<?xml version="1.0" encoding="UTF-8"?>
  <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
  <!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.34 (Ruby 3.3.8) -->


<!DOCTYPE rfc  [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">

]>


<rfc ipr="trust200902" docName="draft-ietf-mailmaint-imap-objectid-bis-05" category="std" consensus="true" submissionType="IETF" obsoletes="RFC8474" updates="RFC3501, RFC9051, RFC9698" tocInclude="true" sortRefs="true" symRefs="true">
  <front>
    <title abbrev="IMAP OBJECTID+">IMAP Extension for Object Identifiers</title>

    <author initials="B." surname="Gondwana" fullname="Bron Gondwana">
      <organization abbrev="Fastmail">Fastmail</organization>
      <address>
        <postal>
          <street>Level 2, 114 William St</street>
          <city>Melbourne</city>
          <region>VIC 3000</region>
          <country>Australia</country>
        </postal>
        <email>brong@fastmailteam.com</email>
        <uri>https://www.fastmail.com</uri>
      </address>
    </author>
    <author initials="M." surname="De Gennaro" fullname="Mauro De Gennaro">
      <organization abbrev="Stalwart Labs">Stalwart Labs LLC</organization>
      <address>
        <postal>
          <street>1309 Coffeen Avenue, Suite 1200</street>
          <city>Sheridan</city>
          <region>WY</region>
          <code>82801</code>
          <country>USA</country>
        </postal>
        <email>mauro@stalw.art</email>
        <uri>https://stalw.art</uri>
      </address>
    </author>

    <date year="2026" month="July" day="04"/>

    
    <workgroup>mailmaint</workgroup>
    <keyword>Internet-Draft</keyword>

    <abstract>


<?line 64?>

<t>This document defines the OBJECTID+ extension for IMAP, which
obsoletes <xref target="RFC8474"/>.  OBJECTID+ introduces a compound OBJECTID
response format that bundles object identifiers into key-value
pairs, an ACCOUNTID identifier for account-level context, OBJECTID
response codes for the RENAME command, and identifier-based mailbox
selection via SELECT and EXAMINE. The OBJECTID+ extension is
activated implicitly when a client uses any OBJECTID+-specific
feature, ensuring backward compatibility with clients that only
support <xref target="RFC8474"/>.  This document also updates <xref target="RFC9698"/>: when
JMAPACCESS is advertised alongside OBJECTID+, ACCOUNTID values <bcp14>MUST</bcp14>
correspond to JMAP accountIds.</t>



    </abstract>



  </front>

  <middle>


<?line 78?>

<section anchor="introduction"><name>Introduction</name>

<t>This document obsoletes <xref target="RFC8474"/> and defines persistent
identifiers on mailboxes and messages to allow clients to more
efficiently reuse cached data when resources have changed location
on the server.  It also updates <xref target="RFC9698"/>: when JMAPACCESS is
advertised alongside OBJECTID+, ACCOUNTID values <bcp14>MUST</bcp14> correspond
to JMAP accountIds.</t>

<t>The OBJECTID+ extension builds upon the identifier framework
established by <xref target="RFC8474"/> and introduces several new capabilities.
It defines a compound OBJECTID response format that bundles multiple
identifiers into a parenthesized list of key-value pairs; identifiers
that the server does not support are simply omitted from the response.
This compound format is used uniformly across SELECT, EXAMINE,
CREATE, RENAME, STATUS, and FETCH responses once the extension has
been activated.</t>

<t>Four types of object identifiers may appear within the compound
OBJECTID response.  MAILBOXID is a server-allocated identifier for
each mailbox that persists across renames, allowing clients to detect
that a mailbox has been renamed rather than deleted and recreated.
EMAILID is an identifier for message content that persists across
COPY and MOVE operations, allowing clients to avoid redownloading
messages that have changed location.  THREADID is an optional
identifier grouping related messages, allowing clients to display
conversations.  ACCOUNTID is a new identifier for account-level
context, enabling disambiguation of mailboxes in environments where
multiple accounts are accessible through a single IMAP session.</t>

<t>The extension also introduces identifier-based mailbox selection via
the OBJECTID parameter on SELECT and EXAMINE, allowing clients to
reliably reselect mailboxes after renames.  Additionally, the RENAME
command now returns an OBJECTID response code, providing the
server-allocated identifiers for the renamed mailbox.</t>

<t>All identifier types are optional within the compound OBJECTID
response; a server that does not support a particular identifier
simply omits it.  The empty compound response "OBJECTID ()" is
valid and indicates that the server supports the OBJECTID+ extension
but does not have any identifiers to return in the current context.</t>

<section anchor="notational-conventions"><name>Notational Conventions</name>

<t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>

<?line -18?>

</section>
</section>
<section anchor="capability-identification"><name>CAPABILITY Identification</name>

<section anchor="objectid-and-objectid-capabilities"><name>OBJECTID and OBJECTID+ Capabilities</name>

<t>This document obsoletes <xref target="RFC8474"/> and defines the OBJECTID+
capability.  The OBJECTID+ capability is independent of the OBJECTID
capability defined in <xref target="RFC8474"/>: a server <bcp14>MAY</bcp14> advertise OBJECTID+
alone, or it <bcp14>MAY</bcp14> advertise both OBJECTID and OBJECTID+ to provide
backward compatibility with clients that only support <xref target="RFC8474"/>.</t>

<t>A server that advertises both capabilities <bcp14>MUST</bcp14> behave as defined in
<xref target="RFC8474"/> until the client activates OBJECTID+ (<xref target="activation"/>).
A server that advertises only OBJECTID+ is not required to support
the individual MAILBOXID, EMAILID, or THREADID attributes defined
in <xref target="RFC8474"/>.</t>

<t>The OBJECTID+ extension adds the ACCOUNTID identifier
(<xref target="accountid"/>), the compound OBJECTID response format
(<xref target="objectid-compound"/>), the OBJECTID SELECT/EXAMINE parameter
(<xref target="select-objectid"/>), the OBJECTID FETCH data item
(<xref target="fetch-objectid"/>), the OBJECTID STATUS attribute
(<xref target="status-objectid"/>), the OBJECTID response code on CREATE
(<xref target="create-objectid"/>) and RENAME (<xref target="rename-objectid"/>), and the
JMAPACCESS capability and GETJMAPACCESS command (<xref target="jmapaccess"/>).</t>

</section>
<section anchor="activation"><name>Activation of OBJECTID+</name>

<t>A client activates the OBJECTID+ extension by using any
OBJECTID+-specific feature. The server <bcp14>MUST NOT</bcp14> send
OBJECTID+-specific responses until the extension has been
activated.</t>

<t>The extension is activated by any of the following:</t>

<t><list style="symbols">
  <t>The client issues ENABLE OBJECTID+ (<xref target="RFC5161"/>)</t>
  <t>The client uses the OBJECTID parameter on SELECT or EXAMINE (<xref target="select-objectid"/>)</t>
  <t>The client requests the OBJECTID status attribute (<xref target="status-objectid"/>)</t>
  <t>The client requests the OBJECTID FETCH data item (<xref target="fetch-objectid"/>)</t>
</list></t>

<t>When the extension is activated by any mechanism other than
ENABLE, the server <bcp14>MUST</bcp14> send an untagged ENABLED response
listing OBJECTID+ before any response that is affected by
the activation:</t>

<figure><artwork><![CDATA[
* ENABLED OBJECTID+
]]></artwork></figure>

<t>Once activated, the OBJECTID+ extension remains active for the
duration of the IMAP session. Activation <bcp14>MUST NOT</bcp14> be reversed.</t>

<t>Once OBJECTID+ is activated, the server <bcp14>MUST</bcp14> use the compound
OBJECTID response code (<xref target="objectid-compound"/>) in place of the
MAILBOXID response code in all subsequent SELECT, EXAMINE,
CREATE, and RENAME responses.</t>

</section>
</section>
<section anchor="objectid-compound"><name>OBJECTID Compound Format</name>

<t>The OBJECTID+ extension introduces a compound OBJECTID format: a
parenthesized list of key-value pairs that bundles multiple
identifiers.  The same syntax is used by the server in response
codes, STATUS attribute values, and FETCH data item values, and by
the client when supplying identifiers as an argument to the OBJECTID
parameter on SELECT and EXAMINE (<xref target="select-objectid"/>).</t>

<t>Each key identifies the type of object identifier (e.g., MAILBOXID,
ACCOUNTID, EMAILID, THREADID), and each value is the corresponding
ObjectID. Keys that the server does not support or that are not
applicable in a given context are simply omitted from the response.
An empty compound response "OBJECTID ()" is valid and indicates that
the server supports the OBJECTID+ extension but does not have any
identifiers to return in the current context.</t>

<t>Once OBJECTID+ has been activated, the compound OBJECTID format is
used as a response code in SELECT and EXAMINE untagged OK responses,
as a response code in tagged OK responses to CREATE and RENAME, as
a STATUS attribute, and as a FETCH data item.</t>

<t>The contents of the compound OBJECTID vary by context:</t>

<t><list style="symbols">
  <t>For mailbox context (SELECT, EXAMINE, CREATE, RENAME, STATUS):
the server <bcp14>SHOULD</bcp14> include MAILBOXID and ACCOUNTID.</t>
  <t>For message context (FETCH): the server <bcp14>SHOULD</bcp14> include EMAILID
and THREADID. ACCOUNTID is not included in FETCH OBJECTID
responses because the account context is already established by
the SELECT or EXAMINE response for the current mailbox.</t>
</list></t>

<t>Identifiers that the server does not support are omitted rather
than returned as NIL. This allows the compound format to
self-describe the server's capabilities without requiring clients
to handle placeholder values.</t>

<t>Clients <bcp14>MUST</bcp14> ignore any unrecognised key-value pairs in a compound
OBJECTID response. This allows future extensions to add new
identifier types without breaking existing clients.</t>

</section>
<section anchor="accountid"><name>ACCOUNTID Object Identifier</name>

<t>The ACCOUNTID is a server-allocated identifier that specifies the
account to which a mailbox belongs. When used in conjunction
with MAILBOXID, the ACCOUNTID provides complete disambiguation of
mailboxes in environments where multiple accounts are accessible
through a single IMAP session.</t>

<t>The ACCOUNTID is represented as an opaque string using the same
character set and syntactic constraints as other object identifiers
defined in this specification (see <xref target="objectid-syntax"/>).</t>

<t>The server <bcp14>MUST</bcp14> return the same ACCOUNTID for all mailboxes that
belong to the same account. Conversely, the server <bcp14>MUST NOT</bcp14> return
the same ACCOUNTID for mailboxes that belong to different accounts,
even if accessed within the same IMAP session.</t>

<t>When a server advertises both JMAPACCESS and OBJECTID+, the
ACCOUNTID for each mailbox <bcp14>MUST</bcp14> correspond to the JMAP accountId
for that account (see <xref target="jmapaccess"/>).</t>

<t>When a mailbox is accessed exclusively through IMAP and does not
have a corresponding representation in JMAP, the server <bcp14>MAY</bcp14> still
assign an ACCOUNTID to maintain consistency in the IMAP representation.
However, such ACCOUNTIDs need not correspond to any JMAP account
identifier.</t>

<t>The ACCOUNTID is conceptually immutable for a given account within an
IMAP session. However, if the underlying account is deleted or the
user's access to that account is revoked, the associated mailboxes will
no longer be accessible via IMAP, and their ACCOUNTIDs become
irrelevant.</t>

<t>When OBJECTID+ has been activated (<xref target="activation"/>), the server
returns ACCOUNTID within the compound OBJECTID response code for
SELECT, EXAMINE, CREATE, and RENAME commands, and within the
compound OBJECTID STATUS attribute.  ACCOUNTID is not exposed as a
standalone attribute; it is only available through the compound
OBJECTID format.</t>

</section>
<section anchor="mailboxid"><name>MAILBOXID Object Identifier</name>

<t>The MAILBOXID is a server-allocated unique identifier for each
mailbox.</t>

<t>This document relaxes the uniqueness requirement from <xref target="RFC8474"/>,
which required MAILBOXID to be unique across the entire server;
MAILBOXID is now only required to be unique within the scope of
a single ACCOUNTID.</t>

<t>The server <bcp14>MUST</bcp14> return the same MAILBOXID for a mailbox with the same
name and UIDVALIDITY.</t>

<t>The server <bcp14>MUST NOT</bcp14> report the same (ACCOUNTID, MAILBOXID) pair for
two different mailboxes at the same time.</t>

<t>The server <bcp14>MUST NOT</bcp14> reuse the same MAILBOXID for a mailbox that does
not obey all the invariants that <xref target="RFC3501"/> defines for a mailbox
that does not change name or UIDVALIDITY.</t>

<t>The server <bcp14>SHOULD</bcp14> keep the same MAILBOXID for the source and
destination when renaming a mailbox in a way that keeps the same
messages (but see <xref target="RFC3501"/> for the special case regarding the
renaming of INBOX, which is treated as creating a new mailbox and
moving the messages).</t>

<t>When OBJECTID+ has been activated (<xref target="activation"/>), the server
returns MAILBOXID within the compound OBJECTID response code for
SELECT, EXAMINE, CREATE, and RENAME commands, and within the
compound OBJECTID STATUS attribute.  Servers that also advertise
the OBJECTID capability continue to support the standalone
MAILBOXID attribute as defined in <xref target="RFC8474"/>.</t>

</section>
<section anchor="emailid"><name>EMAILID Object Identifier and THREADID Correlator</name>

<section anchor="emailid-identifier-for-identical-messages"><name>EMAILID Identifier for Identical Messages</name>

<t>The EMAILID data item is an ObjectID that uniquely identifies the
content of a single message.  Anything that must remain immutable on
a {mailbox name, uidvalidity, uid} triple must also be the same
between messages with the same EMAILID.</t>

<t>EMAILID uniqueness is scoped to a single ACCOUNTID; the same EMAILID
value <bcp14>MAY</bcp14> appear in different accounts referring to different messages.</t>

<t>The server <bcp14>MUST</bcp14> return the same EMAILID for the same {mailbox name,
uidvalidity, uid} triple; hence, EMAILID is immutable.</t>

<t>Messages with the same EMAILID <bcp14>MUST</bcp14> have identical immutable
content.  Messages with identical content <bcp14>SHOULD</bcp14> have the same
EMAILID, but the server is not required to detect content
duplication.</t>

<t>A COPY or MOVE command <xref target="RFC6851"/> is allowed to create a new
EMAILID for the destination message.  The server <bcp14>SHOULD</bcp14> preserve
the EMAILID when the source and destination mailboxes have the
same ACCOUNTID, but is not required to do so.</t>

<t>The server <bcp14>MAY</bcp14> assign the same EMAILID as an existing message upon
APPEND (e.g., if it detects that the new message has exactly
identical content to that of an existing message).</t>

<t>NOTE: EMAILID only identifies the immutable content of the message.
In particular, it is possible for different messages with the same
EMAILID to have different keywords.  This document does not specify a
way to STORE by EMAILID.  When JMAPACCESS is also advertised, see
<xref target="jmapaccess"/> for how the per-message IMAP flags of messages sharing
an EMAILID relate to the JMAP keywords of the corresponding Email.</t>

</section>
<section anchor="threadid"><name>THREADID Identifier for Related Messages</name>

<t>The THREADID data item is an ObjectID that uniquely identifies a set
of messages that the server believes should be grouped together when
presented.</t>

<t>THREADID uniqueness is scoped to a single ACCOUNTID, the same as
EMAILID.</t>

<t>THREADID calculation is generally based on some combination of
References, In-Reply-To, and Subject, but the exact logic is left up
to the server implementation.  <xref target="RFC5256"/> describes some algorithms
that could be used; however, this specification does not mandate any
particular strategy.</t>

<t>The server <bcp14>MUST</bcp14> return the same THREADID for all messages with the
same EMAILID.</t>

