<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.3.8) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-core-oscore-capable-proxies-07" category="std" consensus="true" submissionType="IETF" updates="8613, 8768" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="OSCORE-capable Proxies">OSCORE-capable Proxies</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-core-oscore-capable-proxies-07"/>
    <author initials="M." surname="Tiloca" fullname="Marco Tiloca">
      <organization>RISE AB</organization>
      <address>
        <postal>
          <street>Isafjordsgatan 22</street>
          <city>Kista</city>
          <code>164 40</code>
          <country>Sweden</country>
        </postal>
        <email>marco.tiloca@ri.se</email>
      </address>
    </author>
    <author initials="R." surname="Höglund" fullname="Rikard Höglund">
      <organization>RISE AB</organization>
      <address>
        <postal>
          <street>Isafjordsgatan 22</street>
          <city>Kista</city>
          <code>164 40</code>
          <country>Sweden</country>
        </postal>
        <email>rikard.hoglund@ri.se</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <area>Internet</area>
    <workgroup>CoRE Working Group</workgroup>
    <keyword>Internet-Draft</keyword>
    <abstract>
      <?line 108?>

<t>When using the Constrained Application Protocol (CoAP), messages exchanged between two endpoints can be protected end-to-end at the application layer by means of Object Security for Constrained RESTful Environments (OSCORE), also in the presence of intermediaries such as proxies. This document defines how to use OSCORE for protecting CoAP messages also between an origin application endpoint and an intermediary, or between two intermediaries. Also, it defines rules to escalate the protection of a CoAP option, in order to encrypt and integrity-protect it whenever possible. Finally, it defines how to secure a CoAP message by applying multiple, nested OSCORE protections, e.g., both end-to-end between origin application endpoints; and between an application endpoint and an intermediary or between two intermediaries. Therefore, this document updates RFC 8613. Furthermore, this document updates RFC 8768, by explicitly defining the processing with OSCORE for the CoAP Hop-Limit Option. The approach defined in this document can be seamlessly employed also with Group OSCORE, for protecting CoAP messages when group communication is used in the presence of intermediaries.</t>
    </abstract>
    <note removeInRFC="true">
      <name>Discussion Venues</name>
      <t>Discussion of this document takes place on the
    Constrained RESTful Environments Working Group mailing list (core@ietf.org),
    which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/core/"/>.</t>
      <t>Source for this draft and an issue tracker can be found at
    <eref target="https://github.com/core-wg/oscore-capable-proxies"/>.</t>
    </note>
  </front>
  <middle>
    <?line 112?>

<section anchor="intro">
      <name>Introduction</name>
      <t>The Constrained Application Protocol (CoAP) <xref target="RFC7252"/> supports the presence of intermediaries such as forward-proxies and reverse-proxies, which assist origin clients by performing requests to origin servers on their behalf and forwarding back the corresponding responses.</t>
      <t>CoAP also supports group communication scenarios <xref target="I-D.ietf-core-groupcomm-bis"/>, where clients can send a one-to-many request targeting all servers in the group, e.g., by using IP multicast. Like for one-to-one communication, group settings can also rely on intermediaries, e.g., by using the realization of proxy specified in <xref target="I-D.ietf-core-groupcomm-proxy"/>.</t>
      <t>The security protocol Object Security for Constrained RESTful Environments (OSCORE) <xref target="RFC8613"/> can be used to protect CoAP messages between two endpoints at the application layer, especially achieving end-to-end security in the presence of (non-trusted) intermediaries. When CoAP group communication is used, the same can be achieved by means of the security protocol Group OSCORE <xref target="I-D.ietf-core-oscore-groupcomm"/>.</t>
      <t>For a number of use cases (see <xref target="sec-use-cases"/>), it is required and/or beneficial that communications are secured between an application endpoint (i.e., a CoAP origin client/server) and an intermediary as well as between two adjacent intermediaries in a chain. This especially applies to the communication leg between the CoAP origin client and the adjacent intermediary acting as the next hop towards the CoAP origin server.</t>
      <t>In such cases, and especially if the origin client already uses OSCORE to achieve end-to-end security with the origin server, it would be convenient that OSCORE is also used to secure communications between the origin client and its next hop.</t>
      <t>However, the original specification <xref target="RFC8613"/> does not define how OSCORE can be used to protect CoAP messages in that communication leg, or how to generally process CoAP messages with OSCORE at an intermediary. In fact, this would also require to consider an intermediary as an "OSCORE endpoint".</t>
      <t>This document fills this gap and updates <xref target="RFC8613"/> as follows.</t>
      <ul spacing="normal">
        <li>
          <t>It defines how to use OSCORE for protecting a CoAP message in the communication leg between: i) an origin client/server and an intermediary; or ii) two adjacent intermediaries in an intermediary chain. That is, besides origin clients/servers, it allows also intermediaries to be "OSCORE endpoints".</t>
        </li>
        <li>
          <t>It defines rules to escalate the protection of a CoAP option that is originally meant to be unprotected or only integrity-protected by OSCORE. This results in both encrypting and integrity-protecting a CoAP option whenever it is possible.</t>
        </li>
        <li>
          <t>It admits a CoAP message to be secured by multiple, nested OSCORE protections applied in sequence. For instance, this is the case when the message is OSCORE-protected end-to-end between the origin client and origin server, after which the result is further OSCORE-protected over the leg between the current and next hop (e.g., between the origin client and the adjacent intermediary acting as the next hop towards the origin server).</t>
        </li>
      </ul>
      <t>Furthermore, this document updates <xref target="RFC8768"/>, by explicitly defining the CoAP Hop-Limit Option to be of Class U for OSCORE (see <xref target="sec-hop-limit"/>). In the case where the Hop-Limit Option is first added to a request by an origin client instead of an intermediary, this update avoids undesired overhead in terms of message size and ensures that the first intermediary in the chain enforces the intent of the origin client in detecting forwarding loops.</t>
      <t>This document does not introduce any new signaling to guide the message processing on the different endpoints. Instead, according to the presence of the CoAP OSCORE Option and of other CoAP options intended for an intermediary, every endpoint is always able to understand whether (and how many times in a row) to decrypt an incoming message before possibly forwarding it.</t>
      <t>The approach defined in this document can be seamlessly employed also when Group OSCORE is used for protecting CoAP messages in group communication scenarios that rely on intermediaries.</t>
      <section anchor="terminology">
        <name>Terminology</name>
        <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
        <?line -18?>

<t>Readers are expected to be familiar with the terms and concepts related to CoAP <xref target="RFC7252"/>, OSCORE <xref target="RFC8613"/>, and Group OSCORE <xref target="I-D.ietf-core-oscore-groupcomm"/>. This document especially builds on concepts and mechanics related to intermediaries such as CoAP forward-proxies and reverse-proxies (see <xref section="5.7" sectionFormat="of" target="RFC7252"/>).</t>
        <t>In addition, this document uses the following terms:</t>
        <ul spacing="normal">
          <li>
            <t>Source application endpoint: an origin client producing a request or an origin server producing a response.</t>
          </li>
          <li>
            <t>Destination application endpoint: an origin server intended to consume a request or an origin client intended to consume a response.</t>
          </li>
          <li>
            <t>Application endpoint: a source or destination application endpoint.</t>
          </li>
          <li>
            <t>Source OSCORE endpoint: an endpoint protecting a message with OSCORE or Group OSCORE.</t>
          </li>
          <li>
            <t>Destination OSCORE endpoint: an endpoint unprotecting a message with OSCORE or Group OSCORE.</t>
          </li>
          <li>
            <t>OSCORE endpoint: a source or destination OSCORE endpoint. An OSCORE endpoint is not necessarily also an application endpoint with respect to a certain message.</t>
          </li>
          <li>
            <t>Hop: an endpoint in the end-to-end path between two application endpoints included.</t>
          </li>
          <li>
            <t>Proxy-related options: either of the following (set of) CoAP options that a proxy can use to understand where to forward a CoAP request. These CoAP options are defined in <xref target="RFC7252"/>, <xref target="I-D.ietf-core-href"/>, and <xref target="I-D.ietf-core-uri-path-abbrev"/>.  </t>
            <ul spacing="normal">
              <li>
                <t>The Proxy-Uri Option or the Proxy-Cri Option, possibly in combination with the Uri-Path-Abbrev Option (see <xref section="2.4" sectionFormat="of" target="I-D.ietf-core-uri-path-abbrev"/>). These are relevant when using a forward-proxy.</t>
              </li>
              <li>
                <t>The set of CoAP options comprising the Proxy-Scheme Option or the Proxy-Scheme-Number Option, together with a combination of any among the Uri-Host Option, the Uri-Port Option, and the mutually exclusive Uri-Path Option and Uri-Path-Abbrev Option. This is relevant when using a forward-proxy.</t>
              </li>
              <li>
                <t>The set of CoAP options consisting in a combination of any among the Uri-Host Option, the Uri-Port Option, and the mutually exclusive Uri-Path Option and Uri-Path-Abbrev Option, when those are not used together with the Proxy-Scheme Option or the Proxy-Scheme-Number Option. This is relevant when using a reverse-proxy.</t>
              </li>
            </ul>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="sec-message-processing">
      <name>Message Processing</name>
      <t>This section defines the processing of CoAP messages with OSCORE.</t>
      <t><xref target="sec-examples"/> provides a number of examples where the approach defined in this document is used to protect message exchanges.</t>
      <section anchor="sec-deviations">
        <name>Deviations from the Original Message Processing</name>
        <t>This document introduces the following two main deviations from the original OSCORE specification <xref target="RFC8613"/>.</t>
        <ul spacing="normal">
          <li>
            <t>An "OSCORE endpoint", as a producer/consumer of an OSCORE Option, can be not only an application endpoint (i.e., an origin client or server) but also an intermediary such as a proxy.  </t>
            <t>
Hence, OSCORE can be used between an origin client/server and a proxy, as well as between two proxies in an intermediary chain.</t>
          </li>
          <li>
            <t>A CoAP message can be secured by multiple OSCORE protections applied in sequence. In such a case, the final result is a message with nested OSCORE protections. Hence, following a decryption at a destination OSCORE endpoint, the resulting message might legitimately include an OSCORE Option and thus has in turn to be decrypted, by the same destination OSCORE endpoint or by a different one along the path towards the destination application endpoint included.  </t>
            <t>
The most common case is expected to consider a message protected with up to two OSCORE layers, i.e.: i) an inner layer, protecting the message end-to-end between the origin client and the origin server acting as application endpoints; and ii) an outer layer, protecting the message between a certain OSCORE endpoint and the other OSCORE endpoint adjacent in the intermediary chain.  </t>
            <t>
However, a message can also be protected with a higher, arbitrary number of nested OSCORE layers, e.g., in scenarios that rely on a longer chain of intermediaries. For instance, the origin client can sequentially apply multiple OSCORE layers to a request, with each intermediary in the chain intended to consume one of those until the origin server is reached and it consumes the innermost OSCORE layer.  </t>
            <t>
An OSCORE endpoint <bcp14>SHOULD</bcp14> define the maximum number of OSCORE layers that it is able to apply (remove) when processing an outgoing (incoming) CoAP message. The defined limit has to appropriately reflect the security requirements of the application. At the same time, such a limit is typically bounded by the maximum number of OSCORE Security Contexts that can be active at the endpoint as well as by the number of intermediary OSCORE endpoints that have been explicitly set up by the communicating parties.  </t>
            <t>
If its defined limit is reached when processing a CoAP message, an OSCORE endpoint <bcp14>MUST NOT</bcp14> perform any further OSCORE processing on that message. If the message is an outgoing request and it requires further OSCORE processing beyond the set limit, the endpoint <bcp14>MUST</bcp14> abort the message sending. If the message is an incoming request and it requires further OSCORE processing beyond the set limit, the endpoint <bcp14>MUST</bcp14> reply with a 4.01 (Unauthorized) error response. The endpoint protects such a response by applying the same OSCORE layers that it successfully removed from the corresponding incoming request, but in the reverse order than the one according to which those layers were removed (see <xref target="outgoing-responses"/>).</t>
          </li>
        </ul>
      </section>
      <section anchor="general-rules">
        <name>Protection of CoAP Options</name>
        <t>The following considers a sender endpoint that, when protecting an outgoing message M, applies the i-th OSCORE layer in sequence, by using the OSCORE Security Context that it shares with another OSCORE endpoint X.</t>
        <t>As usual, the sender endpoint encrypts and integrity-protects the CoAP options included in M that are processed as Class E for OSCORE, as per Sections <xref target="RFC8613" section="4.1.1" sectionFormat="bare"/> and <xref target="RFC8613" section="4.1.3" sectionFormat="bare"/> of <xref target="RFC8613"/>.</t>
        <t>Per the update made by this document, the sender endpoint <bcp14>MUST</bcp14> perform the procedure defined below for each CoAP option OPT that is included in M and is originally specified only as an outer option (Class U or I) for OSCORE. This procedure does not apply to options that are specified (also) as Class E. Depending on the outcome of this procedure, the sender endpoint processes OPT as per its original Class U or I, or instead as Class E.</t>
        <t>Before protecting M by using the OSCORE Security Context shared with the other OSCORE endpoint X and applying the i-th OSCORE layer in sequence, the sender endpoint performs the following steps for each CoAP option OPT that is included in M and is originally specified only as an outer option (Class U or I) for OSCORE. <xref target="sec-option-protection-diag"/> provides an overview of these steps through a state diagram.</t>
        <t>In the following, a recipient endpoint is denoted as a "consumer" of an option OPT if the endpoint is meant to have access to OPT for processing it as appropriate.</t>
        <t>Note that the sender endpoint can assess some conditions only "to the best of its knowledge". This is due to the possible presence of a reverse-proxy standing for X and whose presence as reverse-proxy is, by definition, expected to be unknown to the sender endpoint.</t>
        <ol spacing="normal" type="1"><li>
            <t>If the sender endpoint has added OPT to M, then this algorithm moves to Step 2. Otherwise, this algorithm moves to Step 4.</t>
          </li>
          <li>
            <t>If, to the best of the sender endpoint's knowledge, X is a consumer of OPT, then this algorithm moves to Step 3. Otherwise, this algorithm moves to Step 4.</t>
          </li>
          <li>
            <t>If, to the best of the sender endpoint's knowledge, X is the immediately next consumer of OPT, then this algorithm moves to Step 5. Otherwise, this algorithm moves to Step 9.</t>
          </li>
          <li>
            <t>If any of the following conditions holds, then this algorithm moves to Step 6. Otherwise, this algorithm moves to Step 9.  </t>
            <ul spacing="normal">
              <li>
                <t>To the best of the sender endpoint's knowledge, X is the next hop for the sender endpoint; or</t>
              </li>
              <li>
                <t>To the best of the sender endpoint's knowledge, the next hop for the sender endpoint is not the immediately next consumer of OPT.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>If X needs to access OPT before having removed the i-th OSCORE layer or in order to remove the i-th OSCORE layer, then this algorithm moves to Step 9. Otherwise, this algorithm moves to Step 6.</t>
          </li>
          <li>
            <t>If OPT is the Uri-Host Option or the Uri-Port Option, then this algorithm moves to Step 7. Otherwise, this algorithm moves to Step 8.</t>
          </li>
          <li>
            <t>If M includes the Proxy-Scheme Option or the Proxy-Scheme-Number Option, then this algorithm moves to Step 8. Otherwise, this algorithm moves to Step 9.</t>
          </li>
          <li>
            <t>The sender endpoint determines that OPT will be processed as Class E for OSCORE, i.e., both encrypted and integrity-protected. Then, the sender endpoint terminates this algorithm.</t>
          </li>
          <li>
            <t>The sender endpoint determines that OPT will be processed as per its original Class U or I for OSCORE. Then, the sender endpoint terminates this algorithm.</t>
          </li>
        </ol>
        <t>Compared to what is defined in <xref section="5.7.1" sectionFormat="of" target="RFC7252"/>, a new requirement is introduced for a proxy that acts as an OSCORE endpoint. That is, for each CoAP option OPT included in an outgoing message M that the proxy protects with OSCORE, the proxy has to be able to recognize OPT and thus be aware of the original Class of OPT for OSCORE.</t>
        <t>If a proxy that acts as an OSCORE endpoint does not recognize a CoAP option included in M, then the proxy <bcp14>MUST</bcp14> stop processing M and performs the following actions:</t>
        <ul spacing="normal">
          <li>
            <t>If M is a request, then the proxy <bcp14>MUST</bcp14> reply with a 4.02 (Bad Option) error response to (the previous hop towards) the origin client.</t>
          </li>
          <li>
            <t>If M is a response, then the proxy <bcp14>MUST</bcp14> send a 5.02 (Bad Gateway) error response to (the previous hop towards) the origin client.</t>
          </li>
        </ul>
        <t>In either case, this may result in protecting the error response over that communication leg, as per <xref target="outgoing-responses"/>.</t>
      </section>
      <section anchor="outgoing-requests">
        <name>Processing of an Outgoing Request</name>
        <t>The rules from <xref target="general-rules"/> apply when processing an outgoing request message, with the following additions.</t>
        <t>When a source application endpoint applies multiple OSCORE layers in sequence to protect an outgoing request and it uses an OSCORE Security Context shared with the other application endpoint, then the first OSCORE layer <bcp14>MUST</bcp14> be applied by using that Security Context.</t>
        <t>After that, the source application endpoint further protects the outgoing request, by applying one OSCORE layer for each intermediary with which it shares an OSCORE Security Context. When doing so, the source application endpoint applies those OSCORE layers in the same order according to which those intermediaries are positioned in the chain, starting from the one closest to the other application endpoint and moving backwards towards the one closest to the source application endpoint.</t>
      </section>
      <section anchor="incoming-requests">
        <name>Processing of an Incoming Request</name>
        <t>Upon receiving a request REQ, the recipient endpoint performs the following steps. <xref target="sec-incoming-req-diag"/> provides an overview of these steps through a state diagram.</t>
        <ol spacing="normal" type="1"><li>
            <t>If REQ includes proxy-related options, this algorithm moves to Step 2. Otherwise, this algorithm moves to Step 5.</t>
          </li>
          <li>
            <t>If REQ includes either of the following (set) of CoAP options, the endpoint proceeds as defined below. Otherwise, this algorithm moves to Step 3.  </t>
            <ul spacing="normal">
              <li>
                <t>The Proxy-Uri Option or the Proxy-Cri Option, possibly in combination with the Uri-Path-Abbrev Option (see <xref section="2.4" sectionFormat="of" target="I-D.ietf-core-uri-path-abbrev"/>).</t>
              </li>
              <li>
                <t>The Proxy-Scheme Option or the Proxy-Scheme-Number Option, together with a combination of:      </t>
                <ul spacing="normal">
                  <li>
                    <t>The Uri-Host Option.</t>
                  </li>
                  <li>
                    <t>The Uri-Port Option.</t>
                  </li>
                  <li>
                    <t>Either the Uri-Path-Abbrev Option, or one or more Uri-Path Options.</t>
                  </li>
                </ul>
              </li>
            </ul>
            <t>
In the case that the endpoint is not configured to be a forward-proxy, it stops processing REQ and replies with a 5.05 (Proxying Not Supported) error response to (the previous hop towards) the origin client, as per <xref section="5.10.2" sectionFormat="of" target="RFC7252"/>. This may result in protecting the error response over that communication leg, as per <xref target="outgoing-responses"/>.  </t>
            <t>
Otherwise, this algorithm moves to Step 4.</t>
          </li>
          <li>
            <t>Having reached this step, REQ does not include the Proxy-Scheme Option or the Proxy-Scheme-Number Option, but it includes a combination of:  </t>
            <ul spacing="normal">
              <li>
                <t>The Uri-Host Option.</t>
              </li>
              <li>
                <t>The Uri-Port Option.</t>
              </li>
              <li>
                <t>Either the Uri-Path-Abbrev Option, or one or more Uri-Path Options.</t>
              </li>
            </ul>
            <t>
In the case that the endpoint is not configured to be a reverse-proxy, or the request URI from the Uri-Host, Uri-Port, Uri-Path, and Uri-Path-Abbrev Options is not intended to support reverse-proxy functionalities, then this algorithm moves to Step 5.  </t>
            <t>
Otherwise, this algorithm moves to Step 4.</t>
          </li>
          <li>
            <t>The endpoint <bcp14>MUST</bcp14> check whether forwarding REQ to (the next hop towards) the origin server is an acceptable operation to perform, according to the endpoint's configuration and a possible authorization enforcement. This check can be based, for instance, on the specific OSCORE Security Context that the endpoint used to decrypt and verify REQ before performing this step (if applicable).  </t>
            <t>
If the check fails, the endpoint <bcp14>MUST</bcp14> stop processing REQ and <bcp14>MUST</bcp14> reply with a 4.01 (Unauthorized) error response to (the previous hop towards) the origin client. This may result in protecting the error response over that communication leg, as per <xref target="outgoing-responses"/>.  </t>
            <t>
Instead, if the check succeeds, the following applies.  </t>
            <ul spacing="normal">
              <li>
                <t>In the case that the previous step in this algorithm was Step 2, hence the endpoint is meant to process REQ as a forward-proxy, then the endpoint consumes the proxy-related options as per <xref section="5.7.2" sectionFormat="of" target="RFC7252"/>.      </t>
                <t>
In particular, the endpoint checks whether the authority component (host and port) of the request URI identifies the endpoint itself. In such a case, REQ has to be treated as a local (non-proxied) request and this algorithm moves to Step 1.      </t>
                <t>
Otherwise, the endpoint forwards REQ to (the next hop towards) the origin server according to the request URI, unless differently indicated in REQ, e.g., by means of any of its CoAP options. For instance, a forward-proxy does not forward a request that includes proxy-related options together with the Listen-To-Multicast-Responses Option (see <xref section="4" sectionFormat="of" target="I-D.ietf-core-multicast-notifications-proxy"/>).</t>
              </li>
              <li>
                <t>In the case that the previous step in this algorithm was Step 3, hence the endpoint is meant to process REQ as a reverse-proxy, then the endpoint consumes the included Uri-Host, Uri-Port, Uri-Path, and Uri-Path-Abbrev Options, and forwards REQ to (the next hop towards) the origin server, unless differently indicated in REQ, e.g., by means of any of its CoAP options.      </t>
                <t>
Note that, when forwarding REQ, the endpoint might not remove the Uri-Path-Abbrev-Option or all the Uri-Path Options originally included, e.g., if the next hop towards the origin server is a reverse-proxy.</t>
              </li>
            </ul>
            <t>
In either case, if the endpoint forwards REQ to (the next hop towards) the origin server, this may result in (further) protecting REQ over that communication leg, as per <xref target="outgoing-requests"/>.  </t>
            <t>
After that, the endpoint does not take any further action and terminates this algorithm.</t>
          </li>
          <li>
            <t>If REQ includes an OSCORE Option, this algorithm moves to Step 6. Otherwise, the endpoint proceeds as defined below.  </t>
            <t>
In the case that the endpoint does not have an application to handle REQ, it <bcp14>MUST</bcp14> stop processing the request and <bcp14>MAY</bcp14> reply with a 4.04 (Not Found) error response to (the previous hop towards) the origin client. This may result in protecting the error response over that communication leg, as per <xref target="outgoing-responses"/>.  </t>
            <t>
Otherwise, the endpoint delivers REQ to the application and terminates this algorithm.</t>
          </li>
          <li>
            <t>The endpoint decrypts REQ using the OSCORE Security Context CTX indicated by the OSCORE Option. A successful decryption results in the decrypted request REQ*. The possible presence of an OSCORE Option in REQ* is not treated as an error situation.  </t>
            <t>
If the endpoint uses policies such as those discussed in <xref target="source-based-policies"/>, the endpoint retrieves CTX from a specific list of Security Contexts. The endpoint searches for such list by using the source addressing information of REQ, i.e., the addressing information of the (previous hop towards the) origin client.  </t>
            <t>
If the OSCORE processing results in an error, the endpoint <bcp14>MUST</bcp14> stop processing REQ and perform error handling as per <xref section="8.2" sectionFormat="of" target="RFC8613"/> or Sections <xref target="I-D.ietf-core-oscore-groupcomm" section="7.2" sectionFormat="bare"/> and <xref target="I-D.ietf-core-oscore-groupcomm" section="8.4" sectionFormat="bare"/> of <xref target="I-D.ietf-core-oscore-groupcomm"/>, in the case that OSCORE or Group OSCORE is used, respectively. If the endpoint sends an error response to (the previous hop towards) the origin client, this may result in protecting the error response over that communication leg, as per <xref target="outgoing-responses"/>.  </t>
            <t>
Otherwise, if the OSCORE processing is successful, REQ takes REQ* and this algorithm moves to Step 1.</t>
          </li>
        </ol>
        <section anchor="source-based-policies">
          <name>Policies for Source-Based Processing</name>
          <t>In general, if a server receives a request protected with an OSCORE Security Context, the server does not need to verify whether the source address of the request matches the one with which the server established that OSCORE Security Context. That is an important feature, because it allows the server to reduce the state that it keeps per Security Context, and it allows the client to seamlessly continue communicating also after having migrated to a different network segment.</t>
          <t>However, different policies can be used by particularly sensitive servers that rely on protections afforded by reverse-proxies (in particular, the servers considered in <xref target="I-D.amsuess-t2trg-onion-coap"/>). For example, such servers might associate OSCORE Security Contexts with an outer OSCORE layer that is required to protect incoming requests, in order for those requests to be eligible for decryption and verification with any of those Security Contexts.</t>
          <t>Implementers of such a distinction should be aware of timing side channels: the server should not first look up an OSCORE Security Context (and, even worse, try using it to decrypt and verify the incoming request), and then verify whether the Security Context is eligible to use according to the source addressing information of the request.</t>
          <t>Instead, per-source-address lists of Security Contexts should be maintained. This ensures that, when a request is ineligible to be decrypted and verified, the server replies with an appropriate 4.01 (Unauthorized) error response through the same code path that is considered when an OSCORE Security Context is not found. Also, this helps keep separate name spaces of OSCORE Sender/Recipient IDs, which would otherwise leak information.</t>
        </section>
      </section>
      <section anchor="outgoing-responses">
        <name>Processing of an Outgoing Response</name>
        <t>The rules from <xref target="general-rules"/> apply when processing an outgoing response message, with the following additions.</t>
        <t>The sender endpoint protects the response by applying the same OSCORE layers that it removed from the corresponding incoming request, but in the reverse order than the one according to which those layers were removed.</t>
        <t>It follows that, when a source application endpoint applies multiple OSCORE layers in sequence to protect an outgoing response and it uses an OSCORE Security Context shared with the other application endpoint, then the first OSCORE layer is applied by using that Security Context.</t>
        <t>If the response is an error response, the sender endpoint protects it by applying the same OSCORE layers that it successfully removed from the corresponding incoming request, but in the reverse order than the one according to which those layers were removed.</t>
        <section anchor="partial-iv-response-sender">
          <name>Partial IV in the OSCORE Option</name>
          <t>When protecting an outgoing response, a source OSCORE endpoint <bcp14>MUST</bcp14> include its Sender Sequence Number as Partial IV in the response and use it to build the nonce to protect the response, except when sending the first response to the corresponding request, in which case the Partial IV in the response <bcp14>MAY</bcp14> be omitted. This holds for each OSCORE layer that the source OSCORE endpoint applies to protect the outgoing response.</t>
          <t>If the source OSCORE endpoint is the origin server, what is described above is in fact already guaranteed:</t>
          <ul spacing="normal">
            <li>
              <t>When the response is protected with Group OSCORE (see Sections <xref target="I-D.ietf-core-oscore-groupcomm" section="5.3.1" sectionFormat="bare"/>, <xref target="I-D.ietf-core-oscore-groupcomm" section="7.3" sectionFormat="bare"/>, and <xref target="I-D.ietf-core-oscore-groupcomm" section="8.5" sectionFormat="bare"/> of <xref target="I-D.ietf-core-oscore-groupcomm"/>).</t>
            </li>
            <li>
              <t>When the response is protected with OSCORE and it is an Observe notification <xref target="RFC7641"/> (see <xref section="8.3.1" sectionFormat="of" target="RFC8613"/>).  </t>
              <t>
Note that, when OSCORE is used, sending Observe notifications is the only way for the origin server to send multiple responses to the same request.</t>
            </li>
          </ul>
          <t>If the source OSCORE endpoint is not the origin server but rather a proxy, there are circumstances by which the OSCORE endpoint might send multiple responses to the same request, even though they are protected with OSCORE and they are not Observe notifications.</t>
          <t>A relevant example is the setup where a proxy receives a unicast request from the origin client, and it forwards the request to a group of origin servers, e.g., over IP multicast <xref target="I-D.ietf-core-groupcomm-bis"/>. The specification <xref target="I-D.ietf-core-groupcomm-proxy"/> defines a realization of such proxy, which collects the individual responses from the origin servers and relays those responses back to the origin client. That is, all such responses are sent by the proxy as replies to the same unicast request that the origin client sent to the proxy. Just like for that request, each response can be protected with Group OSCORE end-to-end between the replying origin server and the origin client, as well as with OSCORE between the proxy and the origin client.</t>
        </section>
      </section>
      <section anchor="incoming-responses">
        <name>Processing of an Incoming Response</name>
        <t>The recipient endpoint removes the same OSCORE layers that it added when protecting the corresponding outgoing request, but in the reverse order than the one according to which those layers were added.</t>
        <t>When doing so, the possible presence of an OSCORE Option in the decrypted response following the removal of an OSCORE layer is not treated as an error situation, unless it occurs after having removed as many OSCORE layers as were added in the corresponding outgoing request. In such a case, the endpoint <bcp14>MUST</bcp14> stop processing the response.</t>
        <section anchor="partial-iv-in-the-oscore-option">
          <name>Partial IV in the OSCORE Option</name>
          <t>There are circumstances by which, after sending a request, the sender endpoint might receive multiple responses as replies from a given other endpoint. For example, this is the case:</t>
          <ul spacing="normal">
            <li>
              <t>When the request is an Observe request <xref target="RFC7641"/>.</t>
            </li>
            <li>
              <t>When the request is sent to a group of recipients, e.g., over IP multicast <xref target="I-D.ietf-core-groupcomm-bis"/>.</t>
            </li>
            <li>
              <t>When the request is sent to a proxy, which forwards the request to a group of recipients (e.g., over IP multicast), and then relays their responses back <xref target="I-D.ietf-core-groupcomm-bis"/><xref target="I-D.ietf-core-groupcomm-proxy"/>.</t>
            </li>
          </ul>
          <t>In either case, the sender endpoint willingly opts-in for receiving multiple responses to the same request. In practice, such an indication can rely on: including the CoAP Observe Option in the request <xref target="RFC7641"/>; sending the request as addressed to a group of recipients (e.g., to an IP multicast address) <xref target="I-D.ietf-core-groupcomm-bis"/>; including the CoAP Multicast-Timeout Option in the unicast request sent to a proxy, which forwards the request to a group of recipients <xref target="I-D.ietf-core-groupcomm-proxy"/>; or a combination of such means.</t>
          <t>When processing an incoming response to a request that could elicit multiple responses, a destination OSCORE endpoint <bcp14>MUST</bcp14> only accept for that request at most one response without Partial IV from each source OSCORE endpoint, and treat it as the oldest response for that request from that source OSCORE endpoint.</t>
          <t>In the following cases, what is described above is in fact already guaranteed:</t>
          <ul spacing="normal">
            <li>
              <t>The source OSCORE endpoint protected the response with Group OSCORE (see <xref section="5.3.1" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>).</t>
            </li>
            <li>
              <t>The source OSCORE endpoint protected the response with OSCORE, and the response is an Observe notification (see <xref section="4.1.3.5.2" sectionFormat="of" target="RFC8613"/>).</t>
            </li>
          </ul>
          <t>The requirement defined above additionally covers the case where the source OSCORE endpoint protected the response with OSCORE and Observe is not used. Note that having multiple such responses to the same request implies that the source OSCORE endpoint is not an origin server.</t>
          <t>The same example mentioned in <xref target="partial-iv-response-sender"/> holds as relevant, with an origin client using OSCORE to protect a unicast request to a proxy, which forwards the request to a group of origin servers and relays the collected responses back to the origin client.</t>
        </section>
      </section>
    </section>
    <section anchor="sec-hop-limit">
      <name>OSCORE Processing of the Hop-Limit Option</name>
      <t>The CoAP Hop-Limit Option is defined in <xref target="RFC8768"/> and can be used to detect forwarding loops through a chain of proxies.</t>
      <t>The first proxy in the chain that understands the option can include it in a received request (if not already present therein), then sets the option value to a proper integer value specifying the desired maximum number of hops, and finally forward the request to the next hop. Any following proxy that understands the option decrements the option value and forwards the request if the new value is different from zero, or it returns a 5.08 (Hop Limit Reached) error response otherwise.</t>
      <t><xref target="RFC8768"/> does not define how the Hop-Limit Option is processed by OSCORE. As a consequence, the default behavior specified in <xref section="4.1" sectionFormat="of" target="RFC8613"/> applies, i.e., the Hop-Limit Option has to be processed as Class E for OSCORE.</t>
      <t>However, this results in additionally and unjustifiably increasing the size of OSCORE-protected CoAP messages, in the case that the origin client is the first endpoint to add the Hop-Limit Option in a CoAP request. In the typical scenario where the origin client and the origin server share an OSCORE Security Context, the origin client including the Hop-Limit Option in a request will also protect that option when protecting the request end-to-end for the origin server, per the default processing mentioned above. After that, the origin client sends the request to its adjacent proxy in the chain, which will add an outer Hop-Limit Option to be effectively considered from then on as the message is forwarded towards the origin server.</t>
      <t>This undesirably prevents the first proxy in the chain from enforcing the intent of the origin client, which was presumably in the position to specify a better initial value for the Hop-Limit Option. While this does not fundamentally prevent the detection of forwarding loops, it is conducive to deviations from the intention of the origin client. Moreover, it results in undesired overhead due to the presence of the inner Hop-Limit Option included by the client. That inner option will not be visible by the proxies in the chain and therefore will serve no practical purpose, but it will still be conveyed within the request as this traverses each hop towards the origin server.</t>
      <t>In order to prevent that by construction, this section updates <xref target="RFC8768"/> by explicitly defining the Hop-Limit Option to be of Class U for OSCORE.</t>
      <t>Therefore, with reference to the scenario discussed above, the origin client does not protect the Hop-Limit Option when protecting the request end-to-end for the origin server, thus allowing the first proxy in the chain to see and process the Hop-Limit Option as expected.</t>
      <t>When OSCORE is used at proxies like it is defined in this document, the process defined in <xref target="general-rules"/> seamlessly applies also to the Hop-Limit Option. Therefore, in a scenario where the origin client also shares an OSCORE Security Context with the first proxy in the chain, the origin client does not protect the Hop-Limit Option end-to-end for the origin server, but it does protect the option when protecting the request for that proxy by means of their shared OSCORE Security Context.</t>
    </section>
    <section anchor="sec-response-caching">
      <name>Caching of OSCORE-Protected Responses</name>
      <t>Although it is not possible as per the original OSCORE specification <xref target="RFC8613"/>, effective cacheability of OSCORE-protected responses at proxies can be achieved. To this end, the approach defined in <xref target="I-D.ietf-core-cacheable-oscore"/> can be used, as based on Deterministic Requests protected with the pairwise mode of Group OSCORE <xref target="I-D.ietf-core-oscore-groupcomm"/> used end-to-end between an origin client and an origin server. The applicability of this approach is limited to requests that are safe to process (in the REST sense) and that do not yield side effects at the origin server.</t>
      <t>In particular, this approach requires both the origin client and the origin server to have already joined the correct OSCORE group. Then, starting from the same plain CoAP request, different clients in the OSCORE group are able to deterministically generate the same Deterministic Request protected with Group OSCORE, which is sent to a proxy for being forwarded to the origin server. The proxy can effectively cache the resulting OSCORE-protected response from the server, since the same plain CoAP request will result again in the same Deterministic Request and thus will produce a cache hit at the proxy.</t>
      <t>When using this approach, the following also applies in addition to what is defined in <xref target="incoming-requests"/> and <xref target="incoming-responses"/>, when processing incoming messages at a proxy that implements caching of responses.</t>
      <ul spacing="normal">
        <li>
          <t>Upon receiving a request from (the previous hop towards) the origin client, the proxy checks if specifically the message available during the execution of Step 2 in <xref target="incoming-requests"/> produces a cache hit.  </t>
          <t>
That is, such a message: i) is the one to be forwarded to (the next hop towards) the origin server, if no cache hit occurs; and ii) is the result of an OSCORE decryption and verification at the proxy, if OSCORE is used on the communication leg between the proxy and (the previous hop towards) the origin client.</t>
        </li>
        <li>
          <t>Upon receiving a response from (the next hop towards) the origin server, the proxy first removes the same OSCORE layers that it added when protecting the corresponding outgoing request, as defined in <xref target="incoming-responses"/>.  </t>
          <t>
Then, the proxy stores specifically that resulting response message in its cache. That is, such a stored message is the one to be forwarded to (the previous hop towards) the origin client.</t>
        </li>
      </ul>
      <t>The above is orthogonal to the actual process of serving a request with a cached response, for which rules are defined in <xref section="5.6" sectionFormat="of" target="RFC7252"/> as well as in <xref section="3.2" sectionFormat="of" target="I-D.ietf-core-groupcomm-bis"/> for group communication scenarios. When using the realization of proxy for group communication specified in <xref target="I-D.ietf-core-groupcomm-proxy"/>, such rules are further specialized in <xref section="7" sectionFormat="of" target="I-D.ietf-core-groupcomm-proxy"/>.</t>
    </section>
    <section anchor="establishment-of-oscore-security-contexts">
      <name>Establishment of OSCORE Security Contexts</name>
      <t>Like the original OSCORE specification <xref target="RFC8613"/>, this document is not devoted to any particular approach that two OSCORE endpoints use for establishing an OSCORE Security Context.</t>
      <t>At the same time, the following applies, depending on the two peers using OSCORE or Group OSCORE <xref target="I-D.ietf-core-oscore-groupcomm"/> to protect their communications.</t>
      <ul spacing="normal">
        <li>
          <t>When using OSCORE, the establishment of the OSCORE Security Context can rely on the authenticated key exchange protocol Ephemeral Diffie-Hellman Over COSE (EDHOC) <xref target="RFC9528"/>.  </t>
          <t>
Assuming that OSCORE has to be used between the two origin application endpoints as well as between the origin client and the first proxy in the chain, it is expected that the origin client first runs EDHOC with the first proxy in the chain and then with the origin server through the chain of proxies (see the example in <xref target="sec-example-edhoc"/>).  </t>
          <t>
Furthermore, the additional use of the combined EDHOC + OSCORE request defined in <xref target="RFC9668"/> is particularly beneficial in this case (see the example in <xref target="sec-example-edhoc-comb-req"/>) and especially when relying on a long chain of proxies.</t>
        </li>
        <li>
          <t>The use of Group OSCORE is expected to be limited between the origin application endpoints, e.g., between the origin client and multiple origin servers. In order to join the same OSCORE group and obtain the corresponding Group OSCORE Security Context, those endpoints can use the approach defined in <xref target="I-D.ietf-ace-key-groupcomm-oscore"/> and based on the ACE framework for Authentication and Authorization in constrained environments <xref target="RFC9200"/>.  </t>
          <t>
For the purposes of this document, there is no need for a proxy to also be a member of the OSCORE group whose Group OSCORE Security Context is used by the origin application endpoints for protecting communications end-to-end.</t>
        </li>
      </ul>
      <section anchor="guidelines-for-proxies">
        <name>Guidelines for Proxies</name>
        <t>When considering an intermediary chain between an origin client and an origin server, all proxies except for the one adjacent to the origin server are expected to be configured as to the establishment and use of OSCORE with the next hop towards the origin server.</t>
        <t>Such a configuration might not be as practical and feasible to enforce for a proxy P adjacent to an origin server S. That is, before forwarding a request to S, P might have to dynamically determine whether to establish an OSCORE Security Context with S (if none is established already) and whether to use it for protecting the request.</t>
        <t>The rest of this section provides guidelines that P can follow in order to determine when to try to establish an OSCORE Security Context with S and when to use an OSCORE Security Context shared with S.</t>
        <t>In order to come to such a determination, P can answer the following three questions. For all of them, the default answer is "no".</t>
        <ul spacing="normal">
          <li>
            <t>Q1: Does S wish to use OSCORE between itself and an adjacent proxy?  </t>
            <t>
For example, P can answer this question by relying on a dedicated SvcParamKey within a DNS SVCB Resource Record (RR) <xref target="RFC9460"/><xref target="RFC9461"/>, which is retrieved from a DNS response that P obtains in reply to a DNS query about S.  </t>
            <t>
The SvcParamKey can have an empty value in its presentation format and wire format, e.g., analogously to the SvcParamKey "no-default-alpn" defined in <xref section="7.1.1" sectionFormat="of" target="RFC9460"/>.  </t>
            <t>
If the SvcParamKey is present in an SVCB RR about S, then S wishes to use (Group) OSCORE between itself and an adjacent proxy.</t>
          </li>
          <li>
            <t>Q2: Does S support the use of multiple, nested OSCORE layers?  </t>
            <t>
For example, P can answer this question by relying on a dedicated SvcParamKey within a DNS SVCB RR, which is retrieved from a DNS response that P obtains in reply to a DNS query about S.  </t>
            <t>
The SvcParamKey can have an empty value in its presentation format and wire format, e.g., analogously to the SvcParamKey "no-default-alpn" defined in <xref section="7.1.1" sectionFormat="of" target="RFC9460"/>.  </t>
            <t>
If the SvcParamKey is present in an SVCB RR about S, then S supports the use of multiple, nested OSCORE layers, i.e., it is able to handle messages that are protected by at least two (Group) OSCORE layers.  </t>
            <t>
This is not intended to indicate how many nested OSCORE layers S supports exactly (although that is in principle possible to express). In fact, it is already the case that S has to be configured with the maximum number of OSCORE layers that it is able to apply (remove) when processing an outgoing (incoming) CoAP message (see <xref target="sec-deviations"/>).</t>
          </li>
          <li>
            <t>Q3: Does S support the key exchange protocol EDHOC <xref target="RFC9528"/>?  </t>
            <t>
For example, P can answer this question by using the means specified in <xref target="I-D.ietf-lake-app-profiles"/> that are not used during an EDHOC session itself.</t>
          </li>
        </ul>
        <t>The examples above are not exhaustive and P can rely on alternative means to answer the three questions about S.</t>
        <t>Once P has the answers to Q1, Q2, and Q3, then P can determine when to try to establish an OSCORE Security Context with S and when to use an OSCORE Security Context shared with S, as shown in the state diagram in <xref target="fig-oscore-p-s"/>.</t>
        <figure anchor="fig-oscore-p-s">
          <name>Establishment and Use of OSCORE between a Proxy and an Origin Server</name>
          <artset>
            <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="816" width="536" viewBox="0 0 536 816" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 8,32 L 8,80" fill="none" stroke="black"/>
                <path d="M 8,320 L 8,448" fill="none" stroke="black"/>
                <path d="M 8,688 L 8,800" fill="none" stroke="black"/>
                <path d="M 40,456 L 40,680" fill="none" stroke="black"/>
                <path d="M 56,144 L 56,208" fill="none" stroke="black"/>
                <path d="M 80,88 L 80,136" fill="none" stroke="black"/>
                <path d="M 80,216 L 80,312" fill="none" stroke="black"/>
                <path d="M 104,144 L 104,208" fill="none" stroke="black"/>
                <path d="M 104,560 L 104,624" fill="none" stroke="black"/>
                <path d="M 128,456 L 128,552" fill="none" stroke="black"/>
                <path d="M 128,632 L 128,680" fill="none" stroke="black"/>
                <path d="M 152,32 L 152,80" fill="none" stroke="black"/>
                <path d="M 152,560 L 152,624" fill="none" stroke="black"/>
                <path d="M 168,688 L 168,800" fill="none" stroke="black"/>
                <path d="M 184,320 L 184,448" fill="none" stroke="black"/>
                <path d="M 216,144 L 216,208" fill="none" stroke="black"/>
                <path d="M 232,216 L 232,592" fill="none" stroke="black"/>
                <path d="M 256,320 L 256,384" fill="none" stroke="black"/>
                <path d="M 272,216 L 272,320" fill="none" stroke="black"/>
                <path d="M 272,392 L 272,720" fill="none" stroke="black"/>
                <path d="M 312,480 L 312,544" fill="none" stroke="black"/>
                <path d="M 312,608 L 312,656" fill="none" stroke="black"/>
                <path d="M 336,736 L 336,800" fill="none" stroke="black"/>
                <path d="M 360,392 L 360,480" fill="none" stroke="black"/>
                <path d="M 360,552 L 360,608" fill="none" stroke="black"/>
                <path d="M 360,664 L 360,736" fill="none" stroke="black"/>
                <path d="M 376,320 L 376,384" fill="none" stroke="black"/>
                <path d="M 384,736 L 384,800" fill="none" stroke="black"/>
                <path d="M 400,480 L 400,544" fill="none" stroke="black"/>
                <path d="M 408,608 L 408,656" fill="none" stroke="black"/>
                <path d="M 432,216 L 432,512" fill="none" stroke="black"/>
                <path d="M 448,144 L 448,208" fill="none" stroke="black"/>
                <path d="M 528,176 L 528,768" fill="none" stroke="black"/>
                <path d="M 8,32 L 152,32" fill="none" stroke="black"/>
                <path d="M 8,80 L 152,80" fill="none" stroke="black"/>
                <path d="M 56,144 L 104,144" fill="none" stroke="black"/>
                <path d="M 216,144 L 448,144" fill="none" stroke="black"/>
                <path d="M 104,176 L 208,176" fill="none" stroke="black"/>
                <path d="M 456,176 L 528,176" fill="none" stroke="black"/>
                <path d="M 56,208 L 104,208" fill="none" stroke="black"/>
                <path d="M 216,208 L 448,208" fill="none" stroke="black"/>
                <path d="M 8,320 L 184,320" fill="none" stroke="black"/>
                <path d="M 256,320 L 376,320" fill="none" stroke="black"/>
                <path d="M 256,384 L 376,384" fill="none" stroke="black"/>
                <path d="M 8,448 L 184,448" fill="none" stroke="black"/>
                <path d="M 312,480 L 400,480" fill="none" stroke="black"/>
                <path d="M 400,512 L 432,512" fill="none" stroke="black"/>
                <path d="M 312,544 L 400,544" fill="none" stroke="black"/>
                <path d="M 104,560 L 152,560" fill="none" stroke="black"/>
                <path d="M 152,592 L 232,592" fill="none" stroke="black"/>
                <path d="M 312,608 L 408,608" fill="none" stroke="black"/>
                <path d="M 104,624 L 152,624" fill="none" stroke="black"/>
                <path d="M 312,656 L 408,656" fill="none" stroke="black"/>
                <path d="M 8,688 L 168,688" fill="none" stroke="black"/>
                <path d="M 168,720 L 272,720" fill="none" stroke="black"/>
                <path d="M 336,736 L 384,736" fill="none" stroke="black"/>
                <path d="M 168,768 L 328,768" fill="none" stroke="black"/>
                <path d="M 384,768 L 528,768" fill="none" stroke="black"/>
                <path d="M 8,800 L 168,800" fill="none" stroke="black"/>
                <path d="M 336,800 L 384,800" fill="none" stroke="black"/>
                <polygon class="arrowhead" points="464,176 452,170.4 452,181.6" fill="black" transform="rotate(180,456,176)"/>
                <polygon class="arrowhead" points="440,216 428,210.4 428,221.6" fill="black" transform="rotate(270,432,216)"/>
                <polygon class="arrowhead" points="368,664 356,658.4 356,669.6" fill="black" transform="rotate(270,360,664)"/>
                <polygon class="arrowhead" points="368,552 356,546.4 356,557.6" fill="black" transform="rotate(270,360,552)"/>
                <polygon class="arrowhead" points="368,392 356,386.4 356,397.6" fill="black" transform="rotate(270,360,392)"/>
                <polygon class="arrowhead" points="336,768 324,762.4 324,773.6" fill="black" transform="rotate(0,328,768)"/>
                <polygon class="arrowhead" points="280,392 268,386.4 268,397.6" fill="black" transform="rotate(270,272,392)"/>
                <polygon class="arrowhead" points="280,216 268,210.4 268,221.6" fill="black" transform="rotate(270,272,216)"/>
                <polygon class="arrowhead" points="240,216 228,210.4 228,221.6" fill="black" transform="rotate(270,232,216)"/>
                <polygon class="arrowhead" points="216,176 204,170.4 204,181.6" fill="black" transform="rotate(0,208,176)"/>
                <polygon class="arrowhead" points="136,680 124,674.4 124,685.6" fill="black" transform="rotate(90,128,680)"/>
                <polygon class="arrowhead" points="136,552 124,546.4 124,557.6" fill="black" transform="rotate(90,128,552)"/>
                <polygon class="arrowhead" points="88,312 76,306.4 76,317.6" fill="black" transform="rotate(90,80,312)"/>
                <polygon class="arrowhead" points="88,136 76,130.4 76,141.6" fill="black" transform="rotate(90,80,136)"/>
                <polygon class="arrowhead" points="48,680 36,674.4 36,685.6" fill="black" transform="rotate(90,40,680)"/>
                <g class="text">
                  <text x="24" y="52">P</text>
                  <text x="48" y="52">has</text>
                  <text x="72" y="52">a</text>
                  <text x="112" y="52">request</text>
                  <text x="28" y="68">to</text>
                  <text x="72" y="68">forward</text>
                  <text x="116" y="68">to</text>
                  <text x="136" y="68">S</text>
                  <text x="132" y="164">NO</text>
                  <text x="80" y="180">Q1?</text>
                  <text x="264" y="180">Forward</text>
                  <text x="312" y="180">the</text>
                  <text x="360" y="180">request</text>
                  <text x="404" y="180">to</text>
                  <text x="424" y="180">S</text>
                  <text x="104" y="292">YES</text>
                  <text x="40" y="340">After</text>
                  <text x="84" y="340">that</text>
                  <text x="112" y="340">P</text>
                  <text x="136" y="340">has</text>
                  <text x="296" y="340">Protect</text>
                  <text x="344" y="340">the</text>
                  <text x="56" y="356">completed</text>
                  <text x="112" y="356">all</text>
                  <text x="144" y="356">the</text>
                  <text x="296" y="356">request</text>
                  <text x="348" y="356">with</text>
                  <text x="64" y="372">decryptions</text>
                  <text x="128" y="372">and</text>
                  <text x="296" y="372">CTX_P_S</text>
                  <text x="72" y="388">verifications</text>
                  <text x="140" y="388">on</text>
                  <text x="32" y="404">the</text>
                  <text x="84" y="404">request,</text>
                  <text x="140" y="404">does</text>
                  <text x="32" y="420">the</text>
                  <text x="80" y="420">request</text>
                  <text x="144" y="420">include</text>
                  <text x="28" y="436">an</text>
                  <text x="68" y="436">OSCORE</text>
                  <text x="128" y="436">Option?</text>
                  <text x="384" y="452">YES</text>
                  <text x="452" y="452">NO</text>
                  <text x="60" y="484">NO</text>
                  <text x="152" y="484">YES</text>
                  <text x="356" y="516">Success?</text>
                  <text x="180" y="580">NO</text>
                  <text x="128" y="596">Q2?</text>
                  <text x="336" y="628">Run</text>
                  <text x="376" y="628">EDHOC</text>
                  <text x="340" y="644">with</text>
                  <text x="368" y="644">S</text>
                  <text x="152" y="660">YES</text>
                  <text x="200" y="708">YES</text>
                  <text x="384" y="708">YES</text>
                  <text x="28" y="724">Is</text>
                  <text x="48" y="724">P</text>
                  <text x="96" y="724">currently</text>
                  <text x="48" y="740">sharing</text>
                  <text x="92" y="740">an</text>
                  <text x="132" y="740">OSCORE</text>
                  <text x="52" y="756">Security</text>
                  <text x="120" y="756">Context</text>
                  <text x="308" y="756">NO</text>
                  <text x="412" y="756">NO</text>
                  <text x="48" y="772">CTX_P_S</text>
                  <text x="100" y="772">with</text>
                  <text x="132" y="772">S?</text>
                  <text x="360" y="772">Q3?</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art" align="center"><![CDATA[
+-----------------+
| P has a request |
| to forward to S |
+-----------------+
         |
         |
         v
      +-----+             +----------------------------+
      |     |  NO         |                            |
      | Q1? +------------>|  Forward the request to S  |<--------+
      |     |             |                            |         |
      +-----+             +----------------------------+         |
         |                  ^    ^                   ^           |
         |                  |    |                   |           |
         |                  |    |                   |           |
         |                  |    |                   |           |
         | YES              |    |                   |           |
         v                  |    |                   |           |
+---------------------+     |  +-+------------+      |           |
| After that P has    |     |  | Protect the  |      |           |
| completed all the   |     |  | request with |      |           |
| decryptions and     |     |  | CTX_P_S      |      |           |
| verifications on    |     |  +--------------+      |           |
| the request, does   |     |    ^          ^        |           |
| the request include |     |    |          |        |           |
| an OSCORE Option?   |     |    |          |        |           |
+---------------------+     |    |          | YES    | NO        |
    |          |            |    |          |        |           |
    | NO       | YES        |    |    +-----+----+   |           |
    |          |            |    |    |          |   |           |
    |          |            |    |    | Success? +---+           |
    |          |            |    |    |          |               |
    |          v            |    |    +----------+               |
    |       +-----+         |    |          ^                    |
    |       |     |  NO     |    |          |                    |
    |       | Q2? +---------+    |          |                    |
    |       |     |              |    +-----+-----+              |
    |       +-----+              |    | Run EDHOC |              |
    |          |                 |    | with S    |              |
    |          | YES             |    +-----------+              |
    v          v                 |          ^                    |
+-------------------+            |          |                    |
|                   |  YES       |          | YES                |
| Is P currently    +------------+          |                    |
| sharing an OSCORE |                    +--+--+                 |
| Security Context  |                NO  |     |  NO             |
| CTX_P_S with S?   +------------------->| Q3? +-----------------+
|                   |                    |     |
+-------------------+                    +-----+
]]></artwork>
          </artset>
        </figure>
        <t>If P is considering using Group OSCORE with the server S or with a set of origin servers comprising S, then the same as shown in <xref target="fig-oscore-p-s"/> applies, with the following differences:</t>
        <ul spacing="normal">
          <li>
            <t>CTX_P_S denotes a Group OSCORE Security Context that P can use to protect the request over the communication leg between itself and the origin server(s).</t>
          </li>
          <li>
            <t>The steps "Q3?", "Run EDHOC with S", and "Success?" are replaced by P joining the correct OSCORE group. A successful group joining results in P establishing CTX_P_S, while a failure results in forwarding the request to the origin server(s) without P protecting the request using Group OSCORE.</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="coap-header-compression-with-schc">
      <name>CoAP Header Compression with SCHC</name>
      <t>The method defined in this document enables the possible protection of the same CoAP message with multiple, nested OSCORE layers. Especially when that happens, it is desirable to compress the header of protected CoAP messages, in order to improve performance and ensure that CoAP is usable also in Low-Power Wide-Area Networks (LPWANs).</t>
      <t>To this end, it is possible to use the Static Context Header Compression and fragmentation (SCHC) framework <xref target="RFC8724"/>. In particular, <xref target="I-D.ietf-schc-8824-update"/> specifies how to use SCHC for compressing headers of CoAP messages, also when messages are protected with OSCORE. The SCHC Compression/Decompression is applicable also in the presence of CoAP proxies and especially in the two following cases.</t>
      <ul spacing="normal">
        <li>
          <t>If OSCORE is not used at all, the SCHC processing occurs hop-by-hop, by relying on SCHC Rules that are shared between two adjacent hops.</t>
        </li>
        <li>
          <t>If OSCORE is used only end-to-end between the application endpoints, then an Inner SCHC Compression/Decompression and an Outer SCHC Compression/Decompression are performed (see <xref section="8.2" sectionFormat="of" target="I-D.ietf-schc-8824-update"/>). In particular, the following holds.  </t>
          <t>
The SCHC processing occurs end-to-end as to the Inner SCHC Compression/Decompression. This relies on Inner SCHC Rules that are shared between the two application endpoints, which act as OSCORE endpoints and share the OSCORE Security Context used.  </t>
          <t>
The SCHC processing occurs hop-by-hop as to the Outer SCHC Compression/Decompression. This relies on Outer SCHC Rules that are shared between two adjacent hops.</t>
        </li>
      </ul>
      <t>When using the method defined in this document, thus enabling also an intermediary proxy to be an OSCORE endpoint, the SCHC processing above is generalized as specified below.</t>
      <t>When processing an outgoing CoAP message, a sender endpoint proceeds as follows.</t>
      <ul spacing="normal">
        <li>
          <t>The sender endpoint performs one Inner SCHC Compression for each OSCORE layer applied to the outgoing message.  </t>
          <t>
Each Inner SCHC Compression occurs before protecting the message with that OSCORE layer and relies on the Inner SCHC Rules that are shared with the other OSCORE endpoint.</t>
        </li>
        <li>
          <t>The sender endpoint performs exactly one Outer SCHC Compression.  </t>
          <t>
This occurs after having performed all the intended OSCORE protections of the outgoing message and relies on the Outer SCHC Rules that are shared with the (next hop towards the) destination application endpoint.</t>
        </li>
      </ul>
      <t>That is, with respect to the SCHC Compression/Decompression processing, the following holds.</t>
      <t>An Inner SCHC Compression is intended for a destination OSCORE endpoint, which performs the following steps.</t>
      <ol spacing="normal" type="1"><li>
          <t>It decrypts an incoming message with the OSCORE Security Context shared with the other OSCORE endpoint.</t>
        </li>
        <li>
          <t>It performs the corresponding Inner SCHC Decompression, by relying on the Inner SCHC Rules shared with the other OSCORE endpoint.</t>
        </li>
      </ol>
      <t>An Outer SCHC Compression is intended for the (next hop towards the) destination application endpoint, which performs the following steps.</t>
      <ol spacing="normal" type="1"><li>
          <t>It performs the Outer SCHC Decompression on an incoming message, by relying on the Outer SCHC Rules shared with the previous hop towards the destination application endpoint.</t>
        </li>
        <li>
          <t>Unless it is the destination application endpoint, it performs a new Outer SCHC Compression after having performed all the intended OSCORE protections of an outgoing message, by relying on the Outer SCHC Rules shared with the (next hop towards the) destination application endpoint. Then, it sends the result to the (next-hop towards the) destination application endpoint.</t>
        </li>
      </ol>
      <t>Note that the generalization above does not alter the core approach, design choices, and features of the SCHC Compression/Decompression applied to CoAP headers.</t>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>The same security considerations about CoAP <xref target="RFC7252"/> and group communication for CoAP <xref target="I-D.ietf-core-groupcomm-bis"/> apply to this document. The same security considerations from <xref target="RFC8613"/> and <xref target="I-D.ietf-core-oscore-groupcomm"/> apply to this document, when using OSCORE or Group OSCORE to protect exchanged messages.</t>
      <t>Further security considerations to take into account are inherited from the specific CoAP options, extensions, and methods that are used when relying on OSCORE or Group OSCORE.</t>
      <t>This document does not change the security properties of OSCORE and Group OSCORE. That is, given any two OSCORE endpoints, the method defined in this document provides them with the same security guarantees that OSCORE and Group OSCORE provide in the case where such endpoints are specifically application endpoints.</t>
      <t>If Group OSCORE is used over a communication leg and the group mode is used to apply a protection layer to a message over that leg (see <xref section="7" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>), then all the members of the OSCORE group that support the group mode are able to remove that protection layer, i.e., to accordingly decrypt and verify the message. Therefore, the OSCORE group should only include OSCORE endpoints for which that is acceptable.</t>
      <section anchor="preserving-location-anonymity">
        <name>Preserving Location Anonymity</name>
        <t>As discussed in <xref target="source-based-policies"/>, a particularly sensitive server might use policies with strict criteria about what makes an OSCORE-protected request eligible to be decrypted and verified.</t>
        <t>When a server using such policies receives an OSCORE-protected request (see Step 6 in <xref target="incoming-requests"/>), the server proceeds only if the necessary OSCORE Security Contexts are not only available to use, but also present in a local list of OSCORE Security Contexts that are usable to decrypt a request from the alleged request sender.</t>
        <t>This is particularly relevant for an origin server that expects to receive messages protected end-to-end by origin clients, but only if sent by a reverse-proxy as its adjacent hop.</t>
        <t>In such a setup, that check prevents a malicious sender endpoint C from associating the addressing information of the origin server S with the OSCORE Security Context CTX that C and S are sharing. Making such an association would compromise the location anonymity of the origin server, as otherwise afforded by the reverse-proxy.</t>
        <t>That is, if C gains knowledge of some addressing information ADDR, then C might send a request directly addressed to ADDR and protected with CTX. A response protected with CTX would prove that ADDR is in fact the addressing information of S.</t>
        <t>However, after performing and failing the check on the received request, S replies with a 4.01 (Unauthorized) error response that is not protected with CTX, hence preserving the location anonymity of the origin server.</t>
      </section>
      <section anchor="sec-security-considerations-hop-limit">
        <name>Hop-Limit Option</name>
        <t><xref target="sec-hop-limit"/> of this document defines that the Hop-Limit Option <xref target="RFC8768"/> is of Class U for OSCORE. This overrides the default behavior specified in <xref section="4.1" sectionFormat="of" target="RFC8613"/>, according to which the option would be processed as Class E for OSCORE.</t>
        <t>As discussed in <xref target="sec-hop-limit"/>, applying the default behavior would result in the Hop-Limit Option added by the origin client being protected end-to-end for the origin server. That is, the intention of the client about performing a detection of forwarding loops would be hidden even from the first proxy in the chain, which in turn adds an outer Hop-Limit Option and thus further contributes to increasing the message size (see <xref target="sec-hop-limit"/>).</t>
        <t>Instead, having defined the Hop-Limit Option as Class U for OSCORE, the following holds by virtue of the procedure defined in <xref target="general-rules"/>.</t>
        <ul spacing="normal">
          <li>
            <t>If the origin client and the origin server share an OSCORE Security Context, the client protects the option end-to-end for the server only when sending a request to the server directly (i.e., not via a proxy).</t>
          </li>
          <li>
            <t>If the origin client and the first proxy in the chain share an OSCORE Security Context, then the client protects the option for the proxy, while also avoiding the downsides resulting from the default behavior mentioned above.  </t>
            <t>
Otherwise, unless the communication leg between the origin client and the first proxy in the chain relies on another secure association (e.g., a DTLS connection <xref target="RFC9147"/>), the Hop-Limit Option included in a request sent to the proxy will be unprotected.  </t>
            <t>
Fundamentally, this is not worse then when applying the default behavior mentioned above. In that case, the origin client would not be able to provide the proxy with its intention as to detecting forwarding loops, while an active on-path adversary would be able to tamper with the request and add an outer Hop-Limit Option with a fraudulent value for the proxy to use.</t>
          </li>
        </ul>
        <t>More generally, if any two adjacent hops share an OSCORE Security Context, then the Hop-Limit Option will be protected with OSCORE in the communication leg between those two hops.</t>
        <t>If the Hop-Limit Option is transported unprotected over the communication leg between two hops, then the following applies.</t>
        <ul spacing="normal">
          <li>
            <t>A passive on-path adversary can read the option value. By possibly relying on other information such as the option value read in other communication legs, the adversary might be able to infer the topology of the network and the path used for delivering requests from the origin client.</t>
          </li>
          <li>
            <t>An active on-path adversary can add or remove the option, or alter its value. Adding the option allows the adversary to trigger an otherwise undesired process for detecting forwarding loops, e.g., as an attempt to probe the topology of the network. Removing the option results in undetectably interrupting the ongoing process for detecting forwarding loops, while altering the option value undetectably interferes with the natural progress of such an ongoing process.</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document has the following actions for IANA.</t>
      <section anchor="iana-coap-options">
        <name>CoAP Option Numbers Registry</name>
        <t>IANA is asked to add this document as an additional reference for the Hop-Limit Option in the "CoAP Option Numbers" registry <xref target="IANA.CoAP.Option.Numbers"/> within the "Constrained RESTful Environments (CoRE) Parameters" registry group.</t>
      </section>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC7252">
          <front>
            <title>The Constrained Application Protocol (CoAP)</title>
            <author fullname="Z. Shelby" initials="Z." surname="Shelby"/>
            <author fullname="K. Hartke" initials="K." surname="Hartke"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="June" year="2014"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP) is a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, lossy) networks. The nodes often have 8-bit microcontrollers with small amounts of ROM and RAM, while constrained networks such as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) often have high packet error rates and a typical throughput of 10s of kbit/s. The protocol is designed for machine- to-machine (M2M) applications such as smart energy and building automation.</t>
              <t>CoAP provides a request/response interaction model between application endpoints, supports built-in discovery of services and resources, and includes key concepts of the Web such as URIs and Internet media types. CoAP is designed to easily interface with HTTP for integration with the Web while meeting specialized requirements such as multicast support, very low overhead, and simplicity for constrained environments.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7252"/>
          <seriesInfo name="DOI" value="10.17487/RFC7252"/>
        </reference>
        <reference anchor="RFC8613">
          <front>
            <title>Object Security for Constrained RESTful Environments (OSCORE)</title>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="J. Mattsson" initials="J." surname="Mattsson"/>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <date month="July" year="2019"/>
            <abstract>
              <t>This document defines Object Security for Constrained RESTful Environments (OSCORE), a method for application-layer protection of the Constrained Application Protocol (CoAP), using CBOR Object Signing and Encryption (COSE). OSCORE provides end-to-end protection between endpoints communicating using CoAP or CoAP-mappable HTTP. OSCORE is designed for constrained nodes and networks supporting a range of proxy operations, including translation between different transport protocols.</t>
              <t>Although an optional functionality of CoAP, OSCORE alters CoAP options processing and IANA registration. Therefore, this document updates RFC 7252.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8613"/>
          <seriesInfo name="DOI" value="10.17487/RFC8613"/>
        </reference>
        <reference anchor="RFC8724">
          <front>
            <title>SCHC: Generic Framework for Static Context Header Compression and Fragmentation</title>
            <author fullname="A. Minaburo" initials="A." surname="Minaburo"/>
            <author fullname="L. Toutain" initials="L." surname="Toutain"/>
            <author fullname="C. Gomez" initials="C." surname="Gomez"/>
            <author fullname="D. Barthel" initials="D." surname="Barthel"/>
            <author fullname="JC. Zuniga" initials="JC." surname="Zuniga"/>
            <date month="April" year="2020"/>
            <abstract>
              <t>This document defines the Static Context Header Compression and fragmentation (SCHC) framework, which provides both a header compression mechanism and an optional fragmentation mechanism. SCHC has been designed with Low-Power Wide Area Networks (LPWANs) in mind.</t>
              <t>SCHC compression is based on a common static context stored both in the LPWAN device and in the network infrastructure side. This document defines a generic header compression mechanism and its application to compress IPv6/UDP headers.</t>
              <t>This document also specifies an optional fragmentation and reassembly mechanism. It can be used to support the IPv6 MTU requirement over the LPWAN technologies. Fragmentation is needed for IPv6 datagrams that, after SCHC compression or when such compression was not possible, still exceed the Layer 2 maximum payload size.</t>
              <t>The SCHC header compression and fragmentation mechanisms are independent of the specific LPWAN technology over which they are used. This document defines generic functionalities and offers flexibility with regard to parameter settings and mechanism choices. This document standardizes the exchange over the LPWAN between two SCHC entities. Settings and choices specific to a technology or a product are expected to be grouped into profiles, which are specified in other documents. Data models for the context and profiles are out of scope.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8724"/>
          <seriesInfo name="DOI" value="10.17487/RFC8724"/>
        </reference>
        <reference anchor="RFC8768">
          <front>
            <title>Constrained Application Protocol (CoAP) Hop-Limit Option</title>
            <author fullname="M. Boucadair" initials="M." surname="Boucadair"/>
            <author fullname="T. Reddy.K" initials="T." surname="Reddy.K"/>
            <author fullname="J. Shallow" initials="J." surname="Shallow"/>
            <date month="March" year="2020"/>
            <abstract>
              <t>The presence of Constrained Application Protocol (CoAP) proxies may lead to infinite forwarding loops, which is undesirable. To prevent and detect such loops, this document specifies the Hop-Limit CoAP option.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8768"/>
          <seriesInfo name="DOI" value="10.17487/RFC8768"/>
        </reference>
        <reference anchor="I-D.ietf-core-oscore-groupcomm">
          <front>
            <title>Group Object Security for Constrained RESTful Environments (Group OSCORE)</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Francesca Palombini" initials="F." surname="Palombini">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="John Preuß Mattsson" initials="J. P." surname="Mattsson">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <date day="23" month="December" year="2025"/>
            <abstract>
              <t>   This document defines the security protocol Group Object Security for
   Constrained RESTful Environments (Group OSCORE), providing end-to-end
   security of messages exchanged with the Constrained Application
   Protocol (CoAP) between members of a group, e.g., sent over IP
   multicast.  In particular, the described protocol defines how OSCORE
   is used in a group communication setting to provide source
   authentication for CoAP group requests, sent by a client to multiple
   servers, and for protection of the corresponding CoAP responses.
   Group OSCORE also defines a pairwise mode where each member of the
   group can efficiently derive a symmetric pairwise key with each other
   member of the group for pairwise OSCORE communication.  Group OSCORE
   can be used between endpoints communicating with CoAP or CoAP-
   mappable HTTP.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-oscore-groupcomm-28"/>
        </reference>
        <reference anchor="I-D.ietf-core-href">
          <front>
            <title>Constrained Resource Identifiers</title>
            <author fullname="Carsten Bormann" initials="C." surname="Bormann">
              <organization>Universität Bremen TZI</organization>
            </author>
            <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
              <organization>Fraunhofer SIT</organization>
            </author>
            <date day="21" month="November" year="2025"/>
            <abstract>
              <t>   The Constrained Resource Identifier (CRI) is a complement to the
   Uniform Resource Identifier (URI) that represents the URI components
   in Concise Binary Object Representation (CBOR) rather than as a
   sequence of characters.  This approach simplifies parsing,
   comparison, and reference resolution in environments with severe
   limitations on processing power, code size, and memory size.

