<?xml version="1.0" encoding="UTF-8"?>
  <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
  <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.2.2 -->

<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
]>

<?rfc toc="yes"?>
<?rfc sortrefs="yes"?>
<?rfc symrefs="yes"?>

<rfc ipr="trust200902" docName="draft-ietf-httpbis-expect-ct-01" category="exp">

  <feedback xmlns='http://purl.org/net/xml2rfc/ext' template="mailto:ietf-http-wg@w3.org?subject={docname},%20%22{section}%22&amp;body=%3c{ref}%3e:"/><front>
    <title abbrev="Expect-CT">Expect-CT Extension for HTTP</title>

    <author initials="E." surname="Stark" fullname="Emily Stark">
      <organization>Google</organization>
      <address>
        <email>estark@google.com</email>
      </address>
    </author>

    <date year="2017" month="5" day="24"/>

    <area>Applications and Real-Time</area>
    <workgroup>HTTP</workgroup>
    

    <abstract>


<t>This document defines a new HTTP header, named Expect-CT, that allows web host
operators to instruct user agents to expect valid Signed Certificate Timestamps
(SCTs) to be served on connections to these hosts. When configured in
enforcement mode, user agents (UAs) will remember that hosts expect SCTs and
will refuse connections that do not conform to the UA’s Certificate Transparency
policy. When configured in report-only mode, UAs will report the lack of valid
SCTs to a URI configured by the host, but will allow the connection. By turning
on Expect-CT, web host operators can discover misconfigurations in their
Certificate Transparency deployments and ensure that misissued certificates
accepted by UAs are discoverable in Certificate Transparency logs.</t>



    </abstract>


    <note title="Note to Readers">


<t>Discussion of this draft takes place on the HTTP working group mailing list
(ietf-http-wg@w3.org), which is archived at <eref target="https://lists.w3.org/Archives/Public/ietf-http-wg/">https://lists.w3.org/Archives/Public/ietf-http-wg/</eref>.</t>

<t>Working Group information can be found at <eref target="http://httpwg.github.io/">http://httpwg.github.io/</eref>; source
code and issues list for this draft can be found at
<eref target="https://github.com/httpwg/http-extensions/labels/expect-ct">https://github.com/httpwg/http-extensions/labels/expect-ct</eref>.</t>


    </note>


  </front>

  <middle>


<section anchor="introduction" title="Introduction">

<t>This document defines a new HTTP header that enables UAs to identify web hosts
that expect the presence of Signed Certificate Timestamps (SCTs)
<xref target="I-D.ietf-trans-rfc6962-bis"/> in future Transport Layer Security (TLS)
<xref target="RFC5246"/> connections.</t>

<t>Web hosts that serve the Expect-CT HTTP header are noted by the UA as Known
Expect-CT Hosts. The UA evaluates each connection to a Known Expect-CT Host for
compliance with the UA’s Certificate Transparency (CT) Policy. If the connection
violates the CT Policy, the UA sends a report to a URI configured by the
Expect-CT Host and/or fails the connection, depending on the configuration that
the Expect-CT Host has chosen.</t>

<t>If misconfigured, Expect-CT can cause unwanted connection failures (for example,
if a host deploys Expect-CT but then switches to a legitimate certificate that
is not logged in Certificate Transparency logs, or if a web host operator
believes their certificate to conform to all UAs’ CT policies but is
mistaken). Web host operators are advised to deploy Expect-CT with caution, by
using the reporting feature and gradually increasing the interval where the UA
remembers the host as a Known Expect-CT Host. These precautions can help web
host operators gain confidence that their Expect-CT deployment is not causing
unwanted connection failures.</t>

<t>Expect-CT is a trust-on-first-use (TOFU) mechanism. The first time a UA
connects to a host, it lacks the information necessary to require SCTs for the
connection. Thus, the UA will not be able to detect and thwart an attack on the
UA’s first connection to the host. Still, Expect-CT provides value by 1)
allowing UAs to detect the use of unlogged certificates after the initial
communication, and 2) allowing web hosts to be confident that UAs are only
trusting publicly-auditable certificates.</t>

<section anchor="requirements-language" title="Requirements Language">

<t>The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”,
“SHOULD NOT”, “RECOMMENDED”, “NOT RECOMMENDED”, “MAY”, and “OPTIONAL” in this
document are to be interpreted as described in RFC 2119 <xref target="RFC2119"/>.</t>

</section>
<section anchor="terminology" title="Terminology">

<t>Terminology is defined in this section.</t>

<t><list style="hanging">
  <t hangText='Certificate Transparency Policy'>
  is a policy defined by the UA concerning the number, sources, and delivery
  mechanisms of Signed Certificate Timestamps that are served on TLS
  connections. The policy defines the properties of a connection that must be
  met in order for the UA to consider it CT-qualified.</t>
  <t hangText='Certificate Transparency Qualified'>
  describes a TLS connection for which the UA has determined that a sufficient
  quantity and quality of Signed Certificate Timestamps have been provided.</t>
  <t hangText='CT-qualified'>
  See Certificate Transparency Qualified.</t>
  <t hangText='CT Policy'>
  See Certificate Transparency Policy.</t>
  <t hangText='Effective Expect-CT Date'>
  is the time at which a UA observed a valid Expect-CT header for a given
  host.</t>
  <t hangText='Expect-CT Host'>
  See HTTP Expect-CT Host.</t>
  <t hangText='HTTP Expect-CT'>
  is the overall name for the combined UA- and server-side security policy
  defined by this specification.</t>
  <t hangText='HTTP Expect-CT Host'>
  is a conformant host implementing the HTTP server aspects of HTTP
  Expect-CT. This means that an Expect-CT Host returns the “Expect-CT” HTTP
  response header field in its HTTP response messages sent over secure
  transport.</t>
  <t hangText='Known Expect-CT Host'>
  is an Expect-CT Host that the UA has noted as such. See
  <xref target="noting-expect-ct"/> for particulars.</t>
  <t hangText='UA'>
  is an acronym for “user agent”. For the purposes of this specification, a UA
  is an HTTP client application typically actively manipulated by a user
  <xref target="RFC7230"/>.</t>
  <t hangText='Unknown Expect-CT Host'>
  is an Expect-CT Host that the UA has not noted.</t>
</list></t>

</section>
</section>
<section anchor="server-and-client-behavior" title="Server and Client Behavior">

<section anchor="response-header-field-syntax" title="Response Header Field Syntax">

<t>The “Expect-CT” header field is a new response header defined in this
specification. It is used by a server to indicate that UAs should evaluate
connections to the host emitting the header for CT compliance
(<xref target="expect-ct-compliance"/>).</t>

<t><xref target="expect-ct-syntax"/> describes the syntax (Augmented Backus-Naur Form) of the header field,
using the grammar defined in RFC 5234 <xref target="RFC5234"/> and the rules defined in
Section 3.2 of RFC 7230 <xref target="RFC7230"/>.</t>

<figure title="Syntax of the Expect-CT header field" anchor="expect-ct-syntax"><artwork type="abnf"><![CDATA[
Expect-CT           = #expect-ct-directive
expect-ct-directive = directive-name [ "=" directive-value ]
directive-name      = token
directive-value     = token / quoted-string
]]></artwork></figure>

<t>Optional white space (<spanx style="verb">OWS</spanx>) is used as defined in Section 3.2.3 of RFC 7230
<xref target="RFC7230"/>. <spanx style="verb">token</spanx> and <spanx style="verb">quoted-string</spanx> are used as defined in Section 3.2.6
of RFC 7230 <xref target="RFC7230"/>.</t>

<t>The directives defined in this specification are described below. The overall
requirements for directives are:</t>

<t><list style="numbers">
  <t>The order of appearance of directives is not significant.</t>
  <t>A given directive MUST NOT appear more than once in a given header
field. Directives are either optional or required, as stipulated in their
definitions.</t>
  <t>Directive names are case insensitive.</t>
  <t>UAs MUST ignore any header fields containing directives, or other header
field value data, that do not conform to the syntax defined in this
specification.  In particular, UAs must not attempt to fix malformed header
fields.</t>
  <t>If a header field contains any directive(s) the UA does not recognize, the
UA MUST ignore those directives.</t>
  <t>If the Expect-CT header field otherwise satisfies the above requirements (1
through 5), the UA MUST process the directives it recognizes.</t>
</list></t>

<section anchor="the-report-uri-directive" title="The report-uri Directive">

<t>The OPTIONAL <spanx style="verb">report-uri</spanx> directive indicates the URI to which the UA SHOULD
report Expect-CT failures (<xref target="expect-ct-compliance"/>). The UA POSTs the reports
to the given URI as described in <xref target="reporting-expect-ct-failure"/>.</t>

<t>The <spanx style="verb">report-uri</spanx> directive is REQUIRED to have a directive value, for which the
syntax is defined in <xref target="reporturi-syntax"/>.</t>

<figure title="Syntax of the report-uri directive value" anchor="reporturi-syntax"><artwork type="abnf"><![CDATA[
report-uri-value = absolute-URI
]]></artwork></figure>

<t><spanx style="verb">absolute-URI</spanx> is defined in Section 4.3 of RFC 3986 <xref target="RFC3986"/>.</t>

