNCounts;counts; see <xref target="ack-ecn-counts" format="default"/>.</t> </dd> </dl> <section anchor="ack-ranges" numbered="true" toc="default"> <name>ACK Ranges</name> <t>Each ACK Range consists of alternating Gap and ACK Range Length values in descending packet number order. ACK Ranges can be repeated. The number of Gap and ACK Range Length values is determined by the ACK Range Count field; one of each value is present for each value in the ACK Range Count field.</t> <t>ACK Ranges are structured as shown in <xref target="ack-range-format" format="default"/>.</t> <figure anchor="ack-range-format"> <name>ACK Ranges</name> <artwork name="" type="" align="left" alt=""><![CDATA[ ACK Range { Gap (i), ACK Range Length (i), } ]]></artwork> </figure> <t>The fields that form each ACK Range are:</t> <dl><dt> Gap: </dt><dt>Gap:</dt> <dd> <t>A variable-length integer indicating the number of contiguous unacknowledged packets preceding the packet number one lower than the smallest in the preceding ACK Range.</t> </dd><dt> ACK<dt>ACK RangeLength: </dt>Length:</dt> <dd> <t>A variable-length integer indicating the number of contiguous acknowledged packets preceding the largest packet number, as determined by the preceding Gap.</t> </dd> </dl> <t>Gap and ACK Range Length values use a relative integer encoding for efficiency. Though each encoded value is positive, the values are subtracted, so that each ACK Range describes progressively lower-numbered packets.</t> <t>Each ACK Range acknowledges a contiguous range of packets by indicating the number of acknowledged packets that precede the largest packet number in that range. A value ofzero0 indicates that only the largest packet number is acknowledged. Larger ACK Range values indicate a larger range, with corresponding lower values for the smallest packet number in the range. Thus, given a largest packet number for the range, the smallest value is determined by the following formula:</t> <artwork name="" type="" align="left" alt=""><![CDATA[ smallest = largest - ack_range ]]></artwork> <t>An ACK Range acknowledges all packets between the smallest packet number and the largest, inclusive.</t> <t>The largest value for an ACK Range is determined by cumulatively subtracting the size of all preceding ACK Range Lengths and Gaps.</t> <t>Each Gap indicates a range of packets that are not being acknowledged. The number of packets in the gap is one higher than the encoded value of the Gap field.</t> <t>The value of the Gap field establishes the largest packet number value for the subsequent ACK Range using the following formula:</t> <artwork name="" type="" align="left" alt=""><![CDATA[ largest = previous_smallest - gap - 2 ]]></artwork> <t>If any computed packet number is negative, an endpointMUST<bcp14>MUST</bcp14> generate a connection error of type FRAME_ENCODING_ERROR.</t> </section> <section anchor="ack-ecn-counts" numbered="true" toc="default"> <name>ECN Counts</name> <t>The ACK frame uses the least significant bit of the type value (that is, type 0x03) to indicate ECN feedback and report receipt of QUIC packets with associated ECN codepoints of ECT(0), ECT(1), orCEECN-CE in the packet's IP header. ECNCountscounts are only present when the ACK frame type is 0x03.</t> <t>When present, there are3three ECN counts, as shown in <xref target="ecn-count-format" format="default"/>.</t> <figure anchor="ecn-count-format"> <name>ECN Count Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ ECN Counts { ECT0 Count (i), ECT1 Count (i), ECN-CE Count (i), } ]]></artwork> </figure> <t>ThethreeECNCountscount fields are:</t> <dl><dt> ECT0 Count: </dt><dt>ECT0 Count:</dt> <dd> <t>A variable-length integer representing the total number of packets received with the ECT(0) codepoint in the packet number space of the ACK frame.</t> </dd><dt> ECT1 Count: </dt><dt>ECT1 Count:</dt> <dd> <t>A variable-length integer representing the total number of packets received with the ECT(1) codepoint in the packet number space of the ACK frame.</t> </dd><dt> CE Count: </dt><dt>ECN-CE Count:</dt> <dd> <t>A variable-length integer representing the total number of packets received with theCEECN-CE codepoint in the packet number space of the ACK frame.</t> </dd> </dl> <t>ECN counts are maintained separately for each packet number space.</t> </section> </section> <section anchor="frame-reset-stream" numbered="true" toc="default"> <name>RESET_STREAM Frames</name> <t>An endpoint uses a RESET_STREAM frame (type=0x04) to abruptly terminate the sending part of a stream.</t> <t>After sending a RESET_STREAM, an endpoint ceases transmission and retransmission of STREAM frames on the identified stream. A receiver of RESET_STREAM can discard any data that it already received on that stream.</t> <t>An endpoint that receives a RESET_STREAM frame for a send-only streamMUST<bcp14>MUST</bcp14> terminate the connection with error STREAM_STATE_ERROR.</t> <t>RESET_STREAM frames are formatted as shown in <xref target="fig-reset-stream" format="default"/>.</t> <figure anchor="fig-reset-stream"> <name>RESET_STREAM Frame Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ RESET_STREAM Frame { Type (i) = 0x04, Stream ID (i), Application Protocol Error Code (i), Final Size (i), } ]]></artwork> </figure> <t>RESET_STREAM frames contain the following fields:</t> <dl><dt> Stream ID: </dt><dt>Stream ID:</dt> <dd> <t>A variable-length integer encoding of theStreamstream ID of the stream being terminated.</t> </dd><dt> Application<dt>Application Protocol ErrorCode: </dt>Code:</dt> <dd> <t>A variable-length integer containing the application protocol error code (see <xref target="app-error-codes" format="default"/>) that indicates why the stream is being closed.</t> </dd><dt> Final Size: </dt><dt>Final Size:</dt> <dd> <t>A variable-length integer indicating the final size of the stream by the RESET_STREAM sender, inunitunits of bytes; see <xref target="final-size" format="default"/>.</t> </dd> </dl> </section> <section anchor="frame-stop-sending" numbered="true" toc="default"> <name>STOP_SENDING Frames</name> <t>An endpoint uses a STOP_SENDING frame (type=0x05) to communicate that incoming data is being discarded on receiptatper application request. STOP_SENDING requests that a peer cease transmission on a stream.</t> <t>A STOP_SENDING frame can be sent for streams in theRecv"Recv" orSize Known"Size Known" states; see <xreftarget="stream-send-states"target="stream-recv-states" format="default"/>. Receiving a STOP_SENDING frame for alocally-initiatedlocally initiated stream that has not yet been createdMUST<bcp14>MUST</bcp14> be treated as a connection error of type STREAM_STATE_ERROR. An endpoint that receives a STOP_SENDING frame for a receive-only streamMUST<bcp14>MUST</bcp14> terminate the connection with error STREAM_STATE_ERROR.</t> <t>STOP_SENDING frames are formatted as shown in <xref target="fig-stop-sending" format="default"/>.</t> <figure anchor="fig-stop-sending"> <name>STOP_SENDING Frame Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ STOP_SENDING Frame { Type (i) = 0x05, Stream ID (i), Application Protocol Error Code (i), } ]]></artwork> </figure> <t>STOP_SENDING frames contain the following fields:</t> <dl><dt> Stream ID: </dt><dt>Stream ID:</dt> <dd> <t>A variable-length integer carrying theStreamstream ID of the stream being ignored.</t> </dd><dt> Application<dt>Application Protocol ErrorCode: </dt>Code:</dt> <dd> <t>A variable-length integer containing the application-specified reason the sender is ignoring the stream; see <xref target="app-error-codes" format="default"/>.</t> </dd> </dl> </section> <section anchor="frame-crypto" numbered="true" toc="default"> <name>CRYPTO Frames</name> <t>A CRYPTO frame (type=0x06) is used to transmit cryptographic handshake messages. It can be sent in all packet types except 0-RTT. The CRYPTO frame offers the cryptographic protocol an in-order stream of bytes. CRYPTO frames are functionally identical to STREAM frames, except that they do not bear a stream identifier; they are not flow controlled; and they do not carry markers for optional offset, optional length, and the end of the stream.</t> <t>CRYPTO frames are formatted as shown in <xref target="fig-crypto" format="default"/>.</t> <figure anchor="fig-crypto"> <name>CRYPTO Frame Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ CRYPTO Frame { Type (i) = 0x06, Offset (i), Length (i), Crypto Data (..), } ]]></artwork> </figure> <t>CRYPTO frames contain the following fields:</t> <dl><dt> Offset: </dt><dt>Offset:</dt> <dd> <t>A variable-length integer specifying the byte offset in the stream for the data in this CRYPTO frame.</t> </dd><dt> Length: </dt><dt>Length:</dt> <dd> <t>A variable-length integer specifying the length of the Crypto Data field in this CRYPTO frame.</t> </dd><dt> Crypto Data: </dt><dt>Crypto Data:</dt> <dd> <t>The cryptographic message data.</t> </dd> </dl> <t>There is a separate flow of cryptographic handshake data in each encryption level, each of which starts at an offset of 0. This implies that each encryption level is treated as a separate CRYPTO stream of data.</t> <t>The largest offset delivered on a stream--- the sum of the offset and data length--- cannot exceed2^62-1.2<sup>62</sup>-1. Receipt of a frame that exceeds this limitMUST<bcp14>MUST</bcp14> be treated as a connection error of type FRAME_ENCODING_ERROR or CRYPTO_BUFFER_EXCEEDED.</t> <t>Unlike STREAM frames, which include aStreamstream ID indicating to which stream the data belongs, the CRYPTO frame carries data for a single stream per encryption level. The stream does not have an explicit end, so CRYPTO frames do not have a FIN bit.</t> </section> <section anchor="frame-new-token" numbered="true" toc="default"> <name>NEW_TOKEN Frames</name> <t>A server sends a NEW_TOKEN frame (type=0x07) to provide the client with a token to send in the header of an Initial packet for a future connection.</t> <t>NEW_TOKEN frames are formatted as shown in <xref target="fig-new-token" format="default"/>.</t> <figure anchor="fig-new-token"> <name>NEW_TOKEN Frame Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ NEW_TOKEN Frame { Type (i) = 0x07, Token Length (i), Token (..), } ]]></artwork> </figure> <t>NEW_TOKEN frames contain the following fields:</t> <dl><dt> Token Length: </dt><dt>Token Length:</dt> <dd> <t>A variable-length integer specifying the length of the token in bytes.</t> </dd><dt> Token: </dt><dt>Token:</dt> <dd> <t>An opaque blob that the client can use with a future Initial packet. The tokenMUST NOT<bcp14>MUST NOT</bcp14> be empty. A clientMUST<bcp14>MUST</bcp14> treat receipt of a NEW_TOKEN frame with an empty Token field as a connection error of type FRAME_ENCODING_ERROR.</t> </dd> </dl> <t>A client might receive multiple NEW_TOKEN frames that contain the same token value if packets containing the frame are incorrectly determined to be lost. Clients are responsible for discarding duplicate values, which might be used to link connection attempts; see <xref target="validate-future" format="default"/>.</t> <t>ClientsMUST NOT<bcp14>MUST NOT</bcp14> send NEW_TOKEN frames. A serverMUST<bcp14>MUST</bcp14> treat receipt of a NEW_TOKEN frame as a connection error of type PROTOCOL_VIOLATION.</t> </section> <section anchor="frame-stream" numbered="true" toc="default"> <name>STREAM Frames</name> <t>STREAM frames implicitly create a stream and carry stream data. TheSTREAM frameType field in the STREAM frame takes the form 0b00001XXX (or the set of values from 0x08 to 0x0f). The three low-order bits of the frame type determine the fields that are present in the frame:</t> <ul spacing="normal"> <li>The OFF bit (0x04) in the frame type is set to indicate that there is an Offset field present. When set to 1, the Offset field is present. When set to 0, the Offset field is absent and the Stream Data starts at an offset of 0 (that is, the frame contains the first bytes of the stream, or the end of a stream that includes no data).</li> <li>The LEN bit (0x02) in the frame type is set to indicate that there is a Length field present. If this bit is set to 0, the Length field is absent and the Stream Data field extends to the end of the packet. If this bit is set to 1, the Length field is present.</li> <li>The FIN bit (0x01) indicates that the frame marks the end of the stream. The final size of the stream is the sum of the offset and the length of this frame.</li> </ul> <t>An endpointMUST<bcp14>MUST</bcp14> terminate the connection with error STREAM_STATE_ERROR if it receives a STREAM frame for alocally-initiatedlocally initiated stream that has not yet been created, or for a send-only stream.</t> <t>STREAM frames are formatted as shown in <xref target="fig-stream" format="default"/>.</t> <figure anchor="fig-stream"> <name>STREAM Frame Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ STREAM Frame { Type (i) = 0x08..0x0f, Stream ID (i), [Offset (i)], [Length (i)], Stream Data (..), } ]]></artwork> </figure> <t>STREAM frames contain the following fields:</t> <dl><dt> Stream ID: </dt><dt>Stream ID:</dt> <dd> <t>A variable-length integer indicating the stream ID of the stream; see <xref target="stream-id" format="default"/>.</t> </dd><dt> Offset: </dt><dt>Offset:</dt> <dd> <t>A variable-length integer specifying the byte offset in the stream for the data in this STREAM frame. This field is present when the OFF bit is set to 1. When the Offset field is absent, the offset is 0.</t> </dd><dt> Length: </dt><dt>Length:</dt> <dd> <t>A variable-length integer specifying the length of the Stream Data field in this STREAM frame. This field is present when the LEN bit is set to 1. When the LEN bit is set to 0, the Stream Data field consumes all the remaining bytes in the packet.</t> </dd><dt> Stream Data: </dt><dt>Stream Data:</dt> <dd> <t>The bytes from the designated stream to be delivered.</t> </dd> </dl> <t>When a Stream Data field has a length of 0, the offset in the STREAM frame is the offset of the next byte that would be sent.</t> <t>The first byte in the stream has an offset of 0. The largest offset delivered on a stream--- the sum of the offset and data length--- cannot exceed2^62-1,2<sup>62</sup>-1, as it is not possible to provide flow control credit for that data. Receipt of a frame that exceeds this limitMUST<bcp14>MUST</bcp14> be treated as a connection error of type FRAME_ENCODING_ERROR or FLOW_CONTROL_ERROR.</t> </section> <section anchor="frame-max-data" numbered="true" toc="default"> <name>MAX_DATA Frames</name> <t>A MAX_DATA frame (type=0x10) is used in flow control to inform the peer of the maximum amount of data that can be sent on the connection as a whole.</t> <t>MAX_DATA frames are formatted as shown in <xref target="fig-max-data" format="default"/>.</t> <figure anchor="fig-max-data"> <name>MAX_DATA Frame Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ MAX_DATA Frame { Type (i) = 0x10, Maximum Data (i), } ]]></artwork> </figure> <t>MAX_DATA frames contain the following field:</t> <dl><dt> Maximum Data: </dt><dt>Maximum Data:</dt> <dd> <t>A variable-length integer indicating the maximum amount of data that can be sent on the entire connection, in units of bytes.</t> </dd> </dl> <t>All data sent in STREAM frames counts toward this limit. The sum of the final sizes on all streams--- including streams in terminal states- MUST NOT-- <bcp14>MUST NOT</bcp14> exceed the value advertised by a receiver. An endpointMUST<bcp14>MUST</bcp14> terminate a connection witha FLOW_CONTROL_ERRORan error of type FLOW_CONTROL_ERROR if it receives more data than the maximum data value that it has sent. This includes violations of remembered limits in Early Data; see <xref target="zerortt-parameters" format="default"/>.</t> </section> <section anchor="frame-max-stream-data" numbered="true" toc="default"> <name>MAX_STREAM_DATA Frames</name> <t>A MAX_STREAM_DATA frame (type=0x11) is used in flow control to inform a peer of the maximum amount of data that can be sent on a stream.</t> <t>A MAX_STREAM_DATA frame can be sent for streams in theRecv"Recv" state; see <xreftarget="stream-send-states"target="stream-recv-states" format="default"/>. Receiving a MAX_STREAM_DATA frame for alocally-initiatedlocally initiated stream that has not yet been createdMUST<bcp14>MUST</bcp14> be treated as a connection error of type STREAM_STATE_ERROR. An endpoint that receives a MAX_STREAM_DATA frame for a receive-only streamMUST<bcp14>MUST</bcp14> terminate the connection with error STREAM_STATE_ERROR.</t> <t>MAX_STREAM_DATA frames are formatted as shown in <xref target="fig-max-stream-data" format="default"/>.</t> <figure anchor="fig-max-stream-data"> <name>MAX_STREAM_DATA Frame Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ MAX_STREAM_DATA Frame { Type (i) = 0x11, Stream ID (i), Maximum Stream Data (i), } ]]></artwork> </figure> <t>MAX_STREAM_DATA frames contain the following fields:</t> <dl><dt> Stream ID: </dt><dt>Stream ID:</dt> <dd> <t>The stream ID of thestream that isaffected stream, encoded as a variable-length integer.</t> </dd><dt> Maximum<dt>Maximum StreamData: </dt>Data:</dt> <dd> <t>A variable-length integer indicating the maximum amount of data that can be sent on the identified stream, in units of bytes.</t> </dd> </dl> <t>When counting data toward this limit, an endpoint accounts for the largest received offset of data that is sent or received on the stream. Loss or reordering can mean that the largest received offset on a stream can be greater than the total size of data received on that stream. Receiving STREAM frames might not increase the largest received offset.</t> <t>The data sent on a streamMUST NOT<bcp14>MUST NOT</bcp14> exceed the largest maximum stream data value advertised by the receiver. An endpointMUST<bcp14>MUST</bcp14> terminate a connection witha FLOW_CONTROL_ERRORan error of type FLOW_CONTROL_ERROR if it receives more data than the largest maximum stream data that it has sent for the affected stream. This includes violations of remembered limits in Early Data; see <xref target="zerortt-parameters" format="default"/>.</t> </section> <section anchor="frame-max-streams" numbered="true" toc="default"> <name>MAX_STREAMS Frames</name> <t>A MAX_STREAMS frame (type=0x12 or 0x13)informinforms the peer of the cumulative number of streams of a given type it is permitted to open. A MAX_STREAMS frame with a type of 0x12 applies to bidirectional streams, and a MAX_STREAMS frame with a type of 0x13 applies to unidirectional streams.</t> <t>MAX_STREAMS frames are formatted as shown in <xref target="fig-max-streams"format="default"/>;</t>format="default"/>.</t> <figure anchor="fig-max-streams"> <name>MAX_STREAMS Frame Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ MAX_STREAMS Frame { Type (i) = 0x12..0x13, Maximum Streams (i), } ]]></artwork> </figure> <t>MAX_STREAMS frames contain the following field:</t> <dl><dt> Maximum Streams: </dt><dt>Maximum Streams:</dt> <dd> <t>A count of the cumulative number of streams of the corresponding type that can be opened over the lifetime of the connection. This value cannot exceed2^60,2<sup>60</sup>, as it is not possible to encode stream IDs larger than2^62-1.2<sup>62</sup>-1. Receipt of a frame that permits opening of a stream larger than this limitMUST<bcp14>MUST</bcp14> be treated as a connection error of type FRAME_ENCODING_ERROR.</t> </dd> </dl> <t>Loss or reordering can cause an endpoint to receive a MAX_STREAMS frameto be received that statewith a lower stream limit thanan endpoint haswas previously received. MAX_STREAMS frames that do not increase the stream limitMUST<bcp14>MUST</bcp14> be ignored.</t> <t>An endpointMUST NOT<bcp14>MUST NOT</bcp14> open more streams than permitted by the current stream limit set by its peer. For instance, a server that receives a unidirectional stream limit of 3 is permitted to openstreamstreams 3, 7, and 11, but not stream 15. An endpointMUST<bcp14>MUST</bcp14> terminate a connection witha STREAM_LIMIT_ERRORan error of type STREAM_LIMIT_ERROR if a peer opens more streams than was permitted. This includes violations of remembered limits in Early Data; see <xref target="zerortt-parameters" format="default"/>.</t> <t>Note that these frames (and the corresponding transport parameters) do not describe the number of streams that can be opened concurrently. The limit includes streams that have been closed as well as those that are open.</t> </section> <section anchor="frame-data-blocked" numbered="true" toc="default"> <name>DATA_BLOCKED Frames</name> <t>A senderSHOULD<bcp14>SHOULD</bcp14> send a DATA_BLOCKED frame (type=0x14) when it wishes to senddata,data but is unable to do so due to connection-level flow control; see <xref target="flow-control" format="default"/>. DATA_BLOCKED frames can be used as input to tuning of flow control algorithms; see <xref target="fc-credit" format="default"/>.</t> <t>DATA_BLOCKED frames are formatted as shown in <xref target="fig-data-blocked" format="default"/>.</t> <figure anchor="fig-data-blocked"> <name>DATA_BLOCKED Frame Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ DATA_BLOCKED Frame { Type (i) = 0x14, Maximum Data (i), } ]]></artwork> </figure> <t>DATA_BLOCKED frames contain the following field:</t> <dl><dt> Maximum Data: </dt><dt>Maximum Data:</dt> <dd> <t>A variable-length integer indicating the connection-level limit at which blocking occurred.</t> </dd> </dl> </section> <section anchor="frame-stream-data-blocked" numbered="true" toc="default"> <name>STREAM_DATA_BLOCKED Frames</name> <t>A senderSHOULD<bcp14>SHOULD</bcp14> send a STREAM_DATA_BLOCKED frame (type=0x15) when it wishes to senddata,data but is unable to do so due to stream-level flow control. This frame is analogous to DATA_BLOCKED (<xref target="frame-data-blocked" format="default"/>).</t> <t>An endpoint that receives a STREAM_DATA_BLOCKED frame for a send-only streamMUST<bcp14>MUST</bcp14> terminate the connection with error STREAM_STATE_ERROR.</t> <t>STREAM_DATA_BLOCKED frames are formatted as shown in <xref target="fig-stream-data-blocked" format="default"/>.</t> <figure anchor="fig-stream-data-blocked"> <name>STREAM_DATA_BLOCKED Frame Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ STREAM_DATA_BLOCKED Frame { Type (i) = 0x15, Stream ID (i), Maximum Stream Data (i), } ]]></artwork> </figure> <t>STREAM_DATA_BLOCKED frames contain the following fields:</t> <dl><dt> Stream ID: </dt><dt>Stream ID:</dt> <dd> <t>A variable-length integer indicating the stream that is blocked due to flow control.</t> </dd><dt> Maximum<dt>Maximum StreamData: </dt>Data:</dt> <dd> <t>A variable-length integer indicating the offset of the stream at which the blocking occurred.</t> </dd> </dl> </section> <section anchor="frame-streams-blocked" numbered="true" toc="default"> <name>STREAMS_BLOCKED Frames</name> <t>A senderSHOULD<bcp14>SHOULD</bcp14> send a STREAMS_BLOCKED frame (type=0x16 or 0x17) when it wishes to open astream,stream but is unable to do so due to the maximum stream limit set by its peer; see <xref target="frame-max-streams" format="default"/>. A STREAMS_BLOCKED frame of type 0x16 is used to indicate reaching the bidirectional stream limit, and a STREAMS_BLOCKED frame of type 0x17 is used to indicate reaching the unidirectional stream limit.</t> <t>A STREAMS_BLOCKED frame does not open the stream, but informs the peer that a new stream was needed and the stream limit prevented the creation of the stream.</t> <t>STREAMS_BLOCKED frames are formatted as shown in <xref target="fig-streams-blocked" format="default"/>.</t> <figure anchor="fig-streams-blocked"> <name>STREAMS_BLOCKED Frame Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ STREAMS_BLOCKED Frame { Type (i) = 0x16..0x17, Maximum Streams (i), } ]]></artwork> </figure> <t>STREAMS_BLOCKED frames contain the following field:</t> <dl><dt> Maximum Streams: </dt><dt>Maximum Streams:</dt> <dd> <t>A variable-length integer indicating the maximum number of streams allowed at the time the frame was sent. This value cannot exceed2^60,2<sup>60</sup>, as it is not possible to encode stream IDs larger than2^62-1.2<sup>62</sup>-1. Receipt of a frame that encodes a larger stream IDMUST<bcp14>MUST</bcp14> be treated as a connection error of type STREAM_LIMIT_ERROR oraFRAME_ENCODING_ERROR.</t> </dd> </dl> </section> <section anchor="frame-new-connection-id" numbered="true" toc="default"> <name>NEW_CONNECTION_ID Frames</name> <t>An endpoint sends a NEW_CONNECTION_ID frame (type=0x18) to provide its peer with alternative connection IDs that can be used to break linkability when migrating connections; see <xref target="migration-linkability" format="default"/>.</t> <t>NEW_CONNECTION_ID frames are formatted as shown in <xref target="fig-new-connection-id" format="default"/>.</t> <figure anchor="fig-new-connection-id"> <name>NEW_CONNECTION_ID Frame Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ NEW_CONNECTION_ID Frame { Type (i) = 0x18, Sequence Number (i), Retire Prior To (i), Length (8), Connection ID (8..160), Stateless Reset Token (128), } ]]></artwork> </figure> <t>NEW_CONNECTION_ID frames contain the following fields:</t> <dl><dt> Sequence Number: </dt><dt>Sequence Number:</dt> <dd> <t>The sequence number assigned to the connection ID by the sender, encoded as a variable-length integer; see <xref target="issue-cid" format="default"/>.</t> </dd><dt> Retire<dt>Retire PriorTo: </dt>To:</dt> <dd> <t>A variable-length integer indicating which connection IDs should be retired; see <xref target="retire-cid" format="default"/>.</t> </dd><dt> Length: </dt><dt>Length:</dt> <dd> <t>An 8-bit unsigned integer containing the length of the connection ID. Values less than 1 and greater than 20 are invalid andMUST<bcp14>MUST</bcp14> be treated as a connection error of type FRAME_ENCODING_ERROR.</t> </dd><dt> Connection ID: </dt><dt>Connection ID:</dt> <dd> <t>A connection ID of the specified length.</t> </dd><dt> Stateless<dt>Stateless ResetToken: </dt>Token:</dt> <dd> <t>A 128-bit value that will be used for a stateless reset when the associated connection ID is used; see <xref target="stateless-reset" format="default"/>.</t> </dd> </dl> <t>An endpointMUST NOT<bcp14>MUST NOT</bcp14> send this frame if it currently requires that its peer send packets with a zero-length Destination Connection ID. Changing the length of a connection ID to or fromzero-lengthzero length makes it difficult to identify when the value of the connection ID changed. An endpoint that is sending packets with a zero-length Destination Connection IDMUST<bcp14>MUST</bcp14> treat receipt of a NEW_CONNECTION_ID frame as a connection error of type PROTOCOL_VIOLATION.</t> <t>Transmission errors,timeoutstimeouts, and retransmissions might cause the same NEW_CONNECTION_ID frame to be received multiple times. Receipt of the same frame multiple timesMUST NOT<bcp14>MUST NOT</bcp14> be treated as a connection error. A receiver can use the sequence number supplied in the NEW_CONNECTION_ID frame to handle receiving the same NEW_CONNECTION_ID frame multiple times.</t> <t>If an endpoint receives a NEW_CONNECTION_ID frame that repeats a previously issued connection ID with a different Stateless Reset Token field value or a differentsequence number,Sequence Number field value, or if a sequence number is used for different connection IDs, the endpointMAY<bcp14>MAY</bcp14> treat that receipt as a connection error of type PROTOCOL_VIOLATION.</t> <t>The Retire Prior To field applies to connection IDs established during connection setup and the preferred_address transport parameter; see <xref target="retire-cid" format="default"/>. The value in the Retire Prior To fieldMUST<bcp14>MUST</bcp14> be less than or equal to the value in the Sequence Number field. Receiving a value in the Retire Prior To field that is greater than that in the Sequence NumberMUSTfield <bcp14>MUST</bcp14> be treated as a connection error of type FRAME_ENCODING_ERROR.</t> <t>Once a sender indicates a Retire Prior To value, smaller values sent in subsequent NEW_CONNECTION_ID frames have no effect. A receiverMUST<bcp14>MUST</bcp14> ignore any Retire Prior To fields that do not increase the largest received Retire Prior To value.</t> <t>An endpoint that receives a NEW_CONNECTION_ID frame with a sequence number smaller than the Retire Prior To field of a previously received NEW_CONNECTION_ID frameMUST<bcp14>MUST</bcp14> send a corresponding RETIRE_CONNECTION_ID frame that retires the newly received connection ID, unless it has already done so for that sequence number.</t> </section> <section anchor="frame-retire-connection-id" numbered="true" toc="default"> <name>RETIRE_CONNECTION_ID Frames</name> <t>An endpoint sends a RETIRE_CONNECTION_ID frame (type=0x19) to indicate that it will no longer use a connection ID that was issued by its peer. This includes the connection ID provided during the handshake. Sending a RETIRE_CONNECTION_ID frame also serves as a request to the peer to send additional connection IDs for future use; see <xref target="connection-id" format="default"/>. New connection IDs can be delivered to a peer using the NEW_CONNECTION_ID frame (<xref target="frame-new-connection-id" format="default"/>).</t> <t>Retiring a connection ID invalidates the stateless reset token associated with that connection ID.</t> <t>RETIRE_CONNECTION_ID frames are formatted as shown in <xref target="fig-retire-connection-id" format="default"/>.</t> <figure anchor="fig-retire-connection-id"> <name>RETIRE_CONNECTION_ID Frame Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ RETIRE_CONNECTION_ID Frame { Type (i) = 0x19, Sequence Number (i), } ]]></artwork> </figure> <t>RETIRE_CONNECTION_ID frames contain the following field:</t> <dl><dt> Sequence Number: </dt><dt>Sequence Number:</dt> <dd> <t>The sequence number of the connection ID being retired; see <xref target="retire-cid" format="default"/>.</t> </dd> </dl> <t>Receipt of a RETIRE_CONNECTION_ID frame containing a sequence number greater than any previously sent to the peerMUST<bcp14>MUST</bcp14> be treated as a connection error of type PROTOCOL_VIOLATION.</t> <t>The sequence number specified in a RETIRE_CONNECTION_ID frameMUST NOT<bcp14>MUST NOT</bcp14> refer to the Destination Connection ID field of the packet in which the frame is contained. The peerMAY<bcp14>MAY</bcp14> treat this as a connection error of type PROTOCOL_VIOLATION.</t> <t>An endpoint cannot send this frame if it was provided with a zero-length connection ID by its peer. An endpoint that provides a zero-length connection IDMUST<bcp14>MUST</bcp14> treat receipt of a RETIRE_CONNECTION_ID frame as a connection error of type PROTOCOL_VIOLATION.</t> </section> <section anchor="frame-path-challenge" numbered="true" toc="default"> <name>PATH_CHALLENGE Frames</name> <t>Endpoints can use PATH_CHALLENGE frames (type=0x1a) to check reachability to the peer and for path validation during connection migration.</t> <t>PATH_CHALLENGE frames are formatted as shown in <xref target="fig-path-challenge" format="default"/>.</t> <figure anchor="fig-path-challenge"> <name>PATH_CHALLENGE Frame Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ PATH_CHALLENGE Frame { Type (i) = 0x1a, Data (64), } ]]></artwork> </figure> <t>PATH_CHALLENGE frames contain the following field:</t> <dl><dt> Data: </dt><dt>Data:</dt> <dd> <t>This 8-byte field contains arbitrary data.</t> </dd> </dl> <t>Including 64 bits of entropy in a PATH_CHALLENGE frame ensures that it is easier to receive the packet than it is to guess the value correctly.</t> <t>The recipient of this frameMUST<bcp14>MUST</bcp14> generate a PATH_RESPONSE frame (<xref target="frame-path-response" format="default"/>) containing the sameData.</t>Data value.</t> </section> <section anchor="frame-path-response" numbered="true" toc="default"> <name>PATH_RESPONSE Frames</name> <t>A PATH_RESPONSE frame (type=0x1b) is sent in response to a PATH_CHALLENGE frame.</t> <t>PATH_RESPONSE frames are formatted as shown in <xref target="fig-path-response"format="default"/>, whichformat="default"/>. The format of a PATH_RESPONSE frame is identical to that of the PATH_CHALLENGEframe (<xrefframe; see <xref target="frame-path-challenge"format="default"/>).</t>format="default"/>.</t> <figure anchor="fig-path-response"> <name>PATH_RESPONSE Frame Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ PATH_RESPONSE Frame { Type (i) = 0x1b, Data (64), } ]]></artwork> </figure> <t>If the content of a PATH_RESPONSE frame does not match the content of a PATH_CHALLENGE frame previously sent by the endpoint, the endpointMAY<bcp14>MAY</bcp14> generate a connection error of type PROTOCOL_VIOLATION.</t> </section> <section anchor="frame-connection-close" numbered="true" toc="default"> <name>CONNECTION_CLOSE Frames</name> <t>An endpoint sends a CONNECTION_CLOSE frame (type=0x1c or 0x1d) to notify its peer that the connection is being closed. The CONNECTION_CLOSE frame with aframetype of 0x1c is used to signal errors at only the QUIC layer, or the absence of errors (with the NO_ERROR code). The CONNECTION_CLOSE frame with a type of 0x1d is used to signal an error with the application that uses QUIC.</t> <t>If there are open streams that have not been explicitly closed, they are implicitly closed when the connection is closed.</t> <t>CONNECTION_CLOSE frames are formatted as shown in <xref target="fig-connection-close" format="default"/>.</t> <figure anchor="fig-connection-close"> <name>CONNECTION_CLOSE Frame Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ CONNECTION_CLOSE Frame { Type (i) = 0x1c..0x1d, Error Code (i), [Frame Type (i)], Reason Phrase Length (i), Reason Phrase (..), } ]]></artwork> </figure> <t>CONNECTION_CLOSE frames contain the following fields:</t> <dl><dt> Error Code: </dt><dt>Error Code:</dt> <dd> <t>A variable-length integererror codethat indicates the reason for closing this connection. A CONNECTION_CLOSE frame of type 0x1c uses codes from the space defined in <xref target="transport-error-codes" format="default"/>. A CONNECTION_CLOSE frame of type 0x1d uses codesfromdefined by the applicationprotocol error code space;protocol; see <xref target="app-error-codes" format="default"/>.</t> </dd><dt> Frame Type: </dt><dt>Frame Type:</dt> <dd> <t>A variable-length integer encoding the type of frame that triggered the error. A value of 0 (equivalent to the mention of the PADDING frame) is used when the frame type is unknown. The application-specific variant of CONNECTION_CLOSE (type 0x1d) does not include this field.</t> </dd><dt> Reason<dt>Reason PhraseLength: </dt>Length:</dt> <dd> <t>A variable-length integer specifying the length of the reason phrase in bytes. Because a CONNECTION_CLOSE frame cannot be split between packets, any limits on packet size will also limit the space available for a reason phrase.</t> </dd><dt> Reason Phrase: </dt><dt>Reason Phrase:</dt> <dd> <t>Additional diagnostic information for the closure. This can be zero length if the sender chooses not to give details beyond the ErrorCode.Code value. ThisSHOULD<bcp14>SHOULD</bcp14> be a UTF-8 encoded string <xref target="RFC3629" format="default"/>, though the frame does not carry information, such as language tags, that would aid comprehension by any entity other than the one that created the text.</t> </dd> </dl> <t>The application-specific variant of CONNECTION_CLOSE (type 0x1d) can only be sent using 0-RTT or 1-RTT packets; see <xref target="frames-and-spaces" format="default"/>. When an application wishes to abandon a connection during the handshake, an endpoint can send a CONNECTION_CLOSE frame (type 0x1c) with an error code of APPLICATION_ERROR in an Initial oraHandshake packet.</t> </section> <section anchor="frame-handshake-done" numbered="true" toc="default"> <name>HANDSHAKE_DONE Frames</name> <t>The server uses a HANDSHAKE_DONE frame (type=0x1e) to signal confirmation of the handshake to the client.</t> <t>HANDSHAKE_DONE frames are formatted as shown in <xref target="handshake-done-format" format="default"/>, which shows that HANDSHAKE_DONE frames have no content.</t> <figure anchor="handshake-done-format"> <name>HANDSHAKE_DONE Frame Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ HANDSHAKE_DONE Frame { Type (i) = 0x1e, } ]]></artwork> </figure> <t>A HANDSHAKE_DONE frame can only be sent by the server. ServersMUST NOT<bcp14>MUST NOT</bcp14> send a HANDSHAKE_DONE frame before completing the handshake. A serverMUST<bcp14>MUST</bcp14> treat receipt of a HANDSHAKE_DONE frame as a connection error of type PROTOCOL_VIOLATION.</t> </section> <section anchor="extension-frames" numbered="true" toc="default"> <name>Extension Frames</name> <t>QUIC frames do not use a self-describing encoding. An endpoint therefore needs to understand the syntax of all frames before it can successfully process a packet. This allows for efficient encoding of frames, but it means that an endpoint cannot send a frame of a type that is unknown to its peer.</t> <t>An extension to QUIC that wishes to use a new type of frameMUST<bcp14>MUST</bcp14> first ensure that a peer is able to understand the frame. An endpoint can use a transport parameter to signal its willingness to receive extension frame types. One transport parameter can indicate support for one or more extension frame types.</t> <t>Extensions that modify or replace core protocol functionality (including frame types) will be difficult to combine with other extensions that modify or replace the same functionality unless the behavior of the combination is explicitly defined. Such extensionsSHOULD<bcp14>SHOULD</bcp14> define their interaction withpreviously-definedpreviously defined extensions modifying the same protocol components.</t> <t>Extension framesMUST<bcp14>MUST</bcp14> be congestion controlled andMUST<bcp14>MUST</bcp14> cause an ACK frame to be sent. The exception is extension frames that replace or supplement the ACK frame. Extension frames are not included in flow control unless specified in the extension.</t> <t>An IANA registry is used to manage the assignment of frame types; see <xref target="iana-frames" format="default"/>.</t> </section> </section> <section anchor="error-codes" numbered="true" toc="default"> <name>Error Codes</name> <t>QUIC transport error codes and application error codes are 62-bit unsigned integers.</t> <section anchor="transport-error-codes" numbered="true" toc="default"> <name>Transport Error Codes</name> <t>This section lists the defined QUIC transport error codes that can be used in a CONNECTION_CLOSE frame with a type of 0x1c. These errors apply to the entire connection.</t> <dl><dt> NO_ERROR (0x0): </dt><dt>NO_ERROR (0x00):</dt> <dd> <t>An endpoint uses this with CONNECTION_CLOSE to signal that the connection is being closed abruptly in the absence of any error.</t> </dd><dt> INTERNAL_ERROR (0x1): </dt><dt>INTERNAL_ERROR (0x01):</dt> <dd> <t>The endpoint encountered an internal error and cannot continue with the connection.</t> </dd><dt> CONNECTION_REFUSED (0x2): </dt><dt>CONNECTION_REFUSED (0x02):</dt> <dd> <t>The server refused to accept a new connection.</t> </dd><dt> FLOW_CONTROL_ERROR (0x3): </dt><dt>FLOW_CONTROL_ERROR (0x03):</dt> <dd> <t>An endpoint received more data than it permitted in its advertised data limits; see <xref target="flow-control" format="default"/>.</t> </dd><dt> STREAM_LIMIT_ERROR (0x4): </dt><dt>STREAM_LIMIT_ERROR (0x04):</dt> <dd> <t>An endpoint received a frame for a stream identifier that exceeded its advertised stream limit for the corresponding stream type.</t> </dd><dt> STREAM_STATE_ERROR (0x5): </dt><dt>STREAM_STATE_ERROR (0x05):</dt> <dd> <t>An endpoint received a frame for a stream that was not in a state that permitted that frame; see <xref target="stream-states" format="default"/>.</t> </dd><dt> FINAL_SIZE_ERROR (0x6): </dt><dt>FINAL_SIZE_ERROR (0x06):</dt> <dd><t>An<t>(1) An endpoint received a STREAM frame containing data that exceeded the previously established finalsize. Orsize, (2) an endpoint received a STREAM frame or a RESET_STREAM frame containing a final size that was lower than the size of stream data that was alreadyreceived. Orreceived, or (3) an endpoint received a STREAM frame or a RESET_STREAM frame containing a different final size to the one already established.</t> </dd><dt> FRAME_ENCODING_ERROR (0x7): </dt><dt>FRAME_ENCODING_ERROR (0x07):</dt> <dd> <t>An endpoint received a frame that was badlyformatted. Forformatted -- for instance, a frame of an unknowntype,type or an ACK frame that has more acknowledgment ranges than the remainder of the packet could carry.</t> </dd><dt> TRANSPORT_PARAMETER_ERROR (0x8): </dt><dt>TRANSPORT_PARAMETER_ERROR (0x08):</dt> <dd> <t>An endpoint received transport parameters that were badly formatted, included an invalid value, omitted a mandatory transport parameter, included a forbidden transport parameter, or were otherwise in error.</t> </dd><dt> CONNECTION_ID_LIMIT_ERROR (0x9): </dt><dt>CONNECTION_ID_LIMIT_ERROR (0x09):</dt> <dd> <t>The number of connection IDs provided by the peer exceeds the advertised active_connection_id_limit.</t> </dd><dt> PROTOCOL_VIOLATION (0xa): </dt><dt>PROTOCOL_VIOLATION (0x0a):</dt> <dd> <t>An endpoint detected an error with protocol compliance that was not covered by more specific error codes.</t> </dd><dt> INVALID_TOKEN (0xb): </dt><dt>INVALID_TOKEN (0x0b):</dt> <dd> <t>A server received a client Initial that contained an invalid Token field.</t> </dd><dt> APPLICATION_ERROR (0xc): </dt><dt>APPLICATION_ERROR (0x0c):</dt> <dd> <t>The application or application protocol caused the connection to be closed.</t> </dd><dt> CRYPTO_BUFFER_EXCEEDED (0xd): </dt><dt>CRYPTO_BUFFER_EXCEEDED (0x0d):</dt> <dd> <t>An endpoint has received more data in CRYPTO frames than it can buffer.</t> </dd><dt> KEY_UPDATE_ERROR (0xe): </dt><dt>KEY_UPDATE_ERROR (0x0e):</dt> <dd> <t>An endpoint detected errors in performing key updates; seeSection 6 of<xref section="6" sectionFormat="of" target="QUIC-TLS" format="default"/>.</t> </dd><dt> AEAD_LIMIT_REACHED (0xf): </dt><dt>AEAD_LIMIT_REACHED (0x0f):</dt> <dd> <t>An endpoint has reached the confidentiality or integrity limit for the AEAD algorithm used by the given connection.</t> </dd><dt> NO_VIABLE_PATH (0x10): </dt><dt>NO_VIABLE_PATH (0x10):</dt> <dd> <t>An endpoint has determined that the network path is incapable of supporting QUIC. An endpoint is unlikely to receive a CONNECTION_CLOSE frame carrying this code except when the path does not support a large enough MTU.</t> </dd><dt> CRYPTO_ERROR (0x1XX): </dt><dt>CRYPTO_ERROR (0x0100-0x01ff):</dt> <dd> <t>The cryptographic handshake failed. A range of 256 values is reserved for carrying error codes specific to the cryptographic handshake that is used. Codes for errors occurring when TLS is used for thecryptocryptographic handshake are described inSection 4.8 of<xref section="4.8" sectionFormat="of" target="QUIC-TLS" format="default"/>.</t> </dd> </dl> <t>See <xref target="iana-error-codes" format="default"/> for detailsofon registering new error codes.</t> <t>In defining these error codes, several principles are applied. Error conditions that might require specific action on the part of a recipient are given unique codes. Errors that represent common conditions are given specific codes. Absent either of these conditions, error codes are used to identify a general function of the stack, like flow control or transport parameter handling. Finally, generic errors are provided for conditions where implementations are unable or unwilling to use more specific codes.</t> </section> <section anchor="app-error-codes" numbered="true" toc="default"> <name>Application Protocol Error Codes</name> <t>The management of application error codes is left to application protocols. Application protocol error codes are used for the RESET_STREAM frame (<xref target="frame-reset-stream" format="default"/>), the STOP_SENDING frame (<xref target="frame-stop-sending" format="default"/>), and the CONNECTION_CLOSE frame with a type of 0x1d (<xref target="frame-connection-close" format="default"/>).</t> </section> </section> <section anchor="security-considerations" numbered="true" toc="default"> <name>Security Considerations</name> <t>The goal of QUIC is to provide a secure transport connection. <xref target="security-properties" format="default"/> provides an overview of those properties; subsequent sections discuss constraints and caveats regarding these properties, including descriptions of known attacks and countermeasures.</t> <section anchor="security-properties" numbered="true" toc="default"> <name>Overview of Security Properties</name> <t>A complete security analysis of QUIC is outside the scope of this document. This section provides an informal description of the desired security properties as an aid toimplementorsimplementers and to help guide protocol analysis.</t> <t>QUIC assumes the threat model described in <xref target="SEC-CONS" format="default"/> and provides protections against many of the attacks that arise from that model.