<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-moq-privacy-pass-auth-03" category="std" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="Privacy Pass MoQ Auth">Privacy Pass Authentication for Media over QUIC (MoQ)</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-moq-privacy-pass-auth-03"/>
    <author initials="S." surname="Nandakumar" fullname="Suhas Nandakumar">
      <organization>Cisco</organization>
      <address>
        <email>snandaku@cisco.com</email>
      </address>
    </author>
    <author initials="C." surname="Jennings" fullname="Cullen Jennings">
      <organization>Cisco</organization>
      <address>
        <email>fluffy@iii.ca</email>
      </address>
    </author>
    <author initials="T." surname="Meunier" fullname="Thibault Meunier">
      <organization>Cloudflare Inc.</organization>
      <address>
        <email>ot-ietf@thibault.uk</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <area>Web and Internet Transport</area>
    <workgroup>Media Over QUIC</workgroup>
    <keyword>media over quic</keyword>
    <keyword>privacy-pass</keyword>
    <abstract>
      <?line 62?>

<t>This document specifies the use of Privacy Pass architecture and issuance
protocols for authorization in Media over QUIC (MoQ) transport protocol. It
defines how Privacy Pass tokens can be integrated with MoQ's authorization
framework to provide privacy-preserving authentication for subscriptions,
fetches, publications, and relay operations while supporting fine-grained
access control through prefix-based track namespace and track name matching
rules.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        The latest revision of this draft can be found at <eref target="https://moq-wg.github.io/privacy-pass/draft-ietf-moq-privacy-pass-auth.html"/>.
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-ietf-moq-privacy-pass-auth/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        Media Over QUIC Working Group mailing list (<eref target="mailto:moq@ietf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/moq/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/moq/"/>.
        Working Group information can be found at <eref target="https://datatracker.ietf.org/wg/moq/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/moq-wg/privacy-pass"/>.</t>
    </note>
  </front>
  <middle>
    <?line 73?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>Media over QUIC (MoQ) <xref target="MoQ-TRANSPORT"/> provides a transport protocol for live
and on-demand media delivery, real-time communication, and interactive content
distribution over QUIC connections. The protocol supports a wide range of
applications including video streaming, video conferencing, gaming, interactive
broadcasts, and other latency-sensitive use cases. MoQ includes mechanisms for
authorization through tokens that can be used to control access to media
streams, interactive sessions, and relay operations.</t>
      <t>Traditional authorization mechanisms often lack the privacy protection needed
for modern media distribution scenarios, where users' viewing patterns and
content preferences should remain private while still enabling fine-grained
access control, namespace restrictions, and operational constraints.</t>
      <t>Privacy Pass <xref target="RFC9576"/> provides a privacy-preserving authorization
architecture that enables anonymous authentication through unlinkable tokens.
The Privacy Pass architecture consists of four entities: Client, Origin, Issuer,
and Attester, which work together to provide token-based authorization without
compromising user privacy. The issuance protocols <xref target="RFC9578"/> define how these
tokens are created and verified.</t>
      <t>This document defines how Privacy Pass tokens can be integrated with MoQ's
authorization framework to provide comprehensive access control for media
streaming, real-time communication, and interactive content services while
preserving user privacy through unlinkable authentication tokens.</t>
      <section anchor="requirements-language">
        <name>Requirements Language</name>
        <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
        <?line -18?>

