<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.3.8) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-core-cacheable-oscore-02" category="std" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="Group OSCORE Cacheable CoAP Responses">End-to-End Protected and Cacheable CoAP Responses using Group Object Security for Constrained RESTful Environments (Group OSCORE)</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-core-cacheable-oscore-02"/>
    <author initials="C." surname="Amsüss" fullname="Christian Amsüss">
      <organization/>
      <address>
        <postal>
          <country>Austria</country>
        </postal>
        <email>christian@amsuess.com</email>
      </address>
    </author>
    <author initials="M." surname="Tiloca" fullname="Marco Tiloca">
      <organization>RISE AB</organization>
      <address>
        <postal>
          <street>Isafjordsgatan 22</street>
          <city>Kista</city>
          <code>164 40</code>
          <country>Sweden</country>
        </postal>
        <email>marco.tiloca@ri.se</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <workgroup>CoRE Working Group</workgroup>
    <keyword>CoAP, OSCORE, multicast, caching, proxy</keyword>
    <abstract>
      <?line 126?>

<t>When using the Constrained Application Protocol (CoAP), exchanged messages can be protected end-to-end also across untrusted intermediary proxies. This can be achieved with Object Security for Constrained RESTful Environments (OSCORE) or, in the case of group communication, with Group Object Security for Constrained RESTful Environments (Group OSCORE). However, this sidesteps the proxies' abilities to cache responses from the origin server(s). This document restores cacheability of end-to-end protected responses at proxies, by using Group OSCORE and introducing consensus requests, which any client in an OSCORE group can send to one server or multiple servers in the same group.</t>
    </abstract>
    <note removeInRFC="true">
      <name>Discussion Venues</name>
      <t>Discussion of this document takes place on the
    Constrained RESTful Environments Working Group mailing list (core@ietf.org),
    which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/core/"/>.</t>
      <t>Source for this draft and an issue tracker can be found at
    <eref target="https://github.com/core-wg/cacheable-oscore"/>.</t>
    </note>
  </front>
  <middle>
    <?line 130?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>The Constrained Application Protocol (CoAP) <xref target="RFC7252"/> supports intermediary proxies that perform requests on behalf of clients and relay back responses. A core functionality of intermediary proxies is the caching of responses.</t>
      <t>Even in the presence of such intermediaries, exchanged CoAP messages can be protected end-to-end by using Object Security for Constrained RESTful Environments (OSCORE) <xref target="RFC8613"/>.</t>
      <t>In a group communication environment <xref target="I-D.ietf-core-groupcomm-bis"/>, CoAP exchanged messages can be protected end-to-end by using Group Object Security for Constrained RESTful Environments (Group OSCORE) <xref target="I-D.ietf-core-oscore-groupcomm"/>. When protected with the group mode of Group OSCORE (see <xref section="7" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>), requests and responses exchanged in the OSCORE group can be decrypted by any member of the group, i.e., not only by the intended recipient(s), thus achieving group-level data confidentiality.</t>
      <t>With any security mechanism for CoAP, the caching of responses at intermediaries presents operators with a trade-off between required trust and provided performance:</t>
      <ul spacing="normal">
        <li>
          <t>If an intermediary proxy is trusted, the proxy can inspect traffic that is going through, cache it, and provide cached responses.
<!-- This can be realized in TLS or any other 1:1 scheme by handing broad certificates to proxies, or in Group OSCORE by sending the request in group mode and then inspecting whether the response is from origin or from the proxy –
but those details would just distract here. -->
          </t>
        </li>
        <li>
          <t>An untrusted proxy, while possible with OSCORE and Group OSCORE, sees different ciphertexts for different requests even when those requests target the same resource. Even if the proxy could somehow produce a cache hit, cached responses would be rejected by the request-response matching of (Group) OSCORE.</t>
        </li>
      </ul>
      <t>By using Group OSCORE, this document provides a way out of the trade-off situation.</t>
      <t>In particular, this document enables effective cacheability of protected responses for proxies that are not members of the OSCORE group and that are unaware of OSCORE and Group OSCORE in general. To this end, it builds on the concept of "consensus request" initially considered in <xref target="I-D.ietf-core-observe-multicast-notifications"/>, and it defines "Deterministic Request" as a convenient incarnation of such concept.</t>
      <t>All clients wishing to send a particular request with the GET method or FETCH method <xref target="RFC8132"/> are able to deterministically compute the same protected request, using a variation of the pairwise mode of Group OSCORE (see <xref section="8" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>). It follows that cache hits become possible at the proxy, which can thus serve clients in the group from its cache. Like in <xref target="I-D.ietf-core-observe-multicast-notifications"/>, this requires that clients and servers are already members of a suitable OSCORE group.</t>
      <t>Cacheability of protected responses is useful also in applications where several clients wish to retrieve the same object from a single server.
Some security properties of Group OSCORE are dispensed with, in order to gain other desirable properties.</t>
      <t>In order to clearly handle the protocol's security properties
and to broaden applicability to group situations outside the deterministic case,
the technical implementation is split into two halves:</t>
      <ul spacing="normal">
        <li>
          <t>Maintaining request-response bindings in the absence of request source authentication; and</t>
        </li>
        <li>
          <t>Composition and processing of Deterministic Requests, which have no source authentication and thus require the former.</t>
        </li>
      </ul>
      <section anchor="use-cases">
        <name>Use Cases</name>
        <t>When firmware updates are delivered using CoAP, many similar devices fetch the same large data at the same time. Collecting such large data at a proxy from its cache not only keeps the traffic low, but also lets the clients ride single file to hide their numbers <xref target="SW-EPIV"/> and identities. By using protected Deterministic Requests as defined in this document, it is possible to efficiently perform data collection at a proxy also when the firmware updates are protected end-to-end.</t>
        <t>When relying on intermediaries to fan out the delivery of multicast data protected end-to-end as in <xref target="I-D.ietf-core-multicast-notifications-proxy"/>, the use of protected Deterministic Requests as defined in this document allows for a more efficient setup, by reducing the amount of message exchanges and enabling early population of cache entries (see <xref target="det-requests-for-notif"/>).</t>
        <t>When building RESTful networks following the patterns of Information-Centric Networking (ICN),
CoAP proxies take the role of forwarding nodes.
Caching plays a large role in such networks,
and cacheable OSCORE provides a compatible security mechanism <xref target="ICN-paper"/>.</t>
        <t>When DNS messages are transported over CoAP <xref target="RFC9953"/>, it is recommended to use OSCORE for protecting such messages <xref target="DNS-CoAP-paper"/>. By restoring cacheability of OSCORE-protected responses, it becomes possible to benefit from the cache retrieval of such CoAP responses that particularly transport DNS messages.</t>
      </section>
      <section anchor="terminology">
        <name>Terminology</name>
        <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
        <?line -18?>

<t>Readers are expected to be familiar with terms and concepts of CoAP <xref target="RFC7252"/> and its method FETCH <xref target="RFC8132"/>, group communication for CoAP <xref target="I-D.ietf-core-groupcomm-bis"/>, Concise Binary Object Representation (CBOR) <xref target="RFC8949"/>, CBOR Object Signing and Encryption (COSE) <xref target="RFC9052"/><xref target="RFC9053"/>, OSCORE <xref target="RFC8613"/>, and Group OSCORE <xref target="I-D.ietf-core-oscore-groupcomm"/>.</t>
        <t>This document also introduces the following new terms.</t>
        <ul spacing="normal">
          <li>
            <t>Consensus Request: a CoAP request that multiple clients use to repeatedly access a particular resource.
In this document, it exclusively refers to requests protected with Group OSCORE that target a resource hosted at one or more servers in an OSCORE group.  </t>
            <t>
A Consensus Request has all the properties relevant to caching, but its transport dependent properties (e.g., Token or Message ID) are not defined. Thus, different requests on the wire can be said to "be the same Consensus Request" even if they have different Tokens or source addresses.  </t>
            <t>
The Consensus Request is the reference for request-response binding.
 In general, a client processing a response to a Consensus Request did not generate (and thus sign) the Consensus Request.
 The client not only needs to decrypt the Consensus Request to understand a corresponding response (for example, to tell which resource path was requested),
 but it also needs to verify that this is the only Consensus Request that could elicit this response.</t>
          </li>
          <li>
            <t>Deterministic Client: a fictitious member of an OSCORE group, having no Sender Sequence Number, no asymmetric key pair, and no Recipient Context.  </t>
            <t>
The Group Manager responsible for the OSCORE group (see <xref section="12" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>) sets up the Deterministic Client and assigns it a unique Sender ID like for other group members. Furthermore, the Deterministic Client has only the minimum common set of privileges shared by all group members.</t>
          </li>
          <li>
            <t>Deterministic Request: a Consensus Request generated by the Deterministic Client. The use of Deterministic Requests is defined in <xref target="sec-deterministic-requests"/>.</t>
          </li>
          <li>
            <t>Ticket Request: a Consensus Request generated by the server itself.  </t>
            <t>
This term is not used in the remaining of the main document body, but it is useful in comparison with other applications of Consensus Requests
that are generated in a different way than as Deterministic Requests.
The prototypical Ticket Request is the Phantom Request defined in <xref target="I-D.ietf-core-observe-multicast-notifications"/>.  </t>
            <t>
In <xref target="sec-ticket-requests"/>, this term is used to bridge the gap with that document.</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="oscore-nosourceauth">
      <name>OSCORE Message Processing without Source Authentication</name>
      <t>In OSCORE <xref target="RFC8613"/>, a response is cryptographically bound to the corresponding request through CBOR data items <xref target="RFC8949"/> in their authenticated encryption's Additional Authenticated Data (AAD):
"request_kid" and "request_piv".
Building on the same construct, Group OSCORE adds "request_kid_context" to that list.
Hereafter, those items are referred to as "request_details".</t>
      <t>The security of such binding depends on the server obtaining source authentication for the request,
and on that source matching the request_details.
If this precondition is not fulfilled, a malicious group member could alter a request to the server (without altering the request_details above),
and the client would still accept the response as if it were a response to its request.</t>
      <t>Source authentication of requests is thus a precondition for the secure use of OSCORE and Group OSCORE.
However, it is hard to provide when:</t>
      <ul spacing="normal">
        <li>
          <t>Requests are built exclusively using shared group keying material, like in the case of a Deterministic Client.</t>
        </li>
        <li>
          <t>Requests are sent without source authentication, or their source authentication is not checked.</t>
        </li>
      </ul>
      <t>This document does not give full guidance on how to restore request-response binding for the general case,
but it offers suggestions:</t>
      <ul spacing="normal">
        <li>
          <t>The response can contain the full request. An option that allows doing that is presented in <xref target="I-D.ietf-core-responses"/>.</t>
        </li>
        <li>
          <t>The response can contain a cryptographic hash of the full request. This is used by the method specified in this document, as defined in <xref target="ssec-request-hash-option"/>.
<!-- * The request_details above can be transported in a Class E option (encrypted and integrity protected) or a Class I option (unencrypted, but part of the AAD hence integrity protected).
The latter has the advantage that the option can be removed in transit and reconstructed at the receiver. -->
          </t>
        </li>
        <li>
          <t>The agreed-on request data can be placed in a different position in the AAD,
or take part to the derivation of the (Group) OSCORE Security Context.
In the latter case, care needs to be taken to never initialize a Security Context twice with the same input,
as that would lead to reuse of the Authenticated Encryption with Associated Data (AEAD) nonce.</t>
        </li>
      </ul>
      <t>Additional care has to be taken in ensuring that request_details that are not expressed in the request itself are captured. For instance, these include an indication of the Security Context through which the request is assumed to have been originated.</t>
      <t>Requests without source authentication have to be processed assuming only the minimal possible privilege of the requester, e.g., consistent with the privileges of the Deterministic Client considered in this document (see <xref target="terminology"/>).
If a response to such a request is originated and it contains data more sensitive than that
(which might be justified, if the response is protected for an authorized group member using the pairwise mode of Group OSCORE),
special consideration for any side channels like response size or timing is required.</t>
    </section>
    <section anchor="sec-deterministic-requests">
      <name>Deterministic Requests</name>
      <t>This section defines a method for clients starting from a same intended CoAP request to independently compose the same, corresponding Deterministic Request protected with Group OSCORE.</t>
      <section anchor="sec-deterministic-requests-unprotected">
        <name>Deterministic Unprotected Request</name>
        <t>When clients compose their unprotected request,
they can already minimize variability
and thus maximize reproducibility.</t>
        <t>This document does not set out full guidelines for minimizing the variation,
but considered starting points are:</t>
        <ul spacing="normal">
          <li>
            <t>Set the Inner CoAP Observe Option to 0 (register) <xref target="RFC7641"/>, even if no observation is intended (and hence no Outer Observe Option is set). Thus, both Observe and non-Observe requests can be aggregated into a single request, which is upstreamed as an observation at the latest when any Observe request reaches a caching proxy.  </t>
            <t>
In this case, following a Deterministic Request that includes only an Inner Observe Option, servers include an Inner Observe Option (but no Outer Observe Option) in a successful response sent as reply. Also, when receiving a response to such a Deterministic Request previously sent, clients silently ignore the Inner Observe Option in that response.</t>
          </li>
          <li>
            <t>Avoid setting the CoAP ETag Option in requests on a whim.
Instead, clients should only set it when there was a recent response conveying that ETag value.
When using block-wise transfers <xref target="RFC7959"/> and obtaining later blocks, clients should not send the known-stale ETag value.</t>
          </li>
          <li>
            <t>When using block-wise transfers <xref target="RFC7959"/>, maximally sized large Inner blocks (szx=6) should be selected.  </t>
            <t>
This not only serves to align the clients on consistent cache entries,
but it also helps amortize the additional data transferred in the per-message signatures of the corresponding responses, which are protected with the group mode of Group OSCORE.  </t>
            <t>
Outer block-wise transfer can then be used if these messages exceed a hop's efficiently usable Maximum Transmission Unit (MTU) size.  </t>
            <t>
If Block-wise Extension for Reliable Transport (BERT) <xref target="RFC8323"/> is usable with Group OSCORE, its use is fine as well.
In that case, the server picks a consistent block size for all clients anyway.
<!-- see https://github.com/core-wg/corrclar/pull/45 -->
            </t>
          </li>
          <li>
            <t>The CoAP Padding Option defined in <xref target="sec-padding"/> can be used to limit an adversary's ability to deduce the content and the target resource of Deterministic Requests from their length.  </t>
            <t>
In particular, all Deterministic Requests of the same class (ideally, all requests to a particular server) can be padded to reach the same total length, which would need to be agreed on among all users of the same Group OSCORE Security Context.</t>
          </li>
          <li>
            <t>Clients should not send a protected (inner) CoAP Echo Option <xref target="RFC9175"/> in Deterministic Requests.  </t>
            <t>
In combination with Deterministic Requests, this limits the use of the Echo Option to its inclusion as an unprotected (outer) Echo Option,
and thus to testing the reachability of the client.
However, this is not practically limiting, since the use as an Inner option would be to prove freshness,
which is something that Deterministic Requests simply cannot provide anyway.</t>
          </li>
        </ul>
        <t>These guidelines only serve to ensure that cache entries are utilized. Failure to follow these guidelines has no more severe consequences than decreasing the utility and effectiveness of a cache.</t>
      </section>
      <section anchor="ssec-deterministic-requests-design">
        <name>Design Considerations</name>
        <t>The hard part is determining a consensus pair (key, nonce) to be used with the AEAD cipher for encrypting the plain CoAP request and obtaining the Deterministic Request as a result, while also avoiding the reuse of the same (key, nonce) pair across different requests.</t>
        <t>Diversity can conceptually be enforced by applying a cryptographic hash function to the complete input of the encryption operation over the plain CoAP request (i.e., the AAD and the plaintext of the COSE object), and then using the result as source of uniqueness.
Any non-malleable cryptographically secure hash of sufficient length to make collisions sufficiently unlikely is suitable for this purpose.</t>
        <t>A tempting possibility is to use a fixed (group) key, and use the hash as a deterministic AEAD nonce for each Deterministic Request through the Partial IV component (see <xref section="5.2" sectionFormat="of" target="RFC8613"/>). However, the 40 bits available for the Partial IV are by far insufficient to ensure that the deterministic nonce is not reused across different Deterministic Requests. Even if the full deterministic AEAD nonce could be set, the sizes used by common algorithms would still be too small.</t>
        <t>Consequently, the method defined in this document takes the opposite approach, by considering a fixed deterministic AEAD nonce, while deriving a different deterministic encryption key for each Deterministic Request. That is, the hash computed over the plain CoAP request is taken as input to the key derivation. As an advantage, this approach does not require to transport the computed hash in the CoAP OSCORE Option.</t>
      </section>
      <section anchor="ssec-request-hash-option">
        <name>The Request-Hash Option</name>
        <t>In order to transport the hash of the plain CoAP request, a new CoAP option is defined, which <bcp14>MUST</bcp14> be supported by clients and servers that support Deterministic Requests.</t>
        <t>The option is called Request-Hash and its properties are summarized in <xref target="request-hash-table"/>, which extends Table 4 of <xref target="RFC7252"/>. The option is Elective, Safe-to-Forward, part of the Cache-Key, and not repeatable.</t>
        <table align="center" anchor="request-hash-table">
          <name>The Request-Hash Option (C=Critical, U=Unsafe, N=NoCacheKey, R=Repeatable)</name>
          <thead>
            <tr>
              <th align="left">No.</th>
              <th align="left">C</th>
              <th align="left">U</th>
              <th align="left">N</th>
              <th align="left">R</th>
              <th align="left">Name</th>
              <th align="left">Format</th>
              <th align="left">Length</th>
              <th align="left">Default</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">TBD548</td>
              <td align="left"> </td>
              <td align="left"> </td>
              <td align="left"> </td>
              <td align="left"> </td>
              <td align="left">Request-Hash</td>
              <td align="left">opaque</td>
              <td align="left">any</td>
              <td align="left">(none)</td>
            </tr>
          </tbody>
        </table>
        <t>The Request-Hash Option is identical in all its properties to the Request-Tag Option defined in <xref target="RFC9175"/>, with the following exceptions:</t>
        <ul spacing="normal">
          <li>
            <t>It is not repeatable.</t>
          </li>
          <li>
            <t>The Option Value may be arbitrarily long.  </t>
            <t>
Implementations can limit the length of the Option Value to that of the longest output of the supported hash functions.</t>
          </li>
          <li>
            <t>It may be present in responses.  </t>
            <t>
[ Editor's note: Does this affect any other properties? ]  </t>
            <t>
A response's Request-Hash Option is, as a matter of default value,
equal to the request's Request-Hash Option.
The response is valid only if the value of its Request-Hash Option is equal to the value of the Request-Hash Option in the corresponding request.  </t>
            <t>
Servers (including proxies) thus generally should not need to include the Request-Hash Option explicitly in responses,
especially as a matter of bandwidth efficiency.  </t>
            <t>
A reason (and, currently, the only known) to actually include a Request-Hash option in a response
is the possible use of non-traditional responses as described in <xref target="I-D.ietf-core-responses"/>,
which, in terms of that document, are non-matching to the request (and thus easily usable).
The Request-Hash Option included in the response allows populating caches (see below) and enables the decryption and verification of a response that is sent as a reply to a Consensus Request.
In the context of non-traditional responses, the value of the Request-Hash Option in the request corresponding to a response can be inferred from the value of the Request-Hash Option in the response.</t>
          </li>
          <li>
            <t>A proxy <bcp14>MAY</bcp14> use any fresh cached response from the selected server to reply to a request with the same Request-Hash;
this can save it some memory.  </t>
            <t>
When replying to a request that includes a Request-Hash Option, the proxy <bcp14>MAY</bcp14> add a Request-Hash Option to the response if the option is not already present in the response, or remove the Request-Hash Option from the response if the option is already present in the response. In either case, the Request-Hash Option in the response <bcp14>MUST</bcp14> have the same value that the Request-Hash Option has in the corresponding request.</t>
          </li>
          <li>
            <t>When used with a Deterministic Request, the Request-Hash Option is created at message protection time by the sender endpoint, and it is used before message decryption and verification by the recipient endpoint. Therefore, in this use case, this option is treated as Class U for OSCORE <xref target="RFC8613"/> in requests. In the same application, for responses, this option is treated as Class I and is often elided from sending, in which case it is reconstructed at the recipient endpoint. Other uses of the Request-Hash Option can treat it according to different classes for the OSCORE processing.</t>
          </li>
        </ul>
        <t>The Request-Hash Option achieves the request-response binding described in <xref target="oscore-nosourceauth"/>.</t>
      </section>
      <section anchor="ssec-use-deterministic-requests">
        <name>Use of Deterministic Requests</name>
        <t>This section defines how a Deterministic Request is built on the client side and then processed on the server side.</t>
        <section anchor="sssec-use-deterministic-requests-pre-conditions">
          <name>Preconditions</name>
          <t>The use of Deterministic Requests in an OSCORE group requires that the interested group members are aware of the Deterministic Client in the group. In particular, they need to know:</t>
          <ul spacing="normal">
            <li>
              <t>The Sender ID of the Deterministic Client, to be used as 'kid' parameter for the Deterministic Requests. This allows all group members to compute the Sender Key of the Deterministic Client.  </t>
              <t>
The Sender ID of the Deterministic Client is immutable throughout the lifetime of the OSCORE group. That is, it is not relinquished and it does not change upon changes of the group keying material following a group rekeying performed by the Group Manager (see <xref section="12.2" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>).</t>
            </li>
            <li>
              <t>The hash algorithm to use for computing the hash of a plain CoAP request, when producing the associated Deterministic Request.</t>
            </li>
          </ul>
          <t>Group members have to obtain this information from the Group Manager. A group member can do that, for instance, when obtaining the group keying material upon joining the OSCORE group, or later on as an active member by interacting with the Group Manager.</t>
          <t>The joining process based on the realization of Group Manager defined in <xref target="I-D.ietf-ace-key-groupcomm-oscore"/> can be easily extended to support the provisioning of information about the Deterministic Client. Such an extension is defined in <xref target="sec-obtaining-info"/> of the present document.
