INTERNET-DRAFT                                                 D. Dukes 
Expires March 2002                                           R. Pereira 
Document: <draft-dukes-ike-mode-cfg-02.txt>               Cisco Systems 
                                                         September 2001 
 
 
                    The ISAKMP Configuration Method 
                   <draft-dukes-ike-mode-cfg-02.txt> 
 
 
 
Status of this Memo 
 
   This document is an Internet-Draft and is in full conformance with 
   all provisions of Section 10 of RFC2026 [1].  
    
   Internet-Drafts are working documents of the Internet Engineering 
   Task Force (IETF), its areas, and its working groups. Note that 
   other groups may also distribute working documents as Internet-
   Drafts. Internet-Drafts are draft documents valid for a maximum of 
   six months and may be updated, replaced, or obsoleted by other 
   documents at any time. It is inappropriate to use Internet- Drafts 
   as reference material or to cite them other than as "work in 
   progress."  
   The list of current Internet-Drafts can be accessed at 
   http://www.ietf.org/ietf/1id-abstracts.txt  
   The list of Internet-Draft Shadow Directories can be accessed at 
   http://www.ietf.org/shadow.html. 
    
    
Abstract 
    
   This document describes a new ISAKMP method that allows 
   configuration items to be exchanged securely by using both 
   push/acknowledge or request/reply paradigms. 
    
   The authors currently intend this document to be published as an 
   Informational RFC, not a standards-track document, so that the many 
   IPsec implementations that have implemented to earlier drafts of 
   this protocol can have a single stable reference. 
    
   Comments regarding this draft should be sent to ietf-mode-
   cfg@vpnc.org or to the authors. 
    
    
Conventions used in this document 
    
   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in 
   this document are to be interpreted as described in RFC-2119 [2]. 
    
    


  
Dukes, Pereira                                                       1 

                   The ISAKMP Configuration Method     September 2001 
 
 
    
Table of Contents 
   1. Introduction....................................................3 
   1.1. Changes since last revision...................................3 
   1.2. Reader Prerequisites..........................................3 
   2. Configuration Transaction.......................................3 
   3. Configuration Method Exchange and Payload.......................4 
   3.1. Transaction Exchanges.........................................4 
   3.1.1. Protected Exchanges.........................................4 
   3.1.2. Unprotected Exchanges.......................................5 
   3.2. Attribute Payload.............................................5 
   3.3. Configuration Message Types...................................6 
   3.4. Configuration Attributes......................................6 
   3.5. Retransmission................................................9 
   4. Exchange Positioning............................................9 
   5. Specific Uses...................................................9 
   5.1. Requesting an Internal Address................................9 
   5.2. Requesting the Peer’s Version................................10 
   6. Enterprise Management Considerations...........................11 
   7. Security Considerations........................................11 
   8. References.....................................................11 
   10. Author's Addresses............................................12 
   Full Copyright Statement..........................................13 
    





























  
Dukes, Pereira                                                       2 

                   The ISAKMP Configuration Method     September 2001 
 
 
    
1. Introduction 
    
   The ISAKMP protocol provides a framework to negotiate and generate 
   Security Associations.  While negotiating SAs, it is sometimes quite 
   useful to retrieve certain information from the other peer before 
   the non-ISAKMP SA can be established.  Luckily, ISAKMP is also 
   flexible enough to provide configuration information and do it 
   securely.  This document will present a mechanism to extend ISAKMP 
   to provide such functionality. 
    
1.1. Changes since last revision. 
    
   The last revision of this document was published as "draft-dukes-
   ike-mode-cfg-01.txt", and was originally named "draft-ietf-ipsec-
   isakmp-mode-cfg" 
    
   o Fixed some typo's and cross-references. 
    
1.2. Reader Prerequisites 
    
   It is assumed that the reader is familiar with the terms and 
   concepts described in the "Security Architecture for the Internet 
   Protocol" [ArchSec] and "IP Security Document Roadmap" [Thayer97] 
   documents. 
    
   Readers are advised to be familiar with both [IKE] and [ISAKMP] 
   because of the terminology used within this document and the fact 
   that this document is an extension of both of those documents. 
    
