commit b90e85e5fb73543213d7b85a49636c46451d6cfa
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Mon, 11 Nov 2024 22:43:38 +0100
add cake draft
Diffstat:
6 files changed, 1638 insertions(+), 0 deletions(-)
diff --git a/.buildbot/build.sh b/.buildbot/build.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+make
diff --git a/.buildbot/firefly-x86_64-amdepyc_deploy.sh b/.buildbot/firefly-x86_64-amdepyc_deploy.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Deploy rest api from buildbot
+
+if [ -e index.html ]; then
+ rm index.html
+fi
+ln -s lsd0012.html index.html
+chmod -R ag+rX lsd0012.* index.html .
+rsync --exclude=".*" --exclude="Makefile" -a --delete ./ lsd@firefly.gnunet.org:~/public/lsd0012/
diff --git a/.buildbot/firefly-x86_64-amdepyc_deploy.sh~ b/.buildbot/firefly-x86_64-amdepyc_deploy.sh~
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Deploy rest api from buildbot
+
+if [ -e index.html ]; then
+ rm index.html
+fi
+ln -s lsd0001.html index.html
+chmod -R ag+rX lsd0001.* index.html .
+rsync --exclude=".*" --exclude="Makefile" -a --delete ./ lsd@firefly.gnunet.org:~/public/lsd0001/
diff --git a/Makefile b/Makefile
@@ -0,0 +1,8 @@
+all: txt html
+
+html:
+ xml2rfc --html --css style.css draft-schanzen-cake.xml
+
+txt:
+ xml2rfc draft-schanzen-cake.xml
+
diff --git a/draft-schanzen-cake.xml b/draft-schanzen-cake.xml
@@ -0,0 +1,458 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!DOCTYPE rfc [
+<!ENTITY RFC1034 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1034.xml">
+<!ENTITY RFC1035 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1035.xml">
+<!ENTITY RFC1928 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1928.xml">
+<!ENTITY RFC2119 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
+<!--<!ENTITY RFC2693 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2693.xml">-->
+<!ENTITY RFC2782 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2782.xml">
+<!ENTITY RFC3629 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3629.xml">
+<!ENTITY RFC3686 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3686.xml">
+<!ENTITY RFC3826 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3826.xml">
+<!ENTITY RFC4033 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4033.xml">
+<!ENTITY RFC5237 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5237.xml">
+<!--<!ENTITY RFC3912 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3912.xml">-->
+<!ENTITY RFC5869 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5869.xml">
+<!ENTITY RFC5890 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5890.xml">
+<!ENTITY RFC5895 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5895.xml">
+<!ENTITY RFC6066 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6066.xml">
+<!ENTITY RFC6761 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6761.xml">
+<!ENTITY RFC6895 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6895.xml">
+<!ENTITY RFC6979 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6979.xml">
+<!ENTITY RFC7363 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7363.xml">
+<!ENTITY RFC8806 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8806.xml">
+<!ENTITY RFC7748 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7748.xml">
+<!ENTITY RFC8126 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8126.xml">
+<!ENTITY RFC8174 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8174.xml">
+<!ENTITY RFC8244 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8244.xml">
+<!ENTITY RFC8324 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8324.xml">
+<!ENTITY RFC8446 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8446.xml">
+<!ENTITY RFC8499 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8499.xml">
+<!ENTITY RFC9106 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.9106.xml">
+<!ENTITY RFC9180 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.9180.xml">
+<!ENTITY I-D.ietf-dnsop-alt-tld PUBLIC '' "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-dnsop-alt-tld.xml">
+]>
+<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
+<?rfc strict="yes" ?>
+<?rfc toc="yes" ?>
+<?rfc symrefs="yes"?>
+<?rfc sortrefs="yes" ?>
+<?rfc compact="yes" ?>
+<?rfc subcompact="no" ?>
+<rfc xmlns:xi="http://www.w3.org/2001/XInclude"
+ category="info"
+ docName="draft-schanzen-cake-00"
+ ipr="trust200902"
+ obsoletes="" updates=""
+ submissionType="independent"
+ xml:lang="en"
+ version="3">
+ <!-- xml2rfc v2v3 conversion 2.26.0 -->
+ <front>
+ <title abbrev="CORE Authenticated Key Exchange (CAKE)">
+ CORE Authenticated Key Exchange (CAKE)
+ </title>
+ <seriesInfo name="Internet-Draft" value="draft-schanzen-cake-00"/>
+ <author fullname="Martin Schanzenbach" initials="M." surname="Schanzenbach">
+ <organization>Fraunhofer AISEC</organization>
+ <address>
+ <postal>
+ <street>Lichtenbergstrasse 11</street>
+ <city>Garching</city>
+ <code>85748</code>
+ <country>DE</country>
+ </postal>
+ <email>martin.schanzenbach@aisec.fraunhofer.de</email>
+ </address>
+ </author>
+ <!-- Meta-data Declarations -->
+ <area>General</area>
+ <workgroup>Independent Stream</workgroup>
+ <keyword>transport protocols</keyword>
+ <abstract>
+ <t>
+ This document contains the GNUnet CORE AKE (CAKE).
+ </t>
+ <t>
+ This document defines the normative wire format of the protocol,
+ cryptographic routines and security
+ considerations for use by implementers.
+ </t>
+ <t>
+ This specification was developed outside the IETF and does not have
+ IETF consensus. It is published here to inform readers about the
+ function of GNUnet communicators, guide future implementations, and ensure
+ interoperability including with the pre-existing
+ GNUnet implementation.
+ </t>
+ </abstract>
+ </front>
+ <middle>
+ <section anchor="introduction" numbered="true" toc="default">
+ <name>Introduction</name>
+ <t>
+ This specification was developed outside the IETF and does not have
+ IETF consensus. It is published here to guide implementers of GNS
+ and to ensure interoperability among implementations.
+ </t>
+ <section numbered="true" toc="default">
+ <name>Requirements Notation</name>
+ <t>
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
+ "OPTIONAL" in this document are to be interpreted as described in
+ BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only
+ when, they appear in all capitals, as shown here.