</section>
    </section>
    <section anchor="privacy-pass-architecture-for-moq">
      <name>Privacy Pass Architecture for MoQ</name>
      <t>Privacy Pass Terminology defined in <xref section="2" sectionFormat="of" target="RFC9576"/> is reused here.
The Privacy Pass MoQ integration involves the following entities and their
interactions:</t>
      <dl>
        <dt><strong>Client</strong></dt>
        <dd>
          <t>The MoQ client requesting authorization to subscribe to, fetch,
or publish media content. The client is responsible for obtaining Privacy Pass
tokens through the attestation and issuance process, and presenting these
tokens when requesting MoQ operations such as SUBSCRIBE, FETCH, PUBLISH, or
PUBLISH_NAMESPACE.</t>
        </dd>
        <dt><strong>MoQ Relay</strong></dt>
        <dd>
          <t>The MoQ relay server that forwards media content and verifies
that clients are authorized. The relay validates Privacy Pass tokens presented
by clients, enforces access policies, and forwards authorized requests to other
relays. Relays maintain configuration for trusted issuers and validate token
signatures and metadata.</t>
        </dd>
        <dt><strong>Privacy Pass Issuer</strong></dt>
        <dd>
          <t>The entity that issues Privacy Pass tokens to clients
after successful attestation. The issuer operates the token issuance protocol,
manages cryptographic keys. The issuer creates tokens with appropriate
MoQ-specific metadata.</t>
        </dd>
        <dt><strong>Privacy Pass Attester</strong></dt>
        <dd>
          <t>The entity that attests to properties of clients
for the purposes of token issuance. The attester verifies client credentials,
subscription status, or other eligibility criteria. Common attestation methods
include username/password, OAuth, device certificates, or other authentication
mechanisms.</t>
        </dd>
      </dl>
      <section anchor="joint-issuer-attester">
        <name>Joint Attester and Issuer</name>
        <t>In the below deployment, the MoQ relay and Privacy Pass issuer are operated
by different entities to enhance privacy through separation of concerns.
This corresponds to <xref section="4.4" sectionFormat="of" target="RFC9576"/>.</t>
        <figure anchor="fig-overview">
          <name>Separated Issuer and Relay Architecture</name>
          <artset>
            <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="224" width="544" viewBox="0 0 544 224" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 8,32 L 8,64" fill="none" stroke="black"/>
                <path d="M 56,64 L 56,208" fill="none" stroke="black"/>
                <path d="M 104,32 L 104,64" fill="none" stroke="black"/>
                <path d="M 208,32 L 208,64" fill="none" stroke="black"/>
                <path d="M 240,64 L 240,208" fill="none" stroke="black"/>
                <path d="M 280,32 L 280,64" fill="none" stroke="black"/>
                <path d="M 360,32 L 360,64" fill="none" stroke="black"/>
                <path d="M 400,64 L 400,144" fill="none" stroke="black"/>
                <path d="M 400,192 L 400,208" fill="none" stroke="black"/>
                <path d="M 448,32 L 448,64" fill="none" stroke="black"/>
                <path d="M 464,32 L 464,64" fill="none" stroke="black"/>
                <path d="M 496,64 L 496,208" fill="none" stroke="black"/>
                <path d="M 536,32 L 536,64" fill="none" stroke="black"/>
                <path d="M 8,32 L 104,32" fill="none" stroke="black"/>
                <path d="M 208,32 L 280,32" fill="none" stroke="black"/>
                <path d="M 360,32 L 448,32" fill="none" stroke="black"/>
                <path d="M 464,32 L 536,32" fill="none" stroke="black"/>
                <path d="M 8,64 L 104,64" fill="none" stroke="black"/>
                <path d="M 208,64 L 280,64" fill="none" stroke="black"/>
                <path d="M 360,64 L 448,64" fill="none" stroke="black"/>
                <path d="M 464,64 L 536,64" fill="none" stroke="black"/>
                <path d="M 64,96 L 112,96" fill="none" stroke="black"/>
                <path d="M 192,96 L 240,96" fill="none" stroke="black"/>
                <path d="M 56,112 L 80,112" fill="none" stroke="black"/>
                <path d="M 216,112 L 232,112" fill="none" stroke="black"/>
                <path d="M 248,126 L 264,126" fill="none" stroke="black"/>
                <path d="M 248,130 L 264,130" fill="none" stroke="black"/>
                <path d="M 376,126 L 392,126" fill="none" stroke="black"/>
                <path d="M 376,130 L 392,130" fill="none" stroke="black"/>
                <path d="M 240,160 L 312,160" fill="none" stroke="black"/>
                <path d="M 432,160 L 488,160" fill="none" stroke="black"/>
                <path d="M 248,176 L 312,176" fill="none" stroke="black"/>
                <path d="M 440,176 L 496,176" fill="none" stroke="black"/>
                <path d="M 64,192 L 88,192" fill="none" stroke="black"/>
                <path d="M 216,192 L 240,192" fill="none" stroke="black"/>
                <polygon class="arrowhead" points="496,160 484,154.4 484,165.6" fill="black" transform="rotate(0,488,160)"/>
                <polygon class="arrowhead" points="400,128 388,122.4 388,133.6" fill="black" transform="rotate(0,392,128)"/>
                <polygon class="arrowhead" points="256,176 244,170.4 244,181.6" fill="black" transform="rotate(180,248,176)"/>
                <polygon class="arrowhead" points="256,128 244,122.4 244,133.6" fill="black" transform="rotate(180,248,128)"/>
                <polygon class="arrowhead" points="240,112 228,106.4 228,117.6" fill="black" transform="rotate(0,232,112)"/>
                <polygon class="arrowhead" points="72,192 60,186.4 60,197.6" fill="black" transform="rotate(180,64,192)"/>
                <polygon class="arrowhead" points="72,96 60,90.4 60,101.6" fill="black" transform="rotate(180,64,96)"/>
                <g class="text">
                  <text x="32" y="52">MoQ</text>
                  <text x="72" y="52">Relay</text>
                  <text x="244" y="52">Client</text>
                  <text x="404" y="52">Attester</text>
                  <text x="500" y="52">Issuer</text>
                  <text x="152" y="100">Request</text>
                  <text x="148" y="116">TokenChallenge</text>
                  <text x="320" y="132">Attestation</text>
                  <text x="372" y="164">TokenRequest</text>
                  <text x="376" y="180">TokenResponse</text>
                  <text x="152" y="196">Request+Token</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art"><![CDATA[
+-----------+            +--------+         +----------+ +--------+
| MoQ Relay |            | Client |         | Attester | | Issuer |
+-----+-----+            +---+----+         +----+-----+ +---+----+
      |                      |                   |           |
      |<------ Request ------+                   |           |
      +--- TokenChallenge -->|                   |           |
      |                      |<== Attestation ==>|           |
      |                      |                   |           |
      |                      +--------- TokenRequest ------->|
      |                      |<-------- TokenResponse -------+
      |<--- Request+Token ---+                   |           |
      |                      |                   |           |
]]></artwork>
          </artset>
        </figure>
        <t>In certain deployments the MoQ relay and Privacy Pass issuer may be
operated by the same entity to simplify key management and policy coordination.
This is the Privacy Pass deployment described in <xref section="4.2" sectionFormat="of" target="RFC9576"/>.</t>
      </section>
      <section anchor="reverse-flow">
        <name>Shared Origin, Attester, Issuer with a Reverse Flow</name>
        <t>The flow described above can be used to bootstrap a shared origin-attester-issuer flow,
as described in <xref section="4.2" sectionFormat="of" target="RFC9576"/>. The MoQ relay plays all roles (origin,
attester, and issuer), allowing it to use privately verifiable token types registered
in <xref target="PRIVACYPASS-IANA"/>.</t>
        <t>In this scenario, the MoQ relay origin would accept tokens signed by two issuers:</t>
        <ol spacing="normal" type="1"><li>
            <t>Type <tt>0x0002</tt> token signed by the bootstrap issuer from <xref target="joint-issuer-attester"/></t>
          </li>
          <li>
            <t>Type <tt>0x0001</tt>, <tt>0x0005</tt>, or <tt>0xE5AC</tt> tokens signed by its own issuer.</t>
          </li>
        </ol>
        <t>This two-phase approach provides several advantages:</t>
        <ul spacing="normal">
          <li>
            <t><strong>Bootstrapping</strong>: The initial publicly verifiable token (<tt>0x0002</tt>) establishes
trust without requiring the relay to share private keys with external verifiers.</t>
          </li>
          <li>
            <t><strong>Efficiency</strong>: Subsequent privately verifiable tokens allow batched issuance,
amortizing cryptographic costs across multiple operations.</t>
          </li>
          <li>
            <t><strong>Privacy</strong>: Each token presentation is unlinkable, even when obtained from
the same credential.</t>
          </li>
        </ul>
        <section anchor="reverse-flow-overview">
          <name>Reverse Flow Overview</name>
          <t>The reverse flow, as described in <xref section="4" sectionFormat="of" target="PRIVACYPASS-REVERSE-FLOW"/>,
allows a client to exchange a publicly verifiable token for privately verifiable
tokens (or credentials) issued directly by the MoQ relay.</t>
          <figure anchor="fig-reverse-flow">
            <name>Complete Reverse Flow Authorization</name>
            <artset>
              <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="608" width="672" viewBox="0 0 672 608" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                  <path d="M 8,32 L 8,64" fill="none" stroke="black"/>
                  <path d="M 72,64 L 72,96" fill="none" stroke="black"/>
                  <path d="M 72,128 L 72,288" fill="none" stroke="black"/>
                  <path d="M 72,320 L 72,480" fill="none" stroke="black"/>
                  <path d="M 72,512 L 72,592" fill="none" stroke="black"/>
                  <path d="M 136,32 L 136,64" fill="none" stroke="black"/>
                  <path d="M 160,32 L 160,64" fill="none" stroke="black"/>
                  <path d="M 216,64 L 216,96" fill="none" stroke="black"/>
                  <path d="M 216,128 L 216,288" fill="none" stroke="black"/>
                  <path d="M 216,320 L 216,480" fill="none" stroke="black"/>
                  <path d="M 216,512 L 216,592" fill="none" stroke="black"/>
                  <path d="M 264,32 L 264,64" fill="none" stroke="black"/>
                  <path d="M 336,32 L 336,64" fill="none" stroke="black"/>
                  <path d="M 376,64 L 376,96" fill="none" stroke="black"/>
                  <path d="M 376,128 L 376,288" fill="none" stroke="black"/>
                  <path d="M 376,320 L 376,480" fill="none" stroke="black"/>
                  <path d="M 376,512 L 376,592" fill="none" stroke="black"/>
                  <path d="M 408,32 L 408,64" fill="none" stroke="black"/>
                  <path d="M 480,32 L 480,64" fill="none" stroke="black"/>
                  <path d="M 528,64 L 528,96" fill="none" stroke="black"/>
                  <path d="M 528,128 L 528,208" fill="none" stroke="black"/>
                  <path d="M 528,320 L 528,480" fill="none" stroke="black"/>
                  <path d="M 528,512 L 528,592" fill="none" stroke="black"/>
                  <path d="M 568,32 L 568,64" fill="none" stroke="black"/>
                  <path d="M 592,32 L 592,64" fill="none" stroke="black"/>
                  <path d="M 624,72 L 624,96" fill="none" stroke="black"/>
                  <path d="M 624,128 L 624,288" fill="none" stroke="black"/>
                  <path d="M 624,320 L 624,480" fill="none" stroke="black"/>
                  <path d="M 624,512 L 624,592" fill="none" stroke="black"/>
                  <path d="M 664,32 L 664,64" fill="none" stroke="black"/>
                  <path d="M 8,32 L 136,32" fill="none" stroke="black"/>
                  <path d="M 160,32 L 264,32" fill="none" stroke="black"/>
                  <path d="M 336,32 L 408,32" fill="none" stroke="black"/>
                  <path d="M 480,32 L 568,32" fill="none" stroke="black"/>
                  <path d="M 592,32 L 664,32" fill="none" stroke="black"/>
                  <path d="M 8,64 L 136,64" fill="none" stroke="black"/>
                  <path d="M 160,64 L 264,64" fill="none" stroke="black"/>
                  <path d="M 336,64 L 408,64" fill="none" stroke="black"/>
                  <path d="M 480,64 L 568,64" fill="none" stroke="black"/>
                  <path d="M 592,64 L 664,64" fill="none" stroke="black"/>
                  <path d="M 352,160 L 368,160" fill="none" stroke="black"/>
                  <path d="M 344,192 L 368,192" fill="none" stroke="black"/>
                  <path d="M 384,222 L 400,222" fill="none" stroke="black"/>
                  <path d="M 384,226 L 400,226" fill="none" stroke="black"/>
                  <path d="M 512,222 L 528,222" fill="none" stroke="black"/>
                  <path d="M 512,226 L 528,226" fill="none" stroke="black"/>
                  <path d="M 376,256 L 408,256" fill="none" stroke="black"/>
                  <path d="M 528,256 L 616,256" fill="none" stroke="black"/>
                  <path d="M 384,272 L 408,272" fill="none" stroke="black"/>
                  <path d="M 536,272 L 624,272" fill="none" stroke="black"/>
                  <path d="M 352,336 L 376,336" fill="none" stroke="black"/>
                  <path d="M 200,400 L 216,400" fill="none" stroke="black"/>
                  <path d="M 72,416 L 88,416" fill="none" stroke="black"/>
                  <path d="M 216,448 L 232,448" fill="none" stroke="black"/>
                  <path d="M 352,448 L 368,448" fill="none" stroke="black"/>
                  <path d="M 224,528 L 240,528" fill="none" stroke="black"/>
                  <path d="M 336,528 L 376,528" fill="none" stroke="black"/>
                  <path d="M 216,576 L 232,576" fill="none" stroke="black"/>
                  <path d="M 352,576 L 368,576" fill="none" stroke="black"/>
                  <path d="M 640,64 C 631.16936,64 624,71.16936 624,80" fill="none" stroke="black"/>
                  <polygon class="arrowhead" points="624,256 612,250.4 612,261.6" fill="black" transform="rotate(0,616,256)"/>
                  <polygon class="arrowhead" points="536,224 524,218.4 524,229.6" fill="black" transform="rotate(0,528,224)"/>
                  <polygon class="arrowhead" points="392,272 380,266.4 380,277.6" fill="black" transform="rotate(180,384,272)"/>
                  <polygon class="arrowhead" points="392,224 380,218.4 380,229.6" fill="black" transform="rotate(180,384,224)"/>
                  <polygon class="arrowhead" points="376,576 364,570.4 364,581.6" fill="black" transform="rotate(0,368,576)"/>
                  <polygon class="arrowhead" points="376,448 364,442.4 364,453.6" fill="black" transform="rotate(0,368,448)"/>
                  <polygon class="arrowhead" points="376,192 364,186.4 364,197.6" fill="black" transform="rotate(0,368,192)"/>
                  <polygon class="arrowhead" points="376,160 364,154.4 364,165.6" fill="black" transform="rotate(0,368,160)"/>
                  <polygon class="arrowhead" points="232,528 220,522.4 220,533.6" fill="black" transform="rotate(180,224,528)"/>
                  <g class="text">
                    <text x="44" y="52">Origin</text>
                    <text x="100" y="52">Issuer</text>
                    <text x="192" y="52">MoQ</text>
                    <text x="232" y="52">Relay</text>
                    <text x="372" y="52">Client</text>
                    <text x="524" y="52">Attester</text>
                    <text x="628" y="52">Issuer</text>
                    <text x="72" y="116">:</text>
                    <text x="136" y="116">Phase</text>
                    <text x="172" y="116">1:</text>
                    <text x="224" y="116">Bootstrap</text>
                    <text x="288" y="116">Token</text>
                    <text x="360" y="116">Acquisition</text>
                    <text x="528" y="116">:</text>
                    <text x="624" y="116">:</text>
                    <text x="228" y="148">&lt;-</text>
                    <text x="300" y="148">CLIENT_SETUP[]</text>
                    <text x="368" y="148">-</text>
                    <text x="224" y="164">-</text>
                    <text x="284" y="164">SERVER_SETUP</text>
                    <text x="256" y="180">[AUTH</text>
                    <text x="324" y="180">CHALLENGE]</text>
                    <text x="224" y="196">-</text>
                    <text x="284" y="196">UNAUTHORIZED</text>
                    <text x="456" y="228">Attestation</text>
                    <text x="528" y="244">|</text>
                    <text x="468" y="260">TokenRequest</text>
                    <text x="472" y="276">TokenResponse</text>
                    <text x="528" y="292">|</text>
                    <text x="72" y="308">:</text>
                    <text x="136" y="308">Phase</text>
                    <text x="172" y="308">2:</text>
                    <text x="208" y="308">Token</text>
                    <text x="268" y="308">Exchange</text>
                    <text x="320" y="308">via</text>
                    <text x="368" y="308">Reverse</text>
                    <text x="420" y="308">Flow</text>
                    <text x="528" y="308">:</text>
                    <text x="624" y="308">:</text>
                    <text x="228" y="340">&lt;-</text>
                    <text x="292" y="340">CLIENT_SETUP</text>
                    <text x="264" y="356">[AUTH</text>
                    <text x="312" y="356">TOKEN</text>
                    <text x="344" y="356">+</text>
                    <text x="268" y="372">AUTH</text>
                    <text x="324" y="372">REQUEST]</text>
                    <text x="136" y="404">&lt;-CredentialReq</text>
                    <text x="152" y="420">CredentialRes-&gt;</text>
                    <text x="292" y="452">SERVER_SETUP</text>
                    <text x="256" y="468">[AUTH</text>
                    <text x="320" y="468">RESPONSE]</text>
                    <text x="72" y="500">:</text>
                    <text x="136" y="500">Phase</text>
                    <text x="172" y="500">3:</text>
                    <text x="212" y="500">Normal</text>
                    <text x="284" y="500">Operations</text>
                    <text x="348" y="500">with</text>
                    <text x="400" y="500">Derived</text>
                    <text x="460" y="500">Tokens</text>
                    <text x="528" y="500">:</text>
                    <text x="624" y="500">:</text>
                    <text x="288" y="532">SUBSCRIBE</text>
                    <text x="268" y="548">[Token</text>
                    <text x="316" y="548">from</text>
                    <text x="296" y="564">credential]</text>
                    <text x="292" y="580">SUBSCRIBE_OK</text>
                  </g>
                </svg>
              </artwork>
              <artwork type="ascii-art"><![CDATA[
+---------------+  +------------+        +--------+        +----------+  +--------+
| Origin Issuer |  |  MoQ Relay |        | Client |        | Attester |  | Issuer |
+-------+-------+  +------+-----+        +----+---+        +-----+----+  +----+---+
        |                 |                   |                  |           |
        |                 |                   |                  |           |
        :     Phase 1: Bootstrap Token Acquisition               :           :
        |                 |                   |                  |           |
        |                 |<- CLIENT_SETUP[] -+                  |           |
        |                 +- SERVER_SETUP  -->|                  |           |
        |                 |  [AUTH CHALLENGE] |                  |           |
        |                 +- UNAUTHORIZED --->|                  |           |
        |                 |                   |                  |           |
        |                 |                   |<== Attestation ==>           |
        |                 |                   |                  |           |
        |                 |                   +---- TokenRequest ----------->|
        |                 |                   |<--- TokenResponse -----------+
        |                 |                   |                  |           |
        :     Phase 2: Token Exchange via Reverse Flow           :           :
        |                 |                   |                  |           |
        |                 |<- CLIENT_SETUP ---+                  |           |
        |                 |   [AUTH TOKEN +   |                  |           |
        |                 |    AUTH REQUEST]  |                  |           |
        |                 |                   |                  |           |
        |<-CredentialReq--+                   |                  |           |
        +--CredentialRes->|                   |                  |           |
        |                 |                   |                  |           |
        |                 +-- SERVER_SETUP -->|                  |           |
        |                 |  [AUTH RESPONSE]  |                  |           |
        |                 |                   |                  |           |
        :     Phase 3: Normal Operations with Derived Tokens     :           :
        |                 |                   |                  |           |
        |                 |<-- SUBSCRIBE -----+                  |           |
        |                 |   [Token from     |                  |           |
        |                 |    credential]    |                  |           |
        |                 +-- SUBSCRIBE_OK -->|                  |           |
        |                 |                   |                  |           |
]]></artwork>
            </artset>
          </figure>
        </section>
        <section anchor="detailed-reverse-flow-steps">
          <name>Detailed Reverse Flow Steps</name>
          <t><strong>Phase 1: Bootstrap Token Acquisition</strong></t>
          <ol spacing="normal" type="1"><li>
              <t>The client initiates a connection with <tt>CLIENT_SETUP</tt> without authorization.</t>
            </li>
            <li>
              <t>The MoQ relay responds with a <tt>SERVER_SETUP</tt> carrying an AUTH CHALLENGE
option whose <tt>TokenChallenge</tt> specifies a publicly verifiable token type
(<tt>0x0002</tt>), then terminates the session with <tt>UNAUTHORIZED</tt>.</t>
            </li>
            <li>
              <t>The client performs attestation with an external attester/issuer.</t>
            </li>
            <li>
              <t>The client obtains a publicly verifiable token.</t>
            </li>
          </ol>
          <t><strong>Phase 2: Token Exchange via Reverse Flow</strong></t>
          <ol spacing="normal" type="1"><li>
              <t>The client sends <tt>CLIENT_SETUP</tt> with:
              </t>
              <ul spacing="normal">
                <li>
                  <t>An AUTHORIZATION TOKEN option carrying the publicly verifiable <tt>Token</tt>
from Phase 1</t>
                </li>
                <li>
                  <t>An AUTH REQUEST option carrying a <tt>CredentialRequest</tt> (or
<tt>GenericBatchTokenRequest</tt>) for a privately verifiable token type
(<tt>0x0001</tt>, <tt>0x0005</tt>, or <tt>0xE5AC</tt>)</t>
                </li>
              </ul>
            </li>
            <li>
              <t>The MoQ relay validates the bootstrap token, then processes the credential
request using its internal issuer.</t>
            </li>
            <li>
              <t>The MoQ relay responds with <tt>SERVER_SETUP</tt> containing:
              </t>
              <ul spacing="normal">
                <li>
                  <t>An AUTH RESPONSE option carrying the <tt>CredentialResponse</tt> (or
<tt>GenericBatchTokenResponse</tt>) with the privately verifiable
credential/tokens</t>
                </li>
              </ul>
            </li>
          </ol>
          <t><strong>Phase 3: Normal Operations</strong></t>
          <ol spacing="normal" type="1"><li>
              <t>For subsequent operations (SUBSCRIBE, PUBLISH, FETCH), the client presents
tokens derived from the credential obtained in Phase 2.</t>
            </li>
            <li>
              <t>The MoQ relay validates tokens locally using its private verification key.</t>
            </li>
          </ol>
        </section>
        <section anchor="credential-encoding">
          <name>Credential Request/Response Encoding</name>
          <t>When using the reverse flow, the AUTH REQUEST payload
(<xref target="auth-request-response-param"/>) contains the credential or token request
for the privately verifiable token type:</t>
          <ul spacing="normal">
            <li>
              <t>For <tt>0x0001</tt> or <tt>0x0005</tt>: <tt>GenericBatchTokenRequest</tt> as defined in <xref section="6.1" sectionFormat="of" target="PRIVACYPASS-BATCHED"/></t>
            </li>
            <li>
              <t>For <tt>0xE5AC</tt>: <tt>CredentialRequest</tt> as defined in <xref section="7.1" sectionFormat="of" target="PRIVACYPASS-ARC"/></t>
            </li>
          </ul>
          <t>Similarly, the AUTH RESPONSE payload contains:</t>
          <ul spacing="normal">
            <li>
              <t>For <tt>0x0001</tt> or <tt>0x0005</tt>: <tt>GenericBatchTokenResponse</tt> as defined in <xref section="6.2" sectionFormat="of" target="PRIVACYPASS-BATCHED"/></t>
            </li>
            <li>
              <t>For <tt>0xE5AC</tt>: <tt>CredentialResponse</tt> as defined in <xref section="7.2" sectionFormat="of" target="PRIVACYPASS-ARC"/></t>
            </li>
          </ul>
        </section>
      </section>
      <section anchor="trust-model">
        <name>Trust Model</name>
        <t>The architecture assumes the following trust relationships based on
<xref section="3" sectionFormat="of" target="RFC9576"/>:</t>
        <ul spacing="normal">
          <li>
            <t>Relays trust issuers to properly validate client eligibility
before issuing tokens</t>
          </li>
          <li>
            <t>Issuers trust attesters to accurately verify client eligibility</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="privacy-pass-token-integration">
      <name>Privacy Pass Token Integration</name>
      <t>This section describes how Privacy Pass tokens are integrated into the MoQ
transport protocol to provide privacy-preserving authorization for various
media operations.</t>
      <section anchor="moq-token-types">
        <name>Token Types for MoQ Authorization</name>
        <t>This specification uses the below existing Privacy Pass token types:</t>
        <t><strong>Publicly verifiable token types</strong></t>
        <ul spacing="normal">
          <li>
            <t><tt>0x0002 (Blind RSA (2048-bit))</tt>: Defined in <xref section="6" sectionFormat="of" target="RFC9578"/>. Uses
blind RSA signatures (<xref target="RFC9474"/>) for deployments requiring distributed validation
across multiple relays.</t>
          </li>
        </ul>
        <t><strong>Privately verifiable token types</strong></t>
        <ul spacing="normal">
          <li>
            <t><tt>0x0001 (VOPRF(P-384, SHA-384))</tt>: Defined in <xref section="6" sectionFormat="of" target="RFC9578"/>. Uses VOPRF (<xref target="RFC9497"/>) for
deployments where the origin is the issuer. Issuance can be batched as defined in <xref section="5" sectionFormat="of" target="PRIVACYPASS-BATCHED"/>.</t>
          </li>
          <li>
            <t><tt>0x0005 (VOPRF(ristretto255, SHA-512))</tt>: Defined in <xref section="8.1" sectionFormat="of" target="PRIVACYPASS-BATCHED"/>. Uses VOPRF (<xref target="RFC9497"/>) for
deployments where the origin is the issuer. Issuance can be batched as defined in <xref section="5" sectionFormat="of" target="PRIVACYPASS-BATCHED"/>.</t>
          </li>
          <li>
            <t><tt>0xE5AC (ARC(P-256))</tt>: Anonymous Rate Limit Credentials Token using <xref target="ARC"/>.
Tokens are presented by clients based on an issued credential and up to a <tt>presentation_limit</tt>.</t>
          </li>
        </ul>
      </section>
      <section anchor="token-structure">
        <name>Token Structure</name>
        <t>Privacy Pass tokens used in MoQ <bcp14>MUST</bcp14> follow the structure defined in
<xref section="2.2" sectionFormat="of" target="RFC9577"/> for the PrivateToken HTTP authentication scheme. The token
structure includes:</t>
        <ul spacing="normal">
          <li>
            <t><strong>Token Type</strong>: 2-byte identifier specifying the issuance protocol used</t>
          </li>
          <li>
            <t><strong>Nonce</strong>: 32-byte client-generated random value for uniqueness</t>
          </li>
          <li>
            <t><strong>Challenge Digest</strong>: 32-byte SHA-256 hash of the TokenChallenge</t>
          </li>
          <li>
            <t><strong>Token Key ID</strong>: Variable-length identifier for the issuer's public key</t>
          </li>
          <li>
            <t><strong>Authenticator</strong>: Variable-length cryptographic proof bound to the token</t>
          </li>
        </ul>
        <section anchor="token-challenge-structure-for-moq">
          <name>Token Challenge Structure for MoQ</name>
          <t>MoQ-specific TokenChallenge structures use the default format defined in
<xref section="2.1" sectionFormat="of" target="RFC9577"/> with MoQ-specific parameters in the origin_info field,
reproduced thereafter for convenience:</t>
          <artwork><![CDATA[
struct {
    uint16_t token_type;
    opaque issuer_name<1..2^16-1>;
    opaque redemption_context<0..32>;
    opaque origin_info<0..2^16-1>;
} TokenChallenge;
]]></artwork>
          <t>For MoQ usage, authorization scope information can be encoded by the origin
within <tt>origin_info</tt> field. This is encoded in the Token at issuance time when
types <tt>0x0001</tt>, <tt>0x0002</tt>, <tt>0x0005</tt> are used. When clients present a credential
such as with <xref target="ARC"/>, the scope may be restricted at presentation time.</t>
          <t>Origins <bcp14>MAY</bcp14> use <tt>redemption_context</tt> to scope token use to properties of the client
session. As described in <xref section="2.1.1.2" sectionFormat="of" target="RFC9577"/>, <tt>redemption context</tt> can
be set to 32-byte random nonce, to the hash of a specific time window, or even
derived from the client's ASN.</t>
        </section>
        <section anchor="moq-actions">
          <name>MoQ Actions</name>
          <t>MoQ operations are identified by the following action values, aligned with
MoQTransport control message types:</t>
          <table anchor="moq-actions-table">
            <name>MoQ Action Values</name>
            <thead>
              <tr>
                <th align="left">Action</th>
                <th align="left">Value</th>
                <th align="left">Reference</th>
              </tr>
            </thead>
            <tbody>
              <tr>
                <td align="left">CLIENT_SETUP</td>
                <td align="left">0</td>
                <td align="left">
                  <xref section="9.3" sectionFormat="of" target="MoQ-TRANSPORT"/></td>
              </tr>
              <tr>
                <td align="left">SERVER_SETUP</td>
                <td align="left">1</td>
                <td align="left">
                  <xref section="9.3" sectionFormat="of" target="MoQ-TRANSPORT"/></td>
              </tr>
              <tr>
                <td align="left">PUBLISH_NAMESPACE</td>
                <td align="left">2</td>
                <td align="left">
                  <xref section="9.20" sectionFormat="of" target="MoQ-TRANSPORT"/></td>
              </tr>
              <tr>
                <td align="left">SUBSCRIBE_NAMESPACE</td>
                <td align="left">3</td>
                <td align="left">
                  <xref section="9.25" sectionFormat="of" target="MoQ-TRANSPORT"/></td>
              </tr>
              <tr>
                <td align="left">SUBSCRIBE</td>
                <td align="left">4</td>
                <td align="left">
                  <xref section="9.9" sectionFormat="of" target="MoQ-TRANSPORT"/></td>
              </tr>
              <tr>
                <td align="left">REQUEST_UPDATE</td>
                <td align="left">5</td>
                <td align="left">
                  <xref section="9.11" sectionFormat="of" target="MoQ-TRANSPORT"/></td>
              </tr>
              <tr>
                <td align="left">PUBLISH</td>
                <td align="left">6</td>
                <td align="left">
                  <xref section="9.13" sectionFormat="of" target="MoQ-TRANSPORT"/></td>
              </tr>
              <tr>
                <td align="left">FETCH</td>
                <td align="left">7</td>
                <td align="left">
                  <xref section="9.16" sectionFormat="of" target="MoQ-TRANSPORT"/></td>
              </tr>
              <tr>
                <td align="left">TRACK_STATUS</td>
                <td align="left">8</td>
                <td align="left">
                  <xref section="9.19" sectionFormat="of" target="MoQ-TRANSPORT"/></td>
              </tr>
            </tbody>
          </table>
          <t>The default authorization policy is "blocked" - all actions are denied unless
explicitly permitted by a token scope.</t>
          <t><tt>MoQAction</tt> wire representation is as follows</t>
          <artwork><![CDATA[
enum {
    CLIENT_SETUP(0),
    SERVER_SETUP(1),
    PUBLISH_NAMESPACE(2),
    SUBSCRIBE_NAMESPACE(3),
    SUBSCRIBE(4),
    REQUEST_UPDATE(5),
    PUBLISH(6),
    FETCH(7),
    TRACK_STATUS(8),
    (255)
} MoQAction;
]]></artwork>
        </section>
        <section anchor="match-types">
          <name>Match Types</name>
          <t>Match rules for namespaces and track names support the following types:</t>
          <table anchor="match-types-table">
            <name>Match Type Values</name>
            <thead>
              <tr>
                <th align="left">Match Type</th>
                <th align="left">Value</th>
                <th align="left">Description</th>
              </tr>
            </thead>
            <tbody>
              <tr>
                <td align="left">MATCH_EXACT</td>
                <td align="left">0</td>
                <td align="left">Value must equal the pattern exactly</td>
              </tr>
              <tr>
                <td align="left">MATCH_PREFIX</td>
                <td align="left">1</td>
                <td align="left">Value must start with the pattern</td>
              </tr>
              <tr>
                <td align="left">MATCH_SUFFIX</td>
                <td align="left">2</td>
                <td align="left">Value must end with the pattern</td>
              </tr>
              <tr>
                <td align="left">MATCH_CONTAINS</td>
                <td align="left">3</td>
                <td align="left">Value must contain the pattern as substring</td>
              </tr>
            </tbody>
          </table>
          <t>Track namespaces in MoQ are represented as ordered tuples of byte strings
(e.g., <tt>["example.com", "live", "sports"]</tt>). Match rules operate on these
tuples at tuple element boundaries. The pattern in a <tt>MatchRule</tt> (defined in <xref target="scope-origin-info"/>) is also a
tuple of byte strings, and matching is performed element-by-element.</t>
          <t>As for track names, match rules can be applied directly given there is a single
tuple element.</t>
          <t>No normalization is performed on namespace tuple elements or track name values
before matching. Comparisons are performed as byte-level operations on each
tuple element.</t>
          <t><tt>MatchType</tt> wire representation is as follows</t>
          <artwork><![CDATA[
enum {
    MATCH_EXACT(0),
    MATCH_PREFIX(1),
    MATCH_SUFFIX(2),
    MATCH_CONTAINS(3),
    (255)
} MatchType;
]]></artwork>
        </section>
        <section anchor="scope-origin-info">
          <name>Authorization Scope Structure (origin_info)</name>
          <t>When authorization scope is bound at issuance time, the <tt>origin_info</tt> field
contains a binary-encoded <tt>MoQAuthorizationInfo</tt> structure:</t>
          <artwork><![CDATA[
struct {
    opaque element<0..2^16-1>;
} TupleElement;

struct {
    TupleElement elements<0..2^16-1>;
} NamespaceTuple;

struct {
    MatchType match_type;
    NamespaceTuple value;
} NamespaceMatchRule;

struct {
    MatchType match_type;
    opaque value<0..2^16-1>;
} TrackNameMatchRule;

struct {
    MoQAction actions<1..2^8-1>;
    NamespaceMatchRule namespace_match;
    TrackNameMatchRule track_name_match;
} MoQAuthScope;

