asciidoctor-rfc 0.2.0 → 0.8.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (59) hide show
  1. checksums.yaml +4 -4
  2. data/README.adoc +116 -6
  3. data/asciidoctor-rfc.gemspec +15 -1
  4. data/lib/asciidoctor/rfc/common/base.rb +74 -7
  5. data/lib/asciidoctor/rfc/common/front.rb +1 -1
  6. data/lib/asciidoctor/rfc/v2/base.rb +87 -38
  7. data/lib/asciidoctor/rfc/v2/blocks.rb +29 -2
  8. data/lib/asciidoctor/rfc/v2/converter.rb +0 -1
  9. data/lib/asciidoctor/rfc/v2/inline_anchor.rb +2 -8
  10. data/lib/asciidoctor/rfc/v2/lists.rb +7 -4
  11. data/lib/asciidoctor/rfc/v2/table.rb +1 -1
  12. data/lib/asciidoctor/rfc/v3/base.rb +41 -43
  13. data/lib/asciidoctor/rfc/v3/blocks.rb +29 -2
  14. data/lib/asciidoctor/rfc/v3/converter.rb +0 -2
  15. data/lib/asciidoctor/rfc/v3/inline_anchor.rb +2 -6
  16. data/lib/asciidoctor/rfc/version.rb +1 -1
  17. data/spec/asciidoctor/rfc/v2/comments_spec.rb +7 -3
  18. data/spec/asciidoctor/rfc/v2/date_spec.rb +23 -0
  19. data/spec/asciidoctor/rfc/v2/dlist_spec.rb +107 -9
  20. data/spec/asciidoctor/rfc/v2/image_spec.rb +17 -0
  21. data/spec/asciidoctor/rfc/v2/inline_formatting_spec.rb +12 -0
  22. data/spec/asciidoctor/rfc/v2/listing_spec.rb +22 -0
  23. data/spec/asciidoctor/rfc/v2/literal_spec.rb +22 -2
  24. data/spec/asciidoctor/rfc/v2/preamble_spec.rb +72 -0
  25. data/spec/asciidoctor/rfc/v2/references_spec.rb +3 -1
  26. data/spec/asciidoctor/rfc/v2/table_spec.rb +104 -4
  27. data/spec/asciidoctor/rfc/v2/text_spec.rb +89 -0
  28. data/spec/asciidoctor/rfc/v2/ulist_spec.rb +40 -0
  29. data/spec/asciidoctor/rfc/v3/dlist_spec.rb +103 -1
  30. data/spec/asciidoctor/rfc/v3/image_spec.rb +18 -0
  31. data/spec/asciidoctor/rfc/v3/listing_spec.rb +26 -0
  32. data/spec/asciidoctor/rfc/v3/literal_spec.rb +20 -1
  33. data/spec/asciidoctor/rfc/v3/preamble_spec.rb +150 -0
  34. data/spec/asciidoctor/rfc/v3/references_spec.rb +35 -34
  35. data/spec/asciidoctor/rfc/v3/series_info_spec.rb +39 -0
  36. data/spec/examples/README.adoc +162 -0
  37. data/spec/examples/davies-template-bare-06.adoc +3 -0
  38. data/spec/examples/draft-ietf-core-block-xx.mkd +935 -0
  39. data/spec/examples/draft-ietf-core-block-xx.mkd.adoc +1013 -0
  40. data/spec/examples/draft-ietf-core-block-xx.xml.orig +1251 -0
  41. data/spec/examples/example-v2.adoc +6 -2
  42. data/spec/examples/example-v3.adoc +5 -1
  43. data/spec/examples/hoffmanv2.xml.adoc +247 -0
  44. data/spec/examples/hoffmanv2.xml.orig +339 -0
  45. data/spec/examples/hoffmanv3.xml.orig +346 -0
  46. data/spec/examples/mib-doc-template-xml-06.adoc +5 -1
  47. data/spec/examples/rfc2100.md.adoc +2 -3
  48. data/spec/examples/rfc3514.md.adoc +3 -2
  49. data/spec/examples/rfc5841.md.adoc +1 -1
  50. data/spec/examples/rfc748.md.adoc +7 -6
  51. data/spec/examples/rfc7511.md.adoc +15 -15
  52. data/spec/examples/skel.mkd +32 -0
  53. data/spec/examples/skel.mkd.adoc +50 -0
  54. data/spec/examples/skel.xml.orig +105 -0
  55. data/spec/examples/stupid-s.mkd +569 -0
  56. data/spec/examples/stupid-s.mkd.adoc +771 -0
  57. data/spec/examples/stupid-s.xml.orig +880 -0
  58. data/spec/spec_helper.rb +1 -1
  59. metadata +32 -4
@@ -0,0 +1,880 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
3
+ <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.2.7 -->
4
+
5
+ <!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
6
+ ]>
7
+
8
+ <?rfc toc="yes"?>
9
+ <?rfc sortrefs="yes"?>
10
+ <?rfc symrefs="yes"?>
11
+
12
+ <rfc ipr="trust200902" docName="draft-hartke-xmpp-stupid-00" category="info">
13
+
14
+ <front>
15
+ <title abbrev="STuPiD">STUN/TURN using PHP in Despair</title>
16
+
17
+ <author initials="K." surname="Hartke" fullname="Klaus Hartke">
18
+ <organization>Universit&auml;t Bremen TZI</organization>
19
+ <address>
20
+ <email>hartke@tzi.org</email>
21
+ </address>
22
+ </author>
23
+ <author initials="C." surname="Bormann" fullname="Carsten Bormann">
24
+ <organization>Universit&auml;t Bremen TZI</organization>
25
+ <address>
26
+ <postal>
27
+ <street>Postfach 330440</street>
28
+ <city>Bremen</city>
29
+ <code>D-28359</code>
30
+ <country>Germany</country>
31
+ </postal>
32
+ <phone>+49-421-218-63921</phone>
33
+ <facsimile>+49-421-218-7000</facsimile>
34
+ <email>cabo@tzi.org</email>
35
+ </address>
36
+ </author>
37
+
38
+ <date year="2009" month="July" day="05"/>
39
+
40
+ <area>General</area>
41
+ <workgroup>XMPP Working Group</workgroup>
42
+ <keyword>Internet-Draft</keyword>
43
+
44
+ <abstract>
45
+
46
+
47
+ <t>NAT (Network Address Translator) Traversal may require TURN
48
+ (Traversal Using Relays around NAT) functionality in certain
49
+ cases that are not unlikely to occur. There is little
50
+ incentive to deploy TURN servers, except by those who need
51
+ them &#x2014; who may not be in a position to deploy a new protocol
52
+ on an Internet-connected node, in particular not one with
53
+ deployment requirements as high as those of TURN.</t>
54
+
55
+ <t>&#x201C;STUN/TURN using PHP in Despair&#x201D; is a highly deployable
56
+ protocol for obtaining TURN-like functionality, while also
57
+ providing the most important function of STUN.</t>
58
+
59
+
60
+
61
+ </abstract>
62
+
63
+
64
+ </front>
65
+
66
+ <middle>
67
+
68
+
69
+ <section anchor="problems" title="Introduction">
70
+
71
+ <t>NAT (Network Address Translator) Traversal may require TURN
72
+ (Traversal Using Relays around NAT)
73
+ <xref target="I-D.ietf-behave-turn"/>
74
+ functionality in certain
75
+ cases that are not unlikely to occur. There is little
76
+ incentive to deploy TURN servers, except by those who need
77
+ them &#x2014; who may not be in a position to deploy a new protocol
78
+ on an Internet-connected node, in particular not one with
79
+ deployment requirements as high as those of TURN.</t>
80
+
81
+ <t>&#x201C;STUN/TURN using PHP in Despair&#x201D; is a highly deployable
82
+ protocol for obtaining TURN-like functionality, while also
83
+ providing the most important function of STUN
84
+ <xref target="RFC5389"/>.</t>
85
+
86
+ <t>The high degree of deployability is achieved by making STuPiD
87
+ a Web service, implementable in any Web application deployment
88
+ scheme. As PHP appears to be the solution of choice for
89
+ avoiding deployment problems in the Web world, a PHP-based
90
+ sample implementation of STuPiD is presented in <xref target="figimpl"/> in <xref target="impl"/>.
