ISAKMP-09 .ps
wdm@epoch.ncsc.mil (W. Douglas Maughan) Fri, 13 March 1998 14:38 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id JAA09294 for ipsec-outgoing; Fri, 13 Mar 1998 09:38:50 -0500 (EST)
Date: Tue, 10 Mar 1998 18:58:14 -0500
From: wdm@epoch.ncsc.mil
Message-Id: <9803102358.AA06308@dolphin.ncsc.mil>
To: ipsec@tis.com
Subject: ISAKMP-09 .ps
Content-Type: X-sun-attachment
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
----------
X-Sun-Data-Type: text
X-Sun-Data-Description: text
X-Sun-Data-Name: text
X-Sun-Content-Lines: 4
As promised, ISAKMP-09 PostScript.
Doug
----------
X-Sun-Data-Type: postscript-file
X-Sun-Data-Description: postscript-file
X-Sun-Data-Name: draft-ietf-ipsec-isakmp-09.ps
X-Sun-Content-Lines: 6429
%!PS-Adobe-2.0
%%Creator: dvipsk 5.55a Copyright 1986, 1994 Radical Eye Software
%%Title: isakmp-draft.dvi
%%Pages: 66
%%PageOrder: Ascend
%%BoundingBox: 0 0 612 792
%%EndComments
%DVIPSCommandLine: dvips -oisakmp-draft.ps isakmp-draft.dvi
%DVIPSParameters: dpi=600, compressed, comments removed
%DVIPSSource: TeX output 1998.03.10:1843
%%BeginProcSet: texc.pro
/TeXDict 250 dict def TeXDict begin /N{def}def /B{bind def}N /S{exch}N
/X{S N}B /TR{translate}N /isls false N /vsize 11 72 mul N /hsize 8.5 72
mul N /landplus90{false}def /@rigin{isls{[0 landplus90{1 -1}{-1 1}
ifelse 0 0 0]concat}if 72 Resolution div 72 VResolution div neg scale
isls{landplus90{VResolution 72 div vsize mul 0 exch}{Resolution -72 div
hsize mul 0}ifelse TR}if Resolution VResolution vsize -72 div 1 add mul
TR[matrix currentmatrix{dup dup round sub abs 0.00001 lt{round}if}
forall round exch round exch]setmatrix}N /@landscape{/isls true N}B
/@manualfeed{statusdict /manualfeed true put}B /@copies{/#copies X}B
/FMat[1 0 0 -1 0 0]N /FBB[0 0 0 0]N /nn 0 N /IE 0 N /ctr 0 N /df-tail{
/nn 8 dict N nn begin /FontType 3 N /FontMatrix fntrx N /FontBBox FBB N
string /base X array /BitMaps X /BuildChar{CharBuilder}N /Encoding IE N
end dup{/foo setfont}2 array copy cvx N load 0 nn put /ctr 0 N[}B /df{
/sf 1 N /fntrx FMat N df-tail}B /dfs{div /sf X /fntrx[sf 0 0 sf neg 0 0]
N df-tail}B /E{pop nn dup definefont setfont}B /ch-width{ch-data dup
length 5 sub get}B /ch-height{ch-data dup length 4 sub get}B /ch-xoff{
128 ch-data dup length 3 sub get sub}B /ch-yoff{ch-data dup length 2 sub
get 127 sub}B /ch-dx{ch-data dup length 1 sub get}B /ch-image{ch-data
dup type /stringtype ne{ctr get /ctr ctr 1 add N}if}B /id 0 N /rw 0 N
/rc 0 N /gp 0 N /cp 0 N /G 0 N /sf 0 N /CharBuilder{save 3 1 roll S dup
/base get 2 index get S /BitMaps get S get /ch-data X pop /ctr 0 N ch-dx
0 ch-xoff ch-yoff ch-height sub ch-xoff ch-width add ch-yoff
setcachedevice ch-width ch-height true[1 0 0 -1 -.1 ch-xoff sub ch-yoff
.1 sub]/id ch-image N /rw ch-width 7 add 8 idiv string N /rc 0 N /gp 0 N
/cp 0 N{rc 0 ne{rc 1 sub /rc X rw}{G}ifelse}imagemask restore}B /G{{id
gp get /gp gp 1 add N dup 18 mod S 18 idiv pl S get exec}loop}B /adv{cp
add /cp X}B /chg{rw cp id gp 4 index getinterval putinterval dup gp add
/gp X adv}B /nd{/cp 0 N rw exit}B /lsh{rw cp 2 copy get dup 0 eq{pop 1}{
dup 255 eq{pop 254}{dup dup add 255 and S 1 and or}ifelse}ifelse put 1
adv}B /rsh{rw cp 2 copy get dup 0 eq{pop 128}{dup 255 eq{pop 127}{dup 2
idiv S 128 and or}ifelse}ifelse put 1 adv}B /clr{rw cp 2 index string
putinterval adv}B /set{rw cp fillstr 0 4 index getinterval putinterval
adv}B /fillstr 18 string 0 1 17{2 copy 255 put pop}for N /pl[{adv 1 chg}
{adv 1 chg nd}{1 add chg}{1 add chg nd}{adv lsh}{adv lsh nd}{adv rsh}{
adv rsh nd}{1 add adv}{/rc X nd}{1 add set}{1 add clr}{adv 2 chg}{adv 2
chg nd}{pop nd}]dup{bind pop}forall N /D{/cc X dup type /stringtype ne{]
}if nn /base get cc ctr put nn /BitMaps get S ctr S sf 1 ne{dup dup
length 1 sub dup 2 index S get sf div put}if put /ctr ctr 1 add N}B /I{
cc 1 add D}B /bop{userdict /bop-hook known{bop-hook}if /SI save N @rigin
0 0 moveto /V matrix currentmatrix dup 1 get dup mul exch 0 get dup mul
add .99 lt{/QV}{/RV}ifelse load def pop pop}N /eop{SI restore showpage
userdict /eop-hook known{eop-hook}if}N /@start{userdict /start-hook
known{start-hook}if pop /VResolution X /Resolution X 1000 div /DVImag X
/IE 256 array N 0 1 255{IE S 1 string dup 0 3 index put cvn put}for
65781.76 div /vsize X 65781.76 div /hsize X}N /p{show}N /RMat[1 0 0 -1 0
0]N /BDot 260 string N /rulex 0 N /ruley 0 N /v{/ruley X /rulex X V}B /V
{}B /RV statusdict begin /product where{pop product dup length 7 ge{0 7
getinterval dup(Display)eq exch 0 4 getinterval(NeXT)eq or}{pop false}
ifelse}{false}ifelse end{{gsave TR -.1 .1 TR 1 1 scale rulex ruley false
RMat{BDot}imagemask grestore}}{{gsave TR -.1 .1 TR rulex ruley scale 1 1
false RMat{BDot}imagemask grestore}}ifelse B /QV{gsave newpath transform
round exch round exch itransform moveto rulex 0 rlineto 0 ruley neg
rlineto rulex neg 0 rlineto fill grestore}B /a{moveto}B /delta 0 N /tail
{dup /delta X 0 rmoveto}B /M{S p delta add tail}B /b{S p tail}B /c{-4 M}
B /d{-3 M}B /e{-2 M}B /f{-1 M}B /g{0 M}B /h{1 M}B /i{2 M}B /j{3 M}B /k{
4 M}B /w{0 rmoveto}B /l{p -4 w}B /m{p -3 w}B /n{p -2 w}B /o{p -1 w}B /q{
p 1 w}B /r{p 2 w}B /s{p 3 w}B /t{p 4 w}B /x{0 S rmoveto}B /y{3 2 roll p
a}B /bos{/SS save N}B /eos{SS restore}B end
%%EndProcSet
TeXDict begin 40258431 52099146 1000 600 600 (isakmp-draft.dvi)
@start /Fa 1 98 df<1407A24A7EA34A7EA3EC37E0A2EC77F01463A2ECC1F8A201017F
1480A2903803007EA301067FA2010E80010C131FA2496D7EA2013FB57EA2903830000749
6D7EA3496D7EA200018149130012036D801207D81FE0903801FF80D8FFF8010F13F8A22D
2C7DAB33>97 D E /Fb 58 124 df<EE3FFC4BB51280923907E007C092391F8001E0DB3F
0013F0037E13034B1307A24A5A18E04A48EB038094C7FCA314075DA4140F5DA3010FB7FC
A25F903A001F80007EA217FE023F5C92C7FCA216015F5C147E16035FA214FE4A13075FA3
0101140F5F4AECC1C0A2161F1783010316805CA2EF870013074A5CEE0F8EEE079EEE03FC
010FEC00F04A91C7FCA35C131FA2001C90CAFC127E5BEAFE3E133C137CEAF878EA78F0EA
3FE0EA0F80344C82BA2F>12 D<DC7FC0EB1FFF922603FFF890B512E0923C0FC07C03F801
F0923C1F001E0FC00078033E90267E1F80137C4BD9FE3FC712FC03FC027E13015D02014A
5A057815F84A48D901F8EB00E01B00A302074A5A5DA31707020F5D5DA3010FBA12C0A21B
80903D001F80000FC0001FA21A3F023F021F150092C75BA2621A7E4A143F027E92C7FC1A
FE62A25F02FE027E13014A5FA305FE130301014B5C4A1870A219070401EDE0F001034B15
E05CA2F2E1C0010714034D14C34A933803E380F101E7963800FF00010F4A48143C4A94C7
FCA34A495A131F5F001CEB0380007E90380FC01F013F92CAFC26FE3E1F133E013C5C5E3A
F8780F01F0D878F0EB83E03A3FE003FF80270F8000FECBFC4E4C82BA49>14
D<150C151C153815F0EC01E0EC03C0EC0780EC0F00141E5C147C5C5C495A1303495A5C13
0F49C7FCA2133EA25BA25BA2485AA212035B12075BA2120F5BA2121FA290C8FCA25AA212
3EA2127EA2127CA412FC5AAD1278A57EA3121C121EA2120E7EA26C7E6C7EA212001E5274
BD22>40 D<140C140E80EC0380A2EC01C015E0A2140015F0A21578A4157C153CAB157CA7
15FCA215F8A21401A215F0A21403A215E0A21407A215C0140F1580A2141F1500A2143EA2
5CA25CA2495AA2495A5C1307495A91C7FC5B133E133C5B5B485A12035B48C8FC120E5A12
785A12C01E527FBD22>I<EA03C0EA07F0120F121F13F8A313F0EA07B0EA003013701360
A213E013C01201EA038013005A120E5A5A5A5A5A0D197A8819>44
D<387FFFF8A2B5FCA214F0150579941E>I<120EEA3F80127F12FFA31300127E123C0909
778819>I<EC03F8EC0FFE91383C0F809138F007C0903901E003E0D903C013F090380780
01020013F8130E131E90391C6000FCEB3870EC30011370A213F013E0EC70030001016013
F813C014E0ECC00701C114F0903881800F018314E09039C7001FC001FEEB3F80D8007814
0090C7127E5D4A5A4A5AEC07C0EC1F80023EC7FC14FCEB01F0EB07C0495A011EC8FC137C
4914C0484813015B485A4848130348C71380000E1407001E140F48EC1F00D83FF85B397F
FFC07E39783FFFFCEA700FD8F0075BD8E0015B6D13C0021FC7FC263A79B72A>50
D<16E0ED01F01503A3150716E0A3150F16C0A2151F1680A2ED3F00A3157EA2157C15FC5D
14015D14035D14075D140F5D141F92C7FC143EA25CECF81C153E903801F07EEB03E014C0
90380780FE130F49485A133EEB7C01137801F05BEA01E03803C003EA0FFE391FFFC3F048
13FB267C01FF13403AF0003FFFE000601307C71400EC0FE05DA3141F5DA3143F92C7FCA4
143E141C24487DB72A>52 D<EC01FCEC0FFF023F138091387E07C0903901F803E0EB03F0
903907E001F0EB0FC0EB1F80013F14F814005B137E13FEA2485AA2150312035BA2ED07F0
12075B150FA216E00003141FA2153FED7FC0120115FF6C6C5A90397803BF8090383C0F3F
D91FFC1300903807F07F90C7FC157E15FE5D14015D4A5AA2003E495A007F495A5D4AC7FC
00FE5B48137E007013F8387803F0387C0FE0383FFF806C48C8FCEA03F8253A78B72A>57
D<133C137E13FF5AA313FE13FCEA00701300B2120EEA3F80127F12FFA31300127E123C10
2477A319>I<EE01C01603A21607160FA2161F83163FA2167F16FF16EF150116CFED038F
A2ED070FA2150E151E151C1538A203707FA2EDE007A2EC01C014031580EC0700A2140EA2
5CA25C027FB5FCA291B6FC9139E00007F849481303A2495A130791C7FC5B130E5BA25B13
78137013F0EA03F8486C4A7EB56C48B512F0A3343C7BBB3E>65 D<0107B612FCEFFF8018
C0903B000FF0001FF04BEB07F81703021F15FC17014B14FEA2023F1400A24B1301A2147F
18FC92C7120318F84A140718F04AEC0FE0EF1FC00101ED3F80EF7F004AEB01FEEE07F849
B612E05F9139F80007F0EE01FC01076E7E177F4AEC3F80A2010F16C0171F5CA2131F173F
5CA2133FEF7F805C1800017F5D4C5A91C7485A5F49140FEE1FE0494A5A00014AB45AB748
C7FC16F816C037397BB83A>I<DB03FE130E92393FFF801E92B5EAE03C913903FE01F091
3A0FF000787CDA3FC0EB3CFC4AC7EA1FF802FE140FEB03FC49481407494815F049481403
495A5C49C813E05B485A5B000317C0485AA2485A1880485A94C7FCA2485AA3127F5BA312
FF90CBFCA41738A217784816707E17F06C5E16015F16036C6C4A5A94C7FC001F150E6D14
1E000F5D6D5C6C6C495A6C6CEB03C0D801FEEB0F8027007F807EC8FC6DB45A010F13E001
0090C9FC373D74BA3B>I<0103B612FEEFFFC018F0903B0007F8000FF84BEB03FCEF00FE
020F157FF03F804B141F19C0021F150F19E05D1807143F19F05DA2147FA292C8FCA25C18
0F5CA2130119E04A151FA2130319C04A153FA201071780187F4A1600A2010F16FEA24A4A
5A60011F15034D5A4A5D4D5A013F4B5A173F4A4AC7FC17FC017FEC03F84C5A91C7EA1FC0
4949B45A007F90B548C8FCB712F016803C397CB83F>I<0107B8FCA3903A000FF000034B
EB007F183E141F181E5DA2143FA25D181C147FA29238000380A24A130718004A91C7FC5E
13015E4A133E167E49B512FEA25EECF8000107147C163C4A1338A2010F147818E04A1370
1701011F16C016004A14031880013F150718004A5CA2017F151E173E91C8123C177C4915
FC4C5A4914070001ED7FF0B8FCA25F38397BB838>I<0107B712FEA3903A000FF000074B
1300187C021F153CA25DA2143FA25D1838147FA292C8FCEE03804A130718004A91C7FCA2
01015CA24A131E163E010314FE91B5FC5EA2903807F800167C4A1378A2130FA24A1370A2
011F14F0A24A90C8FCA2133FA25CA2137FA291CAFCA25BA25B487EB6FCA337397BB836>
I<DB03FE130E92393FFF801E92B5EAE03C913903FE01F0913A0FF000787CDA3FC0EB3CFC
4AC7EA1FF802FE140FEB03FC49481407494815F049481403495A5C49C813E05B485A5B00
0317C0485AA2485A1880485A94C7FCA2485AA3127F5BA312FF90CBFC0307B512E0A39239
0007FC00705A16075FA36C150F5FA36C6C141FA2001F5E6D143F6C7E167F6C6C4A5A6C6C
EB03EFD801FEEB07C73A007FC03F0790273FFFFC03C7FC010F01F0C8FC01001380373D74
BA40>I<0103B5D8F80FB512E0A390260007F8C7381FE0004B5DA2020F153F615DA2021F
157F96C7FC5DA2023F5D605DA2027F14016092C7FCA24A1403605CA249B7FC60A202FCC7
12070103150F605CA20107151F605CA2010F153F605CA2011F157F95C8FC5CA2013F5D5F
5CA2017F14015F91C7FC491403007FD9FE01B512F8B55BA243397CB83E>I<0103B512F8
A390390007F8005DA2140FA25DA2141FA25DA2143FA25DA2147FA292C7FCA25CA25CA213
01A25CA21303A25CA21307A25CA2130FA25CA2131FA25CA2133FA25CA2137FA291C8FC49
7EB6FCA25C25397CB820>I<0103B500F890387FFFE0A21AC090260007F8C7380FFC004B
15E061020F4BC7FC183E4B5C18F0021F4A5A4D5A4BEB0F804DC8FC023F143C5F4B5B4C5A
027FEB07C04CC9FCED001E5E4A5BED01FCECFE0315070101497E151FECFC7C4B7E903903
FDE07FDAFFC07F1580ED003F49488014F84A131F83130F160F4A801607011F81A24A1303
83133F16014A80A2017F6E7EA291C8FC494A7F007F01FE011F13FCB55CA243397CB840>
75 D<0107B512FCA25E9026000FF8C7FC5D5D141FA25DA2143FA25DA2147FA292C8FCA2
5CA25CA21301A25CA21303A25CA21307A25CA2130F170C4A141CA2011F153C17384A1478
A2013F157017F04A14E01601017F140317C091C71207160F49EC1F80163F4914FF000102
071300B8FCA25E2E397BB834>I<902607FFF8923807FFF0614F13E0D9000FEFF0004F5A
A2021F167FF1EFC0141DDA1CFCEC01CF023C16DF9538039F800238ED071FA20278ED0E3F
97C7FC0270151CA202F04B5AF0707E14E0037E14E0010117FE4D485A02C0EC0380A20103
ED0701610280140EA20107ED1C0305385B14006F137049160705E05B010EEC01C0A2011E
913803800F61011CEC0700A2013C020E131F4C5C1338ED1FB80178163F04F091C8FC0170
5CA201F04A5B187E00015DD807F816FEB500C09039007FFFFC151E150E4C397AB84A>I<
902603FFF891B512E0A281D90007923807F8006F6E5A61020F5E81DA0E7F5DA2021E6D13
07033F92C7FC141C82DA3C1F5C70130EEC380FA202786D131E0307141C147082DAF00314
3C70133814E0150101016E1378030014705C8201036E13F0604A1480163F010715C1041F
5B91C7FC17E149EC0FE360010E15F31607011E15FF95C8FC011C80A2013C805F13381600
13785F01F8157CEA03FC267FFFE0143CB51538A243397CB83E>I<ED03FE92383FFFC092
38FC07F0913903E001F891390F80007C023FC77E027E8002F815804948EC0FC0EB07E049
48EC07E0131F4A15F049C81203137E01FE16F8485AA2485AA2485AA2120F5B001F16075B
123FA34848ED0FF0A448C9EA1FE0A3EF3FC0A21880177F18005F5F16015F6C4B5A4C5AA2
4C5A6C4B5A6D4A5A001F93C7FC6D147E000F5D6C6CEB03F06C6C495A6C6CEB0F806C6C01
3FC8FC90383F01FC90381FFFE0010190C9FC353D74BA40>I<0107B612F817FF1880903B
000FF0003FE04BEB0FF0EF03F8141FEF01FC5DA2023F15FEA25DA2147FEF03FC92C7FCA2
4A15F817074A15F0EF0FE01301EF1FC04AEC3F80EFFE0001034A5AEE0FF091B612C04CC7
FCD907F8C9FCA25CA2130FA25CA2131FA25CA2133FA25CA2137FA291CAFCA25BA25B1201
B512FCA337397BB838>I<0103B612F017FEEFFF80903B0007F8003FC04BEB0FF0170702
0FEC03F8EF01FC5DA2021F15FEA25DA2143FEF03FC5DA2027FEC07F818F092C7120F18E0
4AEC1FC0EF3F004A14FEEE01F80101EC0FE091B6128004FCC7FC9138FC003F0103EC0F80
834A6D7E8301071403A25C83010F14075F5CA2011F140FA25CA2133F161F4AECE007A201
7F160F180E91C7FC49020F131C007F01FE153CB5913807F078040313F0CAEAFFE0EF3F80
383B7CB83D>82 D<92383FC00E913901FFF01C020713FC91391FC07E3C91393F001F7C02
7CEB0FF84A130749481303495A4948EB01F0A2495AA2011F15E091C7FCA34915C0A36E90
C7FCA2806D7E14FCECFF806D13F015FE6D6D7E6D14E0010080023F7F14079138007FFC15
0F15031501A21500A2167C120EA3001E15FC5EA3003E4A5AA24B5AA2007F4A5A4B5A6D49
C7FC6D133ED8F9F013FC39F8FC03F839F07FFFE0D8E01F138026C003FCC8FC2F3D7ABA2F
>I<0007B812E0A25AD9F800EB001F01C049EB07C0485AD900011403121E001C5C003C17
801403123800785C00701607140700F01700485CA2140FC792C7FC5DA2141FA25DA2143F
A25DA2147FA292C9FCA25CA25CA21301A25CA21303A25CA21307A25CA2130FA25CEB3FF0
007FB512F8B6FCA2333971B83B>I<003FB539800FFFFEA326007F80C7EA7F8091C8EA3F
00173E49153CA2491538A20001167817705BA2000316F05F5BA2000715015F5BA2000F15
035F5BA2001F150794C7FC5BA2003F5D160E5BA2007F151E161C90C8FCA2163C4815385A
16781670A216F04B5A5E1503007E4A5A4BC8FC150E6C143E6C6C5B15F0390FC003E03907
F01FC00001B5C9FC38007FFCEB1FE0373B70B83E>I<B500F8903803FFFEA218FCD803FE
C8EA7FC049ED3F000001163E173C17385FA25F16015F6D4A5AA200004BC7FC5E160E5EA2
5EA25E5EA26D495A7F4B5A150793C8FC150EA25D153C15385D1480013F5B14815DEC8380
A20287C9FCA2148E149E149C14F8A26D5AA25C5CA25CA291CAFC131EA2373B6FB83E>I<
B5D8F80FB590381FFFF06102F018E0D807FEC7D87FE0903803FE00D803F8DA3F806D5AF1
00F0A24F5A621903621907047F92C7FC190E16FF4B5DA2DB03BF5C7F0001DA073F5CA203
0E5D83DB1C1F495A180303385D4EC8FC157003F0140E15E0DA01C05CA2DA03805CA2DA07
005CA2020E5D17C14A5DEFC3805C027802C7C9FC14704A14CE13FE6C6C4814DCA24A14F8
A291C75B160F495D5F5B5F5B4992CAFCA249140E4C3B6FB853>I<49B5D8F007B5FCA3D9
000790C713E0DA03FCEC7F00187C020115786F5C4D5A02005D6F495A4DC7FC6F5BEE801E
5F033F5BEEC0705F92381FC1C016E3EEE780DB0FEFC8FC16FE6F5A5EA2150382A2150782
150F151CED3CFF5D4B7EDA01E07FEDC03FDA03807FEC0700020E131F021E805C4A130F02
70805C49481307494880130749C71203011E81133E01FE81D807FF1407B500E090387FFF
FC93B5FC6040397CB83E>I<B500F8903803FFFEA3D803FEC8EA7FC00001EE3F00173E17
7800005E6D5D4C5A6D14036E495A94C7FC160E013F5C6E133C5E011F14706E5B4B5A010F
13036E485A93C8FC150E01075BECF83C5D01035B6E5AECFDC06DB45AA292C9FC5C6D5A13
01A35C1303A35C1307A35C130FA35C131FA2133F001FB57E5AA237396FB83E>I<14F8EB
07FE90381F871C90383E03FE137CEBF801120148486C5A485A120FEBC001001F5CA2EA3F
801403007F5C1300A21407485C5AA2140F5D48ECC1C0A2141F15831680143F1587007C01
7F1300ECFF076C485B9038038F8E391F0F079E3907FE03FC3901F000F0222677A42A>97
D<133FEA1FFFA3C67E137EA313FE5BA312015BA312035BA31207EBE0F8EBE7FE9038EF0F
80390FFC07C013F89038F003E013E0D81FC013F0A21380A2123F1300A214075A127EA214
0F12FE4814E0A2141F15C05AEC3F80A215005C147E5C387801F8007C5B383C03E0383E07
C0381E1F80D80FFEC7FCEA01F01C3B77B926>I<147F903803FFC090380FC1E090381F00
70017E13784913383901F801F83803F003120713E0120FD81FC013F091C7FC485AA2127F
90C8FCA35A5AA45AA3153015381578007C14F0007EEB01E0003EEB03C0EC0F806CEB3E00
380F81F83803FFE0C690C7FC1D2677A426>I<ED01F815FFA3150316F0A21507A216E0A2
150FA216C0A2151FA21680A2153FA202F81300EB07FE90381F877F90383E03FF017C5BEB
F80112013803F00048485B120FEBC001121F5DEA3F801403127F01005BA214075A485CA2
140FA248ECC1C0A2141F15C3ED8380143F1587007C017F1300ECFF076C485B9038038F8E
391F0F079E3907FE03FC3901F000F0253B77B92A>I<147F903803FFC090380FC1E09038
3F00F0017E13785B485A485A485A120F4913F8001F14F0383F8001EC07E0EC1F80397F81
FF00EBFFF891C7FC90C8FC5A5AA55AA21530007C14381578007E14F0003EEB01E0EC03C0
6CEB0F806CEB3E00380781F83803FFE0C690C7FC1D2677A426>I<ED07C0ED1FF0ED3E38
ED7C3CEDF8FC15F9140115F1020313F8EDF0F0160014075DA4140F5DA4141F5D010FB512
C05B16809039003F800092C7FCA45C147EA414FE5CA413015CA413035CA413075CA4130F
5CA3131F5CA391C8FC5B121CEA7E3EA2EAFE3C137C1378EAF8F01278EA3FC0EA0F80264C
82BA19>I<EC07C0EC3FF09138FC38E0903901F01FF0EB03E0903807C00FEB0F80011F13
07D93F0013E05B017E130F13FE4914C01201151F1203491480A2153F1207491400A25DA2
49137EA215FEA25D00031301140314076C6C485A0000131FEB787BEB3FF390380FC3F0EB
00031407A25DA2140F5D121C007E131F5D00FE49C7FC147E5C387801F8387C07E0381FFF
80D803FEC8FC24367CA426>I<EB03F0EA01FFA3EA00075CA3130F5CA3131F5CA3133F91
C8FCA35B90387E07F0EC1FFCEC783E9038FFE01F02C01380EC800F1400485A16C05B49EB
1F8012035BA2153F000715005BA25D000F147E5B15FE5D121FD98001131C15F8163C003F
01031338010013F0A216704814E0007E15F016E0EDE1C000FE903801E38048903800FF00
0038143C263B7BB92A>I<EB01C0EB07E014F0130F14E01307EB038090C7FCAB13F0EA03
FCEA071EEA0E1F121CA212385B1270A25BEAF07E12E013FEC65AA212015B1203A25B1207
5BA2000F13E013C013C1001F13C01381A2EB83801303EB0700A2130E6C5AEA07F8EA01E0
143879B619>I<EB03F0EA01FFA3EA00075CA3130F5CA3131F5CA3133F91C8FCA35B017E
EB0F80ED3FE015F09039FE01C1F09038FC0387EC0707140E0001011C13E0EBF838913830
03800270C7FC00035BEBF1C0EBF38001FFC8FCEA07FC7FEBFFC0EBE7F8380FE1FCEBC07E
147F80001F809039801F81C0A21583003F013F138001001303A21507481500007E133EEC
1E0E151E00FE6D5A48EB07F80038EB01E0243B7BB926>107 D<EB0FC0EA07FFA3EA001F
1480A2133FA21400A25BA2137EA213FEA25BA21201A25BA21203A25BA21207A25BA2120F
A25BA2121FA25BA2123FA290C7FCA25AA2EA7E0EA212FE131EEAFC1CA2133C133812F813
78EA7870EA7CE0121FEA0F80123B79B915>I<D801E001FEEB07F03C07F803FF801FFC3C
0E3C0F07C0783E3C1E3E3C03E1E01F261C1F78D9F3C013803C383FF001F7800F02E01400
007801C013FE007018C002805B4A4848EB1F80EAF07FD8E07E5CA200000207143F01FE17
00495CA2030F5C0001177E495C18FE031F5C120349DA8001131C18F8033F153C00070403
133849020013F0A24B1570000F17E049017E15F019E003FEECE1C0001FEE01E349499038
00FF000007C70038143C3E2679A444>I<D801E013FE3A07F803FF803A0E3C0F07C03A1E
3E3C03E0261C1F787F39383FF00114E0007813C000708114804A485AEAF07FEAE07EA200
00140701FE5C5BA2150F00015D5B151F5E12034990383F8380160316070007027F130049
137EA2160E000F147C49141E161C5E001FEC3C7849EB1FE00007C7EA0780292679A42F>
I<147F903803FFC090380FC1F090381F00F8017E137C5B4848137E4848133E0007143F5B
120F485AA2485A157F127F90C7FCA215FF5A4814FEA2140115FC5AEC03F8A2EC07F015E0
140F007C14C0007EEB1F80003EEB3F00147E6C13F8380F83F03803FFC0C648C7FC202677
A42A>I<9039078007C090391FE03FF090393CF0787C903938F8E03E9038787FC0017049
7EECFF00D9F0FE148013E05CEA01E113C15CA2D80003143FA25CA20107147FA24A1400A2
010F5C5E5C4B5A131F5EEC80035E013F495A6E485A5E6E48C7FC017F133EEC70FC90387E
3FF0EC0F8001FEC9FCA25BA21201A25BA21203A25B1207B512C0A3293580A42A>I<ECF8
03903807FE0790381F871F90383E03BF017C13FEEBF80112013803F000484813FC120F5B
001F130115F8EA3F80A2007F1303010013F0A34813074814E0A3140F4814C0A3141F1580
143FA2007C137FECFF006C5AEB03BF381F0F7F3807FE7EEA01F0C7FC14FE5CA313015CA3
13035C130748B512C0A3203577A426>I<3903C003F0390FF01FFC391E783C0F381C7C70
3A3C3EE03F8038383FC0EB7F800078150000701300151CD8F07E90C7FCEAE0FE5BA21200
12015BA312035BA312075BA3120F5BA3121F5BA3123F90C9FC120E212679A423>I<14FE
903807FF8090380F83C090383E00E04913F00178137001F813F00001130313F0A215E000
03EB01C06DC7FC7FEBFFC06C13F814FE6C7F6D13807F010F13C01300143F141F140F123E
127E00FE1480A348EB1F0012E06C133E00705B6C5B381E03E06CB45AD801FEC7FC1C267A
A422>I<EB0380EB07C0130FA4131F1480A3133F1400A35B137E007FB5FCA2B6FC3800FC
00A312015BA312035BA312075BA3120F5BA3121FEB801CA2143C003F1338EB0078147014
F014E0EB01C0EA3E03381F0780380F0F00EA07FCEA01F0183579B31C>I<13F8D803FEEB
01C0D8078FEB03E0390E0F8007121E121C0038140F131F007815C01270013F131F00F013
0000E015805BD8007E133FA201FE14005B5D120149137EA215FE120349EBFC0EA2020113
1E161C15F813E0163CD9F003133814070001ECF07091381EF8F03A00F83C78E090393FF0
3FC090390FC00F00272679A42D>I<01F0130ED803FC133FD8071EEB7F80EA0E1F121C12
3C0038143F49131F0070140FA25BD8F07E140000E08013FEC6485B150E12015B151E0003
141C5BA2153C000714385B5DA35DA24A5A140300035C6D48C7FC0001130E3800F83CEB7F
F8EB0FC0212679A426>I<903907E007C090391FF81FF89039787C383C9038F03E703A01
E01EE0FE3803C01F018013C0D8070014FC481480000E1570023F1300001E91C7FC121CA2
C75AA2147EA214FEA25CA21301A24A1370A2010314F016E0001C5B007E1401010714C000
FEEC0380010F1307010EEB0F0039781CF81E9038387C3C393FF03FF03907C00FC027267C
A427>120 D<13F0D803FCEB01C0D8071EEB03E0D80E1F1307121C123C0038140F4914C0
1270A249131FD8F07E148012E013FEC648133F160012015B5D0003147E5BA215FE00075C
5BA214015DA314035D14070003130FEBF01F3901F87FE038007FF7EB1FC7EB000F5DA214
1F003F5C48133F92C7FC147E147C007E13FC387001F8EB03E06C485A383C1F80D80FFEC8
FCEA03F0233679A428>I<B712FCA2260279962A>123 D E /Fc 1
16 df<EB0FE0EB7FFC497E0003EBFF804814C04814E04814F04814F8A24814FCA3B612FE
A86C14FCA36C14F8A26C14F06C14E06C14C06C1480C6EBFE006D5AEB0FE01F207BA42A>
15 D E /Fd 3 63 df<121C127FEAFF80A5EA7F00121C0909798817>58
D<EF0180EF07C0171F177F933801FF00EE07FCEE1FF0EE7FC04B48C7FCED07FCED1FF0ED
7FC04A48C8FCEC07FCEC1FF0EC7FC04948C9FCEB07FCEB1FF0EB7FC04848CAFCEA07FCEA
1FF0EA7FC048CBFCA2EA7FC0EA1FF0EA07FCEA01FF38007FC0EB1FF0EB07FCEB01FF9038
007FC0EC1FF0EC07FCEC01FF9138007FC0ED1FF0ED07FCED01FF9238007FC0EE1FF0EE07
FCEE01FF9338007FC0171F1707EF0180323279AD41>60 D<124012F812FE6C7EEA3FE0EA
0FF8EA03FEC66C7EEB3FE0EB0FF8EB03FE903800FF80EC3FE0EC0FF8EC03FE913800FF80
ED3FE0ED0FF8ED03FE923800FF80EE3FE0EE0FF8EE03FE933800FF80EF3FC0A2EFFF8093
3803FE00EE0FF8EE3FE0EEFF80DB03FEC7FCED0FF8ED3FE0EDFF80DA03FEC8FCEC0FF8EC
3FE0ECFF80D903FEC9FCEB0FF8EB3FE0EBFF80D803FECAFCEA0FF8EA3FE0EAFF8048CBFC
12F81260323279AD41>62 D E /Fe 62 124 df<913803FFC0027F13F00103B512FC010F
EB00FED93FF8133FD97FE0EBFF8049485A5A1480484A13C04A6C1380A36F1300167E93C7
FCA592383FFFC0B8FCA4000390C7FCB3ABB5D8FC3F13FFA4303A7EB935>12
D<D80F80137C393FE001FF486C481380A2486C4813C0A201FC14E0A3007F7FA2003F7F39
0F9C007CD8001C1300013C1301013814C0A3017813030170148001F013074848EB0F00A2
4848131E48485B48C75A4814F8001C14E000185C231D7DB932>34
D<141C143C14F8EB01F0EB03E01307EB0FC0EB1F8014005B137E13FE5B12015B1203A248
5AA2120F5B121FA25B123FA4485AA512FFB1127FA56C7EA4121F7FA2120F7F1207A26C7E
A212017F12007F137E7F7F1480EB0FC0EB07E01303EB01F0EB00F8143C141C165377BD25
>40 D<12E07E127C7E7E7F6C7E6C7E12037F6C7E7F12007F137E137FA2EB3F80A214C013
1F14E0A2130F14F0A4EB07F8A514FCB114F8A5EB0FF0A414E0131FA214C0133F1480A2EB
7F00A2137E13FE5B12015B485A5B1207485A485A90C7FC123E5A12F05A16537BBD25>I<
B61280A819087F9620>45 D<EA0F80EA3FE0EA7FF0A2EAFFF8A5EA7FF0A2EA3FE0EA0F80
0D0D798C1B>I<167016F8A2150116F0A2150316E0150716C0A2150F1680151F16005D15
3EA2157E157C15FC5DA214015D14035DA214075D140F5D141F92C7FCA25C143E147E147C
A214FC5C13015CA213035C13075CA2130F5C131F91C8FC5B133EA2137E137C13FC5BA212
015B12035BA212075B120F5B121F90C9FCA25A123E127E127CA212FC5AA2127025537BBD
30>I<141E143E14FE1307133FB5FCA313CFEA000FB3B3A6007FB61280A4213779B630>
49 D<EB0FFC90387FFFC048B512F0000714FC390FF03FFF261F800F1380263F000313C0
5AD9C00113E0486C6C13F07FA2ED7FF8A46C5A6C5A000FC7FCC8FCEDFFF0A216E05C16C0
4A138016004A5A5D4A5A4A5A4A5AEC7F8092C7FC14FEEB01F849481378495A495A495A01
3EC712F84914F05B4848130148B6FCA25A5A5A5A4815E0B7FCA425377BB630>I<EB03FF
011F13F0017F13FC3901FC07FF2603F003138048486C13C0496C13E0EA0FF001FC14F012
1F7FA56C4814E0A23803F001C714C04A138016004A5A4A5AEC3FF090380FFFC092C7FC15
F090380007FE913801FF806E13C016E0ED7FF016F816FC153FA216FEEA1FC0487E487E48
7EA416FCA249EB7FF8127F01C0EBFFF06C4814E06C6C4813C0260FFC0713806CB6120000
0114FC6C6C13F0010790C7FC27387CB630>I<ED07C0150FA2151F153F157F15FFA25C5C
5C5CA2141E5C147C5C5C495A495A1307495A5C131E5B137C5B5B485A485A1207485A90C7
FC121E5A127C5AB81280A4C70001EBC000AA0103B61280A429377DB630>I<001C15C0D8
1F80130701F8137F90B61280A216005D5D15F05D15804AC7FC14F090C9FCA8EB07FE9038
3FFFE090B512F89038FC07FC9038E003FFD98001138090C713C0120EC813E0157F16F0A2
16F8A21206EA3F80EA7FE012FF7FA44914F0A26C4813FF90C713E0007C15C06C5B6C4913
80D9C0071300390FF01FFE6CB512F8000114E06C6C1380D90FF8C7FC25387BB630>I<EC
0FF8ECFFFE0103EBFF8090390FF80FC090393FE003E090397FC001F09038FF000F48EC1F
F84848133F485A120F5B121FA2003FEC1FF0ED0FE04990C7FC127FA21408EC7FF039FFF1
FFFC01F313FFD9F78013809039FF007FC049EB3FE04914F0ED1FF85B16FCA34914FEA512
7FA5123F16FCA26C7E16F8000F143F6C6C14F0ED7FE06C6C14C03A01FF81FF806C90B512
00013F13FC010F13F00101138027387CB630>I<123C123EEA3FE090B71280A41700485D
5E5E5EA25E007CC7EA0FC000784A5A4BC7FC00F8147E48147C15FC4A5A4A5AC7485A5D14
0F4A5A143F92C8FC5C147E14FE1301A2495AA31307A2130F5CA2131FA5133FA96D5A6D5A
6D5A293A7BB830>I<49B47E010F13F0013F13FC9038FE01FF3A01F8007F804848EB3FC0
4848EB1FE0150F485AED07F0121FA27FA27F7F01FEEB0FE0EBFF809138E01FC06CEBF03F
02FC13809138FF7F006C14FC6C5C7E6C14FE6D7F6D14C04914E048B612F0EA07F848486C
13F8261FE01F13FC383FC007EB8001007F6D13FE90C7123F48140F48140715031501A215
00A216FC7E6C14016D14F86C6CEB03F06D13076C6CEB0FE0D80FFEEB7FC00003B61200C6
14FC013F13F00103138027387CB630>I<EB03FF011F13E0017F13F83901FF03FE4848C6
7E4848EB7F80484814C0001FEC3FE0123F49EB1FF0127F16F8A212FF16FCA516FEA5007F
143FA3123F157F6C7E000F14FF6C6C5A3903FE03DF6CB5129F6C6C131FD91FFC13FCEB00
201400A216F8D80FE0133F487E486C14F0A216E0157F16C0EDFF80495A6C484813009038
8007FE390FE01FF86CB55A6C14C0C691C7FCEB1FF027387CB630>I<EA0F80EA3FE0EA7F
F0A2EAFFF8A5EA7FF0A2EA3FE0EA0F80C7FCABEA0F80EA3FE0EA7FF0A2EAFFF8A5EA7FF0
A2EA3FE0EA0F800D2579A41B>I<ED03E04B7EA24B7EA34B7EA24B7EA34B7EA292B57EA3
4A8015F302038015E1A202078015C0020F80ED807FA2021F80ED003F4A80023E131FA202
7E80027C7F02FC814A7FA20101824A7F49B77EA3498202C0C7FC010F824A147FA2011F82
91C8123F4982013E151FA2017E82017C8101FE83B500F80107B61280A4413A7DB948>65
D<B812C017FC17FF18C028007FF000037F04007F717E717E171F84A2717EA74D5AA26017
3F4D5A4D5A4C13C0040F5B91B600FCC7FCA2EFFF8002F0C713F0EF3FF8717E717E717E19
807113C0A319E0A719C0A25F4D138019005FEF7FFE4C485AB912F018C095C7FC17F03B39
7DB844>I<DB3FFCEB01C00203B5EAC003021FECF00791B6EAFC0F01039039FC00FF3F49
01C0EB1FFFD91FFEC77E49481403D97FF080494880485B48177F4849153F4890C9FC181F
485A180F123F5B1807127FA24993C7FC12FFAD127F7FF003C0123FA27F001F1707A26C6C
1780180F6C6D16006C6D5D6C173E6C6D157ED97FF85D6D6C4A5A6DB44A5A010701C0EB0F
E06D01FCEBFF80010090B548C7FC021F14F8020314E09126003FFEC8FC3A3B7BB945>I<
B87E17F817FF18C028007FF8000713F09338007FF8EF1FFE717E050313807113C0A27113
E0F07FF0A2F03FF8A219FC181FA219FEA419FFAC19FEA419FC183FA219F8187F19F0F0FF
E0A24D13C04D13804D1300EF1FFEEF7FFC933807FFF0B912C095C7FC17FC178040397DB8
49>I<B912F0A426007FF8C7FCEF1FF8170717031701A21700A21878A3043C137C183CA4
1800167CA216FC150391B5FCA4ECF8031500167CA2163C180FA3181EA293C7FCA2183EA2
183C187CA218FCA2EF01F81703170F173FEE01FFB9FC18F0A338397DB83F>I<B912C0A4
3A007FF800039338007FE0171F170F1707A21703A21701A318F0EE7800A41800A216F8A2
1501150791B5FCA4ECF80715011500A21678A693C8FCADB7FCA434397DB83C>I<DB3FFC
EB01C00203B5EAC003021FECF00791B6EAFC0F01039039FC00FF3F4901C0EB1FFFD91FFE
C77E49481403D97FF080494880485B48177F4849153F4890C9FC181F485A180F123F5B18
07127FA24993C8FC12FFAB043FB61280A2127F7FDC0003EBC000123FA27F121FA26C7EA2
6C7F6C7F6C7F7ED97FF85C6D7E6DB45C010701C05B6D01FCEBFF3F010090B5EAFE0F021F
ECF8030203ECE0009126003FFEC9FC413B7BB94B>I<B6D8FC03B612F0A426007FF8C700
01EBE000B3A391B8FCA402F8C71201B3A6B6D8FC03B612F0A444397DB84B>I<B612FCA4
39007FF800B3B3ADB612FCA41E397DB824>I<B600FC0103B512C0A426007FF8C8381FE0
0019804EC7FC18FEEF01F84D5A4D5A4D5AEF3F80057EC8FC5F4C5A4C5AEE0FE0EE1F804C
C9FC167E5EED03F84B7E4B7E4B7E4B7F5D02F9B57EDAFBF77FDAFFE37F15C103807F4A48
7F4A6D7E4A133F707E707F8482707F707F8482717E717E8483717F717F858385B600FC01
7FEBFFE0A443397DB84B>75 D<B500F80403B512F06E5EA26E5ED8007FF1E000A2D97BFF
161EA201796D5DA201786D5DA26E6C5DA36E6C4A5AA26E6C4A5AA26E6C4A5AA26E6C4A5A
A26E6C141EA36E6D5BA26E6D5BA26F6C5BA26F6C485AA36F6C485AA26F6C485AA26F6C48
C7FCA2923803FF1EA36F13BCA26F13F8A2705AA2705AA213FCB500FC6D4848B612F0A2EE
0F80EE070054397DB85B>77 D<B500FC0203B512F0A28080C66C6D90390003F0006F6E5A
81017B7F13798101787F6E7E6E7E6E7F6E7FA26E7F6E7F6E7F6E7F6F7E153F826F13806F
13C06F13E06F13F06F13F88117FCEE7FFEEE3FFF7013817013C17013E18218F17013F970
13FDEF7FFF8383A28383838383187FA2183F181F01FC160FB500FC150718031801A24439
7DB84B>I<B8FC17F017FEEFFF8028007FF8000F13C0040113E07013F0EF7FF8EF3FFCA2
EF1FFEA218FFA818FEA2EF3FFCA2EF7FF8EFFFF04C13E0040F13C091B7120017FC17E002
F8C9FCB3A4B612FCA438397DB841>80 D<B712FCEEFFE017FC17FF28007FF8000F13C004
017F707F717E717EA2717EA284A760A24D5A604D5A4D5A04035B041F90C8FC91B612FC17
E0839139F8003FFCEE0FFF707F707F8284A2707FA584A51A601AF084177F1901DD3FFE13
E0B600FC011F130394390FFF87C071EBFF8005011400CBEA1FFC443A7DB848>82
D<D907FF130E013FEBE01E90B5EAF83E0003ECFE7E3A07FC01FFFE390FF0001F4848130F
48481303491301007F140090C8FC167E5A163EA27F161E7F7F6D91C7FC13FC387FFFE014
FEECFFF06C14FE6F7E6C816C15F06C816C81C681133F010F801301D9000F1480EC007F03
0F13C01503818100F0157FA3163FA27E17807E167F6C16007E6D14FE01E0495A01F81303
9039FF801FF800FC90B512E0D8F83F5CD8F00749C7FC39E0007FF02A3B7BB935>I<003F
B91280A4D9F800EBF003D87FC09238007FC049161F007EC7150FA2007C1707A200781703
A400F818E0481701A4C892C7FCB3AE010FB7FCA43B387DB742>I<B600FC011FB512C0A4
26007FF8C8381FC000725AB3B3181F013F94C7FC8060011F163E6D6C157E187C6D6C15FC
6D6D495A6D6DEB07F06D01F0EB1FE0DA7FFEEBFFC0021FB6C8FC02075C020014F0030F13
80423A7DB849>I<B600F00103B512E0A4C601F0C83807F0006E5E017F5F6E150FA2013F
5F6E151F011F94C7FC6E5D6D163E6F147E6D167CA26F14FC6D5E6F13016D5E6F13036D5E
811707027F5D6F130F023F5D6F131F021F92C8FC815F6E143EEE807E6E147CEEC0FC6E5C
16E016E16E5C16F36E5C16FF6F5BA36F5BA26F90C9FCA26F5AA36F5AA26F5AA26F5A433A
7EB848>I<0160130301E05B0003141F49131E48485B48C75A001E5CA248495A00385C00
78130300705CA300F013074891C7FCD8E7C0133ED8FFF0EBFF8001F814C0A201FC14E0A3
007F7FA26C486C13C0A26C486C1380D807C0EB3E00231D75B932>92
D<EB3FFE0003B512E0000F14F8391FF00FFE003FEB03FF6D6C7F6E7FA26F7EA26C5A6C5A
EA0380C8FCA2EC3FFF010FB5FC137F3901FFF87F00071380380FFE00EA3FF85B485A12FF
5BA415FF6D5A127F263FF00713F83B1FFC1FBFFFC0390FFFFE1F0003EBF80F39003FE003
2A257DA42E>97 D<13FFB5FCA412077EAF4AB47E020F13F0023F13FC9138FE03FFDAF000
13804AEB7FC00280EB3FE091C713F0EE1FF8A217FC160FA217FEAA17FCA3EE1FF8A217F0
6E133F6EEB7FE06E14C0903AFDF001FF80903AF8FC07FE009039F03FFFF8D9E00F13E0D9
C00390C7FC2F3A7EB935>I<903801FFC0010F13FC017F13FFD9FF8013802603FE0013C0
48485AEA0FF8121F13F0123F6E13804848EB7F00151C92C7FC12FFA9127FA27F123FED01
E06C7E15036C6CEB07C06C6C14806C6C131FC69038C07E006DB45A010F13F00101138023
257DA42A>I<EE7F80ED7FFFA4150381AF903801FF81010F13F1013F13FD9038FFC07F00
03EB001FD807FC1307000F8048487F5B123FA2485AA312FFAA127FA27F123FA26C6C5B00
0F5C6C6C5B6C6C4913C02701FF80FD13FE39007FFFF9011F13E1010313012F3A7DB935>
I<903803FF80011F13F0017F13FC3901FF83FE3A03FE007F804848133F484814C0001FEC
1FE05B003FEC0FF0A2485A16F8150712FFA290B6FCA301E0C8FCA4127FA36C7E1678121F
6C6C14F86D14F000071403D801FFEB0FE06C9038C07FC06DB51200010F13FC010113E025
257DA42C>I<EC1FF0903801FFFC010713FF90391FF87F8090383FE0FFD9FFC113C0A248
1381A24813016E1380A2ED3E0092C7FCA8B6FCA4000390C8FCB3ABB512FEA4223A7DB91D
>I<161FD907FEEBFFC090387FFFE348B6EAEFE02607FE07138F260FF801131F48486C13
8F003F15CF4990387FC7C0EEC000007F81A6003F5DA26D13FF001F5D6C6C4890C7FC3907
FE07FE48B512F86D13E0261E07FEC8FC90CAFCA2123E123F7F6C7E90B512F8EDFF8016E0
6C15F86C816C815A001F81393FC0000F48C8138048157F5A163FA36C157F6C16006D5C6C
6C495AD81FF0EB07FCD807FEEB3FF00001B612C06C6C91C7FC010713F02B377DA530>I<
13FFB5FCA412077EAFED7FC0913803FFF8020F13FE91381F03FFDA3C01138014784A7E4A
14C05CA25CA291C7FCB3A3B5D8FC3F13FFA4303A7DB935>I<EA01F0EA07FC487EA2487E
A56C5AA26C5AEA01F0C8FCA913FF127FA412077EB3A9B512F8A4153B7DBA1B>I<141FEC
7FC0ECFFE0A24913F0A56D13E0A2EC7FC0EC1F0091C7FCA9EC0FF0EB0FFFA4EB007F143F
B3B0121FEA3F80EA7FC0EAFFE0EC7FE0A215C014FF6C481380903883FE006CB45A000F13
F0000113801C4B86BA1D>I<13FFB5FCA412077EAF92380FFFE0A4923803FC0016F0ED0F
E0ED1F804BC7FC157E5DEC03F8EC07E04A5A141FEC7FE04A7E8181A2ECCFFEEC0FFF496C
7F806E7F6E7F82157F6F7E6F7E82150F82B5D8F83F13F8A42D3A7EB932>I<13FFB5FCA4
12077EB3B3ACB512FCA4163A7DB91B>I<01FED97FE0EB0FFC00FF902601FFFC90383FFF
80020701FF90B512E0DA1F81903983F03FF0DA3C00903887801F000749DACF007F000349
14DE6D48D97FFC6D7E4A5CA24A5CA291C75BB3A3B5D8FC1FB50083B512F0A44C257DA451
>I<01FEEB7FC000FF903803FFF8020F13FE91381F03FFDA3C011380000713780003497E
6D4814C05CA25CA291C7FCB3A3B5D8FC3F13FFA430257DA435>I<903801FFC0010F13F8
017F13FFD9FF807F3A03FE003FE048486D7E48486D7E48486D7EA2003F81491303007F81
A300FF1680A9007F1600A3003F5D6D1307001F5DA26C6C495A6C6C495A6C6C495A6C6C6C
B45A6C6CB5C7FC011F13FC010113C029257DA430>I<9039FF01FF80B5000F13F0023F13
FC9138FE07FFDAF00113800003496C13C00280EB7FE091C713F0EE3FF8A2EE1FFCA3EE0F
FEAA17FC161FA217F8163F17F06E137F6E14E06EEBFFC0DAF00313809139FC07FE009138
3FFFF8020F13E0020390C7FC91C9FCACB512FCA42F357EA435>I<49B4EB0780010FEBE0
0F013FEBF81F9039FFC07C3F0003EB803E3A07FE000F7F4848EB07FF121F497F123F497F
127FA25B12FFAA6C7EA36C7E5D6C7E000F5C6C6C5B6C6C133F6CEBC0FD39007FFFF1011F
13C10101130190C7FCAC037F13FEA42F357DA432>I<9038FE03F000FFEB0FFEEC3FFF91
387C7F809138F8FFC000075B6C6C5A5CA29138807F80ED3F00150C92C7FC91C8FCB3A2B5
12FEA422257EA427>I<90383FF0383903FFFEF8000F13FF381FC00F383F0003007E1301
007C130012FC15787E7E6D130013FCEBFFE06C13FCECFF806C14C06C14F06C14F81203C6
14FC131F9038007FFE140700F0130114007E157E7E157C6C14FC6C14F8EB80019038F007
F090B512C000F8140038E01FF81F257DA426>I<130FA55BA45BA25B5BA25A1207001FEB
FFE0B6FCA3000390C7FCB21578A815F86CEB80F014816CEBC3E090383FFFC06D13809038
03FE001D357EB425>I<01FFEC3FC0B5EB3FFFA4000714016C80B3A35DA25DA26C5C6E48
13E06CD9C03E13FF90387FFFFC011F13F00103138030257DA435>I<B539F001FFF8A400
0390C7EA3F00161E6E133E6C153C6E137C6C15786E13F8017F5CECF001013F5C14F8011F
495AA2ECFC07010F5CECFE0F010791C7FC6E5A6D131E15BE6D13BC15FC6D5BA36E5AA26E
5AA26E5AA26E5AA22D257EA432>I<B500F1B538803FFFA43D07FE000FF80003E06C6C01
0715C082028015076C6E6C148015076C01C0ED0F00826E485C017FED801E5D90273FF01E
7F5B17C0DAF83E147C011F90393C3FE078037C14F8903B0FFC781FF0F0A29139FEF00FF1
0107EDF9E002FF14FB6D496CB45AA24B7E6D5EA26D496C90C7FCA292C7FC6E5CA2023E14
7C023C143C40257EA445>I<B539F01FFFF0A4000390398003F8006C01C013E06C1407D9
7FE05B6D6C485A6E48C7FC90381FFC3E010F5B903807FEFC6D6C5A5D6D5B6D5B6E7E6E7E
814A7EA24A7E903801F3FFD903E37FD907C17FEB0FC049486C7E4A6C7E013E80496D7E49
130F00016E7EB590383FFFF8A42D257EA432>I<B539F001FFF8A4000390C7EA3F00161E
6E133E6C153C6E137C6C15786E13F8017F5CECF001013F5C14F8011F495AA2ECFC07010F
5CECFE0F010791C7FC6E5A6D131E15BE6D13BC15FC6D5BA36E5AA26E5AA26E5AA26E5AA2
92C8FCA25C141E003F133E387F803C38FFC07C147814F8EBC1F0EBC3E06C485A387D1F80
D83FFFC9FCEA1FFCEA07F02D357EA432>I<B812FEA32F03809730>123
D E /Ff 44 122 df<EE3FFF030FB512E092B612F8020781021F814A9038E007FFDAFFFE
C77F4901F8497F4901E05B490180497F4990C75A495A133F5C4D7F49486E5BA3715BA271
5BDD00FEC7FC95C8FCA84CB512F0BAFCA626007FFCC7120383B3B3A4007FB5D8FC01B612
F0A644547DD34C>12 D<151E153F15FF1403140F147F0107B5FC0003B6FCB7FCA314BFEB
F83FEAFC00C7FCB3B3B3A4007FB81280A6314E76CD45>49 D<EC1FFF0103B512F8010F14
FE013FECFFC090B77E4816F80007D9C07F7F270FFE000F7F01F801037FD81FE06D148048
6C6D14C0D87FFC6E13E06D806D16F0B5806E15F882A218FCA2826C90C7FCA26C5A6C5A6C
5AD803E05CC914F8A34C13F0A218E05E18C04C138018004C5A4B5B5F4B5B4B5B4B5B5F4B
48C7FC4B5AED7FF04B5A4A5B4A90C8FC4A5A4A4814FC5DEC1FE04A48EB01F84A5A4AC7FC
495AEB03F849481403495A4948EC07F04948140F49B7FC90B8FC5A5A5A4817E05A5A5AB9
FCA318C0A3364E79CD45>I<91380FFFC091B512FE0107ECFFC0011F15F04915FC90267F
F8077F9026FFC0007F4848C76C138048486E13C0486C6E13E0486C6C15F08082486D15F8
A380A25CA26C5D4A15F06C5B6C90C7FCC64816E090C85A18C04C138018004C5A4B5B4B5B
030F5B037F13C0027FB55A04FCC7FC16F016FEEEFFC0DA000713F0030113FC6F6CB4FC70
13807013C018E07013F018F818FCA27013FEA3D801E016FFEA0FFC487E487E487FA2B57E
A318FEA25E18FC6C5B18F891C75A6C4816F0D81FF84A13E06D4A13C06CB449B512806CD9
F00714006C90B65AC616F8013F15E0010F1580010102FCC7FCD9001F13C0384F7ACD45>
I<173F4D7E17FF5E5EA25E5E5E5EA25E93B5FC5D5DA25D5DED1FDFED3F9FED7F1FA215FE
EC01FCEC03F8EC07F0A2EC0FE0EC1FC0EC3F80EC7F00A214FE495A495A495A5C130F495A
495A49C7FC13FEA2485A485A485A485AA2485A485A48C8FC12FEBA12F0A6C9003FEB8000
AE0207B712F0A63C4E7CCD45>I<D80380ED0380D807F0151F01FEEC01FFD9FFF0133F91
B7FC18005F5F5F5F5F5F5F4CC7FC5E16F016C04BC8FC15F001F0CAFCAA913807FFC0023F
13FC01F1B6FC01F315C090B712F0DAFC037FDAC0007F91C7EA3FFE496E7E491680496E13
C04916E06C5AC914F082A218F8A318FCA3EA07E0EA1FF8487E487EA2B5FCA318F8A3494A
13F0A26C5A4916E0D83FE04A13C013806C6C4A138001F04A13006C6C4A5A6CB401035B6C
D9E01F5B6C90B65A6C16C0013F92C7FC010F14FC010314E09026003FFEC8FC364F79CD45
>I<923807FF80037F13F00203B512FC021F14FF027F158091B5000113C001039039F800
3FE04901E0130F490180EB3FF04990C712FF49485B494815F849485B5A5C5A485BA2486F
13F05C486F13E0EF3F8094C7FC5AA25C5AA2ED3FF80281B57E028314E0B5008714F8028F
80DA9FC07F9139BF001FFF02FC6D13807013C04A6D13E04A15F018F84A7F18FCA24A15FE
A44A15FFA37EA67EA46C17FE80A26C17FCA26C4B13F8806C17F06C6D15E06C5D6E4913C0
D97FFE4913806D6C6CB512006D90B512FC01075D6D5D010015C0021F49C7FC020313E038
4F7ACD45>I<EF1FC04D7EA24D7EA24D7EA34C7FA24C7FA34C7FA24C80A34C80A24C80A2
17BF047F80171F04FF80A24C7E0301814C7E030381A24C7E0307814C7E030F82A24C7E03
1F824C7F033F825E84037F8293C77E4B825D840201834B800203835D02076F7FA292B9FC
4A84A24A84A3DA3FC0C86C7F4B81027F84A292C97E4A844A82010185A24A820103854A82
010785A24A82010F86496C82B600FC0207B712F8A65D537BD268>65
D<BA12E019FF1AE01AFC1AFF87D8000701F8C7000114E0DE003F7F737F737F737F858785
1C8085A21CC0A81C80611C00A24F5B61634F5B4F5B077F13C04EB55A060F49C7FC92B812
F81AC0A21AFC1AFF03F8C86C13C0071F13F007077F7313FE737F731480A27413C01CE0A2
7413F0A31CF886A662A21CF0A35013E0A297B512C0614F14804F14004F5B073F5B4EB55A
BC5A1BC06308FCC7FC1AE007FCC8FC55527CD162>I<932601FFFCEC03C0047FD9FFC013
070307B600F8130F033F03FE131F92B8EA803F0203EFC0FF020FDAF00113F1023F49C7EA
3FFB4A01F00207B5FC49B500C0804991C9FC4949824901F88249498249498249498290B5
488292CAFC4885485B86485B481A7FA24849183FA3485B1B1FA25AA24A95C7FCA3B5FCAE
7EA280A2F30FC07EA36C7FA21B1F6C6D1980A26C1A3F6C7F1C006C6D606C6E17FEA26D6D
4C5A6D6D4C5A6D6D16076D6D4C5A6D01FE4C5A6D6D4C5A6D02C0EDFF806D6C01F8020390
C7FC6E01FFEC1FFE020F02F0EBFFF8020391B65A020017C0033F93C8FC030715FCDB007F
14E0040101FCC9FC525478D263>I<BA12C019FEF1FFC01AF81AFE747ED8000701F8C700
0F14E0060080071F13FC07077F07017F7380747F081F7F8886747F747FA2747FA288861D
80A2871DC0A31DE0A4871DF0AF1DE063A41DC0A398B51280A31D0062646264505BA2505B
505B505B505B4FB5C7FC4F5B070F5B077F5B0607B512E0BC128098C8FC1AF81AE04FC9FC
19C05C527CD169>I<BC7EA487A2D8000701FCC71203F0003F1907851900747E1A3FA21A
1F1A0FA3747EA31A03187EA3871A01A306FE90C8FCA3170117031707173F92B6FCA69238
FC003F1707170317011700A2F31F80187EA2F33F00A595C85AA21B7EA21BFEA31A01631A
031A07A21A0F1A1F1A3FF2FFF81903190F4EB5FCBCFCA363A351517CD05A>I<BCFCA41B
80A2D8000701FCC71207F0007F190F1903857313C01A7FA21A3F1A1FA21A0F1BE0A31A07
A2187EA21BF01A03A397C7FC18FEA3170117031707173F92B6FCA69238FC003F17071703
17011700A3187EA795C9FCB2B812FCA64C517CD057>I<B812E0A6D8000701FCC7FCB3B3
B3B0B812E0A62B527CD134>73 D<B800E0027FB6FCA6D8000701FCCAD87FF8C7FC1CE0F3
FF805090C8FC505AF20FFC505AF23FE0505A505A070390C9FC4F5AF10FF84F5A4F5AF1FF
C04E5B4E90CAFCF007FC4E5AF03FF04E5A4E5A4D90CBFC4D5AEF0FFC171F4D7E4D7E94B5
7E0403805E4C804C804C8093B6FC03FD019F7F92B5000F7F04FC804C7E4C6C804C6C8004
C08193C7FC4B6E7F4B6E7F86727F84727F87728084728087737F85737F737F8785738073
8088738086747F88747F88B800E0011FB712C0A662527CD16C>75
D<B812FCA6D8000701FCCAFCB3B3A71A3FA41A7EA51AFEA3F101FCA31903A21907190F19
1FA2F13FF819FF601807181F4DB5FCBBFCA21AF0A448527CD153>I<B600FC070FB612C0
6F616F61A27060A2D800070BF8C7FC7018FBA202F76DEF01F3A202F36DEF03E3A202F16D
EF07C3A202F06DEF0F83A26F6CEF1F03A36F6C173EA26F6D167CA26F6D16F8A26F6DED01
F0A26F6DED03E0A36F6DED07C0A26F6DED0F80A2706CED1F00A2706C153EA2706D5CA370
6D5CA2706D495AA2706D495AA2706D495AA2706D495AA2716C49C7FCA3716C133EA2716D
5AA2716D5AA271EBE1F0A271EBF3E0A371EBFFC0A2715CA27290C8FCA2725AA2725A497E
B76C057FB712C0725AA2725AA2725A7A527CD183>I<B600FE043FB612E0818282A282D8
00076E92260003FEC7FC70705A8282A28202F78002F38002F18002F08083816F7F6F7F6F
7F6F8084816F806F80707F707F707F848270807080708070808583717F717F717F711480
7114C01AE0837114F07213F87213FC7213FE1AFF847214817214C17214E17214F17313F9
1BFD857313FF858585A2858586868686A2868686861B7FA2496C183FB76C161F1B0F1B07
1B031B01755A63527CD16C>I<BA7E19FCF1FF801AE01AF81AFED8000701F8C7001F7F06
0114C0726C7F737F737F85737FA2878587A31C80A91C00A3636163A24F5B4F5B4F5B4F5B
4EB55A061F91C7FC92B812FC621AC097C8FC19F003FCCCFCB3ACB812E0A651527CD15E>
80 D<B912FCF0FFE019FEF1FFC01AF01AFCD8000701F8C7003F13FF060380060080073F
7F737F737F87737FA2737FA388A899C8FCA263616361634F5B4F5B96B55A060391C9FC06
3F5B92B812F81AC097CAFC19FC19FF9226F8000180DD003F13E0060F7F727F727F86727F
A27280A2737FA587A587A575EB0780F50FC0A28773151FA2736D148075133FB800C06DEC
807F739138C1FF000701ECFFFE735D083F5C080714E0CE001F138062537CD167>82
D<91261FFF80130F91B500F85B010702FF5B011FEDC07F49EDF0FF90B712F948D9FC0190
B5FC489038E0000F48018013034848C8FC173F4848814981003F8283485A838312FFA284
7FA26D82A27F7F6E92C7FC14E06C13FCECFFC015FE6CECFFE016FF6C16E017F86C16FE6C
82846C17E06C836C837F011F826D82010382EB007F020F1680EC007F1503DB003F14C016
031600053F13E0838383127C00FC82A383A27E19C0A27EA26D4B1380A27F6D4B130001F8
5E6D150F01FF4B5A02C04A5A02F8ECFFF09126FFC0075B019F90B65A010F5ED8FE034BC7
FC48C66C5C48010F14E0489026007FFEC8FC3B5478D24C>I<001FBC12C0A5481BE09126
F0003F9038E0007F91C7160701FC1801498401E0193FA249191F49190FA248C8EF07F0A4
007E1A03A500FE1BF8481A01A4C994C7FCB3B3AA91B912F8A655517BD060>I<91383FFF
C00107B512FC011FECFF80017F15E090B77E48D9E0077F48D9800013FE486DEB3FFF8248
6D81707F8284A2707F6C5BA26C5BC648C7FC90C8FCA44BB5FC4AB6FC143F49B7FC130F01
3FEBFE0390B512E0000314004813FC4813F0485B485B5C4890C7FCA2B5FC5BA35EA27F6C
5D5E6E497F6C6D017E13FE6C6D4848EBFFF86C9026FC0FF814FC6C90B5487E0001EDC03F
6C6CEC800F011F9026FE000313F8010101E090C8FC3E387CB643>97
D<EB3FF8B5FCA61203C6FCB3A3EE7FF80307B57E031F14F0037F14FC02F9B67E02FB9038
807FFF9127FFFC001F13C003F001077F03C06D7F4B7F4AC780717F5C727EA285A2721380
A41AC0AD1A80A34E1300A36118FF61806E4A5B6F495B6F495B6F495BDAE7F8013F5B9126
C3FF01B5C7FC028190B512FCDA007F5C496D14E049010791C8FC90C813F042547CD24C>
I<913803FFF0023FEBFF8091B612E0010315F8010F81499038C01FFE903A7FFE0007FF49
48491380485B48494913C05C5A485BA2485B7013805A70130048ED01FC91CAFCA3B5FCAD
7E80A27EA2EF07E06C7F170F6C6D15C06C161F6E15806C6D143F6C6DEC7F006C6D14FE90
3A7FFF8003FC6D9038F01FF8010F90B55A6D5D01011580D9003F49C7FC020313E033387B
B63D>I<943801FFC00407B5FCA6EE001F1707B3A3913803FFC0023F13FC49B6FC010715
C74915F7013FD9E03FB5FC49EB0007D9FFFC130148496D7E484980484980484980A25A5C
5AA25A91C8FCA3B5FCAD7EA46C7FA27EA26C6D5CA26C6D5C6C5E6C6D49B5FC6C6D4914F0
D97FFE010FECFFC0903A3FFF807FEF6D90B512CF0107158F6DECFE0FD9007F13F0020701
8049C7FC42547BD24C>I<913803FFE0023F13FE91B612C0010381010F15F84901C07F90
3A7FFE001FFE49486D7E48496D138048496D13C0484915E048814A15F048815C48EE7FF8
A25A91C8FC18FC173FB5FCA391B7FCA418F891CAFCA57EA3807EA218786C6D15FC17016C
7F6CEE03F86C6D14076E15F06C6DEC1FE06C6C6C143F6D6C6CEBFFC06DD9F00713000107
90B55A010115F86D6C14E0021F1480020001F8C7FC36387CB63F>I<ED0FFF92B512C002
0714F0021F14F8027F14FC9139FFFC1FFE49EBF03F4901C013FF49495A491300495AA249
5AA2017FEC3FFE4AEB1FFCEE0FF8EE07F093C7FCADB712F0A626007FFCC8FCB3B3A5007F
B6FCA630547CD32A>I<91261FFF80EB3FC049B539F803FFE00107DAFE0F13F0011FDAFF
BF13F8017F92B512FC9026FFFC0314CF48D9F000EBFC1F4801C0013F130F4816FE4849D9
1FFF13F8F007F04890C76CEB81E0F08000A24883A86C5FA36C6D4990C7FCA26C6D495A6C
5E6C01F0EBFFF86CD9FC035B4890B65A1780D803E74AC8FC01E114F82607E01F138091CB
FC120FA37FA27F13FE90B712C06C16FCEFFF8018E06C17F8846C836C836D178048B912C0
12074818E04848C8FCD83FF8150F4848030313F01700485A187FA56D16FF007F18E06D5D
6C6C4B13C06C6C4B13806C6C6C021F13006C01F0ECFFFE6C01FF010F5BC691B612F0013F
16C0010F93C7FC010115F8D9000749C8FC3E4F7CB545>I<EB3FF8B5FCA61203C6FCB3A3
EE1FFE93B512E0030314F8030F804B8092393FE07FFF92267F001F7F15FCDAF9F86D7FEC
FBE014FF4B6D7F5D92C7FCA35CA35CB3ABB6D8FC07B612E0A643537BD24C>I<137F3801
FFC0487F487F487FA2487FA76C5BA26C5B6C5B6C5B6C6CC7FC90C8FCABEB1FF8B5FCA612
017EB3B3A4B612F0A61C547BD326>I<EB3FF8B5FCA61203C6FCB3A44CB512FEA6932600
1FFCC7FCEF3FF04D5A4D5A4C90C8FCEE07FE4C5A4C5AEE3FE0EEFFC04B5B4B48C9FCED0F
FC4B5A153F4B7E9138F9FFFE02FB7F91B67EA28383038F7F03077F14FE4A6C7F4A6C7F6F
7F707FA2707F707F707F707FA2707F707F707F717F8385B6D8F803B612C0A642537CD249
>107 D<EB3FF8B5FCA612017EB3B3B3AFB612F8A61D537BD226>I<D93FF8D90FFFED3FFC
B5027F01E049B57E0303B500F8010F14E04B02FE4914F8031F6E017F8092263FE03F9026
80FF807F4BC66C903AC1FC007FFF000302FC6DD9C3F07FC6D9F9F86DD9E7E06D7FDAFBF0
EDEFC04B5EDAFFC06D01FFC76C7F4B5DA292C75CA24A5EA34A5EB3ABB6D8FC03B6D8F00F
B612C0A66A367BB573>I<D93FF8EB1FFEB591B512E0030314F8030F804B8092393FE07F
FF92267F001F7F000314FCC6D9F9F86D7FECFBE014FF4B6D7F5D92C7FCA35CA35CB3ABB6
D8FC07B612E0A643367BB54C>I<EDFFF0021FEBFF80027F14E00103B612FC4981011F90
39C03FFF8090273FFE00077FD97FF801017F49486D7F48496E7E488348496E7E48834A80
481880A24818C091C87EA24818E0A4B517F0AB6C18E0A46C18C06E5CA26C1880A26C6D4A
13006C5F6E147F6C5F6C6D4A5A6C01FC01035B6D6C495B90271FFFC03F13806D90B6C7FC
010315FC010015F0021F1480020101F8C8FC3C387CB645>I<D93FF8EB7FF8B50107B57E
031F14F0037F14FC02F9B67E02FB01807F9127FFFC003F13C0000102F0010F7F6C02C06D
7F5D4AC76C7F717F5C717FA285841A80A47213C0AD4E1380A31A0095B5FCA2615F616E5C
6E5E6F495B6F495B6F495B03F8017F5BDBFF01B5C7FC02FD90B512FCDAFC7F5C6F14E003
0791C8FC030013F093CAFCB0B612FCA6424D7CB54C>I<90393FF001FFB5010F13E04B13
F84B7F4B7F9238FF1FFFECF1FC00039026F3F03F1380C6EBF7E015C0ECFF80A215007013
005C705AEE03F84A90C8FCA45CB3A9B612FEA631367CB539>114
D<903A01FFF00780011FEBFF1F90B7FC5A120748EB001FD81FF8130701E0130148487F00
7F157F49143FA200FF151FA27FA27F01F891C7FC13FF14F06CEBFFC015FE6F7E6C15E06C
15F86C816C816C816C16806C6C15C0011F15E01303D9001F14F01400030713F81501007C
EC007F00FC153F161F7E160F7EA26D15F0A26D141F6D15E06D143F6DEC7FC001FE903801
FF809026FFC00F130091B55A01BF5CD8FE1F14F0D8FC0714C027F0007FFCC7FC2D387CB6
36>I<143FA65CA45CA25BA35B5BA25B5B5B90B5FC5A000F91B5FCB8FCA5D8003F90C8FC
B3A8EE07E0AB6DEC0FC01580161F6D01C01380163F6D9038F07F006DEBFFFE6D5C6D6C5B
021F13E0020313802B4D7ECB35>I<D91FFCEDFFE0B50207B5FCA60003ED001FC61607B3
AD5FA35FA25F017F5D6E91B5FC013FDA01FB13F86ED907F3EBFFE06D9038C01FE36D90B5
12C36D15830101ECFE036D6C13F8020701C0EC800043377BB54C>I<B6D8F07FB5D8E001
B512F0A6000101FCC7D87FF8C73807F8006C745A7214076E143F017F626E6E6C140F6D62
4D6C141F6D6D605F6F6F133F6D97C7FC6F90B56C5B6D197E5E03F001F96D13FE6D02035E
03F8EDF0016D03F05D160703FC9039E07FF8036D020F5E03FEEDFC07027FDAC03F5C041F
14FE03FFD9801F130F6E013F5E04BFECFF1F6E4A6C5C04FF159F4C6D13BF6E95C8FC4C6D
13FF6E5FA24C7F6E5F4C7F6E5FA24C147F6E5F4C143F037F5EA26F486E5A6FC86C5A5C35
7DB463>119 D<007FB500F8013FB51280A6D8003F0180D907FEC7FC6D6D6D5A6D6D495A
6D6D495A6D4B5A6D6D495A6F495A6D6D49C8FC6E6C485A6E13816EEB83FC6EEBC7F8EEEF
F06EEBFFE06E5C6E5C6E91C9FC81A26F7F6F7F6F7F5D4B7F4B7F92B57E834A486C7E4A48
7EDA07F8804A486C7F4A486C7F4A486C7F4A486C7F82DAFF008049486D7F49486E7E4948
6E7F49486E7F013F81B691B612F0A644357EB449>I<B600F80107B512C0A6C649C8383F
E000017FEE1F806E153FA26D6D4AC7FCA26D6D147E18FE6D6D5C17016D5E6F13036D5E6F
13076D5E6F130F6D5E6F131FA26E6C495AA26E018090C8FC5F6E147EEEC0FE6E5C16E16E
5C16F36E5C16FFA26E5CA26E5CA26F5BA26F90C9FCA26F5AA26F5AA26F5AA35EA25E150F
5E151FD81FE05C486C133F486C91CAFC5D486C137E15FE4A5AA24A5A49485A007F495A90
38F03FC06C48B45A90B5CBFC6C5B000713F86C13E0C66CCCFC424D7DB449>I
E /Fg 77 127 df<121C127FEAFF80B1EA7F00AF123EC7FCA8121C127FA2EAFF80A3EA7F
00A2121C09346FB32C>33 D<003C131E007F137F481480A66C1400A6007E7FA6003E133E
A3003C131E001C131C191977B32C>I<010F133C90381F807EA8013F13FE4A5AA4007FB6
12F0B712F8A4003F15F03A007E01F800A5EBFE0301FC5BA6003FB612F0B712F8A46C15F0
3A01F807E000A30003130F01F05BA86C486C5A25337DB22C>I<EA0F80EA1FC0EA3FE013
F0A213F8A2121F120F1200A4120113F0A2120313E01207EA0FC0121FEA3F80EA7F0012FE
5A5A12700D1B71B22C>39 D<143814FC13011303EB07F8EB0FF0EB1FC0EB3F80EB7F0013
FE485A485A5B12075B120F5B485AA2123F90C7FCA25A127EA312FE5AAC7E127EA3127F7E
A27F121FA26C7E7F12077F12037F6C7E6C7E137FEB3F80EB1FC0EB0FF0EB07F8EB03FC13
0113001438164272B92C>I<127012FC7E7E6C7E6C7EEA0FE06C7E6C7E6C7E6C7E137F7F
1480131F14C0130FEB07E0A214F01303A214F81301A314FC1300AC130114F8A3130314F0
A2130714E0A2EB0FC0131F1480133F14005B13FE485A485A485A485AEA3FC0485A48C7FC
5A5A1270164279B92C>I<EB0380497EA60020140800F8143E00FE14FE00FF13C1EBC7C7
EBE7CF003FB512F8000F14E0000314806C140038007FFCA248B5FC481480000F14E0003F
14F839FFE7CFFEEBC7C7EB07C100FE13C000F8143E0020140800001400A66D5A1F247AAA
2C>I<147814FCAF007FB612F0B712F8A46C15F0C700FCC7FCAF147825267DAB2C>I<EA0F
80EA1FE0EA3FF0EA7FF8A213FCA3123F121F120F120013F8A21201EA03F01207EA1FE0EA
7FC0EAFF80130012FC12700E17718A2C>I<007FB6FCB71280A46C150021067B9B2C>I<12
1FEA3F80EA7FC0EAFFE0A5EA7FC0EA3F80EA1F000B0B708A2C>I<1507ED0F80151FA215
3F16005D157E15FE5D14015D14035DA214075D140F5D141F5D143F92C7FC5C147E14FE5C
A213015C13035C13075C130F5C131F5CA2133F91C8FC5B137E13FE5B12015B12035B1207
5BA2120F5B121F5B123F90C9FC5A127E12FE5AA25A127821417BB92C>I<EB03F8EB0FFE
90383FFF80497F90B57E3901FE0FF03903F803F848486C7EEBE0004848137EA248487FA2
48C7EA1F80A2003E140F007E15C0A3007C140700FC15E0AC6C140F007E15C0A46CEC1F80
A36C6CEB3F00A26C6C137E6D13FE00075CEBF0016C6C485A3901FE0FF06CB55A6D5B6D5B
D90FFEC7FCEB03F823357CB32C>I<1307497EA2131FA2133F137F13FF5A1207127FB5FC
13DF139FEA7C1F1200B3AE007FB512E0B612F0A36C14E01C3477B32C>I<EB0FF890387F
FF8048B512E00007804814FC391FF80FFE393FE001FF903880007F48C7EA3F80007E141F
00FE15C0150F6C15E01507A3127E123CC8FCA2150F16C0151F1680153F16005D15FE4A5A
14034A5A4A5A4A5A4A5AECFF804948C7FC495A495A495AEB3FE0EB7F8049C8FC485A4848
EB03C04848EB07E0EA1FE0485A48B6FCB7FCA36C15C023347CB32C>I<EB0FFC90387FFF
8048B512E0000714F84880391FF807FEEBC0004848137F6D7F1680151FA26C5A6CC7FCC8
FC153F16005D15FE14014A5AEC1FF890381FFFF0495BA215F86D7F90380007FEEC00FF81
ED3F80ED1FC0150FA216E01507A2123C127EB4FC150F16C0A248141F007FEC3F806DEB7F
006C6C5B391FF807FE6CB55A6C5C6C14E0C66C1380D90FFCC7FC23357CB32C>I<EC07F0
4A7E141F143FA2147EA214FCEB01F8A2EB03F0EB07E0A2EB0FC0EB1F80A2EB3F00137EA2
5B485AA2485A5B1207485AA2485A48C7FCA2127E5AB712FC16FEA36C15FCC8EAF800AA91
387FFFF091B512F8A36E13F027347EB32C>I<000FB512FE4880A35D0180C8FCADEB83FE
90389FFF8090B512E015F8819038FE03FE9038F000FF01C07F49EB3F8090C7121F6C15C0
C8120FA2ED07E0A4123C127EB4FC150F16C0A248141F007EEC3F80007FEC7F006C6C5B6D
485A391FF80FFC6CB55A6C5C000114C06C6C90C7FCEB0FF823347CB22C>I<EC3FC09038
01FFF801077F011F7F497F90387FE07F9039FF003F804848137FEA03F8485A5B000FEC3F
004848131E4990C7FC123F90C9FCA25A127EEB03FE90381FFF80D8FC7F13E000FDB57EB6
7E9038FE07FC9038F001FE9038C0007F49EB3F8090C7121F16C048140F16E01507A3127E
A47E150F6D14C0001F141F6D1480000F143F6DEB7F003907F801FE3903FE07FC6CB55A6C
5C6D5B011F1380D907FCC7FC23357CB32C>I<1278B712C016E0A316C000FCC7EA3F80ED
7F0015FE00785CC712014A5A4A5A5D140F5D4A5A143F92C7FC5C147E14FE5C13015CA249
5AA213075CA3495AA4495AA5133F91C8FCAA131E23357CB32C>I<EB07FC90383FFF8090
B512E0000314F84880390FFC07FE391FF001FF9038C0007F4848EB3F8090C7121F4815C0
007E140FA56CEC1F80A26C6CEB3F006D5B390FF001FE3903FC07F86CB55A6C6C13C0D907
FCC7FC90387FFFC048B512F03903FC07F8390FF001FE391FC0007F497F48C7EA1F80007E
EC0FC0A248EC07E0A7007EEC0FC0A2007F141F6C6CEB3F806C6CEB7F009038F001FF390F
FC07FE6CB55A6C5CC614E0013F1380D907FCC7FC23357CB32C>I<EB07FCEB3FFF90B512
C0488048803907FC07F8390FF001FC48486C7ED83F80137E157F48C77E007EEC1F8012FE
5AED0FC0A416E0A37E127E007F141F7E6D133F6C6C137F390FF001FF3807FC0F6CB6FC6C
14F76C14C7013F130FD90FF813C090C7FCA2151F1680153F1600000F5C486C137E486C13
FE4A5A4A5A14079038801FF0391FE07FE090B55A6C91C7FC6C5B000113F838007FC02335
7CB32C>I<121FEA3F80EA7FC0EAFFE0A5EA7FC0EA3F80EA1F00C7FCAE121FEA3F80EA7F
C0EAFFE0A5EA7FC0EA3F80EA1F000B2470A32C>I<EA0F80EA1FC0EA3FE0EA7FF0A5EA3F