struct {
    MoQAuthScope scopes<1..2^8-1>;
} MoQAuthorizationInfo;
]]></artwork>
          <t>A token <bcp14>MAY</bcp14> contain multiple <tt>MoQAuthScope</tt> entries to authorize different
combinations of actions and resource patterns. Authorization succeeds if
ANY scope in the token permits the requested operation.</t>
        </section>
        <section anchor="examples">
          <name>Examples</name>
          <t>The following examples illustrate authorization scope configurations:</t>
          <t>Subscribe to live sports namespace (prefix match):</t>
          <artwork><![CDATA[
MoQAuthScope {
    actions = [SUBSCRIBE(4)],
    namespace_match = {
        match_type = MATCH_PREFIX(1),
        value = ["sports.example.com", "live"]
    },
    track_name_match = {
        match_type = MATCH_PREFIX(1),
        value = ""
    }
}
]]></artwork>
          <t>This matches namespace tuples like <tt>["sports.example.com", "live", "soccer"]</tt>
and <tt>["sports.example.com", "live", "tennis", "finals"]</tt>.</t>
          <t>Publish to specific meeting track (exact match):</t>
          <artwork><![CDATA[
MoQAuthScope {
    actions = [PUBLISH(6)],
    namespace_match = {
        match_type = MATCH_EXACT(0),
        value = ["meetings.example.com", "meeting", "m123"]
    },
    track_name_match = {
        match_type = MATCH_PREFIX(1),
        value = "audio-"
    }
}
]]></artwork>
          <t>This matches only the exact namespace tuple <tt>["meetings.example.com", "meeting", "m123"]</tt>
with track names starting with "audio-".</t>
          <t>Fetch video-on-demand with suffix matching:</t>
          <artwork><![CDATA[
MoQAuthScope {
    actions = [FETCH(7)],
    namespace_match = {
        match_type = MATCH_CONTAINS(3),
        value = ["vod", "movies"]
    },
    track_name_match = {
        match_type = MATCH_SUFFIX(2),
        value = ".mp4"
    }
}
]]></artwork>
          <t>This matches namespace tuples containing the contiguous subsequence
<tt>["vod", "movies"]</tt>, such as <tt>["example.com", "vod", "movies", "action"]</tt>.</t>
        </section>
      </section>
      <section anchor="track-namespace-and-track-name-matching-rules">
        <name>Track Namespace and Track Name Matching Rules</name>
        <t>This specification defines matching rules for track namespaces and track names
to enable fine-grained access control while maintaining privacy. Both namespace
and track name matching use the same <tt>MatchRule</tt> structure and algorithm.</t>
        <section anchor="match-rule-evaluation">
          <name>Match Rule Evaluation</name>
          <t>Given a <tt>MatchRule</tt> and a target value (namespace tuple or track name), the
match succeeds according to the following rules. For namespace matching, both
the pattern and target are tuples of byte strings; matching operates at tuple
element boundaries.</t>
          <t><tt>MATCH_EXACT (0)</tt>:</t>
          <t>The target <bcp14>MUST</bcp14> be identical to the pattern. For namespace
tuples, this means the same number of elements with each element byte-for-byte
identical. The pattern tuple <tt>["example.com", "live"]</tt> matches only
<tt>["example.com", "live"]</tt>, not <tt>["example.com", "live", "sports"]</tt>.</t>
          <t><tt>MATCH_PREFIX (1)</tt>:</t>
          <t>The target <bcp14>MUST</bcp14> start with the pattern at tuple element
boundaries. The pattern tuple <tt>["example.com", "live"]</tt> matches
<tt>["example.com", "live", "sports"]</tt> and <tt>["example.com", "live", "news", "breaking"]</tt>
but not <tt>["example.com", "vod"]</tt>. Note that <tt>["example.com", "liv"]</tt> does NOT
match <tt>["example.com", "live"]</tt> since matching is at element boundaries.</t>
          <t><tt>MATCH_SUFFIX (2)</tt>:</t>
          <t>The target <bcp14>MUST</bcp14> end with the pattern at tuple element
boundaries. The pattern tuple <tt>["audio"]</tt> matches <tt>["meeting123", "audio"]</tt> and
<tt>["conference", "room1", "audio"]</tt> but not <tt>["audio", "opus"]</tt>.</t>
          <t><tt>MATCH_CONTAINS (3)</tt>:</t>
          <t>The target <bcp14>MUST</bcp14> contain the pattern as a contiguous
subsequence of tuple elements. The pattern tuple <tt>["live", "sports"]</tt> matches
<tt>["example.com", "live", "sports", "soccer"]</tt> but the single-element pattern
<tt>["sports"]</tt> does NOT match <tt>["live-sports", "channel"]</tt> since "sports" is a
substring within an element, not a complete element.</t>
          <t>Note: To match all values, use MATCH_PREFIX with an empty pattern (<tt>[]</tt> for
namespaces or <tt>""</tt> for track names). An empty pattern is a prefix of every value.</t>
        </section>
        <section anchor="matching-algorithm">
          <name>Matching Algorithm</name>
          <t>When a MoQ relay receives a request with a Privacy Pass token, it performs the
following validation steps to determine whether to authorize the requested
operation:</t>
          <figure anchor="fig-matching-algorithm">
            <name>Token Validation and Matching Algorithm</name>
            <artset>
              <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="880" width="448" viewBox="0 0 448 880" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                  <path d="M 8,32 L 8,80" fill="none" stroke="black"/>
                  <path d="M 8,128 L 8,176" fill="none" stroke="black"/>
                  <path d="M 8,224 L 8,272" fill="none" stroke="black"/>
                  <path d="M 8,320 L 8,368" fill="none" stroke="black"/>
                  <path d="M 8,416 L 8,480" fill="none" stroke="black"/>
                  <path d="M 8,528 L 8,576" fill="none" stroke="black"/>
                  <path d="M 8,624 L 8,672" fill="none" stroke="black"/>
                  <path d="M 8,720 L 8,768" fill="none" stroke="black"/>
                  <path d="M 8,816 L 8,864" fill="none" stroke="black"/>
                  <path d="M 80,80 L 80,120" fill="none" stroke="black"/>
                  <path d="M 80,176 L 80,216" fill="none" stroke="black"/>
                  <path d="M 80,272 L 80,312" fill="none" stroke="black"/>
                  <path d="M 80,368 L 80,408" fill="none" stroke="black"/>
                  <path d="M 80,480 L 80,520" fill="none" stroke="black"/>
                  <path d="M 80,576 L 80,616" fill="none" stroke="black"/>
                  <path d="M 80,672 L 80,712" fill="none" stroke="black"/>
                  <path d="M 80,768 L 80,808" fill="none" stroke="black"/>
                  <path d="M 160,32 L 160,80" fill="none" stroke="black"/>
                  <path d="M 160,128 L 160,176" fill="none" stroke="black"/>
                  <path d="M 160,224 L 160,272" fill="none" stroke="black"/>
                  <path d="M 160,320 L 160,368" fill="none" stroke="black"/>
                  <path d="M 160,416 L 160,480" fill="none" stroke="black"/>
                  <path d="M 160,528 L 160,576" fill="none" stroke="black"/>
                  <path d="M 160,624 L 160,672" fill="none" stroke="black"/>
                  <path d="M 160,720 L 160,768" fill="none" stroke="black"/>
                  <path d="M 160,816 L 160,864" fill="none" stroke="black"/>
                  <path d="M 208,128 L 208,176" fill="none" stroke="black"/>
                  <path d="M 208,224 L 208,272" fill="none" stroke="black"/>
                  <path d="M 248,464 L 248,736" fill="none" stroke="black"/>
                  <path d="M 304,416 L 304,464" fill="none" stroke="black"/>
                  <path d="M 344,128 L 344,176" fill="none" stroke="black"/>
                  <path d="M 344,224 L 344,272" fill="none" stroke="black"/>
                  <path d="M 440,416 L 440,464" fill="none" stroke="black"/>
                  <path d="M 8,32 L 160,32" fill="none" stroke="black"/>
                  <path d="M 8,80 L 160,80" fill="none" stroke="black"/>
                  <path d="M 8,128 L 160,128" fill="none" stroke="black"/>
                  <path d="M 208,128 L 344,128" fill="none" stroke="black"/>
                  <path d="M 168,144 L 200,144" fill="none" stroke="black"/>
                  <path d="M 8,176 L 160,176" fill="none" stroke="black"/>
                  <path d="M 208,176 L 344,176" fill="none" stroke="black"/>
                  <path d="M 8,224 L 160,224" fill="none" stroke="black"/>
                  <path d="M 208,224 L 344,224" fill="none" stroke="black"/>
                  <path d="M 168,240 L 200,240" fill="none" stroke="black"/>
                  <path d="M 8,272 L 160,272" fill="none" stroke="black"/>
                  <path d="M 208,272 L 344,272" fill="none" stroke="black"/>
                  <path d="M 8,320 L 160,320" fill="none" stroke="black"/>
                  <path d="M 8,368 L 160,368" fill="none" stroke="black"/>
                  <path d="M 8,416 L 160,416" fill="none" stroke="black"/>
                  <path d="M 304,416 L 440,416" fill="none" stroke="black"/>
                  <path d="M 160,432 L 296,432" fill="none" stroke="black"/>
                  <path d="M 168,464 L 248,464" fill="none" stroke="black"/>
                  <path d="M 304,464 L 440,464" fill="none" stroke="black"/>
                  <path d="M 8,480 L 160,480" fill="none" stroke="black"/>
                  <path d="M 8,528 L 160,528" fill="none" stroke="black"/>
                  <path d="M 168,544 L 248,544" fill="none" stroke="black"/>
                  <path d="M 8,576 L 160,576" fill="none" stroke="black"/>
                  <path d="M 8,624 L 160,624" fill="none" stroke="black"/>
                  <path d="M 168,640 L 248,640" fill="none" stroke="black"/>
                  <path d="M 8,672 L 160,672" fill="none" stroke="black"/>
                  <path d="M 8,720 L 160,720" fill="none" stroke="black"/>
                  <path d="M 168,736 L 248,736" fill="none" stroke="black"/>
                  <path d="M 8,768 L 160,768" fill="none" stroke="black"/>
                  <path d="M 8,816 L 160,816" fill="none" stroke="black"/>
                  <path d="M 8,864 L 160,864" fill="none" stroke="black"/>
                  <polygon class="arrowhead" points="304,432 292,426.4 292,437.6" fill="black" transform="rotate(0,296,432)"/>
                  <polygon class="arrowhead" points="208,240 196,234.4 196,245.6" fill="black" transform="rotate(0,200,240)"/>
                  <polygon class="arrowhead" points="208,144 196,138.4 196,149.6" fill="black" transform="rotate(0,200,144)"/>
                  <polygon class="arrowhead" points="176,464 164,458.4 164,469.6" fill="black" transform="rotate(180,168,464)"/>
                  <polygon class="arrowhead" points="88,808 76,802.4 76,813.6" fill="black" transform="rotate(90,80,808)"/>
                  <polygon class="arrowhead" points="88,712 76,706.4 76,717.6" fill="black" transform="rotate(90,80,712)"/>
                  <polygon class="arrowhead" points="88,616 76,610.4 76,621.6" fill="black" transform="rotate(90,80,616)"/>
                  <polygon class="arrowhead" points="88,520 76,514.4 76,525.6" fill="black" transform="rotate(90,80,520)"/>
                  <polygon class="arrowhead" points="88,408 76,402.4 76,413.6" fill="black" transform="rotate(90,80,408)"/>
                  <polygon class="arrowhead" points="88,312 76,306.4 76,317.6" fill="black" transform="rotate(90,80,312)"/>
                  <polygon class="arrowhead" points="88,216 76,210.4 76,221.6" fill="black" transform="rotate(90,80,216)"/>
                  <polygon class="arrowhead" points="88,120 76,114.4 76,125.6" fill="black" transform="rotate(90,80,120)"/>
                  <g class="text">
                    <text x="48" y="52">Extract</text>
                    <text x="104" y="52">Token</text>
                    <text x="36" y="68">from</text>
                    <text x="72" y="68">MoQ</text>
                    <text x="120" y="68">Message</text>
                    <text x="104" y="100">Yes</text>
                    <text x="40" y="148">Check</text>
                    <text x="92" y="148">Replay</text>
                    <text x="272" y="148">Authorization</text>
                    <text x="60" y="164">Protection</text>
                    <text x="180" y="164">No</text>
                    <text x="244" y="164">Failed</text>
                    <text x="44" y="244">Verify</text>
                    <text x="96" y="244">Token</text>
                    <text x="272" y="244">Authorization</text>
                    <text x="80" y="260">(Type-specific)</text>
                    <text x="180" y="260">No</text>
                    <text x="244" y="260">Failed</text>
                    <text x="104" y="292">Yes</text>
                    <text x="48" y="340">Extract</text>
                    <text x="104" y="340">Scope</text>
                    <text x="72" y="356">(origin_info)</text>
                    <text x="368" y="436">Authorization</text>
                    <text x="32" y="452">For</text>
                    <text x="68" y="452">each</text>
                    <text x="112" y="452">Scope</text>
                    <text x="180" y="452">No</text>
                    <text x="212" y="452">more</text>
                    <text x="260" y="452">scopes</text>
                    <text x="340" y="452">Failed</text>
                    <text x="44" y="548">Action</text>
                    <text x="84" y="548">in</text>
                    <text x="76" y="564">scope.actions?</text>
                    <text x="204" y="564">No</text>
                    <text x="104" y="596">Yes</text>
                    <text x="56" y="644">Namespace</text>
                    <text x="120" y="644">Match</text>
                    <text x="36" y="660">Rule</text>
                    <text x="88" y="660">passes?</text>
                    <text x="204" y="660">No</text>
                    <text x="104" y="692">Yes</text>
                    <text x="40" y="740">Track</text>
                    <text x="84" y="740">Name</text>
                    <text x="128" y="740">Match</text>
                    <text x="36" y="756">Rule</text>
                    <text x="88" y="756">passes?</text>
                    <text x="104" y="788">Yes</text>
                    <text x="72" y="836">Authorization</text>
                    <text x="48" y="852">Granted</text>
                  </g>
                </svg>
              </artwork>
              <artwork type="ascii-art"><![CDATA[
+------------------+
| Extract Token    |
| from MoQ Message |
+--------+---------+
         | Yes
         v
+------------------+     +----------------+
| Check Replay     |---->| Authorization  |
| Protection       | No  | Failed         |
+--------+---------+     +----------------+
         |
         v
+------------------+     +----------------+
| Verify Token     |---->| Authorization  |
| (Type-specific)  | No  | Failed         |
+--------+---------+     +----------------+
         | Yes
         v
+------------------+
| Extract Scope    |
| (origin_info)    |
+--------+---------+
         |
         v
+------------------+                 +----------------+
|                  +---------------->| Authorization  |
| For each Scope   | No more scopes  | Failed         |
|                  |<---------+      +----------------+
+--------+---------+          |
         |                    |
         v                    |
+------------------+          |
| Action in        |----------+
| scope.actions?   |    No    |
+--------+---------+          |
         | Yes                |
         v                    |
+------------------+          |
| Namespace Match  |----------+
| Rule passes?     |    No    |
+--------+---------+          |
         | Yes                |
         v                    |
+------------------+          |
| Track Name Match |----------+
| Rule passes?     |
+--------+---------+
         | Yes
         v
+------------------+
| Authorization    |
| Granted          |
+------------------+
]]></artwork>
            </artset>
          </figure>
          <ol spacing="normal" type="1"><li>
              <t><strong>Token Extraction</strong>: Extract the Privacy Pass token from the MoQ control
message (SETUP, SUBSCRIBE, FETCH, PUBLISH, PUBLISH_NAMESPACE, or other operation).</t>
            </li>
            <li>
              <t><strong>Token Verification</strong>: Verify the token using the appropriate method for
the token type:  </t>
              <ul spacing="normal">
                <li>
                  <t>Token Type <tt>0x0001</tt> or <tt>0x0005</tt> (VOPRF): Verify using the issuer's
private validation key</t>
                </li>
                <li>
                  <t>Token Type <tt>0x0002</tt> (Blind RSA): Verify using the issuer's public
verification key</t>
                </li>
                <li>
                  <t>Token Type <tt>0xE5AC</tt> (ARC): Verify the presentation proof using the
issuer's public parameters</t>
                </li>
              </ul>
            </li>
            <li>
              <t><strong>Replay Protection</strong>: Validate that the token has not been replayed:  </t>
              <ul spacing="normal">
                <li>
                  <t>Check token nonce uniqueness within the configured replay window</t>
                </li>
                <li>
                  <t>Verify token expiration timestamp if present in token metadata</t>
                </li>
              </ul>
            </li>
            <li>
              <t><strong>Scope Extraction</strong>: Extract authorization scope from the token:  </t>
              <ul spacing="normal">
                <li>
                  <t>If using <tt>origin_info</tt>: Decode the <tt>MoQAuthorizationInfo</tt> structure</t>
                </li>
              </ul>
            </li>
            <li>
              <t><strong>Scope Evaluation</strong>: For each <tt>MoQAuthScope</tt> in the token, check if the
requested operation is authorized:  </t>
              <t>
a. <strong>Action Check</strong>: Verify the requested MoQ action (from <xref target="moq-actions"/>)
   is present in the scope's <tt>actions</tt> list  </t>
              <t>
b. <strong>Namespace Match</strong>: Apply the <tt>namespace_match</tt> rule to the requested
   track namespace using the algorithm in <xref target="match-types"/>  </t>
              <t>
c. <strong>Track Name Match</strong>: Apply the <tt>track_name_match</tt> rule to the requested
   track name using the algorithm in <xref target="match-types"/>  </t>
              <t>
d. If all three checks pass, authorization succeeds for this scope</t>
            </li>
            <li>
              <t><strong>Authorization Decision</strong>: Access is granted if and only if:  </t>
              <ul spacing="normal">
                <li>
                  <t>Token verification succeeds (step 2)</t>
                </li>
                <li>
                  <t>Replay protection passes (step 3)</t>
                </li>
                <li>
                  <t>At least one scope in the token authorizes the operation (step 5)</t>
                </li>
              </ul>
            </li>
          </ol>
          <t>If authorization fails, an error is returned as specified in <xref target="errors"/>.</t>
        </section>
      </section>
      <section anchor="transport-hooks">
        <name>Required MoQ Transport Extensions</name>
        <t>This document relies on authentication hooks that are proposed for MoQ
Transport but not yet part of <xref target="MoQ-TRANSPORT"/> (see moq-transport issue
1658). They are defined here provisionally and are expected to move to the
transport draft. They are deliberately scheme-agnostic: any authorization
scheme with a codepoint in the "MOQT Auth Token Type" registry can use them.</t>
        <t>This document also assumes that <tt>REQUEST_ERROR</tt> carries Message Parameters,
as <tt>REQUEST_OK</tt> and <tt>REQUEST_UPDATE</tt> already do.</t>
        <section anchor="auth-challenge-param">
          <name>AUTH CHALLENGE Parameter</name>
          <t>The AUTH CHALLENGE parameter is a length-prefixed Message Parameter, with a
Setup Option counterpart of identical encoding:</t>
          <artwork><![CDATA[
Auth Challenge {
  Token Type (vi64),
  Challenge (..)
}
]]></artwork>
          <ul spacing="normal">
            <li>
              <t>Token Type: a codepoint from the "MOQT Auth Token Type" registry of
<xref target="MoQ-TRANSPORT"/>, identifying the authorization scheme.</t>
            </li>
            <li>
              <t>Challenge: opaque bytes whose format is defined by the Token Type.</t>
            </li>
          </ul>
          <t>The parameter conveys that the sender will accept a credential of this Token
Type satisfying this Challenge. It <bcp14>MAY</bcp14> be repeated within a message;
challenges are ordered by sender preference, most preferred first. A
receiver ignores challenges whose Token Type it does not support.</t>
          <t>The Message Parameter can appear in <tt>REQUEST_ERROR</tt> and in successful
responses (<tt>REQUEST_OK</tt>, <tt>SUBSCRIBE_OK</tt>, <tt>FETCH_OK</tt>). The Setup Option can
appear in <tt>SERVER_SETUP</tt>.</t>
          <t>For this document, the Token Type is PRIVACY_PASS_TOKEN
(<xref target="iana-moqt-token-type"/>) and the Challenge is a <tt>TokenChallenge</tt> as
defined in <xref section="2.1" sectionFormat="of" target="RFC9577"/>.</t>
        </section>
        <section anchor="auth-request-response-param">
          <name>AUTH REQUEST and AUTH RESPONSE Parameters</name>
          <t>The AUTH REQUEST and AUTH RESPONSE parameters are length-prefixed Message
Parameters, with Setup Option counterparts of identical encoding:</t>
          <artwork><![CDATA[
Auth Request {
  Token Type (vi64),
  Request Payload (..)
}

