<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-tsvwg-sctp-dtls-chunk-04" category="std" consensus="true" submissionType="IETF" obsoletes="6083" updates="RFC5061" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="SCTP DTLS Chunk">Stream Control Transmission Protocol (SCTP) DTLS Chunk</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-tsvwg-sctp-dtls-chunk-04"/>
    <author initials="M." surname="Westerlund" fullname="Magnus Westerlund">
      <organization>Ericsson</organization>
      <address>
        <email>magnus.westerlund@ericsson.com</email>
      </address>
    </author>
    <author initials="J." surname="Preuß Mattsson" fullname="John Preuß Mattsson">
      <organization>Ericsson</organization>
      <address>
        <email>john.mattsson@ericsson.com</email>
      </address>
    </author>
    <author initials="C." surname="Porfiri" fullname="Claudio Porfiri">
      <organization>Ericsson</organization>
      <address>
        <email>claudio.porfiri@ericsson.com</email>
      </address>
    </author>
    <author initials="M." surname="Tüxen" fullname="Michael Tüxen">
      <organization abbrev="Münster Univ. of Appl. Sciences">Münster University of Applied Sciences</organization>
      <address>
        <postal>
          <street>Stegerwaldstrasse 39</street>
          <city>Steinfurt</city>
          <code>48565</code>
          <country>Germany</country>
        </postal>
        <email>tuexen@fh-muenster.de</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <area>Transport</area>
    <workgroup>TSVWG</workgroup>
    <abstract>
      <?line 72?>

<t>This document describes a method for adding Datagram Transport Layer
Security (DTLS) based authentication and cryptographic protection to the
Stream Control Transmission Protocol (SCTP).</t>
      <t>This SCTP extension is intended to enable communication privacy for
applications that use SCTP as their transport protocol and allows applications
to communicate in a way that is designed to prevent eavesdropping and detect
tampering or message forgery.
Once enabled, this also applies to the SCTP payload as well as the SCTP
control information.</t>
      <t>Applications using this SCTP extension can use most of the transport features
provided by SCTP and its other extensions.
The use of the SCTP Authentication extension defined in RFC 4895 is incompatible
with the extension defined in this document but would not provide any
additional service.
This implies that the Dynamic Address Reconfiguration as specified in RFC 5061
can only be used as described in this document.</t>
      <t>This document obsoletes RFC 6083 and updates RFC 5061.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-ietf-tsvwg-sctp-dtls-chunk/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        Transport Area Working Group (tsvwg) Working Group mailing list (<eref target="mailto:tsvwg@ietf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/tsvwg/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/tsvwg/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/gloinul/draft-westerlund-tsvwg-sctp-DTLS-chunk"/>.</t>
    </note>
  </front>
  <middle>
    <?line 95?>

<section anchor="introduction">
      <name>Introduction and Protocol Overview</name>
      <t>This document extends the Stream Control Transmission Protocol (SCTP), as
specified in <xref target="RFC9260"/>, by defining the DTLS chunk format and the procedures
for negotiating and managing its usage.
DTLS chunk support is integrated into the SCTP implementation, enabling the
secure transfer of SCTP packets (including both control and DATA chunks).</t>
      <t>The DTLS chunk protects a sequence of SCTP chunks by encrypting the
plain text into encrypted ciphertext using the DTLS record format and
its processing. This processing is based on DTLS 1.3, as specified in
<xref target="RFC9147"/>.</t>
      <t>Key management is performed outside of the SCTP implementation and is out of scope
of this document. This process is referred to as the DTLS Key Management Method.
While these methods can also be based on DTLS 1.3, it is not a requirement.</t>
      <t>The DTLS chunk in combination with the DTLS Key Management Method can
provide mutual authentication, confidentiality, DTLS based data origin
authentication, integrity, and replay protection for SCTP packets.
The DTLS Key Management Method utilizes an API to provision the SCTP
association's DTLS chunk protection with key material to enable and
rekey the protection operations.</t>
      <t><xref target="sctp-DTLS-chunk-layering"/> is an example illustrating the DTLS chunk
processing in regard to SCTP and the Upper Layer Protocol (ULP) using
DTLS 1.3 as the crytptographic core of the  DTLS Key Management Method.
Here the DTLS Key Management Method provides validation, i.e. using certificates,
handshaking, updating policies etc.</t>
      <figure anchor="sctp-DTLS-chunk-layering">
        <name>DTLS Chunk Layering in Regard to SCTP and ULP</name>
        <artset>
          <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="512" width="464" viewBox="0 0 464 512" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 8,32 L 8,320" fill="none" stroke="black"/>
              <path d="M 8,416 L 8,496" fill="none" stroke="black"/>
              <path d="M 72,328 L 72,368" fill="none" stroke="black"/>
              <path d="M 96,368 L 96,408" fill="none" stroke="black"/>
              <path d="M 136,32 L 136,320" fill="none" stroke="black"/>
              <path d="M 152,32 L 152,320" fill="none" stroke="black"/>
              <path d="M 168,64 L 168,304" fill="none" stroke="black"/>
              <path d="M 184,112 L 184,256" fill="none" stroke="black"/>
              <path d="M 192,432 L 192,480" fill="none" stroke="black"/>
              <path d="M 208,96 L 208,128" fill="none" stroke="black"/>
              <path d="M 208,160 L 208,192" fill="none" stroke="black"/>
              <path d="M 208,240 L 208,288" fill="none" stroke="black"/>
              <path d="M 280,328 L 280,368" fill="none" stroke="black"/>
              <path d="M 296,192 L 296,240" fill="none" stroke="black"/>
              <path d="M 368,432 L 368,480" fill="none" stroke="black"/>
              <path d="M 384,96 L 384,128" fill="none" stroke="black"/>
              <path d="M 384,160 L 384,192" fill="none" stroke="black"/>
              <path d="M 384,240 L 384,288" fill="none" stroke="black"/>
              <path d="M 400,64 L 400,304" fill="none" stroke="black"/>
              <path d="M 416,112 L 416,448" fill="none" stroke="black"/>
              <path d="M 432,32 L 432,320" fill="none" stroke="black"/>
              <path d="M 432,416 L 432,496" fill="none" stroke="black"/>
              <path d="M 8,32 L 136,32" fill="none" stroke="black"/>
              <path d="M 152,32 L 432,32" fill="none" stroke="black"/>
              <path d="M 168,64 L 400,64" fill="none" stroke="black"/>
              <path d="M 208,96 L 384,96" fill="none" stroke="black"/>
              <path d="M 184,112 L 200,112" fill="none" stroke="black"/>
              <path d="M 384,112 L 416,112" fill="none" stroke="black"/>
              <path d="M 208,128 L 384,128" fill="none" stroke="black"/>
              <path d="M 208,160 L 384,160" fill="none" stroke="black"/>
              <path d="M 184,176 L 208,176" fill="none" stroke="black"/>
              <path d="M 208,192 L 384,192" fill="none" stroke="black"/>
              <path d="M 208,240 L 384,240" fill="none" stroke="black"/>
              <path d="M 184,256 L 200,256" fill="none" stroke="black"/>
              <path d="M 208,288 L 384,288" fill="none" stroke="black"/>
              <path d="M 168,304 L 400,304" fill="none" stroke="black"/>
              <path d="M 8,320 L 136,320" fill="none" stroke="black"/>
              <path d="M 152,320 L 432,320" fill="none" stroke="black"/>
              <path d="M 72,368 L 280,368" fill="none" stroke="black"/>
              <path d="M 8,416 L 432,416" fill="none" stroke="black"/>
              <path d="M 192,432 L 368,432" fill="none" stroke="black"/>
              <path d="M 376,448 L 416,448" fill="none" stroke="black"/>
              <path d="M 192,480 L 368,480" fill="none" stroke="black"/>
              <path d="M 8,496 L 432,496" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="424,408 412,402.4 412,413.6" fill="black" transform="rotate(90,416,408)"/>
              <polygon class="arrowhead" points="384,448 372,442.4 372,453.6" fill="black" transform="rotate(180,376,448)"/>
              <polygon class="arrowhead" points="288,328 276,322.4 276,333.6" fill="black" transform="rotate(270,280,328)"/>
              <polygon class="arrowhead" points="208,256 196,250.4 196,261.6" fill="black" transform="rotate(0,200,256)"/>
              <polygon class="arrowhead" points="208,112 196,106.4 196,117.6" fill="black" transform="rotate(0,200,112)"/>
              <polygon class="arrowhead" points="104,408 92,402.4 92,413.6" fill="black" transform="rotate(90,96,408)"/>
              <polygon class="arrowhead" points="80,328 68,322.4 68,333.6" fill="black" transform="rotate(270,72,328)"/>
              <g class="text">
                <text x="72" y="52">ULP</text>
                <text x="232" y="52">Key</text>
                <text x="292" y="52">Management</text>
                <text x="364" y="52">Method</text>
                <text x="292" y="84">DTLS</text>
                <text x="328" y="84">1.3</text>
                <text x="256" y="116">Key</text>
                <text x="308" y="116">Exporter</text>
                <text x="256" y="180">Key</text>
                <text x="316" y="180">Management</text>
                <text x="240" y="228">ContentType</text>
                <text x="300" y="260">Record</text>
                <text x="260" y="276">Protection</text>
                <text x="340" y="276">Operator</text>
                <text x="444" y="372">keys</text>
                <text x="68" y="388">PPID</text>
                <text x="92" y="452">SCTP</text>
                <text x="288" y="452">Chunk</text>
                <text x="244" y="468">Protection</text>
                <text x="324" y="468">Operator</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art" align="center"><![CDATA[
+---------------+ +----------------------------------+
|      ULP      | |        Key Management Method     |
|               | | +----------------------------+   |
|               | | |             DTLS 1.3       |   |
|               | | |    +---------------------+ |   |
|               | | | +->+    Key Exporter     +-+-+ |
|               | | | |  +---------------------+ | | |
|               | | | |                          | | |
|               | | | |  +---------------------+ | | |
|               | | | +--+    Key Management   + | | |
|               | | | |  +----------+----------+ | | |
|               | | | |             |            | | |
|               | | | | ContentType |            | | |
|               | | | |  +----------+----------+ | | |
|               | | | +->|        Record       | | | |
|               | | |    | Protection Operator | | | |
|               | | |    +----------+----------+ | | |
|               | | +----------------------------+ | |
+-------+-------+ +--------------------------------+-+
        ^                         ^                |
        |                         |                |
        +--+----------------------+                | keys
      PPID |                                       |
           V                                       V
+--------------------------------------------------+-+
|                      +---------------------+     | |
|        SCTP          |         Chunk       |<----+ |
|                      | Protection Operator |       |
|                      +---------------------+       |
+----------------------------------------------------+
]]></artwork>
        </artset>
      </figure>
      <t>After receiving an SCTP packet and identifying the association using the
SCTP common header, the DTLS chunk is processed by the Chunk Protection Operator.
The Chunk Protection Operator performs replay protection, decryption,
and authentication. If this processing is successful, the encapsulated SCTP chunks
are further processed.</t>
      <t>For outgoing traffic, after the SCTP stack has created the unprotected SCTP
packet containing control and/or DATA chunks, these SCTP chunks will be
processed by the Chunk Protection Operator for protection.
This results in a DTLS 1.3 record encapsulated in a DTLS chunk.</t>
      <t>The method of secure key-management, e.g. based on DTLS 1.3, providing
initial mutual authentication, key establishment, and periodic
re-authentication and rekeying with Diffie-Hellman of the DTLS chunk
protection is defined in separate documents (see
<xref target="key-management-considerations"/>).  To prevent downgrade attacks
affecting the DTLS Key Management negotiation the DTLS Key Management
Method should implement specific procedures when deriving keys.</t>
      <t>The Chunk Protection Operator performs protection operations on all
chunks of an SCTP packet.
No information is sent in plain text except for the following:</t>
      <ul spacing="normal">
        <li>
          <t>The initial SCTP handshake.</t>
        </li>
        <li>
          <t>The initial DTLS Key Management traffic.</t>
        </li>
        <li>
          <t>The SCTP common header and the SCTP DTLS chunk header of protected packets.</t>
        </li>
        <li>
          <t>The INIT and INIT ACK chunks during an SCTP restart procedure.</t>
        </li>
      </ul>
      <t>Support of the DTLS chunk and the selection of a DTLS Key Management Method
are negotiated during the SCTP handshake using a new parameter.
DTLS Key Management and application traffic are then multiplexed
using the Payload Protocol Identifier (PPID).
This document defines the dedicated PPID 4242 for use by all DTLS Key Management
Methods.</t>
      <t>Applications using the DTLS chunk can leverage most transport features provided by
SCTP and its extensions. However, the following limitations apply:</t>
      <ul spacing="normal">
        <li>
          <t>Performing an SCTP restart without knowing the restart key material is not supported.</t>
        </li>
        <li>
          <t>The use of the lookup address in the Dynamic Address Reconfiguration
extension as specified in <xref target="RFC5061"/> is not supported.</t>
        </li>
      </ul>
      <section anchor="relationship-to-rfc-6083-and-rfc-5061">
        <name>Relationship to RFC 6083 and RFC 5061</name>
        <t>This document obsoletes <xref target="RFC6083"/>, which defined the use of DTLS
over SCTP by encapsulating user data in DTLS records and sending the
DTLS records as SCTP user data using the SCTP-AUTH extension
(<xref target="RFC4895"/>) for integrity protection of the SCTP packets.  That
approach suffered from several limitations: it could not support SCTP
user messages above 16384 bytes, it could not encrypt SCTP control
chunks, and it exposed significant SCTP metadata in clear text.  The
mechanism defined in this document replaces <xref target="RFC6083"/> by integrating
DTLS 1.3 record protection directly at the chunk level, providing
confidentiality and integrity for both user data and SCTP control
chunks without dependency on SCTP-AUTH.</t>
        <t>This document updates <xref target="RFC5061"/> by restricting the use of the Dynamic
Address Reconfiguration extension when the DTLS chunk is in use.
Specifically, the lookup address feature of <xref target="RFC5061"/> MUST NOT be used,
and the dynamic address reconfiguration extension MUST NOT be used unless
DTLS chunk handling is enabled in both directions. These restrictions
are necessary because SCTP-AUTH, which <xref target="RFC5061"/> relies on for
authenticating ASCONF chunks, is incompatible with this extension.</t>
      </section>
    </section>
    <section anchor="conventions">
      <name>Conventions</name>
      <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.
<?line -6?>
      </t>
      <section anchor="terminology">
        <name>Terminology</name>
        <dl>
          <dt>Chunk Protection Operator:</dt>
          <dd>
            <t>The component within the SCTP implementation that performs DTLS record
protection (encryption and authentication) on outgoing SCTP chunks and
the corresponding verification and decryption on incoming DTLS chunks.</t>
          </dd>
          <dt>DTLS Key Context:</dt>
          <dd>
            <t>DTLS key context includes key material (record payload key, sequence
number protection key, and initialization vector (IV)) for sending
and receiving, replay window for receiving, and last used sequence
number for sending.</t>
          </dd>
          <dt>Primary DTLS Key Context:</dt>
          <dd>
            <t>The DTLS key context used for normal SCTP association traffic, as
distinguished from the restart DTLS key context.</t>
          </dd>
          <dt>Restart DTLS Key Context:</dt>
          <dd>
            <t>A dedicated DTLS key context maintained for the sole purpose of
protecting the SCTP restart procedure.</t>
          </dd>
          <dt>DTLS Key Management Method:</dt>
          <dd>
            <t>A protocol or procedure, external to this specification, that performs
mutual authentication, key establishment, and periodic rekeying for
the DTLS chunk. Each method is identified by a DTLS Key Management
Identifier.</t>
          </dd>
          <dt>DTLS Key Management Identifier:</dt>
          <dd>
            <t>An 8-bit unsigned integer assigned by IANA that uniquely identifies a
DTLS Key Management Method, enabling negotiation during the SCTP
handshake via the DTLS Key Management Parameter.</t>
          </dd>
          <dt>Key Material:</dt>
          <dd>
            <t>Key material is all cryptographic information needed for protection
operation in one direction.</t>
          </dd>
        </dl>
      </section>
    </section>
    <section anchor="protocol-considerations">
      <name>Protocol Considerations</name>
      <section anchor="DTLS-engines">
        <name>DTLS Considerations</name>
        <t>Once the DTLS Key Management Method has established its context, it
derives primary and restart key material for sending and receiving and
configures the Chunk Protection Operator via an API. This establishes
the necessary DTLS key contexts for SCTP chunk encryption and
decryption.  A DTLS key context for primary operations MUST be
created, while a DTLS key context for SCTP association restart SHOULD
be created.</t>
        <t>DTLS key context includes key material such as record payload key,
sequence number protection key, and IV each for sending and receiving,
replay window for receiving, and last used sequence number for
sending. Each DTLS key context is associated with a three-value tuple
identifying the context, consisting of SCTP Association, the restart
indicator, and the DTLS epoch.</t>
        <t>The DTLS Chunk uses a single configuration of the DTLS record format.
The DTLS Connection ID in the DTLS Record layer MUST NOT be used in
the DTLS Chunk as the full DTLS connection state is not used in the
DTLS Chunk and the DTLS key context anyway can be identified. The
length field MUST NOT be used as the DTLS chunk provides record length
information. Finally 16-bit Sequence Numbers are used as they give
maximum support for reordering and there are no byte savings possible
to ensure the 32-bit alignment for the encrypted record.</t>
        <t>The first DTLS key context established for any SCTP association MUST
use epoch 3. Each subsequent DTLS key context will use the next
consecutive epoch value. Following the DTLS 1.3 specification <xref target="RFC9147"/> the
first DTLS record for each epoch will use sequence number 0.</t>
        <t>The replay window for the DTLS Sequence Number needs to account for the
concurrent transmission of packets on multiple paths in multihomed associations.
In particular, this applies to packets containing HEARTBEAT chunks.  The window
size must be sufficiently large to accommodate these latency differences.</t>
        <t>Endpoints implementing DTLS chunk MUST support DTLS records containing up to
2<sup>14</sup> (16384) bytes of plain text.</t>
        <section anchor="mandatory-to-implement-cipher-suites">
          <name>Mandatory-to-Implement Cipher Suites</name>
          <t>In the absence of an application profile standard specifying otherwise:</t>
          <t>A SCTP DTLS chunk implementation MUST implement the TLS_AES_128_GCM_SHA256
cipher suite and SHOULD implement the TLS_AES_256_GCM_SHA384 and
TLS_CHACHA20_POLY1305_SHA256 cipher suites, using the identifiers
defined by <xref target="TLS-CIPHER-SUITES"/>.</t>
          <t>In general any TLS 1.3 cipher suite that is marked as DTLS-OK in the TLS
cipher suit table <xref target="TLS-CIPHER-SUITES"/> is expected to be usable, taking
into account its inherent security properties.</t>
        </section>
      </section>
      <section anchor="sctp-considerations">
        <name>SCTP Considerations</name>
        <t>The SCTP authentication extension (SCTP-AUTH) defined in <xref target="RFC4895"/> is incompatible
with the extension defined in this document. Therefore, its support MUST NOT
be negotiated in combination with the support of the DTLS chunk.</t>
        <t>In particular, the dynamic address reconfiguration defined in <xref target="RFC5061"/> cannot
use SCTP-AUTH. Instead, the DTLS chunk is used for authentication.
This introduces the following limitations:</t>
        <ul spacing="normal">
          <li>
            <t>The lookup address MUST NOT be used.</t>
          </li>
          <li>
            <t>The dynamic address reconfiguration extension MUST NOT be used unless
DTLS chunk handling is enabled in both directions.</t>
          </li>
        </ul>
        <t>To mitigate potential information leakage from packet size variations,
implementations MAY pad SCTP packets to uniform sizes.
However, the padding MUST be applied within the encryption envelope to ensure
the padding itself is protected.</t>
        <t>Both SCTP and DTLS provide mechanisms for padding packets.
If padding of SCTP packets is desired to hide actual message sizes, it is
RECOMMENDED to use the SCTP Padding Chunk <xref target="RFC4820"/> to generate a consistent
SCTP payload size.
Support of this chunk is only required on the sender side; any SCTP receiver
will safely ignore the PAD Chunk. However, if the PAD chunk is not
supported DTLS padding MAY be used.</t>
        <t>It should be noted that regardless of whether SCTP padding or DTLS padding
is used, the additional bytes are not accounted for by the SCTP congestion control.
Extensive use of padding has potential to worsen congestion situations, as the
SCTP association will consume more bandwidth than its fair share as determined by
congestion control.</t>
        <t>The use of the SCTP PAD chunk is preferred, as it remains visible at the
SCTP layer. This enables future extensions or SCTP implementations to
correctly account for padding within congestion control mechanisms.
In contrast, DTLS padding conceals this packet expansion from the SCTP layer.</t>
      </section>
    </section>
    <section anchor="new-chunk-parameter-and-error-causes">
      <name>New Chunk, Parameter and Error Causes</name>
      <section anchor="protectedassoc-parameter">
        <name>DTLS Key Management Parameter</name>
        <t>The DTLS Key Management Parameter is used to negotiate the support of the
DTLS chunk and the Key Management Method used for the DTLS chunks.
The format of this chunk parameter is depicted in <xref target="key-management-parameter"/>.</t>
        <figure anchor="key-management-parameter">
          <name>DTLS Key Management Parameter</name>
          <artset>
            <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="240" width="528" viewBox="0 0 528 240" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 8,64 L 8,160" fill="none" stroke="black"/>
                <path d="M 8,192 L 8,224" fill="none" stroke="black"/>
                <path d="M 88,128 L 88,160" fill="none" stroke="black"/>
                <path d="M 104,128 L 104,160" fill="none" stroke="black"/>
                <path d="M 120,128 L 120,160" fill="none" stroke="black"/>
                <path d="M 136,128 L 136,160" fill="none" stroke="black"/>
                <path d="M 136,192 L 136,224" fill="none" stroke="black"/>
                <path d="M 264,64 L 264,96" fill="none" stroke="black"/>
                <path d="M 264,128 L 264,160" fill="none" stroke="black"/>
                <path d="M 392,128 L 392,160" fill="none" stroke="black"/>
                <path d="M 520,64 L 520,160" fill="none" stroke="black"/>
                <path d="M 520,192 L 520,224" fill="none" stroke="black"/>
                <path d="M 8,64 L 520,64" fill="none" stroke="black"/>
                <path d="M 8,96 L 520,96" fill="none" stroke="black"/>
                <path d="M 8,128 L 520,128" fill="none" stroke="black"/>
                <path d="M 8,160 L 520,160" fill="none" stroke="black"/>
                <path d="M 8,192 L 520,192" fill="none" stroke="black"/>
                <path d="M 8,224 L 520,224" fill="none" stroke="black"/>
                <g class="text">
                  <text x="16" y="36">0</text>
                  <text x="176" y="36">1</text>
                  <text x="336" y="36">2</text>
                  <text x="496" y="36">3</text>
                  <text x="16" y="52">0</text>
                  <text x="32" y="52">1</text>
                  <text x="48" y="52">2</text>
                  <text x="64" y="52">3</text>
                  <text x="80" y="52">4</text>
                  <text x="96" y="52">5</text>
                  <text x="112" y="52">6</text>
                  <text x="128" y="52">7</text>
                  <text x="144" y="52">8</text>
                  <text x="160" y="52">9</text>
                  <text x="176" y="52">0</text>
                  <text x="192" y="52">1</text>
                  <text x="208" y="52">2</text>
                  <text x="224" y="52">3</text>
                  <text x="240" y="52">4</text>
                  <text x="256" y="52">5</text>
                  <text x="272" y="52">6</text>
                  <text x="288" y="52">7</text>
                  <text x="304" y="52">8</text>
                  <text x="320" y="52">9</text>
                  <text x="336" y="52">0</text>
                  <text x="352" y="52">1</text>
                  <text x="368" y="52">2</text>
                  <text x="384" y="52">3</text>
                  <text x="400" y="52">4</text>
                  <text x="416" y="52">5</text>
                  <text x="432" y="52">6</text>
                  <text x="448" y="52">7</text>
                  <text x="464" y="52">8</text>
                  <text x="480" y="52">9</text>
                  <text x="496" y="52">0</text>
                  <text x="512" y="52">1</text>
                  <text x="80" y="84">Parameter</text>
                  <text x="140" y="84">Type</text>
                  <text x="168" y="84">=</text>
                  <text x="204" y="84">0x8006</text>
                  <text x="360" y="84">Parameter</text>
                  <text x="428" y="84">Length</text>
                  <text x="232" y="116">Tie</text>
                  <text x="280" y="116">Breaker</text>
                  <text x="44" y="148">Reserved</text>
                  <text x="96" y="148">R</text>
                  <text x="112" y="148">S</text>
                  <text x="128" y="148">C</text>
                  <text x="164" y="148">DTLS</text>
                  <text x="204" y="148">KMId</text>
                  <text x="236" y="148">#1</text>
                  <text x="292" y="148">DTLS</text>
                  <text x="332" y="148">KMId</text>
                  <text x="364" y="148">#2</text>
                  <text x="420" y="148">DTLS</text>
                  <text x="460" y="148">KMId</text>
                  <text x="492" y="148">#3</text>
                  <text x="8" y="180">:</text>
                  <text x="520" y="180">:</text>
                  <text x="36" y="212">DTLS</text>
                  <text x="76" y="212">KMId</text>
                  <text x="108" y="212">#N</text>
                  <text x="328" y="212">Padding</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art" align="center"><![CDATA[
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    Parameter Type = 0x8006    |       Parameter Length        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                          Tie Breaker                          |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Reserved |R|S|C| DTLS KMId #1  | DTLS KMId #2  | DTLS KMId #3  |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
:                                                               :
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| DTLS KMId #N  |                    Padding                    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
]]></artwork>
          </artset>
        </figure>
        <dl newline="true">
          <dt>Parameter Type: 16 bits (unsigned integer)</dt>
          <dd>
            <t>This value MUST be set to 0x8006.
Note that this parameter type requires the receiver to ignore the
parameter and continue processing if the parameter type is not supported.