<t>Hosts may set <spanx style="verb">report-uri</spanx>s that use HTTP or HTTPS. If the scheme in the
<spanx style="verb">report-uri</spanx> is one that uses TLS (e.g., HTTPS), UAs MUST check Expect-CT
compliance when the host in the <spanx style="verb">report-uri</spanx> is a Known Expect-CT Host;
similarly, UAs MUST apply HSTS if the host in the <spanx style="verb">report-uri</spanx> is a Known HSTS
Host.</t>

<t>Note that the report-uri need not necessarily be in the same Internet
domain or web origin as the host being reported about.</t>

<t>UAs SHOULD make their best effort to report Expect-CT failures to the
<spanx style="verb">report-uri</spanx>, but they may fail to report in exceptional conditions.  For
example, if connecting the <spanx style="verb">report-uri</spanx> itself incurs an Expect-CT failure or
other certificate validation failure, the UA MUST cancel the connection.
Similarly, if Expect-CT Host A sets a <spanx style="verb">report-uri</spanx> referring to Expect-CT Host
B, and if B sets a <spanx style="verb">report-uri</spanx> referring to A, and if both hosts fail to comply
to the UA’s CT Policy, the UA SHOULD detect and break the loop by failing to
send reports to and about those hosts.</t>

<t>UAs SHOULD limit the rate at which they send reports. For example, it is
unnecessary to send the same report to the same <spanx style="verb">report-uri</spanx> more than once.</t>

</section>
<section anchor="the-enforce-directive" title="The enforce Directive">

<t>The OPTIONAL <spanx style="verb">enforce</spanx> directive is a valueless directive that, if present
(i.e., it is “asserted”), signals to the UA that compliance to the CT Policy
should be enforced (rather than report-only) and that the UA should refuse
future connections that violate its CT Policy. When both the <spanx style="verb">enforce</spanx> directive
and <spanx style="verb">report-uri</spanx> directive (as defined in <xref target="reporturi-syntax"/>) are present, the
configuration is referred to as an “enforce-and-report” configuration,
signalling to the UA both that compliance to the CT Policy should be enforced
and that violations should be reported.</t>

</section>
<section anchor="the-max-age-directive" title="The max-age Directive">

<t>The <spanx style="verb">max-age</spanx> directive specifies the number of seconds after the reception of
the Expect-CT header field during which the UA SHOULD regard the host from whom
the message was received as a Known Expect-CT Host.</t>

<t>The <spanx style="verb">max-age</spanx> directive is REQUIRED to be present within an “Expect-CT” header
field. The <spanx style="verb">max-age</spanx> directive is REQUIRED to have a directive value, for which
the syntax (after quoted-string unescaping, if necessary) is defined in
<xref target="maxage-syntax"/>.</t>

<figure title="Syntax of the max-age directive value" anchor="maxage-syntax"><artwork type="abnf"><![CDATA[
max-age-value = delta-seconds
delta-seconds = 1*DIGIT
]]></artwork></figure>

<t><spanx style="verb">delta-seconds</spanx> is used as defined in Section 1.2.1 of RFC 7234 <xref target="RFC7234"/>.</t>

</section>
<section anchor="examples" title="Examples">

<t>The following examples demonstrate valid Expect-CT response header fields:</t>

<figure title="Examples of valid Expect-CT response header fields" anchor="example-header-fields"><artwork type="inline"><![CDATA[
Expect-CT: max-age=86400,enforce

Expect-CT: max-age=86400, enforce, report-uri="https://foo.example/report"

Expect-CT: max-age=86400,report-uri="https://foo.example/report"
]]></artwork></figure>

</section>
</section>
<section anchor="server-processing-model" title="Server Processing Model">

<t>This section describes the processing model that Expect-CT Hosts implement.  The
model has 2 parts: (1) the processing rules for HTTP request messages received
over a secure transport (e.g., authenticated, non-anonymous TLS); and (2) the
processing rules for HTTP request messages received over non-secure transports,
such as TCP.</t>

<section anchor="http-over-secure-transport-request-type" title="HTTP-over-Secure-Transport Request Type">

<t>When replying to an HTTP request that was conveyed over a secure transport, an
Expect-CT Host SHOULD include in its response exactly one Expect-CT header
field. The header field MUST satisfy the grammar specified in
<xref target="response-header-field-syntax"/>.</t>

<t>Establishing a given host as an Expect-CT Host, in the context of a given UA,
is accomplished as follows:</t>

<t><list style="numbers">
  <t>Over the HTTP protocol running over secure transport, by correctly returning
(per this specification) at least one valid Expect-CT header field to the
UA.</t>
  <t>Through other mechanisms, such as a client-side preloaded Expect-CT Host
list.</t>
</list></t>

</section>
<section anchor="http-request-type" title="HTTP Request Type">

<t>Expect-CT Hosts SHOULD NOT include the Expect-CT header field in HTTP responses
conveyed over non-secure transport.  UAs MUST ignore any Expect-CT header
received in an HTTP response conveyed over non-secure transport.</t>

</section>
</section>
<section anchor="user-agent-processing-model" title="User Agent Processing Model">

<t>The UA processing model relies on parsing domain names.  Note that
internationalized domain names SHALL be canonicalized according to
the scheme in Section 10 of <xref target="RFC6797"/>.</t>

<section anchor="expect-ct-header-field-processing" title="Expect-CT Header Field Processing">

<t>If the UA receives, over a secure transport, an HTTP response that includes an
Expect-CT header field conforming to the grammar specified in
<xref target="response-header-field-syntax"/>, the UA MUST evaluate the connection on which
the header was received for compliance with the UA’s CT Policy, and then process
the Expect-CT header field as follows.</t>

<t>If the connection complies with the UA’s CT Policy (i.e. the connection is
CT-qualified), then the UA MUST either:</t>

<t><list style="symbols">
  <t>Note the host as a Known Expect-CT Host if it is not already so noted (see
<xref target="noting-expect-ct"/>), or</t>
  <t>Update the UA’s cached information for the Known Expect-CT Host if the
<spanx style="verb">enforce</spanx>, <spanx style="verb">max-age</spanx>, or <spanx style="verb">report-uri</spanx> header field value directives convey
information different from that already maintained by the UA. If the <spanx style="verb">max-age</spanx>
directive has a value of 0, the UA MUST remove its cached Expect-CT
information if the host was previously noted as a Known Expect-CT Host, and
MUST NOT note this host as a Known Expect-CT Host if it is not already noted.</t>
</list></t>

<t>If the connection does not comply with the UA’s CT Policy (i.e. is not
CT-qualified), then the UA MUST NOT note this host as a Known Expect-CT Host.</t>

<t>If the header field includes a <spanx style="verb">report-uri</spanx> directive, and the connection does
not comply with the UA’s CT Policy (i.e. the connection is not CT-qualified),
and the UA has not already sent an Expect-CT report for this connection, then
the UA SHOULD send a report to the specified <spanx style="verb">report-uri</spanx> as specified in
<xref target="reporting-expect-ct-failure"/>.</t>

<t>The UA MUST ignore any Expect-CT header field not conforming to the grammar
specified in <xref target="response-header-field-syntax"/>.</t>

</section>
<section anchor="http-equiv-meta-element-attribute" title="HTTP-Equiv &lt;meta&gt; Element Attribute">

<t>UAs MUST NOT heed <spanx style="verb">http-equiv="Expect-CT"</spanx> attribute settings on <spanx style="verb">&lt;meta&gt;</spanx>
elements <xref target="W3C.REC-html401-19991224"/> in received content.</t>

</section>
<section anchor="noting-expect-ct" title="Noting Expect-CT">

<t>Upon receipt of the Expect-CT response header field over an error-free TLS
connection (including the validation adding in <xref target="expect-ct-compliance"/>), the UA
MUST note the host as a Known Expect-CT Host, storing the host’s domain name and
its associated Expect-CT directives in non-volatile storage. The domain name and
associated Expect-CT directives are collectively known as “Expect-CT metadata”.</t>

<t>To note a host as a Known Expect-CT Host, the UA MUST set its Expect-CT metadata
given in the most recently received valid Expect-CT header, as specified in
<xref target="storage-model"/>.</t>

<t>For forward compatibility, the UA MUST ignore any unrecognized Expect-CT header
directives, while still processing those directives it does
recognize. <xref target="response-header-field-syntax"/> specifies the directives <spanx style="verb">enforce</spanx>,
<spanx style="verb">max-age</spanx>, and <spanx style="verb">report-uri</spanx>, but future specifications and implementations might
use additional directives.</t>

</section>
<section anchor="storage-model" title="Storage Model">

<t>Known Expect-CT Hosts are identified only by domain names, and never IP
addresses. If the substring matching the host production from the Request-URI
(of the message to which the host responded) syntactically matches the
IP-literal or IPv4address productions from Section 3.2.2 of <xref target="RFC3986"/>, then
the UA MUST NOT note this host as a Known Expect-CT Host.</t>

<t>Otherwise, if the substring does not congruently match an existing Known
Expect-CT Host’s domain name, per the matching procedure specified in Section
8.2 of <xref target="RFC6797"/>, then the UA MUST add this host to the Known Expect-CT Host
cache. The UA caches:</t>

<t><list style="symbols">
  <t>the Expect-CT Host’s domain name,</t>
  <t>whether the <spanx style="verb">enforce</spanx> directive is present</t>
  <t>the Effective Expiration Date, which is the Effective Expect-CT Date plus the
value of the <spanx style="verb">max-age</spanx> directive. Alternatively, the UA MAY cache enough
information to calculate the Effective Expiration Date.</t>
  <t>the value of the <spanx style="verb">report-uri</spanx> directive, if present.</t>
</list></t>