Auth Response {
  Token Type (vi64),
  Response Payload (..)
}
]]></artwork>
          <t>AUTH REQUEST asks the receiver to produce credential material defined by
the authorization scheme, such as a token issuance or renewal request. It
can appear wherever the AUTHORIZATION TOKEN parameter can, including
<tt>REQUEST_UPDATE</tt>, and in <tt>CLIENT_SETUP</tt> as an option. A receiver that does
not support the Token Type, or is unwilling to issue, ignores the parameter
and processes the message as if it were absent; the sender detects this by
the absence of a matching AUTH RESPONSE.</t>
          <t>AUTH RESPONSE carries the material produced in answer to an AUTH REQUEST.
It can appear in the response to the message that carried the AUTH REQUEST
(<tt>REQUEST_OK</tt>, <tt>SUBSCRIBE_OK</tt>, <tt>FETCH_OK</tt>) and in <tt>SERVER_SETUP</tt> as an
option. It <bcp14>MUST NOT</bcp14> be sent unsolicited.</t>
          <t>Request and response payloads are transient: they are not registered in the
token cache and do not count against MAX_AUTH_TOKEN_CACHE_SIZE.</t>
          <t>For this document, the Token Type is PRIVACY_PASS_TOKEN and the payloads
are the issuance structures listed in <xref target="credential-encoding"/>.</t>
        </section>
      </section>
      <section anchor="token-in-moq-messages">
        <name>Token in MOQ Messages</name>
        <t>Privacy Pass tokens are provided to MoQ relays using the existing MoQ
authorization framework with the following adaptations:</t>
        <section anchor="setup-message-authorization">
          <name>SETUP Message Authorization</name>
          <t>For connection-level authorization, the client includes an AUTHORIZATION
TOKEN Setup Option (<xref section="9.3.1.5" sectionFormat="of" target="MoQ-TRANSPORT"/>) whose Token Type
is PRIVACY_PASS_TOKEN and whose Token Value is a <tt>Token</tt> structure. When
the client also wants tokens or credentials issued over this connection
(<xref target="reverse-flow"/>), it adds an AUTH REQUEST option
(<xref target="auth-request-response-param"/>); the relay answers with an AUTH RESPONSE
option in <tt>SERVER_SETUP</tt>.</t>
          <artwork><![CDATA[
CLIENT_SETUP {
    Setup Options = [
        AUTHORIZATION TOKEN {
            Token Type = PRIVACY_PASS_TOKEN,
            Token Value = Token
        },
        AUTH REQUEST {          /* optional, reverse flow */
            Token Type = PRIVACY_PASS_TOKEN,
            Request Payload = GenericBatchTokenRequest
        }
    ]
}

SERVER_SETUP {
    Setup Options = [
        AUTH RESPONSE {         /* only answering an AUTH REQUEST */
            Token Type = PRIVACY_PASS_TOKEN,
            Response Payload = GenericBatchTokenResponse
        }
    ]
}
]]></artwork>
          <t>The <tt>Token</tt> structure is prepended by a two-byte token type identifier
as registered with IANA:</t>
          <artwork><![CDATA[
struct {
   uint16_t token_type; /* From the IANA Privacy Pass Token Types Registry */
   select (token_type) { /* Rest of the token */
     case (0x0001, 0x0002, 0x0005):
         uint8_t nonce[32];
         uint8_t challenge_digest[32];
         uint8_t token_key_id[Nid];
         uint8_t authenticator[Nk];
     case (other): /* Other token types from the IANA Privacy Pass Token Types Registry */
         opaque remainder<0..2^16-1>;
   }
} Token;
]]></artwork>
          <t>Where <tt>Nk</tt> is determined by token_type per the <xref target="PRIVACYPASS-IANA"/>.</t>
          <t>Unknown token types <bcp14>MUST</bcp14> be rejected.</t>
        </section>
        <section anchor="moq-operation-level-authorization">
          <name>MoQ Operation-Level Authorization</name>
          <t>For individual MoQ operation authorization, tokens are included in
operation-specific control messages:</t>
          <artwork><![CDATA[
SUBSCRIBE {
    Track_Namespace = "sports.example.com/live/soccer",
    Track_Name = "video",
    Parameters = [
        AUTHORIZATION TOKEN {
            Token Type = PRIVACY_PASS_TOKEN,
            Token Value = Token
        }
    ]
}
]]></artwork>
        </section>
        <section anchor="continuous-auth-batched">
          <name>Continuous Authorization with Batched Tokens</name>
          <t>Long-lived MoQ sessions (such as live streaming or real-time communication)
require periodic re-authorization to ensure continued eligibility. Unlike
JWT-based approaches that use explicit revalidation intervals, Privacy Pass
can achieve continuous authorization through batched token issuance.</t>
          <t>During the initial SETUP exchange, clients can request multiple tokens by
sending a <tt>GenericBatchTokenRequest</tt> (defined in
<xref section="6.1" sectionFormat="of" target="PRIVACYPASS-BATCHED"/>) in an AUTH REQUEST option. Each
token in the batch is independently valid and can be presented for
subsequent operations or periodic re-authorization.</t>
          <artwork><![CDATA[
Batched Token Usage Timeline:

Time 0:     CLIENT_SETUP with Token_1, request batch of N tokens
            SERVER_SETUP with batch of N tokens

Time T:     SUBSCRIBE with Token_2 (from batch)

Time 2T:    Client presents Token_3 for continued authorization
            (proactive re-auth before relay requests it)

Time 3T:    Relay requests re-authorization
            Client presents Token_4
]]></artwork>
          <t>Relays <bcp14>MAY</bcp14> request periodic re-authorization by attaching an AUTH CHALLENGE
parameter to a <tt>REQUEST_ERROR</tt>, or ahead of time to a successful response
alongside the EXPIRES parameter of <xref target="MoQ-TRANSPORT"/>, which tells the client
what its extending <tt>REQUEST_UPDATE</tt> needs to present. Clients <bcp14>SHOULD</bcp14> present
a fresh token from their batch in response if any satisfy the new
<tt>TokenChallenge</tt>. If not, they <bcp14>SHOULD</bcp14> perform a new issuance process.</t>
          <t>When using <xref target="ARC"/> tokens (<tt>0xE5AC</tt>), the credential's <tt>presentation_limit</tt> controls
how many times the client can present tokens from a single credential issuance.
This provides rate limiting while preserving unlinkability between presentations.</t>
          <t><strong>Deployment Considerations</strong>:</t>
          <ul spacing="normal">
            <li>
              <t>Batch size <bcp14>SHOULD</bcp14> be sufficient for the expected session duration</t>
            </li>
            <li>
              <t>Relays <bcp14>SHOULD</bcp14> configure re-authorization intervals based on content
sensitivity and trust requirements</t>
            </li>
            <li>
              <t>Clients <bcp14>SHOULD</bcp14> request new token batches before exhausting their supply</t>
            </li>
            <li>
              <t>For high-security deployments, shorter re-authorization intervals with
smaller batches provide stronger revocation guarantees</t>
            </li>
          </ul>
        </section>
        <section anchor="continuous-auth-reverse">
          <name>Continuous Authorization with Reverse Flow</name>
          <t>If the client and the relay support it, a Relay <bcp14>MAY</bcp14> perform continuous
authentication using a reverse flow.</t>
          <t>To do so, a client attaches an AUTH REQUEST parameter, carrying at least
one token request, to a message that also carries its AUTHORIZATION TOKEN.
The Relay acts as a reverse issuer and returns the corresponding AUTH
RESPONSE in the message answering it: <tt>SERVER_SETUP</tt> for a <tt>CLIENT_SETUP</tt>,
or the corresponding <tt>REQUEST_OK</tt>, <tt>SUBSCRIBE_OK</tt>, or <tt>FETCH_OK</tt> for
requests on an established connection.</t>
          <t>In particular, a subscriber can replenish its token supply without a new
round trip to the origin issuer by sending <tt>REQUEST_UPDATE</tt> with an AUTH
REQUEST parameter. This composes with the expiry-driven update cycle of
<xref target="MoQ-TRANSPORT"/>: when a subscription carries an EXPIRES parameter, the
extending <tt>REQUEST_UPDATE</tt> presents a fresh token and requests the next one
in the same message.</t>
          <t>Tokens obtained this way can be presented by the Client to maintain
the continuity of the session without linkability.</t>
          <artwork><![CDATA[
Reverse Flow Token Usage Timeline:

Time 0:     CLIENT_SETUP with Token_1 + AUTH REQUEST for 1 token
            SERVER_SETUP with AUTH RESPONSE (1 token)

Time T:     SUBSCRIBE with Token_2 + AUTH REQUEST for 1 token
            SUBSCRIBE_OK with AUTH RESPONSE (1 token)