This is accomplished (as described <xref section="3.2.1" sectionFormat="of" target="RFC9260"/>) by
the use of the upper bits of the parameter type.</t>
          </dd>
          <dt>Parameter Length: 16 bits (unsigned integer)</dt>
          <dd>
            <t>This value holds the length of the parameter in bytes, which is the
number of DTLS Key Management identifiers (N) plus 9.</t>
          </dd>
          <dt>Tie Breaker: 32 bits (unsigned integer)</dt>
          <dd>
            <t>This is a 32-bit random number to be used to determine the client and
server role for the Key Management Method.</t>
          </dd>
          <dt>Reserved: 5 bits (unsigned integer)</dt>
          <dd>
            <t>The reserved bits MUST be set to 0 by the sender and MUST be ignored by the
receiver.</t>
          </dd>
          <dt>R bit: 1 bit</dt>
          <dd>
            <t>The (R)estart supported bit.</t>
          </dd>
          <dt>S bit: 1 bit</dt>
          <dd>
            <t>The (S)erver role supported bit.</t>
          </dd>
          <dt>C bit: 1 bit</dt>
          <dd>
            <t>The (C)lient role supported bit.</t>
          </dd>
          <dt>DTLS Key Management Identifier: 8 bits (unsigned integer)</dt>
          <dd>
            <t>Each DTLS Key Management Identifier (<xref target="IANA-Protection-Solution-ID"/>)
is an 8-bit unsigned integer value indicating a DTLS Key Management Method.
The DTLS Key Management Methods are listed in descending order of preference,
i.e. the first listed in the parameter is the most preferred one and the last
listed one is the least preferred by the sender of the parameter.
The parameter MUST include at least one DTLS Key Management Identifier.</t>
          </dd>
          <dt>Padding: 0, 8, 16, or 24 bits (unsigned integer)</dt>
          <dd>
            <t>The padding MUST be set to 0 by the sender and MUST be ignored by the receiver.</t>
          </dd>
        </dl>
        <t>The DTLS Key Management Parameter MAY be included in the INIT and INIT ACK chunk
and MUST NOT be included in any other chunk.
Both peers include their respective preference list and the procedure
in <xref target="establishment-procedure"/> will determine the selected roles and chosen
method.</t>
      </section>
      <section anchor="DTLS-chunk">
        <name>DTLS Chunk (DTLS)</name>
        <t>The DTLS chunk is used to hold the DTLS 1.3 record with the protected
payload of a plain text SCTP packet without the SCTP common header.</t>
        <figure anchor="sctp-DTLS-chunk-newchunk-crypt-struct">
          <name>DTLS Chunk</name>
          <artset>
            <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="240" width="528" viewBox="0 0 528 240" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 8,64 L 8,224" fill="none" stroke="black"/>
                <path d="M 136,64 L 136,128" fill="none" stroke="black"/>
                <path d="M 248,64 L 248,96" fill="none" stroke="black"/>
                <path d="M 264,64 L 264,96" fill="none" stroke="black"/>
                <path d="M 264,192 L 264,224" fill="none" stroke="black"/>
                <path d="M 520,64 L 520,224" fill="none" stroke="black"/>
                <path d="M 8,64 L 520,64" fill="none" stroke="black"/>
                <path d="M 8,96 L 520,96" fill="none" stroke="black"/>
                <path d="M 8,128 L 136,128" fill="none" stroke="black"/>
                <path d="M 264,192 L 520,192" fill="none" stroke="black"/>
                <path d="M 8,224 L 520,224" fill="none" stroke="black"/>
                <g class="text">
                  <text x="16" y="36">0</text>
                  <text x="176" y="36">1</text>
                  <text x="336" y="36">2</text>
                  <text x="496" y="36">3</text>
                  <text x="16" y="52">0</text>
                  <text x="32" y="52">1</text>
                  <text x="48" y="52">2</text>
                  <text x="64" y="52">3</text>
                  <text x="80" y="52">4</text>
                  <text x="96" y="52">5</text>
                  <text x="112" y="52">6</text>
                  <text x="128" y="52">7</text>
                  <text x="144" y="52">8</text>
                  <text x="160" y="52">9</text>
                  <text x="176" y="52">0</text>
                  <text x="192" y="52">1</text>
                  <text x="208" y="52">2</text>
                  <text x="224" y="52">3</text>
                  <text x="240" y="52">4</text>
                  <text x="256" y="52">5</text>
                  <text x="272" y="52">6</text>
                  <text x="288" y="52">7</text>
                  <text x="304" y="52">8</text>
                  <text x="320" y="52">9</text>
                  <text x="336" y="52">0</text>
                  <text x="352" y="52">1</text>
                  <text x="368" y="52">2</text>
                  <text x="384" y="52">3</text>
                  <text x="400" y="52">4</text>
                  <text x="416" y="52">5</text>
                  <text x="432" y="52">6</text>
                  <text x="448" y="52">7</text>
                  <text x="464" y="52">8</text>
                  <text x="480" y="52">9</text>
                  <text x="496" y="52">0</text>
                  <text x="512" y="52">1</text>
                  <text x="36" y="84">Type</text>
                  <text x="64" y="84">=</text>
                  <text x="92" y="84">0x41</text>
                  <text x="180" y="84">reserved</text>
                  <text x="256" y="84">R</text>
                  <text x="360" y="84">Chunk</text>
                  <text x="412" y="84">Length</text>
                  <text x="64" y="116">Pre-Padding</text>
                  <text x="264" y="164">Payload</text>
                  <text x="372" y="212">Post-Padding</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art" align="center"><![CDATA[
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 0x41   | reserved    |R|         Chunk Length          |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Pre-Padding   |                                               |
+-+-+-+-+-+-+-+-+                                               |
|                                                               |
|                            Payload                            |
|                                                               |
|                               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                               |       Post-Padding            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
]]></artwork>
          </artset>
        </figure>
        <dl newline="true">
          <dt>Type: 8 bits (unsigned integer)</dt>
          <dd>
            <t>This value MUST be set to 0x41.
It should be noted that the chunk type requires the receiver
stop processing this SCTP packet, discard the unrecognized chunk and
all further chunks, and report the unrecognized chunk in an ERROR
chunk using the 'Unrecognized Chunk Type' error cause, if the receiver does
not support this chunk type.
This is accomplished (as described in <xref section="3.2" sectionFormat="of" target="RFC9260"/>) by the use
of the upper bits of the chunk type.</t>
          </dd>
          <dt>reserved: 7 bits</dt>
          <dd>
            <t>Reserved bits for future use. These bits MUST be set to 0 by
the sender and MUST be ignored by the receiver.</t>
          </dd>
          <dt>R: 1 bit (boolean)</dt>
          <dd>
            <t>Restart indicator. If this bit is set this DTLS chunk is protected
with a restart DTLS key context.</t>
          </dd>
          <dt>Chunk Length: 16 bits (unsigned integer)</dt>
          <dd>
            <t>This value holds the length of the Payload in bytes plus 4 plus the Payload
Pre-Padding length.</t>
          </dd>
          <dt>Pre-Padding: 8 bits</dt>
          <dd>
            <t>The sender MUST pad with one zero byte and the receiver MUST ignore the
padding bytes.</t>
          </dd>
          <dt>Payload: variable length</dt>
          <dd>
            <t>This MUST contain exactly one DTLSCiphertext as specified in DTLS 1.3 <xref target="RFC9147"/>.</t>
          </dd>
          <dt>Post-Padding: 0, 8, 16, or 24 bits</dt>
          <dd>
            <t>If the length of the Payload is not a multiple of 4 bytes, the sender
MUST pad the chunk with all zero bytes to make the chunk 32-bit
aligned.  The Padding MUST NOT be longer than 3 bytes and it MUST
be ignored by the receiver.</t>
          </dd>
        </dl>
        <t>From <xref section="4" sectionFormat="of" target="RFC9147"/>, the DTLS record header has variable length and
is depicted in <xref target="DTLSCiphertext-record-struct"/>.</t>
        <figure anchor="DTLSCiphertext-record-struct">
          <name>DTLS DTLSCiphertext</name>
          <artset>
            <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="112" width="296" viewBox="0 0 296 112" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <g class="text">
                  <text x="28" y="36">struct</text>
                  <text x="64" y="36">{</text>
                  <text x="60" y="52">opaque</text>
                  <text x="180" y="52">unified_hdr[variable];</text>
                  <text x="60" y="68">opaque</text>
                  <text x="192" y="68">encrypted_record[length];</text>
                  <text x="8" y="84">}</text>
                  <text x="80" y="84">DTLSCiphertext;</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art" align="center"><![CDATA[
    struct {
        opaque unified_hdr[variable];
        opaque encrypted_record[length];
    } DTLSCiphertext;
]]></artwork>
          </artset>
        </figure>
        <t>The DTLSCiphertext contains the unified_hdr followed by the
encrypted_record, where unified_hdr has variable format but a single
selected configuration is used in the DTLS Chunk. The use of one byte
of Pre-Padding ensures 32-bit alignment of the encrypted_record in
relation to the start of the DTLS chunk, which allows a receiver to
perform an in-place decryption and then process the sequence of
chunks.  SCTP as specified in <xref target="RFC9260"/> guarantees that chunks start
on a 32-bit boundary.</t>
        <t>The used DTLSCiphertext configuration contains the unified_hdr with
flags and the two least significant bits of the DTLS Epoch, a 16-bit
sequence number (S=1), no length field (L=0), and no Connection ID
(C=0). This results in a 3-byte unified_hdr (1 byte fixed header plus
2 bytes sequence number) and consequently 1 byte of Pre-Padding to
achieve 32-bit alignment of the encrypted_record. The used
DTLSCiphertext are shown in <xref target="DTLSCiphertext-recommended"/>.</t>
        <figure anchor="DTLSCiphertext-recommended">
          <name>DTLSCiphertext used structure</name>
          <artset>
            <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="288" width="184" viewBox="0 0 184 288" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 8,48 L 8,160" fill="none" stroke="black"/>
                <path d="M 8,192 L 8,208" fill="none" stroke="black"/>
                <path d="M 24,48 L 24,80" fill="none" stroke="black"/>
                <path d="M 40,48 L 40,80" fill="none" stroke="black"/>
                <path d="M 56,48 L 56,80" fill="none" stroke="black"/>
                <path d="M 72,48 L 72,80" fill="none" stroke="black"/>
                <path d="M 88,48 L 88,80" fill="none" stroke="black"/>
                <path d="M 104,48 L 104,80" fill="none" stroke="black"/>
                <path d="M 136,48 L 136,160" fill="none" stroke="black"/>
                <path d="M 136,192 L 136,208" fill="none" stroke="black"/>
                <path d="M 8,48 L 136,48" fill="none" stroke="black"/>
                <path d="M 8,80 L 136,80" fill="none" stroke="black"/>
                <path d="M 8,128 L 136,128" fill="none" stroke="black"/>
                <path d="M 8,208 L 136,208" fill="none" stroke="black"/>
                <g class="text">
                  <text x="16" y="36">0</text>
                  <text x="32" y="36">1</text>
                  <text x="48" y="36">2</text>
                  <text x="64" y="36">3</text>
                  <text x="80" y="36">4</text>
                  <text x="96" y="36">5</text>
                  <text x="112" y="36">6</text>
                  <text x="128" y="36">7</text>
                  <text x="16" y="68">0</text>
                  <text x="32" y="68">0</text>
                  <text x="48" y="68">1</text>
                  <text x="64" y="68">0</text>
                  <text x="80" y="68">1</text>
                  <text x="96" y="68">0</text>
                  <text x="112" y="68">E</text>
                  <text x="128" y="68">E</text>
                  <text x="52" y="100">16</text>
                  <text x="80" y="100">bit</text>
                  <text x="44" y="116">Sequence</text>
                  <text x="108" y="116">Number</text>
                  <text x="64" y="164">Encrypted</text>
                  <text x="8" y="180">/</text>
                  <text x="52" y="180">Record</text>
                  <text x="136" y="180">/</text>
                  <text x="76" y="244">DTLSCiphertext</text>
                  <text x="72" y="260">Structure</text>
                  <text x="40" y="276">(Used</text>
                  <text x="124" y="276">Configuration)</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art" align="center"><![CDATA[
 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
|0|0|1|0|1|0|E E|
+-+-+-+-+-+-+-+-+
|    16 bit     |
|Sequence Number|
+-+-+-+-+-+-+-+-+
|               |
|  Encrypted    |
/  Record       /
|               |
+-+-+-+-+-+-+-+-+

  DTLSCiphertext
    Structure
  (Used Configuration)
]]></artwork>
          </artset>
        </figure>
      </section>
      <section anchor="new-error-causes">
        <name>New Error Causes</name>
        <t>This specification defines four new error causes.</t>
        <section anchor="enoprotected">
          <name>Missing DTLS Chunk Support</name>
          <t>The DTLS Chunk Support Required error cause can be sent by the receiver of the
packet containing the INIT chunk to indicate that the receiver requires the
support of the DTLS chunk, but no DTLS Key Management Parameter was included in
the INIT chunk.</t>
          <figure anchor="error-missing-dtls-chunk-support">
            <name>Error Missing DTLS Chunk Support</name>
            <artset>
              <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="112" width="528" viewBox="0 0 528 112" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                  <path d="M 8,64 L 8,96" fill="none" stroke="black"/>
                  <path d="M 184,64 L 184,72" fill="none" stroke="black"/>
                  <path d="M 184,88 L 184,96" fill="none" stroke="black"/>
                  <path d="M 216,64 L 216,72" fill="none" stroke="black"/>
                  <path d="M 216,88 L 216,96" fill="none" stroke="black"/>
                  <path d="M 264,64 L 264,96" fill="none" stroke="black"/>
                  <path d="M 520,64 L 520,96" fill="none" stroke="black"/>
                  <path d="M 8,64 L 520,64" fill="none" stroke="black"/>
                  <path d="M 8,96 L 520,96" fill="none" stroke="black"/>
                  <path class="jump" d="M 216,88 C 222,88 222,72 216,72" fill="none" stroke="black"/>
                  <path class="jump" d="M 184,88 C 178,88 178,72 184,72" fill="none" stroke="black"/>
                  <g class="text">
                    <text x="16" y="36">0</text>
                    <text x="176" y="36">1</text>
                    <text x="336" y="36">2</text>
                    <text x="496" y="36">3</text>
                    <text x="16" y="52">0</text>
                    <text x="32" y="52">1</text>
                    <text x="48" y="52">2</text>
                    <text x="64" y="52">3</text>
                    <text x="80" y="52">4</text>
                    <text x="96" y="52">5</text>
                    <text x="112" y="52">6</text>
                    <text x="128" y="52">7</text>
                    <text x="144" y="52">8</text>
                    <text x="160" y="52">9</text>
                    <text x="176" y="52">0</text>
                    <text x="192" y="52">1</text>
                    <text x="208" y="52">2</text>
                    <text x="224" y="52">3</text>
                    <text x="240" y="52">4</text>
                    <text x="256" y="52">5</text>
                    <text x="272" y="52">6</text>
                    <text x="288" y="52">7</text>
                    <text x="304" y="52">8</text>
                    <text x="320" y="52">9</text>
                    <text x="336" y="52">0</text>
                    <text x="352" y="52">1</text>
                    <text x="368" y="52">2</text>
                    <text x="384" y="52">3</text>
                    <text x="400" y="52">4</text>
                    <text x="416" y="52">5</text>
                    <text x="432" y="52">6</text>
                    <text x="448" y="52">7</text>
                    <text x="464" y="52">8</text>
                    <text x="480" y="52">9</text>
                    <text x="496" y="52">0</text>
                    <text x="512" y="52">1</text>
                    <text x="64" y="84">Cause</text>
                    <text x="108" y="84">Code</text>
                    <text x="136" y="84">=</text>
                    <text x="160" y="84">100</text>
                    <text x="200" y="84">TBC</text>
                    <text x="344" y="84">Cause</text>
                    <text x="396" y="84">Length</text>
                    <text x="432" y="84">=</text>
                    <text x="448" y="84">4</text>
                  </g>
                </svg>
              </artwork>
              <artwork type="ascii-art" align="center"><![CDATA[
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    Cause Code = 100 (TBC)     |       Cause Length = 4        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
]]></artwork>
            </artset>
          </figure>
          <dl newline="true">
            <dt>Cause Code: 16 bits (unsigned integer)</dt>
            <dd>
              <t>This value MUST be set to 100 (TBC).</t>
            </dd>
            <dt>Cause Length: 16 bits (unsigned integer)</dt>
            <dd>
              <t>This value MUST be set to 4.</t>
            </dd>
          </dl>
          <t>This error cause MAY be included in an ABORT chunk.
It MUST NOT be included in any other chunk.</t>
        </section>
        <section anchor="enocommonpsi">
          <name>No Common DTLS Key Management Method</name>
          <t>The No Common DTLS Key Management Method error cause can be used by the receiver
of the packet containing the INIT chunk to indicate that the receiver does not
support any of the DTLS Key Management Methods offered by the sender of the packet
containing the INIT chunk.</t>
          <t>The format of this error cause is depicted in <xref target="error-cause-no-common-method"/>.</t>
          <figure anchor="error-cause-no-common-method">
            <name>Error Cause No Common DTLS Key Management Method</name>
            <artset>
              <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="112" width="528" viewBox="0 0 528 112" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                  <path d="M 8,64 L 8,96" fill="none" stroke="black"/>
                  <path d="M 184,64 L 184,72" fill="none" stroke="black"/>
                  <path d="M 184,88 L 184,96" fill="none" stroke="black"/>
                  <path d="M 216,64 L 216,72" fill="none" stroke="black"/>
                  <path d="M 216,88 L 216,96" fill="none" stroke="black"/>
                  <path d="M 264,64 L 264,96" fill="none" stroke="black"/>
                  <path d="M 520,64 L 520,96" fill="none" stroke="black"/>
                  <path d="M 8,64 L 520,64" fill="none" stroke="black"/>
                  <path d="M 8,96 L 520,96" fill="none" stroke="black"/>
                  <path class="jump" d="M 216,88 C 222,88 222,72 216,72" fill="none" stroke="black"/>
                  <path class="jump" d="M 184,88 C 178,88 178,72 184,72" fill="none" stroke="black"/>
                  <g class="text">
                    <text x="16" y="36">0</text>
                    <text x="176" y="36">1</text>
                    <text x="336" y="36">2</text>
                    <text x="496" y="36">3</text>
                    <text x="16" y="52">0</text>
                    <text x="32" y="52">1</text>
                    <text x="48" y="52">2</text>
                    <text x="64" y="52">3</text>
                    <text x="80" y="52">4</text>
                    <text x="96" y="52">5</text>
                    <text x="112" y="52">6</text>
                    <text x="128" y="52">7</text>
                    <text x="144" y="52">8</text>
                    <text x="160" y="52">9</text>
                    <text x="176" y="52">0</text>
                    <text x="192" y="52">1</text>
                    <text x="208" y="52">2</text>
                    <text x="224" y="52">3</text>
                    <text x="240" y="52">4</text>
                    <text x="256" y="52">5</text>
                    <text x="272" y="52">6</text>
                    <text x="288" y="52">7</text>
                    <text x="304" y="52">8</text>
                    <text x="320" y="52">9</text>
                    <text x="336" y="52">0</text>
                    <text x="352" y="52">1</text>
                    <text x="368" y="52">2</text>
                    <text x="384" y="52">3</text>
                    <text x="400" y="52">4</text>
                    <text x="416" y="52">5</text>
                    <text x="432" y="52">6</text>
                    <text x="448" y="52">7</text>
                    <text x="464" y="52">8</text>
                    <text x="480" y="52">9</text>
                    <text x="496" y="52">0</text>
                    <text x="512" y="52">1</text>
                    <text x="64" y="84">Cause</text>
                    <text x="108" y="84">Code</text>
                    <text x="136" y="84">=</text>
                    <text x="160" y="84">101</text>
                    <text x="200" y="84">TBC</text>
                    <text x="344" y="84">Cause</text>
                    <text x="396" y="84">Length</text>
                    <text x="432" y="84">=</text>
                    <text x="448" y="84">4</text>
                  </g>
                </svg>
              </artwork>
              <artwork type="ascii-art" align="center"><![CDATA[
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    Cause Code = 101 (TBC)     |       Cause Length = 4        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
]]></artwork>
            </artset>
          </figure>
          <dl newline="true">
            <dt>Cause Code: 16 bits (unsigned integer)</dt>
            <dd>
              <t>This value MUST be set to 101 (TBC).</t>
            </dd>
            <dt>Cause Length: 16 bits (unsigned integer)</dt>
            <dd>
              <t>This value MUST be set to 4.</t>
            </dd>
          </dl>
          <t>This error cause MAY be included in an ABORT chunk.
It MUST NOT be included in any other chunk.</t>
        </section>
        <section anchor="tiebreakercol">
          <name>DTLS Key Management Tie Breaker Collision</name>
          <t>The DTLS Key Management Tie Breaker Collision error cause can be used to
indicate that both sides chose the same tie breaker.</t>
          <t>The format of this error cause is depicted in <xref target="error-cause-tie-breaker-collision"/>.</t>
          <figure anchor="error-cause-tie-breaker-collision">
            <name>Error Cause DTLS Key Management Tie Breaker Collision</name>
            <artset>
              <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="112" width="528" viewBox="0 0 528 112" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                  <path d="M 8,64 L 8,96" fill="none" stroke="black"/>
                  <path d="M 184,64 L 184,72" fill="none" stroke="black"/>
                  <path d="M 184,88 L 184,96" fill="none" stroke="black"/>
                  <path d="M 216,64 L 216,72" fill="none" stroke="black"/>
                  <path d="M 216,88 L 216,96" fill="none" stroke="black"/>
                  <path d="M 264,64 L 264,96" fill="none" stroke="black"/>
                  <path d="M 520,64 L 520,96" fill="none" stroke="black"/>
                  <path d="M 8,64 L 520,64" fill="none" stroke="black"/>
                  <path d="M 8,96 L 520,96" fill="none" stroke="black"/>
                  <path class="jump" d="M 216,88 C 222,88 222,72 216,72" fill="none" stroke="black"/>
                  <path class="jump" d="M 184,88 C 178,88 178,72 184,72" fill="none" stroke="black"/>
                  <g class="text">
                    <text x="16" y="36">0</text>
                    <text x="176" y="36">1</text>
                    <text x="336" y="36">2</text>
                    <text x="496" y="36">3</text>
                    <text x="16" y="52">0</text>
                    <text x="32" y="52">1</text>
                    <text x="48" y="52">2</text>
                    <text x="64" y="52">3</text>
                    <text x="80" y="52">4</text>
                    <text x="96" y="52">5</text>
                    <text x="112" y="52">6</text>
                    <text x="128" y="52">7</text>
                    <text x="144" y="52">8</text>
                    <text x="160" y="52">9</text>
                    <text x="176" y="52">0</text>
                    <text x="192" y="52">1</text>
                    <text x="208" y="52">2</text>
                    <text x="224" y="52">3</text>
                    <text x="240" y="52">4</text>
                    <text x="256" y="52">5</text>
                    <text x="272" y="52">6</text>
                    <text x="288" y="52">7</text>
                    <text x="304" y="52">8</text>
                    <text x="320" y="52">9</text>
                    <text x="336" y="52">0</text>
                    <text x="352" y="52">1</text>
                    <text x="368" y="52">2</text>
                    <text x="384" y="52">3</text>
                    <text x="400" y="52">4</text>
                    <text x="416" y="52">5</text>
                    <text x="432" y="52">6</text>
                    <text x="448" y="52">7</text>
                    <text x="464" y="52">8</text>
                    <text x="480" y="52">9</text>
                    <text x="496" y="52">0</text>
                    <text x="512" y="52">1</text>
                    <text x="64" y="84">Cause</text>
                    <text x="108" y="84">Code</text>
                    <text x="136" y="84">=</text>
                    <text x="160" y="84">102</text>
                    <text x="200" y="84">TBC</text>
                    <text x="344" y="84">Cause</text>
                    <text x="396" y="84">Length</text>
                    <text x="432" y="84">=</text>
                    <text x="448" y="84">4</text>
                  </g>
                </svg>
              </artwork>
              <artwork type="ascii-art" align="center"><![CDATA[
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    Cause Code = 102 (TBC)     |       Cause Length = 4        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
]]></artwork>
            </artset>
          </figure>
          <dl newline="true">
            <dt>Cause Code: 16 bits (unsigned integer)</dt>
            <dd>
              <t>This value MUST be set to 102 (TBC).</t>
            </dd>
            <dt>Cause Length: 16 bits (unsigned integer)</dt>
            <dd>
              <t>This value MUST be set to 4.</t>
            </dd>
          </dl>
          <t>This error cause MAY be included in an ABORT chunk.
