Upgrade to Pro — share decks privately, control downloads, hide ads and more …

XSS using dirty Content Type in cloud era

Flatt Security
April 04, 2024
Technology
2
14k

XSS using dirty Content Type in cloud era

2024/3/31(土)開催のコミュニティイベント「Bsides Tokyo 2024」でのAzara、eiによるセッション資料です。
https://bsides.tokyo/2024/#xss-using-dirty-content-type-in-cloud-era

Flatt Security

April 04, 2024
Tweet

More Decks by Flatt Security

See All by Flatt Security
codeblue_2024_opentalks.pdf
flatt_security
0
19
Are you content with our current attacks on Content-Type?
flatt_security
2
220
開発生産性をむしろ向上させる
セキュリティパートナーの作り方 / Dev Productivity Con 2024
flatt_security
0
950
「企画力」次第でテックブログのネタは尽きない / How to plan a tech blog
flatt_security
3
570
会社紹介資料 / Culture Deck
flatt_security
0
27k
【2025卒向け】新卒採用・会社説明資料 / Culture Deck for 2025 newgrads
flatt_security
0
1.5k
プロフェッショナルサービス事業部案内 / Professional Services Dept Deck
flatt_security
1
3.9k
スタートアップ・Flatt Securityが技術ブログとオウンドメディアの両方にフルコミットする理由 - はてなブログ DevBlog Meetup #1 LT登壇
flatt_security
0
3.6k
開発者のための GitHub Organization の安全な運用と 継続的なモニタリング
flatt_security
4
9.2k

Other Decks in Technology

See All in Technology
隣接領域をBeyondするFinatextのエンジニア組織設計 / beyond-engineering-areas
stajima
1
270
インフラとバックエンドとフロントエンドをくまなく調べて遅いアプリを早くした件
tubone24
1
430
障害対応指揮の意思決定と情報共有における価値観 / Waroom Meetup #2
arthur1
5
470
いざ、BSC討伐の旅
nikinusu
2
780
BLADE: An Attempt to Automate Penetration Testing Using Autonomous AI Agents
bbrbbq
0
290
Terraform CI/CD パイプラインにおける AWS CodeCommit の代替手段
hiyanger
1
240
OCI 運用監視サービス 概要
oracle4engineer
PRO
0
4.8k
The Rise of LLMOps
asei
5
1.2k
データプロダクトの定義からはじめる、データコントラクト駆動なデータ基盤
chanyou0311
2
280
TypeScript、上達の瞬間
sadnessojisan
46
13k
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
120
IBC 2024 動画技術関連レポート / IBC 2024 Report
cyberagentdevelopers
PRO
0
110

Featured

See All Featured
Scaling GitHub
holman
458
140k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
109
49k
Thoughts on Productivity
jonyablonski
67
4.3k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
Building an army of robots
kneath
302
43k
Six Lessons from altMBA
skipperchong
27
3.5k
Speed Design
sergeychernyshev
24
610
Designing for Performance
lara
604
68k
Typedesign – Prime Four
hannesfritz
40
2.4k
Designing Experiences People Love
moore
138
23k
Imperfection Machines: The Place of Print at Facebook
scottboms
265
13k
A Philosophy of Restraint
colly
203
16k

Transcript

  1. 944VTJOHEJSUZ$POUFOU5ZQF JODMPVEFSB  B[BSB !B@[BSB@O FJ !FJ  'MBUU4FDVSJUZJOD

  2. *OUSPEVDUJPO ͋ͳͨ͸حոͳ$POUFOU5ZQFΛཧղͰ͖·͔͢  $BOZPVVOEFSTUBOEUIFDVSJPVT$POUFOU5ZQF 

  3.  JNBHFQOH )PXJTJUJOUFSQSFUFECZUIFCSPXTFS

  4.  JNBHFQOH 1/(GJMF ˣ )PXJTJUJOUFSQSFUFECZUIFCSPXTFS

  5.  UFYUIUNM )PXJTJUJOUFSQSFUFECZUIFCSPXTFS

  6.  UFYUIUNM )5.-GJMF ˣ )PXJTJUJOUFSQSFUFECZUIFCSPXTFS

  7.  UFYUIUNMJNBHFQOH )PXJTJUJOUFSQSFUFECZUIFCSPXTFS

  8.  UFYUIUNMJNBHFQOH ˣ )PXJTJUJOUFSQSFUFECZUIFCSPXTFS

  9.  UFYUIUNMJNBHFQOH )5.-GJMF ˣ )PXJTJUJOUFSQSFUFECZUIFCSPXTFS

  10.  UFYUIUNMJNBHFQOH 4XJUDI )PXJTJUJOUFSQSFUFECZUIFCSPXTFS

  11.  JNBHFQOHUFYUIUNM 1/(GJMF ˣ )PXJTJUJOUFSQSFUFECZUIFCSPXTFS

  12.  UFYUIUNM B

  13.  UFYUIUNM B JNBHFQOHYB UFYUIUNM

  14.  UFYUIUNM B JNBHFQOHYB UFYUIUNM YZ YZ YZ YZ YZ

    YZ YZ UFYUIUNM

  15.  UFYUIUNM B JNBHFUFYUIUNM JNBHFQOHYB UFYUIUNM YZ YZ YZ YZ

    YZ YZ YZ UFYUIUNM

  16.  UFYUIUNM B JNBHFUFYUIUNM JNBHFQOHYB UFYUIUNM YZ YZ YZ YZ

    YZ YZ YZ UFYUIUNM JNBHF UFYUaIUNMQOH

  17.  UFYUIUNM B JNBHFUFYUIUNM JNBHFQOHYB UFYUIUNM YZ YZ YZ YZ

    YZ YZ YZ UFYUIUNM JNBHF UFYUaIUNMQOH 🤔 ....?

