ÿ"##$%&ÿ'$%ÿ()*+&$+,)*ÿ -,.ÿ
`
`

ÿ

ÿ


`
`
`

 
`  
`/0ÿ1234,56-6$)ÿ*6'',%,).,-
`ADWDMCÿ@ˆRY[ˆX|[q=<?ˆGTUAVÿEZWOMWDPY\ÿXE[YXRTUAVÿ_XPDEMLCÿ@ˆRY[ˆX|[q=<?ˆ_XPDEMLˆG
`UFWPOÿELW\CPY\Cÿ@ˆRY[ˆX|[q=<?ˆEFWPOˆGŽPCDYXBÿ@ˆRY[ˆX|[q=<?ˆQPCDYXBˆG
`wbxyÿbh{gjgxi
`RXW|D>PED|>\WD>XCPL>PLCE[><?ÿ@;<<<><]>;<G
`}xÿbh{gjgxi
`X|[q=<?ÿ@;<<=>=<><=G
`7$."8,)&ÿ96-&$%:
`~gddÿdxbyce
`ÿ
`APRE>NB>CPRE
`E|YXE>W|DEXJQW\€EÿNWXCRP||
`AMNFPD
`~ceh
`‚ƒh{o‚„…
`‚†legxi
`;<<=>=<><=
`<?@ABCDEFGHIJÿLMNOPCQER
`;<<=><=>;S
`<?@ABCDEFGTUAVÿQWCÿWLLXYZERÿDQEÿRY[MFE\D
`;<<<><]>;<
`<?@ABCDEFG^E_ÿZEXCPY\ÿWZWPOWNOE`ÿabcdefghedficefbjgkfgkjhlfmnoepe
`<q@ABCDEFG^E_ÿZEXCPY\ÿWZWPOWNOE`ÿabcdefghedficefbjgkfgkjhlfmroepe
`;<<<><q>=S
`<;@ABCDEFG^E_ÿZEXCPY\ÿWZWPOWNOE`ÿabcdefghedficefbjgkfgkjhlfmsoepe
`;<<<><=>q=
`=ttt>=<>;u
`<=@ABCDEFG^E_ÿZEXCPY\ÿWZWPOWNOE`ÿabcdefghedficefbjgkfgkjhlfmvoepe
`<<@ABCDEFG^E_ÿZEXCPY\ÿWZWPOWNOE`ÿabcdefghedficefbjgkfgkjhlfmmoepe
`=ttt><S>;<
`TA‡Jÿ@QDDLC`ˆˆ___‰P\DEX\EDCY[PEDB‰YX€ˆGÿTUŠIÿŠXMCDÿ@QDDLC`ˆˆDXMCDEE‰PED|‰YX€ˆG
`HIJÿURPDYXÿ@QDDLC`ˆˆ___‰X|[>ERPDYX‰YX€ˆGÿTHŠIÿ@QDDLC`ˆˆ___‰PXD|‰YX€ˆGÿTUAV
`@QDDLC`ˆˆ___‰PED|‰YX€ˆPEC€ˆGÿTUŠIÿ@QDDLC`ˆˆ___‰PED|‰YX€ˆGÿTŒÿ@QDDLC`ˆˆ___‰PWN‰YX€ˆG
`
`
`  
`
`




`

 

 
`

`
`‚
`
` 
`
`0001
`
`Ex. 1012
`Apple v. MPH Techs. Oy
`IPR2019-00823
`
`

`

`  
`
`
`ÿ!ÿ"#ÿ%&''()*++,-./0,1'20.345ÿ678ÿ7..9)ÿ%&''()*++'..9)0,1'20.34+5ÿ:
`
`

ÿ

ÿ


`
`
`

 
`%&''()*++;;;0,-<-0.34+5
`=>?@AÿCDEFGFHIFDH>?@AJÿKÿLMNOÿPHAHAEHQRFEÿKÿSFEIT?UÿVWXYWZW[\ÿCDEFGFHIFDVWXYWZW[\DJÿKÿ]Z\X^Z_^\`ÿKÿaF[?EAÿHÿ>@bcÿNEHQRFEcd
`CeAA[IcDDA??GIWTFAfW?EbDA??GIDTFAfg>DUFhATQRFAJÿMiHTGcjÿCiHTGA?cgHAHAEHQRFE^[E?kFQAlTFAfW?EbJÿ
`mnAe?Uÿ]WoW\_ÿKÿPkHUb?ÿ\W\\W]Z
`
`
`
`  
`
`




`

 

 
`

`
` 
`
`0002
`
`

`

` ÿÿ

ÿ ÿ ÿÿ



ÿ
`  
`()*+ÿ)-../01ÿ2/0ÿ34561/6745ÿ*+879ÿ
`(:;ÿ<=>?
`°LFLPWÿjpRkKpOSKCA@Dpwg°yÿV§FQPFLUkNÿOVKkORg°yÿqOULVPXWÿjpRkKpOSKCA@DpqOULVPXpwgiFUQÿVhXFNWUkNWÿjpRkKpOSKCA@DpViFUQpw
`¶UWLkOGÿjpRkKpOSKCA@DpnUWLkOGpw
`¨©ª«¬­®«
`>?ÿ±²5/9²50³216´71264³1608´.6´.879²µ
`ROFSLTUVLSTNFLTOWUXTUXWVK
`@A
`@B
`@C
`@@
`@D
`OSKCA@DYZ[\]^_`
`EFGÿAIIIJKLÿAIIIMFNÿB@@@EFOÿB@@@MPQÿB@@@
`abc^defÿTÿghXVOUiVNLFQÿjJKLklVOÿB@@AmÿgOOFLFÿjnLLXWoppqqqrOSKTVRULkOrkOspVOOFLFtWVFOKnrXnXuOSKvCA@Dww
`xFWÿROFSLTUVLSTNFLTOWUXTUXWVKÿjpRkKpROFSLTUVLSTNFLTOWUXTUXWVKpwÿjNFLÿxyÿjpqspNFLpww
`z{|`ÿ\c~{`^~B@ACT@CT@B
``€^{]g‚e
`ƒZ€]{`|„ÿXQFUNÿLVhLÿjnLLXWoppqqqrOSKTVRULkOrkOspOSKpOSKCA@DrLhLwÿ…ÿXRSÿjnLLXWoppqqqrOSKTVRULkOrkOspOSKpXRSOSKpOSKCA@DrLhLrXRSw
`†ÿnLiQÿjnLLXWoppLkkQWrUVLSrkOspnLiQpOSKCA@Dwÿ‡ÿlUlLVhÿjlUlLVhw
``€^{]
`
`ˆ‰ÿ|`{`^Š‹Œ^c‹|`{`^‹~€{Ž`‹^`Žxyÿ‘kKPiVNL
`YZ[\]^_`ÿ|Œ^cŒ^€~’kÿWnVXnVORÿFWWUsNVR
`“”‰
`
`“”‰ÿ|`{`^Š‹Œ^c‹|`{`^‹~€{Ž`‹^|•defÿCA@DÿjghXVOUiVNLFQw
`–Z_|^_|\|ÿ—Z^€c{`^˜N™NkqN
`a^^[Œ{`ÿ~{`^
`š^|cZ_|›^ÿœYj’kNVw
`^_~ÿ_Z`[^|ÿ`Zj’kNVw
`ÿgiFUQÿFPLnkOWÿjiFUQLkoROFSLTUVLSTNFLTOWUXTUXWVKžUVLSrkOsuWPlŸVKLvEFUQ B@OVsFORUNs B@ROFSLTUVLSTNFLTOWUXTUXWVKw
`ÿgiFUQÿxyÿjiFUQLkoNFLžUVLSrkOsuWPlŸVKLvEFUQ B@OVsFORUNs B@ROFSLTUVLSTNFLTOWUXTUXWVKwÿ¡ÿ¢dÿjpUXOpWVFOKnpuWPliULvROFSL£URvROFSLTUVLSTNFLTOWUXTUXWVKw
`¤ÿdVSVOVNKVWÿjpRkKpOSKCA@DpOVSVOVNKVWpwÿ¥ÿdVSVOVNKVRÿlGÿjpRkKpOSKCA@DpOVSVOVNKVRlGpw
`¦ÿ’ULWÿjnLLXWoppqqqrUVLSrkOspLkkQWpURNULWuPOQvnLLXWoppqqqrUVLSrkOspFOKnU§VpURpROFSLTUVLSTNFLTOWUXTUXWVKT@DrLhLwÿ
`¯ÿ°VFOKnÿQUWLWÿ
`
`  ! "   #!$%&'
`
` 
`
`0003
`
`