91
+ (This single-page script has been tested with a free-of-charge
92
+ web hoster, so it should be deployable by literally everyone.)</t>
93
+
94
+ <section anchor="need" title="The Need for Standardization">
95
+
96
+ <t>If STuPiD is so easy to deploy, why standardize on it?
97
+ First of all, STuPiD server implementations will be done by
98
+ other people than the clients making use of the service.
99
+ Clearly communicating between these communities is a good
100
+ idea, in particular if there are security considerations.</t>
101
+
102
+ <t>Having one standard form of STuPiD service instead of one
103
+ specific to each kind of client also creates an incentive
104
+ for optimized implementations.</t>
105
+
106
+ <t>Finally, where STuPiD becomes part of a client standard
107
+ (such as a potential extension to XMPP&#x2019;s in-band byte-stream
108
+ protocol as hinted in <xref target="xmpp"/>), it is a good
109
+ thing if STuPiD is already defined.</t>
110
+
111
+ <t>Hence, this document focuses on the definition of the STuPiD
112
+ service itself, tries to make this as general as possible
113
+ without increasing complexity or cost and leaves the details
114
+ of any client standards to future documents.</t>
115
+
116
+ </section>
117
+ </section>
118
+ <section anchor="ops" title="Basic Protocol Operation">
119
+
120
+ <t>The STuPiD protocol will typically be used with application
121
+ instances that first attempt to obtain connectivity using
122
+ mechanisms similar to those described in the STUN
123
+ specification <xref target="RFC5389"/>. However, with STuPiD,
124
+ STUN is not really needed for TCP, as was demonstrated in
125
+ previous STUN-like implementations <xref target="STUNT"/>.
126
+ Instead, STuPiD (like <xref target="STUNT"/>) provides a
127
+ simple Web service that
128
+ echoes the remote address and port of an incoming HTTP
129
+ request; in most cases, this is enough to get the job done.</t>
130
+
131
+ <t>In case no connection can be established with this simple
132
+ STUN(T)-like mechanism, a TURN-like relay is needed as a final
133
+ fall-back.
134
+ The STuPiD protocol supports this, but solely provides a way
135
+ for the data to be
136
+ relayed. STuPiD relies on an out-of-band channel to notify
137
+ the peer whenever new data is available (synchronization signal).
138
+ See <xref target="xmpp"/> for one likely example of such an
139
+ out-of-band channel.
140
+ (Note that the out-of-band channel may have a much lower
141
+ throughput than the STuPiD relay channel &#x2014; this is exactly
142
+ the case in the example provided in <xref target="xmpp"/>,
143
+ where the out-of-band channel is typically throughput-limited
144
+ to on the order of a few kilobits per second.)</t>
145
+
146
+ <t>By designing the STuPiD web service in such a way that it can
147
+ be implemented by a simple PHP script such as that presented
148
+ in <xref target="impl"/>, it is easy to deploy by those who
149
+ need the STuPiD services.
150
+ The combination of the low-throughput out-of-band channel for
151
+ synchronization and the STuPiD web service for bulk data
152
+ relaying is somewhat silly but gets the job done.</t>
153
+
154
+ <t>The STuPiD data relay is implemented as follows (see <xref target="figops"/>):</t>
155
+
156
+ <t><list style="numbers">
157
+ <t>Peer A, the source of the data to be relayed, stores a chunk of
158
+ data at the STuPiD server using an opaque identifier, the &#x201C;chunk
159
+ identifier&#x201D;. How that chunk identifier is chosen is local to Peer
160
+ A; it could be composed of a random session id and a sequence number.</t>
161
+ <t>Peer A notifies the receiver of the data, Peer
162
+ B, that a new data chunk is available, specifying the URI needed
163
+ for retrieval.
164
+ This notification is provided through an out-out-band channel.
165
+ (As an optimization for multiple consecutive transfers, A might
166
+ inform B once of a constant prefix of that URI and only send a
167
+ varying part such as a sequence number in each notification &#x2014;
168
+ this is something to be decided in the client-client notification
169
+ protocol.)</t>
170
+ <t>Peer B retrieves the data from the STuPiD server using the URI
171
+ provided by Peer A.</t>
172
+ </list></t>
173
+
174
+ <t>Note that the data transfer mechanism is one-way, i.e. to send
175
+ data in the other direction as well, Peer B needs to perform
176
+ the same steps using a STuPiD server at the same or a
177
+ different location.</t>
178
+
179
+ <figure title="STuPiD Protocol Operation" anchor="figops"><artwork><![CDATA[
180
+
181
+ STuPiD ```````````````````````````````,
182
+ Script <----------------------------. ,
183
+ | ,
184
+ ^ , | ,
185
+ | , | ,
186
+ (1) | , | , (3)
187
+ POST | , | , GET
188
+ | , | ,
189
+ | v | v
190
+
191
+ Peer A -----------------------> Peer B
192
+ (2)
193
+ out-of-band
194
+ Notification
195
+ ]]></artwork></figure>
196
+
197
+ </section>
198
+ <section anchor="protocol-definition" title="Protocol Definition">
199
+
200
+ <section anchor="Terminology" title="Terminology">
201
+ <t>In this document, the key words &#x201C;MUST&#x201D;, &#x201C;MUST NOT&#x201D;, &#x201C;REQUIRED&#x201D;,
202
+ &#x201C;SHALL&#x201D;, &#x201C;SHALL NOT&#x201D;, &#x201C;SHOULD&#x201D;, &#x201C;SHOULD NOT&#x201D;, &#x201C;RECOMMENDED&#x201D;, &#x201C;MAY&#x201D;,
203
+ and &#x201C;OPTIONAL&#x201D; are to be interpreted as described in BCP 14, RFC 2119
204
+ <xref target="RFC2119"/> and indicate requirement levels for compliant STuPiD
205
+ implementations.</t>
206
+
207
+ </section>
208
+ <section anchor="discovering-external-ip-address-and-port" title="Discovering External IP Address and Port">
209
+
210
+ <t>A client may discover its external IP address and the port
211
+ required for port prediction by performing a HTTP GET
212
+ request to a STuPiD server. The STuPiD server MUST reply
213
+ with the remote address and remote port in the following
214
+ format:</t>
215
+
216
+ <t>host &#x201C;:&#x201D; port</t>
217
+
218
+ <t>where &#x2018;host&#x2019; and &#x2018;port&#x2019; are defined as in <xref target="RFC3986"/>.</t>
219
+
220
+ </section>
221
+ <section anchor="storing-data" title="Storing Data">
222
+
223
+ <t>Data chunks are stored using the POST request of HTTP. The
224
+ STuPiD server MUST support one URI parameter which is passed
225
+ as query-string:</t>
226
+
227
+ <t>&#x2018;chid&#x2019;: A unique ID identifying the data chunk to be stored.
228
+ The ID SHOULD be chosen from the characters of the base64url
229
+ set <xref target="RFC4648"/>.</t>
230
+
231
+ <t>The payload of the POST request MUST be the data to be
232
+ stored. The &#x2018;Content-Type&#x2019; SHOULD be
233
+ &#x2018;application/octet-stream&#x2019;, although a STuPiD server
234
+ implementation SHOULD simply ignore the &#x2018;Content-Type&#x2019; as a
235
+ client implementation may be restricted and may not able to
236
+ specify a specific &#x2018;Content-Type&#x2019;. (E.g., in certain cases,
237
+ the peer may be limited to sending the data as
238
+ multipart-form-encoded &#x2014; still, the data is stored as a
239
+ byte stream.)</t>
240
+
241
+ <t>STuPiD servers may reject data chunks that are larger than
242
+ some predefined limit.
