<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-webtrans-http2-15" category="std" consensus="true" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="WebTransport-H2">WebTransport over HTTP/2</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-webtrans-http2-15"/>
    <author initials="A." surname="Frindell" fullname="Alan Frindell">
      <organization>Meta</organization>
      <address>
        <email>afrind@fb.com</email>
      </address>
    </author>
    <author initials="E." surname="Kinnear" fullname="Eric Kinnear">
      <organization>Apple Inc.</organization>
      <address>
        <postal>
          <street>One Apple Park Way</street>
          <city>Cupertino, California 95014</city>
          <country>United States of America</country>
        </postal>
        <email>ekinnear@apple.com</email>
      </address>
    </author>
    <author initials="T." surname="Pauly" fullname="Tommy Pauly">
      <organization>Apple Inc.</organization>
      <address>
        <postal>
          <street>One Apple Park Way</street>
          <city>Cupertino, California 95014</city>
          <country>United States of America</country>
        </postal>
        <email>tpauly@apple.com</email>
      </address>
    </author>
    <author initials="M." surname="Thomson" fullname="Martin Thomson">
      <organization>Mozilla</organization>
      <address>
        <email>mt@lowentropy.net</email>
      </address>
    </author>
    <author initials="V." surname="Vasiliev" fullname="Victor Vasiliev">
      <organization>Google</organization>
      <address>
        <email>vasilvv@google.com</email>
      </address>
    </author>
    <author initials="G." surname="Xie" fullname="Guowu Xie">
      <organization>Meta</organization>
      <address>
        <email>woo@fb.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <area>Web and Internet Transport</area>
    <workgroup>WEBTRANS</workgroup>
    <keyword>webtransport</keyword>
    <abstract>
      <?line 74?>