   This RFC updates RFC 7595 by adding a column on the "URI Schemes"
   registry.


   // (This "cref" paragraph will be removed by the RFC editor:) After
   // approval of -28 and nit fixes in -29, the present revision -30
   // contains two more small fixes for nits that were uncovered in the
   // RPC intake process.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-href-30"/>
        </reference>
        <reference anchor="I-D.ietf-schc-8824-update">
          <front>
            <title>Static Context Header Compression (SCHC) for the Constrained Application Protocol (CoAP)</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Laurent Toutain" initials="L." surname="Toutain">
              <organization>IMT Atlantique</organization>
            </author>
            <author fullname="Iván Martínez" initials="I." surname="Martínez">
              <organization>IRISA</organization>
            </author>
            <author fullname="Ana Minaburo" initials="A." surname="Minaburo">
              <organization>Consultant</organization>
            </author>
            <date day="3" month="June" year="2026"/>
            <abstract>
              <t>   This document defines how to compress Constrained Application
   Protocol (CoAP) headers using the Static Context Header Compression
   and fragmentation (SCHC) framework.  SCHC defines a header
   compression mechanism adapted for constrained devices.  SCHC uses a
   static description of the header to reduce the header's redundancy
   and size.  While RFC 8724 describes the SCHC compression and
   fragmentation framework and its application for IPv6 and UDP headers,
   this document applies SCHC to CoAP headers.  The CoAP header
   structure differs from that of IPv6 and UDP headers, since CoAP uses
   a flexible header with a variable number of options that are in turn
   of variable length.  The CoAP message format is asymmetric, i.e.,
   request messages have a header format different from that of response
   messages.  This specification gives guidance on applying SCHC to
   flexible headers and on leveraging the message format asymmetry for
   defining more efficient compression Rules.  This document replaces
   and obsoletes RFC 8824.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-schc-8824-update-08"/>
        </reference>
        <reference anchor="I-D.ietf-core-uri-path-abbrev">
          <front>
            <title>URI-Path abbreviation in CoAP</title>
            <author fullname="Christian Amsüss" initials="C." surname="Amsüss">
         </author>
            <author fullname="Michael Richardson" initials="M." surname="Richardson">
              <organization>Sandelman Software Works</organization>
            </author>
            <date day="19" month="March" year="2026"/>
            <abstract>
              <t>   Applications built on CoAP face a conflict between the technical need
   for short message sizes and the interoperability requirement of
   following BCP190 and thus using (relatively verbose) well-known URI
   paths.  This document introduces a CoAP option that allows expressing
   well-known URI paths in as little as two bytes.

   Negotiating the use of this option between client and server revealed
   a subtle flaw in RFC7252.  This document updates RFC7252 to rectify
   it, thus making the extension point of critical options more useful.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-uri-path-abbrev-04"/>
        </reference>
        <reference anchor="IANA.CoAP.Option.Numbers" target="https://www.iana.org/assignments/core-parameters/core-parameters.xhtml#option-numbers">
          <front>
            <title>CoAP Option Numbers</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC7030">
          <front>
            <title>Enrollment over Secure Transport</title>
            <author fullname="M. Pritikin" initials="M." role="editor" surname="Pritikin"/>
            <author fullname="P. Yee" initials="P." role="editor" surname="Yee"/>
            <author fullname="D. Harkins" initials="D." role="editor" surname="Harkins"/>
            <date month="October" year="2013"/>
            <abstract>
              <t>This document profiles certificate enrollment for clients using Certificate Management over CMS (CMC) messages over a secure transport. This profile, called Enrollment over Secure Transport (EST), describes a simple, yet functional, certificate management protocol targeting Public Key Infrastructure (PKI) clients that need to acquire client certificates and associated Certification Authority (CA) certificates. It also supports client-generated public/private key pairs as well as key pairs generated by the CA.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7030"/>
          <seriesInfo name="DOI" value="10.17487/RFC7030"/>
        </reference>
        <reference anchor="RFC7641">
          <front>
            <title>Observing Resources in the Constrained Application Protocol (CoAP)</title>
            <author fullname="K. Hartke" initials="K." surname="Hartke"/>
            <date month="September" year="2015"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP) is a RESTful application protocol for constrained nodes and networks. The state of a resource on a CoAP server can change over time. This document specifies a simple protocol extension for CoAP that enables CoAP clients to "observe" resources, i.e., to retrieve a representation of a resource and keep this representation updated by the server over a period of time. The protocol follows a best-effort approach for sending new representations to clients and provides eventual consistency between the state observed by each client and the actual resource state at the server.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7641"/>
          <seriesInfo name="DOI" value="10.17487/RFC7641"/>
        </reference>
        <reference anchor="RFC8742">
          <front>
            <title>Concise Binary Object Representation (CBOR) Sequences</title>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="February" year="2020"/>
            <abstract>
              <t>This document describes the Concise Binary Object Representation (CBOR) Sequence format and associated media type "application/cbor-seq". A CBOR Sequence consists of any number of encoded CBOR data items, simply concatenated in sequence.</t>
              <t>Structured syntax suffixes for media types allow other media types to build on them and make it explicit that they are built on an existing media type as their foundation. This specification defines and registers "+cbor-seq" as a structured syntax suffix for CBOR Sequences.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8742"/>
          <seriesInfo name="DOI" value="10.17487/RFC8742"/>
        </reference>
        <reference anchor="RFC9147">
          <front>
            <title>The Datagram Transport Layer Security (DTLS) Protocol Version 1.3</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <author fullname="N. Modadugu" initials="N." surname="Modadugu"/>
            <date month="April" year="2022"/>
            <abstract>
              <t>This document specifies version 1.3 of the Datagram Transport Layer Security (DTLS) protocol. DTLS 1.3 allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
              <t>The DTLS 1.3 protocol is based on the Transport Layer Security (TLS) 1.3 protocol and provides equivalent security guarantees with the exception of order protection / non-replayability. Datagram semantics of the underlying transport are preserved by the DTLS protocol.</t>
              <t>This document obsoletes RFC 6347.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9147"/>
          <seriesInfo name="DOI" value="10.17487/RFC9147"/>
        </reference>
        <reference anchor="RFC9200">
          <front>
            <title>Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)</title>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="E. Wahlstroem" initials="E." surname="Wahlstroem"/>
            <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments called ACE-OAuth. The framework is based on a set of building blocks including OAuth 2.0 and the Constrained Application Protocol (CoAP), thus transforming a well-known and widely used authorization solution into a form suitable for IoT devices. Existing specifications are used where possible, but extensions are added and profiles are defined to better serve the IoT use cases.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9200"/>
          <seriesInfo name="DOI" value="10.17487/RFC9200"/>
        </reference>
        <reference anchor="RFC9460">
          <front>
            <title>Service Binding and Parameter Specification via the DNS (SVCB and HTTPS Resource Records)</title>
            <author fullname="B. Schwartz" initials="B." surname="Schwartz"/>
            <author fullname="M. Bishop" initials="M." surname="Bishop"/>
            <author fullname="E. Nygren" initials="E." surname="Nygren"/>
            <date month="November" year="2023"/>
            <abstract>
              <t>This document specifies the "SVCB" ("Service Binding") and "HTTPS" DNS resource record (RR) types to facilitate the lookup of information needed to make connections to network services, such as for HTTP origins. SVCB records allow a service to be provided from multiple alternative endpoints, each with associated parameters (such as transport protocol configuration), and are extensible to support future uses (such as keys for encrypting the TLS ClientHello). They also enable aliasing of apex domains, which is not possible with CNAME. The HTTPS RR is a variation of SVCB for use with HTTP (see RFC 9110, "HTTP Semantics"). By providing more information to the client before it attempts to establish a connection, these records offer potential benefits to both performance and privacy.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9460"/>
          <seriesInfo name="DOI" value="10.17487/RFC9460"/>
        </reference>
        <reference anchor="RFC9461">
          <front>
            <title>Service Binding Mapping for DNS Servers</title>
            <author fullname="B. Schwartz" initials="B." surname="Schwartz"/>
            <date month="November" year="2023"/>
            <abstract>
              <t>The SVCB DNS resource record type expresses a bound collection of endpoint metadata, for use when establishing a connection to a named service. DNS itself can be such a service, when the server is identified by a domain name. This document provides the SVCB mapping for named DNS servers, allowing them to indicate support for encrypted transport protocols.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9461"/>
          <seriesInfo name="DOI" value="10.17487/RFC9461"/>
        </reference>
        <reference anchor="RFC9528">
          <front>
            <title>Ephemeral Diffie-Hellman Over COSE (EDHOC)</title>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="J. Preuß Mattsson" initials="J." surname="Preuß Mattsson"/>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <date month="March" year="2024"/>
            <abstract>
              <t>This document specifies Ephemeral Diffie-Hellman Over COSE (EDHOC), a very compact and lightweight authenticated Diffie-Hellman key exchange with ephemeral keys. EDHOC provides mutual authentication, forward secrecy, and identity protection. EDHOC is intended for usage in constrained scenarios, and a main use case is to establish an Object Security for Constrained RESTful Environments (OSCORE) security context. By reusing CBOR Object Signing and Encryption (COSE) for cryptography, Concise Binary Object Representation (CBOR) for encoding, and Constrained Application Protocol (CoAP) for transport, the additional code size can be kept very low.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9528"/>
          <seriesInfo name="DOI" value="10.17487/RFC9528"/>
        </reference>
        <reference anchor="RFC9668">
          <front>
            <title>Using Ephemeral Diffie-Hellman Over COSE (EDHOC) with the Constrained Application Protocol (CoAP) and Object Security for Constrained RESTful Environments (OSCORE)</title>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <author fullname="M. Tiloca" initials="M." surname="Tiloca"/>
            <author fullname="R. Höglund" initials="R." surname="Höglund"/>
            <author fullname="S. Hristozov" initials="S." surname="Hristozov"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <date month="November" year="2024"/>
            <abstract>
              <t>The lightweight authenticated key exchange protocol Ephemeral Diffie-Hellman Over COSE (EDHOC) can be run over the Constrained Application Protocol (CoAP) and used by two peers to establish a Security Context for the security protocol Object Security for Constrained RESTful Environments (OSCORE). This document details this use of the EDHOC protocol by specifying a number of additional and optional mechanisms, including an optimization approach for combining the execution of EDHOC with the first OSCORE transaction. This combination reduces the number of round trips required to set up an OSCORE Security Context and to complete an OSCORE transaction using that Security Context.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9668"/>
          <seriesInfo name="DOI" value="10.17487/RFC9668"/>
        </reference>
        <reference anchor="I-D.ietf-core-groupcomm-bis">
          <front>
            <title>Group Communication for the Constrained Application Protocol (CoAP)</title>
            <author fullname="Esko Dijk" initials="E." surname="Dijk">
              <organization>IoTconsultancy.nl</organization>
            </author>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <date day="10" month="February" year="2026"/>
            <abstract>
              <t>   The Constrained Application Protocol (CoAP) is a web transfer
   protocol for constrained devices and constrained networks.  In a
   number of use cases, constrained devices often naturally operate in
   groups (e.g., in a building automation scenario, all lights in a
   given room may need to be switched on/off as a group).  This document
   specifies the use of CoAP for group communication, including the use
   of UDP/IP multicast as the default underlying data transport.  Both
   unsecured and secured CoAP group communication are specified.
   Security is achieved by use of the Group Object Security for
   Constrained RESTful Environments (Group OSCORE) protocol.  The target
   application area of this specification is any group communication use
   cases that involve resource-constrained devices or networks that
   support CoAP.  This document replaces and obsoletes RFC 7390, while
   it updates RFC 7252 and RFC 7641.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-groupcomm-bis-18"/>
        </reference>
        <reference anchor="I-D.ietf-core-groupcomm-proxy">
          <front>
            <title>Proxy Operations in Group Communication for the Constrained Application Protocol (CoAP)</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Esko Dijk" initials="E." surname="Dijk">
              <organization>IoTconsultancy.nl</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   This document defines a specific realization of proxy intended for
   scenarios that use group communication for the Constrained
   Application Protocol (CoAP).  Such a proxy processes a single request
   sent by a client typically over unicast and distributes the request
   to a group of servers, e.g., over UDP/IP multicast as the defined
   default transport protocol.  Then, the proxy collects the individual
   responses from those servers and relays those responses back to the
   client, in a way that allows the client to distinguish the responses
   and their origin servers through embedded addressing information.
   This document updates RFC7252 with respect to caching of response
   messages at proxies.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-groupcomm-proxy-06"/>
        </reference>
        <reference anchor="I-D.ietf-core-observe-multicast-notifications">
          <front>
            <title>Observe Notifications as CoAP Multicast Responses</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Christian Amsüss" initials="C." surname="Amsüss">
         </author>
            <author fullname="Francesca Palombini" initials="F." surname="Palombini">
              <organization>Ericsson AB</organization>
            </author>
            <date day="22" month="April" year="2026"/>
            <abstract>
              <t>   The Constrained Application Protocol (CoAP) allows clients to
   "observe" resources at a server and to receive notifications as
   unicast responses upon changes of the resource state.  In some use
   cases, such as those based on publish-subscribe, it would be
   convenient for the server to send a single notification addressed to
   all the clients observing the same target resource.  This document
   updates RFC7252 and RFC7641, and it defines how a server sends
   observe notifications as response messages over multicast,
   synchronizing all the observers of the same resource on the same
   shared Token value.  Besides, this document defines how the security
   protocol Group Object Security for Constrained RESTful Environments
   (Group OSCORE) can be used to protect multicast notifications end-to-
   end between the server and the observer clients.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-observe-multicast-notifications-14"/>
        </reference>
        <reference anchor="I-D.ietf-core-multicast-notifications-proxy">
          <front>
            <title>Using Proxies for Observe Notifications as CoAP Multicast Responses</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Christian Amsüss" initials="C." surname="Amsüss">
         </author>
            <author fullname="Francesca Palombini" initials="F." surname="Palombini">
              <organization>Ericsson AB</organization>
            </author>
            <date day="22" month="April" year="2026"/>
            <abstract>
              <t>   The Constrained Application Protocol (CoAP) allows clients to
   "observe" resources at a server and to receive notifications as
   unicast responses upon changes of the resource state.  Instead of
   sending a distinct unicast notification to each different client, a
   server can alternatively send a single notification as a response
   message over multicast, to all the clients observing the same target
   resource.  When doing so, the security protocol Group Object Security
   for Constrained RESTful Environments (Group OSCORE) can be used to
   protect multicast notifications end-to-end between the server and the
   observer clients.  This document describes how multicast
   notifications can be used in network setups that leverage a proxy,
   e.g., in order to accommodate clients that are not able to directly
   listen to multicast traffic.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-multicast-notifications-proxy-01"/>
        </reference>
        <reference anchor="I-D.ietf-core-coap-pubsub">
          <front>
            <title>A publish-subscribe architecture for the Constrained Application Protocol (CoAP)</title>
            <author fullname="Jaime Jimenez" initials="J." surname="Jimenez">
              <organization>Ericsson</organization>
            </author>
            <author fullname="Michael Koster" initials="M." surname="Koster">
              <organization>Dogtiger Labs</organization>
            </author>
            <author fullname="Ari Keränen" initials="A." surname="Keränen">
              <organization>Ericsson</organization>
            </author>
            <date day="2" month="July" year="2026"/>
            <abstract>
              <t>   This document describes a publish-subscribe architecture for the
   Constrained Application Protocol (CoAP), extending the capabilities
   of CoAP communications for supporting endpoints with long breaks in
   connectivity and/or up-time.  CoAP clients publish on and subscribe
   to a topic via a corresponding topic resource at a CoAP server acting
   as broker.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-coap-pubsub-21"/>
        </reference>
        <reference anchor="I-D.ietf-core-transport-indication">
          <front>
            <title>CoAP Transport Indication</title>
            <author fullname="Christian Amsüss" initials="C." surname="Amsüss">
         </author>
            <author fullname="Martine Sophie Lenders" initials="M. S." surname="Lenders">
              <organization>TUD Dresden University of Technology</organization>
            </author>
            <date day="30" month="April" year="2026"/>
            <abstract>
              <t>   The Constrained Application Protocol (CoAP, [RFC7252]) is available
   over different transports (UDP, DTLS, TCP, TLS, WebSockets), but
   lacks a way to unify these addresses.  This document provides
   terminology and provisions based on Web Linking [RFC8288] and Service
   Bindings (SVCB, [RFC9460]) to express alternative transports
   available to a device, and to optimize exchanges using these.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-transport-indication-10"/>
        </reference>
        <reference anchor="I-D.ietf-ace-key-groupcomm-oscore">
          <front>
            <title>Key Management for Group Object Security for Constrained RESTful Environments (Group OSCORE) Using Authentication and Authorization for Constrained Environments (ACE)</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Francesca Palombini" initials="F." surname="Palombini">
              <organization>Ericsson AB</organization>
            </author>
            <date day="14" month="March" year="2026"/>
            <abstract>
              <t>   This document defines an application profile of the Authentication
   and Authorization for Constrained Environments (ACE) framework, to
   request and provision keying material in group communication
   scenarios that are based on the Constrained Application Protocol
   (CoAP) and are secured with Group Object Security for Constrained
   RESTful Environments (Group OSCORE).  This application profile
   delegates the authentication and authorization of Clients, which join
   an OSCORE group through a Resource Server acting as Group Manager for
   that group.  This application profile leverages protocol-specific
   transport profiles of ACE to achieve communication security, server
   authentication, and proof of possession of a key owned by the Client
   and bound to an OAuth 2.0 access token.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-ace-key-groupcomm-oscore-21"/>
        </reference>
        <reference anchor="I-D.ietf-core-coap-pm">
          <front>
            <title>Constrained Application Protocol (CoAP) Performance Measurement Option</title>
            <author fullname="Giuseppe Fioccola" initials="G." surname="Fioccola">
              <organization>Huawei</organization>
            </author>
            <author fullname="Tianran Zhou" initials="T." surname="Zhou">
              <organization>Huawei</organization>
            </author>
            <author fullname="Mauro Cociglio" initials="M." surname="Cociglio">
         </author>
            <author fullname="Fabio Bulgarella" initials="F." surname="Bulgarella">
              <organization>Telecom Italia</organization>
            </author>
            <author fullname="Yongqing Zhu" initials="Y." surname="Zhu">
              <organization>China Telecom</organization>
            </author>
            <date day="20" month="October" year="2025"/>
            <abstract>
              <t>   This document specifies a method for the Performance Measurement of
   the Constrained Application Protocol (CoAP).  A new CoAP option is
   defined in order to enable network telemetry both end-to-end and hop-
   by-hop.  The endpoints cooperate by marking and, possibly, mirroring
   information on the round-trip connection.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-coap-pm-05"/>
        </reference>
        <reference anchor="I-D.ietf-ace-coap-est-oscore">
          <front>
            <title>Protecting EST Payloads with OSCORE</title>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Shahid Raza" initials="S." surname="Raza">
              <organization>RISE</organization>
            </author>
            <author fullname="Martin Furuhed" initials="M." surname="Furuhed">
              <organization>Nexus</organization>
            </author>
            <author fullname="Mališa Vučinić" initials="M." surname="Vučinić">
              <organization>Inria</organization>
            </author>
            <date day="2" month="July" year="2026"/>
            <abstract>
              <t>   Enrollment over Secure Transport (EST) is a certificate provisioning
   protocol over HTTPS [RFC7030] or CoAPs [RFC9148].  This document
   specifies how to carry EST over the Constrained Application Protocol
   (CoAP) protected with Object Security for Constrained RESTful
   Environments (OSCORE).  The specification builds on the EST-coaps
   [RFC9148] specification, but uses OSCORE and Ephemeral Diffie-Hellman
   over COSE (EDHOC) instead of DTLS.  The specification also leverages
   the certificate structures defined in
   [I-D.ietf-cose-cbor-encoded-cert], which can be optionally used
   alongside X.509 certificates.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-ace-coap-est-oscore-11"/>
        </reference>
        <reference anchor="I-D.ietf-core-cacheable-oscore">
          <front>
            <title>End-to-End Protected and Cacheable Responses for the Constrained Application Protocol (CoAP) using Group Object Security for Constrained RESTful Environments (Group OSCORE)</title>
            <author fullname="Christian Amsüss" initials="C." surname="Amsüss">
         </author>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   When using the Constrained Application Protocol (CoAP), exchanged
   messages can be protected end-to-end also across untrusted
   intermediary proxies.  This can be achieved with Object Security for
   Constrained RESTful Environments (OSCORE) or, in the case of group
   communication, with Group Object Security for Constrained RESTful
   Environments (Group OSCORE).  However, this sidesteps the proxies'
   abilities to cache responses from the origin server(s).  This
   document restores cacheability of end-end protected responses at
   proxies, by using Group OSCORE and introducing consensus requests,
   which any client in an OSCORE group can send to one server or
   multiple servers in the same group.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-cacheable-oscore-01"/>
        </reference>
        <reference anchor="I-D.ietf-lake-app-profiles">
          <front>
            <title>Coordinating the Use of Application Profiles for Ephemeral Diffie-Hellman Over COSE (EDHOC)</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   The lightweight authenticated key exchange protocol Ephemeral Diffie-
   Hellman Over COSE (EDHOC) requires certain parameters to be agreed
   out-of-band, in order to ensure its successful completion.  To this
   end, application profiles specify the intended use of EDHOC to allow
   for the relevant processing and verifications to be made.  In order
   to ensure the applicability of such parameters and information beyond
   transport- or setup-specific scenarios, this document defines a
   canonical, CBOR-based representation that can be used to describe,
   distribute, and store EDHOC application profiles.  Furthermore, in
   order to facilitate interoperability between EDHOC implementations
   and support EDHOC extensibility for additional integrations, this
   document defines a number of means to coordinate the use of EDHOC
   application profiles.  Finally, this document defines a set of well-
   known EDHOC application profiles.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-lake-app-profiles-04"/>
        </reference>
        <reference anchor="I-D.amsuess-t2trg-onion-coap">
          <front>
            <title>Using onion routing with CoAP</title>
            <author fullname="Christian Amsüss" initials="C." surname="Amsüss">
         </author>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <date day="7" month="July" year="2025"/>
            <abstract>
              <t>   The CoAP protocol was designed with direct connections and proxies in
   mind.  This document defines mechanisms by which chains of proxies
   can be set up.  In combination, they enable the operation of hidden
   services and of clients similar to how Tor (onion routing) enables it
   for TCP-based protocols.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-amsuess-t2trg-onion-coap-04"/>
        </reference>
        <reference anchor="LwM2M-Core" target="https://www.openmobilealliance.org/release/LightweightM2M/V1_2_2-20240613-A/OMA-TS-LightweightM2M_Core-V1_2_2-20240613-A.pdf">
          <front>
            <title>Lightweight Machine to Machine Technical Specification - Core, Approved Version 1.2.2, OMA-TS-LightweightM2M_Core-V1_2_2-20240613-A</title>
            <author>
              <organization>Open Mobile Alliance</organization>
            </author>
            <date year="2024" month="June"/>
          </front>
        </reference>
        <reference anchor="LwM2M-Transport" target="https://www.openmobilealliance.org/release/LightweightM2M/V1_2_2-20240613-A/OMA-TS-LightweightM2M_Transport-V1_2_2-20240613-A.pdf">
          <front>
            <title>Lightweight Machine to Machine Technical Specification - Transport Bindings, Approved Version 1.2.2, OMA-TS-LightweightM2M_Transport-V1_2_2-20240613-A</title>
            <author>
              <organization>Open Mobile Alliance</organization>
            </author>
            <date year="2024" month="June"/>
          </front>
        </reference>
        <reference anchor="LwM2M-Gateway" target="https://www.openmobilealliance.org/release/LwM2M_Gateway/V1_1_1-20240312-A/OMA-TS-LWM2M_Gateway-V1_1_1-20240312-A.pdf">
          <front>
            <title>Lightweight Machine to Machine Gateway Technical Specification - Approved Version 1.1.1, OMA-TS-LWM2M_Gateway-V1_1_1-20240312-A</title>
            <author>
              <organization>Open Mobile Alliance</organization>
            </author>
            <date year="2024" month="March"/>
          </front>
        </reference>
        <reference anchor="TOR-SPEC" target="https://spec.torproject.org/">
          <front>
            <title>Tor Specifications</title>
            <author>
              <organization>Tor Project</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="DAI-SNAC" target="http://dx.doi.org/10.1145/3488661.3494029">
          <front>
            <title>Discovery and capabilities of guard proxies for CoRE networks</title>
            <author initials="C." surname="Amsüss" fullname="Christian Amsüss">
              <organization/>
            </author>
            <date year="2021" month="December"/>
          </front>
        </reference>
      </references>
    </references>
    <?line 649?>