<t>If any other metadata from optional or future Expect-CT header directives are
present in the Expect-CT header, and the UA understands them, the UA MAY note
them as well.</t>

<t>UAs MAY set an upper limit on the value of max-age, so that UAs that have noted
erroneous Expect-CT hosts (whether by accident or due to attack) have some
chance of recovering over time.  If the server sets a max-age greater than the
UA’s upper limit, the UA MAY behave as if the server set the max-age to the UA’s
upper limit.  For example, if the UA caps max-age at 5,184,000 seconds (60
days), and an Expect-CT Host sets a max- age directive of 90 days in its
Expect-CT header, the UA MAY behave as if the max-age were effectively 60
days. (One way to achieve this behavior is for the UA to simply store a value of
60 days instead of the 90-day value provided by the Expect-CT host.)</t>

</section>
</section>
<section anchor="expect-ct-compliance" title="Evaluating Expect-CT Connections for CT Compliance">

<t>When a UA connects to a Known Expect-CT Host using a TLS connection, if the TLS
connection has errors, the UA MUST terminate the connection without allowing the
user to proceed anyway. (This behavior is the same as that required by
<xref target="RFC6797"/>.)</t>

<t>If the connection has no errors, then the UA will apply an additional
correctness check: compliance with a CT Policy. A UA should evaluate compliance
with its CT Policy whenever connecting to a Known Expect-CT Host, as soon as
possible. It is acceptable to skip this CT compliance check for some hosts
according to local policy. For example, a UA may disable CT compliance checks
for hosts whose validated certificate chain terminates at a user-defined trust
anchor, rather than a trust anchor built-in to the UA (or underlying platform).</t>

<t>An Expect-CT Host is “expired” if the effective expiration date refers to a date
in the past. The UA MUST ignore any expired Expect-CT Hosts in its cache and not
treat such hosts as Known Expect-CT hosts.</t>

<t>If a connection to a Known CT Host violates the UA’s CT policy (i.e. the
connection is not CT-qualified), and if the Known Expect-CT Host’s Expect-CT
metadata indicates an <spanx style="verb">enforce</spanx> configuration, the UA MUST treat the CT
compliance failure as a non-recoverable error.</t>

<t>If a connection to a Known CT Host violates the UA’s CT policy, and if the Known
Expect-CT Host’s Expect-CT metadata includes a <spanx style="verb">report-uri</spanx>, the UA SHOULD send
an Expect-CT report to that <spanx style="verb">report-uri</spanx> (<xref target="reporting-expect-ct-failure"/>).</t>

<t>A UA that has previously noted a host as a Known Expect-CT Host MUST evaluate CT
compliance when setting up the TLS session, before beginning an HTTP
conversation over the TLS channel.</t>

<t>If the UA does not evaluate CT compliance, e.g. because the user has elected to
disable it, or because a presented certificate chain chains up to a user-defined
trust anchor, UAs SHOULD NOT send Expect-CT reports.</t>

</section>
</section>
<section anchor="reporting-expect-ct-failure" title="Reporting Expect-CT Failure">

<t>When the UA attempts to connect to a Known Expect-CT Host and the connection is
not CT-qualified, the UA SHOULD report Expect-CT failures to the <spanx style="verb">report-uri</spanx>,
if any, in the Known Expect-CT Host’s Expect-CT metadata.</t>

<t>When the UA receives an Expect-CT response header field over a connection that
is not CT-qualified, if the UA has not already sent an Expect-CT report for this
connection, then the UA SHOULD report Expect-CT failures to the configured
<spanx style="verb">report-uri</spanx>, if any.</t>

<section anchor="generating-a-violation-report" title="Generating a violation report">

<t>To generate a violation report object, the UA constructs a JSON object with the
following keys and values:</t>

<t><list style="symbols">
  <t>“date-time”: the value for this key indicates the time the UA observed the CT
compliance failure. The value is a string formatted according to Section 5.6,
“Internet Date/Time Format”, of <xref target="RFC3339"/>.</t>
  <t>“hostname”: the value is the hostname to which the UA made the original
request that failed the CT compliance check. The value is provided as a string.</t>
  <t>“port”: the value is the port to which the UA made the original request that
failed the CT compliance check. The value is provided as an integer.</t>
  <t>“effective-expiration-date”: the value indicates the Effective Expiration Date
(see <xref target="storage-model"/>) for the Expect-CT Host that failed the CT compliance
check. The value is provided as a string formatted according to Section 5.6,
“Internet Date/Time Format”, of <xref target="RFC3339"/>.</t>
  <t>“served-certificate-chain”: the value is the certificate chain as served by
the Expect-CT Host during TLS session setup. The value is provided as an array
of strings, which MUST appear in the order that the certificates were served;
each string in the array is the Privacy-Enhanced Mail (PEM) representation of
each X.509 certificate as described in <xref target="RFC7468"/>.</t>
  <t>“validated-certificate-chain”: the value is the certificate chain as
constructed by the UA during certificate chain verification. (This may differ
from the value of the “served-certificate-chain” key.) The value is provided as
an array of strings, which MUST appear in the order matching the chain that the
UA validated; each string in the array is the Privacy-Enhanced Mail (PEM)
representation of each X.509 certificate as described in <xref target="RFC7468"/>.</t>
  <t>“scts”: the value represents the SCTs (if any) that the UA received for the
Expect-CT host and their validation statuses. The value is provided as an array
of JSON objects. The SCTs may appear in any order. Each JSON object in the array
has the following keys:  <list style="symbols">
      <t>The “sct” key, with a value as defined in Section 4.6 of
<xref target="I-D.ietf-trans-rfc6962-bis"/>.</t>
      <t>The “status” key, with a string value that the UA MUST set to one of the
following values: “unknown” (indicating that the UA does not have or does
not trust the public key of the log from which the SCT was issued), “valid”
(indicating that the UA successfully validated the SCT as described in
Section 8.2.3 of <xref target="I-D.ietf-trans-rfc6962-bis"/>), or “invalid” (indicating
that the SCT validation failed because of, e.g., a bad signature).</t>
      <t>The “source” key, with a string value that indicates from where the UA
obtained the SCT, as defined in Section 6 of
<xref target="I-D.ietf-trans-rfc6962-bis"/>. The UA MUST set the value to one of
“tls-extension”, “ocsp”, or “embedded”.</t>
    </list></t>
</list></t>

</section>
<section anchor="sending-a-violation-report" title="Sending a violation report">

<t>The UA SHOULD report an Expect-CT failure when a connection to a Known Expect-CT
Host does not comply with the UA’s CT Policy and the host’s Expect-CT metadata
contains a <spanx style="verb">report-uri</spanx>. Additionally, the UA SHOULD report an Expect-CT failure
when it receives an Expect-CT header field which contains the <spanx style="verb">report-uri</spanx>
directive over a connection that does not comply with the UA’s CT Policy.</t>

<t>The steps to report an Expect-CT failure are as follows.</t>

<t><list style="numbers">
  <t>Prepare a JSON object <spanx style="verb">report object</spanx> with the single key <spanx style="verb">expect-ct-report</spanx>,
whose value is the result of generating a violation report object as
described in <xref target="generating-a-violation-report"/>.</t>
  <t>Let <spanx style="verb">report body</spanx> by the JSON stringification of <spanx style="verb">report object</spanx>.</t>
  <t>Let <spanx style="verb">report-uri</spanx> be the value of the <spanx style="verb">report-uri</spanx> directive in the Expect-CT
header field.</t>
  <t>Send an HTTP POST request to <spanx style="verb">report-uri</spanx> with a <spanx style="verb">Content-Type</spanx> header field
of <spanx style="verb">application/expect-ct-report+json</spanx>, and an entity body consisting of
<spanx style="verb">report body</spanx>.</t>
</list></t>

<t>The UA MAY perform other operations as part of sending the HTTP POST request,
for example sending a CORS preflight as part of <xref target="FETCH"/>.</t>

</section>
</section>
<section anchor="security-considerations" title="Security Considerations">

<t>When UAs support the Expect-CT header, it becomes a potential vector for hostile
header attacks against site owners. If a site owner uses a certificate issued by
a certificate authority which does not embed SCTs nor serve SCTs via OCSP or TLS
extension, a malicious server operator or attacker could temporarily reconfigure
the host to comply with the UA’s CT policy, and add the Expect-CT header in
enforcing mode with a long <spanx style="verb">max-age</spanx>.  Implementing user agents would note this
as an Expect-CT Host (see  <xref target="noting-expect-ct"/>). After having done this, the
configuration could then be reverted to not comply with the CT policy, prompting
failures. Note this scenario would require the attacker to have substantial
control over the infrastructure in question, being able to obtain different
certificates, change server software, or act as a man-in-the-middle in
connections.</t>

<t>Site operators could themselves only cure this situation by one of:
reconfiguring their web server to transmit SCTs using the TLS extension defined
in Section 6.5 of <xref target="I-D.ietf-trans-rfc6962-bis"/>, obtaining a certificate from
an alternative certificate authority which provides SCTs by one of the other
methods, or by waiting for the user agents’ persisted notation of this as an
Expect-CT host to reach its <spanx style="verb">max-age</spanx>. User agents may choose to implement
mechanisms for users to cure this situation, as noted in
<xref target="usability-considerations"/>.</t>