<t>The server <bcp14>SHOULD</bcp14> return the same THREADID for related messages, even
if they are in different mailboxes; for example, messages that would
appear in the same thread if they were in the same mailbox <bcp14>SHOULD</bcp14>
have the same THREADID, even if they are in different mailboxes.</t>

<t>The server <bcp14>MUST NOT</bcp14> change the THREADID of a message once reported.</t>

<t>THREADID is <bcp14>OPTIONAL</bcp14>; if the server does not support THREADID, it
omits THREADID from the compound OBJECTID response in FETCH.  A
SEARCH for THREADID <bcp14>MUST NOT</bcp14> match any messages when the server does
not support THREADID.</t>

<t>Within a compound OBJECTID FETCH response, the server <bcp14>MUST NOT</bcp14>
return the same ObjectID value as both the EMAILID and the THREADID
for different messages.  If they are stored with the same value
internally, the server can generate prefixed values (as shown in the
examples below with M and T prefixes) to avoid collisions.</t>

<t>Servers that also advertise the OBJECTID capability continue to
support the standalone EMAILID and THREADID FETCH data items as
defined in <xref target="RFC8474"/>.</t>

</section>
</section>
<section anchor="objectid-extensions-to-existing-commands"><name>OBJECTID+ Extensions to Existing Commands</name>

<section anchor="select-objectid"><name>OBJECTID Parameter on SELECT and EXAMINE</name>

<t>This document extends SELECT and EXAMINE to accept an OBJECTID
parameter in the optional parameters list, as defined in
<xref target="RFC4466"/>.</t>

<t>The OBJECTID parameter has two forms:</t>

<t><list style="numbers" type="1">
  <t>Without arguments: <spanx style="verb">SELECT "mailbox" (OBJECTID)</spanx> activates
the OBJECTID+ extension (<xref target="activation"/>) and requests the
compound OBJECTID response code in place of the MAILBOXID
response code.</t>
  <t>With arguments: <spanx style="verb">SELECT "mailbox" (OBJECTID (MAILBOXID id
ACCOUNTID id))</spanx> additionally requests that the server select
the mailbox identified by the given MAILBOXID and ACCOUNTID
rather than by name.  The mailbox name serves as a fallback
if no mailbox matches the given identifiers.</t>
</list></t>

<t>In the second form, the parenthesized list after OBJECTID
contains the same key-value pairs that the server returns in
its compound OBJECTID response (<xref target="objectid-compound"/>).  The
client <bcp14>SHOULD</bcp14> include all identifiers that the server provided
in the most recent compound OBJECTID response for the mailbox.</t>

<t>When the server receives the second form, it <bcp14>MUST</bcp14> attempt to
locate a mailbox matching the provided identifiers.  If a match
is found, the server selects that mailbox regardless of whether
the mailbox name in the command still refers to it.  If no
match is found, the server falls back to selecting the mailbox
by name, following the normal SELECT semantics.</t>

<t>This mechanism allows clients to reliably reselect a mailbox
after it has been renamed by another client, following the same
pattern as the Sieve <spanx style="verb">:mailboxid</spanx> extension in <xref target="RFC9042"/>.</t>

<t>Example (activation only, no ID-based selection):</t>

<figure><artwork><![CDATA[
C: 27 select "foo" (OBJECTID)
S: * ENABLED OBJECTID+
[...]
S: * OK [OBJECTID (MAILBOXID F2212ea87-6097-4256-9d51-71338625 \
        ACCOUNTID u1a48e8e3)] Ok
[...]
S: 27 OK [READ-WRITE] Completed
]]></artwork></figure>

<t>Example (ID-based selection after a rename):</t>

<figure><artwork><![CDATA[
C: 28 select "foo" (OBJECTID (MAILBOXID \
        F2212ea87-6097-4256-9d51-71338625 \
        ACCOUNTID u1a48e8e3))
[...]
S: * OK [OBJECTID (MAILBOXID F2212ea87-6097-4256-9d51-71338625 \
        ACCOUNTID u1a48e8e3)] Ok
[...]
S: 28 OK [READ-WRITE] Completed
]]></artwork></figure>

<t>Here the mailbox was previously named "foo" but may have been
renamed.  The server locates it by MAILBOXID and ACCOUNTID
regardless of its current name.</t>

<t>Example (ID-based selection, fallback to name):</t>

<figure><artwork><![CDATA[
C: 29 select "foo" (OBJECTID (MAILBOXID \
        Fno-longer-exists ACCOUNTID u1a48e8e3))
[...]
S: * OK [OBJECTID (MAILBOXID F9999new-id-for-foo \
        ACCOUNTID u1a48e8e3)] Ok
[...]
S: 29 OK [READ-WRITE] Completed
]]></artwork></figure>

<t>The MAILBOXID did not match any mailbox, so the server fell
back to selecting "foo" by name.  The response contains the
actual OBJECTID of the selected mailbox.</t>

<t>When the server selects a mailbox via the provided identifiers
and the mailbox name in the command no longer refers to that
mailbox, the response identifies the mailbox by its OBJECTID but
does not directly convey its current name.  Clients can determine
the current name using LIST: in IMAP4rev2 (<xref target="RFC9051"/>), the
OLDNAME extended data item on the LIST response (Section 6.3.9.7
of <xref target="RFC9051"/>) reports the former name alongside the current
one, allowing the client to correlate its cached name with the
renamed mailbox.  Clients implementing only IMAP4rev1
(<xref target="RFC3501"/>) can reissue LIST with an appropriate reference and
pattern and match the result by MAILBOXID via the OBJECTID STATUS
attribute.</t>

<t>Example (shared mailbox with different ACCOUNTID):</t>

<figure><artwork><![CDATA[
C: 30 select "shared/team"
[...]
S: * OK [OBJECTID (MAILBOXID F8839dca12-3ef8-4a72-b63d-54f9e8a1 \
        ACCOUNTID u2b59f9f4)] Ok
[...]
S: 30 OK [READ-WRITE] Completed
]]></artwork></figure>

<t>Note that in this example, the server does not send ENABLED
again because the extension was already activated.  The shared
mailbox has a different ACCOUNTID, indicating it belongs to a
different account.</t>

</section>
<section anchor="create-objectid"><name>OBJECTID Response Code for CREATE</name>

<t>When OBJECTID+ has been activated (<xref target="activation"/>), the server
<bcp14>MUST</bcp14> include the compound OBJECTID response code in the tagged OK
response to successful CREATE commands.</t>

<t>Example:</t>

<figure><artwork><![CDATA[
C: 3 create foo
S: 3 OK [OBJECTID (MAILBOXID \
        F2212ea87-6097-4256-9d51-71338625 \
        ACCOUNTID u1a48e8e3)] Completed
C: 4 create bar
S: 4 OK [OBJECTID (MAILBOXID \
        F6352ae03-b7f5-463c-896f-d8b48ee3 \
        ACCOUNTID u1a48e8e3)] Completed
C: 5 create shared/team
S: 5 OK [OBJECTID (MAILBOXID \
        F8839dca12-3ef8-4a72-b63d-54f9e8a1 \
        ACCOUNTID u2b59f9f4)] Completed
]]></artwork></figure>

</section>
<section anchor="rename-objectid"><name>OBJECTID Response Code for RENAME</name>

<t>When OBJECTID+ has been activated (<xref target="activation"/>), the server
<bcp14>MUST</bcp14> include the compound OBJECTID response code in the tagged OK
response to successful RENAME commands.</t>

<t>The MAILBOXID in the response <bcp14>SHOULD</bcp14> be the same as the source
mailbox when the rename preserves all mailbox invariants.  The
ACCOUNTID reflects the account to which the mailbox belongs after
the rename.</t>

<t>When a mailbox is renamed within the same account, the server
<bcp14>SHOULD</bcp14> return the same MAILBOXID and ACCOUNTID as the source
mailbox.</t>

<t>When a mailbox is renamed across account boundaries (for example,
from a personal namespace to a shared namespace belonging to a
different account), the server <bcp14>MAY</bcp14> return a different ACCOUNTID,
a different MAILBOXID, or both, reflecting the new account context
and any server-specific identifier allocation policy.</t>

<t>Example (local rename, identifiers preserved):</t>

<figure><artwork><![CDATA[
C: 8 rename foo renamed
S: 8 OK [OBJECTID (MAILBOXID \
        F2212ea87-6097-4256-9d51-71338625 \
        ACCOUNTID u1a48e8e3)] Completed
]]></artwork></figure>

<t>Example (cross-account rename, new identifiers issued):</t>

<figure><artwork><![CDATA[
C: 13 rename bar "Other Users.shared.bar"
S: 13 OK [OBJECTID (MAILBOXID \
        Fa77c2e19-84d3-4b0f-9e12-67df5c8a \
        ACCOUNTID u2b59f9f4)] Completed
]]></artwork></figure>

</section>
<section anchor="status-objectid"><name>OBJECTID Attribute for STATUS</name>

<t>The OBJECTID STATUS attribute requests the compound OBJECTID
response, which includes the MAILBOXID and ACCOUNTID for the
queried mailbox (when supported by the server).</t>

<t>Syntax: "OBJECTID"</t>

<t>Requesting the OBJECTID STATUS attribute activates the OBJECTID+
extension (<xref target="activation"/>).</t>

<t>Example:</t>

<figure><artwork><![CDATA[
C: 6 status foo (objectid)
S: * ENABLED OBJECTID+
S: * STATUS foo (OBJECTID (MAILBOXID \
        F2212ea87-6097-4256-9d51-71338625 \
        ACCOUNTID u1a48e8e3))
S: 6 OK Completed

C: 7 status bar (objectid)
S: * STATUS bar (OBJECTID (MAILBOXID \
        F6352ae03-b7f5-463c-896f-d8b48ee3 \
        ACCOUNTID u1a48e8e3))
S: 7 OK Completed

C: 8 status shared/team (objectid)
S: * STATUS shared/team (OBJECTID (MAILBOXID \
        F8839dca12-3ef8-4a72-b63d-54f9e8a1 \
        ACCOUNTID u2b59f9f4))
S: 8 OK Completed
]]></artwork></figure>

<t>Servers that also advertise the OBJECTID capability continue to
support the standalone MAILBOXID STATUS attribute as defined in
<xref target="RFC8474"/>.</t>

<t>When the LIST-STATUS IMAP capability defined in <xref target="RFC5819"/> is also
available, the STATUS command can be combined with the LIST command.</t>

<t>Example:</t>

<figure><artwork><![CDATA[
C: 11 list "" "*" return (status (objectid))
S: * ENABLED OBJECTID+
S: * LIST (\HasNoChildren) "." INBOX
S: * STATUS INBOX (OBJECTID (MAILBOXID \
        Ff8e3ead4-9389-4aff-adb1-d8d89efd8cbf \
        ACCOUNTID u1a48e8e3))
S: * LIST (\HasNoChildren) "." bar
S: * STATUS bar (OBJECTID (MAILBOXID \
        F6352ae03-b7f5-463c-896f-d8b48ee3 \
        ACCOUNTID u1a48e8e3))
S: * LIST (\HasNoChildren) "." "Other Users.other.sub.folder"
S: * STATUS "Other Users.other.sub.folder" (OBJECTID ( \
        MAILBOXID F8839dca12-3ef8-4a72-b63d-54f9e8a1 \
        ACCOUNTID u2b59f9f4))
S: 11 OK Completed (0.001 secs 3 calls)
]]></artwork></figure>

<t>This example demonstrates how clients can efficiently retrieve
object identifiers for multiple mailboxes, including mailboxes
belonging to different accounts, using the extended LIST command
with STATUS return option.</t>

</section>
<section anchor="fetch-objectid"><name>OBJECTID Data Item for FETCH</name>

<t>The OBJECTID FETCH data item causes the server to return a compound
OBJECTID response containing the EMAILID and, if supported, the
THREADID for each message.</t>

<t>Syntax: "OBJECTID"</t>

<t>Requesting the OBJECTID FETCH data item activates the OBJECTID+
extension (<xref target="activation"/>).</t>

<t>ACCOUNTID is not included in the FETCH OBJECTID response because
the account context is already established by the SELECT or EXAMINE
response for the current mailbox.</t>

<t>Example:</t>

<figure><artwork><![CDATA[
C: 30 fetch 1:* (objectid)
S: * ENABLED OBJECTID+
S: * 1 FETCH (OBJECTID (EMAILID M6d99ac3275bb4e \
        THREADID T64b478a75b7ea9))
S: * 2 FETCH (OBJECTID (EMAILID M5fdc09b49ea703 \
        THREADID T11863d02dd95b5))
S: 30 OK Completed (0.000 sec)
]]></artwork></figure>

<t>Example (no THREADID support):</t>

<figure><artwork><![CDATA[
C: 31 fetch 1:* (objectid)
S: * 1 FETCH (OBJECTID (EMAILID M00000001))
S: * 2 FETCH (OBJECTID (EMAILID M00000002))
S: 31 OK Completed (0.000 sec)
]]></artwork></figure>

<t>Example (server supports no message identifiers):</t>

<figure><artwork><![CDATA[
C: 32 fetch 1:* (objectid)
S: * 1 FETCH (OBJECTID ())
S: * 2 FETCH (OBJECTID ())
S: 32 OK Completed (0.000 sec)
]]></artwork></figure>

<t>Servers that also advertise the OBJECTID capability continue to
support the individual EMAILID and THREADID FETCH data items as
defined in <xref target="RFC8474"/>.</t>

</section>
</section>
<section anchor="new-filters-on-search-command"><name>New Filters on SEARCH Command</name>

<t>This document defines the filters EMAILID and THREADID on the SEARCH
command.</t>

<t>Syntax: "EMAILID" SP objectid</t>

<t>Messages whose EMAILID is exactly the specified ObjectID.</t>

<t>Syntax: "THREADID" SP objectid</t>

<t>Messages whose THREADID is exactly the specified ObjectID.</t>

<t>When using the MULTISEARCH extension defined in <xref target="RFC7377"/> to search
across multiple mailboxes, clients <bcp14>SHOULD</bcp14> only search for EMAILID or
THREADID across mailboxes that share the same ACCOUNTID. Since object
identifiers are only guaranteed to be unique within the scope of a
single ACCOUNTID, searching across mailboxes with different ACCOUNTIDs
may produce incorrect results if identifiers from different accounts
happen to collide.</t>

<t>Example:</t>

<figure><artwork><![CDATA[
C: 27 search emailid M6d99ac3275bb4e
S: * SEARCH 1
S: 27 OK Completed (1 msgs in 0.000 secs)
C: 28 search threadid T64b478a75b7ea9
S: * SEARCH 1 2
S: 28 OK Completed (2 msgs in 0.000 secs)
]]></artwork></figure>

</section>
<section anchor="jmapaccess"><name>Additional Conditions for JMAPACCESS</name>

<t>The JMAPACCESS capability and GETJMAPACCESS command are defined in
<xref target="RFC9698"/>.  This document updates those semantics: when a server
advertises both JMAPACCESS and OBJECTID+, it additionally asserts
that the IMAP ACCOUNTID for each mailbox corresponds directly to the
JMAP accountId for that account, as defined in
<xref section="1.6.2" sectionFormat="of" target="RFC8620"/>.</t>

<t>A server that advertises both JMAPACCESS and OBJECTID+ is not
required to also advertise OBJECTID (<xref target="RFC8474"/>); OBJECTID+ is
sufficient to satisfy the capability prerequisite for JMAPACCESS.</t>

<t>Clients that encounter JMAPACCESS without OBJECTID+ should interpret
it as defined in <xref target="RFC9698"/>.</t>

<section anchor="message-keywords-and-jmap-keywords"><name>Message Keywords and JMAP Keywords</name>