243
+ This maximum size in bytes of each data chunk is RECOMMENDED
244
+ to be 65536 or more.</t>
245
+
246
+ <t>As HTTP already provides data transparency,
247
+ the data chunk SHOULD NOT be encoded using Base64 or any
248
+ other data transparency mechanism; in any case, the STuPiD
249
+ server will not attempt to decode the chunk.</t>
250
+
251
+ <t>The sender MUST wait for the HTTP response before
252
+ going on to notify the receiver.</t>
253
+
254
+ </section>
255
+ <section anchor="notification" title="Notification">
256
+
257
+ <t>The sender notifies the receiver of the data chunk by passing
258
+ via an out-of-band channel (which is not part of the STuPiD
259
+ protocol):</t>
260
+
261
+ <t>The full URL from which the data chunk can be retrieved,
262
+ i.e. the same URL that was used to store the data chunk,
263
+ including the chunk ID parameter.</t>
264
+
265
+ <t>The exact notification mechanism over the out-of-band channel
266
+ and the definition of a session is dependent on the
267
+ out-of-band channel. See <xref target="xmpp"/> for one
268
+ example of such an out-of-band channel.</t>
269
+
270
+ </section>
271
+ <section anchor="retrieving-data" title="Retrieving Data">
272
+
273
+ <t>The notified peer retrieves the data chunk using a GET request
274
+ with the URL supplied by the sender. The STuPiD server MUST
275
+ set the &#x2018;Content-Type&#x2019; of the returned body to
276
+ &#x2018;application/octet-stream&#x2019;.</t>
277
+
278
+ </section>
279
+ </section>
280
+ <section anchor="implementation-notes" title="Implementation Notes">
281
+
282
+ <t>A STuPiD server implementation SHOULD delete stored data some
283
+ time after it was stored. It is RECOMMENDED not to delete the
284
+ data before five minutes have elapsed after it was stored.
285
+ Different client protocols will have different reactions to
286
+ data that have been deleted prematurely and cannot be
287
+ retrieved by the notified peer; this may be as trivial as
288
+ packet loss or it may cause a reliable byte-stream to fail
289
+ (<xref target="impl"/>).
290
+ (TODO: It may be useful to provide some hints in the storing
291
+ POST request.)</t>
292
+
293
+ <t>STuPiD clients should aggregate data in order to minimize the
294
+ number of requests to the STuPiD server per second.
295
+ The specific aggregation method chosen depends on the data
296
+ rate required (and the maximum chunk size), the latency
297
+ requirements, and the application semantics.</t>
298
+
299
+ <t>Clearly, it is up to the implementation to decide how the data
300
+ chunks are actually stored. A sufficiently silly STuPiD server
301
+ implementation might for instance use a MySQL database.</t>
302
+
303
+ </section>
304
+ <section anchor="security-considerations" title="Security Considerations">
305
+
306
+ <t>The security objectives of STuPiD are to be as secure as if
307
+ NAT traversal had succeeded, i.e., an on-path attacker can
308
+ overhear and fake messages, but an off-path attacker cannot.
309
+ If a higher level of security is desired, it should be
310
+ provided on top of the data relayed by STuPiD, e.g. by using
311
+ XTLS <xref target="I-D.meyer-xmpp-e2e-encryption"/>.</t>
312
+
313
+ <t>Much of the security of STuPiD is based on the assumption that
314
+ an off-path attacker cannot guess the chunk identifiers. A
315
+ suitable source of randomness <xref target="RFC4086"/> should
316
+ be used to generate at least a sufficiently large part of the
317
+ chunk identifiers (e.g., the chunk identifier could be a hard
318
+ to guess prefix followed by a serial number).</t>
319
+
320
+ <t>To protect the STuPiD server against denial of service and
321
+ possibly some forms of theft of service, it is RECOMMENDED
322
+ that the POST side of the STuPiD server be protected by some
323
+ form of authentication such as HTTP authentication. There is
324
+ little need to protect the GET side.</t>
325
+
326
+ </section>
327
+
328
+
329
+ </middle>
330
+
331
+ <back>
332
+
333
+ <references title='Normative References'>
334
+
335
+
336
+
337
+
338
+
339
+ <reference anchor="RFC2119" target='https://www.rfc-editor.org/info/rfc2119'>
340
+ <front>
341
+ <title>Key words for use in RFCs to Indicate Requirement Levels</title>
342
+ <author initials='S.' surname='Bradner' fullname='S. Bradner'><organization /></author>
343
+ <date year='1997' month='March' />
344
+ <abstract><t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t></abstract>
345
+ </front>
346
+ <seriesInfo name='BCP' value='14'/>
347
+ <seriesInfo name='RFC' value='2119'/>
348
+ <seriesInfo name='DOI' value='10.17487/RFC2119'/>
349
+ </reference>
350
+
351
+
352
+
353
+ <reference anchor="RFC3986" target='https://www.rfc-editor.org/info/rfc3986'>
354
+ <front>
355
+ <title>Uniform Resource Identifier (URI): Generic Syntax</title>
356
+ <author initials='T.' surname='Berners-Lee' fullname='T. Berners-Lee'><organization /></author>
357
+ <author initials='R.' surname='Fielding' fullname='R. Fielding'><organization /></author>
358
+ <author initials='L.' surname='Masinter' fullname='L. Masinter'><organization /></author>
359
+ <date year='2005' month='January' />
360
+ <abstract><t>A Uniform Resource Identifier (URI) is a compact sequence of characters that identifies an abstract or physical resource. This specification defines the generic URI syntax and a process for resolving URI references that might be in relative form, along with guidelines and security considerations for the use of URIs on the Internet. The URI syntax defines a grammar that is a superset of all valid URIs, allowing an implementation to parse the common components of a URI reference without knowing the scheme-specific requirements of every possible identifier. This specification does not define a generative grammar for URIs; that task is performed by the individual specifications of each URI scheme. [STANDARDS-TRACK]</t></abstract>
361
+ </front>
362
+ <seriesInfo name='STD' value='66'/>
363
+ <seriesInfo name='RFC' value='3986'/>
364
+ <seriesInfo name='DOI' value='10.17487/RFC3986'/>
365
+ </reference>
366
+
367
+
368
+
369
+ <reference anchor="RFC4086" target='https://www.rfc-editor.org/info/rfc4086'>
370
+ <front>
371
+ <title>Randomness Requirements for Security</title>
372
+ <author initials='D.' surname='Eastlake 3rd' fullname='D. Eastlake 3rd'><organization /></author>
373
+ <author initials='J.' surname='Schiller' fullname='J. Schiller'><organization /></author>
374
+ <author initials='S.' surname='Crocker' fullname='S. Crocker'><organization /></author>
375