It MUST NOT be included in any other chunk.</t>
        </section>
        <section anchor="incompatroles">
          <name>Incompatible DTLS Key Management Roles</name>
          <t>The Incompatible DTLS Key Management Roles error cause can be used to
indicate that the roles chosen are incompatible.</t>
          <t>The format of this error cause is depicted in <xref target="error-cause-incompat-roles"/>.</t>
          <figure anchor="error-cause-incompat-roles">
            <name>Error Cause Incompatible DTLS Key Management Roles</name>
            <artset>
              <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="112" width="528" viewBox="0 0 528 112" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                  <path d="M 8,64 L 8,96" fill="none" stroke="black"/>
                  <path d="M 184,64 L 184,72" fill="none" stroke="black"/>
                  <path d="M 184,88 L 184,96" fill="none" stroke="black"/>
                  <path d="M 216,64 L 216,72" fill="none" stroke="black"/>
                  <path d="M 216,88 L 216,96" fill="none" stroke="black"/>
                  <path d="M 264,64 L 264,96" fill="none" stroke="black"/>
                  <path d="M 520,64 L 520,96" fill="none" stroke="black"/>
                  <path d="M 8,64 L 520,64" fill="none" stroke="black"/>
                  <path d="M 8,96 L 520,96" fill="none" stroke="black"/>
                  <path class="jump" d="M 216,88 C 222,88 222,72 216,72" fill="none" stroke="black"/>
                  <path class="jump" d="M 184,88 C 178,88 178,72 184,72" fill="none" stroke="black"/>
                  <g class="text">
                    <text x="16" y="36">0</text>
                    <text x="176" y="36">1</text>
                    <text x="336" y="36">2</text>
                    <text x="496" y="36">3</text>
                    <text x="16" y="52">0</text>
                    <text x="32" y="52">1</text>
                    <text x="48" y="52">2</text>
                    <text x="64" y="52">3</text>
                    <text x="80" y="52">4</text>
                    <text x="96" y="52">5</text>
                    <text x="112" y="52">6</text>
                    <text x="128" y="52">7</text>
                    <text x="144" y="52">8</text>
                    <text x="160" y="52">9</text>
                    <text x="176" y="52">0</text>
                    <text x="192" y="52">1</text>
                    <text x="208" y="52">2</text>
                    <text x="224" y="52">3</text>
                    <text x="240" y="52">4</text>
                    <text x="256" y="52">5</text>
                    <text x="272" y="52">6</text>
                    <text x="288" y="52">7</text>
                    <text x="304" y="52">8</text>
                    <text x="320" y="52">9</text>
                    <text x="336" y="52">0</text>
                    <text x="352" y="52">1</text>
                    <text x="368" y="52">2</text>
                    <text x="384" y="52">3</text>
                    <text x="400" y="52">4</text>
                    <text x="416" y="52">5</text>
                    <text x="432" y="52">6</text>
                    <text x="448" y="52">7</text>
                    <text x="464" y="52">8</text>
                    <text x="480" y="52">9</text>
                    <text x="496" y="52">0</text>
                    <text x="512" y="52">1</text>
                    <text x="64" y="84">Cause</text>
                    <text x="108" y="84">Code</text>
                    <text x="136" y="84">=</text>
                    <text x="160" y="84">103</text>
                    <text x="200" y="84">TBC</text>
                    <text x="344" y="84">Cause</text>
                    <text x="396" y="84">Length</text>
                    <text x="432" y="84">=</text>
                    <text x="448" y="84">4</text>
                  </g>
                </svg>
              </artwork>
              <artwork type="ascii-art" align="center"><![CDATA[
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    Cause Code = 103 (TBC)     |       Cause Length = 4        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
]]></artwork>
            </artset>
          </figure>
          <dl newline="true">
            <dt>Cause Code: 16 bits (unsigned integer)</dt>
            <dd>
              <t>This value MUST be set to 103 (TBC).</t>
            </dd>
            <dt>Cause Length: 16 bits (unsigned integer)</dt>
            <dd>
              <t>This value MUST be set to 4.</t>
            </dd>
          </dl>
          <t>This error cause MAY be included in an ABORT chunk.
It MUST NOT be included in any other chunk.</t>
        </section>
      </section>
    </section>
    <section anchor="procedures">
      <name>Procedures</name>
      <section anchor="establishment-procedure">
        <name>Establishment of a Protected Association</name>
        <t>An SCTP endpoint wanting to use the DTLS chunk can operate in one of two modes:</t>
        <dl>
          <dt>Strict DTLS mode:</dt>
          <dd>
            <t>The SCTP endpoint wants to use the DTLS chunk and is not willing to operate
without DTLS chunk protection.</t>
          </dd>
          <dt>Loose DTLS mode:</dt>
          <dd>
            <t>The SCTP endpoint want to use the DTLS chunk but is willing to operate without
DTLS chunk protection.</t>
          </dd>
        </dl>
        <t>A received DTLS Key Management Parameter is compatible, if the following two
conditions are satisfied:</t>
        <ol spacing="normal" type="1"><li>
            <t>At least one of the DTLS Key Management Identifiers listed in the parameter
matches a locally supported one.</t>
          </li>
          <li>
            <t>At least one of the roles (client or server) indicated in the parameter
complements a local role.</t>
          </li>
        </ol>
        <t>To initiate an SCTP association, an SCTP endpoint wanting to use the DTLS chunk
MUST send an SCTP packet with an INIT chunk containing the DTLS Key Management
Parameter (see <xref target="protectedassoc-parameter"/>).
This parameter lists the supported DTLS Key Management Identifiers
(see <xref target="key-management-parameter"/>) in descending order of preference.</t>
        <t>If an SCTP endpoint operating in strict DTLS mode receives an SCTP packet
containing an INIT chunk with a compatible DTLS Key Management Parameter,
it MUST reply with a packet containing an INIT ACK containing its own DTLS Key
Management Parameters.</t>
        <t>If an SCTP endpoint operates in strict DTLS mode and receives an SCTP packet
with an INIT or INIT ACK chunk does not contain any DTLS Key Management Parameter
or only an incompatible one, the endpoint MUST send an SCTP packet with an
ABORT chunk.
It MAY include the appropriate error cause
"Missing DTLS Chunk Support" (see <xref target="enoprotected"/>),
"No Common DTLS Key Management Method" (see <xref target="enocommonpsi"/>),
or "Incompatible DTLS Key Management Roles" (see <xref target="incompatroles"/>).</t>
        <t>If an SCTP endpoint operates in loose DTLS mode, it MAY continue with the
handshake in any case.</t>
        <t>To ensure that each endpoint's Key Management Method knows which role it has and
both endpoints agree on which method that was chosen the below procedure MUST be
executed by both endpoints before entering the ESTABLISHED state.</t>
        <t>First the Key Management role of each endpoint is determined. This is
done by evaluating the S and C bits in the two endpoints'
parameters. This falls into the following cases:</t>
        <ol spacing="normal" type="1"><li>
            <t>At least one endpoint indicates a single role (client or server) and the peer
supports the other role. In this case the endpoint indicating a single role
takes that role, and the other endpoint takes the reverse role.</t>
          </li>
          <li>
            <t>Both endpoints indicate both roles, this is to be expected for endpoints
supporting simultaneous open. In this case the role needs to be determined
using the parameter's Tie breaker. The endpoint with the larger value SHALL be
the server, and the other endpoint takes the client role. In case both
endpoints have the same tie breaker value, the selection has failed and the
association MUST be aborted.
The ABORT chunk MAY include the SCTP error cause
"DTLS Key Management Tie Breaker Collision" (see <xref target="tiebreakercol"/>).
Endpoints are RECOMMENDED to attempt establishing a new SCTP association.</t>
          </li>
        </ol>
        <t>Once the key management roles have been established, the endpoints
determine the method to be used. The prioritized list of DTLS Key
Management Identifiers provided by the endpoint acting as the server
is evaluated, and the first identifier also supported by the peer
endpoint is selected.</t>
        <t>When the SCTP association has been established, the process defined by the
selected DTLS Key Management Method MUST be followed for establishing
DTLS key contexts and installing them.</t>
      </section>
      <section anchor="dtls-chunk-handling">
        <name>DTLS Chunk Handling</name>
        <t>The DTLS chunk MUST NOT be bundled with any other chunk. Specifically,
it MUST appear as the first and only chunk in the packet.</t>
        <figure anchor="sctp-DTLS-encrypt-chunk-states-1">
          <name>Unprotected SCTP Packet</name>
          <artset>
            <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="208" width="528" viewBox="0 0 528 208" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 8,64 L 8,192" fill="none" stroke="black"/>
                <path d="M 520,64 L 520,192" fill="none" stroke="black"/>
                <path d="M 8,64 L 520,64" fill="none" stroke="black"/>
                <path d="M 8,96 L 520,96" fill="none" stroke="black"/>
                <path d="M 8,128 L 520,128" fill="none" stroke="black"/>
                <path d="M 8,160 L 520,160" fill="none" stroke="black"/>
                <path d="M 8,192 L 520,192" fill="none" stroke="black"/>
                <g class="text">
                  <text x="16" y="36">0</text>
                  <text x="176" y="36">1</text>
                  <text x="336" y="36">2</text>
                  <text x="496" y="36">3</text>
                  <text x="16" y="52">0</text>
                  <text x="32" y="52">1</text>
                  <text x="48" y="52">2</text>
                  <text x="64" y="52">3</text>
                  <text x="80" y="52">4</text>
                  <text x="96" y="52">5</text>
                  <text x="112" y="52">6</text>
                  <text x="128" y="52">7</text>
                  <text x="144" y="52">8</text>
                  <text x="160" y="52">9</text>
                  <text x="176" y="52">0</text>
                  <text x="192" y="52">1</text>
                  <text x="208" y="52">2</text>
                  <text x="224" y="52">3</text>
                  <text x="240" y="52">4</text>
                  <text x="256" y="52">5</text>
                  <text x="272" y="52">6</text>
                  <text x="288" y="52">7</text>
                  <text x="304" y="52">8</text>
                  <text x="320" y="52">9</text>
                  <text x="336" y="52">0</text>
                  <text x="352" y="52">1</text>
                  <text x="368" y="52">2</text>
                  <text x="384" y="52">3</text>
                  <text x="400" y="52">4</text>
                  <text x="416" y="52">5</text>
                  <text x="432" y="52">6</text>
                  <text x="448" y="52">7</text>
                  <text x="464" y="52">8</text>
                  <text x="480" y="52">9</text>
                  <text x="496" y="52">0</text>
                  <text x="512" y="52">1</text>
                  <text x="236" y="84">Common</text>
                  <text x="292" y="84">Header</text>
                  <text x="248" y="116">Chunk</text>
                  <text x="284" y="116">#1</text>
                  <text x="240" y="148">.</text>
                  <text x="256" y="148">.</text>
                  <text x="272" y="148">.</text>
                  <text x="248" y="180">Chunk</text>
                  <text x="284" y="180">#n</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art" align="center"><![CDATA[
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                         Common Header                         |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                           Chunk #1                            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                            . . .                              |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                           Chunk #n                            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
]]></artwork>
          </artset>
        </figure>
        <t>The diagram shown in <xref target="sctp-DTLS-encrypt-chunk-states-1"/> describes
the structure of an unprotected SCTP packet as described in <xref target="RFC9260"/>.</t>
        <figure anchor="sctp-DTLS-encrypt-chunk-states-2">
          <name>Protected SCTP Packets</name>
          <artset>
            <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="144" width="528" viewBox="0 0 528 144" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 8,64 L 8,128" fill="none" stroke="black"/>
                <path d="M 520,64 L 520,128" fill="none" stroke="black"/>
                <path d="M 8,64 L 520,64" fill="none" stroke="black"/>
                <path d="M 8,96 L 520,96" fill="none" stroke="black"/>
                <path d="M 8,128 L 520,128" fill="none" stroke="black"/>
                <g class="text">
                  <text x="16" y="36">0</text>
                  <text x="176" y="36">1</text>
                  <text x="336" y="36">2</text>
                  <text x="496" y="36">3</text>
                  <text x="16" y="52">0</text>
                  <text x="32" y="52">1</text>
                  <text x="48" y="52">2</text>
                  <text x="64" y="52">3</text>
                  <text x="80" y="52">4</text>
                  <text x="96" y="52">5</text>
                  <text x="112" y="52">6</text>
                  <text x="128" y="52">7</text>
                  <text x="144" y="52">8</text>
                  <text x="160" y="52">9</text>
                  <text x="176" y="52">0</text>
                  <text x="192" y="52">1</text>
                  <text x="208" y="52">2</text>
                  <text x="224" y="52">3</text>
                  <text x="240" y="52">4</text>
                  <text x="256" y="52">5</text>
                  <text x="272" y="52">6</text>
                  <text x="288" y="52">7</text>
                  <text x="304" y="52">8</text>
                  <text x="320" y="52">9</text>
                  <text x="336" y="52">0</text>
                  <text x="352" y="52">1</text>
                  <text x="368" y="52">2</text>
                  <text x="384" y="52">3</text>
                  <text x="400" y="52">4</text>
                  <text x="416" y="52">5</text>
                  <text x="432" y="52">6</text>
                  <text x="448" y="52">7</text>
                  <text x="464" y="52">8</text>
                  <text x="480" y="52">9</text>
                  <text x="496" y="52">0</text>
                  <text x="512" y="52">1</text>
                  <text x="236" y="84">Common</text>
                  <text x="292" y="84">Header</text>
                  <text x="236" y="116">DTLS</text>
                  <text x="280" y="116">Chunk</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art" align="center"><![CDATA[
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                         Common Header                         |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                          DTLS Chunk                           |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
]]></artwork>
          </artset>
        </figure>
        <t>The diagram shown in <xref target="sctp-DTLS-encrypt-chunk-states-2"/> describes the
structure of a protected SCTP packet being sent.  Such packets contain only the
SCTP common header and one DTLS chunk.</t>
        <t>Once the part of the DTLS key context responsible for sending DTLS chunks
has been configured by the application, all SCTP packets SHALL be sent using a DTLS chunk.</t>
        <t>When an SCTP packet needs to be sent, the sequence of chunks is used
as <tt>DTLSInnerPlaintext.content</tt> and <tt>DTLSInnerPlaintext.type</tt> is set
to <tt>application_data</tt> <xref target="RFC9147"/>.
Then the <tt>DTLSCiphertext</tt> is computed per the DTLS 1.3 specification <xref target="RFC9147"/>.
The cipher suite from the Primary DTLS Key Context is used, if configured.
Otherwise, the cipher suite from the Restart DTLS Key Context is used.
The resulting <tt>DTLSCiphertext</tt> is the chunk value of the DTLS chunk.
Finally the SCTP common header is prepended.</t>
        <t>When the DTLS chunk is used, the endpoint MUST consider the DTLS chunk header
and the overhead of DTLS to ensure that the final SCTP packet does not exceed
the PMTU.</t>
        <t>Upon receipt of an SCTP packet in which a DTLS chunk is bundled with any
other chunk, the entire packet MUST be silently discarded.</t>
        <t>After the application or key managment method has restricted the SCTP packet handling to protected
SCTP packets only, an SCTP packet not containing a DTLS chunk MUST be
silently discarded unless they contain an INIT or INIT-ACK chunk. The later
may be received during a SCTP restart procedure, see <xref target="sec-restart"/>.</t>
        <t>When processing the payload of the DTLS chunk (i.e. the <tt>DTLSCiphertext</tt>),
the Restart flag in addition to the <tt>unified_hdr</tt> is used to find the keys for
processing the <tt>encrypted_record</tt> following DTLS 1.3 <xref target="RFC9147"/>.</t>
        <t>After the <tt>encrypted_record</tt> has been verified and decrypted, the
corresponding chunks (the <tt>DTLSInnerPlaintext.content</tt>) are processed as
defined in the corresponding specifications.</t>
        <t>If the Chunk Protection Operator experiences a non-critical error,
it MUST NOT abort the association.</t>
      </section>
      <section anchor="termination-procedure">
        <name>Termination of a Protected Association</name>
        <t>Note that the state of any DTLS Key Management Method doesn't
impact the capability of terminating the SCTP association gracefully as
that capability only relies on the Key Context and not on the DTLS Key
Management Method from where it has been derived.</t>
      </section>
      <section anchor="sec-restart">
        <name>SCTP Restart Considerations</name>
        <t>This section deals with the handling of an unexpected INIT chunk
during an association lifetime as described in <xref section="5.2" sectionFormat="of" target="RFC9260"/>
with the purpose of defining a protected restart procedure.</t>
        <t>When the upper layer protocols require support of SCTP restart for associations
using the DTLS chunk, as in case of 3GPP NG-C protocol <xref target="ETSI-TS-38.413"/>, the
endpoint needs to support also the protected SCTP restart procedure described
below. Implementation of the protected restart procedure is RECOMMENDED; however,
it is not required, as it relies on the availability of persistent secure storage
for the restart DTLS key context. An endpoint will know that its peer supports
this protected SCTP restart procedure from the DTLS Key Management Parameter's R bit
(<xref target="protectedassoc-parameter"/>).</t>
        <t>The protected SCTP restart procedure keeps the security characteristics of
an SCTP association using DTLS chunks.</t>
        <t>In protected SCTP restart, INIT and INIT ACK chunks are sent
according to <xref target="RFC9260"/>, but COOKIE ECHO and COOKIE ACK chunks
are encrypted using DTLS chunks and the restart DTLS key contexts. The
endpoints MUST include the DTLS Key Management Parameter in the INIT
and INIT ACK, using the same method list, but with a new random Tie Breaker.</t>
        <t>In order to support protected SCTP restart, the SCTP endpoints need
to allocate and maintain dedicated restart DTLS key contexts. SCTP
packets protected by these contexts will be identified in the DTLS
chunk with the R (Restart) bit set (see <xref target="DTLS-chunk"/>).  Both SCTP
endpoints need to ensure that restart DTLS key contexts are preserved
for supporting the protected SCTP restart use case.</t>
        <t>For a protected SCTP endpoint to be available for protected SCTP restart,
the DTLS chunk requires access to a DTLS key context associated with the
SCTP association. This key context MUST be maintained in a well-defined
state such that both endpoints have a consistent view of the DTLS sequence
numbers and replay window (i.e., initialized but never used). The SCTP restart
DTLS key MUST NOT be used for any purpose other than SCTP association restart.</t>
        <t>An SCTP endpoint wanting to be able to initiate a protected SCTP restart needs
to store securely and persistently the restart keys, and related DTLS epoch,
indexed so that when performing a restart with a peer endpoint, the restarting
endpoint can identify the right restart key and DTLS epoch and
initialize the restart DTLS key context for when restarting the SCTP
association.</t>
        <t>The keys and epoch need to be stored securely and persistently so that they
survive the events that are causing the protected SCTP restart procedure to be
used, for instance a crash of the SCTP stack. The security considerations for
persistent secure storage of key material are further discussed in
<xref target="sec-consideration-storage"/>.</t>
        <t>A DTLS chunk using the restart DTLS key context is identified by
having the R bit (Restart Indicator) set in the DTLS chunk (see
<xref target="sctp-DTLS-chunk-newchunk-crypt-struct"/>).  There's exactly one
active restart DTLS key context at a time, the newest. However, a crash at
the time having completed the DTLS Key Management exchange but failing to
commit the DTLS key context to persistent secure storage could result
in loss of the latest DTLS key context. Therefore, the endpoints
SHOULD retain the old restart DTLS key context until the
DTLS Key Management confirms the new ones are committed to secure storage.
For example, this can ensure that signals to terminate the old DTLS
key contexts (including the restart context) are never sent until the
new restart DTLS key context has been committed to
storage.</t>
        <t>Implementations will also need to consider the risk of two-time pads,
i.e. the usage of the same nonce twice. An SCTP endpoint restarted and
sent a number of packets using the restart key context thus using
sequence number 1 to 8. If this endpoint restarts again, it is crucial
that the restarted endpoint does not reuse sequence number 1 to 8 a second
time. Ensuring that a sequence number is never reused in the context
of a crash may be hard, thus the simpler solution is to remove a restart
key context that is being used from the persistent storage to prevent
reuse.</t>
        <figure anchor="DTLS-chunk-restart">
          <name>Handshake of SCTP Restart for DTLS in SCTP</name>
          <artset>
            <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="240" width="528" viewBox="0 0 528 240" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 40,48 L 40,208" fill="none" stroke="black"/>
                <path d="M 408,48 L 408,208" fill="none" stroke="black"/>
                <path d="M 440,64 L 440,96" fill="none" stroke="black"/>
                <path d="M 440,144 L 440,176" fill="none" stroke="black"/>
                <path d="M 440,64 L 496,64" fill="none" stroke="black"/>
                <path d="M 40,80 L 208,80" fill="none" stroke="black"/>
                <path d="M 248,80 L 400,80" fill="none" stroke="black"/>
                <path d="M 48,96 L 192,96" fill="none" stroke="black"/>
                <path d="M 264,96 L 408,96" fill="none" stroke="black"/>
                <path d="M 440,96 L 496,96" fill="none" stroke="black"/>
                <path d="M 440,144 L 496,144" fill="none" stroke="black"/>
                <path d="M 40,160 L 112,160" fill="none" stroke="black"/>
                <path d="M 320,160 L 400,160" fill="none" stroke="black"/>
                <path d="M 48,176 L 112,176" fill="none" stroke="black"/>
                <path d="M 312,176 L 408,176" fill="none" stroke="black"/>
                <path d="M 440,176 L 496,176" fill="none" stroke="black"/>
                <path d="M 424,48 C 432.83064,48 440,55.16936 440,64" fill="none" stroke="black"/>
                <path d="M 424,112 C 432.83064,112 440,104.83064 440,96" fill="none" stroke="black"/>
                <path d="M 424,128 C 432.83064,128 440,135.16936 440,144" fill="none" stroke="black"/>
                <path d="M 424,192 C 432.83064,192 440,184.83064 440,176" fill="none" stroke="black"/>
                <polygon class="arrowhead" points="408,160 396,154.4 396,165.6" fill="black" transform="rotate(0,400,160)"/>
                <polygon class="arrowhead" points="408,80 396,74.4 396,85.6" fill="black" transform="rotate(0,400,80)"/>
                <polygon class="arrowhead" points="56,176 44,170.4 44,181.6" fill="black" transform="rotate(180,48,176)"/>
                <polygon class="arrowhead" points="56,96 44,90.4 44,101.6" fill="black" transform="rotate(180,48,96)"/>
                <g class="text">
                  <text x="40" y="36">Initiator</text>
                  <text x="408" y="36">Responder</text>
                  <text x="228" y="84">INIT</text>
                  <text x="472" y="84">Plain</text>
                  <text x="212" y="100">INIT</text>
                  <text x="248" y="100">ACK</text>
                  <text x="136" y="164">[DTLS</text>
                  <text x="212" y="164">CHUNK(COOKIE</text>
                  <text x="292" y="164">ECHO)]</text>
                  <text x="488" y="164">Protected</text>
                  <text x="136" y="180">[DTLS</text>
                  <text x="212" y="180">CHUNK(COOKIE</text>
                  <text x="288" y="180">ACK)]</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art" align="center"><![CDATA[
Initiator                                     Responder
    |                                             | -.
    |                                             |   +-------
    +--------------------(INIT)------------------>|   | Plain
    |<-----------------(INIT ACK)-----------------+   +-------
    |                                             | -'
    |                                             | -.
    |                                             |   +-------
    +---------[DTLS CHUNK(COOKIE ECHO)]---------->|   | Protected
    |<--------[DTLS CHUNK(COOKIE ACK)]------------+   +-------
    |                                             | -'
    |                                             |

]]></artwork>
          </artset>
        </figure>
        <t>The <xref target="DTLS-chunk-restart"/> shows how the control chunks being
used for SCTP association restart are transported within DTLS in SCTP.</t>
        <t>A restarted SCTP association MUST continue to use the restart DTLS key context
and MUST remove all primary DTLS key contexts.
Therefore, the restart DTLS key context is used for user traffic until a new
primary DTLS key context will be available.
The implementors SHOULD initiate a rekeying as soon as possible,
and derive the primary and restart keys so that the time when no
restart DTLS key context is available is kept to a minimum. Note that another
restart attempt prior to having created new restart DTLS key context
for the new SCTP association will result in the endpoints being unable
to restart the SCTP association.</t>
        <t>After restart, the next primary DTLS key context MUST use epoch 3,
i.e. the epoch value is reset. After having derived a new
primary DTLS key context, the endpoint installs it
and starts using it. The new restart DTLS key context is only installed
after all old in-flight restart packets are expected to have been received.</t>
        <t>An SCTP endpoint supporting only normal SCTP restart and involved in
an SCTP association using DTLS chunks SHOULD NOT attempt to restart
the association. The effect will be that the restart initiator will
receive INIT ACK but then all sent packets with COOKIE ECHO will be
dropped until the peer endpoint times out the SCTP association from lack
of any response from the restarting node.</t>
        <t>An SCTP endpoint supporting only legacy SCTP restart and involved in
an SCTP association using DTLS chunks, when receiving what is expected
to be an COOKIE ECHO chunk protected by DTLS chunk as described above,
in other words if it receives a SCTP packet with a DTLS chunk having
the R bit (Restart Indicator) set in the DTLS chunk (see
<xref target="sctp-DTLS-chunk-newchunk-crypt-struct"/>), MUST silently discard it.</t>
      </section>
    </section>
    <section anchor="key-management-considerations">
      <name>DTLS Key Management Method Considerations</name>
      <t>This document specifies the mechanisms for protecting SCTP associations using
DTLS chunks, including an API for managing the corresponding key material.
While this document defines the interface, the upper layer is responsible
for the actual key management.</t>
      <t>DTLS Key Management Methods define the procedures for initial key generation,
key updates and peer authentication. These procedures are out of scope for
this document.