Time 2T:    REQUEST_UPDATE with Token_3 + AUTH REQUEST for 1 token
            REQUEST_OK with AUTH RESPONSE (1 token)
]]></artwork>
        </section>
        <section anchor="errors">
          <name>Errors</name>
          <t>If the authentication fails for any reason, the server <bcp14>MUST</bcp14> send an error.
The error response includes a <tt>TokenChallenge</tt> to enable the client to obtain
a valid token and retry the operation.</t>
          <section anchor="setup-errors">
            <name>SETUP Errors</name>
            <t>If authentication fails during SETUP, the Relay <bcp14>MUST</bcp14> send a <tt>SERVER_SETUP</tt>
carrying one or more AUTH CHALLENGE Setup Options (<xref target="transport-hooks"/>) and
then terminate the session with the <tt>UNAUTHORIZED</tt> (0x02) Termination Error
Code defined in <xref section="3.4" sectionFormat="of" target="MoQ-TRANSPORT"/>. The termination reason
phrase carries no challenge material; it stays a human-readable string, as
the QUIC CONNECTION_CLOSE frame requires.</t>
            <t>Each AUTH CHALLENGE option carries one <tt>TokenChallenge</tt>. Options are ordered
by relay preference, most preferred first, which lets the client select an
issuance protocol based on the token types and issuers it supports.
Different options <bcp14>MAY</bcp14> name different issuers or scopes for different token
types. The Relay <bcp14>MUST</bcp14> include at least one challenge.</t>
            <t>The client can then obtain a token satisfying one of the challenges and
establish a new session presenting it. Since <xref target="MoQ-TRANSPORT"/> requires
endpoints to ignore unknown Setup Options, a client that does not support
this mechanism observes a regular <tt>UNAUTHORIZED</tt> termination.</t>
          </section>
          <section anchor="operation-errors">
            <name>Operation Errors</name>
            <t>If the error occurs over an established connection, the Relay <bcp14>MUST</bcp14> send a <tt>REQUEST_ERROR</tt>
defined in <xref section="9.8" sectionFormat="of" target="MoQ-TRANSPORT"/>.</t>
            <t>The error code <bcp14>MUST</bcp14> be one of:</t>
            <table anchor="error-codes-table">
              <name>Privacy Pass Authorization Error Codes</name>
              <thead>
                <tr>
                  <th align="left">Error Code</th>
                  <th align="left">Name</th>
                  <th align="left">Description</th>
                </tr>
              </thead>
              <tbody>
                <tr>
                  <td align="left">0x0100</td>
                  <td align="left">TOKEN_MISSING</td>
                  <td align="left">No token provided when required</td>
                </tr>
                <tr>
                  <td align="left">0x0101</td>
                  <td align="left">TOKEN_INVALID</td>
                  <td align="left">Token signature verification failed</td>
                </tr>
                <tr>
                  <td align="left">0x0102</td>
                  <td align="left">TOKEN_EXPIRED</td>
                  <td align="left">Token has expired or been revoked</td>
                </tr>
                <tr>
                  <td align="left">0x0103</td>
                  <td align="left">TOKEN_REPLAYED</td>
                  <td align="left">Token nonce has been seen before</td>
                </tr>
                <tr>
                  <td align="left">0x0104</td>
                  <td align="left">SCOPE_MISMATCH</td>
                  <td align="left">Token scope does not authorize this operation</td>
                </tr>
                <tr>
                  <td align="left">0x0105</td>
                  <td align="left">ISSUER_UNKNOWN</td>
                  <td align="left">Token issuer is not trusted by this relay</td>
                </tr>
                <tr>
                  <td align="left">0x0106</td>
                  <td align="left">TOKEN_MALFORMED</td>
                  <td align="left">Token cannot be parsed correctly</td>
                </tr>
              </tbody>
            </table>
            <t>When the client should retry with a new token, the <tt>REQUEST_ERROR</tt> <bcp14>MUST</bcp14>
carry one or more AUTH CHALLENGE parameters (<xref target="transport-hooks"/>), ordered
by relay preference. The reason phrase stays a human-readable string.</t>
          </section>
          <section anchor="tokenchallenge-construction">
            <name>TokenChallenge Construction</name>
            <t>The <tt>TokenChallenge</tt> carried in each AUTH CHALLENGE <bcp14>MUST</bcp14> be constructed as
follows:</t>
            <ul spacing="normal">
              <li>
                <t><tt>token_type</tt>: The token type for this challenge</t>
              </li>
              <li>
                <t><tt>issuer_name</tt>: The issuer name that can issue tokens for this challenge</t>
              </li>
              <li>
                <t><tt>redemption_context</tt>: A fresh 32-byte random value, or empty if the relay
accepts tokens with any redemption context</t>
              </li>
              <li>
                <t><tt>origin_info</tt>: The relay's origin identifier, optionally including the
required authorization scope</t>
              </li>
            </ul>
            <t>Different challenges <bcp14>MAY</bcp14> specify different issuers or scopes for different
token types. When <tt>origin_info</tt> is empty, the relay accepts tokens with any
scope and performs authorization based solely on the token's embedded scope
information.</t>
          </section>
          <section anchor="error-response-example">
            <name>Error Response Example</name>
            <artwork><![CDATA[
REQUEST_ERROR {
    Request_ID = 42,
    Error_Code = 0x0104,  /* SCOPE_MISMATCH */
    Retry_Interval = 1,
    Reason = "token scope does not cover this namespace",
    Parameters = [
        AUTH_CHALLENGE {
            token_type = PRIVACY_PASS_TOKEN,
            challenge = TokenChallenge {
                token_type = 0x0002,
                issuer_name = "public-issuer.example.com",
                redemption_context = <32 random bytes>,
                origin_info = <authorization scope>
            }
        },
        AUTH_CHALLENGE {
            token_type = PRIVACY_PASS_TOKEN,
            challenge = TokenChallenge {
                token_type = 0xE5AC,
                issuer_name = "relay.example.com",
                redemption_context = <32 random bytes>,
                origin_info = <authorization scope>
            }
        },
        AUTH_CHALLENGE {
            token_type = PRIVACY_PASS_TOKEN,
            challenge = TokenChallenge {
                token_type = 0x0001,
                issuer_name = "relay.example.com",
                redemption_context = <32 random bytes>,
                origin_info = <authorization scope>
            }
        }
    ]
}
]]></artwork>
            <t>Note the two levels of token type: the parameter's <tt>token_type</tt> names the
authorization scheme in the "MOQT Auth Token Type" registry, while the
<tt>TokenChallenge.token_type</tt> names the Privacy Pass issuance protocol inside
that scheme.</t>
          </section>
          <section anchor="control-message-authz">
            <name>Control Message Authorization Failures</name>
            <t>When authorization fails for MoQ control messages other than SETUP, the relay
returns a <tt>REQUEST_ERROR</tt> with the appropriate error code from <xref target="error-codes-table"/>.
The client <bcp14>MAY</bcp14> retry the operation with a valid token obtained using the
<tt>TokenChallenge</tt> from the error response.</t>
            <t>As per <xref section="3.4.4" sectionFormat="of" target="MoQ-TRANSPORT"/>, implementations <bcp14>MAY</bcp14> elevate
request-specific errors to session-level errors. This elevation is appropriate
when:</t>
            <ul spacing="normal">
              <li>
                <t>The authorization failure indicates a systemic issue (e.g., all client tokens
are from an untrusted issuer)</t>
              </li>
              <li>
                <t>Continuing the session would be futile due to policy restrictions</t>
              </li>
              <li>
                <t>The error represents a security concern requiring session termination</t>
              </li>
            </ul>
            <t>Implementations need to consider the impact on other outstanding subscriptions
before elevating to session-level errors.</t>
          </section>
          <section anchor="retry-behavior">
            <name>Retry Behavior</name>
            <t>AUTH CHALLENGE parameters are ordered by relay preference. A client
selects the first challenge whose token type it supports and whose issuer it
trusts. If no challenge qualifies, the client <bcp14>MUST NOT</bcp14> retry the operation
and <bcp14>SHOULD</bcp14> surface the failure to the application.</t>
            <t>If the client holds an unused token satisfying the selected challenge, for
example from a batch obtained earlier (<xref target="continuous-auth-batched"/>), it <bcp14>SHOULD</bcp14>
present that token rather than start a new issuance.</t>
            <t>For operation errors, retry timing is governed by the Retry Interval field of
<tt>REQUEST_ERROR</tt> (<xref section="9.8" sectionFormat="of" target="MoQ-TRANSPORT"/>): the client <bcp14>MUST NOT</bcp14> retry
before the interval has elapsed, and <bcp14>MUST NOT</bcp14> retry at all when the interval
is 0.</t>
            <t>Tokens are single-use, so every retry consumes a token and possibly an
issuance round trip. A client <bcp14>SHOULD</bcp14> treat a second consecutive failure of
the same operation with the same error code as terminal rather than retry
further. In particular, <tt>SCOPE_MISMATCH</tt> is only worth retrying if the client
can obtain a token whose scope actually covers the operation; retrying with
an identically scoped token cannot succeed.</t>
            <t>The same limit applies across connections: after a session termination with
<tt>UNAUTHORIZED</tt>, a client <bcp14>SHOULD NOT</bcp14> reconnect with a token for the same
challenge more than once unless its attestation context has changed.</t>
          </section>
        </section>
      </section>
    </section>
    <section anchor="example-authorization-flow">
      <name>Example Authorization Flow</name>
      <t>Below shows an example deployment scenario where the relay has been
configured with the necessary validation keys and content policies. The
relay can verify Privacy Pass tokens locally and deliver media directly
without contacting the Issuer. This example uses publicly verifiable tokens.</t>
      <figure anchor="direct-relay-authorization-flow">
        <name>Direct Relay Authorization Flow</name>
        <artset>
          <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="496" width="712" viewBox="0 0 712 496" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 80,32 L 80,64" fill="none" stroke="black"/>
              <path d="M 128,64 L 128,400" fill="none" stroke="black"/>
              <path d="M 128,432 L 128,480" fill="none" stroke="black"/>
              <path d="M 176,32 L 176,64" fill="none" stroke="black"/>
              <path d="M 376,32 L 376,64" fill="none" stroke="black"/>
              <path d="M 408,64 L 408,272" fill="none" stroke="black"/>
              <path d="M 408,304 L 408,480" fill="none" stroke="black"/>
              <path d="M 448,32 L 448,64" fill="none" stroke="black"/>
              <path d="M 528,32 L 528,64" fill="none" stroke="black"/>
              <path d="M 568,64 L 568,224" fill="none" stroke="black"/>
              <path d="M 568,272 L 568,480" fill="none" stroke="black"/>
              <path d="M 616,32 L 616,64" fill="none" stroke="black"/>
              <path d="M 632,32 L 632,64" fill="none" stroke="black"/>
              <path d="M 664,64 L 664,480" fill="none" stroke="black"/>
              <path d="M 704,32 L 704,64" fill="none" stroke="black"/>
              <path d="M 80,32 L 176,32" fill="none" stroke="black"/>
              <path d="M 376,32 L 448,32" fill="none" stroke="black"/>
              <path d="M 528,32 L 616,32" fill="none" stroke="black"/>
              <path d="M 632,32 L 704,32" fill="none" stroke="black"/>
              <path d="M 80,64 L 176,64" fill="none" stroke="black"/>
              <path d="M 376,64 L 448,64" fill="none" stroke="black"/>
              <path d="M 528,64 L 616,64" fill="none" stroke="black"/>
              <path d="M 632,64 L 704,64" fill="none" stroke="black"/>
              <path d="M 136,96 L 256,96" fill="none" stroke="black"/>
              <path d="M 392,96 L 408,96" fill="none" stroke="black"/>
              <path d="M 128,128 L 144,128" fill="none" stroke="black"/>
              <path d="M 280,128 L 400,128" fill="none" stroke="black"/>
              <path d="M 128,176 L 144,176" fill="none" stroke="black"/>
              <path d="M 312,176 L 400,176" fill="none" stroke="black"/>
              <path d="M 416,206 L 432,206" fill="none" stroke="black"/>
              <path d="M 416,210 L 432,210" fill="none" stroke="black"/>
              <path d="M 544,206 L 560,206" fill="none" stroke="black"/>
              <path d="M 544,210 L 560,210" fill="none" stroke="black"/>
              <path d="M 408,240 L 480,240" fill="none" stroke="black"/>
              <path d="M 600,240 L 656,240" fill="none" stroke="black"/>
              <path d="M 416,256 L 480,256" fill="none" stroke="black"/>
              <path d="M 608,256 L 664,256" fill="none" stroke="black"/>
              <path d="M 136,336 L 216,336" fill="none" stroke="black"/>
              <path d="M 392,352 L 408,352" fill="none" stroke="black"/>
              <path d="M 24,400 L 144,400" fill="none" stroke="black"/>
              <path d="M 24,432 L 144,432" fill="none" stroke="black"/>
              <path d="M 128,464 L 144,464" fill="none" stroke="black"/>
              <path d="M 264,464 L 400,464" fill="none" stroke="black"/>
              <path d="M 24,400 C 15.16936,400 8,407.16936 8,416" fill="none" stroke="black"/>
              <path d="M 144,400 C 152.83064,400 160,407.16936 160,416" fill="none" stroke="black"/>
              <path d="M 24,432 C 15.16936,432 8,424.83064 8,416" fill="none" stroke="black"/>
              <path d="M 144,432 C 152.83064,432 160,424.83064 160,416" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="664,240 652,234.4 652,245.6" fill="black" transform="rotate(0,656,240)"/>
              <polygon class="arrowhead" points="568,208 556,202.4 556,213.6" fill="black" transform="rotate(0,560,208)"/>
              <polygon class="arrowhead" points="424,256 412,250.4 412,261.6" fill="black" transform="rotate(180,416,256)"/>
              <polygon class="arrowhead" points="424,208 412,202.4 412,213.6" fill="black" transform="rotate(180,416,208)"/>
              <polygon class="arrowhead" points="408,464 396,458.4 396,469.6" fill="black" transform="rotate(0,400,464)"/>
              <polygon class="arrowhead" points="408,176 396,170.4 396,181.6" fill="black" transform="rotate(0,400,176)"/>
              <polygon class="arrowhead" points="408,128 396,122.4 396,133.6" fill="black" transform="rotate(0,400,128)"/>
              <polygon class="arrowhead" points="144,336 132,330.4 132,341.6" fill="black" transform="rotate(180,136,336)"/>
              <polygon class="arrowhead" points="144,96 132,90.4 132,101.6" fill="black" transform="rotate(180,136,96)"/>
              <g class="text">
                <text x="104" y="52">MoQ</text>
                <text x="144" y="52">Relay</text>
                <text x="412" y="52">Client</text>
                <text x="572" y="52">Attester</text>
                <text x="668" y="52">Issuer</text>
                <text x="324" y="100">CLIENT_SETUP[]</text>
                <text x="208" y="132">SERVER_SETUP[</text>
                <text x="188" y="148">AUTH</text>
                <text x="252" y="148">CHALLENGE,</text>
                <text x="160" y="164">]</text>
                <text x="204" y="180">UNAUTHORIZED</text>
                <text x="280" y="180">(0x2)</text>
                <text x="488" y="212">Attestation</text>
                <text x="540" y="244">TokenRequest</text>
                <text x="544" y="260">TokenResponse</text>
                <text x="400" y="292">FinalizeToken</text>
                <text x="284" y="324">CLIENT_SETUP[{</text>
                <text x="304" y="340">AUTHORIZATION</text>
                <text x="276" y="356">TOKEN,</text>
                <text x="236" y="372">}]</text>
                <text x="40" y="420">Local</text>
                <text x="108" y="420">validation</text>
                <text x="204" y="468">SERVER_SETUP</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art"><![CDATA[
         +-----------+                        +--------+         +----------+ +--------+
         | MoQ Relay |                        | Client |         | Attester | | Issuer |
         +-----+-----+                        +---+----+         +----+-----+ +---+----+
               |                                  |                   |           |
               |<--------------- CLIENT_SETUP[] --+                   |           |
               |                                  |                   |           |
               +-- SERVER_SETUP[  --------------->|                   |           |
               |     AUTH CHALLENGE,              |                   |           |
               |   ]                              |                   |           |
               +-- UNAUTHORIZED (0x2) ----------->|                   |           |
               |                                  |                   |           |
               |                                  |<== Attestation ==>|           |
               |                                  |                   |           |
               |                                  +--------- TokenRequest ------->|
               |                                  |<-------- TokenResponse -------+
               |                                  |                   |           |
               |                           FinalizeToken              |           |
               |                                  |                   |           |
               |            CLIENT_SETUP[{        |                   |           |
               |<----------    AUTHORIZATION      |                   |           |
               |               TOKEN,           --+                   |           |
               |            }]                    |                   |           |
               |                                  |                   |           |
 .-------------+--.                               |                   |           |
| Local validation |                              |                   |           |
 `-------------+--'                               |                   |           |
               |                                  |                   |           |
               +-- SERVER_SETUP ----------------->|                   |           |
               |                                  |                   |           |
]]></artwork>
        </artset>
      </figure>
      <t>The AUTH CHALLENGE options in the <tt>SERVER_SETUP</tt> carry one <tt>TokenChallenge</tt>
per token type the relay accepts (e.g., <tt>0x0002</tt> and <tt>0xE5AC</tt>), each with
the relay's issuer configuration. This allows the client to select the
appropriate issuance protocol based on its capabilities and the available
attesters/issuers.</t>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>TODO: Add considerations for the security and privacy of the Privacy Pass
tokens.</t>
      <ul spacing="normal">
        <li>
          <t>Token Replay</t>
        </li>
        <li>
          <t>Token harvest</t>
        </li>
        <li>
          <t>Key rotation</t>
        </li>
        <li>
          <t>Use of TLS</t>
        </li>
      </ul>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <section anchor="iana-moqt-token-type">
        <name>MOQT Auth Token Type Registration</name>
        <t>IANA is requested to register the following entry in the "MOQT Auth Token
Type" registry defined by <xref target="MoQ-TRANSPORT"/>:</t>
        <table anchor="moqt-token-type-registration">
          <name>MOQT Auth Token Type Registration</name>
          <thead>
            <tr>
              <th align="left">Code</th>
              <th align="left">Name</th>
              <th align="left">Specification</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">TBD</td>
              <td align="left">PRIVACY_PASS_TOKEN</td>
              <td align="left">This document</td>
            </tr>
          </tbody>
        </table>
      </section>
      <section anchor="moq-action-registry">
        <name>MoQ Action Registry</name>
        <t>IANA is requested to create a new registry titled "MoQ Actions for Privacy
Pass Authorization" with the following initial contents:</t>
        <table anchor="moq-action-registry-table">
          <name>MoQ Actions Registry</name>
          <thead>
            <tr>
              <th align="left">Value</th>
              <th align="left">Action</th>
              <th align="left">Reference</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">0</td>
              <td align="left">CLIENT_SETUP</td>
              <td align="left">
                <xref target="moq-actions"/></td>
            </tr>
            <tr>
              <td align="left">1</td>
              <td align="left">SERVER_SETUP</td>
              <td align="left">
                <xref target="moq-actions"/></td>
            </tr>
            <tr>