+ </t>
+ </section>
+ </section>
+ <section anchor="terminology">
+ <name>Terminology</name>
+ <dl>
+ <dt>IATS</dt>
+ <dd>Initiator Application Traffic Secret Key</dd>
+ <dt>RATS</dt> <dd>Receiver Application Traffic Secret Key</dd>
+ <dt>dES</dt> <dd>Derived Early Secret Key</dd>
+ <dt>dHS</dt> <dd>Derived Handshake Key</dd>
+ <dt>ES</dt> <dd>Early Secret Key</dd>
+ <dt>ETS</dt> <dd>Early Traffic Secret Key</dd>
+ <dt>HS</dt> <dd>Handshake Secret Key</dd>
+ <dt>MS</dt> <dd>Main Secret Key</dd>
+ <dt>ES</dt> <dd>Early Secret Key</dd>
+ <dt>IHTS</dt> <dd>Initiator Handshake Secret Key</dd>
+ <dt>RHTS</dt> <dd>Receiver Handshake Secret Key</dd>
+ <dt>Foo...Bar</dt> <dd>means the transcript of received/send messages from Foo until Bar</dd>
+ </dl>
+ </section>
+ <section anchor="notation" numbered="true" toc="default">
+ <name>Notation</name>
+ <t>
+ We use the notation and terminology of <xref target="RFC9180"/> throughout
+ this document.
+ In addition, we define:
+ </t>
+ <dl>
+ <dt>coinFlip()</dt>
+ <dd>
+ A helper function that returns "heads" or "tails". Each result is
+ returned with a likelihood of 50%.
+ </dd>
+ </dl>
+ </section>
+ <section anchor="handshake" numbered="true" toc="default">
+ <name>Handshake protocol</name>
+ <t>
+ This protocol is heavily inspired by <xref target="KEMTLS"/>.
+ </t>
+ <t>
+ We assume that the peers have semi-static (as opposed to ephemeral) key pairs. Let (pk<sub>A/<sub>,sk<sub>A</sub>) be the key pair of peer PID</sub>A</sub> and (pk<sub>B</sub>,sk<sub>B</sub>) the key pair of peer PID<sub>B</sub>.
+ </t>
+ <t>
+ For any secure handshake protocol, we have to dermine an initiator and a receiver in the protocol. We use <tt>GNUNET_CRYPTO_hash_cmp</tt> to determine which peer is the receiver R and which peer the initiator I:
+ </t>
+ <sourcecode>
+ <![CDATA[
+if (GNUNET_CRYPTO_hash_cmp (pk_A, pk_B))
+{
+ pk_I = pk_A
+ pk_R = pk_B
+}
+else
+{
+ pk_I = pk_B
+ pk_R = pk_A
+}
+ ]]>
+ </sourcecode>
+ <t>
+ It is possible that the designated initiator does not initiate the handshake. After a pre-determined timeout, the respective other peer may initiate.
+ We assume that the initiator knows pk<sub>R</sub> (pre-distributed through <tt>HELLO</tt>, for example).
+ </t>
+ <t>
+ Below is a swimlane of the protocol messages.
+ On the left and right side of the swimlanes the secrets known to the Initiator and Receiver are
+ shown respectively.
+ If a private key of a key pair is known it is implied that the public key is also known.
+ Messages in brackets are optional.
+ Messages in braces are encrypted with the key after "*".
+ </t>
+ <figure anchor="figure_swimlane" title="Overview over the Handshake Protocol Flow.">
+ <artwork name="" type="" align="left" alt=""><![CDATA[
+ Initiator Receiver
+sk_I | | sk_R
+pk_R | |
+sk_e | |
+ss_R | |
+ES,ETS | |
+ | |
+ | InitiatorHello |
+ | (InitiatorCert)*ETS |
+ +---------------------------------------------->|
+ | | pk_I
+ | | pk_e
+ | | ss_R
+ | | ES,ETS
+ | | dES
+ | | ss_e
+ | | (d)HS
+ | | ss_I
+ | | MS
+ | | [I,R]HTS
+ | | RATS
+ | ReceiverHello |
+ | (ReceiverCert)*RHTS |
+ | (ReceiverKemCiphertext)*RTHS |
+ | (ReceiverFinished)*RHTS |
+ | [(Application Payload)*RATS] |
+ |<----------------------------------------------+
+ss_e | |
+dES | |
+(d)HS | |
+ss_I | |
+MS | |
+[I,R]HTS | |
+[I,R]ATS | |
+ | |
+ | (InitiatorFinished)*IHTS |
+ | [(Application Payload)*IATS] |
+ +---------------------------------------------->|
+ | | RATS
+ | |
+ | |
+ | |
+ | (Application Payload)*RATS |
+ |<----------------------------------------------|
+ | (Application Payload)*IATS |
+ |---------------------------------------------->|
+ | |
+ v v
+ ]]></artwork>
+ </figure>
+ <t>
+ Expectedly, the key schedule is very similar to <xref target="RFC8446"/> Section 7.1:
+ </t>
+ <figure anchor="figure_key_schedule" title="The Key Schedule.">
+ <artwork name="" type="" align="left" alt=""><![CDATA[
+ 0
+ |
+ v
+ss_R -> HKDF-Extract = Early Secret (ES)
+ |
+ +-----> HKDF-Expand(., "early data", InitiatorHello)
+ | = Early Transport Secret (ETS)
+ |
+ v
+ HKDF-Expand(., "derived", "") = derived Early Secret (dES)
+ |
+ v
+ss_e -> HKDF-Extract = Handshake Secret (HS)
+ |
+ +-----> HKDF-Expand(., "i hs traffic",
+ | InitiatorHello...ReceiverHello)
+ | = IHTS
+ |
+ +-----> HKDF-Expand(., "r hs traffic",
+ | InitiatorHello...ReceiverHello)
+ | = RHTS
+ v
+ HKDF-Expand(., "derived", "") = derived Handshake Secret (dHS)
+ |
+ v
+ss_I -> HKDF-Extract = Master Secret (MS)
+ |
+ +-----> HKDF-Expand(., "i ap traffic",
+ | InitiatorHello...ReceiverFinished)
+ | = IATS
+ |
+ +-----> HKDF-Expand(., "r ap traffic",
+ InitiatorHello...ReceiverFinished)
+ = RATS
+ ]]></artwork>
+ </figure>
+ <section anchor="first_message" numbered="true" toc="default">
+ <name>First Message</name>
+ <t>
+ I sends to R the <tt>FirstMessage</tt> consisting of a <tt>MessageHeader</tt>,
+ the <tt>InitiatorHello</tt> and the encrypted <tt>InitiatorCertificate</tt> as defined
+ in the following.