Currently two DTLS Key Management Methods with different properties (such as
mutual authentication and rekeying) are defined:</t>
      <ul spacing="normal">
        <li>
          <t><xref target="I-D.ietf-tsvwg-dtls-chunk-key-management"/></t>
        </li>
        <li>
          <t><xref target="I-D.porfiri-tsvwg-sctp-dtls-handshake"/></t>
        </li>
      </ul>
      <t>An SCTP endpoint MAY support multiple DTLS Key Management Methods subject to
implementation requirements and local security policies.</t>
      <t>Every DTLS Key Management Method</t>
      <ul spacing="normal">
        <li>
          <t>MUST be registered in the IANA Registry <xref target="IANA-Protection-Solution-ID"/>
to receive a unique identifier, enabling negotiation during the SCTP handshake.</t>
        </li>
        <li>
          <t>SHOULD use the PPID from <xref target="sec-iana-ppid"/> to ensure that the DTLS Key
Management Method related user messages are processed by the relevant entity.</t>
        </li>
        <li>
          <t>SHOULD ensure that the local receive keys are installed before the peer
installs the corresponding send keys.</t>
        </li>
        <li>
          <t>MUST include in its key derivation the DTLS Key Management Parameter
(including the parameter header and excluding the optional padding) as the
sequence of bytes sent and received over the network during the SCTP handshake,
to mitigate downgrade attacks.</t>
        </li>
      </ul>
    </section>
    <section anchor="abstract-api">
      <name>Abstract API</name>
      <t>This section describes an abstract API that is needed between a
DTLS Key Management Method and the DTLS chunk. This is an
example API and there are alternative implementations.</t>
      <t>This API enables the cryptographic protection operations by setting
record payload key, sequence number keys, and initialization vector
(IV) for primary and restart DTLS contexts in both send and receive
direction. The record payload key is used by the cipher suite for DTLS
record protection (<xref section="5.2" sectionFormat="of" target="RFC8446"/>). The initialization
vector (IV) is random material used to XOR with the sequence number to
create the nonce per <xref section="5.3" sectionFormat="of" target="RFC8446"/>.  The sequence number
key is used to encrypt the sequence number (<xref section="4.2.3" sectionFormat="of" target="RFC9147"/>).</t>
      <t>As this API references the key material as for send or receive, it will
be the responsibility of the Key Management Method used to define how
it maps the endpoint's role to which keys are for send and receive
direction respectively.</t>
      <section anchor="set-supported-dtls-key-management-parameters">
        <name>Set Supported DTLS Key Management Parameters</name>
        <t>Prior to attempting to establish an SCTP association an SCTP endpoint
needs to configure which DTLS Key Management Methods it supports, as
well as the roles and if restart is supported. This information is
included in the DTLS Key Management Parameter, which, when these
parameters are set, will be included in either INIT or INIT ACK chunks.</t>
        <t>An endpoint can either support: client only, server only, or client
and server. The latter is for situations where both endpoints may attempt
to establish an SCTP association towards each other, potentially
causing a simultaneous sending of INIT chunks. Depending on port
configuration SCTP supports this happening during the association
establishment, and the result will be a single SCTP association. However,
to select the same Key Management Method on both sides, the SCTP stack
will resolve the key management role for this association.</t>
        <t>Request: Set Supported DTLS Key Management Methods</t>
        <dl>
          <dt>Parameters:</dt>
          <dd>
            <t/>
          </dd>
          <dt>* SCTP Association Handle:</dt>
          <dd>
            <t>The handle to what may become an SCTP Association or a server port
accepting association establishment.</t>
          </dd>
        </dl>
        <ul spacing="normal">
          <li>
            <dl>
              <dt>Key Management Roles Supported:</dt>
              <dd>
                <t>The endpoint indicates if it can act as client only, server only,
or client and server.</t>
              </dd>
            </dl>
          </li>
          <li>
            <dl>
              <dt>Support SCTP Restart (boolean):</dt>
              <dd>
                <t>Indicate if the endpoint is capable of supporting SCTP restart when DTLS chunk
has been negotiated. If both endpoints indicate flag then a restart has the
potential to succeed.</t>
              </dd>
            </dl>
          </li>
          <li>
            <dl>
              <dt>Requires DTLS Chunk security (boolean):</dt>
              <dd>
                <t>SCTP association is only established if both endpoints support DTLS
Chunk and have included the DTLS Key Management Parameter.</t>
              </dd>
            </dl>
          </li>
          <li>
            <dl>
              <dt>List of Identifiers:</dt>
              <dd>
                <t>A prioritized list of DTLS Key Management identifiers
<xref target="IANA-Protection-Solution-ID"/> that are supported, from the most
preferred to the least preferred.</t>
              </dd>
            </dl>
          </li>
        </ul>
        <t>Reply: Success or Error</t>
        <t>Parameters: None</t>
      </section>
      <section anchor="get-agreed-dtls-key-management-method-and-role">
        <name>Get Agreed DTLS Key Management Method and Role</name>
        <t>After an SCTP association has been established the key management
function needs to know which method was agreed on and which role this
endpoint will have. The function provides both endpoints' actual
values from the DTLS Key Management Parameter, used in key derivation
to prevent downgrade attacks.</t>
        <t>Request: Get Agreed DTLS Key Management Method and Role</t>
        <dl>
          <dt>Parameters:</dt>
          <dd>
            <t/>
          </dd>
          <dt>* SCTP Association Handle:</dt>
          <dd>
            <t>The handle to an established SCTP Association.</t>
          </dd>
        </dl>
        <t>Reply: Success or Error</t>
        <t>Parameters:</t>
        <ul spacing="normal">
          <li>
            <dl>
              <dt>Key Management Role:</dt>
              <dd>
                <t>The role that was selected for this endpoint, one of client or server.</t>
              </dd>
            </dl>
          </li>
          <li>
            <dl>
              <dt>Key Management Method:</dt>
              <dd>
                <t>The selected Key Management Method as a DTLS Key Management Identifier.</t>
              </dd>
            </dl>
          </li>
          <li>
            <dl>
              <dt>Down Grade Prevention Data:</dt>
              <dd>
                <t>In network byte order the whole of the DTLS Key Management Parameter
including header and excluding padding that the endpoint with the
client role offered, followed by the corresponding parameter content
of the endpoint with the server role in seperable records.</t>
              </dd>
            </dl>
          </li>
        </ul>
      </section>
      <section anchor="cipher-suite-capabilities">
        <name>Cipher Suite Capabilities</name>
        <t>The DTLS Key Management Method needs to know which cipher suites defined
for use with DTLS 1.3 that are supported by the DTLS chunk and its
protection operations block. All TLS cipher suites that are defined are
listed in the TLS cipher suite registry <xref target="TLS-CIPHER-SUITES"/> at IANA
and are identified by a 2-byte value. Thus this needs to return a list
of all supported cipher suites to the higher layer.</t>
        <t>Request : Get Cipher Suites</t>
        <t>Parameters : none</t>
        <t>Reply   : Cipher Suites</t>
        <t>Parameters : list of cipher suites</t>
      </section>
      <section anchor="sec-api-send-key">
        <name>Establish Send Key Material</name>
        <t>The DTLS chunk can use one out of multiple sets of cipher suite and
corresponding key materials. Some limitations do exists when establishing
Key Material to avoid issues:</t>
        <ul spacing="normal">
          <li>
            <t>Primary Keys have to be installed prior to Restart Keys for each epoch to avoid
them being used unless this endpoint is attempting a restart.</t>
          </li>
          <li>
            <t>With the exception of restart keys when this endpoint attempts
restart of the SCTP association, the first DTLS epoch set in an
association needs to be 3. Any subsequent epoch uses the next
consecutive number compared to the previously used.</t>
          </li>
        </ul>
        <t>The following information needs to be provided when setting send key material:</t>
        <t>Request : Establish Send Key Material</t>
        <t>Parameters :</t>
        <ul spacing="normal">
          <li>
            <dl>
              <dt>SCTP Association:</dt>
              <dd>
                <t>Reference to the SCTP association to set the key material for.</t>
              </dd>
            </dl>
          </li>
          <li>
            <dl>
              <dt>Restart indication:</dt>
              <dd>
                <t>A bit indicating whether the key material is for restart purposes</t>
              </dd>
            </dl>
          </li>
          <li>
            <dl>
              <dt>DTLS Epoch:</dt>
              <dd>
                <t>The DTLS epoch this key material is valid for. Note that Epoch lower than
3 are not expected as they are used during DTLS handshake.</t>
              </dd>
            </dl>
          </li>
          <li>
            <dl>
              <dt>Cipher Suite:</dt>
              <dd>
                <t>2 bytes cipher suite identification for the DTLS 1.3 cipher suite used
to identify the DTLS AEAD algorithm to perform the DTLS record protection.
The cipher suite is fixed for a (SCTP Association, Key) pair.</t>
              </dd>
            </dl>
          </li>
          <li>
            <dl>
              <dt>Key Material:</dt>
              <dd>
                <t>The cipher suite specific binary object containing all necessary
information for protection operations such as Record Payload Key,
Sequence Number Key and IV. The secret will be used by the DTLS 1.3
client to encrypt the record. Binary arbitrary long object depending
on the cipher suite used.</t>
              </dd>
            </dl>
          </li>
        </ul>
        <t>Reply: Established or Failed</t>
      </section>
      <section anchor="establish-receive-key-material">
        <name>Establish Receive Key Material</name>
        <t>The DTLS chunk can use one out of multiple sets of cipher suite and
corresponding key materials.</t>
        <t>The following information needs to be provided when setting receive key material:</t>
        <t>Request : Establish Receive Key Material</t>
        <t>Parameters :</t>
        <ul spacing="normal">
          <li>
            <dl>
              <dt>SCTP Association:</dt>
              <dd>
                <t>Reference to the SCTP association to set the key material for.</t>
              </dd>
            </dl>
          </li>
          <li>
            <dl>
              <dt>Restart indication:</dt>
              <dd>
                <t>A bit indicating whether the key material is for restart purposes</t>
              </dd>
            </dl>
          </li>
          <li>
            <dl>
              <dt>DTLS Epoch:</dt>
              <dd>
                <t>The DTLS epoch these keys are valid for. With the exception of
restart keys when this endpoint attempts restart of the SCTP
association, the first DTLS epoch set in an association needs to be</t>
              </dd>
            </dl>
            <ol spacing="normal" type="1"><li>
                <t>Any subsequent epoch uses the next consecutive number compared
to the previously used.</t>
              </li>
            </ol>
          </li>
          <li>
            <dl>
              <dt>Cipher Suite:</dt>
              <dd>
                <t>2 bytes cipher suite identification for the DTLS 1.3 cipher suite used
to identify the DTLS AEAD algorithm to perform the DTLS record protection.
The cipher suite is fixed for a (SCTP Association, Key) pair.</t>
              </dd>
            </dl>
          </li>
          <li>
            <dl>
              <dt>Key Material:</dt>
              <dd>
                <t>The cipher suite specific binary object containing all necessary
information for protection operations such as Record Payload Key,
Sequence Number Key and IV. The secret will be used by the DTLS 1.3
client to encrypt the record. Binary arbitrary long object depending
on the cipher suite used.</t>
              </dd>
            </dl>
          </li>
        </ul>
        <t>Reply : Established or Failed</t>
      </section>
      <section anchor="destroy-send-key-material">
        <name>Destroy Send Key Material</name>
        <t>A function to destroy the send key material for a given epoch for the
Primary or Restart DTLS Key Context for a given SCTP Association.</t>
        <t>Request : Destroy Send Key Material</t>
        <t>Parameters :</t>
        <ul spacing="normal">
          <li>
            <t>SCTP Association</t>
          </li>
          <li>
            <t>Restart indication</t>
          </li>
          <li>
            <t>DTLS Epoch</t>
          </li>
        </ul>
        <t>Reply: Destroyed</t>
        <t>Parameters : Success or Error</t>
      </section>
      <section anchor="destroy-receive-key-material">
        <name>Destroy Receive Key Material</name>
        <t>A function to destroy the receive key material for a given epoch for
the Primary or Restart DTLS Key Context for a given SCTP Association.</t>
        <t>Request: Destroy Receive Key Material</t>
        <t>Parameters:</t>
        <ul spacing="normal">
          <li>
            <t>SCTP Association</t>
          </li>
          <li>
            <t>Restart indication</t>
          </li>
          <li>
            <t>DTLS Epoch</t>
          </li>
        </ul>
        <t>Reply: Destroyed</t>
        <t>Parameters: Success or Error</t>
      </section>
      <section anchor="set-key-to-use">
        <name>Set Key to Use</name>
        <t>Set which key to use to protect the future SCTP packets sent by the
SCTP Association. This function can be replace by Establish Send Key
Material which immediately enables the primary key for the next epoch
when installed.</t>
        <t>Setting the restart keys to be used instead of primary keys can only
be done when attempting to perform a restart of the SCTP association.</t>
        <t>Request: Set Key used</t>
        <t>Parameters:</t>
        <ul spacing="normal">
          <li>
            <t>SCTP Association</t>
          </li>
          <li>
            <t>Restart indication</t>
          </li>
          <li>
            <t>DTLS Epoch</t>
          </li>
        </ul>
        <t>Reply: Key set</t>
        <t>Parameters: true or false</t>
      </section>
      <section anchor="require-protected-sctp-packets">
        <name>Require Protected SCTP Packets</name>
        <t>A function to configure an SCTP association to require that all SCTP
packets, excepts those with INIT or INIT ACK chunks, being received on
this endpoint are required to be protected in a DTLS chunk going
forward. Any unprotected SCTP packets to this SCTP association will be
discarded.</t>
        <t>Parameters:</t>
        <ul spacing="normal">
          <li>
            <t>SCTP Association</t>
          </li>
        </ul>
        <t>Reply: Acknowledgement</t>
      </section>
      <section anchor="get-aead-encryption-invocations">
        <name>Get AEAD Encryption Invocations</name>
        <t>Get the number of AEAD encryption invocations (protected SCTP packets)
for a given epoch.</t>
        <t>Request : Get AEAD Encryption Invocations</t>
        <t>Parameters :</t>
        <ul spacing="normal">
          <li>
            <t>SCTP Association</t>
          </li>
          <li>
            <t>Restart indication</t>
          </li>
          <li>
            <t>DTLS Epoch</t>
          </li>
        </ul>
        <t>Reply: AEAD Encryption Invocations</t>
        <t>Parameters : non-negative integer</t>
      </section>
      <section anchor="get-aead-decryption-invocations">
        <name>Get AEAD Decryption Invocations</name>
        <t>Get the number of AEAD decryption invocations for a given epoch.</t>
        <t>Request : Get AEAD Decryption Invocations</t>
        <t>Parameters :</t>
        <ul spacing="normal">
          <li>
            <t>SCTP Association</t>
          </li>
          <li>
            <t>Restart indication</t>
          </li>
          <li>
            <t>DTLS Epoch</t>
          </li>
        </ul>
        <t>Reply: AEAD Decryption Invocations</t>
        <t>Parameters : non-negative integer</t>
      </section>
      <section anchor="get-failed-aead-decryption-invocations">
        <name>Get Failed AEAD Decryption Invocations</name>
        <t>Get the number of failed AEAD decryption invocations for a given epoch.</t>
        <t>Request : Get Failed AEAD Decryption Invocations</t>
        <t>Parameters :</t>
        <ul spacing="normal">
          <li>
            <t>SCTP Association</t>
          </li>
          <li>
            <t>Restart indication</t>
          </li>
          <li>
            <t>DTLS Epoch</t>
          </li>
        </ul>
        <t>Reply: Failed AEAD Decryption Invocations</t>
        <t>Parameters : non-negative integer</t>
      </section>
      <section anchor="configure-replay-protection">
        <name>Configure Replay Protection</name>
        <t>The DTLS replay protection in this usage is expected to be fairly
robust. Its depth of handling is related to maximum network path
reordering that the receiver expects to see during the SCTP
association. However as the actual reordering in number of packets is
a combination of how delayed one packet may be compared to another,
times the actual packet rate. This value may become larger for some
applications and may need to be tuned. Thus, having the potential for
setting this a more suitable value depending on the use case should be
supported.</t>
        <t>Note this sets the configuration across any DTLS key context for a
given SCTP Association and both primary and restart usages.</t>
        <t>Request : Configure Replay Protection</t>
        <t>Parameters :</t>
        <ul spacing="normal">
          <li>
            <t>SCTP Association</t>
          </li>
          <li>
            <t>Restart indication</t>
          </li>
          <li>
            <t>Configuration parameters</t>
          </li>
        </ul>
        <t>Reply: Replay Protection Configured</t>
        <t>Parameters : true or false</t>
      </section>
    </section>
    <section anchor="socket-api">
      <name>Socket API Considerations</name>
      <t>This section describes how the socket API defined in <xref target="RFC6458"/> needs to be
extended to provide a way for the application to control the usage of the
DTLS chunk.</t>
      <t>A 'Socket API Considerations' section is contained in all SCTP-related
specifications published after <xref target="RFC6458"/> describing an extension for which
implementations using the socket API as specified in <xref target="RFC6458"/> would require
some extension of the socket API.
Please note that this section is informational only.</t>
      <t>Please also note, that the API described in this section can change in a
non-backwards compatible way during the evolution of this document due to
changed functionality or gained experience during the implementation.</t>
      <t>A socket API implementation based on <xref target="RFC6458"/> is extended by supporting
several new <tt>IPPROTO_SCTP</tt>-level socket options and a new flag for
<tt>recvmsg()</tt>.</t>
      <section anchor="sctpassocchange-notification">
        <name><tt>SCTP_ASSOC_CHANGE</tt> Notification</name>
        <t>When an <tt>SCTP_ASSOC_CHANGE</tt> notification (specified in <xref section="6.1.1" sectionFormat="of" target="RFC6458"/>) is delivered indicating a <tt>sac_state</tt> of <tt>SCTP_COMM_UP</tt> or
<tt>SCTP_RESTART</tt> for an SCTP association where both peers support the
DTLS chunk, <tt>SCTP_ASSOC_SUPPORTS_DTLS</tt> should be listed in the
<tt>sac_info</tt> field.</t>
      </section>
      <section anchor="a-new-flag-for-recvmsg-msgprotected">
        <name>A New Flag for <tt>recvmsg()</tt> (<tt>MSG_PROTECTED</tt>)</name>
        <t>This flag is returned by <tt>recvmsg()</tt> in <tt>msg_flags</tt> for all user messages
for which all DATA chunks were received in protected SCTP packets.
This also means that if <tt>sctp_recvv()</tt> is used, <tt>MSG_PROTECTED</tt> is returned
in the <tt>*flags</tt> argument.</t>
      </section>
      <section anchor="functions">
        <name>Functions</name>
        <section anchor="sctpdtlsnrciphersuites">
          <name><tt>sctp_dtls_nr_cipher_suites()</tt></name>
          <t><tt>sctp_dtls_nr_cipher_suites()</tt> returns the number of cipher suites supported
by the SCTP implementation.</t>
          <t>The function prototype is:</t>
          <sourcecode type="c"><![CDATA[
unsigned int
sctp_dtls_nr_cipher_suites(void);
]]></sourcecode>
          <t>This function can be used in combination with <tt>sctp_dtls_cipher_suites()</tt>.</t>
        </section>
        <section anchor="sctpdtlsciphersuites">
          <name><tt>sctp_dtls_cipher_suites()</tt></name>
          <t><tt>sctp_dtls_cipher_suites()</tt> returns the cipher suites supported by the
SCTP implementation.</t>
          <t>The function prototype is:</t>
          <sourcecode type="c"><![CDATA[
int
sctp_dtls_cipher_suites(uint8_t cipher_suites[][2], unsigned int n);
]]></sourcecode>
          <dl>
            <dt>and the arguments are</dt>
            <dd>
              <t/>
            </dd>
            <dt><tt>cipher_suites</tt>:</dt>
            <dd>
              <t>An array where the supported cipher suites are stored. A cipher suite is
represented by two <tt>uint8_t</tt> using the IANA assigned values in the
TLS cipher suite registry <xref target="TLS-CIPHER-SUITES"/>.</t>
            </dd>
            <dt><tt>n</tt>:</dt>
            <dd>
              <t>The number of cipher suites which can be stored in <tt>cipher_suites</tt>.</t>
            </dd>
          </dl>
          <t><tt>sctp_dtls_cipher_suites</tt> returns <tt>-1</tt>, if <tt>n</tt> is smaller than the number
of cipher suites supported by the stack. If <tt>n</tt> is equal to or larger than
the number of cipher suites supported by the SCTP implementation, the
cipher suites are stored in <tt>cipher_suites</tt> and the number of supported
cipher suites is returned.</t>
        </section>
      </section>
      <section anchor="socket-options">
        <name>Socket Options</name>
        <t>The following table provides an overview of the <tt>IPPROTO_SCTP</tt>-level socket
options defined by this section.</t>
        <table anchor="socket-options-table">
          <name>Socket Options</name>
          <thead>
            <tr>
              <th align="left">Option Name</th>
              <th align="left">Data Type</th>
              <th align="left">Set</th>
              <th align="left">Get</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">
                <tt>SCTP_DTLS_LOCAL_CONFIG</tt></td>
              <td align="left">
                <tt>struct sctp_dtls_config</tt></td>
              <td align="left">X</td>
              <td align="left">X</td>
            </tr>
            <tr>
              <td align="left">
                <tt>SCTP_DTLS_GET_CONFIG</tt></td>
              <td align="left">
                <tt>struct sctp_dtls_config</tt></td>
              <td align="left"> </td>
              <td align="left">X</td>
            </tr>
            <tr>
              <td align="left">
                <tt>SCTP_DTLS_GET_LOCAL_KM_PARAM</tt></td>
              <td align="left">
                <tt>struct sctp_dtls_kmp</tt></td>
              <td align="left"> </td>
              <td align="left">X</td>
            </tr>
            <tr>
              <td align="left">
                <tt>SCTP_DTLS_GET_PEER_KM_PARAM</tt></td>
              <td align="left">
                <tt>struct sctp_dtls_kmp</tt></td>
              <td align="left"> </td>
              <td align="left">X</td>
            </tr>
            <tr>
              <td align="left">
                <tt>SCTP_DTLS_SET_SEND_KEYS</tt></td>
              <td align="left">
                <tt>struct sctp_dtls_keys</tt></td>
              <td align="left">X</td>
              <td align="left"> </td>
            </tr>
            <tr>
              <td align="left">
                <tt>SCTP_DTLS_ADD_RECV_KEYS</tt></td>
              <td align="left">
                <tt>struct sctp_dtls_keys</tt></td>
              <td align="left">X</td>
              <td align="left"> </td>
            </tr>
            <tr>
              <td align="left">
                <tt>SCTP_DTLS_DEL_RECV_KEYS</tt></td>
              <td align="left">
                <tt>struct sctp_dtls_keys_id</tt></td>
              <td align="left">X</td>
              <td align="left"> </td>
            </tr>
            <tr>
              <td align="left">
                <tt>SCTP_DTLS_ENFORCE_PROTECTION</tt></td>
              <td align="left">
                <tt>struct sctp_assoc_value</tt></td>
              <td align="left">X</td>
              <td align="left">X</td>
            </tr>
            <tr>
              <td align="left">
                <tt>SCTP_DTLS_REPLAY_WINDOW</tt></td>
              <td align="left">
                <tt>struct sctp_assoc_value</tt></td>
              <td align="left">X</td>
              <td align="left">X</td>
            </tr>
            <tr>
              <td align="left">
                <tt>SCTP_DTLS_GET_STATS</tt></td>
              <td align="left">
                <tt>struct sctp_dtls_stats</tt></td>
              <td align="left"> </td>
              <td align="left">X</td>
            </tr>
          </tbody>
        </table>
        <t><tt>sctp_opt_info()</tt> needs to be extended to support:</t>
        <ul spacing="normal">
          <li>
            <t><tt>SCTP_DTLS_LOCAL_CONFIG</tt>,</t>
          </li>
          <li>
            <t><tt>SCTP_DTLS_GET_CONFIG</tt>,</t>
          </li>
          <li>
            <t><tt>SCTP_DTLS_GET_LOCAL_KM_PARAM</tt>,</t>
          </li>
          <li>
            <t><tt>SCTP_DTLS_GET_PEER_KM_PARAM</tt>,</t>
          </li>
          <li>
            <t><tt>SCTP_DTLS_ENFORCE_PROTECTION</tt>,</t>
          </li>
          <li>
            <t><tt>SCTP_DTLS_REPLAY_WINDOW</tt>, and</t>
          </li>
          <li>
            <t><tt>SCTP_DTLS_GET_STATS</tt>.</t>
          </li>
        </ul>
        <section anchor="get-or-set-the-local-dtls-key-management-configuration-sctpdtlslocalconfig">
          <name>Get or Set the Local DTLS Key Management Configuration (<tt>SCTP_DTLS_LOCAL_CONFIG</tt>)</name>
          <t>This socket option allows to get and set the DTLS Key Management identifiers being
sent to the peer during the handshake, the supported DTLS roles, and determines
whether the restart operation is supported and the use of the DTLS chunk is
required.</t>
          <t>The following structure is used as the <tt>option_value</tt>:</t>
          <sourcecode type="c"><![CDATA[
struct sctp_dtls_config {
        sctp_assoc_t sdc_assoc_id;
        uint16_t sdc_flags;
        uint16_t sdc_nr_kmids;
        uint8_t sdc_kmids[];
};
]]></sourcecode>
          <dl>
            <dt><tt>sdc_assoc_id</tt>:</dt>
            <dd>
              <t>This parameter is ignored for one-to-one style sockets.
For one-to-many style sockets, this parameter indicates upon which
SCTP association the caller is performing the action.
For <tt>setsockopt()</tt>, only <tt>SCTP_FUTURE_ASSOC</tt> can be used.</t>
            </dd>
            <dt><tt>sdc_flags</tt>:</dt>
            <dd>
              <dl>
                <dt>This field may contain any of the following flags and is composed of a</dt>
                <dd>
                  <t/>
                </dd>
                <dt>bitwise OR of these values.</dt>
                <dd>
                  <t/>
                </dd>
                <dt><tt>SCTP_DTLS_CLIENT</tt>:</dt>
                <dd>
                  <t>All Key Management Methods in <tt>sdc_kmids</tt> can operate as a DTLS client.</t>
                </dd>
                <dt><tt>SCTP_DTLS_SERVER</tt>:</dt>
                <dd>
                  <t>All Key Management Methods in <tt>sdc_kmids</tt> can operate as a DTLS server.</t>
                </dd>
                <dt><tt>SCTP_DTLS_RESTART</tt>:</dt>
                <dd>
                  <t>All Key Management Methods in <tt>sdc_kmids</tt> support the restart operation.</t>
                </dd>
                <dt><tt>SCTP_DTLS_REQUIRED</tt>:</dt>
                <dd>
                  <t>If this flag is set, the SCTP endpoint operates in strict DTLS mode.
Otherwise, it operates in loose DTLS mode.</t>
                </dd>
              </dl>
            </dd>
            <dt><tt>sdc_nr_kmids</tt>:</dt>
            <dd>
              <t>The number of entries in <tt>sdc_kmids</tt>.</t>
            </dd>
            <dt><tt>sdc_kmids</tt>:</dt>
            <dd>
              <t>The DTLS Key Management identifiers which will be sent to the peer
in the DTLS Key Management Parameter in the sequence provided.</t>
            </dd>
          </dl>
          <t>This socket option can be used with <tt>setsockopt()</tt> only for SCTP endpoints in
the <tt>SCTP_CLOSED</tt> state for configuration.
It can be used with <tt>getsockopt()</tt> in any state.</t>
        </section>
        <section anchor="get-the-dtls-key-management-configuration-sctpdtlsgetconfig">
          <name>Get the DTLS Key Management Configuration (<tt>SCTP_DTLS_GET_CONFIG</tt>)</name>
          <t>This socket option reports the DTLS Key Management Parameters negotiated during
the handshake.</t>
          <t>The following structure is used as the <tt>option_value</tt>:</t>
          <sourcecode type="c"><![CDATA[
struct sctp_dtls_config {
        sctp_assoc_t sdc_assoc_id;
        uint16_t sdc_flags;
        uint16_t sdc_nr_kmids;
        uint8_t sdc_kmids[];
};
]]></sourcecode>
          <dl>
            <dt><tt>sdc_assoc_id</tt>:</dt>
            <dd>
              <t>This parameter is ignored for one-to-one style sockets.
For one-to-many style sockets, this parameter indicates upon which
SCTP association the caller is performing the action.
