<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-schinazi-httpbis-ohttp-ext-key-config-00" category="std" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="OHTTP Extended Key Configuration">An Extensible Key Configuration Format for Oblivious HTTP</title>
    <seriesInfo name="Internet-Draft" value="draft-schinazi-httpbis-ohttp-ext-key-config-00"/>
    <author initials="D." surname="Schinazi" fullname="David Schinazi">
      <organization>Google LLC</organization>
      <address>
        <email>dschinazi.ietf@gmail.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <area>Web and Internet Transport</area>
    <workgroup>HTTP</workgroup>
    <keyword>oblivious</keyword>
    <keyword>HTTP</keyword>
    <keyword>configuration</keyword>
    <keyword>extension</keyword>
    <abstract>
      <?line 40?>

<t>Oblivious HTTP is a protocol for forwarding encrypted HTTP messages. This
requires communicating the gateway's key configuration to clients. While a
key configuration media type was defined for this purpose, it has some
limitations such as the inability to convey key lifetimes and
interoperability issues. This document defines a similar extensible key
configuration format that addresses those issues.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        The latest revision of this draft can be found at <eref target="https://DavidSchinazi.github.io/draft-schinazi-httpbis-ohttp-ext-key-config/draft-schinazi-httpbis-ohttp-ext-key-config.html"/>.
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-schinazi-httpbis-ohttp-ext-key-config/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        HTTP Working Group mailing list (<eref target="mailto:ietf-http-wg@w3.org"/>),
        which is archived at <eref target="https://lists.w3.org/Archives/Public/ietf-http-wg/"/>.
        Working Group information can be found at <eref target="https://httpwg.org/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/DavidSchinazi/draft-schinazi-httpbis-ohttp-ext-key-config"/>.</t>
    </note>
  </front>
  <middle>
    <?line 50?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>Oblivious HTTP (<xref target="OHTTP"/>) is a protocol for forwarding encrypted
HTTP messages. This requires communicating the gateway's key configuration
to clients. A key configuration media type was defined for this purpose in
<xref section="3" sectionFormat="of" target="OHTTP"/>. That format has the following limitations.</t>
      <section anchor="key-lifetimes">
        <name>Key Lifetimes</name>
        <t>The security properties of OHTTP rely on periodic rotation of gateway keys.
Many gateways rotate their keys on a weekly cadence. However, the original
key configuration format has no way of informing the client of the lifetime
of the keys it contains. Clients then need to assume an expiration time; if
they didn't, they might keep using keys past when the gateway forgot them,
or worse: they might encrypt sensitive data using a key that leaked after
its expiration. Since those bounds aim to be conservative, clients can end
up marking a key as expired even though it is still fresh on the gateway.
This reduces reliability when periodic key fetch operations fail due to
intermittent connectivity issues.</t>
      </section>
      <section anchor="interoperability-issues">
        <name>Interoperability Issues</name>
        <t>During the development of <xref target="OHTTP"/>, the authors discovered a forward
compatibility
<eref target="https://github.com/ietf-wg-ohai/oblivious-http/issues/285">issue</eref> with
the key configuration format: parsing multiple keys required explicit
support for each included KEM because the length of the HPKE public key
was not encoded in the format. This would prevent deploying new KEMs in
a backwards-compatible way. The authors
<eref target="https://github.com/ietf-wg-ohai/oblivious-http/pull/284/changes">resolved</eref>
this by adding a length prefix to each configuation entry. Unfortunately,
they did not change the media type when doing so. Since this change to the
format was made after the document's working group last call, there were
already implementations in production. At the time of writing, there are
multiple billions of devices in production that understand the
"application/ohttp-keys" media type as not including the length prefix.
Other client implementations support both formats by attempting to parse
with the length prefix and falling back to the older format if that fails.
This runs the risk of segregating clients, as described in
<xref section="3.2" sectionFormat="of" target="OHTTP"/>.</t>
      </section>
      <section anchor="conventions-and-definitions">
        <name>Conventions and Definitions</name>
        <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
        <?line -18?>

<t>This document uses terminology from <xref target="QUIC"/>. Where this document
defines protocol types, the definition format uses the notation from
<xref section="1.3" sectionFormat="of" target="QUIC"/>. This specification uses the variable-length
integer encoding from <xref section="16" sectionFormat="of" target="QUIC"/>. Variable-length integer
values do not need to be encoded in the minimum number of bytes necessary.</t>
      </section>
    </section>
    <section anchor="extensible-format">
      <name>Extensible Format</name>
      <t>This document defines a new media type (see <xref target="iana-media"/> for its value).