  18.  UFYUIUNM B JNBHFUFYUIUNM JNBHFQOHYB UFYUIUNM YZ YZ YZ YZ

    YZ YZ YZ UFYUIUNM JNBHF UFYUaIUNMQOH 🤔)5.-GJMF

  19.  UFYUIUNM B JNBHFUFYUIUNM JNBHFQOHYB UFYUIUNM YZ YZ YZ YZ

    YZ YZ YZ UFYUIUNM JNBHF UFYUaIUNMQOH 🤔)5.-GJMF ⭕

  20.  UFYUIUNM B JNBHFUFYUIUNM JNBHFQOHYB UFYUIUNM YZ YZ YZ YZ

    YZ YZ YZ UFYUIUNM JNBHF UFYUaIUNMQOH 😱

  21. ◦ 3FTFBSDITVSSPVOEJOH$POUFOU5ZQFBOE944 ◦ /FXBUUBDLWFDUPSTFNFSHFXJUIUIFBEWFOUPGUIFDMPVE ◦ 4QFDJGJDBUJPOPG$POUFOU5ZQFBOE7BMJEBUJPO#ZQBTT5FDI ◦ &YBNQMFPGDBSSJFSXBWF3VCZMJCSBSZ ◦ $7&BOE$7&

    ◦ 4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO ◦ 4JEF4UPSZʜ  -FUTUBMLBCPVUUIFSFBMBOEJNNFEJBUFUISFBUTXFGBDF BGUFS#4JEFT5PLZP PWFSESJOLTBUUIFBGUFSQBSUZ 5PQJDT 

  22. ຊ୊ʹೖΔલʹࣗݾ঺հΛ 4FMG*OUSPEVDUJPO 

  23. /PSJIJEF4BJUPB[BSB !B@[BSB@O ɹ೥ʹגࣜձࣾ'MBUU4FDVSJUZʹೖࣾ ͠ɺ8FCΞϓϦέʔγϣϯ΍ύϒϦοΫΫϥ ΢υΛର৅ͱͨ͠ϓϩϑΣογϣφϧαʔϏ εۀ຿ʹैࣄɻ ɹ*40(+8(ͳͲͷ֎෦ஂମͰͷ׆ಈ΍ɺ +4"$  ɺ"84%FW%BZ

     ɺ 4FDVSJUZ+"84%":4  Ͱͷొஃɾϫʔ Ϋγϣοϓ։࠵ͳͲΛ௨͠ɺύϒϦοΫΫϥ ΢υͱ8FCΞϓϦέʔγϣϯʹ͓͚ΔηΩϡ ϦςΟʹؔ͢Δܒ໤ͳͲͷ׆ಈΛߦ͏ɻ 4FMGJOUSPEVDUJPO  &JKJ.PSJFJ !FJ ɹࣛࣇౡେֶେֶӃमྃޙɺ೥݄ʹג ࣜձࣾ'MBUU4FDVSJUZʹೖࣾɻηΩϡϦςΟ ΤϯδχΞͱͯ͠ɺओʹ8FCΞϓϦέʔγϣ ϯ਍அͱεϚʔτϑΥϯΞϓϦέʔγϣϯ਍ அΛ୲౰͍ͯ͠Δɻ ɹաڈʹηΩϡϦςΟΩϟϯϓؔ࿈Πϕϯτ ʹؔΘ͍ͬͯͨͨΊɺϋʔυ΢ΣΞ͔Βιϑ τ΢ΣΞ·Ͱ෯޿͘ڵຯ͕͋Δɻझຯ͸੬ऑ ੑௐࠪͱےτϨɻ

  24. ◦ .BOZ944TBSFOPXTFFOUBLJOHBEWBOUBHFPGUIFDIBSBDUFSJTUJDT PG0CKFDU4UPSBHFBOEQFSJQIFSBMJNQMFNFOUBUJPOT ◦ *ODSFEJCMF$POUFOU5ZQF.PWFNFOU*EFOUJGJFEJO $7&BOE0UIFS7VMOFSBCJMJUJFT ◦ *ODSFBTFEUISFBUTEVFUPUIFJODSFBTFJO944BUUBDLWFDUPSTBOE UIFSFTVMUJOHFBTFPG944 ◦

    1PTTJCJMJUZUPPCUBJO5PLFOTTVDIBT"DDFTT5PLFOBOE*E 5PLFOGSPNUIFCSPXTFS ◦ #FDPNFBOBUUBDLHBEHFUGPSTFSWJDFTUIBUJTTVF $SFEFOUJBMT TVDIBT"NB[PO$PHOJUP*EFOUJUZ1PPM "MJUUMFCBDLHSPVOEPOIPXXFDBNFUP CFHJOUIJT3FTFBSDI 

  25.  $POUFOU5ZQF΍ͦͷपลΛऔΓר͘ݚڀͱ944ʹ͍ͭͯ 3FTFBSDITVSSPVOEJOH$POUFOU5ZQFBOE944 

  26. 944PSJHJOBUJOHGSPNCSPXTFSCFIBWJPSBOE DIBSBDUFSFODPEJOH  IUUQTXXXEPDTXFMMDPNTIBTFHBXB-77(;Q झຯͱ࣮ӹͷ੬ऑੑൃݟ.S:PTVLF)BTFHBXB IUUQTXXXEPDTXFMMDPNTPDLFHIFN;91PXBTQ จࣈίʔυͷ੬ऑੑ͸͜ͷ೥ؒͰͲͷఔ౓ରࡦ͞Ε͔ͨ .S)JSPTIJ5PLVNBSV

  27.  IUUQTXXXEPDTXFMMDPNTIBTFHBXB-77(;Q झຯͱ࣮ӹͷ੬ऑੑൃݟ.S:PTVLF)BTFHBXB IUUQTXXXEPDTXFMMDPNTIBTFHBXB-77(;Q จࣈίʔυͷ੬ऑੑ͸͜ͷ೥ؒͰͲͷఔ౓ରࡦ͞Ε͔ͨ .S)JSPTIJ5PLVNBSV 8JUIUIFBEWFOUPG99441SPUFDUJPOBOEBXBSFOFTT PGUIFSFMFWBOUNFUIPET 'JYFTBOEDPVOUFSNFBTVSFTXJMMCFJNQMFNFOUFE 944PSJHJOBUJOHGSPNCSPXTFSCFIBWJPSBOE

    DIBSBDUFSFODPEJOH

  28. 944QBUIXBZEVFUPJOQVUWBMVFT   $POWFOUJPOBMBUUBDLQBUIT 6TFSJOQVUFYJTUTBOEJTPVUQVU 4UPSFEWJBPOFPGUIFTFSWFST 3FOEFSFECZBUFSNJOBMTVDIBTBCSPXTFS %BUB4UPSF

