Return to ikepaper.ps CVS log

Up to [local] / www / papers

The IKE-paper presented at Usenix 2K

%!PS-Adobe-2.0
%%Creator: dvips(k) 5.86 Copyright 1999 Radical Eye Software
%%Title: ikepaper.dvi
%%Pages: 14
%%PageOrder: Ascend
%%BoundingBox: 0 0 596 842
%%EndComments
%DVIPSWebPage: (www.radicaleye.com)
%DVIPSCommandLine: dvips -o ikepaper.ps ikepaper.dvi
%DVIPSParameters: dpi=600, compressed
%DVIPSSource:  TeX output 2000.08.01:1530
%%BeginProcSet: texc.pro
%!
/TeXDict 300 dict def TeXDict begin/N{def}def/B{bind def}N/S{exch}N/X{S
N}B/A{dup}B/TR{translate}N/isls false N/vsize 11 72 mul N/hsize 8.5 72
mul N/landplus90{false}def/@rigin{isls{[0 landplus90{1 -1}{-1 1}ifelse 0
0 0]concat}if 72 Resolution div 72 VResolution div neg scale isls{
landplus90{VResolution 72 div vsize mul 0 exch}{Resolution -72 div hsize
mul 0}ifelse TR}if Resolution VResolution vsize -72 div 1 add mul TR[
matrix currentmatrix{A A round sub abs 0.00001 lt{round}if}forall round
exch round exch]setmatrix}N/@landscape{/isls true N}B/@manualfeed{
statusdict/manualfeed true put}B/@copies{/#copies X}B/FMat[1 0 0 -1 0 0]
N/FBB[0 0 0 0]N/nn 0 N/IEn 0 N/ctr 0 N/df-tail{/nn 8 dict N nn begin
/FontType 3 N/FontMatrix fntrx N/FontBBox FBB N string/base X array
/BitMaps X/BuildChar{CharBuilder}N/Encoding IEn N end A{/foo setfont}2
array copy cvx N load 0 nn put/ctr 0 N[}B/sf 0 N/df{/sf 1 N/fntrx FMat N
df-tail}B/dfs{div/sf X/fntrx[sf 0 0 sf neg 0 0]N df-tail}B/E{pop nn A
definefont setfont}B/Cw{Cd A length 5 sub get}B/Ch{Cd A length 4 sub get
}B/Cx{128 Cd A length 3 sub get sub}B/Cy{Cd A length 2 sub get 127 sub}
B/Cdx{Cd A length 1 sub get}B/Ci{Cd A type/stringtype ne{ctr get/ctr ctr
1 add N}if}B/id 0 N/rw 0 N/rc 0 N/gp 0 N/cp 0 N/G 0 N/CharBuilder{save 3
1 roll S A/base get 2 index get S/BitMaps get S get/Cd X pop/ctr 0 N Cdx
0 Cx Cy Ch sub Cx Cw add Cy setcachedevice Cw Ch true[1 0 0 -1 -.1 Cx
sub Cy .1 sub]/id Ci N/rw Cw 7 add 8 idiv string N/rc 0 N/gp 0 N/cp 0 N{
rc 0 ne{rc 1 sub/rc X rw}{G}ifelse}imagemask restore}B/G{{id gp get/gp
gp 1 add N A 18 mod S 18 idiv pl S get exec}loop}B/adv{cp add/cp X}B
/chg{rw cp id gp 4 index getinterval putinterval A gp add/gp X adv}B/nd{
/cp 0 N rw exit}B/lsh{rw cp 2 copy get A 0 eq{pop 1}{A 255 eq{pop 254}{
A A add 255 and S 1 and or}ifelse}ifelse put 1 adv}B/rsh{rw cp 2 copy
get A 0 eq{pop 128}{A 255 eq{pop 127}{A 2 idiv S 128 and or}ifelse}
ifelse put 1 adv}B/clr{rw cp 2 index string putinterval adv}B/set{rw cp
fillstr 0 4 index getinterval putinterval adv}B/fillstr 18 string 0 1 17
{2 copy 255 put pop}for N/pl[{adv 1 chg}{adv 1 chg nd}{1 add chg}{1 add
chg nd}{adv lsh}{adv lsh nd}{adv rsh}{adv rsh nd}{1 add adv}{/rc X nd}{
1 add set}{1 add clr}{adv 2 chg}{adv 2 chg nd}{pop nd}]A{bind pop}