E0EA1FC0EA0F80C7FCAEEA0F80EA1FC0EA3FE0127F13F0A4123F121F120F1201120313E0
1207EA0FC0A2EA3F80EA7F005A5A12F812700C3071A32C>I<1507ED1F80153F15FF1403
4A1300EC1FFC4A5AECFFE0491380010790C7FCEB0FFCEB3FF8EB7FE048485A4890C8FCEA
0FFEEA1FF8EA7FF0EAFFC05BA27FEA7FF0EA1FF8EA0FFEEA03FF6C13C06C6C7EEB3FF8EB
0FFC6DB4FC01017F6D13E0EC3FF86E7EEC07FF6E13801400153F151FED0700212A7BAD2C
>I<003FB612E04815F0B712F8A36C15F0CAFCA8007FB612F0B712F8A36C15F06C15E025
147DA22C>I<127012FC7E6C7E13E06C7EEA1FFC6C7E3803FF80C67FEB7FF0EB1FF8EB0F
FEEB03FF6D13C06D6C7EEC3FF8EC0FFC6EB4FC0201138080A25C02071300EC0FFCEC3FF8
EC7FE049485A4990C7FCEB0FFEEB1FF8EB7FF0EBFFC000035BD80FFEC8FC485AEA7FF048
5A138048C9FC5A1270212A7BAD2C>I<EC7F80903803FFE0010F7F013F7F497F9038FFC0
FE3901FE007FD803F87F4848EB1F809038E00FCF390FC03FFF48484813C091B5FCEA3F01
393E03F87F903907F03FE0007EEBE01F397C0FC00FEC8007A2EAFC1F00F8EB0003A900FC
EB8007D87C0F14C0A2ECC00F3A7E07E01F80003EEBF03F903903F87F00393F01FFFED81F
805B6E5A6C6C6C5A3907E00FC09039F00007C06C6CEB0FE0D801FE131F3900FFC0FF6DB5
12C06D1480010FEBFE00010313F89038007FC023337CB22C>64 D<14FE497EA4497FA214
EFA2130781A214C7A2010F7FA314C390381F83F0A590383F01F8A490387E00FCA549137E
90B512FEA34880A29038F8003FA34848EB1F80A4000715C049130FD87FFEEBFFFC6D5AB5
14FE6C15FC497E27347EB32C>I<02FF13700107EBE0F84913F9013F13FD4913FFEBFF81
3901FE007F4848131FD807F0130F1507485A491303485A150148C7FCA25A007EEC00F016
00A212FE5AAB7E127EA3007F15F06CEC01F8A26C7EA26C6C13036D14F06C6C130716E0D8
03FC131F6C6CEB3FC03A00FF81FF806DB512006D5B010F5B6D13F00100138025357DB32C
>67 D<007FB5FCB612C015F0816C803907E003FEEC00FFED7F80153FED1FC0ED0FE0A215
0716F0150316F81501A4ED00FCACED01F8A3150316F0A2150716E0150FED1FC0153FED7F
80EDFF00EC03FE007FB55AB65A5D15C06C91C7FC26337EB22C>I<007FB612F0B712F8A3
7E3903F00001A7ED00F01600A4EC01E04A7EA490B5FCA5EBF003A46E5A91C8FCA5163C16
7EA8007FB612FEB7FCA36C15FC27337EB22C>I<007FB612F8B712FCA37ED803F0C7FCA7
16781600A515F04A7EA490B5FCA5EBF001A46E5A92C7FCAD387FFFE0B5FC805C7E26337E
B22C>I<903901FC038090390FFF87C04913EF017F13FF90B6FC4813073803FC01497E48
48137F4848133F49131F121F5B003F140F90C7FCA2127EED078092C7FCA212FE5AA89138
03FFF84A13FCA27E007E6D13F89138000FC0A36C141FA27F121F6D133F120F6D137F6C7E
6C6C13FF6D5A3801FF076C90B5FC6D13EF011F13CF6DEB0780D901FCC7FC26357DB32C>
I<D87FFEEBFFFCB54813FEA36C486C13FCD807E0EB0FC0B190B6FCA59038E0000FB3D87F
FEEBFFFCB54813FEA36C486C13FC27337EB22C>I<007FB512F8B612FCA36C14F839000F
C000B3B3A5007FB512F8B612FCA36C14F81E3379B22C>I<D87FFCEB7FF8486CEBFFFCA3
6C48EB7FF8D807C0EB1F80153FED7F00157E5D4A5A14034A5A5D4A5A4A5A143F4AC7FC14
7E5CEBC1F813C3EBC7FCA2EBCFFEEBDFBEEBFFBF141F01FE7F496C7E13F86E7EEBF00301
E07FEBC001816E7EA2157E153E153F811680ED0FC0A2ED07E0D87FFCEB1FFC486CEB3FFE
A36C48EB1FFC27337EB22C>75 D<387FFFE0B57EA36C5BD803F0C8FCB3AE16F0ED01F8A8
007FB6FCB7FCA36C15F025337DB22C>I<D87FE0EB0FFC486CEB1FFEA26D133F007F15FC
000F15E001BC137BA4019E13F3A3EB9F01A2018F13E3A21483A2018713C314C7A2018313
83A214EFA201811303A214FFEB80FEA3147C14381400ACD87FF0EB1FFC486CEB3FFEA36C
48EB1FFC27337EB22C>I<D87FF0EB7FFC486CEBFFFEA27F007FEC7FFCD807FEEB07C013
DEA213DF13CFA2148013C714C0A213C314E0A213C114F0A213C014F8A2147CA3143EA214
1E141FA2140F1587A2140715C7A2140315E71401A215F71400A215FFD87FFC137F487E15
3FA26C48EB1F8027337EB22C>I<EB7FFF0003B512E0000F14F848804880EBE003EB8000
48C7127FA2007E80A300FE158048141FB3A86C143FA2007E1500A3007F5CA26C6C13FEEB
F00790B5FC6C5C6C5C000314E0C66C90C7FC21357BB32C>I<007FB512C0B612F88115FF
6C15802603F00013C0153FED0FE0ED07F0A2150316F81501A6150316F01507A2ED0FE0ED
3FC015FF90B61280160015FC5D15C001F0C8FCB0387FFF80B57EA36C5B25337EB22C>I<
387FFFFCB67E15E015F86C803907E007FE1401EC007F6F7E151FA26F7EA64B5AA2153F4B
C7FCEC01FE140790B55A5D15E081819038E007FCEC01FE1400157F81A8160FEE1F80A5D8
7FFEEB1FBFB5ECFF00815E6C486D5AC8EA01F029347EB22C>82 D<90381FF80790B5EA0F
804814CF000714FF5A381FF01F383FC003497E48C7FC007E147F00FE143F5A151FA46CEC
0F00007E91C7FC127F7FEA3FE0EA1FFCEBFFC06C13FC0003EBFFC06C14F06C6C7F01077F
9038007FFEEC07FF02001380153FED1FC0A2ED0FE0A20078140712FCA56CEC0FC0A26CEC
1F806D133F01E0EB7F009038FE01FF90B55A5D00F914F0D8F83F13C0D8700790C7FC2335
7CB32C>I<007FB612FCB712FEA43AFC007E007EA70078153CC71400B3AF90383FFFFCA2
497F6D5BA227337EB22C>I<3B7FFF803FFFC0B56C4813E0A36C496C13C03B03F00001F8
00B3AF6D130300015DA26D130700005D6D130F017F495A6D6C485AECE0FF6DB5C7FC6D5B
010313F86D5B9038003F802B3480B22C>I<D87FFCEB7FFC486CEBFFFEA36C48EB7FFCD8
0FC0EB07E06D130F000715C0A36D131F00031580A36D133F00011500A36D5B0000147EA4
017E5BA46D485AA490381F83F0A4010F5B14C7A301075BA214EFA201035BA214FFA26D90
C7FCA46D5A27347EB22C>I<D87FFCEB7FFC486CEBFFFEA36C48EB7FFCD807F0EB0FC015
1F000315806D133F12016DEB7F0012006D137E017E13FE017F5BEB3F01EC81F8131FEC83
F0EB0FC314C7903807E7E0A201035B14EF6DB45AA292C7FC7F5C147EB0903807FFE0497F
A36D5B27337EB22C>89 D<127812F87EA27E127E127F7E7F121F7F120F7F1207A27F1203
7F12017F12007F137E137F7F80131FA280130F801307801303801301801300A280147E14
7F8081141F81140F811407811403A281140181140081157E157F811680151FA2150FED07
0021417BB92C>92 D<130EEB3F80EBFFE0000313F8000F13FE487FD87FF113C0D8FFE013
E0EB803F38FE000F007CEB07C00030EB01801B0C78B22C>94 D<3801FFF0000713FE001F
6D7E15E048809038C01FF81407EC01FC381F80000006C77EC8127EA3ECFFFE131F90B5FC
1203120F48EB807E383FF800EA7FC090C7FC12FE5AA47E007F14FEEB8003383FE01F6CB6
12FC6C15FE6C14BF0001EBFE1F3A003FF007FC27247CA32C>97 D<EA7FF0487EA3127F12
01AAEC1FE0ECFFF801FB13FE90B6FC16809138F07FC09138801FE091380007F049EB03F8
5BED01FC491300A216FE167EA816FE6D14FCA2ED01F86D13036DEB07F0150F9138801FE0
9138E07FC091B51280160001FB5B01F813F83900F03FC027337FB22C>I<903803FFE001
1F13F8017F13FE48B5FC48804848C6FCEA0FF0485A49137E4848131890C9FC5A127EA25A
A8127EA2127F6C140F6DEB1F806C7E6D133F6C6CEB7F003907FE03FF6CB55A6C5C6C6C5B
011F13E0010390C7FC21247AA32C>I<EC0FFE4A7EA380EC003FAAEB07F8EB3FFE90B512
BF4814FF5A3807FC0F380FF00348487E497E48487F90C7FC007E80A212FE5AA87E007E5C
A2007F5C6C7E5C6C6C5A380FF0073807FC1F6CB612FC6CECBFFE6C143FEB3FFC90390FF0
1FFC27337DB22C>I<EB03FE90381FFFC0017F13F048B57E48803907FE03FE390FF800FF
D81FE0EB3F805B4848EB1FC090C7120F5A007E15E015075AB7FCA416C000FCC9FC7E127E
A2127F6CEC03C06DEB07E06C7ED80FF0130F6C6CEB3FC001FF13FF000190B512806C1500
013F13FC010F13F00101138023247CA32C>I<EC0FF8EC3FFE91B5FC4914805B903807FC
7F14F090390FE03F0014C092C7FCA6007FB512FEB7FCA36C5C26000FC0C7FCB3A8003FB5
12F04880A36C5C21337DB22C>I<ED03F8903907F80FFC90391FFE3FFE017FB6FC48B7FC
48ECFE7F9038FC0FF82607F003133E3A0FE001FC1CD9C0001300001F8049137EA66D13FE
000F5CEBE0016C6C485A3903FC0FF048B5FC5D481480D99FFEC7FCEB87F80180C8FCA37F
6C7E90B512F06C14FE48ECFF804815E04815F03A3FC0001FF848C7EA03FC007E1400007C
157C00FC157E48153EA46C157E007E15FCD87F801303D83FE0EB0FF8D81FFCEB7FF06CB6
12E0000315806C1500D8003F13F8010713C028387EA42C>I<EA7FF0487EA3127F1201AA
EC1FE0EC7FFC9038F9FFFE01FB7F90B6FC9138F03F80ECC01F02807FEC000F5B5BA25BB3
267FFFE0B5FCB500F11480A36C01E0140029337FB22C>I<1307EB1FC0A2497EA36D5AA2
0107C7FC90C8FCA7387FFFC080B5FC7EA2EA0007B3A8007FB512FCB612FEA36C14FC1F34
79B32C>I<140EEC3F80A2EC7FC0A3EC3F80A2EC0E0091C7FCA748B512804814C0A37EC7
120FB3B3A2141F003C1480007E133FB414005CEB01FEEBFFFC6C5B5C001F5B000790C7FC
1A467CB32C>I<EA7FE0487EA3127F1201AA91381FFFF04A13F8A36E13F0913800FE004A
5A4A5A4A5A4A5A4A5A4A5A4AC7FC14FEEBF1FC13F3EBF7FE90B5FCA2EC9F80EC0FC001FE
7FEBFC07496C7E496C7E811400157E811680151F3A7FFFC0FFFCB500E113FEA36C01C013
FC27337EB22C>I<387FFFE0B57EA37EEA0003B3B3A5007FB61280B712C0A36C15802233
7BB22C>I<3A7F83F007E09039CFFC1FF83AFFDFFE3FFCD87FFF13FF91B57E3A07FE1FFC
3E01FCEBF83F496C487E01F013E001E013C0A301C01380B33B7FFC3FF87FF0027F13FFD8
FFFE6D13F8D87FFC4913F0023F137F2D2481A32C>I<397FF01FE039FFF87FFC9038F9FF
FE01FB7F6CB6FC00019038F03F80ECC01F02807FEC000F5B5BA25BB3267FFFE0B5FCB500
F11480A36C01E0140029247FA32C>I<EB07FCEB1FFF017F13C048B512F048803907FC07
FC390FF001FE48486C7E0180133F003F158090C7121F007EEC0FC0A348EC07E0A76C140F
007E15C0A2007F141F6C15806D133F6C6CEB7F006D5B6C6C485A3907FC07FC6CB55A6C5C
6C6C13C0011F90C7FCEB07FC23247CA32C>I<397FF01FE039FFF8FFF801FB13FE90B6FC
6C158000019038F07FC09138801FE091380007F049EB03F85BED01FC491300A216FE167E
A816FE6D14FCA2ED01F86D13036DEB07F0150F9138801FE09138E07FC091B51280160001
FB5B01F813F8EC3FC091C8FCAD387FFFE0B57EA36C5B27367FA32C>I<903903FC078090
391FFF0FC0017F13CF48B512EF4814FF3807FE07380FF00148487E49137F4848133F90C7
FC48141F127E150F5AA87E007E141FA26C143F7F6C6C137F6D13FF380FF0033807FC0F6C
B6FC6C14EF6C6C138F6D130FEB07F890C7FCAD0203B5FC4A1480A36E140029367DA32C>
I<D87FFEEB3FC0B53801FFF0020713F8021F13FC6C5B39003F7FE1ECFF019138FC00F84A
13704A13005CA25C5CA391C8FCAF007FB512E0B67EA36C5C26247EA32C>I<90387FF870
0003B512F8120F5A5A387FC00F387E00034813015AA36CEB00F0007F140013F0383FFFC0
6C13FE6CEBFF80000314E0C66C13F8010113FCEB0007EC00FE0078147F00FC143F151F7E
A26C143F6D133E6D13FE9038F007FC90B5FC15F815E000F8148039701FFC0020247AA32C
>I<131E133FA9007FB6FCB71280A36C1500D8003FC8FCB1ED03C0ED07E0A5EC800F011F
EB1FC0ECE07F6DB51280160001035B6D13F89038003FE0232E7EAD2C>I<3A7FF003FF80
486C487FA3007F7F0001EB000FB3A3151FA2153F6D137F3900FE03FF90B7FC6D15807F6D
13CF902603FE07130029247FA32C>I<3A7FFF01FFFCB514FE148314016C15FC3A03E000
0F80A26D131F00011500A26D5B0000143EA26D137E017C137CA2017E13FC013E5BA2EB3F
01011F5BA21483010F5BA214C701075BA214EF01035BA214FF6D90C7FCA26D5A147C2724
7EA32C>I<D87FFFEB7FFF6EB5FCB515806C16004A7ED807C0EB01F0A66C6C495AA3143E
147FA2D801F0495AECFF87A214F7A201F113C700005D9038F9E3CFA201FB13EFA3D97BC1
90C7FC017F13FFA21480A2013F5B90381F007C29247FA32C>I<3A3FFF03FFF048018713
F8A36C010313F03A00FC007E005D90387E01F8013F5BEB1F83EC87E090380FCFC0903807
EF80EB03FF6D90C7FC5C6D5A147C14FE130180903803EF80903807CFC0EB0FC7EC83E090
381F01F0013F7FEB7E00017C137C49137E0001803A7FFF01FFFC1483B514FE6C15FC1401
27247EA32C>I<3A7FFF01FFFCB5008113FE148314816C010113FC3A03E0000F806C7E15
1F6D140012005D6D133E137C017E137E013E137CA2013F13FC6D5BA2EB0F815DA2EB07C1
ECC3E0A2EB03E3ECE7C0130114F75DEB00FFA292C7FC80A2143EA2147E147CA214FC5CA2
EA0C01003F5BEA7F83EB87E0EA7E0F495A387FFF806C90C8FC6C5A6C5AEA07E027367EA3
2C>I<003FB612E04815F0A4007EC7EA1FE0ED3FC0ED7F80EDFF004A5A003C495AC7485A
4A5A4A5A4A5A4A5A4AC7FCEB01FC495AEB0FF0495A495A495A49C8FC4848EB01E04848EB
03F0485A485A485A485A485AB7FCA46C15E024247DA32C>I<01F81370D803FE13F8380F
FF0148138748EBCFF0397F9FFFE0D8FF0F13C0D8FC07138039F803FE00387000F81D0A79
B22C>126 D E /Fh 37 123 df<EC1FE0ECFFFC903803F01E90390FC00780EB1F809039
3F000FC0017E131F5BA2485AED0F8092C7FCA9ED0FC0B7FCA33901F8001F150FB3A6486C
EB1FE0267FFFC1B5FCA328357FB42B>12 D<14C01301EB0380EB0F00130E5B133C5B5BA2
485A485AA212075B120F90C7FC5AA2121E123EA3123C127CA55AB0127CA5123C123EA312
1E121FA27E7F12077F1203A26C7E6C7EA213787F131C7F130FEB0380EB01C01300124A79
B71E>40 D<12C07E1270123C121C7E120F6C7E6C7EA26C7E6C7EA27F1378137C133C133E
A2131E131FA37F1480A5EB07C0B0EB0F80A514005BA3131E133EA2133C137C137813F85B
A2485A485AA2485A48C7FC120E5A123C12705A5A124A7CB71E>I<123C127EB4FCA21380
A2127F123D1201A412031300A25A1206120E120C121C5A5A126009177A8715>44
D<B512F0A514057F921A>I<123C127E12FFA4127E123C08087A8715>I<15E0A34A7EA24A
7EA34A7EA3EC0DFE140CA2EC187FA34A6C7EA202707FEC601FA202E07FECC00FA2D90180
7F1507A249486C7EA301066D7EA2010E80010FB5FCA249800118C77EA24981163FA2496E
7EA3496E7EA20001821607487ED81FF04A7ED8FFFE49B512E0A333367DB53A>65
D<B512FEA3000113006C5AB3B3A7487EB512FEA317337EB21C>73
D<B500FE903807FFF8A3000190C7000113006C48EC00FC17F04C5A4C5A4CC7FC160E5E5E
5E5E4B5A4B5A4BC8FC150E5D5D15F84A7E14034A7EEC0EFF5C4A6C7E4A6C7EECE01FD9FF
C07F4A6C7E4A6C7E5B6F7E6F7EA26F7E707EA2707E707E160F83707E707EA283486C9138
07FF80B500FE013F13FCA336337EB23C>75 D<D8FFFC923801FFF86D5DA20003EFFE00D8
01BFED06FCA3D99F80140CA2D98FC01418A3D987E01430A2D983F01460A3D981F814C0A3
D980FCEB0180A2027EEB0300A36E1306A26E6C5AA36E6C5AA36E6C5AA26E6C5AA36E6C5A
A3913800FD80A2037FC7FCA3486C133ED80FF04B7EB5011C90387FFFF8A33D337CB246>
77 D<B612FEEDFFC016F03A03FC0007FC0001EC00FE167FEE3F80EE1FC017E0160FA217
F0A617E0A2EE1FC0A2EE3F80EE7F0016FEED07F890B65A168001FCC9FCB3A2487EB512F8
A32C337DB234>80 D<90381FE00390387FFC0748B5FC3907F01FCF390F8003FF48C7FC00
3E80814880A200788000F880A46C80A27E92C7FC127F13C0EA3FF013FF6C13F06C13FF6C
14C06C14F0C680013F7F01037F9038003FFF140302001380157F153FED1FC0150F12C0A2
1507A37EA26CEC0F80A26C15006C5C6C143E6C147E01C05B39F1FC03F800E0B512E0011F
138026C003FEC7FC22377CB42B>83 D<007FB712FEA390398007F001D87C00EC003E0078
161E0070160EA20060160600E01607A3481603A6C71500B3AB4A7E011FB512FCA330337D
B237>I<EB7F803803FFF0380F80FC381C003E003F133F6D6C7E6E7EA26E7EEA1F00C7FC
A4EB01FF131FEBFF873803FC07EA0FF0EA1FC0EA3F80127F13004815C05AA3140FA26C13
1F6C133B3A3F8071F180391FC1E1FF2607FFC013003900FE003C22237DA126>97
D<EA03F012FFA312071203AEEC3F80ECFFE09038F3C0F89038F7007E01FE7F49EB1F8049
EB0FC05BED07E016F0A2150316F8AA16F0150716E0A2ED0FC07F6DEB1F8001ECEB3F0001
CF137C90388381F8903801FFE0C76CC7FC25357EB32B>I<EB07F8EB3FFF9038FC07C039
01F000E03903E003F03807C007120FEA1F80123F90380003E04890C7FCA2127E12FEAA12
7FA26C14187F001F14386D1330000F14706C6C13E03903F001C03900FC0F8090383FFE00
EB07F01D237EA122>I<153FEC0FFFA3EC007F81AEEB07F0EB3FFCEBFC0F3901F003BF39
07E001FF48487E48487F8148C7FCA25A127E12FEAA127E127FA27E6C6C5BA26C6C5B6C6C
4813803A03F007BFFC3900F81E3FEB3FFCD90FE0130026357DB32B>I<EB0FE0EB7FFCEB
F83F3903F00F80D807E013C0390FC007E0381F800315F0EA3F0014014814F8127EA212FE
A2B6FCA248C8FCA5127E127FA26C1418A26C6C1338000F14306D13706C6C13E03901F003
C03900FC0F00EB3FFEEB07F01D237EA122>I<EB01FCEB07FF90381F078090383E0FC0EB
7C1F13FCEA01F8A20003EB070049C7FCACB512F0A3D803F0C7FCB3A7487E387FFFE0A31A
357FB417>I<151F90391FC07F809039FFF8E3C03901F07FC73907E03F033A0FC01F8380
9039800F8000001F80EB00074880A66C5CEB800F000F5CEBC01F6C6C48C7FCEBF07C380E
FFF8380C1FC0001CC9FCA3121EA2121F380FFFFEECFFC06C14F06C14FC4880381F000100
3EEB007F4880ED1F8048140FA56C141F007C15006C143E6C5C390FC001F83903F007E0C6
B51280D91FFCC7FC22337EA126>I<EA03F012FFA312071203AEEC1FC0EC7FF09038F1E0
FC9038F3807C9038F7007E13FE497FA25BA25BB3486CEB7F80B538C7FFFCA326347EB32B
>I<EA0780EA0FC0EA1FE0A4EA0FC0EA0780C7FCAAEA07E012FFA3120F1207B3A6EA0FF0
B5FCA310337EB215>I<EA03F012FFA312071203AF913803FFE0A36E1300EC00F8EC01E0
5D4A5A020FC7FC141C5C5C14F0EBF3F8EBF7FC13FEEBFC7EEBF87F496C7E141F6E7E8114
076E7E8114016E7E81486CEBFF80B500C313F0A324347EB329>107
D<EA07E012FFA3120F1207B3B3A7EA0FF0B5FCA310347EB315>I<2703F01FE013FF00FF
90267FF80313C0903BF1E07C0F03E0903BF3803E1C01F02807F7003F387FD803FE147049
6D486C7EA2495CA2495CB3486C496C487EB53BC7FFFE3FFFF0A33C217EA041>I<3903F0
1FC000FFEB7FF09038F1E0FC9038F3807C3907F7007EEA03FE497FA25BA25BB3486CEB7F
80B538C7FFFCA326217EA02B>I<EB07F0EB3FFE9038FC1F803901F007C03903C001E000
078048486C7E48C7127CA248147E003E143E007E143FA300FE1580A8007E1500A36C147E
A26C147C6D13FC6C6C485A00075C3903F007E03900FC1F80D93FFEC7FCEB07F021237EA1
26>I<3903F03F8000FFEBFFE09038F3C0F89038F7007ED807FE7F6C48EB1F804914C049
130F16E0ED07F0A3ED03F8A9150716F0A216E0150F16C06D131F6DEB3F80160001FF13FC
9038F381F89038F1FFE0D9F07FC7FC91C8FCAA487EB512C0A325307EA02B>I<903807F0
0390383FFC07EBFC0F3901F8038F3807E001000F14DF48486CB4FC497F123F90C77E5AA2
5A5AA9127FA36C6C5B121F6D5B000F5B3907E003BF3903F0073F3800F81EEB3FF8EB0FE0
90C7FCAAED7F8091380FFFFCA326307DA029>I<3803E07C38FFE1FF9038E38F809038E7
1FC0EA07EEEA03ECA29038FC0F8049C7FCA35BB2487EB512E0A31A217FA01E>I<EBFF06
000713CE381F00FE003C133E48131E140E5A1406A27EA200FE90C7FC6C7EEA7FFC383FFF
C014F0000F7F6C7FC67FEB0FFF1300EC3F8000C0131F140F6C1307A37E15006C5B6C130E
6C5B38F7807838E1FFE038C07F8019237EA11E>I<1330A51370A313F0A21201A2120312
07381FFFFEB5FCA23803F000AF1403A814073801F806A23800FC0EEB7E1CEB1FF8EB07E0
182F7FAD1E>I<D803F0133F00FFEB0FFFA30007EB007F000380B35DA35D12016D481380
0000903803BFFC90387E073FEB1FFED907F8130026227EA02B>I<B5EBFFF0A3D80FF0EB
3F800007EC1F000003140E150C6D131C00011418A26C6C5BA26D1370017E1360137F6D5B
A290381F8180A214C3010F90C7FCA2EB07E6A214FE6D5AA26D5AA36D5AA2146024217E9F
29>I<B53A1FFF81FFF0A33C07F801FC003F8001F049EB1E0000030100141C816C6C017C
1318A26D017E1338000002FE1330A290267E01FF5B159F168090263F030F5BA216C0903A
1F8607C180A202C613E390260FCC0390C7FCA2D907FC13F6ECF80116FE6D486C5AA36D48
1378A36D48133034217F9F37>I<3A7FFF807FF8A33A07F8001FC00003EC0F800001EC07
0015066C6C5BA26D131C017E1318A26D5BA2EC8070011F1360ECC0E0010F5BA2903807E1
80A214F3010390C7FC14FBEB01FEA26D5AA31478A21430A25CA214E05CA2495A1278D8FC
03C8FCA21306130EEA701CEA7838EA1FF0EA0FC025307F9F29>121
D<003FB512F0A2EB000F003C14E00038EB1FC00030EB3F800070137F1500006013FE495A
13035CC6485A495AA2495A495A49C7FC153013FE485A12035B48481370485A001F146049
13E0485A387F000348130F90B5FCA21C207E9F22>I E /Fi 7 117
df<ED1F80A24B7EA24B7EA34B7EA24A7FA34A7FA24A7F15CFA2020F7F1587021F801503
023F80EC3E01A2027E80EC7C0002FC804A137FA20101814A133F0103814A131FA249B67E
A24981A290271F8000077F91C77EA24982013E80017E82017C80A201FC8249157FB500F0
013FB512F0A43C347DB343>65 D<EB7FFE0003B512E04814F8390FF00FFC391FF803FF80
6E138016C0157F6C5A6C5AEA0180C8FCEC7FFF010FB5FC90B6FC0003EBF07F000F1300EA
1FF8485A485A485A5BA315FF7F007F5B6D4813E03A3FF80FBFFF000FB5121F0003EBFC0F
39007FE00728217EA02B>97 D<EA01FC12FFA4120F1207ADEC07FC91387FFF8001FDB512
E09039FFF00FF89138C007FC91380003FE496D7E496D1380A217C0167FA217E0A917C0A2
16FF1780A26D4913006D495A9138C007FC9039F3F01FF801E1B512E0D9C07F1380902680
0FF8C7FC2B347EB331>I<903807FF80013F13F090B512FC3903FE01FE4848487EEA0FF8
EA1FF0EA3FE0A2007F6D5A496C5A153000FF91C7FCA9127F7FA2003FEC07807F6C6C130F
000FEC1F00D807FE133E3903FF80FCC6EBFFF8013F13E0010790C7FC21217DA027>I<39
01F81F8000FFEB7FF0ECFFF89038F9E3FC9038FBC7FE380FFF876C1307A213FEEC03FCEC
01F8EC0060491300B1B512F0A41F217EA024>114 D<9038FFE1C0000713FF5A383F803F
387E000F14075A14037EA26C6CC7FC13FCEBFFE06C13FC806CEBFF80000F14C06C14E0C6
FC010F13F0EB007F140F00F0130714037EA26C14E06C13076CEB0FC09038C01F8090B512
0000F913FC38E03FE01C217DA023>I<133CA5137CA313FCA21201A212031207001FB512
80B6FCA3D807FCC7FCB0EC03C0A79038FE078012033901FF0F006C13FEEB3FFCEB0FF01A
2F7EAE22>I E /Fj 59 122 df<ED0FFF4AB512C0020F14F0027F80903A01FFF803FC49
9038C000FE010FEB00034948497E49485B5C495A4C138001FF6E13005CA3705AEE01F893
C8FCA74BB51280B9FCA5C69038E00003B3B0007FD9FFC1B6FCA538467EC53E>12
D<EC01E01403EC0FC0EC1F80EC3F00147E5C1301495A495A5C130F495A133F5C137F49C7
FCA2485AA2485AA212075BA2120F5BA2121FA25B123FA4485AA612FFA25BAE7FA2127FA6
6C7EA4121F7FA2120FA27F1207A27F1203A26C7EA26C7EA26D7E133F80131F6D7E130780
6D7E6D7E1300147E80EC1F80EC0FC0EC03E014011B6476CA2C>40
D<12F07E127E7E6C7E6C7E6C7E7F6C7E6C7E12007F137F80133F806D7EA26D7EA26D7EA2
801303A2801301A280A27F1580A4EC7FC0A615E0A2143FAE147FA215C0A6ECFF80A41500
5BA25CA213035CA213075CA2495AA2495AA2495A5C137F91C7FC13FE5B1201485A485A5B
485A485A48C8FC127E12F85A1B647ACA2C>I<EA07C0EA1FF0EA3FF8EA7FFCEAFFFEA7EA
7FFCEA3FF8EA1FF0EA07C00F0F788E1F>46 D<EE01C0EE03E01607A2160F17C0161F1780
A2163F17005E167EA216FE5E15015EA215035EA215075E150F5EA2151F5E153F93C7FCA2
5D157E15FE5DA214015D14035DA214075D140F5DA2141F5D143F92C8FCA25C147EA214FE
5C13015CA213035C13075CA2130F5C131F5CA2133F91C9FC5B137EA213FE5B12015BA212
035BA212075B120F5BA2121F5B123F90CAFCA25A127E12FE5AA25A12782B647ACA38>I<
EC3FF849B5FC010F14E0013F14F890397FF01FFC9039FFC007FE4890380001FF48486D13
80000716C049147F000F16E049143F001F16F0A2003F16F8A249141F007F16FCA600FF16
FEB3A3007F16FCA56C6CEC3FF8A3001F16F0A2000F16E06D147F000716C06D14FF6C6C49
13806C6D4813006C6D485A90397FF01FFC6DB55A010F14E0010314809026003FF8C7FC2F
427CC038>I<EC03C01407141F147FEB03FF133FB6FCA413C3EA0003B3B3ADB712FCA526
4177C038>I<ECFFE0010F13FE013F6D7E90B612E0000315F82607FC0313FE3A0FE0007F
FFD81F806D138048C7000F13C0488001C015E001F07F00FF6E13F07F17F881A46C5A6C5A
6C5AC9FC17F05DA217E05D17C04B13804B1300A2ED1FFC4B5A5E4B5A4B5A4A90C7FC4A5A
4A5AEC0FF04A5AEC3F804AC7127814FE495A494814F8D907E014F0495A495A49C8FC017C
140149140348B7FC4816E05A5A5A5A5AB8FC17C0A42D417BC038>I<ECFFF0010713FF01
1F14C0017F14F049C66C7ED803F8EB3FFED807E06D7E81D80FF86D138013FE001F16C07F
A66C5A6C4815806C485BC814005D5E4B5A4B5A4B5A4A5B020F1380902607FFFEC7FC15F8
15FF16C090C713F0ED3FFCED0FFEEEFF80816F13C017E0A26F13F0A217F8A3EA0FC0EA3F
F0487EA2487EA217F0A25D17E06C5A494913C05BD83F80491380D81FF0491300D80FFEEB
FFFE6CB612F800015D6C6C14C0011F49C7FC010113E02D427BC038>I<163FA25E5E5D5D
A25D5D5D5DA25D92B5FCEC01F7EC03E7140715C7EC0F87EC1F07143E147E147C14F8EB01
F0EB03E0130714C0EB0F80EB1F00133E5BA25B485A485A485A120F5B48C7FC123E5A12FC
B91280A5C8000F90C7FCAC027FB61280A531417DC038>I<0007150301E0143F01FFEB07
FF91B6FC5E5E5E5E5E16804BC7FC5D15E092C8FC01C0C9FCAAEC3FF001C1B5FC01C714C0
01DF14F09039FFE03FFC9138000FFE01FC6D7E01F06D13804915C0497F6C4815E0C8FC6F
13F0A317F8A4EA0F80EA3FE0487E12FF7FA317F05B5D6C4815E05B007EC74813C0123E00
3F4A1380D81FC0491300D80FF0495AD807FEEBFFFC6CB612F0C65D013F1480010F01FCC7
FC010113C02D427BC038>I<4AB47E021F13F0027F13FC49B6FC01079038807F8090390F
FC001FD93FF014C04948137F4948EBFFE048495A5A1400485A120FA248486D13C0EE7F80
EE1E00003F92C7FCA25B127FA2EC07FC91381FFF8000FF017F13E091B512F89039F9F01F
FC9039FBC007FE9039FF8003FF17804A6C13C05B6F13E0A24915F0A317F85BA4127FA512
3FA217F07F121FA2000F4A13E0A26C6C15C06D4913806C018014006C6D485A6C9038E01F
FC6DB55A011F5C010714C0010191C7FC9038003FF02D427BC038>I<121E121F13FC90B7
12FEA45A17FC17F817F017E017C0A2481680007EC8EA3F00007C157E5E00785D15014B5A
00F84A5A484A5A5E151FC848C7FC157E5DA24A5A14035D14074A5AA2141F5D143FA2147F
5D14FFA25BA35B92C8FCA35BA55BAA6D5A6D5A6D5A2F447AC238>I<EC7FF00103B5FC01
0F14C0013F14F090397F801FFC3A01FC0003FE48486D7E497F4848EC7F80163F484815C0
A2001F151FA27FA27F7F01FE143F6D158002C0137F02F014006C01FC5B6E485A6C9038FF
83FCEDE7F86CECFFE06C5D6C92C7FC6D14C06D80010F14F882013F8090B7FC48013F1480
2607FC0F14C0260FF80314E04848C6FC496D13F0003F141F48481307496D13F8150000FF
157F90C8123F161F160FA21607A36D15F0127F160F6D15E06C6C141F6DEC3FC06C6CEC7F
80D80FFE903801FF003A07FFC00FFE6C90B55AC615F0013F14C0010F91C7FC010013F02D
427BC038>I<EC7FF0903807FFFE011F6D7E017F14E09039FFE03FF0489038800FF84849
6C7E48488048486D7E001F80003F1680A2484815C08117E0A212FF17F0A617F8A45D127F
A3003F5CA26C7E5D6C6C5B12076C6C131E6CEBC07C6CEBFFF8013F5B010F01C013F00101
130090C8FCA217E05DA2EA03C0D80FF015C0487E486C491380A217004B5A150F5E49495A
6C48495A01C0EBFFE0260FF0035B6CB65A6C4AC7FC6C14F86C6C13E0D907FEC8FC2D427B
C038>I<903807FFC0013F13FC48B612804815E0260FF80013F0D81FC0EB3FF848C7EA1F
FC4815FE01C0130F486C14FF7FA66C485B6C4814FE000FC7FCC8EA3FFCED7FF8EDFFF04A
13E04A13801600EC07FC4A5A5D4A5A5D4A5A92C7FCA2147E147CA31478AA91C8FCA814F8
EB03FE497E497FA2497FA56D5BA26D90C7FC6D5AEB00F828467AC535>63
D<EE1F80A24C7EA24C7EA34C7EA24B7FA34B7FA24B7FA34B7F169F031F80161F82033F80
ED3E07037E80157C8203FC804B7E02018115F0820203814B137F0207815D173F020F814B
7F021F8292C77EA24A82023E80027E82027FB7FCA291B87EA2498302F0C8FCA20103834A
157F0107834A153FA249488284011F8491C97E4984133E017E82B6020FB612F0A54C457C
C455>65 D<B9FC18F018FE727E19E026003FFCC700077F05017F716C7E727E727EA27213
80A37213C0A74E1380A24E1300A24E5A4E5A4E5A4D5B05075B94B5128091B700FCC7FC18
F018FF19E002FCC7000113F8716C7EF01FFE727E7213801AC07213E0A27213F0A31AF8A7
1AF0A2601AE0604E13C0604E138095B5120005075BBA12F86119C04EC7FC18E045447CC3
50>I<DCFFF01470031F01FF14F04AB6EAE0010207EDF803023FEDFE0791B539E001FF0F
4949C7EA3F9F010701F0EC0FFF4901C0804990C87E4948814948814948167F4849163F48
49161F5A4A160F485B19074890CAFC19035A5BA2007F1801A34994C7FC12FFAE127F7F1A
F0A2123FA27F6C18011AE06C7F19036C6D17C06E16077E6C6DEE0F806C6DEE1F006D6C5E
6D6C167E6D6C6C5D6D6D4A5A6D01F0EC07F0010101FEEC1FE06D903AFFF001FF80023F90
B6C7FC020715FC020115F0DA001F1480030001F8C8FC44467AC451>I<B9FC18F018FE72
7E19E026003FFEC7001F13F805017F9438003FFF060F7F727F727F727F84737E737EA273
7EA2737EA21B80A2851BC0A51BE0AD1BC0A51B8061A21B006162193F624F5A19FF624E5B
06075B4E5B063F90C7FC4DB45A050F13F8BA5A19C04EC8FC18F095C9FC4B447CC356>I<
BA12F8A485D8001F90C71201EF003F180F180318011800A2197E193EA3191EA21778A285
A405F890C7FCA316011603161F92B5FCA5ED001F160316011600A2F101E01778A2F103C0
A494C7FC1907A21A80A2190FA2191FA2193FF17F0061601807181F4DB5FCBBFC61A44344
7DC34A>I<BA1280A419C026003FFEC7121F1701EF007F183F181F180F180719E01803A3
1801A3EE01E0F000F0A419001603A31607160F167F91B6FCA59138FE007F160F16071603
A31601A693C9FCAFB712F0A53C447CC346>I<DCFFF01470031F01FF14F04AB6EAE00102
07EDF803023FEDFE0791B539E001FF0F4949C7EA3F9F010701F0EC0FFF4901C0804990C8
7E4948814948814948167F4849163F4849161F5A4A160F485B19074890CAFC19035A5BA2
007F1801A34994C8FC12FFAD057FB612F0127F7FA3003FDC0001EBF000A27F7EA26C7FA2
6C7F807E6C7F6C7F6D7E6D6C5D6D6C7E6D6D5C6D01F05C010101FE143F6D903AFFF001FF
9F023F90B6120F0207EDFC030201EDF000DA001F02C01330030001FCC9FC4C467AC458>
I<B7D88003B612FEA526003FFEC9EBF800B3A791B9FCA54AC9FCB3AAB7D88003B612FEA5
4F447CC358>I<B712E0A5D8001F90C7FCB3B3B3A4B712E0A523447DC32A>I<B76C0103B5
12F8A526003FFEC93807E0004F5A4F5A077EC7FC614E5A4E5A4E5AF01F804EC8FC187E60
4D5AEF07F0EF0FC04D5A4DC9FC177E4C5AEE03F04C5A4C5A4C7EEE7FF04C7E5D4B7F4B7F
4B7FED3F3FDB7E1F7F03FC806E486C7F4B7E4B6C7F0380804B6C7F4A7F717E84717F8371
7F85717F83717F85717F187F727E86727F84727F86727F84B76C90B612FCA54E447CC358
>75 D<B500FE067FB512806E95B6FCA26F5EA2D8003F50C7FC013D6DEE03DFA2013C6DEE
079FA26E6CEE0F1FA26E6C161EA26E6C163CA36E6C1678A26E6C16F0A26E6DEC01E0A26E
6DEC03C0A36E6DEC0780A26F6CEC0F00A26F6C141EA26F6C5CA36F6C5CA26F6C5CA26F6D
485AA26F6D485AA26F6D485AA3706C48C7FCA293383FF81EA2706C5AA2706C5AA3706C5A
A2705BA2705BA2705BA2B6057FB6128071C7FCA2173E171C61447CC36A>77
D<B64BB512FE8181A281D8003F6D91C7EA780081013D7F81133C6E7E6E7F6E7F6E7F6E7F
82806E7F6E7F6F7E6F7F83816F7F6F7F6F7F6F7F6F7F8382707F707F707F707F8482707F
707F717E7113807113C019E0837113F07113F87113FC7113FE19FF847213F884848484A2
8484197F193F191FA2190F1907B61603190119001A78A24F447CC358>I<923807FFC092
B512FE0207ECFFC0021F15F091267FFE0013FC902601FFF0EB1FFF01070180010313C049
90C76C7FD91FFC6E6C7E49486F7E49486F7E01FF8348496F7E48496F1380A248496F13C0
A24890C96C13E0A24819F04982003F19F8A3007F19FC49177FA400FF19FEAD007F19FC6D
17FFA3003F19F8A26D5E6C19F0A26E5D6C19E0A26C6D4B13C06C19806E5D6C6D4B13006C
6D4B5A6D6C4B5A6D6C4B5A6D6C4A5B6D01C001075B6D01F0011F5B010101FE90B5C7FC6D
90B65A023F15F8020715C002004AC8FC030713C047467AC454>I<B9FC18F018FE727E19
E0D8001F90C7000F7F05017F716C7E727E727E721380A21AC084A21AE0A91AC0A24E1380
A21A00604E5A4E5A4D485A050F5B92B712C096C7FC18FC18C092CBFCB3A7B712E0A54344
7DC34D>I<B812F8EFFFC018F818FE727ED8001F90C7003F13E005037F05007F727E727E
727EA28684A286A762A24E90C7FCA24E5A61187F943801FFF005075B053F138092B7C8FC
18F818E018F892C77FEF3FFF050F7F717F717FA2717FA2717FA785A61B0F85A2187F7313
1F72141EB700E06DEB803E72EBE0FC72EBFFF8060114F0726C13E0CC0007138050457DC3
54>82 D<DAFFE0131C010701FE133C013F9038FF807C90B6EAE0FC4815F9489038801FFF
3907FC00014848EB007F4848143F4848140F491407007F15035B1601160012FF177CA27F
A26D153C7F7F6D92C7FC6C7EEBFFE014FE6CEBFFF015FF6C15E016FC6C816C6F7E6C826C
826C6C81011F810107811300020F80140003077FED007F82040F1380828212F082A282A2
7EA218007EA26C5D6C5E6D14036D5D6D140701F84A5A01FFEC3FF002F8EBFFE0486CB65A
D8FC1F92C7FCD8F80714FC48C614F0480107138031467AC43E>I<003FBA12E0A59026FE
000FEB8003D87FE09338003FF049171F90C71607A2007E1803007C1801A300781800A400
F819F8481978A5C81700B3B3A20107B8FCA545437CC24E>I<B792B6FCA526003FFECAEA
FC00806D606F15016D608119036D606F15076D606F150F6D6081191F6D6D93C7FC61027F
163E6F157E023F167C8119FC6E6D5C18016E5E7013036E5E8218076E6D5C180F6E5E7013
1F6E93C8FC705B037F143E82187E033F147C7013FC6F5C17816F5C17C117C36F5C17E76F
5C17FF6F5CA36F91C9FCA2705AA2705AA3705AA2705AA2705AA250457EC355>86
D<B600FE017FB691B512FEA526007FFCC8D83FFEC9EA7C006E82013F701778807415F86D
705F6F7014016D705FA26F7014036D64814E6D14076D646F70140F6D041E94C7FCA26F02
3E6D5C6DDC3C7F151E81027F037C6D5CF0783F6F70147C023F4B6C1578A26F01016F13F8
6E4B6C5D16806E02036F485A4E7E04C0EEE0036E4A486C5DA2DCE00FEDF0076E4B6C5D16
F06E4A6F48C8FC051E7F04F8705A6E4A027F131EA2DCFC7CEDFE3E037F0178023F133C04
FE16FF033F01F85E4D8004FF17F86F496E5BA36F496E5BA26F604D80A26F90C86C5BA36F
486F90C9FCA26F48167EA30478163C6F457EC374>I<903801FFE0011F13FE017F6D7E48
B612E03A03FE007FF84848EB1FFC6D6D7E486C6D7EA26F7FA36F7F6C5A6C5AEA00F090C7
FCA40203B5FC91B6FC1307013F13F19038FFFC01000313E0000F1380381FFE00485A5B12
7F5B12FF5BA35DA26D5B6C6C5B4B13F0D83FFE013EEBFFC03A1FFF80FC7F0007EBFFF86C
ECE01FC66CEB8007D90FFCC9FC322F7DAD36>97 D<EB7FC0B5FCA512037EB1ED0FF892B5
7E02C314E002CF14F89139DFC03FFC9139FF000FFE02FCEB03FF4A6D13804A15C04A6D13
E05CEF7FF0A218F8173FA318FCAC18F8A2177F18F0A3EFFFE06E15C06E5B6E491380027C
491300496C495A903AFC1FC07FFC496CB512F0D9F00314C049C691C7FCC8EA1FF036467D
C43E>I<EC3FFC49B512C0010F14F0013F14FC90397FF003FE9039FFC001FF0003495A48
494813805B120F485AA2485A6F1300007F6E5AED00784991C7FCA212FFAC6C7EA3123F6D
EC03C0A26C6C1407000F16806D140F6C6DEB1F006C6D133E6C01F05B3A007FFC03F86DB5
5A010F14C0010391C7FC9038003FF82A2F7CAD32>I<EE03FEED07FFA5ED001F160FB1EC
3FE0903803FFFC010FEBFF8F013F14CF9039FFF807FF48EBC00148903880007F4890C712
3F4848141F49140F121F485AA3127F5BA212FFAC127FA37F123FA26C6C141FA26C6C143F
0007157F6C6C91B5FC6CD9C00314FC6C9038F01FEF6DB5128F011FEBFE0F010713F89026
007FC0EBF80036467CC43E>I<EC3FF80103B57E010F14E0013F8090397FF83FF89039FF
C007FC48496C7E48496C7E48486D1380485A001FED7FC05B003FED3FE0A2127F5B17F016
1F12FFA290B7FCA401F0C9FCA5127FA27FA2123F17F06C7E16016C6C15E06C6C14036C6D
EB07C06C6DEB0F806C01F0EB3F0090397FFE01FE011FB55A010714F0010114C09026001F
FEC7FC2C2F7DAD33>I<EDFF80020F13E0027F13F049B512F849EB8FFC90390FFE0FFE90
381FFC1F14F8133FEB7FF0A2ED0FFCEBFFE0ED03F0ED00C01600ABB612F8A5C601E0C7FC
B3B0007FEBFFE0A527467DC522>I<DAFFE0137E010F9039FE03FF80013FEBFF8F90B812
C048D9C07F133F489038001FF84848EB0FFC4848903907FE1F80001F9238FF0F00496D90
C7FCA2003F82A8001F93C7FCA26D5B000F5D6C6C495A6C6C495A6C9038C07FF04890B55A
1680D8078F49C8FC018013E0000F90CAFCA47F7F7F90B612C016FC6CEDFF8017E06C826C
16FC7E000382000F82D81FF0C77ED83FC014074848020113808248C9FC177FA46D15FF00
7F17006D5C6C6C4A5A6C6C4A5AD80FFEEC3FF83B07FFC001FFF0000190B612C06C6C92C7
FC010F14F8D9007F90C8FC32427DAC38>I<EB7FC0B5FCA512037EB1ED07FE92383FFF80
92B512E002C114F89139C7F03FFC9138CF801F9139DF000FFE14DE14FC4A6D7E5CA25CA3
5CB3A7B60083B512FEA537457CC43E>I<137C48B4FC4813804813C0A24813E0A56C13C0
A26C13806C1300EA007C90C7FCAAEB7FC0EA7FFFA512037EB3AFB6FCA518467CC520>I<
EB7FC0B5FCA512037EB293387FFFE0A593380FE0004C5A4CC7FC167E5EED03F8ED07E04B
5A4B5A037FC8FC15FEECC1FCECC3FE14C7ECDFFF91B57E82A202F97F02E17F02C07FEC80
7F6F7E826F7E816F7F836F7F816F7F83707E163FB60003B512F8A535457DC43B>107
D<EB7FC0B5FCA512037EB3B3B3A3B61280A519457CC420>I<90277F8007FEEC0FFCB590
263FFFC090387FFF8092B5D8F001B512E002816E4880913D87F01FFC0FE03FF8913D8FC0
0FFE1F801FFC0003D99F009026FF3E007F6C019E6D013C130F02BC5D02F86D496D7EA24A
5D4A5DA34A5DB3A7B60081B60003B512FEA5572D7CAC5E>I<90397F8007FEB590383FFF
8092B512E0028114F8913987F03FFC91388F801F000390399F000FFE6C139E14BC02F86D
7E5CA25CA35CB3A7B60083B512FEA5372D7CAC3E>I<EC1FFC49B512C0010714F0011F14
FC90397FF80FFF9026FFC0017F48496C7F4848C7EA3FE000078248486E7E49140F001F82
A2003F82491407007F82A400FF1780AA007F1700A46C6C4A5AA2001F5E6D141F000F5E6C
6C4A5AA26C6C6CEBFFE06C6D485B27007FF80F90C7FC6DB55A010F14F8010114C0902600
1FFCC8FC312F7DAD38>I<90397FC00FF8B590B57E02C314E002CF14F89139DFC03FFC91
39FF001FFE000301FCEB07FF6C496D13804A15C04A6D13E05C7013F0A2EF7FF8A4EF3FFC
ACEF7FF8A318F017FFA24C13E06E15C06E5B6E4913806E4913006E495A9139DFC07FFC02
CFB512F002C314C002C091C7FCED1FF092C9FCADB67EA536407DAC3E>I<DA3FE0131E90
2603FFFC133E010F01FF137E013F1480903AFFF80FE0FE489038E003F148EBC001489038
8000FB4890C7127F49143F001F151F485A160F5B127FA3485AAC6C7EA46C7EA26C6C141F
163F6C6C147F6C15FF6C6D5A6C9038E003EF6C9038F01FCF6DB5128F011FEBFE0F010313
F89038007FC091C7FCAD0307B512FCA536407CAC3B>I<90387F807FB53881FFE0028313
F0028F13F8ED8FFC91389F1FFE000313BE6C13BC14F8A214F0ED0FFC9138E007F8ED01E0
92C7FCA35CB3A5B612E0A5272D7DAC2E>I<90391FFC038090B51287000314FF120F381F
F003383FC00049133F48C7121F127E00FE140FA215077EA27F01E090C7FC13FE387FFFF0
14FF6C14C015F06C14FC6C800003806C15806C7E010F14C0EB003F020313E0140000F014
3FA26C141F150FA27EA26C15C06C141FA26DEB3F8001E0EB7F009038F803FE90B55A00FC
5CD8F03F13E026E007FEC7FC232F7CAD2C>I<EB01E0A51303A41307A2130FA2131FA213
3F137F13FF1203000F90B51280B7FCA4C601E0C7FCB3A3ED01E0A9150302F013C0137F15
0790393FF80F8090391FFC1F006DB5FC6D13FC01015B9038003FE023407EBE2C>I<D97F
C049B4FCB50103B5FCA50003EC000F6C81B3A85EA25EA25E7E6E491380017FD901F713FE
9138F807E76DB512C7010F1407010313FE9026007FF0EBFC00372E7CAC3E>I<B6903803
FFFCA5000101E09038003E006C163C80017F5D8017F8013F5D6E1301011F5D6E1303010F
5D6E13076D5DED800F6D92C7FC15C05E6DEBE01E163E6D143CEDF07C027F1378EDF8F802
3F5B15FD021F5B15FF6E5BA36E5BA26E90C8FCA26E5AA26E5AA21578362C7EAB3B>I<B5
D8FE1FB539801FFFF0A500019027C0003FE0C7EA7C007114786E17F86C6F6C5C6E160101
7F6E6C5CA26E011F1403013F6F5C6E013F1407011F6F5CA26E0179140F010F048090C7FC
6E01F95C6D02F0EBC01E15806D902681E07F5B18E003C3157C6D9139C03FF07815E76DDA
801F5B18F803FF14F96E9039000FFDE018FF6E486D5BA36E486D5BA26E486D90C8FCA24B
7F02075DA26E48147C4B143C4C2C7EAB51>I<B500FE90383FFFF0A5C601F0903803E000
6D6C495A013F4A5A6D6C49C7FC6E5B6D6C137E6DEB807C6D6D5A6DEBC1F0EDE3E06DEBF7
C06EB45A806E90C8FC5D6E7E6E7F6E7FA24A7F4A7F8291381F3FFCEC3E1F027C7F4A6C7E
49486C7F01036D7F49487E02C08049486C7F49C76C7E013E6E7E017E141FB500E090B512
FCA5362C7EAB3B>I<B6903803FFFCA5000101E09038003E006C163C80017F5D8017F801
3F5D6E1301011F5D6E1303010F5D6E13076D5DED800F6D92C7FC15C05E6DEBE01E163E6D
143CEDF07C027F1378EDF8F8023F5B15FD021F5B15FF6E5BA36E5BA26E90C8FCA26E5AA2
6E5AA21578A215F85D14015D001F1303D83F805B387FC007D8FFE05B140F92C9FC5C143E
495A387FC1F8EB07F06CB45A6C5B000790CAFCEA01FC36407EAB3B>I
E /Fk 85 123 df<DA0FF813FC91397FFF07FF903B01F807DF83C0903A07E001FF0F903B
1F8007FE1FE090393F000FFC137E16F85B9338F007804848010790C7FC1503ACB812F8A3
2801F80003F0C7FCB3AB486C497E267FFFE0B512F0A3333B7FBA30>11
D<EC0FF8EC7FFE903901F80780903907E001C090391F8000E090383F0007017E497EA25B
A2485A6F5AED018092C8FCA9ED03F0B7FCA33901F8000F1503B3AA486C497E267FFFE0B5
12C0A32A3B7FBA2E>I<EC0FFC91387FFF70903901F803F0903807E00790381F800FEB3F
00137EA25B150748481303ADB7FCA33901F80003B3AB486C497E267FFFE0B512C0A32A3B
7FBA2E>I<DA0FF0EB1FF0DA7FFEEBFFFC903B01F80F83F00F903C07E001CFC00380903C
1F8000FF0001C090273F0007FE130F017E4948497EA2495CA248485C03076E5A03030203
C7FC95C8FCA9F007E0BAFCA33C01F80003F0001F1807B3AA486C496C497E267FFFE0B500
C1B51280A3413B7FBA45>I<001C131C007F137F39FF80FF80A26D13C0A3007F137F001C
131C00001300A40001130101801380A20003130301001300485B00061306000E130E485B
485B485B006013601A197DB92A>34 D<030C1303031E497EA2033E130FA2033C91C7FCA3
037C5BA20378131EA203F8133EA24B133CA20201147CA24B1378A3020314F8A24B5BA202
071301007FB91280BA12C0A3C7271F0007C0C7FCA2021E5CA2023E130FA2023C91C8FCA2
027C5BA20278131EA202F8133EA2BA12C0A36C1880280003E000F8C8FC4A5BA201071301
A202805BA3010F1303A202005BA2491307A2011E5CA2013E130FA2013C91C9FCA3017C5B
A20178131EA20130130C3A4A7BB945>I<141FEC7FC0903801F0E0903803C06001071370
90380F803090381F00381518A25BA2133E133F15381530A215705D5D140190381F838092
CAFC1487148E02DC49B51280EB0FF85C4A9039003FF8000107ED0FC06E5D71C7FC6E140E
010F150CD91DFC141C01391518D970FE143801E015302601C07F1470D803805D00076D6C
5BD80F00EBC00148011F5C4890380FE003003E6E48C8FC007E903807F8060203130E00FE
6E5A6E6C5A1400ED7F706C4B13036F5A6F7E6C6C6D6C5B7013066C6C496C130E6DD979FE
5B281FF001F07F133C3C07F80FE03FC0F86CB539800FFFF0C69026FE000313C0D91FF0D9
007FC7FC393E7DBB41>38 D<121C127FEAFF80A213C0A3127F121C1200A412011380A212
0313005A1206120E5A5A5A12600A1979B917>I<146014E0EB01C0EB0380EB0700130E13
1E5B5BA25B485AA2485AA212075B120F90C7FCA25A121EA2123EA35AA65AB2127CA67EA3
121EA2121F7EA27F12077F1203A26C7EA26C7E1378A27F7F130E7FEB0380EB01C0EB00E0
1460135278BD20>I<12C07E12707E7E7E120F6C7E6C7EA26C7E6C7EA21378A2137C133C
133E131EA2131F7FA21480A3EB07C0A6EB03E0B2EB07C0A6EB0F80A31400A25B131EA213
3E133C137C1378A25BA2485A485AA2485A48C7FC120E5A5A5A5A5A13527CBD20>I<EB03
80497EA7397803803C00FC147E00FE14FE397F8383FC393FC387F8390FE38FE03903FBBF
803900FFFE00EB3FF8EB0FE0A2EB3FF8EBFFFE3903FBBF80390FE38FE0393FC387F8397F
8383FC39FE0380FE00FC147E0078143C390007C000A76D5A1F247BBD2A>I<15301578B3
A6007FB812F8B912FCA26C17F8C80078C8FCB3A6153036367BAF41>I<121C127FEAFF80
A213C0A3127F121C1200A412011380A2120313005A1206120E5A5A5A12600A19798817>
I<B512FCA516057F941C>I<121C127FEAFF80A5EA7F00121C0909798817>I<150C151E15
3EA2153C157CA2157815F8A215F01401A215E01403A215C01407A21580140FA215005CA2
141E143EA2143C147CA2147814F8A25C1301A25C1303A2495AA25C130FA291C7FC5BA213
1E133EA2133C137CA2137813F8A25B1201A25B1203A25B1207A25B120FA290C8FC5AA212
1E123EA2123C127CA2127812F8A25A12601F537BBD2A>I<EB03F8EB1FFF90387E0FC090
38F803E03901E000F0484813780007147C48487FA248C77EA2481580A3007EEC0FC0A600
FE15E0B3007E15C0A4007F141F6C1580A36C15006D5B000F143EA26C6C5B6C6C5B6C6C48
5A6C6C485A90387E0FC0D91FFFC7FCEB03F8233A7DB72A>I<EB01C013031307131F13FF
B5FCA2131F1200B3B3A8497E007FB512F0A31C3879B72A>I<EB0FF0EB7FFE48B57E3903
E03FE0390F000FF0000E6D7E486D7E486D7E123000706D7E126012FCB4EC7F807FA56CC7
FC121CC8FCEDFF00A34A5A5D14035D4A5A5D140F4A5A4A5A92C7FC147C5C495A495A495A
495A91C8FC011EEB01805B5B49130348481400485A485A000EC75A000FB6FC5A5A485CB6
FCA321387CB72A>I<EB07F8EB3FFF4913C03901F80FF03903C007F848486C7E380E0001
000F80381FE0006D7FA56C5A6C5AC85A1401A25D4A5AA24A5A5DEC0F80027EC7FCEB1FFC
ECFF809038000FE06E7EEC01FC816E7EED7F80A216C0A2153F16E0A2121EEA7F80487EA4
16C049137F007F1580007EC7FC0070ECFF006C495A121E390F8003F83907F00FF00001B5
12C06C6C90C7FCEB0FF8233A7DB72A>I<1538A2157815F8A2140114031407A2140F141F
141B14331473146314C313011483EB030313071306130C131C131813301370136013C012
01EA038013005A120E120C5A123812305A12E0B712F8A3C73803F800AB4A7E0103B512F8
A325397EB82A>I<0006140CD80780133C9038F003F890B5FC5D5D158092C7FC14FC3806
7FE090C9FCABEB07F8EB3FFE9038780F803907E007E090388003F0496C7E12066E7EC87E
A28181A21680A4123E127F487EA490C71300485C12E000605C12700030495A00385C6C13
03001E495A6C6C485A3907E03F800001B5C7FC38007FFCEB1FE0213A7CB72A>I<EC3FC0
903801FFF0010713FC90380FE03E90383F800790387E001F49EB3F804848137F485AA248
5A000FEC3F0049131E001F91C7FCA2485AA3127F90C9FCEB01FC903807FF8039FF1E07E0
90383801F0496C7E01607F01E0137E497FA249148016C0151FA290C713E0A57EA56C7E16
C0A2121FED3F807F000F15006C6C5B15FE6C6C5B6C6C485A3900FE07F090383FFFC06D90
C7FCEB03FC233A7DB72A>I<12301238123E003FB612E0A316C05A168016000070C71206
0060140E5D151800E01438485C5D5DC712014A5A92C7FC5C140E140C141C5CA25CA214F0
495AA21303A25C1307A2130FA3495AA3133FA5137FA96DC8FC131E233B7BB82A>I<EB03
F8EB1FFF017F13C09038FC07F03901E001F848486C7E4848137C90C77E48141E000E141F
001E80A3121FA27F5D01E0131E6C6C133E01FC133C6D5B6C6C6C5AECC1E06CEBF3C06C01
FFC7FC6C5BEB3FFF6D13C081017F13F801F07F3903E07FFE3907801FFF48486C13804813
03003E6D13C0003CEB007F007C143F0078EC0FE000F814075A1503A21501A36C15C01278
1503007C15806CEC07006C5C6C6C131ED807E0137C3903F803F0C6B55A013F1380D907FC
C7FC233A7DB72A>I<EB03F8EB1FFF017F13C09038FC07E03903F803F048486C7E48486C
7E49137E121F48487FA2007F158090C7FCA248EC1FC0A616E0A56C143FA27F123F001F14
7FA26C6C13FF6C6C13DF000313013901F0039F3900FC0F1FD93FFC13C0EB07F090C7FC15
3F1680A316005D000F147E487E486C5BA24A5A4A5A49485A6C48485A001C495A260F807F
C7FC3807FFFC000113F038003FC0233A7DB72A>I<121C127FEAFF80A5EA7F00121CC7FC
B2121C127FEAFF80A5EA7F00121C092479A317>I<121C127FEAFF80A5EA7F00121CC7FC
B2121C127F5A1380A4127F121D1201A412031300A25A1206A2120E5A121812385A126009
3479A317>I<007FB812F8B912FCA3CCFCAEB912FCA36C17F836167B9F41>61
D<EB3FE03801FFFE3907C03F80390E000FC0003CEB07F000301303007014F8007C130100
FE14FC7EA4127E003CEB03F8C7FCEC07F0A2EC0FE0EC1F80EC3F00147E147C5C495A5C49
5A5CA249C7FCA31306AA90C8FCA8130EEB3F80497EA56D5A010EC7FC1E3B7CBA27>63
D<EC03FF021F13E09138FC00FCD901E0131ED90780EB0780011EC7EA01E00138EC007049
81498148488148488190C97E48D901FC1480000ED907FFEB01C0000C90391F03C000001C
90267E00E013E000184901701360263801F86D13700030496D13300103EC0FE0267007E0
0107133800601718495AA200E0171C484848150CAA6C6C7E1260A26D6C151C0070171826
3003F0130F0101141F00386D013F1338261800FC01771330001C017E9038E3F070000C90
261F03C113E0000E903A07FF00FFC06CD901FCEB3F006C90CAFC7F6C7E6C7E13706D167C
011EED03FCD90780EC1FF0D901E0ECFF80D900FC90383FFC00021FB51280020301E0C7FC
363C7BBA41>I<1538A3157CA315FEA34A7EA34A6C7EA202077FEC063FA2020E7FEC0C1F
A2021C7FEC180FA202387FEC3007A202707FEC6003A202C07F1501A2D901807F81A249C7
7F167FA20106810107B6FCA24981010CC7121FA2496E7EA3496E7EA3496E7EA213E0707E
1201486C81D80FFC02071380B56C90B512FEA3373C7DBB3E>I<B712E016FC16FF000190
3980007FC06C90C7EA1FE0707E707E707EA2707EA283A75F16035F4C5A4C5A4C5A4C5AEE
FF8091B500FCC7FCA291C7EA7F80EE1FE0EE07F0707E707E83707EA21880177F18C0A718
8017FFA24C13005F16034C5AEE1FF8486DEB7FF0B812C094C7FC16F832397DB83B>I<91
3A01FF800180020FEBE003027F13F8903A01FF807E07903A03FC000F0FD90FF0EB039F49
48EB01DFD93F80EB00FF49C8127F01FE153F12014848151F4848150FA248481507A2485A
1703123F5B007F1601A35B00FF93C7FCAD127F6DED0180A3123F7F001F160318006C7E5F
6C7E17066C6C150E6C6C5D00001618017F15386D6C5CD91FE05C6D6CEB03C0D903FCEB0F
80902701FF803FC7FC9039007FFFFC020F13F002011380313D7BBA3C>I<B712C016F816
FE000190398001FF806C90C7EA3FE0EE0FF0EE03F8707E707E177FA2EF3F8018C0171F18
E0170F18F0A3EF07F8A418FCAC18F8A4EF0FF0A218E0A2171F18C0EF3F80A2EF7F0017FE
4C5A4C5AEE0FF0EE3FE0486DEBFF80B8C7FC16F816C036397DB83F>I<B812FCA3000190
3880000F6C90C71201EE007E173E171E170EA31706A317078316C0A394C7FCA31501A215
03150F91B5FCA3EC000F15031501A21500A21860A318E093C712C0A41701A3EF0380A217
07A2170F173F177F486D903807FF00B9FCA333397DB839>I<B812F8A30001903880001F
6C90C71201EE00FC177C173C171CA2170CA4170E1706A2ED0180A21700A41503A2150715
1F91B5FCA3EC001F15071503A21501A692C8FCAD4813C0B612C0A32F397DB836>I<DBFF
8013C0020FEBF001023F13FC9139FF803F03903A03FC000787D90FF0EB03CF4948EB00EF
4948147F4948143F49C8121F485A4848150F48481507A248481503A2485A1701123F5B00
7F1600A448481600AB93B6FCA26C7E9338007FE0EF3FC0A2123F7F121FA26C7EA26C7EA2
6C7E6C7E6C6C157F6D7E6D6C14FF6D6C14EFD90FF8EB03C7D903FEEB0783903A00FFC03F
0191393FFFFC00020F01F0130002001380383D7CBA41>I<B648B512FEA3000190268000
0313006C90C76C5AB3A491B6FCA391C71201B3A6486D497EB648B512FEA337397DB83E>
I<B612C0A3C6EBC0006D5AB3B3AD497EB612C0A31A397EB81E>I<013FB512E0A3903900
1FFC00EC07F8B3B3A3123FEA7F80EAFFC0A44A5A1380D87F005B0070131F6C5C6C495A6C
49C7FC380781FC3801FFF038007F80233B7DB82B>I<B649B5FCA3000101809038007FF0
6C90C8EA3F80053EC7FC173C17385F5F4C5A4C5A4CC8FC160E5E5E5E5E4B5AED0780030E
C9FC5D153E157E15FF5C4A7F4A6C7E140E4A6C7E4A6C7E14704A6C7E4A6C7E14804A6C7E
6F7EA26F7F707EA2707E707EA2707EA2707E707EA2707E707F8484486D497FB6011FEBFF
80A339397DB841>I<B612E0A3000101C0C8FC6C90C9FCB3AD1718A517381730A31770A3
17F0A216011603160FEE1FE0486D13FFB8FCA32D397DB834>I<B5933807FFF86E5DA200
01F0FC002600DFC0ED1BF8A2D9CFE01533A3D9C7F01563A3D9C3F815C3A2D9C1FCEC0183
A3D9C0FEEC0303A2027F1406A36E6C130CA36E6C1318A26E6C1330A36E6C1360A26E6C13
C0A3913901FC0180A3913900FE0300A2ED7F06A3ED3F8CA2ED1FD8A3ED0FF0A3486C6D5A
487ED80FFC6D48497EB500C00203B512F8A2ED018045397DB84C>I<B5913807FFFE8080
C69238007FE06EEC1F80D9DFF0EC0F001706EBCFF8EBC7FCA2EBC3FEEBC1FFA201C07F6E
7EA26E7E6E7E81140F6E7E8114036E7E168080ED7FC016E0153FED1FF0ED0FF8A2ED07FC
ED03FEA2ED01FF6F1386A2EE7FC6EE3FE6A2EE1FF6EE0FFEA216071603A216011600A217
7E486C153E487ED80FFC151EB500C0140EA2170637397DB83E>I<EC03FF021F13E09138
FE01FC903901F8007ED907E0EB1F8049486D7ED93F80EB07F049C76C7E01FE6E7E48486E
7E49157E0003167F4848ED3F80A24848ED1FC0A2001F17E049150F003F17F0A3007F17F8
491507A300FF17FCAC007F17F86D150FA3003F17F0A26C6CED1FE0A36C6CED3FC0000717
806D157F000317006C6C15FEA26C6C4A5A017F4A5A6D6C495A6D6C495AD907E0EB1F80D9
03F8017FC7FC903900FE01FC91381FFFE0020390C8FC363D7BBA41>I<B712C016F816FE
000190398001FF806C90C7EA3FC0EE0FE0EE07F0EE03F817FC17FE1601A217FFA717FEA2
EE03FCA2EE07F817F0EE0FE0EE3FC0923801FF0091B512FC16F091C9FCB3A5487FB6FCA3
30397DB839>I<EC03FF021F13E09138FE01FC903901F8007ED907E0EB1F8049486D7ED9
3F80EB07F049C76C7E01FE6E7E48486E7EA24848157F0007178049153F000F17C049151F
001F17E0A24848ED0FF0A3007F17F8A2491507A200FF17FCAC007F17F8A26D150FA2003F
17F0A26C6CED1FE0A36C6CED3FC00007027C14804AB4FC3C03F80383807F003B01FC0701
C0FEEC0E002600FE0CEBE1FC017FEC63F8D93F8CEB77F0D91FCCEB3FE0D907EE14806DB4
49C7FC0100D981FC130CEC1FFF0203131C91C7001E131C161F183CEF807CEFC0F8EE0FFF
A318F08218E07013C07013809338007E00364B7BBA41>I<B612FEEDFFE016F800019038
8007FE6C90C76C7EEE3FC0707E707E707EA2707EA283A65FA24C5AA24C5A4C5AEE3F8004
FFC8FCED07FC91B512E05E9138000FF0ED03F8ED00FE82707E707EA2161F83A583A6F001
80A217F8160F1803486D01071400B66D6C5A04011306933800FE0ECAEA3FFCEF07F0393B
7DB83D>I<D90FF813C090383FFE0190B512813903F807E33907E000F74848137F484813
3F48C7121F003E140F007E1407A2007C140312FC1501A36C1400A37E6D14006C7E7F13F8
6CB47E6C13F8ECFF806C14E06C14F86C14FEC680013F1480010714C0EB007F020713E0EC
007FED3FF0151F150FED07F8A200C01403A21501A37EA216F07E15036C15E06C14076C15
C06C140F6DEB1F80D8FBF0EB3F00D8F0FE13FE39E03FFFF8010F13E0D8C00190C7FC253D
7CBA2E>I<003FB812E0A3D9C003EB001F273E0001FE130348EE01F00078160000701770
A300601730A400E01738481718A4C71600B3B0913807FF80011FB612E0A335397DB83C>
I<B6903807FFFEA3000101809038007FE06C90C8EA1F80EF0F001706B3B2170E6D150C80
171C133F17186D6C14385F6D6C14F06D6C5C6D6C495A6D6CEB07806D6C49C7FC91387F80
7E91381FFFF8020713E09138007F80373B7DB83E>I<B500FC91387FFF80A30003018091
380FFC006C90C8EA07E0715A6C705A6E1403017F93C7FCA280013F1506A26E140E011F15
0C80010F5DA28001075DA26E147001031560A26D6C5CA2806D4A5AA2ED8003027F91C8FC
A291383FC006A215E0021F5BA2EDF01C020F1318A26E6C5AA215FC02035BA2EDFEE00201
5BA26E6C5AA36FC9FCA3153EA2151CA3393B7EB83E>I<B5D8FC07B5D8F001B5FCA30007
902780001FFEC7EA1FF86C48C7D80FF8EC07E000010307ED03C01B807F6C6F6C1500A26E
5F017F6E6C1406A280013F4A6C5CA280011F4A6D5BEE067FA26D6C010E6D5BEE0C3FA26D
6C011C6D5BEE181FA26D6C6F5BEE300FA26D6C6F485AEE6007A26D6C4CC7FC9338C003FC
A203805D913B7F818001FE06A203C1150EDA3FC3C7EAFF0CA203E3151CDA1FE6EC7F98A2
15F6DA0FFCEC3FF0A302075E4B141FA202035E4B140FA202015E4B1407A2020093C8FC4B
80503B7EB855>I<007FB590383FFFFCA3C601F801071380D97FE0D903FCC7FC013FEC01
F06D6C5C5F6D6C5C6D6C13034CC8FC6D6C1306160E6D6C5B6DEB8018163891387FC0306E
6C5A16E06E6C5A91380FF18015FB6EB4C9FC5D14036E7EA26E7F6F7EA24B7E15DF913801
9FF09138038FF8150F91380607FC91380E03FE140C4A6C7EEC38000230804A6D7E14E04A
6D7E49486D7E130391C76C7E01066E7E130E010C6E7E011C1401013C8101FE822607FF80
010713E0B500E0013FEBFF80A339397EB83E>I<B500FE91383FFFE0A3000301E0913807
FE00C649EC03F0017F6F5A606D6C5D6D6C140395C7FC6D6C1406A26D6C5C6D6C141C1718
6D6C143817306D6D5B6E6C13E05F91383FE0015F91381FF003DA0FF890C8FC1606913807
FC0E160C913803FE1C913801FF185E6E13B016E0157F6F5AB3A24B7E023FB512C0A33B39
7FB83E>I<EAFFF8A4EAF000B3B3B3B3A3EAFFF8A40D5378BD17>91
D<3901800180000313033907000700000E130E485B001813180038133800301330007013
7000601360A200E013E0485BA400CE13CE39FF80FF806D13C0A3007F137FA2393F803F80
390E000E001A1974B92A>I<EAFFF8A4EA0078B3B3B3B3A3EAFFF8A40D537FBD17>I<EB1F
E0EBFFFC3803E03F3907000F80390F8007E0486C6C7E13E06E7EA26E7E6C5A6C5AC8FCA4
147FEB07FFEB3FE0EBFE00EA03F8EA0FF0EA1FC0123F485A90C7FC160C12FEA31401A26C
13036CEB077C903980063E18383FC01E3A0FE0781FF03A03FFF00FE03A007F8007C02627
7DA52A>97 D<EA03F012FFA3120F1203B0EC1FE0EC7FF89038F1E03E9039F3801F809039
F7000FC001FEEB07E049EB03F049EB01F85BED00FCA216FEA2167E167FAA167E16FEA216
FC15016D14F8ED03F07F01EEEB07E001C6EB0FC09039C7801F00903881E07E903800FFF8
C7EA1FC0283B7EB92E>I<EB03FC90381FFF8090387E03E03901F80070484813F83907E0
01FC380FC003A2EA1F80123F90380001F848EB00F01500A2127E12FEAA127E127FA26C14
067F001F140E6D130C000F141C6C6C13386C6C13706C6C13E039007C07C090381FFF00EB
07F81F277DA525>I<ED0FC0EC03FFA3EC003F150FB0EB03F8EB1FFF90387E078F9038F8
01EF3903F0007F4848133F4848131FA24848130F123F90C7FC5AA2127E12FEAA127E127F
A27EA26C6C131FA26C6C133F6C6C137F6C6CEBEFF03A01F801CFFF39007C078F90381FFE
0FD907F813C0283B7DB92E>I<EB07F8EB1FFF90387C0FC03901F803E03903F001F0D807
E013F8380FC0004848137CA248C7127E153E5A153F127E12FEA3B7FCA248C8FCA5127EA2
127FA26C14037F001F14076C6C13060007140E6D131CD801F013386C6C137090387E03E0
90381FFF80903803FC0020277EA525>I<147E903803FF8090380FC1E0EB1F8790383F0F
F0137EA213FCA23901F803C091C7FCADB512FCA3D801F8C7FCB3AB487E387FFFF8A31C3B
7FBA19>I<ED03F090390FF00FF890393FFC3C3C9039F81F707C3901F00FE03903E007C0
3A07C003E010000FECF000A248486C7EA86C6C485AA200075C6C6C485A6D485A6D48C7FC
38073FFC38060FF0000EC9FCA4120FA213C06CB512C015F86C14FE6CECFF804815C03A0F
80007FE048C7EA0FF0003E140348140116F8481400A56C1401007C15F06CEC03E0003F14
07D80F80EB0F80D807E0EB3F003901FC01FC39007FFFF0010790C7FC26387EA52A>I<EA
03F012FFA3120F1203B0EC0FF0EC3FFCECF03F9039F1C01F809039F3800FC0EBF70013FE
496D7EA25BA35BB3A3486C497EB500C1B51280A3293A7EB92E>I<EA0380EA0FE0487EA5
6C5AEA0380C8FCAAEA03F012FFA312071203B3AA487EB512C0A312387EB717>I<EB01C0
EB07F0EB0FF8A5EB07F0EB01C090C7FCAAEB01F813FFA313071301B3B3A2123C127E00FF
13F01303A214E038FE07C0127C383C0F00EA0FFEEA03F8154984B719>I<EA03F012FFA3
120F1203B1913801FFFCA39138007FC01600157C15705D4A5A4A5A4AC7FC141E14381478
14FC13F1EBF3FEEBF73F01FE7FEBF81F496C7E8114076E7E6E7E811400157E157F811680
ED1FC0486CEB3FF0B500C0B5FCA3283A7EB92C>I<EA03F012FFA3120F1203B3B3AD487E
B512C0A3123A7EB917>I<2703F00FF0EB1FE000FFD93FFCEB7FF8913AF03F01E07E903B
F1C01F83803F3D0FF3800FC7001F802603F70013CE01FE14DC49D907F8EB0FC0A2495CA3
495CB3A3486C496CEB1FE0B500C1B50083B5FCA340257EA445>I<3903F00FF000FFEB3F
FCECF03F9039F1C01F803A0FF3800FC03803F70013FE496D7EA25BA35BB3A3486C497EB5
00C1B51280A329257EA42E>I<EB03FE90380FFF8090383E03E09038F800F84848137C48
487F48487F4848EB0F80001F15C090C712074815E0A2007EEC03F0A400FE15F8A9007E15
F0A2007F14076C15E0A26C6CEB0FC0000F15806D131F6C6CEB3F006C6C137EC66C13F890
387E03F090381FFFC0D903FEC7FC25277EA52A>I<3903F01FE000FFEB7FF89038F1E07E
9039F3801F803A07F7000FC0D803FEEB07E049EB03F04914F849130116FC150016FEA316
7FAA16FEA3ED01FCA26DEB03F816F06D13076DEB0FE001F614C09039F7803F009038F1E0
7E9038F0FFF8EC1FC091C8FCAB487EB512C0A328357EA42E>I<D903F813C090381FFE01
90387E07819038FC01C33903F000E3000714774848133749133F001F141F485A150F48C7
FCA312FEAA127FA37E6D131F121F6D133F120F6C6C137F6C6C13EF3901F801CF39007E07
8F90381FFE0FEB07F890C7FCABED1FE00203B5FCA328357DA42C>I<3807E01F00FFEB7F
C09038E1E3E09038E387F0380FE707EA03E613EE9038EC03E09038FC0080491300A45BB3
A2487EB512F0A31C257EA421>I<EBFF03000313E7380F80FF381E003F487F487F00707F
12F0A2807EA27EB490C7FCEA7FE013FF6C13E06C13F86C7F00037FC67F01071380EB007F
141F00C0EB0FC01407A26C1303A37E15806C13077EEC0F00B4131E38F3C07C38E1FFF038
C03F801A277DA521>I<1318A51338A31378A313F8120112031207001FB5FCB6FCA2D801
F8C7FCB215C0A93800FC011580EB7C03017E13006D5AEB0FFEEB01F81A347FB220>I<D8
03F0EB07E000FFEB01FFA3000FEB001F00031407B3A4150FA3151F12016D133F0000EC77
F86D9038E7FF8090383F03C790381FFF87903A03FC07E00029267EA42E>I<B538803FFE
A33A0FF8000FF06C48EB07E00003EC03C06D148000011500A26C6C1306A26D130E017E13
0CA26D5BA2EC8038011F1330A26D6C5AA214E001075BA2903803F180A3D901FBC7FCA214
FF6D5AA2147CA31438A227257EA32C>I<B53A1FFFE03FFEA3260FF8009038000FF86C48
017EEB03E018C00003023EEB0180A26C6C013FEB0300A36C6CEC8006156FA2017E9038EF
C00C15C7A2D93F016D5A15830281EBF038D91F831430150102C3EBF87090260FC6001360
A2D907E66D5A02EC137CA2D903FCEB7F804A133FA2010192C7FC4A7FA20100141E4A130E
0260130C37257EA33C>I<B538807FFFA33A03FE003FF00001EC1F80000092C7FC017E13
1C6D13186D6C5AECC070010F5B6D6C5AECF180EB03FB6DB4C8FC6D5AA2147F804A7E8114
CF903801C7E090380383F090380703F8EB0601496C7E011C137E49137F01787F496D7E48
6C80000FEC3FF0D8FFFE90B51280A329247FA32C>I<B538803FFEA33A0FF8000FF06C48
EB07C00003EC03806C7E16007F00001406A2017E5BA2137F6D5BA26D6C5AA2ECC070010F
1360A26D6C5AA214F101035BA2D901FBC7FCA214FF6D5AA2147CA31438A21430A2147014
60A25CA2EA7C0100FE5B130391C8FC1306EAFC0EEA701C6C5AEA1FF0EA0FC027357EA32C
>I<003FB512FCA2EB8003D83E0013F8003CEB07F00038EB0FE012300070EB1FC0EC3F80
0060137F150014FE495AA2C6485A495AA2495A495A495AA290387F000613FEA2485A485A
0007140E5B4848130C4848131CA24848133C48C7127C48EB03FC90B5FCA21F247EA325>
I E end
%%EndProlog
%%BeginSetup
%%Feature: *Resolution 600dpi
TeXDict begin
%%EndSetup
%%Page: 1 1
1 0 bop 0 568 a Fk(IPSEC)27 b(W)-7 b(orking)26 b(Group)1060
b(Douglas)26 b(Maughan,)h(Mark)g(Sc)n(hertler)0 667 y(INTERNET-DRAFT)
1352 b(Mark)27 b(Sc)n(hneider,)g(Je\013)h(T)-7 b(urner)0
767 y(draft-ietf-ipsec-isakmp-09.txt,)26 b(.ps)1388 b(Marc)n(h)27
b(10,)g(1998)152 1046 y Fj(In)m(ternet)37 b(Securit)m(y)f(Asso)s
(ciation)g(and)i(Key)g(Managemen)m(t)g(Proto)s(col)e(\(ISAKMP\))1781
1486 y Fi(Abstract)323 1683 y Fh(This)28 b(memo)e(describ)r(es)i(a)g
(proto)r(col)g(utilizing)h(securit)n(y)e(concepts)h(necessary)g(for)g
(establishing)h(Securit)n(y)d(Asso-)208 1774 y(ciations)h(\(SA\))f(and)
g(cryptographic)h(k)n(eys)f(in)g(an)h(In)n(ternet)e(en)n(vironmen)n(t.)