  29.   %BUB4UPSF 944QBUIXBZEVFUPJOQVUWBMVFT

  30.   %BUB4UPSF 944QBUIXBZEVFUPJOQVUWBMVFT

  31.   %BUB4UPSF 944QBUIXBZEVFUPJOQVUWBMVFT

  32.   %BUB4UPSF 944QBUIXBZEVFUPJOQVUWBMVFT

  33.   %BUB4UPSF 944QBUIXBZEVFUPJOQVUWBMVFT

  34.   %BUB4UPSF 944QBUIXBZEVFUPJOQVUWBMVFT

  35.   %BUB4UPSF $POUFOU5ZQFIBEUPCFBTQFDJGJD .JNF5ZQFTVDIBTUFYUIUNM 944QBUIXBZEVFUPJOQVUWBMVFT

  36.   %BUB4UPSF 4BOJUJ[BUJPOBOEFTDBQJOHBMTPJODSFBTFUIF PVUQVU 944QBUIXBZEVFUPJOQVUWBMVFT

  37. 944QBUIXBZDBVTFECZGJMFVQMPBET   %JTL4UPSBHF

  38. 944QBUIXBZDBVTFECZGJMFVQMPBET   %JTL4UPSBHF

  39.   %JTL4UPSBHF 944QBUIXBZDBVTFECZGJMFVQMPBET

  40.   %JTL4UPSBHF 944QBUIXBZDBVTFECZGJMFVQMPBET

  41.   %JTL4UPSBHF 944QBUIXBZDBVTFECZGJMFVQMPBET

  42.   %JTL4UPSBHF 944QBUIXBZDBVTFECZGJMFVQMPBET

  43.   %JTL4UPSBHF 944QBUIXBZDBVTFECZGJMFVQMPBET

  44.   %JTL4UPSBHF 944QBUIXBZDBVTFECZGJMFVQMPBET

  45.   %JTL4UPSBHF &YUFOTJPO QOHKQH  $POUFOU5ZQF JNBHFQOHJNBHFKQH  BOEPUIFSWBMJEBUJPO

    944QBUIXBZDBVTFECZGJMFVQMPBET

  46. 7BMJEBUJPO&YBNQMF'JMF6QMPBE 

  47.   %JTL4UPSBHF *GOPUBMMPXFE SFUVSOBWBMVF FHBQQMJDBUJPOPDUFUTUSFBN PSB WBMJEBUJPOFSSPSUPFOTVSFTBGFIBOEMJOH 944QBUIXBZDBVTFECZGJMFVQMPBET

  48. 944QBUIXBZDBVTFECZGJMFVQMPBET   %JTL4UPSBHF $POUFOU5ZQFUFYUIUNM

  49.   %JTL4UPSBHF $POUFOU5ZQFUFYUIUNMJTJOWBMJE ˠ7BMJEBUJPO&SSPS 944QBUIXBZDBVTFECZGJMFVQMPBET

  50.   %JTL4UPSBHF 944QBUIXBZDBVTFECZGJMFVQMPBET

  51. 8BT944BNBKPSGBDUPSJOUSBEJUJPOBMGJMFVQMPBET  ◦ 8IFOTUPSJOHGJMFTPOEJTLTUPSBHFPSEFMJWFSJOHUIFN UIF$POUFOU 5ZQFXBTTOJGGFECZUIFNJEEMFXBSFPSBQQMJDBUJPO BOEUIFBUUBDLFS DPVMEOPUEJSFDUMZTQFDJGZUIF$POUFOU5ZQF ◦ 7BMJEBUJPOXBTCFJOHEPOFBUVQMPBEUJNFJOUIFBQQMJDBUJPOBOE

    NJEEMFXBSF BOEUIFZOFFEFEUPCFCZQBTTFE #FDBVTFPGUIFBCPWFUXPQPJOUT GJMFVQMPBETJOUIFGPSNPGEJTLTUPSBHF XFSFPGUFONPSFEJGGJDVMUUPDBVTF944BTUIFZFBSTXFOUCZ  944QBUIXBZDBVTFECZGJMFVQMPBET

  52. 3FTFBSDIPO$POUFOU5ZQF  IUUQTHJUIVCDPN#MBDL'BODPOUFOUUZQFSFTFBSDICMPCNBTUFS944NE $POUFOU5ZQF3FTFBSDICZ.S#MBDL'BO 1SFDFEFOUTJOUIJT3FTFBSDI

  53. 1SFDFEFOUTJOUIJT3FTFBSDI 3FTFBSDIPO$POUFOU5ZQF  IUUQTHJUIVCDPN#MBDL'BODPOUFOUUZQFSFTFBSDICMPCNBTUFS944NE $POUFOU5ZQF3FTFBSDICZ.S#MBDL'BO 5IFJOUFSQSFUBUJPOPG$POUFOU5ZQFXBTOPUUIFNBJOUPQJDPGUIF TUVEZ BTUSBEJUJPOBMBQQMJDBUJPOJNQMFNFOUBUJPOTIBWFMJNJUFE NFUIPETGPSTQFDJGZJOHBSCJUSBSZ$POUFOU5ZQFTBOESFUSJFWJOH UIFNGSPNUIFSFTQPOTF

  54.  Ϋϥ΢υͱ৽͍͠߈ܸͷ଍৔0CKFDU4UPSBHF /FXBUUBDLWFDUPSTFNFSHFXJUIUIFBEWFOU 

  55. $MPVE MJGUcTJGUcGJSTU DBVTFEDIBOHFTJO BQQMJDBUJPOTUSVDUVSF  $%/'SPOU4FSWFS #BDLFOE$MPVE

  56. #BDLFOE$MPVE $MPVE MJGUcTJGUcGJSTU DBVTFEDIBOHFTJO BQQMJDBUJPOTUSVDUVSF  $%/'SPOU4FSWFS

  57. #BDLFOE$MPVE $MPVE MJGUcTJGUcGJSTU DBVTFEDIBOHFTJO BQQMJDBUJPOTUSVDUVSF  $%/'SPOU4FSWFS

  58. 8IBUJT0CKFDU4UPSBHF 

  59. 'JMF6QMPBEJODMPVE  %JTLTUPSBHF 0CKFDUTUPSBHF

  60. 0CKFDU%BUB #JOBSZ  .FUBEBUB ◦ .FUBEBUBDBOCFGSFFMZDPOGJHVSFEVTJOHUIF"1* ◦ $POUFOU5ZQFJOGPSNBUJPODBOBMTPCFBEEFEBTNFUBEBUB ◦ 6TFDBTFT

