<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-webtrans-http3-16" category="std" consensus="true" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="WebTransport-H3">WebTransport over HTTP/3</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-webtrans-http3-16"/>
    <author initials="A." surname="Frindell" fullname="Alan Frindell">
      <organization>Meta</organization>
      <address>
        <email>afrind@fb.com</email>
      </address>
    </author>
    <author initials="E." surname="Kinnear" fullname="Eric Kinnear">
      <organization>Apple Inc.</organization>
      <address>
        <email>ekinnear@apple.com</email>
      </address>
    </author>
    <author initials="V." surname="Vasiliev" fullname="Victor Vasiliev">
      <organization>Google</organization>
      <address>
        <email>vasilvv@google.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <area>Web and Internet Transport</area>
    <workgroup>WEBTRANS</workgroup>
    <keyword>webtransport</keyword>
    <abstract>
      <?line 42?>

<t>WebTransport over HTTP/3 is a binding of the WebTransport protocol framework
<xref target="OVERVIEW"/> to HTTP/3 <xref target="HTTP3"/>.  It
provides support for unidirectional streams, bidirectional streams, and
datagrams, all multiplexed within the same HTTP/3 connection.  WebTransport
enables application clients constrained by the Web security model to
communicate with a remote application server using a secure multiplexed
transport.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        The latest revision of this draft can be found at <eref target="https://ietf-wg-webtrans.github.io/draft-ietf-webtrans-http3/#go.draft-ietf-webtrans-http3.html"/>.
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-ietf-webtrans-http3/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        WebTransport Working Group mailing list (<eref target="mailto:webtransport@ietf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/webtransport/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/webtransport/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/ietf-wg-webtrans/draft-ietf-webtrans-http3"/>.</t>
    </note>
  </front>
  <middle>
    <?line 52?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>HTTP/3 <xref target="HTTP3"/> is a protocol defined on top of QUIC <xref target="RFC9000"/> that can
multiplex HTTP requests over a QUIC connection.  This document defines a
mechanism for multiplexing non-HTTP data with HTTP/3 in a manner that conforms
with the WebTransport protocol requirements and semantics <xref target="OVERVIEW"/>.  Using the
mechanism described here, multiple WebTransport instances, or sessions, can be
multiplexed simultaneously with regular HTTP traffic on the same HTTP/3
connection.</t>
      <section anchor="terminology">
        <name>Terminology</name>
        <t>The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
"SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/>
when, and only when, they appear in all capitals, as shown here.</t>
        <t>This document follows terminology defined in <xref section="1.2" sectionFormat="of" target="OVERVIEW"/>.
WebTransport servers and HTTP/3 servers are distinguished here as two separate
roles: an HTTP/3 server terminates HTTP/3 connections, while a WebTransport
server is an application that accepts WebTransport sessions, accessed via an
HTTP/3 server, possibly through an intermediary.</t>
        <t>An application client is user-provided or developer-provided code, often
untrusted, that uses the interface offered by the WebTransport client to
communicate with an application server.  The application server uses the
interface offered by the WebTransport server to accept incoming WebTransport
sessions.  For example, when the WebTransport client is a browser, the
application client is typically a website loaded in that browser.</t>
        <t>References to "client" and "server" in this document refer to the
WebTransport client and WebTransport server, respectively.</t>
        <t>An intermediary between a client and an upstream server presents itself as a
server to the client, and as a client to the upstream server.  Requirements
this document places on servers therefore apply to intermediaries when acting
as a server, and requirements on clients apply when acting as a client.</t>
      </section>
    </section>
    <section anchor="overview">
      <name>Overview</name>
      <section anchor="quic-webtransport-and-http3">
        <name>QUIC, WebTransport, and HTTP/3</name>
        <t>QUIC version 1 <xref target="RFC9000"/> is a secure transport protocol with flow control and
congestion control.  QUIC supports application data exchange via streams:
reliable and ordered byte streams that can be multiplexed.  These streams are
independent, so head-of-line blocking does not propagate between them.  QUIC
provides streams as a transport service without prescribing their usage.  The
applicability of streams is described by <xref section="4" sectionFormat="of" target="RFC9308"/>.</t>
        <t>HTTP is an application-layer protocol, defined by "HTTP Semantics" <xref target="HTTP"/>.
HTTP/3 is the application mapping for QUIC, defined in <xref target="RFC9114"/>.  It
describes how QUIC streams are used to carry control data or HTTP request and
response message sequences in the form of frames and describes details of stream
and connection lifecycle management.</t>
        <t>WebTransport session establishment involves interacting at the HTTP layer with a
resource.  For Web user agents and other WebTransport clients, this interaction
is important for security reasons, especially to ensure that the resource is
willing to use WebTransport.</t>
        <t>Although WebTransport requires HTTP for its handshake, when HTTP/3 is in use,
HTTP is used for session setup and only minimal framing beyond that.  QUIC
streams begin with a sequence of header bytes that links them to the
established session.  The remainder of the stream is the body, which carries
the payload supplied by the application using WebTransport.  This process is
similar to WebSockets over HTTP/1.1 <xref target="ORIGIN"/>, where access to the
underlying byte stream is enabled after both sides have completed an initial
handshake.</t>
        <t>The layering of QUIC, HTTP/3, and WebTransport is shown in
<xref target="fig-webtransport-layers"/>.  Once a WebTransport session is established,
applications have nearly direct access to QUIC.</t>
        <figure anchor="fig-webtransport-layers">
          <name>WebTransport Layering</name>
          <artset>
            <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="208" width="280" viewBox="0 0 280 208" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 8,32 L 8,192" fill="none" stroke="black"/>
                <path d="M 144,64 L 144,160" fill="none" stroke="black"/>
                <path d="M 272,32 L 272,192" fill="none" stroke="black"/>
                <path d="M 8,32 L 272,32" fill="none" stroke="black"/>
                <path d="M 8,64 L 272,64" fill="none" stroke="black"/>
                <path d="M 8,128 L 144,128" fill="none" stroke="black"/>
                <path d="M 8,160 L 272,160" fill="none" stroke="black"/>
                <path d="M 8,192 L 272,192" fill="none" stroke="black"/>
                <g class="text">
                  <text x="156" y="52">WebTransport</text>
                  <text x="36" y="84">HTTP</text>
                  <text x="96" y="84">Semantics</text>
                  <text x="72" y="100">and</text>
                  <text x="48" y="116">Session</text>
                  <text x="104" y="116">Setup</text>
                  <text x="180" y="116">Nearly</text>
                  <text x="236" y="116">direct</text>
                  <text x="76" y="148">HTTP/3</text>
                  <text x="148" y="180">QUIC</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art"><![CDATA[
,--------------------------------,
|            WebTransport        |
,----------------,---------------,
| HTTP Semantics |               |
|      and       |               |
| Session Setup  | Nearly direct |
,----------------,               |
|     HTTP/3     |               |
,----------------`---------------,
|               QUIC             |
`--------------------------------'
]]></artwork>
          </artset>
        </figure>
        <section anchor="minimizing-implementation-complexity">
          <name>Minimizing Implementation Complexity</name>
          <t>WebTransport has minimal interaction with HTTP and HTTP/3.  Clients and servers
can constrain their use of features to only those required to complete a
WebTransport handshake:</t>
          <ul spacing="normal">
            <li>
              <t>Generating/parsing the request method, host, path, protocol, optional Origin
header field, and any necessary header fields.</t>
            </li>
            <li>
              <t>Generating/parsing the response status code and any necessary header
fields.</t>
            </li>
          </ul>
          <t>While HTTP/3 encodes HTTP messages using QPACK, this complexity can be
minimized.  When receiving, a WebTransport endpoint can disable dynamic
decompression entirely but must always support static decompression and Huffman
decoding.  When sending, endpoints can opt to never use dynamic compression,
static compression, or Huffman encoding.</t>
        </section>
        <section anchor="capsule-based-webtransport-over-http3">
          <name>Capsule-Based WebTransport over HTTP/3</name>
          <t>WebTransport over HTTP/3 as defined in this document provides the best
performance by using native QUIC streams and datagrams. Endpoints SHOULD prefer
this protocol when using WebTransport over an HTTP/3 connection.</t>
          <t>However, it is also possible to use WebTransport over a single HTTP/3 stream
using the capsule-based protocol defined in
<xref target="WEBTRANS-H2"/>.  The two protocols are distinguished
by their upgrade tokens: this document uses the "webtransport-h3" token
(<xref target="upgrade-token"/>), while <xref target="WEBTRANS-H2"/> uses the "webtransport" token.</t>
          <t>The capsule-based protocol can be useful for intermediaries that proxy
WebTransport sessions between HTTP/2 and HTTP/3 connections, as it avoids the
need to translate between the two wire formats.  It can also be useful in
deployment environments such as data centers where existing routing
infrastructure supports forwarding streams but does not support the HTTP/3
extensions required by this document.</t>
          <t>Endpoints that use the capsule-based protocol over HTTP/3 lose the benefits of
stream independence, as all WebTransport streams within a session share a single
QUIC stream and are subject to head-of-line blocking.  Datagrams sent using the
capsule-based protocol are also retransmitted by QUIC, and therefore do not
provide unreliable delivery.</t>
        </section>
      </section>
      <section anchor="protocol-overview">
        <name>Protocol Overview</name>
        <t>WebTransport servers are identified by a pair of authority value and
path value (defined in <xref target="RFC3986"/> Sections 3.2 and 3.3 respectively).</t>
        <t>When an HTTP/3 connection is established, the server sends a SETTINGS_WT_ENABLED
setting to indicate support for WebTransport over HTTP/3.  This process also
negotiates the use of additional HTTP/3 extensions to enable both endpoints to
open WebTransport streams.</t>
        <t>WebTransport sessions are initiated inside a given HTTP/3 connection by the
client, who sends an extended CONNECT request <xref target="RFC9220"/>.  If the server
accepts the request, a WebTransport session is established.  The resulting
stream will be further referred to as a <em>CONNECT stream</em>, and its stream ID is
used to uniquely identify a given WebTransport session within the connection.
The ID of a CONNECT stream that established a given WebTransport session will
be further referred to as a <em>Session ID</em>.</t>
        <t>After the session is established, the endpoints can exchange data using the
following mechanisms:</t>
        <ul spacing="normal">
          <li>
            <t>A client can create a bidirectional stream and transfer its ownership to
WebTransport by providing a special signal in the first bytes.</t>
          </li>
          <li>
            <t>A server can create a bidirectional stream and transfer its ownership to
WebTransport by providing a special signal in the first bytes.</t>
          </li>
          <li>
            <t>Both client and server can create a unidirectional stream using a special
stream type.</t>
          </li>
          <li>
            <t>Both client and server can send datagrams using HTTP Datagrams
<xref target="HTTP-DATAGRAM"/>.</t>
          </li>
        </ul>
        <t>A WebTransport session is terminated when the CONNECT stream that created it is
closed.</t>
      </section>
    </section>
    <section anchor="session-establishment">
      <name>Session Establishment</name>
      <section anchor="establishing">
        <name>Establishing a WebTransport-Capable HTTP/3 Connection</name>
        <t>A WebTransport-Capable HTTP/3 connection requires the server to signal support
for WebTransport over HTTP/3 using a setting.  Clients also signal support by
using the "webtransport-h3" upgrade token in extended CONNECT requests when
establishing sessions (see <xref target="upgrade-token"/>).</t>
        <t>This document defines a SETTINGS_WT_ENABLED setting that WebTransport servers
use to indicate their support for WebTransport.  The default value for the
SETTINGS_WT_ENABLED setting is "0", meaning that the server does not support
WebTransport.  A value of "1" indicates support for the variant of WebTransport
that is described in this document (that is, "webtransport-h3").  Clients MUST
treat values greater than "1" as a connection error of type H3_SETTINGS_ERROR.
Clients MUST NOT attempt to establish WebTransport sessions with the
"webtransport-h3" token until they have received the setting indicating
WebTransport support from the server.</t>
        <t>WebTransport over HTTP/3 uses extended CONNECT in HTTP/3 as described in
<xref target="RFC9220"/>, which defines the SETTINGS_ENABLE_CONNECT_PROTOCOL setting.</t>
        <t>WebTransport over HTTP/3 requires support for HTTP/3 datagrams and the Capsule
Protocol, and both the client and the server indicate support for HTTP/3
datagrams by sending a SETTINGS_H3_DATAGRAM setting value set to 1 in their
SETTINGS frame (see <xref section="2.1.1" sectionFormat="of" target="HTTP-DATAGRAM"/>).</t>
        <t>WebTransport over HTTP/3 also requires support for QUIC datagrams.  To indicate
support, both the client and the server send a max_datagram_frame_size transport
parameter with a value greater than 0
(see <xref section="3" sectionFormat="of" target="QUIC-DATAGRAM"/>).</t>
        <t>WebTransport over HTTP/3 relies on the RESET_STREAM_AT frame defined in
<xref target="RESET-STREAM-AT"/>.  To indicate support,
both the client and the server enable the extension by sending an empty
reset_stream_at transport parameter as described in
<xref section="3" sectionFormat="of" target="RESET-STREAM-AT"/>.</t>
        <t>In summary, servers supporting WebTransport over HTTP/3 send:</t>
        <ul spacing="normal">
          <li>
            <t>A SETTINGS_WT_ENABLED setting with a value of "1"</t>
          </li>
          <li>
            <t>A SETTINGS_ENABLE_CONNECT_PROTOCOL setting with a value of "1"</t>
          </li>
          <li>
            <t>A SETTINGS_H3_DATAGRAM setting with a value of 1</t>
          </li>
          <li>
            <t>A max_datagram_frame_size transport parameter with a value greater than 0</t>
          </li>
          <li>
            <t>An empty reset_stream_at transport parameter</t>
          </li>
        </ul>
        <t>Clients supporting WebTransport over HTTP/3 send:</t>
        <ul spacing="normal">
          <li>
            <t>A SETTINGS_H3_DATAGRAM setting with a value of 1</t>
          </li>
          <li>
            <t>A max_datagram_frame_size transport parameter with a value greater than 0</t>
          </li>
          <li>
            <t>An empty reset_stream_at transport parameter</t>
          </li>
        </ul>
        <t>[[RFC editor: please remove the following paragraph before publication.]]</t>
        <t>For draft versions of WebTransport only, clients MUST also send
SETTINGS_WT_ENABLED with the draft-specific codepoint to allow the server to
identify the client's supported version; see <xref target="negotiating-draft-version"/>.</t>
        <t>Servers should note that CONNECT requests to establish new WebTransport
sessions, in addition to other messages, can arrive before the client's SETTINGS
are received (see <xref target="buffering-incoming"/>).  If the server receives SETTINGS that
do not have correct values for every required setting, or transport parameters
that do not have correct values for every required transport parameter, the
server MUST treat all established and newly incoming WebTransport sessions as
malformed, as described in <xref section="4.1.2" sectionFormat="of" target="HTTP3"/>.</t>
        <t>A client MUST NOT establish WebTransport sessions if the server's SETTINGS do
not have correct values for every required setting or if the server's transport
parameters do not have correct values for every required transport parameter.
If a client does not wish to use the connection for purposes other than
WebTransport when the requirements for WebTransport are not met, the client MAY
close the HTTP/3 connection with a <tt>WT_REQUIREMENTS_NOT_MET</tt> error code to aid
in debugging.</t>
        <t>[[RFC editor: please remove the following paragraph before publication.]]</t>
        <t>For draft versions of WebTransport only, the server MUST NOT process any
incoming WebTransport requests until the client's SETTINGS have been received;
see <xref target="negotiating-draft-version"/>.</t>
      </section>
      <section anchor="creating-a-new-session">
        <name>Creating a New Session</name>
        <t>As WebTransport sessions are established over HTTP/3, they are identified using
the <tt>https</tt> URI scheme (<xref section="4.2.2" sectionFormat="of" target="HTTP"/>).</t>
        <t>In order to create a new WebTransport session, a WebTransport client sends an
HTTP extended CONNECT request.  In this request:</t>
        <ul spacing="normal">
          <li>
            <t>The <tt>:protocol</tt> pseudo-header field (<xref target="RFC8441"/>) MUST be set to
<tt>webtransport-h3</tt>.</t>
          </li>
          <li>
            <t>The <tt>:scheme</tt> field MUST be <tt>https</tt>.</t>
          </li>
          <li>
            <t>Both the <tt>:authority</tt> and the <tt>:path</tt> value MUST be set; these fields identify
the desired WebTransport server resource.</t>
          </li>
          <li>
            <t>If the WebTransport session is coming from a browser client, an <tt>Origin</tt>
header <xref target="RFC6454"/> MUST be provided within the request.  Otherwise, the
header is OPTIONAL.</t>
          </li>
        </ul>
        <t>Upon receiving an extended CONNECT request with a <tt>:protocol</tt> field set to
<tt>webtransport-h3</tt>, the HTTP/3 server can check if the target resource
(<xref section="7.1" sectionFormat="of" target="HTTP"/>) supports WebTransport.  If the target resource does
not support WebTransport, the server SHOULD reply with status code 405
(<xref section="15.5.6" sectionFormat="of" target="HTTP"/>).</t>
        <t>When the request contains the <tt>Origin</tt> header, the WebTransport server MUST
verify the <tt>Origin</tt> header to ensure that the specified origin is allowed to
access the server in question.  If the verification fails, the WebTransport
server SHOULD reply with status code 403 (<xref section="15.5.4" sectionFormat="of" target="HTTP"/>).</t>
        <t>A server then performs any checks specific to the server and target resource.
If all checks pass, the session can be accepted by replying with a 2xx series
status code, as defined in <xref section="15.3" sectionFormat="of" target="HTTP"/>.</t>
        <t>From the client's perspective, a WebTransport session is established when the
client receives a 2xx response.  From the server's perspective, a session is
established once it sends a 2xx response.</t>
        <t>The server can reply with a 3xx response, indicating a redirection
(<xref section="15.4" sectionFormat="of" target="HTTP"/>).  The WebTransport client MUST NOT automatically
follow such redirects, as it potentially could have already sent data for the
WebTransport session in question; it MAY notify the application client about
the redirect.</t>
        <t>Clients cannot initiate WebTransport sessions in 0-RTT packets, as the CONNECT
method is not considered safe (see <xref section="10.9" sectionFormat="of" target="HTTP3"/>).  However,
WebTransport-related SETTINGS parameters can be retained from the previous
session as described in <xref section="7.2.4.2" sectionFormat="of" target="HTTP3"/>.  If the server accepts
0-RTT, the server MUST NOT reduce these initial flow control values from those
negotiated during the previous session.  A client MUST close the connection
with H3_SETTINGS_ERROR if the SETTINGS frame received in the resumed connection
reduces any flow control values from the cached previous values.</t>
        <t>The "webtransport-h3" HTTP Upgrade Token uses the Capsule Protocol as defined in
<xref target="HTTP-DATAGRAM"/>.  The Capsule Protocol is negotiated when the server sends a
2xx response.  The <tt>capsule-protocol</tt> header field
<xref section="3.4" sectionFormat="of" target="HTTP-DATAGRAM"/> is not required by WebTransport and can safely
be ignored by WebTransport endpoints.</t>
        <t>To reduce latency at the start of a WebTransport session, a client MAY
optimistically send capsules on the CONNECT stream before receiving the
server's response.  A server MUST NOT process these bytes as capsules until
it sends a 2xx response accepting the session.  Bytes received before the
server sends the response are processed once the session is accepted or
discarded if the session is rejected.</t>
      </section>
      <section anchor="protocol-negotiation">
        <name>Application Protocol Negotiation</name>
        <t>WebTransport over HTTP/3 offers a protocol negotiation mechanism, similar to the
TLS Application-Layer Protocol Negotiation (ALPN) extension <xref target="RFC7301"/>; the
intent is to simplify porting existing protocols that use QUIC and rely on this
functionality.</t>
        <t>The client MAY include a <tt>WT-Available-Protocols</tt> header field in the CONNECT
The client MAY include a <tt>WT-Available-Protocols</tt> header field in the CONNECT
request.  The <tt>WT-Available-Protocols</tt> field enumerates the possible next
protocols in preference order, with the most preferred protocol listed first.