It is an error to use <tt>SCTP_{FUTURE|CURRENT|ALL}_ASSOC</tt>.</t>
            </dd>
            <dt><tt>sdc_flags</tt>:</dt>
            <dd>
              <dl>
                <dt>This field contains any of the following flags and is composed of a bitwise</dt>
                <dd>
                  <t/>
                </dd>
                <dt>OR of these values.</dt>
                <dd>
                  <t/>
                </dd>
                <dt><tt>SCTP_DTLS_CLIENT</tt>:</dt>
                <dd>
                  <t>Indicates that the Key Management Method provided in <tt>sdc_kmids</tt> acts as
a client.</t>
                </dd>
                <dt><tt>SCTP_DTLS_SERVER</tt>:</dt>
                <dd>
                  <t>Indicates that the Key Management Method provided in <tt>sdc_kmids</tt> acts as
a server.</t>
                </dd>
                <dt><tt>SCTP_DTLS_RESTART</tt>:</dt>
                <dd>
                  <t>Indicates that the Key Management Method provided in <tt>sdc_kmids</tt> supports
the restart operation.</t>
                </dd>
              </dl>
            </dd>
            <dt><tt>sdc_nr_kmids</tt>:</dt>
            <dd>
              <t>The number of entries in <tt>sdc_kmids</tt>.
A value of 1 indicates that DTLS chunk support was successfully negotiated,
while a value of 0 indicates negotiation failed.</t>
            </dd>
            <dt><tt>sdc_kmids</tt>:</dt>
            <dd>
              <t>The DTLS Key Management identifier which was negotiated.</t>
            </dd>
          </dl>
          <t>This socket option will fail on any SCTP endpoint in state <tt>SCTP_CLOSED</tt>,
<tt>SCTP_COOKIE_WAIT</tt> and <tt>SCTP_COOKIE_ECHOED</tt>.</t>
        </section>
        <section anchor="get-the-local-dtls-key-management-parameter-sctpdtlsgetlocalkmparam">
          <name>Get the Local DTLS Key Management Parameter (<tt>SCTP_DTLS_GET_LOCAL_KM_PARAM</tt>)</name>
          <t>This socket option provides the DTLS Key Management Parameter sent by the
endpoint during the handshake.</t>
          <t>The following structure is used as the <tt>option_value</tt>:</t>
          <sourcecode type="c"><![CDATA[
struct sctp_dtls_kmp {
        sctp_assoc_t sdk_assoc_id;
        uint32_t sdk_nr_bytes;
        uint8_t sdk_bytes[];
};
]]></sourcecode>
          <dl>
            <dt><tt>sdk_assoc_id</tt>:</dt>
            <dd>
              <t>This parameter is ignored for one-to-one style sockets.
For one-to-many style sockets, this parameter indicates upon which
SCTP association the caller is performing the action.
It is an error to use <tt>SCTP_{FUTURE|CURRENT|ALL}_ASSOC</tt>.</t>
            </dd>
            <dt><tt>sdk_nr_bytes</tt>:</dt>
            <dd>
              <t>The number of entries in <tt>sdk_bytes</tt>.</t>
            </dd>
            <dt><tt>sdk_bytes</tt>:</dt>
            <dd>
              <t>The DTLS Key Management Parameter sent by the endpoint as the sequence
of bytes sent over the network. This includes the parameter header and
excludes the optional parameter padding.</t>
            </dd>
          </dl>
          <t>This socket option will fail on any SCTP endpoint in state <tt>SCTP_CLOSED</tt>,
<tt>SCTP_COOKIE_WAIT</tt> and <tt>SCTP_COOKIE_ECHOED</tt>.</t>
        </section>
        <section anchor="get-the-peer-dtls-key-management-parameter-sctpdtlsgetpeerkmparam">
          <name>Get the Peer DTLS Key Management Parameter (<tt>SCTP_DTLS_GET_PEER_KM_PARAM</tt>)</name>
          <t>This socket option provides the DTLS Key Management Parameter received by the
endpoint during the handshake.</t>
          <t>The following structure is used as the <tt>option_value</tt>:</t>
          <sourcecode type="c"><![CDATA[
struct sctp_dtls_kmp {
        sctp_assoc_t sdk_assoc_id;
        uint32_t sdk_nr_bytes;
        uint8_t sdk_bytes[];
};
]]></sourcecode>
          <dl>
            <dt><tt>sdk_assoc_id</tt>:</dt>
            <dd>
              <t>This parameter is ignored for one-to-one style sockets.
For one-to-many style sockets, this parameter indicates upon which
SCTP association the caller is performing the action.
It is an error to use <tt>SCTP_{FUTURE|CURRENT|ALL}_ASSOC</tt>.</t>
            </dd>
            <dt><tt>sdk_nr_bytes</tt>:</dt>
            <dd>
              <t>The number of entries in <tt>sdk_bytes</tt>.</t>
            </dd>
            <dt><tt>sdk_bytes</tt>:</dt>
            <dd>
              <t>The DTLS Key Management Parameter received by the endpoint as the sequence
of bytes received over the network. This includes the parameter header and
excludes the optional parameter padding.</t>
            </dd>
          </dl>
          <t>This socket option will fail on any SCTP endpoint in state <tt>SCTP_CLOSED</tt>,
<tt>SCTP_COOKIE_WAIT</tt> and <tt>SCTP_COOKIE_ECHOED</tt>.</t>
        </section>
        <section anchor="set-send-keys-sctpdtlssetsendkeys">
          <name>Set Send Keys (<tt>SCTP_DTLS_SET_SEND_KEYS</tt>)</name>
          <t>Using this socket option allows to add a particular set of keys used for
sending DTLS chunks.</t>
          <t>The following structure is used as the <tt>option_value</tt>:</t>
          <sourcecode type="c"><![CDATA[
struct sctp_dtls_keys {
        sctp_assoc_t sdk_assoc_id;
        uint8_t sdk_cipher_suite[2];
        uint16_t sdk_restart;
        uint64_t sdk_epoch;
        uint16_t sdk_key_len;
        uint16_t sdk_iv_len;
        uint16_t sdk_sn_key_len;
        uint16_t sdk_unused;
        uint8_t sdk_keys[];
};
]]></sourcecode>
          <dl>
            <dt><tt>sdk_assoc_id</tt>:</dt>
            <dd>
              <t>This parameter is ignored for one-to-one style sockets.
For one-to-many style sockets, this parameter indicates upon which
SCTP association the caller is performing the action.
It is an error to use <tt>SCTP_{FUTURE|CURRENT|ALL}_ASSOC</tt>.</t>
            </dd>
            <dt><tt>sdk_cipher_suite</tt>:</dt>
            <dd>
              <t>The cipher suite for which the keys are used.</t>
            </dd>
            <dt><tt>sdk_restart</tt>:</dt>
            <dd>
              <t>If the value is <tt>0</tt>, the primary keys are added, if a value different
from <tt>0</tt> is used, the restart keys are added.</t>
            </dd>
            <dt><tt>sdk_unused</tt>:</dt>
            <dd>
              <t>This field is ignored.</t>
            </dd>
            <dt><tt>sdk_epoch</tt>:</dt>
            <dd>
              <t>The epoch for which the keys are added.</t>
            </dd>
            <dt><tt>sdk_key_len</tt>:</dt>
            <dd>
              <t>The length of the key specified in <tt>sdk_keys</tt>.</t>
            </dd>
            <dt><tt>sdk_iv_len</tt>:</dt>
            <dd>
              <t>The length of the initialization vector specified in <tt>sdk_keys</tt>.</t>
            </dd>
            <dt><tt>sdk_sn_key_len</tt>:</dt>
            <dd>
              <t>The length of the sequence number key specified in <tt>sdk_keys</tt>.</t>
            </dd>
            <dt><tt>sdk_keys</tt>:</dt>
            <dd>
              <t>The key of length <tt>sdk_key_len</tt> directly followed by the initialization
vector of length <tt>sdk_iv_len</tt> directly followed by the sequence number key
of length <tt>sdk_sn_key_len</tt>.</t>
            </dd>
          </dl>
          <t>This socket option can only be used to set a primary key on SCTP endpoints in
states other than <tt>SCTP_LISTEN</tt>, <tt>SCTP_COOKIE_WAIT</tt>, and
<tt>SCTP_COOKIE_ECHOED</tt>.
A restart key can always be set on SCTP endpoints in the <tt>SCTP_CLOSED</tt> state.
Only if a primary key is set on an SCTP endpoint, a restart key can be set in
states other than <tt>SCTP_CLOSED</tt>, <tt>SCTP_LISTEN</tt>, <tt>SCTP_COOKIE_WAIT</tt>,
and <tt>SCTP_COOKIE_ECHOED</tt>.
If the socket option is successful, all affected DTLS chunks sent will use the
specified keys until the keys are changed again by another call of this
socket option.</t>
        </section>
        <section anchor="add-receive-keys-sctpdtlsaddrecvkeys">
          <name>Add Receive Keys (<tt>SCTP_DTLS_ADD_RECV_KEYS</tt>)</name>
          <t>Using this socket option allows to add a particular set of keys used for
receiving DTLS chunks.</t>
          <t>The following structure is used as the <tt>option_value</tt>:</t>
          <sourcecode type="c"><![CDATA[
struct sctp_dtls_keys {
        sctp_assoc_t sdk_assoc_id;
        uint8_t sdk_cipher_suite[2];
        uint16_t sdk_restart;
        uint64_t sdk_epoch;
        uint16_t sdk_key_len;
        uint16_t sdk_iv_len;
        uint16_t sdk_sn_key_len;
        uint16_t sdk_unused;
        uint8_t sdk_keys[];
};
]]></sourcecode>
          <dl>
            <dt><tt>sdk_assoc_id</tt>:</dt>
            <dd>
              <t>This parameter is ignored for one-to-one style sockets.
For one-to-many style sockets, this parameter indicates upon which
SCTP association the caller is performing the action.
It is an error to use <tt>SCTP_{FUTURE|CURRENT|ALL}_ASSOC</tt>.</t>
            </dd>
            <dt><tt>sdk_cipher_suite</tt>:</dt>
            <dd>
              <t>The cipher suite for which the keys are used.</t>
            </dd>
            <dt><tt>sdk_restart</tt>:</dt>
            <dd>
              <t>If the value is <tt>0</tt>, the primary keys are added, if a value different
from <tt>0</tt> is used, the restart keys are added.</t>
            </dd>
            <dt><tt>sdk_unused</tt>:</dt>
            <dd>
              <t>This field is ignored.</t>
            </dd>
            <dt><tt>sdk_epoch</tt>:</dt>
            <dd>
              <t>The epoch for which the keys are added.</t>
            </dd>
            <dt><tt>sdk_key_len</tt>:</dt>
            <dd>
              <t>The length of the key specified in <tt>sdk_keys</tt>.</t>
            </dd>
            <dt><tt>sdk_iv_len</tt>:</dt>
            <dd>
              <t>The length of the initialization vector specified in <tt>sdk_keys</tt>.</t>
            </dd>
            <dt><tt>sdk_sn_key_len</tt>:</dt>
            <dd>
              <t>The length of the sequence number key specified in <tt>sdk_keys</tt>.</t>
            </dd>
            <dt><tt>sdk_keys</tt>:</dt>
            <dd>
              <t>The key of length <tt>sdk_key_len</tt> directly followed by the initialization
vector of length <tt>sdk_iv_len</tt> directly followed by the sequence number key
of length <tt>sdk_sn_key_len</tt>.</t>
            </dd>
          </dl>
          <t>This socket option can only be used on SCTP endpoints in states other than
<tt>SCTP_LISTEN</tt>, <tt>SCTP_COOKIE_WAIT</tt> and <tt>SCTP_COOKIE_ECHOED</tt>.</t>
        </section>
        <section anchor="delete-receive-keys-sctpdtlsdelrecvkeys">
          <name>Delete Receive Keys (<tt>SCTP_DTLS_DEL_RECV_KEYS</tt>)</name>
          <t>Using this socket option allows to remove a particular set of keys used for
receiving DTLS chunks.</t>
          <t>The following structure is used as the <tt>option_value</tt>:</t>
          <sourcecode type="c"><![CDATA[
struct sctp_dtls_keys_id {
   sctp_assoc_t sdki_assoc_id;
   uint32_t sdki_restart;
   uint64_t sdki_epoch;
}
]]></sourcecode>
          <dl>
            <dt><tt>sdki_assoc_id</tt>:</dt>
            <dd>
              <t>This parameter is ignored for one-to-one style sockets.
For one-to-many style sockets, this parameter indicates upon which
SCTP association the caller is performing the action.
It is an error to use <tt>SCTP_{FUTURE|CURRENT|ALL}_ASSOC</tt>.</t>
            </dd>
            <dt><tt>sdki_restart</tt>:</dt>
            <dd>
              <t>If the value is <tt>0</tt>, the primary keys are removed, if a value different
from <tt>0</tt> is used, the restart keys are removed.</t>
            </dd>
            <dt><tt>sdki_epoch</tt>:</dt>
            <dd>
              <t>The epoch for which the keys are removed.</t>
            </dd>
          </dl>
          <t>This socket option can only be used on SCTP endpoints in states other than
<tt>SCTP_CLOSED</tt>, <tt>SCTP_LISTEN</tt>, <tt>SCTP_COOKIE_WAIT</tt> and
<tt>SCTP_COOKIE_ECHOED</tt>.</t>
        </section>
        <section anchor="get-or-set-protection-enforcement-sctpdtlsenforceprotection">
          <name>Get or Set Protection Enforcement (<tt>SCTP_DTLS_ENFORCE_PROTECTION</tt>)</name>
          <t>Enabling this socket option on an SCTP endpoint enforces that received
SCTP packets are only processed, if they are protected.
All received packets with the first chunk not being an INIT chunk, INIT ACK
chunk, or DTLS chunk will be silently discarded.</t>
          <t>The following structure is used as the <tt>option_value</tt>:</t>
          <sourcecode type="c"><![CDATA[
struct sctp_assoc_value {
   sctp_assoc_t assoc_id;
   uint32_t assoc_value;
};
]]></sourcecode>
          <dl>
            <dt><tt>assoc_id</tt>:</dt>
            <dd>
              <t>This parameter is ignored for one-to-one style sockets.
For one-to-many style sockets, this parameter indicates upon which
SCTP association the caller is performing the action.
It is an error to use <tt>SCTP_{FUTURE|CURRENT|ALL}_ASSOC</tt>.</t>
            </dd>
          </dl>
          <t><tt>assoc_value</tt>:
  The value <tt>0</tt> represents that the option is off, any other value represents
  that the option is on.</t>
          <t>This socket option is off by default on any SCTP endpoint.
Once protection has been enforced by enabling this socket option on an
SCTP endpoint, it cannot be disabled again.
Whether protection has been enforced on an SCTP endpoint can be queried
in any state other than <tt>SCTP_CLOSED</tt>.
Protection can be enforced in any state other than <tt>SCTP_CLOSED</tt>,
<tt>SCTP_COOKIE_WAIT</tt> and <tt>SCTP_COOKIE_ECHOED</tt>.</t>
        </section>
        <section anchor="get-statistic-counters-sctpdtlsgetstats">
          <name>Get Statistic Counters (<tt>SCTP_DTLS_GET_STATS</tt>)</name>
          <t>This socket options allows to get various statistic counters for a
specific SCTP endpoint.</t>
          <t>The following structure is used as the <tt>option_value</tt>:</t>
          <sourcecode type="c"><![CDATA[
struct sctp_dtls_stats {
   sctp_assoc_t sds_assoc_id;
   uint64_t sds_dropped_unprotected;
   uint64_t sds_aead_failures;
   uint64_t sds_recv_protected;
   uint64_t sds_sent_protected;
   /* There will be added more fields before the WGLC. */
   /* There might be additional platform specific counters. */
};
]]></sourcecode>
          <dl>
            <dt><tt>sds_assoc_id</tt>:</dt>
            <dd>
              <t>This parameter is ignored for one-to-one style sockets.
For one-to-many style sockets, this parameter indicates upon which
SCTP association the caller is performing the action.
It is an error to use <tt>SCTP_{FUTURE|CURRENT|ALL}_ASSOC</tt>.</t>
            </dd>
            <dt><tt>sds_dropped_unprotected</tt>:</dt>
            <dd>
              <t>The number of unprotected packets received for this SCTP endpoint after
protection was enforced.</t>
            </dd>
            <dt><tt>sds_aead_failures</tt>:</dt>
            <dd>
              <t>The number of AEAD failures when processing received DTLS chunks.</t>
            </dd>
            <dt><tt>sds_recv_protected</tt>:</dt>
            <dd>
              <t>The number of DTLS chunks successfully processed.</t>
            </dd>
            <dt><tt>sds_sent_protected</tt>:</dt>
            <dd>
              <t>The number of DTLS chunks sent.</t>
            </dd>
          </dl>
        </section>
        <section anchor="get-or-set-the-replay-protection-window-size-sctpdtlsreplaywindow">
          <name>Get or Set the Replay Protection Window Size (<tt>SCTP_DTLS_REPLAY_WINDOW</tt>)</name>
          <t>This socket option can be used to configure the replay protection for SCTP
endpoints.</t>
          <t>The following structure is used as the <tt>option_value</tt>:</t>
          <sourcecode type="c"><![CDATA[
struct sctp_assoc_value {
   sctp_assoc_t assoc_id;
   uint32_t assoc_value;
};
]]></sourcecode>
          <dl>
            <dt><tt>assoc_id</tt>:</dt>
            <dd>
              <t>This parameter is ignored for one-to-one style sockets.
For one-to-many style sockets, this parameter indicates upon which
SCTP association the caller is performing the action.
It is an error to use <tt>SCTP_{CURRENT|ALL}_ASSOC</tt>.</t>
            </dd>
          </dl>
          <t><tt>assoc_value</tt>:
  The maximum number of DTLS chunks in the replay protection window.</t>
        </section>
      </section>
    </section>
    <section anchor="IANA-Consideration">
      <name>IANA Considerations</name>
      <t>This document adds registry entries or registries in the Stream Control
Transmission Protocol (SCTP) Parameters group handled by IANA:</t>
      <ul spacing="normal">
        <li>
          <t>One new registry for the Key Management IDs</t>
        </li>
        <li>
          <t>One new SCTP Chunk Types and its corresponding Chunk Type Flags registry</t>
        </li>
        <li>
          <t>One new SCTP Chunk Parameter Type</t>
        </li>
        <li>
          <t>Two new SCTP Error Cause Codes</t>
        </li>
        <li>
          <t>A new Payload Protocol Identifier</t>
        </li>
      </ul>
      <section anchor="IANA-Protection-Solution-ID">
        <name>DTLS Key Management Method Identifiers</name>
        <t>Note: The RFC Editor is requested to replace RFC-To-Be with a reference to this document.</t>
        <t>IANA is requested to create a new registry called "DTLS Key Management Method".
This registry is part of the Stream Control Transmission Protocol (SCTP)
Parameters grouping.</t>
        <t>The purpose of this registry is to assign DTLS Key Management Method
Identifier for any DTLS Key Management Method used for the extension described
in this document.
Each entry will be assigned an 8-bit unsigned integer value from the suitable range.</t>
        <table anchor="iana-psi">
          <name>DTLS Key Management Method Identifiers</name>
          <thead>
            <tr>
              <th align="right">Identifier</th>
              <th align="left">Key Management Method Name</th>
              <th align="left">Reference</th>
              <th align="left">Contact</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="right">0</td>
              <td align="left">DTLS Chunk with Pre-shared cryptographic parameters</td>
              <td align="left">RFC-To-Be</td>
              <td align="left">Draft Authors</td>
            </tr>
            <tr>
              <td align="right">1-191</td>
              <td align="left">Available for Assignment using Specification Required policy</td>
              <td align="left"> </td>
              <td align="left"> </td>
            </tr>
            <tr>
              <td align="right">192-254</td>
              <td align="left">Available for Assignment using First Come, First Served policy</td>
              <td align="left"> </td>
              <td align="left"> </td>
            </tr>
            <tr>
              <td align="right">255</td>
              <td align="left">Reserved for extension of the identifier space</td>
              <td align="left"> </td>
              <td align="left"> </td>
            </tr>
          </tbody>
        </table>
        <t>New entries in the range 1-191 are registered following the Specification Required policy
as defined by <xref target="RFC8126"/>.  New entries in the range 192-254 are first come, first served with
expert review. The expert reviewers' primary purpose is to ensure that the registration is
relevant and not performed to consume the number space.</t>
      </section>
      <section anchor="sctp-chunk-type">
        <name>SCTP Chunk Type</name>
        <t>In the Stream Control Transmission Protocol (SCTP) Parameters group's
"Chunk Types" registry, IANA is requested to update the reference for the
DTLS chunk as depicted in <xref target="iana-chunk-types"/> with a reference to this
document.</t>
        <table anchor="iana-chunk-types">
          <name>DTLS Chunk Type</name>
          <thead>
            <tr>
              <th align="right">ID Value</th>
              <th align="left">Chunk Type</th>
              <th align="left">Reference</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="right">0x41</td>
              <td align="left">DTLS Chunk (DTLS)</td>
              <td align="left">RFC-To-Be</td>
            </tr>
          </tbody>
        </table>
        <t>IANA is requested to add the corresponding registration table for the chunk
flags of the DTLS chunk with the initial contents shown in <xref target="iana-chunk-flags"/>:</t>
        <table anchor="iana-chunk-flags">
          <name>DTLS Chunk Flags</name>
          <thead>
            <tr>
              <th align="right">Chunk Flag Value</th>
              <th align="left">Chunk Flag Name</th>
              <th align="left">Reference</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="right">0x01</td>
              <td align="left">R bit</td>
              <td align="left">RFC-To-Be</td>
            </tr>
            <tr>
              <td align="right">0x02</td>
              <td align="left">Unassigned</td>
              <td align="left"> </td>
            </tr>
            <tr>
              <td align="right">0x04</td>
              <td align="left">Unassigned</td>
              <td align="left"> </td>
            </tr>
            <tr>
              <td align="right">0x08</td>
              <td align="left">Unassigned</td>
              <td align="left"> </td>
            </tr>
            <tr>
              <td align="right">0x10</td>
              <td align="left">Unassigned</td>
              <td align="left"> </td>
            </tr>
            <tr>
              <td align="right">0x20</td>
              <td align="left">Unassigned</td>
              <td align="left"> </td>
            </tr>
            <tr>
              <td align="right">0x40</td>
              <td align="left">Unassigned</td>
              <td align="left"> </td>
            </tr>
            <tr>
              <td align="right">0x80</td>
              <td align="left">Unassigned</td>
              <td align="left"> </td>
            </tr>
          </tbody>
        </table>
      </section>
      <section anchor="sctp-chunk-parameter-types">
        <name>SCTP Chunk Parameter Types</name>
        <t>In the Stream Control Transmission Protocol (SCTP) Parameters group's
"Chunk Parameter Types" registry, IANA is requested to update the reference for
the DTLS Key Management as depicted in <xref target="iana-chunk-parameter-types"/> with a
reference to this document.</t>
        <table anchor="iana-chunk-parameter-types">
          <name>DTLS Key Management Chunk Parameter</name>
          <thead>
            <tr>
              <th align="right">ID Value</th>
              <th align="left">Chunk Parameter Type</th>
              <th align="left">Reference</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="right">0x8006</td>
              <td align="left">DTLS Key Management</td>
              <td align="left">RFC-To-Be</td>
            </tr>
          </tbody>
        </table>
      </section>
      <section anchor="IANA-Extra-Cause">
        <name>SCTP Error Cause Codes</name>
        <t>In the Stream Control Transmission Protocol (SCTP) Parameters group's
"Error Cause Codes" registry, IANA is requested to add the new
entries depicted below in <xref target="iana-error-cause-codes"/> with a
reference to this document.</t>
        <table anchor="iana-error-cause-codes">
          <name>Error Cause Codes</name>
          <thead>
            <tr>
              <th align="right">ID Value</th>
              <th align="left">Error Cause Codes</th>
              <th align="left">Reference</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="right">100 (TBC)</td>
              <td align="left">Missing DTLS Chunk Support</td>
              <td align="left">RFC-To-Be</td>
            </tr>
            <tr>
              <td align="right">101 (TBC)</td>
              <td align="left">No Common DTLS Key Management Method</td>
              <td align="left">RFC-To-Be</td>
            </tr>
            <tr>
              <td align="right">102 (TBC)</td>
              <td align="left">DTLS Key Management Tie Breaker Collision</td>
              <td align="left">RFC-To-Be</td>
            </tr>
            <tr>
              <td align="right">103 (TBC)</td>
              <td align="left">Incompatible DTLS Key Management Roles</td>
              <td align="left">RFC-To-Be</td>
            </tr>
          </tbody>
        </table>
        <t>The suggested cause code will need to be confirmed by IANA.</t>
      </section>
      <section anchor="sec-iana-ppid">
        <name>SCTP Payload Protocol Identifier</name>
        <t>In the Stream Control Transmission Protocol (SCTP) Parameters group's
"Payload Protocol Identifiers" registry, IANA is requested to update the
reference for the PPID 4242 as depicted in <xref target="iana-payload-protection-id"/> with a
reference to this document.</t>
        <table anchor="iana-payload-protection-id">
          <name>Protection Operator Protocol Identifier Registered</name>
          <thead>
            <tr>
              <th align="right">ID Value</th>
              <th align="left">SCTP Payload Protocol Identifier</th>
              <th align="left">Reference</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="right">4242</td>
              <td align="left">DTLS Key Management Messages</td>
              <td align="left">RFC-To-Be</td>
            </tr>
          </tbody>
        </table>
      </section>
    </section>
    <section anchor="Security-Considerations">
      <name>Security Considerations</name>
      <t>All the security and privacy considerations of the security protocol
used as the Chunk Protection Operator apply.</t>
      <t>DTLS replay protection MUST NOT be turned off.</t>
      <section anchor="privacy-considerations">
        <name>Privacy Considerations</name>
        <t>Use of the SCTP DTLS chunk provides privacy to SCTP by protecting user
data and much of the SCTP control signaling. The SCTP association is
identifiable based on the 5-tuple where the destination IP and
port and VTag are fixed for each direction. Advanced privacy features such
as sequence number encryption might
therefore have limited effect.</t>
      </section>
      <section anchor="aead-limit-considerations">
        <name>AEAD Limit Considerations</name>
        <t><xref section="4.5.3" sectionFormat="of" target="RFC9147"/> defines limits on the number of records
q that can be protected using the same key as well as limits on the
number of received packets v that fail authentication with each key.