It represents a list of key configurations. It has the following format:</t>
      <figure anchor="format-key-config">
        <name>A List of Key Configurations</name>
        <artwork><![CDATA[
HPKE Symmetric Algorithms {
  HPKE KDF ID (16),
  HPKE AEAD ID (16),
}

Extension {
  Extension ID (i),
  Extension Length (i),
  Extension Value (..),
}

Key Config {
  Key Config Length (16),
  Key Identifier (8),
  HPKE KEM ID (16),
  HPKE Public Key (Npk * 8),
  HPKE Symmetric Algorithms Length (16) = 4..65532,
  HPKE Symmetric Algorithms (32) ...,
  Extensions (..) ...
}

Key Configs {
  Key Config (..) ...
}
]]></artwork>
      </figure>
      <t>The "HPKE Symmetric Algorithms" struct consists of the following fields:</t>
      <dl>
        <dt>HPKE KDF ID:</dt>
        <dd>
          <t>A 16 bit HPKE KDF identifier as defined in <xref section="7.2" sectionFormat="of" target="HPKE"/>
or <eref target="https://www.iana.org/assignments/hpke/hpke.xhtml#hpke-kdf-ids">the HPKE KDF IANA
registry</eref>.</t>
        </dd>
        <dt>HPKE AEAD ID:</dt>
        <dd>
          <t>A 16 bit HPKE AEAD identifier as defined in <xref section="7.3" sectionFormat="of" target="HPKE"/> or
<eref target="https://www.iana.org/assignments/hpke/hpke.xhtml#hpke-aead-ids">the HPKE AEAD IANA
registry</eref>.</t>
        </dd>
      </dl>
      <t>The "Extension" struct consists of the following fields:</t>
      <dl>
        <dt>Extension ID:</dt>
        <dd>
          <t>A 62 bit OHTTP Key Configuration Extension identifier as defined in
<xref target="ext"/>.</t>
        </dd>
        <dt>Extension Length:</dt>
        <dd>
          <t>The length of the "Extension Value" field that follows it.</t>
        </dd>
        <dt>Extension Value:</dt>
        <dd>
          <t>Extension-specific information, with encoding rules dependent on the value
of the "Extension ID" field.</t>
        </dd>
      </dl>
      <t>The "Key Config" struct consists of the following fields:</t>
      <dl>
        <dt>Key Config Length:</dt>
        <dd>
          <t>A 16 bit integer in network byte order that encodes the length, in bytes, of
this "Key Config" struct, not including this field.</t>
        </dd>
        <dt>Key Identifier:</dt>
        <dd>
          <t>An 8 bit value that identifies the key used by the Oblivious Gateway Resource.</t>
        </dd>
        <dt>HPKE KEM ID:</dt>
        <dd>
          <t>A 16 bit value that identifies the Key Encapsulation Method (KEM) used for the
identified key as defined in <xref section="7.1" sectionFormat="of" target="HPKE"/> or <eref target="https://www.iana.org/assignments/hpke/hpke.xhtml#hpke-kem-ids">the HPKE KDF IANA
registry</eref>.</t>
        </dd>
        <dt>HPKE Public Key:</dt>
        <dd>
          <t>The public key used by the gateway. The length of the public key is <tt>Npk</tt>, which is
determined by the choice of HPKE KEM as defined in <xref section="4" sectionFormat="of" target="HPKE"/>.</t>
        </dd>
        <dt>HPKE Symmetric Algorithms Length:</dt>
        <dd>
          <t>A 16 bit integer in network byte order that encodes the length, in bytes, of
the HPKE Symmetric Algorithms field that follows.</t>
        </dd>
        <dt>HPKE Symmetric Algorithms:</dt>
        <dd>
          <t>One or more "HPKE Symmetric Algorithms" structs.</t>
        </dd>
        <dt>Extensions:</dt>
        <dd>
          <t>Zero or more "Extension" structs. This field continues until the end of
this "Key Config" struct.</t>
        </dd>
      </dl>
      <t>The new media type defined in this document represents a list of concatenated
"Key Config" structs.</t>
    </section>
    <section anchor="ext">
      <name>Extensions</name>
      <t>In addition to providing an extensible format for OHTTP key configurations,
this document defines two extensions. The EXPIRATION extension indicates the
date/time after which the key can no longer be used. The NOT_BEFORE
extension indicates the date/time before which the key cannot yet be used.