36 b(A)26 b(Securit)n(y)f(Asso)r(ciation)k(proto)r(col)f(that)208
1865 y(negotiates,)e(establishes,)h(mo)r(di\014es)e(and)f(deletes)i
(Securit)n(y)e(Asso)r(ciations)j(and)e(their)g(attributes)g(is)g
(required)g(for)g(an)208 1957 y(ev)n(olving)h(In)n(ternet,)g(where)h
(there)f(will)i(b)r(e)f(n)n(umerous)e(securit)n(y)h(mec)n(hanisms)f
(and)h(sev)n(eral)i(options)f(for)g(eac)n(h)g(secu-)208
2048 y(rit)n(y)d(mec)n(hanism.)32 b(The)25 b(k)n(ey)e(managemen)n(t)g
(proto)r(col)j(m)n(ust)d(b)r(e)h(robust)g(in)g(order)h(to)g(handle)f
(public)g(k)n(ey)f(generation)208 2139 y(for)29 b(the)f(In)n(ternet)f
(comm)n(unit)n(y)f(at)i(large)i(and)e(priv)l(ate)g(k)n(ey)f(requiremen)
n(ts)h(for)h(those)f(priv)l(ate)h(net)n(w)n(orks)f(with)h(that)208
2231 y(requiremen)n(t.)323 2322 y(The)c(In)n(ternet)e(Securit)n(y)h
(Asso)r(ciation)j(and)d(Key)g(Managemen)n(t)h(Proto)r(col)i(\(ISAKMP\))
c(de\014nes)i(the)f(pro)r(cedures)208 2413 y(for)30 b(authen)n
(ticating)f(a)h(comm)n(unicating)e(p)r(eer,)j(creation)f(and)f
(managemen)n(t)f(of)i(Securit)n(y)f(Asso)r(ciations,)j(k)n(ey)d(gen-)
208 2505 y(eration)j(tec)n(hniques,)h(and)e(threat)h(mitigation)g
(\(e.g.)53 b(denial)32 b(of)h(service)f(and)f(repla)n(y)h(attac)n
(ks\).)53 b(All)32 b(of)g(these)g(are)208 2596 y(necessary)22
b(to)f(establish)i(and)e(main)n(tain)g(secure)h(comm)n(unications)f
(\(via)g(IP)h(Securit)n(y)f(Service)g(or)h(an)n(y)f(other)h(securit)n
(y)208 2687 y(proto)r(col\))k(in)g(an)g(In)n(ternet)e(en)n(vironmen)n
(t.)1584 2969 y Fk(Status)k(of)f(this)h(memo)0 3252 y(This)d(do)r
(cumen)n(t)h(is)f(b)r(eing)g(submitted)h(to)f(the)g(IETF)g(In)n(ternet)
g(Proto)r(col)f(Securit)n(y)g(\(IPSEC\))h(W)-7 b(orking)24
b(Group)h(for)g(con-)0 3351 y(sideration)f(as)g(a)g(metho)r(d)h(for)g
(the)g(establishmen)n(t)g(and)f(managemen)n(t)g(of)h(securit)n(y)f
(asso)r(ciations)e(and)j(their)g(appropriate)0 3451 y(securit)n(y)i
(attributes.)37 b(Additionally)-7 b(,)28 b(this)g(do)r(cumen)n(t)g
(prop)r(oses)e(a)h(metho)r(d)h(for)f(k)n(ey)g(managemen)n(t)g(to)g
(supp)r(ort)h(IPSEC)0 3551 y(and)j(IPv6.)46 b(It)31 b(is)g(in)n(tended)
g(that)h(a)e(future)i(v)n(ersion)d(of)i(this)g(draft)g(b)r(e)h
(submitted)g(to)f(the)g(IESG)g(for)f(publication)h(as)f(a)0
3650 y(Draft)k(Standard)e(RF)n(C.)i(Commen)n(ts)f(are)f(solicited)i
(and)f(should)g(b)r(e)h(addressed)e(to)h(the)h(authors)e(and/or)g(the)i
(IPSEC)0 3750 y(w)n(orking)26 b(group)g(mailing)i(list)f(at)h
Fg(ipsec@tis.com)p Fk(.)0 3949 y(This)35 b(do)r(cumen)n(t)h(is)g(an)f
(In)n(ternet)g(Draft.)61 b(In)n(ternet)36 b(Drafts)f(are)g(w)n(orking)e
(do)r(cumen)n(ts)j(of)f(the)h(In)n(ternet)g(Engineering)0
4049 y(T)-7 b(ask)25 b(F)-7 b(orce)26 b(\(IETF\),)g(its)g(Areas,)g(and)
g(its)g(W)-7 b(orking)25 b(Groups.)35 b(Note)27 b(that)f(other)f
(groups)g(ma)n(y)g(also)g(distribute)i(w)n(orking)0 4148
y(do)r(cumen)n(ts)h(as)f(In)n(ternet)g(Drafts.)0 4348
y(In)n(ternet)j(Drafts)g(are)f(draft)i(do)r(cumen)n(ts)f(v)-5
b(alid)30 b(for)g(a)f(maxim)n(um)i(of)f(six)g(mon)n(ths.)44
b(In)n(ternet)30 b(Drafts)g(ma)n(y)g(b)r(e)g(up)r(dated,)0
4447 y(replaced,)39 b(or)e(obsoleted)g(b)n(y)g(other)g(do)r(cumen)n(ts)
h(at)f(an)n(y)g(time.)68 b(It)38 b(is)f(not)h(appropriate)e(to)h(use)h
(In)n(ternet)f(Drafts)h(as)0 4547 y(reference)27 b(material)f(or)h(to)h
(cite)f(them)i(other)e(than)g(as)g(\\w)n(orking)f(draft")h(or)f(\\w)n
(ork)g(in)i(progress.")0 4746 y(T)-7 b(o)22 b(learn)f(the)i(curren)n(t)
e(status)h(of)g(an)n(y)f(In)n(ternet-Draft,)i(please)e(c)n(hec)n(k)h
(the)g(\\1id-abstracts.txt")e(listing)i(con)n(tained)f(in)i(the)0
4846 y(In)n(ternet-)29 b(Drafts)g(Shado)n(w)g(Directories)f(on)h(ds.in)
n(ternic.net)h(\(US)g(East)f(Coast\),)g(nic.nordu.net)g(\(Europ)r(e\),)
h(ftp.isi.edu)0 4945 y(\(US)e(W)-7 b(est)28 b(Coast\),)f(or)g(m)n
(unnari.oz.au)f(\(P)n(aci\014c)h(Rim\).)0 5145 y(Distribution)h(of)g
(this)f(do)r(cumen)n(t)h(is)g(unlimited.)p eop
%%Page: 2 2
2 1 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y Ff(Con)l(ten)l(ts)0
573 y Fe(1)77 b(In)m(tro)s(duction)3201 b(5)125 672 y
Fk(1.1)83 b(Requiremen)n(ts)28 b(T)-7 b(erminology)19
b Fd(:)42 b(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f
(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)
g(:)f(:)h(:)f(:)134 b Fk(5)125 772 y(1.2)83 b(The)28
b(Need)g(for)f(Negotiation)66 b Fd(:)42 b(:)f(:)h(:)f(:)h(:)g(:)f(:)h
(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)
h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)134 b
Fk(6)125 872 y(1.3)83 b(What)28 b(can)g(b)r(e)g(Negotiated?)64
b Fd(:)42 b(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f
(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)
g(:)f(:)h(:)f(:)134 b Fk(6)125 971 y(1.4)83 b(Securit)n(y)28
b(Asso)r(ciations)e(and)h(Managemen)n(t)21 b Fd(:)42
b(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f
(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)134
b Fk(6)315 1071 y(1.4.1)94 b(Securit)n(y)27 b(Asso)r(ciations)g(and)g
(Registration)34 b Fd(:)42 b(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)
f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)134
b Fk(7)315 1171 y(1.4.2)94 b(ISAKMP)27 b(Requiremen)n(ts)66
b Fd(:)41 b(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h
(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)
f(:)134 b Fk(7)125 1270 y(1.5)83 b(Authen)n(tication)66
b Fd(:)41 b(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h
(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)
f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)134 b Fk(7)315
1370 y(1.5.1)94 b(Certi\014cate)27 b(Authorities)45 b
Fd(:)d(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h
(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)
f(:)134 b Fk(8)315 1469 y(1.5.2)94 b(En)n(tit)n(y)27
b(Naming)61 b Fd(:)42 b(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f
(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)
h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)134 b Fk(8)315 1569
y(1.5.3)94 b(ISAKMP)27 b(Requiremen)n(ts)66 b Fd(:)41
b(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f
(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)134
b Fk(8)125 1669 y(1.6)83 b(Public)28 b(Key)f(Cryptograph)n(y)56
b Fd(:)42 b(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f
(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)
g(:)f(:)h(:)f(:)134 b Fk(9)315 1768 y(1.6.1)94 b(Key)27
b(Exc)n(hange)f(Prop)r(erties)66 b Fd(:)42 b(:)g(:)f(:)h(:)f(:)h(:)f(:)
h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h
(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)134 b Fk(9)315 1868
y(1.6.2)94 b(ISAKMP)27 b(Requiremen)n(ts)66 b Fd(:)41
b(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f
(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(10)125 1968 y(1.7)83 b(ISAKMP)28 b(Protection)58
b Fd(:)42 b(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g
(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)
h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(10)315 2067 y(1.7.1)h(An)n
(ti-Clogging)26 b(\(Denial)i(of)g(Service\))35 b Fd(:)41
b(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h
(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(10)315
2167 y(1.7.2)h(Connection)27 b(Hijac)n(king)80 b Fd(:)42
b(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g
(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)
93 b Fk(11)315 2267 y(1.7.3)h(Man-in-the-Middle)27 b(A)n(ttac)n(ks)66
b Fd(:)42 b(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f
(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(11)125 2366 y(1.8)83 b(Multicast)28 b(Comm)n(unications)82
b Fd(:)41 b(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h
(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)
f(:)h(:)f(:)93 b Fk(11)0 2549 y Fe(2)77 b(T)-8 b(erminology)29
b(and)j(Concepts)2560 b(12)125 2648 y Fk(2.1)83 b(ISAKMP)28
b(T)-7 b(erminology)50 b Fd(:)42 b(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h
(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)
h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b
Fk(12)125 2748 y(2.2)83 b(ISAKMP)28 b(Placemen)n(t)61
b Fd(:)42 b(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g
(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)
h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(13)125 2848 y(2.3)83
b(Negotiation)27 b(Phases)41 b Fd(:)g(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h
(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)
f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(13)125 2947 y(2.4)83 b(Iden)n(tifying)28 b(Securit)n(y)f(Asso)r
(ciations)62 b Fd(:)42 b(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)
h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g
(:)f(:)h(:)f(:)93 b Fk(15)125 3047 y(2.5)83 b(Miscellaneous)47
b Fd(:)42 b(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f
(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)
g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(16)315
3147 y(2.5.1)h(T)-7 b(ransp)r(ort)27 b(Proto)r(col)32
b Fd(:)42 b(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f
(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)
g(:)f(:)h(:)f(:)93 b Fk(16)315 3246 y(2.5.2)h(RESER)-9
b(VED)27 b(Fields)33 b Fd(:)42 b(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)
f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f
(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(16)315
3346 y(2.5.3)h(An)n(ti-Clogging)26 b(T)-7 b(ok)n(en)27
b(\(\\Co)r(okie"\))f(Creation)50 b Fd(:)41 b(:)h(:)f(:)h(:)f(:)h(:)g(:)
f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(17)0 3528 y Fe(3)77 b(ISAKMP)32 b(P)m(a)m(yloads)2889
b(17)125 3628 y Fk(3.1)83 b(ISAKMP)28 b(Header)f(F)-7
b(ormat)84 b Fd(:)42 b(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g
(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)
h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(17)125 3728 y(3.2)83
b(Generic)28 b(P)n(a)n(yload)d(Header)53 b Fd(:)41 b(:)h(:)f(:)h(:)f(:)
h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h
(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(20)125 3827 y(3.3)83 b(Data)28 b(A)n(ttributes)h
Fd(:)41 b(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h
(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)
f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(20)125
3927 y(3.4)83 b(Securit)n(y)28 b(Asso)r(ciation)e(P)n(a)n(yload)67
b Fd(:)42 b(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f
(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)
h(:)f(:)93 b Fk(21)125 4027 y(3.5)83 b(Prop)r(osal)26
b(P)n(a)n(yload)36 b Fd(:)42 b(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g
(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)
h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(22)125 4126 y(3.6)83 b(T)-7 b(ransform)27 b(P)n(a)n(yload)44
b Fd(:)d(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)
g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f
(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(23)125 4226 y(3.7)83
b(Key)27 b(Exc)n(hange)f(P)n(a)n(yload)i Fd(:)42 b(:)f(:)h(:)f(:)h(:)f
(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)
h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(24)125 4325 y(3.8)83 b(Iden)n(ti\014cation)28 b(P)n(a)n(yload)68
b Fd(:)42 b(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f
(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)
f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(25)125 4425 y(3.9)83
b(Certi\014cate)28 b(P)n(a)n(yload)40 b Fd(:)h(:)h(:)g(:)f(:)h(:)f(:)h
(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)
f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(26)125 4525 y(3.10)41 b(Certi\014cate)28 b(Request)f(P)n(a)n
(yload)46 b Fd(:)41 b(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f
(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)
f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(27)125 4624 y(3.11)41
b(Hash)28 b(P)n(a)n(yload)42 b Fd(:)g(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f
(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)
g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f
(:)93 b Fk(28)125 4724 y(3.12)41 b(Signature)27 b(P)n(a)n(yload)73
b Fd(:)41 b(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h
(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)
f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(29)125 4824 y(3.13)41
b(Nonce)28 b(P)n(a)n(yload)66 b Fd(:)41 b(:)h(:)f(:)h(:)g(:)f(:)h(:)f
(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)
g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f
(:)93 b Fk(30)125 4923 y(3.14)41 b(Noti\014cation)28
b(P)n(a)n(yload)56 b Fd(:)42 b(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h
(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)
h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b
Fk(31)315 5023 y(3.14.1)52 b(Notify)28 b(Message)e(T)n(yp)r(es)58
b Fd(:)42 b(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f
(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)
h(:)f(:)93 b Fk(32)125 5122 y(3.15)41 b(Delete)29 b(P)n(a)n(yload)60
b Fd(:)41 b(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h
(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)
f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(33)125
5222 y(3.16)41 b(V)-7 b(endor)28 b(ID)g(P)n(a)n(yload)39
b Fd(:)i(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)
g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f
(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(35)0 5405 y Fe(4)77
b(ISAKMP)32 b(Exc)m(hanges)2822 b(36)0 5656 y Fk(Maughan,)27
b(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7 b(urner)498 b
(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)499 b([P)n(age)25
b(2])p eop
%%Page: 3 3
3 2 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)125 390 y(4.1)83 b(ISAKMP)28
b(Exc)n(hange)d(T)n(yp)r(es)39 b Fd(:)j(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f
(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)
g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(36)315
490 y(4.1.1)h(Notation)23 b Fd(:)41 b(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h
(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)
f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(37)125 589 y(4.2)83 b(Securit)n(y)28 b(Asso)r(ciation)e
(Establishmen)n(t)36 b Fd(:)42 b(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)
f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h
(:)g(:)f(:)h(:)f(:)93 b Fk(37)315 689 y(4.2.1)h(Securit)n(y)27
b(Asso)r(ciation)g(Establishmen)n(t)g(Examples)38 b Fd(:)j(:)h(:)f(:)h
(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)
f(:)93 b Fk(38)125 789 y(4.3)83 b(Securit)n(y)28 b(Asso)r(ciation)e(Mo)
r(di\014cation)31 b Fd(:)42 b(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h
(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)
h(:)g(:)f(:)h(:)f(:)93 b Fk(41)125 888 y(4.4)83 b(Base)27
b(Exc)n(hange)63 b Fd(:)41 b(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)
g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f
(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(41)125 988 y(4.5)83 b(Iden)n(tit)n(y)28 b(Protection)e(Exc)n
(hange)56 b Fd(:)42 b(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h
(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)
h(:)g(:)f(:)h(:)f(:)93 b Fk(42)125 1088 y(4.6)83 b(Authen)n(tication)28
b(Only)g(Exc)n(hange)64 b Fd(:)41 b(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g
(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)
h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(43)125 1187 y(4.7)83
b(Aggressiv)n(e)26 b(Exc)n(hange)44 b Fd(:)e(:)g(:)f(:)h(:)f(:)h(:)f(:)
h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h
(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(44)125 1287 y(4.8)83 b(Informational)27 b(Exc)n(hange)62
b Fd(:)41 b(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h
(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)
h(:)g(:)f(:)h(:)f(:)93 b Fk(45)0 1469 y Fe(5)77 b(ISAKMP)32
b(P)m(a)m(yload)h(Pro)s(cessing)2449 b(45)125 1569 y
Fk(5.1)83 b(General)27 b(Message)f(Pro)r(cessing)41 b
Fd(:)g(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f
(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)
h(:)f(:)93 b Fk(46)125 1669 y(5.2)83 b(ISAKMP)28 b(Header)f(Pro)r
(cessing)i Fd(:)41 b(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)
h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f
(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(46)125 1768 y(5.3)83 b(Generic)28
b(P)n(a)n(yload)d(Header)i(Pro)r(cessing)h Fd(:)42 b(:)f(:)h(:)f(:)h(:)
f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f
(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(47)125
1868 y(5.4)83 b(Securit)n(y)28 b(Asso)r(ciation)e(P)n(a)n(yload)f(Pro)r
(cessing)45 b Fd(:)c(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)
h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(48)125 1968 y(5.5)83 b(Prop)r(osal)26 b(P)n(a)n(yload)f(Pro)r
(cessing)78 b Fd(:)42 b(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h
(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)
h(:)g(:)f(:)h(:)f(:)93 b Fk(49)125 2067 y(5.6)83 b(T)-7
b(ransform)27 b(P)n(a)n(yload)e(Pro)r(cessing)c Fd(:)42
b(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g
(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)
93 b Fk(50)125 2167 y(5.7)83 b(Key)27 b(Exc)n(hange)f(P)n(a)n(yload)f
(Pro)r(cessing)70 b Fd(:)42 b(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f
(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)
g(:)f(:)h(:)f(:)93 b Fk(50)125 2267 y(5.8)83 b(Iden)n(ti\014cation)28
b(P)n(a)n(yload)d(Pro)r(cessing)45 b Fd(:)d(:)g(:)f(:)h(:)f(:)h(:)f(:)h
(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)
f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(51)125 2366 y(5.9)83
b(Certi\014cate)28 b(P)n(a)n(yload)d(Pro)r(cessing)82
b Fd(:)41 b(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h
(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)
f(:)93 b Fk(51)125 2466 y(5.10)41 b(Certi\014cate)28
b(Request)f(P)n(a)n(yload)e(Pro)r(cessing)e Fd(:)42 b(:)f(:)h(:)f(:)h
(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)
f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(52)125 2565 y(5.11)41
b(Hash)28 b(P)n(a)n(yload)d(Pro)r(cessing)20 b Fd(:)41
b(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h
(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)
f(:)h(:)f(:)93 b Fk(53)125 2665 y(5.12)41 b(Signature)27
b(P)n(a)n(yload)e(Pro)r(cessing)50 b Fd(:)42 b(:)f(:)h(:)g(:)f(:)h(:)f
(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)
g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(54)125
2765 y(5.13)41 b(Nonce)28 b(P)n(a)n(yload)d(Pro)r(cessing)43
b Fd(:)f(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)
h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g
(:)f(:)h(:)f(:)93 b Fk(54)125 2864 y(5.14)41 b(Noti\014cation)28
b(P)n(a)n(yload)d(Pro)r(cessing)34 b Fd(:)41 b(:)h(:)g(:)f(:)h(:)f(:)h
(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)
f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(55)125
2964 y(5.15)41 b(Delete)29 b(P)n(a)n(yload)c(Pro)r(cessing)37
b Fd(:)42 b(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f
(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)
g(:)f(:)h(:)f(:)93 b Fk(56)0 3147 y Fe(6)77 b(Conclusions)3184
b(58)0 3329 y(A)53 b(ISAKMP)32 b(Securit)m(y)g(Asso)s(ciation)f(A)m
(ttributes)1938 b(59)125 3429 y Fk(A.1)63 b(Bac)n(kground/Rationale)43
b Fd(:)f(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)
h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f
(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(59)125 3528 y(A.2)63 b(In)n(ternet)28
b(IP)f(Securit)n(y)g(DOI)h(Assigned)f(V)-7 b(alue)84
b Fd(:)42 b(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f
(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(59)125 3628 y(A.3)63 b(Supp)r(orted)28 b(Securit)n(y)f(Proto)r
(cols)56 b Fd(:)42 b(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)
f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h
(:)g(:)f(:)h(:)f(:)93 b Fk(59)125 3728 y(A.4)63 b(ISAKMP)28
b(Iden)n(ti\014cation)f(T)n(yp)r(e)h(V)-7 b(alues)63
b Fd(:)41 b(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h
(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(59)315 3827 y(A.4.1)74 b(ID)p 679 3827 25 4 v 30
w(IPV4)p 900 3827 V 30 w(ADDR)g Fd(:)41 b(:)h(:)f(:)h(:)f(:)h(:)g(:)f
(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)
f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(60)315 3927 y(A.4.2)74 b(ID)p 679 3927 V 30 w(IPV4)p
900 3927 V 30 w(ADDR)p 1179 3927 V 31 w(SUBNET)84 b Fd(:)42
b(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f
(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(60)315 4027 y(A.4.3)74 b(ID)p 679 4027 V 30 w(IPV6)p
900 4027 V 30 w(ADDR)g Fd(:)41 b(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)
h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g
(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(60)315
4126 y(A.4.4)74 b(ID)p 679 4126 V 30 w(IPV6)p 900 4126
V 30 w(ADDR)p 1179 4126 V 31 w(SUBNET)84 b Fd(:)42 b(:)f(:)h(:)f(:)h(:)
f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f
(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(60)0 4309
y Fe(B)57 b(De\014ning)31 b(a)h(new)g(Domain)e(of)i(In)m(terpretation)
1965 b(61)125 4408 y Fk(B.1)66 b(Situation)84 b Fd(:)42
b(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f
(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)
g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(61)125
4508 y(B.2)66 b(Securit)n(y)28 b(P)n(olicies)77 b Fd(:)42
b(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g
(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)
h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(61)125 4608 y(B.3)66
b(Naming)28 b(Sc)n(hemes)59 b Fd(:)42 b(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f
(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)
h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(62)125 4707 y(B.4)66 b(Syn)n(tax)28 b(for)f(Sp)r(ecifying)h
(Securit)n(y)f(Services)j Fd(:)42 b(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h
(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)
f(:)h(:)f(:)93 b Fk(62)125 4807 y(B.5)66 b(P)n(a)n(yload)26
b(Sp)r(eci\014cation)g Fd(:)42 b(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)
h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f
(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(62)125 4907 y(B.6)66 b(De\014ning)28 b(new)g(Exc)n(hange)e(T)n(yp)
r(es)j Fd(:)42 b(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)
h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g
(:)f(:)h(:)f(:)93 b Fk(62)0 5656 y(Maughan,)27 b(Sc)n(hertler,)f(Sc)n
(hneider,)i(T)-7 b(urner)498 b(draft-ietf-ipsec-isakmp-09.txt,)25
b(.ps)499 b([P)n(age)25 b(3])p eop
%%Page: 4 4
4 3 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y Ff(List)46 b(of)g(Figures)125
572 y Fk(1)148 b(ISAKMP)28 b(Relationships)82 b Fd(:)41
b(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h
(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)
f(:)h(:)f(:)93 b Fk(14)125 672 y(2)148 b(ISAKMP)28 b(Header)f(F)-7
b(ormat)84 b Fd(:)42 b(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g
(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)
h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(18)125 771 y(3)148
b(Generic)28 b(P)n(a)n(yload)d(Header)53 b Fd(:)41 b(:)h(:)f(:)h(:)f(:)
h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h
(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(20)125 871 y(4)148 b(Data)28 b(A)n(ttributes)h Fd(:)41
b(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h
(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)
f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(21)125 971 y(5)148
b(Securit)n(y)28 b(Asso)r(ciation)e(P)n(a)n(yload)67
b Fd(:)42 b(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f
(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)
h(:)f(:)93 b Fk(22)125 1070 y(6)148 b(Prop)r(osal)26
b(P)n(a)n(yload)f(F)-7 b(ormat)69 b Fd(:)42 b(:)f(:)h(:)f(:)h(:)g(:)f
(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)
f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(23)125 1170 y(7)148 b(T)-7 b(ransform)27 b(P)n(a)n(yload)e(F)-7
b(ormat)77 b Fd(:)41 b(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f
(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)
f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(24)125 1269 y(8)148 b(Key)27
b(Exc)n(hange)f(P)n(a)n(yload)f(F)-7 b(ormat)61 b Fd(:)41
b(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f
(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(25)125 1369 y(9)148 b(Iden)n(ti\014cation)28 b(P)n(a)n(yload)d(F)
-7 b(ormat)36 b Fd(:)42 b(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f
(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)
f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(26)125 1469 y(10)106
b(Certi\014cate)28 b(P)n(a)n(yload)d(F)-7 b(ormat)73
b Fd(:)41 b(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h
(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)
f(:)h(:)f(:)93 b Fk(27)125 1568 y(11)106 b(Certi\014cate)28
b(Request)f(P)n(a)n(yload)e(F)-7 b(ormat)79 b Fd(:)41
b(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h
(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(28)125 1668 y(12)106 b(Hash)28 b(P)n(a)n(yload)d(F)-7
b(ormat)75 b Fd(:)42 b(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f
(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)
h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(29)125 1768
y(13)106 b(Signature)27 b(P)n(a)n(yload)e(F)-7 b(ormat)41
b Fd(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)
h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g
(:)f(:)h(:)f(:)93 b Fk(29)125 1867 y(14)106 b(Nonce)28
b(P)n(a)n(yload)d(F)-7 b(ormat)34 b Fd(:)42 b(:)f(:)h(:)f(:)h(:)f(:)h
(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)
f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(30)125 1967 y(15)106 b(Noti\014cation)28 b(P)n(a)n(yload)d(F)-7
b(ormat)25 b Fd(:)41 b(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f
(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)
f(:)h(:)g(:)f(:)h(:)f(:)93 b Fk(31)125 2066 y(16)106
b(Delete)29 b(P)n(a)n(yload)c(F)-7 b(ormat)28 b Fd(:)42
b(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f
(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)
g(:)f(:)h(:)f(:)93 b Fk(34)125 2166 y(17)106 b(V)-7 b(endor)28
b(ID)g(P)n(a)n(yload)d(F)-7 b(ormat)72 b Fd(:)41 b(:)h(:)f(:)h(:)g(:)f
(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)h(:)
f(:)h(:)g(:)f(:)h(:)f(:)h(:)f(:)h(:)g(:)f(:)h(:)f(:)93
b Fk(36)0 5656 y(Maughan,)27 b(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)498 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)499
b([P)n(age)25 b(4])p eop
%%Page: 5 5
5 4 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y Ff(1)137 b(In)l(tro)t(duction)0
672 y Fk(This)44 b(do)r(cumen)n(t)h(describ)r(es)f(an)g(In)n(ternet)h
(Securit)n(y)f(Asso)r(ciation)f(and)i(Key)f(Managemen)n(t)f(Proto)r
(col)g(\(ISAKMP\).)0 771 y(ISAKMP)32 b(com)n(bines)g(the)h(securit)n(y)
e(concepts)h(of)g(authen)n(tication,)i(k)n(ey)d(managemen)n(t,)i(and)f
(securit)n(y)g(asso)r(ciations)e(to)0 871 y(establish)d(the)h(required)
f(securit)n(y)g(for)g(go)n(v)n(ernmen)n(t,)e(commercial,)i(and)g(priv)
-5 b(ate)28 b(comm)n(unications)e(on)h(the)h(In)n(ternet.)0
1070 y(The)d(In)n(ternet)g(Securit)n(y)f(Asso)r(ciation)g(and)h(Key)f
(Managemen)n(t)g(Proto)r(col)f(\(ISAKMP\))i(de\014nes)g(pro)r(cedures)e
(and)i(pac)n(k)n(et)0 1170 y(formats)j(to)h(establish,)f(negotiate,)h
(mo)r(dify)g(and)g(delete)g(Securit)n(y)f(Asso)r(ciations)f(\(SA\).)j
(SAs)f(con)n(tain)f(all)h(the)g(informa-)0 1269 y(tion)c(required)g
(for)g(execution)g(of)g(v)-5 b(arious)24 b(net)n(w)n(ork)g(securit)n(y)
g(services,)h(suc)n(h)g(as)g(the)g(IP)g(la)n(y)n(er)f(services)g(\(suc)
n(h)h(as)g(header)0 1369 y(authen)n(tication)k(and)h(pa)n(yload)e
(encapsulation\),)i(transp)r(ort)e(or)h(application)g(la)n(y)n(er)f
(services,)h(or)g(self-protection)g(of)g(ne-)0 1469 y(gotiation)g
(tra\016c.)44 b(ISAKMP)30 b(de\014nes)g(pa)n(yloads)e(for)i(exc)n
(hanging)e(k)n(ey)i(generation)f(and)h(authen)n(tication)f(data.)44
b(These)0 1568 y(formats)30 b(pro)n(vide)g(a)h(consisten)n(t)f(framew)n
(ork)f(for)i(transferring)e(k)n(ey)h(and)h(authen)n(tication)g(data)f
(whic)n(h)h(is)g(indep)r(enden)n(t)0 1668 y(of)d(the)g(k)n(ey)e
(generation)h(tec)n(hnique,)g(encryption)g(algorithm)g(and)g(authen)n
(tication)g(mec)n(hanism.)0 1867 y(ISAKMP)19 b(is)g(distinct)h(from)e
(k)n(ey)h(exc)n(hange)f(proto)r(cols)f(in)j(order)e(to)h(cleanly)f
(separate)g(the)h(details)g(of)g(securit)n(y)g(asso)r(ciation)0
1967 y(managemen)n(t)33 b(\(and)h(k)n(ey)f(managemen)n(t\))g(from)h
(the)g(details)g(of)g(k)n(ey)f(exc)n(hange.)54 b(There)34
b(ma)n(y)f(b)r(e)h(man)n(y)g(di\013eren)n(t)g(k)n(ey)0
2066 y(exc)n(hange)29 b(proto)r(cols,)i(eac)n(h)f(with)h(di\013eren)n
(t)g(securit)n(y)f(prop)r(erties.)46 b(Ho)n(w)n(ev)n(er,)30
b(a)h(common)f(framew)n(ork)f(is)i(required)f(for)0 2166
y(agreeing)c(to)i(the)h(format)e(of)i(SA)f(attributes,)g(and)g(for)g
(negotiating,)f(mo)r(difying,)i(and)f(deleting)g(SAs.)39
b(ISAKMP)28 b(serv)n(es)0 2266 y(as)f(this)h(common)f(framew)n(ork.)0
2465 y(Separating)22 b(the)h(functionalit)n(y)g(in)n(to)f(three)h
(parts)f(adds)h(complexit)n(y)f(to)h(the)g(securit)n(y)f(analysis)f(of)
i(a)g(complete)f(ISAKMP)0 2565 y(implemen)n(tation.)78
b(Ho)n(w)n(ev)n(er,)43 b(the)f(separation)e(is)h(critical)g(for)g(in)n
(terop)r(erabilit)n(y)f(b)r(et)n(w)n(een)h(systems)g(with)h
(di\013ering)0 2664 y(securit)n(y)27 b(requiremen)n(ts,)f(and)i(should)
f(also)g(simplify)h(the)g(analysis)e(of)h(further)h(ev)n(olution)f(of)g
(a)g(ISAKMP)h(serv)n(er.)0 2863 y(ISAKMP)33 b(is)g(in)n(tended)g(to)g
(supp)r(ort)g(the)h(negotiation)e(of)h(SAs)g(for)g(securit)n(y)f(proto)
r(cols)g(at)h(all)g(la)n(y)n(ers)e(of)i(the)g(net)n(w)n(ork)0
2963 y(stac)n(k)28 b(\(e.g.,)g(IPSEC,)g(TLS,)h(TLSP)-7
b(,)28 b(OSPF,)g(etc.\).)41 b(By)28 b(cen)n(tralizing)f(the)i
(managemen)n(t)f(of)g(the)h(securit)n(y)f(asso)r(ciations,)0
3063 y(ISAKMP)i(reduces)g(the)g(amoun)n(t)g(of)h(duplicated)f
(functionalit)n(y)h(within)g(eac)n(h)f(securit)n(y)f(proto)r(col.)44
b(ISAKMP)30 b(can)g(also)0 3162 y(reduce)d(connection)g(setup)h(time,)g
(b)n(y)g(negotiating)e(a)h(whole)h(stac)n(k)e(of)i(services)e(at)h
(once.)0 3362 y(The)c(remainder)f(of)h(section)g(1)f(establishes)h(the)
g(motiv)-5 b(ation)23 b(for)g(securit)n(y)f(negotiation)g(and)h
(outlines)g(the)g(ma)5 b(jor)22 b(comp)r(o-)0 3461 y(nen)n(ts)30
b(of)h(ISAKMP)-7 b(,)30 b(i.e.)45 b(Securit)n(y)30 b(Asso)r(ciations)f
(and)h(Managemen)n(t,)g(Authen)n(tication,)h(Public)g(Key)e
(Cryptograph)n(y)-7 b(,)0 3561 y(and)23 b(Miscellaneous)g(items.)36
b(Section)23 b(2)h(presen)n(ts)e(the)i(terminology)f(and)g(concepts)g
(asso)r(ciated)g(with)h(ISAKMP)-7 b(.)23 b(Section)0
3660 y(3)31 b(describ)r(es)f(the)i(di\013eren)n(t)f(ISAKMP)f(pa)n
(yload)g(formats.)46 b(Section)31 b(4)g(describ)r(es)f(ho)n(w)h(the)g
(pa)n(yloads)e(of)i(ISAKMP)g(are)0 3760 y(comp)r(osed)k(together)f(as)h
(exc)n(hange)f(t)n(yp)r(es)h(to)g(establish)g(securit)n(y)f(asso)r
(ciations)g(and)h(p)r(erform)g(k)n(ey)f(exc)n(hanges)g(in)h(an)0
3860 y(authen)n(ticated)e(manner.)51 b(Additionally)-7
b(,)34 b(securit)n(y)e(asso)r(ciation)f(mo)r(di\014cation,)j(deletion,)
g(and)e(error)f(noti\014cation)h(are)0 3959 y(discussed.)59
b(Section)35 b(5)g(describ)r(es)g(the)g(pro)r(cessing)f(of)h(eac)n(h)g
(pa)n(yload)e(within)j(the)g(con)n(text)f(of)g(ISAKMP)g(exc)n(hanges,)0
4059 y(including)30 b(error)d(handling)i(and)h(asso)r(ciated)e
(actions.)41 b(The)30 b(app)r(endices)f(pro)n(vide)f(the)i(attribute)g
(v)-5 b(alues)29 b(necessary)f(for)0 4159 y(ISAKMP)f(and)h(requiremen)n
(t)e(for)h(de\014ning)h(a)f(new)h(Domain)f(of)h(In)n(terpretation)e
(\(DOI\))j(within)f(ISAKMP)-7 b(.)0 4491 y Fj(1.1)112
b(Requiremen)m(ts)36 b(T)-9 b(erminology)0 4743 y Fk(The)25
b(k)n(eyw)n(ords)e(MUST,)j(MUST)g(NOT,)f(REQUIRED,)g(SHALL,)g(SHALL)h
(NOT,)f(SHOULD,)h(SHOULD)g(NOT,)f(REC-)0 4843 y(OMMENDED,)33
b(MA)-7 b(Y,)34 b(and)f(OPTIONAL,)g(when)g(they)h(app)r(ear)e(in)i
(this)f(do)r(cumen)n(t,)i(are)d(to)h(b)r(e)h(in)n(terpreted)f(as)f(de-)
0 4943 y(scrib)r(ed)27 b(in)h([RF)n(C-2119)n(].)0 5656
y(Maughan,)f(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7 b(urner)498
b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)499 b([P)n(age)25
b(5])p eop
%%Page: 6 6
6 5 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y Fj(1.2)112 b(The)38
b(Need)g(for)f(Negotiation)0 643 y Fk(ISAKMP)31 b(extends)h(the)h
(assertion)d(in)i([DO)n(W92)o(])g(that)g(authen)n(tication)g(and)f(k)n
(ey)h(exc)n(hanges)e(m)n(ust)i(b)r(e)g(com)n(bined)g(for)0
743 y(b)r(etter)26 b(securit)n(y)g(to)g(include)g(securit)n(y)f(asso)r
(ciation)g(exc)n(hanges.)34 b(The)26 b(securit)n(y)g(services)e
(required)i(for)f(comm)n(unications)0 842 y(dep)r(ends)32
b(on)f(the)g(individual)h(net)n(w)n(ork)e(con\014gurations)f(and)i(en)n
(vironmen)n(ts.)47 b(Organizations)29 b(are)h(setting)i(up)f(Virtual)0
942 y(Priv)-5 b(ate)20 b(Net)n(w)n(orks)f(\(VPN\),)j(also)e(kno)n(wn)g
(as)g(In)n(tranets,)i(that)f(will)g(require)f(one)g(set)h(of)g(securit)
n(y)f(functions)h(for)g(comm)n(uni-)0 1042 y(cations)j(within)h(the)g
(VPN)g(and)f(p)r(ossibly)g(man)n(y)g(di\013eren)n(t)h(securit)n(y)e
(functions)i(for)f(comm)n(unications)g(outside)g(the)h(VPN)0
1141 y(to)31 b(supp)r(ort)g(geographically)e(separate)h(organizational)
e(comp)r(onen)n(ts,)k(customers,)f(suppliers,)h(sub-con)n(tractors)c
(\(with)0 1241 y(their)c(o)n(wn)g(VPNs\),)h(go)n(v)n(ernmen)n(t,)d(and)
i(others.)35 b(Departmen)n(ts)24 b(within)h(large)e(organizations)e(ma)
n(y)j(require)f(a)g(n)n(um)n(b)r(er)h(of)0 1340 y(securit)n(y)h(asso)r
(ciations)f(to)i(separate)f(and)h(protect)g(data)f(\(e.g.)36
b(p)r(ersonnel)26 b(data,)g(compan)n(y)f(proprietary)f(data,)i
(medical\))0 1440 y(on)f(in)n(ternal)g(net)n(w)n(orks)e(and)i(other)g
(securit)n(y)f(asso)r(ciations)g(to)h(comm)n(unicate)f(within)i(the)g
(same)f(departmen)n(t.)35 b(Nomadic)0 1540 y(users)e(w)n(an)n(ting)f
(to)i(\\phone)f(home")g(represen)n(t)f(another)h(set)h(of)f(securit)n
(y)g(requiremen)n(ts.)54 b(These)33 b(requiremen)n(ts)g(m)n(ust)0
1639 y(b)r(e)28 b(temp)r(ered)f(with)h(bandwidth)g(c)n(hallenges.)36
b(Smaller)26 b(groups)g(of)i(p)r(eople)f(ma)n(y)g(meet)g(their)h
(securit)n(y)e(requiremen)n(ts)g(b)n(y)0 1739 y(setting)g(up)h(\\W)-7
b(ebs)26 b(of)h(T)-7 b(rust".)35 b(ISAKMP)26 b(exc)n(hanges)f(pro)n
(vide)g(these)i(assorted)e(net)n(w)n(orking)f(comm)n(unities)j(the)f
(abilit)n(y)0 1839 y(to)33 b(presen)n(t)g(p)r(eers)g(with)h(the)g
(securit)n(y)f(functionalit)n(y)g(that)h(the)g(user)f(supp)r(orts)g(in)
h(an)f(authen)n(ticated)g(and)g(protected)0 1938 y(manner)27
b(for)g(agreemen)n(t)f(up)r(on)i(a)f(common)g(set)h(of)g(securit)n(y)e
(attributes,)i(i.e.)37 b(an)27 b(in)n(terop)r(erable)f(securit)n(y)h
(asso)r(ciation.)0 2270 y Fj(1.3)112 b(What)38 b(can)g(b)s(e)g
(Negotiated?)0 2523 y Fk(Securit)n(y)g(asso)r(ciations)f(m)n(ust)h
(supp)r(ort)h(di\013eren)n(t)g(encryption)f(algorithms,)i(authen)n
(tication)e(mec)n(hanisms,)i(and)f(k)n(ey)0 2623 y(establishmen)n(t)d
(algorithms)g(for)g(other)g(securit)n(y)g(proto)r(cols,)h(as)f(w)n(ell)
g(as)g(IP)h(Securit)n(y)-7 b(.)63 b(Securit)n(y)36 b(asso)r(ciations)f
(m)n(ust)0 2722 y(also)26 b(supp)r(ort)g(host-orien)n(ted)g
(certi\014cates)g(for)g(lo)n(w)n(er)f(la)n(y)n(er)g(proto)r(cols)h(and)
g(user-orien)n(ted)f(certi\014cates)h(for)g(higher)h(lev)n(el)0
2822 y(proto)r(cols.)36 b(Algorithm)27 b(and)h(mec)n(hanism)f(indep)r
(endence)i(is)f(required)e(in)j(applications)d(suc)n(h)i(as)f(e-mail,)g
(remote)h(login,)0 2922 y(and)21 b(\014le)g(transfer,)h(as)e(w)n(ell)h
(as)g(in)g(session)f(orien)n(ted)h(proto)r(cols,)g(routing)f(proto)r
(cols,)h(and)g(link)h(la)n(y)n(er)d(proto)r(cols.)33
b(ISAKMP)0 3021 y(pro)n(vides)40 b(a)h(common)f(securit)n(y)h(asso)r
(ciation)e(and)i(k)n(ey)g(establishmen)n(t)g(proto)r(col)f(for)h(this)g
(wide)h(range)e(of)h(securit)n(y)0 3121 y(proto)r(cols,)26
b(applications,)h(securit)n(y)g(requiremen)n(ts,)f(and)i(net)n(w)n(ork)
e(en)n(vironmen)n(ts.)0 3320 y(ISAKMP)h(is)g(not)g(b)r(ound)h(to)f(an)n
(y)f(sp)r(eci\014c)h(cryptographic)e(algorithm,)i(k)n(ey)f(generation)g
(tec)n(hnique,)h(or)f(securit)n(y)h(mec)n(h-)0 3420 y(anism.)36
b(This)28 b(\015exibilit)n(y)f(is)g(b)r(ene\014cial)g(for)g(a)f(n)n(um)
n(b)r(er)h(of)g(reasons.)35 b(First,)27 b(it)h(supp)r(orts)f(the)g
(dynamic)g(comm)n(unications)0 3519 y(en)n(vironmen)n(t)i(describ)r(ed)
g(ab)r(o)n(v)n(e.)41 b(Second,)30 b(the)g(indep)r(endence)h(from)e(sp)r
(eci\014c)h(securit)n(y)e(mec)n(hanisms)h(and)g(algorithms)0
3619 y(pro)n(vides)g(a)h(forw)n(ard)f(migration)g(path)h(to)h(b)r
(etter)g(mec)n(hanisms)e(and)h(algorithms.)44 b(When)31
b(impro)n(v)n(ed)e(securit)n(y)h(mec)n(ha-)0 3719 y(nisms)f(are)f(dev)n
(elop)r(ed)h(or)f(new)h(attac)n(ks)f(against)g(curren)n(t)g(encryption)
h(algorithms,)f(authen)n(tication)h(mec)n(hanisms)f(and)0
3818 y(k)n(ey)g(exc)n(hanges)f(are)h(disco)n(v)n(ered,)g(ISAKMP)g(will)
i(allo)n(w)d(the)j(up)r(dating)f(of)g(the)g(algorithms)f(and)g(mec)n
(hanisms)h(without)0 3918 y(ha)n(ving)e(to)g(dev)n(elop)g(a)g
(completely)g(new)h(KMP)f(or)g(patc)n(h)g(the)h(curren)n(t)f(one.)0
4117 y(ISAKMP)i(has)g(basic)h(requiremen)n(ts)e(for)h(its)h(authen)n
(tication)f(and)h(k)n(ey)f(exc)n(hange)f(comp)r(onen)n(ts.)43
b(These)29 b(requiremen)n(ts)0 4217 y(guard)35 b(against)h(denial)g(of)
g(service,)i(repla)n(y)d(/)h(re\015ection,)j(man-in-the-middle,)f(and)e
(connection)g(hijac)n(king)g(attac)n(ks.)0 4316 y(This)h(is)g(imp)r
(ortan)n(t)g(b)r(ecause)g(these)g(are)g(the)g(t)n(yp)r(es)g(of)h(attac)
n(ks)e(that)h(are)f(targeted)h(against)f(proto)r(cols.)64
b(Complete)0 4416 y(Securit)n(y)27 b(Asso)r(ciation)g(\(SA\))i(supp)r
(ort,)e(whic)n(h)h(pro)n(vides)e(mec)n(hanism)i(and)f(algorithm)g
(indep)r(endence,)h(and)g(protection)0 4516 y(from)f(proto)r(col)g
(threats)g(are)f(the)i(strengths)f(of)h(ISAKMP)-7 b(.)0
4848 y Fj(1.4)112 b(Securit)m(y)37 b(Asso)s(ciations)f(and)i(Managemen)
m(t)0 5101 y Fk(A)31 b(Securit)n(y)f(Asso)r(ciation)g(\(SA\))i(is)f(a)f
(relationship)g(b)r(et)n(w)n(een)h(t)n(w)n(o)f(or)g(more)g(en)n(tities)
g(that)h(describ)r(es)g(ho)n(w)f(the)h(en)n(tities)0
5200 y(will)23 b(utilize)h(securit)n(y)e(services)g(to)h(comm)n
(unicate)f(securely)-7 b(.)34 b(This)23 b(relationship)g(is)g(represen)
n(ted)e(b)n(y)i(a)g(set)g(of)g(information)0 5300 y(that)31
b(can)g(b)r(e)g(considered)f(a)g(con)n(tract)g(b)r(et)n(w)n(een)h(the)g
(en)n(tities.)47 b(The)31 b(information)f(m)n(ust)h(b)r(e)h(agreed)d
(up)r(on)i(and)g(shared)0 5399 y(b)r(et)n(w)n(een)c(all)f(the)h(en)n
(tities.)37 b(Sometimes)27 b(the)g(information)f(alone)g(is)g(referred)
g(to)h(as)f(an)g(SA,)h(but)h(this)f(is)f(just)i(a)e(ph)n(ysical)0
5656 y(Maughan,)h(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)498 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)499
b([P)n(age)25 b(6])p eop
%%Page: 7 7
7 6 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y(instan)n(tiation)f(of)g(the)g
(existing)g(relationship.)35 b(The)27 b(existence)e(of)h(this)h
(relationship,)e(represen)n(ted)g(b)n(y)h(the)h(information,)0
490 y(is)21 b(what)h(pro)n(vides)d(the)j(agreed)e(up)r(on)i(securit)n
(y)e(information)h(needed)g(b)n(y)g(en)n(tities)h(to)f(securely)g(in)n
(terop)r(erate.)33 b(All)22 b(en)n(tities)0 589 y(m)n(ust)j(adhere)e
(to)i(the)g(SA)g(for)e(secure)h(comm)n(unications)g(to)g(b)r(e)h(p)r
(ossible.)35 b(When)26 b(accessing)d(SA)h(attributes,)i(en)n(tities)e
(use)0 689 y(a)29 b(p)r(oin)n(ter)g(or)g(iden)n(ti\014er)h(refered)f
(to)g(as)g(the)h(Securit)n(y)f(P)n(arameter)e(Index)j(\(SPI\).)g([RF)n
(C-1825)n(])g(pro)n(vides)e(details)h(on)h(IP)0 789 y(Securit)n(y)d
(Asso)r(ciations)g(\(SA\))h(and)g(Securit)n(y)f(P)n(arameter)e(Index)j
(\(SPI\))f(de\014nitions.)0 1104 y Fe(1.4.1)94 b(Securit)m(y)33
b(Asso)s(ciations)d(and)i(Registration)0 1357 y Fk(The)j(SA)g
(attributes)f(required)g(and)g(recommended)h(for)f(the)h(IP)f(Securit)n
(y)g(\(AH,)i(ESP\))e(are)f(de\014ned)i(in)g([RF)n(C-1825)n(].)0
1457 y(The)d(attributes)g(sp)r(eci\014ed)g(for)g(an)f(IP)h(Securit)n(y)
g(SA)g(include,)i(but)e(are)f(not)h(limited)h(to,)g(authen)n(tication)f
(mec)n(hanism,)0 1556 y(cryptographic)d(algorithm,)i(algorithm)f(mo)r
(de,)i(k)n(ey)e(length,)i(and)f(Initialization)g(V)-7
b(ector)31 b(\(IV\).)h(Other)e(proto)r(cols)g(that)0
1656 y(pro)n(vide)d(algorithm)h(and)g(mec)n(hanism)g(indep)r(enden)n(t)
h(securit)n(y)f(MUST)h(de\014ne)f(their)h(requiremen)n(ts)e(for)h(SA)h
(attributes.)0 1756 y(The)d(separation)f(of)h(ISAKMP)f(from)h(a)g(sp)r
(eci\014c)g(SA)g(de\014nition)h(is)f(imp)r(ortan)n(t)f(to)h(ensure)g
(ISAKMP)f(can)h(establish)g(SAs)0 1855 y(for)h(all)g(p)r(ossible)h
(securit)n(y)e(proto)r(cols)h(and)g(applications.)0 2054
y Fg(NOTE:)35 b Fk(See)h([IPDOI])h(for)f(a)g(discussion)g(of)g(SA)i
(attributes)e(that)h(should)f(b)r(e)i(considered)d(when)i(de\014ning)g
(a)f(securit)n(y)0 2154 y(proto)r(col)26 b(or)h(application.)0
2353 y(In)32 b(order)f(to)g(facilitate)h(easy)f(iden)n(ti\014cation)h
(of)g(sp)r(eci\014c)g(attributes)g(\(e.g.)49 b(a)32 b(sp)r(eci\014c)g
(encryption)f(algorithm\))g(among)0 2453 y(di\013eren)n(t)d(net)n(w)n
(ork)f(en)n(tites)i(the)f(attributes)h(m)n(ust)f(b)r(e)h(assigned)e
(iden)n(ti\014ers)h(and)g(these)g(iden)n(ti\014ers)g(m)n(ust)h(b)r(e)g
(registered)0 2553 y(b)n(y)34 b(a)g(cen)n(tral)f(authorit)n(y)-7
b(.)56 b(The)35 b(In)n(ternet)f(Assigned)g(Num)n(b)r(ers)g(Authorit)n
(y)g(\(IANA\))i(pro)n(vides)c(this)j(function)g(for)f(the)0
2652 y(In)n(ternet.)0 2968 y Fe(1.4.2)94 b(ISAKMP)32
b(Requiremen)m(ts)0 3220 y Fk(Securit)n(y)21 b(Asso)r(ciation)g(\(SA\))
i(establishmen)n(t)f(MUST)g(b)r(e)g(part)f(of)h(the)g(k)n(ey)f
(managemen)n(t)g(proto)r(col)g(de\014ned)h(for)f(IP)h(based)0
3320 y(net)n(w)n(orks.)50 b(The)32 b(SA)h(concept)g(is)f(required)g(to)
g(supp)r(ort)g(securit)n(y)g(proto)r(cols)f(in)i(a)f(div)n(erse)f(and)i
(dynamic)f(net)n(w)n(orking)0 3420 y(en)n(vironmen)n(t.)40
b(Just)29 b(as)f(authen)n(tication)h(and)g(k)n(ey)f(exc)n(hange)g(m)n
(ust)h(b)r(e)g(link)n(ed)g(to)g(pro)n(vide)f(assurance)f(that)i(the)h
(k)n(ey)e(is)0 3519 y(established)22 b(with)g(the)g(authen)n(ticated)g
(part)n(y)f([DO)n(W92)o(],)i(SA)g(establishmen)n(t)f(m)n(ust)g(b)r(e)g
(link)n(ed)g(with)g(the)g(authen)n(tication)0 3619 y(and)27
b(the)h(k)n(ey)f(exc)n(hange)f(proto)r(col.)0 3818 y(ISAKMP)35
b(pro)n(vides)f(the)h(proto)r(col)f(exc)n(hanges)g(to)h(establish)g(a)g
(securit)n(y)f(asso)r(ciation)g(b)r(et)n(w)n(een)h(negotiating)f(en)n
(tities)0 3918 y(follo)n(w)n(ed)21 b(b)n(y)g(the)h(establishmen)n(t)f
(of)h(a)f(securit)n(y)g(asso)r(ciation)f(b)n(y)h(these)h(negotiating)e
(en)n(tities)i(in)g(b)r(ehalf)g(of)f(some)g(proto)r(col)0
4017 y(\(e.g.)35 b(ESP/AH\).)22 b(First,)h(an)f(initial)g(proto)r(col)f
(exc)n(hange)g(allo)n(ws)g(a)g(basic)h(set)g(of)g(securit)n(y)f
(attributes)h(to)h(b)r(e)f(agreed)f(up)r(on.)0 4117 y(This)30
b(basic)g(set)h(pro)n(vides)e(protection)g(for)h(subsequen)n(t)h
(ISAKMP)f(exc)n(hanges.)43 b(It)31 b(also)e(indicates)i(the)f(authen)n
(tication)0 4217 y(metho)r(d)d(and)f(k)n(ey)g(exc)n(hange)f(that)h
(will)h(b)r(e)g(p)r(erformed)f(as)f(part)h(of)h(the)f(ISAKMP)g(proto)r
(col.)36 b(If)26 b(a)g(basic)g(set)h(of)f(securit)n(y)0
4316 y(attributes)i(is)h(already)e(in)i(place)f(b)r(et)n(w)n(een)h(the)
f(negotiating)g(serv)n(er)f(en)n(tities,)i(the)g(initial)g(ISAKMP)f
(exc)n(hange)f(ma)n(y)h(b)r(e)0 4416 y(skipp)r(ed)g(and)g(the)g
(establishmen)n(t)g(of)f(a)h(securit)n(y)f(asso)r(ciation)f(can)h(b)r
(e)i(done)e(directly)-7 b(.)38 b(After)28 b(the)g(basic)f(set)h(of)g
(securit)n(y)0 4516 y(attributes)d(has)g(b)r(een)h(agreed)e(up)r(on,)i
(initial)f(iden)n(tit)n(y)h(authen)n(ticated,)f(and)g(required)g(k)n
(eys)f(generated,)h(the)g(established)0 4615 y(SA)33
b(can)e(b)r(e)i(used)f(for)g(subsequen)n(t)f(comm)n(unications)g(b)n(y)
h(the)h(en)n(tit)n(y)f(that)g(in)n(v)n(ok)n(ed)f(ISAKMP)-7
b(.)32 b(The)g(basic)f(set)i(of)f(SA)0 4715 y(attributes)c(that)f(MUST)
i(b)r(e)f(implemen)n(ted)g(to)f(pro)n(vide)g(ISAKMP)g(in)n(terop)r
(erabilit)n(y)f(are)h(de\014ned)h(in)g(App)r(endix)g(A.)0
5047 y Fj(1.5)112 b(Authen)m(tication)0 5300 y Fk(A)28
b(v)n(ery)f(imp)r(ortan)n(t)h(step)g(in)g(establishing)f(secure)h(net)n
(w)n(ork)e(comm)n(unications)h(is)h(authen)n(tication)g(of)g(the)g(en)n
(tit)n(y)g(at)g(the)0 5399 y(other)33 b(end)h(of)g(the)g(comm)n
(unication.)55 b(Man)n(y)33 b(authen)n(tication)h(mec)n(hanisms)f(are)g
(a)n(v)-5 b(ailable.)54 b(Authen)n(tication)34 b(mec)n(ha-)0
5656 y(Maughan,)27 b(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)498 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)499
b([P)n(age)25 b(7])p eop
%%Page: 8 8
8 7 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y(nisms)32 b(fall)h(in)n(to)f(t)n(w)n
(o)g(catagories)e(of)i(strength)h(-)f(w)n(eak)f(and)i(strong.)50
b(Sending)32 b(cleartext)g(k)n(eys)g(or)f(other)h(unprotected)0
490 y(authen)n(ticating)24 b(information)g(o)n(v)n(er)f(a)i(net)n(w)n
(ork)e(is)h(w)n(eak,)h(due)g(to)f(the)h(threat)g(of)g(reading)e(them)i
(with)h(a)e(net)n(w)n(ork)f(sni\013er.)0 589 y(Additionally)-7
b(,)26 b(sending)e(one-w)n(a)n(y)f(hashed)i(p)r(o)r(orly-c)n(hosen)d(k)
n(eys)i(with)i(lo)n(w)e(en)n(trop)n(y)f(is)i(also)f(w)n(eak,)g(due)i
(to)e(the)i(threat)e(of)0 689 y(brute-force)i(guessing)g(attac)n(ks)g
(on)h(the)h(sni\013ed)g(messages.)35 b(While)28 b(passw)n(ords)d(can)i
(b)r(e)g(used)g(for)g(establishing)g(iden)n(tit)n(y)-7
b(,)0 789 y(they)31 b(are)e(not)h(considered)g(in)g(this)h(con)n(text)f
(b)r(ecause)g(of)g(recen)n(t)g(statemen)n(ts)g(from)g(the)g(In)n
(ternet)h(Arc)n(hitecture)f(Board)0 888 y([IAB].)56 b(Digital)34
b(signatures,)g(suc)n(h)g(as)f(the)i(Digital)e(Signature)h(Standard)f
(\(DSS\))i(and)f(the)g(Riv)n(est-Shamir-Adleman)0 988
y(\(RSA\))h(signature,)g(are)e(public)i(k)n(ey)e(based)h(strong)f
(authen)n(tication)g(mec)n(hanisms.)56 b(When)35 b(using)e(public)i(k)n
(ey)e(digital)0 1088 y(signatures)e(eac)n(h)g(en)n(tit)n(y)h(requires)e
(a)i(public)g(k)n(ey)g(and)g(a)f(priv)-5 b(ate)32 b(k)n(ey)-7
b(.)49 b(Certi\014cates)32 b(are)f(an)g(essen)n(tial)g(part)h(of)g(a)g
(digi-)0 1187 y(tal)g(signature)g(authen)n(tication)g(mec)n(hanism.)51
b(Certi\014cates)32 b(bind)h(a)f(sp)r(eci\014c)h(en)n(tit)n(y's)f(iden)
n(tit)n(y)h(\(b)r(e)g(it)g(host,)g(net)n(w)n(ork,)0 1287
y(user,)j(or)e(application\))g(to)h(its)g(public)g(k)n(eys)f(and)h(p)r
(ossibly)f(other)h(securit)n(y-related)d(information)j(suc)n(h)f(as)g
(privileges,)0 1386 y(clearances,)26 b(and)i(compartmen)n(ts.)37
b(Authen)n(tication)29 b(based)e(on)h(digital)g(signatures)e(requires)h
(a)h(trusted)g(third)g(part)n(y)f(or)0 1486 y(certi\014cate)33
b(authorit)n(y)f(to)g(create,)i(sign)f(and)f(prop)r(erly)g(distribute)i
(certi\014cates.)52 b(F)-7 b(or)33 b(more)f(detailed)h(information)f
(on)0 1586 y(digital)27 b(signatures,)g(suc)n(h)g(as)g(DSS)h(and)g
(RSA,)g(and)f(certi\014cates)g(see)g([Sc)n(hneier].)0
1901 y Fe(1.5.1)94 b(Certi\014cate)32 b(Authorities)0
2154 y Fk(Certi\014cates)c(require)f(an)i(infrastructure)e(for)h
(generation,)g(v)n(eri\014cation,)f(rev)n(o)r(cation,)g(managemen)n(t)h
(and)g(distribution.)0 2254 y(The)33 b(In)n(ternet)f(P)n(olicy)f
(Registration)g(Authorit)n(y)h(\(IPRA\))h([RF)n(C-1422)n(])g(has)f(b)r
(een)g(established)h(to)f(direct)g(this)h(infras-)0 2353
y(tructure)26 b(for)g(the)h(IETF.)f(The)g(IPRA)h(certi\014es)f(P)n
(olicy)f(Certi\014cation)g(Authorities)i(\(PCA\).)g(PCAs)e(con)n(trol)h
(Certi\014cate)0 2453 y(Authorities)h(\(CA\))i(whic)n(h)e(certify)g
(users)g(and)g(sub)r(ordinate)g(en)n(tities.)37 b(Curren)n(t)27
b(certi\014cate)f(related)h(w)n(ork)f(includes)i(the)0
2553 y(Domain)k(Name)h(System)g(\(DNS\))h(Securit)n(y)e(Extensions)f
([DNSSEC)q(])i(whic)n(h)f(will)h(pro)n(vide)e(signed)i(en)n(tit)n(y)f
(k)n(eys)g(in)h(the)0 2652 y(DNS.)g(The)f(Public)g(Key)f(Infrastucture)
g(\(PKIX\))h(w)n(orking)e(group)h(is)h(sp)r(ecifying)g(an)g(In)n
(ternet)f(pro\014le)h(for)f(X.509)g(cer-)0 2752 y(ti\014cates.)41
b(There)29 b(is)g(also)f(w)n(ork)g(going)g(on)g(in)i(industry)f(to)g
(dev)n(elop)f(X.500)g(Directory)g(Services)h(whic)n(h)g(w)n(ould)f(pro)
n(vide)0 2851 y(X.509)35 b(certi\014cates)f(to)i(users.)60
b(The)36 b(U.S.)g(P)n(ost)e(O\016ce)i(is)f(dev)n(eloping)g(a)g(\(CA\))h
(hierarc)n(h)n(y)-7 b(.)59 b(The)36 b(NIST)g(Public)g(Key)0
2951 y(Infrastructure)c(W)-7 b(orking)33 b(Group)g(has)g(also)f(b)r
(een)i(doing)e(w)n(ork)g(in)i(this)g(area.)53 b(The)33
b(DOD)h(Multi)g(Lev)n(el)f(Information)0 3051 y(System)j(Securit)n(y)f
(Initiativ)n(e)h(\(MISSI\))h(program)d(has)h(b)r(egun)h(deplo)n(ying)f
(a)h(certi\014cate)f(infrastructure)g(for)g(the)h(U.S.)0
3150 y(Go)n(v)n(ernmen)n(t.)54 b(Alternativ)n(ely)-7
b(,)35 b(if)f(no)g(infrastructure)e(exists,)j(the)g(PGP)d(W)-7
b(eb)35 b(of)e(T)-7 b(rust)34 b(certi\014cates)f(can)g(b)r(e)h(used)g
(to)0 3250 y(pro)n(vide)26 b(user)h(authen)n(tication)h(and)f(priv)-5
b(acy)27 b(in)h(a)f(comm)n(unit)n(y)g(of)h(users)e(who)i(kno)n(w)e(and)
i(trust)f(eac)n(h)g(other.)0 3565 y Fe(1.5.2)94 b(En)m(tit)m(y)32
b(Naming)0 3818 y Fk(An)h(en)n(tit)n(y's)f(name)g(is)g(its)h(iden)n
(tit)n(y)g(and)f(is)g(b)r(ound)h(to)f(its)h(public)f(k)n(eys)g(in)h
(certi\014cates.)50 b(The)32 b(CA)h(MUST)g(de\014ne)g(the)0
3918 y(naming)g(seman)n(tics)g(for)g(the)h(certi\014cates)e(it)i
(issues.)54 b(See)34 b(the)f(UNINETT)h(PCA)f(P)n(olicy)g(Statemen)n(ts)
g([Berge)o(])g(for)g(an)0 4017 y(example)f(of)g(ho)n(w)g(a)g(CA)h
(de\014nes)f(its)h(naming)f(p)r(olicy)-7 b(.)51 b(When)33
b(the)f(certi\014cate)g(is)h(v)n(eri\014ed,)f(the)h(name)f(is)h(v)n
(eri\014ed)e(and)0 4117 y(that)24 b(name)g(will)g(ha)n(v)n(e)e(meaning)
i(within)g(the)h(realm)e(of)g(that)i(CA.)f(An)g(example)f(is)h(the)g
(DNS)h(securit)n(y)e(extensions)g(whic)n(h)0 4217 y(mak)n(e)30
b(DNS)i(serv)n(ers)d(CAs)i(for)f(the)h(zones)g(and)f(no)r(des)h(they)g
(serv)n(e.)46 b(Resource)29 b(records)g(are)h(pro)n(vided)g(for)h
(public)g(k)n(eys)0 4316 y(and)23 b(signatures)e(on)i(those)f(k)n(eys.)