To adhere to these limits the DTLS Key Management Method can
periodically poll the DTLS protection operation function to see
when a limit has been reached or is close to being reached.
Instead of periodic polling, a callback can be used.</t>
      </section>
      <section anchor="Downgrade-Attacks">
        <name>Downgrade Attacks</name>
        <t>Downgrade attacks may attempt to force the DTLS Key Management Method
by altering the content of INIT chunk, for instance by removing
all offered DTLS Key Management Methods but the one desired. This is possible
if the attacker is an on-path attacker that can modify packets
because INIT and INIT ACK chunks are plain text.</t>
        <t>Preventing the downgrade attacks is implemented by using the content
of the DTLS Key Management Parameter sent in the INIT chunk plus the
content of the DTLS Key Management Parameter received in the INIT ACK
chunk from the responder for deriving the keys from the handshake
secrets obtained during the DTLS initial handshake. Using the whole
content of the parameters ensures that the role selection and thus the
method selection isn't possible to manipulate.</t>
        <t>If the attacker succeeds in changing the DTLS Key Management Parameter
in either INIT, INIT ACK or both chunks, the peers will not be able to
derive the same keys and the association will fail to complete.  Any
modification will result in association failure, thus preventing
down-grade.</t>
        <t>In case any DTLS Key Management Method does not include the parameter
content in its key-derivation down-grade would be possible if that
DTLS Key Management Method is selected. It is up to endpoint policies
to determine what level of protection it deems necessary against
down-grade attacks.</t>
      </section>
      <section anchor="sec-consideration-storage">
        <name>Persistent Secure Storage of Restart Key Context</name>
        <t>The restart DTLS key context needs to be stored securely and persistently. Securely
as access to this security context may enable an attacker to perform a restart,
resulting in a denial of service on the existing SCTP association. It can also
give the attacker access to the ULP. Thus the storage needs to provide at least
as strong resistance against exfiltration as the main DTLS key context store.</t>
        <t>How to realize persistent storage is highly dependent on the ULP and
how it utilizes restarted SCTP associations.  One way can be to have
an actual secure persistent storage solution accessible to the
endpoint. In other use cases the persistence part might be
accomplished by keeping the current restart DTLS key context with the
ULP State if that is sufficiently secure.</t>
      </section>
    </section>
    <section anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>The authors thank Hannes Tschofenig and Tirumaleswar Reddy for their
participation in the design team and their contributions to this document.
We also like to thank Xin Long for his contributions to this document and
Amanda Baber with IANA for feedback on our IANA registry.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC4820" target="https://www.rfc-editor.org/info/rfc4820" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4820.xml">
          <front>
            <title>Padding Chunk and Parameter for the Stream Control Transmission Protocol (SCTP)</title>
            <author fullname="M. Tuexen" initials="M." surname="Tuexen"/>
            <author fullname="R. Stewart" initials="R." surname="Stewart"/>
            <author fullname="P. Lei" initials="P." surname="Lei"/>
            <date month="March" year="2007"/>
            <abstract>
              <t>This document defines a padding chunk and a padding parameter and describes the required receiver side procedures. The padding chunk is used to pad a Stream Control Transmission Protocol (SCTP) packet to an arbitrary size. The padding parameter is used to pad an SCTP INIT chunk to an arbitrary size. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="4820"/>
          <seriesInfo name="DOI" value="10.17487/RFC4820"/>
        </reference>
        <reference anchor="RFC4895" target="https://www.rfc-editor.org/info/rfc4895" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4895.xml">
          <front>
            <title>Authenticated Chunks for the Stream Control Transmission Protocol (SCTP)</title>
            <author fullname="M. Tuexen" initials="M." surname="Tuexen"/>
            <author fullname="R. Stewart" initials="R." surname="Stewart"/>
            <author fullname="P. Lei" initials="P." surname="Lei"/>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <date month="August" year="2007"/>
            <abstract>
              <t>This document describes a new chunk type, several parameters, and procedures for the Stream Control Transmission Protocol (SCTP). This new chunk type can be used to authenticate SCTP chunks by using shared keys between the sender and receiver. The new parameters are used to establish the shared keys. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="4895"/>
          <seriesInfo name="DOI" value="10.17487/RFC4895"/>
        </reference>
        <reference anchor="RFC5061" target="https://www.rfc-editor.org/info/rfc5061" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5061.xml">
          <front>
            <title>Stream Control Transmission Protocol (SCTP) Dynamic Address Reconfiguration</title>
            <author fullname="R. Stewart" initials="R." surname="Stewart"/>
            <author fullname="Q. Xie" initials="Q." surname="Xie"/>
            <author fullname="M. Tuexen" initials="M." surname="Tuexen"/>
            <author fullname="S. Maruyama" initials="S." surname="Maruyama"/>
            <author fullname="M. Kozuka" initials="M." surname="Kozuka"/>
            <date month="September" year="2007"/>
            <abstract>
              <t>A local host may have multiple points of attachment to the Internet, giving it a degree of fault tolerance from hardware failures. Stream Control Transmission Protocol (SCTP) (RFC 4960) was developed to take full advantage of such a multi-homed host to provide a fast failover and association survivability in the face of such hardware failures. This document describes an extension to SCTP that will allow an SCTP stack to dynamically add an IP address to an SCTP association, dynamically delete an IP address from an SCTP association, and to request to set the primary address the peer will use when sending to an endpoint. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5061"/>
          <seriesInfo name="DOI" value="10.17487/RFC5061"/>
        </reference>
        <reference anchor="RFC8126" target="https://www.rfc-editor.org/info/rfc8126" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8126.xml">
          <front>
            <title>Guidelines for Writing an IANA Considerations Section in RFCs</title>
            <author fullname="M. Cotton" initials="M." surname="Cotton"/>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <author fullname="T. Narten" initials="T." surname="Narten"/>
            <date month="June" year="2017"/>
            <abstract>
              <t>Many protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA).</t>
              <t>To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry.</t>
              <t>This is the third edition of this document; it obsoletes RFC 5226.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="26"/>
          <seriesInfo name="RFC" value="8126"/>
          <seriesInfo name="DOI" value="10.17487/RFC8126"/>
        </reference>
        <reference anchor="RFC9147" target="https://www.rfc-editor.org/info/rfc9147" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9147.xml">
          <front>
            <title>The Datagram Transport Layer Security (DTLS) Protocol Version 1.3</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <author fullname="N. Modadugu" initials="N." surname="Modadugu"/>
            <date month="April" year="2022"/>
            <abstract>
              <t>This document specifies version 1.3 of the Datagram Transport Layer Security (DTLS) protocol. DTLS 1.3 allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
              <t>The DTLS 1.3 protocol is based on the Transport Layer Security (TLS) 1.3 protocol and provides equivalent security guarantees with the exception of order protection / non-replayability. Datagram semantics of the underlying transport are preserved by the DTLS protocol.</t>
              <t>This document obsoletes RFC 6347.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9147"/>
          <seriesInfo name="DOI" value="10.17487/RFC9147"/>
        </reference>
        <reference anchor="RFC9260" target="https://www.rfc-editor.org/info/rfc9260" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9260.xml">
          <front>
            <title>Stream Control Transmission Protocol</title>
            <author fullname="R. Stewart" initials="R." surname="Stewart"/>
            <author fullname="M. Tüxen" initials="M." surname="Tüxen"/>
            <author fullname="K. Nielsen" initials="K." surname="Nielsen"/>
            <date month="June" year="2022"/>
            <abstract>
              <t>This document describes the Stream Control Transmission Protocol (SCTP) and obsoletes RFC 4960. It incorporates the specification of the chunk flags registry from RFC 6096 and the specification of the I bit of DATA chunks from RFC 7053. Therefore, RFCs 6096 and 7053 are also obsoleted by this document. In addition, RFCs 4460 and 8540, which describe errata for SCTP, are obsoleted by this document.</t>
              <t>SCTP was originally designed to transport Public Switched Telephone Network (PSTN) signaling messages over IP networks. It is also suited to be used for other applications, for example, WebRTC.</t>
              <t>SCTP is a reliable transport protocol operating on top of a connectionless packet network, such as IP. It offers the following services to its users:</t>
              <t>The design of SCTP includes appropriate congestion avoidance behavior and resistance to flooding and masquerade attacks.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9260"/>
          <seriesInfo name="DOI" value="10.17487/RFC9260"/>
        </reference>
        <reference anchor="TLS-CIPHER-SUITES" target="https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4">
          <front>
            <title>TLS Cipher Suites</title>
            <author>
              <organization/>
            </author>
            <date year="2023" month="November"/>
          </front>
        </reference>
        <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2119" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8174" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC6083" target="https://www.rfc-editor.org/info/rfc6083" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6083.xml">
          <front>
            <title>Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)</title>
            <author fullname="M. Tuexen" initials="M." surname="Tuexen"/>
            <author fullname="R. Seggelmann" initials="R." surname="Seggelmann"/>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <date month="January" year="2011"/>
            <abstract>
              <t>This document describes the usage of the Datagram Transport Layer Security (DTLS) protocol over the Stream Control Transmission Protocol (SCTP).</t>
              <t>DTLS over SCTP provides communications privacy for applications that use SCTP as their transport protocol and allows client/server applications to communicate in a way that is designed to prevent eavesdropping and detect tampering or message forgery.</t>
              <t>Applications using DTLS over SCTP can use almost all transport features provided by SCTP and its extensions. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6083"/>
          <seriesInfo name="DOI" value="10.17487/RFC6083"/>
        </reference>
        <reference anchor="RFC6458" target="https://www.rfc-editor.org/info/rfc6458" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6458.xml">
          <front>
            <title>Sockets API Extensions for the Stream Control Transmission Protocol (SCTP)</title>
            <author fullname="R. Stewart" initials="R." surname="Stewart"/>
            <author fullname="M. Tuexen" initials="M." surname="Tuexen"/>
            <author fullname="K. Poon" initials="K." surname="Poon"/>
            <author fullname="P. Lei" initials="P." surname="Lei"/>
            <author fullname="V. Yasevich" initials="V." surname="Yasevich"/>
            <date month="December" year="2011"/>
            <abstract>
              <t>This document describes a mapping of the Stream Control Transmission Protocol (SCTP) into a sockets API. The benefits of this mapping include compatibility for TCP applications, access to new SCTP features, and a consolidated error and event notification scheme. This document is not an Internet Standards Track specification; it is published for informational purposes.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6458"/>
          <seriesInfo name="DOI" value="10.17487/RFC6458"/>
        </reference>
        <reference anchor="RFC8446" target="https://www.rfc-editor.org/info/rfc8446" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8446.xml">
          <front>
            <title>The Transport Layer Security (TLS) Protocol Version 1.3</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <date month="August" year="2018"/>
            <abstract>
              <t>This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
              <t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8446"/>
          <seriesInfo name="DOI" value="10.17487/RFC8446"/>
        </reference>
        <reference anchor="I-D.ietf-tsvwg-rfc4895-bis" target="https://datatracker.ietf.org/doc/html/draft-ietf-tsvwg-rfc4895-bis-05" xml:base="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-tsvwg-rfc4895-bis.xml">
          <front>
            <title>Authenticated Chunks for the Stream Control Transmission Protocol (SCTP)</title>
            <author fullname="Michael Tüxen" initials="M." surname="Tüxen">
              <organization>Münster Univ. of Applied Sciences</organization>
            </author>
            <author fullname="Randall R. Stewart" initials="R. R." surname="Stewart"/>
            <author fullname="Peter Lei" initials="P." surname="Lei">
              <organization>Netflix, Inc.</organization>
            </author>
            <author fullname="Hannes Tschofenig" initials="H." surname="Tschofenig"/>
            <date day="21" month="April" year="2025"/>
            <abstract>
              <t>This document describes a new chunk type, several parameters, and procedures for the Stream Control Transmission Protocol (SCTP). This new chunk type can be used to authenticate SCTP chunks by using shared keys between the sender and receiver. The new parameters are used to establish the shared keys. This document obsoletes RFC 4895.</t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-tsvwg-rfc4895-bis-05"/>
        </reference>
        <reference anchor="I-D.ietf-tsvwg-dtls-chunk-key-management" target="https://datatracker.ietf.org/doc/html/draft-ietf-tsvwg-dtls-chunk-key-management-01" xml:base="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-tsvwg-dtls-chunk-key-management.xml">