+ <date year='2005' month='June' />
376
+ <abstract><t>Security systems are built on strong cryptographic algorithms that foil pattern analysis attempts. However, the security of these systems is dependent on generating secret quantities for passwords, cryptographic keys, and similar quantities. The use of pseudo-random processes to generate secret quantities can result in pseudo-security. A sophisticated attacker may find it easier to reproduce the environment that produced the secret quantities and to search the resulting small set of possibilities than to locate the quantities in the whole of the potential number space.</t><t>Choosing random quantities to foil a resourceful and motivated adversary is surprisingly difficult. This document points out many pitfalls in using poor entropy sources or traditional pseudo-random number generation techniques for generating such quantities. It recommends the use of truly random hardware techniques and shows that the existing hardware on many systems can be used for this purpose. It provides suggestions to ameliorate the problem when a hardware solution is not available, and it gives examples of how large such quantities need to be for some applications. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t></abstract>
377
+ </front>
378
+ <seriesInfo name='BCP' value='106'/>
379
+ <seriesInfo name='RFC' value='4086'/>
380
+ <seriesInfo name='DOI' value='10.17487/RFC4086'/>
381
+ </reference>
382
+
383
+
384
+
385
+ <reference anchor="RFC4648" target='https://www.rfc-editor.org/info/rfc4648'>
386
+ <front>
387
+ <title>The Base16, Base32, and Base64 Data Encodings</title>
388
+ <author initials='S.' surname='Josefsson' fullname='S. Josefsson'><organization /></author>
389
+ <date year='2006' month='October' />
390
+ <abstract><t>This document describes the commonly used base 64, base 32, and base 16 encoding schemes. It also discusses the use of line-feeds in encoded data, use of padding in encoded data, use of non-alphabet characters in encoded data, use of different encoding alphabets, and canonical encodings. [STANDARDS-TRACK]</t></abstract>
391
+ </front>
392
+ <seriesInfo name='RFC' value='4648'/>
393
+ <seriesInfo name='DOI' value='10.17487/RFC4648'/>
394
+ </reference>
395
+
396
+
397
+
398
+
399
+ </references>
400
+
401
+ <references title='Informative References'>
402
+
403
+
404
+
405
+
406
+
407
+ <reference anchor="RFC5389" target='https://www.rfc-editor.org/info/rfc5389'>
408
+ <front>
409
+ <title>Session Traversal Utilities for NAT (STUN)</title>
410
+ <author initials='J.' surname='Rosenberg' fullname='J. Rosenberg'><organization /></author>
411
+ <author initials='R.' surname='Mahy' fullname='R. Mahy'><organization /></author>
412
+ <author initials='P.' surname='Matthews' fullname='P. Matthews'><organization /></author>
413
+ <author initials='D.' surname='Wing' fullname='D. Wing'><organization /></author>
414
+ <date year='2008' month='October' />
415
+ <abstract><t>Session Traversal Utilities for NAT (STUN) is a protocol that serves as a tool for other protocols in dealing with Network Address Translator (NAT) traversal. It can be used by an endpoint to determine the IP address and port allocated to it by a NAT. It can also be used to check connectivity between two endpoints, and as a keep-alive protocol to maintain NAT bindings. STUN works with many existing NATs, and does not require any special behavior from them.</t><t>STUN is not a NAT traversal solution by itself. Rather, it is a tool to be used in the context of a NAT traversal solution. This is an important change from the previous version of this specification (RFC 3489), which presented STUN as a complete solution.</t><t>This document obsoletes RFC 3489. [STANDARDS-TRACK]</t></abstract>
416
+ </front>
417
+ <seriesInfo name='RFC' value='5389'/>
418
+ <seriesInfo name='DOI' value='10.17487/RFC5389'/>
419
+ </reference>
420
+
421
+
422
+
423
+ <reference anchor="I-D.ietf-behave-turn">
424
+ <front>
425
+ <title>Traversal Using Relays around NAT (TURN): Relay Extensions to Session Traversal Utilities for NAT (STUN)</title>
426
+
427
+ <author initials='J' surname='Rosenberg' fullname='Jonathan Rosenberg'>
428
+ <organization />
429
+ </author>
430
+
431
+ <author initials='R' surname='Mahy' fullname='Rohan Mahy'>
432
+ <organization />
433
+ </author>
434
+
435
+ <author initials='P' surname='Matthews' fullname='Philip Matthews'>
436
+ <organization />
437
+ </author>
438
+
439
+ <date month='July' day='3' year='2009' />
440
+
441
+ <abstract><t>If a host is located behind a NAT, then in certain situations it can be impossible for that host to communicate directly with other hosts (peers). In these situations, it is necessary for the host to use the services of an intermediate node that acts as a communication relay. This specification defines a protocol, called TURN (Traversal Using Relays around NAT), that allows the host to control the operation of the relay and to exchange packets with its peers using the relay. TURN differs from some other relay control protocols in that it allows a client to communicate with multiple peers using a single relay address. The TURN protocol was designed to be used as part of the ICE (Interactive Connectivity Establishment) approach to NAT traversal, though it can be also used without ICE.</t></abstract>
442
+
443
+ </front>
444
+
445
+ <seriesInfo name='Internet-Draft' value='draft-ietf-behave-turn-16' />
446
+ <format type='TXT'
447
+ target='http://www.ietf.org/internet-drafts/draft-ietf-behave-turn-16.txt' />
448
+ </reference>
449
+
450
+
451
+ <reference anchor="STUNT" target="http://deusty.blogspot.com/2007/09/stunt-out-of-band-channels.html">
452
+ <front>
453
+ <title>STUNT &amp; out-of-band channels</title>
454
+ <author initials="R." surname="Hanson" fullname="Robbie Hanson">
455
+ <organization></organization>
456
+ </author>
457
+ <date year="2007" month="September" day="17"/>
458
+ </front>
459
+ </reference>
460
+
461
+
462
+
463
+
464
+ <reference anchor="I-D.meyer-xmpp-e2e-encryption">
465
+ <front>
466
+ <title>XTLS: End-to-End Encryption for the Extensible Messaging and Presence Protocol (XMPP) Using Transport Layer Security (TLS)</title>
467
+
468
+ <author initials='D' surname='Meyer' fullname='Dirk Meyer'>
469
+ <organization />
470
+ </author>
471
+
472
+ <author initials='P' surname='Saint-Andre' fullname='Peter Saint-Andre'>
473
+ <organization />
474
+ </author>
475
+
476
+ <date month='June' day='29' year='2009' />
477
+
478