<t>WebTransport defines a set of low-level communications features designed for
client-server interactions that are initiated by Web clients.  This document
describes a protocol that can provide the capabilities of WebTransport
over HTTP/2.  This protocol enables the use of WebTransport when a UDP-based
protocol is not available.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        The latest revision of this draft can be found at <eref target="https://ietf-wg-webtrans.github.io/draft-ietf-webtrans-http2/#go.draft-ietf-webtrans-http2.html"/>.
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-ietf-webtrans-http2/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        WebTransport Working Group mailing list (<eref target="mailto:webtransport@ietf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/webtransport/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/webtransport/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/ietf-wg-webtrans/draft-ietf-webtrans-http2"/>.</t>
    </note>
  </front>
  <middle>
    <?line 82?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>WebTransport <xref target="OVERVIEW"/> is designed to provide generic communication
capabilities to Web clients that use HTTP/3 <xref target="HTTP3"/>.  The HTTP/3 WebTransport
protocol <xref target="WEBTRANSPORT-H3"/> allows Web clients to use QUIC <xref target="QUIC"/> features
such as streams or datagrams <xref target="DATAGRAM"/>.  However, there are some
environments where QUIC cannot be deployed.</t>
      <t>This document defines a protocol that provides all of the core functions of
WebTransport using HTTP semantics. This includes unidirectional streams,
bidirectional streams, and datagrams.</t>
      <t>By relying only on generic HTTP semantics, this protocol can be deployed over
multiple HTTP versions.  This document defines negotiation for HTTP/2 <xref target="HTTP2"/>
as the current most common TCP-based fallback to HTTP/3.  In some cases, the
same capsule-based protocol can also be used over HTTP/3, as described in
<xref section="2.1.2" sectionFormat="of" target="WEBTRANSPORT-H3"/>.</t>
      <section anchor="terminology">
        <name>Terminology</name>
        <t>The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
"SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/>
when, and only when, they appear in all capitals, as shown here.</t>
        <t>This document follows terminology defined in <xref section="1.2" sectionFormat="of" target="OVERVIEW"/>.
WebTransport servers and HTTP/2 servers are distinguished here as two separate
roles: an HTTP/2 server terminates HTTP/2 connections, while a WebTransport
server is an application that accepts WebTransport sessions, accessed via an
HTTP/2 server, possibly through zero or more intermediaries.</t>
        <t>An application client is user-provided or developer-provided code, often
untrusted, that uses the interface offered by the WebTransport client to
communicate with an application server.  The application server uses the
interface offered by the WebTransport server to accept incoming WebTransport
sessions.</t>
      </section>
    </section>
    <section anchor="protocol-overview">
      <name>Protocol Overview</name>
      <t>WebTransport servers are identified by an HTTPS URI as defined in
<xref section="4.2.2" sectionFormat="of" target="HTTP"/>.</t>
      <t>When an HTTP/2 connection is established, the server sends a
SETTINGS_WT_ENABLED setting with a value of "1" to indicate that
it supports WebTransport over HTTP/2. Note that the client does
not need to send any value to indicate support for WebTransport; clients
indicate support for WebTransport by using the "webtransport" upgrade token in
CONNECT requests establishing WebTransport sessions (see <xref target="upgrade-token"/>).</t>
      <t>A client initiates a WebTransport session by sending an extended CONNECT request
<xref target="RFC8441"/>. If the server accepts the request, a WebTransport session is
established. The stream that carries the CONNECT request is used to exchange
bidirectional data for the session. This stream will be referred to as a
<em>CONNECT stream</em>.  The stream ID of a CONNECT stream, which will be referred to
as a <em>Session ID</em>, is used to uniquely identify a given WebTransport session
within the connection.  WebTransport using HTTP/2 uses extended CONNECT with the
<tt>webtransport</tt> HTTP Upgrade Token (<xref target="upgrade-token"/>).  This Upgrade Token uses
the Capsule Protocol as defined in <xref target="HTTP-DATAGRAM"/>.</t>
      <t>After the session is established, endpoints exchange WebTransport messages using
the Capsule Protocol on the bidirectional CONNECT stream, the "data stream" as
defined in <xref section="3.1" sectionFormat="of" target="HTTP-DATAGRAM"/>.</t>
      <t>Within this stream, <em>WebTransport streams</em> and <em>WebTransport datagrams</em> are
multiplexed.  In HTTP/2, WebTransport capsules are carried in HTTP/2 DATA
frames. Multiple independent WebTransport sessions can share a connection if the
HTTP version supports that, as HTTP/2 does.</t>
      <t>WebTransport capsules closely mirror a subset of QUIC frames and provide the
essential WebTransport features.  Within a WebTransport session, endpoints can
create and use bidirectional or unidirectional streams with no additional round
trips using the <iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref> capsule.</t>
      <t>Stream creation and data flow on streams uses flow control mechanisms modeled on
those in QUIC. Flow control is managed using the WebTransport capsules:
<iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref>, <iref item="WT_MAX_STREAM_DATA"/><xref target="WT_MAX_STREAM_DATA" format="none">WT_MAX_STREAM_DATA</xref>, <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref>, <iref item="WT_DATA_BLOCKED"/><xref target="WT_DATA_BLOCKED" format="none">WT_DATA_BLOCKED</xref>,
<iref item="WT_STREAM_DATA_BLOCKED"/><xref target="WT_STREAM_DATA_BLOCKED" format="none">WT_STREAM_DATA_BLOCKED</xref>, and <iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref>. Flow control for the CONNECT
stream as a whole, as provided by the HTTP version in use, applies in addition
to any WebTransport-session-level flow control.</t>
      <t>WebTransport streams can be aborted using a <iref item="WT_RESET_STREAM"/><xref target="WT_RESET_STREAM" format="none">WT_RESET_STREAM</xref> capsule and a
receiver can request that a sender stop sending with a <iref item="WT_STOP_SENDING"/><xref target="WT_STOP_SENDING" format="none">WT_STOP_SENDING</xref> capsule.</t>
      <t>A WebTransport session is terminated when the CONNECT stream that created it is
closed. This implicitly closes all WebTransport streams that were multiplexed
over that CONNECT stream.</t>
    </section>
    <section anchor="session-establishment-and-termination">
      <name>Session Establishment and Termination</name>
      <t>A WebTransport session is a communication context between a client and server
<xref target="OVERVIEW"/>. This section describes how sessions begin and end.</t>
      <section anchor="setting">
        <name>Establishing a WebTransport-Capable HTTP/2 Connection</name>
        <t>A WebTransport-Capable HTTP/2 connection requires the server to signal support
for WebTransport over HTTP/2 using a setting.</t>
        <t>This document defines a SETTINGS_WT_ENABLED setting that WebTransport servers
use to indicate their support for WebTransport.  The default value for the
SETTINGS_WT_ENABLED setting is "0", meaning that the server does not support
WebTransport.  A value of "1" indicates support for the variant of WebTransport
that is described in this document: "webtransport".  Clients MUST
treat values greater than "1" as a connection error of type PROTOCOL_ERROR
(<xref section="5.4.1" sectionFormat="of" target="HTTP2"/>).  Clients MUST NOT attempt to establish
WebTransport sessions with the "webtransport" token until they have received
the setting indicating WebTransport support from the server.</t>
        <t>The SETTINGS_WT_ENABLED setting can be updated during the lifetime of the
HTTP/2 connection, as described in <xref section="6.5.3" sectionFormat="of" target="HTTP2"/>.  Whether the
server supports WebTransport for a given CONNECT request is determined by the
most recently acknowledged value of SETTINGS_WT_ENABLED at the time the
request is sent.  If a server disables WebTransport after previously accepting
it, this does not affect active sessions, it only prevents the creation of
new sessions.</t>
        <t>WebTransport over HTTP/2 uses extended CONNECT as defined in <xref target="RFC8441"/>,
which defines the SETTINGS_ENABLE_CONNECT_PROTOCOL setting.  The server MUST
send the SETTINGS_ENABLE_CONNECT_PROTOCOL setting with a value of "1" in its
SETTINGS frame.  The client MUST NOT send a WebTransport request until it has
received the setting indicating extended CONNECT support from the server.</t>
      </section>
      <section anchor="creating-a-new-session">
        <name>Creating a New Session</name>
        <t>As WebTransport sessions are established over HTTP, they are identified
using the <tt>https</tt> URI scheme (<xref section="4.2.2" sectionFormat="of" target="HTTP"/>).</t>
        <t>In order to create a new WebTransport session, a client can send an HTTP CONNECT
request. The <tt>:protocol</tt> pseudo-header field (<xref target="RFC8441"/>) MUST be set to
<tt>webtransport</tt> (<xref target="upgrade-token"/>). The <tt>:scheme</tt> field MUST be <tt>https</tt>. Both
the <tt>:authority</tt> and the <tt>:path</tt> value MUST be set; those fields indicate the
desired WebTransport server. In a Web context, the request MUST include an
<tt>Origin</tt> header field <xref target="ORIGIN"/> that includes the origin of the site that
requested the creation of the session.</t>
        <t>Upon receiving an extended CONNECT request with a <tt>:protocol</tt> field set to
<tt>webtransport</tt>, the HTTP server can check if the target resource
(<xref section="7.1" sectionFormat="of" target="HTTP"/>) supports WebTransport.  If the target resource does
not support WebTransport, the server SHOULD reply with status code 405
(<xref section="15.5.6" sectionFormat="of" target="HTTP"/>).</t>
        <t>When the request contains the <tt>Origin</tt> header, the WebTransport server MUST
verify the <tt>Origin</tt> header to ensure that the specified origin is allowed to
access the server in question.  If the verification fails, the WebTransport
server SHOULD reply with status code 403 (<xref section="15.5.4" sectionFormat="of" target="HTTP"/>).</t>
        <t>A server then performs any checks specific to the server and target resource.
If all checks pass, the session can be accepted by replying with a 2xx series
status code, as defined in <xref section="15.3" sectionFormat="of" target="HTTP"/>.</t>
        <t>A WebTransport session is established when the server sends a 2xx response. A
server generates that response from the request header, not from the contents of
the request. To enable clients to resend data when attempting to re-establish a
session that was rejected by a server, a server MUST NOT process any capsules on
the request stream unless it accepts the WebTransport session.</t>
        <t>A client MAY optimistically send any WebTransport capsules associated with a
CONNECT request, without waiting for a response, to the extent allowed by flow
control. This can reduce latency for data sent by a client at the start of a
WebTransport session. For example, a client might choose to send datagrams or
flow control updates before receiving any response from the server.</t>
      </section>
      <section anchor="application-protocol-negotiation">
        <name>Application Protocol Negotiation</name>
        <t>WebTransport over HTTP/2 offers a subprotocol negotiation mechanism, similar to
TLS Application-Layer Protocol Negotiation Extension (ALPN) <xref target="RFC7301"/>; the
intent is to simplify porting pre-existing protocols that rely on this type of
functionality.</t>
        <t>The client MAY include a <tt>WT-Available-Protocols</tt> header field in the
CONNECT request. The <tt>WT-Available-Protocols</tt> enumerates the possible protocols
in preference order. If the server receives such a header, it MAY include a
<tt>WT-Protocol</tt> field in a successful (2xx) response. If it does, the server MUST
include a single choice from the client's list in that field. Servers MAY reject
the request if the client did not include a suitable protocol.</t>
        <t>Both <tt>WT-Available-Protocols</tt> and <tt>WT-Protocol</tt> are defined in
<xref section="3.3" sectionFormat="of" target="WEBTRANSPORT-H3"/>.</t>
      </section>
      <section anchor="errors">
        <name>Session Termination and Error Handling</name>
        <t>A WebTransport session over HTTP/2 is terminated when either endpoint closes the
stream associated with the CONNECT request that initiated the session.</t>
        <t>Prior to closing the stream associated with the CONNECT request, either endpoint
can send a WT_CLOSE_SESSION capsule with an application error code and message
to convey additional information about the reasons for the closure of the
session.</t>
        <t>Session errors result in the termination of a session.  Errors can be reported
using the WT_CLOSE_SESSION capsule, which includes an error code and an optional
explanatory message.</t>
        <t>An endpoint can terminate a session without sending a WT_CLOSE_SESSION capsule
by closing the HTTP/2 stream.</t>
        <t>An HTTP/2 stream that is reset terminates the session without providing an
application-level signal, though there will be an HTTP/2 error code.</t>
        <t>This document reserves the following HTTP/2 error codes for use with reporting
WebTransport errors:</t>
        <dl>
          <dt>WT_ERROR (0xTBD):</dt>
          <dd>
            <t>This generic error can be used for errors that do not have more specific error
codes.</t>
          </dd>
          <dt>WT_STREAM_STATE_ERROR (0xTBD):</dt>
          <dd>
            <t>A stream-related capsule identified a stream that was in an invalid state.</t>
          </dd>
          <dt>WT_FLOW_CONTROL_ERROR (0xTBD):</dt>
          <dd>
            <t>A flow control limit was violated.</t>
          </dd>
        </dl>
        <t>Prior to terminating a stream with an error, a WT_CLOSE_SESSION capsule with an
application-specified error code MAY be sent.</t>
        <t>Session errors do not necessarily result in any change of HTTP/2 connection
state, except that an endpoint might choose to terminate a connection in
response to stream errors; see <xref section="5.4" sectionFormat="of" target="HTTP2"/>.</t>
      </section>
    </section>
    <section anchor="flow-control">
      <name>Flow Control</name>
      <t>Flow control governs the amount of resources that can be consumed or data that
can be sent.  WebTransport over HTTP/2 allows a server to limit the number of
sessions that a client can create on a single connection; see
<xref target="flow-control-limit-sessions"/>.</t>
      <t>For data, there are five applicable levels of flow control for data that is sent
or received using WebTransport over HTTP/2:</t>
      <ol spacing="normal" type="1"><li>
          <t>TCP flow control.</t>
        </li>
        <li>
          <t>HTTP/2 connection flow control, which governs the total amount of data in
DATA frames for all HTTP/2 streams.</t>
        </li>
        <li>
          <t>HTTP/2 stream flow control, which limits the data on a single HTTP/2 stream.
For a WebTransport session, this includes all capsules, including those that are
exempt from WebTransport session-level flow control.</t>
        </li>
        <li>
          <t>WebTransport session-level flow control, which limits the total amount of
stream data that can be sent or received on streams within the WebTransport
session. Note that this does not limit other types of capsules within a
WebTransport session, such as control messages or datagrams.</t>
        </li>
        <li>
          <t>WebTransport stream flow control, which limits data on individual streams
within a session.</t>
        </li>
      </ol>
      <t>TCP and HTTP/2 define the first three levels of flow control. This document
defines the final two.</t>
      <section anchor="flow-control-limit-sessions">
        <name>Limiting the Number of Simultaneous Sessions</name>
        <t>HTTP/2 defines a SETTINGS_MAX_CONCURRENT_STREAMS parameter
<xref section="6.5.2" sectionFormat="of" target="HTTP2"/> that allows the server to limit the maximum number of
concurrent streams on a single HTTP/2 session, which also limits the number of
WebTransport sessions on that connection.  Servers that wish to limit the rate
of incoming WebTransport sessions on any particular HTTP/2 session have multiple
mechanisms:</t>
        <ul spacing="normal">
          <li>
            <t>The <tt>REFUSED_STREAM</tt> error code defined in <xref section="8.7" sectionFormat="of" target="HTTP2"/> indicates
to the receiving HTTP/2 stack that the request was not processed in any way.</t>
          </li>
          <li>
            <t>HTTP status code 429 indicates that the request was rejected due to rate
limiting <xref target="RFC6585"/>.  Unlike the previous method, this signal is directly
propagated to the application.</t>
          </li>
        </ul>
      </section>
      <section anchor="flow-control-limit-streams">
        <name>Limiting the Number of Streams Within a Session</name>
        <t>The <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsule (<xref section="5.6.1" sectionFormat="of" target="WEBTRANSPORT-H3"/>) allows each
endpoint to limit the number of streams its peer is permitted to open as part of
a WebTransport session.  There is a separate limit for bidirectional streams and
for unidirectional streams.  Note that, unlike WebTransport over HTTP/3
<xref target="WEBTRANSPORT-H3"/>, because the entire WebTransport session is contained within
HTTP/2 DATA frames on a single HTTP/2 stream, this limit is the only mechanism
for an endpoint to limit the number of WebTransport streams that its peer can
open on a session.</t>
      </section>
      <section anchor="flow-control-initial">
        <name>Initial Flow Control Limits</name>
        <t>To allow stream data to be exchanged in the same flight as the extended CONNECT
request that establishes a WebTransport session, initial flow control limits can
be exchanged via HTTP/2 SETTINGS (<xref target="flow-control-settings"/>).  Initial values
for the flow control limits can also be exchanged via the <tt>WebTransport-Init</tt>
header field on the extended CONNECT request (<xref target="flow-control-header"/>).</t>
        <t>The limits communicated via HTTP/2 SETTINGS apply to all WebTransport sessions
opened on that HTTP/2 connection.  Limits communicated via the
<tt>WebTransport-Init</tt> header field apply only to the WebTransport session
established by the extended CONNECT request carrying that field.</t>
        <t>If both the SETTINGS and the header field are present when a WebTransport
session is established, the endpoint MUST use the greater of the two values for
each corresponding initial flow control value.  Endpoints sending the SETTINGS
and also including the header field SHOULD ensure that the header field values
are greater than or equal to the values provided in the SETTINGS.</t>
        <section anchor="flow-control-settings">
          <name>Flow Control SETTINGS</name>
          <t>Initial flow control limits can be exchanged via HTTP/2 SETTINGS
(<xref target="h2-settings"/>) by providing non-zero values for</t>
          <ul spacing="normal">
            <li>
              <t><iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref> via <iref item="SETTINGS_WT_INITIAL_MAX_DATA"/><xref target="SETTINGS_WT_INITIAL_MAX_DATA" format="none">SETTINGS_WT_INITIAL_MAX_DATA</xref></t>
            </li>
            <li>
              <t><iref item="WT_MAX_STREAM_DATA"/><xref target="WT_MAX_STREAM_DATA" format="none">WT_MAX_STREAM_DATA</xref> via <iref item="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_UNI"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_UNI" format="none">SETTINGS_WT_INITIAL_MAX_STREAM_DATA_UNI</xref>,
<iref item="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL" format="none">SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL</xref>, and
<iref item="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE" format="none">SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE</xref></t>
            </li>
            <li>
              <t><iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> via <iref item="SETTINGS_WT_INITIAL_MAX_STREAMS_UNI"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAMS_UNI" format="none">SETTINGS_WT_INITIAL_MAX_STREAMS_UNI</xref> and
<iref item="SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI" format="none">SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI</xref></t>
            </li>
          </ul>
          <t>WebTransport SETTINGS can be updated during the lifetime of the HTTP/2
connection.  Updated values take effect for new sessions once they have been
acknowledged by the peer, as described in <xref section="6.5.3" sectionFormat="of" target="HTTP2"/>.</t>
          <t>Because SETTINGS frames and their acknowledgements can be in flight when a
CONNECT request or response is exchanged, the initial flow control limits for
a new session are determined per-direction:</t>
          <ul spacing="normal">
            <li>
              <t>For SETTINGS sent by the server, the initial limits are those most recently
acknowledged immediately before the CONNECT request is sent.</t>
            </li>
            <li>
              <t>For SETTINGS sent by the client, the initial limits are those most recently
acknowledged immediately before the response accepting the session is sent.</t>
            </li>
          </ul>
          <t>Note that this requires some care when SETTINGS are updated during the
connection.  A client sending a CONNECT request MUST use the server-sent
SETTINGS it has acknowledged at that moment. Those are the values that apply to
the resulting session, even if the client acknowledges further server SETTINGS
before the response arrives. Similarly, a server sending a response accepting a
session MUST use the client-sent SETTINGS that it has acknowledged before
sending that response.  Values still unacknowledged at these moments apply only
to sessions created after they are acknowledged.</t>
          <t>Sessions that are already established are not affected by changes to these
SETTINGS, and their limits can only be updated using the corresponding flow
control capsules.</t>
        </section>
        <section anchor="flow-control-header">
          <name>Flow Control Header Field</name>
          <t>The <tt>WebTransport-Init</tt> HTTP header field can be used to communicate the initial
values of the flow control windows, similar to how QUIC uses transport
parameters.  The <tt>WebTransport-Init</tt> is a Dictionary Structured Field
(<xref section="3.2" sectionFormat="of" target="RFC8941"/>).  If the <tt>WebTransport-Init</tt> field cannot be
parsed correctly or does not have the correct type, the endpoint MUST reject the