forall N/D{/cc X A type/stringtype ne{]}if nn/base get cc ctr put nn
/BitMaps get S ctr S sf 1 ne{A A length 1 sub A 2 index S get sf div put
}if put/ctr ctr 1 add N}B/I{cc 1 add D}B/bop{userdict/bop-hook known{
bop-hook}if/SI save N @rigin 0 0 moveto/V matrix currentmatrix A 1 get A
mul exch 0 get A mul add .99 lt{/QV}{/RV}ifelse load def pop pop}N/eop{
SI restore userdict/eop-hook known{eop-hook}if showpage}N/@start{
userdict/start-hook known{start-hook}if pop/VResolution X/Resolution X
1000 div/DVImag X/IEn 256 array N 2 string 0 1 255{IEn S A 360 add 36 4
index cvrs cvn put}for pop 65781.76 div/vsize X 65781.76 div/hsize X}N
/p{show}N/RMat[1 0 0 -1 0 0]N/BDot 260 string N/Rx 0 N/Ry 0 N/V{}B/RV/v{
/Ry X/Rx X V}B statusdict begin/product where{pop false[(Display)(NeXT)
(LaserWriter 16/600)]{A length product length le{A length product exch 0
exch getinterval eq{pop true exit}if}{pop}ifelse}forall}{false}ifelse
end{{gsave TR -.1 .1 TR 1 1 scale Rx Ry false RMat{BDot}imagemask
grestore}}{{gsave TR -.1 .1 TR Rx Ry scale 1 1 false RMat{BDot}
imagemask grestore}}ifelse B/QV{gsave newpath transform round exch round
exch itransform moveto Rx 0 rlineto 0 Ry neg rlineto Rx neg 0 rlineto
fill grestore}B/a{moveto}B/delta 0 N/tail{A/delta X 0 rmoveto}B/M{S p
delta add tail}B/b{S p tail}B/c{-4 M}B/d{-3 M}B/e{-2 M}B/f{-1 M}B/g{0 M}
B/h{1 M}B/i{2 M}B/j{3 M}B/k{4 M}B/w{0 rmoveto}B/l{p -4 w}B/m{p -3 w}B/n{
p -2 w}B/o{p -1 w}B/q{p 1 w}B/r{p 2 w}B/s{p 3 w}B/t{p 4 w}B/x{0 S
rmoveto}B/y{3 2 roll p a}B/bos{/SS save N}B/eos{SS restore}B end

%%EndProcSet
TeXDict begin 39158280 55380996 1000 600 600 (ikepaper.dvi)
@start
%DVIPSBitmapFont: Fa cmti9 9 51
/Fa 51 122 df<EA0380EA0FE0121FA5EA0760120013E013C0A2120113801203EA070012
06120E5A5A5A5A5A0B176FB318>39 D<1560EC01E0EC03C0EC0700140E5C143C5C5C495A
495A13075C49C7FC5B131E5B137C137813F85B12015B12035B1207A25B120FA290C8FC5A
A2121E123EA3123C127CA31278A212F8A35AAF12701278A21238A2123C121CA27EA27E6C
7E12011B4A75B71F>I<14301438A28080A2140F801580A2140315C0A4140115E0A81403
A415C0A31407A31580140FA315005CA3141E143EA2143C147CA25CA25C13015C13035C13
075C130F91C7FC131E133E133C5B5B485AA2485A485A48C8FC121E5A12705A5A1B4A7EB7
1F>I<EA0380EA0FE0121FA5EA0760120013E013C0A2120113801203EA07001206120E5A
5A5A5A5A0B177A8718>44 D<B51280A46C1300110579911B>I<121C127F12FFA412FE12
380808778718>I<EC1FC0EC7FF0903801E0F8903807C03CEB0F00011E131E133E013C13
1F5B13F85B1201A2485AA20007143F5BA2120F153E49137E121FA348C712FCA4007EEB01
F8A4007CEB03F012FCA2EC07E0A24814C0A2EC0F80A2EC1F00A2141E5C0078137C5C387C
01F0383C03E0381F0F80D80FFEC7FCEA03F8203477B127>48 D<EC01801403A21407140F
EC1F005C14FF5BEB1FFEEB7FBEEB7E7E1320EB007CA214FCA25CA21301A25CA21303A25C