`

`3/17/2019
`
`Network Working Group
`Request for Comments: 3104
`Category: Experimental
`
`RFC 3104 - RSIP Support for End-to-end IPsec
`
`G. Montenegro
`Sun Microsystems, Inc.
`M. Borella
`CommWorks
`October 2001
`
`RSIP Support for End—to—end IPsec
`
`Status of this Memo
`
`This memo defines an Experimental Protocol for the Internet
`community.
`It does not specify an Internet standard of any kind.
`Discussion and suggestions for improvement are requested.
`Distribution of this memo is unlimited.
`
`Copyright Notice
`
`Copyright (C) The Internet Society (2001). All Rights Reserved.
`
`IESG Note
`
`The IESG notes that the set of documents describing the RSIP
`technology imply significant host and gateway changes for a complete
`implementation.
`In addition,
`the floating of port numbers can cause
`problems for some applications, preventing an RSIP—enabled host from
`interoperating transparently with existing applications in some cases
`(e.g., IPsec). Finally,
`there may be significant operational
`complexities associated with using RSIP.
`Some of these and other
`complications are outlined in section 6 of the RFC 3102, as well as
`in the Appendices of RFC 3104. Accordingly,
`the costs and benefits
`of using RSIP should be carefully weighed against other means of
`relieving address shortage.
`
`Abstract
`
`This document proposes mechanisms that enable Realm Specific IP
`(RSIP) to handle end—to—end IPsec (IP Security).
`
`Experimental
`Montenegro & Borella
`RFC 3104
`RSIP Support for End—to—end IPsec
`
`[Page 1]
`October 2001
`
`Table of Contents
`
`.
`.
`
`(I‘m-FWNH
`
`Introduction ..................................................
`Model .........................................................
`Implementation Notes ..........................................
`IKE Handling and Demultiplexing ...............................
`IPsec Handling and Demultiplexing .............................
`RSIP Protocol Extensions ......................................
`6.1 IKE Support
`in RSIP .......................................
`6.2 IPsec Support in RSIP .....................................
`7.
`IANA Considerations ...........................................
`8. Security Considerations ....................................... 10
`9. Acknowledgements .............................................. 10
`References .......................................................
`Authorsl Addresses ...............................................
`Appendix A: On Optional Port Allocation to RSIP Clients .......... 13
`Appendix B: RSIP Error Numbers for IKE and IPsec Support ......... 14
`Appendix C: Message Type Values for IPsec Support ................ 14
`Appendix D: A Note on Flow Policy Enforcement .................... 14
`Appendix E: Remote Host Rekeying ................................. 14
`Appendix F: Example Application Scenarios ........................ 15
`Appendix G: Thoughts on Supporting Incoming Connections .......... 17
`Full Copyright Statement ......................................... 19
`
`1. Introduction
`
`This document specifies RSIP extensions to enable end—to—end IPsec.
`It assumes the RSIP framework as presented in [RSIP—FW], and
`specifies extensions to the RSIP protocol defined in [RSIP—P].
`terminology follows [NAT—TERMS].
`
`Other
`
`"SHALL NOT",
`"SHALL",
`"REQUIRED",
`"MUST NOT",
`The key words "MUST",
`"SHOULD",
`"SHOULD NOT",
`"RECOMMENDED",
`"MAY", and "OPTIONAL"
`in this
`document are to be interpreted as described in RFC 2119.
`
`2. Model
`
`For clarity,
`
`the discussion below assumes this model:
`
`RSIP client
`
`RSIP server
`
`Host
`
`Xa
`
`Na
`
`Nb
`+ ------------ +
`Nb1
`+ ------------+
`[X] —————— | Addr space |————[N] ————— | Addr space | ——————— [Y]
`|
`A
`|
`Nb2
`|
`B
`|
`+ ------------+
`,,,
`+ ------------ +
`
`Yb
`
` ÿÿ

ÿ ÿ ÿÿ



ÿ
`  
`()*+,-.ÿ0,-.123ÿ4-,56ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ47ÿ8,2*)2)3-,ÿ
`9):5);*ÿ<,-ÿ=,>>)2*;?ÿ@ABCÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿD52ÿ81E-,;F;*)>;GÿH2E7ÿ
`=I*)3,-F?ÿJK6)-1>)2*ILÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ87ÿM,-)LLIÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ=,>>0,-.;ÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿNE*,O)-ÿPBBAÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ9DHQÿD566,-*ÿ<,-ÿJ2RS*,S)2RÿHQ;)Eÿ
`ÿD*I*5;ÿ,<ÿ*T1;ÿ8)>,ÿ
`ÿÿÿÿUT1;ÿ>)>,ÿR)<12);ÿI2ÿJK6)-1>)2*ILÿQ-,*,E,Lÿ<,-ÿ*T)ÿH2*)-2)*ÿ
`ÿÿÿE,>>521*F7ÿÿH*ÿR,);ÿ2,*ÿ;6)E1<FÿI2ÿH2*)-2)*ÿ;*I2RI-Rÿ,<ÿI2Fÿ.12R7ÿ
`ÿÿÿV1;E5;;1,2ÿI2Rÿ;533);*1,2;ÿ<,-ÿ1>6-,W)>)2*ÿI-)ÿ-):5);*)R7ÿ
`ÿÿÿV1;*-1O5*1,2ÿ,<ÿ*T1;ÿ>)>,ÿ1;ÿ52L1>1*)R7ÿ
`ÿ=,6F-13T*ÿ(,*1E)ÿ
`ÿÿÿÿ=,6F-13T*ÿX=YÿUT)ÿH2*)-2)*ÿD,E1)*FÿXPBBAY7ÿÿZLLÿ913T*;ÿ9);)-W)R7ÿ
`ÿHJD4ÿ(,*)ÿ
`ÿÿÿÿUT)ÿHJD4ÿ2,*);ÿ*TI*ÿ*T)ÿ;)*ÿ,<ÿR,E5>)2*;ÿR);E-1O123ÿ*T)ÿ9DHQÿ
`ÿÿÿ*)ET2,L,3Fÿ1>6LFÿ;1321<1EI2*ÿT,;*ÿI2Rÿ3I*)+IFÿETI23);ÿ<,-ÿIÿE,>6L)*)ÿ
`ÿÿÿ1>6L)>)2*I*1,27ÿÿH2ÿIRR1*1,2Gÿ*T)ÿ<L,I*123ÿ,<ÿ6,-*ÿ25>O)-;ÿEI2ÿEI5;)ÿ
`ÿÿÿ6-,OL)>;ÿ<,-ÿ;,>)ÿI66L1EI*1,2;Gÿ6-)W)2*123ÿI2ÿ9DHQS)2IOL)RÿT,;*ÿ<-,>ÿ
`ÿÿÿ12*)-,6)-I*123ÿ*-I2;6I-)2*LFÿ+1*Tÿ)K1;*123ÿI66L1EI*1,2;ÿ12ÿ;,>)ÿEI;);ÿ
`ÿÿÿX)737GÿHQ;)EY7ÿÿ[12ILLFGÿ*T)-)ÿ>IFÿO)ÿ;1321<1EI2*ÿ,6)-I*1,2ILÿ
`ÿÿÿE,>6L)K1*1);ÿI;;,E1I*)Rÿ+1*Tÿ5;123ÿ9DHQ7ÿÿD,>)ÿ,<ÿ*T);)ÿI2Rÿ,*T)-ÿ
`ÿÿÿE,>6L1EI*1,2;ÿI-)ÿ,5*L12)Rÿ12ÿ;)E*1,2ÿ\ÿ,<ÿ*T)ÿ9[=ÿ@ABPGÿI;ÿ+)LLÿI;ÿ
`ÿÿÿ12ÿ*T)ÿZ66)2R1E);ÿ,<ÿ9[=ÿ@ABC7ÿÿZEE,-R123LFGÿ*T)ÿE,;*;ÿI2RÿO)2)<1*;ÿ
`ÿÿÿ,<ÿ5;123ÿ9DHQÿ;T,5LRÿO)ÿEI-)<5LLFÿ+)13T)RÿI3I12;*ÿ,*T)-ÿ>)I2;ÿ,<ÿ
`ÿÿÿ-)L1)W123ÿIRR-);;ÿ;T,-*I3)7ÿ
`ÿZO;*-IE*ÿ
`ÿÿÿÿUT1;ÿR,E5>)2*ÿ6-,6,;);ÿ>)ETI21;>;ÿ*TI*ÿ)2IOL)ÿ9)IL>ÿD6)E1<1EÿHQÿ
`ÿÿÿX9DHQYÿ*,ÿTI2RL)ÿ)2RS*,S)2RÿHQ;)EÿXHQÿD)E5-1*FY7ÿ
`ÿ8,2*)2)3-,ÿ]ÿM,-)LLIÿÿÿÿÿÿÿÿÿÿJK6)-1>)2*ILÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ^QI3)ÿA_ÿ
`9[=ÿ@ABCÿÿÿÿÿÿÿÿÿÿÿ9DHQÿD566,-*ÿ<,-ÿJ2RS*,S)2RÿHQ;)EÿÿÿÿÿÿÿÿNE*,O)-ÿPBBAÿ
`ÿUIOL)ÿ,<ÿ=,2*)2*;ÿ
`ÿÿÿÿA7ÿH2*-,R5E*1,2ÿ77777777777777777777777777777777777777777777777777ÿÿPÿ
`ÿÿÿP7ÿ8,R)Lÿ777777777777777777777777777777777777777777777777777777777ÿÿPÿ
`ÿÿÿ@7ÿH>6L)>)2*I*1,2ÿ(,*);ÿ777777777777777777777777777777777777777777ÿÿ@ÿ
`ÿÿÿC7ÿH`JÿaI2RL123ÿI2RÿV)>5L*16L)K123ÿ7777777777777777777777777777777ÿÿCÿ
`ÿÿÿb7ÿHQ;)EÿaI2RL123ÿI2RÿV)>5L*16L)K123ÿ77777777777777777777777777777ÿÿbÿ
`ÿÿÿ\7ÿ9DHQÿQ-,*,E,LÿJK*)2;1,2;ÿ77777777777777777777777777777777777777ÿÿ\ÿ
`ÿÿÿÿÿÿ\7AÿH`JÿD566,-*ÿ12ÿ9DHQÿ777777777777777777777777777777777777777ÿÿ\ÿ
`ÿÿÿÿÿÿ\7PÿHQ;)EÿD566,-*ÿ12ÿ9DHQÿ7777777777777777777777777777777777777ÿÿcÿ
`ÿÿÿc7ÿHZ(Zÿ=,2;1R)-I*1,2;ÿ7777777777777777777777777777777777777777777ÿABÿ
`ÿÿÿd7ÿD)E5-1*Fÿ=,2;1R)-I*1,2;ÿ777777777777777777777777777777777777777ÿABÿ
`ÿÿÿe7ÿZE.2,+L)R3)>)2*;ÿ7777777777777777777777777777777777777777777777ÿABÿ
`ÿÿÿ9)<)-)2E);ÿ7777777777777777777777777777777777777777777777777777777ÿAAÿ
`ÿÿÿZ5*T,-;fÿZRR-);;);ÿ77777777777777777777777777777777777777777777777ÿAPÿ
`ÿÿÿZ66)2R1KÿZ?ÿN2ÿN6*1,2ILÿQ,-*ÿZLL,EI*1,2ÿ*,ÿ9DHQÿ=L1)2*;ÿ7777777777ÿA@ÿ
`ÿÿÿZ66)2R1KÿM?ÿ9DHQÿJ--,-ÿ(5>O)-;ÿ<,-ÿH`JÿI2RÿHQ;)EÿD566,-*ÿ777777777ÿACÿ
`ÿÿÿZ66)2R1Kÿ=?ÿ8);;I3)ÿUF6)ÿgIL5);ÿ<,-ÿHQ;)EÿD566,-*ÿ7777777777777777ÿACÿ
`ÿÿÿZ66)2R1KÿV?ÿZÿ(,*)ÿ,2ÿ[L,+ÿQ,L1EFÿJ2<,-E)>)2*ÿ77777777777777777777ÿACÿ
`ÿÿÿZ66)2R1KÿJ?ÿ9)>,*)ÿa,;*ÿ9).)F123ÿ777777777777777777777777777777777ÿACÿ
`ÿÿÿZ66)2R1Kÿ[?ÿJKI>6L)ÿZ66L1EI*1,2ÿDE)2I-1,;ÿ777777777777777777777777ÿAbÿ
`ÿÿÿZ66)2R1Kÿ4?ÿUT,53T*;ÿ,2ÿD566,-*123ÿH2E,>123ÿ=,22)E*1,2;ÿ7777777777ÿAcÿ
`ÿÿÿ[5LLÿ=,6F-13T*ÿD*I*)>)2*ÿ77777777777777777777777777777777777777777ÿAeÿ
`ÿA7ÿH2*-,R5E*1,2ÿ
`ÿÿÿÿUT1;ÿR,E5>)2*ÿ;6)E1<1);ÿ9DHQÿ)K*)2;1,2;ÿ*,ÿ)2IOL)ÿ)2RS*,S)2RÿHQ;)E7ÿ
`ÿÿÿH*ÿI;;5>);ÿ*T)ÿ9DHQÿ<-I>)+,-.ÿI;ÿ6-);)2*)Rÿ12ÿ^9DHQS[0_GÿI2Rÿ
`ÿÿÿ;6)E1<1);ÿ)K*)2;1,2;ÿ*,ÿ*T)ÿ9DHQÿ6-,*,E,LÿR)<12)Rÿ12ÿ^9DHQSQ_7ÿÿN*T)-ÿ
`ÿÿÿ*)->12,L,3Fÿ<,LL,+;ÿ^(ZUSUJ98D_7ÿ
`ÿÿÿÿUT)ÿ.)Fÿ+,-R;ÿh8iDUhGÿh8iDUÿ(NUhGÿh9JjiH9JVhGÿhDaZkkhGÿhDaZkkÿ(NUhGÿ
`ÿÿÿhDaNikVhGÿhDaNikVÿ(NUhGÿh9J=N88J(VJVhGÿh8ZlhGÿI2RÿhNQUHN(Zkhÿ12ÿ*T1;ÿ
`ÿÿÿR,E5>)2*ÿI-)ÿ*,ÿO)ÿ12*)-6-)*)RÿI;ÿR);E-1O)Rÿ12ÿ9[=ÿPAAe7ÿ
`ÿP7ÿ8,R)Lÿ
`ÿÿÿÿ[,-ÿELI-1*FGÿ*T)ÿR1;E5;;1,2ÿO)L,+ÿI;;5>);ÿ*T1;ÿ>,R)L?ÿ
`ÿÿÿÿ9DHQÿEL1)2*ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ9DHQÿ;)-W)-ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿa,;*ÿ
`ÿÿÿÿÿÿÿmIÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ(Iÿÿÿ(OÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿlOÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿnSSSSSSSSSSSSnÿÿÿÿÿÿÿ(OAÿÿnSSSSSSSSSSSSnÿ
`ÿÿÿ^m_SSSSSSoÿZRR-ÿ;6IE)ÿoSSSS^(_SSSSSoÿZRR-ÿ;6IE)ÿoSSSSSSS^l_ÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿoÿÿZÿÿÿÿÿÿÿÿÿoÿÿÿÿÿÿÿ(OPÿÿoÿÿMÿÿÿÿÿÿÿÿÿoÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿnSSSSSSSSSSSSnÿÿÿÿÿÿÿ777ÿÿnSSSSSSSSSSSSnÿ
`ÿ8,2*)2)3-,ÿ]ÿM,-)LLIÿÿÿÿÿÿÿÿÿÿJK6)-1>)2*ILÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ^QI3)ÿP_ÿ
`9[=ÿ@ABCÿÿÿÿÿÿÿÿÿÿÿ9DHQÿD566,-*ÿ<,-ÿJ2RS*,S)2RÿHQ;)EÿÿÿÿÿÿÿÿNE*,O)-ÿPBBAÿ
`ÿ
`  ! "   #!$%&'
`
`Experimental
`Montenegro & Borella
`RFC 3104
`RSIP Support for End—to—end IPsec
`
`[Page 2]
`October 2001
`
`https://datatrac|er.ietf.org/doc/rf03104/?i ncl ude_text= 1
`
`0004
`
`2/11
`
` 
`
`0004
`
`