    
2. Configuration Transaction 
    
   A "Configuration Transaction" is defined as one or more transaction 
   exchanges each consisting of two messages, the first being either a 
   Set or a Request and the second being either an Acknowledge or a 
   Reply, respectively.  A common identifier is used to identify the 
   configuration transaction between exchanges. 
    
   There are two paradigms to follow for this method. 
    
   o "Request/Reply" allows a host to request information from an 
   informed hosts (a configuration manager).  If the attributes in the 
   Request message are not empty, then these attributes are taken as 
   suggestions for that attribute.  The Reply message MAY wish to 
   choose those values, or return new values.  It MAY also add new 
   attributes and not include some requested attributes. 
    
   A Reply MUST always be sent when a Request is received, even if it 
   is an empty Reply or if there are missing attributes in the Request.  
   This merely means that the requested attributes were not available 
   or unknown. 
    
  
Dukes, Pereira                                                       3 

                   The ISAKMP Configuration Method     September 2001 
 
 
       Initiator              Responder 
       ---------------        -------------- 
       REQUEST          --> 
                        <--   REPLY 
    
   o "Set/Acknowledge" works on the push principle that allows a 
   configuration manager (a host that wishes to send information to 
   another host) to start the configuration transaction.  This code 
   sends attributes that it wants the peer to alter.  The Acknowledge 
   code MUST return the zero length attributes that it accepted.  Those 
   attributes that it did not accept will NOT be sent back in the 
   acknowledgement. 
    
       Initiator              Responder 
       ---------------        ------------------- 
       SET              --> 
                        <--   ACKNOWLEDGE 
    
   Transaction exchanges are completed once the Reply or Acknowledge 
   code is received.  If one is not received, the implementation MAY 
   wish to retransmit the original message as detailed in a later 
   section. 
    
   The initiator and responder are not necessarily the same as the 
   initiator and responder of the ISAKMP exchange. 
    
    
3. Configuration Method Exchange and Payload 
    
3.1. Transaction Exchanges 
    
   A new exchange mode is required for the configuration method.  This 
   exchange is called the "Transaction Exchange" and has a value of 6.  
   This exchange is quite similar to the Information exchange described 
   in [ISAKMP] and [IKE], but allows for multi-exchange transactions 
   instead of being a one-way transmittal of information. 
    
   This specification protects ISAKMP Transaction Exchanges when 
   possible. 
    
    
3.1.1. Protected Exchanges 
    
   Once an ISAKMP security association has been established (and 
   SKEYID_e and SKEYID_a have been generated), the ISAKMP Transaction 
   Exchange is as follows: 
    
        Initiator                        Responder 
       -----------                      ----------- 
        HDR*, HASH, ATTR      --> 
                              <--        HDR*, HASH, ATTR 
    

  
Dukes, Pereira                                                       4 

                   The ISAKMP Configuration Method     September 2001 
 
 
   Where the HASH payload contains the prf output, using SKEYID_a as 
   the key, and the M-ID (ISAKMP header Message ID) unique to this 
   exchange concatenated with all of the payloads after the HASH 
   payload. In other words, the hash for the above exchange is: 
    
       HASH = prf( SKEYID_a, M-ID | ATTR ) 
    
   Multiple ATTR payloads MAY NOT be present in the Transaction 
   Exchange. 
    
   As noted, the message ID in the ISAKMP header-- as used in the prf 
   computation-- is unique to this transaction exchange and MUST NOT be 
   the same as the message ID of another transaction exchange.  The 
   derivation of the initialization vector (IV) for the first message, 
   used with SKEYID_e to encrypt the message, is described in Appendix 
   B of [IKE].  Subsequent IVs are taken from the last ciphertext block 
   of the previous message as described in [IKE]. 
    
    
3.1.2. Unprotected Exchanges 
    
   If the ISAKMP security association has not yet been established at 
   the time of the Transaction Exchange and the information being 
   exchanged is not sensitive, the exchange MAY be done in the clear 
   without an accompanying HASH payload. 
    
        Initiator                        Responder 
       -----------                      ----------- 
        HDR, ATTR           --> 
                            <--          HDR, ATTR 
    
   Multiple ATTR payloads MAY NOT be present in the Transaction 
   Exchange. 
    