<t>When a server advertises both JMAPACCESS and OBJECTID+, all IMAP
messages that share the same EMAILID denote the same JMAP Email
object (<xref section="4.1.1" sectionFormat="of" target="RFC8621"/>).  Such messages <bcp14>MAY</bcp14> appear in
more than one mailbox, and IMAP permits each message instance to
carry its own set of flags.  JMAP, by contrast, represents the
state of an Email's flags as a single "keywords" set on the Email
object.  The system flags map between the protocols as defined in
<xref section="4.1.1" sectionFormat="of" target="RFC8621"/> (for example, "\Flagged" corresponds
to "$flagged" and "\Seen" to "$seen").</t>

<t>For each keyword and its corresponding IMAP flag, a server <bcp14>MUST</bcp14>
present a JMAP keyword set consistent with the IMAP flags of the
messages sharing that EMAILID, as follows:</t>

<t><list style="symbols">
  <t>If every IMAP message with that EMAILID has the flag set, the
corresponding keyword <bcp14>MUST</bcp14> be present in the Email's "keywords"
set.</t>
  <t>If no IMAP message with that EMAILID has the flag set, the
corresponding keyword <bcp14>MUST NOT</bcp14> be present.</t>
  <t>If some but not all such messages have the flag set, whether the
keyword is present is server dependent.</t>
</list></t>

<t>Setting a keyword on an Email via JMAP (Email/set), including
setting it to a value the server already reports for that Email,
<bcp14>MUST</bcp14> result in the corresponding IMAP flag being set on every
message that shares the EMAILID.  Likewise, removing a keyword via
JMAP <bcp14>MUST</bcp14> clear the corresponding flag on every such message.
Clients can therefore force a "server dependent" mixed state into a
defined state by issuing an explicit JMAP set or remove for the
keyword.</t>

<t>By contrast, an IMAP STORE command is not required to affect other
messages sharing the same EMAILID.  A server <bcp14>MAY</bcp14> propagate such a
change to every message with that EMAILID, but it <bcp14>MAY</bcp14> instead apply
the change only to the addressed message.</t>

<t>Note that <xref section="2" sectionFormat="of" target="RFC8621"/> requires the user to hold the
"maySetSeen" right on all mailboxes containing an Email before
"$seen" may be modified via JMAP.</t>

</section>
</section>
<section anchor="objectid-syntax"><name>Formal Syntax</name>

<t>The following syntax specification uses the Augmented Backus-Naur
Form (ABNF) <xref target="RFC5234"/> notation.  Elements not defined here can be
found in the formal syntax of the ABNF <xref target="RFC5234"/>, IMAP <xref target="RFC3501"/>,
IMAP ABNF extensions <xref target="RFC4466"/>, and IMAP ENABLE <xref target="RFC5161"/>
specifications.</t>

<t>Except as noted otherwise, all alphabetic characters are case
insensitive.  The use of uppercase or lowercase characters to define
token strings is for editorial clarity only.  Implementations <bcp14>MUST</bcp14>
accept these strings in a case-insensitive fashion.</t>

<t>Please note specifically that ObjectID values are case sensitive.</t>

<figure><artwork><![CDATA[
capability =/ "OBJECTID+"
        ; the "OBJECTID" capability token's syntax is
        ; defined in [RFC8474]

enable-data =/ "OBJECTID+"
        ; extends the enable-data production from [RFC5161]

objectid = 1*255(ALPHA / DIGIT / "_" / "-")
        ; characters in object identifiers are case
        ; significant

objectid-key = "MAILBOXID" / "ACCOUNTID" / "EMAILID" / "THREADID"
             / atom
        ; future extensions may define additional keys
        ; clients MUST ignore unrecognised keys

objectid-kvpair = objectid-key SP objectid

objectid-compound = "OBJECTID" SP "(" [objectid-kvpair
        *(SP objectid-kvpair)] ")"
        ; space-separated key-value pairs of identifiers
        ; keys not supported by the server are omitted
        ; an empty list "OBJECTID ()" is valid

; --- OBJECTID+ extensions to SELECT/EXAMINE ---

select-param =/ "OBJECTID" [SP "(" objectid-kvpair
        *(SP objectid-kvpair) ")"]
        ; without arguments: activation only
        ; with arguments: ID-based mailbox selection
        ;   with fallback to the mailbox name

; --- OBJECTID+ extensions to FETCH ---

fetch-att =/ "OBJECTID"

msg-att-static =/ objectid-compound

; --- OBJECTID+ extensions to STATUS ---

status-att =/ "OBJECTID"

status-att-val =/ "OBJECTID" SP "(" [objectid-kvpair
        *(SP objectid-kvpair)] ")"
        ; follows tagged-ext production from [RFC4466]

; --- OBJECTID+ response code ---

resp-text-code =/ objectid-compound

; --- OBJECTID+ extensions to SEARCH ---

search-key =/ "EMAILID" SP objectid
        ; matches messages whose EMAILID is exactly
        ; the specified ObjectID

search-key =/ "THREADID" SP objectid
        ; matches messages whose THREADID is exactly
        ; the specified ObjectID
]]></artwork></figure>

</section>
<section anchor="implementation-considerations"><name>Implementation Considerations</name>

<section anchor="assigning-object-identifiers"><name>Assigning Object Identifiers</name>

<t>All ObjectID values are allocated by the server.</t>

<t>In the interest of reducing the possibilities of encoding mistakes,
ObjectIDs are restricted to a safe subset of possible byte values; in
order to allow clients to allocate storage, they are restricted in
length.</t>

<t>An ObjectID is a string of 1 to 255 characters from the following set
of 64 codepoints: a-z, A-Z, 0-9, _, -.  These characters are safe to
use in almost any context (e.g., filesystems, URIs, IMAP atoms).
These are the same characters defined as base64url in <xref target="RFC4648"/>.</t>

<t>For maximum safety, servers should also follow defensive allocation
strategies to avoid creating risks where glob completion or data type
detection may be present (e.g., on filesystems or in spreadsheets).
In particular, it is wise to avoid:</t>

<t><list style="symbols">
  <t>IDs starting with a dash</t>
  <t>IDs starting with digits</t>
  <t>IDs that contain only digits</t>
  <t>IDs that differ only by ASCII case (for example, A vs. a)</t>
  <t>the specific sequence of three characters NIL in any case (because
this sequence can be confused with the IMAP protocol expression of
the null value)</t>
</list></t>

<t>A good solution to these issues is to prefix every ID with a single
alphabetical character.</t>

</section>
<section anchor="interaction-with-special-cases"><name>Interaction with Special Cases</name>

<t>The case of RENAME INBOX may need special handling because it has
special behavior, as defined in <xref section="6.3.5" sectionFormat="of" target="RFC3501"/>.</t>

<t>It is advisable (though not required) to have object identifier
values be globally unique as an implementation convenience.  A proxy
that aggregates multiple independent backend servers <bcp14>MUST</bcp14> return
a different ACCOUNTID for each set of mailboxes served by different
backends, unless it can guarantee that all object identifiers are
unique across those backends. This ensures that clients can rely
on the combination of ACCOUNTID and any other object identifier
being unique within the IMAP session, even when the backend servers
independently assign identifiers that might otherwise collide.</t>

</section>
<section anchor="client-usage"><name>Client Usage</name>

<t>Servers that implement both <xref target="RFC6154"/> and this specification should
optimize their execution of commands like UID SEARCH OR EMAILID 1234
EMAILID 4321.</t>

<t>Clients can assume that searching the all-mail mailbox using OR/
EMAILID or OR/THREADID is a fast way to find messages again if some
other client has moved them out of the mailbox where they were
previously seen.</t>

<t>Clients that cache data offline should fetch the EMAILID of all new
messages to avoid redownloading already-cached message details.</t>

<t>Clients should fetch the MAILBOXID for any new mailboxes before
discarding cache data for any mailbox that is no longer present on
the server so that they can detect renames and avoid redownloading
data.</t>

<t>Clients that support both IMAP and JMAP <bcp14>SHOULD</bcp14> use the ACCOUNTID when
available to maintain accurate mappings between IMAP mailboxes and
JMAP Mailbox objects. This is particularly important for clients that
use JMAP Email Delivery Push notifications, as these notifications
include the accountId property. By correlating the accountId from a
push notification with the ACCOUNTID, clients can efficiently
determine which IMAP mailbox corresponds to a newly delivered message
without requiring additional synchronization operations.</t>

</section>
<section anchor="interaction-with-the-objectid-capability"><name>Interaction with the OBJECTID Capability</name>

<t>A server <bcp14>MAY</bcp14> advertise both OBJECTID and OBJECTID+ to provide
backward compatibility with clients that only support <xref target="RFC8474"/>.
When both capabilities are advertised, the server <bcp14>MUST</bcp14> behave as
defined in <xref target="RFC8474"/> until the client activates OBJECTID+
(<xref target="activation"/>).  Once OBJECTID+ has been activated, the server
<bcp14>MUST</bcp14> use compound OBJECTID response codes in place of MAILBOXID
response codes for CREATE, RENAME, SELECT, and EXAMINE commands,
and <bcp14>MUST</bcp14> support the OBJECTID STATUS attribute and FETCH data item.</t>

<t>A server that advertises only OBJECTID+ is not required to support
the individual MAILBOXID, EMAILID, or THREADID attributes defined
in <xref target="RFC8474"/>.  Such a server uses exclusively the compound
OBJECTID format defined in this specification.</t>

<t>When a server advertises both capabilities, the OBJECTID compound
is functionally equivalent to requesting each of its constituent
identifiers individually.  The server <bcp14>MUST</bcp14> return the same value
for a given identifier whether it is requested individually (as
defined in <xref target="RFC8474"/>) or as part of an OBJECTID compound.  For
example, the MAILBOXID returned within an OBJECTID STATUS response
<bcp14>MUST</bcp14> be identical to the MAILBOXID returned when requested as a
standalone STATUS attribute.  The compound is provided as a
convenience for clients that wish to retrieve all available
identifiers in a single request without enumerating each attribute
separately.</t>

</section>
<section anchor="interaction-with-imap4rev2"><name>Interaction with IMAP4rev2</name>

<t>This specification is written in terms of <xref target="RFC3501"/> (IMAP4rev1) but
applies equally to <xref target="RFC9051"/> (IMAP4rev2). IMAP4rev2 incorporates
the ENABLE command and the MOVE extension natively, so no separate
capability negotiation is needed for those features.</t>

<t>The formal syntax in this document extends the ABNF productions
defined in <xref target="RFC3501"/>. Servers implementing IMAP4rev2 <bcp14>SHOULD</bcp14> apply
the same extensions to the corresponding productions in <xref target="RFC9051"/>.</t>

</section>
<section anchor="interaction-with-move"><name>Interaction with MOVE</name>

<t>The MOVE command <xref target="RFC6851"/> atomically moves messages between
mailboxes. As specified in <xref target="emailid"/>, MOVE is allowed to create
new EMAILIDs and THREADIDs for the destination messages.  The
server <bcp14>SHOULD</bcp14> preserve the EMAILID when the source and destination
mailboxes share the same ACCOUNTID, but is not required to do so.</t>

<t>The MOVE command does not receive an OBJECTID response code. The
COPYUID response code <xref target="RFC4315"/> already provides the UID mapping
between source and destination.</t>

</section>
<section anchor="interaction-with-namespace"><name>Interaction with NAMESPACE</name>

<t>The NAMESPACE extension <xref target="RFC2342"/> exposes that a single IMAP
connection may provide access to mailboxes from different
namespaces, including personal, other users', and shared namespaces.</t>

<t>The ACCOUNTID returned for a mailbox <bcp14>SHOULD</bcp14> reflect the account
that owns the mailbox data, not the account of the authenticated
user accessing it. For example:</t>

<t><list style="symbols">
  <t>Mailboxes in the personal namespace have the authenticated
user's ACCOUNTID.</t>
  <t>Mailboxes in the "Other Users" namespace that belong to a
different user <bcp14>SHOULD</bcp14> have that other user's ACCOUNTID.</t>
  <t>Mailboxes in a shared namespace <bcp14>SHOULD</bcp14> have the ACCOUNTID of
the account that owns the shared data.</t>
</list></t>

<t>This ensures that ACCOUNTID provides meaningful account-level
disambiguation and, when JMAPACCESS is advertised, correctly
correlates with the JMAP accountId that owns the corresponding
Mailbox objects.</t>

</section>
<section anchor="interaction-with-uidonly"><name>Interaction with UIDONLY</name>

<t>When the UIDONLY extension <xref target="RFC9586"/> is active, FETCH responses
are replaced with UIDFETCH responses. The OBJECTID FETCH data
item works identically in UIDFETCH responses. A server that
supports both OBJECTID+ and UIDONLY <bcp14>MUST</bcp14> include the OBJECTID
data item in UIDFETCH responses when requested.</t>

</section>
<section anchor="interaction-with-sort-and-thread"><name>Interaction with SORT and THREAD</name>

<t>The THREAD command defined in <xref target="RFC5256"/> computes thread
relationships algorithmically based on message headers and returns
a thread structure for display purposes. The THREADID defined in
this document is a persistent identifier assigned by the server
to group related messages.</t>

<t>THREADID and the THREAD command are independent. A server <bcp14>MAY</bcp14> use
different algorithms for THREAD responses and THREADID assignment,
and the thread groupings need not correlate. Clients <bcp14>MUST NOT</bcp14>
assume that messages sharing a THREADID will appear in the same
thread structure returned by the THREAD command, or vice versa.</t>

</section>
<section anchor="advice-to-client-implementers"><name>Advice to Client Implementers</name>

<t>In cases of server failure and disaster recovery, or misbehaving
servers, it is possible that a client will be sent invalid
information, e.g., identical ObjectIDs or ObjectIDs that have changed
where they <bcp14>MUST NOT</bcp14> change according to this document.</t>

<t>In a case where a client detects inconsistent ObjectID responses from
a server, it <bcp14>SHOULD</bcp14> fall back to relying on the guarantees of
<xref target="RFC3501"/>.  For simplicity, a client <bcp14>MAY</bcp14> instead choose to discard its
entire cache and resync all state from the server.</t>

<t>Client authors protecting against server misbehavior <bcp14>MUST</bcp14> ensure that
their design cannot get into an infinite loop of discarding cache and
fetching the same data repeatedly without user interaction.</t>

</section>
</section>
<section anchor="future-considerations"><name>Future Considerations</name>

<t>This extension is intentionally defined to be compatible with the
data model in JMAP for Mail.</t>

<t>A future extension to the Sieve <spanx style="verb">:mailboxid</spanx> extension <xref target="RFC9042"/>
could add ACCOUNTID support for multi-account environments.</t>

<t>An extension to allow fetching message content directly via EMAILID
and message listings by THREADID could be proposed.</t>

</section>
<section anchor="iana-considerations"><name>IANA Considerations</name>

<section anchor="imap-capabilities-registry"><name>IMAP Capabilities Registry</name>

<t>IANA is requested to add the following entry to the "IMAP Capabilities"
registry located at <eref target="https://www.iana.org/assignments/imap-capabilities">https://www.iana.org/assignments/imap-capabilities</eref>:</t>

<texttable>
      <ttcol align='left'>Capability</ttcol>
      <ttcol align='left'>Reference</ttcol>
      <c>OBJECTID+</c>
      <c>This document</c>
</texttable>

<t>IANA is requested to update the reference for the existing
"JMAPACCESS" entry in the "IMAP Capabilities" registry from
<xref target="RFC9698"/> to this document.</t>

<t>The existing "OBJECTID" entry registered by <xref target="RFC8474"/> remains
unchanged. Servers <bcp14>MAY</bcp14> advertise OBJECTID alongside OBJECTID+ for
backward compatibility as described in this document.</t>

</section>
<section anchor="imap-response-codes-registry"><name>IMAP Response Codes Registry</name>

<t>IANA is requested to add the following entry to the "IMAP Response
Codes" registry located at
<eref target="https://www.iana.org/assignments/imap-response-codes">https://www.iana.org/assignments/imap-response-codes</eref>:</t>