+ <abstract><t>This document specifies "XTLS", a protocol for end-to-end encryption of Extensible Messaging and Presence Protocol (XMPP) traffic. XTLS is an application-level usage of Transport Layer Security (TLS) that is set up using the XMPP Jingle extension for session negotiation and transported using any streaming transport as the data delivery mechanism. Thus XTLS treats the end-to-end exchange of XML stanzas as a virtual transport and uses TLS to secure that transport, enabling XMPP entities to communicate in a way that is designed to ensure the confidentiality and integrity XML stanzas. The protocol can be used for secure end-to-end messaging as well as other XMPP applications, such as file transfer.</t></abstract>
479
+
480
+ </front>
481
+
482
+ <seriesInfo name='Internet-Draft' value='draft-meyer-xmpp-e2e-encryption-02' />
483
+ <format type='TXT'
484
+ target='http://www.ietf.org/internet-drafts/draft-meyer-xmpp-e2e-encryption-02.txt' />
485
+ </reference>
486
+
487
+
488
+
489
+ <reference anchor="I-D.ietf-xmpp-3920bis">
490
+ <front>
491
+ <title>Extensible Messaging and Presence Protocol (XMPP): Core</title>
492
+
493
+ <author initials='P' surname='Saint-Andre' fullname='Peter Saint-Andre'>
494
+ <organization />
495
+ </author>
496
+
497
+ <date month='December' day='20' year='2010' />
498
+
499
+ <abstract><t>The Extensible Messaging and Presence Protocol (XMPP) is an application profile of the Extensible Markup Language (XML) that enables the near-real-time exchange of structured yet extensible data between any two or more network entities. This document defines XMPP's core protocol methods: setup and teardown of XML streams, channel encryption, authentication, error handling, and communication primitives for messaging, network availability ("presence"), and request-response interactions. This document obsoletes RFC 3920.</t></abstract>
500
+
501
+ </front>
502
+
503
+ <seriesInfo name='Internet-Draft' value='draft-ietf-xmpp-3920bis-22' />
504
+ <format type='TXT'
505
+ target='http://www.ietf.org/internet-drafts/draft-ietf-xmpp-3920bis-22.txt' />
506
+ </reference>
507
+
508
+
509
+
510
+
511
+ </references>
512
+
513
+
514
+ <section anchor="xmp" title="Examples">
515
+
516
+ <t>This appendix provides some examples of the STuPiD protocol operation.</t>
517
+
518
+ <figure title="Discovering External IP Address and Port" anchor="figxmpdisco"><artwork><![CDATA[
519
+ Request:
520
+
521
+ GET /stupid.php HTTP/1.0
522
+ User-Agent: Example/1.11.4
523
+ Accept: */*
524
+ Host: example.org
525
+ Connection: Keep-Alive
526
+
527
+ Response:
528
+
529
+ HTTP/1.1 200 OK
530
+ Date: Sun, 05 Jul 2009 00:30:37 GMT
531
+ Server: Apache/2.2
532
+ Cache-Control: no-cache, must-revalidate
533
+ Expires: Sat, 26 Jul 1997 05:00:00 GMT
534
+ Vary: Accept-Encoding
535
+ Content-Length: 17
536
+ Keep-Alive: timeout=1, max=400
537
+ Connection: Keep-Alive
538
+ Content-Type: application/octet-stream
539
+
540
+ 192.0.2.239:36654
541
+ ]]></artwork></figure>
542
+
543
+ <figure title="Storing Data" anchor="figxmpstore"><artwork><![CDATA[
544
+ Request:
545
+
546
+ POST /stupid.php?chid=i781hf64-0 HTTP/1.0
547
+ User-Agent: Example/1.11.4
548
+ Accept: */*
549
+ Host: example.org
550
+ Connection: Keep-Alive
551
+ Content-Type: application/octet-stream
552
+ Content-Length: 11
553
+
554
+ Hello World
555
+
556
+ Response:
557
+
558
+ HTTP/1.1 200 OK
559
+ Date: Sun, 05 Jul 2009 00:20:34 GMT
560
+ Server: Apache/2.2
561
+ Cache-Control: no-cache, must-revalidate
562
+ Expires: Sat, 26 Jul 1997 05:00:00 GMT
563
+ Vary: Accept-Encoding
564
+ Content-Length: 0
565
+ Keep-Alive: timeout=1, max=400
566
+ Connection: Keep-Alive
567
+ Content-Type: application/octet-stream
568
+ ]]></artwork></figure>
569
+
570
+ <figure title="Retrieving Data" anchor="figxmpretr"><artwork><![CDATA[
571
+ Request:
572
+
573
+ GET /stupid.php?chid=i781hf64-0 HTTP/1.0
574
+ User-Agent: Example/1.11.4
575
+ Accept: */*
576
+ Host: example.org
577
+ Connection: Keep-Alive
578
+
579
+ Response:
580
+
581
+ HTTP/1.1 200 OK
582
+ Date: Sun, 05 Jul 2009 00:21:29 GMT
583
+ Server: Apache/2.2
584
+ Cache-Control: no-cache, must-revalidate
585
+ Expires: Sat, 26 Jul 1997 05:00:00 GMT
586
+ Vary: Accept-Encoding
587
+ Content-Length: 11
588
+ Keep-Alive: timeout=1, max=400
589
+ Connection: Keep-Alive
590
+ Content-Type: application/octet-stream
591
+
592
+ Hello World
593
+ ]]></artwork></figure>
594
+
595
+ </section>
596
+ <section anchor="impl" title="Sample Implementation">
597
+
598
+ <figure title="STuPiD Sample Implementation" anchor="figimpl"><artwork><![CDATA[
599
+ <?php
600
+ header("Cache-Control: no-cache, must-revalidate");
601
+ header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
602
+ header("Content-Type: application/octet-stream");
603
+
604
+ mysql_connect(localhost, "username", "password");
605
+ mysql_select_db("stupid");
606
+
607
+ $chid = mysql_real_escape_string($_GET["chid"]);
608
+
609
+ if ($_SERVER["REQUEST_METHOD"] == "GET") {
610
+ if (empty($chid)) {
611
+ echo $_SERVER["REMOTE_ADDR"] . ":" . $_SERVER["REMOTE_PORT"];
612
+ } elseif ($result = mysql_query("SELECT `data` FROM `Data` " .
613
+ "WHERE `chid` = '$chid'")) {
614
+ if ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
615
+ echo base64_decode($row["data"]);
616
+ } else {
617
+ header("HTTP/1.0 404 Not Found");
618
+ }
619
+ mysql_free_result($result);
620
+ } else {
621
+ header("HTTP/1.0 404 Not Found");
622
+ }
623
+ } elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
624
+ if (empty($chid)) {
625
+ header("HTTP/1.0 404 Not Found");
626
+ } else {
627
+ mysql_query("DELETE FROM `Data` " .
628
+ "WHERE `timestamp` < DATE_SUB(NOW(), INTERVAL 5 MINUTE)");
629
+ $data = base64_encode(file_get_contents("php://input"));
630
+ if (!mysql_query("INSERT INTO `Data` (`chid`, `data`) " .
631
+ "VALUES ('$chid', '$data')")) {
632
+ header("HTTP/1.0 403 Bad Request");
633
+ }
634
+ }
635
+ } else {
636
+ header("HTTP/1.0 405 Method Not Allowed");
637
+ header("Allow: GET, HEAD, POST");
638
+ }
639
+ mysql_close();
640
+ ?>
641
+ ]]></artwork></figure>
642
+
643
+ </section>
644
+ <section anchor="xmpp" title="Using XMPP as Out-Of-Band Channel">
645
+
646
+ <t>XMPP <xref target="I-D.ietf-xmpp-3920bis"/> is a good choice for
647
+ an out-of-band channel.</t>
648
+
649
+ <t>The notification protocol is closely modeled after XMPP&#x2019;s
650
+ In-Band Bytestreams (IBB, see
651
+ http://xmpp.org/extensions/xep-0047.html). Just replace the
652
+ namespace and insert the STuPiD Retrieval URI instead of the
653
+ actual Base64 encoded data, see <xref target="figxmpnots"/>.