`

`3/17/2019
`
`RFC 3104 - RSIP Support for End-to-end IPsec
`Hosts X and Y belong to different address spaces A and B,
`Na on
`respectively, and N is an RSIP server.
`N has two addresses:
`address space A, and Nb on address space B.
`For example, A could be
`a private address space, and B the public address space of the
`general Internet. Additionally, N may have a pool of addresses in
`address space B which it can assign to or lend to X.
`
`This document proposes RSIP extensions and mechanisms to enable an
`RSIP client X to initiate IKE and IPsec sessions to a legacy IKE and
`IPsec node Y.
`In order to do so, X exchanges RSIP protocol messages
`with the RSIP server N. This document does not yet address IKE/IPsec
`session initiation from Y to an RSIP client X.
`For some thoughts on
`this matter see Appendix G.
`
`The discussion below assumes that the RSIP server N is examining a
`packet sent by Y, destined for X. This implies that "source" refers
`to Y and "destination" refers to Y's peer, namely, X's presence at N.
`
`This document assumes the use of the RSAP—IP flavor of RSIP (except
`that port number assignments are optional), on top of which SPI
`values are used for demultiplexing. Because of this, more than one
`RSIP client may share the same global IP address.
`
`. Implementation Notes
`
`The RSIP server N is not required to have more than one address on
`address space B.
`RSIP allows X (and any other hosts on address space
`A) to reuse Nb. Because of this, Y's SPD SHOULD NOT be configured to
`support address—based keying. Address—based keying implies that only
`one RSIP client may, at any given point in time, use address Nb when
`exchanging IPsec packets with Y.
`Instead, Y's SPD SHOULD be
`configured to support session—oriented keying, or user—oriented
`keying [Kent98c].
`In addition to user—oriented keying, other types
`of identifications within the IKE Identification Payload are equally
`effective at disambiguating who is the real client behind the single
`address Nb [Piper98].
`
` ÿÿ