A21307A25CA2130FA25CA2131FA291C7FCA25BA2133EA2137EA2137C13FCB512FCA31932
77B127>I<010614C090380FC00F91B51280160015FC4913F015C0D91CFEC7FC91C8FC13
3C1338A313781370A313F0EBE0FE9038E3FF809038EF03C03901FC01E001F87FEBF00049
7F485A5BC8FCA41401A4003C130300FC5CA34A5A5A00E0495AA24A5A4AC7FC6C137E0070
5B387801F8383E07F0381FFFC06C90C8FCEA03F8223478B127>53
D<D9E0F81338EBE3FC2601EFFE137801FF14F048EC01E09038FE0E03D807F814C09039F0
060F80390FC0071F90398003FF00391F0001EF001EEB001E003E5C123C485C15F8485C48
13015DC712034A5AA24A5AA2141F92C7FC5C143E147EA25CA2495AA3495AA213075CA213
0F5CA2131FA25C133FA391C8FCA2131C253476B127>55 D<EC0FC0EC7FF0ECFFFC903803
F07E903807C03E49487EEB1F00013E7F017E14805BA2485AA2485A151FA212075BA2ED3F
00A2485A5DA2000714FEA21401140300035CEBE0070001131E3900F039F8EB7FF1EB0FC1
90380003F0A24A5AA25D4A5A141F003891C7FC007E133E00FE137E5C48485A48485A4848
5A38781F80D87FFFC8FCEA1FFCEA07E0213478B127>57 D<1370EA01FC1203A413F8EA00
E01300B0121C127F5AA45A12380E20779F18>I<130EEB3F80137FA41400131C90C7FCB0
EA0380EA0FC0487EA45B1207120012015BA2120390C7FC5A1206120E5A5A123012705A5A
112F7A9F18>I<161C163CA2167C16FCA21501821503A2ED077E150F150E151CA21538A2
157015F015E0EC01C0A2913803807F82EC0700A2140E141E141C5CA25CA25C49B6FCA25B
913880003F49C7EA1F80A2130E131E131C133C13385B13F05B12011203D80FF0EC3FC0D8
FFFE903807FFFEA32F367BB539>65 D<DB1FF013C09238FFFC010203EBFF03913A0FF00F
878091393F8003CF9139FE0001EF4948EB00FFD903F01500D90FE080495A49488091C812
3E137E13FE485A4848153CA2485AA248481538A2485A94C7FC123F5BA3127F90CBFCA412
FEA2EE03C0A25F127E160794C7FC5E160E007F151E6C5D5E6C6C147016F06C6C495A6C6C
EB07C06C6C49C8FC6C6C133E6CB413FC90387FFFF0011F13C0D903FEC9FC323775B437>
67 D<0107B612C04915F017FC903A003F8001FEEE007FEF1F8092C7EA0FC0EF07E05CEF
03F0147E170102FE15F8A25CA21301A25CA2130317035CA2130718F04A1407A2130F18E0
4A140F18C0011F151F18805CEF3F00133F177E91C85AA2494A5A4C5A017E4A5A4C5A01FE
4A5A047EC7FC49495A0001EC0FF8007FB612E0B7C8FC15F835337BB23A>I<0107B712F0
5B18E0903A003F80001F1707170392C7FC17015C18C0147EA214FEA24A130EA20101EC1E
03041C13804A91C7FC163C13035E9138F001F891B5FC5B5EECE0011500130F5E5C170701
1F01015BEEC00E0280141E92C7121C133F173C91C812381778495DA2017E14014C5A01FE
14074C5A49141F00014AB45A007FB7FCB8FC94C7FC34337CB234>I<0107B712E05B18C0
903A003F80003F170F170792C7FC17035C1880147EA214FEA25C161C0101EC3C07043813
004A91C7FCA20103147816704A13F0150349B5FCA25EECE003130F6F5A14C0A2011F1303
5E1480A2013F90C9FCA291CAFCA25BA2137EA213FEA25B1201387FFFFCB5FCA233337CB2
32>I<92391FE001809238FFF8030207EBFE07913A1FF01F0F0091393F80079F9139FE00
03DFD901F86DB4FCD907F05C49481300495A4948147E49C8127C137E13FE485A48481578
A2485AA248481570A2485A94C7FC123F5BA3127F90CBFCA400FE91383FFFFCA25F923800
3F8094C7FCA2007E5DA2167EA2007F15FE7E5E6C6C1301A26C6C495A6D13076C6CEB0F78