CONNECT request with a 4xx status code.  The following keys are defined for the
<tt>WebTransport-Init</tt> header field:</t>
          <dl>
            <dt><tt>u</tt>:</dt>
            <dd>
              <t>The initial flow control limit for unidirectional streams opened by the
recipient of this header field.  MUST be an Integer.</t>
            </dd>
            <dt><tt>bl</tt>:</dt>
            <dd>
              <t>The initial flow control limit for the bidirectional streams opened by the
sender of this header field.  MUST be an Integer.</t>
            </dd>
            <dt><tt>br</tt>:</dt>
            <dd>
              <t>The initial flow control limit for the bidirectional streams opened by the
recipient of this header field.  MUST be an Integer.</t>
            </dd>
          </dl>
          <t>If any of these keys are present but contain invalid values, the endpoint MUST
reject the CONNECT request with a 4xx status code.  Unknown keys and parameters
in the dictionary MUST be ignored.</t>
        </section>
      </section>
      <section anchor="flow-control-intermediaries">
        <name>Flow Control and Intermediaries</name>
        <t>WebTransport over HTTP/2 uses several capsules for flow control, and all of
these capsules define special intermediary handling as described in
<xref section="3.2" sectionFormat="of" target="HTTP-DATAGRAM"/>.  These capsules, referred to as the "flow
control capsules" are <iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref>, <iref item="WT_MAX_STREAM_DATA"/><xref target="WT_MAX_STREAM_DATA" format="none">WT_MAX_STREAM_DATA</xref>, <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref>,
<iref item="WT_DATA_BLOCKED"/><xref target="WT_DATA_BLOCKED" format="none">WT_DATA_BLOCKED</xref>, <iref item="WT_STREAM_DATA_BLOCKED"/><xref target="WT_STREAM_DATA_BLOCKED" format="none">WT_STREAM_DATA_BLOCKED</xref>, and <iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref>.</t>
        <t>An endpoint MUST NOT wait for a <iref item="WT_DATA_BLOCKED"/><xref target="WT_DATA_BLOCKED" format="none">WT_DATA_BLOCKED</xref>, <iref item="WT_STREAM_DATA_BLOCKED"/><xref target="WT_STREAM_DATA_BLOCKED" format="none">WT_STREAM_DATA_BLOCKED</xref>, or
<iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref> capsule before sending a <iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref>, <iref item="WT_MAX_STREAM_DATA"/><xref target="WT_MAX_STREAM_DATA" format="none">WT_MAX_STREAM_DATA</xref>,
or <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsule; doing so could result in the sender being blocked
for at least an entire round trip.  Endpoints SHOULD send flow control credit
as they consume data or close streams (similar to the mechanism used in QUIC,
see <xref section="4.2" sectionFormat="of" target="RFC9000"/>).</t>
        <t>Because flow control in WebTransport is hop-by-hop and does not provide an
end-to-end signal, intermediaries MUST consume flow control signals and express
their own flow control limits to the next hop. The intermediary can send these
signals via HTTP/3 flow control messages, HTTP/2 flow control messages, or as
WebTransport flow control capsules, where appropriate. Intermediaries are
responsible for storing any data for which they advertise flow control credit if
that data cannot be immediately forwarded to the next hop.</t>
        <t>In practice, an intermediary that translates flow control signals between
similar WebTransport protocols, such as between two HTTP/2 connections, can
often simply reexpress the same limits received on one connection directly on
the other connection.</t>
        <t>An intermediary that does not want to be responsible for storing data that
cannot be immediately sent on its translated connection would ensure that it
does not advertise a higher flow control limit on one connection than the
corresponding limit on the translated connection.</t>
      </section>
    </section>
    <section anchor="features">
      <name>WebTransport Features</name>
      <t>WebTransport over TCP-based HTTP semantics provides the following features
described in <xref target="OVERVIEW"/>: unidirectional streams, bidirectional streams, and
datagrams, initiated by either endpoint.</t>
      <t>WebTransport streams and datagrams that belong to different WebTransport
sessions are identified by the CONNECT stream on which they are transmitted,
with one WebTransport session consuming one CONNECT stream.</t>
      <section anchor="transport-properties">
        <name>Transport Properties</name>
        <t>The WebTransport framework <xref target="OVERVIEW"/> defines a set of optional transport
properties that clients can use to determine the presence of features which
might allow additional optimizations beyond the common set of properties
available via all WebTransport protocols.</t>
        <t>Because WebTransport over TCP-based HTTP semantics relies on the underlying
protocols to provide in order and reliable delivery, there are some notable
differences from the way in which QUIC handles application data. For example,
endpoints send stream data in order. As there is no ordering mechanism available
for the receiver to reassemble incoming data, receivers assume that all data
arriving in <iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref> capsules is contiguous and in order.</t>
        <t>Below are details about support in WebTransport over HTTP/2 for the properties
defined by the WebTransport framework.</t>
        <dl>
          <dt>Unreliable Delivery:</dt>
          <dd>
            <t>WebTransport over HTTP/2 does not support unreliable delivery, as HTTP/2
retransmits any lost data. This means that any datagrams sent via WebTransport
over HTTP/2 will be retransmitted regardless of the preference of the
application. The receiver is permitted to drop them, however, if it is unable
to buffer them.</t>
          </dd>
          <dt>Pooling:</dt>
          <dd>
            <t>WebTransport over HTTP/2 provides support for pooling.  Every WebTransport
session is an independent HTTP/2 stream and does not compete with other pooled
WebTransport sessions for per-stream resources.</t>
          </dd>
          <dt>Stream Independence:</dt>
          <dd>
            <t>WebTransport over HTTP/2 does not support stream independence, as HTTP/2
inherently has head-of-line blocking.</t>
          </dd>
        </dl>
      </section>
      <section anchor="webtransport-streams">
        <name>WebTransport Streams</name>
        <t>WebTransport streams have identifiers and states that mirror the identifiers
((<xref section="2.1" sectionFormat="of" target="RFC9000"/>)) and states (<xref section="3" sectionFormat="of" target="RFC9000"/>) of QUIC
streams as closely as possible to aid in ease of implementation.</t>
        <t>WebTransport streams are identified by a numeric value, or stream ID. Stream IDs
are only meaningful within the WebTransport session in which they were created.
They share the same semantics as QUIC stream IDs, with client initiated streams
having even-numbered stream IDs and server-initiated streams having odd-numbered
stream IDs. Similarly, they can be bidirectional or unidirectional, indicated by
the second least significant bit of the stream ID.</t>
        <t>Because WebTransport does not provide an acknowledgement mechanism for
WebTransport capsules, it relies on the underlying transport's in order delivery
to inform stream state transitions. Wherever QUIC relies on receiving an ack for
a packet to transition between stream states, WebTransport performs that
transition immediately.</t>
      </section>
      <section anchor="use-of-keying-material-exporters">
        <name>Use of Keying Material Exporters</name>
        <t>WebTransport over HTTP/2 supports the use of TLS keying material exporters
<xref section="7.5" sectionFormat="of" target="TLS"/>. Since the underlying HTTP/2 connection could be
shared by multiple WebTransport sessions, WebTransport defines a mechanism for
deriving a TLS exporter that separates keying material for different sessions.
If the application requests an exporter for a given WebTransport session with a
specified label and context, the resulting exporter SHALL be a TLS exporter as
defined in <xref section="7.5" sectionFormat="of" target="TLS"/> with the label set to "EXPORTER-WebTransport"
and the context set to the serialization of the "WebTransport Exporter Context"
struct as defined below.</t>
        <figure anchor="fig-wt-exporter-context">
          <name>WebTransport Exporter Context struct</name>
          <artwork><![CDATA[
WebTransport Exporter Context {
  WebTransport Session ID (64),
  WebTransport Application-Supplied Exporter Label Length (8),
  WebTransport Application-Supplied Exporter Label (8..),
  WebTransport Application-Supplied Exporter Context Length (8),
  WebTransport Application-Supplied Exporter Context (..)
}
]]></artwork>
        </figure>
        <t>A TLS exporter API might permit the context field to be omitted.  In this case,
as with TLS 1.3, the WebTransport Application-Supplied Exporter Context becomes
zero-length if omitted.</t>
      </section>
    </section>
    <section anchor="webtransport-capsules">
      <name>WebTransport Capsules</name>
      <t>WebTransport capsules are modeled after QUIC frames where applicable, to
enable reuse of QUIC infrastructure by implementors.</t>
      <t>WebTransport capsules use the Capsule Protocol defined in
<xref section="3.2" sectionFormat="of" target="HTTP-DATAGRAM"/>.</t>
      <section anchor="PADDING">
        <name>PADDING Capsule</name>
        <t>A <iref item="PADDING"/><xref target="PADDING" format="none">PADDING</xref> capsule is an HTTP capsule <xref target="HTTP-DATAGRAM"/> of type=0x190B4D38 and
has no semantic value. <iref item="PADDING"/><xref target="PADDING" format="none">PADDING</xref> capsules can be used to introduce additional data
between other HTTP datagrams and can also be used to provide protection against
traffic analysis or for other reasons.</t>
        <t>Note that, when used with WebTransport over HTTP/2, the <iref item="PADDING"/><xref target="PADDING" format="none">PADDING</xref> capsule exists
alongside the ability to pad HTTP/2 frames (<xref section="10.7" sectionFormat="of" target="RFC9113"/>).
HTTP/2 padding is hop-by-hop and can be modified by intermediaries, while the
<iref item="PADDING"/><xref target="PADDING" format="none">PADDING</xref> capsule traverses intermediaries.  The <iref item="PADDING"/><xref target="PADDING" format="none">PADDING</xref> capsule cannot be smaller
than its own header, which means that the minimum size of the capsule is two
bytes: one byte for the Type and one byte to encode "0" for the Length.</t>
        <figure anchor="fig-padding">
          <name>PADDING Capsule Format</name>
          <artwork><![CDATA[
PADDING Capsule {
  Type (i) = 0x190B4D38,
  Length (i),
  Padding (..),
}
]]></artwork>
        </figure>
        <t>The Padding field MUST be set to an all-zero sequence of bytes of any length as
specified by the Length field.  A receiver is not obligated to verify padding
but MAY treat non-zero padding as a <xref target="errors">stream error</xref>.</t>
      </section>
      <section anchor="WT_RESET_STREAM">
        <name>WT_RESET_STREAM Capsule</name>
        <t>A <iref item="WT_RESET_STREAM"/><xref target="WT_RESET_STREAM" format="none">WT_RESET_STREAM</xref> capsule is an HTTP capsule <xref target="HTTP-DATAGRAM"/> of
type=0x190B4D39 and allows either endpoint to abruptly terminate its sending
side of a WebTransport stream.</t>
        <t>After sending a <iref item="WT_RESET_STREAM"/><xref target="WT_RESET_STREAM" format="none">WT_RESET_STREAM</xref> capsule, an endpoint ceases transmission of
<iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref> capsules on the identified stream.</t>
        <t>The <iref item="WT_RESET_STREAM"/><xref target="WT_RESET_STREAM" format="none">WT_RESET_STREAM</xref> capsule follows the design of the QUIC RESET_STREAM_AT frame
<xref target="PARTIAL-RESET"/>.  Consequently, it includes a Reliable Size field.  Because
<iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref> and <iref item="WT_RESET_STREAM"/><xref target="WT_RESET_STREAM" format="none">WT_RESET_STREAM</xref> capsules are delivered in order on a single
HTTP/2 stream, the Reliable Size MUST equal the total number of bytes the
sender has sent via <iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref> capsules on the stream.  A receiver MUST close
the WebTransport session with a WT_STREAM_STATE_ERROR session error
if the Reliable Size in a <iref item="WT_RESET_STREAM"/><xref target="WT_RESET_STREAM" format="none">WT_RESET_STREAM</xref> capsule does not equal the number of
bytes received on that stream: a smaller value contradicts data already
delivered, and a larger value promises bytes that cannot subsequently arrive.</t>
        <figure anchor="fig-wt_reset_stream">
          <name>WT_RESET_STREAM Capsule Format</name>
          <artwork><![CDATA[
WT_RESET_STREAM Capsule {
  Type (i) = 0x190B4D39,
  Length (i),
  Stream ID (i),
  Application Protocol Error Code (i),
  Reliable Size (i),
}
]]></artwork>
        </figure>
        <t>The <iref item="WT_RESET_STREAM"/><xref target="WT_RESET_STREAM" format="none">WT_RESET_STREAM</xref> capsule defines the following fields:</t>
        <dl>
          <dt>Stream ID:</dt>
          <dd>
            <t>A variable-length integer encoding of the WebTransport stream ID of the
stream being terminated.</t>
          </dd>
          <dt>Application Protocol Error Code:</dt>
          <dd>
            <t>A variable-length integer containing the application protocol error code
that indicates why the stream is being closed.  WebTransport application
error codes are constrained to an unsigned 32-bit range defined in
<xref section="4.4" sectionFormat="of" target="WEBTRANSPORT-H3"/>.  This value MUST NOT exceed 0xffffffff,
values larger than this MUST be treated as a session error of type
WT_ERROR.</t>
          </dd>
          <dt>Reliable Size:</dt>
          <dd>
            <t>A variable-length integer indicating the amount of data delivered on the
stream before the reset event.</t>
          </dd>
        </dl>
        <t>Unlike the equivalent QUIC frame, this capsule does not include a Final Size
field. In-order delivery of <iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref> capsules ensures that the amount of
session-level flow control consumed by a stream is always known by both
endpoints.</t>
        <t>A <iref item="WT_RESET_STREAM"/><xref target="WT_RESET_STREAM" format="none">WT_RESET_STREAM</xref> capsule MUST NOT be sent after a stream is closed or reset.
While QUIC permits redundant RESET_STREAM frames, the ordering guarantee in
HTTP/2 makes this unnecessary.  A <xref target="errors">stream error</xref> of type
WT_STREAM_STATE_ERROR MUST be sent if a <iref item="WT_RESET_STREAM"/><xref target="WT_RESET_STREAM" format="none">WT_RESET_STREAM</xref> capsule is
received for a stream that is not in a valid state.</t>
      </section>
      <section anchor="WT_STOP_SENDING">
        <name>WT_STOP_SENDING Capsule</name>
        <t>An HTTP capsule <xref target="HTTP-DATAGRAM"/> called <iref item="WT_STOP_SENDING"/><xref target="WT_STOP_SENDING" format="none">WT_STOP_SENDING</xref> (type=0x190B4D3A) is
introduced to communicate that incoming data is being discarded on receipt per
application request. <iref item="WT_STOP_SENDING"/><xref target="WT_STOP_SENDING" format="none">WT_STOP_SENDING</xref> requests that a peer cease transmission on
a WebTransport stream.</t>
        <figure anchor="fig-wt_stop_sending">
          <name>WT_STOP_SENDING Capsule Format</name>
          <artwork><![CDATA[
WT_STOP_SENDING Capsule {
  Type (i) = 0x190B4D3A,
  Length (i),
  Stream ID (i),
  Application Protocol Error Code (i),
}
]]></artwork>
        </figure>
        <t>The <iref item="WT_STOP_SENDING"/><xref target="WT_STOP_SENDING" format="none">WT_STOP_SENDING</xref> capsule defines the following fields:</t>
        <dl>
          <dt>Stream ID:</dt>
          <dd>
            <t>A variable-length integer carrying the WebTransport stream ID of the stream
being ignored.</t>
          </dd>
          <dt>Application Protocol Error Code:</dt>
          <dd>
            <t>A variable-length integer containing the application-specified reason the
sender is ignoring the stream.  WebTransport application error codes are
constrained to an unsigned 32-bit range defined in
<xref section="4.4" sectionFormat="of" target="WEBTRANSPORT-H3"/>.  This value MUST NOT exceed 0xffffffff,
values larger than this MUST be treated as a session error of type
WT_ERROR.</t>
          </dd>
        </dl>
        <t>As defined in <xref section="3.5" sectionFormat="of" target="RFC9000"/>, the recipient of a <iref item="WT_STOP_SENDING"/><xref target="WT_STOP_SENDING" format="none">WT_STOP_SENDING</xref>
capsule sends a <iref item="WT_RESET_STREAM"/><xref target="WT_RESET_STREAM" format="none">WT_RESET_STREAM</xref> capsule in response if the stream is in the
"Ready" or "Send" state.  The error code from the <iref item="WT_STOP_SENDING"/><xref target="WT_STOP_SENDING" format="none">WT_STOP_SENDING</xref> capsule
can be copied into the <iref item="WT_RESET_STREAM"/><xref target="WT_RESET_STREAM" format="none">WT_RESET_STREAM</xref> capsule if the endpoint does not
have a more appropriate code to use.</t>
        <t>A <iref item="WT_STOP_SENDING"/><xref target="WT_STOP_SENDING" format="none">WT_STOP_SENDING</xref> capsule MUST NOT be sent multiple times for the same stream.
While QUIC permits redundant STOP_SENDING frames, the ordering guarantee in
HTTP/2 makes this unnecessary.  A <xref target="errors">stream error</xref> of type
WT_STREAM_STATE_ERROR MUST be sent if a second <iref item="WT_STOP_SENDING"/><xref target="WT_STOP_SENDING" format="none">WT_STOP_SENDING</xref> capsule
is received.</t>
      </section>
      <section anchor="WT_STREAM">
        <name>WT_STREAM Capsule</name>
        <t><iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref> capsules implicitly create a WebTransport stream and carry stream
data.</t>
        <t>The Type field in the <iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref> capsule is either 0x190B4D3B or 0x190B4D3C.  The
least significant bit in the capsule type is the FIN bit (0x01), indicating when
set that the capsule marks the end of the stream in one direction.  Stream data
consists of any number of 0x190B4D3C capsules followed by a terminal 0x190B4D3B
capsule.</t>
        <figure anchor="fig-wt_stream">
          <name>WT_STREAM Capsule Format</name>
          <artwork><![CDATA[
WT_STREAM Capsule {
  Type (i) = 0x190B4D3B..0x190B4D3C,
  Length (i),
  Stream ID (i),
  Stream Data (..),
}
]]></artwork>
        </figure>
        <t><iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref> capsules contain the following fields:</t>
        <dl>
          <dt>Stream ID:</dt>
          <dd>
            <t>The stream ID for the stream.  The second least significant bit of the Stream
ID indicates whether the stream is bidirectional or unidirectional, as
described in <xref target="webtransport-streams"/>.</t>
          </dd>
          <dt>Stream Data:</dt>
          <dd>
            <t>Zero or more bytes of data for the stream.  Empty <iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref> capsules MUST NOT
be used unless they open or close a stream; an endpoint MAY treat an empty
<iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref> capsule that neither starts nor ends a stream as a session error.</t>
          </dd>
        </dl>
        <t>A <iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref> capsule MUST NOT be sent after a stream is closed or reset.  While
QUIC permits redundant STREAM frames, the ordering guarantee in HTTP/2 makes
this unnecessary.  A <xref target="errors">stream error</xref> of type
WT_STREAM_STATE_ERROR MUST be sent if a <iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref> capsule is received
for a stream that is not in a valid state.</t>
      </section>
      <section anchor="WT_MAX_DATA">
        <name>WT_MAX_DATA Capsule</name>
        <t>An HTTP capsule <xref target="HTTP-DATAGRAM"/> called <iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref> (type=0x190B4D3D)
(<xref section="5.4.3" sectionFormat="of" target="WEBTRANSPORT-H3"/>) is used to inform the peer of the maximum
amount of data that can be sent on the WebTransport session as a whole.</t>
        <figure anchor="fig-wt_max_data">
          <name>WT_MAX_DATA Capsule Format</name>
          <artwork><![CDATA[
WT_MAX_DATA Capsule {
  Type (i) = 0x190B4D3D,
  Length (i),
  Maximum Data (i),
}
]]></artwork>
        </figure>
        <t><iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref> capsules contain the following field:</t>
        <dl>
          <dt>Maximum Data:</dt>
          <dd>
            <t>A variable-length integer indicating the maximum amount of data that can be
sent on the entire connection, in units of bytes.</t>
          </dd>
        </dl>
        <t>All data sent in <iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref> capsules counts toward this limit.  The sum of the
lengths of Stream Data fields in <iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref> capsules MUST NOT exceed the value
advertised by a receiver.  If an endpoint receives an incoming <iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref> capsule
with Stream Data in excess of this limit, it MUST close the WebTransport session
with a WT_FLOW_CONTROL_ERROR session error.</t>
        <t>If an endpoint receives a <iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref> capsule with a Maximum Data value less
than a previously received value, it MUST close the WebTransport session with a
WT_FLOW_CONTROL_ERROR session error.</t>
        <t>The <iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref> capsule defines special intermediary handling, as described in
<xref section="3.2" sectionFormat="of" target="HTTP-DATAGRAM"/>.  Intermediaries MUST consume <iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref>
capsules for flow control purposes and MUST generate and send appropriate flow
control signals for their limits; see <xref target="flow-control-intermediaries"/>.</t>
        <t>The initial value for this limit MAY be communicated by sending a non-zero value
for <iref item="SETTINGS_WT_INITIAL_MAX_DATA"/><xref target="SETTINGS_WT_INITIAL_MAX_DATA" format="none">SETTINGS_WT_INITIAL_MAX_DATA</xref>.</t>
      </section>
      <section anchor="WT_MAX_STREAM_DATA">
        <name>WT_MAX_STREAM_DATA Capsule</name>
        <t>An HTTP capsule <xref target="HTTP-DATAGRAM"/> called <iref item="WT_MAX_STREAM_DATA"/><xref target="WT_MAX_STREAM_DATA" format="none">WT_MAX_STREAM_DATA</xref> (type=0x190B4D3E) is
introduced to inform a peer of the maximum amount of data that can be sent on a
WebTransport stream.</t>
        <figure anchor="fig-wt_max_stream_data">
          <name>WT_MAX_STREAM_DATA Capsule Format</name>
          <artwork><![CDATA[
WT_MAX_STREAM_DATA Capsule {
  Type (i) = 0x190B4D3E,
  Length (i),
  Stream ID (i),
  Maximum Stream Data (i),
}
]]></artwork>
        </figure>
        <t><iref item="WT_MAX_STREAM_DATA"/><xref target="WT_MAX_STREAM_DATA" format="none">WT_MAX_STREAM_DATA</xref> capsules contain the following fields:</t>
