<?xmlversion="1.0" encoding="UTF-8"?> <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>version='1.0' encoding='UTF-8'?> <!--generated by https://github.com/cabo/kramdown-rfc2629 version[rfced] Please ensure that the guidelines listed in Section 2.1 of RFC 5743 have been adhered to in this document. --> <!DOCTYPE rfcSYSTEM "rfc2629.dtd"[ <!ENTITY nbsp " "> <!ENTITY zwsp "​"> <!ENTITY nbhy "‑"> <!ENTITY wj "⁠"> ]><?rfc rfcedstyle="yes"?> <?rfc toc="yes"?> <?rfc tocindent="yes"?> <?rfc sortrefs="yes"?> <?rfc symrefs="yes"?> <?rfc strict="yes"?> <?rfc comments="yes"?> <?rfc inline="yes"?> <?rfc text-list-symbols="-o*+"?><rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-irtf-hrpc-guidelines-21" number="9620" category="info"updates="8280">updates="8280" obsoletes="" submissionType="IRTF" xml:lang="en" consensus="true" tocInclude="true" sortRefs="true" symRefs="true" version="3"> <front> <title abbrev="Guidelines for HRPC">Guidelines for Human Rights Protocol and Architecture Considerations</title> <seriesInfo name="RFC" value="9620"/> <author initials="G." surname="Grover" fullname="Gurshabad Grover"><organization></organization><organization/> <address> <email>gurshabad@cis-india.org</email> </address> </author> <author initials="N." surname="ten Oever" fullname="Niels ten Oever"> <organization>University of Amsterdam</organization> <address> <email>mail@nielstenoever.net</email> </address> </author> <date year="2024"month="February" day="12"/>month="August"/> <area>IRTF</area> <workgroup>Human Rights ProtocolConsiderations Research Group</workgroup> <keyword>Internet-Draft</keyword>Considerations</workgroup> <!-- [rfced] Please insert any keywords (beyond those that appear in the title) for use on https://www.rfc-editor.org/search. --> <keyword>example</keyword> <abstract> <t>This document sets guidelines for human rights considerations for developers working on network protocols and architectures, similar to the work done on the guidelines for privacy considerations<xref target="RFC6973"/>.(RFC 6973). This is an updated version of the guidelines for human rights considerations in<xref target="RFC8280"/>.</t>RFC 8280.</t> <t>This document is not an Internet Standards Track specification; it is published for informational purposes.</t> <t>This informational document has consensus for publication from the Internet Research Task Force (IRTF) Human Right Protocol ConsiderationsResearch(HRPC) Research Group. It has been reviewed, tried, and tested by bothbythe research group as well asbyresearchers and practitioners from outside the research group. <!--[rfced] Abstract and Section 1 - To avoid the repetition of "developing" and "development" in the same sentence, may we update "in development" to "ongoing"? Original: The research group acknowledges that the understanding of the impact of Internet protocols and architecture on society is a developing practice and is a body of research that is still in development. Perhaps: The research group acknowledges that the understanding of the impact of Internet protocols and architecture on society is a developing practice and is a body of research that is still ongoing. --> The research group acknowledges that the understanding of the impact of Internet protocols and architecture on society is a developing practice and is a body of research that is still in development.</t> </abstract> </front> <middle> <section anchor="introduction"title="Introduction">numbered="true" toc="default"> <name>Introduction</name> <t>This document outlines a set of human rights protocol considerations for protocol developers. It provides questions that engineers should ask themselves when developing or improving protocols if they want to understand how their decisions can potentially influence the exercise of human rights on the Internet. <!--[rfced] Section 1 - We are having some difficulty parsing the second instance of "protocol" in the sentence below. May it be removed? Original: It should be noted that the impact of a protocol cannot solely be deduced from its design, but its usage and implementation should also be studied to form a full protocol human rights impact assessment. Perhaps: It should be noted that the impact of a protocol cannot solely be deduced from its design, but its usage and implementation should also be studied to form a full human rights impact assessment. --> It should be noted that the impact of a protocol cannot solely be deduced from its design, but its usage and implementation should also be studied to form a full protocol human rights impact assessment.</t> <t>The questions are based on the research performed by the Human Rights Protocol Considerations (HRPC)research groupResearch Group, which has been documented before these considerations. The research establishes that human rights relate to standards andprotocols,protocols and offers a common vocabulary of technical concepts that influence human rights and how these technical concepts can be combined to ensure that the Internet remains an enabling environment for human rights. With this, the contours of a model for developing human rights protocol considerations has taken shape.</t> <t>This document is an iteration of the guidelines that can be found in <xreftarget="RFC8280"/>.target="RFC8280" format="default"/>. The methods for conducting human rights reviews(Section 3.2),(<xref target="analyzing-drafts-based-on-their-perceived-or-speculated-impact" format="default"/>) and the guidelines for human rights considerations(Section 3.3)(<xref target="expert-interviews" format="default"/>) in this document are being tested for relevance, accuracy, andvalidity.validity <xreftarget="HR-RT"/>target="HR-RT" format="default"/>. The understanding of what human rights are is based on theUniversal"Universal Declaration of HumanRightsRights" <xreftarget="UDHR"/>target="UDHR" format="default"/> and subsequent treaties that jointly form the body of international human rights law <xreftarget="UNHR"/>.</t>target="UNHR" format="default"/>.</t> <t>This document does not provide a detailed taxonomy of the nature of (potential) human rights violations, whether direct orindirect,indirect / long-term or short-term, that certain protocol choices might present. Inpartpart, it is because this is highlycontext-dependent,context-dependent andin part,also because this document aims to provide a practical set of guidelines. However, further research in this field would definitely benefit developers and implementers.</t> <t>This document is not an Internet Standards Track specification; it is published for informational purposes.</t> <t>This informational document has consensus for publication from the Internet Research Task Force (IRTF) Human Right Protocol Considerations Research Group. It has been reviewed, tried, and tested by bothbythe research group as well asbyresearchers and practitioners from outside the research group. The HRPCresearch groupResearch Group acknowledges that the understanding of the impact of Internet protocols and architecture on society is a developing practice and is a body of research that is still in development.</t> </section> <section anchor="human-rights-threats"title="Human rights threats">numbered="true" toc="default"> <name>Human Rights Threats</name> <t>Threats to the exercise of human rights on the Internet come in many forms. Protocols and standards may harm or enable the right to freedom ofexpression,expression; right to freedom ofinformation,information; right tonon-discrimination,non-discrimination; right to equalprotection,protection; right to participate in cultural life,artsarts, andscience,science; right to freedom of assembly andassociation,association; right toprivacy,privacy; andtheright to security. Anend-userend user who is denied access to certain services or content may be unable to disclose vital information about the malpractices of a government or other authority. A person whose communications are monitored may be prevented or dissuaded from exercising their right to freedom of association or participate in political processes <xreftarget="Penney"/>.target="Penney" format="default"/>. In a worst-case scenario, protocols that leak information can lead to physical danger. A realistic example to consider is when individuals perceived as threats to the state are subjected to torture, extra-judicialkillingkilling, or detention on the basis of information gathered by state agencies through the monitoring of network traffic.</t> <t>This document presents several examples of how threats to human rights materialize on the Internet. This threat modeling is inspired by "<xref target="RFC6973" format="title"/>" <xreftarget="RFC6973"/> Privacy Considerations for Internet Protocols,target="RFC6973" format="default"/>, which is based on security threat analysis. This method is a work in progress and by no means a perfect solution for assessing human rights risks in Internet protocols and systems. Certain specific human rights threats are indirectly considered in Internet protocols as part of the security considerations <xreftarget="BCP72"/>, buttarget="BCP72" format="default"/>; however, privacy considerations <xreftarget="RFC6973"/>target="RFC6973" format="default"/> or reviews, let alone human rights impact assessments of protocols, are neither standardized nor implemented.</t><t>Many threats, enablers, and risks are linked<!-- [rfced] Section 2 - FYI, we have updated the following quote todifferent rights. This is not surprisingmatch the text found in [Orwat]. Additionally, the quoted text has been encapsulated within the <blockquote> element. Please let us know ifone takes into account that human rights are interrelated, interdependent, and indivisible.there is any objection. Original: Here, however,we’rewe're not discussing all human rights because not all human rights are relevant to information and communication technologies (ICTs) in general and protocols and standards in particular<xref target="Bless"/>: “The[Bless]: "The main source of the values of human rights is the International Bill of Human Rights that is composed of the Universal Declaration of Human Rights<xref target="UDHR"/>[UDHR] along with the International Covenant on Civil and Political Rights<xref target="ICCPR"/>[ICCPR] and the International Covenant on Economic, Social and Cultural Rights<xref target="ICESCR"/>.[ICESCR]. In the light of several cases of Internet censorship, the UN Human Rights Council Resolution 20/8 was adopted in 2012, affirming that“the"the same rights that people have offline must also be protectedonline.” <xref target="UNHRC2016"/>online." [UNHRC2016] In 2015, the Charter of Human Rights and Principles for the Internet<xref target="IRP"/>[IRP] was developed and released. According to these documents, some examples of human rights relevant for ICT systems are human dignity (Art. 1 UDHR), non-discrimination (Art. 2), rights to life, liberty and security (Art. 3), freedom of opinion and expression (Art. 19), freedom of assembly and association (Art. 20), rights to equal protection, legal remedy, fair trial, due process, presumed innocent (Art.7–11),7-11), appropriate social and international order (Art. 28), participation in public affairs (Art. 21), participation in cultural life, protection of the moral and material interests resulting from any scientific, literary or artistic production of which [they are] the author (Art. 27), and privacy (Art.12).” A12)." Current: However, here we're not discussing all human rights because not all human rights are relevant to Information and Communication Technologies (ICTs) in general and to protocols and standards in particular [Orwat]: | The main source of the values of human rights is the | _International Bill of Human Rights_ that is composed of the | _Universal Declaration of Human Rights_ (UDHR) [UDHR] along with | the _International Covenant on Civil and Political Rights_ (ICCPR) | [ICCPR] and the _International Covenant on Economic, Social and | Cultural Rights_ (ICESCR) [ICESCR]. In the light of several cases | of Internet censorship, the UN Human Rights Council Resolution | 20/8 was adopted in 2012, affirming that "...the same rights that | people have offline must also be protected online..." [UNHRC2016]. | In 2015, the _Charter of Human Rights and Principles for the | Internet_ [IRP] was developed and released [Jorgensen]. According | to these documents, some examples of human rights relevant for ICT | systems are _human dignity_ (Art. 1 UDHR), _non-discrimination_ | (Art. 2), _rights to life, liberty and security_ (Art. 3), | _freedom of opinion and expression_ (Art. 19), _freedom of | assembly and association_ (Art. 20), _rights to equal protection, | legal remedy, fair trial, due process, presumed innocent_ (Art. | 7-11), _appropriate social and international order_ (Art. 28), | _participation in public affairs_ (Art. 21), _participation in | cultural life, protection of intellectual property_ (Art. 27), and | _privacy_ (Art. 12). --> <t>Many threats, enablers, and risks are linked to different rights. This is not surprising if one takes into account that human rights are interrelated, interdependent, and indivisible. However, here we're not discussing all human rights because not all human rights are relevant to Information and Communication Technologies (ICTs) in general and to protocols and standards in particular <xref target="Orwat" format="default"/>:</t> <blockquote>The main source of the values of human rights is the <em>International Bill of Human Rights</em> that is composed of the <em>Universal Declaration of Human Rights</em> (UDHR) <xref target="UDHR" format="default"/> along with the <em>International Covenant on Civil and Political Rights</em> (ICCPR) <xref target="ICCPR" format="default"/> and the <em>International Covenant on Economic, Social and Cultural Rights</em> (ICESCR) <xref target="ICESCR" format="default"/>. In the light of several cases of Internet censorship, the UN Human Rights Council Resolution 20/8 was adopted in 2012, affirming that "...the same rights that people have offline must also be protected online..." <xref target="UNHRC2016" format="default"/>. In 2015, the <em>Charter of Human Rights and Principles for the Internet</em> <xref target="IRP" format="default"/> was developed and released <xref target="Jorgensen" format="default"/>. According to these documents, some examples of human rights relevant for ICT systems are <em>human dignity</em> (Art. 1 UDHR), <em>non-discrimination</em> (Art. 2), <em>rights to life, liberty and security</em> (Art. 3), <em>freedom of opinion and expression</em> (Art. 19), <em>freedom of assembly and association</em> (Art. 20), <em>rights to equal protection, legal remedy, fair trial, due process, presumed innocent</em> (Art. 7-11), <em>appropriate social and international order</em> (Art. 28), <em>participation in public affairs</em> (Art. 21), <em>participation in cultural life, protection of intellectual property</em> (Art. 27), and <em>privacy</em> (Art. 12).</blockquote> <t>A partial catalog of human rights related toInformation and Communications Technologies,ICTs, including economic rights, can be found in <xreftarget="Hill2014"/>.</t>target="Hill" format="default"/>.</t> <t>This is by no means an attempt to exclude specific rights or prioritize some rights over others.</t> </section> <section anchor="conducting-human-rights-reviews"title="Conducting human rights reviews">numbered="true" toc="default"> <name>Conducting Human Rights Reviews</name> <t>Ideally, protocol developers and collaborators should incorporate human rights considerations into the design process itself (see <xref target="analyzing-drafts-based-on-guidelines-for-human-rights-considerations-model"/> ("Analyzing Internet-Drafts Based on Guidelines forhuman rights considerations).Human Rights Considerations Model")). This section provides guidance on how to conduct a human rights review, i.e., gauge the impact or potential impact of a protocol or standard on human rights.</t> <t>Human rights reviews can be done by anyparticipant,participant and can take place at different stages of the development process of an Internet-Draft. Generally speaking, it is easier to influence the development of a technology at earlier stages than at later stages. This does not mean that reviews atlast-callLast Call are not relevant, but they are less likely to result in significant changes in the reviewed document.</t> <t>Human rightsreviewreviews can be done by document authors, document shepherds, members of review teams, advocates, or impacted communities to influence thestandardstandards development process. IETF documents can benefit from people with differentknowledges,knowledge, perspectives, and backgrounds, especially since theirimplementationimplementations can impact many different communities as well.</t> <t>Methods for analyzing technology for specific human rights impacts are still quite nascent. Currently, five methods have been explored by the human rights review team, often in conjunction with eachother:</t>other.</t> <section anchor="analyzing-drafts-based-on-guidelines-for-human-rights-considerations-model"title="Analyzing drafts basednumbered="true" toc="default"> <name>Analyzing Internet-Drafts Based onguidelinesGuidelines forhuman rights considerations model">Human Rights Considerations Model</name> <t>This analysis of Internet-Drafts uses the model as described insection 4.<xref target="guidelines-for-human-rights-considerations" format="default"/>. The outlined categories and questions can be used to review an Internet-Draft. The advantage of this is that it provides a known overview, and document authors can go back to this document as well as <xreftarget="RFC8280"/>target="RFC8280" format="default"/> to understand the background and the context.</t> </section> <section anchor="analyzing-drafts-based-on-their-perceived-or-speculated-impact"title="Analyzing drafts basednumbered="true" toc="default"> <name>Analyzing Internet-Drafts Based ontheir perceivedTheir Perceived orspeculated impact">Speculated Impact</name> <t>When reviewing an Internet-Draft, specific human rights impacts can become apparent by doing a close reading of the draft and seeking to understand how it might affect networks or society. While less structured than the straight use of the human rights considerations model, this analysis may lead to new speculative understandings of links between human rights and protocols.</t> </section> <section anchor="expert-interviews"title="Expert interviews">numbered="true" toc="default"> <name>Expert Interviews</name> <t>Interviews with document authors, active members of theWorking Group,working group, or experts in the field can help explore the characteristics of the protocol and its effects. There are two main advantages to this approach:oneon the one hand, it allows the reviewer to gain a deeper understanding of the (intended) workings of the protocol; on the other hand, it also allows for the reviewer to start a discussion with experts or even document authors, which can help the review gain traction when it is published.</t> <!-- [rfced] Section 3.3 - May we format the "two main advantages" as a numbered list? Original: There are two main advantages to this approach: one the one hand, it allows the reviewer to gain a deeper understanding of the (intended) workings of the protocol; on the other hand, it also allows for the reviewer to start a discussion with experts or even document authors, which can help the review gain traction when it is published. Perhaps: There are two main advantages to this approach: 1. It allows the reviewer to gain a deeper understanding of the (intended) workings of the protocol. 2. It allows for the reviewer to start a discussion with experts or even document authors, which can help the review gain traction when it is published. --> </section> <section anchor="interviews-with-impacted-persons-and-communities"title="Interviewsnumbered="true" toc="default"> <name>Interviews withimpacted personsImpacted Persons andcommunities">Communities</name> <t>Protocols impact users of the Internet. Interviews can help the reviewer understand how protocols affect the people that use the protocols. Since human rights are best understood from the perspective of the rights-holder, this approach will improve the understanding of thereal worldreal-world effects of the technology. At the same time, it can be hard to attribute specific changes to a particularprotocol,protocol; this is of course even harder when a protocol has not been(widely)widely deployed.</t> </section> <section anchor="tracing-impacts-of-implementations"title="Tracing impactsnumbered="true" toc="default"> <name>Tracing Impacts ofimplementations">Implementations</name> <t>The reality of deployed protocols can be at odds with the expectations during the protocol design and development phase <xreftarget="RFC8980"/>.target="RFC8980" format="default"/>. When a specification already has associated running code, the code can be analyzed either in an experimental setting or on the Internet where its impact can be observed. In contrast to reviewing the draft text, this approach can allow the reviewer to understand how the specificationsworkswork inpractice,practice and potentially what unknown or unexpected effects the technology has.</t> </section> </section> <section anchor="guidelines-for-human-rights-considerations"title="Guidelinesnumbered="true" toc="default"> <name>Guidelines forhuman rights considerations">Human Rights Considerations</name> <t>This section provides guidance for document authors in the form of a questionnaire about protocols and how technical decisions can shape the exercise of human rights. The questionnaire may be useful at any point in the design process, particularly after the document authors have developed a high-level protocol model as described in <xreftarget="RFC4101"/>.target="RFC4101" format="default"/>. These guidelines do not seek to replace any existing referencedspecifications, but ratherspecifications but, rather, contribute to them and look at the design process from a human rights perspective.</t> <t>Protocols and Internet Standards might benefit from a documented discussion of potential human rights risks arising from potential misapplications of the protocol or technology described in the RequestForfor Comments (RFC). This might be coupled with an Applicability Statement for that RFC.</t> <t>Note that the guidance provided in this section does not recommend specific practices. The range of protocols developed in the IETF is too broad to make recommendations about particular uses of data or how human rights might be balanced against other design goals. However, by carefully considering the answers to the following questions, document authors should be able to produce a comprehensive analysis that can serve as the basis for discussion on whether the protocol adequately takes specific human rights threats into account. This guidance is meant to help the thought process of a human rights analysis; it does not provide specific directions for how to write a human rights considerations section (following the example set in <xreftarget="RFC6973"/>).</t>target="RFC6973" format="default"/>).</t> <t>In considering these questions, authors will need to be aware of the potential of technical advances or the passage of time to undermine protections. <!