<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 4.0.5) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-core-responses-01" category="info" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title>CoAP: Non-traditional Response Forms</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-core-responses-01"/>
    <author initials="C." surname="Bormann" fullname="Carsten Bormann">
      <organization>Universität Bremen TZI</organization>
      <address>
        <postal>
          <street>Postfach 330440</street>
          <city>Bremen</city>
          <code>D-28359</code>
          <country>Germany</country>
        </postal>
        <phone>+49-421-218-63921</phone>
        <email>cabo@tzi.org</email>
      </address>
    </author>
    <author initials="C." surname="Amsüss" fullname="Christian Amsüss">
      <organization/>
      <address>
        <email>christian@amsuess.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <keyword>Internet-Draft</keyword>
    <abstract>
      <?line 44?>

<t>In CoAP as defined by RFC 7252, there is generally one response for each request.
Various CoAP extensions have individually relaxed that practice.
The present memo presents a generalized model beyond 1:1 responses,
describes different forms in which it can be used,
and introduces new CoAP Options that make use of that model.</t>
      <t>Beyond that,
this document provides implementation guidance to simplify prior extensions,
and outlines future possibilities of using it.</t>
      <t><cref anchor="status">This revision -01 has been created as discussion input for IETF 126.
It makes a first attempt to sort the proposals into short-term actionable ones and more long-term considerations for more kinds of responses that could help additional use cases through future work.</cref></t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-ietf-core-responses/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        Constrained RESTful Environments (CoRE) Working Group mailing list (<eref target="mailto:core@ietf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/core/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/core/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/core-wg/draft-ietf-core-responses"/>.</t>
    </note>
  </front>
  <middle>
    <?line 61?>

<section anchor="intro">
      <name>Introduction</name>
      <t>In CoAP as defined by <xref target="RFC7252"/>, in general, a single response is sent to the
client that posed a request.
That practice has been relaxed:</t>
      <ul spacing="normal">
        <li>
          <t>in <xref target="RFC7252"/> itself (and later <xref target="I-D.ietf-core-groupcomm-bis"/>) for multicast requests,</t>
        </li>
        <li>
          <t>in <xref target="RFC7641"/> for multiple responses following an observation request,</t>
        </li>
        <li>
          <t>in <xref target="RFC7967"/> for not sending a response at all,</t>
        </li>
        <li>
          <t>in <xref target="RFC9177"/> for requesting a series of response blocks,</t>
        </li>
        <li>
          <t>as well as in drafts such as <xref target="I-D.ietf-core-groupcomm-proxy"/> and <xref target="I-D.ietf-core-observe-multicast-notifications"/>.</t>
        </li>
      </ul>
      <!-- A server may want to send a response to -->
<!-- a request that it did not receive, may want to multicast a response, -->
<!-- or both. -->
<t>The present memo provides a general model for such responses, and
describes two concrete forms using that model, with embedded or configured requests.
It sets up a CoAP option for a client to enable additional responses,
and an option that can be used to embed a request in a response.
Further work is needed on responses for configured requests, which are discussed in <xref target="configured"/>.</t>
      <!-- [^xxx] -->
<!-- The descriptions in this specification are not intended as advocacy -->
<!-- for adopting these approaches immediately, they are provided to point -->
<!-- out potential avenues for development that would have to be carefully -->
<!-- evaluated. -->

<section anchor="terms">
        <name>Terminology</name>
        <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in <xref target="BCP14"/> (<xref target="RFC2119"/>) (<xref target="RFC8174"/>) when, and only when, they
appear in all capitals, as shown here.</t>
        <?line -18?>

<t>The term "byte" is used in its now customary sense as a synonym for
"octet".</t>
        <t>Terms used in this specification:</t>
        <dl>
          <dt>Non-traditional response:</dt>
          <dd>
            <t>A response that is not the single response generated for a request received
on the same transport.</t>
          </dd>
          <dt>Non-matching response:</dt>
          <dd>
            <t>A response that has properties
(typically options) that make it incompatible with the original request,
and thus in particular unsuitable as a cached response to that request (but
possibly suitable to populate the cache for a similar request).
Options that make a response non-matching need to be proxy unsafe.
</t>
            <t>For example,
a Block2 response with a different value of block number × block size than indicated in the request is non-matching.</t>
          </dd>
          <dt>Configured request:</dt>
          <dd>
            <t>A request that reaches the server in another way than by
transmitting a usual CoAP request on the same communication channel
a response is expected on.</t>
          </dd>
          <dt>Embedded request:</dt>
          <dd>
            <t>A request that is provided by the server to the recipient of its
response by embedding it into the response.</t>
          </dd>
        </dl>
      </section>
    </section>
    <section anchor="sending-non-traditional-responses">
      <name>Sending Non-traditional Responses</name>
      <t>Non-traditional responses are sets of responses produced for a single request,
or responses sent without a transmitted request.</t>
      <t>Where tokens are involved,
all non-traditional responses use the request's token;
in any case, they are bound to the original request
(e.g. by using the same request_kid/request_piv pair in OSCORE <xref target="RFC8613"/>).
Where message IDs are involved,
one of the non-traditional responses (the first sent, not necessarily the first received as generally the network might reorder messages)
can be sent as a piggybacked response in an ACK (thus sharing the request's message ID);
the others are CON or NON responses.</t>
      <t>Some established responses
(observations defined in <xref target="RFC7641"/>,
and responses to multicast requests in <xref target="I-D.ietf-core-groupcomm-bis"/>)
match this definition and already follow the guidance set out here for non-traditional responses;
<xref target="extensions-explained"/> gives details for them.</t>
      <t>A second response differing from the first that can be sent by a non-deduplicating server
responding to a retransmission of a request
is not non-traditional because there is a second request —
that is probably the last corner case at the boundary separating traditional from non-traditional responses.</t>
      <section anchor="preconditions-to-sending-non-traditional-responses">
        <name>Preconditions to Sending Non-traditional Responses</name>
        <t>A server may send multiple responses to a request if there is any
property in the request that indicates the client's intention to receive
them. This is typically indicated by a request option,
and rarely in external properties of the message
(in the multicast case, the destination address).</t>
        <t>A mechanism for eliciting multiple responses must specify the conditions
under which a token gets freed, as the traditional arrival of the
response is insufficient. It may also specify for which requests the
token can be reused immediately in follow-up requests. On unordered
transports, or when it's a client's follow-up request and not a response
that terminates the token, the client needs to wait with reuse until no reordered
non-traditional responses can be expected anymore.</t>
        <t>If a non-traditional response answers the original request, no further
action is required (this is the case of observation: ordering is added
on top of that to ensure that only the latest response is used). If
the response does not answer the original request,
it must be non-matching,
either by an option introduced with the eliciting option
or by a generic option like Response-For.</t>
      </section>
      <section anchor="responses-without-explicit-request">
        <name>Responses Without Explicit Request</name>
        <t>Endpoints may agree out of band on a token (or other request-matching
details). One way to do that is to agree on a "phantom request", which
is a request that the client might have sent and the server assumes to have received,
without it actually being sent between those
endpoints.</t>
        <t>As tokens are managed by the client, that request needs to be
generated by the client, or in close collaboration with the client (for
example by the client allowing a third party to use a subset of its
token values in order to set up non-traditional responses).</t>
      </section>
    </section>
    <section anchor="oscore-processing-for-non-traditional-responses">
      <name>OSCORE Processing for Non-traditional Responses</name>
      <t>OSCORE <xref target="RFC8613"/> is built with the general assumption that requests
are processed into exactly one response.
The specification contains explicit provisions for Observe requests (<xref section="4.1.3.5" sectionFormat="of" target="RFC8613"/>),
and a whole protocol extension for multicast requests <xref target="I-D.ietf-core-oscore-groupcomm"/>.</t>
      <t>OSCORE's binding between requests and responses remains unmodified:
Each response is cryptographically bound to an OSCORE request.
Therefore, any phantom request needs to be an OSCORE request as well,
and the parties need to agree on the sender and sequence number of the phantom request.