Both are encoded as QUIC variable-length integers representing UNIX
timestamps (number of seconds since January 1, 1970, UTC -- see
<xref section="4.2.1" sectionFormat="of" target="TIMESTAMP"/>).</t>
      <t>The NOT_BEFORE extension allows a gateway to publish public keys in advance
of them being valid. Given that and the EXPIRATION extension, the bounds
can then be tightenned on the validity of keys, increasing both security
and reliability.</t>
      <t>Gateways <bcp14>SHOULD</bcp14> provide some leeway between their stated times and the
actual times to account for a few minutes of clock skew.</t>
    </section>
    <section anchor="parsing">
      <name>Parsing</name>
      <t>When parsing the list of key configurations, clients <bcp14>MUST</bcp14> silently skip any
key configuration that carries a KEM ID unknown to the client. Clients <bcp14>MUST</bcp14>
also silently skip over any extension for which the extension ID is unknown.</t>
      <t>As mentioned in <xref section="3.2" sectionFormat="of" target="OHTTP"/>, a client that receives an list of
key configuration object with encoding errors might be able to recover one
or more key configurations. Differences in how key configurations are
recovered might be exploited to segregate clients, so clients <bcp14>MUST</bcp14> discard
the entire list if they encounter any encoding error in one of the key
configurations or its extensions.</t>
      <t>If an Extension Value field contains more data than expected for that
Extension ID, the client <bcp14>MUST</bcp14> treat it as an encoding error. If the
Extension Length field is such that the extension would extend past the
end of the Key Config struct, clients <bcp14>MUST</bcp14> treat it as an encoding error.</t>
    </section>
    <section anchor="sec">
      <name>Security Considerations</name>
      <t>The security considerations described in <xref section="6" sectionFormat="of" target="OHTTP"/> apply to
this document as well.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <section anchor="iana-media">
        <name>Media Type</name>
        <t>The "application/ohttp-keys-ext-00" media type identifies a key configuration used
by Oblivious HTTP. Note that the sybtype is expected to be changed if
non-backwards-compatible changes are made to the format. If this document is
approved, the "-NN" suffix will be removed before publication.</t>
        <dl spacing="compact">
          <dt>Type name:</dt>
          <dd>
            <t>application</t>
          </dd>
          <dt>Subtype name:</dt>
          <dd>
            <t>ohttp-keys-ext-00</t>
          </dd>
          <dt>Required parameters:</dt>
          <dd>
            <t>N/A</t>
          </dd>
          <dt>Optional parameters:</dt>
          <dd>
            <t>N/A</t>
          </dd>
          <dt>Encoding considerations:</dt>
          <dd>
            <t>"binary"</t>
          </dd>
          <dt>Security considerations:</dt>
          <dd>
            <t>see <xref target="sec"/></t>
          </dd>
          <dt>Interoperability considerations:</dt>
          <dd>
            <t>N/A</t>
          </dd>
          <dt>Published specification:</dt>
          <dd>
            <t>this specification</t>
          </dd>
          <dt>Applications that use this media type:</dt>
          <dd>
            <t>This type identifies a key configuration as used by Oblivious HTTP and
applications that use Oblivious HTTP.</t>
          </dd>
          <dt>Fragment identifier considerations:</dt>
          <dd>
            <t>N/A</t>
          </dd>
          <dt>Additional information:</dt>
          <dd>
            <dl spacing="compact">
              <dt>Magic number(s):</dt>
              <dd>N/A</dd>
              <dt>Deprecated alias names for this type:</dt>
              <dd>N/A</dd>
              <dt>File extension(s):</dt>
              <dd>N/A</dd>
              <dt>Macintosh file type code(s):</dt>
              <dd>N/A</dd>
            </dl>
          </dd>
          <dt>Person and email address to contact for further information:</dt>
          <dd>
            <t>see Authors' Addresses section</t>
          </dd>
          <dt>Intended usage:</dt>
          <dd>
            <t>COMMON</t>
          </dd>
          <dt>Restrictions on usage:</dt>
          <dd>
            <t>N/A</t>
          </dd>
          <dt>Author:</dt>
          <dd>
            <t>see Authors' Addresses section</t>
          </dd>
          <dt>Change controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
        </dl>
      </section>
      <section anchor="iana-ext">
        <name>OHTTP Key Configuration Extension Registry</name>
        <t>This document establishes a registry for extension IDs. The "OHTTP Key
Configuration Extensions" registry governs a 62-bit space and operates under
the QUIC registration policy documented in <xref section="22.1" sectionFormat="of" target="QUIC"/>. This new
registry includes the common set of fields listed in <xref section="22.1.1" sectionFormat="of" target="QUIC"/>.