35 b(The)23 b(names)f(asso)r(ciated)g(with)h(the)h(k)n(eys)e(are)g(IP)g
(addresses)f(and)i(domain)g(names)f(whic)n(h)0 4416 y(ha)n(v)n(e)i
(meaning)g(to)h(en)n(tities)g(accessing)f(the)h(DNS)h(for)e(this)h
(information.)36 b(A)25 b(W)-7 b(eb)25 b(of)g(T)-7 b(rust)25
b(is)g(another)f(example.)36 b(When)0 4516 y(w)n(ebs)31
b(of)h(trust)g(are)f(set)h(up,)h(names)e(are)g(b)r(ound)h(with)h(the)f
(public)g(k)n(eys.)49 b(In)32 b(PGP)f(the)h(name)g(is)g(usually)f(the)h
(en)n(tit)n(y's)0 4615 y(e-mail)e(address)f(whic)n(h)i(has)f(meaning)g
(to)h(those,)g(and)f(only)h(those,)g(who)f(understand)g(e-mail.)46
b(Another)30 b(w)n(eb)g(of)h(trust)0 4715 y(could)c(use)h(an)f(en)n
(tirely)g(di\013eren)n(t)h(naming)f(sc)n(heme.)0 5030
y Fe(1.5.3)94 b(ISAKMP)32 b(Requiremen)m(ts)0 5283 y
Fk(Strong)d(authen)n(tication)g(MUST)h(b)r(e)g(pro)n(vided)e(on)h
(ISAKMP)g(exc)n(hanges.)41 b(Without)30 b(b)r(eing)g(able)f(to)g
(authen)n(ticate)h(the)0 5383 y(en)n(tit)n(y)35 b(at)g(the)g(other)g
(end,)i(the)f(Securit)n(y)e(Asso)r(ciation)g(\(SA\))j(and)d(session)g
(k)n(ey)h(established)g(are)f(susp)r(ect.)59 b(Without)0
5656 y(Maughan,)27 b(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)498 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)499
b([P)n(age)25 b(8])p eop
%%Page: 9 9
9 8 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y(authen)n(tication)32
b(y)n(ou)g(are)f(unable)h(to)h(trust)f(an)g(en)n(tit)n(y's)g(iden)n
(ti\014cation,)i(whic)n(h)e(mak)n(es)g(access)f(con)n(trol)g
(questionable.)0 490 y(While)f(encryption)e(\(e.g.)42
b(ESP\))29 b(and)g(in)n(tegrit)n(y)f(\(e.g.)41 b(AH\))30
b(will)g(protect)f(subsequen)n(t)f(comm)n(unications)h(from)f(passiv)n
(e)0 589 y(ea)n(v)n(esdropp)r(ers,)23 b(without)j(authen)n(tication)f
(it)h(is)f(p)r(ossible)h(that)f(the)h(SA)g(and)f(k)n(ey)g(ma)n(y)g(ha)n
(v)n(e)f(b)r(een)i(established)f(with)h(an)0 689 y(adv)n(ersary)f(who)i
(p)r(erformed)g(an)h(activ)n(e)e(man-in-the-middle)i(attac)n(k)f(and)g
(is)g(no)n(w)g(stealing)g(all)h(y)n(our)e(p)r(ersonal)g(data.)0
888 y(A)45 b(digital)g(signature)e(algorithm)h(MUST)h(b)r(e)g(used)g
(within)g(ISAKMP's)g(authen)n(tication)f(comp)r(onen)n(t.)88
b(Ho)n(w)n(ev)n(er,)0 988 y(ISAKMP)34 b(do)r(es)h(not)g(mandate)f(a)h
(sp)r(eci\014c)g(signature)e(algorithm)h(or)g(certi\014cate)g(authorit)
n(y)g(\(CA\).)i(ISAKMP)e(allo)n(ws)0 1088 y(an)24 b(en)n(tit)n(y)h
(initiating)f(comm)n(unications)g(to)g(indicate)h(whic)n(h)g(CAs)f(it)h
(supp)r(orts.)36 b(After)25 b(selection)f(of)g(a)g(CA,)h(the)g(proto)r
(col)0 1187 y(pro)n(vides)36 b(the)i(messages)d(required)i(to)g(supp)r
(ort)g(the)h(actual)f(authen)n(tication)f(exc)n(hange.)65
b(The)37 b(proto)r(col)g(pro)n(vides)e(a)0 1287 y(facilit)n(y)e(for)g
(iden)n(ti\014cation)g(of)g(di\013eren)n(t)g(certi\014cate)g
(authorities,)h(certi\014cate)f(t)n(yp)r(es)g(\(e.g.)53
b(X.509,)34 b(PK)n(CS)e(#7,)j(PGP)-7 b(,)0 1386 y(DNS)28
b(SIG)g(and)g(KEY)f(records\),)f(and)i(the)g(exc)n(hange)e(of)h(the)h
(certi\014cates)f(iden)n(ti\014ed.)0 1586 y(ISAKMP)i(utilizes)h
(digital)f(signatures,)g(based)g(on)g(public)h(k)n(ey)f(cryptograph)n
(y)-7 b(,)28 b(for)h(authen)n(tication.)42 b(There)29
b(are)g(other)0 1685 y(strong)21 b(authen)n(tication)g(systems)h(a)n(v)
-5 b(ailable,)21 b(whic)n(h)h(could)g(b)r(e)g(sp)r(eci\014ed)g(as)g
(additional)f(optional)g(authen)n(tication)h(mec)n(h-)0
1785 y(anisms)32 b(for)g(ISAKMP)-7 b(.)32 b(Some)h(of)f(these)h(authen)
n(tication)f(systems)g(rely)g(on)g(a)g(trusted)h(third)g(part)n(y)e
(called)h(a)h(k)n(ey)e(dis-)0 1885 y(tribution)f(cen)n(ter)g(\(KDC\))h
(to)f(distribute)h(secret)e(session)g(k)n(eys.)44 b(An)31
b(example)f(is)g(Kerb)r(eros,)f(where)h(the)h(trusted)f(third)0
1984 y(part)n(y)f(is)h(the)h(Kerb)r(eros)e(serv)n(er,)g(whic)n(h)h
(holds)g(secret)g(k)n(eys)f(for)h(all)g(clien)n(ts)g(and)g(serv)n(ers)e
(within)j(its)g(net)n(w)n(ork)d(domain.)0 2084 y(A)g(clien)n(t's)f(pro)
r(of)g(that)h(it)g(holds)g(its)f(secret)g(k)n(ey)g(pro)n(vides)f
(authen)n(ticaton)h(to)h(a)f(serv)n(er.)0 2283 y(The)j(ISAKMP)g(sp)r
(eci\014cation)g(do)r(es)g(not)g(sp)r(ecify)h(the)f(proto)r(col)f(for)h
(comm)n(unicating)g(with)g(the)h(trusted)f(third)h(parties)0
2383 y(\(TTP\))41 b(or)f(certi\014cate)h(directory)e(services.)76
b(These)41 b(proto)r(cols)f(are)g(de\014ned)h(b)n(y)g(the)g(TTP)g(and)f
(directory)g(service)0 2482 y(themselv)n(es)24 b(and)h(are)f(outside)h
(the)g(scop)r(e)g(of)g(this)g(sp)r(eci\014cation.)36
b(The)25 b(use)g(of)g(these)g(additional)f(services)g(and)h(proto)r
(cols)0 2582 y(will)j(b)r(e)g(describ)r(ed)f(in)h(a)f(Key)g(Exc)n
(hange)f(sp)r(eci\014c)i(do)r(cumen)n(t.)0 2914 y Fj(1.6)112
b(Public)36 b(Key)h(Cryptograph)m(y)0 3167 y Fk(Public)j(k)n(ey)f
(cryptograph)n(y)e(is)j(the)g(most)f(\015exible,)k(scalable,)f(and)d
(e\016cien)n(t)h(w)n(a)n(y)f(for)g(users)g(to)h(obtain)f(the)h(shared)0
3267 y(secrets)26 b(and)i(session)e(k)n(eys)g(needed)i(to)f(supp)r(ort)
g(the)h(large)e(n)n(um)n(b)r(er)h(of)g(w)n(a)n(ys)f(In)n(ternet)h
(users)g(will)g(in)n(terop)r(erate.)36 b(Man)n(y)0 3366
y(k)n(ey)k(generation)f(algorithms,)k(that)e(ha)n(v)n(e)e(di\013eren)n
(t)i(prop)r(erties,)i(are)d(a)n(v)-5 b(ailable)39 b(to)i(users)e(\(see)
i([DO)n(W92)o(],)j([ANSI)q(],)0 3466 y(and)28 b([Oakley)o(]\).)40
b(Prop)r(erties)27 b(of)h(k)n(ey)g(exc)n(hange)f(proto)r(cols)g
(include)i(the)g(k)n(ey)f(establishmen)n(t)g(metho)r(d,)h(authen)n
(tication,)0 3565 y(symmetry)-7 b(,)27 b(p)r(erfect)h(forw)n(ard)e
(secrecy)-7 b(,)27 b(and)g(bac)n(k)g(tra\016c)g(protection.)0
3765 y Fg(NOTE:)e Fk(Cryptographic)g(k)n(eys)g(can)i(protect)f
(information)g(for)g(a)h(considerable)e(length)i(of)g(time.)37
b(Ho)n(w)n(ev)n(er,)25 b(this)i(is)g(based)0 3864 y(on)f(the)h
(assumption)e(that)i(k)n(eys)e(used)h(for)g(protection)g(of)g(comm)n
(unications)f(are)g(destro)n(y)n(ed)g(after)h(use)g(and)g(not)g(k)n
(ept)h(for)0 3964 y(an)n(y)g(reason.)0 4279 y Fe(1.6.1)94
b(Key)32 b(Exc)m(hange)g(Prop)s(erties)0 4532 y(Key)d(Establishmen)m(t)
e(\(Key)i(Generation)g(/)g(Key)h(T)-8 b(ransp)s(ort\):)83
b Fk(The)25 b(t)n(w)n(o)g(common)g(metho)r(ds)g(of)h(using)f(public)0
4632 y(k)n(ey)h(cryptograph)n(y)e(for)i(k)n(ey)g(establishmen)n(t)h
(are)f(k)n(ey)g(transp)r(ort)f(and)i(k)n(ey)f(generation.)35
b(An)27 b(example)f(of)h(k)n(ey)f(transp)r(ort)0 4731
y(is)34 b(the)g(use)g(of)g(the)g(RSA)g(algorithm)f(to)h(encrypt)f(a)h
(randomly)f(generated)f(session)h(k)n(ey)g(\(for)h(encrypting)f
(subsequen)n(t)0 4831 y(comm)n(unications\))20 b(with)h(the)g(recipien)
n(t's)f(public)h(k)n(ey)-7 b(.)34 b(The)21 b(encrypted)f(random)f(k)n
(ey)h(is)h(then)g(sen)n(t)f(to)h(the)g(recipien)n(t,)g(who)0
4931 y(decrypts)26 b(it)h(using)f(his)h(priv)-5 b(ate)26
b(k)n(ey)-7 b(.)36 b(A)n(t)27 b(this)f(p)r(oin)n(t)h(b)r(oth)g(sides)f
(ha)n(v)n(e)g(the)g(same)g(session)g(k)n(ey)-7 b(,)26
b(ho)n(w)n(ev)n(er)e(it)j(w)n(as)f(created)0 5030 y(based)d(on)h(input)
h(from)e(only)h(one)f(side)h(of)g(the)g(comm)n(unications.)35
b(The)24 b(b)r(ene\014t)h(of)f(the)g(k)n(ey)f(transp)r(ort)g(metho)r(d)
i(is)e(that)i(it)0 5130 y(has)g(less)g(computational)g(o)n(v)n(erhead)f
(than)i(the)g(follo)n(wing)f(metho)r(d.)36 b(The)26 b(Di\016e-Hellman)g
(\(D-H\))h(algorithm)e(illustrates)0 5230 y(k)n(ey)i(generation)f
(using)h(public)h(k)n(ey)f(cryptograph)n(y)-7 b(.)35
b(The)28 b(D-H)g(algorithm)e(is)i(b)r(egun)g(b)n(y)f(t)n(w)n(o)g(users)
g(exc)n(hanging)f(public)0 5329 y(information.)42 b(Eac)n(h)29
b(user)g(then)h(mathematically)f(com)n(bines)g(the)h(other's)f(public)h
(information)f(along)g(with)h(their)g(o)n(wn)0 5656 y(Maughan,)d(Sc)n
(hertler,)f(Sc)n(hneider,)i(T)-7 b(urner)498 b
(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)499 b([P)n(age)25
b(9])p eop
%%Page: 10 10
10 9 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y(secret)h(information)g(to)h(compute)
g(a)f(shared)g(secret)g(v)-5 b(alue.)40 b(This)29 b(secret)f(v)-5
b(alue)29 b(can)f(b)r(e)h(used)g(as)f(a)h(session)e(k)n(ey)h(or)g(as)g
(a)0 490 y(k)n(ey)i(encryption)h(k)n(ey)f(for)g(encrypting)h(a)f
(randomly)g(generated)g(session)g(k)n(ey)-7 b(.)46 b(This)31
b(metho)r(d)h(generates)d(a)i(session)f(k)n(ey)0 589
y(based)25 b(on)f(public)i(and)f(secret)f(information)h(held)g(b)n(y)g
(b)r(oth)h(users.)35 b(The)25 b(b)r(ene\014t)h(of)f(the)g(D-H)h
(algorithm)e(is)h(that)g(the)h(k)n(ey)0 689 y(used)g(for)g(encrypting)f
(messages)g(is)g(based)h(on)g(information)f(held)i(b)n(y)e(b)r(oth)i
(users)e(and)h(the)g(indep)r(endence)h(of)f(k)n(eys)f(from)0
789 y(one)h(k)n(ey)g(exc)n(hange)f(to)h(another)g(pro)n(vides)f(p)r
(erfect)i(forw)n(ard)e(secrecy)-7 b(.)35 b(Detailed)27
b(descriptions)e(of)i(these)f(algorithms)f(can)0 888
y(b)r(e)34 b(found)g(in)h([Sc)n(hneier)o(].)56 b(There)33
b(are)g(a)g(n)n(um)n(b)r(er)h(of)g(v)-5 b(ariations)32
b(on)i(these)g(t)n(w)n(o)f(k)n(ey)g(generation)f(sc)n(hemes)h(and)h
(these)0 988 y(v)-5 b(ariations)26 b(do)i(not)f(necessarily)f(in)n
(terop)r(erate.)0 1298 y Fe(Key)48 b(Exc)m(hange)g(Authen)m(tication:)
83 b Fk(Key)41 b(exc)n(hanges)f(ma)n(y)g(b)r(e)i(authen)n(ticated)f
(during)g(the)h(proto)r(col)e(or)g(after)0 1398 y(proto)r(col)29
b(completion.)46 b(Authen)n(tication)31 b(of)g(the)g(k)n(ey)f(exc)n
(hange)f(during)i(the)g(proto)r(col)e(is)i(pro)n(vided)e(when)i(eac)n
(h)f(part)n(y)0 1498 y(pro)n(vides)39 b(pro)r(of)h(it)h(has)e(the)i
(secret)f(session)f(k)n(ey)h(b)r(efore)g(the)h(end)f(of)g(the)h(proto)r
(col.)74 b(Pro)r(of)39 b(can)h(b)r(e)h(pro)n(vided)e(b)n(y)0
1597 y(encrypting)c(kno)n(wn)h(data)f(in)h(the)h(secret)e(session)g(k)n
(ey)g(during)g(the)i(proto)r(col)d(exc)n(hange.)61 b(Authen)n(tication)
36 b(after)g(the)0 1697 y(proto)r(col)i(m)n(ust)i(o)r(ccur)e(in)i
(subsequen)n(t)f(comm)n(unications.)71 b(Authen)n(tication)40
b(during)e(the)i(proto)r(col)e(is)h(preferred)g(so)0
1796 y(subsequen)n(t)d(comm)n(unications)e(are)h(not)h(initiated)g(if)h
(the)f(secret)f(session)g(k)n(ey)g(is)h(not)g(established)f(with)h(the)
h(desired)0 1896 y(part)n(y)-7 b(.)0 2206 y Fe(Key)30
b(Exc)m(hange)g(Symmetry:)81 b Fk(A)26 b(k)n(ey)f(exc)n(hange)f(pro)n
(vides)g(symmetry)i(if)g(either)f(part)n(y)g(can)g(initiate)h(the)h
(exc)n(hange)0 2306 y(and)e(exc)n(hanged)f(messages)f(can)i(cross)f(in)
h(transit)g(without)g(a\013ecting)g(the)h(k)n(ey)e(that)i(is)f
(generated.)34 b(This)26 b(is)f(desirable)f(so)0 2406
y(that)29 b(computation)g(of)f(the)i(k)n(eys)e(do)r(es)g(not)h(require)
f(either)g(part)n(y)g(to)h(kno)n(w)f(who)h(initiated)g(the)g(exc)n
(hange.)39 b(While)30 b(k)n(ey)0 2505 y(exc)n(hange)19
b(symmetry)h(is)g(desirable,)h(symmetry)f(in)g(the)h(en)n(tire)f(k)n
(ey)g(managemen)n(t)f(proto)r(col)g(ma)n(y)h(pro)n(vide)f(a)h
(vulnerablit)n(y)0 2605 y(to)27 b(re\015ection)g(attac)n(ks.)0
2915 y Fe(P)m(erfect)35 b(F)-8 b(orw)m(ard)35 b(Secrecy:)84
b Fk(As)30 b(describ)r(ed)f(in)h([DO)n(W92)o(],)g(an)f(authen)n
(ticated)g(k)n(ey)g(exc)n(hange)f(proto)r(col)h(pro)n(vides)0
3015 y(p)r(erfect)f(forw)n(ard)d(secrecy)h(if)i(disclosure)e(of)h
(long-term)f(secret)h(k)n(eying)f(material)g(do)r(es)h(not)h
(compromise)d(the)j(secrecy)e(of)0 3115 y(the)i(exc)n(hanged)e(k)n(eys)
g(from)h(previous)f(comm)n(unications.)36 b(The)27 b(prop)r(ert)n(y)g
(of)g(p)r(erfect)g(forw)n(ard)f(secrecy)g(do)r(es)h(not)g(apply)0
3214 y(to)g(k)n(ey)g(exc)n(hange)g(without)h(authen)n(tication.)0
3525 y Fe(1.6.2)94 b(ISAKMP)32 b(Requiremen)m(ts)0 3777
y Fk(An)j(authen)n(ticated)f(k)n(ey)f(exc)n(hange)g(MUST)h(b)r(e)h
(supp)r(orted)f(b)n(y)f(ISAKMP)-7 b(.)34 b(Users)g(SHOULD)g(c)n(ho)r
(ose)f(additional)h(k)n(ey)0 3877 y(establishmen)n(t)e(algorithms)e
(based)h(on)g(their)h(requiremen)n(ts.)48 b(ISAKMP)31
b(do)r(es)h(not)f(sp)r(ecify)h(a)g(sp)r(eci\014c)f(k)n(ey)g(exc)n
(hange.)0 3977 y(Ho)n(w)n(ev)n(er,)19 b([IKE)o(])g(describ)r(es)f(a)h
(prop)r(osal)e(for)h(using)h(the)g(Oakley)f(k)n(ey)g(exc)n(hange)f
([Oakley)o(])i(in)g(conjunction)g(with)g(ISAKMP)-7 b(.)0
4076 y(Requiremen)n(ts)26 b(that)h(should)g(b)r(e)g(ev)-5
b(aluated)27 b(when)g(c)n(ho)r(osing)e(a)i(k)n(ey)f(establishmen)n(t)g
(algorithm)g(include)h(establishmen)n(t)0 4176 y(metho)r(d)33
b(\(generation)e(vs.)52 b(transp)r(ort\),)33 b(p)r(erfect)g(forw)n(ard)
e(secrecy)-7 b(,)33 b(computational)f(o)n(v)n(erhead,)f(k)n(ey)h(escro)
n(w,)g(and)h(k)n(ey)0 4276 y(strength.)h(Based)21 b(on)h(user)f
(requiremen)n(ts,)g(ISAKMP)g(allo)n(ws)g(an)g(en)n(tit)n(y)h
(initiating)f(comm)n(unications)g(to)g(indicate)h(whic)n(h)0
4375 y(k)n(ey)j(exc)n(hanges)f(it)i(supp)r(orts.)36 b(After)26
b(selection)f(of)g(a)h(k)n(ey)e(exc)n(hange,)h(the)h(proto)r(col)e(pro)
n(vides)h(the)h(messages)e(required)g(to)0 4475 y(supp)r(ort)j(the)h
(actual)f(k)n(ey)g(establishmen)n(t.)0 4802 y Fj(1.7)112
b(ISAKMP)37 b(Protection)0 5055 y Fe(1.7.1)94 b(An)m(ti-Clogging)30
b(\(Denial)h(of)h(Service\))0 5308 y Fk(Of)f(the)h(n)n(umerous)e
(securit)n(y)g(services)g(a)n(v)-5 b(ailable,)31 b(protection)f
(against)g(denial)h(of)g(service)f(alw)n(a)n(ys)f(seems)i(to)g(b)r(e)g
(one)g(of)0 5407 y(the)25 b(most)f(di\016cult)h(to)f(address.)35
b(A)24 b(\\co)r(okie")f(or)g(an)n(ti-clogging)f(tok)n(en)i(\(A)n(CT\))g
(is)h(aimed)f(at)g(protecting)f(the)i(computing)0 5656
y(Maughan,)i(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7 b(urner)477
b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478 b([P)n(age)26
b(10])p eop
%%Page: 11 11
11 10 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y(resources)c(from)h(attac)n(k)g
(without)i(sp)r(ending)f(excessiv)n(e)e(CPU)i(resources)d(to)j
(determine)g(its)g(authen)n(ticit)n(y)-7 b(.)36 b(An)26
b(exc)n(hange)0 490 y(prior)20 b(to)h(CPU-in)n(tensiv)n(e)f(public)i(k)
n(ey)f(op)r(erations)f(can)h(th)n(w)n(art)f(some)h(denial)g(of)g
(service)g(attempts)g(\(e.g.)35 b(simple)21 b(\015o)r(o)r(ding)0
589 y(with)30 b(b)r(ogus)g(IP)f(source)g(addresses\).)42
b(Absolute)30 b(protection)f(against)g(denial)g(of)h(service)f(is)h
(imp)r(ossible,)g(but)h(this)f(an)n(ti-)0 689 y(clogging)g(tok)n(en)g
(pro)n(vides)g(a)h(tec)n(hnique)h(for)e(making)h(it)h(easier)e(to)h
(handle.)48 b(The)32 b(use)f(of)g(an)g(an)n(ti-clogging)e(tok)n(en)i(w)
n(as)0 789 y(in)n(tro)r(duced)c(b)n(y)h(Karn)e(and)h(Simpson)h(in)g
([Karn)o(].)0 988 y(It)k(should)g(b)r(e)h(noted)f(that)g(in)h(the)f
(exc)n(hanges)f(sho)n(wn)g(in)h(section)g(4,)h(the)f(an)n(ti-clogging)e
(mec)n(hanism)i(should)g(b)r(e)g(used)0 1088 y(in)g(conjuction)f(with)h
(a)f(garbage-state)d(collection)j(mec)n(hanism;)i(an)e(attac)n(k)n(er)f
(can)h(still)g(\015o)r(o)r(d)h(a)f(serv)n(er)e(using)i(pac)n(k)n(ets)0
1187 y(with)j(b)r(ogus)f(IP)g(addresses)f(and)h(cause)f(state)i(to)f(b)
r(e)h(created.)53 b(Suc)n(h)34 b(aggressiv)n(e)c(memory)j(managemen)n
(t)f(tec)n(hniques)0 1287 y(SHOULD)j(b)r(e)f(emplo)n(y)n(ed)f(b)n(y)h
(proto)r(cols)e(using)i(ISAKMP)f(that)i(do)e(not)h(go)f(through)g(an)h
(initial,)i(an)n(ti-clogging)31 b(only)0 1386 y(phase,)c(as)g(w)n(as)g
(done)g(in)h([Karn)o(].)0 1702 y Fe(1.7.2)94 b(Connection)31
b(Hijac)m(king)0 1955 y Fk(ISAKMP)24 b(prev)n(en)n(ts)f(connection)h
(hijac)n(king)f(b)n(y)h(linking)g(the)h(authen)n(tication,)f(k)n(ey)g
(exc)n(hange)e(and)i(securit)n(y)g(asso)r(ciation)0 2054
y(exc)n(hanges.)34 b(This)22 b(linking)h(prev)n(en)n(ts)e(an)h(attac)n
(k)n(er)f(from)h(allo)n(wing)g(the)h(authen)n(tication)f(to)g(complete)
h(and)f(then)i(jumping)0 2154 y(in)k(and)f(imp)r(ersonating)g(one)g(en)
n(tit)n(y)h(to)f(the)h(other)f(during)g(the)h(k)n(ey)f(and)h(securit)n
(y)e(asso)r(ciation)g(exc)n(hanges.)0 2469 y Fe(1.7.3)94
b(Man-in-the-Middle)29 b(A)m(ttac)m(ks)0 2722 y Fk(Man-in-the-Middle)e
(attac)n(ks)e(include)i(in)n(terception,)g(insertion,)f(deletion,)h
(and)g(mo)r(di\014cation)g(of)f(messages,)g(re\015ecting)0
2822 y(messages)31 b(bac)n(k)g(at)h(the)h(sender,)g(repla)n(ying)d(old)
i(messages)f(and)h(redirecting)f(messages.)49 b(ISAKMP)32
b(features)g(prev)n(en)n(t)0 2922 y(these)e(t)n(yp)r(es)f(of)h(attac)n
(ks)f(from)g(b)r(eing)h(successful.)43 b(The)29 b(linking)h(of)g(the)g
(ISAKMP)f(exc)n(hanges)f(prev)n(en)n(ts)h(the)h(insertion)0
3021 y(of)f(messages)f(in)i(the)g(proto)r(col)e(exc)n(hange.)41
b(The)29 b(ISAKMP)h(proto)r(col)e(state)h(mac)n(hine)g(is)g(de\014ned)h
(so)f(deleted)h(messages)0 3121 y(will)d(not)f(cause)f(a)h(partial)g
(SA)h(to)f(b)r(e)g(created,)g(the)h(state)f(mac)n(hine)g(will)h(clear)e
(all)h(state)g(and)g(return)g(to)g(idle.)37 b(The)26
b(state)0 3220 y(mac)n(hine)32 b(also)e(prev)n(en)n(ts)h(re\015ection)h
(of)g(a)f(message)g(from)h(causing)f(harm.)49 b(The)32
b(requiremen)n(t)f(for)h(a)f(new)h(co)r(okie)g(with)0
3320 y(time)f(v)-5 b(arian)n(t)29 b(material)g(for)g(eac)n(h)h(new)g
(SA)h(establishmen)n(t)e(prev)n(en)n(ts)g(attac)n(ks)g(that)i(in)n(v)n
(olv)n(e)d(repla)n(ying)h(old)h(messages.)0 3420 y(The)f(ISAKMP)f
(strong)g(authen)n(tication)g(requiremen)n(t)g(prev)n(en)n(ts)f(an)i
(SA)g(from)f(b)r(eing)h(established)f(with)i(an)n(y)n(one)d(other)0
3519 y(than)h(the)h(in)n(tended)g(part)n(y)-7 b(.)38
b(Messages)26 b(ma)n(y)i(b)r(e)h(redirected)e(to)h(a)g(di\013eren)n(t)h
(destination)f(or)f(mo)r(di\014ed)i(but)g(this)f(will)h(b)r(e)0
3619 y(detected)g(and)g(an)f(SA)i(will)f(not)f(b)r(e)h(established.)41
b(The)28 b(ISAKMP)h(sp)r(eci\014cation)f(de\014nes)h(where)f(abnormal)g
(pro)r(cessing)0 3719 y(has)f(o)r(ccurred)g(and)g(recommends)g
(notifying)g(the)h(appropriate)e(part)n(y)h(of)g(this)h(abnormalit)n(y)
-7 b(.)0 4051 y Fj(1.8)112 b(Multicast)36 b(Comm)m(unications)0
4303 y Fk(It)e(is)f(exp)r(ected)h(that)f(m)n(ulticast)h(comm)n
(unications)e(will)h(require)g(the)g(same)g(securit)n(y)g(services)f
(as)g(unicast)i(comm)n(uni-)0 4403 y(cations)i(and)i(ma)n(y)e(in)n(tro)
r(duce)h(the)h(need)f(for)g(additional)f(securit)n(y)h(services.)64
b(The)38 b(issues)e(of)i(distributing)f(SPIs)g(for)0
4503 y(m)n(ulticast)f(tra\016c)g(are)f(presen)n(ted)g(in)i([RF)n
(C-1825)m(].)63 b(Multicast)36 b(securit)n(y)f(issues)h(are)f(also)g
(discussed)h(in)g([RF)n(C-1949)n(])0 4602 y(and)31 b([BC].)48
b(A)32 b(future)f(extension)g(to)g(ISAKMP)g(will)h(supp)r(ort)f(m)n
(ulticast)g(k)n(ey)g(distribution.)48 b(F)-7 b(or)30
b(an)h(in)n(tro)r(duction)g(to)0 4702 y(the)d(issues)f(related)g(to)h
(m)n(ulticast)f(securit)n(y)-7 b(,)27 b(consult)h(the)g(In)n(ternet)g
(Drafts,)f([RF)n(C-2094)n(])h(and)f([RF)n(C-2093)n(],)h(describing)0
4802 y(Sparta's)f(researc)n(h)e(in)j(this)g(area.)0 5656
y(Maughan,)f(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7 b(urner)477
b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478 b([P)n(age)26
b(11])p eop
%%Page: 12 12
12 11 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y Ff(2)137 b(T)-11 b(erminology)44
b(and)i(Concepts)0 688 y Fj(2.1)112 b(ISAKMP)37 b(T)-9
b(erminology)0 941 y Fe(Securit)m(y)46 b(Proto)s(col:)82
b Fk(A)40 b(Securit)n(y)e(Proto)r(col)g(consists)g(of)h(an)g(en)n(tit)n
(y)g(at)g(a)f(single)h(p)r(oin)n(t)g(in)h(the)f(net)n(w)n(ork)f(stac)n
(k,)0 1041 y(p)r(erforming)c(a)f(securit)n(y)h(service)f(for)h(net)n(w)
n(ork)f(comm)n(unication.)56 b(F)-7 b(or)34 b(example,)i(IPSEC)d(ESP)h
(and)g(IPSEC)f(AH)i(are)0 1140 y(t)n(w)n(o)c(di\013eren)n(t)h(securit)n
(y)e(proto)r(cols.)48 b(TLS)31 b(is)h(another)f(example.)48
b(Securit)n(y)31 b(Proto)r(cols)f(ma)n(y)h(p)r(erform)g(more)g(than)g
(one)0 1240 y(service,)c(for)g(example)g(pro)n(viding)f(in)n(tegrit)n
(y)h(and)g(con\014den)n(tialit)n(y)g(in)h(one)f(mo)r(dule.)0
1555 y Fe(Protection)40 b(Suite:)82 b Fk(A)35 b(protection)f(suite)h
(is)g(a)f(list)i(of)e(the)h(securit)n(y)f(services)g(that)h(m)n(ust)g
(b)r(e)g(applied)g(b)n(y)f(v)-5 b(arious)0 1655 y(securit)n(y)32
b(proto)r(cols.)53 b(F)-7 b(or)33 b(example,)h(a)f(protection)g(suite)h
(ma)n(y)e(consist)h(of)g(DES)h(encryption)f(in)g(IP)g(ESP)-7
b(,)33 b(and)g(k)n(ey)n(ed)0 1755 y(MD5)28 b(in)g(IP)f(AH.)h(All)g(of)g
(the)g(protections)f(in)h(a)f(suite)h(m)n(ust)g(b)r(e)g(treated)f(as)g
(a)g(single)h(unit.)37 b(This)28 b(is)g(necessary)d(b)r(ecause)0
1854 y(securit)n(y)k(services)f(in)i(di\013eren)n(t)g(securit)n(y)f
(proto)r(cols)g(can)g(ha)n(v)n(e)g(subtle)h(in)n(teractions,)f(and)h
(the)g(e\013ects)g(of)g(a)f(suite)h(m)n(ust)0 1954 y(b)r(e)e(analyzed)f
(and)g(v)n(eri\014ed)g(as)g(a)g(whole.)0 2269 y Fe(Securit)m(y)i(Asso)s
(ciation)f(\(SA\):)83 b Fk(A)25 b(Securit)n(y)f(Asso)r(ciation)g(is)g
(a)h(securit)n(y-proto)r(col-sp)r(eci\014c)c(set)k(of)g(parameters)e
(that)0 2369 y(completely)f(de\014nes)f(the)i(services)d(and)i(mec)n
(hanisms)f(necessary)f(to)i(protect)f(tra\016c)g(at)h(that)g(securit)n
(y)f(proto)r(col)g(lo)r(cation.)0 2469 y(These)31 b(parameters)e(can)i
(include)g(algorithm)f(iden)n(ti\014ers,)i(mo)r(des,)f(cryptographic)e
(k)n(eys,)i(etc.)48 b(The)31 b(SA)g(is)g(referred)f(to)0
2568 y(b)n(y)d(its)h(asso)r(ciated)e(securit)n(y)h(proto)r(col)f(\(for)
i(example,)f(\\ISAKMP)g(SA",)g(\\ESP)g(SA",)g(\\TLS)h(SA"\).)0
2884 y Fe(ISAKMP)40 b(SA:)83 b Fk(An)35 b(SA)g(used)g(b)n(y)f(the)h
(ISAKMP)g(serv)n(ers)d(to)j(protect)f(their)h(o)n(wn)f(tra\016c.)57
b(Sections)35 b(2.3)e(and)i(2.4)0 2983 y(pro)n(vide)26
b(more)h(details)h(ab)r(out)f(ISAKMP)g(SAs.)0 3299 y
Fe(Securit)m(y)43 b(P)m(arameter)g(Index)f(\(SPI\):)83
b Fk(An)37 b(iden)n(ti\014er)g(for)f(a)g(Securit)n(y)g(Asso)r(cation,)i
(relativ)n(e)e(to)g(some)g(securit)n(y)0 3398 y(proto)r(col.)58
b(Eac)n(h)33 b(securit)n(y)h(proto)r(col)g(has)h(its)g(o)n(wn)f
(\\SPI-space".)56 b(A)36 b(\(securit)n(y)e(proto)r(col,)i(SPI\))f(pair)
f(ma)n(y)g(uniquely)0 3498 y(iden)n(tify)g(an)g(SA.)g(The)g(uniqueness)
g(of)g(the)g(SPI)g(is)f(implemen)n(tation)h(dep)r(enden)n(t,)j(but)d
(could)g(b)r(e)g(based)f(p)r(er)h(system,)0 3598 y(p)r(er)d(proto)r
(col,)g(or)g(other)f(options.)48 b(Dep)r(ending)32 b(on)f(the)g(DOI,)h
(additional)e(information)h(\(e.g.)48 b(host)31 b(address\))f(ma)n(y)h
(b)r(e)0 3697 y(necessary)23 b(to)h(iden)n(tify)h(an)f(SA.)g(The)h(DOI)
f(will)h(also)e(determine)h(whic)n(h)h(SPIs)e(\(i.e.)37
b(initiator's)23 b(or)h(resp)r(onder's\))f(are)g(sen)n(t)0
3797 y(during)k(comm)n(unication.)0 4112 y Fe(Domain)g(of)i(In)m
(terpretation:)84 b Fk(A)25 b(Domain)g(of)g(In)n(terpretation)f
(\(DOI\))i(de\014nes)f(pa)n(yload)f(formats,)g(exc)n(hange)g(t)n(yp)r
(es,)0 4212 y(and)36 b(con)n(v)n(en)n(tions)d(for)j(naming)f(securit)n
(y-relev)-5 b(an)n(t)34 b(information)h(suc)n(h)g(as)g(securit)n(y)g(p)
r(olicies)g(or)g(cryptographic)f(algo-)0 4312 y(rithms)22
b(and)h(mo)r(des.)35 b(A)23 b(Domain)f(of)g(In)n(terpretation)g
(\(DOI\))h(iden)n(ti\014er)f(is)h(used)f(to)h(in)n(terpret)e(the)i(pa)n
(yloads)e(of)h(ISAKMP)0 4411 y(pa)n(yloads.)43 b(A)31
b(system)f(SHOULD)h(supp)r(ort)f(m)n(ultiple)h(Domains)f(of)g(In)n
(terpretation)f(sim)n(ultaneously)-7 b(.)45 b(The)30
b(concept)g(of)0 4511 y(a)h(DOI)h(is)f(based)g(on)g(previous)g(w)n(ork)
f(b)n(y)h(the)h(TSIG)f(CIPSO)g(W)-7 b(orking)31 b(Group,)h(but)g
(extends)f(b)r(ey)n(ond)g(securit)n(y)g(lab)r(el)0 4610
y(in)n(terpretation)c(to)g(include)h(naming)f(and)h(in)n(terpretation)e
(of)i(securit)n(y)e(services.)36 b(A)28 b(DOI)g(de\014nes:)125
4893 y Fc(\017)41 b Fk(A)27 b(\\situation":)36 b(the)28
b(set)g(of)f(information)g(that)h(will)g(b)r(e)g(used)g(to)f(determine)
h(the)g(required)e(securit)n(y)h(services.)125 5059 y
Fc(\017)41 b Fk(The)27 b(set)h(of)f(securit)n(y)g(p)r(olicies)g(that)h
(m)n(ust,)g(and)g(ma)n(y)-7 b(,)27 b(b)r(e)h(supp)r(orted.)125
5225 y Fc(\017)41 b Fk(A)27 b(syn)n(tax)g(for)g(the)h(sp)r
(eci\014cation)f(of)h(prop)r(osed)f(securit)n(y)f(services.)0
5656 y(Maughan,)h(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(12])p eop
%%Page: 13 13
13 12 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)125 390 y Fc(\017)41 b Fk(A)d(sc)n(heme)h
(for)f(naming)g(securit)n(y-relev)-5 b(an)n(t)36 b(information,)41
b(including)e(encryption)f(algorithms,)i(k)n(ey)e(exc)n(hange)208
490 y(algorithms,)26 b(securit)n(y)h(p)r(olicy)g(attributes,)h(and)f
(certi\014cate)g(authorities.)125 656 y Fc(\017)41 b
Fk(The)27 b(sp)r(eci\014c)h(formats)f(of)g(the)h(v)-5
b(arious)27 b(pa)n(yload)f(con)n(ten)n(ts.)125 822 y
Fc(\017)41 b Fk(Additional)27 b(exc)n(hange)g(t)n(yp)r(es,)g(if)h
(required.)0 1104 y(The)e(rules)f(for)g(the)g(IETF)h(IP)f(Securit)n(y)g
(DOI)g(are)g(presen)n(ted)g(in)h([IPDOI)o(].)37 b(Sp)r(eci\014cations)
25 b(of)g(the)h(rules)f(for)g(customized)0 1204 y(DOIs)i(will)h(b)r(e)g
(presen)n(ted)f(in)h(separate)e(do)r(cumen)n(ts.)0 1519
y Fe(Situation:)82 b Fk(A)28 b(situation)g(con)n(tains)e(all)i(of)f
(the)h(securit)n(y-relev)-5 b(an)n(t)26 b(information)h(that)h(a)f
(system)g(considers)g(necessary)0 1619 y(to)j(decide)g(the)h(securit)n
(y)e(services)f(required)i(to)g(protect)f(the)i(session)e(b)r(eing)h
(negotiated.)43 b(The)30 b(situation)g(ma)n(y)g(include)0
1718 y(addresses,)c(securit)n(y)h(classi\014cations,)f(mo)r(des)h(of)h
(op)r(eration)e(\(normal)h(vs.)37 b(emergency\),)26 b(etc.)0
2034 y Fe(Prop)s(osal:)82 b Fk(A)33 b(prop)r(osal)f(is)h(a)g(list,)i
(in)f(decreasing)d(order)h(of)h(preference,)h(of)g(the)f(protection)g
(suites)g(that)g(a)g(system)0 2134 y(considers)26 b(acceptable)h(to)h
(protect)f(tra\016c)g(under)g(a)h(giv)n(en)e(situation.)0
2449 y Fe(P)m(a)m(yload:)84 b Fk(ISAKMP)18 b(de\014nes)h(sev)n(eral)e
(t)n(yp)r(es)h(of)h(pa)n(yloads,)g(whic)n(h)f(are)g(used)g(to)h
(transfer)f(information)g(suc)n(h)g(as)g(securit)n(y)0
2549 y(asso)r(ciation)32 b(data,)j(or)e(k)n(ey)h(exc)n(hange)e(data,)j
(in)f(DOI-de\014ned)g(formats.)56 b(A)34 b(pa)n(yload)e(consists)h(of)h
(a)g(generic)f(pa)n(yload)0 2648 y(header)39 b(and)h(a)g(string)g(of)g
(o)r(ctects)g(that)h(is)f(opaque)f(to)h(ISAKMP)-7 b(.)40
b(ISAKMP)g(uses)g(DOI-sp)r(eci\014c)g(functionalit)n(y)g(to)0
2748 y(syn)n(thesize)31 b(and)g(in)n(terpret)f(these)h(pa)n(yloads.)46
b(Multiple)32 b(pa)n(yloads)e(can)g(b)r(e)i(sen)n(t)f(in)h(a)e(single)h
(ISAKMP)g(message.)46 b(See)0 2847 y(section)29 b(3)g(for)f(more)h
(details)g(on)g(the)g(pa)n(yload)f(t)n(yp)r(es,)i(and)f([IPDOI)o(])h
(for)f(the)g(formats)g(of)g(the)h(IETF)e(IP)h(Securit)n(y)g(DOI)0
2947 y(pa)n(yloads.)0 3263 y Fe(Exc)m(hange)f(T)m(yp)s(e:)83
b Fk(An)23 b(exc)n(hange)f(t)n(yp)r(e)h(is)g(a)g(sp)r(eci\014cation)g
(of)g(the)g(n)n(um)n(b)r(er)g(of)g(messages)f(in)h(an)g(ISAKMP)f(exc)n
(hange,)0 3362 y(and)35 b(the)h(pa)n(yload)e(t)n(yp)r(es)i(that)f(are)g
(con)n(tained)g(in)g(eac)n(h)g(of)h(those)f(messages.)59
b(Eac)n(h)34 b(exc)n(hange)g(t)n(yp)r(e)i(is)f(designed)g(to)0
3462 y(pro)n(vide)23 b(a)g(particular)f(set)i(of)f(securit)n(y)g
(services,)g(suc)n(h)h(as)f(anon)n(ymit)n(y)f(of)i(the)g(participan)n
(ts,)g(p)r(erfect)g(forw)n(ard)e(secrecy)g(of)0 3561
y(the)30 b(k)n(eying)e(material,)h(authen)n(tication)g(of)g(the)h
(participan)n(ts,)e(etc.)43 b(Section)29 b(4.1)f(de\014nes)i(the)f
(default)h(set)f(of)g(ISAKMP)0 3661 y(exc)n(hange)d(t)n(yp)r(es.)37
b(Other)27 b(exc)n(hange)f(t)n(yp)r(es)i(can)f(b)r(e)h(added)f(to)h
(supp)r(ort)f(additional)g(k)n(ey)g(exc)n(hanges,)f(if)i(required.)0
3993 y Fj(2.2)112 b(ISAKMP)37 b(Placemen)m(t)0 4246 y
Fk(Figure)23 b(1)g(is)h(a)f(high)h(lev)n(el)f(view)h(of)f(the)i
(placemen)n(t)e(of)h(ISAKMP)f(within)h(a)g(system)f(con)n(text)h(in)g
(a)f(net)n(w)n(ork)f(arc)n(hitecture.)0 4346 y(An)32
b(imp)r(ortan)n(t)g(part)f(of)h(negotiating)f(securit)n(y)g(services)g
(is)h(to)f(consider)g(the)i(en)n(tire)e(\\stac)n(k")f(of)i(individual)g
(SAs)g(as)f(a)0 4445 y(unit.)38 b(This)27 b(is)h(referred)e(to)h(as)g
(a)h(\\protection)e(suite".)0 4777 y Fj(2.3)112 b(Negotiation)36
b(Phases)0 5030 y Fk(ISAKMP)25 b(o\013ers)g(t)n(w)n(o)f(\\phases")g(of)
h(negotiation.)35 b(In)26 b(the)f(\014rst)h(phase,)f(t)n(w)n(o)g(en)n
(tities)g(\(e.g.)36 b(ISAKMP)25 b(serv)n(ers\))f(agree)f(on)0
5130 y(ho)n(w)28 b(to)g(protect)g(further)g(negotiation)g(tra\016c)g(b)
r(et)n(w)n(een)g(themselv)n(es,)g(establishing)g(an)g(ISAKMP)g(SA.)h
(This)f(ISAKMP)0 5229 y(SA)c(is)f(then)g(used)g(to)g(protect)g(the)h
(negotiations)e(for)g(the)i(Proto)r(col)d(SA)j(b)r(eing)f(requested.)35
b(Tw)n(o)22 b(en)n(tities)h(\(e.g.)35 b(ISAKMP)0 5329
y(serv)n(ers\))26 b(can)h(negotiate)g(\(and)g(ha)n(v)n(e)g(activ)n(e\))
g(m)n(ultiple)h(ISAKMP)f(SAs.)0 5656 y(Maughan,)g(Sc)n(hertler,)f(Sc)n
(hneider,)i(T)-7 b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25
b(.ps)478 b([P)n(age)26 b(13])p eop
%%Page: 14 14
14 13 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)218 490 y Fg(+------------+)343
b(+--------+)693 b(+--------------+)218 589 y(!)217 b(DOI)174
b(!)348 b(!)g(!)697 b(!)87 b(Application)39 b(!)218 689
y(!)k(Definition)d(!)j(<---->)e(!)i(ISAKMP)e(!)697 b(!)174
b(Process)128 b(!)218 789 y(+------------+)168 b(-->)43
b(!)348 b(!)697 b(!--------------!)174 888 y(+--------------+)124
b(!)131 b(+--------+)693 b(!)43 b(Appl)f(Protocol!)174
988 y(!)i(Key)e(Exchange)e(!)130 b(!)218 b(^)87 b(^)871
b(+--------------+)174 1088 y(!)87 b(Definition)c(!<--)260
b(!)87 b(!)1176 b(^)174 1187 y(+--------------+)386 b(!)87
b(!)1176 b(!)1264 1287 y(!)87 b(!)1176 b(!)523 1386 y(!---------------)
o(-!)81 b(!)1176 b(!)523 1486 y(v)828 b(!)1176 b(!)349
1586 y(+-------+)650 b(v)1176 b(v)349 1685 y(!)86 b(API)g(!)349
b(+--------------)o(---)o(--)o(---)o(--)o(--)o(---)o(--)o(---)o(--)o
(---)o(--)o(--)o(--+)349 1785 y(+-------+)c(!)697 b(Socket)41
b(Layer)739 b(!)523 1885 y(!)523 b(!--------------)o(---)o(--)o(---)o
(--)o(--)o(---)o(--)o(---)o(--)o(---)o(--)o(--)o(--!)523
1984 y(v)g(!)348 b(Transport)40 b(Protocol)g(\(TCP)i(/)h(UDP\))304
b(!)218 2084 y(+----------+)344 b(!--------------)o(---)o(--)o(---)o
(--)o(--)o(---)o(--)o(---)o(--)o(---)o(--)o(--)o(--!)218
2183 y(!)43 b(Security)d(!)k(<---->)d(!)915 b(IP)958
b(!)218 2283 y(!)43 b(Protocol)d(!)349 b(!--------------)o(---)o(--)o
(---)o(--)o(--)o(---)o(--)o(---)o(--)o(---)o(--)o(--)o(--!)218
2383 y(+----------+)344 b(!)566 b(Link)42 b(Layer)f(Protocol)564
b(!)1090 2482 y(+--------------)o(---)o(--)o(---)o(--)o(--)o(---)o(--)o
(---)o(--)o(---)o(--)o(--)o(--+)1343 2848 y Fk(Figure)27
b(1:)37 b(ISAKMP)27 b(Relationships)0 3113 y(The)h(second)g(phase)g(of)
h(negotiation)e(is)h(used)h(to)f(establish)g(securit)n(y)f(asso)r
(ciations)g(for)h(other)g(securit)n(y)f(proto)r(cols.)38
b(This)0 3212 y(second)29 b(phase)g(can)g(b)r(e)h(used)f(to)g
(establish)h(man)n(y)e(securit)n(y)h(asso)r(ciations.)41
b(The)29 b(securit)n(y)g(asso)r(ciations)e(established)i(b)n(y)0
3312 y(ISAKMP)e(during)g(this)h(phase)f(can)h(b)r(e)g(used)f(b)n(y)g(a)
h(securit)n(y)e(proto)r(col)h(to)g(protect)g(man)n(y)g(message/data)f
(exc)n(hanges.)0 3511 y(While)c(the)h(t)n(w)n(o-phased)d(approac)n(h)g
(has)h(a)h(higher)f(start-up)g(cost)h(for)f(most)h(simple)g(scenarios,)
f(there)h(are)f(sev)n(eral)f(reasons)0 3611 y(that)28
b(it)g(is)f(b)r(ene\014cial)h(for)f(most)h(cases.)0 3810
y(First,)33 b(en)n(tities)g(\(e.g.)51 b(ISAKMP)31 b(serv)n(ers\))g(can)
h(amortize)f(the)i(cost)e(of)i(the)f(\014rst)g(phase)g(across)e(sev)n
(eral)h(second)h(phase)0 3910 y(negotiations.)50 b(This)32
b(allo)n(ws)f(m)n(ultiple)h(SAs)h(to)f(b)r(e)h(established)f(b)r(et)n
(w)n(een)g(p)r(eers)g(o)n(v)n(er)e(time)j(without)f(ha)n(ving)g(to)g
(start)0 4010 y(o)n(v)n(er)26 b(for)h(eac)n(h)g(comm)n(unication.)0
4209 y(Second,)h(securit)n(y)f(services)g(negotiated)h(during)f(the)i
(\014rst)f(phase)f(pro)n(vide)g(securit)n(y)h(prop)r(erties)f(for)g
(the)i(second)f(phase.)0 4308 y(F)-7 b(or)29 b(example,)h(after)f(the)h
(\014rst)g(phase)f(of)h(negotiation,)f(the)h(encryption)f(pro)n(vided)g
(b)n(y)g(the)h(ISAKMP)g(SA)g(can)f(pro)n(vide)0 4408
y(iden)n(tit)n(y)i(protection,)h(p)r(oten)n(tially)f(allo)n(wing)f(the)
i(use)f(of)g(simpler)g(second-phase)f(exc)n(hanges.)47
b(On)31 b(the)h(other)e(hand,)j(if)0 4508 y(the)f(c)n(hannel)f
(established)g(during)h(the)f(\014rst)h(phase)f(is)g(not)h(adequate)f
(to)g(protect)h(iden)n(tities,)h(then)f(the)g(second)f(phase)0
4607 y(m)n(ust)d(negotiate)e(adequate)h(securit)n(y)g(mec)n(hanisms.)0
4807 y(Third,)35 b(ha)n(ving)d(an)h(ISAKMP)g(SA)h(in)g(place)f
(considerably)e(reduces)i(the)h(cost)f(of)g(ISAKMP)g(managemen)n(t)f
(activit)n(y)h(-)0 4906 y(without)28 b(the)h(\\trusted)e(path")h(that)g
(an)g(ISAKMP)f(SA)i(giv)n(es)d(y)n(ou,)i(the)g(en)n(tities)g(\(e.g.)38
b(ISAKMP)28 b(serv)n(ers\))e(w)n(ould)h(ha)n(v)n(e)0
5006 y(to)g(go)g(through)g(a)g(complete)h(re-authen)n(tication)e(for)h
(eac)n(h)g(error)f(noti\014cation)h(or)f(deletion)i(of)g(an)f(SA.)0
5205 y(Negotiation)20 b(during)h(eac)n(h)f(phase)h(is)g(accomplished)g
(using)f(ISAKMP-de\014ned)h(exc)n(hanges)f(\(see)h(section)f(4\))h(or)g
(exc)n(hanges)0 5305 y(de\014ned)28 b(for)f(a)g(k)n(ey)g(exc)n(hange)f
(within)j(a)e(DOI.)0 5656 y(Maughan,)g(Sc)n(hertler,)f(Sc)n(hneider,)i
(T)-7 b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25
b(.ps)478 b([P)n(age)26 b(14])p eop
%%Page: 15 15
15 14 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y(Note)37 b(that)g(securit)n(y)f
(services)g(ma)n(y)g(b)r(e)h(applied)g(di\013eren)n(tly)g(in)g(eac)n(h)
f(negotiation)g(phase.)64 b(F)-7 b(or)36 b(example,)j(di\013eren)n(t)0
490 y(parties)26 b(are)g(b)r(eing)i(authen)n(ticated)f(during)f(eac)n
(h)h(of)g(the)g(phases)g(of)g(negotiation.)35 b(During)27
b(the)h(\014rst)f(phase,)f(the)i(parties)0 589 y(b)r(eing)e(authen)n
(ticated)f(ma)n(y)g(b)r(e)h(the)g(ISAKMP)g(serv)n(ers/hosts,)d(while)i
(during)h(the)g(second)f(phase,)g(users)g(or)g(application)0
689 y(lev)n(el)i(programs)e(are)i(b)r(eing)h(authen)n(ticated.)0
1021 y Fj(2.4)112 b(Iden)m(tifying)37 b(Securit)m(y)f(Asso)s(ciations)0
1274 y Fk(While)g(b)r(o)r(otstrapping)e(secure)g(c)n(hannels)g(b)r(et)n
(w)n(een)h(systems,)h(ISAKMP)f(cannot)g(assume)f(the)h(existence)g(of)g
(securit)n(y)0 1374 y(services,)28 b(and)h(m)n(ust)g(pro)n(vide)e(some)
i(protections)f(for)g(itself.)41 b(Therefore,)28 b(ISAKMP)h(considers)e
(an)i(ISAKMP)g(Securit)n(y)0 1473 y(Asso)r(ciation)k(to)g(b)r(e)h
(di\013eren)n(t)g(than)g(other)f(t)n(yp)r(es,)i(and)e(manages)f(ISAKMP)
i(SAs)f(itself,)j(in)e(their)f(o)n(wn)g(name)h(space.)0
1573 y(ISAKMP)d(uses)g(the)g(t)n(w)n(o)g(co)r(okie)f(\014elds)h(in)h
(the)f(ISAKMP)g(header)g(to)g(iden)n(tify)g(ISAKMP)g(SAs.)48
b(The)31 b(Message)f(ID)i(in)0 1672 y(the)25 b(ISAKMP)f(Header)f(and)h
(the)h(SPI)f(\014eld)g(in)h(the)f(Prop)r(osal)f(pa)n(yload)f(are)i
(used)g(during)g(SA)g(establishmen)n(t)g(to)h(iden)n(tify)0
1772 y(the)33 b(SA)h(for)e(other)h(securit)n(y)f(proto)r(cols.)52
b(The)33 b(in)n(terpretation)f(of)h(these)g(four)f(\014elds)h(is)g(dep)
r(enden)n(t)h(on)f(the)g(op)r(eration)0 1872 y(taking)27
b(place.)0 2071 y(The)i(follo)n(wing)f(table)g(sho)n(ws)g(the)h
(presence)f(or)g(absence)g(of)h(sev)n(eral)e(\014elds)i(during)g(SA)g
(establishmen)n(t.)40 b(The)29 b(follo)n(wing)0 2171
y(\014elds)23 b(are)f(necessary)f(for)h(v)-5 b(arious)22
b(op)r(erations)f(asso)r(ciated)h(with)h(SA)g(establishmen)n(t:)34
b(co)r(okies)22 b(in)h(the)g(ISAKMP)g(header,)0 2270
y(the)34 b(ISAKMP)e(Header)h(Message)f(ID)h(\014eld,)i(and)e(the)h(SPI)
f(\014eld)g(in)h(the)f(Prop)r(osal)e(pa)n(yload.)53 b(An)33
b('X')h(in)f(the)h(column)0 2370 y(means)28 b(the)h(v)-5
b(alue)28 b(MUST)h(b)r(e)g(presen)n(t.)38 b(An)29 b('NA')g(in)g(the)g
(column)f(means)g(a)g(v)-5 b(alue)28 b(in)h(the)g(column)f(is)g(Not)h
(Applicable)0 2470 y(to)e(the)h(op)r(eration.)445 2846
y(#)558 b(Op)r(eration)538 b(I-Co)r(okie)98 b(R-Co)r(okie)h(Message)26
b(ID)100 b(SPI)p 377 2879 3147 4 v 427 2946 a(\(1\))f(Start)28
b(ISAKMP)f(SA)h(negotiation)227 b(X)344 b(0)396 b(0)477
b(0)427 3045 y(\(2\))99 b(Resp)r(ond)28 b(ISAKMP)f(SA)h(negotiation)99
b(X)344 b(X)376 b(0)477 b(0)427 3145 y(\(3\))99 b(Init)28
b(other)g(SA)g(negotiation)426 b(X)344 b(X)376 b(X)457
b(X)427 3244 y(\(4\))99 b(Resp)r(ond)28 b(other)f(SA)h(negotiation)245
b(X)344 b(X)376 b(X)457 b(X)427 3344 y(\(5\))99 b(Other)27
b(\(KE,)h(ID,)g(etc.\))596 b(X)344 b(X)376 b(X/0)d(NA)427
3444 y(\(6\))99 b(Securit)n(y)27 b(Proto)r(col)f(\(ESP)-7
b(,)27 b(AH\))296 b(NA)282 b(NA)314 b(NA)395 b(X)0 3727
y(In)35 b(the)g(\014rst)f(line)h(\(1\))f(of)h(the)g(table,)h(the)f
(initiator)f(includes)h(the)f(Initiator)g(Co)r(okie)g(\014eld)h(in)g
(the)g(ISAKMP)f(Header,)0 3826 y(using)27 b(the)h(pro)r(cedures)f
(outlined)g(in)h(sections)f(2.5.3)g(and)g(3.1.)0 4026
y(In)38 b(the)h(second)e(line)h(\(2\))h(of)f(the)g(table,)j(the)d(resp)
r(onder)f(includes)h(the)h(Initiator)e(and)h(Resp)r(onder)g(Co)r(okie)f
(\014elds)h(in)0 4125 y(the)e(ISAKMP)g(Header,)h(using)f(the)g(pro)r
(cedures)f(outlined)h(in)g(sections)g(2.5.3)e(and)i(3.1.)61
b(Additional)37 b(messages)d(ma)n(y)0 4225 y(b)r(e)c(exc)n(hanged)f(b)r
(et)n(w)n(een)g(ISAKMP)h(p)r(eers,)g(dep)r(ending)g(on)f(the)h(ISAKMP)g
(exc)n(hange)e(t)n(yp)r(e)i(used)g(during)f(the)h(phase)f(1)0
4325 y(negotiation.)44 b(Once)31 b(the)f(phase)g(1)g(exc)n(hange)f(is)i
(completed,)g(the)g(Initiator)f(and)g(Resp)r(onder)g(co)r(okies)f(are)h
(included)h(in)0 4424 y(the)d(ISAKMP)f(Header)g(of)h(all)f(subsequen)n
(t)g(comm)n(unications)g(b)r(et)n(w)n(een)g(the)h(ISAKMP)g(p)r(eers.)0
4623 y(During)d(phase)g(1)f(negotiations,)h(the)g(initiator)g(and)g
(resp)r(onder)f(co)r(okies)g(determine)h(the)h(ISAKMP)f(SA.)g
(Therefore,)g(the)0 4723 y(SPI)32 b(\014eld)h(in)g(the)f(Prop)r(osal)f
(pa)n(yload)g(is)h(redundan)n(t)g(and)g(MA)-7 b(Y)33
b(b)r(e)g(set)g(to)f(0)g(or)g(it)h(MA)-7 b(Y)33 b(con)n(tain)e(the)i
(transmitting)0 4823 y(en)n(tit)n(y's)27 b(co)r(okie.)0
5022 y(In)j(the)f(third)h(line)f(\(3\))h(of)f(the)h(table,)g(the)f
(initiator)g(asso)r(ciates)f(a)h(Message)f(ID)i(with)f(the)h(Proto)r
(cols)d(con)n(tained)i(in)h(the)0 5122 y(SA)24 b(Prop)r(osal.)34
b(This)24 b(Message)e(ID)j(and)e(the)i(initiator's)e(SPI\(s\))h(to)g(b)
r(e)g(asso)r(ciated)e(with)j(eac)n(h)e(proto)r(col)g(in)h(the)g(Prop)r
(osal)0 5221 y(are)i(sen)n(t)h(to)h(the)f(resp)r(onder.)36
b(The)27 b(SPI\(s\))g(will)h(b)r(e)g(used)f(b)n(y)g(the)h(securit)n(y)e
(proto)r(cols)g(once)h(the)g(phase)g(2)g(negotiation)f(is)0
5321 y(completed.)0 5656 y(Maughan,)h(Sc)n(hertler,)f(Sc)n(hneider,)i
(T)-7 b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25
b(.ps)478 b([P)n(age)26 b(15])p eop
%%Page: 16 16
16 15 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y(In)i(the)h(fourth)f(line)h(\(4\))f
(of)g(the)h(table,)g(the)f(resp)r(onder)f(includes)i(the)f(same)g
(Message)f(ID)h(and)h(the)f(resp)r(onder's)f(SPI\(s\))0
490 y(to)f(b)r(e)h(asso)r(ciated)f(with)h(eac)n(h)f(proto)r(col)f(in)i
(the)g(accepted)f(Prop)r(osal.)35 b(This)28 b(information)e(is)i
(returned)f(to)h(the)g(initiator.)0 689 y(In)d(the)f(\014fth)i(line)e
(\(5\))h(of)f(the)h(table,)g(the)f(initiator)g(and)g(resp)r(onder)f
(use)i(the)f(Message)f(ID)i(\014eld)g(in)f(the)h(ISAKMP)f(Header)0
789 y(to)i(k)n(eep)f(trac)n(k)g(of)h(the)g(in-progress)e(proto)r(col)g
(negotiation.)36 b(This)26 b(is)g(only)f(applicable)g(for)h(a)f(phase)h
(2)f(exc)n(hange)g(and)h(the)0 888 y(v)-5 b(alue)31 b(SHOULD)g(b)r(e)g
(0)g(for)f(a)h(phase)f(1)g(exc)n(hange)g(b)r(ecause)g(the)h(com)n
(bined)g(co)r(okies)f(iden)n(tify)h(the)g(ISAKMP)g(SA.)g(The)0
988 y(SPI)25 b(\014eld)i(in)f(the)g(Prop)r(osal)e(pa)n(yload)g(is)i
(not)f(applicable)h(b)r(ecause)f(the)h(Prop)r(osal)e(pa)n(yload)g(is)i
(only)f(used)h(during)f(the)i(SA)0 1088 y(negotiation)g(message)f(exc)n
(hange)g(\(steps)i(3)f(and)g(4\).)0 1287 y(In)g(the)h(sixth)f(line)g
(\(6\))h(of)f(the)g(table,)g(the)h(phase)e(2)h(negotiation)f(is)h
(complete.)37 b(The)27 b(securit)n(y)f(proto)r(cols)g(use)h(the)g
(SPI\(s\))0 1386 y(to)32 b(determine)h(whic)n(h)f(securit)n(y)g
(services)f(and)h(mec)n(hanisms)g(to)g(apply)h(to)f(the)h(comm)n
(unication)f(b)r(et)n(w)n(een)g(them.)52 b(The)0 1486
y(SPI)24 b(v)-5 b(alue)23 b(sho)n(wn)g(in)h(the)h(sixth)f(line)g(\(6\))
g(is)f(not)h(the)h(SPI)e(\014eld)h(in)g(the)h(Prop)r(osal)c(pa)n
(yload,)i(but)i(the)f(SPI)g(\014eld)g(con)n(tained)0
1586 y(within)k(the)g(securit)n(y)f(proto)r(col)f(header.)0
1785 y(During)35 b(the)g(SA)h(establishmen)n(t,)g(a)f(SPI)g(MUST)g(b)r
(e)h(generated.)57 b(ISAKMP)35 b(is)g(designed)g(to)f(handle)h(v)-5
b(ariable)34 b(sized)0 1885 y(SPIs.)h(This)23 b(is)g(accomplished)g(b)n
(y)f(using)h(the)h(SPI)f(Size)g(\014eld)h(within)f(the)h(Prop)r(osal)d
(pa)n(yload)h(during)h(SA)g(establishmen)n(t.)0 1984
y(Handling)k(of)h(SPIs)f(will)h(b)r(e)g(outlined)g(b)n(y)f(the)h(DOI)g
(sp)r(eci\014cation)f(\(e.g.)37 b([IPDOI)o(]\).)0 2183
y(When)26 b(a)f(securit)n(y)f(asso)r(ciation)g(\(SA\))i(is)g(initially)
f(established,)h(one)f(side)g(assumes)f(the)i(role)f(of)g(initiator)g
(and)g(the)h(other)0 2283 y(the)32 b(role)f(of)h(resp)r(onder.)48
b(Once)31 b(the)h(SA)g(is)g(established,)g(b)r(oth)g(the)h(original)d
(initiator)h(and)h(resp)r(onder)e(can)h(initiate)h(a)0
2383 y(phase)27 b(2)g(negotiation)g(with)h(the)g(p)r(eer)f(en)n(tit)n
(y)-7 b(.)37 b(Th)n(us,)28 b(ISAKMP)f(SAs)h(are)e(bidirectional)h(in)h
(nature.)0 2582 y(Additionally)-7 b(,)41 b(ISAKMP)d(allo)n(ws)e(b)r
(oth)j(initiator)f(and)g(resp)r(onder)f(to)h(ha)n(v)n(e)f(some)g(con)n
(trol)g(during)h(the)g(negotiation)0 2682 y(pro)r(cess.)77
b(While)41 b(ISAKMP)g(is)g(designed)g(to)g(allo)n(w)f(an)h(SA)h
(negotiation)e(that)i(includes)f(m)n(ultiple)h(prop)r(osals,)h(the)0
2781 y(initiator)34 b(can)h(main)n(tain)g(some)f(con)n(trol)g(b)n(y)g
(only)h(making)f(one)h(prop)r(osal)e(in)j(accordance)d(with)i(the)g
(initiator's)g(lo)r(cal)0 2881 y(securit)n(y)i(p)r(olicy)-7
b(.)66 b(Once)37 b(the)h(initiator)f(sends)h(a)f(prop)r(osal)f(con)n
(taining)g(more)h(than)h(one)f(prop)r(osal)f(\(whic)n(h)i(are)e(sen)n
(t)0 2980 y(in)d(decreasing)f(preference)g(order\),)h(the)g(initiator)g
(relinquishes)f(con)n(trol)g(to)g(the)i(resp)r(onder.)52
b(Once)32 b(the)h(resp)r(onder)f(is)0 3080 y(con)n(trolling)21
b(the)j(SA)f(establishmen)n(t,)h(the)g(resp)r(onder)e(can)g(mak)n(e)g
(its)i(p)r(olicy)e(tak)n(e)h(precedence)f(o)n(v)n(er)f(the)j(initiator)
e(within)0 3180 y(the)30 b(con)n(text)g(of)f(the)i(m)n(ultiple)f
(options)f(o\013ered)h(b)n(y)f(the)i(initiator.)43 b(This)30
b(is)f(accomplished)g(b)n(y)h(selecting)f(the)i(prop)r(osal)0
3279 y(b)r(est)d(suited)g(for)f(the)h(resp)r(onder's)e(lo)r(cal)h
(securit)n(y)g(p)r(olicy)g(and)h(returning)f(this)h(selection)f(to)g
(the)h(initiator.)0 3611 y Fj(2.5)112 b(Miscellaneous)0
3864 y Fe(2.5.1)94 b(T)-8 b(ransp)s(ort)32 b(Proto)s(col)0
4117 y Fk(ISAKMP)24 b(can)h(b)r(e)g(implemen)n(ted)h(o)n(v)n(er)d(an)n
(y)h(transp)r(ort)f(proto)r(col)h(or)g(o)n(v)n(er)f(IP)h(itself.)37
b(Implemen)n(tations)24 b(MUST)i(include)0 4217 y(send)h(and)h(receiv)n
(e)e(capabilit)n(y)g(for)h(ISAKMP)g(using)g(the)h(User)f(Datagram)f
(Proto)r(col)g(\(UDP\))i(on)f(p)r(ort)g(500.)36 b(UDP)27
b(P)n(ort)0 4316 y(500)c(has)h(b)r(een)h(assigned)e(to)h(ISAKMP)g(b)n
(y)g(the)h(In)n(ternet)g(Assigned)f(Num)n(b)r(ered)g(Authorit)n(y)g
(\(IANA\).)i(Implemen)n(tations)0 4416 y(MA)-7 b(Y)28
b(additionally)f(supp)r(ort)h(ISAKMP)f(o)n(v)n(er)f(other)h(transp)r
(ort)f(proto)r(cols)h(or)f(o)n(v)n(er)g(IP)h(itself.)0
4731 y Fe(2.5.2)94 b(RESER)-11 b(VED)31 b(Fields)0 4984
y Fk(The)e(existence)g(of)g(RESER)-9 b(VED)28 b(\014elds)i(within)f
(ISAKMP)g(pa)n(yloads)e(are)h(used)h(strictly)g(to)g(preserv)n(e)f(b)n
(yte)g(alignmen)n(t.)0 5084 y(All)36 b(RESER)-9 b(VED)36
b(\014elds)f(in)h(the)h(ISAKMP)e(proto)r(col)g(MUST)h(b)r(e)g(set)g(to)
g(zero)f(\(0\))h(when)g(a)f(pac)n(k)n(et)g(is)h(issued.)61
b(The)0 5184 y(receiv)n(er)30 b(SHOULD)i(c)n(hec)n(k)f(the)i(RESER)-9
b(VED)31 b(\014elds)h(for)f(a)g(zero)g(\(0\))h(v)-5 b(alue)32
b(and)f(discard)g(the)h(pac)n(k)n(et)f(if)h(other)f(v)-5
b(alues)0 5283 y(are)27 b(found.)0 5656 y(Maughan,)g(Sc)n(hertler,)f
(Sc)n(hneider,)i(T)-7 b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25
b(.ps)478 b([P)n(age)26 b(16])p eop
%%Page: 17 17
17 16 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y Fe(2.5.3)94 b(An)m(ti-Clogging)30
b(T)-8 b(ok)m(en)32 b(\(\\Co)s(okie"\))f(Creation)0 643
y Fk(The)26 b(details)h(of)f(co)r(okie)g(generation)f(are)g(implemen)n
(tation)h(dep)r(enden)n(t,)i(but)f(MUST)g(satisfy)f(these)g(basic)g
(requiremen)n(ts)0 743 y(\(originally)g(stated)i(b)n(y)f(Phil)g(Karn)g
(in)h([Karn)o(]\):)131 1025 y Fg(1.)173 b(The)43 b(cookie)e(must)h
(depend)f(on)i(the)f(specific)e(parties.)84 b(This)42
b(prevents)392 1125 y(an)h(attacker)d(from)i(obtaining)e(a)j(cookie)e
(using)h(a)h(real)f(IP)h(address)d(and)392 1224 y(UDP)j(port,)e(and)h
(then)g(using)g(it)h(to)f(swamp)g(the)g(victim)f(with)h(Diffie-)392
1324 y(Hellman)f(requests)f(from)i(randomly)e(chosen)i(IP)g(addresses)e
(or)j(ports.)131 1523 y(2.)173 b(It)43 b(must)f(not)g(be)h(possible)d
(for)j(anyone)e(other)g(than)h(the)h(issuing)392 1623
y(entity)e(to)i(generate)d(cookies)h(that)h(will)g(be)h(accepted)d(by)j
(that)392 1722 y(entity.)85 b(This)41 b(implies)g(that)h(the)g(issuing)
f(entity)g(must)h(use)h(local)392 1822 y(secret)e(information)e(in)k
(the)g(generation)c(and)j(subsequent)392 1922 y(verification)d(of)k(a)g
(cookie.)84 b(It)43 b(must)f(not)g(be)h(possible)d(to)j(deduce)392
2021 y(this)f(secret)f(information)e(from)j(any)h(particular)c(cookie.)
131 2220 y(3.)173 b(The)43 b(cookie)e(generation)e(function)h(must)i
(be)h(fast)f(to)h(thwart)e(attacks)392 2320 y(intended)g(to)h(sabotage)
f(CPU)h(resources.)0 2602 y Fk(Karn's)30 b(suggested)h(metho)r(d)h(for)
f(creating)g(the)h(co)r(okie)e(is)i(to)g(p)r(erform)f(a)g(fast)h(hash)f
(\(e.g.)49 b(MD5\))32 b(o)n(v)n(er)e(the)i(IP)f(Source)0
2702 y(and)36 b(Destination)g(Address,)h(the)f(UDP)g(Source)f(and)h
(Destination)g(P)n(orts)e(and)i(a)f(lo)r(cally)g(generated)g(secret)g
(random)0 2802 y(v)-5 b(alue.)35 b(ISAKMP)23 b(requires)f(that)i(the)f
(co)r(okie)g(b)r(e)g(unique)h(for)f(eac)n(h)f(SA)i(establishmen)n(t)f
(to)g(help)h(prev)n(en)n(t)e(repla)n(y)g(attac)n(ks,)0
2901 y(therefore,)h(the)f(date)h(and)f(time)h(MUST)f(b)r(e)h(added)f
(to)h(the)f(information)g(hashed.)35 b(The)22 b(generated)f(co)r(okies)
g(are)h(placed)g(in)0 3001 y(the)f(ISAKMP)f(Header)g(\(describ)r(ed)h
(in)g(section)f(3.1\))h(Initiator)f(and)g(Resp)r(onder)g(co)r(okie)g
(\014elds.)35 b(These)20 b(\014elds)h(are)f(8)g(o)r(ctets)0
3101 y(in)30 b(length,)g(th)n(us,)f(requiring)f(a)h(generated)g(co)r
(okie)f(to)h(b)r(e)h(8)f(o)r(ctets.)42 b(Notify)30 b(and)f(Delete)h
(messages)d(\(see)j(sections)e(3.14,)0 3200 y(3.15,)i(and)g(4.8\))g
(are)f(uni-directional)g(transmissions)g(and)h(are)g(done)g(under)g
(the)h(protection)e(of)i(an)f(existing)f(ISAKMP)0 3300
y(SA,)d(th)n(us,)f(not)g(requiring)f(the)i(generation)d(of)j(a)e(new)h
(co)r(okie.)36 b(One)24 b(exception)h(to)g(this)h(is)f(the)g
(transmission)f(of)h(a)g(Notify)0 3399 y(message)j(during)h(a)f(Phase)g
(1)h(exc)n(hange,)f(prior)g(to)i(completing)f(the)g(establishmen)n(t)g
(of)g(an)g(SA.)h(Sections)f(3.14)f(and)h(4.8)0 3499 y(pro)n(vide)d
(additional)h(details.)0 3873 y Ff(3)137 b(ISAKMP)46
b(P)l(a)l(yloads)0 4155 y Fk(ISAKMP)28 b(pa)n(yloads)e(pro)n(vide)h(mo)
r(dular)h(building)g(blo)r(c)n(ks)f(for)h(constructing)f(ISAKMP)h
(messages.)37 b(The)28 b(presence)f(and)0 4254 y(ordering)f(of)h(pa)n
(yloads)e(in)j(ISAKMP)f(is)g(de\014ned)h(b)n(y)f(and)g(dep)r(enden)n(t)
h(up)r(on)g(the)g Fb(Exchange)i(T)-6 b(yp)l(e)30 b(Field)f
Fk(lo)r(cated)e(in)h(the)0 4354 y(ISAKMP)33 b(Header)g(\(see)h(Figure)f
(2\).)55 b(The)34 b(ISAKMP)f(pa)n(yload)f(t)n(yp)r(es)i(are)e
(discussed)i(in)g(sections)f(3.4)f(through)h(3.15.)0
4454 y(The)23 b(descriptions)e(of)i(the)g(ISAKMP)f(pa)n(yloads,)g
(messages,)g(and)g(exc)n(hanges)f(\(see)i(Section)f(4\))h(are)e(sho)n
(wn)h(using)g(net)n(w)n(ork)0 4553 y(o)r(ctet)28 b(ordering.)35
b(Additionally)-7 b(,)28 b(all)f(ISAKMP)g(messages)f(MUST)i(b)r(e)g
(aligned)f(at)h(4-o)r(ctet)f(m)n(ultiples.)0 4885 y Fj(3.1)112
b(ISAKMP)37 b(Header)h(F)-9 b(ormat)0 5138 y Fk(An)40
b(ISAKMP)g(message)e(has)h(a)h(\014xed)g(header)f(format,)j(sho)n(wn)d
(in)h(Figure)f(2,)k(follo)n(w)n(ed)c(b)n(y)g(a)h(v)-5
b(ariable)39 b(n)n(um)n(b)r(er)g(of)0 5238 y(pa)n(yloads.)49
b(A)33 b(\014xed)f(header)f(simpli\014es)i(parsing,)f(pro)n(viding)f
(the)h(b)r(ene\014t)h(of)f(proto)r(col)f(parsing)g(soft)n(w)n(are)g
(that)h(is)h(less)0 5337 y(complex)g(and)g(easier)f(to)i(implemen)n(t.)
55 b(The)33 b(\014xed)h(header)e(con)n(tains)h(the)h(information)e
(required)h(b)n(y)g(the)h(proto)r(col)e(to)0 5656 y(Maughan,)27
b(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7 b(urner)477 b
(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478 b([P)n(age)26
b(17])p eop
%%Page: 18 18
18 17 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)1264 441 y Fg(1)828 b(2)f(3)392
541 y(0)43 b(1)h(2)f(3)g(4)g(5)g(6)g(7)h(8)f(9)g(0)g(1)g(2)h(3)f(4)g(5)
g(6)g(7)g(8)h(9)f(0)g(1)g(2)g(3)g(4)h(5)f(6)g(7)g(8)g(9)g(0)h(1)349
640 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)
o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349
740 y(!)1133 b(Initiator)1216 b(!)349 839 y(!)k(Cookie)1261
b(!)349 939 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o
(+)349 1039 y(!)1133 b(Responder)1216 b(!)349 1138 y(!)k(Cookie)1261
b(!)349 1238 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o
(+)349 1338 y(!)86 b(Next)42 b(Payload)f(!)i(MjVer)f(!)h(MnVer)e(!)j
(Exchange)c(Type)i(!)217 b(Flags)f(!)349 1437 y(+-+-+-+-+-+-+-+)o(-+-)o
(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o
(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349 1537 y(!)1133
b(Message)40 b(ID)1176 b(!)349 1636 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)
o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+)o(-+-)o(+)349 1736 y(!)1220 b(Length)1261
b(!)349 1836 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o
(+)1313 2101 y Fk(Figure)27 b(2:)36 b(ISAKMP)27 b(Header)g(F)-7
b(ormat)0 2367 y(main)n(tain)27 b(state,)h(pro)r(cess)e(pa)n(yloads)g
(and)h(p)r(ossibly)h(prev)n(en)n(t)e(denial)i(of)f(service)g(or)f
(repla)n(y)h(attac)n(ks.)0 2566 y(The)h(ISAKMP)f(Header)g(\014elds)g
(are)g(de\014ned)h(as)f(follo)n(ws:)125 2832 y Fc(\017)41
b Fk(Initiator)29 b(Co)r(okie)h(\(8)g(o)r(ctets\))h(-)f(Co)r(okie)f(of)
h(en)n(tit)n(y)h(that)f(initiated)h(SA)g(establishmen)n(t,)g(SA)g
(noti\014cation,)f(or)g(SA)208 2931 y(deletion.)125 3097
y Fc(\017)41 b Fk(Resp)r(onder)25 b(Co)r(okie)h(\(8)g(o)r(ctets\))h(-)f
(Co)r(okie)g(of)g(en)n(tit)n(y)g(that)h(is)f(resp)r(onding)g(to)g(an)g
(SA)h(establishmen)n(t)g(request,)f(SA)208 3197 y(noti\014cation,)h(or)
f(SA)j(deletion.)125 3363 y Fc(\017)41 b Fk(Next)30 b(P)n(a)n(yload)e
(\(1)i(o)r(ctet\))h(-)f(Indicates)g(the)h(t)n(yp)r(e)f(of)h(the)f
(\014rst)g(pa)n(yload)f(in)i(the)f(message.)44 b(The)30
b(format)g(for)g(eac)n(h)208 3462 y(pa)n(yload)23 b(is)i(de\014ned)h
(in)f(sections)g(3.4)f(through)h(3.16.)35 b(The)25 b(pro)r(cessing)f
(for)g(the)i(pa)n(yloads)d(is)j(de\014ned)f(in)h(section)e(5.)1484
3673 y(Next)k(P)n(a)n(yload)e(T)n(yp)r(e)280 b(V)-7 b(alue)p
1318 3706 1472 4 v 1368 3776 a(NONE)939 b(0)1368 3875
y(Securit)n(y)27 b(Asso)r(ciation)g(\(SA\))260 b(1)1368
3975 y(Prop)r(osal)26 b(\(P\))732 b(2)1368 4075 y(T)-7
b(ransform)26 b(\(T\))673 b(3)1368 4174 y(Key)27 b(Exc)n(hange)f
(\(KE\))465 b(4)1368 4274 y(Iden)n(ti\014cation)27 b(\(ID\))535
b(5)1368 4374 y(Certi\014cate)27 b(\(CER)-7 b(T\))498
b(6)1368 4473 y(Certi\014cate)27 b(Request)h(\(CR\))290
b(7)1368 4573 y(Hash)27 b(\(HASH\))693 b(8)1368 4672
y(Signature)27 b(\(SIG\))620 b(9)1368 4772 y(Nonce)27
b(\(NONCE\))557 b(10)1368 4872 y(Noti\014cation)27 b(\(N\))598
b(11)1368 4971 y(Delete)28 b(\(D\))794 b(12)1368 5071
y(V)-7 b(endor)27 b(ID)h(\(VID\))552 b(13)1368 5171 y(RESER)-9
b(VED)619 b(14)27 b(-)g(127)1368 5270 y(Priv)-5 b(ate)27
b(USE)584 b(128)27 b(-)g(255)0 5656 y(Maughan,)g(Sc)n(hertler,)f(Sc)n
(hneider,)i(T)-7 b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25
b(.ps)478 b([P)n(age)26 b(18])p eop
%%Page: 19 19
19 18 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)125 390 y Fc(\017)41 b Fk(Ma)5
b(jor)24 b(V)-7 b(ersion)26 b(\(4)g(bits\))h(-)e(indicates)h(the)h(ma)5
b(jor)25 b(v)n(ersion)f(of)i(the)h(ISAKMP)f(proto)r(col)f(in)h(use.)36
b(Implemen)n(tations)208 490 y(based)31 b(on)i(this)f(v)n(ersion)f(of)i
(the)f(ISAKMP)g(In)n(ternet-Draft)h(MUST)g(set)f(the)h(Ma)5
b(jor)31 b(V)-7 b(ersion)32 b(to)g(1.)51 b(Implemen-)208
589 y(tations)36 b(based)h(on)g(previous)f(v)n(ersions)g(of)h(ISAKMP)g
(In)n(ternet-Drafts)g(MUST)h(set)f(the)h(Ma)5 b(jor)36
b(V)-7 b(ersion)36 b(to)h(0.)208 689 y(Implemen)n(tations)27
b(SHOULD)h(nev)n(er)f(accept)g(pac)n(k)n(ets)f(with)i(a)g(ma)5
b(jor)26 b(v)n(ersion)g(n)n(um)n(b)r(er)h(larger)f(than)i(its)g(o)n
(wn.)125 855 y Fc(\017)41 b Fk(Minor)25 b(V)-7 b(ersion)26
b(\(4)g(bits\))i(-)e(indicates)g(the)h(minor)f(v)n(ersion)f(of)h(the)h
(ISAKMP)f(proto)r(col)f(in)i(use.)36 b(Implemen)n(tations)208
955 y(based)c(on)g(this)h(v)n(ersion)e(of)h(the)h(ISAKMP)f(In)n
(ternet-Draft)h(MUST)g(set)f(the)h(Minor)f(V)-7 b(ersion)32
b(to)g(0.)52 b(Implemen-)208 1054 y(tations)37 b(based)g(on)g(previous)
f(v)n(ersions)g(of)h(ISAKMP)g(In)n(ternet-Drafts)g(MUST)h(set)g(the)f
(Minor)g(V)-7 b(ersion)37 b(to)g(1.)208 1154 y(Implemen)n(tations)f
(SHOULD)g(nev)n(er)g(accept)g(pac)n(k)n(ets)f(with)h(a)g(minor)g(v)n
(ersion)f(n)n(um)n(b)r(er)h(larger)e(than)i(its)h(o)n(wn,)208
1254 y(giv)n(en)26 b(the)i(ma)5 b(jor)27 b(v)n(ersion)f(n)n(um)n(b)r
(ers)h(are)f(iden)n(tical.)125 1420 y Fc(\017)41 b Fk(Exc)n(hange)27
b(T)n(yp)r(e)j(\(1)g(o)r(ctet\))g(-)f(indicates)h(the)g(t)n(yp)r(e)g
(of)f(exc)n(hange)g(b)r(eing)g(used.)44 b(This)29 b(dictates)h(the)g
(message)e(and)208 1519 y(pa)n(yload)e(orderings)f(in)j(the)g(ISAKMP)f
(exc)n(hanges.)1578 1730 y(Exc)n(hange)f(T)n(yp)r(e)244
b(V)-7 b(alue)p 1427 1763 1254 4 v 1477 1833 a(NONE)742
b(0)1477 1932 y(Base)817 b(1)1477 2032 y(Iden)n(tit)n(y)27
b(Protection)294 b(2)1477 2132 y(Authen)n(tication)28
b(Only)238 b(3)1477 2231 y(Aggressiv)n(e)604 b(4)1477
2331 y(Informational)493 b(5)1477 2430 y(ISAKMP)27 b(F)-7
b(uture)28 b(Use)141 b(6)27 b(-)g(31)1477 2530 y(DOI)g(Sp)r(eci\014c)h
(Use)244 b(32)27 b(-)g(255)125 2747 y Fc(\017)41 b Fk(Flags)33
b(\(1)h(o)r(ctet\))h(-)g(indicates)f(sp)r(eci\014c)g(options)g(that)h
(are)f(set)g(for)g(the)h(ISAKMP)f(exc)n(hange.)56 b(The)34
b(\015ags)g(listed)208 2846 y(b)r(elo)n(w)28 b(are)g(sp)r(eci\014ed)g
(in)h(the)g(Flags)f(\014eld)h(b)r(eginning)g(with)g(the)g(least)f
(signi\014can)n(t)g(bit,)h(i.e)g(the)g(Encryption)f(bit)h(is)208
2946 y(bit)g(0)g(of)f(the)i(Flags)e(\014eld,)h(the)h(Commit)f(bit)g(is)
g(bit)h(1)e(of)h(the)g(Flags)f(\014eld,)i(and)f(the)g(Authen)n
(tication)g(Only)g(bit)g(is)208 3046 y(bit)f(2)f(of)g(the)h(Flags)f
(\014eld.)37 b(The)27 b(remaining)g(bits)h(of)f(the)h(Flags)f(\014eld)h
(MUST)g(b)r(e)g(set)f(to)g(0)h(prior)e(to)h(transmission.)301
3228 y Fe({)41 b Fk(E\(ncryption)34 b(Bit\))h(\(1)f(bit\))h(-)f(If)g
(set)h(\(1\),)h(all)e(pa)n(yloads)e(follo)n(wing)h(the)i(header)f(are)f
(encrypted)h(using)g(the)390 3328 y(encryption)19 b(algorithm)g(iden)n
(ti\014ed)h(in)g(the)g(ISAKMP)f(SA.)i(The)e(ISAKMP)h(SA)g(Iden)n
(ti\014er)f(is)h(the)g(com)n(bination)390 3428 y(of)j(the)h(initiator)f
(and)g(resp)r(onder)f(co)r(okie.)35 b(It)23 b(is)h(RECOMMENDED)e(that)i
(encryption)f(of)g(comm)n(unications)390 3527 y(b)r(e)31
b(done)f(as)g(so)r(on)g(as)g(p)r(ossible)g(b)r(et)n(w)n(een)h(the)g(p)r
(eers.)45 b(F)-7 b(or)30 b(all)g(ISAKMP)g(exc)n(hanges)f(describ)r(ed)i
(in)f(section)390 3627 y(4.1,)i(the)h(encryption)e(SHOULD)h(b)r(egin)g
(after)g(b)r(oth)g(parties)f(ha)n(v)n(e)g(exc)n(hanged)g(Key)g(Exc)n
(hange)f(pa)n(yloads.)390 3726 y(If)e(the)g(E\(ncryption)f(Bit\))h(is)g
(not)f(set)h(\(0\),)g(the)g(pa)n(yloads)e(are)g(not)i(encrypted.)301
3859 y Fe({)41 b Fk(C\(ommit)c(Bit\))g(\(1)f(bit\))h(-)f(This)g(bit)h
(is)f(used)g(to)g(signal)f(k)n(ey)h(exc)n(hange)f(sync)n(hronization.)
60 b(It)37 b(is)f(used)g(to)390 3959 y(ensure)28 b(that)g(encrypted)g
(material)f(is)g(not)h(receiv)n(ed)f(prior)g(to)h(completion)g(of)f
(the)i(SA)f(establishmen)n(t.)38 b(The)390 4058 y(Commit)31
b(Bit)f(can)h(b)r(e)f(set)h(\(at)f(an)n(ytime\))h(b)n(y)f(either)g
(part)n(y)f(participating)h(in)h(the)f(SA)h(establishmen)n(t,)g(and)390
4158 y(can)c(b)r(e)h(used)f(during)f(b)r(oth)i(phases)e(of)h(an)g
(ISAKMP)g(SA)h(establishmen)n(t.)36 b(Ho)n(w)n(ev)n(er,)25
b(the)j(v)-5 b(alue)27 b(MUST)h(b)r(e)390 4258 y(reset)d(after)g(the)h
(Phase)e(1)h(negotiation.)35 b(If)25 b(set\(1\),)h(the)g(en)n(tit)n(y)f
(whic)n(h)g(did)h(not)f(set)h(the)f(Commit)h(Bit)g(MUST)390
4357 y(w)n(ait)g(for)g(an)g(Informational)f(Exc)n(hange)g(con)n
(taining)g(a)h(Notify)h(pa)n(yload)e(\(with)i(the)g(CONNECTED)f(Notify)
390 4457 y(Message\))21 b(from)g(the)h(en)n(tit)n(y)g(whic)n(h)g(set)f
(the)i(Commit)f(Bit.)35 b(This)22 b(indicates)f(that)h(the)g(SA)h
(establishmen)n(t)e(w)n(as)390 4557 y(successful)h(and)g(either)h(en)n
(tit)n(y)f(can)g(no)n(w)g(pro)r(ceed)f(with)i(encrypted)f(tra\016c)g
(comm)n(unication.)34 b(In)23 b(addition)f(to)390 4656
y(sync)n(hronizing)j(k)n(ey)h(exc)n(hange,)f(the)i(Commit)g(Bit)f(can)g
(b)r(e)h(used)g(to)f(protect)g(against)g(loss)f(of)i(transmissions)390
4756 y(o)n(v)n(er)f(unreliable)h(net)n(w)n(orks)f(and)h(guard)g
(against)f(the)i(need)g(for)f(m)n(ultiple)h(retransmissions.)390
4872 y Fg(NOTE:)17 b Fk(It)j(is)f(alw)n(a)n(ys)f(p)r(ossible)h(that)g
(the)h(\014nal)f(message)f(of)h(an)g(exc)n(hange)f(can)h(b)r(e)g(lost.)