    ◦ 'JMF4UPSBHFGPS6QMPBEFEGJMF ◦ 'JMF%FMJWFSZ 8IBU0CKFDU4UPSBHF 

  61. 'JMF6QMPBE.FUIPET  4FSWFS4JEF6QMPBE GPS4%, $MJFOU4JEF6QMPBE GPS1SF4JHOFE63- $MJFOU4JEF6QMPBE GPS10451PMJDZ

  62. 'JMF6QMPBE.FUIPET  4FSWFS4JEF6QMPBE GPS4%, $MJFOU4JEF6QMPBE GPS1SF4JHOFE63- $MJFOU4JEF6QMPBE GPS10451PMJDZ

  63. 4FSWFS4JEF6QMPBEGPS4%,  

  64. 4FSWFS4JEF6QMPBEGPS4%,  

  65. 4FSWFS4JEF6QMPBEGPS4%,  

  66. 4FSWFS4JEF6QMPBEGPS4%,  

  67. 4FSWFS4JEF6QMPBEGPS4%,   4UPSFE

  68. 4FSWFS4JEF6QMPBEGPS4%,  

  69. 'JMF6QMPBE.FUIPET  4FSWFS4JEF6QMPBE GPS4%, $MJFOU4JEF6QMPBE GPS1SF4JHOFE63- $MJFOU4JEF6QMPBE GPS10451PMJDZ

  70. $MJFOU4JEF6QMPBEGPS1SF4JHOFE63-  

  71. $MJFOU4JEF6QMPBEGPS1SF4JHOFE63-  

  72. $MJFOU4JEF6QMPBEGPS1SF4JHOFE63-  

  73. $MJFOU4JEF6QMPBEGPS1SF4JHOFE63-  

  74. $MJFOU4JEF6QMPBEGPS1SF4JHOFE63-  

  75. $MJFOU4JEF6QMPBEGPS1SF4JHOFE63-  

  76. $MJFOU4JEF6QMPBEGPS1SF4JHOFE63-   4UPSFE

  77. $MJFOU4JEF6QMPBEGPS1SF4JHOFE63-  

  78. 'JMF6QMPBE.FUIPET  4FSWFS4JEF6QMPBE GPS4%, $MJFOU4JEF6QMPBE GPS1SF4JHOFE63- $MJFOU4JEF6QMPBE GPS10451PMJDZ

  79. $MJFOU4JEF6QMPBEGPS10451PMJDZ  

  80. $MJFOU4JEF6QMPBEGPS10451PMJDZ  

  81. $MJFOU4JEF6QMPBEGPS10451PMJDZ  

  82. $MJFOU4JEF6QMPBEGPS10451PMJDZ  

  83. $MJFOU4JEF6QMPBEGPS1SF4JHOFE63-  

  84. $MJFOU4JEF6QMPBEGPS1SF4JHOFE63-   4UPSFE

  85. $MJFOU4JEF6QMPBEGPS1SF4JHOFE63-  

  86. 0CKFDU4UPSBHF944 

  87. 0CKFDU%BUB #JOBSZ  .FUBEBUB ◦ .FUBEBUBDBOCFGSFFMZDPOGJHVSFEVTJOHUIF"1* ◦ $POUFOU5ZQFJOGPSNBUJPODBOBMTPCFBEEFEBTNFUBEBUB ◦ 6TFDBTFT

    ◦ 'JMF4UPSBHFGPS6QMPBEFEGJMF ◦ 'JMF%FMJWFSZ 0CKFDU4UPSBHF 

  88. 0CKFDU4UPSBHFPG6QMPBE.FUIPET  4FSWFS4JEF6QMPBE GPS4%, $MJFOU4JEF6QMPBE GPS1SF4JHOFE63- $MJFOU4JEF6QMPBE GPS10451PMJDZ

  89. 0CKFDU4UPSBHFPG6QMPBE.FUIPET  4FSWFS4JEF6QMPBE GPS4%, $MJFOU4JEF6QMPBE GPS1SF4JHOFE63- $MJFOU4JEF6QMPBE GPS10451PMJDZ 7BMJEBUJPOCFGPSFVQMPBEJOHJOUIFSFBMXPSME &YUFOTJPO$IFDL

    BMMPXQOHKQFHHJGʜNPSFTBGFFYUFOTJPOT ˠ 🙆  'JMF)FBEFS$IFDLˠ 🙆  $POUFOU5ZQF$IFDLˠ 🤔

  90. 0CKFDU4UPSBHFPG6QMPBE.FUIPET  4FSWFS4JEF6QMPBE GPS4%, $MJFOU4JEF6QMPBE GPS1SF4JHOFE63- $MJFOU4JEF6QMPBE GPS10451PMJDZ

  91. 4FSWFS4JEF6QMPBEGPS4%,944   5IF4%,XJMMFYQMJDJUMZHJWFQSFGFSFODFUPUIFVTFSQBTTJOH B$POUFOU5ZQF PUIFSXJTFJUXJMMTQFDJGZBTQFDJGJD $POUFOU5ZQF

  92. 4FSWFS4JEF6QMPBEGPS4%,944   4%,͸໌ࣔతʹϢʔβʔ͕$POUFOU5ZQFΛ౉͢৔߹ʹ͸༏ઌ͠ɺ ͦ͏Ͱͳ͍৔߹ʹ͸ಛఆͷ$POUFOU5ZQFΛࢦఆ͢Δ

  93. 4FSWFS4JEF6QMPBEGPS4%,944   $POUFOU5ZQFUFYUIUNM

  94. 4FSWFS4JEF6QMPBEGPS4%,944   &YUFOTJPO$IFDLˠDIFDL 🙆  'JMF)FBEFS$IFDLˠDIFDL 🙆  $POUFOU5ZQF$IFDLˠʜOPDIFDL

    😴

  95. 4FSWFS4JEF6QMPBEGPS4%,944   $POUFOU5ZQFUFYUIUNM

  96. 4FSWFS4JEF6QMPBEGPS4%,944   4UPSFE

  97. 4FSWFS4JEF6QMPBEGPS4%,944   $POUFOU5ZQFUFYUIUNM

  98. 4FSWFS4JEF6QMPBEGPS4%,944   #SPXTFSTSFOEFSXJUIUIF$POUFOU 5ZQFTQFDJGJFECZUIFTFSWFS ˠ944

  99. 0CKFDU4UPSBHFPG6QMPBE.FUIPET  4FSWFS4JEF6QMPBE GPS4%, $MJFOU4JEF6QMPBE GPS1SF4JHOFE63- $MJFOU4JEF6QMPBE GPS10451PMJDZ