With reference to the same realization of Group Manager, no such extension is needed for its management interface defined in <xref target="I-D.ietf-ace-oscore-gm-admin"/>, which already includes the relevant parameters.</t>
        </section>
        <section anchor="sssec-use-deterministic-requests-client-req">
          <name>Client Composition of Deterministic Requests</name>
          <t>In order to compose a Deterministic Request, the client protects the plain CoAP request using the pairwise mode of Group OSCORE (see <xref section="8" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>), with the following alterations.</t>
          <ol spacing="normal" type="1"><li>
              <t>When preparing the OSCORE Option, the external_aad, and the AEAD nonce:  </t>
              <ul spacing="normal">
                <li>
                  <t>The Sender ID used is the Deterministic Client's Sender ID.</t>
                </li>
                <li>
                  <t>The element 'sender_cred' in the aad_array takes the empty CBOR byte string (0x40).</t>
                </li>
                <li>
                  <t>The Partial IV used is 0.</t>
                </li>
              </ul>
            </li>
            <li>
              <t>The client uses the hash function indicated for the Deterministic Client and computes a hash H over the following input: the Sender Key of the Deterministic Client, concatenated with the binary serialization of the aad_array from Step 1, concatenated with the COSE plaintext.  </t>
              <t>
Note that the payload of the plain CoAP request (if any) is not self-delimiting, and thus hash functions are limited to non-malleable ones.</t>
            </li>
            <li>
              <t>The client derives the deterministic Pairwise Sender Key K as defined in <xref section="2.5.1" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>, with the following differences:  </t>
              <ul spacing="normal">
                <li>
                  <t>The Sender Key of the Deterministic Client is used as the first argument of the HMAC-based Key Derivation Function (HKDF).</t>
                </li>
                <li>
                  <t>The hash H from Step 2 is used as the second argument IKM-Sender of the HKDF, i.e., as a pseudo Input Keying Material (IKM) computable by all the group members.      </t>
                  <t>
Note that an actual IKM-Sender cannot be obtained, since there is no authentication credential (and public key included therein) associated with the Deterministic Client to be used as Sender Authentication Credential and for computing an actual shared secret.</t>
                </li>
                <li>
                  <t>The Sender ID of the Deterministic Client is used as the value for the 'id' element of the 'info' parameter that is used as the third argument of the HKDF.</t>
                </li>
              </ul>
            </li>
            <li>
              <t>The client includes a Request-Hash Option in the request to protect, with value set to the hash H from Step 2.</t>
            </li>
            <li>
              <t>The client <bcp14>MAY</bcp14> include an Inner Observe Option set to 0 (register) to be protected with Group OSCORE, even if no observation is intended <xref target="RFC7641"/> (see <xref target="sec-deterministic-requests-unprotected"/>).</t>
            </li>
            <li>
              <t>The client protects the request using the pairwise mode of Group OSCORE as defined in <xref section="8.3" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>, using the AEAD nonce from Step 1, the deterministic Pairwise Sender Key K from Step 3 as the AEAD encryption key, and the finalized AAD.</t>
            </li>
            <li>
              <t>The client <bcp14>MUST NOT</bcp14> include an unprotected (outer) Observe Option if no observation is intended, even in the case that an Inner Observe Option was included at Step 5.</t>
            </li>
            <li>
              <t>The client <bcp14>MUST</bcp14> set 0.05 (FETCH) <xref target="RFC8132"/> as the Outer Code of the protected request to make it usable for a proxy's cache, even if no observation is intended.</t>
            </li>
          </ol>
          <t>The result is the Deterministic Request to be sent.</t>
          <t>Since the encryption key K is derived using material from the whole plain CoAP request, this (key, nonce) pair is only used for this very message, which is deterministically encrypted unless there is a hash collision between two Deterministic Requests.</t>
          <t>The deterministic encryption requires that the AEAD algorithm used is deterministic in itself. This is the case for all the AEAD algorithms currently registered with COSE in the "COSE Algorithms" registry <xref target="IANA.COSE.Algorithms"/>. For future algorithms, a flag in the that registry is to be added.</t>
          <t>Note that, while the process defined above is based on the pairwise mode of Group OSCORE, no information about the server takes part in the key derivation or is included in the AAD. This is intentional, since it allows sending a Deterministic Request to multiple servers at once (see <xref target="det-req-one-to-many"/>). On the other hand, it requires later checks at the client when verifying a response to a Deterministic Request (see <xref target="ssec-use-deterministic-requests-response"/>).</t>
        </section>
        <section anchor="sssec-use-deterministic-requests-server-req">
          <name>Server Processing of Deterministic Requests</name>
          <t>Upon receiving a Deterministic Request, a server performs the following actions.</t>
          <t>A server that does not support Deterministic Requests would not be able to derive the necessary Recipient Context at Step 4 below, and thus will fail decrypting and verifying the request.</t>
          <ol spacing="normal" type="1"><li>
              <t>If not already available, the server retrieves the information about the Deterministic Client from the Group Manager and derives the Sender Key of the Deterministic Client.</t>
            </li>
            <li>
              <t>The server recognizes the request to be a Deterministic Request, due to the presence of the Request-Hash Option and to the 'kid' parameter of the OSCORE Option that is set to the Sender ID of the Deterministic Client.  </t>
              <t>
If the 'kid' parameter of the OSCORE Option specifies a different Sender ID than the one of the Deterministic Client, the server <bcp14>MUST NOT</bcp14> take the following steps and instead processes the request as per <xref section="8.4" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>.</t>
            </li>
            <li>
              <t>The server retrieves the hash H from the Request-Hash Option.</t>
            </li>
            <li>
              <t>The server derives a Recipient Context associated with the Deterministic Client, to be used for processing the Deterministic Request. In particular:  </t>
              <ul spacing="normal">
                <li>
                  <t>The Recipient ID is the Sender ID of the Deterministic Client.</t>
                </li>
                <li>
                  <t>The deterministic Pairwise Recipient Key K is derived as defined in <xref section="2.5.1" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>, with the following differences:      </t>
                  <ul spacing="normal">
                    <li>
                      <t>The Recipient Key associated with the Deterministic Client (i.e., the Sender Key of the Deterministic Client) is used as the first argument of the HMAC-based Key Derivation Function (HKDF).</t>
                    </li>
                    <li>
                      <t>The hash H retrieved at Step 3 is used as the second argument IKM-Recipient of the HKDF, i.e., as a pseudo Input Keying Material (IKM).          </t>
                      <t>
Note that an actual IKM-Recipient cannot be obtained, since there is no authentication credential (and public key included therein) associated with the Deterministic Client to be used as Recipient Authentication Credential and for computing an actual shared secret.</t>
                    </li>
                    <li>
                      <t>The Recipient ID is used as the value for the 'id' element of the 'info' parameter that is used as the third argument of the HKDF.</t>
                    </li>
                  </ul>
                </li>
              </ul>
              <t>
Note that the server might already be storing a Recipient Context associated with the Deterministic Client, e.g., if that was established upon receiving a previous Deterministic Request in the OSCORE group, or already upon joining the OSCORE group.  </t>
              <t>
In such a case, the present step consists only in the (re-)derivation of the deterministic Pairwise Recipient Key K within the considered Recipient Context, to be used for decrypting and verifying the present Deterministic Request.</t>
            </li>
            <li>
              <t>The server decrypts and verifies the Deterministic Request using the pairwise mode of Group OSCORE as defined in <xref section="8.4" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/> and the Recipient Context from Step 4, with the following differences:  </t>
              <ul spacing="normal">
                <li>
                  <t>When preparing the external_aad, the element 'sender_cred' in the aad_array takes the empty CBOR byte string (0x40).</t>
                </li>
                <li>
                  <t>The server does not perform replay checks against a Replay Window (see below).</t>
                </li>
              </ul>
            </li>
          </ol>
          <t>If the verification is successful, the server <bcp14>MUST</bcp14> also perform the following actions, before possibly delivering the request to the application.</t>
          <ul spacing="normal">
            <li>
              <t>Starting from the recovered plain CoAP request, the server <bcp14>MUST</bcp14> recompute the same hash that the client computed at Step 2 of <xref target="sssec-use-deterministic-requests-client-req"/>, according to the same process.  </t>
              <t>
If the recomputed hash value differs from the value retrieved from the Request-Hash Option at Step 3 of the present <xref target="sssec-use-deterministic-requests-server-req"/>, the server <bcp14>MUST</bcp14> treat the request as invalid and <bcp14>MAY</bcp14> reply with an unprotected 4.00 (Bad Request) error response. The server <bcp14>MAY</bcp14> set an Outer Max-Age Option with value zero. The diagnostic payload <bcp14>MAY</bcp14> contain the string "Decryption failed".  </t>
              <t>
This prevents an attacker that guessed a valid authentication tag for a given Request-Hash value to poison caches with incorrect responses.</t>
            </li>
            <li>
              <t>The server <bcp14>MUST</bcp14> verify that the unprotected request is safe to be processed in the REST sense, i.e., that it has no side effects. If verification fails, the server <bcp14>MUST</bcp14> discard the request and <bcp14>SHOULD</bcp14> reply with a protected 4.01 (Unauthorized) error response.  </t>
              <t>
Note that some CoAP implementations may not be able to prevent that an application produces side effects from a safe request. This may incur checking whether the particular resource handler is explicitly marked as eligible for processing Deterministic Requests. An implementation may also have a configured list of requests that are known to be side-effect free, or even a pre-built list of valid hashes for all sensible requests for them, and reject any other request.  </t>
              <t>
These checks replace the otherwise present requirement that the server needs to check the Replay Window of the Recipient Context (see Step 5 above), which is inapplicable with the Recipient Context derived at Step 4 from the value of the Request-Hash Option. The reasoning is analogous to the one in <xref target="I-D.amsuess-lwig-oscore"/> to treat the potential replay as answerable, if the handled request is side-effect free.</t>
            </li>
          </ul>
        </section>
        <section anchor="ssec-use-deterministic-requests-response">
          <name>Response to a Deterministic Request</name>
          <t>When preparing a response to a Deterministic Request, the server treats the Request-Hash Option as a Class I option. The value of the Request-Hash Option <bcp14>MUST</bcp14> be equal to the value of the Request-Hash Option that was specified in the corresponding Deterministic Request. Since the client is aware of the Request-Hash value to expect in the response, the server usually elides the Request-Hash Option from the actually transmitted response.</t>
          <t>Treating the Request-Hash Option as a Class I option creates the request-response binding, thus ensuring that no mismatched responses can be successfully unprotected and verified by the client (see <xref target="oscore-nosourceauth"/>).</t>
          <t>The client <bcp14>MUST</bcp14> reject a response to a Deterministic Request, if the value of the Request-Hash Option included in the response is not equal to the value that was specified in the Request-Hash Option of that Deterministic Request.</t>
          <!--
MT: Is there any possible reason in this application of the Request-Hash option to not elide it the from the response?
-->

<t>In order to compose a response to a Deterministic Request, the server performs the following actions.</t>
          <ol spacing="normal" type="1"><li>
              <t>The server <bcp14>MUST</bcp14> either omit an Inner Max-Age Option or include it with Option Value different from 0.</t>
            </li>
            <li>
              <t>The server preliminarily sets the Request-Hash Option with the full Request-Hash value, i.e., the same value of the Request-Hash Option that was specified in the Deterministic Request.</t>
            </li>
            <li>
              <t>If the Deterministic Request included an Inner Observe Option but not an Outer Observe Option and the resource is observable <xref target="RFC7641"/>, the server <bcp14>MUST</bcp14> include an Inner Observe Option in the response.</t>
            </li>
            <li>
              <t>The server <bcp14>MUST</bcp14> protect the response using the group mode of Group OSCORE, as defined in <xref section="7.3" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>. This is required to ensure that the client can verify the source authentication of the response, since the "pairwise" key used for producing the Deterministic Request is actually shared among all the group members.  </t>
              <t>
Note that the Request-Hash Option is treated as Class I here.</t>
            </li>
            <li>
              <t>The server <bcp14>MUST</bcp14> include its Sender Sequence Number as Partial IV in the response and use it to build the nonce to protect the response. This is required since the server does not perform replay protection on the Deterministic Request (see <xref target="ssec-use-deterministic-requests-response"/>).</t>
            </li>
            <li>
              <t>The server <bcp14>MUST</bcp14> use 2.05 (Content) as Outer Code of the response even though the response is not necessarily an Observe notification <xref target="RFC7641"/>, in order to make the response cacheable.</t>
            </li>
            <li>
              <t>The server <bcp14>SHOULD</bcp14> remove the Request-Hash Option from the response before sending the response to the client, as per the general option mechanism defined in <xref target="ssec-request-hash-option"/>.</t>
            </li>
            <li>
              <t>If the Deterministic Request included an Inner Observe Option but not an Outer Observe Option, the server <bcp14>MUST NOT</bcp14> include an Outer Observe Option in the response.</t>
            </li>
            <li>
              <t>The server <bcp14>MUST</bcp14> include an Outer Max-Age Option, setting the Option Value to the same Option Value of the Inner Max-Age Option, if present, or to the default value 60 otherwise (see <xref section="5.6.1" sectionFormat="of" target="RFC7252"/>). This makes the Deterministic Request usable for the proxy cache.</t>
            </li>
          </ol>
          <t>Upon receiving the response, the client performs the following actions.</t>
          <ol spacing="normal" type="1"><li>
              <t>If the response includes a 'kid' in the OSCORE Option, the client <bcp14>MUST</bcp14> verify it to be exactly the 'kid' of the server to which the Deterministic Request was sent, unless responses from multiple servers are expected (see <xref target="det-req-one-to-many"/>). If the verification fails, the client <bcp14>MUST</bcp14> reject the response.</t>
            </li>
            <li>
              <t>If the response does not include the Request-Hash Option, the client adds the Request-Hash Option to the response, setting the Option Value to the same Option Value of the Request-Hash Option that was included in the Deterministic Request.  </t>
              <t>
Otherwise, the client <bcp14>MUST</bcp14> reject the response if the Option Value of the Request-Hash Option is different from the Option Value of the Request-Hash Option that was included in the Deterministic Request.</t>
            </li>
            <li>
              <t>The client retrieves the Recipient Context to use for decrypting and verifying the response, based on the 'kid' either retrieved from the OSCORE Option of the response if present therein, or otherwise of the server to which the Deterministic Request was sent to. Then, the client decrypts and verifies the response using the group mode of Group OSCORE, as defined in <xref section="7.4" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>. When verifying the response, the Request-Hash Option is treated as a Class I option.</t>
            </li>
            <li>
              <t>If the Deterministic Request included an Inner Observe Option but not an Outer Observe option (see <xref target="sec-deterministic-requests-unprotected"/>), the client <bcp14>MUST</bcp14> silently ignore the Inner Observe Option in the response, which <bcp14>MUST NOT</bcp14> result in stopping the processing of the response.  </t>
              <t>
Note that this deviates from <xref section="4.1.3.5.2" sectionFormat="of" target="RFC8613"/>, but it is limited to a very specific situation, where the client and server both know exactly what happens. This does not affect the use of Group OSCORE in other situations.</t>
            </li>
          </ol>
        </section>
        <section anchor="det-req-one-to-many">
          <name>Deterministic Requests to Multiple Servers</name>
          <t>A Deterministic Request can be sent to a CoAP group, e.g., over UDP and IP multicast <xref target="I-D.ietf-core-groupcomm-bis"/>, thus targeting multiple servers at once.</t>
          <t>To simplify key derivation, such a Deterministic Request is still created in the same way as a one-to-one request and still protected with the pairwise mode of Group OSCORE, as defined in <xref target="sssec-use-deterministic-requests-client-req"/>.</t>
          <t>Note that this deviates from the recommendation in <xref section="7" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>, since the Deterministic Request in this case is indeed intended to multiple recipients, but yet it is protected with the pairwise mode. However, this is limited to a very specific situation, where the client and servers both know exactly what happens. This does not affect the use of Group OSCORE in other situations.</t>
          <t>When a server receives a request from the Deterministic Client as addressed to a CoAP group, the server proceeds as defined in <xref target="sssec-use-deterministic-requests-server-req"/>, with the difference that it <bcp14>MUST</bcp14> include its own Sender ID in the response, as the 'kid' parameter of the OSCORE Option.</t>
          <t>Although it is normally optional for the server to include its Sender ID when replying to a request that is protected with the pairwise mode, it is required in this case for allowing the client to retrieve the Recipient Context associated with the server originating the response.</t>
          <t>If a server is a member of a CoAP group, and it fails to successfully decrypt and verify an incoming Deterministic Request, then it is <bcp14>RECOMMENDED</bcp14> for that server to not reply with an error response, in the case that the server verifies that the Deterministic Request was sent to the CoAP group (e.g., to the associated IP multicast address) or in the case that the server is not able to verify that altogether.</t>
          <t>When the client receives a response to a Deterministic Request that it sent to a CoAP group, the client performs the same actions defined in <xref target="ssec-use-deterministic-requests-response"/>, with the following differences:</t>
          <ul spacing="normal">
            <li>
              <t>At Step 1, if the response does not include a 'kid' in the OSCORE Option, the client <bcp14>MUST</bcp14> reject the response. Otherwise, no verification of the 'kid' is performed.</t>
            </li>
            <li>
              <t>At Step 3, the client retrieves the Recipient Context to use for decrypting and verifying the response, based on the 'kid' retrieved from the OSCORE Option of the response.</t>
            </li>
          </ul>
        </section>
      </section>
    </section>
    <section anchor="sec-obtaining-info">
      <name>Obtaining Information about the Deterministic Client</name>
      <t>This section extends the joining process defined in <xref target="I-D.ietf-ace-key-groupcomm-oscore"/> and based on the Authentication and Authorization for Constrained Environments (ACE) framework <xref target="RFC9200"/>. Upon joining the OSCORE group, this enables a new group member to obtain from the Group Manager the required information about the Deterministic Client (see <xref target="sssec-use-deterministic-requests-pre-conditions"/>).</t>
      <t>With reference to the 'key' parameter included in the Join Response defined in <xref section="6.3" sectionFormat="of" target="I-D.ietf-ace-key-groupcomm-oscore"/>, the Group_OSCORE_Input_Material object specified as its value contains also the two additional parameters 'det_senderId' and 'det_hash_alg'. These are registered in <xref target="ssec-iana-security-context-parameter-registry"/> of this document and are defined as follows:</t>
      <ul spacing="normal">
        <li>
          <t>The 'det_senderId' parameter, if present, has as value the OSCORE Sender ID assigned to the Deterministic Client by the Group Manager. This parameter <bcp14>MUST</bcp14> be present if the OSCORE group uses Deterministic Requests as defined in this document. Otherwise, this parameter <bcp14>MUST NOT</bcp14> be present.</t>
        </li>
        <li>
          <t>The 'det_hash_alg' parameter, if present, has as value the hash algorithm to use for computing the hash of a plain CoAP request, when producing the associated Deterministic Request. This parameter takes values from the "Value" column of the "COSE Algorithms" Registry <xref target="IANA.COSE.Algorithms"/>. This parameter <bcp14>MUST</bcp14> be present if the OSCORE group uses Deterministic Requests as defined in this document. Otherwise, this parameter <bcp14>MUST NOT</bcp14> be present.</t>
        </li>
      </ul>
      <t>The same extension above applies also to the 'key' parameter included in a Key Distribution Response (see Sections <xref target="I-D.ietf-ace-key-groupcomm-oscore" section="9.1.1" sectionFormat="bare"/> and <xref target="I-D.ietf-ace-key-groupcomm-oscore" section="9.1.2" sectionFormat="bare"/> of <xref target="I-D.ietf-ace-key-groupcomm-oscore"/>).</t>
      <t>With reference to the 'key' parameter included in a Signature Verification Data Response defined in <xref section="9.6" sectionFormat="of" target="I-D.ietf-ace-key-groupcomm-oscore"/>, the Group_OSCORE_Input_Material object specified as its value contains also the 'det_senderId' parameter defined above.</t>
    </section>
    <section removeInRFC="true" anchor="implementation-status">
      <name>Implementation Status</name>
      <t>Note to RFC Editor: when deleting this section, please also delete RFC 7942 from the references of this document.</t>
      <t>(Boilerplate as per <xref section="2.1" sectionFormat="of" target="RFC7942"/>:)</t>
      <t>This section records the status of known implementations of the
protocol defined by this specification at the time of posting of
this Internet-Draft, and is based on a proposal described in
<xref target="RFC7942"/>.  The description of implementations in this section is
intended to assist the IETF in its decision processes in
progressing drafts to RFCs.  Please note that the listing of any
individual implementation here does not imply endorsement by the
IETF.  Furthermore, no effort has been spent to verify the
information presented here that was supplied by IETF contributors.
This is not intended as, and must not be construed to be, a
catalog of available implementations or their features.  Readers
are advised to note that other implementations may exist.</t>
      <t>According to <xref target="RFC7942"/>, "this will allow reviewers and working
groups to assign due consideration to documents that have the
benefit of running code, which may serve as evidence of valuable
experimentation and feedback that have made the implemented
protocols more mature.  It is up to the individual working groups
to use this information as they see fit".