<section anchor="sec-use-cases">
      <name>Use Cases</name>
      <t>The approach defined in this document has been motivated by a number of use cases, which are summarized below.</t>
      <section anchor="ssec-uc1">
        <name>CoAP Group Communication with Proxies</name>
        <t>CoAP also supports one-to-many group communication <xref target="I-D.ietf-core-groupcomm-bis"/>, e.g., over IP multicast, which can be protected end-to-end between origin client and origin servers by using Group OSCORE <xref target="I-D.ietf-core-oscore-groupcomm"/>.</t>
        <t>This communication model can be assisted by intermediaries such as a CoAP forward-proxy or reverse-proxy, which relays a group request to the origin servers. If Group OSCORE is used, the proxy is intentionally not a member of the OSCORE group. Furthermore, <xref target="I-D.ietf-core-groupcomm-proxy"/> defines a signaling protocol between origin client and proxy, to ensure that responses from the different origin servers are forwarded back to the origin client within a time interval set by the client and that those responses can be distinguished from one another.</t>
        <t>That signaling protocol requires that the proxy identifies the origin client as allowed-listed, before forwarding a group request to the servers (see <xref section="4" sectionFormat="of" target="I-D.ietf-core-groupcomm-proxy"/>). In turn, this requires a security association between the origin client and the proxy, which would be convenient to provide with a dedicated OSCORE Security Context shared between the two, since the client is possibly using also Group OSCORE with the origin servers.</t>
      </section>
      <section anchor="ssec-uc2">
        <name>CoAP Observe Notifications over Multicast</name>
        <t>The Observe extension for CoAP <xref target="RFC7641"/> allows a client to register its interest in "observing" a resource at a server. The server can then send back notification responses upon changes in the resource representation, all matching with the original observation request.</t>
        <t>In some applications, such as based on publish-subscribe communication <xref target="I-D.ietf-core-coap-pubsub"/>, multiple clients are interested in observing the same resource at the same server. In the interest of such applications, <xref target="I-D.ietf-core-observe-multicast-notifications"/> defines a method that allows the server to send a single notification response to all the observer clients at once, e.g., over IP multicast. To this end, the server synchronizes the clients by providing them with a common "phantom observation request", against which the following multicast notifications will match.</t>
        <t>If the clients and the server use Group OSCORE for end-to-end security and a proxy is also involved, an additional step is required (see <xref section="4" sectionFormat="of" target="I-D.ietf-core-multicast-notifications-proxy"/>). That is, clients are in turn required to provide the proxy with the obtained "phantom observation request", thus enabling the proxy to receive the multicast notifications from the server.</t>
        <t>Therefore, it is preferable to have a security association also between each client and the proxy, in order to ensure the integrity of that information provided to the proxy (see <xref section="10.1" sectionFormat="of" target="I-D.ietf-core-multicast-notifications-proxy"/>). Like for the use case in <xref target="ssec-uc1"/>, this would be conveniently achieved with a dedicated OSCORE Security Context shared between a client and the proxy, since the client is also using Group OSCORE with the origin server.</t>
      </section>
      <section anchor="ssec-uc3">
        <name>LwM2M Client and External Application Server</name>
        <t>The Lightweight Machine-to-Machine (LwM2M) protocol <xref target="LwM2M-Core"/> enables a LwM2M Client device to securely bootstrap and then register at a LwM2M Server, with which it will perform most of its following communication exchanges. As per the transport bindings specification of LwM2M <xref target="LwM2M-Transport"/>, the LwM2M Client and LwM2M Server can use CoAP and OSCORE to secure their communications at the application layer, including during the device registration process.</t>
        <t>Furthermore, Section 5.4.1 of <xref target="LwM2M-Transport"/> specifies that:</t>
        <blockquote>
          <t>OSCORE <bcp14>MAY</bcp14> also be used between LwM2M endpoint and non-LwM2M endpoint, e.g. between an Application Server and a LwM2M Client via a LwM2M server. Both the LwM2M endpoint and non-LwM2M endpoint <bcp14>MUST</bcp14> implement OSCORE and be provisioned with an OSCORE Security Context as defined in [OSCORE].</t>
        </blockquote>
        <t>In such a case, the LwM2M Server can practically act as forward-proxy between the LwM2M Client and the external Application Server. At the same time, the LwM2M Client and LwM2M Server must continue protecting communications on their leg using their OSCORE Security Context. Like for the use case in <xref target="ssec-uc1"/>, this also allows the LwM2M Server to identify the LwM2M Client, before forwarding its request outside the LwM2M domain and towards the external Application Server.</t>
      </section>
      <section anchor="ssec-uc4">
        <name>LwM2M Gateway</name>
        <t>The specification <xref target="LwM2M-Gateway"/> extends the LwM2M architecture by defining the LwM2M Gateway functionality. That is, a LwM2M Server can manage end IoT devices that are deployed "behind" the LwM2M Gateway. While it is outside the scope of that specification, it is possible for the LwM2M Gateway to use any suitable protocol with its connected end IoT devices, as well as to carry out any required protocol translation.</t>
        <t>Practically, the LwM2M Server can send a request to the LwM2M Gateway, asking to forward the request to an end IoT device. With particular reference to CoAP and the related transport binding specified in <xref target="LwM2M-Transport"/>, the LwM2M Server acting as a CoAP client sends its request to the LwM2M Gateway acting as a CoAP server.</t>
        <t>If CoAP is used in the communication leg between the LwM2M Gateway and the end IoT devices, then the LwM2M Gateway fundamentally acts as a CoAP reverse-proxy (see <xref section="5.7.3" sectionFormat="of" target="RFC7252"/>). That is, in addition to its own resources, the LwM2M Gateway serves the resources hosted by each end IoT device that stands behind it, as exposed by the LwM2M Gateway under a dedicated URI path. As per <xref target="LwM2M-Gateway"/>, the first URI path segment is used as a "prefix" to identify the specific IoT device, while the remaining URI path segments specify the target resource at the IoT device.</t>
        <t>As per Section 7 of <xref target="LwM2M-Gateway"/>, message exchanges between the LwM2M Server and the LwM2M Gateway are secured using the LwM2M-defined technologies, while the LwM2M protocol does not provide end-to-end security between the LwM2M Server and the end IoT devices. However, the approach defined in this document makes it possible to achieve both goals, by allowing the LwM2M Server to use OSCORE for protecting a message both end-to-end with the targeted end IoT device and with the LwM2M Gateway acting as a reverse-proxy.</t>
      </section>
      <section anchor="access-control-to-a-proxy">
        <name>Access Control to a Proxy</name>
        <t>From a security point of view, it would be convenient if the proxy could provide suitable credentials to the client, as a general trusted proxy for the system. At the same time, it can be desirable to limit the use of such a proxy to a set of clients that have permission to use it, and that the proxy can identify through a secure communication association.</t>
        <t>However, in order for OSCORE to be an applicable security mechanism for this scenario, OSCORE has to be terminated at the proxy. That is, it would be required for a client and the proxy to share a dedicated OSCORE Security Context and to use it for protecting their communication leg.</t>
        <t>Combined with what is defined above, a server aware of a suitable cross-proxy can rely on it as a third-party service, in order to indicate transports for CoAP that are available for that server (see <xref section="5" sectionFormat="of" target="I-D.ietf-core-transport-indication"/>).</t>
      </section>
      <section anchor="access-control-to-the-origin-server">
        <name>Access Control to the Origin Server</name>
        <t>A proxy may be deployed to act as an entry point to a firewalled network that only authenticated clients can join. As an alternative to a hard firewall that can be either traversed or not, a proxy can instead apply major rate limits on incoming traffic from unauthenticated clients <xref target="DAI-SNAC"/> and lift those limits for authenticated clients, possibly to different extents depending on the specific client.</t>
        <t>In particular, authentication can rely on the secure communication association used between a client and the proxy. If the proxy could share a different OSCORE Security Context with each different client, then the proxy can rely on it to identify a client before forwarding messages from that client to other members of the firewalled network.</t>
        <t>Furthermore, if the client trusts the proxy to perform its tasks in a privacy-oriented way, the client can rely on their shared secure communication association to conceal what origin servers it is communicating with, by hiding that information from further possible intermediaries or on-path passive adversaries on the communication leg between the client and the proxy.</t>
      </section>
      <section anchor="further-use-cases">
        <name>Further Use Cases</name>
        <t>The approach defined in this document can be useful also in the following use cases relying on a proxy.</t>
        <ul spacing="normal">
          <li>
            <t>The method specified in <xref target="I-D.ietf-core-coap-pm"/> relies on the Performance Measurement Option to enable network telemetry for CoAP communications. This makes it possible to efficiently measure Round-Trip Time and message losses, both end-to-end and hop-by-hop. In particular, on-path probes such as intermediary proxies can be deployed to perform measurements hop-by-hop.  </t>
            <t>
When OSCORE is used in deployments including on-path probes, an inner Performance Measurement Option is protected end-to-end between the two application endpoints and enables end-to-end measurements between those. At the same time, an outer Performance Measurement Option allows also hop-by-hop measurements to be performed by relying on an on-path probe.  </t>
            <t>
Therefore, it is preferable to have a secure association with an on-path probe, in order to also ensure the integrity of the hop-by-hop measurements exchanged with the probe.</t>
          </li>
          <li>
            <t>The method specified in <xref target="I-D.ietf-ace-coap-est-oscore"/> enables public-key certificate enrollment for Internet of Things deployments. This leverages payload formats defined in Enrollment over Secure Transport (EST) <xref target="RFC7030"/>, while relying on CoAP for message transfer and on OSCORE for message protection.  </t>
            <t>
In real-world deployments, an EST server issuing public-key certificates may reside outside a constrained network that includes devices acting as EST clients. In particular, the EST clients are expected to support only CoAP, while the EST server in a non-constrained network is expected to support only HTTP. This requires a CoAP-to-HTTP proxy to be deployed between the EST clients and the EST server, in order to map CoAP messages with HTTP messages across the two networks.  </t>
            <t>
Even in such a scenario, the EST server and every EST client can still effectively use OSCORE to protect their communications end-to-end. At the same time, it is desirable to have an additional secure association between the EST client and the CoAP-to-HTTP proxy, especially in order for the proxy to identify the EST client before forwarding EST messages out of the CoAP boundary of the constrained network and towards the EST server.</t>
          </li>
          <li>
            <t>The approach defined in this document does not pose a limit to the number of OSCORE protections applied to the same CoAP message.  </t>
            <t>
This enables more privacy-oriented scenarios based on proxy chains, where the origin client protects a CoAP request first by using the OSCORE Security Context shared with the origin server, and then by using different OSCORE Security Contexts shared with the different hops in the chain. Once received at a chain hop, the request would be stripped of the OSCORE protection associated with that hop before being forwarded to the next one.  </t>
            <t>
Building on that, it is also possible to enable the operation of hidden services and clients through onion routing with CoAP <xref target="I-D.amsuess-t2trg-onion-coap"/>, similarly to how Tor (The Onion Router) <xref target="TOR-SPEC"/> enables it for TCP-based protocols.</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="sec-examples">
      <name>Examples of Message Exchanges</name>
      <t>This section provides a number of examples where the approach defined in this document is used to protect message exchanges.</t>
      <t>The presented examples build on the example shown in <xref section="A.1" sectionFormat="of" target="RFC8613"/>, which illustrates an origin client requesting the alarm status from an origin server through a forward-proxy.</t>
      <t>The abbreviations "REQ" and "RESP" are used to denote a request message and a response message, respectively.</t>
      <section anchor="sec-examples-1">
        <name>With Forward-Proxy; OSCORE: C-S, C-P</name>
        <t>In the example shown in <xref target="fig-example-client-proxy"/>, message exchanges are protected with OSCORE as follows.</t>
        <ul spacing="normal">
          <li>
            <t>End-to-end, between the client and the server, using the OSCORE Security Context CTX_C_S. The client uses the OSCORE Sender ID 0x5f when using OSCORE with the server.</t>
          </li>
          <li>
            <t>Between the client and the proxy, using the OSCORE Security Context CTX_C_P. The client uses the OSCORE Sender ID 0x20 when using OSCORE with the proxy.</t>
          </li>
        </ul>
        <figure anchor="fig-example-client-proxy">
          <name>Use of OSCORE between Client-Server and Client-Proxy</name>
          <artset>
            <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="1360" width="544" viewBox="0 0 544 1360" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 24,104 L 24,112" fill="none" stroke="black"/>
                <path d="M 24,168 L 24,1168" fill="none" stroke="black"/>
                <path d="M 24,1224 L 24,1232" fill="none" stroke="black"/>
                <path d="M 24,1288 L 24,1296" fill="none" stroke="black"/>
                <path d="M 88,48 L 88,400" fill="none" stroke="black"/>
                <path d="M 88,456 L 88,896" fill="none" stroke="black"/>
                <path d="M 88,952 L 88,1296" fill="none" stroke="black"/>
                <path d="M 152,48 L 152,624" fill="none" stroke="black"/>
                <path d="M 152,680 L 152,688" fill="none" stroke="black"/>
                <path d="M 152,744 L 152,1296" fill="none" stroke="black"/>
                <path d="M 24,192 L 80,192" fill="none" stroke="black"/>
                <path d="M 88,480 L 144,480" fill="none" stroke="black"/>
                <path d="M 96,768 L 152,768" fill="none" stroke="black"/>
                <path d="M 32,976 L 88,976" fill="none" stroke="black"/>
                <polygon class="arrowhead" points="152,480 140,474.4 140,485.6" fill="black" transform="rotate(0,144,480)"/>
                <polygon class="arrowhead" points="104,768 92,762.4 92,773.6" fill="black" transform="rotate(180,96,768)"/>
                <polygon class="arrowhead" points="88,192 76,186.4 76,197.6" fill="black" transform="rotate(0,80,192)"/>
                <polygon class="arrowhead" points="40,976 28,970.4 28,981.6" fill="black" transform="rotate(180,32,976)"/>
                <g class="text">
                  <text x="28" y="36">Client</text>
                  <text x="88" y="36">Proxy</text>
                  <text x="148" y="36">Server</text>
                  <text x="24" y="52">|</text>
                  <text x="32" y="68">Encrypt</text>
                  <text x="16" y="84">REQ</text>
                  <text x="52" y="84">with</text>
                  <text x="32" y="100">CTX_C_S</text>
                  <text x="32" y="132">Encrypt</text>
                  <text x="16" y="148">REQ</text>
                  <text x="52" y="148">with</text>
                  <text x="32" y="164">CTX_C_P</text>
                  <text x="216" y="196">Code:</text>
                  <text x="260" y="196">0.02</text>
                  <text x="308" y="196">(POST)</text>
                  <text x="52" y="212">POST</text>
                  <text x="212" y="212">Token:</text>
                  <text x="260" y="212">0x8c</text>
                  <text x="208" y="228">OSCORE:</text>
                  <text x="284" y="228">[kid:0x20,</text>
                  <text x="360" y="228">Partial</text>
                  <text x="420" y="228">IV:31]</text>
                  <text x="212" y="244">0xff</text>
                  <text x="204" y="260">Payload:</text>
                  <text x="268" y="260">{Code:</text>
                  <text x="316" y="260">0.02</text>
                  <text x="368" y="260">(POST),</text>
                  <text x="288" y="276">Uri-Host:</text>
                  <text x="388" y="276">"example.com",</text>
                  <text x="280" y="292">OSCORE:</text>
                  <text x="356" y="292">[kid:0x5f,</text>
                  <text x="432" y="292">Partial</text>
                  <text x="496" y="292">IV:42],</text>
                  <text x="304" y="308">Proxy-Scheme:</text>
                  <text x="392" y="308">"coap",</text>
                  <text x="272" y="324">0xff,</text>
                  <text x="276" y="340">{Code:</text>
                  <text x="324" y="340">0.01</text>
                  <text x="372" y="340">(GET),</text>
                  <text x="296" y="356">Uri-Path:</text>
                  <text x="396" y="356">"alarm_status"</text>
                  <text x="256" y="372">}</text>
                  <text x="292" y="372">//</text>
                  <text x="344" y="372">Encrypted</text>
                  <text x="404" y="372">with</text>
                  <text x="456" y="372">CTX_C_S</text>
                  <text x="248" y="388">}</text>
                  <text x="268" y="388">//</text>
                  <text x="320" y="388">Encrypted</text>
                  <text x="380" y="388">with</text>
                  <text x="432" y="388">CTX_C_P</text>
                  <text x="96" y="420">Decrypt</text>
                  <text x="80" y="436">REQ</text>
                  <text x="116" y="436">with</text>
                  <text x="96" y="452">CTX_C_P</text>
                  <text x="216" y="484">Code:</text>
                  <text x="260" y="484">0.02</text>
                  <text x="308" y="484">(POST)</text>
                  <text x="116" y="500">POST</text>
                  <text x="212" y="500">Token:</text>
                  <text x="260" y="500">0x7b</text>
                  <text x="200" y="516">Uri-Host:</text>
                  <text x="296" y="516">"example.com"</text>
                  <text x="208" y="532">OSCORE:</text>
                  <text x="284" y="532">[kid:0x5f,</text>
                  <text x="360" y="532">Partial</text>
                  <text x="420" y="532">IV:42]</text>
                  <text x="212" y="548">0xff</text>
                  <text x="204" y="564">Payload:</text>
                  <text x="248" y="564">{</text>
                  <text x="272" y="580">Code:</text>
                  <text x="316" y="580">0.01</text>
                  <text x="364" y="580">(GET),</text>
                  <text x="288" y="596">Uri-Path:</text>
                  <text x="388" y="596">"alarm_status"</text>
                  <text x="248" y="612">}</text>
                  <text x="268" y="612">//</text>
                  <text x="320" y="612">Encrypted</text>
                  <text x="380" y="612">with</text>
                  <text x="432" y="612">CTX_C_S</text>
                  <text x="160" y="644">Decrypt</text>
                  <text x="144" y="660">REQ</text>
                  <text x="180" y="660">with</text>
                  <text x="160" y="676">CTX_C_S</text>
                  <text x="160" y="708">Encrypt</text>
                  <text x="148" y="724">RESP</text>
                  <text x="188" y="724">with</text>
                  <text x="160" y="740">CTX_C_S</text>
                  <text x="216" y="772">Code:</text>
                  <text x="260" y="772">2.04</text>
                  <text x="320" y="772">(Changed)</text>
                  <text x="124" y="788">2.04</text>
                  <text x="212" y="788">Token:</text>
                  <text x="260" y="788">0x7b</text>
                  <text x="208" y="804">OSCORE:</text>
                  <text x="248" y="804">-</text>
                  <text x="212" y="820">0xff</text>
                  <text x="204" y="836">Payload:</text>
                  <text x="268" y="836">{Code:</text>
                  <text x="316" y="836">2.05</text>
                  <text x="380" y="836">(Content),</text>
                  <text x="272" y="852">0xff,</text>
                  <text x="264" y="868">"0"</text>
                  <text x="248" y="884">}</text>
                  <text x="268" y="884">//</text>
                  <text x="320" y="884">Encrypted</text>
                  <text x="380" y="884">with</text>
                  <text x="432" y="884">CTX_C_S</text>
                  <text x="96" y="916">Encrypt</text>
                  <text x="84" y="932">RESP</text>
                  <text x="124" y="932">with</text>
                  <text x="96" y="948">CTX_C_P</text>
                  <text x="216" y="980">Code:</text>
                  <text x="260" y="980">2.04</text>
                  <text x="320" y="980">(Changed)</text>
                  <text x="60" y="996">2.04</text>
                  <text x="212" y="996">Token:</text>
                  <text x="260" y="996">0x8c</text>
                  <text x="208" y="1012">OSCORE:</text>
                  <text x="248" y="1012">-</text>
                  <text x="212" y="1028">0xff</text>
                  <text x="204" y="1044">Payload:</text>
                  <text x="268" y="1044">{Code:</text>
                  <text x="316" y="1044">2.04</text>
                  <text x="380" y="1044">(Changed),</text>
                  <text x="280" y="1060">OSCORE:</text>
                  <text x="324" y="1060">-,</text>
                  <text x="272" y="1076">0xff,</text>
                  <text x="276" y="1092">{Code:</text>
                  <text x="324" y="1092">2.05</text>
                  <text x="388" y="1092">(Content),</text>
                  <text x="280" y="1108">0xff,</text>
                  <text x="272" y="1124">"0"</text>
                  <text x="256" y="1140">}</text>
                  <text x="292" y="1140">//</text>
                  <text x="344" y="1140">Encrypted</text>
                  <text x="404" y="1140">with</text>
                  <text x="456" y="1140">CTX_C_S</text>
                  <text x="248" y="1156">}</text>
                  <text x="268" y="1156">//</text>
                  <text x="320" y="1156">Encrypted</text>
                  <text x="380" y="1156">with</text>
                  <text x="432" y="1156">CTX_C_P</text>
                  <text x="32" y="1188">Decrypt</text>
                  <text x="20" y="1204">RESP</text>
                  <text x="60" y="1204">with</text>
                  <text x="32" y="1220">CTX_C_P</text>
                  <text x="32" y="1252">Decrypt</text>
                  <text x="20" y="1268">RESP</text>
                  <text x="60" y="1268">with</text>
                  <text x="32" y="1284">CTX_C_S</text>
                  <text x="28" y="1332">Square</text>
                  <text x="92" y="1332">brackets</text>
                  <text x="136" y="1332">[</text>
                  <text x="160" y="1332">...</text>
                  <text x="184" y="1332">]</text>
                  <text x="228" y="1332">indicate</text>
                  <text x="296" y="1332">content</text>
                  <text x="340" y="1332">of</text>
                  <text x="396" y="1332">compressed</text>
                  <text x="460" y="1332">COSE</text>
                  <text x="512" y="1332">object.</text>
                  <text x="24" y="1348">Curly</text>
                  <text x="84" y="1348">brackets</text>
                  <text x="128" y="1348">{</text>
                  <text x="152" y="1348">...</text>
                  <text x="176" y="1348">}</text>
                  <text x="220" y="1348">indicate</text>
                  <text x="296" y="1348">encrypted</text>
                  <text x="360" y="1348">data.</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art"><![CDATA[
Client  Proxy  Server
  |       |       |
Encrypt   |       |
REQ with  |       |
CTX_C_S   |       |
  |       |       |
Encrypt   |       |
REQ with  |       |
CTX_C_P   |       |
  |       |       |
  +------>|       |     Code: 0.02 (POST)
  | POST  |       |    Token: 0x8c
  |       |       |   OSCORE: [kid:0x20, Partial IV:31]
  |       |       |     0xff
  |       |       |  Payload: {Code: 0.02 (POST),
  |       |       |            Uri-Host: "example.com",
  |       |       |            OSCORE: [kid:0x5f, Partial IV:42],
  |       |       |            Proxy-Scheme: "coap",
  |       |       |            0xff,
  |       |       |            {Code: 0.01 (GET),
  |       |       |             Uri-Path: "alarm_status"
  |       |       |            }   // Encrypted with CTX_C_S
  |       |       |           } // Encrypted with CTX_C_P
  |       |       |
  |     Decrypt   |
  |     REQ with  |
  |     CTX_C_P   |
  |       |       |
  |       +------>|     Code: 0.02 (POST)
  |       | POST  |    Token: 0x7b
  |       |       | Uri-Host: "example.com"
  |       |       |   OSCORE: [kid:0x5f, Partial IV:42]
  |       |       |     0xff
  |       |       |  Payload: {
  |       |       |            Code: 0.01 (GET),
  |       |       |            Uri-Path: "alarm_status"
  |       |       |           } // Encrypted with CTX_C_S
  |       |       |
  |       |     Decrypt
  |       |     REQ with
  |       |     CTX_C_S
  |       |       |
  |       |     Encrypt
  |       |     RESP with
  |       |     CTX_C_S
  |       |       |
  |       |<------+     Code: 2.04 (Changed)
  |       |  2.04 |    Token: 0x7b
  |       |       |   OSCORE: -
  |       |       |     0xff
  |       |       |  Payload: {Code: 2.05 (Content),
  |       |       |            0xff,
  |       |       |            "0"
  |       |       |           } // Encrypted with CTX_C_S
  |       |       |
  |     Encrypt   |
  |     RESP with |
  |     CTX_C_P   |
  |       |       |
  |<------+       |     Code: 2.04 (Changed)
  |  2.04 |       |    Token: 0x8c
  |       |       |   OSCORE: -
  |       |       |     0xff
  |       |       |  Payload: {Code: 2.04 (Changed),
  |       |       |            OSCORE: -,
  |       |       |            0xff,
  |       |       |            {Code: 2.05 (Content),
  |       |       |             0xff,
  |       |       |             "0"
  |       |       |            }   // Encrypted with CTX_C_S
  |       |       |           } // Encrypted with CTX_C_P
  |       |       |
Decrypt   |       |
RESP with |       |
CTX_C_P   |       |
  |       |       |
Decrypt   |       |
RESP with |       |
CTX_C_S   |       |
  |       |       |

Square brackets [ ... ] indicate content of compressed COSE object.
Curly brackets { ... } indicate encrypted data.
]]></artwork>
          </artset>
        </figure>
      </section>
      <section anchor="with-forward-proxy-oscore-c-s-p-s">
        <name>With Forward-Proxy; OSCORE: C-S, P-S</name>
        <t>In the example shown in <xref target="fig-example-proxy-server"/>, message exchanges are protected with OSCORE as follows.</t>
        <ul spacing="normal">
          <li>
            <t>End-to-end between the client and the server, using the OSCORE Security Context CTX_C_S. The client uses the OSCORE Sender ID 0x5f when using OSCORE with the server.</t>
          </li>
          <li>
            <t>Between the proxy and the server, using the OSCORE Security Context CTX_P_S. The proxy uses the OSCORE Sender ID 0xd4 when using OSCORE with the server.</t>
          </li>
        </ul>
        <figure anchor="fig-example-proxy-server">
          <name>Use of OSCORE between Client-Server and Proxy-Server</name>
          <artset>
            <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="1344" width="560" viewBox="0 0 560 1344" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 24,104 L 24,1216" fill="none" stroke="black"/>
                <path d="M 24,1272 L 24,1280" fill="none" stroke="black"/>
                <path d="M 88,48 L 88,272" fill="none" stroke="black"/>
                <path d="M 88,328 L 88,1008" fill="none" stroke="black"/>
                <path d="M 88,1064 L 88,1280" fill="none" stroke="black"/>
                <path d="M 152,48 L 152,544" fill="none" stroke="black"/>
                <path d="M 152,600 L 152,608" fill="none" stroke="black"/>
                <path d="M 152,664 L 152,672" fill="none" stroke="black"/>
                <path d="M 152,728 L 152,736" fill="none" stroke="black"/>
                <path d="M 152,792 L 152,1280" fill="none" stroke="black"/>
                <path d="M 24,128 L 80,128" fill="none" stroke="black"/>
                <path d="M 88,352 L 144,352" fill="none" stroke="black"/>
                <path d="M 96,816 L 152,816" fill="none" stroke="black"/>
                <path d="M 32,1088 L 88,1088" fill="none" stroke="black"/>
                <polygon class="arrowhead" points="152,352 140,346.4 140,357.6" fill="black" transform="rotate(0,144,352)"/>
                <polygon class="arrowhead" points="104,816 92,810.4 92,821.6" fill="black" transform="rotate(180,96,816)"/>
                <polygon class="arrowhead" points="88,128 76,122.4 76,133.6" fill="black" transform="rotate(0,80,128)"/>
                <polygon class="arrowhead" points="40,1088 28,1082.4 28,1093.6" fill="black" transform="rotate(180,32,1088)"/>
                <g class="text">
                  <text x="28" y="36">Client</text>
                  <text x="88" y="36">Proxy</text>
                  <text x="148" y="36">Server</text>
                  <text x="24" y="52">|</text>
                  <text x="32" y="68">Encrypt</text>
                  <text x="16" y="84">REQ</text>
                  <text x="52" y="84">with</text>
                  <text x="32" y="100">CTX_C_S</text>
                  <text x="248" y="132">Code:</text>
                  <text x="292" y="132">0.02</text>
                  <text x="340" y="132">(POST)</text>
                  <text x="52" y="148">POST</text>
                  <text x="244" y="148">Token:</text>
                  <text x="292" y="148">0x8c</text>
                  <text x="232" y="164">Uri-Host:</text>
                  <text x="328" y="164">"example.com"</text>
                  <text x="240" y="180">OSCORE:</text>
                  <text x="316" y="180">[kid:0x5f,</text>
                  <text x="392" y="180">Partial</text>
                  <text x="452" y="180">IV:42]</text>
                  <text x="216" y="196">Proxy-Scheme:</text>
                  <text x="300" y="196">"coap"</text>
                  <text x="244" y="212">0xff</text>
                  <text x="236" y="228">Payload:</text>
                  <text x="300" y="228">{Code:</text>
                  <text x="348" y="228">0.01</text>
                  <text x="396" y="228">(GET),</text>
                  <text x="320" y="244">Uri-Path:</text>
                  <text x="420" y="244">"alarm_status"</text>
                  <text x="280" y="260">}</text>
                  <text x="300" y="260">//</text>
                  <text x="352" y="260">Encrypted</text>
                  <text x="412" y="260">with</text>
                  <text x="464" y="260">CTX_C_S</text>
                  <text x="96" y="292">Encrypt</text>
                  <text x="80" y="308">REQ</text>
                  <text x="116" y="308">with</text>
                  <text x="96" y="324">CTX_P_S</text>
                  <text x="248" y="356">Code:</text>
                  <text x="292" y="356">0.02</text>
                  <text x="340" y="356">(POST)</text>
                  <text x="116" y="372">POST</text>
                  <text x="244" y="372">Token:</text>
                  <text x="292" y="372">0x7b</text>
                  <text x="232" y="388">Uri-Host:</text>
                  <text x="328" y="388">"example.com"</text>
                  <text x="240" y="404">OSCORE:</text>
                  <text x="316" y="404">[kid:0xd4,</text>
                  <text x="392" y="404">Partial</text>
                  <text x="452" y="404">IV:31]</text>
                  <text x="244" y="420">0xff</text>
                  <text x="236" y="436">Payload:</text>
                  <text x="300" y="436">{Code:</text>
                  <text x="348" y="436">0.02</text>
                  <text x="400" y="436">(POST),</text>
                  <text x="312" y="452">OSCORE:</text>
                  <text x="388" y="452">[kid:0x5f,</text>
                  <text x="464" y="452">Partial</text>
                  <text x="528" y="452">IV:42],</text>
                  <text x="304" y="468">0xff,</text>
                  <text x="308" y="484">{Code:</text>
                  <text x="356" y="484">0.01</text>
                  <text x="404" y="484">(GET),</text>
                  <text x="328" y="500">Uri-Path:</text>
                  <text x="428" y="500">"alarm_status"</text>
                  <text x="288" y="516">}</text>
                  <text x="324" y="516">//</text>
                  <text x="376" y="516">Encrypted</text>
                  <text x="436" y="516">with</text>
                  <text x="488" y="516">CTX_C_S</text>
                  <text x="280" y="532">}</text>
                  <text x="300" y="532">//</text>
                  <text x="352" y="532">Encrypted</text>
                  <text x="412" y="532">with</text>
                  <text x="464" y="532">CTX_P_S</text>
                  <text x="160" y="564">Decrypt</text>
                  <text x="144" y="580">REQ</text>
                  <text x="180" y="580">with</text>
                  <text x="160" y="596">CTX_P_S</text>
                  <text x="160" y="628">Decrypt</text>
                  <text x="144" y="644">REQ</text>
                  <text x="180" y="644">with</text>
                  <text x="160" y="660">CTX_C_S</text>
                  <text x="160" y="692">Encrypt</text>
                  <text x="148" y="708">RESP</text>
                  <text x="188" y="708">with</text>
                  <text x="160" y="724">CTX_C_S</text>
                  <text x="160" y="756">Encrypt</text>
                  <text x="148" y="772">RESP</text>
                  <text x="188" y="772">with</text>
                  <text x="160" y="788">CTX_P_S</text>
                  <text x="248" y="820">Code:</text>
                  <text x="292" y="820">2.04</text>
                  <text x="352" y="820">(Changed)</text>
                  <text x="124" y="836">2.04</text>
                  <text x="244" y="836">Token:</text>
                  <text x="292" y="836">0x7b</text>
                  <text x="240" y="852">OSCORE:</text>
                  <text x="280" y="852">-</text>
                  <text x="244" y="868">0xff</text>
                  <text x="236" y="884">Payload:</text>
                  <text x="300" y="884">{Code:</text>
                  <text x="348" y="884">2.04</text>
                  <text x="412" y="884">(Changed),</text>
                  <text x="312" y="900">OSCORE:</text>
                  <text x="356" y="900">-,</text>
                  <text x="304" y="916">0xff,</text>
                  <text x="308" y="932">{Code:</text>
                  <text x="356" y="932">2.05</text>
                  <text x="420" y="932">(Content),</text>
                  <text x="312" y="948">0xff,</text>
                  <text x="304" y="964">"0"</text>
                  <text x="288" y="980">}</text>
                  <text x="324" y="980">//</text>
                  <text x="376" y="980">Encrypted</text>
                  <text x="436" y="980">with</text>
                  <text x="488" y="980">CTX_C_S</text>
                  <text x="280" y="996">}</text>
                  <text x="300" y="996">//</text>
                  <text x="352" y="996">Encrypted</text>
                  <text x="412" y="996">with</text>
                  <text x="464" y="996">CTX_P_S</text>
                  <text x="96" y="1028">Decrypt</text>
                  <text x="84" y="1044">RESP</text>
                  <text x="124" y="1044">with</text>
                  <text x="96" y="1060">CTX_P_S</text>
                  <text x="248" y="1092">Code:</text>
                  <text x="292" y="1092">2.04</text>
                  <text x="352" y="1092">(Changed)</text>
                  <text x="60" y="1108">2.04</text>
                  <text x="244" y="1108">Token:</text>
                  <text x="292" y="1108">0x8c</text>
                  <text x="240" y="1124">OSCORE:</text>
                  <text x="280" y="1124">-</text>
                  <text x="244" y="1140">0xff</text>
                  <text x="236" y="1156">Payload:</text>
                  <text x="300" y="1156">{Code:</text>
                  <text x="348" y="1156">2.05</text>
                  <text x="412" y="1156">(Content),</text>
                  <text x="304" y="1172">0xff,</text>
                  <text x="296" y="1188">"0"</text>
                  <text x="280" y="1204">}</text>
                  <text x="300" y="1204">//</text>
                  <text x="352" y="1204">Encrypted</text>
                  <text x="412" y="1204">with</text>
                  <text x="464" y="1204">CTX_C_S</text>
                  <text x="32" y="1236">Decrypt</text>
                  <text x="20" y="1252">RESP</text>
                  <text x="60" y="1252">with</text>
                  <text x="32" y="1268">CTX_C_S</text>
                  <text x="28" y="1316">Square</text>
                  <text x="92" y="1316">brackets</text>
                  <text x="136" y="1316">[</text>
                  <text x="160" y="1316">...</text>
                  <text x="184" y="1316">]</text>
                  <text x="228" y="1316">indicate</text>
                  <text x="296" y="1316">content</text>
                  <text x="340" y="1316">of</text>
                  <text x="396" y="1316">compressed</text>
                  <text x="460" y="1316">COSE</text>
                  <text x="512" y="1316">object.</text>
                  <text x="24" y="1332">Curly</text>
                  <text x="84" y="1332">brackets</text>
                  <text x="128" y="1332">{</text>
                  <text x="152" y="1332">...</text>
                  <text x="176" y="1332">}</text>
                  <text x="220" y="1332">indicate</text>
                  <text x="296" y="1332">encrypted</text>
                  <text x="360" y="1332">data.</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art"><![CDATA[
Client  Proxy  Server
  |       |       |
Encrypt   |       |
REQ with  |       |
CTX_C_S   |       |
  |       |       |
  +------>|       |         Code: 0.02 (POST)
  | POST  |       |        Token: 0x8c
  |       |       |     Uri-Host: "example.com"
  |       |       |       OSCORE: [kid:0x5f, Partial IV:42]
  |       |       | Proxy-Scheme: "coap"
  |       |       |         0xff
  |       |       |      Payload: {Code: 0.01 (GET),
  |       |       |                Uri-Path: "alarm_status"
  |       |       |               } // Encrypted with CTX_C_S
  |       |       |
  |     Encrypt   |
  |     REQ with  |
  |     CTX_P_S   |
  |       |       |
  |       +------>|         Code: 0.02 (POST)
  |       | POST  |        Token: 0x7b
  |       |       |     Uri-Host: "example.com"
  |       |       |       OSCORE: [kid:0xd4, Partial IV:31]
  |       |       |         0xff
  |       |       |      Payload: {Code: 0.02 (POST),
  |       |       |                OSCORE: [kid:0x5f, Partial IV:42],
  |       |       |                0xff,
  |       |       |                {Code: 0.01 (GET),
  |       |       |                 Uri-Path: "alarm_status"
  |       |       |                }   // Encrypted with CTX_C_S
  |       |       |               } // Encrypted with CTX_P_S
  |       |       |
  |       |     Decrypt
  |       |     REQ with
  |       |     CTX_P_S
  |       |       |
  |       |     Decrypt
  |       |     REQ with
  |       |     CTX_C_S
  |       |       |
  |       |     Encrypt
  |       |     RESP with
  |       |     CTX_C_S
  |       |       |
  |       |     Encrypt
  |       |     RESP with
  |       |     CTX_P_S
  |       |       |
  |       |<------+         Code: 2.04 (Changed)
  |       |  2.04 |        Token: 0x7b
  |       |       |       OSCORE: -
  |       |       |         0xff
  |       |       |      Payload: {Code: 2.04 (Changed),
  |       |       |                OSCORE: -,
  |       |       |                0xff,
  |       |       |                {Code: 2.05 (Content),
  |       |       |                 0xff,
  |       |       |                 "0"
  |       |       |                }   // Encrypted with CTX_C_S
  |       |       |               } // Encrypted with CTX_P_S
  |       |       |
  |     Decrypt   |
  |     RESP with |
  |     CTX_P_S   |
  |       |       |
  |<------+       |         Code: 2.04 (Changed)
  |  2.04 |       |        Token: 0x8c
  |       |       |       OSCORE: -
  |       |       |         0xff
  |       |       |      Payload: {Code: 2.05 (Content),
  |       |       |                0xff,
  |       |       |                "0"
  |       |       |               } // Encrypted with CTX_C_S
  |       |       |
Decrypt   |       |
RESP with |       |
CTX_C_S   |       |
  |       |       |

Square brackets [ ... ] indicate content of compressed COSE object.
Curly brackets { ... } indicate encrypted data.
]]></artwork>
          </artset>
        </figure>
      </section>
      <section anchor="with-forward-proxy-oscore-c-s-c-p-p-s">
        <name>With Forward-Proxy; OSCORE: C-S, C-P, P-S</name>
        <t>In the example shown in <xref target="fig-example-client-proxy-server"/>, message exchanges are protected with OSCORE as follows.</t>
        <ul spacing="normal">
          <li>
            <t>End-to-end between the client and the server, using the OSCORE Security Context CTX_C_S. The client uses the OSCORE Sender ID 0x5f when using OSCORE with the server.</t>
          </li>
          <li>
            <t>Between the client and the proxy, using the OSCORE Security Context CTX_C_P. The client uses the OSCORE Sender ID 0x20 when using OSCORE with the proxy.</t>
          </li>
          <li>
            <t>Between the proxy and the server, using the OSCORE Security Context CTX_P_S. The proxy uses the OSCORE Sender ID 0xd4 when using OSCORE with the server.</t>
          </li>
        </ul>
        <figure anchor="fig-example-client-proxy-server">
          <name>Use of OSCORE between Client-Server, Client-Proxy, and Proxy-Server</name>
          <artset>
            <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="1728" width="544" viewBox="0 0 544 1728" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 24,104 L 24,112" fill="none" stroke="black"/>
                <path d="M 24,168 L 24,1536" fill="none" stroke="black"/>
                <path d="M 24,1592 L 24,1600" fill="none" stroke="black"/>
                <path d="M 24,1656 L 24,1664" fill="none" stroke="black"/>
                <path d="M 88,48 L 88,400" fill="none" stroke="black"/>
                <path d="M 88,456 L 88,464" fill="none" stroke="black"/>
                <path d="M 88,520 L 88,1200" fill="none" stroke="black"/>
                <path d="M 88,1256 L 88,1264" fill="none" stroke="black"/>
                <path d="M 88,1320 L 88,1664" fill="none" stroke="black"/>
                <path d="M 152,48 L 152,736" fill="none" stroke="black"/>
                <path d="M 152,792 L 152,800" fill="none" stroke="black"/>
                <path d="M 152,856 L 152,864" fill="none" stroke="black"/>
                <path d="M 152,920 L 152,928" fill="none" stroke="black"/>
                <path d="M 152,984 L 152,1664" fill="none" stroke="black"/>
                <path d="M 24,192 L 80,192" fill="none" stroke="black"/>
                <path d="M 88,544 L 144,544" fill="none" stroke="black"/>
                <path d="M 96,1008 L 152,1008" fill="none" stroke="black"/>
                <path d="M 32,1344 L 88,1344" fill="none" stroke="black"/>
                <polygon class="arrowhead" points="152,544 140,538.4 140,549.6" fill="black" transform="rotate(0,144,544)"/>
                <polygon class="arrowhead" points="104,1008 92,1002.4 92,1013.6" fill="black" transform="rotate(180,96,1008)"/>
                <polygon class="arrowhead" points="88,192 76,186.4 76,197.6" fill="black" transform="rotate(0,80,192)"/>
                <polygon class="arrowhead" points="40,1344 28,1338.4 28,1349.6" fill="black" transform="rotate(180,32,1344)"/>
                <g class="text">
                  <text x="28" y="36">Client</text>
                  <text x="88" y="36">Proxy</text>
                  <text x="148" y="36">Server</text>
                  <text x="24" y="52">|</text>
                  <text x="32" y="68">Encrypt</text>
                  <text x="16" y="84">REQ</text>
                  <text x="52" y="84">with</text>
                  <text x="32" y="100">CTX_C_S</text>
                  <text x="32" y="132">Encrypt</text>
                  <text x="16" y="148">REQ</text>
                  <text x="52" y="148">with</text>
                  <text x="32" y="164">CTX_C_P</text>
                  <text x="216" y="196">Code:</text>
                  <text x="260" y="196">0.02</text>
                  <text x="308" y="196">(POST)</text>
                  <text x="52" y="212">POST</text>
                  <text x="212" y="212">Token:</text>
                  <text x="260" y="212">0x8c</text>
                  <text x="208" y="228">OSCORE:</text>
                  <text x="284" y="228">[kid:0x20,</text>
                  <text x="360" y="228">Partial</text>
                  <text x="420" y="228">IV:31]</text>
                  <text x="212" y="244">0xff</text>
                  <text x="204" y="260">Payload:</text>
                  <text x="268" y="260">{Code:</text>
                  <text x="316" y="260">0.02</text>
                  <text x="368" y="260">(POST),</text>
                  <text x="288" y="276">Uri-Host:</text>
                  <text x="388" y="276">"example.com",</text>
                  <text x="280" y="292">OSCORE:</text>
                  <text x="356" y="292">[kid:0x5f,</text>
                  <text x="432" y="292">Partial</text>
                  <text x="496" y="292">IV:42],</text>
                  <text x="304" y="308">Proxy-Scheme:</text>
                  <text x="392" y="308">"coap",</text>
                  <text x="272" y="324">0xff,</text>
                  <text x="276" y="340">{Code:</text>
                  <text x="324" y="340">0.01</text>
                  <text x="372" y="340">(GET),</text>
                  <text x="296" y="356">Uri-Path:</text>
                  <text x="396" y="356">"alarm_status"</text>
                  <text x="256" y="372">}</text>
                  <text x="292" y="372">//</text>
                  <text x="344" y="372">Encrypted</text>
                  <text x="404" y="372">with</text>
                  <text x="456" y="372">CTX_C_S</text>
                  <text x="248" y="388">}</text>
                  <text x="268" y="388">//</text>
                  <text x="320" y="388">Encrypted</text>
                  <text x="380" y="388">with</text>
                  <text x="432" y="388">CTX_C_P</text>
                  <text x="96" y="420">Decrypt</text>
                  <text x="80" y="436">REQ</text>
                  <text x="116" y="436">with</text>
                  <text x="96" y="452">CTX_C_P</text>
                  <text x="96" y="484">Encrypt</text>
                  <text x="80" y="500">REQ</text>
                  <text x="116" y="500">with</text>
                  <text x="96" y="516">CTX_P_S</text>
                  <text x="216" y="548">Code:</text>
                  <text x="260" y="548">0.02</text>
                  <text x="308" y="548">(POST)</text>
                  <text x="116" y="564">POST</text>
                  <text x="212" y="564">Token:</text>
                  <text x="260" y="564">0x7b</text>
                  <text x="200" y="580">Uri-Host:</text>
                  <text x="300" y="580">"example.com",</text>
                  <text x="208" y="596">OSCORE:</text>
                  <text x="284" y="596">[kid:0xd4,</text>
                  <text x="360" y="596">Partial</text>
                  <text x="420" y="596">IV:53]</text>
                  <text x="212" y="612">0xff</text>
                  <text x="204" y="628">Payload:</text>
                  <text x="268" y="628">{Code:</text>
                  <text x="316" y="628">0.02</text>
                  <text x="368" y="628">(POST),</text>
                  <text x="280" y="644">OSCORE:</text>
                  <text x="356" y="644">[kid:0x5f,</text>
                  <text x="432" y="644">Partial</text>
                  <text x="496" y="644">IV:42],</text>
                  <text x="272" y="660">0xff,</text>
                  <text x="276" y="676">{Code:</text>
                  <text x="324" y="676">0.01</text>
                  <text x="372" y="676">(GET),</text>
                  <text x="296" y="692">Uri-Path:</text>
                  <text x="396" y="692">"alarm_status"</text>
                  <text x="256" y="708">}</text>
                  <text x="292" y="708">//</text>
                  <text x="344" y="708">Encrypted</text>
                  <text x="404" y="708">with</text>
                  <text x="456" y="708">CTX_C_S</text>
                  <text x="248" y="724">}</text>
                  <text x="268" y="724">//</text>
                  <text x="320" y="724">Encrypted</text>
                  <text x="380" y="724">with</text>
                  <text x="432" y="724">CTX_P_S</text>
                  <text x="160" y="756">Decrypt</text>
                  <text x="144" y="772">REQ</text>
                  <text x="180" y="772">with</text>
                  <text x="160" y="788">CTX_P_S</text>
                  <text x="160" y="820">Decrypt</text>
                  <text x="144" y="836">REQ</text>
                  <text x="180" y="836">with</text>
                  <text x="160" y="852">CTX_C_S</text>
                  <text x="160" y="884">Encrypt</text>
                  <text x="148" y="900">RESP</text>
                  <text x="188" y="900">with</text>
                  <text x="160" y="916">CTX_C_S</text>
                  <text x="160" y="948">Encrypt</text>
                  <text x="148" y="964">RESP</text>
                  <text x="188" y="964">with</text>
                  <text x="160" y="980">CTX_P_S</text>
                  <text x="208" y="1012">Code:</text>
                  <text x="252" y="1012">2.04</text>
                  <text x="312" y="1012">(Changed)</text>
                  <text x="124" y="1028">2.04</text>
                  <text x="204" y="1028">Token:</text>
                  <text x="252" y="1028">0x7b</text>
                  <text x="200" y="1044">OSCORE:</text>
                  <text x="240" y="1044">-</text>
                  <text x="204" y="1060">0xff</text>
                  <text x="196" y="1076">Payload:</text>
                  <text x="260" y="1076">{Code:</text>
                  <text x="308" y="1076">2.04</text>
                  <text x="372" y="1076">(Changed),</text>
                  <text x="272" y="1092">OSCORE:</text>
                  <text x="316" y="1092">-,</text>
                  <text x="264" y="1108">0xff,</text>
                  <text x="268" y="1124">{Code:</text>
                  <text x="316" y="1124">2.05</text>
                  <text x="380" y="1124">(Content),</text>
                  <text x="272" y="1140">0xff,</text>
                  <text x="264" y="1156">"0"</text>
                  <text x="248" y="1172">}</text>
                  <text x="284" y="1172">//</text>
                  <text x="336" y="1172">Encrypted</text>
                  <text x="396" y="1172">with</text>
                  <text x="448" y="1172">CTX_C_S</text>
                  <text x="240" y="1188">}</text>
                  <text x="260" y="1188">//</text>
                  <text x="312" y="1188">Encrypted</text>
                  <text x="372" y="1188">with</text>
                  <text x="424" y="1188">CTX_P_S</text>
                  <text x="96" y="1220">Decrypt</text>
                  <text x="84" y="1236">RESP</text>
                  <text x="124" y="1236">with</text>
                  <text x="96" y="1252">CTX_P_S</text>
                  <text x="96" y="1284">Encrypt</text>
                  <text x="84" y="1300">RESP</text>
                  <text x="124" y="1300">with</text>
                  <text x="96" y="1316">CTX_C_P</text>
                  <text x="208" y="1348">Code:</text>
                  <text x="252" y="1348">2.04</text>
                  <text x="312" y="1348">(Changed)</text>
                  <text x="60" y="1364">2.04</text>
                  <text x="204" y="1364">Token:</text>
                  <text x="252" y="1364">0x8c</text>
                  <text x="200" y="1380">OSCORE:</text>
                  <text x="240" y="1380">-</text>
                  <text x="204" y="1396">0xff</text>
                  <text x="196" y="1412">Payload:</text>
                  <text x="260" y="1412">{Code:</text>
                  <text x="308" y="1412">2.04</text>
                  <text x="372" y="1412">(Changed),</text>
                  <text x="272" y="1428">OSCORE:</text>
                  <text x="316" y="1428">-,</text>
                  <text x="264" y="1444">0xff,</text>
                  <text x="268" y="1460">{Code:</text>
                  <text x="316" y="1460">2.05</text>
                  <text x="380" y="1460">(Content),</text>
                  <text x="272" y="1476">0xff,</text>
                  <text x="264" y="1492">"0"</text>
                  <text x="248" y="1508">}</text>
                  <text x="284" y="1508">//</text>
                  <text x="336" y="1508">Encrypted</text>
                  <text x="396" y="1508">with</text>
                  <text x="448" y="1508">CTX_C_S</text>
                  <text x="240" y="1524">}</text>
                  <text x="260" y="1524">//</text>
                  <text x="312" y="1524">Encrypted</text>
                  <text x="372" y="1524">with</text>
                  <text x="424" y="1524">CTX_C_P</text>
                  <text x="32" y="1556">Decrypt</text>
                  <text x="20" y="1572">RESP</text>
                  <text x="60" y="1572">with</text>
                  <text x="32" y="1588">CTX_C_P</text>
                  <text x="32" y="1620">Decrypt</text>
                  <text x="20" y="1636">RESP</text>
                  <text x="60" y="1636">with</text>
                  <text x="32" y="1652">CTX_C_S</text>
                  <text x="28" y="1700">Square</text>
                  <text x="92" y="1700">brackets</text>
                  <text x="136" y="1700">[</text>
                  <text x="160" y="1700">...</text>
                  <text x="184" y="1700">]</text>
                  <text x="228" y="1700">indicate</text>
                  <text x="296" y="1700">content</text>
                  <text x="340" y="1700">of</text>
                  <text x="396" y="1700">compressed</text>
                  <text x="460" y="1700">COSE</text>
                  <text x="512" y="1700">object.</text>
                  <text x="24" y="1716">Curly</text>
                  <text x="84" y="1716">brackets</text>
                  <text x="128" y="1716">{</text>
                  <text x="152" y="1716">...</text>
                  <text x="176" y="1716">}</text>
                  <text x="220" y="1716">indicate</text>
                  <text x="296" y="1716">encrypted</text>
                  <text x="360" y="1716">data.</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art"><![CDATA[
Client  Proxy  Server
  |       |       |
Encrypt   |       |
REQ with  |       |
CTX_C_S   |       |
  |       |       |
Encrypt   |       |
REQ with  |       |
CTX_C_P   |       |
  |       |       |
  +------>|       |     Code: 0.02 (POST)
  | POST  |       |    Token: 0x8c
  |       |       |   OSCORE: [kid:0x20, Partial IV:31]
  |       |       |     0xff
  |       |       |  Payload: {Code: 0.02 (POST),
  |       |       |            Uri-Host: "example.com",
  |       |       |            OSCORE: [kid:0x5f, Partial IV:42],
  |       |       |            Proxy-Scheme: "coap",
  |       |       |            0xff,
  |       |       |            {Code: 0.01 (GET),
  |       |       |             Uri-Path: "alarm_status"
  |       |       |            }   // Encrypted with CTX_C_S
  |       |       |           } // Encrypted with CTX_C_P
  |       |       |
  |     Decrypt   |
  |     REQ with  |
  |     CTX_C_P   |
  |       |       |
  |     Encrypt   |
  |     REQ with  |
  |     CTX_P_S   |
  |       |       |
  |       +------>|     Code: 0.02 (POST)
  |       | POST  |    Token: 0x7b
  |       |       | Uri-Host: "example.com",
  |       |       |   OSCORE: [kid:0xd4, Partial IV:53]
  |       |       |     0xff
  |       |       |  Payload: {Code: 0.02 (POST),
  |       |       |            OSCORE: [kid:0x5f, Partial IV:42],
  |       |       |            0xff,
  |       |       |            {Code: 0.01 (GET),
  |       |       |             Uri-Path: "alarm_status"
  |       |       |            }   // Encrypted with CTX_C_S
  |       |       |           } // Encrypted with CTX_P_S
  |       |       |
  |       |     Decrypt
  |       |     REQ with
  |       |     CTX_P_S
  |       |       |
  |       |     Decrypt
  |       |     REQ with
  |       |     CTX_C_S
  |       |       |
  |       |     Encrypt
  |       |     RESP with
  |       |     CTX_C_S
  |       |       |
  |       |     Encrypt
  |       |     RESP with
  |       |     CTX_P_S
  |       |       |
  |       |<------+    Code: 2.04 (Changed)
  |       |  2.04 |   Token: 0x7b
  |       |       |  OSCORE: -
  |       |       |    0xff
  |       |       | Payload: {Code: 2.04 (Changed),
  |       |       |           OSCORE: -,
  |       |       |           0xff,
  |       |       |           {Code: 2.05 (Content),
  |       |       |            0xff,
  |       |       |            "0"
  |       |       |           }   // Encrypted with CTX_C_S
  |       |       |          } // Encrypted with CTX_P_S
  |       |       |
  |     Decrypt   |
  |     RESP with |
  |     CTX_P_S   |
  |       |       |
  |     Encrypt   |
  |     RESP with |
  |     CTX_C_P   |
  |       |       |
  |<------+       |    Code: 2.04 (Changed)
  |  2.04 |       |   Token: 0x8c
  |       |       |  OSCORE: -
  |       |       |    0xff
  |       |       | Payload: {Code: 2.04 (Changed),
  |       |       |           OSCORE: -,
  |       |       |           0xff,
  |       |       |           {Code: 2.05 (Content),
  |       |       |            0xff,
  |       |       |            "0"
  |       |       |           }   // Encrypted with CTX_C_S
  |       |       |          } // Encrypted with CTX_C_P
  |       |       |
Decrypt   |       |
RESP with |       |
CTX_C_P   |       |
  |       |       |
Decrypt   |       |
RESP with |       |
CTX_C_S   |       |
  |       |       |