An easy way to do that securely is to deliver the phantom request in a
way that the server can do the full OSCORE request processing on it.
The server may process the OSCORE request into internal data structures at reception time,
or may process it whenever a response is to be sent.
In the latter case, it may need to relax the requirements of Section <xref target="RFC8613" section="8.2" sectionFormat="bare">Verifying the Request</xref> of <xref target="RFC8613"/>, item 3.</t>
      <t>To avoid reinventing the same rules as for Observe requests for any other non-traditional response,
this document defines a set of processing instructions which can be referenced when specifying their options.
These rules generalize Sections <xref target="RFC8613" section="8.3" sectionFormat="bare">Protecting the Response</xref> and <xref target="RFC8613" section="8.4" sectionFormat="bare">Verifying the Response</xref> of <xref target="RFC8613"/>:</t>
      <ul spacing="normal">
        <li>
          <t>In 8.3 step 3, "use the AEAD nonce from the request" is only an option once,
i.e., after the sequence number expressed in that request was removed from the replay window.
This option is usually taken in the first response,
necessitating the use of encoded Sender Sequence Numbers in later responses.
(Non-traditional responses such as Observe that indicate the order
of responses by a sequence number
may require that the request's nonce is used either in the first response or not at all.)
<cref anchor="maybealwaysfirst">CA: We could also just mandate the "either the first or never" behavior. It is unclear why one would delay sending the one response that has the least overhead, but that may be lack of imagination. An approach where instances can not generally be duplicated and are used at most once (as in an affine type system) can make this doable in a safe way. In the end it's a tradeoff between implementer flexibility and specification simplicity.</cref>  </t>
          <t><!-- Conveniently, this is obsoleting some text that's rotting away in lwig-oscore. -->
          </t>
          <t>
As a convenient effect, this generalized rule also implies
that when a server performs Appendix <xref target="RFC8613" section="B.1.2" sectionFormat="bare">Replay Window</xref> of <xref target="RFC8613"/>,
it needs to use its own Partial IV for the nonce
(which without this generalized rule necessitated a "<bcp14>MUST</bcp14>" statement in the appendix).</t>
        </li>
      </ul>
      <ul spacing="normal">
        <li>
          <t>In 8.4 between steps 5 and 6,
the Sender Sequence Number of the response establishes an order in the received messages,
which users of non-traditional responses may rely on.
If an option specified that only the first response may use the request's nonce,
then the one response that uses it is ordered before all other responses to the same request.</t>
        </li>
      </ul>
      <!-- Unlike the other items which all correspond to the "Supporting Observe" sub-items of 8.3/8.4, this corresponds to 7.4.1. -->
<ul spacing="normal">
        <li>
          <t>If the handling of multiple responses is not idempotent,
then at 8.4 step 5:  </t>
          <ul spacing="normal">
            <li>
              <t>For responses that use a Sender Sequence Number from the server,
the client consults the replay window before decryption,
and removes its number from the replay window after successful decryption.</t>
            </li>
            <li>
              <t>For responses that use the request's Sender Sequence Number,
duplication is tracked for each request.</t>
            </li>
          </ul>
          <t>
As a simplification,
applications that only process the latest response
may track the latest sequence number for deduplication.</t>
        </li>
        <li>
          <t>In 8.4 step 8, the Option establishing the non-traditional responses may specify
that error conditions processing a response are not fatal for the whole request.
This should be done when an Option allows immediate follow-up requests.
This is the case for the Observe option:
When an observation is refreshed, a response encrypted with the earlier request's request_kid may still be in flight.
That in-flight response will fail decryption,
but responses generated after the server has received the refresh will be decryptable again.</t>
        </li>
      </ul>
    </section>
    <section anchor="response-for">
      <name>Response-For Option: Response with Embedded Request</name>
      <t>A server can send a response to a request that it did not actually
receive by embedding the request which the response answers in the
response.</t>
      <t>The new option "Response-For" contains a request packaged as in <xref section="5.3" sectionFormat="of" target="RFC8613"/>.  The response is then intended to serve as a
response to this request.</t>
      <table anchor="tbl-response-for-option">
        <name>The Response-For Option</name>
        <thead>
          <tr>
            <th align="right">No.</th>
            <th align="left">C</th>
            <th align="left">U</th>
            <th align="left">N</th>
            <th align="left">R</th>
            <th align="left">Name</th>
            <th align="left">Format</th>
            <th align="right">Length</th>
            <th align="left">Default</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td align="right">TBD1</td>
            <td align="left">C</td>
            <td align="left">-</td>
            <td align="left">-</td>
            <td align="left">-</td>
            <td align="left">Response-For</td>
            <td align="left">opaque</td>
            <td align="right">0-1023</td>
            <td align="left">(none)</td>
          </tr>
        </tbody>
      </table>
      <t>The CoAP Token becomes meaningless for this form of response;
responses with embedded requests are therefore sent with a
zero-length Token.  (In essence, the "Response-For" option takes the
place of the request the Token usually stands for.)</t>
      <t>Note that block-wise transfer is not available for CoAP Options,
possibly limiting the size of the request that can be stored in a
"Response-For" Option.</t>
      <t>The congestion control considerations for confirmable and
non-confirmable messages apply unchanged.</t>
    </section>
    <section anchor="leisure-for-responses">
      <name>Leisure-For-Responses Option: Indicating Readiness to Receive Multiple Responses</name>
      <t>This new option indicates a number expressed as a uint.
It allows the server to send that number of non-traditional response messages in
addition to the requested response. They are to be sent without undue delay
after the original response.</t>
      <table anchor="tbl-leisure-for-responses-option">
        <name>The Leisure-For-Responses Option</name>
        <thead>
          <tr>
            <th align="right">No.</th>
            <th align="left">C</th>
            <th align="left">U</th>
            <th align="left">N</th>
            <th align="left">R</th>
            <th align="left">Name</th>
            <th align="left">Format</th>
            <th align="right">Length</th>
            <th align="left">Default</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td align="right">TBD2</td>
            <td align="left"> </td>
            <td align="left">U</td>
            <td align="left">-</td>
            <td align="left"> </td>
            <td align="left">Leisure-For-Responses</td>
            <td align="left">uint</td>
            <td align="right">1-4</td>
            <td align="left">0</td>
          </tr>
        </tbody>
      </table>
      <t>The option is elective, but unsafe for proxies
(as the option would otherwise cause multiple responses to a proxy that expects only one and that needs to be a matching response).
A proxy that chooses not to implement it may forward the request
with the Leisure-For-Responses option removed.</t>
      <t>On its own, the option does not indicate which kind of additional responses the client
would expect (though further elective proxy-safe no-cache-key options
can be added on top of that to give better guidance), and the server may
choose not to send any at all.</t>
      <t>Intermediaries may add or remove the option, and use incoming responses to
populate their cache. They may serve additional responses from their
cache, but in most cases the sensible course of action is to forward the
additional responses the origin server sends.</t>
      <t>Use cases for Leisure-For-Responses include sending further blocks in a
Block2 transfer (which are obviously non-matching and thus don't need a
Response-For), or serving follow-up documents (a response containing a
single link can be followed by a representation of the linked resource,
which needs a Response-For header that indicates the URI).</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This specification adds the following option numbers to the CoAP Option
Numbers registry of
<xref target="RFC7252"/>:</t>
      <table anchor="tbl-option-registry">
        <name>Newly Registered CoAP Option Numbers</name>
        <thead>
          <tr>
            <th align="left">Number</th>
            <th align="left">Name</th>
            <th align="left">Reference</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td align="left">TBD1</td>
            <td align="left">Response-For</td>
            <td align="left">RFCthis</td>
          </tr>
          <tr>
            <td align="left">TBD2</td>
            <td align="left">Leisure-For-Responses</td>
            <td align="left">RFCthis</td>
          </tr>
        </tbody>
      </table>
      <!-- Not intended to register at this time:
 | TBD    | Respond-To            | {{&SELF}}   | -->

<t><cref anchor="rfced">RFC-Editor:</cref> In the table, please replace TBD1 and TBD2 with the option number actually registered. Then, please delete this paragraph.</t>
    </section>
    <section anchor="seccons">
      <name>Security Considerations</name>
      <t>TBD</t>
      <t>The CoAP request/response mechanism allows the client to ascertain a
level of authentication (not resistant though to on-path attackers
unless the communication is protected) and freshness of the response:
The Token echoed in the response shows that the responder had
knowledge of the (fresh) request (<xref section="5.3.1" sectionFormat="of" target="RFC7252"/>).