6C6C133E3A00FF01FC3090387FFFF0011F01C0C8FCD903FEC9FC313775B43B>I<010FB5
1280A216009038003FC05DA292C7FCA25CA2147EA214FEA25CA21301A25CA21303A25CA2
1307A25CA2130FA25CA2131FA25CA2133FA291C8FCA25BA2137EA213FEA25B1201B512F8
A25C21337BB21E>73 D<0107B512C05BA29026003FC0C7FC5DA292C8FCA25CA2147EA214
FEA25CA21301A25CA21303A25CA21307A25CA2130FA25C17E0011F140117C05C1603013F
1580160791C7FCEE0F005B5E017E143EA201FE5CED01FC4913030001EC1FF8007FB6FCB7
FC5E2B337CB230>76 D<902607FF8090383FFFC0496D5BA2D9001F913803F8004A6C6D5A
6060EC3BF0027B140360EC71F8A202F11407DAF0FC91C7FC14E0A20101017E5B170E14C0
810103151EEE801CEC801FA20107ECC03C030F1338140016E049010713781770010E14F0
1503011E15F0705A011C1301A2013C14FD03005B133816FF0178147F5F0170143FA213F0
70C8FC1201EA07F8267FFF807FB5140EA23A337BB239>78 D<0107B612C04915F883903A
003F8001FEEE003FEF1F8092C713C0170F5C18E0147EA214FEEF1FC05CA201011680173F
4A1500177E010315FE5F4AEB03F8EE07E00107EC3FC091B6C7FC16F802E0C9FC130FA25C
A2131FA25CA2133FA291CAFCA25BA2137EA213FEA25B1201387FFFF0B5FCA233337CB234
>80 D<913901FC018091380FFF03023F13C791387E07EF903A01F801FF0049487E4A7F49
5A4948133E131F91C7FC5B013E143CA3137E1638A293C7FC137FA26D7E14E014FE90381F
FFC06D13F86D7F01017F6D6C7E020F7F1400153F6F7E150FA4120EA2001E5D121CA2151F
003C92C7FCA2003E143E5D127E007F5C6D485A9038C007E039F3F80FC000F0B5C8FC38E0
3FFC38C00FF029377AB42B>83 D<0003B812C05A1880903AF800FC003F260FC001141F01
80150F01005B001EEE07001403121C003C4A5BA200380107140E127800705CA2020F141E
00F0161CC74990C7FCA2141FA25DA2143FA292C9FCA25CA2147EA214FEA25CA21301A25C
A21303A25CA21307A25C497E001FB512F05AA2323374B237>I<3B3FFFF801FFFE485CA2
D801FEC7EA1FC049EC0F80170049140EA2161E120349141CA2163C1207491438A2167812
0F491470A216F0121F495CA21501123F90C75BA215035A007E5DA2150712FE4892C7FCA2
5D150E48141E151C153C153815786C5C5D007C1301007E495A003EEB0F806C011EC8FC38
0FC0FC6CB45A000113E06C6CC9FC2F3570B239>I<B53CC03FFFF003FFF8601480280FF0
0001FCC7EA7F806C484AEC3E00193CA219386115036115074E5A030F140361031D4AC7FC
A2DB38FC130EA203705C15F06C6C01E05C140103C05CDA038014F060DA0700130160020E
4A5AA24A4AC8FCA24A140E147802705C5C5FD9F1C014781770D9F3805CA201F7C7EA7FC0
A201FE5DA26C4892C9FCA249147E5B167C5B1678491470453570B24D>87
D<902607FFFE90387FFFC0A39026001FF090380FF80003C014C0020F5D6F91C7FC020714
1E6F5B5F02035C6F485A02015C6F485A4CC8FC0200130EEDFE1EED7E3C5EED7FF06F5A5E
5E151F82A24B7E157F1577EDE7F0EC01C7EC038302077FEC0F01021E7F143CEC38004A7F
4A137E495A0103147F49487F49C77F131E49141F017C8113FC00074B7EB5D88003B57EA2
95C7FC3A337CB239>I<EB03F0EB0FF890383E1C6090387C0FF0EBF807EA01F0EA03E000
07EB03E0EA0FC0A2381F800715C0EA3F00A2140F481480127EA2141F00FE14005A1506EC
3F07EC3E0F150E147E007C141EECFE1CEB01FCD83C03133C393E07BE38391F0E1E783907