Square brackets [ ... ] indicate content of compressed COSE object.
Curly brackets { ... } indicate encrypted data.
]]></artwork>
          </artset>
        </figure>
      </section>
      <section anchor="sec-example-edhoc">
        <name>With Forward-Proxy and EDHOC; OSCORE: C-S, C-P</name>
        <t>In the example shown in <xref target="fig-example-edhoc"/>, message exchanges are protected as follows.</t>
        <ul spacing="normal">
          <li>
            <t>End-to-end, between the client and the server, using the OSCORE Security Context CTX_C_S. The client uses the OSCORE Sender ID 0x5f when using OSCORE with the server.</t>
          </li>
          <li>
            <t>Between the client and the proxy, using the OSCORE Security Context CTX_C_P. The client uses the OSCORE Sender ID 0x20 when using OSCORE with the proxy.</t>
          </li>
        </ul>
        <t>The example also shows how the client establishes the OSCORE Security Contexts CTX_C_P with the proxy and CTX_C_S with the server, by using the key exchange protocol EDHOC <xref target="RFC9528"/>.</t>
        <t>After a first phase where the OSCORE Security Contexts are established, the second phase consists in a protected message exchange equivalent to that shown in <xref target="sec-examples-1"/>.</t>
        <figure anchor="fig-example-edhoc">
          <name>Use of OSCORE between Client-Server and Proxy-Server, with OSCORE Security Contexts established through EDHOC</name>
          <artset>
            <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="3312" width="544" viewBox="0 0 544 3312" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 24,48 L 24,240" fill="none" stroke="black"/>
                <path d="M 24,280 L 24,496" fill="none" stroke="black"/>
                <path d="M 24,552 L 24,1248" fill="none" stroke="black"/>
                <path d="M 24,1304 L 24,1312" fill="none" stroke="black"/>
                <path d="M 24,1352 L 24,1360" fill="none" stroke="black"/>
                <path d="M 24,1416 L 24,1968" fill="none" stroke="black"/>
                <path d="M 24,2024 L 24,2032" fill="none" stroke="black"/>
                <path d="M 24,2088 L 24,3072" fill="none" stroke="black"/>
                <path d="M 24,3128 L 24,3136" fill="none" stroke="black"/>
                <path d="M 24,3192 L 24,3200" fill="none" stroke="black"/>
                <path d="M 88,48 L 88,400" fill="none" stroke="black"/>
                <path d="M 88,440 L 88,768" fill="none" stroke="black"/>
                <path d="M 88,824 L 88,1040" fill="none" stroke="black"/>
                <path d="M 88,1096 L 88,1632" fill="none" stroke="black"/>
                <path d="M 88,1688 L 88,2320" fill="none" stroke="black"/>
                <path d="M 88,2376 L 88,2800" fill="none" stroke="black"/>
                <path d="M 88,2856 L 88,3200" fill="none" stroke="black"/>
                <path d="M 152,48 L 152,1824" fill="none" stroke="black"/>
                <path d="M 152,1864 L 152,2528" fill="none" stroke="black"/>
                <path d="M 152,2584 L 152,2592" fill="none" stroke="black"/>
                <path d="M 152,2648 L 152,3200" fill="none" stroke="black"/>
                <path d="M 24,64 L 80,64" fill="none" stroke="black"/>
                <path d="M 32,176 L 88,176" fill="none" stroke="black"/>
                <path d="M 24,304 L 80,304" fill="none" stroke="black"/>
                <path d="M 32,464 L 88,464" fill="none" stroke="black"/>
                <path d="M 24,576 L 80,576" fill="none" stroke="black"/>
                <path d="M 88,848 L 144,848" fill="none" stroke="black"/>
                <path d="M 96,976 L 152,976" fill="none" stroke="black"/>
                <path d="M 32,1120 L 88,1120" fill="none" stroke="black"/>
                <path d="M 24,1440 L 80,1440" fill="none" stroke="black"/>
                <path d="M 88,1712 L 144,1712" fill="none" stroke="black"/>
                <path d="M 96,1888 L 152,1888" fill="none" stroke="black"/>
                <path d="M 32,1936 L 88,1936" fill="none" stroke="black"/>
                <path d="M 24,2112 L 80,2112" fill="none" stroke="black"/>
                <path d="M 88,2400 L 144,2400" fill="none" stroke="black"/>
                <path d="M 96,2672 L 152,2672" fill="none" stroke="black"/>
                <path d="M 32,2880 L 88,2880" fill="none" stroke="black"/>
                <polygon class="arrowhead" points="152,2400 140,2394.4 140,2405.6" fill="black" transform="rotate(0,144,2400)"/>
                <polygon class="arrowhead" points="152,1712 140,1706.4 140,1717.6" fill="black" transform="rotate(0,144,1712)"/>
                <polygon class="arrowhead" points="152,848 140,842.4 140,853.6" fill="black" transform="rotate(0,144,848)"/>
                <polygon class="arrowhead" points="104,2672 92,2666.4 92,2677.6" fill="black" transform="rotate(180,96,2672)"/>
                <polygon class="arrowhead" points="104,1888 92,1882.4 92,1893.6" fill="black" transform="rotate(180,96,1888)"/>
                <polygon class="arrowhead" points="104,976 92,970.4 92,981.6" fill="black" transform="rotate(180,96,976)"/>
                <polygon class="arrowhead" points="88,2112 76,2106.4 76,2117.6" fill="black" transform="rotate(0,80,2112)"/>
                <polygon class="arrowhead" points="88,1440 76,1434.4 76,1445.6" fill="black" transform="rotate(0,80,1440)"/>
                <polygon class="arrowhead" points="88,576 76,570.4 76,581.6" fill="black" transform="rotate(0,80,576)"/>
                <polygon class="arrowhead" points="88,304 76,298.4 76,309.6" fill="black" transform="rotate(0,80,304)"/>
                <polygon class="arrowhead" points="88,64 76,58.4 76,69.6" fill="black" transform="rotate(0,80,64)"/>
                <polygon class="arrowhead" points="40,2880 28,2874.4 28,2885.6" fill="black" transform="rotate(180,32,2880)"/>
                <polygon class="arrowhead" points="40,1936 28,1930.4 28,1941.6" fill="black" transform="rotate(180,32,1936)"/>
                <polygon class="arrowhead" points="40,1120 28,1114.4 28,1125.6" fill="black" transform="rotate(180,32,1120)"/>
                <polygon class="arrowhead" points="40,464 28,458.4 28,469.6" fill="black" transform="rotate(180,32,464)"/>
                <polygon class="arrowhead" points="40,176 28,170.4 28,181.6" fill="black" transform="rotate(180,32,176)"/>
                <g class="text">
                  <text x="28" y="36">Client</text>
                  <text x="88" y="36">Proxy</text>
                  <text x="148" y="36">Server</text>
                  <text x="216" y="68">Code:</text>
                  <text x="260" y="68">0.02</text>
                  <text x="308" y="68">(POST)</text>
                  <text x="52" y="84">POST</text>
                  <text x="212" y="84">Token:</text>
                  <text x="260" y="84">0xf3</text>
                  <text x="200" y="100">Uri-Path:</text>
                  <text x="296" y="100">".well-known"</text>
                  <text x="200" y="116">Uri-Path:</text>
                  <text x="272" y="116">"edhoc"</text>
                  <text x="212" y="132">0xff</text>
                  <text x="204" y="148">Payload:</text>
                  <text x="268" y="148">(true,</text>
                  <text x="320" y="148">EDHOC</text>
                  <text x="388" y="148">message_1)</text>
                  <text x="216" y="180">Code:</text>
                  <text x="260" y="180">2.04</text>
                  <text x="320" y="180">(Changed)</text>
                  <text x="60" y="196">2.04</text>
                  <text x="212" y="196">Token:</text>
                  <text x="260" y="196">0xf3</text>
                  <text x="212" y="212">0xff</text>
                  <text x="204" y="228">Payload:</text>
                  <text x="264" y="228">EDHOC</text>
                  <text x="328" y="228">message_2</text>
                  <text x="40" y="260">Establish</text>
                  <text x="32" y="276">CTX_C_P</text>
                  <text x="216" y="308">Code:</text>
                  <text x="260" y="308">0.02</text>
                  <text x="308" y="308">(POST)</text>
                  <text x="52" y="324">POST</text>
                  <text x="212" y="324">Token:</text>
                  <text x="260" y="324">0x82</text>
                  <text x="200" y="340">Uri-Path:</text>
                  <text x="296" y="340">".well-known"</text>
                  <text x="200" y="356">Uri-Path:</text>
                  <text x="272" y="356">"edhoc"</text>
                  <text x="212" y="372">0xff</text>
                  <text x="204" y="388">Payload:</text>
                  <text x="264" y="388">(C_R,</text>
                  <text x="312" y="388">EDHOC</text>
                  <text x="380" y="388">message_3)</text>
                  <text x="104" y="420">Establish</text>
                  <text x="96" y="436">CTX_C_P</text>
                  <text x="56" y="484">ACK</text>
                  <text x="32" y="516">Encrypt</text>
                  <text x="16" y="532">REQ</text>
                  <text x="52" y="532">with</text>
                  <text x="32" y="548">CTX_C_P</text>
                  <text x="216" y="580">Code:</text>
                  <text x="260" y="580">0.02</text>
                  <text x="308" y="580">(POST)</text>
                  <text x="52" y="596">POST</text>
                  <text x="212" y="596">Token:</text>
                  <text x="260" y="596">0xbe</text>
                  <text x="208" y="612">OSCORE:</text>
                  <text x="284" y="612">[kid:0x20,</text>
                  <text x="360" y="612">Partial</text>
                  <text x="416" y="612">IV:0]</text>
                  <text x="212" y="628">0xff</text>
                  <text x="204" y="644">Payload:</text>
                  <text x="268" y="644">{Code:</text>
                  <text x="316" y="644">0.02</text>
                  <text x="368" y="644">(POST),</text>
                  <text x="288" y="660">Uri-Host:</text>
                  <text x="388" y="660">"example.com",</text>
                  <text x="288" y="676">Uri-Path:</text>
                  <text x="388" y="676">".well-known",</text>
                  <text x="288" y="692">Uri-Path:</text>
                  <text x="364" y="692">"edhoc",</text>
                  <text x="304" y="708">Proxy-Scheme:</text>
                  <text x="392" y="708">"coap",</text>
                  <text x="272" y="724">0xff,</text>
                  <text x="276" y="740">(true,</text>
                  <text x="328" y="740">EDHOC</text>
                  <text x="396" y="740">message_1)</text>
                  <text x="248" y="756">}</text>
                  <text x="268" y="756">//</text>
                  <text x="320" y="756">Encrypted</text>
                  <text x="380" y="756">with</text>
                  <text x="432" y="756">CTX_C_P</text>
                  <text x="96" y="788">Decrypt</text>
                  <text x="80" y="804">REQ</text>
                  <text x="116" y="804">with</text>
                  <text x="96" y="820">CTX_C_P</text>
                  <text x="216" y="852">Code:</text>
                  <text x="260" y="852">0.02</text>
                  <text x="308" y="852">(POST)</text>
                  <text x="116" y="868">POST</text>
                  <text x="212" y="868">Token:</text>
                  <text x="260" y="868">0xa5</text>
                  <text x="200" y="884">Uri-Host:</text>
                  <text x="300" y="884">"example.com",</text>
                  <text x="200" y="900">Uri-Path:</text>
                  <text x="296" y="900">".well-known"</text>
                  <text x="200" y="916">Uri-Path:</text>
                  <text x="272" y="916">"edhoc"</text>
                  <text x="212" y="932">0xff</text>
                  <text x="204" y="948">Payload:</text>
                  <text x="268" y="948">(true,</text>
                  <text x="320" y="948">EDHOC</text>
                  <text x="388" y="948">message_1)</text>
                  <text x="216" y="980">Code:</text>
                  <text x="260" y="980">2.04</text>
                  <text x="320" y="980">(Changed)</text>
                  <text x="124" y="996">2.04</text>
                  <text x="212" y="996">Token:</text>
                  <text x="260" y="996">0xa5</text>
                  <text x="212" y="1012">0xff</text>
                  <text x="204" y="1028">Payload:</text>
                  <text x="264" y="1028">EDHOC</text>
                  <text x="328" y="1028">message_2</text>
                  <text x="96" y="1060">Encrypt</text>
                  <text x="84" y="1076">RESP</text>
                  <text x="124" y="1076">with</text>
                  <text x="96" y="1092">CTX_C_P</text>
                  <text x="216" y="1124">Code:</text>
                  <text x="260" y="1124">2.04</text>
                  <text x="320" y="1124">(Changed)</text>
                  <text x="60" y="1140">2.04</text>
                  <text x="212" y="1140">Token:</text>
                  <text x="260" y="1140">0xbe</text>
                  <text x="208" y="1156">OSCORE:</text>
                  <text x="248" y="1156">-</text>
                  <text x="212" y="1172">0xff</text>
                  <text x="204" y="1188">Payload:</text>
                  <text x="268" y="1188">{Code:</text>
                  <text x="316" y="1188">2.04</text>
                  <text x="380" y="1188">(Changed),</text>
                  <text x="272" y="1204">0xff,</text>
                  <text x="272" y="1220">EDHOC</text>
                  <text x="336" y="1220">message_2</text>
                  <text x="248" y="1236">}</text>
                  <text x="268" y="1236">//</text>
                  <text x="320" y="1236">Encrypted</text>
                  <text x="380" y="1236">with</text>
                  <text x="432" y="1236">CTX_C_P</text>
                  <text x="32" y="1268">Decrypt</text>
                  <text x="20" y="1284">RESP</text>
                  <text x="60" y="1284">with</text>
                  <text x="32" y="1300">CTX_C_P</text>
                  <text x="40" y="1332">Establish</text>
                  <text x="32" y="1348">CTX_C_S</text>
                  <text x="32" y="1380">Encrypt</text>
                  <text x="16" y="1396">REQ</text>
                  <text x="52" y="1396">with</text>
                  <text x="32" y="1412">CTX_C_P</text>
                  <text x="216" y="1444">Code:</text>
                  <text x="260" y="1444">0.02</text>
                  <text x="308" y="1444">(POST)</text>
                  <text x="52" y="1460">POST</text>
                  <text x="212" y="1460">Token:</text>
                  <text x="260" y="1460">0xb9</text>
                  <text x="208" y="1476">OSCORE:</text>
                  <text x="284" y="1476">[kid:0x20,</text>
                  <text x="360" y="1476">Partial</text>
                  <text x="416" y="1476">IV:1]</text>
                  <text x="212" y="1492">0xff</text>
                  <text x="204" y="1508">Payload:</text>
                  <text x="268" y="1508">{Code:</text>
                  <text x="316" y="1508">0.02</text>
                  <text x="368" y="1508">(POST),</text>
                  <text x="288" y="1524">Uri-Host:</text>
                  <text x="388" y="1524">"example.com",</text>
                  <text x="288" y="1540">Uri-Path:</text>
                  <text x="388" y="1540">".well-known",</text>
                  <text x="288" y="1556">Uri-Path:</text>
                  <text x="364" y="1556">"edhoc",</text>
                  <text x="304" y="1572">Proxy-Scheme:</text>
                  <text x="392" y="1572">"coap",</text>
                  <text x="272" y="1588">0xff,</text>
                  <text x="272" y="1604">(C_R,</text>
                  <text x="320" y="1604">EDHOC</text>
                  <text x="388" y="1604">message_3)</text>
                  <text x="248" y="1620">}</text>
                  <text x="292" y="1620">//</text>
                  <text x="344" y="1620">Encrypted</text>
                  <text x="404" y="1620">with</text>
                  <text x="456" y="1620">CTX_C_P</text>
                  <text x="96" y="1652">Decrypt</text>
                  <text x="80" y="1668">REQ</text>
                  <text x="116" y="1668">with</text>
                  <text x="96" y="1684">CTX_C_P</text>
                  <text x="216" y="1716">Code:</text>
                  <text x="260" y="1716">0.02</text>
                  <text x="308" y="1716">(POST)</text>
                  <text x="116" y="1732">POST</text>
                  <text x="212" y="1732">Token:</text>
                  <text x="260" y="1732">0xdd</text>
                  <text x="200" y="1748">Uri-Host:</text>
                  <text x="300" y="1748">"example.com",</text>
                  <text x="200" y="1764">Uri-Path:</text>
                  <text x="296" y="1764">".well-known"</text>
                  <text x="200" y="1780">Uri-Path:</text>
                  <text x="272" y="1780">"edhoc"</text>
                  <text x="212" y="1796">0xff</text>
                  <text x="204" y="1812">Payload:</text>
                  <text x="264" y="1812">(C_R,</text>
                  <text x="312" y="1812">EDHOC</text>
                  <text x="380" y="1812">message_3)</text>
                  <text x="168" y="1844">Establish</text>
                  <text x="160" y="1860">CTX_C_S</text>
                  <text x="120" y="1908">ACK</text>
                  <text x="56" y="1956">ACK</text>
                  <text x="32" y="1988">Encrypt</text>
                  <text x="16" y="2004">REQ</text>
                  <text x="52" y="2004">with</text>
                  <text x="32" y="2020">CTX_C_S</text>
                  <text x="32" y="2052">Encrypt</text>
                  <text x="16" y="2068">REQ</text>
                  <text x="52" y="2068">with</text>
                  <text x="32" y="2084">CTX_C_P</text>
                  <text x="216" y="2116">Code:</text>
                  <text x="260" y="2116">0.02</text>
                  <text x="308" y="2116">(POST)</text>
                  <text x="52" y="2132">POST</text>
                  <text x="212" y="2132">Token:</text>
                  <text x="260" y="2132">0x8c</text>
                  <text x="208" y="2148">OSCORE:</text>
                  <text x="284" y="2148">[kid:0x20,</text>
                  <text x="360" y="2148">Partial</text>
                  <text x="416" y="2148">IV:2]</text>
                  <text x="212" y="2164">0xff</text>
                  <text x="204" y="2180">Payload:</text>
                  <text x="268" y="2180">{Code:</text>
                  <text x="316" y="2180">0.02</text>
                  <text x="368" y="2180">(POST),</text>
                  <text x="288" y="2196">Uri-Host:</text>
                  <text x="388" y="2196">"example.com",</text>
                  <text x="280" y="2212">OSCORE:</text>
                  <text x="356" y="2212">[kid:0x5f,</text>
                  <text x="432" y="2212">Partial</text>
                  <text x="492" y="2212">IV:0],</text>
                  <text x="304" y="2228">Proxy-Scheme:</text>
                  <text x="392" y="2228">"coap",</text>
                  <text x="272" y="2244">0xff,</text>
                  <text x="276" y="2260">{Code:</text>
                  <text x="324" y="2260">0.01</text>
                  <text x="372" y="2260">(GET),</text>
                  <text x="296" y="2276">Uri-Path:</text>
                  <text x="396" y="2276">"alarm_status"</text>
                  <text x="256" y="2292">}</text>
                  <text x="292" y="2292">//</text>
                  <text x="344" y="2292">Encrypted</text>
                  <text x="404" y="2292">with</text>
                  <text x="456" y="2292">CTX_C_S</text>
                  <text x="248" y="2308">}</text>
                  <text x="268" y="2308">//</text>
                  <text x="320" y="2308">Encrypted</text>
                  <text x="380" y="2308">with</text>
                  <text x="432" y="2308">CTX_C_P</text>
                  <text x="96" y="2340">Decrypt</text>
                  <text x="80" y="2356">REQ</text>
                  <text x="116" y="2356">with</text>
                  <text x="96" y="2372">CTX_C_P</text>
                  <text x="216" y="2404">Code:</text>
                  <text x="260" y="2404">0.02</text>
                  <text x="308" y="2404">(POST)</text>
                  <text x="116" y="2420">POST</text>
                  <text x="212" y="2420">Token:</text>
                  <text x="260" y="2420">0x7b</text>
                  <text x="200" y="2436">Uri-Host:</text>
                  <text x="300" y="2436">"example.com",</text>
                  <text x="208" y="2452">OSCORE:</text>
                  <text x="284" y="2452">[kid:0x5f,</text>
                  <text x="360" y="2452">Partial</text>
                  <text x="416" y="2452">IV:0]</text>
                  <text x="212" y="2468">0xff</text>
                  <text x="204" y="2484">Payload:</text>
                  <text x="268" y="2484">{Code:</text>
                  <text x="316" y="2484">0.01</text>
                  <text x="364" y="2484">(GET),</text>
                  <text x="288" y="2500">Uri-Path:</text>
                  <text x="388" y="2500">"alarm_status"</text>
                  <text x="248" y="2516">}</text>
                  <text x="268" y="2516">//</text>
                  <text x="320" y="2516">Encrypted</text>
                  <text x="380" y="2516">with</text>
                  <text x="432" y="2516">CTX_C_S</text>
                  <text x="160" y="2548">Decrypt</text>
                  <text x="144" y="2564">REQ</text>
                  <text x="180" y="2564">with</text>
                  <text x="160" y="2580">CTX_C_S</text>
                  <text x="160" y="2612">Encrypt</text>
                  <text x="148" y="2628">RESP</text>
                  <text x="188" y="2628">with</text>
                  <text x="160" y="2644">CTX_C_S</text>
                  <text x="216" y="2676">Code:</text>
                  <text x="260" y="2676">2.04</text>
                  <text x="320" y="2676">(Changed)</text>
                  <text x="124" y="2692">2.04</text>
                  <text x="212" y="2692">Token:</text>
                  <text x="260" y="2692">0x7b</text>
                  <text x="208" y="2708">OSCORE:</text>
                  <text x="248" y="2708">-</text>
                  <text x="212" y="2724">0xff</text>
                  <text x="204" y="2740">Payload:</text>
                  <text x="268" y="2740">{Code:</text>
                  <text x="316" y="2740">2.05</text>
                  <text x="380" y="2740">(Content),</text>
                  <text x="272" y="2756">0xff,</text>
                  <text x="264" y="2772">"0"</text>
                  <text x="248" y="2788">}</text>
                  <text x="268" y="2788">//</text>
                  <text x="320" y="2788">Encrypted</text>
                  <text x="380" y="2788">with</text>
                  <text x="432" y="2788">CTX_C_S</text>
                  <text x="96" y="2820">Encrypt</text>
                  <text x="84" y="2836">RESP</text>
                  <text x="124" y="2836">with</text>
                  <text x="96" y="2852">CTX_C_P</text>
                  <text x="216" y="2884">Code:</text>
                  <text x="260" y="2884">2.04</text>
                  <text x="320" y="2884">(Changed)</text>
                  <text x="60" y="2900">2.04</text>
                  <text x="212" y="2900">Token:</text>
                  <text x="260" y="2900">0x8c</text>
                  <text x="208" y="2916">OSCORE:</text>
                  <text x="248" y="2916">-</text>
                  <text x="212" y="2932">0xff</text>
                  <text x="204" y="2948">Payload:</text>
                  <text x="268" y="2948">{Code:</text>
                  <text x="316" y="2948">2.04</text>
                  <text x="380" y="2948">(Changed),</text>
                  <text x="280" y="2964">OSCORE:</text>
                  <text x="324" y="2964">-,</text>
                  <text x="272" y="2980">0xff,</text>
                  <text x="276" y="2996">{Code:</text>
                  <text x="324" y="2996">2.05</text>
                  <text x="388" y="2996">(Content),</text>
                  <text x="280" y="3012">0xff,</text>
                  <text x="272" y="3028">"0"</text>
                  <text x="256" y="3044">}</text>
                  <text x="292" y="3044">//</text>
                  <text x="344" y="3044">Encrypted</text>
                  <text x="404" y="3044">with</text>
                  <text x="456" y="3044">CTX_C_S</text>
                  <text x="248" y="3060">}</text>
                  <text x="268" y="3060">//</text>
                  <text x="320" y="3060">Encrypted</text>
                  <text x="380" y="3060">with</text>
                  <text x="432" y="3060">CTX_C_P</text>
                  <text x="32" y="3092">Decrypt</text>
                  <text x="20" y="3108">RESP</text>
                  <text x="60" y="3108">with</text>
                  <text x="32" y="3124">CTX_C_P</text>
                  <text x="32" y="3156">Decrypt</text>
                  <text x="20" y="3172">RESP</text>
                  <text x="60" y="3172">with</text>
                  <text x="32" y="3188">CTX_C_S</text>
                  <text x="28" y="3236">Square</text>
                  <text x="92" y="3236">brackets</text>
                  <text x="136" y="3236">[</text>
                  <text x="160" y="3236">...</text>
                  <text x="184" y="3236">]</text>
                  <text x="228" y="3236">indicate</text>
                  <text x="296" y="3236">content</text>
                  <text x="340" y="3236">of</text>
                  <text x="396" y="3236">compressed</text>
                  <text x="460" y="3236">COSE</text>
                  <text x="512" y="3236">object.</text>
                  <text x="24" y="3252">Curly</text>
                  <text x="84" y="3252">brackets</text>
                  <text x="128" y="3252">{</text>
                  <text x="152" y="3252">...</text>
                  <text x="176" y="3252">}</text>
                  <text x="220" y="3252">indicate</text>
                  <text x="296" y="3252">encrypted</text>
                  <text x="360" y="3252">data.</text>
                  <text x="16" y="3284">(A,</text>
                  <text x="44" y="3284">B)</text>
                  <text x="96" y="3284">indicates</text>
                  <text x="144" y="3284">a</text>
                  <text x="172" y="3284">CBOR</text>
                  <text x="228" y="3284">sequence</text>
                  <text x="304" y="3284">[RFC8742]</text>
                  <text x="68" y="3300">of</text>
                  <text x="96" y="3300">two</text>
                  <text x="132" y="3300">CBOR</text>
                  <text x="172" y="3300">data</text>
                  <text x="216" y="3300">items</text>
                  <text x="248" y="3300">A</text>
                  <text x="272" y="3300">and</text>
                  <text x="300" y="3300">B.</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art"><![CDATA[
Client  Proxy  Server
  |       |       |
  +------>|       |     Code: 0.02 (POST)
  | POST  |       |    Token: 0xf3
  |       |       | Uri-Path: ".well-known"
  |       |       | Uri-Path: "edhoc"
  |       |       |     0xff
  |       |       |  Payload: (true, EDHOC message_1)
  |       |       |
  |<------+       |     Code: 2.04 (Changed)
  |  2.04 |       |    Token: 0xf3
  |       |       |     0xff
  |       |       |  Payload: EDHOC message_2
  |       |       |
Establish |       |
CTX_C_P   |       |
  |       |       |
  +------>|       |     Code: 0.02 (POST)
  | POST  |       |    Token: 0x82
  |       |       | Uri-Path: ".well-known"
  |       |       | Uri-Path: "edhoc"
  |       |       |     0xff
  |       |       |  Payload: (C_R, EDHOC message_3)
  |       |       |
  |     Establish |
  |     CTX_C_P   |
  |       |       |
  |<------+       |
  |  ACK  |       |
  |       |       |
Encrypt   |       |
REQ with  |       |
CTX_C_P   |       |
  |       |       |
  +------>|       |     Code: 0.02 (POST)
  | POST  |       |    Token: 0xbe
  |       |       |   OSCORE: [kid:0x20, Partial IV:0]
  |       |       |     0xff
  |       |       |  Payload: {Code: 0.02 (POST),
  |       |       |            Uri-Host: "example.com",
  |       |       |            Uri-Path: ".well-known",
  |       |       |            Uri-Path: "edhoc",
  |       |       |            Proxy-Scheme: "coap",
  |       |       |            0xff,
  |       |       |            (true, EDHOC message_1)
  |       |       |           } // Encrypted with CTX_C_P
  |       |       |
  |     Decrypt   |
  |     REQ with  |
  |     CTX_C_P   |
  |       |       |
  |       +------>|     Code: 0.02 (POST)
  |       | POST  |    Token: 0xa5
  |       |       | Uri-Host: "example.com",
  |       |       | Uri-Path: ".well-known"
  |       |       | Uri-Path: "edhoc"
  |       |       |     0xff
  |       |       |  Payload: (true, EDHOC message_1)
  |       |       |
  |       |<------+     Code: 2.04 (Changed)
  |       |  2.04 |    Token: 0xa5
  |       |       |     0xff
  |       |       |  Payload: EDHOC message_2
  |       |       |
  |     Encrypt   |
  |     RESP with |
  |     CTX_C_P   |
  |       |       |
  |<------+       |     Code: 2.04 (Changed)
  |  2.04 |       |    Token: 0xbe
  |       |       |   OSCORE: -
  |       |       |     0xff
  |       |       |  Payload: {Code: 2.04 (Changed),
  |       |       |            0xff,
  |       |       |            EDHOC message_2
  |       |       |           } // Encrypted with CTX_C_P
  |       |       |
Decrypt   |       |
RESP with |       |
CTX_C_P   |       |
  |       |       |
Establish |       |
CTX_C_S   |       |
  |       |       |
Encrypt   |       |
REQ with  |       |
CTX_C_P   |       |
  |       |       |
  +------>|       |     Code: 0.02 (POST)
  | POST  |       |    Token: 0xb9
  |       |       |   OSCORE: [kid:0x20, Partial IV:1]
  |       |       |     0xff
  |       |       |  Payload: {Code: 0.02 (POST),
  |       |       |            Uri-Host: "example.com",
  |       |       |            Uri-Path: ".well-known",
  |       |       |            Uri-Path: "edhoc",
  |       |       |            Proxy-Scheme: "coap",
  |       |       |            0xff,
  |       |       |            (C_R, EDHOC message_3)
  |       |       |           }    // Encrypted with CTX_C_P
  |       |       |
  |     Decrypt   |
  |     REQ with  |
  |     CTX_C_P   |
  |       |       |
  |       +------>|     Code: 0.02 (POST)
  |       | POST  |    Token: 0xdd
  |       |       | Uri-Host: "example.com",
  |       |       | Uri-Path: ".well-known"
  |       |       | Uri-Path: "edhoc"
  |       |       |     0xff
  |       |       |  Payload: (C_R, EDHOC message_3)
  |       |       |
  |       |     Establish
  |       |     CTX_C_S
  |       |       |
  |       |<------+
  |       |  ACK  |
  |       |       |
  |<------+       |
  |  ACK  |       |
  |       |       |
Encrypt   |       |
REQ with  |       |
CTX_C_S   |       |
  |       |       |
Encrypt   |       |
REQ with  |       |
CTX_C_P   |       |
  |       |       |
  +------>|       |     Code: 0.02 (POST)
  | POST  |       |    Token: 0x8c
  |       |       |   OSCORE: [kid:0x20, Partial IV:2]
  |       |       |     0xff
  |       |       |  Payload: {Code: 0.02 (POST),
  |       |       |            Uri-Host: "example.com",
  |       |       |            OSCORE: [kid:0x5f, Partial IV:0],
  |       |       |            Proxy-Scheme: "coap",
  |       |       |            0xff,
  |       |       |            {Code: 0.01 (GET),
  |       |       |             Uri-Path: "alarm_status"
  |       |       |            }   // Encrypted with CTX_C_S
  |       |       |           } // Encrypted with CTX_C_P
  |       |       |
  |     Decrypt   |
  |     REQ with  |
  |     CTX_C_P   |
  |       |       |
  |       +------>|     Code: 0.02 (POST)
  |       | POST  |    Token: 0x7b
  |       |       | Uri-Host: "example.com",
  |       |       |   OSCORE: [kid:0x5f, Partial IV:0]
  |       |       |     0xff
  |       |       |  Payload: {Code: 0.01 (GET),
  |       |       |            Uri-Path: "alarm_status"
  |       |       |           } // Encrypted with CTX_C_S
  |       |       |
  |       |     Decrypt
  |       |     REQ with
  |       |     CTX_C_S
  |       |       |
  |       |     Encrypt
  |       |     RESP with
  |       |     CTX_C_S
  |       |       |
  |       |<------+     Code: 2.04 (Changed)
  |       |  2.04 |    Token: 0x7b
  |       |       |   OSCORE: -
  |       |       |     0xff
  |       |       |  Payload: {Code: 2.05 (Content),
  |       |       |            0xff,
  |       |       |            "0"
  |       |       |           } // Encrypted with CTX_C_S
  |       |       |
  |     Encrypt   |
  |     RESP with |
  |     CTX_C_P   |
  |       |       |
  |<------+       |     Code: 2.04 (Changed)
  |  2.04 |       |    Token: 0x8c
  |       |       |   OSCORE: -
  |       |       |     0xff
  |       |       |  Payload: {Code: 2.04 (Changed),
  |       |       |            OSCORE: -,
  |       |       |            0xff,
  |       |       |            {Code: 2.05 (Content),
  |       |       |             0xff,
  |       |       |             "0"
  |       |       |            }   // Encrypted with CTX_C_S
  |       |       |           } // Encrypted with CTX_C_P
  |       |       |
Decrypt   |       |
RESP with |       |
CTX_C_P   |       |
  |       |       |
Decrypt   |       |
RESP with |       |
CTX_C_S   |       |
  |       |       |

Square brackets [ ... ] indicate content of compressed COSE object.
Curly brackets { ... } indicate encrypted data.

(A, B) indicates a CBOR sequence [RFC8742]
       of two CBOR data items A and B.
]]></artwork>
          </artset>
        </figure>
      </section>
      <section anchor="sec-example-edhoc-comb-req">
        <name>With Forward-Proxy and EDHOC (optimized); OSCORE: C-S, C-P</name>
        <t>In the example shown in <xref target="fig-example-edhoc-comb-req"/>, message exchanges are protected as follows.</t>
        <ul spacing="normal">
          <li>
            <t>End-to-end, between the client and the server, using the OSCORE Security Context CTX_C_S. The client uses the OSCORE Sender ID 0x5f when using OSCORE with the server.</t>
          </li>
          <li>
            <t>Between the client and the proxy, using the OSCORE Security Context CTX_C_P. The client uses the OSCORE Sender ID 0x20 when using OSCORE with the proxy.</t>
          </li>
        </ul>
        <t>The example also shows how the client establishes the OSCORE Security Contexts CTX_C_P with the proxy and CTX_C_S with the server, by using the key exchange protocol EDHOC <xref target="RFC9528"/>.</t>
        <t>In particular, the client relies on the EDHOC + OSCORE request defined in <xref target="RFC9668"/> and denoted as COMB_REQ, in order to transport the last EDHOC message_3 and the first OSCORE-protected application CoAP request combined together.</t>
        <t>After a first phase where the OSCORE Security Contexts are established, the second phase consists in a protected message exchange equivalent to that shown in <xref target="sec-examples-1"/>. In the example shown in the present section, the two phases partly overlap at the POST request sent by the client with Token 0x83 and forwarded by the proxy with Token 0xa6, as the EDHOC + OSCORE request that conveys both the last EDHOC message_3 from the client intended for the server and the first OSCORE-protected application CoAP request combined together.</t>
        <figure anchor="fig-example-edhoc-comb-req">
          <name>Use of OSCORE between Client-Server and Proxy-Server, with OSCORE Security Contexts established through EDHOC using the EDHOC + OSCORE request</name>
          <artset>
            <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="3040" width="544" viewBox="0 0 544 3040" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 24,48 L 24,240" fill="none" stroke="black"/>
                <path d="M 24,280 L 24,288" fill="none" stroke="black"/>
                <path d="M 24,344 L 24,352" fill="none" stroke="black"/>
                <path d="M 24,432 L 24,1264" fill="none" stroke="black"/>
                <path d="M 24,1320 L 24,1328" fill="none" stroke="black"/>
                <path d="M 24,1368 L 24,1376" fill="none" stroke="black"/>
                <path d="M 24,1432 L 24,1440" fill="none" stroke="black"/>
                <path d="M 24,1592 L 24,2800" fill="none" stroke="black"/>
                <path d="M 24,2856 L 24,2864" fill="none" stroke="black"/>
                <path d="M 24,2920 L 24,2928" fill="none" stroke="black"/>
                <path d="M 88,48 L 88,672" fill="none" stroke="black"/>
                <path d="M 88,712 L 88,720" fill="none" stroke="black"/>
                <path d="M 88,840 L 88,1056" fill="none" stroke="black"/>
                <path d="M 88,1112 L 88,1872" fill="none" stroke="black"/>
                <path d="M 88,1944 L 88,2528" fill="none" stroke="black"/>
                <path d="M 88,2584 L 88,2928" fill="none" stroke="black"/>
                <path d="M 152,48 L 152,2144" fill="none" stroke="black"/>
                <path d="M 152,2184 L 152,2192" fill="none" stroke="black"/>
                <path d="M 152,2312 L 152,2320" fill="none" stroke="black"/>
                <path d="M 152,2376 L 152,2928" fill="none" stroke="black"/>
                <path d="M 24,64 L 80,64" fill="none" stroke="black"/>
                <path d="M 32,176 L 88,176" fill="none" stroke="black"/>
                <path d="M 24,448 L 80,448" fill="none" stroke="black"/>
                <path d="M 88,864 L 144,864" fill="none" stroke="black"/>
                <path d="M 96,992 L 152,992" fill="none" stroke="black"/>
                <path d="M 32,1136 L 88,1136" fill="none" stroke="black"/>
                <path d="M 24,1616 L 80,1616" fill="none" stroke="black"/>
                <path d="M 88,1968 L 144,1968" fill="none" stroke="black"/>
                <path d="M 96,2400 L 152,2400" fill="none" stroke="black"/>
                <path d="M 32,2608 L 88,2608" fill="none" stroke="black"/>
                <polygon class="arrowhead" points="152,1968 140,1962.4 140,1973.6" fill="black" transform="rotate(0,144,1968)"/>
                <polygon class="arrowhead" points="152,864 140,858.4 140,869.6" fill="black" transform="rotate(0,144,864)"/>
                <polygon class="arrowhead" points="104,2400 92,2394.4 92,2405.6" fill="black" transform="rotate(180,96,2400)"/>
                <polygon class="arrowhead" points="104,992 92,986.4 92,997.6" fill="black" transform="rotate(180,96,992)"/>
                <polygon class="arrowhead" points="88,1616 76,1610.4 76,1621.6" fill="black" transform="rotate(0,80,1616)"/>
                <polygon class="arrowhead" points="88,448 76,442.4 76,453.6" fill="black" transform="rotate(0,80,448)"/>
                <polygon class="arrowhead" points="88,64 76,58.4 76,69.6" fill="black" transform="rotate(0,80,64)"/>
                <polygon class="arrowhead" points="40,2608 28,2602.4 28,2613.6" fill="black" transform="rotate(180,32,2608)"/>
                <polygon class="arrowhead" points="40,1136 28,1130.4 28,1141.6" fill="black" transform="rotate(180,32,1136)"/>
                <polygon class="arrowhead" points="40,176 28,170.4 28,181.6" fill="black" transform="rotate(180,32,176)"/>
                <g class="text">
                  <text x="28" y="36">Client</text>
                  <text x="88" y="36">Proxy</text>
                  <text x="148" y="36">Server</text>
                  <text x="216" y="68">Code:</text>
                  <text x="260" y="68">0.02</text>
                  <text x="308" y="68">(POST)</text>
                  <text x="52" y="84">POST</text>
                  <text x="212" y="84">Token:</text>
                  <text x="260" y="84">0xf3</text>
                  <text x="200" y="100">Uri-Path:</text>
                  <text x="296" y="100">".well-known"</text>
                  <text x="200" y="116">Uri-Path:</text>
                  <text x="272" y="116">"edhoc"</text>
                  <text x="212" y="132">0xff</text>
                  <text x="204" y="148">Payload:</text>
                  <text x="268" y="148">(true,</text>
                  <text x="320" y="148">EDHOC</text>
                  <text x="388" y="148">message_1)</text>
                  <text x="208" y="180">Code:</text>
                  <text x="252" y="180">2.04</text>
                  <text x="312" y="180">(Changed)</text>
                  <text x="60" y="196">2.04</text>
                  <text x="204" y="196">Token:</text>
                  <text x="252" y="196">0xf3</text>
                  <text x="204" y="212">0xff</text>
                  <text x="196" y="228">Payload:</text>
                  <text x="256" y="228">EDHOC</text>
                  <text x="320" y="228">message_2</text>
                  <text x="40" y="260">Establish</text>
                  <text x="32" y="276">CTX_C_P</text>
                  <text x="32" y="308">Encrypt</text>
                  <text x="16" y="324">REQ</text>
                  <text x="52" y="324">with</text>
                  <text x="32" y="340">CTX_C_P</text>
                  <text x="32" y="372">Prepare</text>
                  <text x="36" y="388">COMB_REQ</text>
                  <text x="16" y="404">for</text>
                  <text x="40" y="404">P</text>
                  <text x="20" y="420">from</text>
                  <text x="56" y="420">REQ</text>
                  <text x="216" y="452">Code:</text>
                  <text x="260" y="452">0.02</text>
                  <text x="308" y="452">(POST)</text>
                  <text x="52" y="468">POST</text>
                  <text x="212" y="468">Token:</text>
                  <text x="260" y="468">0x82</text>
                  <text x="208" y="484">OSCORE:</text>
                  <text x="284" y="484">[kid:0x20,</text>
                  <text x="360" y="484">Partial</text>
                  <text x="416" y="484">IV:0]</text>
                  <text x="212" y="500">EDHOC:</text>
                  <text x="248" y="500">-</text>
                  <text x="212" y="516">0xff</text>
                  <text x="204" y="532">Payload:</text>
                  <text x="264" y="532">EDHOC</text>
                  <text x="332" y="532">message_3,</text>
                  <text x="388" y="532">//</text>
                  <text x="436" y="532">Intended</text>
                  <text x="488" y="532">for</text>
                  <text x="512" y="532">P</text>
                  <text x="268" y="548">{Code:</text>
                  <text x="316" y="548">0.02</text>
                  <text x="368" y="548">(POST),</text>
                  <text x="288" y="564">Uri-Host:</text>
                  <text x="388" y="564">"example.com",</text>
                  <text x="288" y="580">Uri-Path:</text>
                  <text x="388" y="580">".well-known",</text>
                  <text x="288" y="596">Uri-Path:</text>
                  <text x="364" y="596">"edhoc",</text>
                  <text x="304" y="612">Proxy-Scheme:</text>
                  <text x="392" y="612">"coap",</text>
                  <text x="272" y="628">0xff,</text>
                  <text x="276" y="644">(true,</text>
                  <text x="328" y="644">EDHOC</text>
                  <text x="396" y="644">message_1)</text>
                  <text x="248" y="660">}</text>
                  <text x="268" y="660">//</text>
                  <text x="320" y="660">Encrypted</text>
                  <text x="380" y="660">with</text>
                  <text x="432" y="660">CTX_C_P</text>
                  <text x="104" y="692">Establish</text>
                  <text x="96" y="708">CTX_C_P</text>
                  <text x="96" y="740">Rebuild</text>
                  <text x="80" y="756">REQ</text>
                  <text x="116" y="756">from</text>
                  <text x="100" y="772">COMB_REQ</text>
                  <text x="88" y="788">|</text>
                  <text x="96" y="804">Decrypt</text>
                  <text x="80" y="820">REQ</text>
                  <text x="116" y="820">with</text>
                  <text x="96" y="836">CTX_C_P</text>
                  <text x="216" y="868">Code:</text>
                  <text x="260" y="868">0.02</text>
                  <text x="308" y="868">(POST)</text>
                  <text x="116" y="884">POST</text>
                  <text x="212" y="884">Token:</text>
                  <text x="260" y="884">0xa5</text>
                  <text x="200" y="900">Uri-Host:</text>
                  <text x="300" y="900">"example.com",</text>
                  <text x="200" y="916">Uri-Path:</text>
                  <text x="296" y="916">".well-known"</text>
                  <text x="200" y="932">Uri-Path:</text>
                  <text x="272" y="932">"edhoc"</text>
                  <text x="212" y="948">0xff</text>
                  <text x="204" y="964">Payload:</text>
                  <text x="268" y="964">(true,</text>
                  <text x="320" y="964">EDHOC</text>
                  <text x="388" y="964">message_1)</text>
                  <text x="208" y="996">Code:</text>
                  <text x="252" y="996">2.04</text>
                  <text x="312" y="996">(Changed)</text>
                  <text x="124" y="1012">2.04</text>
                  <text x="204" y="1012">Token:</text>
                  <text x="252" y="1012">0xa5</text>
                  <text x="204" y="1028">0xff</text>
                  <text x="196" y="1044">Payload:</text>
                  <text x="256" y="1044">EDHOC</text>
                  <text x="320" y="1044">message_2</text>
                  <text x="96" y="1076">Encrypt</text>
                  <text x="84" y="1092">RESP</text>
                  <text x="124" y="1092">with</text>
                  <text x="96" y="1108">CTX_C_P</text>
                  <text x="216" y="1140">Code:</text>
                  <text x="260" y="1140">2.04</text>
                  <text x="320" y="1140">(Changed)</text>
                  <text x="60" y="1156">2.04</text>
                  <text x="212" y="1156">Token:</text>
                  <text x="260" y="1156">0x82</text>
                  <text x="208" y="1172">OSCORE:</text>
                  <text x="248" y="1172">-</text>
                  <text x="212" y="1188">0xff</text>
                  <text x="204" y="1204">Payload:</text>
                  <text x="268" y="1204">{Code:</text>
                  <text x="316" y="1204">2.04</text>
                  <text x="380" y="1204">(Changed),</text>
                  <text x="272" y="1220">0xff,</text>
                  <text x="272" y="1236">EDHOC</text>
                  <text x="336" y="1236">message_2</text>
                  <text x="248" y="1252">}</text>
                  <text x="268" y="1252">//</text>
                  <text x="320" y="1252">Encrypted</text>
                  <text x="380" y="1252">with</text>
                  <text x="432" y="1252">CTX_C_P</text>
                  <text x="32" y="1284">Decrypt</text>
                  <text x="20" y="1300">RESP</text>
                  <text x="60" y="1300">with</text>
                  <text x="32" y="1316">CTX_C_P</text>
                  <text x="40" y="1348">Establish</text>
                  <text x="32" y="1364">CTX_C_S</text>
                  <text x="32" y="1396">Encrypt</text>
                  <text x="16" y="1412">REQ</text>
                  <text x="52" y="1412">with</text>
                  <text x="32" y="1428">CTX_C_S</text>
                  <text x="32" y="1460">Prepare</text>
                  <text x="36" y="1476">COMB_REQ</text>
                  <text x="16" y="1492">for</text>
                  <text x="40" y="1492">S</text>
                  <text x="20" y="1508">from</text>
                  <text x="56" y="1508">REQ</text>
                  <text x="24" y="1524">|</text>
                  <text x="32" y="1540">Encrypt</text>
                  <text x="36" y="1556">COMB_REQ</text>
                  <text x="20" y="1572">with</text>
                  <text x="32" y="1588">CTX_C_P</text>
                  <text x="216" y="1620">Code:</text>
                  <text x="260" y="1620">0.02</text>
                  <text x="308" y="1620">(POST)</text>
                  <text x="52" y="1636">POST</text>
                  <text x="212" y="1636">Token:</text>
                  <text x="260" y="1636">0x83</text>
                  <text x="208" y="1652">OSCORE:</text>
                  <text x="284" y="1652">[kid:0x20,</text>
                  <text x="360" y="1652">Partial</text>
                  <text x="416" y="1652">IV:1]</text>
                  <text x="212" y="1668">0xff</text>
                  <text x="204" y="1684">Payload:</text>
                  <text x="268" y="1684">{Code:</text>
                  <text x="316" y="1684">0.02</text>
                  <text x="368" y="1684">(POST),</text>
                  <text x="288" y="1700">Uri-Host:</text>
                  <text x="388" y="1700">"example.com",</text>
                  <text x="280" y="1716">OSCORE:</text>
                  <text x="356" y="1716">[kid:0x5f,</text>
                  <text x="432" y="1716">Partial</text>
                  <text x="492" y="1716">IV:0],</text>
                  <text x="276" y="1732">EDHOC:</text>
                  <text x="316" y="1732">-,</text>
                  <text x="304" y="1748">Proxy-Scheme:</text>
                  <text x="392" y="1748">"coap",</text>
                  <text x="272" y="1764">0xff,</text>
                  <text x="272" y="1780">EDHOC</text>
                  <text x="340" y="1780">message_3,</text>
                  <text x="396" y="1780">//</text>
                  <text x="444" y="1780">Intended</text>
                  <text x="496" y="1780">for</text>
                  <text x="520" y="1780">S</text>
                  <text x="256" y="1796">{</text>
                  <text x="280" y="1812">Code:</text>
                  <text x="324" y="1812">0.01</text>
                  <text x="372" y="1812">(GET),</text>
                  <text x="352" y="1828">Uri-Path:"alarm_status"</text>
                  <text x="256" y="1844">}</text>
                  <text x="292" y="1844">//</text>
                  <text x="344" y="1844">Encrypted</text>
                  <text x="404" y="1844">with</text>
                  <text x="456" y="1844">CTX_C_S</text>
                  <text x="248" y="1860">}</text>
                  <text x="268" y="1860">//</text>
                  <text x="320" y="1860">Encrypted</text>
                  <text x="380" y="1860">with</text>
                  <text x="432" y="1860">CTX_C_P</text>
                  <text x="96" y="1892">Decrypt</text>
                  <text x="100" y="1908">COMB_REQ</text>
                  <text x="84" y="1924">with</text>
                  <text x="96" y="1940">CTX_C_P</text>
                  <text x="216" y="1972">Code:</text>
                  <text x="260" y="1972">0.02</text>
                  <text x="308" y="1972">(POST)</text>
                  <text x="116" y="1988">POST</text>
                  <text x="212" y="1988">Token:</text>
                  <text x="260" y="1988">0xa6</text>
                  <text x="200" y="2004">Uri-Host:</text>
                  <text x="300" y="2004">"example.com",</text>
                  <text x="208" y="2020">OSCORE:</text>
                  <text x="284" y="2020">[kid:0x5f,</text>
                  <text x="360" y="2020">Partial</text>
                  <text x="416" y="2020">IV:0]</text>
                  <text x="212" y="2036">EDHOC:</text>
                  <text x="248" y="2036">-</text>
                  <text x="212" y="2052">0xff</text>
                  <text x="204" y="2068">Payload:</text>
                  <text x="264" y="2068">EDHOC</text>
                  <text x="332" y="2068">message_3,</text>
                  <text x="388" y="2068">//</text>
                  <text x="436" y="2068">Intended</text>
                  <text x="488" y="2068">for</text>
                  <text x="512" y="2068">S</text>
                  <text x="248" y="2084">{</text>
                  <text x="272" y="2100">Code:</text>
                  <text x="316" y="2100">0.01</text>
                  <text x="364" y="2100">(GET),</text>
                  <text x="288" y="2116">Uri-Path:</text>
                  <text x="388" y="2116">"alarm_status"</text>
                  <text x="248" y="2132">}</text>
                  <text x="268" y="2132">//</text>
                  <text x="320" y="2132">Encrypted</text>
                  <text x="380" y="2132">with</text>
                  <text x="432" y="2132">CTX_C_S</text>
                  <text x="168" y="2164">Establish</text>
                  <text x="160" y="2180">CTX_C_S</text>
                  <text x="160" y="2212">Rebuild</text>
                  <text x="144" y="2228">REQ</text>
                  <text x="180" y="2228">from</text>
                  <text x="164" y="2244">COMB_REQ</text>
                  <text x="152" y="2260">|</text>
                  <text x="160" y="2276">Decrypt</text>
                  <text x="144" y="2292">REQ</text>
                  <text x="180" y="2292">with</text>
                  <text x="160" y="2308">CTX_C_S</text>
                  <text x="160" y="2340">Encrypt</text>
                  <text x="148" y="2356">RESP</text>
                  <text x="188" y="2356">with</text>
                  <text x="160" y="2372">CTX_C_S</text>
                  <text x="216" y="2404">Code:</text>
                  <text x="260" y="2404">2.04</text>
                  <text x="320" y="2404">(Changed)</text>
                  <text x="124" y="2420">2.04</text>
                  <text x="212" y="2420">Token:</text>
                  <text x="260" y="2420">0xa6</text>
                  <text x="208" y="2436">OSCORE:</text>
                  <text x="248" y="2436">-</text>
                  <text x="212" y="2452">0xff</text>
                  <text x="204" y="2468">Payload:</text>
                  <text x="268" y="2468">{Code:</text>
                  <text x="316" y="2468">2.05</text>
                  <text x="380" y="2468">(Content),</text>
                  <text x="272" y="2484">0xff,</text>
                  <text x="264" y="2500">"0"</text>
                  <text x="248" y="2516">}</text>
                  <text x="268" y="2516">//</text>
                  <text x="320" y="2516">Encrypted</text>
                  <text x="380" y="2516">with</text>
                  <text x="432" y="2516">CTX_C_S</text>
                  <text x="96" y="2548">Encrypt</text>
                  <text x="84" y="2564">RESP</text>
                  <text x="124" y="2564">with</text>
                  <text x="96" y="2580">CTX_C_P</text>
                  <text x="216" y="2612">Code:</text>
                  <text x="260" y="2612">2.04</text>
                  <text x="320" y="2612">(Changed)</text>
                  <text x="60" y="2628">2.04</text>
                  <text x="212" y="2628">Token:</text>
                  <text x="260" y="2628">0x83</text>
                  <text x="208" y="2644">OSCORE:</text>
                  <text x="248" y="2644">-</text>
                  <text x="212" y="2660">0xff</text>
                  <text x="204" y="2676">Payload:</text>
                  <text x="268" y="2676">{Code:</text>
                  <text x="316" y="2676">2.04</text>
                  <text x="380" y="2676">(Changed),</text>
                  <text x="280" y="2692">OSCORE:</text>
                  <text x="324" y="2692">-,</text>
                  <text x="272" y="2708">0xff,</text>
                  <text x="276" y="2724">{Code:</text>
                  <text x="324" y="2724">2.05</text>
                  <text x="388" y="2724">(Content),</text>
                  <text x="280" y="2740">0xff,</text>
                  <text x="272" y="2756">"0"</text>
                  <text x="256" y="2772">}</text>
                  <text x="292" y="2772">//</text>
                  <text x="344" y="2772">Encrypted</text>
                  <text x="404" y="2772">with</text>
                  <text x="456" y="2772">CTX_C_S</text>
                  <text x="248" y="2788">}</text>
                  <text x="268" y="2788">//</text>
                  <text x="320" y="2788">Encrypted</text>
                  <text x="380" y="2788">with</text>
                  <text x="432" y="2788">CTX_C_P</text>
                  <text x="32" y="2820">Decrypt</text>
                  <text x="20" y="2836">RESP</text>
                  <text x="60" y="2836">with</text>
                  <text x="32" y="2852">CTX_C_P</text>
                  <text x="32" y="2884">Decrypt</text>
                  <text x="20" y="2900">RESP</text>
                  <text x="60" y="2900">with</text>
                  <text x="32" y="2916">CTX_C_S</text>
                  <text x="28" y="2964">Square</text>
                  <text x="92" y="2964">brackets</text>
                  <text x="136" y="2964">[</text>
                  <text x="160" y="2964">...</text>
                  <text x="184" y="2964">]</text>
                  <text x="228" y="2964">indicate</text>
                  <text x="296" y="2964">content</text>
                  <text x="340" y="2964">of</text>
                  <text x="396" y="2964">compressed</text>
                  <text x="460" y="2964">COSE</text>
                  <text x="512" y="2964">object.</text>
                  <text x="24" y="2980">Curly</text>
                  <text x="84" y="2980">brackets</text>
                  <text x="128" y="2980">{</text>
                  <text x="152" y="2980">...</text>
                  <text x="176" y="2980">}</text>
                  <text x="220" y="2980">indicate</text>
                  <text x="296" y="2980">encrypted</text>
                  <text x="360" y="2980">data.</text>
                  <text x="16" y="3012">(A,</text>
                  <text x="44" y="3012">B)</text>
                  <text x="96" y="3012">indicates</text>
                  <text x="144" y="3012">a</text>
                  <text x="172" y="3012">CBOR</text>
                  <text x="228" y="3012">sequence</text>
                  <text x="304" y="3012">[RFC8742]</text>
                  <text x="68" y="3028">of</text>
                  <text x="96" y="3028">two</text>
                  <text x="132" y="3028">CBOR</text>
                  <text x="172" y="3028">data</text>
                  <text x="216" y="3028">items</text>
                  <text x="248" y="3028">A</text>
                  <text x="272" y="3028">and</text>
                  <text x="300" y="3028">B.</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art"><![CDATA[
Client  Proxy  Server
  |       |       |
  +------>|       |     Code: 0.02 (POST)
  | POST  |       |    Token: 0xf3
  |       |       | Uri-Path: ".well-known"
  |       |       | Uri-Path: "edhoc"
  |       |       |     0xff
  |       |       |  Payload: (true, EDHOC message_1)
  |       |       |
  |<------+       |    Code: 2.04 (Changed)
  |  2.04 |       |   Token: 0xf3
  |       |       |    0xff
  |       |       | Payload: EDHOC message_2
  |       |       |
Establish |       |
CTX_C_P   |       |
  |       |       |
Encrypt   |       |
REQ with  |       |
CTX_C_P   |       |
  |       |       |
Prepare   |       |
COMB_REQ  |       |
for P     |       |
from REQ  |       |
  |       |       |
  +------>|       |     Code: 0.02 (POST)
  | POST  |       |    Token: 0x82
  |       |       |   OSCORE: [kid:0x20, Partial IV:0]
  |       |       |    EDHOC: -
  |       |       |     0xff
  |       |       |  Payload: EDHOC message_3, // Intended for P
  |       |       |           {Code: 0.02 (POST),
  |       |       |            Uri-Host: "example.com",
  |       |       |            Uri-Path: ".well-known",
  |       |       |            Uri-Path: "edhoc",
  |       |       |            Proxy-Scheme: "coap",
  |       |       |            0xff,
  |       |       |            (true, EDHOC message_1)
  |       |       |           } // Encrypted with CTX_C_P
  |       |       |
  |     Establish |
  |     CTX_C_P   |
  |       |       |
  |     Rebuild   |
  |     REQ from  |
  |     COMB_REQ  |
  |       |       |
  |     Decrypt   |
  |     REQ with  |
  |     CTX_C_P   |
  |       |       |
  |       +------>|     Code: 0.02 (POST)
  |       | POST  |    Token: 0xa5
  |       |       | Uri-Host: "example.com",
  |       |       | Uri-Path: ".well-known"
  |       |       | Uri-Path: "edhoc"
  |       |       |     0xff
  |       |       |  Payload: (true, EDHOC message_1)
  |       |       |
  |       |<------+    Code: 2.04 (Changed)
  |       |  2.04 |   Token: 0xa5
  |       |       |    0xff
  |       |       | Payload: EDHOC message_2
  |       |       |
  |     Encrypt   |
  |     RESP with |
  |     CTX_C_P   |
  |       |       |
  |<------+       |     Code: 2.04 (Changed)
  |  2.04 |       |    Token: 0x82
  |       |       |   OSCORE: -
  |       |       |     0xff
  |       |       |  Payload: {Code: 2.04 (Changed),
  |       |       |            0xff,
  |       |       |            EDHOC message_2
  |       |       |           } // Encrypted with CTX_C_P
  |       |       |
Decrypt   |       |
RESP with |       |
CTX_C_P   |       |
  |       |       |
Establish |       |
CTX_C_S   |       |
  |       |       |
Encrypt   |       |
REQ with  |       |
CTX_C_S   |       |
  |       |       |
Prepare   |       |
COMB_REQ  |       |
for S     |       |
from REQ  |       |
  |       |       |
Encrypt   |       |
COMB_REQ  |       |
with      |       |
CTX_C_P   |       |
  |       |       |
  +------>|       |     Code: 0.02 (POST)
  | POST  |       |    Token: 0x83
  |       |       |   OSCORE: [kid:0x20, Partial IV:1]
  |       |       |     0xff
  |       |       |  Payload: {Code: 0.02 (POST),
  |       |       |            Uri-Host: "example.com",
  |       |       |            OSCORE: [kid:0x5f, Partial IV:0],
  |       |       |            EDHOC: -,
  |       |       |            Proxy-Scheme: "coap",
  |       |       |            0xff,
  |       |       |            EDHOC message_3, // Intended for S
  |       |       |            {
  |       |       |             Code: 0.01 (GET),
  |       |       |             Uri-Path:"alarm_status"
  |       |       |            }   // Encrypted with CTX_C_S
  |       |       |           } // Encrypted with CTX_C_P
  |       |       |
  |     Decrypt   |
  |     COMB_REQ  |
  |     with      |
  |     CTX_C_P   |
  |       |       |
  |       +------>|     Code: 0.02 (POST)
  |       | POST  |    Token: 0xa6
  |       |       | Uri-Host: "example.com",
  |       |       |   OSCORE: [kid:0x5f, Partial IV:0]
  |       |       |    EDHOC: -
  |       |       |     0xff
  |       |       |  Payload: EDHOC message_3, // Intended for S
  |       |       |           {
  |       |       |            Code: 0.01 (GET),
  |       |       |            Uri-Path: "alarm_status"
  |       |       |           } // Encrypted with CTX_C_S
  |       |       |
  |       |     Establish
  |       |     CTX_C_S
  |       |       |
  |       |     Rebuild
  |       |     REQ from
  |       |     COMB_REQ
  |       |       |
  |       |     Decrypt
  |       |     REQ with
  |       |     CTX_C_S
  |       |       |
  |       |     Encrypt
  |       |     RESP with
  |       |     CTX_C_S
  |       |       |
  |       |<------+     Code: 2.04 (Changed)
  |       |  2.04 |    Token: 0xa6
  |       |       |   OSCORE: -
  |       |       |     0xff
  |       |       |  Payload: {Code: 2.05 (Content),
  |       |       |            0xff,
  |       |       |            "0"
  |       |       |           } // Encrypted with CTX_C_S
  |       |       |
  |     Encrypt   |
  |     RESP with |
  |     CTX_C_P   |
  |       |       |
  |<------+       |     Code: 2.04 (Changed)
  |  2.04 |       |    Token: 0x83
  |       |       |   OSCORE: -
  |       |       |     0xff
  |       |       |  Payload: {Code: 2.04 (Changed),
  |       |       |            OSCORE: -,
  |       |       |            0xff,
  |       |       |            {Code: 2.05 (Content),
  |       |       |             0xff,
  |       |       |             "0"
  |       |       |            }   // Encrypted with CTX_C_S
  |       |       |           } // Encrypted with CTX_C_P
  |       |       |
Decrypt   |       |
RESP with |       |
CTX_C_P   |       |
  |       |       |
Decrypt   |       |
RESP with |       |
CTX_C_S   |       |
  |       |       |