</t> <t>For this purpose, attacks are divided into passive and active attacks. Passive attackers have thecapabilityability to read packets from the network, while active attackers also have thecapabilityability to write packets into the network. However, a passive attack could involve an attacker with the ability to cause a routing change or other modification in the path taken by packets that comprise a connection.</t> <t>Attackers are additionally categorized as either on-path attackers or off-path attackers. An on-path attacker can read, modify, or remove any packet it observes such thatitthe packet no longer reaches its destination, while an off-path attacker observes thepackets,packets but cannot prevent the original packet from reaching its intended destination. Both types of attackers can also transmit arbitrary packets. This definition differs from that ofSection 3.5 of<xref section="3.5" sectionFormat="of" target="SEC-CONS" format="default"/> in that an off-path attacker is able to observe packets.</t> <t>Properties of the handshake, protected packets, and connection migration are considered separately.</t> <section anchor="handshake-properties" numbered="true" toc="default"> <name>Handshake</name> <t>The QUIC handshake incorporates the TLS 1.3 handshake and inherits the cryptographic properties described inAppendix E.1 of<xref section="E.1" sectionFormat="of" target="TLS13" format="default"/>. Many of the security properties of QUIC depend on the TLS handshake providing these properties. Any attack on the TLS handshake could affect QUIC.</t> <t>Any attack on the TLS handshake that compromises the secrecy or uniqueness of session keys, or the authentication of the participating peers, affects other security guarantees provided by QUIC that depend on those keys. For instance, migration (<xref target="migration" format="default"/>) depends on the efficacy of confidentiality protections, both for the negotiation of keys using the TLS handshake and for QUIC packet protection, to avoid linkability across network paths.</t> <t>An attack on the integrity of the TLS handshake might allow an attacker to affect the selection of application protocol or QUIC version.</t> <t>In addition to the properties provided by TLS, the QUIC handshake provides some defense against DoS attacks on the handshake.</t> <section anchor="anti-amplification" numbered="true" toc="default"> <name>Anti-Amplification</name> <t>Address validation (<xref target="address-validation" format="default"/>) is used to verify that an entity that claims a given address is able to receive packets at that address. Address validation limits amplification attack targets to addresses for which an attacker can observe packets.</t> <t>Prior to address validation, endpoints are limited in what they are able to send. Endpoints cannot send data toward an unvalidated address in excess of three times the data received from that address.</t><dl> <dt> Note: </dt> <dd> <t>The<aside> <t>Note: The anti-amplification limit only applies when an endpoint responds to packets received from an unvalidated address. The anti-amplification limit does not apply to clients when establishing a new connection or when initiating connection migration.</t></dd> </dl></aside> </section> <section anchor="server-side-dos" numbered="true" toc="default"> <name>Server-Side DoS</name> <t>Computing the server's first flight for a full handshake is potentially expensive, requiring both a signature and a key exchange computation. In order to prevent computational DoS attacks, the Retry packet provides a cheap token exchange mechanism that allows servers to validate a client's IP address prior to doing any expensive computations at the cost of a single round trip. After a successful handshake, servers can issue new tokens to a client, which will allow new connection establishment without incurring this cost.</t> </section> <section anchor="on-path-handshake-termination" numbered="true" toc="default"> <name>On-Path Handshake Termination</name> <t>An on-path or off-path attacker can force a handshake to fail by replacing or racing Initial packets. Once valid Initial packets have been exchanged, subsequent Handshake packets are protected with thehandshake keysHandshake keys, and an on-path attacker cannot force handshake failure other than by dropping packets to cause endpoints to abandon the attempt.</t> <t>An on-path attacker can also replace the addresses of packets on either side and therefore cause the client or server to have an incorrect view of the remote addresses. Such an attack is indistinguishable from the functions performed by a NAT.</t> </section> <section anchor="parameter-negotiation" numbered="true" toc="default"> <name>Parameter Negotiation</name> <t>The entire handshake is cryptographically protected, with the Initial packets being encrypted with per-version keys and the Handshake and later packets being encrypted with keys derived from the TLS key exchange. Further, parameter negotiation is folded into the TLS transcript and thus provides the same integrity guarantees as ordinary TLS negotiation. An attacker can observe the client's transport parameters (as long as it knows the version-specific salt) but cannot observe the server's transport parameters and cannot influence parameter negotiation.</t> <t>Connection IDs are unencrypted but integrity protected in all packets.</t> <t>This version of QUIC does not incorporate a version negotiation mechanism; implementations of incompatible versions will simply fail to establish a connection.</t> </section> </section> <section anchor="protected-packet-properties" numbered="true" toc="default"> <name>Protected Packets</name> <t>Packet protection (<xref target="packet-protected" format="default"/>) applies authenticated encryption to all packets except Version Negotiation packets, though Initial and Retry packets have limited protection due to the use of version-specific keying material; see <xref target="QUIC-TLS" format="default"/> for more details. This section considers passive and active attacks against protected packets.</t> <t>Both on-path and off-path attackers can mount a passive attack in which they save observed packets for an offline attack against packet protection at a future time; this is true for any observer of any packet on any network.</t><t>A blind attacker, one who<t>An attacker that injects packets without being able to observe valid packets for aconnection,connection is unlikely to be successful, since packet protection ensures that valid packets are only generated by endpoints that possess the key material established during the handshake; see Sections <xreftarget="handshake" format="default"/>format="counter" target="handshake"/> and <xreftarget="handshake-properties" format="default"/>.format="counter" target="handshake-properties"/>. Similarly, any active attacker that observes packets and attempts to insert new data or modify existing data in those packets should not be able to generate packets deemed valid by the receiving endpoint, other than Initial packets.</t> <t>A spoofing attack, in which an active attacker rewrites unprotected parts of a packet that it forwards or injects, such as the source or destination address, is only effective if the attacker can forward packets to the original endpoint. Packet protection ensures that the packet payloads can only be processed by the endpoints that completed the handshake, and invalid packets are ignored by those endpoints.</t> <t>An attacker can also modify the boundaries between packets and UDP datagrams, causing multiple packets to be coalesced into a singledatagram,datagram or splitting coalesced packets into multiple datagrams. Aside from datagrams containing Initial packets, which require padding, modification of how packets are arranged in datagrams has no functional effect on a connection, although it might change some performance characteristics.</t> </section> <section anchor="migration-properties" numbered="true" toc="default"> <name>Connection Migration</name> <t>ConnectionMigrationmigration (<xref target="migration" format="default"/>) provides endpoints with the ability to transition between IP addresses and ports on multiple paths, using one path at a time for transmission and receipt of non-probing frames. Path validation (<xref target="migrate-validate" format="default"/>) establishes that a peer is both willing and able to receive packets sent on a particular path. This helps reduce the effects of address spoofing by limiting the number of packets sent to a spoofed address.</t> <t>This section describes the intended security properties of connection migration under various types of DoS attacks.</t> <section anchor="on-path-active-attacks" numbered="true" toc="default"> <name>On-Path Active Attacks</name> <t>An attacker that can cause a packet it observes to no longer reach its intended destination is considered an on-path attacker. When an attacker is present between a client and server, endpoints are required to send packets through the attacker to establish connectivity on a given path.</t> <t>An on-path attacker can:</t> <ul spacing="normal"> <li>Inspect packets</li> <li>Modify IP and UDP packet headers</li> <li>Inject new packets</li> <li>Delay packets</li> <li>Reorder packets</li> <li>Drop packets</li> <li>Split and merge datagrams along packet boundaries</li> </ul> <t>An on-path attacker cannot:</t> <ul spacing="normal"> <li>Modify an authenticated portion of a packet and cause the recipient to accept that packet</li> </ul> <t>An on-path attacker has the opportunity to modify the packets that itobserves, howeverobserves; however, any modifications to an authenticated portion of a packet will cause it to be dropped by the receiving endpoint as invalid, as packet payloads are both authenticated and encrypted.</t><t>In<t>QUIC aims to constrain thepresencecapabilities of an on-pathattacker, QUIC aims to provide the following properties:</t>attacker as follows:</t> <ol spacing="normal"type="1"><li>Antype="1"> <li>An on-path attacker can prevent the use of a path for a connection, causing the connection to fail if it cannot use a different path that does not contain the attacker. This can be achieved by dropping all packets, modifying them so that they fail to decrypt, or other methods.</li> <li>An on-path attacker can prevent migration to a new path for which the attacker is also on-path by causing path validation to fail on the new path.</li> <li>An on-path attacker cannot prevent a client from migrating to a path for which the attacker is not on-path.</li> <li>An on-path attacker can reduce the throughput of a connection by delaying packets or dropping them.</li> <li>An on-path attacker cannot cause an endpoint to accept a packet for which it has modified an authenticated portion of that packet.</li> </ol> </section> <section anchor="off-path-active-attacks" numbered="true" toc="default"> <name>Off-Path Active Attacks</name> <t>An off-path attacker is not directly on the path between a client andserver,server but could be able to obtain copies of some or all packets sent between the client and the server. It is also able to send copies of those packets to either endpoint.</t> <t>An off-path attacker can:</t> <ul spacing="normal"> <li>Inspect packets</li> <li>Inject new packets</li> <li>Reorder injected packets</li> </ul> <t>An off-path attacker cannot:</t> <ul spacing="normal"> <li>Modify packets sent by endpoints</li> <li>Delay packets</li> <li>Drop packets</li> <li>Reorder original packets</li> </ul> <t>An off-path attacker can create modified copies of packets that it has observed and inject those copies into the network, potentially with spoofed source and destination addresses.</t> <t>For the purposes of this discussion, it is assumed that an off-path attacker has the ability to inject a modified copy of a packet into the network that will reach the destination endpoint prior to the arrival of the original packet observed by the attacker. In other words, an attacker has the ability to consistently "win" a race with the legitimate packets between the endpoints, potentially causing the original packet to be ignored by the recipient.</t> <t>It is also assumed that an attacker has the resources necessary to affect NATstate, potentially both causingstate. In particular, an attacker can cause an endpoint to lose its NATbinding,binding andan attacker tothen obtain the same port for use with its own traffic.</t><t>In<t>QUIC aims to constrain thepresencecapabilities of an off-pathattacker, QUIC aims to provide the following properties:</t>attacker as follows:</t> <ol spacing="normal"type="1"><li>Antype="1"> <li>An off-path attacker can race packets and attempt to become a "limited" on-path attacker.</li> <li>An off-path attacker can cause path validation to succeed for forwarded packets with the source address listed as the off-path attacker as long as it can provide improved connectivity between the client and the server.</li> <li>An off-path attacker cannot cause a connection to close once the handshake has completed.</li> <li>An off-path attacker cannot cause migration to a new path to fail if it cannot observe the new path.</li> <li>An off-path attacker can become a limited on-path attacker during migration to a new path for which it is also an off-path attacker.</li> <li>An off-path attacker can become a limited on-path attacker by affecting shared NAT state such that it sends packets to the server from the same IP address and port that the client originally used.</li> </ol> </section> <section anchor="limited-on-path-active-attacks" numbered="true" toc="default"> <name>Limited On-Path Active Attacks</name> <t>A limited on-path attacker is an off-path attacker that has offered improved routing of packets by duplicating and forwarding original packets between the server and the client, causing those packets to arrive before the original copies such that the original packets are dropped by the destination endpoint.</t> <t>A limited on-path attacker differs from an on-path attacker in that it is not on the original path between endpoints, and therefore the original packets sent by an endpoint are still reaching their destination. This means that a future failure to route copied packets to the destination faster than their original path will not prevent the original packets from reaching the destination.</t> <t>A limited on-path attacker can:</t> <ul spacing="normal"> <li>Inspect packets</li> <li>Inject new packets</li> <li>Modify unencrypted packet headers</li> <li>Reorder packets</li> </ul> <t>A limited on-path attacker cannot:</t> <ul spacing="normal"> <li>Delay packets so that they arrive later than packets sent on the original path</li> <li>Drop packets</li> <li>Modify the authenticated and encrypted portion of a packet and cause the recipient to accept that packet</li> </ul> <t>A limited on-path attacker can only delay packets up to the point that the original packets arrive before the duplicate packets, meaning that it cannot offer routing with worse latency than the original path. If a limited on-path attacker drops packets, the original copy will still arrive at the destination endpoint.</t><t>In<t>QUIC aims to constrain thepresencecapabilities of a limitedon-path attacker, QUIC aims to provide the following properties:</t>off-path attacker as follows:</t> <ol spacing="normal"type="1"><li>Atype="1"> <li>A limited on-path attacker cannot cause a connection to close once the handshake has completed.</li> <li>A limited on-path attacker cannot cause an idle connection to close if the client is first to resume activity.</li> <li>A limited on-path attacker can cause an idle connection to be deemed lost if the server is the first to resume activity.</li> </ol> <t>Note that these guarantees are the same guarantees provided for any NAT, for the same reasons.</t> </section> </section> </section> <section anchor="handshake-dos" numbered="true" toc="default"> <name>Handshake Denial of Service</name> <t>As an encrypted and authenticatedtransporttransport, QUIC provides a range of protections against denial of service. Once the cryptographic handshake is complete, QUIC endpoints discard most packets that are not authenticated, greatly limiting the ability of an attacker to interfere with existing connections.</t> <t>Once a connection isestablishedestablished, QUIC endpoints might accept some unauthenticated ICMP packets (see <xref target="pmtud" format="default"/>), but the use of these packets is extremely limited. The only other type of packet that an endpoint might accept is a stateless reset (<xref target="stateless-reset" format="default"/>), which relies on the token being kept secret until it is used.</t> <t>During the creation of a connection, QUIC only provides protection againstattackattacks from off the network path. All QUIC packets contain proof that the recipient saw a preceding packet from its peer.</t> <t>Addresses cannot change during the handshake, so endpoints can discard packets that are received on a different network path.</t> <t>The Source and Destination Connection ID fields are the primary means of protection against an off-path attack during the handshake; see <xref target="validate-handshake" format="default"/>. These are required to match those set by a peer. Except foranInitial andstateless reset packets,Stateless Resets, an endpoint only accepts packets that include a Destination Connection ID field that matches a value the endpoint previously chose. This is the only protection offered for Version Negotiation packets.</t> <t>The Destination Connection ID field in an Initial packet is selected by a client to be unpredictable, which serves an additional purpose. The packets that carry the cryptographic handshake are protected with a key that is derived from this connection ID and a salt specific to the QUIC version. This allows endpoints to use the same process for authenticating packets that they receive as they use after the cryptographic handshake completes. Packets that cannot be authenticated are discarded. Protecting packets in this fashion provides a strong assurance that the sender of the packet saw the Initial packet and understood it.</t> <t>These protections are not intended to be effective against an attacker that is able to receive QUIC packets prior to the connection being established. Such an attacker can potentially send packets that will be accepted by QUIC endpoints. This version of QUIC attempts to detect this sort of attack, but it expects that endpoints will fail to establish a connection rather than recovering. For the most part, the cryptographic handshake protocol <xref target="QUIC-TLS" format="default"/> is responsible for detecting tampering during the handshake.</t> <t>Endpoints are permitted to use other methods to detect and attempt to recover from interference with the handshake. Invalid packets can be identified and discarded using other methods, but no specific method is mandated in this document.</t> </section> <section anchor="amplification-attack" numbered="true" toc="default"> <name>Amplification Attack</name> <t>An attacker might be able to receive an address validation token (<xref target="address-validation" format="default"/>) from a server and then release the IP address it used to acquire that token. At a later time, the attacker can initiate a 0-RTT connection with a server by spoofing this same address, which might now address a different (victim) endpoint. The attacker can thus potentially cause the server to send an initial congestion window's worth of data towards the victim.</t> <t>ServersSHOULD<bcp14>SHOULD</bcp14> provide mitigations for this attack by limiting the usage and lifetime of address validation tokens; see <xref target="validate-future" format="default"/>.</t> </section> <section anchor="optimistic-ack-attack" numbered="true" toc="default"> <name>Optimistic ACK Attack</name> <t>An endpoint that acknowledges packets it has not received might cause a congestion controller to permit sending at rates beyond what the network supports. An endpointMAY<bcp14>MAY</bcp14> skip packet numbers when sending packets to detect this behavior. An endpoint can then immediately close the connection with a connection error of type PROTOCOL_VIOLATION; see <xref target="immediate-close" format="default"/>.</t> </section> <section anchor="request-forgery-attacks" numbered="true" toc="default"> <name>Request Forgery Attacks</name> <t>A request forgery attack occurs where an endpoint causes its peer to issue a request towards a victim, with the request controlled by the endpoint. Request forgery attacks aim to provide an attacker with access to capabilities of its peer that might otherwise be unavailable to the attacker. For a networking protocol, a request forgery attack is often used to exploit any implicit authorization conferred on the peer by the victim due to the peer's location in the network.</t> <t>For request forgery to be effective, an attacker needs to be able to influence what packets the peer sends and where these packets are sent. If an attacker can target a vulnerable service with a controlled payload, that service might perform actions that are attributed to the attacker'speer,peer but are decided by the attacker.</t> <t>For example, cross-site request forgery <xref target="CSRF" format="default"/> exploits on the Web cause a client to issue requests that include authorization cookies <xref target="COOKIE" format="default"/>, allowing one site access to information and actions that are intended to be restricted to a different site.</t> <t>As QUIC runs over UDP, the primary attack modality of concern is one where an attacker can select the address to which its peer sends UDP datagrams and can control some of the unprotected content of those packets. As much of the data sent by QUIC endpoints is protected, this includes control over ciphertext. An attack is successful if an attacker can cause a peer to send a UDP datagram to a host that will perform some action based on content in the datagram.</t> <t>This section discusses ways in which QUIC might be used for request forgery attacks.</t> <t>This section also describes limited countermeasures that can be implemented by QUIC endpoints. These mitigations can be employed unilaterally by a QUIC implementation or deployment, without potential targets for request forgery attacks taking action.HoweverHowever, these countermeasures could be insufficient if UDP-based services do not properly authorize requests.</t> <t>Because the migration attack described in <xref target="request-forgery-with-spoofed-migration" format="default"/> is quite powerful and does not have adequate countermeasures, QUIC server implementations should assume that attackers can cause them to generate arbitrary UDP payloads to arbitrary destinations. QUIC serversSHOULD NOT<bcp14>SHOULD NOT</bcp14> be deployed in networks that do not deploy ingress filtering <xref target="BCP38" format="default"/> and also have inadequately secured UDP endpoints.</t> <t>Although it is not generally possible to ensure that clients are not co-located with vulnerable endpoints, this version of QUIC does not allow servers to migrate, thus preventing spoofed migration attacks on clients. Any future extensionwhichthat allows server migrationMUST<bcp14>MUST</bcp14> also define countermeasures for forgery attacks.</t> <section anchor="control-options-for-endpoints" numbered="true" toc="default"> <name>Control Options for Endpoints</name> <t>QUIC offers some opportunities for an attacker to influence or control where its peer sends UDP datagrams:</t> <ul spacing="normal"> <li>initial connection establishment (<xref target="handshake" format="default"/>), where a server is able to choose where a client sendsdatagrams,datagrams -- forexampleexample, by populating DNS records;</li> <li>preferred addresses (<xref target="preferred-address" format="default"/>), where a server is able to choose where a client sends datagrams;</li> <li>spoofed connection migrations (<xref target="address-spoofing" format="default"/>), where a client is able to use source address spoofing to select where a server sends subsequent datagrams; and</li> <li>spoofed packets that cause a server to send a Version Negotiation packet<xref(<xref target="vn-spoofing"format="default"/>.</li>format="default"/>).</li> </ul> <t>In all cases, the attacker can cause its peer to send datagrams to a victim that might not understand QUIC. That is, these packets are sent by the peer prior to address validation; see <xref target="address-validation" format="default"/>.</t> <t>Outside of the encrypted portion of packets, QUIC offers an endpoint several options for controlling the content of UDP datagrams that its peer sends. The Destination Connection ID field offers direct control over bytes that appear early in packets sent by the peer; see <xref target="connection-id" format="default"/>. The Token field in Initial packets offers a server control over other bytes of Initial packets; see <xref target="packet-initial" format="default"/>.</t> <t>There are no measures in this version of QUIC to prevent indirect control over the encrypted portions of packets. It is necessary to assume that endpoints are able to control the contents of frames that a peer sends, especially those frames that convey application data, such as STREAM frames. Though this depends to some degree on details of the application protocol, some control is possible in many protocol usage contexts. As the attacker has access to packet protection keys, they are likely to be capable of predicting how a peer will encrypt future packets. Successful control over datagram content then only requires that the attacker be able to predict the packet number and placement of frames in packets with some amount of reliability.</t> <t>This section assumes that limiting control over datagram content is not feasible. The focus of the mitigations in subsequent sections is on limiting the ways in which datagrams that are sent prior to address validation can be used for request forgery.</t> </section> <section anchor="request-forgery-with-client-initial-packets" numbered="true" toc="default"> <name>Request Forgery with Client Initial Packets</name> <t>An attacker acting as a server can choose the IP address and port on which it advertises its availability, so Initial packets from clients are assumed to be available for use in this sort of attack. The address validation implicit in the handshake ensures that--- for a new connection--- a client will not send other types ofpacketpackets to a destination that does not understand QUIC or is not willing to accept a QUIC connection.</t> <t>Initial packet protection(Section 5.2 of <xref(<xref section="5.2" sectionFormat="of" target="QUIC-TLS" format="default"/>) makes it difficult for servers to control the content of Initial packets sent by clients. A client choosing an unpredictable Destination Connection ID ensures that servers are unable to control any of the encrypted portion of Initial packets from clients.</t> <t>However, the Token field is open to server control and does allow a server to use clients to mount request forgery attacks.UseThe use of tokens provided with the NEW_TOKEN frame (<xref target="validate-future" format="default"/>) offers the only option for request forgery during connection establishment.</t><t>Clients however<t>Clients, however, are not obligated to use the NEW_TOKEN frame. Request forgery attacks that rely on the Token field can be avoided if clients send an empty Token field when the server address has changed from when the NEW_TOKEN frame was received.</t> <t>Clients could avoid using NEW_TOKEN if the server address changes. However, not including a Token field could adversely affect performance. Servers could rely on NEW_TOKEN to enable the sending of data in excess of thethree timesthree-times limit on sending data; see <xref target="validate-handshake" format="default"/>. In particular, this affects cases where clients use 0-RTT to request data from servers.</t> <t>Sending a Retry packet (<xref target="packet-retry" format="default"/>) offers a server the option to change the Token field. After sending a Retry, the server can also control the Destination Connection ID field of subsequent Initial packets from the client. This also might allow indirect control over the encrypted content of Initial packets. However, the exchange of a Retry packet validates the server's address, thereby preventing the use of subsequent Initial packets for request forgery.</t> </section> <section anchor="forgery-spa" numbered="true" toc="default"> <name>Request Forgery with Preferred Addresses</name> <t>Servers can specify a preferred address, which clients then migrate to after confirming the handshake; see <xref target="preferred-address" format="default"/>. The Destination Connection ID field of packets that the client sends to a preferred address can be used for request forgery.</t> <t>A clientMUST NOT<bcp14>MUST NOT</bcp14> send non-probing frames to a preferred address prior to validating that address; see <xref target="address-validation" format="default"/>. This greatly reduces the options that a server has to control the encrypted portion of datagrams.</t> <t>This document does not offer any additional countermeasures that are specific to the use of preferred addresses and can be implemented by endpoints. The generic measures described in <xref target="forgery-generic" format="default"/> could be used as further mitigation.</t> </section> <section anchor="request-forgery-with-spoofed-migration" numbered="true" toc="default"> <name>Request Forgery with Spoofed Migration</name> <t>Clients are able to present a spoofed source address as part of an apparent connection migration to cause a server to send datagrams to that address.</t> <t>The Destination Connection ID field in any packets that a server subsequently sends to this spoofed address can be used for request forgery. A client might also be able to influence the ciphertext.</t> <t>A server that only sends probing packets (<xref target="probing" format="default"/>) to an address prior to address validation provides an attacker with only limited control over the encrypted portion of datagrams. However, particularly for NAT rebinding, this can adversely affect performance. If the server sends frames carrying application data, an attacker might be able to control most of the content of datagrams.</t> <t>This document does not offer specific countermeasures that can be implemented byendpointsendpoints, aside from the generic measures described in <xref target="forgery-generic" format="default"/>. However, countermeasures for address spoofing at the networklevel,level -- inparticularparticular, ingress filtering <xref target="BCP38"format="default"/>,format="default"/> -- are especially effective against attacks that use spoofing and originate from an external network.</t> </section> <section anchor="vn-spoofing" numbered="true" toc="default"> <name>Request Forgery with Version Negotiation</name> <t>Clients that are able to present a spoofed source address on a packet can cause a server to send a Version Negotiation packet<xref(<xref target="packet-version"format="default"/>format="default"/>) to that address.</t> <t>The absence of size restrictions on the connection ID fields for packets of an unknown version increases the amount of data that the client controls from the resulting datagram. The first byte of this packet is not under client control and the next four bytes are zero, but the client is able to control up to 512 bytes starting from the fifth byte.</t> <t>No specific countermeasures are provided for this attack, though generic protections<xref(<xref target="forgery-generic"format="default"/>format="default"/>) could apply. In this case, ingress filtering <xref target="BCP38" format="default"/> is also effective.</t> </section> <section anchor="forgery-generic" numbered="true" toc="default"> <name>Generic Request Forgery Countermeasures</name> <t>The most effective defense against request forgery attacks is to modify vulnerable services to use strong authentication. However, this is not always something that is within the control of a QUIC deployment. This section outlines someothersother steps that QUIC endpoints could take unilaterally. These additional steps are all discretionaryas,because, depending on circumstances, they could interfere with or prevent legitimate uses.</t> <t>Services offered over loopback interfaces often lack proper authentication. EndpointsMAY<bcp14>MAY</bcp14> prevent connection attempts or migration to a loopback address. EndpointsSHOULD NOT<bcp14>SHOULD NOT</bcp14> allow connections or migration to a loopback address if the same service was previously available at a different interface or if the address was provided by a service at a non-loopback address. Endpoints that depend on these capabilities could offer an option to disable these protections.</t> <t>Similarly, endpoints could regard a change in address to a link-local address <xref target="RFC4291" format="default"/> or an address in aprivate useprivate-use range <xref target="RFC1918" format="default"/> from a global, unique-local <xref target="RFC4193" format="default"/>, or non-private address as a potential attempt at request forgery. Endpoints could refuse to use these addresses entirely, but that carries a significant risk of interfering with legitimate uses. EndpointsSHOULD NOT<bcp14>SHOULD NOT</bcp14> refuse to use an address unless they have specific knowledge about the network indicating that sending datagrams to unvalidated addresses in a given range is not safe.</t> <t>EndpointsMAY<bcp14>MAY</bcp14> choose to reduce the risk of request forgery by not including values from NEW_TOKEN frames in Initial packets or by only sending probing frames in packets prior to completing address validation. Note that this does not prevent an attacker from using the Destination Connection ID field for an attack.</t> <t>Endpoints are not expected to have specific information about the location of servers that could be vulnerable targets of a request forgery attack. However, it might be possible over time to identify specific UDP ports that are common targets of attacks or particular patterns in datagrams that are used for attacks. EndpointsMAY<bcp14>MAY</bcp14> choose to avoid sending datagrams to these ports or not send datagrams that match these patterns prior to validating the destination address. EndpointsMAY<bcp14>MAY</bcp14> retire connection IDs containing patterns known to be problematic without using them.</t><dl> <dt> Note: </dt> <dd> <t>Modifying<aside> <t>Note: Modifying endpoints to apply these protections is more efficient than deploying network-based protections, as endpoints do not need to perform any additional processing when sending to an address that has been validated.</t></dd> </dl></aside> </section> </section> <section anchor="slowloris-attacks" numbered="true" toc="default"> <name>Slowloris Attacks</name> <t>The attacks commonly known as Slowloris(<xref<xref target="SLOWLORIS"format="default"/>)format="default"/> try to keep many connections to the target endpoint open and hold them open as long as possible. These attacks can be executed against a QUIC endpoint by generating the minimum amount of activity necessary to avoid being closed for inactivity. This might involve sending small amounts of data, gradually opening flow control windows in order to control the sender rate, or manufacturing ACK frames that simulate a high loss rate.</t> <t>QUIC deploymentsSHOULD<bcp14>SHOULD</bcp14> provide mitigations for the Slowloris attacks, such as increasing the maximum number of clients the server will allow, limiting the number of connections a single IP address is allowed to make, imposing restrictions on the minimum transfer speed a connection is allowed to have, and restricting the length of time an endpoint is allowed to stay connected.</t> </section> <section anchor="stream-fragmentation-and-reassembly-attacks" numbered="true" toc="default"> <name>Stream Fragmentation and Reassembly Attacks</name> <t>An adversarial sender might intentionally not send portions of the stream data, causing the receiver to commit resources for the unsent data. This could cause a disproportionate receive buffer memory commitment and/or the creation of a large and inefficient data structure at the receiver.</t> <t>An adversarial receiver might intentionally not acknowledge packets containing stream data in an attempt to force the sender to store the unacknowledged stream data for retransmission.</t> <t>The attack on receivers is mitigated if flow control windows correspond to available memory. However, some receivers willover-commitovercommit memory and advertise flow control offsets in the aggregate that exceed actual available memory. Theover-commitmentovercommitment strategy can lead to better performance when endpoints are well behaved, but renders endpoints vulnerable to the stream fragmentation attack.</t> <t>QUIC deploymentsSHOULD<bcp14>SHOULD</bcp14> provide mitigationsagainstfor stream fragmentation attacks. Mitigations could consist of avoidingover-committingovercommitting memory, limiting the size of tracking data structures, delaying reassembly of STREAM frames, implementing heuristics based on the age and duration of reassembly holes, or somecombination.</t>combination of these.</t> </section> <section anchor="stream-commitment-attack" numbered="true" toc="default"> <name>Stream Commitment Attack</name> <t>An adversarial endpoint can open a large number of streams, exhausting state on an endpoint. The adversarial endpoint could repeat the process on a large number of connections, in a manner similar to SYN flooding attacks in TCP.</t> <t>Normally, clients will open streams sequentially, as explained in <xref target="stream-id" format="default"/>. However, when several streams are initiated at short intervals, loss or reordering can cause STREAM frames that open streams to be received out of sequence. On receiving a higher-numbered stream ID, a receiver is required to open all intervening streams of the same type; see <xref target="stream-recv-states" format="default"/>. Thus, on a new connection, opening stream 4000000 opens 1 million and 1 client-initiated bidirectional streams.</t> <t>The number of active streams is limited by the initial_max_streams_bidi and initial_max_streams_uni transport parameters as updated by any received MAX_STREAMS frames, as explained in <xref target="controlling-concurrency" format="default"/>. If chosen judiciously, these limits mitigate the effect of the stream commitment attack. However, setting the limit too low could affect performance when applications expect to open a large number of streams.</t> </section> <section anchor="useless" numbered="true" toc="default"> <name>Peer Denial of Service</name> <t>QUIC and TLS both contain frames or messages that have legitimate uses in some contexts, butthatthese frames or messages can be abused to cause a peer to expend processing resources without having any observable impact on the state of the connection.</t> <t>Messages can also be used to change and revert state in small or inconsequential ways, such as by sending small increments to flow control limits.</t> <t>If processing costs are disproportionately large in comparison to bandwidth consumption or effect on state, then this could allow a malicious peer to exhaust processing capacity.</t> <t>While there are legitimate uses for all messages, implementationsSHOULD<bcp14>SHOULD</bcp14> track cost of processing relative to progress and treat excessive quantities of any non-productive packets as indicative of an attack. EndpointsMAY<bcp14>MAY</bcp14> respond to this condition with a connectionerror,error or by dropping packets.</t> </section> <section anchor="security-ecn" numbered="true" toc="default"> <name>Explicit Congestion Notification Attacks</name> <t>An on-path attacker could manipulate the value of ECN fields in the IP header to influence the sender's rate. <xref target="RFC3168" format="default"/> discusses manipulations and their effects in more detail.</t> <t>A limited on-path attacker can duplicate and send packets with modified ECN fields to affect the sender's rate. If duplicate packets are discarded by a receiver, an attacker will need to race the duplicate packet against the original to be successful in this attack. Therefore, QUIC endpoints ignore the ECN fieldonin an IP packet unless at least one QUIC packet in that IP packet is successfully processed; see <xref target="ecn" format="default"/>.</t> </section> <section anchor="reset-oracle" numbered="true" toc="default"> <name>Stateless Reset Oracle</name> <t>Stateless resets create a possibledenial of servicedenial-of-service attack analogous to a TCP reset injection. This attack is possible if an attacker is able to cause a stateless reset token to be generated for a connection with a selected connection ID. An attacker that can cause this token to be generated can reset an active connection with the same connection ID.</t> <t>If a packet can be routed to different instances that share a statickey,key -- forexampleexample, by changing an IP address orport,port -- then an attacker can cause the server to send a stateless reset. To defend against this style of denial of service, endpoints that share a static key for statelessresetresets (see <xref target="reset-token" format="default"/>)MUST<bcp14>MUST</bcp14> be arranged so that packets with a given connection ID always arrive at an instance that has connection state, unless that connection is no longer active.</t> <t>More generally, serversMUST NOT<bcp14>MUST NOT</bcp14> generate a stateless reset if a connection with the corresponding connection ID could be active on any endpoint using the same static key.</t> <t>In the case of a cluster that uses dynamic load balancing, it is possible that a change inload balancerload-balancer configuration could occur while an active instance retains connection state. Even if an instance retains connection state, the change in routing and resulting stateless reset will result in the connection being terminated. If there is no chance of the packet being routed to the correct instance, it is better to send a stateless reset than wait for the connection to time out. However, this is acceptable only if the routing cannot be influenced by an attacker.</t> </section> <section anchor="version-downgrade" numbered="true" toc="default"> <name>Version Downgrade</name> <t>This document defines QUIC Version Negotiation packetsin <xref(<xref target="version-negotiation"format="default"/> thatformat="default"/>), which can be used to negotiate the QUIC version used between two endpoints. However, this document does not specify how this negotiation will be performed between this version and subsequent future versions. In particular, Version Negotiation packets do not contain any mechanism to prevent version downgrade attacks. Future versions of QUIC that use Version Negotiation packetsMUST<bcp14>MUST</bcp14> define a mechanism that is robust against version downgrade attacks.</t> </section> <section anchor="targeted-attacks-by-routing" numbered="true" toc="default"> <name>Targeted Attacks by Routing</name> <t>Deployments should limit the ability of an attacker to target a new connection to a particular server instance. Ideally, routing decisions are made independently of client-selected values, including addresses. Once an instance is selected, a connection ID can be selected so that later packets are routed to the same instance.</t> </section> <section anchor="traffic-analysis" numbered="true" toc="default"> <name>Traffic Analysis</name> <t>The length of QUIC packets can reveal information about the length of the content of those packets. The PADDING frame is provided so that endpoints have some ability to obscure the length of packet content; see <xref target="frame-padding" format="default"/>.</t><t>Note however that defeating<t>Defeating traffic analysis is challenging and the subject of active research. Length is not the only way that information might leak. Endpoints might also reveal sensitive information through other side channels, such as the timing of packets.</t> </section> </section> <section anchor="iana" numbered="true" toc="default"> <name>IANA Considerations</name> <t>This document establishes several registries for the management of codepoints in QUIC. These registries operate on a common set of policies as defined in <xref target="iana-policy" format="default"/>.</t> <section anchor="iana-policy" numbered="true" toc="default"> <name>Registration Policies for QUIC Registries</name> <t>All QUIC registries allow for both provisional and permanent registration of codepoints. This section documents policies that are common to these registries.