--[rfced] Section 4 - We are having some difficulty parsing this sentence, specifically "are considered given a purpose and specific use cases". For clarity, may we update this sentence as follows? Additionally, may we avoid the repetition of "considerations" and "considered"? Original: In general, considerations of rights are likely to be more effective if they are considered given a purpose and specific use cases, rather than as abstract absolute goals. Perhaps: In general, considerations of rights are likely to be more effective if they have a purpose and specific use cases rather than abstract, absolute goals. --> In general, considerations of rights are likely to be more effective if they are considered given a purpose and specific use cases, rather than as abstract, absolute goals.</t> <t>Also note that while the section uses theword, ‘protocol’,word "protocol", the principles identified in these questions may be applicable to other types of solutions (extensions to existing protocols, architecture for solutions to specific problems, etc.).</t> <!--[rfced] In Sections 4.1-4.21, does each section need to have "Question(s)", "Explanation", "Example", and "Impacts" entries? We note that some of these entries are missing from the sections. Please let us know if entries should be added. --> <section anchor="intermediaries"title="Intermediaries">numbered="true" toc="default"> <name>Intermediaries</name> <t>Question(s): Does your protocol depend on or allow for protocol-specific functions at intermediary nodes?</t> <t>Explanation: The end-to-end principle <xreftarget="Saltzer"/>target="Saltzer" format="default"/> holds that certain functions can and should be performed at‘ends’"ends" of the network. <xreftarget="RFC1958"/>target="RFC1958" format="default"/> states“that inthat "in very general terms, the community believes that the goal is connectivity[…]... and the intelligence is end to end rather than hidden in thenetwork.”network". <!--[rfced] Section 4.1 - As the number of commas make this sentence difficult to parse, may we update it as follows? Original: When a protocol exchange includes both endpoints and an intermediary, there are new opportunities for failure, especially when the intermediary is not under control of either endpoint, or even largely invisible to it, as, for instance, in intercepting HTTPS proxies [https-interception]. Perhaps: There are new opportunities for failure when a protocol exchange includes both endpoints and an intermediary, especially when the intermediary is not under control of either endpoint, or is even largely invisible to it, for instance, as with intercepting HTTPS proxies [HTTPS-interception]. --> When a protocol exchange includes both endpoints and an intermediary, there are new opportunities for failure, especially when the intermediary is not under control of either endpoint, or even largely invisible to it, as in, for instance, intercepting HTTPS proxies <xreftarget="https-interception"/>.target="HTTPS-interception" format="default"/>. This pattern also contributes toossification,ossification because the intermediaries may impose protocol restrictions–-- sometimes in violation of the specification–-- that prevent the endpoints from using more modern protocols, as described inSection 9.3 of<xreftarget="RFC8446"/>.</t>target="RFC8446" sectionFormat="of" section="9.3"/>.</t> <t>Note that intermediaries are distinct fromservices: inservices. In the formercasecase, thethird partythird-party element is part of the protocolexchange,exchange; whereas in thelatterlatter, the endpoints communicate explicitly with the service. The client/server pattern provides clearer separation of responsibilities between elements than having an intermediary. However, even in client/server systems, it is often good practice to provide for end-to-end encryption between endpoints for protocol elementswhichthat are outside of the scope of the service, as in the design ofMLSMessaging Layer Security (MLS) <xreftarget="I-D.ietf-mls-protocol"/>.</t>target="RFC9420" format="default"/>.</t> <t>Example: Encryption between the endpoints can be used to protect the protocol from interference by intermediaries. The encryption of transport layer information in QUIC <xreftarget="RFC9000"/>target="RFC9000" format="default"/> and of the TLS Server Name Indication (SNI) field <xreftarget="I-D.ietf-tls-esni"/>target="I-D.ietf-tls-esni" format="default"/> are examples of this practice. One consequence of this is to limit the extent to which network operators can inspect traffic, requiring them to have control of the endpoints in order to monitor their behavior.</t> <t>Impacts:</t><t><list style="symbols"> <t>Right<ul spacing="normal"> <li>Right to freedom ofexpression</t> <t>Rightexpression</li> <li>Right to freedom of assembly andassociation</t> </list></t>association</li> </ul> </section> <section anchor="connectivity"title="Connectivity">numbered="true" toc="default"> <name>Connectivity</name> <t>Questions(s): Is your protocol optimized forlow bandwidthlow-bandwidth andhigh latencyhigh-latency connections? Could your protocol also be developed in a stateless manner?</t><t>Also considering<t>Considering the fact that network quality and conditions vary across geography and time, it is also important to design protocols such that they are reliable even onlow bandwidthlow-bandwidth andhigh latencyhigh-latency connections.</t> <t>Impacts:</t><t><list style="symbols"> <t>Right<ul spacing="normal"> <li>Right to freedom ofexpression</t> <t>Rightexpression</li> <li>Right to freedom of assembly andassociation</t> </list></t>association</li> </ul> </section> <section anchor="reliability"title="Reliability">numbered="true" toc="default"> <name>Reliability</name> <t>Question(s): Is your protocol fault tolerant? Does it downgrade gracefully, i.e., with mechanisms for fallback and/or notice? Can your protocol resist malicious degradation attempts? Do you have a documented way to announce degradation? Do you have measures in place for recovery or partial healing from failure? Can your protocol maintain dependability and performance in the face of unanticipated changes or circumstances?</t> <t>Explanation: Reliability and resiliency ensures that a protocol will execute its function consistently anderrorresistant to error, as described, and will function without unexpectedresult.results. Measures for reliability in protocols assure users that their intended communication was successfully executed.</t> <t>A system that is reliable degrades gracefully and will have a documented way to announce degradation. It will also have mechanisms to recover from failuregracefully, andgracefully and, if applicable, will allow for partial healing.</t> <t>It is important here to draw a distinction between random degradation and malicious degradation. Some attacks against previous versions of TLS, for example, exploitedTLS’TLS' ability to gracefully downgrade to non-secure cipher suites <xreftarget="FREAK"/><xref target="Logjam"/>–target="FREAK" format="default"/> <xref target="Logjam" format="default"/>; from a functional perspective, this isuseful;useful, but from a security perspective, this can be disastrous.</t> <t>For reliability, it is necessary that services notify the users if a delivery fails. In the case of real-time systems, in addition to the reliable delivery, the protocol needs to safeguard timeliness.</t> <t>Example: In the modern IP stack structure, a reliable transport layer requires an indication that transport processing has successfully completed, such as given byTCP’sTCP's ACK message <xreftarget="RFC0793"/>.target="RFC9293" format="default"/>. Similarly, anapplication layerapplication-layer protocol may require an application-specificacknowledgmentacknowledgement that contains, among other things, a status code indicating the disposition of the request(See(see <xreftarget="RFC3724"/>).</t>target="RFC3724" format="default"/>).</t> <t>Impacts:</t><t><list style="symbols"> <t>Right<ul spacing="normal"> <li>Right to freedom ofexpression</t> <t>Rightexpression</li> <li>Right tosecurity</t> </list></t>security</li> </ul> </section> <section anchor="content-signals"title="Content signals">numbered="true" toc="default"> <name>Content Signals</name> <t>Question(s): Does your protocol include explicit or implicit plaintext elements,eitherin either the payload or the headers, that can be used for differential treatment? Is there a wayminimiseto minimize leakingofsuch data to network intermediaries? If not, is there a way for deployments of the protocol to make the differential treatment (includingprioritisationprioritization of certain traffic), if any, auditable for negative impacts on net neutrality?</t> <t>Example: When network intermediaries are able to determine the type of content that a packet iscarryingcarrying, then they can use that information to discriminate in favor of one type of content and against another. This impactsusersusers' ability to send and receive the content of their choice.</t> <t>As recommended in <xreftarget="RFC8558"/>target="RFC8558" format="default"/>, protocol designers should avoid the construction of implicit signals of their content. In general, protocol designers should avoid adding explicit signals for intermediaries. In certain cases, it may be necessary to add such explicit signals, but designers should only do so when they provide clear benefit to end users (see <xreftarget="RFC8890"/>target="RFC8890" format="default"/> for more on the priority of constituencies). In these cases, the implications of thosesignalsignals for human rights should be documented.</t> <t>Note that many protocols provide signals that are intended for endpoints that can be used as implicit signals by intermediaries for traffic discrimination,eitherbased on either the content (e.g., TCP port numbers) or the sender/receiver (IP addresses). Where possible, these should be protected from intermediaries by encryption. In many cases– e.g.,(e.g., IPaddress –addresses), these signals are difficult toremove,remove; but in other cases, such as TLS Application Layer Protocol Negotiation <xreftarget="RFC7301"/>,target="RFC7301" format="default"/>, there are active efforts to protect this data <xreftarget="I-D.ietf-tls-esni"/>.</t> <t><list style="symbols"> <t>Righttarget="I-D.ietf-tls-esni" format="default"/>.</t> <t>Impacts:</t> <ul spacing="normal"> <li>Right to freedom ofexpression</t> <t>Rightexpression</li> <li>Right tonon-discrimination</t> <t>Rightnon-discrimination</li> <li>Right to equalprotection</t> </list></t>protection</li> </ul> </section> <section anchor="internationalization"title="Internationalization">numbered="true" toc="default"> <name>Internationalization</name> <t>Question(s): Does your protocol or specification define text string elements, in the payload or headers, that have to be understood or entered by humans? Does your specification allow Unicode? If so, do you accept texts in one charset (which must beUTF-8),UTF-8) or several (which is dangerous for interoperability)? If character sets or encodings other than UTF-8 are allowed, does your specification mandate a proper tagging of the charset? Did you have a look at <xreftarget="RFC6365"/>?</t>target="RFC6365" format="default"/>?</t> <t>Explanation: Internationalization refers to the practice of making protocols, standards, and implementations usable in different languages and scripts (seeLocalization).<xref target="localization"/> ("Localization")). In the IETF, internationalization means to add or improve the handling of non-ASCII text in aprotocol.protocol <xreftarget="RFC6365"/>target="RFC6365" format="default"/>. A different perspective, more appropriate to protocols that are designed for global use from the beginning, is the definition used by the World Wide Web Consortium(W3C):</t> <figure><artwork><![CDATA[ "Internationalization(W3C) <xref target="W3Ci18nDef"/>:</t> <blockquote>Internationalization is the design and development of a product, application or document content that enables easy localization for target audiences that vary in culture, region, orlanguage." {{W3Ci18nDef}} ]]></artwork></figure>language.</blockquote> <t>Many protocols that handle text only handle one charset(US-ASCII),(US-ASCII) or leave the question of what coded character set and encoding are used up to local guesswork (which leads, of course, to interoperability problems). If multiple charsets are permitted, they must be explicitly identified <xreftarget="RFC2277"/>.target="RFC2277" format="default"/>. Adding non-ASCII text to a protocol allows the protocol to handle more scripts, hopefully representing users across the world. Intoday’stoday's world, that is normally best accomplished by allowing only Unicode encoded inUTF-8 only.</t>UTF-8.</t> <t>In current IETF practice <xreftarget="RFC2277"/>,target="RFC2277" format="default"/>, internationalization is aimed at user-facing strings, not protocol elements, such as the verbs used by some text-based protocols. (Do note that some strings are both content and protocol elements, such as identifiers.) <!--[rfced] Section 4.5 - We question the accuracy of the sentence below, particularly in regards to the IETF's mission. As making the Internet a "global network of networks" is not stated in RFC 3935, should that statement be removed from the sentence? Original: Although this is reasonable practice for non-user visible elements, given theIETF’sIETF's mission to make the Internet a global network of networks, [RFC3935] developers should provide full and equal support for all scripts and character sets in the user-facing features of protocols and for any content they carry. Perhaps: Although this is reasonable practice for non-user visible elements, developers should provide full and equal support for all scripts and character sets in the user-facing features of protocols and for any content they carry. --> Although this is reasonable practice for non-user-visible elements, given the IETF's mission to make the Internet a global network of networks <xreftarget="RFC3935"/>target="RFC3935" format="default"/>, developers should provide full and equal support for all scripts and character sets in the user-facing features of protocols and for any content they carry.</t> <t>Example: Seelocalization</t><xref target="localization"/> ("Localization").</t> <t>Impacts:</t><t><list style="symbols"> <t>Right<ul spacing="normal"> <li>Right to freedom ofexpression</t> <t>Rightexpression</li> <li>Right to politicalparticipation</t> <t>Rightparticipation</li> <li>Right to participate in cultural life,artsarts, andscience</t> </list></t>science</li> </ul> </section> <section anchor="localization"title="Localization">numbered="true" toc="default"> <name>Localization</name> <t>Question(s): Does your protocol uphold the standards of internationalization? Have you made any concrete steps towards localizing your protocol for relevant audiences?</t> <t>Explanation:Localization"Localization refers to the adaptation of a product, application or document content to meet the language, cultural and other requirements of a specific target market (alocale)'locale')" <xreftarget="W3Ci18nDef"/>.target="W3Ci18nDef" format="default"/>. For our purposes, it can be described as the practice of translating an implementation to make it functional in a specific language or for users in a specific locale (seeInternationalization).<xref target="internationalization"/> ("Internationalization")). Internationalization is related to localization, but they are not the same. Internationalization is a necessary precondition for localization.</t> <t>Example: The Internet is a global medium, but many of its protocols and products are developed withacertainaudienceaudiences inmind,mind that often share particular characteristics like knowing how to read and write in American Standard Code for Information Interchange (ASCII) and knowing English. This limits the ability of a large part of theworld’sworld's online population from using the Internet in a way that is culturally and linguistically accessible. An example of a standard that has taken into account the view that individuals like to have access to data in their native language can be found in <xreftarget="RFC5646"/>.target="RFC5646" format="default"/>. The document describes a way to label information with an identifier for the language in which it is written. And this allows information to be presented and accessed in more than one language.</t> <t>Impacts:</t><t><list style="symbols"> <t>Right<ul spacing="normal"> <li>Right tonon-discrimination</t> <t>Rightnon-discrimination</li> <li>Right to participate in cultural life,artsarts, andscience</t> <t>Rightscience</li> <li>Right to freedom ofexpression</t> </list></t>expression</li> </ul> </section> <section anchor="open-standards"title="Open Standards">numbered="true" toc="default"> <name>Open Standards</name> <!--[rfced] Section 4.7 - To improve readability by avoiding use of a double negative (i.e., "not" and "without"), may we update this sentence as follows? Original: Do you normatively reference another standard that is not available without cost (and could you do without it)? Perhaps: Do you normatively reference another standard that is behind a paywall (and could you do without it)? --> <t>Question(s): Is your protocol fully documented in a way that it could be easily implemented, improved, builtuponupon, and/or further developed? Do you depend on proprietary code for the implementation,runningrunning, or further development of your protocol? Does your protocol favor a particular proprietary specification overtechnically-equivalenttechnically equivalent competing specification(s), forinstanceinstance, by making any incorporated vendor specification“required”"required" or“recommended”"recommended" <xreftarget="RFC2026"/>?target="RFC2026" format="default"/>? Do you normatively reference another standard that is not available without cost (and could you do without it)? Are you aware of any patents that would prevent your standard from being fully implemented <xreftarget="RFC8179"/>target="RFC8179" format="default"/> <xreftarget="RFC6701"/>?</t>target="RFC6701" format="default"/>?</t> <t>Explanation: The Internet was able to be developed into the global network of networks because of the existence of open, non-proprietary standards <xreftarget="Zittrain"/>.target="Zittrain" format="default"/>. They are crucial for enabling interoperability. Yet, open standards are not explicitly defined within the IETF. On the subject, <xreftarget="RFC2026"/> states: “Varioustarget="RFC2026" format="default"/> states:</t> <blockquote>Various national and international standards bodies, such as ANSI, ISO, IEEE, and ITU-T, develop a variety of protocol and service specifications that are similar to Technical Specifications definedathere [at theIETF.IETF]. National and international groups also publish“implementors’ agreements”"implementors' agreements" that are analogous to Applicability Statements, capturing a body of implementation-specific detail concerned with the practical application of their standards. All of these are considered to be“open"open externalstandards”standards" for the purposes of the Internet StandardsProcess.” Similarly,Process.</blockquote> <t>Similarly, <xreftarget="RFC3935"/>target="RFC3935" format="default"/> does not define open standards but does emphasize the importance of an“open process”, i.e., “any"open process", i.e.:</t> <blockquote>... any interested person can participate in the work, know what is being decided, and make [their] voice heard on theissue.”</t>issue.</blockquote> <t>Open standards (and open source software) allow users to glean information about how the tools they are using work, including thetools’tools' security and privacy properties. They additionally allow for permissionless innovation, which is important to maintain the freedom and ability to freely create and deploy new protocols on top of the communications constructs that currently exist. It is at the heart of the Internet as we know it, and to maintain its fundamentally open nature, we need to be mindful of the need for developing open standards.</t> <t>All standards that need to be normatively implemented should be freely available and with reasonable protection for patent infringementclaims,claims soitthat they can also be implemented in open source or free software. Patents have often held back open standardization or been used against those deploying open standards, particularly in the domain of cryptography <xreftarget="newegg"/>.target="Newegg" format="default"/>. <!--[rfced] Section 4.7 - To improve the readability of this sentence, may we update "when a protocol is standardized that" to "when a standardized protocol"? Original: An exemption of this is sometimes made when a protocol is standardized that normatively relies on specifications produced by others standards development organizations (SDOs) that are not freely available. Perhaps: An exemption of this is sometimes made when a standardized protocol normatively relies on specifications produced by others Standards Development Organizations (SDOs) that are not freely available. --> An exemption of this is sometimes made when a protocol is standardized that normatively relies on specifications produced by others Standards Development Organizations (SDOs) that are not freely available. Patents in open standards or in normative references to other standards should have a patent disclosure <xreftarget="notewell"/>,target="Note-well" format="default"/>, royalty-free licensing <xreftarget="patentpolicy"/>,target="Patent-policy" format="default"/>, or some other form of fair,reasonablereasonable, and non-discriminatory terms.</t> <t>Example: <xreftarget="RFC6108"/>target="RFC6108" format="default"/> describes a system for providing critical end-user notifications to web browsers, which has been deployed by Comcast, an Internet Service Provider (ISP). Such a notification system is being used to provide near-immediate notifications to customers, such as to warn them that their traffic exhibits patterns that are indicative of malware or virus infection. There are other proprietary systems that can perform such notifications, but those systems utilize Deep Packet Inspection (DPI) technology. In contrast, that document describes a system that does not rely uponDPI,DPI and is instead based on open IETF standards and open source applications.</t> <t>Impacts:</t><t><list style="symbols"> <t>Right<ul spacing="normal"> <li>Right to freedom ofexpression</t> <t>Rightexpression</li> <li>Right to participate in cultural life,artsarts, andscience</t> </list></t>science</li> </ul> </section> <section anchor="heterogeneity-support"title="Heterogeneity Support">numbered="true" toc="default"> <name>Heterogeneity Support</name> <t>Question(s): Does your protocol support heterogeneity by design? Does your protocol allow for multiple types of hardware? Does your protocol allow for multiple types of application protocols? Is your protocol liberal in what it receives and handles? Will it remain usable and open if the context changes?</t> <t>Explanation: The Internet is characterized by heterogeneity on many levels:devices anddevices, nodes, router schedulingalgorithms andalgorithms, queue management mechanisms, routing protocols, levels of multiplexing, protocol versions and implementations, and underlying link layers (e.g., point-to-point, multi-access links, wireless,FDDI, etc.),Fiber Distributed Data Interface (FDDI), etc.) in the traffic mix and in the levels of congestion at different times and places. Moreover, as the Internet is composed of autonomous organizations and ISPs, each with their own separate policy concerns, there is a large heterogeneity of administrative domains and pricing structures. As a result, the heterogeneity principle proposed in <xreftarget="RFC1958"/>target="RFC1958" format="default"/> needs to be supported by design <xreftarget="FIArch"/>.