ÿ ÿ ÿÿ



ÿ
`  
`ÿÿÿ)*+,+ÿ-ÿ./0ÿ1ÿ234*/5ÿ,*ÿ0677383/,ÿ.0083++ÿ+9.:3+ÿ;ÿ./0ÿ<=ÿ
`ÿÿÿ83+93:,6>34?=ÿ./0ÿ@ÿ6+ÿ./ÿABCDÿ+38>38Eÿÿ@ÿF.+ÿ,G*ÿ.0083++3+Hÿÿ@.ÿ*/ÿ
`ÿÿÿ.0083++ÿ+9.:3ÿ;=ÿ./0ÿ@2ÿ*/ÿ.0083++ÿ+9.:3ÿ<EÿÿI*8ÿ3J.K943=ÿ;ÿ:*L40ÿ23ÿ
`ÿÿÿ.ÿ986>.,3ÿ.0083++ÿ+9.:3=ÿ./0ÿ<ÿ,F3ÿ9L246:ÿ.0083++ÿ+9.:3ÿ*7ÿ,F3ÿ
`ÿÿÿ53/38.4ÿC/,38/3,Eÿÿ;006,6*/.44?=ÿ@ÿK.?ÿF.>3ÿ.ÿ9**4ÿ*7ÿ.0083++3+ÿ6/ÿ
`ÿÿÿ.0083++ÿ+9.:3ÿ<ÿGF6:Fÿ6,ÿ:./ÿ.++65/ÿ,*ÿ*8ÿ43/0ÿ,*ÿ-Eÿ
`ÿÿÿÿMF6+ÿ0*:LK3/,ÿ98*9*+3+ÿABCDÿ3J,3/+6*/+ÿ./0ÿK3:F./6+K+ÿ,*ÿ3/.243ÿ./ÿ
`ÿÿÿABCDÿ:463/,ÿ-ÿ,*ÿ6/6,6.,3ÿCNOÿ./0ÿCD+3:ÿ+3++6*/+ÿ,*ÿ.ÿ435.:?ÿCNOÿ./0ÿ
`ÿÿÿCD+3:ÿ/*03ÿ1EÿÿC/ÿ*8038ÿ,*ÿ0*ÿ+*=ÿ-ÿ3J:F./53+ÿABCDÿ98*,*:*4ÿK3++.53+ÿ
`ÿÿÿG6,Fÿ,F3ÿABCDÿ+38>38ÿ@EÿÿMF6+ÿ0*:LK3/,ÿ0*3+ÿ/*,ÿ?3,ÿ.0083++ÿCNOPCD+3:ÿ
`ÿÿÿ+3++6*/ÿ6/6,6.,6*/ÿ78*Kÿ1ÿ,*ÿ./ÿABCDÿ:463/,ÿ-EÿÿI*8ÿ+*K3ÿ,F*L5F,+ÿ*/ÿ
`ÿÿÿ,F6+ÿK.,,38ÿ+33ÿ;993/06JÿQEÿ
`ÿÿÿÿMF3ÿ06+:L++6*/ÿ234*Gÿ.++LK3+ÿ,F.,ÿ,F3ÿABCDÿ+38>38ÿ@ÿ6+ÿ3J.K6/6/5ÿ.ÿ
`ÿÿÿ9.:R3,ÿ+3/,ÿ2?ÿ1=ÿ03+,6/30ÿ7*8ÿ-EÿÿMF6+ÿ6K9463+ÿ,F.,ÿS+*L8:3Sÿ83738+ÿ
`ÿÿÿ,*ÿ1ÿ./0ÿS03+,6/.,6*/Sÿ83738+ÿ,*ÿ1T+ÿ9338=ÿ/.K34?=ÿ-T+ÿ983+3/:3ÿ.,ÿ@Eÿ
`ÿÿÿÿMF6+ÿ0*:LK3/,ÿ.++LK3+ÿ,F3ÿL+3ÿ*7ÿ,F3ÿAB;DUCDÿ74.>*8ÿ*7ÿABCDÿV3J:39,ÿ
`ÿÿÿ,F.,ÿ9*8,ÿ/LK238ÿ.++65/K3/,+ÿ.83ÿ*9,6*/.4W=ÿ*/ÿ,*9ÿ*7ÿGF6:FÿBDCÿ
`ÿÿÿ>.4L3+ÿ.83ÿL+30ÿ7*8ÿ03KL4,6943J6/5Eÿÿ<3:.L+3ÿ*7ÿ,F6+=ÿK*83ÿ,F./ÿ*/3ÿ
`ÿÿÿABCDÿ:463/,ÿK.?ÿ+F.83ÿ,F3ÿ+.K3ÿ54*2.4ÿCDÿ.0083++Eÿ
`ÿXEÿCK943K3/,.,6*/ÿ@*,3+ÿ
`ÿÿÿÿMF3ÿABCDÿ+38>38ÿ@ÿ6+ÿ/*,ÿ83YL6830ÿ,*ÿF.>3ÿK*83ÿ,F./ÿ*/3ÿ.0083++ÿ*/ÿ
`ÿÿÿ.0083++ÿ+9.:3ÿ<EÿÿABCDÿ.44*G+ÿ-ÿV./0ÿ./?ÿ*,F38ÿF*+,+ÿ*/ÿ.0083++ÿ+9.:3ÿ
`ÿÿÿ;Wÿ,*ÿ83L+3ÿ@2Eÿÿ<3:.L+3ÿ*7ÿ,F6+=ÿ1T+ÿBDZÿB)[\]Zÿ@[Mÿ23ÿ:*/765L830ÿ,*ÿ
`ÿÿÿ+L99*8,ÿ.0083++U2.+30ÿR3?6/5Eÿÿ;0083++U2.+30ÿR3?6/5ÿ6K9463+ÿ,F.,ÿ*/4?ÿ
`ÿÿÿ*/3ÿABCDÿ:463/,ÿK.?=ÿ.,ÿ./?ÿ56>3/ÿ9*6/,ÿ6/ÿ,6K3=ÿL+3ÿ.0083++ÿ@2ÿGF3/ÿ
`ÿÿÿ3J:F./56/5ÿCD+3:ÿ9.:R3,+ÿG6,Fÿ1EÿÿC/+,3.0=ÿ1T+ÿBDZÿB)[\]Zÿ23ÿ
`ÿÿÿ:*/765L830ÿ,*ÿ+L99*8,ÿ+3++6*/U*863/,30ÿR3?6/5=ÿ*8ÿL+38U*863/,30ÿ
`ÿÿÿR3?6/5ÿ^N3/,_`:aEÿÿC/ÿ.006,6*/ÿ,*ÿL+38U*863/,30ÿR3?6/5=ÿ*,F38ÿ,?93+ÿ
`ÿÿÿ*7ÿ603/,676:.,6*/+ÿG6,F6/ÿ,F3ÿCNOÿC03/,676:.,6*/ÿD.?4*.0ÿ.83ÿ3YL.44?ÿ
`ÿÿÿ3773:,6>3ÿ.,ÿ06+.K265L.,6/5ÿGF*ÿ6+ÿ,F3ÿ83.4ÿ:463/,ÿ23F6/0ÿ,F3ÿ+6/543ÿ
`ÿÿÿ.0083++ÿ@2ÿ^D6938_`aEÿ
`ÿÿÿÿ<3:.L+3ÿ6,ÿ:.//*,ÿ834?ÿ*/ÿ.0083++U2.+30ÿR3?6/5=ÿABCDÿ+L99*8,ÿ7*8ÿ
`ÿÿÿCD+3:ÿ6+ÿ+6K64.8ÿ,*ÿ,F3ÿ.9946:.,6*/ÿ*7ÿCD+3:ÿ7*8ÿ83K*,3ÿ.::3++ÿL+6/5ÿ
`ÿÿÿ0?/.K6:.44?ÿ.++65/30ÿ.0083++3+Eÿÿ<*,Fÿ:.+3+ÿ6K9*+3ÿ.006,6*/.4ÿ
`ÿÿÿ83YL683K3/,+ÿGF6:Fÿ.83ÿ/*,ÿK3,ÿ2?ÿK6/6K.44?ÿ:*K946./,ÿCD+3:ÿ
`ÿÿÿ6K943K3/,.,6*/+ÿ^QL9,.aHÿ
`ÿÿÿÿÿÿÿ@*,3ÿ,F.,ÿ.ÿK6/6K.44?U:*K946./,ÿCNOÿ6K943K3/,.,6*/ÿVGF6:Fÿ*/4?ÿ
`ÿÿÿÿÿÿ6K943K3/,+ÿb.6/ÿK*03ÿG6,FÿD83U+F.830ÿR3?+ÿ7*8ÿDF.+3ÿCÿ
`ÿÿÿÿÿÿ.L,F3/,6:.,6*/Wÿ:.//*,ÿ23ÿL+30ÿ*/ÿ.ÿ83K*,3ÿF*+,ÿG6,Fÿ.ÿ0?/.K6:.44?ÿ
`ÿÿÿÿÿÿ.++65/30ÿ.0083++EÿÿMF3ÿCNOÿ83+9*/038ÿV5.,3G.?Wÿ/330+ÿ,*ÿ4**RÿL9ÿ
`ÿÿÿÿÿÿ,F3ÿ6/6,6.,*8T+ÿVK*2643ÿ/*03T+Wÿ983U+F.830ÿR3?ÿ237*83ÿ6,ÿ:./ÿ
`ÿb*/,3/358*ÿcÿ<*8344.ÿÿÿÿÿÿÿÿÿÿOJ9386K3/,.4ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ^D.53ÿXaÿ
`AIdÿXefgÿÿÿÿÿÿÿÿÿÿÿABCDÿBL99*8,ÿ7*8ÿO/0U,*U3/0ÿCD+3:ÿÿÿÿÿÿÿÿ[:,*238ÿhffeÿ
`ÿÿÿÿÿÿÿ03:8?9,ÿ,F3ÿ4.,,38T+ÿ,F680ÿK.6/ÿK*03ÿK3++.53ÿV767,Fÿ*>38.44ÿ6/ÿ
`ÿÿÿÿÿÿDF.+3ÿCWEÿÿB6/:3ÿ,F3ÿ6/6,6.,*8T+ÿ603/,6,?ÿ6+ÿ:*/,.6/30ÿ6/ÿ,F3ÿ
`ÿÿÿÿÿÿ3/:8?9,30ÿK3++.53=ÿ*/4?ÿ6,+ÿCDÿ.0083++ÿ6+ÿ.>.64.243ÿ7*8ÿ4**RL9ÿ./0ÿ
`ÿÿÿÿÿÿKL+,ÿ23ÿ98306:,.243Eÿÿ[,F38ÿ*9,6*/+=ÿ+L:Fÿ.+ÿb.6/ÿK*03ÿG6,Fÿ
`ÿÿÿÿÿÿ0656,.4ÿ+65/.,L83+PAB;ÿ3/:8?9,6*/ÿ./0ÿ;5583++6>3ÿK*03=ÿ:./ÿ
`ÿÿÿÿÿÿ.::*KK*0.,3ÿCNOÿ9338+ÿG6,Fÿ0?/.K6:.44?ÿ.++65/30ÿ.0083++3+Eÿ
`ÿÿÿÿCNOÿ9.:R3,+ÿ.83ÿ,?96:.44?ÿ:.88630ÿ*/ÿ\ZDÿ9*8,ÿiffÿ7*8ÿ2*,Fÿ+*L8:3ÿ./0ÿ
`ÿÿÿ03+,6/.,6*/=ÿ.4,F*L5Fÿ,F3ÿL+3ÿ*7ÿ39F3K38.4ÿ+*L8:3ÿ9*8,+ÿ6+ÿ/*,ÿ
`ÿÿÿ983:4L030ÿ^CB;NbDaEÿÿCNOÿ6K943K3/,.,6*/+ÿ7*8ÿL+3ÿG6,FÿABCDÿB)[\]Zÿ
`ÿÿÿ3K94*?ÿ39F3K38.4ÿ9*8,+=ÿ./0ÿ+F*L40ÿF./043ÿ,F3Kÿ.+ÿ7*44*G+ÿ^CDBOdUÿ
`ÿÿÿbBQaHÿ
`ÿÿÿÿÿÿÿCNOÿ6K943K3/,.,6*/+ÿb\BMÿ+L99*8,ÿ\ZDÿ9*8,ÿiffÿ7*8ÿ2*,Fÿ+*L8:3ÿ./0ÿ
`ÿÿÿÿÿÿ03+,6/.,6*/=ÿ2L,ÿ*,F38ÿ9*8,ÿ/LK238+ÿ.83ÿ.4+*ÿ.44*G30EÿÿC7ÿ./ÿ
`ÿÿÿÿÿÿ6K943K3/,.,6*/ÿ.44*G+ÿ*,F38U,F./U9*8,Uiffÿ7*8ÿCNO=ÿ6,ÿ+3,+ÿ,F3ÿ
`ÿÿÿÿÿÿ>.4L3ÿ*7ÿ,F3ÿ9*8,ÿ/LK238+ÿ.+ÿ839*8,30ÿ6/ÿ,F3ÿCZÿ9.?4*.0ÿ,*ÿfÿ