FC0FF03901F003C0202278A027>97 D<137EEA0FFE121F5B1200A35BA21201A25BA21203
A25BA21207A2EBC3E0EBCFF8380FDC3EEBF81F497E01E01380EA1FC0138015C013005AA2
123EA2007E131F1580127CA2143F00FC14005AA2147EA25CA2387801F85C495A6C485A49
5A6C48C7FCEA0FFCEA03F01A3578B323>I<14FCEB07FF90381F078090383E03C0EBFC01
3801F8033803F0073807E00F13C0120F391F80070091C7FC48C8FCA35A127EA312FE5AA4
007C14C0EC01E0A2EC03C06CEB0F80EC1F006C137C380F81F03803FFC0C648C7FC1B2278
A023>I<ED0FC0EC03FFA21680EC001FA31600A25DA2153EA2157EA2157CA215FCA29038
03F0F8EB0FF8EB3E1DEB7C0F496C5AEA01F0EA03E000071303D80FC05BA2381F8007A2D8
3F005BA2140F5A007E5CA2141F12FE4891C7FC1506EC3F075DEC3E0E147E007C141EECFE
1CEB01FCD83C03133C393E07BE38391F0E1E783907FC0FF03901F003C0223578B327>I<
EB03F8EB0FFEEB3E0F9038F807803801F003EA03E0EA07C0120FEA1F801407D83F001300
5C007E133EEB03F8387FFFE04848C7FC00FCC8FCA45AA4EC0180EC03C0A2007CEB0780EC
1F00003C133E6C13F8380F03E03807FF80D801FCC7FC1A2277A023>I<151FED7FC0EDF0
E0020113F0EC03E3A2EC07C316E0EDC1C091380FC0005DA4141F92C7FCA45C143E90381F
FFFEA3D9007EC7FC147CA414FC5CA513015CA413035CA413075CA3130FA25CA3131F91C8
FCA35B133E1238EA7E3CA2EAFE7812FC485AEA78E0EA3FC0000FC9FC244582B418>I<14
3FECFF80903803E1E6903807C0FF90380F807FEB1F00133E017E133F49133EA24848137E
A24848137CA215FC12074913F8A21401A2D80FC013F0A21403120715E01407140F141F39
03E03FC00001137FEBF0FF38007FCF90381F0F801300141FA21500A25C143E1238007E13
7E5C00FE5B48485A387803E0387C0F80D81FFFC7FCEA07F820317CA023>I<EB0FC0EA03
FFA25CEA001FA391C8FCA25BA2133EA2137EA2137CA213FCA29038F83F80ECFFE03901FB
E0F09038FF80F8EC007849137C485A5B5BA2484813FC5D5BA2000F13015D1380A2001F13
035DEB0007EDC0C048ECC1E0020F13C0003E1481A2007E1483ED0380007C1407160000FC
140E151E48EB07F80070EB01F023357BB327>I<EB0180EB07E0A2130FEB07C0EB038090
C7FCABEA01F0EA03FCEA0F1E120E121C123C1238EA783E1270A2137EEAF07CEA60FCC65A
A212015BA212035BA2000713C0EBC1E0000F13C01381A21383EB038013071400130E131E
EA07F8EA01F013337AB118>I<EB0FC0EA01FF5A5CEA001FA391C7FCA25BA2133EA2137E
A2137CA213FCA2491378EC01FE0001EB078FEC0E0F9038F01C3F143800031370ECE03E90
38E1C01C9038E38000D807E7C7FC13EE5B13F8120F13FFEB9FC0EB83F0EA1F81EB80F813
00150C48141E151C123EA2007E143C1538127C157800FCEB787015E048EB3FC00070EB0F
8020357BB323>107 D<133FEA07FF5A13FEEA007EA3137CA213FCA213F8A21201A213F0
A21203A213E0A21207A213C0A2120FA21380A2121FA21300A25AA2123EA2127EA2127C13
18EAFC1C133CEAF838A21378137012F013F0EAF8E01279EA3FC0EA0F00103579B314>I<
2703C003F8137F3C0FF00FFE01FFC03C1E783C1F07C1E03C1C7CF00F8F01F03B3C3DE007
9E0026383FC001FC7FD97F805B007001005B5E137ED8F0FC90380FC00100E05FD860F814
8012000001021F130360491400A200034A13076049013E130FF081800007027EEC83C005
1F138049017C1403A2000F02FC1407053E130049495CEF1E0E001F01015D183C010049EB