</t>target="FIArch" format="default"/>.</t> <t>Heterogeneity support in protocolscan thuscan, thus, enable a wide range of devices and (by extension) users to participate on the network.</t> <!-- [rfced] Section 4.8 - Please note that since it is not known who originally said the following quote (for example, it has also been attributed to baseball player Yogi Berra), may we update the wording to avoid future possible errata. Original: Niels Bohr famously said: "Prediction is very difficult, especially if it's about the future", Perhaps: There is a famous quote often attributed to Niels Bohr: "Prediction is very difficult, especially if it's about the future." --> <t>Example: Heterogeneity significantly contributed to the success of theinternetInternet architecture <xreftarget="Zittrain"/>.target="Zittrain" format="default"/>. Niels Bohr famously said:“Prediction"Prediction is very difficult, especially ifit’sit's about thefuture”, thisfuture." This also holds true for future uses of theinternetInternet architecture and infrastructure. Therefore, as a rule ofthumbthumb, it is important to--- as far as possible--- design your protocol for different devices and uses, especially at lower layers of the stack. However, if you choose not to do this, it could be relevant to document the reasoning for that.</t> <t>Impacts:</t><t><list style="symbols"> <t>Right<ul spacing="normal"> <li>Right to freedom ofexpression</t> <t>Rightexpression</li> <li>Right to politicalparticipation</t> </list></t>participation</li> </ul> </section> <section anchor="adaptability"title="Adaptability">numbered="true" toc="default"> <name>Adaptability</name> <t>Question(s):Question:Is your protocol written in a modularfashionfashion, and does it facilitate or hamper extensibility? In this sense, does your protocol impact permissionless innovation? (SeeOpen Standards)</t><xref target="open-standards"/> ("Open Standards").)</t> <t>Explanation: Adaptability is closely interrelated with permissionless innovation: both maintain the freedom and ability tofreelycreate and deploy new protocols on top of the communications constructs that currently exist. It is at the heart of the Internet as we know it, and to maintain its fundamentally open nature, we need to be mindful of the impact of protocols on maintaining or reducing permissionless innovation to ensure that the Internet can continue to develop.</t> <t>Adaptability and permissionless innovation can be used to shape information networks aspreferenced bygroups ofusers.users prefer. Furthermore, a precondition of adaptability is the ability of the people who can adapt the network to be able to know and understand the network. This is why adaptability and permissionless innovation are inherently connected to the right to education and the right to science as well as the right to freedom of assembly and associationas well asand the right to freedom ofexpression. Sinceexpression, since it allows the users of the network to determine how to assemble, collaborate, and express themselves.</t> <t>Example: WebRTC generates audio and/or video data. WebRTC can be used in different locations by different parties;WebRTC’sWebRTC's standardapplication programming interfacesApplication Programming Interfaces (APIs) are developed to support applications from different voice service providers. Multiple parties will have similarcapabilities, incapabilities. In order to ensure that all parties can build upon existingstandardsstandards, these need to beadaptable,adaptable and allow for permissionless innovation.</t> <t>Impacts:</t><t><list style="symbols"> <t>Right<ul spacing="normal"> <li>Right toeducation</t> <t>Righteducation</li> <li>Right toscience</t> <t>Rightscience</li> <li>Right to freedom ofexpression</t> <t>Rightexpression</li> <li>Right to freedom of assembly andassociation</t> </list></t>association</li> </ul> </section> <section anchor="integrity"title="Integrity">numbered="true" toc="default"> <name>Integrity</name> <t>Question(s): Does your protocol maintain,assureassure, and/or verify the accuracy of payload data? Does your protocol maintain and assure the consistency of data? Does your protocol in any way allow for the data to be (intentionally or unintentionally) altered?</t> <t>Explanation: Integrity refers to the maintenance and assurance of the accuracy and consistency of data to ensure it has not been (intentionally or unintentionally) altered.</t> <t>Example: Integrity verification of data is important to prevent vulnerabilities and attacks from on-path attackers. These attacks happen when a third party (often for malicious reasons) intercepts a communication between two parties, inserting themselves in the middle and changing the content of the data. Inpracticepractice, this looks as follows:</t> <t>Alice wants to communicate with Bob. Alice sends a message to Bob, which Corinne intercepts and modifies. Bob cannot see that the data from Alice was altered by Corinne. Corinne intercepts and alters the communication as it is sent between Alice and Bob. Corinne is able to control the communication content.</t> <t>Impacts:</t><t><list style="symbols"> <t>Right<ul spacing="normal"> <li>Right to freedom ofexpression</t> <t>Rightexpression</li> <li>Right tosecurity</t> </list></t>security</li> </ul> </section> <section anchor="authenticity"title="Authenticity">numbered="true" toc="default"> <name>Authenticity</name> <t>Question(s): Do you have sufficient measures to confirm the truth of an attribute of a single piece of data or entity? Can the attributes get garbled along the way (seesecurity)?<xref target="security"/> ("Security"))? If relevant, have you implemented IPsec, DNS Security (DNSSEC),HTTPSHTTPS, and otherStandard Security Best Practices?</t>standard security best practices?</t> <t>Explanation: Authenticity ensures that data does indeed come from the source it claims to come from. This is important to prevent certain attacks or unauthorized access and use of data.</t> <t>At the same time, authentication should not be used as a way to prevent heterogeneity support, as is often done for vendor lock-in or digital rights management.</t> <t>Example: Authentication of data is important to preventvulnerabilities,vulnerabilities and attacks from on-path attackers. These attacks happen when a third party (often for malicious reasons) intercepts a communication between two parties, inserting themselves in the middle and posing as both parties. Inpracticepractice, this looks as follows:</t> <t>Alice wants to communicate with Bob. Alice sends data to Bob. Corinne intercepts the data sent to Bob. Corinne reads (and potentially alters) the message to Bob. Bob cannot see that the data did not come from Alice but from Corinne.</t> <!--[rfced] Section 4.11 - Should "With proper authentication" be updated to "Without proper authentication"? Original: With proper authentication, the scenario would be as follows: Alice wants to communicate with Bob. Alice sends data to Bob. Corinne intercepts the data sent to Bob. Corinne reads and alters the message to Bob. Bob is unable to verify whether that the data came from Alice. Perhaps: Without proper authentication, the scenario would be as follows: Alice wants to communicate with Bob. Alice sends data to Bob. Corinne intercepts the data sent to Bob. Corinne reads and alters the message to Bob. Bob is unable to verify whether that the data came from Alice. --> <t>With proper authentication, the scenario would be as follows:</t> <t>Alice wants to communicate with Bob. Alice sends data to Bob. Corinne intercepts the data sent to Bob. Corinne reads and alters the message to Bob. Bob is unable to verify whether that the data came from Alice.</t> <t>Impacts:</t><t><list style="symbols"> <t>Right<ul spacing="normal"> <li>Right toprivacy</t> <t>Rightprivacy</li> <li>Right to freedom ofexpression</t> <t>Rightexpression</li> <li>Right tosecurity</t> </list></t>security</li> </ul> </section> <section anchor="confidentiality"title="Confidentiality">numbered="true" toc="default"> <name>Confidentiality</name> <t>Question(s): Does the protocol expose the transmitted data over the wire? Does the protocol expose information related to identifiers or data? If so, what does it reveal to each protocol entity (i.e., recipients, intermediaries, and enablers) <xreftarget="RFC6973"/>?target="RFC6973" format="default"/>? What options exist for protocol implementers to choose to limit the information shared with each entity? What operational controls are available to limit the information shared with each entity?</t> <t>What controls or consent mechanisms does the protocol define or require before personal data or identifiers are shared or exposed via the protocol? If no such mechanisms or controls are specified, is it expected that control and consent will be handled outside of the protocol?</t> <t>Does the protocol provide ways for initiators to share different pieces of information with different recipients? If not, are there mechanisms that exist outside of the protocol to provide initiators with such control?</t> <t>Does the protocol provide ways for initiators to limit the sharing orexpress individuals’expressing of individuals' preferences to recipients or intermediaries with regard to the collection, use, or disclosure of their personal data? If not, are there mechanisms that exist outside of the protocol to provide users with such control? Is it expected that users will have relationships that govern the use of the information (contractual or otherwise) with those who operate these intermediaries? Does the protocol prefer encryption overclear textcleartext operation?</t> <t>Explanation: Confidentiality refers to keeping your data secret from unintended listeners <xreftarget="BCP72"/>.target="BCP72" format="default"/>. The growth of the Internet depends on users having confidence that the network protects their personal data <xreftarget="RFC1984"/>.target="RFC1984" format="default"/>. The possibility of pervasive monitoring and surveillance underminesusers’ trust,users' trust and can be mitigated by ensuring confidentiality, i.e., passive attackers should gain little or no information from observation or inference of protocolactivity.activity <xreftarget="RFC7258"/><xref target="RFC7624"/>.</t>target="RFC7258" format="default"/> <xref target="RFC7624" format="default"/>.</t> <t>Example: Protocols that do not encrypt their payload make the entire content of the communication available to the idealized attacker along their path. Following the advice in <xreftarget="RFC3365"/>,target="RFC3365" format="default"/>, most such protocols have a secure variant that encrypts the payload for confidentiality, and these secure variants are seeing ever-wider deployment. A noteworthy exception is DNS <xreftarget="RFC1035"/>,target="RFC1035" format="default"/>, as DNSSEC <xreftarget="RFC4033"/>target="RFC4033" format="default"/> does not have confidentiality as a requirement. This implies that, in the absence of the use of more recent standards like DNS over TLS <xreftarget="RFC7858"/>target="RFC7858" format="default"/> or DNS over HTTPS <xreftarget="RFC8484"/>,target="RFC8484" format="default"/>, all DNS queries and answers generated by the activities of any protocol are available to the attacker. When store-and-forward protocols are used (e.g., SMTP <xreftarget="RFC5321"/>),target="RFC5321" format="default"/>), intermediaries leave this data subject to observation by an attacker that has compromised these intermediaries, unless the data is encrypted end-to-end by the application-layer protocol or the implementation uses an encrypted store for this data <xreftarget="RFC7624"/>.</t>target="RFC7624" format="default"/>.</t> <t>Impacts:</t><t><list style="symbols"> <t>Right<ul spacing="normal"> <li>Right toprivacy</t> <t>Rightprivacy</li> <li>Right tosecurity</t> </list></t>security</li> </ul> </section> <section anchor="security"title="Security">numbered="true" toc="default"> <name>Security</name> <t>Question(s): Did you have a look atGuidelines<xref target="BCP72" format="default"> "Guidelines for Writing RFC Text on SecurityConsiderations <xref target="BCP72"/>?Considerations"</xref>? Have you found any attacks that are somewhat related to yourprotocol/specification,protocol/specification yet considered out of scope of your document? Would these attacks be pertinent to thehuman rights enablinghuman-rights-enabling features of the Internet (as described throughout this document)?</t> <t>Explanation: Security is not a single monolithic property of a protocol orsystem,system but rather a series of relatedbutyet somewhat independent properties. Not all of these properties are required for every application. Since communications are carried out by systems and access to systems is through communications channels, security goals obviously interlock, but they can also be independentlyprovided.provided <xreftarget="BCP72"/>.</t>target="BCP72" format="default"/>.</t> <t>Typically, any protocol operating on the Internet can be the target of passive attacks (when the attacker can access and read packets on thenetwork);network) and active attacks (when an attacker is capable of writing information to the networkpackets).packets) <xreftarget="BCP72"/></t>target="BCP72" format="default"/>.</t> <t>Example: See <xreftarget="BCP72"/>.</t>target="BCP72" format="default"/>.</t> <t>Impacts:</t><t><list style="symbols"> <t>Right<ul spacing="normal"> <li>Right to freedom ofexpression</t> <t>Rightexpression</li> <li>Right to freedom of assembly andassociation</t> <t>Rightassociation</li> <li>Right tonon-discrimination</t> <t>Rightnon-discrimination</li> <li>Right tosecurity</t> </list></t>security</li> </ul> </section> <section anchor="privacy"title="Privacy">numbered="true" toc="default"> <name>Privacy</name> <t>Question(s): Did you have a look at theGuidelinesguidelines described inthe PrivacySection <xref target="RFC6973" sectionFormat="bare" section="7"/> of "Privacy Considerations for InternetProtocolsProtocols" <xreftarget="RFC6973"/> section 7?target="RFC6973"/>? Does your protocol maintain the confidentiality of metadata? Could your protocol counter traffic analysis? Does your protocol adhere to data minimization principles? Does your document identify potentially sensitive data logged by your protocol and/or for how long that needs to be retained for technical reasons?</t> <t>Explanation: Privacy refers to the right of an entity (normally a person), acting on its own behalf, to determine the degree to which it will interact with its environment, including the degree to which the entity is willing to share its personal information withothers.others <xreftarget="RFC4949"/>.target="RFC4949" format="default"/>. <!--[rfced] Section 4.12 - To avoid the repetition of "themselves", may we update this sentence as follows? Original: If a protocol provides insufficient privacy protection it may have a negative impact on freedom of expression as usersself-censorself- censor for fear of surveillance, or find themselves unable to express themselves freely. Perhaps: If a protocol provides insufficient privacy protection, it may have a negative impact on freedom of expression as users self- censor for fear of surveillance or find that they are unable to express themselves freely. --> If a protocol provides insufficient privacy protection, it may have a negative impact on freedom of expression as users self-censor for fear of surveillance or find themselves unable to express themselves freely.</t> <t>Example: See <xreftarget="RFC6973"/></t>target="RFC6973" format="default"/>.</t> <t>Impacts:</t><t><list style="symbols"> <t>Right<ul spacing="normal"> <li>Right to freedom ofexpression</t> <t>Rightexpression</li> <li>Right toprivacy</t> <t>Rightprivacy</li> <li>Right tonon-discrimination</t> </list></t>non-discrimination</li> </ul> </section> <section anchor="anonymity-and-pseudonymity"title="Anonymitynumbered="true" toc="default"> <name>Anonymity andPseudonymity">Pseudonymity</name> <t>Question(s): Does your protocol make use of identifiers? Are these identifiers persistent? Are they used across multiple contexts? Is it possible for the user to reset or rotate them without negatively impacting the operationfoof the protocol? Are they visible to others besides the protocol endpoints? Are they tied to real-world identities? Have you consideredthe Privacy Considerations for Internet Protocols"<xref target="RFC6973" format="title"/>" <xreftarget="RFC6973"/>,target="RFC6973" format="default"/>, especiallysection 6.1.2?</t>Section <xref target="RFC6973" sectionFormat="bare" section="6.1.2"/>?</t> <t>Explanation: Most protocols depend on the use of some kind of identifier in order to correlate activity over time and space. For instance:</t><t><list style="symbols"> <t>IP<ul spacing="normal"> <li>IP addresses are used as an identity for the source and destination for IPdatagrams.</t> <t>QUICdatagrams.</li> <li>QUIC connection identifiers are used to correlate packets belonging to the sameconnection.</t> <t>HTTPconnection.</li> <li>HTTP uses cookies to correlate multiple HTTP requests from the sameclient.</t> <t>Emailclient.</li> <li>Email uses email addresses of the form<eref target="mailto:example@example.com">example@example.com</eref>example@example.com to identify senders andreceivers.</t> </list></t>receivers.</li> </ul> <t>In general, these identifiers serve a necessary function for protocoloperations,operations by allowing them to maintain continuity. However, they can also create privacy risks. There are two major ways in which those risks manifest:</t><t><list style="symbols"> <t>The<ul spacing="normal"> <li>The identifier may itself reveal theuser’suser's identity in some way or be tied to an identifierwhichthat does, as is the case when E.164 (telephone) numbers are used as identifiers for instant messagingsystems.</t> <t>Whilesystems.</li> <li>While the identifier may not reveal theuser’suser's identity, it may make it possible to link enough of auser’suser's behavior to threaten their privacy, as is the case with HTTPcookies.</t> </list></t>cookies.</li> </ul> <t>Because identifiers are necessary for protocol operation, true anonymity is very difficult to achieve, but there are practiceswhichthat promote user privacy even when identifiers are used.</t> <t>Impacts:</t><t><list style="symbols"> <t>Right<ul spacing="normal"> <li>Right tonon-discrimination</t> <t>Rightnon-discrimination</li> <li>Right to freedom ofexpression</t> <t>Rightexpression</li> <li>Right to politicalparticipation</t> <t>Rightparticipation</li> <li>Right to freedom of assembly andassociation</t> </list></t>association</li> </ul> <section anchor="pseudonymity"title="Pseudonymity">numbered="true" toc="default"> <name>Pseudonymity</name> <t>In general, user privacy is better preserved when identifiers are pseudonymous (not tied to auser’suser's real-world identity).</t> <t>Example: In the development of the IPv6 protocol, it was discussed to embed a Media Access Control (MAC) address into unique IP addresses. This would make it possible for eavesdroppers and other information collectors to identify when different addresses used in different transactions actually correspond to the same node. This is why standardization efforts likePrivacy Extensions for Stateless Address Autoconfiguration in IPv6"<xref target="RFC8981" format="title"/>" <xreftarget="RFC4941"/>target="RFC8981" format="default"/> and MAC address randomization <xreftarget="draft-zuniga-mac-address-randomization"/>target="I-D.ietf-madinas-mac-address-randomization" format="default"/> have been pursued.</t> <t>Note that it is often attractive to try to create a pseudonym from a persistent identifier. This can be very difficult to do correctly in a way that does not allow for recovering the persistent identifiers.</t> <t>Example: A common practice inWebweb tracking is to“encrypt”"encrypt" email addresses by hashing them, thus allegedly making them“non-personally identifying”."non-personally identifying". However, because hash functions are public operations, it is possible to do a dictionary search for candidate email addresses and recover the original address <xreftarget="email-hashing"/>.</t>target="Email-hashing" format="default"/>.</t> </section> <section anchor="unlinkability"title="Unlinkability">numbered="true" toc="default"> <name>Unlinkability</name> <t>Even true pseudonymous identifiers can present a privacy risk if they are used across a wide enough scope. User privacy is better preserved if identifiers have limited scope both in time and space.</t> <!-- [rfced] Section 4.15.2 - Does "before [RFC7844]" refer to A) before the writing of RFC 7844 or B) before DHCP? Original: Example: An example is Dynamic Host Configuration Protocol (DHCP) where sending a persistent identifier as the client name was not mandatory but, in practice, done by many implementations, before [RFC7844]. Perhaps A: Example: An example is the Dynamic Host Configuration Protocol (DHCP) where sending a persistent identifier as the client name was not mandatory but, in practice, done by many implementations before the writing of [RFC7844]. Perhaps B: Example: An example is the Dynamic Host Configuration Protocol (DHCP) where sending a persistent identifier as the client name was not mandatory but, in practice, done by many implementations before DHCP [RFC7844]. --> <t>Example: An example is the Dynamic Host Configuration Protocol (DHCP) where sending a persistent identifier as the client name was not mandatory but, in practice, done by many implementations, before <xreftarget="RFC7844"/>.</t>target="RFC7844" format="default"/>.</t> <t>Example:Third partyThird-party cookies in HTTP allow trackers to correlate HTTP traffic across sites. This is the foundation of a whole ecosystem ofWebweb tracking. Increasingly,Webweb browsers are restricting the use ofthird partythird-party cookies in order to protect user privacy.</t> </section> </section> <section anchor="censorship-resistance"title="Censorship resistance">numbered="true" toc="default"> <name>Censorship Resistance</name> <t>Question(s): Does your protocol architecture facilitate censorship? Does it include“choke points” which"choke points" that are easy to use for censorship? Does it expose identifierswhichthat can be used to selectively block certain kinds oftrafic?traffic? Could it be designed to be more censorship resistant? Does your protocol make it apparent or transparent when access to a resource is restricted andthe reasonswhy it is restricted?</t> <t>Explanation: Governments and service providers block or filter content or traffic, often without the knowledge ofend-users. <xref target="RFC7754"/> Seeend users <xreftarget="draft-irtf-pearg-censorship"/> fortarget="RFC7754" format="default"/>. For a survey of censorship techniques employed across the world, see <xref target="RFC9505" format="default"/>, which lays out protocol properties that have been exploited to censor access to information. Censorship resistance refers to the methods and measures to prevent Internet censorship.