Square brackets [ ... ] indicate content of compressed COSE object.
Curly brackets { ... } indicate encrypted data.

(A, B) indicates a CBOR sequence [RFC8742]
       of two CBOR data items A and B.
]]></artwork>
          </artset>
        </figure>
      </section>
      <section anchor="with-two-forward-proxies-oscore-c-s-c-p1-p1-p2-p2-s">
        <name>With Two Forward-Proxies; OSCORE: C-S, C-P1, P1-P2, P2-S</name>
        <t>In the example shown in <xref target="fig-example-client-two-proxies-server"/>, message exchanges are protected with OSCORE as follows.</t>
        <ul spacing="normal">
          <li>
            <t>End-to-end between the client and the server, using the OSCORE Security Context CTX_C_S. The client uses the OSCORE Sender ID 0x5f when using OSCORE with the server.</t>
          </li>
          <li>
            <t>Between the client and the proxy Proxy1 (P1), using the OSCORE Security Context CTX_C_P1. The client uses the OSCORE Sender ID 0x20 when using OSCORE with P1.</t>
          </li>
          <li>
            <t>Between P1 and the proxy Proxy2 (P2), using the OSCORE Security Context CTX_P1_P2. P1 uses the OSCORE Sender ID 0xd4 when using OSCORE with P2.</t>
          </li>
          <li>
            <t>Between P2 and the server, using the OSCORE Security Context CTX_P2_S. P2 uses the OSCORE Sender ID 0x77 when using OSCORE with the server.</t>
          </li>
        </ul>
        <figure anchor="fig-example-client-two-proxies-server">
          <name>Use of OSCORE between Client-Server, Client-Proxy1, Proxy1-Proxy2, and Proxy2-Server</name>
          <artset>
            <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="2464" width="552" viewBox="0 0 552 2464" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 24,104 L 24,112" fill="none" stroke="black"/>
                <path d="M 24,168 L 24,2272" fill="none" stroke="black"/>
                <path d="M 24,2328 L 24,2336" fill="none" stroke="black"/>
                <path d="M 24,2392 L 24,2400" fill="none" stroke="black"/>
                <path d="M 88,48 L 88,416" fill="none" stroke="black"/>
                <path d="M 88,472 L 88,480" fill="none" stroke="black"/>
                <path d="M 88,536 L 88,1936" fill="none" stroke="black"/>
                <path d="M 88,1992 L 88,2000" fill="none" stroke="black"/>
                <path d="M 88,2056 L 88,2400" fill="none" stroke="black"/>
                <path d="M 152,48 L 152,784" fill="none" stroke="black"/>
                <path d="M 152,840 L 152,848" fill="none" stroke="black"/>
                <path d="M 152,904 L 152,1600" fill="none" stroke="black"/>
                <path d="M 152,1656 L 152,1664" fill="none" stroke="black"/>
                <path d="M 152,1720 L 152,2400" fill="none" stroke="black"/>
                <path d="M 216,48 L 216,1136" fill="none" stroke="black"/>
                <path d="M 216,1192 L 216,1200" fill="none" stroke="black"/>
                <path d="M 216,1256 L 216,1264" fill="none" stroke="black"/>
                <path d="M 216,1320 L 216,1328" fill="none" stroke="black"/>
                <path d="M 216,1384 L 216,2400" fill="none" stroke="black"/>
                <path d="M 24,192 L 80,192" fill="none" stroke="black"/>
                <path d="M 88,560 L 144,560" fill="none" stroke="black"/>
                <path d="M 152,928 L 208,928" fill="none" stroke="black"/>
                <path d="M 160,1408 L 216,1408" fill="none" stroke="black"/>
                <path d="M 96,1744 L 152,1744" fill="none" stroke="black"/>
                <path d="M 32,2080 L 88,2080" fill="none" stroke="black"/>
                <polygon class="arrowhead" points="216,928 204,922.4 204,933.6" fill="black" transform="rotate(0,208,928)"/>
                <polygon class="arrowhead" points="168,1408 156,1402.4 156,1413.6" fill="black" transform="rotate(180,160,1408)"/>
                <polygon class="arrowhead" points="152,560 140,554.4 140,565.6" fill="black" transform="rotate(0,144,560)"/>
                <polygon class="arrowhead" points="104,1744 92,1738.4 92,1749.6" fill="black" transform="rotate(180,96,1744)"/>
                <polygon class="arrowhead" points="88,192 76,186.4 76,197.6" fill="black" transform="rotate(0,80,192)"/>
                <polygon class="arrowhead" points="40,2080 28,2074.4 28,2085.6" fill="black" transform="rotate(180,32,2080)"/>
                <g class="text">
                  <text x="28" y="36">Client</text>
                  <text x="92" y="36">P1</text>
                  <text x="156" y="36">P2</text>
                  <text x="220" y="36">Server</text>
                  <text x="24" y="52">|</text>
                  <text x="32" y="68">Encrypt</text>
                  <text x="16" y="84">REQ</text>
                  <text x="52" y="84">with</text>
                  <text x="32" y="100">CTX_C_S</text>
                  <text x="32" y="132">Encrypt</text>
                  <text x="16" y="148">REQ</text>
                  <text x="52" y="148">with</text>
                  <text x="36" y="164">CTX_C_P1</text>
                  <text x="280" y="196">Code:</text>
                  <text x="324" y="196">0.02</text>
                  <text x="372" y="196">(POST)</text>
                  <text x="52" y="212">POST</text>
                  <text x="276" y="212">Token:</text>
                  <text x="324" y="212">0x8c</text>
                  <text x="272" y="228">OSCORE:</text>
                  <text x="348" y="228">[kid:0x20,</text>
                  <text x="424" y="228">Partial</text>
                  <text x="484" y="228">IV:31]</text>
                  <text x="276" y="244">0xff</text>
                  <text x="268" y="260">Payload:</text>
                  <text x="332" y="260">{Code:</text>
                  <text x="380" y="260">0.02</text>
                  <text x="432" y="260">(POST),</text>
                  <text x="352" y="276">Uri-Host:</text>
                  <text x="452" y="276">"example.com",</text>
                  <text x="344" y="292">OSCORE:</text>
                  <text x="420" y="292">[kid:0x5f,</text>
                  <text x="416" y="308">Partial</text>
                  <text x="480" y="308">IV:42],</text>
                  <text x="368" y="324">Proxy-Scheme:</text>
                  <text x="456" y="324">"coap",</text>
                  <text x="336" y="340">0xff,</text>
                  <text x="340" y="356">{Code:</text>
                  <text x="388" y="356">0.01</text>
                  <text x="436" y="356">(GET),</text>
                  <text x="360" y="372">Uri-Path:</text>
                  <text x="460" y="372">"alarm_status"</text>
                  <text x="320" y="388">}</text>
                  <text x="356" y="388">//</text>
                  <text x="408" y="388">Encrypted</text>
                  <text x="468" y="388">with</text>
                  <text x="520" y="388">CTX_C_S</text>
                  <text x="312" y="404">}</text>
                  <text x="332" y="404">//</text>
                  <text x="384" y="404">Encrypted</text>
                  <text x="444" y="404">with</text>
                  <text x="500" y="404">CTX_C_P1</text>
                  <text x="96" y="436">Decrypt</text>
                  <text x="80" y="452">REQ</text>
                  <text x="116" y="452">with</text>
                  <text x="100" y="468">CTX_C_P1</text>
                  <text x="96" y="500">Encrypt</text>
                  <text x="80" y="516">REQ</text>
                  <text x="116" y="516">with</text>
                  <text x="104" y="532">CTX_P1_P2</text>
                  <text x="272" y="564">Code:</text>
                  <text x="316" y="564">0.02</text>
                  <text x="364" y="564">(POST)</text>
                  <text x="116" y="580">POST</text>
                  <text x="268" y="580">Token:</text>
                  <text x="316" y="580">0x7b</text>
                  <text x="264" y="596">OSCORE:</text>
                  <text x="340" y="596">[kid:0xd4,</text>
                  <text x="416" y="596">Partial</text>
                  <text x="476" y="596">IV:53]</text>
                  <text x="268" y="612">0xff</text>
                  <text x="260" y="628">Payload:</text>
                  <text x="324" y="628">{Code:</text>
                  <text x="372" y="628">0.02</text>
                  <text x="424" y="628">(POST),</text>
                  <text x="344" y="644">Uri-Host:</text>
                  <text x="444" y="644">"example.com",</text>
                  <text x="336" y="660">OSCORE:</text>
                  <text x="412" y="660">[kid:0x5f,</text>
                  <text x="408" y="676">Partial</text>
                  <text x="472" y="676">IV:42],</text>
                  <text x="360" y="692">Proxy-Scheme:</text>
                  <text x="448" y="692">"coap",</text>
                  <text x="328" y="708">0xff,</text>
                  <text x="332" y="724">{Code:</text>
                  <text x="380" y="724">0.01</text>
                  <text x="428" y="724">(GET),</text>
                  <text x="352" y="740">Uri-Path:</text>
                  <text x="452" y="740">"alarm_status"</text>
                  <text x="312" y="756">}</text>
                  <text x="348" y="756">//</text>
                  <text x="400" y="756">Encrypted</text>
                  <text x="460" y="756">with</text>
                  <text x="512" y="756">CTX_C_S</text>
                  <text x="304" y="772">}</text>
                  <text x="324" y="772">//</text>
                  <text x="376" y="772">Encrypted</text>
                  <text x="436" y="772">with</text>
                  <text x="496" y="772">CTX_P1_P2</text>
                  <text x="160" y="804">Decrypt</text>
                  <text x="144" y="820">REQ</text>
                  <text x="180" y="820">with</text>
                  <text x="168" y="836">CTX_P1_P2</text>
                  <text x="160" y="868">Encrypt</text>
                  <text x="144" y="884">REQ</text>
                  <text x="180" y="884">with</text>
                  <text x="164" y="900">CTX_P2_S</text>
                  <text x="280" y="932">Code:</text>
                  <text x="324" y="932">0.02</text>
                  <text x="372" y="932">(POST)</text>
                  <text x="180" y="948">POST</text>
                  <text x="276" y="948">Token:</text>
                  <text x="324" y="948">0x6a</text>
                  <text x="264" y="964">Uri-Host:</text>
                  <text x="364" y="964">"example.com",</text>
                  <text x="272" y="980">OSCORE:</text>
                  <text x="348" y="980">[kid:0x77,</text>
                  <text x="424" y="980">Partial</text>
                  <text x="484" y="980">IV:75]</text>
                  <text x="276" y="996">0xff</text>
                  <text x="268" y="1012">Payload:</text>
                  <text x="332" y="1012">{Code:</text>
                  <text x="380" y="1012">0.02</text>
                  <text x="432" y="1012">(POST),</text>
                  <text x="344" y="1028">OSCORE:</text>
                  <text x="420" y="1028">[kid:0x5f,</text>
                  <text x="416" y="1044">Partial</text>
                  <text x="480" y="1044">IV:42],</text>
                  <text x="336" y="1060">0xff,</text>
                  <text x="340" y="1076">{Code:</text>
                  <text x="388" y="1076">0.01</text>
                  <text x="436" y="1076">(GET),</text>
                  <text x="360" y="1092">Uri-Path:</text>
                  <text x="460" y="1092">"alarm_status"</text>
                  <text x="320" y="1108">}</text>
                  <text x="356" y="1108">//</text>
                  <text x="408" y="1108">Encrypted</text>
                  <text x="468" y="1108">with</text>
                  <text x="520" y="1108">CTX_C_S</text>
                  <text x="312" y="1124">}</text>
                  <text x="332" y="1124">//</text>
                  <text x="384" y="1124">Encrypted</text>
                  <text x="444" y="1124">with</text>
                  <text x="500" y="1124">CTX_P2_S</text>
                  <text x="224" y="1156">Decrypt</text>
                  <text x="208" y="1172">REQ</text>
                  <text x="244" y="1172">with</text>
                  <text x="228" y="1188">CTX_P2_S</text>
                  <text x="224" y="1220">Decrypt</text>
                  <text x="208" y="1236">REQ</text>
                  <text x="244" y="1236">with</text>
                  <text x="224" y="1252">CTX_C_S</text>
                  <text x="224" y="1284">Encrypt</text>
                  <text x="212" y="1300">RESP</text>
                  <text x="252" y="1300">with</text>
                  <text x="224" y="1316">CTX_C_S</text>
                  <text x="224" y="1348">Encrypt</text>
                  <text x="212" y="1364">RESP</text>
                  <text x="252" y="1364">with</text>
                  <text x="228" y="1380">CTX_P2_S</text>
                  <text x="272" y="1412">Code:</text>
                  <text x="316" y="1412">2.04</text>
                  <text x="376" y="1412">(Changed)</text>
                  <text x="188" y="1428">2.04</text>
                  <text x="268" y="1428">Token:</text>
                  <text x="316" y="1428">0x6a</text>
                  <text x="264" y="1444">OSCORE:</text>
                  <text x="304" y="1444">-</text>
                  <text x="268" y="1460">0xff</text>
                  <text x="260" y="1476">Payload:</text>
                  <text x="324" y="1476">{Code:</text>
                  <text x="372" y="1476">2.04</text>
                  <text x="436" y="1476">(Changed),</text>
                  <text x="336" y="1492">OSCORE:</text>
                  <text x="380" y="1492">-,</text>
                  <text x="328" y="1508">0xff,</text>
                  <text x="332" y="1524">{Code:</text>
                  <text x="380" y="1524">2.05</text>
                  <text x="444" y="1524">(Content),</text>
                  <text x="336" y="1540">0xff,</text>
                  <text x="328" y="1556">"0"</text>
                  <text x="312" y="1572">}</text>
                  <text x="348" y="1572">//</text>
                  <text x="400" y="1572">Encrypted</text>
                  <text x="460" y="1572">with</text>
                  <text x="512" y="1572">CTX_C_S</text>
                  <text x="304" y="1588">}</text>
                  <text x="324" y="1588">//</text>
                  <text x="376" y="1588">Encrypted</text>
                  <text x="436" y="1588">with</text>
                  <text x="492" y="1588">CTX_P2_S</text>
                  <text x="160" y="1620">Decrypt</text>
                  <text x="148" y="1636">RESP</text>
                  <text x="188" y="1636">with</text>
                  <text x="164" y="1652">CTX_P2_S</text>
                  <text x="160" y="1684">Encrypt</text>
                  <text x="148" y="1700">RESP</text>
                  <text x="188" y="1700">with</text>
                  <text x="168" y="1716">CTX_P1_P2</text>
                  <text x="272" y="1748">Code:</text>
                  <text x="316" y="1748">2.04</text>
                  <text x="376" y="1748">(Changed)</text>
                  <text x="124" y="1764">2.04</text>
                  <text x="268" y="1764">Token:</text>
                  <text x="316" y="1764">0x7b</text>
                  <text x="264" y="1780">OSCORE:</text>
                  <text x="304" y="1780">-</text>
                  <text x="268" y="1796">0xff</text>
                  <text x="260" y="1812">Payload:</text>
                  <text x="324" y="1812">{Code:</text>
                  <text x="372" y="1812">2.04</text>
                  <text x="436" y="1812">(Changed),</text>
                  <text x="336" y="1828">OSCORE:</text>
                  <text x="380" y="1828">-,</text>
                  <text x="328" y="1844">0xff,</text>
                  <text x="332" y="1860">{Code:</text>
                  <text x="380" y="1860">2.05</text>
                  <text x="444" y="1860">(Content),</text>
                  <text x="336" y="1876">0xff,</text>
                  <text x="328" y="1892">"0"</text>
                  <text x="312" y="1908">}</text>
                  <text x="348" y="1908">//</text>
                  <text x="400" y="1908">Encrypted</text>
                  <text x="460" y="1908">with</text>
                  <text x="512" y="1908">CTX_C_S</text>
                  <text x="304" y="1924">}</text>
                  <text x="324" y="1924">//</text>
                  <text x="376" y="1924">Encrypted</text>
                  <text x="436" y="1924">with</text>
                  <text x="496" y="1924">CTX_P1_P2</text>
                  <text x="96" y="1956">Decrypt</text>
                  <text x="84" y="1972">RESP</text>
                  <text x="124" y="1972">with</text>
                  <text x="104" y="1988">CTX_P1_P2</text>
                  <text x="96" y="2020">Encrypt</text>
                  <text x="84" y="2036">RESP</text>
                  <text x="124" y="2036">with</text>
                  <text x="100" y="2052">CTX_C_P1</text>
                  <text x="272" y="2084">Code:</text>
                  <text x="316" y="2084">2.04</text>
                  <text x="376" y="2084">(Changed)</text>
                  <text x="60" y="2100">2.04</text>
                  <text x="268" y="2100">Token:</text>
                  <text x="316" y="2100">0x8c</text>
                  <text x="264" y="2116">OSCORE:</text>
                  <text x="304" y="2116">-</text>
                  <text x="268" y="2132">0xff</text>
                  <text x="260" y="2148">Payload:</text>
                  <text x="324" y="2148">{Code:</text>
                  <text x="372" y="2148">2.04</text>
                  <text x="436" y="2148">(Changed),</text>
                  <text x="336" y="2164">OSCORE:</text>
                  <text x="380" y="2164">-,</text>
                  <text x="328" y="2180">0xff,</text>
                  <text x="332" y="2196">{Code:</text>
                  <text x="380" y="2196">2.05</text>
                  <text x="444" y="2196">(Content),</text>
                  <text x="336" y="2212">0xff,</text>
                  <text x="328" y="2228">"0"</text>
                  <text x="312" y="2244">}</text>
                  <text x="348" y="2244">//</text>
                  <text x="400" y="2244">Encrypted</text>
                  <text x="460" y="2244">with</text>
                  <text x="512" y="2244">CTX_C_S</text>
                  <text x="304" y="2260">}</text>
                  <text x="324" y="2260">//</text>
                  <text x="376" y="2260">Encrypted</text>
                  <text x="436" y="2260">with</text>
                  <text x="492" y="2260">CTX_C_P1</text>
                  <text x="32" y="2292">Decrypt</text>
                  <text x="20" y="2308">RESP</text>
                  <text x="60" y="2308">with</text>
                  <text x="36" y="2324">CTX_C_P1</text>
                  <text x="32" y="2356">Decrypt</text>
                  <text x="20" y="2372">RESP</text>
                  <text x="60" y="2372">with</text>
                  <text x="32" y="2388">CTX_C_S</text>
                  <text x="28" y="2436">Square</text>
                  <text x="92" y="2436">brackets</text>
                  <text x="136" y="2436">[</text>
                  <text x="160" y="2436">...</text>
                  <text x="184" y="2436">]</text>
                  <text x="228" y="2436">indicate</text>
                  <text x="296" y="2436">content</text>
                  <text x="340" y="2436">of</text>
                  <text x="396" y="2436">compressed</text>
                  <text x="460" y="2436">COSE</text>
                  <text x="512" y="2436">object.</text>
                  <text x="24" y="2452">Curly</text>
                  <text x="84" y="2452">brackets</text>
                  <text x="128" y="2452">{</text>
                  <text x="152" y="2452">...</text>
                  <text x="176" y="2452">}</text>
                  <text x="220" y="2452">indicate</text>
                  <text x="296" y="2452">encrypted</text>
                  <text x="360" y="2452">data.</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art"><![CDATA[
Client    P1      P2    Server
  |       |       |       |
Encrypt   |       |       |
REQ with  |       |       |
CTX_C_S   |       |       |
  |       |       |       |
Encrypt   |       |       |
REQ with  |       |       |
CTX_C_P1  |       |       |
  |       |       |       |
  +------>|       |       |     Code: 0.02 (POST)
  | POST  |       |       |    Token: 0x8c
  |       |       |       |   OSCORE: [kid:0x20, Partial IV:31]
  |       |       |       |     0xff
  |       |       |       |  Payload: {Code: 0.02 (POST),
  |       |       |       |            Uri-Host: "example.com",
  |       |       |       |            OSCORE: [kid:0x5f,
  |       |       |       |                     Partial IV:42],
  |       |       |       |            Proxy-Scheme: "coap",
  |       |       |       |            0xff,
  |       |       |       |            {Code: 0.01 (GET),
  |       |       |       |             Uri-Path: "alarm_status"
  |       |       |       |            }   // Encrypted with CTX_C_S
  |       |       |       |           } // Encrypted with CTX_C_P1
  |       |       |       |
  |     Decrypt   |       |
  |     REQ with  |       |
  |     CTX_C_P1  |       |
  |       |       |       |
  |     Encrypt   |       |
  |     REQ with  |       |
  |     CTX_P1_P2 |       |
  |       |       |       |
  |       +------>|       |    Code: 0.02 (POST)
  |       | POST  |       |   Token: 0x7b
  |       |       |       |  OSCORE: [kid:0xd4, Partial IV:53]
  |       |       |       |    0xff
  |       |       |       | Payload: {Code: 0.02 (POST),
  |       |       |       |           Uri-Host: "example.com",
  |       |       |       |           OSCORE: [kid:0x5f,
  |       |       |       |                    Partial IV:42],
  |       |       |       |           Proxy-Scheme: "coap",
  |       |       |       |           0xff,
  |       |       |       |           {Code: 0.01 (GET),
  |       |       |       |            Uri-Path: "alarm_status"
  |       |       |       |           }   // Encrypted with CTX_C_S
  |       |       |       |          } // Encrypted with CTX_P1_P2
  |       |       |       |
  |       |     Decrypt   |
  |       |     REQ with  |
  |       |     CTX_P1_P2 |
  |       |       |       |
  |       |     Encrypt   |
  |       |     REQ with  |
  |       |     CTX_P2_S  |
  |       |       |       |
  |       |       +------>|     Code: 0.02 (POST)
  |       |       | POST  |    Token: 0x6a
  |       |       |       | Uri-Host: "example.com",
  |       |       |       |   OSCORE: [kid:0x77, Partial IV:75]
  |       |       |       |     0xff
  |       |       |       |  Payload: {Code: 0.02 (POST),
  |       |       |       |            OSCORE: [kid:0x5f,
  |       |       |       |                     Partial IV:42],
  |       |       |       |            0xff,
  |       |       |       |            {Code: 0.01 (GET),
  |       |       |       |             Uri-Path: "alarm_status"
  |       |       |       |            }   // Encrypted with CTX_C_S
  |       |       |       |           } // Encrypted with CTX_P2_S
  |       |       |       |
  |       |       |     Decrypt
  |       |       |     REQ with
  |       |       |     CTX_P2_S
  |       |       |       |
  |       |       |     Decrypt
  |       |       |     REQ with
  |       |       |     CTX_C_S
  |       |       |       |
  |       |       |     Encrypt
  |       |       |     RESP with
  |       |       |     CTX_C_S
  |       |       |       |
  |       |       |     Encrypt
  |       |       |     RESP with
  |       |       |     CTX_P2_S
  |       |       |       |
  |       |       |<------+    Code: 2.04 (Changed)
  |       |       |  2.04 |   Token: 0x6a
  |       |       |       |  OSCORE: -
  |       |       |       |    0xff
  |       |       |       | Payload: {Code: 2.04 (Changed),
  |       |       |       |           OSCORE: -,
  |       |       |       |           0xff,
  |       |       |       |           {Code: 2.05 (Content),
  |       |       |       |            0xff,
  |       |       |       |            "0"
  |       |       |       |           }   // Encrypted with CTX_C_S
  |       |       |       |          } // Encrypted with CTX_P2_S
  |       |       |       |
  |       |     Decrypt   |
  |       |     RESP with |
  |       |     CTX_P2_S  |
  |       |       |       |
  |       |     Encrypt   |
  |       |     RESP with |
  |       |     CTX_P1_P2 |
  |       |       |       |
  |       |<------+       |    Code: 2.04 (Changed)
  |       |  2.04 |       |   Token: 0x7b
  |       |       |       |  OSCORE: -
  |       |       |       |    0xff
  |       |       |       | Payload: {Code: 2.04 (Changed),
  |       |       |       |           OSCORE: -,
  |       |       |       |           0xff,
  |       |       |       |           {Code: 2.05 (Content),
  |       |       |       |            0xff,
  |       |       |       |            "0"
  |       |       |       |           }   // Encrypted with CTX_C_S
  |       |       |       |          } // Encrypted with CTX_P1_P2
  |       |       |       |
  |     Decrypt   |       |
  |     RESP with |       |
  |     CTX_P1_P2 |       |
  |       |       |       |
  |     Encrypt   |       |
  |     RESP with |       |
  |     CTX_C_P1  |       |
  |       |       |       |
  |<------+       |       |    Code: 2.04 (Changed)
  |  2.04 |       |       |   Token: 0x8c
  |       |       |       |  OSCORE: -
  |       |       |       |    0xff
  |       |       |       | Payload: {Code: 2.04 (Changed),
  |       |       |       |           OSCORE: -,
  |       |       |       |           0xff,
  |       |       |       |           {Code: 2.05 (Content),
  |       |       |       |            0xff,
  |       |       |       |            "0"
  |       |       |       |           }   // Encrypted with CTX_C_S
  |       |       |       |          } // Encrypted with CTX_C_P1
  |       |       |       |
Decrypt   |       |       |
RESP with |       |       |
CTX_C_P1  |       |       |
  |       |       |       |
Decrypt   |       |       |
RESP with |       |       |
CTX_C_S   |       |       |
  |       |       |       |

Square brackets [ ... ] indicate content of compressed COSE object.
Curly brackets { ... } indicate encrypted data.
]]></artwork>
          </artset>
        </figure>
      </section>
      <section anchor="with-reverse-proxy-oscore-c-p-p-s">
        <name>With Reverse-Proxy; OSCORE: C-P, P-S</name>
        <t>In the example shown in <xref target="fig-example-reverse-proxy-without-end-to-end"/>, message exchanges are protected with OSCORE as follows.</t>
        <ul spacing="normal">
          <li>
            <t>Between the client and the proxy, using the OSCORE Security Context CTX_C_P. The client uses the OSCORE Sender ID 0x20 when using OSCORE with the proxy.</t>
          </li>
          <li>
            <t>Between the proxy and the server, using the OSCORE Security Context CTX_P_S. The proxy uses the OSCORE Sender ID 0xd4 when using OSCORE with the server.</t>
          </li>
        </ul>
        <t>In this example, the proxy is specifically a reverse-proxy. Like typically expected in such a case, the client is not aware of that and believes to communicate with an origin server.</t>
        <t>In order to determine where it has to forward an incoming request to, the proxy relies on the hostname that clients specify in the Uri-Host Option of their sent requests. In particular, upon receiving a request that includes the Uri-Host Option with value "dev.example", the proxy forwards the request to the origin server shown in the example.</t>
        <t>Furthermore, this example assumes that, in the URI identifying the target resource at the server, the host subcomponent represents the destination IP address of the request as an IP-literal. Therefore, the request from the proxy to the server does not include a Uri-Host Option (see <xref section="6.4" sectionFormat="of" target="RFC7252"/>).</t>
        <figure anchor="fig-example-reverse-proxy-without-end-to-end">
          <name>Use of OSCORE between Client-Proxy and Proxy-Server (the Proxy is a Reverse-Proxy)</name>
          <artset>
            <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="1200" width="544" viewBox="0 0 544 1200" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 24,104 L 24,1072" fill="none" stroke="black"/>
                <path d="M 24,1128 L 24,1136" fill="none" stroke="black"/>
                <path d="M 88,48 L 88,256" fill="none" stroke="black"/>
                <path d="M 88,312 L 88,320" fill="none" stroke="black"/>
                <path d="M 88,376 L 88,800" fill="none" stroke="black"/>
                <path d="M 88,856 L 88,864" fill="none" stroke="black"/>
                <path d="M 88,920 L 88,1136" fill="none" stroke="black"/>
                <path d="M 152,48 L 152,528" fill="none" stroke="black"/>
                <path d="M 152,584 L 152,592" fill="none" stroke="black"/>
                <path d="M 152,648 L 152,1136" fill="none" stroke="black"/>
                <path d="M 24,128 L 80,128" fill="none" stroke="black"/>
                <path d="M 88,400 L 144,400" fill="none" stroke="black"/>
                <path d="M 96,672 L 152,672" fill="none" stroke="black"/>
                <path d="M 32,944 L 88,944" fill="none" stroke="black"/>
                <polygon class="arrowhead" points="152,400 140,394.4 140,405.6" fill="black" transform="rotate(0,144,400)"/>
                <polygon class="arrowhead" points="104,672 92,666.4 92,677.6" fill="black" transform="rotate(180,96,672)"/>
                <polygon class="arrowhead" points="88,128 76,122.4 76,133.6" fill="black" transform="rotate(0,80,128)"/>
                <polygon class="arrowhead" points="40,944 28,938.4 28,949.6" fill="black" transform="rotate(180,32,944)"/>
                <g class="text">
                  <text x="28" y="36">Client</text>
                  <text x="88" y="36">Proxy</text>
                  <text x="148" y="36">Server</text>
                  <text x="24" y="52">|</text>
                  <text x="32" y="68">Encrypt</text>
                  <text x="16" y="84">REQ</text>
                  <text x="52" y="84">with</text>
                  <text x="32" y="100">CTX_C_P</text>
                  <text x="216" y="132">Code:</text>
                  <text x="260" y="132">0.02</text>
                  <text x="308" y="132">(POST)</text>
                  <text x="52" y="148">POST</text>
                  <text x="212" y="148">Token:</text>
                  <text x="260" y="148">0x8c</text>
                  <text x="200" y="164">Uri-Host:</text>
                  <text x="296" y="164">"dev.example"</text>
                  <text x="208" y="180">OSCORE:</text>
                  <text x="284" y="180">[kid:0x20,</text>
                  <text x="360" y="180">Partial</text>
                  <text x="420" y="180">IV:31]</text>
                  <text x="212" y="196">0xff</text>
                  <text x="204" y="212">Payload:</text>
                  <text x="268" y="212">{Code:</text>
                  <text x="316" y="212">0.01</text>
                  <text x="364" y="212">(GET),</text>
                  <text x="288" y="228">Uri-Path:</text>
                  <text x="388" y="228">"alarm_status"</text>
                  <text x="248" y="244">}</text>
                  <text x="268" y="244">//</text>
                  <text x="320" y="244">Encrypted</text>
                  <text x="380" y="244">with</text>
                  <text x="432" y="244">CTX_C_P</text>
                  <text x="96" y="276">Decrypt</text>
                  <text x="80" y="292">REQ</text>
                  <text x="116" y="292">with</text>
                  <text x="96" y="308">CTX_C_P</text>
                  <text x="96" y="340">Encrypt</text>
                  <text x="80" y="356">REQ</text>
                  <text x="116" y="356">with</text>
                  <text x="96" y="372">CTX_P_S</text>
                  <text x="216" y="404">Code:</text>
                  <text x="260" y="404">0.02</text>
                  <text x="308" y="404">(POST)</text>
                  <text x="116" y="420">POST</text>
                  <text x="212" y="420">Token:</text>
                  <text x="260" y="420">0x7b</text>
                  <text x="208" y="436">OSCORE:</text>
                  <text x="284" y="436">[kid:0xd4,</text>
                  <text x="360" y="436">Partial</text>
                  <text x="420" y="436">IV:42]</text>
                  <text x="212" y="452">0xff</text>
                  <text x="204" y="468">Payload:</text>
                  <text x="248" y="468">{</text>
                  <text x="272" y="484">Code:</text>
                  <text x="316" y="484">0.01</text>
                  <text x="364" y="484">(GET),</text>
                  <text x="288" y="500">Uri-Path:</text>
                  <text x="388" y="500">"alarm_status"</text>
                  <text x="248" y="516">}</text>
                  <text x="268" y="516">//</text>
                  <text x="320" y="516">Encrypted</text>
                  <text x="380" y="516">with</text>
                  <text x="432" y="516">CTX_P_S</text>
                  <text x="160" y="548">Decrypt</text>
                  <text x="144" y="564">REQ</text>
                  <text x="180" y="564">with</text>
                  <text x="160" y="580">CTX_P_S</text>
                  <text x="160" y="612">Encrypt</text>
                  <text x="148" y="628">RESP</text>
                  <text x="188" y="628">with</text>
                  <text x="160" y="644">CTX_P_S</text>
                  <text x="216" y="676">Code:</text>
                  <text x="260" y="676">2.04</text>
                  <text x="320" y="676">(Changed)</text>
                  <text x="124" y="692">2.04</text>
                  <text x="212" y="692">Token:</text>
                  <text x="260" y="692">0x7b</text>
                  <text x="208" y="708">OSCORE:</text>
                  <text x="248" y="708">-</text>
                  <text x="212" y="724">0xff</text>
                  <text x="204" y="740">Payload:</text>
                  <text x="268" y="740">{Code:</text>
                  <text x="316" y="740">2.05</text>
                  <text x="380" y="740">(Content),</text>
                  <text x="272" y="756">0xff,</text>
                  <text x="264" y="772">"0"</text>
                  <text x="248" y="788">}</text>
                  <text x="268" y="788">//</text>
                  <text x="320" y="788">Encrypted</text>
                  <text x="380" y="788">with</text>
                  <text x="432" y="788">CTX_P_S</text>
                  <text x="96" y="820">Decrypt</text>
                  <text x="84" y="836">RESP</text>
                  <text x="124" y="836">with</text>
                  <text x="96" y="852">CTX_P_S</text>
                  <text x="96" y="884">Encrypt</text>
                  <text x="84" y="900">RESP</text>
                  <text x="124" y="900">with</text>
                  <text x="96" y="916">CTX_C_P</text>
                  <text x="216" y="948">Code:</text>
                  <text x="260" y="948">2.04</text>
                  <text x="320" y="948">(Changed)</text>
                  <text x="60" y="964">2.04</text>
                  <text x="212" y="964">Token:</text>
                  <text x="260" y="964">0x8c</text>
                  <text x="208" y="980">OSCORE:</text>
                  <text x="248" y="980">-</text>
                  <text x="212" y="996">0xff</text>
                  <text x="204" y="1012">Payload:</text>
                  <text x="268" y="1012">{Code:</text>
                  <text x="316" y="1012">2.05</text>
                  <text x="380" y="1012">(Content),</text>
                  <text x="272" y="1028">0xff,</text>
                  <text x="264" y="1044">"0"</text>
                  <text x="248" y="1060">}</text>
                  <text x="268" y="1060">//</text>
                  <text x="320" y="1060">Encrypted</text>
                  <text x="380" y="1060">with</text>
                  <text x="432" y="1060">CTX_C_P</text>
                  <text x="32" y="1092">Decrypt</text>
                  <text x="20" y="1108">RESP</text>
                  <text x="60" y="1108">with</text>
                  <text x="32" y="1124">CTX_C_P</text>
                  <text x="28" y="1172">Square</text>
                  <text x="92" y="1172">brackets</text>
                  <text x="136" y="1172">[</text>
                  <text x="160" y="1172">...</text>
                  <text x="184" y="1172">]</text>
                  <text x="228" y="1172">indicate</text>
                  <text x="296" y="1172">content</text>
                  <text x="340" y="1172">of</text>
                  <text x="396" y="1172">compressed</text>
                  <text x="460" y="1172">COSE</text>
                  <text x="512" y="1172">object.</text>
                  <text x="24" y="1188">Curly</text>
                  <text x="84" y="1188">brackets</text>
                  <text x="128" y="1188">{</text>
                  <text x="152" y="1188">...</text>
                  <text x="176" y="1188">}</text>
                  <text x="220" y="1188">indicate</text>
                  <text x="296" y="1188">encrypted</text>
                  <text x="360" y="1188">data.</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art"><![CDATA[
Client  Proxy  Server
  |       |       |
Encrypt   |       |
REQ with  |       |
CTX_C_P   |       |
  |       |       |
  +------>|       |     Code: 0.02 (POST)
  | POST  |       |    Token: 0x8c
  |       |       | Uri-Host: "dev.example"
  |       |       |   OSCORE: [kid:0x20, Partial IV:31]
  |       |       |     0xff
  |       |       |  Payload: {Code: 0.01 (GET),
  |       |       |            Uri-Path: "alarm_status"
  |       |       |           } // Encrypted with CTX_C_P
  |       |       |
  |     Decrypt   |
  |     REQ with  |
  |     CTX_C_P   |
  |       |       |
  |     Encrypt   |
  |     REQ with  |
  |     CTX_P_S   |
  |       |       |
  |       +------>|     Code: 0.02 (POST)
  |       | POST  |    Token: 0x7b
  |       |       |   OSCORE: [kid:0xd4, Partial IV:42]
  |       |       |     0xff
  |       |       |  Payload: {
  |       |       |            Code: 0.01 (GET),
  |       |       |            Uri-Path: "alarm_status"
  |       |       |           } // Encrypted with CTX_P_S
  |       |       |
  |       |     Decrypt
  |       |     REQ with
  |       |     CTX_P_S
  |       |       |
  |       |     Encrypt
  |       |     RESP with
  |       |     CTX_P_S
  |       |       |
  |       |<------+     Code: 2.04 (Changed)
  |       |  2.04 |    Token: 0x7b
  |       |       |   OSCORE: -
  |       |       |     0xff
  |       |       |  Payload: {Code: 2.05 (Content),
  |       |       |            0xff,
  |       |       |            "0"
  |       |       |           } // Encrypted with CTX_P_S
  |       |       |
  |     Decrypt   |
  |     RESP with |
  |     CTX_P_S   |
  |       |       |
  |     Encrypt   |
  |     RESP with |
  |     CTX_C_P   |
  |       |       |
  |<------+       |     Code: 2.04 (Changed)
  |  2.04 |       |    Token: 0x8c
  |       |       |   OSCORE: -
  |       |       |     0xff
  |       |       |  Payload: {Code: 2.05 (Content),
  |       |       |            0xff,
  |       |       |            "0"
  |       |       |           } // Encrypted with CTX_C_P
  |       |       |
Decrypt   |       |
RESP with |       |
CTX_C_P   |       |
  |       |       |