              <td align="left">2</td>
              <td align="left">PUBLISH_NAMESPACE</td>
              <td align="left">
                <xref target="moq-actions"/></td>
            </tr>
            <tr>
              <td align="left">3</td>
              <td align="left">SUBSCRIBE_NAMESPACE</td>
              <td align="left">
                <xref target="moq-actions"/></td>
            </tr>
            <tr>
              <td align="left">4</td>
              <td align="left">SUBSCRIBE</td>
              <td align="left">
                <xref target="moq-actions"/></td>
            </tr>
            <tr>
              <td align="left">5</td>
              <td align="left">REQUEST_UPDATE</td>
              <td align="left">
                <xref target="moq-actions"/></td>
            </tr>
            <tr>
              <td align="left">6</td>
              <td align="left">PUBLISH</td>
              <td align="left">
                <xref target="moq-actions"/></td>
            </tr>
            <tr>
              <td align="left">7</td>
              <td align="left">FETCH</td>
              <td align="left">
                <xref target="moq-actions"/></td>
            </tr>
            <tr>
              <td align="left">8</td>
              <td align="left">TRACK_STATUS</td>
              <td align="left">
                <xref target="moq-actions"/></td>
            </tr>
            <tr>
              <td align="left">9-254</td>
              <td align="left">Unassigned</td>
              <td align="left"> </td>
            </tr>
            <tr>
              <td align="left">255</td>
              <td align="left">Reserved</td>
              <td align="left">This document</td>
            </tr>
          </tbody>
        </table>
        <t>New entries in this registry require Specification Required registration policy.
Values <bcp14>SHOULD</bcp14> align with MoQTransport control message types where applicable.</t>
      </section>
      <section anchor="moq-match-type-registry">
        <name>MoQ Match Type Registry</name>
        <t>IANA is requested to create a new registry titled "MoQ Match Types for Privacy
Pass Authorization" with the following initial contents:</t>
        <table anchor="match-type-registry">
          <name>MoQ Match Types Registry</name>
          <thead>
            <tr>
              <th align="left">Value</th>
              <th align="left">Match Type</th>
              <th align="left">Reference</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">0</td>
              <td align="left">MATCH_EXACT</td>
              <td align="left">
                <xref target="match-types"/></td>
            </tr>
            <tr>
              <td align="left">1</td>
              <td align="left">MATCH_PREFIX</td>
              <td align="left">
                <xref target="match-types"/></td>
            </tr>
            <tr>
              <td align="left">2</td>
              <td align="left">MATCH_SUFFIX</td>
              <td align="left">
                <xref target="match-types"/></td>
            </tr>
            <tr>
              <td align="left">3</td>
              <td align="left">MATCH_CONTAINS</td>
              <td align="left">
                <xref target="match-types"/></td>
            </tr>
            <tr>
              <td align="left">4-254</td>
              <td align="left">Unassigned</td>
              <td align="left"> </td>
            </tr>
            <tr>
              <td align="left">255</td>
              <td align="left">Reserved</td>
              <td align="left">This document</td>
            </tr>
          </tbody>
        </table>
        <t>New entries in this registry require Specification Required registration policy.</t>
      </section>
      <section anchor="moq-privacy-pass-error-code-registry">
        <name>MoQ Privacy Pass Error Code Registry</name>
        <t>IANA is requested to create a new registry titled "MoQ Privacy Pass Authorization
Error Codes" with the following initial contents:</t>
        <table anchor="error-code-registry">
          <name>MoQ Privacy Pass Error Codes Registry</name>
          <thead>
            <tr>
              <th align="left">Value</th>
              <th align="left">Name</th>
              <th align="left">Reference</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">0x0100</td>
              <td align="left">TOKEN_MISSING</td>
              <td align="left">
                <xref target="errors"/></td>
            </tr>
            <tr>
              <td align="left">0x0101</td>
              <td align="left">TOKEN_INVALID</td>
              <td align="left">
                <xref target="errors"/></td>
            </tr>
            <tr>
              <td align="left">0x0102</td>
              <td align="left">TOKEN_EXPIRED</td>
              <td align="left">
                <xref target="errors"/></td>
            </tr>
            <tr>
              <td align="left">0x0103</td>
              <td align="left">TOKEN_REPLAYED</td>
              <td align="left">
                <xref target="errors"/></td>
            </tr>
            <tr>
              <td align="left">0x0104</td>
              <td align="left">SCOPE_MISMATCH</td>
              <td align="left">
                <xref target="errors"/></td>
            </tr>
            <tr>
              <td align="left">0x0105</td>
              <td align="left">ISSUER_UNKNOWN</td>
              <td align="left">
                <xref target="errors"/></td>
            </tr>
            <tr>
              <td align="left">0x0106</td>
              <td align="left">TOKEN_MALFORMED</td>
              <td align="left">
                <xref target="errors"/></td>
            </tr>
            <tr>
              <td align="left">0x0107-0x01FF</td>
              <td align="left">Unassigned</td>
              <td align="left"> </td>
            </tr>
          </tbody>
        </table>
        <t>New entries in this registry require Specification Required registration policy.
Values are allocated from the 0x0100-0x01FF range reserved for Privacy Pass
authorization errors.</t>
      </section>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="ARC">
          <front>
            <title>Anonymous Rate-Limited Credentials Cryptography</title>
            <author fullname="Cathie Yun" initials="C." surname="Yun">
              <organization>Apple, Inc.</organization>
            </author>
            <author fullname="Christopher A. Wood" initials="C. A." surname="Wood">
              <organization>Apple, Inc.</organization>
            </author>
            <author fullname="Armando Faz-Hernandez" initials="A. F." surname="Faz-Hernandez">
              <organization>Cloudflare</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   This document specifies the Anonymous Rate-Limited Credential (ARC)
   protocol, a specialization of keyed-verification anonymous
   credentials with support for rate limiting.  ARC credentials can be
   presented from client to server up to some fixed number of times,
   where each presentation is cryptographically bound to client secrets
   and application-specific public information, such that each
   presentation is unlinkable from the others as well as the original
   credential creation.  ARC is useful in applications where a server
   needs to throttle or rate-limit access from anonymous clients.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-privacypass-arc-crypto-01"/>
        </reference>
        <reference anchor="MoQ-TRANSPORT">
          <front>
            <title>Media over QUIC Transport</title>
            <author fullname="Suhas Nandakumar" initials="S." surname="Nandakumar">
              <organization>Cisco</organization>
            </author>
            <author fullname="Victor Vasiliev" initials="V." surname="Vasiliev">
              <organization>Google</organization>
            </author>
            <author fullname="Ian Swett" initials="I." surname="Swett">
              <organization>Google</organization>
            </author>
            <author fullname="Alan Frindell" initials="A." surname="Frindell">
              <organization>Meta</organization>
            </author>
            <date day="12" month="May" year="2026"/>
            <abstract>
              <t>   This document defines Media over QUIC Transport (MOQT), a publish/
   subscribe protocol that runs over QUIC and WebTransport.  MOQT
   leverages the features of these transports, such as streams,
   datagrams, priorities, and partial reliability.  MOQT operates both
   point-to-point and through intermediate relays, enabling scalable
   low-latency delivery.  Despite its name, MOQT is media agnostic and
   can be used for a wide range of use cases.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-moq-transport-18"/>
        </reference>
        <reference anchor="PRIVACYPASS-ARC">
          <front>
            <title>Privacy Pass Issuance Protocol for Anonymous Rate-Limited Credentials</title>
            <author fullname="Cathie Yun" initials="C." surname="Yun">
              <organization>Apple, Inc.</organization>
            </author>
            <author fullname="Christopher A. Wood" initials="C. A." surname="Wood">
              <organization>Apple, Inc.</organization>
            </author>
            <author fullname="Armando Faz-Hernandez" initials="A. F." surname="Faz-Hernandez">
              <organization>Cloudflare</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   This document specifies the issuance and redemption protocols for
   tokens based on the Anonymous Rate-Limited Credential (ARC)
   cryptographic protocol.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-privacypass-arc-protocol-01"/>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC9474">
          <front>
            <title>RSA Blind Signatures</title>
            <author fullname="F. Denis" initials="F." surname="Denis"/>
            <author fullname="F. Jacobs" initials="F." surname="Jacobs"/>
            <author fullname="C. A. Wood" initials="C. A." surname="Wood"/>
            <date month="October" year="2023"/>
            <abstract>
              <t>This document specifies an RSA-based blind signature protocol. RSA blind signatures were first introduced by Chaum for untraceable payments. A signature that is output from this protocol can be verified as an RSA-PSS signature.</t>
              <t>This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9474"/>
          <seriesInfo name="DOI" value="10.17487/RFC9474"/>
        </reference>
        <reference anchor="RFC9497">
          <front>
            <title>Oblivious Pseudorandom Functions (OPRFs) Using Prime-Order Groups</title>
            <author fullname="A. Davidson" initials="A." surname="Davidson"/>
            <author fullname="A. Faz-Hernandez" initials="A." surname="Faz-Hernandez"/>
            <author fullname="N. Sullivan" initials="N." surname="Sullivan"/>
            <author fullname="C. A. Wood" initials="C. A." surname="Wood"/>
            <date month="December" year="2023"/>
            <abstract>
              <t>An Oblivious Pseudorandom Function (OPRF) is a two-party protocol between a client and a server for computing the output of a Pseudorandom Function (PRF). The server provides the PRF private key, and the client provides the PRF input. At the end of the protocol, the client learns the PRF output without learning anything about the PRF private key, and the server learns neither the PRF input nor output. An OPRF can also satisfy a notion of 'verifiability', called a VOPRF. A VOPRF ensures clients can verify that the server used a specific private key during the execution of the protocol. A VOPRF can also be partially oblivious, called a POPRF. A POPRF allows clients and servers to provide public input to the PRF computation. This document specifies an OPRF, VOPRF, and POPRF instantiated within standard prime-order groups, including elliptic curves. This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9497"/>
          <seriesInfo name="DOI" value="10.17487/RFC9497"/>
        </reference>
        <reference anchor="RFC9576">
          <front>
            <title>The Privacy Pass Architecture</title>
            <author fullname="A. Davidson" initials="A." surname="Davidson"/>
            <author fullname="J. Iyengar" initials="J." surname="Iyengar"/>
            <author fullname="C. A. Wood" initials="C. A." surname="Wood"/>
            <date month="June" year="2024"/>
            <abstract>
              <t>This document specifies the Privacy Pass architecture and requirements for its constituent protocols used for authorization based on privacy-preserving authentication mechanisms. It describes the conceptual model of Privacy Pass and its protocols, its security and privacy goals, practical deployment models, and recommendations for each deployment model, to help ensure that the desired security and privacy goals are fulfilled.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9576"/>
          <seriesInfo name="DOI" value="10.17487/RFC9576"/>
        </reference>
        <reference anchor="RFC9577">
          <front>
            <title>The Privacy Pass HTTP Authentication Scheme</title>
            <author fullname="T. Pauly" initials="T." surname="Pauly"/>
            <author fullname="S. Valdez" initials="S." surname="Valdez"/>
            <author fullname="C. A. Wood" initials="C. A." surname="Wood"/>
            <date month="June" year="2024"/>
            <abstract>
              <t>This document defines an HTTP authentication scheme for Privacy Pass, a privacy-preserving authentication mechanism used for authorization. The authentication scheme specified in this document can be used by Clients to redeem Privacy Pass tokens with an Origin. It can also be used by Origins to challenge Clients to present Privacy Pass tokens.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9577"/>
          <seriesInfo name="DOI" value="10.17487/RFC9577"/>
        </reference>
        <reference anchor="RFC9578">
          <front>
            <title>Privacy Pass Issuance Protocols</title>
            <author fullname="S. Celi" initials="S." surname="Celi"/>
            <author fullname="A. Davidson" initials="A." surname="Davidson"/>
            <author fullname="S. Valdez" initials="S." surname="Valdez"/>
            <author fullname="C. A. Wood" initials="C. A." surname="Wood"/>
            <date month="June" year="2024"/>
            <abstract>
              <t>This document specifies two variants of the two-message issuance protocol for Privacy Pass tokens: one that produces tokens that are privately verifiable using the Issuer Private Key and one that produces tokens that are publicly verifiable using the Issuer Public Key. Instances of "issuance protocol" and "issuance protocols" in the text of this document are used interchangeably to refer to the two variants of the Privacy Pass issuance protocol.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9578"/>
          <seriesInfo name="DOI" value="10.17487/RFC9578"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC9458">
          <front>
            <title>Oblivious HTTP</title>
            <author fullname="M. Thomson" initials="M." surname="Thomson"/>
            <author fullname="C. A. Wood" initials="C. A." surname="Wood"/>
            <date month="January" year="2024"/>
            <abstract>
              <t>This document describes Oblivious HTTP, a protocol for forwarding encrypted HTTP messages. Oblivious HTTP allows a client to make multiple requests to an origin server without that server being able to link those requests to the client or to identify the requests as having come from the same client, while placing only limited trust in the nodes used to forward the messages.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9458"/>
          <seriesInfo name="DOI" value="10.17487/RFC9458"/>
        </reference>
        <reference anchor="PRIVACYPASS-BATCHED">
          <front>
            <title>Batched Token Issuance Protocol</title>
            <author fullname="Raphael Robert" initials="R." surname="Robert">
              <organization>Phoenix R&amp;D</organization>
            </author>
            <author fullname="Christopher A. Wood" initials="C. A." surname="Wood">
              <organization>Cloudflare</organization>
            </author>
            <author fullname="Thibault Meunier" initials="T." surname="Meunier">
              <organization>Cloudflare Inc.</organization>
            </author>
            <date day="4" month="May" year="2026"/>
            <abstract>
              <t>   This document specifies two variants of the Privacy Pass issuance
   protocol that allow for batched issuance of tokens.  These allow
   clients to request more than one token at a time and for issuers to
   issue more than one token at a time.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-privacypass-batched-tokens-08"/>
        </reference>
        <reference anchor="PRIVACYPASS-IANA" target="https://www.iana.org/assignments/privacy-pass/privacy-pass.xhtml">
          <front>
            <title>Privacy Pass IANA</title>
            <author>
              <organization/>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
        <reference anchor="PRIVACYPASS-REVERSE-FLOW">
          <front>
            <title>Privacy Pass Reverse Flow</title>
            <author fullname="Thibault Meunier" initials="T." surname="Meunier">
              <organization>Cloudflare Inc.</organization>
            </author>
            <date day="6" month="July" year="2026"/>
            <abstract>
              <t>   This document specifies an instantiation of Privacy Pass Architecture
   [RFC9576] that allows for a "reverse" flow from the Origin to the
   Client.  It describes a method for an Origin to issue a state update
   to the Client in response to a request in which a token is redeemed.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-meunier-privacypass-reverse-flow-06"/>
        </reference>
        <reference anchor="PRIVACYPASS-MIRRORS">
          <front>
            <title>Checking Resource Consistency with HTTP Mirrors</title>
            <author fullname="Benjamin Beurdouche" initials="B." surname="Beurdouche">
              <organization>Mozilla</organization>
            </author>
            <author fullname="Matthew Finkel" initials="M." surname="Finkel">
              <organization>Apple Inc.</organization>
            </author>
            <author fullname="Steven Valdez" initials="S." surname="Valdez">
              <organization>Google LLC</organization>
            </author>
            <author fullname="Christopher A. Wood" initials="C. A." surname="Wood">
              <organization>Cloudflare</organization>
            </author>
            <author fullname="Tommy Pauly" initials="T." surname="Pauly">
              <organization>Apple Inc.</organization>
            </author>
            <date day="30" month="January" year="2024"/>
            <abstract>
              <t>   This document describes the mirror protocol, an HTTP-based protocol
   for fetching mirrored HTTP resources.  The primary use case for the
   mirror protocol is to support HTTP resource consistency checks in
   protocols that require clients have a consistent view of some
   protocol-specific resource (typically, a public key) for security or
   privacy reasons, including Privacy Pass and Oblivious HTTP.  To that
   end, this document also describes how to use the mirror protocol to
   implement these consistency checks.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-privacypass-consistency-mirror-00"/>
        </reference>
        <reference anchor="KEYTRANS">
          <front>
            <title>Key Transparency Architecture</title>
            <author fullname="Brendan McMillion" initials="B." surname="McMillion">
         </author>
            <date day="29" month="June" year="2026"/>
            <abstract>
              <t>   This document defines the terminology and interaction patterns
   involved in the deployment of Key Transparency in a general secure
   group messaging infrastructure, and specifies the security properties
   that the protocol provides.  It also gives more general, non-
   prescriptive guidance on how to securely apply Key Transparency to a
   number of common applications.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-keytrans-architecture-09"/>
        </reference>
        <reference anchor="SCITT">
          <front>
            <title>An Architecture for Trustworthy and Transparent Digital Supply Chains</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="A. Delignat-Lavaud" initials="A." surname="Delignat-Lavaud"/>
            <author fullname="C. Fournet" initials="C." surname="Fournet"/>
            <author fullname="Y. Deshpande" initials="Y." surname="Deshpande"/>
            <author fullname="S. Lasker" initials="S." surname="Lasker"/>
            <date month="June" year="2026"/>
            <abstract>
              <t>Traceability in supply chains is a growing security concern. While Verifiable Data Structures (VDSs) have addressed specific issues, such as equivocation over digital certificates, they lack a universal architecture for all supply chains. This document defines such an architecture for single-issuer signed statement transparency. It ensures extensibility and interoperability between different transparency services as well as compliance with various auditing procedures and regulatory requirements.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9943"/>
          <seriesInfo name="DOI" value="10.17487/RFC9943"/>
        </reference>
      </references>
    </references>
    <?line 1222?>