Responses with embedded requests can not be authenticated or checked
for freshness this way.  Their content therefore is less trustworthy
than normal responses unless authenticated in another way (e.g., via
<xref target="RFC8613"/>).</t>
      <t>Security considerations for configured requests are discussed in <xref target="seccons-configured"/>.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC7252">
          <front>
            <title>The Constrained Application Protocol (CoAP)</title>
            <author fullname="Z. Shelby" initials="Z." surname="Shelby"/>
            <author fullname="K. Hartke" initials="K." surname="Hartke"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="June" year="2014"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP) is a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, lossy) networks. The nodes often have 8-bit microcontrollers with small amounts of ROM and RAM, while constrained networks such as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) often have high packet error rates and a typical throughput of 10s of kbit/s. The protocol is designed for machine- to-machine (M2M) applications such as smart energy and building automation.</t>
              <t>CoAP provides a request/response interaction model between application endpoints, supports built-in discovery of services and resources, and includes key concepts of the Web such as URIs and Internet media types. CoAP is designed to easily interface with HTTP for integration with the Web while meeting specialized requirements such as multicast support, very low overhead, and simplicity for constrained environments.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7252"/>
          <seriesInfo name="DOI" value="10.17487/RFC7252"/>
        </reference>
        <reference anchor="RFC8613">
          <front>
            <title>Object Security for Constrained RESTful Environments (OSCORE)</title>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="J. Mattsson" initials="J." surname="Mattsson"/>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <date month="July" year="2019"/>
            <abstract>
              <t>This document defines Object Security for Constrained RESTful Environments (OSCORE), a method for application-layer protection of the Constrained Application Protocol (CoAP), using CBOR Object Signing and Encryption (COSE). OSCORE provides end-to-end protection between endpoints communicating using CoAP or CoAP-mappable HTTP. OSCORE is designed for constrained nodes and networks supporting a range of proxy operations, including translation between different transport protocols.</t>
              <t>Although an optional functionality of CoAP, OSCORE alters CoAP options processing and IANA registration. Therefore, this document updates RFC 7252.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8613"/>
          <seriesInfo name="DOI" value="10.17487/RFC8613"/>
        </reference>
        <referencegroup anchor="BCP14" target="https://www.rfc-editor.org/info/bcp14">
          <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2119">
            <front>
              <title>Key words for use in RFCs to Indicate Requirement Levels</title>
              <author fullname="S. Bradner" initials="S." surname="Bradner"/>
              <date month="March" year="1997"/>
              <abstract>
                <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
              </abstract>
            </front>
            <seriesInfo name="BCP" value="14"/>
            <seriesInfo name="RFC" value="2119"/>
            <seriesInfo name="DOI" value="10.17487/RFC2119"/>
          </reference>
          <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8174">
            <front>
              <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
              <author fullname="B. Leiba" initials="B." surname="Leiba"/>
              <date month="May" year="2017"/>
              <abstract>
                <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
              </abstract>
            </front>
            <seriesInfo name="BCP" value="14"/>
            <seriesInfo name="RFC" value="8174"/>
            <seriesInfo name="DOI" value="10.17487/RFC8174"/>
          </reference>
        </referencegroup>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC7641">
          <front>
            <title>Observing Resources in the Constrained Application Protocol (CoAP)</title>
            <author fullname="K. Hartke" initials="K." surname="Hartke"/>
            <date month="September" year="2015"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP) is a RESTful application protocol for constrained nodes and networks. The state of a resource on a CoAP server can change over time. This document specifies a simple protocol extension for CoAP that enables CoAP clients to "observe" resources, i.e., to retrieve a representation of a resource and keep this representation updated by the server over a period of time. The protocol follows a best-effort approach for sending new representations to clients and provides eventual consistency between the state observed by each client and the actual resource state at the server.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7641"/>
          <seriesInfo name="DOI" value="10.17487/RFC7641"/>
        </reference>
        <reference anchor="I-D.ietf-core-oscore-groupcomm">
          <front>
            <title>Group Object Security for Constrained RESTful Environments (Group OSCORE)</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Francesca Palombini" initials="F." surname="Palombini">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="John Preuß Mattsson" initials="J. P." surname="Mattsson">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <date day="23" month="December" year="2025"/>
            <abstract>
              <t>   This document defines the security protocol Group Object Security for
   Constrained RESTful Environments (Group OSCORE), providing end-to-end
   security of messages exchanged with the Constrained Application
   Protocol (CoAP) between members of a group, e.g., sent over IP
   multicast.  In particular, the described protocol defines how OSCORE
   is used in a group communication setting to provide source
   authentication for CoAP group requests, sent by a client to multiple
   servers, and for protection of the corresponding CoAP responses.
   Group OSCORE also defines a pairwise mode where each member of the
   group can efficiently derive a symmetric pairwise key with each other
   member of the group for pairwise OSCORE communication.  Group OSCORE
   can be used between endpoints communicating with CoAP or CoAP-
   mappable HTTP.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-oscore-groupcomm-28"/>
        </reference>
        <reference anchor="I-D.ietf-core-groupcomm-bis">
          <front>
            <title>Group Communication for the Constrained Application Protocol (CoAP)</title>
            <author fullname="Esko Dijk" initials="E." surname="Dijk">
              <organization>IoTconsultancy.nl</organization>
            </author>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <date day="10" month="February" year="2026"/>
            <abstract>
              <t>   The Constrained Application Protocol (CoAP) is a web transfer
   protocol for constrained devices and constrained networks.  In a
   number of use cases, constrained devices often naturally operate in
   groups (e.g., in a building automation scenario, all lights in a
   given room may need to be switched on/off as a group).  This document
   specifies the use of CoAP for group communication, including the use
   of UDP/IP multicast as the default underlying data transport.  Both
   unsecured and secured CoAP group communication are specified.