In addition to those common fields, all registrations in this registry <bcp14>MUST</bcp14>
include a "Name" field that contains a short name or label for the extension.</t>
        <t>Permanent registrations in this registry are assigned using the Specification
Required policy (<xref section="4.6" sectionFormat="of" target="IANA-POLICY"/>), except for values
between 0x00 and 0x3f (in hexadecimal; inclusive), which are assigned using
Standards Action or IESG Approval as defined in Sections <xref target="IANA-POLICY" section="4.9" sectionFormat="bare"/> and <xref target="IANA-POLICY" section="4.10" sectionFormat="bare"/> of <xref target="IANA-POLICY"/>.</t>
        <t>Extensions with a value of the form 0x29 * N + 0x17 for integer values of N
are reserved to exercise the requirement that unknown Extension IDs be ignored.
These extensions have no semantics and can carry arbitrary values. These values
<bcp14>MUST NOT</bcp14> be assigned by IANA and <bcp14>MUST NOT</bcp14> appear in the listing of assigned
values.</t>
        <t>This registry initially contains the following entries:</t>
        <table anchor="iana-extensions-table">
          <name>Extensions</name>
          <thead>
            <tr>
              <th align="left">Value</th>
              <th align="left">Name</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">0x00</td>
              <td align="left">EXPIRATION</td>
            </tr>
            <tr>
              <td align="left">0x01</td>
              <td align="left">NOT_BEFORE</td>
            </tr>
          </tbody>
        </table>
        <t>All of these new entries use the following values for these fields:</t>
        <dl spacing="compact">
          <dt>Status:</dt>
          <dd>
            <t>provisional (permanent if this document is approved)</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>HTTPBIS Working Group <eref target="mailto:ietf-http-wg@w3.org">ietf-http-wg@w3.org</eref></t>
          </dd>
          <dt>Notes:</dt>
          <dd>
            <t>None</t>
          </dd>
        </dl>
      </section>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="OHTTP">
          <front>
            <title>Oblivious HTTP</title>
            <author fullname="M. Thomson" initials="M." surname="Thomson"/>
            <author fullname="C. A. Wood" initials="C. A." surname="Wood"/>
            <date month="January" year="2024"/>
            <abstract>
              <t>This document describes Oblivious HTTP, a protocol for forwarding encrypted HTTP messages. Oblivious HTTP allows a client to make multiple requests to an origin server without that server being able to link those requests to the client or to identify the requests as having come from the same client, while placing only limited trust in the nodes used to forward the messages.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9458"/>
          <seriesInfo name="DOI" value="10.17487/RFC9458"/>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