        <dl>
          <dt>Stream ID:</dt>
          <dd>
            <t>The stream ID of the affected WebTransport stream, encoded as a
variable-length integer.</t>
          </dd>
          <dt>Maximum Stream Data:</dt>
          <dd>
            <t>A variable-length integer indicating the maximum amount of data that can be
sent on the identified stream, in units of bytes.</t>
          </dd>
        </dl>
        <t>All data sent in <iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref> capsules for the identified stream counts toward this
limit.  The sum of the lengths of Stream Data fields in <iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref> capsules on
the identified stream MUST NOT exceed the value advertised by a receiver.  If an
endpoint receives an incoming <iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref> capsule with Stream Data in excess of
this limit, it MUST close the WebTransport session with a
WT_FLOW_CONTROL_ERROR session error.</t>
        <t>If an endpoint receives a <iref item="WT_MAX_STREAM_DATA"/><xref target="WT_MAX_STREAM_DATA" format="none">WT_MAX_STREAM_DATA</xref> capsule with a Maximum Stream Data
value less than a previously received value, it MUST close the WebTransport
session with a WT_FLOW_CONTROL_ERROR session error.</t>
        <t>The <iref item="WT_MAX_STREAM_DATA"/><xref target="WT_MAX_STREAM_DATA" format="none">WT_MAX_STREAM_DATA</xref> capsule defines special intermediary handling, as
described in <xref section="3.2" sectionFormat="of" target="HTTP-DATAGRAM"/>.  Intermediaries MUST consume
<iref item="WT_MAX_STREAM_DATA"/><xref target="WT_MAX_STREAM_DATA" format="none">WT_MAX_STREAM_DATA</xref> capsules for flow control purposes and MUST generate and send
appropriate flow control signals for their limits; see
<xref target="flow-control-intermediaries"/>.</t>
        <t>Initial values for this limit for unidirectional and bidirectional streams MAY
be communicated by sending non-zero values for
<iref item="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_UNI"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_UNI" format="none">SETTINGS_WT_INITIAL_MAX_STREAM_DATA_UNI</xref>,
<iref item="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL" format="none">SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL</xref>, and
<iref item="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE" format="none">SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE</xref> respectively.</t>
        <t>A <iref item="WT_MAX_STREAM_DATA"/><xref target="WT_MAX_STREAM_DATA" format="none">WT_MAX_STREAM_DATA</xref> capsule MUST NOT be sent after a sender requests that a
stream be closed with <iref item="WT_STOP_SENDING"/><xref target="WT_STOP_SENDING" format="none">WT_STOP_SENDING</xref>.  While QUIC permits redundant
MAX_STREAM_DATA frames, the ordering guarantee in HTTP/2 makes this unnecessary.
A <xref target="errors">stream error</xref> of type WT_STREAM_STATE_ERROR MUST be sent
if a <iref item="WT_MAX_STREAM_DATA"/><xref target="WT_MAX_STREAM_DATA" format="none">WT_MAX_STREAM_DATA</xref> capsule is received after a <iref item="WT_STOP_SENDING"/><xref target="WT_STOP_SENDING" format="none">WT_STOP_SENDING</xref> capsule for
the same stream.</t>
      </section>
      <section anchor="WT_MAX_STREAMS">
        <name>WT_MAX_STREAMS Capsule</name>
        <t>An HTTP capsule <xref target="HTTP-DATAGRAM"/> called <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> is defined by
<xref section="5.6.1" sectionFormat="of" target="WEBTRANSPORT-H3"/> to inform the peer of the cumulative number
of streams of a given type it is permitted to open.  A <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsule
with a type of 0x190B4D3F applies to bidirectional streams, and a <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref>
capsule with a type of 0x190B4D40 applies to unidirectional streams.</t>
        <t>Note that, because Maximum Streams is a cumulative value representing the total
allowed number of streams, including previously closed streams, endpoints
repeatedly send new <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsules with increasing Maximum Streams
values as streams are opened.</t>
        <figure anchor="fig-wt_max_streams">
          <name>WT_MAX_STREAMS Capsule Format</name>
          <artwork><![CDATA[
WT_MAX_STREAMS Capsule {
  Type (i) = 0x190B4D3F..0x190B4D40,
  Length (i),
  Maximum Streams (i),
}
]]></artwork>
        </figure>
        <t><iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsules contain the following field:</t>
        <dl>
          <dt>Maximum Streams:</dt>
          <dd>
            <t>A count of the cumulative number of streams of the corresponding type that
can be opened over the lifetime of the connection. This value cannot
exceed 2<sup>60</sup>, as it is not possible to encode stream IDs larger
than 2<sup>62</sup>-1.  Recipients of a capsule with a Maximum Streams
value larger than this limit MUST close the WebTransport session with a
WT_FLOW_CONTROL_ERROR session error.</t>
          </dd>
        </dl>
        <t>An endpoint MUST NOT open more streams than permitted by the current stream
limit set by its peer.  For instance, a server that receives a unidirectional
stream limit of 3 is permitted to open streams 3, 7, and 11, but not stream 15.</t>
        <t>Note that this limit includes streams that have been closed as well as those
that are open.</t>
        <t>If an endpoint receives an incoming stream that would exceed the advertised
Maximum Streams value, it MUST close the WebTransport session with a
WT_FLOW_CONTROL_ERROR session error.</t>
        <t>Note that, like QUIC stream IDs, WebTransport stream IDs cannot be skipped.
Opening a stream with a given ID implicitly opens all streams of the same type
and direction with lower stream IDs.  Even though WebTransport over HTTP/2 uses
an ordered transport, an application can create a stream without immediately
sending data on it. A higher-numbered stream might have data written to it
first, causing it to appear at the peer before any data is sent on
lower-numbered streams.  For example, if the client's bidirectional stream limit
is 3 and the server opens stream ID 15 (the fourth server-initiated
bidirectional stream), this implicitly counts stream IDs 3, 7, 11, and 15
against the limit, which would violate the limit of 3.  An endpoint that
receives such a stream would close the WebTransport session with a
WT_FLOW_CONTROL_ERROR error.</t>
        <t>If an endpoint receives a <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsule with a Maximum Streams value
less than a previously received value, it MUST close the WebTransport session
with a WT_FLOW_CONTROL_ERROR session error.</t>
        <t>The <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsule defines special intermediary handling, as described
in <xref section="3.2" sectionFormat="of" target="HTTP-DATAGRAM"/>.  Intermediaries MUST consume <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref>
capsules for flow control purposes and MUST generate and send appropriate flow
control signals for their limits.</t>
        <t>Initial values for these limits MAY be communicated by sending non-zero values
for <iref item="SETTINGS_WT_INITIAL_MAX_STREAMS_UNI"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAMS_UNI" format="none">SETTINGS_WT_INITIAL_MAX_STREAMS_UNI</xref> and
<iref item="SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI" format="none">SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI</xref>.</t>
      </section>
      <section anchor="WT_DATA_BLOCKED">
        <name>WT_DATA_BLOCKED Capsule</name>
        <t>A sender SHOULD send a <iref item="WT_DATA_BLOCKED"/><xref target="WT_DATA_BLOCKED" format="none">WT_DATA_BLOCKED</xref> capsule (type=0x190B4D41)
(<xref section="5.6.4" sectionFormat="of" target="WEBTRANSPORT-H3"/>) when it wishes to send data but is unable
to do so due to WebTransport session-level flow control.  A sender is not
required to send <iref item="WT_DATA_BLOCKED"/><xref target="WT_DATA_BLOCKED" format="none">WT_DATA_BLOCKED</xref> capsules, however <iref item="WT_DATA_BLOCKED"/><xref target="WT_DATA_BLOCKED" format="none">WT_DATA_BLOCKED</xref> capsules can
be used as input to tuning of flow control algorithms and for debugging
purposes.</t>
        <figure anchor="fig-wt_data_blocked">
          <name>WT_DATA_BLOCKED Capsule Format</name>
          <artwork><![CDATA[
WT_DATA_BLOCKED Capsule {
  Type (i) = 0x190B4D41,
  Length (i),
  Maximum Data (i),
}
]]></artwork>
        </figure>
        <t><iref item="WT_DATA_BLOCKED"/><xref target="WT_DATA_BLOCKED" format="none">WT_DATA_BLOCKED</xref> capsules contain the following field:</t>
        <dl>
          <dt>Maximum Data:</dt>
          <dd>
            <t>A variable-length integer indicating the session-level limit at which
blocking occurred.</t>
          </dd>
        </dl>
        <t>The <iref item="WT_DATA_BLOCKED"/><xref target="WT_DATA_BLOCKED" format="none">WT_DATA_BLOCKED</xref> capsule defines special intermediary handling, as described
in <xref section="3.2" sectionFormat="of" target="HTTP-DATAGRAM"/>.  Intermediaries MUST consume
<iref item="WT_DATA_BLOCKED"/><xref target="WT_DATA_BLOCKED" format="none">WT_DATA_BLOCKED</xref> capsules for flow control purposes and MUST generate and send
appropriate flow control signals for their limits; see
<xref target="flow-control-intermediaries"/>.</t>
      </section>
      <section anchor="WT_STREAM_DATA_BLOCKED">
        <name>WT_STREAM_DATA_BLOCKED Capsule</name>
        <t>A sender SHOULD send a <iref item="WT_STREAM_DATA_BLOCKED"/><xref target="WT_STREAM_DATA_BLOCKED" format="none">WT_STREAM_DATA_BLOCKED</xref> capsule (type=0x190B4D42) when it
wishes to send data but is unable to do so due to stream-level flow control.  A
sender is not required to send <iref item="WT_STREAM_DATA_BLOCKED"/><xref target="WT_STREAM_DATA_BLOCKED" format="none">WT_STREAM_DATA_BLOCKED</xref> capsules, however
<iref item="WT_STREAM_DATA_BLOCKED"/><xref target="WT_STREAM_DATA_BLOCKED" format="none">WT_STREAM_DATA_BLOCKED</xref> capsules can be used as input to tuning of flow control
algorithms and for debugging purposes.</t>
        <t>This capsule is analogous to <iref item="WT_DATA_BLOCKED"/><xref target="WT_DATA_BLOCKED" format="none">WT_DATA_BLOCKED</xref> (<xref target="WT_DATA_BLOCKED"/>), but for
stream-level data limits instead of session-level data limits.</t>
        <figure anchor="fig-wt_stream_data_blocked">
          <name>WT_STREAM_DATA_BLOCKED Capsule Format</name>
          <artwork><![CDATA[
WT_STREAM_DATA_BLOCKED Capsule {
  Type (i) = 0x190B4D42,
  Length (i),
  Stream ID (i),
  Maximum Stream Data (i),
}
]]></artwork>
        </figure>
        <t><iref item="WT_STREAM_DATA_BLOCKED"/><xref target="WT_STREAM_DATA_BLOCKED" format="none">WT_STREAM_DATA_BLOCKED</xref> capsules contain the following fields:</t>
        <dl>
          <dt>Stream ID:</dt>
          <dd>
            <t>A variable-length integer indicating the WebTransport stream that is
blocked due to flow control.</t>
          </dd>
          <dt>Maximum Stream Data:</dt>
          <dd>
            <t>A variable-length integer indicating the offset of the stream at which the
blocking occurred.</t>
          </dd>
        </dl>
        <t>The <iref item="WT_STREAM_DATA_BLOCKED"/><xref target="WT_STREAM_DATA_BLOCKED" format="none">WT_STREAM_DATA_BLOCKED</xref> capsule defines special intermediary handling, as
described in <xref section="3.2" sectionFormat="of" target="HTTP-DATAGRAM"/>.  Intermediaries MUST consume
<iref item="WT_STREAM_DATA_BLOCKED"/><xref target="WT_STREAM_DATA_BLOCKED" format="none">WT_STREAM_DATA_BLOCKED</xref> capsules for flow control purposes and MUST generate and
send appropriate flow control signals for their limits; see
<xref target="flow-control-intermediaries"/>.</t>
        <t>A <iref item="WT_STREAM_DATA_BLOCKED"/><xref target="WT_STREAM_DATA_BLOCKED" format="none">WT_STREAM_DATA_BLOCKED</xref> capsule MUST NOT be sent after a stream is closed or
reset.  While QUIC permits redundant STREAM_DATA_BLOCKED frames, the ordering
guarantee in HTTP/2 makes this unnecessary.  A <xref target="errors">stream error</xref> of type
WT_STREAM_STATE_ERROR MUST be sent if a <iref item="WT_STREAM_DATA_BLOCKED"/><xref target="WT_STREAM_DATA_BLOCKED" format="none">WT_STREAM_DATA_BLOCKED</xref> capsule
is received for a stream that is not in a valid state.</t>
      </section>
      <section anchor="WT_STREAMS_BLOCKED">
        <name>WT_STREAMS_BLOCKED Capsule</name>
        <t>A sender SHOULD send a <iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref> capsule (type=0x190B4D43 or
0x190B4D44) (<xref section="5.4.2" sectionFormat="of" target="WEBTRANSPORT-H3"/>) when it wishes to open a
stream but is unable to do so due to the maximum stream limit set by its peer.
A <iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref> capsule of type 0x190B4D43 is used to indicate reaching the
bidirectional stream limit, and a <iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref> capsule of type 0x190B4D44
is used to indicate reaching the unidirectional stream limit.</t>
        <t>A <iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref> capsule does not open the stream, but informs the peer that
a new stream was needed and the stream limit prevented the creation of the
stream.  A sender is not required to send <iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref> capsules, however
<iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref> capsules can be used as input to tuning of flow control
algorithms and for debugging purposes.</t>
        <figure anchor="fig-wt_streams_blocked">
          <name>WT_STREAMS_BLOCKED Capsule Format</name>
          <artwork><![CDATA[
WT_STREAMS_BLOCKED Capsule {
  Type (i) = 0x190B4D43..0x190B4D44,
  Length (i),
  Maximum Streams (i),
}
]]></artwork>
        </figure>
        <t><iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref> capsules contain the following field:</t>
        <dl>
          <dt>Maximum Streams:</dt>
          <dd>
            <t>A variable-length integer indicating the maximum number of streams allowed
at the time the capsule was sent. This value cannot exceed 2<sup>60</sup>,
as it is not possible to encode stream IDs larger than 2<sup>62</sup>-1.
Recipients of a capsule with a Maximum Streams value larger than this
limit MUST close the WebTransport session with a
WT_FLOW_CONTROL_ERROR session error.</t>
          </dd>
        </dl>
        <t>The <iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref> capsule defines special intermediary handling, as
described in <xref section="3.2" sectionFormat="of" target="HTTP-DATAGRAM"/>.  Intermediaries MUST consume
<iref item="WT_STREAMS_BLOCKED"/><xref target="WT_STREAMS_BLOCKED" format="none">WT_STREAMS_BLOCKED</xref> capsules for flow control purposes and MUST generate and send
appropriate flow control signals for their limits.</t>
      </section>
      <section anchor="DATAGRAM_CAPSULE">
        <name>DATAGRAM Capsule</name>
        <t>WebTransport over HTTP/2 uses the DATAGRAM capsule defined in
<xref section="3.5" sectionFormat="of" target="HTTP-DATAGRAM"/> to carry datagram traffic.</t>
        <figure anchor="fig-datagram">
          <name>DATAGRAM Capsule Format</name>
          <artwork><![CDATA[
DATAGRAM Capsule {
  Type (i) = 0x00,
  Length (i),
  HTTP Datagram Payload (..),
}
]]></artwork>
        </figure>
        <t>When used in WebTransport over HTTP/2, DATAGRAM capsules contain the following
fields:</t>
        <dl>
          <dt>HTTP Datagram Payload:</dt>
          <dd>
            <t>The content of the datagram to be delivered.</t>
          </dd>
        </dl>
        <t>The data in DATAGRAM capsules is not subject to flow control. The receiver MAY
discard this data if it does not have sufficient space to buffer it.</t>
        <t>An intermediary could forward the data in a DATAGRAM capsule over another
protocol, such as WebTransport over HTTP/3.  In QUIC, a datagram frame can span
at most one packet. Because of that, the applications have to know the maximum
size of the datagram they can send. However, when proxying the datagrams, the
hop-by-hop MTUs can vary.</t>
        <t><xref section="3.5" sectionFormat="of" target="HTTP-DATAGRAM"/> indicates that intermediaries that forward
DATAGRAM capsules where QUIC datagrams <xref target="DATAGRAM"/> are available forward the
contents of the capsule as native QUIC datagrams, rather than as HTTP datagrams
in a DATAGRAM capsule. Similarly, when forwarding DATAGRAM capsules used as part
of a WebTransport over HTTP/2 session on a WebTransport session that natively
supports QUIC datagrams, such as WebTransport over HTTP/3 <xref target="WEBTRANSPORT-H3"/>,
intermediaries follow the requirements in <xref target="WEBTRANSPORT-H3"/> to use native QUIC
datagrams.</t>
      </section>
      <section anchor="WT_CLOSE_SESSION_CAPSULE">
        <name>WT_CLOSE_SESSION Capsule</name>
        <t>WebTransport over HTTP/2 uses the WT_CLOSE_SESSION capsule defined in
<xref section="5" sectionFormat="of" target="WEBTRANSPORT-H3"/> to terminate a WebTransport session with an
application error code and message.</t>
        <t>WebTransport sessions can be terminated by optionally sending a WT_CLOSE_SESSION
capsule and then by closing the HTTP/2 stream associated with the session (see
<xref target="errors"/>).</t>
        <figure anchor="fig-wt_close_session">
          <name>WT_CLOSE_SESSION Capsule Format</name>
          <artwork><![CDATA[
WT_CLOSE_SESSION Capsule {
  Type (i) = WT_CLOSE_SESSION,
  Length (i),
  Application Error Code (32),
  Application Error Message (..8192),
}
]]></artwork>
        </figure>
        <t>When used in WebTransport over HTTP/2, WT_CLOSE_SESSION capsules contain the
following fields:</t>
        <dl>
          <dt>Application Error Code:</dt>
          <dd>
            <t>A 32-bit error code provided by the application closing the connection.</t>
          </dd>
          <dt>Application Error Message:</dt>
          <dd>
            <t>A UTF-8 encoded error message string provided by the application closing the
connection.  The message takes up the remainder of the capsule, and its
length MUST NOT exceed 1024 bytes.  Senders that truncate an
application-supplied message MUST do so at a UTF-8 character boundary.</t>
            <t>If the Application Error Message exceeds 1024 bytes or is not valid UTF-8,
the receiver MUST treat this as a session error of type WT_ERROR.</t>
          </dd>
        </dl>
        <t>An endpoint that sends a WT_CLOSE_SESSION capsule MUST then half-close the
stream by sending an HTTP/2 frame with the END_STREAM flag set
(<xref section="5.1" sectionFormat="of" target="HTTP2"/>).  The recipient MUST close the stream upon receipt of
the capsule by replying with an HTTP/2 frame with the END_STREAM flag set; note
that it does not need to send a WT_CLOSE_SESSION capsule in response.</t>
        <t>Cleanly terminating a WebTransport session without a WT_CLOSE_SESSION capsule is
semantically equivalent to terminating it with a WT_CLOSE_SESSION capsule that
has an error code of 0 and an empty error string.</t>
      </section>
      <section anchor="WT_DRAIN_SESSION_CAPSULE">
        <name>WT_DRAIN_SESSION Capsule</name>
        <t>HTTP/2 uses GOAWAY frames (<xref section="6.8" sectionFormat="of" target="HTTP2"/>) to allow an endpoint to
gracefully stop accepting new streams while still finishing processing of
previously established streams.</t>
        <t>WebTransport over HTTP/2 uses the WT_DRAIN_SESSION capsule defined in
<xref section="4.6" sectionFormat="of" target="WEBTRANSPORT-H3"/> to gracefully shut down a WebTransport
session.</t>
        <figure anchor="fig-wt_drain_session">
          <name>WT_DRAIN_SESSION Capsule Format</name>
          <artwork><![CDATA[
WT_DRAIN_SESSION Capsule {
  Type (i) = WT_DRAIN_SESSION,
  Length (i) = 0
}
]]></artwork>
        </figure>
        <t>After sending or receiving either a WT_DRAIN_SESSION capsule or HTTP/2 GOAWAY
frame, an endpoint MAY continue using the session and MAY open new WebTransport
streams. The signal is intended for the application using WebTransport, which is
expected to attempt to gracefully terminate the session as soon as possible.</t>
      </section>
      <section anchor="capsule-ordering-and-reliability">
        <name>Capsule Ordering and Reliability</name>
        <t>The use of an ordered and reliable transport means that a receiver does not need
to tolerate capsules that arrive out of order. This differs from QUIC in that a
receiver is required to treat the arrival of out of order frames rather than
being tolerant.</t>
        <t>For an intermediary that forwards from a transport with independently reliable
and ordered streams (like <xref target="WEBTRANSPORT-H3"/>) to a transport that multiplexes
over a single in-order stream (like this protocol), it is necessary to maintain
state for streams. A simple forwarding intermediary that
directly translates one type of protocol unit into another without understanding
the underlying state might cause a receiver to abort the session.</t>
        <t>For instance, as QUIC uses an unreliable transport, a QUIC RESET_STREAM frame
might be sent multiple times. If a RESET_STREAM frame is forwarded as a
<iref item="WT_RESET_STREAM"/><xref target="WT_RESET_STREAM" format="none">WT_RESET_STREAM</xref> capsule, forwarding another RESET_STREAM as a <iref item="WT_RESET_STREAM"/><xref target="WT_RESET_STREAM" format="none">WT_RESET_STREAM</xref>
or a STREAM frame as a <iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref> on the same stream will cause the receiving
endpoint to signal a WT_STREAM_STATE_ERROR (see <xref target="WT_RESET_STREAM"/> and
<xref target="WT_STREAM"/>).</t>
      </section>
    </section>
    <section anchor="requirements-on-tls-usage">
      <name>Requirements on TLS Usage</name>
      <t>Because TLS keying material exporters are only secure for authentication when
they are uniquely bound to the TLS session <xref target="RFC7627"/>, WebTransport requires
either one of the following conditions:</t>
      <ul spacing="normal">
        <li>
          <t>The TLS version in use is greater than or equal to 1.3 <xref target="TLS"/>.</t>
        </li>
        <li>
          <t>The TLS version in use is 1.2, and the extended master secret extension
<xref target="RFC7627"/> has been negotiated.</t>
        </li>
      </ul>
      <t>Clients MUST NOT send WebTransport over HTTP/2 requests on connections that do
not meet one of the two conditions above. If a server receives a WebTransport
over HTTP/2 request on a connection that meets neither, the server MUST treat
the request as malformed, as specified in <xref section="8.1.1" sectionFormat="of" target="HTTP2"/>.</t>
    </section>
    <section anchor="examples">
      <name>Examples</name>
      <t>An example of negotiating a WebTransport Stream on an HTTP/2 connection follows.
This example is intended to closely follow the example in
<xref section="5.1" sectionFormat="of" target="RFC8441"/> to help illustrate the differences defined in this
document.</t>
      <artwork><![CDATA[
[[ From Client ]]                   [[ From Server ]]