<?line -22?>
      </t>
      <section anchor="implementation-in-californium">
        <name>Implementation in Californium</name>
        <ul spacing="normal">
          <li>
            <t>Responsible organization: RISE Research Institutes of Sweden AB</t>
          </li>
          <li>
            <t>Implementation's name: Cacheable OSCORE for Eclipse Californium</t>
          </li>
          <li>
            <t>Available at: https://github.com/rikard-sics/californium/tree/cacheable-oscore</t>
          </li>
          <li>
            <t>Description: Implementation in Java, building on Eclipse Californium, see:  </t>
            <ul spacing="normal">
              <li>
                <t>https://github.com/eclipse-californium/californium</t>
              </li>
              <li>
                <t>http://eclipse.dev/californium/</t>
              </li>
            </ul>
          </li>
          <li>
            <t>Implementation's level of maturity: prototype</t>
          </li>
          <li>
            <t>Version compatibility: -08 (which is the last time the wire format changed)</t>
          </li>
          <li>
            <t>Licensing: according to the same dual license of Eclipse Californium, i.e., according to the "Eclipse Distribution License 1.0" and the "Eclipse Public License 2.0". See:  </t>
            <ul spacing="normal">
              <li>
                <t>https://github.com/eclipse-californium/californium/blob/main/LICENSE</t>
              </li>
              <li>
                <t>https://www.eclipse.org/org/documents/edl-v10.php</t>
              </li>
              <li>
                <t>https://www.eclipse.org/legal/epl-2.0/</t>
              </li>
            </ul>
          </li>
          <li>
            <t>Contact point: Marco Tiloca - marco.tiloca@ri.se</t>
          </li>
          <li>
            <t>Last updated: 2025-06-27</t>
          </li>
        </ul>
      </section>
      <section anchor="implementation-in-aiocoap">
        <name>Implementation in aiocoap</name>
        <ul spacing="normal">
          <li>
            <t>Implementation: aiocoap <eref target="https://christian.amsuess.com/tools/aiocoap/">https://christian.amsuess.com/tools/aiocoap/</eref></t>
          </li>
          <li>
            <t>Description: General purpose unconstrained implementation of CoAP</t>
          </li>
          <li>
            <t>Implementation maturity: Cacheable OSCORE is part of the regular release, but not well integrated in the security setup.</t>
          </li>
          <li>
            <t>Version compatibility: -08 (which is the last time the wire format changed)</t>
          </li>
          <li>
            <t>Licensing: MIT</t>
          </li>
          <li>
            <t>Contact point: Christian Amsüss</t>
          </li>
          <li>
            <t>Last updated: 2025-06-30</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="sec-security-considerations">
      <name>Security Considerations</name>
      <t>The same security considerations from <xref target="RFC7252"/>, <xref target="I-D.ietf-core-groupcomm-bis"/>, <xref target="RFC8613"/>, and <xref target="I-D.ietf-core-oscore-groupcomm"/> hold for this document.</t>
      <t>The following elaborates on how, compared to <xref target="I-D.ietf-core-oscore-groupcomm"/>, Deterministic Requests dispense with some of the Group OSCORE security properties, by just so much as to make caching possible.</t>
      <ul spacing="normal">
        <li>
          <t>A Deterministic Request is intrinsically designed to be replayed, as intended to be identically sent multiple times by multiple clients to the same server(s).  </t>
          <t>
Consistently, as per the processing defined in <xref target="sssec-use-deterministic-requests-server-req"/>, a server receiving a Deterministic Request does not perform replay checks against an OSCORE Replay Window.  </t>
          <t>
This builds on the following considerations:  </t>
          <ul spacing="normal">
            <li>
              <t>For a given request, the level of tolerance to replay risk is specific to the resource it operates upon (and therefore only known to the origin server). In general, if processing a request does not have state-changing side effects, the consequences of replay are not significant.      </t>
              <t>
Just like for what concerns the lack of source authentication (see below), the server <bcp14>MUST</bcp14> verify that the received Deterministic Request (more precisely, its handler) is side-effect free. The distinct semantics of the CoAP request methods can help the server make that assessment.</t>
            </li>
            <li>
              <t>Consistent with the point above, a server can choose whether it will process a Deterministic Request on a per-resource basis. It is <bcp14>RECOMMENDED</bcp14> that origin servers allow resources to explicitly configure whether Deterministic Requests are appropriate to receive, as still limited to requests that are safe to be processed in the REST sense, i.e., they do not have state-changing side effects.</t>
            </li>
          </ul>
        </li>
        <li>
          <t>Receiving a response to a Deterministic Request does not mean that the response was generated after the Deterministic Request was sent.  </t>
          <t>
However, a valid response to a Deterministic Request still contains two freshness statements:  </t>
          <ul spacing="normal">
            <li>
              <t>It is more recent than any other response from the same group member that conveys a smaller sequence number as Partial IV.</t>
            </li>
            <li>
              <t>It is more recent than the original creation of the deterministic keying material in the Group OSCORE Security Context.</t>
            </li>
          </ul>
        </li>
        <li>
          <t>Source authentication of Deterministic Requests is lost.  </t>
          <t>
Instead, the server <bcp14>MUST</bcp14> verify that the Deterministic Request (more precisely, its handler) is side-effect free. The distinct semantics of the CoAP request methods can help the server make that assessment.  </t>
          <t>
Just like for what concerns the acceptance of replayed Deterministic Requests (see above), the server can choose whether it will process a Deterministic Request on a per-resource basis.</t>
        </li>
        <li>
          <t>The privacy of Deterministic Requests is limited.  </t>
          <t>
An intermediary can determine that two Deterministic Requests from different clients are identical, and thus associate the different responses generated for them.  </t>
          <t>
If a server produces responses in reply to a Deterministic Request and those responses vary in size, the server can use the Padding Option defined in <xref target="sec-padding"/> in order to hide when the response is changing.</t>
        </li>
      </ul>
      <t>[ Editor's note: more on the verification of the Deterministic Request ]</t>
    </section>
    <section anchor="iana">
      <name>IANA Considerations</name>
      <t>Note to RFC Editor: Please replace "[RFC-XXXX]" with the RFC number of this document and delete this paragraph.</t>
      <t>This document has the following actions for IANA.</t>
      <section anchor="iana-coap-options">
        <name>CoAP Option Numbers Registry</name>
        <t>IANA is asked to add the following entries in the "CoAP Option Numbers" registry <xref target="IANA.CoAP.Option.Numbers"/> within the "Constrained RESTful Environments (CoRE) Parameters" registry group.</t>
        <table align="center" anchor="iana-coap-option-numbers-table">
          <name>Registrations in the CoAP Option Numbers Registry</name>
          <thead>
            <tr>
              <th align="left">Number</th>
              <th align="left">Name</th>
              <th align="left">Reference</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">TBD548</td>
              <td align="left">Request-Hash</td>
              <td align="left">[RFC-XXXX]</td>
            </tr>
            <tr>
              <td align="left">TBD64988</td>
              <td align="left">Padding</td>
              <td align="left">[RFC-XXXX]</td>
            </tr>
          </tbody>
        </table>
        <t>Note to RFC Editor: Please remove the text following this note and within the present <xref target="iana-coap-options"/>. Then, please delete this note.</t>
        <t>[</t>
        <t>For the Request-Hash Option, the number suggested to IANA is 548.</t>
        <t>For the Padding Option, the option number is picked to be the highest number in the "Expert Review" range; the high option number allows it to follow practically all other options, and thus to be set when the final unpadded message length including all options is known. Therefore, the number suggested to IANA is 64988.</t>
        <t>Applications that make use of the "Experimental use" range and want to preserve that property are invited to pick the largest suitable experimental number (65532).</t>
        <t>Note that unless other high options are used, this means that padding a message adds an overhead of at least 3 bytes, i.e., 1 byte for the Option Delta/Length and two more bytes for the extended Option Delta (see <xref section="3.1" sectionFormat="of" target="RFC7252"/>). This is considered acceptable overhead, given that the application has already chosen to prefer the privacy gains of padding over wire transfer length.</t>
        <t>]</t>
      </section>
      <section anchor="ssec-iana-security-context-parameter-registry">
        <name>OSCORE Security Context Parameters Registry</name>
        <t>IANA is asked to add the following entries in the "OSCORE Security Context Parameters" registry <xref target="IANA.OSCORE.Sec.Ctx.Parameters"/> within the "Authentication and Authorization for Constrained Environments (ACE)" registry group.</t>
        <ul spacing="normal">
          <li>
            <t>Name: det_senderId</t>
          </li>
          <li>
            <t>CBOR Label: 14 (suggested)</t>
          </li>
          <li>
            <t>CBOR Type: byte string</t>
          </li>
          <li>
            <t>Registry: -</t>
          </li>
          <li>
            <t>Description: OSCORE Sender ID assigned to the Deterministic Client of an OSCORE group</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX]</t>
          </li>
        </ul>
        <t><br/></t>
        <ul spacing="normal">
          <li>
            <t>Name: det_hash_alg</t>
          </li>
          <li>
            <t>CBOR Label: 15 (suggested)</t>
          </li>
          <li>
            <t>CBOR Type: text string / integer</t>
          </li>
          <li>
            <t>Registry: <xref target="IANA.COSE.Algorithms"/> Values (Hash)</t>
          </li>
          <li>
            <t>Description: Hash algorithm to use in an OSCORE group when producing a Deterministic Request</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX]</t>
          </li>
        </ul>
      </section>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="I-D.ietf-core-groupcomm-bis">
          <front>
            <title>Group Communication for the Constrained Application Protocol (CoAP)</title>
            <author fullname="Esko Dijk" initials="E." surname="Dijk">
              <organization>IoTconsultancy.nl</organization>
            </author>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <date day="10" month="February" year="2026"/>
            <abstract>
              <t>   The Constrained Application Protocol (CoAP) is a web transfer
   protocol for constrained devices and constrained networks.  In a
   number of use cases, constrained devices often naturally operate in
   groups (e.g., in a building automation scenario, all lights in a
   given room may need to be switched on/off as a group).  This document
   specifies the use of CoAP for group communication, including the use
   of UDP/IP multicast as the default underlying data transport.  Both
   unsecured and secured CoAP group communication are specified.
   Security is achieved by use of the Group Object Security for
   Constrained RESTful Environments (Group OSCORE) protocol.  The target
   application area of this specification is any group communication use
   cases that involve resource-constrained devices or networks that
   support CoAP.  This document replaces and obsoletes RFC 7390, while
   it updates RFC 7252 and RFC 7641.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-groupcomm-bis-18"/>
        </reference>
        <reference anchor="I-D.ietf-core-oscore-groupcomm">
          <front>
            <title>Group Object Security for Constrained RESTful Environments (Group OSCORE)</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Francesca Palombini" initials="F." surname="Palombini">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="John Preuß Mattsson" initials="J. P." surname="Mattsson">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <date day="23" month="December" year="2025"/>
            <abstract>
              <t>   This document defines the security protocol Group Object Security for
   Constrained RESTful Environments (Group OSCORE), providing end-to-end
   security of messages exchanged with the Constrained Application
   Protocol (CoAP) between members of a group, e.g., sent over IP
   multicast.  In particular, the described protocol defines how OSCORE
   is used in a group communication setting to provide source
   authentication for CoAP group requests, sent by a client to multiple
   servers, and for protection of the corresponding CoAP responses.
   Group OSCORE also defines a pairwise mode where each member of the
   group can efficiently derive a symmetric pairwise key with each other
   member of the group for pairwise OSCORE communication.  Group OSCORE
   can be used between endpoints communicating with CoAP or CoAP-
   mappable HTTP.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-oscore-groupcomm-28"/>
        </reference>
        <reference anchor="RFC7252">
          <front>
            <title>The Constrained Application Protocol (CoAP)</title>
            <author fullname="Z. Shelby" initials="Z." surname="Shelby"/>
            <author fullname="K. Hartke" initials="K." surname="Hartke"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="June" year="2014"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP) is a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, lossy) networks. The nodes often have 8-bit microcontrollers with small amounts of ROM and RAM, while constrained networks such as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) often have high packet error rates and a typical throughput of 10s of kbit/s. The protocol is designed for machine- to-machine (M2M) applications such as smart energy and building automation.</t>
              <t>CoAP provides a request/response interaction model between application endpoints, supports built-in discovery of services and resources, and includes key concepts of the Web such as URIs and Internet media types. CoAP is designed to easily interface with HTTP for integration with the Web while meeting specialized requirements such as multicast support, very low overhead, and simplicity for constrained environments.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7252"/>
          <seriesInfo name="DOI" value="10.17487/RFC7252"/>
        </reference>
        <reference anchor="RFC7641">
          <front>
            <title>Observing Resources in the Constrained Application Protocol (CoAP)</title>
            <author fullname="K. Hartke" initials="K." surname="Hartke"/>
            <date month="September" year="2015"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP) is a RESTful application protocol for constrained nodes and networks. The state of a resource on a CoAP server can change over time. This document specifies a simple protocol extension for CoAP that enables CoAP clients to "observe" resources, i.e., to retrieve a representation of a resource and keep this representation updated by the server over a period of time. The protocol follows a best-effort approach for sending new representations to clients and provides eventual consistency between the state observed by each client and the actual resource state at the server.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7641"/>
          <seriesInfo name="DOI" value="10.17487/RFC7641"/>
        </reference>
        <reference anchor="RFC7959">
          <front>
            <title>Block-Wise Transfers in the Constrained Application Protocol (CoAP)</title>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="Z. Shelby" initials="Z." role="editor" surname="Shelby"/>
            <date month="August" year="2016"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP) is a RESTful transfer protocol for constrained nodes and networks. Basic CoAP messages work well for small payloads from sensors and actuators; however, applications will need to transfer larger payloads occasionally -- for instance, for firmware updates. In contrast to HTTP, where TCP does the grunt work of segmenting and resequencing, CoAP is based on datagram transports such as UDP or Datagram Transport Layer Security (DTLS). These transports only offer fragmentation, which is even more problematic in constrained nodes and networks, limiting the maximum size of resource representations that can practically be transferred.</t>
              <t>Instead of relying on IP fragmentation, this specification extends basic CoAP with a pair of "Block" options for transferring multiple blocks of information from a resource representation in multiple request-response pairs. In many important cases, the Block options enable a server to be truly stateless: the server can handle each block transfer separately, with no need for a connection setup or other server-side memory of previous block transfers. Essentially, the Block options provide a minimal way to transfer larger representations in a block-wise fashion.</t>
              <t>A CoAP implementation that does not support these options generally is limited in the size of the representations that can be exchanged, so there is an expectation that the Block options will be widely used in CoAP implementations. Therefore, this specification updates RFC 7252.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7959"/>
          <seriesInfo name="DOI" value="10.17487/RFC7959"/>
        </reference>
        <reference anchor="RFC8132">
          <front>
            <title>PATCH and FETCH Methods for the Constrained Application Protocol (CoAP)</title>
            <author fullname="P. van der Stok" initials="P." surname="van der Stok"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="A. Sehgal" initials="A." surname="Sehgal"/>
            <date month="April" year="2017"/>
            <abstract>
              <t>The methods defined in RFC 7252 for the Constrained Application Protocol (CoAP) only allow access to a complete resource, not to parts of a resource. In case of resources with larger or complex data, or in situations where resource continuity is required, replacing or requesting the whole resource is undesirable. Several applications using CoAP need to access parts of the resources.</t>
              <t>This specification defines the new CoAP methods, FETCH, PATCH, and iPATCH, which are used to access and update parts of a resource.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8132"/>
          <seriesInfo name="DOI" value="10.17487/RFC8132"/>
        </reference>
        <reference anchor="RFC8392">
          <front>
            <title>CBOR Web Token (CWT)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="E. Wahlstroem" initials="E." surname="Wahlstroem"/>
            <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="May" year="2018"/>
            <abstract>
              <t>CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR), and CBOR Object Signing and Encryption (COSE) is used for added application-layer security protection. A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value. CWT is derived from JSON Web Token (JWT) but uses CBOR rather than JSON.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8392"/>
          <seriesInfo name="DOI" value="10.17487/RFC8392"/>
        </reference>
        <reference anchor="RFC8610">
          <front>
            <title>Concise Data Definition Language (CDDL): A Notational Convention to Express Concise Binary Object Representation (CBOR) and JSON Data Structures</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="C. Vigano" initials="C." surname="Vigano"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="June" year="2019"/>
            <abstract>
              <t>This document proposes a notational convention to express Concise Binary Object Representation (CBOR) data structures (RFC 7049). Its main goal is to provide an easy and unambiguous way to express structures for protocol messages and data formats that use CBOR or JSON.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8610"/>
          <seriesInfo name="DOI" value="10.17487/RFC8610"/>
        </reference>
        <reference anchor="RFC8613">
          <front>
            <title>Object Security for Constrained RESTful Environments (OSCORE)</title>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="J. Mattsson" initials="J." surname="Mattsson"/>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <date month="July" year="2019"/>
            <abstract>
              <t>This document defines Object Security for Constrained RESTful Environments (OSCORE), a method for application-layer protection of the Constrained Application Protocol (CoAP), using CBOR Object Signing and Encryption (COSE). OSCORE provides end-to-end protection between endpoints communicating using CoAP or CoAP-mappable HTTP. OSCORE is designed for constrained nodes and networks supporting a range of proxy operations, including translation between different transport protocols.</t>
              <t>Although an optional functionality of CoAP, OSCORE alters CoAP options processing and IANA registration. Therefore, this document updates RFC 7252.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8613"/>
          <seriesInfo name="DOI" value="10.17487/RFC8613"/>
        </reference>
        <reference anchor="RFC8949">
          <front>
            <title>Concise Binary Object Representation (CBOR)</title>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
            <date month="December" year="2020"/>
            <abstract>
              <t>The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. These design goals make it different from earlier binary serializations such as ASN.1 and MessagePack.</t>
              <t>This document obsoletes RFC 7049, providing editorial improvements, new details, and errata fixes while keeping full compatibility with the interchange format of RFC 7049. It does not create a new version of the format.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="94"/>
          <seriesInfo name="RFC" value="8949"/>
          <seriesInfo name="DOI" value="10.17487/RFC8949"/>
        </reference>
        <reference anchor="RFC9052">
          <front>
            <title>CBOR Object Signing and Encryption (COSE): Structures and Process</title>
            <author fullname="J. Schaad" initials="J." surname="Schaad"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines the CBOR Object Signing and Encryption (COSE) protocol. This specification describes how to create and process signatures, message authentication codes, and encryption using CBOR for serialization. This specification additionally describes how to represent cryptographic keys using CBOR.</t>
              <t>This document, along with RFC 9053, obsoletes RFC 8152.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="96"/>
          <seriesInfo name="RFC" value="9052"/>
          <seriesInfo name="DOI" value="10.17487/RFC9052"/>
        </reference>
        <reference anchor="RFC9053">
          <front>
            <title>CBOR Object Signing and Encryption (COSE): Initial Algorithms</title>
            <author fullname="J. Schaad" initials="J." surname="Schaad"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines a set of algorithms that can be used with the CBOR Object Signing and Encryption (COSE) protocol (RFC 9052).</t>
              <t>This document, along with RFC 9052, obsoletes RFC 8152.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9053"/>
          <seriesInfo name="DOI" value="10.17487/RFC9053"/>
        </reference>
        <reference anchor="RFC9175">
          <front>
            <title>Constrained Application Protocol (CoAP): Echo, Request-Tag, and Token Processing</title>
            <author fullname="C. Amsüss" initials="C." surname="Amsüss"/>
            <author fullname="J. Preuß Mattsson" initials="J." surname="Preuß Mattsson"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <date month="February" year="2022"/>
            <abstract>
              <t>This document specifies enhancements to the Constrained Application Protocol (CoAP) that mitigate security issues in particular use cases. The Echo option enables a CoAP server to verify the freshness of a request or to force a client to demonstrate reachability at its claimed network address. The Request-Tag option allows the CoAP server to match block-wise message fragments belonging to the same request. This document updates RFC 7252 with respect to the following: processing requirements for client Tokens, forbidding non-secure reuse of Tokens to ensure response-to-request binding when CoAP is used with a security protocol, and amplification mitigation (where the use of the Echo option is now recommended).</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9175"/>
          <seriesInfo name="DOI" value="10.17487/RFC9175"/>
        </reference>
        <reference anchor="IANA.COSE.Algorithms" target="https://www.iana.org/assignments/cose/cose.xhtml#algorithms">
          <front>
            <title>COSE Algorithms</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="IANA.CoAP.Option.Numbers" target="https://www.iana.org/assignments/core-parameters/core-parameters.xhtml#option-numbers">
          <front>
            <title>CoAP Option Numbers</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="IANA.OSCORE.Sec.Ctx.Parameters" target="https://www.iana.org/assignments/ace/ace.xhtml#oscore-security-context-parameters">
          <front>
            <title>OSCORE Security Context Parameters</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC8323">
          <front>
            <title>CoAP (Constrained Application Protocol) over TCP, TLS, and WebSockets</title>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="S. Lemay" initials="S." surname="Lemay"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <author fullname="K. Hartke" initials="K." surname="Hartke"/>
            <author fullname="B. Silverajan" initials="B." surname="Silverajan"/>
            <author fullname="B. Raymor" initials="B." role="editor" surname="Raymor"/>
            <date month="February" year="2018"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP), although inspired by HTTP, was designed to use UDP instead of TCP. The message layer of CoAP over UDP includes support for reliable delivery, simple congestion control, and flow control.</t>
              <t>Some environments benefit from the availability of CoAP carried over reliable transports such as TCP or Transport Layer Security (TLS). This document outlines the changes required to use CoAP over TCP, TLS, and WebSockets transports. It also formally updates RFC 7641 for use with these transports and RFC 7959 to enable the use of larger messages over a reliable transport.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8323"/>
          <seriesInfo name="DOI" value="10.17487/RFC8323"/>
        </reference>
        <reference anchor="RFC9200">
          <front>
            <title>Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)</title>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="E. Wahlstroem" initials="E." surname="Wahlstroem"/>
            <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments called ACE-OAuth. The framework is based on a set of building blocks including OAuth 2.0 and the Constrained Application Protocol (CoAP), thus transforming a well-known and widely used authorization solution into a form suitable for IoT devices. Existing specifications are used where possible, but extensions are added and profiles are defined to better serve the IoT use cases.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9200"/>
          <seriesInfo name="DOI" value="10.17487/RFC9200"/>
        </reference>
        <reference anchor="I-D.ietf-ace-key-groupcomm-oscore">
          <front>
            <title>Key Management for Group Object Security for Constrained RESTful Environments (Group OSCORE) Using Authentication and Authorization for Constrained Environments (ACE)</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Francesca Palombini" initials="F." surname="Palombini">
              <organization>Ericsson AB</organization>
            </author>
            <date day="14" month="March" year="2026"/>
            <abstract>
              <t>   This document defines an application profile of the Authentication
   and Authorization for Constrained Environments (ACE) framework, to
   request and provision keying material in group communication
   scenarios that are based on the Constrained Application Protocol
   (CoAP) and are secured with Group Object Security for Constrained
   RESTful Environments (Group OSCORE).  This application profile
   delegates the authentication and authorization of Clients, which join
   an OSCORE group through a Resource Server acting as Group Manager for
   that group.  This application profile leverages protocol-specific
   transport profiles of ACE to achieve communication security, server
   authentication, and proof of possession of a key owned by the Client
   and bound to an OAuth 2.0 access token.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-ace-key-groupcomm-oscore-21"/>
        </reference>
        <reference anchor="I-D.amsuess-lwig-oscore">
          <front>
            <title>OSCORE Implementation Guidance</title>
            <author fullname="Christian Amsüss" initials="C." surname="Amsüss">
         </author>
            <date day="29" month="April" year="2020"/>
            <abstract>
              <t>   Object Security for Constrained RESTful Environments (OSCORE) is a
   means of end-to-end protection of short request/response exchanges
   for tiny devices, typically transported using the Constrained
   Application Protocol (CoAP).  This document aims to assist
   implementers in leveraging the optimizations catered for by the
   combination of CoAP and OSCORE, and by generally providing experience
   from earlier implementations.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-amsuess-lwig-oscore-00"/>
        </reference>
        <reference anchor="I-D.ietf-core-observe-multicast-notifications">
          <front>
            <title>Observe Notifications as CoAP Multicast Responses</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Christian Amsüss" initials="C." surname="Amsüss">
         </author>
            <author fullname="Francesca Palombini" initials="F." surname="Palombini">
              <organization>Ericsson AB</organization>
            </author>
            <date day="22" month="April" year="2026"/>
            <abstract>
              <t>   The Constrained Application Protocol (CoAP) allows clients to
   "observe" resources at a server and to receive notifications as
   unicast responses upon changes of the resource state.  In some use
   cases, such as those based on publish-subscribe, it would be
   convenient for the server to send a single notification addressed to
   all the clients observing the same target resource.  This document
   updates RFC7252 and RFC7641, and it defines how a server sends
   observe notifications as response messages over multicast,
   synchronizing all the observers of the same resource on the same
   shared Token value.  Besides, this document defines how the security
   protocol Group Object Security for Constrained RESTful Environments
   (Group OSCORE) can be used to protect multicast notifications end-to-
   end between the server and the observer clients.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-observe-multicast-notifications-14"/>
        </reference>
        <reference anchor="I-D.ietf-core-multicast-notifications-proxy">
          <front>
            <title>Using Proxies for Observe Notifications as CoAP Multicast Responses</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Christian Amsüss" initials="C." surname="Amsüss">
         </author>
            <author fullname="Francesca Palombini" initials="F." surname="Palombini">
              <organization>Ericsson AB</organization>
            </author>
            <date day="22" month="April" year="2026"/>
            <abstract>
              <t>   The Constrained Application Protocol (CoAP) allows clients to
   "observe" resources at a server and to receive notifications as
   unicast responses upon changes of the resource state.  Instead of
   sending a distinct unicast notification to each different client, a
   server can alternatively send a single notification as a response
   message over multicast, to all the clients observing the same target
   resource.  When doing so, the security protocol Group Object Security
   for Constrained RESTful Environments (Group OSCORE) can be used to
   protect multicast notifications end-to-end between the server and the
   observer clients.  This document describes how multicast
   notifications can be used in network setups that leverage a proxy,
   e.g., in order to accommodate clients that are not able to directly
   listen to multicast traffic.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-multicast-notifications-proxy-01"/>
        </reference>
        <reference anchor="I-D.ietf-core-responses">
          <front>
            <title>CoAP: Non-traditional response forms</title>
            <author fullname="Carsten Bormann" initials="C." surname="Bormann">
              <organization>Universität Bremen TZI</organization>
            </author>
            <author fullname="Christian Amsüss" initials="C." surname="Amsüss">
         </author>
            <date day="12" month="January" year="2026"/>
            <abstract>
              <t>   In CoAP as defined by RFC 7252, responses are always unicast back to
   a client that posed a request.  The present memo describes two forms
   of responses that go beyond that model.