If the server receives such a header, it MAY include a <tt>WT-Protocol</tt> field in
a successful (2xx) response.  If it does, the server MUST include a single
choice from the client's list in that field; client behavior when the server
response does not satisfy this requirement is described below.  Servers MAY
reject the request if the client did not include a suitable protocol.</t>
        <t>Both <tt>WT-Available-Protocols</tt> and <tt>WT-Protocol</tt> are Structured Fields
<xref target="FIELDS"/>.  <tt>WT-Available-Protocols</tt> is a List.  <tt>WT-Protocol</tt> is
defined as an Item.  In both cases, the only valid value type is a String.  Any
value type other than String MUST be treated as an error that causes the entire
field to be ignored as recommended in <xref target="FIELDS"/>, allowing application protocol
negotiation to remain optional.  No semantics are defined for parameters on
either field; parameters MUST be ignored.</t>
        <t>A server that requires application protocol negotiation MAY reject the session
if the <tt>WT-Available-Protocols</tt> header field is absent or if it is malformed and
therefore ignored.</t>
        <t>A client that requires application protocol negotiation MUST close the
WebTransport session with a <tt>WT_ALPN_ERROR</tt> error code if the server does not
include a <tt>WT-Protocol</tt> header field, or if it is malformed and therefore
ignored, in a successful response.</t>
        <t>If the client sends a <tt>WT-Available-Protocols</tt> header field and the server
responds with a <tt>WT-Protocol</tt> header field, the value in the <tt>WT-Protocol</tt>
response header field MUST be one of the values listed in
<tt>WT-Available-Protocols</tt> of the request.  If the client receives a <tt>WT-Protocol</tt>
value that was not included in its <tt>WT-Available-Protocols</tt> list, the client
MUST close the WebTransport session with a <tt>WT_ALPN_ERROR</tt> error code.</t>
        <t>The semantics of individual values used in <tt>WT-Available-Protocols</tt> and
<tt>WT-Protocol</tt> are determined by the WebTransport resource in question and are
not required to be registered in IANA's "ALPN Protocol IDs" registry.</t>
      </section>
      <section anchor="prioritization">
        <name>Prioritization</name>
        <t>WebTransport sessions are initiated using extended CONNECT.
While <xref section="11" sectionFormat="of" target="RFC9218"/> describes how extensible priorities can be
applied to data sent on a CONNECT stream, WebTransport extends the types of data
that are exchanged in relation to the request and response, which requires
additional considerations.</t>
        <t>WebTransport CONNECT requests and responses MAY contain the Priority header
field (<xref section="5" sectionFormat="of" target="RFC9218"/>); clients MAY reprioritize by sending
PRIORITY_UPDATE frames (<xref section="7" sectionFormat="of" target="RFC9218"/>).  In extension to <xref target="RFC9218"/>,
it is RECOMMENDED that clients and servers apply the scheduling guidance in both
<xref section="9" sectionFormat="of" target="RFC9218"/> and <xref section="10" sectionFormat="of" target="RFC9218"/> for all data that they
send in the enclosing WebTransport session, including Capsules, WebTransport
streams and datagrams.  WebTransport does not provide any priority signaling
mechanism for streams and datagrams within a WebTransport session; such
mechanisms can be defined by application protocols using WebTransport.  It is
RECOMMENDED that such mechanisms only affect scheduling within a session and not
scheduling of other data on the same HTTP/3 connection.</t>
        <t>The client/server priority merging guidance in <xref section="8" sectionFormat="of" target="RFC9218"/> also
applies to WebTransport sessions.  For example, a client that receives a
response Priority header field could alter its view of a WebTransport session
priority and alter the scheduling of outgoing data as a result.</t>
        <t>Endpoints that prioritize WebTransport sessions need to consider how they
interact with other sessions or requests on the same HTTP/3 connection.</t>
      </section>
    </section>
    <section anchor="webtransport-features">
      <name>WebTransport Features</name>
      <t>WebTransport over HTTP/3 provides the following features described in
<xref target="OVERVIEW"/>: unidirectional streams, bidirectional streams, and datagrams, all of
which can be initiated by either endpoint.  Protocols designed for use with
WebTransport over HTTP/3 are constrained to these features.  The Capsule
Protocol is an implementation detail of WebTransport over HTTP/3 and is not a
WebTransport feature.</t>
      <t>Session IDs are used to demultiplex streams and datagrams belonging to different
WebTransport sessions.  On the wire, session IDs are encoded using the QUIC
variable length integer scheme described in <xref target="RFC9000"/>.</t>
      <t>The client MAY optimistically open unidirectional and bidirectional streams, as
well as send datagrams, on a session for which it has sent the CONNECT request,
even if it has not yet received the server's response to the request. On the
server side, opening streams and sending datagrams is possible as soon as the
CONNECT request has been received.</t>
      <t>Session IDs are derived from the stream ID of the CONNECT stream that
established the session and therefore MUST always correspond to a
client-initiated bidirectional stream, as defined in <xref section="2.1" sectionFormat="of" target="RFC9000"/>.
If an endpoint receives a session ID on a unidirectional stream, bidirectional
stream, or datagram that does not correspond to a client-initiated bidirectional
stream ID, the endpoint MUST close the connection with an H3_ID_ERROR error
code.  Session IDs that correspond to closed sessions are not considered invalid
for the purposes of this check; endpoints handle data for closed sessions as
described in <xref target="session-termination"/>.</t>
      <section anchor="transport-properties">
        <name>Transport Properties</name>
        <t>The WebTransport framework <xref target="OVERVIEW"/> defines a set of optional transport
properties that clients can use to determine the presence of features which
might allow additional optimizations beyond the common set of properties
available via all WebTransport protocols.</t>
        <t>Below are details about support in WebTransport over HTTP/3 for the properties
defined by the WebTransport framework.</t>
        <dl>
          <dt>Unreliable Delivery:</dt>
          <dd>
            <t>WebTransport over HTTP/3 supports unreliable delivery.  Resetting a stream
results in lost stream data no longer being retransmitted.  WebTransport over
HTTP/3 also supports datagrams, which are not retransmitted.</t>
          </dd>
          <dt>Pooling:</dt>
          <dd>
            <t>WebTransport over HTTP/3 provides optional support for pooling.  Endpoints
that do not support pooling can reply to CONNECT requests with a header
indicating a rate limit policy with a quota of "1"
(<xref target="I-D.ietf-httpapi-ratelimit-headers"/>).</t>
          </dd>
        </dl>
      </section>
      <section anchor="unidirectional-streams">
        <name>Unidirectional streams</name>
        <t>WebTransport endpoints can initiate unidirectional streams.  The HTTP/3
unidirectional stream type SHALL be 0x54.  The body of the stream SHALL be the
stream type, followed by the session ID, encoded as a variable-length integer,
followed by the user-specified stream data (<xref target="fig-unidi"/>).</t>
        <figure anchor="fig-unidi">
          <name>Unidirectional WebTransport stream format</name>
          <sourcecode type="drawing"><![CDATA[
Unidirectional Stream {
    Stream Type (i) = 0x54,
    Session ID (i),
    User-Specified Stream Data (..)
}
]]></sourcecode>
        </figure>
      </section>
      <section anchor="bidirectional-streams">
        <name>Bidirectional Streams</name>
        <t>All client-initiated bidirectional streams are reserved by HTTP/3 as request
streams, which are a sequence of HTTP/3 frames with a variety of rules (see
Sections <xref target="HTTP3" section="4.1" sectionFormat="bare"/> and <xref target="HTTP3" section="6.1" sectionFormat="bare"/> of <xref target="HTTP3"/>).</t>
        <t>WebTransport extends HTTP/3 to allow clients to declare and to use alternative
request stream rules.  Once a client receives settings indicating WebTransport
support (<xref target="establishing"/>), it MUST send a special signal value, encoded as a
variable-length integer, as the first bytes of each bidirectional WebTransport
stream it initiates to indicate how the remaining bytes on the stream are used.</t>
        <t>WebTransport extends HTTP/3 by defining rules for all server-initiated
bidirectional streams.  Once a server receives an incoming CONNECT request
establishing a WebTransport session (<xref target="establishing"/>), it can open a
bidirectional stream for use with that session and MUST send a special signal
value, encoded as a variable-length integer, as the first bytes of the stream in
order to indicate how the remaining bytes on the stream are used.</t>
        <t>Clients and servers use the signal value 0x41 to open a bidirectional
WebTransport stream.  Following this is the associated session ID, encoded as a
variable-length integer; the rest of the stream is the application payload of
the WebTransport stream (<xref target="fig-bidi-client"/>).</t>
        <figure anchor="fig-bidi-client">
          <name>Bidirectional WebTransport stream format</name>
          <sourcecode type="drawing"><![CDATA[
Bidirectional Stream {
    Signal Value (i) = 0x41,
    Session ID (i),
    Stream Body (..)
}
]]></sourcecode>
        </figure>
        <t>This document reserves the special signal value 0x41 as a WT_STREAM frame type.
While it is registered as an HTTP/3 frame type to avoid collisions, WT_STREAM
lacks length and is not a proper HTTP/3 frame; it is an extension of HTTP/3
frame syntax that MUST be supported by any peer negotiating WebTransport.
Endpoints that implement this extension are also subject to additional frame
handling requirements.  Endpoints MUST NOT send WT_STREAM as a frame type on
HTTP/3 streams other than the very first bytes of a request stream.  Receiving
this frame type in any other circumstances MUST be treated as a connection error
of type H3_FRAME_ERROR.</t>
      </section>
      <section anchor="resetting-data-streams">
        <name>Resetting Data Streams</name>
        <t>A WebTransport endpoint can send a RESET_STREAM or a STOP_SENDING frame for a
WebTransport data stream.  Those signals are propagated by the WebTransport
implementation to the application.</t>
        <t>A WebTransport application MUST provide an error code for those operations.
Since WebTransport shares the error code space with HTTP/3, WebTransport
application errors for streams are limited to an unsigned 32-bit integer,
assuming values between 0x00000000 and 0xffffffff.  WebTransport
implementations MUST remap those error codes into the error range reserved
for WT_APPLICATION_ERROR, where 0x00000000 corresponds to 0x52e4a40fa8db,
and 0xffffffff corresponds to 0x52e5ac983162.  Note that there are
codepoints inside that range of form "0x1f * N + 0x21" that are reserved
by <xref section="8.1" sectionFormat="of" target="HTTP3"/>; those have to be skipped when mapping the
error codes (i.e., the two HTTP/3 error codepoints adjacent to a reserved
codepoint would map to two adjacent WebTransport application error
codepoints). An example pseudocode can be seen in <xref target="fig-remap-errors"/>.</t>
        <figure anchor="fig-remap-errors">
          <name>Pseudocode for converting between WebTransport application errors and HTTP/3 error codes</name>
          <artwork><![CDATA[
    first = 0x52e4a40fa8db
    last = 0x52e5ac983162

    def webtransport_code_to_http_code(n):
        return first + n + floor(n / 0x1e)

    def http_code_to_webtransport_code(h):
        assert(first <= h <= last)
        assert((h - 0x21) % 0x1f != 0)
        shifted = h - first
        return shifted - floor(shifted / 0x1f)
]]></artwork>
        </figure>
        <t>WebTransport data streams are associated with sessions through a header at the
beginning of the stream; resetting a stream might result in that data being
discarded when using a RESET_STREAM frame.  To prevent this, WebTransport
implementations MUST use the RESET_STREAM_AT frame <xref target="RESET-STREAM-AT"/> with a
Reliable Size set to at least the size of the WebTransport header when resetting
a WebTransport data stream.  This ensures reliable delivery of the ID field
associating the data stream with a WebTransport session.</t>
        <t>The error code from a WebTransport stream reset MUST be delivered unchanged,
both by intermediaries forwarding on the wire and by endpoints delivering to
the application.  Upon receiving a RESET_STREAM or STOP_SENDING frame on a
WebTransport stream, an intermediary MUST send the same frame type, with the
corresponding error code, to the next hop on that stream.  If a RESET_STREAM
or STOP_SENDING frame is received with an error code outside the range
reserved for WT_APPLICATION_ERROR, the stream is still considered reset, but
the error code is not mapped to a WebTransport application error code.  The
WebTransport implementation SHOULD deliver this to the application as a
stream reset with no application error code.</t>
      </section>
      <section anchor="datagrams">
        <name>Datagrams</name>
        <t>Datagrams can be sent using HTTP Datagrams.  The WebTransport datagram payload
is sent unmodified in the "HTTP Datagram Payload" field of an HTTP Datagram
(<xref section="2.1" sectionFormat="of" target="HTTP-DATAGRAM"/>).  Note that the payload field directly
follows the Quarter Stream ID field, which is at the start of the QUIC DATAGRAM
frame payload and refers to the CONNECT stream that established the WebTransport
session.</t>
      </section>
      <section anchor="buffering-incoming">
        <name>Buffering Incoming Streams and Datagrams</name>
        <t>In WebTransport over HTTP/3, the client MUST wait for receipt of the server's
SETTINGS frame before establishing any WebTransport sessions by sending CONNECT
requests using the WebTransport upgrade token (see <xref target="establishing"/>).  This
ensures that the client will always know what versions of WebTransport can be
used on a given HTTP/3 connection.</t>
        <t>Clients can, however, send a SETTINGS frame, multiple WebTransport CONNECT
requests, WebTransport data streams, and WebTransport datagrams all within a
single flight.  As those can arrive out of order, a WebTransport server can
receive a stream or a datagram without a
corresponding session.  Similarly, a client can receive a server-initiated
stream or a datagram before receiving the CONNECT response headers from the
server.</t>
        <t>To handle this case, WebTransport endpoints SHOULD buffer streams and datagrams
until they can be associated with an established session.  To avoid resource
exhaustion, endpoints MUST limit the number of buffered streams and datagrams.
When the number of buffered streams is exceeded, a stream MUST be closed by
sending a RESET_STREAM and/or STOP_SENDING with the
<tt>WT_BUFFERED_STREAM_REJECTED</tt> error code.  When the number of buffered datagrams
is exceeded, a datagram MUST be dropped.  It is up to an implementation to
choose what stream or datagram to discard.</t>
      </section>
      <section anchor="interaction-with-the-http3-goaway-frame">
        <name>Interaction with the HTTP/3 GOAWAY frame</name>
        <t>HTTP/3 defines a graceful shutdown mechanism (<xref section="5.2" sectionFormat="of" target="HTTP3"/>) that
allows a peer to send a GOAWAY frame indicating that it will no longer accept
any new incoming requests or pushes.</t>
        <t>A client receiving GOAWAY cannot initiate CONNECT requests for new WebTransport
sessions on that HTTP/3 connection; it MUST open a new HTTP/3 connection to
initiate new WebTransport sessions with the same peer.</t>
        <t>An HTTP/3 GOAWAY frame is also a signal to applications to initiate shutdown for
all WebTransport sessions.  To shut down a single WebTransport session, either
endpoint can send a WT_DRAIN_SESSION (0x78ae) capsule.</t>
        <figure anchor="fig-wt_drain_session">
          <name>WT_DRAIN_SESSION Capsule Format</name>
          <artwork><![CDATA[
WT_DRAIN_SESSION Capsule {
  Type (i) = WT_DRAIN_SESSION,
  Length (i) = 0
}
]]></artwork>
        </figure>
        <t>After sending or receiving either a WT_DRAIN_SESSION capsule or a HTTP/3 GOAWAY
frame, an endpoint MAY continue using the session: it MAY open new WebTransport
streams and MAY send new datagrams.  The signal is intended for the application
using WebTransport, which is expected to attempt to gracefully terminate the
session as soon as possible.</t>
        <t>The WT_DRAIN_SESSION capsule is useful when an end-to-end WebTransport session
passes through an intermediary.  For example, when the origin server shuts
down, it sends a GOAWAY to the intermediary.  The intermediary can convert this
signal to a WT_DRAIN_SESSION capsule on the client-facing session, without
impacting other requests or sessions carried on that connection.</t>
      </section>
      <section anchor="use-of-keying-material-exporters">
        <name>Use of Keying Material Exporters</name>
        <t>WebTransport over HTTP/3 supports the use of TLS keying material exporters
<xref section="7.5" sectionFormat="of" target="RFC8446"/>.  Since the underlying QUIC connection can be shared
by multiple WebTransport sessions, WebTransport defines a mechanism for deriving
a TLS exporter that separates keying material for different sessions.  If the
application requests an exporter for a given WebTransport session with a
specified label and context, the resulting exporter MUST be a TLS exporter as
defined in <xref section="7.5" sectionFormat="of" target="RFC8446"/> with the label set to
"EXPORTER-WebTransport" and the context set to the serialization of the
"WebTransport Exporter Context" struct as defined below.</t>
        <figure anchor="fig-wt-exporter-context">
          <name>WebTransport Exporter Context struct</name>
          <artwork><![CDATA[
WebTransport Exporter Context {
  WebTransport Session ID (64),
  WebTransport Application-Supplied Exporter Label Length (8),
  WebTransport Application-Supplied Exporter Label (8..),
  WebTransport Application-Supplied Exporter Context Length (8),
  WebTransport Application-Supplied Exporter Context (..)
}
]]></artwork>
        </figure>
        <t>A TLS exporter API might permit the context field to be omitted.  In this case,
as with TLS 1.3, the WebTransport Application-Supplied Exporter Context becomes
zero-length if omitted.</t>
      </section>
    </section>
    <section anchor="flow-control">
      <name>Flow Control</name>
      <t>Flow control governs the amount of resources that can be consumed or data that
can be sent.  When using WebTransport over HTTP/3, endpoints can limit the
number of sessions that a peer can create on a single HTTP/3 connection via
rate limiting (see <xref target="flow-control-limit-sessions"/>), and the number of streams
that a peer can create within a session via flow control.  Endpoints can also
apply flow control to the amount of data that can be consumed by each session
and by each stream within a session.</t>
      <t>WebTransport over HTTP/3 provides a connection-level limit that governs the
number of sessions that can be created on an HTTP/3 connection (see
<xref target="flow-control-limit-sessions"/>).  It also provides session-level limits that
govern the number of streams that can be created in a session and limit the
amount of data that can be exchanged across all streams in each session (see
<xref target="flow-control-limit-streams"/>).</t>
      <t>The underlying QUIC connection provides connection and stream level flow
control.  The QUIC connection data limit defines the total amount of data that
can be sent across all WebTransport sessions and other non-WebTransport streams.