<section anchor="maximum-max-age" title="Maximum max-age">

<t>There is a security trade-off in that low maximum values provide a narrow window
of protection for users that visit the Known Expect-CT Host only infrequently,
while high maximum values might result in a denial of service to a UA in the
event of a hostile header attack, or simply an error on the part of the
site-owner.</t>

<t>There is probably no ideal maximum for the <spanx style="verb">max-age</spanx> directive. Since Expect-CT
is primarily a policy-expansion and investigation technology rather than an
end-user protection, a value on the order of 30 days (2,592,000 seconds) may be
considered a balance between these competing security concerns.</t>

</section>
<section anchor="avoiding-amplification-attacks" title="Avoiding amplification attacks">

<t>Another kind of hostile header attack uses the <spanx style="verb">report-uri</spanx> mechanism on many
hosts not currently exposing SCTs as a method to cause a denial-of-service to
the host receiving the reports. If some highly-trafficked websites emitted
a non-enforcing Expect-CT header with a <spanx style="verb">report-uri</spanx>, implementing UAs’ reports
could flood the reporting host. It is noted in <xref target="the-report-uri-directive"/> that UAs
should limit the rate at which they emit reports, but an attacker may alter the
Expect-CT header’s fields to induce UAs to submit different reports to different
URIs to still cause the same effect.</t>

</section>
</section>
<section anchor="privacy-considerations" title="Privacy Considerations">

<t>Expect-CT can be used to infer what Certificate Transparency policy is in use,
by attempting to retrieve specially-configured websites which pass one user
agents’ policies but not another’s. Note that this consideration is true of UAs
which enforce CT policies without Expect-CT as well.</t>

<t>Additionally, reports submitted to the <spanx style="verb">report-uri</spanx> could reveal information to
a third party about which webpage is being accessed and by which IP address, by
using individual <spanx style="verb">report-uri</spanx> values for individually-tracked pages. This
information could be leaked even if client-side scripting were disabled.</t>

<t>Implementations must store state about Known Expect-CT Hosts, and hence which
domains the UA has contacted.</t>

<t>Violation reports, as noted in <xref target="reporting-expect-ct-failure"/>, contain
information about the certificate chain that has violated the CT policy. In some
cases, such as organization-wide compromise of the end-to-end security of TLS,
this may include information about the interception tools and design used by the
organization that the organization would otherwise prefer not be disclosed.</t>

<t>Because Expect-CT causes remotely-detectable behavior, it’s advisable that UAs
offer a way for privacy-sensitive users to clear currently noted Expect-CT
hosts, and allow users to query the current state of Known Expect-CT Hosts.</t>

</section>
<section anchor="iana-considerations" title="IANA Considerations">

<t>TBD</t>

</section>
<section anchor="usability-considerations" title="Usability Considerations">

<t>When the UA detects a Known Expect-CT Host in violation of the UA’s CT Policy,
users will experience denials of service. It is advisable for UAs to explain the
reason why.</t>

</section>
<section anchor="authoring-considerations" title="Authoring Considerations">

<section anchor="http-header" title="HTTP Header">

<t>Expect-CT could be specified as a TLS extension or X.509 certificate extension
instead of an HTTP response header. Using an HTTP header as the mechanism for
Expect-CT introduces a layering mismatch: for example, the software that
terminates TLS and validates Certificate Transparency information might know
nothing about HTTP. Nevertheless, an HTTP header was chosen primarily for ease
of deployment. In practice, deploying new certificate extensions requires
certificate authorities to support them, and new TLS extensions require server
software updates, including possibly to servers outside of the site owner’s
direct control (such as in the case of a third-party CDN). Ease of deployment is
a high priority for Expect-CT because it is intended as a temporary transition
mechanism for user agents that are transitioning to universal Certificate
Transparency requirements.</t>

</section>
</section>
<section anchor="changes" title="Changes">

<section anchor="since-00" title="Since -00">

<t><list style="symbols">
  <t>Editorial changes</t>
  <t>Change Content-Type header of reports to ‘application/expect-ct-report+json’</t>
  <t>Update header field syntax to match convention (issue #327)</t>
  <t>Reference RFC 6962-bis instead of RFC 6962</t>
</list></t>

</section>
</section>


  </middle>

  <back>

    <references title='Normative References'>

<reference anchor="FETCH" target="https://fetch.spec.whatwg.org/">
  <front>
    <title>Fetch</title>
    <author initials="A." surname="van Kesteren" fullname="Anne van Kesteren">
      <organization>Mozilla</organization>
    </author>
    <date year="n.d."/>
  </front>
</reference>
<reference anchor="HTML" target="https://html.spec.whatwg.org/">
  <front>
    <title>HTML</title>
    <author initials="I." surname="Hickson" fullname="Ian Hickson">
      <organization>Google, Inc.</organization>
    </author>
    <author initials="S." surname="Pieters" fullname="Simon Pieters">
      <organization>Opera</organization>
    </author>
    <author initials="A." surname="van Kesteren" fullname="Anne van Kesteren">
      <organization>Mozilla</organization>
    </author>
    <author initials="P." surname="Jägenstedt" fullname="Philip Jägenstedt">
      <organization>Opera</organization>
    </author>
    <author initials="D." surname="Denicola" fullname="Domenic Denicola">
      <organization>Google, Inc.</organization>
    </author>
    <date year="n.d."/>
  </front>
</reference>




<reference anchor="I-D.ietf-trans-rfc6962-bis">
<front>
<title>Certificate Transparency Version 2.0</title>

<author initials='B' surname='Laurie' fullname='Ben Laurie'>
    <organization />
</author>

<author initials='A' surname='Langley' fullname='Adam Langley'>
    <organization />
</author>

<author initials='E' surname='Kasper' fullname='Emilia Kasper'>
    <organization />
</author>

<author initials='E' surname='Messeri' fullname='Eran Messeri'>
    <organization />
</author>

<author initials='R' surname='Stradling' fullname='Rob Stradling'>
    <organization />
</author>

<date month='December' day='29' year='2016' />

<abstract><t>This document describes version 2.0 of the Certificate Transparency (CT) protocol for publicly logging the existence of Transport Layer Security (TLS) server certificates as they are issued or observed, in a manner that allows anyone to audit certification authority (CA) activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves.  The intent is that eventually clients would refuse to honor certificates that do not appear in a log, effectively forcing CAs to add all issued certificates to the logs.  Logs are network services that implement the protocol operations for submissions and queries that are defined in this document.</t></abstract>

</front>

<seriesInfo name='Internet-Draft' value='draft-ietf-trans-rfc6962-bis-24' />
<format type='TXT'
        target='http://www.ietf.org/internet-drafts/draft-ietf-trans-rfc6962-bis-24.txt' />
</reference>



<reference  anchor="RFC5246" target='http://www.rfc-editor.org/info/rfc5246'>
<front>
<title>The Transport Layer Security (TLS) Protocol Version 1.2</title>
<author initials='T.' surname='Dierks' fullname='T. Dierks'><organization /></author>
<author initials='E.' surname='Rescorla' fullname='E. Rescorla'><organization /></author>
<date year='2008' month='August' />
<abstract><t>This document specifies Version 1.2 of the Transport Layer Security (TLS) protocol.  The TLS protocol provides communications security over the Internet.  The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.  [STANDARDS-TRACK]</t></abstract>
</front>
<seriesInfo name='RFC' value='5246'/>
<seriesInfo name='DOI' value='10.17487/RFC5246'/>
</reference>



<reference  anchor="RFC2119" target='http://www.rfc-editor.org/info/rfc2119'>
<front>
<title>Key words for use in RFCs to Indicate Requirement Levels</title>
<author initials='S.' surname='Bradner' fullname='S. Bradner'><organization /></author>
<date year='1997' month='March' />
<abstract><t>In many standards track documents several words are used to signify the requirements in the specification.  These words are often capitalized. This document defines these words as they should be interpreted in IETF documents.  This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t></abstract>
</front>
<seriesInfo name='BCP' value='14'/>
<seriesInfo name='RFC' value='2119'/>
<seriesInfo name='DOI' value='10.17487/RFC2119'/>
</reference>



<reference  anchor="RFC7230" target='http://www.rfc-editor.org/info/rfc7230'>
<front>
<title>Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing</title>
<author initials='R.' surname='Fielding' fullname='R. Fielding' role='editor'><organization /></author>
<author initials='J.' surname='Reschke' fullname='J. Reschke' role='editor'><organization /></author>
<date year='2014' month='June' />
<abstract><t>The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems.  This document provides an overview of HTTP architecture and its associated terminology, defines the &quot;http&quot; and &quot;https&quot; Uniform Resource Identifier (URI) schemes, defines the HTTP/1.1 message syntax and parsing requirements, and describes related security concerns for implementations.</t></abstract>
</front>
<seriesInfo name='RFC' value='7230'/>
<seriesInfo name='DOI' value='10.17487/RFC7230'/>
</reference>