654
+ (Note that the current proposal redundantly sends a sid and a
655
+ seq as well as the chid composed of these two; it may be
656
+ possible to optimize this, possibly sending the constant prefix
657
+ of the URI once at bytestream creation time.)</t>
658
+
659
+ <t>Notifications MUST be processed in the order they are
660
+ received. If an out-of-sequence notification is received for a
661
+ particular session (determined by checking the &#x2018;seq&#x2019; attribute),
662
+ then this indicates that a notification has been lost. The
663
+ recipient MUST NOT process such an out-of-sequence notification,
664
+ nor any that follow it within the same session; instead, the
665
+ recipient MUST consider the session invalid. (Adapted from
666
+ http://xmpp.org/extensions/xep-0047.html#send)</t>
667
+
668
+ <t>Of course, other methods can be used for setup and teardown, such as Jingle
669
+ (see http://xmpp.org/extensions/xep-0261.html).</t>
670
+
671
+ <figure title="Creating a Bytestream: Initiator requests session" anchor="figxmpcri"><artwork><![CDATA[
672
+ <iq from='romeo@montague.net/orchard'
673
+ id='jn3h8g65'
674
+ to='juliet@capulet.com/balcony'
675
+ type='set'>
676
+ <open xmlns='urn:xmpp:tmp:stupid'
677
+ block-size='65536'
678
+ sid='i781hf64'
679
+ stanza='iq'/>
680
+ </iq>
681
+ ]]></artwork></figure>
682
+
683
+ <figure title="Creating a Bytestream: Responder accepts session" anchor="figxmpcrr"><artwork><![CDATA[
684
+ <iq from='juliet@capulet.com/balcony'
685
+ id='jn3h8g65'
686
+ to='romeo@montague.net/orchard'
687
+ type='result'/>
688
+ ]]></artwork></figure>
689
+
690
+ <figure title="Sending Notifications: Notification in an IQ stanza" anchor="figxmpnots"><artwork><![CDATA[
691
+ <iq from='romeo@montague.net/orchard'
692
+ id='kr91n475'
693
+ to='juliet@capulet.com/balcony'
694
+ type='set'>
695
+ <data xmlns='urn:xmpp:tmp:stupid'
696
+ seq='0'
697
+ sid='i781hf64'
698
+ url='http://example.org/stupid.php?chid=i781hf64-0'/>
699
+ </iq>
700
+ ]]></artwork></figure>
701
+
702
+ <figure title="Sending Notifications: Acknowledging notification using IQ" anchor="figxmpnota"><artwork><![CDATA[
703
+ <iq from='juliet@capulet.com/balcony'
704
+ id='kr91n475'
705
+ to='romeo@montague.net/orchard'
706
+ type='result'/>
707
+ ]]></artwork></figure>
708
+
709
+ <figure title="Closing the Bytestream: Request" anchor="figxmpclor"><artwork><![CDATA[
710
+ <iq from='romeo@montague.net/orchard'
711
+ id='us71g45j'
712
+ to='juliet@capulet.com/balcony'
713
+ type='set'>
714
+ <close xmlns='urn:xmpp:tmp:stupid'
715
+ sid='i781hf64'/>
716
+ </iq>
717
+ ]]></artwork></figure>
718
+
719
+ <figure title="Closing the Bytestream: Success response" anchor="figxmpclos"><artwork><![CDATA[
720
+ <iq from='juliet@capulet.com/balcony'
721
+ id='us71g45j'
722
+ to='romeo@montague.net/orchard'
723
+ type='result'/>
724
+ ]]></artwork></figure>
725
+
726
+ </section>
727
+
728
+
729
+ </back>
730
+
731
+ <!-- ##markdown-source:
732
+ H4sIAN0V/FkAA+1c63Ibx5X+P0/RC6eWYBYAwYtukBmHN1uMJZImoThZl1ca
733
+ zDSAMQcz8FwoIQpT+xD7CPsm+yb7JPt9p7tnBhBI0SltUtlalBVBg76cc/o7
734
+ 9550u12viIpYD9TV8PXZ1vD15Zkq8yiZqIsXFypK1LHO536Uef5olOkbDisv
735
+ omMvTIPEn2FamPnjojv1s+Jad9/P5vNuXpTzKOz2+17oFxix0+8/6/afdPuP
736
+ vAAPJmm2GGDlcep50TwbqCIr84KD+juen2l/oL7Ric782HuXZteTLC3nA/WH
737
+ VxcX6nv8m6R9w2fetV5gQDhQp0mhs0QX3WPS4nl54SfhGz9OE+y+0Lk3jwbq
738
+ hyINOipPsyLT4xzfFjN++dHz/LKYptnAU11P4RMl+UB921MvhCV5ZDj9NvbL
739
+ vPk4zSZ+Ev3JL6I0GajXSXSjszwq/us/C3WY6ZlO1PBfT2WknvlRPFBGSr8t
740
+ /hT1MHdpw6OeOkyzmZ8kjR2P/CwvsEzzF0y8f68cDOpioC7SvBj7wVTt7vb3
741
+ 9vryWxAVkL2ZYB6kIfY57u483X30zD4pk4In9I3mpgt5OJ+KLP9l71l3b2e7
742
+ u7P9tPt499nOtvyITfJoFsUrA570+/0m84E/SivWvYQsFeACcleXXx/tbG8/
743
+ s193nz19bL/u9euvj/eeDoAY4GZ55qPdpzLztHvci3Qx7o701L/R3aLMEj4n
744
+ rocDoaTwswlFMy2K+WBrK9QA3qI3itNJPk+LXpDOtoDDJ1v9Z1sAcVJ00xJ/
745
+ sCLw1A2mOAId571pMYvNcrXiDNU/q8Zg5QbLuApgqj7ay3Q0ijTQlORpYn8R
746
+ IFz2mg8rDYL6POtuP7F8zvRCZ0bb9I7u6iTIFnOBYVMQ8juOqT+KcojO87rd
747
+ rvJHAIgfQE3ODoaqfaYLapk6CMNM57kaZtg89os02+R3osyP1cxfqEz/XEaZ
748
+ VjQRXrv+7bVYi0sd+4tc+dBMsI+lN9W4TALS5MdAHU1JoLPCjxJYgVznqpj6
749
+ BcZrlaSFKpM4utbxQhWpSoOgzHpKDacav0a5wnwIGkcf6IQHz0GhnsfpQohR
750
+ uc5IS0fp94GeF2qEZaZprtW7aaoSrUOvmOqZ+u9//w95Qma450iTKF/NUygS