A QUIC stream's data limit controls the amount of data that can be sent on that
stream, WebTransport or otherwise (see <xref section="4" sectionFormat="of" target="RFC9000"/>).</t>
      <section anchor="flow-control-negotiate">
        <name>Negotiating the Use of Flow Control</name>
        <t>A WebTransport endpoint that allows a WebTransport session to share an
underlying transport connection with other WebTransport sessions MUST enable
flow control.  This prevents an application from consuming excessive resources
on a single session and starving traffic for other sessions
(see <xref target="security-considerations"/>).</t>
        <t>Flow control is enabled when both endpoints declare their intent to use flow
control by taking any of the following actions:</t>
        <ul spacing="normal">
          <li>
            <t>Sending SETTINGS_WT_INITIAL_MAX_STREAMS_UNI with any value other than "0".</t>
          </li>
          <li>
            <t>Sending SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI with any value other than "0".</t>
          </li>
          <li>
            <t>Sending SETTINGS_WT_INITIAL_MAX_DATA with any value other than "0".</t>
          </li>
        </ul>
        <t>If both endpoints take at least one of these actions, flow control is enabled,
and the limits described in the entirety of <xref target="flow-control"/> apply.</t>
        <t>Flow control can be enabled regardless of the number of WebTransport sessions a
server supports.</t>
        <t>If flow control is not enabled, clients MUST NOT attempt to establish more than
one simultaneous WebTransport session.  A server that receives more than one
session on an underlying transport connection when flow control is not enabled
MUST reset the excessive CONNECT streams with a <tt>H3_REQUEST_REJECTED</tt> status
(see <xref target="flow-control-limit-sessions"/>).</t>
        <t>Also, if flow control is not enabled, an endpoint MUST ignore receipt of any
flow control capsules (see <xref target="flow-control-capsules"/>), since the peer might not
have received SETTINGS at the time they were sent or packets might have been
reordered.</t>
      </section>
      <section anchor="flow-control-limit-sessions">
        <name>Limiting the Number of Simultaneous Sessions</name>
        <t>Servers SHOULD limit the rate of incoming WebTransport sessions on HTTP/3
connections to prevent excessive consumption of resources.  To do so, they have
multiple mechanisms available:</t>
        <ul spacing="normal">
          <li>
            <t>The <tt>H3_REQUEST_REJECTED</tt> error code defined in <xref section="8.1" sectionFormat="of" target="HTTP3"/>
indicates to the receiving HTTP/3 stack that the request was not processed in
any way.</t>
          </li>
          <li>
            <t>HTTP status code 429 indicates that the request was rejected due to rate
limiting <xref target="RFC6585"/>.  Unlike the previous method, this signal is directly
propagated to the application.</t>
          </li>
        </ul>
        <t>WebTransport servers can use rate limit header fields in responses to CONNECT
requests to signal quota policies and service limits to WebTransport clients
(see <xref target="I-D.ietf-httpapi-ratelimit-headers"/>).  This provides hints to clients
about how many sessions they can reasonably expect to be able to open.  An
endpoint that does not support pooling and flow control MUST NOT accept more
than one incoming WebTransport session at a time.</t>
      </section>
      <section anchor="flow-control-limit-streams">
        <name>Limiting the Number of Streams Within a Session</name>
        <t>The <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsule (<xref target="WT_MAX_STREAMS"/>) establishes a limit on the
number of streams within a WebTransport session.  Like the QUIC MAX_STREAMS
frame (<xref section="19.11" sectionFormat="of" target="RFC9000"/>), this capsule has two types that provide
separate limits for unidirectional and bidirectional streams that a peer
initiates.</t>
        <t>Note that the CONNECT stream for the session is not included in either the
bidirectional or the unidirectional stream limits; the number of CONNECT streams
a client can open is limited by QUIC flow control's stream limits and any rate
limit that a WebTransport server enforces.</t>
        <t>The session-level stream limit applies in addition to the QUIC MAX_STREAMS
frame, which provides a connection-level stream limit.  New streams can only be
created within the session if both the stream- and the connection-level limit
permit, see <xref section="4.6" sectionFormat="of" target="RFC9000"/> for details on how QUIC stream limits
are applied.</t>
        <t>Unlike the QUIC MAX_STREAMS frame, there is no simple relationship between the
value in this frame and stream IDs in QUIC STREAM frames.  This especially
applies if there are other users of streams on the connection.</t>
        <t>The <iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref> capsule (<xref target="WT_STREAMS_BLOCKED"/>) can be sent to indicate
that an endpoint was unable to create a stream due to the session-level stream
limit.</t>
        <t>Note that enforcing this limit requires reliable resets for stream headers so
that both endpoints can agree on the number of streams that are open.</t>
      </section>
      <section anchor="flow-control-limit-data">
        <name>Data Limits</name>
        <t>The <iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref> capsule (<xref target="WT_MAX_DATA"/>) establishes a limit on the amount of
data that can be sent within a WebTransport session.  This limit counts all data
that is sent on streams of the corresponding type, excluding the stream header
(see <xref target="unidirectional-streams"/> and <xref target="bidirectional-streams"/>).  The stream
header is excluded from this limit so that this limit does not prevent the
sending of information that is essential in linking new streams to a specific
WebTransport session.</t>
        <t>For streams that were reset, implementing <iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref> requires that the QUIC
stack provide the WebTransport implementation with information about the final
size of streams; see <xref section="4.5" sectionFormat="of" target="RFC9000"/>.  This guarantees that both
endpoints agree on how much WebTransport session flow control credit was
consumed by the sender on that stream.</t>
        <t>The <iref item="WT_DATA_BLOCKED"/><xref target="WT_DATA_BLOCKED" format="none">WT_DATA_BLOCKED</xref> capsule (<xref target="WT_DATA_BLOCKED"/>) can be sent to indicate that
an endpoint was unable to send data due to a limit set by the <iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref>
capsule.</t>
        <t>Because WebTransport over HTTP/3 uses a native QUIC stream for each WebTransport
stream, per-stream data limits are provided by QUIC natively
(see <xref section="4.1" sectionFormat="of" target="RFC9000"/>).  The WT_MAX_STREAM_DATA and
WT_STREAM_DATA_BLOCKED capsules
(Sections <xref target="I-D.ietf-webtrans-http2" section="6.6" sectionFormat="bare"/> and <xref target="I-D.ietf-webtrans-http2" section="6.9" sectionFormat="bare"/> of <xref target="I-D.ietf-webtrans-http2"/>) are not used and are
prohibited.  Endpoints MUST treat receipt of a WT_MAX_STREAM_DATA or a
WT_STREAM_DATA_BLOCKED capsule as a session error.</t>
      </section>
      <section anchor="flow-control-settings">
        <name>Flow Control SETTINGS</name>
        <t>Initial flow control limits can be exchanged via HTTP/3 SETTINGS
(<xref target="http3-settings"/>) by providing non-zero values for</t>
        <ul spacing="normal">
          <li>
            <t><iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> via SETTINGS_WT_INITIAL_MAX_STREAMS_UNI and
SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI</t>
          </li>
          <li>
            <t><iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref> via SETTINGS_WT_INITIAL_MAX_DATA</t>
          </li>
        </ul>
        <section anchor="initial-unidirectional-stream-limit">
          <name>Initial Unidirectional Stream Limit</name>
          <t>The SETTINGS_WT_INITIAL_MAX_STREAMS_UNI setting indicates the initial value for
the unidirectional max stream limit, otherwise communicated by the
<iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsule (see <xref target="WT_MAX_STREAMS"/>).  The default value for the
SETTINGS_WT_INITIAL_MAX_STREAMS_UNI setting is "0", indicating that the endpoint
needs to send <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsules on each individual WebTransport session
before its peer is allowed to create any unidirectional streams within that
session.</t>
          <t>Note that this limit applies to all WebTransport sessions that use the HTTP/3
connection on which this SETTING is sent.</t>
        </section>
        <section anchor="initial-bidirectional-stream-limit">
          <name>Initial Bidirectional Stream Limit</name>
          <t>The SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI setting indicates the initial value for
the bidirectional max stream limit, otherwise communicated by the <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref>
capsule (see <xref target="WT_MAX_STREAMS"/>).  The default value for the
SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI setting is "0", indicating that the
endpoint needs to send <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsules on each individual WebTransport
session before its peer is allowed to create any bidirectional streams within
that session.</t>
          <t>Note that this limit applies to all WebTransport sessions that use the HTTP/3
connection on which this SETTING is sent.</t>
        </section>
        <section anchor="initial-session-data-limit">
          <name>Initial Session Data Limit</name>
          <t>The SETTINGS_WT_INITIAL_MAX_DATA setting indicates the initial value for the
session data limit, otherwise communicated by the <iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref> capsule (see
<xref target="WT_MAX_DATA"/>).  The default value for the SETTINGS_WT_INITIAL_MAX_DATA
setting is "0", indicating that the endpoint needs to send a <iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref> capsule
within each session before its peer is allowed to send any stream data within
that session.</t>
          <t>Note that this limit applies to all WebTransport sessions that use the HTTP/3
connection on which this SETTING is sent.</t>
        </section>
      </section>
      <section anchor="flow-control-capsules">
        <name>Flow Control Capsules</name>
        <t>WebTransport over HTTP/3 uses several capsules for flow control, and all of
these capsules define special intermediary handling as described in
<xref section="3.2" sectionFormat="of" target="HTTP-DATAGRAM"/>.  These capsules, referred to as the "flow
control capsules", are <iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref>, <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref>, <iref item="WT_DATA_BLOCKED"/><xref target="WT_DATA_BLOCKED" format="none">WT_DATA_BLOCKED</xref>, and
<iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref>.</t>
        <t>An endpoint MUST NOT wait for a <iref item="WT_DATA_BLOCKED"/><xref target="WT_DATA_BLOCKED" format="none">WT_DATA_BLOCKED</xref> or <iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref> capsule
before sending a <iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref> or <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsule; doing so could result
in the sender being blocked for at least an entire round trip.  Endpoints
SHOULD send <iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref> and <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsules as they consume data or
close streams (similar to the mechanism used in QUIC, see
<xref section="4.2" sectionFormat="of" target="RFC9000"/>).</t>
        <section anchor="flow-control-intermediaries">
          <name>Flow Control and Intermediaries</name>
          <t>Because flow control in WebTransport is hop-by-hop and does not provide an
end-to-end signal, intermediaries MUST consume flow control signals and express
their own flow control limits to the next hop.  The intermediary can send these
signals via HTTP/3 flow control messages, HTTP/2 flow control messages, or as
WebTransport flow control capsules, where appropriate.  Intermediaries are
responsible for storing any data for which they advertise flow control credit if
that data cannot be immediately forwarded to the next hop.</t>
          <t>In practice, an intermediary that translates flow control signals between
similar WebTransport protocols, such as between two HTTP/3 connections, can
often simply reexpress the same limits received on one connection directly on
the other connection.</t>
          <t>An intermediary that does not want to be responsible for storing data that
cannot be immediately sent on its translated connection can ensure that it does
not advertise a higher flow control limit on one connection than the
corresponding limit on the translated connection.</t>
        </section>
        <section anchor="WT_MAX_STREAMS">
          <name>WT_MAX_STREAMS Capsule</name>
          <t>An HTTP capsule <xref target="HTTP-DATAGRAM"/> called <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> is introduced to inform
the peer of the cumulative number of streams of a given type it is permitted to
open.  A <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsule with a type of 0x190B4D3F applies to
bidirectional streams, and a <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsule with a type of 0x190B4D40
applies to unidirectional streams.</t>
          <t>Note that, because Maximum Streams is a cumulative value representing the total
allowed number of streams, including previously closed streams, endpoints
repeatedly send new <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsules with increasing Maximum Streams
values as streams are opened.</t>
          <figure anchor="fig-wt_max_streams">
            <name>WT_MAX_STREAMS Capsule Format</name>
            <artwork><![CDATA[
WT_MAX_STREAMS Capsule {
  Type (i) = 0x190B4D3F..0x190B4D40,
  Length (i),
  Maximum Streams (i),
}
]]></artwork>
          </figure>
          <t><iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsules contain the following field:</t>
          <dl>
            <dt>Maximum Streams:</dt>
            <dd>
              <t>A count of the cumulative number of streams of the corresponding type that
can be opened over the lifetime of the session. This value cannot
exceed 2<sup>60</sup>, as it is not possible to encode stream IDs larger
than 2<sup>62</sup>-1. Recipients of a capsule with a Maximum Streams
value larger than this limit MUST close the WebTransport session with a
WT_FLOW_CONTROL_ERROR error code.</t>
            </dd>
          </dl>
          <t>An endpoint MUST NOT open more streams than permitted by the current stream
limit set by its peer.  For instance, a server that receives a unidirectional
stream limit of 3 is permitted to open streams 3, 7, and 11, but not stream 15.</t>
          <t>Note that this limit includes streams that have been closed as well as those
that are open.</t>
          <t>If an endpoint receives an incoming stream for a session that would exceed the
advertised Maximum Streams value, it MUST close the WebTransport session with a
WT_FLOW_CONTROL_ERROR error code.</t>
          <t>Unlike in QUIC, where MAX_STREAMS frames can be delivered in any order,
<iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsules are sent on the WebTransport session's connect stream
and are delivered in order.  If an endpoint receives a <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsule
that does not increase the Maximum Streams value previously received, it MUST
close the WebTransport session with a WT_FLOW_CONTROL_ERROR error code.</t>
          <t>The <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsule defines special intermediary handling, as described
in <xref section="3.2" sectionFormat="of" target="HTTP-DATAGRAM"/>.  Intermediaries MUST consume <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref>
capsules for flow control purposes and MUST generate and send appropriate flow
control signals for their limits.</t>
          <t>Initial values for these limits MAY be communicated by sending non-zero values
for SETTINGS_WT_INITIAL_MAX_STREAMS_UNI and
SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI.</t>
        </section>
        <section anchor="WT_STREAMS_BLOCKED">
          <name>WT_STREAMS_BLOCKED Capsule</name>
          <t>A sender SHOULD send a <iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref> capsule (type=0x190B4D43 or
0x190B4D44) when it wishes to open a stream but is unable to do so due to the
maximum stream limit set by its peer.  A <iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref> capsule of type
0x190B4D43 is used to indicate reaching the bidirectional stream limit, and a
<iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref> capsule of type 0x190B4D44 is used to indicate reaching the
unidirectional stream limit.</t>
          <t>A <iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref> capsule does not open the stream, but informs the peer that
a new stream was needed and the stream limit prevented the creation of the
stream.  A sender is not required to send <iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref> capsules, however
<iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref> capsules can be used as input to tuning of flow control
algorithms and for debugging purposes.</t>
          <figure anchor="fig-wt_streams_blocked">
            <name>WT_STREAMS_BLOCKED Capsule Format</name>
            <artwork><![CDATA[
WT_STREAMS_BLOCKED Capsule {
  Type (i) = 0x190B4D43..0x190B4D44,
  Length (i),
  Maximum Streams (i),
}
]]></artwork>
          </figure>
          <t><iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref> capsules contain the following field:</t>
          <dl>
            <dt>Maximum Streams:</dt>
            <dd>
              <t>A variable-length integer indicating the maximum number of streams allowed
at the time the capsule was sent. This value cannot exceed 2<sup>60</sup>,
as it is not possible to encode stream IDs larger than 2<sup>62</sup>-1.
Recipients of a capsule with a Maximum Streams value larger than this
limit MUST close the WebTransport session with a WT_FLOW_CONTROL_ERROR
error code.</t>
            </dd>
          </dl>
          <t>The <iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref> capsule defines special intermediary handling, as
described in <xref section="3.2" sectionFormat="of" target="HTTP-DATAGRAM"/>.  Intermediaries MUST consume
<iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref> capsules for flow control purposes and MUST generate and send
appropriate flow control signals for their limits.</t>
        </section>
        <section anchor="WT_MAX_DATA">
          <name>WT_MAX_DATA Capsule</name>
          <t>An HTTP capsule <xref target="HTTP-DATAGRAM"/> called <iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref> (type=0x190B4D3D) is
introduced to inform the peer of the maximum amount of data that can be sent on
the WebTransport session as a whole.</t>
          <t>This limit counts all data that is sent on streams of the corresponding type,
excluding the stream header (see <xref target="unidirectional-streams"/> and
<xref target="bidirectional-streams"/>).  For streams that were reset, implementing
<iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref> requires that the QUIC stack provide the WebTransport implementation
with information about the final size of streams
(see <xref section="4.5" sectionFormat="of" target="RFC9000"/>).</t>
          <figure anchor="fig-wt_max_data">
            <name>WT_MAX_DATA Capsule Format</name>
            <artwork><![CDATA[
WT_MAX_DATA Capsule {
  Type (i) = 0x190B4D3D,
  Length (i),
  Maximum Data (i),
}
]]></artwork>
          </figure>
          <t><iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref> capsules contain the following field:</t>
          <dl>
            <dt>Maximum Data:</dt>
            <dd>
              <t>A variable-length integer indicating the maximum amount of data that can be
sent on the entire session, in units of bytes.</t>
            </dd>
          </dl>
          <t>The sum of the lengths of Stream Body data sent on all streams associated with
this session MUST NOT exceed the Maximum Data value advertised by a receiver.