<reference  anchor="RFC5234" target='http://www.rfc-editor.org/info/rfc5234'>
<front>
<title>Augmented BNF for Syntax Specifications: ABNF</title>
<author initials='D.' surname='Crocker' fullname='D. Crocker' role='editor'><organization /></author>
<author initials='P.' surname='Overell' fullname='P. Overell'><organization /></author>
<date year='2008' month='January' />
<abstract><t>Internet technical specifications often need to define a formal syntax.  Over the years, a modified version of Backus-Naur Form (BNF), called Augmented BNF (ABNF), has been popular among many Internet specifications.  The current specification documents ABNF. It balances compactness and simplicity with reasonable representational power.  The differences between standard BNF and ABNF involve naming rules, repetition, alternatives, order-independence, and value ranges.  This specification also supplies additional rule definitions and encoding for a core lexical analyzer of the type common to several Internet specifications.  [STANDARDS-TRACK]</t></abstract>
</front>
<seriesInfo name='STD' value='68'/>
<seriesInfo name='RFC' value='5234'/>
<seriesInfo name='DOI' value='10.17487/RFC5234'/>
</reference>



<reference  anchor="RFC3986" target='http://www.rfc-editor.org/info/rfc3986'>
<front>
<title>Uniform Resource Identifier (URI): Generic Syntax</title>
<author initials='T.' surname='Berners-Lee' fullname='T. Berners-Lee'><organization /></author>
<author initials='R.' surname='Fielding' fullname='R. Fielding'><organization /></author>
<author initials='L.' surname='Masinter' fullname='L. Masinter'><organization /></author>
<date year='2005' month='January' />
<abstract><t>A Uniform Resource Identifier (URI) is a compact sequence of characters that identifies an abstract or physical resource.  This specification defines the generic URI syntax and a process for resolving URI references that might be in relative form, along with guidelines and security considerations for the use of URIs on the Internet.  The URI syntax defines a grammar that is a superset of all valid URIs, allowing an implementation to parse the common components of a URI reference without knowing the scheme-specific requirements of every possible identifier.  This specification does not define a generative grammar for URIs; that task is performed by the individual specifications of each URI scheme.  [STANDARDS-TRACK]</t></abstract>
</front>
<seriesInfo name='STD' value='66'/>
<seriesInfo name='RFC' value='3986'/>
<seriesInfo name='DOI' value='10.17487/RFC3986'/>
</reference>



<reference  anchor="RFC7234" target='http://www.rfc-editor.org/info/rfc7234'>
<front>
<title>Hypertext Transfer Protocol (HTTP/1.1): Caching</title>
<author initials='R.' surname='Fielding' fullname='R. Fielding' role='editor'><organization /></author>
<author initials='M.' surname='Nottingham' fullname='M. Nottingham' role='editor'><organization /></author>
<author initials='J.' surname='Reschke' fullname='J. Reschke' role='editor'><organization /></author>
<date year='2014' month='June' />
<abstract><t>The Hypertext Transfer Protocol (HTTP) is a stateless \%application- level protocol for distributed, collaborative, hypertext information systems.  This document defines HTTP caches and the associated header fields that control cache behavior or indicate cacheable response messages.</t></abstract>
</front>
<seriesInfo name='RFC' value='7234'/>
<seriesInfo name='DOI' value='10.17487/RFC7234'/>
</reference>



<reference  anchor="RFC6797" target='http://www.rfc-editor.org/info/rfc6797'>
<front>
<title>HTTP Strict Transport Security (HSTS)</title>
<author initials='J.' surname='Hodges' fullname='J. Hodges'><organization /></author>
<author initials='C.' surname='Jackson' fullname='C. Jackson'><organization /></author>
<author initials='A.' surname='Barth' fullname='A. Barth'><organization /></author>
<date year='2012' month='November' />
<abstract><t>This specification defines a mechanism enabling web sites to declare themselves accessible only via secure connections and/or for users to be able to direct their user agent(s) to interact with given sites only over secure connections.  This overall policy is referred to as HTTP Strict Transport Security (HSTS).  The policy is declared by web sites via the Strict-Transport-Security HTTP response header field and/or by other means, such as user agent configuration, for example. [STANDARDS-TRACK]</t></abstract>
</front>
<seriesInfo name='RFC' value='6797'/>
<seriesInfo name='DOI' value='10.17487/RFC6797'/>
</reference>



<reference anchor="W3C.REC-html401-19991224"
           target='http://www.w3.org/TR/1999/REC-html401-19991224'>
<front>
<title>HTML 4.01 Specification</title>

<author initials='D.' surname='Raggett' fullname='Dave Raggett'>
    <organization />
</author>

<author initials='A.' surname='Hors' fullname='Arnaud Le Hors'>
    <organization />
</author>

<author initials='I.' surname='Jacobs' fullname='Ian Jacobs'>
    <organization />
</author>

<date month='December' day='24' year='1999' />
</front>

<seriesInfo name='World Wide Web Consortium Recommendation' value='REC-html401-19991224' />
<format type='HTML' target='http://www.w3.org/TR/1999/REC-html401-19991224' />
</reference>



<reference  anchor="RFC3339" target='http://www.rfc-editor.org/info/rfc3339'>
<front>
<title>Date and Time on the Internet: Timestamps</title>
<author initials='G.' surname='Klyne' fullname='G. Klyne'><organization /></author>
<author initials='C.' surname='Newman' fullname='C. Newman'><organization /></author>
<date year='2002' month='July' />
</front>
<seriesInfo name='RFC' value='3339'/>
<seriesInfo name='DOI' value='10.17487/RFC3339'/>
</reference>



<reference  anchor="RFC7468" target='http://www.rfc-editor.org/info/rfc7468'>
<front>
<title>Textual Encodings of PKIX, PKCS, and CMS Structures</title>
<author initials='S.' surname='Josefsson' fullname='S. Josefsson'><organization /></author>
<author initials='S.' surname='Leonard' fullname='S. Leonard'><organization /></author>
<date year='2015' month='April' />
<abstract><t>This document describes and discusses the textual encodings of the Public-Key Infrastructure X.509 (PKIX), Public-Key Cryptography Standards (PKCS), and Cryptographic Message Syntax (CMS).  The textual encodings are well-known, are implemented by several applications and libraries, and are widely deployed.  This document articulates the de facto rules by which existing implementations operate and defines them so that future implementations can interoperate.</t></abstract>
</front>
<seriesInfo name='RFC' value='7468'/>
<seriesInfo name='DOI' value='10.17487/RFC7468'/>
</reference>