34 b(In)20 b(this)f(case,)h(the)g(en)n(tit)n(y)390 4972
y(exp)r(ecting)31 b(to)f(receiv)n(e)f(the)h(\014nal)h(message)e(of)h
(an)g(exc)n(hange)f(w)n(ould)h(receiv)n(e)f(the)h(Phase)f(2)h(SA)h
(negotiation)390 5071 y(message)21 b(follo)n(wing)g(a)h(Phase)g(1)g
(exc)n(hange)f(or)g(encrypted)h(tra\016c)g(follo)n(wing)f(a)h(Phase)g
(2)g(exc)n(hange.)33 b(Handling)390 5171 y(of)38 b(this)h(situation)f
(is)g(not)g(standardized,)i(but)f(w)n(e)f(prop)r(ose)f(the)i(follo)n
(wing)e(p)r(ossibilities.)69 b(If)38 b(the)h(en)n(tit)n(y)390
5271 y(a)n(w)n(aiting)22 b(the)i(Informational)e(Exc)n(hange)f(can)i(v)
n(erify)g(the)g(receiv)n(ed)g(message)e(\(i.e.)36 b(Phase)22
b(2)h(SA)h(negotiation)390 5370 y(message)38 b(or)h(encrypted)g
(tra\016c\),)j(then)e(they)g(MA)-7 b(Y)40 b(consider)f(the)h(SA)g(w)n
(as)e(established)h(and)h(con)n(tin)n(ue)0 5656 y(Maughan,)27
b(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7 b(urner)477 b
(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478 b([P)n(age)26
b(19])p eop
%%Page: 20 20
20 19 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)390 390 y(pro)r(cessing.)35
b(The)27 b(other)f(option)g(is)g(to)h(retransmit)f(the)h(last)f(ISAKMP)
g(message)f(to)h(force)g(the)h(other)f(en)n(tit)n(y)390
490 y(to)k(retransmit)f(the)i(\014nal)f(message.)42 b(This)30
b(suggests)f(that)h(implemen)n(tations)g(ma)n(y)g(consider)e(retaining)
i(the)390 589 y(last)d(message)g(\(lo)r(cally\))g(un)n(til)h(they)g
(are)f(sure)g(the)h(SA)g(is)f(established.)301 709 y
Fe({)41 b Fk(A\(uthen)n(tication)28 b(Only)f(Bit\))h(\(1)f(bit\))h(-)f
(This)h(bit)f(is)h(in)n(tended)f(for)g(use)g(with)h(the)g
(Informational)e(Exc)n(hange)390 809 y(with)h(a)e(Notify)i(pa)n(yload)e
(and)g(will)i(allo)n(w)e(the)h(transmission)f(of)h(information)f(with)i
(in)n(tegrit)n(y)e(c)n(hec)n(king,)g(but)390 908 y(no)c(encryption)f
(\(e.g.)34 b("emergency)19 b(mo)r(de"\).)35 b(Section)20
b(4.8)g(states)g(that)h(a)g(Phase)e(2)h(Informational)g(Exc)n(hange)390
1008 y(MUST)26 b(b)r(e)g(sen)n(t)f(under)g(the)g(protection)g(of)g(an)g
(ISAKMP)g(SA.)h(This)f(is)g(the)h(only)f(exception)f(to)i(that)f(p)r
(olicy)-7 b(.)390 1107 y(If)30 b(the)g(Authen)n(tication)f(Only)g(bit)h
(is)g(set)f(\(1\),)h(only)f(authen)n(tication)g(securit)n(y)f(services)
g(will)i(b)r(e)g(applied)f(to)390 1207 y(the)f(en)n(tire)f(Notify)h(pa)
n(yload)e(of)i(the)g(Informational)e(Exc)n(hange)g(and)h(the)h(pa)n
(yload)f(will)g(not)h(b)r(e)g(encrypted.)125 1370 y Fc(\017)41
b Fk(Message)d(ID)h(\(4)h(o)r(ctets\))g(-)f(Unique)h(Message)e(Iden)n
(ti\014er)h(used)g(to)h(iden)n(tify)g(proto)r(col)e(state)h(during)g
(Phase)f(2)208 1469 y(negotiations.)58 b(This)35 b(v)-5
b(alue)35 b(is)f(randomly)g(generated)g(b)n(y)h(the)h(initiator)e(of)h
(the)h(Phase)e(2)g(negotiation.)58 b(In)36 b(the)208
1569 y(ev)n(en)n(t)28 b(of)h(sim)n(ultaneous)f(SA)i(establishmen)n(ts)e
(\(i.e.)42 b(collisions\),)28 b(the)i(v)-5 b(alue)28
b(of)h(this)h(\014eld)f(will)g(lik)n(ely)g(b)r(e)g(di\013eren)n(t)208
1669 y(b)r(ecause)35 b(they)h(are)e(indep)r(enden)n(tly)j(generated)d
(and,)k(th)n(us,)g(t)n(w)n(o)d(securit)n(y)g(asso)r(ciations)e(will)j
(progress)e(to)n(w)n(ard)208 1768 y(establishmen)n(t.)66
b(Ho)n(w)n(ev)n(er,)38 b(it)g(is)f(unlik)n(ely)h(there)f(will)h(b)r(e)g
(absolute)e(sim)n(ultaneous)h(establishmen)n(ts.)66 b(During)208
1868 y(Phase)26 b(1)h(negotiations,)g(the)h(v)-5 b(alue)27
b(MUST)h(b)r(e)g(set)g(to)f(0.)125 2021 y Fc(\017)41
b Fk(Length)24 b(\(4)h(o)r(ctets\))g(-)g(Length)f(of)h(total)g(message)
e(\(header)h(+)h(pa)n(yloads\))e(in)i(o)r(ctets.)36 b(Encryption)24
b(can)g(expand)h(the)208 2120 y(size)i(of)g(an)h(ISAKMP)f(message.)0
2446 y Fj(3.2)112 b(Generic)37 b(P)m(a)m(yload)g(Header)0
2699 y Fk(Eac)n(h)29 b(ISAKMP)g(pa)n(yload)f(de\014ned)i(in)g(sections)
g(3.4)e(through)i(3.16)e(b)r(egins)i(with)g(a)f(generic)g(header,)h
(sho)n(wn)f(in)h(Figure)0 2799 y(3,)d(whic)n(h)h(pro)n(vides)e(a)h(pa)n
(yload)f("c)n(haining")g(capabilit)n(y)h(and)g(clearly)g(de\014nes)g
(the)h(b)r(oundaries)f(of)h(a)f(pa)n(yload.)1264 3035
y Fg(1)828 b(2)f(3)392 3135 y(0)43 b(1)h(2)f(3)g(4)g(5)g(6)g(7)h(8)f(9)
g(0)g(1)g(2)h(3)f(4)g(5)g(6)g(7)g(8)h(9)f(0)g(1)g(2)g(3)g(4)h(5)f(6)g
(7)g(8)g(9)g(0)h(1)349 3234 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o
(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o
(-+)o(-+)o(-+-)o(+)349 3334 y(!)f(Next)f(Payload)84 b(!)130
b(RESERVED)171 b(!)392 b(Payload)41 b(Length)346 b(!)349
3434 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)
1329 3699 y Fk(Figure)27 b(3:)36 b(Generic)28 b(P)n(a)n(yload)d(Header)
0 3885 y(The)j(Generic)f(P)n(a)n(yload)e(Header)i(\014elds)g(are)g
(de\014ned)h(as)f(follo)n(ws:)125 4124 y Fc(\017)41 b
Fk(Next)34 b(P)n(a)n(yload)e(\(1)j(o)r(ctet\))g(-)f(Iden)n(ti\014er)g
(for)g(the)h(pa)n(yload)e(t)n(yp)r(e)h(of)h(the)g Fb(next)e
Fk(pa)n(yload)g(in)i(the)g(message.)56 b(If)35 b(the)208
4224 y(curren)n(t)26 b(pa)n(yload)g(is)i(the)g(last)f(in)h(the)g
(message,)f(then)h(this)g(\014eld)g(will)f(b)r(e)h(0.)37
b(This)28 b(\014eld)g(pro)n(vides)e(the)i("c)n(haining")208
4323 y(capabilit)n(y)-7 b(.)125 4476 y Fc(\017)41 b Fk(RESER)-9
b(VED)27 b(\(1)g(o)r(ctet\))h(-)g(Un)n(used,)f(set)h(to)f(0.)125
4629 y Fc(\017)41 b Fk(P)n(a)n(yload)32 b(Length)j(\(2)g(o)r(ctets\))h
(-)f(Length)g(in)g(o)r(ctets)g(of)g(the)h(curren)n(t)e(pa)n(yload,)i
(including)f(the)h(generic)e(pa)n(yload)208 4728 y(header.)0
5055 y Fj(3.3)112 b(Data)38 b(A)m(ttributes)0 5308 y
Fk(There)24 b(are)g(sev)n(eral)g(instances)g(within)i(ISAKMP)e(where)h
(it)g(is)g(necessary)e(to)i(represen)n(t)f(Data)h(A)n(ttributes.)36
b(An)26 b(example)0 5407 y(of)g(this)g(is)g(the)g(Securit)n(y)g(Asso)r
(ciation)f(\(SA\))i(A)n(ttributes)f(con)n(tained)f(in)h(the)g(T)-7
b(ransform)25 b(pa)n(yload)f(\(describ)r(ed)i(in)g(section)0
5656 y(Maughan,)h(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(20])p eop
%%Page: 21 21
21 20 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y(3.6\).)60 b(These)36
b(Data)f(A)n(ttributes)h(are)f(not)h(an)f(ISAKMP)g(pa)n(yload,)h(but)h
(are)d(con)n(tained)h(within)i(ISAKMP)e(pa)n(yloads.)0
490 y(The)k(format)f(of)h(the)h(Data)f(A)n(ttributes)g(pro)n(vides)f
(the)h(\015exibilit)n(y)g(for)f(represen)n(tation)g(of)h(man)n(y)f
(di\013eren)n(t)h(t)n(yp)r(es)g(of)0 589 y(information.)47
b(There)31 b(can)f(b)r(e)i(m)n(ultiple)g(Data)f(A)n(ttributes)g(within)
h(a)f(pa)n(yload.)46 b(The)31 b(length)g(of)g(the)h(Data)f(A)n
(ttributes)0 689 y(will)i(either)g(b)r(e)g(4)g(o)r(ctets)g(or)f
(de\014ned)i(b)n(y)e(the)i(A)n(ttribute)f(Length)g(\014eld.)54
b(This)32 b(is)h(done)g(using)g(the)g(A)n(ttribute)h(F)-7
b(ormat)0 789 y(bit)31 b(describ)r(ed)f(b)r(elo)n(w.)45
b(Sp)r(eci\014c)31 b(information)e(ab)r(out)i(the)f(attributes)h(for)f
(eac)n(h)f(domain)h(will)h(b)r(e)f(describ)r(ed)g(in)h(a)f(DOI)0
888 y(do)r(cumen)n(t,)e(e.g.)36 b(IPSEC)27 b(DOI)h([IPDOI)o(].)1264
1142 y Fg(1)828 b(2)f(3)392 1242 y(0)43 b(1)h(2)f(3)g(4)g(5)g(6)g(7)h
(8)f(9)g(0)g(1)g(2)h(3)f(4)g(5)g(6)g(7)g(8)h(9)f(0)g(1)g(2)g(3)g(4)h(5)
f(6)g(7)g(8)g(9)g(0)h(1)349 1342 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+)o(-+-)o(+)349 1441 y(!A!)304 b(Attribute)39
b(Type)347 b(!)174 b(AF=0)86 b(Attribute)40 b(Length)215
b(!)349 1541 y(!F!)1262 b(!)174 b(AF=1)86 b(Attribute)40
b(Value)259 b(!)349 1641 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)
o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o
(-+)o(-+-)o(+)349 1740 y(.)827 b(AF=0)86 b(Attribute)40
b(Value)1000 b(.)349 1840 y(.)827 b(AF=1)86 b(Not)42
b(Transmitted)998 b(.)349 1939 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)
o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)
o(-+)o(-+)o(-+-)o(+)1478 2205 y Fk(Figure)27 b(4:)36
b(Data)28 b(A)n(ttributes)0 2400 y(The)g(Data)f(A)n(ttributes)h
(\014elds)g(are)e(de\014ned)i(as)f(follo)n(ws:)125 2665
y Fc(\017)41 b Fk(A)n(ttribute)30 b(T)n(yp)r(e)g(\(2)g(o)r(ctets\))h(-)
f(Unique)g(iden)n(ti\014er)g(for)g(eac)n(h)f(t)n(yp)r(e)i(of)f
(attribute.)45 b(These)29 b(attributes)i(are)e(de\014ned)208
2765 y(as)d(part)i(of)f(the)h(DOI-sp)r(eci\014c)g(information.)208
2898 y(The)i(most)g(signi\014can)n(t)g(bit,)i(or)d(A)n(ttribute)j(F)-7
b(ormat)29 b(\(AF\),)j(indicates)e(whether)h(the)g(data)f(attributes)g
(follo)n(w)g(the)208 2998 y(T)n(yp)r(e/Length/V)-7 b(alue)31
b(\(TL)-9 b(V\))33 b(format)f(or)g(a)g(shortened)g(T)n(yp)r(e/V)-7
b(alue)32 b(\(TV\))h(format.)51 b(If)33 b(the)g(AF)g(bit)h(is)e(a)g
(zero)208 3097 y(\(0\),)e(then)g(the)h(Data)e(A)n(ttributes)h(are)f(of)
h(the)g(T)n(yp)r(e/Length/V)-7 b(alue)29 b(\(TL)-9 b(V\))30
b(form.)43 b(If)30 b(the)h(AF)f(bit)g(is)g(a)f(one)h(\(1\),)208
3197 y(then)e(the)g(Data)f(A)n(ttributes)h(are)f(of)g(the)h(T)n(yp)r
(e/V)-7 b(alue)27 b(form.)125 3363 y Fc(\017)41 b Fk(A)n(ttribute)29
b(Length)g(\(2)f(o)r(ctets\))h(-)g(Length)g(in)g(o)r(ctets)f(of)h(the)g
(A)n(ttribute)h(V)-7 b(alue.)40 b(When)30 b(the)f(AF)g(bit)g(is)g(a)f
(one)h(\(1\),)208 3462 y(the)f(A)n(ttribute)g(V)-7 b(alue)27
b(is)h(only)f(2)g(o)r(ctets)h(and)f(the)h(A)n(ttribute)g(Length)g
(\014eld)g(is)f(not)h(presen)n(t.)125 3629 y Fc(\017)41
b Fk(A)n(ttribute)31 b(V)-7 b(alue)31 b(\(v)-5 b(ariable)31
b(length\))g(-)g(V)-7 b(alue)31 b(of)g(the)h(attribute)f(asso)r(ciated)
f(with)h(the)h(DOI-sp)r(eci\014c)e(A)n(ttribute)208 3728
y(T)n(yp)r(e.)36 b(If)26 b(the)g(AF)h(bit)f(is)g(a)f(zero)g(\(0\),)h
(this)g(\014eld)g(has)g(a)f(v)-5 b(ariable)25 b(length)h(de\014ned)g(b)
n(y)f(the)i(A)n(ttribute)f(Length)g(\014eld.)208 3828
y(If)i(the)g(AF)g(bit)g(is)f(a)h(one)f(\(1\),)h(the)g(A)n(ttribute)g(V)
-7 b(alue)27 b(has)g(a)h(length)f(of)h(2)f(o)r(ctets.)0
4160 y Fj(3.4)112 b(Securit)m(y)37 b(Asso)s(ciation)f(P)m(a)m(yload)0
4413 y Fk(The)g(Securit)n(y)f(Asso)r(ciation)f(P)n(a)n(yload)f(is)j
(used)f(to)h(negotiate)e(securit)n(y)h(attributes)g(and)h(to)f
(indicate)h(the)g(Domain)f(of)0 4512 y(In)n(terpretation)27
b(\(DOI\))h(and)g(Situation)g(under)g(whic)n(h)g(the)g(negotiation)f
(is)g(taking)h(place.)37 b(Figure)27 b(5)h(sho)n(ws)e(the)j(format)0
4612 y(of)f(the)g(Securit)n(y)f(Asso)r(ciation)f(pa)n(yload.)0
4811 y(The)i(Securit)n(y)f(Asso)r(ciation)f(P)n(a)n(yload)g(\014elds)h
(are)g(de\014ned)h(as)f(follo)n(ws:)125 5077 y Fc(\017)41
b Fk(Next)34 b(P)n(a)n(yload)e(\(1)j(o)r(ctet\))g(-)f(Iden)n(ti\014er)g
(for)g(the)h(pa)n(yload)e(t)n(yp)r(e)h(of)h(the)g Fb(next)e
Fk(pa)n(yload)g(in)i(the)g(message.)56 b(If)35 b(the)208
5176 y(curren)n(t)24 b(pa)n(yload)g(is)i(the)f(last)h(in)f(the)h
(message,)f(then)h(this)g(\014eld)g(will)f(b)r(e)h(0.)36
b(This)26 b(\014eld)f(MUST)h(NOT)g(con)n(tain)f(the)208
5276 y(v)-5 b(alues)29 b(for)g(the)g(Prop)r(osal)f(or)g(T)-7
b(ransform)28 b(pa)n(yloads)g(as)h(they)g(are)g(considered)f(part)h(of)
g(the)h(securit)n(y)f(asso)r(ciation)208 5376 y(negotiation.)35
b(F)-7 b(or)25 b(example,)h(this)g(\014eld)g(w)n(ould)f(con)n(tain)g
(the)h(v)-5 b(alue)26 b("10")e(\(Nonce)h(pa)n(yload\))g(in)h(the)g
(\014rst)f(message)0 5656 y(Maughan,)i(Sc)n(hertler,)f(Sc)n(hneider,)i
(T)-7 b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25
b(.ps)478 b([P)n(age)26 b(21])p eop
%%Page: 22 22
22 21 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)1264 441 y Fg(1)828 b(2)f(3)392
541 y(0)43 b(1)h(2)f(3)g(4)g(5)g(6)g(7)h(8)f(9)g(0)g(1)g(2)h(3)f(4)g(5)
g(6)g(7)g(8)h(9)f(0)g(1)g(2)g(3)g(4)h(5)f(6)g(7)g(8)g(9)g(0)h(1)349
640 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)
o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349
740 y(!)f(Next)f(Payload)84 b(!)130 b(RESERVED)171 b(!)392
b(Payload)41 b(Length)346 b(!)349 839 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o
(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349 939 y(!)609 b(Domain)42
b(of)g(Interpretation)82 b(\(DOI\))782 b(!)349 1039 y(+-+-+-+-+-+-+-+)o
(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349 1138 y(!)2745
b(!)349 1238 y(~)1176 b(Situation)d(~)349 1338 y(!)2745
b(!)349 1437 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o
(+)1240 1703 y Fk(Figure)27 b(5:)37 b(Securit)n(y)27
b(Asso)r(ciation)f(P)n(a)n(yload)208 1942 y(of)35 b(a)g(Base)f(Exc)n
(hange)g(\(see)h(Section)g(4.4\))g(and)g(the)h(v)-5 b(alue)35
b("0")f(in)i(the)f(\014rst)g(message)f(of)i(an)f(Iden)n(tit)n(y)g
(Protect)208 2042 y(Exc)n(hange)25 b(\(see)j(Section)f(4.5\).)125
2195 y Fc(\017)41 b Fk(RESER)-9 b(VED)27 b(\(1)g(o)r(ctet\))h(-)g(Un)n
(used,)f(set)h(to)f(0.)125 2348 y Fc(\017)41 b Fk(P)n(a)n(yload)24
b(Length)j(\(2)h(o)r(ctets\))f(-)g(Length)g(in)h(o)r(ctets)f(of)g(the)h
(en)n(tire)e(Securit)n(y)h(Asso)r(ciation)g(pa)n(yload,)e(including)j
(the)208 2448 y(SA)g(pa)n(yload,)e(all)h(Prop)r(osal)f(pa)n(yloads,)g
(and)i(all)f(T)-7 b(ransform)26 b(pa)n(yloads)g(asso)r(ciated)h(with)h
(the)g(prop)r(osed)f(Securit)n(y)208 2547 y(Asso)r(ciation.)125
2701 y Fc(\017)41 b Fk(Domain)25 b(of)h(In)n(terpretation)f(\(4)g(o)r
(ctets\))i(-)e(Iden)n(ti\014es)h(the)g(DOI)g(\(as)g(describ)r(ed)f(in)h
(Section)g(2.1\))f(under)h(whic)n(h)g(this)208 2800 y(negotiation)j(is)
i(taking)g(place.)46 b(The)31 b(DOI)g(is)g(a)f(32-bit)g(unsigned)h(in)n
(teger.)46 b(A)31 b(DOI)g(v)-5 b(alue)31 b(of)g(0)f(during)h(a)f(Phase)
208 2900 y(1)i(exc)n(hange)f(sp)r(eci\014es)h(a)g(Generic)g(ISAKMP)g
(SA)h(whic)n(h)f(can)g(b)r(e)h(used)g(for)f(an)n(y)f(proto)r(col)g
(during)h(the)h(Phase)e(2)208 2999 y(exc)n(hange.)37
b(The)29 b(necessary)d(SA)j(A)n(ttributes)g(are)e(de\014ned)i(in)g
(A.4.)39 b(A)29 b(DOI)f(v)-5 b(alue)28 b(of)h(1)f(is)g(assigned)f(to)h
(the)h(IPsec)208 3099 y(DOI)34 b([IPDOI].)58 b(All)35
b(other)g(DOI)f(v)-5 b(alues)35 b(are)e(reserv)n(ed)g(to)i(IANA)h(for)e
(future)h(use.)58 b(IANA)36 b(will)e(not)h(normally)208
3199 y(assign)g(a)i(DOI)g(v)-5 b(alue)37 b(without)g(referencing)f
(some)g(public)i(sp)r(eci\014cation,)h(suc)n(h)e(as)f(an)h(In)n(ternet)
g(RF)n(C.)g(Other)208 3298 y(DOI's)d(can)g(b)r(e)h(de\014ned)f(using)g
(the)h(description)f(in)h(app)r(endix)f(B.)57 b(This)35
b(\014eld)f(MUST)h(b)r(e)g(presen)n(t)f(within)h(the)208
3398 y(Securit)n(y)27 b(Asso)r(ciation)f(pa)n(yload.)125
3551 y Fc(\017)41 b Fk(Situation)27 b(\(v)-5 b(ariable)27
b(length\))h(-)g(A)g(DOI-sp)r(eci\014c)f(\014eld)h(that)g(iden)n
(ti\014es)g(the)g(situation)g(under)f(whic)n(h)h(this)g(negoti-)208
3651 y(ation)f(is)h(taking)f(place.)38 b(The)28 b(Situation)g(is)f
(used)h(to)g(mak)n(e)f(p)r(olicy)h(decisions)f(regarding)f(the)i
(securit)n(y)f(attributes)208 3750 y(b)r(eing)e(negotiated.)36
b(Sp)r(eci\014cs)26 b(for)f(the)h(IETF)f(IP)g(Securit)n(y)h(DOI)f
(Situation)h(are)f(detailed)g(in)h([IPDOI].)36 b(This)26
b(\014eld)208 3850 y(MUST)i(b)r(e)g(presen)n(t)f(within)h(the)g
(Securit)n(y)f(Asso)r(ciation)g(pa)n(yload.)0 4090 y(The)h(pa)n(yload)e
(t)n(yp)r(e)h(for)h(the)g(Securit)n(y)f(Asso)r(ciation)f(P)n(a)n(yload)
f(is)j(one)f(\(1\).)0 4416 y Fj(3.5)112 b(Prop)s(osal)37
b(P)m(a)m(yload)0 4669 y Fk(The)g(Prop)r(osal)f(P)n(a)n(yload)f(con)n
(tains)h(information)h(used)g(during)g(Securit)n(y)g(Asso)r(ciation)g
(negotiation.)65 b(The)38 b(prop)r(osal)0 4769 y(consists)28
b(of)h(securit)n(y)f(mec)n(hanisms,)g(or)g(transforms,)f(to)i(b)r(e)g
(used)g(to)g(secure)f(the)h(comm)n(unications)e(c)n(hannel.)40
b(Figure)28 b(6)0 4868 y(sho)n(ws)e(the)i(format)f(of)h(the)g(Prop)r
(osal)d(P)n(a)n(yload.)35 b(A)28 b(description)f(of)g(its)h(use)g(can)f
(b)r(e)h(found)g(in)g(section)f(4.2.)0 5068 y(The)h(Prop)r(osal)d(P)n
(a)n(yload)g(\014elds)j(are)e(de\014ned)i(as)f(follo)n(ws:)125
5308 y Fc(\017)41 b Fk(Next)27 b(P)n(a)n(yload)e(\(1)i(o)r(ctet\))h(-)f
(Iden)n(ti\014er)g(for)g(the)g(pa)n(yload)f(t)n(yp)r(e)h(of)h(the)f
Fb(next)f Fk(pa)n(yload)g(in)i(the)f(message.)36 b(This)27
b(\014eld)208 5407 y(MUST)32 b(only)g(con)n(tain)f(the)i(v)-5
b(alue)32 b("2")f(or)g("0".)49 b(If)33 b(there)e(are)h(additional)f
(Prop)r(osal)f(pa)n(yloads)h(in)h(the)g(message,)0 5656
y(Maughan,)27 b(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(22])p eop
%%Page: 23 23
23 22 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)1264 441 y Fg(1)828 b(2)f(3)392
541 y(0)43 b(1)h(2)f(3)g(4)g(5)g(6)g(7)h(8)f(9)g(0)g(1)g(2)h(3)f(4)g(5)
g(6)g(7)g(8)h(9)f(0)g(1)g(2)g(3)g(4)h(5)f(6)g(7)g(8)g(9)g(0)h(1)349
640 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)
o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349
740 y(!)f(Next)f(Payload)84 b(!)130 b(RESERVED)171 b(!)392
b(Payload)41 b(Length)346 b(!)349 839 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o
(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349 939 y(!)86 b(Proposal)41
b(#)130 b(!)87 b(Protocol-Id)82 b(!)174 b(SPI)43 b(Size)129
b(!#)43 b(of)f(Transforms!)349 1039 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)
o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+)o(-+-)o(+)349 1138 y(!)1045 b(SPI)43 b(\(variable\))1085
b(!)349 1238 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o
(+)1305 1504 y Fk(Figure)27 b(6:)36 b(Prop)r(osal)26
b(P)n(a)n(yload)f(F)-7 b(ormat)208 1769 y(then)35 b(this)f(\014eld)h
(will)g(b)r(e)g(2.)57 b(If)35 b(the)g(curren)n(t)e(Prop)r(osal)g(pa)n
(yload)g(is)h(the)h(last)f(within)h(the)g(securit)n(y)f(asso)r(ciation)
208 1868 y(prop)r(osal,)26 b(then)i(this)g(\014eld)g(will)f(b)r(e)h(0.)
125 2035 y Fc(\017)41 b Fk(RESER)-9 b(VED)27 b(\(1)g(o)r(ctet\))h(-)g
(Un)n(used,)f(set)h(to)f(0.)125 2201 y Fc(\017)41 b Fk(P)n(a)n(yload)23
b(Length)i(\(2)g(o)r(ctets\))h(-)f(Length)g(in)h(o)r(ctets)g(of)f(the)h
(en)n(tire)f(Prop)r(osal)e(pa)n(yload,)i(including)g(generic)g(pa)n
(yload)208 2300 y(header,)i(the)i(Prop)r(osal)c(pa)n(yload,)i(and)h
(all)g(T)-7 b(ransform)27 b(pa)n(yloads)f(asso)r(ciated)h(with)h(this)h
(prop)r(osal.)37 b(In)28 b(the)h(ev)n(en)n(t)208 2400
y(there)23 b(are)g(m)n(ultiple)h(prop)r(osals)e(with)j(the)f(same)f
(prop)r(osal)f(n)n(um)n(b)r(er)i(\(see)f(section)h(4.2\),)g(the)g(P)n
(a)n(yload)d(Length)j(\014eld)208 2499 y(only)j(applies)g(to)g(the)h
(curren)n(t)f(Prop)r(osal)f(pa)n(yload)g(and)h(not)h(to)f(all)g(Prop)r
(osal)f(pa)n(yloads.)125 2665 y Fc(\017)41 b Fk(Prop)r(osal)29
b(#)k(\(1)f(o)r(ctet\))g(-)g(Iden)n(ti\014es)g(the)g(Prop)r(osal)e(n)n
(um)n(b)r(er)i(for)g(the)g(curren)n(t)f(pa)n(yload.)49
b(A)32 b(description)g(of)g(the)208 2765 y(use)27 b(of)h(this)f
(\014eld)h(is)g(found)g(in)g(section)f(4.2.)125 2931
y Fc(\017)41 b Fk(Proto)r(col-Id)31 b(\(1)j(o)r(ctet\))g(-)f(Sp)r
(eci\014es)h(the)g(proto)r(col)e(iden)n(ti\014er)i(for)f(the)h(curren)n
(t)f(negotiation.)54 b(Examples)32 b(migh)n(t)208 3031
y(include)c(IPSEC)e(ESP)-7 b(,)27 b(IPSEC)g(AH,)h(OSPF,)f(TLS,)h(etc.)
125 3197 y Fc(\017)41 b Fk(SPI)25 b(Size)g(\(1)g(o)r(ctet\))h(-)f
(Length)g(in)h(o)r(ctets)f(of)g(the)h(SPI)f(as)g(de\014ned)h(b)n(y)f
(the)g(Proto)r(col-Id.)34 b(In)26 b(the)g(case)e(of)h(ISAKMP)-7
b(,)208 3296 y(the)26 b(Initiator)f(and)h(Resp)r(onder)g(co)r(okie)f
(pair)g(from)h(the)g(ISAKMP)g(Header)f(is)h(the)h(ISAKMP)e(SPI,)h
(therefore,)g(the)208 3396 y(SPI)c(Size)h(is)g(irrelev)-5
b(an)n(t)21 b(and)i(MA)-7 b(Y)23 b(b)r(e)h(from)e(zero)g(\(0\))h(to)f
(sixteen)h(\(16\).)35 b(If)23 b(the)g(SPI)g(Size)g(is)f(non-zero,)g
(the)h(con)n(ten)n(t)208 3496 y(of)h(the)g(SPI)g(\014eld)g(MUST)h(b)r
(e)f(ignored.)35 b(If)24 b(the)h(SPI)e(Size)i(is)f(not)g(a)f(m)n
(ultiple)i(of)f(4)g(o)r(ctets)g(it)g(will)h(ha)n(v)n(e)d(some)i(impact)
208 3595 y(on)e(the)i(SPI)e(\014eld)i(and)f(the)g(alignmen)n(t)g(of)g
(all)g(pa)n(yloads)e(in)i(the)g(message.)34 b(The)24
b(Domain)e(of)i(In)n(terpretation)d(\(DOI\))208 3695
y(will)27 b(dictate)h(the)g(SPI)f(Size)h(for)f(other)g(proto)r(cols.)
125 3861 y Fc(\017)41 b Fk(#)36 b(of)g(T)-7 b(ransforms)34
b(\(1)i(o)r(ctet\))h(-)f(Sp)r(eci\014es)g(the)h(n)n(um)n(b)r(er)e(of)h
(transforms)f(for)h(the)g(Prop)r(osal.)60 b(Eac)n(h)35
b(of)h(these)g(is)208 3961 y(con)n(tained)26 b(in)i(a)g(T)-7
b(ransform)26 b(pa)n(yload.)125 4127 y Fc(\017)41 b Fk(SPI)26
b(\(v)-5 b(ariable\))25 b(-)h(The)h(sending)f(en)n(tit)n(y's)g(SPI.)g
(In)g(the)h(ev)n(en)n(t)f(the)g(SPI)g(Size)g(is)h(not)f(a)g(m)n
(ultiple)h(of)f(4)g(o)r(ctets,)g(there)208 4226 y(is)h(no)g(padding)h
(applied)f(to)h(the)g(pa)n(yload,)e(ho)n(w)n(ev)n(er,)f(it)j(can)f(b)r
(e)h(applied)g(at)g(the)g(end)f(of)h(the)g(message.)0
4492 y(The)g(pa)n(yload)e(t)n(yp)r(e)h(for)h(the)g(Prop)r(osal)d(P)n(a)
n(yload)g(is)j(t)n(w)n(o)e(\(2\).)0 4824 y Fj(3.6)112
b(T)-9 b(ransform)37 b(P)m(a)m(yload)0 5077 y Fk(The)28
b(T)-7 b(ransform)26 b(P)n(a)n(yload)g(con)n(tains)h(information)g
(used)h(during)f(Securit)n(y)h(Asso)r(ciation)f(negotiation.)37
b(The)27 b(T)-7 b(ransform)0 5176 y(pa)n(yload)29 b(consists)h(of)h(a)g
(sp)r(eci\014c)g(securit)n(y)f(mec)n(hanism,)h(or)f(transforms,)h(to)g
(b)r(e)g(used)g(to)g(secure)f(the)h(comm)n(unications)0
5276 y(c)n(hannel.)k(The)23 b(T)-7 b(ransform)22 b(pa)n(yload)f(also)h
(con)n(tains)g(the)i(securit)n(y)e(asso)r(ciation)f(attributes)i(asso)r
(ciated)f(with)h(the)h(sp)r(eci\014c)0 5656 y(Maughan,)j(Sc)n(hertler,)
f(Sc)n(hneider,)i(T)-7 b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25
b(.ps)478 b([P)n(age)26 b(23])p eop
%%Page: 24 24
24 23 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)1264 441 y Fg(1)828 b(2)f(3)392
541 y(0)43 b(1)h(2)f(3)g(4)g(5)g(6)g(7)h(8)f(9)g(0)g(1)g(2)h(3)f(4)g(5)
g(6)g(7)g(8)h(9)f(0)g(1)g(2)g(3)g(4)h(5)f(6)g(7)g(8)g(9)g(0)h(1)349
640 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)
o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349
740 y(!)f(Next)f(Payload)84 b(!)130 b(RESERVED)171 b(!)392
b(Payload)41 b(Length)346 b(!)349 839 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o
(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349 939 y(!)86 b(Transform)40
b(#)87 b(!)g(Transform-Id)38 b(!)479 b(RESERVED2)d(!)349
1039 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349
1138 y(!)2745 b(!)349 1238 y(~)1045 b(SA)43 b(Attributes)1129
b(~)349 1338 y(!)2745 b(!)349 1437 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+)o(-+-)o(+)1276 1703 y Fk(Figure)27 b(7:)37
b(T)-7 b(ransform)26 b(P)n(a)n(yload)f(F)-7 b(ormat)0
1941 y(transform.)42 b(These)30 b(SA)g(attributes)g(are)f(DOI-sp)r
(eci\014c.)43 b(Figure)30 b(7)f(sho)n(ws)g(the)h(format)f(of)h(the)g(T)
-7 b(ransform)29 b(P)n(a)n(yload.)41 b(A)0 2041 y(description)27
b(of)h(its)f(use)h(can)f(b)r(e)h(found)g(in)g(section)f(4.2.)0
2240 y(The)h(T)-7 b(ransform)26 b(P)n(a)n(yload)f(\014elds)j(are)e
(de\014ned)i(as)f(follo)n(ws:)125 2479 y Fc(\017)41 b
Fk(Next)27 b(P)n(a)n(yload)e(\(1)i(o)r(ctet\))h(-)f(Iden)n(ti\014er)g
(for)g(the)g(pa)n(yload)f(t)n(yp)r(e)h(of)h(the)f Fb(next)f
Fk(pa)n(yload)g(in)i(the)f(message.)36 b(This)27 b(\014eld)208
2578 y(MUST)h(only)g(con)n(tain)f(the)i(v)-5 b(alue)28
b("3")e(or)i("0".)37 b(If)28 b(there)g(are)f(additional)h(T)-7
b(ransform)26 b(pa)n(yloads)h(in)h(the)h(prop)r(osal,)208
2678 y(then)j(this)h(\014eld)g(will)g(b)r(e)f(3.)51 b(If)33
b(the)g(curren)n(t)f(T)-7 b(ransform)31 b(pa)n(yload)f(is)j(the)g(last)
f(within)h(the)g(prop)r(osal,)f(then)h(this)208 2778
y(\014eld)27 b(will)h(b)r(e)g(0.)125 2930 y Fc(\017)41
b Fk(RESER)-9 b(VED)27 b(\(1)g(o)r(ctet\))h(-)g(Un)n(used,)f(set)h(to)f
(0.)125 3083 y Fc(\017)41 b Fk(P)n(a)n(yload)32 b(Length)j(\(2)g(o)r
(ctets\))h(-)f(Length)g(in)g(o)r(ctets)g(of)g(the)h(curren)n(t)e(pa)n
(yload,)i(including)f(the)h(generic)e(pa)n(yload)208
3182 y(header,)26 b(T)-7 b(ransform)27 b(v)-5 b(alues,)27
b(and)g(all)h(SA)g(A)n(ttributes.)125 3335 y Fc(\017)41
b Fk(T)-7 b(ransform)33 b(#)i(\(1)g(o)r(ctet\))h(-)e(Iden)n(ti\014es)h
(the)h(T)-7 b(ransform)33 b(n)n(um)n(b)r(er)i(for)f(the)i(curren)n(t)e
(pa)n(yload.)57 b(If)35 b(there)g(is)g(more)208 3434
y(than)25 b(one)g(transform)g(prop)r(osed)f(for)h(a)g(sp)r(eci\014c)h
(proto)r(col)f(within)h(the)g(Prop)r(osal)d(pa)n(yload,)i(then)h(eac)n
(h)e(T)-7 b(ransform)208 3534 y(pa)n(yload)26 b(has)h(a)g(unique)h(T)-7
b(ransform)26 b(n)n(um)n(b)r(er.)36 b(A)28 b(description)f(of)h(the)g
(use)f(of)h(this)g(\014eld)g(is)f(found)h(in)g(section)f(4.2.)125
3687 y Fc(\017)41 b Fk(T)-7 b(ransform-Id)21 b(\(1)j(o)r(ctet\))g(-)f
(Sp)r(eci\014es)h(the)g(T)-7 b(ransform)22 b(iden)n(ti\014er)h(for)g
(the)h(proto)r(col)f(within)h(the)g(curren)n(t)f(prop)r(osal.)208
3786 y(These)k(transforms)f(are)h(de\014ned)h(b)n(y)f(the)h(DOI)g(and)f
(are)g(dep)r(enden)n(t)h(on)f(the)h(proto)r(col)f(b)r(eing)g
(negotiated.)125 3939 y Fc(\017)41 b Fk(RESER)-9 b(VED2)26
b(\(2)i(o)r(ctets\))f(-)h(Un)n(used,)f(set)h(to)g(0.)125
4091 y Fc(\017)41 b Fk(SA)30 b(A)n(ttributes)g(\(v)-5
b(ariable)28 b(length\))i(-)g(This)f(\014eld)h(con)n(tains)f(the)h
(securit)n(y)e(asso)r(ciation)g(attributes)i(as)f(de\014ned)h(for)208
4191 y(the)38 b(transform)g(giv)n(en)f(in)i(the)g(T)-7
b(ransform-Id)37 b(\014eld.)69 b(The)39 b(SA)g(A)n(ttributes)f(SHOULD)h
(b)r(e)g(represen)n(ted)e(using)208 4291 y(the)32 b(Data)h(A)n
(ttributes)f(format)g(describ)r(ed)g(in)h(section)f(3.3.)50
b(If)33 b(the)g(SA)g(A)n(ttributes)f(are)g(not)g(aligned)g(on)g(4-b)n
(yte)208 4390 y(b)r(oundaries,)25 b(then)h(subsequen)n(t)f(pa)n(yloads)
f(will)i(not)g(b)r(e)g(aligned)f(and)h(an)n(y)f(padding)g(will)h(b)r(e)
g(added)g(at)f(the)h(end)g(of)208 4490 y(the)i(message)e(to)h(mak)n(e)g
(the)h(message)e(4-o)r(ctet)h(aligned.)0 4728 y(The)h(pa)n(yload)e(t)n
(yp)r(e)h(for)h(the)g(T)-7 b(ransform)26 b(P)n(a)n(yload)f(is)i(three)h
(\(3\).)0 5055 y Fj(3.7)112 b(Key)38 b(Exc)m(hange)g(P)m(a)m(yload)0
5308 y Fk(The)f(Key)f(Exc)n(hange)f(P)n(a)n(yload)g(supp)r(orts)h(a)h
(v)-5 b(ariet)n(y)36 b(of)g(k)n(ey)h(exc)n(hange)e(tec)n(hniques.)65
b(Example)36 b(k)n(ey)g(exc)n(hanges)f(are)0 5407 y(Oakley)26
b([Oakley)o(],)i(Di\016e-Hellman,)g(the)g(enhanced)f(Di\016e-Hellman)h
(k)n(ey)f(exc)n(hange)f(describ)r(ed)h(in)h(X9.42)f([ANSI],)h(and)0
5656 y(Maughan,)f(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(24])p eop
%%Page: 25 25
25 24 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y(the)h(RSA-based)f(k)n(ey)g(exc)n
(hange)f(used)i(b)n(y)f(PGP)-7 b(.)27 b(Figure)g(8)g(sho)n(ws)g(the)h
(format)f(of)g(the)h(Key)f(Exc)n(hange)f(pa)n(yload.)1264
640 y Fg(1)828 b(2)f(3)392 739 y(0)43 b(1)h(2)f(3)g(4)g(5)g(6)g(7)h(8)f
(9)g(0)g(1)g(2)h(3)f(4)g(5)g(6)g(7)g(8)h(9)f(0)g(1)g(2)g(3)g(4)h(5)f(6)
g(7)g(8)g(9)g(0)h(1)349 839 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o
(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o
(-+)o(-+)o(-+-)o(+)349 939 y(!)f(Next)f(Payload)84 b(!)130
b(RESERVED)171 b(!)392 b(Payload)41 b(Length)346 b(!)349
1038 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349
1138 y(!)2745 b(!)349 1237 y(~)1002 b(Key)42 b(Exchange)e(Data)1001
b(~)349 1337 y(!)2745 b(!)349 1437 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+)o(-+-)o(+)1204 1702 y Fk(Figure)27 b(8:)36
b(Key)27 b(Exc)n(hange)f(P)n(a)n(yload)f(F)-7 b(ormat)0
1902 y(The)28 b(Key)f(Exc)n(hange)e(P)n(a)n(yload)g(\014elds)j(are)f
(de\014ned)h(as)f(follo)n(ws:)125 2167 y Fc(\017)41 b
Fk(Next)34 b(P)n(a)n(yload)e(\(1)j(o)r(ctet\))g(-)f(Iden)n(ti\014er)g
(for)g(the)h(pa)n(yload)e(t)n(yp)r(e)h(of)h(the)g Fb(next)e
Fk(pa)n(yload)g(in)i(the)g(message.)56 b(If)35 b(the)208
2267 y(curren)n(t)26 b(pa)n(yload)g(is)i(the)g(last)f(in)h(the)g
(message,)e(then)i(this)g(\014eld)g(will)g(b)r(e)g(0.)125
2433 y Fc(\017)41 b Fk(RESER)-9 b(VED)27 b(\(1)g(o)r(ctet\))h(-)g(Un)n
(used,)f(set)h(to)f(0.)125 2599 y Fc(\017)41 b Fk(P)n(a)n(yload)32
b(Length)j(\(2)g(o)r(ctets\))h(-)f(Length)g(in)g(o)r(ctets)g(of)g(the)h
(curren)n(t)e(pa)n(yload,)i(including)f(the)h(generic)e(pa)n(yload)208
2699 y(header.)125 2865 y Fc(\017)41 b Fk(Key)33 b(Exc)n(hange)e(Data)j
(\(v)-5 b(ariable)33 b(length\))h(-)g(Data)f(required)g(to)g(generate)g
(a)g(session)g(k)n(ey)-7 b(.)54 b(The)34 b(in)n(terpretation)208
2964 y(of)29 b(this)h(data)f(is)h(sp)r(eci\014ed)g(b)n(y)f(the)h(DOI)g
(and)f(the)h(asso)r(ciated)e(Key)h(Exc)n(hange)f(algorithm.)42
b(This)29 b(\014eld)h(ma)n(y)f(also)208 3064 y(con)n(tain)d(pre-placed)
h(k)n(ey)g(indicators.)0 3330 y(The)h(pa)n(yload)e(t)n(yp)r(e)h(for)h
(the)g(Key)e(Exc)n(hange)g(P)n(a)n(yload)f(is)j(four)f(\(4\).)0
3662 y Fj(3.8)112 b(Iden)m(ti\014cation)36 b(P)m(a)m(yload)0
3915 y Fk(The)h(Iden)n(ti\014cation)g(P)n(a)n(yload)e(con)n(tains)h
(DOI-sp)r(eci\014c)h(data)g(used)g(to)g(exc)n(hange)f(iden)n
(ti\014cation)h(information.)65 b(This)0 4014 y(information)27
b(is)g(used)g(for)g(determining)g(the)g(iden)n(tities)h(of)f(comm)n
(unicating)f(p)r(eers)h(and)g(ma)n(y)g(b)r(e)g(used)h(for)e
(determining)0 4114 y(authen)n(ticit)n(y)i(of)f(information.)36
b(Figure)27 b(9)g(sho)n(ws)g(the)h(format)f(of)h(the)g(Iden)n
(ti\014cation)f(P)n(a)n(yload.)0 4313 y(The)h(Iden)n(ti\014cation)f(P)n
(a)n(yload)e(\014elds)j(are)e(de\014ned)i(as)f(follo)n(ws:)125
4579 y Fc(\017)41 b Fk(Next)34 b(P)n(a)n(yload)e(\(1)j(o)r(ctet\))g(-)f
(Iden)n(ti\014er)g(for)g(the)h(pa)n(yload)e(t)n(yp)r(e)h(of)h(the)g
Fb(next)e Fk(pa)n(yload)g(in)i(the)g(message.)56 b(If)35
b(the)208 4678 y(curren)n(t)26 b(pa)n(yload)g(is)i(the)g(last)f(in)h
(the)g(message,)e(then)i(this)g(\014eld)g(will)g(b)r(e)g(0.)125
4844 y Fc(\017)41 b Fk(RESER)-9 b(VED)27 b(\(1)g(o)r(ctet\))h(-)g(Un)n
(used,)f(set)h(to)f(0.)125 5010 y Fc(\017)41 b Fk(P)n(a)n(yload)32
b(Length)j(\(2)g(o)r(ctets\))h(-)f(Length)g(in)g(o)r(ctets)g(of)g(the)h
(curren)n(t)e(pa)n(yload,)i(including)f(the)h(generic)e(pa)n(yload)208
5110 y(header.)125 5276 y Fc(\017)41 b Fk(ID)28 b(T)n(yp)r(e)f(\(1)h(o)
r(ctet\))g(-)f(Sp)r(eci\014es)h(the)g(t)n(yp)r(e)g(of)f(Iden)n
(ti\014cation)h(b)r(eing)f(used.)37 b(This)28 b(\014eld)g(is)f(DOI-dep)
r(enden)n(t.)0 5656 y(Maughan,)g(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(25])p eop
%%Page: 26 26
26 25 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)1264 441 y Fg(1)828 b(2)f(3)392
541 y(0)43 b(1)h(2)f(3)g(4)g(5)g(6)g(7)h(8)f(9)g(0)g(1)g(2)h(3)f(4)g(5)
g(6)g(7)g(8)h(9)f(0)g(1)g(2)g(3)g(4)h(5)f(6)g(7)g(8)g(9)g(0)h(1)349
640 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)
o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349
740 y(!)f(Next)f(Payload)84 b(!)130 b(RESERVED)171 b(!)392
b(Payload)41 b(Length)346 b(!)349 839 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o
(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349 939 y(!)130 b(ID)43
b(Type)216 b(!)566 b(DOI)43 b(Specific)d(ID)j(Data)608
b(!)349 1039 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o
(+)349 1138 y(!)2745 b(!)349 1238 y(~)827 b(Identification)38
b(Data)1088 b(~)349 1338 y(!)2745 b(!)349 1437 y(+-+-+-+-+-+-+-+)o(-+-)
o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o
(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)1224 1703 y Fk(Figure)27
b(9:)36 b(Iden)n(ti\014cation)28 b(P)n(a)n(yload)d(F)-7
b(ormat)125 1968 y Fc(\017)41 b Fk(DOI)27 b(Sp)r(eci\014c)i(ID)f(Data)g
(\(3)g(o)r(ctets\))g(-)f(Con)n(tains)g(DOI)h(sp)r(eci\014c)g(Iden)n
(ti\014cation)g(data.)37 b(If)28 b(un)n(used,)g(then)h(this)f(\014eld)
208 2068 y(MUST)g(b)r(e)g(set)f(to)h(0.)125 2234 y Fc(\017)41
b Fk(Iden)n(ti\014cation)23 b(Data)g(\(v)-5 b(ariable)23
b(length\))h(-)f(Con)n(tains)f(iden)n(tit)n(y)i(information.)35
b(The)23 b(v)-5 b(alues)23 b(for)g(this)h(\014eld)g(are)e(DOI-)208
2333 y(sp)r(eci\014c)i(and)g(the)h(format)f(is)h(sp)r(eci\014ed)f(b)n
(y)h(the)f(ID)h(T)n(yp)r(e)g(\014eld.)36 b(Sp)r(eci\014c)25
b(details)f(for)g(the)h(IETF)f(IP)g(Securit)n(y)g(DOI)208
2433 y(Iden)n(ti\014cation)j(Data)g(are)g(detailed)h(in)f([IPDOI].)0
2699 y(The)h(pa)n(yload)e(t)n(yp)r(e)h(for)h(the)g(Iden)n(ti\014cation)
f(P)n(a)n(yload)e(is)i(\014v)n(e)h(\(5\).)0 3031 y Fj(3.9)112
b(Certi\014cate)37 b(P)m(a)m(yload)0 3284 y Fk(The)c(Certi\014cate)g(P)
n(a)n(yload)e(pro)n(vides)h(a)h(means)g(to)g(transp)r(ort)f
(certi\014cates)h(or)f(other)h(certi\014cate-related)f(information)0
3383 y(via)40 b(ISAKMP)g(and)g(can)g(app)r(ear)f(in)i(an)n(y)e(ISAKMP)h
(message.)74 b(Certi\014cate)40 b(pa)n(yloads)e(SHOULD)j(b)r(e)g
(included)g(in)0 3483 y(an)36 b(exc)n(hange)e(whenev)n(er)h(an)h
(appropriate)e(directory)h(service)g(\(e.g.)62 b(Secure)36
b(DNS)h([DNSSEC]\))g(is)e(not)h(a)n(v)-5 b(ailable)35
b(to)0 3582 y(distribute)27 b(certi\014cates.)35 b(The)27
b(Certi\014cate)f(pa)n(yload)f(MUST)i(b)r(e)g(accepted)f(at)g(an)n(y)g
(p)r(oin)n(t)g(during)g(an)h(exc)n(hange.)35 b(Figure)0
3682 y(10)27 b(sho)n(ws)f(the)i(format)f(of)h(the)g(Certi\014cate)f(P)n
(a)n(yload.)0 3881 y Fg(NOTE:)h Fk(Certi\014cate)h(t)n(yp)r(es)h(and)f
(formats)g(are)g(not)h(generally)e(b)r(ound)i(to)g(a)f(DOI)h(-)g(it)g
(is)g(exp)r(ected)g(that)g(there)f(will)h(only)0 3981
y(b)r(e)e(a)f(few)h(certi\014cate)f(t)n(yp)r(es,)h(and)f(that)h(most)f
(DOIs)h(will)g(accept)f(all)g(of)h(these)f(t)n(yp)r(es.)0
4180 y(The)h(Certi\014cate)f(P)n(a)n(yload)e(\014elds)j(are)e
(de\014ned)i(as)f(follo)n(ws:)125 4446 y Fc(\017)41 b
Fk(Next)34 b(P)n(a)n(yload)e(\(1)j(o)r(ctet\))g(-)f(Iden)n(ti\014er)g
(for)g(the)h(pa)n(yload)e(t)n(yp)r(e)h(of)h(the)g Fb(next)e
Fk(pa)n(yload)g(in)i(the)g(message.)56 b(If)35 b(the)208
4546 y(curren)n(t)26 b(pa)n(yload)g(is)i(the)g(last)f(in)h(the)g
(message,)e(then)i(this)g(\014eld)g(will)g(b)r(e)g(0.)125
4712 y Fc(\017)41 b Fk(RESER)-9 b(VED)27 b(\(1)g(o)r(ctet\))h(-)g(Un)n
(used,)f(set)h(to)f(0.)125 4878 y Fc(\017)41 b Fk(P)n(a)n(yload)32
b(Length)j(\(2)g(o)r(ctets\))h(-)f(Length)g(in)g(o)r(ctets)g(of)g(the)h
(curren)n(t)e(pa)n(yload,)i(including)f(the)h(generic)e(pa)n(yload)0
5656 y(Maughan,)27 b(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(26])p eop
%%Page: 27 27
27 26 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)1264 441 y Fg(1)828 b(2)f(3)392
541 y(0)43 b(1)h(2)f(3)g(4)g(5)g(6)g(7)h(8)f(9)g(0)g(1)g(2)h(3)f(4)g(5)
g(6)g(7)g(8)h(9)f(0)g(1)g(2)g(3)g(4)h(5)f(6)g(7)g(8)g(9)g(0)h(1)349
640 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)
o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349
740 y(!)f(Next)f(Payload)84 b(!)130 b(RESERVED)171 b(!)392
b(Payload)41 b(Length)346 b(!)349 839 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o
(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349 939 y(!)43 b(Cert)f(Encoding)e(!)2048
b(!)349 1039 y(+-+-+-+-+-+-+-+)o(-+)2042 b(!)349 1138
y(~)1002 b(Certificate)39 b(Data)1044 b(~)349 1238 y(!)2745
b(!)349 1338 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o
(+)1254 1603 y Fk(Figure)27 b(10:)36 b(Certi\014cate)27
b(P)n(a)n(yload)e(F)-7 b(ormat)208 1868 y(header.)125
2035 y Fc(\017)41 b Fk(Certi\014cate)29 b(Enco)r(ding)h(\(1)g(o)r
(ctet\))h(-)f(This)g(\014eld)h(indicates)f(the)h(t)n(yp)r(e)f(of)h
(certi\014cate)f(or)f(certi\014cate-related)g(infor-)208
2134 y(mation)e(con)n(tained)g(in)h(the)g(Certi\014cate)f(Data)g
(\014eld.)1548 2328 y(Certi\014cate)g(T)n(yp)r(e)523
b(V)-7 b(alue)p 1134 2362 1841 4 v 1183 2431 a(NONE)1315
b(0)1183 2531 y(PK)n(CS)27 b(#7)g(wrapp)r(ed)g(X.509)g(certi\014cate)
251 b(1)1183 2631 y(PGP)27 b(Certi\014cate)990 b(2)1183
2730 y(DNS)29 b(Signed)e(Key)962 b(3)1183 2830 y(X.509)27
b(Certi\014cate)g(-)g(Signature)529 b(4)1183 2929 y(X.509)27
b(Certi\014cate)g(-)g(Key)g(Exc)n(hange)354 b(5)1183
3029 y(Kerb)r(eros)26 b(T)-7 b(ok)n(ens)968 b(6)1183
3129 y(Certi\014cate)27 b(Rev)n(o)r(cation)g(List)g(\(CRL\))332
b(7)1183 3228 y(Authorit)n(y)28 b(Rev)n(o)r(cation)e(List)i(\(ARL\))350
b(8)1183 3328 y(SPKI)27 b(Certi\014cate)971 b(9)1183
3428 y(X.509)27 b(Certi\014cate)g(-)g(A)n(ttribute)514
b(10)1183 3527 y(RESER)-9 b(VED)996 b(11)26 b(-)i(255)125
3844 y Fc(\017)41 b Fk(Certi\014cate)d(Data)h(\(v)-5
b(ariable)39 b(length\))h(-)f(Actual)g(enco)r(ding)g(of)g
(certi\014cate)g(data.)71 b(The)40 b(t)n(yp)r(e)f(of)g(certi\014cate)g
(is)208 3943 y(indicated)27 b(b)n(y)h(the)g(Certi\014cate)f(Enco)r
(ding)g(\014eld.)0 4209 y(The)h(pa)n(yload)e(t)n(yp)r(e)h(for)h(the)g
(Certi\014cate)f(P)n(a)n(yload)e(is)i(six)h(\(6\).)0
4541 y Fj(3.10)112 b(Certi\014cate)37 b(Request)g(P)m(a)m(yload)0
4794 y Fk(The)c(Certi\014cate)f(Request)g(P)n(a)n(yload)e(pro)n(vides)h
(a)h(means)g(to)h(request)f(certi\014cates)g(via)g(ISAKMP)g(and)g(can)g
(app)r(ear)g(in)0 4893 y(an)n(y)d(message.)43 b(Certi\014cate)29
b(Request)h(pa)n(yloads)e(SHOULD)j(b)r(e)f(included)h(in)f(an)g(exc)n
(hange)e(whenev)n(er)h(an)h(appropriate)0 4993 y(directory)k(service)g
(\(e.g.)60 b(Secure)34 b(DNS)i([DNSSEC)q(]\))g(is)f(not)g(a)n(v)-5
b(ailable)34 b(to)h(distribute)g(certi\014cates.)59 b(The)36
b(Certi\014cate)0 5093 y(Request)e(pa)n(yload)e(MUST)i(b)r(e)g
(accepted)f(at)h(an)n(y)f(p)r(oin)n(t)h(during)f(the)h(exc)n(hange.)54
b(The)33 b(resp)r(onder)g(to)g(the)i(Certi\014cate)0
5192 y(Request)d(pa)n(yload)e(MUST)i(send)g(its)g(certi\014cate,)g(if)g
(certi\014cates)f(are)g(supp)r(orted,)i(based)e(on)g(the)h(v)-5
b(alues)32 b(con)n(tained)f(in)0 5292 y(the)h(pa)n(yload.)47
b(If)32 b(m)n(ultiple)h(certi\014cates)d(are)h(required,)h(then)g(m)n
(ultiple)g(Certi\014cate)f(Request)h(pa)n(yloads)d(SHOULD)k(b)r(e)0
5656 y(Maughan,)27 b(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(27])p eop
%%Page: 28 28
28 27 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)1264 441 y Fg(1)828 b(2)f(3)392
541 y(0)43 b(1)h(2)f(3)g(4)g(5)g(6)g(7)h(8)f(9)g(0)g(1)g(2)h(3)f(4)g(5)
g(6)g(7)g(8)h(9)f(0)g(1)g(2)g(3)g(4)h(5)f(6)g(7)g(8)g(9)g(0)h(1)349
640 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)
o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349
740 y(!)f(Next)f(Payload)84 b(!)130 b(RESERVED)171 b(!)392
b(Payload)41 b(Length)346 b(!)349 839 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o
(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349 939 y(!)86 b(Cert.)42
b(Type)129 b(!)2048 b(!)349 1039 y(+-+-+-+-+-+-+-+)o(-+)2042
b(!)349 1138 y(~)871 b(Certificate)39 b(Authority)955
b(~)349 1238 y(!)2745 b(!)349 1338 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+)o(-+-)o(+)1095 1703 y Fk(Figure)27 b(11:)36
b(Certi\014cate)27 b(Request)h(P)n(a)n(yload)d(F)-7 b(ormat)0
1968 y(transmitted.)37 b(Figure)27 b(11)g(sho)n(ws)f(the)i(format)f(of)
h(the)g(Certi\014cate)f(Request)g(P)n(a)n(yload.)0 2167
y(The)h(Certi\014cate)f(P)n(a)n(yload)e(\014elds)j(are)e(de\014ned)i
(as)f(follo)n(ws:)125 2433 y Fc(\017)41 b Fk(Next)34
b(P)n(a)n(yload)e(\(1)j(o)r(ctet\))g(-)f(Iden)n(ti\014er)g(for)g(the)h
(pa)n(yload)e(t)n(yp)r(e)h(of)h(the)g Fb(next)e Fk(pa)n(yload)g(in)i
(the)g(message.)56 b(If)35 b(the)208 2533 y(curren)n(t)26
b(pa)n(yload)g(is)i(the)g(last)f(in)h(the)g(message,)e(then)i(this)g
(\014eld)g(will)g(b)r(e)g(0.)125 2699 y Fc(\017)41 b
Fk(RESER)-9 b(VED)27 b(\(1)g(o)r(ctet\))h(-)g(Un)n(used,)f(set)h(to)f
(0.)125 2865 y Fc(\017)41 b Fk(P)n(a)n(yload)32 b(Length)j(\(2)g(o)r
(ctets\))h(-)f(Length)g(in)g(o)r(ctets)g(of)g(the)h(curren)n(t)e(pa)n
(yload,)i(including)f(the)h(generic)e(pa)n(yload)208
2964 y(header.)125 3130 y Fc(\017)41 b Fk(Certi\014cate)20
b(T)n(yp)r(e)h(\(1)g(o)r(ctet\))h(-)f(Con)n(tains)f(an)h(enco)r(ding)g
(of)g(the)h(t)n(yp)r(e)f(of)g(certi\014cate)g(requested.)34
b(Acceptable)21 b(v)-5 b(alues)208 3230 y(are)26 b(listed)i(in)g
(section)f(3.9.)125 3396 y Fc(\017)41 b Fk(Certi\014cate)32
b(Authorit)n(y)h(\(v)-5 b(ariable)33 b(length\))g(-)g(Con)n(tains)g(an)
g(enco)r(ding)g(of)g(an)g(acceptable)f(certi\014cate)h(authorit)n(y)208
3496 y(for)d(the)h(t)n(yp)r(e)g(of)f(certi\014cate)g(requested.)46
b(As)30 b(an)h(example,)g(for)f(an)g(X.509)g(certi\014cate)g(this)h
(\014eld)g(w)n(ould)f(con)n(tain)208 3595 y(the)h(Distinguished)h(Name)
g(enco)r(ding)f(of)g(the)h(Issuer)f(Name)g(of)g(an)h(X.509)e
(certi\014cate)h(authorit)n(y)f(acceptable)h(to)208 3695
y(the)24 b(sender)g(of)g(this)h(pa)n(yload.)34 b(This)25
b(w)n(ould)f(b)r(e)h(included)f(to)h(assist)e(the)i(resp)r(onder)e(in)i
(determining)f(ho)n(w)g(m)n(uc)n(h)g(of)208 3795 y(the)i(certi\014cate)
f(c)n(hain)g(w)n(ould)g(need)h(to)g(b)r(e)g(sen)n(t)g(in)g(resp)r(onse)
f(to)g(this)h(request.)36 b(If)26 b(there)g(is)f(no)h(sp)r(eci\014c)g
(certi\014cate)208 3894 y(authorit)n(y)g(requested,)h(this)h(\014eld)g
(SHOULD)g(not)g(b)r(e)g(included.)0 4160 y(The)g(pa)n(yload)e(t)n(yp)r
(e)h(for)h(the)g(Certi\014cate)f(Request)g(P)n(a)n(yload)e(is)j(sev)n
(en)f(\(7\).)0 4492 y Fj(3.11)112 b(Hash)38 b(P)m(a)m(yload)0
4745 y Fk(The)g(Hash)g(P)n(a)n(yload)e(con)n(tains)i(data)g(generated)f
(b)n(y)h(the)g(hash)g(function)h(\(selected)g(during)f(the)g(SA)h
(establishmen)n(t)0 4844 y(exc)n(hange\),)31 b(o)n(v)n(er)e(some)h
(part)g(of)h(the)g(message)f(and/or)f(ISAKMP)h(state.)47
b(This)30 b(pa)n(yload)g(ma)n(y)g(b)r(e)h(used)g(to)g(v)n(erify)f(the)0
4944 y(in)n(tegrit)n(y)k(of)g(the)h(data)g(in)f(an)h(ISAKMP)f(message)f
(or)h(for)g(authen)n(tication)g(of)h(the)g(negotiating)f(en)n(tities.)
58 b(Figure)34 b(12)0 5044 y(sho)n(ws)26 b(the)i(format)f(of)h(the)g
(Hash)f(P)n(a)n(yload.)0 5243 y(The)h(Hash)f(P)n(a)n(yload)e(\014elds)j
(are)e(de\014ned)i(as)f(follo)n(ws:)0 5656 y(Maughan,)g(Sc)n(hertler,)f
(Sc)n(hneider,)i(T)-7 b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25
b(.ps)478 b([P)n(age)26 b(28])p eop
%%Page: 29 29
29 28 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)1264 441 y Fg(1)828 b(2)f(3)392
541 y(0)43 b(1)h(2)f(3)g(4)g(5)g(6)g(7)h(8)f(9)g(0)g(1)g(2)h(3)f(4)g(5)
g(6)g(7)g(8)h(9)f(0)g(1)g(2)g(3)g(4)h(5)f(6)g(7)g(8)g(9)g(0)h(1)349
640 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)
o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349
740 y(!)f(Next)f(Payload)84 b(!)130 b(RESERVED)171 b(!)392
b(Payload)41 b(Length)346 b(!)349 839 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o
(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349 939 y(!)2745 b(!)349
1039 y(~)1176 b(Hash)42 b(Data)1175 b(~)349 1138 y(!)2745
b(!)349 1238 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o
(+)1352 1504 y Fk(Figure)27 b(12:)36 b(Hash)27 b(P)n(a)n(yload)e(F)-7
b(ormat)125 1769 y Fc(\017)41 b Fk(Next)34 b(P)n(a)n(yload)e(\(1)j(o)r
(ctet\))g(-)f(Iden)n(ti\014er)g(for)g(the)h(pa)n(yload)e(t)n(yp)r(e)h
(of)h(the)g Fb(next)e Fk(pa)n(yload)g(in)i(the)g(message.)56
b(If)35 b(the)208 1868 y(curren)n(t)26 b(pa)n(yload)g(is)i(the)g(last)f
(in)h(the)g(message,)e(then)i(this)g(\014eld)g(will)g(b)r(e)g(0.)125
2035 y Fc(\017)41 b Fk(RESER)-9 b(VED)27 b(\(1)g(o)r(ctet\))h(-)g(Un)n
(used,)f(set)h(to)f(0.)125 2201 y Fc(\017)41 b Fk(P)n(a)n(yload)32
b(Length)j(\(2)g(o)r(ctets\))h(-)f(Length)g(in)g(o)r(ctets)g(of)g(the)h
(curren)n(t)e(pa)n(yload,)i(including)f(the)h(generic)e(pa)n(yload)208
2300 y(header.)125 2466 y Fc(\017)41 b Fk(Hash)20 b(Data)g(\(v)-5
b(ariable)19 b(length\))i(-)f(Data)g(that)g(results)g(from)g(applying)g
(the)g(hash)g(routine)g(to)g(the)h(ISAKMP)f(message)208
2566 y(and/or)26 b(state.)0 2832 y(The)i(pa)n(yload)e(t)n(yp)r(e)h(for)
h(the)g(Hash)f(P)n(a)n(yload)e(is)i(eigh)n(t)h(\(8\).)0
3164 y Fj(3.12)112 b(Signature)38 b(P)m(a)m(yload)0 3416
y Fk(The)c(Signature)f(P)n(a)n(yload)e(con)n(tains)i(data)g(generated)g
(b)n(y)g(the)i(digital)e(signature)g(function)h(\(selected)g(during)f
(the)i(SA)0 3516 y(establishmen)n(t)f(exc)n(hange\),)i(o)n(v)n(er)d
(some)h(part)g(of)g(the)h(message)e(and/or)g(ISAKMP)i(state.)57
b(This)35 b(pa)n(yload)e(is)i(used)f(to)0 3616 y(v)n(erify)e(the)i(in)n
(tegrit)n(y)e(of)i(the)f(data)g(in)g(the)h(ISAKMP)f(message,)g(and)g
(ma)n(y)g(b)r(e)g(of)g(use)h(for)e(non-repudiation)g(services.)0
3715 y(Figure)27 b(13)g(sho)n(ws)f(the)i(format)f(of)h(the)g(Signature)
f(P)n(a)n(yload.)1264 3965 y Fg(1)828 b(2)f(3)392 4064
y(0)43 b(1)h(2)f(3)g(4)g(5)g(6)g(7)h(8)f(9)g(0)g(1)g(2)h(3)f(4)g(5)g(6)
g(7)g(8)h(9)f(0)g(1)g(2)g(3)g(4)h(5)f(6)g(7)g(8)g(9)g(0)h(1)349
4164 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349
4264 y(!)f(Next)f(Payload)84 b(!)130 b(RESERVED)171 b(!)392
b(Payload)41 b(Length)346 b(!)349 4363 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o
(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349 4463 y(!)2745 b(!)349
4563 y(~)1089 b(Signature)40 b(Data)1044 b(~)349 4662
y(!)2745 b(!)349 4762 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o
(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o
(-+)o(-+-)o(+)1270 5028 y Fk(Figure)27 b(13:)36 b(Signature)27
b(P)n(a)n(yload)e(F)-7 b(ormat)0 5227 y(The)28 b(Signature)e(P)n(a)n
(yload)g(\014elds)h(are)g(de\014ned)h(as)f(follo)n(ws:)0
5656 y(Maughan,)g(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(29])p eop
%%Page: 30 30
30 29 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)125 390 y Fc(\017)41 b Fk(Next)34
b(P)n(a)n(yload)e(\(1)j(o)r(ctet\))g(-)f(Iden)n(ti\014er)g(for)g(the)h
(pa)n(yload)e(t)n(yp)r(e)h(of)h(the)g Fb(next)e Fk(pa)n(yload)g(in)i
(the)g(message.)56 b(If)35 b(the)208 490 y(curren)n(t)26
b(pa)n(yload)g(is)i(the)g(last)f(in)h(the)g(message,)e(then)i(this)g
(\014eld)g(will)g(b)r(e)g(0.)125 656 y Fc(\017)41 b Fk(RESER)-9
b(VED)27 b(\(1)g(o)r(ctet\))h(-)g(Un)n(used,)f(set)h(to)f(0.)125
822 y Fc(\017)41 b Fk(P)n(a)n(yload)32 b(Length)j(\(2)g(o)r(ctets\))h
(-)f(Length)g(in)g(o)r(ctets)g(of)g(the)h(curren)n(t)e(pa)n(yload,)i
(including)f(the)h(generic)e(pa)n(yload)208 922 y(header.)125
1088 y Fc(\017)41 b Fk(Signature)32 b(Data)h(\(v)-5 b(ariable)33
b(length\))h(-)f(Data)g(that)h(results)e(from)h(applying)g(the)h
(digital)f(signature)f(function)i(to)208 1187 y(the)28
b(ISAKMP)f(message)f(and/or)g(state.)0 1453 y(The)i(pa)n(yload)e(t)n
(yp)r(e)h(for)h(the)g(Signature)e(P)n(a)n(yload)f(is)j(nine)g(\(9\).)0
1785 y Fj(3.13)112 b(Nonce)38 b(P)m(a)m(yload)0 2038
y Fk(The)23 b(Nonce)g(P)n(a)n(yload)d(con)n(tains)i(random)g(data)g
(used)h(to)g(guaran)n(tee)e(liv)n(eness)h(during)g(an)h(exc)n(hange)e
(and)i(protect)f(against)0 2137 y(repla)n(y)31 b(attac)n(ks.)49
b(Figure)32 b(14)f(sho)n(ws)g(the)i(format)e(of)h(the)h(Nonce)f(P)n(a)n
(yload.)48 b(If)32 b(nonces)g(are)f(used)h(b)n(y)g(a)g(particular)f(k)n
(ey)0 2237 y(exc)n(hange,)21 b(the)h(use)f(of)g(the)h(Nonce)f(pa)n
(yload)f(will)h(b)r(e)h(dictated)g(b)n(y)f(the)h(k)n(ey)e(exc)n(hange.)
34 b(The)21 b(nonces)g(ma)n(y)f(b)r(e)i(transmitted)0
2337 y(as)30 b(part)h(of)g(the)g(k)n(ey)f(exc)n(hange)g(data,)h(or)g
(as)f(a)g(separate)g(pa)n(yload.)46 b(Ho)n(w)n(ev)n(er,)30
b(this)h(is)g(de\014ned)g(b)n(y)g(the)g(k)n(ey)f(exc)n(hange,)0
2436 y(not)e(b)n(y)f(ISAKMP)-7 b(.)1264 2686 y Fg(1)828
b(2)f(3)392 2785 y(0)43 b(1)h(2)f(3)g(4)g(5)g(6)g(7)h(8)f(9)g(0)g(1)g
(2)h(3)f(4)g(5)g(6)g(7)g(8)h(9)f(0)g(1)g(2)g(3)g(4)h(5)f(6)g(7)g(8)g(9)
g(0)h(1)349 2885 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o
(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o
(-+-)o(+)349 2985 y(!)f(Next)f(Payload)84 b(!)130 b(RESERVED)171
b(!)392 b(Payload)41 b(Length)346 b(!)349 3084 y(+-+-+-+-+-+-+-+)o(-+-)
o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o
(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349 3184 y(!)2745
b(!)349 3284 y(~)1220 b(Nonce)41 b(Data)1088 b(~)349
3383 y(!)2745 b(!)349 3483 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o
(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o
(-+)o(-+)o(-+-)o(+)1331 3749 y Fk(Figure)27 b(14:)36
b(Nonce)27 b(P)n(a)n(yload)f(F)-7 b(ormat)0 3948 y(The)28
b(Nonce)f(P)n(a)n(yload)e(\014elds)j(are)e(de\014ned)i(as)f(follo)n
(ws:)125 4213 y Fc(\017)41 b Fk(Next)34 b(P)n(a)n(yload)e(\(1)j(o)r
(ctet\))g(-)f(Iden)n(ti\014er)g(for)g(the)h(pa)n(yload)e(t)n(yp)r(e)h
(of)h(the)g Fb(next)e Fk(pa)n(yload)g(in)i(the)g(message.)56
b(If)35 b(the)208 4313 y(curren)n(t)26 b(pa)n(yload)g(is)i(the)g(last)f
(in)h(the)g(message,)e(then)i(this)g(\014eld)g(will)g(b)r(e)g(0.)125
4479 y Fc(\017)41 b Fk(RESER)-9 b(VED)27 b(\(1)g(o)r(ctet\))h(-)g(Un)n
(used,)f(set)h(to)f(0.)125 4645 y Fc(\017)41 b Fk(P)n(a)n(yload)32
b(Length)j(\(2)g(o)r(ctets\))h(-)f(Length)g(in)g(o)r(ctets)g(of)g(the)h
(curren)n(t)e(pa)n(yload,)i(including)f(the)h(generic)e(pa)n(yload)208
4745 y(header.)125 4911 y Fc(\017)41 b Fk(Nonce)27 b(Data)g(\(v)-5
b(ariable)27 b(length\))h(-)f(Con)n(tains)g(the)h(random)f(data)g
(generated)f(b)n(y)i(the)g(transmitting)f(en)n(tit)n(y)-7
b(.)0 5176 y(The)28 b(pa)n(yload)e(t)n(yp)r(e)h(for)h(the)g(Nonce)f(P)n
(a)n(yload)e(is)i(ten)h(\(10\).)0 5656 y(Maughan,)f(Sc)n(hertler,)f(Sc)
n(hneider,)i(T)-7 b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25
b(.ps)478 b([P)n(age)26 b(30])p eop
%%Page: 31 31
31 30 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y Fj(3.14)112 b(Noti\014cation)36
b(P)m(a)m(yload)0 643 y Fk(The)c(Noti\014cation)f(P)n(a)n(yload)e(can)i
(con)n(tain)g(b)r(oth)h(ISAKMP)f(and)g(DOI-sp)r(eci\014c)h(data)f(and)g
(is)g(used)h(to)f(transmit)h(infor-)0 743 y(mational)h(data,)h(suc)n(h)
f(as)g(error)e(conditions,)j(to)f(an)g(ISAKMP)g(p)r(eer.)54
b(It)34 b(is)f(p)r(ossible)g(to)g(send)g(m)n(ultiple)h(Noti\014cation)0
842 y(pa)n(yloads)26 b(in)i(a)f(single)g(ISAKMP)g(message.)36
b(Figure)27 b(15)f(sho)n(ws)h(the)h(format)f(of)g(the)h(Noti\014cation)
g(P)n(a)n(yload.)0 1042 y(Noti\014cation)j(whic)n(h)g(o)r(ccurs)g
(during,)g(or)g(is)g(concerned)f(with,)j(a)e(Phase)f(1)h(negotiation)f
(is)h(iden)n(ti\014ed)h(b)n(y)f(the)h(Initiator)0 1141
y(and)22 b(Resp)r(onder)g(co)r(okie)g(pair)g(in)g(the)h(ISAKMP)f
(Header.)35 b(The)22 b(Proto)r(col)f(Iden)n(ti\014er,)j(in)e(this)h
(case,)g(is)f(ISAKMP)g(and)h(the)0 1241 y(SPI)i(v)-5
b(alue)25 b(is)h(0)f(b)r(ecause)g(the)g(co)r(okie)g(pair)g(in)g(the)h
(ISAKMP)f(Header)g(iden)n(ti\014es)g(the)h(ISAKMP)f(SA.)h(If)g(the)g
(noti\014cation)0 1340 y(tak)n(es)d(place)h(prior)f(to)h(the)h
(completed)f(exc)n(hange)f(of)h(k)n(eying)f(information,)i(then)g(the)f
(noti\014cation)g(will)g(b)r(e)h(unprotected.)0 1540
y(Noti\014cation)31 b(whic)n(h)g(o)r(ccurs)g(during,)g(or)g(is)g
(concerned)f(with,)j(a)e(Phase)f(2)h(negotiation)f(is)h(iden)n
(ti\014ed)h(b)n(y)f(the)h(Initiator)0 1639 y(and)25 b(Resp)r(onder)f
(co)r(okie)g(pair)h(in)g(the)g(ISAKMP)g(Header)f(and)h(the)g(Message)f
(ID)h(and)g(SPI)f(asso)r(ciated)g(with)i(the)f(curren)n(t)0
1739 y(negotiation.)36 b(One)27 b(example)g(for)g(this)h(t)n(yp)r(e)g
(of)g(noti\014cation)f(is)g(to)h(indicate)f(wh)n(y)h(a)f(prop)r(osal)f
(w)n(as)g(rejected.)1264 1980 y Fg(1)828 b(2)f(3)392
2080 y(0)43 b(1)h(2)f(3)g(4)g(5)g(6)g(7)h(8)f(9)g(0)g(1)g(2)h(3)f(4)g
(5)g(6)g(7)g(8)h(9)f(0)g(1)g(2)g(3)g(4)h(5)f(6)g(7)g(8)g(9)g(0)h(1)349
2179 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349
2279 y(!)f(Next)f(Payload)84 b(!)130 b(RESERVED)171 b(!)392
b(Payload)41 b(Length)346 b(!)349 2378 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o
(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349 2478 y(!)609 b(Domain)42
b(of)g(Interpretation)82 b(\(DOI\))782 b(!)349 2578 y(+-+-+-+-+-+-+-+)o
(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349 2677 y(!)86
b(Protocol-ID)d(!)130 b(SPI)43 b(Size)172 b(!)262 b(Notify)41
b(Message)f(Type)260 b(!)349 2777 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+)o(-+-)o(+)349 2877 y(!)2745 b(!)349 2976
y(~)697 b(Security)40 b(Parameter)g(Index)h(\(SPI\))739
b(~)349 3076 y(!)2745 b(!)349 3175 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+)o(-+-)o(+)349 3275 y(!)g(!)349 3375 y(~)1002
b(Notification)38 b(Data)1001 b(~)349 3474 y(!)2745 b(!)349
3574 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)
1230 3840 y Fk(Figure)27 b(15:)36 b(Noti\014cation)27
b(P)n(a)n(yload)e(F)-7 b(ormat)0 4030 y(The)28 b(Noti\014cation)f(P)n
(a)n(yload)e(\014elds)j(are)e(de\014ned)i(as)f(follo)n(ws:)125
4279 y Fc(\017)41 b Fk(Next)34 b(P)n(a)n(yload)e(\(1)j(o)r(ctet\))g(-)f
(Iden)n(ti\014er)g(for)g(the)h(pa)n(yload)e(t)n(yp)r(e)h(of)h(the)g
Fb(next)e Fk(pa)n(yload)g(in)i(the)g(message.)56 b(If)35
b(the)208 4379 y(curren)n(t)26 b(pa)n(yload)g(is)i(the)g(last)f(in)h
(the)g(message,)e(then)i(this)g(\014eld)g(will)g(b)r(e)g(0.)125
4536 y Fc(\017)41 b Fk(RESER)-9 b(VED)27 b(\(1)g(o)r(ctet\))h(-)g(Un)n
(used,)f(set)h(to)f(0.)125 4694 y Fc(\017)41 b Fk(P)n(a)n(yload)32
b(Length)j(\(2)g(o)r(ctets\))h(-)f(Length)g(in)g(o)r(ctets)g(of)g(the)h
(curren)n(t)e(pa)n(yload,)i(including)f(the)h(generic)e(pa)n(yload)208
4793 y(header.)125 4951 y Fc(\017)41 b Fk(Domain)25 b(of)h(In)n
(terpretation)f(\(4)g(o)r(ctets\))i(-)e(Iden)n(ti\014es)h(the)g(DOI)g
(\(as)g(describ)r(ed)f(in)h(Section)g(2.1\))f(under)h(whic)n(h)g(this)
208 5050 y(noti\014cation)j(is)h(taking)f(place.)43 b(F)-7
b(or)29 b(ISAKMP)h(this)g(v)-5 b(alue)30 b(is)f(zero)g(\(0\))h(and)g
(for)f(the)h(IPSEC)f(DOI)h(it)h(is)e(one)h(\(1\).)208
5150 y(Other)d(DOI's)g(can)g(b)r(e)h(de\014ned)g(using)f(the)h
(description)g(in)f(app)r(endix)h(B.)125 5308 y Fc(\017)41
b Fk(Proto)r(col-Id)31 b(\(1)i(o)r(ctet\))h(-)f(Sp)r(eci\014es)g(the)h
(proto)r(col)e(iden)n(ti\014er)h(for)g(the)h(curren)n(t)e
(noti\014cation.)54 b(Examples)32 b(migh)n(t)208 5407
y(include)c(ISAKMP)-7 b(,)27 b(IPSEC)g(ESP)-7 b(,)27
b(IPSEC)f(AH,)j(OSPF,)e(TLS,)g(etc.)0 5656 y(Maughan,)g(Sc)n(hertler,)f
(Sc)n(hneider,)i(T)-7 b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25
b(.ps)478 b([P)n(age)26 b(31])p eop
%%Page: 32 32
32 31 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)125 390 y Fc(\017)41 b Fk(SPI)25
b(Size)g(\(1)g(o)r(ctet\))h(-)f(Length)g(in)h(o)r(ctets)f(of)g(the)h
(SPI)f(as)g(de\014ned)h(b)n(y)f(the)g(Proto)r(col-Id.)34
b(In)26 b(the)g(case)e(of)h(ISAKMP)-7 b(,)208 490 y(the)26
b(Initiator)f(and)h(Resp)r(onder)g(co)r(okie)f(pair)g(from)h(the)g
(ISAKMP)g(Header)f(is)h(the)h(ISAKMP)e(SPI,)h(therefore,)g(the)208
589 y(SPI)c(Size)h(is)g(irrelev)-5 b(an)n(t)21 b(and)i(MA)-7
b(Y)23 b(b)r(e)h(from)e(zero)g(\(0\))h(to)f(sixteen)h(\(16\).)35
b(If)23 b(the)g(SPI)g(Size)g(is)f(non-zero,)g(the)h(con)n(ten)n(t)208
689 y(of)29 b(the)g(SPI)g(\014eld)h(MUST)g(b)r(e)f(ignored.)41
b(The)29 b(Domain)h(of)f(In)n(terpretation)f(\(DOI\))i(will)f(dictate)h
(the)f(SPI)g(Size)h(for)208 789 y(other)d(proto)r(cols.)125
955 y Fc(\017)41 b Fk(Notify)27 b(Message)f(T)n(yp)r(e)h(\(2)g(o)r
(ctets\))g(-)g(Sp)r(eci\014es)h(the)f(t)n(yp)r(e)h(of)f(noti\014cation)
g(message)f(\(see)h(section)f(3.14.1\).)36 b(Addi-)208
1054 y(tional)27 b(text,)h(if)g(sp)r(eci\014ed)g(b)n(y)f(the)h(DOI,)g
(is)f(placed)h(in)f(the)h(Noti\014cation)g(Data)f(\014eld.)125
1220 y Fc(\017)41 b Fk(SPI)27 b(\(v)-5 b(ariable)26 b(length\))i(-)f
(Securit)n(y)g(P)n(arameter)e(Index.)36 b(The)28 b(receiving)e(en)n
(tit)n(y's)h(SPI.)g(The)h(use)f(of)g(the)h(SPI)f(\014eld)208
1320 y(is)36 b(describ)r(ed)g(in)h(section)g(2.4.)63
b(The)36 b(length)h(of)g(this)g(\014eld)g(is)f(determined)h(b)n(y)f
(the)h(SPI)g(Size)f(\014eld)h(and)g(is)f(not)208 1420
y(necessarily)26 b(aligned)g(to)i(a)f(4)g(o)r(ctet)h(b)r(oundary)-7
b(.)125 1586 y Fc(\017)41 b Fk(Noti\014cation)26 b(Data)g(\(v)-5
b(ariable)25 b(length\))i(-)f(Informational)f(or)g(error)f(data)i
(transmitted)g(in)h(addition)f(to)g(the)h(Notify)208
1685 y(Message)f(T)n(yp)r(e.)36 b(V)-7 b(alues)28 b(for)f(this)h
(\014eld)g(are)e(DOI-sp)r(eci\014c.)0 1951 y(The)i(pa)n(yload)e(t)n(yp)
r(e)h(for)h(the)g(Noti\014cation)f(P)n(a)n(yload)e(is)i(elev)n(en)h
(\(11\).)0 2266 y Fe(3.14.1)93 b(Notify)32 b(Message)e(T)m(yp)s(es)0
2519 y Fk(Noti\014cation)23 b(information)g(can)f(b)r(e)i(error)d
(messages)h(sp)r(ecifying)h(wh)n(y)g(an)g(SA)h(could)f(not)g(b)r(e)h
(established.)35 b(It)24 b(can)e(also)h(b)r(e)0 2619
y(status)18 b(data)h(that)f(a)h(pro)r(cess)e(managing)g(an)i(SA)g
(database)e(wishes)h(to)h(comm)n(unicate)f(with)h(a)f(p)r(eer)h(pro)r
(cess.)32 b(F)-7 b(or)18 b(example,)0 2719 y(a)28 b(secure)f(fron)n(t)g
(end)i(or)e(securit)n(y)g(gatew)n(a)n(y)f(ma)n(y)h(use)h(the)h(Notify)f
(message)f(to)h(sync)n(hronize)e(SA)j(comm)n(unication.)37
b(The)0 2818 y(table)28 b(b)r(elo)n(w)g(lists)h(the)f(No\014tication)g
(messages)f(and)h(their)g(corresp)r(onding)f(v)-5 b(alues.)38
b(V)-7 b(alues)28 b(in)h(the)g(Priv)-5 b(ate)27 b(Use)h(range)0
2918 y(are)f(exp)r(ected)h(to)f(b)r(e)h(DOI-sp)r(eci\014c)f(v)-5
b(alues.)0 5656 y(Maughan,)27 b(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(32])p eop
%%Page: 33 33
33 32 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)1196 377 y(NOTIFY)h(MESSA)n(GES)f(-)h(ERR)n
(OR)e(TYPES)1558 576 y(Errors)765 b(V)-7 b(alue)p 966
609 1969 4 v 1016 679 a(INV)e(ALID-P)i(A)g(YLO)n(AD-TYPE)582
b(1)1016 779 y(DOI-NOT-SUPPOR)-7 b(TED)711 b(2)1016 878
y(SITUA)-7 b(TION-NOT-SUPPOR)g(TED)399 b(3)1016 978 y(INV)-9
b(ALID-COOKIE)911 b(4)1016 1078 y(INV)-9 b(ALID-MAJOR-VERSION)535
b(5)1016 1177 y(INV)-9 b(ALID-MINOR-VERSION)548 b(6)1016
1277 y(INV)-9 b(ALID-EX)n(CHANGE-TYPE)504 b(7)1016 1377
y(INV)-9 b(ALID-FLA)n(GS)976 b(8)1016 1476 y(INV)-9 b(ALID-MESSA)n
(GE-ID)725 b(9)1016 1576 y(INV)-9 b(ALID-PR)n(OTOCOL-ID)628
b(10)1016 1675 y(INV)-9 b(ALID-SPI)1099 b(11)1016 1775
y(INV)-9 b(ALID-TRANSF)n(ORM-ID)566 b(12)1016 1875 y(A)-7
b(TTRIBUTES-NOT-SUPPOR)g(TED)298 b(13)1016 1974 y(NO-PR)n
(OPOSAL-CHOSEN)614 b(14)1016 2074 y(BAD-PR)n(OPOSAL-SYNT)-7
b(AX)562 b(15)1016 2174 y(P)-7 b(A)g(YLO)n(AD-MALF)n(ORMED)613
b(16)1016 2273 y(INV)-9 b(ALID-KEY-INF)n(ORMA)i(TION)402
b(17)1016 2373 y(INV)-9 b(ALID-ID-INF)n(ORMA)i(TION)493
b(18)1016 2472 y(INV)-9 b(ALID-CER)i(T-ENCODING)509 b(19)1016
2572 y(INV)-9 b(ALID-CER)i(TIFICA)g(TE)655 b(20)1016
2672 y(CER)-7 b(T-TYPE-UNSUPPOR)g(TED)444 b(21)1016 2771
y(INV)-9 b(ALID-CER)i(T-A)n(UTHORITY)451 b(22)1016 2871
y(INV)-9 b(ALID-HASH-INF)n(ORMA)i(TION)354 b(23)1016
2971 y(A)n(UTHENTICA)-7 b(TION-F)e(AILED)490 b(24)1016
3070 y(INV)-9 b(ALID-SIGNA)i(TURE)734 b(25)1016 3170
y(ADDRESS-NOTIFICA)-7 b(TION)553 b(26)1016 3269 y(NOTIFY-SA-LIFETIME)
699 b(27)1016 3369 y(CER)-7 b(TIFICA)g(TE-UNA)e(V)g(AILABLE)403
b(28)1016 3469 y(RESER)-9 b(VED)27 b(\(F)-7 b(uture)28
b(Use\))541 b(29)26 b(-)i(8191)1016 3568 y(Priv)-5 b(ate)26
b(Use)991 b(8192)25 b(-)j(16383)1186 3859 y(NOTIFY)g(MESSA)n(GES)f(-)g
(ST)-7 b(A)g(TUS)29 b(TYPES)1522 3958 y(Status)619 b(V)-7
b(alue)p 1114 3992 1673 4 v 1164 4061 a(CONNECTED)674
b(16384)1164 4161 y(RESER)-9 b(VED)27 b(\(F)-7 b(uture)28
b(Use\))127 b(16385)26 b(-)h(24575)1164 4261 y(DOI-sp)r(eci\014c)g(co)r
(des)389 b(24576)26 b(-)h(32767)1164 4360 y(Priv)-5 b(ate)26
b(Use)639 b(32768)26 b(-)h(40959)1164 4460 y(RESER)-9
b(VED)27 b(\(F)-7 b(uture)28 b(Use\))113 b(40960)26 b(-)h(65535)0
4783 y Fj(3.15)112 b(Delete)37 b(P)m(a)m(yload)0 5036
y Fk(The)30 b(Delete)h(P)n(a)n(yload)c(con)n(tains)j(a)f(proto)r
(col-sp)r(eci\014c)g(securit)n(y)g(asso)r(ciation)g(iden)n(ti\014er)h
(that)g(the)h(sender)e(has)h(remo)n(v)n(ed)0 5136 y(from)f(its)h
(securit)n(y)f(asso)r(ciation)e(database)i(and)g(is,)h(therefore,)f(no)
g(longer)g(v)-5 b(alid.)42 b(Figure)29 b(16)g(sho)n(ws)f(the)i(format)f
(of)h(the)0 5235 y(Delete)i(P)n(a)n(yload.)44 b(It)32
b(is)e(p)r(ossible)h(to)g(send)g(m)n(ultiple)h(SPIs)e(in)h(a)g(Delete)h
(pa)n(yload,)e(ho)n(w)n(ev)n(er,)g(eac)n(h)g(SPI)h(MUST)g(b)r(e)h(for)0
5335 y(the)c(same)f(proto)r(col.)36 b(Mixing)27 b(of)h(Proto)r(col)d
(Iden)n(ti\014ers)i(MUST)i(NOT)e(b)r(e)h(p)r(erformed)f(with)h(the)g
(Delete)g(pa)n(yload.)0 5656 y(Maughan,)f(Sc)n(hertler,)f(Sc)n
(hneider,)i(T)-7 b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25
b(.ps)478 b([P)n(age)26 b(33])p eop
%%Page: 34 34
34 33 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y(Deletion)j(whic)n(h)f(is)h
(concerned)e(with)i(an)f(ISAKMP)g(SA)h(will)g(con)n(tain)f(a)g(Proto)r
(col-Id)e(of)j(ISAKMP)f(and)g(the)h(SPIs)f(are)0 490
y(the)e(initiator)e(and)h(resp)r(onder)f(co)r(okies)g(from)h(the)h
(ISAKMP)f(Header.)35 b(Deletion)27 b(whic)n(h)f(is)g(concerned)f(with)i
(a)f(Proto)r(col)0 589 y(SA,)33 b(suc)n(h)f(as)g(ESP)g(or)g(AH,)h(will)
g(con)n(tain)f(the)h(Proto)r(col-Id)e(of)h(that)h(proto)r(col)f(\(e.g.)