  100. $MJFOU4JEF6QMPBE944   5IF4%,XJMMFYQMJDJUMZHJWFQSFGFSFODFUPUIFVTFSQBTTJOH B$POUFOU5ZQF PUIFSXJTFJUXJMMTQFDJGZBTQFDJGJD $POUFOU5ZQF

  101. $MJFOU4JEF6QMPBE944   4%,͸໌ࣔతʹϢʔβʔ͕$POUFOU5ZQFΛ౉͢৔߹ʹ͸༏ઌ͠ɺ ͦ͏Ͱͳ͍৔߹ʹ͸ಛఆͷ$POUFOU5ZQFΛࢦఆ͢Δ

  102. $MJFOU4JEF6QMPBE944  

  103. $MJFOU4JEF6QMPBE944   &YUFOTJPO$IFDLBOE4JHOFEˠ0,🙆  'JMF)FBEFS$IFDLBOE4JHOFEˠ0,🙆  $POUFOU5ZQF$IFDLBOE4JHOFEˠʜOP😴

  104. $MJFOU4JEF6QMPBE944  

  105. $MJFOU4JEF6QMPBE944   $IBOHF $POUFOU5ZQFUFYUIUNM *O1SPYZ

  106. $MJFOU4JEF6QMPBE944   4UPSFE

  107. $MJFOU4JEF6QMPBE944   )5513FTQPOTF)FBEFS l$POUFOU5ZQFUFYUIUNMz

  108. $MJFOU4JEF6QMPBE944   #SPXTFSTSFOEFSXJUIUIF$POUFOU 5ZQFTQFDJGJFECZUIFTFSWFS ˠ944

  109. 4QFDJGJDBUJPOPG$POUFOU5ZQF 

  110. 4QFDJGJDBUJPOPG$POUFOU5ZQF  8)"58('FUDITUBOEBSE )551QSPUPDPMBOE 4FNBOUJDT 3'$ 3'$  3'$ BOENPSF

  111. 4QFDJGJDBUJPOPG$POUFOU5ZQF  3'$)5514FNBOUJDTBOE$POUFOU 3'$4USVDUVSFE'JFME7BMVFTGPS)551 3'$)5514FNBOUJDT 8)"58('FUDITUBOEBSE

  112. 4QFDJGJDBUJPOPG$POUFOU5ZQF  3'$)5514FNBOUJDTBOE$POUFOU  $POUFOU5ZQF NFEJBUZQF NFEJBUZQF UZQFTVCUZQF 084084 

    QBSBNFUFS UPLFO UPLFORVPUFETUSJOH   RVPUFETUSJOH  %2605& REUFYURVPUFEQBJS %2605& REUFYU  )5"#41YY#Y%&PCTUFYU PCTUFYU  Y''

  113. 4QFDJGJDBUJPOPG$POUFOU5ZQF  3'$)5514FNBOUJDTBOE$POUFOU  $POUFOU5ZQF NFEJBUZQF NFEJBUZQF UZQFTVCUZQF 084084 

    QBSBNFUFS UPLFO UPLFORVPUFETUSJOH   RVPUFETUSJOH  %2605& REUFYURVPUFEQBJS %2605& REUFYU  )5"#41YY#Y%&PCTUFYU PCTUFYU  Y''

  114. 4QFDJGJDBUJPOPG$POUFOU5ZQF  3'$)5514FNBOUJDTBOE$POUFOU 8.3.1. Considerations for New Header Fields Whether

    the field is a single value or whether it can be a list (delimited by commas; see Section 3.2 of [RFC7230]). If it does not use the list syntax, document how to treat messages where the field occurs multiple times (a sensible default would be to ignore the field, but this might not always be the right choice). Note that intermediaries and software libraries might combine multiple header field instances into a single one, despite the field's definition not allowing the list syntax. A robust format enables recipients to discover these situations (good example: "Content-Type", as the comma can only appear inside quoted strings; bad example: "Location", as a comma can occur inside a URI).

  115. 4QFDJGJDBUJPOPG$POUFOU5ZQF  3'$)5514FNBOUJDTBOE$POUFOU Note that intermediaries and software libraries might

    combine multiple header field instances into a single one, despite the field's definition not allowing the list syntax. A robust format enables recipients to discover these situations (good example: "Content-Type", as the comma can only appear inside quoted strings; bad example: "Location", as a comma can occur inside a URI). (PPE&YBNQMF $POUFOU5ZQFJNBHFQOHIPHFlGVHB UFYUIUNMz ˠNFEJB5ZQFJNBHFQOH ˠQBSBNFUFST ◦ IPHFlGVHB UFYUIUNMz

  116. 4QFDJGJDBUJPOPG$POUFOU5ZQF  3'$)5514FNBOUJDTBOE$POUFOU Note that intermediaries and software libraries might

    combine multiple header field instances into a single one, despite the field's definition not allowing the list syntax. A robust format enables recipients to discover these situations (good example: "Content-Type", as the comma can only appear inside quoted strings; bad example: "Location", as a comma can occur inside a URI). 1PJOUTUPDPOTJEFS $POUFOU5ZQFJNBHFQOHIPHFGVHB UFYUIUNM ˠNFEJB5ZQFJNBHFQOH ˠQBSBNFUFST ◦ IPHFGVHB ˠ UFYUIUNM 🤔 -PPLBUPUIFSTQFDJGJDBUJPOT

  117. 4QFDJGJDBUJPOPG$POUFOU5ZQF  3'$4USVDUVSFE'JFME7BMVFTGPS)551 3.1 Lists Lists are arrays of zero

    or more members, each of which can be an Item (Section 3.3) or an Inner List (Section 3.1.1), both of which can be Parameterized (Section 3.1.2). 4QFD TGMJTUMJTUNFNCFS 084 084MJTUNFNCFS  MJTUNFNCFSTGJUFNJOOFSMJTU &YBNQMF &YBNQMF-JTUTVHBS UFB SVN

  118. 🤔 4QFDJGJDBUJPOPG$POUFOU5ZQF  3'$)5514FNBOUJDTBOE$POUFOU Note that intermediaries and software libraries

    might combine multiple header field instances into a single one, despite the field's definition not allowing the list syntax. A robust format enables recipients to discover these situations (good example: "Content-Type", as the comma can only appear inside quoted strings; bad example: "Location", as a comma can occur inside a URI). 1PJOUTUPDPOTJEFS $POUFOU5ZQFJNBHFQOHIPHFGVHB UFYUIUNM ˠNFEJB5ZQFJNBHFQOH UFYUIUNM ˠQBSBNFUFST ◦ IPHFGVHB UFYUIUNMDPVMECFTFUUP.FEJB5ZQFʜ