    </references>




  </back>

<!-- ##markdown-source:
H4sIALXgK1kAA7U96XIbyXn/+yk61A+RDgBR1LErbtYVLqX1MtFlkYrjSlJm
A2gAEw1m4OkZUrBKfpq8SV4s39XXYEDK64rLZUMzPd1ff/fVzfF4rNqiLe2p
Pnj1eWNn7fj8Sr/63NrKFXWlF3Wjf7m6en+gzHTa2Jt02IGa17PKrOHbeWMW
7biw7WK8atvNtHBjy8Pgv6VprWvVHP7vVJ8cP/5OzeDnsm62pxpGKdNYc6rP
NpuygBewqtOmmusP1pTjq2Jt1W3dfFo2dbc5JVhUsWlOddt0rj05Pn5xfKKU
a+GLP5myrmCJrXVqU5zq/2jr2Ui7umkbu3Dwa7vGH/+llOnaVd2cKj1WGv5T
VO5Uv5roy9Y0n+gJ7+rVuii3ydO6WZ7q39X1srT0b7s2RQl7cDjin5f0YjKr
10qpqm7WsJcbC4von19dnf9ySp/AyKVtTzViyZ0+erSw7Ww1cYCqye3KtLfL
CSzyiIcyWX7GEfQgQA3/YcAF9LOJvjGV/lcAxDa2kle8h7OqskNvYRlTFX8h
fJ/qN/VfirI08O6Xqzevh0FdtevyTkjx07sBvZjoX4rZJ1fnMF4AePnzHDpG
+UhfVLPJ7qSXE/0eOM82Lpv0slgD/+Zv8mnfbWxj/n+x2Zv6/UT/y//+zxJk
q7XzNpv5/aooi83A62+C+eVEv7RVMatlVT/ry3qNj/sv70CvGo/H2kxd25hZ
q9TVqnAaxLyDeVo9t4uisiCeurK3JIt6Zc3cNiNab66DbhjpFphEm7Ksb52+
tVO9qkEH1Ah+WzdOtzVCDkI8a3XnbKMN7Lul56w5AM1lMQcyLiuY+Nw2bbFA
/WA16gQQufXGqcPL8yt3hB9NrYZZbmAoUH1WA51mrErgXbuyzhIAbqL/sLI0
YFEsuwaGF5WyFai5maUtrus5oCKF6PDjGSxxCxTVDYxZT+EVbY4m9NAiIKi2
lAxcwBQ5HPjJvNZV3dLyoCAENv3x7KHLd9iYym1AL1azrdrUoBe3Q4DDMhvQ
buO6AjXFgAOsHlR8RdOXZvZJ1wtGqCJAYWGjP364SOebbmk07mqkp13L8xAF
6UXczET/BGO7piqqpQJ0J1T3lNaR0jMQl3nhZvUNIG6NP3hJUfWwDZi9aNQ+
BADXbcp6uyZioGEA+QCAGaEwX+FcB+DP4udOmdnMblreFKIEZgowmGlpcdW9
65X10okgALHsn97i/7T1nz4QqzulXsJMnSP7CGhtSUTQAILK/ATSsQGEW2RD
xBoJCRowwJUmI6bRauC/ygIk4jAYzfHt8p9vn6BWPQI8rorZShcI+WxVIFvD
Zv/Jq2L80k148KMzHuEeve+mwCmP0gkf/RY28gdZ/Xe0ekGsR8gn0oDgLOqu
iguQqm83oOCXRbvqppOifvTbH8COdiAjagZsRlQgtDvaBHkJCRp606oAt0wI
JlKWoP8DV0HcDfeoNFNbukfBeUD4iRLrYj4Hs6segJpqm3reESd+s4JibrEV
Et8RS6ACmsM3xWIbuNYpHsYijeTbNKA6KiTn4m5VpFkVqS9f/uFi/HJCRGiR
q8bNYvb8xfOTMThFX78i4y26FvmXeQ6F9LXZAoSXdtY1RbvVh1evL2miDz+f
Pzt5+hy+ShQJEtSDy7sivUfQRg8u3ToyPzJyEPGPZ9o4/a9VfVup5BPWj1c8
wIK26FCWtDXAiREA1h30sc4/RjYA/liDH2cQZbdA7fv1mz48vzrS70XJXSx6
ukbdFDU5kPQcVuKRI78RoM4c6e313V7F1tsp8vAjYNsFCKPrrTlClQPzotCI
GGdKi9CuegjHOVeA1hlQxlZAJdhKou3sfJSMRgmZGTQRXXVrKqRNgmGECb4A
nkLBsp+Bv8A+q2IBeyPlyhrRJROivm7RQDjA+mxlRcWXFkSuWCPOE/3I8IPc
oC0Cbbdka3KnQhyB06AJgh0Vr0BkC3vDJCqafKU6NXZgTFD2HiIdyawV8BGC
XjgFuEL1WR2Bpds1IsjDZn5TOAAVJmIEJPsnXgOMMvmmW9U5pB7SiDkD/7Ww
hiQP1deyMfMO4NnCzmcQgIThBVCjAeYHFWwbK2ymvOV3wUaiCA3LAcmQI90h
ELERXNlyg9hTvb0tTSGGfU6qhoSaURknjkZQC+GQf9AA38VBwIZxCrQmHDaB
xzBeFA38QBY8vHr388cjvbazFXiFbs06gN6Da7+2KFFnSmYXxmIvoWjJuXCC
uGhYYKR1zjRbHN3YP3cFoJI8DzYVVqXexNWqc0GgyevA/YEFIVNN5G5RISPd
2tWtafAnGJaWHBsSUEU6hmHOdZWnF4Z3MHUqhZumvgGcO/SMOot64vGRIocH
mUGMhKyN0yCywA50lchM6nJoMHxkZhARIHOmRFW47iqJaUcE/cmRDvPfRi1O
7qvngJYZwLst6Nwpohp+tCEbX27HppsXLeEnhQLo/eABRM6EcPaYXptq2YEr
i6bS6k92i94IqMyDNx8vrw5G/P/67Tv6/eHV7z9efHj1En9f/nL2+nX44Udc
/vLu42t4r+RX/PL83Zs3r96+5I/hqe49enP2xwPGwsG791cX796evT5g7w+k
P1hw3DLjgwQRZAhZG2QN6DRriimrKrCM+uTx4xearST+/PqVN39lm3VR1UCi
LWw5/gPZn92DuV8VjAdzoNrvfLK5gbjplOWHvfEwU7SoQD6gROXVSNWhuhiJ
2+R443NQlOCB4nRB2tz9rgWHUk0a4YCLAJOkbgEJbQadEw8GNU2LmrZG9Z1K
B3nQwFmAbgKpRcwAdwAji5zizliHuwIfg8SfX43/DJoT4LTzuzD3ez+IkOfJ
hzgE4DNlBUuxvysLrojcLdEO9T1tX7tusUCLUWFkDBCA6wbOEqKVwIHf9yJy
ZcBRmlowkyL6tIFkPwTqpbX7beHv061fpexx52fi38BA9WqxwI3fpN7DS/jA
8xgigdVuK2hB/avrqVDfSGQcvxY/D/Fo9BJmxrQE6TzV83oCoOQf9syWUvnT
FCAKnFAxQ5gfeAMU3JQo9PFsTIQgCJsxsgrKFruzG4+iTGZQ+mAdRhbL4ABM
Ue7EiwCqs/Ut0CdCjeEFjr5mAEBdbMhUAUNQwlDHaVFOYMK1NT4mNzt+LOgc
CG5540m6088FdnUD8mAD3gtbkk4pYEkCI4xYoxVcWtQ0ADhFwIQXJHbr/X/Y
+pAbEfa+A593ELyssHMPP1w3W02QvvDtly/wGJATE7EQRyDlgCXbYtaVpkFz
AZY9rmNmTV1t1zTsIOZADib6ZyH5pms24N+6EPhmRByxq6BlOsLFrCxIr8f0
rm63G/iJvpchQcDsBejCTYeOPvGHoQwM7QL1+3cnT45Jv3+sPv29mGJsoa0A
RDG3AOeeM5Q/WVARBbi0bEaFir8wnX8mOl9uq9Z8ZmuaMkfODD4E7fNKzwKp
XAb0BXl3nfNYEH6mZNk8+u7kHLhV3cFSPlBTu0kvlhS7LtogJYmqwDAkBGvq
8MuXmLGPz79+PQJUpe8c7R94KWp0nJgf68OzbolSCRv4Cbyzzo3fmq5B9lkf
Mc/kYjNKHHVwyddrk+EI7fyzkydPtY+GnzyFldkPBM++w2A+DleXYlGeTE5w
MfwaWafPRX/961/BtawWiXKM//lRP4ibnYMbRSyqBp7B0PB7TIrxP/TBjwfJ
Q/Yr/0v1hsk6bQ3hjuqPTt7pR2DakFvHrm3Q1QfA1ZfTFEBBO2Xgfzxg3vR4
3jUQiPGDr0q92yCaKMYpgKXASkHYcXj97g+X10eBAU3mLyWonTxJkasy5Opr
gvyaaHSdQX9NLsw9Uz9Xd9ANRS6ga8CbS2WJU37BZ4QQtb5lH0lMmWpSLxkF
IpkaPj5V6rF8QA4ROk+bjTWNkXRQMlwiMgfOBwFQoU4/megztsZxqPbOtsyl
1zVnMsHtwmlhK2LBhWaYsCeyTfTLDDxtIeJFsDwpYQOyo/mIbEEbFGpIsWox
woXPJD2Z6DgvGXeefGYcAuMwLYevYOhTGIpqh3YAG60pkN5mvOXQTLcQzqJI
R/xQ7qAmcOOuRFMy089Na0Z3pciFz/vqE+fpqVB9USUmjjPi5OPirBAz2vWG
0kSL4jNYnRIXgQn7cCFynuFklHNJVbvs0NHmwx4PsQrBdmZeW2YHeFUDQ/zF
UmxLc8PrFH8t5ooSRMGiz3nR/fLLiLwt4EMHW3aLQjSwmQJn64yrDx9zfW7V
1N1ypZ8dhSiboAAnGMN0epZycwI6R5QPSA6k2gBeXeQZFkofz+nrOOY64Xpv