    
3.2. Attribute Payload 
    
   A new payload is defined to carry attributes as well as the type of 
   transaction message. 
    
                           1                   2                   3 
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
     ! Next Payload  !   RESERVED    !         Payload Length        ! 
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
     !     Type      !   RESERVED    !           Identifier          ! 
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
     !                                                               ! 
     ~                           Attributes                          ~ 
     !                                                               ! 
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
    
   The Attributes Payload fields are defined as follows: 
  
Dukes, Pereira                                                       5 

                   The ISAKMP Configuration Method     September 2001 
 
 
    
   o Next Payload (1 octet) - Identifier for the payload type of the 
   next payload in the message.  If the current payload is the last in 
   the message, then this field will be 0. 
    
   o RESERVED (1 octet) - Unused, set to 0. 
    
   o Payload Length (2 octets) - Length in octets of the current 
   payload, including the generic payload header, the transaction-
   specific header and all attributes.  If the length does not match 
   the length of the payload headers plus the attributes, (i.e. an 
   attribute is half contained within this payload) then entire payload 
   MUST be discarded. 
    
   o Attribute Message Type (1 octet) - Specifies the type of message 
   represented by the attributes.  These are defined in the next 
   section. 
    
   o RESERVED (1 octet) - Unused, set to 0. 
    
   o Identifier (2 octets) - An identifier used to reference a 
   configuration transaction within the individual messages. 
    
   o Attributes (variable length) - Zero or more ISAKMP Data Attributes 
   as defined in [ISAKMP].  The attribute types are defined in a later 
   section. 
    
   The payload type for the Attributes Payload is 14. 
    
    
3.3. Configuration Message Types 
    
   These values are to be used within the Type field of an Attribute 
   ISAKMP payload. 
    
    Types                      Value 
   ========================== =========== 
    RESERVED                   0 
    ISAKMP_CFG_REQUEST         1 
    ISAKMP_CFG_REPLY           2 
    ISAKMP_CFG_SET             3 
    ISAKMP_CFG_ACK             4 
    Reserved for Future Use    5-127 
    Reserved for Private Use   128-255 
    
   Messages with unknown types SHOULD be silently discarded. 
    
    
3.4. Configuration Attributes 
    
   Zero or more ISAKMP attributes [ISAKMP] are contained within an 
   Attributes Payload. Zero length attribute values are usually sent in 
   a Request and MUST NOT be sent in a Response. 
  
Dukes, Pereira                                                       6 

                   The ISAKMP Configuration Method     September 2001 
 
 
    
   All IPv6 specific attributes are mandatory only if the 
   implementation supports IPv6 and vice versa for IPv4.  Mandatory 
   attributes are stated below. 
    
   Unknown private attributes SHOULD be silently discarded. 
    
   The following attributes are currently defined: 
    
    Attribute                 Value   Type       Length 
   ========================= ======= ========== ===================== 
    RESERVED                    0 
    INTERNAL_IP4_ADDRESS        1     Variable   0 or 4 octets 
    INTERNAL_IP4_NETMASK        2     Variable   0 or 4 octets 
    INTERNAL_IP4_DNS            3     Variable   0 or 4 octets 
    INTERNAL_IP4_NBNS           4     Variable   0 or 4 octets 
    INTERNAL_ADDRESS_EXPIRY     5     Variable   0 or 4 octets 
    INTERNAL_IP4_DHCP           6     Variable   0 or 4 octets 
    APPLICATION_VERSION         7     Variable   0 or more 
    INTERNAL_IP6_ADDRESS        8     Variable   0 or 16 octets 
    INTERNAL_IP6_NETMASK        9     Variable   0 or 16 octets 
    INTERNAL_IP6_DNS           10     Variable   0 or 16 octets 
    INTERNAL_IP6_NBNS          11     Variable   0 or 16 octets 
    INTERNAL_IP6_DHCP          12     Variable   0 or 16 octets 
    INTERNAL_IP4_SUBNET        13     Variable   0 or 8 octets 
    SUPPORTED_ATTRIBUTES       14     Variable   0 or multiples of 2 
    INTERNAL_IP6_SUBNET        15     Variable   0 or 17 octets 
    Reserved for future use    16-16383 
    Reserved for private use   16384-32767 
    
   o INTERNAL_IP4_ADDRESS, INTERNAL_IP6_ADDRESS - Specifies an address 
   within the internal network.  This address is sometimes called a red 
   node address or a private address and MAY be a private address on 
   the Internet.  Multiple internal addresses MAY be requested by 
   requesting multiple internal address attributes.  The responder MAY 
   only send up to the number of addresses requested. 
    