        <reference anchor="QUIC">
          <front>
            <title>QUIC: A UDP-Based Multiplexed and Secure Transport</title>
            <author fullname="J. Iyengar" initials="J." role="editor" surname="Iyengar"/>
            <author fullname="M. Thomson" initials="M." role="editor" surname="Thomson"/>
            <date month="May" year="2021"/>
            <abstract>
              <t>This document defines the core of the QUIC transport protocol. QUIC provides applications with flow-controlled streams for structured communication, low-latency connection establishment, and network path migration. QUIC includes security measures that ensure confidentiality, integrity, and availability in a range of deployment circumstances. Accompanying documents describe the integration of TLS for key negotiation, loss detection, and an exemplary congestion control algorithm.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9000"/>
          <seriesInfo name="DOI" value="10.17487/RFC9000"/>
        </reference>
        <reference anchor="HPKE">
          <front>
            <title>Hybrid Public Key Encryption</title>
            <author fullname="R. Barnes" initials="R." surname="Barnes"/>
            <author fullname="K. Bhargavan" initials="K." surname="Bhargavan"/>
            <author fullname="B. Lipp" initials="B." surname="Lipp"/>
            <author fullname="C. Wood" initials="C." surname="Wood"/>
            <date month="February" year="2022"/>
            <abstract>
              <t>This document describes a scheme for hybrid public key encryption (HPKE). This scheme provides a variant of public key encryption of arbitrary-sized plaintexts for a recipient public key. It also includes three authenticated variants, including one that authenticates possession of a pre-shared key and two optional ones that authenticate possession of a key encapsulation mechanism (KEM) private key. HPKE works for any combination of an asymmetric KEM, key derivation function (KDF), and authenticated encryption with additional data (AEAD) encryption function. Some authenticated variants may not be supported by all KEMs. We provide instantiations of the scheme using widely used and efficient primitives, such as Elliptic Curve Diffie-Hellman (ECDH) key agreement, HMAC-based key derivation function (HKDF), and SHA2.</t>
              <t>This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9180"/>
          <seriesInfo name="DOI" value="10.17487/RFC9180"/>
        </reference>
        <reference anchor="TIMESTAMP">
          <front>
            <title>Guidelines for Defining Packet Timestamps</title>
            <author fullname="T. Mizrahi" initials="T." surname="Mizrahi"/>
            <author fullname="J. Fabini" initials="J." surname="Fabini"/>
            <author fullname="A. Morton" initials="A." surname="Morton"/>
            <date month="September" year="2020"/>