SETTINGS

                                    SETTINGS
                                    SETTINGS_ENABLE_CONNECT_PROTOCOL = 1

HEADERS + END_HEADERS
Stream ID = 3
:method = CONNECT
:protocol = webtransport
:scheme = https
:path = /
:authority = server.example.com
origin: server.example.com

                                    HEADERS + END_HEADERS
                                    Stream ID = 3
                                    :status = 200

WT_STREAM
Stream ID = 0
WebTransport Data

                                    WT_STREAM + FIN
                                    Stream ID = 0
                                    WebTransport Data

WT_STREAM + FIN
Stream ID = 0
WebTransport Data
]]></artwork>
      <t>An example of the server initiating a WebTransport Stream follows. The only
difference here is the endpoint that sends the first <iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref> capsule.</t>
      <artwork><![CDATA[
[[ From Client ]]                   [[ From Server ]]

SETTINGS

                                    SETTINGS
                                    SETTINGS_ENABLE_CONNECT_PROTOCOL = 1

HEADERS + END_HEADERS
Stream ID = 3
:method = CONNECT
:protocol = webtransport
:scheme = https
:path = /
:authority = server.example.com
origin: server.example.com
                                    HEADERS + END_HEADERS
                                    Stream ID = 3
                                    :status = 200

                                    WT_STREAM
                                    Stream ID = 1
                                    WebTransport Data

WT_STREAM + FIN
Stream ID = 1
WebTransport Data

                                    WT_STREAM + FIN
                                    Stream ID = 1
                                    WebTransport Data
]]></artwork>
    </section>
    <section anchor="considerations-for-future-versions">
      <name>Considerations for Future Versions</name>
      <t>Future versions of WebTransport that change the syntax of the CONNECT requests
used to establish WebTransport sessions will need to modify the upgrade token
used to identify WebTransport, allowing servers to offer multiple versions
simultaneously (<xref section="9.1" sectionFormat="of" target="WEBTRANSPORT-H3"/>).</t>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>WebTransport over HTTP/2 satisfies all of the security requirements imposed by
<xref target="OVERVIEW"/> on WebTransport protocols, thus providing a secure framework for
client-server communication in cases when the client is potentially untrusted.</t>
      <t>WebTransport over HTTP/2 requires explicit opt-in through the use of HTTP
SETTINGS; this avoids potential protocol confusion attacks by ensuring the
HTTP/2 server explicitly supports it. It also requires the use of the Origin
header, providing the server with the ability to deny access to Web-based
clients that do not originate from a trusted origin.</t>
      <t>Just like HTTP traffic going over HTTP/2, WebTransport pools traffic to
different origins within a single connection. Different origins imply different
trust domains, meaning that the implementations have to treat each transport as
potentially hostile towards others on the same connection. One potential attack
is a resource exhaustion attack: since all of the transports share both
congestion control and flow control context, a single client aggressively using
up those resources can cause other transports to stall. The user agent thus
SHOULD implement a fairness scheme that ensures that each transport within
connection gets a reasonable share of controlled resources; this applies both to
sending data and to opening new streams.</t>
      <t>An application could attempt to exhaust resources by opening too many
WebTransport sessions at once.  In cases when the application is untrusted, a
WebTransport client SHOULD limit the number of outgoing sessions it will open.</t>
      <t>Note that the security considerations of HTTP/2 <xref target="HTTP2"/> apply to WebTransport
over HTTP/2.  In particular, the denial-of-service considerations in
<xref section="10.5" sectionFormat="of" target="HTTP2"/> are relevant.  WebTransport extends HTTP/2 with
additional features that have legitimate uses but can become a burden when they
are used unnecessarily or to excess.</t>
      <t>Once a WebTransport session is established on an HTTP/2 stream, there are new
interaction modes that permit either endpoint to send WebTransport streams and
datagrams to its peer.  This is particularly novel for clients, which previously
had limited exposure to unsolicited server-initiated traffic beyond server push
(see <xref section="8.4" sectionFormat="of" target="HTTP2"/>).  An endpoint that does not monitor use of these
features exposes itself to a risk of denial-of-service attack.  Implementations
track the use of WebTransport features, such as the number of incoming streams
and datagrams, and set limits on their use as described in <xref target="flow-control"/>.  An
endpoint MAY treat activity that is suspicious as a stream error or choose to
close the connection.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document registers an upgrade token (<xref target="upgrade-token"/>), new HTTP/2
settings (<xref target="h2-settings"/>), HTTP/2 error codes (<xref target="iana-h2-error"/>), new capsules
(<xref target="iana-capsules"/>), and the <tt>WebTransport-Init</tt> header field (<xref target="iana-header"/>).</t>
      <section anchor="upgrade-token">
        <name>Upgrade Token Registration</name>
        <t>The following entry is added to the "Hypertext Transfer Protocol (HTTP) Upgrade
Token Registry" registry established by Section 16.7 of <xref target="HTTP"/>.</t>
        <t>The "webtransport" label identifies HTTP/2 used as a protocol for WebTransport:</t>
        <dl>
          <dt>Value:</dt>
          <dd>
            <t>webtransport</t>
          </dd>
          <dt>Description:</dt>
          <dd>
            <t>WebTransport over HTTP/2</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document</t>
          </dd>
        </dl>
      </section>
      <section anchor="h2-settings">
        <name>HTTP/2 SETTINGS Parameter Registration</name>
        <t>The following entries are added to the "HTTP/2 Settings" registry established by
<xref target="HTTP2"/>:</t>
        <t anchor="SETTINGS_WT_ENABLED">The SETTINGS_WT_ENABLED parameter indicates that the endpoint supports
WebTransport over HTTP/2.  The default value for the SETTINGS_WT_ENABLED
parameter is "0", meaning that the endpoint does not support WebTransport.</t>
        <dl>
          <dt>Setting Name:</dt>
          <dd>
            <t>SETTINGS_WT_ENABLED</t>
          </dd>
          <dt>Code:</dt>
          <dd>
            <t>0x2b60</t>
          </dd>
          <dt>Initial Value:</dt>
          <dd>
            <t>0</t>
          </dd>
          <dt>Specification:</dt>
          <dd>
            <t><xref target="setting"/></t>
          </dd>
        </dl>
        <t anchor="SETTINGS_WT_INITIAL_MAX_DATA">The <iref item="SETTINGS_WT_INITIAL_MAX_DATA"/><xref target="SETTINGS_WT_INITIAL_MAX_DATA" format="none">SETTINGS_WT_INITIAL_MAX_DATA</xref> parameter indicates the initial value for the
session data limit, otherwise communicated by the <iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref> capsule
(<xref target="WT_MAX_DATA"/>).  The default value for the <iref item="SETTINGS_WT_INITIAL_MAX_DATA"/><xref target="SETTINGS_WT_INITIAL_MAX_DATA" format="none">SETTINGS_WT_INITIAL_MAX_DATA</xref>
parameter is "0", indicating that the endpoint needs to send a <iref item="WT_MAX_DATA"/><xref target="WT_MAX_DATA" format="none">WT_MAX_DATA</xref>
capsule within each session before its peer is allowed to send any stream data
within that session.</t>
        <t>Note that this limit applies to all WebTransport sessions that use the HTTP/2
connection on which this SETTING is sent.</t>
        <dl>
          <dt>Setting Name:</dt>
          <dd>
            <t><iref item="SETTINGS_WT_INITIAL_MAX_DATA"/><xref target="SETTINGS_WT_INITIAL_MAX_DATA" format="none">SETTINGS_WT_INITIAL_MAX_DATA</xref></t>
          </dd>
          <dt>Code:</dt>
          <dd>
            <t>0x2b61</t>
          </dd>
          <dt>Initial Value:</dt>
          <dd>
            <t>0</t>
          </dd>
          <dt>Specification:</dt>
          <dd>
            <t>This document</t>
          </dd>
        </dl>
        <t anchor="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_UNI">The <iref item="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_UNI"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_UNI" format="none">SETTINGS_WT_INITIAL_MAX_STREAM_DATA_UNI</xref> parameter indicates the initial
value for the stream data limit for incoming unidirectional streams, otherwise
communicated by the <iref item="WT_MAX_STREAM_DATA"/><xref target="WT_MAX_STREAM_DATA" format="none">WT_MAX_STREAM_DATA</xref> capsule (<xref target="WT_MAX_STREAM_DATA"/>).  The
default value for the <iref item="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_UNI"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_UNI" format="none">SETTINGS_WT_INITIAL_MAX_STREAM_DATA_UNI</xref> parameter is "0",
indicating that the endpoint needs to send <iref item="WT_MAX_STREAM_DATA"/><xref target="WT_MAX_STREAM_DATA" format="none">WT_MAX_STREAM_DATA</xref> capsules for each
stream within each individual WebTransport session before its peer is allowed to
send any stream data on those streams.</t>
        <t>Note that this limit applies to all WebTransport streams on all sessions that
use the HTTP/2 connection on which this SETTING is sent.</t>
        <dl>
          <dt>Setting Name:</dt>
          <dd>
            <t><iref item="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_UNI"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_UNI" format="none">SETTINGS_WT_INITIAL_MAX_STREAM_DATA_UNI</xref></t>
          </dd>
          <dt>Code:</dt>
          <dd>
            <t>0x2b62</t>
          </dd>
          <dt>Initial Value:</dt>
          <dd>
            <t>0</t>
          </dd>
          <dt>Specification:</dt>
          <dd>
            <t>This document</t>
          </dd>
        </dl>
        <t anchor="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL">The <iref item="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL" format="none">SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL</xref> parameter indicates the
initial value for the stream data limit for incoming data on bidirectional
streams initiated by the sender of this setting, otherwise communicated by the
<iref item="WT_MAX_STREAM_DATA"/><xref target="WT_MAX_STREAM_DATA" format="none">WT_MAX_STREAM_DATA</xref> capsule (<xref target="WT_MAX_STREAM_DATA"/>).  The default value for the
<iref item="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL" format="none">SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL</xref> parameter is "0", indicating
that the endpoint needs to send <iref item="WT_MAX_STREAM_DATA"/><xref target="WT_MAX_STREAM_DATA" format="none">WT_MAX_STREAM_DATA</xref> capsules for each stream
within each individual WebTransport session before its peer is allowed to send
any stream data on those streams.</t>
        <t>Note that this limit applies to all WebTransport streams on all sessions that
use the HTTP/2 connection on which this SETTING is sent.</t>
        <dl>
          <dt>Setting Name:</dt>
          <dd>
            <t><iref item="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL" format="none">SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL</xref></t>
          </dd>
          <dt>Code:</dt>
          <dd>
            <t>0x2b63</t>
          </dd>
          <dt>Initial Value:</dt>
          <dd>
            <t>0</t>
          </dd>
          <dt>Specification:</dt>
          <dd>
            <t>This document</t>
          </dd>
        </dl>
        <t anchor="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE">The <iref item="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE" format="none">SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE</xref> parameter indicates the
initial value for the stream data limit for incoming data on bidirectional
streams initiated by the receiver of this setting, otherwise communicated by
the <iref item="WT_MAX_STREAM_DATA"/><xref target="WT_MAX_STREAM_DATA" format="none">WT_MAX_STREAM_DATA</xref> capsule (<xref target="WT_MAX_STREAM_DATA"/>).  The default value for
the <iref item="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE" format="none">SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE</xref> parameter is "0",
indicating that the endpoint needs to send <iref item="WT_MAX_STREAM_DATA"/><xref target="WT_MAX_STREAM_DATA" format="none">WT_MAX_STREAM_DATA</xref> capsules for each
stream within each individual WebTransport session before its peer is allowed
to send any stream data on those streams.</t>
        <t>Note that this limit applies to all WebTransport streams on all sessions that
use the HTTP/2 connection on which this SETTING is sent.</t>
        <dl>
          <dt>Setting Name:</dt>
          <dd>
            <t><iref item="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE" format="none">SETTINGS_WT_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE</xref></t>
          </dd>
          <dt>Code:</dt>
          <dd>
            <t>0x2b66</t>
          </dd>
          <dt>Initial Value:</dt>
          <dd>
            <t>0</t>
          </dd>
          <dt>Specification:</dt>
          <dd>
            <t>This document</t>
          </dd>
        </dl>
        <t anchor="SETTINGS_WT_INITIAL_MAX_STREAMS_UNI">The <iref item="SETTINGS_WT_INITIAL_MAX_STREAMS_UNI"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAMS_UNI" format="none">SETTINGS_WT_INITIAL_MAX_STREAMS_UNI</xref> parameter indicates the initial value
for the unidirectional max stream limit, otherwise communicated by the
<iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsule (<xref target="WT_MAX_STREAMS"/>).  The default value for the
<iref item="SETTINGS_WT_INITIAL_MAX_STREAMS_UNI"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAMS_UNI" format="none">SETTINGS_WT_INITIAL_MAX_STREAMS_UNI</xref> parameter is "0", indicating that the
endpoint needs to send <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsules on each individual WebTransport
session before its peer is allowed to create any unidirectional streams within
that session.</t>
        <t>Note that this limit applies to all WebTransport sessions that use the HTTP/2
connection on which this SETTING is sent.</t>
        <dl>
          <dt>Setting Name:</dt>
          <dd>
            <t><iref item="SETTINGS_WT_INITIAL_MAX_STREAMS_UNI"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAMS_UNI" format="none">SETTINGS_WT_INITIAL_MAX_STREAMS_UNI</xref></t>
          </dd>
          <dt>Code:</dt>
          <dd>
            <t>0x2b64</t>
          </dd>
          <dt>Initial Value:</dt>
          <dd>
            <t>0</t>
          </dd>
          <dt>Specification:</dt>
          <dd>
            <t>This document</t>
          </dd>
        </dl>
        <t anchor="SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI">The <iref item="SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI" format="none">SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI</xref> parameter indicates the initial value
for the bidirectional max stream limit, otherwise communicated by the
<iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsule (<xref target="WT_MAX_STREAMS"/>).  The default value for the
<iref item="SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI" format="none">SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI</xref> parameter is "0", indicating that the
endpoint needs to send <iref item="WT_MAX_STREAMS"/><xref target="WT_MAX_STREAMS" format="none">WT_MAX_STREAMS</xref> capsules on each individual WebTransport
session before its peer is allowed to create any bidirectional streams within
that session.</t>
        <t>Note that this limit applies to all WebTransport sessions that use the HTTP/2
connection on which this SETTING is sent.</t>
        <dl>
          <dt>Setting Name:</dt>
          <dd>
            <t><iref item="SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI"/><xref target="SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI" format="none">SETTINGS_WT_INITIAL_MAX_STREAMS_BIDI</xref></t>
          </dd>
          <dt>Code:</dt>
          <dd>
            <t>0x2b65</t>
          </dd>
          <dt>Initial Value:</dt>
          <dd>
            <t>0</t>
          </dd>
          <dt>Specification:</dt>
          <dd>
            <t>This document</t>
          </dd>
        </dl>
      </section>
      <section anchor="iana-h2-error">
        <name>HTTP/2 Error Code Registration</name>
        <t>The following entries are added to the "HTTP/2 Error Code" registry established
by <xref target="HTTP2"/>:</t>
        <t>For WT_ERROR:</t>
        <dl>
          <dt>Code:</dt>
          <dd>
            <t>0xTBD</t>
          </dd>
          <dt>Name:</dt>
          <dd>
            <t>WT_ERROR</t>
          </dd>
          <dt>Description:</dt>
          <dd>
            <t>General WebTransport error detected</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t><xref target="errors"/></t>
          </dd>
        </dl>
        <t>For WT_STREAM_STATE_ERROR:</t>
        <dl>
          <dt>Code:</dt>
          <dd>
            <t>0xTBD</t>
          </dd>
          <dt>Name:</dt>
          <dd>
            <t>WT_STREAM_STATE_ERROR</t>
          </dd>
          <dt>Description:</dt>
          <dd>
            <t>Unexpected WebTransport stream-related capsule received</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t><xref target="errors"/></t>
          </dd>
        </dl>
        <t>For WT_FLOW_CONTROL_ERROR:</t>
        <dl>
          <dt>Code:</dt>
          <dd>
            <t>0xTBD</t>
          </dd>
          <dt>Name:</dt>
          <dd>
            <t>WT_FLOW_CONTROL_ERROR</t>
          </dd>
          <dt>Description:</dt>
          <dd>
            <t>A flow control error occurred</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t><xref target="errors"/></t>
          </dd>
        </dl>
      </section>
      <section anchor="iana-capsules">
        <name>Capsule Types</name>
        <t>The following entries are added to the "HTTP Capsule Types" registry established
by <xref target="HTTP-DATAGRAM"/>:</t>
        <t>The <tt>PADDING</tt> capsule.</t>
        <dl spacing="compact">
          <dt>Value:</dt>
          <dd>
            <t>0x190B4D38</t>
          </dd>
          <dt>Capsule Type:</dt>
          <dd>
            <t><iref item="PADDING"/><xref target="PADDING" format="none">PADDING</xref></t>
          </dd>
          <dt>Status:</dt>
          <dd>
            <t>permanent</t>
          </dd>
          <dt>Specification:</dt>
          <dd>
            <t>This document</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
          <dt>Notes:</dt>
          <dd>
            <t>None</t>
          </dd>
        </dl>
        <t>The <tt>WT_RESET_STREAM</tt> capsule.</t>
        <dl spacing="compact">
          <dt>Value:</dt>
          <dd>
            <t>0x190B4D39</t>
          </dd>
          <dt>Capsule Type:</dt>
          <dd>
            <t><iref item="WT_RESET_STREAM"/><xref target="WT_RESET_STREAM" format="none">WT_RESET_STREAM</xref></t>
          </dd>
          <dt>Status:</dt>
          <dd>
            <t>permanent</t>
          </dd>
          <dt>Specification:</dt>
          <dd>
            <t>This document</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
          <dt>Notes:</dt>
          <dd>
            <t>None</t>
          </dd>
        </dl>
        <t>The <tt>WT_STOP_SENDING</tt> capsule.</t>
        <dl spacing="compact">
          <dt>Value:</dt>
          <dd>
            <t>0x190B4D3A</t>
          </dd>
          <dt>Capsule Type:</dt>
          <dd>
            <t><iref item="WT_STOP_SENDING"/><xref target="WT_STOP_SENDING" format="none">WT_STOP_SENDING</xref></t>
          </dd>
          <dt>Status:</dt>
          <dd>
            <t>permanent</t>
          </dd>
          <dt>Specification:</dt>
          <dd>
            <t>This document</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
          <dt>Notes:</dt>
          <dd>
            <t>None</t>
          </dd>
        </dl>
        <t>The <tt>WT_STREAM</tt> capsule.</t>
        <dl spacing="compact">
          <dt>Value:</dt>
          <dd>
            <t>0x190B4D3B..0x190B4D3C</t>
          </dd>
          <dt>Capsule Type:</dt>
          <dd>
            <t><iref item="WT_STREAM"/><xref target="WT_STREAM" format="none">WT_STREAM</xref></t>
          </dd>
          <dt>Status:</dt>
          <dd>
            <t>permanent</t>
          </dd>
          <dt>Specification:</dt>
          <dd>
            <t>This document</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
          <dt>Notes:</dt>
          <dd>
            <t>None</t>
          </dd>
        </dl>
        <t>The <tt>WT_MAX_STREAM_DATA</tt> capsule.</t>
        <dl spacing="compact">
          <dt>Value:</dt>
          <dd>
            <t>0x190B4D3E</t>
          </dd>
          <dt>Capsule Type:</dt>
          <dd>
            <t><iref item="WT_MAX_STREAM_DATA"/><xref target="WT_MAX_STREAM_DATA" format="none">WT_MAX_STREAM_DATA</xref></t>
          </dd>
          <dt>Status:</dt>
          <dd>
            <t>permanent</t>
          </dd>
          <dt>Specification:</dt>
          <dd>
            <t>This document</t>
          </dd>
          <dt>Change Controller:</dt>
          <dd>
            <t>IETF</t>
          </dd>
          <dt>Contact:</dt>
          <dd>
            <t>WebTransport Working Group <eref target="mailto:webtransport@ietf.org">webtransport@ietf.org</eref></t>
          </dd>
          <dt>Notes:</dt>
          <dd>
            <t>None</t>
          </dd>
        </dl>
      </section>
      <section anchor="iana-header">
        <name>HTTP Header Field Name</name>
        <t>IANA will register the following entry in the "Hypertext Transfer Protocol
(HTTP) Field Name Registry" maintained at
<eref target="https://www.iana.org/assignments/http-fields">https://www.iana.org/assignments/http-fields</eref>:</t>
        <dl>
          <dt>Field Name:</dt>
          <dd>
            <t>WebTransport-Init</t>
          </dd>
          <dt>Structured Type:</dt>
          <dd>
            <t>Dictionary</t>
          </dd>
          <dt>Status:</dt>
          <dd>
            <t>permanent</t>
          </dd>
          <dt>Reference:</dt>
          <dd>
            <t>This document</t>
          </dd>
          <dt>Comments:</dt>
          <dd>
            <t>None</t>
          </dd>
        </dl>
      </section>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="OVERVIEW">
          <front>
            <title>The WebTransport Protocol Framework</title>
            <author fullname="Eric Kinnear" initials="E." surname="Kinnear">
              <organization>Apple Inc.</organization>
            </author>
            <author fullname="Victor Vasiliev" initials="V." surname="Vasiliev">
              <organization>Google</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   The WebTransport Protocol Framework enables clients constrained by
   the Web security model to communicate with a remote server using a
   secure multiplexed transport.  It consists of a set of individual
   protocols that are safe to expose to untrusted applications, combined
   with an abstract model that allows them to be used interchangeably.