Note that capsules sent on the CONNECT stream, and the Signal Value, Stream
Type, and Session ID fields, are not included in this limit.  If an endpoint
receives Stream Body data in excess of this limit, it MUST close the
WebTransport session with a WT_FLOW_CONTROL_ERROR error code.</t>
          <t>Unlike in QUIC, where MAX_DATA frames can be delivered in any order, <iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref>
capsules are sent on the WebTransport session's connect stream and are delivered
in order.  If an endpoint receives a <iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref> capsule with a Maximum Data
value that does not increase the Maximum Data value previously received, it MUST
close the WebTransport session with a WT_FLOW_CONTROL_ERROR error code.</t>
          <t>The <iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref> capsule defines special intermediary handling, as described in
<xref section="3.2" sectionFormat="of" target="HTTP-DATAGRAM"/>.  Intermediaries MUST consume <iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref>
capsules for flow control purposes and MUST generate and send appropriate flow
control signals for their limits (see <xref target="flow-control-intermediaries"/>).</t>
          <t>The initial value for this limit MAY be communicated by sending a non-zero value
for SETTINGS_WT_INITIAL_MAX_DATA.</t>
        </section>
        <section anchor="WT_DATA_BLOCKED">
          <name>WT_DATA_BLOCKED Capsule</name>
          <t>A sender SHOULD send a <iref item="WT_DATA_BLOCKED"/><xref target="WT_DATA_BLOCKED" format="none">WT_DATA_BLOCKED</xref> capsule (type=0x190B4D41) when it wishes
to send data but is unable to do so due to WebTransport session-level flow
control.  A sender is not required to send <iref item="WT_DATA_BLOCKED"/><xref target="WT_DATA_BLOCKED" format="none">WT_DATA_BLOCKED</xref> capsules, however
<iref item="WT_DATA_BLOCKED"/><xref target="WT_DATA_BLOCKED" format="none">WT_DATA_BLOCKED</xref> capsules can be used as input to tuning of flow control
algorithms and for debugging purposes.</t>
          <figure anchor="fig-wt_data_blocked">
            <name>WT_DATA_BLOCKED Capsule Format</name>
            <artwork><![CDATA[
WT_DATA_BLOCKED Capsule {
  Type (i) = 0x190B4D41,
  Length (i),
  Maximum Data (i),
}
]]></artwork>
          </figure>
          <t><iref item="WT_DATA_BLOCKED"/><xref target="WT_DATA_BLOCKED" format="none">WT_DATA_BLOCKED</xref> capsules contain the following field:</t>
          <dl>
            <dt>Maximum Data:</dt>
            <dd>
              <t>A variable-length integer indicating the session-level limit at which
blocking occurred.</t>
            </dd>
          </dl>
          <t>The <iref item="WT_DATA_BLOCKED"/><xref target="WT_DATA_BLOCKED" format="none">WT_DATA_BLOCKED</xref> capsule defines special intermediary handling, as described
in <xref section="3.2" sectionFormat="of" target="HTTP-DATAGRAM"/>.  Intermediaries MUST consume
<iref item="WT_DATA_BLOCKED"/><xref target="WT_DATA_BLOCKED" format="none">WT_DATA_BLOCKED</xref> capsules for flow control purposes and MUST generate and send
appropriate flow control signals for their limits (see
<xref target="flow-control-intermediaries"/>).</t>
        </section>
      </section>
    </section>
    <section anchor="session-termination">
      <name>Session Termination</name>
      <t>A WebTransport session over HTTP/3 is terminated when either of the
following conditions is met:</t>
      <ul spacing="normal">
        <li>
          <t>the CONNECT stream is closed, either cleanly or abruptly, on either side; or</t>
        </li>
        <li>
          <t>a WT_CLOSE_SESSION capsule is either sent or received.</t>
        </li>
      </ul>
      <t>Upon learning that the session has been terminated, the endpoint MUST reset the
send side and abort reading on the receive side of all unidirectional and
bidirectional streams associated with the session (see
<xref section="2.4" sectionFormat="of" target="RFC9000"/>) using the WT_SESSION_GONE error code; it MUST NOT
send any new datagrams or open any new streams.  WT_SESSION_GONE is a
protocol-level error code rather than an application error code and indicates
that the reset was caused by session termination rather than by the peer
application.</t>
      <t>To terminate a session with a detailed error message, an application MAY provide
such a message for the WebTransport endpoint to send in an HTTP capsule
<xref target="HTTP-DATAGRAM"/> of type WT_CLOSE_SESSION (0x2843). The format of the capsule
SHALL be as follows:</t>
      <figure anchor="fig-wt_close_session">
        <name>WT_CLOSE_SESSION Capsule Format</name>
        <artwork><![CDATA[
WT_CLOSE_SESSION Capsule {
  Type (i) = WT_CLOSE_SESSION,
  Length (i),
  Application Error Code (32),
  Application Error Message (..8192),
}
]]></artwork>
      </figure>
      <t>WT_CLOSE_SESSION has the following fields:</t>
      <dl>
        <dt>Application Error Code:</dt>
        <dd>
          <t>A 32-bit error code provided by the application closing the session.</t>
        </dd>
        <dt>Application Error Message:</dt>
        <dd>
          <t>A UTF-8 encoded error message string provided by the application closing the
session.  The message takes up the remainder of the capsule, and its
length MUST NOT exceed 1024 bytes.  Senders that truncate an
application-supplied message MUST do so at a UTF-8 character boundary.</t>
          <t>If the Application Error Message exceeds 1024 bytes or is not valid UTF-8,
the receiver MUST reset the stream with code H3_MESSAGE_ERROR.</t>
        </dd>
      </dl>
      <t>Note that the Application Error Code field does not mirror the Error Code field
in QUIC's CONNECTION_CLOSE frame (<xref section="19.19" sectionFormat="of" target="RFC9000"/>) because
WebTransport application errors use a subset of the HTTP/3 Error Code space and
need to fit within those bounds, see <xref target="resetting-data-streams"/>.</t>
      <t>An endpoint that sends a WT_CLOSE_SESSION capsule MUST immediately send a FIN on
the CONNECT Stream.  The endpoint MAY also send a STOP_SENDING with error code
WT_SESSION_GONE to indicate it is no longer reading from the CONNECT stream.
The recipient MUST either close or reset the stream in response.  After receiving
the WT_CLOSE_SESSION capsule, the receiver MAY send a STOP_SENDING with error code
WT_SESSION_GONE.  If any additional
stream data is received on the CONNECT stream after receiving a WT_CLOSE_SESSION
capsule, the stream MUST be reset with code H3_MESSAGE_ERROR.</t>
      <t>Cleanly terminating a CONNECT stream without a WT_CLOSE_SESSION capsule SHALL be
semantically equivalent to terminating it with a WT_CLOSE_SESSION capsule that
has an error code of 0 and an empty error string.</t>
      <t>In some scenarios, an endpoint might want to send a WT_CLOSE_SESSION with
detailed close information and then immediately close the underlying QUIC
connection.  If the endpoint were to do both of those simultaneously, the peer
could potentially receive the CONNECTION_CLOSE before receiving the
WT_CLOSE_SESSION, thus never receiving the application error data contained in
the latter.  To avoid this, the endpoint SHOULD wait until all CONNECT streams
have been closed by the peer before sending the CONNECTION_CLOSE; this gives
WT_CLOSE_SESSION properties similar to that of the QUIC CONNECTION_CLOSE
mechanism as a best-effort mechanism of delivering application close metadata.</t>
    </section>
    <section anchor="considerations-for-future-versions">
      <name>Considerations for Future Versions</name>
      <t>Future versions of WebTransport that change the syntax of the CONNECT requests
used to establish WebTransport sessions will need to modify the upgrade token
used to identify WebTransport, allowing servers to offer multiple versions
simultaneously (see <xref target="upgrade-token"/>).</t>
      <t>Servers that support future incompatible versions of WebTransport signal that
support by changing the codepoint used for the SETTINGS_WT_ENABLED setting (see
<xref target="http3-settings"/>).  Clients can select the associated upgrade token, if
applicable, to use when establishing a new session, ensuring that servers will
always know the syntax in use for every incoming request.</t>
      <t>Changes to future stream formats require changes to the Unidirectional Stream
type (see <xref target="unidirectional-streams"/>) and Bidirectional Stream signal value
(see <xref target="bidirectional-streams"/>) to allow recipients of incoming frames to
determine the WebTransport version, and corresponding wire format, used for the
session associated with that stream.</t>
      <section anchor="negotiating-draft-version">
        <name>Negotiating the Draft Version</name>
        <t>[[RFC editor: please remove this section before publication.]]</t>
        <t>The wire format aspects of the protocol are negotiated by changing the codepoint
used for the SETTINGS_WT_ENABLED setting.  Each draft version defines a distinct
codepoint for SETTINGS_WT_ENABLED.  Both the client and the server MUST send
SETTINGS_WT_ENABLED with the codepoint corresponding to their supported draft
version.  An endpoint that supports multiple draft versions sends a
SETTINGS_WT_ENABLED value for each supported version, as each version uses a
different setting identifier.  The highest version supported by both endpoints
is selected.</t>
        <t>Because data streams can arrive at the server before the CONNECT request that
establishes the associated session, and the wire format of the stream header
depends on the negotiated version, the server needs to know the client's version
before processing any incoming WebTransport streams.  For this reason, the
server MUST NOT process any incoming WebTransport requests until the client's
SETTINGS have been received.</t>
      </section>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>WebTransport over HTTP/3 satisfies all of the security requirements imposed by
<xref target="OVERVIEW"/> on WebTransport protocols, thus providing a secure framework for
client-server communication in cases when the application is potentially
untrusted.</t>
      <t>WebTransport over HTTP/3 requires explicit opt-in through the use of an HTTP/3
setting; this avoids potential protocol confusion attacks by ensuring the HTTP/3
server explicitly supports it.  It also requires the use of the Origin header
for browser traffic, providing the server with the ability to deny access to
Web-based applications that do not originate from a trusted origin.</t>
      <t>Just like HTTP traffic going over HTTP/3, WebTransport pools traffic to
different origins within a single connection.  Different origins imply different
trust domains, meaning that the implementations have to treat each transport as
potentially hostile towards others on the same connection.  One potential attack
is a resource exhaustion attack: since all of the WebTransport sessions share
both congestion control and flow control context, a single application
aggressively using up those resources can cause other sessions to stall.  A
WebTransport endpoint MUST implement flow control mechanisms if it allows a
WebTransport session to share the transport connection with other WebTransport
sessions.  WebTransport endpoints SHOULD implement a fairness scheme that
ensures that each session that shares a transport connection gets a reasonable
share of controlled resources; this applies both to sending data and to opening
new streams.</t>
      <t>An application could attempt to exhaust resources by opening too many
WebTransport sessions at once.  In cases when the application is untrusted, a
WebTransport client SHOULD limit the number of outgoing sessions it will open.</t>
      <t>Note that the security considerations of HTTP/3 <xref target="HTTP3"/> apply to WebTransport
over HTTP/3.  In particular, the denial-of-service considerations in
<xref section="10.5" sectionFormat="of" target="HTTP3"/> are relevant.  WebTransport extends HTTP/3 with
additional features that have legitimate uses but can become a burden when they
are used unnecessarily or to excess.</t>
      <t>WebTransport introduces new interaction modes that permit either endpoint to
send streams and datagrams to its peer.  This is particularly novel for clients,
which previously had limited exposure to unsolicited server-initiated traffic
beyond server push (see <xref section="4.6" sectionFormat="of" target="HTTP3"/>).  An endpoint that does not
monitor use of these features exposes itself to a risk of denial-of-service
attack.  Implementations SHOULD track the use of WebTransport features, such as
the number of incoming streams and datagrams, and set limits on their use.  An
endpoint MAY treat activity that is suspicious as a connection error of type
H3_EXCESSIVE_LOAD.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document registers an upgrade token (<xref target="upgrade-token"/>), HTTP/3
settings (<xref target="http3-settings"/>), an HTTP/3 stream type
(<xref target="iana-stream-type"/>), an HTTP/3 error code (<xref target="iana-error-code"/>),
and an HTTP header field (<xref target="iana-http"/>).</t>
      <section anchor="upgrade-token">
        <name>Upgrade Token Registration</name>
        <t>The following entry is added to the "Hypertext Transfer Protocol (HTTP) Upgrade
Token Registry" registry established by Section 16.7 of <xref target="HTTP"/>.</t>
        <t>The "webtransport-h3" label identifies HTTP/3 used as a protocol for
WebTransport:</t>
        <dl>
          <dt>Value:</dt>
          <dd>
            <t>webtransport-h3</t>
          </dd>
          <dt>Description:</dt>
          <dd>
            <t>WebTransport over HTTP/3</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document</t>
          </dd>
        </dl>
      </section>
      <section anchor="http3-settings">
        <name>HTTP/3 SETTINGS Parameter Registration</name>
        <t>The following entry is added to the "HTTP/3 Settings" registry established by
<xref target="HTTP3"/>:</t>
        <dl>
          <dt>Setting Name:</dt>
          <dd>
            <t>SETTINGS_WT_ENABLED</t>
          </dd>
          <dt>Value:</dt>
          <dd>
            <t>0x2c7cf000</t>
          </dd>
          <dt>Default:</dt>
          <dd>
            <t>0</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
          <dt>Setting Name:</dt>
          <dd>
            <t>SETTINGS_WT_INITIAL_MAX_STREAMS_UNI</t>
          </dd>
          <dt>Value:</dt>
          <dd>
            <t>0x2b64</t>
          </dd>
          <dt>Default:</dt>
          <dd>
            <t>0</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
          <dt>Setting Name:</dt>
          <dd>
            <t>SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI</t>
          </dd>
          <dt>Value:</dt>
          <dd>
            <t>0x2b65</t>
          </dd>
          <dt>Default:</dt>
          <dd>
            <t>0</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
          <dt>Setting Name:</dt>
          <dd>
            <t>SETTINGS_WT_INITIAL_MAX_DATA</t>
          </dd>
          <dt>Value:</dt>
          <dd>
            <t>0x2b61</t>
          </dd>
          <dt>Default:</dt>
          <dd>
            <t>0</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
        </dl>
      </section>
      <section anchor="frame-type-registration">
        <name>Frame Type Registration</name>
        <t>The following entry is added to the "HTTP/3 Frame Type" registry established by
<xref target="HTTP3"/>:</t>
        <t>The <tt>WT_STREAM</tt> frame is reserved for the purpose of avoiding
collision with WebTransport HTTP/3 extensions:</t>
        <dl>
          <dt>Value:</dt>
          <dd>
            <t>0x41</t>
          </dd>
          <dt>Frame Type:</dt>
          <dd>
            <t>WT_STREAM</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
        </dl>
      </section>
      <section anchor="iana-stream-type">
        <name>Stream Type Registration</name>
        <t>The following entry is added to the "HTTP/3 Stream Type" registry established by
<xref target="HTTP3"/>:</t>
        <t>The "WebTransport stream" type allows unidirectional streams to be used by
WebTransport:</t>
        <dl>
          <dt>Value:</dt>
          <dd>
            <t>0x54</t>
          </dd>
          <dt>Stream Type:</dt>
          <dd>
            <t>WebTransport stream</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document</t>
          </dd>
          <dt>Sender:</dt>
          <dd>
            <t>Both</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
        </dl>
      </section>
      <section anchor="iana-error-code">
        <name>HTTP/3 Error Code Registration</name>
        <t>The following entries are added to the "HTTP/3 Error Code" registry established
by <xref target="HTTP3"/>:</t>
        <dl>
          <dt>Name:</dt>
          <dd>
            <t>WT_BUFFERED_STREAM_REJECTED</t>
          </dd>
          <dt>Value:</dt>
          <dd>
            <t>0x3994bd84</t>
          </dd>
          <dt>Description:</dt>
          <dd>
            <t>WebTransport data stream rejected due to lack of associated session.</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document.</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
          <dt>Name:</dt>
          <dd>
            <t>WT_SESSION_GONE</t>
          </dd>
          <dt>Value:</dt>
          <dd>
            <t>0x170d7b68</t>
          </dd>
          <dt>Description:</dt>
          <dd>
            <t>WebTransport data stream aborted because the associated WebTransport session
has been closed.  Also used to indicate that the endpoint is no longer
reading from the CONNECT stream.</t>
          </dd>
          <dt>Specification:</dt>
          <dd>
            <t>This document.</t>
          </dd>
          <dt>Name:</dt>
          <dd>
            <t>WT_FLOW_CONTROL_ERROR</t>
          </dd>
          <dt>Value:</dt>
          <dd>
            <t>0x045d4487</t>
          </dd>
          <dt>Description:</dt>
          <dd>
            <t>WebTransport session aborted because a flow control error was encountered.</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document.</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
          <dt>Name:</dt>
          <dd>
            <t>WT_ALPN_ERROR</t>
          </dd>
          <dt>Value:</dt>
          <dd>
            <t>0x0817b3dd</t>
          </dd>
          <dt>Description:</dt>
          <dd>
            <t>WebTransport session aborted because application protocol negotiation failed.</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document.</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
          <dt>Name:</dt>
          <dd>
            <t>WT_REQUIREMENTS_NOT_MET</t>
          </dd>
          <dt>Value:</dt>
          <dd>
            <t>0x212c0d48</t>
          </dd>
          <dt>Description:</dt>
          <dd>
            <t>HTTP/3 connection closed because the features required for WebTransport are
not supported.  Either the client or server is missing required SETTINGS or
transport parameters needed for WebTransport.</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document.</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
        </dl>
        <t>In addition, the following range of entries is registered:</t>
        <dl>
          <dt>Name:</dt>
          <dd>
            <t>WT_APPLICATION_ERROR</t>
          </dd>
          <dt>Value:</dt>
          <dd>
            <t>0x52e4a40fa8db to 0x52e5ac983162 inclusive, with the exception of
the codepoints of form 0x1f * N + 0x21.</t>
          </dd>
          <dt>Description:</dt>
          <dd>
            <t>WebTransport application error codes.</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document.</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
        </dl>
      </section>
      <section anchor="capsule-types">
        <name>Capsule Types</name>
        <t>The following entries are added to the "HTTP Capsule Types" registry established
by <xref target="HTTP-DATAGRAM"/>:</t>
        <t>The <tt>WT_CLOSE_SESSION</tt> capsule.</t>
        <dl spacing="compact">
          <dt>Value:</dt>
          <dd>
            <t>0x2843</t>
          </dd>
          <dt>Capsule Type:</dt>
          <dd>
            <t>WT_CLOSE_SESSION</t>
          </dd>
          <dt>Status:</dt>
          <dd>
            <t>permanent</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
          <dt>Notes:</dt>
          <dd>
            <t>None</t>
          </dd>
        </dl>
        <t>The <tt>WT_DRAIN_SESSION</tt> capsule.</t>
        <dl spacing="compact">
          <dt>Value:</dt>
          <dd>
            <t>0x78ae</t>
          </dd>
          <dt>Capsule Type:</dt>
          <dd>
            <t>WT_DRAIN_SESSION</t>
          </dd>
          <dt>Status:</dt>
          <dd>
            <t>provisional (when this document is approved this will become permanent)</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
          <dt>Notes:</dt>
          <dd>
            <t>None</t>
          </dd>
        </dl>
        <t>The <tt>WT_MAX_STREAMS</tt> capsule:</t>
        <dl spacing="compact">
          <dt>Value:</dt>
          <dd>
            <t>0x190B4D3F..0x190B4D40</t>
          </dd>
          <dt>Capsule Type:</dt>
          <dd>
            <t><iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref></t>
          </dd>
          <dt>Status:</dt>
          <dd>
            <t>permanent</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
          <dt>Notes:</dt>
          <dd>
            <t>None</t>
          </dd>
        </dl>
        <t>The <tt>WT_STREAMS_BLOCKED</tt> capsule:</t>
        <dl spacing="compact">
          <dt>Value:</dt>
          <dd>
            <t>0x190B4D43..0x190B4D44</t>
          </dd>
          <dt>Capsule Type:</dt>
          <dd>
            <t><iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref></t>
          </dd>
          <dt>Status:</dt>
          <dd>
            <t>permanent</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
          <dt>Notes:</dt>
          <dd>
            <t>None</t>
          </dd>
        </dl>
        <t>The <tt>WT_MAX_DATA</tt> capsule:</t>
        <dl spacing="compact">
          <dt>Value:</dt>
          <dd>
            <t>0x190B4D3D</t>
          </dd>
          <dt>Capsule Type:</dt>
          <dd>
            <t><iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref></t>
          </dd>
          <dt>Status:</dt>
          <dd>
            <t>permanent</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
          <dt>Notes:</dt>
          <dd>
            <t>None</t>
          </dd>
        </dl>
        <t>The <tt>WT_DATA_BLOCKED</tt> capsule:</t>
        <dl spacing="compact">
          <dt>Value:</dt>
          <dd>
            <t>0x190B4D41</t>
          </dd>
          <dt>Capsule Type:</dt>
          <dd>
            <t><iref item="WT_DATA_BLOCKED"/><xref target="WT_DATA_BLOCKED" format="none">WT_DATA_BLOCKED</xref></t>
          </dd>
          <dt>Status:</dt>
          <dd>
            <t>permanent</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
          <dt>Notes:</dt>
          <dd>
            <t>None</t>
          </dd>
        </dl>
      </section>
      <section anchor="iana-http">
        <name>Protocol Negotiation HTTP Header Fields</name>
        <t>The following HTTP header fields are used for negotiating a protocol
(<xref target="protocol-negotiation"/>).  These are added to the "HTTP Field Name" registry
established in <xref section="18.4" sectionFormat="of" target="HTTP"/>:</t>
        <t>The <tt>WT-Available-Protocols</tt> field:</t>
        <dl spacing="compact">
          <dt>Field Name:</dt>
          <dd>
            <t>WT-Available-Protocols</t>
          </dd>
          <dt>Status:</dt>
          <dd>
            <t>permanent</t>
          </dd>
          <dt>Structured Type:</dt>
          <dd>
            <t>List</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t><xref target="protocol-negotiation"/></t>
          </dd>
          <dt>Comments:</dt>
          <dd>
            <t>None</t>
          </dd>
        </dl>
        <t>The <tt>WT-Protocol</tt> field:</t>
        <dl spacing="compact">
          <dt>Field Name:</dt>
          <dd>
            <t>WT-Protocol</t>
          </dd>
          <dt>Status:</dt>
          <dd>
            <t>permanent</t>
          </dd>
          <dt>Structured Type:</dt>
          <dd>
            <t>Item</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t><xref target="protocol-negotiation"/></t>
          </dd>
          <dt>Comments:</dt>
          <dd>
            <t>None</t>
          </dd>
        </dl>
      </section>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="OVERVIEW">
          <front>
            <title>The WebTransport Protocol Framework</title>
            <author fullname="Eric Kinnear" initials="E." surname="Kinnear">
              <organization>Apple Inc.</organization>
            </author>
            <author fullname="Victor Vasiliev" initials="V." surname="Vasiliev">
              <organization>Google</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   The WebTransport Protocol Framework enables clients constrained by
   the Web security model to communicate with a remote server using a
   secure multiplexed transport.  It consists of a set of individual
   protocols that are safe to expose to untrusted applications, combined
   with an abstract model that allows them to be used interchangeably.