<texttable>
      <ttcol align='left'>Response Code</ttcol>
      <ttcol align='left'>Reference</ttcol>
      <c>OBJECTID</c>
      <c>This document</c>
</texttable>

<t>The existing "MAILBOXID" entry in the "IMAP Response Codes" registry,
registered by <xref target="RFC8474"/>, remains unchanged.</t>

</section>
</section>
<section anchor="security-considerations"><name>Security Considerations</name>

<section anchor="object-identifier-generation"><name>Object Identifier Generation</name>

<t>It is strongly advised that servers generate ObjectIDs that are safe
to use as filesystem names and unlikely to be autodetected as
numbers.  See implementation considerations.</t>

<t>If a digest is used for ID generation, it must have a collision-
resistant property, so server implementations are advised to monitor
current security research and choose secure digests.  As the IDs are
generated by the server, it will be possible to migrate to a new hash
by just using the new algorithm when creating new IDs.  This is
particularly true if a prefix is used on each ID, which can be
changed when the algorithm changes.</t>

<t>The use of a digest for ID generation may be used as proof that a
particular sequence of bytes was seen by the server.  However, this
is only a risk if IDs are leaked to clients who don't have permission
to fetch the data directly.  Servers that are expected to handle
highly sensitive data should consider this when choosing how to
create IDs.</t>

<t>See also the security considerations in <xref section="11" sectionFormat="of" target="RFC3501"/>.</t>

</section>
<section anchor="account-identifier-exposure"><name>Account Identifier Exposure</name>

<t>The ACCOUNTID reveals information about the account structure of the
server and which mailboxes belong to which accounts. While this
information is generally not considered sensitive in the context of an
authenticated IMAP session, servers that wish to minimize information
disclosure <bcp14>MAY</bcp14> choose to generate account identifiers using
unpredictable values (such as UUIDs) rather than sequential numbers
or other patterns that might reveal information about account creation
order or the total number of accounts on the server.</t>

</section>
<section anchor="cross-account-information-leakage"><name>Cross-Account Information Leakage</name>

<t>Servers <bcp14>MUST</bcp14> ensure that the ACCOUNTID mechanism does not inadvertently
grant users access to information about accounts they are not authorized
to access. In particular, servers <bcp14>MUST NOT</bcp14> return account identifiers
for accounts that the authenticated user does not have permission to
access, even if such accounts exist on the server.</t>

</section>
<section anchor="consistency-with-jmap-authentication"><name>Consistency with JMAP Authentication</name>

<t>A server <bcp14>MUST NOT</bcp14> advertise JMAPACCESS unless the authentication
credentials used for the IMAP session are sufficient to also
authenticate via JMAP.  Inconsistencies in authentication or
authorization between IMAP and JMAP could lead to situations where
a client receives account identifiers that it cannot subsequently use
to access the corresponding JMAP resources, potentially revealing the
existence of accounts the user cannot access.</t>

<t>The JMAP session URL returned by GETJMAPACCESS is available to any
authenticated IMAP client.  This reveals that a JMAP server exists
for the user, but since an authenticated client with valid credentials
could discover this independently via <xref target="RFC8620"/> Section 2.2, this
does not represent a meaningful increase in exposure.</t>

</section>
<section anchor="privacy-in-multi-tenant-environments"><name>Privacy in Multi-Tenant Environments</name>

<t>In multi-tenant or hosted environments, servers <bcp14>SHOULD</bcp14> generate account
identifiers in a manner that does not reveal relationships between
accounts or organizational structures that users should not be aware of.
For example, if multiple accounts belong to the same organization, the
account identifier generation mechanism should not use patterns that
would allow users to infer these relationships unless such information
is explicitly intended to be visible.</t>

</section>
</section>


  </middle>

  <back>


<references title='References' anchor="sec-combined-references">

    <references title='Normative References' anchor="sec-normative-references">



<reference anchor="RFC3501">
  <front>
    <title>INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1</title>
    <author fullname="M. Crispin" initials="M." surname="Crispin"/>
    <date month="March" year="2003"/>
    <abstract>
      <t>The Internet Message Access Protocol, Version 4rev1 (IMAP4rev1) allows a client to access and manipulate electronic mail messages on a server. IMAP4rev1 permits manipulation of mailboxes (remote message folders) in a way that is functionally equivalent to local folders. IMAP4rev1 also provides the capability for an offline client to resynchronize with the server. IMAP4rev1 includes operations for creating, deleting, and renaming mailboxes, checking for new messages, permanently removing messages, setting and clearing flags, RFC 2822 and RFC 2045 parsing, searching, and selective fetching of message attributes, texts, and portions thereof. Messages in IMAP4rev1 are accessed by the use of numbers. These numbers are either message sequence numbers or unique identifiers. IMAP4rev1 supports a single server. A mechanism for accessing configuration information to support multiple IMAP4rev1 servers is discussed in RFC 2244. IMAP4rev1 does not specify a means of posting mail; this function is handled by a mail transfer protocol such as RFC 2821. [STANDARDS-TRACK]</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="3501"/>
  <seriesInfo name="DOI" value="10.17487/RFC3501"/>
</reference>
<reference anchor="RFC4466">
  <front>
    <title>Collected Extensions to IMAP4 ABNF</title>
    <author fullname="A. Melnikov" initials="A." surname="Melnikov"/>
    <author fullname="C. Daboo" initials="C." surname="Daboo"/>
    <date month="April" year="2006"/>
    <abstract>
      <t>Over the years, many documents from IMAPEXT and LEMONADE working groups, as well as many individual documents, have added syntactic extensions to many base IMAP commands described in RFC 3501. For ease of reference, this document collects most of such ABNF changes in one place.</t>
      <t>This document also suggests a set of standard patterns for adding options and extensions to several existing IMAP commands defined in RFC 3501. The patterns provide for compatibility between existing and future extensions.</t>
      <t>This document updates ABNF in RFCs 2088, 2342, 3501, 3502, and 3516. It also includes part of the errata to RFC 3501. This document doesn't specify any semantic changes to the listed RFCs. [STANDARDS-TRACK]</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="4466"/>
  <seriesInfo name="DOI" value="10.17487/RFC4466"/>
</reference>
<reference anchor="RFC5234">
  <front>
    <title>Augmented BNF for Syntax Specifications: ABNF</title>
    <author fullname="D. Crocker" initials="D." role="editor" surname="Crocker"/>
    <author fullname="P. Overell" initials="P." surname="Overell"/>
    <date month="January" year="2008"/>
    <abstract>
      <t>Internet technical specifications often need to define a formal syntax. Over the years, a modified version of Backus-Naur Form (BNF), called Augmented BNF (ABNF), has been popular among many Internet specifications. The current specification documents ABNF. It balances compactness and simplicity with reasonable representational power. The differences between standard BNF and ABNF involve naming rules, repetition, alternatives, order-independence, and value ranges. This specification also supplies additional rule definitions and encoding for a core lexical analyzer of the type common to several Internet specifications. [STANDARDS-TRACK]</t>
    </abstract>
  </front>
  <seriesInfo name="STD" value="68"/>
  <seriesInfo name="RFC" value="5234"/>
  <seriesInfo name="DOI" value="10.17487/RFC5234"/>
</reference>
<reference anchor="RFC5256">
  <front>
    <title>Internet Message Access Protocol - SORT and THREAD Extensions</title>
    <author fullname="M. Crispin" initials="M." surname="Crispin"/>
    <author fullname="K. Murchison" initials="K." surname="Murchison"/>
    <date month="June" year="2008"/>
    <abstract>
      <t>This document describes the base-level server-based sorting and threading extensions to the IMAP protocol. These extensions provide substantial performance improvements for IMAP clients that offer sorted and threaded views. [STANDARDS-TRACK]</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="5256"/>
  <seriesInfo name="DOI" value="10.17487/RFC5256"/>
</reference>
<reference anchor="RFC5819">
  <front>
    <title>IMAP4 Extension for Returning STATUS Information in Extended LIST</title>
    <author fullname="A. Melnikov" initials="A." surname="Melnikov"/>
    <author fullname="T. Sirainen" initials="T." surname="Sirainen"/>
    <date month="March" year="2010"/>
    <abstract>
      <t>Many IMAP clients display information about total number of messages / total number of unseen messages in IMAP mailboxes. In order to do that, they are forced to issue a LIST or LSUB command and to list all available mailboxes, followed by a STATUS command for each mailbox found. This document provides an extension to LIST command that allows the client to request STATUS information for mailboxes together with other information typically returned by the LIST command. [STANDARDS-TRACK]</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="5819"/>
  <seriesInfo name="DOI" value="10.17487/RFC5819"/>
</reference>
<reference anchor="RFC6851">
  <front>
    <title>Internet Message Access Protocol (IMAP) - MOVE Extension</title>
    <author fullname="A. Gulbrandsen" initials="A." surname="Gulbrandsen"/>
    <author fullname="N. Freed" initials="N." role="editor" surname="Freed"/>
    <date month="January" year="2013"/>
    <abstract>
      <t>This document defines an IMAP extension consisting of two new commands, MOVE and UID MOVE, that are used to move messages from one mailbox to another. [STANDARDS-TRACK]</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="6851"/>
  <seriesInfo name="DOI" value="10.17487/RFC6851"/>
</reference>
<reference anchor="RFC8474">
  <front>
    <title>IMAP Extension for Object Identifiers</title>
    <author fullname="B. Gondwana" initials="B." role="editor" surname="Gondwana"/>
    <date month="September" year="2018"/>
    <abstract>
      <t>This document updates RFC 3501 (IMAP4rev1) with persistent identifiers on mailboxes and messages to allow clients to more efficiently reuse cached data when resources have changed location on the server.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="8474"/>
  <seriesInfo name="DOI" value="10.17487/RFC8474"/>
</reference>
<reference anchor="RFC8620">
  <front>
    <title>The JSON Meta Application Protocol (JMAP)</title>
    <author fullname="N. Jenkins" initials="N." surname="Jenkins"/>
    <author fullname="C. Newman" initials="C." surname="Newman"/>
    <date month="July" year="2019"/>
    <abstract>
      <t>This document specifies a protocol for clients to efficiently query, fetch, and modify JSON-based data objects, with support for push notification of changes and fast resynchronisation and for out-of- band binary data upload/download.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="8620"/>
  <seriesInfo name="DOI" value="10.17487/RFC8620"/>
</reference>
<reference anchor="RFC8621">
  <front>
    <title>The JSON Meta Application Protocol (JMAP) for Mail</title>
    <author fullname="N. Jenkins" initials="N." surname="Jenkins"/>
    <author fullname="C. Newman" initials="C." surname="Newman"/>
    <date month="August" year="2019"/>
    <abstract>
      <t>This document specifies a data model for synchronising email data with a server using the JSON Meta Application Protocol (JMAP). Clients can use this to efficiently search, access, organise, and send messages, and to get push notifications for fast resynchronisation when new messages are delivered or a change is made in another client.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="8621"/>
  <seriesInfo name="DOI" value="10.17487/RFC8621"/>
</reference>
<reference anchor="RFC9051">
  <front>
    <title>Internet Message Access Protocol (IMAP) - Version 4rev2</title>
    <author fullname="A. Melnikov" initials="A." role="editor" surname="Melnikov"/>
    <author fullname="B. Leiba" initials="B." role="editor" surname="Leiba"/>
    <date month="August" year="2021"/>
    <abstract>
      <t>The Internet Message Access Protocol Version 4rev2 (IMAP4rev2) allows a client to access and manipulate electronic mail messages on a server. IMAP4rev2 permits manipulation of mailboxes (remote message folders) in a way that is functionally equivalent to local folders. IMAP4rev2 also provides the capability for an offline client to resynchronize with the server.</t>
      <t>IMAP4rev2 includes operations for creating, deleting, and renaming mailboxes; checking for new messages; removing messages permanently; setting and clearing flags; parsing per RFCs 5322, 2045, and 2231; searching; and selective fetching of message attributes, texts, and portions thereof. Messages in IMAP4rev2 are accessed by the use of numbers. These numbers are either message sequence numbers or unique identifiers.</t>
      <t>IMAP4rev2 does not specify a means of posting mail; this function is handled by a mail submission protocol such as the one specified in RFC 6409.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="9051"/>
  <seriesInfo name="DOI" value="10.17487/RFC9051"/>
</reference>
<reference anchor="RFC9698">
  <front>
    <title>The JMAPACCESS Extension for IMAP</title>
    <author fullname="A. Gulbrandsen" initials="A." surname="Gulbrandsen"/>
    <author fullname="B. Gondwana" initials="B." surname="Gondwana"/>
    <date month="January" year="2025"/>
    <abstract>
      <t>This document defines an IMAP extension to let clients know that the messages in this IMAP server are also available via the JSON Meta Application Protocol (JMAP), and how. It is intended for clients that want to migrate gradually to JMAP or use JMAP extensions within an IMAP client.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="9698"/>
  <seriesInfo name="DOI" value="10.17487/RFC9698"/>
</reference>
<reference anchor="RFC5161">
  <front>
    <title>The IMAP ENABLE Extension</title>
    <author fullname="A. Gulbrandsen" initials="A." role="editor" surname="Gulbrandsen"/>
    <author fullname="A. Melnikov" initials="A." role="editor" surname="Melnikov"/>
    <date month="March" year="2008"/>
    <abstract>
      <t>Most IMAP extensions are used by the client when it wants to and the server supports it. However, a few extensions require the server to know whether a client supports that extension. The ENABLE extension allows an IMAP client to say which extensions it supports. [STANDARDS-TRACK]</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="5161"/>
  <seriesInfo name="DOI" value="10.17487/RFC5161"/>
</reference>
<reference anchor="RFC2119">
  <front>
    <title>Key words for use in RFCs to Indicate Requirement Levels</title>
    <author fullname="S. Bradner" initials="S." surname="Bradner"/>
    <date month="March" year="1997"/>
    <abstract>
      <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="14"/>
  <seriesInfo name="RFC" value="2119"/>
  <seriesInfo name="DOI" value="10.17487/RFC2119"/>
</reference>
<reference anchor="RFC8174">
  <front>
    <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
    <author fullname="B. Leiba" initials="B." surname="Leiba"/>
    <date month="May" year="2017"/>
    <abstract>
      <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
    </abstract>
  </front>
  <seriesInfo name="BCP" value="14"/>
  <seriesInfo name="RFC" value="8174"/>
  <seriesInfo name="DOI" value="10.17487/RFC8174"/>
</reference>