   This document defines the overall requirements on the protocols used
   in WebTransport, as well as the common features of the protocols,
   support for some of which may be optional.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-webtrans-overview-12"/>
        </reference>
        <reference anchor="WEBTRANSPORT-H3">
          <front>
            <title>WebTransport over HTTP/3</title>
            <author fullname="Alan Frindell" initials="A." surname="Frindell">
              <organization>Facebook</organization>
            </author>
            <author fullname="Eric Kinnear" initials="E." surname="Kinnear">
              <organization>Apple Inc.</organization>
            </author>
            <author fullname="Victor Vasiliev" initials="V." surname="Vasiliev">
              <organization>Google</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   WebTransport [OVERVIEW] is a protocol framework that enables
   application clients constrained by the Web security model to
   communicate with a remote application server using a secure
   multiplexed transport.  This document describes a WebTransport
   protocol that is based on HTTP/3 [HTTP3] and provides support for
   unidirectional streams, bidirectional streams, and datagrams, all
   multiplexed within the same HTTP/3 connection.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-webtrans-http3-15"/>
        </reference>
        <reference anchor="HTTP">
          <front>
            <title>HTTP Semantics</title>
            <author fullname="R. Fielding" initials="R." role="editor" surname="Fielding"/>
            <author fullname="M. Nottingham" initials="M." role="editor" surname="Nottingham"/>
            <author fullname="J. Reschke" initials="J." role="editor" surname="Reschke"/>
            <date month="June" year="2022"/>
            <abstract>
              <t>The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document describes the overall architecture of HTTP, establishes common terminology, and defines aspects of the protocol that are shared by all versions. In this definition are core protocol elements, extensibility mechanisms, and the "http" and "https" Uniform Resource Identifier (URI) schemes.</t>
              <t>This document updates RFC 3864 and obsoletes RFCs 2818, 7231, 7232, 7233, 7235, 7538, 7615, 7694, and portions of 7230.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="97"/>
          <seriesInfo name="RFC" value="9110"/>
          <seriesInfo name="DOI" value="10.17487/RFC9110"/>
        </reference>
        <reference anchor="HTTP-DATAGRAM">
          <front>
            <title>HTTP Datagrams and the Capsule Protocol</title>
            <author fullname="D. Schinazi" initials="D." surname="Schinazi"/>
            <author fullname="L. Pardue" initials="L." surname="Pardue"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>This document describes HTTP Datagrams, a convention for conveying multiplexed, potentially unreliable datagrams inside an HTTP connection.</t>
              <t>In HTTP/3, HTTP Datagrams can be sent unreliably using the QUIC DATAGRAM extension. When the QUIC DATAGRAM frame is unavailable or undesirable, HTTP Datagrams can be sent using the Capsule Protocol, which is a more general convention for conveying data in HTTP connections.</t>
              <t>HTTP Datagrams and the Capsule Protocol are intended for use by HTTP extensions, not applications.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9297"/>
          <seriesInfo name="DOI" value="10.17487/RFC9297"/>
        </reference>
        <reference anchor="HTTP2">
          <front>
            <title>HTTP/2</title>
            <author fullname="M. Thomson" initials="M." role="editor" surname="Thomson"/>
            <author fullname="C. Benfield" initials="C." role="editor" surname="Benfield"/>
            <date month="June" year="2022"/>
            <abstract>
              <t>This specification describes an optimized expression of the semantics of the Hypertext Transfer Protocol (HTTP), referred to as HTTP version 2 (HTTP/2). HTTP/2 enables a more efficient use of network resources and a reduced latency by introducing field compression and allowing multiple concurrent exchanges on the same connection.</t>
              <t>This document obsoletes RFCs 7540 and 8740.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9113"/>
          <seriesInfo name="DOI" value="10.17487/RFC9113"/>
        </reference>
        <reference anchor="ORIGIN">
          <front>
            <title>The Web Origin Concept</title>
            <author fullname="A. Barth" initials="A." surname="Barth"/>
            <date month="December" year="2011"/>
            <abstract>
              <t>This document defines the concept of an "origin", which is often used as the scope of authority or privilege by user agents. Typically, user agents isolate content retrieved from different origins to prevent malicious web site operators from interfering with the operation of benign web sites. In addition to outlining the principles that underlie the concept of origin, this document details how to determine the origin of a URI and how to serialize an origin into a string. It also defines an HTTP header field, named "Origin", that indicates which origins are associated with an HTTP request. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6454"/>
          <seriesInfo name="DOI" value="10.17487/RFC6454"/>
        </reference>
        <reference anchor="PARTIAL-RESET">
          <front>
            <title>QUIC Stream Resets with Partial Delivery</title>
            <author fullname="Marten Seemann" initials="M." surname="Seemann">
         </author>
            <author fullname="Kazuho Oku" initials="K." surname="Oku">
              <organization>Fastly</organization>
            </author>
            <date day="4" month="July" year="2026"/>
            <abstract>
              <t>   QUIC defines a RESET_STREAM frame to abort sending on a stream.  When
   a sender resets a stream, it also stops retransmitting STREAM frames
   for this stream in the event of packet loss.  On the receiving side,
   there is no guarantee that any data sent on that stream is delivered.

   This document defines a new QUIC frame, the RESET_STREAM_AT frame,
   that allows resetting a stream, while guaranteeing delivery of stream
   data up to a certain byte offset.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-quic-reliable-stream-reset-09"/>
        </reference>
        <reference anchor="TLS">
          <front>
            <title>The Transport Layer Security (TLS) Protocol Version 1.3</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <date month="August" year="2018"/>
            <abstract>
              <t>This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
              <t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8446"/>
          <seriesInfo name="DOI" value="10.17487/RFC8446"/>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
        <reference anchor="RFC8441">
          <front>
            <title>Bootstrapping WebSockets with HTTP/2</title>
            <author fullname="P. McManus" initials="P." surname="McManus"/>
            <date month="September" year="2018"/>
            <abstract>
              <t>This document defines a mechanism for running the WebSocket Protocol (RFC 6455) over a single stream of an HTTP/2 connection.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8441"/>
          <seriesInfo name="DOI" value="10.17487/RFC8441"/>
        </reference>
        <reference anchor="RFC6585">
          <front>
            <title>Additional HTTP Status Codes</title>
            <author fullname="M. Nottingham" initials="M." surname="Nottingham"/>
            <author fullname="R. Fielding" initials="R." surname="Fielding"/>
            <date month="April" year="2012"/>
            <abstract>
              <t>This document specifies additional HyperText Transfer Protocol (HTTP) status codes for a variety of common situations. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6585"/>
          <seriesInfo name="DOI" value="10.17487/RFC6585"/>
        </reference>
        <reference anchor="RFC8941">
          <front>
            <title>Structured Field Values for HTTP</title>
            <author fullname="M. Nottingham" initials="M." surname="Nottingham"/>
            <author fullname="P-H. Kamp" surname="P-H. Kamp"/>
            <date month="February" year="2021"/>
            <abstract>
              <t>This document describes a set of data types and associated algorithms that are intended to make it easier and safer to define and handle HTTP header and trailer fields, known as "Structured Fields", "Structured Headers", or "Structured Trailers". It is intended for use by specifications of new HTTP fields that wish to use a common syntax that is more restrictive than traditional HTTP field values.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8941"/>
          <seriesInfo name="DOI" value="10.17487/RFC8941"/>
        </reference>
        <reference anchor="RFC9000">
          <front>
            <title>QUIC: A UDP-Based Multiplexed and Secure Transport</title>
            <author fullname="J. Iyengar" initials="J." role="editor" surname="Iyengar"/>
            <author fullname="M. Thomson" initials="M." role="editor" surname="Thomson"/>
            <date month="May" year="2021"/>
            <abstract>
              <t>This document defines the core of the QUIC transport protocol. QUIC provides applications with flow-controlled streams for structured communication, low-latency connection establishment, and network path migration. QUIC includes security measures that ensure confidentiality, integrity, and availability in a range of deployment circumstances. Accompanying documents describe the integration of TLS for key negotiation, loss detection, and an exemplary congestion control algorithm.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9000"/>
          <seriesInfo name="DOI" value="10.17487/RFC9000"/>
        </reference>
        <reference anchor="RFC9113">
          <front>
            <title>HTTP/2</title>
            <author fullname="M. Thomson" initials="M." role="editor" surname="Thomson"/>
            <author fullname="C. Benfield" initials="C." role="editor" surname="Benfield"/>
            <date month="June" year="2022"/>
            <abstract>
              <t>This specification describes an optimized expression of the semantics of the Hypertext Transfer Protocol (HTTP), referred to as HTTP version 2 (HTTP/2). HTTP/2 enables a more efficient use of network resources and a reduced latency by introducing field compression and allowing multiple concurrent exchanges on the same connection.</t>
              <t>This document obsoletes RFCs 7540 and 8740.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9113"/>
          <seriesInfo name="DOI" value="10.17487/RFC9113"/>
        </reference>
        <reference anchor="RFC7627">
          <front>
            <title>Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension</title>
            <author fullname="K. Bhargavan" initials="K." role="editor" surname="Bhargavan"/>
            <author fullname="A. Delignat-Lavaud" initials="A." surname="Delignat-Lavaud"/>
            <author fullname="A. Pironti" initials="A." surname="Pironti"/>
            <author fullname="A. Langley" initials="A." surname="Langley"/>
            <author fullname="M. Ray" initials="M." surname="Ray"/>
            <date month="September" year="2015"/>
            <abstract>
              <t>The Transport Layer Security (TLS) master secret is not cryptographically bound to important session parameters such as the server certificate. Consequently, it is possible for an active attacker to set up two sessions, one with a client and another with a server, such that the master secrets on the two sessions are the same. Thereafter, any mechanism that relies on the master secret for authentication, including session resumption, becomes vulnerable to a man-in-the-middle attack, where the attacker can simply forward messages back and forth between the client and server. This specification defines a TLS extension that contextually binds the master secret to a log of the full handshake that computes it, thus preventing such attacks.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7627"/>
          <seriesInfo name="DOI" value="10.17487/RFC7627"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="DATAGRAM">
          <front>
            <title>An Unreliable Datagram Extension to QUIC</title>
            <author fullname="T. Pauly" initials="T." surname="Pauly"/>
            <author fullname="E. Kinnear" initials="E." surname="Kinnear"/>
            <author fullname="D. Schinazi" initials="D." surname="Schinazi"/>
            <date month="March" year="2022"/>
            <abstract>
              <t>This document defines an extension to the QUIC transport protocol to add support for sending and receiving unreliable datagrams over a QUIC connection.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9221"/>
          <seriesInfo name="DOI" value="10.17487/RFC9221"/>
        </reference>
        <reference anchor="HTTP3">
          <front>
            <title>HTTP/3</title>
            <author fullname="M. Bishop" initials="M." role="editor" surname="Bishop"/>
            <date month="June" year="2022"/>
            <abstract>
              <t>The QUIC transport protocol has several features that are desirable in a transport for HTTP, such as stream multiplexing, per-stream flow control, and low-latency connection establishment. This document describes a mapping of HTTP semantics over QUIC. This document also identifies HTTP/2 features that are subsumed by QUIC and describes how HTTP/2 extensions can be ported to HTTP/3.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9114"/>
          <seriesInfo name="DOI" value="10.17487/RFC9114"/>
        </reference>
        <reference anchor="QUIC">
          <front>
            <title>QUIC: A UDP-Based Multiplexed and Secure Transport</title>
            <author fullname="J. Iyengar" initials="J." role="editor" surname="Iyengar"/>
            <author fullname="M. Thomson" initials="M." role="editor" surname="Thomson"/>
            <date month="May" year="2021"/>
            <abstract>
              <t>This document defines the core of the QUIC transport protocol. QUIC provides applications with flow-controlled streams for structured communication, low-latency connection establishment, and network path migration. QUIC includes security measures that ensure confidentiality, integrity, and availability in a range of deployment circumstances. Accompanying documents describe the integration of TLS for key negotiation, loss detection, and an exemplary congestion control algorithm.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9000"/>
          <seriesInfo name="DOI" value="10.17487/RFC9000"/>
        </reference>
        <reference anchor="RFC7301">
          <front>
            <title>Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension</title>
            <author fullname="S. Friedl" initials="S." surname="Friedl"/>
            <author fullname="A. Popov" initials="A." surname="Popov"/>
            <author fullname="A. Langley" initials="A." surname="Langley"/>
            <author fullname="E. Stephan" initials="E." surname="Stephan"/>
            <date month="July" year="2014"/>
            <abstract>
              <t>This document describes a Transport Layer Security (TLS) extension for application-layer protocol negotiation within the TLS handshake. For instances in which multiple application protocols are supported on the same TCP or UDP port, this extension allows the application layer to negotiate which protocol will be used within the TLS connection.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7301"/>
          <seriesInfo name="DOI" value="10.17487/RFC7301"/>
        </reference>
        <reference anchor="RFC9220">
          <front>
            <title>Bootstrapping WebSockets with HTTP/3</title>
            <author fullname="R. Hamilton" initials="R." surname="Hamilton"/>
            <date month="June" year="2022"/>
            <abstract>
              <t>The mechanism for running the WebSocket Protocol over a single stream of an HTTP/2 connection is equally applicable to HTTP/3, but the HTTP-version-specific details need to be specified. This document describes how the mechanism is adapted for HTTP/3.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9220"/>
          <seriesInfo name="DOI" value="10.17487/RFC9220"/>
        </reference>
        <reference anchor="RFC9729">
          <front>
            <title>The Concealed HTTP Authentication Scheme</title>
            <author fullname="D. Schinazi" initials="D." surname="Schinazi"/>
            <author fullname="D. Oliver" initials="D." surname="Oliver"/>
            <author fullname="J. Hoyland" initials="J." surname="Hoyland"/>
            <date month="February" year="2025"/>
            <abstract>
              <t>Most HTTP authentication schemes are probeable in the sense that it is possible for an unauthenticated client to probe whether an origin serves resources that require authentication. It is possible for an origin to hide the fact that it requires authentication by not generating Unauthorized status codes; however, that only works with non-cryptographic authentication schemes: cryptographic signatures require a fresh nonce to be signed. Prior to this document, there was no existing way for the origin to share such a nonce without exposing the fact that it serves resources that require authentication. This document defines a new non-probeable cryptographic authentication scheme.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9729"/>
          <seriesInfo name="DOI" value="10.17487/RFC9729"/>
        </reference>
      </references>
    </references>
    <?line 1747?>