52 b(ESP)-7 b(,)32 b(AH\))h(and)g(the)g(SPI)f(is)h(the)0
689 y(sending)27 b(en)n(tit)n(y's)h(SPI\(s\).)0 888 y
Fg(NOTE:)33 b Fk(The)i(Delete)h(P)n(a)n(yload)c(is)j(not)g(a)g(request)
f(for)h(the)g(resp)r(onder)f(to)h(delete)g(an)g(SA,)g(but)h(an)f
(advisory)e(from)i(the)0 988 y(initiator)e(to)g(the)h(resp)r(onder.)54
b(If)34 b(the)g(resp)r(onder)e(c)n(ho)r(oses)g(to)h(ignore)g(the)g
(message,)h(the)g(next)g(comm)n(unication)e(from)0 1088
y(the)38 b(resp)r(onder)e(to)h(the)h(initiator,)h(using)e(that)h
(securit)n(y)e(asso)r(ciation,)i(will)g(fail.)66 b(A)38
b(resp)r(onder)e(is)h(not)h(exp)r(ected)f(to)0 1187 y(ac)n(kno)n
(wledge)25 b(receipt)j(of)f(a)g(Delete)i(pa)n(yload.)1264
1437 y Fg(1)828 b(2)f(3)392 1536 y(0)43 b(1)h(2)f(3)g(4)g(5)g(6)g(7)h
(8)f(9)g(0)g(1)g(2)h(3)f(4)g(5)g(6)g(7)g(8)h(9)f(0)g(1)g(2)g(3)g(4)h(5)
f(6)g(7)g(8)g(9)g(0)h(1)349 1636 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+)o(-+-)o(+)349 1736 y(!)f(Next)f(Payload)84
b(!)130 b(RESERVED)171 b(!)392 b(Payload)41 b(Length)346
b(!)349 1835 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o
(+)349 1935 y(!)609 b(Domain)42 b(of)g(Interpretation)82
b(\(DOI\))782 b(!)349 2035 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o
(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o
(-+)o(-+)o(-+-)o(+)349 2134 y(!)86 b(Protocol-Id)d(!)130
b(SPI)43 b(Size)172 b(!)479 b(#)44 b(of)e(SPIs)478 b(!)349
2234 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349
2333 y(!)2745 b(!)349 2433 y(~)653 b(Security)40 b(Parameter)g
(Index\(es\))g(\(SPI\))608 b(~)349 2533 y(!)2745 b(!)349
2632 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)
1328 2898 y Fk(Figure)27 b(16:)36 b(Delete)28 b(P)n(a)n(yload)d(F)-7
b(ormat)0 3097 y(The)28 b(Delete)g(P)n(a)n(yload)d(\014elds)j(are)e
(de\014ned)i(as)f(follo)n(ws:)125 3363 y Fc(\017)41 b
Fk(Next)34 b(P)n(a)n(yload)e(\(1)j(o)r(ctet\))g(-)f(Iden)n(ti\014er)g
(for)g(the)h(pa)n(yload)e(t)n(yp)r(e)h(of)h(the)g Fb(next)e
Fk(pa)n(yload)g(in)i(the)g(message.)56 b(If)35 b(the)208
3462 y(curren)n(t)26 b(pa)n(yload)g(is)i(the)g(last)f(in)h(the)g
(message,)e(then)i(this)g(\014eld)g(will)g(b)r(e)g(0.)125
3629 y Fc(\017)41 b Fk(RESER)-9 b(VED)27 b(\(1)g(o)r(ctet\))h(-)g(Un)n
(used,)f(set)h(to)f(0.)125 3795 y Fc(\017)41 b Fk(P)n(a)n(yload)32
b(Length)j(\(2)g(o)r(ctets\))h(-)f(Length)g(in)g(o)r(ctets)g(of)g(the)h
(curren)n(t)e(pa)n(yload,)i(including)f(the)h(generic)e(pa)n(yload)208
3894 y(header.)125 4060 y Fc(\017)41 b Fk(Domain)25 b(of)h(In)n
(terpretation)f(\(4)g(o)r(ctets\))i(-)e(Iden)n(ti\014es)h(the)g(DOI)g
(\(as)g(describ)r(ed)f(in)h(Section)g(2.1\))f(under)h(whic)n(h)g(this)
208 4160 y(deletion)d(is)g(taking)g(place.)35 b(F)-7
b(or)23 b(ISAKMP)g(this)h(v)-5 b(alue)23 b(is)h(zero)e(\(0\))i(and)f
(for)g(the)h(IPSEC)e(DOI)i(it)g(is)f(one)g(\(1\).)36
b(Other)208 4259 y(DOI's)27 b(can)g(b)r(e)h(de\014ned)g(using)f(the)h
(description)f(in)h(app)r(endix)g(B.)125 4426 y Fc(\017)41
b Fk(Proto)r(col-Id)34 b(\(1)i(o)r(ctet\))h(-)f(ISAKMP)g(can)f
(establish)h(securit)n(y)g(asso)r(ciations)e(for)i(v)-5
b(arious)35 b(proto)r(cols,)i(including)208 4525 y(ISAKMP)h(and)h
(IPSEC.)f(This)h(\014eld)g(iden)n(ti\014es)h(whic)n(h)f(securit)n(y)f
(asso)r(ciation)f(database)h(to)h(apply)f(the)i(delete)208
4625 y(request.)125 4791 y Fc(\017)h Fk(SPI)25 b(Size)g(\(1)g(o)r
(ctet\))h(-)f(Length)g(in)h(o)r(ctets)f(of)g(the)h(SPI)f(as)g
(de\014ned)h(b)n(y)f(the)g(Proto)r(col-Id.)34 b(In)26
b(the)g(case)e(of)h(ISAKMP)-7 b(,)208 4890 y(the)32 b(Initiator)f(and)g
(Resp)r(onder)g(co)r(okie)g(pair)g(is)g(the)h(ISAKMP)g(SPI.)f(In)h
(this)g(case,)g(the)g(SPI)f(Size)h(w)n(ould)f(b)r(e)h(16)208
4990 y(o)r(ctets)27 b(for)g(eac)n(h)g(SPI)g(b)r(eing)h(deleted.)125
5156 y Fc(\017)41 b Fk(#)31 b(of)g(SPIs)f(\(2)h(o)r(ctets\))h(-)e(The)i
(n)n(um)n(b)r(er)e(of)h(SPIs)g(con)n(tained)f(in)i(the)f(Delete)h(pa)n
(yload.)45 b(The)31 b(size)g(of)g(eac)n(h)f(SPI)h(is)208
5256 y(de\014ned)d(b)n(y)f(the)h(SPI)f(Size)h(\014eld.)0
5656 y(Maughan,)f(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(34])p eop
%%Page: 35 35
35 34 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)125 390 y Fc(\017)41 b Fk(Securit)n(y)23
b(P)n(arameter)f(Index\(es\))j(\(v)-5 b(ariable)23 b(length\))i(-)f
(Iden)n(ti\014es)g(the)h(sp)r(eci\014c)f(securit)n(y)g(asso)r
(ciation\(s\))f(to)h(delete.)208 490 y(V)-7 b(alues)30
b(for)g(this)h(\014eld)g(are)e(DOI)i(and)f(proto)r(col)g(sp)r
(eci\014c.)45 b(The)31 b(length)g(of)f(this)h(\014eld)g(is)f
(determined)h(b)n(y)f(the)h(SPI)208 589 y(Size)c(and)h(#)g(of)f(SPIs)g
(\014elds.)0 850 y(The)h(pa)n(yload)e(t)n(yp)r(e)h(for)h(the)g(Delete)g
(P)n(a)n(yload)d(is)i(t)n(w)n(elv)n(e)g(\(12\).)0 1180
y Fj(3.16)112 b(V)-9 b(endor)37 b(ID)g(P)m(a)m(yload)0
1433 y Fk(The)24 b(V)-7 b(endor)25 b(ID)f(P)n(a)n(yload)e(con)n(tains)i
(a)g(v)n(endor)f(de\014ned)i(constan)n(t.)35 b(The)24
b(constan)n(t)g(is)g(used)h(b)n(y)f(v)n(endors)f(to)h(iden)n(tify)h
(and)0 1533 y(recognize)30 b(remote)g(instances)h(of)h(their)f
(implemen)n(tations.)48 b(This)31 b(mec)n(hanism)g(allo)n(ws)f(a)h(v)n
(endor)f(to)h(exp)r(erimen)n(t)h(with)0 1633 y(new)23
b(features)g(while)g(main)n(taining)g(bac)n(kw)n(ards)d(compatibilit)n
(y)-7 b(.)36 b(This)23 b(is)g(not)g(a)g(general)f(extension)g(facilit)n
(y)h(of)g(ISAKMP)-7 b(.)0 1732 y(Figure)27 b(17)g(sho)n(ws)f(the)i
(format)f(of)h(the)g(V)-7 b(endor)27 b(ID)h(P)n(a)n(yload.)0
1931 y(The)g(V)-7 b(endor)27 b(ID)i(pa)n(yload)d(is)i(not)g(an)f
(announcemen)n(t)h(from)f(the)i(sender)e(that)h(it)g(will)g(send)g
(priv)-5 b(ate)28 b(pa)n(yload)e(t)n(yp)r(es.)38 b(A)0
2031 y(v)n(endor)29 b(sending)i(the)g(V)-7 b(endor)30
b(ID)h(MUST)g(not)g(mak)n(e)f(an)n(y)g(assumptions)f(ab)r(out)i(priv)-5
b(ate)30 b(pa)n(yloads)f(that)i(it)g(ma)n(y)f(send)0
2131 y(unless)g(a)h(V)-7 b(endor)30 b(ID)h(is)g(receiv)n(ed)f(as)g(w)n
(ell.)46 b(Multiple)31 b(V)-7 b(endor)30 b(ID)i(pa)n(yloads)c(MA)-7
b(Y)32 b(b)r(e)f(sen)n(t.)46 b(An)31 b(implemen)n(tation)g(is)0
2230 y(NOT)24 b(REQUIRED)g(to)g(understand)g(an)n(y)f(V)-7
b(endor)24 b(ID)h(pa)n(yloads.)34 b(An)25 b(implemen)n(tation)f(is)g
(NOT)g(REQUIRED)g(to)g(send)0 2330 y(an)n(y)h(V)-7 b(endor)26
b(ID)g(pa)n(yload)e(at)i(all.)36 b(If)26 b(a)g(priv)-5
b(ate)25 b(pa)n(yload)g(w)n(as)g(sen)n(t)g(without)i(prior)d(agreemen)n
(t)h(to)h(send)f(it,)i(a)f(complian)n(t)0 2430 y(implemen)n(tation)i
(ma)n(y)f(reject)g(a)g(prop)r(osal)f(with)i(a)g(notify)g(message)e(of)h
(t)n(yp)r(e)h(INV)-9 b(ALID-P)i(A)g(YLO)n(AD-TYPE.)0
2629 y(If)33 b(a)e(V)-7 b(endor)32 b(ID)g(pa)n(yload)f(is)h(sen)n(t,)h
(it)g(MUST)f(b)r(e)h(sen)n(t)f(during)f(the)i(Phase)e(1)h(negotiation.)
49 b(Reception)32 b(of)g(a)g(familiar)0 2728 y(V)-7 b(endor)23
b(ID)g(pa)n(yload)f(in)h(the)h(Phase)e(1)h(negotiation)f(allo)n(ws)g
(an)h(implemen)n(tation)g(to)g(mak)n(e)f(use)h(of)g(Priv)-5
b(ate)23 b(USE)g(pa)n(yload)0 2828 y(n)n(um)n(b)r(ers)k(\(128-255\),)d
(describ)r(ed)j(in)h(section)e(3.1)h(for)f(v)n(endor)g(sp)r(eci\014c)i
(extensions)e(during)h(Phase)f(2)h(negotiations.)35 b(The)0
2928 y(de\014nition)40 b(of)f("familiar")f(is)i(left)g(to)g(implemen)n
(tations)f(to)g(determine.)73 b(Some)40 b(v)n(endors)e(ma)n(y)h(wish)g
(to)g(implemen)n(t)0 3027 y(another)33 b(v)n(endor's)h(extension)g
(prior)f(to)h(standardization.)56 b(Ho)n(w)n(ev)n(er,)34
b(this)h(practice)f(SHOULD)h(not)f(b)r(e)h(widespread)0
3127 y(and)27 b(v)n(endors)g(should)g(w)n(ork)f(to)n(w)n(ards)g
(standardization)g(instead.)0 3326 y(The)h(v)n(endor)f(de\014ned)i
(constan)n(t)e(MUST)i(b)r(e)g(unique.)37 b(The)27 b(c)n(hoice)g(of)g
(hash)g(and)g(text)g(to)h(hash)e(is)h(left)h(to)g(the)f(v)n(endor)f(to)
0 3426 y(decide.)36 b(As)23 b(an)g(example,)h(v)n(endors)f(could)g
(generate)f(their)i(v)n(endor)e(id)i(b)n(y)f(taking)g(a)g(plain)g
(\(non-k)n(ey)n(ed\))g(hash)g(of)h(a)f(string)0 3525
y(con)n(taining)30 b(the)i(pro)r(duct)f(name,)h(and)f(the)h(v)n(ersion)
e(of)h(the)h(pro)r(duct.)48 b(A)31 b(hash)g(is)g(used)g(instead)h(of)f
(a)g(v)n(endor)f(registry)0 3625 y(to)f(a)n(v)n(oid)e(lo)r(cal)h
(cryptographic)f(p)r(olicy)i(problems)f(with)h(ha)n(ving)f(a)h(list)g
(of)g("appro)n(v)n(ed")d(pro)r(ducts,)i(to)h(k)n(eep)g(a)n(w)n(a)n(y)d
(from)0 3725 y(main)n(taining)33 b(a)f(list)i(of)f(v)n(endors,)g(and)g
(to)g(allo)n(w)f(classi\014ed)h(pro)r(ducts)f(to)h(a)n(v)n(oid)f(ha)n
(ving)g(to)h(app)r(ear)g(on)f(an)n(y)h(list.)54 b(F)-7
b(or)0 3824 y(instance:)0 4024 y("Example)26 b(Compan)n(y)h(IPsec.)36
b(V)-7 b(ersion)27 b(97.1")0 4223 y(\(not)21 b(including)h(the)f
(quotes\))g(has)g(MD5)g(hash:)33 b(48544f9b1fe662af98b9b39e5)o(0c0)o
(1a)o(5a)o(,)17 b(when)k(using)g(MD5\014le.)35 b(V)-7
b(endors)0 4322 y(ma)n(y)26 b(include)h(all)g(of)g(the)g(hash,)g(or)e
(just)j(a)e(p)r(ortion)h(of)f(it,)i(as)e(the)h(pa)n(yload)f(length)h
(will)g(b)r(ound)g(the)g(data.)36 b(There)27 b(are)e(no)0
4422 y(securit)n(y)i(implications)g(of)h(this)f(hash,)h(so)f(its)g(c)n
(hoice)g(is)h(arbitrary)-7 b(.)0 4621 y(The)28 b(V)-7
b(endor)27 b(ID)h(P)n(a)n(yload)d(\014elds)j(are)e(de\014ned)i(as)f
(follo)n(ws:)125 4881 y Fc(\017)41 b Fk(Next)34 b(P)n(a)n(yload)e(\(1)j
(o)r(ctet\))g(-)f(Iden)n(ti\014er)g(for)g(the)h(pa)n(yload)e(t)n(yp)r
(e)h(of)h(the)g Fb(next)e Fk(pa)n(yload)g(in)i(the)g(message.)56
b(If)35 b(the)208 4981 y(curren)n(t)26 b(pa)n(yload)g(is)i(the)g(last)f
(in)h(the)g(message,)e(then)i(this)g(\014eld)g(will)g(b)r(e)g(0.)125
5144 y Fc(\017)41 b Fk(RESER)-9 b(VED)27 b(\(1)g(o)r(ctet\))h(-)g(Un)n
(used,)f(set)h(to)f(0.)125 5308 y Fc(\017)41 b Fk(P)n(a)n(yload)32
b(Length)j(\(2)g(o)r(ctets\))h(-)f(Length)g(in)g(o)r(ctets)g(of)g(the)h
(curren)n(t)e(pa)n(yload,)i(including)f(the)h(generic)e(pa)n(yload)208
5407 y(header.)0 5656 y(Maughan,)27 b(Sc)n(hertler,)f(Sc)n(hneider,)i
(T)-7 b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25
b(.ps)478 b([P)n(age)26 b(35])p eop
%%Page: 36 36
36 35 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)1264 441 y Fg(1)828 b(2)f(3)392
541 y(0)43 b(1)h(2)f(3)g(4)g(5)g(6)g(7)h(8)f(9)g(0)g(1)g(2)h(3)f(4)g(5)
g(6)g(7)g(8)h(9)f(0)g(1)g(2)g(3)g(4)h(5)f(6)g(7)g(8)g(9)g(0)h(1)349
640 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)
o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349
740 y(!)f(Next)f(Payload)84 b(!)130 b(RESERVED)171 b(!)392
b(Payload)41 b(Length)346 b(!)349 839 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o
(+-)o(+-+)o(-+)o(-+)o(-+-)o(+)349 939 y(!)2745 b(!)349
1039 y(~)1045 b(Vendor)41 b(ID)i(\(VID\))1044 b(~)349
1138 y(!)2745 b(!)349 1238 y(+-+-+-+-+-+-+-+)o(-+-)o(+-)o(+-+)o(-+)o
(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o
(-+)o(-+)o(-+-)o(+)1253 1504 y Fk(Figure)27 b(17:)36
b(V)-7 b(endor)27 b(ID)h(P)n(a)n(yload)e(F)-7 b(ormat)125
1769 y Fc(\017)41 b Fk(V)-7 b(endor)27 b(ID)h(\(v)-5
b(ariable)27 b(length\))h(-)f(Hash)g(of)h(the)g(v)n(endor)e(string)h
(plus)h(v)n(ersion)e(\(as)h(describ)r(ed)g(ab)r(o)n(v)n(e\).)0
2035 y(The)h(pa)n(yload)e(t)n(yp)r(e)h(for)h(the)g(V)-7
b(endor)27 b(ID)h(P)n(a)n(yload)d(is)i(thirteen)h(\(13\).)0
2409 y Ff(4)137 b(ISAKMP)46 b(Exc)l(hanges)0 2690 y Fk(ISAKMP)25
b(supplies)g(the)h(basic)f(syn)n(tax)f(of)h(a)g(message)f(exc)n(hange.)
35 b(The)25 b(basic)g(building)g(blo)r(c)n(ks)g(for)g(ISAKMP)g
(messages)0 2790 y(are)e(the)h(pa)n(yload)f(t)n(yp)r(es)g(describ)r(ed)
h(in)g(section)g(3.)35 b(This)24 b(section)f(describ)r(es)h(the)g(pro)r
(cedures)f(for)g(SA)i(establishmen)n(t)e(and)0 2889 y(SA)j(mo)r
(di\014cation,)g(follo)n(w)n(ed)f(b)n(y)g(a)h(default)g(set)g(of)g(exc)
n(hanges)e(that)i(MA)-7 b(Y)26 b(b)r(e)h(used)e(for)h(initial)g(in)n
(terop)r(erabilit)n(y)-7 b(.)35 b(Other)0 2989 y(exc)n(hanges)24
b(will)j(b)r(e)f(de\014ned)g(dep)r(ending)h(on)e(the)i(DOI)f(and)g(k)n
(ey)f(exc)n(hange.)35 b([IPDOI)o(])26 b(and)g([IKE)o(])g(are)f
(examples)h(of)g(ho)n(w)0 3089 y(this)i(is)f(ac)n(hiev)n(ed.)36
b(App)r(endix)29 b(B)e(explains)g(the)h(pro)r(cedures)e(for)h
(accomplishing)g(these)h(additions.)0 3421 y Fj(4.1)112
b(ISAKMP)37 b(Exc)m(hange)h(T)m(yp)s(es)0 3674 y Fk(ISAKMP)21
b(allo)n(ws)f(the)i(creation)e(of)h(exc)n(hanges)f(for)g(the)i
(establishmen)n(t)f(of)g(Securit)n(y)g(Asso)r(ciations)f(and)i(k)n
(eying)e(material.)0 3773 y(There)h(are)g(curren)n(tly)f(\014v)n(e)h
(default)h(Exc)n(hange)e(T)n(yp)r(es)h(de\014ned)h(for)f(ISAKMP)-7
b(.)21 b(Sections)h(4.4)e(through)h(4.8)g(describ)r(e)g(these)0
3873 y(exc)n(hanges.)33 b(Exc)n(hanges)19 b(de\014ne)j(the)f(con)n(ten)
n(t)g(and)g(ordering)f(of)h(ISAKMP)g(messages)e(during)i(comm)n
(unications)f(b)r(et)n(w)n(een)0 3972 y(p)r(eers.)36
b(Most)27 b(exc)n(hanges)e(will)j(include)f(all)g(the)g(basic)g(pa)n
(yload)e(t)n(yp)r(es)i(-)g(SA,)g(KE,)g(ID,)g(SIG)h(-)e(and)h(ma)n(y)f
(include)i(others.)0 4072 y(The)34 b(primary)e(di\013erence)h(b)r(et)n
(w)n(een)h(exc)n(hange)e(t)n(yp)r(es)h(is)h(the)g(ordering)d(of)j(the)g
(messages)e(and)h(the)h(pa)n(yload)e(ordering)0 4172
y(within)41 b(eac)n(h)e(message.)73 b(While)41 b(the)f(ordering)e(of)i
(pa)n(yloads)f(within)h(messages)f(is)h(not)g(mandated,)j(for)d(pro)r
(cessing)0 4271 y(e\016ciency)g(it)g(is)g(RECOMMENDED)f(that)h(the)g
(Securit)n(y)g(Asso)r(ciation)e(pa)n(yload)h(b)r(e)h(the)g(\014rst)g
(pa)n(yload)e(within)i(an)0 4371 y(exc)n(hange.)35 b(Pro)r(cessing)26
b(of)h(eac)n(h)g(pa)n(yload)f(within)j(an)e(exc)n(hange)f(is)i(describ)
r(ed)f(in)h(section)f(5.)0 4570 y(Sections)35 b(4.4)f(through)h(4.8)f
(pro)n(vide)g(a)g(default)i(set)f(of)g(ISAKMP)g(exc)n(hanges.)58
b(These)35 b(exc)n(hanges)e(pro)n(vide)h(di\013eren)n(t)0
4670 y(securit)n(y)23 b(protection)h(for)g(the)g(exc)n(hange)f(itself)i
(and)f(information)f(exc)n(hanged.)35 b(The)24 b(diagrams)e(in)j(eac)n
(h)e(of)i(the)f(follo)n(wing)0 4769 y(sections)g(sho)n(w)g(the)h
(message)e(ordering)g(for)i(eac)n(h)f(exc)n(hange)f(t)n(yp)r(e)i(as)f
(w)n(ell)g(as)g(the)h(pa)n(yloads)e(included)j(in)f(eac)n(h)e(message,)
0 4869 y(and)29 b(pro)n(vide)e(basic)i(notes)f(describing)g(what)h(has)
f(happ)r(ened)i(after)e(eac)n(h)g(message)g(exc)n(hange.)39
b(None)29 b(of)f(the)i(examples)0 4969 y(include)f(an)n(y)g("optional)f
(pa)n(yloads",)f(lik)n(e)i(certi\014cate)f(and)h(certi\014cate)g
(request.)41 b(Additionally)-7 b(,)29 b(none)g(of)g(the)h(examples)0
5068 y(include)i(an)g(initial)g(exc)n(hange)f(of)h(ISAKMP)f(Headers)g
(\(con)n(taining)g(initiator)h(and)g(resp)r(onder)f(co)r(okies\))g
(whic)n(h)h(w)n(ould)0 5168 y(pro)n(vide)26 b(protection)h(against)g
(clogging)f(\(see)h(section)g(2.5.3\).)0 5367 y(The)35
b(de\014ned)h(exc)n(hanges)e(are)g(not)h(mean)n(t)h(to)f(satisfy)g(all)
g(DOI)g(and)g(k)n(ey)g(exc)n(hange)f(proto)r(col)g(requiremen)n(ts.)59
b(If)36 b(the)0 5656 y(Maughan,)27 b(Sc)n(hertler,)f(Sc)n(hneider,)i(T)
-7 b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(36])p eop
%%Page: 37 37
37 36 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y(de\014ned)i(exc)n(hanges)e(meet)i
(the)g(DOI)f(requiremen)n(ts,)g(then)h(they)g(can)f(b)r(e)h(used)f(as)g
(outlined.)40 b(If)29 b(the)g(de\014ned)g(exc)n(hanges)0
490 y(do)21 b(not)g(meet)g(the)g(securit)n(y)f(requiremen)n(ts)g
(de\014ned)h(b)n(y)g(the)g(DOI,)h(then)f(the)g(DOI)g(MUST)h(sp)r(ecify)
f(new)g(exc)n(hange)f(t)n(yp)r(e\(s\))0 589 y(and)34
b(the)h(v)-5 b(alid)34 b(sequences)f(of)i(pa)n(yloads)d(that)j(mak)n(e)
e(up)i(a)e(successful)h(exc)n(hange,)h(and)f(ho)n(w)g(to)g(build)h(and)
f(in)n(terpret)0 689 y(those)23 b(pa)n(yloads.)33 b(All)24
b(ISAKMP)e(implemen)n(tations)h(MUST)h(implemen)n(t)f(the)h
(Informational)d(Exc)n(hange)h(and)g(SHOULD)0 789 y(implemen)n(t)j(the)
g(other)f(four)g(exc)n(hanges.)35 b(Ho)n(w)n(ev)n(er,)23
b(this)i(is)f(dep)r(enden)n(t)i(on)e(the)h(de\014nition)g(of)f(the)h
(DOI)g(and)f(asso)r(ciated)0 888 y(k)n(ey)j(exc)n(hange)f(proto)r
(cols.)0 1088 y(As)33 b(discussed)f(ab)r(o)n(v)n(e,)h(these)g(exc)n
(hange)e(t)n(yp)r(es)i(can)f(b)r(e)h(used)g(in)g(either)f(phase)h(of)f
(negotiation.)52 b(Ho)n(w)n(ev)n(er,)32 b(they)h(ma)n(y)0
1187 y(pro)n(vide)c(di\013eren)n(t)i(securit)n(y)f(prop)r(erties)f(in)i
(eac)n(h)f(of)h(the)g(phases.)45 b(With)31 b(eac)n(h)f(of)h(these)f
(exc)n(hanges,)g(the)h(com)n(bination)0 1287 y(of)36
b(co)r(okies)e(and)i(SPI)f(\014elds)h(iden)n(ti\014es)g(whether)g(this)
g(exc)n(hange)e(is)i(b)r(eing)g(used)g(in)g(the)g(\014rst)f(or)g
(second)g(phase)h(of)f(a)0 1386 y(negotiation.)0 1701
y Fe(4.1.1)94 b(Notation)0 1954 y Fk(The)25 b(follo)n(wing)g(notation)g
(is)g(used)g(to)h(describ)r(e)f(the)h(ISAKMP)f(exc)n(hange)f(t)n(yp)r
(es,)h(sho)n(wn)g(in)h(the)g(next)f(section,)h(with)g(the)0
2054 y(message)g(formats)h(and)g(asso)r(ciated)g(pa)n(yloads:)218
2332 y Fg(HDR)42 b(is)h(an)g(ISAKMP)e(header)g(whose)h(exchange)e(type)
i(defines)e(the)j(payload)d(orderings)218 2432 y(SA)j(is)f(an)h(SA)g
(negotiation)c(payload)i(with)h(one)g(or)h(more)f(Proposal)e(and)349
2532 y(Transform)g(payloads.)f(An)k(initiator)d(MAY)i(provide)f
(multiple)f(proposals)436 2631 y(for)i(negotiation;)d(a)k(responder)d
(MUST)i(reply)f(with)h(only)g(one.)218 2731 y(KE)h(is)f(the)h(key)f
(exchange)e(payload.)218 2830 y(IDx)i(is)h(the)f(identity)f(payload)f
(for)j("x".)f(x)h(can)f(be:)g("ii")g(or)h("ir")436 2930
y(for)f(the)h(ISAKMP)e(initiator)f(and)i(responder,)d(respectively,)g
(or)j(x)h(can)436 3030 y(be:)f("ui",)g("ur")g(\(when)f(the)i(ISAKMP)e
(daemon)g(is)h(a)i(proxy)d(negotiator\),)436 3129 y(for)h(the)h(user)e
(initiator)f(and)j(responder,)c(respectively.)218 3229
y(HASH)j(is)h(the)f(hash)g(payload.)218 3329 y(SIG)g(is)h(the)f
(signature)e(payload.)h(The)h(data)g(to)h(sign)e(is)i
(exchange-specific)o(.)218 3428 y(AUTH)f(is)h(a)g(generic)d
(authentication)e(mechanism,)i(such)i(as)g(HASH)g(or)h(SIG.)218
3528 y(NONCE)e(is)i(the)g(nonce)e(payload.)218 3627 y('*')h(signifies)e
(payload)h(encryption)e(after)j(the)g(ISAKMP)f(header.)g(This)436
3727 y(encryption)e(MUST)j(begin)g(immediately)d(after)i(the)i(ISAKMP)e
(header)g(and)436 3827 y(all)h(payloads)e(following)g(the)j(ISAKMP)e
(header)g(MUST)h(be)h(encrypted.)218 4026 y(=>)g(signifies)d
("initiator)f(to)k(responder")c(communication)218 4126
y(<=)k(signifies)d("responder)f(to)k(initiator")c(communication)0
4457 y Fj(4.2)112 b(Securit)m(y)37 b(Asso)s(ciation)f(Establishmen)m(t)
0 4710 y Fk(The)c(Securit)n(y)g(Asso)r(ciation,)g(Prop)r(osal,)g(and)g
(T)-7 b(ransform)30 b(pa)n(yloads)h(are)g(used)h(to)g(build)h(ISAKMP)f
(messages)e(for)i(the)0 4809 y(negotiation)22 b(and)g(establishmen)n(t)
h(of)g(SAs.)35 b(An)23 b(SA)h(establishmen)n(t)e(message)f(consists)h
(of)h(a)f(single)h(SA)g(pa)n(yload)e(follo)n(w)n(ed)0
4909 y(b)n(y)38 b(at)f(least)h(one,)i(and)d(p)r(ossibly)h(man)n(y)-7
b(,)40 b(Prop)r(osal)c(pa)n(yloads)g(and)h(at)h(least)f(one,)j(and)e(p)
r(ossibly)g(man)n(y)-7 b(,)39 b(T)-7 b(ransform)0 5009
y(pa)n(yloads)31 b(asso)r(ciated)h(with)h(eac)n(h)f(Prop)r(osal)f(pa)n
(yload.)51 b(Because)32 b(these)h(pa)n(yloads)e(are)h(considered)g
(together,)h(the)h(SA)0 5108 y(pa)n(yload)23 b(will)i(p)r(oin)n(t)h(to)
e(an)n(y)g(follo)n(wing)g(pa)n(yloads)f(and)i(not)g(to)g(the)g(Prop)r
(osal)e(pa)n(yload)g(included)j(with)f(the)g(SA)h(pa)n(yload.)0
5208 y(The)33 b(SA)h(P)n(a)n(yload)d(con)n(tains)h(the)i(DOI)f(and)g
(Situation)g(for)g(the)h(prop)r(osed)e(SA.)h(Eac)n(h)f(Prop)r(osal)g
(pa)n(yload)f(con)n(tains)h(a)0 5308 y(Securit)n(y)d(P)n(arameter)f
(Index)i(\(SPI\))g(and)g(ensures)f(that)h(the)h(SPI)f(is)f(asso)r
(ciated)g(with)i(the)f(Proto)r(col-Id)e(in)i(accordance)0
5407 y(with)d(the)f(In)n(ternet)g(Securit)n(y)g(Arc)n(hitecture)g([RF)n
(C-1825)m(].)37 b(Prop)r(osal)24 b(pa)n(yloads)g(ma)n(y)i(or)f(ma)n(y)g
(not)h(ha)n(v)n(e)f(the)i(same)e(SPI,)0 5656 y(Maughan,)i(Sc)n
(hertler,)f(Sc)n(hneider,)i(T)-7 b(urner)477 b
(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478 b([P)n(age)26
b(37])p eop
%%Page: 38 38
38 37 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y(as)34 b(this)h(is)g(implemen)n
(tation)g(dep)r(enden)n(t.)59 b(Eac)n(h)34 b(T)-7 b(ransform)33
b(P)n(a)n(yload)g(con)n(tains)h(the)h(sp)r(eci\014c)g(securit)n(y)f
(mec)n(hanisms)0 490 y(to)g(b)r(e)g(used)g(for)g(the)g(designated)g
(proto)r(col.)55 b(It)34 b(is)g(exp)r(ected)g(that)g(the)h(Prop)r(osal)
d(and)i(T)-7 b(ransform)32 b(pa)n(yloads)g(will)j(b)r(e)0
589 y(used)23 b(only)g(during)g(SA)h(establishmen)n(t)f(negotiation.)35
b(The)23 b(creation)f(of)i(pa)n(yloads)d(for)i(securit)n(y)f(asso)r
(ciation)g(negotiation)0 689 y(and)33 b(establishmen)n(t)f(describ)r
(ed)h(here)f(in)h(this)g(section)g(are)f(applicable)g(for)g(all)h
(ISAKMP)f(exc)n(hanges)f(describ)r(ed)i(later)0 789 y(in)i(sections)e
(4.4)h(through)f(4.8.)56 b(The)35 b(examples)e(sho)n(wn)h(in)g(4.2.1)f
(con)n(tain)h(only)g(the)h(SA,)f(Prop)r(osal,)g(and)g(T)-7
b(ransform)0 888 y(pa)n(yloads)26 b(and)h(do)h(not)f(con)n(tain)g
(other)g(pa)n(yloads)f(that)i(migh)n(t)f(exist)h(for)f(a)g(giv)n(en)g
(ISAKMP)g(exc)n(hange.)0 1088 y(The)20 b(Prop)r(osal)e(pa)n(yload)h
(pro)n(vides)g(the)h(initiating)g(en)n(tit)n(y)h(with)f(the)h
(capabilit)n(y)e(to)h(presen)n(t)g(to)g(the)g(resp)r(onding)g(en)n(tit)
n(y)g(the)0 1187 y(securit)n(y)j(proto)r(cols)e(and)j(asso)r(ciated)e
(securit)n(y)g(mec)n(hanisms)h(for)g(use)g(with)h(the)g(securit)n(y)e
(asso)r(ciation)g(b)r(eing)i(negotiated.)0 1287 y(If)j(the)g(SA)g
(establishmen)n(t)g(negotiation)f(is)g(for)h(a)f(com)n(bined)g
(protection)g(suite)h(consisting)f(of)h(m)n(ultiple)g(proto)r(cols,)f
(then)0 1386 y(there)j(MUST)h(b)r(e)g(m)n(ultiple)g(Prop)r(osal)e(pa)n
(yloads)f(eac)n(h)i(with)h(the)g(same)f(Prop)r(osal)e(n)n(um)n(b)r(er.)
43 b(These)29 b(prop)r(osals)f(MUST)0 1486 y(b)r(e)37
b(considered)f(as)h(a)f(unit)i(and)f(MUST)h(NOT)e(b)r(e)i(separated)e
(b)n(y)g(a)h(prop)r(osal)e(with)j(a)f(di\013eren)n(t)g(prop)r(osal)e(n)
n(um)n(b)r(er.)0 1586 y(The)28 b(use)g(of)h(the)f(same)g(Prop)r(osal)e
(n)n(um)n(b)r(er)i(in)h(m)n(ultiple)g(Prop)r(osal)d(pa)n(yloads)g(pro)n
(vides)h(a)h(logical)f(AND)i(op)r(eration,)f(i.e.)0 1685
y(Proto)r(col)h(1)h(AND)i(Proto)r(col)d(2.)46 b(The)31
b(\014rst)f(example)g(b)r(elo)n(w)h(sho)n(ws)e(an)i(ESP)f(AND)h(AH)h
(protection)e(suite.)46 b(If)31 b(the)h(SA)0 1785 y(establishmen)n(t)26
b(negotiation)f(is)h(for)g(di\013eren)n(t)g(protection)f(suites,)i
(then)f(there)g(MUST)h(b)r(e)f(m)n(ultiple)h(Prop)r(osal)d(pa)n(yloads)
0 1885 y(eac)n(h)k(with)h(a)f(monotonically)f(increasing)g(Prop)r(osal)
f(n)n(um)n(b)r(er.)39 b(The)29 b(di\013eren)n(t)g(prop)r(osals)d(MUST)j
(b)r(e)g(presen)n(ted)f(in)h(the)0 1984 y(initiator's)c(preference)h
(order.)35 b(The)26 b(use)g(of)g(di\013eren)n(t)h(Prop)r(osal)d(n)n(um)
n(b)r(ers)h(in)i(m)n(ultiple)f(Prop)r(osal)e(pa)n(yloads)h(pro)n(vides)
f(a)0 2084 y(logical)e(OR)i(op)r(eration,)f(i.e.)36 b(Prop)r(osal)21
b(1)j(OR)f(Prop)r(osal)f(2,)i(where)f(eac)n(h)g(prop)r(osal)f(ma)n(y)h
(ha)n(v)n(e)f(more)h(than)h(one)f(proto)r(col.)0 2183
y(The)i(second)f(example)g(b)r(elo)n(w)g(sho)n(ws)g(either)h(an)f(AH)h
(AND)h(ESP)e(protection)g(suite)h(OR)f(just)i(an)e(ESP)g(protection)g
(suite.)0 2283 y(Note)29 b(that)h(the)f(Next)h(P)n(a)n(yload)c(\014eld)
k(of)f(the)g(Prop)r(osal)e(pa)n(yload)h(p)r(oin)n(ts)h(to)g(another)f
(Prop)r(osal)f(pa)n(yload)h(\(if)i(it)f(exists\).)0 2383
y(The)f(existence)f(of)h(a)f(Prop)r(osal)e(pa)n(yload)h(implies)i(the)g
(existence)f(of)h(one)f(or)g(more)g(T)-7 b(ransform)26
b(pa)n(yloads.)0 2582 y(The)f(T)-7 b(ransform)24 b(pa)n(yload)g(pro)n
(vides)g(the)i(initiating)g(en)n(tit)n(y)f(with)h(the)g(capabilit)n(y)e
(to)i(presen)n(t)f(to)g(the)h(resp)r(onding)e(en)n(tit)n(y)0
2682 y(m)n(ultiple)34 b(mec)n(hanisms,)h(or)e(transforms,)h(for)g(a)f
(giv)n(en)g(proto)r(col.)55 b(The)34 b(Prop)r(osal)e(pa)n(yload)g(iden)
n(ti\014es)i(a)g(Proto)r(col)e(for)0 2781 y(whic)n(h)27
b(services)f(and)h(mec)n(hanisms)f(are)h(b)r(eing)g(negotiated.)36
b(The)27 b(T)-7 b(ransform)26 b(pa)n(yload)f(allo)n(ws)h(the)i
(initiating)f(en)n(tit)n(y)g(to)0 2881 y(presen)n(t)h(sev)n(eral)e(p)r
(ossible)i(supp)r(orted)g(transforms)f(for)h(that)h(prop)r(osed)e
(proto)r(col.)38 b(There)28 b(ma)n(y)f(b)r(e)i(sev)n(eral)d(transforms)
0 2980 y(asso)r(ciated)j(with)i(a)g(sp)r(eci\014c)f(Prop)r(osal)f(pa)n
(yload)g(eac)n(h)h(iden)n(ti\014ed)h(in)g(a)f(separate)f(T)-7
b(ransform)29 b(pa)n(yload.)45 b(The)31 b(m)n(ultiple)0
3080 y(transforms)g(MUST)h(b)r(e)h(presen)n(ted)e(with)h(monotonically)
f(increasing)g(n)n(um)n(b)r(ers)g(in)h(the)h(initiator's)e(preference)g
(order.)0 3180 y(The)36 b(receiving)f(en)n(tit)n(y)h(MUST)h(select)f(a)
f(single)h(transform)f(for)g(eac)n(h)g(proto)r(col)g(in)i(a)e(prop)r
(osal)g(or)g(reject)h(the)h(en)n(tire)0 3279 y(prop)r(osal.)e(The)27
b(use)g(of)f(the)h(T)-7 b(ransform)26 b(n)n(um)n(b)r(er)g(in)h(m)n
(ultiple)h(T)-7 b(ransform)25 b(pa)n(yloads)g(pro)n(vides)g(a)i(second)
f(lev)n(el)g(OR)h(op-)0 3379 y(eration,)d(i.e.)36 b(T)-7
b(ransform)23 b(1)h(OR)h(T)-7 b(ransform)23 b(2)h(OR)g(T)-7
b(ransform)24 b(3.)35 b(Example)24 b(1)g(b)r(elo)n(w)g(sho)n(ws)f(t)n
(w)n(o)h(p)r(ossible)g(transforms)0 3479 y(for)k(ESP)g(and)g(a)h
(single)f(transform)f(for)h(AH.)i(Example)d(2)i(b)r(elo)n(w)f(sho)n(ws)
f(one)i(transform)e(for)h(AH)h(AND)h(one)e(transform)0
3578 y(for)35 b(ESP)g(OR)h(t)n(w)n(o)f(transforms)f(for)h(ESP)g(alone.)
60 b(Note)36 b(that)g(the)g(Next)g(P)n(a)n(yload)e(\014eld)i(of)f(the)h
(T)-7 b(ransform)35 b(pa)n(yload)0 3678 y(p)r(oin)n(ts)28
b(to)f(another)g(T)-7 b(ransform)26 b(pa)n(yload)g(or)h(0.)36
b(The)28 b(Prop)r(osal)d(pa)n(yload)h(delineates)h(the)h(di\013eren)n
(t)g(prop)r(osals.)0 3877 y(When)41 b(resp)r(onding)f(to)g(a)g(Securit)
n(y)g(Asso)r(ciation)g(pa)n(yload,)i(the)f(resp)r(onder)e(MUST)i(send)g
(a)f(Securit)n(y)g(Asso)r(ciation)0 3977 y(pa)n(yload)31
b(with)h(the)h(selected)f(prop)r(osal,)g(whic)n(h)g(ma)n(y)g(consist)g
(of)g(m)n(ultiple)h(Prop)r(osal)d(pa)n(yloads)g(and)i(their)g(asso)r
(ciated)0 4076 y(T)-7 b(ransform)29 b(pa)n(yloads.)45
b(Eac)n(h)30 b(of)h(the)g(Prop)r(osal)e(pa)n(yloads)g(MUST)i(con)n
(tain)f(a)g(single)h(T)-7 b(ransform)29 b(pa)n(yload)g(asso)r(ciated)0
4176 y(with)k(the)g(Proto)r(col.)51 b(The)33 b(resp)r(onder)e(SHOULD)j
(retain)e(the)h(Prop)r(osal)e(#)i(\014eld)g(in)g(the)g(Prop)r(osal)e
(pa)n(yload)g(and)i(the)0 4276 y(T)-7 b(ransform)22 b(#)i(\014eld)g(in)
g(eac)n(h)f(T)-7 b(ransform)22 b(pa)n(yload)g(of)i(the)g(selected)g
(Prop)r(osal.)33 b(Reten)n(tion)24 b(of)f(Prop)r(osal)f(and)h(T)-7
b(ransform)0 4375 y(n)n(um)n(b)r(ers)30 b(should)h(sp)r(eed)g(the)g
(initiator's)f(proto)r(col)g(pro)r(cessing)f(b)n(y)i(negating)f(the)h
(need)g(to)g(compare)f(the)h(resp)r(ondor's)0 4475 y(selection)j(with)h
(ev)n(ery)e(o\013ered)h(option.)57 b(These)34 b(v)-5
b(alues)35 b(enable)f(the)h(initiator)e(to)i(p)r(erform)f(the)h
(comparison)d(directly)0 4575 y(and)d(quic)n(kly)-7 b(.)40
b(The)29 b(initiator)f(MUST)i(v)n(erify)e(that)h(the)g(Securit)n(y)f
(Asso)r(ciation)g(pa)n(yload)g(receiv)n(ed)f(from)i(the)g(resp)r(onder)
0 4674 y(matc)n(hes)e(one)g(of)h(the)g(prop)r(osals)e(sen)n(t)h
(initially)-7 b(.)0 4990 y Fe(4.2.1)94 b(Securit)m(y)33
b(Asso)s(ciation)d(Establishmen)m(t)f(Examples)0 5242
y Fk(This)39 b(example)f(sho)n(ws)g(a)g(Prop)r(osal)f(for)h(a)h(com)n
(bined)f(protection)g(suite)h(with)g(t)n(w)n(o)f(di\013eren)n(t)h
(proto)r(cols.)69 b(The)39 b(\014rst)0 5342 y(proto)r(col)23
b(is)i(presen)n(ted)f(with)h(t)n(w)n(o)f(transforms)f(supp)r(orted)h(b)
n(y)h(the)g(prop)r(oser.)34 b(The)25 b(second)f(proto)r(col)f(is)i
(presen)n(ted)f(with)0 5656 y(Maughan,)j(Sc)n(hertler,)f(Sc)n(hneider,)
i(T)-7 b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25
b(.ps)478 b([P)n(age)26 b(38])p eop
%%Page: 39 39
39 38 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y(a)k(single)f(transform.)46
b(An)32 b(example)e(for)h(this)g(prop)r(osal)f(migh)n(t)h(b)r(e:)44
b(Proto)r(col)29 b(1)i(is)g(ESP)f(with)i(T)-7 b(ransform)29
b(1)i(as)f(3DES)0 490 y(and)23 b(T)-7 b(ransform)21 b(2)i(as)f(DES)h
(AND)h(Proto)r(col)e(2)g(is)h(AH)h(with)f(T)-7 b(ransform)22
b(1)g(as)g(SHA.)i(The)f(resp)r(onder)f(MUST)i(select)e(from)0
589 y(the)27 b(t)n(w)n(o)f(transforms)f(prop)r(osed)h(for)g(ESP)-7
b(.)26 b(The)g(resulting)g(protection)g(suite)h(will)g(b)r(e)g(either)g
(\(1\))f(3DES)h Fb(AND)e Fk(SHA)j Fb(OR)0 689 y Fk(\(2\))h(DES)f
Fb(AND)g Fk(SHA,)h(dep)r(ending)g(on)f(whic)n(h)h(ESP)e(transform)h(w)n
(as)f(selected)i(b)n(y)f(the)h(resp)r(onder.)38 b(Note)29
b(this)g(example)0 789 y(is)e(sho)n(wn)g(using)h(the)g(Base)e(Exc)n
(hange.)1220 1056 y Fg(1)828 b(2)g(3)349 1155 y(0)43
b(1)g(2)g(3)g(4)h(5)f(6)g(7)g(8)g(9)g(0)h(1)f(2)g(3)g(4)g(5)g(6)h(7)f
(8)g(9)g(0)g(1)g(2)h(3)f(4)g(5)g(6)g(7)h(8)f(9)g(0)g(1)262
1255 y(/+-+-+-+-+-+-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o
(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)
218 1354 y(/)g(!)g(NP)g(=)g(Nonce)172 b(!)131 b(RESERVED)171
b(!)392 b(Payload)40 b(Length)347 b(!)174 1454 y(/)87
b(+-+-+-+-+-+-+-+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)0
1554 y(SA)43 b(Pay)f(!)741 b(Domain)41 b(of)i(Interpretation)37
b(\(DOI\))696 b(!)174 1653 y(\\)87 b(+-+-+-+-+-+-+-+-)o(+-+)o(-+)o(-+-)
o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o
(-+-)o(+-)o(+-)o(+-+)218 1753 y(\\)43 b(!)1177 b(Situation)c(!)262
1853 y(>+-+-+-+-+-+-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o
(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)
218 1952 y(/)43 b(!)g(NP)g(=)g(Proposal)d(!)131 b(RESERVED)171
b(!)392 b(Payload)40 b(Length)347 b(!)174 2052 y(/)87
b(+-+-+-+-+-+-+-+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)0
2151 y(Prop)42 b(1)h(!)g(Proposal)e(#)i(=)g(1!)86 b(Protocol-Id)d(!)174
b(SPI)42 b(Size)129 b(!#)43 b(of)g(Trans.)e(=)i(2!)0
2251 y(Prot)f(1)h(+-+-+-+-+-+-+-+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o
(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o
(+-+)218 2351 y(\\)g(!)1089 b(SPI)43 b(\(variable\))1042
b(!)262 2450 y(>+-+-+-+-+-+-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o
(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o
(+-+)218 2550 y(/)43 b(!)g(NP)g(=)g(Transform!)127 b(RESERVED)171
b(!)392 b(Payload)40 b(Length)347 b(!)174 2650 y(/)87
b(+-+-+-+-+-+-+-+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)0
2749 y(Tran)42 b(1)h(!)g(Transform)d(#)j(1)g(!)h(Transform)c(ID)86
b(!)479 b(RESERVED2)d(!)174 2849 y(\\)87 b(+-+-+-+-+-+-+-+-)o(+-+)o(-+)
o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)
o(-+)o(-+-)o(+-)o(+-)o(+-+)218 2949 y(\\)43 b(!)1089
b(SA)43 b(Attributes)1086 b(!)262 3048 y(>+-+-+-+-+-+-+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)218 3148 y(/)43 b(!)g(NP)g(=)g(0)348
b(!)131 b(RESERVED)171 b(!)392 b(Payload)40 b(Length)347
b(!)174 3247 y(/)87 b(+-+-+-+-+-+-+-+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o
(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o
(+-)o(+-+)0 3347 y(Tran)42 b(2)h(!)g(Transform)d(#)j(2)g(!)h(Transform)
c(ID)86 b(!)479 b(RESERVED2)d(!)174 3447 y(\\)87 b(+-+-+-+-+-+-+-+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o
(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)218 3546 y(\\)43
b(!)1089 b(SA)43 b(Attributes)1086 b(!)262 3646 y(>+-+-+-+-+-+-+-)o(+-)
o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)
o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)218 3746 y(/)43
b(!)g(NP)g(=)g(0)348 b(!)131 b(RESERVED)171 b(!)392 b(Payload)40
b(Length)347 b(!)174 3845 y(/)87 b(+-+-+-+-+-+-+-+-)o(+-+)o(-+)o(-+-)o
(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o
(-+-)o(+-)o(+-)o(+-+)0 3945 y(Prop)42 b(1)h(!)g(Proposal)e(#)i(=)g(1!)
86 b(Protocol)41 b(ID)86 b(!)174 b(SPI)42 b(Size)129
b(!#)43 b(of)g(Trans.)e(=)i(1!)0 4044 y(Prot)f(2)h(+-+-+-+-+-+-+-+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o
(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)218 4144 y(\\)g(!)1089
b(SPI)43 b(\(variable\))1042 b(!)262 4244 y(>+-+-+-+-+-+-+-)o(+-)o(+-+)
o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)218 4343 y(/)43 b(!)g(NP)g(=)g(0)348
b(!)131 b(RESERVED)171 b(!)392 b(Payload)40 b(Length)347
b(!)174 4443 y(/)87 b(+-+-+-+-+-+-+-+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o
(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o
(+-)o(+-+)0 4543 y(Tran)42 b(1)h(!)g(Transform)d(#)j(1)g(!)h(Transform)
c(ID)86 b(!)479 b(RESERVED2)d(!)174 4642 y(\\)87 b(+-+-+-+-+-+-+-+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o
(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)218 4742 y(\\)43
b(!)1089 b(SA)43 b(Attributes)1086 b(!)262 4841 y(\\+-+-+-+-+-+-+-)o
(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o
(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)0 5208 y Fk(This)35
b(second)f(example)h(sho)n(ws)f(a)h(Prop)r(osal)e(for)h(t)n(w)n(o)h
(di\013eren)n(t)g(protection)f(suites.)59 b(The)35 b(SA)h(P)n(a)n
(yload)d(w)n(as)h(omitted)0 5308 y(for)c(space)g(reasons.)44
b(The)31 b(\014rst)f(protection)g(suite)h(is)g(presen)n(ted)f(with)h
(one)f(transform)g(for)g(the)h(\014rst)f(proto)r(col)g(and)g(one)0
5407 y(transform)25 b(for)g(the)h(second)g(proto)r(col.)35
b(The)26 b(second)f(protection)g(suite)h(is)g(presen)n(ted)f(with)h(t)n
(w)n(o)f(transforms)g(for)g(a)h(single)0 5656 y(Maughan,)h(Sc)n
(hertler,)f(Sc)n(hneider,)i(T)-7 b(urner)477 b
(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478 b([P)n(age)26
b(39])p eop
%%Page: 40 40
40 39 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y(proto)r(col.)47 b(An)31
b(example)g(for)g(this)g(prop)r(osal)f(migh)n(t)h(b)r(e:)45
b(Prop)r(osal)29 b(1)i(with)h(Proto)r(col)d(1)i(as)f(AH)i(with)g(T)-7
b(ransform)30 b(1)h(as)0 490 y(MD5)26 b(AND)h(Proto)r(col)e(2)g(as)h
(ESP)f(with)h(T)-7 b(ransform)25 b(1)h(as)f(3DES.)h(This)g(is)g(follo)n
(w)n(ed)f(b)n(y)h(Prop)r(osal)e(2)h(with)i(Proto)r(col)d(1)i(as)0
589 y(ESP)c(with)i(T)-7 b(ransform)21 b(1)i(as)f(DES)h(and)g(T)-7
b(ransform)22 b(2)g(as)h(3DES.)f(The)h(resp)r(onder)f(MUST)i(select)f
(from)f(the)i(t)n(w)n(o)e(di\013eren)n(t)0 689 y(prop)r(osals.)37
b(If)28 b(the)h(second)e(Prop)r(osal)f(is)i(selected,)g(the)h(resp)r
(onder)d(MUST)j(select)f(from)g(the)g(t)n(w)n(o)g(transforms)e(for)i
(ESP)-7 b(.)0 789 y(The)25 b(resulting)g(protection)f(suite)i(will)f(b)
r(e)h(either)f(\(1\))g(MD5)h Fb(AND)e Fk(3DES)h Fb(OR)f
Fk(the)i(selection)f(b)r(et)n(w)n(een)g(\(2\))g(DES)g
Fb(OR)g Fk(\(3\))0 888 y(3DES.)1220 1171 y Fg(1)828 b(2)g(3)349
1270 y(0)43 b(1)g(2)g(3)g(4)h(5)f(6)g(7)g(8)g(9)g(0)h(1)f(2)g(3)g(4)g
(5)g(6)h(7)f(8)g(9)g(0)g(1)g(2)h(3)f(4)g(5)g(6)g(7)h(8)f(9)g(0)g(1)262
1370 y(/+-+-+-+-+-+-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o
(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)
218 1469 y(/)g(!)g(NP)g(=)g(Proposal)d(!)131 b(RESERVED)171
b(!)392 b(Payload)40 b(Length)347 b(!)174 1569 y(/)87
b(+-+-+-+-+-+-+-+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)0
1669 y(Prop)42 b(1)h(!)g(Proposal)e(#)i(=)g(1!)86 b(Protocol)41
b(ID)86 b(!)174 b(SPI)42 b(Size)129 b(!#)43 b(of)g(Trans.)e(=)i(1!)0
1768 y(Prot)f(1)h(+-+-+-+-+-+-+-+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o
(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o
(+-+)218 1868 y(\\)g(!)1089 b(SPI)43 b(\(variable\))1042
b(!)262 1968 y(>+-+-+-+-+-+-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o
(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o
(+-+)218 2067 y(/)43 b(!)g(NP)g(=)g(0)348 b(!)131 b(RESERVED)171
b(!)392 b(Payload)40 b(Length)347 b(!)174 2167 y(/)87
b(+-+-+-+-+-+-+-+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)0
2267 y(Tran)42 b(1)h(!)g(Transform)d(#)j(1)g(!)h(Transform)c(ID)86
b(!)479 b(RESERVED2)d(!)174 2366 y(\\)87 b(+-+-+-+-+-+-+-+-)o(+-+)o(-+)
o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)
o(-+)o(-+-)o(+-)o(+-)o(+-+)218 2466 y(\\)43 b(!)1089
b(SA)43 b(Attributes)1086 b(!)262 2565 y(>+-+-+-+-+-+-+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)218 2665 y(/)43 b(!)g(NP)g(=)g
(Proposal)d(!)131 b(RESERVED)171 b(!)392 b(Payload)40
b(Length)347 b(!)174 2765 y(/)87 b(+-+-+-+-+-+-+-+-)o(+-+)o(-+)o(-+-)o
(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o
(-+-)o(+-)o(+-)o(+-+)0 2864 y(Prop)42 b(1)h(!)g(Proposal)e(#)i(=)g(1!)g
(Protocol)d(ID)130 b(!)174 b(SPI)42 b(Size)129 b(!#)43
b(of)g(Trans.)e(=)i(1!)0 2964 y(Prot)f(2)h(+-+-+-+-+-+-+-+-)o(+-+)o(-+)
o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)
o(-+)o(-+-)o(+-)o(+-)o(+-+)218 3064 y(\\)g(!)1089 b(SPI)43
b(\(variable\))1042 b(!)262 3163 y(>+-+-+-+-+-+-+-)o(+-)o(+-+)o(-+)o
(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-)o(+-+)218 3263 y(/)43 b(!)g(NP)g(=)g(0)348
b(!)131 b(RESERVED)171 b(!)392 b(Payload)40 b(Length)347
b(!)174 3362 y(/)87 b(+-+-+-+-+-+-+-+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o
(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o
(+-)o(+-+)0 3462 y(Tran)42 b(1)h(!)g(Transform)d(#)j(1)g(!)h(Transform)
c(ID)86 b(!)479 b(RESERVED2)d(!)174 3562 y(\\)87 b(+-+-+-+-+-+-+-+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o
(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)218 3661 y(\\)43
b(!)1089 b(SA)43 b(Attributes)1086 b(!)262 3761 y(>+-+-+-+-+-+-+-)o(+-)
o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)
o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)218 3861 y(/)43
b(!)g(NP)g(=)g(0)348 b(!)131 b(RESERVED)171 b(!)392 b(Payload)40
b(Length)347 b(!)174 3960 y(/)87 b(+-+-+-+-+-+-+-+-)o(+-+)o(-+)o(-+-)o
(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o
(-+-)o(+-)o(+-)o(+-+)0 4060 y(Prop)42 b(2)h(!)g(Proposal)e(#)i(=)g(2!)g
(Protocol)d(ID)130 b(!)174 b(SPI)42 b(Size)129 b(!#)43
b(of)g(Trans.)e(=)i(2!)0 4159 y(Prot)f(1)h(+-+-+-+-+-+-+-+-)o(+-+)o(-+)
o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)
o(-+)o(-+-)o(+-)o(+-)o(+-+)218 4259 y(\\)g(!)1089 b(SPI)43
b(\(variable\))1042 b(!)262 4359 y(>+-+-+-+-+-+-+-)o(+-)o(+-+)o(-+)o
(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-)o(+-+)218 4458 y(/)43 b(!)g(NP)g(=)g(Transform!)127
b(RESERVED)171 b(!)392 b(Payload)40 b(Length)347 b(!)174
4558 y(/)87 b(+-+-+-+-+-+-+-+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o
(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)0
4658 y(Tran)42 b(1)h(!)g(Transform)d(#)j(1)g(!)h(Transform)c(ID)86
b(!)479 b(RESERVED2)d(!)174 4757 y(\\)87 b(+-+-+-+-+-+-+-+-)o(+-+)o(-+)
o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)
o(-+)o(-+-)o(+-)o(+-)o(+-+)218 4857 y(\\)43 b(!)1089
b(SA)43 b(Attributes)1086 b(!)262 4956 y(>+-+-+-+-+-+-+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)218 5056 y(/)43 b(!)g(NP)g(=)g(0)348
b(!)131 b(RESERVED)171 b(!)392 b(Payload)40 b(Length)347
b(!)174 5156 y(/)87 b(+-+-+-+-+-+-+-+-)o(+-+)o(-+)o(-+-)o(+-)o(+-+)o
(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+-)o(+-)o
(+-)o(+-+)0 5255 y(Tran)42 b(2)h(!)g(Transform)d(#)j(2)g(!)h(Transform)
c(ID)86 b(!)479 b(RESERVED2)d(!)174 5355 y(\\)87 b(+-+-+-+-+-+-+-+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o
(+-)o(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)0 5656 y Fk(Maughan,)27
b(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7 b(urner)477 b
(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478 b([P)n(age)26
b(40])p eop
%%Page: 41 41
41 40 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)218 390 y Fg(\\)43 b(!)1089
b(SA)43 b(Attributes)1086 b(!)262 490 y(\\+-+-+-+-+-+-+-)o(+-)o(+-+)o
(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o(+-+)o(-+)o(-+)o(-+-)o(+-)o
(+-+)o(-+)o(-+-)o(+-)o(+-)o(+-+)0 857 y Fj(4.3)112 b(Securit)m(y)37
b(Asso)s(ciation)f(Mo)s(di\014cation)0 1110 y Fk(Securit)n(y)23
b(Asso)r(ciation)f(mo)r(di\014cation)h(within)g(ISAKMP)g(is)g
(accomplished)f(b)n(y)h(creating)f(a)h(new)g(SA)h(and)e(initiating)i
(com-)0 1209 y(m)n(unications)g(using)f(that)i(new)f(SA.)h(Deletion)f
(of)g(the)h(old)f(SA)g(can)g(b)r(e)h(done)e(an)n(ytime)h(after)g(the)h
(new)f(SA)g(is)g(established.)0 1309 y(Deletion)g(of)g(the)g(old)f(SA)h
(is)g(dep)r(enden)n(t)g(on)f(lo)r(cal)g(securit)n(y)g(p)r(olicy)-7
b(.)36 b(Mo)r(di\014cation)23 b(of)h(SAs)g(b)n(y)f(using)g(a)g("Create)
g(New)h(SA)0 1409 y(follo)n(w)n(ed)j(b)n(y)h(Delete)g(Old)g(SA")g
(metho)r(d)h(is)f(done)g(to)g(a)n(v)n(oid)e(p)r(oten)n(tial)i
(vulnerabilities)g(in)g(sync)n(hronizing)e(mo)r(di\014cation)0
1508 y(of)i(existing)f(SA)h(attributes.)37 b(The)28 b(pro)r(cedure)f
(for)g(creating)g(new)h(SAs)g(is)f(outlined)h(in)g(section)g(4.2.)36
b(The)28 b(pro)r(cedure)f(for)0 1608 y(deleting)h(SAs)f(is)h(outlined)g
(in)g(section)f(5.15.)0 1807 y(Mo)r(di\014cation)c(of)g(an)h(ISAKMP)f
(SA)h(\(phase)f(1)g(negotiation\))f(follo)n(ws)h(the)h(same)e(pro)r
(cedure)h(as)g(creation)f(of)h(an)g(ISAKMP)0 1907 y(SA.)j(There)g(is)f
(no)h(relationship)f(b)r(et)n(w)n(een)g(the)h(t)n(w)n(o)f(SAs)h(and)g
(the)g(initiator)f(and)h(resp)r(onder)f(co)r(okie)f(pairs)h(SHOULD)i(b)
r(e)0 2006 y(di\013eren)n(t,)h(as)f(outlined)h(in)f(section)h(2.5.3.)0
2206 y(Mo)r(di\014cation)k(of)h(a)f(Proto)r(col)f(SA)i(\(phase)f(2)h
(negotiation\))e(follo)n(ws)h(the)h(same)f(pro)r(cedure)g(as)g
(creation)f(of)i(a)f(Proto)r(col)0 2305 y(SA.)f(The)g(creation)f(of)g
(a)h(new)f(SA)i(is)e(protected)h(b)n(y)f(the)h(existing)f(ISAKMP)h(SA.)
g(There)f(is)h(no)f(relationship)g(b)r(et)n(w)n(een)0
2405 y(the)25 b(t)n(w)n(o)e(Proto)r(col)g(SAs.)36 b(A)25
b(proto)r(col)e(implemen)n(tation)h(SHOULD)h(b)r(egin)g(using)f(the)g
(newly)h(created)e(SA)i(for)f(outb)r(ound)0 2505 y(tra\016c)k(and)f
(SHOULD)i(con)n(tin)n(ue)f(to)g(supp)r(ort)g(incoming)f(tra\016c)h(on)g
(the)g(old)g(SA)g(un)n(til)h(it)g(is)e(deleted)i(or)e(un)n(til)i
(tra\016c)e(is)0 2604 y(receiv)n(ed)j(under)h(the)g(protection)f(of)h
(the)g(newly)g(created)f(SA.)h(As)g(stated)g(previously)f(in)h(this)g
(section,)h(deletion)f(of)f(an)0 2704 y(old)d(SA)h(is)g(then)g(dep)r
(enden)n(t)g(on)g(lo)r(cal)f(securit)n(y)f(p)r(olicy)-7
b(.)0 3029 y Fj(4.4)112 b(Base)38 b(Exc)m(hange)0 3282
y Fk(The)33 b(Base)f(Exc)n(hange)g(is)h(designed)f(to)h(allo)n(w)f(the)
i(Key)e(Exc)n(hange)f(and)i(Authen)n(tication)h(related)e(information)h
(to)g(b)r(e)0 3381 y(transmitted)d(together.)42 b(Com)n(bining)29
b(the)h(Key)f(Exc)n(hange)f(and)i(Authen)n(tication-related)f
(information)g(in)n(to)g(one)g(mes-)0 3481 y(sage)c(reduces)h(the)g(n)n
(um)n(b)r(er)g(of)g(round-trips)f(at)i(the)f(exp)r(ense)g(of)h(not)f
(pro)n(viding)f(iden)n(tit)n(y)h(protection.)36 b(Iden)n(tit)n(y)26
b(protec-)0 3581 y(tion)32 b(is)f(not)h(pro)n(vided)e(b)r(ecause)h
(iden)n(tities)h(are)f(exc)n(hanged)f(b)r(efore)i(a)f(common)g(shared)f
(secret)h(has)g(b)r(een)h(established)0 3680 y(and,)d(therefore,)f
(encryption)g(of)h(the)g(iden)n(tities)g(is)g(not)g(p)r(ossible.)40
b(The)29 b(follo)n(wing)e(diagram)h(sho)n(ws)f(the)i(messages)f(with)0
3780 y(the)g(p)r(ossible)f(pa)n(yloads)f(sen)n(t)h(in)h(eac)n(h)f
(message)f(and)i(notes)f(for)g(an)g(example)g(of)h(the)g(Base)f(Exc)n
(hange.)1582 4016 y(BASE)g(EX)n(CHANGE)104 4215 y(#)318
b(Initiator)299 b(Direction)259 b(Resp)r(onder)880 b(NOTE)p
36 4248 3829 4 v 85 4315 a(\(1\))100 b(HDR;)29 b(SA;)f(NONCE)202
b(=)p Fd(>)1004 b Fk(Begin)27 b(ISAKMP-SA)h(or)e(Pro)n(xy)g
(negotiation)85 4514 y(\(2\))1005 b Fd(<)p Fk(=)202 b(HDR;)29
b(SA;)f(NONCE)2330 4613 y(Basic)f(SA)h(agreed)e(up)r(on)85
4713 y(\(3\))100 b(HDR;)29 b(KE;)522 b(=)p Fd(>)291 4813
y Fk(IDii;)28 b(A)n(UTH)1605 b(Key)27 b(Generated)g(\(b)n(y)h(resp)r
(onder\))2330 4912 y(Initiator)f(Iden)n(tit)n(y)h(V)-7
b(eri\014ed)27 b(b)n(y)h(Resp)r(onder)85 5012 y(\(4\))1005
b Fd(<)p Fk(=)202 b(HDR;)29 b(KE;)1528 5112 y(IDir;)f(A)n(UTH)2330
5211 y(Resp)r(onder)f(Iden)n(tit)n(y)h(V)-7 b(eri\014ed)27
b(b)n(y)h(Initiator)2330 5311 y(Key)f(Generated)g(\(b)n(y)h
(initiator\))2330 5411 y(SA)g(established)0 5656 y(Maughan,)f(Sc)n
(hertler,)f(Sc)n(hneider,)i(T)-7 b(urner)477 b
(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478 b([P)n(age)26
b(41])p eop
%%Page: 42 42
42 41 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y(In)34 b(the)g(\014rst)g(message)e
(\(1\),)k(the)e(initiator)g(generates)e(a)h(prop)r(osal)g(it)h
(considers)f(adequate)g(to)h(protect)f(tra\016c)g(for)h(the)0
490 y(giv)n(en)d(situation.)49 b(The)32 b(Securit)n(y)f(Asso)r
(ciation,)h(Prop)r(osal,)f(and)g(T)-7 b(ransform)31 b(pa)n(yloads)e
(are)i(included)h(in)g(the)h(Securit)n(y)0 589 y(Asso)r(ciation)c(pa)n
(yload)g(\(for)g(notation)h(purp)r(oses\).)43 b(Random)30
b(information)f(whic)n(h)h(is)g(used)g(to)g(guaran)n(tee)e(liv)n(eness)
h(and)0 689 y(protect)e(against)f(repla)n(y)g(attac)n(ks)g(is)i(also)e
(transmitted.)37 b(Random)27 b(information)g(pro)n(vided)f(b)n(y)h(b)r
(oth)h(parties)e(SHOULD)0 789 y(b)r(e)i(used)g(b)n(y)f(the)h(authen)n
(tication)f(mec)n(hanism)g(to)h(pro)n(vide)e(shared)h(pro)r(of)g(of)g
(participation)g(in)h(the)g(exc)n(hange.)0 988 y(In)34
b(the)g(second)f(message)f(\(2\),)k(the)e(resp)r(onder)f(indicates)g
(the)h(protection)f(suite)h(it)h(has)e(accepted)g(with)h(the)h(Securit)
n(y)0 1088 y(Asso)r(ciation,)k(Prop)r(osal,)e(and)g(T)-7
b(ransform)36 b(pa)n(yloads.)64 b(Again,)39 b(random)e(information)f
(whic)n(h)i(is)f(used)g(to)g(guaran)n(tee)0 1187 y(liv)n(eness)20
b(and)h(protect)g(against)f(repla)n(y)g(attac)n(ks)f(is)i(also)f
(transmitted.)35 b(Random)21 b(information)f(pro)n(vided)h(b)n(y)f(b)r
(oth)i(parties)0 1287 y(SHOULD)h(b)r(e)g(used)g(b)n(y)f(the)i(authen)n
(tication)e(mec)n(hanism)g(to)h(pro)n(vide)e(shared)h(pro)r(of)g(of)h
(participation)e(in)i(the)g(exc)n(hange.)0 1386 y(Lo)r(cal)30
b(securit)n(y)g(p)r(olicy)g(dictates)h(the)g(action)f(of)h(the)g(resp)r
(onder)e(if)i(no)g(prop)r(osed)e(protection)h(suite)h(is)g(accepted.)45
b(One)0 1486 y(p)r(ossible)27 b(action)g(is)h(the)g(transmission)e(of)i
(a)f(Notify)h(pa)n(yload)e(as)h(part)g(of)g(an)h(Informational)e(Exc)n
(hange.)0 1685 y(In)g(the)g(third)g(\(3\))g(and)f(fourth)h(\(4\))g
(messages,)f(the)h(initiator)f(and)h(resp)r(onder,)f(resp)r(ectiv)n
(ely)-7 b(,)25 b(exc)n(hange)f(k)n(eying)h(material)0
1785 y(used)32 b(to)h(arriv)n(e)e(at)h(a)g(common)g(shared)g(secret)f
(and)i(iden)n(ti\014cation)f(information.)51 b(This)33
b(information)f(is)g(transmitted)0 1885 y(under)26 b(the)g(protection)f
(of)h(the)h(agreed)d(up)r(on)i(authen)n(tication)g(function.)37
b(Lo)r(cal)25 b(securit)n(y)g(p)r(olicy)h(dictates)g(the)g(action)g(if)
0 1984 y(an)j(error)f(o)r(ccurs)g(during)i(these)f(messages.)41
b(One)29 b(p)r(ossible)h(action)f(is)g(the)h(transmission)e(of)i(a)f
(Notify)h(pa)n(yload)e(as)h(part)0 2084 y(of)f(an)f(Informational)f
(Exc)n(hange.)0 2416 y Fj(4.5)112 b(Iden)m(tit)m(y)36
b(Protection)g(Exc)m(hange)0 2669 y Fk(The)29 b(Iden)n(tit)n(y)g
(Protection)e(Exc)n(hange)g(is)i(designed)f(to)h(separate)f(the)h(Key)f
(Exc)n(hange)f(information)h(from)h(the)g(Iden)n(tit)n(y)0
2768 y(and)22 b(Authen)n(tication)h(related)f(information.)35
b(Separating)21 b(the)i(Key)f(Exc)n(hange)f(from)h(the)h(Iden)n(tit)n
(y)f(and)h(Authen)n(tication)0 2868 y(related)35 b(information)g(pro)n
(vides)f(protection)h(of)h(the)g(comm)n(unicating)e(iden)n(tities)i(at)
g(the)g(exp)r(ense)f(of)h(t)n(w)n(o)f(additional)0 2968
y(messages.)40 b(Iden)n(tities)29 b(are)f(exc)n(hanged)g(under)h(the)g
(protection)g(of)g(a)f(previously)g(established)h(common)g(shared)f
(secret.)0 3067 y(The)e(follo)n(wing)e(diagram)g(sho)n(ws)h(the)h
(messages)e(with)i(the)g(p)r(ossible)f(pa)n(yloads)f(sen)n(t)i(in)f
(eac)n(h)g(message)g(and)g(notes)g(for)g(an)0 3167 y(example)i(of)h
(the)g(Iden)n(tit)n(y)f(Protection)g(Exc)n(hange.)1235
3527 y(IDENTITY)h(PR)n(OTECTION)d(EX)n(CHANGE)68 3726
y(#)325 b(Initiator)305 b(Direction)270 b(Resp)r(onder)f(NOTE)p
0 3760 4007 4 v 50 3826 a(\(1\))100 b(HDR;)28 b(SA)572
b(=)p Fd(>)1025 b Fk(Begin)27 b(ISAKMP-SA)h(or)e(Pro)n(xy)g
(negotiation)50 3926 y(\(2\))1017 b Fd(<)p Fk(=)202 b(HDR;)29
b(SA)2328 4025 y(Basic)e(SA)h(agreed)e(up)r(on)50 4125
y(\(3\))100 b(HDR;)28 b(KE;)f(NONCE)202 b(=)p Fd(>)50
4225 y Fk(\(4\))1017 b Fd(<)p Fk(=)202 b(HDR;)29 b(KE;)e(NONCE)2328
4324 y(Key)g(Generated)g(\(b)n(y)h(Initiator)f(and)g(Resp)r(onder\))50
4424 y(\(5\))100 b(HDR*;)28 b(IDii;)g(A)n(UTH)204 b(=)p
Fd(>)2328 4523 y Fk(Initiator)27 b(Iden)n(tit)n(y)h(V)-7
b(eri\014ed)28 b(b)n(y)f(Resp)r(onder)50 4623 y(\(6\))1017
b Fd(<)p Fk(=)202 b(HDR*;)29 b(IDir;)e(A)n(UTH)2328 4723
y(Resp)r(onder)g(Iden)n(tit)n(y)h(V)-7 b(eri\014ed)28
b(b)n(y)f(Initiator)2328 4822 y(SA)h(established)0 5105
y(In)34 b(the)g(\014rst)g(message)e(\(1\),)k(the)e(initiator)g
(generates)e(a)h(prop)r(osal)g(it)h(considers)f(adequate)g(to)h
(protect)f(tra\016c)g(for)h(the)0 5205 y(giv)n(en)d(situation.)49
b(The)32 b(Securit)n(y)f(Asso)r(ciation,)h(Prop)r(osal,)f(and)g(T)-7
b(ransform)31 b(pa)n(yloads)e(are)i(included)h(in)g(the)h(Securit)n(y)0
5305 y(Asso)r(ciation)27 b(pa)n(yload)f(\(for)h(notation)g(purp)r
(oses\).)0 5656 y(Maughan,)g(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(42])p eop
%%Page: 43 43
43 42 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y(In)34 b(the)g(second)f(message)f
(\(2\),)k(the)e(resp)r(onder)f(indicates)g(the)h(protection)f(suite)h
(it)h(has)e(accepted)g(with)h(the)h(Securit)n(y)0 490
y(Asso)r(ciation,)c(Prop)r(osal,)f(and)h(T)-7 b(ransform)30
b(pa)n(yloads.)46 b(Lo)r(cal)30 b(securit)n(y)g(p)r(olicy)h(dictates)g
(the)h(action)f(of)g(the)g(resp)r(onder)0 589 y(if)g(no)f(prop)r(osed)g
(protection)f(suite)i(is)f(accepted.)46 b(One)30 b(p)r(ossible)g
(action)g(is)g(the)h(transmission)e(of)i(a)f(Notify)h(pa)n(yload)e(as)0
689 y(part)e(of)h(an)f(Informational)f(Exc)n(hange.)0
888 y(In)g(the)g(third)g(\(3\))g(and)f(fourth)h(\(4\))g(messages,)f
(the)h(initiator)f(and)h(resp)r(onder,)f(resp)r(ectiv)n(ely)-7
b(,)25 b(exc)n(hange)f(k)n(eying)h(material)0 988 y(used)k(to)g(arriv)n
(e)f(at)h(a)g(common)f(shared)g(secret)h(and)g(random)f(information)h
(whic)n(h)g(is)g(used)g(to)h(guaran)n(tee)d(liv)n(eness)h(and)0
1088 y(protect)36 b(against)f(repla)n(y)g(attac)n(ks.)62
b(Random)36 b(information)f(pro)n(vided)h(b)n(y)g(b)r(oth)g(parties)g
(SHOULD)h(b)r(e)f(used)h(b)n(y)f(the)0 1187 y(authen)n(tication)c(mec)n
(hanism)h(to)f(pro)n(vide)g(shared)g(pro)r(of)g(of)g(participation)g
(in)h(the)g(exc)n(hange.)51 b(Lo)r(cal)32 b(securit)n(y)g(p)r(olicy)0
1287 y(dictates)h(the)h(action)e(if)i(an)f(error)e(o)r(ccurs)h(during)h
(these)g(messages.)52 b(One)33 b(p)r(ossible)g(action)g(is)g(the)g
(transmission)f(of)h(a)0 1386 y(Notify)28 b(pa)n(yload)e(as)h(part)g
(of)h(an)f(Informational)f(Exc)n(hange.)0 1586 y(In)37
b(the)g(\014fth)h(\(5\))f(and)g(sixth)g(\(6\))g(messages,)h(the)f
(initiator)f(and)h(resp)r(onder,)h(resp)r(ectiv)n(ely)-7
b(,)39 b(exc)n(hange)c(iden)n(ti\014cation)0 1685 y(information)g(and)g
(the)g(results)g(of)g(the)h(agreed)d(up)r(on)j(authen)n(tication)f
(function.)60 b(This)35 b(information)g(is)g(transmitted)0
1785 y(under)i(the)h(protection)f(of)g(the)h(common)e(shared)h(secret.)