+ </t>
+ <figure anchor="figure_first_msg" title="The Wire Format of the FirstMessage.">
+ <artwork name="" type="" align="left" alt=""><![CDATA[
+ 0 8 16 24 32 40 48 56
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | MessageHeader |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ / InitiatorHello /
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ / Encrypted InitiatorCertificate /
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ ]]></artwork>
+ </figure>
+ <figure anchor="figure_msghdr" title="The Wire Format of the Message Header.">
+ <artwork name="" type="" align="left" alt=""><![CDATA[
+ 0 8 16 24 32 40 48 56
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | Size | Purpose (0xXX) |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ ]]></artwork>
+ </figure>
+ <figure anchor="figure_inithello" title="The Wire Format of the InitiatorHello.">
+ <artwork name="" type="" align="left" alt=""><![CDATA[
+ 0 8 16 24 32 40 48 56
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | EphemeralKey |
+ | |
+ | |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | PeerID Hash (512 bit) |
+ / /
+ | |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | Nonce |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ ]]></artwork>
+ </figure>
+ <figure anchor="figure_initcert" title="The Wire Format of the plaintext of the InitiatorCertificate.">
+ <artwork name="" type="" align="left" alt=""><![CDATA[
+ 0 8 16 24 32 40 48 56
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | PeerID |
+ | |
+ | |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | ServicesString |
+ / /
+ / /
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ ]]></artwork>
+ </figure>
+ <t>
+ The encryption key ETS is generated according to <xref target="figure_key_schedule"/> using:
+ </t>
+ <ol>
+ <li>(ss<sub>R</sub>,c<sub>R</sub>) <- Encaps(pk<sub>R</sub>)</li>
+ </ol>
+ <t>
+ The <tt>InitiatorCert</tt> is encrypted using XChaCha20-Poly1305 (citation to IETF RFC).
+ <!-- FIXME: Discuss IV. We may be able to use data from HKDF-Expand for that -->
+ </t>
+ </section>
+ <section anchor="second_message" numbered="true" toc="default">
+ <name>Second Message</name>
+ <t>
+ R receives the <tt>FirstMessage</tt>, and processes it as defined in the following
+ to create and send the <tt>SecondMessage</tt>.
+ </t>
+ <figure anchor="figure_second_msg" title="The Wire Format of the SecondMessage.">
+ <artwork name="" type="" align="left" alt=""><![CDATA[
+ 0 8 16 24 32 40 48 56
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ | MessageHeader |
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ / ReceiverHello /
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ / Encrypted ServicesString /
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ / ReceiverKemCiphertext /
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ / ReceiverFinished /
+ +-----+-----+-----+-----+-----+-----+-----+-----+
+ ]]></artwork>
+ </figure>
+ <t>
+ The encryption key ETS to decrypt the encrypted <tt>IntiatorCertificate</tt>, the Handshake and Master Secrets are generated according to <xref target="figure_key_schedule"/> using:
+ </t>
+ <ol>
+ <li>(ss<sub>R</sub>,c<sub>R</sub>) <- Decaps(sk<sub>R</sub>, c<sub>R</sub>)</li>
+ <li>(ss<sub>e</sub>,c<sub>e</sub>) <- Encaps(pk<sub>e</sub>)</li>
+ <li>(ss<sub>I</sub>,c<sub>I</sub>) <- Encaps(pk<sub>I</sub>)</li>
+ </ol>
+ <t>
+ The secrets can also be generated as-needed and not necessarily all at once.
+ Note that IATS cannot be derived (yet) at this point.
+ </t>
+ <t>
+ ReceiverHello and ReceiverKemCiphertext:
+ </t>
+ <ol>
+ <li>ReceiverHello <- (c<sub>e</sub>, r<sub>R</sub>, [SelectedAlgs])</li>
+ <li>ReceiverKemCiphertext <- Enc(RHTS, c<sub>I</sub>)</li>
+ </ol>
+ <t>
+ Build ReceiverFinished message:
+ </t>
+ <ol>
+ <li>fk<sub>R</sub> <- HKDF-Expand(MS, "r finished", NULL)</li>
+ <li>RF <- HMAC(fk<sub>R</sub>, InitiatorHello...ReceiverKemCiphertext)</li>
+ <li>ReceiverFinished <- Enc(RHTS, RF) (TLS1.3-style explicit authentication of receiver after 1RTT!)</li>
+ </ol>
+ </section>
+ <section anchor="third_message" numbered="true" toc="default">
+ <name>First Message</name>
+ <t>
+ R sends to I the third message consisting of a <tt>MessageHeader</tt>,
+ the <tt>InitiatorFinished</tt> message as defined
+ in the following.