</t> <section anchor="iana-provisional" numbered="true" toc="default"> <name>Provisional Registrations</name> <t>Provisionalregistrationregistrations of codepoints are intended to allow for private use and experimentation with extensions to QUIC. Provisional registrations only require the inclusion of the codepoint value and contact information. However, provisional registrations could be reclaimed and reassigned for another purpose.</t> <t>Provisional registrations require Expert Review, as defined inSection 4.5 of<xref section="4.5" sectionFormat="of" target="RFC8126" format="default"/>.Designated expert(s)The designated expert or experts are advised that only registrations for an excessive proportion of remaining codepoint space or the very first unassigned value (see <xref target="iana-random" format="default"/>) can be rejected.</t> <t>Provisional registrations will include adateDate field that indicates when the registration was last updated. A request to update the date on any provisional registration can be made without review from the designated expert(s).</t> <t>All QUIC registries include the following fields to support provisional registration:</t><dl> <dt> Value: </dt><dl spacing="compact"> <dt>Value:</dt> <dd> <t>The assigned codepoint.</t> </dd><dt> Status: </dt><dt>Status:</dt> <dd> <t>"Permanent" or "Provisional".</t> </dd><dt> Specification: </dt><dt>Specification:</dt> <dd> <t>A reference to a publicly available specification for the value.</t> </dd><dt> Date: </dt><dt>Date:</dt> <dd> <t>The date of the last update to the registration.</t> </dd><dt> Change Controller: </dt><dt>Change Controller:</dt> <dd> <t>The entity that is responsible for the definition of the registration.</t> </dd><dt> Contact: </dt><dt>Contact:</dt> <dd> <t>Contact details for the registrant.</t> </dd><dt> Notes: </dt><dt>Notes:</dt> <dd> <t>Supplementary notes about the registration.</t> </dd> </dl> <t>Provisional registrationsMAY<bcp14>MAY</bcp14> omit the Specification and Notes fields, plus any additional fields that might be required for a permanent registration. The Date field is not required as part of requesting aregistrationregistration, as it is set to the date the registration is created or updated.</t> </section> <section anchor="iana-random" numbered="true" toc="default"> <name>Selecting Codepoints</name> <t>Newuses ofrequests for codepoints from QUIC registriesSHOULD<bcp14>SHOULD</bcp14> use a randomly selected codepoint that excludes both existing allocations and the first unallocated codepoint in the selected space. Requests for multiple codepointsMAY<bcp14>MAY</bcp14> use a contiguous range. This minimizes the risk that differing semantics are attributed to the same codepoint by different implementations.</t><t>Use<t>The use of the first unassigned codepoint is reserved for allocation using the Standards Action policy; seeSection 4.9 of<xref section="4.9" sectionFormat="of" target="RFC8126" format="default"/>. The early codepoint assignment process <xref target="EARLY-ASSIGN" format="default"/> can be used for these values.</t> <t>For codepoints that are encoded in variable-length integers (<xref target="integer-encoding" format="default"/>), such as frame types, codepoints that encode to four or eight bytes (that is, values2^142<sup>14</sup> and above)SHOULD<bcp14>SHOULD</bcp14> be used unless the usage is especially sensitive to having a longer encoding.</t> <t>Applications to register codepoints in QUIC registriesMAY<bcp14>MAY</bcp14> include a requested codepoint as part of the registration. IANAMUST<bcp14>MUST</bcp14> allocate the selected codepoint if the codepoint is unassigned and the requirements of the registration policy are met.</t> </section> <section anchor="reclaiming-provisional-codepoints" numbered="true" toc="default"> <name>Reclaiming Provisional Codepoints</name> <t>A request might be made to remove an unused provisional registration from the registry to reclaim space in a registry, or a portion of the registry (such as the 64-16383 range for codepoints that use variable-length encodings). ThisSHOULD<bcp14>SHOULD</bcp14> be done only for the codepoints with the earliest recordeddatedate, and entries that have been updated less than a year priorSHOULD NOT<bcp14>SHOULD NOT</bcp14> be reclaimed.</t> <t>A request to remove a codepointMUST<bcp14>MUST</bcp14> be reviewed by the designatedexpert(s).experts. Theexpert(s) MUSTexperts <bcp14>MUST</bcp14> attempt to determine whether the codepoint is still in use. Experts are advised to contact the listed contacts for the registration, plus as wide a set of protocol implementers as possible in order to determine whether any use of the codepoint is known. Theexpert(s)experts are also advised to allow at least four weeks for responses.</t> <t>If any use of the codepoints is identified by this search or a request to update the registration is made, the codepointMUST NOT<bcp14>MUST NOT</bcp14> be reclaimed. Instead, the date on the registration is updated. A note might be added for the registration recording relevant information that was learned.</t> <t>If no use of the codepoint was identified and no request was made to update the registration, the codepointMAY<bcp14>MAY</bcp14> be removed from the registry.</t> <t>This review and consultation process also applies to requests to change a provisional registration into a permanent registration, except that the goal is not to determine whether there is no use of thecodepoint,codepoint but to determine that the registration is an accurate representation of any deployed usage.</t> </section> <section anchor="iana-permanent" numbered="true" toc="default"> <name>Permanent Registrations</name> <t>Permanent registrations in QUIC registries use the Specification Required policy (<xref section="4.6" sectionFormat="of" target="RFC8126" format="default"/>), unless otherwise specified. The designatedexpert(s)expert or experts verify that a specification exists and is readily accessible.Expert(s)Experts are encouraged to be biased towards approving registrations unless they are abusive, frivolous, or actively harmful (not merely aestheticallydispleasing,displeasing or architecturally dubious). The creation of a registryMAY<bcp14>MAY</bcp14> specify additional constraints on permanent registrations.</t> <t>The creation of a registryMAY<bcp14>MAY</bcp14> identify a range of codepoints where registrations are governed by a different registration policy. For instance, theframe type"QUIC Frame Types" registryin <xref(<xref target="iana-frames"format="default"/>format="default"/>) has a stricter policy for codepoints in the range from 0 to 63.</t> <t>Any stricter requirements for permanent registrations do not prevent provisional registrations for affected codepoints. For instance, a provisional registration for a frame type of 61 could be requested.</t> <t>All registrations made by Standards Track publicationsMUST<bcp14>MUST</bcp14> be permanent.</t> <t>All registrations in this document are assigned a permanent status and list a change controller of the IETF and a contact of the QUICworking groupWorking Group (quic@ietf.org).</t> </section> </section> <section anchor="iana-version" numbered="true" toc="default"> <name>QUIC Versions Registry</name> <t>IANA[SHALL add/has added]has added a registry for "QUIC Versions" under a "QUIC" heading.</t> <t>The "QUIC Versions" registry governs a 32-bit space; see <xref target="versions" format="default"/>. This registry follows the registration policy from <xref target="iana-policy" format="default"/>. Permanent registrations in this registry are assigned using the Specification Required policy (<xref section="4.6" sectionFormat="of" target="RFC8126" format="default"/>).</t> <t>The codepoint of 0x00000001tofor the protocol is assigned with permanent status to the protocol defined in this document. The codepoint of 0x00000000 is permanently reserved; the note for this codepoint[shall] indicate[s]indicates that this version is reserved forVersion Negotiation.</t>version negotiation.</t> <t>All codepoints that follow the pattern 0x?a?a?a?a arereserved and MUST NOTreserved, <bcp14>MUST NOT</bcp14> be assigned byIANAIANA, andMUST NOT<bcp14>MUST NOT</bcp14> appear in the listing of assigned values.</t><t>[[RFC editor: please remove the following note before publication.]]</t> <dl> <dt> IANA note: </dt> <dd> <t>Several pre-standardization versions will likely be in use at the time of publication. There is no need to document these in an RFC, but recording information about these version will ensure that the information in the registry is accurate. The document editors or working group chairs can facilitate getting the necessary information.</t> </dd> </dl></section> <section anchor="iana-transport-parameters" numbered="true" toc="default"> <name>QUIC TransportParameterParameters Registry</name> <t>IANA[SHALL add/has added]has added a registry for "QUIC Transport Parameters" under a "QUIC" heading.</t> <t>The "QUIC Transport Parameters" registry governs a 62-bit space. This registry follows the registration policy from <xref target="iana-policy" format="default"/>. Permanent registrations in this registry are assigned using the Specification Required policy (<xref section="4.6" sectionFormat="of" target="RFC8126"format="default"/>).</t>format="default"/>), except for values between 0x00 and 0x3f (in hexadecimal), inclusive, which are assigned using Standards Action or IESG Approval as defined in Sections <xref target="RFC8126" section="4.9" sectionFormat="bare" format="default"/> and <xref target="RFC8126" section="4.10" sectionFormat="bare" format="default"/> of <xref target="RFC8126" format="default"/>.</t> <t>In addition to the fields listed in <xref target="iana-provisional" format="default"/>, permanent registrations in this registryMUST<bcp14>MUST</bcp14> include the following field:</t> <dl><dt> Parameter Name: </dt><dt>Parameter Name:</dt> <dd> <t>A short mnemonic for the parameter.</t> </dd> </dl> <t>The initial contents of this registry are shown in <xref target="iana-tp-table" format="default"/>.</t> <table anchor="iana-tp-table" align="center"> <name>Initial QUIC Transport Parameters Registry Entries</name> <thead> <tr> <th align="left">Value</th> <th align="left">Parameter Name</th> <th align="left">Specification</th> </tr> </thead> <tbody> <tr> <td align="left">0x00</td> <td align="left">original_destination_connection_id</td> <tdalign="left"> <xrefalign="left"><xref target="transport-parameter-definitions" format="default"/></td> </tr> <tr> <td align="left">0x01</td> <td align="left">max_idle_timeout</td> <tdalign="left"> <xrefalign="left"><xref target="transport-parameter-definitions" format="default"/></td> </tr> <tr> <td align="left">0x02</td> <td align="left">stateless_reset_token</td> <tdalign="left"> <xrefalign="left"><xref target="transport-parameter-definitions" format="default"/></td> </tr> <tr> <td align="left">0x03</td> <td align="left">max_udp_payload_size</td> <tdalign="left"> <xrefalign="left"><xref target="transport-parameter-definitions" format="default"/></td> </tr> <tr> <td align="left">0x04</td> <td align="left">initial_max_data</td> <tdalign="left"> <xrefalign="left"><xref target="transport-parameter-definitions" format="default"/></td> </tr> <tr> <td align="left">0x05</td> <td align="left">initial_max_stream_data_bidi_local</td> <tdalign="left"> <xrefalign="left"><xref target="transport-parameter-definitions" format="default"/></td> </tr> <tr> <td align="left">0x06</td> <td align="left">initial_max_stream_data_bidi_remote</td> <tdalign="left"> <xrefalign="left"><xref target="transport-parameter-definitions" format="default"/></td> </tr> <tr> <td align="left">0x07</td> <td align="left">initial_max_stream_data_uni</td> <tdalign="left"> <xrefalign="left"><xref target="transport-parameter-definitions" format="default"/></td> </tr> <tr> <td align="left">0x08</td> <td align="left">initial_max_streams_bidi</td> <tdalign="left"> <xrefalign="left"><xref target="transport-parameter-definitions" format="default"/></td> </tr> <tr> <td align="left">0x09</td> <td align="left">initial_max_streams_uni</td> <tdalign="left"> <xrefalign="left"><xref target="transport-parameter-definitions" format="default"/></td> </tr> <tr> <td align="left">0x0a</td> <td align="left">ack_delay_exponent</td> <tdalign="left"> <xrefalign="left"><xref target="transport-parameter-definitions" format="default"/></td> </tr> <tr> <td align="left">0x0b</td> <td align="left">max_ack_delay</td> <tdalign="left"> <xrefalign="left"><xref target="transport-parameter-definitions" format="default"/></td> </tr> <tr> <td align="left">0x0c</td> <td align="left">disable_active_migration</td> <tdalign="left"> <xrefalign="left"><xref target="transport-parameter-definitions" format="default"/></td> </tr> <tr> <td align="left">0x0d</td> <td align="left">preferred_address</td> <tdalign="left"> <xrefalign="left"><xref target="transport-parameter-definitions" format="default"/></td> </tr> <tr> <td align="left">0x0e</td> <td align="left">active_connection_id_limit</td> <tdalign="left"> <xrefalign="left"><xref target="transport-parameter-definitions" format="default"/></td> </tr> <tr> <td align="left">0x0f</td> <td align="left">initial_source_connection_id</td> <tdalign="left"> <xrefalign="left"><xref target="transport-parameter-definitions" format="default"/></td> </tr> <tr> <td align="left">0x10</td> <td align="left">retry_source_connection_id</td> <tdalign="left"> <xrefalign="left"><xref target="transport-parameter-definitions" format="default"/></td> </tr> </tbody> </table> <t>Each value of theformatform <tt>31 * N + 27</tt> for integer values of N (that is, 27, 58, 89, ...) are reserved; these valuesMUST NOT<bcp14>MUST NOT</bcp14> be assigned by IANA andMUST NOT<bcp14>MUST NOT</bcp14> appear in the listing of assigned values.</t> </section> <section anchor="iana-frames" numbered="true" toc="default"> <name>QUIC Frame Types Registry</name> <t>IANA[SHALL add/has added]has added a registry for "QUIC Frame Types" under a "QUIC" heading.</t> <t>The "QUIC Frame Types" registry governs a 62-bit space. This registry follows the registration policy from <xref target="iana-policy" format="default"/>. Permanent registrations in this registry are assigned using the Specification Required policy (<xref section="4.6" sectionFormat="of" target="RFC8126" format="default"/>), except for values between 0x00 and 0x3f (inhexadecimal; inclusive),hexadecimal), inclusive, which are assigned using Standards Action or IESG Approval as defined inSection 4.9Sections <xref target="RFC8126" section="4.9" sectionFormat="bare" format="default"/> and4.10<xref target="RFC8126" section="4.10" sectionFormat="bare" format="default"/> of <xref target="RFC8126" format="default"/>.</t> <t>In addition to the fields listed in <xref target="iana-provisional" format="default"/>, permanent registrations in this registryMUST<bcp14>MUST</bcp14> include the following field:</t> <dl><dt> Frame Name: </dt><dt>Frame Type Name:</dt> <dd> <t>A short mnemonic for the frame type.</t> </dd> </dl> <t>In addition to the advice in <xref target="iana-policy" format="default"/>, specifications for new permanent registrationsSHOULD<bcp14>SHOULD</bcp14> describe the means by which an endpoint might determine that it can send the identified type of frame. An accompanying transport parameter registration is expected for most registrations; see <xref target="iana-transport-parameters" format="default"/>. Specifications for permanent registrations also need to describe the format and assigned semantics of any fields in the frame.</t> <t>The initial contents of this registry are tabulated in <xref target="frame-types" format="default"/>. Note that the registry does not include the "Pkts" and "Spec" columns from <xref target="frame-types" format="default"/>.</t> </section> <section anchor="iana-error-codes" numbered="true" toc="default"> <name>QUIC Transport Error Codes Registry</name> <t>IANA[SHALL add/has added]has added a registry for "QUIC Transport Error Codes" under a "QUIC" heading.</t> <t>The "QUIC Transport Error Codes" registry governs a 62-bit space. This space is split into threeregionsranges that are governed by different policies. Permanent registrations in this registry are assigned using the Specification Required policy (<xref section="4.6" sectionFormat="of" target="RFC8126" format="default"/>), except for values between 0x00 and 0x3f (inhexadecimal; inclusive),hexadecimal), inclusive, which are assigned using Standards Action or IESG Approval as defined inSection 4.9Sections <xref target="RFC8126" section="4.9" sectionFormat="bare" format="default"/> and4.10<xref target="RFC8126" section="4.10" sectionFormat="bare" format="default"/> of <xref target="RFC8126" format="default"/>.</t> <t>In addition to the fields listed in <xref target="iana-provisional" format="default"/>, permanent registrations in this registryMUST<bcp14>MUST</bcp14> include the following fields:</t> <dl><dt> Code: </dt><dt>Code:</dt> <dd> <t>A short mnemonic for the parameter.</t> </dd><dt> Description: </dt><dt>Description:</dt> <dd> <t>A brief description of the error code semantics, whichMAY<bcp14>MAY</bcp14> be a summary if a specification reference is provided.</t> </dd> </dl> <t>The initial contents of this registry are shown in <xref target="iana-error-table" format="default"/>.</t> <table anchor="iana-error-table" align="center"> <name>Initial QUIC Transport Error Codes Registry Entries</name> <thead> <tr> <th align="left">Value</th> <th align="left">Code</th> <th align="left">Description</th> <th align="left">Specification</th> </tr> </thead> <tbody> <tr> <tdalign="left">0x0</td>align="left">0x00</td> <td align="left">NO_ERROR</td> <td align="left">No error</td> <tdalign="left"> <xrefalign="left"><xref target="error-codes" format="default"/></td> </tr> <tr> <tdalign="left">0x1</td>align="left">0x01</td> <td align="left">INTERNAL_ERROR</td> <td align="left">Implementation error</td> <tdalign="left"> <xrefalign="left"><xref target="error-codes" format="default"/></td> </tr> <tr> <tdalign="left">0x2</td>align="left">0x02</td> <td align="left">CONNECTION_REFUSED</td> <td align="left">Server refuses a connection</td> <tdalign="left"> <xrefalign="left"><xref target="error-codes" format="default"/></td> </tr> <tr> <tdalign="left">0x3</td>align="left">0x03</td> <td align="left">FLOW_CONTROL_ERROR</td> <td align="left">Flow control error</td> <tdalign="left"> <xrefalign="left"><xref target="error-codes" format="default"/></td> </tr> <tr> <tdalign="left">0x4</td>align="left">0x04</td> <td align="left">STREAM_LIMIT_ERROR</td> <td align="left">Too many streams opened</td> <tdalign="left"> <xrefalign="left"><xref target="error-codes" format="default"/></td> </tr> <tr> <tdalign="left">0x5</td>align="left">0x05</td> <td align="left">STREAM_STATE_ERROR</td> <td align="left">Frame received in invalid stream state</td> <tdalign="left"> <xrefalign="left"><xref target="error-codes" format="default"/></td> </tr> <tr> <tdalign="left">0x6</td>align="left">0x06</td> <td align="left">FINAL_SIZE_ERROR</td> <td align="left">Change to final size</td> <tdalign="left"> <xrefalign="left"><xref target="error-codes" format="default"/></td> </tr> <tr> <tdalign="left">0x7</td>align="left">0x07</td> <td align="left">FRAME_ENCODING_ERROR</td> <td align="left">Frame encoding error</td> <tdalign="left"> <xrefalign="left"><xref target="error-codes" format="default"/></td> </tr> <tr> <tdalign="left">0x8</td>align="left">0x08</td> <td align="left">TRANSPORT_PARAMETER_ERROR</td> <td align="left">Error in transport parameters</td> <tdalign="left"> <xrefalign="left"><xref target="error-codes" format="default"/></td> </tr> <tr> <tdalign="left">0x9</td>align="left">0x09</td> <td align="left">CONNECTION_ID_LIMIT_ERROR</td> <td align="left">Too many connection IDs received</td> <tdalign="left"> <xrefalign="left"><xref target="error-codes" format="default"/></td> </tr> <tr> <tdalign="left">0xa</td>align="left">0x0a</td> <td align="left">PROTOCOL_VIOLATION</td> <td align="left">Generic protocol violation</td> <tdalign="left"> <xrefalign="left"><xref target="error-codes" format="default"/></td> </tr> <tr> <tdalign="left">0xb</td>align="left">0x0b</td> <td align="left">INVALID_TOKEN</td> <td align="left">Invalid TokenReceived</td>received</td> <tdalign="left"> <xrefalign="left"><xref target="error-codes" format="default"/></td> </tr> <tr> <tdalign="left">0xc</td>align="left">0x0c</td> <td align="left">APPLICATION_ERROR</td> <td align="left">Application error</td> <tdalign="left"> <xrefalign="left"><xref target="error-codes" format="default"/></td> </tr> <tr> <tdalign="left">0xd</td>align="left">0x0d</td> <td align="left">CRYPTO_BUFFER_EXCEEDED</td> <td align="left">CRYPTO data buffer overflowed</td> <tdalign="left"> <xrefalign="left"><xref target="error-codes" format="default"/></td> </tr> <tr> <tdalign="left">0xe</td>align="left">0x0e</td> <td align="left">KEY_UPDATE_ERROR</td> <td align="left">Invalid packet protection update</td> <tdalign="left"> <xrefalign="left"><xref target="error-codes" format="default"/></td> </tr> <tr> <tdalign="left">0xf</td>align="left">0x0f</td> <td align="left">AEAD_LIMIT_REACHED</td> <td align="left">Excessive use of packet protection keys</td> <tdalign="left"> <xrefalign="left"><xref target="error-codes" format="default"/></td> </tr> <tr> <td align="left">0x10</td> <td align="left">NO_VIABLE_PATH</td> <td align="left">No viable network path exists</td> <tdalign="left"> <xrefalign="left"><xref target="error-codes" format="default"/></td> </tr> <tr> <td align="left">0x0100-​0x01ff</td> <td align="left">CRYPTO_ERROR</td> <td align="left">TLS alert code</td> <td align="left"><xref target="error-codes" format="default"/></td> </tr> </tbody> </table> </section> </section> </middle> <back> <references> <name>References</name> <references> <name>Normative References</name> <referenceanchor="QUIC-INVARIANTS">anchor="QUIC-INVARIANTS" target="https://www.rfc-editor.org/info/rfc8999"> <front> <title>Version-Independent Properties of QUIC</title> <author initials="M." surname="Thomson" fullname="Martin Thomson"> <organization>Mozilla</organization> </author> <date year="2021"month="January" day="15"/>month="May"/> </front> <seriesInfoname="Internet-Draft" value="draft-ietf-quic-invariants-13"/>name="RFC" value="8999"/> <seriesInfo name="DOI" value="10.17487/RFC8999"/> </reference> <referenceanchor="QUIC-RECOVERY">anchor="QUIC-RECOVERY" target="https://www.rfc-editor.org/info/rfc9002"> <front> <title>QUIC Loss Detection and Congestion Control</title> <author initials="J." surname="Iyengar" fullname="Jana Iyengar" role="editor"> <organization>Fastly</organization> </author> <author initials="I." surname="Swett" fullname="Ian Swett" role="editor"> <organization>Google</organization> </author> <date year="2021"month="January" day="15"/>month="May"/> </front> <seriesInfoname="Internet-Draft" value="draft-ietf-quic-recovery-34"/>name="RFC" value="9002"/> <seriesInfo name="DOI" value="10.17487/RFC9002"/> </reference> <referenceanchor="QUIC-TLS">anchor="QUIC-TLS" target="https://www.rfc-editor.org/info/rfc9001"> <front> <title>UsingTransport Layer Security (TLS)TLS to Secure QUIC</title> <author initials="M." surname="Thomson" fullname="Martin Thomson" role="editor"> <organization>Mozilla</organization> </author> <author initials="S." surname="Turner" fullname="Sean Turner" role="editor"> <organization>sn3rd</organization> </author> <date year="2021"month="January" day="15"/>month="May"/> </front> <seriesInfoname="Internet-Draft" value="draft-ietf-quic-tls-34"/>name="RFC" value="9001"/> <seriesInfo name="DOI" value="10.17487/RFC9001"/> </reference> <reference anchor="TLS13" target="https://www.rfc-editor.org/info/rfc8446"> <front> <title>The Transport Layer Security (TLS) Protocol Version 1.3</title> <authorinitials="E." surname="Rescorla"fullname="E.Rescorla">Rescorla" initials="E." surname="Rescorla"> <organization/> </author> <dateyear="2018" month="August"/>month="August" year="2018"/> <abstract> <t>This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t> <t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.</t> </abstract> </front> <seriesInfo name="RFC" value="8446"/> <seriesInfo name="DOI" value="10.17487/RFC8446"/> </reference> <referenceanchor="UDP" target="https://www.rfc-editor.org/info/rfc768">anchor="RFC8126" target="https://www.rfc-editor.org/info/rfc8126"> <front><title>User Datagram Protocol</title><title>Guidelines for Writing an IANA Considerations Section in RFCs</title> <authorinitials="J." surname="Postel" fullname="J. Postel">fullname="M. Cotton" initials="M." surname="Cotton"> <organization/> </author><date year="1980" month="August"/> </front> <seriesInfo name="STD" value="6"/> <seriesInfo<author fullname="B. Leiba" initials="B." surname="Leiba"> <organization/> </author> <author fullname="T. Narten" initials="T." surname="Narten"> <organization/> </author> <date month="June" year="2017"/> <abstract> <t>Many protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA).</t> <t>To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry.</t> <t>This is the third edition of this document; it obsoletes RFC 5226.</t> </abstract> </front> <seriesInfo name="BCP" value="26"/> <seriesInfo name="RFC" value="8126"/> <seriesInfo name="DOI" value="10.17487/RFC8126"/> </reference> <reference anchor="UDP" target="https://www.rfc-editor.org/info/rfc768"> <front> <title>User Datagram Protocol</title> <author fullname="J. Postel" initials="J." surname="Postel"> <organization/> </author> <date month="August" year="1980"/> </front> <seriesInfo name="STD" value="6"/> <seriesInfo name="RFC" value="768"/> <seriesInfo name="DOI" value="10.17487/RFC0768"/> </reference> <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2119"> <front> <title>Key words for use in RFCs to Indicate Requirement Levels</title> <authorinitials="S." surname="Bradner"fullname="S.Bradner">Bradner" initials="S." surname="Bradner"> <organization/> </author> <dateyear="1997" month="March"/>month="March" year="1997"/> <abstract> <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t> </abstract> </front> <seriesInfo name="BCP" value="14"/> <seriesInfo name="RFC" value="2119"/> <seriesInfo name="DOI" value="10.17487/RFC2119"/> </reference> <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8174"> <front> <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title> <authorinitials="B." surname="Leiba"fullname="B.Leiba">Leiba" initials="B." surname="Leiba"> <organization/> </author> <dateyear="2017" month="May"/>month="May" year="2017"/> <abstract> <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t> </abstract> </front> <seriesInfo name="BCP" value="14"/> <seriesInfo name="RFC" value="8174"/> <seriesInfo name="DOI" value="10.17487/RFC8174"/> </reference> <reference anchor="RFC6437" target="https://www.rfc-editor.org/info/rfc6437"> <front> <title>IPv6 Flow Label Specification</title> <authorinitials="S." surname="Amante"fullname="S.Amante">Amante" initials="S." surname="Amante"> <organization/> </author> <authorinitials="B." surname="Carpenter"fullname="B.Carpenter">Carpenter" initials="B." surname="Carpenter"> <organization/> </author> <authorinitials="S." surname="Jiang"fullname="S.Jiang">Jiang" initials="S." surname="Jiang"> <organization/> </author> <authorinitials="J." surname="Rajahalme"fullname="J.Rajahalme">Rajahalme" initials="J." surname="Rajahalme"> <organization/> </author> <dateyear="2011" month="November"/>month="November" year="2011"/> <abstract> <t>This document specifies the IPv6 Flow Label field and the minimum requirements for IPv6 nodes labeling flows, IPv6 nodes forwarding labeled packets, and flow state establishment methods. Even when mentioned as examples of possible uses of the flow labeling, more detailed requirements for specific use cases are out of the scope for this document.</t> <t>The usage of the Flow Label field enables efficient IPv6 flow classification based only on IPv6 main header fields in fixed positions. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="6437"/> <seriesInfo name="DOI" value="10.17487/RFC6437"/> </reference> <reference anchor="RFC3168" target="https://www.rfc-editor.org/info/rfc3168"> <front> <title>The Addition of Explicit Congestion Notification (ECN) to IP</title> <authorinitials="K." surname="Ramakrishnan"fullname="K.Ramakrishnan">Ramakrishnan" initials="K." surname="Ramakrishnan"> <organization/> </author> <authorinitials="S." surname="Floyd"fullname="S.Floyd">Floyd" initials="S." surname="Floyd"> <organization/> </author> <authorinitials="D." surname="Black"fullname="D.Black">Black" initials="D." surname="Black"> <organization/> </author> <dateyear="2001" month="September"/>month="September" year="2001"/> <abstract> <t>This memo specifies the incorporation of ECN (Explicit Congestion Notification) to TCP and IP, including ECN's use of two bits in the IP header. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="3168"/> <seriesInfo name="DOI" value="10.17487/RFC3168"/> </reference> <reference anchor="RFC8311" target="https://www.rfc-editor.org/info/rfc8311"> <front> <title>Relaxing Restrictions on Explicit Congestion Notification (ECN) Experimentation</title> <authorinitials="D." surname="Black"fullname="D.Black">Black" initials="D." surname="Black"> <organization/> </author> <dateyear="2018" month="January"/>month="January" year="2018"/> <abstract> <t>This memo updates RFC 3168, which specifies Explicit Congestion Notification (ECN) as an alternative to packet drops for indicating network congestion to endpoints. It relaxes restrictions in RFC 3168 that hinder experimentation towards benefits beyond just removal of loss. This memo summarizes the anticipated areas of experimentation and updates RFC 3168 to enable experimentation in these areas. An Experimental RFC in the IETF document stream is required to take advantage of any of these enabling updates. In addition, this memo makes related updates to the ECN specifications for RTP in RFC 6679 and for the Datagram Congestion Control Protocol (DCCP) in RFCs 4341, 4342, and 5622. This memo also records the conclusion of the ECN nonce experiment in RFC 3540 and provides the rationale for reclassification of RFC 3540 from Experimental to Historic; this reclassification enables new experimental use of the ECT(1) codepoint.</t> </abstract> </front> <seriesInfo name="RFC" value="8311"/> <seriesInfo name="DOI" value="10.17487/RFC8311"/> </reference> <reference anchor="IPv4" target="https://www.rfc-editor.org/info/rfc791"> <front> <title>Internet Protocol</title> <authorinitials="J." surname="Postel"fullname="J.Postel">Postel" initials="J." surname="Postel"> <organization/> </author> <dateyear="1981" month="September"/>month="September" year="1981"/> </front> <seriesInfo name="STD" value="5"/> <seriesInfo name="RFC" value="791"/> <seriesInfo name="DOI" value="10.17487/RFC0791"/> </reference> <reference anchor="RFC8085" target="https://www.rfc-editor.org/info/rfc8085"> <front> <title>UDP Usage Guidelines</title> <authorinitials="L." surname="Eggert"fullname="L.Eggert">Eggert" initials="L." surname="Eggert"> <organization/> </author> <authorinitials="G." surname="Fairhurst"fullname="G.Fairhurst">Fairhurst" initials="G." surname="Fairhurst"> <organization/> </author> <authorinitials="G." surname="Shepherd"fullname="G.Shepherd">Shepherd" initials="G." surname="Shepherd"> <organization/> </author> <dateyear="2017" month="March"/>month="March" year="2017"/> <abstract> <t>The User Datagram Protocol (UDP) provides a minimal message-passing transport that has no inherent congestion control mechanisms. This document provides guidelines on the use of UDP for the designers of applications, tunnels, and other protocols that use UDP. Congestion control guidelines are a primary focus, but the document also provides guidance on other topics, including message sizes, reliability, checksums, middlebox traversal, the use of Explicit Congestion Notification (ECN), Differentiated Services Code Points (DSCPs), and ports.</t> <t>Because congestion control is critical to the stable operation of the Internet, applications and other protocols that choose to use UDP as an Internet transport must employ mechanisms to prevent congestion collapse and to establish some degree of fairness with concurrent traffic. They may also need to implement additional mechanisms, depending on how they use UDP.</t> <t>Some guidance is also applicable to the design of other protocols (e.g., protocols layered directly on IP or via IP-based tunnels), especially when these protocols do not themselves provide congestion control.</t> <t>This document obsoletes RFC 5405 and adds guidelines for multicast UDP usage.</t> </abstract> </front> <seriesInfo name="BCP" value="145"/> <seriesInfo name="RFC" value="8085"/> <seriesInfo name="DOI" value="10.17487/RFC8085"/> </reference> <reference anchor="RFC1191" target="https://www.rfc-editor.org/info/rfc1191"> <front> <title>Path MTU discovery</title> <authorinitials="J.C." surname="Mogul"fullname="J.C.Mogul">Mogul" initials="J.C." surname="Mogul"> <organization/> </author> <authorinitials="S.E." surname="Deering"fullname="S.E.Deering">Deering" initials="S.E." surname="Deering"> <organization/> </author> <dateyear="1990" month="November"/>month="November" year="1990"/> <abstract> <t>This memo describes a technique for dynamically discovering the maximum transmission unit (MTU) of an arbitrary internet path. It specifies a small change to the way routers generate one type of ICMP message. For a path that passes through a router that has not been so changed, this technique might not discover the correct Path MTU, but it will always choose a Path MTU as accurate as, and in many cases more accurate than, the Path MTU that would be chosen by current practice. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="1191"/> <seriesInfo name="DOI" value="10.17487/RFC1191"/> </reference> <reference anchor="RFC8201" target="https://www.rfc-editor.org/info/rfc8201"> <front> <title>Path MTU Discovery for IP version 6</title> <authorinitials="J." surname="McCann"fullname="J.McCann">McCann" initials="J." surname="McCann"> <organization/> </author> <authorinitials="S." surname="Deering"fullname="S.Deering">Deering" initials="S." surname="Deering"> <organization/> </author> <authorinitials="J." surname="Mogul"fullname="J.Mogul">Mogul" initials="J." surname="Mogul"> <organization/> </author> <authorinitials="R." surname="Hinden"fullname="R. Hinden"role="editor">initials="R." role="editor" surname="Hinden"> <organization/> </author> <dateyear="2017" month="July"/>month="July" year="2017"/> <abstract> <t>This document describes Path MTU Discovery (PMTUD) for IP version 6. It is largely derived from RFC 1191, which describes Path MTU Discovery for IP version 4. It obsoletes RFC 1981.</t> </abstract> </front> <seriesInfo name="STD" value="87"/> <seriesInfo name="RFC" value="8201"/> <seriesInfo name="DOI" value="10.17487/RFC8201"/> </reference> <reference anchor="DPLPMTUD" target="https://www.rfc-editor.org/info/rfc8899"> <front> <title>Packetization Layer Path MTU Discovery for Datagram Transports</title> <authorinitials="G." surname="Fairhurst"fullname="G.Fairhurst">Fairhurst" initials="G." surname="Fairhurst"> <organization/> </author> <authorinitials="T." surname="Jones"fullname="T.Jones">Jones" initials="T." surname="Jones"> <organization/> </author> <authorinitials="M." surname="Tüxen"fullname="M.Tüxen">Tüxen" initials="M." surname="Tüxen"> <organization/> </author> <authorinitials="I." surname="Rüngeler"fullname="I.Rüngeler">Rüngeler" initials="I." surname="Rüngeler"> <organization/> </author> <authorinitials="T." surname="Völker"fullname="T.Völker">Völker" initials="T." surname="Völker"> <organization/> </author> <dateyear="2020" month="September"/>month="September" year="2020"/> <abstract> <t>This document specifies Datagram Packetization Layer Path MTU Discovery (DPLPMTUD). This is a robust method for Path MTU Discovery (PMTUD) for datagram Packetization Layers (PLs). It allows a PL, or a datagram application that uses a PL, to discover whether a network path can support the current size of datagram. This can be used to detect and reduce the message size when a sender encounters a packet black hole. It can also probe a network path to discover whether the maximum packet size can be increased. This provides functionality for datagram transports that is equivalent to the PLPMTUD specification for TCP, specified in RFC 4821, which it updates. It also updates the UDP Usage Guidelines to refer to this method for use with UDP datagrams and updates SCTP.</t> <t>The document provides implementation notes for incorporating Datagram PMTUD into IETF datagram transports or applications that use datagram transports.</t> <t>This specification updates RFC 4960, RFC 4821, RFC 6951, RFC 8085, and RFC 8261.</t> </abstract> </front> <seriesInfo name="RFC" value="8899"/> <seriesInfo name="DOI" value="10.17487/RFC8899"/> </reference> <reference anchor="RFC3629" target="https://www.rfc-editor.org/info/rfc3629"> <front> <title>UTF-8, a transformation format of ISO 10646</title> <authorinitials="F." surname="Yergeau"fullname="F.Yergeau">Yergeau" initials="F." surname="Yergeau"> <organization/> </author> <dateyear="2003" month="November"/>month="November" year="2003"/> <abstract> <t>ISO/IEC 10646-1 defines a large character set called the Universal Character Set (UCS) which encompasses most of the world's writing systems. The originally proposed encodings of the UCS, however, were not compatible with many current applications and protocols, and this has led to the development of UTF-8, the object of this memo. UTF-8 has the characteristic of preserving the full US-ASCII range, providing compatibility with file systems, parsers and other software that rely on US-ASCII values but are transparent to other values. This memo obsoletes and replaces RFC 2279.</t> </abstract> </front> <seriesInfo name="STD" value="63"/> <seriesInfo name="RFC" value="3629"/> <seriesInfo name="DOI" value="10.17487/RFC3629"/> </reference><reference<referencegroup anchor="BCP38" target="https://www.rfc-editor.org/info/bcp38"> <reference anchor="RFC2827" target="https://www.rfc-editor.org/info/rfc2827"> <front> <title>Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing</title> <authorinitials="P." surname="Ferguson"fullname="P.Ferguson">Ferguson" initials="P." surname="Ferguson"> <organization/> </author> <authorinitials="D." surname="Senie"fullname="D.Senie">Senie" initials="D." surname="Senie"> <organization/> </author> <dateyear="2000" month="May"/>month="May" year="2000"/> <abstract> <t>This paper discusses a simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS (Denial of Service) attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t> </abstract> </front> <seriesInfo name="BCP" value="38"/> <seriesInfo name="RFC" value="2827"/> <seriesInfo name="DOI" value="10.17487/RFC2827"/> </reference><reference anchor="RFC8126" target="https://www.rfc-editor.org/info/rfc8126"> <front> <title>Guidelines for Writing an IANA Considerations Section in RFCs</title> <author initials="M." surname="Cotton" fullname="M. Cotton"> <organization/> </author> <author initials="B." surname="Leiba" fullname="B. Leiba"> <organization/> </author> <author initials="T." surname="Narten" fullname="T. Narten"> <organization/> </author> <date year="2017" month="June"/> <abstract> <t>Many protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA).</t> <t>To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry.</t> <t>This is the third edition of this document; it obsoletes RFC 5226.</t> </abstract> </front> <seriesInfo name="BCP" value="26"/> <seriesInfo name="RFC" value="8126"/> <seriesInfo name="DOI" value="10.17487/RFC8126"/> </reference></referencegroup> <reference anchor="EARLY-ASSIGN" target="https://www.rfc-editor.org/info/rfc7120"> <front> <title>Early IANA Allocation of Standards Track Code Points</title> <authorinitials="M." surname="Cotton"fullname="M.Cotton">Cotton" initials="M." surname="Cotton"> <organization/> </author> <dateyear="2014" month="January"/>month="January" year="2014"/> <abstract> <t>This memo describes the process for early allocation of code points by IANA from registries for which "Specification Required", "RFC Required", "IETF Review", or "Standards Action" policies apply. This process can be used to alleviate the problem where code point allocation is needed to facilitate desired or required implementation and deployment experience prior to publication of an RFC, which would normally trigger code point allocation. The procedures in this document are intended to apply only to IETF Stream documents.</t> </abstract> </front> <seriesInfo name="BCP" value="100"/> <seriesInfo name="RFC" value="7120"/> <seriesInfo name="DOI" value="10.17487/RFC7120"/> </reference> </references> <references> <name>Informative References</name> <reference anchor="EARLY-DESIGN"target="https://goo.gl/dMVtFi">target="https://docs.google.com/document/d/1RNHkx_VvKWyWg6Lr8SZ-saqsQx7rFV-ev2jRFUoVD34/edit?usp=sharing"> <front> <title>QUIC: Multiplexed Stream Transport Over UDP</title> <author initials="J." surname="Roskind"> <organization/> </author> <date year="2013" month="December" day="02"/> </front> </reference> <reference anchor="SLOWLORIS" target="https://web.archive.org/web/20150315054838/http://ha.ckers.org/slowloris/"> <front> <title>Welcome toSlowloris...</title>Slowloris - the low bandwidth, yet greedy and poisonous HTTP client!</title> <author initials="R."surname="RSnake Hansen">surname='"RSnake" Hansen'> <organization/> </author> <date year="2009" month="June"/> </front> </reference> <referenceanchor="HTTP2" target="https://www.rfc-editor.org/info/rfc7540">anchor="GATEWAY"> <front><title>Hypertext Transfer Protocol Version 2 (HTTP/2)</title><title>An experimental study of home gateway characteristics</title> <authorinitials="M." surname="Belshe" fullname="M. Belshe">initials="S." surname="Hätönen" fullname="Seppo Hätönen"> <organization/> </author> <authorinitials="R." surname="Peon" fullname="R. Peon">initials="A." surname="Nyrhinen" fullname="Aki Nyrhinen"> <organization/> </author> <authorinitials="M." surname="Thomson" fullname="M. Thomson" role="editor">initials="L." surname="Eggert" fullname="Lars Eggert"> <organization/> </author><date year="2015" month="May"/> <abstract> <t>This specification describes an optimized expression of the semantics of the Hypertext Transfer Protocol (HTTP),<author initials="S." surname="Strowes" fullname="Stephen Strowes"> <organization/> </author> <author initials="P." surname="Sarolahti" fullname="Pasi Sarolahti"> <organization/> </author> <author initials="M." surname="Kojo" fullname="Markku Kojo"> <organization/> </author> <date year="2010" month="November"/> </front> <seriesInfo name="DOI" value="10.1145/1879141.1879174"/> <refcontent>Proceedings of the 10th ACM SIGCOMM conference on Internet measurement - IMC '10</refcontent> </reference> <reference anchor="RFC3449" target="https://www.rfc-editor.org/info/rfc3449"> <front> <title>TCP Performance Implications of Network Path Asymmetry</title> <author fullname="H. Balakrishnan" initials="H." surname="Balakrishnan"> <organization/> </author> <author fullname="V. Padmanabhan" initials="V." surname="Padmanabhan"> <organization/> </author> <author fullname="G. Fairhurst" initials="G." surname="Fairhurst"> <organization/> </author> <author fullname="M. Sooriyabandara" initials="M." surname="Sooriyabandara"> <organization/> </author> <date month="December" year="2002"/> <abstract> <t>This document describes TCP performance problems that arise because of asymmetric effects. These problems arise in several access networks, including bandwidth-asymmetric networks and packet radio subnetworks, for different underlying reasons. However, the end result on TCP performance is the same in both cases: performance often degrades significantly because of imperfection and variability in the ACK feedback from the receiver to the sender. The document details several mitigations to these effects, which have either been proposed or evaluated in the literature, or are currently deployed in networks. These solutions use a combination of local link- layer techniques, subnetwork, and end-to-end mechanisms, consisting of: (i) techniques to manage the channel used for the upstream bottleneck link carrying the ACKs, typically using header compression or reducing the frequency of TCP ACKs, (ii) techniques to handle this reduced ACK frequency to retain the TCP sender's acknowledgment-triggered self- clocking and (iii) techniques to schedule the data and ACK packets in the reverse direction to improve performance in the presence of two-way traffic. Each technique is described, together with known issues, and recommendations for use. A summary of the recommendations is provided at the end of the document. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t> </abstract> </front> <seriesInfo name="BCP" value="69"/> <seriesInfo name="RFC" value="3449"/> <seriesInfo name="DOI" value="10.17487/RFC3449"/> </reference> <reference anchor="HTTP2" target="https://www.rfc-editor.org/info/rfc7540"> <front> <title>Hypertext Transfer Protocol Version 2 (HTTP/2)</title> <author fullname="M. Belshe" initials="M." surname="Belshe"> <organization/> </author> <author fullname="R. Peon" initials="R." surname="Peon"> <organization/> </author> <author fullname="M. Thomson" initials="M." role="editor" surname="Thomson"> <organization/> </author> <date month="May" year="2015"/> <abstract> <t>This specification describes an optimized expression of the semantics of the Hypertext Transfer Protocol (HTTP), referred to as HTTP version 2 (HTTP/2). HTTP/2 enables a more efficient use of network resources and a reduced perception of latency by introducing header field compression and allowing multiple concurrent exchanges on the same connection. It also introduces unsolicited push of representations from servers to clients.</t> <t>This specification is an alternative to, but does not obsolete, the HTTP/1.1 message syntax. HTTP's existing semantics remain unchanged.</t> </abstract> </front> <seriesInfo name="RFC" value="7540"/> <seriesInfo name="DOI" value="10.17487/RFC7540"/> </reference> <reference anchor="ALPN" target="https://www.rfc-editor.org/info/rfc7301"> <front> <title>Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension</title> <authorinitials="S." surname="Friedl"fullname="S.Friedl">Friedl" initials="S." surname="Friedl"> <organization/> </author> <authorinitials="A." surname="Popov"fullname="A.Popov">Popov" initials="A." surname="Popov"> <organization/> </author> <authorinitials="A." surname="Langley"fullname="A.Langley">Langley" initials="A." surname="Langley"> <organization/> </author> <authorinitials="E." surname="Stephan"fullname="E.Stephan">Stephan" initials="E." surname="Stephan"> <organization/> </author> <dateyear="2014" month="July"/>month="July" year="2014"/> <abstract> <t>This document describes a Transport Layer Security (TLS) extension for application-layer protocol negotiation within the TLS handshake. For instances in which multiple application protocols are supported on the same TCP or UDP port, this extension allows the application layer to negotiate which protocol will be used within the TLS connection.</t> </abstract> </front> <seriesInfo name="RFC" value="7301"/> <seriesInfo name="DOI" value="10.17487/RFC7301"/> </reference> <reference anchor="ALTSVC" target="https://www.rfc-editor.org/info/rfc7838"> <front> <title>HTTP Alternative Services</title> <authorinitials="M." surname="Nottingham"fullname="M.Nottingham">Nottingham" initials="M." surname="Nottingham"> <organization/> </author> <authorinitials="P." surname="McManus"fullname="P.McManus">McManus" initials="P." surname="McManus"> <organization/> </author> <authorinitials="J." surname="Reschke"fullname="J.Reschke">Reschke" initials="J." surname="Reschke"> <organization/> </author> <dateyear="2016" month="April"/>month="April" year="2016"/> <abstract> <t>This document specifies "Alternative Services" for HTTP, which allow an origin's resources to be authoritatively available at a separate network location, possibly accessed with a different protocol configuration.</t> </abstract> </front> <seriesInfo name="RFC" value="7838"/> <seriesInfo name="DOI" value="10.17487/RFC7838"/> </reference> <referenceanchor="RFC4941" target="https://www.rfc-editor.org/info/rfc4941">anchor="RFC8981" target="https://www.rfc-editor.org/info/rfc8981"> <front><title>Privacy<title>Temporary Address Extensions for Stateless Address Autoconfiguration in IPv6</title> <authorinitials="T." surname="Narten" fullname="T. Narten">fullname="F. Gont" initials="F." surname="Gont"> <organization/> </author> <authorinitials="R." surname="Draves" fullname="R. Draves">fullname="S. Krishnan" initials="S." surname="Krishnan"> <organization/> </author> <authorinitials="S." surname="Krishnan" fullname="S. Krishnan">fullname="T. Narten" initials="T." surname="Narten"> <organization/> </author> <author fullname="R. Draves" initials="R." surname="Draves"> <organization/> </author> <dateyear="2007" month="September"/>month="February" year="2021"/> <abstract><t>Nodes use IPv6 stateless address autoconfiguration to generate addresses using a combination of locally available information and information advertised by routers. Addresses are formed by combining network prefixes with an interface identifier. On an interface that contains an embedded IEEE Identifier, the interface identifier is typically derived from it. On other interface types, the interface identifier is generated through other means, for example, via random number generation. This<t>This document describes an extension to IPv6stateless address autoconfiguration for interfaces whose interface identifier is derived from an IEEE identifier. Use of the extensionStateless Address Autoconfiguration that causesnodeshosts to generateglobal scopetemporary addressesfromwith randomized interface identifiersthat change over time, even in cases where the interface contains an embedded IEEE identifier.for each prefix advertised with autoconfiguration enabled. Changingthe interface identifier (and the global scopeaddressesgenerated from it)over timemakes it more difficult forlimits the window of time during which eavesdroppers and other information collectorsto identifymay trivially perform address-based network-activity correlation whendifferent addresses used in different transactions actually correspond tothe samenode. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="4941"/>address is employed for multiple transactions by the same host. Additionally, it reduces the window of exposure of a host as being accessible via an address that becomes revealed as a result of active communication. This document obsoletes RFC 4941.</t> </abstract> </front> <seriesInfo name="RFC" value="8981"/> <seriesInfo name="DOI"value="10.17487/RFC4941"/>value="10.17487/RFC8981"/> </reference> <reference anchor="RFC4787" target="https://www.rfc-editor.org/info/rfc4787"> <front> <title>Network Address Translation (NAT) Behavioral Requirements for Unicast UDP</title> <authorinitials="F." surname="Audet"fullname="F. Audet"role="editor">initials="F." role="editor" surname="Audet"> <organization/> </author> <authorinitials="C." surname="Jennings"fullname="C.Jennings">Jennings" initials="C." surname="Jennings"> <organization/> </author> <dateyear="2007" month="January"/>month="January" year="2007"/> <abstract> <t>This document defines basic terminology for describing different types of Network Address Translation (NAT) behavior when handling Unicast UDP and also defines a set of requirements that would allow many applications, such as multimedia communications or online gaming, to work consistently. Developing NATs that meet this set of requirements will greatly increase the likelihood that these applications will function properly. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t> </abstract> </front> <seriesInfo name="BCP" value="127"/> <seriesInfo name="RFC" value="4787"/> <seriesInfo name="DOI" value="10.17487/RFC4787"/> </reference> <referenceanchor="GATEWAY"> <front> <title>An experimental study of home gateway characteristics</title> <author initials="S." surname="Hätönen" fullname="Seppo Hätönen"> <organization/> </author> <author initials="A." surname="Nyrhinen" fullname="Aki Nyrhinen"> <organization/> </author> <author initials="L." surname="Eggert" fullname="Lars Eggert"> <organization/> </author> <author initials="S." surname="Strowes" fullname="Stephen Strowes"> <organization/> </author> <author initials="P." surname="Sarolahti" fullname="Pasi Sarolahti"> <organization/> </author> <author initials="M." surname="Kojo" fullname="Markku Kojo"> <organization/> </author> <date year="2010"/> </front> <seriesInfo name="Proceedings of the 10th annual conference on Internet measurement - IMC" value="'10"/> <seriesInfo name="DOI" value="10.1145/1879141.1879174"/> </reference> <referenceanchor="RFC2104" target="https://www.rfc-editor.org/info/rfc2104"> <front> <title>HMAC: Keyed-Hashing for Message Authentication</title> <authorinitials="H." surname="Krawczyk"fullname="H.Krawczyk">Krawczyk" initials="H." surname="Krawczyk"> <organization/> </author> <authorinitials="M." surname="Bellare"fullname="M.Bellare">Bellare" initials="M." surname="Bellare"> <organization/> </author> <authorinitials="R." surname="Canetti"fullname="R.Canetti">Canetti" initials="R." surname="Canetti"> <organization/> </author> <dateyear="1997" month="February"/>month="February" year="1997"/> <abstract> <t>This document describes HMAC, a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative cryptographic hash function, e.g., MD5, SHA-1, in combination with a secret shared key. The cryptographic strength of HMAC depends on the properties of the underlying hash function. This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind</t> </abstract> </front> <seriesInfo name="RFC" value="2104"/> <seriesInfo name="DOI" value="10.17487/RFC2104"/> </reference> <reference anchor="RANDOM" target="https://www.rfc-editor.org/info/rfc4086"> <front> <title>Randomness Requirements for Security</title> <authorinitials="D." surname="Eastlake 3rd"fullname="D. Eastlake 3rd" initials="D." surname="Eastlake 3rd"> <organization/> </author> <authorinitials="J." surname="Schiller"fullname="J.Schiller">Schiller" initials="J." surname="Schiller"> <organization/> </author> <authorinitials="S." surname="Crocker"fullname="S.Crocker">Crocker" initials="S." surname="Crocker"> <organization/> </author> <dateyear="2005" month="June"/>month="June" year="2005"/> <abstract> <t>Security systems are built on strong cryptographic algorithms that foil pattern analysis attempts. However, the security of these systems is dependent on generating secret quantities for passwords, cryptographic keys, and similar quantities. The use of pseudo-random processes to generate secret quantities can result in pseudo-security. A sophisticated attacker may find it easier to reproduce the environment that produced the secret quantities and to search the resulting small set of possibilities than to locate the quantities in the whole of the potential number space.</t> <t>Choosing random quantities to foil a resourceful and motivated adversary is surprisingly difficult. This document points out many pitfalls in using poor entropy sources or traditional pseudo-random number generation techniques for generating such quantities. It recommends the use of truly random hardware techniques and shows that the existing hardware on many systems can be used for this purpose. It provides suggestions to ameliorate the problem when a hardware solution is not available, and it gives examples of how large such quantities need to be for some applications. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t> </abstract> </front> <seriesInfo name="BCP" value="106"/> <seriesInfo name="RFC" value="4086"/> <seriesInfo name="DOI" value="10.17487/RFC4086"/> </reference> <reference anchor="RFC5869" target="https://www.rfc-editor.org/info/rfc5869"> <front> <title>HMAC-based Extract-and-Expand Key Derivation Function (HKDF)</title> <authorinitials="H." surname="Krawczyk"fullname="H.Krawczyk">Krawczyk" initials="H." surname="Krawczyk"> <organization/> </author> <authorinitials="P." surname="Eronen"fullname="P.Eronen">Eronen" initials="P." surname="Eronen"> <organization/> </author> <dateyear="2010" month="May"/>month="May" year="2010"/> <abstract> <t>This document specifies a simple Hashed Message Authentication Code (HMAC)-based key derivation function (HKDF), which can be used as a building block in various protocols and applications. The key derivation function (KDF) is intended to support a wide range of applications and requirements, and is conservative in its use of cryptographic hash functions. This document is not an Internet Standards Track specification; it is published for informational purposes.</t> </abstract> </front> <seriesInfo name="RFC" value="5869"/> <seriesInfo name="DOI" value="10.17487/RFC5869"/> </reference> <reference anchor="AEAD" target="https://www.rfc-editor.org/info/rfc5116"> <front> <title>An Interface and Algorithms for Authenticated Encryption</title> <authorinitials="D." surname="McGrew"fullname="D.McGrew">McGrew" initials="D." surname="McGrew"> <organization/> </author> <dateyear="2008" month="January"/>month="January" year="2008"/> <abstract> <t>This document defines algorithms for Authenticated Encryption with Associated Data (AEAD), and defines a uniform interface and a registry for such algorithms. The interface and registry can be used as an application-independent set of cryptoalgorithm suites. This approach provides advantages in efficiency and security, and promotes the reuse of crypto implementations. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="5116"/> <seriesInfo name="DOI" value="10.17487/RFC5116"/> </reference> <referenceanchor="RFC3449" target="https://www.rfc-editor.org/info/rfc3449"> <front> <title>TCP Performance Implications of Network Path Asymmetry</title> <author initials="H." surname="Balakrishnan" fullname="H. Balakrishnan"> <organization/> </author> <author initials="V." surname="Padmanabhan" fullname="V. Padmanabhan"> <organization/> </author> <author initials="G." surname="Fairhurst" fullname="G. Fairhurst"> <organization/> </author> <author initials="M." surname="Sooriyabandara" fullname="M. Sooriyabandara"> <organization/> </author> <date year="2002" month="December"/> <abstract> <t>This document describes TCP performance problems that arise because of asymmetric effects. These problems arise in several access networks, including bandwidth-asymmetric networks and packet radio subnetworks, for different underlying reasons. However, the end result on TCP performance is the same in both cases: performance often degrades significantly because of imperfection and variability in the ACK feedback from the receiver to the sender. The document details several mitigations to these effects, which have either been proposed or evaluated in the literature, or are currently deployed in networks. These solutions use a combination of local link- layer techniques, subnetwork, and end-to-end mechanisms, consisting of: (i) techniques to manage the channel used for the upstream bottleneck link carrying the ACKs, typically using header compression or reducing the frequency of TCP ACKs, (ii) techniques to handle this reduced ACK frequency to retain the TCP sender's acknowledgment-triggered self- clocking and (iii) techniques to schedule the data and ACK packets in the reverse direction to improve performance in the presence of two-way traffic. Each technique is described, together with known issues, and recommendations for use. A summary of the recommendations is provided at the end of the document. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t> </abstract> </front> <seriesInfo name="BCP" value="69"/> <seriesInfo name="RFC" value="3449"/> <seriesInfo name="DOI" value="10.17487/RFC3449"/> </reference> <referenceanchor="RFC5681" target="https://www.rfc-editor.org/info/rfc5681"> <front> <title>TCP Congestion Control</title> <authorinitials="M." surname="Allman"fullname="M.Allman">Allman" initials="M." surname="Allman"> <organization/> </author> <authorinitials="V." surname="Paxson"fullname="V.Paxson">Paxson" initials="V." surname="Paxson"> <organization/> </author> <authorinitials="E." surname="Blanton"fullname="E.Blanton">Blanton" initials="E." surname="Blanton"> <organization/> </author> <dateyear="2009" month="September"/>month="September" year="2009"/> <abstract> <t>This document defines TCP's four intertwined congestion control algorithms: slow start, congestion avoidance, fast retransmit, and fast recovery. In addition, the document specifies how TCP should begin transmission after a relatively long idle period, as well as discussing various acknowledgment generation methods. This document obsoletes RFC 2581. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="5681"/> <seriesInfo name="DOI" value="10.17487/RFC5681"/> </reference> <reference anchor="RFC8087" target="https://www.rfc-editor.org/info/rfc8087"> <front> <title>The Benefits of Using Explicit Congestion Notification (ECN)</title> <authorinitials="G." surname="Fairhurst"fullname="G.Fairhurst">Fairhurst" initials="G." surname="Fairhurst"> <organization/> </author> <authorinitials="M." surname="Welzl"fullname="M.Welzl">Welzl" initials="M." surname="Welzl"> <organization/> </author> <dateyear="2017" month="March"/>month="March" year="2017"/> <abstract> <t>The goal of this document is to describe the potential benefits of applications using a transport that enables Explicit Congestion Notification (ECN). The document outlines the principal gains in terms of increased throughput, reduced delay, and other benefits when ECN is used over a network path that includes equipment that supports Congestion Experienced (CE) marking. It also discusses challenges for successful deployment of ECN. It does not propose new algorithms to use ECN nor does it describe the details of implementation of ECN in endpoint devices (Internet hosts), routers, or other network devices.</t> </abstract> </front> <seriesInfo name="RFC" value="8087"/> <seriesInfo name="DOI" value="10.17487/RFC8087"/> </reference> <reference anchor="IPv6" target="https://www.rfc-editor.org/info/rfc8200"> <front> <title>Internet Protocol, Version 6 (IPv6) Specification</title> <authorinitials="S." surname="Deering"fullname="S.Deering">Deering" initials="S." surname="Deering"> <organization/> </author> <authorinitials="R." surname="Hinden"fullname="R.Hinden">Hinden" initials="R." surname="Hinden"> <organization/> </author> <dateyear="2017" month="July"/>month="July" year="2017"/> <abstract> <t>This document specifies version 6 of the Internet Protocol (IPv6). It obsoletes RFC 2460.</t> </abstract> </front> <seriesInfo name="STD" value="86"/> <seriesInfo name="RFC" value="8200"/> <seriesInfo name="DOI" value="10.17487/RFC8200"/> </reference> <reference anchor="RFC1812" target="https://www.rfc-editor.org/info/rfc1812"> <front> <title>Requirements for IP Version 4 Routers</title> <authorinitials="F." surname="Baker"fullname="F. Baker"role="editor">initials="F." role="editor" surname="Baker"> <organization/> </author> <dateyear="1995" month="June"/>month="June" year="1995"/> <abstract> <t>This memo defines and discusses requirements for devices that perform the network layer forwarding function of the Internet protocol suite. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="1812"/> <seriesInfo name="DOI" value="10.17487/RFC1812"/> </reference> <reference anchor="RFC4443" target="https://www.rfc-editor.org/info/rfc4443"> <front> <title>Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification</title> <authorinitials="A." surname="Conta"fullname="A.Conta">Conta" initials="A." surname="Conta"> <organization/> </author> <authorinitials="S." surname="Deering"fullname="S.Deering">Deering" initials="S." surname="Deering"> <organization/> </author> <authorinitials="M." surname="Gupta"fullname="M. Gupta"role="editor">initials="M." role="editor" surname="Gupta"> <organization/> </author> <dateyear="2006" month="March"/>month="March" year="2006"/> <abstract> <t>This document describes the format of a set of control messages used in ICMPv6 (Internet Control Message Protocol). ICMPv6 is the Internet Control Message Protocol for Internet Protocol version 6 (IPv6). [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="STD" value="89"/> <seriesInfo name="RFC" value="4443"/> <seriesInfo name="DOI" value="10.17487/RFC4443"/> </reference> <reference anchor="RFC7983" target="https://www.rfc-editor.org/info/rfc7983"> <front> <title>Multiplexing Scheme Updates for Secure Real-time Transport Protocol (SRTP) Extension for Datagram Transport Layer Security (DTLS)</title> <authorinitials="M." surname="Petit-Huguenin"fullname="M.Petit-Huguenin">Petit-Huguenin" initials="M." surname="Petit-Huguenin"> <organization/> </author> <authorinitials="G." surname="Salgueiro"fullname="G.Salgueiro">Salgueiro" initials="G." surname="Salgueiro"> <organization/> </author> <dateyear="2016" month="September"/>month="September" year="2016"/> <abstract> <t>This document defines how Datagram Transport Layer Security (DTLS), Real-time Transport Protocol (RTP), RTP Control Protocol (RTCP), Session Traversal Utilities for NAT (STUN), Traversal Using Relays around NAT (TURN), and ZRTP packets are multiplexed on a single receiving socket. It overrides the guidance from RFC 5764 ("SRTP Extension for DTLS"), which suffered from four issues described and fixed in this document.</t> <t>This document updates RFC 5764.</t> </abstract> </front> <seriesInfo name="RFC" value="7983"/> <seriesInfo name="DOI" value="10.17487/RFC7983"/> </reference> <referenceanchor="QUIC-MANAGEABILITY" target="http://www.ietf.org/internet-drafts/draft-ietf-quic-manageability-08.txt">anchor="QUIC-MANAGEABILITY"> <front> <title>Manageability of the QUIC Transport Protocol</title> <authorinitials="M" surname="Kuehlewind"fullname="Mirja Kuehlewind"><organization/><organization>Ericsson</organization> </author> <authorinitials="B" surname="Trammell"fullname="Brian Trammell"><organization/><organization>Google Switzerland GmbH</organization> </author> <datemonth="November" day="2" year="2020"/>day="21" month="April" year="2021"/> <abstract> <t>This document discusses manageability of the QUIC transport protocol, focusing oncaveats impactingthe implications of QUIC's design and wire image on network operations involving QUIC traffic. Its intended audience is networkoperators, as well as content providers thatoperators and equipment vendors who rely on the use ofQUIC-aware middleboxes, e.g. for load balancing.</t>transport-aware network functions.</t> </abstract> </front> <seriesInfo name="Internet-Draft"value="draft-ietf-quic-manageability-08"/>value="draft-ietf-quic-manageability-11"/> </reference> <reference anchor="RFC2018" target="https://www.rfc-editor.org/info/rfc2018"> <front> <title>TCP Selective Acknowledgment Options</title> <authorinitials="M." surname="Mathis"fullname="M.Mathis">Mathis" initials="M." surname="Mathis"> <organization/> </author> <authorinitials="J." surname="Mahdavi"fullname="J.Mahdavi">Mahdavi" initials="J." surname="Mahdavi"> <organization/> </author> <authorinitials="S." surname="Floyd"fullname="S.Floyd">Floyd" initials="S." surname="Floyd"> <organization/> </author> <authorinitials="A." surname="Romanow"fullname="A.Romanow">Romanow" initials="A." surname="Romanow"> <organization/> </author> <dateyear="1996" month="October"/>month="October" year="1996"/> <abstract> <t>This memo proposes an implementation of SACK and discusses its performance and related issues. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="2018"/> <seriesInfo name="DOI" value="10.17487/RFC2018"/> </reference> <reference anchor="SEC-CONS" target="https://www.rfc-editor.org/info/rfc3552"> <front> <title>Guidelines for Writing RFC Text on Security Considerations</title> <authorinitials="E." surname="Rescorla"fullname="E.Rescorla">Rescorla" initials="E." surname="Rescorla"> <organization/> </author> <authorinitials="B." surname="Korver"fullname="B.Korver">Korver" initials="B." surname="Korver"> <organization/> </author> <dateyear="2003" month="July"/>month="July" year="2003"/> <abstract> <t>All RFCs are required to have a Security Considerations section. Historically, such sections have been relatively weak. This document provides guidelines to RFC authors on how to write a good Security Considerations section. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t> </abstract> </front> <seriesInfo name="BCP" value="72"/> <seriesInfo name="RFC" value="3552"/> <seriesInfo name="DOI" value="10.17487/RFC3552"/> </reference> <reference anchor="CSRF"> <front> <title>Robust defenses for cross-site request forgery</title> <authorinitials="A." surname="Barth"fullname="AdamBarth">Barth" initials="A." surname="Barth"> <organization/> </author> <authorinitials="C." surname="Jackson"fullname="CollinJackson">Jackson" initials="C." surname="Jackson"> <organization/> </author> <authorinitials="J." surname="Mitchell"fullname="John C.Mitchell">Mitchell" initials="J." surname="Mitchell"> <organization/> </author> <date year="2008"/> </front> <seriesInfo name="Proceedings of the 15th ACM conference on Computer and communications security - CCS" value="'08"/> <seriesInfo name="DOI" value="10.1145/1455770.1455782"/> </reference> <reference anchor="COOKIE" target="https://www.rfc-editor.org/info/rfc6265"> <front> <title>HTTP State Management Mechanism</title> <authorinitials="A." surname="Barth"fullname="A.Barth">Barth" initials="A." surname="Barth"> <organization/> </author> <dateyear="2011" month="April"/>month="April" year="2011"/> <abstract> <t>This document defines the HTTP Cookie and Set-Cookie header fields. These header fields can be used by HTTP servers to store state (called cookies) at HTTP user agents, letting the servers maintain a stateful session over the mostly stateless HTTP protocol. Although cookies have many historical infelicities that degrade their security and privacy, the Cookie and Set-Cookie header fields are widely used on the Internet. This document obsoletes RFC 2965. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="6265"/> <seriesInfo name="DOI" value="10.17487/RFC6265"/> </reference> <reference anchor="RFC4291" target="https://www.rfc-editor.org/info/rfc4291"> <front> <title>IP Version 6 Addressing Architecture</title> <authorinitials="R." surname="Hinden"fullname="R.Hinden">Hinden" initials="R." surname="Hinden"> <organization/> </author> <authorinitials="S." surname="Deering"fullname="S.Deering">Deering" initials="S." surname="Deering"> <organization/> </author> <dateyear="2006" month="February"/>month="February" year="2006"/> <abstract> <t>This specification defines the addressing architecture of the IP Version 6 (IPv6) protocol. The document includes the IPv6 addressing model, text representations of IPv6 addresses, definition of IPv6 unicast addresses, anycast addresses, and multicast addresses, and an IPv6 node's required addresses.</t> <t>This document obsoletes RFC 3513, "IP Version 6 Addressing Architecture". [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="4291"/> <seriesInfo name="DOI" value="10.17487/RFC4291"/> </reference> <reference anchor="RFC1918" target="https://www.rfc-editor.org/info/rfc1918"> <front> <title>Address Allocation for Private Internets</title> <authorinitials="Y." surname="Rekhter"fullname="Y.Rekhter">Rekhter" initials="Y." surname="Rekhter"> <organization/> </author> <authorinitials="B." surname="Moskowitz"fullname="B.Moskowitz">Moskowitz" initials="B." surname="Moskowitz"> <organization/> </author> <authorinitials="D." surname="Karrenberg"fullname="D.Karrenberg">Karrenberg" initials="D." surname="Karrenberg"> <organization/> </author> <authorinitials="G. J." surname="de Groot"fullname="G. J. de Groot" initials="G. J." surname="de Groot"> <organization/> </author> <authorinitials="E." surname="Lear"fullname="E.Lear">Lear" initials="E." surname="Lear"> <organization/> </author> <dateyear="1996" month="February"/>month="February" year="1996"/> <abstract> <t>This document describes address allocation for private internets. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t> </abstract> </front> <seriesInfo name="BCP" value="5"/> <seriesInfo name="RFC" value="1918"/> <seriesInfo name="DOI" value="10.17487/RFC1918"/> </reference> <reference anchor="RFC4193" target="https://www.rfc-editor.org/info/rfc4193"> <front> <title>Unique Local IPv6 Unicast Addresses</title> <authorinitials="R." surname="Hinden"fullname="R.Hinden">Hinden" initials="R." surname="Hinden"> <organization/> </author> <authorinitials="B." surname="Haberman"fullname="B.Haberman">Haberman" initials="B." surname="Haberman"> <organization/> </author> <dateyear="2005" month="October"/>month="October" year="2005"/> <abstract> <t>This document defines an IPv6 unicast address format that is globally unique and is intended for local communications, usually inside of a site. These addresses are not expected to be routable on the global Internet. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="4193"/> <seriesInfo name="DOI" value="10.17487/RFC4193"/> </reference> </references> </references> <section anchor="pseudocode" numbered="true" toc="default"> <name>Pseudocode</name> <t>The pseudocode in this section describes sample algorithms. These algorithms are intended to be correct and clear, rather than being optimally performant.</t> <t>The pseudocode segments in this section are licensed as Code Components; see thecopyright notice.</t>Copyright Notice.</t> <section anchor="sample-varint" numbered="true" toc="default"> <name>Sample Variable-Length Integer Decoding</name> <t>The pseudocode in <xref target="alg-varint" format="default"/> shows how a variable-length integer can be read from a stream of bytes. The function ReadVarint takes a singleargument,argument -- a sequence ofbytesbytes, which can be read in network byte order.</t> <figure anchor="alg-varint"> <name>Sample Variable-Length Integer Decoding Algorithm</name><artwork name="" type="" align="left" alt=""><![CDATA[<sourcecode type="pseudocode"><![CDATA[ ReadVarint(data): // The length of variable-length integers is encoded in the // first two bits of the first byte. v = data.next_byte() prefix = v >> 6 length = 1 << prefix // Once the length is known, remove these bits and read any // remaining bytes. v = v & 0x3f repeat length-1 times: v = (v << 8) + data.next_byte() return v]]></artwork>]]></sourcecode> </figure> <t>For example, the eight-byte sequence 0xc2197c5eff14e88c decodes to the decimal value 151,288,809,941,952,652; the four-byte sequence 0x9d7f3e7d decodes to 494,878,333; the two-byte sequence 0x7bbd decodes to 15,293; and the single byte 0x25 decodes to 37 (as does the two-byte sequence 0x4025).</t> </section> <section anchor="sample-packet-number-encoding" numbered="true" toc="default"> <name>Sample Packet Number Encoding Algorithm</name> <t>The pseudocode in <xref target="alg-encode-pn" format="default"/> shows how an implementation can select an appropriate size for packet number encodings.</t> <t>The EncodePacketNumber function takes two arguments:</t> <ul spacing="normal"> <li>full_pn is the full packet number of the packet being sent.</li> <li>largest_acked is the largest packet numberwhichthat has been acknowledged by the peer in the current packet number space, if any.</li> </ul> <figure anchor="alg-encode-pn"> <name>Sample Packet Number Encoding Algorithm</name><artwork name="" type="" align="left" alt=""><![CDATA[<sourcecode type="pseudocode"><![CDATA[ EncodePacketNumber(full_pn, largest_acked): // The number of bits must be at least one more // than the base-2 logarithm of the number of contiguous // unacknowledged packet numbers, including the new packet. if largest_acked is None: num_unacked = full_pn + 1 else: num_unacked = full_pn - largest_acked min_bits = log(num_unacked, 2) + 1 num_bytes = ceil(min_bits / 8) // Encode the integer value and truncate to // the num_bytesleast-significantleast significant bytes. return encode(full_pn, num_bytes)]]></artwork>]]></sourcecode> </figure> <t>For example, if an endpoint has received an acknowledgment for packet0xabe8bc0xabe8b3 and is sending a packet with a number of 0xac5c02, there are 29,519 (0x734f) outstandingpackets.packet numbers. In order to represent at least twice this range (59,038 packets, or 0xe69e), 16 bits are required.</t> <t>In the same state, sending a packet with a number of 0xace8fe uses the 24-bit encoding, because at least 18 bits are required to represent twice the range(131,182(131,222 packets, or0x2006e).</t>0x020096).</t> </section> <section anchor="sample-packet-number-decoding" numbered="true" toc="default"> <name>Sample Packet Number Decoding Algorithm</name> <t>The pseudocode in <xref target="alg-decode-pn" format="default"/> includes an example algorithm for decoding packet numbers after header protection has been removed.</t> <t>The DecodePacketNumber function takes three arguments:</t> <ul spacing="normal"> <li>largest_pn is the largest packet number that has been successfully processed in the current packet number space.</li> <li>truncated_pn is the value of the Packet Number field.</li> <li>pn_nbits is the number of bits in the Packet Number field (8, 16, 24, or 32).</li> </ul> <figure anchor="alg-decode-pn"> <name>Sample Packet Number Decoding Algorithm</name><artwork name="" type="" align="left" alt=""><![CDATA[<sourcecode type="pseudocode"><![CDATA[ DecodePacketNumber(largest_pn, truncated_pn, pn_nbits): expected_pn = largest_pn + 1 pn_win = 1 << pn_nbits pn_hwin = pn_win / 2 pn_mask = pn_win - 1 // The incoming packet number should be greater than // expected_pn - pn_hwin and less than or equal to // expected_pn + pn_hwin // // This means we cannot just strip the trailing bits from // expected_pn and add the truncated_pn because that might // yield a value outside the window. // // The following code calculates a candidate value and // makes sure it's within the packet number window. // Note the extra checks to prevent overflow and underflow. candidate_pn = (expected_pn & ~pn_mask) | truncated_pn if candidate_pn <= expected_pn - pn_hwin and candidate_pn < (1 << 62) - pn_win: return candidate_pn + pn_win if candidate_pn > expected_pn + pn_hwin and candidate_pn >= pn_win: return candidate_pn - pn_win return candidate_pn]]></artwork>]]></sourcecode> </figure> <t>For example, if the highest successfully authenticated packet had a packet number of 0xa82f30ea, then a packet containing a 16-bit value of 0x9b32 will be decoded as 0xa82f9b32.</t> </section> <section anchor="ecn-alg" numbered="true" toc="default"> <name>Sample ECN Validation Algorithm</name> <t>Each time an endpoint commences sending on a new network path, it determines whether the path supports ECN; see <xref target="ecn" format="default"/>. If the path supports ECN, the goal is to use ECN. Endpoints might also periodically reassess a path that was determined to not support ECN.</t> <t>This section describes one method for testing new paths. This algorithm is intended to show how a path might be tested for ECN support. Endpoints can implement different methods.</t> <t>The path is assigned an ECN state that is one of "testing", "unknown", "failed", or "capable". On paths with a "testing" or "capable"statestate, the endpoint sends packets with an ECTmarking,marking -- ECT(0) bydefault ECT(0);default; otherwise, the endpoint sends unmarked packets.</t> <t>To start testing a path, the ECN state is set to"testing""testing", and existing ECN counts are remembered as a baseline.</t> <t>The testing period runs for a number of packets or a limited time, as determined by the endpoint. The goal is not to limit the duration of the testingperiod,period but to ensure that enough marked packets are sent for received ECN counts to provide a clear indication of how the path treats marked packets. <xref target="ecn-validation" format="default"/> suggests limiting this to10ten packets or3three times theprobe timeout.</t>PTO.</t> <t>After the testing period ends, the ECN state for the path becomes "unknown". From the "unknown" state, successful validation of the ECN counts in an ACK frame (see <xref target="ecn-ack" format="default"/>) causes the ECN state for the path to become "capable", unless no marked packet has been acknowledged.</t> <t>If validation of ECN counts fails at any time, the ECN state for the affected path becomes "failed". An endpoint can also mark the ECN state for a path as "failed" if marked packets are all declared lost or if they are allCEECN-CE marked.</t> <t>Following this algorithm ensures that ECN is rarely disabled for paths that properly support ECN. Any path that incorrectly modifies markings will cause ECN to be disabled. For those rare cases where marked packets are discarded by the path, the short duration of the testing period limits the number of losses incurred.</t> </section> </section> <sectionanchor="change-log" numbered="true"numbered="false" anchor="contributors" toc="default"><name>Change Log</name> <ul empty="true" spacing="normal"> <li> <strong>RFC Editor's Note:</strong> Please remove this section prior to publication of a final version of this document.</li> </ul> <t>Issue<name>Contributors</name> <t>The original design andpull request numbers are listed with a leading octothorp.</t> <section anchor="since-draft-ietf-quic-transport-32" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-32</name> <ul spacing="normal"> <li>Endpoints are required to limit the total data they send in response to an apparent connection migration to three times what wasrationale behind this protocol draw significantly from work by <contact fullname="Jim Roskind"/> <xref target="EARLY-DESIGN" format="default"/>.</t> <t>The IETF QUIC Working Group received(#4257, #4264)</li> <li>Addedanerror code for path validation failures (#4257, #4331)</li> <li>Defined DoS protections for clients during the handshake (#4259, #4330, #4344)</li> <li>Prohibited connection errors when datagrams are not the required size (#4273, #4342)</li> <li>Stop using initial timeout for path validation (#4261, #4262, #4263).</li> <li> <t>A numberenormous amount ofimprovementssupport from many people. The following people provided substantive contributions toIANA considerations: </t>this document:</t> <ulspacing="normal"> <li>Added a registry for versions (#4345, #4280)</li> <li>Clarified rules for first reserved value (#4378, #4389)</li> <li>Reserved values are not added to the registry (#4372, #4428)</li> </ul>spacing="compact"> <li> <t><contact fullname="Alessandro Ghedini"/></t> </li><li>Added final version numbers (#4430)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-31" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-31</name> <ul spacing="normal"><li><t>Require expansion of datagrams to ensure that a path supports at least 1200 bytes in both directions: </t> <ul spacing="normal"> <li>During the handshake ack-eliciting Initial packets from the server need to be expanded (#4183, #4188)</li> <li>Path validation now requires packets containing PATH_CHALLENGE and PATH_RESPONSE to be expanded and PATH_RESPONSE is sent on the same network path (#4216, #4226)</li> </ul><t><contact fullname="Alyssa Wilk"/></t> </li><li>Though senders need to expand datagrams in some cases, receivers cannot enforce this requirement (#4253, #4254)</li> <li>Split contact into contact and change controller for IANA registrations (#4230, #4239)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-30" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-30</name> <ul spacing="normal"> <li>Use TRANSPORT_PARAMETER_ERROR for an invalid transport parameter (#4099, #4100)</li> <li>Add a new error code for AEAD_LIMIT_REACHED code to avoid conflict (#4087, #4088)</li> <li>Allow use of address validation token when server address changes (#4076, #4089)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-29" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-29</name> <ul spacing="normal"> <li>Require the same connection ID on coalesced packets (#3800, #3930)</li> <li>Allow caching of packets that can't be decrypted, by allowing the reported acknowledgment delay to exceed max_ack_delay prior to confirming the handshake (#3821, #3980, #4035, #3874)</li> <li>Allow connection ID to be used for address validation (#3834, #3924)</li> <li>Required protocol operations are no longer directed at implementations, but are features provided to application protocols (#3838, #3935)</li> <li>Narrow requirements for reset of congestion state on path change (#3842, #3945)</li> <li>Add a three times amplification limit for sending of CONNECTION_CLOSE with reduced state (#3845, #3864)</li> <li>Change error code for invalid RETIRE_CONNECTION_ID frames (#3860, #3861)</li> <li>Recommend retention of state for lost packets to allow for late arrival and avoid unnecessary retransmission (#3956, #3957)</li> <li>Allow a server to reject connections if a client reuses packet numbers after Retry (#3989, #3990)</li> <li>Limit recommendation for immediate acknowledgment to when ack-eliciting packets are reordered (#4001, #4000)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-28" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-28</name> <ul spacing="normal"> <li>Made SERVER_BUSY error (0x2) more generic, now CONNECTION_REFUSED (#3709, #3690, #3694)</li> <li>Allow TRANSPORT_PARAMETER_ERROR when validating connection IDs (#3703, #3691)</li> <li>Integrate QUIC-specific language from draft-ietf-tsvwg-datagram-plpmtud (#3695, #3702)</li> <li>disable_active_migration does not apply to the addresses offered in server_preferred_address (#3608, #3670)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-27" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-27</name> <ul spacing="normal"> <li>Allowed CONNECTION_CLOSE in any packet number space, with a requirement to use a new transport-level error for application-specific errors in Initial and Handshake packets (#3430, #3435, #3440)</li> <li>Clearer requirements for address validation (#2125, #3327)</li> <li>Security analysis of handshake and migration (#2143, #2387, #2925)</li> <li>The entire payload of a datagram is used when counting bytes for mitigating amplification attacks (#3333, #3470)</li> <li>Connection IDs can be used at any time, including in the handshake (#3348, #3560, #3438, #3565)</li> <li>Only one ACK should be sent for each instance of reordering (#3357, #3361)</li> <li>Remove text allowing a server to proceed with a bad Retry token (#3396, #3398)</li> <li>Ignore active_connection_id_limit with a zero-length connection ID (#3427, #3426)</li> <li>Require active_connection_id_limit be remembered for 0-RTT (#3423, #3425)</li> <li>Require ack_delay not be remembered for 0-RTT (#3433, #3545)</li> <li>Redefined max_packet_size to max_udp_datagram_size (#3471, #3473)</li> <li>Guidance on limiting outstanding attempts to retire connection IDs (#3489, #3509, #3557, #3547)</li> <li>Restored text on dropping bogus Version Negotiation packets (#3532, #3533)</li> <li>Clarified that largest acknowledged needs to be saved, but not necessarily signaled in all cases (#3541, #3581)</li> <li>Addressed linkability risk with the use of preferred_address (#3559, #3563)</li> <li>Added authentication of handshake connection IDs (#3439, #3499)</li> <li>Opening a stream in the wrong direction is an error (#3527)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-26" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-26</name> <ul spacing="normal"> <li>Change format of transport parameters to use varints (#3294, #3169)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-25" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-25</name> <ul spacing="normal"> <li>Define the use of CONNECTION_CLOSE prior to establishing connection state (#3269, #3297, #3292)</li> <li>Allow use of address validation tokens after client address changes (#3307, #3308)</li> <li>Define the timer for address validation (#2910, #3339)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-24" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-24</name> <ul spacing="normal"> <li>Added HANDSHAKE_DONE to signal handshake confirmation (#2863, #3142, #3145)</li> <li>Add integrity check to Retry packets (#3014, #3274, #3120)</li> <li>Specify handling of reordered NEW_CONNECTION_ID frames (#3194, #3202)</li> <li>Require checking of sequence numbers in RETIRE_CONNECTION_ID (#3037, #3036)</li> <li>active_connection_id_limit is enforced (#3193, #3197, #3200, #3201)</li> <li>Correct overflow in packet number decode algorithm (#3187, #3188)</li> <li>Allow use of CRYPTO_BUFFER_EXCEEDED for CRYPTO frame errors (#3258, #3186)</li> <li>Define applicability and scope of NEW_TOKEN (#3150, #3152, #3155, #3156)</li> <li>Tokens from Retry and NEW_TOKEN must be differentiated (#3127, #3128)</li> <li>Allow CONNECTION_CLOSE in response to invalid token (#3168, #3107)</li> <li>Treat an invalid CONNECTION_CLOSE as an invalid frame (#2475, #3230, #3231)</li> <li>Throttle when sending CONNECTION_CLOSE after discarding state (#3095, #3157)</li> <li>Application-variant of CONNECTION_CLOSE can only be sent in 0-RTT or 1-RTT packets (#3158, #3164)</li> <li>Advise sending while blocked to avoid idle timeout (#2744, #3266)</li> <li>Define error codes for invalid frames (#3027, #3042)</li> <li>Idle timeout is symmetric (#2602, #3099)</li> <li>Prohibit IP fragmentation (#3243, #3280)</li> <li>Define the use of provisional registration for all registries (#3109, #3020, #3102, #3170)</li> <li>Packets on one path must not adjust values for a different path (#2909, #3139)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-23" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-23</name> <ul spacing="normal"> <li>Allow ClientHello to span multiple packets (#2928, #3045)</li> <li>Client Initial size constraints apply to UDP datagram payload (#3053, #3051)</li> <li> <t>Stateless reset changes (#2152, #2993) </t> <ul spacing="normal"> <li>tokens need to be compared in constant time</li> <li>detection uses UDP datagrams, not packets</li> <li>tokens cannot be reused (#2785, #2968)</li> </ul> </li> <li>Clearer rules for sharing of UDP ports and use of connection IDs when doing so (#2844, #2851)</li> <li>A new connection ID is necessary when responding to migration (#2778, #2969)</li> <li>Stronger requirements for connection ID retirement (#3046, #3096)</li> <li>NEW_TOKEN cannot be empty (#2978, #2977)</li> <li>PING can be sent at any encryption level (#3034, #3035)</li> <li>CONNECTION_CLOSE is not ack-eliciting (#3097, #3098)</li> <li>Frame encoding error conditions updated (#3027, #3042)</li> <li>Non-ack-eliciting packets cannot be sent in response to non-ack-eliciting packets (#3100, #3104)</li> <li>Servers have to change connection IDs in Retry (#2837, #3147)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-22" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-22</name> <ul spacing="normal"> <li>Rules for preventing correlation by connection ID tightened (#2084, #2929)</li> <li>Clarified use of CONNECTION_CLOSE in Handshake packets (#2151, #2541, #2688)</li> <li>Discourage regressions of largest acknowledged in ACK (#2205, #2752)</li> <li>Improved robustness of validation process for ECN counts (#2534, #2752)</li> <li>Require endpoints to ignore spurious migration attempts (#2342, #2893)</li> <li>Transport parameter for disabling migration clarified to allow NAT rebinding (#2389, #2893)</li> <li>Document principles for defining new error codes (#2388, #2880)</li> <li>Reserve transport parameters for greasing (#2550, #2873)</li> <li>A maximum ACK delay of 0 is used for handshake packet number spaces (#2646, #2638)</li> <li>Improved rules for use of congestion control state on new paths (#2685, #2918)</li> <li>Removed recommendation to coordinate spin for multiple connections that share a path (#2763, #2882)</li> <li>Allow smaller stateless resets and recommend a smaller minimum on packets that might trigger a stateless reset (#2770, #2869, #2927, #3007).