   The requested address is valid until the expiry time defined with 
   the INTERNAL_ADDRESS EXPIRY attribute or until the ISAKMP SA that 
   was used to secure the request expires.  The address MAY also expire 
   when the IPSec (phase 2) SA expires, if the request is associated 
   with a phase 2 negotiation.  If no ISAKMP SA was used to secure the 
   request, then the response MUST include an 
   expiry or the host MUST expire the SA after an implementation-
   defined time. 
    
   An implementation MUST support this attribute. 
    
   o INTERNAL_IP4_NETMASK, INTERNAL_IP6_NETMASK - The internal 
   network's netmask.  Only one netmask is allowed in the request and 
   reply messages (e.g. 255.255.255.0) and it MUST be used only with an 
   INTERNAL_ADDRESS attribute. 
    
  
Dukes, Pereira                                                       7 

                   The ISAKMP Configuration Method     September 2001 
 
 
   An implementation MUST support this attribute. 
    
   o INTERNAL_IP4_DNS, INTERNAL_IP6_DNS - Specifies an address of a DNS 
   server within the network.  Multiple DNS servers MAY be requested.  
   The responder MAY respond with zero or more DNS server attributes. 
    
   o INTERNAL_IP4_NBNS, INTERNAL_IP6_NBNS - Specifies an address of a 
   NetBios Name Server (WINS) within the network.  Multiple NBNS 
   servers MAY be requested.  The responder MAY respond with zero or 
   more NBNS server attributes. 
    
   o INTERNAL_ADDRESS_EXPIRY - Specifies the number of seconds that the 
   host can use the internal IP address.  The host MUST renew the IP 
   address before this expiry time.  Only one attribute MAY be present 
   in the reply. 
    
   An implementation MUST support this attribute. 
    
   o INTERNAL_IP4_DHCP, INTERNAL_IP6_DHCP - Instructs the host to send 
   any internal DHCP requests to the address contained within the 
   attribute.  Multiple DHCP servers MAY be requested.  The responder 
   MAY respond with zero or more DHCP server attributes. 
    
   o APPLICATION_VERSION - The version or application information of 
   the IPSec host.  This is a string of printable ASCII characters that 
   is NOT null terminated. 
    
   This attribute does not need to be secured. 
    
   An implementation MUST support this attribute. 
    
   o INTERNAL_IP4_SUBNET - The protected sub-networks that this edge-
   device protects.  This attribute is made up of two fields; the first 
   being an IP address and the second being a netmask.  Multiple sub-
   networks MAY be requested.  The responder MAY  respond with zero or 
   more sub-network attributes. 
    
   An implementation MUST support this attribute. 
    
   o SUPPORTED_ATTRIBUTES - When used within a Request, this attribute 
   must be zero length and specifies a query to the responder to reply 
   back with all of the attributes that it supports.  The response 
   contains an attribute that contains a set of attribute identifiers 
   each in 2 octets.  The length divided by 2 (bytes) would state the 
   number of supported attributes contained in the response. 
    
   An implementation MUST support this attribute. 
    
   o INTERNAL_IP6_SUBNET - The protected sub-networks that this edge-
   device protects.  This attribute is made up of two fields; the first 
   being a 16 octet IPv6 address the second being a one octet prefix-
   mask as defined in [ADDRIPV6].  Multiple sub-networks MAY be 

  
Dukes, Pereira                                                       8 

                   The ISAKMP Configuration Method     September 2001 
 
 
   requested.  The responder MAY respond with zero or more sub-network 
   attributes. 
    
   An implementation MUST support this attribute. 
    
   Note that no recommendations are made in this document how an 
   implementation actually figures out what information to send in a 
   reply.  i.e. we do not recommend any specific method of (an edge 
   device) determining which DNS server should be returned to a 
   requesting host. 
    