   The design spaces for the new CoAP Options proposed to represent
   these responses are now sufficiently understood that they can be
   developed to standards-track specifications, either in this document
   or by transferring the specification for an Option to a document that
   that Option closely works with.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-responses-00"/>
        </reference>
        <reference anchor="I-D.ietf-ace-oscore-gm-admin">
          <front>
            <title>Admin Interface for the OSCORE Group Manager</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Peter Van der Stok" initials="P." surname="Van der Stok">
         </author>
            <author fullname="Francesca Palombini" initials="F." surname="Palombini">
              <organization>Ericsson AB</organization>
            </author>
            <date day="26" month="March" year="2026"/>
            <abstract>
              <t>   Group communication for the Constrained Application Protocol (CoAP)
   can be secured using Group Object Security for Constrained RESTful
   Environments (Group OSCORE).  A Group Manager is responsible for
   handling the joining of new group members, as well as for managing
   and distributing the group keying material.  This document defines a
   RESTful admin interface at the Group Manager that allows an
   Administrator entity to create and delete OSCORE groups, as well as
   to retrieve and update their configuration.  The Authentication and
   Authorization for Constrained Environments (ACE) framework is used to
   enforce authentication and authorization of the Administrator at the
   Group Manager.  Protocol-specific transport profiles of ACE are used
   to achieve communication security, proof of possession, and server
   authentication.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-ace-oscore-gm-admin-17"/>
        </reference>
        <reference anchor="RFC9953">
          <front>
            <title>DNS over CoAP (DoC)</title>
            <author fullname="M. S. Lenders" initials="M. S." surname="Lenders"/>
            <author fullname="C. Amsüss" initials="C." surname="Amsüss"/>
            <author fullname="C. Gündoğan" initials="C." surname="Gündoğan"/>
            <author fullname="T. C. Schmidt" initials="T. C." surname="Schmidt"/>
            <author fullname="M. Wählisch" initials="M." surname="Wählisch"/>
            <date month="March" year="2026"/>
            <abstract>
              <t>This document defines a protocol for exchanging DNS queries (OPCODE 0) over the Constrained Application Protocol (CoAP). These CoAP messages can be protected by (D)TLS-Secured CoAP or Object Security for Constrained RESTful Environments (OSCORE) to provide encrypted DNS message exchange for constrained devices in the Internet of Things (IoT).</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9953"/>
          <seriesInfo name="DOI" value="10.17487/RFC9953"/>
        </reference>
        <reference anchor="SW-EPIV">
          <front>
            <title>Star Wars</title>
            <author initials="G." surname="Lucas" fullname="George Lucas">
              <organization/>
            </author>
            <date year="1977"/>
          </front>
          <seriesInfo name="Lucasfilm Ltd." value=""/>
        </reference>
        <reference anchor="ICN-paper" target="https://ieeexplore.ieee.org/document/9525000">
          <front>
            <title>Group Communication with OSCORE: RESTful Multiparty Access to a Data-Centric Web of Things</title>
            <author initials="C." surname="Gündoğan" fullname="Cenk Gündoğan">
              <organization/>
            </author>
            <author initials="C." surname="Amsüss" fullname="Christian Amsüss">
              <organization/>
            </author>
            <author initials="T. C." surname="Schmidt" fullname="Thomas C. Schmidt">
              <organization/>
            </author>
            <author initials="M." surname="Wählisch" fullname="Matthias Wählisch">
              <organization/>
            </author>
            <date year="2021" month="October"/>
          </front>
        </reference>
        <reference anchor="DNS-CoAP-paper" target="https://doi.org/10.1145/3609423">
          <front>
            <title>Securing Name Resolution in the IoT: DNS over CoAP</title>
            <author initials="M. S." surname="Lenders" fullname="Martine S. Lenders">
              <organization/>
            </author>
            <author initials="C." surname="Amsüss" fullname="Christian Amsüss">
              <organization/>
            </author>
            <author initials="C." surname="Gündogan" fullname="Cenk Gündogan">
              <organization/>
            </author>
            <author initials="M." surname="Nawrocki" fullname="Marcin Nawrocki">
              <organization/>
            </author>
            <author initials="T. C." surname="Schmidt" fullname="Thomas C. Schmidt">
              <organization/>
            </author>
            <author initials="M." surname="Wählisch" fullname="Matthias Wählisch">
              <organization/>
            </author>
            <date year="2023" month="September"/>
          </front>
        </reference>
        <reference anchor="RFC7942">
          <front>
            <title>Improving Awareness of Running Code: The Implementation Status Section</title>
            <author fullname="Y. Sheffer" initials="Y." surname="Sheffer"/>
            <author fullname="A. Farrel" initials="A." surname="Farrel"/>
            <date month="July" year="2016"/>
            <abstract>
              <t>This document describes a simple process that allows authors of Internet-Drafts to record the status of known implementations by including an Implementation Status section. This will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature.</t>
              <t>This process is not mandatory. Authors of Internet-Drafts are encouraged to consider using the process for their documents, and working groups are invited to think about applying the process to all of their protocol specifications. This document obsoletes RFC 6982, advancing it to a Best Current Practice.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="205"/>
          <seriesInfo name="RFC" value="7942"/>
          <seriesInfo name="DOI" value="10.17487/RFC7942"/>
        </reference>
      </references>
    </references>
    <?line 724?>

<section anchor="sec-padding">
      <name>Padding</name>
      <t>As discussed in <xref target="sec-security-considerations"/>, information can be leaked by the length of a response or, in different contexts, of a request.</t>
      <t>In order to hide such information and mitigate the impact on privacy, the new CoAP Padding Option is defined (see <xref target="ssec-padding-option"/>), as a means to increase the length of a message without changing its meaning. The option can be used with any CoAP transport, but it is especially useful when using OSCORE or Group OSCORE, since they do not provide any padding of their own.</t>
      <t>Before choosing to pad a message by using the Padding Option, application designers should consider whether they can arrange for common message variants to have the same length, by picking a suitable content representation; the canonical example here is expressing "yes" and "no" with "y" and "n", respectively.</t>
      <section anchor="ssec-padding-option">
        <name>The Padding Option</name>
        <t>The option is called Padding and its properties are summarized in <xref target="padding-table"/>, which extends Table 4 of <xref target="RFC7252"/>. The option is Elective, Safe-to-Forward, not part of the Cache-Key, and repeatable. The option may be repeated, as that may be the only way to achieve a certain total length for the padded message.</t>
        <table align="center" anchor="padding-table">
          <name>The Padding Option (C=Critical, U=Unsafe, N=NoCacheKey, R=Repeatable)</name>
          <thead>
            <tr>
              <th align="left">No.</th>
              <th align="left">C</th>
              <th align="left">U</th>
              <th align="left">N</th>
              <th align="left">R</th>
              <th align="left">Name</th>
              <th align="left">Format</th>
              <th align="left">Length</th>
              <th align="left">Default</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">TBD64988</td>
              <td align="left"> </td>
              <td align="left"> </td>
              <td align="left">x</td>
              <td align="left">x</td>
              <td align="left">Padding</td>
              <td align="left">opaque</td>
              <td align="left">any</td>
              <td align="left">(none)</td>
            </tr>
          </tbody>
        </table>
        <t>The Padding Option is treated as Class E for OSCORE <xref target="RFC8613"/>, which makes it indistinguishable from other Class E options or from the message payload to third parties.</t>
      </section>
      <section anchor="using-and-processing-the-padding-option">
        <name>Using and Processing the Padding Option</name>
        <t>A server that produces different responses of different length for a given class of requests might wish to produce responses of consistent length, typically to hide the variation from anyone but the intended recipient. In such a case, the server can pick a length that all possible responses can be padded to, and set the Padding Option with a suitable all-zero Option Value in all responses to that class of requests.</t>
        <t>Likewise, a client can decide on a class of requests that it pads to reach a consistent length. This has considerably less efficacy and applicability when applied to Deterministic Requests. That is: an external observer can group together different requests even if they are of the same length; and padding would hinder convergence on a single Consensus Request, thus requiring all users of the same Group OSCORE Security Context to agree in advance on the same total length for the requests.</t>
        <t>Any party receiving a Padding Option <bcp14>MUST</bcp14> ignore it.
In particular, a server <bcp14>MUST NOT</bcp14> make its choice of padding a response dependent on any padding present in the corresponding request.
A means driven by the client for coordinating response padding is out of scope for this document.</t>
        <t>Proxies that see a Padding Option <bcp14>MAY</bcp14> discard it.</t>
      </section>
    </section>
    <section anchor="sec-ticket-requests">
      <name>Simple Cacheability using Ticket Requests</name>
      <t>Building on the concept of Phantom Requests and Informative Responses defined in <xref target="I-D.ietf-core-observe-multicast-notifications"/>,
basic caching is already possible without building a Deterministic Request.</t>
      <t>The approach discussed in this appendix is not provided for application. In fact, it is efficient only when dealing with very large representations and no OSCORE Inner block-wise mode (which is inefficient for other reasons), or when dealing with Observe notifications (which are already well covered in <xref target="I-D.ietf-core-observe-multicast-notifications"/>).</t>
      <t>Rather, it is more provided as a "mental exercise" for the authors and interested readers to bridge the gap between this document and <xref target="I-D.ietf-core-observe-multicast-notifications"/>.</t>
      <t>That is, instead of replying to a client with a regular response, a server can send an Informative Response, defined as a protected 5.03 (Service Unavailable) error message. The payload of the Informative Response contains the Phantom Request, which is a Ticket Request in the broader terminology used by this document.</t>
      <t>Unlike a Deterministic Request, a Phantom Request is protected with the group mode of Group OSCORE.
Instead of verifying a hash, the client will be able to see from the countersignature of later responses that this was indeed the request that the server is replying to.
The client also verifies that the request URI is identical between the original request and the Ticket Request.</t>
      <t>The remaining exchange can largely play out like in <xref target="I-D.ietf-core-multicast-notifications-proxy"/>'s "Example with a Proxy and with Group OSCORE". That is, the client first sends the Phantom Request to the proxy (but, lacking a <tt>tp_info</tt>, without including a Listen-To-Multicast-Responses Option). Then, the proxy forwards the Phantom Request to the server, due to the lack of the Listen-To-Multicast-Responses Option.</t>
      <t>The server then produces a regular response and includes an Outer Max-Age Option with Option Value different from zero. Note that there is no point in including an Inner Max-Age Option, as the client could not pin it in time.</t>
      <t>When a second, different client later asks for the same resource at the same server, its new request uses a different 'kid' and 'Partial IV' than the first client's. Thus, the new request produces a cache miss at the proxy and is forwarded to the server, which replies with the same Ticket Request provided to the first client. After that, when the second client sends the Ticket Request, a cache hit at the proxy will be produced, and the Ticket Request can be served from the proxy's cache.</t>
      <t>When multiple proxies are in use, or the response has expired from the proxy's cache, the server receives the Ticket Request multiple times. It is a matter of perspective whether the server treats that as an acceptable replay (given that this whole mechanism only makes sense on requests free of side effects), or whether it is conceptualized as having an internal proxy where the request produces a cache hit.</t>
    </section>
    <section anchor="det-requests-for-notif">
      <name>Application for More Efficient End-to-End Protected Multicast Notifications</name>
      <t>The specification <xref target="I-D.ietf-core-observe-multicast-notifications"/> defines how a CoAP server can serve all clients observing a same resource at once, by sending notifications over multicast. As described in <xref target="I-D.ietf-core-multicast-notifications-proxy"/>, the approach supports the possible presence of intermediaries such as proxies, also if Group OSCORE is used to protect notifications end-to-end.</t>
      <t>However, comparing the "Example with a Proxy" in <xref section="6" sectionFormat="of" target="I-D.ietf-core-multicast-notifications-proxy"/> and the "Example with a Proxy and with Group OSCORE" in <xref section="7" sectionFormat="of" target="I-D.ietf-core-multicast-notifications-proxy"/> shows that, when using Group OSCORE, more requests need to reach the server. This is because every client originally protects its Observation request individually, and thus it needs a custom response served to obtain the Phantom Request as a Ticket Request.</t>
      <t>If the clients send their requests as the same Deterministic Request, then the server can use these requests as Ticket Requests as well. Thus, there is no need for the server to provide a same Phantom Request to each client.</t>
      <t>Instead, the server can send a single, unprotected Informative Response - very much like in the example without Group OSCORE - hence setting the proxy up and optionally providing also the latest notification along the way. The proxy can thus be configured by the server following the first request from the clients, after which it has an active observation and a fresh cache entry in time for the second client to arrive. This is shown by the "Example with a Proxy and with Deterministic Requests" in <xref section="8" sectionFormat="of" target="I-D.ietf-core-multicast-notifications-proxy"/>.</t>
    </section>
    <section anchor="open-questions">
      <name>Open Questions</name>
      <ul spacing="normal">
        <li>
          <t>Is "deterministic encryption" something worthwhile to consider in COSE?  </t>
          <t>
COSE would probably specify something more elaborate for the KDF
(the current KDF round is the pairwise mode's;
COSE would probably run through KDF with a KDF context structure).  </t>
          <t>
COSE would give a header parameter name to the Request-Hash
(which, for the purpose of OSCORE Deterministic Requests, would put back into Request-Hash by extending the option compression function across the two options).  </t>
          <t>
Conceptually, they should align well, and the implementation changes are likely limited to how the KDF is run.</t>
        </li>
        <li>
          <t>An unprotection failure from a mismatched hash will not be part of the ideally constant-time code paths that otherwise lead to AEAD unprotect failures. Is that a problem?  </t>
          <t>
After all, it does tell the attacker that they did succeed in producing a valid MAC (it's just not doing it any good, because this key is only used for Deterministic Requests and thus also needs to pass the Request-Hash check).</t>
        </li>
      </ul>
      <!--
MT: This second bullet point seems something that can already be said in the Security Considerations section.