751
+ 6Gws62PaOzXPUhiNNPbwm5/UZiZIcbZBoUMsE+oOV5lDs6OgjP1Mloa2qHdR
752
+ MfXMetC2wsmP3yGnXE2jyZR/G1LTsfDS87zW/Ya4RYn4MhviMuv7I4jHUaug
753
+ ICodUdKczYW6FO7yeXQgCqis8uM85dSbKORoCErNYDhUNJvDVPqg200jiSSt
754
+ Z3A0i8IQu3qQSpaGpRliPx++wIqgaZbfevuNz/865rwPH9aZgdtb7//B+H8S
755
+ jDhw6wJub0EuTsmwEuoJvCBHOaIic/AgN5hG+gbywsnMfIknbEzjq+/1SA4w
756
+ CijJ2TwWCZEjOZ1kISP8+TyOAnH7qpaplwc4WA2sHOQiJgzTcOA8SZwumcnT
757
+ uHTUB9MUu1A+nn+TGoYbB+QUiPtyKveF0sRhB/LG6nAzObCU+ySyQWotHLJE
758
+ fufQMfwChrHUhw/jaMLRt7fmn+Z7D8o1xVgecay7c38CYoMsAn6nQMVII74o
759
+ dM5FiCSQMIZ46e3g6OBTvXcgD9ABJhljqahQ+TQt45Cc17CgyHEMjO0AFxxC
760
+ tgA4e5ueObkzaIcA5ooBnJ+FNrYSi0LVuaXlufMDW9TkG2RoP1/UikSULVRe
761
+ rQ14JKD0K+/rCGEWhQayOm4Fo8crks3BfhwLU9Sq0cJLcTiZmuuUxwArYk4r
762
+ iCPRLIuv0uiUQMCgq+cdxQAHpICgY1YmAieMHME0irCnODT3WxHBQomiTdI0
763
+ 9KJQ+6t6HsnqsFC0YbmGzSLaYRtyjM4M7dCPF/4NdyHtTg4U+KyBGEsgg5FC
764
+ +yF/wXAvn+sgGkcBxakZVYIx+dGwKqqrAkTvgAntU2UfPbEACE5mkHi4Kk/Q
765
+ 9HWUEA48HTJgyRhpMI+lyKMcjdvI0e218zIQm0WjWXAzOAb9Ht9yaz+ZM2xQ
766
+ g0xMNloUusvo2J/V9klsX60dDJlubzc7RHAt8WJKqUVNdPkx1glp88ZRokPK
767
+ FlEYrEZBPUJ2VIoaj/GF/iU1uJDRkdNRPrGmp5J6ket4jFUynnlB/3CtzZqg
768
+ dGLyIn6Fn8gjWlrqIyJPChwUiY2G5CDk90QAZB/QgpJ/AO5GXB3pgEVGdErB
769
+ wqitiFY2HpfwnLrihCflHWL9QF042Z3PLbREQdP5irdf9vzDitnKlRllKhZz
770
+ oJ8GAWoFYTkTUxtZj1j0IV3rp8eir35R6BkMFJ20OBhlXWF0Q87FXXkzzUg8
771
+ yme0bchRoCoYb7xcqGniRubozVnAoTigG8aa7kWpF+k7Gq2OodBw0/E4jZCg
772
+ r8URkBMaK2vLhkcXHR7YO/wJ9QyYR/ht8AYU6psoRVLJJYxfXLU3Hz5IekET
773
+ fWo0srJQbZlQDdhUxnNS/7xc1mn6MxGdB3GkFgPw/lAb5dsgjAihlxVlE/1N
774
+ ZwTTi+HwwmO4APP/nJISjyxRkwU7/tNJWsLrQrTIr2T1n9KR2MgeI0QZDvlU
775
+ J5TyUcIDx6rwDFE+dedeGD9E8kWy7eGmkUx1lPSAdSCRMQgU8RuZi0EY06Z4
776
+ Y5wFVD+47q1FX17OyXAuW3bUCEoEB824rxYkjm0hFky0xi9848092RVqr9yq
777
+ eBAZPQdfazJBzgNAovGC8R8cBrwGDF5CPEl8J4tTzW+gmeIs2/kiCaZZ6koM
778
+ kMoEbG32vCutK1tlIiwYdBuz6vcmJMAxGgOZeGvIgcM/4+mLPpGgdSQzNmUM
779
+ DTHMuFQM+GcgP+Nhz8ui9ne1EDDFTWeIWwHkPVLO2PAuYLAq56i1El+ywh3P
780
+ eIS7yMOyte2oqQIsZogxYLVTZ3bTDE7QeJExRH0dxekIlhankNFZpknIGOSQ
781
+ 1pwydrGn5epdQ4lAnpEqgWGkF1EbEm/U0F0TXPoWxhIM2mjK+SyZWUVmXiMU
782
+ c65nOXZZSiM8Qr1JoaUuNziH4o6A/6aXwcl1G+e2TpoMRFcBx9/vEARRNyrj
783
+ a8GtUQfxkYy7Zvod2csjMerYD0YhX7UKDY0U6Fd63JQiJDVOY1CfQxsE9Ahf
784
+ 6WhuNweet91TF9Sjg46NrsssqAKtWlmVVVZEpkgxRauDaZlcY6RnSiy+slqw
785
+ HPuZjIf6PPdh/xQAiihjHNEDcHRLluEa9S+tHr2EOV+zS/0buQt4iIkkkimQ
786
+ SwrJAxc5eC5YcmEzvXhKdyi4RYocpjNQlkt0E4VyOIAYLTNco0rK2UhnEOyO
787
+ k4qxN1Fl7gPNomFTPp1q78OOTYFrW2Spb1gkCFCc48IpyOvLU2t2uQYhkWlG
788
+ Ljc+DIxi0mzcYu1PJR+xqm4BWRlM/Fk2UVihfZCbA5D40azBfWZlXETULYa4
789
+ CHdNJs46wliS7wM1QxpYyNlIxVAdwhgYdPgySdJJaOA4em9EAu7JDylIEwAX
790
+ xwQBc4UbPxOWJRato84V0dM2SGS8xDCMIJdwdpDKYaJJA80Q8gzrCMQEYl0b
791
+ jzUX4iLOc9FY7dpTPnQid5Edj26cASp34dkenF3QHAWsi8EM8LPsF4waWcHW
792
+ Ppi8QI+7sIIwWD1kveCHEvOMH7N2V5KjMMqsz2cYpJljWdKJHQk2YYh5SOIe
793
+ kNIyO9Hz3CngChuWMhkHKPheGI1BHCVGneJOYOMv1QeBqytM2YWUenv/p1PP
794
+ MHZbqS/vSz17qp7xsM+fl2b8m+r8whl//gUz2tubD5+B4bubMu3i/Gr4C6Z9
795
+ czL8K+lz/7p5wIyb+jCtlVPqjkP5jRtzeN/ZtHc27/q54SbvGnLWVNEG5D4M
796
+ 1BfGVZkuwX7LQu/j5Kl1C4BWj4+rDHFdLgW3qTOE5WmcThY1FR++aDxeKpIw
797
+ +F7KSI3nutYLVpOgfK1Xr6+GrY75W52dy/fLk+9en16eHLc6XuvqxcHLl3wo
798
+ X9yIqxfnr18e19/qmUfnr16dnB2fyI+vDv6INWhSW+cXw9Pzs4OXLSlRGOvH
799
+ xDuDDbaufikhOzy6UNt7HXZ4FJtDptLHb4h5uWKUhBS8btYykePe6DgXFyFZ
800
+ cEQrb3Psj0sP3nGUBylsCs3MyXtWVOGSTy+qyjT3uUCOcG/dabkGdeCyaUbP
801
+ oV2feb3UJtwGzaxL8gFuYhkxeaPkYpANmBTbCRNtraSxiczLROdsbkaRrljK
802
+ nhp+5APkmDPElAvPpltrM0H7SIiwxtwEYkyqTQcOARgrfqo1aBnybbi+wacb
803
+ ssoGn2/Igds6CY85smk1+3xStfWuEJeRq2PGksviPK5CkdzUthjChQ1XJlbK
804
+ yQCOnHIRxr01jNuUT/IlOnt4dHiRQnKxCK6b4Ymfs7AKOrFktmDBCFuB2Y1g
805
+ GoUbA8RpqkwixoOnxy64qyKiRuRkIG7oNYE5xlttYXhnAsHKVbOQihwJ0YuL
806
+ 0FjhfbxXZrGXI6kWkbEJWhW65/4iTk2F7iNBCLe26txIWy01gouNozRh2aw7
807
+ XMz1Rk2Zt9EovWylIKmwVbMNZN4xq00M2pZxtaJcbjVJgBDVT5LUJnIruzKQ
808
+ 8qzCrCxB/ZHgnScgDQ5CyvVLJEMuUluukWTLVSiXt0CK3j7pTXqdRtPHli/q
809
+ TNzuZTNHF8ssHaqfeyboRBDYpQaw65oyeGKemxcR45pqNEM9g1ThkKVHZYTI
810
+ 4G1JdLntdP2EIKmBn0ZPKmaJPZNs22MAKWbB6pOQTHhFXOd9NCuRJLC2HSVS
811
+ 8BQ0SVi6HNQ3DLVnkPr40aPdxwyoZqAbEEPkLTbGVTqrokgdEkIWEMLCCLKx
812
+ fu0TpMRj5WR09lBQLYFb4srnH61YB5rPXeOFR9ZZLZlScVlDFETU9UBE1djR
813