+ </t>
+ <ol>
+ <li>Verify that the message type is TBD</li>
+ <li>Setup Master Secret (MS) using ss<sub>e</sub> <- Decaps(sk<sub>e</sub>,c<sub>e</sub>).</li>
+ <li>Derive Traffic Encryption Keys using <tt>HS</tt> and <tt>MS</tt>.</li>
+ <li>fk<sub>I</sub> <- HKDF-Expand(MS, "i finished", NULL)</li>
+ <li>IF <- HMAC(fk<sub>I</sub>, InitiatorHello...ReceiverFinished)</li>
+ <li>fk<sub>R</sub> <- HKDF-Expand(MS, "r finished", NULL)</li>
+ <li>RF <- Dec(RHTS, ReceiverFinished)</li>
+ <li>assert HMAC(fk<sub>R</sub>, InitiatorHello...ReceiverKemCiphertext) == RF</li>
+ <li>InitiatorFinished <- Enc(IHTS, IF)</li>
+ </ol>
+ </section>
+ </section>
+ <section anchor="security" numbered="true" toc="default">
+ <name>Security and Privacy Considerations</name>
+ <t>
+ TODO
+ </t>
+ </section>
+ <!-- gana -->
+ <section>
+ <name>GANA Considerations</name>
+ <t>
+ -
+ </t>
+ </section>
+ <!-- <section>
+ <name>Implementation and Deployment Status</name>
+ <t>
+ FIXME
+ </t>
+ </section>
+ <section>
+ <name>Acknowledgements</name>
+ <t>
+ FIXME
+ </t>
+ </section>-->
+ </middle>
+ <back>
+ <references>
+ <name>Normative References</name>
+ &RFC2119;
+ &RFC8174;
+ &RFC8446;
+ &RFC9180;
+
+ </references>
+ <references>
+ <name>Informative References</name>
+ <reference anchor="KEMTLS" target="https://thomwiggers.nl/publication/thesis/">
+ <front>
+ <title>Post-Quantum TLS</title>
+ <author initials="T." surname="Wiggers" fullname="Thom Wiggers">
+ <organization>Radboud University</organization>
+ </author>
+ <date year="2024"/>
+ </front>
+ </reference>
+</references>
+ </back>
+</rfc>
diff --git a/style.css b/style.css
@@ -0,0 +1,1149 @@
+/* This is the built-in CSS used by xml2rfc without Google Fonts. */
+
+/*
+
+ NOTE: Changes at the bottom of this file overrides some earlier settings.
+
+ Once the style has stabilized and has been adopted as an official RFC style,
+ this can be consolidated so that style settings occur only in one place, but
+ for now the contents of this file consists first of the initial CSS work as
+ provided to the RFC Formatter (xml2rfc) work, followed by itemized and
+ commented changes found necssary during the development of the v3
+ formatters.
+
+*/
+
+/* fonts */
+/* @import url('https://fonts.googleapis.com/css?family=Noto+Sans'); /\* Sans-serif *\/ */
+/* @import url('https://fonts.googleapis.com/css?family=Noto+Serif'); /\* Serif (print) *\/ */
+/* @import url('https://fonts.googleapis.com/css?family=Roboto+Mono'); /\* Monospace *\/ */
+
+@viewport {
+ zoom: 1.0;
+ width: extend-to-zoom;
+}
+@-ms-viewport {
+ width: extend-to-zoom;
+ zoom: 1.0;
+}
+/* general and mobile first */
+html {
+}
+body {
+ max-width: 90%;
+ margin: 1.5em auto;
+ color: #222;
+ background-color: #fff;
+ font-size: 14px;
+ font-family: 'Noto Sans', Arial, Helvetica, sans-serif;
+ line-height: 1.6;
+ scroll-behavior: smooth;
+}
+.ears {
+ display: none;
+}
+
+/* headings */
+#title, h1, h2, h3, h4, h5, h6 {
+ margin: 1em 0 0.5em;
+ font-weight: bold;
+ line-height: 1.3;
+}
+#title {
+ clear: both;
+ border-bottom: 1px solid #ddd;
+ margin: 0 0 0.5em 0;
+ padding: 1em 0 0.5em;
+}
+.author {
+ padding-bottom: 4px;
+}
+h1 {
+ font-size: 26px;
+ margin: 1em 0;
+}
+h2 {
+ font-size: 22px;
+ margin-top: -20px; /* provide offset for in-page anchors */
+ padding-top: 33px;
+}
+h3 {
+ font-size: 18px;
+ margin-top: -36px; /* provide offset for in-page anchors */
+ padding-top: 42px;
+}
+h4 {
+ font-size: 16px;
+ margin-top: -36px; /* provide offset for in-page anchors */
+ padding-top: 42px;
+}
+h5, h6 {
+ font-size: 14px;
+}
+#n-copyright-notice {
+ border-bottom: 1px solid #ddd;
+ padding-bottom: 1em;
+ margin-bottom: 1em;
+}
+/* general structure */
+p {
+ padding: 0;
+ margin: 0 0 1em 0;
+ text-align: left;
+}
+div, span {
+ position: relative;
+}
+div {
+ margin: 0;
+}
+.alignRight.art-text {
+ background-color: #f9f9f9;
+ border: 1px solid #eee;
+ border-radius: 3px;
+ padding: 1em 1em 0;
+ margin-bottom: 1.5em;
+}
+.alignRight.art-text pre {
+ padding: 0;
+}
+.alignRight {
+ margin: 1em 0;
+}
+.alignRight > *:first-child {
+ border: none;
+ margin: 0;
+ float: right;
+ clear: both;
+}
+.alignRight > *:nth-child(2) {
+ clear: both;
+ display: block;
+ border: none;
+}
+svg {
+ display: block;
+}
+.alignCenter.art-text {
+ background-color: #f9f9f9;
+ border: 1px solid #eee;
+ border-radius: 3px;
+ padding: 1em 1em 0;
+ margin-bottom: 1.5em;
+}
+.alignCenter.art-text pre {
+ padding: 0;
+}
+.alignCenter {
+ margin: 1em 0;
+}
+.alignCenter > *:first-child {
+ border: none;
+ /* this isn't optimal, but it's an existence proof. PrinceXML doesn't
+ support flexbox yet.