    
3.5. Retransmission 
    
   Retransmission SHOULD follow the same retransmission rules used with 
   standard ISAKMP messages. 
    
    
4. Exchange Positioning 
    
   The exchange and messages defined within this document MAY appear at 
   any time.  Because of security considerations with most attributes, 
   the exchange SHOULD be secured with an ISAKMP phase 1 SA. 
    
   Depending on the type of transaction and the information being 
   exchanged, the exchange MAY be dependant on an ISAKMP phase 1 SA 
   negotiation, a phase 2 SA negotiation, or none of the above. 
    
   The next section details specific functions and their position 
   within an ISAKMP negotiation. 
    
    
5. Specific Uses 
    
   The following descriptions detail how to perform specific functions 
   using this protocol.  Other functions are possible and thus this 
   list is not a complete list of all of the possibilities.  While 
   other functions are possible, the functions listed below MUST be 
   performed as detailed in this document to preserve interoperability 
   among different vendor's implementations. 
    
    
5.1. Requesting an Internal Address 
    
   This function provides address allocation to a remote host trying to 
   tunnel into a network protected by an edge device.   The remote host 
   requests an address and optionally other information concerning the 
   internal network from the edge device.  The edge device procures an 
   internal address for the remote host from any number of sources such 
   as a DHCP/BOOTP server or its own address pool. 
    
    Initiator                           Responder 
   -----------------------------       ------------------------------- 
  
Dukes, Pereira                                                       9 

                   The ISAKMP Configuration Method     September 2001 
 
 
    HDR*, HASH, ATTR1(REQUEST)    --> 
                                  <--   HDR*, HASH, ATTR2(REPLY) 
    ATTR1(REQUEST) MUST contain at least an INTERNAL_ADDRESS attribute 
   (either IPv4 or IPv6) but MAY also contain any number of additional 
   attributes that it wants returned in the response. 
    
   For example: 
   ATTR1(REQUEST) = 
     INTERNAL_ADDRESS(0.0.0.0) 
     INTERNAL_NETMASK(0.0.0.0) 
     INTERNAL_DNS(0.0.0.0) 
    
   ATTR2(REPLY) = 
     INTERNAL_ADDRESS(192.168.219.202) 
     INTERNAL_NETMASK(255.255.255.0) 
     INTERNAL_SUBNET(291.168.219.0/255.255.255.0) 
    
   All returned values will be implementation dependent.  As can be 
   seen in the above example, the edge device MAY also send other 
   attributes that were not included in the REQUEST and MAY ignore the 
   non-mandatory attributes that it does not support. 
    
   This Transaction Exchange MUST occur after an ISAKMP phase 1 SA is 
   already established and before an ISAKMP phase 2 negotiation has 
   started, since that negotiation requires the internal address. 
    
   Initial Negotiation: 
     MainMode or AggressiveMode 
     TransactionMode (IP Address request) 
     QuickMode(s) 
    
   Subsequent address requests would be done without the phase 1 
   negotiation when there already exists a phase 1 SA. 
    
   Subsequent Negotiations: 
     TransactionMode (IP Address request) 
     QuickMode(s) 
    
5.2. Requesting the Peer's Version 
    
   An IPSec host wishing to inquire about the other peer's version 
   information (with or without security) MUST use this method. 
    
    Initiator                           Responder 
   -----------------------------       -------------------------- 
    HDR, ATTR1(REQUEST)           --> 
                                  <--   HDR, ATTR2(REPLY) 
    
   ATTR1(REQUEST) = 
     APPLICATION_VERSION("") 
    
   ATTR2(REPLY) = 
     APPLICATION_VERSION("foobar v1.3beta, (c) Foo Bar Inc.") 
  
Dukes, Pereira                                                      10 

                   The ISAKMP Configuration Method     September 2001 
 
 
    
   The return text string will be implementation dependent.  This 
   transaction MAY be done at any time and with or without any other 
   ISAKMP exchange and because the version information MAY be deemed 
   not sensitive, security is optional. 
    