  119. 4QFDJGJDBUJPOPG$POUFOU5ZQF  3'$)5514FNBOUJDT  $POUFOU5ZQF NFEJBUZQF NFEJBUZQF UZQFTVCUZQF 084084 

    QBSBNFUFS UPLFO UPLFORVPUFETUSJOH   RVPUFETUSJOH  %2605& REUFYURVPUFEQBJS %2605& REUFYU  )5"#41YY#Y%&PCTUFYU PCTUFYU  Y''

  120. 4QFDJGJDBUJPOPG$POUFOU5ZQF  3'$)5514FNBOUJDT  $POUFOU5ZQF NFEJBUZQF NFEJBUZQF UZQFTVCUZQF 084084 

    QBSBNFUFS UPLFO UPLFORVPUFETUSJOH   RVPUFETUSJOH  %2605& REUFYURVPUFEQBJS %2605& REUFYU  )5"#41YY#Y%&PCTUFYU PCTUFYU  Y'' %FGJOJUJPOJOIFSJUFEGSPN 3'$ )5514FNBOUJDTBOE$POUFOU

  121. 4QFDJGJDBUJPOPG$POUFOU5ZQF  3'$)5514FNBOUJDT 5.6.2. Tokens Many HTTP field values are

    defined using common syntax components, separated by whitespace or specific delimiting characters. Delimiters are chosen from the set of US-ASCII visual characters not allowed in a token (DQUOTE and "(),/:;<=>?@\[\\]{}"). %2605&BOE l  !a<aa>\^ 👀 $POUFOU5ZQF7BMVFJTOPUFYQMJDJUMZNBSLFE l.645/05PS4)06-%/05 ˠ-JTU5ZQF7BMVFNBZCFBWBJMBCMF

  122. 4QFDJGJDBUJPOPG$POUFOU5ZQF  8)"58('FUDITUBOEBSE 1BSTF-PHJDGPS$POUFOU5ZQF  -FUDIBSTFUCFOVMM  -FUFTTFODFCFOVMM  -FUNJNF5ZQFCFOVMM

     -FUWBMVFTCFUIFSFTVMUPGHFUUJOH EFDPEJOH BOETQMJUUJOH$POUFOU5ZQFGSPNIFBEFST  *GWBMVFTJTOVMM UIFOSFUVSOGBJMVSF  'PSFBDIWBMVFPGWBMVFT  -FUUFNQPSBSZ.JNF5ZQFCFUIFSFTVMUPGQBSTJOHWBMVF  *GUFNQPSBSZ.JNF5ZQFJTGBJMVSFPSJUTFTTFODFJT UIFODPOUJOVF  4FUNJNF5ZQFUPUFNQPSBSZ.JNF5ZQF  *GNJNF5ZQF`TFTTFODFJTOPUFTTFODF UIFO  4FUDIBSTFUUPOVMM  *GNJNF5ZQF`TQBSBNFUFST<DIBSTFU>FYJTUT UIFOTFUDIBSTFUUPNJNF5ZQF`TQBSBNFUFST<lDIBSTFU>  4FUFTTFODFUPNJNF5ZQF`TFTTFODF  0UIFSXJTF JGNJNF5ZQF`TQBSBNFUFST<DIBSTFU>EPFTOPUFYJTU BOEDIBSTFUJTOPOOVMM TFUNJNF5ZQF`T QBSBNFUFST<DIBSTFU>UPDIBSTFU  *GNJNF5ZQFJTOVMM UIFOSFUVSOGBJMVSF  3FUVSONJNF5ZQF

  123. 4QFDJGJDBUJPOPG$POUFOU5ZQF  8)"58('FUDITUBOEBSE 7BSJBCMFTSFMBUFEUP NJNF5ZQFBSFNVUBCMF TP UIFZBSFPWFSXSJUUFOCZ'PS MPPQ 1TFVEPJNQMFNFOUBUJPOXJUI5ZQF4DSJQU

  124. 4QFDJGJDBUJPOPG$POUFOU5ZQF  8)"58('FUDITUBOEBSE 1BSTF-PHJDGPS)FBEFS7BMVFT  -FUJOQVUCFUIFSFTVMUPGJTPNPSQIJDEFDPEJOHWBMVF  -FUQPTJUJPOCFBQPTJUJPOWBSJBCMFGPSJOQVU JOJUJBMMZQPJOUJOHBUUIFTUBSUPGJOQVU 

    -FUWBMVFTCFBMJTUPGTUSJOHT JOJUJBMMZFNQUZ  -FUUFNQPSBSZ7BMVFCFUIFFNQUZTUSJOH  8IJMFQPTJUJPOJTOPUQBTUUIFFOEPGJOQVU  "QQFOEUIFSFTVMUPGDPMMFDUJOHBTFRVFODFPGDPEFQPJOUTUIBUBSFOPU6   PS6 $ GSPNJOQVU HJWFO QPTJUJPO UPUFNQPSBSZ7BMVF  *GQPTJUJPOJTOPUQBTUUIFFOEPGJOQVU UIFO  *GUIFDPEFQPJOUBUQPTJUJPOXJUIJOJOQVUJT6   UIFO  "QQFOEUIFSFTVMUPGDPMMFDUJOHBO)551RVPUFETUSJOHGSPNJOQVU HJWFOQPTJUJPO UP UFNQPSBSZ7BMVF  *GQPTJUJPOJTOPUQBTUUIFFOEPGJOQVU UIFODPOUJOVF  0UIFSXJTF  "TTFSUUIFDPEFQPJOUBUQPTJUJPOXJUIJOJOQVUJT6 $   "EWBODFQPTJUJPOCZ  3FNPWFBMM)551UBCPSTQBDFGSPNUIFTUBSUBOEFOEPGUFNQPSBSZ7BMVF  "QQFOEUFNQPSBSZ7BMVFUPWBMVFT  4FUUFNQPSBSZ7BMVFUPUIFFNQUZTUSJOH  3FUVSOWBMVFT