   Security is achieved by use of the Group Object Security for
   Constrained RESTful Environments (Group OSCORE) protocol.  The target
   application area of this specification is any group communication use
   cases that involve resource-constrained devices or networks that
   support CoAP.  This document replaces and obsoletes RFC 7390, while
   it updates RFC 7252 and RFC 7641.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-groupcomm-bis-18"/>
        </reference>
        <reference anchor="RFC7967">
          <front>
            <title>Constrained Application Protocol (CoAP) Option for No Server Response</title>
            <author fullname="A. Bhattacharyya" initials="A." surname="Bhattacharyya"/>
            <author fullname="S. Bandyopadhyay" initials="S." surname="Bandyopadhyay"/>
            <author fullname="A. Pal" initials="A." surname="Pal"/>
            <author fullname="T. Bose" initials="T." surname="Bose"/>
            <date month="August" year="2016"/>
            <abstract>
              <t>There can be machine-to-machine (M2M) scenarios where server responses to client requests are redundant. This kind of open-loop exchange (with no response path from the server to the client) may be desired to minimize resource consumption in constrained systems while updating many resources simultaneously or performing high-frequency updates. CoAP already provides Non-confirmable (NON) messages that are not acknowledged by the recipient. However, the request/response semantics still require the server to respond with a status code indicating "the result of the attempt to understand and satisfy the request", per RFC 7252.</t>
              <t>This specification introduces a CoAP option called 'No-Response'. Using this option, the client can explicitly express to the server its disinterest in all responses against the particular request. This option also provides granular control to enable expression of disinterest to a particular response class or a combination of response classes. The server MAY decide to suppress the response by not transmitting it back to the client according to the value of the No-Response option in the request. This option may be effective for both unicast and multicast requests. This document also discusses a few examples of applications that benefit from this option.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7967"/>
          <seriesInfo name="DOI" value="10.17487/RFC7967"/>
        </reference>
        <reference anchor="RFC9177">
          <front>
            <title>Constrained Application Protocol (CoAP) Block-Wise Transfer Options Supporting Robust Transmission</title>
            <author fullname="M. Boucadair" initials="M." surname="Boucadair"/>
            <author fullname="J. Shallow" initials="J." surname="Shallow"/>
            <date month="March" year="2022"/>
            <abstract>
              <t>This document specifies alternative Constrained Application Protocol (CoAP) block-wise transfer options: Q-Block1 and Q-Block2.</t>
              <t>These options are similar to, but distinct from, the CoAP Block1 and Block2 options defined in RFC 7959. The Q-Block1 and Q-Block2 options are not intended to replace the Block1 and Block2 options but rather have the goal of supporting Non-confirmable (NON) messages for large amounts of data with fewer packet interchanges. Also, the Q-Block1 and Q-Block2 options support faster recovery should any of the blocks get lost in transmission.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9177"/>
          <seriesInfo name="DOI" value="10.17487/RFC9177"/>
        </reference>
        <reference anchor="I-D.ietf-core-groupcomm-proxy">
          <front>
            <title>Proxy Operations in Group Communication for the Constrained Application Protocol (CoAP)</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Esko Dijk" initials="E." surname="Dijk">
              <organization>IoTconsultancy.nl</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   This document defines a specific realization of proxy intended for
   scenarios that use group communication for the Constrained
   Application Protocol (CoAP).  Such a proxy processes a single request
   sent by a client typically over unicast and distributes the request
   to a group of servers, e.g., over UDP/IP multicast as the defined
   default transport protocol.  Then, the proxy collects the individual
   responses from those servers and relays those responses back to the
   client, in a way that allows the client to distinguish the responses
   and their origin servers through embedded addressing information.
   This document updates RFC7252 with respect to caching of response
   messages at proxies.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-groupcomm-proxy-06"/>
        </reference>
        <reference anchor="I-D.ietf-core-observe-multicast-notifications">
          <front>
            <title>Observe Notifications as CoAP Multicast Responses</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Christian Amsüss" initials="C." surname="Amsüss">
         </author>
            <author fullname="Francesca Palombini" initials="F." surname="Palombini">
              <organization>Ericsson AB</organization>
            </author>
            <date day="6" month="July" year="2026"/>
            <abstract>
              <t>   The Constrained Application Protocol (CoAP) allows clients to
   "observe" resources at a server and to receive notifications as
   unicast responses upon changes of the resource state.  In some use
   cases, such as those based on publish-subscribe, it would be
   convenient for the server to send a single notification addressed to
   all the clients observing the same target resource.  This document
   updates RFC7252 and RFC7641, and it defines how a server sends
   observe notifications as response messages over multicast,
   synchronizing all the observers of the same resource on the same
   shared Token value.  Besides, this document defines how the security
   protocol Group Object Security for Constrained RESTful Environments
   (Group OSCORE) can be used to protect multicast notifications end-to-
   end between the server and the observer clients.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-observe-multicast-notifications-15"/>
        </reference>
      </references>
    </references>
    <?line 378?>

<section anchor="extensions-explained">
      <name>Coap Extensions Explained by Non-traditional Responses</name>
      <section anchor="observation">
        <name>Observation</name>
        <t>This section describes the Observe option <xref target="RFC7641"/> in the terms of this
document.
It does not intend to update the original specification,
merely to provide an alternative phrasing of its rules
which may be useful for implementors,
and which the authors believe to have the same effect.</t>
        <t>When Observe:0 is present in a request, this sets up non-traditional
responses until either of the following conditions is met:</t>
        <ul spacing="normal">
          <li>
            <t>A follow-up request on the same token carries an Observe:1 option.  </t>
            <t>
(This is primarily in here because; Observe:1 and No-Response:any
could be combined; otherwise, the other conditions suffice).</t>
          </li>
          <li>
            <t>Any response does not carry an Observe option.</t>
          </li>
          <li>
            <t>Any response has a non-successful status.</t>
          </li>
        </ul>
        <t>Follow-up requests are limited to extending the request ETag set.
Responses are obviously non-matching by their Observe option; each hop
discards the Observe option for the purpose of caching and refreshes its
cache with the most recent one as per the Observe value.</t>
      </section>
      <section anchor="responses-to-multicast-requests">
        <name>Responses to Multicast Requests</name>
        <t>As with observe, this just phrases the existing mechanism in the context
of this generalization.</t>
        <t>When the destination address of a CoAP request is a multicast address,
that token is valid for any member of that group (which, for the purpose
of the client, is any server at all) on any port.</t>
        <t>(Except for that the implications of having received a multicast request
still need to be followed, it might be seen as a template for creating a
phantom request to any endpoint, if that suits the reader's mental
model.)</t>
        <t>Responses can only be sent for up to the deployment's Leisure time
(see <xref section="8.2" sectionFormat="of" target="RFC7252"/>) plus
the application's timeout (in proxy situations, this needs to be
communicated explicitly in the Multicast-Timeout option of
<xref target="I-D.ietf-core-groupcomm-proxy"/>).</t>
      </section>
      <section anchor="triangular-responses-response-to">
        <name>Triangular Responses (Response-To)</name>
        <t>The Response-To option can be viewed as a shorthand notation for
"Consider this a No-Response:any request, but take a copy of it, make it
into a CoAP-over-UDP request with that particular address as a source
and any address of yours as a response, and treat that as a phantom
request".</t>
        <t>[ It may make sense to add an explicit return token, and include a
No-Response option; that might allow it to be used even across proxies. ]</t>
      </section>
      <section anchor="other-current-documents">
        <name>Other Current Documents</name>
        <t><xref target="I-D.ietf-core-observe-multicast-notifications"/> is a
straightforward application of the phantom requests (the concept was
developed there); Leisure-For-Responses could help it around the topic
of joining a multicast group securely through a proxy.</t>
        <t><xref target="I-D.ietf-core-groupcomm-proxy"/> seems to fit well with the concepts
here as well, and might be simplified by it both in terminology and by
replacing Response-Forwarding with Response-For(Proxy-Scheme, Uri-Host).</t>
      </section>
    </section>
    <section anchor="configured">
      <name>Response for Configured Request</name>
      <t>A request may reach the server using a different means than that used
for the response.  For instance, the request may be configured in the server.
Without limiting generality, we speak about <em>configured requests</em>.</t>
      <t>The client <bcp14>MUST</bcp14> be cognizant of that configuration as the request uses
a token from the token name space it controls.</t>
      <section anchor="examples-for-configured-requests">
        <name>Examples for Configured Requests</name>
        <section anchor="example-periodic-request">
          <name>Example: Periodic Request</name>
          <t>A server may be configured to act on a configured request every day at 12:00.</t>
        </section>
        <section anchor="example-event-driven-request">
          <name>Example: Event Driven Request</name>
          <t>A server may be configured to act on a configured request each time it reboots.</t>
        </section>
        <section anchor="example-configured-observe">
          <name>Example: Configured Observe</name>
          <t>A server may be configured with a GET request from a client that
includes an Observe option with value 0.  This means that the server
will send updates to the state of the resource addressed by the GET
request to the configured address of the client.</t>
          <t>The considerations of <xref section="4.5" sectionFormat="of" target="RFC7641"/> apply.  How losing
interest reflects back into the configuration and whether there is some
form of error notification to the source of the configuration is out
of scope of the present specification.</t>
        </section>
      </section>
      <section anchor="multicast-responses">
        <name>Multicast Responses</name>
        <t>A server <bcp14>MAY</bcp14> send a response to a multicast address.