</li> <li>Provide guidance around the interface to QUIC as used by application protocols (#2805, #2857)</li> <li>Frames other than STREAM can cause STREAM_LIMIT_ERROR (#2825, #2826)</li> <li>Tighter rules about processing of rejected 0-RTT packets (#2829, #2840, #2841)</li> <li>Explanation of the effect of Retry on 0-RTT packets (#2842, #2852)</li> <li>Cryptographic handshake needs to provide server transport parameter encryption (#2920, #2921)</li> <li>Moved ACK generation guidance from recovery draft to transport draft (#1860, #2916).</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-21" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-21</name> <ul spacing="normal"> <li>Connection ID lengths are now one octet, but limited in version 1 to 20 octets of length (#2736, #2749)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-20" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-20</name> <ul spacing="normal"> <li>Error codes are encoded as variable-length integers (#2672, #2680)</li> <li>NEW_CONNECTION_ID includes a request to retire old connection IDs (#2645, #2769)</li> <li>Tighter rules for generating and explicitly eliciting ACK frames (#2546, #2794)</li> <li>Recommend having only one packet per encryption level in a datagram (#2308, #2747)</li> <li>More normative language about use of stateless reset (#2471, #2574)</li> <li>Allow reuse of stateless reset tokens (#2732, #2733)</li> <li>Allow, but not require, enforcing non-duplicate transport parameters (#2689, #2691)</li> <li>Added an active_connection_id_limit transport parameter (#1994, #1998)</li> <li>max_ack_delay transport parameter defaults to 0 (#2638, #2646)</li> <li>When sending 0-RTT, only remembered transport parameters apply (#2458, #2360, #2466, #2461)</li> <li>Define handshake completion and confirmation; define clearer rules when it encryption keys should be discarded (#2214, #2267, #2673)</li> <li>Prohibit path migration prior to handshake confirmation (#2309, #2370)</li> <li>PATH_RESPONSE no longer needs to be received on the validated path (#2582, #2580, #2579, #2637)</li> <li>PATH_RESPONSE frames are not stored and retransmitted (#2724, #2729)</li> <li>Document hack for enabling routing of ICMP when doing PMTU probing (#1243, #2402)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-19" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-19</name> <ul spacing="normal"> <li>Refine discussion of 0-RTT transport parameters (#2467, #2464)</li> <li>Fewer transport parameters need to be remembered for 0-RTT (#2624, #2467)</li> <li>Spin bit text incorporated (#2564)</li> <li>Close the connection when maximum stream ID in MAX_STREAMS exceeds 2^62 - 1 (#2499, #2487)</li> <li>New connection ID required for intentional migration (#2414, #2413)</li> <li>Connection ID issuance can be rate-limited (#2436, #2428)</li> <li>The "QUIC bit" is ignored in Version Negotiation (#2400, #2561)</li> <li>Initial packets from clients need to be padded to 1200 unless a Handshake packet is sent as well (#2522, #2523)</li> <li>CRYPTO frames can be discarded if too much data is buffered (#1834, #2524)</li> <li>Stateless reset uses a short header packet (#2599, #2600)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-18" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-18</name> <ul spacing="normal"> <li>Removed version negotiation; version negotiation, including authentication of the result, will be addressed in the next version of QUIC (#1773, #2313)</li> <li>Added discussion of the use of IPv6 flow labels (#2348, #2399)</li> <li>A connection ID can't be retired in a packet that uses that connection ID (#2101, #2420)</li> <li>Idle timeout transport parameter is in milliseconds (from seconds) (#2453, #2454)</li> <li>Endpoints are required to use new connection IDs when they use new network paths (#2413, #2414)</li> <li>Increased the set of permissible frames in 0-RTT (#2344, #2355)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-17" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-17</name> <ul spacing="normal"> <li>Stream-related errors now use STREAM_STATE_ERROR (#2305)</li> <li>Endpoints discard initial keys as soon as handshake keys are available (#1951, #2045)</li> <li>Expanded conditions for ignoring ICMP packet too big messages (#2108, #2161)</li> <li>Remove rate control from PATH_CHALLENGE/PATH_RESPONSE (#2129, #2241)</li> <li>Endpoints are permitted to discard malformed initial packets (#2141)</li> <li>Clarified ECN implementation and usage requirements (#2156, #2201)</li> <li>Disable ECN count verification for packets that arrive out of order (#2198, #2215)</li> <li>Use Probe Timeout (PTO) instead of RTO (#2206, #2238)</li> <li>Loosen constraints on retransmission of ACK ranges (#2199, #2245)</li> <li>Limit Retry and Version Negotiation to once per datagram (#2259, #2303)</li> <li>Set a maximum value for max_ack_delay transport parameter (#2282, #2301)</li> <li>Allow server preferred address for both IPv4 and IPv6 (#2122, #2296)</li> <li>Corrected requirements for migration to a preferred address (#2146, #2349)</li> <li>ACK of non-existent packet is illegal (#2298, #2302)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-16" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-16</name> <ul spacing="normal"> <li>Stream limits are defined as counts, not maximums (#1850, #1906)</li> <li>Require amplification attack defense after closing (#1905, #1911)</li> <li>Remove reservation of application error code 0 for STOPPING (#1804, #1922)</li> <li>Renumbered frames (#1945)</li> <li>Renumbered transport parameters (#1946)</li> <li>Numeric transport parameters are expressed as varints (#1608, #1947, #1955)</li> <li>Reorder the NEW_CONNECTION_ID frame (#1952, #1963)</li> <li> <t>Rework the first byte (#2006) </t> <ul spacing="normal"> <li>Fix the 0x40 bit</li> <li>Change type values for long header</li> <li>Add spin bit to short header (#631, #1988)</li> <li>Encrypt the remainder of the first byte (#1322)</li> <li>Move packet number length to first byte</li> <li>Move ODCIL to first byte of retry packets</li> <li>Simplify packet number protection (#1575)</li> </ul> </li> <li>Allow STOP_SENDING to open a remote bidirectional stream (#1797, #2013)</li> <li>Added mitigation for off-path migration attacks (#1278, #1749, #2033)</li> <li>Don't let the PMTU to drop below 1280 (#2063, #2069)</li> <li>Require peers to replace retired connection IDs (#2085)</li> <li>Servers are required to ignore Version Negotiation packets (#2088)</li> <li>Tokens are repeated in all Initial packets (#2089)</li> <li>Clarified how PING frames are sent after loss (#2094)</li> <li>Initial keys are discarded once Handshake are available (#1951, #2045)</li> <li>ICMP PTB validation clarifications (#2161, #2109, #2108)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-15" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-15</name> <t>Substantial editorial reorganization; no technical changes.</t> </section> <section anchor="since-draft-ietf-quic-transport-14" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-14</name> <ul spacing="normal"> <li>Merge ACK and ACK_ECN (#1778, #1801)</li> <li>Explicitly communicate max_ack_delay (#981, #1781)</li> <li>Validate original connection ID after Retry packets (#1710, #1486, #1793)</li> <li>Idle timeout is optional and has no specified maximum (#1765)</li> <li>Update connection ID handling; add RETIRE_CONNECTION_ID type (#1464, #1468, #1483, #1484, #1486, #1495, #1729, #1742, #1799, #1821)</li> <li>Include a Token in all Initial packets (#1649, #1794)</li> <li>Prevent handshake deadlock (#1764, #1824)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-13" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-13</name> <ul spacing="normal"> <li>Streams open when higher-numbered streams of the same type open (#1342, #1549)</li> <li>Split initial stream flow control limit into 3 transport parameters (#1016, #1542)</li> <li>All flow control transport parameters are optional (#1610)</li> <li>Removed UNSOLICITED_PATH_RESPONSE error code (#1265, #1539)</li> <li>Permit stateless reset in response to any packet (#1348, #1553)</li> <li>Recommended defense against stateless reset spoofing (#1386, #1554)</li> <li>Prevent infinite stateless reset exchanges (#1443, #1627)</li> <li>Forbid processing of the same packet number twice (#1405, #1624)</li> <li>Added a packet number decoding example (#1493)</li> <li>More precisely define idle timeout (#1429, #1614, #1652)</li> <li>Corrected format of Retry packet and prevented looping (#1492, #1451, #1448, #1498)</li> <li>Permit 0-RTT after receiving Version Negotiation or Retry (#1507, #1514, #1621)</li> <li>Permit Retry in response to 0-RTT (#1547, #1552)</li> <li>Looser verification of ECN counters to account for ACK loss (#1555, #1481, #1565)</li> <li>Remove frame type field from APPLICATION_CLOSE (#1508, #1528)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-12" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-12</name> <ul spacing="normal"> <li> <t>Changes to integration of the TLS handshake (#829, #1018, #1094, #1165, #1190, #1233, #1242, #1252, #1450, #1458) </t> <ul spacing="normal"> <li>The cryptographic handshake uses CRYPTO frames, not stream 0</li> <li>QUIC packet protection is used in place of TLS record protection</li> <li>Separate QUIC packet number spaces are used for the handshake</li> <li>Changed Retry to be independent of the cryptographic handshake</li> <li>Added NEW_TOKEN frame and Token fields to Initial packet</li> <li>Limit the use of HelloRetryRequest to address TLS needs (like key shares)</li> </ul> </li> <li>Enable server to transition connections to a preferred address (#560, #1251, #1373)</li> <li>Added ECN feedback mechanisms and handling; new ACK_ECN frame (#804, #805, #1372)</li> <li>Changed rules and recommendations for use of new connection IDs (#1258, #1264, #1276, #1280, #1419, #1452, #1453, #1465)</li> <li>Added a transport parameter to disable intentional connection migration (#1271, #1447)</li> <li>Packets from different connection ID can't be coalesced (#1287, #1423)</li> <li>Fixed sampling method for packet number encryption; the length field in long headers includes the packet number field in addition to the packet payload (#1387, #1389)</li> <li>Stateless Reset is now symmetric and subject to size constraints (#466, #1346)</li> <li>Added frame type extension mechanism (#58, #1473)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-11" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-11</name> <ul spacing="normal"> <li>Enable server to transition connections to a preferred address (#560, #1251)</li> <li>Packet numbers are encrypted (#1174, #1043, #1048, #1034, #850, #990, #734, #1317, #1267, #1079)</li> <li>Packet numbers use a variable-length encoding (#989, #1334)</li> <li>STREAM frames can now be empty (#1350)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-10" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-10</name> <ul spacing="normal"> <li>Swap payload length and packed number fields in long header (#1294)</li> <li>Clarified that CONNECTION_CLOSE is allowed in Handshake packet (#1274)</li> <li>Spin bit reserved (#1283)</li> <li>Coalescing multiple QUIC packets in a UDP datagram (#1262, #1285)</li> <li>A more complete connection migration (#1249)</li> <li>Refine opportunistic ACK defense text (#305, #1030, #1185)</li> <li>A Stateless Reset Token isn't mandatory (#818, #1191)</li> <li>Removed implicit stream opening (#896, #1193)</li> <li>An empty STREAM frame can be used to open a stream without sending data (#901, #1194)</li> <li>Define stream counts in transport parameters rather than a maximum stream ID (#1023, #1065)</li> <li>STOP_SENDING is now prohibited before streams are used (#1050)</li> <li>Recommend including ACK in Retry packets and allow PADDING (#1067, #882)</li> <li>Endpoints now become closing after an idle timeout (#1178, #1179)</li> <li>Remove implication that Version Negotiation is sent when a packet of the wrong version is received (#1197)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-09" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-09</name> <ul spacing="normal"> <li>Added PATH_CHALLENGE and PATH_RESPONSE frames to replace PING with Data and PONG frame. Changed ACK frame type from 0x0e to 0x0d. (#1091, #725, #1086)</li> <li>A server can now only send 3 packets without validating the client address (#38, #1090)</li> <li>Delivery order of stream data is no longer strongly specified (#252, #1070)</li> <li>Rework of packet handling and version negotiation (#1038)</li> <li>Stream 0 is now exempt from flow control until the handshake completes (#1074, #725, #825, #1082)</li> <li>Improved retransmission rules for all frame types: information is retransmitted, not packets or frames (#463, #765, #1095, #1053)</li> <li>Added an error code for server busy signals (#1137)</li> <li>Endpoints now set the connection ID that their peer uses. Connection IDs are variable length. Removed the omit_connection_id transport parameter and the corresponding short header flag. (#1089, #1052, #1146, #821, #745, #821, #1166, #1151)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-08" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-08</name> <ul spacing="normal"> <li>Clarified requirements for BLOCKED usage (#65, #924)</li> <li>BLOCKED frame now includes reason for blocking (#452, #924, #927, #928)</li> <li>GAP limitation in ACK Frame (#613)</li> <li>Improved PMTUD description (#614, #1036)</li> <li>Clarified stream state machine (#634, #662, #743, #894)</li> <li>Reserved versions don't need to be generated deterministically (#831, #931)</li> <li>You don't always need the draining period (#871)</li> <li>Stateless reset clarified as version-specific (#930, #986)</li> <li>initial_max_stream_id_x transport parameters are optional (#970, #971)</li> <li>ACK delay assumes a default value during the handshake (#1007, #1009)</li> <li>Removed transport parameters from NewSessionTicket (#1015)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-07" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-07</name> <ul spacing="normal"> <li>The long header now has version before packet number (#926, #939)</li> <li>Rename and consolidate packet types (#846, #822, #847)</li> <li>Packet types are assigned new codepoints and the Connection ID Flag is inverted (#426, #956)</li> <li>Removed type for Version Negotiation and use Version 0 (#963, #968)</li> <li> <t>Streams are split into unidirectional and bidirectional (#643, #656, #720, #872, #175, #885) </t> <ul spacing="normal"> <li>Stream limits now have separate uni- and bi-directional transport parameters (#909, #958)</li> <li>Stream limit transport parameters are now optional and default to 0 (#970, #971)</li> </ul> </li> <li>The stream state machine has been split into read and write (#634, #894)</li> <li>Employ variable-length integer encodings throughout (#595)</li> <li> <t>Improvements to connection close </t> <ul spacing="normal"> <li>Added distinct closing and draining states (#899, #871)</li> <li>Draining period can terminate early (#869, #870)</li> <li>Clarifications about stateless reset (#889, #890)</li> </ul> </li> <li>Address validation for connection migration (#161, #732, #878)</li> <li>Clearly defined retransmission rules for BLOCKED (#452, #65, #924)</li> <li>negotiated_version is sent in server transport parameters (#710, #959)</li> <li>Increased the range over which packet numbers are randomized (#864, #850, #964)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-06" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-06</name> <ul spacing="normal"> <li>Replaced FNV-1a with AES-GCM for all "Cleartext" packets (#554)</li> <li>Split error code space between application and transport (#485)</li> <li>Stateless reset token moved to end (#820)</li> <li>1-RTT-protected long header types removed (#848)</li> <li>No acknowledgments during draining period (#852)</li> <li>Remove "application close" as a separate close type (#854)</li> <li>Remove timestamps from the ACK frame (#841)</li> <li>Require transport parameters to only appear once (#792)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-05" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-05</name> <ul spacing="normal"> <li>Stateless token is server-only (#726)</li> <li>Refactor section on connection termination (#733, #748, #328, #177)</li> <li>Limit size of Version Negotiation packet (#585)</li> <li>Clarify when and what to ack (#736)</li> <li>Renamed STREAM_ID_NEEDED to STREAM_ID_BLOCKED</li> <li>Clarify Keep-alive requirements (#729)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-04" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-04</name> <ul spacing="normal"> <li>Introduce STOP_SENDING frame, RESET_STREAM only resets in one direction (#165)</li> <li>Removed GOAWAY; application protocols are responsible for graceful shutdown (#696)</li> <li>Reduced the number of error codes (#96, #177, #184, #211)</li> <li>Version validation fields can't move or change (#121)</li> <li>Removed versions from the transport parameters in a NewSessionTicket message (#547)</li> <li>Clarify the meaning of "bytes in flight" (#550)</li> <li>Public reset is now stateless reset and not visible to the path (#215)</li> <li>Reordered bits and fields in STREAM frame (#620)</li> <li>Clarifications to the stream state machine (#572, #571)</li> <li>Increased the maximum length of the Largest Acknowledged field in ACK frames to 64 bits (#629)</li> <li>truncate_connection_id is renamed to omit_connection_id (#659)</li> <li>CONNECTION_CLOSE terminates the connection like TCP RST (#330, #328)</li> <li>Update labels used in HKDF-Expand-Label to match TLS 1.3 (#642)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-03" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-03</name> <ul spacing="normal"> <li>Change STREAM and RESET_STREAM layout</li> <li>Add MAX_STREAM_ID settings</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-02" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-02</name> <ul spacing="normal"> <li>The size of the initial packet payload has a fixed minimum (#267, #472)</li> <li>Define when Version Negotiation packets are ignored (#284, #294, #241, #143, #474)</li> <li>The 64-bit FNV-1a algorithm is used for integrity protection of unprotected packets (#167, #480, #481, #517)</li> <li>Rework initial packet types to change how the connection ID is chosen (#482, #442, #493)</li> <li>No timestamps are forbidden in unprotected packets (#542, #429)</li> <li>Cryptographic handshake is now on stream 0 (#456)</li> <li>Remove congestion control exemption for cryptographic handshake (#248, #476)</li> <li>Version 1 of QUIC uses TLS; a new version is needed to use a different handshake protocol (#516)</li> <li>STREAM frames have a reduced number of offset lengths (#543, #430)</li><li><t>Split some frames into separate connection- and stream- level frames (#443) </t> <ul spacing="normal"> <li>WINDOW_UPDATE split into MAX_DATA and MAX_STREAM_DATA (#450)</li> <li>BLOCKED split to match WINDOW_UPDATE split (#454)</li> <li>Define STREAM_ID_NEEDED frame (#455)</li> </ul><t><contact fullname="Antoine Delignat-Lavaud"/></t> </li><li>A NEW_CONNECTION_ID frame supports connection migration without linkability (#232, #491, #496)</li><li><t>Transport parameters for 0-RTT are retained from a previous connection (#405, #513, #512) </t> <ul spacing="normal"> <li>A client in 0-RTT no longer required to reset excess streams (#425, #479)</li> </ul><t><contact fullname="Brian Trammell"/></t> </li><li>Expanded security considerations (#440, #444, #445, #448)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-01" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-01</name> <ul spacing="normal"> <li>Defined short and long packet headers (#40, #148, #361)</li> <li>Defined a versioning scheme and stable fields (#51, #361)</li> <li>Define reserved version values for "greasing" negotiation (#112, #278)</li> <li>The initial packet number is randomized (#35, #283)</li> <li>Narrow the packet number encoding range requirement (#67, #286, #299, #323, #356)</li> <li>Defined client address validation (#52, #118, #120, #275)</li> <li>Define transport parameters as a TLS extension (#49, #122)</li> <li>SCUP and COPT parameters are no longer valid (#116, #117)</li> <li>Transport parameters for 0-RTT are either remembered from before, or assume default values (#126)</li> <li>The server chooses connection IDs in its final flight (#119, #349, #361)</li> <li>The server echoes the Connection ID and packet number fields when sending a Version Negotiation packet (#133, #295, #244)</li> <li>Defined a minimum packet size for the initial handshake packet from the client (#69, #136, #139, #164)</li> <li>Path MTU Discovery (#64, #106)</li> <li>The initial handshake packet from the client needs to fit in a single packet (#338)</li> <li>Forbid acknowledgment of packets containing only ACK and PADDING (#291)</li> <li>Require that frames are processed when packets are acknowledged (#381, #341)</li> <li>Removed the STOP_WAITING frame (#66)</li> <li>Don't require retransmission of old timestamps for lost ACK frames (#308)</li> <li>Clarified that frames are not retransmitted, but the information in them can be (#157, #298)</li> <li>Error handling definitions (#335)</li> <li>Split error codes into four sections (#74)</li> <li>Forbid the use of Public Reset where CONNECTION_CLOSE is possible (#289)</li> <li>Define packet protection rules (#336)</li> <li>Require that stream be entirely delivered or reset, including acknowledgment of all STREAM frames or the RESET_STREAM, before it closes (#381)</li> <li>Remove stream reservation from state machine (#174, #280)</li> <li>Only stream 1 does not contribute to connection-level flow control (#204)</li> <li>Stream 1 counts towards the maximum concurrent stream limit (#201, #282)</li> <li>Remove connection-level flow control exclusion for some streams (except 1) (#246)</li> <li>RESET_STREAM affects connection-level flow control (#162, #163)</li> <li>Flow control accounting uses the maximum data offset on each stream, rather than bytes received (#378)</li> <li>Moved length-determining fields to the start of STREAM and ACK (#168, #277)</li> <li>Added the ability to pad between frames (#158, #276)</li> <li>Remove error code and reason phrase from GOAWAY (#352, #355)</li> <li>GOAWAY includes a final stream number for both directions (#347)</li> <li>Error codes for RESET_STREAM and CONNECTION_CLOSE are now at a consistent offset (#249)</li> <li>Defined priority as the responsibility of the application protocol (#104, #303)</li> </ul> </section> <section anchor="since-draft-ietf-quic-transport-00" numbered="true" toc="default"> <name>Since draft-ietf-quic-transport-00</name> <ul spacing="normal"> <li>Replaced DIVERSIFICATION_NONCE flag with KEY_PHASE flag</li> <li>Defined versioning</li> <li>Reworked description of packet and frame layout</li> <li>Error code space is divided into regions for each component</li> <li>Use big endian for all numeric values</li> </ul> </section> <section anchor="since-draft-hamilton-quic-transport-protocol-01" numbered="true" toc="default"> <name>Since draft-hamilton-quic-transport-protocol-01</name> <ul spacing="normal"> <li>Adopted as base for draft-ietf-quic-tls</li> <li>Updated authors/editors list</li> <li>Added IANA Considerations section</li> <li>Moved Contributors and Acknowledgments to appendices</li> </ul> </section> </section> <section numbered="false" anchor="contributors" toc="default"> <name>Contributors</name> <t>The original design and rationale behind this protocol draw significantly from work by Jim Roskind <xref target="EARLY-DESIGN" format="default"/>.</t> <t>The IETF QUIC Working Group received an enormous amount of support from many people. The following people provided substantive contributions to this document:</t> <ul spacing="normal"> <li>Alessandro Ghedini</li> <li>Alyssa Wilk</li> <li>Antoine Delignat-Lavaud</li> <li>Brian Trammell</li> <li>Christian Huitema</li> <li>Colin Perkins</li> <li>David Schinazi</li> <li>Dmitri Tikhonov</li> <li>Eric Kinnear</li> <li>Eric Rescorla</li> <li>Gorry Fairhurst</li> <li>Ian Swett</li> <li>Igor Lubashev</li><li><t> <contact<t><contact fullname="Christian Huitema"/></t> </li> <li> <t><contact fullname="Colin Perkins"/></t> </li> <li> <t><contact fullname="David Schinazi"/></t> </li> <li> <t><contact fullname="Dmitri Tikhonov"/></t> </li> <li> <t><contact fullname="Eric Kinnear"/></t> </li> <li> <t><contact fullname="Eric Rescorla"/></t> </li> <li> <t><contact fullname="Gorry Fairhurst"/></t> </li> <li> <t><contact fullname="Ian Swett"/></t> </li> <li> <t><contact fullname="Igor Lubashev"/></t> </li> <li> <t><contact asciiFullname="Kazuho Oku" fullname="奥一穂"/> </t>一穂"/></t> </li><li>Lars Eggert</li> <li>Lucas Pardue</li> <li>Magnus Westerlund</li> <li>Marten Seemann</li> <li>Martin Duke</li> <li>Mike Bishop</li><li><t> <contact<t><contact fullname="Lars Eggert"/></t> </li> <li> <t><contact fullname="Lucas Pardue"/></t> </li> <li> <t><contact fullname="Magnus Westerlund"/></t> </li> <li> <t><contact fullname="Marten Seemann"/></t> </li> <li> <t><contact fullname="Martin Duke"/></t> </li> <li> <t><contact fullname="Mike Bishop"/></t> </li> <li> <t><contact fullname="Mikkel FahnøeJørgensen"/> </t>Jørgensen"/></t> </li> <li><t> <contact<t><contact fullname="MirjaKühlewind"/> </t>Kühlewind"/></t> </li> <li> <t><contact fullname="Nick Banks"/></t> </li> <li> <t><contact fullname="Nick Harper"/></t> </li> <li> <t><contact fullname="Patrick McManus"/></t> </li> <li> <t><contact fullname="Roberto Peon"/></t> </li> <li> <t><contact fullname="Ryan Hamilton"/></t> </li> <li> <t><contact fullname="Subodh Iyengar"/></t> </li> <li> <t><contact fullname="Tatsuhiro Tsujikawa"/></t> </li> <li> <t><contact fullname="Ted Hardie"/></t> </li> <li> <t><contact fullname="Tom Jones"/></t> </li> <li> <t><contact fullname="Victor Vasiliev"/></t> </li><li>Nick Banks</li> <li>Nick Harper</li> <li>Patrick McManus</li> <li>Roberto Peon</li> <li>Ryan Hamilton</li> <li>Subodh Iyengar</li> <li>Tatsuhiro Tsujikawa</li> <li>Ted Hardie</li> <li>Tom Jones</li> <li>Victor Vasiliev</li></ul> </section> </back><!-- ##markdown-source: H4sIAMIHAWAAA9y9+3rc1pUn+v9+Coz8R8h0FS3ZzqXlTvfQFNXmRBZ1SNqZ nHRGAatAEq0qoFJAiWI7zrPMs5wnO+u+194AilK6+0x/x/NNhyKBjX1Ze11+ 6zafz0Nf96vqefHk//r+7OR5cVx8/+LN/Juyq5bFd7tVX29W1Qf4uWyWxWW1 2G2r4mpbNt2m3fZPQnl9va3ePy/w3fj74s227dtFuwrLdtGUaxh9uS1v+nld 9TfzP+/qxbzXZ+dffhWWZQ+PfPH0i2fzp8/mz34RFvCL23b78Lzo+mWoN9vn Rb/ddf0XT5/+/dMvQrmtyufxc+G+3b673ba7DU8khK6H6b4tV20D4z5UXdjU z4s/wJRmRQcvbKubDn56WPMPMMl1udnUze0fQyh3/V27fR6KYg7/vyjqpnte /I+j4uyham7LLf2Ol/Q/yqZMft1ub58XL8uuXz3Qv6t1Wa+eF/+6rY9w4f/9 Fv99tGjX9Ndti7teLeu+3aZf++6ouLpr113buK99V277ukn+QN/7rv23erUq /QfX/X9ftfdV02/bzcNRU/XD74Wm3a7Lvn5fPQ/wV9y1+dnrH44vzo5fX10+ pxeULn6otl3dNvOzZlltKvg/DR3wpoIJVV3R3tDrT+idwUniL7tqCw/WzU3L AxfFWdNXW5jY/AWSxZA66uZ9ua3Lpu/mz76kd+Kx4H9z+d/xDdu7aYON0+Vf nJ6c/3B68ft08UTYr9quK15UfbXoYSPoKpy0zW3V0T/hR9jp1X/oBmyrRfu+ 2j7g7Xh0+Rl17qHQMSodocWRb5wdFZf3Vd9nXzgrm+z3NPw/t+3tqhofXvf7 6lVGZ9/DDt06JvKqfKi2zHPq/qE4gBcOi75VLvQfTnT9qvuo7f53UdvH7/gl fGYH880P9bKCPc/+Qp/omi+3y4k9x33wF/70+OLV7+cvTi/P/vn1kOCfJ5w/ nsg5kCSKhydjm2S0eNF27+pmmRzNsy/nz76YA+umT5Xb2woO4Mld32+6559/ ftu2R7erz5ff/dC/rJ/g/C5fnf/u1fnFWUYiv6tWwD4rogJgcat2W3dHR0d7 5nMB87lsyndV8S2somqSWT39+/nTX/op8bs2r/vq+qjcLu5g145gi/Hfn8Na fvH0S/j/v/jq11/++nN8FJ68K48W74BP0mOdTu1zWEuYz+dFed2BwFv0IVzd 1R0KnN0a2eiyuqkb4KH9XVUsWiBqYKb4M3EdE5HFRsTpEV8d/Pf7egliDaTW qgZhCWyoK+7r/q64gW/PF8yRVnB48N2qXHcFHD/+vFv0cHeW8LH1etfIq7OA L61gU5rFA/ypaYTRAYMrr1d1d4eTnRHfg/uD0rbYlPCxdX27pRGOeF51s1jt cF6dXtp1VXbwQVxh2RdVg//AL9zUKEbqcgUPzeA9EPdb+hG/Ub4HMVZe1/hH +FtRBtiJW9ockECr9oH2blFvYRdR0i+qDnbmeAGL2pTNA3IR3WHY66pbbOvr Cvc18IdoyjgacBTamHfVAyzstoUJ0X4UK2T4S2X4MivYjw/VerMqtw9hEdm/ bHZRrkBjgSNYH8mhN21fvX1x/vb1+dXbF6dvXp3//u3Vt2eXb0HIXJ6dv357 /vItaysvzgt4puBnCnymkGeK85e8s9+/vjp7VZxdFfC3s9fF8evi4uUJ8iGg pvcsnwv4EWa0WoWyoCOCnQNCuYXdh+15CcvsQaSu3BaC6gNXHDS9Ygf/vyq3 qxrutwzXHblVvMb/07dvL6pyCX+GKdfdYtd1so89ETWyU7hI7+C0YZMWcF5N JGacER4MqWkF6in4L6CtPhz8Adnvf0dGjNfnjwf41759nvz28HBW3N/Viztc ptxJOJM+/OGPB3pd8T29rvre5/iLz7uK/uefSEF6i1/9DY5+GMLvZF7/TPMy NonnCgcOZHPT7vDw+8J96BaOeXeNmtznOMz97eHXoFfutosKCGNZEbnUXbeD ncBvEY25PcpGDvtG/vwazmdO73Wfw6WoVt3nUXk+lENa18slyNvwGbHo93V1 HwLfSNisomOBeVuByChX881uu2nhwMf4CxJUGLAnpbBnquzpWeBNhg3rkCHj UcuDoL+Zqhg2A1VRxl0ihf74Y6Z7/vTTkZ975EZzuF0wHrym02WmsgAG11e0 zh5+uNmtiJ8gu4W3wjUwrKpqcKgVvk+HA8oBTPUI2bHQ5x38urtDOQF7f02r dhwBZ77YPmx6uE7lBpZOo9gGhk25BdncowBQTsiMRng7MpqDH3/8J/jfZ1/+ 9NNh/BzwlhWIrd3tHVxCJMQywMXq23X9b7DSGxgWf4kEhKvGnYB/bkoQNn2H x1UVIzwNJydbGJT/0W6vUcYAX4Nb4DYfXoFdp8HiNhA3MXkB5wuHuK77gMup PizulCM7EYRytSxKeLFFLRnYALDR+npVCaNS8YCstN3Q6eDC+FyIhkBAL3mU er0G3QU2cAWa39P5xdWVMYBtBVcDZUqHqgDSH85js61B0UnkWoGDo6y53cn+ wCeqpsQZhXDaLDdtjR+OL+Fu8s5dP+gqccNZ6uquf9fCnZZ/Efsva1gJUkBn F6Pcbh9MNHi2QqIk3zMl0krndMRXAFUalJMLoyT817YCuQhLrkr4Es+DhgXx jTTa4davd/A3eSboMx2e6oZuxqJcHSXLAqZa0bRrJhVQ82huQFrrLgDx/jf4 zW9A6jz91S9/jSQMewnTBpovbsoFymrcPiefa5SXwP1w/7qHrq/WePDLIBoE ypdjtw96qbtIXX7b0BqCO0wzdhrK+7pUFWcWeOtxHe0WxBRqP0AqFeoHuBXX Dz0qClf3wKseNvw7flc5MrOS5fNwXS9hl+kTIDH1A3K25QrUpeK6BQXIzish 3q9pnUBRjw4Ck4ftWVU2UDLOUXEcYEqgws+vCY/pFnfVmq7mruNLuarhTtoq cPpKY3g8JGCQaso1/NjDggORG/NNXjN8rVeOq3olvQNbDJoDKDvFTVUtr4FK cMwaFKCKzndbrWq8SnDmqxptVVr1UDGCVTRROSJWJpoVcjuYoNi6xOe27ZqV L51qHTU4Ly/UWEe+JSIF5U1X8HezKQSYePm+raP6Gp+h6ZliN/Kymzuw03LV tY/NSHYzkilfLtCk8KTqBVjeejZtJAGvWR8hqCAvB9Oy8dQ7T/2sRN+A1kYE yDTlP4tiGYXUDVwe+lYDmkH6ofMGZqMsGKdJZwoP82eJI/ZezRQhrroC2Ni3 eL6dfL/LJ4DbWDc7GPgGmQXfbRQGtuK+3bSr9hZ42jaUyyUqrIUAcgjTISdD jlbf3vV0S0uifuDQr4+vgHpAWi/hUdj2c7jq0WipljNgg2zHirzhFQqZL4kW 3Xb2KOEaNmg8b+rorqzLpgSmVIIKC8otqhnd3a5ftvdgH0Q+gE+q4oAP9/W6 anegIQCBtzCharttt/wYrSMKunQm5ZZHJnHBms0K9iWsK9zAulvHy0raZZw6 6Sqe9Gjb28YxmTvYTrhlfaBx0V757LPihWp9lyr2h9Yqk72zV5VtsD7Geq/X G0qcHpHF8xB+jkOTNYqngGMAWwNdCrWxelGZlUw7gCwqYUpHCJLCbRNG+tNP bj40F1j0okLxB5wJ2TjxUpUN/t05LRtHsD0s4SW4JCgrQEkCjqYGM/JVfpzO QsbxVjYMAwe8MjsetV07iBu5kcQIcQdOMqbAOwkq3AeSmCwcaN3VmH6im+AO +OM2wr2gm6HKutNzk7H0wnvLWF41NZFeQHWS1w77iUKDNs/uITL2kc/LTZ+/ L1f1cvh1ZQTxz0Re8FdSXuDJBq1ZkBOC9hEJgTSsb8vkO8Y+k+Hv4FziDiuv K5NLqAyTsDfHNHVkd+lgbLT0lAL4fJOLScIOiaNx3/A0RZxhjjuLprEnztsd 7ABSpqNJ2guH1ODLNFEdgKjtjep2DdsSVX71gKz6Qtkpo07tGL2JkjjnQTKS G1LbZvDdWTJQ/W/xRNjEpEsnW3Yntum6JoRhBiOn/y4FXYSxmvZ+VS1viT8h PgQ6g99U1WDnHdhT8LluUy1QYMJsdyvhncTY8Xzww/icDsSqL36I1PmBIYA7 /BIOd7V6QBEApj9BT3If1Ng17lix4sRH4FWI5+mFxO09EKdLd6gbR2ZetZ3r d/ChM/5dcSq/O0x3ec7qM43HlFB8ywCOPRjdcGbCJl9wLj0zce1lOln/kZd0 1IdDqkZUhJ44JfGHsMVjcB3u3c+6DIlTss/1u4EOxoITDxRlrDOLQWtHJSSx 5U2mdiGxiKfQWjpWw0SmsBA79+jMCpOAx1XLAghfzodf1H0l8JHM5KgoLlRc 2ffIFKiWoavoJoxAMcUIFEOKCH5gfF6oGFxVWzbdihe4ATUxN4ZOEDgFtgh6 95Pvvr+8ejLj/0U4E3++OIUxL05f4M+X3x6/emU/BHni8tvz71+9iD/FN0/O v/vu9PULfhnh0eRX4cl3x79/wqf85PzN1dn56+NXT0xXtSMjboeGKmNCG+Ak pJWksMg3J2/+n//97CvYg/8GBu4Xz579PdAq/+PXz371FfzjHsxw/lqL+jL/ E3b9ASF4UNYIpl6tYDs3YAivUFkAPQiETFMAvZGKdQJclV5m2402tWaENJlu nNl1BdqDWBOgPj0nhGaI2vk3HnJCiUgaeo9mZISU6AUpF9u2eVg7IIQ+gcYQ 6Ov9QzQSN+jWWtQbMQaGRjh8lbFFlHLIrRdV/R5/xM80S9UKhkDKFe4NG+y4 Mb23zE1ZFUQGmeQYgndCv7PtiYY0Tp+oVdDBbNbw6iWNMfFquWCpNvaiWwVv GopMsDJ604DIiCLhqhfN29xwb8tNt2NxSVv6/Ys3oTChA/f7vEEUgwG7BKaZ HELMyGwkZLTv5mChwyXHA3jjZ+0GlvkxmNWpssDcEv7UFMcnv50Vb45fvDh7 /c/K4E/OX78+PcHL9/bk1fnlKZ1oJxYa6dRANnRkCmvAQKnQ/hp+j45i0M0r MuPm6d87YkMkWGTSuqvOynCs1hAj2MNIXmYG0rqYyJA6CUGDsSJoh7xxWd8Q c+2z8V5GDUo2iveevDiFUwuOWXelCf8OWAVfefTPgaVQ/HkHKu2N+t5Y3dmR jXpTnL1Rxj3Dn0UJZs7DJ0tXv9mtr/lgEIcBrtaR8BQjj2DZFE9A9mP39eyF XvUIIMh9iciS/Olh5L7j7YhYJaqIp7iPdn860HQWMh2l4eTzrHfV8MimYpkn 0DD8b9xIgqbgj/clCpje3VA625psgx3BYe2m/POuMslbEWdgYzNSjUfj4PMp xocaQFOhPWHgIeGFdGrG9ZAHRUagN8htDdv1iP0ayXU1/lg2Vbvr1B5Nsc8x xktQjyrkcnWWwlorRgdz9YReIWoi2fLEsw0Uogmiq7ITiEwfQZTMlBBSnRo8 InFJA41tcJHvo2ZDHJyoZpacNe3Uo/zKT8f59lAk7rZN/kKAYWyuopi8bvtS jg/I6z1uH5pdP37WyB9+CuFNhMf57i9r3oChrsA8i70vBd97doqowwxsTXqD /4aTxbPZrdeg3v2byFbWEWdDrf8IY6a6yrv8g0mNrgIjBIQsq1nOgjAm19EV xsc/FHBfV0vBFGFJS9V1G8FaWBEo2feIIAQ/3+1A+d41S/kznFC9xT/DWhZk pF8jsAUTpdtML9km0VAI7VRoJ/Q8BNqJJU7sDDg3mKrA1/Rbep9XVXPb33k+ ij7nHT6wNHStvEa2eFN/AO2VrvRMTGgJDwC6AiYHViM9flQMP4dHh0TK64e1 hCbSxiLSxoyDJFBT45kRGVwDmcMd/FAcHB8+h6t4xnPTqIUPuPBjegrMERgb n6zHn7xr6WSaQsw1YVHs2iMPKZoCoBzMZWfMbAQSHzPyeFpHR9+Mf09uF5hR utUEoR8jZX7zNSom/EALtoHY5rLzKHTLYg0a0npHDrR/q7YtLxLJ6Zs9bwKh F2hl7ED13bLd8TWMRkuN90puSbm6Lx86FktovxFbZfgbAylwea8Oi98UJ+P7 WaIGRqQhWwkzPeFTJKOHF+01YJjJq+iGa/haNw/Kx/q7bWXvscEG9Pe+cjM5 OnqxZzIidFhz58AU2nPi1C9mTPod8ElUMPZNFKdZ2tf/5Q/0/X/54xQF6pUo DvB8CMLlMWFhrw51+kdHRyMD0Nkqewb9joNm8M0PgoiTBsFDc6gO+g0LexYn IJ/Db40IHlU36HhJhBYHvUqH6/oWKQCM4EMhE1Sn6O4G+j7Gi2CwEkXQiR8I t+2uvr2b82jXIoxIZ8OvAOP55sHd7hkRaMoYIqpbio4u7BP3P95KZKPM3qv0 MdQ9Ecv8UOIvgUn89a9/Daf8rwiUFz8G0tjnMEdeVnHwjGCSX7lfES28JFL+ gWjo4FdIbr98hg+6R35QFvGKN1xRHuA5+OTxFobcwt3Rv8sHj47oz/nb8tdf Hx198dVh/NLv8Evfye2XRw+e/VIG8c+UH5Jnjo6effFreugP50qR8o1ffnX4 R/zDBTBrkhH6bSLLWfiJdu/H58VnN/XtvPog0BFH9/3miW7rS/rtE2B9pDur ZUM7KVLJHexS4py6ilVpkNS1ou9Ef/wKcIKAvqMVbM9NXWXnb6yFkNEHwlvI XGODgERLPCAU3fTPn6kKCtyQQ6yEUGZu1Kcffv0UiGqHNFeZeu0VrTBcIHOX NQYaoH+NzAW4adds+ugso3MsIT6GmZI9FjDHHDA/fqZuFNWTOwt9ENyZFIjb u/6+wv87S9TiuaLQ3mPTIrDgQhuO7GsiSh7RwY/iVFJ/PJ6VWIfiFz8nu1Rs bTTJuq5d1PQsnRBPL7DLjnjUvOABZjj2olqt6Gdkdwb/el8NPE++0BWhK3AC dGqhXpMiSFITVwC22l1VLiW+TpnlLFrjl1cXp8ffiep5oJApT++nnw7DQnwC M7EayOcNR8ZTW6xa0kn5+XQ/yeMKe4QayXzF0XDof4c/rcqud8EixXIXHVJl BoFMbnhV0x6ryTVj06ZtFqBFwrirhxinQGGV21VVvtf9Z9zAQh5oLfIF3v1q qX77FmVH20eqax7CuiobAYFAacWzIeIjHVUiZdg4w/gZM9ajbcWxM+yNRksT t0u5ptrOFvxBWjw77ap0gWQ0oE/av26hFHxWDC6S8CT15kFGxat5/a+wz/iE pyyMkMBLQ34nQrL4KpEa1REcMnAwir3Dh1VcEUSGr545/7/e6Hm9/Glwro/d vKL4fjRahalSIjEaMvLsqedRSgvM1m6VOcmaUGcUI/8ofDP6AY5ZoKCQbDtR MccYG3urc/SKl9PAi2U00lNUssTDBrpZFGJWENeVeLayC26qZy8whDj+izHT X35BXFWV+YOn+OIX/wt+/ewwIiZNjeADUcoqrqxN5wPDX+rgPH9S8tlHnlkF QT5o5DC0C2i2iZ+4UOQdVrlzbAO+F0b2R4IfMf53KGMOnn6ABaaHiXuiO96N HntQPlUwKDtX+DWGod8BjygqUNjmfA3tT7QrB6YuwyTIkQHb/ZT9SYL4To3Z Lpf7hwy4Lhny2aGsvqtgQ5bTm/DFyCYsOaZthxEmnfKj8YixdEGFLYjWMx4f xq+E7BWbMELko7Pt+Da6Q8fPAr238aY8xD8D8RNic4NRyFsBRMlnoXCGxDYZ U5nTM8SL/lJ8gx/8i2dIxeh/fwl/eT7H/+R/9v0Hz4Ku9BReUvI506OeFSnz KPjZZ/gsg/iPPvvF+LgZ2+Nnvxwfd/AsarLZ/qgua1eduTUqs1eRirpNKd58 MmbwTSCkWwTeS5bcapezCnmA+wKGK4UJw/xCBONWDxh7vluQg+V9FbnPjRub EGsR7USRwhbRcw28Bv9EqnC8NxkzTMBhBGsUJkVYcLfqO/F/Bfd5eoc+T59E XGo7ekVFkyExD6pQtVRxJyofXpYL9SkVL1DhCF6v6kYUKw8fsmQhmYIyoSkS HfW4CcZBDUGNx4cfP7+5wXto0FaRfh3jHSjfQcRkoJ1JIoyJNV/H2DoJmdRd UNGXzo3AgUb17uD0bjidFzyChpWM6OYWJs3urAjYF9c7VJkCKisxHJRsKkKX 0xOeFbuNAsLl8j26j5EIEmWZdBfVu9aUAYIQEcdaLFjGM+LA0Z8SLxrjb2ka /FXZveJboJf3+HmLOBW08Lvj3xeLu5YyGEBxuyE7CicnCUNue0k5TciVYnrM QZlQQgjHbo/YYPN4O2uSxkD5nnao18uvWiYTBf4Dhv7hRXphe0wA0goeXj4A NYAWazsuehrIFtC4lqgdE/LMAfVweuEWHmv0EybpNVD6pqgFnm3iBCj2sPs6 OXrcPJxtH+jTG1ZkTYXW79nS5IOmP5j4SHSJQFEedOnxvr+5OL86Pzl/9faH s/NXx+gezDS3CYr11iSzqTZaEoK0vK8poyBInARqVd7EElyxrmLIbfUBWSXr fNcCdW3JUrkDua1BxhJg1BOnt3gjQj45gFLcpBiPQoi00BiPi/pFcnN7IzPi BJ6y7PBiskNiOZif0Iwfvp90wHwQpB4Mb2BH6gLwOFO6i+KlfyoPprZMkLDf 4niDuRW1Rm1FU2OT/N7MDqPADxT6B6dNKlqZ6CwV0NyCjSafBVBtCbAgyPEG 5RylVbGdsMiiOsUTu0WZDOaazYYkyIR1GYN9WP7GHI90MYnrN5yByQa3doan gHHvbHpGPiLvPiQpC2YeZVxGYjIStlZI+IvOkzBziwfN5MKC/AuC4rNvblWK Z07mEa1blORN/jUSdH6uGhIdKIIkmTIzVI5jrChuUkLNyRUQTwh/y/7BaIgD CZ1rOCxtWY4/zS1atvtpEG6lh8cuM9yF4zdndGycg3a96wlzgZMxt1pZcPxT uNk1C/usWfokCkezTnBTt5httNuQsXac7Hkwfx5hLx2oyYIRlqPHGQOL2RW0 vUEFAV8IlgWVBAtnN5M8KJ1ZjsMTVFSKMqjQ3GPHlhO6I6uUGHolMg66uSPX ps0j8Kq2lYWF0i8sRRCj7Fk+iHqG4UGMLCnykZGr37rnIcyL+20tWhkoFw3G I2K5DhwLWbKywYS/cRpMKFDVwxfnKbs6JNEqavDNbrUy+Sq8Xp3oOHH8fE+Z 4JSsEwga9EbewWKFOfYuvPdwJooue+pgrV7q8LRyDdRMv5dnr9WW48ygOc2r Tz5ZXm93II33fvPi9PL06u3Ul2lM9/06MVzvS75Lqn7QgPK1VaF5AHK0jrF9 8uFu6TZaFhTmvmPECv6aNPxkVhzT8OddBQYtgp0g4WeaNfiQLR+rAlydv3l7 efoaY5CGmGq7mQtNwvJZ6E7NlG0O/bIGCCI7rJbMOwkMlFQVuP4GZfLtNVrV cBOiP7Ze2F2N5xs37Z4dGfhkoP3o4oY0+XNNdV+oWiKp8OhRwL2iv9PfCDje ItyLp3ptVK2quirWHBWTpSGYIwD+h5yExo4lM0JYsTAgF+ytjLRuJMqEz7Pe 8vWipbPKjG60tqHIh4Apd7yl6xJDDaosBvo5IYsa++0ANBN/qj0FVcw63oaD mNMBj1hix6Gm7LP6GOPmk1Gj4SeTHgwKv38fB4Wdm4BJKX++lmC5yBptO9i4 dhsQOChXCMBDpmSvUzKnzq3FBNpx9BS/iyBpyHe3z/ITpQCA+pTwWs98eHRP cXs0SrBR6i4aAkB5cXk8VYY+9+PKVxTlAguNGRF4S8j2MiYApNCRqwnu/JoT WMQFSxZXMqTcRKB4DjIUIdoIb8kOwRNkhyKPXurcKgKD/8043MyYTbK1HNSb iWhawwpriKycDvi+kkC1kLrKk7QiVq8k6D0mJTDHQEc/3NxooBHIFBC2Y+zB JXFaxDsMrtl3KsrNBmIGMjkcPqs2Kc2dECdHHOkFRs2G4omYg8LiQPai99GU FY35nflBom3mBzC/SMgs/qMR9QfXrWph4gJycyxKidfBvOceoVowQ2r001HS SleD5tj0ojgNvsBGl/6u4/nzPUPKwIoYFLd31nAe+qLsCEK1jN735BPaFqWP DGRgnphYLZ8hVA+EWwwY5G8UmU9RmYrIf9H3nHIRPwGj9cZy48c6hTBkJKZD 58e5INVAXmM5giAcDEe/m0kYnTyNf0ofJqTj0g4iw/GmRI5j3CGw33qMp9PN 06tLQ6jAyJUUPjt8uQsGrWlUKIYgaNUk/eEvxQmhozrFA5nyYXzgDQp5fqrL mDG/pI++xx/+TjDtvwv0Mu/rX3jHvBbHf5ZvTODiR8mA4zh78Zc40+n/3EM0 E6Gkz/eOxA+9fXF8dfz2m1fnJ789feEeev/Y5z5q4jKfsR3yD8kb49v0jx// Obe6xx7y+/R3dNkGD+3bgvePzSkjFLpAo9uARIR3PO5XP7oV/2h/+6RPf8KW XIBOVByvVpgR0KUPyd9OfvufuTcjk0v3BiexnHyQ/vbxn/YRS0OuFN09xpCU 270ptxyvJpCHuYAmzGbxl/g8lJi9csDOpacBGfAXhauaMiueEVf+kpVcclp1 hxwvSNbIENBhbDk8Ia70RDi4yyKgpFcsCiAeIz8/NEnEh8EJMgKNg0wIw89c OnTf0vfZ++Bhjl4yi2AGFF1M4BkYN7JVlKnDm8aBWFvQYOVa4IaPMCi2DUXZ K4d7rlok1YPpRWF8gl+R/RjFXHgJ0fewrMiNwlBYotKiy6yN/9yBIrQqapFJ w1XwdNFcptl0bl98JGuMlZDCKzJ8ilweTdHZmIu6iO50ipcgW5aorXjK2kJg mpqxZfJMVAimvkOO2LQ8tpSkzEBO4YSA6heTFoWOD/Z+lngsosE3F7gg/gYx DatSMtdD1WiVxEsnDhVn8ZEHVQ5jHEoPDkqfaeop1bLo3AVwGW7Fd8f/862j x/ht72Wsh0vW/DkYeJKcO3PzhGuguHeVqGJ60NfmQBhbzgRuhjDJjV4Aj5bU aQBxDGzh7UW4gxA2szwUEgty9zhBSi+tqqnio5qNIojOtrR7AHzKtMp4N1+y DhovScI3Cdf0dOJmHjzN5ERhiHNTiU1yVy3eje5ny4hH2HNcib8wYXbw3XFK CcYlzTPIvMNwJkMqmIm4m8yuuqNkRRQO2JU3ZJbeNu2WQ+HHP87ODRmeSMsy tIQTjC1Fqq5ME4gHZWNuH7rZJmggDGigYBog4f0k5YsUpjXAMYk+XNC/MKaZ XDpy4A3oqhuAmxg0jDB7uTIf3D2H/eD1vwayRwvOlSbIXNpgua6w5mzJkRqz BHPio1Z0ohwDN5NDOMIKtgpwoLVJGxjHY9kyhhJHGZKBH5n8Iy0q+JuWeS6P fy+paOlHSi/SJMMSt2utGVl6C77m/Ck/j8Hxl72bHCEzlt3kasIFb0K3bvpF On2mTXXeOqaULcHIdT+FhikupV//eBJFyzhGtUzYxh5/zGzjBJr8RNs4pHin RI4JkV2lg5R7vAFAw1R3hBguoSC2P/S+/muaz4vKGz8d9nzN2DNGCbyzj4y4 ozTZGh7GqP/2mt1AMV5+oK3Q7RIn734XSKCv8xA+lEWRhkySzmxjTJETxF5n pT5XXMEeiIJsKzPZx+TO5wNsgd8UcGMMtRiDOuhDuYj4POVPB8lgh4NvfQvM rdrOX2u418dgJPBV/d//EhiJ3/C/wfb/JPgDq86MLd4/9NsGkef/T+EPs/XZ +B576BNM/OHqxk18+EVxoOluhwWjGuMm/mCC4yb+PwxGnP+t8MfxZkN43nBb 3N9Ykn76Dg3/+9tBkHI5/SD97d8FgjjxMwKCRME2BYPsYfOTJmmXYB1qhM4C /ONpEZGRUmAQQkEs7FWNUW94z8bYKI03VKKSAEmWrqaqCFY/GgMeRpYjNVI2 su6c1xKoMVQGWaKHfdIUvdpaD3koxUS484REEwmqKOw7kA5l5eL9E8mGHIcS RuVmqiHBEBk2kK4m2arEpEsgCT14giTCs+zQ0086CZ8qs6hadlOoiPjrHzmY MEIY6hwxsyklk3gxBqOHeMyYtdwIfmeXIrHHeavXbT8MP3AWlNRj5HifQYob x9RkkxonvPDpM2pacr7BT9Fkkm0KGvQoZqTszSmbNvxRto4w//I9xsZTGoNF 3cCEplG/+iYpaYx1LtkNLCGnmDas40UCFz4xK5IUnpvoAJ+KZNe9xkh2DfNW eEvKlHDbA7dPVqiXg5J9eELdBeebbJvcjx8RM3edMvzDtHu1z8yHkexXMHTq rFm0a82uxN0wjNZl7sH8uq5aX68IuhVFV6IveSEhie4eqsKIg3X2DVzmbj2K UBMUynOQXInrCvt+JPEwyZLZ+J3ANfo2MHRqF1PDwbgeOhdTkWTjhOdnTlZ3 02cegJGagUlsREA7srF8PnxQihAKGx4yXG+Y31E18AiCkYZIGqA3WKYxsHj9 EMuy+tRhfIsosFVgM6EdRE/Suotdjm446McC5N0azKZO92xSQoQhyqM3iLnB HdZa47QIiQ3DGcXx7K4mSKTYgrE6ToIc+I1F+iQw1FakSwhxCbgvH+F86PLd 4FsUYoQ/60HDNWMMdEe1RBn6G0XV9kWfU/WwRfXIi7MpIIMSbFBwfhSM4WXH mNKUMCtE3QaE7PGgcb/MEFpJ6SJGAjl7PPEGDHmRrwqIkZfsjKArrl0LppHv 8RwOVhpCsgteN4jlMHRXBmd/iE6zeo1tTBAuZLTf5nNDYmwtCFaeO8SikpMV thOnIlfiYGJbD0fdXljLBWumYE1wroGNXCfAHdpZnlKtfrHOeeuSneCc7kEu ksAht7sSrmVfVSPZQYGjSe84IQh3bktKV9NqjhOFVnnokDZFYJZ4VeqbPccz unREPI1EpqY207SdIs2o0pBbFXSSxqp4cuWNAKR9PzPKv0umKu+Zg6DbbdBj 23HAKQqqO6ockUyN5SwXmYrMfamKoYl5vgwUujvqLz7j0ij53sU5TIFmjscw 5aKvMGH0KkXy+5k4OmTxWjRKc2JcGB9uNkXdfsRMfERUCh4T2wsfid6+oYYo VOeEbhVlekbnK9cYMB2TNZR/3VFpBrxOrhShXAvOiDH8NPFUY0ke1o91bPMF bZ+rQBpGoc9GFeXsuTl5BsWpaMGzCd+YijKnfBaZUZrYFL0vXWUikYHmdDeL A08OaHwnnOmQU1FHP/ExgjgM3XBjvgKK1IMpp3ObFcazibGauTom7GiieiZZ AmGyG3T+QZ1umvtFn1u6KobE9jmnkTqfrcqHapkwIbFzgpWnhvfWRx5gGSXC XAe0w12XHzxJYBZBST7O3Cbs9sXdp19vpFLI8LP10JBJtxC4L214apT6DUOZ i8KAUyuR2UYWN3JCXwcNYlHfQW/1TVNx6KkQWALM69tM/AQ4mH5VxXJgkTRG bOhJiT/DeNFFFSb9p14+6TVIaUv4QiSv+3aMuHK9eQ9BCYMbdRjkLirET6KL 6ngiyoTFUNtJeoXL7E45NXz6LMv35cQsrVCWepZGP1bqx+qeg5vHP5dEYavf i+Q/sGjuAWEhUU7QwOhPEAh5wvqeY8qDiH9akARKY1RV28wz1oe36wlV+VnK eGTu75uwDZgOhWdmaQt0JtJBxZyDZRpbL3+mxkgjuxgU28ULs0LNDiPC0Nrv Nm2jZke6iTirb6+u3nz+BUzln/CnL7Bh1K9+8dVTsXrrzjyVZZ9HPFOi3sg+ ho1iyH4HcP5VnAfHnMipGzPBKG1VFWpKaEABTKUvPHslAIY8g7otX/MLuklp Lr1oVsH7ihWjGlqYZWEnjFzlrlzdzPUXqk78JQkbzMB6D6W7P5zYaulKyq/D ZKWNT/0D1sJ43cq1/5xDmO3j/g+L98XPn+kf6uVqWAsEh6IBPsdlfh7DxNVf 83m0CuM3yPn/SUNF7vq5/IiODviD2/TigFHKw8dmZdLg8ygI9g0VPz5wt0ws MBkKgwhXh7pA1U4+d/P4jx1qcq9klLFtn5zVxF5NDjW5V58+qz3b/mmzctVc PP9U79YbtcK/i4wzFYlw15n7oY+LOM/Bz58dSv1pLwgbTEVCs+sJ3pYnEten GswD5vCj5DdIGtNA2EQs9hs2dTemVFlBARwZU2CApRbeFnzQOEXJ12ipWjx5 7fH1q2guhXB2kwdJsSUuYCMZyyBAK6thyMzSYaea9BjUbVRz5kqaJ+q9Wmg1 U1pzXr2F294UWEbriKa2by/GwadZ5NhUWZ3z8GPUF1rJD/t1O6z/AobNxlJY 81Pheg3tRti1CVsViWADci2ecZ/KSLGSkGy67pludRrEF2ciGfM9Hxnmpxrs Iopx4ge4r0EnRYyMAgcRH0vr3kQKIsxp7x5Rjh82J0bdFZu4Bq7rnpSVj8Xw vJ9qRqlURe9z0ZLst4ipUu6+wipkmo5MRbJ+R7c48SeMYmcME6WtIiJmPvY9 slknx8vStCPVssCVhIII+Y8/PQySzdwBCGRRuLod0wDP4ekQ5hw4cixpcErX dtdbqj6XikEvmteCyAGERVbhZ/S8MXZE1m/+LhUjcY9mM5aCGHs2Tio/kAvA 6rXo0sRB4c9KRly0G3EuG/NwOW2j1ztH59SoE78T3ytfa3qCR6Vx4DFLbYJw EHzkoN1sulQO/2Hk+BCSu+amp73H+3JHdEhtetkZstU1mzSBTax6EWOqUlmh F7AwcPheaqV3nGnMOaGpi3MfW44Zlv7o0InqyvgIwMTW+5i1fWMxnyGJ+QSD 7n2NfRjyuQqtWtGpljpJsm0XTXNxXG/HfR0Dkz13Ac0jmuR8HXVmpqeYxJjk mkdeO4LNcF52jHFPd5KRafPIa72JKk9+nk4ZoZjy+F5SEzSVlWORyIQ802UJ WMxyt0V/gohP38RSiGQoNKfFsTBoKm9AZY9OJNDhx8+SrAd1WqHHSwP9uY8u YdBZfVcREg+SG012IAPmBJ7PrOAb6wGc9lsWN1SjkeEa4i5YKxgs/NVacTqm o3WJyha1BokPB3YZ8BIprdxNaw02B6cuaDNrV2sqroUfo4bYdc8pzBI847oP eoPay1z08RNBxIrqXA83YNuoLq3+xcDS/R3VKdCqpA4HpREZQ1lLMfFBP2KD zClhoZJmAQ7Rua/gFuKH5PsuSoM8Sg9U7WyG8EzWnXck7YWo8McfbxZzjoGh elfO72abaOWAFw9jNWZnWv0nurNktcGvdrFb76RA00jxYU4skEQLLu3EUVCz QZ8y6vtJ5wOkMXeTowW8sDKH8OjJxe/fXJ1bZgdz7vyI5ZJxgYfygep/RkYH hylHqQWvOHbFt86LnZey7HlpuByqD1qZku+LWE7s0uPYiKQHvTZqHnuv7INB RohdboGRjhRf6vJiWkkNJg2j++h1JN3h+87Nh1OBtH0u7n7GdoakJ3XJsNt0 +9BRifW1tff2T2qvbwa43QW3GozsMGc6RYOj7YFFc1lsVvE5nVLLzTNWTLeK awlq2tDWtkTKhSc1i8lAWWGNcxIXVH72fcXNaTjoIykwp73arNdvpsqzT03Y ZBerJajej5wyMj9WCHFS0WCV/R8wM5QLtBn64hgjF4OhsILdVCPVlCLfnnf/ xJlbiYWFtFqJQNJz+hk2DpWpLkrQRRRn5KipyEHyaftzTONtdNqDAqRt4/mh OOBxdiOlButGrparlqLlO53rpasoq5MDRSXljXbc8V0tSOs6ElqP0LDU0oVV Yc2C0Wk00nCUSusUxaXTXGee4rmQw6c4rdotOZuGz8kD6h5R8JhFD/IsvVws dbfxinvPHoIQ9mCZPJqqzV5VGY+8ilXCIraeVOLFJmOjbwaPFTjJet21q10v XSykfKdzAR4NfJQhFvejkDZ/n+V9Dg9w1V+ZX6lE4IL58nDQC2fxfVpMxa7Z p+1lesWj6qcnHJIct/FdUUAm/ji2T3gnfAn31BuJ0QvcHLH0El3G5Atrmn+b lEN2sQTa/0MyS2GFYJCsStO5aW5xo93iMSHeOQiFMocu5/Q4dQfiO3yaYeo0 k/X4M0xZjCTWjYml0h1fyu0KdzlmHojSCrLJFYQnQTteKTmwlU1T9L8Ws1Tq iabURfyPm2hkE9HAzlfnv3t7cv766uL81dvTi4vzC+mkfTDsxx0r6jG74HMT