</t> <t>Example: The current design of the Web has a number of architectural choke points where it is possible for censors to intervene. These include obtaining the control of the domain name itself, DNS blockingateither at the protocol layer or at the resolver, IP address blocking, and blocking at theWebweb server. There has been extensive work on content distributionsystemssystems, which are intended to be more censorshipresistant,resistant; and some, such as BitTorrent, are in wideuse, butuse. However, these systems may have inferior reliability and performance compared to the Web (e.g., they do not support active content on the server).</t> <t>Example: Identifiers of content exposed within a protocol might be used to facilitate censorship by allowing the censor to determine which traffic to block. DNS queries, the“host”"host" request header in an HTTP request, and the Server Name Indication (SNI) in a Transport Layer Security (TLS) ClientHello are all examples of protocol elements that can travel in plaintext and be used by censors to identify what content a user is trying toaccess.access <xreftarget="draft-irtf-pearg-censorship"/>.target="RFC9505" format="default"/>. Protocol mechanisms such as EncryptedClient HelloClientHello <xreftarget="I-D.ietf-tls-esni"/>target="I-D.ietf-tls-esni" format="default"/> or DNS over HTTPS <xreftarget="RFC8484"/>target="RFC8484" format="default"/> that encrypt metadata provide some level of resistance to this type of protocol inspection. Full traffic encryptionsystemssystems, such as Tor[https://torproject.org]<eref target="https://torproject.org" brackets="angle"/>, can also be used by people to access otherwise censored resources.</t> <t>Example: As noted above, one way to censorWebweb traffic is to require the server to block it or requireinternet service providersISPs to block requests to the server. In HTTP, denial or restriction of access can be made apparent by the use of status code 451, which allows server operators and intermediaries to operate with greater transparency in circumstances where issues of law or public policy affect their operation <xreftarget="RFC7725"/>.target="RFC7725" format="default"/>. If a protocol potentially enables censorship, protocol designers should strive towards creating error codes that capture different scenarios(blocked(e.g., blocked due to administrative policy, unavailable because of legal requirements, etc.) to minimize ambiguity forend-users.</t>end users.</t> <t>Impacts:</t><t><list style="symbols"> <t>Right<ul spacing="normal"> <li>Right to freedom ofexpression</t> <t>Rightexpression</li> <li>Right to politicalparticipation</t> <t>Rightparticipation</li> <li>Right to participate in cultural life, arts, andscience</t> <t>Rightscience</li> <li>Right to freedom of assembly andassociation</t> </list></t>association</li> </ul> </section> <section anchor="outcome-transparency"title="Outcome Transparency">numbered="true" toc="default"> <name>Outcome Transparency</name> <t>Question(s): Are the intended andforseenforeseen effects of your protocol documented and easily comprehensible?</t><t>Explanation:<!--[rfced] Section 4.17 - Should the questions in the Explanation be moved up to the Question(s) entry? Original: Question(s): Are the intended and forseen effects of your protocol documented and easily comprehensible? Explanation: Certain technical choices may have unintended consequences. Have you described the central use case(s) for your protocol with a clear description of expected behavior and how it may, or may not, impact other protocols, implementations, user expectations, or behavior? Have you reviewed other protocols that solve similar problems, or make use of similar mechanisms, to see if there are lessons that can be learnt from their use and misuse? --> <t>Explanation: Certain technical choices may have unintended consequences. Have you described the central use case(s) for your protocol with a clear description of expected behavior and how it may, or may not, impact other protocols, implementations, user expectations, or behavior? Have you reviewed other protocols that solve similar problems, or make use of similar mechanisms, to see if there are lessons that can be learned from their use and misuse?</t> <t>Example: Lack of authenticity may lead to lack of integrity and negativeexternalities,externalities; ofwhichwhich, spam is an example. Lack of data that could be used for billing and accounting can lead to so-called“free”"free" arrangementswhichthat obscure the actual costs and distribution of the costs, forexampleexample, the barter arrangements that are commonly used for Internetinterconnection;interconnection, and the commercial exploitation of personal data for targetedadvertisingadvertising, which is the most common funding model for the so-called“free”"free" services such as search engines and social networks. Unexpected outcomes might not betechnical,technical but rather architectural,socialsocial, or economic.ThereforeTherefore, it is of importance to document the intended outcomes and other possible outcomes that have been considered.</t> <t>Impacts:</t><t><list style="symbols"> <t>Right<ul spacing="normal"> <li>Right to freedom ofexpression</t> <t>Rightexpression</li> <li>Right toprivacy</t> <t>Rightprivacy</li> <li>Right to freedom of assembly andassociation</t> <t>Rightassociation</li> <li>Right to access toinformation</t> </list></t>information</li> </ul> </section> <section anchor="accessibility"title="Accessibility">numbered="true" toc="default"> <name>Accessibility</name> <!-- [rfced] Section 4.18 - Should there be a citation for "W3C Web Accessibility Initiative" in the following question? Current: Question(s): Is your protocol designed to provide an enabling environment for all? Have you looked at the W3C Web Accessibility Initiative for examples and guidance? --> <t>Question(s): Is your protocol designed to provide an enabling environment for all? Have you looked at the W3C Web Accessibility Initiative for examples and guidance?</t> <t>Explanation: Sometimes in the design of protocols, websites, web technologies, or web tools, barriers are created that exclude people from using the Web. The Internet should be designed to work for all people, whatever their hardware, software, language, culture, location, or physical or mental ability. When the Internet technologies meet this goal, it will be accessible to people with a diverse range of hearing, movement, sight, and cognitiveability.ability <xreftarget="W3CAccessibility"/></t>target="W3CAccessibility" format="default"/>.</t> <t>Example: The HTML protocol as defined in <xreftarget="HTML5"/>target="HTML" format="default"/> specifically requires that every image must have an alt attribute (with a few exceptions) to ensure images are accessible for peoplethatwho cannot themselves decipher non-text content in web pages.</t> <t>Another example is the work done in the AVT and AVTCOREworking groupsWorking Groups in the IETF that enables text conversation in multimedia, text telephony, wirelessmultimediamultimedia, and video communications for sign language andlip-readinglipreading (i.e., <xreftarget="RFC9071"/>).</t>target="RFC9071" format="default"/>).</t> <t>Impacts:</t><t><list style="symbols"> <t>Right<ul spacing="normal"> <li>Right tonon-discrimination</t> <t>Rightnon-discrimination</li> <li>Right to freedom of assembly andassociation</t> <t>Rightassociation</li> <li>Right toeducation</t> <t>Righteducation</li> <li>Right to politicalparticipation</t> </list></t>participation</li> </ul> </section> <section anchor="decentralization"title="Decentralization">numbered="true" toc="default"> <name>Decentralization</name> <t>Question(s): Can your protocol be implemented without a single point of control? If applicable, can your protocol be deployed in a federated manner? Does your protocol create additional centralized points of control?</t> <t>Explanation: Decentralization is one of the central technical concepts of the architecture of theInternet,Internet and is embraced as such by the IETF <xreftarget="RFC3935"/>.target="RFC3935" format="default"/>. It refers to the absence or minimization of centralized points of control, a feature that is assumed to make it easy for new users to join and new uses to unfold <xreftarget="Brown"/>.target="Ziewitz" format="default"/>. It also reduces issues surrounding single points offailure,failure and distributes the network such that it continues to function even if one or several nodes are disabled. With the commercialization of the Internet in the early 1990s, there has been a slow move away from decentralization, to the detriment of the technical benefits of having a decentralized Internet. For a more detailed discussion of this topic, please see <xreftarget="arkkoetal"/>.</t>target="I-D.arkko-iab-internet-consolidation" format="default"/>.</t> <t>Example: The bits traveling the Internet are increasingly susceptible to monitoring andcensorship,censorship from both governments andISPs,ISPs as well as third (malicious) parties. The ability to monitor and censor is further enabled by the increased centralization of the network that creates central infrastructure points that can be tapped into. The creation of peer-to-peer networks and the development of voice-over-IP protocols using peer-to-peer technology in combination withdistributed hash tableDistributed Hash Table (DHT) for scalability are examples of how protocols can preserve decentralization <xreftarget="Pouwelse"/>.</t>target="I-D.pouwelse-censorfree-scenarios" format="default"/>.</t> <t>Impacts:</t><t><list style="symbols"> <t>Right<ul spacing="normal"> <li>Right to freedom ofexpression</t> <t>Rightexpression</li> <li>Right to freedom of assembly andassociation</t> </list></t>association</li> </ul> </section> <section anchor="remedy"title="Remedy">numbered="true" toc="default"> <name>Remedy</name> <t>Question(s): Can your protocol facilitate a negatively impactedparty’sparty's right to remedy without disproportionately impacting otherparties’parties' human rights, especially their right to privacy?</t> <t>Explanation: Providing access to remedy by states and corporations is a part of the UN Guiding Principles on Business and Human Rights <xreftarget="UNGP"/>.target="UNGP" format="default"/>. Access to remedy may help victims of human rights violations in seekingjustice,justice or allow law enforcement agencies to identify a possible violator. However, current mechanisms in protocols that try to enable‘attribution’"attribution" to individuals impede the exercise of the right to privacy. The former UN Special Rapporteur for Freedom of Expression has also argued that anonymity is an inherent part of freedom of expression <xreftarget="Kaye"/>.target="Kaye" format="default"/>. Considering the potential adverse impact of attribution on the right to privacy and freedom of expression, enabling attribution on an individual level is most likely not consistent with human rights.</t> <t>Example: Adding personally identifiable information to data streams as a means to enable the human right to remedy might help in identifying a violator of human rights and provide access to remedy, but this woulddisproportionallydisproportionately affect all users right to privacy, anonymous expression, and association. Furthermore, there are some recent advances in enabling abuse detection in end-to-end encrypted messaging systems, which also carry some risk tousers’users' privacy <xreftarget="messenger-franking"/><xref target="hecate"/>.</t>target="Messenger-franking" format="default"/> <xref target="Hecate" format="default"/>.</t> <t>Impacts:</t><t><list style="symbols"> <t>Right<ul spacing="normal"> <li>Right toremedy</t> <t>Rightremedy</li> <li>Right tosecurity</t> <t>Rightsecurity</li> <li>Right toprivacy</t> </list></t>privacy</li> </ul> </section> <section anchor="misc-considerations"title="Misc. considerations">numbered="true" toc="default"> <name>Miscellaneous Considerations</name> <t>Question(s): Have you considered potential negative consequences (individual or societal) that your protocol or document might have?</t> <!--[rfced] Section 4.21 - May we update the following quoted text to better match the text in Section 4.2 of RFC 2026? Original: Similarly, publication of a specification an experimental document as part of the non-standards track would signal to the community that the document "may be intended for eventual standardization but [may] not yet [be] ready" for wide deployment. Perhaps: Similarly, publication of a specification as an experimental document not part of the Standards Track would signal to the community that the document "may not be intended to be an Internet Standard, or it may be intended for eventual standardization but not yet ready" for wide deployment [RFC2026]. --> <t>Explanation: Publication of a particular RFC under a certain status has consequences. Publication as an Internet Standard as part of the Standards Track may signal to implementers that the specification has a certain level of maturity, operational experience, and consensus. Similarly, publication of a specification as an experimental documentasnot part of thenon-standards trackStandards Track would signal to the community that the document“may"may be intended for eventual standardization but [may] not yet [be]ready”ready" for wide deployment. The extent of the deployment, and consequently its overall impact onend-users,end users, may depend on the document status presented in the RFC. See <xreftarget="BCP9"/>target="RFC2026" format="default"/> and updates to it for a fuller explanation.</t> </section> </section> <section anchor="document-status"title="Document Status">numbered="true" toc="default"> <name>Document Status</name> <t>ThisRGresearch group document lays out best practices and guidelines for human rights reviews of network protocols,architecturesarchitectures, and other Internet-Drafts and RFCs.</t> </section> <sectionanchor="acknowledgements" title="Acknowledgements"> <t>Thanks to:</t> <t><list style="symbols"> <t>Corinne Cath-Speth for work on <xref target="RFC8280"/>.</t> <t>Reese Enghardt, Joe Hall, Avri Doria, Joey Salazar, Corinne Cath-Speth, Farzaneh Badii, Sandra Braman, Colin Perkins, John Curran, Eliot Lear, Mallory Knodel, Brian Trammell, Jane Coffin, Eric Rescorla, Sofía Celi and the hrpc list for reviews and suggestions.</t> <t>Individuals who conducted human rights reviews for their work and feedback: Amelia Andersdotter, Shane Kerr, Beatrice Martini, Karan Saini, and Shivan Kaul Sahib.</t> </list></t> </section> <sectionanchor="security-considerations"title="Security Considerations">numbered="true" toc="default"> <name>Security Considerations</name> <t>Article three of theUniversal"Universal Declaration of HumanRightsRights" reads:“Everyone"Everyone has the right to life, liberty and security ofperson.”.person" <xref target="UDHR" format="default"/>. This article underlines the importance of security and its interrelation with human life andliberty,liberty; but since human rights are indivisible,interrelatedinterrelated, and interdependent, security is also closely linked to other human rights and freedoms. This document seeks to strengthen human rights, freedoms, and security by relating and translating these concepts to concepts and practices as they are used in Internet protocol and architecture development. The aim of this is to secure human rights and thereby improve the sustainability, usability, and effectiveness of the network. The document seeks to achieve this by providing guidelines as done insection three<xref target="conducting-human-rights-reviews" format="default"/> of this document.</t> </section> <section anchor="iana-considerations"title="IANA Considerations">numbered="true" toc="default"> <name>IANA Considerations</name> <t>This document has noactions for IANA.</t>IANA actions.</t> </section> <section anchor="research-group-information"title="Researchnumbered="true" toc="default"> <name>Research GroupInformation">Information</name> <t>The discussion list for the IRTF Human Rights Protocol Considerations Research Group is located at the e-mailaddressaddress: <ereftarget="mailto:hrpc@ietf.org">hrpc@ietf.org</eref>. Informationtarget="mailto:hrpc@ietf.org" brackets="angle"/>.</t> <t>Information on the group and information on how to subscribe to the list isatat: <ereftarget="https://www.irtf.org/mailman/listinfo/hrpc">https://www.irtf.org/mailman/listinfo/hrpc</eref></t>target="https://www.irtf.org/mailman/listinfo/hrpc" brackets="angle"/>.</t> <t>Archives of the list can be found at: <ereftarget="https://www.irtf.org/mail-archive/web/hrpc/current/index.html">https://www.irtf.org/mail-archive/web/hrpc/current/index.html</eref></t>target="https://mailarchive.ietf.org/arch/browse/hrpc/" brackets="angle"/>.</t> </section> </middle> <back><references title='Informative References'> <reference anchor='RFC0793' target='https://www.rfc-editor.org/info/rfc793'> <front> <title>Transmission Control Protocol</title> <author fullname='J. Postel' initials='J.' surname='Postel'/> <date month='September' year='1981'/> </front> <seriesInfo name='RFC' value='793'/> <seriesInfo name='DOI' value='10.17487/RFC0793'/> </reference> <reference anchor='RFC1035' target='https://www.rfc-editor.org/info/rfc1035'> <front> <title>Domain names - implementation and specification</title> <author fullname='P. Mockapetris' initials='P.' surname='Mockapetris'/> <date month='November' year='1987'/> <abstract> <t>This RFC is the revised specification of the protocol and format used<displayreference target="I-D.pouwelse-censorfree-scenarios" to="Pouwelse"/> <displayreference target="I-D.ietf-madinas-mac-address-randomization" to="MAC-ADDRESS-RANDOMIZATION"/> <displayreference target="I-D.arkko-iab-internet-consolidation" to="Arkko"/> <displayreference target="I-D.ietf-tls-esni" to="TLS-ESNI"/> <!-- [rfced] General Reference Queries a) The following references are not cited in theimplementation of the Domain Name System. It obsoletes RFC-883. This memo documents the details of the domain name client - server communication.</t> </abstract> </front> <seriesInfo name='STD' value='13'/> <seriesInfo name='RFC' value='1035'/> <seriesInfo name='DOI' value='10.17487/RFC1035'/> </reference> <reference anchor='RFC1958' target='https://www.rfc-editor.org/info/rfc1958'> <front> <title>Architectural Principles of the Internet</title> <author fullname='B. Carpenter' initials='B.' role='editor' surname='Carpenter'/> <date month='June' year='1996'/> <abstract> <t>The Internet and its architecture have grown in evolutionary fashion from modest beginnings, rather than from a Grand Plan. While this process of evolution is one of the main reasons for the technology's success, it nevertheless seems useful to record a snapshot of the current principles of the Internet architecture. This is intended for general guidance and general interest, and is in no way intended totext. Please let us know where they should bea formalcited orinvariant reference model. This memo provides information forif these references should be deleted from theInternet community. This memo does not specifyInformative References section. [geekfeminism] [RFC6235] [RFC9458] b) [Orwat] (was [Bless]) We located anInternet standard of any kind.</t> </abstract> </front> <seriesInfo name='RFC' value='1958'/> <seriesInfo name='DOI' value='10.17487/RFC1958'/> </reference> <reference anchor='RFC1984' target='https://www.rfc-editor.org/info/rfc1984'> <front> <title>IAB and IESG Statement on Cryptographic Technology and the Internet</title> <author> <organization abbrev='IAB'>Internet Architecture Board</organization> </author> <author> <organization abbrev='IESG'>Internet Engineering Steering Group</organization> </author> <date month='August' year='1996'/> <abstract> <t>The Internet Architecture Board (IAB) and the Internet Engineering Steering Group (IESG), the bodies which oversee architecture and standards for the Internet, are concerned by the need for increased protection of international commercial transactions on the Internet, and by the neededitorial note submitted tooffer all Internet users an adequate degree of privacy. This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind.</t> </abstract> </front> <seriesInfo name='BCP' value='200'/> <seriesInfo name='RFC' value='1984'/> <seriesInfo name='DOI' value='10.17487/RFC1984'/> </reference> <reference anchor='RFC2026' target='https://www.rfc-editor.org/info/rfc2026'> <front> <title>The Internet Standards Process -- Revision 3</title> <author fullname='S. Bradner' initials='S.' surname='Bradner'/> <date month='October' year='1996'/> <abstract> <t>This memo documents the process usedComputer Communication Review bythe Internet community for the standardization of protocolsOrwat andprocedures. It defines the stages in the standardization process, the requirements for moving a document between stages and the types of documents used during this process. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t> </abstract> </front> <seriesInfo name='BCP' value='9'/> <seriesInfo name='RFC' value='2026'/> <seriesInfo name='DOI' value='10.17487/RFC2026'/> </reference> <reference anchor='RFC2277' target='https://www.rfc-editor.org/info/rfc2277'> <front> <title>IETF Policy on Character Sets and Languages</title> <author fullname='H. Alvestrand' initials='H.' surname='Alvestrand'/> <date month='January' year='1998'/> <abstract> <t>This document is the current policies being applied by the Internet Engineering Steering Group (IESG) towards the standardization effortsBless in April 2016 <https://www.sigcomm.org/sites/default/files/ccr/papers/2016/April/0000000-0000003.pdf> that contains theInternet Engineering Task Force (IETF)direct quote inorder to help Internet protocols fulfill these requirements. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussionSection 2 andsuggestions for improvements.</t> </abstract> </front> <seriesInfo name='BCP' value='18'/> <seriesInfo name='RFC' value='2277'/> <seriesInfo name='DOI' value='10.17487/RFC2277'/> </reference> <reference anchor='RFC3365' target='https://www.rfc-editor.org/info/rfc3365'> <front> <title>Strong Security Requirements for Internet Engineering Task Force Standard Protocols</title> <author fullname='J. Schiller' initials='J.' surname='Schiller'/> <date month='August' year='2002'/> </front> <seriesInfo name='BCP' value='61'/> <seriesInfo name='RFC' value='3365'/> <seriesInfo name='DOI' value='10.17487/RFC3365'/> </reference> <reference anchor='RFC3724' target='https://www.rfc-editor.org/info/rfc3724'> <front> <title>The Rise ofwas published in May 2016. We have updated theMiddlereference accordingly. Please let us know if any updates are necessary. Original: [Bless] Bless, R. and C. Orwat, "Values and Networks", 2015. Current: [Orwat] Orwat, C. and R. Bless, "Values and Networks - Steps Toward Exploring their Relationships", ACM SIGCOMM Computer Communication Review, vol. 46, no. 2, pp 25-31, DOI 10.1145/2935634.2935640, May 2016, <https://doi.org/10.1145/2935634.2935640>. c) [HTML5] FYI, theFuture of End-to-End: Reflections on the Evolution of the Internet Architecture</title> <author fullname='J. Kempf' initials='J.' role='editor' surname='Kempf'/> <author fullname='R. Austein' initials='R.' role='editor' surname='Austein'/> <author> <organization abbrev='IAB'>Internet Architecture Board</organization> </author> <date month='March' year='2004'/> <abstract> <t>The end-to-end principleHTML specification is now under thecore architectural guidelinemanagement of theInternet. In this document,Web Hypertext Application Technology Working Group (WHATWG). Please see: <https://www.w3.org/news/2019/w3c-and-the-whatwg-have-just-signed-an-agreement-to-collaborate-on-the-development-of-a-single-version-of-the-html-and-dom-specifications/> Therefore, webriefly examinehave updated thedevelopment ofreference as follows. Original: [HTML5] W3C, "HTML5", 2014, <https://www.w3.org/TR/html5/>. Current: [HTML] WHATWG, "HTML Living Standard", April 2024, <https://html.spec.whatwg.org/multipage/>. d) [Hecate] We have found theend-to-end principlefollowing published asit has been applieda USENIX Security paper. Would you like to update theInternet architecture over the years. We discuss current trendsreference as follows? Original: [hecate] Issa, R., Alhaddad, N., and M. Varia, "Hecate, Abuse Reporting inthe evolution of the Internet architectureSecure Messengers with Sealed Sender", 2022, <https://eprint.iacr.org/2021/1686>. Perhaps: [Hecate] Issa, R., Alhaddad, N., and M. Varia, "Hecate, Abuse Reporting inrelation to the end-to-end principle, and try to draw some conclusion about the evolution ofSecure Messengers with Sealed Sender", 31st USENIX Security Symposium (USENIX Security 22), pp 2335-2352, August 2022, <https://www.usenix.org/conference/usenixsecurity22/ presentation/issa>. e) [FIArch] Since theend-to-end principle, and thus forsite "www.future-internet.eu" is not reachable, may we update the reference as follows? Original: [FIArch] "Future Internetarchitecture which it supports, in light of these current trends. This memo provides informationDesign Principles", January 2012, <http://www.future-internet.eu/uploads/media/ FIArch_Design_Principles_V1.0.pdf>. Perhaps: [FIArch] Papadimitriou, D., Zahariadis, T., Martinez-Julia, P., Papafili, I., Morreale, V., Torelli, F., Sales, B., and P. Demeester, "Design Principles for the Future Internetcommunity.