            <abstract>
              <t>Various network protocols make use of binary-encoded timestamps that are incorporated in the protocol packet format, referred to as "packet timestamps" for short. This document specifies guidelines for defining packet timestamp formats in networking protocols at various layers. It also presents three recommended timestamp formats. The target audience of this document includes network protocol designers. It is expected that a new network protocol that requires a packet timestamp will, in most cases, use one of the recommended timestamp formats. If none of the recommended formats fits the protocol requirements, the new protocol specification should specify the format of the packet timestamp according to the guidelines in this document.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8877"/>
          <seriesInfo name="DOI" value="10.17487/RFC8877"/>
        </reference>
        <reference anchor="IANA-POLICY">
          <front>
            <title>Guidelines for Writing an IANA Considerations Section in RFCs</title>
            <author fullname="M. Cotton" initials="M." surname="Cotton"/>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <author fullname="T. Narten" initials="T." surname="Narten"/>
            <date month="June" year="2017"/>
            <abstract>
              <t>Many protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA).</t>
              <t>To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry.</t>
              <t>This is the third edition of this document; it obsoletes RFC 5226.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="26"/>
          <seriesInfo name="RFC" value="8126"/>
          <seriesInfo name="DOI" value="10.17487/RFC8126"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="JWT">
          <front>
            <title>JSON Web Token (JWT)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="N. Sakimura" initials="N." surname="Sakimura"/>
            <date month="May" year="2015"/>
            <abstract>
              <t>JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7519"/>
          <seriesInfo name="DOI" value="10.17487/RFC7519"/>
        </reference>
      </references>
    </references>
    <?line 391?>

<section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>The "Not Before" and "Expiration" extensions were inspired by the "nbf"
and "exp" claims in JSON Web Keys (<xref target="JWT"/>).</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA7Va6XYbuZX+j6eA6R8t9YjU4l2x3aEl2Wa3JTmWHKenT84E
rAJJRLUwhSrRjKx+lnmWebL57gVQC0k59pxJn9MWqwq4uPuKfr8vSlMm+lD2
hpk8+VzqzJpxouUveimP8mxiplWhSpNn8nVepKqUk7yQ5+PEXJu8svLt5eX7
nlDjcaGvAeOcnh2YWMfrQHoiUqWe5sXyUNoyFnEeZSrF6XGhJmXfRjOTqX+a
/qws52Nj+zn96OvPZf9KL/sRg+rv7QlbjVNjLSCWyzm2j04uX4usSse6OBQx
jjgUWGxBTGUPZVlUWgC9BwJQFnkRHwrZl3kggh4Ib/obtbGlF9qxBA+q0Aok
ftJjqbJYjrJSF5ku5WWhMjvPi7InAPtqWuTVHOscZ651VgEZKbuvpXR49z5h
h8mm8g19pveznNhBZNvD3V36u5gO8mK6i2+pMgn2GF1OmEP9xfSPiwf0lXaq