(This needs to be a response to a configured request as a normal
request cannot be sent <em>from</em> a multicast address.)</t>
        <t>Note that, as the originator of a multicast response is a unicast
address, the relaxation of matching rules described in <xref section="8.2" sectionFormat="of" target="RFC7252"/> does not apply.</t>
        <t>The token space in CoAP is owned by the client, which is identified by
a transport endpoint (address/port).  Here, the address is a multicast
address, so the token name space is shared by all nodes joined to that multicast
address.  The assumption for multicast responses is that, for each
multicast group, there is some form of management for the token space
(and the port number) that everyone can participate in that needs to
join that multicast group; the specific form of management is out of
the scope of this specification.  Note that this means that multicast
responses <bcp14>MUST NOT</bcp14> be sent to unmanaged multicast addresses such as
All CoAP Nodes (<xref section="12.8" sectionFormat="of" target="RFC7252"/>).</t>
        <t>Multicast responses are always non-confirmable.  The congestion
control considerations for non-confirmable multicast messages apply
unchanged.</t>
        <t><xref target="I-D.ietf-core-observe-multicast-notifications"/> provides a concrete way of communicating such a setup.</t>
      </section>
      <section anchor="respond-to-option-a-potential-common-component">
        <name>Respond-To Option: A Potential Common Component</name>
        <t>What has been called "configured request" here may also be triggered
by a usual CoAP request that carries options that ask for modified response behavior.
<!-- a "Respond-To" option as sketched here, or a more use-case-specific variant of that. -->
(The term "configured request" is still appropriate as the server
ought to be configured to accept option of this kind; see <xref target="seccons"/>.)</t>
        <t>For instance, if a single client wants to request a server to send the response to a
specific multicast address, it can indicate this by including something like the "Respond-To" option sketched here.
This contains an opaque string with the port number as a 16-bit number
(in network byte order), followed by the IP address (4-byte IPv4 or
16-byte IPv6).</t>
        <table anchor="tbl-respond-to-option">
          <name>A Potential Respond-To Option</name>
          <thead>
            <tr>
              <th align="right">No.</th>
              <th align="left">C</th>
              <th align="left">U</th>
              <th align="left">N</th>
              <th align="left">R</th>
              <th align="left">Name</th>
              <th align="left">Format</th>
              <th align="right">Length</th>
              <th align="left">Default</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="right">TBD later</td>
              <td align="left">C</td>
              <td align="left">U</td>
              <td align="left">-</td>
              <td align="left">-</td>
              <td align="left">Respond-To</td>
              <td align="left">opaque</td>
              <td align="right">6-18</td>
              <td align="left">(none)</td>
            </tr>
          </tbody>
        </table>
        <t>(No allocation of an Option number is planned at this time.)</t>
      </section>
      <section anchor="seccons-configured">
        <name>Security Considerations for Configured Requests</name>
        <t>(Clearly, multicast responses pose a potential for amplification, in
particular if unverified sources can cause them via Respond-To.
<cref anchor="xxx">XXX</cref> Discuss how to mitigate.)</t>
        <t>A Respond-To option can be used to incite a server to send data to a
third party.  This ought not be done blindly, i.e., only with
considered application assent.</t>
        <!-- .oOo. -->

</section>
    </section>
    <section numbered="false" anchor="list-of-tables">
      <name>List of Tables</name>
      <dl spacing="compact" indent="11">
        <dt><xref target="tbl-response-for-option"/>:</dt>
        <dd>
          <t><xref format="title" target="tbl-response-for-option"/></t>
        </dd>