</t> </abstract> </front> <seriesInfo name='RFC' value='3724'/> <seriesInfo name='DOI' value='10.17487/RFC3724'/> </reference> <reference anchor='RFC3935' target='https://www.rfc-editor.org/info/rfc3935'> <front> <title>A Mission Statement for the IETF</title> <author fullname='H. Alvestrand' initials='H.' surname='Alvestrand'/> <date month='October' year='2004'/> <abstract> <t>This memo gives a mission statement for the IETF, tries to define the terms used in the statement sufficiently to make the mission statement understandable and useful, argues whyArchitecture", The Future Internet, pp. 55-67, DOI 10.1007/978-3-642-30241-1_6, January 2012, <https://link.springer.com/chapter/10.1007/978-3-642-30241-1_6>. --> <!-- [rfced] Obsoleted References a) RFC 0793 has been obsoleted by RFC 9293. We have replaced RFC 0793 with RFC 9293. Please let us know any objections. Original: Example: In theIETF needsmodern IP stack structure, amission statement, and tries to capture some of the debate that led to this point. This document specifiesreliable transport layer requires anInternet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t> </abstract> </front> <seriesInfo name='BCP' value='95'/> <seriesInfo name='RFC' value='3935'/> <seriesInfo name='DOI' value='10.17487/RFC3935'/> </reference> <reference anchor='RFC8179' target='https://www.rfc-editor.org/info/rfc8179'> <front> <title>Intellectual Property Rights in IETF Technology</title> <author fullname='S. Bradner' initials='S.' surname='Bradner'/> <author fullname='J. Contreras' initials='J.' surname='Contreras'/> <date month='May' year='2017'/> <abstract> <t>The IETF policies about Intellectual Property Rights (IPR),indication that transport processing has successfully completed, such aspatent rights, relative to technologies developed ingiven by TCP's ACK message [RFC0793]. Current: Example: In theIETF are designed to ensure that IETF working groups and participants have as much information as possible about any IPR constraints onmodern IP stack structure, atechnical proposal as early as possible in the development process. The policies are intended to benefit the Internet community and the public at large, while respecting the legitimate rights of IPR holders. This document sets out the IETF policies concerning IPR related to technology worked on within the IETF. It also describes the objectivesreliable transport layer requires an indication thatthe policies are designed to meet. This document updatestransport processing has successfully completed, such as given by TCP's ACK message [RFC9293]. b) RFC2026 and, with4941 has been obsoleted by RFC5378, replaces Section 10 of8981. We have replaced RFC2026. This document also obsoletes RFCs 3979 and 4879.</t> </abstract> </front> <seriesInfo name='BCP' value='79'/> <seriesInfo name='RFC' value='8179'/> <seriesInfo name='DOI' value='10.17487/RFC8179'/> </reference> <reference anchor='RFC4033' target='https://www.rfc-editor.org/info/rfc4033'> <front> <title>DNS Security Introduction and Requirements</title> <author fullname='R. Arends' initials='R.' surname='Arends'/> <author fullname='R. Austein' initials='R.' surname='Austein'/> <author fullname='M. Larson' initials='M.' surname='Larson'/> <author fullname='D. Massey' initials='D.' surname='Massey'/> <author fullname='S. Rose' initials='S.' surname='Rose'/> <date month='March' year='2005'/> <abstract> <t>The Domain Name System Security Extensions (DNSSEC) add data origin authentication and data integrity to the Domain Name System. This document introduces these extensions and describes their capabilities and limitations.4941 with RFC 8981. Please let us know any objections. Original: Thisdocument also discusses the services that the DNS security extensions do and do not provide. Last, this document describes the interrelationships between the documents that collectively describe DNSSEC. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name='RFC' value='4033'/> <seriesInfo name='DOI' value='10.17487/RFC4033'/> </reference> <reference anchor='RFC4101' target='https://www.rfc-editor.org/info/rfc4101'> <front> <title>Writing Protocol Models</title> <author fullname='E. Rescorla' initials='E.' surname='Rescorla'/> <author> <organization abbrev='IAB'>Internet Architecture Board</organization> </author> <date month='June' year='2005'/> <abstract> <t>The IETF process depends on peer review. However, IETF documents are generally written to be useful for implementors, not reviewers. In particular, while great careisgenerally taken to provide a complete description of the state machines and bits on the wire, this level of detail tends to get in the way of initial understanding. This document describes an approach for providing protocol "models" that allow reviewers to quickly grasp the essence of a system. This memo provides information for the Internet community.</t> </abstract> </front> <seriesInfo name='RFC' value='4101'/> <seriesInfo name='DOI' value='10.17487/RFC4101'/> </reference> <reference anchor='RFC4941' target='https://www.rfc-editor.org/info/rfc4941'> <front> <title>Privacywhy standardization efforts like Privacy Extensions for Stateless Address Autoconfiguration inIPv6</title> <author fullname='T. Narten' initials='T.' surname='Narten'/> <author fullname='R. Draves' initials='R.' surname='Draves'/> <author fullname='S. Krishnan' initials='S.' surname='Krishnan'/> <date month='September' year='2007'/> <abstract> <t>Nodes useIPv6stateless address autoconfiguration to generate addresses using a combination of locally available information[RFC4941] andinformation advertised by routers. Addresses are formed by combining network prefixes with an interface identifier. On an interface that contains an embedded IEEE Identifier, the interface identifier is typically derived from it. On other interface types, the interface identifierMAC address randomization [draft-zuniga-mac-address-randomization] have been pursued. Current: This isgenerated through other means,why standardization efforts like "Temporary Address Extensions forexample, via random number generation.Stateless Address Autoconfiguration in IPv6" [RFC8981] and MAC address randomization [MAC-ADDRESS-RANDOMIZATION] have been pursued. c) [Patent-policy] Thisdocument describes an extensionreference has been deprecated by a 2020 version. Please let us know if you want toIPv6 stateless address autoconfiguration for interfaces whose interface identifier is derived from an IEEE identifier. Use of the extension causes nodespoint togenerate global scope addresses from interface identifiers that change over time, even in cases wheretheinterfacecurrent policy. Current: [Patent-policy] Weitzner, D., "W3C Patent Policy", W3C Recommendation, February 2004, <https://www.w3.org/Consortium/Patent-Policy-20040205/>. Latest version available at <https://www.w3.org/policies/patent-policy/>. --> <!-- [rfced] BCP References a) [BCP72] Please note that BCP 72 containsan embedded IEEE identifier. Changingtheinterface identifier (and the global scope addresses generated from it) over time makes it more difficultfollowing instead? Original: [BCP72] IETF, "Guidelines foreavesdroppers and other information collectors to identify when different addresses used in different transactions actually correspond to the same node. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name='RFC' value='4941'/> <seriesInfo name='DOI' value='10.17487/RFC4941'/> </reference> <reference anchor='RFC4949' target='https://www.rfc-editor.org/info/rfc4949'> <front> <title>InternetWriting RFC Text on SecurityGlossary, Version 2</title> <author fullname='R. Shirey' initials='R.' surname='Shirey'/> <date month='August' year='2007'/> <abstract> <t>This Glossary provides definitions, abbreviations, and explanations of terminology for information system security. The 334 pages of entries offer recommendations to improveConsiderations", 2003, <https://datatracker.ietf.org/doc/bcp72/>. Current: [BCP72] Best Current Practice 72, <https://www.rfc-editor.org/info/bcp72>. At thecomprehensibilitytime ofwritten material that is generated in the Internet Standards Process (RFC 2026). The recommendations follow the principles that such writing should (a) use the same term or definition wheneverwriting, this BCP comprises thesame concept is mentioned; (b) use terms in their plainest, dictionary sense; (c) use terms that are already well-established in open publications;following: Rescorla, E. and(d) avoid terms that either favor a particular vendor or favor a particular technology or mechanism over other, competing techniques that already exist or could be developed. This memo provides informationB. Korver, "Guidelines forthe Internet community.</t> </abstract> </front> <seriesInfo name='FYI' value='36'/> <seriesInfo name='RFC' value='4949'/> <seriesInfo name='DOI' value='10.17487/RFC4949'/> </reference> <reference anchor='RFC5321' target='https://www.rfc-editor.org/info/rfc5321'> <front> <title>Simple Mail Transfer Protocol</title> <author fullname='J. Klensin' initials='J.' surname='Klensin'/> <date month='October' year='2008'/> <abstract> <t>This document is a specification of the basic protocolWriting RFC Text on Security Considerations", BCP 72, RFC 3552, DOI 10.17487/RFC3552, July 2003, <https://www.rfc-editor.org/info/rfc3552>. Gont, F. and I. Arce, "Security Considerations forInternet electronic mail transport. It consolidates, updates, and clarifies several previous documents, making all or parts of most of them obsolete. It covers the SMTP extension mechanismsTransient Numeric Identifiers Employed in Network Protocols", BCP 72, RFC 9416, DOI 10.17487/RFC9416, July 2023, <https://www.rfc-editor.org/info/rfc9416>. Perhaps: [RFC3552] Rescorla, E. andbest practicesB. Korver, "Guidelines forthe contemporary Internet, but does not provide details about particular extensions. Although SMTP was designed as a mail transport and delivery protocol, this specification also contains information thatWriting RFC Text on Security Considerations", BCP 72, RFC 3552, DOI 10.17487/RFC3552, July 2003, <https://www.rfc-editor.org/info/rfc3552>. b) FYI, because RFC 2026 isimportant to its use asa"mail submission" protocol for "split-UA" (User Agent) mail reading systems and mobile environments. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name='RFC' value='5321'/> <seriesInfo name='DOI' value='10.17487/RFC5321'/> </reference> <reference anchor='RFC5646' target='https://www.rfc-editor.org/info/rfc5646'> <front> <title>Tags for Identifying Languages</title> <author fullname='A. Phillips' initials='A.' role='editor' surname='Phillips'/> <author fullname='M. Davis' initials='M.' role='editor' surname='Davis'/> <date month='September' year='2009'/> <abstract> <t>This document describes the structure, content, construction, and semanticsmember oflanguage tags for use in cases where it is desirable to indicateBCP 9, we have combined thelanguage used in an information object. It also describes howreferences [BCP9] and [RFC2026] into just RFC 2026. Note that this updates one in-text reference from [BCP9] toregister values for use in language tags[RFC2026]. Please let us know any objections. Original: [BCP9] Bradner, S. andthe creation of user-defined extensions for private interchange. This document specifies anIETF, "The InternetBest Current Practices for theStandards Process - Revision 3", 1996, <https://datatracker.ietf.org/doc/rfc2026/>. [RFC2026] Bradner, S., "The InternetCommunity, and requests discussion and suggestions for improvements.</t> </abstract> </front> <seriesInfo name='BCP' value='47'/> <seriesInfo name='RFC' value='5646'/> <seriesInfo name='DOI' value='10.17487/RFC5646'/> </reference> <reference anchor='RFC6108' target='https://www.rfc-editor.org/info/rfc6108'> <front> <title>Comcast's Web Notification System Design</title> <author fullname='C. Chung' initials='C.' surname='Chung'/> <author fullname='A. Kasyanov' initials='A.' surname='Kasyanov'/> <author fullname='J. Livingood' initials='J.' surname='Livingood'/> <author fullname='N. Mody' initials='N.' surname='Mody'/> <author fullname='B. Van Lieu' initials='B.' surname='Van Lieu'/> <date month='February' year='2011'/> <abstract> <t>The objective of this document is to describe a method of providing critical end-user notifications to web browsers, which has been deployed by Comcast, anStandards Process - Revision 3", BCP 9, RFC 2026, DOI 10.17487/RFC2026, October 1996, <https://www.rfc-editor.org/info/rfc2026>. Current: [RFC2026] Bradner, S., "The InternetService Provider (ISP). Such a notification system is being used to provide near-immediate notifications to customers, such as to warn them that their traffic exhibits patterns that are indicativeStandards Process - Revision 3", BCP 9, RFC 2026, DOI 10.17487/RFC2026, October 1996, <https://www.rfc-editor.org/info/rfc2026>. --> <!-- [rfced] Updated Reference URLs - Please review each updated reference and let us know ofmalwareany objections orvirus infection. Thereif any further updates areother proprietary systems that can perform such notifications, but those systems utilize Deep Packet Inspection (DPI) technology. In contrast to DPI, this document describes a system that does not rely upon DPI, and is instead based in open IETF standards and open source applications. This document is not an Internet Standards Track specification; it is published for informational purposes.</t> </abstract> </front> <seriesInfo name='RFC' value='6108'/> <seriesInfo name='DOI' value='10.17487/RFC6108'/> </reference> <reference anchor='RFC6235' target='https://www.rfc-editor.org/info/rfc6235'> <front> <title>IP Flow Anonymization Support</title> <author fullname='E. Boschi' initials='E.' surname='Boschi'/> <author fullname='B. Trammell' initials='B.' surname='Trammell'/> <date month='May' year='2011'/> <abstract> <t>This document describes anonymization techniques for IP flow data andnecessary. a) [ICCPR] FYI, theexport of anonymized data usingoriginal URL redirects. We have updated theIP Flow Information Export (IPFIX) protocol. It categorizes common anonymization schemes and definesreference accordingly, including theparameters neededdate todescribe them. It provides guidelines formatch when theimplementation of anonymized data export and storage over IPFIX,covenant was adopted. Original: [ICCPR] United Nations General Assembly, "International Covenant on Civil anddescribes an information modelPolitical Rights", 1976, <http://www.ohchr.org/EN/ProfessionalInterest/Pages/ CCPR.aspx>. Current: [ICCPR] United Nations General Assembly, "International Covenant on Civil andOptions- based method for anonymization metadata export within the IPFIX protocol or storage in IPFIX Files. This document defines an Experimental Protocol for the Internet community.</t> </abstract> </front> <seriesInfo name='RFC' value='6235'/> <seriesInfo name='DOI' value='10.17487/RFC6235'/> </reference> <reference anchor='RFC6365' target='https://www.rfc-editor.org/info/rfc6365'> <front> <title>Terminology Used in Internationalization in the IETF</title> <author fullname='P. Hoffman' initials='P.' surname='Hoffman'/> <author fullname='J. Klensin' initials='J.' surname='Klensin'/> <date month='September' year='2011'/> <abstract> <t>This document provides a list of terms used in the IETF when discussing internationalization.Political Rights", 1966, <https://www.ohchr.org/en/instruments- mechanisms/instruments/international-covenant-civil-and- political-rights>. b) [IRP] Thepurpose is to help frame discussions of internationalization in the various areas of the IETF and to help introduce the main concepts to IETF participants. This memo documents anoriginal URL returned a 404 error. We updated it as follows. Original: [IRP] InternetBest Current Practice.</t> </abstract> </front> <seriesInfo name='BCP' value='166'/> <seriesInfo name='RFC' value='6365'/> <seriesInfo name='DOI' value='10.17487/RFC6365'/> </reference> <reference anchor='RFC6701' target='https://www.rfc-editor.org/info/rfc6701'> <front> <title>Sanctions Available for Application to Violators of IETF IPR Policy</title> <author fullname='A. Farrel' initials='A.' surname='Farrel'/> <author fullname='P. Resnick' initials='P.' surname='Resnick'/> <date month='August' year='2012'/> <abstract> <t>The IETF has developed and documented policies that govern the behavior of all IETF participants with respect to Intellectual PropertyRights(IPR) about which they might reasonably be aware.</t> <t>The IETF takes conformance to these IPR policies very seriously. However, there has been some ambiguity as to what the appropriate sanctions are for the violation of these policies, and how and by whom those sanctions are to be applied.</t> <t>This document discusses these issuesandprovides a suite of potential actions that can be taken within the IETF community in cases related to patents. This document is not anPrinciples Dynamic Coalition, "10 InternetStandards Track specification; it is published for informational purposes.</t> </abstract> </front> <seriesInfo name='RFC' value='6701'/> <seriesInfo name='DOI' value='10.17487/RFC6701'/> </reference> <reference anchor='RFC6973' target='https://www.rfc-editor.org/info/rfc6973'> <front> <title>Privacy Considerations forRights & Principles", 2014, <http://internetrightsandprinciples.org/site/wp- content/uploads/2014/06/ IRPC_10RightsandPrinciples_28May2014-11.pdf>. Current: [IRP] InternetProtocols</title> <author fullname='A. Cooper' initials='A.' surname='Cooper'/> <author fullname='H. Tschofenig' initials='H.' surname='Tschofenig'/> <author fullname='B. Aboba' initials='B.' surname='Aboba'/> <author fullname='J. Peterson' initials='J.' surname='Peterson'/> <author fullname='J. Morris' initials='J.' surname='Morris'/> <author fullname='M. Hansen' initials='M.' surname='Hansen'/> <author fullname='R. Smith' initials='R.' surname='Smith'/> <date month='July' year='2013'/> <abstract> <t>This document offers guidance for developing privacy considerations for inclusion in protocol specifications. It aims to make designers, implementers,Rights andusers ofPrinciples Dynamic Coalition, "10 Internetprotocols aware of privacy-related design choices. It suggests that whether any individual RFC warrants a specific privacy considerations section will depend on the document's content.</t> </abstract> </front> <seriesInfo name='RFC' value='6973'/> <seriesInfo name='DOI' value='10.17487/RFC6973'/> </reference> <reference anchor='RFC7258' target='https://www.rfc-editor.org/info/rfc7258'> <front> <title>Pervasive Monitoring Is an Attack</title> <author fullname='S. Farrell' initials='S.' surname='Farrell'/> <author fullname='H. Tschofenig' initials='H.' surname='Tschofenig'/> <date month='May' year='2014'/> <abstract> <t>Pervasive monitoring is a technical attack that should be mitigated in the design of IETF protocols, where possible.</t> </abstract> </front> <seriesInfo name='BCP' value='188'/> <seriesInfo name='RFC' value='7258'/> <seriesInfo name='DOI' value='10.17487/RFC7258'/> </reference> <reference anchor='RFC7624' target='https://www.rfc-editor.org/info/rfc7624'> <front> <title>Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement</title> <author fullname='R. Barnes' initials='R.' surname='Barnes'/> <author fullname='B. Schneier' initials='B.' surname='Schneier'/> <author fullname='C. Jennings' initials='C.' surname='Jennings'/> <author fullname='T. Hardie' initials='T.' surname='Hardie'/> <author fullname='B. Trammell' initials='B.' surname='Trammell'/> <author fullname='C. Huitema' initials='C.' surname='Huitema'/> <author fullname='D. Borkmann' initials='D.' surname='Borkmann'/> <date month='August' year='2015'/> <abstract> <t>SinceRights & Principles", <https://internetrightsandprinciples.org/campaign/>. c) [ICESCR] FYI, theinitial revelations of pervasive surveillance in 2013, several classes of attacks on Internet communications have been discovered. In this document, we develop a threat model that describes these attacks on Internet confidentiality.original URL redirects. Weassume an attacker that is interested in undetected, indiscriminate eavesdropping. The threat model is based on published, verified attacks.</t> </abstract> </front> <seriesInfo name='RFC' value='7624'/> <seriesInfo name='DOI' value='10.17487/RFC7624'/> </reference> <reference anchor='RFC7725' target='https://www.rfc-editor.org/info/rfc7725'> <front> <title>An HTTP Status Code to Report Legal Obstacles</title> <author fullname='T. Bray' initials='T.' surname='Bray'/> <date month='February' year='2016'/> <abstract> <t>This document specifies a Hypertext Transfer Protocol (HTTP) status code for use when resource access is denied as a consequence of legal demands.</t> </abstract> </front> <seriesInfo name='RFC' value='7725'/> <seriesInfo name='DOI' value='10.17487/RFC7725'/> </reference> <reference anchor='RFC7844' target='https://www.rfc-editor.org/info/rfc7844'> <front> <title>Anonymity Profiles for DHCP Clients</title> <author fullname='C. Huitema' initials='C.' surname='Huitema'/> <author fullname='T. Mrugalski' initials='T.' surname='Mrugalski'/> <author fullname='S. Krishnan' initials='S.' surname='Krishnan'/> <date month='May' year='2016'/> <abstract> <t>Some DHCP options carry unique identifiers. These identifiers can enable device tracking even if the device administrator takes care of randomizing other potential identifications like link-layer addresses or IPv6 addresses. The anonymity profiles are designed for clients that wish to remain anonymous tohave updated thevisited network. The profiles provide guidelinesreference accordingly. Original: [ICESCR] United Nations General Assembly, "International Covenant onthe composition of DHCP or DHCPv6 messages, designed to minimize disclosure of identifying information.