   This document defines the overall requirements on the protocols used
   in WebTransport, as well as the common features of the protocols,
   support for some of which may be optional.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-webtrans-overview-12"/>
        </reference>
        <reference anchor="HTTP3">
          <front>
            <title>HTTP/3</title>
            <author fullname="M. Bishop" initials="M." role="editor" surname="Bishop"/>
            <date month="June" year="2022"/>
            <abstract>
              <t>The QUIC transport protocol has several features that are desirable in a transport for HTTP, such as stream multiplexing, per-stream flow control, and low-latency connection establishment. This document describes a mapping of HTTP semantics over QUIC. This document also identifies HTTP/2 features that are subsumed by QUIC and describes how HTTP/2 extensions can be ported to HTTP/3.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9114"/>
          <seriesInfo name="DOI" value="10.17487/RFC9114"/>
        </reference>
        <reference anchor="RFC9000">
          <front>
            <title>QUIC: A UDP-Based Multiplexed and Secure Transport</title>
            <author fullname="J. Iyengar" initials="J." role="editor" surname="Iyengar"/>
            <author fullname="M. Thomson" initials="M." role="editor" surname="Thomson"/>
            <date month="May" year="2021"/>
            <abstract>
              <t>This document defines the core of the QUIC transport protocol. QUIC provides applications with flow-controlled streams for structured communication, low-latency connection establishment, and network path migration. QUIC includes security measures that ensure confidentiality, integrity, and availability in a range of deployment circumstances. Accompanying documents describe the integration of TLS for key negotiation, loss detection, and an exemplary congestion control algorithm.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9000"/>
          <seriesInfo name="DOI" value="10.17487/RFC9000"/>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
        <reference anchor="RFC9114">
          <front>
            <title>HTTP/3</title>
            <author fullname="M. Bishop" initials="M." role="editor" surname="Bishop"/>
            <date month="June" year="2022"/>
            <abstract>
              <t>The QUIC transport protocol has several features that are desirable in a transport for HTTP, such as stream multiplexing, per-stream flow control, and low-latency connection establishment. This document describes a mapping of HTTP semantics over QUIC. This document also identifies HTTP/2 features that are subsumed by QUIC and describes how HTTP/2 extensions can be ported to HTTP/3.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9114"/>
          <seriesInfo name="DOI" value="10.17487/RFC9114"/>
        </reference>
        <reference anchor="RFC3986">
          <front>
            <title>Uniform Resource Identifier (URI): Generic Syntax</title>
            <author fullname="T. Berners-Lee" initials="T." surname="Berners-Lee"/>
            <author fullname="R. Fielding" initials="R." surname="Fielding"/>
            <author fullname="L. Masinter" initials="L." surname="Masinter"/>
            <date month="January" year="2005"/>
            <abstract>
              <t>A Uniform Resource Identifier (URI) is a compact sequence of characters that identifies an abstract or physical resource. This specification defines the generic URI syntax and a process for resolving URI references that might be in relative form, along with guidelines and security considerations for the use of URIs on the Internet. The URI syntax defines a grammar that is a superset of all valid URIs, allowing an implementation to parse the common components of a URI reference without knowing the scheme-specific requirements of every possible identifier. This specification does not define a generative grammar for URIs; that task is performed by the individual specifications of each URI scheme. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="66"/>
          <seriesInfo name="RFC" value="3986"/>
          <seriesInfo name="DOI" value="10.17487/RFC3986"/>
        </reference>
        <reference anchor="RFC9220">
          <front>
            <title>Bootstrapping WebSockets with HTTP/3</title>
            <author fullname="R. Hamilton" initials="R." surname="Hamilton"/>
            <date month="June" year="2022"/>
            <abstract>
              <t>The mechanism for running the WebSocket Protocol over a single stream of an HTTP/2 connection is equally applicable to HTTP/3, but the HTTP-version-specific details need to be specified. This document describes how the mechanism is adapted for HTTP/3.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9220"/>
          <seriesInfo name="DOI" value="10.17487/RFC9220"/>
        </reference>
        <reference anchor="HTTP-DATAGRAM">
          <front>
            <title>HTTP Datagrams and the Capsule Protocol</title>
            <author fullname="D. Schinazi" initials="D." surname="Schinazi"/>
            <author fullname="L. Pardue" initials="L." surname="Pardue"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>This document describes HTTP Datagrams, a convention for conveying multiplexed, potentially unreliable datagrams inside an HTTP connection.</t>
              <t>In HTTP/3, HTTP Datagrams can be sent unreliably using the QUIC DATAGRAM extension. When the QUIC DATAGRAM frame is unavailable or undesirable, HTTP Datagrams can be sent using the Capsule Protocol, which is a more general convention for conveying data in HTTP connections.</t>
              <t>HTTP Datagrams and the Capsule Protocol are intended for use by HTTP extensions, not applications.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9297"/>
          <seriesInfo name="DOI" value="10.17487/RFC9297"/>
        </reference>
        <reference anchor="QUIC-DATAGRAM">
          <front>
            <title>An Unreliable Datagram Extension to QUIC</title>
            <author fullname="T. Pauly" initials="T." surname="Pauly"/>
            <author fullname="E. Kinnear" initials="E." surname="Kinnear"/>
            <author fullname="D. Schinazi" initials="D." surname="Schinazi"/>
            <date month="March" year="2022"/>
            <abstract>
              <t>This document defines an extension to the QUIC transport protocol to add support for sending and receiving unreliable datagrams over a QUIC connection.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9221"/>
          <seriesInfo name="DOI" value="10.17487/RFC9221"/>
        </reference>
        <reference anchor="RESET-STREAM-AT">
          <front>
            <title>QUIC Stream Resets with Partial Delivery</title>
            <author fullname="Marten Seemann" initials="M." surname="Seemann">
         </author>
            <author fullname="Kazuho Oku" initials="K." surname="Oku">
              <organization>Fastly</organization>
            </author>
            <date day="4" month="July" year="2026"/>
            <abstract>
              <t>   QUIC defines a RESET_STREAM frame to abort sending on a stream.  When
   a sender resets a stream, it also stops retransmitting STREAM frames
   for this stream in the event of packet loss.  On the receiving side,
   there is no guarantee that any data sent on that stream is delivered.

   This document defines a new QUIC frame, the RESET_STREAM_AT frame,
   that allows resetting a stream, while guaranteeing delivery of stream
   data up to a certain byte offset.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-quic-reliable-stream-reset-09"/>
        </reference>
        <reference anchor="HTTP">
          <front>
            <title>HTTP Semantics</title>
            <author fullname="R. Fielding" initials="R." role="editor" surname="Fielding"/>
            <author fullname="M. Nottingham" initials="M." role="editor" surname="Nottingham"/>
            <author fullname="J. Reschke" initials="J." role="editor" surname="Reschke"/>
            <date month="June" year="2022"/>
            <abstract>
              <t>The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document describes the overall architecture of HTTP, establishes common terminology, and defines aspects of the protocol that are shared by all versions. In this definition are core protocol elements, extensibility mechanisms, and the "http" and "https" Uniform Resource Identifier (URI) schemes.</t>
              <t>This document updates RFC 3864 and obsoletes RFCs 2818, 7231, 7232, 7233, 7235, 7538, 7615, 7694, and portions of 7230.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="97"/>
          <seriesInfo name="RFC" value="9110"/>
          <seriesInfo name="DOI" value="10.17487/RFC9110"/>
        </reference>
        <reference anchor="RFC8441">
          <front>
            <title>Bootstrapping WebSockets with HTTP/2</title>
            <author fullname="P. McManus" initials="P." surname="McManus"/>
            <date month="September" year="2018"/>
            <abstract>
              <t>This document defines a mechanism for running the WebSocket Protocol (RFC 6455) over a single stream of an HTTP/2 connection.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8441"/>
          <seriesInfo name="DOI" value="10.17487/RFC8441"/>
        </reference>
        <reference anchor="RFC6454">
          <front>
            <title>The Web Origin Concept</title>
            <author fullname="A. Barth" initials="A." surname="Barth"/>
            <date month="December" year="2011"/>
            <abstract>
              <t>This document defines the concept of an "origin", which is often used as the scope of authority or privilege by user agents. Typically, user agents isolate content retrieved from different origins to prevent malicious web site operators from interfering with the operation of benign web sites. In addition to outlining the principles that underlie the concept of origin, this document details how to determine the origin of a URI and how to serialize an origin into a string. It also defines an HTTP header field, named "Origin", that indicates which origins are associated with an HTTP request. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6454"/>
          <seriesInfo name="DOI" value="10.17487/RFC6454"/>
        </reference>
        <reference anchor="FIELDS">
          <front>
            <title>Structured Field Values for HTTP</title>
            <author fullname="M. Nottingham" initials="M." surname="Nottingham"/>
            <author fullname="P-H. Kamp" surname="P-H. Kamp"/>
            <date month="September" year="2024"/>
            <abstract>
              <t>This document describes a set of data types and associated algorithms that are intended to make it easier and safer to define and handle HTTP header and trailer fields, known as "Structured Fields", "Structured Headers", or "Structured Trailers". It is intended for use by specifications of new HTTP fields.</t>
              <t>This document obsoletes RFC 8941.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9651"/>
          <seriesInfo name="DOI" value="10.17487/RFC9651"/>
        </reference>
        <reference anchor="RFC9218">
          <front>
            <title>Extensible Prioritization Scheme for HTTP</title>
            <author fullname="K. Oku" initials="K." surname="Oku"/>