<section anchor="deployment-considerations">
      <name>Deployment considerations</name>
      <section anchor="bootstrap-key-material">
        <name>Fetching key material for the bootstrap issuer</name>
        <t>This draft does not define how Clients are expected to retrieve
privacy pass issuer configuration, nor how they establish a relationship
with an attester that is capable of vouching for such tokens to be
issued.</t>
        <t>Clients may reuse issuers that are exposed over HTTP, as defined in <xref target="RFC9577"/>.</t>
        <t>Clients should also consider ways to be less susceptible to partitions,
hurting the privacy guarantees that Privacy Pass provides. This is discussed in
<xref section="6.2" sectionFormat="of" target="RFC9576"/>.
For that, they may rely on mechanisms such as using mirrors <xref target="PRIVACYPASS-MIRRORS"/> providing
multiple vantage points, or transparency mechanisms such as those in <xref target="KEYTRANS"/> or <xref target="SCITT"/>.</t>
      </section>
      <section anchor="fetching-key-material-for-the-relay-reverse-issuer">
        <name>Fetching key material for the relay reverse issuer</name>
        <t>Similarly, Clients should retrieve material for the relay issuer operating in a reverse mode.
This can be via a pre-established relation, such as shipped as part
of the initial app installation, webpage load, or device setup.
This can also be done on the fly via HTTP, or MoQ API.
This draft does not define any of these.</t>
        <t>Consistency considerations mentioned in <xref target="bootstrap-key-material"/> apply.</t>
      </section>
    </section>
    <section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>TODO acknowledge.</t>
    </section>
    <section numbered="false" anchor="changelog">
      <name>Changelog</name>
      <t>RFC Editor's Note: Please remove this section prior to publication of
a final version of this document.</t>
      <section numbered="false" anchor="since-draft-ietf-moq-privacy-pass-auth-02">
        <name>Since draft-ietf-moq-privacy-pass-auth-02</name>
        <ul spacing="normal">
          <li>
            <t>Move reverse flow issuance to AUTH REQUEST and AUTH RESPONSE parameters</t>
          </li>
          <li>
            <t>Allow token acquisition over an established connection via REQUEST_UPDATE</t>
          </li>
          <li>
            <t>Remove PrivateTokenAuth structures and the auth scheme registry</t>
          </li>
          <li>
            <t>Carry TokenChallenge in AUTH CHALLENGE transport parameters instead of reason phrases</t>
          </li>
          <li>
            <t>Define required MoQ Transport extensions (AUTH CHALLENGE, REQUEST_ERROR parameters)</t>
          </li>
          <li>
            <t>Register a Privacy Pass codepoint in the MOQT Auth Token Type registry</t>
          </li>
          <li>
            <t>Specify retry behavior after auth challenge errors</t>
          </li>
          <li>
            <t>Expanded reverse flow documentation with three-phase flow (bootstrap, exchange, operations)</t>
          </li>
          <li>
            <t>Defined MoQAuthChallenge structure for error responses with supported_token_types</t>
          </li>
          <li>
            <t>Added TokenChallenge construction requirements</t>
          </li>
          <li>
            <t>Added control message authorization failure handling section</t>
          </li>
          <li>
            <t>Documented credential request/response encoding for different token types</t>
          </li>
        </ul>
      </section>
      <section numbered="false" anchor="since-draft-ietf-moq-privacy-pass-auth-01">
        <name>Since draft-ietf-moq-privacy-pass-auth-01</name>
        <ul spacing="normal">
          <li>
            <t>Replace text-based moq-scope with binary TLS presentation language structures</t>
          </li>
          <li>
            <t>Add MoQ Actions registry aligned with MoQTransport control message types</t>
          </li>
          <li>
            <t>Add Match Types registry with exact, prefix, suffix, and contains matching</t>
          </li>
          <li>
            <t>Define MoQAuthorizationInfo structure for origin_info encoding</t>
          </li>
          <li>
            <t>Add continuous authorization section using reverse flow</t>
          </li>
          <li>
            <t>Add continuous authorization section using batched tokens</t>
          </li>
          <li>
            <t>Add IANA registries for auth schemes, actions, and match types</t>
          </li>
          <li>
            <t>Define error handling</t>
          </li>
          <li>
            <t>Integrate privacy pass reverse flow within PrivateTokenAuth</t>
          </li>
          <li>
            <t>MoQ definition now follow draft-ietf-moq-transport-16</t>
          </li>
          <li>
            <t>Update dependencies</t>
          </li>
          <li>
            <t>Removed b64 encoding given MoQ can use bytes directly</t>
          </li>
        </ul>
      </section>
      <section numbered="false" anchor="since-draft-ietf-moq-privacy-pass-auth-00">
        <name>Since draft-ietf-moq-privacy-pass-auth-00</name>
        <ul spacing="normal">
          <li>
            <t>Add Thibault Meunier as Coauthor</t>
          </li>
          <li>
            <t>Add support for Reverse flow to be deploy and scale friendly way to get tokens</t>
          </li>
        </ul>
      </section>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA+1923bbRrbgO76iRnkIZZG0JV/iKHG6aZlO1LElRZSTzvHy
iCAJiTgGATYASmZL6m853zJfNvtWNwCk5Cjp9Kw1Put0KBJVqNq177fqdDpB
GZdJtKs2jvL4Ihwv1VFYFKq3KKdRWsbjsIyzVJ1luXobTeJQZRdRrn56t7+n
Wm+znzY3gnA0yqOL6nj4jebYCGCG6DzLl7uqKCdBMMnGaTiD903y8KzsxFF5
1pll/+jMeXRnDqM7IYzsPHocFIvRLC4KWEG5nMOY/f7J6yCe57uqzBdFufPo
0dePdgJ4+eMgzKMQFvFLNFJhOlH7aRnlaVSqkzxMi3mWlxvBZZZ/PM+zxRye
480c6s1sBB+jJfw+2Q06amY3+o9FPIZv3MUFF1G6iHYDpVbOpRQvd+MXeGOc
nqvv8Un8fprh1qdlOS92Hz6chGVY5uH4Y5R3ERDdLD9/eHn+EODxEB6ehXEC
k8Bff9W/4hxhPp7C13oSfAq/ii8iOwl+8XCUZ5dFRLPhuDyaZ/bd53E5XYy6
42yGD3Tgrd4mlUrg3IrSDuCnujIuzrznH952mt1pOUuCAD9mOQCvA29QijFh
Y7CYhoU6gHMLPy5mYb5BP8I+wjT+JyEgPLQXF+OMf4kEMkXKQ/46xt9wLxuV
mfcWSRKl6m9RmsI5FHed+CxZnJ0t/xrHcXccVuc8mcajcJGUQBCLNI5WrDbJ
FpMzOJgIUHHc9afPGFJ/LWWm7uLjRgD/0iyfwQQXhF294z1A+M6rrgNaAStD
NR93xvlyXmbwMJBb5+S4dzA4Ojw+qQ3DEyk1HcDTR8f7P/f2fj3qDQadu7xm
nmdlNs4SGHr8em9ne/vrXf749ZOvnpiPX3+lPz796pn96Hz7fDcI4vTM3SWN
fPp8t7Kql72TvR/6r9aubBSW42k06ZTZxygtKhPs9w56uwR0YW8ed8Jf+ccw
P48cJL+8vOzGYRoyEQHnOU9nwAYLH9ndP7qfCLP9tx/3f+4fD/qd128Of3H3
MGOM8bYBzDPKi6hzlmSXlWne7h8fHx4PeIba/sdZWsRFGaWwklmc51kOw3/s
/0p44IwBzkaH3yEuUUbjcpFH8Ohgb/8EcAVP4Osnj4Og0+mocFQgQyqDALC8
UMCsF7h/VcyjcXwWR4UCsaAWRaSyMx+k7uTEgYFvL8J0HAUaewqSIswBhFBU
nDaLFWXQVenhXbVfBpPoLE5hFdPs0n89I4Eah6kaRTAtyJwcGNhEXQK/QvL4
svBfHZzlQM4oEmAsvuQinkSW0edREeUXyLvDuiQEsVSM83iOXxTt4CxCRCza
ar4YJfIc/IVAyKMkXKpsHuX8rbqcxkkEE8xxbzg97qcDa4X/TIJwPI5gM3Cy
ZZ4lAGuQG+dTWBVs+xMgfAEbIoFBvKiYh2OGtf0OhAYsBiYO8kUSFd2Az3UW
TyZJFARfoGDMs8liTDAImoF/deXxk5sbDR+AYcPJEEwSIOgA15KlnQkwOvjE
cnQS4U/5sg3ACJNOGcMigVPPgBIYVAwpPDLEPHiW9g8gDyaA3nk8WhDg7SLh
5zSiDRRddTKN7EIErrjMSzxOWOo5omoQzufmZOBV42QxQeDjnjLQS2BlM/i7
LV/AC86iHAiLvjuX35wVBiBaw8k4LEo55wxwJCeRidRYACrGtBOkFHgMDoI0
In4zgHEWjacgLooZEUXgE4U+dsHpchqWGrEXhAGZwRBBGPiGgB3wVgpvsQpe
X6xGSUAR0JEmMf4RJhX6dNaZncHmYIuAaOXUUArBng9DpVE0ASRGbJhlE1C/
NAa4x1iMozTM4wxWcwkwoy3lxZcA+egSj2Qelqi5FbjWQBCBCIAOBEBXTLNF
gtsAYZryMspI01UZJ4mCFwAdrqettkNBQOuwvrFDtgY6ABBksyXOUSKoPKZz
dSXSzqeQFUzEsh6PV9Lx0pJxcJqly1m2KKpsR+PEIoWdfcSHBT26AVLAalYs
UgLPD1BtkSuctAROvqv2khj+aKvDPD6PgQz3gWNHeZuouFei9gd/IWTHUyWM
EoQlIrrDMWkVwpp83EHOmy1KOMQZPAx6PAICT1sDiIlXywll5YSG63OAK3N8
Yvjw6iIKhCpQsxoDsiOPxwUDd0ABNelWRdd9REaFMBtFBm0vmiLJA61VODjR
gkOZxEg+lw8qwiLEfcLywMErF5xNOFLFIkGZ4Isv1HEExg1QEao36g0wykV4
HgWETaAx4IFPCrBt3g1ONtr8X3VwSJ+P+8CGj/uv8PPgh96bN+ZDIE8Mfjh8
9+aV/WRH7h2+fds/eMWD4VvlfRVsvO39usGA2Dg8Otk/POi92UAtofTOFA8f
jkCOLQeAEBoUoB+gYB5FCEf1cu/o//zP9hNAp/8laivgE//xfPurJ/AHcCAB
e5YmS/kTILZEgRGFOc4SAkcZh/O4DBPkDsSALlOFvAsA+eA9QubDrvp2NJ5v
P/lOvsANe19qmHlfEszq39QGMxAbvmp4jYGm930F0v56e796f2u4O19++5cE
ibCz/fwv3wWoRfi+ApffkKcg+6nCKU+iHHA/S7LzpRAkndDV1UBkxw7yJ8tN
4bDziIQdw7nG41iaMsmyInmRJRein55lCSjTSB+a2bGWNI3iPDAEBowR7JEH
D5gNPngQ7BI/wpnH9BUs4R8L4II1Bo64JzrgCBGxrUgFbAewd9IBi6mIPqFg
5nQyK+0NNChgGEiiCLBsVIKAwfe4mwyMAiD6AMwREl/mVbhaNrIj5DyMzcQh
Ulq4xzQRwd1d4V4d5bRYAKcHDB+8eznYO95/2W+r130wxNrq6N3LN/sD+ADK
inw+Pei97Q+Oent9JIMHONUxqhYeIFnZQG6FUgMlHWz3MkTW4gHIZeGwb9J4
CFrM6DX0gb3T1DztRZjEE/RSNPJ1gQFI/tFST9YGhIAFICsVRj3PQC+MI4Gb
WZx9oQYXKVmk5gX0dtDoaLsFumlSPD5SG+PzRW4NBfJSRXxKoOXwLmXVvM4A
TcwQKYd/nUVliG4hgqlvs9IcBrqE2UuGKU3fDAXUFXnvARigEdoutPGzReLi
khXF8AhjhNASzVMX0u0AVHwQGCDqyAcBdDgHRQFFR+FNxjLarIdkKzDXPAOp
BT8EaGmIdTles3utjzTunzdSiFSG1RPJA0PRW6ezQKV1kc+zgn/zN8ZrDuUt
BhU1zcIuJvhGlAGBa/4pBOCiQMIQIwDMnfN4FCe4OngKZovDrtoDSY8k65Av
bHaaTYpAjAKS5aiUPkTrHsUvaGboQm0Dx0Txr8a4sTOU5ZH7Ql/GB1ZlZzn/
twzQ08CPnaN8NFdf/Df+1uGT6ujN3wTBfkrgGkXARuHt8yRbzkhVLD26xrm8
U5IzR5IVJCLqm8RnpL6Xlh/DUUXpVFDKV1+KaB4KDeERZvBMznpujIpVzsxz
QnNYAfKk+8QTIbD5f/3rX2FYXJwHWx37b0s5/7bq3265j9rfg2tlOJy6due4
Fj3a+fbagvsa/k/AfS3r2Gpex1bDOracdfAXgX5D47+mr93vrvXwb3lbpATC
QlUDbNYMx6WoE6SfvWmIDlYwsjud7+789hWL//bFCwEcn/6LF999zvD7vd2e
O+/Mhwxs7rbFV4eThI/0+C0X8hrsW/So+gzI/+a9Ay0EV7vqCxBQHfSkoLnN
rtEXGwMmuMgwBqRrxnRXtdtgxoBcCKWdZQvFHdnCDH4bRYHmDGq0pIEFuq00
OwfFKp7Nk/hsSVYIC5mZ1hBIWgNbzYA7xilLLuYLMS/Ce61dofLsApdp7FSZ
BnDMwRQY2MSYxdYUFvCwDAMIkeNWvUYmefWF68e9YTvqjNmnfnU4ytCo8z05
oywr0b8whxkLfnFGLzb8WPgzzQbGeXHnzVS0sDlpK2jOgGUKLLjF74EpzQa1
Rhnlm218kpXouMSFoitLvC1gKrGAtH4IinihYnuOLmnYRUBrq7rkCcT7Ys5p
V1BVrPC6wAJFPw/qafNSqw+oLQnmXGZarQItfhs2CwtQw0efHj16tDOURTmP
ozgzoNYQzbMZLLJZCt4EO96k28O2fHo6JOkLf/Sf9vaG9bXF6G65TOU12iMB
K+7MpyGAkfSfcDy1TqMCkQe9b5OLEJRJ0KtgUx314MFLveY5nMSDB6z7gKmA
qoj4m5tOo6UBsamQnZJJEmGMhDRS7Zoh3TbOxUwQ6CMJIh4a1xqqdIzz0Sd0
zcGLRT3KQSrjIvtnZ6hEp+MlrnAA6hHyN/LbrcKXgtFLSRDH6GFtDHDO0Df+
T1yWr1yOM9TywnGeAXXPFkkZz5PIc2XiaoQH4FL6CGSGiJgDYi0WjpMEjIIL
eIBsIzbEYD2IGgguzZ+sAkg84guf+g+FozLZCydgglVrCJaCKCvCRjc3QJgI
IvQoihaKStMn1O5A3oZrTh/V3SbQazMQKN/VaDcZUSegp+WwNBgiBGNIcpUy
JUrDVuXvikStf+OPQuWKma1RlUh8NShcdWXL07XqypbWodw3bjWsaqu+zi13
1JYjw5vk7W0SuFEo/0HT7dL/HhGr2d5VhoWwZqJ6YyD6gvz9lel23c//xs1+
21F7b/b7Byeng/7Ju6P3H1STQnTX6bY6atA/Bkri2dQK1fQzjuJ9793JD2oP
fXP9g+/7H+6zWVjduwOc7/B4/7/6r1Tn3qu7y3f3mq5BL//PWd3WSpXdU9vv
vtmVKnznj2QBLs3u7Aql9jWzv4gr6qb99x9CsyuMmM85Waayk8Mf+wdq656r
w/+h6dDv3h+cfPjzuDFAas/IWkDR2429tdMBvrvTFbeb3etXd5eh9+N3FXb8
O3Hj4/7g6PBg0P8TT9al2ce76gDzmhJ16CR7oNL8CtSvC1CuTlj3sgNlkn8r
zXasb1+tcvl8Fs0yoyJD6r6rw/+xWumHe0635e719PDH++PdXb5b7XRx3QPa
8bKXzcCAARPL4+09N9SEThc0N15FYJgk0cR/dFBG84J85XdQ9h48YDvZiUSR
HVlS0oJNqmG0HbrcfWgsRi8O1iUT2bPdjXNWnCRDl/aHahzm+ZLiaanylSqE
fcYu9ctpBpsZ+g7GoZODts72QT8EzmUtYHIvwA8UgjRxDUmKkc26KtmwGzz2
wAQEjTmLhee95/2l1ibWjoOH2up/4k3CluXatXftSd6uAuBpPvXeAOYtwL3h
3IjFdFSPQY6b7GGEV0StAN2cDMdJ6kvk8xgyjRDBC9J5s2uBW5sWUMETg6ip
DdES5QmH30cpvGv8Ev0BrjY33OS0wdt8TzxN6xZfzWYQPKuirA0j+k4imluQ
R6Kr8ozlUvhWCRCqRcHOsoKTEhAnjAPoq/V0UqWSLJV48G4VuCz0Gg/Ngy+r
rrcAWB7a5EWYrK6q14DG2z0/lIRbg6xNsg/R83lXvZZsSfEHObHmlhNkNtFl
ijYzwRriY78N+q6052giEpWQ0D8P68CJU61NA/i/XnPmPGeSjYHRLJ1D1O4v
BoQk0HyMluL/scDW3vyHxmDop+OM8guvvrBL60TyLXD0XxCn+FVlzWGE33ik
NA+XSRZOgtbVFRVGCMJ1JIsg6qD7fnZzs6kRp4qlSAFMKTLUBkTXExU5IV8z
/RBZKfP56XB3DdGy16shz+NZd7vq9ZJc75sb+y6i1d1GjrFq4q/qE/eO92DS
YBDPsEIiWXqgFUIS2BrI/YYda1JbveWd37jl22b+qj6z7BkQ9IQ8vW+zSZSw
W9LP0AbONKuly7B3GEmEiHQazwvFqX1ZGtj3PvbiDJhEo3QyBM+g8x1MQD6x
JKcJ24mTB6MIEJJTBmgZmsEocefpebWMpZnD8RhzLQzyLptmriUrsVjdt6lD
4p0vZG/aV7s6YRB94062IHzMtLc0aEiOvj273EkwBFy4wJDIogikCsnN08VT
peWfULBFUq18hRF4DpV7UFomBWVu9A4ly4IfW2hhxkH+6FPMKUH1HXNoh1Kl
jtaqXcT0OzoGo1ovkxgDiYOeau08evK8M4rLzU3A8VeNVGJx6jnGrt7B+oKR
mcFJk2lxeugTzOBj5cANRdqQhkk7jkzSDSXfVsIHks1jMk7WhLfc/W2r1s+H
R8evW0edx8+ftNXghx5++LwNKprC7Ojrr2RHgbsjTpPGo5LAmMQ6RbkgEqFE
Coks6pDKKq7xdCU36prdPdW7yxGIUVlmO0+f8iafbu+s3uTzNez9P3nLyH1V
C5gnHOfO02e0wZ7JxT5GtvUGxEjpiH3NSliMX10R5+0GJ5ZJmAw0ZTPQDDtF
20HCLo6gxgDsYk7cTQ3dkNVpgq8fukxgADyRa3mCJjZFAWasrwEOQSmpzObZ
+NFDHXA5/H3HjSTDASmtLgiB8Pt/ODk5qiYYF3AMM0mmkvw28ypd/CCRTcvJ
MFK30xktAcgxAQJDi8KujHZby0CjDdJMB5gihJM8llkY1p1zlNXEo4ErT0BX
BC6w4ITLRRqjRgoqPc1g01hexecgYdzJEOcBJRQok1PKG4PF+Kaps50fo6Xa
f4XDfwY2jvyjg4+Adu3sTEOTsfnLQswtVC5pKqf2Nsub5vKjogAQWNYoW6SU
UGCS9lhP5XXZDRqssZm6XgpeJa3HHB8hFE0OKEPlj1zHtwqDtn0M0jn19kWk
tEYkzOPUofVTrBBUAKhk0g7yaE7VShFl7+YR5zDiykFhu4hSDDqjloqeFl6q
uiJ7BfSIcvvZqSQOnCL7/obrNOchnLzA/hTz7b7d7nZ3/vf2s872d94jSJUz
srNOKUv1U/nto2738Y7/lLNo/NlMdFOB5De0xuC1yOxFEZ5H7Yr4L8Yg7pWp
kCQDj/gbmQ42kYHfGSBMAXRDZwlDBhwSICfF6JECYsYGSRklcqI6BIx9B5zB
UTWgdxxTmrgakl1XkQWjeZowKvQiWctYJxPTyQt7ZA2ct8nZQKb4Brl36Ufp
cWnA8Dg0XKi3vV8JB4f1gxlS1gJNWwpTjurZoNaqDMT701W9ldF5QGH4P58R
tt2XK/NyOCVQYUGFpBC9ZhzCdFLkTm1NmZqLhEYdkxMARQeNP0APzEYI6jYu
LRyYRW9wICYo6X6cyC5an6S13xBNu9Y26ayaAxk8soo/D2QGibnQCeey4Nnh
VKaI3hS2gO2AGGx0w2tZiboGboVc9hosAqnZUtfBtQ6gXVf+S59htBdLulaP