+ qhUIsgrDM3WW4J0fFcoVdoRPAG3OZAIk47n2JqkpldeVm6U8inZryfsv263G
814
+ fp9Mw6zUaOFhfGhhbyL/rjpSu7JUZNqVxxtycVkCM2RSMS4hoNeXL42pMbNX
815
+ dra1OJdJhB3PhPQuyuZsQSOLmFKipYYUTqfrlTrsi8ZlpTlmedi9ytDao5B6
816
+ 0HKmVOcW4jHvqPp4zmMul9L9OjNmHDGn5JPC1n/WFsAQ2q+ponkfl8/WUcHD
817
+ vzTSWuu3KgjYsw+NmVmTqhkJuUQH/tyZ8No9U/p0XHFkMrWigtZdDl4cxhpr
818
+ a4ECMsqMxmOUhqwx3WPxyejpsl1mfpivLfQz+Lmve+bsQqhjXVSuXMRAs+Yh
819
+ x0cUMi4kXhKsOX91WqzYLAG/aLosxUOWdYzuqjHLAQiUShpAKWHq2J8TuOuW
820
+ RxjoEkjripwO2X6frFBnmZBMYKrzkJ2xXVQOGSWtUkNVSDuNQKnMWJcV9AA8
821
+ 0uv3KlVzB7oElOcmZrdeieXCLLqJpPHjzf3gWjPTRaSWCiccFvjsMUoVLbKd
822
+ 1qrZJd0cP4q9tqsxbrLfe358PqBg7S6YD0shybgx9HIm0hyrmtC5idO8ZqjR
823
+ 8Geu62lbv/5kkukJI3RXEzB1WHa1oLrsB8rB2fIJwGmXzE2PZhXZjWqtMa/O
824
+ 4buNjBVBgBK66MpYgrr9JrXKRs4QqrazJ855GoWkC9007ibGeLgkr3llolMF
825
+ 7s27ADlOG9FgwNTCtnddNbecO55WVMJ4K4p7KmVDS2Qj4gXWSilxO2VAAJqX
826
+ YzBOafO51FnvDcekGCY2zrXSlMHLq8XVdy9lS0abEou75vHRUvP4rs6e83R2
827
+ Ujr6STpwJu6wNNUJH3WOQ+VbNJbrQEV1q2eKYBZGN5CKoikrdcQAJ925z5Zg
828
+ URD8mdTb6SSmkLGcxNiXBlGe+xNtWzmcNx5/PBGK1uNFAXNrBc8kZRR775gQ
829
+ F5ITHp2lmwxeVS+Tg5sv+XBbZKY+28ag0gg7+W/TivzD8OWVMveT7ry+J7H9
830
+ K/qd6rqAE2yz+Sx3PxyoETKUs7kBE1t89zCuJiUTvNoz17XpnLjy8jIyt13q
831
+ WropPCecZ1KQPrM2KxTPtWyl88fmNPNIpuE+O7TLOJUwthmxeB8RodpaQvV1
832
+ FNaVcZ8XaaW/Y/ixVVyToFa9F2T1wJQxLpsMO8SyFYyyP7Yt/sSnZuDcE84S
833
+ NJhGB4s/ttm+MCaRwb9L0sZFY6xT9qXY2hVSxWZSoZbDNUfASDvqDAPiEN3V
834
+ DF4gpRicnbElaBOeL/3WuKnmmZtqyjSLlplnnEFa7F0+9kih+icm9slZUAI4
835
+ 626+Z/ILXmhCVvS+TgVEHtpNW2as6rOmrtK1XJVVSl0aez9wNT2StWWuj/fm
836
+ 07kwuLXd69ufX0NW3QPgrBgoSyt+3d7u7dkBBwGv3A3Ur7d+bZ+8SLG8o9Bc
837
+ upbPUdWIHqhvtZ53D2LeVTFEmTygospSsc1ruOr8W/v0WG7mXpVJR/Ufqd/B
838
+ dfIKu+r3B7v474n65pUrh17JCQ/UAVz3VG/t9HYcEfx3lyFalsYDhADdgE86
839
+ albmRTdjGyXiBWA7/OT9HDYpx6Z+0VE7j2XT7WfPnoCAAfYFdfWmv/d5h9sI
840
+ pHvCDIw2qGJegsKXOpkU04GSa8X81JIYKAZjiHz3tzt0jft7/f79oltemvHm
841
+ QN0VVjrJbj/b6fV7EMjus8Hu48eP9taUUAFEqaK5OupDS3Ysq96PNtHIBty+
842
+ YoFnP3rydHs6frzX7f/t4feLZHjHWW5XsNUwh3xlAmb6s+B6B7je+0fCdf9v
843
+ Deu16LV5su0CNCqdn0boij38+wP08+Boe7Dz7B8JR9vbfyf72FThtdhiGumg
844
+ tVKPkLbSlSlmrGTw/Hz4QlLB9WH9Ei6//ArQ8xBqIxdotx56Jq3N59Wchx1M
845
+ c8bDxMQZ3myR/xy/sRfL2nKpgg2IjmohMM34sg0bUSysseHFKWZGjhw9KN6E
846
+ o3bLaJis9iuqmNpXZgxv873ReeDP9RvTB2j/6g2U8ocWh7V+5IxorPDw6uTy
847
+ 9yeXP0jn7ORq+ObVyfDF+XHrR7W/r1qY0dpUH+QyAkazSrloy06b9jE+vJmn
848
+ mgu9Oh+evDk4Pr7EKj3psvQ+/v3i/HLY+vE517hVOs61kANhl3FRsSGNjHbr
849
+ 6uTlydFQvWW68lZ9fXn+Sr09lu9Y+u4Waev7FyeXJ+ot6X2LNTeE8o1Wg3az
850
+ KfJXt+NYF8H0jZ9l/sJR01Gv/ohc883B1dX5UWOuY910O96Y0q2s9kOLlIqU
851
+ zTjDYXOmw4szhGqvv8cClfqar4S06pn2b0tdpvUbQ5WjbrMhwmqDB61+6zUE
852
+ fz8OGHB8GggP23WZ0qVzPsY5D08ecMDuZGnK8gKm4q36Uh0fAFZXrw/bZ+ff
853
+ tzc76vRsCJ4OXqpH6tXp2evhyWYt1l9J5rvvzs4U+tvjKNZvJrqgUlKL83YL
854
+ FmSwtRUl87IAbp43YPNPS6SfnkGAQ+557khvG+B1LG437wNrC3RC7KptMdoB
855
+ WDlrY7O1jLg1Mt5Vh37oPPAKctwZmyXWTIZsTN2J53Rg0lC7hhstTwd06R31
856
+ 4uTguKMMHJ57t86GxWmu23jw1W/WWHua65W7BGutu9h9836UvDOLPPG8LLrn
857
+ 4+4hQ+Mj20YwKd787hvbDWcg6zTerGq+V8j3SNw9+aV3Wu6qm9dVcZvNVnki
858
+ b8dRBMizZylLqK5aa+7xe6eJYeGQbS1xALlqnx4edpBDa8++00naGMdsVW8C
859
+ 5Fvv4YT7/b0n8ubmZg/uJy+kB+4HtgIJL5HPfZPts0Sms6UiwaW71SZN48ab
860
+ EZxs6nOur+WaXeZ6XXVnEWSB6VzetFm+YBWUWWZLzvOUVbBMh9Bz35T2pHrJ
861
+ i6T2vp+X65/dNSpzj5SFEvzavC1oXh4p3qXPXXmYtSv7woDcl7evY9ibz3V5
862
+ o9H0XLkj59nkngKQi3R+YfqLpsQsb35ICQq2hCXhZmssr9rRYDLQ7K9XN8RM
863
+ RXiqF6wSerY7xor/uNF6qW/ardwldOOltOl7jRdiXDuoHbLrNJNe6Yh3k3Vw
864
+ 7VjcwLobrJFl0ags9Kb0Me19GXe7xLVhl7euXooCXgtz2wCkRHNpHribNI7b
865
+ 1UbSWm46fCNaGp3mFQepZUmfIuJ9wboXZxl77mAoxbLV3d2LP7aGaDtjiQRn
866
+ bIgfhP6chSa2BB+sOV8QHjja8zFLcRnbsaZ9a2ruuWsjSkGQB5JrBFamUq79
867
+ LEzfIRdwtavfyZtmntzq/RQBO4+3requJkz4fBn9LGzsb+B/dPrbGZyOPyl1
868
+ L9HFVprxWkW40XAYyKA2fkp2p08njx81nxcpnpcxDNxvEe+VsTbvg4/8GMJc
869
+ LI1EULoP7BQbv6mefpnOgYb3szjJ9zf44jmZGRSz+cAElxsrLmuEQPW6yy7D
870
+ /oY03lcH5KTTpXof/QjF/JOP33/e2HI0fLkV/bzOb4CQIIuc5zgSPZVeY21G
871
+ +f+gEBURX8CtWzAWNeJO7hH6w0R2n9AfdmxG6CZYI9N3MJp9glGTvFIzfEn9
872
+ lvn8POi6zp5tJ3tPPie6JM56OLpgYfY3+r8IUmUW729YRWyUA+6pPjwIenR6
873
+ VdRivcuSaxgs/dNc9lCn31mIf1wi+SvBd9eZfEbwgVX/E6weBNdJ+g6BzYQ/
874
+ LnkUcwPg9LtPcPxwFJb5k+3J3qOfPiMKJTr7BTBcQdyDTFWc1iqM7ZyrXtZh
875
+ E6N/LmzcJanPaZjAyqfYumLnM8+re0jg738A/F0Wy55HAAA=
876
+
877
+ -->
878
+
879
+ </rfc>
880
+