        <dt><xref target="tbl-leisure-for-responses-option"/>:</dt>
        <dd>
          <t><xref format="title" target="tbl-leisure-for-responses-option"/></t>
        </dd>
        <dt><xref target="tbl-option-registry"/>:</dt>
        <dd>
          <t><xref format="title" target="tbl-option-registry"/></t>
        </dd>
        <dt><xref target="tbl-respond-to-option"/>:</dt>
        <dd>
          <t><xref format="title" target="tbl-respond-to-option"/></t>
        </dd>
      </dl>
    </section>
    <section numbered="false" anchor="acknowledgements">
      <name>Acknowledgements</name>
      <t>TBD</t>
      <!--  LocalWords:  CBOR extensibility IANA uint sint IEEE endian
 -->
<!--  LocalWords:  signedness endianness
 -->

</section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA61c63Icx3X+30/RBquihbKzIkCKopaSZRCELJRJkAFB044i
p2Z3enfbmJ1ZT88AWIOsykOkKi+Qx8g/v0meJOfWl9kLpSSmRRPYnenpPn3O
d75z6cmyTN2M9SOlWtuWZqx/rbQ+rU/ejPVFXWVtkxe2tXWVl/rSuFVdOaO/
r5ulU0U9rfIl3FE0+azNrGln2bRuTNbIdS4r89a4Vj3QBfww1scPj7/MHj6C
/5S6NuvbuinG+rxqTVOZNnuBw6hp3o61rWa1ct1kaZ2DZ7frFdx9fnb1vVJ5
1y7qZgyTzOCv1jyF07xxran0c5hZXlX0Td3Mx/pdZW9M42z7t/9s9fPGLOGi
q38+pwtc2xgDT3tTu3aWTxf60aOHjx8/pO+mtl2P5Qb+oC7gOS+y46ePvvxa
PumqtoGrfmvwoWv6cLWoK7juHx9/nT0+PsqOj55mTx59fXxEX5plbsuxnuaT
+jftX+0IZri5jkVjXWvzSp8s3d/+y7neff7L3+RL1xnnRtN6qVSFa25hmSiU
y+9Pvzr+8hgurvMV//70ydGjsa4d7o1SKNqN6588PoLvJ840NwY+Os9ejOJm
8n3ZvKm7FTxu6UeKnyhlqhbFBfe+PXv5/RgHbRfWKXVjqo4eQxfD8kAtQKNs
ZQp9efb2ataV+qy6sU1dgZxbpwen9eXZIdwgK4YH/QbnIqKa23bRTfjz7Hb+
xV7NU0plWabzCT5u2ip1XpFS69zpwsxoApM1TlSjuIa6XZjGaOv03FSmycty
rWEjtR9Qg9C0QR1pzF9A9O1I/T5vbN05Htbcgfahqjq9yG9goKqwN7boaKDG
lPkdPLBd5K1e4Xzs1IzU1cLAb8bBwvXSLGv/i9O5n4X9K9y2BM0r9cSs66rQ
R+OjMCk3VIVx08ZODKzKzmawBBgL99fBDPTtwsKEbQsKV8H9unOmGKocRrGg
uHXRTeG+ytzyEl6vWpo/zXKZX9P1up7JBziJkVLPeRr42VDhJmuAgQ43D6Zf
w5JhSLtclWg3bY4j6nlni7yaGt3W2uF3draGiy1KNIiN51V3bQl74/SsazvY
j1UN9j+xJSAQfAhz6Zyt5rAkmMmPf3LwgM79lPw41lc4pcbcWBxVZw+PYD8c
LB7MftoYQKGCVMC6aUfQAqJYdSQzwhd9dPxkRDZ3zkLAzZhZABedt61Zrlpa
Rd20qDG4ZJhiXqK48XNApjYDOFtq3GQAzUlpUI9glAo3EpZU1tWcL5nCskFe
Tc5yxynQFdegPLTYsM+8BYA3ZaEXplzpvAigjJs0zfkiMLL5wssO0PV6xGaw
tEVRGpTT3d0dCOkPf/gD/NzMpqb4iaw1O4PxEFXBTlgzaOfkz/0D0peP6tvk
zz6Tur/PEHo+fhyiCooeD0GKuHNlYlGwT6T6IDcQpZqWln4jG6kd7lO0tavU
cuKOimHBtD/Hh4VHg4I4U870AKWOPqiB777r41qAr2xi3cePhyz/roQn5LDb
8mjQSz+0ACSMHq5cJevBDSzL+hb1E8yNr2YDkLHCUN8h6H795CsZqqpblERB
d0b5wIoBPXo3fX30lb9JxuR74FFiH+HuSVlPr2n2IKxbU5b4LwxEiAmS7wAZ
4JNPiAV0+24NT0MZbl0mwsiCwDJYhZ3Bj6TMHz+C5n3zK1C9E00XgsDytb7N
eb9xtelS4aMs+zXfEHadVQHQq7AFyagxUwNea9gbKu5YHG8YRwNJTep2MaJP
dgCuIFYAXAFblDCJKEItyiGB2/a2RgMGTGmNIC5jU0TLob4FdwXOe2KKAvQZ
xoQ7ZnYO1lkEBRupc9x+2JMO7JotqiYoplnk2htGrQ3jSWL8iSfAbUK941sZ
MCLs0+04kUS+oA1RZiP1fdegEyTcQOOsjKFZVz0V37mGobiaHGBHoNUUrLbx
6qgTDENxk3BfWLLigiwuAPFhZaZBqWh01AMAI9AfBvK8uKmn+XQdByOhFSgG
2gyDlrSCjQbfTa5paQoLiFCuyeevaVTRA5LSqobxEwXqEI5aZDgg75wIDcuh
MDemrFfLgFq3jM/o/mGcCcJyY4DhlMnszE1eduiFWCOVevBAX4EzsFVd1vO1
jpCLLsJ9VKS0wJVxW8ArHLx69/bqYMj/6ovX9PPl2T+9O788e4E/v/3h5OXL
8IOSK97+8Prdyxfxp3jn6etXr84uXvDN8KnufaQOXp388YB0Xx+8fnN1/vri
5OVB2J/g+lGIvGbcnGaFVoH7EwxGtOFXz0/fHD0GUBnc3wOeHR8dfY3Qy789
PfrqMf52uzAVP7KuQHb8K+6Vgo00eUOKC4A2zVe2Bd87REUA13tbaSRxoGWf
/4jiAdf2zWS6Onr8a/kAV9370Auu9yEJbvuTrZtZkjs+2vGYINLe5xvi7s/3
5I+9373wkw+/+Q65ks6Onn6HmoSKQrziYLJuzQGacCdmCO4QLOdWg2G29TJv
1ojAaBiIfG5d1dV6iTqtDuppa9oDECEqZRxg2xrB526Ghx4mxmoMsB/BnWDc
kekiZ9rkAYy8qC+Mdx6eBO4LYGMEaHAnhEganljBnQ1SQJwBhDLTBdr6px6P
jAG5mmmQSMKIAwgpYSVE8xl0DhPiaxFkwAmuYKmIuITjOIO6sXPLaxWXrklR
ISoh1Frl8IBpV4KSdpXrQD0JsFHMUwSgoufz6IF+uYNJ18JozHhhWuFuwqRV
hzSG5kADiayATlt8mAxyiNR1m8cnnrZKJYYIL2ZLzh7nnM/QgDSG+MDOc2Ty
tEj9HAnFcRyJZJInYQciG8ULRD101YG7afTf/kN+dxDL4Jwqio2mtOGW9zU4
JNebH8zjdMvX+N1NKEJjGNtJRZhsIEKAvpE7A7JAj51ggE7as7StEKfOQYTG
PtcPmeoa8qCu8v5nCqNUpiRppCzW3IFhtOQqYcpn3t3vn7B10eNM1um8mQuj
6tsVeX0QJxgvPDISu7UwCg6EOPDgm7wnVw/0W+GT+1I4br/5OkJzYiS9GGTF
EWMRVE/MWAyBOKm/ligWagi6zzxKPYoFZvmeQu62vgYsomfa6qYubyhGBXiv
9s6vcybVm88cD/JM0bavKRxKvPuk7qrCi3bTgtXAjOYjlKqnb7L38v2/Xtvi
C//zyt6AiVvSr9dvT19fnlFgQPkQ8FwjWdLSOJfPjT5/sbkuTClQRG0+sbwB
fs0xJ8pxSMhZARrCqI0tWWH4e4+RCDExcUHDm5aI3NLOF3gdsAck4Twzd6iE
G9JGET6t7Hy+nuTT6xSkSKD65PR3OKkOvSzMQKQUpR/Xe/hMkZDR8njtp68v
kPhewD9hhbD3b2sQMdwNCGddiotODZLQKUaWGzEY890kQK53xG4SOH067lME
N8Jn8GGWySbS6RKgpVhLYEeLDrkMsA/ihrThHMXt2c9n6v4+5jkyQIuSEmDA