    </references>

    <references title='Informative References' anchor="sec-informative-references">



<reference anchor="RFC2342">
  <front>
    <title>IMAP4 Namespace</title>
    <author fullname="M. Gahrns" initials="M." surname="Gahrns"/>
    <author fullname="C. Newman" initials="C." surname="Newman"/>
    <date month="May" year="1998"/>
    <abstract>
      <t>This document defines a NAMESPACE command that allows a client to discover the prefixes of namespaces used by a server for personal mailboxes, other users' mailboxes, and shared mailboxes. [STANDARDS-TRACK]</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="2342"/>
  <seriesInfo name="DOI" value="10.17487/RFC2342"/>
</reference>
<reference anchor="RFC4122">
  <front>
    <title>A Universally Unique IDentifier (UUID) URN Namespace</title>
    <author fullname="P. Leach" initials="P." surname="Leach"/>
    <author fullname="M. Mealling" initials="M." surname="Mealling"/>
    <author fullname="R. Salz" initials="R." surname="Salz"/>
    <date month="July" year="2005"/>
    <abstract>
      <t>This specification defines a Uniform Resource Name namespace for UUIDs (Universally Unique IDentifier), also known as GUIDs (Globally Unique IDentifier). A UUID is 128 bits long, and can guarantee uniqueness across space and time. UUIDs were originally used in the Apollo Network Computing System and later in the Open Software Foundation\'s (OSF) Distributed Computing Environment (DCE), and then in Microsoft Windows platforms.</t>
      <t>This specification is derived from the DCE specification with the kind permission of the OSF (now known as The Open Group). Information from earlier versions of the DCE specification have been incorporated into this document. [STANDARDS-TRACK]</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="4122"/>
  <seriesInfo name="DOI" value="10.17487/RFC4122"/>
</reference>
<reference anchor="RFC4315">
  <front>
    <title>Internet Message Access Protocol (IMAP) - UIDPLUS extension</title>
    <author fullname="M. Crispin" initials="M." surname="Crispin"/>
    <date month="December" year="2005"/>
    <abstract>
      <t>The UIDPLUS extension of the Internet Message Access Protocol (IMAP) provides a set of features intended to reduce the amount of time and resources used by some client operations. The features in UIDPLUS are primarily intended for disconnected-use clients. [STANDARDS-TRACK]</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="4315"/>
  <seriesInfo name="DOI" value="10.17487/RFC4315"/>
</reference>
<reference anchor="RFC4648">
  <front>
    <title>The Base16, Base32, and Base64 Data Encodings</title>
    <author fullname="S. Josefsson" initials="S." surname="Josefsson"/>
    <date month="October" year="2006"/>
    <abstract>
      <t>This document describes the commonly used base 64, base 32, and base 16 encoding schemes. It also discusses the use of line-feeds in encoded data, use of padding in encoded data, use of non-alphabet characters in encoded data, use of different encoding alphabets, and canonical encodings. [STANDARDS-TRACK]</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="4648"/>
  <seriesInfo name="DOI" value="10.17487/RFC4648"/>
</reference>
<reference anchor="RFC6154">
  <front>
    <title>IMAP LIST Extension for Special-Use Mailboxes</title>
    <author fullname="B. Leiba" initials="B." surname="Leiba"/>
    <author fullname="J. Nicolson" initials="J." surname="Nicolson"/>
    <date month="March" year="2011"/>
    <abstract>
      <t>Some IMAP message stores include special-use mailboxes, such as those used to hold draft messages or sent messages. Many mail clients allow users to specify where draft or sent messages should be put, but configuring them requires that the user know which mailboxes the server has set aside for these purposes. This extension adds new optional mailbox attributes that a server may include in IMAP LIST command responses to identify special-use mailboxes to the client, easing configuration. [STANDARDS-TRACK]</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="6154"/>
  <seriesInfo name="DOI" value="10.17487/RFC6154"/>
</reference>
<reference anchor="RFC7377">
  <front>
    <title>IMAP4 Multimailbox SEARCH Extension</title>
    <author fullname="B. Leiba" initials="B." surname="Leiba"/>
    <author fullname="A. Melnikov" initials="A." surname="Melnikov"/>
    <date month="October" year="2014"/>
    <abstract>
      <t>The IMAP4 specification allows the searching of only the selected mailbox. A user often wants to search multiple mailboxes, and a client that wishes to support this must issue a series of SELECT and SEARCH commands, waiting for each to complete before moving on to the next. This extension allows a client to search multiple mailboxes with one command, limiting the delays caused by many round trips and not requiring disruption of the currently selected mailbox. This extension also uses MAILBOX, UIDVALIDITY, and TAG fields in ESEARCH responses, allowing a client to pipeline the searches if it chooses. This document updates RFC 4466 and obsoletes RFC 6237.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="7377"/>
  <seriesInfo name="DOI" value="10.17487/RFC7377"/>
</reference>
<reference anchor="RFC9042">
  <front>
    <title>Sieve Email Filtering: Delivery by MAILBOXID</title>
    <author fullname="B. Gondwana" initials="B." role="editor" surname="Gondwana"/>
    <date month="June" year="2021"/>
    <abstract>
      <t>The OBJECTID capability of IMAP (RFC 8474) allows clients to identify mailboxes by a unique identifier that survives renaming.</t>
      <t>This document extends the Sieve email filtering language (RFC 5228) to allow using that same unique identifier as a target for fileinto rules and for testing the existence of mailboxes.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="9042"/>
  <seriesInfo name="DOI" value="10.17487/RFC9042"/>
</reference>
<reference anchor="RFC9586">
  <front>
    <title>IMAP Extension for Using and Returning Unique Identifiers (UIDs) Only</title>
    <author fullname="A. Melnikov" initials="A." surname="Melnikov"/>
    <author fullname="A. P. Achuthan" initials="A. P." surname="Achuthan"/>
    <author fullname="V. Nagulakonda" initials="V." surname="Nagulakonda"/>
    <author fullname="A. Singh" initials="A." surname="Singh"/>
    <author fullname="L. Alves" initials="L." surname="Alves"/>
    <date month="May" year="2024"/>
    <abstract>
      <t>The UIDONLY extension to the Internet Message Access Protocol (RFCs 3501 and 9051) allows clients to enable a mode in which information about mailbox changes is returned using only Unique Identifiers (UIDs). Message numbers are not returned in responses and cannot be used in requests once this extension is enabled. This helps both clients and servers to reduce resource usage required to maintain a map between message numbers and UIDs.</t>
      <t>This document defines an experimental IMAP extension.</t>
    </abstract>
  </front>
  <seriesInfo name="RFC" value="9586"/>
  <seriesInfo name="DOI" value="10.17487/RFC9586"/>
</reference>



    </references>

</references>


<?line 1153?>

<section anchor="ideas-for-implementing-object-identifiers"><name>Ideas for Implementing Object Identifiers</name>

<t>Ideas for calculating account identifiers:</t>

<t><list style="symbols">
  <t>Universally Unique Identifier (UUID) <xref target="RFC4122"/></t>
  <t>Server-assigned sequence number (guaranteed not to be reused)</t>
  <t>Hash of the JMAP accountId (if JMAP integration is provided)</t>
</list></t>

<t>Ideas for calculating mailbox identifiers:</t>

<t><list style="symbols">
  <t>Universally Unique Identifier (UUID) <xref target="RFC4122"/></t>
  <t>Server-assigned sequence number (guaranteed not to be reused)</t>
</list></t>

<t>Ideas for implementing EMAILID:</t>

<t><list style="symbols">
  <t>Digest of message content (RFC822 bytes) -- expensive unless
cached</t>
  <t>UUID <xref target="RFC4122"/></t>
  <t>Server-assigned sequence number (guaranteed not to be reused)</t>
</list></t>

<t>Ideas for implementing THREADID:</t>

<t><list style="symbols">
  <t>Derive from EMAILID of first seen message in the thread.</t>
  <t>UUID <xref target="RFC4122"/></t>
  <t>Server-assigned sequence number (guaranteed not to be reused)</t>
</list></t>

<t>There is a need to index and look up reference/in-reply-to data at
message creation to efficiently find matching messages for threading.
Threading may be either across mailboxes or within each mailbox only.
The server has significant leeway here.</t>

</section>
<section anchor="changes-from-rfc-8474-and-rfc-9698"><name>Changes from RFC 8474 and RFC 9698</name>

<t>This document obsoletes <xref target="RFC8474"/>, updates <xref target="RFC9698"/>, and
introduces the following changes:</t>

<t>The OBJECTID+ capability and extension is defined as an independent
extension that may be advertised alongside or in place of the
OBJECTID capability from <xref target="RFC8474"/>.  Servers that advertise only
OBJECTID+ are not required to support the individual MAILBOXID,
EMAILID, or THREADID attributes defined in <xref target="RFC8474"/>.</t>

<t>The compound OBJECTID response format is introduced, using
key-value pairs where unsupported identifiers are omitted rather
than returned as NIL.  This compound format is used uniformly for
SELECT, EXAMINE, CREATE, RENAME, STATUS, and FETCH responses.</t>

<t>The ACCOUNTID identifier is defined for account-level context,
enabling disambiguation of mailboxes in environments where
multiple accounts are accessible through a single IMAP session.</t>

<t>The RENAME command now returns an OBJECTID response code containing
the identifiers of the renamed mailbox, which is new behavior not
present in <xref target="RFC8474"/>.</t>

<t>The OBJECTID SELECT/EXAMINE parameter is introduced, supporting
both activation of the OBJECTID+ extension and identifier-based
mailbox selection with fallback to the mailbox name.</t>

<t>An implicit activation model replaces mandatory ENABLE: OBJECTID+
is activated when the client uses any OBJECTID+-specific feature
(OBJECTID in SELECT, EXAMINE, FETCH, or STATUS, or ENABLE
OBJECTID+), with an untagged ENABLED response to signal activation.</t>

<t>The OBJECTID FETCH data item provides EMAILID and THREADID in
compound form.  The OBJECTID STATUS attribute provides MAILBOXID
and ACCOUNTID in compound form.</t>

<t>The JMAPACCESS capability and GETJMAPACCESS command defined in
<xref target="RFC9698"/> are updated: when a server advertises both JMAPACCESS
and OBJECTID+, it additionally asserts that IMAP ACCOUNTIDs
correspond directly to JMAP accountIds.</t>

<t>Security considerations are added for account identifier exposure,
cross-account information leakage, JMAP authentication consistency,
and privacy in multi-tenant environments.</t>

<t>IANA registrations are updated to include the OBJECTID+ capability,
JMAPACCESS capability, and OBJECTID response code.</t>

</section>
<section anchor="acknowledgements"><name>Acknowledgements</name>

<t>The authors would like to thank the members of the IETF mailmaint
working group for their contributions to this specification.</t>

</section>
<section anchor="changes"><name>Changes</name>

<t>[[This section to be removed by RFC Editor]]</t>

<t><strong>draft-ietf-mailmaint-imap-objectid-bis-05</strong></t>

<t><list style="symbols">
  <t>Added <xref target="jmapaccess"/> subsection specifying how the per-message
IMAP flags of messages sharing an EMAILID relate to the single
JMAP keywords set of the corresponding Email when JMAPACCESS and
OBJECTID+ are both advertised; added RFC 8621 as a normative
reference and a cross-reference from the EMAILID note</t>
</list></t>

<t><strong>draft-ietf-mailmaint-imap-objectid-bis-04</strong></t>

<t><list style="symbols">
  <t>Unified wording for the empty compound "OBJECTID ()" across the
introduction and <xref target="objectid-compound"/> ("in the current context")</t>
  <t>Clarified in <xref target="objectid-compound"/> that the compound format is
used both by the server (in responses) and by the client (as
the argument to the OBJECTID parameter on SELECT/EXAMINE)</t>
  <t>Moved the "Relationship to Individual Attributes" content from
<xref target="objectid-compound"/> into the OBJECTID-capability interaction
section, scoping the equivalence to servers that advertise both
capabilities</t>
  <t>Added a paragraph to <xref target="accountid"/> describing how ACCOUNTID is
returned in compound OBJECTID responses, mirroring the
corresponding paragraph for MAILBOXID in <xref target="mailboxid"/></t>
  <t>Clarified the {name, uidvalidity, uid} triple in <xref target="emailid"/> as
{mailbox name, uidvalidity, uid}</t>
  <t>Added guidance in <xref target="select-objectid"/> on how clients can
determine the current name of a mailbox selected by identifier
after a rename (the OLDNAME extended data item from
Section 6.3.9.7 of <xref target="RFC9051"/> for IMAP4rev2; LIST plus OBJECTID
STATUS for IMAP4rev1)</t>
  <t>Aligned the CREATE response-code phrasing in <xref target="create-objectid"/>
with the RENAME phrasing in <xref target="rename-objectid"/>, dropping the
"instead of MAILBOXID" comparison</t>
  <t>Removed a duplicated LIST-STATUS example from
<xref target="status-objectid"/></t>
  <t>Restricted the formal-syntax capability production in
<xref target="objectid-syntax"/> to "OBJECTID+" only; "OBJECTID" remains
defined by <xref target="RFC8474"/></t>
</list></t>

<t><strong>draft-ietf-mailmaint-imap-objectid-bis-03</strong></t>

<t><list style="symbols">
  <t>Relaxed uniqueness scope for MAILBOXID, EMAILID, and THREADID
from server-wide (<xref target="RFC8474"/>) to within a single ACCOUNTID</t>
  <t>Updated JMAPACCESS (<xref target="RFC9698"/>): when advertised with OBJECTID+,
server additionally asserts ACCOUNTID corresponds to JMAP accountId</t>
</list></t>

<t><strong>draft-ietf-mailmaint-imap-objectid-bis-02</strong></t>

<t><list style="symbols">
  <t>Extended SELECT/EXAMINE OBJECTID parameter to support ID-based
mailbox selection with fallback to mailbox name, following the
pattern established by <xref target="RFC9042"/></t>
  <t>Removed restatement of <xref target="RFC8474"/> behavior for MAILBOXID,
EMAILID, and THREADID; this document now references <xref target="RFC8474"/>
for base OBJECTID behavior and focuses on OBJECTID+ extensions</t>
  <t>Reduced introduction length</t>
  <t>Clients <bcp14>MUST</bcp14> ignore unrecognised key-value pairs in compound
OBJECTID responses (extensibility)</t>
  <t>ABNF objectid-key extended to allow future keys via atom</t>
  <t>Clarified COPY/MOVE EMAILID semantics: COPY/MOVE <bcp14>MAY</bcp14> create
new EMAILIDs; same EMAILID <bcp14>MUST</bcp14> have same content; same
content <bcp14>SHOULD</bcp14> have same EMAILID</t>
</list></t>

<t><strong>draft-ietf-mailmaint-imap-objectid-bis-01</strong></t>

<t><list style="symbols">
  <t>Replaced mandatory ENABLE with implicit activation model:
OBJECTID+ is activated when the client uses any
OBJECTID+-specific feature (OBJECTID in SELECT/FETCH/STATUS,
or ENABLE OBJECTID+)</t>
  <t>Changed compound OBJECTID format from positional with NIL to
key-value pairs where unsupported identifiers are omitted</t>
  <t>Removed ACCOUNTID from FETCH OBJECTID (redundant with SELECT)</t>
  <t>Removed standalone ACCOUNTID STATUS attribute, FETCH data item,
and SEARCH filter; ACCOUNTID is only available through compound
OBJECTID responses</t>
  <t>Added OBJECTID parameter for SELECT/EXAMINE as an activation
trigger</t>
  <t>MAILBOXID reverted to single objectid format in individual
items (compatible with RFC 8474)</t>
  <t>Renamed capability from OBJECTIDBIS to OBJECTID+</t>
  <t>Clarified that object identifiers only need to be unique within
the scope of a single ACCOUNTID; proxies <bcp14>MUST</bcp14> assign different
ACCOUNTIDs for different backends</t>
</list></t>