+ */
+ display: table;
+ margin: 0 auto;
+}
+
+/* lists */
+ol, ul {
+ padding: 0;
+ margin: 0 0 1em 2em;
+}
+ol ol, ul ul, ol ul, ul ol {
+ margin-left: 1em;
+}
+li {
+ margin: 0 0 0.25em 0;
+}
+.ulCompact li {
+ margin: 0;
+}
+ul.empty, .ulEmpty {
+ list-style-type: none;
+}
+ul.empty li, .ulEmpty li {
+ margin-top: 0.5em;
+}
+ul.ulBare, li.ulBare {
+ margin-left: 0em !important;
+}
+ul.compact, .ulCompact,
+ol.compact, .olCompact {
+ line-height: 100%;
+ margin: 0 0 0 2em;
+}
+
+/* definition lists */
+dl {
+}
+dl > dt {
+ float: left;
+ margin-right: 1em;
+}
+/*
+dl.nohang > dt {
+ float: none;
+}
+*/
+dl > dd {
+ margin-bottom: .8em;
+ min-height: 1.3em;
+}
+dl.compact > dd, .dlCompact > dd {
+ margin-bottom: 0em;
+}
+dl > dd > dl {
+ margin-top: 0.5em;
+ margin-bottom: 0em;
+}
+
+/* links */
+a {
+ text-decoration: none;
+}
+a[href] {
+ color: #22e; /* Arlen: WCAG 2019 */
+}
+a[href]:hover {
+ background-color: #f2f2f2;
+}
+figcaption a[href],
+a[href].selfRef {
+ color: #222;
+}
+/* XXX probably not this:
+a.selfRef:hover {
+ background-color: transparent;
+ cursor: default;
+} */
+
+/* Figures */
+tt, code, pre, code {
+ background-color: #f9f9f9;
+ font-family: 'Roboto Mono', monospace;
+}
+pre {
+ border: 1px solid #eee;
+ margin: 0;
+ padding: 1em;
+}
+img {
+ max-width: 100%;
+}
+figure {
+ margin: 0;
+}
+figure blockquote {
+ margin: 0.8em 0.4em 0.4em;
+}
+figcaption {
+ font-style: italic;
+ margin: 0 0 1em 0;
+}
+@media screen {
+ pre {
+ overflow-x: auto;
+ max-width: 100%;
+ max-width: calc(100% - 22px);
+ }
+}
+
+/* aside, blockquote */
+aside, blockquote {
+ margin-left: 0;
+ padding: 1.2em 2em;
+}
+blockquote {
+ background-color: #f9f9f9;
+ color: #111; /* Arlen: WCAG 2019 */
+ border: 1px solid #ddd;
+ border-radius: 3px;
+ margin: 1em 0;
+}
+cite {
+ display: block;
+ text-align: right;
+ font-style: italic;
+}
+
+/* tables */
+table {
+ width: 100%;
+ margin: 0 0 1em;
+ border-collapse: collapse;
+ border: 1px solid #eee;
+}
+th, td {
+ text-align: left;
+ vertical-align: top;
+ padding: 0.5em 0.75em;
+}
+th {
+ text-align: left;
+ background-color: #e9e9e9;
+}
+tr:nth-child(2n+1) > td {
+ background-color: #f5f5f5;
+}
+table caption {
+ font-style: italic;
+ margin: 0;
+ padding: 0;
+ text-align: left;
+}
+table p {
+ /* XXX to avoid bottom margin on table row signifiers. If paragraphs should
+ be allowed within tables more generally, it would be far better to select on a class. */
+ margin: 0;
+}
+
+/* pilcrow */
+a.pilcrow {
+ color: #666; /* Arlen: AHDJ 2019 */
+ text-decoration: none;
+ visibility: hidden;
+ user-select: none;
+ -ms-user-select: none;
+ -o-user-select:none;
+ -moz-user-select: none;
+ -khtml-user-select: none;
+ -webkit-user-select: none;
+ -webkit-touch-callout: none;
+}
+@media screen {
+ aside:hover > a.pilcrow,
+ p:hover > a.pilcrow,
+ blockquote:hover > a.pilcrow,
+ div:hover > a.pilcrow,
+ li:hover > a.pilcrow,
+ pre:hover > a.pilcrow {
+ visibility: visible;
+ }
+ a.pilcrow:hover {
+ background-color: transparent;
+ }
+}
+
+/* misc */
+hr {
+ border: 0;
+ border-top: 1px solid #eee;
+}
+.bcp14 {
+ font-variant: small-caps;
+}
+
+.role {
+ font-variant: all-small-caps;
+}
+
+/* info block */
+#identifiers {
+ margin: 0;
+ font-size: 0.9em;
+}
+#identifiers dt {
+ width: 3em;
+ clear: left;
+}
+#identifiers dd {
+ float: left;
+ margin-bottom: 0;
+}
+/* Fix PDF info block run off issue */
+@media print {
+ #identifiers dd {
+ float: none;
+ }
+}
+#identifiers .authors .author {
+ display: inline-block;
+ margin-right: 1.5em;
+}
+#identifiers .authors .org {
+ font-style: italic;
+}
+
+/* The prepared/rendered info at the very bottom of the page */
+.docInfo {
+ color: #666; /* Arlen: WCAG 2019 */
+ font-size: 0.9em;
+ font-style: italic;
+ margin-top: 2em;
+}
+.docInfo .prepared {
+ float: left;
+}
+.docInfo .prepared {
+ float: right;
+}
+
+/* table of contents */
+#toc {
+ padding: 0.75em 0 2em 0;
+ margin-bottom: 1em;
+}
+nav.toc ul {
+ margin: 0 0.5em 0 0;
+ padding: 0;
+ list-style: none;
+}
+nav.toc li {
+ line-height: 1.3em;
+ margin: 0.75em 0;
+ padding-left: 1.2em;
+ text-indent: -1.2em;
+}
+/* references */
+.references dt {
+ text-align: right;
+ font-weight: bold;
+ min-width: 7em;
+}
+.references dd {
+ margin-left: 8em;
+ overflow: auto;
+}
+
+.refInstance {
+ margin-bottom: 1.25em;
+}
+
+.references .ascii {
+ margin-bottom: 0.25em;
+}
+
+/* index */
+.index ul {
+ margin: 0 0 0 1em;
+ padding: 0;
+ list-style: none;
+}
+.index ul ul {
+ margin: 0;
+}
+.index li {
+ margin: 0;
+ text-indent: -2em;
+ padding-left: 2em;
+ padding-bottom: 5px;
+}
+.indexIndex {
+ margin: 0.5em 0 1em;
+}
+.index a {
+ font-weight: 700;
+}
+/* make the index two-column on all but the smallest screens */
+@media (min-width: 600px) {
+ .index ul {
+ -moz-column-count: 2;
+ -moz-column-gap: 20px;
+ }
+ .index ul ul {
+ -moz-column-count: 1;
+ -moz-column-gap: 0;
+ }
+}
+
+/* authors */