</t> </abstract> </front> <seriesInfo name='RFC' value='7844'/> <seriesInfo name='DOI' value='10.17487/RFC7844'/> </reference> <reference anchor='RFC7858' target='https://www.rfc-editor.org/info/rfc7858'> <front> <title>Specification for DNS over Transport Layer Security (TLS)</title> <author fullname='Z. Hu' initials='Z.' surname='Hu'/> <author fullname='L. Zhu' initials='L.' surname='Zhu'/> <author fullname='J. Heidemann' initials='J.' surname='Heidemann'/> <author fullname='A. Mankin' initials='A.' surname='Mankin'/> <author fullname='D. Wessels' initials='D.' surname='Wessels'/> <author fullname='P. Hoffman' initials='P.' surname='Hoffman'/> <date month='May' year='2016'/> <abstract> <t>This document describes the use of Transport Layer Security (TLS) to provide privacy for DNS. Encryption provided by TLS eliminates opportunities for eavesdropping and on-path tampering with DNS queries in the network, such as discussed in RFC 7626. In addition, this document specifies two usage profiles for DNS over TLSEconomic, Social andprovides adviceCultural Rights", 1966, <http://www.ohchr.org/EN/ProfessionalInterest/Pages/ CESCR.aspx>. Current: [ICESCR] United Nations General Assembly, "International Covenant onperformance considerations to minimize overhead from using TCPEconomic, Social andTLS with DNS.</t> <t>This document focuses on securing stub-to-recursive traffic, as perCultural Rights", December 1966, <https://www.ohchr.org/en/instruments- mechanisms/instruments/international-covenant-economic- social-and-cultural-rights>. d) [UDHR] FYI, thecharter oforiginal URL redirects. We have updated theDPRIVE Working Group. It does not prevent future applicationsreference accordingly. Original: [UDHR] United Nations General Assembly, "The Universal Declaration ofthe protocol to recursive-to-authoritative traffic.</t> </abstract> </front> <seriesInfo name='RFC' value='7858'/> <seriesInfo name='DOI' value='10.17487/RFC7858'/> </reference> <reference anchor='RFC8280' target='https://www.rfc-editor.org/info/rfc8280'> <front> <title>Research intoHumanRights Protocol Considerations</title> <author fullname='N. ten Oever' initials='N.' surname='ten Oever'/> <author fullname='C. Cath' initials='C.' surname='Cath'/> <date month='October' year='2017'/> <abstract> <t>This document aims to propose guidelines for human rights considerations, similar to the work done on the guidelines for privacy considerations (RFC 6973). The other parts of this document explain the backgroundRights", 1948, <http://www.un.org/en/documents/udhr/>. Current: [UDHR] United Nations General Assembly, "Universal Declaration ofthe guidelines and how they were developed.</t> <t>This document is the first milestone in a longer-term research effort. It has been reviewed by theHumanRights Protocol Considerations (HRPC) Research Group and also by individuals from outside the research group.</t> </abstract> </front> <seriesInfo name='RFC' value='8280'/> <seriesInfo name='DOI' value='10.17487/RFC8280'/> </reference> <reference anchor='RFC8446' target='https://www.rfc-editor.org/info/rfc8446'> <front> <title>The Transport Layer Security (TLS) Protocol Version 1.3</title> <author fullname='E. Rescorla' initials='E.' surname='Rescorla'/> <date month='August' year='2018'/> <abstract> <t>This document specifies version 1.3Rights", December 1948, <https://www.un.org/en/ about-us/universal-declaration-of-human-rights>. e) [UNGP] For ease of theTransport Layer Security (TLS) protocol. TLS allows client/server applications to communicate overreader, we have updated theInternet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t> <t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirementsURL forTLS 1.2 implementations.</t> </abstract> </front> <seriesInfo name='RFC' value='8446'/> <seriesInfo name='DOI' value='10.17487/RFC8446'/> </reference> <reference anchor='RFC8484' target='https://www.rfc-editor.org/info/rfc8484'> <front> <title>DNS Queries over HTTPS (DoH)</title> <author fullname='P. Hoffman' initials='P.' surname='Hoffman'/> <author fullname='P. McManus' initials='P.' surname='McManus'/> <date month='October' year='2018'/> <abstract> <t>This document defines a protocol for sending DNS queries and getting DNS responses over HTTPS. Each DNS query-response pair is mapped into an HTTP exchange.</t> </abstract> </front> <seriesInfo name='RFC' value='8484'/> <seriesInfo name='DOI' value='10.17487/RFC8484'/> </reference> <reference anchor='RFC8980' target='https://www.rfc-editor.org/info/rfc8980'> <front> <title>Report from the IAB Workshop on Design Expectations vs. Deployment Reality in Protocol Development</title> <author fullname='J. Arkko' initials='J.' surname='Arkko'/> <author fullname='T. Hardie' initials='T.' surname='Hardie'/> <date month='February' year='2021'/> <abstract> <t>The Design Expectations vs. Deployment Reality in Protocol Development Workshop was convened by the Internet Architecture Board (IAB) in June 2019. This report summarizes the workshop's significant points of discussion and identifies topics that may warrant further consideration.</t> <t>Note thatthisdocument is a report onreference to point to theproceedingslanding page ofthe workshop. The views and positions documented inthisreport are those of the workshop participants and do not necessarily reflect IAB views and positions.</t> </abstract> </front> <seriesInfo name='RFC' value='8980'/> <seriesInfo name='DOI' value='10.17487/RFC8980'/> </reference> <reference anchor='RFC7754' target='https://www.rfc-editor.org/info/rfc7754'> <front> <title>Technical Considerations for Internet Service Blockingdocument andFiltering</title> <author fullname='R. Barnes' initials='R.' surname='Barnes'/> <author fullname='A. Cooper' initials='A.' surname='Cooper'/> <author fullname='O. Kolkman' initials='O.' surname='Kolkman'/> <author fullname='D. Thaler' initials='D.' surname='Thaler'/> <author fullname='E. Nordmark' initials='E.' surname='Nordmark'/> <date month='March' year='2016'/> <abstract> <t>The Internet is structured to be an open communications medium. This openness is one of the key underpinnings of Internet innovation, but it can also allow communications that may be viewed as undesirable by certain parties. Thus, as the Internet has grown, sohavemechanisms to limitupdated theextent and impact of abusive or objectionable communications. Recently, there has been an increasing emphasistitle accordingly. Original: [UNGP] United Nations, "United Nations Guiding Principles on"blocking"Business and"filtering", the active prevention of such communications. This document examines several technical approaches to Internet blockingHuman Rights", 2011, <https://www.ohchr.org/documents/publications/ guidingprinciplesbusinesshr_en.pdf>. Current: [UNGP] United Nations, "Guiding Principles on Business andfiltering in terms of their alignment with the overall Internet architecture. When it is possible to do so,Human Rights: Implementing theapproach to blockingUnited Nations 'Protect, Respect andfiltering that is most coherent with the Internet architecture is to inform endpoints about potentially undesirable services, so thatRemedy' Framework", January 2012, <https://www.ohchr.org/en/publications/reference- publications/guiding-principles-business-and-human- rights>. f) [UNHR] FYI, thecommunicants can avoid engaging in abusive or objectionable communications.original URL redirects. Weobserve that certain filtering and blocking approaches can cause unintended consequences to third parties, and we discuss the limits of efficacy of various approaches.</t> </abstract> </front> <seriesInfo name='RFC' value='7754'/> <seriesInfo name='DOI' value='10.17487/RFC7754'/> </reference> <reference anchor='RFC9000' target='https://www.rfc-editor.org/info/rfc9000'> <front> <title>QUIC: A UDP-Based Multiplexed and Secure Transport</title> <author fullname='J. Iyengar' initials='J.' role='editor' surname='Iyengar'/> <author fullname='M. Thomson' initials='M.' role='editor' surname='Thomson'/> <date month='May' year='2021'/> <abstract> <t>This document defines the core of the QUIC transport protocol. QUIC provides applications with flow-controlled streams for structured communication, low-latency connection establishment, and network path migration. QUIC includes security measures that ensure confidentiality, integrity, and availability in a range of deployment circumstances. Accompanying documents describehave updated theintegration of TLS for key negotiation, loss detection,reference accordingly. Original: [UNHR] United Nations, "The Core International Human Rights Instruments andan exemplary congestion control algorithm.</t> </abstract> </front> <seriesInfo name='RFC' value='9000'/> <seriesInfo name='DOI' value='10.17487/RFC9000'/> </reference> <reference anchor='RFC9071' target='https://www.rfc-editor.org/info/rfc9071'> <front> <title>RTP-Mixer Formatting of Multiparty Real-Time Text</title> <author fullname='G. Hellström' initials='G.' surname='Hellström'/> <date month='July' year='2021'/> <abstract> <t>This document provides enhancements of real-time text (as specified in RFC 4103) suitable for mixing in a centralized conference model, enabling source identificationtheir monitoring bodies", 2011, <https://www.ohchr.org/en/professionalinterest/pages/ coreinstruments.aspx>. Current: [UNHR] United Nations, "The Core International Human Rights Instruments andrapidly interleaved transmission of text from different sources.their monitoring bodies", <https://www.ohchr.org/en/core-international-human-rights- instruments-and-their-monitoring-bodies>. g) [UNHRC2016] Theintended use is for real-time text mixers and participant endpoints capable of providingoriginal URL returned anefficient presentation or other treatment of a multiparty real-time text session. The specified mechanism builds on the standard use of the Contributing Source (CSRC) list inerror. We have updated theReal-time Transport Protocol (RTP) packet for source identification. The method makes usereference as follows. Original: [UNHRC2016] United Nations Human Rights Council, "UN Human Rights Council Resolution "The promotion, protection and enjoyment of human rights on thesame "text/t140"Internet" (A/HRC/32/ L.20)", 2016, <https://documents-dds- ny.un.org/doc/UNDOC/LTD/G16/131/89/PDF/ G1613189.pdf?OpenElement>. Current: [UNHRC2016] United Nations Human Rights Council, "The promotion, protection and"text/red" formats as for two-party sessions.</t> <t>Solutions using multiple RTP streams inenjoyment of human rights on thesame RTP session are briefly mentioned, as they couldInternet", A/HRC/32/L.20, June 2016, <https://digitallibrary.un.org/record/845728?ln=en>. h) [Zittrain] FYI, we havesome benefits overupdated theRTP-mixer model. The RTP-mixer model was selected to be usedURL forthe fully specified solution inthisdocument because it can be appliedreference to point toa wide range of existing RTP implementations.</t> <t>A capability exchange is specified so that it can be verified that a mixer and a participant can handle the multiparty-coded real-time text stream using the RTP-mixer method. The capability is indicated bytheusedocument's landing page. Original: [Zittrain] Zittrain, J., "The Future ofa Session Description Protocol (SDP) (RFC 8866) media attribute, "rtt-mixer".</t> <t>This document updates RFC 4103 ("RTP Payload for Text Conversation").</t> <t>A specification for how a mixer can format text forthecase whenInternet - And How to Stop It", Yale University Press , 2008, <https://dash.harvard.edu/bitstream/handle/1/4455262/ Zittrain_Future%20of%20the%20Internet.pdf?sequence=1>. Current: [Zittrain] Zittrain, J., "The Future of theendpoint is not multiparty aware is also provided.</t> </abstract> </front> <seriesInfo name='RFC' value='9071'/> <seriesInfo name='DOI' value='10.17487/RFC9071'/> </reference>Internet and How to Stop It", Yale University Press, 2008, <https://dash.harvard.edu/handle/1/4455262>. --> <references> <name>Informative References</name> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9293.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.1035.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.1958.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.1984.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2026.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2277.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3365.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3724.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3935.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8179.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4033.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4101.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8981.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4949.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5321.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5646.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6108.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6235.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6365.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6701.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6973.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7258.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7624.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7725.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7844.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7858.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8280.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8446.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8484.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8980.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7754.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9000.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9071.xml"/> <reference anchor="UDHR"target="http://www.un.org/en/documents/udhr/">target="https://www.un.org/en/about-us/universal-declaration-of-human-rights"> <front><title>The Universal<title>Universal Declaration of Human Rights</title><author ><author> <organization>United Nations General Assembly</organization> </author> <date month="December" year="1948"/> </front> </reference> <referenceanchor="Bless" >anchor="Orwat"> <front> <title>Values andNetworks</title> <author initials="R." surname="Bless"> <organization></organization> </author>Networks: Steps Toward Exploring their Relationships</title> <author initials="C." surname="Orwat"><organization></organization><organization/> </author> <author initials="R." surname="Bless"> <organization/> </author> <dateyear="2015"/>month="May" year="2016"/> </front> <refcontent>ACM SIGCOMM Computer Communication Review, vol. 46, no. 2, pp 25-31</refcontent> <seriesInfo name="DOI" value="10.1145/2935634.2935640"/> </reference> <referenceanchor="Brown" >anchor="Ziewitz"> <front> <title>A Prehistory of Internet Governance</title> <authorinitials="I." surname="Brown"> <organization></organization> </author> <authorinitials="M." surname="Ziewitz"><organization></organization><organization/> </author> <author initials="I." surname="Brown"> <organization/> </author> <date month="April" year="2013"/> </front><seriesInfo name="Research<refcontent>Research Handbook on Governance of theInternet. Cheltenham,Internet, edited by Ian Brown. Cheltenham: EdwardElgar" value=""/>Elgar Publishing</refcontent> <seriesInfo name="DOI" value="10.4337/9781849805025.00008"/> </reference> <referenceanchor="notewell" target="https://www.ietf.org/about/note-well.html">anchor="Note-well" target="https://www.ietf.org/about/note-well/"> <front> <title>Note Well</title><author ><author> <organization>IETF</organization> </author><date year="2015"/></front> </reference> <reference anchor="IRP"target="http://internetrightsandprinciples.org/site/wp-content/uploads/2014/06/IRPC_10RightsandPrinciples_28May2014-11.pdf">target="https://internetrightsandprinciples.org/campaign/"> <front> <title>10 Internet Rights & Principles</title><author ><author> <organization>Internet Rights and Principles Dynamic Coalition</organization> </author><date year="2014"/></front> </reference> <reference anchor="ICCPR"target="http://www.ohchr.org/EN/ProfessionalInterest/Pages/CCPR.aspx">target="https://www.ohchr.org/en/instruments-mechanisms/instruments/international-covenant-civil-and-political-rights"> <front> <title>International Covenant on Civil and Political Rights</title><author ><author> <organization>United Nations General Assembly</organization> </author> <dateyear="1976"/>month="December" year="1966"/> </front> </reference> <referenceanchor="Saltzer" >anchor="Saltzer"> <front><title>End-to-End Arguments<title>End-to-end arguments inSystem Design</title>system design</title> <authorinitials="J.H."initials="J. H." surname="Saltzer"><organization></organization><organization/> </author> <authorinitials="D.P."initials="D. P." surname="Reed"><organization></organization><organization/> </author> <authorinitials="D.D."initials="D. D." surname="Clark"><organization></organization><organization/> </author> <date month="November" year="1984"/> </front><seriesInfo name="ACM TOCS, Vol<refcontent>ACM Transactions on Computer Systems, vol. 2,Numberno. 4,November 1984,pp277-288." value=""/>277-288</refcontent> <seriesInfo name="DOI" value="10.1145/357401.357402"/> </reference> <reference anchor="ICESCR"target="http://www.ohchr.org/EN/ProfessionalInterest/Pages/CESCR.aspx">target="https://www.ohchr.org/en/instruments-mechanisms/instruments/international-covenant-economic-social-and-cultural-rights"> <front> <title>International Covenant on Economic, Social and Cultural Rights</title><author ><author> <organization>United Nations General Assembly</organization> </author> <date month="December" year="1966"/> </front> </reference> <reference anchor="Penney"target="http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2769645">target="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2769645"> <front> <title>Chilling Effects: Online Surveillance and Wikipedia Use</title> <author initials="J." surname="Penney"><organization></organization><organization/> </author> <date month="September" year="2016"/> </front> <refcontent>Berkeley Technology Law Journal, vol. 31, no. 1, pp 117-182</refcontent> <seriesInfo name="DOI" value="10.15779/Z38SS13"/> </reference> <reference anchor="UNHRC2016"target="https://documents-dds-ny.un.org/doc/UNDOC/LTD/G16/131/89/PDF/G1613189.pdf?OpenElement">target="https://digitallibrary.un.org/record/845728?ln=en"> <front><title>UN Human Rights Council Resolution "The<title>The promotion, protection and enjoyment of human rights on theInternet" (A/HRC/32/L.20)</title> <author >Internet</title> <author> <organization>United Nations Human Rights Council</organization> </author> <date month="June" year="2016"/> </front> <refcontent>A/HRC/32/L.20</refcontent> </reference> <reference anchor="geekfeminism"target="http://geekfeminism.wikia.com/wiki/Pseudonymity">target="https://geekfeminism.fandom.com/wiki/Pseudonymity?oldid=30906"> <front> <title>Pseudonymity</title><author ><author> <organization>Geek Feminism Wiki</organization> </author> <date month="June" year="2015"/> </front> </reference> <reference anchor="W3Ci18nDef"target="http://www.w3.org/International/questions/qa-i18n.en">target="https://www.w3.org/International/questions/qa-i18n.en"> <front> <title>Localization vs. Internationalization</title> <author>initials="R" surname="Ishida"> <organization>W3C</organization> </author><date year="2010"/> </front> </reference> <reference anchor="BCP72" target="https://datatracker.ietf.org/doc/bcp72/"> <front> <title>Guidelines for Writing RFC Text on Security Considerations</title> <author > <organization>IETF</organization> </author> <date year="2003"/> </front> </reference> <reference anchor="BCP9" target="https://datatracker.ietf.org/doc/rfc2026/"> <front> <title>The Internet Standards Process -- Revision 3</title> <author initials="S." surname="Bradner"> <organization></organization> </author><author> <organization>IETF</organization>initials="S" surname="Miller"> <organization>Boeing</organization> </author> <dateyear="1996"/>month="December" year="2005"/> </front> </reference> <referencegroup anchor="BCP72" target="https://www.rfc-editor.org/info/bcp72"> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3552.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9416.xml"/> </referencegroup> <referenceanchor="patentpolicy"anchor="Patent-policy" target="https://www.w3.org/Consortium/Patent-Policy-20040205/"> <front> <title>W3C Patent Policy</title> <author>initials="D" surname="Weitzner"> <organization>W3C</organization> </author> <date month="February" year="2004"/> </front> <refcontent>W3C Recommendation</refcontent> <annotation>Latest version available at <eref target="https://www.w3.org/policies/patent-policy/" brackets="angle"/>.</annotation> </reference> <!-- [I-D.pouwelse-censorfree-scenarios] IESG state: Expired Long way used to include editor role for J. Pouwelse --> <referenceanchor="Pouwelse" target="https://tools.ietf.org/html/draft-pouwelse-censorfree-scenarios">anchor="I-D.pouwelse-censorfree-scenarios" target="https://datatracker.ietf.org/doc/html/draft-pouwelse-censorfree-scenarios-02"> <front> <title>Media withoutcensorship</title>censorship (CensorFree) scenarios</title> <author initials="J."surname="Pouwelse, Ed"> <organization></organization>surname="Pouwelse" fullname="Johan Pouwelse" role="editor"> <organization>Delft University of Technology</organization> </author> <date month="October" day="22" year="2012"/> </front> <seriesInfo name="Internet-Draft" value="draft-pouwelse-censorfree-scenarios-02"/> </reference> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9505.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9458.xml"/> <!