vHgpTM8BATKXn4NJJVm8uPOYCttvn3zK8v27yyuXpHycEuZhgcJl+3Hkly8h
O5QUrGXRoHP27cppHy/jfii4MMl7Yu1RHt4oYeQ8GPVgwALBvqZ2Kq4vRuJH
LNHVZdfaMWwr2IX+LMN2IaFjD1i0DdfpzNc9QL2qfhptwJMX3z8XRY0/CXBK
JYN0bcGBaTP0ic+NmRTyDqW94DJkft1sBcwrKktlmAdQ6sqGCRzFkYd2spyM
eJKjUdRQMM3sUxLLpHlpzJMG94hX0v2VhlN7PyhXrAvQK+U2WQt9263+5fLq
EjOk3zozjlcSeGGJKTqrCYEqC4gnr1UyatiRMPX4AQ0AuLrAREllWzWv14YC
eMot1U2xRHuSpCynFhUzT49meFp3LcUATgQQaPbJSu4RPDtwHhcLSavvF02W
soxWI5+Q3hIX4NBkDoDKfsYCHVsu0KhzsUgaPUXlM96ITe/Vio+YI7N1tlxg
Ardret6/AAdIUGx40qQ0xc8mTZTmenGGbFL2i57qMpIeAOtFGliJwPpkDmFj
F7ZpCPi6H7T8xDkhmOqn+789C4OnsB/JG3q0Em9vVVZN3imUCIGTVOq0seYT
V4jreoMBx0Iqk22tsK7i9SilfCvhFzFaXE3PeKcE/AgDI5ZD+oLYIJ2Pw8lI
Zcr/d1WWNKbxgcVjdSc8ynCVu1GJzZLS/n6DJQN6et2wPizROsYXKKBEe64K
YvF2YieyAX1gHIRrIFcHoIfQFTRlCMQwi4bSnWgheRNzSBLPTQPQc30IiFxx
8TIr9h9JCBSDW/mY+w6UVBh32g+klkaJirCwdBYQX5GI7aJEkTc/bAUPzb2m
7Ih8SkHayKf/k3oaYI+5nas7hoT5QOAYw+JjnvQgr8ONFKNZeNbjQnZyN7r1
LrpVQCrjifAWh3m1mXDX2nwem+UOd13L8xRN4qWKC8TZYTShzqL6S8sH8AWr
RnjdKzJmfuC8I+Uw4EbBFEvTzKPeXzT1GgbWa5pPklL61jhajNsL9laz9u+p
5wBNA42pHIe2pxpIkSiJZ75x1nvdKpWmHxiNWdypuwpcPrOBnyS8Qc0c5c4N
BLIADQAz6IIJoMH/mtuyNWOhnsr+BW8f/+blxe8uroJjlk087JV5XhpyybLp
r++J0B9DGP04idCfxjD6qRRJHgCNSfk6Ju6i9kUpUco48brG/qxgLxO2GEyA
ulPGVlGBOCbV9lO/sx+/f/70+Hgk0qb2j/ACOUocoR8PQsdkXU8EykeiFe6Y
61tniJkVej7mnY0lqhWCeaSFZqp7cYLUexASje853kI8v6mBptK9IlWoXkJt
Ewdja1fJmqnXrhHT4OA6ASUVD8VU5wlFwe4UgsCj/oScOPO9vRQzorMXstVe
KyjKWBvJWceMtfe6sdETU/DoVc1H4KdWoKwxg1x35J0f/UCG6vCEIFC/AgLO
mePEfRgcaP8OiyOw0vl7YWucbIyfjKmbxo5jk80HWeJquwHmI5MHxC+3Yjt8
utpDQthGDQkyd2O3HpJdXKBj1u8tETUMjmnZza0vDQQWASabteDHYzTTV+6p
dszUPXmmHPFvs3Sptyyiw/wqGQunKu2Vw7px4Va485Bt8h0NffU/8qEG5j3s
55aLiBJRn42wi8TM2M66Fesk1iaOE2j63Y3YNUIvsEBbz+oSGKCiLFFSE0lx
Cs7orG5QEwKeuB6DCVDMZhxubDOQ8DtCh7O0Blsrql2dleFSIhbOyHCqDhDO
SRIOF2J5dqQ9mxmpZXB9C0xdWcOc891ihKauuIQle8zXF+JYSQ8sc4fdL6q8
yORUzqJDwrInd7fDfEHs2HjnxaxvWIa03UcsHJ1h4WhQ45GjsqPdGuwhwgAf
1RY9l2iWkpIAfwiRFTUGVIajx+IvAFA6VHO7AjZUoC7CQhONQS5t5hLd5JmG
YDmPkbvZWj7/7sV3ibUMBEtLQXF31O0lPpjgELOe+zVGD7WkbYT2Llco/eQj
JiwTf/dXaYE83PUVpF7Ai7SIDpaAkfmMqL739/vFCFTqNZWn+l1ebdQfk4DU
BCZezrp9i2kKyfpfQXiZVvk5DVrlSKB0Ouissee0+9q80JcsQjeWKSGankNY
UUs59tDtLcMeYUIcFvq4mXu00y5mZrYiAsZGKl9q3wcAq7EQso2iR01J9yxm
y/AsefeY9WXpxtptsvy8WCzwmIOEENLTzztFkcNMeNoFE9J4AQys+wePdmVC
aI2SdpzzYQMu5w0Hp4KJtBUhBSvNsiFHgi6GkK1zYCtCLXyYaMSMMFuow1RM
bKDir6G2ryXvMmqoAnBy5h5+5WnvZdK/BeAIVc96eCWzJ6AP4trfjfrm3exI
HyEi35zyqySV+SBD1DBQZd41+XChzzzt1UUsqTz+peSR6WeNgobMNm7cru68
vyTQK+QMGVNBeFLM2lXbKl1af4PzFpzcV3/uihv9n/+0tq35z9/qVxwF6LMW
Yt5p11rOzAWuWWEe+Zq77fHLH5O4/BrLYvwVJiJx52SIr2ny314rW0o9CUzj
H56cTz68Oh/jabCnx4/Hj1+8ePH45OQpt7YH00DeYuV9oLekAhMMfXmwoxUB
YNg6z7Bpd2vYw103bGIrbZumBnQ11lJrXMJ9h8zxPoGc5H7NnJ4S4vfUlryC
UoTI6tsMA3iMbd2Ejgt48tClLgqpINRyxrl6VlCJNmn0TQpxFXlZN5SMKi1N
CzqVg4P+hPdNRmVdsKzWt9xwJw3sIjn4iQTHWuwBsjlbMt9zfsd2UxWFBR/c
2+6cioMGCSfW3Gg1AyYhD1/4ZthtHw1IqSBjTO4jyQYmlUHMbjH1hVQEpE0L
bAzMIUxEtqtCoXN3UZUWsMERIgJgc3Liu/YLuGgiSFeGeSf3SnUvNZhMFs26
Ssx6PxfLtRZJ+WYhER+XCikCebYulqtWYQUOBUBqMFkNGkX2ktHLbjvIa47u
4Y41ZjI5VVNQoypWq7aZf84bqCwK7sV7BTAAehy6+L4C2E0lcQfWfrZK5QhR
Lyd/vENifWxFhdBDn0yTFGdWZl4xyyEtIGw74pzhrJVWNFqMaaAu3o+Bb7BN
BJ2oi/c3TwXMBADHEKTNKycxfOBSaG6cfo0Jf+eL/SPv9ET0JC5GtWw6liTa
BmnEzwW3jA+d88kV0khvJEYPGCcenyccleUY1ffpXjlUGnBXAGnJNsXyDbY6
kr8XCvn0L0e+eG4DBkCHMbcrK1WSweIF+h++YCMTph24hdQgsAU3OXe3M87G
Tl29KTsnrndwZjOvN64+0WelhKuodaMqOvsj71PbCvMOPQ8Xq3qmnFEDz90w
T2RTOSB7XLtYu2L3EJWgT3iwlmauTruKRLPsuDe5bVE+9S/6fUCFR4evq/Ag
JZ7ZJzSuM6ygdKDIrFEwbm1ZSpUR36F1Ad7uNsiwXG+UA1ph+0IC7LzXoVeS
z+tiJYE8doXuQmUxS5nASRrs0HMT9l/OZnwgA5vDOtImfOjkiOdy9doqzBNx
QxjqfNBqIauFTdyxm0daOaXS67P9S/B4W1/ha/05lmR/GWqmlqshLiiDMGlW
Q0gqwSqZi8vrOi2vt17iNi58Dah6Nnr8/dPR8fFxqE8dPj9Wc7N1R0zI3Vbb
ZGM6r2MAal4ca/xYMqE72Y27N+nhusXzWNbLAeg6AWmiD99VWM6iwjHIFB5G
Y8UzlX5elOj8RIMrKJBBs2aTmFQ9D5C6FmDzAvXieAyPZZg/PODj3pyHJkeU
BXvFWZXc7z1PKrLSg3seEyhfHgy6oZKtNnLKJDmFNRiockNt/5RFoHbPPcbY
i5xnl3tJfPpiICuEoR+2AYRzTMi11CsOIJHZwPi72gI5gDBXfSq0vn5vRCp9
0yIe2stSb0dDYTWHiinEweTwcXVqxTFV4tsoSSRXaL+pLeh0J2tl0nL4WVJQ
D7mxpFWavshK6NRSRB5N2q6yj0LszdYYgTi1qcGTnJbW937zyXV/8M19KjbM
yVm3tnQ3IQehDpKzy2mGU5c12A/t7w7IxJ4YCdty5oWjhQbmdgonZ5V4S06u
BE75sTcYjJY4MIvTdFQH2WHsS5N0dg3C/dmqBkFPOxrkNKLmd+DGFmU7Lqqk
lH8Ij8lYcJ1mA+YQbST2pJ/tZmgglLFoHO38wHN7UBfaRrNJWTdqOBA5wgdK
DNfGyAnOoYBBpt8tw1UxbcX+bd2qFnU7Vw8Ykf7Qdd/oiC3ec8jaby87CO3z
Lpte3kXdl3fxbUT7XLGHiUlUwSmIDZxAtuhj5d0Yuf6gzbfUcpE23/nGLHJ6
MboVq0mMSGL9d2Njd4+73u9ueLovM9ZvoMLckhpKTrXib2S+1+E96STi5NAe
tBrMZd6XmcyT+AO9jpLUAbfCWwB4RPdXQOxoF8jcU7ssuCAntQkuKjWOJab2