Square brackets [ ... ] indicate content of compressed COSE object.
Curly brackets { ... } indicate encrypted data.
]]></artwork>
          </artset>
        </figure>
      </section>
      <section anchor="with-reverse-proxy-oscore-c-s-c-p-p-s">
        <name>With Reverse-Proxy; OSCORE: C-S, C-P, P-S</name>
        <t>In the example shown in <xref target="fig-example-reverse-proxy-with-end-to-end"/>, message exchanges are protected with OSCORE as follows.</t>
        <ul spacing="normal">
          <li>
            <t>End-to-end between the client and the server, using the OSCORE Security Context CTX_C_S. The client uses the OSCORE Sender ID 0x5f when using OSCORE with the server.</t>
          </li>
          <li>
            <t>Between the client and the proxy, using the OSCORE Security Context CTX_C_P. The client uses the OSCORE Sender ID 0x20 when using OSCORE with the proxy.</t>
          </li>
          <li>
            <t>Between the proxy and the server, using the OSCORE Security Context CTX_P_S. The proxy uses the OSCORE Sender ID 0xd4 when using OSCORE with the server.</t>
          </li>
        </ul>
        <t>In this example, the proxy is specifically a reverse-proxy. However, unlike typically expected, the client is aware to communicate with a reverse-proxy. This is the case, e.g., in the LwM2M scenario considered in <xref target="ssec-uc4"/>, where the LwM2M Server acts as a CoAP client and uses a LwM2M Gateway acting as a CoAP-to-CoAP reverse-proxy in order to reach an end IoT device.</t>
        <t>In order to determine where it has to forward an incoming request to, the proxy relies on the URI path components that are specified as value of the Uri-Path Options included in the request. In particular, the proxy relies on the first URI path segment to identify the specific IoT device to which the request has to be forwarded, while the remaining URI path segments specify the target resource at the IoT device.</t>
        <t>However, as shown in the example, the URI path segments that specify the target resource are hidden from the proxy, since they are protected by the additional use of OSCORE end-to-end between the client and the server.</t>
        <t>Furthermore, this example assumes that, in the URIs identifying the target resource at the proxy as well as in the URI identifying the target resource at the server, the host subcomponent represents the destination IP address of the request as an IP-literal. Therefore, both the request from the client to the proxy and the request from the proxy to the server do not include a Uri-Host Option (see <xref section="6.4" sectionFormat="of" target="RFC7252"/>).</t>
        <figure anchor="fig-example-reverse-proxy-with-end-to-end">
          <name>Use of OSCORE between Client-Proxy and Proxy-Server (the Proxy is a Reverse-Proxy)</name>
          <artset>
            <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="1696" width="544" viewBox="0 0 544 1696" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 24,104 L 24,112" fill="none" stroke="black"/>
                <path d="M 24,168 L 24,1504" fill="none" stroke="black"/>
                <path d="M 24,1560 L 24,1568" fill="none" stroke="black"/>
                <path d="M 24,1624 L 24,1632" fill="none" stroke="black"/>
                <path d="M 88,48 L 88,384" fill="none" stroke="black"/>
                <path d="M 88,440 L 88,448" fill="none" stroke="black"/>
                <path d="M 88,504 L 88,1168" fill="none" stroke="black"/>
                <path d="M 88,1224 L 88,1232" fill="none" stroke="black"/>
                <path d="M 88,1288 L 88,1632" fill="none" stroke="black"/>
                <path d="M 152,48 L 152,704" fill="none" stroke="black"/>
                <path d="M 152,760 L 152,768" fill="none" stroke="black"/>
                <path d="M 152,824 L 152,832" fill="none" stroke="black"/>
                <path d="M 152,888 L 152,896" fill="none" stroke="black"/>
                <path d="M 152,952 L 152,1632" fill="none" stroke="black"/>
                <path d="M 24,192 L 80,192" fill="none" stroke="black"/>
                <path d="M 88,528 L 144,528" fill="none" stroke="black"/>
                <path d="M 96,976 L 152,976" fill="none" stroke="black"/>
                <path d="M 32,1312 L 88,1312" fill="none" stroke="black"/>
                <polygon class="arrowhead" points="152,528 140,522.4 140,533.6" fill="black" transform="rotate(0,144,528)"/>
                <polygon class="arrowhead" points="104,976 92,970.4 92,981.6" fill="black" transform="rotate(180,96,976)"/>
                <polygon class="arrowhead" points="88,192 76,186.4 76,197.6" fill="black" transform="rotate(0,80,192)"/>
                <polygon class="arrowhead" points="40,1312 28,1306.4 28,1317.6" fill="black" transform="rotate(180,32,1312)"/>
                <g class="text">
                  <text x="28" y="36">Client</text>
                  <text x="88" y="36">Proxy</text>
                  <text x="148" y="36">Server</text>
                  <text x="24" y="52">|</text>
                  <text x="32" y="68">Encrypt</text>
                  <text x="16" y="84">REQ</text>
                  <text x="52" y="84">with</text>
                  <text x="32" y="100">CTX_C_S</text>
                  <text x="32" y="132">Encrypt</text>
                  <text x="16" y="148">REQ</text>
                  <text x="52" y="148">with</text>
                  <text x="32" y="164">CTX_C_P</text>
                  <text x="208" y="196">Code:</text>
                  <text x="252" y="196">0.02</text>
                  <text x="300" y="196">(POST)</text>
                  <text x="52" y="212">POST</text>
                  <text x="204" y="212">Token:</text>
                  <text x="252" y="212">0x8c</text>
                  <text x="200" y="228">OSCORE:</text>
                  <text x="276" y="228">[kid:0x20,</text>
                  <text x="352" y="228">Partial</text>
                  <text x="412" y="228">IV:31]</text>
                  <text x="204" y="244">0xff</text>
                  <text x="196" y="260">Payload:</text>
                  <text x="260" y="260">{Code:</text>
                  <text x="308" y="260">0.02</text>
                  <text x="360" y="260">(POST),</text>
                  <text x="272" y="276">OSCORE:</text>
                  <text x="348" y="276">[kid:0x5f,</text>
                  <text x="424" y="276">Partial</text>
                  <text x="488" y="276">IV:42],</text>
                  <text x="280" y="292">Uri-Path:</text>
                  <text x="352" y="292">"dev1",</text>
                  <text x="264" y="308">0xff,</text>
                  <text x="268" y="324">{Code:</text>
                  <text x="316" y="324">0.01</text>
                  <text x="364" y="324">(GET),</text>
                  <text x="288" y="340">Uri-Path:</text>
                  <text x="388" y="340">"alarm_status"</text>
                  <text x="248" y="356">}</text>
                  <text x="284" y="356">//</text>
                  <text x="336" y="356">Encrypted</text>
                  <text x="396" y="356">with</text>
                  <text x="448" y="356">CTX_C_S</text>
                  <text x="240" y="372">}</text>
                  <text x="260" y="372">//</text>
                  <text x="312" y="372">Encrypted</text>
                  <text x="372" y="372">with</text>
                  <text x="424" y="372">CTX_C_P</text>
                  <text x="96" y="404">Decrypt</text>
                  <text x="80" y="420">REQ</text>
                  <text x="116" y="420">with</text>
                  <text x="96" y="436">CTX_C_P</text>
                  <text x="96" y="468">Encrypt</text>
                  <text x="80" y="484">REQ</text>
                  <text x="116" y="484">with</text>
                  <text x="96" y="500">CTX_P_S</text>
                  <text x="208" y="532">Code:</text>
                  <text x="252" y="532">0.02</text>
                  <text x="300" y="532">(POST)</text>
                  <text x="116" y="548">POST</text>
                  <text x="204" y="548">Token:</text>
                  <text x="252" y="548">0x7b</text>
                  <text x="200" y="564">OSCORE:</text>
                  <text x="276" y="564">[kid:0xd4,</text>
                  <text x="352" y="564">Partial</text>
                  <text x="412" y="564">IV:53]</text>
                  <text x="204" y="580">0xff</text>
                  <text x="196" y="596">Payload:</text>
                  <text x="260" y="596">{Code:</text>
                  <text x="308" y="596">0.02</text>
                  <text x="360" y="596">(POST),</text>
                  <text x="272" y="612">OSCORE:</text>
                  <text x="348" y="612">[kid:0x5f,</text>
                  <text x="424" y="612">Partial</text>
                  <text x="488" y="612">IV:42],</text>
                  <text x="264" y="628">0xff,</text>
                  <text x="268" y="644">{Code:</text>
                  <text x="316" y="644">0.01</text>
                  <text x="364" y="644">(GET),</text>
                  <text x="288" y="660">Uri-Path:</text>
                  <text x="388" y="660">"alarm_status"</text>
                  <text x="248" y="676">}</text>
                  <text x="284" y="676">//</text>
                  <text x="336" y="676">Encrypted</text>
                  <text x="396" y="676">with</text>
                  <text x="448" y="676">CTX_C_S</text>
                  <text x="240" y="692">}</text>
                  <text x="260" y="692">//</text>
                  <text x="312" y="692">Encrypted</text>
                  <text x="372" y="692">with</text>
                  <text x="424" y="692">CTX_P_S</text>
                  <text x="160" y="724">Decrypt</text>
                  <text x="144" y="740">REQ</text>
                  <text x="180" y="740">with</text>
                  <text x="160" y="756">CTX_P_S</text>
                  <text x="160" y="788">Decrypt</text>
                  <text x="144" y="804">REQ</text>
                  <text x="180" y="804">with</text>
                  <text x="160" y="820">CTX_C_S</text>
                  <text x="160" y="852">Encrypt</text>
                  <text x="148" y="868">RESP</text>
                  <text x="188" y="868">with</text>
                  <text x="160" y="884">CTX_C_S</text>
                  <text x="160" y="916">Encrypt</text>
                  <text x="148" y="932">RESP</text>
                  <text x="188" y="932">with</text>
                  <text x="160" y="948">CTX_P_S</text>
                  <text x="208" y="980">Code:</text>
                  <text x="252" y="980">2.04</text>
                  <text x="312" y="980">(Changed)</text>
                  <text x="124" y="996">2.04</text>
                  <text x="204" y="996">Token:</text>
                  <text x="252" y="996">0x7b</text>
                  <text x="200" y="1012">OSCORE:</text>
                  <text x="240" y="1012">-</text>
                  <text x="204" y="1028">0xff</text>
                  <text x="196" y="1044">Payload:</text>
                  <text x="260" y="1044">{Code:</text>
                  <text x="308" y="1044">2.04</text>
                  <text x="372" y="1044">(Changed),</text>
                  <text x="272" y="1060">OSCORE:</text>
                  <text x="316" y="1060">-,</text>
                  <text x="264" y="1076">0xff,</text>
                  <text x="268" y="1092">{Code:</text>
                  <text x="316" y="1092">2.05</text>
                  <text x="380" y="1092">(Content),</text>
                  <text x="272" y="1108">0xff,</text>
                  <text x="264" y="1124">"0"</text>
                  <text x="248" y="1140">}</text>
                  <text x="284" y="1140">//</text>
                  <text x="336" y="1140">Encrypted</text>
                  <text x="396" y="1140">with</text>
                  <text x="448" y="1140">CTX_C_S</text>
                  <text x="240" y="1156">}</text>
                  <text x="260" y="1156">//</text>
                  <text x="312" y="1156">Encrypted</text>
                  <text x="372" y="1156">with</text>
                  <text x="424" y="1156">CTX_P_S</text>
                  <text x="96" y="1188">Decrypt</text>
                  <text x="84" y="1204">RESP</text>
                  <text x="124" y="1204">with</text>
                  <text x="96" y="1220">CTX_P_S</text>
                  <text x="96" y="1252">Encrypt</text>
                  <text x="84" y="1268">RESP</text>
                  <text x="124" y="1268">with</text>
                  <text x="96" y="1284">CTX_C_P</text>
                  <text x="208" y="1316">Code:</text>
                  <text x="252" y="1316">2.04</text>
                  <text x="312" y="1316">(Changed)</text>
                  <text x="60" y="1332">2.04</text>
                  <text x="204" y="1332">Token:</text>
                  <text x="252" y="1332">0x8c</text>
                  <text x="200" y="1348">OSCORE:</text>
                  <text x="240" y="1348">-</text>
                  <text x="204" y="1364">0xff</text>
                  <text x="196" y="1380">Payload:</text>
                  <text x="260" y="1380">{Code:</text>
                  <text x="308" y="1380">2.04</text>
                  <text x="372" y="1380">(Changed),</text>
                  <text x="272" y="1396">OSCORE:</text>
                  <text x="316" y="1396">-,</text>
                  <text x="264" y="1412">0xff,</text>
                  <text x="268" y="1428">{Code:</text>
                  <text x="316" y="1428">2.05</text>
                  <text x="380" y="1428">(Content),</text>
                  <text x="272" y="1444">0xff,</text>
                  <text x="264" y="1460">"0"</text>
                  <text x="248" y="1476">}</text>
                  <text x="284" y="1476">//</text>
                  <text x="336" y="1476">Encrypted</text>
                  <text x="396" y="1476">with</text>
                  <text x="448" y="1476">CTX_C_S</text>
                  <text x="240" y="1492">}</text>
                  <text x="260" y="1492">//</text>
                  <text x="312" y="1492">Encrypted</text>
                  <text x="372" y="1492">with</text>
                  <text x="424" y="1492">CTX_C_P</text>
                  <text x="32" y="1524">Decrypt</text>
                  <text x="20" y="1540">RESP</text>
                  <text x="60" y="1540">with</text>
                  <text x="32" y="1556">CTX_C_P</text>
                  <text x="32" y="1588">Decrypt</text>
                  <text x="20" y="1604">RESP</text>
                  <text x="60" y="1604">with</text>
                  <text x="32" y="1620">CTX_C_S</text>
                  <text x="28" y="1668">Square</text>
                  <text x="92" y="1668">brackets</text>
                  <text x="136" y="1668">[</text>
                  <text x="160" y="1668">...</text>
                  <text x="184" y="1668">]</text>
                  <text x="228" y="1668">indicate</text>
                  <text x="296" y="1668">content</text>
                  <text x="340" y="1668">of</text>
                  <text x="396" y="1668">compressed</text>
                  <text x="460" y="1668">COSE</text>
                  <text x="512" y="1668">object.</text>
                  <text x="24" y="1684">Curly</text>
                  <text x="84" y="1684">brackets</text>
                  <text x="128" y="1684">{</text>
                  <text x="152" y="1684">...</text>
                  <text x="176" y="1684">}</text>
                  <text x="220" y="1684">indicate</text>
                  <text x="296" y="1684">encrypted</text>
                  <text x="360" y="1684">data.</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art"><![CDATA[
Client  Proxy  Server
  |       |       |
Encrypt   |       |
REQ with  |       |
CTX_C_S   |       |
  |       |       |
Encrypt   |       |
REQ with  |       |
CTX_C_P   |       |
  |       |       |
  +------>|       |    Code: 0.02 (POST)
  | POST  |       |   Token: 0x8c
  |       |       |  OSCORE: [kid:0x20, Partial IV:31]
  |       |       |    0xff
  |       |       | Payload: {Code: 0.02 (POST),
  |       |       |           OSCORE: [kid:0x5f, Partial IV:42],
  |       |       |           Uri-Path: "dev1",
  |       |       |           0xff,
  |       |       |           {Code: 0.01 (GET),
  |       |       |            Uri-Path: "alarm_status"
  |       |       |           }   // Encrypted with CTX_C_S
  |       |       |          } // Encrypted with CTX_C_P
  |       |       |
  |     Decrypt   |
  |     REQ with  |
  |     CTX_C_P   |
  |       |       |
  |     Encrypt   |
  |     REQ with  |
  |     CTX_P_S   |
  |       |       |
  |       +------>|    Code: 0.02 (POST)
  |       | POST  |   Token: 0x7b
  |       |       |  OSCORE: [kid:0xd4, Partial IV:53]
  |       |       |    0xff
  |       |       | Payload: {Code: 0.02 (POST),
  |       |       |           OSCORE: [kid:0x5f, Partial IV:42],
  |       |       |           0xff,
  |       |       |           {Code: 0.01 (GET),
  |       |       |            Uri-Path: "alarm_status"
  |       |       |           }   // Encrypted with CTX_C_S
  |       |       |          } // Encrypted with CTX_P_S
  |       |       |
  |       |     Decrypt
  |       |     REQ with
  |       |     CTX_P_S
  |       |       |
  |       |     Decrypt
  |       |     REQ with
  |       |     CTX_C_S
  |       |       |
  |       |     Encrypt
  |       |     RESP with
  |       |     CTX_C_S
  |       |       |
  |       |     Encrypt
  |       |     RESP with
  |       |     CTX_P_S
  |       |       |
  |       |<------+    Code: 2.04 (Changed)
  |       |  2.04 |   Token: 0x7b
  |       |       |  OSCORE: -
  |       |       |    0xff
  |       |       | Payload: {Code: 2.04 (Changed),
  |       |       |           OSCORE: -,
  |       |       |           0xff,
  |       |       |           {Code: 2.05 (Content),
  |       |       |            0xff,
  |       |       |            "0"
  |       |       |           }   // Encrypted with CTX_C_S
  |       |       |          } // Encrypted with CTX_P_S
  |       |       |
  |     Decrypt   |
  |     RESP with |
  |     CTX_P_S   |
  |       |       |
  |     Encrypt   |
  |     RESP with |
  |     CTX_C_P   |
  |       |       |
  |<------+       |    Code: 2.04 (Changed)
  |  2.04 |       |   Token: 0x8c
  |       |       |  OSCORE: -
  |       |       |    0xff
  |       |       | Payload: {Code: 2.04 (Changed),
  |       |       |           OSCORE: -,
  |       |       |           0xff,
  |       |       |           {Code: 2.05 (Content),
  |       |       |            0xff,
  |       |       |            "0"
  |       |       |           }   // Encrypted with CTX_C_S
  |       |       |          } // Encrypted with CTX_C_P
  |       |       |
Decrypt   |       |
RESP with |       |
CTX_C_P   |       |
  |       |       |
Decrypt   |       |
RESP with |       |
CTX_C_S   |       |
  |       |       |

Square brackets [ ... ] indicate content of compressed COSE object.
Curly brackets { ... } indicate encrypted data.
]]></artwork>
          </artset>
        </figure>
      </section>
    </section>
    <section anchor="sec-option-protection-diag">
      <name>State Diagram: Protection of CoAP Options</name>
      <t><xref target="fig-option-protection-diagram"/> overviews the rules defined in <xref target="general-rules"/>, which are used to determine whether a CoAP option that is originally specified only as an outer option (Class U or I) for OSCORE has to be processed as Class E, when protecting an outgoing message.</t>
      <figure anchor="fig-option-protection-diagram">
        <name>Protection of CoAP Options Originally Specified only as Outer Options (Class U or I) for OSCORE</name>
        <artset>
          <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="1152" width="576" viewBox="0 0 576 1152" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 8,160 L 8,272" fill="none" stroke="black"/>
              <path d="M 8,336 L 8,384" fill="none" stroke="black"/>
              <path d="M 24,496 L 24,656" fill="none" stroke="black"/>
              <path d="M 40,280 L 40,328" fill="none" stroke="black"/>
              <path d="M 40,392 L 40,432" fill="none" stroke="black"/>
              <path d="M 40,464 L 40,488" fill="none" stroke="black"/>
              <path d="M 40,704 L 40,1120" fill="none" stroke="black"/>
              <path d="M 64,1024 L 64,1056" fill="none" stroke="black"/>
              <path d="M 80,784 L 80,816" fill="none" stroke="black"/>
              <path d="M 80,848 L 80,1016" fill="none" stroke="black"/>
              <path d="M 104,336 L 104,384" fill="none" stroke="black"/>
              <path d="M 112,752 L 112,800" fill="none" stroke="black"/>
              <path d="M 112,896 L 112,944" fill="none" stroke="black"/>
              <path d="M 112,1104 L 112,1136" fill="none" stroke="black"/>
              <path d="M 184,336 L 184,400" fill="none" stroke="black"/>
              <path d="M 208,408 L 208,432" fill="none" stroke="black"/>
              <path d="M 208,464 L 208,488" fill="none" stroke="black"/>
              <path d="M 208,992 L 208,1016" fill="none" stroke="black"/>
              <path d="M 216,704 L 216,744" fill="none" stroke="black"/>
              <path d="M 232,496 L 232,656" fill="none" stroke="black"/>
              <path d="M 264,1024 L 264,1056" fill="none" stroke="black"/>
              <path d="M 312,496 L 312,576" fill="none" stroke="black"/>
              <path d="M 328,624 L 328,744" fill="none" stroke="black"/>
              <path d="M 328,848 L 328,888" fill="none" stroke="black"/>
              <path d="M 328,992 L 328,1096" fill="none" stroke="black"/>
              <path d="M 336,336 L 336,400" fill="none" stroke="black"/>
              <path d="M 344,752 L 344,800" fill="none" stroke="black"/>
              <path d="M 416,336 L 416,416" fill="none" stroke="black"/>
              <path d="M 440,896 L 440,944" fill="none" stroke="black"/>
              <path d="M 472,464 L 472,488" fill="none" stroke="black"/>
              <path d="M 472,624 L 472,1096" fill="none" stroke="black"/>
              <path d="M 488,496 L 488,576" fill="none" stroke="black"/>
              <path d="M 488,1104 L 488,1136" fill="none" stroke="black"/>
              <path d="M 552,464 L 552,1120" fill="none" stroke="black"/>
              <path d="M 568,160 L 568,272" fill="none" stroke="black"/>
              <path d="M 568,336 L 568,416" fill="none" stroke="black"/>
              <path d="M 8,160 L 88,160" fill="none" stroke="black"/>
              <path d="M 104,160 L 568,160" fill="none" stroke="black"/>
              <path d="M 8,272 L 568,272" fill="none" stroke="black"/>
              <path d="M 8,336 L 104,336" fill="none" stroke="black"/>
              <path d="M 184,336 L 336,336" fill="none" stroke="black"/>
              <path d="M 416,336 L 568,336" fill="none" stroke="black"/>
              <path d="M 112,352 L 128,352" fill="none" stroke="black"/>
              <path d="M 160,352 L 176,352" fill="none" stroke="black"/>
              <path d="M 344,352 L 360,352" fill="none" stroke="black"/>
              <path d="M 392,352 L 408,352" fill="none" stroke="black"/>
              <path d="M 8,384 L 104,384" fill="none" stroke="black"/>
              <path d="M 184,400 L 336,400" fill="none" stroke="black"/>
              <path d="M 416,416 L 568,416" fill="none" stroke="black"/>
              <path d="M 24,496 L 232,496" fill="none" stroke="black"/>
              <path d="M 312,496 L 488,496" fill="none" stroke="black"/>
              <path d="M 312,576 L 488,576" fill="none" stroke="black"/>
              <path d="M 24,656 L 232,656" fill="none" stroke="black"/>
              <path d="M 112,752 L 344,752" fill="none" stroke="black"/>
              <path d="M 80,784 L 104,784" fill="none" stroke="black"/>
              <path d="M 112,800 L 344,800" fill="none" stroke="black"/>
              <path d="M 112,896 L 440,896" fill="none" stroke="black"/>
              <path d="M 112,944 L 440,944" fill="none" stroke="black"/>
              <path d="M 64,1024 L 264,1024" fill="none" stroke="black"/>
              <path d="M 64,1056 L 264,1056" fill="none" stroke="black"/>
              <path d="M 112,1104 L 488,1104" fill="none" stroke="black"/>
              <path d="M 40,1120 L 104,1120" fill="none" stroke="black"/>
              <path d="M 496,1120 L 552,1120" fill="none" stroke="black"/>
              <path d="M 112,1136 L 488,1136" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="504,1120 492,1114.4 492,1125.6" fill="black" transform="rotate(180,496,1120)"/>
              <polygon class="arrowhead" points="480,1096 468,1090.4 468,1101.6" fill="black" transform="rotate(90,472,1096)"/>
              <polygon class="arrowhead" points="480,488 468,482.4 468,493.6" fill="black" transform="rotate(90,472,488)"/>
              <polygon class="arrowhead" points="416,352 404,346.4 404,357.6" fill="black" transform="rotate(0,408,352)"/>
              <polygon class="arrowhead" points="336,1096 324,1090.4 324,1101.6" fill="black" transform="rotate(90,328,1096)"/>
              <polygon class="arrowhead" points="336,888 324,882.4 324,893.6" fill="black" transform="rotate(90,328,888)"/>
              <polygon class="arrowhead" points="336,744 324,738.4 324,749.6" fill="black" transform="rotate(90,328,744)"/>
              <polygon class="arrowhead" points="224,744 212,738.4 212,749.6" fill="black" transform="rotate(90,216,744)"/>
              <polygon class="arrowhead" points="216,1016 204,1010.4 204,1021.6" fill="black" transform="rotate(90,208,1016)"/>
              <polygon class="arrowhead" points="216,488 204,482.4 204,493.6" fill="black" transform="rotate(90,208,488)"/>
              <polygon class="arrowhead" points="184,352 172,346.4 172,357.6" fill="black" transform="rotate(0,176,352)"/>
              <polygon class="arrowhead" points="112,1120 100,1114.4 100,1125.6" fill="black" transform="rotate(0,104,1120)"/>
              <polygon class="arrowhead" points="88,1016 76,1010.4 76,1021.6" fill="black" transform="rotate(90,80,1016)"/>
              <polygon class="arrowhead" points="48,488 36,482.4 36,493.6" fill="black" transform="rotate(90,40,488)"/>
              <polygon class="arrowhead" points="48,328 36,322.4 36,333.6" fill="black" transform="rotate(90,40,328)"/>
              <circle cx="40" cy="512" r="6" class="closeddot" fill="black"/>
              <circle cx="40" cy="592" r="6" class="closeddot" fill="black"/>
              <circle cx="96" cy="96" r="6" class="opendot" fill="white" stroke="black"/>
              <circle cx="96" cy="112" r="6" class="opendot" fill="white" stroke="black"/>
              <circle cx="96" cy="128" r="6" class="opendot" fill="white" stroke="black"/>
              <circle cx="96" cy="144" r="6" class="opendot" fill="white" stroke="black"/>
              <circle cx="96" cy="160" r="6" class="opendot" fill="white" stroke="black"/>
              <g class="text">
                <text x="108" y="36">..........................</text>
                <text x="8" y="52">:</text>
                <text x="208" y="52">:</text>
                <text x="8" y="68">:</text>
                <text x="44" y="68">Source</text>
                <text x="100" y="68">OSCORE</text>
                <text x="164" y="68">endpoint</text>
                <text x="208" y="68">:</text>
                <text x="8" y="84">:</text>
                <text x="208" y="84">:</text>
                <text x="48" y="100">:..........</text>
                <text x="156" y="100">.............:</text>
                <text x="24" y="196">I</text>
                <text x="52" y="196">must</text>
                <text x="104" y="196">protect</text>
                <text x="148" y="196">an</text>
                <text x="196" y="196">outgoing</text>
                <text x="264" y="196">message</text>
                <text x="304" y="196">M</text>
                <text x="328" y="196">for</text>
                <text x="376" y="196">another</text>
                <text x="436" y="196">OSCORE</text>
                <text x="500" y="196">endpoint</text>
                <text x="548" y="196">X.</text>
                <text x="24" y="228">M</text>
                <text x="68" y="228">includes</text>
                <text x="112" y="228">a</text>
                <text x="140" y="228">CoAP</text>
                <text x="188" y="228">option</text>
                <text x="232" y="228">OPT</text>
                <text x="268" y="228">that</text>
                <text x="300" y="228">is</text>
                <text x="356" y="228">originally</text>
                <text x="440" y="228">specified</text>
                <text x="500" y="228">only</text>
                <text x="532" y="228">as</text>
                <text x="28" y="244">an</text>
                <text x="64" y="244">outer</text>
                <text x="116" y="244">option</text>
                <text x="172" y="244">(Class</text>
                <text x="208" y="244">U</text>
                <text x="228" y="244">or</text>
                <text x="252" y="244">I)</text>
                <text x="280" y="244">for</text>
                <text x="328" y="244">OSCORE.</text>
                <text x="32" y="356">Did</text>
                <text x="56" y="356">I</text>
                <text x="80" y="356">add</text>
                <text x="144" y="356">YES</text>
                <text x="204" y="356">As</text>
                <text x="232" y="356">far</text>
                <text x="260" y="356">as</text>
                <text x="280" y="356">I</text>
                <text x="304" y="356">can</text>
                <text x="376" y="356">YES</text>
                <text x="436" y="356">As</text>
                <text x="464" y="356">far</text>
                <text x="492" y="356">as</text>
                <text x="512" y="356">I</text>
                <text x="536" y="356">can</text>
                <text x="32" y="372">OPT</text>
                <text x="60" y="372">to</text>
                <text x="84" y="372">M?</text>
                <text x="216" y="372">tell,</text>
                <text x="252" y="372">is</text>
                <text x="272" y="372">X</text>
                <text x="288" y="372">a</text>
                <text x="448" y="372">tell,</text>
                <text x="484" y="372">is</text>
                <text x="504" y="372">X</text>
                <text x="528" y="372">the</text>
                <text x="228" y="388">consumer</text>
                <text x="276" y="388">of</text>
                <text x="308" y="388">OPT?</text>
                <text x="472" y="388">immediately</text>
                <text x="540" y="388">next</text>
                <text x="460" y="404">consumer</text>
                <text x="508" y="404">of</text>
                <text x="540" y="404">OPT?</text>
                <text x="472" y="436">|</text>
                <text x="552" y="436">|</text>
                <text x="44" y="452">NO</text>
                <text x="212" y="452">NO</text>
                <text x="472" y="452">YES</text>
                <text x="556" y="452">NO</text>
                <text x="60" y="516">As</text>
                <text x="88" y="516">far</text>
                <text x="116" y="516">as</text>
                <text x="136" y="516">I</text>
                <text x="160" y="516">can</text>
                <text x="200" y="516">tell,</text>
                <text x="340" y="516">Does</text>
                <text x="368" y="516">X</text>
                <text x="396" y="516">need</text>
                <text x="428" y="516">to</text>
                <text x="56" y="532">X</text>
                <text x="76" y="532">is</text>
                <text x="100" y="532">my</text>
                <text x="132" y="532">next</text>
                <text x="172" y="532">hop;</text>
                <text x="348" y="532">access</text>
                <text x="392" y="532">OPT</text>
                <text x="436" y="532">before</text>
                <text x="364" y="548">decrypting</text>
                <text x="416" y="548">M</text>
                <text x="436" y="548">or</text>
                <text x="460" y="548">in</text>
                <text x="44" y="564">OR</text>
                <text x="344" y="564">order</text>
                <text x="380" y="564">to</text>
                <text x="424" y="564">decrypt</text>
                <text x="468" y="564">M?</text>
                <text x="60" y="596">As</text>
                <text x="88" y="596">far</text>
                <text x="116" y="596">as</text>
                <text x="136" y="596">I</text>
                <text x="160" y="596">can</text>
                <text x="200" y="596">tell,</text>
                <text x="328" y="596">|</text>
                <text x="472" y="596">|</text>
                <text x="60" y="612">my</text>
                <text x="92" y="612">next</text>
                <text x="128" y="612">hop</text>
                <text x="156" y="612">is</text>
                <text x="184" y="612">not</text>
                <text x="332" y="612">NO</text>
                <text x="472" y="612">YES</text>
                <text x="64" y="628">the</text>
                <text x="128" y="628">immediately</text>
                <text x="196" y="628">next</text>
                <text x="84" y="644">consumer</text>
                <text x="132" y="644">of</text>
                <text x="160" y="644">OPT</text>
                <text x="40" y="676">|</text>
                <text x="216" y="676">|</text>
                <text x="44" y="692">NO</text>
                <text x="216" y="692">YES</text>
                <text x="132" y="772">Is</text>
                <text x="160" y="772">OPT</text>
                <text x="192" y="772">the</text>
                <text x="244" y="772">Uri-Host</text>
                <text x="308" y="772">Option</text>
                <text x="132" y="788">or</text>
                <text x="160" y="788">the</text>
                <text x="212" y="788">Uri-Port</text>
                <text x="280" y="788">Option?</text>
                <text x="328" y="820">|</text>
                <text x="84" y="836">NO</text>
                <text x="328" y="836">YES</text>
                <text x="140" y="916">Does</text>
                <text x="168" y="916">M</text>
                <text x="208" y="916">include</text>
                <text x="256" y="916">the</text>
                <text x="324" y="916">Proxy-Scheme</text>
                <text x="404" y="916">Option</text>
                <text x="132" y="932">or</text>
                <text x="160" y="932">the</text>
                <text x="256" y="932">Proxy-Scheme-Number</text>
                <text x="368" y="932">Option?</text>
                <text x="208" y="964">|</text>
                <text x="328" y="964">|</text>
                <text x="208" y="980">YES</text>
                <text x="332" y="980">NO</text>
                <text x="104" y="1044">Process</text>
                <text x="152" y="1044">OPT</text>
                <text x="180" y="1044">as</text>
                <text x="216" y="1044">Class</text>
                <text x="248" y="1044">E</text>
                <text x="152" y="1124">Process</text>
                <text x="200" y="1124">OPT</text>
                <text x="228" y="1124">as</text>
                <text x="256" y="1124">per</text>
                <text x="288" y="1124">its</text>
                <text x="340" y="1124">original</text>
                <text x="400" y="1124">Class</text>
                <text x="432" y="1124">U</text>
                <text x="452" y="1124">or</text>
                <text x="472" y="1124">I</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art" align="center"><![CDATA[
..........................
:                        :
: Source OSCORE endpoint :
:                        :
:..........o.............:
           o
           o
           o
+----------o----------------------------------------------------------+
|                                                                     |
| I must protect an outgoing message M for another OSCORE endpoint X. |
|                                                                     |
| M includes a CoAP option OPT that is originally specified only as   |
| an outer option (Class U or I) for OSCORE.                          |
|                                                                     |
+---------------------------------------------------------------------+
    |
    |
    v
+-----------+         +------------------+         +------------------+
| Did I add |---YES-->| As far as I can  |---YES-->| As far as I can  |
| OPT to M? |         | tell, is X a     |         | tell, is X the   |
+-----------+         | consumer of OPT? |         | immediately next |
    |                 +------------------+         | consumer of OPT? |
    |                    |                         +------------------+
    |                    |                                |         |
    NO                   NO                              YES        NO
    |                    |                                |         |
    v                    v                                v         |
  +-------------------------+         +---------------------+       |
  | * As far as I can tell, |         | Does X need to      |       |
  |   X is my next hop;     |         | access OPT before   |       |
  |                         |         | decrypting M or in  |       |
  | OR                      |         | order to decrypt M? |       |
  |                         |         +---------------------+       |
  | * As far as I can tell, |           |                 |         |
  |   my next hop is not    |           NO               YES        |
  |   the immediately next  |           |                 |         |
  |   consumer of OPT       |           |                 |         |
  +-------------------------+           |                 |         |
    |                     |             |                 |         |
    NO                   YES            |                 |         |
    |                     |             |                 |         |
    |                     |             |                 |         |
    |                     v             v                 |         |
    |        +----------------------------+               |         |
    |        | Is OPT the Uri-Host Option |               |         |
    |    +---| or the Uri-Port Option?    |               |         |
    |    |   +----------------------------+               |         |
    |    |                              |                 |         |
    |    NO                            YES                |         |
    |    |                              |                 |         |
    |    |                              |                 |         |
    |    |                              v                 |         |
    |    |   +----------------------------------------+   |         |
    |    |   | Does M include the Proxy-Scheme Option |   |         |
    |    |   | or the Proxy-Scheme-Number Option?     |   |         |
    |    |   +----------------------------------------+   |         |
    |    |               |              |                 |         |
    |    |              YES             NO                |         |
    |    |               |              |                 |         |
    |    v               v              |                 |         |
    |  +------------------------+       |                 |         |
    |  | Process OPT as Class E |       |                 |         |
    |  +------------------------+       |                 |         |
    |                                   |                 |         |
    |                                   v                 v         |
    |        +----------------------------------------------+       |
    +------->| Process OPT as per its original Class U or I |<------+
             +----------------------------------------------+
]]></artwork>
        </artset>
      </figure>
    </section>
    <section anchor="sec-incoming-req-diag">
      <name>State Diagram: Processing of Incoming Requests</name>
      <t><xref target="fig-incoming-request-diagram"/> overviews the processing of an incoming request, which is specified in <xref target="incoming-requests"/>. The dotted boxes indicate ending states where the processing terminates.</t>
      <figure anchor="fig-incoming-request-diagram">
        <name>Processing of an Incoming Request</name>
        <artset>
          <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="1840" width="576" viewBox="0 0 576 1840" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 8,224 L 8,352" fill="none" stroke="black"/>
              <path d="M 8,560 L 8,784" fill="none" stroke="black"/>
              <path d="M 8,1168 L 8,1344" fill="none" stroke="black"/>
              <path d="M 8,1680 L 8,1760" fill="none" stroke="black"/>
              <path d="M 32,400 L 32,552" fill="none" stroke="black"/>
              <path d="M 32,832 L 32,1160" fill="none" stroke="black"/>
              <path d="M 32,1352 L 32,1672" fill="none" stroke="black"/>
              <path d="M 80,1520 L 80,1600" fill="none" stroke="black"/>
              <path d="M 96,1008 L 96,1072" fill="none" stroke="black"/>
              <path d="M 112,32 L 112,64" fill="none" stroke="black"/>
              <path d="M 128,112 L 128,216" fill="none" stroke="black"/>
              <path d="M 136,1440 L 136,1472" fill="none" stroke="black"/>
              <path d="M 136,1608 L 136,1632" fill="none" stroke="black"/>
              <path d="M 160,224 L 160,352" fill="none" stroke="black"/>
              <path d="M 176,272 L 176,512" fill="none" stroke="black"/>
              <path d="M 184,560 L 184,784" fill="none" stroke="black"/>
              <path d="M 192,832 L 192,896" fill="none" stroke="black"/>
              <path d="M 200,560 L 200,656" fill="none" stroke="black"/>
              <path d="M 208,1376 L 208,1440" fill="none" stroke="black"/>
              <path d="M 208,1520 L 208,1600" fill="none" stroke="black"/>
              <path d="M 216,224 L 216,288" fill="none" stroke="black"/>
              <path d="M 224,296 L 224,352" fill="none" stroke="black"/>
              <path d="M 224,384 L 224,552" fill="none" stroke="black"/>
              <path d="M 248,1168 L 248,1344" fill="none" stroke="black"/>
              <path d="M 256,160 L 256,176" fill="none" stroke="black"/>
              <path d="M 288,496 L 288,512" fill="none" stroke="black"/>
              <path d="M 288,704 L 288,824" fill="none" stroke="black"/>
              <path d="M 288,904 L 288,1000" fill="none" stroke="black"/>
              <path d="M 288,1120 L 288,1160" fill="none" stroke="black"/>
              <path d="M 288,1248 L 288,1368" fill="none" stroke="black"/>
              <path d="M 288,1448 L 288,1552" fill="none" stroke="black"/>
              <path d="M 296,224 L 296,288" fill="none" stroke="black"/>
              <path d="M 296,1680 L 296,1760" fill="none" stroke="black"/>
              <path d="M 320,560 L 320,656" fill="none" stroke="black"/>
              <path d="M 320,832 L 320,896" fill="none" stroke="black"/>
              <path d="M 336,72 L 336,960" fill="none" stroke="black"/>
              <path d="M 336,1376 L 336,1440" fill="none" stroke="black"/>
              <path d="M 344,1008 L 344,1072" fill="none" stroke="black"/>
              <path d="M 352,224 L 352,272" fill="none" stroke="black"/>
              <path d="M 368,280 L 368,1712" fill="none" stroke="black"/>
              <path d="M 392,832 L 392,880" fill="none" stroke="black"/>
              <path d="M 416,320 L 416,824" fill="none" stroke="black"/>
              <path d="M 416,928 L 416,1096" fill="none" stroke="black"/>
              <path d="M 448,112 L 448,216" fill="none" stroke="black"/>
              <path d="M 448,432 L 448,464" fill="none" stroke="black"/>
              <path d="M 448,544 L 448,576" fill="none" stroke="black"/>
              <path d="M 464,624 L 464,696" fill="none" stroke="black"/>
              <path d="M 472,320 L 472,424" fill="none" stroke="black"/>
              <path d="M 488,224 L 488,272" fill="none" stroke="black"/>
              <path d="M 488,472 L 488,536" fill="none" stroke="black"/>
              <path d="M 488,928 L 488,1000" fill="none" stroke="black"/>
              <path d="M 496,32 L 496,64" fill="none" stroke="black"/>
              <path d="M 504,584 L 504,640" fill="none" stroke="black"/>
              <path d="M 512,832 L 512,880" fill="none" stroke="black"/>
              <path d="M 528,432 L 528,464" fill="none" stroke="black"/>
              <path d="M 536,544 L 536,576" fill="none" stroke="black"/>
              <path d="M 568,48 L 568,640" fill="none" stroke="black"/>
              <path d="M 112,32 L 496,32" fill="none" stroke="black"/>
              <path d="M 80,48 L 104,48" fill="none" stroke="black"/>
              <path d="M 504,48 L 568,48" fill="none" stroke="black"/>
              <path d="M 112,64 L 496,64" fill="none" stroke="black"/>
              <path d="M 8,224 L 160,224" fill="none" stroke="black"/>
              <path d="M 216,224 L 296,224" fill="none" stroke="black"/>
              <path d="M 352,224 L 488,224" fill="none" stroke="black"/>
              <path d="M 168,240 L 208,240" fill="none" stroke="black"/>
              <path d="M 176,272 L 208,272" fill="none" stroke="black"/>
              <path d="M 352,272 L 488,272" fill="none" stroke="black"/>
              <path d="M 216,288 L 296,288" fill="none" stroke="black"/>
              <path d="M 8,352 L 160,352" fill="none" stroke="black"/>
              <path d="M 448,432 L 528,432" fill="none" stroke="black"/>
              <path d="M 448,464 L 528,464" fill="none" stroke="black"/>
              <path d="M 448,544 L 536,544" fill="none" stroke="black"/>
              <path d="M 8,560 L 184,560" fill="none" stroke="black"/>
              <path d="M 200,560 L 320,560" fill="none" stroke="black"/>
              <path d="M 448,576 L 536,576" fill="none" stroke="black"/>
              <path d="M 504,640 L 520,640" fill="none" stroke="black"/>
              <path d="M 552,640 L 568,640" fill="none" stroke="black"/>
              <path d="M 200,656 L 320,656" fill="none" stroke="black"/>
              <path d="M 8,784 L 184,784" fill="none" stroke="black"/>
              <path d="M 192,832 L 320,832" fill="none" stroke="black"/>
              <path d="M 392,832 L 512,832" fill="none" stroke="black"/>
              <path d="M 392,880 L 512,880" fill="none" stroke="black"/>
              <path d="M 192,896 L 320,896" fill="none" stroke="black"/>
              <path d="M 96,1008 L 344,1008" fill="none" stroke="black"/>
              <path d="M 96,1072 L 344,1072" fill="none" stroke="black"/>
              <path d="M 8,1168 L 248,1168" fill="none" stroke="black"/>
              <path d="M 8,1344 L 248,1344" fill="none" stroke="black"/>
              <path d="M 208,1376 L 336,1376" fill="none" stroke="black"/>
              <path d="M 208,1440 L 336,1440" fill="none" stroke="black"/>
              <path d="M 80,1520 L 208,1520" fill="none" stroke="black"/>
              <path d="M 216,1552 L 232,1552" fill="none" stroke="black"/>
              <path d="M 264,1552 L 288,1552" fill="none" stroke="black"/>
              <path d="M 80,1600 L 208,1600" fill="none" stroke="black"/>
              <path d="M 8,1680 L 296,1680" fill="none" stroke="black"/>
              <path d="M 304,1712 L 320,1712" fill="none" stroke="black"/>
              <path d="M 344,1712 L 368,1712" fill="none" stroke="black"/>
              <path d="M 8,1760 L 296,1760" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="512,48 500,42.4 500,53.6" fill="black" transform="rotate(180,504,48)"/>
              <polygon class="arrowhead" points="496,1000 484,994.4 484,1005.6" fill="black" transform="rotate(90,488,1000)"/>
              <polygon class="arrowhead" points="496,536 484,530.4 484,541.6" fill="black" transform="rotate(90,488,536)"/>
              <polygon class="arrowhead" points="480,424 468,418.4 468,429.6" fill="black" transform="rotate(90,472,424)"/>
              <polygon class="arrowhead" points="472,696 460,690.4 460,701.6" fill="black" transform="rotate(90,464,696)"/>
              <polygon class="arrowhead" points="456,216 444,210.4 444,221.6" fill="black" transform="rotate(90,448,216)"/>
              <polygon class="arrowhead" points="424,1096 412,1090.4 412,1101.6" fill="black" transform="rotate(90,416,1096)"/>
              <polygon class="arrowhead" points="424,824 412,818.4 412,829.6" fill="black" transform="rotate(90,416,824)"/>
              <polygon class="arrowhead" points="376,280 364,274.4 364,285.6" fill="black" transform="rotate(270,368,280)"/>
              <polygon class="arrowhead" points="344,72 332,66.4 332,77.6" fill="black" transform="rotate(270,336,72)"/>
              <polygon class="arrowhead" points="296,1448 284,1442.4 284,1453.6" fill="black" transform="rotate(270,288,1448)"/>
              <polygon class="arrowhead" points="296,1248 284,1242.4 284,1253.6" fill="black" transform="rotate(270,288,1248)"/>
              <polygon class="arrowhead" points="296,1160 284,1154.4 284,1165.6" fill="black" transform="rotate(90,288,1160)"/>
              <polygon class="arrowhead" points="296,1000 284,994.4 284,1005.6" fill="black" transform="rotate(90,288,1000)"/>
              <polygon class="arrowhead" points="296,824 284,818.4 284,829.6" fill="black" transform="rotate(90,288,824)"/>
              <polygon class="arrowhead" points="296,496 284,490.4 284,501.6" fill="black" transform="rotate(270,288,496)"/>
              <polygon class="arrowhead" points="264,160 252,154.4 252,165.6" fill="black" transform="rotate(270,256,160)"/>
              <polygon class="arrowhead" points="232,552 220,546.4 220,557.6" fill="black" transform="rotate(90,224,552)"/>
              <polygon class="arrowhead" points="216,272 204,266.4 204,277.6" fill="black" transform="rotate(0,208,272)"/>
              <polygon class="arrowhead" points="216,240 204,234.4 204,245.6" fill="black" transform="rotate(0,208,240)"/>
              <polygon class="arrowhead" points="144,1608 132,1602.4 132,1613.6" fill="black" transform="rotate(270,136,1608)"/>
              <polygon class="arrowhead" points="144,1440 132,1434.4 132,1445.6" fill="black" transform="rotate(270,136,1440)"/>
              <polygon class="arrowhead" points="136,216 124,210.4 124,221.6" fill="black" transform="rotate(90,128,216)"/>
              <polygon class="arrowhead" points="112,48 100,42.4 100,53.6" fill="black" transform="rotate(0,104,48)"/>
              <polygon class="arrowhead" points="40,1672 28,1666.4 28,1677.6" fill="black" transform="rotate(90,32,1672)"/>
              <polygon class="arrowhead" points="40,1160 28,1154.4 28,1165.6" fill="black" transform="rotate(90,32,1160)"/>
              <polygon class="arrowhead" points="40,552 28,546.4 28,557.6" fill="black" transform="rotate(90,32,552)"/>
              <g class="text">
                <text x="36" y="52">Incoming</text>
                <text x="192" y="52">Are</text>
                <text x="232" y="52">there</text>
                <text x="312" y="52">proxy-related</text>
                <text x="404" y="52">options?</text>
                <text x="32" y="68">request</text>
                <text x="128" y="84">|</text>
                <text x="448" y="84">|</text>
                <text x="128" y="100">YES</text>
                <text x="260" y="100">..........</text>
                <text x="452" y="100">NO</text>
                <text x="224" y="116">:</text>
                <text x="260" y="116">Return</text>
                <text x="296" y="116">:</text>
                <text x="224" y="132">:</text>
                <text x="252" y="132">5.05</text>
                <text x="296" y="132">:</text>
                <text x="260" y="148">:........:</text>
                <text x="260" y="196">NO</text>
                <text x="256" y="212">|</text>
                <text x="184" y="228">YES</text>
                <text x="28" y="244">Is</text>
                <text x="64" y="244">there</text>
                <text x="104" y="244">the</text>
                <text x="236" y="244">Am</text>
                <text x="256" y="244">I</text>
                <text x="272" y="244">a</text>
                <text x="372" y="244">Is</text>
                <text x="408" y="244">there</text>
                <text x="444" y="244">an</text>
                <text x="56" y="260">Proxy-Uri</text>
                <text x="124" y="260">Option</text>
                <text x="256" y="260">forward</text>
                <text x="388" y="260">OSCORE</text>
                <text x="448" y="260">Option?</text>
                <text x="28" y="276">or</text>
                <text x="56" y="276">the</text>
                <text x="112" y="276">Proxy-Cri</text>
                <text x="252" y="276">proxy?</text>
                <text x="48" y="292">Option,</text>
                <text x="116" y="292">possibly</text>
                <text x="416" y="292">|</text>
                <text x="472" y="292">|</text>
                <text x="36" y="308">with</text>
                <text x="72" y="308">the</text>
                <text x="420" y="308">NO</text>
                <text x="472" y="308">YES</text>
                <text x="80" y="324">Uri-Path-Abbrev</text>
                <text x="48" y="340">Option?</text>
                <text x="32" y="372">|</text>
                <text x="224" y="372">YES</text>
                <text x="36" y="388">NO</text>
                <text x="284" y="436">..........</text>
                <text x="248" y="452">:</text>
                <text x="284" y="452">Return</text>
                <text x="320" y="452">:</text>
                <text x="488" y="452">Decrypt</text>
                <text x="248" y="468">:</text>
                <text x="276" y="468">4.01</text>
                <text x="320" y="468">:</text>
                <text x="284" y="484">:........:</text>
                <text x="176" y="532">YES</text>
                <text x="292" y="532">NO</text>
                <text x="176" y="548">|</text>
                <text x="288" y="548">|</text>
                <text x="492" y="564">Success?</text>
                <text x="28" y="580">Is</text>
                <text x="64" y="580">there</text>
                <text x="104" y="580">the</text>
                <text x="220" y="580">Is</text>
                <text x="244" y="580">it</text>
                <text x="68" y="596">Proxy-Scheme</text>
                <text x="252" y="596">acceptable</text>
                <text x="464" y="596">|</text>
                <text x="44" y="612">Option</text>
                <text x="84" y="612">or</text>
                <text x="112" y="612">the</text>
                <text x="220" y="612">to</text>
                <text x="264" y="612">forward</text>
                <text x="468" y="612">NO</text>
                <text x="96" y="628">Proxy-Scheme-Number</text>
                <text x="224" y="628">the</text>
                <text x="276" y="628">request?</text>
                <text x="48" y="644">Option,</text>
                <text x="100" y="644">with</text>
                <text x="128" y="644">a</text>
                <text x="224" y="644">(#)</text>
                <text x="536" y="644">YES</text>
                <text x="64" y="660">combination</text>
                <text x="124" y="660">of</text>
                <text x="152" y="660">the</text>
                <text x="56" y="676">following</text>
                <text x="132" y="676">options?</text>
                <text x="288" y="676">|</text>
                <text x="288" y="692">YES</text>
                <text x="24" y="708">-</text>
                <text x="72" y="708">Uri-Host;</text>
                <text x="508" y="708">................</text>
                <text x="24" y="724">-</text>
                <text x="72" y="724">Uri-Port;</text>
                <text x="448" y="724">:</text>
                <text x="484" y="724">OSCORE</text>
                <text x="536" y="724">error</text>
                <text x="568" y="724">:</text>
                <text x="24" y="740">-</text>
                <text x="100" y="740">Uri-Path-Abbrev,</text>
                <text x="448" y="740">:</text>
                <text x="492" y="740">handling</text>
                <text x="568" y="740">:</text>
                <text x="44" y="756">or</text>
                <text x="72" y="756">one</text>
                <text x="100" y="756">or</text>
                <text x="132" y="756">more</text>
                <text x="508" y="756">:..............:</text>
                <text x="68" y="772">Uri-Path</text>
                <text x="32" y="804">|</text>
                <text x="36" y="820">NO</text>
                <text x="232" y="852">Consume</text>
                <text x="280" y="852">the</text>
                <text x="412" y="852">Is</text>
                <text x="448" y="852">there</text>
                <text x="484" y="852">an</text>
                <text x="256" y="868">proxy-related</text>
                <text x="452" y="868">application?</text>
                <text x="232" y="884">options</text>
                <text x="416" y="900">|</text>
                <text x="488" y="900">|</text>
                <text x="416" y="916">YES</text>
                <text x="492" y="916">NO</text>
                <text x="336" y="980">YES</text>
                <text x="336" y="996">|</text>
                <text x="492" y="1012">..........</text>
                <text x="124" y="1028">Does</text>
                <text x="160" y="1028">the</text>
                <text x="216" y="1028">authority</text>
                <text x="296" y="1028">component</text>
                <text x="456" y="1028">:</text>
                <text x="492" y="1028">Return</text>
                <text x="528" y="1028">:</text>
                <text x="128" y="1044">(host</text>
                <text x="168" y="1044">and</text>
                <text x="208" y="1044">port)</text>
                <text x="244" y="1044">of</text>
                <text x="272" y="1044">the</text>
                <text x="456" y="1044">:</text>
                <text x="484" y="1044">4.04</text>
                <text x="528" y="1044">:</text>
                <text x="136" y="1060">request</text>
                <text x="184" y="1060">URI</text>
                <text x="236" y="1060">identify</text>
                <text x="288" y="1060">me?</text>
                <text x="492" y="1060">:........:</text>
                <text x="288" y="1092">|</text>
                <text x="292" y="1108">NO</text>
                <text x="468" y="1108">..................</text>
                <text x="400" y="1124">:</text>
                <text x="440" y="1124">Deliver</text>
                <text x="488" y="1124">the</text>
                <text x="536" y="1124">:</text>
                <text x="400" y="1140">:</text>
                <text x="440" y="1140">request</text>
                <text x="484" y="1140">to</text>
                <text x="512" y="1140">the</text>
                <text x="536" y="1140">:</text>
                <text x="400" y="1156">:</text>
                <text x="456" y="1156">application</text>
                <text x="536" y="1156">:</text>
                <text x="304" y="1172">...........</text>
                <text x="468" y="1172">:................:</text>
                <text x="40" y="1188">There</text>
                <text x="76" y="1188">is</text>
                <text x="100" y="1188">no</text>
                <text x="264" y="1188">:</text>
                <text x="304" y="1188">Forward</text>
                <text x="344" y="1188">:</text>
                <text x="68" y="1204">Proxy-Scheme</text>
                <text x="148" y="1204">Option</text>
                <text x="188" y="1204">or</text>
                <text x="264" y="1204">:</text>
                <text x="288" y="1204">the</text>
                <text x="344" y="1204">:</text>
                <text x="96" y="1220">Proxy-Scheme-Number</text>
                <text x="208" y="1220">Option,</text>
                <text x="264" y="1220">:</text>
                <text x="304" y="1220">request</text>
                <text x="344" y="1220">:</text>
                <text x="32" y="1236">but</text>
                <text x="72" y="1236">there</text>
                <text x="108" y="1236">is</text>
                <text x="128" y="1236">a</text>
                <text x="184" y="1236">combination</text>
                <text x="304" y="1236">:.........:</text>
                <text x="28" y="1252">of</text>
                <text x="56" y="1252">the</text>
                <text x="112" y="1252">following</text>
                <text x="188" y="1252">options:</text>
                <text x="24" y="1284">-</text>
                <text x="72" y="1284">Uri-Host;</text>
                <text x="24" y="1300">-</text>
                <text x="72" y="1300">Uri-Port;</text>
                <text x="24" y="1316">-</text>
                <text x="100" y="1316">Uri-Path-Abbrev,</text>
                <text x="180" y="1316">or</text>
                <text x="48" y="1332">one</text>
                <text x="76" y="1332">or</text>
                <text x="108" y="1332">more</text>
                <text x="164" y="1332">Uri-Path</text>
                <text x="132" y="1380">..........</text>
                <text x="96" y="1396">:</text>
                <text x="132" y="1396">Return</text>
                <text x="168" y="1396">:</text>
                <text x="248" y="1396">Consume</text>
                <text x="296" y="1396">the</text>
                <text x="96" y="1412">:</text>
                <text x="124" y="1412">4.01</text>
                <text x="168" y="1412">:</text>
                <text x="272" y="1412">proxy-related</text>
                <text x="132" y="1428">:........:</text>
                <text x="248" y="1428">options</text>
                <text x="140" y="1492">NO</text>
                <text x="136" y="1508">|</text>
                <text x="100" y="1540">Is</text>
                <text x="124" y="1540">it</text>
                <text x="132" y="1556">acceptable</text>
                <text x="188" y="1556">to</text>
                <text x="248" y="1556">YES</text>
                <text x="120" y="1572">forward</text>
                <text x="168" y="1572">the</text>
                <text x="124" y="1588">request?</text>
                <text x="176" y="1588">(#)</text>
                <text x="136" y="1652">YES</text>
                <text x="136" y="1668">|</text>
                <text x="28" y="1700">Am</text>
                <text x="48" y="1700">I</text>
                <text x="64" y="1700">a</text>
                <text x="128" y="1700">reverse-proxy</text>
                <text x="208" y="1700">using</text>
                <text x="248" y="1700">the</text>
                <text x="48" y="1716">request</text>
                <text x="96" y="1716">URI</text>
                <text x="132" y="1716">from</text>
                <text x="168" y="1716">the</text>
                <text x="216" y="1716">options</text>
                <text x="332" y="1716">NO</text>
                <text x="56" y="1732">Uri-Host,</text>
                <text x="136" y="1732">Uri-Port,</text>
                <text x="216" y="1732">Uri-Path,</text>
                <text x="32" y="1748">and</text>
                <text x="112" y="1748">Uri-Path-Abbrev</text>
                <text x="192" y="1748">for</text>
                <text x="248" y="1748">proxying?</text>
                <text x="16" y="1812">(#)</text>
                <text x="52" y="1812">This</text>
                <text x="84" y="1812">is</text>
                <text x="140" y="1812">determined</text>
                <text x="224" y="1812">according</text>
                <text x="276" y="1812">to</text>
                <text x="304" y="1812">the</text>
                <text x="364" y="1812">endpoint's</text>
                <text x="464" y="1812">configuration</text>
                <text x="48" y="1828">and</text>
                <text x="72" y="1828">a</text>
                <text x="116" y="1828">possible</text>
                <text x="208" y="1828">authorization</text>
                <text x="316" y="1828">enforcement.</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art" align="center"><![CDATA[
             +-----------------------------------------------+
Incoming --->|        Are there proxy-related options?       |<-------+
request      +-----------------------------------------------+        |
               |                         ^             |              |
              YES          ..........    |             NO             |
               |           : Return :    |             |              |
               |           : 5.05   :    |             |              |
               |           :........:    |             |              |
               |               ^         |             |              |
               |               |         |             |              |
               |               NO        |             |              |
               v               |         |             v              |
+------------------+ YES  +---------+    | +----------------+         |
| Is there the     |----->| Am I a  |    | | Is there an    |         |
| Proxy-Uri Option |      | forward |    | | OSCORE Option? |         |
| or the Proxy-Cri | +--->| proxy?  |    | +----------------+         |
| Option, possibly | |    +---------+    |   ^     |      |           |
| with the         | |     |             |   |     NO    YES          |
| Uri-Path-Abbrev  | |     |             |   |     |      |           |
| Option?          | |     |             |   |     |      |           |
+------------------+ |     |             |   |     |      |           |
   |                 |    YES            |   |     |      |           |
   NO                |     |             |   |     |      |           |
   |                 |     |             |   |     |      |           |
   |                 |     |             |   |     |      v           |
   |                 |     |  .......... |   |     |   +---------+    |
   |                 |     |  : Return : |   |     |   | Decrypt |    |
   |                 |     |  : 4.01   : |   |     |   +---------+    |
   |                 |     |  :........: |   |     |        |         |
   |                 |     |       ^     |   |     |        |         |
   |                 |     |       |     |   |     |        |         |
   |                YES    |       NO    |   |     |        v         |
   v                 |     v       |     |   |     |   +----------+   |
+---------------------+ +--------------+ |   |     |   | Success? |   |
| Is there the        | | Is it        | |   |     |   +----------+   |
| Proxy-Scheme        | | acceptable   | |   |     |     |    |       |
| Option or the       | | to forward   | |   |     |     NO   |       |
| Proxy-Scheme-Number | | the request? | |   |     |     |    |       |
| Option, with a      | | (#)          | |   |     |     |    +--YES--+
| combination of the  | +--------------+ |   |     |     |
| following options?  |            |     |   |     |     |
|                     |           YES    |   |     |     v
| - Uri-Host;         |            |     |   |     |   ................
| - Uri-Port;         |            |     |   |     |   : OSCORE error :
| - Uri-Path-Abbrev,  |            |     |   |     |   : handling     :
|   or one or more    |            |     |   |     |   :..............:
|   Uri-Path          |            |     |   |     |
+---------------------+            |     |   |     |
   |                               |     |   |     |
   NO                              v     |   |     v
   |                   +---------------+ |   |  +--------------+
   |                   | Consume the   | |   |  | Is there an  |
   |                   | proxy-related | |   |  | application? |
   |                   | options       | |   |  +--------------+
   |                   +---------------+ |   |     |        |
   |                               |     |   |    YES       NO
   |                               |     |   |     |        |
   |                               |     |   |     |        |
   |                               |     |   |     |        |
   |                               |    YES  |     |        |
   |                               v     |   |     |        v
   |       +------------------------------+  |     |    ..........
   |       | Does the authority component |  |     |    : Return :
   |       | (host and port) of the       |  |     |    : 4.04   :
   |       | request URI identify me?     |  |     |    :........:
   |       +------------------------------+  |     |
   |                               |         |     v
   |                               NO        |   ..................
   |                               |         |   : Deliver the    :
   |                               |         |   : request to the :
   v                               v         |   : application    :
+-----------------------------+ ...........  |   :................:
| There is no                 | : Forward :  |
| Proxy-Scheme Option or      | : the     :  |
| Proxy-Scheme-Number Option, | : request :  |
| but there is a combination  | :.........:  |
| of the following options:   |    ^         |
|                             |    |         |
| - Uri-Host;                 |    |         |
| - Uri-Port;                 |    |         |
| - Uri-Path-Abbrev, or       |    |         |
|   one or more Uri-Path      |    |         |
+-----------------------------+    |         |
   |                               |         |
   |       ..........    +---------------+   |
   |       : Return :    | Consume the   |   |
   |       : 4.01   :    | proxy-related |   |
   |       :........:    | options       |   |
   |            ^        +---------------+   |
   |            |                  ^         |
   |            |                  |         |
   |            NO                 |         |
   |            |                  |         |
   |     +---------------+         |         |
   |     | Is it         |         |         |
   |     | acceptable to |---YES---+         |
   |     | forward the   |                   |
   |     | request? (#)  |                   |
   |     +---------------+                   |
   |            ^                            |
   |            |                            |
   |           YES                           |
   v            |                            |
+-----------------------------------+        |
| Am I a reverse-proxy using the    |        |
| request URI from the options      |---NO---+
| Uri-Host, Uri-Port, Uri-Path,     |
| and Uri-Path-Abbrev for proxying? |
+-----------------------------------+