Qps6ssRwdMzExzPsScz1jEx5FnmgWimfRKW7qzCSocyAaKlfovqIVuI3lnSW raXMVob7do1WeCCpodXogsQMOfhaIka8ZzpFbcaCMmBzR4K2fXcxmVk0aST1 Fpeg0W5cQpLgzJgOD+xhbCMINbONQEBX0+eJHDegzLVLxVLR7iblnRxZaFMg cg7kgP+ey78pRiaZowQijpBaIPTS0k/ccSS1ty2wma+NC7tlS+9dVW1Yb3Ua CmlL8M2aetmYHJMhh3uBkD7j27xoQZ33nlYxclq0Grt66Ad1HWYVN6xRhcJt EQX5LNaZT9TkV6xdgJFu5lgYBAEsqwWVxfVV0dboseU3UsZRN4PcCnwnu0nK T1wVNyomTg3nqnsj9NKKwaltQvQj9T5oyxN1xWVJ77nOAmKmtbqjjUmNGoEM 6o1WGsD9rtA8BY2Y1a5WCoLgqxTlRL3SRYZYSRGHCOIcEYZ44HawtPuKpOM/ 6+sdXz/PwqTFkTRrRh/3DMNBFWIUeTzQbkY2XFozralPtpTWJKwKa9lukfYp cpmonEEwZL4zZLu7zdLqxq1QedUZzFRjIFYoldpa1Vjh8RALhPR7zo+BHTLq eDyta1x4AAUMUH/rrcUwxwhuy2U1BxKyHkUjY3ALcdnTwNX4RF7jx5GsBe8R 6YZDm2wZ6k4MOBflDsyGHQ0R61sjH92pVsf7teCmRhF+cXKrXHKVxlIzg6Je IPQ4J3pEciuqDv5HIliYE9I/+sCKzqTjSjWKTsr/dgy6qJ0ND1ydvBkWAMS8 EeqUBV+VMjdplRhWfeiemHeKW8f2bSodrX+7RHJR9/HeEo8sU2KW1V/HQYIO YpnoHHpefYDDN8YXexjReam0ifKH49QiktjFImN7ua8l7LirWGbaDlp796Up zx8vgSV+JdWv9+oiX8M2kK3SBg1Io9iyOpF03NjDi1wmjs6c1x5vOEVhWXO0 sQxgNZPM7zejFVI+Gw+3ZuVl+vshEfm9tNApG+2QFtltTASS9825J5eCnZ3J qkh9ssDsRHsqQw7fqhXOxl5XZVWeuzu0jZEj4L7c4j1rOYsIrHpmyb86+hWD gQScXZyenP9wevH7n36SI0dv6M6qkSBHsbWQtUUskCL44wdERCdy+U0sxa9u /zxqnxPbMghTGr5SnkRUapIOaCKzRU+5pTgHcXn0kqL1M1DTgLfc18v+bk6h iojRLXfcMkCnbyhK3ZvxpbjEZhd1WtV+Mg3xyPpDk+iMJTpvy435qVLcaaYY kMFMziufwVfsIiWWVBG9gNqdoViU3eYLnAFzpRr0Sw1zHCs+tOBypdv2feU7 JhzZMMqKuMJ7a0hoMph+hDFntiS0jWtYtSWnCZCEoOg/iU/3H7SwtdGBS9Sp SeoHz2FjFY7jk9/a74AmdguxphatcgfUp2U4odFvxSBTfPGEGwpmnSkW7rc/ +U486vChMxS3xi2G44v5Gy/qSK6s+UEDB+g467iiEFrLhG49JygXFPRgABrb 1phWG0l4TrBqTp3nFs3AGM64Ry3eS6L3HtREYM33jTgUFd61Pt8+O5htz5vd lg5InPpbi9JJgZvk8+YC7DIfoA8457L2qwfJkB8v5jwb1uIxg55aPBrOPOkV hPG/wTrYlijL0lAxm/Qwk23JMgMwOEXWtQxxTVqFC21v+6VkzU2khwh9vqQ/ kPsWTJyYBspx8i6BVKptfwQBZsmzZey7d9wZco4JI0STVLPudocuRsa6knrj 94oLtFRkuKfWtvmcoteKSZd0m6L4DkmHK9etyG0mMbZIDndUACYYT49IJMVt P/QO+iQR2SmAaNi8D1yCs8Ie1gFsASANnsV9tXVqlog4kT7OaZOUSpNM3RjY kGINAX1dcG1hMQ1mu1GVxTvJHI7++kgiXG5tuGOMopEaI93D8LZJD2VpJEbz mEo3vlmVtzgJS3YKogHxu6ZtoKqMljceflprDL/tiI8bC7eDFDgtlamdjmvp aXzErh+LEBPkKU1HZ94Z4LDMIB+j2vtymO6taUwDcDhnZxhdlB9hgrJP1Jnc U03OB1Pk+UaalBQbC1j5f1+gSvVtzTydzASf5P9C5iHlQTVHXKn5PZQKq49t KGUsmMofXFcPrZhqcaoRx53aW6AAymPXKE2yech2V1gtISYrzDBSM8Ul75XW uKwZO1l38UM5DODSFIR4W45fvb08+79PPYLLKvMQxU0xfRkRv9V7Sat90JKN 84yRQh7GvyzximwnJCUmKO74KPwz1/oUBbKTyC5z0oNmtcSmqnCFtclBRCck fzYGkWnh0HQoKgTjMm6TyDorCKDSMWRnEOWjhEpnbgy29nD4Iu3pxRVlItrB HaBOYswC/mwBFT9+NhXNkNK3KL3sahqJpLCoVQsIibEUmENwBES+erC/aqMk 9bAxoESC6mBdfngrf/h58VXxd1K8ZyW/fFsv38K2vMWkzUOti8FVUTSYQZiG 65eKdRpokBBRKSrXL8Q/5j5V6h3xls6p7QGHY+Po0W3qUC/vj6Au9w6fuxSV 20pTZF5UHpUrMVc2Jlg5aEmErOMHSrXRskfqfog72o2tlD1Cg8kljIMPLHCi XWIsfvG/fvlU1I57okkGREvzesVDdhUB0ftVfdDkabrJWf9lbfi8t/3ymfnP wRZNS1w4Bm4lYfgmuRKWSojuYW2jGKjYzNXF8evLN+cXV2/fHF8cf3d6dXoh fEYcUQhXs/nFe8M50MZuYc8mdlwbNb7EYd+evj45x/i5OLiI7HQswXxkR3Qd nHRC8Uenqe6NEokjI6KjqYhBo/VWqz7m4YmxOmWZ6kXxNGPERRxa/BEkVmkC xNW54mjWr7JI+1UKyvXq7LuzK9mEMf/fY15PmR7Phm4dzW5A3DNDXQWD3uPO TPNhU2/h8E6rc1DASTPqnYphsR4Kx0dbcDEV+9InbflWVYlnk2G0geqhjzhp YmNLyv3DW5rEEgRrzlG8rxNWgHcscwPlFdhthcqmOutATL0h6dKROa7+s5EI vIhSIVJSoZZIANLqwZViGgujJeeFvsilasldqm56l8vNiJbMUnNMvNvtMoNj sxT9zqXnWyalFEWQilHsk3Xx1svqeneLrS2PilF1kWBiFxsmVT1oUK245Qk1 9w9I6rKhwKyuk1qgSgdFhhsK99EgLIcJb1rc+FqaVIvYo0rWN7apWnWEy8Im UHq2o4wfuQCvjhUQ/ddP1pnT3QPKVy25XzUFSYtnR0vQSeVzLj2HLLAk9cje l/L4wr9iINTmjuo3S5BU9JlgfJ0ZVwFsYqCuuiPeJ9OoYO89d0nDGN0XJKAx +PhKmm5T3bYUX5rDl7HHIxm1NhYGQ9g/MA4CFnhTb9cTFuG2ogOnCSbRkzgO CKoa0bx5MiD1O9PFwmFGRWgkiCTsiSLb3/RvN4wDGQ1To9Nh3JJq99K1NVfU 0/nF1RVrGl3yLY1N0AwKKvcodML3yRU3Ls0B4LK0mIxcGgJ/y5qJNoTk9rIP 5S1GI6HdskF4vOx7rEvMElp9BX9/9AWyujTIlsI1thZ+hbYC1QYbW0y2giS9 LJoNCRWGuJNrdL3euiYCiOH14mJGGio41ALvec++SSxG0FTmyA78eba9u4pi KSlrm1o8s7o3ceRJd3Au/kq61Zaz5eho4T7tqGGuwzm4zBKi0TAboFWwSKSq hTTLc/SDVf8OKCxbcdx6SRTN5OH4Cxlc9e1WIlzKgJJC0HYg+P5uxjeJVBVW qJG51QsGrBwDt0aQMNGFQoDRoMZWK8vlqrpuP8Cu/fgjfxRx8J9cI0eMOL0t Y1cwpj/ZDAz032zr9yVYaXXXYb+LsuvaBdfmJG5mo0pN0GSl2nYuLUKn6WFd reXHxP3aIbEDFRFyR9UmPXsVUk2SVbIg/EHMv8sksV7WJ/7UEt6PZzbk3Vgg AE2E2FM4kQxEszc1BaEn60eamAUKLPZFv/WNh4HPM52Z1nfgBpEUZAGawopz n64fIqf9moOXXcriyhqaZBSaOOjCjqt0IUHDIa8xNEKbJTMmmbxNiGabuPos eANjN5doR6GFSXUi7uGk7AJyjH5x8P2LN7Pi7M2hhq0xqKE+KsabkD/52Cbm o3mZu+J+27o0TSwaOrYHIVs/i8tBj7+5NUs+IH2j2t6VG0y5wOB8fMoeOARO 1t+1y0LSpzAXhXiPLkKw7LLPNg8s5mvSbOj0sGq9LCS5zVKLTklqWP4W81pD zGv9TqOGFkPKoQDTrhUPgIlly6uxKIW0RH76cUROruXiUVabc7ZrrY0klhIW CJtuXaSl0lNkWmo3GtuYg4Lwjjk5Z69kl8C0VMnfo/BI37HcxfNbp2r84AcC wVfB5h/L7rVNbiHplJ0zgvjd9pBl1JajSILEGMAj7MjM9n1iZyRuBVXa9xhH X30okf5mbJMqPDfcUKAbW/61zEhqlRLsQcmJbczdceRuHu1Oa9ViVFFVUjqA dB4vLjkqKWWISIcvMBqA2WZ6HuJ2MCksXgijN9K8+zHWg1sDks5N0YAnVUQF /YvMuJNYhmUFJ7/q8jVRiIQtCoF6ipngX1D4f0Op9LxYnNP0uigcS1P/qg/s SykYBZKaQAIJCar/yBblmapwfISfMwu1ZrxFxEqEN7HD/bpcoeNaYjiJbXQx DCslEUZh2XkdXWkwSrBRyA1wU39ARUZcT0NRRRCcusDpyjLIJRlIR2AW8RCo b3MIF36YHqv4yiXbpiixqEB9zOHJWSPCbtSJXCbHBQA0DLmLfDDZG/L2/YA1 UmGc10pD8DNQAjO3+Xv+K9KCdH6pQJWqxmRjIlvpz1JbnJSxKPi00DGeCZs2 VL4gviGMHKTHmhvZxspDKusk1dcUf0Y++E9qMcQBaZ3o9FRQMjt+x/qkXPlA bmsrKw6DI3JS+aPriaLUjA6NSf2A6/R6nWc5VGMGhLpqAGKxw8WE019VQtaT 0+9YiHK32hu45VQgWxBxLrvFii8b+fFVEyCz4vXxFezldU0QqPRno50LG64k AmNPQB9qCRLnHVsE3hPdh2CuiT7ZDrp00yucFbuGXAscxQmUK74WogkEsExR uqnKnjYg9kXGKVosmluCdDTEWmKTnyZnnXl5nOYWDDah6Cyq37l6GDFpSHwL LNEq3oZ7otoDkSvQlNdSoo021EroS6OajSIZ4fUppWK8Pj25Ojt//fZsgISB GEnlBFv8oNt/VpyBjBT/kv/0j5+R8JwvooafMm3ah8ZbN+xMWRhQiJe0QxAQ DwVjdRc9YzZVMzJlah1xdXZxOrYURNRvxJRR4hNfO3mWNd8uv8ck/kW9cRUR NBkQxxoT6cFc/sxDLS5MZCfuLP7WSc4xOEQml++LDDs15+JprFayoWWDFv9W 7tmoXyJrDTj6NSOj5HNYDecZskuHUA5J0CFRZk7QXWASHJylJgnupz+pG5hP VzJLuZEqn2Am/hjMV/waTveZjJVJSbKlVcaojYdGMqMv2MzE6STFqE5iZUak Lmu6ewIvSX+Si6oHoSyEovwIb8BtM7wd3RiLUsRghCnRoqVvZmaIbDFCPw3r pBWIag2UWaqFmklxeEIbrEoIat0ozsiJ+OmQ6GYo91xTX+wW9ZaxQ8/4jCEe clkJZ23Rk9VTkDfTn4H02BL+ffU1l4qhn4f3h1ZAy98pGMke8FwQJfUPtJSI nB+6t9RdIAoxp41PsZgIQ9I2jd7e6McNdnvHS+2Mxger6LkBu5qIOl7x6IlB BGrX7Lr8qqe6c0z5ST07Y3tKlPCQw9MWIBgRdX75bXwZvf6SOTmy8GJcw9CI W6m5mVOLD3TmuIB8IM0iGoNy+moNsyi3NWYDsYu1TAZTF8mUTCXM1xW1xBCT XgupE9z4IGniM2qCS6Qj3ko7OPg4B7dbCVwc6IIGKt5gT2JMXCMWRLrs1GR8 Ef+k8y/mdC0Zpx2caCC2zv2Aa03h6NJUVp6XMIzxeUnHhyANfHmJk7vWcJaM VWbtOShndHIzPYNHyFIOsHMzdsEbHBEWPoYmoyhNY4LTJFh/89ktlXvDk5V7 p/j4HRcdkj2fKVuxwDzpXNsTtZXpRkkcmRvY5NFNdT/EWvLLM701LHHwHj0y Re/TKIOwTvHZacUoDMof4Ucjt9ZKCQUu5RDPP1uJcF1k8VWGPWPHGsnTgKtZ d++oytmu0Spsw9EUVOH67H37rmrY1eNixXB2dPNjtSOcQymmVr7RrXhBmCta ytim2s7RXyEuUUx90cz4GNlPD4gQFkdov+tm3CpCcGi+91SZBQ6RNxxrmQjo uGY51t910rBTvAWybeltG3XPSx2dLhqNcm+F7+01orowIsSI7loqjDBQMX0U gUuGURAkaOMhYnMjpJgat9KjNPGfW7BB0BBI9YTjlAh5ugMuyr1MBtuhumO5 B1QY0/+DRE3Rvo/NnByKfsxJfTQYRrYT5obhsJlNSbgK05Fv10ZUARShCSpI GWr9ncRyWdi4QPnywBhUfY6sQb9BlPnDHrShvliL1a3p4mIUSvk5O3eqKu10 Mb+ZKSac5C1KOmTOG5qQwkRCGmjDVTEwbQJOZ/gCNI+MDnwJi6FLC78bS9f5 1tMz6V8g2Z11LHZI/DP28OPq8UXxO+X8LpQ7NoFbY95SmSv6+MEdRkXUvpf1 lJLub1nMe9r7xkhx1UwY4D0TfwgRKHnYjWekRUNFpm1WWFSqNnkxuB1ht1+r 4FgsSdpT/+XEuc6cQyfycPFK5xuKwUz+ZknzDSm4xPidafSt/QUrjtntlb8n SrdFYWfFohjVk4N/ENMxiP+XpTQKUdoNCZxkXAInwo7h/LtExxYdk60PIxR3 3YDXsVTRNC/sTiEGJ1FolOYDMaL3ToC6YlFvF7s11ixdUH+Ay5wlxXRBY/dE 3tm+kKaaVK6Z0i9VH1NUYJkrrUGV1qu7YaVUdJTVzU4zztDEFvNtcsk0NU1t shKHbLKKMaid52/S64xrj9590Z65bobcsnxrTRsbK5IBZ/i9K90rEQ+T+8DK +yzeQ66xi2fN0c6GcFtBpVxaR8sh+vbGeIeiQBYQZ1GnjO2Ysjq4fGxK91Hx z7zSkmBDtSOJLiSiKLWAlMOgoBwdxqp7syKQ9Iwp1eKmkKOmdUrKiCWlA40F 19pOS2Ewuo+fZpV8Qkz7S3YIEPZM8JiLd0t1NOI3wpyrpfQK0Sxw96y6GEyx qgUwTvlGSOrf2I2a+nz0uw1Mu3FjKW7mtFXAIcB6DYk9Su1NOMcqLRHvay+n rg75IEcp3LSuPDcMRB3smRfFeezDrZGWNGCzv6/ZJhg9fwkwHgdFYB63VT/w VGkAgRnUNaHAVOVEmYaF/HKujpD0gHsz4wdNxeEZHAmhkei1is69MeFhnxU8 kIW4NlaPXeL2JOigvCQ2ONm39VJhnMahyin5kpXdai1mLXGcf5s9DRQK9Z1m Ar+JJSuisoyasjhSLfod285Klo1vrrtYITJMUSORe4O40HHxPoqsx6Bv87IE gx4+1F2fniQ5pOdCs1uq0jv3scDSF4F1rTT0IR5ML/Ve9IvR0brny0fmsODS 0YxU5lbiNNqeShyyEewzSbUCCjMWoalHrIj7AkbB9zFnOrav8cEfuSIknuA8 Qs8Tt9oLGZIdmyZMLwruC67e++iJ4Vngl4/KCerB5cVQxrlVSBt7IXcGsolg oXLlEK6atl5H9tVmQpDElooTZlFauUEmhg016vMqKXqJ1TuMaYEtRQeT1w1/ P6K9ismokVULseytkQH1F3pXeY8Hel7LW/SfD2Mah2cXyd2iu0ru2UF+Z85q pURW+RV370NH3420u/NOmGDpURhLzNWglhkZJxt3XNjIUg9edRgGeBBfR7r9 865evEP9U491GK+g/Z0RY6NKUDHmx3wrTE17ZkRPxWYQtb/MXeCwykVsrm3C 27otDkkDQ1s1bMtzvpB/JvbuoPBd6qvJWCa7+CUkReHL0tKTM8YnkyYjuVzF nmwu8JvzTrrdAskckz1a6Z8ZLPLoXfUgeYCq8FHjcPYpJY63FcYkdj2FVVKa GwUAx49FSE+yGGfsIZxho8aRKJwZietrdw4juoAlrSb3mwUwtm+PYLzoXD2V 37IOd7qCDck2DLqBjyFCJGGekoeLpY13K+qDgIA6uz4ldnVdLh1CU/buo4Yq sc9VKsRY3ZEfP2Nn7HzzLhGQPySbK2CWOG47rUugUWnlHo5Ld1FZZyk+ARdo JEAeeiFlcInKVRVJE3ocp8yNBp8OkUIBxuQSPpxotsnNlJhemu+kRDe3zHT4 HB4YEb8WIFDJM9ewssmQo1l6I7EUOpvBcnW2lRlZUiVvFl3qjBfoliVByUk8 snKhqqFkhyhl3+HdT9s3YSO6nVWHkA9hN8vltt2kNDzjulq/14JAZI0S6NTX i3pjPu8VZb0m7DpNp6Av0nnChDT7Vj7tEirVMYzLkViiyK0SJlUrgr5yEejR i689j53yohfnkh3Iw4vD+lx+caQ6J70zMdMI3SHdNujQgXOHM9AZlwaGq/8G 9XzyTsZyieoQGMJ0Kg4HA8+C84inxU3HQhCjtpEJb3xn/p6SESz5JnEWOUPM 1ZEzvFX0Skslk4+H4ccRqRK1mc8JSU5TTBPWrz213H4GWbbmB3B8iayKN2l0 +5WdRFLqqjWRMN3SoDGlne20vBlD8BXaOmtIU6sXOzi+mRelrJQ7OUhSziqh EGJLYcM5PXduTxzPCrIOojX9YqQojG1uVvW7iktouXpOy4pYgGgXDxSdKsVe ZKtawsQ21ZYCkeHmbraV9ppCdMJNaLSoRZgmrlmEnAyLxmSt2y1XmUj98y2J syR8uhyhcpxw09raBV7LlS7PDycgkWi7JZkR4zo7IU/zPTLIIgq9zan6/dLF DloQrzd5yD9zX3eVhpRttR8JgjoI6QH/jCZQ5BtAzKLsGOmTGgGvouFSS1Ez HlXo15R7nAx9iOZZLR1IlBTC9wmQAgVy4YzOz1ZCLB1j7oeqAIm8lIveqCkl SHDO8YiPJ/wsX3PaOMlBEyevzi9PPWLtGlO5xy5OX35/efpidH81r1EI2q3X ScLSqvYlMYCdcvhuTEyWJCjnVsIsXdORaUwW2IaOO80b/jZmgGYKpi9mGjdZ CzhS/iTdZvUZu5LepD7HvspD3lznwMpOClmtNNkkcUREj2csTkwX7pKSm4pX yI2+kVj5LkRxE9OaJILfR9Wjfx9D/mV2fLO4d7fZuCE3h83M1fsKjPZE9GsN M6f9/lnn1TZkDhhDlRcN1fVbttE9G1hJ6pfmyLI3Rv4ZBmsjn1hjwT83LepK XB4X87i6PBFCuALYPkGNU525TlssB2oToqcYP4bIzK6ftzdzLFuZVuGVpXjB bg6KRU9tPeiETEtONGP64NmNnY2V/YUTVexPBhhu8sy3E8OPInxUDPiIKXq6 JzjJGdu1cY2j0YA42kg0b98qLC/WiVw88v16wKOXVDVbDAxobscIgOn7PBux dSTpfzA3G8CRP2XGOjrJSmVoYiDSFDaG4CicWCJplFZihJPmgKS0ohzWoAHz 6wbJzoiiOApU0KyRLb0VeD0Gr4zsswRnf8orcdEgoe7q69pDHsGFykgBK1ka gaEkY/Fv+6JCCx8Vepkzn85sD7b1uOU63hHqO+GYEu4HBwxrKFQg6NdYfY4+ tdtysarSSCj+nSUBn2+MZyb3rEN911c5sU0i1xTd7+M3Z8Q2EGWUVqrSgpKf iVEVQfNpO3shpXkyJkdy1rXbPZWAFWwyTNYzKLHao9yPQXIrbpHioVw9oER4 Vttgab9XCwku2rg1ifHiK+TzhLIPYUY3BYf7YGXcC1XtRxfA/jYNk+VCtZQV 4+ZhRndMBisjpqax5zYd00jF6m1XXB51agOfhzDXui1eNWKr67q6rSVBs/og wUGZVed0uK9hKOnGd0pV+qkfGMsSxeC+Jik6p5xO0iQ1dcu9YU0kWXHjnPlt 9a+V5qi5aiPjq1f15KNWvyIslHFq1UMcpbq+V9hKLGa6ju5IKIZ7Aka5Wx3Z J8LxZkW1xvfc/LT5Gfam0zrZ+LWrV5fUAAzIncs4gNJnSXOJpqFbvO+z2C22 rt5Xe7+sRTngu6YJDCdAEcGsYdsx+Q+7cOQSBb3zfBAgq86xjzsstD/qW3SM Y7sArG9GQFk8FU3GcVgCFkLo+1jDj9p+lYs7FNsPG+oxmGbG7KlKt6d/19c8 PSr6aW0PEKCStXBNDV/6WmJiuGPvSJFrbJ/WSsaqVWpqYgV5J7PmiWfBIoui uXXHi4SLQjthyPmKGiwjdVDWKeiXWMoI10LlohIPBRFEV6/YsLauK+rdfFBQ m9yq1owVl2HpJBuuI0buowdVjwyATnedjbKY0GSjifOYjtu3qKk+bCioddiq xu6Eqz3HQTgHI4XcDrPd5bJJY3jEj58piNPE3yIQLs+630bHUKzmEfv9SH8f E7lyVzPL1/g6BX25IjYaLLgHkMvCKSnc2uOLGoo8gQ9q6EruFc/T1BEy8yVg E/hsUBOIwg1jty4lXTNqHl/XUeoBUDzLmsqQ/FcQbCqemSf5/Ys3EUYivZ+b znS0IDPCYqlm7nAqfMjexIclfRQNWP22jMjzm4mu++b4xQt3UeI14SArKqOD Bdu1kTGDJDx9F4iZmOOwYQwDb6tASMN6J1XeB6DXUaQgiRlsre/7yJYbrnyT QW4OXsfdEqTVDC7dIq6syioRS8sR5D0WnCRGzpXCVXfVINcxelCEDzF2RpoN d9EbNJ7obi3YSIopwhn3NYG0JlDoEcrUheQJ+ZKMFkzzLEkFwQvjaCU9WS63 QvObyLYKj0PyWd69x3OmD/tIrILuAbSk9RgTEzAyRTtHEPLOBzkJqsbF4nFD yEHhYmIz9FEk3h6i1HKEmhJsS11owUVscD7z5067ah3e1EmuiZSpkHReGRsZ BSfiZ8AL5YKnOYmYo9Z7A3zK3TF9aJ2FgrMnPqC9VVKd+ngG2j9NKBdbXN02 eNcMM+4EbkyKRyL+r7jf3hmkdOOBy4jsiuPdFabRfnquzYSqPwOkNW9ssf9+ k/Cp+IbvmzjFQqhlZr3CbsgnzsZpSWGi3A2SLVjT/m52vckIoXqSJfBwWj5Q mYsam4zGhLxzJ54fD4kHuCy3y25OQYgpfh4LfJJtcdfe562gJgSd3TKdB+iL CzINph1laX3bJNvC6JeUhViFccwBgu5qEShI7HK7/DS1DYt71ObJ+AZfIr5D nN8bhndJCvO6u7jPSWSkGaFPKi75gULhySdmk038uYhZTw8ceBJ3vjowN5lz 7CJ6aChthNiazsulkjYB+9nV1WgciWk4E7N8lBuiWGG25LWgCSkIR/ctdhlo tbuNPe+VWOqEfUPuXbkgVLxP7w42F6Jfh/1EPnRycoMxNyTyjiCK2ra93nU9 lUTUio86OWzycott55Lij6CoqmJuD6gSMa7JfyNlTV9sS1jeD6owhn/5w7/8 4eLlSYHVXtvt82KzomhsyeBJWieKWbLZXav9evTHP1ovrSUNnOFGH0nJEgGM bEUaPcp9GHjxuUBXRP2NKxDKYcxNBg6K3iGWyDfQAKSxJHv6qOo1kQv/JHq/ p1Ju7mt6jA/1wcsyWn+LS2px3A+9dRmDCx8p8MCesMSg6a1ypjZrOZPYGmk8 jBbLzPvltFC5D6M5l8CyvYpVF20YLXlFcWaJttFjuRTLQGy8ujkIkbN6qKQZ +uoUUSk88nveE5HxAZFDwUcIFyM8u+yjEXDFqRye4VpjDx5gi7Sx3nMIUY03 1AipkPjk0ifgSLOa6NWQQnDqK/LIPAY52IUfXHQy6X2ROEJIQb/sCE29Gb1x 2kLre9oGDA/dIv+O951bNEXtNu6Bnk2iH8zMK6PpVuLSWj0EviCjqvARkPY6 qg5SSaQ4ePrhn0r+fxxAoxpJ5Gcd2YQUOi9zF+BytdPZyYXQSE7K5JK3Q6xZ 4krVY070chlHjGZIS+KLQ/bvKf1413AxN6o4Mgya4fRkcv2ywWzeL+1Iodsj T7mk/6NcwR00t4yhg/lc+fpPC8RpYyzdh6Q+pJh4+i1d5CPrEu7hY6+l7nZS pxqZ2pVhXdHvzuotw8chiCa3qqnFGCmU62siisVgtIicRdiPKu422DE0CZk3 hY7L2UuF34L1hJ0Gjp9c/P7N1Xleg4o/DGQYKBWFujSLJ3W8ELck6+V6X6Jv gz1sfics1BJLcaLt8uEp//eM1knzu3p1ORJjFks8f51gC4n+o7TksTf/8FQl Z+PSXMOOq5Ol/iXpnVXNOKcNkXQu3/pgRXvG94i6ox+Jt2o02llqTErsJVUH 2C2sJmMcyGaJ8f6UC7eqJAhzok468VD1QiWhAoEjuLDQ9HN0wZc7lDO9wOQY 9alOkBmzhxCKovh5ZKC1Rf0mr87suYjAcHVqTvQae9Y6uSkNcy/MihKHQSot 2BWxa7TrLYbGUUk8GQD+TdEPGEVaU9OAggPtXayW3/QbSXHQaucw+DP8CUcr DC0Y7Iq5hRDPcb6JMWcCdpNLSsfP0PPPFW9u+A6whZpNS8XTqIMC1V/0Qk24 KYYz9vo9Z52OumAO8MrR3Tt+9eY1feKf8CeBgEmOb3ZboLnqkPXBhH9Iio7C M3lQo6Ih1A2UkFBh1SKxYqExbpHXmUPUf8VX+5MbGPwNnLoC5O+iTgWsv1C6 T90kKDlPJGi7UmCH9e38Dgu1dneCiVEnOuJacWjNFvJ0YQCF9WoOqZ+X6v68 L1X39Kz01I0zqFYf6y04vkWIMRK6ynBlCzOauWUV/eznP6Pu4/lHub0Gu458 +j0lVwjmZKsbTAkbv64wGvuvf/0raGTEViSt4NP+4zAKdBkycnTAB38Y+H4e /PwwfX5u//1j+ITPDIb/6DejDH/s3X+Ic8v/9EwXE0aGe/Y3rzT9oozz7fHr F5ffHv/29O2L89encGn598OXf6P//ePY2MwV4XjDj8+Lz/hWFH3dr6rfPLmM V4Jkmy3qyU958pYviE5cYrQxhepeyHJOpeouplFIF2cMlzKYoTg4PXl9qBiU qoDVgvQ+D6LHUnkKq9HwJ6+Rv3AVbSl4afh07NvrMpB1uuRPCjmCKxX+cFhq htiNle2H2c1j0aCxplJaa3j14IDICaathe8ofAg72/Q7ARGZE5CXiONRMX4K SyBzBNi1pdNbKwlBmU3zQTPqlPPCHOlj/2yQii/YIajtt1F00LuYXRXzM4kk JKCZLdxMi6MYI+5AIiloXfo8zl88Ih9AiVUFk4SR8SQEucWfmgWpufJM1OcG uSFNwZq0YKQEV2fnxldYrnD4sn7KymwKs+SArXGZ45Q6qz2dPosajES37RmE +5bS1hnvMukpXjTtMGPn5ARs0oYmRumCArHq5s+2ffKED6WigkTvazCNRQll 9pEIK5SfK1Dzg8pIr+FaVLgr1ciBtKlKQMdCd2omuimIdcFCfIo47j2MUS80 jBNNX7Uw2she0Pqeid3MxqarJBoxHa0GZ1l/NN90bk9nqq9pUSHm1SH2lH1Q rsBS79sKFuAbGLgd6YCVc+tMhC9yDYm6KeITokot2hLuw4IWiNXStK6N92Nn dq++QgxQfFkwD+lv5updcYgpJ4qSptFhKTr8n6+S8aV2Ohal4g2hbNeDbndN cUAwLWn4VTd3vBgtOyt8JSZXLiIT1zAYVN4xvH1eshRh7nYoSakRKYig2M86 OcabFbtR9GC0AaXlnA0i3fkknzw9+gWRMa7wCZLOM+/vYj3mr3+bBlMMlJg/ PP3jc6GYP5x8+8cCBPjj+sbIu5fwLkgk+NXU67Zc/9rp6aw4Ob24gv/7wwx7 uU6+Hv/7hznvCI3Dbcb+8GxWPDk6Onryx7iwZ/BXmdHop/FjM31iMOBTHVAf +bidGVmtm8dwCfjHVAma6Qy+zGfA544azpAvqraj4pBJJtF1mJ0+zdmpsMVG xdug+4zo5k9T1hqk6RpfePWR38hjjCVEiDXTMsLQtkoSUFxFlc6NOLgLbFwn qTio5STPKFpKhb5HLL3/3PvEpsEoYf0nXrVROgQSdpfukau2947p1/89V+3Z 2I7817hpz7Kb9nTvTXs6vGmolxoAPFYCcU/TFXJf57U/IvQmbTCsfIJ2wogm /UClD8OqFdJTJbaliVIK/dNpmvrz3H2W5YyTOwt0m0adQ9tqUW9qKWLslKuy WfrFiB4Xhqv52rveBh/Le91Mz8x3L+ESheHFiEU3S+H2PtuaYYF+BUlCEpiQ Bd9wyyueQAqxHWX9shTtDtMuSVqvZAoPvmOGkdbzxLEeK0fvMCBO9XJh3Osj LsjsyjE49TSNm5kNGqCJw//R+qMN6F3WNXtgqYqSllSP3tNfQeN9NB7ClcTP 4rg0QMsHgdLbWjvAuQpddIWBPthcwlfnzxpHJg7XTbvBTunVYEdGuxZpUaRd s8HWrgv2zMbeFDDz6U1Vz7FVCPs1rLDndi7WSel7Ciwr3VakpUbdMrxUNVes ydFp6pIDS4vKUseV2tdXFX/9Y1RqsxojvXiOIYL4yh1iSO8QV6eUdTS+0vGs s1agBxROpJvgQxX98aeNPn8x0ugzCUxICWLPfRely8gfDRgKmqMmf9SQsd8z yCtpNKW8w7matJdWUlxAbBXT3ywL9uMOHbWw0XmI+0HK/VkOx9hpavVJ/pvb 73iDP+XqIVMNk/uTd8KJXfYeYV3o+hhwrTSg6iHdQ7262mnOdRKR4ttUUZA6 /EzXPnYVHx/lrFwbULDLKZfrcy5YNOiExXWF6ERHHxhm5eeNc6U9e8xYDJGN SkON/UMMy5twCrduuwWBuzg8Dfkc2i0RxBijBB8uKFFDdgh7yrG5YtRZ3eWQ bZhEHVYJXVfLKZr2KRU4nzCi5Xz8ZNJODIwJD2ZgMX4YZ7HbEr6sWKJI4WmK Q1WIlhhznCQ2X68+ImKgZElE0UTV3e5reC24m5VxZhd3sf88JV2ati6tf+Vh 6EzEgtbJhc9cGorVrRCAKnDqkSW7uvJYwDUtBjafNxFhPuWszeajslBzS52S xWC+1UtvOQq7Cqv6pqK655kVD2oa6Y+ES2Yk6u5MTI0+SHoWH1pOhHXyytNu 0Og5jl7dUbsH3puj5/cnEYrcWTlVIKkan8D/mTo96o6pu5A6k9NWKZj/wpRY jyZid3sq4lIZ3GG+y0gBUCt7k/o9yT+JvR4GM9wXrCI90mIrJ58g/KhCnGlO YVRzqvukcZlg9G85ZTCrJTvSb0ep4SOqCLvUf9f56N+n9zk9n570uqqsqN3W t9gU/a0rlzG1rsKtS8pXxaS2PlP4BKimxHvjj6Oz1CkGicpV3owvpCz/7CYp t598zQJZkI5CQgofcfqpviSmITmUHjnrpHzAVWTnaZsyijsTsu8m0lVJqlpA bZBxBizN2a6fFKoLNyHnuWoL0ukdcJFxPoqZL2h7mETeocBQl1sh5X6FxEaX xSuyZ8bU3iMs1yt8aDGmFnuOFNzYOGWYIRj7Qi/rPOGON4/DUFFcS3OQ5mZF jeH4Qljf+vTjnBbiKlf6CqDIO9Fv4jUacyHp9+aC93wEe84qcBMxcPHo8tra i/4tLIhJXNK1YoOSbTZu+NsYQa6SUp3qYZlM9c9dXRy/vnxzfnH19s3xxfF3 p1enF6Pdmtzykyi3R8pgTw6P631zcX51fnL+6u0PZ+evjlGr4kC5dHs/7c7n y8eYsL1m8Aw/6TvG/g3fpCIMTcvjBo1vow4T8f62W1ocKCod38BryZqQK5Xi GaV2ItzDoCTeLcpWLxjTYtKeL2GtpzE4qtDg5yFj0vpg051/CJvSGo/D749d g9hT0EADP77WG+dYMVRDRHljt88IZnlAo7w4OXvxm0kpPQuX+PexDTgs0jiy WkKGKRzBe+avXETaGBfXaIhZsVnteKZcftOHsaWeHqrvkIjIdHvNAMao2HFm 9R/oCXrOm3j5bFbQbp08Kz4qDuwf5kU6womOcPnl/tePjo7Yu6Kf/vLjvph+ 3I9w8iyJqlL6UR/I99z0JtPz6cgz16N/WyNafNRijVUfnY8lKYyT8pr/GqdE W0XTGpzSF/nYX/z/jwL4DD+FDqS7C772hDoZsFdkUXbS3jflT8iTx8nmMMH5 FAcNiWH0cdpEWintTyfP/qRug9TEjAXKDIVgghxM+zBxY+PcPkoBgY9fPvsT O8j2zrwNf7r88k9HmLrIgHqZFdYcmeq0GB7rAD2+A4OreLD3bP629c/2agz4 zBd/moWP2KSCNokhiZjg8iYq2D9+Nmrtm3twCjSdZZ48Aisy435ZLYCXcYwj dzqo6vFA+bSLLiVUUU/EpdaSXj3EDGJQA/pt7UuXSWS4FZTj8mfsO2X/70YD 6tNHo4jc7lbaH6Hn4KsVl16/GjN5OJk9ri5KeqrjvmtqEtAEMYEhQQWOXFv6 FNRg8IqqADyWo1A3y2oDLyL02ybgYvQ7xy50ZK1qqWPlB+PjdgJfqZt8DM7Q kciTQ4FyiYJBf56yEVWJnMJ5RgLdVVOStNDRYfkMUtc2FV+PfQby3bbwYr97 3pZ3+/ciAjixLarso2ZMjc5LejuwLjq5oSk+NGkf+SZk4+aC9Wljn4J07e3C tCH1aXYa5nRKSZP4Vd8Chr0jZXFbY7zkqCVvIcFZzRSpAjRY6nLHEdTVBDCw z0zcu7rIaHZTQE2fwpR03mliTt6/YEyHtiY3CvXSGbvA8FflA5al16Bun8x8 gMk8OgBl9vzm4uXJr758+oyiLqgERtBsV/StUIliw97HazkO/GAhYelsiIxv iPfVxWs/muFSUnNjrvAxMZG83CvNHitAxKfDJitBiUXhkAQfYZExhNUpP2Gk nttR8W17X5GPbc8ku4p7osKniGRgYo/xaA7XJXFYU8azJPgI2qRxFnJm4ZEz q7XHiJ8FZqTBs9bg4AeeElD/qIzHD7Mj9sfP0CLGIK5E1nMCtkQXkoAhNyJr pRKk31hVX85at1yEjEzCPWYxWDJEhB+0D1hSheWq1SqV9HWf0dT1wGDCAOjf l24nn/JlEpqlEuRdtQ6SQ/10YCsTx1a4wznfxioDc2dNXCrno3fo/GqtBqN0 tRy6YWOtqdhuqpZ1WsjLQ9KNytQgkW/lyAVB/GVCrqYhGV8d/XIkJOOiWmPd y+2kKNPrzEwwrV+grTqTaHUR24YlqXmCGX2dYf/PssiAoQYQMg3AhTNMawQe 2BCQ3+dAvG7ZaTUptbe2HRQ9SNku0lJGdyJIZRRPGwz8PxTSErGo4G4veiQC 6YZLJCcqWZT7LNNxV8fkOlgW8Kf5RO6oOMUlFE7ToZCaVBKNwpnGC6jdVwOq UEvdkyTjdya9IqgQMzVL0n2nmgpUk66nWvKjw3MrZixmJV7hQVQB6hK7zm90 XjU0YsFxvc8DEArYTavy4W31YdM2ZIKsyw9v7fezvbbQ7COsr9mwivRsj4uI cxTMD/6WCjy/pVb3aaMdFzMWLDOCqlhE50dmY1IlGPXBDSxazQ/HOiE8xkx1 0hKL11u/Iu1HnET3+cokpNW5sHKaqx6Nq/k/qoP5oNKk/FlSAU0JgbZEm16U WABTvjINSBMxCrk1sR3YXALYqL/G5kGLP6a76SriovIgUQEJd+VqyNaM2cXr xypx+7kN5k5LdF2Sk2h9LmhMridAkLeP4O9iTeVkE9MGFHpngCh3nPOmWTyo Tqx6aUPvnYnWggYE7qocllgkUYMlbX2GQl4DKq1oxzPtBqTClkEfPuIKT1Tr Ta2gw5h7PahcmXOMGFNtMAJ5RBZTXYDhj8oikHPgKrJfcWFf+svb63pZv6U+ MI89hPWn+mrPU7umHv1rR+9P/AlfCucYSSSNwrQ4Mbs1ZA+ob4R0CB9XR30L YnfiEussyehcPx55i/Q75Lh40TfwJpNSxHHsY7xANCOMfDIRP5YUL+beNfei xvp90s7UkxALS4lTMmsjPzu62+z2DFN7mwCJew6P3GkTp7B3DPh7XlRSGVbK eLKyS3phxTeLw2KZ5LdSJpll2265eSsNnd5i6VWWOJPNFZwnj79OaX8i7SWw gite6d0S73zxCkwhUxuSmVF7Gzvl+zvqBUpxPCN8U2yfZcW1oRiRofp1pfND e434UivRrVYP2FHPTWNsA4qsRws1sNtUsUrQCsSmNLu9b7dd+n3UJ0sBFXlz 0ukH2Pgt8s7kRFkiuq1k7q2OXVHfx6zCkF5D6WVqdZoUX9brItmzcJET+8T1 BqS5UIxhqkGNodcYR7jGX5VYIDwGkqr+xZ2hl4ngqCliftt0IfN6g76iz4/X ThE/uSzBF7LkggRRz/8+/a7nJwNTLtWKWP/G5aMdl9sPaRLqiMHPQ25HzJ0w Zu6g7pPaiZQLTOfuoFpB+rZVGZUhB4ZwaXXZFrUv86kn3IOBMLEaZNNHzzcS yn4sbBgVobDBa1BBJ5wCk3ZHCK/HrZVOM6E17SDWQ6CCvmqtXlfYK73dcuuO FGeUNlXTENRIVXYcxwI8wrhVgiKCI8+Ed3ZcCVRsnji5G9h7KzQLprqDMWI/ HN/s5nhQM2JMxbkl8vjppxlXT7CCWmZzSv20uuFCOVzEpdouau1KI0DAmgv2 pfq87Qg16qJanxPWGZ6QBpLXPWd0S/FKpqR2CvxwaJlwvli8wZpZSJnd2Ip4 ZA7EiLZ1964T7dS17TN8i8CVKQs2WvidSDUzaERvSCg0Y8LWvKcm1B9oYe0b P5RmQ4lyuW47RgDhhEqUt0GzkLTU/fSgyms0+tYbNshMsCojn5wU+PRl4Y8e v2nb6hazBanBlLZpV6SG/VnkeqjLppwAEcQzmBbD+w7r299WxTfUFwOzbMJZ VvVY6ytqOyrYN+mSh75vrgFFYtIkAcYww9+IvI/CN9WiFIuYS540bcqy4zDM O0cKEIZN23NRLtg2oDz0QYjrhsp+Stc+RKmuW7waS2wqt+NcTLXIsnURF9Ky M9e6/phJ9tXTv/+lJJPJIF7WBem4xnc4mX9e2jA2R+Y62ORMofG4/jV/eyo4 ByQGNT7YSgHz0WhwVpVoeLqY8gYldBFkWElNs06qpGo0UdohG0S/bCUpYMhs ApKskgAQORIAXd8yLRSEEfhWas/nu31DpseuUYhAPpAWDxtfVNmQjjfo/4kF ZHdYfubsxpNKnD3XoIFJT2wqMibsOI8lfUjh7+1V5C7tttzWrBlYCFd2KOmX g7HlwYBRGeO2J1l4lrRc5d14+833L1+i9+p/npyevjh94bpb+oK4o27TOpkQ t2nPthzZktYT0E/yAVih46SxclJFjgQNDJCem78QhAVIbVYu0E/EP73qYt+q A63aas8vYkPQKHLSuVgqaKyigN0HiPn4/rjW5SopIh7rhgt+Epkx6YI9N0pA jS/ZF4zT9GWLw2fFsZQp+iGWKfrxM8EYfYkpkO0jBY2SlIsmiRwQo8KyLkjw Y8fdkJRpkYBlhnnYQ6a/myVZsJr7bPAPnkuARbc32KpIakDLHD2YxiqTajbU KB5jNNZc6tmayEhXIux431JdQOVLEw0OXDtvxsV8pHewpEwrEUyApuem90y7 lUyn0F7i99qJQm8EvhnQJYPQ2r2m5W629brcPqBaUOGUtALy2O5SHIWPVo8V aTE1J3aESFq7D1otWQND0XgXq7JeS0Yuq7GzkMcg62DsAWuyMWIneI1+WCYC lVOmYzOMVE4OMtF3jQ0TP4R/wsJZCGBwumk2Sp5fXfaxryYjPTwBSdGTvkXW J4k2l8sdi3N3WIyIRzgavUSomjEWgPcZPZuPpIVy8U5XfSypzUVAzGCAiMXI y/yLSq84NVeWBLEhR5CQKxc7eJpM6MfPRuYSfApdugAq98fF6WKlsOHOaG1V M8ZGOgIkMShpGrn6LmN4I6oYgaqmbtfO2U8XYbIxwyAJU7JnnY2IXHrq/UEJ qYgg4Hdn4pniEhtLxeQoXChSMHnvriWGngmciUm6nq0eUj2UhNnkgPGSiMmE fw3kUEjM9bMXWdUQG988qOnDVt+sD6yW/vKr4prY1g28C/rzBkt8vtTGdGSn zCK0pyrZY5lnNfNCzpXNMrqkCQs3QHDJQjFLRFund9LOHu/y2OFpprgdex79 Psg/2XJdZUd6pNOa4wAOw/OZupNlHwzrEwTvDD8EvRf9KQ3ZeXjWcctQe4RD Gvi7YI/2dXQ5iK0vfE867rnnAsRoyDP1bxVX5S0mT/tQbxgrTv3XuR8fmcob 7Q2uVzvtPqoOTc35yiK7YjQXsfFAbJwKW+PhsMkjfDe2SuJfR8e3lRzxDL0T gPsWznXHzQCocOOIAJWICbZuSXoY8JJqIMF6fQvyR9eL6x3TNSCDnEgr+Yz1 T9dm0ZENZhtDRUHZAapepgfuBUxr9ginld9zdYOb+s877GsI69rW17teSktq kTAPgadOjmwwuesjsSpTfHQZhyj8EGEwBOn+Tk1VQIMLm7qufEmNQa9251eV iACeDrJZfBRqPD/74ulT3r5ZwS31spZ7aXu9vHkRaSDYi6/ySxRGlCiBIVMC 7dTFNiK6GMhB2IFXbddJ1W1XlGBaskRvdsF4BsJH5XLVAinXNz4XN6KWWR/N Pd+hlkg6nlSBbBeL3Ta2+bY+eOWC4DAqYz2uFWXhOCFtmWT2EbfEJktixaE9 qgKS9JXeLUnMPc7Gr5WrB+GkurYxndyt2RwbbgnUnQwNGbJQw1CTF6tNZ4J7 GQVs/PrPuqhVXrXkdcPV0nR1L2OfEMZ7NLKVC/dxN/H2OrYyPQDTbuZDqcIv k+o2F6cn5z+cXvyeREjq0XLb4r6VKzuBELSs5WXZe0k/uEOCfRph4d0LqQ7G 7sJYvkEWmtOZ93Zx6MA9FfHKBHtWrVdTuTGqS4NAJ3tOxFYWaJJhCQyTeYla 4WqhjSiqY/c4w2CImcoXOu33QMw3uY2PaP6CRSQZ47k1oGkeLMnHAxyd0wCr fVyd//b0tXbwyIZjlIQl+Vljt0WvDw6jxVsxohRdnpksK8ZkGcXCo7vW4HWW WfeilD8Q8yLCEMVGvoLe+WursCa1YMNCu1JvHQBuhU/8NwbvFu5d8T9d0Tmd 0Fu7hYAidHhzqxNiXXyP5VjViVYOtpTQj+TMFP5Z6CckCzPcl9K7fUx8xO7N WC275rxbyxAgMS5d2rRIFs1Myk3HAtA0KE6M1GmOsBA/jquDoqkmXL5Bzk13 aMRI3EmzJFymImHOMGSylAJSER9IGGReti4TZdIIekRHYk8JU2N+PayOqV0M pyjIref7ydtlh7OtNtVIkFLNddMGubCqCXCoUZl2JryRGEQrhoQDZhmTZynA lJgh9rnh3JleElIgUpqoUSHQnPB7DqJLq6WxQco3Z1vdaICgWw5GYnJETd3b VNkk7bguY9lJsB1FBSaB5q4mAryqsJvVneI13WDUC+NdxkYOpKAJ3UOLuVPM w5+Q73IK3KthlZVeJHsbNypWTsoiBGNNCQS/iDqcHCKnGvIt1qoSUqOSdjdi cVP4pUdrmbF3ZA1Pdlk6ghHxIurVSBroUmilq66U5nrAGdPWW4HMTymr4LLV Xcelj4iLm7GHK1d0l9WaeW5sWy41wBEIQFMSqazFvkGEueKkZ+nW6/RzC9+U XOV1b2hnxEka+zOl1e/wyED+g1gIdhXI522OPfwN8tWRipfkC293FHZ8xfql RRSgRrissatXHpPvZ2NWOceBaJkBU5OtwaOQsK4507ZiKhUTHl8W7H6AlehN n5K2grDFqD37wn6szsY+1hkLEHJPA2LN0cLwvCEtjTjx/PB4pai01a5nMqDu fNEJJN4wljmyOOqzRboD2aFgjqOWGjuOAa8BMugxwib4c4dNomjkRE5IGF+9 XldLjI9A6U9eHZAD9ss5/YqDOkd8PUAxr384fnX2QqQ4+Xg4Rt8agcnnROMP PrqfKuHR7deoUy8JpJdhxNGAMKNHrpGokIAzJPy8Am2KQ6XJD435+MocJBYn 40JpiwrMAI7dKf6PV6UfJrLT3P+ONC4bmv9J5aD/A8veP/s/Xfb+rz5LP0nO H3ZISTPxp3QuJDDpF33imI9Tu0R9zyJBVZioual0P2LbMIsRw6RtEj3Ao2I7 qWJYjgfqYEjSmO8j+Jp3GhbI8+HIHzWv7cr56Aqtx+W4Rsi8O04tzl14Pq7e 8zwLrR/YRtrdkKLQcGNQ+3DC2cEYj27pYPO8XSv9kZNAJ0Q3ymKQ4zNLlVNL fI72pmmPEWpz+sQQbyoGSSJaqcBUItGCw5QWPCt2DdVgVOYEyvSqVD2BhxBj FvYSQdumOhq0B9aQ0PhOouLK0NyqPc98OgqXCpu6WAHkzblpn4SqcfclcnZQ q/pqaTrg982qfucnoz5M7qKrbu5U776/q0FoWuHvKJa4enNqOo7RnKcQNiNI bWG5QBkmKG9RDm1KRFrp9HYUnMuDi0QkCJSjSGpxBeKbOkOOXMJgGy7XxU+S ly5/RfQ4SSckPL4H9uUJOliJ54emXGurnXK1oMrKur1+UB9tSpZ/z7h/FUa+ ruRYszXWaL9LPoO1ZdqY8q7AC82Y6C5us1GajZoHD9y7gCWNSqbAJDCP30md vUY6gLGyngl9SukhOiBDLfBEqJOttvRQP6CvC9K76PxMn23NkYVhcG7GdvHM RcTqq+1QXr3WA+qB22fmJGimLQXqoAMBtMctQtJUZpNlyCwaHhjORBGsXAqi 7SqL3gA2UNZbsBE78Yfk2QfZt5nt2erCNDbC/T1vd4gQasExgT/IYuBriQqX fSIgZ6AgHLLPtEkh2ifUSbe/81k+2k87nEnEEnKD1UN0I1v98K11L6m7CLYg Nd23o9Zb93XuG6NB+G0JEI7fazlYX90sjsC982cIQ9WdT5uRjGNv/GZWPheD Jx8y8p4dnCQY3OSDJFZ3UB3dHimiVzSSI5C4DgNmADHeX2FDJkor0E9wTKjJ dRySb4nbzG2llk9wc+cWrsJj1KhXzd8uj5r8yg4Y1dPWCgQvDFz7sRqksk8G nqOhEynOg9B5yzi8C2gDlY33L2wx3BOM7npDtzAXdVYPKKTyRXN848mNwBau dD9trGcEwTlA8FWLOYvEm4wmnN3kk+IrEiqVQi3ZcQKp/ivaNkCp67Iprdsh 38Vk3XD7SLOT5UqI0MMoz9OIK7uFSvPCDHw3dqrIR4KGMpEQbTCOkNl72t9Q poAomqyezNvmYfh0bT0MHNQsGBwxuXAN+sA7strrZodfx+YAS8E9ROsZMa+F W5mKYxh9yG4yq4KcNFR3yPOVWNvr2MxuAnImzMKbxy7mNLFTOfye+tal0XxJ IYIwfCdJrZZbyYmirMfH1RjWN47bxPEuKt6MMj30DHBJJHJk43zqDVBAu30H 29HffR0YSrSoqDm+V17XKwIUncuZb79GxllJDDkqNneGnvPiGLkmA+fi6GM/ iX1kRrTFi/EaHqkzDyObENVZ84s4xiLzQeml1VaZUY4GVcXSHiObXbDvRvT1 ol1x2geP75N4sRx7EDhKgh3U0JICzOX6ur6lC+AaK/gSy5TDgJuL1RMaQdPE RUZ/S0Qely6AcyAVlyJcu1L6T+htSaaLfQ0ayvdhoUXZEn+m6rtddLWyZ+EW b2Dydqldd4iL8kwCnxNW5E258E07CK9izz13uBkCfYMeDY/ZixQGTpdYr2bu B5XHhO2LO7pcATNaPlj09XLEe8KRsM626wxm7DOHvlxnAfwJ5k/DCeqlOX0V 0vfhmL4NR27IU9sUZlpUgCXlhpnWroEZzTKLRhIDxKmDzA/U8Zh4EXJvHhbH U2G3wn3ehriENbuVscLb6iHumTsoUsqqZTeGSOJOhqhGJL2Ko/8EIcbnITwn C5x5UymOE8q/y2OnuiTmFV4wlVWkCm5qwSqlwYO5xupanAydH6kPGcb6GC8y 72JaJAKpcYWXmrBRIuciVgSICQBDmi5Y55/5JNphhgVSYr5SH0VE6ElsDrGs EDRKHWOkjkRbklSApHCg8dmAxnZqKbbGUXKlinJDSomLJj8DMyxcXixoXmaB DPEOoE7FdqE1RsZernyEPrLBF7tiZJk86fp+spZBZmqZkgPcoehEY8EtrlIM X+G8Mo0u51qHHzartlZ4e4uuHZJzqjXSLtTsNOwUu46Cy5qw+E1tOC3GU4XA azHOzsWHiUKp0lmVIbLAE2F3I+1oh/IvRJomq02iJNV24Tz1xPtKrsAoTqQm j2QhxbBetiZlX2pLYy9yOLVWsSMTwoh445lZ0XhzrI6W6JplBaC4agnNw2tt cUp7nPtsO8VAUA2HiG5Yqs43CXaq9okMF0O3SXrd7pjMvdG1BcIFrYmDW1km xhCjX+fRxAnSEzMnuh1+hTURdI5JkJXVD3N306dCGmSSJBbIwUaTY84de7rF XbWuxsGI9uaGYjKjKwjYRbuoral5SHYocWdK2GitLKrgkgHvZm6lMX6Eo4iu H4KdhO+ipkkh63YZo+4QLi1XXfzF9YMtEsicLdfR8bD4A0KCZJv9v7S9W3Mc R3Y1+p6/oiw9DOjohgmJ0mikcDgwJDRiDC84JDQ+fjmMQncBKKvRBXd1k4Q5 8m8/ude+5M6sLJDj8x1HOEZEd2dl5WVf115bzScsuqXx4+DYVsc7ELz1mKpb qhQzQNdv7vMdAjJllDCNIqaq7/tbx+FgcTYR1bc6TlxJ6azANvuHbrNZar6b pY7l7CS1mupBg3eRU7WQ01IKZzogErJPAlzju5mlEoqAxSTsWD1ZXMXjVAwX Pj0/N1waIAcIH20tJCW2UVESSeuTT3BiX2XR/8/PMFRmqBntc5MOCpOUqk52 /A06ap64hUm95+PkuzWr4hmD8mjFQAAa3fCd0q3AemEaW8IEOkgTs1LT51fz 0w/yrSkjUrvmkALf6TnMqzY0qhTa/Z4lmkW++bYNr04vrMGN1d4HM6TifTfp J7YlcvCsf24AQGFH7Kbl2AeNyL5qtTIvyj3B6+hlh29473T3YezMviafg4cR Kohnz4a3aikQ9FVrJEw4MayAv1CA3T3YW56ajIZ+VOeadLyUHPvzIhfMD7J/ 6EIaXtBkk0iLG7pOnC1px2RTMbgoT+t4Yaq3y4DtPns1uWr15KJWM192rDIw JcL5UOkQgShcgMVL1RSq6BFF1zUh3CURIh927bWABtknsc1MuVyQmpBp2CdT 4yf9ZjS2ggUsUyTCywhpEJbIYLV13bbd7eIzNaaJiAjxHMHQlDK08+jL5FWp k5K1EPClvJYu6+dLhU0VelnfQ62IBElCV4QY8Os6Qc6+tU1qbaGWekBRWjYV Txi67xDmcENpOLKVjsH9qmFCLy/E3Ye+fGshcUgXK5A0w/7DsNwfuD98cAJL NcLxdMFoasqRJUoCd4PB5vRlhOiNvtr8w0uR8CCkbub2YT9kty/pIWm7Jbyo svqAu4BO0KVi26Ze41t5GUvi5k2iZPoWN+uVtY1ur2C3EKw5LYoNKlXM8qNi s72ZcG91LZkkVoOV9sJktbyZ52BwROoUm9UOuSE7PoQaJMZvm7uWPxKITuIX kjaSCWc/p3JD3G4KqjngUt6Gu1zdLBG95/gl5WMp1pq3eJq6lq5Wkl8+2s5a VWWFyNFSJnAaFRUhPTjKi6F4RI8y38Fg6e8mqsBuXHUMqqucQ9pBNqQ5XtVC 3e13LYnDKLBuO7rP/Xh7rEFFsvXsr45FB7fO9s6ikQnlhQANz5mecdkjpiUF U0rekT19oanwOJTNGF8nh3Uwr1EWSBzyUFZqa7aJe9zdcFBUGuOl6hG5gtRl +swmH6cT0mKQthm9OB/vt6ub3bDt/5unZ+vitJoj/lwHWqSSqT265aop+H1E 41nC+Pz04pd3T385ffHi7NVfznCC8ac3Z2/PX796exbkB3YNi/tXIYnMyQjs +VLXFfwM2vL5nC6l57Bge9l+7G8Pt0xJddvzwfx1G53EZ/0IF+w+HJ2/vPj1 mRKj393uD2u05BQwNXyDBFtgYHP1sfAO2/z9Je2TL6tUrRTMx9I8DnVCIstF yNIXoWT0Mn0uCyIhDxqKfXPQZYmMyZY3eCFvXDcIP281UVvgcbUNAhxEK6Un O4XTA9MmtHYqihUzYlWK15iV7yqbqfJqlnpTgOxEfFSQWUhCIp+3VoOl+Yul jzf+4FnzWsOaFRvn2mqQj9KTqdZuOwZBcIGXWW+03MJQa9Wtwf+Ev+FuBm+8 1rgmqZ6KY7uP8cJ7sn00AvK75kEZ0oV7QT6zNoKdHCVH8xH4DZLX7kernYVj DjpxOgRGQGH6kZcqNJf7bmpnTZvuzlzoVDoRsL2+vbAW0UpwSC2fyy6lMCpS jSsBda/qhxNxLkDPxN2RyjqCwHiq/2nniVQC/fATUO0hEY1UOFcfjzcnXWWW gJY78cUl+cNYYnIO5GrHuV8GvzjSknoRYaU/b6jZ4hKmwSN0M9xM8SgzV0wi edZObSzjqftAKZnttdIKMdipelRGRhsEld4avPMyxZCkpsbyToD5wLXuJcK/ VC+LnjvFZI8rvQKkHhhTRwnGkOcn2soqNoWwJCtzdtiQ2bpctWuw+oniO6fS bdNzwHZNZlx83nFjkjwv0kbUW75UdkzNk/SJ6tNWzctab47STKmSU9WvPm5J T0E+n9Owc5xTshE0dr5qROeZClvXBxX3s4u2SCsW7YFUbZEJEukukWB32W9I dBPzUPwGmaOLfAlwcIQvBrmVeFzWpVAMWTlc9RjhgLmtq1Xyal8IZw9O/YHE XaP+cW669Dk1SvIgB9GX/JqyxInoJH3Pi+QCQRCEo8lexBbcmHiFXE3j+w9w 8wi+l01U7nnHnrYr6t91clhIIyYP3yBcknAMxZ1u7+66dicaZT8MfGst5mk+ Y7lX0TbKVlN0ZRkbeaP2ExGvZQ1ga3tfUMUwjTDEFnw5Si/J6gp18jaBiirW ujtPNaO1wqaKheoQQvQWtafwmWqi3BdQAVZU9k6repG2qczLUiga7ijFj8OG FS/su90qoUgmySbRAevDDY5gRQmYjUpfj2NcHbYri6IJE5Q6+EZF5WK+3GdD An/dFnV46wlVj4SR2XoaJ3NrfV4mKGzIeE+8flbpOlxdLWmYZXwikZjVW4R9 kXIr9uT/hG4TawMBvL4T59svswp9Di/NaKbKBoSqrWYHuqZD3Cm2i2PnOBF1 k3lHXIF021hafYZHTKhZRl+jwBEdpuGwoUWEVg6w1AAbgF6Ems39wW5rvsNa V93JotKG6oZqYkOPFBVDJUlAVKUujgxX9EL1PpUMpbd286kbx565Bar+/fCb D1iHyuwtEf42NWCf+CRlqMluNTfvqK/K6AE2rrIz6LFprJg70QkYHLb2hgDU 1gSk158Uq8tkW95rEH+yGoUZiQeGFS5b/VKHK7cxPJpZjxv6XlVpeBJ8yJ+j vmyTmAXGg7/mCRWlDSS8lXVMBNmtXL7CxCLDZjt8CMVRdyyCfDuLOjN6vQld Z/LwwtSMM59Wi3BL4ayYwMntBHCoyLPixxJlHGXlpEkXvTA11EpUeduCWUcy XbPad7K1zLXbruMj6A0yio9eyV+LZ4jFqPF8qEUDFAQJO+Pi/cwdPz976SDz CP81pvxxIqljAI0AxjJYGfyL9pKwJlthJ5oBVSJe6nszijMtP57q+tbqIOmo 7I4VN7QX7B7RTNAHC7Ageo5nZuk40D9UPrBRIg4wJ18FWckpwICKgiVVFHAw 3qpVtHoe8sGx6+VnWMxn7X/BZN9UUB+36cKRDD2SPmINuGTlv21iR3K1FwwI DL+J//9mD4RiRihQ8hLRVaV/vnx59urZ2TO48BQDl4cLwoAemaIgF69H8dp6 JFWFbobOAVOOZviahXrzqDpiK1OiJRNruya1g6sNpGBCueNK8MzgzbRvRcaj jNm7O5YFxc0U/RA41kriq65OWDzcEYBrBzmylvZNdvE1Vl7AjURX1fxiuxST OBtxOmk6amxKsypQaM8a9BB4SVdN1W/PFb6UXjfI5hQDt0xknxwo5SqKzrw+ XT/gKJPYZOBBWgvG526HIB/uXMx2mh740PYqAlO8aRCQuwv2EtVzhSO66Bxr qmArwiRXvtBjHG1FBRrlpkD1gKypIWpfv/vb89M/vzh7R1s/6aKxoLU1Mt89 24NsAxoqUBRo9vDuYz+C73vasCLTGYFCEUeTUMoj+FPlFbCkmJweOXm8O0y3 RnqRgJBjMEL0czAY98xG1pPvH73kLdyitpqs51y0bRA6VvbSBUMaAE2mJtdp 2KzNMuiR07iWJHL42nOMvrRnKd6gB8kTmZ9Gt1BSi9RqUaI7+B41BwALsLxS UmPDrjZHlSz9I98pls4axI5UmWZ5VMmZ26rIRusNHGWOmsEUi4nZaAgyyPae vwsCsRjTmCnbTksgiMS4CiBO23UbqbBJl5Yr9th0GPdZFYoojrA+7CxRur/J aNKaqtNhhlIVwiGEb9lIUphGRL/SMNNpIV2YJ8cnGV2edh59nnJHUrh60803 t6r2EvEc1sj95Q6UUae6aghJs8lHlknkP5Om5DxeSKVSeQpGIWdGsC1vgMNT bSwQXKlwxmXcwrsaxPnIG0/Wm3cSesywA41fQGn1J4wELnxRC2wKkICaZwnI MwrgTOq7NLalvQWMaWdOEP5oe0kiW6tVJNdRBEAyGhtt0iEX4bj5ixs7TMdu lKelUGOuZJxefLfm7LQlK4MKZQQiDmNXyg9WMxTHJWu550Z7ieHntt32dwfu UhOk8nytDPtsinBxtogfAot7CmjuDoX6G2uuyid7kW6WJB6hqNj4JM971wOJ SDiGXScYhx9rsCiNlxO+Z73edJfDR7IQD1TwE1rGMdIKrXTrSN7E/bweuDpo hwUGXLP4zElNzjkSNU5NeGigvNz0oyoBOjNXCmkRd2KSlzIQVGLxLAutXJbT 03+2Ju5r1pY3EvCDwhUfMnFRdr7wWTQczWIJVu0dWy1XdXVKQyXLJzxo+Vxa myqpKmomDxfTfT2sDnD3hLAxPS+bB045wAsZBpecf+YPiEI7FC2sTBgt5dsU GvJsjxIrMLK5PiWVia3En2xDRAraDAtNPR8LQawFY04QS++Gtiz6tq7T9xDe bWW4ao8BiqnoWFYhWDZOOGy5x0BOYz4lctWzsUfzWiXsFUylQTmogxOc6U9f 64tN09ucLIYP0SmZr2LI5kAl2oS9cDpmLpz5bs6aKWpirL93yJ5DGLPkRJT3 e2RHw5WdZg4rR6ECOyxilvRjbtDr6D4g0Ba50FQbkM+4Az+B6lZyPQCTEmeg TVzu6rroNSMIW+aTLnLHbzHFxSwEGJPzVe+68JWePP7bVwtri5P5mzS1r/xB la8jcCBYBe+rbgWkkr6KoHrzVX7Q9XHTkFJAh7s0Bfn59K58JafWIUNmLPV0 zZfeaC9BN3ICcwveLN38GLsMqsLD3SpM16tysUM4I7CMTSFFLtX9S9rkc8y/ x1zJgh4rGWA2e0HIMOdegujBOYkphE55UvEdNDDhvhHnpbGgxFl9cxgnfrOs aJhZxByXWFKcZAuAWpT0zk2Jd/X3N/ff89zWFwidYrTSbiD9ChbPcjgW75rl Vu9AcjXb7uN+eix0M0h8FWaAbeEil03sS5duuWsbpjujJdNsp7rjkZnVMFT5 xFUpj7mC+uKClj6643tq4TNpHZkQgqsVPKSL+owRm1QoXnP29BWbINjE2SmG dC/yXzTTiXSrrfUGfJOgNnGVP+fDLzWN8LsEwiVB7tWyxBa8nZxFwifbG8j6 XYl3428Y2XVy9NZGXZIOwHPLz/V3XKDFIET81aacurHhXk95SUNSjoV1H7+e Zxi+zADOyrfshkarI9pJN/2d+utWdnBVwVoL4UBAz88P7X2RSGQ+bg2KeH91 SBxZ2lKh1ngLfuFNPHLxwC4Z1NjVDLcK6iwTG6rEQ+aQgxWJo0V+QQX5QKCQ puAJJl8QfRW7dUjWVhUpaHyE26xqPy/uoMic7rtUSgWDDipjglVeT6+IlpSp 3/j772in+ukTrRBl7dMHFck3/ha32YfPrqz6I22692pSymvUvNdW6BFyRHbR 84/rEnjBQ/KdloUrxNKWPTKA2gdGZgOyNN5FpUmJ0XRlAr3AXV/toyGdz4lZ DrQeA1gArFR2u/YSEi5NYG6Q9WE17RkeLcx2Zd1YU60cJowDbpCj2RNecTfy 0BHAh5Jp4l5ERe7Boqy+Hv4fkm9SjpugCLznVBdg7r23DewdUz+5tuLH1Sgw 2MVKQcU8K4GqsqN6TeSjokha0oTn9Cparf5WAyWpf6EddSVts9B4WXmiv0WH gbyXoEVo/MaoZ06uahzyvaaDU/tVvedqaVHlZSINyRPowfGXktuSugQa+ZxO kHuGVd15423Q0iuGjrAsfz9sDrddnq32VOx00qyI2xxc6ZQIXvdZm8A06++F YeYSUZkXFUSxuKMglB4Ur/WqJy8EUl1nNumvbJGFwpZG6XxHkEQhwvazSq2f 5roJhkJhayi2Xqz7nDeotVbf7EsKGtRH7Lm5NJM7uLaY626LPjtXuC3E7CDY K+vouI3KdDxQMSBkoG1KicWIom98WHhn6qK9HN4z7+Skd27i6VAnaMcRHly7 19slYgeVmzdRMlCF8ld32iB2jNhX5Xj1WAPWd3cvPE9BQGeZdFNONQEW6Nsi jaLqmtpfkLZO2YKgOfJE/4dwpxvTrp4bVUtARmaYbBAo4/Jp55d5fl7FhRXP y0dCadr6wDwe4G8JFAa/Q9dj8TkqCq/Yb0w4l194CiXdgqtSVBb+nEXAnFHf u0eunWCoilY63OAOPZWA6FUgqYjrOoJdgEBjx4K031tNfs8kejiE7BFqsXgR FoI+04S/xJmFnr62SG0JQaW68d2ea9dVT2/a0bduyi4O0CUOYI2rNdGmQKIw 07VrzOhaVPqCPTZid2I0Sn2O6yq46a57dsmKqdB+7uNRuob3JnDlVM1jr615 QPwg7fz0wOjIen5kAdNIAly27C4p90PmHKXIapNysgJF1VsfvaX/NPKcsl6l kGUSGBfuFNSRf2aLit7VJbP/2G+4YiVOygWxkSOZRNEFaUvWEGx/BmO4DFQ2 NEt0tMvphAmFGY+PJ2WwrrGtOgXTjFWBnSS7Twvny3yYSeSrKxbJ3HiHnqtC MsrkEq/LMln+6rqxKH+z5JPstLJhIb8mYSz0RfFVD1Sb7JwnywMnUwffVw+r IoZ1GKXM5iISHFqBzVvVrhmk8Fzui1+aPE1Nt+mXwYRqmpO9s8cDK9LEaRif eJnQYvGVKtAJbKH3bfYYvYmOAt1mMGwF53PNJrt2OpYYCIFnZTsGTozizE6D AZp+Gff3nPIRKyLl6LPHKp9mKqu4UQDNRwidzX2wSE50Z3aUE94Rqd7K+m1K 2xMMoYwG/gBc2AMp5HjL5eibvhVsCjha0dC0uUIsKTVbYVA+gMyyt/DWVnHk FUAkpp2NJcu5YLW8S1lO4nSxLkAcm7AqskECNU/1KpmcLoWqL1G6HaiGBV1D rU04gQjPwKY+yWb3grXKHw++yf5mGBwSMK0l2YPG/+z7b8fjuO+vnXTvx8pB YOWhVR7Rh7HUbTpMz0spRIej3XUJepKTXED05tBJ8+oDp5b5PfXkzaCZpeso +dzKLMQWaJzdRA5bQbtBDiy9IwhJuouAfBWqT+neWJtqyxqy1EiJ/1TWZugo jCXWsQkOsxMWIO/MYlAB2fFvpJmWaZQyycg6xNWiBAGeTnBlrldQCV/cMq43 LbX3u9tQuRVO1aQ1rHyvkNpRJQWyyeMlWXdCf6+SxbiJ7F2r6tKio3JRwuRS iox3ki4XtR4zTVGdlmHPVB8QBfnOkE6Wl+6uOjrMPToVdjtiQNA+RFxNgZSe YzwnhwyWJK3GprtVYEuoCHn2diHcCJE87j11fC5s4qm56/epyDsY9a5QKTEB hP/NotZNbV8lvQ/qPXIpbnxVanZ2q+1P4ikn/VkkxwStIm3NbrqDSnoyz3kE FyqzShlRNfLICe1HprJl3eNKqvw3Y7jbdRY4DBNBLci9nyip22/aHZvUbtQd 8zY1z8/ff99IwXxiVAlGv7AZht+YbFoNAov7EpP3sCU4ANprG5il3/qT+/yZ 6bFETKwpAG7OZYgad1g9K6tdFElioLHvsywI+TQFIZ9KbzKfx1itBI5IiZIV fLgET80zWy4zc+nyMqK9dWGPg3Zr9KVwBpg04BpyRmgZLdZSkUwiff3m4iJI IknDk1mqDfWJEucR+6OSY5CMWbLsy4KrjL+cjWYRMjMJrhImL3McdsxP6Nds r1wDG6UwBADklLCpcafjv0+Pv8Wgf47/W8W0e1ydy3cYmdskWoV8bWobEU/j n9lVD2i9l+VMUCUw3N4aX2qK2ub3zULDhr4KSodfQu9A0IJeagLfnMkXpqaG vvBAM4f8foxYHYF04yGHK3G3JVWXLy/Is3y17dxjA09N+QI1TSMKOrWfyqkN SH0Q1yHTTLvmG7lJyzy1lLISYSj1aHtU67bXQAuzrWooHzfTUJw3+tQlVYed lG2sW27BwqhCRAcqVSChXb/vR+V9k5qQgwQhBF+jNWFyRrM3N95Li+6b6Sa5 KhfTF3krxdjT2i4KjQZpY3kpOId/IStXyzESmtmBTJP0Y6YmXxW0/0AMRlr1 yAgYV9uS8K3FreXmETZfF06hqEfGmCIWGPikYP2cPv2rAjVA2KO+f2Hdc3ae kOTFeImn2qFpa+HKhcU2QuUg0/8SUEDo3TgGAtdGmKHv7StHRWovVGpn0v5K HVaFeausQ0HhdRjj5VjdZOjxB6bLR96ajDCq2nII8RqGqd0t1M1HCcsu+VOI zGkN8SPpssp3kLAlBOO2VkJjYrexbde6nji09BRyRgqqA4xLDStuYc14rA5o SHVIpRwVzYG4JpJ/URyGLBKeZ055ZUkNkRQhWPSeq6x2WTVoMtV7DOfbg61o vzYUQFJq0imZiOdUSAWGYpPy467AueOCK7M/LHSAvgIOJvlZJQ5Nk6etIFLk eUhhyJYnUjbp6GWlXDslu0W0ez9JW0v7+ub742+OT6oN7BOmgQve2QxLgtkQ jv37dnXfPL81QmyEqj4LD/HUVyH8OmYFDEXvrW2SDr62ZsxQ3xRawcyCbwz2 YGuaYTTCp2k9EUUVxqBflueOzsT7QE5AfITG7PtdeoY9VspIpD3Kfch7XPU7 yS+Ow1wnXTZAIAUztiskQGZKE1DQy2T8h3HUBGIadtmvAUYw4mvmOzWGPR9m 0AyVZxwrJrgnAK51uFQOx+CbtSkAkVcBFLdGaJgFNaJlpBDweOafpUbK/kQ9 f8bPVJtBolMDN8A4dCm+xlOBFtfK7OTFzpXcK/1+wURWrn5RlZ/xiaJLs7aa 4586aHQ17TZVP1WU5e/G45LzxGVFZ9OxDE0dX/pt8uuqzApf8P77Ib19oLd3 La8dYvgZJ4p0blYccdiP1r1TnRm4IYGvw1SLltWcDl8xSb9pHhG1pG5e2fsQ yb+2YoSWZLPcgtIWGugUADhhppPn0Bx23S3VoqbsFZk0yRyyI2PzyrHVsB9H KwZkNlTukVOcl/hg2Z67O9AFs1Ocx+2ChdHRr8R7yboF/TYv6Zn3wMk+1hCI yAxroZiwmaqIdKvjmpvvk7lJQpytpb2WyHDMMN6l0CJzQ+sz2bu863F2gUV9 jyk3Cc6x7VT91dEUx6qHZkUxl/c6531KW2JcsaTT80pQSvJvjUlBG3LclOoO hNNRdvpwpdV7jUKsZ100uC9kmnGmION+/RI9Qu6DoYaaIPSCYwi2ZGjBwFtV oJOCYyEFD7WOG3YSzSztbwVZAOKXBd8LB9JAD4/JM2cJ9gxxmSSpoBO4tEw1 ASj0RuQtwn93u2G56bbXKPLPhIKl7Lmyi6ueKzEeiu9E0wdebmBbRrgpyx+S 00zNdi3cq63pUybM6O4s2C6vMDtRvfM7vkwO+0CJM6vCCPnzpGWXZDazVjrr Tk2sjy5Gl192bcjAK2D9jK1FaUIWMdOf9ia7ch6SzOGXi4vz4OsyBIozxqv5 b6cvLt7+7em/vvn56R9/+PYHWCrPy04IvkskjstqHyTW6h1VuR5z5iNynhSq FBNSzTc0PjXrUMRTrdVdZs0ZXC9v7KN2org2zvBF0UPVMXRHMoh+I1o/ik6h dNAV5Em51L/F5Xrypycn5KbmqloO5JTJOcloCsfWEJTSKKKKEpb+pRBIiPF5 we7OHQ4X9x+oGj6c/Q8TasKS+VjR+c5iAjlct1shdgNIyxUIA1xXKCk2m6uj RPc9zWpn1Wq6Hoa7BTmCAKi0alXwAw/F7o648USO6H8Eiz8FckSeKUe49umI d9SYP2upqe7jTZzQ3tUzlQpL5Dm78SrC6KXDVG4SwwFHAnrTpQ03tKA4FDme mjeJ59ZKXqK8tuLdgmcxpxpNzZMc/lt1fgoUSnzKFFFypbyjkPriQQhNro36 5IE7EsgMFVmIRifLlbhBzw225xqzydqSvtDFzQ3Aca4uCD6pdWqoECsrWRN1 p5ssxNSaF0+byyf/MEaXW4oyDQ9INYVloWYIYAwQsgRt8kEyBh0rssLQgT2Y ghshMfQEOFpXrNCmpdMt+wI2h4QHpD4eG23kQNLCMw8op1oCrVOwl5s9QoLp RZb49cbah3E6MqTHtNyTKcl5fV/KNnKQgGenZj2U1orATUlrKal2Dk9KxTQP MTygARiz5tiJaIsiRVfbXxSVxh1+mX5WLZbLf0AphqX7Wp/xinTrIEgwaaZm /BHS30KpJV3x8DHfgpmi2ODdrXwmpYWuXndCpbV5HtkXM2TVtHKlrTtvUU9L sKunw+0tNk5WanIVOKTJTQApv3g/Zsvuig0TEYRAJ3LWhVBjXdC+1i/eOgqN YI1i2X/UGXbVJxMdOHkHCcF4Szw9R8/P3z9BnoeSqkDfi22Tmrnc9ejg0OGu olvreOit3oliSSo1kPGUMsbwWtMAc1wd0y3gpnvcEuHKUghJXVlbnayVGHPI zRZAeT2YFUH5FtVML3ogNgAVjAJfcW2qjddcYS6FDb9vrbu18FtUtzgRa4S0 xQivzohshuWPAwdrJiXQWS/SfEEvu+veEdVvNuHqsCdZ4xxgdTKK+5XgstPG A8AsU0cEiVk4l3LYTIQMFF2NTCubMre8nbBAkaqqz3lUvWQAiqRHFC75Msfs Va+trJizG5QWZ3qLptgnS+5SppGo/i0obwJZlX/863V0T5bjXctMqk3m11h5 rmFx5NynSl+bj9eYCGgiKyD6jjDw0LVjJtPVEez1iBsp5SRtEYQ+2N0x5X/8 LG2vWBl0ULtd9eIJYNA3U5vlZMBlovicbXLOwdBnOKl5GobUAW7P4b7J1qJT q2V8XStbT/LRFanX7CXY2B2yxgIfRKPo4/V9pmfrmMFLN93mrtJLYIp1z+HX DpflRa97jdQXGo+vkOPcOLrjfDEVui7RAdR/E6HgWMRx6OWrL+ePUoBQSgUn tW3PisAoN7g5SFJ+uoCuAdaxP1iq1glJG2fcpQhahQei0SY3VVjSzBPKuK0y biHzmqpEbewpNjUfm49UUndSuyZPE+VnSLsv0yvW6i41lSsif73jg73Putcd N6fBM45Q2Euc7LFzJYnOLPdtvzNrPS0vBVLX7l5KlbsTVEEbhcQXaA2J9lRm ktxwosN4QKJLxkzySIlKv158xEJbOH5cSXfIdM302jZcGIbM7tjVlLDnJir4 GRHDzYCDDMCom+ulMPvDGHxlXXwvWUx47RWlO1w1D79N3ZgAEkurU6fDTUSz tD6TCkNnSeiDp+K3biR8fr4wIwJ5Ww/8bDLB+lvG2+xoLgpsmpYN59bJrCmS UQCU3fCsGGv+vYT8NYXXORhnridn/5QOrFRyVRI4rxCwo2V7zv/zRefPt0bA zXiwlA/KWhu5UBBwvRpkHQfhOfcFbXr2tU2wOh/cr84tGVU2K0ZO5d4DFzn5 U9avd8alyLRTUd56uBu2wTdm8EgWzR6mOX5J5enDRqp/uExcYoXTyyLHhGOn hSeYr5Dootzs911NP6OBvPMq7Ava4jKnL+ycekx656LQzgDkpuenmEnZfBi1 LaW34luQ+bPGkPAuOAHAh2zy8CFV5UtU7Fd2eQBF/jk6zMsX7WXH4jsjLLp7 //2SSOuWG/r8d08wbT1OuCqZxSQGVOpppFpbATzTKA1GoRAezLkemQ1YZZ8+ /dObn59+/+TbP1J1tsOlcsL39Px5ypuxh69M1TR4SIOrGeIep7SLg2vvro0W Qem17W/RROeGQ8grpOCCTzhoasx50iiMtocsuPhLcDju4Vm/Co3J4mqlpEkB 4tPbNNfvLgROW/BqRW1wfY3uqISXxK0VrKWVTo3dYT1ww3pr3gEbXeros+Xz be4fxpJc9R0itl5IatYFMLYptqGTwJdjwnTPLlpvOSBxau+o9JguIc9WHGsT xuwTko4bO1OQpCgFjnfsxi0DA3NuL4UtugPy7+6Qkol8AsdutaOcxQjYxgfq CUP3LLWzVngs6Kpzst4LkFHrndqnfwn3l2ttinCju7xCRa+/YeFlASYiSY9T GX8M4Z/jW0sXZZChf/pE/17Kvwns/c+p/bOwdtKX9E9L/Im/VxZ6xu/Zn5b4 E31vwh2jEciyTlUKpvNi7XZKJhksY2YcYQXJbMUZF+o1enclgo9iy7861+xS ndw7+vs7XSLQaWhcNzWHZaoNdgQr+mAMcTXs70v7+xK8vbgGIxJVpZsyptJe LPUaYGVQF/Aija4elJFPFBy4RYQDe5s6aqfUKYTXAT3NXCPpybsqhL1gemvX gLtzg87yR6ZgXAtZjBMKhqKevfPDngtZ82lpGDQ9a231CkKzPA5AZ+cfg4hH Wnt3MzOOrjdl+vkHj46bP98HSn/Fq82Cb/pGGS/ccMsMG9a0kQOm6ZqEB66J HGqjoS+22wgjs/ULmGmRkrSaMJqMXWJD5HrTy5KHvkELGbDiupPL5XqYHWfo TNijDz7MgpbbEB+67Io6UHrl7aA8PpUv+LZoyMsxlp6K4b1NyRh98NE4coxj IkqjubHiUUBu2atUmB6ztLf31LXRL98xCSnCyFR927vSf+ZuaN8PvaPIoW6i aHuWSVTO/4+TUlIth8VRrvxCOQm0e0zZ2uKBZhYSU/t8b4mymXayJzgHzTjV UfHlcWniXbAj6ietwYsXcR22pAEuoMSvK1n0HNYg7QaKA29rwZwy3PGZQhK3 Rf174m3yFRi15cxyzXdoAeAZ7RKk3OHkuCy00t5WcOTnREk6JJaK/HAbQyI1 oWeL2xF8AHUmi+Wa+Wp5jlbsUvojobnItODuYhevub2xQ5ZXceUu8dtBbSGx K2lfcJZF4WeeApne2oqLm+MZLmBsr7gabb/ryVfJm4G4HwbXReMDMCHStYNG YBTHfnevB+YZfCkY5LkuBkflknayYDrN41u8E1WhstcbSrLZnYjAItjai6Ho QUvBabKLvH0Ezsywy1tq0nNDuVx8UvKKJ0sGFzCuOwfg1z5Iw13Ch10hw5dJ Bt3Lq3Ylje61Pibh1YvNABqqS2sRhM6dbYe8p5PB4tZuQp3Hp+YLI33KWJwI nHVygOicg9ROSib+nWG88S34ZXPumpVrs8u3iy9RVKX4j+VdzxTVfKmZhkSr TBJlgVH1C2gIRR2Z5kqCwXVynUnzWD91X4ZdCBmLredqs5fMU88/AU9sXUc6 vbeb0Ntlc3TLgpcdy7cFkEh3sM1aVOlS5Tpd3ybkb5PMJzrXbmMVgCFqlIIH OOEFSOj6EI1tcIZt+Wyu7a4XBxvgzKy3za/b1NXOESScOw5o3y6KZM6ux53b iBZpuDZP+Qw5nOQaGGS8CGyh1Bg6zFySBmI4M6E0pzHQtrseJDWVYr8Tk7ri G2ijeu/hkeC2hoxi6W9TqWunLqS9QtfuNr3MCVhjSAu0nn1z9n8tv+NAJmCL f/yB/H+qyIvmKec3vyHT+7B3O0JZiGh2LoLD8o03ZFBkTWp1zRiC+u3jhjv2 Mt+Ab0yoqGVelP8cdohhXGWvBGM1k1C06oTEJG9/pPjFX04vzv799D/+9dnr 58cnj49PTp589y8nP/zxTydPTo7xv398krw781ufwsqIDl5hj+eaRZO9Dovw 9MVry+2aEHKVPWbWU8ZEne2JD5equQG+mBmfbzPgCuM+2oa3Qk+QSsGlawHb qD+xdNaviscfhTgSTWy69SgT6/daRm7klskwrk+mYDp0c6BQxW6UAKLbKvW1 5Y90gPlRXpzNPMz1xMLwWMD1TkRwNrz+FZv8N/Re0Rq4DBu2ocps5nUpwheq pPOYhm+3LdDdbabNbGTEWnc7howSeh6/LyAHF1mQxwB59RFNcBCb0/WuXcE4 G28O+/XwYatEQ7VfrtA8UXTvLV22axdZDlKjSpcIXr4fIy05rdI1nAuLKpeB JH7JtVagWOI0G1Eg//J8jkjVmokxP7hGrEZF3PKXS494MX8fRcV5K2xJkLwN BWbQRCyOs+6MNktLLKQfGT1OGiA4MDnC/3KuEYzUU1hGp0ZuNTZfqzfKyVjF o7hFQFtKiiVPztpFqJUz3cMlHZv75OgcS8GSPDllWEeaAlTTP+QnBm56qEL+ c10M47o866PSGkUNTyJ15hPGNUldLmQZwevl77I029lZC3Mvax5sdnQws4By NxLtCg4KQ8DlJdy2pJw8W4qavFQCgQYwriYCdRyh2M/agNZThWmcmtbch6K1 WbAcj3Gq2YUgrRbtbWKEQxS02yoGU4+XKnTBJhIzqDLvxOdxvFzL6l2/F2FR 4jbUYsLzg/igACNF7nQOcBt9lY9MZn4LeXr3CrrpxZOvfpdGK0hOCuwpqbwp SyHE3pRl/EsIBcMcoWCUA2S7WRI774oiPulTeRMXin+LF/n0tWq33HBIOrHJ dKIi0+phQlNHz7fTn+brxds5cmCz28KqKyqKjNy4DTUvZkaGttJQgzMf90kM uZVSGn6v4Pzb95XpPwScCzNzqfBCFtvXGNntXqh6RoWqZLtYqV1jxl/6Ji/S PtXZ6MpljPzujYKcx3nmCZZnrsmm9l/kqKCE+nDnBDB2NWHmQBzJCJth1ktM apc1gtDf1cn4/zAKmrjL8ikMXsVLQe8qUB2ezoHqlYBFLY7U5FTwy+lGp/F/ yrxFuqrBXe0JXEov+CQ02CcpIhB7a9fpcGZ0MJJbxrR6ZU5J5J8cG1eNCULf KxTkFJLBMOAgxWHGXxdznr1DlW4IAN/NPBtKCwKj1JOJfEjk3D9wjyt3JyqY MGlOPu3bnR1ktk9468bpGwS8gcQE7XTATJLt7rnvQ6pptDB5yQse7TbQt6v1 yOAbUaBFrDxd3tXh9rCREkbKvafaw2AVcxBXpRE0+RmjVWeQikEKcljIGN2z l4AXBQLARdQ8Dy7l4Vh2z12eko9hVOXbfaQGDACtGJ1hKHe5ECPSpfnHEH5s Tuk0c3BTmBuMaT7NQ0fm3kfKRmP1rqlAPjTycoIF9vhXNa5BwkCZwkS/+OkT /7e0MqGOdiFFsyZDcYWSNs7lZovv27iC3KQwpxKiq9JUSgEtyiU5HY5TGt/U LgpIGtPtSCcD2e6+0SXbmzl75anNZWHGBmaI9gdkaqWaPqzpi89yLKSyHanl u1c2vknhkmE+JiAQaYMSHlbXWXdSucsT/J7wkgXf3MUKbXZfdEsbf0tnhqrc 38ooZvRbYzLXgeo0TzOXh4C5rEkeN4c7bs2kmXOngo4stxKKHrqPosJxv7bQ PrMfZLpQmEvee0qKPHCidy03mheaEreR4MZKMkbdCdFNIZGIbiYiIfXcSe1V hX6ce7xYKkYnULF7LewifZJzA7+XuA0g3quuMF3NOSt1l9ZbiCWW95ryOeuK a3Hc8GWzdwqsjwhzY0DF2Qsod6B4jayHcWDkm6ixN9b1eUatIzmUAp68DO6G hn6sP/UzHLgz+t57Q71jmg9fYiyIXZkZIeXpExBYePX63dmbN6/fcCiFEoZZ nL5K6IOJqQdmS/hsgC09NBPvn8vQWi55MKrm+uS1AoaxTMHfEERk9hU3rGKh zYUZPabY31FOGaZ9mfFhZs6yJWiQlR8Hd6BDOtBTQH3Fj/YFoH6CjBfk9PYW YNLninD7MOwU821rcNBIG8wLWByghiJJsQJLd5jYDOk+GLF3pXqhiLk/S5js X6wgchKIX95QBfW/e8hGucD8AtdDvN/9WEbdbIEhJFUqQmsL7bZjpGQAHkg7 DNCu3+TzWLZIkXZsIdoN3SbpIS8ELNmc7EoxeVMQr5GI+N5XZuecg0c+p1/t 3/6oQhfLkiDuz9ydwVudLImy02Ji5gBo8C444toCQ99XuksxQR1ZZ6vEHl/6 CmqCJYiBC7cyK4NgJx4QdIpB8XujmUcE/YZU5uT3BNsV3/QlzVSB2HQGgHs0 dLnQkhAgEg1F6YrttYzVlZKl84tXQ4VtQykJ3uCl1M1ji0TjVlpyyYCGLvBP hI2dgbrzZyIxuk68AP0uWlockBCGV1cCFgcTDTHvMyIrkJ5BXs9zYa/Nml7Q TTMHQCPNqV75VmDq0H7opn3vXuQ4W22HAZrMCxv82B1Thz+hxNZOWDllndze cFQzfoxfZ/ny+bcniDm/bRxQHkisnLAvMxpslTFa695uzXpXUdxJXmEBZpQ4 oIB6spxLSkpk1NXmldNKnWssff46ZvQZ5HxtC4OQ77q91Sg3bRIVwwGpbcP0 YMTBvABhstq85hCqbXbIymqj+GR2n+hs3d91zeOPJ+t8ADIE0+QsTALE/Me7 YcxXnRXksPM5IMT9p9+i0r+H56GVALsOzU64CnV27iH+ZlXwA3lV88D7xAV+ rbbtIovMpXZB07e0I0G+SLshpXOWx1IoHcWU4MzdKKGQN/FKx1HOb3aESWSI PokDV1tDXzs9P3/x/Okp3jTZhYH5Q8AwryzYD2/oKm79nLJSWe+qG1jkx99a nnsVDYFuXCFhRU8LYgZTWkWjXuoLSwRCf8K1RXVE35cIi6RCU5Y3XE5icPFS HuKSwSdhAH7aQnPRZs5ASJfsrTDrlQlr3mk57q6XVkkWEyb99+KgCAKbClLy HO4gIakwxsmi2jXrbjeGWpmdLrX9YbkexhzEYrnlcc/x7/WB8NbhquvWaJLB 5xoykh9cdAiDFJP2qNyHctJZMO4k7QTadnCXyZ6C2+RocNDRdUa6co6DhS83 8ZlJ+QXf2sDQOWXsBWZieXA83esOd8ujHHzZg4VZ3LM84IK3m6bLK0OJfWb4 4vOTBTE3WMh07qb5kIyr1ZeQiOOnCUyzJiRnTQ8cAdaDEqvdiEU6Usm/yj2x KfFvyFqhVQq1izHbaqJRWda24XPIFqV3shziG+QQP31dlqqAqaLMNLpqvHZ0 kM14BtG7jRKzOzts+YsWhSxcxqmltKyjrkocSTSbdlR3RNfwgCgoi5vkPXPl hpToiuwtuzFPsixmMATDGqSK/iLQPe2hPJeFzYLTUxSjZe/EqDO8qQMrotoh z+XVNgE/T4EIoTy00KjclL4y4lhJOyWMbE4ndNUSnNAdRYzLjC1cbDqnLhRg TKvMtQKp2X0ylct2suOhGysLi9bBjkq9DSffLy/v951nXyYODZBuEIWGVZab X1wLENJIxbP8UzJVyg+B1d5L8Vvx0yDTzF3xHDm2nkCBKtuLcVyV1YqtiSyb WSSgZeXKt5GhJuxTvGwSjSsFwQV+AwOIu2DOsRMZ4MIa8GAefgPfYRrvMI0q w1VNlYqXBRxTogQp2LijOEEkXVK9tXHA2TF2FlMzbJGoDhBrosSxR2PxQXq5 CGHM1mgY4KHuwXjFdUgO+698WXKlxUwM1RWolkm7Evc4fq1wLiqAYFITPtGa 6/UJQJq8fVwz9Nim1+xdXkEjZkQYnyDukzLrXbdHK2fqe9WGN2cXz9+cVZkE DQfKv/Bw0F4bPcxGdDNtnWSh+m0FbILPaLgaNJW3ae9R5sPWVvylNhD/MYT/ +Z//CRO1Fn2tn/uP8bX+TKHRo28eNf/anCwCBRLu4tv2K6485k+//eH4+BF9 WL8URyff/BA//h1P+vRj8/VVf70s1Gaz7/eb7l+/KkfgHkxf/W7Nyshbzgp3 K5IvJSeXViL0cY+mkBpVWVIXjNQljMuoOZG2666J5TCL5rVMktjcgKa5Kn84 qIQcPXVZ81IQSGz2cCw2CEw/KhUvQdjkM8v6GIYycVHmmuEf6aeQ5NLNrN3F QXaUQOB0KA1Hn5M9rEeg3wtAHTAFqYnEAqYeFJM1YUZBruWW6cBeOflexpcp mbyXPEJcsOpZYKVWI+ZFmQUxXpCNFI99f8esxNPd9S1QoyVy6TjAanulBnVX 0RhZJ1XcfKbjVLsUgLvpgWc3l1CyUs4pJKIa4fr2B2wqJRpgTVHl6Xe8YIvG qAZo769wx+jLjwREurMOQFrUqknMb05kzc0gJNIragvdzVyE0I/Ok9nnffGw s9plQdKjV5K9l9VP6Wr6MxXIFJYmVCpBNVY3ffe+M21fZA3kgPnIO0H3Jrld IB51Eb/5Rl53rgY5m0YQ+m2Vjw5UnIpcdKOk3DrR76+lmcyzZ1a0AyybJebU ac8FD7VhLM4UghASxqTHcv5uRtJ4zAv/UqWVFtBU/B4V9Z9DM+bW89g8+Vav 7I4vSOo+M2OZ6y8pYAtpIz9LW6GCdi8mPO6DtUkQGcOlBSkYWlcSvcsryV5y Jjvofncf76KWd4xF08j96dnps6zPePRY/O3FAgQkFyzlKoe+AFnAanCVOW3l aePqprvtgvI2EMXbrpnMdq59yWcW3UMZqBIXYWU8IkyXP9kJ+znclAdNHYdP n/C05WYYuDTOceW2afUAzUDabnLOo1A69vQseK8yNmEAKeoWx0XOjKXhk+9k LfoiD+EalI7bxGaf2oR0CP/QDhubRg19jmTXgo9quJGuCuV0MBU9yCZX+VyQ 6YrpTV8PW1Y3NhB5uiUuZvbwaxopmEay4FYBWKOanL3LmDYSlIBC5TWzxwfv q7QViQAoCAt4D97U+hIGLYpgR7dSSFpn4nyp/16XO0Znsr1OL57C9jPeeSrl zigNqk6jnPEsR8gpDkcz5199YZs1nVyi/ptpZWcxL+Zhtl6U+fyyXdGIg02Q MQhzgyqzBfFO0p3fUsRd/oDZR9N3kDrIOBT5V9vKassOujKi0VFCtCl7PdmE aXybpm912Sy9uYCgoOZhfTZ/5mEQ7Iw0UEbWBqXznD/ibJfL6yLpD/2aizXt wcwjluBU7M8fpPOWtY70iSphMZp/BOf99jcF63yyT7XF7M7akQqqq95HQiJL LZH+ScBQeZXmGOrNr4yD1ZxKbdrG7wJKo7JTUepJ/WHQrs7M8nOR1ExKPe4A 1lQTJ4WMHtjHkYCSu56BVqSQtAuII33l3P6e3W7PuyvV6gS9RguRzX0cjQYA OMLVzCGcIm3cDSFQ2htOYCH9gGR8oQ6x+eUPVTVzP2yZicyD3xC9jpMI45D3 OmtjbChUa5yRhBWtEUA8SS0wek9IC3Yd+Gm0f223vxnW5OO6pj0U+CCnNw4l 7Txq1XkUOycuSEkdw+/A6Yjja1lDeUp8peN8cxXK0aq1rUBvbCYrReNMLCVP xdBtiM2wHWGJsFge51s+8f73hONFbRUyPtFM6Hbkju7pwGj+s7fW56UOkuhC EUPMKh9OqiY5B2ldAxvTtcriYM5iqrepm3604fBpFZkQ15pj9Vl7FbIRdE62 wwXXhXw3HA1ZywxrP5BUrM+1ENH7M+ar243cK+yDf59g76NUMx+gOoWygM64 AIK5A9o+xW3QE0foFuMM2JQPzpItGvXkoYYrtD3Z7e6BjmLaDOEC2QsdxyTq kCs0y0bNH0RXgr/fxRtC/3DBDkzWh3aK40CYd8ajk61b9XRGF00MZt4Wx5kl hW9WJwugzx2Ve1cbxMN/FAYf8XPHuQlAA86ok1ErfoKRf1ajq4RUAtP0A88p X7R4STPH5bxwtwCub0VMtazlM6K96MOlXLjFnmpGMF0fMqFaC3TX4lep4IVt ly/Zu+SaFF0FjVkuC4x9cHThKn9kYmMi3hPmCa2JgKLot5fU8NkfubMsIzz+ 1t8FxlXedKvfhJ6nJFHVifRjRtqlIWSstvolUhpns1P0SpqewUk5GJnizlCB UiKlzwyywRkqK+eMyQpbBv/VdYdkA1at6kjzS3Pq9P4L963oEaSXSXIROIMQ N5UDmzjH9JQKAjUdM7faUUTW4x0cHCk9wKDs18UGaP/HTdf+xg5hDdeTIXP2 HG/NesPJ6HwV8gPIDSUZTo0qQgl0jNnIiJpHs/TQzt4QZo5z86M5ow7nZocC VGktSK1FQbq5ZRrQUyXDovws2Zcf1O6jzPQeqFGQStOUO5XQ21EOJK8nBShn 5kUlmFSbJ8uzaz+Il6Y78QG94Uka2LjWFEvjDMyX6/k9yTZZjt0KLTfAfLos qE+DGvDC6UkFIEfd8fXxorncDPHorvq7G7J8f3l5+lS4Vr45efyE60UmFSnB V6QoKfX0PCgYNXllbX7xg10sXDhak1RlyrGG+koyS/ecKHXieKfUqGTz91tN Ow8VNX2RksD5Ba8A7gWz0aIHhvbmjjdfKgcsrDwPNn/ablYH5cWduZ+fvmaX