<t><strong>draft-ietf-mailmaint-imap-objectid-bis-00</strong></t>

<t><list style="symbols">
  <t>Initial version</t>
</list></t>

</section>


  </back>

<!-- ##markdown-source:
H4sIAAAAAAAAA819a3fbyJXg9/oVtfKeE6lD0qIetiRPZkcty2nN+NFrydPT
291nApIghRgEOAAoWXE8v2V/y/6yva+qugWAkpx0JuNz0qFAoh63bt33Yzgc
miZr8vTEXrw5/d6ef2rSos7Kws7Lyr6b/DGdNvZilhZNNs/SqjbJZFKlN/Lr
d9/+8/nZ1cXL35pZOS2SJYwyq5J5M8zSZj5cJlkO/yvgz2WyGpY0WDYbTrJ6
uHto6vVkmdU419XdCuc/v3plpkmTLsrq7sTWzcysVzP4uz6x71+d7R/ujgf4
4Xj3UD48Oz4y5aQu89T96Ojg+YHJVtWJbap13ezt7h7v7pmP6d1tWc1giqJJ
qyJthi9xlaZukmL270leFjD9XVob+NXHRVWuVyfWL96sshP7U1NOB7Yuq6ZK
5zV8ulvih1+MSdbNdVmdGDs0Fv5lBSzk25H9fVnMbpMioYcMmW8rgGr0vKwW
J/ZVUjc4GT1x0I0e1jBp2pzY1+lNmtu9gR2PD+wPWZ5nydJeNvSbadYAzN6k
+aRcww7pWZUuALgn9l8vzuz+7u4u/7BcFw3C9xTgUyUwBj1OcbYTO4E1Lv5p
LrM3abIcTcsl/WJdARyum2ZVnzx9ent7O3K/4l+o7b8Z2Zep/X1aFElVKgC8
SdZV2f6KYHDZJPltUjX2dTKp7evXZxEwom8jiIz3d4/tWTmfp2lhT2/SYp0O
7OU6a1I73nMbJshcXqdVNkuKCDA//CggmcHqjvaOdscxiD5cnmrgLHH9/1Tj
akawnC5UwlemKKtl0mQ36Qn9TPDXI7J7eHDw7NmJ++AeHu7tH5y4D+Hh4bMT
98E/PBofn7gP7uGzo0OeCD+4h3gxwg1xD5/t7Z64D+rh2D30r+OdO3Ef/EO4
fyf+IroljZ/xL/GDMVkx70ACdrV34j54SIz3+CF+8A/3x4cn7oN/+OyAp8UP
ftPjQ94ffnAPn+8/f37iPoStyOz4wT88PGLo4gdjhsMhYB/ejymc5dV1Vlsg
cOslkEE7S+dZkda2uU4D/bNpRDeROA7s7XU2vQ4Eyn7+LPD/8mVk1btAZKpy
tp7CTxJAvuUK8G/mvzdVWq/Kok4tQxImhv9M4Cc5vMBE1WaBQuNwpQWSN7xJ
8nVqVklWAcVK4IKcnb378BaGVD+n5SZTQvlhTgRmWgKV/NQMelaAN6WmV3D3
78/fnr45xxUvgY7iFDM18nCS1OmM6Oik/GTqNEfqDwC6yRJ7ef4ahqY3zv/t
9M3F2/ORvdoA0AyYDrx5A5wAxl+u8gyudH4H4IVLDwDLMzyWdY3gK+7CEMN6
lU5hKVMzT5NmXQFpgBHhwhYLO0mmH4GkzAjcgJ2TLAcyYW+z5loGrBnOZZHf
AadarYD0tw4wRoskr0sr/Ip/iLfiy5cTWqf5Z8AIgP/55SXsxyazm7RqMoQP
cp9FDWALCx+ok6IzrO2bD5dXZlpWfBIzCyeMI7qTu5jVI8baZTYDvDDmCfI6
wiqEeRuHe3GSTsNh9wowKavhCBqjcQuOQw6UoA3Hm9Z1ssDrUMJW8vI2gK+0
y7JKTTqHI8BHcGRVukYsSqbXsHMAVcKHCLsCroX4f53cwPfXSbGAH+QlSAO4
epgV8a1OKwAbQP7iIXDbCNzmLwK3DeA2veDehK+TdZbPalicLFtftgoYIQoZ
JgVeMcmzGgExuescgyIJNVxK4NO2SAG2ySohVM1SWMFFIEY9dMPeSzeW67zJ
VoApHcqR2FVSwbPrtM7+hKcAaGDLeaAolijKC01zDI0dzggwDeYoysa6qwND
2hov750tl1mDV3lelUt6xy10xFjqdyLrhkdrPLp1keETGCGZVmVdCxEZOAoy
MGfvz0+vzgdCmEASuDq9+nDJhOnV+dXZd34qxORpSrOHg7tOajNBScKTGzjl
V4CZtgEBtUYg9JDbZQILWq3SpCLykfGhu02YznEA/r45vXj97bt/Q0KMR8cw
G+L1mTKRi8izSeG+uGvHpyi3s3aQgPMCxEIqj1cQCZy6hTO46MDG6MXEjwOb
tbRZfndmqwTWjYQdOMUsReowI8BV6bRKGRjnuHBZddFmIkIJmH0UTe9Czdm7
73+kUd+8+9dzW8LXdMM3rDy5KTNcwKy8LfIymcHXJhAcHL+XXiBt/g5Q4aVf
arnC50musN2SnI8TVmlOUHcjb4BiVq/y5A6IcAGHVfOyYSbFVPEs8Zbex12N
564AdiAAMAmMnCwn2WJNYyKWBRIL2JQWNxlI5UtaCBA3IKnu8rqha7pe8Afs
IJvkiNewucU14hbMAA9IW6tT0raEdAW8J1qqKM4mHm4jHm60AIQ0A7AItCtk
EV3u3gtTkCtA/ZgQX+ChNXOZ42CC2Ajn2SzjQ8zvBkr8MCJ+ALW5hZ8Dny/o
yLtkEIWXgV1V5U2GmIRjmHuuXpBz3A2RxQH8TvNcnzKTBzwDh2h9pKArT73w
l5+xuUs1Ea5NNl3nQF3ChEZRUjiuhoQRONHlCmQYP53f+JaHxfbOFvJDIOPZ
TPjMLJsSD21TcFnCRjnXTNZqwXQPUfrS8INbwwdiHSTWFXIWJ2ECIJ88sW/L
JhGgneHdKuhmMY4Cz7Goudd2C1ny1oD/3759R5/fn//vDxfvz1/i58vvTl+/
9h+M/OLyu3cfXr8Mn8KbZ+/evDl/+5Jfhqc2emS23pz+uMWcY+vd91cX796e
vt7ifURSH5w5bHOS4v1Jq1XFZLM2ICdPq2yCGFXYb8++/3//F3T2z5//B2o9
4/ExsHn+42hMPB+FFp4NBU75E0B2Z4S1ZHhNcxQAMlAykUaBZHANdNEiRQBI
fvMTQuaXE/sPk+lqfPCP8gA3HD10MIseEsy6TzovMxB7HvVM46EZPW9BOl7v
6Y/R3w7u6uE//C8gmakdjo/+1z8alHLPQM77FpjS1Y/eSiVCI+KWR/xEXb/f
2jMlRn29aBxdCONFsju5hWGa8BXyBrhq6SotZjTJPBpFDSKzENqoBZwESgFQ
CvqDWgiZsQYWaFbWtH40KUGt2QALwF4mian5KqXI9ilFQBkjguaXUPMatPzK
QvYkZdJRq40bDXlgb1nO1IMVPSec1WoT258/y2M4+S9fdkab10FrV7o3068q
/Y91BoIGgkM2RvwN6SPAZg3EyQttIHCyHETA9pJG0jRw4de4MNmKic/wHpUh
mc0Yr/pUdEO7I0afzWBzg36u0pb38TVvcnW/9q/7t5hXPxU+Hfg4vs5M2Rtu
uy+zUE2KXNakS3xnnjbT63teYZk8QIvmAQ6wru95KeLhKGGwpI/vsnCq3yUE
F9sE/IC5dzw4/gLZv1IT1RXEb39/fqW/FBkDhvvjEn5IkhbhGVKZU496eLHD
+X5+opASr0YHgzfZkEAjXKPkhizVdA0aVgwabDNxdEGoPfyt1A71UtB9wp2K
lB/SB4xWfmI5EQVcb4iZ3BG/F0o2L0W8OwFORKuSvWZ1jQo1nMa3r8/jGys2
QgBj/ApZch4ULuHqOZztxdR4TLzfad2SZizjXcBF24uLjxmpdRFs30Uw5gc0
TTQPwnSZokaT1UtbepXMMAQHWkSjE8fTRnkXzjRZoBbEPwx3xqACj7gUgD9J
gUSwvOZvFtFJXM18DgumxRAFDCgMR/uf//mfAA03Q+A9+Ny8Q43ab2awEbkr
NKcXsu/USdlmtq78HcJXI5VF3zGP6BMUzVEZI1yl6SPC3lqLhtq6Th9Q05nU
bKChyJ1BG4QJebEmaPTx+yK21etJjXgD+LPRaKGolr+pSF8Ckp05kv+KDSOf
n3TXtpnH3G9lFqYBcoZ5lPnnYWuSiEOg28J/7gA7P3lLDuC5OpCsCLhKBuZB
h0mIXU5bcsJd098J0spdJVMgsvP8Di+A1k0SUhKTasFSH7D9SCB7QJ3tJzlw
WudoqkGtxc/FhAI1xF77kd1OR4vRQEkXxssAStBwUobwLrII8WlktSCyM1ai
kYT9thcvR/Zf0ruubtfRM0snJwFVgOeodOQgR6MpATHYLuCiFk5te6Qt77R4
tEJqNymk5isUUturkJqvVEhbVMRbyVq0ZNP9Qe2aUBzxq0sLejDJ0+13/xLu
/cD0v9/zU9wUkxBFQVA9NEnnGjHy0NCtSyS8Xmx3taPB3W3eJNUd3l+BGLH7
V2j9ExORw5HtNp2z/cbZHfQKqlMWdTIrpvka9hzoKq7c34yRn1YbHXFa2tfO
yT1Dyp2CaXFId7FGsSEPUUheIFWMweXJg1Xwn6TTxLETEdP9cpAJ5SCgzu5s
bPCXTXdlGS3ERygajE8XGqMfY3d3l5QtvIYsvHwPGFHfXrwesTeLjHR1fPTO
e1CiC28+dIYNNetv6lixQ4WxXDulStn80I8CkwPLYO55XeYzWDQTcNjZmSiZ
xKKzReGElHVRpdNyUZAHp82IiEDdZ27XO5uvUW4ORIPNzLMZ2m1Nx6LnNjKB
I/yI+0g/iSwlGyL+HBCnEy5DKoDT3PiKtezF99n+6XBFfGc+YhyCwarJu6wM
+pOUXFsjS1ImEaGMaPYf1wU7AUmRV2psrHCKFYD9L2gB6RqmzQOGafuQYdo8
xjAdQahKV2gcLhqhqWjLT0CSwhAQPAhWkxoRNAwIzuizR3aRNnTBSfSA/U8R
FOjRz2hZtcjWXYeOURYYMvY5BYqhsF2nqVVSIYs2zP3b2pgwG7c6tTPyC4Bg
GABK7I7P0Ekj9I5AcsTGUZB1nfm7rfbxZGbDZPFENkw0y0Dgr1gt5TMbmBS5
fTaXgwNQKGs2jd06tR/YEy8raht9lB4dmZ5oGyZeZuTqanlhHVhiT6yZe+FF
7oacUFtRl0W6wUk/kO2ln4DS1yDj5HfedUJbJLOfkFTDIkUsaQX8ZOzI2PUc
n9Dpj4CtWZ4DU6+BqsWhGOgmR5xM+LKy03165yQUWkY8ych8V96i3jMAKg/g
8mPBMtN0RuQ/hhrSUA01Ren67twUfaOrZo2uFpstl+uGJEHCWREFHawFMUA/
jdU1v8KMBQkgzWnFUrh7FY2u4mYUDRBoFvISPhY+bXWsRAxuyo9OBANgltOM
PXceuW8RzEVpEbsB9JPIK4aBJxyZI/afrNLAA0ZeAgnJAHJ5epMUjUOa+8TB
julRH71x/qgA3vv8Qi15D12/G6UopS2KcUo0oDCB6U7QFgjb/ktEnfTTqnQS
LEdIkmU5vPQCDcyZWFKTG4B9on2O/Wo1SxHEL4NM18cv5Sw9v3zIV74uMmQH
LZ8r0hETRKbYxI8O30+imPHrRUpOdLIB009In1G224FhduvtxGFZ7P6RZYg/
nmw8sJ7KYcILE+0DfZUEPm13DqNocjstSXM0nmNqIfghhhMm5cvriB9JAp5p
FsRnAE8+XLz811OQjS+ufuwZnJkMSZV+gm2lrPrJdkgyI/xtbjWHUd5dNUaT
LdON0znJ+t7teOepQQQuJ6B/I3NlAz5oLFniXRd0phiB+eWLd+hEg5nYE8ux
BRTAimRqI4REyfiYpqtN66XHFOeEwEYPIYiSzDYkCgpmIQoZmBRyrNvkjteO
g9fh2HwkxDZqvsz0wub8jCi9JOg5rFE7XySVd377CUHbu3gLC5WQRbIpcMwH
UgGysPO6MLrBrQ33sASRUcQvt5qdX49qBvD9t6Oal7RSwSmKn/BSTxwXodwK
qBRmxTpVPibetaexikgE01fkGmv5k544bbaHlGrtFoTHisJcSiSxFM5MBPZJ
GOAiJqD85xT9XnKwjO7u58H8xhE2zuLEEGE6lrfNYMbFBgHCeXomiIOsqLjD
U1jwGMt13YitWAkhoMYk9rPDQbyWA7vOZmRAAiDTH18Ae0kLoSHodCaBioCQ
3dwiNvr7E1FDt0M05sleFY9AdQApMotVHZL8ojOMYVWV/LHek9+VuWGj8IQ0
mkgmd2t8BK13q/UXHx/GkDKbIPXCwo2dpt7gSP5qB3OY+829oOL1kHicebTx
r7tDx7i3aJjwW4cWQkRpJH9c3gaKVE6bjbueW450c8OZ2ZqsmCwzm1NLwWcA
HYo9cy49ulAYKQ8009kJeDT2LDLVM23oauodMLjLEEhwhwdEFdwgt84PFNhB
PKDnkw4UJlbpGBh9EADSUraQBVGPFY/OwbFG7a0azpqGoavm9Pvvz9++dPZp
kOOzRgCszE7EEOQtJPPpJyDrubO66rN14jxe/e6UyDWA4Z+f+KWReNSyogcy
oAiJYj4jc1GoiKmBCKogz7ICgIfXvVstacgtgGxVN6l6QdKI6k7sd7C6kakA
pA9DTLsE1vHu/TnaSx1VsWyeaYWDRwwE9Btg5ibWYGnt1yA24jpXIAE7qJPe
Nc+TBRlt/Z7q6wSpiQFYuw1xnGOkRbsdBXuv1m3PKbuHuIRnJC028V5iJ/3N
/vwE9IA0mXn53b/59RwDpf3G6F21zZ2TNM9Az6RQqHU+QzJPYZ10GRYpWXgo
/N4bkfBuuBU9nq4PlD2mNoFD+KEA0xHlGnHpLmDUitRnDqCEpzXolkh0Ju6S
g0z/PiXMmqL36qIYvk9X+d3wqmSR5HJNAAp0j+4WaLaLbIpz5OkcwLYyzlgk
VBFtd0tvKrBM3zBniARett3WvJokX5QV4P5S4renDoZoPHyB2MY6fI8VzGM8
0lCiksWdUbGKaGhr0sXdI/iWh6G3ibXvpWnx5S6VvXfMbnwv2rcMWybuyEIZ
8WRPfV+wKvkpQZgOWlh4i8BS0XlBnSH8t27425TH9987jsxLNxGz8wvnNdqH
17hBcRK1pdEXkIQuRzYo/J21ufhSwFG7uLsXznqzybkQVpvBPaVg1AB55xG8