guawd/jUNrclk0p4xhLEg1HTtE5WKDiLsp819TJRgZTp026CKuc0G4CXblUS
esFtjDCKByRsAJkhkIlxcjYElDN4YCVOe3NlEzPNxQQ5ZZbH2TLK/fe//btK
kG6ST0QrS9we2AbQVLJSDHLxczJR5iXgQnnC6SNpzXslPGIe/aahWVhxf/Uv
AcFeeEph6Y7AXgQlTmqWLLxaK6EV601nxusXV8fOiSO5zxxHMByn1d6GFW09
56/gv8hPoruknQ1+ity82AFYGl1JCbUG1xjZjgccsVI1kIlGewl4iVEYyF7C
raIAEbhDUselQe9n3ZIToaBVljZph7SWHQIXcUXe9LgpCnYZXTIHi4zagFtg
qbMGuAgRebwj3ay8aSxQC1mFSh2vBYo1A0KKUh1xwg4kVLo6PB4ny08LmICD
8IPFaBrDLDdGhihItvkMYvIQqOvXFTAkAlJgpYGHQvxBTzHIsz9zIWL/zG0P
QrCCNhUZBBtKSzFg0BSa4DBRGuJqpIm3uWXXyhOHGbUWnaXHeJjaftciSw6M
BRQYU46wxeczQY1dN8J17hYRfScHxofPOHmgOO2pKQf7l84icRu0XqUXnKnE
rUwwfqxp3kRnMKAH2FJkGauQfKbch8OkJv1KYSHDScuRQtQJ3MtDUIaZSjkR
RKqGwYxXsofMg2RJeyd9ojxUxhKXRAMMKZaQQy9ifBANgy9CVkRWS87ZTv29
pQVa7mEoA64tEBaQSb8X8nR2t6Ix4SsGZXVWFZSjcKzuc7Ac8kTIvDloDqY1
gMczC5YlhiUpcTqHqNWGSXINUgoEFTGPh8bhDlZg/RA6+nEOJOOjCP17kJfo
LHMPSogwz6BIKZDd3LluyfBK13gyM1SeOcKyQaG4iDIx7MXQwwG3wfQvXAT2
Y7w8EKhcyieXeQWAFzg2z2rYD7uCXU2MipHoxh01Mb5pWWOuHWw6n9SctY87
L0seYBQtcVN/FExZSHYYyUZTULBIYkczBh/aTYhUMOPnDaSYingM8zfKnbaY
Kdxr44fE/4WdvmlqpI1EG5CF7XeE23QWtWDS2bKNi/RJUtq5JNHoIVJJMg2f
SZwNDfcOtnCjmsa1r352D7wEaGRF4RRrPMVILtRGXjP3i0g+uL9/axhvHo+O
Ro9GX6LwIh2XnChoal3StNoaNi/WnPZk/KMMIlek3CWLCGB9YplXeD0Md/Y5
aYNlW5h8Vy1roG8WCxVneZJURglPm/WqredNvlqIvw/hSh6CjKQOAgAP0zZD
CnQ2rDJV5u27fSGAxULVq5wJgs8DBINnIyVfjdc6HABJr8T0Qig2nj5SJ8A/
crfeRBMghx3zE5pbASB5IxC8uQCMN5RE7G2KFei4Co7gMKO6ubRV1HNE5lYU
LFI7uYAG2LiXtJTSlmgSRd7m2BjQTbGI5nTOQZYou10ainTTIdEdg/M3BGm9
veWNQMgaYbFMPFYr3HeId+JAXvxUzQoc0lLrAQfhQdHV09GxHvweXMls7eMw
cQyHPeXHwc1SP8JMHmzsTW1RMyEQRd7ZC3O7Ele5x8Qo1AdFYyeyD3M2C8Ec
s3FcQICWbI+tWLhk1kzNAg+jRBL5UyRTwuFkthB0S6KO9tb5mcdCeZSS009H
j/QAwK/FD4KceLaHpNNPR4/VliD9BakkqbgIu4dDutas9KOhPvAZiJOzkxco
FrCNEJZ5F4kaQEwlUga8ELNpdmRGYMGzVsxg08AAAhsPoX13dZsTrtQY8ydP
hJASzA5gqb7FFCAFEZ6mOM5yIWXK0acI/fcJBL+FWlIMts2DyKQBAKZWY67q
LUPCWz/bC5otuScusiYRmdaD/QkmX330+taLlYSbwZMw85tmoIhJbciKWkXW
3mIibsTsBG+Pz4YLk9spBC3FWK68jrAN5cc/wegTk5cASo6u/gmzo1TLOa3R
nNC3czGJWS4wW3A3HHJjkqMFf0PTgqmAQnLiESEOpXZr56JoUg/S+oQiiDC0
NhD3T1sZP20LQf3naId6KiitzXUotJ7cox9EgVyevL8/Wa0wIr7Tz8FdAo5c
st68J73ZwA/U0sShoCZgFQGLLG/QbcB+nv/epyxYxrjnbNGev+2ec9QzKkdy
SUtjBwchnt+bXGZ7SL0eW9sw1qcnY/3eSFsECeLPSN6B9RVejQ5ku+Ne4xYj
VB8A5ADrtEC9MXJE9aimJVaXbhdMVricB95KMgPeKHptQaG6QOBukEeAbTYL
k0M0O+lan4VH/gpGMr0mfrfM5xJljzQ4TV+fxJ2jdCHIoppKuIYKGVN7MIpP
6lD4VhDRJc2msjMlsEHdB1zth/vzGYIx5hMAZ9aAYMtDGpcqA4LbVGegcjDm
/9F/j7Q4LEyJSFiLtmzq2SzwntDnAxKeleaOO3XWzBl65I7bfrCnbhTg9HEY
B2HV6S/pvidDUmOzB2w89wgbEHOIjoCWaHJIxUh21Kc9cWzWUJBYQ651f6zM
sELMFeEMA+QA5LI639MVAtINPMEhtpPVlXcD7cJUe1SqwxlY0kuJ6kFaSPyo
8uljuiRBtZm39rX2dxXFmiErS7zAe16qotaN5AT9MAdvuxUmNlDhBaEPMDrJ
+FYQGvjCL2ADBZTiCDSTr0bIxgnOPkep4ZBA84qS2NlsV8pIEo22MEuutQfp
gChQU8jxfjlGfMyoNLXRGsUR1B6VCX6SEXFI7V1JYIZ9WDAnt+1LvcwLQzSd
8m14M/N89MKOa6sbD+oPwn4efB7CHnY8xuFGn1pQX2t2L47nE/K87O+x5fFa
CjX9nkXvX6QNT+6hAt8qDOESpU5580a2RTwvPSz9fpPMcK9EMsUUAmhjn3Km
iwuX0aI94H7aRIUmeudnmoZ7VHweOOGeaXOV9JLMgO6XwY1xpBikJUTKLcgT
IPSSXyC9rPx0KaxPGkt2ZQ79SGkSzD/TcyBGFuyVfS8PSFvIKKE2g+kvKE2a
4F9FutRLQuUNKHaT6E5Sy2KZtbYsuVsDgBuzNDxFYmEZf5JWeuHiWW7LDTtA
9xb3IiZPUl5LFGRBpFWwmLWalsIjT4J9cbF8DkEz5TDS/JhIexx70Gm5odgq
QZC+f+BnlIGAPyYJfvR5O/rO9reb+cyTkqn3K69pqp/BtOeWfMKUPVHIWo+4
TQN7bsWTHKSrPIhZkDivFdgXpbFyKWj5WPBLiEhSzjbS1EnVi0ApK+37pSh7
hLqGBT+VSqFdWJeghPqgL2oY7oM+hb/v4O8F/L3Ef9HF+D8f6CAASO2Dfmmq
OezHB/3CzHIAU/1Bfcjoz4cdf5M/H/b/kMEY+ur5iyOZR5b87enGBxBmDnOH
Hx5mRw+PH8EPA0ANiORgHvdj/aCdlFmqGJlvk8MjD98eXC3MLm3D7SjdtweN
LpP/wW8H0pdFjQNXlKmbmGmNycylySuqjDtf0LP0wzINZZ6paDf9HsGYSmqk
wEYOKNTTYd/+apo6K1ne9GzYqME54qZD2GUs3VArv1xqaEaFBP80NZFMeQsw
shofMSIRLWj+EA2pi7oVekItHdmtddKPM0NiIQn2G0AKsmRcftpZPlShuaW0
SxvzEBi8b00lqWq2dcOhcK421vVavCjtBtjOHOtXkkxs6nJXizU1JILWEtZU
XCxJP/NckTwitsRg4QvMjzL0oOcW6xD49Cwm6z04nXMIiwu7hAgAkyBEiS4F
QV556hNvvX9QypColkEtSMGsS5Ei1hLz7TwBlfA7S5mm1vukBIJ90y3JNabx
9hZ8ghRspXy/aexOoT1KivZYtpRmi5jzClFgVxWd4UBKRd+QVF8CNv4y2Pm7
4s//BoiOYXwtM8vk590K8YH2gi44yh7zXB/6WQdE2rnzO6DpU0r3sxgV00Cm
RMeBDdQT2hWK9dAksPkL8wcDiWPlFg6AKWogS+eq/776OHeQMQej8qJkv5Ay
5UHz0gS13mrdg1D/JB1ouqhrJ4W7to7xps+cwuRv86ZItVIFGrRbarI2yaFh
Vr/yiY1huvhQMAxpKfbyeDiDuiR2NGEnQYVi4bEksAQqJzO4xdrvBK81o42o
6ow6+zJs9pVUp+/SyQvpxN4ois6JlhhKKfvOlMPhZp0NJKVYkl6QzIOqtc90
0bEP0xCDpZMEVFksqGWdJZWIhsenhBD2SKb7h1ur0mZF23C7ogAEN1kQA9kl