+address.vcard {
+ font-style: normal;
+ margin: 1em 0;
+}
+
+address.vcard .nameRole {
+ font-weight: 700;
+ margin-left: 0;
+}
+address.vcard .label {
+ font-family: "Noto Sans",Arial,Helvetica,sans-serif;
+ margin: 0.5em 0;
+}
+address.vcard .type {
+ display: none;
+}
+.alternative-contact {
+ margin: 1.5em 0 1em;
+}
+hr.addr {
+ border-top: 1px dashed;
+ margin: 0;
+ color: #ddd;
+ max-width: calc(100% - 16px);
+}
+
+/* temporary notes */
+.rfcEditorRemove::before {
+ position: absolute;
+ top: 0.2em;
+ right: 0.2em;
+ padding: 0.2em;
+ content: "The RFC Editor will remove this note";
+ color: #9e2a00; /* Arlen: WCAG 2019 */
+ background-color: #ffd; /* Arlen: WCAG 2019 */
+}
+.rfcEditorRemove {
+ position: relative;
+ padding-top: 1.8em;
+ background-color: #ffd; /* Arlen: WCAG 2019 */
+ border-radius: 3px;
+}
+.cref {
+ background-color: #ffd; /* Arlen: WCAG 2019 */
+ padding: 2px 4px;
+}
+.crefSource {
+ font-style: italic;
+}
+/* alternative layout for smaller screens */
+@media screen and (max-width: 1023px) {
+ body {
+ padding-top: 2em;
+ }
+ #title {
+ padding: 1em 0;
+ }
+ h1 {
+ font-size: 24px;
+ }
+ h2 {
+ font-size: 20px;
+ margin-top: -18px; /* provide offset for in-page anchors */
+ padding-top: 38px;
+ }
+ #identifiers dd {
+ max-width: 60%;
+ }
+ #toc {
+ position: fixed;
+ z-index: 2;
+ top: 0;
+ right: 0;
+ padding: 0;
+ margin: 0;
+ background-color: inherit;
+ border-bottom: 1px solid #ccc;
+ }
+ #toc h2 {
+ margin: -1px 0 0 0;
+ padding: 4px 0 4px 6px;
+ padding-right: 1em;
+ min-width: 190px;
+ font-size: 1.1em;
+ text-align: right;
+ background-color: #444;
+ color: white;
+ cursor: pointer;
+ }
+ #toc h2::before { /* css hamburger */
+ float: right;
+ position: relative;
+ width: 1em;
+ height: 1px;
+ left: -164px;
+ margin: 6px 0 0 0;
+ background: white none repeat scroll 0 0;
+ box-shadow: 0 4px 0 0 white, 0 8px 0 0 white;
+ content: "";
+ }
+ #toc nav {
+ display: none;
+ padding: 0.5em 1em 1em;
+ overflow: auto;
+ height: calc(100vh - 48px);
+ border-left: 1px solid #ddd;
+ }
+}
+
+/* alternative layout for wide screens */
+@media screen and (min-width: 1024px) {
+ body {
+ max-width: 724px;
+ margin: 42px auto;
+ padding-left: 1.5em;
+ padding-right: 29em;
+ }
+ #toc {
+ position: fixed;
+ top: 42px;
+ right: 42px;
+ width: 25%;
+ margin: 0;
+ padding: 0 1em;
+ z-index: 1;
+ }
+ #toc h2 {
+ border-top: none;
+ border-bottom: 1px solid #ddd;
+ font-size: 1em;
+ font-weight: normal;
+ margin: 0;
+ padding: 0.25em 1em 1em 0;
+ }
+ #toc nav {
+ display: block;
+ height: calc(90vh - 84px);
+ bottom: 0;
+ padding: 0.5em 0 0;
+ overflow: auto;
+ }
+ img { /* future proofing */
+ max-width: 100%;
+ height: auto;
+ }
+}
+
+/* pagination */
+@media print {
+ body {
+
+ width: 100%;
+ }
+ p {
+ orphans: 3;
+ widows: 3;
+ }
+ #n-copyright-notice {
+ border-bottom: none;
+ }
+ #toc, #n-introduction {
+ page-break-before: always;
+ }
+ #toc {
+ border-top: none;
+ padding-top: 0;
+ }
+ figure, pre {
+ page-break-inside: avoid;
+ }
+ figure {
+ overflow: scroll;
+ }
+ h1, h2, h3, h4, h5, h6 {
+ page-break-after: avoid;
+ }
+ h2+*, h3+*, h4+*, h5+*, h6+* {
+ page-break-before: avoid;
+ }
+ pre {
+ white-space: pre-wrap;
+ word-wrap: break-word;
+ font-size: 10pt;
+ }
+ table {
+ border: 1px solid #ddd;
+ }
+ td {
+ border-top: 1px solid #ddd;
+ }
+}
+
+/* This is commented out here, as the string-set: doesn't
+ pass W3C validation currently */
+/*
+.ears thead .left {
+ string-set: ears-top-left content();
+}
+
+.ears thead .center {
+ string-set: ears-top-center content();
+}
+
+.ears thead .right {
+ string-set: ears-top-right content();
+}
+
+.ears tfoot .left {
+ string-set: ears-bottom-left content();
+}
+
+.ears tfoot .center {
+ string-set: ears-bottom-center content();
+}
+
+.ears tfoot .right {
+ string-set: ears-bottom-right content();
+}
+*/
+
+@page :first {
+ padding-top: 0;
+ @top-left {
+ content: normal;
+ border: none;
+ }
+ @top-center {
+ content: normal;
+ border: none;
+ }
+ @top-right {
+ content: normal;
+ border: none;
+ }
+}
+
+@page {
+ size: A4;
+ margin-bottom: 45mm;
+ padding-top: 20px;
+ /* The follwing is commented out here, but set appropriately by in code, as
+ the content depends on the document */
+ /*
+ @top-left {
+ content: 'Internet-Draft';
+ vertical-align: bottom;
+ border-bottom: solid 1px #ccc;
+ }
+ @top-left {
+ content: string(ears-top-left);
+ vertical-align: bottom;
+ border-bottom: solid 1px #ccc;
+ }
+ @top-center {
+ content: string(ears-top-center);
+ vertical-align: bottom;
+ border-bottom: solid 1px #ccc;
+ }
+ @top-right {
+ content: string(ears-top-right);
+ vertical-align: bottom;
+ border-bottom: solid 1px #ccc;
+ }
+ @bottom-left {
+ content: string(ears-bottom-left);
+ vertical-align: top;
+ border-top: solid 1px #ccc;
+ }
+ @bottom-center {
+ content: string(ears-bottom-center);
+ vertical-align: top;
+ border-top: solid 1px #ccc;
+ }
+ @bottom-right {