AGdEylfqeWIj+fWRdkumRxNnt2aDmKp5UWhdfWK11Ks0ysnZ+7c3p6+evX5J jRefPP7he+JGtbOVtEbZrIG8bjx/9PEngRV0I7Kx1AproF62RhdCjqDJerqB nu1Pi5oFJ05dJ6w3D13YeOmDjlFDtohRyiBYgfm8LZbYw68DmDNGV4kFKUnA Q767VlXEjIOjVOqbRIHquyTozW274SQeo//oh9HYp5uZEbpwW0oyBwp4nIWq 7YUu74OjoIBNuxvilfgMKzJMd8QQWj8LAs5O8/crIofYanrBHi1Z3dL1J2EF auGikI+PFpnhE4HTHF15dUGfH/Gs3sVZLZzWfNevHz0C9vCvz36WMb774fs/ TcZw7Qzc68nMCOyPVFdLJUUEgq4bxPSDsd3sH4lFGAVc/LX5HCZpKW6+i/9o RTyabGJRCc/wAfDGwKi1AkhUnlqmm+GzRqfFYoB0HtgpLxw9zizWE6L8QsU+ D7eda1/hEzmkniY1csd5dnzXAQIypG6nWqaQIn+rMszmEmLx4oSpT+lfdfVA 9G8/mDubQbKmfrNWE6WZ+3JSv6xFcE3yQ5Apxd2ko7cFUh4Kir846d8c4iAI mjg4hQDqKTgjRiJ4NEUuud4Mixx/QUG68EAP4Lg5bwCq1ntQP3zCukqKDKEV 7hfuqcGCN5EJly8KdYXO9tySlI3X7coaN8p5hDFLDbdkEvXD6FoSqwF6qcog p+8RYoh0pYOZ476oW0NwBTZxCsBleK2vewmSlys7aTPoRqNQSQVxdOQGKWQ3 L9g2cIiCQXizFrF2aGn7B63ahxfDQ6vV79Cm0fdNXb7TsxTMzIZDlPWrTSeh xOqFcecx8SyIz7r7giPjlxyxFl506mieURRT0HY9v0Tam4te5vMPsseYGZA7 SccuaaZVXMrGIVDJO060fbAEsXRUQZ9VjcKLVY5mNdGfOnDFgnoiXN7F+TIz ywvApRVTnL95ffH66esX7/72/PUL1CAI3QGvSPnOBVkTo27jtcxp/TMEGXMY c/DYLEcNJkvpM0s4ACgmEenRSSOVPJTe8apzmv5irOgXoQsEBZNoaOhKaIcx RRRM4t2pyk6bk6vNZt33yhh7mMTYFRvKZofn19uCwT4hDWsOvseMsGFbj8or hISW0iV3w0R/cnIAfd2s8Qe9lvFtCA+Rsdt4EkrZUo3Ydw1X7mNT6TMxqF1C xfFcbvcHBLI5a7kfhmAZcUtZ2KpVSk00tli4anPHV9flhjN++8ACe7jzVGl0 C+cGkFp0pmfgcoTVDcJEvzK9UUfhwH2nKAGEJy0+P4leIpPht7P0AY3a21ng Rn3mBRr8EUEuITKeRWqYFT6kxtA8PahhLh3hKyWoqumxJwKrD80TRQUUOtHq 5bkYnaS0nGfpL7Wzle8rl2oRBcGdWGHU/AjKODdT6J3+MJZitaGMGoXhO6pF 3nVXYlgrlfVDV5B9bj5tWTIvlQOUi8DBN9pm5fzeaiKL0uJU6U3zvdxBEhW7 Y0306L76xzL2hk7jTyzxKAkFQBXPR80Yq1OJmlCTXS21y8szXdz55AzCnmqg Nix+If2XN/KH3ysmfCpLEVWhQCimeMTNJl8T7LXYllYqjCi1phQTcU/+jI50 1p6DC70BynTkkvxXKS4A6puZhsFgDbCop8SaOHP8QxgSr0EIWQ4d3NCUJh2H jTpAbfJwie5VR+d/pZFZRaFZsS+PcHWnR58+8bLSv6jjSIYaRRpAG10J6TVb G1hQYSSh3xOVt8TZXJpN4mwW3peKCWIE5hYnsLkZLJ++ZIM2YvBLkQpIbvfM YbwHEo1qn4jOgE0Fx04UB04iqyBgj4sUF+G6t9MpuiukX8jCs0TfdZxWY+2Q 2qUXhffSNgsE+ryTpLM976hQykwOqS3HT3FfIcSjHZJ+GI70dkwNHhKRz19d nL15dfqCCzAfSf0B/MJLB4Og8lSK9FoKND1hrAKfq+16Uq/zfm/NxODc8C1C EQBX3fEZSZmAaf3nrnlz9vbs4t3bizdnpy+Nm2EylakTwr1ep0VsZlTlZNMi SvkAD9spQ2D4Ouu0BNEzhsD/2whkX2Vq4SkLIm97QK27q5gj1QGjN7xXYmKQ RShb79jdthRFFUW32x2seGx07GEQKg6CnvmLGqS0xda4VL0UKTxEWp3Tui/t oNiEU8Vh+Txakjqdj+6+CA+q943vR7XTlO9y69s6UgYNxZkEpopnLdmBbUUR s7wrI8cbhtWBie1pOMoq90l+PcgbPJ3gCrdijpxbkxh1JgqJVebBkZBEazQ8 yVsS9Idyi/2DHH9XwSNEgSR1MfLWd/vyjvoLspt008zeDDkrnKWLhVH+vaN5 psicJz/rpUZb7EWEsq6uKK9MKQ0A/4dtfTYlORfLD+kgTnImXx8zJR9aHm3O gFYxRo0w2jnlzCZuaYY3g5Fi6J2E7gu1okktjxwdB2fqcDGz9sxUQwGL7vZu X/MArfCnKnxpsVjGAS47lAW3roRAmy5EZUfQwbwEOG+y4YuP4b6xgzmpbn/G 3xGcYv4xwaTu6JUBlCWnyNJuE3Mg0Y5F8cdsa1Mn/3jiJmF7bJ723LwnnC4f 9tm4buhEKhJlB+Ne21x0IlyVz8j6SeXvW6yJuTSJcWPUu4xYNMrwhUx8EhRj cNq0Nl4LkcmEMw1EPee2c1Zn0g25Och8M2mdo4HzfopmhNCSyChUuVR8T6LD oj2nujq40jeKjPDTyUqwCt661ZmFQP/zIO2Q+G1Qek7jwLPT9pyt/NHCKDTL uC3D5j1MO3Wy6rT4oAJJqN7ql0BsI0T/h+1kXeKB8AvAJon6NRR/6a9b8Wzm H2HBccJaaXwuWQEPMsQ4ZZbtBNf/cxr7gYerlzE7OSlPBvGTBFFlyQXsahIN Jhq3s7Rg6gPLH4SWad0TshI9WCntx+6UxhNsIGMie3vx+vzd27NXz6zHi0Sc gkRVYBJFwTbcIuLpF2W2QY0SjWO9mt1hI/ArdSqtfYb1TLijMr39ARDNFc1w s8n6PFpJD3zWc+XLju/2M8ufT1+LtFiyQIp+K5B2CSDiq8xpYA6bJXLB8djG rRW9cgPIeHSvd3kJbMF3YqW+5HLaRHMzyZMEjw/xpSAJoUBFBUPa3gGuntU8 ToH3IcPI67Pol0v+CTxjnaflDz0SniavIvnI5ul5t5g8Kn32eLff44NEr5M+ NIFM38CqEu3rvfsGWpUBv9H8Td5da4nov+Wgy7IsqbgT9s9Wg2AVOH+xyPJb rPHk3X39I17e+g9zS+ct5b9hq90oWzV964AuoVfClpFZI57wg77OlE5G1WY2 kOoszCDtD6usc6sh1xnrmXdnLvgKTDnIyeGGUoMEnIvGN5ftKIYkIXnETFfj 5BnxcfIA03ouepMrQO2KcqKfYJ6E0RSiwB7J2nhPyrr74BvJGE5g0qk7BD0O r9xxyN51O8y+mi4uJvb81d9O3zw/fXXxFuvLJ1BH4gBDkxMJpap9OV4JEscG qWbRj8hq/ImS+vQfhDP57uTke+5WZIgjS9qsVpAx8UDdDmtXYhZKm1MmRWOy 8aCc6o52GT2lnXeamCoot/++5+JtyWx/iIrieEo8l+o9XAInFcA8QAWQxkqH ImFOSuJIMne41NolGXrLu2+7/Ydh91uDLujRvUt53ZyqtTSRg2YHmVBBOOOG 9xL4x6IZUjxVcbH6pXAkGOjFhtsD15NPke6vgROmq6cjk8/q4WL5YaJ4aKHY 2DuCx4FInQEIi2eEzx+dU2P/v3P6J3FQ4PxiJfTAJP5Vf3mCY7VgnEXRmluF e1bXO6j9kxQuBcKTIs44/KgQxBot2JE2vSG6ZZHEpiPpUjlYvBlro0LOMnYf btrkDM9pdjEd+THNK/bhuXpd2UK6lhlvUDCRMaaBHzH1uXng4lgso5UuSu2I +CcdPC3BLKSYcpV+d/ykZCrlRBILapCRRDN7TVxDjkZZwhHaDHdkfLnnkE/x Fqop3RY/HOM/u0KlGtM8+jzoBDTmB5sGVeKl7jJ7J4m8f9DIoO1LHG51Q6OM acQXeyEwmLSfroWqeGe5eFIKB/6h6TGIjf3koNC0ztv7zdCuAx5ClOADJ6qS yJ45FmIoyPszJ7/ULEq+69jPRaYpj5N3ouhYPJ9b5QefnCUKJ5BjwJj6Xy10 41eGCU7BnwHgh+xWwi9k9gZYAang3Vu4CqZhWWwospSD9RUhYyPt0wTsgGpO iOMZ2SNAml1qjojiFvdMiNMUPQgAau8OUQufv7z4Vbou22m+3R+W/KfluFst Vz0M+WijQmjtRosFOy4vBEMSN6JKqBDcwU9LJJDW+OKpRY03L8RKO5LroCIw OKEIwcZT9rTFE2HwaI5ZtdP2XTtTVyWZKQeAOz9xR3tO8NxT1bkV4pApz2Er hxXoq36fAa8UDq0GvM+JtQ9VDImnqc+wU8lOYMjnrKGs+LR7qau32LJaJYxK zfdioej3ABiXbWlBlTk+OAisTDtD1CyH4FKZvZ3h0PtKgYgIL1mXUKzLW1zT 0ZV26GXN7ig2q1YJGFDKsfV5z+IJ6QV03amkmvE9ievMLBU5FulZ8xWuVrRW FsTsXXkRUQogKe7ex5RnSU1aewWOoQvugkDCKmGMK0juRNrnLudZ0C7yWsaR KoCgPr33JWRe/DRKPFtPYJz3WxAM6Gn80Lk+OErdcSfinEg3bQ0zYSnAJIML 91da8EPregVn7UjIvoLZv1N6cMkustHIxJmP2MuwJQF/f9aqJBC57wFF4c4+ BoUoAZJdmBdLgZWzoPzgg8iBSZp8LKb0yabRgUXzgDfozADz9cVUKEgMMqF1 VPrej8QNCjN2A/Z4cPVWzBjlsRdOfhogt7hXQNNx9bW4R7uOU8DxFO8P0lOc SwgkWhJXWV4/TF8/vw8SJfaz0ZCCN1icTaa2HNu/hdE4cvoimsswIfmUoH3E Y9rWb/6f779Znqj+TT9CeERgMGRkqbGR6/UtLBU6Q5MAAyUyW9elyjV5atOt zieLPuiK2t5q8x9KPGjcxzogtTuBYmnjKcJs4bUcWd69r9zddVL6gfRVTzs0 pEZEL4htJoqy03Tt1TBDGqQ5ffrXkoIgzgj5JxTEyeCsAhHKUuohPa031ktg +ipsaOGABoZ0Q2mc0NyfMDarMODxrV57/FauVu1KNQ/F7+wyWuNOtQSyCdf3 AhJWpfm37HLgEpGI/TGEpTnG+AiNtyb+eM2TEKZCzZm11KV86SKVbrgJO/hM GNMPSQ0AdFAfHUeQyI094844R7dxn57Ip96hL96BkpZZqj6n9PHeHeJ6BSNA 0VoHxuuWiugP3L+j2DR+qvJOIVbyEWdVXBszWbiTsZXJcrjU3QngffJd85bh yL0iogTLs4KTVkDluBOSZkRaScYW6UWynOK931Bn1UVly60vvVh3v7iwh6ra kKBrfvLlfKZs8xLi78jwo/OdS0ORagx/2X/opGiYj1LnOirpLobKHqVISer2 tuXjwHvI3lO7Lzb48XF4O7Hpssf6JnnZqRAjiaMLHvepnevus34WcRXKmA1e kVs9f+5hUTyQk5N3qQvt5pqa3d/ckmE2Skdfg6hlywnWFhe6ASAlSx4lk5pJ Gcq7QOdzdppBbsoWjnFWy/E8iyxWdBaDhkco1WbZnMAmC+KPS2OBaa/vVH7z uXYcbPeFomvUTxPIXQmSFZjrDHYtp6QuBm8Sx6CVX506M9MToYHhh8hLtiks IouVsOdk6zBPiQ4dtBjdSx1v/rhcz/RUWSwUllrlxB03z6yegthACKHda5n/ DQUFt9KCGMGVZNUGJ7OUcp2N7UJyq0//p+PvSo8+o1UTTH5L7PNE+5yqy3Wx 9TF3h93dIKhjAyIHqwsx8kiC88A+WWk3QYpNfFxxV92sRzSuqNWmSNBPEM5u YIHVqmkVr77abXwylfEvX2igyIUIwgGgWe85dmvq+XrHufLov+hYRhcTXwO9 fWl2oP9r3rc7NmcgBXfIV+13/Z104tJGYhLaw9KhpKrfWPKBwU5B2w9Sg3ef rRDP4paQT8JqWDxmrLWLLIygRs2xRvoX4cqj6WvnP7CLI4lKO0ShbtiR2f9z YirBfzYXiFh/+tpS52z2m/fpPeBF/Ww7fbwAFQLyPnSSAqsQRi9YSI8fBR84 2rQfto3vWirz+D0lgL2Ts5hWBSQrVA+KmJzqtvGIx0zXLAut0VKwNbMhTkzM zfHxsadbzuakRMtYERngq+mC5TBFmcSoWCkW3OpQ+sZODMBAUpzErn6nCGvh dfO/ieaatgYMTIqIY3K3z+bm4H3R0Uy0rf9YLVhjx4nB0Ff9XvWhxWDKqAi7 y6QYJ/1maI/g5mnTxGtaOPHV02ld+MYDgEPij877Do6Ikz5cGkqAvbBRuLt5 zHQGaPTmqAchN/338pn97mf8rjkCXbfj44bvJhzhcj7+IvhyHvMFPqNzop4e tuv336NYHAXHMh5uqf3uf8PJKekourQisN0l6BUcgecUAijFoiQSDPHM38Kj 7pvEdbTmS40Q0V7aJ/ydl+JvyCE3f/fL84r+C//39+ZZhzo0Gr/2f39vzn+L b/j35m2cWvP38Pcfl+7/8n997s/uC/n/xLk+/vj4sXsmcxGXU9HVv2PK4rj+ xRee//L4JP7Pq3P6F4964kadDJmPWhnSj8r/4lHJmov/8238M8UBHhgVMYHa F57/8g5zfZpGfZI+zcBr01FzJKH7wrt3k7l+lz7N0GLTUak+bilG5+dG/T59 +vTNf5xfvJ5dAfaJJotgK+BH/WP6lBi6Ll7/9exVfVSie2R2kt/zL7x7Nxn1 B96tK6xAtqLTFShWtFiBn9OoJ+68vjz9v989O704nRn1tv24JHOrGLe2ricn +ag8Xzd4PqqUMvnBq6PyeT35Nhv17dxcBd7np1sd1Z1XmuC7P794/fSvZ88q o9IEl+D7IWDdw6Nm59XePg1e7tZk8Oqo3/MK/NFGfZtPtxx1LKdbHfWHNNcp o1xTnteCoyQb9dyN+qc0arWjhpcDtWYa9bm2adTz04tf3j395fTFi7NXfzmb 7BaZwcvVDRUSb68726/qXC+LUaPgOn/96u1ZUx9VPct0COzG+lFXvFtrki6l 65uPOq3QkS/0N6wL3KhdeuYvp6+evf3l9K9n7569fjVdAY863+Yr4KVLMh8Y NCLWg7PK1bhki0BySg7KXFoGIAT8eLexNCE3ZAMcg70Cfh6PxzY2p76yNhlI lK0U1kuRWETZxXAgJrNbKhhqtx4QtfGWi4BnnNXQI+a9kOuz8IJkUd4pmPSz vQqVwoIwAkRpKZkWuX5a3XS1aa+jSfwz85wE9x3py+zmxoH5kQJE92WRpDYw o9f5iqyZr6KBvDncis9SM+hgR2FHDSop3nraL0ZXcoWT8B33W7NrE8w89SCJ Nyr6+sQfGW3X5/H/f2wegsyE8Au+8zkQbgiP8b2ZiHQIJ/j4pPj4RD/ub/A5 V9fORppcF0pGZegr11sxNs4f+FkZ/OUYG2XfCGLo6FevpMyV3Wre42Uca8kR UJxySrIF7Z6hJymfyaTVasmnUDpTQQvastI0Z6FzGMpKdv4XTBs4dWQ8+1M3 OXbOe0Aynu5AXFKG3l9TSFQTbsGlZeOzlc1gsL4QSZhwhnr2PIbsPL76MZ4B RXc51xKxcFltCbsRsU67AxOjpaJXvy27Tb9CyVzilU5cC2QHc/nO0//Vgywe cAAnBVizuZ9FQwt6tUE0R1grKXFHK0Kj74aNRc80boNw3Juzp6//dvbmPzh2 87+aVMHVoLGkD3FOeURpyqdvoSPL4sUfa5DnZ5rNheZluGznwS24IhisvO2G 6r91A+iDpXxgle4iBEnwZydzrB5NWXnwciqskc7R89NXp2EX/ft4gY38p2+3 bQr/VBhN+AYaMkFDGiZklNiflWF+3UJ23Zqf35y+PHt39urpa3JnuK5b0LMa DGEOxlvmOzYvuyjIgAbFbV8YbwzPhzBQ6KLGCWQCYo69VDtR2aDVxe206BfV 64YDgdADNAakVBONylpL6yEoshmHXho+kVP0Fkg8Yvy7/N2FBaWQjAJQFOq9 k+DBhYG2oRcZatcpsUvI6/1HO2O0ySRdFnm1r/VvtBILyo4bX5XORhAtLqjV lEGOVH3M5xgMIxprQotGG43bgjfCZlC2hh8c2ZlvuEOFpR+GJYWTDrslwVw6 kg7a/bG6zBOKIHnm449PHkc7sifOZddZl8bHcLY7XNA6t4kSAMMUCYV2suBo hDuoEn/TZH/r6hXxJMt5cFUAhTaE8Jq0hG99CFa4w26nHQmvDlSZxVG82Whj oIDlg7cz6UU5sdKaypYAlEOJUeBBZVlhaTgug9sCxH3L0AENb3u7IIS36G2c VjGK0Zv+spcuvy49Xk2swnKGjiVwjlBYbogbh0vn42QvXrxdNJqbsiBrzt9s 9UGqo91bM3EgQ82SpeJBmYms2s9OGHnbMfBUJtTbYOmNa6qQ2ZS5To8pig25 H1vlYcBjSNCNTybH5CWyo3HveELS2DPzPqahZpuUgw+hT81m5bThaG7ae4Jw mZn5iB5InQs++8jPP4+HyQtGx/Ss9aMmVarOLl/jlo9UfPnWhgj6wqXiAuS0 bQltkMxnX6mgMnSS6pdVcF3DYbiSzUd5OAqFP/amseLdND+RJs7vYfUnXoxn pbweRjCzQpo+NzyNI53rk23tpPmovW6Ty5Sq0/MXoIQgyVriypMU7I/snfKR XRQO/iKFExd5nII91VqYhTlWmNQqCUcnGFntFFO0qvf/jfgTE7T/b0keIC22 iRqF05cK8JPPudk2ZxaZ/41MAHW20rxan8D5KXOy2EjzFQLIwZIEjF7PUnby Mk7kQ78GDJE5yA9sNaDRMznMvlswNVm6BSW1paRslxW54iYky8yQiLjMH9pe WoFLDyXtUn7FJBsoLNhQC99JXu2SK98SbMJn8YQ//Lb9SPWfG7mR1KxRm8bp 70A1j2yzAm6IlsATeTGncMGYpNxGCSbMjq6/H/qIy+6mfU/tR+I5vumidzAi IAQiBO03ZRzmW65cvYk2PnCE8Vu0SIrRpP9OzOBBAJ753NbRnxyF02Jd+Tyu tDC1rNodGM8wlSiSUW4RLwGqoAhhFW2SFUPG8TnKVKQsYUigIc/FIIWLgWDF 2xUxbgp9g+7fR2QBR22kKdymcR2IkoE+83QKQg2svw1ai261K3oBiv56p7Vs 5qq1gtZgp6nyND+uPDC+xuutlfRfRtPhirue8gPodehUad0/YT6Xw9VyQ1uL 0DKOKDi206N1bPCEuZgEwFHDKlp10UmBENbX5nIAEruiGxTyQtaQhLDtiPC1 yjlsDA3LTgswFAQpp7Nni8u1Q9Lr/pa7MERT63rHPO9JssMB4oJav0s63eBz ljMp5oW87VWm6vAqY6I1sqnxcyZTel64NzCx1/Eosq9uWNY4QHTYdTDf9RSQ r8P+evDlP9aKQsiE/UKqb7W6JzIclO1d9SBCSLEwB9s+T4GcKNjtH5Dq8tKe 0SsDI3IrvSmUkpBT6M6RFa9KkRjffRc88+UoDsiWenz47ijkHgmrRwrC9okh UhBFNoNu+1+H7mDd5QwJmR83yvSXRoQSUbB95IlrBK4k5X449ORfbnqmreaS kC01XF3jeq66/L1kakXrl0WGw0nLPJqyj5M05eAkgTP4XMxoCgnUphvyznJD i/CIlORM8R5bNyeAH/kWyyNoeXr0ggiM8vsHzY6FkAMlYhMBmCn9G6Mw6AAI EJDQfYdRIyg3KMDuHcuPSXHc9fDpE1oOQMNRFHDJTNSwPOJl+EuiYz3NXpM8 vjJ+6MFzbqMyiBlg/omhd637fJzMYxKgIQtZOstYC/UN3u+qzBxQFHbE4Zam EaAIXUGz4ZUnodHUZzO7zpCa/FDh5VK2MNprX9Yzar+diZGjFIP8vZx2Uc6W q94x+bcN6U3jSaDjrfBLFiSdUO1Tm63j5hmk4ThEfba503BkNMviG5HUDq7d nzDGdqgQeL7VJNMiPkxAyVddt74k9KP1npdLGK2T3fAe3a/HUYxOjeoaOJXF A84eSA2xTZfthjTu2hgaEvgR4K7U349AzKmKkvk6mQrab37BI8skzLWjw3m4 cH0wlX8FmcR8utHm/m3kVj67aCzxrGWux0ygrc1h6dlGiiO7vMwlAC4CZiJ7 nyjzsmPlsGnkbQrEfnrqg9XEzv66dvTZ/nPnLDiOHs95GH/wLg79jn9Qaaim 3B6JS9Y+Wq4NoMR5oHywaNhGU52ZJChvSm+GYi/KbPyYXYJ4pKIU4hAZNzru EV3vpcWivE4hhChJtK0uG7CwFuHl+k/NtSBGd0wAcVFfC6b/xGGMome1E1I8 +hk5tnS2b6WsUdvfGJXmeHdgVxfUABQnWU+ICFO/DHDzmktlbEN61P8wFkvI QcmytCve6WjnCAKZ+IaXXOqaPxehBk7rZdDn8P3xNw76nOVaJjmBUpLni63p xYwmwE6uBxOreZP/vixN8JacdP6IdmG325NpGLKlcQ1ZUkjChdjPtYNkKmcH H4Ck0HMCwdRAFvbVTBkMsz9wXUp82IRIg6LZxXtIf6J7qRuTJnvNc33k3ihh UrXnLWyltihpTX3tYGiNRE+PWV121JQlFZySCwc30NRmkTJzlpHqwWlebgPT y3MsZt3hffak80yUpVC2qkD0uajJ5oeb0G+jj1q94CWJeJj7puQpuBpYGkXJ GNftnRgEdzRPzlYEM39VecCTh8M4Zt0BTEUSwT4j+zP5tAi+v4Aw9Zf1JJAN kHjYSHjb600Hx614oRS+2nWetn9qruw9AWJVc2ZlJGzEYMSR7QHrDNaOhDZn XT+xH1iMVc0Z1eXM7c+N0NwE1FVjKae80p56qLaV0q0R7Z/ddci2i8lhCiN/ w8XQNKz28ssWVkO6jdEwSxtF9buHnX/kQ0/iqgRTOzfxmsebJWW/UYg1dX1V f7BS2Gp/M+GAVQHbuFqr5I3zb6xLNeSB1eDpEaIMdec6hZ49fUW0ASoFzj5S xKqDtXb09OwRCByl1x+TTz8/11LZGQPHSf+FIxZVNfiH0e5vSLFDm4AdRkoD uYKzVHuZ9JYCs6z3IHzYsd9okwxVryNjVCxrrgxVzcQybC+jieu8kklULkhU jjldu/fgB1U9P3YZk7tUdWj0DhUc6xwZot01MQl6kvjbXObRcBeSRdH5k3Zx 3U2arpH2SK5JtDF2xrMlyIcaZTHowbhZr5m6hmugTt+D662SyznmBdPeA1o+ JqmxwmTj4toUZPIav9APkvWokpLUJYrPjIyhaA5IDUXqfiWKmezkanwPjuic UhmzNtPu2E8p9REz55jQjAqs3PvMC5y8pQS+guWFyiK/pEBLQZogVZuSWg0U s4lyl+Ay5du7gPxDijAUuy5eVB5DiI4UFy/dZ/N3RFEUvlB/dONY8IsjlVsC 9diBKHEdXGlgQL4LTMIu3qRlvP1ZDaB2tRcnugj1WDQG2jFnDPqeVmFqYDf/ Ht2Q4YOY6zWra+dbidx0MK+ixNVx/1g13Bc203JtUMC75R63XY++FfrID5gK MQsydRY6pyxYI3P4Ox8KcL619HkR3mYvthDU4znjFpLdvWCpr77mle74BLop UFOJ/WTPZb0xmqL0UV0XQmIM14hia3qfRIoHc3vFEpwiF3kDUnT+RctGiqdQ rJLebryP2ovAj82m3/42Bia4MAX2njBZ3dTko9lRoFn86+iPHXZb4MziBOIL 9Pv7n4I/J9/yflKPym+fPPmTpPzsMsxKO60TNONa4wFUcF01GuUGUBF3fDVi LRcC1YQvbragCdaYzog2MxxYC/nv2Be6eHruuoxq1kw6bn7/wwkd+L+aExNf VNRP1j3lN/8FZxxULwd65mnRM9XZtLvVDTang8GSkmbsXo2HaxCFOLLAcsdc LxW8aLSoQLDj9LFhMTkTWMjbKOKVbscyKon9R0+5pD+9G685xCizphvshJp2 cXtJF1lV8xsyCEaJN+a/5OjkIouGg21lzA9syn2AJlq1MkgjrFNFcRlhV2zW ruRcryfcmhsxooJFRcpQCGK4CPBJlkbb6rHpsXd2x0LcjIBrHacutnWGiHBm igZSGatV+M/cQkhjpaXTMC7U0g5YrqhhKR8oXtBNRlixkOFQLa1AfQ7Sm4ba Noc76guwdgHcaA+ufhNb2PuCsJlgQXG8LAsct9yFAzadrimmrw0l9km2MqQg lcSy5ZQdDDWSKQf2mWJSplBwCR6891Z2n89TOGIjL5X8o8HdWGBgRiZxGRio nV+f1HHDJWTSASdMPIkzfh4YEPbWbm7kZeHuetvs5DBv5CAt4jA16armox/b dbJn4m0bDruVtWdDEOm0FLOV6+AvX87rpd1S0NoOVAK8WbldHA9hel9HNbfi qClp2dpjcZ7t9FK0HZtn6bjrQxRa232XwwW3xViuLbd3RP1bWC4OoYEC5smE wRpeArLEbR4HPubSNhS2igdx4HtNYVF7JL27ElUctjNrlfbXBg60yyo3GpUb CnwoA6QuMMuRDNGR/eiQkn1BKPVBwRg280Yuk6tTOC74CMGNU8yVT6QqMxYK QDQJ94q5cGLmNxzOTCdaLQpJaZXmGudaK84B75e+FdbSUX7g2Dk+6X5v/l9I PISwhinWmjlwngSHjwaaZ0bNVWGlKOg/+GHKmotmaLzLTFiFs8B5S9JrH9p7 dtuQzkS4gykRlUKe2TQ8L6Q/U+T8pIOkyaruPlugPYgzmWlM4k9+rtV0vqdF UTqW0fVWYbbsbDQ5hVOOx4c4xKY2YuEu8rYWmW99m0L76Wv1WxEFdkYZhfsA 3Zq+XPzp2dNXAQD9VkOEGbWG637VEI/ALjGoE7EVOaBtgT8J1nI3XRovUihm xR74YasXtucWO2R7rTVz1a22yzQzrB9rFZXJVEkh9B6SrOpu7zbASVP3F5SV DbvCeGsTGWceQDAgnVvGuI7a9K+5HriZDmJ0FtqSzkqpN3sVWjAV1f3owRJs h0TttdkEk9LQUlPH8LLjDl/SI1h7aolwjRbahaqsLO2ZLZwaoBXei7pR6o9h Hi4UhJRsM1fvjC3SJc0XPyQPxew9Fy/6AJEmTt/x8ZwUIqZl/q8DN0910w3T 6XaFyZpfTJe2RmRtNpaUPH5vwsCDCVnYbQZtwr1KMiSmcTS765KtBgIDLJWl VZ+M5bCVhblUe1hgah+64O6b1vPYeszlF1QUPoUe+M0RfFj4nD//UpJAKMew iCajPWthrWEVx5GU8SLooiJFfpdRBcEI51+nI+RztEiCcC9ZTVWkc0bhnkV5 fdHuQBdJyZKomgQpZHSngzuBOpxs8GJkIdPUL+uDVBCpgReSgedaUBfnA9cu Xh0JEYs4Fl9Ugd5BakWKZqlefKXqO9lP0yC0MvEt2VOSJK+zE+ZhWLdpMO4z +FxKkPgo4OIRaEVZ59xS+0M952iaTteXJiMmlDDJuA6oVjRsonja0QbhqkBG eZOXh4wvGZTPkLL69HU04/dLRMuKPr63+LW4xPjCWKAZeopnMIdoRpaHNEjq 9JY6BmVWiCN+LfNEPMRETgQRv1KPbjPleqZRTlh+dARAnI4CvzfUfihYVjPc OrOqqACSa5E5FBLoSVY76c81mqgpUMqtlyyh8YeNzu2+QpWt9lfj0E0wuIY1 GIjLSJeQkVyVhITgNo4dutMQczcwc3gZXr9tfut22w711N1m7LSjNKf66HTI 3eIG1R6iWU1yq9Emp0QNbnPitEiWZh71+Z2yxlX2pOnzOJBLXqX2IGwraqhH MAcoUuIJpOhM9Lo4hsXVDUNGfk24AwGbB0532e+ZkA5KRJs3JQS6pBR23V2H 91C8HAIqfGvK8L4DsrvMar8vgDI5VkFMYm57nI8ucED28zwlPHWS4spuIkVE Z/EgpcHYXEORMIqa39dOCSZnLaZmgGG/ax4kmVPcyEIhx5Jez6JaWWmP63OW F1BY5+B2hiJTPld0VJdHM8RWnum0lldfGgrBN5HyPWJcZ5gqdq0gjw1GHjs7 juskJiyB0oKIrQzXmWaK3KlOQYDNUkDkJpSmEO+Am4BreUGY6hQlkYlE9zPe GMHoirFVyX4yCEWfO9N2I9ySoWSuL8smkjjSjzcB+m3HERQQvyvVmnL0IDHa mhWwk7BOelX6e7beOKhK9SWH9SmHFDxOgPNZaXucjtcfO6iRZr4tczrHDhBK doAKWG2WEiB/cEgQKwmJNJMkGGwFQQUkB6z0mOisIhQy3HXWQrvMpl1YfjTu XLumwgjX5kUEE8dXGIzgU9aJD5kN7H4l5kKjhHu0bsXCmiU7DROqSauaV2oc 3uQ1JlG2P0+SsOhyZ5fc8rJr5zsagMwFpIFBGjYcOwg4nu5MulC1DZ1qHSQe vXGxTTIM0SCE3TkvszGAiWAnGxOVDZNLE9wY+a3uQyp8C9wMh2of3Z+3WVKk oMKZPNyllPl7BB8MiArJZfXY6kLfuLl9mPNvub9c/ruZndimIrkVx9CyUUMx ajkbLx+PCWD1zDNh58XG/VhsOHHBcp9h2WIu3O63ILqYZKsFDRGvUl6Wks2h 4RnYw+NQzhF9EHmKVbKQIZbBAJx0iJqiN1qlYjcPO2JBpozzsjh5TdpkceTg Zd+KUzCYjDPIaSX4WBS9igcNJ3BfYeqEi0K/BO9uFOdX6XK8AAmpRJrz2TIy prN3dO4ajnyROmuImnqKdLTsWVM330wSVUM/itNsc6pmnJ15W4qNX7XPSok2 Bb/G4dzbDZw/lrqhzTp/820KmXB+Lh5rF5kDr83VBmhy0pkjWsTQmNVAJAUq sbpPufuuAb+0O3EJ2s7MvNp2cisEWl+5Sn45MQ29YPIIrccqrCB7QWqIsFei FWlFQ599xWTkb7rV+/VXNPJXuJTybw4c4cATl7r1Nm1MEnlSGp7Ko+OSPaf2 iuYi0V0F+M1AopnkxLI6eCOzZtMJg9Cm5Z5dZde6o42PqXVr1mfxeiZVWn81 7r5NWyMr2ObLRcuXrSfWLxECjQP0eLde4oMlZmzVFThAjrsC5PRMojAuXHg9 x9UIi0BJwmDCdGEqvFRHvrq1V/AvRVXJWKpdVQetkulio4XsxPMraY2KHEqV o8bUqci/05RHbyRd4L7eFj9Q67qmRYv8v96ecoBRa1bWUKqAm0wB1VSwvWZz hqcXh4NwIys8yuanrbQYsiTipIwdERfNhUZL/WpP6m+U28M5Pql/5ppth4Nj lmfJqVYCqyl6G4cq1tQVzFnQZrWMz4jmZWXTdKe8FBmursZuX+6b50JVcEbT vKB6Kp3CwuEiit0skdWVvYujiQqqPk5ZCXiivcAm/PbxokJyyiSkhGSFdnXR fNiW0AwZmZQXe8wj4/5kw+iA0mUvsamUZNCNrq9NiV538kTOUiZRSJC8pWwx oam2c4LEdo/flPBsUjkNIcvNRlFpWt27twlwS9vmzs7nNq5uuGZXTkazJ/nN wpTqF/D/7w2kFfuz1OGLKC37yXt+20WN9JZJSpoJc62uZkaQK9uPKiMnEcdV 9CkXNsi72d/IkvH3IQnqjwWiq+HvMcjF+Mv9sh833vdR57OfMZ9KWzC7ePQk vXesI+CMM2FBJj6xg8p+MKgn7e1xEaQXnsNFYF0aukwHAi5Sg1YlLcMuE4PD 3sfVW8nx47Qk+5zt3obq1LdkkKM/WjxVLpcdbZvVb4LpLOh5c1eTCkm85y52 WJSj+9WN/dpoeO3Qp3TKLtka2EHuVJd6+AF2jj6An5svEk35bJMLldqFeRou 7rGA3LXmIu7tWGCd3ggmEYqkfKxboPwV3dlClJ8Z9zgZAfPaQdMMRAeEXX21 20K3du8HCCzXlqA2C7wBHfiV74/pD/62whTtIgOFX6eyuir9TAmht2cOO9Lk v+a6xdGiCwtgkDb1EEUuBasQywTNJ1T1Hp1h5l8kjlWlp37gbR5+FzJLGC3w z47+3W3vPzZcCmaChIopVanjD0Xse6lsUdAFN76RnKhku6wNzjpNJ53vQTwY SoXFI74jlD5xI0UzaSzpWLUZPV4NqWZE5fMomxrS28EHTtBvF4pKU9RF8LHR sKKyYxDZRr8zVV1QXTvf57JcUZYLwgaRB2vOigRP1IE95UrJZNhNgn1sxb3v UissCk/QXxcSlAj6+87aXiR30bOBaFF1Y2UjlgNh+nebSHILzhxrpAVGe3bH Drv2WvTVOHa3l4k+yp2gw91yPyxhd/sYFifAIbcMf9BabCGxmsVfXPbrNRsL aYlDVGB9l6g2JXyahyJT6bYiH+XXNMH858EaJVFgf9Mhf8ZxOfJdHECcpS7Q gOsD18Gxx2t5iWBljNzkObv29leOXUaR/PLiV0w1h/0xXi9MNTtZd8Nhz+ad OL6KnZj4WBBW+FFgsO8ud+esJvgKYAtOSnrEuOc0U8S2AHAzTLPfWuyETnwQ 5hhoppCHDCWtJx2mJjHsLPrBJRRsFqrRGdh6kbLddqstx5SDByGjla9laDys wwg45LaP0k5ulKPGYeiyAY3FmzEh07mZIRxdDW1N53GM+zKNyWO0BRqo6Tbt 3dhpvm1N8Cauyk+gFY84SbtPQd8jK2oCb8C0rOkR/GQSLvtUR5xGQXBIoJ9d 1Or3Yt+F8OvdsHUCnkINiEgY5RxYidGJnuAvdztUWVZIpFvu+odiUWY8wE0s q5a3tZqrWnevKTEC5U3OhMPCJ8BeDXtrCtR8+rpbEfNf1uBwFJrR7vO/Pzp7 +upRdMn/icqBTr7/4fffCRIoRWassmEjM0sGn7/0QtTE9+kr3VNfhgiTCkin aAgEX8qLY02/8t1zn59bDcCpPWdLZL4rrmpOgt8XlF1SBUcqSHh61jzwJOn6 Dn1EfebkVwp94SKiHx7/8EckoH1JXtxrvk5kKuRVdJf3Wb1ZvzNmKARuXU3N JNhcZcMAS7NGcPVc0nB5B0vuq+4KF40dkOWxmDVjoNc3avDtOlUAqR3MLzXa Wgltcu8qQ63ueuRKsiq8FdnbhFvi4u4DleqGX5k6l/6kUqoIRPhjs6M9yneO +YDolARVrobMyVhDByky3bR7ElAjKFf8sTQoW+odSo9RK5CMPwXCwPltV9zU fEirYdOiEOg+ODIyDEEfg5Z+dH2vx6JD5pnQQ9Sm5u6NXpGtHwZmxiLzb5mw Rzp7pNJYlvXuBGTTWIjBPHaiqFDSCDaPn6M0k8yaA7S4N0NOOuUr1EAZLP1w sC0PnEgCMNR6paJu0/N0JAGg/c3p/Y8eRzlP/3vyiLbGX2+gb+LwS74ta1eL vuLSkeIMCSBc7KFJACDkj1vY8w5bCwu4BShrynP4oZRPaLhz0vYAk8mxa9Im r5YWTI3RrS16kfHipAinY/kbIc2VosPWPD5LtB9l+BvtME8VT+MNIhaK9Yj3 TogXxqE8CrISzDuA6IoUksCnX9WeLD1Auo/IYS2UZww/EHXAqdaFJ7xJlD1Z /8EdKQR9CEg/rbTs12fnsBCv4zovynlfcR+Z+OddV8UvySm/zF/v8t7mumi4 pnqoqDQsHc/CFo/2OF83hKv86Ag8ZntUAirWSQgqEErxfqcj7J9F8lPzoTTr kjXvds3cOeqfpqjHd+xWh+hQ3S/J0vhdLLdN975FbpY/I6W86nZbw/HQMH9L cRqYKV5lTOq6aNir9rDZ35v+J46LFcd96K4e7vbaWmHbcVEi6fEcHMaRDSbx +e9uN8j7iNQ4dl0QVBy9J7AhGwvBW9uwJWUKOcWCvIYTMe5M4RRr1TF0MUIH LBdHJxgbRXTgS/EOKAe6IF9WHCiME5bCYFXPuqYcBSVHmkb4Uf17R8KDLLkI 0qlllOhU0HhqR+X8SvOQCMcR3CG9ak9SwAXMhyM2HX/49uQkCo7jySRuh3iV pRUGGyiOBCJ1gxd9l+bIwWTHOLTu4iWREP2R5zyYmlGPfDtRBMzafbl4BHu4 Ak0ZAe9zTXzTKvEjBfoQJOQxTEmNM7PmAoooMqSRMVgFy2PdseGRq3CrPthP RmVmFRIVCCDB8qPc3YSMdtiK+cc160PhlZGgC9G7EsGfu1iVVWTjyW2XJ/DR +xWy+yXxQF+zx+6t5BbVPFCLVERnO46HW+B8g4EMU1MdBkQJOH/CI3MYlcdy VCAkXJLtOrunfXY7fTx2wawtY3wt9hlZhQCx+AeCZ3bUVoGk5XpNgH3WRCC+ QHG/a0hjXXx4DL0wx42YzO0mr/siTWIC0IoNyDrCVbmNN2ZYc9MxbgfUcP8g ehNvtkIRyDhwMxhJJFH2oEuZeAeOJ3zIylY+ZE92vVriJR810vZvduOnA2lH EJGNsN3SBREKmzAj0hJHpPlaNsRhq4zJcDTUdnTIZhzM5HiI0iH7Kmpe1RpZ MDGubDTyzDqWcKP5ue3WsS6uu2tibFn7bh6eiyTH20uwLpGLFYQ6SWs4tGiu WESpCLzfluYW5CLyZDnabgkvSRcj6sxRVs88oKaHcKFyWbgDSo37nCg6WQoO 43+6vU/WgnOyZfA0GxJ/zkAKmSPC/D8gSgJSkztmldEznn+tCs6sbBPfaYEn v3KcaSZfPFedKCGG0AQ9uI/hdEyOMDqUl6oY4R9JQJR+RWbysQHW+YYZWekr +UlI/bEJMEKMsDEheoNfgWTvxMcRia+x4pprqhsgxqivniU8fPYiI5eT0X/6 DZe1ISlIDph6SSBzTyWNuEhW01fZyJwJCkUtu/6653IlZDZzT1CnTnwFCX31 0Eak+Qfn+Q26pZMXaD73AqH6AqUVQ2OnubLriD2VgnCm06b8qijBK53GjCAq dB5bCpRdqZNDmCNNaq1g3uR8GpveSe5kRjjS18Me9Dzlpif3OC1ekMVjmM81 8ZV7NsK0hF9yu6nR+3ZyI6irxc196XWmPoyCSS54EPES4YHnFyktdVckeqU2 PYnHlAcsMJtJPdDJi24FADrTqiv6tDyriHbLAKzilVTKL0HIr7LtyWegrbLu 02tOs8Zs+pyFXvacOyrCVGJAYSkJAxHeIs1k52S6xE6mchTAQy0y4/aYql4J h9SvDvF1Fn6q8L8xVyVEt4VNmjXz9PgsFs8jW6w01LXsjYmfRQVZyQ1d1qAC 2CETNesshrCIkkxPiExPN5ftlcIdfn3YExXJCN1Vii9hvcmUFA6Sx/aSDUCo r9EHwEP+kv3Weyz6yhI/hM1tyHyHv/WtKsPgIsUpQClmJ2OMNZY5fY2SlnDX qWXAOksGlwIykp/7QJWYG5Yg/a3ZFy502ExFoZXY7ocMCxOU4D5NTTNAycxx H05n7EeuuWaUupmyaLhVtnpadiNdHcdey0TjgSNBStQqCL6+0ixf9O80ao8v iv5nwXPDlZaat73t16719U8ZTL88O8Vm8Wpjy3BcUQNBIbMG+L9PX2sIbUn5 YrQj8YE13zPngX47SJPpT0ZGCVxxmjIkSUIDZ9lpwAgr4byUFJ48JuSPsdTs zNw0taHEflKgJrMYF4FwZXTqaZY0BaoEsYSIsMX6fLR7dHKgpBZSBba+m39f CV9tg3aX4GZAyQDkU8B+QHVRovzCi7k2MYGpUq4mN1t7vpkLOfMOtAFK9Hfy zePHAV12jyXhCCECKaz0AymOX/n5D4+5Sa8KWjZC4m/efx90APzsKPqY9Nd/ JUczPpVi0gjgj2ymyqw5wAJ84G28kjuSd++fBHlPgCeSlOv8HDWcLXN8IhPj Op/4YDztG/lrkL8+4fpirHkxwA/8TWFOYKUuzdbKdQ36m5Nvvv2m9tiTb74r /v6EDvaBCDrcWyq9PX6X9xeukBNroajuNzrdcg8+tPsWpkZjEPbfbbNzipk/ 1gVzZGqImhMkzoAm9lrdx323BRhIb1sc3t5eV3e4kxDC0OgKEBzRldQzXbDk Nu3s2Ma+vPiVp1ceNKYOpdG0iMsUukrXTEeQj1u/D97IdMsgVegEkhi4+ZAg E0mJvpSRLjwq6tc4keaZfP++OTqPk39mJdG3+8OaDn1cGhXHUvCqzQBfoD0m /cqP8uz8RTbQ+m6jYwG0FXdkxfsrjh2VtB/Wd+9kd9/hJSstOcLRF7TjeCSl kZQvb5lSPcEjDSJOhkp1cV2bCjC/AqPD5qYVMGCUhSFytFvFCFLPrW96eafd GKL0sXbpgiWXl6+85yKRuDa7fvzNZjgKbgcBaD6TzFztvlF4IMG4CQGQiIdi Vsamo0QWipPpY9b0K3oE15IqEhMiyjI0SuW6TwgGCsnTf5DwfPzHP50gIE7f ffZzc9nvDeuHkoorFzhMSPagD5Iw2dauoEr+MZqvZKGNKaWfpqy8C43itQQV uep2zP4T31pjiWoSLq0YnfKjwomFBKGjleC0mtoFtorSy7E9kOG8Z4jmceri XSTane9gIzDluZsecvuiI+loJaMtddjkf9sYvjqej/OFetgzfS24oCrrzzXt S5AekHmC4bZTJUtF5vEo98jZ5W5DtGHVUlQAF+e1dK8EZ6RisbT9ev57Mv2E fACvEFWMksA45UA6KT/BZqsVwhckLMYifOO4PP+B+4IUyxqhtmmVOm5I9lCS qPEXkjJWqZB/R4/mJDF+PNUf4C4kD4jKwS0PDbO/3+Jsa35SMSuurxUcXNmX PKylCYhyocOXLXRbbZljnmBa9vC/XXZq8SDIpHwOCjTHTzjVOqbLk5mgpsiJ hIu6lMFoOAeedFZlQlEiw8eMq4y07tEK7dS0Da+hHFb2cLGG42QxuHGZI9om mdPvqQMorTH9w8By3KrOc9bILu1cjQLYnVAmFz9hGDPPI0gCSXWz/LMEUj1L 25nwsuWs6WKzZvRXwbg+SEJFP2JDTJVzqw/Lh/x6LKPaeiZhNVywuhmGURj/ /Zk0XsttecOUpiArKc6cNw6WhszzoSPjtcU/fjCDmnxZm2b4C74tFAvdPKrA Wykd9EK9fbiFeLmFIsUA6MnTFooqPuyhSzxyecMltRc3XbaQjqg1j5fKniqw /DLLEWnERw6RWjR80j5zwrjp6EO3jGf5RTdRnTir25QdYT1ENSMOsZJKhjMA wsK5VBxadg4Hxw7cH8L/R5eeB4TlTO72urvrtgKyI784Z15fSO3r1oXLJeaC egZmPrxIvn3wvpI3O6Q8YA+yMamM7LUWS1LMqELIVPgfxhlbudotlPKu6gKQ E+3Mf1SK6N/tj77DdMiwoQL0IE6ZuBBbF5FNbmH8CDVB1RkGZTHMbEm2UyFn Lw1qwyjE244Wth9v46LncGZltbYeI7Mm9+dFRpDV+zNJPVsrlN/gv4rxLVlQ PqioV86jTotyS3HaKInPAiquYp3yRqviA4Rm+pXreETjr5UAutaGMZONWgYe MlOVXRnnTRDwVSArRwaE/o69RkqvFvBjBzw25YLJKrcgnXGqOmJI/IpZU9B4 eI97L5KJPWcfh/pysR8yewQQE8jTTNYjVZJBqM0a48Z9EoWmDtJxHd02Nfp3 r4brmgE9uPlMI86Alr4E+zgtwslKVzBRP+yh+JYRPkZ32QWUtiSQaLGwjSys W1UExhnC7Ootz7lOhxaiaFev+QGDRdMO/tZvYWliWdYWZUiSUMj9jNZ1Loro 8KC3lypMam8QVYW9BEwObp6ed6enpbyUfgi+HT1ZGoR9OFhBQD32RncCfbiu UPuKyEGzJ1qDDYQ6qY8xi/NqaOpfLJBlQEdCqG4kjfv86cvz5qVSqUWbgkXK p69Z3hJn2YMadRoOYnTdyQl58Qv51w/fPCafPt4mMFwNjKS+0zXFJIzP7ag7 vj5ecJhMWP8uhqH5c39t33nUCOWTFNZpsi2FcimQrYC2jpFxXNxWCkXeT8pc RPsTZ80kLCI6ZOrwUirnocl+nosG7AQmmb1LAFwUJJ349fvDhnDVEthU2zyu On0DhYQaUqdLNFwy0736nhTW144tjkz9+qAMSekyHRzKly82J/XlkUH7s5oL gfsC5XkZT8eHfr2/WUZhKf3g91JdW+lC2V9vB3TDyd5c3mPT9rdjGv8G5STa ZgB9hRGa+cP4hQJUbNGsbRyzm1oLbsxCFMLJDyff8CGkfz158uRbIMX3raMG DP91GPYpBy0N67SQtaV2NYzxprdQuIdBuR0aWGyH4KN/XRbn1exhPKXEtc+m xYWLD9GH+XRW6EUheNJL1TPc4YdBLqmq7bAlPtjNJk5RQXVZ7Y42tj05PmH0 5D/pSYeJXZRjSTAYF0E0uaVC8/u6N05KIA+S4fyfWlHm62NRRJRkArMzyBe/ U1znP5k2p2q1HC3m7MbpepFO3vQJc+VjD3xCg51QlM8Oq16Vm37ATlOZkbe4 q9OBBEq1pmNPjr+vLOwjsh79xXBvwvdH8pBKfhAyU8McCwQdjvzKIL20kFy/ BUSLWnfq9GawT46CdqM7eaU1rreZkjT5JtN1oYxrKLIOdb5eBnywfaWAumzA vBHctwuSFXFLw/fTo9kAvwdZJeXUjQiNmRxmKmCjcF3+HqKIUXjEJOhSMi5D lsWQinANNfsxP3todJruqrIbsvNqUcovSIl8+tqcoBRb+ZIfulyKW0JkJH/4 059yBWyddvDGk94HtA11ez/FSELuInhLlESd6dEMX5tFPJOZFL46F7zwQZq3 IkCKrf1KZJkBe9OVq0qySaH/2O1FWnLUxzIqfz59e/aOf5oQ+t9h1JBfY0kQ FA3fmi/VXsGi683L56/0kb2jIxYn2s1oKpNttWhlbHmdKWt/U4NN7CcKjYej l+dvF27tnkyF1f/S6rU2CioxLZI9p8Vhh2aurEbknroalxB+Tv0GdqRDIMfi fPSn4nb32gw5Ycoq1yUcnb94RBk7EYSWtkveAZikOPOkk6MdEZvhKFdU5REx DiaM7yRxosU2Ek8y+jcd18tgMf6WBckahdTA/MZR0yfJqai98ouFe5U2e82E xkvuUrB3jE7iz8/fvEQs8N3F85dnb4SSSNTo2/+XvXdvbuPI8gX/z09Rt/sP i7MAL0k9LNvRMUFL1JjRssQQ6X7s7AxvESiSNQZRHBQgiaP2fvbN8z6ZlQVS snv29sb2jTvdAoF8njzv8ztHh+9e/HD+4u2PJ6+Pzo4cJJ+X3aHwFu83OGxf XpgQF9AFJkW4ToSiXHfp4jg6XX0Qo+HRydn3Oyp/89z0Kv41BSsp8poQxXtJ NB2nqMMiq5MULbwHS5SPKl2iEQCOPK6GChlOXidaHVtD6Z5TKR/4llJxVDwa nnOHFemkyTJX/1pOZyo5szpw9sehgRQgG/HOinMTaG6JO8ixsUA89R4O5IYn KDqClyqS81poVevZPFkzrueXwWb6wQAVugxcMwkI0z8Udve40DLNA7uPR+oK CZi/K6zyeZZV9brrGXXOe4JLsQh3JmkaNLxoiM4tWjQqpYZMqURq/lHLVo9k WEc75gpL7wtIDwgegCl5mYr2fTQ34wK/LshcDXf78x5FElfsELw3Ar+1nMSQ QPFArHTpK2AUdt1oBoSG+LtOsT+hxwA9FnfGlNY17Vez6awF5cpIiItfuJPx dZP4kFMkGawm5UzHSDXdjZCxlnWm/RwE1MjQ8JPhLpKy7JARLDom+CFDhtbw XXrfONbQs+hFaTxbawzfJ5pgUhL2KGJnkdZXf/oEH0/pYxhSLGEwlYtni3Uc FHMojSguYm6MgY7btCjBAexakoyJTFQsSFhiEb62taMcgg0k7lTZ++g0sL2l YrxOOsjUfvUe3MVws+O9+/4JYXBYExmqvwYZkJxE5TuIZimQx1TxYTfstkOg wWmEZcK2bdb/xp0+9vGBw0B7bu76/BRWJkXjKUoQr8qtJaAfrR/6ehQtlRZG 9Z4e+Ze2IvOwnGq5dJKHsRnHyQzLKix+IAIPADyQ5QWdbMIeKG2t1TMioLzc bpXJVPTMuG1pquG3hMBHPRbgm5LPOko+1H+RXr/vErlG9LrMw6Ow/lLj7I9W utTG8UunAlBucC6igfOYquxx7SJeLm1XPVeQmrrWDnIg0yAnRJMXGZu3U4kH 9ptHB8ETgz0BQCYmYf+JfFpQxMjurV5QfuTfBL0wBwsGnUFyko8PppDmtVkC vGj8XCtB4OT5x9Xexz3+DwUg0TnKHSOlPk2+u2yuumhOrMXT0fZB/iRQBwz0 qdD+blkiqSmurfPua5mr7kesZHLLYvDCQUVGwd+s0K3LFYvgyfKev+C+IkOp 7qGty+ZD41MSreODcmsR8l93swJik9RLH7/50+G748M3Z6eoof8pP959XQq+ 9rPXp8QIRxqx6ISgOYfShHEEP1NvLAvzoOHO8SbivvafQb6f5gboddJNzCAv ssF+SUHvHyMiVPF1ucHO7MdHZ68oyhLfXlRcu9nmhqELdQnkz+owpsJOcohk xVP455r+HxfOFGbpVpCFFQq0xhfVfGziV3ouz+GUPpDh2X6oMRbx7g8QMFvp 7uFmOZuir/b39veqR5A+FDWS1d0OJoxwplC3SlJH5u+BnPomSHRSeoVpzFq3 JISD/V/Tz7RFLTW1bShhSB4ZKJzgA+d7/87SlrgkO2CWg0w4HHNbgQlvBicm f826KR31dy7hzG+88hsvraMPkh7hcRJoA704QNeSd8usrV6hgj19jSiC0epb N6A/H3G3WUw7xI+sAW3WIgYmVZTGmxsUD4hOHufhwQmisJIRcAdQKhZ3jcHC wHMw4JUwff1+krommUnpbxgZt/kAyVZIXiiiIDOIuS0bq+mSZBCdiomIS+o+ dMOXDIQcBEEUFQKYz6bDP4BvuDqI1H9VU9NCrd3N5qN1gKFrSfJNujdBx5xb 5MsAgWE1E+oxQn4VGCZghSTuG7BUm1pDyjQuVyXYmPuT6mBSPcHoC5dPaK4N 7+rZdBL2n0wn1eO9KX7vGYk2Pv5VI16sxR1iLAjZREPpJj7taFDT/4rmJOHc 6xGYqIgr/lt18H0c9W8VE+Tfqp+oWOp74B9/48bG+X/+Fv727RT+w//l/kfh X+7zOF+UunGAap9Hqp75caNe/OzxYLoKf7ePXziQb+4/SX+3/+zx8/yn8Lt9 mu+JfPPxXva7va8ff/1k//nB4+x3NN9zXedB+rsnz/b3nz1/trf//MnB14+f f/3N3uP4u0/fVr/PrqJat+tF84ffnfI/sQFU+uz734ENSSnfPVfacJeTaO7Q tbnepytUvz8sSTTSF6fw1JbUVeBPRCMMb+R0t4ysJaaY590p2jPZIZQo2y0a zhtxyg+iT1RnCCkP+mPSmrJPhXW0clSdAxMnKdY1iHw02lD7BbuIzS3rxs31 1yjriGQHbqwKe1oNLMihmZVpNqREypud+DZlFHRwPJLYOXvFX6GTDfRVXi55 3UBrhXSnuMNmFTUdfrqeF2SMhBu7Wm+Yi/ZqCv6teolRugDSnAyYHh82IZAh VwKzvPlYQ7cM6MgeV60aqdosvFdJoNTwBWH6aXokbuoNEYVKJjj1l42Kqfxi pCmd3ictjfkf3yv2mK/2gBoP/j0ytP3Krph/R5HOP2MHTsOKwOsEDeWaKlZ8 qiPainf5se7DJE88l3fl8KgcsTslU/ydQewbv3L72DtL4wwKS0RJ/LnMsn6o aU06RUtpnYOJLGNzJOhePcVwS8g04hMp+EmABbNIXIKQ4GH22NreKN6RHJWU y4hf6TsH7EwcZb3aLAkWPFkwpmRAWJcAcgdL8SD89yzLgdMG0nOyr6LDlDNh 7B5vSPsCd+uHljpycp9UpkL4G2UGsp01a5L2wNsABqxvnayCOtBy199DgReV u0i8LAi8h5Eb9KshvpcqMsmok+C6lrl8JO5R2S4r7llEXiZJWwd/L5bP4OHf RKU9XEezMkokGtbhd6ChiXEkuY4My8clSXC38qhIIJh4un/VLjTBbPiQiGK4 wzTAVlL1fHDfTJc+8KKT1QB/g0oDzJIzIIm0RGo4vS6x7a30BhR7UKvQ267e eVAnpwV10jgIVsdfbQBUabMskAi/oKRVFDntPwgSZFWd9M0mGpVw90BRjSgA 5h4RVEZdO/tZFO5bxX/CRZ28hDNau8Kbie/WWjwnfJs3HTzNW8dW4NKAxjNW IYwN9ejh5xxlQPoSN6sDRwrpqQ54KL/midlRtGZwoJEqrsoAp6CnsyuTIaep z3ZLKub0Tt7pRlFCljeUdMNIBqWDk1/YSaPDedaoRmJXYKc9Kd8FMQeUPZet tLNqsn3S0WjEB2ouqCkb0dzHtdVEK/Wd8Z9C9ifJJkCe0a/tDNMpbxcbrEIY 0HGw8sUhJZs+m1FyGKFk+b5Wb7wGVeAHOscTZhCffu8VuxD+b/hPGH6z+hQq +QSUtgpgS/4QzbH48av2Y9wjGEPuQxxCckdBy310sAOfw/+enkqLH7SVHj3B v4gX7NFj+uZLF/5JHdFscT16fs/3Hu3t7u4/28NvFT3a6UDFr/gx0rWfcGLb o93d+Ndf+OjAjLmMuqc7VjFjCqdK+i/YMK9N7XZBW+/uTXm5Mhh04/TrKMfb /hrzeCDF3XWExufjel1jQFeq7SdBQewJy5D8EdYWkea2WL2PXoBdgP82w4Bf B2qdiNXnkPule4oMOtUQDzxLuf43zpfHD2CqApC5mrjqQUOPbA/muQQiZGeJ PHEyJqwBc5IF5e0cF2FjjyQ6f1C3/zYER/cMe1Dwm4IsfLT38TkA+5A5GNX1 R6nvZYf6LyF/2YflYbMau3jAOJbHpDMhE+LRnySju8EmVVHhqeVVxYmGBwsM SCpSXZcNhIljxqg43Bet1ppQj8PWdCG5C/ERgmQRBdha04J2p4JoX0eGHlvt WuiE/O8QPGw+tj1HdigrQ5ydWgoJGcVff/P8MTK4nN+kxwf+MRSLj0gCcsDo pu5/htXsfXycHKzmHmtGAIZY5LjwnxJj7tfiaccnzzwYv0GVewOGp0vrm6hi Qr2YqBOQuQYYrOKFHlvt3qVfLaHeum7LEs71a5f3pZPjScujQ1LhEBBZyc47 32ceRPF64hexxSzVAPRJwCAJpmD3D9KFoVDKEjmvWd9dgbzUpoIaQKEnqBbx Kr5/Sti6TzjoNvGM7E37FWpkz7lExL0pN+LmCVUxHpocVLuWw5HxzCNK8ATP 4YyxqzIH2tjSp0QmH6qDRy04nRtrNCsVvAd7QJCD9AnUOMClLYNkQWmkJBrR Z9Yc7EHnQyzRXXW3jnxoXeRdoTTz2wZAn4m5V+Nce4K9SyE60Ls6NDM3a0pW IO7rfVAYqKMnn0Qut926Xvc4XXBTCEfRo98F9YWujzMruG9EQufmQ1vrY9jF /rIaIonswPY2bed9guMLg3DFio0ABIgGOHWHgYL5ccVlG5GPH8Q2so/r7+7N APgMigdgHyL534LgQVSwV+rX0z1BfAPl/0Z0r/Dnk9+E7kHKGuWXrkOvf8td eXrfpgITocc5H0zq9xA6SqTPJPWifq27pFASI8/bRTFSyx02wQZZN5W8AqhC zTQTFkqTTNO79WK9mM0DMpZTUr+F2A+aNH+r3oATf/Q/f1PfY/Gv4W8Y2vl2 LOZzX0zIIkOgEsTZJIF7bDXqMeYs/MiOksBNHGYfIzRgK4xvSofZW63Xfgwb 5iB+zbK27hnGY/ikwzyGOFqzXt09ZDXQl+0uXQ5FlQZ62RaDDO4VY0pnGkyh J38BAFKeqWI+Z+lF0Wvpk2+H0W9LUyD4gjAV1nowL3UYjkFaZIKewoMAJIKG G84wA+ERxKSx4C9oUvJbeyenqE8PUlOkryW1KUP4SNX5kVtZoo1PgSGQv4HK JuFi/CTJ+RItL4MFQltXuAEWRjoDI3jtFsIe2L7XP3+nXqsVowPkrdRSftAz OAxw8vgTwCFz5vyY2cPMJThrsm88mJkalJrsYebAfQbK3ixT+S2LhDORbiBz 8XbRqBwifqZo0jg8d3/hUAmZ9QPXWpJ2HId7KoUqLnKCxMZRf8mdVZ+E89J5 3LD4F1RaByVr0IOThfgtpc0nqdhY1mWQvd4yjRsjA1I83+gSxHwDgGpwUYeh A5FSquw1IkQLa0DA3ocgLbtY6RXNWSQSdF7oFDg7RrZkCXGo4aSc9SJoMr6H GVcGp0nf3+w+Jbsoj1slsUanDx4vU3HGSZhi0Ka/Y/22HIuLRrOc7ShVPi6Z zbnOIKI6jsbhmcwoEt1wAnOitih5JWI9QrQhQVkHz0lhCnGWqoZhYUwODN+7 OMtzzVznorhMvAd37G2BifeA11V8WyFk+n263hFFyAW/4cP0oqn1u7gsiRHt 6Pmk9zGWexQHeGTpMi6xICdHXXfxTvokwoycdbfwbR/T/TWHWQ1P0DhkvjIX Bh+eIavKEqImoifcpgra5r0HNwsWkhWMYnGjS/ifhQbC421xfaLj5BplbOQs ED0eSO8KsamFeQIWPqfSIbqJtiOz3Nq632q4p/03Ep0Eop7kItRnsceSffse aq0HJkHOyYqeyVueteYayuN3UC/m3SIbayIIvwTyCoMqwJrgLC/qO0AUQrGy dZnfYvyj6Im+Pwry0xI99o++HgQz4jf2fruAxsHek18f0bBB9FiTFe/u7nJI AzVooTmX/MmZOqJKj5+ZKNOiK+Dl8WHpu2PtANIdVvF9rSBCSD9Ibns3vOAk UQ98McKmKRlGQL4oPRwAYFhN+hjZSsm7LOUq5l3eGRj0Us2cBwECiK7UyGWn PTr8sQ9iPLNxIsRGQ029onbc7xvUSy2+JvuCqggaihY/kgwP7+YGuxLHRSJK ZIBg8s1N1DqkkMu/Xeutu+2d5Bqd1gQUYOoEWsGuSBsHbXFaMJeWd+lwTZl8 7vHyMc83PZHmCulXZR/YEH1uCxsfXOUvhXWHbWXZrgYdMLKl7gZZ0oJ0bWzq RnwP/Fez60601JA5gq5wq5IODZi5CJm+qqkyK83Stk4cpsmQIcXf23KTH2ri rYzdwotcEhTOHQ4R5u288kg4MGQK3QhBK8r6H5ChA5QyU3EAHWMaGZqP6Wns Vlmrj+ywXNlHrRnXnJ4ZROpDmpT0mJG6UfrbrrJqsxtXG0klgZW5Tm3HAKQg dZ8Oa+My0hncjabDQyoh2ZnYTFch8iiwGiXc+KUovk6m490nXyEQBd/lII5m 2uf0IvCpu/crHljZmhWkrVNZmwF9pGabORFJxVdRw4uzVqGwsuntz+QKWkjO wj1qhe9uo0xmoPWyRAzsY3CZkcz374sNg5zDbrhLbU8IQfMtC+Oi216e0iqr NsxBURWg0DLvwNzZdjnLVJ8KpaLGwG6dgvBm107NPpAkMblQ6CEt3Vi9leef q7TiVUQYgQzeFeuYfKhbbEm0tE2b/LhHVEal15QZQO6rF+/+enL2Vgo4RNPD F0rKJHUyxmNdW/vTn5s7CCAg+CYqi0GGPnzxRxQo3MVGIYF3SQvMd/kb5L+I Ipi4fyQxpmhr8N/+AVJjup+bpf6odZ9RekyV/S3d7aPnu7uPk2PQ5Jrnll3D JQKELZ6qn+llicqZ0aCr5Exc+5EWm2gkMfwLrxMRCkicel+JJh8k+fCscDg/ axJk0/sG8hu1KWlkRLsbDv+9y68tajPG6tSljLIKvRKQ/jDwQ3rfaiiKdX+p aNMfjpYl0Vh3En1MHRY0DvtO1CcTOG6opUPo3GsvoeR1jb9olV8XMNQ9B6Bn LxFs0c4TmuTQZYezfKfaVRo9VLZlHgJmU+p8LAxKaOvCRQjg2rll0KcoKlbB 47jN38h3oA6VtBEFLoU6IdZ4VO9b6nCN2FpzSd6kCIpfzZujP5+fvf3j0Rti p0LTpa4K5tvJ43EO2M2FTTHm5sKm2BmiWtc3t5QbeqElmNPNsv6AeB3tfL5o LrqP4IjK0f5ThzXehgs1UsfeXIHDNLdHMhL8a2d7YazUbpubVpULPkqY9JJ8 KPGQonIczxFpH/qYa29U8uBipxoGkcwRJKk2hgdl5X4Rz2gBmq/3TY+OWICl FCiZgRwUfSbHWseqI65KLflgAnbnot+M1RwrZgA1ZRJ0baizmWHPTCqtxYbG IeXAwiXKU0jh/ZIaBlLdNSrvcwWFcJnvvctt90UcKdk/ysOEO14NI5RtEMbE wrPzytUtOWn+GmS2BVcIS7ocuxlygmZRkW7ZKylkNAWBLNFxVpjuu47aGmLF wTYMo8U6KID6x/SQIS/me5ILSzSr6hE0AUcda8ddVxivPefrmrgml1h1CZYt JBgev/mXiWD9kAI2goesfHDv4/6MslRBFmrDzkKv5OB7JZelvaE6uQacQ2Yt FIpAmZsV8FEE+MTAVLsux4r4nAVsAwcQsaREUi8+1Hf96Hmn7w6F2RphO6jp fVK+e+9TNC0kJJP0biEXzRXqQNiXsLu87Amoak+EQMr7zdOkbSLci6kRmuCH qD11+NregYUUF5q0in+y+3Ved8WthfiECB8eDeMlXVWchPEYiq8nGpu5NoBj WOPFwQuzwwL2qN+Ohx4ywwJOHxmIPyCBBqUjcIUyQ6skJEH3ywX6Jwo7kSaf h4D22yX9Oiw5nynUm1ZyatTHk9pwSBMK6lyg4GH5GXGXIOV2bFlZooamPhln 5G6hD5kgDNoQGUctzHF27aqhxJET7RWOVyyDnF18CR9qgh6rk2K4CaiKl5sV 0ky+WyveDcJaobrurkPnGKJCtwXF0isBmi6vScw53uw3An/paDs+NLAuuPHH HaF7chnQHRWrKxpXEMSvApzfsySY9e7oxds/Hb37K9UlxWGB0YNkSikQJIAu ltSjeEaccKYyA/sfT5EggleT0s2yuU/pQGrlY9IP0KEHYnq4fb8/4TwLjeSE gcVV/RqLK+QW13gUb2zkdG9B6oAhLR16JVW/a6Df0u/oCtRvLH2DOs8nQS83 FKbgmYJrNmfciXG2WoSnOUx+jLxWv4kcVLQOhEmfYWcCVA3+g0A1IKAJKxWl 4NRR18HuYwaRi8PuP0aE2idPnplnKFLBppe8FjoP3C/BFvUBsf4ItZA9JvSl 39Zfsv//UX/Jb+QNgceYuUL8LfxuWFx+aRBqrscNsUwxF6gZXfwUi3/3028H E2BcoyyU77rPed17krymHJpP62gD9kjsVo5/pbE/h7jDYTjp1Ix5tdqCBURH NiOuUyUfmiS5twPqYyS7TQ+LQ0RBa7GAn1shalaT9d2g9PzTJ7Q2pqKY/PLL JKqsAq+cTCVNqW/iQd8AiM5AHO064c95RnLeiVSkO4aXkp7CENgvOGC/LQDP Qxm3mzf1Uxd2YUo4d1Cqeq867PvvBeWhetU5Hkw6LpvBmtVE2IxioAWWhThq MlEc+BWcTbSsIZjmur1JQxnSQs2WIexPP/tEu1mYjQ+34SIlcVg/LRouoS5B CvivWUDSt0BLBnImKz8BMlDq6n3bLTSnEoJrXK7OnXaj+QveK+AW2rQUACNC 0a5hi7G+haz3FaHzI0u+zA7v1eu3fz6P5tzZu7evz4/evXv7DrseW/+FHtZH GK28lB2PSEwyL48jmAUC+801x4erGgf/AKoGBdSAvwRVL+4x8xjmJn/z6RMi hC2KNpN0Hp73byOhD/5/Cb1NQuv1ZWLaXYfKYRPabymczMwJ8l81zl8PXwTe vQSfMesL34h+T1FxJQBtSL9fRGwh0XHZC3Jf5RVys8HSXUwmD7RzRT4kni5F FYin0N62rhM1DfPdaEaJtf1LY/mVTEH7KGRTfmh7LoaOhyndGbdVvMRzyLfH MCFxVOi99WGZCn3BaqF0jY0rsxwM5NxKovLbwaWDupy8xENv2KT609R0JMvU t95B311Q313k7Obj2x3cJXX2kN+OOPmCd/LtujKuch74cA5L2RIxPyrCxoMq r6P6OXAYcN5X7nIBZ1XZ1ob67eECP9sC9+90m++BzXFSrXOZSV5tkJeJ25vA gkla8kdpRVwuMx/vuuh7oF7s2CrUIfVS3Ild8rmSbgItIVf01tqTkuh8jSdy d08ACnhpuu3fRnQ99nmb/yggFHQQaWydPjvWeNRZfRW3f/A8kURkiqRSyJ/q 74bk88iB5fmfg5dLI2ReCzcrkYHRqqRO5ItyP9nJ4TFO0+RPzr8ftoJYW22R qEchgRhv10mgfrRaR0+couBRyb6t/3OTRGCdzwdMgg2FirRflzmIvurlTe3K 0MnF4RTgqSHl0lG9fa03FKLMLCOfsnR2qJMBkvTM2+52s9AKz3Hy1WrIoewM zuvl8PPHszsF4nuQZ2DLcmGSWf5bUC0hbXLWbJslJHDcWSkxIDn+5ybOzdRx n9LSJRhbw6Qj75RIG1ynDwmP6x4kcV9drWDYs+JaQ3mteEIDv4YLDeMSxctj +bjhQfm46Y62ZuIG/1OnbCZuE/HHJPlwEj71c/V5AFa2WOcOBx+JLcT5ICq5 gTTUzJ0gyxGHiguABBgmDeimS6v7JOIhS8saFSQr25b0l59xGne2NL/g0vzo zWuHn/zRpwTKbmIXyYFIFyayD+Z3raj0ZtnnBvu5lEZNRTPFJmiSfu9xTD9J 7vuxlrzWK963JsmOf3B1IS0RkEEKv+Kc4ZLsdLkW0MJBuDiDtH4BYyb8+3kL icmoA4G049QOEAgXLSaVxEumno05/3A9yXvJDQnxKpFJQAZFt1ptNI0z2ewD WVRghRDcRJLc5VUNxrfwiSa+01i2Xul6nyeeUFqwWWRBM5X8XNRZhEK5XrH3 KFfeBdnTnT6EnZMhlC8LGWx4SIECsz2/2d3qBUQXsVnWKIvGVAZCW+zJFOZs D2buqO5LlEl6eTphGWSu4zWNpXt21yODkVrik8B0zVhpF3LXraxlbNfm8TQl By1FvsswVBBc4KtFzwMsyRkRi+6qnYlZjX+daj4VO5gTihpke+d2L6OAU+tr KLHFflWLu0Gnm9r8YsQ5XxCtEe80g474Gy3i0+8zR34Ip8aScksyDwn6BPXs lMD0h80HhjjWn6YU5l4dlqtsAfQgVKbiOA/VemBVaDkiPhc9C2rROXzS8tI3 t8ghLZtTJMGDXCfD5EZP1himwCIdwkgN/ejZDyxJTvfSviEoaXGx9yPlwDm4 dXBhbfoiS5noYNRsLigI21lEDTCuVi0hC0i2Mbl7BjrbYVFjw1HucdjF1xZS ZVwdPz6vAxvLc+yglAHoG8CH+6Yc8cCY4oUgQZpKFAzYtU7umcCiuZG2IBRy IFLLcfxaQiENjYqxKJuEGK4wQD7SpfSG7lLFLs8pSoJc0N+Co42k192Tb4hF qGSE4fe9C3bIBpRVZ9WOhSgbBDpLWNtZOqf3MNJag4u+1Rl7yUqssmAb2/c+ Azb4/oiUgQx5O6hGcmwX8Rq9t6tbjh7XLqoVYzKwJ/DfdFXUFgXcDyS7aoMz BqvN943OtZNd68IG54jOPYeh3zdu69S7Klj1GvKPD5JzTV2b6lW8pNWumt22 5sRrKU84Q6AF6CwNh7sAsLtj5xekd9DZIkMinIFDQDYpuR0hipD233Ina3ua UbPG3dQOqy8A6TMj1hbEOXdndm2YTSMk4ky3aK0ufeXeRppSO2suVdN93haV P9A8waU4Yz9kFQ6o/WifcAt1Up64qPFJnD6gdytq0lPANVaw3FPEOR2g5SZw p9y2JEc8pCh6b/aaMFjwPEqdGfcddqj8gUZlN+9+kkwjbt59Sb7aHyRf1SWI /8QfW6vB5nF0MmRYEdPobwbX4f79WT17o47X09t4uvzZaJzwj5FeT66hDw1/ a1vg8GGO1i8J17GbdH+YUrOfpdTsF/kjivPfEjzWfKN7Kv48/O6Xo8XeD/wK be0K0K9fCvxKkLE59OsXAb8iFE4C/SpEpmcQx17NRw/5ID8VOFdwhS5nUWjf UlMQKPkHSJhhRg98A0psceoCkNP1QyFn95+PITpplnP1paBN0uyiKmGhfAlq E6awVH8H2KbJZ+M2Tf6xgZuU2xWf7N6ThDgTGEaQ67fwS1Fy+enUcZIkMF47 e49xX+5G1Ank+5rFxioCVL85F4RaDw4mDnfj8eHE4X5BfU5+IxykkiRwqEgF xKovwKti0OEtcFKfh1cFkMgFxKovx6t6GNbVZ+BV/WrGkt/TrwHmbYfBnmLy ByJNryFVYz6WB6I0mjgYmFAd1mj//zZiFahG2zCrzh5GLgpYhWdT1ps4HHbq ezAbdlfyhIulnqmyk1YzWX6iyyXGn+4WETQV4nFWds6W2zaP4l06WFhTuQaw kWRQMwoLAjS+1wawvxr4UsYyzJMh8CX23mD9QhXiaEqIIiEoVbkGorAykpYL q0qvw8oa0TL4JeqyzRK8JuDzibb+exv3pot2Voc1uIQ0jDWkDCtBOTgd8Snp q3ZbYwe7FZTpdNy8er5ZaZqpf7W7lQvirprLBduHDe2HdEpxCeLWFj4oXn0F X+u/wlI7FshNFXcK7SumsBCpeV1h9m+4ibx/w9hP6/bGNaCKIkCOMN7+Fdhf WINMfTYjE7qReHwko+m6gy5xAc403xHHpWUswT1xCCLJXUzA2qN0ZywuiqfP mM+8VnSSS8lrYUJgc7RJ8UyqdwtPl3BnJnqogVdlnjI6uQKAh1QdFSMp+L4k DXxuB87LvpGaYgVwHtIqLIPrsAIXjoi6/M/4uH48fHP4L0eH3x+/Pj776x+O py9322Z9Of3PTTub3tTL+qrhEJgCv/iho/x8ewJq3OHr6jKqnHDxIuEy43t3 WCOqkQNpS0uSkceRkBgeILw6lwYvvdiOIAaqg26WLex/hThPgPQDsSypjnSr poc4Zz8o/W/00gX/bI7h3OGMqZSGg7TYB6yeY7hwHV9ct0IGI6gF5v8Aqg6y /GQFHPu+WnQXuFLsxQuqYbOaeqKr+zbqG0fQUQyz0UDS+m3Ayen62T+ZrGyi R9Onp7nGtEdsRpydDiW/E0YW82bhKb69GICzYNHc/jNhSgFIkwqMpbuw/1bq YkKwCcUi8G3gBaeXv8wqcPEcycHE7YKZCc0zVom1WqFJyIQH6zO6MPm1uGO4 +6RpcPK6QcuMzIJSCpmaOC//I/IxWBIfASG+OdYN8vzPfKMJYcpYycVh4sU6 /S5mZXEyFpVu+8wr+FPkeN0NsCvq1MzeJqhV/PHHozcvj1iVs3n8HEHmEEog 3ZUJl3W/5MAsI4FVg06+F0a+lxAEgFOMv9Mh4NcktfRAz5DgCK7fLFqcyx8+ P9H14Pq9MiftoSj8PNusGOazj69KQ2n4KLNKkZY9z+J8hxlZApu0NTy69r/I O7on8+uWimuP3CChZIg3B6kpSTucZdEGEMCoXGAHugbFuNxXHJfpsTY9QQvG ku1JmsCqqcVRWpww4IRJzGQQe0WeB4h6y2SPE0o/cvcTvH+Cz1Sa//qUsfwu syZvtslhVdyv3ySPmeXM/PpNkmoC8kRl/P379JIWPf+5wsd8PnkXjMBDZD2T xAmk/yzlAD7fKBJtnTI36iJ8pq7+E3H1+4bwGgmwoiffdhfeS/MxajKgQJxT Ma/PdwPt5FzHOHfRBP2Vq5hLAA5S/CfybRbCEvhm0wa84GAIFNye0V0Ufoda isvNLW1UxvjlF4a1LRxWjw790ilCZnGOArttFm3V7VZemhDbdQNDKGxr2Czp kaIWRy2D7OEJkdZOtd7cYvu6ew9Cbnx62V5tO4zRs4DYAiOaFf6aYZ4VvoFN xX2bwNHT9EuVE91G4wJ0tmVdRNEJOWbgXPLbkK8480kFauxAN9SXw2yRFWCe oqMCBhhXY3Z9jdI6TRceyTBg41m97GUSLh7lFfJVOJ/SOiVrxehLkVbAVfG/ Hu9X/1S9qf6P6uDr/0XltAyBzmk68ctv0iYMoGB+bFYzidw6lFOO+S0hDWlp 5xbcegDwArUq9f2XzxdzFpeQuMCtLSaS9xSodjBLoZfO5CUCeQmsqyX1t3yG c/uGxDolwVGcI6MBV1dKTLhE3WzDeXs/guZY/BF300PgKNyquFV5Mwga4s/G n6F6sVOoc+2kTp2Yx7Dt5elJAtEQ5n7Xv+78TgBK87KG5ANSvsDbLEbhCKur L1CH476NGOr6ANSDUCDiQHNNvYphbXRpSluibtVGaVovzufmbD03sXreIhz1 3t5OGU/u3t5ponWUQLKw21ueCSWH6aLrHCYYORNFlsVWX6opxsO4qT/G9S+a c/D2gDcKdrJvO4l/r+Dvlfy97RWmHhpNtYtIXNBJeS5Jw7mw4Rv/DnfSYKuD ON6Ux6PepsfZDGqWoTqDoSuzdaJltMbYwsh+O4VNzAH1kQSALM5Rrzqn7EnY 8cEOAzHqVyTpQhATN+x6gV7MBMhY51+2OKr+YYp/cFB4CaUmDD2a2RakwP6d pc35koscE4tA8MDkTP4od+3S1MgsVwdOI9g9pRk5+XMjTwi2hZGxnvDfBnvd KZh8QO2WAgHuTlFPq0QsATlu5rfn7O4+R0yoRxhg8iSJSNOAyiulmPi99HCX KZejPXPdPk0sgFNuIOctUB28pawoznlifT3ekkcFhhNB4afj+C6QeLY4tQb8 LTXponEJ/RqSke7ou7Jr4YMa5E92u3bnoshuyQnFfT57+vTga6CDP5G0RT9c tX+wt8fedcxC4Bl1xUgm9WzNz9lVcs2wfzpY72BLyFHQsbICgnlZ8WjqO8nM RGvlx7OfiFjZEcl9AAH/8TI9fEq4WutPhY18+iTzTWE+V/SvzcP5JtteDoiz 9sy8CtBMT0PBXXXdLdDEUfeLpSyyyX8OBIomDQWVlSjFAS2XgN95AEF6DRKj TTRMEtTXQeubbkOxORxegTLkuXfSwsd7QhlIsgdzu43jMpiSYo9FhvGX85eH Z4fwmLEEdxrnm8IM/JY5kOvT1W5u4rmRo4y84wKwNHCxp0dHwBV4gucX7bw9 X3RQigWH+VQOc8Am84PLQHHlzC6BmgX4C2mXs21wjsUdlx5jcW2rsNT1gtE0 NNTOD/X2dtESWSybD4s7OFUpzS39uooE7JoEJ75yBshJlBaEwuVdUomlAF0V DVOkY7cmmZU1biAd07mt1eJ4KN/aTHwHj1UEQ2l5903/oJkCtkG8jxwgVWRN HP/Z340ewIP264hBSAED/p9LDOq5+t+THvb/G+lhbws9bJYt0sHXfzc6iDP8 mpsv//wf+eof/zde/UHx6ntkA3jvz8eFa/nN3S9tSTKaxyYf16A+yjP4C0Wh mF7pqP0FJ6hKGRYjEu+By1YMkaEJG0kUfLoULkG3P9dOVkhkI4vkiiIU66dn 744OfzwVzC0Kb2B+xppFNS0ucRVuURNkvERT4IlBWdBO81A46UoFIHswydXn wFaZBOTlfzNOASNv77ckgZEp/jejgZFV/mMRQdSyz+fNor47h0zQJcwK91/b /dcpyht+udIvly6bczwJXle/ivljdAHzBrwUuBiA33mJQ6pvVj5m9G7ZalwH eiz4yjT/Wi9skrussHkQ/r2H7jXz6pFfmVRJkac0Dvc8Ds7mGbY+hD7qqXEG L0UPDM/pYmgbF8/rnmNylgZkaKutgXlAua8nijdyPSdCDquHaDKmGRgpRblK ISQYb8+Xcorp+5Wz5XBMcDrCeNG0vkEA5BYSBhF6sPlYg/1BTct1BArS1bgD Smx4esPIWzgGMgNOQbgEVPjNLebx3/SYioOPjqCdr7Hah2AMq/QGwLBGreH4 UrxSW2gifvvgaXqURht69fCtf99/Ao98pR22UjJgF1lcyDpu9fymveIMskfY 1FgpQpIv6HuVfW/EVWghhMuc1w0yfnhMZxi6ZXz6pP9ArkBvijFaQHG2SKS5 g3xu1iDlaIzPJsxLHWTkl4ZqMbIxBXEJXYrC0ThGK39jCaG8dtvqRv2tckyU 7n3dXhAczvCI6hTnFfP6Z1zSBy6R5rKJDHR+bmdWmG7Es+jxBoTNDkZEWpkb rZDm91Vvc+vJOLDm5vKSoBS4RNBURvmyHiK8F/boOITlYfGHzjflIdRjOuIG bbPOpOrlBLFGCVyImnbddQTyId8Gxb0u7C+uEjJ+5J+XdXyid77cFFxfiwWV XOg+cThc2qO9Xfx/3+7Bk/2//vXbb//t2z3zhHKrBBw1So8TGaLpkyg18jeJ x2M2PaZZqRNweINFj60WGy/9Ummh5M9Bl3pchqT5PcEvPBNMzm6zmuL0xyfv n1SHciiSHZ3Df0I9T9/NyJzG1H397QnO6aGDst/X1f4z/f4zcFIns2Fmsxvx WToiQyXnm7yt22iq4FUXQcFobCHCUvjWAkQOfqfyrTBfQUgIks1sB6caD3iH 3vGk2N7Dc1QjcQZ3jGWAKL0grKPrVAsZeSMuhH/ZXk1Lz0xIawywAJawbV8G U4aiOU4Moa73ufPfVS5p0MN07X0ND0ZB2ExnUFwAjuofakna7VlblLY0UCzQ t6wxDJ9znvu3Qi8090BIkiE3BJs2FGUA0iVpfgo4QTo7nLgTpF15ESNHC4e6 5UB7rjQabKnGPRh8FbDdu3j2HzknjiPXVgnvlW83dKA+VQ5IEu47VXOj1EzB JChMl8aPiLn2+Mq8uEnPUOWxdHwq7A24NjXShSaQlWWyuWagUhgxPpOExMf8 KmnRPxXZJfjORGZJH9WaysBGYTDP3h2+OT15++7s/OTw3eGPR2dH7wiwmat8 T3SrwtYgGybhqgKJaOzy0f4z+eSZfY1wByvHBOV723APs1peBjYs098A2rDI MySBZrg14kqQPMNKaRIjPyeHGqgcjTfsCu+Ovnm/iw+e4cBuz8rhNbqOCh0l MyxLwT3goh3liO4mHfTGkW41d6+kIk4y74CalQ8S4gJf2/WuMTJWI408Xm78 l+UebLmITGX2fPEAg8Wj2rdE1a0M74DGmC2kjHPmhaZkBT346ZhLZGuOR25X JZYUDFEntbUoW3LdOLlQTOwkBIxGujFtZZgsILl1MaUa9fccvPoMlC6S1F7n E+sRh6iQaXKZZ5oUgtYPAY5M2oJXI03aJHo1DOoX0lBCQGCg0aXvD5JkcpTP z1s4XI4Ht/jyzBjURTG4zJkxkX64JmlSThLiyN5afYhQAsLI/MOYQx8e3R8I nVQPiI5RycCWsMkO2RT3uvAo6ouUHArOPA0Bd1IJwptj3jJ074VhXBiclOSm OX5A1tbEoiiX3GIbWAW1buOq4+HRSnrPENVH1QbAOqR22HjhhUV8+4A0r8mQ d0+2EDyW0xRzjnartFU1KiPBV/wv70wjKaeobYPnDtv0kvD76hVyL4BsJqPp FUpuyFckIiBJDtmJhwNbnaTNL79MBkgdoE5LQbCgmfvsxpAaXGzEpNqr0Rbn d3M7P1gqJ10ycDptwtZ8C5kpmIB+qF9htRZ+/QfM0EMTxCV6SoFN+otesiqk gYTUExCj4rQhgQNA1A+c2/+s8j+zvp+CEZgix0HZF2gxrHtSPhOSD+FHoOI8 bGMaImVcQjluHcn2rm+JSQ8aEEEBcro94A90/Azb4wxFPkeFpJYcY/gKe8iy 0SR7VvCOrMi+zm4CMobafq3XTEA+AY1nyh6UyCWTCEnZPh9ItGtPCZRnjijk LaLnxPv2ymy6L9VikyFeqQaLhFaiMiIxA9gXVOoTdyBKcPs7iFaNKYMq6VrK QOCKamjMF+oFKMF03bPrZvZzpIR6du3wS0WDhbt86EVuv0VccRi5Qj7fbYe7 nxxu4WRLx3rm/Pv0hmw3kRpubhd31qDWIUzS/mvfZwFUdio5ZYqAsd1o2Vv8 uWluU45Jh051YEuKaM/YFlwF/08BynG9K7QBc2oTkLHRYu5Yt1kLRuMchMYU 0l4VBwtiSxlpQWwJoG/odKg7pOsMQVTVw9EfEEQzwm4gm8Hsemq3gW9LMMzW UAaDd1sGEKbiNotzqefQs3L48zvw9EZGYv/bEFASIFBFx2Vxb+wbpDws2Xe0 DYi56pGeZpsbwE8nm5ADUCgHEsg35yc7evEmGoGrn3stg5dQg7uXzS1HRJMO lThuWygUDpSOuLhDa27RkLt0LeJywrERPlopdISVIP9VNOSG3McTugcOdQmm nIf6483DCFIJAAXuWMHNLGNmzS1RpZC6kSy6RlGiqKG8j/pkXFbcJjW9cZc0 MSQbQnnoQ/pnoG2BpJOYT3wQTb0ijN3LDdZ46z061+5mCZmt8S6WDVagwYGc vTipTuOXEVcBIKYO9vafU6togctK0R/y+kfI21SZ7MoQCApE80zj1yOnVZl+ uMzDoFQ3J4MLmxE0ILpl+Xtw+Lc5Ji4uaFf3XM8w+xGYA7q0r8lriQWaekZh 0M0sGbP3GbPWJNCxvXZpEdfgGqmp/oXFDdJo402GUpAiABqgb4ria5CHd/Hm MYil/t10vfHK39VrRX5dRY0fmd4y6Ve9TmAfwYMJz40AhLOpKV0KMZsyC7TQ HiAExxe3ycA4gopAFmrKeQsy7WB3F1lU/MNryN+O5vChXyVXo1m+gPsA2WK0 U4Fp8cev0KC2Pw6+beWAVfWv8Prx5z1+/m9evto+RLzaNky6ukO5Bz2vtDuu gBip5IlXzOawvLkFj5G+DXW1YVzC7hhrgCQbe9NvEDxh2zDsFsCxotZuOfEO Wu0qspmVZS94hvQTMiL/gAROSJKkkX1i3xIw0xxADiXbaI1L2reQuOF6tVnO uJ5IqeGeA5SSJ/YPlRI0lhhYmK06zg3Q5uFdv57id8ChQXnulL+CL4eTSJxb NOkMQ96S+L0D1SS7D1aaV8i+KYfW/UNMe3vp+VgJzH2Fb3EfLyLXrFeknrHu F1ewIjBdjiDTwSSVRArvwMfJcG3E3LnsYoXPCzNqOGwEeoNnsS7XjyopBXIV WzZcVgs8oriYbrFh3Jrsld9z3Vk2qs1nw3BURqHSRJPN+MY9E2UpPIknfN1e bbpNrwohpCTEV6RkWORyWvFHKRqeT5OT2SDUqv4mHr97vglT16dG14FEu4Yk OE6Q7TcXkUxmuvScX2adA3ixwEGTJTmtFI/qhca/rVZlRUqr6ca2SwlagtOK 0jaSTTz6l/p2J2vXBx/rpDvySoFJ0zwobIyfOwTNVUNqHv3B/7KZLaeo8vba ccip3tFKcMNzsbedlDesNQgbTzWuHZdu33ztckKQ9MApw87BlFFS6oFfA2tg URJgDjRZD0ZvcbKwdbL8/oV1eNGJb+I7MkAuCftF06kEI0rhNRI2VxwpoQ62 uFebGeivJV0Bz7ekMdDAoDHAkQ4Eua9WT6W2H9HLblqR2MTMCZAm0Zhr0vuN C49EFKf+DXjBZukJGTk8vYiUNWTEALCLyBIVd1Gfvj5zG0BXnrBNBzT567bw oA0UFQvOPsqoMFl7POVdPOutL4fSy6LeS8bqQMgjjYJzrgVIL0BiB7y3isGM SHQbYXd9C8M4zYOJlTkkWGV9R/QBQ7hDNadqtFqvUHq+B1aGtzWlXSe+wIx1 uLNkl7KcsghRPd+Lu+x2gt1OyQtA66WTbbYoey0hkQScECP1GsTEfCuP11pz l+4to6Xm7C7r8qtcsPRm+aV6wwSVhZDGN4j4pZ2IwEZn0i9RMSvZztn1pp8E wpGpRxYtI/ICksGVTBK6DeJD3yxqRt+oKvvRH3SiKWp4ODB+CwBmxq5/Yd1W FPlvfJ8c/gw804TiLUB/uwK+SEtwsDV+7oFAMO/PYqAdBPW7wyKHnIbfJwU0 4utVUoeXbBRUD8laNQGyiQc6D8bVHaknMN1NdQXjk8sMkYYci0wfOivLICZ9 26f8j6yvK5ig5KcV6SYpFPUNXOxczEviDMGcbmT0P6Brs43P/1wvfYpbnFYH RD7HFJ4Cn8fGogwOrXXZXNXEzXymBQa62GBrErS+LDHgFQSszo/evHgLnnkX tooKkbORSSFyWhOdpplq2g1gWJB00SrCrevU+mitmi3E0Jx/ldkEeviaZn4R Z0Yyi5oQmI0ucDfwVYbMVwkEIUAGl/GTs0d7OxP87/0djPi8OErhzL7qIVFT oOndAQDFJtCZmq5mZ+AdrwKhZVFtBASBYR7z0mDcHARJTzhXi/xdRBKKW9hL 3R/xk/38kzfTuD/3mSlL+TyiLOk0WRgh16VZR7JlfPt57ox1Bx3fhq/cZd9o TiZdm91lBkCXdInJTWS0DORg/s5r3P/yNco1/R1XGKf48hMUckX6FQhBiJw2 4G9AYy5HNUy8twyBdHR6dMbpEHk8BuP1nAvxSwrLxp1Bkl9nseYnyDrqC+gf COoKSjmGyA29GlwrRpanaUBbvmRXi3SadXOkDHXGCHfUC6jXThHaHgg/Asgc v0KFI3Z+dJ4cFC8fnEu2B1hIvnWkIRBgs4k4wPyuSkMwkB6j29qSTVY4RnLm wClQwgZnnmBwJjlKH+VBwiJZwgkup2eHZ0cqQYbzbHceQ/pjQgTaNHtANQVf 8hNKtMR1G9TZoYsrnkhc8QjX/ALK0dRzDE6LU0Q/aQc5mX5R2nJ6uCbjl6Wd 3+Mh1pU/1KvJr9R2LDF++gD1KvBzye2hab79NO6Z2vVYQT9mKWQrPSyw1o9b 0ccvTvHzKUKuQYoTo0aKkvjh+s6vve11+ZjiOEcfndzQ59mzl/g70WX9AYkl mlwW+VkRcXezJK0F/ZXiOcLhBAKFWyydvT05Pz16U0qS6dfd7ZSZS5mnJb/O eNrTHe6ldRPXMqs1aYPhUrB5rh6WdarRFmXQIHed3BMkvEQVExLA3byBPxbV nAtfKQPHszsslDIeU1q8x0e5xHwsSjDT7p2z96B14VP7IyLJYXi1/y7QAXMu HLIi+gvmFL5zLdcKsxIg9RB4RN6sVEOAxXEHfe2wCxfji0g+7pr/jUnoo+py gdVtTd4NY8uV7ww4brWV44YtHHc41f0cNyFR4bhDmi5w3KdfznFT/uqXoAic wxUYfy3t8zfir4g/KMxjK3NVqMO/H1+dcgMIbBVS94o3xNEgCO7BGjQqj6tT J3fOdplfvXj315OztzmnIuhKzObjL2TM6NmOL0qUjoj39fHsd8NxCprULp3b g5M8mo/YzRtbI5KXO1lDB3kKVMmVTqdiB6NVU8JIt6xZwXfzg1FY/HKz5BL+ +PSSFvWJ0J7IyiQ8KmH6uJt6pbwwGADId/Qt8W745NkFNJFlF46OQ3CXkFAD O4Riwe6WQyhx11HtiDaqfCDIsVIm5qo9lScPtrr17fOly6v3lFF478/geb/F VcljT1FjX+Bw1UvE68pwYm06eeHJbPa20x3c86ppNZ8XGaQ6T9qGRCg5i5zd OhVp21Lg5FcUT+pBXvVszrTY0Z+TVCtKLXs2mfuqRrXSNyDda2HJ5OFaNYJ2 SKYZUSF49EfequxWnOXwNTBlFs37ZjGhj+PPOaMRksP7iup6+BgxIZzzc24Y qUZc54MBER7OiVpbJ+/dHrDtSR1mPOO8gWzClRRv80+mdJsbzZnnb8OLgbEC 38NUMnLgeccxDv792cF0X9QMaQLHLh3cCH6PC+EpCR5to0xrGC9cKznZIO+R tnz+/U+vXkHK+F9eHB29PAKEf86nyNgRww9rdZ4JKK/2dnpVrP00pCoCAOHy iiPJCYcFNgS3RujhZAxirrCMcUumR3KRDNVPX9DENcKRXWrrcmBTGExJHzbz P/p2eHX8BpyELKGg/Ofs7R+P3uRCCuokMaEf5RRn9FO5TO1+lUmur3d8Wrel NUmFA3Uulz7KzBK4qQHWBuQZUnRAnJWXtNrJ1nA/B7YdCRPONl/gw18jQjeW EGao3VRWWOC8Oo0w33wW47+DLdzDgv1Cfg1TZORXg+nGgWnEyGhu62iiVBeL 7kKFsbaS55RwKVihe8mbkZ/JHPGgPKorNMO+GylXTXpC5vSFyniFpA5DJFXa n88MfD2NdP1G80Abe+cLYB7rrwczbWiTHMQyj2CmZXKqP2KcYORttsY+QBoe IqjUaH7HV/lCGvYQVPgtZD8AyMmlNUdHC3RDmqsE/NIu5q6+Y9Euf05Sw6kn +bDtPd0lvg1Zg94dvtb8TJLm8OWLzCn8nssqdOEUu7/kxVT/Zer9cXmYZHaa 0CLk85XVe6HUo+JSGoSqBogLEH2to9i2qp5q72Iv/mf/L3/5S/VIQqUkliWA Cjk9APIGcHBY0cgTkFc/vmlWnhE2rhvkkitdVJrgxrUp1HtRe4np7+LD/Sec 4e2rV74rqP+OhksYEU8DPwYjQFXJpnfS9nnCuIc/E7oM9QMmwZZ807JY3Jep 9Hiv/HUGAjMsBrwT1NXGVJ84notl6e4S4DMq9qTOi4nSTmVHps5jUaRzW2g9 9LJDyoA0bjrZ10dv9GQPvuxkmW9jMWp6sFIRzN2FBLOQ9pfAegzOzLwCTsPF XiNzhUtwtotWdZWn3J9wtl4+qaxVjoN1CEZUz5MY7GiwemHEgMLIczXuNBRk 46KGmcs0zMgVRf4wD81+mVudygSC8+YX/Pif5wcL7AfTbmTDQMBuzs7udyol Dvx7XPfPMQ38suhO+lczOP8N/20qz79NMkoraT6p137EX/938dRnjui+7Evy IPbo+SQslv8ey9bvW4pK8vdlYW7h5K0DFt0XtjrOSif+nUBs/DexoYccxmzo z9uWsFHHcnhTwngGX2A2OFwD5IVubjizB76ibV0BBAqZfxJ43VVySix8+qYm 4kbuDx30/ENG5UyNYOvWNVwSgQDZ4e2l98FV/56JtFjI5gQc/Iu6e2vh6AcE 