  125. 4QFDJGJDBUJPOPG$POUFOU5ZQF  8)"58('FUDITUBOEBSE $PNNB JTVTFEBTUIF DIBSBDUFSVTFEGPSEJWJTJPO 1TFVEPJNQMFNFOUBUJPOXJUI5ZQF4DSJQU

  126. *OUFSQSFUBUJPO%JGGFSFODFGPS4QFDJGJDBUJPO  4FNJDPMPO  1TFVEPJNQMFNFOUBUJPOXJUI5ZQF4DSJQU 3'$ $POUFOU5ZQFJNBHFQOHUFYUIUNM 8)"58( $POUFOU5ZQFJNBHFQOHUFYUIUNM

  127. *OUFSQSFUBUJPO%JGGFSFODFGPS4QFDJGJDBUJPO  4FNJDPMPO  1TFVEPJNQMFNFOUBUJPOXJUI5ZQF4DSJQU 3'$ $POUFOU5ZQFJNBHFQOHUFYUIUNM 8)"58( $POUFOU5ZQFJNBHFQOHUFYUIUNM .JNF5ZQFJTJNBHFQOH

    .JNF5ZQFJTJNBHFQOH

  128. *OUFSQSFUBUJPO%JGGFSFODFGPS4QFDJGJDBUJPO  4FNJDPMPO  1TFVEPJNQMFNFOUBUJPOXJUI5ZQF4DSJQU 3'$ $POUFOU5ZQFJNBHFQOHUFYUIUNM 8)"58( $POUFOU5ZQFJNBHFQOHUFYUIUNM .JNF5ZQFJTJNBHFQOH

    .JNF5ZQFJTJNBHFQOH 4FNJDPMPO  JTVTFEUP EFMJNJUQBSBNFUFST TPUIF

  129. *OUFSQSFUBUJPO%JGGFSFODFGPS4QFDJGJDBUJPO  $PNNB 1TFVEPJNQMFNFOUBUJPOXJUI5ZQF4DSJQU 3'$ $POUFOU5ZQFJNBHFQOH UFYUIUNM 8)"58( $POUFOU5ZQFJNBHFQOH UFYUIUNM

  130. *OUFSQSFUBUJPO%JGGFSFODFGPS4QFDJGJDBUJPO  $PNNB 1TFVEPJNQMFNFOUBUJPOXJUI5ZQF4DSJQU 3'$ $POUFOU5ZQFJNBHFQOH UFYUIUNM 8)"58( $POUFOU5ZQFJNBHFQOH UFYUIUNM

    6OEFGJOFE $POUFOU5ZQFJTEFGJOFEBTTJOHVMBS .JNF5ZQFJTUFYUIUNM

  131. *OUFSQSFUBUJPO%JGGFSFODFGPS4QFDJGJDBUJPO  $PNNB 1TFVEPJNQMFNFOUBUJPOXJUI5ZQF4DSJQU 3'$ $POUFOU5ZQFJNBHFQOH UFYUIUNM 8)"58( $POUFOU5ZQFJNBHFQOH UFYUIUNM

    6OEFGJOFE $POUFOU5ZQFJTEFGJOFEBTTJOHVMBS .JNF5ZQFJTUFYUIUNM 5SFBUTWBMVFTBTTJOHVMBSEVFUPMBDLPG JOUFSQSFUBUJPOEFGJOJUJPO

  132. &YBNQMFPGDPEFXJUIJOBEFRVBUF JNQMFNFOUBUJPO  $PEF*NQMFNFOUBUJPO "MMPXJNBHFQOH 1SFGJYNBUDI 4VGGJYNBUDI 3FHFYNBUDI JNBHFQOH UFYUIUNM

    UFYUIUNMJNBHFQOH JNBHFQOH UFYUIUNM #ZQBTT&YBNQMF *ODMVEF UFYUIUNMJNBHFQOH

  133.  $7&BOE$7& 

  134. $7&BOE$7&  $7&IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWFTFDVSJUZBEWJTPSJFT()4"HYIYHGRIK $7&IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWFTFDVSJUZBEWJTPSJFT()4"WGNWKGDQKKX

  135. $BSSJFSXBWF  - 'JMF6QMPBE - 'JMF7BMJEBUJPO - FUD

  136. $BSSJFSXBWF  $POUFOU5ZQFXBTSFHJTUFSFEJOUIF NFUBEBUBXIFOUIFPCKFDUXBTVQMPBEFE 4UPSFE

  137. GFBUVSFPG7BMJEBUJPO 

  138. $7&TPNFUIJOHXBTEJTDPWFSFE 

  139. $7&$POGJSNBUJPOPGJNQMFNFOUBUJPO 

  140. $7&$POGJSNBUJPOPGJNQMFNFOUBUJPO 

  141. $7&$POGJSNBUJPOPGJNQMFNFOUBUJPO 

  142.  JNBHFQOH $7&$POGJSNBUJPOPGJNQMFNFOUBUJPO 3FTQPOTFˠ0,

  143.  UFYUIUNM 3FTQPOTFˠ/PU'PVOE $7&$POGJSNBUJPOPGJNQMFNFOUBUJPO

  144.  BJNBHFQOH 3FTQPOTFˠ0, $7&$POGJSNBUJPOPGJNQMFNFOUBUJPO

  145. $7&$POGJSNBUJPOPGJNQMFNFOUBUJPO 

  146. $7&$POGJSNBUJPOPGJNQMFNFOUBUJPO  🤔 *XBOUUIFCSPXTFSUP SFOEFSJUBTUFYUIUN M

  147. *OUFSQSFUBUJPO%JGGFSFODFGPS4QFDJGJDBUJPO  4FNJDPMPO  1TFVEPJNQMFNFOUBUJPOXJUI5ZQF4DSJQU 3'$ $POUFOU5ZQFJNBHFQOHUFYUIUNM 8)"58( $POUFOU5ZQFJNBHFQOHUFYUIUNM .JNF5ZQFJTJNBHFQOH