+ content: '[Page ' counter(page) ']';
+ vertical-align: top;
+ border-top: solid 1px #ccc;
+ }
+ */
+
+}
+
+/* Changes introduced to fix issues found during implementation */
+/* Make sure links are clickable even if overlapped by following H* */
+a {
+ z-index: 2;
+}
+/* Separate body from document info even without intervening H1 */
+section {
+ clear: both;
+}
+
+
+/* Top align author divs, to avoid names without organization dropping level with org names */
+.author {
+ vertical-align: top;
+}
+
+/* Leave room in document info to show Internet-Draft on one line */
+#identifiers dt {
+ width: 8em;
+}
+
+/* Don't waste quite as much whitespace between label and value in doc info */
+#identifiers dd {
+ margin-left: 1em;
+}
+
+/* Give floating toc a background color (needed when it's a div inside section */
+#toc {
+ background-color: white;
+}
+
+/* Make the collapsed ToC header render white on gray also when it's a link */
+@media screen and (max-width: 1023px) {
+ #toc h2 a,
+ #toc h2 a:link,
+ #toc h2 a:focus,
+ #toc h2 a:hover,
+ #toc a.toplink,
+ #toc a.toplink:hover {
+ color: white;
+ background-color: #444;
+ text-decoration: none;
+ }
+}
+
+/* Give the bottom of the ToC some whitespace */
+@media screen and (min-width: 1024px) {
+ #toc {
+ padding: 0 0 1em 1em;
+ }
+}
+
+/* Style section numbers with more space between number and title */
+.section-number {
+ padding-right: 0.5em;
+}
+
+/* prevent monospace from becoming overly large */
+tt, code, pre, code {
+ font-size: 95%;
+}
+
+/* Fix the height/width aspect for ascii art*/
+pre.sourcecode,
+.art-text pre {
+ line-height: 1.12;
+}
+
+
+/* Add styling for a link in the ToC that points to the top of the document */
+a.toplink {
+ float: right;
+ margin-right: 0.5em;
+}
+
+/* Fix the dl styling to match the RFC 7992 attributes */
+dl > dt,
+dl.dlParallel > dt {
+ float: left;
+ margin-right: 1em;
+}
+dl.dlNewline > dt {
+ float: none;
+}
+
+/* Provide styling for table cell text alignment */
+table td.text-left,
+table th.text-left {
+ text-align: left;
+}
+table td.text-center,
+table th.text-center {
+ text-align: center;
+}
+table td.text-right,
+table th.text-right {
+ text-align: right;
+}
+
+/* Make the alternative author contact informatio look less like just another
+ author, and group it closer with the primary author contact information */
+.alternative-contact {
+ margin: 0.5em 0 0.25em 0;
+}
+address .non-ascii {
+ margin: 0 0 0 2em;
+}
+
+/* With it being possible to set tables with alignment
+ left, center, and right, { width: 100%; } does not make sense */
+table {
+ width: auto;
+}
+
+/* Avoid reference text that sits in a block with very wide left margin,
+ because of a long floating dt label.*/
+.references dd {
+ overflow: visible;
+}
+
+/* Control caption placement */
+caption {
+ caption-side: bottom;
+}
+
+/* Limit the width of the author address vcard, so names in right-to-left
+ script don't end up on the other side of the page. */
+
+address.vcard {
+ max-width: 30em;
+ margin-right: auto;
+}
+
+/* For address alignment dependent on LTR or RTL scripts */
+address div.left {
+ text-align: left;
+}
+address div.right {
+ text-align: right;
+}
+
+/* Provide table alignment support. We can't use the alignX classes above
+ since they do unwanted things with caption and other styling. */
+table.right {
+ margin-left: auto;
+ margin-right: 0;
+}
+table.center {
+ margin-left: auto;
+ margin-right: auto;
+}
+table.left {
+ margin-left: 0;
+ margin-right: auto;
+}
+
+/* Give the table caption label the same styling as the figcaption */
+caption a[href] {
+ color: #222;
+}
+
+@media print {
+ .toplink {
+ display: none;
+ }
+
+ /* avoid overwriting the top border line with the ToC header */
+ #toc {
+ padding-top: 1px;
+ }
+
+ /* Avoid page breaks inside dl and author address entries */
+ .vcard {
+ page-break-inside: avoid;
+ }
+
+}
+/* Tweak the bcp14 keyword presentation */
+.bcp14 {
+ font-variant: small-caps;
+ font-weight: bold;
+ font-size: 0.9em;
+}
+/* Tweak the invisible space above H* in order not to overlay links in text above */
+ h2 {
+ margin-top: -18px; /* provide offset for in-page anchors */
+ padding-top: 31px;
+ }
+ h3 {
+ margin-top: -18px; /* provide offset for in-page anchors */
+ padding-top: 24px;
+ }
+ h4 {
+ margin-top: -18px; /* provide offset for in-page anchors */
+ padding-top: 24px;
+ }
+/* Float artwork pilcrow to the right */
+@media screen {
+ .artwork a.pilcrow {
+ display: block;
+ line-height: 0.7;
+ margin-top: 0.15em;
+ }
+}
+/* Make pilcrows on dd visible */
+@media screen {
+ dd:hover > a.pilcrow {
+ visibility: visible;
+ }
+}
+/* Make the placement of figcaption match that of a table's caption
+ by removing the figure's added bottom margin */
+.alignLeft.art-text,
+.alignCenter.art-text,
+.alignRight.art-text {
+ margin-bottom: 0;
+}
+.alignLeft,
+.alignCenter,
+.alignRight {
+ margin: 1em 0 0 0;
+}