RTwyKiC7lS0nadEjxCIJHIlSGWksGMMqfOgdPyKTQdYHUxLU+KO8QkK3BxWC
DDfeaR1UPvS/jjZX93SPSvULN2wmtTbKEvbJSPEvxJT+zHh8/7Nw7pcHd1FU
jLWgRfrNnZyhRH6+w3IPJF4LTrumMtxnyPsaM3NuplsEqm0o696nA4J8TPKd
+SpXP0+7P0nXP3mqBvRT6pP+zVlh1c8K/62Iinc19JpZGWdc3fwdWPqG/ToT
G8X85F8eLMP7sRmH99LA9pXSajLEDk1QT/8boAs0ntVySRJK/79cvnsrA0IG
XsXenU92yxkf8lIxfv6NPkDTNsZI5OA0iZNCIh3Pg+fd+XT0VFYPZ0736nG2
lDwp9U1KboIj2bZXdw3ZkmeT5yN14BuXKY59hOd06aCYaQ9GSSblyRM+2w2b
QUWIUX+2lyI2OFMytH+0YG2kns4N0YZP/oQeD9xI2OGOH9TbX/D8Tdwrg0Zt
RANgedNwN0hZ24n69SBVdGp+aRsGKng/4+j9jJEjckgz+u9NNCisaOqdxOtR
CKyGzl7u24r6Vuz+P3ES8/U4sSZjsiNDJNw1Oei/s2BA0DKwdWnNTAwt2uBu
czfpTNOYLZ5/4507n43yZwzwvJhobT6SFhqAs4soKExm8H5QdHmPYFK+pWX8
3t43xY2ZbcevKkpjzPUb7Ck/fP/qzRFqJDa7xnej0mz/Pnl2/CJDyu6pGuo3
fPr8e4/uEDz8eoyroAqzaxcE1btfYCYmngrjQJSDHixpq5A+zvJm+/kCNeXk
aC/9lKef/hvol+W3JZISkirYWkDaD/rvIKPaIaP+1WR0YIcyeoW5GQy64eWQ
reWRTvvTs56RNruNaZW4PkWTFugcgNxRaeCbxCYxj/IJwYNEj9injCdif6Jf
IRpSm5piVq3k4ExuX/FSy9/Q3IgM4oqRTyEwgMNNuU8nz1GAsDfsnhvCJskK
tP98EWECXivFcKi+gXLEBrjaN4foZAviGeiDjg/SH2B5lLQ/s2GcLjj0lIzD
BCiWtehmSXjIfjXZN7qQhvwIkaGyXvqGc2/yLvGGJkzo0VV9EISyQjjgfr49
EEDgjGW2RYfVmZh98PP1uJWm8tj+3h9SvgfX1IijD4qKwUlBkYOTAg4u2Ds1
RIeKOT6pFxzfYGplauZ8+AOT5kcpMekimPuIGW2xoDC5g4pu7pxKy41ANdrD
b9/MbVmmw+eRBSDPSDTRQVu6eFMfXuhTz9zmgDGId2PNQSQPJtLvzJen7fq3
oXsi98kHz27dctbznqvnFFvcb2y38SHWal+Yo+L53ixwmuizkFEsd05V3bEN
RdvgM7UDEVMWKLHEBAj6wZtKcuqDIdW3okGaWFxrNy45lzdIBcPJmtiU93gC
5sZu6HmmPq+zEOY6Lo4J6ZLvnrqOETOPhogUmCukGKMPAHalK6kPZHlnxCWL
G8en2zP7dXcsBqr2ZKJfxxOqelrPt9feuaCtsYTGWwUAnN42J3iI/nXvmCu2
n+44F3sPR+feM+4j5YoJHr2/tFx0obZRPOgcI4Y6n1hUy/U5d+CMseU47/3D
BXAfyZUsj/pk+cf/dnV1HWo9li9bQvzwXVBcWmbVkGEv6Y86+yPWlekUP9cY
+co7bkxwdDyBT0BVoTtnZ3sjlVyBGIYaff7uwyVmhRYldjOk0335Qtdtc7dU
vFTzXG6w4vUll0HXqHSbcFPubl2qwEOzIEyW7/5CjBYQrt3AMO42IU0C1kD5
yzapQAij8VY/LIvhBRugsGzDHQ4mecKnmE3mhMltthBX5M/5Tm3cCSuJmHBD
1cueToX1ALoMlP55Uxj97vySDllj1Sco7xHV6fD6RayASg3R30eIo3kTVM7A
IgjmsCDmo7PHmK6VLInyijSeQd1VOGlKlvsBBkrJ4Q5m3w/uubis4UGoqmMx
Nb32Kb2l+ZYgDZ0VaugsA/Xk7mnJBf1OR8ewUkW9FRVPNHRcUbBCpyZRUd3Q
sU/EwpDqTZAAnut6Q95FuKDRdxvjcYaZrQDJtezFX5tILqkniD8QR10gppJ7
BvFG3DImaYtq0RiOlVCDg4IhWZJ8LwmQ1JfYnYhtviqNJEeU6V3GKnO9aG8N
HpZGFplJSnptqnFRjWHdMd/Ri9TM76u9JI6PF0J79K2dLW+o6R/wxT3yhIei
7RjR0614IKcq8p3oioJPuccbksi7wY4AYv54rRBG4YH1va+kUl9p8uwbfMWR
IIv1Tyqa6KlR/BcbPe4U3XDtJAEa9siBISpKrLus6jnfmwLvb03RSiokps6Z
7x+iikV1zNcEBCNFiDT9owQiqw0FgFiwSkTrYyJMGDLNVjXaZLx6ysucSi4t
RFgQDk5t79KOHFMuYFC7XucMN+ONZ5km9tc2vjGfi3W39sV+siKNzyl6JQ5k
mdtxvVhoHyrj5eRr+ZSDG49eLC9BJAfvIfKZ17cYIeLpIxsvHRT4+cSvk7Pr
g5l54lAUK7RK2Gc1UtwRuALz0weAGuy8/0I3+sxthVaDjF1zU/BxZCrDyj0X
oEIqOVol9kRn9oQ4QVoWfLer73zxhg/nQdsyJtsySTAI256CxGNBCbvzABIP
seeowcalywJzjtEvoZmKNdsBfxMmKlHDokVVt+oGNc1SupiAX+T2zazui+p+
PiY2jiQZxTaMNEkCO3siPRmHJ6NnL07StpQjYtUpKWhiKqqXTU1J6dKpbW8t
lwEcV/AtyVHgJ7mzU65NPbupC3YvMEsZL5Jii44VZ3ZjPgE/IViDlGKbvuPu
BcnBzYHK3CouCZPB6JqGm/cAlzXpLf5rAqReSRVwPxjXwpiZQArGkZmiKeYo
I7/7mD0P7hQA3iy3qN/wMs1PgC5Qosg1ju+Jw1PwVJaN9njHWnsPMy+RpIaZ
7nj2l/Cwul+UdT1PYMJhfC3vhT9V4b12NCXJjTeBI79+1b6hy1+WcOeVE7gh
DwU3yYZbgyn5tmWN3U9H0SbpMmE++0t373Uz6y8EBtOLE8ejMcktGdGQfvxw
waOpZTiWPan3hfPy5KBK5m7HP40AyW36nVx9DVoIaYCI2HvbqHQFFNSYAB+O
FHazcS1S8ueNhcjG+osJMKYdJ1emB6YQi2Uc371DtzIGy5Pe4E2VOhaQh9Gr
ofQJn9eIu6MIr+G4CGnJa/ibOs6Tq8F9r1FERmwJzMNxTwMmjnhjO1I4E8fq
BnVg3m4JbA+QNnNSp1u56oQhA2RssP+MOplIP1BiitqcKBXNwy7ea+kSTi4g
x3wOWKMO1ssgEVOB+jcOYcEkqcQFHd9VqrK/2OBvoyitwXGWWuoX2clUDIGZ
zlQKkKI6HVPqt4JjFo9b4DDXaGXbg73d7MKvLHcV4LFAbsP1HRh8+X1NLdW0
2L/1InWXuQT3Xb018mmQbPv+BpqhEkHooJDWkFB18k1QF5V0bBpnk2O96R/D
Gd8iAtFSgE9XuOCWoblq67GlO27FeMArcC1HqvWVhXjcewhgOrXqb/Zo67p0
ciU0ZgvDlZ+oi1KAYgoye8oRQrwJbkPdTP7adPxLJyU4b0iFnyRHmeoTMlF4
2q61wHJ8IxBFBL5RD+Ne0IB04T6HCl7v1qjf8I8A4K1OeJmsFB7CTYGJU1hi
yj0aN6Z8dCdWkav4j8yEL8HHajgHI18LdwLGB1mTFOnF2duzHS169dNLfPfR
O5+9AfrLg71+ad7uwEjafziwShJTtW9hyE7BKt4edSkiv4P2RVFia+4S3zB0
AgbsI6LF+MCXpRGnEf9qAZ3Rpc4EfcZhBoj9ziaNf7W7SX9CnQ82Z3bHq5p4
AsD427tjPAWg7VaSwmuVtNHuHHpmS4uRR9J3FLwp1ivRb8I/LhKBK+SPwFD+
pMS/n0KpAxiINbVTnf7hDLa7ErxyhT1pWMTtSNMEVRju+EslqWCzk49FFGzQ
4bsUSNZxE2D/KCmwohukRv293YY/E5I41AQxaCaMU+IfeyCttWnomIodyQtc
DC8XHkS584kDp4aC0MKKExOyXmt/Iuc2J22YSGJsFVDY0bllN9LxaJ20scrV
XTgcWLpryR6JPMS810MnmWztUxeHXhn7yyYM614xymM2yucv3x5h2Y7fZX8R
A8w3hWKATw61EZ2RXXylhk/woiquQp+Bz25tOYNAToXK+C7/A2X+Mv44Wlyq
riqoY65MOUhlHJTezklCe04ZFsdVE4q3xsfHWGt9Bd4N7ASvx5Mhv5HBOs3s
epai4wfBDX14b2r3IUwnx8+zCoS/oaiWg0TUBVjJQUpMTeoHT06+O4KvP1jy
dAFivGfI50nSvnn/XP0fEiqdcGVyAAA=

-->

</rfc>