            <author fullname="L. Pardue" initials="L." surname="Pardue"/>
            <date month="June" year="2022"/>
            <abstract>
              <t>This document describes a scheme that allows an HTTP client to communicate its preferences for how the upstream server prioritizes responses to its requests, and also allows a server to hint to a downstream intermediary how its responses should be prioritized when they are forwarded. This document defines the Priority header field for communicating the initial priority in an HTTP version-independent manner, as well as HTTP/2 and HTTP/3 frames for reprioritizing responses. These share a common format structure that is designed to provide future extensibility.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9218"/>
          <seriesInfo name="DOI" value="10.17487/RFC9218"/>
        </reference>
        <reference anchor="RFC8446">
          <front>
            <title>The Transport Layer Security (TLS) Protocol Version 1.3</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <date month="August" year="2018"/>
            <abstract>
              <t>This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
              <t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8446"/>
          <seriesInfo name="DOI" value="10.17487/RFC8446"/>
        </reference>
        <reference anchor="RFC6585">
          <front>
            <title>Additional HTTP Status Codes</title>
            <author fullname="M. Nottingham" initials="M." surname="Nottingham"/>
            <author fullname="R. Fielding" initials="R." surname="Fielding"/>
            <date month="April" year="2012"/>
            <abstract>
              <t>This document specifies additional HyperText Transfer Protocol (HTTP) status codes for a variety of common situations. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6585"/>
          <seriesInfo name="DOI" value="10.17487/RFC6585"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC9308">
          <front>
            <title>Applicability of the QUIC Transport Protocol</title>
            <author fullname="M. Kühlewind" initials="M." surname="Kühlewind"/>
            <author fullname="B. Trammell" initials="B." surname="Trammell"/>
            <date month="September" year="2022"/>
            <abstract>
              <t>This document discusses the applicability of the QUIC transport protocol, focusing on caveats impacting application protocol development and deployment over QUIC. Its intended audience is designers of application protocol mappings to QUIC and implementors of these application protocols.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9308"/>
          <seriesInfo name="DOI" value="10.17487/RFC9308"/>
        </reference>
        <reference anchor="ORIGIN">
          <front>
            <title>The WebSocket Protocol</title>
            <author fullname="I. Fette" initials="I." surname="Fette"/>
            <author fullname="A. Melnikov" initials="A." surname="Melnikov"/>
            <date month="December" year="2011"/>
            <abstract>
              <t>The WebSocket Protocol enables two-way communication between a client running untrusted code in a controlled environment to a remote host that has opted-in to communications from that code. The security model used for this is the origin-based security model commonly used by web browsers. The protocol consists of an opening handshake followed by basic message framing, layered over TCP. The goal of this technology is to provide a mechanism for browser-based applications that need two-way communication with servers that does not rely on opening multiple HTTP connections (e.g., using XMLHttpRequest or s and long polling). [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6455"/>
          <seriesInfo name="DOI" value="10.17487/RFC6455"/>
        </reference>
        <reference anchor="WEBTRANS-H2">
          <front>
            <title>WebTransport over HTTP/2</title>
            <author fullname="Alan Frindell" initials="A." surname="Frindell">
              <organization>Facebook Inc.</organization>
            </author>
            <author fullname="Eric Kinnear" initials="E." surname="Kinnear">
              <organization>Apple Inc.</organization>
            </author>
            <author fullname="Tommy Pauly" initials="T." surname="Pauly">
              <organization>Apple Inc.</organization>
            </author>
            <author fullname="Martin Thomson" initials="M." surname="Thomson">
              <organization>Mozilla</organization>
            </author>
            <author fullname="Victor Vasiliev" initials="V." surname="Vasiliev">
              <organization>Google</organization>
            </author>
            <author fullname="Woo Xie" initials="W." surname="Xie">
              <organization>Facebook Inc.</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   WebTransport defines a set of low-level communications features
   designed for client-server interactions that are initiated by Web
   clients.  This document describes a protocol that can provide many of
   the capabilities of WebTransport over HTTP/2.  This protocol enables
   the use of WebTransport when a UDP-based protocol is not available.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-webtrans-http2-14"/>
        </reference>
        <reference anchor="RFC7301">
          <front>
            <title>Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension</title>
            <author fullname="S. Friedl" initials="S." surname="Friedl"/>
            <author fullname="A. Popov" initials="A." surname="Popov"/>
            <author fullname="A. Langley" initials="A." surname="Langley"/>
            <author fullname="E. Stephan" initials="E." surname="Stephan"/>
            <date month="July" year="2014"/>
            <abstract>
              <t>This document describes a Transport Layer Security (TLS) extension for application-layer protocol negotiation within the TLS handshake. For instances in which multiple application protocols are supported on the same TCP or UDP port, this extension allows the application layer to negotiate which protocol will be used within the TLS connection.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7301"/>
          <seriesInfo name="DOI" value="10.17487/RFC7301"/>
        </reference>
        <reference anchor="I-D.ietf-httpapi-ratelimit-headers">
          <front>
            <title>RateLimit header fields for HTTP</title>
            <author fullname="Roberto Polli" initials="R." surname="Polli">
              <organization>Team Digitale, Italian Government</organization>
            </author>
            <author fullname="Alex Martínez Ruiz" initials="A. M." surname="Ruiz">
              <organization>Red Hat</organization>
            </author>
            <author fullname="Darrel Miller" initials="D." surname="Miller">
              <organization>Microsoft</organization>
            </author>
            <date day="23" month="May" year="2026"/>
            <abstract>
              <t>   This document defines the RateLimit-Policy and RateLimit HTTP header
   fields for servers to advertise their quota policies and the current
   service limits, thereby allowing clients to avoid being throttled.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-httpapi-ratelimit-headers-11"/>
        </reference>
        <reference anchor="I-D.ietf-webtrans-http2">
          <front>
            <title>WebTransport over HTTP/2</title>
            <author fullname="Alan Frindell" initials="A." surname="Frindell">
              <organization>Facebook Inc.</organization>
            </author>
            <author fullname="Eric Kinnear" initials="E." surname="Kinnear">
              <organization>Apple Inc.</organization>
            </author>
            <author fullname="Tommy Pauly" initials="T." surname="Pauly">
              <organization>Apple Inc.</organization>
            </author>
            <author fullname="Martin Thomson" initials="M." surname="Thomson">
              <organization>Mozilla</organization>
            </author>
            <author fullname="Victor Vasiliev" initials="V." surname="Vasiliev">
              <organization>Google</organization>
            </author>
            <author fullname="Woo Xie" initials="W." surname="Xie">
              <organization>Facebook Inc.</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   WebTransport defines a set of low-level communications features
   designed for client-server interactions that are initiated by Web
   clients.  This document describes a protocol that can provide many of
   the capabilities of WebTransport over HTTP/2.  This protocol enables
   the use of WebTransport when a UDP-based protocol is not available.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-webtrans-http2-14"/>
        </reference>
      </references>
    </references>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA9V9aXfcxpXo9/oVCH3eiZTpbpMiJctS8hJKomxOJEpDUvbk
OD4U2I0mMeoGegA0KUaj99vfXatuYWlSnqw+ZyZiA6jl1q27L+Px2DV5s8ie
JD9m56dVWtSrsmqS8iqrku9PT99+vevS8/Mqu4pfGH+/62bltEiX8OWsSufN
OM+a+fg6O2/wnfFl06x2xzuPXLFenmfVEzdLm+yJm5ZFnRX1un6SNNU6czDs
rpvCo4uyunmS1M3MpVWWPkm2YLYkLWbJYdFkVZE1iZ97y11fwGoOnp0e7x+d
uKusWMPISXJRlesVf2neTZLmZpXhz2X1IS8uku/wNfx9meYL+F2XjK//ATcx
KasLfJ5W00t4jjupn3z9Nb6OP+VX2URf+xp/+Pq8Kq/r7Gs70Nc4wEXeXK7P
YQgGzYWHzteDEMPPFgCOujEztz+f8MCTvBwe6OuvLsrJ4NPJZbNcbLkP2c11
Wc0QeOPELt+l6+ayrOgB/F+S5AWc2P4keVnlxSxbLOhHPv39RVrEvwNgniSv
syalvzKGczrHV/4wP59My2U87sEk+WNeFFlamWEPqnwa/Uyj7q9WiwxwYjqx
Y2cf+L0/pPi4O8EPk+SHtM4XeXZlZvghnzZlFT+hSb4ry4tFZie4wneurv5w
QU9oAleU1TJtABueOJcXc/PXeDxO0vMaoDltnBu6V0leJ2lyDkBBrCznSXOZ
xZdwVZVNOS0XybyCBcNJfXCfPv3qzQ8Hxz8cHvz4u8Pxi0l8tjj6VZ5df/6c
NKVOA5/gv3Z/d/zy+bc7O3ufP0+S5LBxMPpVPsvqpF6vaDrYQrIu8lleZdMm
L4t0AfcRLuOyHsEye3+GC4oXO72o+M/FIlmuF00Op/AxmyXXgKd5QRurYQe6
IiACBY8FK7E7dlmRni9gSXiOOZAFeCWZwuEUTY1fIUjzAgY+v1FoJXU2XVd5
c5MsS0BA2DfQmOUS9oFUhVYAUK6yZQl/2WFrABWcxbpG6Kc8TGZX7/xtmPCR
LvPZDNDCfYU0qSpna9qCc7KrnwjKP/Ox+qObZXNaMczYlCs85v94d/gcDwWP
Y3t7G8/qMm2SaVo4PztBClb932ugBDVjTcpfRsA7vYTZgA6vlwAimQumd8ts
epkWeb2kQ/XD4laLshjT6HhuDB/FxwLmWKYwfCVLKgmta0dvDaMnrhOwY0nH
hDS7hmtTNPm0Tn5SbP0ZVvuOYA3jmPUBAk6r/BwgdJlV2civNZ4KbnGTFtMM
cAz2U2d1DfuHPwBoyXnmLM7VOf6VFlm5rhc3vMEqu1gD7WaowrHO50Bbyg5i
OgNbOOavktOsWuZFuSgvbpw7hZeFYNbJ1ut3J6dbI/7f5OgN/fv4AE7o+OAF
/vvk+/1Xr/w/9I2T79+8ewXPnfwrfPn8zevXB0cv+GP4NWn99Hr/T1t035Kt
N29PD98c7b/aSuhu5bXzGAC8E2/+eQaPgG2uqqwBkKS1ATN88+z522RnT3Dw
wc7Ot4CD/MfjnW+APrjry6zgycoCYUh/ArBu8AYBnSVUgbs+TVd5ky7w5gMZ
uSyvCzrFCQLLIua8XCyARSZNgKe/GDDUp08nDPVkZ/IAr4giDZCqmHzypWUk
E6z1P8HWZ3ndAIqt8/pSEAoX1lyX8NYqrYAguKoE+gLcqIi/l6Uh5+1SKdjf
9WUOOJnG1Eo+xQtfRLSFbk86nWYruBCtDSjq4uO6hmVe5Sl876LljJJVCS+e
L5DOgbxycYlT0Jkus1meVjcA4/2ih07iatYwyFjI+wwvzCy7yhblyv46BWoJ
l2neZIVbAzlb14ApI145fF/T3aAJ5+k0gxfnAE1LeMOeZOJeylv00FyiWwPE
mCd2d5tYj64UWMN6YQVIY1rHxDCHeV8CMLKP6RJoxYjQenA3zJxJsKsI910/
rEG4hB8XcFApSlB1DltflOmMMZvAKaPAiR1nuBmkY7joLR5li281b8bf6XB5
KvwI38dF9C0VP++Bywi+rFeIwXD4gi8Wg4BKNNdZhkTfDAQntl4xf1f4AhWp
ibTnTZ0t5nilUhdgjxDkAZhk4OOAE/S4NSIcxLFhGS7e72qRIoA8VhBGABDK
inHmBkc1G8nhZTpKkLbg7B3NryDABUXsyQgUPJj51C4dGUDyRuQpYgbIfUcR
oEeGDjlH3BnXS4Qs5vB5HUSMpstA6a7MgUQi0QHRYkGCFfz7Atg/4Rv/DICj
WURii+Uk4ufZR2SsFxlRFRHTnrgqW+QoWDFJr2ZyowBV5RUvgiDrMNyUr2od
3gMq61DSX2Xw//DE6xLobDobl/PxAuh5cr4op6RmzUo4l6KkXa7SCyQJinBw
nkvZipFCdQYEVRPhcj5lclKuG0JG5GQiSeRINNKLjBeqd/QcBHqQCIGT6Ki5
ZYFASwLL2cPXfo9Htbv9GBkOUeIuUR8v0hu6DHxmI8/AYLQt+uREpZ4tGB5/