-->

</section>
    <section anchor="unsorted-further-ideas">
      <name>Unsorted Further Ideas</name>
      <ul spacing="normal">
        <li>
          <t>We could allow clients to elide all other options than the Request-Hash Option, and elide the payload,
if they have reason to believe that they can produce a cache hit with the abbreviated request alone.  </t>
          <t>
This may prove troublesome in terms of cache invalidation
(the server would have to use short-lived responses to indicate that it does need the full request,
or we would need special handling for error responses,
or criteria by which proxies do not even forward these if they do not have a response at hand).  </t>
          <t>
That may be more trouble than it is worth without a strong use case (say, of complex but converging FETCH requests).  </t>
          <t>
Hashes could also be used in a truncated form for that
-- should we suggest SHA-256/128 as a default? (Its birthday paradox starts to kick in at around 2<sup>64</sup> deterministic requests).</t>
        </li>
      </ul>
    </section>
    <section anchor="test-vectors">
      <name>Test Vectors</name>
      <t>This appendix includes test vectors for an example where the method defined in this document is used.</t>
      <t>In the following, a CoAP Client C and a CoAP Server S are member of the same OSCORE group, and they exchange Deterministic Requests and corresponding responses.</t>
      <t>Note that, while they are consistent with the presented example, the values of the Token and Message ID in the CoAP messages are only indicative, as they are subject to change throughout different message exchanges.</t>
      <t>The considered authentication credentials of the CoAP Server S and of the Group Manager are CWT Claims Sets (CCSs) <xref target="RFC8392"/>. Both authentication credentials as well as the aad_array used through the Group OSCORE processing are also expressed in CBOR extended diagnostic notation as defined in <xref section="8" sectionFormat="of" target="RFC8949"/> and <xref section="G" sectionFormat="of" target="RFC8610"/>.</t>
      <section anchor="setup">
        <name>Setup</name>
        <t>The Group OSCORE Security Context specifies the following parameters.</t>
        <ul spacing="normal">
          <li>
            <t>AEAD Algorithm: AES-CCM-16-64-128 (10)</t>
          </li>
          <li>
            <t>HKDF Algorithm: HKDF SHA-256 (5)</t>
          </li>
          <li>
            <t>Group Encryption Algorithm: AES-CCM-16-64-128 (10)</t>
          </li>
          <li>
            <t>Signature Algorithm: EdDSA (used with curve Ed25519) (-8, 6)</t>
          </li>
          <li>
            <t>Pairwise Key Agreement Algorithm: ECDH-SS-HKDF-256 (used with curve X25519) (-27, 4)</t>
          </li>
          <li>
            <t>Hash algorithm for Deterministic Requests: SHA-256 (-16)</t>
          </li>
          <li>
            <t>Master Secret (16 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x0102030405060708090a0b0c0d0e0f10
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Master Salt (8 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x9e7ca92223786340
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>ID Context (2 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0xdd11
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Deterministic Client's Sender ID (1 byte):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0xdc
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Server's Sender ID (1 byte):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x52
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Server's authentication credential as CCS (CBOR diagnostic notation):</t>
          </li>
        </ul>
        <sourcecode type="cbor-diag"><![CDATA[
   { 1: "coaps://server.example.com",
     2: "sender",
     3: "coaps://client.example.org",
     4: 1879067471,
     8: {
          1: {
                1: 1,
                3: -8,
               -1: 6,
               -2: h'77ec358c1d344e41ee0e87b8383d23a2
                     099acd39bdf989ce45b52e887463389b'
             }
        }
   }
]]></sourcecode>
        <ul spacing="normal">
          <li>
            <t>Server's authentication credential as CCS (serialization) (118 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0xa501781a636f6170733a2f2f7365727665722e6578616d706c652e636f6d
     026673656e64657203781a636f6170733a2f2f636c69656e742e6578616d
     706c652e6f7267041a70004b4f08a101a401010327200621582077ec358c
     1d344e41ee0e87b8383d23a2099acd39bdf989ce45b52e887463389b
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Server's private key (serialization) (32 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x857eb61d3f6d70a278a36740d132c099
     f62880ed497e27bdfd4685fa1a304f26
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Group Manager's authentication credential as CCS (CBOR diagnostic notation):</t>
          </li>
        </ul>
        <sourcecode type="cbor-diag"><![CDATA[
   { 1: "coaps://mysite.example.com",
     2: "groupmanager",
     3: "coaps://domain.example.org",
     4: 2879067471,
     8: {
          1: {
               1: 1,
               3: -8,
              -1: 6,
              -2: h'cde3efd3bc3f99c9c9ee210415c6cba55
                    061b5046e963b8a58c9143a61166472'
            }
        }
   }
]]></sourcecode>
        <ul spacing="normal">
          <li>
            <t>Group Manager's authentication credential as CCS (serialization) (124 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0xa501781a636f6170733a2f2f6d79736974652e6578616d706c652e636f6d
     026c67726f75706d616e6167657203781a636f6170733a2f2f646f6d6169
     6e2e6578616d706c652e6f7267041aab9b154f08a101a401010327200621
     5820cde3efd3bc3f99c9c9ee210415c6cba55061b5046e963b8a58c9143a
     61166472
]]></artwork>
      </section>
      <section anchor="ssec-test-vectors-det-req-1">
        <name>Deterministic Request</name>
        <t>The client generates an unprotected CoAP GET request, which contains only the Uri-Path Option with value "helloWorld". The request is Confirmable, with a Token length equal to 8 bytes.</t>
        <t>Unprotected CoAP request (23 bytes):</t>
        <artwork><![CDATA[
0x48019483f0aeef1c796812a0ba68656c6c6f576f726c64

0x48 (Version: 1, Type: CON, Token Length: 8 - 1 byte)
  01 (Code: GET - 1 byte)
  9483 (Message ID - 2 bytes)
  f0aeef1c796812a0 (Token - 8 bytes)
  ba 68656c6c6f576f726c64 (Uri-path: "helloWorld" - 11 bytes)
]]></artwork>
        <t>The client protects the CoAP request above to produce a Deterministic Request. When doing so, the client does not include an Inner Observe Option.</t>
        <t> </t>
        <t>The following information is used to compute the Request-Hash value.</t>
        <ul spacing="normal">
          <li>
            <t>Deterministic Client's Sender Key (16 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x761c3081b8d8329790a8b321b3b4c3a4
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>aad_array (CBOR diagnostic notation):</t>
          </li>
        </ul>
        <sourcecode type="cbor-diag"><![CDATA[
   [1,
    [10, 10, -8, -27],
    h'dc',
    h'00',
    h'',
    h'dd11',
    h'190002dd11dc',
    h'',
    h'a501781a636f6170733a2f2f6d79736974652e6578616d706c652e636f6d
      026c67726f75706d616e6167657203781a636f6170733a2f2f646f6d6169
      6e2e6578616d706c652e6f7267041aab9b154f08a101a401010327200621
      5820cde3efd3bc3f99c9c9ee210415c6cba55061b5046e963b8a58c9143a
      61166472'
   ]
]]></sourcecode>
        <ul spacing="normal">
          <li>
            <t>aad_array (serialization) (150 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x8901840a0a27381a41dc41004042dd1146190002dd11dc40587ca501781a
     636f6170733a2f2f6d79736974652e6578616d706c652e636f6d026c6772
     6f75706d616e6167657203781a636f6170733a2f2f646f6d61696e2e6578
     616d706c652e6f7267041aab9b154f08a101a4010103272006215820cde3
     efd3bc3f99c9c9ee210415c6cba55061b5046e963b8a58c9143a61166472
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Plaintext (12 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x01ba68656c6c6f576f726c64
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Request-Hash value (32 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x404b3a7c9f8c878a0b5246cca71e3926
     f0a8cebefdcabbc80e79579d5a1ee17d
]]></artwork>
        <t> </t>
        <t>The following information is used to produce the protected Deterministic Request.</t>
        <ul spacing="normal">
          <li>
            <t>Partial IV (1 byte):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x00
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>kid (1 byte):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0xdc
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>kid context (2 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0xdd11
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>AAD (serialization) (163 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
    0x8368456e6372797074304058968901840a0a27381a41dc41004042dd114619
      0002dd11dc40587ca501781a636f6170733a2f2f6d79736974652e6578616d
      706c652e636f6d026c67726f75706d616e6167657203781a636f6170733a2f
      2f646f6d61696e2e6578616d706c652e6f7267041aab9b154f08a101a40101
      03272006215820cde3efd3bc3f99c9c9ee210415c6cba55061b5046e963b8a
      58c9143a61166472
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Plaintext (12 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x01ba68656c6c6f576f726c64
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Encryption Key (16 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x5d4671f0d12d27a59dec68c2e2ebcc88
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Nonce (13 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x46eb80969ab7389b084dd6f996
]]></artwork>
        <t> </t>
        <t>From the previous parameter, the following is derived:</t>
        <ul spacing="normal">
          <li>
            <t>OSCORE Option value (6 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x190002dd11dc
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Request-Hash Option value (32 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x404b3a7c9f8c878a0b5246cca71e3926
     f0a8cebefdcabbc80e79579d5a1ee17d
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Ciphertext (20 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x65bcd5d5edf413497bfdeec8975e2acafa702b45
]]></artwork>
        <t>From there, the protected CoAP request as Deterministic Request (76 bytes):</t>
        <artwork><![CDATA[
0x48059483f0aeef1c796812a096190002dd11dced010e13404b3a7c9f8c878a
  0b5246cca71e3926f0a8cebefdcabbc80e79579d5a1ee17dff65bcd5d5edf4
  13497bfdeec8975e2acafa702b45

0x48 (Version: 1, Type: CON, Token Length: 8 - 1 byte)
  05 (Code: FETCH - 1 byte)
  9483 (Message ID - 2 bytes)
  f0aeef1c796812a0 (Token - 8 bytes)
  96 190002dd11dc (OSCORE Option - 7 bytes)
  ed 010e 13 404b3a7c9f8c878a0b5246cca71e3926f0a8cebefdcabbc8
             0e79579d5a1ee17d (Request-Hash Option - 36 bytes)
  ff (Payload marker - 1 byte)
  65bcd5d5edf413497bfdeec8975e2acafa702b45 (Payload - 20 bytes)
]]></artwork>
      </section>
      <section anchor="response-to-deterministic-request">
        <name>Response to Deterministic Request</name>
        <t>The server responds to the first request with an ACK message, to which a 2.05 (Content) response indicating a Max-Age of 3600 seconds is piggybacked. The payload of the response is the ASCII-encoded string ". ID: 42".</t>
        <t>Unprotected CoAP response (61 bytes):</t>
        <artwork><![CDATA[
0x68459483f0aeef1c796812a0d2010e10ed010913404b3a7c9f8c878a0b5246
  cca71e3926f0a8cebefdcabbc80e79579d5a1ee17dff2e2049443a203432

0x68 (Version: 1, Type: ACK, Token Length: 8 - 1 byte)
  45 (Code: 2.05 - 1 byte)
  9483 (Message ID - 2 bytes)
  f0aeef1c796812a0 (Token - 8 bytes)
  d2 01 0e10 (Max-Age Option: 3600 - 4 bytes)
  ed 0109 13 404b3a7c9f8c878a0b5246cca71e3926f0a8cebefdcabbc8
             0e79579d5a1ee17d (Request-Hash Option - 36 bytes)
  ff (Payload marker - 1 byte)
  2e2049443a203432 (Payload - 8 bytes)
]]></artwork>
        <t>The server protects the CoAP response above as follows. When doing so, the server: does not include an Inner Observe option; includes its own Sender ID in the 'kid' of the OSCORE option; elides the Request-Hash Option from the response.</t>
        <t> </t>
        <t>The following information is used to protect the response.</t>
        <ul spacing="normal">
          <li>
            <t>Partial IV (1 byte):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x00
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>kid (1 byte):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x52