R2B3jhWU/UBoP31/9h2B3A/i97NMGjR2U3CEww7PRMPqTN/qUCERM1XPYuK8
gF7TqmmjlyddLNwlYujULF4sTH4Rpp/3YDKLOuMaBHQxt4bZOI2L4ktV9LOs
cQqUlKkNXEKgcvPsEwwgaSzbPkhUdBvB5Zrsv7c8zxvWFNzL9U6IvJ+WeZ6R
mwRgeI/KE7lkN6g8pl/liQDmz73lnaw5onajEhRUzfPIsXPupIwzUfbioNDv
H3Dyf37S9vG3LUnkR5rVfS8jEKdoRtXB6CquQEiCDxj339QUcjHoC4nEJNFO
HKGKjkIJDC0uaGyrT4wZj+wP4sJykQ71if2DrHZLiMiW3XZj7fwhBKdhauQm
V3tbfZdEkRAZZSiN9n5NvRVDE9R9Y238U9jxHm/lkfuw28rcNsPxdGDlDm5T
pRPolbeC4On8HSS8VcaJKD6ShY3iG5zVtB2VXAPvoDYm6oJW0HhaDk6xc1ga
RuTi60CHi9L/lIihiMQ8sw67MSgE8x6mpfhvmWT0BPZwlkWIQy7JERGMTP1h
PwpCzlYDKIrk/54z3xBKxWAwErHT8tUnUZ5Fd3bxWVKkLZ1QSTaDKcd03Bcg
qw90pCLz/LamaXYjMI4AicHVyBeSpsHwFqRsbIpWZjs6IGcYc2u0cWzUBXFj
/KHJ0AS5LuIwNUY92bIbmO13OUqscGmAAzbs0G+hUTCVkYpLzie2MBBZpISR
C0Qpw3y1dwGIfzUlypLBilN/nLFPbKWCyoMQ/8laIRr7c0cV6xRWAYJh7Qzx
Ib5RvPIqzaqbEhQss4ysWdPNXaPASXbo8ljtFZFmt8IzAz6e8LFeoupg/3Di
PQ5/iKLlJKt092CPSO45s07gqSrat0BuDDfz4qVkSvkMqR2Jljw7sXvP5bHd
mpelprbm8sT2hVP+NBqNfuEv3/2L/amPqr3a2xvvpcnR8+Gz3ePnwwMQ8IfH
s8Px8Pl4f//o2d6h/Zly221E+9bj5OAoPUr3d36x7z6GeWCJOBFy3+EP7y+u
zn+hYEPyznFwp99+d6tCRBI5Db3zow071zsJ6/xr97TzdwDc0UOA+w7lf31D
bwH9QNa6ycp1nfP9mQl8UNPDdFLSCSgYWxA8Ni0xvcHEL0T8TVwnphVEnCWU
iLjPvUc68NwH72T7VI+/7lSLcsju2CFZfeq/4uyO4V+R3g6BhQA1hv+VX3da
xw+dVuxxnGUzUXK99sGHiKVgIlqZ5rnpkko51YjfK8Em8FoMusccE7/p0ile
OQdjb+ZUjk8E7oNu7k2Mxzi95D5+EfzngWdQeIrffaM30jLS+XikO0I6vyVA
buM1yFkGHBYrAlA67V0XPa11wWBTykcGCrMEWZije9UPJQDo9cXl1QnuA81h
B3C79iTDAOuVOP+Seff6Jfl+WGx3JQjIJiW5+jiOElkuhcI9G+2PjkfP0Ral
RxUFmveN4gGAjJ2pvsqAWq+h/KxEsyWRetDYLA6alEHBFRJoLG8FaaehBhB5
ow8589Bw6sAwNtvKKbhDwKxSSsrgvdLoGAm9AnRZVRhPwaeeFuKn9FwTqz3Q
RZDTX+ct+uMQr+U4M8FxpogOGihVajGtI+jH/i4rurO/6+kOv/wU6xNtPYpw
HB3tH8+myXhvuJ/Oj4YHyfO94eTZ/mx4eDA/To+ScT8d2ZscHs+P5wctOgIr
eYCOvC0bl1IhUWTejNRrUMEkDpEDTLJAl5cOKw1iCTIPF1EaEnWEOxBQ3CUl
ISnpA+nABVlTTLyLBeNISNNxTY1infm9uxtn4mx1wcefn7Qzsf5qPzCHgYoq
8Bjfr9AxHyUdCteQy5VM6fN17pbsXMABLRWyOfcPkHA68o249evJLxqLYAkH
bgmTpMIlHDxmCc/2D/eSdHd/OHk+PxwePNufDo+On82Hs6MJzJLuf90SDt0S
1IXDpRw+Zil//Z1rXar78VD8+p+ftBP+/vviYSsUYdSJeCpiTivasXJmO12G
HYn+7nvbKMPCeyFrHXSqYmNECQ+nACzAqZ8hqt0HHUdsXqgHKQEmzNkbcelY
WDueVGaIoL7BtL9B3O0HxL2LkFgtt7sJnijAA+2m2u5vyJKdUCkTstRRRYoV
Gq7YV8SMLDxliIgrv4ei7nSiQ2WP/dTa6McqehuWiFbngTsrr3ynt+08BJL6
UHyV6DmfEqqi5iSiDpnMqsyz6Z1m1vhVLoAbRBYZh1kzxaiPHNqhfC7QRqpx
9F9MQ2PFlU576CDj9hLXa6k5X1VvZrzvdgNk2G69IyPDhxqNOHzyI3i+hdsb
P4pHJM+fT/fS8fHw6GC2PzyY7M6HxynQyGfPZ/PD6VHy1xDFUx80hAgsYUuf
n7RTWlv2406yXZTiurl6iY8WY8pYx0bc1vV0WZ4wcpUpuW/b5+iRJypODcSo
gEuKrz8JOWNbxrznBTqM37yTDZnWZrMlu08WeOYShRGftx0YN1pv6LEshd74
W1s9LnGJgHoBM3DVz92qEW/bq5bl0Vd/W4mCJnzeXd6RW54SLTYtM/rJ31jq
2PGUqnXR/kb+r7CJLvZuKoqhzQCoxQ3lVYoFuaeWCFYJdWFOdWl87DYzJBnE
WQFQVZy4kAXtlCS9UX7Vd13GY/YtbG3ZrW+2HHPbluMOR3z/BaJZtn/+Lqnf
lmfXWT4DKrxjt0ZbHKoa4Qc9eRAz5oCOoDgdDI/3j44BMebzYTKbjAGRZ0fH
6Xx2NJ3MH4PM961NRPX/8gt235oinkVG8lG9nozmlHy3FS33/p/qnahF/Ypq
Nu0F8EffPru9O9rdHaMXpka1DN0SO85aFxRrQPYlJ3ghub9WhSgRkeMilHDB
0pvU9BTzo1Qpl8TmgywGwuMoYM09NJGc15NGpXLTvMFJ3x3OxxPIyy1hd3BL
536JVqoLtFLh8tg3/vlJq75Ei6m3k+TJmFBrwTMkQ9+XPunMlG4nyl1PQYGe
c7OFLQq84WQuF5r3VZy8vfy/iJHfm9GL48RZvWHPYnsxWvl5MKWXaWg7odd0
nI7dhN6u8WHX0una8ck3jxU4xrIbdUd9eO6z2fFxMt3fe344mRyk6g7647p6
djA5eH6UwC+ep8mxIyp79wx6OJ9Nd48nB8dp8nx3v3fQ8fgILv/u3mx2fDg5
5EHZdta63WjZm+60BPaiDEMJmmlr4PgeGN0HjF3+N37MHuW3e7L0PsLUu/R2
yQJ03kvglaI2ejd7X7ebexYva917YK2/pjijqmT9GuE8b0Ene4XV57ngsASG
SQzPfeW45/JS7yLEws+jmSC/eLIkb23Zy++tOwEd+n5d1qkOkJdYZ6apkqU9
87FhemS3hvuH1iF4D44tSd6OcL758PrqQgAVaGIbxlgGHeQ/8lEl1fTaiAmk
j+M57ilmGC75Rm8RJfNh2lWg+W60ONWYhPdgvwnpa/YyQx8DwyOq00FFC3DC
xTqpEqC7j0iQw2TFTtQuL5izTltr2+RwqA16YFdcKgc5Bjpmpo04PGoKhNcC
AxqHuszfXGNkaMGenTzPZmkfnafIAAKppOS0SbUIZ3yu4+CpV/d6bJf1gvLx
/Q0H8cg532lwF5HdpvLx6HYvOLTV+Hu947PpQRVlxfR0/sxClApw//xEBbKz
mPK1ddcQIdqqENf77sTiu5rgDd0pH3ty4srFi3Xx8UnqWRMHiyU1DNGoktek
dd2Txh6C6uvg9+SobRPnstt2Lns3CtB5JMejZ6M9RHvp3vCI4oubtijSkdF5
JC2GELiLotU7L6IxgCM4IZsoDAhi9ZwpmDrjVZXSPHUmVqqwKlUAhNafFgSD
NEImV5IjzCyh/77+qsED6+bMCbqQZC2EF4sjcfoDwoOOwj35y2saoIEdMaJV
qLpFBX0aXVqwp1Ce0yIo78JpJ9vhzA9G49E4nPmYo+cu10HKruNEM4MF+Dno
EE0N3n2PSyasXaFXHeCtJXXs4dIkVB29NNOkqtg7j1HEWFMDpqdsE5iZKx1I
MaAqwaBVX6mAwxpQ508l5Yd29ZtaclXIOSkEe8uloWzxDEzYNRSch/OuJi2I
RgCaYl0qn4Q7NCUQ23rjnenCL7b0262fX+Xks9nSlxYzLLb+59x9QyWBf76E
abcsfVPjxx0qFS83X/bDBa0oKlKn1fiMnYEq6or9HQR08FQn5xBMfGWIJthh
4swfBHc7+4dRzyfQJbVExdVUtulijkkGFQcL+NOX4cN7HFWM0hVMhYsZSIBv
vCu3Wqnqat1mMnWacPrhrGEEGGwkK8Egul99GVIkUJbipqLcFwy1QpWQq/Pp
G+QTMsJEEmgpE7opsjpssvYufVfjlyLmG8mbdq+Uhb8JFC1B57xNfz+FmXaU
ocHU8nbWsJ+Jo3CVAu/UUBeE4pkHjTcwkm1DcRo+wqcXEQFI+LdcPkIKh0uK
etXaAAA38nX2Mb3N0A9QpZIIHnaKBeJpd1zEJUeC1F0BTe6mjM5hZHT8D0Kf
a1bCfzAuxW614b1ll5T6wCSHO1l4JYMfYkRSXa+5rirWuaBOMnwItPeKdxJq
Uspu4Cy/1VQu4Tgjye5zQkpPOiYX0+RSQ323s5VybO2pdgtiRE6yIPc7QiYx
LqunFIBtvCySH8p1oJGeY0YSFvWT8og8DonYkj4GIk7FxXCCwSYEsQQauhfT
T9ms1NKo2ayEZb0IfFsgSsMlYFpZZYtrwq+47pGyL/mrwfVJjZBWComcYHD3
jNUgd3NIWXwlscZcYVKVxJTCTCxwhmhgKUUZp7N529jperHkYlPfJtOP63r4
NllXSNiXdvv027evdlw+3T7Wpi5Kn2Z3zgFYEt0maEc1sdiObijA2t3DOS9a
1iLBfji+Hn7ASKbitwZcZYd+qEqYqdwQxdul5K6qs2uiTXPYC2eo0LIxTxER
le80nlKSr64T4LFYPMsV1mLtDKtJGEAsXAJWcRUGjQFLsJs1CCAVFZwoMVr1
Vv5QY1Cy9pwC+sqP6ACkal41R6IDFwV5u6yobEUOdwXkRsRVjFqP0hulL5Lk
2cDa6zSMRHZNmHaolmnnSX3NBtbvgSTVVO0yDciQ51JqI87wCnu2YcesxSnR
9ndPg2nzt1veHMY1AYLRU0vDtHngir4+qnpLCbA/icz9izHUNSQdki1l44Qu
LYlMz+qFlW8IxXrrT4IaMK67NvZ3dvzN3uHh9unr7787tU/ty4vfX1zB/2/9
+xb+d7i1oyZSJwrL7LGne1wJ72AmOgG7aMK0Q6yZ+ju75X0JNJlXqugvb595
qiwqfmD699QmjbQr5Mm69f6QmDBolVqHbEvDftpTiLBdhLDWq7+hije/s9F+
ImNPJ/cFtxuQAn67tb1lf2oN6df0zbYaTb7c+cVu7ehzp/iTYZ1iRljTUyqx
jGwX6kXcjs7s7NToVWUk1WuJK/HK/r7eqq7GvLDYmKwnjYzIQKv+PPzUSK+4
ISW2RVgOABJAfRWcEEy/qHXfdpPiWlkdrR/rX/po+U5XHPWS5dd0FH076voh
wLDRlODBrp6kaWJgGLOsF/h4iPINEGn4toNmD8Kf/U8Mdw4U6ZkofIMI1TqT
XwV3RTORoLkhulr6yBWyuV+6e4rj72gz+GiILpshPfuLYMOmMcFJtKUxnXq6
wVgcduNS9JYPWY9bbKJr6+3M3G9MfnDqHuvyw3OLmS/mumjqw9h2ad3FLRCo
wAhVme+2DKZ2SX0cNVRxi6hNSGEko07KBchBpF5PfVIdlfRwBWfhWzQWsX8W
SFHyEUsouxl5LhymyiiZgsP2knnKddlpdF8jZHLny42/QPMBiP8s1Xa6G7rV
U9Y2QJob9rQngyHytFg012ifU1UvuJodFzGF+cc4IvBdzVJ9Cr2SXrkgxrMD
QvRVmTHxGv5pYE+H/2dgd4fHA/vvAztkgSwWuijDHLfdlFhrkYvTU8okxgb6
Espc8GWe5SnbW+qB/fD+ohZxFBksFvni0SOjlprKCS8YaQvE8tnBusq9KQ77
tpIpjgtHf8qW6yUtDKsS1eKXErMeGSJ5/zgoXs6bVAUrGqk0kaWqY5yvWFZl
9UdXm3aRlxNX25bIfMUeKSz1a7iwDdfeudPmC4EGkqAAEGqyA0LrChXw+jpN
G4RIb+2Z24yjfmlhbHYBhAQUrWiBzFxgIfV1/3ezbJE1tftOynRwtVBS33q+
Z28Efw336vTy7OKChdfY2nVqb+qRTXbwZXX/p5ZbFbjE7CqNTvbtxWtCHMQY
GtM5yy3nOfiXffxQMV+7GrLBbuWsdaiGV1w1FCuicKJ1sQaCQXdwB43ai7IE
Fb7M13RAzEoRfbm1SFZzDyOsXuAMWi8dYNnCaIIigyqF2wwbg6kneMKHzxEZ
UjHvDLYnVc9Yl5m7gG2ON0JMoYKrrsQelbam7rKSu8GpqsZ9T72OsrIadOzT
Os/oUDRsVvmQFjbSMjarqfbRNgovi+vI2LDjyxV1hHAjBHfCV4B0HFetkvs4
xtSdMrKKDM+QDBJwUp/upHvkYoFZhY3q+BC1tUJRBzNZ3B1W9V5Mb3BzcJYI
GQ52AY4qRgT27xkZH0NrCkpsBABTAQznJnTe7HyDLmLaZTqRM7pRpVI49Qh2
ZnsdQ1SlwDJLnyqnCvnoMHSJtN5QXdqwpa3rxtTlc6X4iw/ib4HVKJCzPwpr
e3XS5Jdsb3EavfJDAtKzcc1+QAmhFQvg0YE9HVwfbXzouqD1FANiUm0wdmmZ
/YkYQoZ0Jp2uHYBcigNoCh9TrKLpZKt3771QNMZu5+6Pg/29sXIIIfxho+ul
M0h6xy4Zr/J8SIYjJ1+zY/zd+6cm+Knxz6gtKBoDGiuFuuAyqmbGnIKVsa3Y
6MRyMkOjjZAsXEuLaoQrQhaSL5grcvEfo5J90Z7VdnNRrh+zonI+p/Z2wvs4
IkRHXaEnJadWwMq91Nsn1VmHh5JK6EyFwOhgmbrYfmeyVpXV4k6X/SRCQta5