wdGCrN+0aN4S/sBdoITGuBWxxF+1xHVdfp0AnxU0CIeCpHOGF2OaVnC1FY0I
J8oqEicJt5A0oCqeLIE4AvwAzvCQKJMI7Cj5IWhI92COG5YwA+UuX9QBwg6f
B46ZLPJ5Nr2ZAsoBTGD8JV+pPl6YwJoAOYFn0/XPi6tycUXrgCuuF7OhNdE2
+ByYveA+ynU1zYS2o0KA3C+BKVUYLZF89NH4esSU1k8Ewjz+ucR30oIVIq9e
wC5rYtxEVHMi+QBvNGbgpb6UJeqC4MRBbF4sCE9LXFS0BCTHC8Ro4OzR0oRY
sRRCKwCqm8CdntWX6QflWgGr4LRg7JFHWsKDeRCS4X+b9SrIcsAe82XKKiWu
7Ty7KeEZrl+vpKLVeXYBo4sGpfiBR44XHkCKBEQoB2zzA2H4UhmVP1QUyXkp
wvcr1KkLHEB0XuENckXOy9kNyVvTS0JmIO8Of1+lN8hXifbB8XmJwF4pVuYi
OIuOBNcWxS08FVAQ0JCDC4U3T4BcZapiEVh3Jki8f//m+PC7wyNUmh/tPXz4
+TNBHlkQyW26zTVuZHFDkAz0FPfCqiywQxCxAFaAhaCaIKG7TK+AYZYog5Bw
jlw5bwChnD/lCWsbhOliHGAKwec+6rL8XOXvvHCfPs3zYCwiax2NVBMpeYOH
mPZKpbTscG4jK/LIutHKAljExgADC1werPr/+f+SNK2vLtxofMt/I/c/ifkv
Wpb89z/dUdo/4CgxDU6iYWkU+QVhJz/1vHIioDihawOvHEU77lvLwERyR/sn
6ozyfjNcEuH88Sjtjzr//dqciPv0JPlqADMSsgH/LjKdJq8E/bY+o/zzVfIa
SUf+F0TIQ8ReJNd8754TNn8EMtki8ZfAzZXiGDIbzA5GggLcfK6SGdkQSPhz
KJR4049n+USH5lnarCsWpom4AUGtMyWhzA7lngGraC1MrtoT536TfJcVsDTk
NF+DmqhWCs8wlxkMDMoRjA4SzyptLkdGDihXYhV7U+VAMJ1Qx3meLWYiERc3
cHHwqqDYbZ/Xk43TC4+GK9msa1LZBsdzSRjxR1JWBf+AaJcz5SfC7WuhlP/x
dv/5H4ULTv0ZeqsKnzdJgT8i14EbkOVX8OGoTUBAGlyVcMD0KWjhJGzObgrg
MVOQXHDsSrk9XE+QR0H9AGluuUZ5ZHGd3gQzJO42nybxV4Qm6/kcbjeNhzZT
XRYoJzNalK6ipmXAuSAGFJlolrqexIw7cjKb/Y0EJp6LoYdz8RV4nq7q9SIb
P0uRzQ56TIZtvmSK8VJeS/FRUZjYICCeA42d7MpIsoHd8aEVZGZuSYAonakd
dpIceECImWlFSiQrWkHrQOB1WaZYG4seay3IxuV1RopVziryAuR/MVVkfXKO
mi5xloCTIjOuPapPBa7nBNeO8ZSY2u/V4zP+/kGP7Rv9Gg+IwyHrRJuPDtNj
G3IsPCApWQHMZrj2Dxm6CuIj8ZaQyEs0vtzd4g/cvU+fZIQx/fD58301Fn36
ZBYMOmD/WDKQcPwBOIhiBiPM1wsWCmP9l4QweP3jTa+IXXvViw7ggbWfRWau
FJX8JL0q8xkbYoqM6Sitd9FS4gjK13CbE/Z+1KSp0GoJMcKSc7y1q0V5Q1DN
iqu8KgtWyOs1CHp4LVBVmWa4r1pELaBGdGZJBZofqvZ5AWIrIM96inQ/qMEw
/XVakR/FC69AXbwKqqRFdQi4otnHBs6bYOP5BSGFOX44lHCT1DK2CV/tTV+U
8u45UPc5CvHl3Kl46DXoaUZAR2NqfHCyDfGgpEGcv0Rk1gvlDBVg1kBgOf8v
lFWaAdUcTumF0goknk3iL6Ib2BjNiUdaZYQJy7xpGGAsl6akQqiVZlYi1FW1
T9aFtz/M4B8Aoxs2r7/V4YOdpd/aC2PmaG7I5yL4p8CFc1Ig2FGJXOsqXayJ
Pzrk0PLnvY5Ovfvt40dwG0X9r5PdCV+H3cluZDC7T4wUbUM9lLAtKbMewyYx
ZEdowzg5OD09PPru5OzH07ODo/1nrw5eOFDGGtEI0e9HhlLrfhviG201Bs8C
7uZFCXpDI2RFhKJ0NstFIFEJIKA6Kax0EqSQBIbZlK4EjOxFwgG9Xc6FdJeG
IIz6DWz8AuDXBzOmuU5thdeXpcKq4DWi0fT5m6Ojg+enXvYSQ8iDB9tsCJkb
UDs1sRthrSOa9Os2Xhet0dgFpEXuEKrsSLfm64rMBsQ3RZYky9RvdIH8wW8Y
9/F6ywiHL1DJVHPMushhWSDtCP7eePj0LtI4TC3bxaXCuHi6STw/kyWrbN8y
/mLhNm5P9Z/DF79BGwUprwzxXhWRnsVylzdBEkUPpIWdQPiX9/7VJH3vq7WY
RH3YFYrrvR5npjO4KzSJE029BtG5vsxXiMEt9RHwjUmQeHjZbAOU86IgdYTN
XHlVN2zKmNBa5Bb/E6zlGV5RY5rvW1mvvz44tXkaWIxiy80qu2VovJJBlpSh
SHnwTAPGk6CC8Yv90/3vjvdfU3DBg2+/IQPq/uAN9F62WfC+9CE072/GUiZQ
DOClM7LIK3oeWJshMRP/C289ClYCsZ2IntCk54EmffoqM999bq+9/aWhZt5Q
Z0g/3CI5USHqbhNRN7EHxBWsAoy8Nh4K8MIIzF15NBJkEaOGSCp7S5zddyDp
9+oMJde2TNvx6PpQgz42l3g2h2fZx9IdCVKGCbIwPsQKhVrDpCmQa2Ht+BLS
lU0LgCVvbW+NgOIAvdEFmQNrS4iuNeu+zAWUd2tnyy83jpnB8a5ADkeTMbwY
+R5pwrzlf491jHvyzqh7qPcNSmCggcMrIvuvkwu6JBSrUdDy2H0VUBRIe8lW
Vrj2yfe7Zx5UB8fHb44nzo6NoQhJCmLdkvVmjx/9DuxEY0LcgGoEpKnJFxw1
QKZDth5kM4G/HBBDFDlwPI3CtyqX5sDaokh8mwAmHaTPi0j1DqfgrGShBmdF
a5wxAIuQ6kxGPHt7/Ob0zfM3r/y13bAmTyQsvsizQGNFelbrgnvrbUv4hCS1
4GT1b2v0QZ8cKUpOmAL4j5hJ7JUFlFAC7k+EER7+QiTYSdTm5q8ZO4SUUKgX
7cEEzeaAahFXYMoxbAxhjaIHRKTWGINGchpohZMXR7dBhjgZRjR9PNOhzmjx
Z3X+F+OHdRgasswa71USGET3a9u1dryLu/0VLrTFBB/s3LJt1IbYwY2LPT4A
yJ6dnB4f7L8+2z8V8EaWj1/RO2N+Z7x/GqwfALrpWLWrMXPQMbrrG7aEdNWM
kbsFaqIfkFynikOEPkBXgETcOJrmjOc8Q7Ia/Noent07F4GvtS8SHg5BBFkv
l2l1M/IKoKy931LlA2eKGcZeAs3exBGiE2ayHn9zy22/fYC+S9X+aIc+uRUz
k7thJowlh5Lc4VCcJ/u/FKz//Dv8809//gkuY5KBLlxWT5LVIkvJM7CEvYl7
W7UR/AzWt7oEvY/MF6v1uXq9Jj//7Bw6limSWqM76jabJ+/DyAeWEDtlEQ6g
1yug+IhKDtEmQX1OduhZxpZ01MhwibF86bweGW7wr/1JYjQZL/FpwtRKbQSw
0TFPJS/QXTvR+3VZrhczFITEk90RGSOBoMiu+yOsRhQYKAYI8sqQlqleB47X
RJ/uVabAjrahkMIcgCAvCOE9X2MoGG5Ew7yQzrZMAvpVGIs25Ngkpb7Xinx5
IkYhv0Gb9k0wBApSkyegB79qFuu+bMyecTiuTBZOSMPyHVoDI5UeKDTAHK0I
fQFuxiBTu2W6QGMsqubtsE8T8zKRQEsKWRadTdiBlwVvEwBzC3dzeAAX9+Ww
RlC3R+zh0PX/HuoTdzgPEWpeA7jGnYoHI7a/0LirdbUqUcJklEa6FHN4r89G
4WYd/Q8xG6eDpYwsF369/yfWc42R2q5BqON7oCESZvz64Oj05AxO6uz1wel7
EfbJR4ikI585OPJZdr6+uGAh9R9DE83V9JjlrZjFjevHaE93vBLRJRKMAueZ
d0xms6fuLlQP/Xh4z1gYPgJiJlYFuAUD4bp0bPZKGhapkdGxkZpUdQpceU9p
PO+Td8eHST29zFB4tlfxAV9FsqdIjsY2S5AgClGwHjmy1eLTJr66xo7hUxBL
TawcITRkFEA6Koqp/EKmOdS63z9RN8D7ZFVn61k5ti5s3AyFju/toeDLp3yu
GoRLkvct/fD9xA/M4HgvA+mXAjBvpyIgPvGG/vdeYoWVpc3lexEZzMRP8XGd
iUfc214xF4zMCDXRhr5YYh9PBpMf9qTkGFuW4C1pqD5U2ETCJu85IOA9TCsA
Y0g92nu49/mzX68PyTbG33Aqb5DcAG3KmFn4oWABmgcAmPJuVRr3/EaDuhIS
c6oMfjmwznGNLEWyNsjLbPpBaXaTVhdZ48HnDIZ/ExRDxA/vtGuZWg57ByL6
7KwPLw7ANeRFXN1VttK0Dxs3sbf90C5q5+Hk4eSRWZd6e2zcB0ZRpnnB5gA9
TTmA0WA4Ohlq4B8qpLU+7AsaFPGPgvXxXXatAy0my7zTMCur9Ce0RI6qE9DR
nBoKN8f4zO4i3R2BtZu0gbUXA8sbyhuEmgQqEElnxKgTL9NKELi8T5c3PmTm
yJhPwl+u0rrWo+XrJg5w9vewC5CWbjSPBx8/4hQYLmi2MmpFXESb2g1bgh29
VFOT5zSwK/UH3tGt5KUA8XIFcZQXqCE9GK4aW7a604UZomDKEoNBck/X42E5
isBcUnPAabJrXh0Z0xslyHk3QuuaROfOdtg+NhNMiOumxExISooQpw87+XUO
H2ewAn2jaDiUdkoaCLH0dAG8bnbDrmlyIqmpt/8Ewl14iqOCJIUSll6/nrSN
9LxcN45vOi9pEpRigBqSG/VrDgm/oJWOj09BlkkpfpS2ZLwZjmPGED1wNAxg
yznsvk7nHevZzvbkWyOOI5w10CbaM5p6yC/iZSAjGMsdqTA0G7Hdm05XVXaV
l+ta1bQNisE3II3sxapBW8ESn6uj7ffLd7DN9TQTHizBrXF6gwrsvESQeoMz
e5bM1pW6OXTpJoQ4VlSCyBxkZU5X7Ji7lVW1DJlezfSst14vMxvM7ng/TNw2
bAPDQqaXFDYhq+bnciu7dnKSyN6J3+aUjeYaJCS24BAjEdExxwkGxtAqV7Pz
GSJgAK1XUuJYBdeiTSSdaShIkBOs2GdNeYFGmAUp6tvomlgTwowBdDjChQBK
gTmLF0XZ96b3LyMkS0UvvAnF9EZzA4BEVg27yIfEY6NqYdDmEqOLOHeLTMWy
YW+ZbTkmRRMKUlZQ3n9dW+jtDyo8fCM4bj6tw4Sk5bgBoi43Tq9EuAnPaByP
v8Gg4qLTjUJJUUuR1SgvaXn3PY8tKzfL62laUS7bvP1elWGQEbtlv6K8fKWy
HveOVA0jR6vi0bgIP3/eYCanzL8ol9p8GGIIRokJ6MfNn746scsZUxhz/6Lu
7b96e3Tf2Lk/fcJMoG92t0GVISWCMhEl0w89sksYFxiLmk19hFqINfRxYuTD
4PwzwLBSUnXn60Kc9aDKaNSfx0s08CzWFEUDmv54/wprTqBpX5dfx7dQiZZy
nb/uaEELIYIwNAR/mxVANisfjeSDQguArgvggSk4GJWTSSoSpb01dFnWjTyv
bPwZyD6IkhQgQdJin8WPIwm9fJ73weBtS+kBUprih3ghMFDxHty8+/Yyw1w5
W4m6vC4MLdF408sSc9XmHUkS1+/zQWnmp3pO5xkIPTkIOC3aHFK0gpMasLae
3wQ1XcxMrey2DFgUrFyNu0ju+LJGyo3caDWD5WT+tVta5w15gvQQAFlJHR/E
A8T1GMZIbU40XHOWvCR1HB1aLw8PXr04IWvHo4c7xL0Gh6XcyVc54WE8PGa+
C0tMKYrssKHEwsOCXYPTtNZjo/QAYMewTbYWkEuchoYFcvDFfnHjzMNg6JNX
vMbeSHQKT8qGN0mg9Pybw9wdY5mk5At7S4lol8slK+gkgDFA0BGdqg3OCq56
Bs6SwKaUXCqfggCbOCpN9QWKexYIkREzSIsg1mQ57VDQ0TzTfcqCY20vNTlq
fUuMqDReQIN7wj6c4N4diVKNxVQQSdlEzJHn3s5NEZ+Njz21a9Yk5C9ccyRX
9uscxhqLLIQFzMgGG9my/RV2Q9QoThoZ3GjiN+pko+xysSTMKIOH0R1X4eJu
YI/dwkKNZrXZ+uDyOSAGL5IwlOjlQNii+RTpyiLTxEARr4X4A6keXLl8YIyZ
0c6NFh4vRa47Ish1WlsKSPcSo/oG58RlWRO+aykkvwxxvAqvdxi2hpr6VT5b
p17joPBSWOAmWuy6tHiWcQDeQD2FkLsaVGqNKneRLM8Ercou8GgqXsvh/tE+
sLot3FcQtw5f1FvyYgj7ztGQm/8l5fo5dwku5si3tlFzIqlORpMmWyMH9uw8
Bi0kTpsWSY/ZGq8iU82Zsx15c2R1YJpTdGJuRy3thBbFVB8ZBx0ZDsBeQvIc
SEgswYl0eKHfliGzqKjWGY5HUqrlTFS32hI4LbMdaNLx3NphSRhQsyZNLmfh
s8i8SV8B+pDiNBSc958GJzeRdoXiXzITI+LeHh++OT48/dPZu7egEB5oDrk1
CsfDMtMOcjiA5tMn/3jkmBSakjjCb7v5gloiAu8QKuNrysC+WOczyqLKWTQw
2uu30UpoKGuYiZ8iE0VDJeGHmm9vHKmPAlGQa4EEDPloR0Jf8Lno6vWoZaHt
z+mKh7PVFSjJAm0TKz1MjhzFk4gLQfUOHXJM+hb8lMTqMI63M5nyB30ste5P
xj6kgN7OQZLobuYgcS0FBRAEB3OMnWwY8owDWzXvwHmx5Ma1DzZWH7Pq19e+
2okAEbSZizbuBMx43EIbTMhgAlJLZnmXprUL0KQtCUWZVOCQresprJJtpemi
kcBzTJ0Ztnw4vyMi5Qsf0R/DbN1clFS3A8FGkaScHNFNgjJ3vp90a9KYUioi
vXRRNAeY+SCfk/+srEzFs1vO7at46peSCbzBnBBlVwZPt88hjuLUQtmyJ7+g
JF7SKolXzp3WMyi4NpeyNbg8IoWrjQtwxLNx8lReqPCONgUE24Z4yiqLquQx
g0E/qGwyNhL6OFMpdpLHSd1c46Pr1rcTFt7C3cqvlhkpxkgTSuJCJbMsVLvr
p0uoyBYXki41y6kQVNH0iwtU2ICOFvMRR55A6KycBT0L6Shc6oLCtlEaWGTF
BWAk4ucF4iT76VtW8lDQp2u4aRkUKZmqhTkUzDuANLW7zhZk5I3zL0YsgOh2
5mQnQFTKObm+ZvKRtfn+yGWYBMRaxKWItjdZk7SisFvWy5ZMMhGgeoNiTkXD
YG821ZK5L0eHhtPDbDW1AeFCS3Y84GhtlzSuL4rj6EEbICO07BAQ7tOtRPjv
ySOJHGfWfhnnK0q8HmWhU0gRqToURiN+vLG5sj0nOOxlfMDOb4M46OosQsK8
UU0CzvKh9xKeFt1x+mtZedgnEp2Wqe8p2lGyeUfOwzXO7Rp2t/hKb9/vnh2+
EF8LKTSOFJoksWcphSXtkji9J5b8W06zvCDbjdN0ixCNNWdrGHmOn5pMNCzw
sMiC+7AzSe1at1sejTVHyYQLBXoDJHOVVag1MAWIiZ6WaYXRQglDkyuDIRbI
a7VihAlw8+PGki1yDMmV8cqbesZqrcfjeRiRBrfMLy4bCR41egNTqL9INRdf
94dq0Sy5UBAOFlbiUtUsuUZhO0fZi3poGcxoNtYxqTQUOVl91EZeDHMRf6hh
ZiNcdrRUD2WMewmpxS8ktfiJc8O1rEP0SV9SMpal03BErZ7mWAoiw/UCrdNy
PwixijJBFoX1fTLKU7fZ0W2RHZfhbOaDX4uh9kzc9QbE4zn3tixRXtu8RS/o
eDSzmRUrHgIW56W6KJpV35X3TBABoGA3k4zNGaI8xhEF6DxfAMbhWKAe+CiE
/16XKJhz5DyohL/32QwY95Wu8jF+Sl9KoFnNISdwEd/1ymLJp69iWimZEHXb
vRQnqnoXf7+EJ8KSpNL0J1qSoZgrvIJct/3x4Z58hVWsWvWt/GvEUMP3I5FG
A7oHRjDyggtJ5CqujGNxZeTaI1AF0BBVZHH2HpeHov0wXE3RplmVolTsWnA+
4e8/UUls+eMUt34vv5/8jvY94meBhcEj/u0druXEr0U+f0FrmUzuu899NYpo
eVqVqLWanhx1KUDBlYqSZz2LRyQ5H8CRfQw9ugufZ96ElLe6YmCH3DK5E87L
dOEqx9XTlOqxTcRnPVRwBQhlKnIJY4RIsFLUGLJNUsujEE2325NnpMYomcQn
ESg/IT4yXdCqmPsidyGlkOvKqNNPAUurCWXD2gZVIZe1jSaKrRlCTwDtokxb
rJOSi1QhiVqtpGgydcYXwA1dAI2+MRnUCKUshRM4H0QeX44jhPvUUVaq6K3i
ZtEib0E7lURw0WpuOYtzqXlMjILOWK1JLF0H3HO9uBcOoe34JFom4agtEh2n
+Q7EsA2cDRdRwgoYvQuKlFIx4xjxevhkXc/JDpK2gZM14Ad13UdJ//KT6yk9
5lMBLEICsdvbodQWgkxLeO4hTWT0UWsD15uUWqB1XU6Z1gwR/CF8f6pBHU1/
DcXIICd1E8u563ol+CthCbiVMV/wQcbQR1qVLzCUfuC6K8IY9naGGYN8/QxZ
5TAnMKtSfvDsC9jBaauWMp2txNL20Bs+XsLIHzUrUwLFuHYCOxzYHm38H+wK
tqSdZQMkwFhNCYTsBVyvnJKk/MhukWK8qxyutaaIMByN+FSLbllLuWcojmet
b4om/cjX0UfE++wwNNaioTiDoU2SRKs0acve5+1CjL5hbl8VyFQcMgoHLYiK
Wi5YOA55MVb8DGFSRC0C2OkUDCzLUCRduLFx0TccAH3TJhRpEjM0EvIlgovr
oZkZ0LYM4OFhp3kFWCN9B3p9/51ce2dy7V8e778+0ER7lEqCbkGyTxBLKn0w
RgHNyiUbiuwJZbXZw2gDgHFP37w9Ozk4enF49J3sjfhMTJvYwaUQOaW6iXwP
ao0R46LNvTqYa5kKxWpkyE63CoilSQTM4LmwfnNWBnE5iP/q4zrJkfPFNx0L
YUmsRfi8XqVSLNpn50QLt6ugz+rYMVKJziIlcdCGJybY3QdAipogcgP5Xi99
wnyosLb9cVv+owu9/XEu/7V7ncQwFAxDfrUSAIRtUY3i0uy1ogI7KohylZHT
s/23b18dPt/HrBBGPK1Za9YUTC8k6oDo/iDbS/e25+nj2fnIxUvuffthOv32
8e7OowcUbdKENIaKwgudT2GttSQUuzdoyWitwMLSW9sfd+bJb5Kj5N9g1Ac7
W4l3lvpdRWW6H0dy71MBEcWLszO6/pCvVhriqrW1UdWyYLyXT7IJG7awdp0W
yPJvyLrT2X+lU6lfn4YFheTca/LA0FGVNJL/YhDng0WMJ7k/oZxm9gVJYhWh
sDgJ6ozLuDBvJrwYM8aSVcpwSuSlTPV+1zpPerRIwxN/do4egTwatX06wwWc
NeUZauL0x73i/hOnBWerrFlXhcz1b0kB/zdflGV1r0i+hvF3svthWD8CDteZ
496lGRZuUlY193jY3/4uucT/h6u+337l3mUyJnS5n/yfhDDoV7Cx8BqIr3O8
ujjGmNfZXry+Mpal69+0gfn9PgnEwl5FkLfhvMi6WBZXGYeEKh24jeyYEowG
Q7eSts3CUGqmT0Zu5MQdNWn6TiHqLeRr6aiOd5GHJlM82tOk6li7ErYdss3L
ByzSEsjCZSKCTfXQFhsipsPVJzASXgWH0R3In0rc/UUxPn3qFIzQOvDHasw7
QbekVC/BwuQZYj8L8X/xgUVxKWAG1jVXuBWIuJaq1OaXVOC7JqNrx46os4Cs
y6HyemLqejKDqf7fp5eJk8kyR8417JN4aeVeSpGloMOrkNATKfxxftOuHWqK
Z5bBhcbeqhtjMpMx2R/n2vw+Sdo5iB3ZpEcyQSGyT2katdvdGHXS+4WD4BYi
iF3gWBQw5GE3UiEF45FBPVzxZlMjF1JauF206190boLu1fdhDqlcN8L1MmZ6
zhuMhvl0rMPVDZYhNP4POt0RFjV1LYFHFAZkeCKz3MKCEnHKnLZjG1synWQI
yqmz6N+V86QZjMVBAklRDs1MsnAoJedCKVLP+HxF0rjsXF/2mfd5iZqLDRx4
gGJZztjiKIE5W9FoyVv+YEtiKsq5KnD+FZsI92CgulFLBPLaNg/KaqpPg2Np
9T/WaYUxGCfegSlhk+LYrTsZLequTnRm0fV0Mg7xomwJOaHbikR2BPpActB+
qpU2sNEim5VUW8Gpwol9+qqnKAflrQ95J+KaB3inr9OcPRN0p1bBoiG+6Xbh
KUlzie1axU0vBY3qXrWyGmoTCxB9GxfSk0y9ln1MeIBTHuDPX3ZGZUTFo/yh
KK/hbNMNpRIkAHHNOTnDJVTjNEUsSC/VuEUbjEE11EyvDYjRIKurezpNmLJl
i4WPyHJS4Hu+QAECg+lrEdFNyRd0CKL7k5M+OkxPk1adUNcglZBi66+6tgJK
W8Q+ZEadcEYQ1p/wJmt2ZPmB2ybX3pn6Ur6MhTUKYw5pgM7XqgMJSPzQ7KRO
MbJzwCMl9JYvVH9EjDMl9TQjuiUMpkV0z03nFTVE+RT97ONluqYYX1s5n+4k
u+2IW1L3Xjw1Xph3JrXjE0P2/IZPyHo0zbIZlafR01WhRVz05xxP2SNDwIxf
t1myZ/wYUv3s3cuXB8cHL1RyPD74dzipgxfvY9a3aakB2K3FeqTwMlZVIs/V
oEagG2Iy6BhHMC8Ir8J1EDfieA0MbyK5munvYbtTRuP9kMl3b/Z/3P+T2NbU
HhYiDGC8KVVcry/XzQwbwoQIUBvVG+X43udgmZR5VMrmwaZUqmKntH4eNg4K
sQuucE4gdNyk4jp4JkJsH1bTAfSsbZJGuGMyXTsPu+N7Rp4xWInKS3cdGvrU
u53Ego9jdOvtYKktnXqo5EoogskCKcKN++z1HJZvl5CqwbmJZCTxPMmU/vhg
l65bHT5EvcG9xncTetn3WegPPeZQQ9dnR4TL8+J4//AI7tXJCcilyb3tj988
TrP7mqTKJgfXeU8TjtEHYFzC7ffQ4v+KzdziGmBrf2hK05zNMGzxTH0h2pFm
aMKX3sTPRaqVZqgkQbgkwZU9+5NtMcGPjssJ87RRWho2nxfrzMgNstYnmmtI
GNXFSUMw8S0COb41a0m2Wg2aW5JRooPGxhhEcd3AaiM7Zh9XlJbL+q+v5qp0
AeM4tAaz8CpfE0BD9DRsT/TPQdBxtzEkNtdSJx/WPG7KcdZtSCmRyGjHMYaK
VkvTof6cUhRFgxAB3bHl7XUxsnUw5K6JANwa97T1UyJdhdBoQ7zZmTu5AVkK