Iprha9iaGFvagfu8O8Q3c63t7vsKVEe7bRC7tHlqylk1xvZjdW3iCy+H3e8Q
C0FJwHlbtpDoQBu4QwYm/x6437N2MCvTpCeEqspZXpCUgZSUJoMSHA9kQIRf
Or1jBLsfwK9D+SbPp7CCd++O+J12rI8DFgNi4B+n9HYQ5akQGRsHWHwohMkm
rafBYCBEv9+XamzLQkWlEF3zkcZKJedFXuZRnrB94f+FKmJSDJ1FxXJewph4
baqtVVNtB/JyZqwo9D8qU2gLvU3TKjOwLtpUzrScQhYLtfzBSvCnq9eyzGWU
GJ1BQeSnmQGhSqyvSnVsFCuqXCgrYz0xGfAgBEscLudVMc+t3pGmlDMssFBd
kZjUlLwfL6poJvGB0AHbxiYx5ZIPz7NrHEdHJmaiSwOyyKjAOhhVPtdFWAwj
rwK1Et6iSoG1R4XYZnFcoopgpuS5AFV0CXHiABr4R8Ux+GU1YQXkwwHCySg1
cZxoIe6TeRd5XEXsB1YltnVzc49d3YsPr4+ePXz09PZ2+xvFKDaIUf7fxCja
YhxuEPM3ChCyETc3F5pplQ9kPpFM3O0toedcPvFv5kU5yZMkXxCCLWGDg/fv
s8N/FyQqxCVWWx1VBYlyzoItDcgMJ4DwZClxKD6YPDaRBPsc7ljiSSfCAP5U
Zcvwyrp1mtAxBS8gKEoutL4CxEjFYLgeyLf5Ql/rYofxzgszhRomG1S9RWGW
SzoU5zs7DoJwnKb39BTUVvhnRgF2ALClgr8ZyCMnGfqayUyD7xCXgralsLYM
Cjs3wRoB5w/STASWLmVs4uyHkjFeQh+nsxLA9VxWljDhc+bKlnJBcFsaQjRM
c9Jyne4IiBjByMLDteB4JZQUFw25J4lQqTxkxQrENpJodQV84XZ1IQxoaJCF
EzXgrDeecV5lMdTepETcWEsOusU1+76doJwQB+iFdVdzhDAX79xpyoPGYRAT
kZNX0xnxEdppS5PAjmAWMxJui9SB8FYD+9T0NzHBXzBXam2iMyAneCH2Kc4r
TeC0ZVyBhtz5G+hwSaIF8hkZwXXL8bBWj1a90og/CnEMzfbqEYOAJJ+nXkdu
brwJOdVzAQkmaGyUQyGJu8E9wFmlc+DmYIvf+OS/boUQ6oMmFrmovZgi9Cmz
W6cvHBF3Hb67B08fbcsFtgivlRsV/RAqVLDU0yopzTzxCuz9UExSQZpgSiRa
c0pt2GdoBUZC+knFud3JKSQeqcpqZxE6m5azYB9v3/9yAv9CyQY75AVbFqtg
TrtN5l0JoeO94CKvkhhuglSBfPw8yZeEY6YXdJolP6XkWEVXxDbbD3xLyL0t
CUjNaPEb1CZPrnX83YycV0kCNj7cjWYqg4veFuwrx0sKHU51PanAdGI+k+Yz
ZzyjHZ9BQQGUPpILKasMepssd2oDZ1Y4+MyGtqMmBY5zOsjmjbUBg7A+py3C
eyziawpv54zVaaKPkj8QR521cfKJ7AxuI1JJwjpZ4Cz8I1SCvDaGwqdQA9rn
zQQSmtcREPGFPQv7KpLxAi4dkAMk5MaiViUocsIgsA5mYchGO9Ccl4Hr0IUt
KZcmgnpqTjrHp++65I50stdmjlcip4PB8jrSGIhzwih461WigjqPc+xwLHSi
hQdI5y7o5mwcWpAVrR/Auf8ETKS1pIteIDJPQE4IJGbiaCRfY4O7qjIXPwtj
r4g3Vk8LPXWh3rvKHclx2kaFGbOVtAPz4KAdmtkzHVEilTnaCLFjCvGGn130
JQ9AFY+VvdOPF5e9HfdXnp3z7w8nf/o4+nByTL8v3g7fvat/CL/i4u35x3fH
za9m59H56enJ2bHbjLey80r0Toe/4gth1Tt/fzk6Pxu+6zm7b6dy0BwfO9gX
g8mU6yor2lyQr47e/89/7z+EW72HjOtgf//Z7a1/eLr/5CEeyG7caXmWLP0j
2ZuAXmlkiIACqUH/50hZEsdpO8sXmSQNBjt//I0489dD+XwczfcfvvQviODO
y8Czzkvm2fqbtc2OiRtebTim5mbn/Qqnu/gOf+08B763Xj7/CZqrZX//6U8v
hRDdvLrivJgiYpYn+RTBs8hT4jMoPuJcd29vj9LCT2z1HUmKkJTXKTCZrN3x
0THoZbAQdxQ+ZSHjo7Na6r4/4EyUTnaJKKUEcx2ZiXcSDYhrVSABSHTfWSpH
9SmMkYMNWZcnowb9uA35z93d0u8W1ypBRAV97HNCBgdFXYlhYJZJq1S69gNB
Hi9RBmNHRFk+wgDVE63WimukrPK+qWko3rWc3pbVGsgblak+v4a2UzimxIxx
3B6IUYnYDduxnG8hQqH4J0zWEgAkpqNNmbzPC4T4/fffBQfvi2Wa6rJA/B4m
U6TO5Sy18gbVMH/95fi1HB3Lrf3H2zvh3fBkeNy8vBXiJPROeF/zRGsM72ve
vXPMX3v/Z6JQbg0GDmTTUWKYrccAwGNEX0Yx+caJgVS2njZ4Uuayirvri/Cu
rbP5lfxRtjZsZEXrPPlCPhwMHj969ODg63u2Hhxsy8Fg0CHRMnX0ukugXaWw
tYykdHMo7zuxtTogkrt5L3pDlGFOBdZ6cLZ362JD705Ee0i+C8RqzuepjxTS
upbCGJ3EFgrTUgc8HaIQhXmNkcLXH0wjhlYVCutpLPKJi233aA/7mf2n8DOC
mjHytzqf5FOGZ0O8R+AEXsWySe8Wi8WAbIT7XaizzDQju7K7s/mV5n8Gn6k9
dJ9+9q/iSd/EFqYj2rq7gQL+8k0ksL+iPTDQvACSDeYO/P8P6grpWsCdxVhr
0veIrW2NnurHB0y1q8zX+7/Njru4AeJubvTnkrOTVdPmQy7XCoXeiqn3HIo+
fWK8qbDuAOSFDK9+1w+hQdbdtxwJAOdwdRgoqoQcup5Td5rqtMyHD4AjXVvD