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>kid context (2 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0xdd11
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>aad_array (CBOR diagnostic notation):</t>
          </li>
        </ul>
        <sourcecode type="cbor-diag"><![CDATA[
   [1,
    [10, 10, -8, -27],
    h'dc',
    h'00',
    h'ed011713404b3a7c9f8c878a0b5246cca71e3926f0a8cebefdcabbc80e79
      579d5a1ee17d',
    h'dd11',
    h'290052',
    h'a501781a636f6170733a2f2f7365727665722e6578616d706c652e636f6d
      026673656e64657203781a636f6170733a2f2f636c69656e742e6578616d
      706c652e6f7267041a70004b4f08a101a401010327200621582077ec358c
      1d344e41ee0e87b8383d23a2099acd39bdf989ce45b52e887463389b',
    h'a501781a636f6170733a2f2f6d79736974652e6578616d706c652e636f6d
      026c67726f75706d616e6167657203781a636f6170733a2f2f646f6d6169
      6e2e6578616d706c652e6f7267041aab9b154f08a101a401010327200621
      5820cde3efd3bc3f99c9c9ee210415c6cba55061b5046e963b8a58c9143a
      61166472'
   ]
]]></sourcecode>
        <ul spacing="normal">
          <li>
            <t>aad_array (serialization) (303 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x8901840a0a27381a41dc41005824ed011713404b3a7c9f8c878a0b5246cc
     a71e3926f0a8cebefdcabbc80e79579d5a1ee17d42dd11432900525876a5
     01781a636f6170733a2f2f7365727665722e6578616d706c652e636f6d02
     6673656e64657203781a636f6170733a2f2f636c69656e742e6578616d70
     6c652e6f7267041a70004b4f08a101a401010327200621582077ec358c1d
     344e41ee0e87b8383d23a2099acd39bdf989ce45b52e887463389b587ca5
     01781a636f6170733a2f2f6d79736974652e6578616d706c652e636f6d02
     6c67726f75706d616e6167657203781a636f6170733a2f2f646f6d61696e
     2e6578616d706c652e6f7267041aab9b154f08a101a40101032720062158
     20cde3efd3bc3f99c9c9ee210415c6cba55061b5046e963b8a58c9143a61
     166472
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>AAD (serialization) (317 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x8368456e6372797074304059012f8901840a0a27381a41dc41005824ed01
     1713404b3a7c9f8c878a0b5246cca71e3926f0a8cebefdcabbc80e79579d
     5a1ee17d42dd11432900525876a501781a636f6170733a2f2f7365727665
     722e6578616d706c652e636f6d026673656e64657203781a636f6170733a
     2f2f636c69656e742e6578616d706c652e6f7267041a70004b4f08a101a4
     01010327200621582077ec358c1d344e41ee0e87b8383d23a2099acd39bd
     f989ce45b52e887463389b587ca501781a636f6170733a2f2f6d79736974
     652e6578616d706c652e636f6d026c67726f75706d616e6167657203781a
     636f6170733a2f2f646f6d61696e2e6578616d706c652e6f7267041aab9b
     154f08a101a4010103272006215820cde3efd3bc3f99c9c9ee210415c6cb
     a55061b5046e963b8a58c9143a61166472
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Plaintext (14 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x45d2010e10ff2e2049443a203432
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Encryption Key (16 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0xa8c8b7db5d05cfc7faa2bb1afaca6c2f
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Nonce (13 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x46eb80969ab73815084dd6f996
]]></artwork>
        <t> </t>
        <t>From the previous parameter, the following is derived:</t>
        <ul spacing="normal">
          <li>
            <t>OSCORE Option value (3 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x290052
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Request-Hash Option value (32 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x404b3a7c9f8c878a0b5246cca71e3926
     f0a8cebefdcabbc80e79579d5a1ee17d
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Ciphertext (22 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0xcbc7356c84c10b626fef8bd57ed2dfaeec175f8e44e1
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Plain signature (64 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x44879f32ab6e8533fd89dedada6e104d10d88ea42fa6d0
     c8e7ccb21e0088e0226ef98405a84f13525a22fd7cf327
     9f3b1cee59af3f45e96d38c48f38a0217405
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Signature Encryption Key (16 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0x85ca7c0bc5b8ea2e267b203dc3b71ce6
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Signature keystream (64 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0xf6161f5ea4d6375819924cbcac00f45a469c517f0a435d
     e590b7a242064d5afc092fa2290b480166701088a1c4ad
     06d3e933a3f21a39b3204f7159b977193ce8
]]></artwork>
        <ul spacing="normal">
          <li>
            <t>Encrypted signature (64 bytes):</t>
          </li>
        </ul>
        <artwork><![CDATA[
   0xb291806c0fb8b26be41b9266766ee4175644dfdb25e58d
     2d777b105c06c5bade67d6262ca30712342a3275dd378a
     99e8f5ddfa5d257c5a4d77b5d681d73848ed
]]></artwork>
        <t> </t>
        <t>From there, the protected CoAP response (106 bytes):</t>
        <artwork><![CDATA[
0x68459483f0aeef1c796812a093290052520e10ffcbc7356c84c10b626fef8b
  d57ed2dfaeec175f8e44e1b291806c0fb8b26be41b9266766ee4175644dfdb
  25e58d2d777b105c06c5bade67d6262ca30712342a3275dd378a99e8f5ddfa
  5d257c5a4d77b5d681d73848ed

0x68 (Version: 1, Type: ACK, Token Length: 8 - 1 byte)
  45 (Code: 2.05 - 1 byte)
  9483 (Message ID - 2 bytes)
  f0aeef1c796812a0 (Token - 8 bytes)
  93 290052 (OSCORE Option - 4 bytes)
  52 0e10 (Max-Age Option: 3600 - 3 bytes)
  ff (Payload marker - 1 byte)
  cbc7356c84c10b626fef8bd57ed2dfaeec175f8e44e1b29180
    6c0fb8b26be41b9266766ee4175644dfdb25e58d2d777b10
    5c06c5bade67d6262ca30712342a3275dd378a99e8f5ddfa
    5d257c5a4d77b5d681d73848ed (Payload - 86 bytes)
]]></artwork>
      </section>
    </section>
    <section anchor="sec-document-updates" removeInRFC="true">
      <name>Document Updates</name>
      <section anchor="sec-01-02">
        <name>Version -01 to -02</name>
        <ul spacing="normal">
          <li>
            <t>Shortened title.</t>
          </li>
          <li>
            <t>Removed some old Editor's notes.</t>
          </li>
          <li>
            <t>Updated references.</t>
          </li>
          <li>
            <t>Fixed/improved presentation of:  </t>
            <ul spacing="normal">
              <li>
                <t>Processing of a Deterministic Request at the server.</t>
              </li>
              <li>
                <t>Composition of the response to a Deterministic Request at the server.</t>
              </li>
              <li>
                <t>Processing of the response to a Deterministic Request at the client.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>Minor clarifications and editorial improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-00-01">
        <name>Version -00 to -01</name>
        <ul spacing="normal">
          <li>
            <t>Updated title.</t>
          </li>
          <li>
            <t>Revised abstract and first part of the introduction.</t>
          </li>
          <li>
            <t>Updated references.</t>
          </li>
          <li>
            <t>Suggested values for IANA registrations.</t>
          </li>
          <li>
            <t>Removed changelog for the individual submission document.</t>
          </li>
          <li>
            <t>Minor clarifications and editorial improvements.</t>
          </li>
        </ul>
      </section>
    </section>
    <section numbered="false" anchor="acknowldegment">
      <name>Acknowledgments</name>
      <t>The authors sincerely thank <contact fullname="Martine Lenders"/>, <contact fullname="Michael Richardson"/>, <contact fullname="Jim Schaad"/>, and <contact fullname="Göran Selander"/> for their comments and feedback.</t>
      <t>This work was supported by the Sweden's Innovation Agency VINNOVA within the EUREKA CELTIC-NEXT projects CRITISEC and CYPRESS; and by the H2020 project SIFIS-Home (Grant agreement 952652).</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA+292XIj17Uo+I6vyEtF3CIdAArzQFvWoViUxCPVcIss6zh8
HTobmRtkugAkOjNBFl2qjv6H/oDuh/6GfjpP7f6S/pJe0x5yAsGS7OMbceWQ
VUVm7tx77TWPnU6ndXcaDFutPM5X+jQ4uthEnTzpwH+CN2mS6zDXUaDgb+cq
vNVqsdLBeXL2Jnirs22yyXQW7LJ4cxN8mya7bfB68Rd4I7jS4S6N84dgmaTw
+CbLUxVvYKG3F1fXy90quNjcxWmyWetNngXH8u7V+eu3FydHLbVYpBp2deT/
vPH7R60oCTdqDZuPUrXMO7HOl50wSXUnNK90kox+sFK5zvJWvE1PgzzdZfmg
15v3Bq1WqPLTIMujVrZbrOMsi5NN/rCFJS8vrr9p3d+cwkdhDz8m6Xt72Nb7
+1PaS1u22A7Wu1UehyrL2wF+Gx5tB9s0+fAAX0gi+OtpsIPNzVottctvk/S0
1QniTQbLdIOzdfa3/8iyVhDwYc5v0zjLY7XxfhMmu02ePpwGZ7D3NFbwI71W
8eo0CM3T/6LW2U5nWTdM1q0OPEDrv+wG1/EqCZVd/qVKw8T9MElhb28vry6C
s6/hr7C61gCSy0wt/5KkUXajctjJYICbgIs9Db6HzynaUgSrXV10+pNRMOr5
m7y615HeuD2u8ZPdnD75L2nczXSrtUnStcrjO30Kz112XnTd7d0gkOEU684i
zqq/liu1T+ETb785nw7GA/PHyahv/jgfz+WPs/7QPDAbzu0fJ/2e++PQ/HE+
Mq/Ne3Zd+KN5YN6fjmlrZ6/Ouuevry66Z6ubBFD/dk1bDgJz0QH9Q2DGh+nv
EaDjabBUK4AE/l1oENcJ3Dr8K5Xe4IXc5vk2O33+/P7+vgu3rbqw4nMFCHvD
xPQ8TDJN/9f9cJuvV18ofx3eJqBs9/U2BxzvvtqtFzr9BVtFUuS1AlnrqduF
O9yqFHAyh5fLf5dDJPSFzsZ+gQ7CVNcFZtM9zz9039i3Pvs4wmos+wLWlesP
eeCWftrpVKjxX3MKxthMVgc0ptW947Za8WbpUwQh6cBiG7CrAiHA2p33+sEj
Ff6GeUh4QWd1H9+UfuUR0iLT6Z3uWObV2SR5vIQ/ItBrKK/hwQ5xuurjqeHU
la0bEl53VLSON+aUcyavo6sfOxdvLv9wVHedHfmv8Ldvu8EPO9iS/SkzuW81
3Ij2fsX33p9Pp/61X8GFBj8quV2ARqwzvAgQQfTqMl6tgx/yqHuE27o8fwVX
ttXpIRsDxv7t3/5jEyX/7/+hNqXdnevN++pvqws4/l94u0Y+1Lx/3cUlrsLb
dRzlpSWub5O1yqq/Ly0BwuPHv/1ft6s4C29LK7xUeX4bwxrFB4wywQL8HBBz
txE0Ce6BGQmhnVp94CWiFNAB0NxZGALKBnkSqOAFSJ0OgAlkXRj8qBdBsoRN
gxzNjrzrHPQG/U6/V0uasdb6w3YFaNbFPxKFgr6wQ/p8Ph8Pxr0evnj04tVV
B5nZ4TcLULkCrNObyLAFHyxpDvpO9YFf+XItdt3sQ66bJtyCI7xS92kSvo+r
BwjjTfm3/0yoxTwadLFX8DRqg8lqR/gF285vdXCZXJ8GcKtBcqdTklMllBl2
evNalImSmNCk3+v2+6Px8+GkNx8NQEUGlEHVB166uvjhG9jDn4Bbdf4N/vnz
UavV6XQCtUBNN8xbrR9v9UY0Y9yNrwOfbbcrQwyoYidhsgqOcYcn7UB/CG/V
5gYeWwMVqBvQr0PAgoVGPVK0cc0qOvwnAAEGdBKmCVAMal2gFsIDMciVdK2j
WKUPpH8CP+si4djFUDnVd/AoU+Nnae2ir4NkbRugA6/USKMkj4LQp/s2f+pX
MxO6wXfJPRwBPp7jwbI4AtVebzPaiBz6GdxIvIpz+CMyFLIHAiuPgmWarOlx
0JBu4AgkB9Pj7ESAZRgFvpIDC8kCsShwzQc8qHcV7n7cB1RudtIOFg9FS4lV
DbSs4LrSJNqF+MsQX9xkuwxW+V9Adufw5v1tHN7Ckw9BuIpxO7BVuEZZQWCt
cPuwGBwzAc7DR4GDsU2yXZkfZeauMqQbernLyAtUGq1AJf8iuJQNEYp+/CL2
/vqp1bo+HJ+Djx9FJf/0Kch2222S5lktesKWEFg6RfXHnh2OAth6q1ZLBDaf
PiOYpXqlHoKFCt87cAMzDVChCJa7DW1WmWuq/WKcCc6SoYaPuZVarYs7bXnJ
Fn6hNyGhdraDu/DWo7t1VEsK8UGka/Hhl1EfQRhNlk+fYNeXgBl11Acfti/D
K3sMrU+f2nyIJ3KiMnr/cgqv7LNs8cGJA+KzbkPEY/DKGAZrME7x0gokd5xp
DWvD1ggyU3zgsQ8BZ7Y4yehnSNyBSZClQpYAsUiH6cMWNwhgQkJea7Rk8Mt2
s8BEu7rbDkCnBrRfPeCj+EvENVAh8JthvEUKAAaFTA94BLNxhDot0VkBQ1yh
iFPISJbAEkFkERUAbvyIsMGPGwMEdoF7j7O1XA+6MppIAnlZEe2FLJBKgW4V
MMiM4a8CuOUIwLhcwuHzew1XhNCLUzgFySiCIdzaXYwHE6pXQGGnrdZvgssl
srcKzT4QxbKIa1su/0AwBmVii/gGH16CQcLcBB6/SVgCA3RubtsiAOK87W+A
fxr51B8Ev/svwBF9iZlqgONf+Zqvf7hCzoqwTGAfadA/7QegoGjgqHBrAFP0
9QSLNFFREOpUjCQWQlYgwAqwVgE1Fw/ExI3WICiHj3n4jFvPb7U9ND59f6tp
I7kn3/D8JOFEusH3rMBjyP1//9v/Dkdd7ABut0mGaJqreAW3mOxWUfAXvKgo
Zo0mgNV1N+h0fo83dLbxtA1ai6QUCJktaCIxOuk8NZ927J+zDacEYETxcgmr
AkcCxIb10RjOCBXdbyzVaeTH93hs3qv9BatvTqTB8ZNdCkZ3wCx86aMKHSxL
1vo2ucefgVQDgApe3MbityvIcAYGYcBfmMkIYcoOrH0bgNlu6YZZ2YkcGKjv
6zrxL7qL1TMEI4HYgnsQbwncjLAIR1FZnO+IpzO7R6MpDncrlZYX0xt0fQLk
AJYhOhQq2kudyoLgL8hkBQIVeRKzrMxsqMDmGCXl4d1G3eN/4cGG+yeE1htg
GivQtBLeN+A9sMAc0DFeRST5iRUlwBW2BIajim50BAvFyOBWD6Q4AehSptCK
6Njv40ChR5oYILxegoDKwCJEj8waPgB2WAgGhnxR4eXAxwC3RBcLVbphIWvU
A9k0XNDZamXVlvs4I+wAHkCamvLuzpK6FWDfXlwDyAHXIyTcby6uz78zf2eR
3x+iUoWAJqc4rBr5OxagrLe7XDvi8G+cPtgWrFTBHTB1ewwiGRWnsGd9kBSd
HSRFu8FlDhi2WiX3gl2W8jIgMXjK4yAqd5RrlGBkxiT56DotaEX0MjISk8MF
aW2wwOP3+jNxghBTRJfZsKeEGo2aLmEFEiJ68MlEATbEOd2OTy2AFucHEGKM
kRWNOhIZeajzO0U7Q1aYok5/h1RUwDFEhVTnKRp47uYTVsgIOLAxuHNrEnRb
Vwh4qxbAbrYotHRWuXU8KYiELZChaFtk+yVphMInCW4U/o1EEbCxOKXDu/WY
Zdmnw5VW6YoF5kqb2yYD4llWt5+WYguHJKu2EBFA4vdps5ZFZshCkS3Q2gX6
IFu13SLeCmoQKsqrIF6DoYTMkwkBzUr4ACk+wKXuE9jp6g4dmSADX8JRQVxu
kHoqomARkxS3mKkW1oAwlM5SinxMqKXxvf4W8QpXPwfKTeAcuA3RVdAtJtKl
ljdZS/FW3SHLrv+C8OqdxWvaH+pfiAitL74I3sH+zwE4mXgxlnG6Joa+20ak
xBAS6BVIFOS2zD9YeVyTehmvY2RpEWimIUoUDWLRIeIK5TXrqMoT23m8Blo9
B94gKg1x0uLDSsR4kcKdxvxeG/vf6IHAaNqk4BANrXQuNp+QS4qoIbSwjJmL
3gq6xGkg8QZkc+yKRoaLYoL0akLowMp1R8P1t4OSg4WLmAqerCbBB3+3vA/2
ofEAuE04mLGLRbNnGOFdOpjQAUU/0vV3Vme3deWSwZ5+IOTalLV82MoSuG6y
y4WI6OKJbVnOyRur91Bldbx3bwiBOa9G9ldkjk8HLICFZA1qNQoEGUDBwhUY
TI5mF6hzgMfsfiFaXWMAk87Hhq+18Zjrk16FDzPz2iZbkOBGcDJGkscaHhch
CYynY/TVDmyFD43yUKBPOg8uacziDZhNSfo+E2FptrZVOUBgQ3z50kSKko11
kb/i1/Dx48vzVyftFpnyVp9T75nc02RFoIUVAEvoyxsQ8sCfz8X0267UA2o6
TID0PDrIkCbN3trEjW2M3YgIT4dF9QM2uFjpOpsTcMJEUsh3QZBAj631NyDS
AiWDmZOkeP/WlcsqEAaKEFeYdlJUH9ZsKgPOIvLIjkSlzX3GYr/x8WPR9Y9O
ha8fxONHHrmSrOZFOzUim9VX0mKKpLwAXXcZ5878Mo5IEtIgd4ziSGdzKgD7
xKySCMhmoVEAFPPta6KNZJXcPATw149f5O4H4rZ7rx/AnklBvT56+e7q+qjN
/w1evaY/v734b+8u3168wD9ffXf2ww/2Dy154uq71+9+eOH+5N48f/3y5cWr
F/wy/DQo/Kh19PLsj0esZB+9fnN9+frV2Q9HNeSaCsCYC20BRJh+krUAocI0
XjCJf33+5v/5P/sjuLv/Amgw6PfnwJj5L7P+dAR/QUbIXyPBwH8FyD+0QGUA