65 b(Lo)r(cal)37 b(securit)n(y)f(p)r(olicy)h(dictates)h(the)f(action)g
(if)h(an)f(error)0 1885 y(o)r(ccurs)d(during)h(these)g(messages.)59
b(One)35 b(p)r(ossible)g(action)f(is)i(the)f(transmission)f(of)h(a)g
(Notify)h(pa)n(yload)e(as)g(part)h(of)g(an)0 1984 y(Informational)26
b(Exc)n(hange.)0 2316 y Fj(4.6)112 b(Authen)m(tication)36
b(Only)h(Exc)m(hange)0 2569 y Fk(The)23 b(Authen)n(tication)g(Only)f
(Exc)n(hange)f(is)i(designed)f(to)h(allo)n(w)f(only)g(Authen)n
(tication)h(related)f(information)g(to)h(b)r(e)g(trans-)0
2669 y(mitted.)36 b(The)24 b(b)r(ene\014t)g(of)f(this)g(exc)n(hange)f
(is)h(the)h(abilit)n(y)e(to)h(p)r(erform)g(only)g(authen)n(tication)g
(without)g(the)h(computational)0 2768 y(exp)r(ense)33
b(of)h(computing)f(k)n(eys.)54 b(Using)33 b(this)h(exc)n(hange)e
(during)h(negotiation,)h(none)f(of)g(the)h(transmitted)g(information)0
2868 y(will)c(b)r(e)f(encrypted.)42 b(Ho)n(w)n(ev)n(er,)28
b(the)i(information)e(ma)n(y)h(b)r(e)h(encrypted)f(in)g(other)g
(places.)42 b(F)-7 b(or)28 b(example,)i(if)g(encryption)0
2968 y(is)35 b(negotiated)f(during)h(the)g(\014rst)g(phase)g(of)g(a)f
(negotiation)g(and)h(the)h(authen)n(tication)e(only)h(exc)n(hange)e(is)
i(used)g(in)h(the)0 3067 y(second)23 b(phase)h(of)g(a)f(negotiation,)h
(then)g(the)h(authen)n(tication)e(only)h(exc)n(hange)e(will)i(b)r(e)h
(encrypted)e(b)n(y)h(the)g(ISAKMP)g(SAs)0 3167 y(negotiated)h(in)h(the)
g(\014rst)f(phase.)36 b(The)25 b(follo)n(wing)g(diagram)f(sho)n(ws)h
(the)h(messages)d(with)k(p)r(ossible)e(pa)n(yloads)f(sen)n(t)h(in)h
(eac)n(h)0 3267 y(message)g(and)i(notes)f(for)g(an)g(example)g(of)h
(the)g(Authen)n(tication)g(Only)f(Exc)n(hange.)1170 3543
y(A)n(UTHENTICA)-7 b(TION)28 b(ONL)-7 b(Y)28 b(EX)n(CHANGE)92
3743 y(#)318 b(Initiator)299 b(Direction)271 b(Resp)r(onder)891
b(NOTE)p 24 3776 3852 4 v 74 3842 a(\(1\))100 b(HDR;)28
b(SA;)g(NONCE)203 b(=)p Fd(>)1027 b Fk(Begin)27 b(ISAKMP-SA)g(or)g(Pro)
n(xy)e(negotiation)74 4041 y(\(2\))1005 b Fd(<)p Fk(=)202
b(HDR;)28 b(SA;)g(NONCE;)1517 4141 y(IDir;)f(A)n(UTH)2342
4241 y(Basic)f(SA)i(agreed)f(up)r(on)2342 4340 y(Resp)r(onder)g(Iden)n
(tit)n(y)g(V)-7 b(eri\014ed)28 b(b)n(y)f(Initiator)74
4440 y(\(3\))100 b(HDR;)28 b(IDii;)g(A)n(UTH)234 b(=)p
Fd(>)2342 4540 y Fk(Initiator)27 b(Iden)n(tit)n(y)g(V)-7
b(eri\014ed)28 b(b)n(y)f(Resp)r(onder)2342 4639 y(SA)h(established)0
4922 y(In)34 b(the)g(\014rst)g(message)e(\(1\),)k(the)e(initiator)g
(generates)e(a)h(prop)r(osal)g(it)h(considers)f(adequate)g(to)h
(protect)f(tra\016c)g(for)h(the)0 5022 y(giv)n(en)d(situation.)49
b(The)32 b(Securit)n(y)f(Asso)r(ciation,)h(Prop)r(osal,)f(and)g(T)-7
b(ransform)31 b(pa)n(yloads)e(are)i(included)h(in)g(the)h(Securit)n(y)0
5122 y(Asso)r(ciation)c(pa)n(yload)g(\(for)g(notation)h(purp)r(oses\).)
43 b(Random)30 b(information)f(whic)n(h)h(is)g(used)g(to)g(guaran)n
(tee)e(liv)n(eness)h(and)0 5221 y(protect)e(against)f(repla)n(y)g
(attac)n(ks)g(is)i(also)e(transmitted.)37 b(Random)27
b(information)g(pro)n(vided)f(b)n(y)h(b)r(oth)h(parties)e(SHOULD)0
5321 y(b)r(e)i(used)g(b)n(y)f(the)h(authen)n(tication)f(mec)n(hanism)g
(to)h(pro)n(vide)e(shared)h(pro)r(of)g(of)g(participation)g(in)h(the)g
(exc)n(hange.)0 5656 y(Maughan,)f(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(43])p eop
%%Page: 44 44
44 43 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y(In)34 b(the)g(second)f(message)f
(\(2\),)k(the)e(resp)r(onder)f(indicates)g(the)h(protection)f(suite)h
(it)h(has)e(accepted)g(with)h(the)h(Securit)n(y)0 490
y(Asso)r(ciation,)k(Prop)r(osal,)e(and)g(T)-7 b(ransform)36
b(pa)n(yloads.)64 b(Again,)39 b(random)e(information)f(whic)n(h)i(is)f
(used)g(to)g(guaran)n(tee)0 589 y(liv)n(eness)20 b(and)h(protect)g
(against)f(repla)n(y)g(attac)n(ks)f(is)i(also)f(transmitted.)35
b(Random)21 b(information)f(pro)n(vided)h(b)n(y)f(b)r(oth)i(parties)0
689 y(SHOULD)h(b)r(e)g(used)g(b)n(y)f(the)i(authen)n(tication)e(mec)n
(hanism)g(to)h(pro)n(vide)e(shared)h(pro)r(of)g(of)h(participation)e
(in)i(the)g(exc)n(hange.)0 789 y(Additionally)-7 b(,)24
b(the)e(resp)r(onder)f(transmits)h(iden)n(ti\014cation)g(information.)
35 b(All)22 b(of)h(this)f(information)g(is)g(transmitted)g(under)0
888 y(the)31 b(protection)f(of)g(the)h(agreed)e(up)r(on)i(authen)n
(tication)f(function.)47 b(Lo)r(cal)30 b(securit)n(y)f(p)r(olicy)i
(dictates)f(the)h(action)f(of)h(the)0 988 y(resp)r(onder)g(if)i(no)f
(prop)r(osed)f(protection)h(suite)g(is)g(accepted.)51
b(One)32 b(p)r(ossible)g(action)g(is)g(the)h(transmission)e(of)h(a)g
(Notify)0 1088 y(pa)n(yload)26 b(as)h(part)g(of)h(an)f(Informational)f
(Exc)n(hange.)0 1287 y(In)i(the)g(third)g(message)e(\(3\),)i(the)h
(initiator)e(transmits)g(iden)n(ti\014cation)h(information.)36
b(This)28 b(information)f(is)h(transmitted)0 1386 y(under)e(the)g
(protection)f(of)h(the)h(agreed)d(up)r(on)i(authen)n(tication)g
(function.)37 b(Lo)r(cal)25 b(securit)n(y)g(p)r(olicy)h(dictates)g(the)
g(action)g(if)0 1486 y(an)j(error)f(o)r(ccurs)g(during)i(these)f
(messages.)41 b(One)29 b(p)r(ossible)h(action)f(is)g(the)h
(transmission)e(of)i(a)f(Notify)h(pa)n(yload)e(as)h(part)0
1586 y(of)f(an)f(Informational)f(Exc)n(hange.)0 1917
y Fj(4.7)112 b(Aggressiv)m(e)37 b(Exc)m(hange)0 2170
y Fk(The)29 b(Aggressiv)n(e)e(Exc)n(hange)h(is)h(designed)g(to)g(allo)n
(w)f(the)i(Securit)n(y)f(Asso)r(ciation,)g(Key)f(Exc)n(hange)g(and)h
(Authen)n(tication)0 2269 y(related)40 b(pa)n(yloads)g(to)g(b)r(e)i
(transmitted)f(together.)76 b(Com)n(bining)41 b(the)g(Securit)n(y)g
(Asso)r(ciation,)i(Key)e(Exc)n(hange,)h(and)0 2369 y(Authen)n
(tication-related)32 b(information)h(in)n(to)f(one)h(message)f(reduces)
g(the)h(n)n(um)n(b)r(er)g(of)g(round-trips)f(at)h(the)g(exp)r(ense)g
(of)0 2468 y(not)23 b(pro)n(viding)e(iden)n(tit)n(y)h(protection.)35
b(Iden)n(tit)n(y)22 b(protection)g(is)h(not)f(pro)n(vided)g(b)r(ecause)
g(iden)n(tities)h(are)e(exc)n(hanged)g(b)r(efore)0 2568
y(a)35 b(common)h(shared)e(secret)h(has)h(b)r(een)g(established)f(and,)
j(therefore,)f(encryption)e(of)h(the)g(iden)n(tities)g(is)g(not)f(p)r
(ossible.)0 2668 y(Additionally)-7 b(,)26 b(the)f(Aggressiv)n(e)e(Exc)n
(hange)g(is)h(attempting)i(to)e(establish)h(all)g(securit)n(y)f(relev)
-5 b(an)n(t)24 b(information)g(in)h(a)g(single)0 2767
y(exc)n(hange.)35 b(The)25 b(follo)n(wing)f(diagram)f(sho)n(ws)h(the)i
(messages)d(with)j(p)r(ossible)f(pa)n(yloads)e(sen)n(t)i(in)g(eac)n(h)g
(message)e(and)i(notes)0 2867 y(for)i(an)g(example)h(of)f(the)h
(Aggressiv)n(e)d(Exc)n(hange.)1419 3138 y(A)n(GGRESSIVE)j(EX)n(CHANGE)
135 3337 y(#)238 b(Initiator)218 b(Direction)309 b(Resp)r(onder)928
b(NOTE)p 67 3370 3766 4 v 117 3437 a(\(1\))100 b(HDR;)28
b(SA;)g(KE;)202 b(=)p Fd(>)1103 b Fk(Begin)27 b(ISAKMP-SA)g(or)g(Pro)n
(xy)e(negotiation)323 3536 y(NONCE;)i(IDii)1481 b(and)27
b(Key)g(Exc)n(hange)117 3735 y(\(2\))843 b Fd(<)p Fk(=)202
b(HDR;)29 b(SA;)f(KE;)1398 3835 y(NONCE;)g(IDir;)f(A)n(UTH)2299
3935 y(Initiator)g(Iden)n(tit)n(y)g(V)-7 b(eri\014ed)28
b(b)n(y)f(Resp)r(onder)2299 4034 y(Key)g(Generated)2299
4134 y(Basic)f(SA)i(agreed)e(up)r(on)117 4234 y(\(3\))100
b(HDR*;)28 b(A)n(UTH)220 b(=)p Fd(>)2299 4333 y Fk(Resp)r(onder)27
b(Iden)n(tit)n(y)g(V)-7 b(eri\014ed)28 b(b)n(y)f(Initiator)2299
4433 y(SA)h(established)0 4710 y(In)34 b(the)g(\014rst)g(message)e
(\(1\),)k(the)e(initiator)g(generates)e(a)h(prop)r(osal)g(it)h
(considers)f(adequate)g(to)h(protect)f(tra\016c)g(for)h(the)0
4809 y(giv)n(en)d(situation.)49 b(The)32 b(Securit)n(y)f(Asso)r
(ciation,)h(Prop)r(osal,)f(and)g(T)-7 b(ransform)31 b(pa)n(yloads)e
(are)i(included)h(in)g(the)h(Securit)n(y)0 4909 y(Asso)r(ciation)22
b(pa)n(yload)g(\(for)h(notation)g(purp)r(oses\).)35 b(There)22
b(can)h(b)r(e)h(only)e(one)h(Prop)r(osal)e(and)i(one)g(T)-7
b(ransform)22 b(o\013ered)h(\(i.e.)0 5009 y(no)g(c)n(hoices\))g(in)h
(order)e(for)h(the)h(aggressiv)n(e)d(exc)n(hange)h(to)i(w)n(ork.)34
b(Keying)23 b(material)f(used)i(to)f(arriv)n(e)f(at)i(a)f(common)g
(shared)0 5108 y(secret)32 b(and)g(random)g(information)g(whic)n(h)g
(is)g(used)h(to)f(guaran)n(tee)f(liv)n(eness)h(and)g(protect)g(against)
g(repla)n(y)f(attac)n(ks)g(are)0 5208 y(also)h(transmitted.)52
b(Random)32 b(information)g(pro)n(vided)g(b)n(y)h(b)r(oth)g(parties)f
(SHOULD)h(b)r(e)g(used)g(b)n(y)f(the)h(authen)n(tication)0
5308 y(mec)n(hanism)f(to)g(pro)n(vide)g(shared)f(pro)r(of)h(of)h
(participation)f(in)g(the)h(exc)n(hange.)51 b(Additionally)-7
b(,)34 b(the)e(initiator)h(transmits)0 5407 y(iden)n(ti\014cation)27
b(information.)0 5656 y(Maughan,)g(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(44])p eop
%%Page: 45 45
45 44 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y(In)34 b(the)g(second)f(message)f
(\(2\),)k(the)e(resp)r(onder)f(indicates)g(the)h(protection)f(suite)h
(it)h(has)e(accepted)g(with)h(the)h(Securit)n(y)0 490
y(Asso)r(ciation,)28 b(Prop)r(osal,)e(and)j(T)-7 b(ransform)27
b(pa)n(yloads.)37 b(Keying)28 b(material)g(used)g(to)g(arriv)n(e)f(at)h
(a)g(common)g(shared)g(secret)0 589 y(and)d(random)f(information)g
(whic)n(h)h(is)g(used)g(to)g(guaran)n(tee)e(liv)n(eness)h(and)h
(protect)f(against)g(repla)n(y)g(attac)n(ks)f(is)i(also)f(trans-)0
689 y(mitted.)38 b(Random)27 b(information)h(pro)n(vided)e(b)n(y)i(b)r
(oth)g(parties)f(SHOULD)h(b)r(e)g(used)g(b)n(y)f(the)h(authen)n
(tication)g(mec)n(hanism)0 789 y(to)23 b(pro)n(vide)f(shared)g(pro)r
(of)g(of)h(participation)f(in)h(the)h(exc)n(hange.)33
b(Additionally)-7 b(,)25 b(the)e(resp)r(onder)f(transmits)g(iden)n
(ti\014cation)0 888 y(information.)42 b(All)30 b(of)f(this)h
(information)f(is)g(transmitted)h(under)f(the)h(protection)f(of)g(the)h
(agreed)e(up)r(on)h(authen)n(tication)0 988 y(function.)35
b(Lo)r(cal)19 b(securit)n(y)g(p)r(olicy)h(dictates)g(the)g(action)f(of)
h(the)h(resp)r(onder)d(if)j(no)e(prop)r(osed)g(protection)g(suite)h(is)
g(accepted.)0 1088 y(One)27 b(p)r(ossible)h(action)f(is)g(the)h
(transmission)e(of)i(a)f(Notify)h(pa)n(yload)e(as)h(part)g(of)h(an)f
(Informational)f(Exc)n(hange.)0 1287 y(In)e(the)h(third)f(\(3\))g
(message,)f(the)h(initiator)g(transmits)f(the)i(results)e(of)h(the)h
(agreed)d(up)r(on)i(authen)n(tication)g(function.)36
b(This)0 1386 y(information)25 b(is)h(transmitted)g(under)f(the)i
(protection)e(of)h(the)g(common)f(shared)g(secret.)35
b(Lo)r(cal)26 b(securit)n(y)f(p)r(olicy)g(dictates)0
1486 y(the)36 b(action)g(if)g(an)g(error)e(o)r(ccurs)h(during)h(these)g
(messages.)60 b(One)36 b(p)r(ossible)g(action)f(is)h(the)g
(transmission)f(of)h(a)g(Notify)0 1586 y(pa)n(yload)26
b(as)h(part)g(of)h(an)f(Informational)f(Exc)n(hange.)0
1918 y Fj(4.8)112 b(Informational)36 b(Exc)m(hange)0
2171 y Fk(The)21 b(Informational)f(Exc)n(hange)g(is)h(designed)g(as)f
(a)h(one-w)n(a)n(y)e(transmittal)i(of)g(information)g(that)h(can)e(b)r
(e)i(used)f(for)g(securit)n(y)0 2270 y(asso)r(ciation)33
b(managemen)n(t.)58 b(The)34 b(follo)n(wing)g(diagram)g(sho)n(ws)f(the)
i(messages)e(with)j(p)r(ossible)e(pa)n(yloads)f(sen)n(t)i(in)g(eac)n(h)
0 2370 y(message)26 b(and)i(notes)f(for)g(an)g(example)g(of)h(the)g
(Informational)e(Exc)n(hange.)1328 2647 y(INF)n(ORMA)-7
b(TIONAL)28 b(EX)n(CHANGE)593 2846 y(#)190 b(Initiator)171
b(Direction)99 b(Resp)r(onder)519 b(NOTE)p 524 2879 2852
4 v 574 2946 a(\(1\))100 b(HDR*;)28 b(N/D)203 b(=)p Fd(>)684
b Fk(Error)25 b(Noti\014cation)j(or)e(Deletion)0 3229
y(In)i(the)g(\014rst)f(message)f(\(1\),)i(the)g(initiator)f(or)g(resp)r
(onder)f(transmits)h(an)h(ISAKMP)f(Notify)h(or)f(Delete)h(pa)n(yload.)0
3428 y(If)h(the)g(Informational)e(Exc)n(hange)g(o)r(ccurs)h(prior)f(to)
h(the)h(exc)n(hange)e(of)i(k)n(eying)f(meterial)g(during)g(an)g(ISAKMP)
g(Phase)f(1)0 3528 y(negotiation,)f(there)g(will)h(b)r(e)g(no)g
(protection)f(pro)n(vided)f(for)i(the)g(Informational)e(Exc)n(hange.)35
b(Once)26 b(k)n(eying)g(material)g(has)0 3627 y(b)r(een)e(exc)n(hanged)
e(or)h(an)g(ISAKMP)g(SA)i(has)e(b)r(een)h(established,)g(the)g
(Informational)e(Exc)n(hange)g(MUST)i(b)r(e)g(transmitted)0
3727 y(under)j(the)h(protection)f(pro)n(vided)g(b)n(y)g(the)h(k)n
(eying)f(material)f(or)h(the)h(ISAKMP)f(SA.)0 3926 y(All)h(exc)n
(hanges)e(are)h(similar)f(in)i(that)g(with)g(the)g(b)r(eginning)g(of)f
(an)n(y)g(exc)n(hange)f(cryptographic)g(sync)n(hronization)g(MUST)0
4026 y(o)r(ccur.)34 b(The)22 b(Informational)f(Exc)n(hange)f(is)i(an)g
(exc)n(hange)f(and)h(not)g(an)f(ISAKMP)h(message.)34
b(Th)n(us,)22 b(the)h(generation)d(of)i(an)0 4125 y(Initialization)27
b(V)-7 b(ector)26 b(\(IV\))i(for)f(an)g(Informational)f(Exc)n(hange)f
(SHOULD)j(b)r(e)f(indep)r(enden)n(t)h(of)f(IVs)g(of)g(other)g(on-going)
0 4225 y(comm)n(unication.)43 b(This)29 b(will)h(ensure)g
(cryptographic)d(sync)n(hronization)h(is)i(main)n(tained)f(for)h
(existing)f(comm)n(unications)0 4325 y(and)e(the)h(Informational)f(Exc)
n(hange)f(will)h(b)r(e)h(pro)r(cessed)f(correctly)-7
b(.)0 4699 y Ff(5)137 b(ISAKMP)46 b(P)l(a)l(yload)f(Pro)t(cessing)0
4980 y Fk(Section)31 b(3)f(describ)r(es)g(the)i(ISAKMP)e(pa)n(yloads.)
45 b(These)30 b(pa)n(yloads)f(are)h(used)h(in)g(the)g(exc)n(hanges)e
(describ)r(ed)h(in)h(section)0 5080 y(4)c(and)h(can)g(b)r(e)g(used)g
(in)g(exc)n(hanges)e(de\014ned)i(for)g(a)f(sp)r(eci\014c)h(DOI.)g(This)
g(section)g(describ)r(es)f(the)h(pro)r(cessing)f(for)g(eac)n(h)g(of)0
5179 y(the)h(pa)n(yloads.)34 b(This)28 b(section)e(suggests)g(the)i
(logging)d(of)i(ev)n(en)n(ts)g(to)g(a)f(system)h(audit)h(\014le.)37
b(This)27 b(action)f(is)h(con)n(trolled)f(b)n(y)0 5279
y(a)h(system)h(securit)n(y)e(p)r(olicy)i(and)f(is,)h(therefore,)e(only)
i(a)f(suggested)f(action.)0 5656 y(Maughan,)h(Sc)n(hertler,)f(Sc)n
(hneider,)i(T)-7 b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25
b(.ps)478 b([P)n(age)26 b(45])p eop
%%Page: 46 46
46 45 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y Fj(5.1)112 b(General)38
b(Message)h(Pro)s(cessing)0 643 y Fk(Ev)n(ery)24 b(ISAKMP)h(message)g
(has)g(basic)g(pro)r(cessing)f(applied)i(to)g(insure)f(proto)r(col)g
(reliabilit)n(y)-7 b(,)25 b(and)h(to)f(minimize)i(threats,)0
743 y(suc)n(h)f(as)g(denial)g(of)g(service)g(and)g(repla)n(y)f(attac)n
(ks.)35 b(All)27 b(pro)r(cessing)e(SHOULD)i(include)g(pac)n(k)n(et)e
(length)i(c)n(hec)n(ks)e(to)i(insure)0 842 y(the)h(pac)n(k)n(et)f
(receiv)n(ed)f(is)i(at)f(least)g(as)g(long)g(as)g(the)h(length)g(giv)n
(en)e(in)i(the)g(ISAKMP)f(Header.)0 1042 y(When)37 b(transmitting)g(an)
g(ISAKMP)f(message,)i(the)f(transmitting)g(en)n(tit)n(y)f(\(initiator)h
(or)f(resp)r(onder\))g(MUST)h(do)g(the)0 1141 y(follo)n(wing:)101
1414 y(1.)42 b(Set)28 b(a)f(timer)g(and)h(initialize)f(a)h(retry)e
(coun)n(ter.)101 1545 y(2.)42 b(If)28 b(the)g(timer)f(expires,)g(the)h
(ISAKMP)f(message)f(is)i(resen)n(t)f(and)g(the)h(retry)f(coun)n(ter)g
(is)g(decremen)n(ted.)101 1676 y(3.)42 b(If)33 b(the)g(retry)e(coun)n
(ter)h(reac)n(hes)f(zero)h(\(0\),)i(the)f(ev)n(en)n(t,)h
Fb(RETR)-6 b(Y)33 b(LIMIT)i(REA)n(CHED)p Fk(,)e(MA)-7
b(Y)33 b(b)r(e)g(logged)f(in)h(the)208 1776 y(appropriate)25
b(system)j(audit)g(\014le.)101 1907 y(4.)42 b(The)27
b(ISAKMP)g(proto)r(col)g(mac)n(hine)g(clears)f(all)i(states)f(and)g
(returns)g(to)h(IDLE.)0 2237 y Fj(5.2)112 b(ISAKMP)37
b(Header)h(Pro)s(cessing)0 2490 y Fk(When)22 b(creating)e(an)g(ISAKMP)h
(message,)g(the)h(transmitting)f(en)n(tit)n(y)g(\(initiator)g(or)f
(resp)r(onder\))g(MUST)i(do)f(the)g(follo)n(wing:)101
2763 y(1.)42 b(Create)26 b(the)i(resp)r(ectiv)n(e)f(co)r(okie.)36
b(See)28 b(section)f(2.5.3)f(for)h(details.)101 2894
y(2.)42 b(Determine)28 b(the)g(relev)-5 b(an)n(t)26 b(securit)n(y)h(c)n
(haracteristics)e(of)j(the)g(session)e(\(i.e.)38 b(DOI)27
b(and)h(situation\).)101 3024 y(3.)42 b(Construct)27
b(an)g(ISAKMP)g(Header)g(with)h(\014elds)g(as)f(describ)r(ed)g(in)h
(section)f(3.1.)101 3155 y(4.)42 b(Construct)27 b(other)g(ISAKMP)g(pa)n
(yloads,)f(dep)r(ending)i(on)f(the)h(exc)n(hange)e(t)n(yp)r(e.)101
3286 y(5.)42 b(T)-7 b(ransmit)27 b(the)h(message)e(to)h(the)h
(destination)g(host)f(as)g(describ)r(ed)g(in)h(section)f(5.1.)0
3559 y(When)e(an)g(ISAKMP)f(message)g(is)g(receiv)n(ed,)h(the)g
(receiving)f(en)n(tit)n(y)g(\(initiator)h(or)f(resp)r(onder\))g(MUST)h
(do)g(the)g(follo)n(wing:)101 3832 y(1.)42 b(V)-7 b(erify)30
b(the)i(Initiator)e(and)h(Resp)r(onder)f(\\co)r(okies".)44
b(If)32 b(the)f(co)r(okie)f(v)-5 b(alidation)30 b(fails,)i(the)f
(message)e(is)i(discarded)208 3932 y(and)c(the)h(follo)n(wing)f
(actions)f(are)h(tak)n(en:)243 4094 y(\(a\))41 b(The)28
b(ev)n(en)n(t,)f Fb(INV)-8 b(ALID)28 b(COOKIE)p Fk(,)g(MA)-7
b(Y)28 b(b)r(e)g(logged)e(in)i(the)g(appropriate)e(system)h(audit)h
(\014le.)238 4208 y(\(b\))42 b(An)28 b(Informational)e(Exc)n(hange)f
(with)i(a)g(Noti\014cation)g(pa)n(yload)e(con)n(taining)h(the)i(INV)-9
b(ALID-COOKIE)25 b(mes-)390 4308 y(sage)30 b(t)n(yp)r(e)h(MA)-7
b(Y)32 b(b)r(e)f(sen)n(t)g(to)g(the)g(transmitting)g(en)n(tit)n(y)-7
b(.)47 b(This)31 b(action)f(is)h(dictated)g(b)n(y)g(a)f(system)h
(securit)n(y)390 4408 y(p)r(olicy)-7 b(.)101 4570 y(2.)42
b(Chec)n(k)36 b(the)h(Next)g(P)n(a)n(yload)d(\014eld)j(to)g(con\014rm)f
(it)h(is)g(v)-5 b(alid.)65 b(If)37 b(the)g(Next)g(P)n(a)n(yload)d
(\014eld)j(v)-5 b(alidation)37 b(fails,)i(the)208 4669
y(message)26 b(is)h(discarded)g(and)g(the)h(follo)n(wing)f(actions)g
(are)f(tak)n(en:)243 4832 y(\(a\))41 b(The)28 b(ev)n(en)n(t,)f
Fb(INV)-8 b(ALID)28 b(NEXT)i(P)-6 b(A)g(YLO)n(AD)p Fk(,)26
b(MA)-7 b(Y)28 b(b)r(e)g(logged)e(in)i(the)g(appropriate)e(system)h
(audit)h(\014le.)238 4946 y(\(b\))42 b(An)d(Informational)e(Exc)n
(hange)f(with)i(a)g(Noti\014cation)g(pa)n(yload)e(con)n(taining)h(the)i
(INV)-9 b(ALID-P)i(A)g(YLO)n(AD-)390 5046 y(TYPE)25 b(message)f(t)n(yp)
r(e)i(MA)-7 b(Y)26 b(b)r(e)g(sen)n(t)f(to)h(the)g(transmitting)f(en)n
(tit)n(y)-7 b(.)36 b(This)26 b(action)f(is)g(dictated)h(b)n(y)f(a)g
(system)390 5145 y(securit)n(y)i(p)r(olicy)-7 b(.)101
5308 y(3.)42 b(Chec)n(k)29 b(the)h(Ma)5 b(jor)28 b(and)i(Minor)f(V)-7
b(ersion)29 b(\014elds)h(to)f(con\014rm)h(they)g(are)e(correct.)42
b(If)30 b(the)g(V)-7 b(ersion)30 b(\014eld)g(v)-5 b(alidation)208
5407 y(fails,)27 b(the)h(message)e(is)i(discarded)e(and)i(the)g(follo)n
(wing)e(actions)h(are)g(tak)n(en:)0 5656 y(Maughan,)g(Sc)n(hertler,)f
(Sc)n(hneider,)i(T)-7 b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25
b(.ps)478 b([P)n(age)26 b(46])p eop
%%Page: 47 47
47 46 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)243 390 y(\(a\))41 b(The)28
b(ev)n(en)n(t,)f Fb(INV)-8 b(ALID)28 b(ISAKMP)i(VERSION)p
Fk(,)c(MA)-7 b(Y)29 b(b)r(e)f(logged)e(in)i(the)g(appropriate)e(system)
h(audit)h(\014le.)238 506 y(\(b\))42 b(An)19 b(Informational)e(Exc)n
(hange)g(with)i(a)f(Noti\014cation)g(pa)n(yload)f(con)n(taining)g(the)i
(INV)-9 b(ALID-MAJOR-VERSION)390 606 y(or)27 b(INV)-9
b(ALID-MINOR-VERSION)27 b(message)f(t)n(yp)r(e)i(MA)-7
b(Y)28 b(b)r(e)g(sen)n(t)f(to)h(the)f(transmitting)h(en)n(tit)n(y)-7
b(.)37 b(This)27 b(ac-)390 706 y(tion)h(is)f(dictated)h(b)n(y)g(a)f
(system)g(securit)n(y)g(p)r(olicy)-7 b(.)101 872 y(4.)42
b(Chec)n(k)29 b(the)h(Exc)n(hange)d(T)n(yp)r(e)j(\014eld)g(to)f
(con\014rm)g(it)h(is)g(v)-5 b(alid.)43 b(If)30 b(the)g(Exc)n(hange)d(T)
n(yp)r(e)j(\014eld)g(v)-5 b(alidation)29 b(fails,)h(the)208
971 y(message)c(is)h(discarded)g(and)g(the)h(follo)n(wing)f(actions)g
(are)f(tak)n(en:)243 1137 y(\(a\))41 b(The)28 b(ev)n(en)n(t,)f
Fb(INV)-8 b(ALID)28 b(EX)n(CHANGE)i(TYPE)p Fk(,)e(MA)-7
b(Y)29 b(b)r(e)f(logged)e(in)i(the)g(appropriate)e(system)h(audit)h
(\014le.)238 1254 y(\(b\))42 b(An)30 b(Informational)e(Exc)n(hange)g
(with)i(a)f(Noti\014cation)g(pa)n(yload)f(con)n(taining)g(the)i(INV)-9
b(ALID-EX)n(CHANGE-)390 1353 y(TYPE)25 b(message)f(t)n(yp)r(e)i(MA)-7
b(Y)26 b(b)r(e)g(sen)n(t)f(to)h(the)g(transmitting)f(en)n(tit)n(y)-7
b(.)36 b(This)26 b(action)f(is)g(dictated)h(b)n(y)f(a)g(system)390
1453 y(securit)n(y)i(p)r(olicy)-7 b(.)101 1619 y(5.)42
b(Chec)n(k)22 b(the)i(Flags)f(\014eld)g(to)g(ensure)g(it)h(con)n(tains)
e(correct)g(v)-5 b(alues.)35 b(If)24 b(the)g(Flags)e(\014eld)i(v)-5
b(alidation)23 b(fails,)h(the)g(message)208 1719 y(is)j(discarded)g
(and)g(the)h(follo)n(wing)f(actions)f(are)h(tak)n(en:)243
1885 y(\(a\))41 b(The)28 b(ev)n(en)n(t,)f Fb(INV)-8 b(ALID)28
b(FLA)n(GS)p Fk(,)g(MA)-7 b(Y)28 b(b)r(e)g(logged)e(in)i(the)g
(appropriate)e(system)h(audit)h(\014le.)238 2001 y(\(b\))42
b(An)22 b(Informational)d(Exc)n(hange)g(with)i(a)g(Noti\014cation)f(pa)
n(yload)g(con)n(taining)g(the)h(INV)-9 b(ALID-FLA)n(GS)21
b(message)390 2100 y(t)n(yp)r(e)27 b(MA)-7 b(Y)27 b(b)r(e)f(sen)n(t)h
(to)f(the)g(transmitting)h(en)n(tit)n(y)-7 b(.)36 b(This)26
b(action)g(is)g(dictated)h(b)n(y)f(a)g(system)g(securit)n(y)f(p)r
(olicy)-7 b(.)101 2267 y(6.)42 b(Chec)n(k)25 b(the)i(Message)e(ID)h
(\014eld)h(to)f(ensure)f(it)i(con)n(tains)e(correct)g(v)-5
b(alues.)36 b(If)27 b(the)f(Message)f(ID)i(v)-5 b(alidation)25
b(fails,)i(the)208 2366 y(message)f(is)h(discarded)g(and)g(the)h(follo)
n(wing)f(actions)g(are)f(tak)n(en:)243 2532 y(\(a\))41
b(The)28 b(ev)n(en)n(t,)f Fb(INV)-8 b(ALID)28 b(MESSA)n(GE)i(ID)p
Fk(,)e(MA)-7 b(Y)28 b(b)r(e)g(logged)e(in)i(the)g(appropriate)e(system)
h(audit)h(\014le.)238 2648 y(\(b\))42 b(An)28 b(Informational)f(Exc)n
(hange)f(with)i(a)f(Noti\014cation)h(pa)n(yload)e(con)n(taining)h(the)h
(INV)-9 b(ALID-MESSA)n(GE-ID)390 2748 y(message)21 b(t)n(yp)r(e)i(MA)-7
b(Y)23 b(b)r(e)g(sen)n(t)f(to)h(the)g(transmitting)f(en)n(tit)n(y)-7
b(.)35 b(This)22 b(action)g(is)h(dictated)f(b)n(y)h(a)f(system)g
(securit)n(y)390 2848 y(p)r(olicy)-7 b(.)101 3014 y(7.)42
b(Pro)r(cessing)25 b(of)j(the)g(ISAKMP)f(message)f(con)n(tin)n(ues)h
(using)g(the)h(v)-5 b(alue)28 b(in)f(the)h(Next)g(P)n(a)n(yload)d
(\014eld.)0 3346 y Fj(5.3)112 b(Generic)37 b(P)m(a)m(yload)g(Header)h
(Pro)s(cessing)0 3599 y Fk(When)21 b(creating)f(an)n(y)f(of)i(the)g
(ISAKMP)f(P)n(a)n(yloads)e(describ)r(ed)i(in)h(sections)f(3.4)f
(through)h(3.15)f(a)i(Generic)f(P)n(a)n(yload)e(Header)0
3698 y(is)29 b(placed)f(at)h(the)h(b)r(eginning)f(of)f(these)h(pa)n
(yloads.)40 b(When)29 b(creating)f(the)h(Generic)g(P)n(a)n(yload)d
(Header,)j(the)g(transmitting)0 3798 y(en)n(tit)n(y)f(\(initiator)f(or)
g(resp)r(onder\))f(MUST)i(do)g(the)g(follo)n(wing:)101
4080 y(1.)42 b(Place)28 b(the)j(v)-5 b(alue)29 b(of)h(the)g(Next)h(P)n
(a)n(yload)c(in)j(the)g(Next)h(P)n(a)n(yload)c(\014eld.)44
b(These)29 b(v)-5 b(alues)30 b(are)f(describ)r(ed)g(in)h(section)208
4180 y(3.1.)101 4313 y(2.)42 b(Place)26 b(the)i(v)-5
b(alue)28 b(zero)e(\(0\))i(in)g(the)g(RESER)-9 b(VED)27
b(\014eld.)101 4445 y(3.)42 b(Place)26 b(the)i(length)g(\(in)g(o)r
(ctets\))g(of)f(the)h(pa)n(yload)e(in)i(the)g(P)n(a)n(yload)d(Length)j
(\014eld.)101 4578 y(4.)42 b(Construct)27 b(the)h(pa)n(yloads)d(as)i
(de\014ned)h(in)g(the)g(remainder)f(of)g(this)h(section.)0
4861 y(When)e(an)n(y)f(of)g(the)h(ISAKMP)g(P)n(a)n(yloads)c(are)j
(receiv)n(ed,)g(the)h(receiving)e(en)n(tit)n(y)i(\(initiator)f(or)g
(resp)r(onder\))f(MUST)i(do)g(the)0 4960 y(follo)n(wing:)101
5242 y(1.)42 b(Chec)n(k)36 b(the)h(Next)g(P)n(a)n(yload)d(\014eld)j(to)
g(con\014rm)f(it)h(is)g(v)-5 b(alid.)65 b(If)37 b(the)g(Next)g(P)n(a)n
(yload)d(\014eld)j(v)-5 b(alidation)37 b(fails,)i(the)208
5342 y(message)26 b(is)h(discarded)g(and)g(the)h(follo)n(wing)f
(actions)g(are)f(tak)n(en:)0 5656 y(Maughan,)h(Sc)n(hertler,)f(Sc)n
(hneider,)i(T)-7 b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25
b(.ps)478 b([P)n(age)26 b(47])p eop
%%Page: 48 48
48 47 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)243 390 y(\(a\))41 b(The)28
b(ev)n(en)n(t,)f Fb(INV)-8 b(ALID)28 b(NEXT)i(P)-6 b(A)g(YLO)n(AD)p
Fk(,)26 b(MA)-7 b(Y)28 b(b)r(e)g(logged)e(in)i(the)g(appropriate)e
(system)h(audit)h(\014le.)238 506 y(\(b\))42 b(An)d(Informational)e
(Exc)n(hange)f(with)i(a)g(Noti\014cation)g(pa)n(yload)e(con)n(taining)h
(the)i(INV)-9 b(ALID-P)i(A)g(YLO)n(AD-)390 606 y(TYPE)25
b(message)f(t)n(yp)r(e)i(MA)-7 b(Y)26 b(b)r(e)g(sen)n(t)f(to)h(the)g
(transmitting)f(en)n(tit)n(y)-7 b(.)36 b(This)26 b(action)f(is)g
(dictated)h(b)n(y)f(a)g(system)390 706 y(securit)n(y)i(p)r(olicy)-7
b(.)101 872 y(2.)42 b(V)-7 b(erify)28 b(the)g(RESER)-9
b(VED)27 b(\014eld)i(con)n(tains)e(the)h(v)-5 b(alue)28
b(zero.)37 b(If)29 b(the)f(v)-5 b(alue)28 b(in)g(the)h(RESER)-9
b(VED)27 b(\014eld)h(is)g(not)g(zero,)208 971 y(the)g(message)e(is)h
(discarded)g(and)g(the)h(follo)n(wing)f(actions)g(are)f(tak)n(en:)243
1137 y(\(a\))41 b(The)28 b(ev)n(en)n(t,)f Fb(INV)-8 b(ALID)28
b(RESER)-8 b(VED)28 b(FIELD)p Fk(,)g(MA)-7 b(Y)29 b(b)r(e)f(logged)e
(in)i(the)g(appropriate)e(system)h(audit)h(\014le.)238
1254 y(\(b\))42 b(An)19 b(Informational)e(Exc)n(hange)g(with)i(a)f
(Noti\014cation)g(pa)n(yload)f(con)n(taining)g(the)i(BAD-PR)n
(OPOSAL-SYNT)-7 b(AX)390 1353 y(or)24 b(P)-7 b(A)g(YLO)n(AD-MALF)n
(ORMED)25 b(message)e(t)n(yp)r(e)i(MA)-7 b(Y)26 b(b)r(e)f(sen)n(t)g(to)
g(the)g(transmitting)g(en)n(tit)n(y)-7 b(.)36 b(This)25
b(action)390 1453 y(is)j(dictated)g(b)n(y)f(a)g(system)g(securit)n(y)g
(p)r(olicy)-7 b(.)101 1619 y(3.)42 b(Pro)r(cess)25 b(the)j(remaining)f
(pa)n(yloads)f(as)h(de\014ned)h(b)n(y)f(the)h(Next)g(P)n(a)n(yload)d
(\014eld.)0 1951 y Fj(5.4)112 b(Securit)m(y)37 b(Asso)s(ciation)f(P)m
(a)m(yload)h(Pro)s(cessing)0 2204 y Fk(When)d(creating)d(a)i(Securit)n
(y)g(Asso)r(ciation)f(P)n(a)n(yload,)g(the)h(transmitting)g(en)n(tit)n
(y)g(\(initiator)g(or)f(resp)r(onder\))g(MUST)h(do)0
2303 y(the)28 b(follo)n(wing:)101 2586 y(1.)42 b(Determine)28
b(the)g(Domain)f(of)h(In)n(terpretation)e(for)h(whic)n(h)h(this)g
(negotiation)e(is)i(b)r(eing)f(p)r(erformed.)101 2719
y(2.)42 b(Determine)28 b(the)g(situation)f(within)h(the)g(determined)g
(DOI)g(for)f(whic)n(h)g(this)h(negotiation)f(is)g(b)r(eing)h(p)r
(erformed.)101 2851 y(3.)42 b(Determine)26 b(the)h(prop)r(osal\(s\))e
(and)h(transform\(s\))f(within)i(the)g(situation.)36
b(These)26 b(are)f(describ)r(ed,)h(resp)r(ectiv)n(ely)-7
b(,)26 b(in)208 2951 y(sections)h(3.5)f(and)i(3.6.)101
3084 y(4.)42 b(Construct)27 b(a)g(Securit)n(y)g(Asso)r(ciation)g(pa)n
(yload.)101 3217 y(5.)42 b(T)-7 b(ransmit)27 b(the)h(message)e(to)h
(the)h(receiving)f(en)n(tit)n(y)g(as)g(describ)r(ed)h(in)f(section)h
(5.1.)0 3499 y(When)f(a)f(Securit)n(y)g(Asso)r(ciation)g(pa)n(yload)f
(is)i(receiv)n(ed,)e(the)i(receiving)f(en)n(tit)n(y)g(\(initiator)h(or)
f(resp)r(onder\))f(MUST)i(do)g(the)0 3599 y(follo)n(wing:)101
3881 y(1.)42 b(Determine)34 b(if)h(the)g(Domain)f(of)h(In)n
(terpretation)e(\(DOI\))i(is)f(supp)r(orted.)58 b(If)34
b(the)h(DOI)g(determination)f(fails,)i(the)208 3981 y(message)26
b(is)h(discarded)g(and)g(the)h(follo)n(wing)f(actions)g(are)f(tak)n
(en:)243 4147 y(\(a\))41 b(The)28 b(ev)n(en)n(t,)f Fb(INV)-8
b(ALID)28 b(DOI)p Fk(,)f(MA)-7 b(Y)29 b(b)r(e)f(logged)e(in)i(the)g
(appropriate)e(system)h(audit)h(\014le.)238 4263 y(\(b\))42
b(An)27 b(Informational)e(Exc)n(hange)g(with)i(a)f(Noti\014cation)g(pa)
n(yload)f(con)n(taining)g(the)i(DOI-NOT-SUPPOR)-7 b(TED)390
4362 y(message)21 b(t)n(yp)r(e)i(MA)-7 b(Y)23 b(b)r(e)g(sen)n(t)f(to)h
(the)g(transmitting)f(en)n(tit)n(y)-7 b(.)35 b(This)22
b(action)g(is)h(dictated)f(b)n(y)h(a)f(system)g(securit)n(y)390
4462 y(p)r(olicy)-7 b(.)101 4628 y(2.)42 b(Determine)28
b(if)g(the)g(giv)n(en)f(situation)h(can)f(b)r(e)h(protected.)37
b(If)28 b(the)h(Situation)f(determination)f(fails,)h(the)g(message)e
(is)208 4728 y(discarded)g(and)i(the)g(follo)n(wing)e(actions)h(are)g
(tak)n(en:)243 4894 y(\(a\))41 b(The)28 b(ev)n(en)n(t,)f
Fb(INV)-8 b(ALID)28 b(SITUA)-6 b(TION)p Fk(,)27 b(MA)-7
b(Y)28 b(b)r(e)g(logged)e(in)i(the)g(appropriate)e(system)i(audit)f
(\014le.)238 5010 y(\(b\))42 b(An)19 b(Informational)e(Exc)n(hange)g
(with)i(a)f(Noti\014cation)g(pa)n(yload)f(con)n(taining)g(the)i(SITUA)
-7 b(TION-NOT-SUPPOR)g(TED)390 5110 y(message)21 b(t)n(yp)r(e)i(MA)-7
b(Y)23 b(b)r(e)g(sen)n(t)f(to)h(the)g(transmitting)f(en)n(tit)n(y)-7
b(.)35 b(This)22 b(action)g(is)h(dictated)f(b)n(y)h(a)f(system)g
(securit)n(y)390 5209 y(p)r(olicy)-7 b(.)0 5656 y(Maughan,)27
b(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7 b(urner)477 b
(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478 b([P)n(age)26
b(48])p eop
%%Page: 49 49
49 48 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)101 390 y(3.)42 b(Pro)r(cess)24
b(the)k(remaining)d(pa)n(yloads)g(\(i.e.)37 b(Prop)r(osal,)25
b(T)-7 b(ransform\))26 b(of)g(the)h(Securit)n(y)g(Asso)r(ciation)e(P)n
(a)n(yload.)35 b(If)27 b(the)208 490 y(Securit)n(y)d(Asso)r(ciation)g
(Prop)r(osal)f(\(as)h(describ)r(ed)h(in)g(sections)f(5.5)g(and)h(5.6\))
g(is)f(not)h(accepted,)g(then)h(the)f(follo)n(wing)208
589 y(actions)h(are)h(tak)n(en:)243 756 y(\(a\))41 b(The)28
b(ev)n(en)n(t,)f Fb(INV)-8 b(ALID)28 b(PR)n(OPOSAL)p
Fk(,)f(MA)-7 b(Y)28 b(b)r(e)g(logged)e(in)i(the)g(appropriate)e(system)
h(audit)h(\014le.)238 872 y(\(b\))42 b(An)19 b(Informational)e(Exc)n
(hange)g(with)i(a)f(Noti\014cation)g(pa)n(yload)f(con)n(taining)g(the)i
(NO-PR)n(OPOSAL-CHOSEN)390 971 y(message)i(t)n(yp)r(e)i(MA)-7
b(Y)23 b(b)r(e)g(sen)n(t)f(to)h(the)g(transmitting)f(en)n(tit)n(y)-7
b(.)35 b(This)22 b(action)g(is)h(dictated)f(b)n(y)h(a)f(system)g
(securit)n(y)390 1071 y(p)r(olicy)-7 b(.)0 1403 y Fj(5.5)112
b(Prop)s(osal)37 b(P)m(a)m(yload)h(Pro)s(cessing)0 1656
y Fk(When)26 b(creating)f(a)h(Prop)r(osal)d(P)n(a)n(yload,)h(the)j
(transmitting)e(en)n(tit)n(y)h(\(initiator)g(or)f(resp)r(onder\))g
(MUST)h(do)g(the)g(follo)n(wing:)101 1938 y(1.)42 b(Determine)28
b(the)g(Proto)r(col)d(for)i(this)h(prop)r(osal.)101 2071
y(2.)42 b(Determine)32 b(the)g(n)n(um)n(b)r(er)f(of)h(prop)r(osals)e
(to)h(b)r(e)i(o\013ered)e(for)g(this)h(proto)r(col)e(and)i(the)g(n)n
(um)n(b)r(er)g(of)f(transforms)g(for)208 2171 y(eac)n(h)26
b(prop)r(osal.)36 b(T)-7 b(ransforms)26 b(are)g(describ)r(ed)i(in)g
(section)f(3.6.)101 2303 y(3.)42 b(Generate)27 b(a)g(unique)h
(pseudo-random)d(SPI.)101 2436 y(4.)42 b(Construct)27
b(a)g(Prop)r(osal)e(pa)n(yload.)0 2719 y(When)j(a)f(Prop)r(osal)f(pa)n
(yload)g(is)h(receiv)n(ed,)g(the)h(receiving)e(en)n(tit)n(y)i
(\(initiator)f(or)g(resp)r(onder\))g(MUST)h(do)f(the)h(follo)n(wing:)
101 3001 y(1.)42 b(Determine)24 b(if)h(the)g(Proto)r(col)d(is)j(supp)r
(orted.)35 b(If)25 b(the)g(Proto)r(col-ID)d(\014eld)j(is)f(in)n(v)-5
b(alid,)25 b(the)g(pa)n(yload)e(is)h(discarded)f(and)208
3100 y(the)28 b(follo)n(wing)e(actions)h(are)f(tak)n(en:)243
3267 y(\(a\))41 b(The)28 b(ev)n(en)n(t,)f Fb(INV)-8 b(ALID)28
b(PR)n(OTOCOL)p Fk(,)f(MA)-7 b(Y)29 b(b)r(e)f(logged)e(in)i(the)g
(appropriate)e(system)h(audit)h(\014le.)238 3383 y(\(b\))42
b(An)31 b(Informational)d(Exc)n(hange)g(with)j(a)e(Noti\014cation)h(pa)
n(yload)e(con)n(taining)h(the)h(INV)-9 b(ALID-PR)n(OTOCOL-)390
3482 y(ID)34 b(message)f(t)n(yp)r(e)h(MA)-7 b(Y)34 b(b)r(e)g(sen)n(t)g
(to)f(the)h(transmitting)g(en)n(tit)n(y)-7 b(.)55 b(This)34
b(action)f(is)h(dictated)g(b)n(y)f(a)g(system)390 3582
y(securit)n(y)27 b(p)r(olicy)-7 b(.)101 3748 y(2.)42
b(Determine)28 b(if)h(the)g(SPI)f(is)h(v)-5 b(alid.)39
b(If)29 b(the)g(SPI)f(is)g(in)n(v)-5 b(alid,)29 b(the)g(pa)n(yload)e
(is)h(discarded)f(and)i(the)f(follo)n(wing)g(actions)208
3848 y(are)e(tak)n(en:)243 4014 y(\(a\))41 b(The)28 b(ev)n(en)n(t,)f
Fb(INV)-8 b(ALID)28 b(SPI)p Fk(,)g(MA)-7 b(Y)28 b(b)r(e)g(logged)f(in)g
(the)h(appropriate)e(system)i(audit)f(\014le.)238 4130
y(\(b\))42 b(An)36 b(Informational)e(Exc)n(hange)g(with)h(a)g
(Noti\014cation)g(pa)n(yload)f(con)n(taining)g(the)i(INV)-9
b(ALID-SPI)35 b(message)390 4230 y(t)n(yp)r(e)27 b(MA)-7
b(Y)27 b(b)r(e)f(sen)n(t)h(to)f(the)g(transmitting)h(en)n(tit)n(y)-7
b(.)36 b(This)26 b(action)g(is)g(dictated)h(b)n(y)f(a)g(system)g
(securit)n(y)f(p)r(olicy)-7 b(.)101 4396 y(3.)42 b(Ensure)19
b(the)i(Prop)r(osals)d(are)h(presen)n(ted)h(according)e(to)j(the)g
(details)f(giv)n(en)f(in)i(section)f(3.5)f(and)i(4.2.)33
b(If)21 b(the)g(prop)r(osals)208 4495 y(are)26 b(not)i(formed)f
(correctly)-7 b(,)26 b(the)i(follo)n(wing)f(actions)g(are)f(tak)n(en:)
243 4661 y(\(a\))41 b(P)n(ossible)31 b(ev)n(en)n(ts,)h
Fb(BAD)h(PR)n(OPOSAL)g(SYNT)-6 b(AX,)33 b(INV)-8 b(ALID)32
b(PR)n(OPOSAL)p Fk(,)f(are)f(logged)h(in)h(the)h(appro-)390
4761 y(priate)27 b(system)h(audit)f(\014le.)238 4877
y(\(b\))42 b(An)19 b(Informational)e(Exc)n(hange)g(with)i(a)f
(Noti\014cation)g(pa)n(yload)f(con)n(taining)g(the)i(BAD-PR)n
(OPOSAL-SYNT)-7 b(AX)390 4977 y(or)24 b(P)-7 b(A)g(YLO)n(AD-MALF)n
(ORMED)25 b(message)e(t)n(yp)r(e)i(MA)-7 b(Y)26 b(b)r(e)f(sen)n(t)g(to)
g(the)g(transmitting)g(en)n(tit)n(y)-7 b(.)36 b(This)25
b(action)390 5076 y(is)j(dictated)g(b)n(y)f(a)g(system)g(securit)n(y)g
(p)r(olicy)-7 b(.)101 5242 y(4.)42 b(Pro)r(cess)36 b(the)j(Prop)r(osal)
e(and)h(T)-7 b(ransform)37 b(pa)n(yloads)g(as)h(de\014ned)h(b)n(y)f
(the)h(Next)g(P)n(a)n(yload)d(\014eld.)71 b(Examples)37
b(of)208 5342 y(pro)r(cessing)26 b(these)h(pa)n(yloads)f(are)h(giv)n
(en)f(in)i(section)g(4.2.1.)0 5656 y(Maughan,)f(Sc)n(hertler,)f(Sc)n
(hneider,)i(T)-7 b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25
b(.ps)478 b([P)n(age)26 b(49])p eop
%%Page: 50 50
50 49 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y Fj(5.6)112 b(T)-9
b(ransform)37 b(P)m(a)m(yload)h(Pro)s(cessing)0 643 y
Fk(When)22 b(creating)f(a)g(T)-7 b(ransform)21 b(P)n(a)n(yload,)f(the)i
(transmitting)g(en)n(tit)n(y)g(\(initiator)f(or)g(resp)r(onder\))g
(MUST)h(do)g(the)g(follo)n(wing:)101 915 y(1.)42 b(Determine)28
b(the)g(T)-7 b(ransform)26 b(#)i(for)f(this)h(transform.)101
1045 y(2.)42 b(Determine)d(the)g(n)n(um)n(b)r(er)g(of)g(transforms)f
(to)g(b)r(e)i(o\013ered)e(for)h(this)g(prop)r(osal.)70
b(T)-7 b(ransforms)37 b(are)h(describ)r(ed)h(in)208 1145
y(sections)27 b(3.6.)101 1276 y(3.)42 b(Construct)27
b(a)g(T)-7 b(ransform)26 b(pa)n(yload.)0 1547 y(When)h(a)e(T)-7
b(ransform)25 b(pa)n(yload)f(is)i(receiv)n(ed,)f(the)i(receiving)e(en)n
(tit)n(y)g(\(initiator)h(or)f(resp)r(onder\))g(MUST)i(do)f(the)g(follo)
n(wing:)101 1819 y(1.)42 b(Determine)18 b(if)h(the)g(T)-7
b(ransform)17 b(is)i(supp)r(orted.)33 b(If)19 b(the)g(T)-7
b(ransform-ID)17 b(\014eld)i(con)n(tains)e(an)h(unkno)n(wn)g(or)g
(unsupp)r(orted)208 1918 y(v)-5 b(alue,)35 b(then)f(that)g(T)-7
b(ransform)32 b(pa)n(yload)g(MUST)j(b)r(e)f(ignored)e(and)i(MUST)g(NOT)
f(cause)g(the)h(generation)f(of)g(an)208 2018 y(INV)-9
b(ALID)28 b(TRANSF)n(ORM)g(ev)n(en)n(t.)37 b(If)28 b(the)h(T)-7
b(ransform-ID)26 b(\014eld)i(is)g(in)n(v)-5 b(alid,)27
b(the)h(pa)n(yload)f(is)g(discarded)g(and)h(the)208 2117
y(follo)n(wing)e(actions)h(are)g(tak)n(en:)243 2279 y(\(a\))41
b(The)28 b(ev)n(en)n(t,)f Fb(INV)-8 b(ALID)28 b(TRANSF)n(ORM)p
Fk(,)f(MA)-7 b(Y)28 b(b)r(e)g(logged)e(in)i(the)g(appropriate)e(system)
h(audit)h(\014le.)238 2393 y(\(b\))42 b(An)23 b(Informational)f(Exc)n
(hange)f(with)i(a)f(Noti\014cation)h(pa)n(yload)e(con)n(taining)g(the)i
(INV)-9 b(ALID-TRANSF)n(ORM-)390 2493 y(ID)34 b(message)f(t)n(yp)r(e)h
(MA)-7 b(Y)34 b(b)r(e)g(sen)n(t)g(to)f(the)h(transmitting)g(en)n(tit)n
(y)-7 b(.)55 b(This)34 b(action)f(is)h(dictated)g(b)n(y)f(a)g(system)
390 2592 y(securit)n(y)27 b(p)r(olicy)-7 b(.)101 2754
y(2.)42 b(Ensure)37 b(the)i(T)-7 b(ransforms)36 b(are)i(presen)n(ted)f
(according)g(to)h(the)h(details)f(giv)n(en)f(in)i(section)f(3.6)g(and)g
(4.2.)68 b(If)39 b(the)208 2854 y(transforms)26 b(are)g(not)i(formed)f
(correctly)-7 b(,)26 b(the)i(follo)n(wing)f(actions)g(are)f(tak)n(en:)
243 3016 y(\(a\))41 b(P)n(ossible)17 b(ev)n(en)n(ts,)j
Fb(BAD)h(PR)n(OPOSAL)f(SYNT)-6 b(AX,)20 b(INV)-8 b(ALID)19
b(TRANSF)n(ORM,)i(INV)-8 b(ALID)20 b(A)-6 b(TTRIBUTES)p
Fk(,)390 3115 y(are)27 b(logged)f(in)i(the)g(appropriate)e(system)h
(audit)h(\014le.)238 3229 y(\(b\))42 b(An)19 b(Informational)e(Exc)n
(hange)g(with)i(a)f(Noti\014cation)g(pa)n(yload)f(con)n(taining)g(the)i
(BAD-PR)n(OPOSAL-SYNT)-7 b(AX,)390 3329 y(P)g(A)g(YLO)n(AD-MALF)n
(ORMED)22 b(or)f(A)-7 b(TTRIBUTES-NOT-SUPPOR)g(TED)20
b(message)g(t)n(yp)r(e)i(MA)-7 b(Y)23 b(b)r(e)f(sen)n(t)g(to)390
3429 y(the)28 b(transmitting)g(en)n(tit)n(y)-7 b(.)36
b(This)28 b(action)f(is)h(dictated)f(b)n(y)h(a)f(system)g(securit)n(y)g
(p)r(olicy)-7 b(.)101 3590 y(3.)42 b(Pro)r(cess)30 b(the)i(subsequen)n
(t)f(T)-7 b(ransform)31 b(and)g(Prop)r(osal)f(pa)n(yloads)g(as)h
(de\014ned)h(b)n(y)g(the)g(Next)g(P)n(a)n(yload)d(\014eld.)50
b(Ex-)208 3690 y(amples)27 b(of)g(pro)r(cessing)f(these)i(pa)n(yloads)e
(are)g(giv)n(en)h(in)h(section)f(4.2.1.)0 4020 y Fj(5.7)112
b(Key)38 b(Exc)m(hange)g(P)m(a)m(yload)f(Pro)s(cessing)0
4273 y Fk(When)i(creating)d(a)i(Key)f(Exc)n(hange)f(P)n(a)n(yload,)j
(the)f(transmitting)g(en)n(tit)n(y)g(\(initiator)f(or)g(resp)r(onder\))
h(MUST)g(do)g(the)0 4373 y(follo)n(wing:)101 4644 y(1.)k(Determine)28
b(the)g(Key)e(Exc)n(hange)g(to)i(b)r(e)g(used)f(as)g(de\014ned)h(b)n(y)
f(the)h(DOI.)101 4775 y(2.)42 b(Determine)28 b(the)g(usage)e(of)i(the)g
(Key)e(Exc)n(hange)g(Data)i(\014eld)g(as)e(de\014ned)i(b)n(y)g(the)g
(DOI.)101 4905 y(3.)42 b(Construct)27 b(a)g(Key)g(Exc)n(hange)f(pa)n
(yload.)101 5036 y(4.)42 b(T)-7 b(ransmit)27 b(the)h(message)e(to)h
(the)h(receiving)f(en)n(tit)n(y)g(as)g(describ)r(ed)h(in)f(section)h
(5.1.)0 5308 y(When)42 b(a)e(Key)h(Exc)n(hange)e(pa)n(yload)g(is)i
(receiv)n(ed,)i(the)f(receiving)e(en)n(tit)n(y)g(\(initiator)h(or)f
(resp)r(onder\))g(MUST)i(do)f(the)0 5407 y(follo)n(wing:)0
5656 y(Maughan,)27 b(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(50])p eop
%%Page: 51 51
51 50 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)101 390 y(1.)42 b(Determine)27
b(if)g(the)h(Key)e(Exc)n(hange)f(is)i(supp)r(orted.)37
b(If)27 b(the)g(Key)g(Exc)n(hange)e(determination)h(fails,)h(the)h
(message)d(is)208 490 y(discarded)h(and)i(the)g(follo)n(wing)e(actions)
h(are)g(tak)n(en:)243 656 y(\(a\))41 b(The)35 b(ev)n(en)n(t,)h
Fb(INV)-8 b(ALID)35 b(KEY)i(INF)n(ORMA)-6 b(TION)p Fk(,)33
b(MA)-7 b(Y)36 b(b)r(e)f(logged)f(in)h(the)g(appropriate)e(system)i
(audit)390 756 y(\014le.)238 872 y(\(b\))42 b(An)19 b(Informational)e
(Exc)n(hange)g(with)i(a)f(Noti\014cation)g(pa)n(yload)f(con)n(taining)g
(the)i(INV)-9 b(ALID-KEY-INF)n(ORMA)i(TION)390 971 y(message)21
b(t)n(yp)r(e)i(MA)-7 b(Y)23 b(b)r(e)g(sen)n(t)f(to)h(the)g
(transmitting)f(en)n(tit)n(y)-7 b(.)35 b(This)22 b(action)g(is)h
(dictated)f(b)n(y)h(a)f(system)g(securit)n(y)390 1071
y(p)r(olicy)-7 b(.)0 1403 y Fj(5.8)112 b(Iden)m(ti\014cation)36
b(P)m(a)m(yload)i(Pro)s(cessing)0 1656 y Fk(When)h(creating)e(an)h
(Iden)n(ti\014cation)g(P)n(a)n(yload,)h(the)f(transmitting)h(en)n(tit)n
(y)f(\(initiator)g(or)f(resp)r(onder\))h(MUST)h(do)f(the)0
1756 y(follo)n(wing:)101 2038 y(1.)k(Determine)22 b(the)h(Iden)n
(ti\014cation)f(information)g(to)g(b)r(e)h(used)f(as)g(de\014ned)h(b)n
(y)f(the)g(DOI)h(\(and)f(p)r(ossibly)g(the)h(situation\).)101
2171 y(2.)42 b(Determine)28 b(the)g(usage)e(of)i(the)g(Iden)n
(ti\014cation)f(Data)g(\014eld)h(as)f(de\014ned)h(b)n(y)f(the)h(DOI.)
101 2303 y(3.)42 b(Construct)27 b(an)g(Iden)n(ti\014cation)g(pa)n
(yload.)101 2436 y(4.)42 b(T)-7 b(ransmit)27 b(the)h(message)e(to)h
(the)h(receiving)f(en)n(tit)n(y)g(as)g(describ)r(ed)h(in)f(section)h
(5.1.)0 2719 y(When)k(an)e(Iden)n(ti\014cation)h(pa)n(yload)f(is)h
(receiv)n(ed,)g(the)g(receiving)f(en)n(tit)n(y)h(\(initiator)g(or)f
(resp)r(onder\))g(MUST)i(do)f(the)g(fol-)0 2818 y(lo)n(wing:)101
3100 y(1.)42 b(Determine)31 b(if)h(the)g(Iden)n(ti\014cation)f(T)n(yp)r
(e)g(is)g(supp)r(orted.)48 b(This)31 b(ma)n(y)g(b)r(e)h(based)e(on)h
(the)h(DOI)f(and)g(Situation.)49 b(If)208 3200 y(the)28
b(Iden)n(ti\014cation)f(determination)g(fails,)h(the)g(message)e(is)h
(discarded)g(and)g(the)h(follo)n(wing)f(actions)g(are)f(tak)n(en:)243
3366 y(\(a\))41 b(The)28 b(ev)n(en)n(t,)f Fb(INV)-8 b(ALID)28
b(ID)i(INF)n(ORMA)-6 b(TION)p Fk(,)26 b(MA)-7 b(Y)28
b(b)r(e)g(logged)f(in)g(the)h(appropriate)e(system)i(audit)f(\014le.)