          <front>
            <title>Using Datagram Transport Layer Security (DTLS) for Key Management for the Stream Control Transmission Protocol (SCTP) DTLS Chunk</title>
            <author fullname="Michael Tüxen" initials="M." surname="Tüxen">
              <organization>Münster University of Applied Sciences</organization>
            </author>
            <author fullname="Hannes Tschofenig" initials="H." surname="Tschofenig">
              <organization>University of Applied Sciences Bonn-Rhein-Sieg</organization>
            </author>
            <author fullname="Tirumaleswar Reddy.K" initials="T." surname="Reddy.K">
              <organization>Nokia</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>This document defines how Datagram Transport Layer Security (DTLS) 1.3 is used to establish keys for securing SCTP using the DTLS Chunk mechanism. It specifies how a DTLS handshake is used to establish the initial security context for an SCTP association and describes procedures for key updates and post-handshake authentication. The goal is to enable authenticated, and confidential communication over SCTP using the DTLS Chunk, leveraging standardized DTLS features for key management and rekeying.</t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-tsvwg-dtls-chunk-key-management-01"/>
        </reference>
        <reference anchor="I-D.porfiri-tsvwg-sctp-dtls-handshake" target="https://datatracker.ietf.org/doc/html/draft-porfiri-tsvwg-sctp-dtls-handshake-00" xml:base="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.porfiri-tsvwg-sctp-dtls-handshake.xml">
          <front>
            <title>Transport Layer Security (TLS) based key-management of the Stream Control Transmission Protocol (SCTP) DTLS Chunk</title>
            <author fullname="Magnus Westerlund" initials="M." surname="Westerlund">
              <organization>Ericsson</organization>
            </author>
            <author fullname="John Preuß Mattsson" initials="J. P." surname="Mattsson">
              <organization>Ericsson</organization>
            </author>
            <author fullname="Claudio Porfiri" initials="C." surname="Porfiri">
              <organization>Ericsson</organization>
            </author>
            <date day="18" month="June" year="2026"/>
            <abstract>
              <t>This document defines how Transport Layer Security (TLS) 1.3 is used as a key-management method for the SCTP DTLS Chunk mechanism. It specifies how a TLS handshake establishes the initial security context for an SCTP association and how subsequent TLS handshakes provide key updates and re-authentication. The goal is to enable authenticated and confidential communication over SCTP using the DTLS Chunk, leveraging standardized TLS 1.3 features for key management and rekeying.</t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-porfiri-tsvwg-sctp-dtls-handshake-00"/>
        </reference>
        <reference anchor="ETSI-TS-38.413" target="https://www.etsi.org/deliver/etsi_ts/138400_138499/138413/18.05.00_60/ts_138413v180500p.pdf">
          <front>
            <title>NG Application Protocol (NGAP) version 18.5.0 Release 18</title>
            <author>
              <organization/>
            </author>
            <date year="2025" month="March"/>
          </front>
        </reference>
      </references>
    </references>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA+1961obSZbg/3iKXNePgi5JBRi7XfRlRgXY1pRtGMBV019/
vZBIKcixlKnOTIFpm3mV3QeZXzsvtucWESfyIsDl6unuMTXTBikzLidOnPul
3++bST7O4nmyE02KeFr106Sa9qvy6vqiX46rRX9Szcr++HKZvetvbJsqrWbw
6HFVJPE82s2zqshn0UkRZ+U8Lcs0z6LDIq/yMXy6drx7crge7Z28Oo52cQAT
n58XyRW8Dl/oz/PzMp8lVVLuRE83nj0247jaicpqYtJFsRNVxbKstjY2vtvY
MtcXO9HJ8Y8/vTAxrGCHZ17kRWXK5bmsoLpZwBJH+yfPo+irKJ6V+U70KM0m
ySKB/8mqR73o0Wj4PfyTF/Db0cnzR8ZcJdky2TFRdFHky4UaOBrCRNFPefEu
zS6iF/httEbwWYen53E6gxXin/+MkBvkxQUOklaXy/Od6GKWp9ly9i2D9jop
q6SYLbOJBjDCgQFsTLysLvNix/RhjCjNAB7R60H0k3sPP+bDeh1fZMuy9hVM
vhPtF+m4LPMMP0h4fXN6eODn/+dEHhqM87ma7V8GcHzJ8r/+D4xfVXYUnvFf
8sus7duuSf8dnh/M5cGuCXdhwryYpkXqJ9qdxctJmusvuuYY86ODBT/aNQvA
8OS//vN9onbzOh1fxslMfU5zvP6v/8wQSNHbLL1KijKtbqJ8Gg0Xi1maTKLj
cZpk46TE5y0yB68M7NOD4NkS7ktS4b1JLpLiOp5N4JO4LJPo8Xf4/TifwJq2
nz15+oT+hGnp4TSbLgG36Ykl3DX49EVSzOPsRgGhWiawhX+eXvbny4SWMpgk
xsC7OTxawT4Qr4+e7+Ldsr9uP3kmvz7b3n6Kv476ewN1+YvpePvZd0/652nZ
8q2iCu+Smz6sKL5I5nC57LNyIg1Kchlnk/Iyfkdr2j85HvVPjvuPnw22N2lp
UVTFxQWC6tFlVS3KnW+/vb6+HiRVmeLV+naSzPBcvsUPTqvy283Hz7Y3Nk7x
n+++o782H3+7+Wyw8WQAHz/d+LYqT/nTq81nG082NhaDxWT6iGdiWvbozQs+
X6A6If1682II9IvQAD6HUWHQ6CiZJTEc3OYzHmUSV3Qdi2hrY+uJMVkN6NvP
tjbcr989kV+fbDzdtPDf3Hoqv363uf1r++vWU3gNfkfqsDs6fLl/1D9+OzrZ
P14BphSOgcAEqJVeZHge5bcI9UVcANYDZtT/HLy/rOazr8IP+9shgIhQp4tL
wPHjZQpkWu/8TX6FO39szHKBn5Rqh8b0+324KIjs48qYk8u0jIDfLHFl0SQp
x0V6npRRHMHEl/kkAoyN4skEKe1eXMUXsCJFiV/FN0lhjpPxssB7uYaUcz06
h9OYREg5YVB7iIBl0bi4WVQ5jLG4TMfRAo41GdOXVR7Bw+YBTGwgayfGlbyv
4JrhU/BJmlXIVSY4aJLF57MErup8vszsShZFehWPb3BrJvZoVsIS4ipaAibR
oDF+kKQFcDu73YVdA24mns3ya4CUGsHAlH6uBJYCgLyOb3hkhHSCWMBrWwCt
QqAn8VVSTop8sUAg48iTBOFiqni+APIJH8IZzJOyhAuNiwZ6dTMwB0DJZH+T
HkwAoyNj5fXACTJIeSuL+GaWxxPc0nUym8nW6DszFmA74gS02pihhsuyxEVU
LeAexxkBbJ6XFdJZHNWDa5rE1bIAegtwu0rxSM5vBLawy7Qqo7xCFHbjlQM4
1IRGlMHo6WGISX76STJNEZoAZ8DvCG8zYwAcwgIeBtiYa2D8NFTra1WA/+fL
KrrOl7NJlOV02rjqCGk7XgGcPJ5FZVJcpeNkwPiXzgXceMI4zd4NsDPA7uFk
AlsvgToBhKfpxbKQe1BG5SIZp9PUL5xuJsIyz2Y30TlBgE7LXsjmWgf1u+sk
NhoRGQtBWUiAm2bAFGCeTiYAHPNVNMLjnyzH7pK6i3ZwhTtNrqMPX6Xqodv6
zATYiaDU/W9wDzZoAlB8+CBk9va2h6hC58Sol7BwSvwtYkSlxeI3cE7jZEKI
htQqSy7yKgVgy20iToh/IMIt8RINjBqsXC4IWYVyAHGqaDX6/uAhEy+lI+zx
tZOFmRKpn6D9FLAZMFcu3fgdMMVoDdBxtiQKeg74HtkLh2vbG54MeR0lU7Rg
n0IgkRqXyZ+XKLu40fklhBJ8jGTVLmcxixFX4FB4E/I17GlMDIO+sTdapisA
R4uJgqtBWBFcS3wShDU8cf8BQoupPJwrDbE5eNyr47bhAwUWensLu/shuYm8
WIJDAHnDOXGYJYgPk/Dah1BnmlHik/hUOc4XiaHH9a0IFoqPFwmcScEUV8ge
rRcX89ov5jVxu4H56TIFfgFPIVGjz0oickRa4WK2bDqlrSDBiGG2Py/TInEX
NDhOOBagS+dpxvtxhKl7PTi1JZ7RfFktgfyEbLUXEXVBJSqNZ8CDezwcrxOu
fgzMIwX0N/X3GNnpDYRskQDi3GiejHdJI/LA76d9scsqnaV/QeEhi4aHI+Zx
sHa6/I7fgCCUj1NaxNdlC7Y70LwjdAHpBzameDliZ5Hgl3L37UuAD0xiYaWA
eTVNrj9DUQVQ9/YWjytGNhIjgkXpbLZEcahqUhqjMT4DGF3EBWGSY2L4/NsF
zMyikKJxb1+BpEr3zFhcsQgIF7JSchDcPYf4K5HzZVIkd2GMYEsZXQE6TOxZ
D5KB3PkxUAC4nyielD1jZX/4psesAp9Z5MD7kakl1Rhg+R/+J4rj8urCfNMP
f76J6p+0/HxjPkb0A5DhXz5G8knUsRl6yLiHIv/ayvm+6Xwt/Mydi31g5Wvt
U36z8rVv+r//xm5v/z3yGcARHuwbfLXjtY+rZvu46rWunzte+5TZvmFA148O
BnvAbN/cd7aPtc/uvTcURWBdJzeL5CGvfdIi4bjdF0fMU4NRu5HrI1EOoWQH
RMmA/N752sMXecfFwdfsI+7fu283ILOxs/zvqOun8c1H91I36ja+8S99E+w6
3EhjFOAYpbx5eDjaW3VZOqaDnx/v+dKPDRJ5j59vPIms/3TdT96aOmliTGrX
9oesuvbT3/LLTQRxr7UjowXIJywyUnj1MKBo9mM+7ERfdTF2No787pG3YjNP
Rg6MelaTeQMjehTFRXWdF+/6wC4vst89GgOtSIpHoOQMp0isQTRO0ivWJbQ4
xOIoyV3TGys5KNnGi9iG5fV8PodPL5N4khS9ukbjZVZWkvFr3kLLSbAg1vm1
larLpkzXA5WKlQX43ZARI5AKB9FIBOpQ1C+XY/xrupzxykGniBflckaqklJH
0AUQoX0UtXq3IRAhnsOyQHC/yAkmRTwFCQTkToKwk/fLCiAbXYKQNAYlEofG
r5aZrF+mMgJ/VKNiVg+VRvUtTKSUqp6I8lplugaBD0R5c3+AkyjsoSiaP+ib
y1lVspHHiRKiSgUQ8k/QEkQzEAMb6jKsQYZmW9AyB6B4tSgcLOIxWqco9nep
BigkJwBV0FXLSx4TzxyNSvkkHYMY3W8x0pFwjWAlKXwvhbNK+i+T2WyOBopp
i4hs4UUGLmdaKRO0X1aJU85AFS6TBETzcKN9OD7U/UR4v71dH0TRibePTfLr
DERlNMRUiCGAZdMpzqjF9ZoQ4mwAonm0PGNExiwvyeDjlE2rwY6VXSG6BiDB
3gqmBMhK5BDvcQtbVRQ80Xg2M4KTANaQvAzMm1yb5OgWktacRUrDT96Pk0VF
+InbnOZok4Ql7hjzqwjXZzGEhnaW/kHt2zYQyi21jzaJmNN/vO+QiZl8DXvy
N9fpkDza6M3ohN6nX4a7P9jLCeDWtLZA9GXDKx8FgP1YDDYNVHQLKpOZBfjU
3rxWBYPolcUV1Jd5drcpBzCh5jE8fB05s7zYkWpDE1lV3gsBZBSz8pbBbZ1V
KWDb+2RivCHmUGy0ToMcMXNJAZRrKLGsDxrWerxrrFJOkgnpdBMWbra3trcI
K9CUCuQNUG3FHSi7DL4BdNEMMoMrWaAZmgy+TUuvVT+RpprA0qtsvNHL/BrH
6YU4G83SeVrJChCAN4TFh3yP2rACCRSag95lPAAOZ78LrAdinxFTH3IkRkNl
aJ7l+bvlAl0dZLVNs/sYc0E09FblumGXjF9ocmWLQ20B5quv0HHF271MFyiY
BIZbZxfutPPSBPg8mkuvL9PxpSO/ld8cnqDJrxIx5rDBUHgTAg0eK9hQlGba
GljSKoDmTKwcE34pvgD/ukca/KI/fHvy0kPHrNFq0UIPBJ5Q0xmgAgqp7H+W
ZgA3uIwrdNUUeQybLJdA/9GkNy3yOawQUXKmsWcHbXJjZ8e3Fl6SHmi94kyB
XZwDZKLNp4+fbQNk0CQSvirGU0v9SMwwVrRg1IY9LnLk0ejZIctKJs8DjYgt
YMezJC6IZtN2EjNPxkBd0nLe7Y0g8W0cHjSenzVTB6YlkTsUKCcpfFbN4PKz
Y4JvMd7gmZYhavZD3pU7Gjwoslr7c8YHWuDhbqON6hjfIJNzuNBwWFjPhL4n
sDu8wEXq2bu6o3IbTZdrxd9F4tdNGTslb9XAHAuLB7J402u7/kLPcGK9vNdv
j0+iNwcn1kXDMjTRXyEUdoCic2n1MUDAncEb2iWBbGcmord4+HDpdA58qkxH
T0i2dQBDByQzNJRr4wI9SePY+jPpECyd0JsqEnJgscU3MBPDCobHuwdvnjtp
uuZcszbsVNF3JG1odEHZjZZEchKS42siHI8QABjwYwGBvx/t/+vb0dH+Hv5+
/HL46pX7xcgTxy8P3r7a87/5N3cPXr/ef7PHLyNgg4/Mo9fDPzziy/ro4PBk
dPBm+OpR87IRdyYTPyJ/AcJnRS44E7jgvt89/H//d3Mb4Pe/AIBbm5vfAQD5
j2ebv96GPxDzeDby5fGfANIbpF9IA1IS/ICbLoBczUp2mlyCjAtyE8o3v/0n
OPok6j/9p98b4hInCXK/fJZf3BjTKW8Cr9whnoank2e4JTyc1Fve6/4U8lg6
KVURd+BqioysWf+SqAehxrCOeOM0O61mxRQARYQnLwBHYVHESYBas/3ZDuhV
UhyL0IuiDdx9QPHECS9kzntf0XbpQ8SsMX8YsacNkDng/muWNoqEBV/2nEMN
1pgt5+eJVvD4CSaEJCCnf+HlXsH3QBDXRj+uMw8T9giDsOYktoKeVb1BLAH1
hR5VX+Kzs7is+P43V6JGhq0fFukcL3MrCJxLRoOBhiVXKKoPMxvO4G0TXgNH
k9gkLfGuL0FJtExVS1L14WFJR/qr+pKGShhtLG0Oqguq7bJAktZBnIkWywK5
KBBchX1aFG/TBLoFe1mIi9fIC/9ij2hVkbFXiaiAVflEbw5uBoYUfpJ67RVp
pKtRjR0Non2UZcQIgHTVivtkj2jVWjCQyykFHfv3DzAMsuhZ/xyklGUmkSfE
21F7K+UDmG00fDOU6JcsBWwEwuWWAzfZrHJLKW+41rprqhQM4ZWpqzTu1NwP
vXJl+Cu+xbSbH2pCPRHSIKZIq8xZkkwEz/zdhoU4LRxpMZBKz1MHSHG9BrYb
GCaIGLNxMfg8+vAVWSOT7ALVsVvDoTl3+OnQzOWQJ2EdSS4JyqCGjA2kUPHt
Z/rSotsoYhESIaLAVgoRNbHbXIFnwn5b8aH7xZUGX/VSRf1Sl95VzPJLyDGM
J/Ag+w6bNIEPiLepLCQkH5wnRoyBJLqg/7d9gAaNs8BiccGcJ9aqaC/O3Yyj
XMINjcuohX8YF5CxgnuMfowSvOSdR9Qzn8AnFJcwlkswMWluq3QggQFIWMOb
VyRJ/yqeLQFJlyASmLoZ2+EhWeaIObi4k6EHcU+zCQM7QMqYFz1nh6H1JIt8
fKmDIRgHYUsU1wJjU4CeFpa1ZScITVEhCHAHM4H3aM+p6/iNON7ILdCUttPM
VOFKxCk/XVobydgPDVvDMD7W3uV9rwvvBlanBvTj7AZj/9BugmKlo+8kuJsZ
0As4D/gAdM3GMnWoiguPYMe+QITfNzpsL3qeZqjSgEJLNP/YYswbwpiShFw1
/E10ATTGzOP36Xw5d3oyYyHMkRQWY9Ggn9DrWU6KclTGiKNAn3LgIxhnRxEa
5VIiFB5v0QrIqUJkz3J7H47E+xDMmKZF2RQ1AgpJkajZTfOmI/BQr2dUix7L
bSiX53xlWsYlHwC+wpTtfYWEEs3wGCYs49ANAZg6+5Q7ENS3A5EhUoFOhB5q
Ox6BmRjw4G4B9Vu9IQBpEgY3fe1Yic9RvGc8pph0+zTuabwE2TsTU50NxEPL
rASn5d4cCZ9Vl6Qj0yeX+ZwQxcEZxPBRhsZPkICWs7iwQac+3tQOqlwzL/eH
Ryff7w9PrChP1g/ZlinTv2BcE4AK8B7NOhh2kqHNYobB1HZP83mOpgLx5aBP
BY0Lk5TMQBjQDzDbzyYL0EGq0qs5oRbBd8zieGDLUutdoiHObP0Wnvv95vZv
v8V/ozUyEK2zhYig5yzwZMj7Cvn7BGnfTb/K+yPnSghCtA2Cj7yEgJcSyoeR
ZcpUDHd8ijwOsB7GA6xhLCPCTKGy12mZgCQ0bNjca7od7dW7NHBWePZ0uH98
urn17PTF7utT0K63njw1HBQIcIElsmmH1ev2l+EN+zKazJC741e7L4fwf1sb
p4cHr/6w+XjjiYwe6dFB1fUmQkcNC9Sw2QAGguiHD43gegodBMhdJBnZ+ZAE
2EsYLN7GWIMc8Y5JHIllBz9Y7oCGUPVGVFE8WeuUZHl5v2DfBZsFliU+DkhP
0VKGYivthUvJDYg0Ev1HNhoeTnOB0VaEnyg80qHVhUrnXIm7opzXnPlmXRsL
lUH15wQ9EzcqEqAZSY82Yq+I5UkoOikfSVcUY9nlluHjC+nG3Qaz+kbFWAXM
FFixCYxag2iEOTbxpM2t7nThmqdborclrlnE41ZfhPOl1WyEdZ5tnQo/3xQY
Bd60+xkDAZHyCNacXiClXOQVW3QDhWiWxO8ohwBVfHGjEwm+iguh8T0TUhLY
5vAP8OwkjGkG3AdNEUemAWD6wKezkIwREeGFR0y0RUrpCEl2lczgqkROhDB6
EMDJZDaVEAl2J8Juv8f9Ow8TwcsFylrTOismdhznghxN3Wf1WG1J0ZB44UuK
/h+T8m/zL2i7EvRrlKWRQCICBQ15KFOwkCiXdWsDBYRciBlSXCtjo3of5Grg
RIPQ2Qmrc3hN1kUJN6b4AHZ8Zuh5RfryGy8rsUaRFIaEjjKekn5/keUiqx0O
93iVyjOXTt1Xbkq8eM6DJSC3Bw1I4q6BGVXWq46kI+dIjriS+FlEcdzP9WVC
cSKyazmQIhjYyA1mtFJJGMyKWSCtLB2Wmy7hHNZHcQFCJOWqsLtiYPb5Al45
34KdHHVyf3PgmK7zAkCqBylTwAa+KSJEm4Y8SmDGYwX6Gs0RyueAo9fphCgl
sHykstM4hYO6xB1QnkdFVl52nLYtujUxJjiehQ11p5WlCG60tpURRmBT5HTl
10vakdX0iarAkpbk8/Ce2sjq1XWaACISGXXZvaSkTgtJuejNjajLSeIkfQwq
bi/EJ5Rck3hWSjASkypgyDETTmejVHtBy82b5JoxueftSEQf9osCVreLzhBl
x+kyPUUfvnKkhg7WZ+Ldms4oeP+6ZTuAQY5xtvBI7fKxSmRHZL1lYiF/k5B8
SdsIScRCr2aSLNJxZblpLfzG7+22Ndg72miJ9dts+Wyr5bPH+PomfPU42o6e
RE+jX0fPou8e8pmhUOmf8x/HK/rjoVDg30Ub759tbDzVYZL+kVesnKvQxc+y
hvafkzSJvi+AN0tseOvPZ1nDUYLJa4AHH48+Hn/c/Sh4/Ho0ib7aRDiov7dq
fz/+PGvY6d7ivX52PstZqH296Qg+tvz7FzqLelRr16UMolq7KM6KKFYY+6oE
AgpDbMDf4S3YiTafRufIjtbq/oF1ci6lJZtBnCRXAh0GssZ3ZwCS6pvcql5C
qt268ZaJgFKKpZDlEBzAix/o7wloNbKENFsmQQzqVOTKYPRmVE3Ea0azBNoN
FmI6WgtSKT98OBbz3uPB1mATCafLO0QlX3w1itkuKcOHAJW3rQS9dDXacX/Q
XuYzSZ4Uk2BjChT3OTiFvfdpKYATm5FE+dTRQ+nY0dqb9WgxW5bRdyhKeIKz
Ez3eumuZCE1r0CvghID3ysRWM2Ze54QYNiLPUomGg4US2SmiAl19lo91JDkZ
S6R2gA+sWhmZnpmc0WN1FLVyoAjFiFr2EcY+G/gL67OoidPjaHB6+I/Ms3a0
Ls4EL/7CtxiL2PLw8brabP2F3ZYXdtcZVK0v3OHjAy7ZDSPvFOgcIFr78AG9
f33vE+of57Ml/TLagwsB0OF8uQ4/IiOxWP85SHJVDlsUdclPEotIQv0MNSIS
V/DaiuuELNIcVpqI5a+Hq8PktsrZkP2rtUvEd4wCF52oTO4/K3uhqwXGkwHw
m9Teyzh4KUSs+nW1e/RTszWOXUwohfN4OMHqwyGyQlxoJ9roRc96QFOoRM7W
9h03o66AP/hO6Btxt8Ar6p9s0QG/I8rXuGnF9qHfQ62VqwKI8YgU/UWCRMyC
sKKyDBhTghh7lSiEoNNrZoYbEnwDZ33ffYlRO6iyhfSLg4jRT5HPEg6GHF/m
ADgzt5TK+YNJ4pbiF+INptXfNnOAvWqAdD/0KYirwJnUnBJirFGA4plV/LdO
SLHxd0r3VdHa/7CivZPmt3HhHz1TwL+O6hlQoWD/uUT7wyLpe3nxvpllK9bw
4BEeOucDR7DB6f+da4gka/aOs7hjDvn3ENhAv0XE/yVE+3rCWpZc8y9kAe2X
VbEcV83stfsL9SzKr5IEVkny25vIsbpsdpWLHO4W6FHAq/KFFth9sRimTj2M
MhtTAh7K0xmSuoss/QuWpbAGEIyiAzJs88d0mHWRkN2k411iG9H+0dHBEYwx
lvgC62r6+q1+g8kAQuzrKCGrEIXIOounU1ImORUK0wHkyrzCUv+91A1iPUrj
aOgbVtvA0KQufUPPagonIf+aHoIDPgpEYRSxxZqH8c4SKNwlJYu+8yCZ4Ehk
2GjtPAf+GGfrhldBYrKLBfEJhedcJoOmxb8byY/C6SIbprIi/NBoWv7zFS1L
3KyaxYrSNv+jHoC1aULPg1CApvvQ3kIRwwSkBE70odDWUO77S1JIHIUVVRze
sbAYqsc8IS2OZEJazg67bdCyK7EgslsaQXzaWOWCrLRW2tz1RWDqCStODgnL
tmhS2S6HwsSj6SrA2vIoLtQAHnAJFx73YK8OVB7pGR+AMDigkf9pjpGE/inW
T4mEEA5IoMGhFoRF3JyhVbpgU/xj60ngXA4KJYlWo755jtZnf6W37YUmgCkf
pIhzkg6HzoXagXGlnbp5NjylPo8iXKLLRBtRQUNkIx9cunq+iP+8TMhPBwd8
ejkp/mjn/9Nv6k+5sJxTnu+PvEJ58LaGOr9p8LhViw5YW/jgCh5nBWeFsILT
pfABty/x23qFvr4bNJxgAJN+JzgPMaFj/S8bk2acAhC6b60Er0POxHumXDR4
3RCzsEKRJhrs3yyb8VFyZeorx3i1QtLEbEk3posNP7u1Dtm6dNreZiSaGflk
mvUpr0gH3gsVylzlJL6UruaUcdE7tjReV+Gu6GIJaiEcoq2JJukAHCSIU9m9
n+dLDHK58b6tScuBK8h3Hj9SCDOdxRelI6eAVKJm67QszVEJcPsYjAUihkTM
NaI6145/t7new6C3IFxv7dXvNtZZMoGvglBEs7YL34lnLUgRf9wngq8XvrbJ
TGCavk8coUC2Y7aELtUWtG4tpBLZhrF+PEQNz+DI4/Flmly1hOJ1oJrD34mp
Mwq4Opyi0kWg5nMqudhBnhqKYlPINh834L9N+f/9aL9FEGfhnrm9VRhqsXCd
b9XVjH0XhkiffFur1/Jty1vNkSVQw8OCiOUxET00OkTR2lvE6l2Nxuv3oZ0C
T005d3X1NgwHttOsoKFooUCfaOj+PGmkPLhU4mm+LCjHWYnGpY1xS1m0VyYP
G53w4asky50Md9sI9rXPHdl4BTW8jY+l7PYat7WO0mbJB2deEsE4tzKnc0ao
UbTSYjrjlHpE/uE+r7Z1XcelNliZcCX/sGYW+CH8AWSeoL1lc2MjWjv5fnc9
UKv5ETGy/A4W8guq1YRD/TljpS5/7NQ1vjyM/N3Ye3892wPgkx1nDmzoC1DA
+uQBt21erb5SLfZYzO34/uDIoemour8Jlq7/G2R0ZFBckdVChIDtjosyFUJw
rzdbKMKybMrfxlnbfxZFQOVexzPxnhVF6PBN5JJ53uEBwDWZzjXZUPcwXENv
vKELMI7Tl/0s7zNk+2yA/scO16gRm82/CWLTfhAhoeFV3Qfn/8qEZ/PvlPC0
AVCHzOyC8sc1Rj98VaXJOX88zmcrYrXa3++iQSBMh7SEgm9LysYhnxATAxAQ
ABVA7+OBf+Z1h5H6MhKgmyzxf9Sd3/obuvOtp9F28e+NbX/l27/1d3r7R7rc
RBtwj8g9iyXK+UFy18rVv+fL9773JEPQK+wKJs1YJ178zDtvh+rzJv4nXfbH
f0OXPTyGtlt+P8T6K1/xx3+PVxyT0W2VPQq7lj9uyXixryM2OPrh0NWUU6nI
qHh0BHcYM5SyYYmkCIIKz8mBKmWjVueM09ATWyAAL/J1Hs3hfDAd6Jjq7fA7
+NmOuHuas5Qdc0gte/SKYOiJLEZmFR8YxnKE+b+u/qR5leeW16xeQMf8aOlI
y5a57cxhDlIw99CqUZO7w+D9LXEOVp9jBSBFZYlzOjjuq4SHSzSPApQ3B9FQ
x0qtUM9GKtKxI/4LTXNAk8eXlHY+y6n2k4q2gxlgb1vtczIdWJOQRsrmxxC/
dadits9HLuGES1/KnDQUJ2txbRlyATZymnvuw/shreHk1gTr82SNqCD8TKnG
NQW1rdCIP0Qs2QlcqjMf4taWJfThbngCpc536MAUdWpGpulOTVi/OxgQM4+m
TcBJSQku4V/Wrq7F5bIGN63Fh9AT9/Qd9N8BsGfErUgZ3Tf29ab9ws5CYXL+
Y/JYXHs10rRNUq7celK27txXomjuPsAawPcwgM+ZT5yXGQn7SjAYLACMKWtx
FlYQg1tmawrLou9CZdPgNsCTVGhgRIUCFwXdLcW7zKNVNkBBwMCOfbveM4/u
p8n71731C1+nfob3FBZkjFCQxft159nOQnZA6YkIFRdKb0MKjS/CI6c2jkuh
R656Q1xJpQKZ6uuyw2aHdTdL8TpS8DJMi25VdGuTipy4pPz4okjwsOVpazjB
udCgLuI0nt55AuzBR266MjDJeyzPwLa32uDnlL0ckXBlqdr+8cnw+1ej45f7
e1zFA6tQU4BwS+w5LR5oSbBtFtVtXt7AhvqYCft2owSlJt815Jgu1C6LWsIN
UGhwy/zaqCZvPNoUmFDpew151oinUrbwQL82YTyqhgptooVHuWDYhLmSEGWm
0CyNEVOKRpIZjpOHVzKI7lbT4XAVIJO4evEjX/1FenvZMexzSHKxgV9iWSHw
3O/D83RKF50z3QMpNpGWknPgkvOproZ9U20P11qmGHASZ0m+LPG+ZC17JKi5
ChrniTpyHM2HkbnDg+twoqw8JHh5Lm1jd6mAhY2Op0qGiMSRDbUqKMv2TlCN
fWYArZ2WjVChZpMOYJfxVbsNiue3MTa2KjLe0WmcYia5rIC6Z9ZKqlDi9rlL
rKF9KtLbILtMnhS9hXda05Y6zCFC/kITHpK/CN21jpDARa+lXcdVlcwXqliM
L9Vcl6sGqjjXu7AdFct4BMnzBGiRKj0TMigsWKEDxS0tc7kwjBLAgPICJDwM
OqSgdJWlYzpkV90nL7iAMVfDi0uFPhg5JDSIcn4FlzgLwuf+cOsqlVZy46mB