`ÿÿÿÿÿÿVK3./6/5ÿS./?ÿ9*8,SW=ÿ6/+,3.0ÿ*7ÿiffEÿÿ\ZDÿ9*8,ÿ/LK238+ÿViffÿ*8ÿ
`ÿÿÿÿÿÿ/*,Wÿ.83ÿF./0430ÿ2?ÿ,F3ÿ:*KK*/ÿS+G.9ÿ+8:P0+,ÿ9*8,ÿ./0ÿ8394?Sÿ
`ÿÿÿÿÿÿK3,F*0Eÿ
`ÿÿÿÿC,ÿ6+ÿ6K9*8,./,ÿ,*ÿ/*,3ÿ,F.,ÿCD+3:ÿ6K943K3/,.,6*/+ÿb\BMÿ23ÿ.G.83ÿ*7ÿ
`ÿÿÿABCD=ÿ.,ÿ43.+,ÿ6/ÿ+*K3ÿ93869F38.4ÿ+3/+3=ÿ6/ÿ*8038ÿ,*ÿ83:36>3ÿ.++65/30ÿ
`ÿÿÿBDC+ÿ./0ÿ938F.9+ÿ*,F38ÿ9.8.K3,38+ÿ78*Kÿ./ÿABCDÿ:463/,EÿÿMF3837*83=ÿ
`ÿÿÿ2LK9U6/U,F3U+,.:RÿV<CMBWÿ6K943K3/,.,6*/+ÿ*7ÿCD+3:ÿ.83ÿ/*,ÿ3J93:,30ÿ,*ÿ
`ÿÿÿG*8RÿS*L,ÿ*7ÿ,F3ÿ2*JSÿG6,FÿABCDEÿ
`ÿgEÿCNOÿ)./046/5ÿ./0ÿZ3KL4,6943J6/5ÿ
`ÿÿÿÿC7ÿ./ÿABCDÿ:463/,ÿ83YL683+ÿ,F3ÿL+3ÿ*7ÿ9*8,ÿiffÿ.+ÿ6,+ÿCNOÿ+*L8:3=ÿ
`ÿÿÿ,F6+ÿ983>3/,+ÿ,F.,ÿ76340ÿ236/5ÿL+30ÿ7*8ÿ03KL4,6943J6/5EÿÿC/+,3.0=ÿ,F3ÿ
`ÿÿÿSC/6,6.,*8ÿd**R63Sÿ76340ÿ6/ÿ,F3ÿCNOÿF3.038ÿ76340+ÿKL+,ÿ23ÿL+30ÿ7*8ÿ
`ÿÿÿ,F6+ÿ9L89*+3EÿÿMF6+ÿ76340ÿ6+ÿ.998*986.,3ÿ.+ÿ6,ÿ6+ÿ5L.8./,330ÿ,*ÿ23ÿ
`ÿÿÿ983+3/,ÿ6/ÿ3>38?ÿCNOÿ3J:F./53ÿVDF.+3ÿeÿ./0ÿDF.+3ÿhW=ÿ./0ÿ6+ÿ
`ÿÿÿ5L.8./,330ÿ,*ÿ23ÿ6/ÿ,F3ÿ:43.8ÿV3>3/ÿ67ÿ+L2+3YL3/,ÿCNOÿ9.?4*.0+ÿ.83ÿ
`ÿÿÿ3/:8?9,30WEÿÿ)*G3>38=ÿ6,ÿ6+ÿ98*,3:,30ÿ2?ÿ,F3ÿ).+Fÿ9.?4*.0ÿ6/ÿCNOÿ
`ÿÿÿ^CNOaEÿÿ<3:.L+3ÿ*7ÿ,F6+=ÿ./ÿABCDÿ:463/,ÿ./0ÿ+38>38ÿKL+,ÿ.5833ÿL9*/ÿ.ÿ
`ÿÿÿ>.460ÿ>.4L3ÿ7*8ÿ,F3ÿC/6,6.,*8ÿd**R63Eÿ
`ÿ
`  ! "   #!$%&'
`
`Because it cannot rely on address—based keying, RSIP support for
`IPsec is similar to the application of IPsec for remote access using
`dynamically assigned addresses. Both cases impose additional
`requirements which are not met by minimally compliant IPsec
`implementations [Gupta]:
`
`Note that a minimally—compliant IKE implementation (which only
`implements Main mode with Pre—shared keys for Phase I
`authentication) cannot be used on a remote host with a dynamically
`assigned address.
`The IKE responder (gateway) needs to look up
`the initiator's (mobile node's) pre—shared key before it can
`
`Experimental
`Montenegro & Borella
`RFC 3104
`RSIP Support for End—to—end IPsec
`
`[Page 3]
`October 2001
`
`decrypt the latter's third main mode message (fifth overall in
`Phase I).
`Since the initiator's identity is contained in the
`encrypted message, only its IP address is available for lookup and
`must be predictable. Other options, such as Main mode with
`digital signatures/RSA encryption and Aggressive mode, can
`accommodate IKE peers with dynamically assigned addresses.
`
`IKE packets are typically carried on UDP port 500 for both source and
`destination, although the use of ephemeral source ports is not
`precluded [ISAKMP].
`IKE implementations for use with RSIP SHOULD
`employ ephemeral ports, and should handle them as follows [IPSEC—
`MSG]:
`
`IKE implementations MUST support UDP port 500 for both source and
`destination, but other port numbers are also allowed.
`If an
`implementation allows other—than—port—500 for IKE, it sets the
`value of the port numbers as reported in the ID payload to 0
`(meaning "any port"),
`instead of 500.
`UDP port numbers (500 or
`not) are handled by the common "swap src/dst port and reply"
`method.
`
`It is important to note that IPsec implementations MUST be aware of
`RSIP, at least in some peripheral sense,
`in order to receive assigned
`SPIs and perhaps other parameters from an RSIP client. Therefore,
`bump—in—the—stack (BITS) implementations of IPsec are not expected to
`work "out of the box" with RSIP.
`
`.
`
`IKE Handling and Demultiplexing
`
`If an RSIP client requires the use of port 500 as its IKE source,
`this prevents that field being used for demultiplexing.
`Instead,
`"Initiator Cookie" field in the IKE header fields must be used for
`this purpose. This field is appropriate as it is guaranteed to be
`present in every IKE exchange (Phase 1 and Phase 2), and is
`guaranteed to be in the clear (even if subsequent IKE payloads are
`encrypted). However, it is protected by the Hash payload in IKE
`[IKE]. Because of this, an RSIP client and server must agree upon a
`valid value for the Initiator Cookie.
`
`the
`
`https://datatrac|er.ietf.org/doc/rf03104/?i ncl ude_text= 1
`
`0005
`
`3/11
`
` 
`
`0005
`
`