    .JNF5ZQFJTJNBHFQOH 4FNJDPMPO  JTVTFEUP EFMJNJUQBSBNFUFST TPUIF

  148.  3FTQPOTFˠ0, UFYUIUNMJNBHFQOH $7&$POGJSNBUJPOPGJNQMFNFOUBUJPO

  149.  $7&&SSPOFPVT'JY1SPQPTBM .ZTJODFSFBQPMPHJFT

  150. $7&'JY1SPQPTBMBGUFS4QFDJGJDBUJPOTVSWFZ  a"\JUFN^ 4UBSUT8JUINVDI JNBHFQOH UFYUIUNM *DBO#ZQBTTJU

  151.  JNBHFQOH UFYUIUNM 3FTQPOTFˠ0, 😰 $7&'JY1SPQPTBMBGUFS4QFDJGJDBUJPOTVSWFZ

  152. $7&'JY 

  153.  $POUFOU5ZQFJNBHFQOH UFYUIUNM $7&'JY

  154.  $POUFOU5ZQFJNBHFQOH UFYUIUNM DIBOHFEUPJNBHFQOHCZ .BSDFM.JNFUZQF $7&'JY

  155.   4UPSFE $7&'JY .FUBEBUBJTTFUUPBTBGF$POUFOU5ZQF

  156. ରࡦ 4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO 

  157. 4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO  6TF6TFS*OQVU 'PS$POUFOU5ZQF 4FU.FDIBOJDBMMZEFUFSNJOFE7BMVF 'PS$POUFOU5ZQF ◦ $POUFOU5ZQFJTBOFYBDUNBUDI ◦ /PQBSUJBMNBUDIFTBSFVTFE

    ◦ /PTUBSUT8JUI ◦ /PFOET8JUI ◦ /PJODMVEFT ◦ #FDBSFGVMPGVOJOUFOEFETUSJOH NBUDIFTXIFOVTJOHSFHVMBS FYQSFTTJPOT ◦ ?JNBHF QOHcKQFHcKQHcHJG  ◦ %FUFSNJOFUIFWBMVFPG$POUFOU UZQFCBTFEPOUIFJOGPSNBUJPOJO UIFGJMF ◦ 'JMF)FBEFS ◦ &YUFOTJPO ◦ 7BMJEBUJPOPGUIFEFUFSNJOFEWBMVF

  158.  4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO 7BMJEBUJPOXJUIGJYFEWBMVFT &YBNQMF4FSWFS4JEF

  159.  4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO &YBNQMF4FSWFS4JEF

  160.  4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO $POUFOU5ZQFUFYUIUNM &YBNQMF4FSWFS4JEF

  161.  4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO $POUFOU5ZQFUFYUIUNM &YBNQMF4FSWFS4JEF

  162.  4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO 9 &YBNQMF4FSWFS4JEF

  163.   5IFBMMPXFE$POUFOU5ZQFT FHJNBHFQOH  BSFQSFEFUFSNJOFE 4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO &YBNQMF$MJFOU4JEF

  164.   4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO

  165.   4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO

  166.   &YBNQMF$MJFOU4JEF 4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO

  167.   &YBNQMF$MJFOU4JEF 4JHOXJUIB$POUFOU5ZQF)FBEFS XJUI7BMJEBUJPOBOEEFUFSNJOFE WBMVFT 4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO

  168.   4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO

  169.   $IBOHFUP $POUFOU5ZQFUFYUIUNM *O1SPYZ 4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO

  170.   7FSJGZTJHOBUVSFTBOESFKFDUJG EJGGFSFOU 4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO

  171.   4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO

  172. 4JEF4UPSZ.JNF5ZQF4OJGGJOH 

  173.  UFYUIUNM B JNBHFUFYUIUNM JNBHFQOHYB UFYUIUNM YZ YZ YZ YZ

    YZ YZ YZ UFYUIUNM JNBHF UFYUaIUNMQOH 🤔

  174.  UFYUIUNM B JNBHFUFYUIUNM JNBHFQOHYB UFYUIUNM YZ YZ YZ YZ

    YZ YZ YZ UFYUIUNM JNBHF UFYUaIUNMQOH 🤔 VOLOPXOUZQF

  175.  UFYUIUNM B JNBHFUFYUIUNM JNBHFQOHYB UFYUIUNM YZ YZ YZ YZ

    YZ YZ YZ UFYUIUNM JNBHF UFYUaIUNMQOH 😊 VOLOPXOUZQF ⭕

  176.  UFYUIUNM B JNBHFUFYUIUNM JNBHFQOHYB UFYUIUNM YZ YZ YZ YZ

    YZ YZ YZ UFYUIUNM JNBHF UFYUaIUNMQOH .JNF5ZQFTOJGGFS )J 😊

  177.  UFYUIUNM B JNBHFUFYUIUNM JNBHFQOHYB UFYUIUNM YZ YZ YZ YZ

    YZ YZ YZ UFYUIUNM JNBHF UFYUaIUNMQOH .JNF5ZQFTOJGGFS 5IJTJTBOPUIFSTUPSZ

  178.  5IBOLZPVGPSZPVSBUUFOUJPOʂ

  179. 3FGFSFODF 

  180. ◦ $POUFOU4FDVSJUZ1PMJDZ ◦ IUUQTEFWFMPQFSNP[JMMBPSHKBEPDT8FC)551)FBEFST$POUFOU4FDVSJUZ1PMJDZ ◦ "NB[PO4 ◦ IUUQTBXTBNB[PODPNKQT ◦ BXTTELKTW

    ◦ IUUQTHJUIVCDPNBXTBXTTELKTW ◦ TJHOFE63- ◦ IUUQTEPDTBXTBNB[PODPNKB@KQ*".MBUFTU6TFS(VJEFDSFBUFTJHOFESFRVFTUIUNM ◦ $BSSJFSXBWF ◦ IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWF ◦ 3'$ ◦ IUUQTEBUBUSBDLFSJFUGPSHEPDIUNMSGD ◦ 3'$ ◦ IUUQTEBUBUSBDLFSJFUGPSHEPDIUNMSGD ◦ 3'$ ◦ IUUQTEBUBUSBDLFSJFUGPSHEPDIUNMSGD ◦ 'FUDI4UBOEBSE ◦ IUUQTGFUDITQFDXIBUXHPSH ◦ #ZQBTTJOHBOEFYQMPJUJOH#VDLFU6QMPBE1PMJDJFTBOE4JHOFE63-T ◦ IUUQTMBCTEFUFDUJGZDPNXSJUFVQTCZQBTTJOHBOEFYQMPJUJOHCVDLFUVQMPBEQPMJDJFTBOETJHOFEVSMT ◦ $POUFOU5ZQFBMMPXMJTUCZQBTTWVMOFSBCJMJUZ QPTTJCMZMFBEJOHUP944 ◦ IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWFTFDVSJUZBEWJTPSJFT()4"HYIYHGRIK 3FGFSFODF