<section anchor="use-with-other-http-versions">
      <name>Use with Other HTTP Versions</name>
      <t>While this document defines WebTransport negotiation and session establishment
in terms of HTTP/2, the capsule-based mechanisms described here rely on generic
HTTP semantics and the Capsule Protocol <xref target="HTTP-DATAGRAM"/>, and can generally be
used over any HTTP version that supports these features.</t>
      <t>The primary HTTP-version-specific aspects of this protocol are the use of
Extended CONNECT for session establishment and the use of HTTP SETTINGS for
exchanging initial flow control limits (<xref target="flow-control-settings"/>).</t>
      <t>Extended CONNECT is defined for HTTP/2 in <xref target="RFC8441"/> and for HTTP/3 in
<xref target="RFC9220"/>.  Other HTTP versions that support Extended CONNECT can use the
"webtransport" upgrade token (<xref target="upgrade-token"/>) to establish capsule-based
WebTransport sessions.</t>
      <t>The flow control SETTINGS defined in this document use the same codepoints
across HTTP versions, but their behavior differs.  HTTP/2 allows SETTINGS to be
updated during the lifetime of a connection with acknowledgment-based
synchronization, while HTTP/3 SETTINGS are sent only once and are fixed for the
connection lifetime.  The <tt>WebTransport-Init</tt> header field
(<xref target="flow-control-header"/>) can be used to provide per-session initial flow
control limits regardless of HTTP version.</t>
      <t>When a version-specific WebTransport protocol exists for a given HTTP version,
endpoints SHOULD prefer it over the capsule-based protocol defined here.  For
example, WebTransport over HTTP/3 <xref target="WEBTRANSPORT-H3"/> provides stream
independence and unreliable datagram delivery by using native QUIC streams and
datagrams, which are not available when using the capsule-based protocol over a
single HTTP/3 stream.</t>
    </section>
    <section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>Thanks to Anthony Chivetta, Eric Gorbaty, Ankshit Jain, Joshua Otto, and
Valentin Pistol for their contributions in the design and implementation of this
work. The requirements on TLS usage were inspired by <xref target="RFC9729"/>.</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA+19a3fbVnbo9/MrUPlD5ZSk9bITKzPtyJKcqLUtX1GO2zsr
ywZJUERNAhwAlMTxcn/73a/zxAElOcnMpOvOWm0sEDiPffbZ70e/31dN3syz
w2TrfTa6rNKiXpZVk5TXWZX8eHn59snelkpHoyq7Dl7p/wi/TMpxkS7g60mV
Tpt+njXT/k02avCl/qxplnv93aeqWC1GWXWoJmmTHapxWdRZUa/qw6SpVpmC
gffVGH66Kqv1YVI3E5VWWcrTJWkxSc6KJquKrEnM5Fvq5uoweX/64vLi6M1Q
XWfFCkZOkquqXC2DhW7B82a9pC2W1ae8uEp+wNfw+SLN5/BcLxlf/xNuYlBW
V/h7Wo1n8DvupD588gRfx0f5dTbQrz3BB09GVXlTZ0/cgZ7gAFd5M1uNYAgG
zZWBzpNOiOFncwBH3Tgzh58PeOBBXnYP9OTRVTno/HUwaxbzLfUpW9+U1QSB
10/c5at01czKin6A/0uSvIATOxokL6u8mGTzOT3k0z+ap4X/HACTFvlf0yYv
i8Pkddak9DhjgKdTfPdP09FgXC78CU4HyX/kRZGllTP+aZWPvccwPMy6XM4z
QI7xgJ7VTZVlALPzIpOf3qbVp+R9uqafx3kD2HW8WmZVkxdlLzlO5/m0rIo8
TZ4/3dk94LfKVdEgGr4r8iabJMMGTyIpp8nRIoNVeNvIPvGS/pTidO29XA5g
Cav52tnJZblYrJ2n/xgbaZa4oK5tvB4kl7NyUZeFs5HXKc7u/UB7eV3+NZ/P
vdEXzZ/m5U0GyymX6wHcY3/4nwbJT2mdz/Ps2hn/p3zclJX/i49UP5Tl1Txz
J7rGl6+v/3RFv7Q38sMg+c88cyb5YVXerMyzzTh7U5YaYVVRVgt47ZpozvlP
pxc/nZ2+P0zO+icD/6YhGb3Osxt4TROrt+cXl/0f92Nv473ch1eR7h4mFy+P
n+/u7sjf/ZOjy6MfLo5e8w97z7+VH/b0m/jl+cXZD2dv6Mmzg6eICW+PLi7P
jl71L06Hp5fOpH9Z5eN+lc3zdDTP+ohy6QL+rul0Ll8NaYzvDg6eKZUXU3e/
wUL2dmUh+3ohOO3/eXd2zH/v7Owo1e/3k3QEs6TjRimP00yyaV4AZqYJzI34
CbjSn2fX2RxweLFYFYCreCJ1Ms3SZgVLhE/q/KoApIZ1qTGgR9H0awA0sKwc
WQVMQh80s7QBEp7B07zJU7wGo3WCXIU/qgew1VkOA5bj1QIeKBh5XOUjWs6y
KptyXM55mDFQOHhynU8yeJDB38t0BKjZ5Hyr3D0ph3vqKcxoWYEQr2mQVZ2F
3yY3s6yA2d+dvO2P0jqbKPMljFKUsKFr5EIwxoDhusgnE7gH6hHyyaqcrGj3
AZQ/f9Zo+uULDmRA2JRmW1dZgZTBB7vyNgpvO+BjyOAmaK/7MAshwpcvtGvz
2ION2c7nz8GVgJWlczj92p+jpBkQoeAT/A+8p1FB1avxLEnrhBEYTqJKQMpI
ryr84/Nnjau0oh+BCMHB9BD0gBSIGHW5yFRWXOdVWSxouhv6jWaDI0d4jzKA
1nJerrMJQNzDFwd5fWwRkNa4ITxhwpgSBp6uCkHOcuqf0KpGyQQhBhdhkRZN
Pq4HjDt5MZ6vcDQ4lUleZTRCOteb7qlR9DHJTgYasPYX6wRu/BrnKYv5Gv6f
OXN/XgSRi7OI/A4YSDpUi9W8yZE70bfwpMZ9hVfKgKgA+Q4vIbyE91auh6DM
3pcvKuU7MV5VFX63KOuGUBHevzyWy5BMAaCjdPwJ0YKxCyY8K+ggYZl1RmvP
VJ3S38t6BdSNP/V2k87rEre0qmU7MloPkUlTgQlAXn3+PGTIJnuD3cEe3dcQ
bwG2jx4ll1m1AIY8L6/WiCdZIrJVnWy9fje83Orxf5M35/Tvi1PAsovTE/z3
8MejV6/MP/Qbwx/P372C35X8y355fP769embE/4YnibBo9dH/7XF5791/vby
7PzN0ast2AwdqzJHgzegITAQ2VxWGZLIAADJi+O3ye4BHNQ/ATnf2919DveP
//hu99sDODikWDwZYRX/CYewTkCgAPEIB8F7AMeRNwB4gnE9K2+KBC9b61JN
S6YCjYWnYBGtxx6IHIelbAP/SjFPqGlpgm7mEWx9ktcgwlyt8noGIzNNgFlv
SnhrmVbAL1RVAqkGebXwv5elkUQlP4BWU/CyYH83sxzuReoTPs2hcD0ImblQ
WGFT43G2bOok2EBd84j4c424eg1SXloobzm9ZFnCiyMAfjMD1eZqlvw1q0ok
houyktNdZJM8rYCIA7yP/AUwqcWVwXWo+kK8JkRMkRGXS/fpuJxkPYB7kxUK
ZcxVDVjTM7yAbzFNOU3HyN+mAFnivPiDtz+ZuCmV5TlZcgOqTQgj3qiwlfYP
ZmJ1v4n1MZYCdySx5QIJY3BkDH+838lbTT/OtVDXgW0I8QnsK5/mPL2gzzB5
d3HG10sjs0NdDgZ7jM74KpGU9yQJFG0Mw5MC9RBkAEJdumx6S6BaA8FJFUh7
l2dvfhh+eH/54fTN0YtXpycoYCHCC4BBXJ6vSP7Y2t1CUIBKxgeAR6ly2NFq
iTsLkNITbt6U8j7Tbj7PSQmcGVlnkbGEgYuCnaxlSncumYNYgjvN91oAUHe+
iiBm7olr8JT5rWS1BO6HMlv5CaAJED8+f/Pm9PgSOOFfVgBEB5Lh8Zvrl2zX
WQZ0R8bq01hfvjzGm2Quj4iYdXDt9SC4SAQDTgJnmt3C9cHbFCxHCWU9ONhF
meVs6p6tphH4SN7vdU0HdN5BkQHdGxYMtDxbVblc1mANQgjo5LLb8SwtrrJA
xECpgs6BV0dTirAik9yAFoicpcrgFlY8WIqI+Y2ejV/8Ru60fHZ2ggiZJv5L
RFFB0IsMimJDmnwzlG2fnXzTc9cPNAX2BIRRbiRcxuQKFJkiCjWFN4PYZOZc
N1hhh6QGt5IIT+s06YYhOfroYuNHFpXeCUpeEkpuR/BKZCj/RZxJ0XGxWGMJ
kkdSRKLqO6IvoClQa++wWiQE1r8sc5SA9ZH7m17Ad+kVyqC4+/g6Soacjyrh
SdIdJfzhJ1uwfBVl7/uDXU0P/d2816dk0K2XfOOfJ4vA3xDr938yAvE3SKmN
FHuLlwQlST7XXsCoeKtM3Pnq0GIFCXB1agqDAndNXmu5GM1hS8QLIA9xuoKS
aD3DMVOPvNOtV65cbWkx3l6SoGRuJLaDgBWZ5Y7nZY3Yv8irCm4rwHw1EjWb
VBxeM0HJUW4VihpwW+D0vGG11oUXgo8gTnxcbIItqjEcBtBvnAVVOR8/YFlx
tYYvUQFkYzLJ5ScQboqJaqp8WTskH1jc8PLi9Oi13jjAY8j0hKZG+GldKJmC
bImYqmehC0wP4QRAf54DquMFyGv4cQGyzhwloQIwHkCJZ46AGyQv3S8AD0Fz
gusxcVcVO5FDBYt9ffSfHxBleon8wauPPRvS3/jDhxevzo//4/Skp8x2/ee0
RfPbUD8PlqqJtlxLJXSXqOjNDMRdwi0j7Inw5KFiTrSox2JYVpN4L0ekkMoX
a2/vfcEKMeq4oA7xVp+J6JvpCB4amKa4OTJjBadNG08VIFCWI5vErzUrY9ma
OC8KR025NFxYpCCC2PnbD0NQnkBgclDoqIuzWvF/wuYal4l6TJYQHygF8lRF
l3GidfoFyrB5A5eTnrOpIAoNGuoG1ROHWLGNiX7yZyZZVbPDU03iWd8DOF3K
0slE1L3D1LcC0YEBl4NTaW4yMlCJ3INjsniiXBuTFgaEolm7Gqh9lv6Nsquc
ryacCSvRp6405pOX/jGaosTgAJTv2FLMz49Etv0Sbir8yCGziCN5JTKQ1QjQ
MIZUiAmuakmbjvxrMFNm32Af2iSP0ynGdAmF5NKXzLO86hSERZSCSVNAFBG2
5cJvVAhgyVs7Wz2gfED39IIcqCCPIdujBkow65GvS+jl1t5Kcbxr0EDTomkZ
TGnCPDA8NC4oAy/dFsx6LBZCNKooxH3Zcp1c0b2j61HQitLa57AZsUM0zK2X
IMBcnF+eH5+/+nB6cXF+obatCPJ0cGCFkD0Wzdxp0SKTpE2TLZYNicsae0PV
UBBey4WhlsLaCWjT+ZwtJ7P0GsVcomgTxUchZ8XAbSsrGtRVuXDObsCmqE2n
L9R2tZwQsZqsKs3C5vk0a/JFJiZM1bpDLXOZI749Gzwd7DuwQ6lhlqHtlS10
oq9GdcwpCSssqEe0k0nGFNgwKEXWQoRXgRQ1HX8qyhtg3MiRDWrGYCB4TpvE
cZxJUARCkXBK95vvQV6z8d5bbErC9bLKrvNyVdP0qKehmJw3PY3GcoPS6RTg
k6CL4tpI43UPWQRZz3AYsa1nVnopp6rILOEM+aZPkmIKSagiWCWzp1i30qSq
cbGFwfRBRvmgL4qhd6K7MXToHpKq/5AxotYIWGMOqr8eg+VUmU0Yj7l+bFzw
j0QfI98ogO0MlAx9nZKO69QCWveVAkZ1TGdD1P8NHI1wXGA/HTY8Uh0clcse
mjaWenYjZQXJjxQE8JGsR/V4lgGqbnfajdAoAVpMWU2Ym2nZO0H8iQvrhpeT
OsKmGpb4tJAo4GQrwsdDbUn/mCzrbDUp+7Msxelg3fMJrs1i12M+pxEBHNX1
QCGOar88C2/1o4yqhxFgDJIXZTMjwvjxkCMV8mb9kWQJfrhMm9lHwSpnDd8n
LMjTqLXHWdH7l6NVIcKKB6gapuyYYlGo55pheAbx06B99uN5lYNs8zHxQAMS
Ejlov3xhFmscOzhUSV9ob1Gda0OcTCF465AEz/ii1LslyTSI43cYmfSVc0+S
Fxg9pJ5VAeSmI6LA6Yw/iaqaNGl1leG1q8tVNc5cFvqtZaCIDlF6z2Q2MpA1
Jeq76H7mGT7FRVJlS/RB4AbhrjWrmuzVycHOU3dRu0+BOT3zb817LclrKOFB
p3nBpxMcaK/TpkxUEP6BtqbIhyQlFPWqcsym9TIbs7FYcCCv2RMqFi6y/bt7
hVdoiWycEtDRnFpen6b5vG4vUt0TWPtJCKwDH1hHRmBGqC2zCkMEatL9CDFq
vakxbti1YeIF9Q95oJDHooOIv1ymdd1zkdvog8RXmenT0h32sXd7i1Pk6BO2
W+m1GJ+zqX3P2t6tC7lE26h7vrmdpof9LDG2bZAcaTiTe5UkYTps/YblKBrX
NFYhqpsfidKgLADs33kZCGQpYQSulxyDN7SRg4MIWC4lNoI/981GQFvW+2Pl
EqBUZf8NoBGHhXEspS5aE7sFkkHoSEet7UxkH7G7ER14VczxzbzxLNcxMLuW
9NdH/5WUsOwFuufGgBdr6z/oMMrVdTnm+A7GhtDI36Pn5Qp3mhNAWMDU59HT
SEoUszGXD0CB5gqlzRWs1LJ9YbIC8oRxesV4TcOxTRM/Jwhq/ViuOOA8qT1p
VDMYJC9hhOw2XSzJAqO/XuRXM9jorCxZETQnzAEOZaU8yxWL8KhXT9Hv5zKD
dQT5XHHmyPGpGYPuG+uz3yBxkqOtZuOicbK77n5jUOsBW1tgCCWStctXQ3fW
/qt0DWPG5k5O8VgIXbePXr198xju8b+BiPHt/g6IGN8bvx/7MEmFR+sKEGBc
K+5/idh/y/5eEwhgLiWHQpCcTvogXDcdp5HOQawQHcrBT8Ppk4/vL/tHOiKn
r1dfB4yffQohWoqk0zVCVoDmq6lHpn28mV0/bBp3hm7OAh2eKPOFPiMRelEV
x0gZQ2jyYCMKl/E2EAfIwgsf4oWfrubJNpC5xw6dg6lydvd5rJhYoAURCrJI
qmZlPnawj8H5zzVomahwCSmiiQcgTrMzFdfIlMkjMCJ2aH9jPiHC6Uy5ypvU
hRVGv4DA2A1s5Es+CChEIOap3WfO0REFok1vjqGNBj8lk8OP8M85IuHnR2SD
qFsGK8N53CsWsTlmOanS2tKurYikWmubrk8WY64+EUN1eJwvUb6t8pKVCBhb
ayP3H7wXrlFZBQPNrsevzoenH4anw+HZ+RtjzI15/9lcQ7IJglJ8UWhsBsp3
jbqTdRGYaEWE+whpPiNOWlMMoRiicEcog4lhw+5ZHx+fDuI6mtLEJ9g4Z1qy
XUDINx+vsVyDdEKma+U5KaIb1r5Nowukrf3CE2SIuD2V3S7nKSyhrNYaDhzQ
YREBXjfIYtdoWKDxQncuSY3W3pHrYBNtXz4q/EeJNt9R/KgbHOMKcXp+9i0w
V1LOKYt/gM2vSE8okIVj9bTj10ZDWBC1jK64iupaZudgIsdhaz9kbEATK+Ec
nxlabbzryIhwqNDtQvbBZHvn9vLFyeNDdcjygI6hk5HFmlZzfKpGJALRpCQ6
RcY9iswxQjK9pRJe10A5Pp7h5dHlaXvmo8TE7M7pFur744SepN75oJBH1nb4
/6AWA81EQTnjyV6+On+PJprLC20G9SfzxIw5MHEe7zovaXaXWJhLwpZxHQ7A
t5r22bvH/fcwwypIzs1A1kA6fdG0761AusiQdaVVPl87V5m1FPJxiwbgGTVJ
gYB7md1SaBC7kJwLFgpl7mVzvbiFMiIXyiQMCF7f9wlHlDh2ZtdSii4c8tod
M8SV8nx4V8gaRC9NFxjojx9rdapOTMDyiHSIGq7FREfGsk1BfhQTZ6dkJ+G4
RgmAbfDZ48yc1YPCkjFxibfNMSeJ+aksHDnAgIigAIwVkasvm+vTBNpnWBMw
Xsra3cjdKZpPBUeQ0RPxoEjsaejuNNvWVl1VGrlIOxe7QAD3fneA8aeh33Jv
EPEoue9ouu4eVlM2wKHskdHKAE/Qj6t98aSZALXzKCyShP1BQHVjsxH0eDIa
3AV8QMZfkgoUNwk2XtixBG+SstWTx8wb6AZIlD2wJnKDkIAXGzbuAD4Y3Pfl
yB4DgGrJx564g+iJe+pOAIAT8xML/vNj3FxTPl+Fkj0aoDcQ9hmlVIaN63u9
RAeu26ADia9xI9gBPE9D8Nx59vrc0bQJjHZlIyp0eFPqyHiI2k58LAu8zDnz
igTEKuu6XYNW9oR1IcC/YOLmpmSp+BWuTcsTbzTlSIY5urTTIitXtZaca5CN
N1EEpby1es5VDJwALnb87uLi9I0JhUgwmneBPiPlu6f2HKIreCyhx55H2NK8
RXoLK144tA8WqSPWTQ5C5M7pY+eTouhzB43tcHHXgbbTeDFpWkVi5o5WHW+p
FL8M24tGtnpDIztcYjrXeIWqub9kEVYk8EDZ2BigjN+w/npx+vLd8PREoP3R
5dFR09t3g29duBtvMeZpliKta8OFoVkU868NpsaOnfJNFJsUT4TbuUlBaf9G
bNauZXPvueOdjo5n7GATjlQlOCYMWFLcyLvx7Ol3T8ml+a6Y55/4wmgPINxl
oIwToaISToD3hGKcKPEPFrxMr1jl4i074s7mGyNIZgKwtOATvzT89hc2YPiR
RUbi8vzdz9hc31JuH+urkaXjmTKyUFwiMFcBEXyZcdT7EsWkRrZcLtFAWRPe
Id7HGRF7/NAvxkIIR+XLjMgoo4kvSM8obCMeVwaDGoreQxslnl8H/99XkSyl
HnCUcUqhGWgyBGm7ils1cdniRBA1OTeR+y7L72TSgkK831zcROglNteQ9ukK
px0H0h1YZI4II/XoWEqfQzzCxLKcogFdmZQRtEWs2ZYwR4wrGWUSjylTuokO
MdWGsYTSdaZzEqwlDyh0XinPZGFt8l0B1z0xa8wjuguHJXoLwbwKgb3xOm8H
oqn4jGuOA9FA4ZgTpS0LHbOZjCN/SvIQefFKOOxH5VkPJa62050XrpM/ZkfN
5Swzq7A5FvH9Ig1aU6B2KxRN2AUhSDYxDKklAgNcXnXMhnaWyFZ9QykvgXBc
CGM0Ttt1yUiIYid0MFx3baKa2L6o0OU0KsVuZQEg3mN/SRWRdhIhJTkzJidG
kzLMtST3iSYZOjxJXLiYcSSBS5jQigQWkwVZeZxwkEIEk+kTtDyZWFtt2XH3
pMiAhLjnyu3BFsUdGPolvXcEzREaXngVmjj+gkKmnJfsxESQyg3X6yGC4mu3
Fv4BLTH3DUSNP7vRO2dvzjCp2QTS/nyYPNrwihst++7N2QPefnF2cvbh1fnx
0auHfnRx+vr88vReXw3vvaghjU2vqrPN1K1NaoLbju7w2Z5L0/AmWeNcAToY
ZZE5qAkilRO+TKNuOhb7ugOejV8FJ9UDUelhx0RR0A/5is8pXOnwHqukY7vX
dHxsgQfNIP29w+/kBJVHbd/JZ3JKTQrCTMYxZsiR3KgxIKtjIkASXjjKskJ5
oXJCSlEceFBkn1IvRCLyI7ZqTVHzyo3J40xr2XdeaMbPxDV0krHaLna03Kan
CIXdxOQRZVMXBOLTMcGDmNdoJERSaNAoYvagnblWG/TnlGkojZZMIV4UIpaP
cYGbLygFs0F3ozhoYx4ZHXm4aTFsYPsNFmMAbUIYPRO+WZsKbCImlFrysNFk
j6dpOWsVw3AflU0EgPVQhMDx2CgfSZ8semYijvXzN5uK0LgoF2TwvCT4pLJn
fXNI/RcJSJyNaDDGhdi8FgxI9Z2PzkyAcauKzEE6zEbT2iiIqwodswM0gqBP
fL52wi0sCCJHYqM3PHiYShiFQ11Exm8DhZekrMzgxKfAYfzEUKkb9LysijY8
M0IxvspWalMUpKDTmyT9IdXZZxzk6I5lLfdOuY50Dh9O1l7gDT638bNMq5gQ
1CJ51DbGvefQHYclkljpkFrrnPPFLTfmwxj0YoLLjywgveTgvkcxIZwl8Jjc
S8YJT8RyXUfk27Q50c5NV4KwwhQ8wneTFxNQ0t04C8q4oGQvzpG2hTi0UayW
wNrYIknxPslZha7WaH5YjTEJbMK7doPq9tmeRsGfzyn40wanxcY2m+YqG7ig
mvLLK7aTkClUG1uJY5mjAu6GFteYkM32myQSbqFDxQ4wVMwahWT31lH4KVvX
nvdfp1Dcpb0AB/m4+sh+wU2cKek2TiSiYElYe4IEPF8SoaHzhvNwZ4S169hW
wB2sk3ZFAT0fR/P7rgMhGDejhEuRJKqHraP69dfxdSDBGMNiLbemzuwpa91u
tDIhn8ZDylctgmbKollXdG0bzd4VSPgKmRpzLs0VVKImTexV07vIrwog1JIe
5ZEfUxvP1HZoW2PcX7/clTZQY32c1NI8Ohjf1cDq5FxCEuvMviuuA/LVUhyG
mRrlTQl76a6usm+t8W62L11OZ5pemFGOUNuKUuwtOt6H5luqMN/S5lTeL9/S
j8YwcZMYeShhh/eeAeTX9gTGbitChRfPsXGr6PeM24C/B0JLgg5ynRVQZT/u
RW7+KMN3RvNy/CljCysw7HmW1uIfJ0MopegmmKLr2SbExEDRPx4FACFhkjdS
/Wet/dXixao4rMmQgm2Hr5E/RttBmWlKdm5P+d71A8uYsBwZG8a0xuItJg/q
AiBtKZf90boP/+EcYs2QdL50WqA1vN+Ufdyajl7xLx5jgd6aNyN/wOQgu0Va
REn+ILggpYhpNbL1AtMxYVUDIa7ObTNhViwV6SmMEWA/zHdm12NP04KOX/G8
a5+C+CdprigX0QKpsCqXFWoZg5BOob9YpE2KaURkqpuy0sGqpsAEO8xYdpxc
Y8nD8MwYgUAq5yxC+tKW7nIVHRjvJq0m1uliYEg5M0sqHDfG+NvCBygrOrhr
KswZP0FJjVUaRT1AmZhN6/nVqbRo/osVESJ7PFbZ4XBWDGARBLEmc0EJ161d
Fm6IhXE66RBtdlc7eheRq/ZuDZ7fpOxVGBnVpXVgXlxJBO7sfaeULgvFibvK
GyI6rv0RSILNmTMHnyaz/Ao3EBEi2nsn+ySrma54b14n42tsPRSA453fS117
EBis/DPKTW2lMr+imq0I5welmUJ2nqnlzzqR+ufDrppvcVmJzV8mfkD7QERf
CsIxu7LvvbJxfBqjbF5yGsEkp7JKQUkLGwLUrn7kikjiCsITd+51JcfA7sEe
hSnQWUadakxGuYhdOLIUYjPfvK1KKpMKAGYPqEe8UPi6KatPfnXEVkFKHXvp
6k5mXHHMSxoGUl7J2TZmJu0brjlIe2rrWBIMFIeTsavMiWPlFIi/Su3LUbYu
xTkhNfFkcXYlyhSG5CJhoQ/HkCCH+T0AgbFWaFbra7NCgYAScJQTTm9rSeY6
BRGRSZcZBZjMsULDOizBiLccX1AauzCKzQSK36RrHI8xhjRZEiez2osRRoz1
0yiMl5o9I54fUq9vkBzVshgqr8lPEbmsaGHganx8ptQE5dWkNUBpRAVfJNSC
g9X0W5SgslroSKk5l09SZP9h7067gkmtfcf51QpDChCMZs14foQtbM3EVC8J
ddZZcqEc40r6ehMO5mhFN1YqzdwSTDEszFGeyFGCznvYPVdYOADwJoIMppgN
KXeaFHCK0RytmHy2FGyEJQq0qUjkBKZTxGQQ8T26lHjLsfWjHHoDf12BVECp
SmJTcZMqpqJ1ugEaJHIZJAhjGyYAWPxo0UPbC5cczadcBARNaSOqWowsdYXY
Tq9iAG1Zooq0GaCGjbiVFZb8JcrbCNAQAm5Zj8KrSuTHE3riLWDyMtPF+Fho
wGky9HbEI4loJWiP5dFMOKotxnNmph5nD8QbGTR3RvDxJi9mxJbmazJ1okWg
X077cyTApLFweY5HAV+XcJoOTkhGJ8PNpJJk3djgIamrRNY5+5ra3vaqhgbK