aHTs0QmsbrjyPbxe81JdNQvhylCfoKScnSMIdCjmlF6Fssm20tEdWs6BZgcn
U0OZoskGBHfWUmasC0R1vaRDK5NPGS1mizu+FrgNzQ4KvjFlzvTcdMfe+F7E
B1RfVRHpYF7O5XbJvhs+YXWSIVOzVeJ071SjrIvlFuBsu6NdE4vEVm+OQ0/h
Dvvc79jnv8mv6LTjV5q4Uut/UxV3mBh6GxtspLUDsvsb4tPfoNozQ+W4BdKx
djlbAyya5Si7Ar3M/rv48rDhSkD6K/Hu36O5+isxc90dfA1Nxu88IxRkmhff
EuRs27c4AP+pi7yBsOZfQ9vWoUYtP5NRqljhR8LkaKpDvmaV3qGspHotAXWr
pI3JHQ6maRo1F2Kx4QzbTjwpz7i5T85ZiFHGvYwwCkDCfm1cayNrN9InrYEf
x4T1bHJHlBuTWOhCMzmzTqdP/vJ+9GFIBUnzCZTGlM47BeHJ3S63GFw7w+l4
3ckCelkukzwjnUMiTubjYKMo+q9XJ6/PP5yIO2DLBvZYT0iua8DJTy51WUMW
r6hLQAVqyPhhQ1Q1rBYcwQ5sIyfi5sez0V8Ed8JLlc6R5jUVgtXgI4pyy+2d
n1VWoU6Q+zty/9mTvR358fJI9vtYpVsF0cPBgXNh9y5HpycXl8NTHj88ffrk
ye1tSAYaRrSYrFwUVXWrmIROPsXOWr6FmzQqvlZAybe1U/CCKIGrNuD0G+Oa
tDRGcV2bjUJ1JZ/rDQsSGrfAx9Q8ms6whjS8Cb3QvHLpaxVLviEqtOLeJDdp
wvhA0ImtTi/ofROGAb6CdnqseQ4FX8OUjuGWtGuUmwJ2QbYi63kTK52Kykol
/iX16KMIqDu9V3JCFgrzLt3YIkry6EraK71g43rv2qhCfOK+s2+qugHBXRVY
0xfn9oI1UKIyWQKomQOp5YbxBLM8UkVhuED0BUyVXWXUv/ANKAe1GTwQdKES
m68cQf1nOqelIERqYw66XagZG84BwUMrU9duWo0i3ebUDpD0HThGvUApTONn
cjCeMRuozMd/B7SVnE0XBTXO3QADOkRmRxQDJBMCVETw1Juq3WMzmeiCpkGs
37N8sWEZ9y89RFBWH0Zt8NyUrvIP7TrdNOts3pUltfepo+9CQGkKrwfcDsSp
RFVFbS7H/w6NhF2eadkMlMQKkr7mb/lVuPIJ8XS1XG4CE82iHHN41ANp8OgJ
fK5zKFV2ioGd9rSLqSphkCUNZRQLsIv2QI4Y4bV83yNh/BiY9aCrXa7fz8+x
m2kRHBc66zzQ580hl+2w++uIkX1ehOHjEWXpcT0DurkPv3K7MqCMums6DchG
0x+39FxSz5rc6UoYBD4LnSSMAiWWK8dz6/aUw/4lhf2b+63mjq80NnfD+b7D
3l6nKd5KntWGiQ+FMoG0sDvCHsizvNSNVOxy7IDZRj38SI/HDjHNJzPUWRvH
L35UwrGSpxHeJYXxDqtIm0FIW0Eg/LWOnb71+mdnyFuqCbXYFzT4w9GFTmlF
CNguVLkxJLhE6PIlDsrYWuwS4qJyxNRf1xgoxIcw6oLTxjLYpEv9znaHQpzP
CRCCwqaPJ0HNuvrCC3pjkyGS94DDZq3iVa6hRxrIydjKcHHDBj73vYvYQLnT
BuUF5Vp3FM66YYn1Exfre7aN9viqBO++RZeg16FkWbkRQZc3ZFsKrSNXNE+I
14WaOjVoGgl3UT30iSqE0ars+fvzOAHNKoIsXvRYG6Oy9xJoPI/Ll6dqirTG
ZVxbdvvw+S5ePo/jl4CK33FYd0wZW8RpAXIRGjApygPqOxLMpLs2v6arM7VD
+9oxp4RmmVtyixTAiNmUU965ZzdOXkLm0DziO3wiX0EK11f8JZoSFLubJlXB
Y69VFpGmDd1I9Ac5rK++WO3vtZDy8U29iq6j8BaaLJyfkYFYKph86MlaK5xc
/BWrbzjkyA0uCd8CFZzvM/CVvZvDdQnesnv8112oD75UD+7T1Tbdpjql3s5q
SKFDce+m2a2Y5yuUXn2ouONQFI01kCllC5Q7yMcHfaqGiRLtRlB824ArQqg0
pwNcN/i9Dug8h60sa1xX48yBz/Y7AxDUi6JGwI/iXXlDN4ewy2rOOl3riZOP
TXA7kFfLQXe1w8NzgHZ4dNbG3tY1ao0O55seJzCldwZD6nTz6nxE0eCtKNnU
KKtJ1FgnoaPTCGbA+p+qzFXAXz2cIo9rzrAyhyz8ouMSG5/vWL/VLq44rt+j
aN1/f/5udPQrF1f7B49RXO0AqUjPna25uZAIlcXe5709Fvre5wcTuUU5pv6M
GBiZVCV/cEKySH63Q8tmHVVxQVNwCqpy6NDBMaOTizdyyEESvu+O7o0F4s/4
9IeD/T1Kq1sEdNuw1iXWyvfd6m5lkQLzg2fyR3km/wM/95+46ZJv7fgpGJaf
0Q1YSeVtce2yA/1ZF5Hx9z/83ZG0TvpDedJOLi0PeqcZwnlMY3EAa+Wzcqau
aSAILYbUSxO5Io1KSCp+SMqws4JKZYcWm63VQSRhXMt1QuAwYhWnYASpXtDM
hEOtRhoDIsM2P/0biHDVqLY52AmMYdloc7fpSxc/ED7h4r74ZPwLXSAlY6C/
X8SXwz7/F/66B6xmRcLqVkntX+/T61Zl/4VnP8Hpeeb1S1cauflPy2PBKQ5h
vU7g1vWcPJYyXN5p8Pfy9sZoddPFhpKWFX4cukLbuqC8Na9N1KxneTJkedsU
UHwhdhhSjnp0HELEUStE+AhBnpjCHL0g7/xqdCE7l6bl8w33oRE6Kb9lbM+o
RLwj0NCdT8poKVEfRqSviY45N7HY4rIHHb/oTVBH63puBtDyFeekPXe/4aS+
H9drqzPdr6HLx+6Gm2/N9rLxpMfdjB4y7R4qGmVS9mg/X0DkdL38F2rGwDn9
9POnS/JCTx7RfYftgfhfSPEFBa8vAAA=

-->

</rfc>