JnU23AVA9JOtntpIbUbMaYeODRxRxTzI22qDaFa4fiyyuSgeutPqMBv1uiRe
K4NnZrYP27wRkP/SVk748JXyDtp6Cs3YfK21ni/hKVczq6a2RkH9WCfgSYFP
W0+KzsEVAnWRqt5T9I9s3Wn9ETnqJce5dP38wtm2ghxftcH0r7aGaED/rfz5
K8Eh+6XX0B0OLxFI1m2PUlrZ37T2tre1xh+gTOCtuSNkcJJyj1oVr3TXhLe3
vvGt4QA7Ca2REk31FiSuBUwjzNuFwX25278YPq3AaUX8u3/+G3B6y+L0YRtG
r7ITfxpKb2mUZj4coHTUjs/nCUnNVBQKNGPQhWoV3ZiVVa09jYTV1So/OWlr
UY9Z1eX4uDw0VynRxTJVqQvjRA9X0tTJMqqEWo8ixYOaPlb45ggz28gjWCUJ
PDVrg9YJSiruW4uJtZGtEhBsYH1nOOooy5LiEHP0KF1hzP3nzgg+bQ9gUseZ
5EZgFcUztZ1TrLh/Fgbkn1jp7CwMCzyzBlfSkheJqhaysmAhFxEJSqm5+ipd
taftpsmq6w9kYA4qqVLH4Goftat8tB11IBUQMXgWT6ttoz7yn1WslrJjthqm
k2RDfOWSOdSrIBB6m9mabQYq27So/goP7voCYOMN/MhJ/1VoaGFJMYsDnPX2
NezvA6hFR/H65C0s8+2CatuOk3RRNdsGIXWQKPDaPuoCrVECrd1flRYusso5
g0BNpDhjyd8iWElvtNrdQ6ODU6pIwJ/7Wse2S0GiegbJVK7CGTeMlUSg4A4j
3ek1bmgeGlAbsjwo3M3lS5E1XMWNsl8Gps6+M3WyLoclJwszj6k3t/N+2F5F
HQXKscY8KrRlMu7LlyQX/KTi7L1xweX31vBpzaW312/Bes/oy4Tx72TUkyJZ
NlvgTAWcn+n8Y0C7iVWEKWXM1BZ1Vo8QP1MWqo5kIY8YLW87Es49AMT8IGkI
cs1M2C1AaOyaA0AHdV0nw4Bv6Rb7spKic4XjBtRQzOf4VHeBbLQ4FSmVG0Xj
Qp71x6jeo0+HjB5eD0QVkgwnfEEC64Pr5+AqHXd7NCv/YODP1CVXEilRTJSg
3QYvWjbSlOzrCuv7xWPJ64wX8XlKXV8Q8ex0uuy+Vv5BCBknWCb5BsHLyR1q
BC5IZ3uJWCurJe2cK1HZr9osIbJQYhOcryP2ZMIZLoguafe0Nov5tXLsADl9
5Wy8u+2KQ2XFnJnO0R4r6TvDonf5GN+UTINjlk6TKp0nLWqATQ17Usv29HU5
fb8D3+Vei2Vt7Q4ch+L0UC5wbVsclDbKXRcZCwgTFcFU5XxNW5cvrh0nhkYY
4fGLw8PozYv+ru+l8OHD/snxqH9y3H/8bLC9+Vhy3rwxyUlOLrgWLVBiJNJi
Z2OTHo6G3ACDaBTWtbWRtt1wQgqn7IO/iS6lpKHxfdpt2URfKE9jbXwVpzN1
LwDWUqDRNmosgR4A0hpbyaYzVRXbLyjTMEim6DLhu4tuAjTCOXu8sY03V4PI
SVEr/W1fAxSoxszaHb5bc3Kfc3mXJAtre5TqtuNLGGeMHpcSqCCGRpsWR7bI
20HNOioH2zpjr7sxIEUHoGsaM60LyXHSGjenb+weHPww2o/2d18esD+G//YD
UYckX4S8sTyVkNt+qNx3yXjje1Dd5c6D0bVRjN6oro5MZnwRntB2zHsT1zHa
taUMk7KkM1jZK66uXhecvcHe7SMjSTOn/MFxLKnJtl+L6umyAjCqP6vGZFbT
ysSbb6UHq256ovIpjfK0k4gTrQmtX6fcLwxQEm+BqrVCfUNdWVgTbqwud3du
QuQISaenK648SiuIGAcPkjMVu902dGzv3SGVUqiMKLwdx2RC4uwTmeIxZ2nm
be0w6i0fqpYipeKA1K9ZiV+16KG8xetkNuuLMGVY2qDGGD4SuuaI0jVto6sU
0FWLta7dUWabEnB9B1XtnmTenm++hCiEqVlIx0l8XR/4cCfbf8KBoVFV2TYO
cDyXNB9K/+7qGjJYHTVGnrFZwkkmNoqnCzGIHeLFQrYhBDSZ3dheQQKo2U1A
dVAmt6UvZr6VEjUP6GFUKnYPjYitogudVArVKDNokYlLS5R/Mejbge4Vt0UM
fbPNQPih9OKy0ovy1Za5jwFlsLtzWkk46RxopX5qR4dMKCafWLUEp+OZ7C0+
Z/6Lu++EpIUL6ngGLv1VKv5R6igs3mq86OiovONeeyZIkxs2CHADS6zTPyaE
L+LSlT3wzawHUgXCssxQUCWVq0u4wMGCZjS6tTYqs8tS2pmwhhmM3ZdBWCXT
FMRvt/OY6r2ozCW1+hBKTDU/rOQ9snU+1okmpw0DijR8vlcFHGn8jIL/16Wu
W2FirvLVuWI8zAhFccZsGB2eVMWs7fnEFRFUEtplUxyiZ60SbZw7eY8Fiy8S
IkHoNZf0ajQmpVW7PRMNGZ0Hy91F2bplKHindEnpeNVb+qAENfpDX7S0aygS
4tJkcpp182hQcKp0Rhyhba9kycNugAJGhD5zRN6tdEMINzQgfgfnhZDs2fCK
LGC3GHdM5Zxzp2YmbrHE8gMevMbiVB1V5XvW9ZkbsE3XbYpko669Kwuy34xx
uzCjWpVrElJId7G0JzD6geD7TiKD+4RSi3iC9fOtvWZZyjV2El2WkzX8Oh0n
pBqE/EXWzVYRQxuLVYVPK1Y1b3CAeZdLeaRRy2ATd/DMV+SpT4xBWoBDUtse
rswS6PHMqORJuz73prNTFklbLxueEUOGsAUCCJcApUG0j3jBe6CLW38LlbSE
07Z1oQ3ZoSGTCd9nMciBIkK2I6nWU1K18gL7Ci5txQ5YR5HMcxJOrMAQgo17
h7AHhKUGq2fpmyxXuHLd6Q0tsr3qwYhFg3xFVWf1c8TGKY7RemANuY9Rf/BJ
r2FJNf6h1+0fwc8aaijrzc9//5GGIFscT/7b9ndRu2m+/0198gdv+eu/CUj9
kZ2OL9+++WFNaZ/rf2pCShW50tBqGQEhpgb4b4OWaS1WIVzc0h/xbb50oaXW
8uRM07arQ8o07w5/p9bqvOWc3J8lmnMcOcB+AqK108U1Ttzv7AZIbX5t2/rE
dSTRq5MUB0vsWtuN+chaFY7fxXh8vVNLg4CvLLRnLdCiTY3XrxLU3IapPbe0
dRV+SJYC0zWPU8GdIspeN9fqIS9K1wvK6ziupymWAMq5671tAcfdsNlOKxJ1
a+/KUsvnLI2RWpDlZtVevcZMiuuiYvUXhAnsXjdQlcjjjFQ8N5oNEKSQPCq9
KsIfN4SMVkkNzsjXFk7IQGRRzvIpHZZMzIS6axjiQHJfWozrznUSWGiwM10n
pjBKqb53SvZQHewirkOUoDWSZpDNiz39DjSpuT4l5A6tpnTYIjiwTJKynLoS
nK51jYyEfnNaFd4JFAbTrD+dBVqnFXzIcKd6cvlQTeuRa9PalfGG5tUtkR1+
UDDhVT67Yo3qXnbMyPchdwjmD9nUXT8cJjydwvLd1auLVvaioZ4MjxjZl7eF
nnN5X+4gThKiBQ7p+dr4KXOYSZEvFuT1FBk5tAXQ9SujoG6w3jZJQTOYxIiH
SUI1kkafaGoAnE+S+xzCLLmIxzef4RB61qBge95eiyBnEcWItSYLgBNktbGB
UifnaX9OfA4UGy0uYjbiJvbplP0GNnumJU8lCAqgK2f+Chp0T9Jnam7viGrJ
t9dSELdbo6lxLRcrNF5Yt5rtIufqwUmV9VoLLt/Qu36mVlsJDtWrf9ySmAah
tfgWtdqbqw0lA/MT9QkOmty5Alf4LrqOi2k8Fv6qvWlMK20skqP90gMsjBhf
2YDcBkJby5JNcWW7EdnLaDhpBIaRS6SQLBeT2NajpItaa1snpVzViEgW8frC
/SzH2EUNzUphhz+zy11A0cZ43V7fyq6acNd21qxUC0NARO6GbFq7oQuPZ+GA
FXQxGVP7vA8fRv29QZpU035VXl0H5ZpCPLu9dY8DyZimRSpv0A2g11wO021b
ci+mJVjvh6s3umrL5fL835EqY7Z/6G0Uc7skcGIzZkrh9A0e8xk2LKX2o6Cw
rnK/IxCsgb1ILlCfLLxuS/3Xj+jjAptgruzIgOV6c0t7gM5wy3YV8X+/juy+
Hzs2LhRmZkXZw8PRHlN4ti6msJ/+YpFOuH1dPYLJefOjFsJiDdgkokobvbIW
ruGqPM2SK8xaxq1UN2ph9RklmVaAwKZiqsUgUoXNCbMMD/tEWNmlJRoEsw1x
kIE9JuvPS7lbG15NEpikEOddXj4s/RfasHx6rAqXTN7rR/KFNLeTgr/rtsNc
FIQd2sKQ3FzFhyPlV4mVVEm56j7wHqOQ6xY5ya+ziyKm5hRotqaKf9HwHLAR
Q0WQAAM/iOXvfrxIm1EVNtgUgyT0i9aygiY0OpbqGkW2eAXtDDtquzAsKbSd
GTE10vBhc+p4BgDGEJarpN6zzhYzwJdswztCBOSfOex+cQmak+rirjrRA3YC
cyZXSUsr+IYBy/tunGeE0eYKhgbivDb6cT1oeq/1I96zNYTaRp+SDutO27jO
nwPphFNfltMO5WqFkZiikLvt+G2vtUWvPNvefkrmedIQg00Z3lREm0L2yZ5p
57aw0Wb/dnCkesXWIIbmdNLFGH/JTIpMWa/lcbAWKe9cG8jojROdouNtnVNt
dHuwRcMbF8mGgRFD6T6IGONyzBlpQsdM6WKWI+qcTidEZlSS4s+ddYDlCh9w
dbmy3x91VCIZ4jK/xuiVeSwxGCoxl9IXsVMlBX06OugW1IozqnXK7EYCqkD4
PF6Zre+TzbHiuSjSoviIW9TlbLWVNGhkMBsXJ+QCiGUbq7h16rQJ6sBp0Dtt
U658pxaQz51OVaoGYUJGVE/ctDT1tjWr8/l5jaJ4UFiDyuuVMBVQm12Egxo8
SUmFaE+qL1lxCnyx8oKsf8emg3I0rPTU4j8w6ZK+ZLWcvnKxq1KMg5DC9S+V
ELuaAx9N6nKo5s4TrfLrGLUhSpsm9ajn+6fOboz1rsZhJq6N7ocr4IPsykG0
R8HYrCRGuGET1n9mv6rPXk4x3gCEdwqeU8xOLdEEVWF8kqSYbJwNzCY1N8Mk
rBORHPiUzOj9Oe2XN89UfTgVaUMeYWMtRqjnKloSpqKz3oHcLrAQYflc2NDO
PW6rXBfVl67cQWkKF6KjTClH0tWPoWhIoSdxJf6VcT73NUr0uxTlIlhIx4VR
KQtJVPWPBUcwQEG4tQiX249dTEuuO6vdeDNQvMC6AV0XAntpFKoHnb0SOL2t
RhzYqF0fC5x+ZBPQ02lAcMkvhiGvXC5AmTUCUwaRBlWcJfKuR99InRxx5x2J
7xTMzZYeN+qlkwaDHsWglmGOAO3syMYHqUQop60EO2zcZWuXU4m9uPvaAq1i
RcKDTSFE8JIxztG6O6korfaVZEWrDGhc2nBl6nRHg0NYzB1qkw/6cOyg541Y
2BYOIet6vEn0fK31G13CxexmB9OjKAQLsIwKgwU3LXqDYQvIV1/ATR1i7YuV
GdAIQbwF1gjcRmzbUq9bCIiZLjNm8o69UsxpUHcDS27EvCpR3VURDyQ8PiSI
6BWeLnMTN7qkqpc1DPlabCWGbM/lPaNVe66lQqhoGe9obVVSHEF8KJg/kSrG
IfTr790TOzpIoJ1ODkEqo7gEescTfBiXVKiql/xoo7EMgR3Xl0YG7YBT2dHE
MWhN+KtoD/MRX9CZHPIpIfD24ipmIuo0Ue5QUNjIietLqbdyHz3aq9GtirNt
juMsA41SHNgSSjXYlBLOvXrTkJpJwOvrkmLiuzM1i33o9qZYailB3RGZBOtX
XEE/4twdwA1UwXZt5kTKJflX2ahar7JW6FzZBSO+QF6ay9Fpkj67aW32phY4
penQgWc5xrMNgRrQK8HsbnybcwO/m7AQW/0lsYKRuQvN2rujw5f7R/3jt6OT
/WOg1jAgknMSZ8myo0PSAD23uJsGkRkkTUuRCB2oiqRaFsg/cR3kvUCfidt/
bQNM7S/Ti0trC/bkJWL6oo8vEKzg+4zoPV3+KIK/Vz1rOVqwgrDaIQh4mb2c
omVyUku8SPsoPqPRtFnAAgUj6j+TOZOws4CWCbc+Cc4AA426LekY0I2y3yyd
pzYmagI6wXuq70ZCTlClI1gvUsurPMUyh+UyYaJns0l/QDWVa9bkrCNZq53z
0Fqx7AfJTZPSTOTWtENz37K5DtpxuX06vgnlaK+nOoGKSNhP9gpjpuXC5pgE
zmpR9PSIMlxJnYODdjzNQn74KdcCUWGz4uuJMXBGM3mddPwYY8SwROG5NHuR
d7Elh/MOI3FDd9x4SUYvsW1QATElxSAPTUH1Auzk/FqpUmuT+bRCrJfg6tEQ
DMQG5qylDlF29FVZgcThRTAtnHeHmsjZXq6y+ha9U/rI1SwxsAkRg4M2dDLu
kHvQ+VJWsKnqUlhSMI7oys4BzXHjJbE8PEPqGmR5qTrVyobU65GAQqXEvXWE
Ao0QIfvhQHQ4xscc1UhJv+LkjiVLNS4kkl2UXJpSme9hXZrg4Mps/6Dgulsa
Ki4b691ybCJ4mHLayU4cRITTw8P94R7Q0wuU0i/nEu5K/aXcIw3Lom2LHK6o
lN5HFKMfrdXxoYf4sw7MONVSjcW6neaANq8TzjpDUpOzb0enCQMbyBKUzuB7
ki887mtfZcj+xPlluwTZznawHlQ1a12IaJmU2/OjiwAvEm9u0HZZC3wvpdTs
lrY50/e8obgALC7wN2xjZ/c3saYTlFKypsFXbr1Ip/tKhoUdP6dSYDUOdCSu
lfD+/tIM5+cRJuUOuos2tW/vH508oevY2YgVYWrlgoq53cUH27hgyNnu4oNd
XBAJ43344CouyFSsnQ9+IZ1fSOf9SWe0inbuYYWL/KZN7Bl6uwl5dfhB1hxr
spQc5wXgcSaILshmrPgMf3ZWUNFvt5onLClcsdq7qGA7DQvJj+M1Mg/CKNCC
mhYSBcJ26twNxTbC3w5ILqXy2QC5c8eSa1afzw/JDkCigwBXAnB6W4Jmin87
F6GLWXblVpg4c8PooO6KaspnGlCQGrb2TKRzBqVyjqlCblMVME4/5NWk83ky
QXM4Wp6VV956xnG1PgD3vZB+Q6zIaY0D2p9LJwyYlq/KSc9LJR41POcqoekb
HbVU25dGDz2brn3qXfpe3UuDh0Ds4LOiAo6K1aICRKgKLINUYFHhko3P4g5Q
BUZ01bH6hfJe2HZfnyswwdYeKbNl0717Ijvg+eXWANXh6eyJyu5DVzJTEywK
12p+4kU+2QRlJSsp9CJH6g3ng95IFhY6KvaJoce2pm9EcmO8rCpzdOeRyXEM
x2iXA0wUE7wz/COvl06jOMcou8ql4owxL0RE9Ble9HjiH0/949Fa+37WTYPK
NexWK1fxWWn9vWei8jlZciGROtyNJATbXvIgsKlexhps94RO12SfHzr3mWk1
dFjieCiQpuqtT4bVfab+rCB76ITdkNt1xO2ISw14N6HSaqUMgZJjU1F5OJlT
BZYLVQK4FsA6ivx8iSnHo4raO1WUC+5qC1FUMQdBUuP695iw4pwji7i6NEVC
7pHAk+G6VfKcXFInSepxfaYtXsGGxEjkshoedtRMKk1LQy0tzlVhKsy0miRo
C+e6jhLdLkmX2sQo+TY9w8kEal55BxsVDHSrIRVZIIXSKTgF/jaqoFwpJUhu
dPJ/tZRq/EvgIyo13TvFUcwrnUCA1t9oTpUXQJ4nrwyvYaLDTXAEW8EDM80w
RfvcNQsmbiDWOy7UaKNIdXxKPC4wldvV4arXPohNuzhJuyQ3altAIGFeGdzF
lcj86RcwaFPtHWClu46N2fxK6uJ9XRiJjnPCBAyma2QalPTd6rhSm/dX+nFU
gTeqA/R0+8mz29vAegCgl0baubUZYUWT2EuVun4hC0GUVsj44BO4VX4C5Qd+
3bmfr93iU1c3VYQWEZn6QgxMWIQuWiytYskpUXpTAghJiaBtlVbtJlG6Fruu
88QVyGLX+LsJt2upS0BSl8G7qOaxaexuqIE5xNgIsli7uGx1cmGYHdxKFLFR
puK3OK0eXu15esdnqgqpBQOimC6VGBCWBkn9OZAXDkFTHVbwdBWJTK5sHrht
x+eTQih/0/CoEycMxxygWUQXfHS+8p8eN4Q3IYUCdC2T4DwuOdZCA5y4ieDn
+Y2KJgLqBSQ8nlEm3dnZ6PDw6ODk4BRx5+ysP4MvZ3YujhlnQsmloSh0CEng
2RkwkKt5ebG2fnbGHuizMxzjdHh8fLB7uvty+ObF/tkZuiUcFvpauO3PZurZ
aK2GSzae9ulgc7Ap8bS813VupjJDdkZPq34iZ2dlPD6lwkIwARySzIw13E7f
HuJnuBn67AjbuhydnJ1JUZ8WOd5HNWLcvw9ZCi9xL9zf8dvDw4Ojk+NTfAJG
dxwgbCdmeK2I2LiENJlJPcJh9AZA/1xAHwWgj9bOzl4fvzjFQ9zfPdnfOztb
FzLHNTtL8VUzGoTvpngQ8McpPlrafc9mYTaFcWSAvtsbngxtluJ1UqiSpWmj
8ppIANLEi67lPIkz8emneBqYeYM1PK+ueEm2KG5jW3orRvz+Z2e/sksHRi/5
SAiy53LbSu7zKdNggs9pVpyyCe6UneM4rTF3PSFTlzXJN3T0O4ZuzlVh4MZd
roc6VTlWaYb97VBGfDQ2upeiWbEwdFSv/wZfsmdes5fYyCctfZHyrPfb2Oyg
CbU7QLYaXh1QCmw/nwClEDjhEpbw5bPTKgo+/eOf/rj1p16koRtlFn42etci
EvkxYJPBCGdn5E3B3qwFlhQjekC8qyP2Iy5sRakB3OOajZ2cIFQOLrPguM4B
7LJ4gKLns5TFBbSIVy4BcEI4oocGwAzw9DLezMkKhJZgIMYlKYxFRKMGlMEK
bFC4APxl8+ysxxc/4ytdztHMJhXT/OUy3ZfLWuilCNZIDQbiBUeH5IUV/ckB
fq9LG3VfWike3HGyrSBx0eB+Xk8ewpEUYZN8CWa/BwshYaHbktUMFyKJBkZg
fLoU3kqubixXD5rpeFkIlvBRpo7eYCB6R80PjMSLTvBKtn6N9smPpNh/hPGE
HyIDPH11sDt8BQz4zfPRC4CTfQEQiPKMI4VHpADgMx+jf4vc/9bGe7F/Uh/t
HuNFK8fjNf7w+vRweDR8DW+0jvduvpAp7xrvcH//SA/3c8Y7hvGO99/snf6w
/4dju+X28ZKbkh+w8Itaxhvu7YHos/vj5xpvb//VA8Y7TScE3u7x9t88Pzja
3beywOjgTct5kJR2SmTxLnw52j98NfzD6U+jN3sHP3Wt7wHj4fmC4HhyrNCv
fb8ohjIAw/OlJh+spsrl7PMll+I3IT14FGFF5t89mkX0Hxa2EeILL5P4SAxY
RzRoTdXm+6BS3n0te7Vv9SVr+65+YdqeqV2C+iNt51x/pnZ2lHPTMpMch8gx
SISwbI/YLV9Rdm9bQGxoo1jrho4VsQM9iWrbXhPILxKbFxKmMHfkF0iBoVK8
zGRwwvR8pRD69NqauMGmRe5iyBVypH1caXSMh/MsWdd5kLrmmNWybGl2gZKK
9Zc0gmh87xebGinGwbMzBou9RE5s6yDL0QdjL4+6gfDcZCy/p5PfuEdQRNp8
Kl+TDtDxHcjM7+bppPb1M/mWvvrjn35jbkUKhJuk5rMSUtCBGI0PFxkx/ik1
nk36Vd5HI2ZZ3cysGaPEuIrn/vs5Wu6CB6SaoRrYpSItF7aZKQYxNLxlKFKz
1ITv+8qsYhuVoI7npCuiORHmg7NAqtDjPBzB7OdvT94e7bOWChRD6QwDCwlR
rxwYSC0lq6nuzpvXu2/Ta7YROZpPcjJRTKMYFnaeVtjEJTo4khdLsZoSzPSt
23012n9zgtNj3DOGh3clboIE5s7zLOiy7vMNOI4DthbV+OnRj/tHn2sSlyUR
1QiX2BYeOouyMDQvccs0//p2dITqMs9jyzFaWwBljzoh916tnLminWq9k65s
D+wwx168Ni0D9luk/PqZ2uyZe7n25l30k/UUG8ZTp6MUTNRJhxvF010ut40D
HLRSe61hW5U6uGt81VzBOJ2IZ5hAsiXq1cEx2Te4+jU+H1j+qQt1y2QX4WRy
E0vpRmz5XteuV7A6zerbGR0ora7H7+psbpWSKNzMBNzsCzv5u2EnI851yKQL
r4T5COJ8YFbycfft0RFQ7I/DV69uLV+5g5cIHykfykgsG4GlPZSRjBxknHug
PTXKRQLXiHKMDtOYOkJjvdj78JXPPOf92MzPntS1D8FZu1jQz6H3UTT0PdY2
Fc7SgpUMavkgpS1yVBp3C/IUBiM+r6k8V+zH3FBj6oJFHLPwaQzH8ptY07d2
LkE8CefiXNibGuMlfotkv8YMetYnwYXlTn8ajk7EphR+gRXn8IUaye/WcTy7
axD9ug7XTvyd4eluhqoD/HxZ5xal5pdgA+/mi24e8K6DBzzekq8BmylQu43O
v+Ov6nT+3Rc6z2CwsLsHJXhnn3Qv1968N4Kp8L4yEOM4tVbVtaqXsnJ1W6i+
gISIthTUgoE4M1ieURW17MOSL/w3RQoO0ZLwQEpQs9T8bELgXIRfiMEXYvBL
EYMakt2LIHTWt/sHJQpU20fC5cvw3tfcCnDn35YuyK3L0AlbwwZAWKF3vJzF
BVk8ubmMrx9uWjou/yKXHCd98C2311j77/649adW/e/dqci/4bdPt+Vbimzt
eBNWdzpLso5v06sVX5bZHW8vM4RY+74QKl+oUwd10ofu6UyjnCHL+zi5S3BU
VlKHFTyCNHt19dHPzjbQ8FrLPOFR4P5In2ursrjyuLA/qm9Dr4fNooMkFDeM
Ww1jQ0PR9qfqniR89fv2GWEtGw7nEHz078IfF5XrUoXRqUH8lntLk3dG+q4x
Wutb3mNUf1u6Rm6pqXmPcflPOyK+A8PJwDWgRFwNkcx/YR2YWn3LyG6rPpQF
TfdILZtgzhaMo4HRbcckS6W1L0qGcRzkSeVZixWTWFOpW97J3Xs1Oj7ZR/dd
1Mam2GvXxaeGGr25HNvsOr4p2bJbta4k6rSnDswBNQSY1vbDtvCopXJkT+Vh
2RXI1Ku27DjzPWFgVvHqURAQKweVasNHj2LxYir5b72AEpRHSg7JFVJw2Xjc
Zr7sqvW7y22jVKlJE9XAyaSFO7VOYC+CCdYjEsUQJACVnlgTKmqxBZ9TqPBl
+b+IFV/Eii9ixRex4otY8bcsVrTy7QY7NffinncrunsJNt5cwZlqUWr340yu
zd/fFHMCesv8qc6a0pA3aZtWGrAczW1Sy25uFWFPv1B2gcMn02TGnc9AlWUg
v6SHkFv/8ue/sw8UgVdqAfXAPZUWuI+ZX2O2/gVXui2AEO71vu1X0nK1W+R/
+IXGFxektRCaINOf+uIgpFyXkZ6Uc76xzUc4Dwb0mdnMmxmDjlrk6aaiRezi
xPJsXLsA1uSLl/dchQMjf9uOh7aTvYS91NoyffZgPRUT20Jv2kmNekfLil+o
yVkQYbwjRZgYuEAEfGKI8t17RTCfTnscMEG3kF/zr1DxyuZLWfu15/FQAJgk
0xhL17fZolGTHic6fd0XjeYbQzJEctdtMzVtm2uuM+4j6mLgsyii2G2LQ1hX
ztp2iUVrB1mmSDlfzEVHrVDeB0bRGRnCTXPPMX6Ov+4Y001KkCyi3XyZUQBV
wzcnsc2tPrmyFoN8FRcpNUVw447tuJwz7spy1Y768wsqFPveKqaUTSlFZJHy
VBoMnqqSK82H4iSenKIPBVuWNb/G5MLTFa/jjal9/+2vuCe67+GAWgon+pPW
U+oWUD+9eLU7iH71bfDmnNpM8qup9QnN4ooq/Tiw2+Og17UqXX4RuBgMLRjQ
5krUNXksk3Vc11U3D2kEJcKbSBMXDOmxF94tIcCvtsmphIh9gCs8iVwQFCIK
VQEeO0TOtsED054OfHKihxssxOQ7B7PZso0MiWYphp8AL/Lr6Dj9SxJSpFpC
RnukgI5eDWpBsXxbL4tiQ2ZdmMDn1py+CDIPuaUPk2BcAZpWnBNTffPMrwnB
EB0507VRxoPabwSfNrqEAqUtfeKrDS6gYqb0WeoyZoHRFkk8p3p8RT4zJ9i0
e56WVI0C0T4f5zOuermuo5kviny5kJYNJO3gqiiT6iCzrYllelsCpN7kYK/U
j9OJcaMTTKUsbZ38Wr8A/wSVAfC77BjLB0XgO/jQyXXuH6JSftFujKe8m0+4
uuuQvrcFNB0QfFcGLqLY3UdAdVqx59XRLoXL3TBtOnq+G+0Dh8ylPyqVoWE6
YYv9wSP9k7z/fWKb3xZhldxUdyM1hD71oaQBXBye0Zjrwj/q3tQjKV3gXuFr
6Cv0BXgUrcIjU8cjGxOS2CK7roaIng39IZT1var/pwe9lK5Y1S3U93WnKBlX
hcVVRzG2OoqH6j4VyM9wTU4ksrnoQDee9bG8sM6rx9pYopa4Li2uRFKBzibK
M1YL/9ix2u4c5NrPR1U9+SMdCfZxku9grg39qOphREh1WCT98pJqTtWaNvpT
C+dySAmDFSBKRMMlrBcew7k2+5vfbdpHh663PAJ9SHCjHXJ2/7Eu1GPLKk64
/+tNZHNF7WC1PeNc3231t55s32uu52Ru2M3nSU9+P8ZAcjfbXXNtPXmiwV3y
y9RCoV7NR4VLlwu8xs3zWjUX5sRyY9gytXmw9yM+Nj+28PmxWD9FBZsRC6Ji
P3xObBhzfXNVqj1e8VXHY+Igj54K8Dzb3OIekt2zyolRM0U2ANGJ8O8CVERL
Q9WB0AiF6f3S5l1/BNv92pkaLRlhqlFvaitExTUmdO1wkeWg+i3igZPRSrj7
HBLHrJxOUQoUhGwLiG4bW11JDhts9evSPFKc8JGjgr2olaRzM2vZmr33tpqx
7jxDRfNSW9zzwwfCKu4OjRVFSqxO1cFXjOIrQKz2oh+Jon3UDLmN+iC1eb+9
2aQ1a/j7ekg+PKqrRQUo72cLcBsxuxU06EAn0S8QIgIEqByNoAepkxzn2jTT
f52x0vYWl6ZFJVYyus4aUKVxbm93EGa8dKpdFMKOPmLa3gTdxmaNUnBj+y4C
zO9s1d55mzkW1UJw+J3tT3jn2cPf2dx4+Dtbn/DO9ie88+yB79SwlZGmia0k
pzbQNaQdoZhafmYyUhv9kwmK6YpvX0VZnNhQozFmpezaQmPCXbTclWcbG08j
R2ZqS1xNaWqLXMVma4vpPNiGamFVgf33QHr69MXtZzvoxmx3HrIljaAHGMub
3SGeJ8D31VGSOtzHRrNJf4zDP/wY+f40odL1Uz/fzY2NaO3k+911/vJ1yjYl
ddFsw9HmQAGB3ASaqgZ6k6MUOM9XqRVdA23pgdpeP0mT6Hs42XeAtbsgTKV0
oM2BHuuBRpkqs9g2KndybazI4XTjtCw+t2BJDXtPSDu5uGA0oSEiHIKVHVUf
lkxXJCOJ8q/koRWqszRYY3l2kU4+3w1YMelDKJ5piFDR4SEg8fbW9lYHnZN2
8H1vxOnDxj6Bzt0JvPqdoEV1Y99rqVvYgr1eqWhbvMUXZfc8oDRXgEjbuo6c
ytAkh6BXSWfchiXLfhNas0p4C13FHIMj76JovsB+pWOqt6HHcTFH8uhCFmi0
NVSodst+sDItVkztqEz9+u3xSfTm4IRrIlP1yHw6ZWQ/lAWFy8f4GVc7ho5U
SZAuVcxuBnCCnjn3s3KXvcJMsK4YlWbG1i56QFs+F4WTGH2MrBA1rJ7YdV1O
iaRcVx8VR3rSr5bYQcqX7sNeH7Y24uiQohKIoOIafjwBKZXVNNsNh3oFum73
g2g4AS0K/YN2b9MkrsgRgL1pDHVZDUOqVBV+8hKhgFGwO4n6FlJLRCwNS9G9
UgMUXQyv8IsG3H1p1O3Bk8FjBBng/Heb27+m0r6onJY8ZmmB4I2z0kPU/JkV
RbHUe1+KKvSLsjqGp8VY9xODj2ujmmDUMN7hioenRKd4CQ/D6YxVOUoCKgw+
MCfIo/lsqIJHmdhZusQwYVawdIOldHM0jZN/JJfrRC+1tQ8KOlSUScKtP2Ke
0DuaC1xdQh15sAjBLC+ltyRrVfTlAAi67wAiy6AlwEMYUo5rworCtSo7aFJ1
vYeH3HsYaIT7rC+fAXXYq/copjI80koEF0RuqzvAhJVJ41mVuLRL0eWoVbYK
OUFMpx4oGXdbobghLN/B8eDU5XZVb/jofCnhBxndMKodJTl1QAZy4HBwNY20
QOcNsZeCYpD6WLfef+xwcw5gnd5YtDLnCfNqWjk1dgp7gXAszgxj2rFQOlaI
llbCsvtG32fy2djaj8zm/RWwzXrv01yYw/DF7OMhC6tZcqd1Bfi7B9M1dt2A
LiLIm1hF3Rc7MPW6tounEDD3oMu2NdwDCy7xuRQTVzm5tCir9fsE3eitAwl1
W67vRdlM2QqlYliojTG3iE6lOn11KSCRBuL+27TMvq4ctnB/gyxdLGdc5GZU
wx7pVk/WNspoCPbRBVw0dycpxXMgWH24FV54qvVsG8vQ3qjuM8uFHLPClfpy
Q9BOAlpZusJqjW4wRArJ0IbYhh0MsLeMIQT3pJFix0oMyUnDLnbibe4x8BYO
qw1idJ9QekBCJvUcuMMhMMmxOEZe2XTX8BDd6cISkA7Dvvq+i3rkJ5Qi78g/
7InR/Y4rs2Ly1LchH4gncrlgA6b46cnUip2sqTGXlLcDzAOM4sKm1HTJd9XA
tmvJvPTd5DiaqKwUcFSfdxRp4ExRlMsqlttQLs8LKdCvugW7Bl4szwciWb/k
V0SdsGGbjWYNui6j1I8lIQ67VJG859YCAposZ0aG5ph7cVl52ol+dmRkB9zn
inoeOuLZ0mGqZxitpGdHDBDL8I5jlVqsJTtOrKhADZnJTVETs+iwOD2rzKn5
RHgZ9WqT6O2rQ9dIm/eN0HWwcO0T8EhjOCkUm0DYIwaL4CA+JMcIa5qmM2vJ
FFF3jkS+AWwCMJzxS2zwgB5FjJFPFIzdUgCg2KAbwyepdQeRs8yunaRC7BKB
bq4qxUFcX0pb7FzBpoTbjG5Z7BYg/B5mR+HOIMC4fQmfettaSttUgGFoaV+l
KicA9DMJQrOdRSRJ3Q43TthTaQORDAyGtIabQJxjZHKycJxtWWAYcjfWun73
CIxjCoGTu815adMpXlEKP+V9kSvf966iitp8M2Lxk2Hw3LvoZZyhfHpSji/z
KSDhBV2Ck7RYzmPQ969j1LMmE+dQTwvDwffpQqT9zErx6CStUJsWopsWrDKk
50vWmZqa6E/SLGKWvhMQ45r+DcZ8hbiHc16m5R3DEHIMgTNN4uj7GEVg7k+G
KjeOMAUsJ9EPZc9lwV9Y1Xxg/j8k4u0xlTkBAA==

-->

</rfc>