    
6. Enterprise Management Considerations 
    
   The method defined in this document SHOULD NOT be used for wide 
   scale management.  Its main intent is to provide a bootstrap 
   mechanism to exchange information within IPSec.  While it MAY be 
   useful to use such a method of exchange information to some outlying 
   IPSec hosts or small networks, existing management protocols such as 
   DHCP [DHCP], RADIUS [RADIUS], SNMP or LDAP [LDAP] should be 
   considered for enterprise management as well as subsequent 
   information exchanges. 
    
    
7. Security Considerations 
    
   This entire draft discusses a new ISAKMP configuration method to 
   allow IPSec-enabled entities to acquire and share configuration 
   information. 
    
   The draft mandates that this exchange should normally occur after 
   the Phase I Security Association has been set up and that the entire 
   exchange be protected by that Phase I SA.  Thus the exchange is as 
   secure as any Phase II SA negotiation. 
    
   This exchange MAY be secured (encrypted and authenticated) by other 
   means as well, such as pre-configured ESP [ESP] or data-link 
   security. 
    
    
8. References 
    
 
   [1]         Bradner, S., "The Internet Standards Process -- Revision 
               3", BCP 9, RFC 2026, October 1996. 
    
   [2]         Bradner, S., "Key words for use in RFCs to Indicate 
               Requirement Levels", BCP 14, RFC 2119, March 1997 
    
   [Thayer97]  R. Thayer, N. Doraswamy, R. Glenn. "IP Security Document 
               Roadmap", RFC2411 
    
   [ArchSec]   S. Kent, R. Atkinson, "Security Architecture for the 
               Internet Protocol", RFC2401 
    
   [ISAKMP]    D. Maughan, M. Schertler, M. Schneider, J. Turner, 
               "Internet Security Association and Key Management 
               Protocol", RFC2408 
  
Dukes, Pereira                                                      11 

                   The ISAKMP Configuration Method     September 2001 
 
 
    
   [IKE]       D. Harkins, D. Carrel, "The Internet Key Exchange 
               (IKE)", RFC2409 
    
   [DHCP]      R. Droms, "Dynamic Host Configuration Protocol", 
               RFC2131 
    
   [RADIUS]    C. Rigney, A. Rubens, W. Simpson, S. Willens, "Remote 
               Authentication Dial In User Service (RADIUS)", RFC2138 
    
   [LDAP]      M. Wahl, T. Howes, S. Kille., "Lightweight Directory 
               Access Protocol (v3)", RFC2251 
    
   [ESP]       S. Kent, "IP Encapsulating Security Payload (ESP)", 
               RFC2406 
    
   [ADDRIPV6]  Hinden, R., "IP Version 6 Addressing Architecture", 
               RFC 2373, July 1998. 
    
    
9. Acknowledgments 
    
   The editors would like to thank Sanjay Anand, Baiju V. Patel, 
   Stephane Beaulieu, Tim Jenkins, Peter Ford, Bob Moskowitz and Shawn 
   Mamros. 
    
    
10. Author's Addresses 
    
   Darren Dukes 
   Cisco Systems Co. 
   365 March Road 
   Kanata, ON, Canada 
   Phone: 1-613-271-3679 
   Email: ddukes@cisco.com 
    
   Roy Pereira 
   Cisco Systems, Inc. 
   170 Tasman Drive 
   San Jose, CA, USA 
   Phone: 1-408-526-6793 
   Email: royp@cisco.com 
    
    









  
Dukes, Pereira                                                      12 

                   The ISAKMP Configuration Method     September 2001 
 
 
    
Full Copyright Statement 
 
   "Copyright (C) The Internet Society (date). All Rights Reserved. 
   This document and translations of it may be copied and furnished to 
   others, and derivative works that comment on or otherwise explain it 
   or assist in its implementation may be prepared, copied, published 
   and distributed, in whole or in part, without restriction of any 
   kind, provided that the above copyright notice and this paragraph 
   are included on all such copies and derivative works. However, this 
   document itself may not be modified in any way, such as by removing 
   the copyright notice or references to the Internet Society or other 
   Internet organizations, except as needed for the purpose of 
   developing Internet standards in which case the procedures for 
   copyrights defined in the Internet Standards process must be 
   followed, or as required to translate it into 
    
    
   This Internet Draft expires September 2001 
    

































  
Dukes, Pereira                                                      13