uiV1CnVztQUNbQVXB0wkA6Nww4YuiOA/IWT+fBr8bhFu+6Pfyw/wwIUfGpgV
fkgwq/6k8jIDseZHNZ+x0Cz8vATp4n7P/lj4u4G798PffbXCOFWnP/sKDPvW
W1BhjUKrP2wZv/k+lgqkOogEsVAAtZgbiq1DLMmRprh82abKjOHCVoxnvrRr
fZXGGXWIo3ITooXydbxBL5E4Hd9q8UzxcsfnX79+axyl89GcXoQfWR9lfENK
HG72YkOOOn7t9ZXxr2Lyx6dP5o/EdIS3eO7XdtXOPcCDiYRZFFik7LPHXWei
nRkhsNH3DPsuK4nGIBZZeApMV3gIK5nEQWwEwKg9yBvJSABSgBsGAlEcdC2Z
pOJIwbB9ncICYnEFus8dqA7w8BIRh1YVsVzyyhYAQ/sSz42yXwpuE/IoqZxi
GBi8SNJC4KIU9gAoBEFwVgUE6MAZEbjYFMaeATUHGC6AWaJBlKGF+iFiqWOu
EUBmE4lHxrx7rLs33XZwnbzX5Ex7KdrB5YsT6yQRPQTjRztgKjV+LPFr3KPm
La7FTMVEZUcLz16rHOmIXWDsz3pgJd+tT7vKcFtG648iACvHMgBGJmhThJKE
QOjyyD5B0msyZhAPEBHEc9NGAc/xKM84Uc79SBH86jcjOCyCipfJdXBsLRJM
nDmx8dLCa11zCPmk1fk3WkcZez+IdOtfJ42AAvG5ItcL0CFvNGL7TfZ8jADQ
HxTagW18KdeARGxWWSwFneY2uFfWDaUjULSCQPCIKdhuCzA3Xj4IwiMJCcxp
8zX7JB8DuRxB0Q7j3PggeINE9kU1+JwAgpQPei1aJcku8+ILJYppI+Kwvhdc
UWoC/Ac+jZfPCVwYgQBp+AC6FOmUqDOgK4jZG/zurYlDmPQoh2FM4y/VBugi
NZsmLQjhWnEblnxI/cFBTiTU24GHbWm9OljQRjkNK6MLgauP4YzmwJcvghX6
hHBP7KsQ7zq7brrBN7sUf4zMp938FWQxdIv4BP5yvVuTJEswFJuz6RLfgVmJ
emZ2q1KJ/wBGFT9YvdQCPy/jiKEc64mu216XLkRMqAbDKS4YTh8/gpLeKThJ
rNVCguo3wXUcvtf5E3cnoWjgsHq1JFwhiYefwR0gJe8yFz9LMVt0I44OAi36
lKx8XCTRg2HZno8MHiFrI40zk2PEV1twmpGOUtowptZY37XbPAobj7+iOx6e
2qCeWA/NbotpgDxY+cOWHEpFgBnafwML5WAKWJboX8ITnZQE0Etzezl9z7s2
8WEaYBOgyYEWRzcsbW7U1nidAQgGzmhSGGI1gu6NY/P4AnoErpgjnhVdTB9N
quMmYZaJLqhP5PurVZsKISvi4slNqra34sVegD1Ou+aAQJFxG7ZJET7W68gZ
Eed6nflKn+BXnPoOMfJVGJXvWRacRVHMmQP+mdD1gGsen529ODltHclXf3of
R0ds0pifbOO7o27ra2POJ16qRUjR710IulPRpRqhOeYt+ZPkhR7xkeFSVjEK
wO8AE9Uy54wXDIHxERFtSYCnfLXKW00CekddNv+sEW7sTZHsou9Y5cQkjyyM
f7Pek2h4ugkltNje4j3LKzYm5j1ottVtXS4ZPbdovG8Y9IYnAFUv49UKY70K
lkFhiJLN55wiKNUqR0J3yJD4pzg2uEqPNWwlUIvkTp/wEZyHUIJ/QOfAs1FH
Fv3C4it6t5bIie7RG19UflClTI320rqqBaHzB4tisCMl3AeHgTJdnuXoDZE1
wBKTFcXsEaROJFFninWjJUzua+c9g0XR/1TU59mnKUKLYQ6KAP4MbhTAiPrf
SgIrfuaXqhdG5Q9mBFy5mFrsovg402s99gmahLcaWF5UsaOiRPMDNxj5BGQC
obuLI0VeeLDyk3s2Viixq1HntdAXpVeiBiJ+kiUZPdnuBiS8JEujlPQxBHV8
JGglgKKdGLTAQDrntosIYm9lJFkLnMMgxmy9fLDOIpQEez6tinwVlZdbI2CL
W7oWJZVEhYhwsd8x3QBkT60DW5V1CRRHBqz4tQ4fFPdJyRVmszV0aAwj3/dH
ZzhfgVoXXBiYHQvvlgoldBndmIgRm54nlKch713a93Yb+ybrEmj2GnAAkw9u
SSGuW9CI+RW5YkkJJKdxhGalIpkqYQ35mM0fWSd3Ajk8VpxLIpGVC2z4MnsJ
NTrZOd+CAaVuUjApOsnGsjkOBkhK1kqFVaXFRpAE9+Bkbar1YU8wHVqYJejF
8V0h/FvMYKjURFivgAUFkQb8P5rCxvrBS1RoL+doEpEayBH7+K/ILiuFFvl9
HGoXBCfBGW+2uxz3rcQjykx5pVXEJCwskU5YENqeN4eWPMuyJIx9eX4BAh24
xAa9HC1P+NMp6G69M8SYRpftUkucZeQt5EvoD1sywD3FVpRAUoTpuVBtc2Dq
EZgclA2E1mnINgfK9w3wY0r4CZAbhYXrqYJOVCA2VgsfxBBJBnRK8CLHwUKT
DwPzghAcXXT9CXvey5X5bQaKWP3kn4XVWd/xzSGAo/WCW0vI7N/YziCp2K9C
CRzwg42XBOHZT/JarSVWzP0oepTFxvR94Rh3wRyzgrQmfUj5MHPgMbkhwkwz
Jj3xTSEpxxRpV8zFW8d8Bev45hbjAZRIRWyzbbKRfH3XuckoSLWRqgPKNSso
Oy6bfG9mBigxxKcRiwUuTl3j+CzmvMFuNxpwloS43U+GdIn8Iab7dNkPERkE
DXYkBhv22I4imjMx802GjTJiBTdmXJNAASlFaUyiAnMASYEs+jbRT2o9dZLt
gnqx4RztkrFQu/t9bkqOqxRfe7dxL5gl9p2+s3MvfJIglzmst2FQc7wHnUpN
vj5k8ja/BCkLb4nydTgs1bIetLX6wL9NNWe3xfxEs3pEnopd7jQkvaLbwUuR
bxm0sxlCrAB5VGdvbQuaC6t4pAldSWLeJeCa+PRfs0FrigbhEnvBcapvkPRT
kzA+GfXRMDQOz00SsB1sNT+LEeQ8ZGkNT73eoSAqfYJQLz8xPtlFQhUP/Ai7
tDYd83erjJs6iRsQuzfiECCHpmQL2PQppnXUl7ZYNKvWxA+Rjv0ti2Dn+mMO
0yMplj6LSaagz2aSkShZBR8ejI2fcz4qilkXEihr3AVPoogQcVTBpvgmihBq
ex52K3HqHgyO8d4b4HzC2gfwUZQK6JNxXIWccshLtqsHUHpXWdJmILCmU3Uc
Czduolh9h7bgirJlMWfTMA+QFcQJ4ptNIpktteeIN0aAe27Vs7skxpyuPHdV
O4CwF9fqxnvPd+QrvP01a0KAvirytnJLSgqBHUkszm1yBmzsnrII8fCb3NPX
MavwwWoX9OE7tdpRBMYrKFqskvB9hwQAqZJLzlGRMmcJuznjHZEu5ZeyygaZ
BYjR+36T3G86QMyA4P7XAThP+HybuRC5bjISY5xEwDfB+wCx/NcPX05OzDYw
CqJXxPuch9D6+OnuuCRwBVdbSOFJNr7mUEi/aLeKPvlbvdpmmN4BvOqvWtR2
q/KRTDcHSp3attVpxySCoEtZocZm9ZH6OIIr2imk3RxQnUCnZ/KqgbPkP2ri
Tew0XYqyaBMawIrXyIPAxN0+ywppRLuMEjVe4vXs1sE1rirdDkCuAZiOX16/
O6FLY5azDL52m7j4kKOyI5rEW5ATtNq1jZodf33x9toEWoeDIfrcMvPRinBt
k4NkJ3nqGIUGorjXq5W1LCg9NBMXvHhztjFij/LvnODEmgupOF7KLfDYe/Vg
8/lRFTRVfjewn90CuyRwzfn9Df43DQFXn29BFj4fjU22+7VhBW8QXTaWG1R8
51v+PZxbxIdxt65AjOak20XIZ1X68CwLvLTFSFMiuiQ85yaGQZlsHCS1wadm
b77JLgFVAtjgTX5rxIafIo7QaXhfMJqdlWQwH4N4RzLm11zGfVIMFPPVnFhb
FKCgxTRTfuZfngBnkb0ZAmFbDu1FsSrYziXuuk5QLsCXAYxpcX8FD2rVNMXY
eAOf89PUjmNkSSfC58PbxNwsR/r70zG7jZsc/gxeQKFFvPGKm5uyM0l8Eypk
fn4b/tH/uLgOSRYTubE64auHx8mOtCXvNTKQjRpIgcssd85OuAcvhcnxTySN
Yh2l8N0tFn2I/522TJFy4P+Cpjt2flpFQZwdtlhCXI5AkoC5t6BQEje2yhKW
YOS3VtQ1YGSG+bik/vKW2IVpiBpd2rALT2d1woISKNFW14GXZm7S8igxMo+p
ngdMb7Ddd5x3xFqVcFRvYfQEgNojFh/mvXKhJgdOM7b9MACtlTXS6AP5A6cM
mhIMBAS7STk5XQwMlCsUmbLWWsYpXNkewyKi1ySzi/y85NChoJ68QHqVK5tA
uzE4fq8f2uzzOBGa22W+cEKniFTkEEM1ARJjfK7Qn1iwxIr6RtVMN4qbaD3Z
bpWbeiEuYEbNyyGrRxdE7IUd0xmk4rmaXgEAfYGeswwhL/5P9NrvOJCEKABH
CiUQu91y0mutc9QUkbrAEyYF5OKPMht00SOpgqM/3UkpVg2sjrnKzzgaDZun
J8mPIwtTExhO2j9pu5ov5wRgOFLempUMHOdGJOu2zsC+QNMGFTFO0KxG1iSm
YJzB2c7mxjKXxrOv0VWIOcdxRnjpHkKNYoP+gxWV5tliB/aZo2tjl6J9i641
4EfrrZiI6BJi2ogzk6qJ2QsfkLPdsNeRrhxPvRODnvZICFRM4ydsJdxgZEWJ
02QQsYOMIrAovUAYXf6BjfCN5yoy6QjjLuUj2EBlseRcB6NesEBGre6AgSg/
ycFbnaIrD8GSUg49+Jb4U14pT+AjCTcmmoiqaN8gmAqVb2TYN8IsdOp3LooW
cEXn/Zd8BtdFqBASI0YP1hriGJa1GJ6Yo87gBQ4a07PRsSr5MFvyVmukyjSB
W2zz55knMpUyijSdxbAUcmXzCw5SxZc8qsX0lv2Ig44DisS0HSJKYVW0l9Tj
TBzHlAOPTENYCX7TOdzBIM5EN+QQgkhiAwjnq7EVG4mXq2Z4E22HNieGC7tb
WEWSdk+cJ3yrzdE63+Hzonc4gVMXtilW7hQ/7weTqnDA+C3mLdLPEuuTEZww
iiAl1yIecpcAwb6aYiuOLvNTzZrZtQvAkM8EA8nFU5vcVC/DjyKTu/VapabS
9+PHAiyIv6GFy3vWaBFFWXBN1D9CEHjZr5yB4zZxsWIdoB1cqaXG+ohvOP2+
XQg/UW1Y53vD//jeMVETPwIn+zl4lXSxb8nPwTn8+w7+fQX/vsX/orQ0//yM
MYU1wOpn7EGDzPxnANdSodD4GVa5/vrFeDSDHwalfwtQ+hkOoDB36mdyWNED
x0BuIIlhlY+nwRdVAHGPli+PmhDt+PzLc2AmKIPawbsv320ygEc7ePXlq4QO
T2d/++Vbe+qTIzb8vzxCh4lOj0TpqVscVdiIAxYrk+VdumahQvO2598pWHTW
BGg73ci53dDM3rqY72XueLV3WWw8yup/QG8KyFNSRFQKwiMFTEMFO8HsSrQm
CvVn7IVk25G8h3yNpgDXX9RkisjvcEHkQGAmeLqKI62CgsP5Z3AA2ZnEm9nZ
5RpiBMF//1NwEcV5kj6jk+rT4EVC3BuZFWm4Xkm8g/dXwX//M75+Zpd7ljVc
XZsl/JoDirDtSBCWHFFoQcBrcK9yg4J69cuZQK0fa4FlYnHKiXSkhalFSN60
qeI37Qt5EwKawuWaPCUC45UwsmP2thovL0DqhK03yTVA/cwZr8ZENi7aps9j
tyvMG8UjehdIsJO4EHqCi2BeAKe5jyNALuMuCtnpjHemMKMO/eztALTF1JPu
XHSHTkOyJMBiZD3bupGLO0wsgJyzF74hSXE2VCjqP+quWPVu/HNeJwoUHl45
yJ6cCGt0cosiqlqgu/NS3doSskVV2SQrFfDLy1BG+8460mwuQD0aEAy86K9J
GeIcD1M2ZiqMpFhsoeG3J67OTLQjSW429ZuUVOwFhH3nuWSNGJ+7Yq97Qza2
F8WXrLO9oG8/iQQM+IqkQBsp5KhQtY84XW2J1OEf8V34Ugz58uyPbFVsHtgB
UW7r4L5j3M7Gwch1EQZglbL8jLuNue38ltJHpU9IhtHxOCf3BoZtk5TJSEos
xdwsrFwM06i6o/rNTvBkKorqH3R4a1jeMvAyUURAmUiix+f9lyjxirNVGmFv
odf8pUe+0kW00zGJCufkPeCeWVHkNARzH4wr1pCqW+VWZY9xZhvkMM6QhvjT
nq1i9qpWksljggam9BDvJ+YOMYx4lIwO/09BU9uAwqZe6SW6m8wq+ziAbUhi
EvPNoqSCprRQ2xpfu0xbkGOag917bvaeScLUO7KMqim7fhysa/gH3YSXbd2W
YhKPdez/2iVDABk0qNVY/hAZhiBNcegMphEEJcCaws+6FKoKLF4Ttu0yF72p
u0QKseDeKG4UArYYtuX1q8ENS5CcdDFb+ioJ0t1mBVVa72U+i6zmHZYEXF0+
9SdXrt8cFBCLDg79xOwMTJBsCsDC45wxmvixOE4ssZ4qlx5UzCrGp2jnXwRv
vDxX3ur+vXa22NTbviFWwCM1DtVeeWJGZ45jULEpVfIUKzO4s4fpZlN1bJ7b
fnw2qtctR1xyzOAw2hsqSzZH1JWj7Fm87ftogVaevY+jZ4FtGWxRsMkVRJcr
Okel8oTK4LweMbIjMMD2bUkitAcegCyy9XonpiE74Uw3gVW81MQUa7oKeX6X
2LOuVvEGri+7dWlZ1j/CVfrBbotkLBX7fou1cgpzIYvC4IY8Iy0XXA5ssbap
UrrUPax4ydqE7M80bjXjBqVUKLoQ4+Y1vhVV61m5F0rz2xd4SY617qxW69sC
DpiUPvbgSxTINRdwwr4AAWy2WMzFxxAIm6HM+l06I+2yGCCovw+6ub8k7rFi
6RosyskMNiimuLGVbGHxwJSspCma7aVU2DhzDfMVYVNgAnmsipu9WfW6ePX1
1TpNrbhdMFhsB3YaMTswbizR7+7IxS6lT/4VqIUhmPpSrytKl9nw2lnRwebC
0/YGOrg2bMy47ERFc7U/1CrQVYWaggpur9YMGiodpNSdwkaQ+Ul6IxWD08Nr
ZpxwmiWAbg9QS03CnffNaJhWeeabkwJfr4c8CxvhRn5jnf1i8xFZxEIP/17y
jZqsvr3qo6ucRd0wa3IhH5jz+XnduGr9WlQlo4xfqG87bGqsrStSpW+d4IWn
YCv+pDALykS1nHP+lGpEy3KPU1iyRsx+lrmHu94Kmr1kwTNWon8CrRuEoum1
pKKfVJpiwZ6NLmDw6YGrwxYPIOxwegY2Sel9GPVO/JW90I3ZXA9+P+j6xce7
TJYtBgolSVtQvVEectcEErpo8NEa37lAgrsKihmcPkEwUxI17oCzlu3tLrg9
QkZM1iPeIrSIz1/lehv0mxaioKQNVTLcXiW5Z3tt1cMKu142RgOC4xiLkh9O
jETHZPgOBtpNkoF1thS9lKSL0VPMO4uxzWRDTsph4Z4oxmI9KD683hhq8gD7
faWGxZDToDvu9g8hqVqKMmZDSI3DylTwyJVac1DqTJZxioH09IbjZ/Lmdy/P
zjsswXC9F66Y4xuDnMffff/imwKqC+K5ax+UP5aReu6+dvn9y45s23wYFjWN
a8nZtM30DrSASwp3fc/i/aUR78ewwIngPt2aVEM7hcBVRHMQwyEXC3t0xHq7
kMyQhRbtAsNJNkcllfBpuYQBmQX3xWXH3na3WEmdu3Xa0evx5sTXpuzV1t5T
UUuX/ZXqYs/dl/HDRWXPHVCq7jLMJ8m7tYzzCRjDzhHDkZ6h9WDYp6zyDNUB
36YwPkR/GVAL06iKeHD/sMNRgez2e7PK3kHOFEIpKNTDG8akWdE7qogKnxwX
PolusceSl2XFQrq5rWRpKgE4KAndS1o3kvjAggAyCCaFoxRUgqfqAU0cbNYd
Hsa/3If8xApfMhzKTN1LQ4NDtGQx9u50Bdi1dFg+O0NhPy1esPRe8m+5LiOu
nOi9797M3XoVrIbV1CLQvcoch4Dn6HBj2OqsulVEtl63Nw6OqemRyYqVpq0M
Dk7zPZd7FBugWABiE3Di3CTScis78gY/kw6IhyCpmD2SNVSrc71131xw0j7W
LduUv1LSxPdsY6CENU0gnV1tTMb7W+wcV2e5kplZzeyKJYuPWI9NJKKGg+IJ
9Uouqg1vXUHobrOiMTJGDiiTuCGJTLYzObb13JtG0Jg6UvUjEYI7o95okMUV
ABTSC8PW2lr8MwnM1cUyF3wLDP8yDIvUMkHjo9L0sCN5GgAIhlXNmDJMVMDq
w+UOE9u9D2LexnKlbszKUjEhi8WmNpKyfQFUVlSbPBxBaLKuDVPi8t64ZG7v
5WlkVNYbwyZkQ2o+Jz/ygsUEG+q07pGuq4Z1N0BkwuEuo0LEth7b9GRvLLVJ
qlM2qIcVrFJsAdkBPRUzP7BRKmWUvea9cMz8VkkPbItZ7O6gGvfMuLZNawK0
y7i7UF3jpfqdGun0iG1rlmL5hNYzB639FiC/yHhmKInx/G6bFCuBGuxmZYsA
2DdXbo6mbDrDmUUNDvSaWre9WUMmF50VStdUO40l1rTReHa0pCotkKw4GHEE
17Ni7jFRbqnilQ3hSK85d3eepGeb+3JZiNTZDMNCKYTp8ZyJC/tQd1GDQ4/2
5FtMBzuDxTi22wqTmw0lEZbUvMUen0i0s24mf9pK3hREcQ1hyg7xoifZBEZt
VNxqlQcp06x9Xy4P/5LpkZAV0g/dx6RMWHOHu71+fwdTq/3YDq4O63noEfc/
oCI0G3kpXgAoHUA3BZ1wdIhO6KzqWrzzlfOG23IGgqxgsEzVEdKBBlchLiId
Xg1ralRtSsEZ3xx3O4FLirOnoggv0qAXu7W/LytO/yCXQxB0SqfEnRxs3HpJ
64dxhZO/i9/CnEJwziCiU8aHh3gwHAw+34lhHRSNHgr3lX9aJ4Xb4q/mp6ji
GVPTP9ohUfFLCufhngxGrqKVI12efxkr4g4WsSSWoZ0IzAa7hFOYclfWb0wB
c1N4vTpIimJfZtt7o2QisTamhNol15gwDwoMUz8p1pZ88RhYy0m1E8yBXA1h
ZFNsbGuAClgrjHuvWmQ23RTKHJcECy2VeSkyep+l+8vdKgeJUOvjqOKY85KM
DnUe1wRkitEX+snfLUJiQG2UajezD3vGW1sFJ4Egx8duzPjzH+NNlNz7SY44
DESScP1kJqokMj0EqloQFYyZb9bq/22TOiUZpQ9mZkFJ1TaKoJezRNH5q0IL
En4hTHjYRb0no7hDakRfHLtDAsvyotB0rZGiDSO9BlxA8JTII3ZP9FOU7BdF
Gyror3ZjkgDOjJgxLCtnXjrhuk+18yRvKZh8wDk8I/BTFYycg1XSYOMNp3Aj
QaHPl1M1OVuv6BAcdXu94PhrZas+TgKdpl5GWoFx4FpoG2CqEHnlXqoPnbMb
5/pzjum/6jThd6NY3WwSYigm7IXr+N3ehIqOXrjsPTQFdXRkmuZyg7c7KXMB
eOYqfG9E3s1OGixJ5npJScjVjbgDscndpnhBd6YwYJtQT1TJMqaTgAqBSZCh
az6R2cQU/w6KzYt1XYsaole1rDaFEgjgRAvqkqSNisXCPDdFtZQ1xgWyGVm+
BW6A0MqqyBHFWUidDX30AJyQ7vk+WgQFnOgHx+82rsNSBSnwVpzmQHm8RO1x
qTIDayVKngK5RqcMenNRt6adu39a1+No6ex/RglcHi5pJ76fuDTir6ZLuwxR
Ik+XVwOwVul71pmAB97YVsyesdSUOHa2KY9Dwk1xIw3MGJIRkzfYv4w6lBaa
WdpWaFQeYFzKcPgOHx7TsjnVmFzXpBN1OKnQrMUoj5xKMi3RMUr9thauAY/N
wVy3pZ/eX4p1KH7lxTXVdYuEInklrm16lMS/YV/igVvbC/Uw0Ha3o5WENfpC
zjouytKepB+HDUzHUefNjjdmnNXKa4FXXcSajtbldHDSfFcqYrCkQ/p7KVAb
kptkZ8ui0C9hs3DUOkMW1FndxzcuoYkKAA133ia52AqiAVBmVnavU/ZYSWY4
o2eRbZTQQVyNbw/wYz6a1upcmNJzyylMB3lKCyyHDps1y8Cs0mKSAf1oDYMp
enxahZE1Mkr9OMup7Q0uEBfRCW3AuJDjWi9GeB5ItVrAg9Mu4/ofSt1uhpdF
V1swlHMnmtwfp4PRF4S70doOhLxk4O9Pr5bxucVujtjgIc6oBkj7g/jMlAar
lFLdu5Mqnq1hk0UFsuJur83ePpHwkh81NNzrMAwtl7A1QamxFEkycGqwrxnF
6j5gKqqajDRsvtN6eX0aXJqAHPJnW/AlJWYm99SXm3WnMg1zE9484logFZKV
upSvWtTDpz4976ls4NGwQ79b0aCkxCWR/j8cVy4pl5Qry1HtWEqNCsWdzo1M
5+tVXO7blNKnNlxNmuk9vMqZmNgWoErpTkkr1NZ8FjdqQodh11gkTf4PE2Nv
CMRzFzpPWy/93pjbVjfCqDKHxRHfCj0Gy5rlY1kk1bKzUfXWhTkUqc05G5rb
f1X7KNsx5YdlcLiIpmgwUV2rCWOBqo1T8XVDx1fbr9UwfNcE6Mh4TY7IMem7
4r2E9MYaEsv+xZHoGj55QPITwoouvYYKrJq6IhnpNa5elKM7m7NVGoeC63hJ
oZVqTmlRErNzFRv/0wOcOONym4pIU70kB9RH/CteNVmyh8w+L9I7qUIIDzeg
RJZz7kyG7uaa1BULEdLnsYXwzW3xFyJtTBQ15oaUhrz8sRZFCvXny67tBENX
QCrzB13KkGzf2oJPLGUU71FxELuTFI5+2iamRugqDeJFOrkxhwd3Rcc0or8r
X6wPKXoMr759aoXhzZvpqMF/0i601ax2LhBZU/iF4FWdxCTVRyw1nhNgmph7
3QKCSc+z6yq9fSYcXrPdOk6s5f3+EZdxodWPzJWXZl6lTIaqomxy/A7QJC5L
dOVlVXIguhgm8K/YVymFv8cm+KM/wFekSzevY7pD2Ppn10G8HgQk7An0kmTl
TY9HaqrmwvjjBB9JiKlzCXtOoBptuYSdgyroLC99pHlC4RM0l6VR6UlKl/vZ
+L1XpSpr7k0aFcjG1wbVD4KTsR0O3VGclbXQp7z95PMU0/iLCQdVh4hXO/dI
io25rUL2GVOBKOo1bu9ifkdZ3DlOxKZNzJNLHOf5bPKCZwkMRbRsDnH9aorm
YWkhHIdqgvBhClrFbULa9N9JCJrhH09M0K7S09PaTPtQ8Vpdoeg1ybgbDENv
ty7m6SfZldhbSQ2mVJK7mDwehLHuIkfdfnfYLXex82enedU0inNsxYYL4Yyg
mzNPvCeL3eeMthsXN1NHF6+VK/e4r1ucsrsx1ceW/UqTIFxKirYLUVZU9IgI
7cdN7V5Dwh7s+6WRNaarzhfUxqxOumBaYD1OGQ+PpEjIDFUJvHNsn8qz3r14
Q4e/fOONPn90SC13ZKU2vpQk3ZApiu6ghFueosAuprC293dER2cqNeQz7SdM
+Amlzr34ZAMBBjp4/ZgJv1nTpfqRtNzqxJ8nxC39hOE6NGasl4neylCTx6UO
y41yZtWeVAtpqs8++EjryFV2+Jm9tqVExjT0oA0dPQa7brXH7i8mvewfQXvE
4m3arYwlyrzuNfau6isdMzuGNqoSlu9ZQ46HQZUn41QxhmzB79ImAhNurNj7
GJdyGX4VXi1pRockfWLG8UpMXtOqIOUG+Cx0qNVAGhT1gBrfA+zj/rFWQY+j
W9s2RhHnQgHLJZLGFoeHWtT4iJWfBj2rLh/KjAqUWTllRYBzPCwGxTz1xc6m
LeCDdHNY8iilpOhwN9N9nVbHY5GA0BtDHYRiGwGGNyRd7gLju/YypHOfl0xQ
DAy3q2VC3vE9PUzVJV7XqHb0lDu+mS5tclIcqAvCRsjphH3GzRsyrZ4kNO3H
8dUqT24olGwI3EOCAok/HoYztFUvOZsMXu4UJFW9VffIQd6qA5KlfhOc5bZq
rTx4qWISPs2qrjM9fRNsk1R6tDlmEmeuu0jX3+ewXbyLf4DZ81R7h+fC2lYe
l4dXHfCQpFIPilLzIdNQFRcpN+h4ctsNhEThxKUsV/z9mWSCuAlZ59RLitJ0
g4vNXZwmmzUl5xyfnV+cAJQAee+T9L00CB30emgLvdvfuIS4r+nnx91wC71T
XPeVhtoMvgLLzg8GuvUCP62xEjmD65uAPANo+/KwbNL/KwDBhfBrLcxJKZTR
fIdtB4qfGKI/UVL2TzYbmzuke7En9DLkmbgA7cA2SlvBtbDazxv64rqEBM8A
ND9xtuQlEAZiB/0IvbQ/qdXNs67kjyiaF2or8BzjiuGyOmbGbkf6KXbsJzqm
ds50XvEbYdPI8tQBTGXC19xI0dIG7bpFbyhmVanMhnG1G5JhNAyejK5tAU0t
4tQ1PRKV0t29SV+wPf6qTZy4V0aD/VbU9goA6RYdWtXPov3sPt0tAMle2cFA
+s/rxlSGKWfk0s48U+iIfGxHWL66W1umXK31fPt4rec/8x1eG+3A9Q/iilHK
CdCGjh/nRIrrSRAWMdhquJDlScVQQBbMu/1unwgQ/zQ4kDV9HodUwZUZIRX8
wVcQaB7pfrY5707+09hmE+8pFvaSclDsYY3Z1Pkua3085ThcvEmX4Sdj/Cfo