`

` ÿÿ

ÿ ÿ ÿÿ



ÿ
`  
`ÿÿÿ)*+,ÿ-ÿ.*/ÿ0ÿ.1123,ÿ.4ÿ.ÿ5646.778ÿ.91,,.:7,ÿ3.76,ÿ;<1ÿ4=,ÿ>*242.4<1ÿ
`ÿÿÿ?<<@2,Aÿ-ÿ6B,Bÿ24ÿ4<ÿ+1,.4,ÿ.*ÿ>CDÿE.+@,4ÿ.*/ÿ46**,7Bÿ24ÿ4=,ÿFG>Hÿ
`ÿÿÿB,13,1ÿ0Iÿÿ0ÿ/,+.EB67.4,Bÿ4=,ÿ>CDÿE.+@,4ÿ.*/ÿB,*/Bÿ24ÿ<*ÿ.//1,BBÿ
`ÿÿÿBE.+,ÿJIÿ
`ÿÿÿÿK=,ÿ52*2565ÿ46E7,ÿ*,9<42.4,/ÿ32.ÿFG>HAÿ.*/ÿ6B,/ÿ;<1ÿ/,56742E7,L2*9ÿ
`ÿÿÿ2*+<52*9ÿ>CDÿ1,BE<*B,Bÿ;1<5ÿMÿ.4ÿ4=,ÿFG>HÿB,13,1ÿ0Aÿ2BNÿ
`ÿO<*4,*,91<ÿPÿJ<1,77.ÿÿÿÿÿÿÿÿÿÿDLE,125,*4.7ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿQH.9,ÿRSÿ
`FT?ÿUVWRÿÿÿÿÿÿÿÿÿÿÿFG>HÿG6EE<14ÿ;<1ÿD*/X4<X,*/ÿ>HB,+ÿÿÿÿÿÿÿÿ)+4<:,1ÿYWWVÿ
`ÿÿÿÿÿÿÿXÿÿ>CDÿ/,B42*.42<*ÿE<14ÿ*65:,1ÿ
`ÿÿÿÿÿÿÿXÿÿ>*242.4<1ÿ?<<@2,ÿ
`ÿÿÿÿÿÿÿXÿÿZ,B42*.42<*ÿ>Hÿ.//1,BBÿ
`ÿÿÿÿ)*,ÿE1<:7,5ÿB4277ÿ1,5.2*BNÿ=<[ÿ/<,BÿMÿ@*<[ÿ4=.4ÿ24ÿ2BÿB6EE<B,/ÿ4<ÿ
`ÿÿÿB,*/ÿE.+@,4Bÿ4<ÿ-ÿ32.ÿ0:\ÿMÿ2Bÿ*<4ÿFG>HX.[.1,Aÿ:64ÿ24ÿ2Bÿ/,;2*24,78ÿ
`ÿÿÿ>CDX.[.1,IÿÿMÿB,,Bÿ>CDÿE.+@,4Bÿ+<52*9ÿ;1<5ÿ.//1,BBÿ0:IÿÿK<ÿE1,3,*4ÿMÿ
`ÿÿÿ;1<5ÿ52B4.@,*78ÿ/,1232*9ÿ4=,ÿ2/,*4248ÿ<;ÿ24Bÿ>CDÿE,,1ÿ:.B,/ÿ<*ÿ4=,ÿ
`ÿÿÿB<61+,ÿ.//1,BBÿ<;ÿ4=,ÿE.+@,4Bÿ]0:^Aÿ-ÿO_GKÿ,L+=.*9,ÿ+72,*4ÿ
`ÿÿÿ2/,*42;2,1Bÿ[24=ÿMNÿ
`ÿÿÿÿÿÿÿXÿÿ>Z22Aÿ>Z21ÿ2;ÿ2*ÿH=.B,ÿVAÿ.*/ÿ
`ÿÿÿÿÿÿÿXÿÿ>Z+2Aÿ>Z+1ÿ2;ÿ2*ÿH=.B,ÿYIÿ
`ÿÿÿÿK=,ÿE1<E,1ÿ6B,ÿ<;ÿ2/,*42;2,1Bÿ.77<[Bÿ4=,ÿ+7,.1ÿB,E.1.42<*ÿ:,4[,,*ÿ
`ÿÿÿ4=<B,ÿ2/,*4242,Bÿ.*/ÿ4=,ÿB<61+,ÿ>Hÿ.//1,BBÿ<;ÿ4=,ÿE.+@,4BIÿ
`ÿ`Iÿ>HB,+ÿa.*/72*9ÿ.*/ÿZ,56742E7,L2*9ÿ
`ÿÿÿÿK=,ÿFG>Hÿ+72,*4ÿ-ÿ.*/ÿB,13,1ÿ0ÿ56B4ÿ.1123,ÿ.4ÿ.*ÿGH>ÿ3.76,ÿ4<ÿ/,*<4,ÿ
`ÿÿÿ4=,ÿ2*+<52*9ÿ>HB,+ÿB,+61248ÿ.BB<+2.42<*ÿ;1<5ÿMÿ4<ÿ-Iÿÿ)*+,ÿ0ÿ.*/ÿ-ÿ
`ÿÿÿ5.@,ÿB61,ÿ4=.4ÿ4=,ÿGH>ÿ2Bÿ6*2b6,ÿ[24=2*ÿ:<4=ÿ<;ÿ4=,21ÿGH>ÿBE.+,BAÿ-ÿ
`ÿÿÿ+<556*2+.4,Bÿ24Bÿ3.76,ÿ4<ÿMÿ.BÿE.14ÿ<;ÿ4=,ÿ>HB,+ÿB,+61248ÿ.BB<+2.42<*ÿ
`ÿÿÿ,B4.:72B=5,*4ÿE1<+,BBAÿ*.5,78Aÿc62+@ÿO</,ÿ2*ÿ>CDÿQ>CDSÿ<1ÿ5.*6.7ÿ
`ÿÿÿ.BB29*5,*4Iÿ
`ÿÿÿÿK=2Bÿ,*B61,Bÿ4=.4ÿMÿB,*/Bÿ>HB,+ÿE.+@,4Bÿ]E1<4<+<7Bÿ`Vÿ.*/ÿ`Wÿ;<1ÿdaÿ
`ÿÿÿ.*/ÿDGHAÿ1,BE,+423,78^ÿQC,*4ef.AC,*4ef:Sÿ4<ÿ-ÿ32.ÿ.//1,BBÿ0:ÿ6B2*9ÿ
`ÿÿÿ4=,ÿ*,9<42.4,/ÿGH>Iÿ
`ÿÿÿÿ>HB,+ÿE.+@,4Bÿ;1<5ÿMÿ/,B42*,/ÿ;<1ÿ-ÿ.1123,ÿ.4ÿFG>HÿB,13,1ÿ0IÿÿK=,8ÿ
`ÿÿÿ.1,ÿ/,56742E7,L,/ÿ:.B,/ÿ<*ÿ4=,ÿ;<77<[2*9ÿ52*2565ÿ46E7,ÿ<;ÿ
`ÿÿÿ/,56742E7,L2*9ÿ;2,7/BNÿ
`ÿÿÿÿÿÿÿXÿÿE1<4<+<7ÿ]`Wÿ<1ÿ`V^ÿ
`ÿÿÿÿÿÿÿXÿÿGH>ÿ
`ÿÿÿÿÿÿÿXÿÿ/,B42*.42<*ÿ>Hÿ.//1,BBÿ
`ÿÿÿÿ>;ÿ0ÿ2Bÿ.:7,ÿ4<ÿ;2*/ÿ.ÿ5.4+=2*9ÿ5.EE2*9Aÿ24ÿ46**,7Bÿ4=,ÿE.+@,4ÿ4<ÿ-ÿ
`ÿÿÿ.++<1/2*9ÿ4<ÿ4=,ÿ46**,72*9ÿ5</,ÿ2*ÿ,;;,+4Iÿÿ>;ÿ0ÿ+.**<4ÿ;2*/ÿ.*ÿ
`ÿÿÿ.EE1<E12.4,ÿ5.EE2*9Aÿ24ÿO_GKÿ/2B+.1/ÿ4=,ÿE.+@,4Iÿ
`ÿO<*4,*,91<ÿPÿJ<1,77.ÿÿÿÿÿÿÿÿÿÿDLE,125,*4.7ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿQH.9,ÿ`Sÿ
`FT?ÿUVWRÿÿÿÿÿÿÿÿÿÿÿFG>HÿG6EE<14ÿ;<1ÿD*/X4<X,*/ÿ>HB,+ÿÿÿÿÿÿÿÿ)+4<:,1ÿYWWVÿ
`ÿgIÿFG>HÿH1<4<+<7ÿDL4,*B2<*Bÿ
`ÿÿÿÿK=,ÿ*,L4ÿ4[<ÿB,+42<*BÿBE,+2;8ÿ=<[ÿ4=,ÿFG>HÿE1<4<+<7ÿQFG>HXHSÿ2Bÿ
`ÿÿÿ,L4,*/,/ÿ4<ÿB6EE<14ÿ:<4=ÿ>CDÿ].ÿ_ZHÿ.EE72+.42<*^ÿ.*/ÿ4=,ÿ>HB,+Xÿ
`ÿÿÿ/,;2*,/ÿdaÿ.*/ÿDGHÿ=,./,1Bÿ]7.8,1,/ÿ/21,+478ÿ<3,1ÿ>Hÿ[24=ÿ4=,21ÿ<[*ÿ
`ÿÿÿE1<4<+<7ÿ*65:,1B^Iÿ
`ÿÿÿÿ>;ÿ.ÿB,13,1ÿ25E7,5,*4BÿFG>HÿB6EE<14ÿ;<1ÿ>CDÿ.*/ÿ>HB,+ÿ.Bÿ/,;2*,/ÿ2*ÿ
`ÿÿÿ4=2Bÿ/<+65,*4Aÿ24ÿOdMÿ2*+76/,ÿ4=,ÿFG>HÿO,4=</ÿE.1.5,4,1ÿ;<1ÿFG>Hÿ[24=ÿ
`ÿÿÿ>HB,+ÿ2*ÿ4=,ÿFDh>GKDFiFDGH)0GDÿ5,4=</ÿB,*4ÿ4<ÿ4=,ÿ+72,*4IÿÿK=2Bÿ
`ÿÿÿ5,4=</ÿ2Bÿ.BB29*,/ÿ.ÿ3.76,ÿ<;ÿUNÿ
`ÿÿÿÿÿÿÿUÿÿÿFG>Hÿ[24=ÿ>HB,+ÿ]FG>HGD?^ÿ
`ÿÿÿÿ_*7,BBÿ<4=,1[2B,ÿBE,+2;2,/Aÿ1,b621,5,*4Bÿ<;ÿ52+1<ÿ.*/ÿ5.+1<ÿ;7<[Xÿ
`ÿÿÿ:.B,/ÿE<72+8ÿ.1,ÿ=.*/7,/ÿ.++<1/2*9ÿ4<ÿQFG>HXHSIÿ
`ÿgIVÿ>CDÿG6EE<14ÿ2*ÿFG>Hÿ
`ÿÿÿÿdBÿ/2B+6BB,/ÿ.:<3,Aÿ2;ÿ-jBÿ>HB,+ÿ25E7,5,*4.42<*ÿ.77<[Bÿ6B,ÿ<;ÿ.*ÿ
`ÿÿÿ,E=,5,1.7ÿB<61+,ÿE<14ÿ;<1ÿ>CDAÿ4=,*ÿ2*+<52*9ÿ>CDÿ41.;;2+ÿ+.*ÿ:,ÿ
`ÿÿÿ/,56742E7,L,/ÿ:8ÿ0ÿ:.B,/ÿ<*ÿ4=,ÿ/,B42*.42<*ÿ.//1,BBÿ.*/ÿE<14ÿ46E7,Iÿ
`ÿÿÿK=2Bÿ2Bÿ4=,ÿB25E7,B4ÿ.*/ÿ5<B4ÿ/,B21.:7,ÿ[.8ÿ<;ÿB6EE<142*9ÿ>CDAÿ.*/ÿ
`ÿÿÿ>HB,+ÿ25E7,5,*4.42<*Bÿ4=.4ÿ2*4,1.+4ÿ[24=ÿFG>HÿGa)_kZÿ.77<[ÿ24Iÿ
`ÿÿÿÿa<[,3,1Aÿ2;ÿ-ÿ56B4ÿ6B,ÿB<61+,ÿE<14ÿ`WWÿ;<1ÿ>CDAÿ4=,1,ÿ.1,ÿ4[<ÿ
`ÿÿÿ4,+=*2b6,Bÿ[24=ÿ[=2+=ÿ-ÿ.*/ÿ0ÿ+.*ÿ.1123,ÿ.4ÿ.ÿ5646.778ÿ6*2b6,ÿ
`ÿÿÿ>*242.4<1ÿ?<<@2,Iÿ
`ÿÿÿÿÿÿÿXÿÿK12.7ÿ.*/ÿ,11<1Iÿ
`  ! "   #!$%&'
`
` 
`
`0006
`
`