Ph8/2UbRXayogPuU1/CHXAhdHPVlTuuu4RRlrDvD8hK1UHv3ifHHywglggXE
d+E0DRrGbhWCZZddYUJSyO8qH7lgPyXdksE5DmKDfD25wXNjYBq9ZszQRgpB
xmdsKTBO6u4OqRCJE+Z6ng8zfN7d6UHCbYVJ0tBKmvUgBL/2XpXvj10lcjCC
ww3xxng9wzwIGnMWvAq24rxPmTDlRdC+1fby7vIcc3igZCcXJ3QEMLrkjSNF
Vzu6/ouCh4nHa8REK0k/i1tKqIbymenGzK1rGzComQqng8bkaNgH7nctl74c
EV3JL3AeKWvVmzw1Gf3+/h/wqOTHjzr4lk95k/Ry7z1YCllYojiMC3MLqnVJ
n1LeKJGLz9ijb6Ds0EV6nIJKUHwb92WhNdklnt+kKepkRUV2VfflFaeIv1Ey
2x8x87lECvCGeoV5UkmSgHhJVqj9JIXYap1ucmwDaMLCCFOqMBzwC9NKRhN7
yKikip2GWH3ErGRf8YB4OTNFfrh5rA2mkbB7cStfJMzId0IlLCue0cnd1DRo
eGB1JZ4QIXTqMBBrvUoP+DSTs0ivUdDkHOBm2M5VjiS/bTGD02DDVOnTL/1m
ZO6sa6mNhytaFFIT49zIkY5pNUzsYfJ12ngti8LTEy4tntAeU+heqOuqvi1N
MQ8kfUCPOgxkPSnEQ0w6OqKolG0NDP/y50Idn+VGRxcFJQemFgZTWQrROC6Q
Npmy1KgDlkh9y+dwfMQEF7Dkms5hJ2y7WCtqA6fT0r1uYhZx/9EbDeTUJDzU
NzZX/YbfqF77Qo3+SaldR6RED7ONo1J0chMbchX2wecrfRbPGJ/5JlJE771d
HaDjOxtPewr///8DHCpmqlSChB7PRTeSw3NbeS9NJ4DwJDo2nghc0BEU0jlL
bxsgL0cBTsLOWsOZ625VxOKhhBY9TzJUS0P5/DYc/KP6SEmVf6ZjiyZ3kqZG
UkglZnF6UsMB3oMpXNzeQEfrRs7fxUQQv6UAj6kCMvCBMD4Y5tP0XNbjLvjK
C2P8kO2ajyjK+TxpsuMjOHJOcCNuU6k2YzuglL3EXqPnTPKiFnMVLVW3T3Y0
KvaO3Ei7ZEPcMI/TPZLdo8TywKc4V41dcqO65RNZvmP4WXIjiuuiDk5uzO9P
mPpMK4DdBHX1WYw/hkkRI1kHt4Bi6IArqdY7ev5w5utk3mHWGzcsKIpG2SbJ
ej5ZDqN/v5XXJWOmVIYcsERj28oOnl3l2LfWpkj4CR7ITWO22ZjsM87kL+qV
QvjIm2KnGfms8qpr8BA1agBSaU8wfQ6ZyhZMsqPHJZaNyU48d1JRlnBl+klq
6kcDWVymsd+r0EJ16fvA9tCkCAwn4g2koV/Um+q3ZIQCEubO8hnn6HUFHAjx
71ol8BCrzL7E8N4X13b0NHObe+/YDzUyJoeJ+cKhdOeSAcAlsH5bhK6YpYkl
SbiKusWE6Q83d0KJLfqWQu4eD62QFIcdUrMl9nXx8bbB2R12HslQ4pu5kipe
BgbFIjaFYP4kyHZLm+J8f3Lcy5N/7kGidD9lbbDwQKVeA0/hYkbD703gOGKz
X4u61Nbat2AOuTsee746GwpqGBfQKRGILkrFL5I4THUICQDlCnzmCJ8KohRi
XwBRrNdLbqkWhkzEVA1gxjEhrrE5CiQir0DBo6SrsnNKmgm81D5jVouZKWyF
53SDs8AvOUvJ+pT2hUbmZYrQnliGjv+g/9mVjOvbfTDo+Lnz9QhcV43Nqzkd
G4xSGYTY4ao+/DmLEm+bpLGBn8s0JOC7sebWZwrpRRULaUbPPXKoA8+RWQb5
JkJHb0StDXy2cFqv1uwwh/70pKKeOrawDPshsncvoqkJ4OAbHeJxSW+ZPD0K
N+VI+zq12jVG/HxRaF3i0BmVlEfl40ysqcp3Y4GU/+VHf0aApslHYHGeBZ2c
D32njWm7pvI9+Py6FI74c5UIJAAzt3iQEVFIgDbFZsYdRzdoVdOmds5n2kb6
JyBN5MlOu4ZOT77wQfy+nVbbuvSzL2EglFH0xh2YnU+LJLawp5VTzqDh+w0Q
f27pIDedducCXmMOn+2JVZOXlGD3dsPNrMjm6pWdIgr+uZasRAJUDJ2hUdS/
yUSyiqMda99+TwVgwZLTP9iRiW+8iM3ZvBCniI34Plh+J0sAPymJM6eGIfC9
EWTiyfF8vGOCFUEMXTnNH+N7FC5+Ro9Nv8BOxLt19ha87RLU9V1jsx9qOq2b
VDmlXBIihljRTOICrGd6M+L+lFwIpziSTgrd8VguFqQotKtCZwGHU2kAOOID
v77zaNgjMMJ8k2jGVskzR8qfVQhVHe+M2/UQRI00PL/W+QSv+XxHUPS5L+Bw
FE1H9emB8wr8OZ+ClTfg8L3izF1vmtgyo/zJh9CKwb/iy7VgGphusK2vDiGp
e/AAYinq1nd7NsDhReGqsX5jGlsXdhoPZPTOkPUFhegybfkMxfbCERqAmBY5
JWKPjscPH442nnZ2Q+DQWASRv8cTSV/ATWkCukldt27zmYkMhPd98olyEPy3
Z1fhKST9+OYS2DolEOq2aTgPwKfHH46kUyJobdoFrqhfgJLXHO3FzidsHkzy
HuQ/vN+I5zlgjiqhLgINfiGJm4lMLdYW0+g+7cnWj/3Bg/CCICodwlJ+AGdQ
1miSihrMuX1mVlJ1BEP7eHp7Q7UpmDSt9C5yPgPbSZUvJXOfS4r3QRa8eL+K
3rjYTtYRaXbgtsNFPuLsxctsHSm53z41+erkj7ubKraY9EgNrjZ41dZNO/RV
IjJM2YSdAz4j6SKa9OeobZ/vfGZasw6HCyU70NYNhwEpXY6dE7kmxgfW5kMB
0a0yvwuuMxawqBd942UnfVqqAi1NDqORnsirOwioBKPkzVqW6lLb55HkxW4O
O+aq1jstlceXYwRKrgcy/y/w40NUStMIwHuF78c+ccGu3gOhfBBcagd0VB8t
Gx27KcKLLbYGlP6U5PDQ5gGcpB+Qt8x3sKkNqjDsW0VosOATX0sfQ7R9uapB
OPmCIuLUsrz3g6AYo15ky8xL7QpBxXfge8VVuMyNFfKknrH5iQ3tmhObHyoD
XRlNcLPqAaKKzRbtBiBGwUaJ+dfbBKvAjFjlD8BtWUbswVcnpbwA44I2Mcnl
Hh2PnvZTuerVjs3KqSkVG7P1Ri+FbHjsy1Cf6MvY6sMIj+p3ZKi0I+P/QImT
d36F93dhihczJTHDjt37JCDM3HSrUXI6k0ofvuPjRL8JL4c6hdtrtNwlXIU1
YPXed4fz+wfBVGAzDrZh7oDTZOH48gTbaux8Tqd5qT6340Ul0iLDSbk6felL
7q7lbYJ87CwCW+h59+9aO4hrCl1C+Dala9PS62oWBBb0wg96NyGQrAzro1lQ
85scg9fA0bjxd3C18C8j2rVaVHdKSVDn+6qhvsk8bVhRyP99GLVJbygoCTE2
2wfW5Z9pzgf4ws5HdAB9Xmtn8dUlQk/wTXKOi1/ic7abZkzfU6mw+u2MkX/f
ZnKcxdLRFWZA/lxIS34j9Gbv2ofeJow4lx77Ayvf9AbhXYg6NrCN3efRk2xi
/Ud0/N+/HARfFMX95YfDXkEYxzl/ExzE4HFGl56/uXkM1yscUX5/chj7dqQS
+InmnV/UsRMqqnvbdn5Br46cSIqz6XcOkhEnfYNPsqOnNL99fYNF1tYbrTmp
7W9Bwyf7cgYXNaUKYhAe+4ll5zCPXuL7hopeLRY1+gG+3md3UXNPCBOLnVkv
mByc4okXPL20ywtTAjlP3n5Hec9e4zi2hyVJHLCurrrBQ3WIOkxEOb0X3hiy
xCJaIq6RvJRUv+CimF7gm1ZqjZHkHLYQF3ySiref1PLvNgTjsq3ZNl06zkkm
m5y59kEGY4xwSertnpRgtigPPqHH758Dw1LeYZl++iR3fLqT4XRUv67De/30
S+sIFa/QnTlQp67ivSXR34/p/WJT9A8V8FEkct8eHB2Betzf72lXxdaFMeDb
N9/svUDJ3Z9qLesP8+kr/XgbzQb9Iba+VL01JKazawW9r0FyJ9NQcOaE2Fa9
ESzTS/Lbg6qmTjcs2tMm6JdgVuV7fFviWOvT568v/YlvOZ1EXSjUnufw/87P
zs6QLYMTU/E9jf1RnJ2DIVLpma/EH/nq/wHiI9SkP10AAA==

-->

</rfc>