WVZPpZio2oJ7JSrNSpZRl1PqOGtZRN09pDwcgc2lfE5dnD576PraweKkbYi6
0BTCX1/Hm8y8Es3gEutUXWasEqaKGauq3Ml0uqbyOstktSLbknM7scdC98MW
m7dsnq+/IyzoL/DyAVXWxlUmWG24rKIGeySdBVegfZnmGTG279c10f1gxBtI
4gubssJzo/OVgoMZTcpphb0KyaDNOaf+GgU/NKW8mFV7usDEVZDFhjhL45N2
JU9AQytyipM8DjiG4gzvNCCs6TaTUGab+q6YXldlkf1JSLFvKLyBt0eRTb4N
5J1ynf+9OieSv7nbJJHUJFUZUGcORf0TNwRUPap/oukET1r7yEY4OkWOervf
nxpXR1V/QsWf1o9CXqnqFyNFfXWRJV/ElzKcuB+aiku7JzGk20fqvviJv2PT
SHHwe08xuSrihgWb663be3tZPNi5QWNiqyOjnxEt9tJghERLhAlInBIFUoX4
XhLzXCUKjNTOGmyI1mpA7yCX38U1L3pLB3JlNN2XQCW0OadtJq0DaCHpLJoD
K6RtuDg7eE4Jk2yJYOhsHpb4Cvuz69Ru3QlOWuz4JgkdhPR9z5zXPNRNFYth
33BcLNztp12nv6da9ZXO4yK3tVSGoHeVwN/hRKi/XkuoOAXNs1/I8cnW4YWQ
Dlmet7SmBYhuVRIQIfT/dObq/G4DzfYlHST0MxY+Uceu0DDNRe6A45A9SJdC
3/bVEHaoCgV1N8Nb9B+MBLA9VdUh/HwP6GCoJ0GhgHDHqTYaCWXsYPMxalJZ
g6oLhxhMVBJuqGkLiDgFRl7ydrXnqEgXwGT9flCpTF0wGGoo0u7TJQjH3sNO
T2rt/SFXYbCjdpFdtExf0DwqJRE2L3JTcCHT/YutpV33vppYFVQ6HLs4rM5R
I+wkCXpTjWa0P4mnDsVwZecUqSw0KRrZ01pZNWkFrvb5lwFP0Vfy2aC8K+S6
joKIQ0/4nvrPLou6vwB0JMc/UABa9VnaFD37qArQERB9sQmpbRbRo7jcHm0D
q2V/6KS2swFvf3yIRyEBKL5zFC4TXxFB2Vda79/lBhxAbn/5/emZIIL/U90p
WgRoi3uwCG5X4uLYdVspJGyFsurJMlV/mQDmOIzX+GTuKPXHZYAPRLvHeIf6
NyyRtLPA3V3VKfVCv+PeFT7NnZK4tRzONhfQdeK6OiiwDOggdXqK6KDJGv5L
HAQ9dRSQIQ1wKJJoRE3zUh+H/I1TVVgwI8t6N83dR0TFo1srDXvitnydEXVS
2ZbOno8bUSUwYDAR0dLjevBJo+B+/7Q9Wfnt2vLhYLzZ0dc5iOAuI4mi2TUR
9XRQW6YJ+kKwxIOMOcyBd+am1VGNkqhue+qBK4Ff4s+B7PoSQapieSt+OF55
3BO0rZT23z64vu/evv5RJZjKk/b1Oz48eia5pNTHd9CqpFsbdoSQsD/zg7d+
xB2se9K+DKV93ZbVxzoIRTm1xeobJZLcjc+7idS337oeN7SdTlEPn9+uCpX3
TdaSvzYZkd+9v1KsQ9dCDxS5nZ7LVbpRUltzCDvSV8M6Osx9na3qULRbAOIL
jPsy/PAOmTupJCtV5zSJjIUOJ2DI68rVwq/heIAyrisionwaoWJ7CKKNJQyy
niGhkJBUXUaCrJFtjx6G0FJh9k4xbl16Oq6ZHAX/K5PnKA6SQ9eDyr/wJc1V
IWl1dlFGEK8VdzTwddEETrRYsvXELdVw8SMb9anEAtHaNNkJ80vCjNiezHZr
hpvO6XhmIWCMQUI65E0GVA1ltkS60M/oCbaDZUXfe23JB3tRkBeDhGNf4TPL
15XwZaBMdcOVT0u0NdEcy6xmpwXFo5KE2GmqIIzXtVzGHU4oTqqhAjMYApIV
rI6ybZv7SXhFJ7hp0Ubr/6BhiVpztOLMKLtqu845UkDpa1TG0jD7kjkSTCyz
fq2umwVK9j682jtoA9KgcGCckkz7F2aC4R2+Qiq6B7j+Gp2Y90kgxE0kaxMT
pgbKGH96Nwgr0uGa0+uyZN+hWFpRczYpdxVjiytfcTSCcRwzRbl6r7F3pgs+
IPcuqWRL2Ui9GLJz141DCH/cpSjczOisa8WcYbwteRumSYF3YpE2EmqL2hdQ
C8zqyMtyhVjWMRCjfZTMzFHwK5Fb4BPUbyq/8yojSQBZoKsc7cnxXO0IBEkE
98Vba3qx8EYJR8k4icwZ6XJVXI9WsQQJN3c9HImAvOEOGKedQDKn8NxbRFZV
kDXcXAFbzQaBwdmqfNa5L0+je6ty4EA0M8cieFhGXZALVV0RI2VdI6IkODgo
Xost2XeBOPn2D2gkxhaABPGL07enfREfZM0906bK9+kChq3u4MbhO5HRRbrs
xsEMsNTKByBvdQbcwhKmNKJ1YSJAEv7humlW9cnTp7e3t6MsKZJRWS2eBlJe
P81A/Rhq09U/gqT7Z2XttX+2vvMGxb/82fx5qP5Ff+Df8HYQIuDtOOPszxs2
zJlotLlQUdHpj64BjtkKot+WQMTJzV2IWA8RokkqsamP8F2peXS8Fs/CQ5Gt
HbBAm4y56VZt1oWQ3mAeiK3jwTDu610GOGEjtg12cXJ/cyuSWcd+MQroFRV5
+3UQzA1paEgF0IBi5pEo5hgExZcJksVl6R7AswdQjWOzerAtPlcVMtuDPjEI
w34HZuP5DxwC2IAASAku0+maYrF7qEG3/dzvuSkFWjMkggGmBSxBjzWGMqQz
58llzPJNLFoigAtaQhESHQyYxOQjcWxwDq4LdC2zNW9CqmrJ/J3MnKZYLydc
eP0yTXtCHtSGUGSYUzG2BZowYeUUv0Jd8V66dZIok0mXOt8ZWNplDNGfgXFo
ReM9bmT/623S4508DJQS2FCB4e/GVYqoHeDRlEQZvVSfh+UD+jKVxeL+Tln5
k7g34+Dakshp8U5YC7JciWEDlbSJ4n6P1xibBO/+EXcaMs6pzJyTtlkn8mFX
+B3M73Jzs9pEjk+QclNqL+2idhyIMRMIjcNo3mKfoSRPCBoGu1mYmb9y5hZJ
QPCH1zk0F9+1lha3cDxkOkFMixoYqRgoDAmsqfQq+u9bsYo29DpGMmZ8Y1wK
PsNtugjEPE0+iplR9Ifba7TXFb8RDKJsTIoAQWQPDnmSTRxP7zSfJKlklbrI
RgpCSs11trimgAOX+UCDiK/f4TsTXj47xCY8O+oxVhqp+4mniPEhKQfi8b4F
G+NbEwcyjcftKCbUUES4UVTiHK13gL9dY9lNCjNapTnYZFKuY6NX0JckAdL5
sbCjJ+GPjlpwhib+xmXqj+wP1xmpMXh4arqojRcrgLxfKpTuwOoT6zh4khxF
JrKTtUJ7an14zruyBMmZQmfUAijAIifoENsN+oAnlb41tvLC0A0F1g1Xa5ZN
uVueawfEaWS1/fABznUnakrC+N5gmJqQSgNXh+1tUgE6iiviA+o5H18vh4hB
6QJoRexpysbPQMBy/S9LXdRcYpSoYKNHGjXTa7hJUeBSW1lpWfhCwwlvBM8K
FmM4VGGBqhrbc5V5eOPmausjfSmHlBQrbKpipOtPDWjVCgeNYuK4tzEXX+qe
IXs0w1SynxirSD3y22nRD7zBvI7QSIwP341K8kMv1FUPetKOSBc6DXMTRz+N
/LK4nSAVKlumhOm1Vo8jAHrMGN8Ue20HwjHzj8oKcOE6BYmQDWgB5F6Rn2Zi
CY6mxXIl7rT4QRTK48OEWBXKUQ1H337WrIXIkQXBeH3dt4npu4kc+tQ4XZli
zemSYQBmnQZc6fGc0Srgb3KcwCGuyoahRfXL8Oq5Js50kI5TafxkDJHJBSlD
9Q0P4g/vX0fWprgAB1r6dFAUtvnroW4MDsfvHfEWy5BMR+jCHSCMO2xcInuy
6ozrzbew3FuVABHJlmQV4ohOjXSyvHHcLA6ORORg0ZZqZFifxjraE36t3GIh
/14Z8GFdFWUKZgX7moDG8E35vspukinJ229Ieb9KCyQj50p3J+sTq/YNf0tt
PEll0Tp+oA9iWmrT+K6nfQkn60JV1CaILMcmY+cYDcQW6fEicWFT6Et2nFRO
jUmhiAs4MIrUt5QFNh8Z5USiInA+GNjPELitt/PoGTl3v3tpIkHNE221DJTv
InZkbiVNAA0ivGqm3JyuTz3PNSyEIhEx1MyW7EdskCMvg9TrY2UCJPOMGyFj
thA15ULLyCxN2Mx8oZ3mfQkw4ae+USjVJOoQDfLJfSgysuviZf/AkcJKZNpG
7i15yAfjPbQtfSMi4dBb3734Kqx2W1VSItch7atKkfTuwPvfgZDvfIgtn9I2
HDA9QqAsKi8cuSCSnU3b67RL+3ttT60vCm8Qyxgt6iXrC6HZrDembSP12Ntj
LWDHAgKguM15KIxNWISComxxc+j//q9YvDPb8erTirKb0fSrYoXnWUXG3dDs
3JemJ4fD6G+y4CuyspOPqJDKXUiUPxF7zcvyoyU/kBhGnmbFsKLGt2jpRiUF
G824MxAhkkoeqBKeHK2dxOZPF5xBxa6KBaYoyUen9KUZybOdWmDwmsRoRYWb
KOdct1fFIEiVvgwCQorh47hfspCcsS7K5wAQtWhQoW3jH2ioa1evKyd1iYW2
6tgA44pYKQMfhRlgF1CuTOZ6zjhTl6jBJ3EZ0N+2y2tFNnKVpEX2e884VVlN
aT9H4AtuaWXw41Qo3cgxBCGqyQkkrbjGSI314iOl3yqfrQjZPcGWdmOwpXlk
sGW3+mAUKtfbOXDJAe3+JGZS6NW0s63Z27QuQk51p8YdZ1SLImZIEfOyWEK5
Vk6m8msKKyCxeQ3ICE/wToBs62JkJT520A2ipeDAgYp/DU70tg6u2LJCFqWb
cFCD030HXJsAkbEV5hDl9eAlU4KPSNRdCYJsYhy6wl7GipKeoggfJ8TK0uN2
GoA1t7495cZYJ1V/hGN31REJP2z1XfJl72uyc3mHGZZQU0WPumgVgj/jlHfV
EzZGK0EciqTCQAadoz6PYhZ0b1YqReN3wbnqvjFIaNr3YH46u52cl1JPzm4y
Ce2opQV4Wd1JROSJCix34SEkzHvrnUj1a/bIq8jq0JlCQh5NKGyaFbaD3oTC
dMkdYmNpSlpFICE7A9/lCjCLe7K4IrpRYxag7EmuNto+t3ZRYh/v01tvNCtM
dGklDndzTLofLoTFxz0UsiImA6O/rJhifyFFunDMd2atYon3VL8zjyuWyDQ+
LpRYm6DyRnURY/mT7Y/9Jke2m89iqqTpllPYBibu/qEtOzkbkwYyb2wvCPaE
O44RWQWlL1LrWg5bclCJr0UtVuDLIlE39Eiz64HpPddBlITSitukkpzTj0D4
8nS2SEUDvRLrC/r+WVuiJDxu6ld85Iufks3P0ZWL86tXRAwoCcpgGBbSdQ7h
EeU9q7giFiJvCAHuyTHwcpExP//0808cwy1UyImOnFE3uSNB6Zyq//z8y8+/
gGz7zaxK5s0wS5v50K9oSA44X89hktXD3cNvvkFR+JTw4fNnVXP0C9teeEZe
3Z03dXPI49ClG9lWWb1uNE/hr7s07HNKLqca26h4X+0SW7smHk7takf/oZBn
bSz+MPH3wtcLwXkSMJ/tjbmWYsEIfYMriBr4oWOKkF85oV2IiNsJVkH6Glgf
MKw/FBxZfSvBN965TUVhPK2KC8P43FtcqWN3LhzS9jaJtttbzs4uLjGRObZQ
dz3DElEhwrvvfW9D7YpRHMY6YyDHRW+2syKIR9zjXH4gDAyzRyR0VOrDOGTo
ac7ue8w7xo9rf+MySe3We2WnwGEugmDr+/rUW14tpQAAu2G/FJOj1zFUnEHF
1FANRun4ioWUfb8Cl8TDAWV1v6SOICPdN0Qo+AuY0M4XVbK65vwKIb0Yeu+c
/+4O6jr9hL0iAWt+16F49cAus6oqXSW9TiXIMD8F8uimap8/+3AdUngDBuHm
P3NnqHU2I4sjEV34A7Cokox3nUdgCQc+a8mp510PlwX8RcVVaRQpdOSbOHxB
LGn1rsCwaJ9Jqe8ANaUq5yqW3LeLxUqHIefctjo0YwUBQI3NzVAFt1rdT31a
jeTJkOXLZYi84NYWq3wd8gpxCNcGKfx0jHh/mrNpARci3RijcAq7uq4SDlpH
OLVbS34xNsRAi9gfv9FuAgj686wqV6uALVsu0E4nIm5xpEqV1XA5vrHvhTEl
drZGOZiYt+6445qP+NvY7rX1hUYJpWd8+o7UJ4xrI3tSmBXx3ZZihhTmo2q+
kbL8Qsf2uNgd68W8OLjja6j8PlN5JEyfWNVEOxCZT6noenSvVIKjFoNhIcRt
pPPcLZoMoiLS5JGVBDnbruCOPEZEJsUjt5XYuuNk1WCbIMQIMinROBFjeyTT
QHxaKcmxGPo1cNtjuJ27i9XS93p4g7JpuPJisOxHKG0x2Yl63sMArnVvq1GJ
DksMOI41iwDSbJaaRwFhXseNTxxm6D3zF3FAlyjiInxEli7EDuxjmOhgMj9b
Qnx6uuYM3N4qXbR+UpdjUYJLLhFpf7iSX2S1UUxHCWIqGnhbZudLS8QMk+yi
yn+epoZYTY4fpUJ76JSiOoWa82C61VNK2HJCmapdH76kSADOUrNW56m9iAuL
037JK8ylmVhq4B8Rq2QpQmfF6Pe/Bt3HjkxIqkfbHsBYu9GQcBLJu48yGOg3
OiYD22MyeEqq+1MxEsDr3kwQBiJRUuKMumKHyItEy0CndAUIOGPt4jU63G0H
lx5tAVTXUNXGwblaLYq2sQoagNf5RHl7O+p9lQkchmrbGgZtWwbCBK+bVGXh
RiovIslMwpqCN1gscvfeFi/39BA96lEZk0a2RAcMQem6yhYLEGK+iVKhKXRD
nPPEMnz9UifYF8oyjIoG1e3abod+OyM9Q5DtfG2rtVv6txeXOGEwbsWCI2Ze
dYsOEdCKDQ1MRHkILUw6DPAFlV/CWAa60FLrJyQqqjZqtaT0uFQYV9boa67y
Ll/liyKjSCAU+inc4/8DBxnTKybIAAA=

-->

</rfc>