-- [I-D.ietf-madinas-mac-address-randomization] IESG state: RFC Ed Queue Long way used to include editor role for CJ. Bernardos--> <referenceanchor="draft-irtf-pearg-censorship" target="https://tools.ietf.org/html/draft-irtf-pearg-censorship">anchor="I-D.ietf-madinas-mac-address-randomization" target="https://datatracker.ietf.org/doc/html/draft-ietf-madinas-mac-address-randomization-15"> <front><title>A Survey<title> Randomized and Changing MAC Address State ofWorldwide Censorship Techniques</title> <author initials="J." surname="Hall"> <organization></organization> </author> <author initials="M." surname="Aaron"> <organization></organization> </author>Affairs </title> <authorinitials="S." surname="Adams"> <organization></organization> </author> <author initials="B." surname="Jones"> <organization></organization> </author> <author initials="N." surname="Feamster"> <organization></organization> </author> <date year="2020"/> </front> </reference> <reference anchor="draft-ietf-ohai-ohttp" target="https://datatracker.ietf.org/doc/html/draft-ietf-ohai-ohttp"> <front> <title>Oblivious DNS Over HTTPS</title> <author initials="M." surname="Thomson"> <organization></organization> </author> <author initials="C.A." surname="Wood"> <organization></organization> </author> <date year="2023"/> </front> </reference> <reference anchor="draft-zuniga-mac-address-randomization" target="https://tools.ietf.org/html/draft-ietf-madinas-mac-address-randomization"> <front> <title>MAC address randomization</title> <author initials="J.C." surname="Zuniga"> <organization></organization> </author> <author initials="C.J." surname="Bernardos"> <organization></organization>initials="J. C." surname="Zúñiga" fullname="Juan-Carlos Zúñiga"> <organization>CISCO</organization> </author> <author initials="C. J." surname="Bernardos" fullname="Carlos J. Bernardos" role="editor"> <organization>Universidad Carlos III de Madrid</organization> </author> <author initials="A."surname="Andersdotter"> <organization></organization>surname="Andersdotter" fullname="Amelia Andersdotter"> <organization>Safespring AB</organization> </author> <dateyear="2020"/>month="July" day="15" year="2024"/> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-madinas-mac-address-randomization-15"/> </reference> <referenceanchor="HTML5" target="https://www.w3.org/TR/html5/">anchor="HTML" target="https://html.spec.whatwg.org/multipage/"> <front><title>HTML5</title> <author > <organization>W3C</organization><title>HTML Living Standard</title> <author> <organization>WHATWG</organization> </author> <dateyear="2014"/>month="August" year="2024"/> </front> </reference> <reference anchor="Zittrain"target="https://dash.harvard.edu/bitstream/handle/1/4455262/Zittrain_Future%20of%20the%20Internet.pdf?sequence=1">target="https://dash.harvard.edu/handle/1/4455262"> <front> <title>The Future of the Internet- Andand How to Stop It</title> <author initials="J." surname="Zittrain"><organization></organization><organization/> </author> <date year="2008"/> </front><seriesInfo name="Yale<refcontent>Yale UniversityPress" value=""/>Press</refcontent> </reference> <reference anchor="FIArch" target="http://www.future-internet.eu/uploads/media/FIArch_Design_Principles_V1.0.pdf"> <front> <title>Future Internet Design Principles</title><author > <organization></organization><author> <organization/> </author> <date year="2012" month="January"/> </front> </reference> <reference anchor="W3CAccessibility" target="https://www.w3.org/standards/webdesign/accessibility"> <front> <title>Accessibility</title><author ><author> <organization>W3C</organization> </author><date year="2015"/></front> </reference> <referenceanchor="newegg" target="http://arstechnica.com/tech-policy/2013/11/newegg-on-trial-mystery-company-tqp-re-writes-the-history-of-encryption/">anchor="Newegg" target="https://arstechnica.com/tech-policy/2013/11/newegg-on-trial-mystery-company-tqp-re-writes-the-history-of-encryption/"> <front> <title>Newegg on trial: Mystery company TQP rewrites the history of encryption</title> <author initials="J." surname="Mullin"><organization></organization><organization/> </author> <date month="November" year="2013"/> </front> <refcontent>Ars Technica</refcontent> </reference> <referenceanchor="Hill2014"anchor="Hill" target="http://www.apig.ch/UNIGE%20Catalog.pdf"> <front> <title>Partial Catalog of Human Rights Related to ICT Activities</title> <author initials="R." surname="Hill"><organization></organization><organization>Association for Proper Internet Governance (APIG)</organization> </author> <date month="May" year="2014"/> </front> </reference> <reference anchor="Kaye"target="https://www.ohchr.org/EN/HRbodies/HRC/RegularSessions/Session29/Documents/A.HRC.29.32_AEV.doc">target="https://digitallibrary.un.org/record/798709?v=pdf"> <front><title>The use<title>Report ofencryptionthe Special Rapporteur on the Promotion andanonymity in digital communications</title>Protection of the Right to Freedom of Opinion and Expression, David Kaye</title> <author initials="D." surname="Kaye"><organization></organization><organization/> </author> <date month="May" year="2015"/> </front> <refcontent>A/HRC/29/32</refcontent> </reference> <reference anchor="UNGP"target="https://www.ohchr.org/documents/publications/guidingprinciplesbusinesshr_en.pdf">target="https://www.ohchr.org/en/publications/reference-publications/guiding-principles-business-and-human-rights"> <front><title>United Nations Guiding<title>Guiding Principles on Business and HumanRights</title> <author >Rights: Implementing the United Nations 'Protect, Respect and Remedy' Framework</title> <author> <organization>United Nations</organization> </author> <dateyear="2011"/>year="2012" month="January"/> </front> </reference> <reference anchor="UNHR"target="https://www.ohchr.org/en/professionalinterest/pages/coreinstruments.aspx">target="https://www.ohchr.org/en/core-international-human-rights-instruments-and-their-monitoring-bodies"> <front> <title>The Core International Human Rights Instruments and their monitoring bodies</title><author ><author> <organization>United Nations</organization> </author><date year="2011"/></front> </reference> <reference anchor="HR-RT" target="https://github.com/IRTF-HRPC/reviews"> <front><title>Human Rights Reviews</title> <author > <organization></organization> </author> <date year="2022"/> </front> </reference> <reference anchor="arkkoetal" target="https://datatracker.ietf.org/doc/html/draft-arkko-iab-internet-consolidation-02"> <front> <title>Considerations on Internet Consolidation and the Internet Architecture</title> <author initials="J." surname="Arkko"> <organization></organization> </author> <author initials="B." surname="Trammell"> <organization></organization> </author> <author initials="M." surname="Notthingham"> <organization></organization> </author> <author initials="C." surname="Huitema"> <organization></organization> </author> <author initials="M." surname="Thomson"> <organization></organization> </author> <author initials="J." surname="Tantsure"> <organization></organization> </author> <author initials="N." surname="ten Oever"> <organization></organization><title>IRTF-HRPC / reviews</title> <author> <organization/> </author> <dateyear="2019"/>month="December" year="2020"/> </front> <refcontent>commit 3f5fbff</refcontent> </reference> <!-- [I-D.arkko-iab-internet-consolidation] IESG state: Expired --> <xi:include href="https://datatracker.ietf.org/doc/bibxml3/draft-arkko-iab-internet-consolidation.xml"/> <reference anchor="FREAK" target="https://web.archive.org/web/20150304002021/https://freakattack.com/"> <front> <title>Tracking the FREAK Attack</title><author > <organization></organization><author> <organization>University of Michigan</organization> </author> <date month="March" year="2015"/> </front> <refcontent>Wayback Machine archive</refcontent> </reference> <referenceanchor="Logjam" target="https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf">anchor="Logjam"> <front> <title>Imperfect ForwardSecrecy,Secrecy: How Diffie-Hellman Fails in Practice</title> <author initials="D." surname="Adrian"><organization></organization><organization/> </author> <author initials="K." surname="Bhargavan"><organization></organization><organization/> </author> <author initials="Z." surname="Durumeric"> <organization/> </author> <author initials="P." surname="Gaudry"> <organization/> </author> <authorinitials="." surname="et al"> <organization></organization>initials="M." surname="Green"> <organization/> </author> <author initials="J." surname="Halderman"> <organization/> </author> <author initials="N." surname="Heninger"> <organization/> </author> <author initials="D." surname="Springall"> <organization/> </author> <author initials="E." surname="Thomé"> <organization/> </author> <author initials="L." surname="Valenta"> <organization/> </author> <author initials="B." surname="VanderSloot"> <organization/> </author> <author initials="E." surname="Wustrow"> <organization/> </author> <author initials="S." surname="Zanella-Béguelin"> <organization/> </author> <author initials="P." surname="Zimmerman"> <organization/> </author> <date month="October" year="2015"/> </front> <refcontent>CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp 5-17</refcontent> <seriesInfo name="DOI" value="10.1145/2810103.2813707"/> </reference> <referenceanchor="hecate"anchor="Hecate" target="https://eprint.iacr.org/2021/1686"> <front><title>Hecate,<title>Hecate: Abuse Reporting in Secure Messengers with Sealed Sender</title> <author initials="R." surname="Issa"><organization></organization><organization/> </author> <author initials="N." surname="Alhaddad"><organization></organization><organization/> </author> <author initials="M." surname="Varia"><organization></organization><organization/> </author> <dateyear="2022"/>year="2022" month="August"/> </front> <refcontent>Cryptology ePrint Archive, Paper 2021/1686</refcontent> </reference> <referenceanchor="messenger-franking"anchor="Messenger-franking" target="https://eprint.iacr.org/2017/664"> <front> <title>Message Franking via Committing Authenticated Encryption</title> <author initials="P." surname="Grubbs"><organization></organization><organization/> </author> <author initials="J." surname="Lu"><organization></organization><organization/> </author> <author initials="T." surname="Ristenpart"><organization></organization><organization/> </author> <dateyear="2017"/>year="2017" month="July"/> </front> <refcontent>Cryptology ePrint Archive, Paper 2017/664</refcontent> </reference> <referenceanchor="email-hashing"anchor="Email-hashing" target="https://freedom-to-tinker.com/2018/04/09/four-cents-to-deanonymize-companies-reverse-hashed-email-addresses/"> <front> <title>Four cents to deanonymize: Companies reverse hashed email addresses</title> <author initials="G." surname="Acar"><organization></organization><organization/> </author> <author initials="S." surname="Englehardt"><organization></organization><organization/> </author> <author initials="A." surname="Narayanan"><organization></organization><organization/> </author> <dateyear="n.d."/>month="April" year="2018"/> </front> </reference> <referenceanchor="https-interception" >anchor="HTTPS-interception"> <front> <title>The Security Impact of HTTPS Interception</title> <author initials="Z." surname="Durumeric"><organization></organization><organization/> </author> <author initials="Z." surname="Ma"><organization></organization><organization/> </author> <author initials="D." surname="Springall"><organization></organization><organization/> </author> <author initials="R." surname="Barnes"><organization></organization><organization/> </author> <author initials="N." surname="Sullivan"><organization></organization><organization/> </author> <author initials="E." surname="Bursztein"><organization></organization><organization/> </author> <author initials="M." surname="Bailey"><organization></organization><organization/> </author> <author initials="J." surname="Halderman"><organization></organization><organization/> </author> <author initials="V." surname="Paxson"><organization></organization><organization/> </author> <date month="February" year="2017"/> </front></reference><refcontent>NDSS Symposium 2017</refcontent> <seriesInfo name="DOI" value="10.14722/ndss.2017.23456"/> </reference> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9420.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8558.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8890.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7301.xml"/> <!-- [I-D.ietf-tls-esni] IESG state: I-D Exists --> <xi:include href="https://datatracker.ietf.org/doc/bibxml3/draft-ietf-tls-esni.xml"/> <referenceanchor="I-D.ietf-mls-protocol" target="https://datatracker.ietf.org/doc/draft-ietf-mls-protocol/">anchor="Jorgensen"> <front><title>The Messaging Layer Security (MLS) Protocol</title> <author initials="R." surname="Barnes"> <organization></organization> </author> <author initials="B." surname="Beurdouche"> <organization></organization> </author> <author initials="R." surname="Robert"> <organization></organization> </author> <author initials="J." surname="Millican"> <organization></organization> </author> <author initials="E." surname="Omara"> <organization></organization> </author><title>An internet bill of rights</title> <authorinitials="K." surname="Cohn-Gordon"> <organization></organization>initials="R. F." surname="Jørgensen"> <organization/> </author> <dateyear="2023"/>month="April" year="2013"/> </front></reference> <reference anchor='RFC8558' target='https://www.rfc-editor.org/info/rfc8558'> <front> <title>Transport Protocol Path Signals</title> <author fullname='T. Hardie' initials='T.' role='editor' surname='Hardie'/> <date month='April' year='2019'/> <abstract> <t>This document discusses the nature of signals seen by on-path elements examining transport protocols, contrasting implicit and explicit signals. For example, TCP's state machine uses a series of well-known messages that are exchanged in the clear. Because these are visible to network elements<refcontent>Research Handbook on Governance of thepath between the two nodes setting up the transport connection, they are often used as signalsInternet, edited bythose network elements. In transports that do not exchange these messages in the clear, on-path network elements lack those signals. Often,Ian Brown. Cheltenham: Edward Elgar Publishing</refcontent> <seriesInfo name="DOI" value="10.4337/9781849805025.00022"/> </reference> </references> <section anchor="acknowledgements" numbered="false" toc="default"> <name>Acknowledgements</name> <t>Thanks to:</t> <ul spacing="normal"> <li><t><contact fullname="Corinne Cath-Speth"/> for work on <xref target="RFC8280" format="default"/>.</t></li> <li><t><contact fullname="Reese Enghardt"/>, <contact fullname="Joe Hall"/>, <contact fullname="Avri Doria"/>, <contact fullname="Joey Salazar"/>, <contact fullname="Corinne Cath-Speth"/>, <contact fullname="Farzaneh Badii"/>, <contact fullname="Sandra Braman"/>, <contact fullname="Colin Perkins"/>, <contact fullname="John Curran"/>, <contact fullname="Eliot Lear"/>, <contact fullname="Mallory Knodel"/>, <contact fullname="Brian Trammell"/>, <contact fullname="Jane Coffin"/>, <contact fullname="Eric Rescorla"/>, <contact fullname="Sofía Celi"/>, and theremovalhrpc list for reviews and suggestions.</t></li> <li><t>Individuals who conducted human rights reviews for their work and feedback: <contact fullname="Amelia Andersdotter"/>, <contact fullname="Shane Kerr"/>, <contact fullname="Beatrice Martini"/>, <contact fullname="Karan Saini"/>, and <contact fullname="Shivan Kaul Sahib"/>.</t></li> </ul> </section> </back> <!-- [rfced] We see instances ofthose signals is intended by those moving"charset" and "character set" throughout themessagesdocument. Would you like toconfidential channels. Whereupdate to "character set" upon first usage and then "charset" thereafter for consistently? --> <!-- [rfced] FYI - We have expanded theendpoints desire that network elements alongfollowing abbreviation per Section 3.6 of RFC 7322 ("RFC Style Guide"). Please review each expansion in thepath receive these signals, this document recommends explicit signals be used.</t> </abstract> </front> <seriesInfo name='RFC' value='8558'/> <seriesInfo name='DOI' value='10.17487/RFC8558'/> </reference> <reference anchor='RFC8890' target='https://www.rfc-editor.org/info/rfc8890'> <front> <title>The Internet is for End Users</title> <author fullname='M. Nottingham' initials='M.' surname='Nottingham'/> <date month='August' year='2020'/> <abstract> <t>Thisdocumentexplains why the IAB believes that, when there is a conflict betweencarefully to ensure correctness. Fiber Distributed Data Interface (FDDI) --> <!-- [rfced] Please review theinterests of end users"Inclusive Language" portion of theInternetonline Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language> andother parties, IETF decisionslet us know if any changes are needed. For example, please consider whether "native" shouldfavor end users. It also explores how the IETF can more effectively achieve this.</t> </abstract> </front> <seriesInfo name='RFC' value='8890'/> <seriesInfo name='DOI' value='10.17487/RFC8890'/> </reference> <reference anchor='RFC7301' target='https://www.rfc-editor.org/info/rfc7301'> <front> <title>Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension</title> <author fullname='S. Friedl' initials='S.' surname='Friedl'/> <author fullname='A. Popov' initials='A.' surname='Popov'/> <author fullname='A. Langley' initials='A.' surname='Langley'/> <author fullname='E. Stephan' initials='E.' surname='Stephan'/> <date month='July' year='2014'/> <abstract> <t>This document describesbe updated: An example of aTransport Layer Security (TLS) extension for application-layer protocol negotiation within the TLS handshake. For instances in which multiple application protocols are supported on the same TCP or UDP port, this extension allowsstandard that has taken into account theapplication layerview that individuals like tonegotiate which protocol will be used within the TLS connection.</t> </abstract> </front> <seriesInfo name='RFC' value='7301'/> <seriesInfo name='DOI' value='10.17487/RFC7301'/> </reference> <reference anchor='I-D.ietf-tls-esni' target='https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-17'> <front> <title>TLS Encrypted Client Hello</title> <author fullname='Eric Rescorla' initials='E.' surname='Rescorla'> <organization>RTFM, Inc.</organization> </author> <author fullname='Kazuho Oku' initials='K.' surname='Oku'> <organization>Fastly</organization> </author> <author fullname='Nick Sullivan' initials='N.' surname='Sullivan'> <organization>Cloudflare</organization> </author> <author fullname='Christopher A. Wood' initials='C. A.' surname='Wood'> <organization>Cloudflare</organization> </author> <date day='9' month='October' year='2023'/> <abstract> <t> This document describes a mechanism in Transport Layer Security (TLS) for encrypting a ClientHello message under a server public key. Discussion Venues This note ishave access tobe removed before publishing as an RFC. Source for this draft and an issue trackerdata in their native language can be foundat https://github.com/tlswg/draft-ietf-tls-esni (https://github.com/tlswg/draft-ietf-tls-esni). </t> </abstract> </front> <seriesInfo name='Internet-Draft' value='draft-ietf-tls-esni-17'/> </reference> </references> </back> <!-- ##markdown-source: H4sIAJDpyWUAA+2963IbWZIm+B9PEca2XZG9AHjTvbpaTVFSilUpJVtklmy6 piztAHEARCoQgYoIkELKZFbvsL/WbOYR9in2TepJ1j93P7cAKCmzu3dn16Zt JosCAifOxY9fP3cfjUaDruhK+zT7bl3ktiwq22azusler5emyt4V80XXZpdN 3dXTusxMlWdnzXRRdHbarRubnddVS79rTFfQXwMzmTT2Znuwd5fng7yeVmZJ b8obM+tGRdPNRotmNR3N/cOjk+PB1HR2Xjebp1lRzerBepXTB+3T7PHJ46PB oFg1T7OuWbfdydHRk6OTgWmseZpdvLt+Nbitmw/zpl6vnt4x+3Sy2TvbWkOL yb7DjwYf7IZGyGmwqrNNZbvRC0x00Ha06p9MWVc0941tB6vi6SDLmtnU5m23 KfXTLKOXRH8WVW6rzn3Q1k3X2Fnr/71ZJv/smmLqH57WyyX91n9bVNgdP7b9 2I3Kou1GNMikLumxUf2P/9vArLtF3TwdjOgZ/r+ioq++G2N5N7Zxn8oZfLdu 2oWZmLz3rV2aonyazd3X/zIt2hEtpTDjupn3xn47pslU2Q92a/i3hS3b7S9p CFMVv/D+P81+rAr6ri26TVbPsrNlS9uem2VvKvjvv1QYj4arMdqYzmYwqOpm SQPd2KdEFUQp7l8Zfo///+7V+dGjJ6dP9e/jo9MH/u8nDx6Hvx/fd3+fHJ08 9H+fPHrk/j49feh/e/roxD9/+iSM+fj40RP39/2jU//e+8dHx/7vJ/fjv/3z D05P/OcPHt73c3h4fOTn+fAkvOthNJ+Hj8L4D5888u99dBLW+OhhmPMj+sL/ /fh++PxxeB53zf99P8zn8f2wV4+fhGfifXj06IF/5snR0VH4+xHNE//48cXr d0/llJX3XC+sowZTZi/stDRySUEY8V2WX4EjPM2On9x/LP92lK+Ek41AaExf nc2zt3rdv7MVXf0yO2tbu5yUG52BaeaWbt6i61ZPDw9vb2/H6wq0fmirQ2JZ a76Jh+t80Rzy7J+Xtm3du3T+fzLlmlgduONb24EP6Ux1qidHxw/0g+258lV6 N5aB+5+fj7MfmlvTyaub+rZKd+6MuJtdEDMgjonNcrwr+w63ujLV1A7SiZze tWf8vouxvKX/+Ztx9m+FvS26X+Sb1jaFbXHvngY++po2YFLXHzI6uPB+TKuj A3ZTG2fnC1vSZV6Y5TB7md+aJs9elnPT8CKrurO3tizlIvuFvqWPs/f0eW85 D75IAhcvSS5snXOrB13YbsZHbSb1ujvEm0d49XjRLUuezMW7y3S/946Pwh6r fPlf6QyKalqs6AD3etO7/8XpbQ0FCgqDZS82xE6LKQkuUxag4p00W+ggDY9B Q6z8CLw64rD28HY1mtb0YNUdrldlbfL2ENM7PHp4SIs8/+n46J37eZjATyeP 35gNnhsdH49X+Uw25fz8sneBZR180Qzk7I2lo+9AB+fFTSF6w2WNNUzp+113 +dHD3Tv177rJ9WK6aHgPXr49JDVgRjeMp8jztW13eGnmtj3EgsamXX3k9V2Z svvFNukKX1b5qKtHL1kBmgtXoKuRXW1ILi2JZ7XFvPri1frDOHs9doP3v3wx zi7HdJNsvuMb+n/nxBE/bF+9s/M32fUP51fD7E+k35wMs7fr5cQ22X36iw4B f/vxIOiG2WqVkWAbnTx+PE4P4PF9PdyXV+fffLoviaZqotBhdkUaj5GDPl+X pBvecc4P7zjnfyfP/uaTxurCUV/aqrKb3hU/XxQlKVzz7OVsRmouncEPrIBl V+vmxtJ3zNWw0vfFh2JlSTnKfmxt/+rfuVBHDfLynUtamRXJwnHbNtWYtMHD ti5P3YfT2fKZmZDGaKbdT0X++5NHD588vP9AROvb1+/O8e50ST++TTXi83pN N7wE567LNQvaPcjgVVMva/xziD+h4+MrrNRWP9cbED24+YLHEnYDKoi5+162 f3ZIkzg8PTn8fnxydPCtu7Lr+HdNejc795J6lOftqNo4IU6fH/749sUP54ff X784/O744eHx6fHh4yeHly9e4Z/0r8dPwNme/bCy1cvSYhDeyrm1H2Z2WVRF u0x387K167yuNkvSXL8ojbL+8r6jMbNXOihTT7bz+ON3j2/pMcNUgL8Ok7fj 1+9Pz4vjx9ULO0un+X1NvFaV7eymHafXWL/ozf/oi6dDb7rzAt6e8n4n7zj8 K2lFfJKHfzUjTHJsK9Fkzi8fnaTT7ZmM7xsSFnQHSXPMrsniAZ1d2em6gbnQ szqTNRydfvkM7lYJaASDW/WBTAyvGoCAJtPVo5NDN/En27qrF+NXsBVJn2Gj c0o8KBuN6JbdFGBG2WnKCp88vHOmzCKuoIuZvEqkxW9dA5mrsG5kFSsDRWBF AnnaY350xNklf8vyetoj8KMv6zM7CaRNKQRnR8ZwsV4eyotG8qIRRj86OXog U7ys16SKtTad3htmtqSGLkhhy6YWQ7WLYtUj45Ovsl4dHfrnePeUu5pM67CH UAkPxXOx0h+P5P2zxtpRS3+bpqhbnnzk4ViRajwfhZn21XeWKay6v6+bMr8l ss7O/dNE+tNFVeAepUs8ufOmel3DOF05i7X4M9PUW9o9UdoZWd5b1sfzcfaH urJbn5Ph/8oaNth/7ebt3JR40+g3o3phCvoPuEuyXT9MSlIn6zVpxm+vsh/I wsheX19fXvX25ssmDm3C9aJettvbQMbW2ZjOoc5/5eWK15fOP1rZL+uqmJvR 0kxHJs9JJ2lHDXELUp/UIZJS+tl5po9lyWO/lg5oUf/Gb96xWvr6Odh1k9db Z0w7cVYRj23zuvst54x9WJq8qEx795p5e15fv/n+Qbp6/uiLptQWX/8W3nP9 jqeoLObfio5Os3AbHzP0V2v2bvYsV3oVbUn2ur7Nupp4fb3KLrqeoX/0+MuG /h/G/r3utVtU1i7GC9Pc0LGMbb4+nBQdaXt03w4XtHelPTw+vH//wYOThyeH bqifZML/y8lRPaP/0KTpv97ghnrTWmIipLf+/lhfG5sR/8WUNnbHXeKkeI9e XcDdmx6Obo7fFbF9Irs1Prg/mGptmk3ElXcoDzMeceQM2bFdeyN1CY5/KNP4 Sd70U2Sg/ul4fOQNUyKBsymkbjEpyNbsibbkq1/lRfgW0mqd5D+8tZOc53lo kjdiiMre2vm8Z2+85Q9ZkW7IhqK7D5uS9ox0vpWpNtn1v15mjb0l1YeUIxBk 5PChM202K9ylvv1xtx7kCPHNGnbOzlMxDU0Bomcqqif+MRKFAX6D08Pj40NZ zKiuRjzv0VKmPdJpj7q/rkZ0qjLvEc17pPMe1bNRmLdcxtdkV+GS9/bm0pCq AKOTWG9Zz/v+QNKtSgOLge7jxfk1nXFHAqIrfoUjxrnfMIHd2jhO2ayK+Xi6 IFvi4ruXdLd0Pkx64m7+o9nYbc1w3dr0lNiaMpUq8PAg5MW8oMHY67/Ghu9Q au8mUOcjwOvvJtLEPH79blLntEVspr2z83Vpmiuxl9tD/ePkyeEL7/w8G9OT 45Mn49OTn85e/mlMIk9eJSbndz0fWd+GJ8Uemnzk16JteL5uoeuLy+suFy8t /PhX2Ivfsv7g0l2tSZvQ3T6cyySD52yi81s0P9nKcxjY19uHfF57duicJAmR XlTEv9VlhOXSVSiabFnT5OsGWyPn8Z+8clsdriLHSOEcIyt2jExpDUWYp7hI 9Ihfvxu9u+4J6PQS3hT2tq+h7mD3mBQR+2I9YaaCqN0IscHDJh4B/zXNhw+1 pWuRvrYXwSM68lKI7YqyyI2/ZYnojqOWvY1+8jUV6gyT2aEbXzdmubQ71ey3 pDQt6GgXIZ4V6V2v1zSV5ZZGdrdmSpO4NnQsfvJZrIv34my/RW3l/R4VZuKF MNzFYUNHRyeiD7x7efbH3g3A0KBi7Dd/n511HX22m4VtEamdjBE9IOWDJ0b/ hoR5cHRK5iDptyfHh+5RsrTMB8NjM/3wjL6v5z+bnofmYrmyDXx32au64fjC lZ02droZsvL2opjNCjt6TUcHKn5lipJ9uZdwqRVbEZOv8t6znOTf1pn9kZRr UuPm5mb7OyJIU95heN7SIvMF70Xh1jGayTpGraxjNJ22xw88W1pYRM17N5Q/ G2ZnE8igd3YFo5tOqVA/iiVjum1tNSedjy1q+pjUQGwV1P7dl/lu8XnRtlv0 TKR5Vi5I8TdbXm0i9T+RvWx2b4EFH+7GhZkK62IqOH74+CGvdunmPZqRMQHS 6zsJaC5zokX9NrspDLGHJQlc3oEzWgTxOPB+Wu5LL5p7x/7oi0u+RFx9PZls 2U10Vb9f9z+8HhOvRAB7RfrMDi1j96KPHx0+fChueQ6GjxZkGmwt996ret3A F0KcmNSg3Kp28QvzS6hiJFtIf4RyT6ojDUGr5vGcgWnbe19c63d0jlOzFbO4 GtPmzUtLRJ53/S/JfHxrGrMxldmhYepttmQJIqpCxwLmhDtNq358eHT/8OjJ 4YzWNeJ14ZloXaph0rJGuqyRLGsk2+SXJRyCXyh8bWpX26Y2RLh3LRLrICbA eiY8CyJA9GdfJJAtBfvfxtmLNcRpU0x3fPdm67oQJ7kCDcx3eG4QHzbNblfM FdT4HUzmJf1m3bS/dLbYFc99Tlvlwg8J+b42JTGA5faAfxpnl+ZjLJ7wx8Xo xVis/bIdrRRrs73Dcitx/74nVbUJO77/5vurAw/S6fGdL7ty7tyV53BsrJu8 Xk8XWxKTfvWunthmi2ZhEiH0M925lz8siZ53MPnzelGNvqvpZXcQ+p3yN/aU RHtHVDsajTIX4xkMrsluypziSoY7XfR56i1PIjLTVEnC9zldk7JeMauvG2aK pCRVglXI3ItFOzWRptQOs7ZYFmQggLVAwPMPaKnWBX56MyECvjHTTX8Snz4p POXzZyg5tJ4Cb8sE3pVn7HkQvMeOQb+0PJJnPDgwKxi8v130d1V3eNcOLz3r Llm7stNiprbA77KCf8TmAfNKzMAjjFi7X62bVU38ZawvS7/1ryamxLO1VbvW 3Qk2RzZr6mWqo3ogxbVpP0B1mdpsH0ryQaxvfx3Ptg+d+kBgbSSZZSITS1qi 6Nk2H8LVgP9hPZmsAFrmZEN2CKkB9L+YVeNGY0hdRiMAGoH/pQfclyAoDLFi zQnTwCe8snrdYXI7xhozP+iPP/1Q1bekf8zZx2E6/uGaPZA4LiZZIY7Cs2i/ c3dTMMi0rad0yTZMcu4qYLyV6nv8I/6SDDH2qvjJ8Uzoq7aDewDWuvwc5zuW e7os8ry0gwFNpqnzNcdMB7+P/q9PkbQzQtoGd3kroOrWsuse++/CheYDps9v 6NE28xG3jDQkegmOo13U65J2hWiKtm/Z2vKGnrwlHSjeDBD5ksfhnXH7WfCe b7JbRPyJB4QTyRbwg7Ipm9P9YfdBRqwzW9UI6xQkxeDfmJXsd+STsx9Jlhbi EvlSEJnXpNOeWIYE5YEowvmbaLNMhWtOFoul19KPcktngdsLYizoHeKUG2aT dcf/XrOSyEe/XEngVy6m26+yrTFQ263JOmcXE245vXRGAje8OVmIzs1A+2iZ SJgh2ehgDBHlxLQ0oq7aExuUfXqD3EV8800wVr3tvft0uyjob3/xHfFhbDuD v4LGp4NIaax3M2nGRpigXslkqQ273rAt3vepvEBpR7hLPZsxl2D/FiLR9dRM 