l5Km0qdMPpFeaSE3pxi0gdy0ymRcCD2i6dXpfDTwHQZG/aswWNja8ddJvNLp
Fmtqq9VwAxcPgjU/fTo9Kekm6I1IRTfJ6FD4PKc3lrNDmT5baKglQLIWSsRV
Y5sqYRQRFuCmD9424ck9ybJFD19ik6yNzjsvUrU0fUK9CmrKcIWXcIaZ1zWy
9fHjV/Y03UDq0/D3VrErb9sQsDlynLV8TwgKjkwGOl5cfyOF7Kh8ckW9qzuE
r8NfblLxYka48UyuO4O9vOHb3BTi+Zj3KT5PtXloYabWXRxhalIpD5WcIk6B
pxlBsMkkzThfk2VXC/cI3/pmlyIXWlMPVNDL9XKJNcAoAmgKLtwFGy8uE6Ll
a1hu/LY4Y0y6y454El0qgQOphrhNgvkKJsLPNoYAUWV8fetdlpv0YWleqmUA
FjzQArzApEyChB0uUsExMx59qXkkHZz1rVZAoVmL2lZGd3FmWiUZOLOPpy6Z
WX+IKfRy5pcT+CjUDo4IOaiemRwIAZYx6XvyYcKhUCuG91rEjzKDMDcbqu0t
jqLFumohTLGZTUPf1kJvgFg4mXi3IX06JJ+GDNVVZsITpjTjPCipFEbOhXBq
YaAxjR22UAWb1tFCUa6u+dZaSRzQAkNHlmAzHvW0JsACXLm7P0hCYfEebsqp
WVJmLdEcKk0U2Zv0QCPo4HhH3dbvvsLZUkFnMPjq9y3q5FrinKheqFUMa2zi
3RoVHJEPlDSXpDdqI4bLafD2EhQB+LVWKQAJp1HGOfUXA8hc3WM1X3D2NbX5
L3wDG/kDIz/loROEZiL4UfW5AEN0m+nyLs4sSqr8tG6eXhq/V2nUyeIwex66
d5/nqdbPbb6GSCtc8YVjS6c1UPhXIII259YQf9jU7QxDsNxl7jd1e9L8Rsff
T+ify7wHr8mz3UjfFfZfC78VGM8rBDMhCyj+p+SfS/KHLZ3tDziMKqEpcVt4
hwcfnQad3iw4tqnfxP7Qv0MyAP92j3NeGH2klWl0gsv9EIeoGG1uThsKfwgp
V/QU0UUtqKTWtbzAkXm4oDj9IIv1u70jm1pnH33DhanmoQE81AVj4/Ov4vli
lSyer0H/eP7D5fnFq6uLwkL39/ddc0FAA8/xX8tLnuto1bnr97rb2+3et1b6
Rq2e6+2qAxumi0WvigKViHpFn4LJk4ZJcB2vklAFHSyjCJNuTn/9lzTuZnS3
P+CV7bYRqvenwaA3GHd6k85g2kDNKgbeorZVNDo1vwp+ZzYc3qYoDtXGpOAT
6PIEeNNzefj57yu0860kIcngrWC3CT13RkmMAnKg+VLdjofKFb4QZ4VhNWDS
ShUKSfS2jb7iIE+SezdpISBlRjVmOqda1b8ngby8vK652XMD2eBsnf3tP7Ks
+SaHPVRo/fGShQF94tLyLX7v9588c8Yeu/iIidjaJKT249FErw076xLlN2rK
T2+TlddMyVOJrwvuUw1cPUkpBodaFnYxoUuRJNLHP9RuMhKjGLWsTMpaqKpK
EKgQhLJgcsNjaArYX1BdyjAUF9IMODuVzgzJlkxymQHRGCONUUGDC+BeUTw/
0ehdkl+JxfnKa+3Gv7MThWTktAsKIj5muEf7EzOzymfK7JU/zqSQ9twOr6XZ
qi6J0Iv8/5IwWClit6910aFlvLaFeqHSyStiJPGcGVerQ6oixnMNc4caTpmq
xUIhrRWneQK2mhKzWjYFhPs+8MwnLw1L8rxzmcKIE+zQJSuTW2QGgjewxlY7
UeDKjLCl/iCSySkeI3shLg5nYUaKJNqCIMyQBVE7Fq/AT9z5/qRQqpHjMika
OpPTTGmyBTe2h8K/Ir7jYEUiWorq0hzLdGM4IaiysFJ9wrZXYl3N+CxXdErA
p8E7FRyTHrzF0HemEVnR4JNKw5PaGi6pjEVTDh0Meq1wZ7YPe6EVLE8H5Aob
HM7t71YyfRWFHeEK1rbVSsejHy8Cityd3RAeAdAI0NsEZaGpn6QSC054oLhC
E2WwZU1EJXAGizvGEtVKPJFNKx+TMmsh8buZVFCZskxbOmm31eReS2Ui4jZF
LyITA10ZMQ7O3fCSCaoFmE8tzsW8k+Qg9O6yTeJYzCEhQ0s8a602Ph7Kq2ha
MwVSjtgy13vmG9iAKmGGTbIw5dKH7EfyZozHC+MDdmQxH540S1Fn+e6JKPAa
uDh0Uyg3rQwYQgFQjPYIQd/pB0Q/mp6JmRem8GBTU3jQ3ft9x8mU5AB5obti
+45yy33BhMcHal81VYc0Dd4A2yiR7NRL7kz1ODv6H4YLPcaiwbbSWxp/4Fh+
E5eV0V+mINj7/N+BfZlAyRZTy8KHRy6QGQuPgttwu/61jmLsgUfzHuRN48Vr
bKXJ5OAP0JHBnqmnXHlN82zYhDHYm/NsMs0djzAF4IxpXraJLbp3b8WSW7OP
I/AmEObuvTs8MXL3+K+6ckNmRPEbDCxu6odJov625d/z/CRb0nKLHPXe5GH4
1TKG6cLBqqMX16zP0Et1qQb1Z8NJjGCanr06q7NmMIDZ4JsXj60pmj/6+PG/
Xl388M2nT0deqTo8L7yrNr4pfnsbCaJJ1F1xs9snb1VDWQRdNEW1yL7m8bYM
ai7Vylz46wtznA5aylJkgyYZHR3TkLL34tSOotLntEyJtw1Vqx+qaaoKD3Ul
G0wegnv2WiId+YkFKHeXu1UpweA8eXtxgjxfQtLeV0xrp59NVVpQHff61gai
vPGuNQNd7dWZ5yaj+QwHwRr8lfX853DQaxmcHb7rrDj0Va7AjyjovXdVM9t1
LwLaai7un5S4VDb2tnNNngd515GmihCfTIa9xJd8FMW1iPRarW8kea+xZkTQ
Ptvd4NxVxiyDanANXbdEkUnIHE2GjCyC1BGH763xSXHn+OYW6dc8Ijh1gb7u
HLaFfnhAF3SD/Na+UFpXmtlyJRDDDWCDxMWGLRZeshIj0PH4sWkJnTtORf26
sRCeGgDbOXUypNbNNqVlt4IOGVtfhbl0j8GP0BMjE64uXNRbks47V2PB8GDf
/wp/ISBhjFAbaTavOYBAS4ingc2xGMhRPo43ILZWSqN07XR77X9D9n08GY+H
g5NCUrPURklnX3cdLPSwVlaC4qgIy4FEQlCSJIOTqpBAxmD++a3mwRrwIGJr
HgypVVdmdPc+d+6yQ+n49l/oVa6eywhoulCQ0iQ96GX7uJ1L5L9XrpsbNlTN
obRyPd9E+aEwhey7Lca+1fT8Kn9Kx5DmdiFK3o1c1NL6RVhZIW8ExUgFUJSW
T65AaiGBzzMCIuH+meREg07r8Vkva+KLpyXyfJY8eXxDVfHC73Thne55/qHr
Hi0JmV8hxa1G6vwmIFlzGvhZAPhTahf3g1ro1WnQHwGyGPo9sb+9ftjCi15L
OfyNAfhp0MG/FnzYn5evREHjQtYKf0dE4qmTZq3W7xbp70uHMhlDlUON9xyK
bk06fD1nZ7dOi8drSsPhmjmAOEqSkwoMvqtNR6oZZVjKOGpQaZtB0el0AgyM
olZoJBN7tY2yCnyX/LfhzjgOWJlt8npTwbaLe0ppDfCr9647ihtk7vkMkpRy
rD0bgekC2Js8aKoDL8vaM9XGFKKtGGOP8/jGWBDxeoshAArnEysRsaPvWTcp
qe6xS2ry6+gFJrZm+8TMK2cOTin9qVZiDvinNOwcaRUTNq0/hQaiweuo5pNd
ZrrYMNy8YbSbB94qMTpsY+5XcnmjveEVVC3veZYtHYoxBii/WMBji2Osx4dm
0EXSnsWw2KXkGaDcbrW+Zk8qWaUSOoQnvSMuHrwCxLK243N98b8D/5Ux5waT
/FZnbGdis0qU45KQt6YCe/4cWGbArtnfXpwKzPCnAAJKc6YPK8ZD7maAFg3r
h7QpVp7gk8kGtSKsrMHQWGAa9YLwN0ktRw8643jo0SYRK+jowfzkqE2YrWk+
4eqBTZbrqpFIhkodcnFwxo3LRR0NcMG8zsUSmRcpYWffbr1W1NmOKdUsSmd2
o/NMnvU1gWLEfSetUC8gInz6YsXHaAdXakklZKDM3qs0ajPSePFAihd2vjdz
XQC4WtG3C2tiEgdHXKhaTWptSKF7MBovueqxdA1lKo/MxZZzcFbqrZig9iUU
ZmvxC5ooW0tJ15gz5/DvO7Sa0CLyrKefMRiBUcSfA1GSfgYuyo0ESgZSIP9+
kH/NZfwMB1PAneAPSDn0zDGgkD4JxHYq3IMxlWrQ4fj8y3PgquwNeffluw16
b9vBqy9fJQRaguzbL99auJ7UmE8169b1RblomO7sUm0wExX5y4Y9aTc4dpW7
H6A3hzVbs5ZRbnGSiHF92gnY0h2TBDh2bab+hTozA4wNQr8ptnAvnqE81cF6
d+q8Q4CO7scempiYEw1wLjQs5M7Q9zE2ak3M4sUVQxd2MLwlf9iK9WRkEflj
kCexukUdHjcPWHO52Llhw6Ro24LCbm2/Zs/DRNaIMgeRMp6V30Gr1KxMSCFP
2lIymNd5qKRBpuWJsGYH25sWC/tR7VitvG/kibiwy0CE+/whfq854Vf5XYYw
RzDS7JSswt6UEcGuMw5iKIZFGeBibaC9YNUObPBLlpZeog8sfOBcemmlSNkE
LAyV5OvljfN+zMDhUzNLFXsqS+couQlWu0wFVQH35DBmFBMJL6+rnieTfktb
NAKWx47cxjzRDsMCYHGS45hqL+GRlSadHbs4ZX5x287U+Bk7G2R/mhU+uNev
T7z1JtV8x9Gdkq/at2vZrHfbZ6QnoPnsR5pLWMaFl1wqH4P+VpqPrQoBAUwJ
l4FX6ABNYnagO8PYVXABD9xEpPtvCgqLzWSv64lotcgz0dqilBhCsW8f6xmU
HMU1jfar5iPYUWxHYi8LQQLXZlcAO/tgiwLJw18BzdkfbStbBA1mm1CWjkm8
YfRlfeoanUK5c6mznp7TT/1x7l97iXISf0ZzHPf6BtTOHDiSCy9iNbtRnO+0
zUBvKrfixA8miI4tS+z4zZvQBGhhrCG0+RmxM+8tyzKasE3ra7BdJEuFYqDI
FQqmiOkXiK2aPphsW1FiOTDgN/dGLrtUOGdQlGZkGGw9krLB6ecgTjcyO5rq
sskBVFITGXCbxBAWd39YrJLwfcdVzB97rV3dt5amO4j0PcxOqGFI9et1nbEy
syjFhQWmlGtlOpR/zn2h4+qtwj0Z0EjATQBJRs6RuLz0B52G1PPNMARup2xm
0GBVVMaNPCkZmXyHaRzdsGy8UVs3eq0SInjy1gk9zJR4mX8jATdXQG0mZrG4
czlrttTbl7Xo3+DmIlWyaPv1WX5n6XG3NwyOsQcFMqx3G5u2bRpMG6WUY2/F
Ibl1X/Ii0ii3i3TrNQ1WJbZguN4CqIVMZKKoZJXcSH8+U4Lg8al3Gwpk7pm7
Vfp+QxF6c7cZZPr2bvyZZeh3KRS9UmzTa6pN+dJGnwyTHaJXZktoYDWekOYp
J7ahBDccon4OnthyHkhXKu1hS9fvyUrVJtXabrPSu7eXRNwmfunhtReOTwth
RV26LzuWcS0VtfoDZzMSLhLvAdZECUPILemiaki8gT461J7s06dnGfrG2ZQV
KnhDjctMqKRwW0dWESpcDY/wyWyBbhkp7PguXPgYtN02JSrxRf/7v+fbn9BF
8+//3ra83wsSBD+Qote5Tjov7VmcNGJ5eeL3Q+LvLNkS3bsjvujCjDGTQYV/
PuTLpjbN2B/aa+le5SjCCU2/tn0zBfY1euVJA4Wml3ZcEKc7xRsfhvXtZW0n
Czt2wky528bcHGFDWYx+uw8sBW5XwvVCayp776IGpCbaFANDWS7nkXM10M9m
6ICKCf3ZaFyITvW2Lt/lWWATWxjvQhkIjyiwy5z7zizrXQeVGGAvZzsycWuR
Pc4MyjiHstkpM1VkBrEZlGBPU+KyVjTKEv4eu8HZ0gwtart4mYyiElA6Miqu
3Lb7v43z4vYNa5STRu0GluLaGaWFuv7CyFhz2zZtdSvKKsfB8JbagVX4Ba3R
7tIftlSEXr9saUChNJOo2WMxgdYk1SnMS5IuK1tg9OI/K8w+KPdkV9xnZuNH
nSTF8rgQc0KRQONoXW9O0vvYz5FxwcTGGXKYSEQKvpfyZnW1XHJxOPCFH97J
9GKF9umdECSpQ1Rozldo+/k0ou2t2AFetJOI7SVqZBdWi7zYROiIu2CviUhi
y7+QaXg6o+2HxcnCsByLCZOiXqhGfLIKJjpRhhnjpgNIQZ+iai1UUSXph1cU
f2yZfyAwyWdr+q8W1V8K+NmtAKllhaLHpwrGtolFsnEhA0IZY62p4g+k9FKg
kFoyyUgX6mmzyhCXmyvJ5DKvHXDxVJpvE/4Dd2/TGDn53njDagX4UamzQrUr
1iMA8Ap6DtcPHm3F9dhHs1vMRPAYJFu4xfCEZDkKNW60SXBVod96yAWgFzpU
O25AjOlpEhcUNWxlOydzofNrb0p2alVnU9W3evByH+JcJn4Aie4y1C8sQxQW
69p31Gkhqqqlu9FXhibI6uA4iz2ymWGIJLKvwVHJWSjpaJkurFT2HsCP0G70
xKnVLQjU1X5VNjjEO6pRtuhqQjMVsy7p0xlY4thqF0Yp1FpCHRn/jaRm9F9O
WHAIi9pkgeQ6wS2RrN+XlXkwPINXaxpzMWLAwdiHlhn9MNdZkUrhl4ksdK8e
xJCT7r8bxhSu5jUzccSlJCf3E5WMvlDpoibY0Ja8Z7HyOCeO5y4iZPwJ7+Tr
5IxlESCYbvBglDrvGn3tA63iFB1fjnqQJK0b7BFmUO8+LbGF2ZPZAvcW2gJG
/zdcEH9FxWlgvDTNYD+iYqL8lv2oaX4ro8cTF0zEMtrXVxdfYXYo9ctgfyt8
c0G+Y5Z+D95CxHhsMZQF4fcvvoEljumeeBQ7/igArGO9kkNQXh+2Z9lvG76Z
7hBjUmoYh2sImPGPEvXGvIJdiEYu1wx5q6BSg6YzuVe8Vgwb9tjSPvxENdw0
YVLbRcqkPhBuSOil/krbZuPoqEOTCcRfUsyCWzxINNGgtglgg/CiUCnqL2aY
qwpTEKr0GGYhScxITmjVqNWD1CFIXJgCXMStnMpbqmVkm5m1V+QRGBNwRRGo
mMgNkrm/40F/Z97EuFjaTKNXQcZyecNgqO0L6d9StO/HPGP02nFNR5YDT+wQ
4WHROjyW34qO6hoCrzSHws4uzl64DZivoy5s1FpCGDgm4S4bFQqBEEsZRa5l
VkJxahxH9OOIO+ixXuTniHBxxMuz8+A4BouKy+vwYFHCKQnkTr9JkqhthSqp
zzR9VkaG2mEPTYUrNpUbeaodmbVVWU1Xbao2O/EnxZjWG8i0FrvVSkv9JjqE
1plHrByJQuboDXVVsS1xaarelB4XXR4Q80XwbpMB/4AzSb+I4BKulfjPj1ps
Zi7p8er7ePZMJW/Sma61+aIIGX4zd77ANtywCRpRGoMMxaHEy5U0ZTR3SyFB
iVD65qI1WdVikXI7VTdwC8WXljFoMfd8QMGHmXPJDhuTYVUmAk1jnz4Md9K6
MnGRoGbYn4g0CVxR0gVnKAHBpnlnRQVlhXghqlahMo4Mg78b45ujYTSmDhC+
gjaWlvXpIUlv4aIPvHbEvGKHxkxeBFuASluQM7EANaatJLlQgE6cAKIoGcj7
hU9eqIl6RmyiE4GeS1QgSSHw41tnk5BEkVVMFDJz1B12mbRrPM7UQ5tDysjH
PlBsWEJ/eLpvLq7Pv7PqG3/3Ox6EZ1Axc0N0qa8QiItNaOoh1rbFJbzY6RhG
eq9Nhm1w9d1ZZzCePO8PZqygyuyEr4LjS0DuRQwHiBRF91SUfMBKqJSR/n1M
ciCg8jKSfYPfgd30+8nod8/xv6V6I/8QXwTX+O0/AOklaSaJ/y58YxxmpHrd
8UMcxNk4Zc9a0Fy209h8yhhdnC+W+xmZbWOlSu7guWhR9LMrGR5CosS1KrWK
eLGxn4ijB+e23cMOy5FIN3nT+vjICbWSpCzcgRcCd6WOtiONQIVVbOkZJpu9
Tt5rVg9fShaGa3JLB5WIBMtMmQJNRGpqC+0esh13i0Ktig8pugsit/PjmWwP
A4rMDDjzEoObhpwXK7PcHWxskKTYDxG3df7jNWafxGtsn0v1E+dX2Ylksgzn
lMj0NfZI3vNVsYKMqeUGI7O9Liqa+77cvl8WnEpXKkkNY1SkLFGbUe0NigX2
YhvC1I+UNt3a56O5mOful9+6Vu491pexPUG+2zKk9wf7TbOvcnmN64HIWhGq
JTZX9RT+ftU5P3/Z6U86k1EH+cVxv0etFnDWuv8k/V0YS3A8pmd4SxdWYT9s
ZdckzXv8InpxdRYcu5RIOB/w6YtoMB735yfBcWfWDib0vp1Rjl3gzjDDgViC
v9j5i+86V1cd3DPvt7zuv9llB9N2MOITF/Nym9WfUwcHOB69+1Jhw0i8lhSU
meP+hPPvT05brf/V/YMFzr0PvX5v0Bv2Rr1xb9Kb9ma9eU/1Fr2wF/V0b9nv
Fd7w1lYrWHm2Z+G5noZqPhgMhtPZZDiqLAQ8ws4qHexZJ4r6/fK7dXnZz/zW
1sdcoFC/YFhejpnAwQuMB40LNNI/5cKdXwHnQHKtodLSl4IQTMIOPoff/Bj0
T4MjLCfChi3ijRKOjN1ajtpczT+Apzhp3vxk6L0n7hLzXpLemKdGp0F/Np33
JtPRtC8/m50GH1u25gs34P/V/tA87v0D3wT6KP+4Aw9Pqj+FLd8+m051OBzP
wn40HI30qK91T8+mi9lwNowGQzWofIL+6c3nKoyG80W0nM/moR6NF+OBns2m
o8lwOJsvnhVf+9Qq/OnTL7jEjAqapdAB6Lbf30cJatzrT2d9NRlOlpP+tDcd
wpGWg+V0OBlPB9MJ/v9Aw/8Dr51E094knMA56OmI99wbTCb49ERPRvh0b1i3
Hvw9nMzxqenIrccr2FWX08Fk2hv11bTX640Wo2Vvpvq9vhoBI+j3hgNYvDcZ
9MezQc/cCq/QdDeP3UIjmCk9HpQRNPUqEB3uYwmz8VQvJrChJYJLDaYzNQTU
7UX94SCE/fCGl5PBbNbT0Wg+1YMpbC8aTWbjpeorYHfLwaS8sYLY/0fR8voh
AxuiiZZJ9VvzjuooOkowlt9A0YPPoOhagq6l51pyZmoOIz3Uy2i4CIfL+TyE
/2k96APOjcNJuFDjcS059yb9xbg3muj5ZLiYKcC7eX80VJN+fzIZTQdFYn6M
lp9+lxWSHow+g6QBH+dAqHNA/vGjJB1OpkCMy+kYfh/Bcxr+ne4h7xG+Dc8I
fk90zRcseavFfNEfN5E3r4BE/uhlNdyL7EFupwj/pjE6pv4Ara6OWF0dMz+n
/6kwpNgU3ZM32nfck9r+7cW13wsZTW+bxUQGBuqd79K480blxYG03Hb26BZU
8eTHJF1FR2ZSuc03OkfHerrmmeLiL2UbR9JTtZliLFyfEptKOzTrHQ+G9XjU
+zCa9frz0Wy47Cmtl/1wOp/M+gPQvtRkBlwc4D9Zjqd0peFk1KI3gmNpYoaE
KsVh569ftWWDXFZwChvrSI3mCVxUr48V3xE8inDzf4OfD449s60TGMYLvy1v
LDjmr3TMwfGhhQrqthscI/jRK3lagDZ+vm/eLmCNd/k2fmbtNOtaoh7NXtp8
Uy4nzwxjN2OWFOeaVQYy1M/3gmv9r5tFtv1tuXuZX//lBVy5f3fNyD/Cue7j
iiuaEPu19emkHw57s/5iFs2GgzkweDVbDAf9xXAxCodqVOaDzsr8PGH1J5EG
f+r32gH+i4YPWCl/5h/fPovCZ+aPvZ79o/0DKu/2L/05qBwD/JH3lv3DL2ep
vwJP/RWY6q/AVYOC0PvznkutSK1xb5/eNO/1ZyOw70BlGgI0RnARoz6ogb0R
Xcto4l8RmIQzMOHkWoTff8blmFuRFT7jbsylGJnz9Ksxd8IrfM7N1Es6sP+x
OT9bsf19Omuv38DWS+tVGccjyjBc3mKopuF8OQtnoAn3QP0eTcJQTft6OAc1
l44MrHwW6gWcPFSLRQh68XQ+ns6jsQKFvj+Nitt4EtsznFji3iIEmzLsf+OP
uN5nZfcqHoP3cfREwx7fCD/XyXB29qKGwCYN4jxgChtOZiM004Zg2M0Bl0fk
WpmBAD2A9gwbayDBw4hPFqmnwUOpTxapI8LDyc8cp0KFT6E/y1T/sWTouREf
l8pjsCyn/SXYn4NoMFXjeaTDySwcAMQWYTiblRd/RRPbj/vNqARkPdGLWW8+
mavFFM3o3mwURRMA2aSeVL9xSZL6Lk523gSMdskLSyXnmJIR0cCX4hAmYTn7
jusLib3sq7jkP5yL/SY4j7e3OhXy3ycZJ+NFGI2jsY6Wo/5wNJ8ulpHW4Ww+
HeuBCtVSTXuDxWhc/ICBuWkt02ACqIaJJsHxtAHMZBuM62yDeUFE6wjoTMOG
S9BDnb8EwMdAt1z6MIAF9oLhF9giY2OLcOTxV7ZG5pPAB1BwXMTuTjB1z8I9
IfjgpMFj6FeGXtGDUYZlcFxHBp1gOPFOswyO30hxzlqlmFHhg+JQhHSLAKx6
tXYVWONvve6U9W07/JoDiRxmxYxzg81maOHZ+fcmDtd2s6YVtmWnK6aeByde
lzkJ+VFeiKkbSJYAlF5P0i8ybkh1c/OAGUA6qi1h8tvW4d/Prs4vLzt6g1kw
kemRAkb95YvTYDQ4qrfNzXyeSb+JAFGO1xFgNCCS6xHpzaukx5gDN/gU0gNJ
0RvNRyN0pw5Hw0GLNlBHXwD1/fQ1svRFF/Erk1c0QGcCnh8WKtR+nPJFdoJR
mcDm/5QEVga5T0izRv+Ea/dY8U+YBA4eImVnqtU6IniZ0wM8EZzn81uXsdA4
TpZrW4ozY83blANUkwwlgPOmGtnRi081AfLKkMq/q65fjcH9Il3/P8lPgkyk
P21iIvs5iFGMPbKod7sMQB6OB4/6WQ6PRv0K4ahfIR712QGp/+lx+jU9TsPe
PiumyeqFHY8eQ37e2aFCVKzoIWM7mM0TJXGmz0f3nvFZfTa2T3uywmcje19Q
7fNwnd0H++BwmAfPnuIzcX2iJaj52ag+FpXg8zF9IuRS70Co9fYM+9N9yF3v
7AGUHywfQ3zZymfyfkR8CeHtQf/HEF8yA/ag/2OIL1eyB/0fQ3yDms3o/xji
i2dgD/o/hviC3I86sJsRv8E5/gTfmeDDow7sZsQXdvmLHNj7Qt6jsTF9auyV
0ppP8p4Bes8W02gxjnrjcBlOl0oNFos+mLihmoSD5S/3nvXH/2Dv2b6tMYX+
D+Q32/f5cBFOh+NJOBuF/d5iAiSil7NFNJ7qaBAtwaAM+9PxcqaBhis6NyFe
4DpsHE/2ot9oNp0vhwO1mOjZeDhcRrM5GPwqUhNAyVHU70WzmVajwVIBxfKx
w5mehuFi0Ne9HvyyNxhMNDAK4NFqNlr2h8Ao1WCwjKYhLDzld+Abi36o9Xiu
lsPlaAxUFA1n4Wi2HAJ0B/0pvF1JabJneBLiz8ZwTWFvEY4XsHOgqcl0AfQU
hcPFFLZQSVByn3mvHzKsSl8/AjRgR5P+cgxgiUBIjWf9+XwwgjtTYa8HZ1Oj
yTwc96eAHqPhWDgpnLy3mKrBaNCbjABDlmFvDkAdAN4uMGMBZAKwgRlwqXCk
TDILwEjPge0Nl4O+Aq48BP6wnPbH88V8Ou3Ph6GuOMEFVOizORAFFoN5fwbc
s7dczBaDyQLEwmKOMmoy0fDn6XgyGkXLaDEY6/FMdjaIptPpog+cBV4cL1Sk
J9MI8HQQqmFv2h8MRwMFdz+OouHUBBvmcz1bwk+WCljeeBoCnGAV4E+TWT8C
djKa6YZ42aMOYeN36vcaPb9Njqe5ke0D5sH1pIc+mlrqOxR46Boh+D0Ncg5m
sMAesP2zOrbmw4DBW/UYew4t+PVe39fwYPfTUxgnX12LNfDDkN9cHr30GTe4
7w4LnrJJravsi+CFqY15R5MO3QhDUzTT4RGI2afKvO4vvrCDGju9PrqXOr2B
dK+FBXp9+Osn4odYAqapXTd2OZUZUbhUJIP/VlFxlgmXHfCWIm+GN/34m/iD
jp7HaypViwK/CVuQLGUqk9c3lLotN8x18ds+yTyl82S9TbJYliu6sveNiKlZ
qriJJ65ki+Z/E7yMN1jFtlKp1yCCagYJaDHPw0ZwUNP2buluenw3fe9uevDX
Tz6M/ZvhIdFqgR3hQ+5SxaGFQonrJqd8AknAarytKzu/QYqRzMgW01Oej1NA
Ci4WwnHXpjrZm66c7RbYx4faRbuGZZ8FpOAsxNkTKx3dcLd7hI/in0WafoZo
zxMddPTl0VKtMm366Zoed9QzO9WUzKg274OPHz++RHfqRiOHjKgjP03p/Pgy
hpPpVfAW/5tGGTYM59/8a7wOruCHKvrkhnh+/PZv/3eq0IW8UrgO/MoAJOam
1zwwyZtmbUbn4AhqO5Kci1iljp9HPz/DGfKbRDoGnGFz0YfgD5evXr3+w5k/
PeDi3duL78+C84sfri/PO68u/u0aZeVfyKd+/vby+vLqgkvlzv/45u3F1RW3
MZVPfTfoDXrm+eDq8pvLq853SO/H36Y4eUPZKpz5eACm1km39f8DJoGRdn0s
AQA=

-->

</rfc>