I+SN5+nUiB0jlUvQsiFt69iRYAmfpxzc2mzm6VS79fA7rub/x4xqnLzGYojo
qzr4SJ6calOks48rkkgQHAeToj/wWEsdK/Nj2QIQDzWB5vHe3iPKzGTjOw0W
up21elF75Q2t8mS67Zc9Q6XAWKj0DCxOWKCoTzbH4A50xept5p6+dWdn9KkG
DFtqyWlhkTnOJMqE8cljcluhfpR6fVjLIj3POMQX6UT2UVLDfIOBMLbKD60t
pSHqrVWSo3UigenwnFK3aevgP9++OT49OB7bBW/5PD5ZltrGRMUCaElIoOhd
Lu4BpviGNdPx862E26/YgFdOOBb+sOljYhLRG9Yt/GiP/MLRc5vHf6KN//yw
r2j/ylYe/7LP7z2eTL70S93PL55aBwhub8MIx4oTYz2zvu5snbH4YIghxpi1
//ZQ7LorJP1NhA42Qbn0gYtaC440FuyoSziHo+5MdntKX91tt+eY9ZzV7i9Z
VfqIhrmfFrM6XmKw0nMur+LcS1ts5QJpnBTjSpflmqutqzoTt7BF0xlVcREx
mwVcY2BSLWCo/ZVaK+KIQa8XuaA5GPN72qjwbHo0lEYs64qZV3nqQqQkrkUM
DlhnZixbH3MwpM5E8Tl6rc1CWMxwA+vo5E5hTK+tZhP55LWHk+N0uqjqjVoB
/RmEbLg2+NGAjDFYKgCoUZl+CwZwu65NlbN9aKt1vQMmXWULfzawCoMpgwel
KxV3fjnQ50fC8DafBquA3AvNtzOWaHKzOJ7Z8er6D693bZ2Mt4CGG84g5Jym
06qs2VzjFfEiOpdN25RoBOkBsVEG8Js3v1E8FZ80gwLncAHlTtW2ab6hvfAm
bUH+pmwwi6a7ZXux7W4HEot9T+ACzqfH+QB66b5tr/fr2q5Ilt6mQx34a/Yw
LbA3cRh7MzRS3bFdEWzPpzFT2oiEPx+ZkB2cXoRESzSTT19Fp+iLP22IJ2GK
odp/r7yD1gDuPFbYnrehvG47H6Sn67I/AZKAuM68a1Eg6XJFXsN2B242sDFt
YYkKSx7kV6Hpcu0stbVXBm3pV7LiORYlnCv0/bK0wL92fB7HidZ8CBFHMl1+
SVdp9dTSQNuGeptIISGJuLW3gCJs0g9qyBb7d0hRZEtQTVXYT0TLtTXFD48O
Tw/3X5293v9PMXydnL07OlSDoHZGM8FSW9tbky8Y7Nnhi7/CaOi8uG0UzI5q
dyZLP2TBkxuqQ1BhrIZ1iXn/qXA4C0nKTH9bXVi0SgvHXcfkD3N6kfW1z1yp
q5x7lV2k1WyBxb3k3AJNHyA/PplO1DTedXsLaPvSbcSF5Qf7tCy5/BfcUIRS
naMGlhYZFqLrdS+bSmVxArIfCMHtLQTMIm+9/HgRNmzGSZgTqSGXmbnEsc8q
FBr5fpcqXh+cnBp7Lpf4dHcSlqjXel2OUNbcCObI4kMFnqjGivVMYcnqeYwP
UsOtbyn6kCS22qvRJJqxRI7J63F3HO/DEY9Sky8zNvlfY4SVFsKRupMyjC+F
7aqM3Ctal+2VipU41JFHzROLHCeKmi3W0QJkaBcgrorgJSAJlgqVbCxPX6qE
5UzTUcRhDRMJyMBUfqWKqSfwbPGcATcqpe42bt15Y4OpIeCz10Il615UMs70
XgU8jjwDPS90gfLZsmpv9PGpcDrBKehLL6e+ZoMU4MsLlxA5vE5vsOQ0+Z+j
SrwPvrXz9Y2ohfiS2Zpi4fAwYFSvUEjR6YePH5I1512xyD/4HEKuU6kNrknn
C1ZI775ObDxob7BnjysvJC+aVLCo+TVXQ9HSJCG/LLhoQ0M1zhqjTLI8C2H6
WG5NhetW1QUhmkoj7phmFhptsih7Ke0x/XCc14j5BUs8OKNViFcOqFddIkm5
EWOsaNeptEhGIzFVG3OxANbpVqspeLjXiOYENkCuFqLXTun15kuYkG6INGUz
fRAa/KMqZ2qo6ScRPmJZ7MVGePC203ufPsVP0O8UfJUoeTKKsJHVdXWjjXVK
AKKvFK9JdjczSbiErWv87cRUCmIRW/ugy3oxKR0jO7mkjzZYRqRwanhUzKNE
mDvm+lszgfcwoQwQx5G0AjjUDWDqb7ZrVYmrgwL+oonl0/4ERt7B05bk0mLF
LnKik5Mjr32ctDQBjlD013U8gW9bT8TJqOr9QQBZARue+sq5sS5tB0605Eqr
78wwFqirZJMpwc6AET7ZtT89AgAWpznPnOrnpm6/P595aE4mXbmsIbbHcuHY
NoehHJEeyEXqA5qKWZxzrOEFJES2CTTDmxroSD0rSpNeDN0NDRXh+G3CKy5z
mvlCVdTS1LT9dqa2m8+fMHo+pvnDQ5rJhoTWPnJSMm+As/jzmyc+gly0Asxh
re39V+9Lu36PzxgBTeXVm+d/PHjRIjqtp0h4rJJu8sbEeGbkQOSw60Jpt+/C
oRm16ywY07tIypgeXW5GbZ8LxljsixP6WFISkG1ugo8yqUteZEtNIoPdRZV5
J9WAbYngu8qKEIfHPGBA+kOzRkzXSY3rEnX8eTNFD8YS128suY2+nwaATXGk
2pfi8m021ejiUUbKAEZxQhwxCrKm1OEysZeSyK5dUPuTyrVIWH86sa+SLygQ
+nXwjKGGid9NXSrh9z+Z+l4aQZ35sBiStDnFLVf/IV2rmsvpU62CvCCLQmGI
Fzk3tS1Dbx2dCXf2iTCG1A4JQPWhLSRfGIQw3XCFg1F9HRaENdOn4zZoRcqQ
xmd3xrIWWUNyqk0iMdyyvqcdYvkwJpaKNBdr4NdFk+n6qARcuDv+3pBUh6XI
ekWnWO/D1gFEHpy1djMlQB25HV8cnOkArwFCZR9toFISrjNIpXwJIaVPehFR
6dZ0rnB4LoR4PMuohO2mlsV0rzlXPGI81HwrbcHOGz5XWI/AVCFQsaAy/W9U
kODBgTm0baKTtsimEcFWrmR8xPqXnvL3grw24b118gj4LKfXUz3AoCxo6gpp
DQ/wULQ4B0VranVM2MRlfp6z96yV2shN3awRoW/FnKO3ccmcdKjoSHork/HI
AOyb6LnDvtYLAvmOlwDdQXLIfgSAEG57d6xp/rj/qJU5mtDRnWdasKG23dIB
cOy7WCzx1JI7mSPDHAS8TRMQigOUMK6O4dFf3YLYIN/Su6y11cFYfBTa7cK3
qHY9svcy/RiJayPjB8BiPPD61KReuiGNiq9HR6u6c7fsW7cm3bPbMX9sOWUc
d1jsr/ZUp3+pJLsRcTClbHsjhCTiFjGUrGRRIyQvfoEi0V+zJcjiqY1pt7qV
Z7GmWuOws8hX8w8hmMZ4lZDBE9UJGldgq4LIJMa63tT5L0A6ssJ/Cdad/2+Q
rnWS7m+KdPHWhrEuWEz+KljnTdt3xrp+lZ6RztkSGP8sSKd2myDob0Y2oqZ3
RLLExg8Grn5HxIr1CPY/x7rEJpTaTO2/hIC1UCntW58TshL5zDcjDQ+GBkIj
9fzTIUosOWhB4g0RGCT/1Zh0khrfBx6KFTJGUmp2IVVHKA1E3mUbuy++EUVl
+loRG/qGh8j1TvcjM80o8U1EEIKMwVuR11VfBfxAkc4c+6hFUEZtsX0Uy5fe
ssDB37EPCe20Pscp7SgAnBE4YL9QdhjyISxy8qc9hO8pqI8UmVpKqWCOQnTe
SEX6CZesO1+U0w8SaOy9rKRaoGc0qUDRxi66+SqqGCceIEt8VeweJMap2shZ
XZL6zJV0vVVaei/u5mPiQbXmPeoIZCZzURfVvoCJFn7j6g7j5NeW0SNOjf0c
FKLYb9gKCs2xuPxqfH4zxrxSyovplud2JjiafRqjdiYul9gU8EQz+tIc8HH2
EWs/YpwXhhVQjkCPfN/Kdh2KgdaM2jpzOodRBKKBQxdvevpg6GlJsaxxycY+
j6kWpwBKV5WrCu3gFHkYgQR1K3ERUSVZNoiVlQZL+PqeSuiwE++McvHbpyYa
ez53IaldkkywJvOSJm2wV5NkRAdfl4ci5TauKDdnmnWTlJmI47YXxDZ7z1As
qU4Rvb+m5kjaGYXCIqZghXGfUk91V84beIPsttgZU1CEbztaZwUpvJO5ZFeR
jbkSXx9W2cHPpAaOtbXu9+029M9OC/V0DR1YFLDVA3e13hH+KhRtJz5CWds8
VSxl1JwiHHuaXOYX1NqmczF6dq7lg1rZhJHpsnc1QmJa9M4nxHzVkpFBL/4p
/unnJ8lXPl3Iy0Kd1n4JlpTOOoSV00SqEpvhzdg8hJYz5yMM1Pi5Xq4XbK/p
2oTJGsFx7lwBiagZ+yLY2evUXznk2JM4DS7RNMcyGt9uP9t7sfvSyDD9Fe1E
TPjCgfe2baH9gdqdRqoaYdwxEfHX6cd8uV567ya1fzLgYQkTm1pktdg4fdyh
U9muA0Pb0kE96tjQVAoO60ve3Aj0bEWOI+07SAlDA0xTTKKogtScCBJtwYnZ
Ja39iaqBnxw/krLVi59xwlY4tskkQDpO28K/2jCknzupXKBsnnkjsk/k6ltG
SOMaAoFtV2Lq9mMEwROqN9NaEhWWeYJ9QjU28y63oN9NwNSK6seIwYxByzIx
R5bNMwrRKaMOiRM2PDNGMbXjYTilNHnw23q9+r+Ptn/7Nf6vNsQVt66vm06t
ormuVXCtLbB5csWjEe2SsR7wWOOdCVY4y1ccMkYXvHWj2khEQ/FSeXCliV4b
uXtrIx4MzvLlqzc/nj1/c3R6/OaVLQquVSB6BWXyLVP4mXFBFIYeiQ45XVec
2mPcbGrdVoVM0snygku4jULhzFa7jRYNcdZKgvDbbZNEXqaucHeUfMOUbGeH
SnRwEAcPsvNwSMET330dO1t8IJfSD8y9kM4A3Ci37cUbrCdvioIaE32wH7Nz
h/QDQUqKKFcuOutcdSnb+WXocAdMEO+0F+1ZLOz4qE3nGS1uo/X6qKDAIAFJ
KxuN3b/cX/ugdcUpsezHs9FMUiqmv4h//yJcLCsJQWfo9YLZchKV2jzo3d2a
jN0B9BvidTTyfqOiPoo0dRfFzQ1q6ocbtJ5+q2PXwhA6APhasxdAmCs21M3E
/BI0izjgWkVxMSaBGsUC8iT4TII/g9UjFaExgfe8a9hSDb3lD6HKfHf1fNzF
ShpkzrbJIJI72xEPInu2fhb5Uw0CVqlPN1glknvIGn/npYRd1OL9X3v3OQaY
CgNQGEAolit0CGlkbh2WFM9pgincUu5ERIq79H1/0yqlFqcz68xr337G+1Ir
NOqpqNdb51ismkQQeow+7QmDoLp364QDZeU1bGTj/jw1IeCGIAbmQawMSC/e
TJieS008AIejUn2L0OzRwltCD6RcEFnBTZ6oL5vl8afd8NtY5wf2UPsSNhvg
6un+WvhhXqzWnMO61qp2ljSApH6B/akuJeWeA6bO1xfUSkjpRhCOBy9Sv4C8
t2sE5L1fKiAL0z9T81sQkoeWEwnKw6D6pcLyQKXp2HSeJXoxuzK06Ecs/7Vi
14MAKi2LesTjAclYxvtS8XhAMubRvkw8HpCMeagvFY/7mbKoBj2cefDy35U7
t7vc/G+480bM+yUc2rU5dMdY1sOhjc2FbM4dgwu5j4y1Bf/+ZaYWGj/mdrsv
7mMHwz7LS6C1ogvqZbk9S7CnNHuoy5ECQy2lHMdQBJwPArt7BJzbEAGX3CEC
zm2MgLtzGJmzsO4PI0u+KIzM3RZGlrTCyLpxRg+7zgRjSYmxbsCM8mKYM3Dr
k0G7CR9nZDSJZuxYTKyn8gs4AC7jl5L/YYxmUmbVLfEkmQaoqHAz7aUy7Rrl
DeMKtvIi6pCJwE0C4q68Jp25VQWN67rrDfLGhaDlxkfB9N0ovlglX7WuamLU
dw9ku792c2CVpWw/hJHsw51S7Cm+YkpfcDbMyEeW2bD+YDHoqJ3Oq50dIKGv
mnKpfIM0EWI7zGpjf/P/lfJOaHknzb0vGPEXqu1JR213X6K2R0EJLXEAccU2
DN+szRvM+rur8tEufoEef0eP+x30+PhE/z5KfG8mZsux66sZ9AW1BKvnZl0/
bWn7G5V9hEQQXqIQgEiAiUKARYixv92ms/dHF8cK+05bRXdR0PBm9bwPTce9
pR3uohj2RuZGWmHvG39jlbD/eAb0wZ1fxOkR0j3aX+/MEccfgMffkuv31DJB
DY+7TRK/p40Q4Kdkmp/dEu7+DzEuDkPv76O79FZZ6SNMX3nh4DT0IgXy0Neh
tFPVw6frm6gtLN2tVf+kVoWkC4oxJ6DMFFUEjonPKTGYsqe7cg4+ZReF1pWE
P7MUU+PQy3BerVcN1t8t/VRYS+Mpmgp/w5Tq+as3Jwd9RQX1fcl0N02BqcQ8
zFIVUSifbtn3EQ6b7Wti64sPUEINrYvFhnOEH2zO1sLXksH0FloLQOzs5nr2
+7c71XntYuMGf8mDSbvki61PfapwOvvuzdGBYfyhmilIuM4HHUbVJanQDBlg
5Yk6yZPOwOgRdxqDIvfd5MfDBfD1Olq1Wcxb1MdKQ0edyVmn6vApEu91raxU
fFEGz+0k4u6jZNk44fy0NIUs07a8xAmSMAcvS4KTRu1FI4P3Sb0UbqOv+jjT
gYo5wsFyXzbKe3q6NgW1C3dw/t72xweP93bvTyg2i/VVr7DLcL5raFoLYcdC
MMKn4uGGS7FG73XZlanelhwQwJ7jOd7bfTDw+LUA6d5k8njn2wd9/I1oQ08x
1/4lRxwufuVSGwDGXA2h0L9u6o67r/2aDF7aRKMmrmBApKzF7iZ9E8jOZY53
py/Hj33HvgjX8JJxRMidJnVJlOiY+WGw/A3Xlr7UboYzE9vD8GONEvN+E20m
19Z6d7Yf7Im6nVCpHuoWwPFq62LKnA2LUZhKfrVW8tPF0KAsDVLuNu9/epli
RByGlGK0KFZcRZGDa21uwB5eWW2WhpRKhEXq980TIA4aUly1qHjUSYUO+vvd
s9eAPfvfhf5rcXb9AMJL0wbV65Y5PcIP2i850XdB/xS2iCSUEDfpLTbwbZu4
S0xSrH73tAmi9qzYYE/ac4dIb7sobnuGjKjIWMCe501IhkEVk86m1vzygZ5z
n1uBGRKpzhV2B3k218qJA/lQHXl5eKS2TRUeTkILHcuWgQ5zI0HpY9Cp8B6u
sWvzLOtbUyeB1iJXZq6l+VtCzISE1ErdAVKYTKUZakJXdRHNVC1BLYeqT1em
p2APpff3NMZjLQb9ZTtWQ8aNabaoQSts/YkjPXuEtzRedM/humjJrUr9ptHL
0IV7LsKg5+w0S2sZvpPDMG4p/wPZZpkWTY4G+psENUmgEJIXa+cQtN80JHlC
L7ljp+3bM0+2pU5FgsW1buQhE3IO/a1LbLE5zQqQ1ss6rhjFlZg0DDZo5PEi
yD7pxRNGsshWzdbDIrpPwUjUqr5osj18dWOTFYymONbfqVoAkQ/u9BjKP6GQ
7mUsThdYlQ0nkgeLlUWiQOr6+mN0ODgOv0ZP81WEcm1myMDmqGxWZtkQRfZg
rHdW2S4W3FAs2q2YQijXghtloKzeLmXSCbAyImbSSrfo2/NTNhBhyGzdFVa4
a2uDmmeUxxDkOvJntAd1IcuB/D3nWd2Ms/kceUJ4hNb20IOrLUigyNCkCD/S
IJ9HxQtJnH25bjBw+gfpQuOc/DDYloZt3pQfzFSAe8vKTtoNGZxGOoSKdENN
E7BfhPAp6tIkTett4x0/GmwCDnMeN/gZsbuZy69zsSmMMqHWKb4WmO7Lxeju
fVs83ZimY8VbC5wx25MyTHOGEgXTrQCc54sNINMy8pR/KgMAhhEQFaVCG0na
Y19G28HR/rNXBy98Jp4oi51kbLgSpiEQvL6gelOXUWOYCK5YBU9VqfMFt0Wj
Jt5kFIibhZOu6JtHYNi9V7sV6niWzjY6MniSc/UvKgxAffHarUCQTRB20ekJ
nEOsIlDEWo2GgoY+r6U3hduRmnWL6/I+kdjeZFzbCFqdgkMuTknMgx1XUTSB
36N4PpoSqT0xqB4zv+DRSArHWx8tNeFjKIwiRDEtG9rWBVttoqdc7IsK+L7e
/+TTV6YD9HiGz8ayHtDD/vzTn38CcTXBnJmyepKsFuTiAA2kvJJ2RrXIt0I1
V+tzr5///DPb/8wmYLlYDM17pNXKwF4vrVI7G74t7q63BTPVMFGTtqQgNi0G
ZnkNr00b08+1bbmXEWGkZ1rGSSpg+UgpDiX2bQld34K80SfM1HLEl2IhDC26
adVOVk114triuLZ38IQu2mit8nrvioKfg3NZ/bQBE2t+pHDjih/OtlOQ5Fom
zDkzZtgkJd3UAeJR2/G4XBG36VtQ3UJTdiTqdWoah3k7H8Fc8K2HBzHdtSWI
WqTQUzM9RougUXdULQUE50bg1KpKAVE9xMzSfC6xp4WMNqAnyuua0ik1IDWP
baBonzfUvVTPFFcXHAkhCDiIqr6MuWHA0PtOO4n5BYY+e0FEMqZXtElzXeSW
aLGpEQm8Uc8pjY9SgQVSMoztB48hHNr866c3Pxwc/3B48OPPCPSh7DiSKUMd
kpTHlaag12X1gcogSKcW7S3nHXmInnlB7Q3q0GfGilQY8h/EYOy8Vq1rxtbB
/frolewjDoTZA6tmTBo4N7whKYdrdvtq85qsLoIlibdm7kAnQSqer6WGI8bD
1Nye1XPlLAzIRfRkEaiPK8ngKAKpVW+Cbfyy8J9vuN2OXACkFedVeV2jTZaL
Z48M4A3ye2qXnucLPGFUPTJUU6eElsAKAXTj85ScdlHnK/anczQrzU5OFe52
K4CXBwD/f4e/E4o6IMOrVvS+oJznqHtDjDwlVW2Xt5Eve5LGQ5sKk1JBPNKu
XnRe53RLP4yjlcI+0EgHKLoEDTjyU7RbHmv3ci4QRFQ31FROa2f1MNDb4Mbi
65iaWnN+pidLlOQZrfYNiBsBiRhjHCW8aS3dJDQAlOdPpEaxua39EjyVgud+
wlM0tPAg6v/q1Cv1HXE8YG07q/TiouKqv7BN9nmQubOsTWF37mRBTCKu2k66
dgMrRlbp+q31Yp8S4Lfzln3B4HyO1gOtg98fGOPr4CNwvqT6ve9MN0n6fQq+
rHJYaJrM07wq8O7U08tsKaaLqOloVJKC5QNcX00Xp2d5F1hWMA1FaoGL0H7g
vAUkXNZc4K5USRIuuahl6TVkYtjESznGHw1g1sNE1sRIUyUDgy1fzkhoThqo
mgwFz0uqstt7FtQntwR85X41m2m5p9+j9smKXNepaR0inMt1w7TFT6xNDyUF
KzYuewYX9w9QdzXwCXYR7WqJ+XZUhTM0jPe2Sqsmn64XacXSBlBVuNXjcj7W
GsituaIAnp1tDmj0k5LJZpFdpdwHJ8LGjw2JO7JSslYFK2MyB0IVcI/o1yK7
gKfYeotFRYwe4egMbPaDxox1Bev1J3NDtUlJll8jVqIzoMrZbUz4gL+0uawP
t62lp2RokLksZ74+L7c3EgOucdaJo9f04QvOUTQxhIwSirBF3u8hDisrSopu
QUMhK9sjp0VkfWTXZTrzFXGx8xLnqGN+ck01q1n6jJvOKjMCmfCmLPQ5Ncfs
9APhOrDasLNPL1C/hVuWBepshqWjFq4nR4vDiqsNCOBzrg5Y5fUHNi+18Mox
Y0AsbPEuuS+wA6p07gWIuO6DTOqLGbj4ZrUSFFtHM5JYi0bjJ5jZ5bSzVgVt
NKUzG0W0uCLpQyOi1/UKDgDrnKdxuV+xOWqi0Pe7Zwf/+RwteT8cnL16s/+C
xN7D/aP9jshLaDIrp+sl9y69AJUS2TEWPI/bR3ftTKOW4FcnfWX2RqYfkWgk
tEh4N08L9diM8bfW28akrS/TT2P8Cd91YuQm6ckWZPfv42p805l3sqFT2tAx
7bXSkJR4c6z0B08tAAfNPjU6KkI1ja3vb9BIijU1CFXQaPdWpdx7uKr7OqmL
Jr3ZElDDoLbLMXAMT+seTb7BA/0Jh/lZopC2tIgjIuX4cndLOud5DbY25Y1m
jCVe7EY1wiL1E+copJdcwK2BnXtB4UrUt4BeGNIVnDvOSGqc8kARQhHYW7UY
k7cpajbotmkdQQt17noGMrx8NghZR5Dc/fkJWkdZ8T+CddCiewwMFjjbHx9M
v5nOt7e3ES5UxIt/v2XzbBPUqj2LrHoC7xwenL6ER+gZmDZP2pD9ERQ+XNp3
oGetkt/aY/kDlvGclNXF/71lBwOpma0dnT/a+5fdDRXObG/n4b/cdrigZ2sb
O/8s28CiUxQBQCE49q5+2c0Mg9zlbuLI73161vvQchpdtdWVMZxKaCPZINDW
gCI70DkY1Gsv0baVq6BgSNLvkxj2ewD5sFYmerqOLz+E7in88mMQq37nHIBm
dljoF1LNMPJdDydu3slTb3FcmGicAxVNuaSSBMwNc6Ltjw+BMJmFdSEnhQ02
nwmHBtETNH3/zQ+pG8vSd1RGgOk7KakU1n9YYej+s8JmxeGsPPUBJH727uXL
g+ODF1qTWXsGxXDf/fbbvfPZ471bmL+xbXda9ixQiMYL2bFUTzYe1+RvezwW
FjYAJd7/zjfbs2/OHz3+gv1TpC11DmaTTstK31sZOAnhvey5Rw0AzZidBPtu
iU8bEwQD3RoV5E6kSH7q99KGu4VNT0JvBKHtvYezvb3H39wCIe/Xa0EnbtMq
8j3G0WLg4RpVYTJL/3Pgyf6rt0e9MHi888357mz2S2FgzDleNPf+SyzOTwE1
/zRgwDZjh8cHrw+OTk/Ojt6cnr0+OG3JLDsPptuzvZ5r0+1Cq6Eq5rp4fd5n
1SCDj6MJKwwrNR2luDi97xOkpi9qS0+WB4z4z9kp5Yf1CkiJVyfYFFeqj/gi
Eu0F/EMP4zA0BBq14ocrmhXIrbIOEpNYhc9mLR6w//btq8Pn+xSr04PWDx9k
e+ne9jx9PDtHIkS/PEyn3z7e3Xn0gDM50bQ9Ct4RtHBpYzuJbPXuYbISUi45
0NV58pvkKPk3wpXJLfemPxS//oceAXB3je9GgaT+Ms4dfzvMujvx9kYajoKz
3msA4MQfId3Dx3ugjdvJnvDJx+GQIFphVz58hmbGtCBpyQD376hioL2ZVnKE
/Tk/PaHwX/jud1sUosRN4BUGL473D49ugcE3j9OsFwbRxxEM0AFYs6R6T0y7
1iTGPgN4KeNYPbaXi03YA/D+vwQEjQrt4fckgl9f6cReeNraVv+yGNUqAbIR
JnG1nF6YtIb714WL2iY2I8mLQcRgu8a/6u5tZuVmlNjpJzXm+389KCCz8zbs
IyOXEiv7no3sL7nrqei0ZGRv88SOTZ7Zow99MyF7xkiNXgGftWekYt9Eoc6G
uCytiWxugcU6a8mI0m53HnOaIn5qOe14X5vtjhUK9Xuffhzm4LPue3vgyE+a
aj1FQXfmceUVrLGFC0O7x7NfUoDRHbHYr2fD4vWVu6/4sMmWf/UVu/F4nJxj
VMf/B8yOk+bECQEA

-->

</rfc>