(#) This is determined according to the endpoint's configuration
    and a possible authorization enforcement.
]]></artwork>
        </artset>
      </figure>
    </section>
    <section anchor="sec-document-updates" removeInRFC="true">
      <name>Document Updates</name>
      <section anchor="sec-06-07">
        <name>Version -06 to -07</name>
        <ul spacing="normal">
          <li>
            <t>Revised presentation of the algorithm for processing incoming requests.</t>
          </li>
          <li>
            <t>Added guidelines for proxies on establishing/using OSCORE with an origin server.</t>
          </li>
          <li>
            <t>Added example of message exchange with two forward-proxies.</t>
          </li>
          <li>
            <t>Fixes in the examples of message exchange.</t>
          </li>
          <li>
            <t>Minor clarifications and editorial improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-05-06">
        <name>Version -05 to -06</name>
        <ul spacing="normal">
          <li>
            <t>Removed normative language when behavior is not new.</t>
          </li>
          <li>
            <t>Removed inappropriate references to RFC 7252.</t>
          </li>
          <li>
            <t>Defined meaning of "consumer" of a CoAP option.</t>
          </li>
          <li>
            <t>Fixed use of error codes at the origin server.</t>
          </li>
          <li>
            <t>Reorganized text on policies for source-based processing of incoming requests.</t>
          </li>
          <li>
            <t>Covered the use of the CoAP Uri-Path-Abbrev Option.</t>
          </li>
          <li>
            <t>Added requirements on including the Partial IV in the OSCORE Option of responses.</t>
          </li>
          <li>
            <t>Use of SCHC Compression/Decompression:  </t>
            <ul spacing="normal">
              <li>
                <t>Fixed generalization of Outer SCHC Compression.</t>
              </li>
              <li>
                <t>Explicit distinction between Inner and Outer SCHC Compression Rules.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>Improved visibility and discussion on two use cases: "Access Control to a Proxy" and "Access Control to the Origin Server" (via a pproxy).</t>
          </li>
          <li>
            <t>Updated references.</t>
          </li>
          <li>
            <t>Minor clarifications and editorial improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-04-05">
        <name>Version -04 to -05</name>
        <ul spacing="normal">
          <li>
            <t>Fixes in the examples of message exchange.</t>
          </li>
          <li>
            <t>Minor clarifications and editorial improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-03-04">
        <name>Version -03 to -04</name>
        <ul spacing="normal">
          <li>
            <t>Removed definition and use of "OSCORE-in-OSCORE".</t>
          </li>
          <li>
            <t>Moved use cases to an appendix.</t>
          </li>
          <li>
            <t>Explain deviations from RFC 8613 as an actual subsection.</t>
          </li>
          <li>
            <t>More precise indication of outer or inner CoAP options.</t>
          </li>
          <li>
            <t>Added security consideration on membership of OSCORE groups.</t>
          </li>
          <li>
            <t>Updated references.</t>
          </li>
          <li>
            <t>Editorial improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-02-03">
        <name>Version -02 to -03</name>
        <ul spacing="normal">
          <li>
            <t>Clarified motivation for updating RFC 8768 in the introduction.</t>
          </li>
          <li>
            <t>Explained that OSCORE-capable proxies have to recognize CoAP options included in outgoing messages to protect.</t>
          </li>
          <li>
            <t>Fixed typo about the intended class of Hop-Limit option for OSCORE.</t>
          </li>
          <li>
            <t>Fixed protection of the Uri-Host option in examples.</t>
          </li>
          <li>
            <t>Added security considerations about the Hop-Limit option.</t>
          </li>
          <li>
            <t>Clarifications and editorial improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-01-02">
        <name>Version -01 to -02</name>
        <ul spacing="normal">
          <li>
            <t>Revised escalation of CoAP option protection.</t>
          </li>
          <li>
            <t>Specified general ordering for protecting outgoing requests.</t>
          </li>
          <li>
            <t>Explicit definition of OSCORE processing for the Hop-Limit option (update to RFC 8768).</t>
          </li>
          <li>
            <t>Added examples of message exchange with a reverse-proxy.</t>
          </li>
          <li>
            <t>Clarifications and editorial improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-00-01">
        <name>Version -00 to -01</name>
        <ul spacing="normal">
          <li>
            <t>Escalation of option protection as explicit update point to RFC 8613.</t>
          </li>
          <li>
            <t>Clarified examples of Class U/I CoAP options that become encrypted.</t>
          </li>
          <li>
            <t>Considered also the CoAP Options Proxy-Cri and Proxy-Scheme-Number.</t>
          </li>
          <li>
            <t>Added reference to Onion CoAP as use case.</t>
          </li>
          <li>
            <t>Required to set a limit on OSCORE layers that can be added/removed.</t>
          </li>
          <li>
            <t>Revised general rules on protecting CoAP options.</t>
          </li>
          <li>
            <t>A forward-proxy consumes a request when the request URI identifies the proxy itself.</t>
          </li>
          <li>
            <t>Consistency fix: a reverse-proxy can forward based on Uri-Host, Uri-Port or Uri-Path.</t>
          </li>
          <li>
            <t>Generalized authorization checks as acceptability checks.</t>
          </li>
          <li>
            <t>Added acceptability check before decrypting a request.</t>
          </li>
          <li>
            <t>Fixes in the examples of message exchange.</t>
          </li>
          <li>
            <t>Updated state diagram of the incoming request processing.</t>
          </li>
          <li>
            <t>Added state diagram on the protection of CoAP options of Class U/I.</t>
          </li>
          <li>
            <t>Updated references.</t>
          </li>
          <li>
            <t>Editorial fixes and improvements.</t>
          </li>
        </ul>
      </section>
    </section>
    <section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>The authors sincerely thank <contact fullname="Christian Amsüss"/>, <contact fullname="Peter Blomqvist"/>, <contact fullname="Carsten Bormann"/>, <contact fullname="David Navarro"/>, <contact fullname="Göran Selander"/>, and <contact fullname="Lucas Åhl"/> for their comments and feedback.</t>
      <t>The work on this document has been partly supported by the Sweden's Innovation Agency VINNOVA and the Celtic-Next projects CRITISEC and CYPRESS; and by the H2020 project SIFIS-Home (Grant agreement 952652).</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA+2923bbSJIo+q6vwFE9bGlM0pZ8LXVP11HJqi6dKdtqydWX
NZdaEAlJaJMAGwAlq8s+b+c/zlfsp/2058d2XPOGBAlKLtvVbc10WSKBzMjI
yMi4x3A43LjaSx5ubDR5M832klenB69ODofjdJ6eTbPkuCrf5lm9kZ6dVdlV
59eTclykM3h9UqXnzTDPmvPhuKyyYVnTP/L8cM7PD6dpk9XNxkZaZeleclQ0
WVVkzcb1xV5yUJ4cJn8qqzd5cZH8vioX84031/aZ4XOcYWOcNntJ3Uw26sXZ
LK/rvCyamzkAcHT4+ruNxXyCE+wlz57sPBwkz54+ebaxMS4nMOResgDY4M90
0VyW1d5GQj9D+TdJ8gLeezFKXufTcpyaj3l5L9JqXIZflRWMenJ0epjsf2s+
rJsqywDGozo9/2tZTeqLtEmLZHfXPDHOm5u95N/yurFDAYwwy+nhcOfJo+TR
A+fzRdFU8PjpdTbJCvN5Nkvz6V4yQ7BGDYH1f1f5qM7iyzoZJd//9/+8mC6K
SbCwk/xNWk3a3376tVUE2eiyJMBkdRtFWc3SJr/KcANPvjt4uvt4V37FPddf
n+4+Mr8+eYa/Hg2fj1rkeYFkNi5ns/YTl1V27n1ajy/Hw2fPdh8Nmcraryyq
fDhPm8uhHBp8YP/l/uig3D8evZo3QKujl4vZWVbVTH4+KRLK8QX6m6ZIztOp
7KkcUxwr4bESGYu/TqsL3JrLppnXe/fvX19fj/K0SEcw6v0UzslFMcuKpr5P
kM7TCnYfDlbr79Hby2Y2/aqkGYaFzLCRF+ch4h88fKC/Pnm0Y7D9SLfj651H
T/XX3Qf67NePnji/6mtfP959pr8+ie2X2ajhWV4v+xoZzU1kv8/qrLrKhrPF
tMnHad0Mi7LJz+FXXGdkxI4Hu8Yfl+l8OF+cAVdqf9lUaVHPywr4YzGRkbyn
0nE2fJPdOMtg+uyaZ9Z6mz4Hztr9Yjq+zIgVR56Ypm+yYTqf4+rO82lm8JHO
6kVW18Nmt6kuhmWBNIFT4fc/XL/YfTE8kLGixPxqnhXJi/IMhkz2p1Ogx7FH
zD/kF5fNdYb/BQ47vsyLLGlK8+vrbHxZAL6myek8G5tNSIYJzjpI9ucA71U2
Sf4INIpf7Ix2R7uD5NWL/eHr06EzOkD6E74z/OPOT7s/7Q53H+w+egDsYuie
Nfxw+OBJ53EqYTUzWkwqa6HDVWXwQZ3d96e735rp/jpgjeaTc4Pj10o/Hx/R
ZurkW6Td4qJeF+1mhM8Q90tg8zbg9wDjdXrzS6Ffhl+yDRGUw/9ZlP8JVyPD
4Frg/3gtD3d2I3h+eGs8XzsT3W9NdL8fPILb169OhqfHhwedaH1dViho/jUb
N8uuRHzMQ1j8RqzhkVFTVnMekdYFD24+3z8anr7cP9iMwRHIUQejZH9W//f/
qutAjDq4rEDmAYR53wuAm89z4LlXWXWTpMUkIZk4n+YNCMRJeZ5cLFACEwk5
gXuWRWGQea9BGq43/e3bGe7sttYHy5u8HU3KnFa182C0s/Po8f2Hj549e/Jk
Z/Tw0dePHux+vbExHA6T9AykuBQwuvGnS6DaRY3idnOZwaQFfgMEOUF6myr1
wQ405bicJlsoe2wPkhncCOkFgJq9HV+mxQU8fwawZjAaQJxkxWRe5iBqwEIL
+AZX1gDC4TH4atiUQ/gnSRuaNHUmmqY3WZWc3cAEcCwRM6/OcKeS02wMolVz
I7ixYJ4cnr4+X0yTw+Iqr0oWcJItVlUAUCCUEvaNJppXWZ0BOeOwOaoUs2yS
pxVivF6ML5O01h0ADeAyrxPQbBY4YDLJzmGyOrksr/HQLupMlCECRxaHSCTR
zCCHJle8ACLKKr8AWNwFK6aIKuARB66bAbzgodUHGugQxh8kuYWvWsDFjRBm
NbAQIBdZN8MH08HKUwaSpbsB4gakeEA6vlWMq5s5w4JzXSDGh/I6znMN5JIB
ESfzEsRJkCRGyXd5AWzixgND0FTjnmU6oWAFNxcRcIPoIglrPoV7HF5D6hCs
WojhrslGF6NBclY2ly7xKF6W4LT+Da3E2YC+mF+F+NeXGagGJIA0HqGI8olC
LOmfgJ9FBXtQzVY9DCrKAHGTvUUQgWncMDr1aAJKxoBB/PM6B1Q49McnF1D8
fTmH620GOyGaBgKKi65KuGZkeyZ8HFxA5JDWWToD+qlh6mw2n5Y38CyRME1I
6rhMO1hO90gmCQmyCUqyi0JxDpPC2ZmsPpAjZlSzfDKZgsb3FZoAqnKyYCr+
Kvn5qxw/eL+x8bo/20p+/lm0xffv4cTP8dav+3IGWPA18Gi1YhDVVHgWamPZ
GMDCc3q6hotAKXM8zYknwd7OswpVKERYlf0NpOqGDqs8SNpJBUyPkJMjBV6m
03OaSWbHN8/S8RsCGkR4AHtekkyW8K81oY52g3bOrDK2G/U4K2CRZQ2IWaJq
vX+PCwOCN0tBeqmJgwOwGZ7IWVrc6JrkVkKggDOYZcme09DmUN/I5XN0nBht
awSy0puMKExGh3980AeynjprcB6GiBYMUsoNYtDfxdZ8CEkF8k3+91T5Iml1
Sc1CBNNoN1ro4ffvR0x/tV5OcyW4O91aTKfIPoBO5WzSsQFaUWbsH7j43dt1
vwI2aJnItxOUP7MrxInDXM2CIgd1qwAFsKkWyK+3W5yRBAoCbsn5H9CgNUhN
ujyGAqUI5+pvoqh1+VBrh0KbDm3Rd4D8NGE7Bo6L1zcQGuBtq84yGAMmGcKH
Q/rw/fttuswAViTovEIuWEzu05VQAAtFxAFsgF1vcYDvSuDNVl86W/koA4LU
y9hlFff5xGxHLybgRNcZnKrU3/R08td0jKw84F54MyYgoeWFiDTuziNcLC4w
O3F3appd2An0fvHAJPCIviJzI10xB2AGW2RvGxAL5jAZ8rG6NSavGTbrqGCW
S3sxoEkcmHOmigCQKRzlCR5tWI0QBixKaCpK13SjOSPx9LTv1+ViivsHCCmu
soJmoN2WkXOR6/REipQT0IKLuzbacjidihJY8/fldUbT26eBxGpPAXR5wqSE
hRalClwkbwl0vdgFneqQfnHLSeIU6e0CiL0ipIvoEV7yjhSSNiGhjuDGBjVt
3IjQw1gVFk2nCucAFNc5Cp8RMoePNmV4PTWbxG9dyeU8n05rnuEinRNuVapy
EUb393RaXuPt+C/J0RoSfSC9CkPsPCx7Sb7tiPreiY4d6N8gxnN4Z9UpDhBk
znSKnAputgwRWQdCh0xcE2GnhADViLwJGlRTWuiuN0Nsra1fMJ3ltaHqKfP3
RqZcFFYzpPsez3ioefC1wMAJG4P7CMQFwowoBqS50IbFlBdnJwUwo8owqzcK
jaw4nczwkAa7z0AbHn/TR4ERPksCRY0SEhpUEryTcpAH0LwiRyRnroiMjyVo
/MvQnXK2YVSVXs5uAiaXnsPmi6zKghAiE6c4Z2WlPRVaLujZ8F4ATFQ6jWHy
WyJtLQXqTleHt6JtvONXq1nMEEDPQoF2iaYVVaVk64G+D6Yg3yc/Ep+Q3XbE
CAB0OMX3QIwgHuhuacXnpTU2Yj6vaqS6CfPt1AjTqC4H7IQIB248Om2hyYDW
zktO0qsyB4QtCuAMJMfgNl7im8jG4CUSs5TE6vzvGd+3RQ30XfPZRYAZOG+P
lA8iG4IXABnjjLcGHwMYy9hNDb9NMj2Pjk4zLct53WLu5prLRflD8G6AIK4T
9GWB9I47BjfVAlifd1ocZZm1qWSSn59nRKmGu+H2EB7hRIxBbJzIcKHAa2hC
dls2jQ7WeVLSgXE4S80YwI1EEmltUEZGQCMIkjhxnd7AP+hUx7sI3q2QM0yQ
Zmj4LfwDryrSs5p8pqJdVV5v4zuTTC038DlcTmRcUYMLWSqUw924eM8b0WA+
gI0AOZYnm6uyv9RUkMcNBVY1JSKMa3UA+1dfJa8z1KjLaXlxk3yFloHGfiD2
gTcZSHzoq042X/x4+npzwP8mL1/R7yeHf/jx6OTwOf5++v3+Dz+YXzbkidPv
X/34w3P7m33z4NWLF4cvn/PL8GnifbSx+WL/L5ssxW6+On599Orl/g+bbeSm
ld4ttEKgPmS6ab0BB3dc5We8Id8eHP/v/3/nEXCa/ws42e7Oztcg2vAfz3ae
PoI/cBN4NrpJ+U+goJsN2OAsrYhoQHsYp/O8gW0bIJOtgbCKBLkTXn7/jpj5
z73kt2fj+c6j38kHuGDvQ8WZ9yHhrP1J62VGYuSjyDQGm97nAaZ9ePf/4v2t
eHc+/O03U5SbhzvPvvndxsbGCTABNFHgNsCtwFce78d5OsunQG5WY2C+SUb8
EjjEvEFpBGUheoWo27EzDaymasRR3qF19djAJO0oRWeLfDohu5GBCCeYZWia
z8cefB3WLQK7h4lLr7pTkfcej54iEzTL3WYNDu6xnO00wVVcyyXB0jgxXETn
Hkpdp+WiGmdRdXmvfQfO6UZguU7vSma3nmwQPMc2MhLynsMbIJEyL18xp4xl
GLuoLrCortnNhRd/w4FjPz53UjM6YNTJCkhHDvYCEZ4WYe4aTxjW68HV42Ay
lyxbeFo6upHl1xu/PWbH0oMHR8l+6zO8c1BgKDK8/oHE0cyBt1OXGYaAq+gs
NSx3jbOqQZlGwCcQQWDzlyrSjyOAY8yPb5GJOSTwcp4ugB5oWAyguxnq4RTp
YS/JcrrzRfKwJwWOHopV276wQfdjKtZLvKRRlW1JEXy/yAFXrUYIl7wEdeYP
i6zQkQU8jhYyKwyTUq4WfhfEQ5E9LsGggstM1v9jlatIJb4M/vzAfD6wsgue
rHJ2piRhmDIMMjzGafZpGh0w4Fa7o0eI1hUQbitCEAfo9b5CffXaekpTj1Pe
OCviHfIxCfDOq9xYnXlxp+PLDFhBbN381ZADuwwGmvKCRUFacuphgdQAIPRZ
KXMgNr4v68a+rSjCKA79UJWw2aJZ0D2SvQXirPMri05X1o2jWK4lUsnvjqkC
HSckmBaf0RoHqo6XQhTIYsTC5u7Krbd3FRLdSxiRuPFV8kK467HVdFD2RRVU
ONfQKkHvRbOq5RyoOSfwK+p+xEx8MCsruNnbFOR+NJPjq1dkdHKN6/q9o++u
Vi5UVXAslnp9aICBSPvPs6tcTKznVTmj8V+pxXQJUibmvfehmmm0y5ZoAmx8
lpLO2p7UmGnlCuq01vIlHzFmkvCdioCSVfdFPqhErfe0zYHqX0h6JNuvciyE
kggQofoVzhaNuRU9pV6lQblO6Lh+n5GFKmJebgc2RKydPNKgy2+hYmWnhZOQ
5xvhjCbassL1tr6pkyEl08xAjBy4m9YWFkgwnfa9kaLIEk6q+jjxlYb+7pRj
Bo4NzlXbZxQqNs0uQJKegYRAtx9JDy3qEDa3qJPLlK37i0otVgIJOt0AU8bv
tgQgCn64QaCNzQQdsOlUWS/JOq41bpWA6oo9CbH/GXJuVGxQaUHrGLqmHM3L
OgZcm44YI2k/FnOy1QANCfjk2kRLN9C/WuHzooAxxOnpSKeurai3FbVld3QM
lUvCT3JxCCyalaCYE2Wk0HBrDByOmdb51ppTjSmudZ7gSKu7KfXOlEQrhYhO
k0ugRHq8OsubCsey7N4/FroHbP/NO+04aYLEBCOw/bAd/tGyj4cbwiEIeJ4b
681scwIGyLOoDnhZGV5I3SbNmOKGp4CkcpQDFjDxNEITdIljoPVEPH36ulpH
C7RS140HIW1LRJ0Rq4i4+YhU0rf5bDFzdiBYKflbmIGJPZExs1Vls/Iq22bJ
wrn1mTYvSlIx1Hi47bFcjiPS25vM28RpePCqBPmWGRQoAlPSpFzPvfj7OMZB
tBrnvIAe11i+hLbNgTJnngn9IjdzjIlFW0e5oG0RXtaJDhN5cVDCTr5tBDMm
3ACzGDRAwp4f55Li8e24HqmEjjIe/DK9wjMM6HVcCyjoAq+S8RwrJ6B7nlYN
2zGT5OicvMI+kh1iam2bt0MD504wy1HDncYdkQTtu3halvK0sZt+dB66oFxa
UbOHULnscuhDcic4y25K4V+IFVriwN8BAjk9QxHenRqDjWCEDpCMxfuXA6nK
8AwJP3w0erCTbP1YcJhw/neMg8mqCjiWMezQgQntLmpuM495sZDmCMQPNLyK
QJ8vpnTOZhQKbqRRPxYsRMiARD7hb6JMaNQnCNfMxfCKd90g6h9EZiewXGek
EfPcolsrPQxNABpbAUFWP/b8wk7WUg1CuYQXDMmlLHZ6K0Hp/Y9iGG4+QGqw
iRgZmPNgDE4OaSp5vBjYIBfkvUNrieJAY0coDILDOtiI3Y7LtFINKS3i1/Gf
AQ37qNmA6ikhT8FSxG1dx53WbpSMcS2xIIWQvxDbT2WUOPIZiIPy0HFQkvgN
TMCaQmog4p3RDs2Lvz0UK65RWY7F3yuexFk6yZiHOZpTfE10XpTjGA1zsnAM
SmcZbDPBR7ew65Z/dfzaxAz4iyUUeYEENlaPNaLaylky2pY6a2Gqo20HI6Jx
O6Cpr5FvS4zK9AxsGNplpttCUWnbwfUI9NI58yh1OAIccAhFYHCnimNNd7Am
DMh24YVg9Ex3KRSno15gB4yNjW/F2WcPxot+hE0EPXECo+IkzVqdy7NWnKro
Ypk6Qn0bljOvPzFZsJFDUh+tljeEe//CM3kU5Ey/yrNrkWmATfICmsuqXFwg
nwfxtUHXc3pRpTP2jHgrHtBdMM7nueuYxuVMMqBFPs5psqmWgU0xDThIkYA4
910TX0PySErXBv6Jj4svVq+/vBHlRWU4APJlSWE9aRPdOlIUkE7hMkPyHuOV
wweFsL0pDvQz8oiwTPOmKK+n2eQi27SGrskiM752Cb3xnO6B0SshS7ZEDQgV
XtPVZF5K6+AVCovS2A42ogTOvUWBoBUKSLBWwMWOkThCPKD4y9EaRJol3jUN
WwnJo38BBNlczhK8Kwn7p0Abye4oeYXn6jqvNUyl69FHMP0uTj9IApRGwPkf
DpIHgB4yX7j2JACyD3wP14Pv4R3gI9YxI4GaVAcK87kFyI/7g/w1gPyIdhQF
4ZZ/xSHly3I6qfvM/mS92RMyf98WXSYSSpM+gtcwlvCWc/QZXp1rfXYO1vqY
MP1n+DqbsKrInAjPi4SkAINiKZUlyvhtQjedzVHih+PP9tmxr/vv2BNYxRNa
BXHaOuZ3UON+y/OwGpKn/SF5BpA8JUhe6PVX397d0Ae4Z+sR9rOReHV8isFg
LwzG0WAyxON1Dhr2WQ+ZlQ3Zbnin2lTaAaI0fRGXNhgECgH01wFwf31HuJdK
aYG8eRv4DsrZnOQyUshSkQ0ct6wTiAHivBuKgcIFhso55heWnsTbIeFp4jlm
KRd1DpaXWs52E2ncKZ+5cllUG7NSBc9p1BzHzzRwvhcTE9prxJQFwlJ5UWCc
IknJavXGJ65RRPeCDs1uMEtydwNEsfO+S7eqgZ3dDyX2BFJzuHQVpA/VDfBV
R/BiubVDDk7HUpACQ5HpyNeu+TI2fmif2E22vgXVgM97aJ1ATG7xANlVXqLb
wIbXbreNraMQEB6mY6WcF/bYwCAp4B8ACBCfJTZCvTYo7aY3xmlThIb1YEqJ
Yo5nPhgVOWbRMAYNx1eKpKI0fiKWp5+/ct7mDD+xbXDoPBlsfv7ZN368F6Vz
mWVWTVvG3mcUNYduJOoKDYqUh2UiaeJ5r2Ia6bCZO1qc65ddYgKk6C57gHqq
mDHYHNLi2GNPIiA6O8uMa8/Rb9OmNS0aYSjgne1GxIGXYEVthZ4NJlzxwLPc
oenMA9CwSM9oTOtmq5o1IHWjS3LpJjQv5nmvgtyauso6spnGvsiiVKetL4gQ
TDl0mAjLZu6Sk2SAWlnFsdzGLY6pmlMYp25UL+jeZg5TLK80rVU8im6cf3u4
JSjoOKVHag61p1QtpO4p/REOO/L4LL/ywwpPDv+gTtqWrr7MlKHWBHeyD2NI
YL0U4LLS4DwWTLZCcltDHX2s6qg/67JYte0wwCcwrBOnQ90grX3LYH+oHrJO
9S+fdzhZC8YPHP21t8GVSHiKQEEZtb501BT75SFvZPfiB5yfRVGZmGUTxk+x
F8vLeDHiXqhBgrJ4nl8sKmOICeLEKF0NRabavQ6R8Dgkmfmc4AIkjcfJFmEP
n3oJ459y1nvbL7Ou0NE2nMN0Ow9Gu56kLVatjyaJAJrXtNJ8r4o2+xLpFeQx
A0Kqk2fD8SV30CzJ0dRYBhGn1SWUuoROPz2VegbGgeJD74kfT47sRaiLG5i1
DAwwgyXBhrVO70YgSBmHwMB5viiIJlOuI9TPWrY2+TwKnJkkfcHej9+Y9CQn
owjpSQ9ZmLnnHTAbLoEW5TGmLZCWVwLpp5pxJ7drJEHLMWPpPqUmFCq1NmX1
0aqgQIlqqAvLoeWFSFjAWUrFCc692BPx52h833LPoEdHGtJok7MmCaw5P78h
NGleli0KYs5lspWfq4QDq5ArREzRDPJ5mk/DGzWqairbvI0fe20l7eNzQpPD
l7vYIW95JjZcV0ViGVn5SZQPmLXSTuStE3UNULH4NEguWT3q8sBo5jztQd2+
5oyWY/0rbrBQVKaLXUlPwxtJ7nVYH8WYjBfTtAqIhRBVmzOM3wkhAFFj0Dqw
UYwnvSxFw0MOtK2insvzQI4tsD6mQG0x0dTZ9LwdbYnYsLadBm4l4+rCIrZT
LjHCoaFAkq6WuZRb7eiyPfbmACTYr9fmUi324yx/kCwKzIi04ZIkWFKRT1aY
SH8wBWhMeRNxQqD50JWSw9i3gGjsbW2zOUzhHbLRLdUIIiHrP+RA6MXwdTl8
YQqenugx6xB9I4Lv0mqpjhh8tzP3cP0zF1zaK86cMebd+gIfuBWb1qa1D05O
ciaMW1dCZ/w7OzgoHHvMNk/jbgmWO7RCIaaUuk8YUcbxyiteTXAo85HV2f1q
dPRTIJi5eebA0BV++x2IGBa3xC607V5nOPDa95fYG4RHh6apttW5Sd9kXuQe
m4eZHS5xHTxua+vtrIK1nJu9dPce8rVZGgco+DHjFLdQTEB0I7LMO6QalwmT
dLP/l5Zw8yjZQm3wOwwZ/RVKNl24n2TTnCqqCV3Tze1gcBVhPAkEehFPebzV
gUIHr//s8COJa/XIapTsO+GKbi6EU7YF3zK5Ca6p7T/+heGLh4WEmQ/MD//j
X4xz2pEmCtmROm8WqVUjjwI+QWbreYkBu05GNBtDJ3k9XtS1etvY9jgkPWGo
r6CrzRuwypoKK0/VhCvSCFOrP0xz9sm3IpSDbamztAIZjQOiCCp60wvmUlvo
ZFJpRI8WaeegSz5D5EglMul8EL/dip0F/Ga75YqxaGzH1DqbrFuwjp6ioYO8
d8QLJMnCl3qfGZlXijyVXnwjisQ43LOYka6dXj8wlm3Ds+I5y7aGnaQNw1mc
3oxaVIV+MIcGb2+B+rheLp/v5F17nNfOCWeJHu+pWg5jL1H9K7TV67FDIucU
9uG3eLpaOXzRk0c+QXGmEbSpCg1sx88cx2krr6XT86JuehrIXFYYx4Lwiwbv
6k3+MQxVJDhkdI7Vn+H4gZx54ElQ9fOa7XOW/NpuIfHEU+T7DJUyFHzPge1R
cOlZNk4xBdwW/HImIRc6FdKhD5tUQ/3g6TcZ+hyQONr4EAefM6Ck4VD9O1MR
BgRpIMpFmObAuYYk6EjED8iXlVakcPPMpN41jHkxY0ZjcpXsQ4ZVe8mIN46m
S2kXBfqsrnTpQQKSlyF4fo4uMRqjVe4ib2vQOqDGqLu1QruaJVBWOep1kh4r
KS46FMvbaV2XYwyq6k5iUcrlcFbP6ajhsaZopeO0DRMCaqfuM0d74WXn1qQF
vIKYcUEX8DkVYrAJjWrGUsYiQN3Y5Kj23QYnFdeNu0o1bs/VJDChjG9m6fWl
1l604Rw5wY2IRqdjUWTTes8laXmHFGJyFU/L8g1m3CxxRGM5JSrEVGBZIBKw
Kr1W86bDZCfKoYfHbZNhXsT4QmtizHJUrErVwZZpYeWd7vAWCooQ+xec3KFw
SWVEKDDUUVnDQTVmODdUlVZLhDrlv0RZtEyUIojcNbgppg5pmCKvyo5dn03h
hhz3MkOKJ7RRHzb2E5I8VCF75zQyyN3bn6v9BPQCLaJOt9VlNgUWiIwQ4MZ+
OAAd1vYH4S0dc6F+MybGcN0/MQ7ho+em/DOXuiz1FoV7N33j7uHqWBJZtRdM
opf0B4omkSn6hpO8voymLNgIidukNH0GWUx4gBqtDepT/C8dOiP4+sixM3nd
P2zm6Nzf2jwiz3ZmszBp5M2vOcdNhVQUANJpcvRHHd/XQVE+nfMzw/zKnNUh
Y+W9BGN15KpZRBqSi+Zxqm8W7XvMfeAfoTHxwYJs3wbVIzQRDJFtY80wtsCV
AZm6b2HKBLrm+FBIGqZDW65a094jszV5IagW7SpbBiiacrDU5ixvGnMpUUS+
DaxqSz7O1dlKi7eFrt01trbAknzHQHnEPDlw4nK1Vl96hjZTuiqpBrKpUI1t
XkBaB02Cgjv/pAfVPWKBmuLpnr4Vvk4ejx5iC6Cno4cDUXYf91F2t0d9Z9f6
zsykmAG84j5qiWvmlwJRTx7twP0T+AqeIZCeqs6+gNAiHerXSm2x+Uy1XK5z
mN6YpAXfdkz6CQaZKaM2F6kRt5AdOeLUKgLQDAh/HuQ9IC4QT06so6HiekHj
vBovZuzQodRyq/2FM7AmsAbMIscCDxMB6UYzQjv20TyCK4niFiMmbSUi0VgU
4XXWAD1ycR+NoHaUbdL66sbIi0G9HBtXwxRlbPSuwkxKIVcFxQKrXncMdR+Q
kcPtGrGqh4UE+gdVelb0dzCVklAA9rpFkPYiGy2sDYQIIw6hgfQqnyy4oozs
XogL1f44qGmKNWBVEdNXuNlHGbdHS0A+NdlAcOxr3ImgaNQ8y9tEGXJezX8i
pHDLDDv1K27Uou+b8UbJ/7NAfUubdYiCrVSZOhC120C1eVtHHRYy6pOU7Htk
/YIsTriWVnBw6d4dUHARe391/KiRzJ2YzkAyb8eIsjRRr5J+OJ0wzGtv36qR
YOQPJ/kQEBo/7sce9zbIh6Z9QZpTWOtSRCw4Ht4YRkZdaco3blJAXDkG0bX2
LUwqPaY110z2UZ66qzWW36VYjheNWm7Sdi/XfrIk0dDSW0PLt+vt6CeGtCRx
vk+EQceuFIcpiKfiIscLhRUMm//jGa/CevWhNGNsBY64oJ86kkIohpjXlNc4
14A5V3e4AlZP53H0HpeThUqL3regcm1Ehstje6eAy68Avk8vonaCTJsgMI0N
6AbNoPOmHuYUCeCEvfeUlCi0CHsI5mNTr6dIbG9b4vhibd0T5UWPBFcCEbLw
2UaESH7jqR3G51urhUytyEv2pKFSdx6pyMvbq9D+mxjsNk7mdT7LgFMEqwhv
1A9CXysJgFqJtKpm0tZQkMjIKqKOTcjRo60qF4QUjcmilVFJowiBDJYXuGPe
yLUYKM6zJS1gISaqiYXXlIEDL3DErcMyiUORZBEX0OWo4cUhtQ3o8psidO5F
FEwvghl8Eh82UrpB+xPdXvl73a1mWDHJU89W6YOsDvZXAG8JgakpUwTfLlEP
w/AxLDkzehx4cLdHKkLZjFUNLmGsqkmSIoqonarfM0UKjt56UbQmXYCIIaiM
jqyyalxYegwC0TvCLNFNJ5lZyw0VMmNYd1ztrzikamOIHJOR9fPPS8xP78V2
ktrqsgPrR/JEfDYH2g5axnDZ1hFuw8yWqT2Z6k+OxLhM/cEauAKoL6/jo60G
K1oF1nZn0caRsVYvYY61aRuTcOter8MW9zNpNTNJbPKWqXEoTkXZTjagSakS
t/QgUYkt3y08bG5uVWsJ5DLJItzZIBoMHic6EsbD8nrDBom82BYLMWjy3tgg
jS8ys7OU2Y6J9vAvf8O6s7Hjak+Zdgk+wLIGQUrwn4aqBrRB5kdtg5bsY4yb
4a9ObnYHLlDFkKqCrVV4EZietKdhh9fyZO5EWvJF8PesKrnAEoXyLCr0EWOa
0bNkC2glYVo54VyalqvK+H2oYrIlnVjPtiit5ibpye97ta81XbzSSjBailEh
2Cv0KkcNyW9g6XBcP1pGjKJudFALFBukvaJYg9/DLvf6c3k8m4zQxV8XNd4N
KafgwS6mNqIJ0+uNn83pQOVVpo5E67QNFqKf8Dmz1RawzdqkA/VFqzS+3PtS
gNLUM3Uumz6FYsl7szLiJGwd4cqdcViVqqk2BYVZWAM34MRpdRaaFPRNx+oS
taCSX9mjNEd8tJcQXc+jVjRry4LUvh+oy5rWrW1zQ+NUpRVOJjb4oaNDVwZn
WYKyXJ+w2t4KKj/LUDhVJIVXEEvviEPW9lTSTYuIF4O4DAPqZOgstVLqkSma
1t0ky6yY2pHDOZrJOVEjTK6rFYYMdHCWNQ3x65wkZeZsup/trtB/uszRec+1
/DSbANaV4oZKy0damGy8U8UxvOe0VSoWT1qM0cZAd2K7Xjqv2AlhCMyZL0BE
LbUHp8M+Is3L3NphQZ8uLvgcOSwS1K9lWD0bKr2jZwXpDPEBpHSVs73LMaLm
We3vrZx37gbOb6v4q/oxbMh8UcHGZSY9kp9rpKIMNRq9EaNooAinEsDbVCkZ
9mpWf5ZGzLO6Yiom2b1MySA8pj7E3Epb2LU2Boi0ylvWKW+dJnkjMW1x13Tp
u0LX7tjspuGuNuyWGEuMmRjCdV16LYDuxvqouEzqWi27hTZ0NLHcoQkoUYBS
W+dc9fGgXVraGEoj03oeFv2J1ODUKT2xNQwLcQL11CNKV4YgP9o8XveLbpvV
lx+1HF9V2MKJNenA5u33e/Weygmk4Txv8GqCMXYDhjhoVZ1XGqTRFbmJOssB
diVmTUVEnGMj4tikK9VXjC435tdAbdmfiqsvN/qiTXatzW3duz3FwN6YCc6S
pWf5FKGOCWGO2dhSadDCe8TF5yiQTILAYg1AQnOWzD1Vc4Xf+pw8OxT8i/f3
cynPhaGDY63q0fJd08FIcw7CmmHAGCxpza5rfCQjrqmW7iy9fX1GTCYWzeM1