+/* In print, the pilcrow won't show on hover, so prevent it from taking up space,
+ possibly even requiring a new line */
+@media print {
+ a.pilcrow {
+ display: none;
+ }
+}
+/* Styling for the external metadata */
+div#external-metadata {
+ background-color: #eee;
+ padding: 0.5em;
+ margin-bottom: 0.5em;
+ display: none;
+}
+div#internal-metadata {
+ padding: 0.5em; /* to match the external-metadata padding */
+}
+/* Styling for title RFC Number */
+h1#rfcnum {
+ clear: both;
+ margin: 0 0 -1em;
+ padding: 1em 0 0 0;
+}
+/* Make .olPercent look the same as <ol><li> */
+dl.olPercent > dd {
+ margin-bottom: 0.25em;
+ min-height: initial;
+}
+/* Give aside some styling to set it apart */
+aside {
+ border-left: 1px solid #ddd;
+ margin: 1em 0 1em 2em;
+ padding: 0.2em 2em;
+}
+aside > dl,
+aside > ol,
+aside > ul,
+aside > table,
+aside > p {
+ margin-bottom: 0.5em;
+}
+/* Additional page break settings */
+@media print {
+ figcaption, table caption {
+ page-break-before: avoid;
+ }
+}
+/* Font size adjustments for print */
+@media print {
+ body { font-size: 10pt; line-height: normal; max-width: 96%; }
+ h1 { font-size: 1.72em; padding-top: 1.5em; } /* 1*1.2*1.2*1.2 */
+ h2 { font-size: 1.44em; padding-top: 1.5em; } /* 1*1.2*1.2 */
+ h3 { font-size: 1.2em; padding-top: 1.5em; } /* 1*1.2 */
+ h4 { font-size: 1em; padding-top: 1.5em; }
+ h5, h6 { font-size: 1em; margin: initial; padding: 0.5em 0 0.3em; }
+}
+/* Sourcecode margin in print, when there's no pilcrow */
+@media print {
+ .artwork,
+ .sourcecode {
+ margin-bottom: 1em;
+ }
+}
+/* Avoid narrow tables forcing too narrow table captions, which may render badly */
+table {
+ min-width: 20em;
+}
+/* ol type a */
+ol.type-a { list-style-type: lower-alpha; }
+ol.type-A { list-style-type: upper-alpha; }
+ol.type-i { list-style-type: lower-roman; }
+ol.type-I { list-style-type: lower-roman; }
+/* Apply the print table and row borders in general, on request from the RPC,
+and increase the contrast between border and odd row background sligthtly */
+table {
+ border: 1px solid #ddd;
+}
+td {
+ border-top: 1px solid #ddd;
+}
+tr:nth-child(2n+1) > td {
+ background-color: #f8f8f8;
+}
+/* Use style rules to govern display of the TOC. */
+@media screen and (max-width: 1023px) {
+ #toc nav { display: none; }
+ #toc.active nav { display: block; }
+}
+/* Add support for keepWithNext */
+.keepWithNext {
+ break-after: avoid-page;
+ break-after: avoid-page;
+}
+/* Add support for keepWithPrevious */
+.keepWithPrevious {
+ break-before: avoid-page;
+}
+/* Change the approach to avoiding breaks inside artwork etc. */
+figure, pre, table, .artwork, .sourcecode {
+ break-before: auto;
+ break-after: auto;
+}
+/* Avoid breaks between <dt> and <dd> */
+dl {
+ break-before: auto;
+ break-inside: auto;
+}
+dt {
+ break-before: auto;
+ break-after: avoid-page;
+}
+dd {
+ break-before: avoid-page;
+ break-after: auto;
+ orphans: 3;
+ widows: 3
+}
+span.break, dd.break {
+ margin-bottom: 0;
+ min-height: 0;
+ break-before: auto;
+ break-inside: auto;
+ break-after: auto;
+}
+/* Undo break-before ToC */
+@media print {
+ #toc {
+ break-before: auto;
+ }
+}
+/* Text in compact lists should not get extra bottim margin space,
+ since that would makes the list not compact */
+ul.compact p, .ulCompact p,
+ol.compact p, .olCompact p {
+ margin: 0;
+}
+/* But the list as a whole needs the extra space at the end */
+section ul.compact,
+section .ulCompact,
+section ol.compact,
+section .olCompact {
+ margin-bottom: 1em; /* same as p not within ul.compact etc. */
+}
+/* The tt and code background above interferes with for instance table cell
+ backgrounds. Changed to something a bit more selective. */
+tt, code {
+ background-color: transparent;
+}
+p tt, p code, li tt, li code {
+ background-color: #f8f8f8;
+}
+/* Tweak the pre margin -- 0px doesn't come out well */
+pre {
+ margin-top: 0.5px;
+}
+/* Tweak the comact list text */
+ul.compact, .ulCompact,
+ol.compact, .olCompact,
+dl.compact, .dlCompact {
+ line-height: normal;
+}
+/* Don't add top margin for nested lists */
+li > ul, li > ol, li > dl,
+dd > ul, dd > ol, dd > dl,
+dl > dd > dl {
+ margin-top: initial;
+}
+/* Elements that should not be rendered on the same line as a <dt> */
+/* This should match the element list in writer.text.TextWriter.render_dl() */
+dd > div.artwork:first-child,
+dd > aside:first-child,
+dd > figure:first-child,
+dd > ol:first-child,
+dd > div:first-child > pre.sourcecode,
+dd > table:first-child,
+dd > ul:first-child {
+ clear: left;
+}
+/* fix for weird browser behaviour when <dd/> is empty */
+dt+dd:empty::before{
+ content: "\00a0";
+}
+/* Make paragraph spacing inside <li> smaller than in body text, to fit better within the list */
+li > p {
+ margin-bottom: 0.5em
+}
+/* Don't let p margin spill out from inside list items */
+li > p:last-of-type {
+ margin-bottom: 0;
+}
+
+.label-expires,.expires {
+ display: none;
+}