`

` ÿÿ

ÿ ÿ ÿÿ



ÿ
`  
`ÿÿÿÿÿÿÿ*ÿÿ+,-./01/0.2ÿ301ÿ12ÿ,4/,250.2ÿ.6ÿ/7,ÿ89:;ÿ<=./.>.?@ÿ
`ÿÿÿÿA7,ÿ/=01?ÿ12Bÿ,==.=ÿ/,>720CD,ÿ>.2505/5ÿ.6ÿEÿ60=5/ÿ.F/10202-ÿ=,5.D=>,5ÿ
`ÿÿÿG0/7ÿG70>7ÿ/.ÿD5,ÿ:;5,>ÿH301ÿI99:J+K8LMNL9AK89:;9LOPÿB,602,BÿF,?.GQPÿ
`ÿÿÿ12Bÿ/7,2ÿ=12B.R?Sÿ>7..502-ÿ12ÿ:20/01/.=ÿO..T0,ÿ12Bÿ/=125R0//02-ÿ/7,ÿ
`ÿÿÿ60=5/ÿ<1>T,/ÿ/.ÿU@ÿÿN<.2ÿ1==031?ÿ1/ÿ+Pÿ/7,ÿ89:;ÿ5,=3,=ÿ,41R02,5ÿ/7,ÿ
`ÿÿÿ:20/01/.=ÿO..T0,ÿ6.=ÿD20CD,2,55ÿ<,=ÿEV5ÿ1550-2,Bÿ1BB=,55ÿH+FQ@ÿÿ:6ÿ
`ÿÿÿ/7,ÿ>..T0,ÿ05ÿD20CD,Pÿ+ÿ1??.G5ÿ/7,ÿD5,ÿ.6ÿ/705ÿ>..T0,ÿ6.=ÿ/705ÿ12ÿ1??ÿ
`ÿÿÿ5DF5,CD,2/ÿ<1>T,/5ÿF,/G,,2ÿEÿ12BÿUÿ.2ÿ/705ÿ89:;ÿF02B02-@ÿÿ:6ÿ/7,ÿ
`ÿÿÿ>..T0,ÿ05ÿ2./ÿD20CD,Pÿ+ÿB=.<5ÿ/7,ÿ<1>T,/@ÿ
`ÿÿÿÿW7,2ÿ12ÿ:XLÿ<1>T,/ÿ05ÿB,/,=R02,Bÿ/.ÿF,ÿ?.5/Pÿ/7,ÿ:XLÿ>?0,2/ÿG0??ÿ
`ÿÿÿ1//,R</ÿ/.ÿ=,/=125R0/ÿ1/ÿ?,15/ÿ/7=,,ÿ/0R,5ÿY:XLZ@ÿÿI2ÿ89:;*1G1=,ÿ:XLÿ
`ÿÿÿ>?0,2/ÿ9[\N]^ÿD5,ÿB066,=,2/ÿ:20/01/.=ÿO..T0,5ÿ6.=ÿ,1>7ÿ.6ÿ/7,5,ÿ
`ÿÿÿ=,/=125R0550.25@ÿ
`ÿ_.2/,2,-=.ÿ`ÿa.=,??1ÿÿÿÿÿÿÿÿÿÿL4<,=0R,2/1?ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿY;1-,ÿbZÿ
`8cOÿdefgÿÿÿÿÿÿÿÿÿÿÿ89:;ÿ9D<<.=/ÿ6.=ÿL2B*/.*,2Bÿ:;5,>ÿÿÿÿÿÿÿÿ\>/.F,=ÿhffeÿ
`ÿÿÿÿA7,ÿ<=.F1F0?0/Sÿ.6ÿ12ÿ:20/01/.=ÿO..T0,ÿ>.??050.2ÿ1/ÿ+ÿ12Bÿ5DF5,CD,2/ÿ
`ÿÿÿ=,/=125R0550.25ÿFSÿEPÿ05ÿ026020/,50R1?ÿ-03,2ÿ/7,ÿbg*F0/ÿ>..T0,ÿ5<1>,@ÿ
`ÿÿÿI>>.=B02-ÿ/.ÿ/7,ÿF0=/7B1Sÿ<1=1B.4Pÿ02ÿ1ÿ<.<D?1/0.2ÿ.6ÿbgfÿR0??0.2ÿ
`ÿÿÿ89:;ÿ>?0,2/5ÿ-.02-ÿ/7=.D-7ÿ/7,ÿ51R,ÿ89:;ÿ5,=3,=Pÿ/7,ÿ>712>,5ÿ.6ÿ1ÿ
`ÿÿÿ60=5/ÿ>.??050.2ÿ05ÿiD5/ÿej@ÿÿA7D5Pÿ0/ÿ05ÿB,50=1F?,ÿ/.ÿD5,ÿ/7,ÿ/=01?ÿ
`ÿÿÿ12Bÿ,==.=ÿR,/7.Bÿ.3,=ÿ2,-./01/0.2Pÿ6.=ÿ/7,5,ÿ=,15.25kÿ
`ÿÿÿÿÿÿÿ*ÿÿ90R<?,=ÿ0R<?,R,2/1/0.2ÿ=,CD0=,R,2/5ÿ
`ÿÿÿÿÿÿÿ*ÿÿ:/ÿ05ÿ70-7?SÿD2?0T,?Sÿ/71/ÿR.=,ÿ/712ÿ.2,ÿ=.D2Bÿ/=0<ÿF,/G,,2ÿEÿ
`ÿÿÿÿÿÿÿÿÿ12Bÿ+ÿG0??ÿF,ÿ2,>,551=S@ÿ
`ÿb@hÿ:;5,>ÿ9D<<.=/ÿ02ÿ89:;ÿ
`ÿÿÿÿA705ÿ5,>/0.2ÿB,602,5ÿ/7,ÿ<=./.>.?ÿ,4/,250.25ÿ=,CD0=,Bÿ6.=ÿ89:;ÿ/.ÿ
`ÿÿÿ5D<<.=/ÿI[ÿ12BÿL9;@ÿÿA7,ÿ=,CD0=,BÿR,551-,ÿ/S<,5ÿ1=,ÿ
`ÿÿÿI99:J+K8LMNL9AK89:;9LOÿ12BÿI99:J+K8L9;\+9LK89:;9LOkÿ
`ÿÿÿÿI99:J+K8LMNL9AK89:;9LOÿ
`ÿÿÿÿÿÿÿA7,ÿI99:J+K8LMNL9AK89:;9LOÿR,551-,ÿ05ÿD5,BÿFSÿ12ÿ89:;ÿ>?0,2/ÿ/.ÿ
`ÿÿÿÿÿÿ=,CD,5/ÿ:;5,>ÿ<1=1R,/,=ÿ1550-2R,2/5@ÿÿI2ÿ89:;ÿ>?0,2/ÿ_N9Aÿ=,CD,5/ÿ
`ÿÿÿÿÿÿ12ÿ:;ÿ1BB=,55ÿ12Bÿ9;:5ÿ02ÿ.2,ÿR,551-,@ÿ
`ÿÿÿÿÿÿÿ:6ÿ/7,ÿ89:;ÿ>?0,2/ÿG057,5ÿ/.ÿD5,ÿ:;5,>ÿ/.ÿ<=./,>/ÿ1ÿAO;ÿ.=ÿN^;ÿ
`ÿÿÿÿÿÿ1<<?0>1/0.2Pÿ0/ÿ_N9AÿD5,ÿ/7,ÿ<.=/ÿ=12-,ÿ<1=1R,/,=ÿH5,,ÿI<<,2B04ÿ
`ÿÿÿÿÿÿIQ@ÿÿ\/7,=G05,Pÿ0/ÿ_N9Aÿ5,/ÿ/7,ÿ<.=/ÿ<1=1R,/,=5ÿ/.ÿ/7,ÿlB.2V/ÿ
`ÿÿÿÿÿÿ2,,Blÿ31?D,@ÿÿA705ÿ05ÿ1>>.R<?057,BÿFSÿ5,//02-ÿ/7,ÿ?,2-/7ÿ60,?Bÿ/.ÿ
`ÿÿÿÿÿÿfPÿ12BÿFSÿ.R0//02-ÿF./7ÿ/7,ÿ2DRF,=ÿ60,?Bÿ12Bÿ/7,ÿ<.=/ÿ60,?B@ÿÿA705ÿ
`ÿÿÿÿÿÿ026.=R5ÿ/7,ÿ5,=3,=ÿ/71/ÿ/7,ÿ>?0,2/ÿB.,5ÿ2./ÿ1>/D1??Sÿ2,,Bÿ12Sÿ<.=/ÿ
`ÿÿÿÿÿÿ1550-2R,2/5@ÿ
`ÿÿÿÿÿÿÿA7,ÿ>?0,2/ÿR1Sÿ020/01?0m,ÿ/7,ÿ9;:ÿ<1=1R,/,=ÿ/.ÿ/7,ÿlB.2V/ÿ>1=,lÿ
`ÿÿÿÿÿÿ31?D,ÿH5,,ÿF,?.GQ@ÿÿ:2ÿ/705ÿ>15,Pÿ0/ÿ05ÿ=,CD,5/02-ÿ/7,ÿ5,=3,=ÿ/.ÿ
`ÿÿÿÿÿÿ1550-2ÿ0/ÿ1ÿ31?0Bÿ9;:ÿ31?D,ÿ/.ÿD5,@ÿ
`ÿÿÿÿÿÿÿI?/,=21/03,?SPÿ/7,ÿ>?0,2/ÿR1Sÿ020/01?0m,ÿ/7,ÿ9;:ÿ<1=1R,/,=ÿ/.ÿ1ÿ
`ÿÿÿÿÿÿ31?D,ÿ0/ÿ>.250B,=5ÿ31?0B@ÿÿ:2ÿ/705ÿ>15,Pÿ0/ÿ05ÿ5D--,5/02-ÿ/71/ÿ
`ÿÿÿÿÿÿ31?D,ÿ/.ÿ/7,ÿ5,=3,=@ÿÿ\6ÿ>.D=5,Pÿ/7,ÿ5,=3,=ÿR1Sÿ>7..5,ÿ/.ÿ=,i,>/ÿ
`ÿÿÿÿÿÿ/71/ÿ5D--,5/0.2ÿ12Bÿ=,/D=2ÿ12ÿ1<<=.<=01/,ÿ,==.=ÿR,551-,@ÿ
`ÿ_.2/,2,-=.ÿ`ÿa.=,??1ÿÿÿÿÿÿÿÿÿÿL4<,=0R,2/1?ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿY;1-,ÿnZÿ
`8cOÿdefgÿÿÿÿÿÿÿÿÿÿÿ89:;ÿ9D<<.=/ÿ6.=ÿL2B*/.*,2Bÿ:;5,>ÿÿÿÿÿÿÿÿ\>/.F,=ÿhffeÿ
`ÿÿÿÿÿÿÿA7,ÿ6.=R1/ÿ.6ÿ/705ÿR,551-,ÿ05kÿ
`ÿÿÿÿÿÿÿoI99:J+K8LMNL9AK89:;9LOpÿkkqÿor,=50.2pÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿo_,551-,ÿAS<,pÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿo\3,=1??ÿ],2-/7pÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿoO?0,2/ÿ:^pÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿoIBB=,55ÿH?.>1?Qpÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿo;.=/5ÿH?.>1?Qpÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿoIBB=,55ÿH=,R./,Qpÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿo;.=/5ÿH=,R./,Qpÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿo9;:pÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿY_,551-,ÿO.D2/,=Zÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿY],15,ÿA0R,Zÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿYAD22,?ÿAS<,Zÿ
`ÿÿÿÿÿÿÿA7,ÿ6.??.G02-ÿR,551-,*5<,>060>ÿ,==.=ÿ>.2B0/0.25ÿ,405/@ÿÿA7,ÿ,==.=ÿ
`ÿÿÿÿÿÿF,7130.=ÿ.6ÿI99:J+K8LMNL9AK89:;K:;9LOÿ6.??.G5ÿ/71/ÿ.6ÿ
`ÿÿÿÿÿÿI99:J+K8LMNL9AK89I;*:;ÿ6.=ÿ1??ÿ2.2*:;5,>ÿ,==.=5@ÿ
`ÿÿÿÿÿÿÿ*ÿÿ:6ÿ/7,ÿ>?0,2/ÿ05ÿ2./ÿ1??.G,Bÿ/.ÿD5,ÿ:;5,>ÿ/7=.D-7ÿ/7,ÿ5,=3,=Pÿ
`ÿÿÿÿÿÿÿÿÿ/7,ÿ5,=3,=ÿ_N9Aÿ=,5<.2BÿG0/7ÿ12ÿL88\8K8L9;\+9Lÿ>.2/10202-ÿ/7,ÿ
`ÿÿÿÿÿÿÿÿÿ:;9LOKN+I]]\WL^ÿ<1=1R,/,=@ÿ
`ÿÿÿÿÿÿÿ*ÿÿ:6ÿ/7,ÿ9;:ÿ<1=1R,/,=ÿ05ÿ1ÿlB.2V/ÿ>1=,lÿ31?D,ÿ12Bÿ/7,ÿ89:;ÿ
`ÿÿÿÿÿÿÿÿÿ5,=3,=ÿ>122./ÿ1??.>1/,ÿI+Uÿ9;:5Pÿ/7,ÿ89:;ÿ5,=3,=ÿ_N9Aÿ=,5<.2Bÿ
`ÿÿÿÿÿÿÿÿÿG0/7ÿ12ÿL88\8K8L9;\+9Lÿ>.2/10202-ÿ/7,ÿ:;9LOK9;:KN+IrI:]Ia]Lÿ
`ÿÿÿÿÿÿÿÿÿ,==.=@ÿ
`  ! "   #!$%&'
`
`( 
`
`0007
`
`