6GOfnjT5UBGXUd815ZMnzoJqm1EfPseor7Ya9ZBeEawFpG9oKhZhUuEemeG8 Fdh/6NpAyph3DIT7HQN5OGG8cnzEMVC9ev0WMTDO3kXV0+XkGHx8pngqiDwY Evql1BTe3zMnbryiZONW2Ijk2Wi1Qfg8OPxEr4etf7juFiAB0zXdL0MMFZ+l SLrzoRzZ3wOB8COvliTCMNggw4pIyEY1oZCvd4tY+Ba6Adm0nycY7j/eUCUH DL7mxPGg4crevN6RCgAbFNVW1s1zKbehbsIfIMXA6JefpntvqA1hOiAmMwBr k6jelNVT2IuP9JFus+DYXvyaWm30YJDBkIlaz+OTX7e9wNNpJ440qpbpTP5F BTb8h0+G3xqVVqrORB3U+YyXyR2gk9ABpbSkLvXSp9sAO3vDssJTl8aScRvc 9CSewxEgbAUgCbFsIb92tXZFOhaXyYFCCu/bA4XIMx9gi9hr33/Ia6dor/S2 /Yy3nkSCyyt5SDAYSUQqt8vRXx/8LU/0v3P8d8uKPz8EHO5LuinO9jBmm8DQ OJ47IMoC690vKu/CFBMlvcyS3eSeMw/nThl0Yaufpb47D/Ygyiv9tWoEYI3H 5htt5dwdwcKQv++aMMh1u7+fTBhkl5VlAmqJyPnRX4dj5gIgzXqDYmsUFJIx zzqbK/9Xtc7lqEln31WWo2aWdvW6AxzYVRwIXU+C53LT1Esz2UVDHMzmFETm MozbHJSpU26kWPG4uLGEOZ9gkojJQL5L4BsJKM3IulgTNrHr15nJwGQcuXDn AuQWfKl8JJvicyUku8bDr5CQ2UKDX2guKpVW9OXoMY+J0LBVhFafLUJPx8Vn n4nO01xsHgDZxv9+vDOiEbu6CVemYFBa2sWYvHD4HJJmBIDShZ7qwSpEl8Ff gqUEy3HdP4o9KCaMmvCQ0R770UY6snjWevr5EiTex3e59DgdlRyIAbD/eCgu +u2ioh+KidMtIuL089R4XgJzbYVGSS+/Kl4+CexBKwbphkHMirvWdO+5hH/R XjYI/K8D5B3FSCtNTNw4XDRy97CCoGziksQyCZf2yeOwdxiPexPV9gIr53On RzruSXQtN4BHYl4sBKpMCBAuRqmfBnk+lO0yE6cSF6oZk+WhMY6r8/IMeJSU 3Cwsgzqe8pBWAvdtHLL/ZA7Zr8sHy9kycH3sH4Kc1XqbxJUZYxDMjc0KQVk4 t4jmAJkH5YCCWkltGACUrF7OoPIngQp27uH0iYdk4R23yhjwJtnf40n1NTGX qOBhA0FsR0B/3H+6u82rXZA/orG+Pv7x+CyXP3UgDhun7wvH9KF269xui4Vf J0jedC5O0gu0XvVIXPzZ2y6ABe4ImIvUipIHbcAsvFXFDCGeGd8/ANeTkwyf lW41+TGmT5Axg4nS8NY+NNFARywbQoflYjuUOSQmQVs+//712xd/PHqZy0kQ 6NOLaEn93Mw5ywJzDRlNiVtyJCNk4vPJDvlWEdtVALywFQCMzX0osSyamVQ8 rD7+301D2c4Kg03ZQt5sFTMRPpvyZ5gePFxPgilIDZRvNwQAuBFWBsMEsYjr xVW3imR6Y7nesyl5A5EsSlPcJxOTwxSTanj6Ban45CGuLD+8SMPC6CYOi8f0 d3JrDS6SG7ytKSkA/OGwcryKGdL8PAmsn2+jUmct3k+spfEymn1aoFmsGqoe QrO8miG9avABlTEMZdeL7gqKvSGpzy9IAWFTmtm5p5ZnfG/lSF74FbFHjQIW ptvyFoIPCZafxOiNF15GOev8gZ6GwiLS0GBpDXmcsLj9v2vQUGxqWTLTHfKv SontN/A7pDEfSVBZOyS0+57t6fYn2z/0uZ6OPdVnbJ19nT/ZIMpLrS6Q4bOl g/MulkQjMjULtRGVBAMT8hc038pLFU8hLpYdsMEnYawgL1aDtgUTzBwxowcS 3Cxf+8z88ixFS48d/lTJU9qJJnXiufqcFTxZNI57s45J1wjQA4onAK0NgP8a a26SnDfjerIzBB2y1hwiTz44/Vzxm5Ncym5O72U1z9A0/fqBpmk2W8pX8sly njLY25eYqZ/pXBwqpDX1CYKsRnK/oUlqqTMfslhIwSbNLNI41BfZpCWTVBo8 0AC9oYiYA7doehasDgwXVFugDwotCAq5yGnPllRS+7TkYvMXYWjPk/RksfAY zGCswU9qPMjbv4jb/hmzKwXKGFkk985ZXrmohmq52lhn6n5HhtBI54sHJTVn 7WxccnPhVAtv7zmKeWld9IZIlYX9uwYDoCcIS3jW5cUoxU4sz3d395/tfW43 lsFOfP50aSNpHnXx9O7TFNI9u2ZxaRunuoekEK7Gus7II4UNnCSRC8ToKzKK YleokJ32w3kNKQ0Z2XJrR/ThwLjz7zCSAdPSBzqvzxFaVs+nkIKzWfKmR2rn 0hyhvJUXdXuM81knlX2US9LykThQ0gEU/16MEG5pUzTCVxKSVNeivzYRfFr2 RxvCNKEC0fIYkXLxdFzgWnpvIWdgUyBrgaYJUIaYku4JqkpIrxDC0CGoJB6v qejrQlXO0MI5vqCeDQHe7yV0wDwPvQQp8nTSPealdYpI3zcU+UF3xCEdJJFc aIzWYZojpFb5kW8woRoAmFsAEYMWN6BLCea2nFVIwIPSkak947wUDaZwmMP8 k92FB+1ua0lCwmPCF2e0n/k6b/w+5DJH8d9t1n0B56LnrH5FMCZM6DFpl7lt taYBZuhTaa9jcbpu8tWkdGNrhlUKrwFwGrrQjJNCe9VFay1wtuyB8Mk59unB sEd/lO2U4ZyMPpwtPzov2fwAAtlTOzf2Xgdk1PO8ix69G0P3Lss75An6pZAd CiYDY3Pf/LTE1KDaD5nDZShELj/hPCVhC4d/Zeo19wVgE2xNjCtTKWaNpNKf K24sqpVJHAP2ksZhniXEA9ncqnHyoF5h4oVM5FU1vjSRHiZ1ACjnPzdUcAxc JddzuOelz3shxpMIKkzczH7566sSIfcYEey1ytxhueUbxFVNGK9O4fo44czD o41qQ9IJg7rc7vo3i+dGQRWAwMkVkQTEsxSkGcToswGCNOrd5mAbe5T8yrLX EeQk9ILKJNFdJg/Z4JrGpsOzYAdJGoB4d3R2/O6o9KPAe1m30iUtqrNusrwZ 22aJFMqBfMEYmgPQXt8FzYjNtqzIToVlZCaTPJgHWE3juzLD6ZsULY5ViUAN 5TqEGm9WDBxa6I4Kxiwz0CSylkSWwlDOs6U22qj61GFJDTchEhoacWDIjltL MQSL7z0jcROPq5x3W+xWgesd4z61G1tme1XVm+ZD/lM2Ha2QGuCzArfhln19 WedSthnoEPKmoVLbx5U0D+nLG6TQ0Sl8ALI0RiL3O6OLlGhwU2OkXLBTvxm1 U3MMqeGMhiU1OqHHlBrf7nZn0UMtyqJWS1AnYquVLbXEVbPl5TpjbahXJOlb gHjm2GPPXfX0ZTw0xz5sUXhLmqDaXdiBY8tWVA1FhSHw2sY1eN/6sdRhxEov rLsIhX9pv06Dau9rRlfcrmey7LArG2kYaBcWN7TBMnMqzUkYCFIeaLwLaNhi 3Ww5/i+4b2pld/bD+YsfDl+/PnrzL0fDjnbr62m04hawyqbcdSwdQFIDRCLV O1s7ihF3BV2T+hYRujVwQ9gDixO3K3XNYUe50sz3eeKyLQmHK51DgbfVwNso lPbsybBTcTK2NXgrDG1crLyN7fzLlUZFWn1Ovd+TbuhwEBdtVNVXd4IZcqx1 Cc+eaFVzA4Gy2zt63aWlpI3MKacq6pMtPXGpyHdvGLkVfQ/6o2xIxZfaBi2s 39VWbO0tlvhzgajnJobVS0t7d3R68vbNKa/MOobiuXMVfgNgepkPDM3Rl3QK SvQ6WInmdTDq5TiY2wj8YkdTe9ulQAGgZVw+TyHcdLwH0q3tUYFP+pCANcF2 i9eYHpZ7ADv+BaSHUngAF/c/ADsDR//ZwEb+xypi10wFxcu2wFv8HQsI/5vi MxoITPYBC0cuGOVCcuFL8A8cX37x+u2QtJyqg8lJI5r+YJiM5GYc750jb41n Av44CdBaorhbvyIiMngkydHBPAIXQqaSZcjOfDQVCy8Z1hIr/xUMn9oZ1Xfs K0FHKtS7zqiRBv3gkYLvvnnLoSdwxO+MrSmxLd2a5mG4Ju3wrXN4pEc8GMSY hIXuCukxALVL8vOZZIRs1hh4D8BV4CEi8dzlLcU46Uw9yeklKHZneZsPgCfL KUiByoqkV3jAM4zgzhELewD6+q/0K/nFv1FoCWH2Tq5X4EVI4XXSvxUBzrIF K9RZeb0O9GzkhO6JFT0YYpAIBeOuGfQqFRTgxi4JuTUunEQJtbqzNOTDMXp1 qQgzojkM0CL6AZcwE7I0NqRquLGxdaxKUQrHJ4oDuqnmbiqbaByVlraPC7Gi +xJIopHF53QYk9fqfLbrVXt1RbY1cF70Soek3cZe9SjtG47xeZBwlgWRdOK1 ij4NSVQZ5MdmCb0UlsxiCmiSM9oQyZL8pBHLRE54xwSRYI6ttZgeDb/ha/k1 Rf1MiLc0nmFBVdX3jaSEj9CgtVjs44bX2k6D4y0TNCm5M3wFZTnS7RDKg9Bl hC4ZyRrXnpDv63ZRC9ZRna4wPwHaujlr5m19tex66Hvtu49KdQy8tKhsSjIF O2SwA4sc2iVDELArdnbddT1fCKiboIzOm8ghFiDy7jr2YhtbkLE5wwrLxurq p7NX0+caE45iAG7j06f/8e7Vi8fPDr4BfWtN7XPMMlVCQKgirHbTHU2qfjOD LrFRHi6vNthEtSacOYUKqNs5trBYNZFuMcgE1b7xToDY1zBgt056eXRLfkVS pomPrPkoNVafS9gJWcNZoyS/QHD4Nbu8EIAUpPk+/g+mnSQLrJ/WUJuKLVKR WRHwwjLpYGx5z/VF/DoWgTnZWHIcJlV3AdbH3t5t+hFy3B3WF5aezUUV5PDk 5PXxC9TYBDtm6cHskJ5/UBBIBaQA3e6HwzcvT384/OPR+cu3bwaanS56Cs7h X8SXgvUHDGudDZDpdM2O02PiwVy28jbAhPfHotkN0oi0NPB2TSJdbd6hO7gO 3eWxy726SydUUEAaryIUVyI6QnFA12u0fKSOkLN+kSusEDzF/85R0+riMcYx LjsEFoAezeuSb7uArRYSn01x3C9wVwERHgFkFLIKoj/uwMzXwhEfEgp9s7ic crUF9gJmyTzwSUVpjHvEbsQBS+CgifdasxPvosL1seK2RzwVn0tL+VaR10E3 78vNAnvBYGtv8JwLjBUyXNckU7qSrRPsfhqaEynXWPUq8OvLUPTU1aZt1VZS 5iQ+RkPEGUfGlp5g/BMeHieHCHui04OEzVR9weslPBfyiASPDI/QPpTMlx0f Gf3poYvvrHZtTq3JqfGBFrMiFot4QEt0o5jDxfZhqk6/W71dxnUN47M4o4aF ILoPf4ar8G3Wy2NGnVo+5+u4iVcWLU6sUbtdgE4w6xDzjnVLg5IGR98jw8Mw w7Lf0XycJL0kPrQLwNRD/k3irxmbPcjs6uJJJ+bgHWYUN9ARu3MOfZiGO5/3 wdl2rI9D0AoEuJucFQb6AozSrlCFwwZhgkRvDoepaPZuCFp64pXSQwMWg61v kxOX9ybefevB7jC0LSGLNULfLnjdBcEkIvWX8LvZIG3yiSSzAg+240wQ7E6P a47jBqHowSIF4psV4yHEBt+IxhQC23G6Cnqjx4dvIOZ91fbQMdyZ+daOnnP9 btj94+hVUhGi0lNPaWFcDO2UQBDc3sZhPmovx/QGyvTxqkzyt7jlZwdJIl5g vR7uMbLsMx0znb5s64HigO5EoqlFSy0ozE7css5B+isoNyN2dMGhMiP66Bt1 7dxCP2RFJ4T4lgt1QDasOHAAX3BH0hLTdh5oHOFkg4UYnyu7rKCwwjmtrJMR U435lkhrJmMyHL85O3r35vC1rW1/RwN8ujgQPBt4vfh86CGrW4sBSFHQYDfK 5aZRn1KSEZi6ct4dvfrpFCqX9j4e7LigIuoHUcwKHdczhNAnMZMMVoAjiIM9 Hh6u5Y2lwATt2tWutksUIQ4vAdF8Krb6VItPawe1qMenh8dVPNmyCpHEkleJ 2efWA6ByyGCwLrQ43bKSCgg1BpOkDqn7iQRrK/QwkHGFTz93hZr1QGxLUkIr rkx3VcDYFhcGsMRPwuURSJ4AiN2R6k6P/0+3omdbV5RgzLmYhUFI6JGtpUWs +LN9DpeBc8Y3/HZVyqYbTIeerWLnqyQm7XA/9bDyLrwEJ2Igrbb8Dy5rxtWV P2yJYACvHrBES7nzi+3UZOYFxOHcmcF9lXDm4p19/QAq0t1d1HPq80aGVqEK 3fnpQO0TxTTSMXrJU2EtqEz4qq0FKMo5biAO584+EIJSnFuiAntwZuhfQLcE uAbeHb45PXn77uz85BC2fAaw+rLZ51s2Wyrk5p2D1zzb+kTlPkGAS7Y4J8R1 /JJqkOKRQroo2gsT2CiYTx5Hv2jnc/Drlb4Lrn5YCmqKUYdHD5kIgiRKnjOz b4w/J/2dfT6QxvzZgkRN3+ANPVAbbHkGNSnnNsZ5Oz+XcrKhRQeLqIeHD7DS iA+TxjISNXHRAm2lzGvWUcrSBdA5YQWIB8jpCCge/3T4Op4HwX3HRVzsUINF FVNK6oy9Lt4Rj60uUpOu2OG8gwY38LLEWWZ23l6XggdQck+jIjvPdQJKmbYg SrFTBMw2Hx4svKqC0Iz0knZhECmKitQGOEuc6Y9Hfz3/6eRlImyaLZfHGlSL WBbwQoBT/dxEm+QWE71IiJzytp4R9/z0CZS76dnrU6oiODoUqo2c78UPtLPL sZ3Vs2s7sEsSvWQHdWSnXK3gH6mIhTmAdKXQn/RGJncC7Mk1vj8dH37/+ugc wq2oWxUUv+u0wblqd8tm/aFb/UxpHpRRWN+i2QwFd2SUEi4sBuhSmxmNemgA Qjqp2MEDrdJ1q2opFAKMn3oWaVQOV6D+W7GHuXouzome3h/PfjIiM2XyL38x Uh5rH3NZtwuqe7BezwdPn2nXb8rtW72npHHEwOFVe4VeX7B4/EZmU6cHPouK TQx0tBAdUlkyFSDFE4gUluSs29huUIhrVtraHXVJodcnu89hQxm9nlKhFJhd SfiI0uLZJY+YVmDYEbAN6L8Ze1qSqcNGslgj9PdJfDaRR0ELi/jzGRQRkAlG qe5w4Ef87SWFHBiwRtpHYImNnStb7p0QhbRCtaQUGJzewWbZ/ucGDKA5Vmcc 0cmKucwIytCYkExznt4NoLPyVg8JIb5p0ctBArxv3G8nA0tTC5qlCKfmfIWF tu+yQuGoCkwq7JiT2OBw3wUHEZZxgHuQ2kou7iY0tMgPWoBKxMvkkIGswBt4 w66CWvceuNA8fn2zZFeWeNlSKSUEADbzPc3jsPN2FqUkjzs5CMQrMGa0AzBT c4n+ppLwgbvZHjJ1tyHvZ6ikWnpS2sF1h5GyC10u5QdpA8IdrHrHIMDDsyNs sGHKwA65Q+Jz3qBMeAHNS+bNinHn8CSvOuy3Rv4GSuWSelzwLc8gv9royAuJ aBrxwNP4i1tQkJANWOLjEkG+3rfNB6JWSAuwr0bZqEUSgR0hPfZU2fQYfo8H WWMKIlnp77EIKHIVbrlCz8jGE40S24MiO7tViFrSxaP6Gh8Lj0degZumxqw3 8uG8dcvVUzvRGSI5lraM7WsocNBU8gXEO7nr294fLhSUSSOmftbdNpoMN+9m mxsMsSR+IX+WHHVcVG5zwgUAJh20Qp3dlhcIgRyCkMBR5OniS1/iZ9fN4ra6 2sDCXFdBWv0ue8zqnsDdMRJ5jQmrN/GBLFLB8enTP58evZhG6j39A0RUnz49 iAQB08hGAswgd11fQQIjZHot72QnckcM3tQiClV3oy7hBsA+XuFjBPiuzeo2 UtXErhb0vZZ4V6SdSMzgQMS2XHPW3OW7kbmf0B8DfQJWD0a8UE6CxqIZrGBY av2iJlywnoPhtEXDw7vBMKw+MuKHeE2NDolLdUPGtf0Qje9IjpNQ2x5wZLb6 ok7eLajfmMzo0qFsIkkeWEXiwwKwa1JUVux2R1+18MDWqU3QaAdD1bJItgtu bvFW6tRHeGi7BjmtmQCQKhU1YdA7/4vikyIIl5hFWNlxodv+Ej+1QyTtMP8y au1wKZNAvvYJRSluOjyRO80zj/LhgmtNMFAvya1WJEMadY++qrklseulLnVR NruOabY4x7PYmcjgHtRMYNVeob9CWqgB+ShCCUG0QYMY8NrZ/HHf33dwC9gl NNoNdk6wdyQt7URqKcC8GInFkYpFkfeWWonC9KQsEZPDPz7efUqanr7f+G7b pUTlCkdggbDAp6FzRyvYWCY/axfsZw7QzH2CSlKRpcnfqFnMWGohe6N2iZhV HBn2710Q/5OLMSfM+UwyFk3nxb5fUaBpGhhoyvu7j71ajP3wIqG265H2q7LD hANGhQLE+cfqaHefTzSOvf8Y2OHzJ0+eQd7Ej1DRJ+rbkGGrwJg3t9imZ6lL tOURP1UxGOznu/G93AmrKP6W+AcB1EqK5H2/sbff3bS9VDA1s6hB35HSB1oz BC9hZ/ELGC+KlnBvKaKb+H8xgdlLLlDG26iFE24CeF6AHnBtPXGooGd0tYm3 H99Kk7psLLrrTwyUDZh/N3XUBSOuRw4BBJLJ6de99hqAcGU9u2OHkTe1vRSL 7x7eqeiHy8jqAIGdtwgrcEVl6aFyOQRJWOYONvIE9db3XTtPYE3q2QqAQ72N 3VM4Lb0/cwXwSadzk6WEsfpEhMT3zJRBN7xo1NwoOnDitnH5kGpBkiBadsL+ tXDJiNtfXFwR6cjZ81Stp++ieh15WANZ5qItvOxOVdzzXi1Pg9hCtCziVU0P wYUmsi0eEdc1u8KTSAJc7Ty1T4EWXDAy7gxMMGGFnLRFD2JRt4AdxJafFE67 JAFxX4gMlUJw/upuxYsKblEM3Fn71cvlrsFxsab8KvolewCoSgCSsbyILLFm CI/bz91pTNQJQ0Ic10Fs7YM2gUbpzowfLBcwkX2tkOZseIR19IdL9ePczmmJ Dpu+p9wnaMdHSAeo0iag5aYDyskRWqk5G+HC0yNjpFdIEZIS+Q+UseZ94Bh4 IruHDilU2bTl1e9un1acTuB1k/jqjPs44io0RkHBjTRCiA5vhHijfg7kLRup jyKKp3Sn6Smo8fGJAOTKze3G4PTwz1/1nNpyucD3L+1cFwsvHeMr7dbE7BZ3 kDQBQfv3UXSTYwWGRJ5XU1wXa3AJrw1cn/FKScWc4QJYmzmGPc2pmIi1I/+F qB65d01c4V2zVo3Gl9NFda2+5V6fOtlNA/+j7YVKKAmp5xywdSd03qi/O57F 8YnS4i28i4DwlnghEGiWjfuF9pWGsHv2InG74Khggz0VLbP4qi/B11IHS5jy GpCsCpN1oAyb0pBgQ/SyeYVS+8M5ugB5mJGJEtGNNPXtEJ1O3IDsG+3XSiZv l9MTUORMcTpjREzikaZrO3U81bsj0SBIQpKpCJ5Q4OmUUoKZXquwov+V9qPF 7KVZQxeS/83B+srVRh3foSnkWZvqr2KdUk0gWx3KYKTPZSgZEtitHveUOnY3 EnCiWEHc3DzKsVsHZRPUvjLO6TJf2Z6F/q67ydEmx4mqvE9xMsbeWQ9buGwy nNCDwI4iTukzJBoO5UBCD4Nid9qWWrvdVuaSwdhiB2VQMukuJUSpTkAO/HkL lsnVJpIapYSLDSz+yF4iICTa6/Dm8EyJ7kTdj29MPSLNnDs6JdwnUbVrzjWk +53YBWeUEyiHhDt1CyXERU1ZNTE6gF//kGhhC4QWkbPGkUI2Ev4acNqdOCKl yjM9iAtvVnAzE3O6Bq8UQg1Bt1D/hAyCthy6dXiJm954nmSRBVPqnC5cg+kc bQGw/2AoNxtZzyWVIBi1fFWEegHY7x6NZEY0BB8aV3jSgWrueejrxXrH27+i dySSpziJy8Bpl5cLrEl3OZJ+LxmKGDtnl3ZPhMwpJ2Q8oaXOXaYEEYIjk4Wa W67eQ6xDQJ/hr/k7VGHzXch94XE0+P0NGDTwUPjnlN8Z3+4N6ALILAEPUth3 7k1B2/ZEN3DChPnp97qpKe0mNXVPchsCFFz7Iv0S1FvRh5xN1sx9l3vgYnZk Elf7E5+Fe8VmxHPdhDxLuFiU4CFh7aJUujU6ZFpgY/EEBwQWnxg87ht4pnFw yc2xuBRqMhTtpQgUg5mII1WcCH0YdwiqhTHwUMQbQWeM8m/snnuZO7Cwhw/2 yxj47DzgwV18L/Ev/EacX5GyROLAC8g85V/qogZ3i4izDIECevN3JO7Bib/a cAIUOFYvWBRw/hwP1BHUhDgcwYkdSREOhfczwaSaD9eAM/MfaI57ADfQM4jj iqkjbx7lekg25VSWSR7ghaRV1ZImoEzNmuFmQ1KdTqqDVwBQy5eaXpRATiIj HEMHwo1cOcCwhZQKGFmp+iC0ph+QRzv46gof/4jyM5L4AlouUOVVQmSSIqce RJFeNZ089oInbJ/4hTUqhmgJdStJiG4+kix2/WwxsMKnQSiTgSvC5HK0wl6+ Nm8aENV0kkl3JZKiXDgdnAKUq3EIY33bdZdIBWsKRCqhgwKR7XzVoNcb7t8/ sRUhFEgdgfpoI+mA9dhTYgOSoJVboWTpNivKXnaOU9FkkNCQLAhfC1bS+hiD abNoo6qXmxPK2GurBQkYLsifYEKVLjHrtr5bdPW8T6qtuGDCEi8yEpUY0jz3 mJIvMn1XiNNJXVdouM5rod4h5NVMJiFMlQdzpV61WOSRFAzifD+9PEECi1rY TT8JoGEiBxZMP3dcmK5eL5p+JkqN2kQyAjoBsTqRsXjl60kARAfXiaMlheou 6lv6qUsLDBlRiskkKQC34IpaXk3SMEektuvug2cgoV5hAgcqCzYRNU509QZM TFVW1xbvaMHyr11z4zQ2TMGHJboxpnPFz6GUIHIfKI/sRdo73eZHdVF++r1h FCeSvvjt3KGp+qMRWiFCRHUk5K8TSjDDmPPiQW1DI8QRwPo6HjeRBUgKFobx HSN09qUkIAiyJgFpasHUkrZ0ofUiFJBLgGGC7qgR/xzCfhjPlkChVuegY0IS EJCpRg4YCp4461FHLuhNZNm4B4mdQFgU4s3zDdtljXilL4XHGPu74IwrER+W a5jMR28DfuQcSVktgMQTenXjYmxoJFJQ8gkFLE3CilDst8EhJO9hGfgDDolD UhivT9mHFhxILLEQXUOAiiSmloS2fGitoup6CerUQ7t4V0pLk3gTJ98EIVJN XIRrJh0nd2EyG5grnpzFMldS5Ruc79tp5HKw79GFvlQnL5LIqDX/bQjTKChB cV2rbJ9WPxLfhWfFvJWP8LqpUSuFH4GEQ4Fvv3vZLOo79+931CvMfyNSg/vn KVaAwyQ3DaS4GSur0ZTjaY35j+4kKhC4GV463EViLGASHwcGZFgy5sQXYdlV WgohOPb0/fLc1yzdO0zWgz6eqCc60ZUEpB0RTsI1Bc1R7/Icn9wyD9kCmmm0 h8jJudk8uH2aLWoSNVlCDoX4/7kWAKQIjCmk88NxqfVKkROKljSu4GVwQBMy VzHy4LJ10BkjOBkuHhgvcX93NIYurlg2vGri4kOlneV/vL9Cri6as4xzTaY8 sQlL2KeEAkIrVb94AvFhT98jAkCQvHlPR6/ON2eYTqzUjpd2A82J1hquEEt7 3uAxT1zeQxMF9hwY4cH9x2NBQ+Tg9Ej5oHyDmDQ+DhqXDHtxJ2c4QD+TE2SP oQweV/Z4dGUuycD4IGpJ2vGAlirLhMUZ5J5fJvpraIo45ZPxw3CikNkntBVD qnH0ADcFXIuvRP2XK7tAuKY41dOtu9MSRythdgVVkkuh54/tF7mkYk5Ahtve u+NCJgqjRT8mC4sJELBMai2zuLPkUrjsLRIqoJtMOgGY8YwvYdbdslxHtRGe ofPCUJU7j405CTa6edp2q+O1kp+Mj8LPRk9NxqgDsm9ZjZ2RTY9LuKL4EnFF 1pup++OjZ1In3bkz6guyMZOEMneWfrNlbobbMAKy88olDtCZ+G8CmWf/QTHz DlN78Xd5UtfEh9VIExdVkC1Z8Ct4Rcmc8pLz1kjKW2+pg5QxSb4VunlM1ptv yd6J6w9ZnhjvoE62f5fIxnxDlfZbCKTxcSqirl+f7q1EnXHS1QpgfyQAkV1Q UL8Yi1uTDBBDRDKNk88xbWioNTi7BnXMfk1tF34XxeLvIA0OoixqBS2aq6iz 33jHiHtfRm6T4K9OGHkpu4s0hsQyd5oQCHn3OLN7GmwmXj4SBqR7gOsAPPzA BckGfXN4FrAsMSUstIBkiRn/RGQu0Mvjb6uLdkm2McfGvB7M/EgCD5XiCABT xuPDvKhVDUky46pLTnhfrLsU3yvepXdasAONLmEGHLSufsce59+BfBgYGir9 ywwBZVBBXqPHkrPC2YGEtWFpjwvnoxKDEQq9KQ0SiWcwq4VcYDQuT9IGSZB+ 5dHL0TbxBFsWCKpIjHBctetStY5w3Loly3x1SImgVX+VqQ3bJxjTohIVEhXD YRTJaUVPt9yYXrvEGQbqBft4zVgGvXFEqWvdWy3MGNfy7FetBQKl5JwkZSke L3ANeJxUn5zkrBJsZOanZN++oc3Baz0+QV2UaU78N+al1Cgx8a7INKikiBWh 17zeUd/A+I7avixwtOC1Q5NgrrQcOC/ZS1lQITeca8ZeHH5klFeQCvREI+Lj 0IbFnEdhHDvVe0gWKfxP4vhlKW5XUGD3nHCe2oclCbi79dR8bm7J5NNUXGt1 DjG6dD1O7zS5JSexGm4wV66ClxU1NqEGW9j3UmxXWYoy2moewKeieFSQ/Alw vMULZp1o4GX3R3VZ976/R2uqW8DNcXMDs3uKm0mzq7M5tt/CZyq3rKL6APTA qZP7a+6ZXrTfRLVNDVom2IX1QskdmgOyGOrGP5ovZYtH4n4XTyj5eDIPz9YN U2xknmx3c6tpo4amDpMV3l7+eIVtuKx8oE4iBXo/dMwB+ZAURZC4jlplTye7 nN0pHaZnGWkeuhjlmzLdCXhBb7MnA6BCTXkA+LR4/cxafAzLsY2SZjV6puP6 VTAM1YF+dR9NPkg/IK1Akmpy/eDgM6ZZVu18kfuYaDIK4KGKQCKslYRG9PCD Ok1Rx6gYsdqznf62TYktQjBKuoBcP0Sk9DK3JSVuy/yQoar0G+fxSTsrh2dV SmyX8H1UBiaSXR7w2wTEKTWUlsj0slm2ZFZBLmg7S2si5h1WqvVkEsgTR605 YQGWpUNp6ZZ3qRXOLvs9SHrCXCfvaXKA/xDVcayguTUiIcoN5r4Hsxbisjed Jj9oVRjBTyXrnlAXjUUahwliDpI94i0cRAICXYQ7f0tU3fUJtX5QKbqzTxnA Q7JVc1o9MUJMX98s0/M9fvHjie7nEeUW3N6sN3MsAAXnkEuEIbIRxk04XqtI krJNhfhGPsqxeq4O9dF0L9pxiYGXCPraoBPNo0K7wx2LrGLmEAsaysKlRJCf cc9QEwIgWWtQ6F25enhpyRW+23HqZ8bjxM0o4fmMFyI25rYk6yMjT3wSzKUP I391dRWGJx2HE/8fEIgJsL7+QJ2pZo1rV0iTeGxBjYsK16I4bxnZtO8ccQDD EbLWDFKhaM05x1iTuc6TfVHO5Kl6i+5ru2J85nbV3oD7gJS17jIMjzVX28fT YcKnTxKOnbq8GAUWy0NvAuUPLJz7jNd8nkeUWca5Tz55LKdKVy1mxEzZ/UjL fUi4hKA21/e2pqHSUlgisjlpJdoE575SOKYZbEI0X5YAQq9ynmLjwKY4ZS4U Uub4Nu9bXgpdK664nmtzON2W5SEHrCC/JhLxDNhUIw9XWm4tfVMt9iZKwx1/ gIR2vI19FzKvqQRAgCqydFlq8eM2SEUDkD06wMBIiopSZFGfa22dLRlkEctJ kJpcuZlrPmqatCQEkC8GTeBQX5JaPb5nkVe95gMZIB/lXOVBPqxIxkeP3Jqz Ov2a0LoDTabur9Oq79CvV+QO6jcrAwMiJaQACAU8bD3IjUa/MsOVdh3AshHp 9Y0X5Q7WkVMOiJgsfUr4RJ3nBsSLzQueEt6buH99rIhSth1aVyXZ52kdk/dv ZnF81/GX+IArCnT5UMWUX59wR5g+dBF9xwghnNTGSLVQEDLjSYPPqQG83GFK r9/pql5rHl08IsBFIIxedusHVnNW3KtkjPy07i5JfiWcGWjG0jJee6DtIPuu b24JhaXYtc/3esIHbVh4BN+RhEvdSWUOV95VIHkpytXSe9s9nPLxMk3i5ICv QgnOKRgiD0fyjPxa6F6WnfEO+gMcB2GPNXN5W8EAFgh5JCnZIs9WmvRCmpwL 0Sm/WBZq51gRGq0nJM9OlbqngBQW2rPTFSO1GEGfYxb2jBLZ6N3DJKDcEIYR 8qr2ppkkcRLGAMa6MRB/iOzuGa/278S1xLeiWUxE/IhbLUmUJDvoMJZQK8r1 il5FeRT1/biOHfN2cQMGvyKqaMiiKI132kmYUpe/8DC40XSddx++6sFMp7YJ rsKQ6xJwGQhRRAVWDOUrZjDYBVecD3IpEBKs6+QJXJseEGiBBiOdNJjRBgxh 5OIVYlPVIvKDMSLt76u3t3EITPhDFEAiuGifdfr5NH4wpcVk7YJIRVSMQEsa lkgkMG2DPHO9qbGqYIAjjCdNz1x7cwO6EVbDcy8FKfgU9TMwdlafoXVBK6X+ 51acS5z3xiWOeeNv5R0BT17Amgug2fg42ptoe7dY7s/mfyY+uJH4Z/RvkmvS oV13HWzlyq1II1e+aqK27Fze0qX0kv8k1dYAuSXASHWyDcTF1QbvYHJirV8d rOEp0W7NlOuKm+QrDvw5SxrelcWGdEU9eH8SGJ8cIKTGbHvCBmFIEg5zp72l iJIMchEVS+sKItFcDc++wqwhJhgO5KGwmrgmr9nxIT7OullqtTVAdHeYwnZX Sbsl1KgAQKQWQqZO1Zpz0RAfMx7ga0rgr19BWE0xToIjbI6s58vLVJ801rwk YMjOSwcrXvpg7s/elsc9v/BpNWSTuUgEutsRuvs4cVRgNwyq+QYq2Swgix9m ZCeL8HJHJpx0xh1I5Htk9HMaMuOhOXdKnG/VRmlKd+Cv9SsiX5K18yhnDSdT VTQ+w+YjFELHs0KEgmkPADf5uX769M8vTt+9+sPLt8e7+3u7+/tPnv7P+P+f fv11/Af89/ODX34JTATqZfhzc2E+yIW4m+k58Qy51ecpJnKI7mfEb4qzv337 x+MjgON4dvDsKfTCqMUvit2eYdH2QHzvGpAFg4PLdOUoHOJBzvgcvYyEgXfR /4aa52oDVjhIvZ9enkwSC51fxk03r8V1NQMn62pJFQ2NMptURyZ7kC5POrh3 GsjsPRkmyf1SghcEOY5Sj8iu8JUarg1fEkeDJP3qBtR2QaMC8GlJ2ckcZG1v JuOEJLA0nDboOjiXWXsbt4ldb6J4CMYvXE11m3r1khTlpIt0smPEuKiuQeE2 80GeBm6e8QIv6p6YjOycMyJkoEHmNmXiAM5AfddbKQwegeqTCieXvY1gqdnJ qBh+tqRwcWdnAGZqhKIWLUWJBBSb2ULspPHaEP8u6vKL7g607WWL6iUllIB/ Ab2zabEjFd7AL26oWJ3LwlTJU7SKLbsFmClUQLjVGsNeMX/MN6l5c9EO3Whz kfYyxPud0nUxx9MuKRTtAC8RswRjGVDW11i+soMdYv+XQ/YJ0PoZfzblHUxh v1PO4Jq6wgsg0qi0QxAKALSBUOGJaX0p1EGGeh5Hq9eDLbILVEIMWXUpFXdx 4hDZoWn5oe7mJqn6MoAoyj3nvGQMgPNffOJZpBG3CtWjoYkOBkWYStqlSFEm Pz5y+kKI14pc6LJdMAzop0//4/sXJ4+fMyic4aPFefk80MAH1EFKk08qmqzE RqLgjIoJ7rcoclqWxVSVxS+CMTfEuTHrpqgJROsKZaeTqS5qvt5aIEyoOYYt wZhCaIdh2TbGpxHMnvP7ctJCycZLQ/X3TgLn1qiDy+g8kIUbB9uAMGvARiX5 UwEnQKYZulIj5LNvb80WUicAA/51lJFAskAz8dtGy1TTWAorPxXBheLoKKXC NsnzbQj/5E29MqrFo6T2EuMQKP5cGE4AaSpuE6dfYWWB5rZyNsLMJXUFEe66 282C/IQv35yiKyPq5d/B8m6xy/nKynWg6fWnT/rxlD/evjJeV6juWRlOKURT Ku3pPWSR2O3J3BYYxcqnStw4WSKa2fydaA7Z6mlpDqOzcutEbcitNfMcS2uq 1K7fUj+OsNjvl25LjCSF1Rh90xd8HFKl0afC3hQbYG+BDQJn0WCBgjVvIgzq M/JjTkYUcxCjqsvfjmMoiYFZ8gJBOJEBQFlRKqZaaJzDv0NvWTI2cujc8xUD QCNspqulyh6nQfhHiQpBuC8MwQuhfPdUVcNWlawT39429So0UP6MsOhpjpHa Q3JODrS2nUMECfxGDmYeJG8OESNHIvSVrIU8hLSiuPnst98FDrjiP6fMe/Bq zrRD8LKrlIuKaz6XBQ7FCLJoB2cSitfrc8klTT/N7DXBnlayqX9dJnGX3FtT tcpXQ+LlTiI3BfcoCklU24P/ahzifXOXQLsBrVidtUc6RkrhsjmM7iBeHngp UUzMmyuA8MISRkUBx1dbAI6b0G9kO4g5RRIcmkUhIqz6uskXh7v9yOZGwgzA B2Y2GzMUF48jGMK1wJcl2AMOmZ5jZvCEoDqYTxHT2/kmWUjbFZ6aLZJQoZoa 8g7RoQVxwsBxUVczbumg5k7gtfjYDpeUYjYnYAWBcAx28+6xUWkBGjIER4Fo 7IuWkyEGBoZi+8YFqRN0+35I/wqX8Z3AndG7veyi+SOX7s2LdunkSKVYz2jO 6oz4ZFLDKWNbyoy3MGA2ZcKYlSU6UO7po9ZVaSOME83ac+pOTRRSewYEwogU j8yRr6m3qs+BN0u6iZB3kD1qeDWYMJDzO4wdeD1W6wY6DDcmfXo31BulEMZi wLrhiYmbTTxjFm1K4A2mXBaYQZBNTefQDE3gPMGyURzbY7eIkzVJVWAulxH6 gUjNgcprFRh+JQHOyQKfHglHsG6f7h7kXQ12IsP5Ga/DdSkEBdrhxxUYb0HA qKBT5f5QQvNIIVyTkQTot2QAJBcgi3Fw+25dDkO7qFZsoypoLstw0zhAIoDj 7d02VPWQyls1ahlF1PQ9jMoLxWLt7ma5HnEBxyP6iZOdCABPM+C0Eduboz9z GxvFzx/EWXZELdCEDFKPPA9Qe4gDoWMmByBN8eK1oJjNxy5+6ap20VGYLluf euaHvg7qImHVgv6gpeQVEF/BuL7UE5SoGIRa74L/jTY6kcAiv25MvyT0PLpo /WK21vDBtctx+2aMYESfpdCr/bC9LE1J0/XqwZngq7WeoHW6WRofOGEP58El TQ4nwxr40nfh2ALYDroOtPTZG76U5rICiqPAopSm5sBFBRY0yK/gJ4P4XZLW dLx0IBHsHRCMYrROAtlOcmFAGNRQG+PGRAy4MrwMfsgYqOTwWwp2aahdK/jY Ubc9MiDzW82OxcMPGUkJDmWfzjLx16fQMI6/PcAW8PK8yFnWWn3BuReEP+NQ h4t6c8a/how2qO6VcCzFAcWMwuQw5Up7t+2veoMJAjHVgBPA3DYuA3PbPoec Zat2caKuBMsh/PR78Sb2t/UvFrlGhz6mNdxRUmLqhJC4vPJYeN7shaIKQYAd 5Pbio5BWBScGKQnl+w/+/vN8qtShQaXn+ap909JQ1s1EWmZdu4dgMWNTiGqo gMqS+s9f2GqgU5qZJBJTvTtBhomtzfYVPx6s00xVg6LsNTwjVr0lG8UUH6pH QLwwy84r+vhr100nSI7OZdFRxZGdYUggiwZIC6CgM2VtPYRI+Xu//GKeeFS0 4zlcEuyl0/u3PoZTdhwpepHJHgcxLZgvDjUn82Mh2garuUuwNOsVKlulbgLr bsw1lfiMMpjpB+doZp0yzJGmLCRKMH0fpKGnUEBJV9/SA1FtUrK4gamWotD0 JC2EhlhtIjlqzpvlgkJ+V5qTDowBPwK5w7gp+esqmBG+V02acICTWdwq5fbh nhdjfN5EMLWjxDrJyLqljJkSTHG129SK40R9oTNgniLd2cLQH1JvSw2TPd0w JnRqI4QHP3/XJOtBwb2Q4BzWBpW2tjddPfhN75oRUAgmDD3HWbe/RfzpAgAA gwPUKsWA/hljQBCCP3h+8DWG4KEpvbmpNO1Cq0sSBRq92boIgOKkAqt1owWU EEXBNs+W5THOikpe6U+/985o402WMfFQBsUQY6iKqNc6fJZz3ByW7IaM/Jf5 VEj5lGuV3VOkk/IRyPe4zBOorEwALtj8q5BbIA1sxfMZNXkoPGI1yhxL1gTY aQH8IEwXDFActVDYSoyeU5IglU+Bw1YRLSzHXV0C2cBBCnyX8abj4jfi8oWr +a9m1VklTRoP8a+VCg2f7h8E+m00AbEvpQO3bi8RugdTN9504+9z0DPPpRYq Mq4IWZ9zPS5asWsAJsrSYGBnTIbvKch7orgzCgR9P0L2/8KsICf/F9k2TBuV 1XC7PeBrlgeed+QYMey5nRwhNIVh8lKvoSlOck8axCQKPtVaUOwVXIQBvJvr a6vrJKdnqxROIuZSfESWppDiAoduswawXQl0ggYDhNDc8lPPslfoaqAzVpIi wSkVwaluNAZyisUCM0OiKQd/gvOJ+js5zyntKArqVRQI1KGGPdVBunwlVWrw Sjns4KBLNoQQcyrHKvUnKGIXXXd7gakzOFRNX4CUuwV8SukR+dm7nHDI8LSG Dco6NHW+W+W4Djqj8iYbzWUSkBXoyu0eMJQUgGKOsubA1b2v0DF/KCphloKl B4BexUufKRVoDGtNU+voOAjYH4NtucYnafehwMkrPruSrlO0fGe6R9IgxpTX Y8CNGpJwToPUBxG7YaDd2y591hc0DMI8h4XuMPKJKHGfHHyzHzkFh/CtDwuY Uu17Jiau9KRf7H+zD7yFE9ivFt1FvZgE6vfEU/DQ+988BmEexyZzjcZzinrt UoOkciCKsIGSezTY6yW62tTj1vsmCdRBAM4osvygpUsIb44NSjDPH/yPbf8z 4bPTm9LC7/wpuWQIR6/pKtzxbZYLRpa+o2wWFROash1lT7dZ+7xTdH/MnH3q vVFqihT6zlCopw6ERkk3xbyxry/Teg54uxKY6Dx+mxxFzrkj5TMCPjfS5EbG ePuZ6xDXMYjNYiKuWhdcbg7GRBjGqTSMw0VVqM8NDIvdypdRo/bc9CEBwHO6 Oa7U4JnuM9womYUdtINaGJiEin7I4ZvebpIcCveLM2qecVT8NXxAoVa2mJ0k lAQ57kZcEqMmB0O7NtND853IjoL6hLVrGKyLxHwvBO9V1ZWaFwc/tyQlraoU DBe06D6FRNZhxEjVvMVqjPDIjVwkcOZ6hC68QpdxbpBrdaamZvCylHwSV08K pFDg1bA2kMWrTBX2sNI2CSnBFGkDSo6mVw1VHJLsqKR24ztS/SiolFljGOoE Nai8g4IlgLBoNKURCsWwLTfoLS120Ea2wUmOSf+52pdEcgoepKhzmQcQKXSh Sl1LXCrZSq9wuZ3U3lfYHuzIo7yIqyVOowBfROOrtzoJK/vpmc7ihrn7bu9+ 8OjTp9PXb//8+u27Y4y/rSn/4eemucXgf/B6Aaekcx681f7eNoQqfd1hFW9z wx9Z2xJ5Jbtc7qhL43zXj80Mk97VzkwVPuBlnEMpxHUT6eNmcxPMABK8hyyT A2meChyxxoR4TaRLgYcQ9Bx05Eg3V7mG/gbURpqkFzMLMA7q+QZtZNgp2iq+ 5zfVSMGDDYQ7kzknuWaUchVB26qXm6gQrSkcBoVJPjekjxtdoAgP13GRgILR 42+lKbBp1Q8otWrc7dfS5ouzTAIbl3rI9Uc4ZIei7RzdYjlbV6xJivngfuWI SDHpfZ0dxy6lSh0q9tubWwzThpLtzLdPIBnssWnmA4AINyiIDOrrrePxJhfN 8ooK2ZB7+wyvdIhoF9zJBPb2sMt49WpVX1lCNvVcqaOScHOxuEvBvNEnVmPL CyYDkiVYwUBMYXGn0fskYwkPneZDMgweAJGDhyLHIbZmsIVy9ZslOkng1wLw i10qxB0blWAwRGjOeq2jRpUONeabJvLHOx7/hiHu/mcnpdqKJhGgLHJ1Je1b jZ+ilyLuYTOjbnXrZO27gyPSXY0dkqvHyyEmgHjccXEBvyuVpWZj7kHiJQuG 0Wbpxp7zwQeKHqJL2KPq73qWC1QqCyehQq+QoslFToEdwbAFInp11XSiA3dt qMlAttHx9YHuMeVL5yvCKhlJcEnnjMZPr+Xu4D24AiNGVDsI2DbYkmcD5oGs JOhKYJ9uQqQCaBG/bq7ukKEvoEk3Suo1dvNyPRdAxLmKbVBfPjRYNA7vc07e ohVehhemXlPr3DMAXdY/O9EeP4crishhSklGNJWq+tFXaaAGybCmKHpAyKAP wc4F+Qsd2iQkJa3oEYTnvIpjiyZmjwKdEgTcjBBDxEQgwyzJAZyYAxoz5ZoN N7Kwchm6XYaz3awU6sVGBZHdUGtgTgO8uTCMNsffXthd+yJt91KTulGS/8wD TA7QGUMu5MfryHEoNR8BFuGsHUof1y0Xh2dT9LaRVi8MNtHpjGXJMyH7OhLi EgQGmfRAT6d/fQMPpOMCXPaZLauzFyeoS65AB4hmrbYNxScHO+T9VBxWaul7 oAd+vF1EshIXP32PMmvNuc/6HiYR61BUzEZF41DXD6UmK/aZRL0v7gLFPzR1 JEw7VGw0CzshEQ4x+ZVKeZxg3CBweKD1M1aUw9WvK1A4IknTgSoXjFo61ZIy c0bcA4WZCXT78ZBo1aQgyQpEjoHnCJLSJBDMZxTHfD9FmoAoeGSqGyDP5SDf baKaFy/pyR7+Bz/uq/34xhcLkcX7jNA9tZO9aCnrQbyEuDjm4kY+3DlJ1t5a 2RfnUHPm8nnUlM75W+cwNL650h83y3akAR8g7s2laxZYCXJL4cfDv5zTxZ7q 48+ILGAKt6SeT6FQcbMC2Ic7hAM6viTAnGX1H5t5FMXooZMce+5zLEKKgoHc XidROrzYZ5vYyaVmbSoVpvasOwA6/hCSPue5NPBJyT0b+UClSEMZ/wh2TcCa TiAtuAS2tukRr+gXFgRAAdCPkQCZGX6KXwgo32AsXDVqZL1vckcU5s0Chpik PktUw4KB9YUUTueFj9i99v9p7luXG7mS9P7jKSqoiB22BmihCndpJJsi2RJX 3WwGSUkrz4y5RaJIYhpEYVFAd3MkTTj8LvvDb7A//G9fxQ6/hjO/zDyXQqFF aRy2tTvR3QDq1LnkyXt+OQ3tPKeWtcx45fp7bXYrWLsQdcTf8xsHJal80gU1 fa7lK1uAyyGy0LXLSNKmP6wO6EC8JNg2MIZYljke1mLPvs88v36sWUMwEh4s pzBSLYSUOP/zNlwxd76tDIEnUjA5II1DBug+LZiEmKL+0ZTfzabre+CHbx6W VuroOz8p6PZacupmLltO0yBpskLqdhYtFTvR1HLaZEnG/v5+Jv5frT+oU8Gt tgEwgmlvlQWqmgHB3rLGxNHJc3XTWw1YlncuN5npeq25cvz9v2y4obXBAbAd rpk3041wJFcXUzkH5ltD+3Z3s+5rcfqlbtZCu8P74vUIv6GtXsR6t129fsfv NV350GNbnJbrOpoLR7OsZ1KnuFn8vKPTDY6O+MJsKcYuk7lAgNGqjg9PLUKq WitZjwLv2tpKtxBl/ndqI3Ox4/mLw146ZPe5Lw12rxItUOKYs1XLuktx9YPv Y/mLiLUB5Kk0mQjAkbC/Ds6f1tLStawdhnzDvOkKbcGoxihW0uDXpHC7lvDB OeDqfVpZS+P6gE77XYe4rutaN0iXyB4ksAuQcXurrByA+xjOnZm0uOQT05eq o56rHEgTXaOWPsCpcijL/olZFbTwFpA3aeFn2gMT1s9OZTXAunMA1r2m5c9Z LgC/rlPin5zjFwPbVdZ3IvdO3S00TdcNlPapvENXL46PkarYEnQ8ad8Ad/ll AGsT1NXUq+XDiLiixdQh95CRrcfim2vWuwN5QCEBpItB3p5HHYhrrcRwus1v kY4zNAtW0FUfqr/TKXTxGyEGoqSL60JgqKcScfMRQY25qsPrPpcCyDVcvG+K R1SKtoJKUYg1TeIPHEnsOC8VuyvuWxYVZavrquWTPmo7zgZIKfH1aXBHOGC9 fpQqpS3SaAeG7Y5l4Mi2UD6FgoU4cQbsiOW8y9Y1mnRI+rihT0dMxZqh1eD8 EJsPYI3zRcu22LuSg2dUkLoAWr6uOdJ8S7ncEhpe8T13dd9tVxXhEkZ90fvW kme324QrCIfODVKrC6BV+V49QoSl5Po5w9C7wtCi2++6B2/m3A3FOp1vDOV8 LdJ9+rjIH+gBrsgn5WNOm4VsNily92XtCLu0fLQ3+L3UZNzO7szW1mAzQxNx ovBcwpXaA1UPhPgGK6Tb58ECnM9W2IU7v10/B80H8zJIbdH8LOmnfhLvBFqe v05m9bwkxZPlzBSkdU3FkhANSaiC33fj1FLraofH/EXHxLTlva3DNladRDtv IiIwybtc+tDqUCE6tECCbdahLWKJKlKgJHWFHADRZAPbGoUgB4yFKhBqfIWt JVikWE7YUfluwb5/libWHHtqn/28lVUIRABFmvlAz26x32y8oME555cFRobp 9PYL4WUhQqekdLtGDO/KMME43p7t3EfLc+eiS+Rwhq3WDdtR7TfeKNfuIajL he7jU/UVTMGar0saVVjC8aFd0RCaWWysBbuG72Hhr73bHYSvaEpeSKGo6/7u 6oY5Z4+lwYcmAFamsA55ErxbU51W5TVbE4aGvHseQkSXiJtx2YEqxkRq50KK rdZR4K1UdBG1ou99M6Vt9GyHSRV7R1qSle9jyIaEoLePD2JaCOO228CgUrJJ LLYeaP4kNCSXBinTPvzTcZC3kpbQToLyItcqS3HHA97VCtBy27EEYP4uRO7G NoEn+IqhAuw4S8spHm5hutXSEIlUnnz+WM00IOojPTEiNTSct7Qdu1IJfITo Xp0AjfBLcFqeHRwdnZx+pSVysyCdyRbk1QQg0EiBsG8AVl5XNxuNQfg3mxIl Lze1Fy/paHNlKMDI0bh34D1Ih7otNG6qu5LrrgD3/Z6ooDBdStsVba7/It6f lgorZsX56oYBvV/KlDTVZW1VfqRx6L0ItlCCNqTkvwlzz6z4qCpt26sCjY8h Ff3T1htWCliRVM03cFHMq3Yr7D/O0I1R5xpQQXJycHrAxika3Kqd9+NHM1r9 FqcOGxmbR3ZF5j9HCoPwGdmMZPg/6OnflHQ71OxZtAS+QjGdgmc5rU883KB4 DsUDe5tnW7IBXcCKFzajrjyeYwffPgaQiBhStubMnuSZgZjP/RtljfY84/Uo BHswK/GR8NPwioFGK/GFola6YBddgWLR4LVEEH7RFjh3qFu6mZVfVy3VxSWa tPxMLDX2LJhBuFS/HP8DWlP489oUw3OpQ8P5ZYdpduyrZTfdauZjSdqMQEGA YObpCe96tXa5V0d4S7zDrGfqtES30qmpawOFQSzfbqKLE+gyreXO1zmFmBSr eT570DYSiO6QHe56V8j9MYTx3XvnnPjs2mFP4Xnxdla8a8fkmVj9dv/5gAlC 3CvjNBvC03xU8LthOWJL1/vVM0m/ndJLC0V5150K360ZYN4H5v2EErN60JQg v4fVUpNI4SviVC1JYt8sbAckb85MLNARmVPT8oFNLDNIi79YQH/3zkD98VD2 UxQ5eNR69cEVlSvwbUVUyWmtc3Z1qIufsaYSDz+qH4uLxpjF4jG8lvF4OnUW 0i4DaoXT8knz04aTeN7MDWxhyLV3/Wm8k0pBZ3fO59NW6zve6E9bn0rgzgjQ ndVzcbdsKv7J3pmxlz0+vb1g2/f4h5ozp0N/iq0yEGtRbDbErG+iHOMqfMgx bBw/97zI125yU/WjB+dhUeVwTVyELcbUoQPstSHYT7728Po1zG/d/VuEf/zd rw8u156H1L86uBYbw57A9rFgx+5d0GGo13mFHAhm505Xqb1lN0WzS7g0BTPa cnARvE5JoJ0siY1BAQ8y14w8PKDTddBtQpxTzXJENSU+lJYDNxDwZH06qCbU WyLhyOgS5JXakOIiw61z1yj65cx8e1yj5O6gSp4LKJw8/qEXHCp0lFnQ7tPN 2mi310C+4LLVb5NGASQMJCMgDdd55Yx/Wb6FoG5CELv2NyypLCpmepnjbnOD zvNjWZNQpz0zb6SNPjdYVj6QB/YCLOdFuASmA4dRvZ7dbdipCZ+Tz4xbkIL1 V604QsqyKJbw38GrQMx5gdwDQCRtgdiqb9DmyjEF7/uLYyh0KgZDEa54i6Ho vZMOtRqZsYxf5wlinrOYAtv5QISWKEWiPntBNhEgkkiQ4Z6jxNG9syXTeBDo G8k6oKeOD85f/tA5uLg4+eqUq+lGadbl8qFaDakEW8ViUqTe4BicqkRcrpyK pH3LqQ/EVDpqBrAmc8cN7fZJlsnfO/i5Yc+ZUiy2ByBf2lsvkRdI/tOGm/u1 Crm9KL7aXxsAm6acZ/857QtK5HX5tnhm1G0r80n3Cg9FxlZQQug1e8nBk2us vkSbO0ulMAqMHHm+TsUqVrK3rhoTr5PKVsAQkkkr4CRb7DERE0EhHOVOxbco IDcz/gL6C+jSrqhysAeDA9tiRUKAYmK7nud0S6HB8e6EHNszpBD53DFbiH9s 1kMpDRE2i42mJTdrx0EZID59lMfxclWnkCRjX7fNo74txx5Jq/I2WGvY76TD 3rinlRC3DdS9AfnHJG0kQKqJchuhL3bKTTkuBE3RBGIwoos78B2dFah+Y7TI YioCXjooCpXA2YPAPtKnLc3CnN284MciNzzBGGTV6dbPwyMINj2gERASnmFN rAgbkTZoYmAwTkUWIvS5iQzQz25XZEms74vaBkDsrUUp5Y3lBk48VBXr2qWz LiQto7LK7/xmva1nSF6NyHpOTphKhb5FsQUEzpc9S9KKD2txdF6zKLdm32J1 1jdTixeCvHRjuc1Gg5luFjNsgXe9K4o3hv8BFazQ3INdb4PLI+htggOCBsHe DZRjbavlrSZ9gu9eu7YUF/qI6IZ9nrTvAgWvGormdNQHDa0DVuyCCvepr2iN n2sJ3Wt6QfE2X6xrXhSG1mb7g9a4AB3TBi3K5tPgH8a9X/intiX8rTEdb7K0 Yvqp7QlxaGzHQxl0oPJcxErx1XpRg5jjEQ7NAHJWmj+zlCiqAM2nCnNcdtrK LDnLnepoG4kX1jCVJ3dXsi9Qipt23UUXAmnaR00QCh8FE2o6dISEbjYrSbfW OnbnzGBKdkDPkLDOY+IW0+wvsa/ZW9K47kaJahHS2CI4N8VcxBcrIF5ZeuYi h75HhZpjri9iEwtkk50rkg2lI3ojFGFRfUEd+XSmHea0kiRRL4WxCpYktIl3 0q6HSO56lgvr0OYeS1AHrkm4B2HVoAAKbCp0mrhdzd6Wc9KG263S4p6cMZuv HjgnYp+J46EAilhOlEiUQXNnnYdznOZSRQH5yaxlxmVCG4RKW9PNNWclPdOt iZswOumKji6GPBRC0Sx47uBldPmbKdoSGT8wtKtQC/qJhuIVoNHxTvHu3HGG 88Jqc70W36DjaFMtF/AD8XvN1E8HKbKgWUnKI935XmAdpYfDypSmWKloqcmj Cgczli5fuWEPZQSP/vFIKYPzb8d9cFD1Elja5e5QZxUyd0IlsaovGeW8zSyp JQZysB90AMM0dOqpMqs+m3gC4MJ0Bt7AuVyhjByeETPxVR9xy20cypJ7nDNc oS1VsQ02q4IHB3eSVQkfBg9aGiknPDm+fKFtBU0D0W/AcLQzTXK3KjfL1j4d z81/nBXr2+fl6u6ZOrzDqGllPO7R2JshcJA0Yx3+T3+8+Prg5Uu+KZ+AeFhe /jkket7vvWjMPYW0yOXzvRYnlIk5wpen/mM3ktwBJtBe1rmeqR/SIdfpAwZj 1QpmIBjyu2wCkHDd+e/ZfKv52Nzw0bH5ZIhmRt7Sd8aM3NiGk950Zt33kljd Tc2a96pg5V8IfbxOKq36E4EbOaI5Qb9qfm+XJbEbGX5jMfs/w9jQkxzUhx/i T3+sOLT1Z+ebpQ/+bFI4iFjX/QgNAWG9NnV7Rs5TEx9QpkqT/g+5/J/2XtWB +SYE2mHLbRtdYdBv9AMB7zaXzlw9QszD7THnRfjTH//0Rzq/pCABUa4+TZbS x06Nk9ifi53SJu0Bn3j+5z/rJVpY2eyFhsCIEXYq5TDW9cmF0uESVwxnpFCI G2ltITnmaK0kepMkDqreZMmJju+Ig0SqtGhNVgyk2i0N1RidrVx0X2YUNp2Q GIx/SHaURvKyp3LKl2kqLiaILUVOWcSuWN2cCTQgjXSb33DklpW3uyAD3teg hmGdgLFduhqAM6sB2OJxrk6g4+sEfgvDa3iXZ34tYX5JE/NrfrCBEQ4DRmiG vP2s9dv4XrJDaW39fYyvWYPVJgeqZhmj8xnHNrsgBvlze6caAfzmcIa42R8I stCl81RwSn/iFh5o7c/Dgm7zYnbjzD9HDXpYQeuOtXc81beIBnu3CBazXnaQ GoUI808JAjg/JfE8kui/n2p72vzfT62fPu3wf/rHjv8+/K37Fc2MJQG929KT rwJcgSufQnI1m9KPfvyx4dJ0fDCGlUsdM6Wfc2XObDovrphfMUOJVvsrBsvo 5y5z7QqZa1eST/sbBuvpzDbT5ZX2CLpC0eBvGaxPPw8LkVBs+FuXOagNJgU5 GBNlT1cCRPOrxhz+0pgszIi9/qpBRx8YlEuwftVg48bBtNDr127hZMdgPKtf PVhOPye1/woFo1dkWZdgR7/tcK+V7NyA9Yv9awa7oZ8rpNKV2M5XHlPq1w7G N9vhql5ZsvdvnFmBPcOMIu5xJfl2v26w2+A0parr72BJKbM5IE03j/XkwX78 NPko4vGkj63nxed7BhO0U7onx+Iz3yM94zi/ufclOCK2WJNJ/rmXJh8np8nv k2z0zwqngWiUxYzo56dBJCkbtZPBuN0aT9rJ8+fPn0W68WdRYCzyoX5QS279 Ci3ZaV0vYG5fohdCXdtS58Nv0K+CUZ+kVkW//5XalFmR267E36RNmSXW+ru0 qZoZ2W6pQ5W3SM/VsoUhzPkcu+97t8k+vf6+eJ9z7ulDPv/MMqbeFs8MWhsR 5Xg+W1Fdes3J8cVXyQF8fJzDtiNjaYJcr/5zumn1iO//cw1QqOKXtT/vMmqe M8dMJI5Xo4J27GIVLxbnDS93uBg0EmZ4tZICWRDT4AuppxOgpUiwwnm8W9ri SpuiaoA0CC6Y10ubNaA+6QZFoItHTVcV/tRynG7Lee5QwZDeUFa1g4BTxhIq G80pvhsX29uy62A5DNFylmu4Mcob4fMycvV5EerJj2sYZeG/RocnZo7qSIMO Rvov4vxYCCfttJzl6550Gf4hAe6dvVkT++H57vEG7NGr55uHhSS1tOqDN5qu x2jzzVHqbXaKEtIO+0z+Tps1eMmvNFqjJ5/IZzUIXrWq5RyteHCruGsFDxD1 HA594d4TbsmvIc/9v+C6c0GsX81zW408tz6fp/Dc1m6em/x/yHO57yUTx9ON 7SNc+KWmPPJD16Qs3SojWIZZEiB/uAw9F7Dt1ZhonlSbB7Sa5hKvVlKLgPmc x6CI4O+y+OVKbhn9pFbyNuyw5pNg0Y3f130Czv7/oIn/S+b/9veqceOdp6+v js/PX583zee01M3fsZ4ffwxZk9O98d3J6eXx+enBy+3R6bu46XLtHbvGzfDd 4evT0+PDy5PXp1fnxy++vTg+CvZPSnME1rSKy2J2j9vDdy9evv7+iga/PH9d mzN9FwIzbO3IrnH7MiegjVy9PHl1clkf97IspS+gQ3RZFnzpPzzuIBz34vLg 8nhrvtBrHDTNjCkXSIcGPyLAFbteMJRBTvj0Lk7+03H9COkQJFjFiW8ocw9d KrsnPpJxzw9e0ZCnh6+5uCcc2yZumUxPJYyxbOb5wenF2evzy6uzA34FkZ8O /pOKLxYWTXgxu8ad1Anu5Cg6x+AAa7Cbbut3DZ1j6LPz15evD4nevjt5/fKA X+GXagDnLuDzdlbOI5u/adxrvXvfHbykyQq0be3uKSVIU6Vzm+gvbPENvjs4 O3t5coiJ1mjipyRIO2xgGrvGncoWn/9wdvn66stvX7zgQ/unw+PjI7nX9p0A eyl0HisLt4IluGvcAs9+c/zD1bdnR1s3JNyH7bZ6mo6za+hbWe7xgRED3cPD r0M2dOwKL6yRzdY7uH/nbgbaVcb83cnBly+PiZ4vv443kxjzWyT/OexloGho pkfTuM6PEUiuX3BlhCpp4MtokQBJroFb9lFyVhWbacmvEWm6dP92qpkralIV v+IcZs6czud35Wq2vn+oXLGX/6hVrze61pL2GzEMbjgHq834HpJEhAxheC2W DDQDZAvDR1o/35pcVdxJDkN9ltJN9YabASB3HuL8kCwpuAO115Kkry4fV9Z8 eebKJS9kbd9ZcqbW+J2oV+eoUNb240eyCx1O40Rm0fb2/fgj7Yf94GfoIJX2 cd2Rz2ytQjnJx/DNleUTGSIt2XpUbBY3qgvn0+/wCjQBCFBF89UdwndthtFQ WDM3jHXrssKfHGLGqFF6X3AKI23L3/72t5Z/yz7f5Gefko72ySeYiS/M3JWk DevU53JL3JGelpR2Ls2+nvkcYd994zn97G3yuWB0cluNK/50/xmHUklHmL2n 794mX3yRDOkTfefnSZr84Q/6fUve89rgcOauYBN5lu0gOFwVMgktG5uixANP +3Ir2X+d1NvkH2BEIIQKBD4ZvZNKUz/eIfnl/lue0fhZ8vumlayK9Wa1SN5i m/mWe5qx+/1Umjyw28fX/IXvJ6/96JjYOzhZRw0kGLJ0MroZFLe3ab8Yj2+4 9hkcQ00QNY20eiwdpO1sPG6Pu5P2pJ+2J4OsPRxkn6lNsVltjT+Zjm57xWga jNvqT/rt8Wjc7vV68iSRwNaDo+vr8CF6dTub9D7zlblC5PxYi3TLQfjb3ijZ zwWVfef4/W42eBZfemmum5wKyNrxor6t/tJr7xuBY/OFB7uZgJB/Z7mI+cCi VvOhDiJOuW9J77BVuVwB3wAqmu+JY1BwLmtceSRmXchKdCGOVQh/4PtmrIHt vo8TBhK6WsKJhHOkf9be0gRqUSGL6mMBLavWHCsppjaGflgbRniOA++OQGUl QZyvdlE4V7Yg99WHgWOiLWggj8qgtte9r8tqxzMk1uV5l18eLv8DYxhcFzEc E0NfyROQUjwthhXtZMm8vMuFMHR/IrBNLSCSR2sIutF6ItAAyZh4p79gZjO7 3d7iU5qYMBga4gqD0xefu5P8fZLSt8W8+uCvOvHAvC8Ps8UVtuJzXt1+8Fw7 yZ7puPypCJHPE1I/5/vuqU+Izen2HmttzX0Rh0QU5I1oUqoNbWuLYFhsfids lOFYr7JLuU/+iN2zzyI+6q5djZX+0k3fYqCCPOP8u/dBi1rJWrbDRb5McE3J VLguxtc3LU3f9Y1P9QcKXuRJh564Gdx0M20DCo0mm7QH6STZJ7bY698+4x5B SEYKoegAKOLKDlz6tCfm9bvZjeJbSaLo/mDS7vbG1r8UGbqkeg8n7P5KhyoQ V76U0cMHSbcbAdt52pKK8a2CB/LzWZ/9jS3jXm26dYr4ZbNNx9vvjxdm69G8 19Z+2kvb6ThL4vVk3e6w+CCn3xaguzj9tPhFTi9iSDi9etwq6f9W05pBJTZg K+YI0i1VYf1Cu8PxTq0icM0gf5Hrw3Eb8327/Z71N7PtuOVCiD4HTUzx557A s1lc2NWfBq+NIqvx2UjXYHpuubhagCD0mRrr1pc3PJzsj5maiX/1QRG97JnK jO1d2/db0o5m2nbvh+rrgi28COaVfieFRfLP383MS2hKqQ6h39+7H3xuP/8k yfTLh7x6U/uyIyOr6GKk0gd//90+31vWNHrGqm2lz4Wz7rgpIInZFYAx1/uX DaAPG576vT0l37n5cBkQwmHvCsWSSv6yESjx2VJ0sFU+m0OLnmm1cMPwCBlN p/pAQCjGHnyJtT79iCPOjYSIL85U6gie/PPaREPXNy7uTT6/QSAJ/kbmqfAe OFmlTz7gFiGfcrb+XdTbrabjhK+1PkFczEUbkNzcF+gZ6RGbzBeCpSOkw//C 424yvAFkRoQb9Q/J35RIniU/RVvFT3Kj9vDhP3y+++hbQmXx75N9EOyQRH5H ye9T/aEK4Oj3v9ffNL37i2b62fXqLz5/wvs6wfsavo9UAMePP6gCPMGGUsQ0 wIAzZYcgnEGvOq/d3edTJxNbkTAcZ7e9bpEbNmOIaKSmZk4cCxE5xxrJlLru ZQY+1pJlwcUhA/K3sZBj1NHvfDPcULgVN4sObY5ltmx1+2CQmgIolK6PveGO hw4rINe5KDdazltNmDi0FC2j4rnE+KQGn7f9u7arO2vNXD9G+jxC8Q2Akxis ppxqwZHg+Vdo7JajLFZK/lpulgIbxxhviuTBQ2vl3barCwYALarUikOFXxAN fX3vkH+8VJ9xWq53e7Gxpz4fTMiVMa6lPJtH5YPS2USL5LRqZx8GcVWZkFl8 GDasP6CDxIhr18hiJgshKtrTFey1kz1tp8p/vSXeXEz3UN61hyaB82JPIPCx TFPp3ONJ+EP3qsJTEJoYm2apj/O8LomTIoO8jVhxcZsz3iJ9vt999pmvmms3 jbZZ8LPugmEDSumR6k4mV8Lkx/0ueGQMvwKURRvGBCMR30hnI1E4HwqF+Uf5 FRt83JRTt9xeJqSXEPfVOqhAKwnaz+UOLpkvWjuJyVEro2sNH7TuMtG6Sw+A F3avYIM5nourtgxz/4sFwMPizZOwqFkrDmCf90w3QpC530rtM/y1DmBbXn/v Sz7uBbe7SuonhPsetbQnUr+7Q71q0ApEbnraDbetJ440K5shpqepyVyEcrtW PlM7CyaU+un7+DW3ziXGyaM68n/eemGVuO4zZ9p44OegrbgqqsFWEWm7VlWt fcfnOrQYgVdyhs+OWcFBzhPzt8pKSVuLMt7VZgeKFDPHswxmeAs4HWTlPCoZ Nk/Havla8W4ph5DcpKjBCZgwT7BhQGV6RPA2AIvRBkJER1quE+crNwdcvDVE fXQ/ODzWR4EZYlrcOua/Qviam8KzgbmL2lRNwp2qfc58DUVQ0nCWIToCkcAL fQyECOvbCF/Q7xTAvDJephVA0keb3ynxDnuf1kIKROIKIHDoWo3K0qbdCGHN W0YjcmCSmlFjAvVLoG0sYjOJm6UU6GvGBppg/lgg+GV512p9kXz8MRdQHaPa 53cVlNdPP/44OatVUgWS0jU8DGqbkOFFo0lo2SqSLC3D1bkRvVaV+oOWG9Ri Smm9s4FXDqdBxc9ccpyS8mZNkqJcLZ+LvjNjl+50RUZzh0snO1xEGeS49bJW qxPI1bpLwTNXGpamrP3DC+n2AARhxVSQXoTcunC5zFe1/sNRo2Cxt4WBvTPc Aecy2v+onw1G7YT+GPaf8ewOgGqQL8JsGSPT8FbzNQJ9+yF6vRRDHGnK0VF5 EbVyRK2wNuyZSl89KLK08dU9943GUBMZqtum1dFf+jKts1V5P7ueKVZG1BNB Ad58W0xrTyoJd7q9cFvzC0Y9GznDyBfrcqkJVZbCY5UnTevmIYap7Fgmf/TY ju8wPoSjcdKWSGL5jhzItbuJcC/h/nX7HefbuYK+fZ7nAK8Zd5/JE4fEnCRb c7WZK96kxKpcbaNC7NHDozG2czzRh8+jn/i9EjCLGHPtUUbAKun9AXnEN8ru Cf263+NZPukupDycJtCxaZYv7HpGXVBD/SGvKeneR5d1u7Q8cdrSNQFul2sm ZFt91ERzxO06BZpm8Hf1nr0OG0PBejXNFCbhtU57KvcoHfd4o9LxWLf6rEY5 JCGNHKuGvngJR+evDjkb8/j0q2Nnl+Lj8+OLs9enF8fK0N17mWfFPxDXrm9R w/5RNZUwHHaQiZg9UfRHNsS5Xt5DNau0z5ul08qLghPRtjsiONqJb3qnwN0J HZj18PMtqGA34HZjj7KBXOoL5HN6sM0AGweh+a1KdiZ1XKW4/DDB2MQyeOze 5KkU2OU5MLLZ7owfQcB0WU8NWT/86u5kIjwl7RL545KokVpjog3JHgb8JU1R GaueiBGb1R2PZNQukxSNitJmzQTZ7gWtvSK0gxmo1X4kG4kL2h0NbVDepyds UzYJL6qjqRgoGsD6OXGjm0CD2P+oN+7yofQmva5fwQ1Z+jE2cGKI6r+DRUr6 1+pxCUBqhrTw+hXAWGhOBd+MWqhDqqNAsmiWGFdNBe20F8QrHwyMLomkT2+c pZjuGKTU7THn7Y1H/WDy0bLXvq8TKGX7UHjQXh+DZhjGl2lYPpagEc8MzsP3 dRAGVqDlXA2STxq6J3iAoaQhiR2qtbZTNjXI3iQn0hvLiQx4Nqc5Eei7ZAuN Q3D+JX5ojYSsK6CwEL2cPGI/A0n1Jv2Bp/5Q72A3kE9HFS0HbTfMp3MbJscd vnxNfAz9J9irxo3Zp/pyvE0OZYjdVLWxds3sup4fX56cH19FiXfWZYyHGnZl qFQORpxNnHahHU2lP6LZELAGHMWGwMXSCZhbewhWMx8MrvNm4YvO4+ak/P7J YIijGIw8feV2dxFhAuR32KlXunRAh6KvYcw1BWxaDDIpApyIeYK3THAFX86k C62u1UOzzujfUwT4axeLJiJN4UJByfGWEP1d+h6KIOx2oR51mRc+icGMmcG8 YvSUi+Pz74j3fvntxQ96pvvd99kz6fp0J4mMbQjShuxdWuuoK4y4N5zgaIeT 4Oru5vJYX9ApvZaEiYF7Mh5IBQkvAIfiTLeOayg/J2Lc5IZ8E6x4Xb19d9cx KdpZzpcP680UcovGBEGPuhkPvbM+0xWMaKN0KyxSaH/uIIsDgDNaaOhquz6T 39cFAxiOnno8o5ZtIQ2/dU9nCovclBih1lKoBEB3EhhWlo/+NfPibWE50eCl noH5DVZ9n96pihqat0+Trx0TD2RPHwoB/YH97fdB/4fsPmrCH2rk3Vma4eFe hit6oT3TPFo/O5+8Kkkz8QfGT/eZajKSIPzHJAN7vLwXsGJG/JBCcoGCMuoA 6BxLFFAlvCYu5wstlxLXK5fdjBFrtU6ptHr6D8seybJjig5xUCNXjM//0JhS JB57/bFcr8FQtxakNBhiYa8ZFpLdu+yB8uE/59or2MPveuYARth1S+XBYUT2 esaNxcYv3q+9BhAyR4R7vUV+nU+V5YkaxANORNWhv0B/OpE+aB+oM9ax/lqs SksdjOU9U1UmWhn9ZRjI8w8Nex35cXkrup3zy0sZTU5JSMOPZXoLX/gPPS6H POjr41bsw8qP3AQBKUAHdwEvMDK7UoOYKCQVQunxGF9tiPpxPgvvFg2zPBQP UwH/QMbb7LI/Vj486EL4DORsB/2RzBMdvadyuszbrJvhdXm3qT7Y/4UGH/Qy DNbryYU2a1g7k0jiQJTlxNaM9dmtfFNr3lyTzzPkEAAQby4pBDkcaZWoCoM+ NmkwTlXDWUmqwXy2eGN9QoDC7DBQLWO7iQUPBrIrw94z73HxkTvzarur17DB PYzQn0xw87TtrsvR1cv7blVyExmzgxXZUAUrvZ+52pNEwLDldS0tqpRm2ds1 EBonk8RRzDWbQP9Nh081OAbeiRRu5ZbocUq9axVSE97Q3UTKZkNsWDYZyR/Z ky0qy4FRrWvbpur1usoSel0wmmDqzFVXH5AvkxSMtNd76t70vRPm64PTo4uv D745vjp6fQrPgJBvTDhs7bjXjYfgF2k/kz+cvo7MOIg2ZAbwYMJNg3vXTXGO 2UiOM4NgubAGVfTOueryXhs8Pf5+p/adCllkovcY68PrdRyXJGu6LZF1o0rP k+vhYLs9MOUPMGOkgMNDMZVZyI4oXYi5mnVTEZpSJuBSI2aLmp4jwe/A6c8j Qtr30gajfUd5CpOHVqdIIbmqOUy2g7EMNgwIS1UjZTto73VTSt02b7gU6/BM BlhNOpDTHgzkDwx1KaQNRVVOGh0G3OOWgeqCvdKim0fNZH1ZsL4mrTB0VTv/ icnmdCjr6kIgXKLVbuBn2Rovr8KvZZeInvsjrElcP/RHKgoW2bvreWGuEJFb 20PiVmuEw/XhAy1NdKfELgsUURQWCBbe1nisUwEZ23Qe2gMR1HS8Kf8lMJpw OrIFYsgeAFXZzVY6E17PS2TKOvcQ4yI57zStf9SXOzQMycMbw1VkDfur15Uj 7PZx9U7CQdl9+EimION08huGXRBPVwSNeeG5vycNd+fzxZlWoe324Khu4t+7 EdC1iXMAecv7I6pDN5NIAP1byFgU2jMLzy6gckpKA9OsOLOR86Uubon/BdXg 4gHNJmYspk/mvr2WJ3mIg68L+gdY75KO3/Vy8MdMkmYsez0QbQVCxNzM0MFC +Fhn3H17dOYtArMT+OjgQaU/QOq1drmBUMrk1meTSe8ZvNEqy8yxiyoo7u0t yg7mkKPS46HA7zkxQMvYWAcK51O1BZJVFhmOrhl30FhhXDCNjgeYyHAc2V8u dMEtWZXh80vUs89JaJUi4EbKj8R6SlzYErI9G+MWZGPZk4Na3z3W2zl/wTli MELQ0pSV49BqGyFmQhOeyBavxBu3ZTHGrxBdWB3ddNxDuTa4mJ6t+g1iJfoR BKKvG4HbnHGfOtd2T7KmpaUqfKLwn8FShszri8wT0triweoviAIcYG9y+8Uq aqyUdX3IHf75Nts4LZFWEIwdNO/TRRofDGXBov5cjS2KCE67fbG4pYMtOgV4 WPEaTbBeoO6ubCyKQMqmxtMuNYKy544eNSFSVMmVtIen91w/1n2/nECFKmt6 a3fcFxN/Etsku1RXmnGTzyLjuiYaR8yNbCg6xBHJKMHRZhbJWuRM+2Y2Wjsz yQGh0bIurt5oIHxeYpJT7ZG5ADp4lKlhwO6WC6YpGzTSAKRmI7monW+uXFqb 8Wq5WTGUdnCnnMlIA/WgembjSU8E/3Y8Bdno8ILxEfhRbryhZ77X04NL2pHr 2ULBSHl8eDtt/CMDDiVTYXHDrLnSbPdbibnFMRqZ4Rj3cSxiTOOlzbYOD8XZ zZXcrGwAhSsbiyl9wDb37GHzgOMQe57zJ52Dhx+/r1FB5EHDfIZ9cWNkw944 PkZHsp5Tmq/eMAacz94lCmJIZcnp2LtapnWnMIIlwHlF1RfZ5/V+Rd4t7Xtr s0POSdgRzA3aysDaqrimtthquW0Fj+aDz90P0eqINtE7AegdQYcrUhju0AV7 u4s383I5EVh/dD2FgZHW+Vy0GSSV3ZnPI18RwU9dqdDqNpfuZqhnzvXUOCTV FFxRWSRXbiy64wtRuUpfWyxoC0Hr8wZYBx4mk2HEx3QJVmNCU2B29a46k0sa 5qnGGXCUcSYXoi8b0YeMPH6/nOeLKHOnQLoV/0tYabloGEsvr3CBQxZIJV3P 5T3pip6QnbfFkvbMaddw2b1Yk+2bZF05KEzzFeiSb482Luf5utOC7cIUgzaD YPBwi7vXyEf7H6Uc6MEVmqRDV4DzS2IB+QmR31QLay1M905yWWnbtbeEJVfO HCJzAoDurCu/YhJhpi2eRabO3hBctf/UkHWGkPVxwLDC9lR5tbvymW89Mjno 8ndNJ4mtaF8klEQ9deDjK+fTbTcU8aaBbOxIlKWYUMEe9eC0lW3xfgmxT0qu 1xtcxqKIGuN3o0k/jstpr6rS/MyGhhDRkapHaJnkFGhm692xDitOyFclDhHO kbeFD93I7VKO2sBRxF2aDcKgMJTdpt+rWoyjxuaPxGmJx7wTUlXLtnomBBh8 0ZluhM3skD5g5BOVDRNzTFod4E4HSHMOQzqBO4b+gEyIo+dNj2jGNC56F3NB MIDFFQ/wfWh7g5G0rcOoc2U3rkosIN5o2MdZz+5uf4jL0pf4gJqXoauLI+Si b0jDGuf5+swaht9ExgfsgJmkrDjqAZ6GD174BEhWp+AAy+giYaEi5Z1JbFn1 Bv1ozsnd3rgeLNyspxZtlMbjswBC57XL29PsHtXdkHMhLGUwlmA8/aUrdIp3 DHuj7XfonbMUMHXKixzWWPV6rUZcJvqf6LdOrbrn/haI7SxUX7PO5XQZTg5f nYXm2tmry2+RPy3aUsr+AjlZdgE+if+lmouC0+Sz2VSWNCbCatdF6cuZ9cXZ 8qJ41yyPIvt4R9AlG8pe0JDiAOV8M75XHMxAci6NqSZTNtA0hXmpPXwCHoqt MRVRHfdgw8mrg3+6Er3gQtNZuOffMNPKO17PBMfaH2MOp1sGb9TzE2Uga3G8 RJZuXwi6n/a2YoSkpFYbiFlD5qAldUzC8bMiu/riBvRQf7QVe+joBXMAwrAp nsMjdIVChxpTb8i8s2zR4FSWLlORk/6sVVDuzSlnTrpUuJyrAedznEcGNjzI ZMWB09UFRf2V57RvxmXilnpIxaUBBTkIW5BKYg8N1m/yxShymORJWwGtTIwn Igc47D41XzIdtwJd3aVe+i39rOnDMKK7FWGCHg3UX2LkbavocjkFrpCWcULC 9GmcM61/NJLwdhqEseJLGXj/Ts7eDhN40ef5dTFXY1BYvDgXD2o07PLBRAWR oJxtoXUvtNyx8Em5IinSUIhAu1tOziZ5NoMb4YH2YFYV7P+gGYIG9V/PRCYZ yxrgzHencvOqt/xQvhX1o/uBz8105hndR7mWfbkY3DJK2nQXrvUfF+1okz8l X+duxsaCMnuDwdMcm+lIMqGZB3Xg8qDXaRRiofGLBpw4yLBBvBF6fVwuNQQq 3cCqLNEe2ItD+YbD3a5jNOshg1S2WD2mx5bqGvikwNSYvyBll8WMUUXJED53 yQO7+swRinyXLI3yCpC8Y0YyjjnOvv0klpTIBMGFzdSAig4ep7HW5rq2AWS+ cqi08FsR+nlkGO8oQoFIDMEiPlDx+gSuR3iJwHs1THUkKUPeYyNN3MK+21Ge JRLVUKLMlCRADTzoRBVkGv6ZJsaecbUTafUacCBm+QwZHIUkrZwT84SbSaYj /omXJcm6Ra0pWj37jR5mrX/l3dUT3d6Bz1LzcakmCUJbXTJVs/ofKvpSQUCE 2RMHIqeNm5SVvHi4MX5RweWhxpkMlQb+CzFmXVzfBXZ5VOSdE6eT7rxgeSAd DJOJM1ijinC41DzKUeFG3vAOUA42u9cXnkmbWN7CWkAJYYB3wAxtPi/ucgi+ bCKsFqrWUzjC0HMEK+NBRZBmmOSVegclFqAbXEEswguWTrpxfkxDohKPxgBp LsJeqieNHh5gjDS6tPDF+dKeLaBABGO72MqLy9dn8KXzhLpi2mTqvBQXWxFE xNKJZdC473ZokvRLcemTAswhsmYbRioaVIqqWS53N5X0OxpmhD8G+l7FSyEO vyNmLrwxw0OSN3JeoP45hiqDM5p3nqMyL2bv8TWDTLFiJuUjCrnJSN9BhIyt DVVTrC5FnH7QbctYj9n/aNhLMRX2UPPPj8WEUoWCgcqmHq4pml7a43PgZ9i9 U3N7qtsCeKD2jP/t66PDk5fxl+L8CjIV8OuLGaitnpYY4JfQPAajgb/WTC9X F8enDCUK1rIspOky+pxwVxFNouGondwK1oAQSiE+HGhAlpynrLe8ve3UTEOf pZdmCP6koz54VrenXmtWfOaF7CbMJpYrq3JJ2hBPNs3GMLm74l/tivPFbhrj Vml61nLOHkzTn7b9N93xIIyy1JUYdel/OB8r0/IEzSiQMRiHzqdR1XV7PFSL lHANLy5sYJWK9g7ewEWDeG7SD60Fp0N4rR1CwQdXGhUMr15Aezi7/DIMg2ik wbDn96E8QIcQgz3lNJ+ncdFBq3WxuUZolacr/ctmCICXq7t8oR3cPmN7n0jz fsHwARbGfVpRYYqUoFfF6k4yL1ny0J9XrA5ASQeFjbvO8av+N/aqbRbiX4ql 4f5HkzFu90jS3RS7oXDtnmqKupxQPV8oHSG3Ke2PhxhLIjL1ZINyqZcqh4MP Xehco1ont3k0STL9VjBV4wlY8tFnwGxpTBECu6Nh+kPIgv5QlB2aXU8m2Q/m 2kcCSDqCykeXM5MF4F/jTM1V7XCv+Lc7KT0d9mUUIdwzhVvxavCUWCrnecgi +/KO/hOldM9LaQF9FgsD2CCrjhNmDhb61hfwSKuHJfJxUgnLpQPRKi4UZ1+T FITd3YbY1ZpLxRVbvZ2ispuKJ5eGtQBQPMpO4emogvcv7YZRqm9PL16/PDk8 uTw+uoqV9EAHYM46xBkOepK4Ag19yz+7VVH76E30VKzTdDDoRW5oNnJNbbnL WRveGpZGLG9Vk+kJSQ0G0fHPFugOVGw9Wrz3ORxpHxk16VCyz1+Uq+vZtBb4 ccdZQ8oCJBkPIYrUMOsH/uGmLDYE/xUajJ+T6wovOSkyN2QUzx/Nj1pLQ0r7 clGGcCelQw0POT3XZ4yGPELqrWU/UGtfLnXL+hMQYx+MmjbBrqq4pvUoxdYV 1iNuUX66SVSVxptY5nehdg1ophhzKLdZx5Sf1YjCjGqiYnlWlgczZxWbWiHS gcpg7p6y0QR45s4qx2iUgTCcVK/IcBBoukELYoEOg4kaomZLGgFWJFSaPVkm ZT6ZVwL3Ws0S+GwuX15Emf8SRKQLjXd1JVSQyg0jXV2WkCEZPc2ElWQDPUQR AgPVE9lReLMjcAh3TuSTa6tjGgyoiwHgfNrGwbaYOqdoQumhlfAqpFdp8EvR DwtmOFq/0xx5ZzbkovRRJUSgRfuaA2m3OiXFZzEtFq6z8o6lBpXfPjdIDp1v hYgUbbrB1eORVMHDLx1UgPrXkImG2Zz74J3ZjbwTEkfY5+6wrDZJuL4SZwZ0 I19bAWKZWSKBj/LvMkqlHISOXIm5Nwr0Yb4Rt/RuRvpOHgpmb7PqoVKBb4Kb XWGmtZi9I3YbR9R1VOEruvMaDF/UExeilIgGFxzLBoSWSEQoF8hG4NHZWGg1 nQjJKgGLgjAchAy0yWEgvh9sZehxbwJmgIeSXqsMbhRmNErtmMtW3OET9dW2 PBBSjokNY9vJ6mORD4ObM2g8atQWYq9GvQT8WG0vYTh0j9gi5AJZmHyVDw9v Q825R+p9Y+yeSv6irFqqodLeeBJ7zc9FIovD0eegIr15c41KSKS41zIm9z+S wCCJ66E/oYCBFu/pLCAUHPExyYICUPTyNK6Ztv7P3hR/5BHOiB6KnGuKVPu0 K2pAV/QRyfoTJ8sEZY6jntJxLx0JXeOP7mjS8BKpvavnCbj8P9b9Qf69nkQ1 JF8lCJHw8QT5i2lv8MRCwhTJCxfv8qVLaNW3QxMQUOCQoiqjQu92SLNJP7Yb 4dJsyn3MtWKxIdVOLl8/Ct857AzcJw2I4Y7hElnWUyAwKglIRJm6UDxF/olp fSC1qxqdLhq5gQRD1YaHglUC4IKss2pNV0DSx0TlRJQRecBCCyCn1N5Vv01q m1TMNB64WRRZn3xoYxHk6SQNVWs4TW5mTuCWWlZEv58M5ffC1xd6+iFxRDWF 3oGiQ3FZFCuLlhGAcBrRWlclRirHqlF9fUjTD3d1WwlbNuTbgVThNt1M7o6w 78jLo6xm6ZFltBG7WUtOBeBxBt04GcXH1fh4XAaqq4rmHDZ4ls4Ojo7UEdnF xdR0OB9CkBsF0C1zgYpeyyUPNVU7FXM+HU0CdVEOTj3HfB+a1GCLhr6LoB5V T0GlGO2YRflmEUYQHc8TK8W6E1+ftI1n0px/EHiq4ABCCd0RE4iU0tOPv7KG hCb8XcqQKsksM9FHlhX2993pc2z3hOXrKJOrIiU0B8a8jZUhKQXwSj13eEat QUk4lLmoAkzqylQh1pKH+Qy5aOLMRT4QiNGCxz6po0JWOb/Z+ToQnRa+3Q3c u77riyux4p1siPViyRKDUb9912i8eM8XVrYpssC5uHheK/Q1XiU2/Ehki+zi 2PayllAcB3d89he7RPwxVZ+y3VtaBsysEhh1n2kS1RWw3eYc9H14OkdicUh9 Dl3JsHxyC7BKz/l6Uz1qYRwWlHImzNb1q9TZWkvx1raNs5U0A2AD5XlSL6aW rFeTqCrTnieOrfK4JS2w1jm4SYXUnhI0HFLPXYlC5Hy/ned3Qt8iqbtCNhIY EgSTUX+gfxfuKhpSylrHk24xcg0CnKl6oOrLl68Pvzk+0vDk/kd8LqSNiJPB vpSDX6BuTlVHDmSrXxy1TSJdRNOeIK1GUnQnklXy1cGZeJqUYCSx/YWaB0Px ujsqZEf5UdT3j38jGpSUBfoVRe3LHgBIgyGhWw0hwUfQusaWhGiwWYbMNYWT PkhM0UxHuIcEUxPSG2iwJEERL5lIhdoP5Uafz+fv8kfLb7nHmUhiugLo0YOj 5koftxQOL8mkPE4CSVZoBhNheg1d12fTq/dP8r9NkEE9kVn4RPa8qjZw0zvo VImt7sB1S7vieOl2J6HG0ZxVz1zqtHh3IYUOlzNT2brpE9MZuqOW5iSF2iNT 4r3fLZP2sSlDC86GOCmd6MKMcjY6SnWEW7oBmlbTGenVY7IZh9ac/iLq3Skm 6bSw/AFNOI+zr17QHRcGOVvQfMUe6MvMBsNoCyH/6EI1yXwro7LvOGo0ASvV cqyLQNUJuquS5hkGvHiYOARGVwXXY4hMhJHW6I1H4ikH82GdNEk+rsWQ5RDe sg2lLhh6V0ff0Alf0UQbQDBjtXGCjRhvv2E3TUPYh9EGI1xNYGVCx/hG7Ew/ jXzCdyDwO6atmqakSc3WnpUo+zgmiVo+7my25XrnMGoS47CJsjeYDAIG57AE AxnF6mKBPXDZV6StMGaQ6ZG8TuMpWAXoFaEMcBZ+9qjGdFg1Eg7Gqy7ylXCw oTzUlYcO4yCZpE1v50uPIaPGE8NFq9fA1wrpIpsIQTdJnB6PfPWg80N/QPEw GWTCBYqDyidTmYrpVaDuWqna7mIF3jmJaU0Gk+3MLGllwsUI2l6oDsy0wm+m pAr8Fdd5PDRDnu/OZPjEmE93KImA0JinyYvT7zppLkrzwfFF56vDV0712sN+ scm4F0SkNBQhQZ6wJy7aLFuD4jC7Qjrl2IbQnmrYuCnbPVG2xMiNWKXk36EA uqNuWLj7PWMWJqmNRMBOcdinZQ2KyqGGNkhJK0yDPbQXTh53ZE/gsx3TuZGE XAkKjgf94GFAlq3zh2WA/ujNDZ5dGkbbd4FgwK6geTBaNULSRDyTJybfdAet aHvXasYrcXYwNo1nCDS3+c0aGq+2gQ6dUe4my6UawUk/giupl0nywcinXMG9 RibH7pA/fGcDr01pPS1YH9RlnBreNPQSdGrpgydHV6eCekA/9J/pfQ1G/aYo lp2cDap6+huS0J+0jYiMn7ClwyBysfWP42wnZIweX2qytRUoVOrbKZFkvvIZ I2GMZpp89frg+4MfPtsBtSd5EAgjSZYmagXphjGGd3W/WU/Ld+IHHk50owTp LgZLjosTxQ0zgiolFaeSIGXHFTJW8aCJwxiEzeMYaF+aRZ4fp9U6im8ka/i7 tjQzTbbEWhThxw6RR+J2LBqs3HMArbdzrhTaAzeS6gfANltYVo2yGn9hGmMD kVEE0HXUnMxS+pCGqVTszbE2it6ZGDmsaOezbmAWmCjTYXeYCAPoOINRui0B zAXlG1Hypy+1RvcgrNF1HnNf+8TZ2GUy7Mu8eXIQMtZSpWY9wkEjN4uZzbZ5 yUaZpNjUfaNOtFd1kxexocvDs+T8AvBSCqsxDhIvNHnbYm1ff3P0oiMpup2X /JVATa1J/HHMKX3eg6r4VL7XC3CG9Kz4AKNLStYHqRqiTQSVEpzkQUTCzprq aS/LzEgwpid1n2GozTmq7yE+bhFZsYJUlNTRBvUlLqW+S3DDD2VMoR+tFkeg ppKv8UQLMRCUUIBqcVDzBIdoUmaiPmzx4UOUHsEniIrSojYLJ3SjQvtU5i5I p0j3GaSjwO9U2wiR0b4C31oubOEs3Nwj/ZeVBKlE6iMerPkEJNMD+Qr0UmQ1 TCWFJphsqLDICFpbvyN4rDwDqE/q/GLlL7CVmuqjxTHmFNEdY3NOPnC0R8OQ 26auGAKRayL4zxTWMNAr2bT3JQEBDkmEPevAYGm16XA78AKTKXdoqF4+lLe3 zBqtMpU3CxDLva7X8QDY7KoEOIjm1CB3emKCydZ1tIbS8SUAe0v8/vuT06PX 32sz7NAA4ptInx1gnOBa4jM+ia4MYJq5POq4RdO4/FRfntLLtaVEGCfvDzQC sit71mGGNxob5vAN4NwUTkBoF4CmIqYbIAuqoD5MxD5DeheucTInuQASIXg3 46RKXHuAao9BqkmxB+ZmdvUc3msctx/UdCGWjxaxAMQ2CHWi2X5SO1EZcGUM QY+DBQNAvUhfkOb7T80k6aYh2r/4KNHDrfTd4Cx6zOuVhBcWKWENJ5qmyX2B kXpzX6jHpZLm4iq++WbUnw0Q770GZBnNewbNsFf3kqdSi+sq12q8Tm+XtKf0 9lpPSvKFjwlu8nYo3AVSxRyM8c+lCBEJYdlE8Oh6BqgZdU6oYc1FmHHq7ZUM BlTQSR6zAS41+j9YerFA9sFwOhB4jyUp/uLw2zPs+eHrs8ttz4kRoABJ8Q6K Q3n0xBtRzBCqCysq+WqIBw7NEMWfSHsRuRMlW2PovDEaurnn3Kuqntgx42re SnsTiIIpsas2kBI97QRDFTSW6kGxA86FpNe1kHQEKpbThD9oKqUwtzIELDJt ZeHJ3jQJ/bnrrBwqIlsAIU5FFyJREwIhe8mDkFw8STdk1ZjzxwEhg9gUq2MS Ea1T/y+9yVci34Lp+wbvLi+JdUbpE6HJijUs6QDyPWh8ALPLUpd9uDSbxIY2 W5dBcrjv94kjiZr4hKo2B+kE4TQyeXhdMAi/Pzi5dAYhb8/Q5+Dr9W2oXmI8 hNBTYPjgEZaB4kHWkhVqZde1CBjaZuFUgkgZagYf0IcNfSdQvQDCkt0WRAgX IBR4G2PxPcGHqvt7VBfgZunmOYB13Q9yTYP8MjXQJK9AGgY1ZV0sS61KZNV2 EtB7Q86euOt4gsL9opNWLe7awJLh9UN8lXP8FaE+Km+NSE2gNtgJFitSertC i6JtkYCZ+E0VHD6sPNLJhAVIUhtaMw4lYUcR8ICHrE+mHr8bqueMjrmInbmK gB2FZ7ngoR8EdFPfEu1dvppWkdlJD1nL2yr0iPMgKF8YZ7Ey/IEXk14x31Sm F0OBdDoG6xzLdQLnMUrrMWpooknrruoXF5dKqoyUM70Iv9O0WT5X17HM1olo uuq9XPrFsNIyubbmhAhA0EIxs4NEht5I7osAy4jS3HHhOnqZz7kUFwB39CM6 CmxRgdYS/MpMXGfiewccu2JyMvhNPnW+VF9nJpgWo9AqCTywksyIEOnyfsWt rkBl4miCBiLIx7jP+mmA2iKST8/epJZVJfpuOAlAn5+1YiAZ/mF8iIsmHE4N pKAZD5RJ1Bzitt0aQsokEnMAwgBQaWXl5uIUk61Su7vJiYaYn6QfoJrzaUpp N3KPH518d3x+cfLC8qZPX58eHiOELi7zb45/uDr7+uBCPgum7VVSZxMjtOuj yz4zA04miA/nnDiu+9W549hM2nNowOjOJauChDntolzwZkrtLdcxs5qRe4DM hRYdim60vR/3+cNsvqbbVtsT21DV2A+mJTIMOYwFImNEtPqGzivn9BFw6nJV fSL1SxW6oTnCR0Oew9iwUIHirtqhMT1+Gteo5tmXliW83htZWfRI68dPrZbl 873bfF4Ve9r53JUk0cnM7sQPLZPIGUC1IMY8lVZEjqpoqe+QEQKf34JrodAF Gm6P68fkH2cPyXlZveEnf/zx+OD85Q+do+OLk69Of/5Z+26eHF++EMv/+xKN 95KvVuVm6VkNetiS/GarL39ABQCnA2lbP9zqh3zx2FoW5XJePK/1g5ZPfT+X ykrI3hZefHhf5axqWTO7TwWglD2yi+mqTL66pyNbzPDhI32YfD+bv0EK37pk kcUpS3eLfN15mb/NN1PO3mCEW9bpHx6K+RzuuBVHFenDrzezdfGQ82cl6Rlc NUFrZzo5ymmiyQWLwfyv/LYjEjyrWXI5e3NfLsq3uBBEuN/MSCDkK/snKRM3 5WrOI35Vrkg5fZHPVvebFYjrhNHS3hVr/P2OSPTlhqj1vuDB/rD+gv/fNYuq bmazF5v5nB2in+99k/91c18mr99s9pJb9+n//Nd/Tf7Hv/2X//Xf/uveJ1/8 4ZM1/seBj5xI8pgh5PhNLzc3dC3OSLhuCqbe/G5BR/g998hdzTeLKT5bEc9L Lgrai8VCP6DtONq8wSPsRP1yRubwcnumfjr0szckEV/k94t//7ci+cd//7fV HWd4LuLZfeD51V/y5Jt//+/384JbfcePnc5u3iRf5os3lf3j63y1LFZiE6z4 g1c3r3JaG3O3km4WUdJZgRt7/shnrayEdY/NdTm9T04eSVzi7C7zdbW5nxF5 XVabv8ze5O/4BC8L7sOxms54Ey6JwP+x5FbMneS7GaJT35EtTnbE29b/BsMh aIETAAYA --></rfc>