4P/tUXzdJYujWpSI47zQwrXavuu4WhI7DNypDN55tPKtxrHsjn9cHf/01vEw
4kll1NerBok74PTd0aveCY58Whm5vX3LbuH5Z9UxKyFEvhh4+qvqiGerRsDf
ez+eDk56J+8GMOh5deCKnaGH3EHeTslqN7vILY4zXhUbklunpZDPQSVBEBjf
xijJxh+jyYbqUM6bzE6UMEHBMcEUIFQAok9YGxpj3sscfcSlaGyhTiJDvgIk
N4S18FLQrZoj66omFYWF0FTBIilKFzMRSC6Ctx5ttulLF3tb2/JlDTVbO/rx
Otq1Hld/az2Rb3x8aT31p289k7/pnFtfyV/uGbaey5ctUP43QaIZAIgwIyaE
qrcYpMCE8C9jdvJvVIhMMtuUXBaVquVCV+5W/RGGu9jXOBzmVWTz8B0es4rP
MKd5i6r/af/vvb0TYTQ83QwdDGA8hgl7xrgOFQzjkFKi7NCj4/7r/b8Ls3HG
FmWYl44rVSawAwfvXvPAncpL08m6YXuHBye9/YOBcBhnoDitvHFYoLbAKn6E
nxCXPZQKcVmgOsTl15cX2oYIXYxnWyvLJ5jqqcrFPGERS4KPX14Erah73gWR
+X4DgIiRLurQ0VYbWBCO/yWRUmx8GG52lYsrkiGsqO6Vypf4BaAg0CcVJZwT
TEovKMeRLgQXIGDZnhrSlMcw41C1PLOQKLojabaoNqENiuSbFGB48duqu+Hk
WF1dj09LWAgmleWA2O/IR2AXvUJKgAw42zxcNimqHVWmu7l35zFmI5K2S2tS
aF8mAgNl5z/IFPULSUwvBXdJWI5tCpy9oYXyViUyX7vg9AapYgVU9LjQTNPO
DSePkAFr5CJKXC0DXhqF42ltqXwSiGe/hXM6BGsYp0uJhnG6VGZ4pk9Dhl0a
lqZX5rA03582ILXSmk0tR93eBJZXRybx7zfq9oUYalUVnDXjBlU+MD79UI3i
NMyXHa3Tk0ByX7JPw4zJ1mQXidUiZ1O1WPDc+vzTN4E/0P3NoFJl/IHGOHq4
OoMBNSOZY5P54xgjvfkMJd99TtkozVXdJiI/zr16Wi3otNrANuJzYyLWV2bJ
7ZSWws/VX8WkR4anfpAFKxwkoVrTWvRvjEXeasxgDwsEm3uiwqDppIWFcXwO
3ZmHWIGRS2WWqX60lVtYxT+Skgvi9EafopYSRbbIx4b/Ajf2aYiKDqMJyJKz
oHfwqzF0nQpDVr0KiYdRsCdyGjGIydNnQVJIfYWt85XvVZwkCwzfllEj/Xkl
mqhZDJwyXupholgoOdyzxe1XGMM2hai8U+GD0hB5od67ytiHtmke5aAHPHVl
0k0s7sLXjawN/7H3CmYXudltkqof6PEbHlVFtXu8dIM7WN0EN4xZ5F+gKaKi
KmkKAOTHCOX+moWi+M8AK3IQ/9Rx4tbHS2ziVeAnEOUgqmEgNuSQemt0ANgy
0ohrn0nKtUiF+5zjsyrybzs8X1b5Zydrq+1SvqeP2zuP/7iDDBeTOOusO07q
hYB0yICr6hHDz9jEMGDF1tX0UU3G06Ff9HLgJF9jDT134OnYJkL0VLE4MxRI
WRF3OERt1/y2I6wpDP4pXmQT2mR2ASzzfmdV0Ve8s+rO5k8+i/Bs5gg7jeBP
YHcYwzBZGOMoGNY2MGyb4v+6uu4/C58Yykx/FGnG0zUikUSC/Y5lNK4IxV/R
GIzUPVqMem1txrJqjlQsx4Aqicmqcdv9VBuxcH8gXapPjYZ0E5qXGWCYeUGw
op+WcX9TOZBrW9gIBw4Nk3MQOuV01nXtY5L8fTxXiTl/T1q+b6TQcGlJJzjQ
qhKfBxHOlAkYzYyMhZ1TeeS59jlaMck9wSjlwE6sd9gG1bQE5d01JhEWvB5q
udJo531jYWQ6B2hLLWiw1NAecGxw4JPDXZbn8iqKVo20w3IcJnojsqzKBsQ6
bHNR4SwKJf+FDgrMiBG2NDiz5g+XsmFlmFkcWjOAbOS3DcxrfZvSML9GsTv0
uGew8rE2GG3lXUxiCybxNwA3b4LTCq9D1VQOVpnKd9zWqh25S1Yixlc8l0aX
xD1GeRRiV1SUDqNFuQIgyHQACuogK6VHVuPM+NpJBmA/ODwRQli9F7CkHXwn
s7Ns8iUY0IvHBphzE+gb/TafD3iSgC4GWQGLMrSt7BPYEw1+Nf3pCK55ls22
vcccqPJ38GM2X/hoZdxKIOKadrfCuRQ6QiVwhAoFWDw/w4rt1tHmzijm6oy0
SSJzco9ox4t+X2DUSRdDlMEQnLljp8Uk2zRKLJLowYQkgfWoScwNE3/5hUzQ
IbUBo1xu10NTRpjHK29FL7QOsKAw8ajbpBPP5uXSAK01fA8rwuwIRwBivtjG
xrAqHTe7mCbqj4+5HR2ZL8gCsQ8jr8GVTrivnhZb2okLX3aMLDMuDS+DdRzF
F5SNrTNgJee7no3Qxhpyk0aNMsvKJJuaA7wsmpMBOok4W5sik7rjnLVKPRsx
MDbi7poqVSkz7X+i9qYSB1WK3KwUY6M0CQlq2eLRzpYzXKtn6lr9SsXUWl1r
fBv9VPsBF7E3jeDQjiMsyOf5uFStYjRz5Ma2V9TvPsjwf19zOYBZUuOSV63B
Gfabd/Ez59wZSK7bRQtdNCb0v/m77+Iu5+GcPlsMcvq+P2/lIj4XZu6/Rvjd
/lQzLFH3Ie1F74JgOUPnLXuHGuHaVKvyrV3PynWuPI8qKBo7k7igav59Pfyu
bVw5NsXKTkgH4cjhOTH8/qJXgui1Fp/q6/81Kv6I9Vu7iE2B6vrJNMCWTxGt
/j9u/VVL7vb1/x7cM6jhPq/m+zyk6NMtW/BKr+ryTAfAmHn9bCUQarB1mYhh
se2uSfISNkIlVbuGqdTaz5S2NE43UxBrFDevEyhaFPxtr+u5VwsIO82/jPDb
BIm+Y9f4s1O1QClkzK2tv9VWHzjd2KQnGWkcSjlPSzGAwmIUm7jXmCQvmaOb
5p32TTrhjQ/fFFhY8GMGXPM7doZOPvG6uSWZjl9Rrd1ompx7uGDu56YHJi9C
xTl25m08ezV/z2a0BVhB9uCBiHgrwzmZT/f/Q6PGghivQEBVchRRnQaOjCYa
5qwy8IOUUORkMGqdVBw+5N+mvoX0ck4s4ln07mia6NM8zm2iFdiRs7mKz0wy
VyztYk1TvgAr2h48YLHTTANNLndDADSb3tC+hqYX8sKsYoxtcTDslvAW1b+Z
9RjfCq7HyMhKjMONOLTVmIAan+kTbQg7kAZtekHy4kN8q0glOpcKfdlpKGzO
D7ak15CbpXWzKVwwLjyo6xQ5wKyhPDtUSVyU9PoRvr4iVHAFvflc3LbDiq9z
SH4f7USxijO/vNpP3mEMhl1S1NzN7bihpYyJ31TkQ2UtVXfoXRfzOeuYdBGf
0L4qp3kU8cEWJJRqKZbaS8ZJuNSFCkBNZYGceWufBVyMC8GoHrsT4flzkUCA
N6ZxcHzmM0eP75hXttC+UTub/KQwB6d/OgtReeyxPNYrVRKFYFxladQUNzPY
yU4vi7k8zdPNIEDY+GUmoB1SQoOK8NoI7kgLJJVycF8X2kq2BD1T6OZo0jaa
kdvmBQIHwA7YnIpoqmA60yz7aApQTPtmMCApJTOtpo/T49LTkxLoM2zXOTGp
yvZ92sWxjNDkhy+APdevLWgVgA3e7SfMtIPtZ0+fb5KDYikZYZweQlkXVK6D
e6GKQPLK5hgMAbCU3LRtho3cGIWdkh+648ObNIlHkZQocWZ8JzxPswL2uwvz
Litt4fkRbUUjH5xT70457423hz+dkFbkSLANabkGdj0mlIiTelbrgs6pLabo
C91pOj+sj5eMcGk2noo2go+MNKOmc+bxwx/F0efnl8GXSR6FkyW8U5wLfoG3
nRAwhOoYxzo3WgoY2QdVGWWEKjszOAO+wz4NxMLqatsCv2AAGD1XhzpVd0GN
wgVTrGdZF2VKSImga7PfMXDjaAuti/gZZ9fZR1rd7qaOzTxwHt71jtAIwdsO
MTuD2WuI3NbJu6YcoippqewCFmAWtqszINCnXUhNvaTsx7ZMRjKB7Vq6fAoW
7JRovyysuoJ15tQFMUl0d77QKzY9Y8ZKcwYEuAKWWejFw09mlXipC2UnUCb4
PDL99ymDS3TkbwKDKZyKpPPORku9GHtBRBuIs9A3RuBDZ3FeAFX2AnFYASIB
DWJBgzMrg8c56rhkpyHyGMlNFMjUMI4Iz/aLr9IVN/V3+i4Hum4XWL1LVW01
dBtW4N9kCeBn5lXKx+kwddrU+yXkXa408LrmtysnjWggNVGnWBR1Sv0AsMoY
b0DCS6NKp4wQU+SkibqD/USTtU4N1Ii/qcl7pSrE5RO62Jkun/BKdC0j0oxj
RQG0wz9Wz+aUnSAqreAngcP9mKGsYifF7fxE96VayU30A0dSjCw8RY+WqvI1
w+WJynhOAfLAUXzUGTZCC1wkgRU2LgkDk8C21YnDJoJVXMdGjnXCtElsAwwE
mowuYSI5MrrEyaEXKvTj3vBRY3eKuUtlbXt1T1AVP/r2jGoDDFxXKv0SgAs4
O0d+hjQeODReIREytKlZJHI7CamSBtE2XKR0uWXA3ffdZhHa0A8x+wn5yiXq
GOEI1f1vXIaKTu8xZUBhlqAAHB/j4EpoA1ceRnfNGQuGa0FOL9cHacqoKHhR
XIpL3W/a0Q32ywo3Y2QR/BKl3dR+8MVE+LZJrWtBcHfeZk7O74JBJxfok9uX
sBRGcajWBqTqIi2ofX9J175oKpKMNF6y1PczsZOqhmU0u7hcVtLw8G3XWtky
N8qEvY2nHNWfZPQg0b0KzzEfE+XW309xy8w4T/d6ez/0Twf7/9X/7dzXsFi9
7iCUQlhDVE5FHtqEmsc2NZq4cctFMY370MQ4iuai0VCrvxNWdE24p3DsMVMr
jir5qhtyTGDUKTKahPPSZN4h5+eyHS1RPeuLQWi7Ekm2sfc6r1GIuVsrrPS5
CRiyHgNveUVC3e1uU6nOZk0tCFYfmvsop+g7stHxWnDpXOAsnFTzy5D6aPMp
+O1ZdZlwxlyLmuBrqKC09hpP32xSrC2cTIoqdQsTvL2NyDdC9dzLG3lFYeKT
HqsR4mxUP1D4eEVdnATlngKlaRlHcBP3t4lT+M8hnhcNx9BuePhnyaRiXVT/
dtP23moAdGWHP3wg4AqTttefRT14+NsXVRX0L9SqDip2rfTpA6oDXq3bXcBp
ZYLdGW4sTfTBuq24NBTut8GKKtK4Q36mYYuS4RbVyUZ8ZHMUlbo66zLjQkvr
onaqrNFmdfg64S9fClpLim+qFUY4vdZGG45r6iLCVU/H2nZjwBVRArSpWnay
TQA/THeMJy9lqLxkDWm8IVC12JfeVuzvlv8+3bQNAmmhz09L9gC/f7zz4Zv6
b8aoOZ1QKfuKx3h1H6PlaTx5fxBPmp5xnDNZ/v7go36Gl0vxh81d3NmhhOht
H/iz3wQ6/mfKrzFbDxQjL3uf0EVqqyXJ/Rdy2gwPPg7ZsJXUAbZtzSFg+gGt
aEVT+nfpxxR7tru70IloefTf5Ppx6m5Np6vOG5JLDbILFh+DIMWCMq8atybD
3LYyJMOomN48b0vmK8W3heCyrSa9skUHp9ZF/EI1ZFY/xAyYh5JO066MwyGU
iCu/OCbYn8WyfR5BHbgwDyml5Fbfb0u0/lJagkg/jqsvxuZxvl5ceoYAX32T
peedhMqt8aD0dZmqpQ0brgvQF/ixWdN4hd9mwO1nCNtiUMLG8GSndncYLEiu
ZsQVUQGZ6VjUVe9STJ8P/vbLib5WUa4L0J47dPLpolWUTTZ+Ro3nLuiiOu8i
MdLpwXaILsxb9R2T9WtHdTMV35gD3H+1MFcF6BsIWBbppvRt0xEAX6izgkzB
iSA6mDZo8UhTwNUtxFqNnSXWNRDbZOumSevp0l0AoteLXUMbRZ6BbIYkS1rq
RlWk00mJnq15xLhoczs77Li/6shFG/IwUr0jlfcEUAiv1sP8O8SmR9wa1lOc
CJ1p0Ol220CVFw+QONDtslxS8lQFmqD+PL/xhN9oeYjzuh0JW9HYTRmwwyP2
/PZ8MuKx7s0hiO07uN0Vtgin6ZpLgZeSEkSdXibXrsWlfvNjfvOx/3sV2t5b
mlf5hJmItCxD96OG6mqyRZWjLEM2wOvdS62fgnv3+E5A8iOE0wgUIlQAcDP0
mHMZm9bCgzABdlTEEgTt//1oH7Q4xw/SFOjQt7SWUZIUbp+LS7oeDjaObUqZ
5mp++5SCU+QIIih1BWqFkksm5fsgBLEeFfpCDS3i41wTUmrNbgqOLbXfl1aU
RpdB1VNIcTswrPnSTfM+ThQE+MCY2g2HXa99ojQW0bylZRp9im1ozCgMpjY0
VNIytQiw3dsMF03RcNeyRDag47PyHtq8Ls11PWeWXVL8xVzwQhVp9ErKIqVq
BPceV7mNhK+NG0XlZVS5s4Q7lL2yVxrt4QWSE9tvk9oqveRSAEySFGCir2Qh
97OUpvWQCWbpNrgTqYkLOrqTn4w3GQV1kjDSxja10jd3oxrMd2DjfrikglsL
2ktn4VUVRNNUiMfOSDaSlGhhDdGnabgo9L2WcU5uu2QpXRSn8fm0U0RjEFPl
0m0K18Y7W3MknjV7oF4nsO4ZImdu3qx794H4B7qkKS4yCVeeL0IKBqM35XaN
pHJfVFUfESPzhuK1rntAPEJylab4KWOgmVBYITIwTTN21qASW2V6CT1jFkMa
GTq3iqxtr5lhPhfVHQhzG2SzfX0lPh1gfNprMtpmHud5C8nXoR2UyJcaVEi+
7ZW3FqJDNCycZesrBsnJhzFrIVVzL6B2kAbG+BVxbxyxxvKNy92q05F7Dfs+
ZLrXtf6S9f5NzIgyLk5SHIzE4uZv9l6miePQ4euxMLAQjxdJiHdy2atmc9Gr
QJlKseYx1i4joQPbpZu4bc4twfJ4rj23ppsewVDCZ41CwfX3BLXzl/5SmPNO
12kaZx8lFS07k5zKmxZzbvi5HFM/haAmt3b51iWzRdvVmO/srYs/rnhaI82M
qPelFeOLvsmVxNEnyqkIdMYNFXsxihBZsCdOtxMmv9tluKzrhBJB3TNXNOki
s8BU4KULZEhi+ruNx/GsHMYviqLHKO6jLaotn34RubelOdx6bdH3HrVk0Oad
dMa7vtRtzn+Hl4reWemC5Lz58V3fbOl2/XuNpdmnDBjg2ZIKY1h0hcVSXg2z
kBQ11LDQPmq5AZkrtrBuSOfeMLPjNByrPRlXdj22assdHRmBVxMTpoKOxuaL
i/XoYPFyg9iPod3vvDuTJlTbz4TNPslTLQ1vdjZT4aKBkQ4oFGBnlJ1eSezw
XZetq6tq1hAHnJGKnOb9NRLiLDOvfz+50nY25dJx3gptMtjD3MLG0PRjvj62
wp+kkaUzDx9qMJ/m6ATTnCrNrN/NxNy+QUc8MHm8dFFNF6BbdjBBhs6Oq4nw
cjjiEj+9299Te4cHB/09lIOne28OARMpmKJVJtT/6Dq7Chgzn2ciwOtatoay
kzyB9/LKvZC35E5o4yKJSk8tFkdnmAb13pxGIfRTiAvnhsmCwMPqDGzulbkj
OJPFolpDmYD2+mA9ErvKc60Dtf81vzOt05v46BxM1dcsh25CnTk1Se5wNP7S
3gdoW4HZPBbCbFHUnOwUQFgj2MWA0djqXMoeg5E1oDqzes6aPu8AKIuSh8g2
42gz2AnspfSIx1HdTFDbTVwJpDBW7oWGTRE7Yq3qHLWMKgE5GK95hXF4uvyi
NLwrw2bcBceoVio3K7mHby03J4983X3eRKGBw0ApdVg7bfmAqHkYrVgR8XM9
xp16h9VbhwFb2X6EHcM44Pt2fzDYP/ieC3Cki4mOnZJek+tcSTN42wzeP/i5
92b/Ff7NqKUbXPvJo2dcyGMm2DETsGpkJ8D8cVK/6AZZnUZ+Ab85wx+b4cf9
oze9X53xnFaOs9DQAv9HzC4zHHsVDvYOj/q4d6pftOun1FSDem6xXlw4zm8z
F3YvBAC+A6nx7uDHg8NfDsxcop/GPBVZjlrRolRVuhJSz/PMnkfvzevD47fO
noCOOaUeFciCcDGXNlvcGo3wpoN4U2mN5l8+7xlzFpuoXxo5I1y2OKV7a1ns
Si6nMWilzVMlRQxRlmXmOoHpZC41Ssv2OtbO7JCllxLptVY2abqv9ANGrwOF
zmLunN9wT4/OCIm5G1h1G5o+x3omSjqWglBuDj20YZvhru0lzSE+k7g9dvov
D51+vjJEkIgkiGSqCGYZJ07jTA3dZXdVT4yJSm9XKqXlpq1Ud8u1BAz8QEl2
pAnri021VPUesvhivxDiRM/zZWHMNhPcbJvgNCaf65woqWMwXKehGiNw5Kwj
tlDUSr/tu0vbwJHr0hDY71+G7YcRLG03n6AZJAGzD8qeMrct+f5X0iiKLMFk
alex+BLfMoomyHV5j04DZY3FTLP2ghaOg4m55RKjxK8kCHEKDPqFerLDcSqa
5JTEyAvhh20KqFdYogQzj5EDnO6LgwmGbEtfTibCF2qjbOKcY5vnYYoybg/D
nVoC8yNwTgT09gicVWJfVAnfn7U2swStaw85dIk75kopuWvb7x5UG1onRJjh
28c7mvgosfm7+ji3jTgMaKCC77wxN6vyQv58mKIr+1aY8g3N/x+Wt8CSkiv+
H4WlH/yWligRZsAoSovj9ua2UtNPSsXQhyNRpQ8XCoumfN47lpu0JYiB01RU
gG7jy/wskLrJGFM4IyBRresZmHnvSdpDY54glbpTNiS71OHBjrjxyK/+z+Z2
nNZV49TlmsQKKa6FtaSu34PlunY71+wW649wS2od00RqAGtKJ90bYjVIDkjW
vDZamXQdPMY/aUtTa/qYycXxvUzcohazYjwvSKMfpK1iJIiZCUbRGsH+xwJe
7di2eSrsJqOWfGz7SvImfy/OYx6taywtwAI0nUgNPKllnJ/xWVNqzVguriyW
YB3M4K2s20nTYSwGNM4xCY+j94MDdykY0tqsYA6widEo8dVKjoPxMpE+Dxrr
2aJEjJ8s+G4BbjWu7y9AqMiaNZwdV7SJSo3Rysq1aYiv0q9xbG6wrSvgxhgt
vnQsQT9OwpjNsegWxkot+KIElZ794q5D3TT3FZBzGnvj0QjFkeqiXkbT8CLO
sF6L0LEzki9uJOW80TapFOjUDZGevYQhkYT3iD1NDn/ndFo3s886i5x8W20p
gjKKx1lIQNmZCBt6062hXrKwSSVvoDPK4ZeIZLHIz6j5Gi5RkE9iKdS4eay1
TD9mN80Szr9dpHQNT817xPiVcAzWLLZNcSKRPjrGLIkbmtCjME/wEhkwAVdl
NEkOMG8hMJFrqt/iAF1o2Rv3D/ND7ZK/bjkPY0dbQyueSfusc9RVnTIyxhuj
8lIDYwz8VBll6za3zubu6tPS2Mx5SPIq8n4k4RygzZUglROm2GPCbhl3IGZ0
P7LxHkReaSgFB9cGe0OaJvEsSH5UQRk6DvZ5BoQ0opRa6wm1sTeL8BqpMJGs
ZKaQpeQfQ/ZAqTAaxwBmJihVEQDme0ewwOaFfSTe4TK8zhY5fgW04UcWh77d
QgYb5QZfApVNeTAdtHd1CprRFbco06KYcONyQWYp2TGVouRv7KQUbg9TWzpF
NbLwpKYW8d1I9bT4+WjjlEYhjdOx3SHd52a9jMWu4muCwibeyi/2/Z2OA1WO
iBFH5tSCV/JeJBiMSwkcrz+jJAKH2zMkVC9e+rcGa4UR0ZVz5iipVBukVdUm
yS6D4CVd0FdMs8uCLxzmR21+A8AtSvHWQOfeNGa72psXOH0hDBLB1lDdyZeV
DhzMXyWTg8Wcbl4X8LSIAnLlYlMRib5LlQpnooSqrfg2Q93kPtDBT2oyN9YJ
HXLbo1YQZKN0U+HKS5MLDprqvl9Ge3a7wjRccl55aKtp3Jbzu9u+BjVGdmI3
Nj3ihyQefO181ZPbK+HjtWzV7dCz5bTMWbvirYYVbzkr3qqsWL//1n+3XXJ+
XZvTtpDif14s+v0H1byT9XP+Aeuky+CdCOV7pSoLb7ob/i7r9PWg9j3XiT9+
aBh0nzlx7y63w+jozqb6Hfb++67zLnN+++KFUBFzqxcvvvtPXKflIcpNaVYG
3r9p79U5xZdZ51B3n/OW7z5rna9R+4j/KZdD/j5zrnnk7nN6LOmq8ZE7zenw
Ovzbz1z7HdYJ/9jl5XxxX/5508hN/iR673ocF4ike+85r9UbVDZcDeaWtd5h
ncPqOr+89zrvMOC+c1ZlXFXC/Wl8nrQziray+tchJdLPw6XiVR17fUWPiYpV
14g3mhvF6LQRcV9W8jptdLXqHwvmXu1aQ6xK32OlG9FR9xubZ05BTrIqzNAv
C+2Z8C4cEcU2pEhnJX9LsmnIK+t4D9ek1sRUZzPn3MFYd8ZHz8QFWJGoIQfm
vvSHEssjY2OgnVF+CjlA9fDV4a7qTSbGzyTuJ2Pz6JHc5oBVf8mC8QqOjGqu
W+Jwtyvz5zTEBJQS/sYbc2Fr7Hl5gFdE44Qnbwa4UqoerK4SK/AaXNO6mJAR
5eqLxiYmQUBTxoXTpQ2ArwtFKwXreCXOcpU/PKh07nE66tTzXDELxc8/GXgX
IJgMlMbcE84+OXmJiQ0N5efXyu/1ZK5UdLfeyV3w6AvgboMj0pp306gp2VwB
yTH6NiLxJxnY0OsmyrnNkXFKcCaoZ1lsNDUQ0FVnYpvyzYD6MkBz/2jTvaO1
+0c1UDGbp3L3aKVJH0kZzNupXDXa9Bhm5zTdLNr0LKbiNN8j2vT0E+XfGtr0
DGbU1C4JbXrwmXKvBG16Ai/91BeANv2Od3tWrvtseuzrzs5TXPm7FA6Yr5S9
ZkA9pcVS/Qt9uQKDZT6NvMtVl4PaUmLE2APAPX2dFVFvXFhc1BWaPgGatnYe
mbCPvxvw7YjaOUS345obrW+5G1d8MuIthsV3DUU51y/em6rcazh/b8ry7t5c
S12rKMy/c7PSwtEQWOV6zabHdlTtMs2mxx6rhsszmx58cj8ENfN1/EN5UTuT
PxQ9NUJ5zjgn6fHe2LU6Gy5ws+E+G7NEFq7BqRo2rUrBtH0q12dbNj3XlFTZ
9Fxj9mTTg415kk0PNiZBNj3YnOXY9ORXHfzP69d1rPYTHhtRdgUG/XvYKwZf
UDceUxdAE7bmI9e7ytFprnJNmA6vY83TDxibsGaAVvsoHH9EtdKpohzXlUu6
hwxR9yOopqaBllaBR1lW4gbmWsO/+sJ81YERHT3CdD3FrqA2vYvVRIXVprr6
sdpdFGMkWKofaA17rjMmqgYFXj6S01xUP+tmnqMdQnuaxvNAV3Npe4CDgbHY
D3zZ7UW24G3jTqnzgbjzYUWjKOAmRABJveoZFWEvTBDW6dsKm6G2rZTJ9sPJ
yREWOvh1F24PQD2jZM5yjaAOdF9ijiotQVFEpVgUaJXFHADgeBZnwQfTRW4i
CRp0tkSTl+chuK7OFbsMDysuxouiqDcd2LGNC5/horm/V6grlxkYnJloEu0L
0xmPszNmsdQReR1I3u5jTHQAJMzLweZ2pmXCBawdVQkuBGjL9V+gb4TIL5dN
7yo5MI5A/rH/KxkhMHdGaR57+ycnuivYejTXRfhu0WUQDOIZWJZ5smyryqFp
nF01k2CvRAJJLjhFnTPgMVIxLfV1F3HIV9d03FICjdS25yCi95zbFiMqBGKM
aqkDahcmFpXAVmTgZTSaI0SxOxHBcxJdxNhWDSsqnDUQFo4wLzPVF1GrM4w/
wcIYpSV3qHe0311H6Zjwy6uinBuyZoEG8fQqVjYyJPigSWQFW7khXZKkPii/
WA4CYvqcK6qvdvm+s2jyYuMMdhCRrwSsehWaJ0kBxRaewEeT7Lx5DGC66k/i
MsPkMb7H6AirZqgtDzU/ptbZunF1jlkiSI0UpWPWm51hwwAKSeMh81fK64nH
iMiFMAS8ThyVZ2i0d4R+O8j6OLvh0U7zUh/AKVATCadHl71aObt7P1CYqZeQ
G4pD+2MQWUXMe1lb1kI44RteAbZ7IkAd8S0HZF+Tpe307zMOG/qes++0IMVe
vuSzquQ5xtXWE8o2oHaycBDppd2El/SPu3zFiGnyxP1O3pHt5N2qRrf8VGn7
uk3ar/hQKhdA1fpYNzodnG0PJBGdUy50zpGO6eM4G3Vn+Q6D+p/mIbUG8/BA
I5qXPpFHUWc+DfUzLUNnbaeRjW3tsmkgNtFXLdvTsP3JkN35CXaFvruUspai
yalNiyRco4z1yumaogiuNXSaJegBVSOzOUEOdjFJOLtsLJ61VwILnMP2qxBD
4KGpPdXNI5sq69ii/Syi3V5FtOQQRAoFfJM+RzgFJ5Fwxxq67Rxdgf5dHAmc
0CJ0gS/QUa4/wCikZK3rvIfb7XU9lWO7man45ki8FLctt6q15WratsmZoKva
dadWS2xNd1lUsMfND9anIKtZ2bNJc2BWMFzc/7yRXs8nDQMyFmXzsfgVHFaF
dYdjXYAIu+db7jQQZd9MEhod4XtMDjunbiieduuRrTQAr7JOYvU/sVxlvgwi
TUzNKira8qjtZ+hW5k4Eus0TJrQYFj1Ro2dPLN6fU+sCygqWhvrcQd3krnwW
/j9ahf8IYNAaRiGoeupttEgxqQ+0mL2Mz0ke0f0+zqh8xYERq8ScBETgL8Yh
JQ2CWjbBHK4Qu98pvM5RDvX/Ar4tjxjsyQAA

-->

</rfc>