aOXIaMVJXnPZaVYnbQymKTubnmt4Bp3xLTkp2EKewlyzbbmFUiRrooibPJtO
OGiSd9c0g49cFH58qwuaKaBNRdj6Crum8qion38tac+Ni2VsQpII0VoarV1L
hgwe8ymyV1cod2OBpc9x4EthiwOJ3BKlOHEphiQc5o7SwZhmilLVMpelSmpt
DwKxirMsLy48yTKyA5zqYpp3edIrngg1VUlzkM4T6WBNGB1I6ONsGR5ZCpGs
gvSCux6sQoepuUYvz7UtqwB7mTdKaJqo9yfbyMgjrlZmNgWJy73kqI2dle/a
JXzYPuN9Y1IbBq14yLBPap04jdTYJ6sRy3UytmzbDEo21M6iQbQf62Z6GFLg
3Oz83PJtpFlXaUmv0nxK5D2BW0YzQd7CnaNCNueodyNrrl2PnN2TBi0SWSDu
TpmSmqqYsBsN/vXou3+KJZmoHKphH67tmJLXDuX7TuJloegu8dEkgXBVrmjf
7uwBjr12lbwIObjnc50UVIVDA+1+4RiCtPt4+flBr00hy7lUZi7xiggINW0c
rhWGG+MMuZyqbNSiNxpx4qrnq0iu/xbRhawemrICWeoCTVMmj3KMfeLMXYv+
M6zN5Z1srcHEtXRspCTyfL4QODq71ULRummeeNUa3KgV78GH7CBZ6qCkaZe2
UJZCcgsnJMELZbI3VnQY3564wgcpe2gRoEnL0q0Wo/v9NT5dtkLr2v4qOdQE
qZlYTrqSZDY2fkC9aU0puNWQjm21V6WmKRVuhpGVkdj4aNtQqaGRGA4HrCrg
4nHtVg/ajXCCO1JttpOw2wD1UsuQE3g+nDB3sYfA6wfJglLjkUNtYyjciSQY
JtwhRyRrKYFOfACfvAVa5xpJK8aO3dr5j+Apx+U0OZxjySnQaZPnIAHm2fB7
ODUzRCnKnQevTg+TrcPn37862Oa9/frx7jPhWvt1vZiZYHcBytq3vYZ2ilDh
HfFOrrGGdp0Ccreiy1qcrUsfN2XLHbAAZZPWt1qFtjEnNmXAl9KdlJrQQ8Xu
WhYoJPizSLz2j8NsclmONZL3Oz7ks1K7W1ibP50CIQWOTIBV8hru6TYoYw2d
bl8/IQMUOkTc1L4zkNzhDKOhU60h5AboCfQQwUA5CKAnLDmdtK8lSEfKekqf
spgHj73nsrgwPzhoM6DqXYROorRlqnsspSvjgPbdquSyMLY/1L1aMoOoR9gl
/qxJo9Fv3opi3gqMG7SHwfQdXq3sp+NsCKfbYfJG30eIjI6PQ+0fHILcBJBT
Uijy0n3LJVT+2/cqfOWF2Dcpow1AvMqrsphJBA0S1e6DB8ITvhMLkVhna6Ob
e8a1SiIBOAHYq5ldmp55KCSr+7OliHKjiqUoNQKq2JqXsh5p4qHSnc+gHWMF
h7P+fpFjxYhCkqyPmYRFMVMPiQkGChsGrmfw4GBk5SKSOmIMcRiDqp6emDJM
AkNwdpwifKkJrvAvGk1ssSKBYXmrq8sAjk4lqNMrI2cr4JyxXc3Y8sm1jB5L
MS1ITTmPMo69hbb6yJ86Mq9UgXP8KqnrHjsdwGAMDBlV0JZxU6QzEbRNoXqb
d1pa9Kw0wp5KrEDBDTidFHQx3mxLpxUztmQQBSToWElNDI92nnDcC3Mtenth
aZJuvGPiICzoeN0evPVxo5bqZt01yhIKk3LbL83uNPCjUDsnKsbIicuZFlkh
PwovIS3qa7HAuuHOFdxMhB1b4AsPCjOLme/JlyEAbZtFuUlXzR929pLnaLA+
BcjqS11HENzO5db0XPo+1W+U35kQ3gBemE4B5Dx45w4ETUvEstOr8XEKDPnf
sht1VqXJ85enyekfD75F+zXHNZ1kGGmebJ2cqCD26MkDDGHlX3fYHCOmM62W
MtH4YxzPyfwl8uCLitQjrvJDtjZ8EqAGigCVbtHQjnF/WRdQXKdWGspmc9ht
ifxgJVSiY/jYc5IuU0zOx3KGzmy+kFMQaEBfXNQMQBNMBPs1lF0cptN5sRlX
/55S5zVWABkx2gAyHDA30EkxFUbziS5XAnmYKjj2DOlii66a7XXog8ls15CZ
FhxtrJCj8sYg2vP14xDYyRe6+aB0I9tc999njRfyW8xKxS5jSXUbE4qhGtOA
sZ01RhGichUQKY8u+5BHi+Bq0SkKnaKkjhiA7qqAFsfotN5KpyY/TnvIAWh5
MSYB2vjP8F55O6e4cBKjMXzXLFW8GSQrm6ijU0eHdEQVI4B8kna9Gm0b9L2X
qN8/PIye8g6NmzQ1R5le95xbqxP7SrvMSdP0TTaEpaPJ5zxnh7WhIg3DVVM3
zMeAYR86kvq50iiLHgJZrTHDMkD29jLFuLMr9tIfexYIIJCswqv8SgEluc1c
5sEV7vCNV+hlOWYyQO2H3qHX/7AzAJbKgZB/eChnjqf9pGIN2XrrS2x8p8qh
216ANwYoWa1D8yGbfv9f+5OkaX11sXFvGP7c23gnyLBS7Dv4DEA0MaAg1MJn
sXcT/XkX/fVKfuVX7yXuT3u4yMjv9L8vX9nxkyU/78yLf9j5xp/jd+/oHMTC
Wk/hhd92zu0Ov3TuFhTrr7s1RHzS/zL/iX3Ra4h3HZ97n32GQ/zl8PRuQ1zd
Gor41t3TJ+8N70X20h/inRNxKefOPPMO///YiXDRd8MhsNbzNKNMS6nj6g3h
uT06hrAuOQ7rD6A4eP3nn45/OvXeDYdw3XjYS9Qb4l4MR60hnGM44AAf79g5
xGx+XTKEibN3hnAef9c1RJgR+40PxeohVtBFMIQQ8DuHpzF1xiZaA4pgUO+k
2CGEJSmAsSFWQRE8cbshTrlyDPNol0PeEgrvoXAI78iHuIjw6HCIkI+HAMQ4
cTBEeJOtWkN0iD/sunfavdsMEXkwpIsQGctx4a7mZKFyXjjF0k11hxBRKQJl
e4jwKgg3Nb4QhxjaV8HqTY0ddm+e1TvScdPY5SxdpQxxVKNouqik4HgS8Nx7
7hAdUKCQ6bs4o4/eI7oITwgP0RJc20MgwcfkOB1C7xre+W/ChcgPSG9/ePhN
5Kt7Xejs+rDHFjorpxkcQXrj573kK1/WTpq8mWb/unnYMnL/6Bm5jWGe+/Go
XecVW5pPydK8CdoPVdQcptP8ovjXzTHVX9x8T4Vujt26ebhzrKx5jgqjyarp
Gn3KEgFRZ00krQ/FiSqnkdTQYBxQruLR1jGsfztSjU5j/oDNU/qs7jN3Skd9
Y7mDxbEzL+pIvSu+86V27rIIIceM1vImbNVOZi31cNsEMtscJJuWlzFhbrJe
uKkX1ybpqWijSsdsLTkm550XvtOKnPTqbLOzSV9yUiiO/RAEwRyZ0qbUeyvN
p4sqc19x3BGBchNbs03V7gqdblMW4AnDoSkBM0vRxI69bitR6BlJB98fsEo/
y2D8SWcQfJIVaD2Rpim2TEnpJK4YGvQsJTTPcovXKDkMHMSSBjyfZ4XJf9Gc
oEw8BbQSmvSSV8fe485kNuNlyGfoJTFtgVJqbY9eaqrKyXPT6+QxpBnJCQlj
/FBeD49LNFn8CU70cL/K0uQlV9Stk60fjv+0/5Lo04vPZvBdE5g6ck/Rtjk2
ByiyS+QKq1Kq1St53rhn247TVjJJdh9hBaYg2Ngx/9Tjy/Hw2bPdR0NOQcF0
BbEU1ZwqyXDh8OR8UhQjWTGGa9Nu0CKWMEN7ZoM8u4pjcSguTeCs8f7zbOys
WMsnjj3ESwiayUQiKNQLGoQY5Da+JCgmoG12bRyBsXulVHuZ/UQEoWMQlOo3
mNp8doMZzoPAvk4vnCymrl1WDEImwuC6tA4BTN9twyLhk7CCjkJNHaEMjRRj
PaIsqxXo1TuMEvxWPWt7ZwFkrZpzfuRcm762W+To3zeUNG/9AnGkO6iw3uk+
K5WqhrBLSCKlh54VWyXE04Fudo9Q2Ym6HZKG+OVc1GWhWVTxYMXKLbk5K++z
b62VOy+tT6RBZOOKe0Iyuui2sDHnQdiDie04c02qXnXVFlJMRKnkXFGYY+pa
u7U5SqQCizHnu8yLyoG2q6qapitSstZKG+Gz2pcWfftxiuyopqnlYfWuD9q4
E2Ec4lsdowqBaHc7Xx7w7l03FE/m5pIQQhnBYYpTR1ARt125ZQV+1EdETZyj
9GudUrFCY5YFqfXM+Kxs2wRTa15zXwOkRha+8liYhW/Foly2vYo8Hc2STRCK
pGNSPwvjoVzOfi0Nd3HO/S6mzw44QRKHzSwpH6Q8bWmnZW6J7PSycSsbBUTX
zfj6ktQuzeUB5IfPOev2sBZezVEK7wvFftdF2cLvHahkLex7Dzmw+ZRD93xr
d2KoaZ2BEDVdDWv6ED9s4o+mhGDe7zUSl80qUyoj0rEHd2MS7rVwFwTdljdI
lkfuF22gXBxhDzTy8DZcx5ZSwnHMjSnv0E1qkn3JL6sHLHOSx1DfuiiS8WWZ
jzOtNsM9UAyXXSVA2ouObl5RIyjZwGUNZB5hv4RTiKnWJ8beE+IZpgG5iJ2k
eAB8sfQKPJ7y8PI0Dw4LaEpfopGqtssAkiYBTuUXSpJbmQgQn1Dy6JZmGTi2
FY0oMNk8iN7vNCekA2KcE5veAbmUVLV0UfDNlxfwGoVS22xHbavlN5oH2sQG
MKYbIwuGziVK6kwY7h1fjxb+MNYGQ50SLcHmMVkLl05qcq9dBILgDWnjP7na
JkazxJJIBn3EWhtXidGEjsnOIwtTfq72BK8QNB3Mq7DDCf8U+OgoE1XmZ31F
VRKuqR3roMXGtjRialPbGh8YSt3Wd0yATOrad6QOfGmTFZ0uWDhioB5Gko4i
RfJUeRWWzRHedTTEm4sHOuE0DuhuHrJpp5k2LfhNKabSluqlEN9oKxoVx90q
DS2wpMsLqe3qzmwphTZvTaOjbDturYicaRrcD6Xs035RFjczICwQROreffLS
5V2aJNIZLT2myxORc91UObCTMZ7+Kk+Fy1Je8Iz6jhlNzcuNlkIffdrVqG5m
Oogxi+M63wqLLXS+ZDqiNW6g2Zl8u+11xzGKHW+UlihD+Ro10s5uUBraxLU1
TUIw28q41IUUhbLBgNJiWbsQdo7tcEqbRC+UGBbOREsYnDIHB6xuKecMM3hM
bXkS/sPoeJqZ0wBqPjNSvFhNeBblrinqxs9PqHn9ilGthh50kqWUS7cCFVai
o7BvzUXFcvcDholbi5uaT8BrUqQLalscqJcHEpQqHb1U/V3e1ClIElitr2B7
STYIEymfGvUQJhglL9I3hoIxQk9hQfM6sQUShoAyxd47LU1WjRztKGAUPma7
G7nd01hK9Bv1mosONuEguaBo3DdFeT3NJhdkLK0xrL4DMfvPn58IFz5wWyNY
Cpzk6BZB8nerAeN7WovHtfQCwtBpYqKE218LatgGT7ilsZxyrsv38dQthcc6
gAj/bO2ZkLfFeHWIokot+eTXcRwkp4nfN6tfq6zUFoZpLU+7Z88tR19j6/k2
aFfX1HI1KmsMfYHOK7vJYan2k/etrCvTdMHoCK0Z3fpUed1RcEpsNgB3pcLR
rcslDuLV823ZIO2mtrpQYuS29BEy8PsltUDmuSrTDTSKIS4E4GeTSeIW1yWJ
MtFozSRHWDWaq8u2NB+MrmSX2JdXjrM4u8wB2IL7mJgbpTtlVjIA4LNFRQut
lxQFNPVKNBEde1RWOVwNnC8RlJ9U6ZHKUDph1M72bLtN90S/V8k8vhV1hDqj
RjPcr6u8ahYmZZbIabIIKwkEpb3UW9Pe67uUo5Qh5m6bt7KzzJYMzf143GZR
aeg91saqyrm3WOxFhnWFoh1v+vbqRXXmPvdaX7FqkboyW+ZYXX7pVZkb3/ik
vCZmp0VPvRJGrcMblsxE27LTcFeaWjRLIxBugRFrWwYOb5XvzJMKpFp+mjx/
/cMpHpRCTi/H/+88emoE1+4Ki7lbl7TVM4bLBmHCfWEYkKSQO+UnbYMJJApq
0ck7xq35lnLHVk3SI3HY25YIPu6uTf/QM6unqRLsAt5ckqho+R87voTJ2VJP
Tm1MoZkCHXIowpbFkJpWphMUklC2N0xQZ27SGdZwM7Kf2+R+ef1TkRHOq3Qx
Ab4AS/PrgBrH1oKKE2PBTbW+TblYjlohPC/bOqcpAhNvd9TjbhuvdFM6Zk4j
SOLvO+oo8M0VMosa9e9s4lJXn5AencBtnRgW3SB2tA96DIh90Z3kdJJ04rIQ
2oBR8u2NBlh4Flw+iK4AaZvPB/WsaeBcX2mtpNayCwoMy8oOWcEsmspSgjpb
XhgJT3suKw+hZZGthfv+TvMrjg4zpeniPb0YQUtIndKEgIJJWhUziC6T6m2z
sRfPmOBtf2K4rGDD6UBtB6b0mfziImNl0qgmtnSs1vPhFXWfV2GAJFCkTYNZ
f8INzrJlyBslJ7iiANigii1OK6V8YZ3VYm7UwrJgS39fMPUqarIqmJKppT0b
hs7VTl48Gsq5ztFFpYWORE8MgCFz+NH+y/2IKdwV2jUByjk44s7A1eAArD1w
8xeGlvtW1oC8i7zGDCjSJPK0SKlp9lDMuRitiACgZap+I0bAySTQGmTXbOUR
W162qxKyMqDNCFCb8L5A9fPPBD4+NJLaqPIQqB9Ozd7NA6fyBJZnxKi8Q7cC
xdZBeXK4nVCiJqaAubNwSN/GxnA4pL4HiHeM+DxI3YqgCyoGatuNxaptNK2N
OUMuNyvhYKaai+mkJKK5zbQzofARMvbOZimpmCZ2QXePjbkHHhMi0pLaEgws
QTveATjpJa4Nq5mZcEGjAElZnDG3yApvSGcLKNOML+w3FwlaaotQQSSrSV9c
s4aSmr38JaEteGqKpcJtUMtWONEniDy9A6QSvZx+MVcR73QMLLpe6aOhzTaW
xWtihZi4Qd6t6pY7gg4Z98kbt6TKycivArROa0X05KVTVUop77R7j2TZVHjD
RkRGmizaIqFh35HKLSHX2WLE5p9jKS7eJWxYh1HPXhlxW3017N4om80t7i8W
XFmDAKRaKCyJq40sggVTf9VYQmRzJrgx53lWR8BOpWR1NhlOicbiNUaihKIo
Ctv19KjRxvF0qJKbFhACfGp9UK62sVqb8SjcCMpULb3IRbNQQV2EX1tJYEWM
RxBO55ZLte0jjNDGbIBYWDw6Pjhhzk0nzYRees1riW+ZLmIuv9wVvq7vGUem
6ym2rXZFHkoVaDKX44UighRRLSezJZvlmdj8NrkwpTQ4b4zPQ7zJrJ+PuXUk
K/J8TLyWTpbMF1j0kn2hphKvGb7K3EIJXCAIpF0upxrgD9tBEow6g+nKW4iZ
2HoYTblIpy70fEFB7sN6ccbduFbcKiRkwEvwPN4ppqKWVhVmnzNjkK9Wg8LE
OFhdRDpeV8bnUWFsZloRh6H2FtK6Unjzh+ZaG3r9eT3mKb5hdtdY6Tjof4xM
triYZvEt5EpW7OWUuSuLBHSiYLuZjis3Uu9bzUw3xfgSZB8QImrnZNHFyudW
EDkzNTVhuwCuzTkQU4Nssk0NmDhBXoTGscJaodN2+PPbRZMiSnRntUizQuE3
xvEXFOuiOEkrP1huRog196VEg1+V0ysqWO4JoxgolViu2ApYjrDYjt13GK6x
y/oEy4ZRM1O3OYP3u2GBdQXS/chZz56gDjoyoHbgPyhP7XeDkBwEEthtSREs
1BC/OqTqGnNwimCN3xxuXoWRFvg0XlTGyUEtQKwOLria+HarYLt2HsQa7a3e
sR9ss+TMyN3iBVCBWYuRRm48aqHIZfZvfeOlHciKXYCE6GVZYRH30A/XL3Zf
JAd2jsO3VFtjmuw78SGcn+befA/l5vsBTRfXGRkwXlDZbVIV5Ndki8bftkLS
zz/TJ8MDLiKoqUCpDwjWQeFGI2z4xDqSZdmguja3tTLN3UmXIg9wKl5PWrP4
HqR2ujg7pHflOd24TlKHd/doJFRNnby0TYMxWiVnOZnL66BGLYzKYOgyX+sb
TCdZG98u2CbfjXWwwlCJQQSO0aryqneZG9GjMSqmLZVTd1ywK7qsOUdiP/AU
A1sEWXxskYU5uT94PPc2Nn7e+9sCVLn3G7/TBbzY/4upvuhVb+XlG088rrko
i6H/Md9mbnHDCHEyf/fwyw4K/kjv+G+1OUKvmbkbqikt74ZhscKKXYfIfq09
GrvOtV+x+z/+nZ/7j//04hes1btFFqakIXGVhrMKXGXTlZFbVIYfZt0nG6g8
Wsx4ObXOsKE8eujyYuHlDgTkyR5zIFu04pr0j7zqwtV6jJd9PFaW8kBEWyqr
XzetBcU0LeQJJrt00dR6DfN7k3JmivU64cvLEOsw2d8D379Ob1wu+ki4aFjp
ms+YvIBsEvWKibu+tAIGi/hGpnAWdHry5ztfFGOWawDHjhiStolslhboT0W5
6ah8LYzCiS6aZPNpib2vNs8y4O+TzfZ02q+MpQQXh/W4nGfmEveW3Eps1L33
V2JKJ93Agckp5M3eLMblI64wNiO56xi4ZaAx8TOtqhsEkUY0EpgZkdj9lACE
fTy2B7DjiAbBLiKReEtAEN5IWEJHm820COAGjOLSnHLmXisuc1fwOFOSLlo3
VRg6sfR6Uo7Kp9lat7zOgO5RiS21/bptY3PuJMWqFXSVDzUYXJlauMXGJ9Q6
BE7DvHTMNcFN/0g3yKzVpvnp6KHXAcCV5XO/9wkiBTPmVc2sBxFYCA8mSp+f
Sy5LtTCSiOyvS44MN1XlowdTDaQ/WemUIvZnol6sntj548kR+YyMXNNiNhLr
QL5pfRpAvtBK+wsJl0lBBwFCzN9utrisCfO2K1A3CC8a2SjSRjh+bbokkriV
VhdZ01LZnZNB8Tm4Ci9UOLIkjRQxcl2EtBw5IkJvlQRno7+y9hjt0MSTZOPL
Ah1OeVa76+WRDFtxe6ORnhfTVleCFxD+KHFauvZxNHAgbt54yeSirnAHqYsS
rlbKY/Ga6oX3q1PbNqgzbMO7aTxnmUYj4S1usWopzelJajG2EoYvwl27TxUW
SJSoyilHmVPJDZBsufKoDf4nCQ8I5irPrukKipktcxPbg61+TLwhbpy5hMZA
Fkj/gDDlhdomiOAUxz2w5QWdctvEg47LDXw4i8lgeWOs0m7FAoptMrKRsVI5
hc612oeaGrQXOiVhz3JOqTEFogeuUdxtcOWcau2PLXqIz6sddd+NqDQavY2k
sqm6Tma+2ZFZhsczr2eCG6xGLY1RBu02EFrRmVPuDeQud3a21NzvnMMYU6tJ
z+L4iR6aOouB3TW2Qz0Nb7QR+tekr4KoqH6zLOmgaeLa02sEB3PMXGqDIzu0
u6RlMXN2JyDeUCsAeYHvGmK/XtUKrc1qxITaGqyNsGdD1E0rRQEqvCHbthUz
8FDmguc4GC96RMk95ZbCAcYuWzJLb5j+RfIkLqX+Y9jBSs8xkT1cW8AkplN4
UCMluLcyxdx7TUv0aCAGsQwL9+z2i4vSmJcopOnAiUQn0aHM8oYKrUu3VwqW
AMY+MEeRG8BT9KEkwszSv6JXEJFPp5i0I5NdCSOd471J9rdFEQf455+f7x8N
T1/uH0h62DQ/V2+WjEkkHnt5YL0kGAxlnG6kYDR1u1WNucpN2EhQhyH1ezyE
jWJWsQvfGhA/liMNLHR5sDmnZg1LC7CSUBV2InSkxehpcuUaA1pbaTSpDmI2
TRvHwcMxQEE2UptMQ8NL7kXr0r1R+4xKzVm43w1oFdyHDwslX6Xjm2FZ4ZvI
ZtIbL0I02CHbCHXlVlGtHNA64CIjthV4arW1tHldXEYkQlyq+yCw3xLKNNrX
iCKBk72sTICSRnRpPJGTg79cfYgSFrEjTXA04Rt9YzVsx1MMHXHLy1izoonW
8Guo2zLuOJV4hZY272LvF6Z6+pUHjp3KQy+yFM3mbKkyPZ7Zxmr5YYa2LOSb
huUHTaM4FD8qIGbInsS2PePZkpMS1AxQJfN58hp975zByYLfFN5FYTgUAPEZ
W5SkVdzF7DaGctkgi1blD6ehrXtBGEuvxYdbA4VCWGPNnPNChuE3rPHUh2fA
GfFYCGAF9vOu9Kc+5WGkkBQbyJ2XvVV5sZcxEdJEoK4AVX3TSMVOuRhvMha7
bHp80Bmg8PGkRWn6+o388Ga1p3pD+mIMwdrtKco612HznJ3aBAxxrwOJXZHo
PGZ1Yxsi6VaRX3uMbZOSMeYWn7OslRUg7EwJ5RRjh7RcsJT++pJ8CQ7tyRmc
ohzNWXTpzbRMJ9KqwLMlH9qByd17ysg0tp1k6/D0tbT2ePrg4QPp5zHN3M3T
6CVzckmCOxeF02Zbu4/YlFhubUARtdMhcJnpxF0MESH3PybxEdSPBUXORBFV
k8gHSj9qWGo/TL0+UZ5oJ7HstbFWWgUR5xTBJ1o/yvm+1c1I04NJckTsuBq9
uxhk5+g4iAEYdBfzxvz+9etjU17JBN/gTHjQ8VuvuJHhby7v8BYgN5uFzT8t
s3TuF1xj4qeJbL010i0MX5J1cGWtQ8z4yW2upVHMAowQ27rCfh0WPLaPNuiG
c5smO7aDZnknQ7dRVlxRDsv6aTMQ163fZjNxbBpktrdjEJSHswquJ5159jBn
4Lb0iF8a/KMxWpgX7dUZ3q1425mmfG0iC90RdisMP1sty1ijFKoRqZoYWDVr
9cNw658EFahaVRttQSZlkDMuNRXIqaYDqhMhJO2VMYBkIGUNHD92mA1krLmS
7kwmTK+rRe9SQkEKrXqczWArtY52cRf7CuVpuAk/o4T6UpiUUvJncyoQVQh0
PQTGnoFJ9vM5IsoL73TqFCidWyhSri4jRNjR8pyK0JQFb9y3i3xq9cHUabCC
mequZMhSJmFvLmHnCJqkC4odgtmUtUqxVaksKHoFiN+EmTlVVtJZDSuvh81u
U10M6Vm6fal/LZApZ6njiS+vk9dwELeQ5F/RmCck++Dl9/rVyfD0+PDAuajF
avP64JhrHxgTLYfRH2pnEljFC7nyDo39WEO8tX/JewkjbnVPc2O3TbMTS8ur
j6ZTTEM5ZMucLc1UJHgPhU2d6Qw3UJUF7bXplPVVI85+K4dWoiem0wVFCXAd
Bf/oCVGahHnYihn1J1mIMhwpF6CGRM97bXo9n1WmBU6yeXL4h00uvHtyeHq8
aUvBUCIXVhJ23G1ucTank7epxyQF0+jiYcWP3GrSFWRINuLfyCnaSw6GpwP4
z3Frn4cYI3/UiU6skqwNTBlJttly2wnRWd40LBp4aG6/wTKtVhnWao6HZYUP
fjrlGFIZZVGLV8q8RO6jo+fJg7ePzyOlhIJy0wTptyt07v7AHfcGbvfBMuCU
wNodcSSwQUpyq+kxrJiPVcMPCy6m4X4G1MmTOJ8JWr3n7j7e8crxTN303/nf
HZSTbC95MHqwm2wdvwI1gN7G34JRXpdvsgKefPtsHJsA/qcn49/f5JM9xPkA
M2PQ55Ec/XHv4c5/dryXwKDn5/Evj1mr2Ut+bgE66BxOfn6s8uH3Zd3sJZty
4EYgMm6ufC9Yx+Nzbx2Pdv9z5QhELsPTMba3htnxLlo9LSJh5UMWDTvJ1u8P
e2CB0HAMCjIAQuz3J2a/m6tefA//u38/EUJ0ik4g/a54+X3nm8cd1Mm/P88M
1ZvPHKo3nzlUv3S8kOrj1K5vO1RvqP3pWXSpHbTV72S0KepOJ2PVRq5NMrek
mO5Nj5JL6zPZ/NbnSgCtL9YZXOCKDH56fKfRf+t2iGBU744ePEq2DtiC5JMY
f9eLxCzZDD8A44R5H2O+IiWBrSaBXsxo88EvRRLO7efwAdmp9fjAb/0OHi4f
iO2T3R99uP/F94H2yYGp9101/KDXy5rE0m/sHuTyUe8c564xnzk0Zj7rK2Gt
N95qCXDj9G8LFP/PqnT8JgNl+N+T0WiU/Kd1zo95gyiMQwqhwsIPXp0eJuXZ
X0FlGG0cLFD1NUP8TEO8t0NkBl+TtElH0V42MW1Fu9rEe9iw2Dx0ApLkExKM
sF1NH+XqeHjaV5EimIasZHwwRepXpEfNTcug9YE7VuB4kGWwTR71gu1z0qO6
9B786a374M/qa6BT41jCuG4nGcb0i6Xcsfv+wZ+IktVbu0hur2AkH1o+iOsJ
3KlyPT2B3u2rK+DPamHuA1DH5FFvjRp/1t703pp1BLZbaMkKY68Hb0ead6HN
Owkj/H787eNfUh/6RQf/5MrWHUbvgZjfhs3+1lHn8KcPF+ijLuDPeqd3TbXB
A+MXOajrqhBrzdFHlcCfT3WC42asuPq64nqKqq/07hoqLP70kV9+MdpclxR6
U0I/QlhXzPiHV+VcfWldVU6ET25I2lOVOxger6XPuarmP7Fa93m5x76onF9c
d0n47xfXXfLFdYc/H9p190ur+L+0K7Brd5fr9I8ffuyjdvcj889A/V909l+B
zr6Gur5SU1+pCHWexrup5r218j6n7hP7fm99DD8DvZt++4Xd0Guo8CtFuC/0
+hnS6xfX8y/gel7fbDHw3M+D/lYMrnf3/PtXB6vjfofZ5LIc9w795ad72DS+
xPl+cEPGa2d7uI75JWY2YnaAA2xWYzEFLPJcL4OxNtzfn4fDHuTABfgZ+Ekn
mN+m22+rwBDdSa+Wx7vPqA75PnUgS7UxzKVt5rkUQkpdM8sxVV3hEE9kEOrw
VTcmRVypL6TOBBPRrtJppo1gsOaDpfAgDv79HS0zH87ycf6wU3cTFWOEdb+G
2MquiN8UzrN0eLvvkx6K2lZTLbKB7LEg+aed7XWkh9sFsXUgoifYPry7cfOX
EtotLrIPaOqKAvcJN/zgp5Nwvx927jf95iDyLpImP7d/8G+rkP/52i3PslvZ
LR/8WsyWHVS5zntMoZ/QvLkGR3Pe+lysjXe3DqaP724d/LVcR/r73WPfO7DW
E+w+15Hhpp9jSPlKxvYJQsp7nfYemHee/tT6cbdI8mv25p19fatb8VfjzPuH
uBV7i33OS2iJ+oe5FyeTX/O9uL7Ubu4b5Tmtb9ZMLPOfYzn+E8v+v2auecsY
iDvmaH4uIRAPvkRA/GoiID7TiIUWRX2Yg/ElOflLcvKX5GR670ty8rLr40ty
svPZP5WHeGNrf5B8u20eoIJu3746SWqs8IQF0v4dq1M95bRJ+sHSZ9clP4WD
JHmTzepkn7xz3y53OpP6cJfo+IEXkN52yzkuOVP2inSNHg7pZAu7ac+wofN2
X+f0EDbibFhlf1vPS21f++Ku/uKuXsddHamoaurCuSWq+d17CrMWbHMK3vG4
T548k4r2XNyNyO3g1Ytv/+MnkMP8aqa2wRHOMMUWloEeb/aXvek8+dAhZafm
slc3cqwNGpryImu45/OvzjOfdHGAxpYJ1FqFA1PvlWCqaVexQDwQxxQbLjKS
SQVRJNH7fmNtIiuSWFBgYfw7nbtvHGr0Hk2fUJeUJZTCJfWxJctNzaXEOzfd
dC7Vtph4TU2k64el+Q9KHF9iIGJC5QeIgbhNBGV3BMTqEMlfOv7hQ5vNjqts
jizGexf4JbJL9zOk/ePgXToowXO/LIF2xGzc3s1P23VH1SfgHwMU5I9cnhEV
4BP788Vjoj+fYRzBLWNs6LeTjEvnep/BeaGD445nD9yvzH74zx7TcJuEku6I
hg9zvRjK/SytUKs4+Jd4Bv3s1xHPsHq8dUSM0+DdviJGDObYHLwG/91P4GHs
EjD/QeIy7uxhVLHsE0oZK6W6leVhVpbdXb/urr3/fp3Ozpig4xzJTyHAPLm7
AHN7B+hHUT9WbfA/THnoOwfU0H9FaG9/LoJ7e3Ah6l6j/7N6iTvO2Rcv8ecm
n68STb54iZc+9cVL7Iz3xUvcdpF+Enex45uL+0dcf/JrWKjrU86zuu0/3gEJ
Z2d4vAv/7K5dtQ1QOZTeq19qt/nt42m7Qc463tlew5+88wEcyjCIC+HxTgwy
lKt3e0N2vPPT8e4Ih7pdATd42QNp97bV5HZxL+H1ZWA8fXrHOnIJLpR+YKZk
mcvOsL+I2cJhqy2TyzL2uozNfqD5cHnrzdddW90VUfrVVw/klGU1Sl15Zf2C
davlGf33lrYVTxq4hY0lKhxZ1bPvm+anfzUv7/11bS9rSWoxia2fBuqv8Raq
6AcR1noKbTsrjg//HpO69PeYZdYcr/ax7TVfzJradz7i+WvO18Em1qmvj//2
K6797i4V9uTflazhA3CGOzKGu/OF27GFu3CFdZjC7XnCHVnCB+AIndXL8Oz0
PDEtztBpUop955zUteaL2Sx6z7eLEst6861n4NV/Y4beJ+nSvbnlaQtO2dOn
Hid5+vhzkTI+nZTw5aJnyl+T7L3j3fl9p9U4PHefbvYV2Ov8rsuWbSfvsml/
PrPfBvPrRZfov+0okxX8rlcfB/p3bVmnv3XXPTu9jLzuC7cQFvqbfG/PwpYb
gH1u8csJEusS3nI5ou2TCKl82VmKfbdcjlgx33pyy3pRwfpMd3RwX+Xiy8Fa
9fKv8WD1ltCX6+xtj0mEwlvfLZtvuc6+fL41bQQdHYdWnKxo0yHvZK2y6X05
Wf/AJ2ulMSxyoMx3EQI3393Wdn23+da3zX+uJZXbzrpbF1ZGpyH9y3/uOoWW
dyOVlk8y+KDO2v2i1msVVckwXBsad61cNOgrFJfhHX2Pn29a6Ofcjom2Lq91
7wYOiPBpPc/G+TmQ7BSoOU28HRwlP+RvsqS5mcv32ds5bxLsfL0YX8IL47TO
vGxSGLMoYWOucVvRmY/pgCm5i+GBK1xOiYdqtij4oBDEKWaL5hc4rgO3SSCd
ZE1WzfJC8zjzJrlMaSTJWcQB8gKGRVSYTMTSXayf5npZ1k2RzjJJVyTYFRs3
mnqppqrk1ZySC2k5WV5xQqVMU1P6pptbu5jDs1U2zvIrBCf1UyMBzOliItsa
zkDIuEqniyzZnGRXI9m0TXchsmQewK6V/vSQ6OeRqrFtY+O7RYXJkLOyoq2z
tAEHrl7MCLS0GRgsnBwl+QRWDJhREm7S6iJDFNTlohpnmnWqtK4YBio5QwZa
FowwyWVl0AEHTV5w2ubRcZJOJshnBclmYbDNKX4/nOZAA+mUTkeVnQvw9kGT
TCpN0Us3g3RSZkyXgn3YlBD1W3WWAT875TTb5MnoEYJy8t3B093Hu+/fb3/U
zmafQRUux07rUmLHzfqRupZ9srjYLw23+m184OHr6pqOP302ftU+f2rC+Cx6
UX2cJsxfSlZ9GJL4lTVG+rxLYH1G+/6xAoM/O+11ldbXS4m1JZXcMNxki2qZ
qLKS+orqdi8V9hYtj9sr+nBK7D9MAO0XbftDa9vfl9cZA19M44p3qGmzlh1V
qMPBXyNUOS+PlfZsdDEySt4P1y92XyT1OCvSKi+50hGsXSs+1VizaDF+hMRv
SynxSxpCP8YaShThjzV4HJIhtKby9O8BxOv0Bh8n5VhfwEMhxXscuL0yUlWW
jslUgIfnqHwNGuRVPs5+cVsBKsBzkBkTo8rWYtaA4WVLuf4Va+6iwaqoKQpm
rbrnRHEuc7fsB11wcPkjA02dXcykwpSq50yLQmQOivCZ68t8fOlpzIKWs8xW
fsLdzaeZPDZL8wKRFE5pDSVLbAHeBhnShiljVomBj2gzD5fOWjYZbMFlPoH1
BwaAQQIHdUwruQm4s1S3SieTHDcGNJWFdzVla7DoW5lT6r72FOFtdYLVOvDf
z98kYyp+tewygj8xzPhsu6cR59dkwvlsCrP3tQj17mu6to2nd7/TNUom3LlX
tmMJADa1s7KYwRpNUz+GPeKjNUhdrrd+tjauviau3t2n1w5h/yyp/h+dij8L
g9yvs/TAHUb/0hy++8F/xmbb/2A20C/N4YNn/tHo9UtRh1/MFvzxDMHJaYPg
Ps/Tiyqd7eHTjWiCMBvZltQSoyX5S/pbS0njrxN4GwZje3D8axj8/Xuqt32V
Z9cShrGYgp7vFUm/yApUjof0FdvN0ACD27WoqSa1b6pCG4Iaz3hiiRepJaqD
LIHW3FQW0xtRxcsFFjyXl7YOpino7D/CW8nRNtWlEkxbew+saMyUgEXb6fnD
Ads3dbFom6ORL0r8XSzeUQ161PmzsZd0/OzBV6dsqLBWlzlM1dBX3W/ZwUtv
qr0N57lyyR+iJeBPObz1z70Nj2vd+ucdjHOUzBZYqJ4xH0N78oL2MS1KopIQ
Y38e0TgfCp4XNkbJp8dXx6/70SSP05syR8vh+TDrurd6U3vtO49m/3vljXzP
zBiZb/mXsNLn+QSoIZ1MknfwyV8OT0mb3a+T87RCvB4lY0Dqii9hHNqoMnnx
jXP5vUuabDod4N79GfaVP4p+iQwtxNg951F0DixmuK/nOJM/ST6bZcAlYbib
pEA/i+CqtSNL8RObpGOcrg+78XyLcVoPMDQvX0Uein7o/MDO2Uc/IDBXsYei
H8YfcAyIMcI3z8Wf8ftc/kuLLpm+XEp5jjF5fwYi4cvQW5OKO39GipwJJV2W
89+EK0/SMd5kRPFnZIKOjBL/cUeZsGCGLPcFsqe8CEd5dbJ6FMcHxXKecwD7
wvJhsBuby6cX/MtBrMbtBm+2aNkhXh0F2UXr1K8NS3DeI2+uGqUP7a4epWuX
3i35KzZKlAs42PuYsPySo1wt+WvpKEvv43t9RwHpqRa5pB1NHUIcHQXhwKNr
fbbYqIhH+Ca27ugo7z7Iilbw/J57tPwCCmjwF4blo4zSk+pW7lG4X52jyOVl
BOXEaKdSj8WlwCWjCNW5bw5fLmZnKONbAlw+yodZURx5sT97jhKSWZsof0FY
QoII/u41Sidew2zMpaO8w801EorVtq1c8PFgWfnzYUZpn0Zfxux7ByxZ7Yb7
8u9aOJ7D+ckbq6MmruLpdXN3ftaFJWoH67QYqe1riVHqldWoT1sa9StSpPXR
Tk16M0mr5rqs3gzTaX5R/OvmOCsazvWLGsgQayj0AixHGhJ1InlNxkqmwVJY
VNU3kLnf4Dud9rG5N1UkAEvNYzZITu1o4Rw1NszDmL1J2VA0T/k2q11r5QSH
RQckfGxj1RwI2OiG30fNWXehCiALg8ehE4iR7DMYlUS2wGKmKULPBFN/o5T9
WzOOhsTcDgz/wDk/3Sf4v5Y9F47jsXdrhWu/GfD9pfDsAe01i6pI9trjrIAn
GOcxeiaSO49jjIt3Gwd//qvjm3XHedfxzbrj2H1Zb5yQu3fBE165MfvbPSaj
ez7ZvmtTu2MY2iCJvzHnmj6kh9AYNkPzmRElnEfRMuZfZ+9E7AKRP9AX3plI
UTOOWFxVKPPH8aS4AxiOVwDw0Fn/xsCzYl08+iCZl8CnzoDvv7MaiocfpSYD
b+KNY6KS7c68i+yQlSqZFrwjjeNoVMdw/+ysyq5Wj9MBjyvK9oInOk6Ufm4x
Tut580hEO18+TpdM+4Hg+VjjuEd11TgOq/fHCYl0xTgOq/fHeWeCA971G+cR
hiklrXHWhcey+hZ+fL6xfBz6safzbuO4WFlrHKFk/ZzpNDJOIJh36dFX3l9d
eGYFs8PPci9kfvda+366IFMuc9con08MU88b94Ol8LzzFXPnNTQdz7GOfxYZ
J1Gmrfh5Z6oAVA5A+JqTWhAbh7DvjhNT92kcGwj9TX94BprwYeDZ+mrb3cHo
OPfEg4ReJ26TnDolDvChFfvFIHBmE4n1RpD1qDFOwl1ePfdTh4bdV6/g1aGx
9P0m+mp01pZvWsdBe98a4+wZ92tVASns2XHsVTnoNc5lWkymiDv82SOUwIBl
gWUckhm7MnqM4y+LxzG5Jz3X1Xlql74UDhv5ib60ykN2Fbx01TVTCLUh0pB4
uwZ4h+lg6HdQp6cOEIiOnWt9F+hzzgBOW/Jvlg0gJ8f8veYSOnHgPn+bvbLi
ELsp197qu0z+8d+m5d7m7ZBa7e3qvr1Cg7/nve1wKWcIsTpT7tKiuSwpndHm
8rzzhrAClj/EFiUBYXzVHPjetmH4+qY3xCMMMUzCIdQy4WYhJbPsm9gQXnjO
2rjov/X2t05m4f742m8kcGntifdAbp3mVLOL0bl3mzGCcj57canM/3GEOBrD
4TsMx3J033OXH71S+FJ5zdmU6CaOLGNPGxmhzaUldFnJyTyuRBd53HeBDOhx
RYw8frZohDtTNKArweDjFnB+XIi8Ja3s6RY41pkVAUfvgm3rEEdWPu5LHasf
d4ULxWPs8cQTIHw5oPX4KsoIHk/WImj3cd9C2L6ygsdDQ2B4SbceN0pgEruS
w8cDs154AceWaghkJewBGtoj9Ht8Gd4j8tOyx/uOHlvakscDRazFiFuPO/oW
8DcTxOZZwZzHVaeym95ahfu40ZxI/VnxePdSo4/Lz39Fnlry+NKz0no84pcP
H/dughWj9/EYOF4CYzv10+9tGQV3RnzcFQJM1q53knCDX74aso6pHHJgmN/A
MKeBGRTFktDqiM4tAgYg+abvwjY2NpAMtOiBCbSeIBGWFbmI5I7VKNr/UWMM
0nl+sajoIiHDNwKUqkHWiF1/55smKwC2cYaZ6vGo+C73mOMM9L1ioQ9uiTvv
KxAGxwsqAPDjfELOLvXXTeSL4YK/eA8AVdmsvMryojofc9GUP8Iu4yKGD54g
JoYPniZf6QAPnsCf77HQxkl2lWOYuGSJezaCdHqBIujlTLdI1xL69rjwyf4E
Sx9cLEBiBKU3q83GSoUD01IR3rzfrrIRqRCpY2q6PcAVFmYRW/i1sdBogVV6
/bucXYduJYI6Ngw9/SIvAOLxNK2ohAdTOhJINskbgC2dJvkMhr8iisAZPDQ/
ZjQ/cdD8GP4UNOPuTEC0qmYw8FWWTGHaBYJAQfln2WV6lWNcIkfpFdn1yH0P
ZJ85zDyvMAQP0H4OklEx5lqbJ98dJJj/Ti88lwyFWZYWQnabGnm3SUToBnwb
JE20QgLbPMYlxYY37ZKTAlVZXcD4f8fATgwGhPXPS5BJc9l1rlAwPEuZtNxD
EKedA/QmZ3wVCCT4K4Ea8otXFnQmDxwpr3hTEBSO2VG+ZtNnlRA8Xw9OBbQP
KlYtRCPZK6cH3x8AAJxSAw/ef56N7V97G8A+FHeSCaJsAwMcyZsfDjHilw7f
ovwOF+skx2oMHCygWTJHRSHtSuNjJCeYbkKAHjExThI4wvlZPkVtEV+EYccL
fhhzTOBsIEqxJgzIw5v7HE+LSV1VOUUCSlk436SXI98TzpgIpLJwsnWVp8g3
iW9vM9qIF00c4vwQh+oRH6rHzqF6BH++/+in+yED8sgB5CH86Z1uSg+ikiNa
FofOH9MbXBZDieFgeOgVszO0EQXqdhjg8JZLSQGhpLA+rLIiANNNjCf+2ZOd
h5IdlI6bBUBfL85qjjyR8SkWIRsDf9foCaFOSdrAKGgkNochuJy81oJKWitI
3i8Av6i+ASOfO2leF1W5mNfLSOGwF6J3GdEPHUTvwp+E6APePeRvJXBRBggZ
Dl2EdK8iap4+eaZkkSMVTxYWLYJT4jXA4GRvxumcxFa9roAbZ1yRaFxeIKPz
kOQV+glTeWgnJT7I4a/NzRw2+KxkvRbhwtpTEyRILsDyfTkf/pDPgC1INo2T
PmOHmXvhRV5MrLwGIOlZWLmZtQNROP/IQfj6x2WHd3HX2cUd+NOTObJ6nE4N
Ubp5SHaVBIWNlhJOy4H4iHSRMTSjzWyGd7tYhmsPqCVc5346F9dPay+2WNLS
6xYpbLstoESZT7xc152Q+4CRu+Mg9wH8Scg99JDawieyjEzRIYviHDNdGvCV
kX/W3NVJXNr9I/9A0Fk6wwvSSSeVm90UGkundWmvdQ11s1EVTk6oaybybnph
KAjtqwLXQ2PBopSRioBCEgGlndRZA9if8m4WuunT9AbQyXBjfsUZlYvKJvdZ
jp6MXEJVquMk0NLLoWwzT08SvdG8h9opE04in1sVyTG05pkJqMNU2KbOpucW
kTVwjfFNcp6/3WupcrgMValZ8gJI22oZ8n0VqWjg36v0glvk6T+wC+M3XPNN
NHsWMvhzZ18iX2uyjpN4YxBwC9lcrxQK+0tUzRIW2Cr2Zo+0ywL9V01xwTBc
U2napfZ+19o5LQnJODy9yf74TVFeT7OJ1D3Dg5v6n6EWVxDFZ5N/3TyH05Kh
HvjaeANqrnhWYQ4OEG7xJvn5558PLiuUImHv92f1f/+vun6PqcjwxTGqxMm3
03L2N6DiRj8+SCskouRb1ESKQj9+DurHJHmZXqWgAOiHv//v/1mlKPSBsjLB
zvLvuc0EfPXDAg5b8t//3+UUPlW+mVdUp5AWiM+dZ9nkDFY54lWgnst4R41d
lVtMWj5DyRcr5GGy6WKOjgtbxu30OoOjAdo7iMal3Pn7F3QO/nj08uWrP+6b
KmMH2bTJx8OXqJPABmD6O0iyJ0evj04PD+ipg78cnxyenv6GOxbwBN/vPth9
oM8np0ffHZ3CmQFOtvV7WD5wj4sqo61Mvn68++TxLnD+/wPlRoRW//sBAA==

-->

</rfc>