`

`3/17/2019
`
`RFC 3104 - RSIP Support for End-to-end IPsec
`
`—
`
`If an SPI parameter is not a "don't care" value and the RSIP
`server cannot allocate it because the requested address and SPI
`tuple is in use,
`the RSIP server MUST respond with an
`ERROR_RESPONSE containing the IPSEC_SPI_INUSE error.
`
`ASSIGN_RESPONSE_RSIPSEC
`
`The ASSIGN_RESPONSE_RSIPSEC message is used by an RSIP server to
`assign parameters to an IPsec—enabled RSIP client.
`
`Experimental
`Montenegro & Borella
`RFC 3104
`RSIP Support for End—to—end IPsec
`
`[Page 8]
`October 2001
`
`The format of this message is:
`
`If the port parameters were set to the "don't need" value in the
`request (see above),
`the RSIP server must do the same in the
`response.
`
`Additionally, RSIP support for IPsec requires the following new
`parameter:
`
`SPI
`
`<ASSIGN_RESPONSE_RSIPSEC> ::= <Version>
`<Message Type>
`<0verall Length>
`<Client ID>
`<Bind ID>
`<Address (local)>
`<Ports (local)>
`<Address (remote)>
`<Ports (remote)>
`<SPI>
`<Lease Time>
`<Tunnel Type>
`[Address (tunnel endpoint)]
`[Message Counter]
`
` ÿÿ

ÿ ÿ ÿÿ



ÿ
`  
`ÿÿÿÿÿÿÿ*ÿÿ+,ÿ-.ÿ/0+ÿ1-2-34542ÿ67ÿ.85ÿ-ÿ9:8.;5ÿ<-249ÿ=->?4ÿ-.:ÿ5@4ÿA/+0ÿ
`ÿÿÿÿÿÿÿÿÿ742=42ÿ<-..85ÿ->>8<-54ÿ65ÿB4<-?74ÿ5@4ÿ24C?4754:ÿ-::2477ÿ-.:ÿ/0+ÿ
`ÿÿÿÿÿÿÿÿÿ5?1>4ÿ67ÿ6.ÿ?74Dÿ5@4ÿA/+0ÿ742=42ÿEF/Gÿ24718.:ÿH65@ÿ-.ÿ
`ÿÿÿÿÿÿÿÿÿIAAJAKAI/0JL/Iÿ<8.5-6.6.Mÿ5@4ÿ+0/INK/0+K+LF/Iÿ42282Oÿ
`ÿÿÿÿP//+QLKAI/0JL/IKA/+0/INÿ
`ÿÿÿÿÿÿÿG@4ÿP//+QLKAI/0JL/IKA/+0/INÿ3477-M4ÿ67ÿ?74:ÿBRÿ-.ÿA/+0ÿ742=42ÿ58ÿ
`ÿÿÿÿÿÿ-776M.ÿ1-2-345427ÿ58ÿ-.ÿ+074<*4.-B>4:ÿA/+0ÿ<>64.5Oÿ
`ÿE8.54.4M28ÿSÿT824>>-ÿÿÿÿÿÿÿÿÿÿIU142634.5->ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿV0-M4ÿWXÿ
`AYNÿZ[\]ÿÿÿÿÿÿÿÿÿÿÿA/+0ÿ/?11825ÿ,82ÿI.:*58*4.:ÿ+074<ÿÿÿÿÿÿÿÿJ<58B42ÿ^\\[ÿ
`ÿÿÿÿÿÿÿG@4ÿ,823-5ÿ8,ÿ5@67ÿ3477-M4ÿ67_ÿ
`ÿÿÿÿÿÿÿ`P//+QLKAI/0JL/IKA/+0/INaÿ__bÿ`c42768.aÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ`E477-M4ÿGR14aÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ`J=42->>ÿd4.M5@aÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ`N>64.5ÿ+eaÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ`T6.:ÿ+eaÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ`P::2477ÿf>8<->gaÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ`08257ÿf>8<->gaÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ`P::2477ÿf243854gaÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ`08257ÿf243854gaÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ`/0+aÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ`d4-74ÿG634aÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ`G?..4>ÿGR14aÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿVP::2477ÿf5?..4>ÿ4.:186.5gXÿ
`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿVE477-M4ÿN8?.542Xÿ
`ÿÿÿÿÿÿÿ+,ÿ5@4ÿ1825ÿ1-2-345427ÿH424ÿ745ÿ58ÿ5@4ÿ9:8.;5ÿ.44:9ÿ=->?4ÿ6.ÿ5@4ÿ
`ÿÿÿÿÿÿ24C?475ÿf744ÿ-B8=4gDÿ5@4ÿA/+0ÿ742=42ÿ3?75ÿ:8ÿ5@4ÿ7-34ÿ6.ÿ5@4ÿ
`ÿÿÿÿÿÿ24718.74Oÿ
`ÿÿÿÿP::6568.->>RDÿA/+0ÿ7?11825ÿ,82ÿ+074<ÿ24C?6247ÿ5@4ÿ,8>>8H6.Mÿ.4Hÿ
`ÿÿÿ1-2-34542_ÿ
`ÿÿÿÿ/0+ÿ
`ÿÿÿÿÿÿÿÿN8:4ÿÿÿd4.M5@ÿÿÿÿL?3B42ÿÿÿÿ/0+ÿÿÿÿÿÿÿÿÿÿÿÿÿ/0+ÿ
`ÿÿÿÿÿÿh******h********h*********h*********hÿÿÿÿÿh*********hÿ
`ÿÿÿÿÿÿiÿÿ^^ÿÿiÿÿÿÿ^ÿÿÿiÿ^ÿBR547ÿiÿ]ÿBR547ÿiÿOOOÿiÿ]ÿBR547ÿiÿ
`ÿÿÿÿÿÿh******h********h*********h*********hÿÿÿÿÿh*********hÿ
`ÿÿÿÿ/4.5ÿBRÿ5@4ÿA/+0ÿ<>64.5ÿ6.ÿP//+QLKAIjFI/GKA/+0/INÿ3477-M47ÿ58ÿ-7kÿ,82ÿ
`ÿÿÿ-ÿ1-256<?>-2ÿ.?3B42ÿ8,ÿ/0+7ÿ58ÿB4ÿ-776M.4:OÿÿP>78ÿ74.5ÿBRÿ5@4ÿA/+0ÿ
`ÿÿÿ742=42ÿ58ÿ5@4