4HLii+acjEztULP0TYFukndGZEeT3/Fj0N8Ey1pOiPr50MB9eb1KPp5pNNAW KxZDtsJCifBtdVM0dcX3tC95xtl7mElk19PSMBIAVaSjtkKKy5pEVixtMd43 3WycUmc+WJCeWdnxDhFGgxBHC6DInpDkxenaSW0GTffEIg52aUmLyoWT0BSY V/XnqJ6YbP9K0R+n45MDOclfIZSjX58eYC5dsiC+ApZ9BiJ7MB7Rk70BtIbe NiXd0MBcx3tvTFnkpCmOaUXsivr8WXyrfeFwu0WjeBG9OLlu3wQ0pVcBpkpv wgza9UTiJ0RBjTXwL8uW/1yTWUH8hhkDBncCpEi8gcmcSnOL0d9i9K2jzmsr +opydBZYHTR1omXzEWirjTt/Gl6DVPue5R6k77op6lKOZAiGT78i6iwaeEZY qZG/h1lZV/MRzXiJj4n/NR3/a0hmZUNvryLSXdQkMVuSelBFVuAVYHIX9AhM 24mdGvgbOlXxFvRYydogw9Zzu7KMi5eTLeRXw/RngUyKJZu0YS9UYtOWquQM NDmGawfW4JD4c8Mr9YzMEeCssMTYb5m953ZWwIfK0qKif3SxlpyIBUjZ/6lW /g+uT0IK/v9DqRy8jq9wtwDHaRONMtYs+VtnnX2rggUBafHmJeKLoDK6P5fJ eoNQX5oNnbjwBhaUeghMNdCKxJHDca6P4AgtIwh3fR9RdPRAVVejvGinDZma Vf9L4rumjOCI0VfgHcW0AJoJa5k63GlZzCBEGlUYWjooFiu7ZmQUWSpn3OJU +zNQk3bogwr+m1Z9GIBK0NbkI+JhDTHaGqdLbA5qowSB8bTjpfTMDfNQEcMM tsIeT0Casr11hv0oiRkQC0dwMNq4jNHqPJGlKR25qRIyZ9i9mBlNVjMbFOeJ TBM6Zktj0BxZ+4tDjiwtNSpFE9cpreBiY8URmk3RtmuTO7VayU2d/2QI3LHD blMxRO/QVh4VvhLEnIXsFWgs9BYSLAZOh7YbTUmKZw5oNYyuJ9+n0poPyTZB HaIPWQdcLTYtvyQ3cBxjI+jeIImqmNIqDDg9H5GyPpwfG0gQkSR7iARbbN3U ku4AOnHX0l08ui20Hmwg6Qo/E6WK7kk7CX4xpHd0jRn9TJYEw6Q/KMKYlUUW 3dgcuaOkrBRt77Jkc4OjFK6q75oTUYsiQrxuvhCCCDFFGsD5d+jVM5JD274R Fd/EiSA4aV66Ffx60bP9KhN2QrOyiPkXv9ht243fIb8UpZjDDhBn7arQNUT+ IASG2WV0vm3ven51GYwKsWxirc5dQ/dSQ+KSzrvVqYjaK7yY90P0mXnjws80 n6qmxwzuQOZCRx4ajYmIQbetLRftB3ZB3SE0Ws4OoImcu7uvOkE6jNtmVldV KSuDD83md72iFa1LZZjfhy3nG+NtP38W4/frLrqM1XE2BEg35GAVPH5ftnSZ aGLjjxZT2YJZkBMmRC857XUT6VY5yPINxJDuwlCFTKMGpOwxRisRJsiFO8Kq BAk708z5FNkJQHpUI2ypmGWYOawrnBP9lPgxGUjdDoNWdp82WSxb0mb4X1s6 KzhCW9AMSeW0uNwLp3je2nsNuyuYfa+FYEzZMwCcssv6Y/9LTEItIWakCeOn 1ycsWyzguqznYAT7F+fXLVtbc02bSMzxnlRX3buYwhYHiSD97PPnp5IJsGRi JeM25G/dSJJbX7Mo2uj6O131ORSbvknl1B5Eb2q+urPfZJDBWJGI5faLvy31 iAbjJCY17748zLfkuPCASC1RkYURS5aFtAzHXCG/2kTDDAhYcSh8Q57GydHh 4+yWLr7J61UnnAHYOiJO4vHNUmQxbfTf//bfmCeYpQ1shj5f2RrCbmFucLIz TmxZrtvO+7tU1WLWim/Hf//bf1eDlVNLaNMu+J0PZNLnpBvSerYOrJfLBi6a qKC0Ze8uaTAsxlleudx4on/wdoQdp3XDarrIWbo1HsAzJPpc2lRk9fxTcotY kJxfO2bMV0yezIt5xSGos4bk1jFnph4Md+ij+gQ8IW4va1UzywKhJNEfPQOW x0/p8UgRgn3g82m8ouxe/iR9+C691M3kKJnKtpJc2jl90hCPzUlznRlSzhil N8zytXW61pA1gPWSyaiqEWvV8R/9/W//+/ExHD8repa4KVSONtB/6t+gMyIC 0Jk9pl8FJQ9TBqthCxU0SjNp3aPHux7tqfFRIpLyi2XteJtTQzIHZsKpt/R7 UAxrqJArrP93kLo4LXjR4HtsYCCIArjyfnvxIkG/+K9/Zrc30cp//Qu/VbRo N/NH6hNzslQP8eRgvAclW1GL04Ba3OE6FdRij7+fpyr5dcTgIY+m5Zqvg1Wm pCMOdzj/HKIyCooVbarr0Cs7uhIrMbQ+YnAbVBRnOnJQDwYEtD2+c+4bAPDZ xmjxisH5l32KO03YxJq9yC2iBkG377tk6KOSzB8SEXUIbNCu1M0KH9qvRApV WZdIgLsECAbYcpbtt9b2s5C+MNyB6hytEqcPwcAlJXnPlejQtXO2knK5Y1/o WMd2PCQVfz23iS+iCaGU3UGPOmhW/LbYWd1zIzi/rtIJR3AnG74f/gY6FQfP QGPKVqWBI6OL9C1631yYreykd1z47cQUg7YqRTTGLpOTGBrRl0EEeqgeMWL1 hW1U14mCRfHYvGyv7GwwJWuashDVUr07oOYMF8t9qCfkfaqgehGCbjf4B2xa whWlupsTHKItOzaQQT8i/vEBHkOarDAaXDUQE/v5aKLTBQzMVjyO1vvHvNTC PdlxLv1jCS5Q5jp0v0P4f2FXdONy+mzJCb6t+JZ4mA5ZOXSIOaIsHViG6NqG 5bnqjuK+7m+3J6QdZzrmjLMgenW64jVlPqtaBWtlgViC923IjocV7sqNVcV+ YqZcr6XCWiyzHSGQQudUNP3QHN6rN4E9V+FV8drUtzjOYFlEMQ+2C3+RsIMn JXyx2yqTF4m+IK66vwK3mVUGTgjUMVg3eDcY1oyW5eMrrFuxf5TEfFk3IaC3 4/rzmdE5zTor4q+ufiatj5fL22kNiSPmsk9pPf/wD9mZXwYDSCJD+FdEaNgw F6ngzOVYNZVriyCpphxIdItVNShGE9E8HfO7Lz5YjWyDg3ARn0KLYoTgp9L5 uhXpp1uwg19gOCJjulOI0jK7KdTYgBURhbwNk1nF0kj4KV7Zv0H85nnNRCfK ZBJpCN7oKGrWi3eLc8bRrLccNLYx/trhCEEHJ5LS3VpUASG2wfuF96qz7djf mOFXaFX2l727pLkZvhrMT3i0TFyKZGbHrm+eqOqv9oMq2704P224RHwM58Q7 1xJrB+oJH2fvF0WpfBJAcnaV58KZhcM0hsfQpIitC7GLRIdyUp5G4ZV0Xr2K SMdtIe5f4thncobHAAZ3d4vbuBVK9raxHt7Lj3Q8nWiTorJc+D+Vt20xZsMs LebFWNd7RVlxzIS5sOWxvWSQUBSOa2HLlWMUQlBkUIFhN6yd+iG91Gf9m0ay Up6A70ojzkc6FDHd/dVpPbGzJk+85Kl4RHBd4dOh0VgSE+utb9tYarFMnvNo dOstTX936GQf+0Vf5AcOXLY15985L6F4pKOXks2pb3YGYvx2elUDtcm5UzxP 1M3Evt5E8IZwLKLF+/0NA8uKGFnHw7GXNw3NKTX0z97LUfGhO43Uy51BCKCo jEI4wO9FBG4JA++YYLLNfPkiF47cPt5akbjMDiV0amN6viq2wRMcdSdLX4ev 6zxECyPx7CYsPxstasBBhykR0Y6UpQKG7N1RNTjZQRRE6kqt7psggcnKlxWx q6IrlpZJQyUFwMWgBDJUSOqsu8g+cboWvo19WW4Xhl5m0DunAGpYoRaMyXEa W8XaNKKa0P9Ycu8jE7vcHBDl083ceKJAaJcdi8pw4adPdJR2cK0L18JmboDo GHVtdHJ1nrfBlwWynuowZKc3LqsiMofYcmEBF6tpC4RGRHI9EbzHe1lcEoOm mwbWv+GVOp8CTaxZVxVeNSWG65AtZAi6WbJEA2ZcfLngB5XcwIJXzcH4TsMZ /UDjLfOmIjiMddR6gjAYtvWCdR66kG0XVAK3cpFNkK99AsQ4zDm2mMY2RC3d BsHAigdUo2dqzEfANcaSrCtVLXAl5XBsoOSUjLGpoJFvtyC/Zg9vQwjvtjUZ dtRXeZyoATiFLSinh1WmgMDgOGLqH+YN87CqFNfH4KQvhplFbUvf4iKbrZ2t y4yjM2RyAjfj5pea48PoKsP9NYM9x4/1l8dqduQ5ZLDJqMQH4cbs1lv5qqAy n0Kj2gRNldcSRkC1FqZItYNp4vYjhDIRZ2PZ8ADCMCUusRobjtcJYQvbEt/D kne5RJE0RSP0nBHiterhxgJvJrM+DdPvQJ+IopaYZyYGAEbCFBEb72LYEdky GkYRG88/uSxauoc+e3JLQ4EkDxcj2Xk8984yiQCKwv4uNin36UScT8WtAFx7 BegTc0ia3Jm8VTKqseTOeqgeS0IaBJeQq8V5wIe/JXpvcg8IchfKuwgaK8U3 w6l6HuHQkRA6SagrokFdIFvLsFVqMjiIXbEEW8Kj4sd3IXe5g0F4rTVGgKQB 7CMuZBp6dXszMVyIiggfGg1tp+hWSk/z2kANCKAosgKmpAEAuxpCf47Nmqq9 haqiDrJZDcaKL73lNty+fwGg60AL4ki1AvZcNZZkUAuFwmvvHqfIzF/i6C7i PRN8gSfNyiPWUu03h7ObcVsS1ftySDWO+Sl1eXLg2LDG2bwShtIyAm0L7qy+ 5SCrYUjXFmDPT0fCuD6Ura5Azobvj9gzfBxV7odzEK4rOAVA3xwPk3jtwRjw 8/6ptjY+PndqrLhVVuxvnN2tCZUuwhVPsLlsTShihR8zkmGHh4ql9UJ3iWBS cNhzzSkXjBz2VwmvVVBMg2Ntwh5+q2IW5OMw6HguionPixtR4AQ2Jxas232o xBxwGzpeLB7C1ufV4A9E1azelcHgDNZI5VnHLZuzGljnA/HeEBQKHmb3HFHe GyqN+mhXkUvIwfOE+DCcTFQeqpdHrm+3WQkDcBE/4oyk/eAi4W/206sISmLt ETiNPVr+17CiAiur6WXwENpuOgbVeDuH62zAYTP4V53mfnvwdPAC5L1BgmGk gyIengmaRzSwODVh5N82UzcWu1mL8BJEIIhLPRsMyN4mHqbVb8BcrVRZtBJZ kc0kQteiiZ8/ZzBGHBtRSEV4DauEIALPmAKinn5wj4Zt73n0rHgwxnKPUBGY hmdoTZvtKQYdaUkbH03HAjzyW6w+HGNZ2JsYXghqkjB3VVmpR7HJ/jwej//i XUbYjLIs5la5ENbLSPU8IdZFkefiFIwnjHDs+57pYj+KMaQRIpoOQy9pQNa0 FMFYJafAK1G/ATwp9Qopws6HiiOdmaIU9FJwzrLR5NbgD1SBF8wEROmpmYWo yeDmMfQGe4kcOc4PUSwFO6QRf6AdFmQsNHho5oVOm5MwiewlL5OW/rFgrNh2 eqfPMVshvNVU4mYIuhhfiprEjFPaYgBysjK8AZe1YMRC2G/EGlGxm8luNOKo GDgh69wedO1xOYkRRo9LIF6AdcLa/UGxprVmpYu5IPTXpkruek+XdVD7J+NT vFCswPv3H0rcL2hCvWXh2HPmJFNVEh0u8WlsOOA8jW4MqUxkjENZIUVYTF72 m0QQpC2KHIoFaLw1UvKZ9FYdUC1sBBNXLACA8oaxTk00sGmJeO4hqxCNP2Nv E01LS2sjFmhXEZaETmwF0cGqI9bvnIK6EI0gkU2hfteYviNsOVMv3PTJJBRa 4EJa4syfw8Hi4cARjn3GQFrP6aLiMH5SgR7irC8/V/FuseBWWLQjtSnpoQEP xrvGJJPaWvTAm++vAMHYlbzLeQnEnFndeDp4uT2/3umlTn1VAFJ6kDQs7Kna TVBIU5KU0412A8sgdbsFXyK62dgEMI8l/euPF+dC8Sg1rnAeXf01LfBKjuct PEsXVe4x8ux8jVbf0eptWxUYoUkxJWwnuFMcZz9UooNoOa0kMgFIyLLQG/2R cb3Q+PisHBYTsWyJXnMsq2LDziE0SVehcQunwC1ZMYWVG7HUdOuLSsEXMDAE /KmBhokFLdcNjlKS2tung8FIwf53wbbveOAuNIooEOeRpPPqQ8v6w0Vfe6jp aJcMAwRlQ3mY0Ji3Rc4GXs42PAdxK0EoVqpKPgMYig4tHc1hlhILzIgY5zgE KdkkvJ+pbtc3e2ZmqkBAdzzA0RSK5kHUvhAWfwMhZ6YNCQ1SB+p5Y1YLecj7 K+GbwjsgKkgxkbMPxr2aiu3a4f+9RtuQBsE6ILMWos5v35T/B872Hc9OK5gl quHW0c4MAuJdXRKFV92zjHVHNpFuK9oxYlL036lYoA70wBx+aSErinbp1I6y 5DAdTeiQ/k2aBV09IgC6MOkbaWEkwQCDJ4GBspC5xYvU2SnQlhYTwe/kJiWe kFvDFgdSR9e4zNHP01+RmYgkQvEZsjNIMtamNWuIDtYOJwocv85jogrUrqkj SsPqq6jTzqXBbkhRWsVErRyhMqtZA5So6PncO8CRR1A0tCpRmbY06+gMFV/X FhBfREySHKnaa6RQspVoP9op7CN4b52WLXcIpUw6JRnbNLwX+NRILNXrJ+JX ncXxbPg7ImeqwCjG2Ru3w5oK6CdcxNeHyBMWjsRV3DUCTEAjUD14LKCFdONg x4vfQ1eUw9hToZ05WKq/h0IF8K56cuVl8J78KiLiZCn+GbMGJSVP7OxbZBJK yCW5Jhzsm0Wm4tAN6A2vlPLgCuD1BEbEaj64UWNuJZjGWl8s0KUqZ3p/GGC3 42aNsyuOL3Mhpta7n6DP8qNay4GlJwlh0edVpA4l0sm1y+i7e5k7ZoQaw3YH lqHpQa2ULCLKZzj5mkshfvrE5aY+f/70SapAff5MyrU6PB3RARcZ/KchJiQO 6d+5xz10c/thh80pWkNaP62QtvhVSqVOAhBjRpmTZiNU5TN9wMJmAgER2sWR ZvA3M//AwbceOMz6NqusphyxfyWol4jsilByvrqIbGW0Yap4wdUjXgAzs/M1 h9NoTPZ0YyVezdO3q8FxcQkpiixGF8knWgwv6+tlordYSVQOipZcUf+s+tQY INi/mvAYlpZh9ywk6Xtx8JCeeH1+ea/Nzs7/yLWf4HlinQ/tfWDlXEmJErku WeSZ1slFTHfjZtp7MngtQs7g0ro0AahfIHIafwnwubpqUIsJn7G+sW4lauZW 7wJYBS29LWJzsFH39/6V1YWgp5B68X6TNHfE67QxVj2heRDbSaV2Nsh2uHTU a+BNL0WNyd8kSApGuHjzYxiFAsUduEGxVnZXW5Nz5kackc6Ggbh3Fa4FfsWZ 1BjvWXbROl8Ec1MUvl8ivFQKUpDdYaAJdooz8KPTRJ7YfqBxZrhpQ81J8ONJ Tj6isD5PJbkizjkv57VrisA4OOitA8O23rZ0nijV4g+GfL0rkCP9pOMLgzlU di5AFR885ho89P/X9FPwEZLcmb+Q7OTZvVRWHH2qoO3U9cpG+kYMQJdZ6CQ7 6g9J+oVpmo2SZyVqKM5JvB9SesGbWJqIqEB4Vkdm5qZmsD+jSHovYxVS5YGp +Jq41BxdsrC/iOu3tnKofwZGZR5TVTmvAgl4STuH2G5DDMXF8p7B4/GAHXi9 SHlc/uSmLjxgS5iaHp+ndL0x0VtlGqkb+2uvAIMGQvtjb1TxaqUGL5z2Sjzq rC58LmgkS2oMKlegP6yEG7emUlcsRbO29h67jfc/sIfEBwjV8SgHwyBo3dHH T2BRY9rsidLIvpL/Ro+dOEu3lkzEAyfBguu9EzRzL1IIV5pMfztEHny3QcUa x24sxn0GjdCHXXSXhdw1k4tJRL0tajBv8SXTbhPAlmtCAoxyvbN+qrIyQw/0 c8S7b8dzMnFIeGUs/SruzdMeMGaOiyweKs032T7JW1+27oDhGw3CMS07R4e6 q5Fj2yfpBMdKmO1kE7lR+FR41yQBiVQkmVh4pfgkbRu2UbyDWK7YdMgkqaER cfWcSiWgnrKT1/C4nEXSVwq9+boCb+2c1CD5Skjs0Ski8LEjWtF0dkYb3rWp NwmATQiAnX4bopHsqyIzfmI7ySf5up9REyIl/Q4qXw2YRABjWTyXnrCMauHO j+AWXrR+TaayESFhsgjHxTTeuQxhvlHts0jU93FAMB5+JDuJNBYWm22NAC8b vEhYXwnmRvxLlUASEXbcF2cW54vRBH68fjVCug8TtCS57fv0XEm1rtcR52Pn l7D+A36thzpKVTteBc1JIIQhEMLvEfrAzKEj5ncsbQkURCe1QvC6rDPzeYRI 05XQ3hR57BVwkAyJqp4+fPD587NBz47edfwCBPGRc+/updctRXmJXPc++3K4 o+4UV6SCSOea4A7XTm8npX1uXSmDpkCZI2bTcYMfz3sZezBM87PcVCXrR6WJ r/clEpdbC7i8cboaZ1fnFxdCokUcahrHO5SdRTNNDCeWGHHumN7kKGGfWYzI LWHS87KeEAVBEfGwxImlw6skW6RVDzbXbdFwrEfWc/eU7D1EwXs7yUKXmWz/ /ek5FF9fujHb23mQfvydEDs4ysIImjE2TIyNGIKVaF+Sz8yZLqHeJlFc1J+J 5QvXjWSd0XK0nX/MrkefFocqFrQlEDthJDhSlUzGexkdUGgJ9fmzJlf3Nl86 Scj5sq6gHySX/ccrIQO54aQ0KK24QLavuQQ2kqeXWbuGyWXms+bTWq/YTY6l Z3MapmXlVpkGcN1IWXFozaFkqaSMwwexQfJ0yZDthyixzlpE1woKccfGJGs+ jmFFsaUoQs8UjX6vMCazM9HfepdAQKbB7+zB0rEVoZvIxK9XFdnhK/VqNFYL LmB8VYTFp6yYgjIfZ3yP69xs7rXy0dB7qLjlbckFi6BfT9lklmJCSOVyWBHl 67L7oiMLA8VBIyYIrVNSVwSp5JlWtBF3sBB4uQuNp2MFo5nAYUWMtUMHhUnj VUFFwEJJUExaf3k5oZCLQ4kCFWGY91/EcAx+UN8jWGaEuGPL4wvv9afdtOMD OuNSYD7eG4QIZS3FV/xusMlGVMBFXVyYOgwt3gnHcu8BmSXIpdic9PA849ib DwT5+hw0lngBnpyCp0Ypj6rv+bgh6g7yvWLlpF1zxF5Sm+gbJxw4dpEKVlUq 4hObWS4fllZtEHctp0ptIh7GJiJZjbG7CM6LhIX9VudFVAEmTgVOHvlVhX5Y VYuF49dVtPUKwBIJmnocZb+Mm472LHsNRgjdYQkPpW7VtLEAp3d2BRF7yyPo /mC7e6GSUO8uYvh9v33SwS/VM0xuVp13QJhfIZCQ/Gs7DcWL0BiGHeX4abcI Hj3vMQlYcieolqaBS2HfyDrtQU/yjBngyevWwmYxsD9gGEy7pTqxy7AUL5qk /MVZgO6CAd0avLxFjHf3a8MmYLfV7Zo+w9MWZWqXSnCwu2eiBgtcBnd8CXop o2CGnWY23D2WiUz9FZwbGnbUCGkYPb5+1zFz4UGUv8AKXC9lImz1gYyj4pM+ 8wn0ooaej54Kztb7JBxlcqWwonKiSOAN7YIlbYCu9vOWAOnj3Dz29wr8EfkH EkxhHCSNe8YF0umQHYCZdDfFSMS58VKHXUBO+6KV8DhufFSiJ1Go3iaOwwtZ ObWBSZhhRwlghUXsvVZrXRAzWq3LqJDe2hW3ija7Ureir2eil0fDRNCi17wF 8pE2gUK5GFQJUxCn3Ci3ZNXJXBnQXqEaFAFDoqh450JBKt5gBxEIdcbYSC5c wmElLkd/H3ZWCUXTeVclNNSi1BvauvUSrZuJTYuROWR2ELA+kcu/sqhc0Sbe Lxw9ERD3lxMBrOpUz/MoxcdaibKxZ5GXKBrNUrLljNinXv29QwjtMPZ/u3j5 qnCD/EE72YDJ/2roXKNePqjYIzLwb/X8IF2+3MQFlIbOkMtx64uSNLOVxO8Q PXfFMP0l95HtAOQUM812hpuO6e1zvrvAeIc+U2h7XGckJet6tivYIA7kfsaW f39qznNw1AORy80IUumGuLakfK8si4jkN7TDKYQQWqba4uCHUbkI1J2v8i3/ TLanwi/fw0r3IofznurIRyd0X/xOVkK2N5aVfAdwUgd475a7wqE3pihZ3/Td TGvEhAR4okgXuGTc10V38Cw7a0Tx8KBtqd/QWe/avFWNUbCF4iBx72eOJnV3 heAiIlLc4PGjJ6SCion/CM65XSjdkNzFcOrS+aNiFI7qKXcrvR5y6TBNHxlV IPKfBqmkDk9CGl41+/TJdT5UrqXg8GbNFWpmrlKlNLxJDchx9l8skKi4oFHl ahXXkYUobjoRilFiBzBgItWl0t8wJglFED/N9tDeBs4vXyRnu2xOeLs0AAvm ytnbq4thdnH1A/3n5cuX4i66uP5xdD10u0w36AbeXhFtSXKwhp37WW/e6xK1 dLj2GP+r9GG3eFc0mxf+9u61cMFVhUBpIm225+mrbtp7mZkTt2R9ci/MBckU 9RwbRbO5I72Hy9usOsmHDPVUU+YUIrhSMFlqgjfuAGMVEwuI1WQX7vHnAS9A 6dB2re0nHgi17zEFAefXJIe557mnU3v7GcDbbaLHe3EQO7EGXX6JOo17ZMvB Hzxil0gCRYUe5duM/Zgqk9DJavx9z6Gv9oQfSu0kn9gsRfxTmaiq0ochK1zi 9UE1IWYmSBPMHdiHNfM/84b+JbtB1A4O7MaX30YFUTveGwx+SFfCnE9WJ2Xn WlIzweYO1F2toJ+aeIpllEG/IqpL9uSmtEEJFxVOJh+iuP7BewH6ERd0Eu9x 52CpG4+7EKUuoG/gaWKxz3hDlNG6UWHpPeEJJNADvxjXpfoDazchJoqPAYlA +NmqKxLha8bpB0We1aSV92ynlaN8lNPFvFyxEuG0DE0qWne/cUTdFp1yWQw5 8UJrA8UrUFxYbiQNmIbm85O65KiGGOcZwX5ABqhPv3CYgKgFRUIRnJATM0kF avoRY6kbS7IQJdN9DLJWYFzEDRJ/jy8wJnAqtpOJvMBuBOQ+LVGKHAXnnAHr gKfxexEriegXOhK939PxWBurt672HoyoBYDIDHZMFu+sw7qRbHSJVGpgXQKo QhHb29bLn3W475rLQsC1irCgQ7B++iRNXCFF2TgBYtLzRHGNhdwGdnf0s+a5 jnVU3VNOKVGIykJ6fvbkkWYLshdQqohFh52olc3cVLol6C3w4of2IEgQMMf+ QYe99ocS3DqMW/EzDApbG7KwwtNKTBolUuLQ4sxApNEOEvmgeAx8pk29MWW3 GfHBk4BB2had0KdP8kNpoIsHOUVr6ephuAxtFMcbxrQJeu3ZLuj7y5lIsTdA FLbjo8fsPwxmm0IcNYngRhqxThv1t/mK1QxPC3oCKZ12gsTV29aGWhqhl4gr aDBBzd7l1LTMGyLxpvrHpfgtEd2+ujxAozJoN8nb3Ay9LImSCNjnWRFjGhVL jm13dnum03Xb0UY2sY+Z5m8apvtlDBJ18Xv7cVFM2CUiqSMJaEDAWzcawCtF z4b7t1mzgSqcIq65IkeY6KlaaNJjDRTRKzNMluAcRgyJ0J+tu4ILK7+wdkV0 zLidC0kUwI7tv7i8OEjqZ0QVFNRDs9OGj/GuUcIz3Ru2F2nYoStaDz4DT43H NPAd4mBB2uwlZnhxSvhvhrL9Blfva+CfauBzWGsUr/jXfb7Ofb5Ifj7ZaARw p+0a5L6PO/mETVQVAbn86h/GuqgX7gyKS8fgSqPi6LxVr4DiR7R2A0ef6Jfv uTaLa3Djwsr+uAqnLwiqT1HkXzT04OXy3r1fFGSQ7FutGBMuv0D2D/FvRr4K B8s5D5eUNPDW6cLm61JKI6NIWLdY+jJhaxSMqIzK3YCVll/3wunyLr6puqkf OVLsd8wjkXdE24cCnyhZhKJOlIBFWwfbYbwQUrQ0c5FfMVIvG9eVAhK74TST YfbqxYsLzar1EA7Hb5bFRzWYxC3mZ00nMNdIalJjUaQta6PINSAN9E3d2Jrz z0ybqmi9espm3aEwKOypVGqyAXl1CeymlO8Rk4jYIgqcaK6czURCOdupddAc djCL87R37PTKHHhN5FQz3xRNw3mZCxcdFAwxLeWsZRwxUP9DVT3jAUPaLzhq 3Ub1OjRH1wOa0ZtL7rAQpEbuP316dYFuz4wJSnmDu/JJTgFXu1ysW9fbwmQo /RPqPMSUvA9klcvGPggmScy16jRdN5LSvcmEspHaIUeyU3PfU0Dg0U5jLrxW Hid7p56QtwVI63m9QBYNqADlFE2RP832LslylYxVnCbDzj3AK8nwLRAv+Pvf /o82ajQxW+Nle64GDyczSCZ2sxZvoTzhy1fcPWG5CTMIKyUKFaboSsb0TeSx LtUvtF5O1GucGFEjPDczDVfAV5AcfagUsB1rC3crPs01h6SipaMcaI0qQsoK XB4ld5wOOaAFuzmBSa21jDu87lJmbZg4a+NK7l4mCwYcOh574rR0yW+XmHfE T6UcIccJd+ZvuX883ZY06qEXL/SStHR4i2ZoPqx5IbmmdiGWTEMz2aOsG/pV uwsiL30muCSutVIB0pHvgJ9LZag7TelnApVPXeoHPXkVr5S5IkodlurecOE6 Znt3vuepQAr+p4XufEhacThZjxtbwwAN2iyyXL5rVwVgrD344hZERtTWolor jJ0tPpj98VFqRtwdY/dSj6VEVewa8u5mcIqoaBMxcnVZIq2u5RLWrySksRRG lMZiWdClFNaLLrLHT8vgLmrxEuAXsTRwNVfUZ87nxpworTLqa1O4qt23yDb9 9l0RU2ZhlZw0YzRIltBciQ4vZHslX6mGHZdGTb7/llr13/DbwNNczcK0FmVS QjHaxZD0oJFlnQTADL5IuNZ103ewQSjdT7lceUi0sJN31+eK8EdiGeLetQug wQyVoOo40ydjqkvRmrW73JO4ODEzZtv+Tn9/Lzg6+sr/vDHLpY9aIO0TxfIv L9qDXqQeJ6TaTFKKi2M84c3igHUBATWqQetvnBmic4uyG114YGpWxpVLGCaZ 5nFLTSCP3Bi8L+uizMWi9JVqYh8e/Olx+SGh6lKP6hscq3cJSk/LSWbUt8Zs f0tuNFjZvNmWrDvsP8c1hy6F1REX2VOaGOiaXjLHVfQ3qG6nPek5vE7McVef nSvj3Pl7/uWGI8xhy9lRqClWE1fX1fu8uQhi8hE884w579uOfmN6qCWeNRqr aHs8nrjxZRSiPdD8+/5aIuIrul7Bzm+ebZr06GbKJxGFhARF0dM7XVz1Zl1W LqDoily7fFjpVliNSA1b6Id8464llKRPkaCCJFZvalxZZV88w+wr8Om3oi9y dx+tc+Na6oZsZ1+c47Z2NxLXtkUYQwtKaO9n1W2kc7U4AFxMJM28UrZ3ESpl ii4HtDyLVKlQhpt4Bncnt4kWv1xU0YW1ruf1ZKwPIfkF03fJnPQ4fev8jOfo X1bZZKWIK9U54CVg3fSw7/dsozp/fGS8/W4yrTtz8VXywDTAHa/gZ9ttVY0B pNKxketp6z7LS/BDrC0aNQTFXd2O7SF9atl/SM7n2ZrewJUBdjCjkObQrmHw FeJa0Xx7mSVaB6nTgobSoGGouStoJaIRCIzCyoV1JQrxYij651rn2/8MtTK6 bG6aCWo4St8mDiQS12HQnVuDJIOEvgsLB7CMwysXl/T4MHvxFmVdXJ8d+tfV y/ODoVaFCvBFjybzzz4HaPrSFXPss6x4B9OqCLxMMXhIS5MaA1GGgjo/Cxcl UuKXJ4IGt5ONeJydMgVmWtqu8ZfQO1JtVbfn0JC3KiYbN391q0vYQrijT3Tz OC43gcUu94jUC3JVjLglxYxFFUNlSMX5MCoEXFrMuTmlbwroHHcxhz1LJ/Yr Oevw/9usldX0WtrAaU02/fl/HFPNEq7qpGSPJYWleUbZKhw4fRIATQ3Gx+WQ hTUeyNoStv01fpwXQobh1sh0Effgfwa2PBhwg3VN3EopWnyFrvunwpwm9n+M 7eoJj50bhJITvrurqn2hwGm8Y1OT7NSdIkKhCv+uSgEzwW2aHf4h1hq7RVLT javgqW+7aiXFRuXAjRZ1g09cVc5dP45t8whEHeVnMGdhvVXzEm99wIpjGjeo KQ89EH7sMDwLIdICGdhClnuxKlxCZZwbqxahdpg8iKuoPsveM7p5JZYUWy9p /bW4IzgTmHgAu7jwV7xAhkjnURsXJyr1RVoL1ZROUdDEfo9X+NUj0xVyBSt4 uLrRVuFxMEU2Mzkdhy7yuH+6W3DIKiSIO+eKtI9PisFkMhPpcMH++pvCJINr XQaJfkazqJt02QoPYEArn7UvEtRFa/KmAdbERutEsxcxi7Qanp/BYAc1uwgz iUSXologPbmWsxV4e2TDQ+3Z6svba3gU6C4UozBimjVp6R/OC2QKu2POcRA8 mhm/kHdS9+O3rC3QFFapnjznJYkQ5vcil5krV6Try7aqGThgzVw7NojOW5au I+Ea3l+t8azgCY+8S6jsP3TrxH+0vWtwem+RmHvYeUKYQYEZLIqVvlgabDvX VAh1BJLYl1j8tFtzZ0TRR2+L1h64qBt4BlyEwgCsOkX6xUx2nSoOI6mQCK4r 5RwkldOxlL5622P1kV3+wdqVT1BSSYdcJs1/qHwdhZJtcfzK9xOWhIF5U9+K zZD4dwVezj5j2VetrTnVqUwjTcE59hSL1e4iCxcEfHzfvVgiP94BS0/fGK43 HrXBZrDAurmxdKjsafCFqrUWyT2YPG3U+Y494V0xNxpWZGMgnrjuoQNRohg2 Fzl3+qhTvrnRDD3ZlcxYiQMmdCLKLLfB8GAvAEwaB4IO4AGtrai5149OEAeV Px+icFCsbofuAIrzEFSzkIzbVvUu+SxFrKnZsv17NnAslJjm0axRzBRdeTDx +CXdAhlgcQVzk7Mb0gV0TzmJHMnibSe3M0QaFHCldb+AdDYhnZoXo5dD1zIT aZIekDq1W9sbR+WNZcQRYnqjW8YphSJB6BDPwC6yUBYIyGhpYUgmWKBCi0en PH/Dn5Edqn0ljk5PY+Suq+CZXECJc4Ycu1AmpyzU8vRAAkNEEjnJlO9wBgwA INKVUR2snBOEGTJruP5ep/roMcfOaZP8d2Ixa7lgXKoh+3Lx/V/X1vduc60B nHfcZ9wrVRYKYolyzLeVGHULMJVob5qWLqgd0RtGdHRIl4wz1Fy6uGIxrt5c X2qi0unJ8efPB32tzienuxohis1nRF90xbjjZaBXn3bF7Qpq1JzKd3JjgEVK DSF4+1XpEB1hQjFftzlRabFeEbKdqTUSOEdfHT8ob5D6ZUPpk/jSf7NZkGj9 V/4fqbq/ux5Gr53Ne2AH6dLQNLJrKR4QPCznd7SdjzJmZ9o6b+Ot9ZCVQAbi rTTn9GZB4rQ+TPCjw2xjuxiVD6wCCoW5Csgi0DToTio38+Qu8RRIhXhakNp2 HGeNqxH5JJI4WzqRcvtJOe5u0SCtXGATUYPBg2dZTyD7TXP5QM69RrILAf2F lOtfcW/peqvrK0P5klYz4JWNXka3g/jabyu8V9rJPkG3v9U29D7bIXyp9Wkl F0qyahg4ElG3i9r1YtucMWGaptCDmQRUZMjkY9LUTzmeypu3FSZfoIYvl09x e8YNG+hic71JF+OHYyrKv01Q2mHppS+DlY8jRWYwuN6sJMVsmPIyVamgI/da W6mywOawZERz5CbWBlqUtrBVwv9kZsGzxymxUp6t7YGHDn7nCiKlw8U8jCu6 rZjRohyH3s9eKmWiY8mrDqLl99L6I/3uP7O+8DfnZwb2Bf51qfztm9gXFh6x MBWoOkSfYUnOsZ5uUKQiF4HvBPLoy1E5jaQkEh8i23ZGLJxdxaw53dcGnLLr M7MbUJr7qq4QDFIy8RcXR3Z9SJ5l0W89AElN+E3i4QM8pxAEHwYs6/lcZH3v vZpVqh1tVOHTxAwHy2uQgeXK+oQ2Mupp3eKF7jjSYKGgBSQS4bw7vgKKUdvg QBpwyu0E2gVoRpQ+L2fDFCbAktsiBY0B4i4fWfoYYt8BdpE+j8z4b4qmrrBd /ayh/iBOgRZejvG0hap4EApt4KU1CnquA9c9XRTHJ/ef4NJdJOzeNzYoqih+ E+UpuewVLR2oN6BXbDJji2PHrYUmKvYZuqCPkLKg5zuDWcmlN4P5xBb8rBC9 2vm8g19zG2mhSKlxtsVj/KX6zcC3bUVnBx+Rprx1tVk63Mxla9e5ftCrjrrz Tn/wKnfk+5JcXBaYg9glhqOW8th09/SRjQZgpNZPqFgkAOxWfREDD2R0sXjO zWCvCwoqwTdXd+ovWPq8YHfO5WYgJ+3o1PsCaLyeP87PK2q+IpQ4mNiWiS31 3bryidFPu8K1cDbliKso6D507L3wGl+cN/lF1jv4MutNW4QryT8cH49P+r6O N3UbtzUMae6R8cTJNx8K6RYR1S6IUS7TWnGDA2eAq5cbJZnZr0DbbaXKics1 JxL+xyyu5RhsGdOGOgndxh+yS55gCCHgMr4g2CDDSODGQAUhpeIfpeFF6ACw 5Y11QDg/d69ZTCx4tbAmGtmHD8Ng/AJYhWKMTEmEFi5A7EbzxMvPaSXjNoqG 0pA0unRH4QFfLpGMyyNa/jNsjerSnBrzT1oY41/0f8ekBf5zFBlA4TQpmum0 Jqmc2UrrM1+dVa23aFu01VxUZMXXo0+c+/6+tMNBXE6r00YcXrgraJEdMh4T nOqcigt1HIqbKW73af6ZXs8eWl8gQ3yD0nuRzJBiRrvLJHW9iBclPYk6MGwf EFF+ca8NJIYG7aBzBH05kxDnrtc2Ldkhb4fHwgV/WYMxreb7vRwfP7yf7aOp xmpRV/aARtJypgmBx/seSjB0GhFjKJjo+0wa732Dtd7SJDHprnX5IrlgzTQR 1Kh2rJOd29UH4lhsSrDhpD93DVFEv+AD0hopg8yd1PbqIaSZ1vU60MSfa+GC /t2LCGwnXQ0FLW+cMBps4fD5YKYLNBTzloxSjO9CqWcFdwVJ/gHLCKcMcAcR 6Wi9gy/8tuIo/xH1u74VUfcPPdkcX+xkoZwuyH2kuEIMGgnvXPdg5cZDpH+f ofruAji6CALMU9hB5FF1dTV7dU7YEry8eejPmakSiCPtYclvGaArPFrTvoEn KTsTq+9cI1n7b87OD3wNXq6ZQXYvsVQaeeDZpHoGJeLt6l4lugJ8X21OVvvK cUcW5oNY29RIjAaAvAXAmxbiV4E3K7Z1EGUlIeRrXEc/Dm8wtriR1lohbQVS BSlfHvwyAHy5n9rsSvyyw9JpBS9Dp0Ms7Mr18Rmc6SadrbHZZFjN16rcFJWc g9Ogj7ULFO2tW85Aulu4N3/6xF2lR7/QZs/NaGmmI31wlDyIdoPQYgAvHKzW TbvulaKOm30B9KS2OvZBqna79IDMkyFLyoGJ1MSIZHXD1K+wzRpylcTTDspe UiHIO5sDmlNbi/ge4rveGCcRZ2fseakjWAq9A8VUsTIunyNNrvbUR7knAj1Q KmcFIktEpSak4pqrO1myJUtfhQffDfa4uosaRqEeJ9Lx9iK56qrEYNzQ6nHA LBFlRqax3NYTiaWB5jxxWq5FIhK2Ny9QI3jQ10dUr/BQhppM0ILLnSj1ffrE PxnpIsUJC7b1I6qHffB5Ni+5MiSYfcJ/YubEacFS3YqNPbWASfK7dqeDIFjF cNDENBVt7OccZz9+hS0OisRsEYrm+C9czOwrZVgSnBapXhtTRqhbhvjHpjJL 2vjX0LPPk8voa33vv3h9fnkwkO7v0NukdMtOInTpAaI0ZpVZCnSTyHkg5ZyR 807icJglLdsZmca1narNdnan4BcGGv24n4bJcNE8KswpujQ4S3rtKt9oNC+x BPgB76CRc2nRjGaceaif6LRr7fEsOsjtoi6J4Ka1JmHTh/HNAhoMzIJ9wKSF vI/y79UJqw0nq/kgiT3vXIY3YVzx9Fh4atfXczb0Edn2vZuQT/01IHvaaTak f039cKHxl2srsjdd1B+sZNS2e1HzQhRExjS55DMCeDsGcbihiIZlgH7qjy2l +DTq48IX7NGVMPNarSpJx+acb0WnZSilAnUXOg9Pt7emu8PfJ9LYrOgIpFKF druRf4qz1vu6Oe9V4aKtP1Itbtf5rEBJ9ym69KG+lfsdAxGkPGdc9MnneOgu sL8G2LQQ3m1Cv0ERXs6XgDm47jdMX65ChPNQPXr0gC5SJg4ckaJF082Ij5tm Pgr7pn0jjPiOpFdE2FTxCMJ0RNkiqSXRL4Ts0OAl7CPukR75w1x4IhTE5xSA 0FoKd1YcWWH3I21ovJv6+9kKlnZF0X0xXNpBVUMgwA+WuLlgs7k6y6HvJkbG 9V5wBFiMKOYR4WIBDxbdGOmg2pdt0X2R1XXg95V1aFh3+eqJy9ZTp3TcSFLL wjDLFXtSANZMOsyyO9feInEISUgT2+vSWdu6ZHkdNZVwg0gcPh7S7YF0T3WG sS8wogmkN1JyKm6pgdZljC0vfOmQuBmqx6p85TLLjGAbh6ohz4vuuubDGupY Im4ZtqS2WFSkw3taGbJR9JrWmV4bP8SXTRMS8LB4jW2z40BhGj6jSxRJf2G1 3hzv1kFCYxcxbjL04XFQPC1dF3mTl2yTRXxzJw/Peg4Qd5sSj7q6LFQYYstx xOMYQSCo3b0FaQp7vu+V9LOQFKTEjyRP39Gzdf/q7cWBZCRf+4Zi0mEkpANc f391kJ2zHvHa0vxdz4iko+tWmfDMF2qhxdxwgdOo6xUTr/X1yuM7F6woEyos i2HJioD2WaqVC42/xjTHQYGKAG+OQl96aICsMJMlfvr0bFcf2y9CPRIgjQ9L edAce424ToVEkz2D7CTJ3fd9ivLJXH0apNGWZSi2E8Bq7ur4djE0xT9z9+6n h4ek49FgwGyM62b+lyR867Zes2uVpXtcnR6JNJNk8ZqaNaxJQsRMuIMNtEZN g1CqVk2M51sozlFAsOHaefrOpD2ae8IXOdiWv/4X3k3qLGRlexdC/ijpWBUC Fowai7NQkKU6WBqXG3e6xsT3E2SHdtSC7v6DYyc+NZNW1xCaD/sCjgFC0wVA Inu95my8xgrNVBpRxK1GnWxCUT++XKW55XaoYptpORHaWm0IXTRRXEJVipMH O4JeUWTStc8IN+VLTbiwf2yESwl2NsEZ5sVtSrE//r6vWIkNHg6XXdBm+3xw wLZLbnqvxoksC6CggHKKypmSucvRzlBAXUvDsBtZIrV0kMsJGU4uFBA0rf9X 6+gPv6HS8ZeTYn9Yd5zqcR2RTS/KpjGkIK6NdB1oWfgzrbRbtYTj6sgM4Zc6 yIzcsgsuOFHanpJMap525vMxaGkkF8nvCOEa9fUmXu0jWDG8h5kNmvXxvYOL mFbEB9iroKGF1BmaKwP4wnoec+w90ly9iUs4YF4cY1U3+NCHb7tFBCJrhzvK GbVcewNju4/q0AY8isihT6u9tXl/zEzbbJRRDrhrtqJzCqFQ90BcoomtMKv+ C/Vbw3vni88qH8OmVJ0PGhVcnV/U7KKlP59F3Pt7ro04C9lAuDDYHDSLYXe/ PlD4TF4uOeWi364+q2aTASLDjJFIk6vOGe/aGPt3SVKQyHRNM/ItLCca31cU EyAbjA2mcdyM2noEIBH9YA+3Zo/2gYsJia4hr68n7dTlbCtUHPWfhTEnWq4H 47a4nVErXf54QpcWHpT4DR5RJ+68chNmHxWxR4aTD/39zpugXOm64SrKak55 L0aKxg4di3Ah8xuYZFJp1ZU9ZRsKPiJ1K6IQCR5Ah9kyin/2dss3zXV6gvrt LKKXrg9WzTN0xT3G2Y+ho3QtDKhVVVdTID0HSEFzsdE1dMNij6coo1VMo9pE 3t0bV9ftenV9PC/xswgpqd5089/17NcQKv/tQkA9gf8OLNZOiznTckLazOCb +sHHrhWnWTKWRzGVEcbG9bCJuBQQXKH+9PvTc1bTkgkQOXNWC+55dDFkz0m0 5jiivt/kypczdaVRvWkecddbO2G3Hv8Vii0KD2nkw5qfnDDKUd104vDXbBL7 USxwVVt7/SRoNZLF4O9k1Poy2jk2gV2LHxlKUuKsuqmLxpceHPpis8Ot5i74 qHbQWWhoi03LEhGMHWKkzHyB9PcOs+jnFu+AayBDlwFAzKGHUU1s1O2CT13L 4YgwzDleH1VWQ0kj9g+gtaRArVpQoeZi1PNKAGl+XtxfJiGBBLuI3Xx9/eb7 yFsZCplz0gG+RVVtjySWtlzau1pOjeMuxRIJnNw2TPBUsEa6KCN+Xxc1s7ch O6BlDc8VqFhK274m2RUpbVIL/xaRqF1iHGAK1bS5yzkCJFKhUS1LuCSI8FYY F0ng2l8gcs2r++yD+MaVwM/+dM0bSv97/sO7l/wAqFDrH0Wl7Z1ZKPq2ezdO zcfaGADCRsNQG6MpJmATyiFGD/GLpYJOD9aLjeCL59uEGG6eshoBEIv5aS4n WwlPjh4df6FD9jeHsL+FAe4sJHNnlTXiii+sKoW7+02hLkLKGXuFo537NZRY gN/P+XMazaBU0LWUONo1pK/Ly06Smc01X2MJ/HSz04HtApS+tnnmV4Jy8OJ+ jObR46X9hbN8rHyiilOVI+0bdSVXoQV3Ek3oQet9MVo6sMZMBWDCOoFavkyx Ua18LpjWa5PlMmeaFCEr/ui7FzrkDWTIf+a6dqBYzdJqfTXx+3P8Qjp7R/Xp f661Lo9+yh+uSZaW6LLxvKlvK50sOzi4ghrEkdjQxDuaWjWlmBxaLRBdMitP 1ESF6zmAN+9R6BsjFdZ4Eh74xECRQnp416F5Kxdq1d6/XDQ2J1ngmicEzTDa xURIKCexXHj8+MmTI18/1Lt2icQRXAPDRxOTjdar6tHR0J1fbmmFMeQikJK2 r9bSuzcSX4wGQsUQnZhA9Iz4g6U7hM0dTsMvhD0/KwRF6GYazhlDlMM0Hz7U 9JsyzbODrOEi0uIy3OoSJS7kENOjU2lZSqho7KUoxr4NadOCoOy8F+ORAq5J VTXE//Z9MYuDUF7iemHjgoX6vuhloGnXxEdYvs9e0onbPOvd734dNpZgzENa f9vT4p7Zjr7bHQp0SJMYmac4aZyVYRsuu2shAn31PjVPeigcLm82wi6NLi4j S1bUrGSoUDCbXR/1cuKglprD3fr6q4w14KJkiGNfi33fEtF59z5il5FHGbZ7 WlDWxd+3SJso6rJe0/m1lgnqPy+9ApLpHYmYvO9+2ZZHUQzARIBi9T1YjTAD K+Um0PDAXnLR7nG53oalSBd+y8h8sX6EMO8lCVYJqFd02aZnyvRdOpe+jn0w VHQ2k42231H9Ubo8sbbBBYzjvm8/vuW8EIxz6dMlEGl5DtpxuTmvea7vJBns 06cf3353ya0S+m9mb5ItV6Tq0JqXQhRxItlNUZduKii3bFkD+3ndCpRB1Hvk UxhSJ2F2TaUCNulFNDebhhtMMCVl3LqJEDMu5BhFEJJ6x5J0LQAlLXl8z+m1 NMF7YvmFLnN0kKRKCGf/CAEQ0t77ZyW3GUYjHTjt8JWcbfbOSJnmtSQWvArU +zLkIXBAFALRNPO1s6E8WFJ9Na6qpT/L3TkNnz790WxwwTzO3MOgnGNZfBZt XOc02gUXc+uvUFyVu945DIZtbxyetttPDavQatg1AvRbudECOZXDxjBHiukn iWdIf+Jt6FSh3cOTzC/Jhu2IwS5bSTr2XcD18Ls06TGmav4303VRxQAt9J5S wtuidKn7rdZ+7564QKqHM6Z8gxN7JFQAY1cUqv4JDJUmAKiKd7/H/saDpJpr cEhybEvTpokEJIpRRG4JM1lzexWfVlPF+b0hP3cL0xxiLkCAo1+uvgygLkG5 NFxSQyjp0yeMYMkWbkYkMasPjCj79GlhUbDobuEgW7kzP25HcgykwBvSdMbe uyRsqCcTdqVrhKvivamxhxwVFz1Vcz+TKfpflNqaJZUwdZR+pmRFb9zi7Rw1 imBTUY9AZBxz7YaoP6kGvSSDO/bdxwNJ3sVW7y0uCBwJhNCT6xqgLGbpsE+l 2FBa+ceVrUjbBgqiw83Nh0+XMCMYth4X/IG7suEoi/N2oKINKYnjuBPYqr8h 6RvZeY1x1IHjt7i3NpjHUQ1WXp9cwLBCp+KTid5twhL9kH//23/DlkwiH6cm BFfsvu7je3HT/0y/+AszN+Rq/3li/8LZrpu//+2/848ZYBEXXbheiMc+KkDp v432CefMPdyh/rPpUkZpbj6UNuRDTPN//HqUdkKHUbVeiM7Gmc+CfaJo4vUq Z8Wi4w5Qgm1CD0UJuTgKBrTuhXvBFb9g8Pv0/wYDhgm++y7MxEOcuK17APo7 L2aUfp9wWonjsK4R109RD2ZsWsdeaHcRRi+ARJBvaM0QMYOzqUd/sdHRn/zv afLEqLANzJNcFbRz0y1GJOxJavGxKmpHAAcnj484k5iYkwWC5mU1h7+SzvMP tSXGU5K1fXbTFNkLGs3wp5vsipTtXwxpM9uvGGavTPOLqewie27yohjSw1Xe mOx5Y2h38BPasOzSwsvVYrxFlZ2vESEZZi/Lgqjxe4uh30DlIib9R5i9NInn qA2C2092Lib1B4P31rMZyva+bIopLaAlrbKkSV7Vs//r/zTZOZ2Nt00WzWrK VXIUfi2nIwVo5trog7Z5xKgWp11xqfC6QjNmWB67zlcjJYVuLGsgpICga9hT tE8ukVnAmVF5DfAvzW6Bqf/RNvT3czKtGgAT3oCXVrRdfzQN2i0b/gdGu1qQ rKjo83VJHy+KCdHCHUUdtijCk/UZODWrE8iOdVp2xT5fYg8v7LQ0jedkiWLN RfSeZnsv4XqFS2LRLxguAWpugKMBPl8LwAemxnuKnzc6E+nvwnenW/R7IiZN /wpuFOb6BHibUE4D71bfJL9elJiWqx6kmo82kNKkymHaesAjLnwpgqiggWuq 4ZoWAE0uria5tFsalqqgLjkkcDWyLKSuAql81Rwx057B5X45TLdxstFqV+qQ iDuwC/LN++4YEF2FsrkRx0raLgpP9YI3aVGaOP4io179FsXS+2QEkKP1e7b2 gfW6ycZ1QBapTFYVEbca60Puf1SEgkACMCiAlQzNVaKK+3bHbmpSlsxo4kpI sBM9MGgEG9Tt7vJTo8sQnRI0u7O3Z99wtQbp6UrB68wl4XBElwai8YgzSZT0 Ozj1487pd91YGd3GbjDPu9iT9e76VXpNPTatl7vbezdXMp0KzYsOYUdxokX2 T2CU/wK8GqBe/zxO+ryrmObYhN6Z5Eut9t+uJwLKcKoLz527ZQz+yWHKbm9v x0Da4TWHmAIt5rDkmvSz+hCz+GfwLTrbm5CNygMlTdJN9/QLY46MDHB4ayc8 5qEa4IeoOvJxvOiWJb3m/wb0O5Zvav8AAA==in [RFC5646]. --> </rfc>