x2N3GNd+FrynqzQpw5htQScMndH5QKgH50QegBQRxqK8SF4WHU8U5/PtQoUJ
pRzlYzZ8kMhvCrMNEn2MJ+wGlkgUKhmC2UEdgZQW/zyuTwVtxEI8QOa8llJY
Rri1vAd2S3TfrKXmjL6w+J6m8bWCk6OU/uus6HMUjPkRP3fK1vRbHyfycTmZ
mG+V/dYz2LPOynbbO+pa9UzkGcJaanqMkauzCo16BCXwoi0qb0yCt4F/B9uO
aKShs81hZugTi2ZRUkpYF5O3os8/15a3awquqEQNpt3o1RJy80ckzwDQ3uP9
xCtOJ2kn8jLWMcqPvXZL+CclozujGJXJnaUOSrWZXGRSSJyPHY2ECcE7viz/
kdEOX2NIAxquTm8pd6cKiYJLn5xqbKaKN+YzfuKxFnqszIzlJsQ/ldfRvDXM
xSnrQrsdWc5WmREo83hH6LKa+ssdJWM7qqz7qIDCDgOf1q/Xy9RNB9zVrX1R
WL3RBGxZErH2u3KZqbNJBQlkeLe+S5RWSB6vTfwAASxji2dQf0H76MzYXEIZ
zb/+lrrKDLrnYXPZeD6uh5Bsnf4nRv+dXvTdxW6p1IjkXB1LXhfnJABK5Hd9
l/0eKxrRyJ4Ln28hkVmNGzdnHRWvG0DX//mf/1EbP04+h4zZlsRMtp8dPO6F
v7u5t8MV1XKb2GFf0f5fZcUVAGT7u6/7fPu7weChX+r9fPXUeoBtmFt9Ich9
PkweTfOr/k3T1+jQ12dG7W/+uPlkEj6YLUrW9JDq6O2Z5AOxCOihAzu42HZS
snzINSYbTiOvQUdJpSgUjro72I/UlbjfbkfAShYgymPITn/OsAOhU0/bMmhI
8c6QyHmFLnX1Q/bfugUjjYFP0m8wgV5JSYIqE4JIHwBfqNJaew2RbhnhpKy6
C1dqn3arxmhHRm7Ud0BU/u3RCdX10yN9fiRPKKpM/s0hVUfmZZNMV5taOPpR
q7yqLiP2x53b3ec7Lw5O9r8jK8yMgtONFKPj9YIp6tDrm0sTh8w1BpDCqLkf
S+O0KKv+EGUMC9s7Cjlq6QKt9AqrmhBvnGLuYQozrOucUk+QMPP4kjHrxnr0
OKiDhiak7eKPjMUhMCkBH0RHNCXVuo8G95agaM9latJQBM3cIiQ7nDXwT9Ls
hIz4WilCSHEZu8BaL7AFRDYyrm+Z17XaUccL1wvwQe2dKlx6BdTZYRy+bm2f
9QKU/KxSZH9ERZZL3XPiPYvAjhpLfgwQQjGvpM7/aqK9HBxsbko1WjdYih5t
XvhPo8ZfYsUCLr4vv1CFGUp32NrZMu8xPRVW0roU2PQFB9rOHyd/TCwmI+3V
lDgnSvxWgL1NpN2nr/oghKaGs7ykxOwtiYnQA/n1nYSFEibPOQCxRglCdHGC
AuVeo22AFwaM3coJYsKQNWuP8JGnreMxlaN5bhIwpFyPLF+hJxizS7mmoAmE
1LujYoJ/dvM5f96WbP7HomIGhUot7Ql+IRoUPNO0qKva6T1pkvJp0nPtuaUc
jqB2AAJ8VK2WqD3bbNbchhQruq+U8h5RJU2Bac8VGVt8z8tVGKO+Wmvbr1Q9
mKqIMUwUEkdbNTNfcmJLFFSmkwR61qnjjb5cxJvcbz4cXTLVAbbi9UwiH/Qx
RkUhFjao9OVO5a40udAGrSFeXo1xoqo5mxF3cWyhOtyE1KnMWvrczBDlGWuY
wvpT0xWSWGyTG2lTQPjqNDOO+YJnyKCs1awT6AJp7xKxPxNtEapT3Xfr67Yy
2fVLnPcuEXX+dri8dMfJGqXX7tcm0fFOXacYqzO0kUOEKBNoqQ5HbqQUIy8k
eVLiz5Q5EAl7AKWgujKfAUcFpMVqO2tjDxIeQFW2BV0kzk/L8F2UoYMAP28T
YGOF0Q+ipXu43MgxcgF5zYcuPQyl4w9UwOGDrhogknHHkn1q3nlQbk6odXtR
9b1DhQ3WzH6wuVhySMVkK25LpuVYDuJhrkaWmWnEyuQ2EGCTrfTSg6ccuWBL
qAxo5jsAd+d6JFpIBxG6Wq9t92WSIXlBUnBFpyDezNaulSevZam6VnRQadTO
wKO5xSyoND3QKcDlXDp7oTeqkEZf+3t9tCpVVPbAkaJpHDdW4iBe3EZ6EjgF
FTGqBWskwDg7t1P5X48HlBhFuTDiiM1rw+YbHRpaOxVKvKq8PI4uusEH5qHw
ncfjlPak4/HT7i21ZToX4IsbrwsiCRVlJQ+ISffEkGfYJhJQqxr1tG4XkClb
muglJUbjBpTwirOi79vT6ADa9Jjd447U6OS9dybN2wIQXNfN4Fk6v0nXdcIR
afAbZkNZj9lgkwRiTl9n1rOC6I7O+Cux+xlA7j2J2QQo1pRrqqFWTNDc6c3C
sj8zOOONu1qlgLlNhmxBc8JF+omgQV4VXeljTYyqQzozuBVnSlYGLajEVDf7
yZ1qsmzLCirh8JlzWVun0grLhl69eU82dH/RsqH7TGTDO8U/LJuXTVpzbfsy
4dFj3IhROCNBx2njOzUtgZrk9ZhjabQNd0k2EBWx/Q1aCzFGQakYwgmo5L7w
pcGilRms5T7hpnFYdnDTo1+Lm7YYJ3YW+GBi6Q3jjK6uxThj/Qd+VcbppEDe
wTXlARNDPmkbf/qbskynyA+bHhyizPIqliTBtfiVyDbwyJA98mj/m3nkUUe1
0322cVvnoraeO5HUrVYYSqOiLnLaSQ0LJ0NrGsgzUvpw6wJF6i3kCFtDGG9L
aCLbUpySESbso+NiKFPYaMlNeHSecNfipn70tmbJipy7KdfhckIVeRXcdVRz
wegFbXFB45DBnD1bao59mUK2NrJBb5p/JDYofsquE8mtsuXwuLblw7d5uNaO
WPyL0yBF1zCPkS428wF906SLgkWYthIPcCtwtsUqSilkc4hhEy8QS81fx4yj
Ku6l1d3CtM0QZ5RKDS/P3tAr2zu3O7uPe648inZURaYu0zpPBlik1adaY2zg
A845wtH4lAeGB5B9GAkbWli1ecyq/nYvbmi/LXKbatVo7gBBX3+X195LZ30x
GNgJ78Fx5cEJyhcxq+JNRCPt1EUjmKSTOjo4qcNGD4NWdOYKa05zeU+n/VBz
URjEVfZM+wtX4bsrbCDFyjhBKq5boN1UefliQ20QmLif/+v2ATXGU799n97c
6WLZrGOKh6Z0KjGeBSntTOEPXDREh+prUfh7z9Rnzan4FCdSSeQy0nUo5D5S
zWSk1WSprK2Q3WaIllD/UkUFm5QAiVadJPp+OkriEmf1W+sobZJmWsc8XDsx
6f0e7dZPNfX2Si88SCMx4wfayMnjsPNOvMzuY7e/o4SdNJK1ru+f1OlSgc7f
Lgm3IVzJtkSzFLANmw4aeNKme6+ldhjTuagWAcv+wAs1hK41o0fqzK/3IXas
NbjLeKgJRZc/6warEdgNbCUtyO0ZhA3kipwZFdEkvL4SFiuIHQ2JHeOsGGaM
WRyJLY2kCTOsTGx/vI3aFsxiqJumH5uonJbXG50brkz+gTBLbQaX7kAOmTPV
tinQUhdeC+fiAHd3YRi7dzs2Eah6Y1ym29jaO3FVWVt7pJBrSCk715xEMEqb
8T3sZQVnzrlK6Kpzux8Zw4jEEN5vCzri535bEMW5tVitNG9MQtzU470zC/Fs
Q0KXsxLlyFdBlspyVS250V8h7k7dHUKiEYuJp4d4OY06yUiYtslr14VkN2V9
fhGA5W7BKhnJVBeTarpe1Sa3ZXFQD4b4yqbaLx47ccu/tLiK86PLXJzHX8dj
3EkDVnMaMXwJJ0ljfGQDwTO0Liz0GdipOsHQwUBO7yE46zvpCdCdjIVXFOMv
sXW12Iz70n1F64iRyhewBcymqEMEhD0JZmA7iLacRNnVwGNwniT82/O5lm/6
6/mclsxbQ0Y4oIpzwORrOKCkCLan7WSNyV2sUT2QNSYbWaN6OGt8GF+5kzVG
bkHIIZ3FK8sok1/KKFXbr/4wRhlb+r35peooBfU1/HIjRfkatqlCttnKzY2y
zbDyeIRt+jUeQ54ZKeOBS4pXsQAGqzYw2Fi5tXtXSfuaGmkPrJBGFt6MulZS
/PzRJrTq1rvZkh+4f3RyxSjT6jhHF/rmRq2ad1hPVbiYh+nobQOqulNF74ht
cVV0pVX0LlA5urqBUpfFGXGiZVFuiVnDLhFr2Bavhr9EtBpyK1adOqjuU0Z4
g84+Xi1W85TaorLlUjmFhMk/wfkCbGJtoiWFybASL3GhdSTp8GQlrZemkTlG
andmVYfHOFQB/Q8HPthxB+6oRexF1+qywj4nqaUftwUPc5Uqk8o1WmqhgC+l
e5e1ijG7lfsdLiQ3zrxkQgAUTEAOKN2AjTqIRmErMewwPrruOJvG24KuWYUR
Z072GVf2iQnJwzsF5JfWynyw021t0TC8Sy6uozLx8C55ePgVlhdZkhFKx1rI
jN6CxL8FnF/gljMgvKNkJ3ZvslqiC/VKj8ZWLUm38p7jtOQANgkuYmFv7w/1
avmvz3b+8AT/S8pzbqyIbhKiBB07WXbs2jSBT4Uea4/H6u8OMKZHfJByyTdK
VbXjOW07TkWTvb9QqN2n9xCkojV9yPLNjXxsSe3CIUu6XqPXIYBFdop0xnh0
qb8NoMDkdYzMTzm71XQg4NJ8RhT1SYlmnlLVYprsx4ut6xXu95JvmaDt7vao
6BVFLPIgu0/btR2l+rgOePWKh5s6opqMYDpLBioOlfPh8FAp6kfkeYOE7WgF
rrVaKoNYvcNqHCq847+hwcmh0hQA1kpHjUdV1G5WwKd8uURqdw6QiDRHEvaG
HiPr+kSocQOWgAaQDEB+Akrb1vjAYyEHcDJ3a84Mx1tCPbU2FgFTqQQfI7xt
p92gI5vT28fbBhYhcBItTXlJ05QEVNUjKeLSSszlRCrCKe5iWiEKFyQzNIr6
kWBZHC7bmHPYOoA0rXSXTRInJHbPVBGSoqWo3RJcwmlruXmm+6ZX3/OfQwed
e93Q871vqobLdeUjszaO3afJNvMELA7ayjpWseEf6xY8jhOcVX8Htfgm4y2m
2/xUSWKP0HtSkjnbhC+RNOuyPxO1QJHJ7R/ALaf9ppH6gGmYX3KtHqhnD+/g
BmKL/FX066+zpbf06+EvsUWrX6xbd8iofytzdJfKjBX8pFbVHYbmQA/eaGcO
63Dfpwq3UZjcSnu+xuT+olUm95lO0BFl1q1s16rtZ5useBbog93A2fmsI6Ts
Mafc5dzhh1UJ2+YZubetKYKlR0os4Seda+7bgwt1Jhtih+KflHOemNk6dlWb
Ciedb+hOGyuRDvJiueIk6VUhofweWqbzqxLI/kxSGinRPButrq6o1JDgrNUY
4qcYVxkOdr/KKYuQ/iBFDx0lITqzpyV0wOO3dND6p8xEHoUoKjTFMZ1SCyUp
xySVTiwRi+Lt34WKdUPvH8s86Ia6bSAokRf8ILgHkZfYdB1UZs+QD3Un+UhC
8sFMv4NgKI9gJDGCsWGdlm6oO170sqPvJh9qE/lIHPJx6WZpUEZlOi+vsNIW
Es4A+4BSh2zhy2PWndAk5wGKACusDoWxLKUoPv9iOi+F0XUPo2h7v6qX0PEQ
RgjepvVF4u8eTv4eHNYeEL+YCiYRTw7ty0xnt6AR5a/jOiynU6nM50T5aRJs
Q9o3kOFN9/vv5q/ZeKYPJMoqKlv+akT56C4gPiQqUHlRgd2B2+3ZYu4H9QD3
w28SIhgFiBu//VXZTH556gjrG8bZ3vBhLK9dATtgd/t4YOavg8dJEE+4d28R
m9sTGr/URj7pBgx4trjQwOdiZnsv2qfk7MaLc+QgYsyNGc90+5Ruy4Tjsrj3
hAfqrgnjXgwJwlOb92dSIQm2ljgyH2WfUG2tOGSHkOY9Yn3AeipZRpEg2uLi
ghs1f8B4MROSccqWXlJOFvt9RZfWHmJiS/ul30pk8cSEyHXrEBH2HT/Jwdf6
ScRS1ikVtJcTkQhioPpan8kDA3narhRxkzE3FvMh+UfcZIwbqZAQcZF0eEdk
vIe6SDq8IzzawzwkHc4RHuq39JB44kvk/v99RZcI8v1tdEnmk3rBDnfUjz4c
H70dvnt1SrwxfCjpURu7duAZmvF9cLeiW59GQEhpv5RBpctJJVIaSqhOe/Eh
rdmJeGApouBEj/g2Xc9L0IViCT52WiYrrfkcYmIKUG0ocdxrgaOD0ihX74iu
14lapKpu1lFrF031tkw5AbkJusp0eyW5rmw74g4ygSLi1xbGqCFJtWYRkcel
asJ+b6R6hSfG/dOW6ThzCgwzcw6q/HNFSWmJYHbEYl4Lmwi4aUGVwUzBb9vK
oKt7Mle7o5YcMKqBGInG3KVimRaKOrNho78ik7KfA10+h4GdSrFHxwEltXlh
j1jAwMv5cGto2UPSdVrxEg+SH3VdZhL9YEO3Jj3aKZ6PcoNTUOz15Ttm7tcU
HnT3vQo6jQc9QbgdLcNftdGES+yRwmGrvH3+7AxPrdJMzXfnJJWgqg0YkGNE
CYpjC/xxe9jlfKbZhZRVtj+rKFJ4dXAJjrIEhGR7P1ocwo7fql1Jyquumuns
/47ezpInlnI0mjLVWMNd3YWfSay7twrOialFwvnSJCty0ztiTtEAJ0RcB862
H4PRmY5fnQ9PPwxPh8Oz8ze+xuT95PGGrh/vyyNa827kFU8747dshbCO02HZ
oVDxVHzipdJVplWa2rQOZBnaVuxBTUo3Ypi7eQnhrkxYligJVNwEhR19wYOi
53Vdjrn8s6n9qvexzQYH1rq5a5AI4R3n57PF8L02i3SrKbglJvb3On5+zWBD
Lvrd7vO9mKhOct0Hc1GMoB5f8oM5axcSeRxWRS178d3STyjSS/EFB1FMD2kJ
o/ECEJwT9Rq3bACbmerd5cv+dyavgGcUjES84Ai5e82tpKKE7WKK7FuP1ZBp
Z7UU4rFIc9tBz1BlVtVBUqSxRJ8JI+53d/YOJIcgSYakwOpCQNWqGLOISgN4
JTV0uVi9IBqWrRdUd4UBMZ6l2PoIYyeweRdzNxxLyjl34yGvrnaWh5m0IuGw
sYimYL2o8SQbXAqnBJNg013lwitwEYQquLUp4sSN50HknqXzad+oPca44xCT
wqs/agnC6ZsTU51onmI/2MZ33+463ZAfCxLY4hqBviUTr5ZO5Rxup2cWPcLo
hSUXAxdqev+lfY/Ql8grV0wsMsfKsQFiTjkPgPjxPEsLpy6kUN0uuo8BQJvG
rpUuiEt03Cmi5XAWie+xkRjxwchGRI1tPf6CMbhs/pJUc/mRb7YNALg4OnsT
58HeTyEPjv7IPNjluD+cH70/+q9IJdtng+9cbKEoJm7+4+J2qUBiGGfTFXG7
BuvZmv6/1ihWS/labtMLXDyvZ0K90I7M5iblxMS4LXVtDPK9ZAcfXhtlh4PB
s07pwd3WbIXoeROKeTrVxXHzx8+qxW+993x+i3pqxLmPhYAi3DI+oeWWfr1T
qh6g2xhI9YK0G2algS8jiZLScWHBBOr/U6wyp1GxSU5HCwW8QsZUCsz24KcD
2ygpjAwTXIqnQc5hGtp6TI3ncIfR0WNwZ7PbJSfoIbI2Dd6q4CytUOgtEzuC
83+1GYzvn4bouU7MwA1xeT+qB81KtGiATkSi107KhCd6XYEsi/EoH4bHNOWc
zTlGaJHwVKzQmSDpwnZf3BeKLH7c40B6UUk9c5204lYUdo3ImqdJh2+s6TH1
xtY0wdG5lBSopPVRoUGMSIy2IRQlS9aUOkCQGHzT3odC4BhUFCSqYahJxzZF
skZ0GKZJzsjc60bKG91mtWJ7gFSmhTmlgKFwtm2pkZjXpg7m4562iGoHF86B
AhHKjIr7hUxNu5kao0Sp7WHmapUtaCjT3tDpzoh2BJ2MYepwYiImF4sSM4bh
VtR3A4OuqdAxezlMJw5eGAemskXCwS8qm8zwMSgvR+eEcddO920qNtbGX7SO
tCoSSzlinjteY2pASZaRrxDSttslJc6+76rI7MBXg8Z7MY2U/lLkJfRm1K/J
Q1082KYqcfctBqKVBBHmbh1qoVZddYO3Od09WA4aQ4qJouf6CZXiBpLiaOyw
Jmyz8A5FV9tMZ2PflsQ0OqqzMTYwIP/oCuXJRlNOKubU6E6GgGh/WWGLphE3
wmUHIU6iieLnz1iH7dtne99iHTaP9wodAYLLTARRWfd5NyoVlh/irjqg0HxD
NB6Hx1r10mYJtwUYcEUB2mLVwQhnrpVcYqMJWAV3oNk8xO5gr2fcbdmt8I9F
WjP7G1dYGxUf11yT9vNnszWqL025AUV2VXKwM8mT7MowGg473bokEJMqyJ0f
dXvURJqUKiTviyxrXFBhR1ULJLyj15lcFYnRdgOOXcYZmZmtUH5XUZ6y1pWK
em74t9VrlDYZ4SgAiwXoHyWSLyIKttyh5+X4brDraROExaccml6z/sN/4Dsa
sBGZXEJYSFSI9BOSyugDDoTSQ7oyAjoFpNmYYwEzb3qmItvi7LuDg12W82bZ
fJnAjV9hsUURC9z2jk6dQvJPTcrxasFFdlFG+/Ofk5fI4Bhdkp9/Ttr/0+8M
GfI//6xMCDDrr3f9z7z9kJc/nL45evHq9IN0Hv3w9uL88vz4/BUImLugApwe
nZxeDJN/Ic1M/rI1xuClfXW4yID1TODfMoY6NHzqj4lb2ksd1uMZUC94PGua
ZQ0vgtAAfz1Rh0iF0HG8hj8Z9wZyOoNxuQAKnV/lxWHsp3ttN76RewHK2+x9
vjhENruq4f29nR3HY+zBbcdXUyi//l6jW6b0L1iT78F72LnfLO3FhRPftRvE
++CGO4RFMka677q+00TOkWc57VQT3eKULnHEgkIsBjNs2jUZ/v+N/M1v5H12
+3e8kPf5xF7ahy5p97e4X7t/L2rxtbuhy/+IOo3kE9RSc91U9eWKWmf9xMIZ
CAHyQKQ18vJ543GdmhlVMSYCsgYt61aTE90xW0tWSod8GdtQR4NXkt+1EZFa
KrFpfLW8qlKqmfsJBGETQMZVZNaBSSHVUizfAo62Iy+1UW30vhQogPAsLTK2
XTk2tOcd5QVY6B+iqI7X0Afmpn6O8EY9RW8fploauivD+G6/xbLkcjfKtmlH
OSvebBtlw5Vu/y5Zn6JJmPbjGETO2YZ9ofU2O0rE8TF1yiEvq81NpETfEj29
ORlTV0VTgbhFYvZGgRpVDNRxKLcQ3Wp9ksIqyg5trOEFPzEE/Hux01+X+cSZ
16rYIF5OV2z2aZp0/KmmnvPYtEA7S4x/lzapF4DKlfbgYn7oWcNdzMxKnRXh
P8+JjirdUMuC1mGWxj7u9BcDhFyTFbWuJT2KO50r3b1ddAqOUqRJyCqh7SwE
WvkBIPzv8DcnA5O3XHdTuyrJIuj5zDzMKKlVurzdlMr20eSha91I19hXXP/S
SetttJKsbTdORQuFbaBxBdBPGvQmptKw3xzYBlKw3QqjPR3LT1orF8NmJVqa
MylAVXOruNpT9t3FnmNEh0EUxgpF1Sx0d2hAghlo4Y3FmkPcNXa/sxfRLKeW
FsHUqwImuspq6Y4qyWMYPxk0v+BeoRaWfHPSK1COga5h/ACbPhW56dBHYzpX
c5Yzx6Gwqc4uhBJkYI0sbcErFYxJbgy47koimA2oYf5pmlcFop7ID3QeXkuP
APSMBcpR2q5Q50ylPD5ZkBgcACbZ8Jyq58vy9YWVIiQINMQ3LyU7LUyFgMCz
wM42z+1JEUOO+VfOzgHYaG2Gakq07xXrDgd/ior1OOMIoYC6uZNS3LXcvV5Y
ZE8OU6DNwY04gA33LFcNX0gzMfmVELe4HoFb7MAh+WOfDQstBNrFpXH20OK0
xHsX5Fm6FgTeG8a75OPVPBUzAVAhuAzYmxxJVT7Owrk81Xp3x4YW7UnMT5XN
s2u0EgdiBJtndE90wh/l9JCcwvW2yEa3fp5dwa9o9WLzJEZic+QFNhNNMEOs
gvWak1lT328pAK0tuTmWKagYH/AJAPWcLnBHF/Dac0J5BgodEd5we1H4P0BI
jsdJGR4L6uVAO5CGq5Fedm2Lkon6LSY2GofrCpjqG2QJyWvnwGBjRUnZb1Td
mpiEdopYn5qapRPGPYwluAXpALk7lfypS2JwWaTXuGYAo2xdml7kyXJVz5TY
OK1F6CDwLrec4MbRsShhAqxKZrhlnSlz8LQ4jEBs6mw+ZSN/ldefqMBhCy2Z
HCMS+wwD+4aOP7lM2QO1ns1GX/k3MqjyUXP9ChuzxZG2jc6hY9aS85aCuq1B
3VMKBj5ySg46RcexcBmJAZLRUq/qJRwNJvylTmVxiTuA056V5K4vlfXbe2Em
j5KzozdHLQmTvUZiyoKbepXXbEYufDEZhVl50KcHlFGI5JevAjYHQFWfPMez
vb7+k16T2+J2N4G38rRI+/AqPTbDaU+X0m/oB/SGtux+dI+wjyn8H6VhqbRP
MOPTQxG0HyXvZE+XtKcL2i7DIvn8yN8fe/SsFRvgU60p9XIi5kZcyNaPa7jX
1NGY1oOKgekzs40bf6wnVd6k6y2BduU7uYEjGVr6jFvI/hmH+VnidLdc5X5L
2n6bCpi14wiXRixG3EWi4ILtUKmfMPQe/nvomwzUCSEtRa/Rr13CuVIXmRhs
6D0PmwjgshwtkydvU9Qi0BgfAN/FmRjoc+kYF0BfhpcvO2GqDBuEdX4+BDyC
C1P9ccutwMBGmRPd5yjyE5JaWX0QKutZqbRy0KnTSMDNJJumoC969Y2j8ypn
3hqb5Eak5Fa/GL0M7/Cw4QLDKnkDI9KhxSZUEul2mOzc7o2e7dgyGRZl4OGQ
fQIs+tDDz5/lFL986QR0WHo5BvHwnQ7Qx4tEZ6b2qE1c7rFIfJPX7VoezSxa
nVtxHrXpJGAipe4+uHD5kRP0Mn/CQywoSs2LfQordmuti6RwvV+pJaSlBO6b
x/X1zGCF7jzDXVhkGDGtap9wtKaWUx4QtZ24oEwfaZ+pkAlHJyD/I6cWw7gC
M13z6C70bIE1wNPde+NpQKnugalBEdO7kDZ4/S78VT4uOQfk1G41oki8OKOD
4moDiseqelpMd6uba4RXD0P4DVtn3FcPwP27au8i+ivjsLc3Aqe4zifoQI6K
9RtviordFBbtULiKFMO89zXRVdEKLpLm3hrl35rkt7g1wdmEF2jvb3SBbHHf
h9wj+1XXdVJRdnDXddKnO4rUKawTqwPJPZJ8XN35QhjeHQxmQxHpO25fnN08
sIZy+xI6DEj9GpdQF4v81S6h5C/+L7+E9ojCu7j/t7yLXDT7wZdRam3/PW+j
iW67/31Uv4gbtu+jui837IDZ74Erqg758X/nheQzCm/ks9/8Rg7vL1oO7yNW
Os1vmnY5jEV6GxTheAALG3Zel+EvY12tjXUrTOo+18MpeV1uvgbqfnxJ15Et
1h2CuHaF/O50KucAQtw/+BvgPl69+yI/vvtA7B/9LpA/3Ng/MPbHG4f83pEf
DyDE/qdfi/3WBOrkywamT98Q/mDjpx04bv5UgMCu+RPD/XWG4qHeKO7z8sUJ
nBOB6dC8ERiDD5MfqMRIcFhs2p8AxmLWjWcWRpugzkhWZvZ2qPzGpbRfb63r
XWGSfiKyRb/K5nSb9b01DUfvXmu7lszGtbZfb631yPf6ixdHKuttWpGTiYSJ
ZLXGHuMkeRj2+IPdhT5OqYhDnufj26MT7Pjy0Qm9lPtxaDtffAfQcubB3+Q7
bP+LcXv4CN2jaUGXJrhVrUt1zKFixzqGoMJ3zk4vX+KxFE06bg5Dp8X7sqLy
hT9U5WqZ/MF1d/wpz5rpoKyu/pWpFK3mTVlkyLqwNAl898ctYAnwz0azp49B
RsdmCDxvQyBMUPldQ8Lt/rMZEkdRSLjf/94hcTc2eP3GO+Dx+8eJQK/aDJLT
KBiCIX6f8BAJIPmR3dMvyT2N7MJwfnZRg4SBDnqK9dF++KRpEfN1IkWhNnme
lXiencms21knMaKDuFF/oKjwwydPbm5uBrge3NuTtMa8NgogfYIv9Lksxr+i
+GDGDMFGfnjq6L4aY0jFxJzlSc5CYrXuOEOP44XnB8I4LsQAWvX7/WSEoXnq
UfKuluIC5xRWQ6C2kcdcBbXxghx0YTfvxE1mkuQqm8IOmhHSWhD0WbVw4qs4
RkpQm8Mzk0WGscx5vXCjPyhCqMLoPQqMAxkqH1N8aaLrC9QmukFfBRNI0OK/
HAmBoU9c8Q1jHUcZxzJL7as1w0KnyLE4rsNWKdDGhL5IaMGyyheYqEpzyXd9
SfsaJym107MNn01cAYoWNrhGneqkOx23TVmyMXCa/TrRuzZSAO1q2S1FhXMq
LYvfnuAkMTfbQZFdJ/gEttZakNMFbmpT23Od6CgpYbq2pVReoii3f4Ofn+/t
7VDkjoNwJrLdhXLSmhjPSxQZFcRx3Bls4we8ewgXj1iUQ/XgZYAbJLPZy6H1
LAmNnWTSWy0dV2Vd+7vlSqgc7TTKZul1jjoAZ6APEg1XUh1rOzWVn1Or5YTE
8YkJtvY6fnkJjFxWY4yF0+bZ5ArXKRuv18V4VpVF/teUO7VzdQk5MjMlYqi0
1KH7N+ZiS/h4mt/a+gKuWqlXI7r8XQFHKsRBE3jklVeFzUuhHqR+fRNj6CC3
CpAbeEFaTebSa909gIEUQUqT1mWNxvYn2W2OmalcMpm7N7nj9YxBodYhqssq
44J8tjGbT+vM2BqjkM5xgyJlGhQ9pJyZho/uHKRsgQA5Nich3ZTLk2qGazTW
cGEIt25cNJpSB0ZS1GbZOJXpbriylKnWFN8wk1klYdqyodo0uUyOPIStQTzQ
fZz+uDVN53XGwlJafCL7x1HRzEog2sczWHbTpD3Q6+EgfyirUdqse/D7p3oG
5/DvwLl7yb+X9WyVAglqSu6O+hPVpIHr/BaOWIK9+GYSOuVwUyVYV4J6kb9z
IScvWlKTd4WJHrq2YzslfUXVlG4oRw/OlUpJkJ5IFPLbveeYCPz/AGiKcyWt
BwEA

-->

</rfc>