238 3482 y(\(b\))42 b(An)19 b(Informational)e(Exc)n(hange)g(with)i(a)f
(Noti\014cation)g(pa)n(yload)f(con)n(taining)g(the)i(INV)-9
b(ALID-ID-INF)n(ORMA)i(TION)390 3582 y(message)21 b(t)n(yp)r(e)i(MA)-7
b(Y)23 b(b)r(e)g(sen)n(t)f(to)h(the)g(transmitting)f(en)n(tit)n(y)-7
b(.)35 b(This)22 b(action)g(is)h(dictated)f(b)n(y)h(a)f(system)g
(securit)n(y)390 3682 y(p)r(olicy)-7 b(.)0 4014 y Fj(5.9)112
b(Certi\014cate)37 b(P)m(a)m(yload)g(Pro)s(cessing)0
4267 y Fk(When)22 b(creating)e(a)i(Certi\014cate)f(P)n(a)n(yload,)f
(the)i(transmitting)f(en)n(tit)n(y)g(\(initiator)h(or)e(resp)r(onder\))
h(MUST)h(do)f(the)h(follo)n(wing:)101 4549 y(1.)42 b(Determine)28
b(the)g(Certi\014cate)f(Enco)r(ding)f(to)i(b)r(e)g(used.)37
b(This)27 b(ma)n(y)g(b)r(e)h(sp)r(eci\014ed)g(b)n(y)f(the)h(DOI.)101
4682 y(2.)42 b(Ensure)26 b(the)i(existence)f(of)h(a)f(certi\014cate)g
(formatted)h(as)f(de\014ned)g(b)n(y)h(the)g(Certi\014cate)f(Enco)r
(ding.)101 4814 y(3.)42 b(Construct)27 b(a)g(Certi\014cate)g(pa)n
(yload.)101 4947 y(4.)42 b(T)-7 b(ransmit)27 b(the)h(message)e(to)h
(the)h(receiving)f(en)n(tit)n(y)g(as)g(describ)r(ed)h(in)f(section)h
(5.1.)0 5230 y(When)e(a)g(Certi\014cate)f(pa)n(yload)f(is)i(receiv)n
(ed,)f(the)h(receiving)e(en)n(tit)n(y)i(\(initiator)g(or)e(resp)r
(onder\))h(MUST)i(do)e(the)h(follo)n(wing:)0 5656 y(Maughan,)h(Sc)n
(hertler,)f(Sc)n(hneider,)i(T)-7 b(urner)477 b
(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478 b([P)n(age)26
b(51])p eop
%%Page: 52 52
52 51 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)101 390 y(1.)42 b(Determine)29
b(if)h(the)g(Certi\014cate)f(Enco)r(ding)f(is)i(supp)r(orted.)41
b(If)30 b(the)g(Certi\014cate)f(Enco)r(ding)f(is)i(not)f(supp)r(orted,)
h(the)208 490 y(pa)n(yload)c(is)h(discarded)g(and)g(the)h(follo)n(wing)
f(actions)g(are)f(tak)n(en:)243 656 y(\(a\))41 b(The)34
b(ev)n(en)n(t,)h Fb(INV)-8 b(ALID)34 b(CER)-6 b(TIFICA)g(TE)36
b(TYPE)p Fk(,)f(MA)-7 b(Y)34 b(b)r(e)h(logged)d(in)i(the)g(appropriate)
e(system)i(audit)390 756 y(\014le.)238 872 y(\(b\))42
b(An)19 b(Informational)e(Exc)n(hange)g(with)i(a)f(Noti\014cation)g(pa)
n(yload)f(con)n(taining)g(the)i(INV)-9 b(ALID-CER)i(T-ENCODING)390
971 y(message)21 b(t)n(yp)r(e)i(MA)-7 b(Y)23 b(b)r(e)g(sen)n(t)f(to)h
(the)g(transmitting)f(en)n(tit)n(y)-7 b(.)35 b(This)22
b(action)g(is)h(dictated)f(b)n(y)h(a)f(system)g(securit)n(y)390
1071 y(p)r(olicy)-7 b(.)101 1237 y(2.)42 b(Pro)r(cess)37
b(the)i(Certi\014cate)g(Data)f(\014eld.)72 b(If)39 b(the)h
(Certi\014cate)e(Data)h(is)g(in)n(v)-5 b(alid)39 b(or)f(improp)r(erly)g
(formatted,)k(the)208 1337 y(pa)n(yload)26 b(is)h(discarded)g(and)g
(the)h(follo)n(wing)f(actions)g(are)f(tak)n(en:)243 1503
y(\(a\))41 b(The)28 b(ev)n(en)n(t,)f Fb(INV)-8 b(ALID)28
b(CER)-6 b(TIFICA)g(TE)p Fk(,)29 b(MA)-7 b(Y)28 b(b)r(e)g(logged)f(in)g
(the)h(appropriate)e(system)i(audit)f(\014le.)238 1619
y(\(b\))42 b(An)23 b(Informational)e(Exc)n(hange)g(with)h(a)g
(Noti\014cation)g(pa)n(yload)f(con)n(taining)g(the)i(INV)-9
b(ALID-CER)i(TIFICA)g(TE)390 1719 y(message)21 b(t)n(yp)r(e)i(MA)-7
b(Y)23 b(b)r(e)g(sen)n(t)f(to)h(the)g(transmitting)f(en)n(tit)n(y)-7
b(.)35 b(This)22 b(action)g(is)h(dictated)f(b)n(y)h(a)f(system)g
(securit)n(y)390 1818 y(p)r(olicy)-7 b(.)0 2150 y Fj(5.10)112
b(Certi\014cate)37 b(Request)g(P)m(a)m(yload)g(Pro)s(cessing)0
2403 y Fk(When)26 b(creating)f(a)g(Certi\014cate)g(Request)g(P)n(a)n
(yload,)f(the)i(transmitting)f(en)n(tit)n(y)h(\(initiator)f(or)g(resp)r
(onder\))f(MUST)i(do)g(the)0 2503 y(follo)n(wing:)101
2785 y(1.)42 b(Determine)28 b(the)g(t)n(yp)r(e)f(of)h(Certi\014cate)f
(Enco)r(ding)g(to)g(b)r(e)h(requested.)37 b(This)27 b(ma)n(y)g(b)r(e)h
(sp)r(eci\014ed)g(b)n(y)f(the)h(DOI.)101 2918 y(2.)42
b(Determine)28 b(the)g(name)f(of)g(an)h(acceptable)f(Certi\014cate)g
(Authorit)n(y)g(whic)n(h)h(is)f(to)h(b)r(e)g(requested)f(\(if)h
(applicable\).)101 3051 y(3.)42 b(Construct)27 b(a)g(Certi\014cate)g
(Request)h(pa)n(yload.)101 3183 y(4.)42 b(T)-7 b(ransmit)27
b(the)h(message)e(to)h(the)h(receiving)f(en)n(tit)n(y)g(as)g(describ)r
(ed)h(in)f(section)h(5.1.)0 3466 y(When)i(a)f(Certi\014cate)g(Request)g
(pa)n(yload)f(is)i(receiv)n(ed,)f(the)g(receiving)g(en)n(tit)n(y)g
(\(initiator)g(or)g(resp)r(onder\))g(MUST)h(do)f(the)0
3565 y(follo)n(wing:)101 3848 y(1.)42 b(Determine)27
b(if)g(the)g(Certi\014cate)g(Enco)r(ding)f(is)g(supp)r(orted.)37
b(If)27 b(the)g(Certi\014cate)g(Enco)r(ding)f(is)g(in)n(v)-5
b(alid,)27 b(the)h(pa)n(yload)208 3947 y(is)f(discarded)g(and)g(the)h
(follo)n(wing)f(actions)f(are)h(tak)n(en:)243 4113 y(\(a\))41
b(The)34 b(ev)n(en)n(t,)h Fb(INV)-8 b(ALID)34 b(CER)-6
b(TIFICA)g(TE)36 b(TYPE)p Fk(,)f(MA)-7 b(Y)34 b(b)r(e)h(logged)d(in)i
(the)g(appropriate)e(system)i(audit)390 4213 y(\014le.)238
4329 y(\(b\))42 b(An)19 b(Informational)e(Exc)n(hange)g(with)i(a)f
(Noti\014cation)g(pa)n(yload)f(con)n(taining)g(the)i(INV)-9
b(ALID-CER)i(T-ENCODING)390 4429 y(message)21 b(t)n(yp)r(e)i(MA)-7
b(Y)23 b(b)r(e)g(sen)n(t)f(to)h(the)g(transmitting)f(en)n(tit)n(y)-7
b(.)35 b(This)22 b(action)g(is)h(dictated)f(b)n(y)h(a)f(system)g
(securit)n(y)390 4528 y(p)r(olicy)-7 b(.)208 4694 y(If)34
b(the)g(Certi\014cate)f(Enco)r(ding)g(is)h(not)g(supp)r(orted,)h(the)f
(pa)n(yload)f(is)g(discarded)g(and)h(the)g(follo)n(wing)f(actions)g
(are)208 4794 y(tak)n(en:)243 4960 y(\(a\))41 b(The)28
b(ev)n(en)n(t,)g Fb(CER)-6 b(TIFICA)g(TE)32 b(TYPE)f(UNSUPPOR)-6
b(TED)p Fk(,)27 b(MA)-7 b(Y)28 b(b)r(e)h(logged)e(in)h(the)h
(appropriate)d(system)390 5060 y(audit)i(\014le.)238
5176 y(\(b\))42 b(An)19 b(Informational)e(Exc)n(hange)g(with)i(a)f
(Noti\014cation)g(pa)n(yload)f(con)n(taining)g(the)i(CER)-7
b(T-TYPE-UNSUPPOR)g(TED)390 5276 y(message)21 b(t)n(yp)r(e)i(MA)-7
b(Y)23 b(b)r(e)g(sen)n(t)f(to)h(the)g(transmitting)f(en)n(tit)n(y)-7
b(.)35 b(This)22 b(action)g(is)h(dictated)f(b)n(y)h(a)f(system)g
(securit)n(y)390 5375 y(p)r(olicy)-7 b(.)0 5656 y(Maughan,)27
b(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7 b(urner)477 b
(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478 b([P)n(age)26
b(52])p eop
%%Page: 53 53
53 52 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)101 390 y(2.)42 b(Determine)e(if)h(the)g
(Certi\014cate)f(Authorit)n(y)h(is)f(supp)r(orted)g(for)g(the)h(sp)r
(eci\014ed)g(Certi\014cate)f(Enco)r(ding.)75 b(If)41
b(the)208 490 y(Certi\014cate)33 b(Authorit)n(y)h(is)f(in)n(v)-5
b(alid)34 b(or)f(improp)r(erly)g(formatted,)i(the)f(pa)n(yload)f(is)g
(discarded)g(and)h(the)g(follo)n(wing)208 589 y(actions)26
b(are)h(tak)n(en:)243 756 y(\(a\))41 b(The)28 b(ev)n(en)n(t,)g
Fb(INV)-8 b(ALID)29 b(CER)-6 b(TIFICA)g(TE)31 b(A)n(UTHORITY)p
Fk(,)c(MA)-7 b(Y)29 b(b)r(e)f(logged)f(in)h(the)h(appropriate)d(system)
390 855 y(audit)i(\014le.)238 971 y(\(b\))42 b(An)19
b(Informational)e(Exc)n(hange)g(with)i(a)f(Noti\014cation)g(pa)n(yload)
f(con)n(taining)g(the)i(INV)-9 b(ALID-CER)i(T-A)n(UTHORITY)390
1071 y(message)21 b(t)n(yp)r(e)i(MA)-7 b(Y)23 b(b)r(e)g(sen)n(t)f(to)h
(the)g(transmitting)f(en)n(tit)n(y)-7 b(.)35 b(This)22
b(action)g(is)h(dictated)f(b)n(y)h(a)f(system)g(securit)n(y)390
1171 y(p)r(olicy)-7 b(.)101 1337 y(3.)42 b(Pro)r(cess)19
b(the)i(Certi\014cate)g(Request.)34 b(If)22 b(a)e(requested)g
(Certi\014cate)h(T)n(yp)r(e)g(with)g(the)h(sp)r(eci\014ed)f
(Certi\014cate)f(Authorit)n(y)208 1436 y(is)27 b(not)h(a)n(v)-5
b(ailable,)26 b(then)i(the)g(pa)n(yload)e(is)i(discarded)e(and)i(the)g
(follo)n(wing)e(actions)h(are)g(tak)n(en:)243 1602 y(\(a\))41
b(The)c(ev)n(en)n(t,)h Fb(CER)-6 b(TIFICA)g(TE-UNA)e(V)g(AILABLE)p
Fk(,)35 b(MA)-7 b(Y)37 b(b)r(e)g(logged)e(in)i(the)f(appropriate)f
(system)h(audit)390 1702 y(\014le.)238 1818 y(\(b\))42
b(An)19 b(Informational)e(Exc)n(hange)g(with)i(a)f(Noti\014cation)g(pa)
n(yload)f(con)n(taining)g(the)i(CER)-7 b(TIFICA)g(TE-UNA)e(V)g(AILABLE)
390 1918 y(message)21 b(t)n(yp)r(e)i(MA)-7 b(Y)23 b(b)r(e)g(sen)n(t)f
(to)h(the)g(transmitting)f(en)n(tit)n(y)-7 b(.)35 b(This)22
b(action)g(is)h(dictated)f(b)n(y)h(a)f(system)g(securit)n(y)390
2017 y(p)r(olicy)-7 b(.)0 2349 y Fj(5.11)112 b(Hash)38
b(P)m(a)m(yload)g(Pro)s(cessing)0 2602 y Fk(When)28 b(creating)f(a)g
(Hash)g(P)n(a)n(yload,)e(the)j(transmitting)g(en)n(tit)n(y)f
(\(initiator)h(or)e(resp)r(onder\))h(MUST)h(do)f(the)h(follo)n(wing:)
101 2885 y(1.)42 b(Determine)28 b(the)g(Hash)f(function)h(to)f(b)r(e)h
(used)g(as)f(de\014ned)h(b)n(y)f(the)h(SA)g(negotiation.)101
3017 y(2.)42 b(Determine)28 b(the)g(usage)e(of)i(the)g(Hash)f(Data)g
(\014eld)h(as)f(de\014ned)h(b)n(y)f(the)h(DOI.)101 3150
y(3.)42 b(Construct)27 b(a)g(Hash)g(pa)n(yload.)101 3283
y(4.)42 b(T)-7 b(ransmit)27 b(the)h(message)e(to)h(the)h(receiving)f
(en)n(tit)n(y)g(as)g(describ)r(ed)h(in)f(section)h(5.1.)0
3565 y(When)g(a)f(Hash)h(pa)n(yload)e(is)h(receiv)n(ed,)g(the)h
(receiving)e(en)n(tit)n(y)i(\(initiator)f(or)g(resp)r(onder\))g(MUST)h
(do)f(the)h(follo)n(wing:)101 3848 y(1.)42 b(Determine)27
b(if)h(the)f(Hash)g(is)g(supp)r(orted.)36 b(If)28 b(the)f(Hash)g
(determination)g(fails,)g(the)g(message)f(is)h(discarded)f(and)h(the)
208 3947 y(follo)n(wing)f(actions)h(are)g(tak)n(en:)243
4113 y(\(a\))41 b(The)31 b(ev)n(en)n(t,)g Fb(INV)-8 b(ALID)31
b(HASH)h(INF)n(ORMA)-6 b(TION)p Fk(,)29 b(MA)-7 b(Y)32
b(b)r(e)f(logged)e(in)i(the)g(appropriate)e(system)i(audit)390
4213 y(\014le.)238 4329 y(\(b\))42 b(An)19 b(Informational)e(Exc)n
(hange)g(with)i(a)f(Noti\014cation)g(pa)n(yload)f(con)n(taining)g(the)i
(INV)-9 b(ALID-HASH-INF)n(ORMA)i(TION)390 4429 y(message)21
b(t)n(yp)r(e)i(MA)-7 b(Y)23 b(b)r(e)g(sen)n(t)f(to)h(the)g
(transmitting)f(en)n(tit)n(y)-7 b(.)35 b(This)22 b(action)g(is)h
(dictated)f(b)n(y)h(a)f(system)g(securit)n(y)390 4528
y(p)r(olicy)-7 b(.)101 4694 y(2.)42 b(P)n(erform)28 b(the)j(Hash)f
(function)h(as)f(outlined)g(in)h(the)g(DOI)f(and/or)f(Key)h(Exc)n
(hange)e(proto)r(col)i(do)r(cumen)n(ts.)45 b(If)31 b(the)208
4794 y(Hash)c(function)h(fails,)g(the)g(message)e(is)h(discarded)g(and)
g(the)h(follo)n(wing)f(actions)g(are)f(tak)n(en:)243
4960 y(\(a\))41 b(The)28 b(ev)n(en)n(t,)f Fb(INV)-8 b(ALID)28
b(HASH)h(V)-8 b(ALUE)p Fk(,)26 b(MA)-7 b(Y)29 b(b)r(e)f(logged)e(in)i
(the)g(appropriate)e(system)h(audit)h(\014le.)238 5076
y(\(b\))42 b(An)d(Informational)e(Exc)n(hange)g(with)h(a)g
(Noti\014cation)g(pa)n(yload)f(con)n(taining)g(the)i(A)n(UTHENTICA)-7
b(TION-)390 5176 y(F)e(AILED)38 b(message)e(t)n(yp)r(e)i(MA)-7
b(Y)38 b(b)r(e)g(sen)n(t)g(to)f(the)h(transmitting)f(en)n(tit)n(y)-7
b(.)67 b(This)38 b(action)f(is)g(dictated)h(b)n(y)f(a)390
5276 y(system)28 b(securit)n(y)e(p)r(olicy)-7 b(.)0 5656
y(Maughan,)27 b(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(53])p eop
%%Page: 54 54
54 53 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y Fj(5.12)112 b(Signature)38
b(P)m(a)m(yload)f(Pro)s(cessing)0 643 y Fk(When)24 b(creating)f(a)h
(Signature)f(P)n(a)n(yload,)f(the)i(transmitting)g(en)n(tit)n(y)f
(\(initiator)h(or)f(resp)r(onder\))g(MUST)h(do)g(the)g(follo)n(wing:)
101 925 y(1.)42 b(Determine)28 b(the)g(Signature)e(function)j(to)e(b)r
(e)h(used)g(as)e(de\014ned)i(b)n(y)g(the)g(SA)g(negotiation.)101
1058 y(2.)42 b(Determine)28 b(the)g(usage)e(of)i(the)g(Signature)e
(Data)i(\014eld)g(as)f(de\014ned)h(b)n(y)f(the)h(DOI.)101
1191 y(3.)42 b(Construct)27 b(a)g(Signature)g(pa)n(yload.)101
1324 y(4.)42 b(T)-7 b(ransmit)27 b(the)h(message)e(to)h(the)h
(receiving)f(en)n(tit)n(y)g(as)g(describ)r(ed)h(in)f(section)h(5.1.)0
1606 y(When)g(a)f(Signature)g(pa)n(yload)f(is)i(receiv)n(ed,)e(the)i
(receiving)f(en)n(tit)n(y)g(\(initiator)h(or)e(resp)r(onder\))h(MUST)h
(do)f(the)h(follo)n(wing:)101 1888 y(1.)42 b(Determine)25
b(if)h(the)g(Signature)e(is)h(supp)r(orted.)36 b(If)26
b(the)f(Signature)g(determination)g(fails,)g(the)h(message)e(is)h
(discarded)208 1988 y(and)i(the)h(follo)n(wing)f(actions)f(are)h(tak)n
(en:)243 2154 y(\(a\))41 b(The)27 b(ev)n(en)n(t,)f Fb(INV)-8
b(ALID)27 b(SIGNA)-6 b(TURE)28 b(INF)n(ORMA)-6 b(TION)p
Fk(,)25 b(MA)-7 b(Y)28 b(b)r(e)f(logged)e(in)i(the)g(appropriate)d
(system)390 2254 y(audit)k(\014le.)238 2370 y(\(b\))42
b(An)32 b(Informational)d(Exc)n(hange)g(with)j(a)e(Noti\014cation)h(pa)
n(yload)f(con)n(taining)f(the)j(INV)-9 b(ALID-SIGNA)i(TURE)390
2470 y(message)21 b(t)n(yp)r(e)i(MA)-7 b(Y)23 b(b)r(e)g(sen)n(t)f(to)h
(the)g(transmitting)f(en)n(tit)n(y)-7 b(.)35 b(This)22
b(action)g(is)h(dictated)f(b)n(y)h(a)f(system)g(securit)n(y)390
2569 y(p)r(olicy)-7 b(.)101 2735 y(2.)42 b(P)n(erform)27
b(the)j(Signature)e(function)i(as)f(outlined)g(in)h(the)g(DOI)f(and/or)
f(Key)g(Exc)n(hange)g(proto)r(col)g(do)r(cumen)n(ts.)42
b(If)208 2835 y(the)28 b(Signature)e(function)j(fails,)e(the)h(message)
e(is)i(discarded)e(and)i(the)g(follo)n(wing)e(actions)h(are)g(tak)n
(en:)243 3001 y(\(a\))41 b(The)24 b(ev)n(en)n(t,)f Fb(INV)-8
b(ALID)25 b(SIGNA)-6 b(TURE)24 b(V)-8 b(ALUE)p Fk(,)23
b(MA)-7 b(Y)24 b(b)r(e)g(logged)e(in)i(the)f(appropriate)f(system)h
(audit)h(\014le.)238 3117 y(\(b\))42 b(An)d(Informational)e(Exc)n
(hange)g(with)h(a)g(Noti\014cation)g(pa)n(yload)f(con)n(taining)g(the)i
(A)n(UTHENTICA)-7 b(TION-)390 3217 y(F)e(AILED)38 b(message)e(t)n(yp)r
(e)i(MA)-7 b(Y)38 b(b)r(e)g(sen)n(t)g(to)f(the)h(transmitting)f(en)n
(tit)n(y)-7 b(.)67 b(This)38 b(action)f(is)g(dictated)h(b)n(y)f(a)390
3316 y(system)28 b(securit)n(y)e(p)r(olicy)-7 b(.)0 3648
y Fj(5.13)112 b(Nonce)38 b(P)m(a)m(yload)f(Pro)s(cessing)0
3901 y Fk(When)28 b(creating)f(a)g(Nonce)g(P)n(a)n(yload,)e(the)j
(transmitting)g(en)n(tit)n(y)f(\(initiator)h(or)e(resp)r(onder\))h
(MUST)h(do)f(the)h(follo)n(wing:)101 4184 y(1.)42 b(Create)26
b(a)h(unique)h(random)f(v)-5 b(alue)27 b(to)h(b)r(e)g(used)f(as)g(a)h
(nonce.)101 4316 y(2.)42 b(Construct)27 b(a)g(Nonce)g(pa)n(yload.)101
4449 y(3.)42 b(T)-7 b(ransmit)27 b(the)h(message)e(to)h(the)h
(receiving)f(en)n(tit)n(y)g(as)g(describ)r(ed)h(in)f(section)h(5.1.)0
4732 y(When)g(a)f(Nonce)h(pa)n(yload)e(is)h(receiv)n(ed,)g(the)h
(receiving)e(en)n(tit)n(y)i(\(initiator)f(or)g(resp)r(onder\))g(MUST)h
(do)f(the)h(follo)n(wing:)101 5014 y(1.)42 b(There)36
b(are)g(no)h(sp)r(eci\014c)h(pro)r(cedures)e(for)g(handling)h(Nonce)g
(pa)n(yloads.)64 b(The)37 b(pro)r(cedures)f(are)g(de\014ned)i(b)n(y)f
(the)208 5113 y(exc)n(hange)26 b(t)n(yp)r(es)h(\(and)h(p)r(ossibly)f
(the)h(DOI)g(and)f(Key)g(Exc)n(hange)f(descriptions\).)0
5656 y(Maughan,)h(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(54])p eop
%%Page: 55 55
55 54 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y Fj(5.14)112 b(Noti\014cation)36
b(P)m(a)m(yload)h(Pro)s(cessing)0 643 y Fk(During)e(comm)n(unications)f
(it)i(is)f(p)r(ossible)g(that)h(errors)d(ma)n(y)i(o)r(ccur.)59
b(The)35 b(Informational)g(Exc)n(hange)e(with)j(a)f(Notify)0
743 y(P)n(a)n(yload)27 b(pro)n(vides)h(a)i(con)n(trolled)e(metho)r(d)i
(of)g(informing)f(a)g(p)r(eer)g(en)n(tit)n(y)h(that)g(errors)d(ha)n(v)n
(e)i(o)r(ccurred)f(during)h(proto)r(col)0 842 y(pro)r(cessing.)62
b(It)37 b(is)g(RECOMMENDED)f(that)h(Notify)g(P)n(a)n(yloads)d(b)r(e)j
(sen)n(t)f(in)h(a)f(separate)f(Informational)h(Exc)n(hange)0
942 y(rather)27 b(than)g(app)r(ending)h(a)f(Notify)h(P)n(a)n(yload)d
(to)j(an)f(existing)g(exc)n(hange.)0 1141 y(When)f(creating)f(a)g
(Noti\014cation)h(P)n(a)n(yload,)d(the)j(transmitting)g(en)n(tit)n(y)f
(\(initiator)h(or)f(resp)r(onder\))f(MUST)j(do)e(the)h(follo)n(w-)0
1241 y(ing:)101 1519 y(1.)42 b(Determine)28 b(the)g(DOI)f(for)g(this)h
(Noti\014cation.)101 1651 y(2.)42 b(Determine)28 b(the)g(Proto)r
(col-ID)d(for)i(this)h(Noti\014cation.)101 1783 y(3.)42
b(Determine)23 b(the)g(SPI)f(size)h(based)f(on)h(the)g(Proto)r(col-ID)e
(\014eld.)35 b(This)23 b(\014eld)g(is)g(necessary)e(b)r(ecause)h
(di\013eren)n(t)h(securit)n(y)208 1882 y(proto)r(cols)e(ha)n(v)n(e)h
(di\013eren)n(t)h(SPI)g(sizes.)34 b(F)-7 b(or)23 b(example,)g(ISAKMP)g
(com)n(bines)f(the)h(Initiator)g(and)g(Resp)r(onder)f(co)r(okie)208
1982 y(pair)k(\(16)h(o)r(ctets\))h(as)f(a)g(SPI,)h(while)g(ESP)e(and)i
(AH)g(ha)n(v)n(e)e(8)i(o)r(ctet)f(SPIs.)101 2114 y(4.)42
b(Determine)28 b(the)g(Notify)f(Message)g(T)n(yp)r(e)g(based)g(on)g
(the)h(error)e(or)h(status)g(message)f(desired.)101 2246
y(5.)42 b(Determine)28 b(the)g(SPI)f(whic)n(h)g(is)h(asso)r(ciated)e
(with)i(this)g(noti\014cation.)101 2378 y(6.)42 b(Determine)24
b(if)h(additional)f(Noti\014cation)h(Data)f(is)g(to)h(b)r(e)g
(included.)36 b(This)24 b(is)h(additional)f(information)g(sp)r
(eci\014ed)g(b)n(y)208 2477 y(the)k(DOI.)101 2609 y(7.)42
b(Construct)27 b(a)g(Noti\014cation)g(pa)n(yload.)101
2741 y(8.)42 b(T)-7 b(ransmit)27 b(the)h(message)e(to)h(the)h
(receiving)f(en)n(tit)n(y)g(as)g(describ)r(ed)h(in)f(section)h(5.1.)0
3019 y(Because)21 b(the)i(Informational)e(Exc)n(hange)g(with)h(a)g
(Noti\014cation)g(pa)n(yload)f(is)h(a)g(unidirectional)g(message)f(a)h
(retransmission)0 3119 y(will)34 b(not)g(b)r(e)g(p)r(erformed.)55
b(The)34 b(lo)r(cal)f(securit)n(y)g(p)r(olicy)h(will)g(dictate)g(the)g
(pro)r(cedures)f(for)g(con)n(tin)n(uing.)55 b(Ho)n(w)n(ev)n(er,)33
b(w)n(e)0 3218 y(RECOMMEND)i(that)h(a)f(NOTIFICA)-7 b(TION)36
b(P)-7 b(A)g(YLO)n(AD)36 b(ERR)n(OR)e(ev)n(en)n(t)h(b)r(e)h(logged)f
(in)h(the)f(appropriate)f(system)0 3318 y(audit)28 b(\014le)g(b)n(y)f
(the)h(receiving)e(en)n(tit)n(y)-7 b(.)0 3517 y(If)29
b(the)f(Informational)f(Exc)n(hange)g(o)r(ccurs)g(prior)g(to)h(the)h
(exc)n(hange)e(of)h(k)n(eying)f(material)h(during)g(an)f(ISAKMP)h
(Phase)f(1)0 3617 y(negotiation)17 b(there)i(will)f(b)r(e)h(no)f
(protection)g(pro)n(vided)f(for)h(the)h(Informational)e(Exc)n(hange.)32
b(Once)18 b(the)h(k)n(eying)e(material)h(has)0 3716 y(b)r(een)k(exc)n
(hanged)e(or)h(the)h(ISAKMP)f(SA)h(has)f(b)r(een)h(established,)h(the)f
(Informational)e(Exc)n(hange)g(MUST)i(b)r(e)g(transmitted)0
3816 y(under)27 b(the)h(protection)f(pro)n(vided)g(b)n(y)g(the)h(k)n
(eying)f(material)f(or)h(the)h(ISAKMP)f(SA.)0 4015 y(When)c(a)f
(Noti\014cation)g(pa)n(yload)f(is)i(receiv)n(ed,)f(the)h(receiving)e
(en)n(tit)n(y)i(\(initiator)f(or)f(resp)r(onder\))h(MUST)h(do)f(the)h
(follo)n(wing:)101 4293 y(1.)42 b(Determine)27 b(if)h(the)g
(Informational)e(Exc)n(hange)g(has)h(an)n(y)g(protection)f(applied)i
(to)f(it)h(b)n(y)f(c)n(hec)n(king)f(the)i(Encryption)208
4393 y(Bit)33 b(and)f(the)i(Authen)n(tication)f(Only)g(Bit)g(in)g(the)g
(ISAKMP)g(Header.)52 b(If)33 b(the)h(Encryption)d(Bit)j(is)e(set,)j
(i.e.)53 b(the)208 4492 y(Informational)26 b(Exc)n(hange)f(is)i
(encrypted,)g(then)h(the)f(message)f(MUST)i(b)r(e)g(decrypted)f(using)f
(the)i(\(in-progress)d(or)208 4592 y(completed\))33 b(ISAKMP)f(SA.)i
(Once)f(the)g(decryption)f(is)h(complete)g(the)g(pro)r(cessing)f(can)h
(con)n(tin)n(ue)f(as)g(describ)r(ed)208 4692 y(b)r(elo)n(w.)62
b(If)37 b(the)g(Authen)n(tication)g(Only)f(Bit)g(is)h(set,)h(then)f
(the)g(message)e(MUST)i(b)r(e)f(authen)n(ticated)h(using)f(the)208
4791 y(\(in-progress)e(or)h(completed\))i(ISAKMP)f(SA.)h(Once)f(the)h
(authen)n(tication)f(is)h(completed,)i(the)d(pro)r(cessing)f(can)208
4891 y(con)n(tin)n(ue)e(as)g(describ)r(ed)g(b)r(elo)n(w.)55
b(If)34 b(the)h(Informational)d(Exc)n(hange)g(is)i(not)f(encrypted)h
(or)f(authen)n(tication,)i(the)208 4991 y(pa)n(yload)26
b(pro)r(cessing)g(can)h(con)n(tin)n(ue)g(as)g(describ)r(ed)g(b)r(elo)n
(w.)101 5123 y(2.)42 b(Determine)34 b(if)h(the)g(Domain)f(of)h(In)n
(terpretation)e(\(DOI\))i(is)f(supp)r(orted.)58 b(If)34
b(the)h(DOI)g(determination)f(fails,)i(the)208 5222 y(pa)n(yload)26
b(is)h(discarded)g(and)g(the)h(follo)n(wing)f(action)g(is)g(tak)n(en:)
243 5386 y(\(a\))41 b(The)28 b(ev)n(en)n(t,)f Fb(INV)-8
b(ALID)28 b(DOI)p Fk(,)f(MA)-7 b(Y)29 b(b)r(e)f(logged)e(in)i(the)g
(appropriate)e(system)h(audit)h(\014le.)0 5656 y(Maughan,)f(Sc)n
(hertler,)f(Sc)n(hneider,)i(T)-7 b(urner)477 b
(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478 b([P)n(age)26
b(55])p eop
%%Page: 56 56
56 55 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)101 390 y(3.)42 b(Determine)31
b(if)h(the)g(Proto)r(col-Id)d(is)i(supp)r(orted.)48 b(If)32
b(the)f(Proto)r(col-Id)f(determination)h(fails,)h(the)f(pa)n(yload)f
(is)h(dis-)208 490 y(carded)26 b(and)i(the)g(follo)n(wing)e(action)h
(is)h(tak)n(en:)243 655 y(\(a\))41 b(The)28 b(ev)n(en)n(t,)f
Fb(INV)-8 b(ALID)28 b(PR)n(OTOCOL-ID)p Fk(,)f(MA)-7 b(Y)28
b(b)r(e)g(logged)f(in)g(the)h(appropriate)e(system)i(audit)f(\014le.)
101 819 y(4.)42 b(Determine)26 b(if)g(the)g(SPI)f(is)h(v)-5
b(alid.)36 b(If)27 b(the)f(SPI)f(is)h(in)n(v)-5 b(alid,)26
b(the)g(pa)n(yload)e(is)i(discarded)f(and)g(the)h(follo)n(wing)f
(action)g(is)208 919 y(tak)n(en:)243 1084 y(\(a\))41
b(The)28 b(ev)n(en)n(t,)f Fb(INV)-8 b(ALID)28 b(SPI)p
Fk(,)g(MA)-7 b(Y)28 b(b)r(e)g(logged)f(in)g(the)h(appropriate)e(system)
i(audit)f(\014le.)101 1249 y(5.)42 b(Determine)30 b(if)h(the)g(Notify)f
(Message)f(T)n(yp)r(e)h(is)g(v)-5 b(alid.)45 b(If)31
b(the)f(Notify)h(Message)e(T)n(yp)r(e)h(is)g(in)n(v)-5
b(alid,)31 b(the)g(pa)n(yload)d(is)208 1348 y(discarded)e(and)i(the)g
(follo)n(wing)e(action)h(is)h(tak)n(en:)243 1513 y(\(a\))41
b(The)28 b(ev)n(en)n(t,)f Fb(INV)-8 b(ALID)28 b(MESSA)n(GE)i(TYPE)p
Fk(,)f(MA)-7 b(Y)28 b(b)r(e)g(logged)e(in)i(the)g(appropriate)e(system)
h(audit)h(\014le.)101 1678 y(6.)42 b(Pro)r(cess)25 b(the)i
(Noti\014cation)g(pa)n(yload,)f(including)h(additional)f
(Noti\014cation)h(Data,)g(and)g(tak)n(e)f(appropriate)g(action,)208
1778 y(according)f(to)j(lo)r(cal)f(securit)n(y)g(p)r(olicy)-7
b(.)0 2109 y Fj(5.15)112 b(Delete)37 b(P)m(a)m(yload)g(Pro)s(cessing)0
2362 y Fk(During)22 b(comm)n(unications)e(it)i(is)g(p)r(ossible)f(that)
h(hosts)g(ma)n(y)f(b)r(e)h(compromised)e(or)h(that)h(information)f(ma)n
(y)g(b)r(e)h(in)n(tercepted)0 2462 y(during)33 b(transmission.)52
b(Determining)33 b(whether)g(this)g(has)g(o)r(ccurred)f(is)h(not)g(an)g
(easy)f(task)g(and)h(is)g(outside)g(the)h(scop)r(e)0
2561 y(of)j(this)g(In)n(ternet-Draft.)64 b(Ho)n(w)n(ev)n(er,)37
b(if)g(it)g(is)g(disco)n(v)n(ered)d(that)j(transmissions)e(are)h(b)r
(eing)h(compromised,)h(then)f(it)g(is)0 2661 y(necessary)26
b(to)h(establish)h(a)f(new)g(SA)h(and)g(delete)g(the)g(curren)n(t)e
(SA.)0 2860 y(The)h(Informational)e(Exc)n(hange)g(with)i(a)f(Delete)h
(P)n(a)n(yload)d(pro)n(vides)h(a)h(con)n(trolled)f(metho)r(d)i(of)g
(informing)f(a)g(p)r(eer)g(en)n(tit)n(y)0 2960 y(that)38
b(the)h(transmitting)f(en)n(tit)n(y)g(has)f(deleted)i(the)f(SA\(s\).)70
b(Deletion)38 b(of)g(Securit)n(y)g(Asso)r(ciations)f(MUST)h(alw)n(a)n
(ys)f(b)r(e)0 3059 y(p)r(erformed)d(under)g(the)h(protection)f(of)g(an)
g(ISAKMP)g(SA.)h(The)f(receiving)f(en)n(tit)n(y)i(SHOULD)g(clean)f(up)g
(its)h(lo)r(cal)f(SA)0 3159 y(database.)k(Ho)n(w)n(ev)n(er,)26
b(up)r(on)j(receipt)f(of)g(a)g(Delete)g(message)f(the)i(SAs)f(listed)h
(in)f(the)h(Securit)n(y)f(P)n(arameter)e(Index)i(\(SPI\))0
3259 y(\014eld)j(of)g(the)h(Delete)f(pa)n(yload)f(cannot)g(b)r(e)h
(used)g(with)h(the)f(transmitting)g(en)n(tit)n(y)-7 b(.)47
b(The)31 b(SA)h(Establishmen)n(t)e(pro)r(cedure)0 3358
y(m)n(ust)e(b)r(e)g(in)n(v)n(ok)n(ed)e(to)h(re-establish)g(secure)f
(comm)n(unications.)0 3557 y(When)i(creating)f(a)g(Delete)h(P)n(a)n
(yload,)d(the)j(transmitting)f(en)n(tit)n(y)h(\(initiator)f(or)g(resp)r
(onder\))g(MUST)h(do)f(the)h(follo)n(wing:)101 3837 y(1.)42
b(Determine)28 b(the)g(DOI)f(for)g(this)h(Deletion.)101
3969 y(2.)42 b(Determine)28 b(the)g(Proto)r(col-ID)d(for)i(this)h
(Deletion.)101 4101 y(3.)42 b(Determine)23 b(the)g(SPI)f(size)h(based)f
(on)h(the)g(Proto)r(col-ID)e(\014eld.)35 b(This)23 b(\014eld)g(is)g
(necessary)e(b)r(ecause)h(di\013eren)n(t)h(securit)n(y)208
4201 y(proto)r(cols)e(ha)n(v)n(e)h(di\013eren)n(t)h(SPI)g(sizes.)34
b(F)-7 b(or)23 b(example,)g(ISAKMP)g(com)n(bines)f(the)h(Initiator)g
(and)g(Resp)r(onder)f(co)r(okie)208 4300 y(pair)k(\(16)h(o)r(ctets\))h
(as)f(a)g(SPI,)h(while)g(ESP)e(and)i(AH)g(ha)n(v)n(e)e(8)i(o)r(ctet)f
(SPIs.)101 4432 y(4.)42 b(Determine)28 b(the)g(#)f(of)h(SPIs)f(to)g(b)r
(e)h(deleted)g(for)f(this)h(proto)r(col.)101 4565 y(5.)42
b(Determine)28 b(the)g(SPI\(s\))f(whic)n(h)h(is)f(\(are\))g(asso)r
(ciated)g(with)h(this)g(deletion.)101 4697 y(6.)42 b(Construct)27
b(a)g(Delete)h(pa)n(yload.)101 4829 y(7.)42 b(T)-7 b(ransmit)27
b(the)h(message)e(to)h(the)h(receiving)f(en)n(tit)n(y)g(as)g(describ)r
(ed)h(in)f(section)h(5.1.)0 5108 y(Because)36 b(the)i(Informational)f
(Exc)n(hange)e(with)j(a)f(Delete)h(pa)n(yload)e(is)i(a)f
(unidirectional)g(message)f(a)h(retransmission)0 5208
y(will)d(not)g(b)r(e)g(p)r(erformed.)55 b(The)34 b(lo)r(cal)f(securit)n
(y)g(p)r(olicy)h(will)g(dictate)g(the)g(pro)r(cedures)f(for)g(con)n
(tin)n(uing.)55 b(Ho)n(w)n(ev)n(er,)33 b(w)n(e)0 5308
y(RECOMMEND)d(that)g(a)f(DELETE)g(P)-7 b(A)g(YLO)n(AD)30
b(ERR)n(OR)g(ev)n(en)n(t)f(b)r(e)h(logged)f(in)h(the)h(appropriate)d
(system)i(audit)g(\014le)0 5407 y(b)n(y)d(the)h(receiving)f(en)n(tit)n
(y)-7 b(.)0 5656 y(Maughan,)27 b(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(56])p eop
%%Page: 57 57
57 56 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y(As)35 b(describ)r(ed)f(ab)r(o)n(v)n
(e,)h(the)g(Informational)e(Exc)n(hange)g(with)i(a)f(Delete)h(pa)n
(yload)e(MUST)j(b)r(e)f(transmitted)f(under)h(the)0 490
y(protection)27 b(pro)n(vided)f(b)n(y)i(an)f(ISAKMP)g(SA.)0
689 y(When)h(a)f(Delete)h(pa)n(yload)e(is)i(receiv)n(ed,)f(the)h
(receiving)e(en)n(tit)n(y)i(\(initiator)f(or)g(resp)r(onder\))f(MUST)i
(do)g(the)g(follo)n(wing:)101 971 y(1.)42 b(Because)27
b(the)j(Informational)d(Exc)n(hange)h(is)g(protected)h(b)n(y)g(some)f
(securit)n(y)g(service)g(\(e.g.)40 b(authen)n(tication)29
b(for)f(an)208 1071 y(Auth-Only)19 b(SA,)i(encryption)e(for)g(other)g
(exc)n(hanges\),)h(the)g(message)e(MUST)j(ha)n(v)n(e)d(these)i(securit)
n(y)f(services)f(applied)208 1171 y(using)30 b(the)h(ISAKMP)f(SA.)h
(Once)f(the)h(securit)n(y)e(service)h(pro)r(cessing)f(is)h(complete)h
(the)f(pro)r(cessing)f(can)i(con)n(tin)n(ue)208 1270
y(as)c(describ)r(ed)g(b)r(elo)n(w.)37 b(An)n(y)28 b(errors)d(that)j(o)r
(ccur)f(during)g(the)h(securit)n(y)f(service)g(pro)r(cessing)f(will)i
(b)r(e)g(eviden)n(t)g(when)208 1370 y(c)n(hec)n(king)f(information)h
(in)g(the)h(Delete)g(pa)n(yload.)38 b(The)29 b(lo)r(cal)f(securit)n(y)f
(p)r(olicy)i(SHOULD)g(dictate)g(an)n(y)e(action)h(to)208
1469 y(b)r(e)g(tak)n(en)f(as)f(a)i(result)f(of)h(securit)n(y)e(service)
h(pro)r(cessing)f(errors.)101 1602 y(2.)42 b(Determine)34
b(if)h(the)g(Domain)f(of)h(In)n(terpretation)e(\(DOI\))i(is)f(supp)r
(orted.)58 b(If)34 b(the)h(DOI)g(determination)f(fails,)i(the)208
1702 y(pa)n(yload)26 b(is)h(discarded)g(and)g(the)h(follo)n(wing)f
(action)g(is)g(tak)n(en:)243 1868 y(\(a\))41 b(The)28
b(ev)n(en)n(t,)f Fb(INV)-8 b(ALID)28 b(DOI)p Fk(,)f(MA)-7
b(Y)29 b(b)r(e)f(logged)e(in)i(the)g(appropriate)e(system)h(audit)h
(\014le.)101 2034 y(3.)42 b(Determine)31 b(if)h(the)g(Proto)r(col-Id)d
(is)i(supp)r(orted.)48 b(If)32 b(the)f(Proto)r(col-Id)f(determination)h
(fails,)h(the)f(pa)n(yload)f(is)h(dis-)208 2134 y(carded)26
b(and)i(the)g(follo)n(wing)e(action)h(is)h(tak)n(en:)243
2300 y(\(a\))41 b(The)28 b(ev)n(en)n(t,)f Fb(INV)-8 b(ALID)28
b(PR)n(OTOCOL-ID)p Fk(,)f(MA)-7 b(Y)28 b(b)r(e)g(logged)f(in)g(the)h
(appropriate)e(system)i(audit)f(\014le.)101 2466 y(4.)42
b(Determine)25 b(if)h(the)g(SPI)f(is)g(v)-5 b(alid)25
b(for)g(eac)n(h)f(SPI)h(included)h(in)f(the)h(Delete)g(pa)n(yload.)34
b(F)-7 b(or)25 b(eac)n(h)f(SPI)h(that)h(is)f(in)n(v)-5
b(alid,)208 2565 y(the)28 b(follo)n(wing)e(action)h(is)h(tak)n(en:)243
2731 y(\(a\))41 b(The)28 b(ev)n(en)n(t,)f Fb(INV)-8 b(ALID)28
b(SPI)p Fk(,)g(MA)-7 b(Y)28 b(b)r(e)g(logged)f(in)g(the)h(appropriate)e
(system)i(audit)f(\014le.)101 2897 y(5.)42 b(Pro)r(cess)18
b(the)j(Delete)h(pa)n(yload)d(and)h(tak)n(e)g(appropriate)f(action,)j
(according)d(to)h(lo)r(cal)g(securit)n(y)g(p)r(olicy)-7
b(.)35 b(As)20 b(describ)r(ed)208 2997 y(ab)r(o)n(v)n(e,)26
b(one)h(appropriate)f(action)h(SHOULD)h(include)g(cleaning)f(up)h(the)g
(lo)r(cal)f(SA)h(database.)0 5656 y(Maughan,)f(Sc)n(hertler,)f(Sc)n
(hneider,)i(T)-7 b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25
b(.ps)478 b([P)n(age)26 b(57])p eop
%%Page: 58 58
58 57 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y Ff(6)137 b(Conclusions)0
672 y Fk(The)35 b(In)n(ternet)g(Securit)n(y)g(Asso)r(ciation)f(and)h
(Key)f(Managemen)n(t)g(Proto)r(col)f(\(ISAKMP\))i(is)g(a)g(w)n(ell)g
(designed)f(proto)r(col)0 771 y(aimed)k(at)g(the)h(In)n(ternet)f(of)g
(the)h(future.)69 b(The)38 b(massiv)n(e)f(gro)n(wth)g(of)h(the)g(In)n
(ternet)g(will)h(lead)f(to)g(great)f(div)n(ersit)n(y)g(in)0
871 y(net)n(w)n(ork)22 b(utilization,)i(comm)n(unications,)f(securit)n
(y)g(requiremen)n(ts,)g(and)g(securit)n(y)f(mec)n(hanisms.)35
b(ISAKMP)23 b(con)n(tains)f(all)0 971 y(the)28 b(features)f(that)h
(will)g(b)r(e)g(needed)f(for)h(this)f(dynamic)h(and)f(expanding)g(comm)
n(unications)g(en)n(vironmen)n(t.)0 1170 y(ISAKMP's)32
b(Securit)n(y)g(Asso)r(ciation)f(\(SA\))j(feature)e(coupled)g(with)h
(authen)n(tication)f(and)g(k)n(ey)g(establishmen)n(t)h(pro)n(vides)0
1269 y(the)h(securit)n(y)f(and)h(\015exibilit)n(y)g(that)g(will)g(b)r
(e)g(needed)g(for)f(future)h(gro)n(wth)f(and)g(div)n(ersit)n(y)-7
b(.)55 b(This)34 b(securit)n(y)f(div)n(ersit)n(y)f(of)0
1369 y(m)n(ultiple)27 b(k)n(ey)f(exc)n(hange)f(tec)n(hniques,)h
(encryption)g(algorithms,)f(authen)n(tication)h(mec)n(hanisms,)g
(securit)n(y)g(services,)f(and)0 1469 y(securit)n(y)36
b(attributes)h(will)h(allo)n(w)e(users)g(to)h(select)g(the)g
(appropriate)f(securit)n(y)g(for)h(their)g(net)n(w)n(ork,)h(comm)n
(unications,)0 1568 y(and)30 b(securit)n(y)g(needs.)45
b(The)31 b(SA)f(feature)g(allo)n(ws)g(users)f(to)h(sp)r(ecify)h(and)f
(negotiate)g(securit)n(y)f(requiremen)n(ts)h(with)h(other)0
1668 y(users.)k(An)27 b(additional)e(b)r(ene\014t)i(of)f(supp)r(orting)
g(m)n(ultiple)g(tec)n(hniques)g(in)g(a)g(single)f(proto)r(col)g(is)h
(that)g(as)f(new)h(tec)n(hniques)0 1768 y(are)33 b(dev)n(elop)r(ed)h
(they)h(can)e(easily)h(b)r(e)h(added)f(to)g(the)h(proto)r(col.)55
b(This)34 b(pro)n(vides)f(a)h(path)h(for)e(the)i(gro)n(wth)e(of)h(In)n
(ternet)0 1867 y(securit)n(y)24 b(services.)35 b(ISAKMP)25
b(supp)r(orts)g(b)r(oth)h(publicly)f(or)g(priv)-5 b(ately)24
b(de\014ned)i(SAs,)g(making)f(it)g(ideal)g(for)g(go)n(v)n(ernmen)n(t,)0
1967 y(commercial,)h(and)i(priv)-5 b(ate)27 b(comm)n(unications.)0
2166 y(ISAKMP)41 b(pro)n(vides)f(the)i(abilit)n(y)f(to)g(establish)g
(SAs)h(for)e(m)n(ultiple)i(securit)n(y)f(proto)r(cols)f(and)h
(applications.)77 b(These)0 2266 y(proto)r(cols)34 b(and)h
(applications)f(ma)n(y)g(b)r(e)h(session-orien)n(ted)e(or)h
(sessionless.)58 b(Ha)n(ving)34 b(one)h(SA)g(establishmen)n(t)g(proto)r
(col)0 2365 y(that)d(supp)r(orts)f(m)n(ultiple)h(securit)n(y)f(proto)r
(cols)f(eliminates)i(the)g(need)g(for)f(m)n(ultiple,)i(nearly)e(iden)n
(tical)g(authen)n(tication,)0 2465 y(k)n(ey)j(exc)n(hange)e(and)i(SA)h
(establishmen)n(t)f(proto)r(cols)f(when)h(more)g(than)g(one)g(securit)n
(y)f(proto)r(col)g(is)i(in)f(use)g(or)g(desired.)0 2565
y(Just)f(as)g(IP)g(has)g(pro)n(vided)g(the)h(common)f(net)n(w)n(orking)
f(la)n(y)n(er)g(for)h(the)g(In)n(ternet,)i(a)f(common)f(securit)n(y)f
(establishmen)n(t)0 2664 y(proto)r(col)f(is)h(needed)g(if)h(securit)n
(y)e(is)h(to)g(b)r(ecome)g(a)g(realit)n(y)f(on)g(the)i(In)n(ternet.)50
b(ISAKMP)32 b(pro)n(vides)f(the)h(common)g(base)0 2764
y(that)c(allo)n(ws)e(all)h(other)g(securit)n(y)g(proto)r(cols)f(to)i
(in)n(terop)r(erate.)0 2963 y(ISAKMP)34 b(follo)n(ws)f(go)r(o)r(d)h
(securit)n(y)f(design)h(principles.)57 b(It)34 b(is)g(not)h(coupled)f
(to)g(other)g(insecure)f(transp)r(ort)g(proto)r(cols,)0
3063 y(therefore)27 b(it)i(is)f(not)g(vulnerable)g(or)f(w)n(eak)n(ened)
g(b)n(y)h(attac)n(ks)f(on)h(other)f(proto)r(cols.)38
b(Also,)28 b(when)g(more)g(secure)f(transp)r(ort)0 3162
y(proto)r(cols)21 b(are)g(dev)n(elop)r(ed,)i(ISAKMP)e(can)h(b)r(e)g
(easily)g(migrated)f(to)h(them.)36 b(ISAKMP)21 b(also)g(pro)n(vides)g
(protection)g(against)0 3262 y(proto)r(col)k(related)h(attac)n(ks.)36
b(This)26 b(protection)g(pro)n(vides)f(the)i(assurance)e(that)i(the)g
(SAs)g(and)f(k)n(eys)g(established)g(are)g(with)0 3362
y(the)i(desired)f(part)n(y)g(and)g(not)h(with)g(an)f(attac)n(k)n(er.)0
3561 y(ISAKMP)i(also)g(follo)n(ws)f(go)r(o)r(d)h(proto)r(col)f(design)h
(principles.)43 b(Proto)r(col)27 b(sp)r(eci\014c)j(information)f(only)g
(is)h(in)f(the)h(proto)r(col)0 3660 y(header,)39 b(follo)n(wing)d(the)i
(design)f(principles)g(of)g(IPv6.)65 b(The)38 b(data)f(transp)r(orted)f
(b)n(y)h(the)h(proto)r(col)e(is)h(separated)f(in)n(to)0
3760 y(functional)27 b(pa)n(yloads.)35 b(As)27 b(the)g(In)n(ternet)g
(gro)n(ws)e(and)i(ev)n(olv)n(es,)e(new)i(pa)n(yloads)e(to)i(supp)r(ort)
g(new)g(securit)n(y)f(functionalit)n(y)0 3860 y(can)h(b)r(e)h(added)g
(without)g(mo)r(difying)f(the)h(en)n(tire)g(proto)r(col.)0
5656 y(Maughan,)f(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(58])p eop
%%Page: 59 59
59 58 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y Ff(A)137 b(ISAKMP)46
b(Securit)l(y)h(Asso)t(ciation)f(A)l(ttributes)0 688
y Fj(A.1)112 b(Bac)m(kground/Rationale)0 941 y Fk(As)19
b(detailed)h(in)f(previous)g(sections,)h(ISAKMP)f(is)g(designed)g(to)g
(pro)n(vide)g(a)g(\015exible)g(and)g(extensible)h(framew)n(ork)d(for)i
(estab-)0 1041 y(lishing)29 b(and)g(managing)e(Securit)n(y)i(Asso)r
(ciations)f(and)h(cryptographic)e(k)n(eys.)40 b(The)29
b(framew)n(ork)f(pro)n(vided)g(b)n(y)g(ISAKMP)0 1140
y(consists)f(of)h(header)f(and)h(pa)n(yload)e(de\014nitions,)j(exc)n
(hange)d(t)n(yp)r(es)i(for)g(guiding)f(message)g(and)g(pa)n(yload)g
(exc)n(hanges,)f(and)0 1240 y(general)j(pro)r(cessing)f(guidelines.)44
b(ISAKMP)29 b(do)r(es)h(not)g(de\014ne)g(the)h(mec)n(hanisms)e(that)h
(will)g(b)r(e)h(used)f(to)g(establish)f(and)0 1340 y(manage)22
b(Securit)n(y)g(Asso)r(ciations)g(and)h(cryptographic)e(k)n(eys)g(in)j
(an)e(authen)n(ticated)h(and)g(con\014den)n(tial)f(manner.)35
b(The)23 b(def-)0 1439 y(inition)28 b(of)f(mec)n(hanisms)g(and)h(their)
f(application)g(is)h(the)g(purview)f(of)g(individual)h(Domains)f(of)h
(In)n(terpretation)e(\(DOIs\).)0 1639 y(This)k(section)g(describ)r(es)g
(the)g(ISAKMP)g(v)-5 b(alues)30 b(for)g(the)h(In)n(ternet)f(IP)g
(Securit)n(y)g(DOI,)g(supp)r(orted)g(securit)n(y)f(proto)r(cols,)0
1738 y(and)23 b(iden)n(ti\014cation)g(v)-5 b(alues)22
b(for)g(ISAKMP)h(Phase)f(1)g(negotiations.)34 b(The)23
b(In)n(ternet)g(IP)g(Securit)n(y)f(DOI)h(is)g(MAND)n(A)-7
b(TOR)g(Y)0 1838 y(to)29 b(implemen)n(t)h(for)f(IP)f(Securit)n(y)-7
b(.)42 b([Oakley)n(])30 b(and)f([IKE)o(])g(describ)r(e,)g(in)h(detail,)
g(the)f(mec)n(hanisms)g(and)g(their)g(application)0 1937
y(for)e(establishing)g(and)g(managing)g(Securit)n(y)g(Asso)r(ciations)f
(and)i(cryptographic)d(k)n(eys)i(for)g(IP)g(Securit)n(y)-7
b(.)0 2269 y Fj(A.2)112 b(In)m(ternet)37 b(IP)f(Securit)m(y)h(DOI)g
(Assigned)g(V)-9 b(alue)0 2522 y Fk(As)28 b(describ)r(ed)f(in)h([IPDOI)
o(],)g(the)g(In)n(ternet)g(IP)f(Securit)n(y)g(DOI)h(Assigned)f(Num)n(b)
r(er)h(is)f(one)g(\(1\).)0 2854 y Fj(A.3)112 b(Supp)s(orted)38
b(Securit)m(y)f(Proto)s(cols)0 3107 y Fk(V)-7 b(alues)27
b(for)f(supp)r(orted)h(securit)n(y)g(proto)r(cols)e(are)h(sp)r
(eci\014ed)i(in)f(the)h(most)f(recen)n(t)f(\\Assigned)g(Num)n(b)r(ers")
h(RF)n(C)g([STD-2].)0 3207 y(Presen)n(ted)35 b(in)i(the)g(follo)n(wing)
e(table)i(are)e(the)i(v)-5 b(alues)36 b(for)g(the)h(securit)n(y)e
(proto)r(cols)g(supp)r(orted)i(b)n(y)f(ISAKMP)g(for)g(the)0
3306 y(In)n(ternet)27 b(IP)h(Securit)n(y)f(DOI.)1470
3583 y(Proto)r(col)171 b(Assigned)27 b(V)-7 b(alue)p
1347 3617 1206 4 v 1397 3686 a(RESER)e(VED)354 b(0)1397
3786 y(ISAKMP)473 b(1)0 4064 y(All)25 b(DOIs)f(MUST)h(reserv)n(e)d
(ISAKMP)i(with)h(a)f(Proto)r(col-ID)f(of)h(1.)36 b(All)24
b(other)g(securit)n(y)g(proto)r(cols)f(within)i(that)f(DOI)h(will)0
4164 y(b)r(e)j(n)n(um)n(b)r(ered)f(accordingly)-7 b(.)0
4363 y(Securit)n(y)28 b(proto)r(col)f(v)-5 b(alues)28
b(2-15359)e(are)h(reserv)n(ed)g(to)h(IANA)i(for)e(future)h(use.)39
b(V)-7 b(alues)29 b(15360-16383)23 b(are)k(p)r(ermanen)n(tly)0
4463 y(reserv)n(ed)d(for)i(priv)-5 b(ate)26 b(use)g(amongst)g(m)n
(utually)g(consen)n(ting)f(implemen)n(tations.)37 b(Suc)n(h)26
b(priv)-5 b(ate)26 b(use)g(v)-5 b(alues)26 b(are)f(unlik)n(ely)0
4562 y(to)i(b)r(e)h(in)n(terop)r(erable)f(across)e(di\013eren)n(t)j
(implemen)n(tations.)0 4895 y Fj(A.4)112 b(ISAKMP)37
b(Iden)m(ti\014cation)e(T)m(yp)s(e)j(V)-9 b(alues)0 5147
y Fk(The)38 b(follo)n(wing)f(table)h(lists)g(the)h(assigned)d(v)-5
b(alues)38 b(for)g(the)g(Iden)n(ti\014cation)g(T)n(yp)r(e)g(\014eld)g
(found)h(in)f(the)g(Iden)n(ti\014cation)0 5247 y(pa)n(yload)26
b(during)h(a)g(generic)g(Phase)f(1)i(exc)n(hange,)e(whic)n(h)h(is)h
(not)f(for)g(a)h(sp)r(eci\014c)f(proto)r(col.)0 5656
y(Maughan,)g(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7 b(urner)477
b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478 b([P)n(age)26
b(59])p eop
%%Page: 60 60
60 59 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)1645 377 y(ID)h(T)n(yp)r(e)430
b(V)-7 b(alue)p 1264 410 1372 4 v 1314 480 a(ID)p 1412
480 25 4 v 30 w(IPV4)p 1633 480 V 29 w(ADDR)558 b(0)1314
579 y(ID)p 1412 579 V 30 w(IPV4)p 1633 579 V 29 w(ADDR)p
1911 579 V 32 w(SUBNET)180 b(1)1314 679 y(ID)p 1412 679
V 30 w(IPV6)p 1633 679 V 29 w(ADDR)558 b(2)1314 779 y(ID)p
1412 779 V 30 w(IPV6)p 1633 779 V 29 w(ADDR)p 1911 779
V 32 w(SUBNET)180 b(3)0 1189 y Fe(A.4.1)94 b(ID)p 431
1189 29 4 v 35 w(IPV4)p 687 1189 V 35 w(ADDR)0 1442 y
Fk(The)28 b(ID)p 269 1442 25 4 v 30 w(IPV4)p 490 1442
V 29 w(ADDR)h(t)n(yp)r(e)f(sp)r(eci\014es)f(a)g(single)h(four)f(\(4\))g
(o)r(ctet)h(IPv4)f(address.)0 1758 y Fe(A.4.2)94 b(ID)p
431 1758 29 4 v 35 w(IPV4)p 687 1758 V 35 w(ADDR)p 1012
1758 V 34 w(SUBNET)0 2010 y Fk(The)31 b(ID)p 272 2010
25 4 v 30 w(IPV4)p 493 2010 V 29 w(ADDR)p 771 2010 V
31 w(SUBNET)g(t)n(yp)r(e)g(sp)r(eci\014es)f(a)g(range)f(of)i(IPv4)f
(addresses,)f(represen)n(ted)h(b)n(y)g(t)n(w)n(o)g(four)g(\(4\))h(o)r
(ctet)0 2110 y(v)-5 b(alues.)53 b(The)33 b(\014rst)g(v)-5
b(alue)33 b(is)f(an)h(IPv4)f(address.)52 b(The)33 b(second)f(is)h(an)g
(IPv4)f(net)n(w)n(ork)g(mask.)52 b(Note)33 b(that)h(ones)e(\(1s\))h(in)
0 2210 y(the)j(net)n(w)n(ork)e(mask)h(indicate)g(that)h(the)g(corresp)r
(onding)e(bit)i(in)f(the)h(address)f(is)g(\014xed,)j(while)d(zeros)g
(\(0s\))g(indicate)g(a)0 2309 y("wildcard")26 b(bit.)0
2625 y Fe(A.4.3)94 b(ID)p 431 2625 29 4 v 35 w(IPV6)p
687 2625 V 35 w(ADDR)0 2878 y Fk(The)28 b(ID)p 269 2878
25 4 v 30 w(IPV6)p 490 2878 V 29 w(ADDR)h(t)n(yp)r(e)f(sp)r(eci\014es)f
(a)g(single)h(sixteen)f(\(16\))g(o)r(ctet)h(IPv6)f(address.)0
3193 y Fe(A.4.4)94 b(ID)p 431 3193 29 4 v 35 w(IPV6)p
687 3193 V 35 w(ADDR)p 1012 3193 V 34 w(SUBNET)0 3446
y Fk(The)36 b(ID)p 277 3446 25 4 v 30 w(IPV6)p 498 3446
V 29 w(ADDR)p 776 3446 V 31 w(SUBNET)g(t)n(yp)r(e)f(sp)r(eci\014es)h(a)
f(range)f(of)h(IPv6)g(addresses,)h(represen)n(ted)e(b)n(y)h(t)n(w)n(o)g
(sixteen)g(\(16\))0 3546 y(o)r(ctet)29 b(v)-5 b(alues.)39
b(The)29 b(\014rst)f(v)-5 b(alue)28 b(is)h(an)f(IPv6)f(address.)39
b(The)28 b(second)g(is)g(an)h(IPv6)e(net)n(w)n(ork)g(mask.)39
b(Note)29 b(that)f(ones)g(\(1s\))0 3645 y(in)i(the)g(net)n(w)n(ork)f
(mask)g(indicate)g(that)i(the)f(corresp)r(onding)e(bit)i(in)g(the)g
(address)f(is)g(\014xed,)i(while)f(zeros)e(\(0s\))i(indicate)f(a)0
3745 y("wildcard")d(bit.)0 5656 y(Maughan,)h(Sc)n(hertler,)f(Sc)n
(hneider,)i(T)-7 b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25
b(.ps)478 b([P)n(age)26 b(60])p eop
%%Page: 61 61
61 60 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y Ff(B)137 b(De\014ning)48
b(a)d(new)i(Domain)f(of)f(In)l(terpretation)0 672 y Fk(The)37
b(In)n(ternet)f(DOI)g(ma)n(y)g(b)r(e)h(su\016cien)n(t)g(to)f(meet)h
(the)f(securit)n(y)g(requiremen)n(ts)f(of)i(a)f(large)f(p)r(ortion)h
(of)g(the)h(in)n(ternet)0 771 y(comm)n(unit)n(y)-7 b(.)53
b(Ho)n(w)n(ev)n(er,)33 b(some)f(groups)g(ma)n(y)g(ha)n(v)n(e)g(a)h
(need)g(to)g(customize)g(some)g(asp)r(ect)g(of)g(a)f(DOI,)i(p)r(erhaps)
e(to)h(add)0 871 y(a)h(di\013eren)n(t)g(set)g(of)g(cryptographic)e
(algorithms,)j(or)e(p)r(erhaps)g(b)r(ecause)h(they)g(w)n(an)n(t)g(to)g
(mak)n(e)f(their)h(securit)n(y-relev)-5 b(an)n(t)0 971
y(decisions)27 b(based)h(on)g(something)g(other)f(than)i(a)f(host)g(id)
g(or)f(user)h(id.)39 b(Also,)28 b(a)g(particular)f(group)g(ma)n(y)g(ha)
n(v)n(e)g(a)h(need)h(for)0 1070 y(a)e(new)h(exc)n(hange)e(t)n(yp)r(e,)i
(for)f(example)g(to)h(supp)r(ort)f(k)n(ey)g(managemen)n(t)f(for)i(m)n
(ulticast)f(groups.)0 1269 y(This)h(section)g(discusses)g(guidelines)g
(for)f(de\014ning)i(a)f(new)g(DOI.)g(The)h(full)g(sp)r(eci\014cation)f
(for)g(the)g(In)n(ternet)g(DOI)h(can)f(b)r(e)0 1369 y(found)g(in)g
([IPDOI)o(].)0 1568 y(De\014ning)h(a)e(new)i(DOI)f(is)g(lik)n(ely)g(to)
g(b)r(e)g(a)g(time-consuming)g(pro)r(cess.)37 b(If)29
b(at)f(all)g(p)r(ossible,)g(it)g(is)h(recommended)e(that)i(the)0
1668 y(designer)e(b)r(egin)g(with)h(an)g(existing)f(DOI)g(and)h
(customize)f(only)g(the)h(parts)f(that)h(are)f(unacceptable.)0
1867 y(If)h(a)f(designer)g(c)n(ho)r(oses)f(to)h(start)g(from)h(scratc)n
(h,)e(the)i(follo)n(wing)f(MUST)h(b)r(e)g(de\014ned:)125
2149 y Fc(\017)41 b Fk(A)27 b(\\situation":)36 b(the)28
b(set)g(of)f(information)g(that)h(will)g(b)r(e)g(used)g(to)f(determine)
h(the)g(required)e(securit)n(y)h(services.)125 2316 y
Fc(\017)41 b Fk(The)27 b(set)h(of)f(securit)n(y)g(p)r(olicies)g(that)h
(m)n(ust)g(b)r(e)g(supp)r(orted.)125 2482 y Fc(\017)41
b Fk(A)d(sc)n(heme)h(for)f(naming)g(securit)n(y-relev)-5
b(an)n(t)36 b(information,)41 b(including)e(encryption)f(algorithms,)i
(k)n(ey)e(exc)n(hange)208 2581 y(algorithms,)26 b(etc.)125
2747 y Fc(\017)41 b Fk(A)27 b(syn)n(tax)g(for)g(the)h(sp)r
(eci\014cation)f(of)h(prop)r(osed)f(securit)n(y)f(services,)h
(attributes,)g(and)h(certi\014cate)f(authorities.)125
2913 y Fc(\017)41 b Fk(The)27 b(sp)r(eci\014c)h(formats)f(of)g(the)h(v)
-5 b(arious)27 b(pa)n(yload)f(con)n(ten)n(ts.)125 3079
y Fc(\017)41 b Fk(Additional)27 b(exc)n(hange)g(t)n(yp)r(es,)g(if)h
(required.)0 3411 y Fj(B.1)112 b(Situation)0 3664 y Fk(The)28
b(situation)g(is)g(the)g(basis)g(for)f(deciding)h(ho)n(w)f(to)h
(protect)g(a)f(comm)n(unications)g(c)n(hannel.)38 b(It)29
b(m)n(ust)f(con)n(tain)f(all)h(of)g(the)0 3764 y(data)h(that)i(will)f
(b)r(e)g(used)g(to)g(determine)g(the)g(t)n(yp)r(es)g(and)g(strengths)f
(of)h(protections)f(applied)h(in)g(an)g(SA.)g(F)-7 b(or)29
b(example,)0 3863 y(a)i(US)g(Departmen)n(t)g(of)g(Defense)g(DOI)g(w)n
(ould)g(probably)e(use)i(unpublished)h(algorithms)d(and)i(ha)n(v)n(e)f
(additional)g(sp)r(ecial)0 3963 y(attributes)e(to)f(negotiate.)36
b(These)27 b(additional)g(securit)n(y)g(attributes)h(w)n(ould)f(b)r(e)h
(included)g(in)g(the)g(situation.)0 4295 y Fj(B.2)112
b(Securit)m(y)36 b(P)m(olicies)0 4548 y Fk(Securit)n(y)25
b(p)r(olicies)h(de\014ne)g(ho)n(w)f(v)-5 b(arious)24
b(t)n(yp)r(es)i(of)f(information)g(m)n(ust)h(b)r(e)g(categorized)e(and)
i(protected.)35 b(The)26 b(DOI)g(m)n(ust)0 4648 y(de\014ne)h(the)f(set)
h(of)f(securit)n(y)g(p)r(olicies)g(supp)r(orted,)g(b)r(ecause)g(b)r
(oth)h(parties)e(in)i(a)f(negotiation)f(m)n(ust)i(trust)f(that)h(the)g
(other)0 4747 y(part)n(y)33 b(understands)f(a)i(situation,)g(and)g
(will)g(protect)f(information)g(appropriately)-7 b(,)33
b(b)r(oth)h(in)g(transit)f(and)g(in)h(storage.)0 4847
y(In)g(a)f(corp)r(orate)e(setting,)k(for)e(example,)i(b)r(oth)f
(parties)e(in)i(a)f(negotiation)f(m)n(ust)i(agree)e(to)h(the)h(meaning)
f(of)g(the)h(term)0 4946 y(\\proprietary)25 b(information")i(b)r(efore)
g(they)h(can)f(negotiate)g(ho)n(w)g(to)g(protect)g(it.)0
5146 y(Note)38 b(that)g(including)h(the)f(required)f(securit)n(y)g(p)r
(olicies)h(in)g(the)h(DOI)f(only)g(sp)r(eci\014es)g(that)g(the)g
(participating)g(hosts)0 5245 y(understand)27 b(and)h(implemen)n(t)g
(those)f(p)r(olicies)g(in)h(a)g(full)g(system)f(con)n(text.)0
5656 y(Maughan,)g(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(61])p eop
%%Page: 62 62
62 61 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y Fj(B.3)112 b(Naming)36
b(Sc)m(hemes)0 643 y Fk(An)n(y)30 b(DOI)f(m)n(ust)h(de\014ne)g(a)f
(consisten)n(t)g(w)n(a)n(y)f(to)h(name)h(cryptographic)d(algorithms,)i
(certi\014cate)g(authorities,)g(etc.)43 b(This)0 743
y(can)27 b(usually)g(b)r(e)h(done)g(b)n(y)f(using)g(IANA)i(naming)e
(con)n(v)n(en)n(tions,)f(p)r(erhaps)h(with)h(some)f(priv)-5
b(ate)27 b(extensions.)0 1075 y Fj(B.4)112 b(Syn)m(tax)38
b(for)g(Sp)s(ecifying)e(Securit)m(y)h(Services)0 1328
y Fk(In)32 b(addition)f(to)h(simply)g(sp)r(ecifying)f(ho)n(w)g(to)h
(name)f(en)n(tities,)i(the)f(DOI)g(m)n(ust)f(also)g(sp)r(ecify)h(the)g
(format)f(for)g(complete)0 1427 y(prop)r(osals)26 b(of)h(ho)n(w)g(to)h
(protect)f(tra\016c)g(under)h(a)f(giv)n(en)g(situation.)0
1759 y Fj(B.5)112 b(P)m(a)m(yload)37 b(Sp)s(eci\014cation)0
2012 y Fk(The)21 b(DOI)g(m)n(ust)f(sp)r(ecify)h(the)h(format)e(of)h
(eac)n(h)e(of)i(the)g(pa)n(yload)e(t)n(yp)r(es.)35 b(F)-7
b(or)20 b(sev)n(eral)f(of)i(the)g(pa)n(yload)e(t)n(yp)r(es,)j(ISAKMP)f
(has)0 2112 y(included)26 b(\014elds)f(that)h(w)n(ould)e(ha)n(v)n(e)h
(to)g(b)r(e)g(presen)n(t)g(across)e(all)i(DOI)h(\(suc)n(h)f(as)g(a)f
(certi\014cate)h(authorit)n(y)f(in)i(the)g(certi\014cate)0
2211 y(pa)n(yload,)g(or)h(a)g(k)n(ey)g(exc)n(hange)f(iden)n(ti\014er)h
(in)h(the)g(k)n(ey)f(exc)n(hange)f(pa)n(yload\).)0 2543
y Fj(B.6)112 b(De\014ning)37 b(new)h(Exc)m(hange)g(T)m(yp)s(es)0
2796 y Fk(If)27 b(the)f(basic)g(exc)n(hange)f(t)n(yp)r(es)h(are)f
(inadequate)h(to)g(meet)h(the)f(requiremen)n(ts)f(within)i(a)f(DOI,)g
(a)g(designer)f(can)h(de\014ne)h(up)0 2896 y(to)f(thirteen)g(extra)e
(exc)n(hange)h(t)n(yp)r(es)g(p)r(er)h(DOI.)g(The)g(designer)e(creates)h
(a)g(new)h(exc)n(hange)e(t)n(yp)r(e)i(b)n(y)f(c)n(ho)r(osing)g(an)g(un)
n(used)0 2996 y(exc)n(hange)c(t)n(yp)r(e)h(v)-5 b(alue,)24
b(and)e(de\014ning)g(a)g(sequence)g(of)g(messages)f(comp)r(osed)h(of)g
(strings)f(of)i(the)f(ISAKMP)g(pa)n(yload)f(t)n(yp)r(es.)0
3195 y(Note)j(that)h(an)n(y)e(new)h(exc)n(hange)f(t)n(yp)r(es)h(m)n
(ust)h(b)r(e)f(rigorously)e(analyzed)h(for)h(vulnerabilities.)35
b(Since)24 b(this)h(is)f(an)g(exp)r(ensiv)n(e)0 3294
y(and)j(imprecise)g(undertaking,)g(a)h(new)f(exc)n(hange)f(t)n(yp)r(e)i
(should)f(only)h(b)r(e)g(created)e(when)i(absolutely)f(necessary)-7
b(.)0 5656 y(Maughan,)27 b(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(62])p eop
%%Page: 63 63
63 62 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y Ff(Securit)l(y)47
b(Considerations)0 672 y Fk(Cryptographic)18 b(analysis)g(tec)n
(hniques)h(are)g(impro)n(ving)f(at)i(a)f(steady)g(pace.)34
b(The)19 b(con)n(tin)n(uing)g(impro)n(v)n(emen)n(t)g(in)h(pro)r
(cessing)0 771 y(p)r(o)n(w)n(er)37 b(mak)n(es)h(once)g(computationally)
f(prohibitiv)n(e)h(cryptographic)f(attac)n(ks)g(more)h(realistic.)68
b(New)39 b(cryptographic)0 871 y(algorithms)31 b(and)h(public)h(k)n(ey)
e(generation)g(tec)n(hniques)h(are)g(also)f(b)r(eing)h(dev)n(elop)r(ed)
g(at)g(a)g(steady)g(pace.)50 b(New)33 b(securit)n(y)0
971 y(services)25 b(and)h(mec)n(hanisms)g(are)f(b)r(eing)i(dev)n(elop)r
(ed)f(at)g(an)g(accelerated)f(pace.)36 b(A)26 b(consisten)n(t)g(metho)r
(d)h(of)f(c)n(ho)r(osing)f(from)0 1070 y(a)36 b(v)-5
b(ariet)n(y)35 b(of)h(securit)n(y)f(services)f(and)i(mec)n(hanisms)g
(and)f(to)h(exc)n(hange)f(attributes)h(required)f(b)n(y)h(the)g(mec)n
(hanisms)f(is)0 1170 y(imp)r(ortan)n(t)h(to)g(securit)n(y)f(in)i(the)f
(complex)g(structure)g(of)g(the)h(In)n(ternet.)62 b(Ho)n(w)n(ev)n(er,)
37 b(a)f(system)g(that)g(lo)r(c)n(ks)g(itself)g(in)n(to)0
1269 y(a)31 b(single)g(cryptographic)e(algorithm,)j(k)n(ey)e(exc)n
(hange)g(tec)n(hnique,)j(or)d(securit)n(y)h(mec)n(hanism)g(will)g(b)r
(ecome)h(increasingly)0 1369 y(vulnerable)27 b(as)g(time)h(passes.)0
1568 y(UDP)i(is)f(an)g(unreliable)g(datagram)f(proto)r(col)g(and)h
(therefore)g(its)g(use)h(in)f(ISAKMP)h(in)n(tro)r(duces)e(a)h(n)n(um)n
(b)r(er)h(of)f(securit)n(y)0 1668 y(considerations.)39
b(Since)29 b(UDP)g(is)g(unreliable,)g(but)g(a)f(k)n(ey)h(managemen)n(t)
e(proto)r(col)h(m)n(ust)h(b)r(e)g(reliable,)g(the)g(reliabilit)n(y)f
(is)0 1768 y(built)i(in)n(to)g(ISAKMP)-7 b(.)29 b(While)h(ISAKMP)f
(utilizes)h(UDP)g(as)e(its)i(transp)r(ort)f(mec)n(hanism,)g(it)h(do)r
(esn't)g(rely)f(on)g(an)n(y)g(UDP)0 1867 y(information)e(\(e.g.)37
b(c)n(hec)n(ksum,)26 b(length\))i(for)g(its)f(pro)r(cessing.)0
2066 y(Another)19 b(issue)g(that)h(m)n(ust)f(b)r(e)h(considered)e(in)h
(the)h(dev)n(elopmen)n(t)f(of)g(ISAKMP)g(is)g(the)h(e\013ect)f(of)h
(\014rew)n(alls)e(on)h(the)g(proto)r(col.)0 2166 y(Man)n(y)27
b(\014rew)n(alls)f(\014lter)i(out)f(all)h(UDP)f(pac)n(k)n(ets,)g
(making)g(reliance)f(on)i(UDP)g(questionable)e(in)i(certain)f(en)n
(vironmen)n(ts.)0 2365 y(A)38 b(n)n(um)n(b)r(er)f(of)h(v)n(ery)e(imp)r
(ortan)n(t)i(securit)n(y)e(considerations)g(are)h(presen)n(ted)g(in)h
([RF)n(C-1825)m(].)68 b(One)37 b(b)r(ears)g(rep)r(eating.)0
2465 y(Once)30 b(a)g(priv)-5 b(ate)31 b(session)e(k)n(ey)h(is)h
(created,)f(it)h(m)n(ust)g(b)r(e)g(safely)f(stored.)45
b(F)-7 b(ailure)30 b(to)h(prop)r(erly)e(protect)h(the)h(priv)-5
b(ate)31 b(k)n(ey)0 2565 y(from)c(access)f(b)r(oth)h(in)n(ternal)g(and)
g(external)f(to)h(the)h(system)f(completely)g(n)n(ulli\014es)g(an)n(y)f
(protection)h(pro)n(vided)f(b)n(y)h(the)h(IP)0 2664 y(Securit)n(y)f
(services.)0 3038 y Ff(IANA)45 b(Considerations)0 3320
y Fk(This)30 b(do)r(cumen)n(t)h(con)n(tains)f(man)n(y)g("magic")e(n)n
(um)n(b)r(ers)i(to)h(b)r(e)g(main)n(tained)f(b)n(y)g(the)h(IANA.)g
(This)g(section)f(explains)g(the)0 3419 y(criteria)c(to)i(b)r(e)g(used)
f(b)n(y)h(the)g(IANA)g(to)g(assign)e(additional)h(n)n(um)n(b)r(ers)g
(in)h(eac)n(h)f(of)g(these)h(lists.)0 3751 y Fj(Domain)37
b(of)g(In)m(terpretation)0 4004 y Fk(The)30 b(Domain)g(of)h(In)n
(terpretation)e(\(DOI\))h(is)h(a)e(32-bit)h(\014eld)g(whic)n(h)g(iden)n
(ti\014es)h(the)f(domain)g(under)g(whic)n(h)g(the)h(securit)n(y)0
4104 y(asso)r(ciation)f(negotiation)h(is)g(taking)g(place.)49
b(Requests)31 b(for)g(assignmen)n(ts)g(of)g(new)h(DOIs)g(m)n(ust)f(b)r
(e)i(accompanied)d(b)n(y)h(a)0 4204 y(standards-trac)n(k)25
b(RF)n(C)i(whic)n(h)h(describ)r(es)f(the)h(sp)r(eci\014c)g(domain.)0
4536 y Fj(Supp)s(orted)38 b(Securit)m(y)f(Proto)s(cols)0
4789 y Fk(ISAKMP)f(is)h(designed)g(to)f(pro)n(vide)g(securit)n(y)g
(asso)r(ciation)f(negotiation)h(and)g(k)n(ey)h(managemen)n(t)e(for)i
(man)n(y)f(securit)n(y)0 4888 y(proto)r(cols.)53 b(Requests)33
b(for)g(iden)n(ti\014ers)g(for)g(additional)g(securit)n(y)g(proto)r
(cols)f(m)n(ust)h(b)r(e)h(accompanied)e(b)n(y)i(a)f(standards-)0
4988 y(trac)n(k)26 b(RF)n(C)i(whic)n(h)g(describ)r(es)f(the)h(securit)n
(y)e(proto)r(col)h(and)g(its)h(relationship)f(to)g(ISAKMP)-7
b(.)0 5656 y(Maughan,)27 b(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(63])p eop
%%Page: 64 64
64 63 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y Ff(Ac)l(kno)l(wledgemen)l(ts)0
672 y Fk(Dan)g(Harkins,)g(Da)n(v)n(e)f(Carrel,)g(and)g(Derrell)h(Pip)r
(er)g(of)g(Cisco)f(Systems)h(pro)n(vided)f(design)h(assistance)e(with)j
(the)f(proto)r(col)0 771 y(and)g(co)r(ordination)g(for)g(the)h([IKE)o
(])g(and)f([IPDOI])g(do)r(cumen)n(ts.)0 971 y(Hilarie)g(Orman,)g(via)g
(the)h(Oakley)e(k)n(ey)h(exc)n(hange)f(proto)r(col,)h(has)g
(signi\014can)n(tly)f(in\015uenced)i(the)g(design)g(of)f(ISAKMP)-7
b(.)0 1170 y(Marsha)27 b(Gross,)g(Bill)h(Kutz,)g(Mik)n(e)f(Oehler,)h(P)
n(ete)f(Sell,)h(and)g(Ruth)h(T)-7 b(a)n(ylor)26 b(pro)n(vided)h
(signi\014can)n(t)g(input)i(and)f(review)f(to)0 1269
y(this)h(do)r(cumen)n(t.)0 1469 y(Scott)g(Carlson)e(p)r(orted)h(the)h
(TIS)g(DNSSEC)g(protot)n(yp)r(e)f(to)g(F)-7 b(reeBSD)28
b(for)f(use)g(with)i(the)f(ISAKMP)f(protot)n(yp)r(e.)0
1668 y(Je\013)e(T)-7 b(urner)23 b(and)i(Stev)n(e)f(Smalley)g(con)n
(tributed)h(to)f(the)h(protot)n(yp)r(e)f(dev)n(elopmen)n(t)g(and)g(in)n
(tegration)f(with)i(ESP)f(and)g(AH.)0 1867 y(Mik)n(e)j(Oehler)g(and)g
(P)n(ete)g(Sell)h(p)r(erformed)f(in)n(terop)r(erabilit)n(y)g(testing)g
(with)h(other)f(ISAKMP)g(implemen)n(tors.)0 2066 y(Thanks)g(to)g(Carl)g
(Muc)n(k)n(enhirn)g(of)h(SP)-7 b(AR)g(T)g(A,)28 b(Inc.)37
b(for)27 b(his)g(assistance)g(with)h(L)2539 2055 y Fa(a)2578
2066 y Fk(T)2624 2091 y(E)2669 2066 y(X.)0 5656 y(Maughan,)f(Sc)n
(hertler,)f(Sc)n(hneider,)i(T)-7 b(urner)477 b
(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478 b([P)n(age)26
b(64])p eop
%%Page: 65 65
65 64 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y Ff(References)0 604
y Fk([ANSI])42 b(ANSI,)26 b Fb(X9.42:)39 b(Public)28
b(Key)f(Crypto)l(gr)l(aphy)j(for)e(the)f(Financial)i(Servic)l(es)e
(Industry)g({)g(Establishment)h(of)g(Sym-)171 704 y(metric)i(A)n
(lgorithm)g(Keys)g(Using)g(Di\016e-Hel)t(lman)p Fk(,)e(W)-7
b(orking)27 b(Draft,)h(April)g(19,)e(1996.)0 867 y([BC])41
b(Ballardie,)28 b(A.)h(and)f(J.)g(Cro)n(w)n(croft,)f
Fb(Multic)l(ast-sp)l(e)l(ci\014c)k(Se)l(curity)f(Thr)l(e)l(ats)h(and)g
(Counterme)l(asur)l(es)p Fk(,)d(Pro)r(ceedings)171 967
y(of)23 b(1995)f(ISOC)h(Symp)r(osium)h(on)f(Net)n(w)n(orks)f(&)h
(Distributed)h(Systems)g(Securit)n(y)-7 b(,)24 b(pp.)g(17-30,)e(In)n
(ternet)h(So)r(ciet)n(y)-7 b(,)24 b(San)171 1067 y(Diego,)j(CA,)h(F)-7
b(ebruary)26 b(1995.)0 1230 y([Berge])40 b(Berge,)25
b(N.H.,)i Fb(UNINETT)h(PCA)g(Policy)i(Statements)p Fk(,)25
b(In)n(ternet-Draft,)h(w)n(ork)e(in)h(progress,)f(No)n(v)n(em)n(b)r
(er,)h(1995.)0 1394 y([CW87])41 b(Clark,)26 b(D.D.)h(and)f(D.R.)i
(Wilson,)e Fb(A)j(Comp)l(arison)h(of)g(Commer)l(cial)g(and)g(Military)g
(Computer)f(Se)l(curity)g(Poli-)171 1494 y(cies)p Fk(,)f(Pro)r
(ceedings)e(of)i(the)f(IEEE)g(Symp)r(osium)h(on)f(Securit)n(y)g(&)g
(Priv)-5 b(acy)e(,)26 b(Oakland,)h(CA,)h(1987,)e(pp.)i(184-193.)0
1658 y([DNSSEC])42 b(D.)31 b(Eastlak)n(e)e(I)r(I)r(I,)j
Fb(Domain)h(Name)g(System)f(Pr)l(oto)l(c)l(ol)i(Se)l(curity)e
(Extensions)p Fk(,)f(In)n(ternet-Draft:)43 b(draft-ietf-)171
1757 y(dnssec-secext2-03.txt,)25 b(W)-7 b(ork)27 b(in)h(Progress,)c
(Jan)n(uary)i(1998.)0 1921 y([DO)n(W92])41 b(Di\016e,)21
b(W.,)g(M.Wiener,)g(P)-7 b(.)19 b(V)-7 b(an)19 b(Oorsc)n(hot,)g
Fb(A)n(uthentic)l(ation)i(and)h(A)n(uthentic)l(ate)l(d)g(Key)g
(Exchanges)p Fk(,)f(Designs,)171 2021 y(Co)r(des,)27
b(and)g(Cryptograph)n(y)-7 b(,)26 b(2,)h(107-125,)d(Klu)n(w)n(er)j
(Academic)g(Publishers,)g(1992.)0 2184 y([IAB])42 b(Bello)n(vin,)e(S.,)
i Fb(R)l(ep)l(ort)e(of)g(the)h(IAB)f(Se)l(curity)f(A)n(r)l(chite)l
(ctur)l(e)g(Workshop)p Fk(,)44 b(In)n(ternet-Draft:)58
b(draft-iab-secwks-)171 2284 y(rep)r(ort-00.txt,)26 b(W)-7
b(ork)27 b(in)g(Progress,)e(No)n(v)n(em)n(b)r(er)h(1997.)0
2448 y([IKE])41 b(Harkins,)22 b(D.)g(and)g(D.)h(Carrel,)f
Fb(The)j(Internet)e(Key)i(Exchange)h(\(IKE\))p Fk(,)c(In)n
(ternet-Draft:)34 b(draft-ietf-ipsec-isakmp-)171 2547
y(oakley-06.txt,)25 b(W)-7 b(ork)27 b(in)h(Progress,)d(F)-7
b(ebruary)26 b(1998.)0 2711 y([IPDOI])41 b(Derrell)d(Pip)r(er,)i
Fb(The)g(Internet)e(IP)i(Se)l(curity)f(Domain)h(of)g(Interpr)l(etation)
f(for)h(ISAKMP)p Fk(,)e(In)n(ternet-Draft:)171 2811 y
(draft-ietf-ipsec-ipsec-doi-07.txt,)25 b(W)-7 b(ork)27
b(in)h(Progress,)c(F)-7 b(ebruary)27 b(1998.)0 2974 y([Karn])40
b(Karn,)46 b(P)-7 b(.)43 b(and)h(B.)f(Simpson,)k Fb(Photuris:)68
b(Session)45 b(Key)f(Management)h(Pr)l(oto)l(c)l(ol)p
Fk(,)k(In)n(ternet-Draft:)68 b(draft-)171 3074 y
(simpson-photuris-15.txt,)25 b(W)-7 b(ork)27 b(in)h(Progress,)d(July)i
(1997.)0 3238 y([Ken)n(t94])40 b(Stev)n(e)28 b(Ken)n(t,)f
Fb(IPSEC)j(SMIB)p Fk(,)f(e-mail)e(to)g(ipsec@ans.net,)g(August)h(10,)e
(1994.)0 3401 y([Oakley])40 b(H.)h(K.)e(Orman,)j Fb(The)g(Oakley)g(Key)
f(Determination)h(Pr)l(oto)l(c)l(ol)p Fk(,)h(In)n(ternet-Draft:)62
b(draft-ietf-ipsec-oakley-)171 3501 y(02.txt,)27 b(W)-7
b(ork)27 b(in)h(Progress,)c(July)k(1997.)0 3665 y([RF)n(C-1422])39
b(Stev)n(e)28 b(Ken)n(t,)g Fb(Privacy)k(Enhanc)l(ement)e(for)h
(Internet)e(Ele)l(ctr)l(onic)i(Mail:)40 b(Part)31 b(II:)f(Certi\014c)l
(ate-Base)l(d)i(Key)171 3764 y(Management)p Fk(,)c(RF)n(C-1422,)e(F)-7
b(ebruary)26 b(1993.)0 3928 y([RF)n(C-1825])39 b(Randall)27
b(A)n(tkinson,)h Fb(Se)l(curity)h(A)n(r)l(chite)l(ctur)l(e)g(for)i(the)
f(Internet)e(Pr)l(oto)l(c)l(ol)p Fk(,)h(RF)n(C-1825,)c(August,)j(1995.)
0 4092 y([RF)n(C-1949])39 b(A.)28 b(Ballardie,)f Fb(Sc)l(alable)k
(Multic)l(ast)e(Key)i(Distribution)p Fk(,)c(RF)n(C-1949,)f(Ma)n(y)h
(1996.)0 4256 y([RF)n(C-2093])39 b(Harney)-7 b(,)53 b(H.)48
b(and)g(C.)g(Muc)n(k)n(enhirn,)k Fb(Gr)l(oup)d(Key)g(Management)g(Pr)l
(oto)l(c)l(ol)g(\(GKMP\))g(Sp)l(e)l(ci\014c)l(ation)p
Fk(,)171 4355 y(SP)-7 b(AR)g(T)g(A,)28 b(Inc.,)g(RF)n(C-2093,)d(July)i
(1997.)0 4519 y([RF)n(C-2094])39 b(Harney)-7 b(,)54 b(H.)49
b(and)g(C.)g(Muc)n(k)n(enhirn,)54 b Fb(Gr)l(oup)c(Key)f(Management)h
(Pr)l(oto)l(c)l(ol)h(\(GKMP\))f(A)n(r)l(chite)l(ctur)l(e)p
Fk(,)171 4619 y(SP)-7 b(AR)g(T)g(A,)28 b(Inc.,)g(RF)n(C-2094,)d(July)i
(1997.)0 4782 y([RF)n(C-2119])39 b(S.)34 b(Bradner,)g
Fb(Key)i(Wor)l(ds)f(for)i(use)e(in)g(RF)n(Cs)g(to)h(Indic)l(ate)g(R)l
(e)l(quir)l(ement)e(L)l(evels)p Fk(,)h(Harv)-5 b(ard)33
b(Univ)n(ersit)n(y)-7 b(,)171 4882 y(RF)n(C-2119,)25
b(Marc)n(h)i(1997.)0 5046 y([Sc)n(hneier])41 b(Bruce)36
b(Sc)n(hneier,)j Fb(Applie)l(d)h(Crypto)l(gr)l(aphy)h(-)d(Pr)l(oto)l(c)
l(ols,)k(A)n(lgorithms,)g(and)d(Sour)l(c)l(e)f(Co)l(de)i(in)e(C)h(\(Se)
l(c)l(ond)171 5145 y(Edition\))p Fk(,)29 b(John)e(Wiley)h(&)f(Sons,)g
(Inc.,)h(1996.)0 5309 y([STD-2])41 b(Reynolds,)27 b(J.)h(and)f(J.)h(P)n
(ostel,)e Fb(Assigne)l(d)k(Numb)l(ers)p Fk(,)d(STD)h(2,)g(Octob)r(er,)e
(1994.)0 5656 y(Maughan,)h(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7
b(urner)477 b(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478
b([P)n(age)26 b(65])p eop
%%Page: 66 66
66 65 bop 0 100 a Fk(INTERNET-DRAFT)1128 b(ISAKMP)1101
b(Marc)n(h)26 b(10,)h(1998)0 390 y Ff(Addresses)47 b(of)e(Authors)0
572 y Fk(The)28 b(authors)e(can)h(b)r(e)h(con)n(tacted)f(at:)300
771 y(Douglas)g(Maughan)480 871 y(Phone:)36 b(301-688-0847)480
971 y(E-mail:)f Fg(wdm@tycho.ncsc.m)o(il)300 1170 y Fk(Mark)27
b(Sc)n(hneider)480 1269 y(Phone:)36 b(301-688-0851)480
1369 y(E-mail:)f Fg(mss@tycho.ncsc.m)o(il)480 1568 y
Fk(National)27 b(Securit)n(y)g(Agency)480 1668 y(A)-7
b(TTN:)28 b(R23)480 1768 y(9800)e(Sa)n(v)-5 b(age)26
b(Road)480 1867 y(Ft.)37 b(Meade,)28 b(MD.)g(20755-6000)300
2066 y(Mark)f(Sc)n(hertler)480 2166 y(T)-7 b(erisa)26
b(Systems,)i(Inc.)480 2266 y(4984)e(El)h(Camino)g(Real)480
2365 y(Los)g(Altos,)g(CA.)h(94022)480 2465 y(Phone:)36
b(650-919-1773)480 2565 y(E-mail:)f Fg(mjs@terisa.com)300
2764 y Fk(Je\013)28 b(T)-7 b(urner)480 2863 y(RABA)28
b(T)-7 b(ec)n(hnologies,)26 b(Inc.)480 2963 y(10500)f(Little)j(P)n
(atuxen)n(t)f(P)n(arkw)n(a)n(y)480 3063 y(Colum)n(bia,)g(MD.)h(21044)
480 3162 y(Phone:)36 b(410-715-9399)480 3262 y(E-mail:)f
Fg(jeff.turner@raba)o(.co)o(m)0 5656 y Fk(Maughan,)27
b(Sc)n(hertler,)f(Sc)n(hneider,)i(T)-7 b(urner)477 b
(draft-ietf-ipsec-isakmp-09.txt,)25 b(.ps)478 b([P)n(age)26
b(66])p eop
%%Trailer
end
userdict /end-hook known{end-hook}if
%%EOF
- ISAKMP-09 .ps W. Douglas Maughan