0FF0000E6D48EB03E03A227AA03F>I<3903C007F0390FF01FFC391E787C1E391C7CF01F
393C3DE00F26383FC01380EB7F8000781300EA707EA2D8F0FC131F00E01500EA60F81200
00015C153E5BA20003147E157C4913FCEDF8180007153C0201133801C013F0A2000F1578
EDE070018014F016E0001FECE1C015E390C7EAFF00000E143E26227AA02B>I<14FCEB07
FF90381F07C090383E03E09038FC01F0EA01F83903F000F8485A5B120F484813FCA248C7
FCA214014814F8127EA2140300FE14F05AA2EC07E0A2007CEB0FC01580141FEC3F006C13
7E5C381F01F0380F83E03803FF80D800FCC7FC1E2278A027>I<011E137C90387F81FF90
39F3C387C09039E3EF03E03901E1FE01D9C1FC13F0EBC3F8000313F0018314F814E0EA07
871307000313C01200010F130316F01480A2011F130716E01400A249EB0FC0A2013EEB1F
80A2017EEB3F00017F133E5D5D9038FF81F09038FDC3E09038F8FF80027EC7FC000190C8
FCA25BA21203A25BA21207A25BB5FCA325307FA027>I<3903C00FC0390FF03FF0391E78
F078391C7DE03C393C3FC0FC00381380EB7F00007814F8D8707E13701500EAF0FC12E0EA
60F812001201A25BA21203A25BA21207A25BA2120FA25BA2121FA290C8FC120E1E227AA0
20>114 D<EB03F0EB1FFCEB3C1EEB780FEBF007EA01E0140F0003131F13C0A2EBE00414
007FEBFF8014E06C13F06C13F8EB7FFC1307EB00FE147E143E123800FC133CA3147C00F0
13784813F0EAF001387803E0383C0F80381FFE00EA03F818227AA01F>I<1303EB0F80A3
131FA21400A25BA2133EA2137EA2137C387FFFF8A2B5FC3800F800A21201A25BA21203A2
5BA21207A25BA2120FA25B1460001F13F014E01300130114C01303001E1380EB07005BEA
0F1EEA07F8EA01E015307AAE19>I<EA01F0D803FC1307D80F1E5B000E5C121C123C0038
5CD8783E133E1270A2017E137ED8F07C137CEA60FCC65A15FC00015C5BA2140100035C13
E0166002031370EDE0F0D807C014E0A20003EB07E116C09038E00FC1EC1FC3000190383F
E3809038F071E73A007FE0FF0090381F803C24227AA029>I<01F01338D803FC13FCEA0F
1E120E121C123C0038147CEA783E0070143CA2137ED8F07C1338EA60FCC65A1578000114
705BA215F0000314E05BA2EC01C0A2EBC003158014071500EBE00EA26C6C5A3800F878EB
7FE0EB1F801E227AA023>I<D801F01538D803FC010E13FCD80F1E131E000E143E121C12
3C0038027E137CD8783E137C0070163CA2017E13FCD8F07C491338EA60FCC65A02011478
00014A137013F0A2020314F0000316E001E05BA2160117C001C013C00207EB0380A29039
E00FE0071700021F130E3A01F03DF01E3A00F878F83C90393FF03FF090390FC00FC02E22
7AA033>I<011F137C90387FC1FF3A01E1E787803A03C0F703C0903880FE0FEA07004813
FC000E1580001E9038F80700001C91C7FC1301003C5B1218120013035CA31307A25C1506
010F130F150E14800038141ED87C1F131C00FC143C1538013F5B39F07FC0E03970F3C3C0
393FE1FF80260F807EC7FC22227CA023>I<13F0D803FC1307D80F1E130F000E141F121C
123C0038143FD8783E133E1270A2017E137ED8F07C137CEA60FCC65A15FC000114F85BA2
1401000314F013E0A2140315E0EA07C0A20003130715C0EBE00F141F0001133F9038F07F
8038007FEFEB1F8FEB001F1500A25C003E133E007E137E147C5C007C5BEA7001495A3838
0780D83C1FC7FCEA0FFCEA07F020317AA025>I E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fb cmr9 9 70
/Fb 70 124 df<DA1FE013FF9126FFFC0713E0903B03F01E1F80F0903B0FC0077E003CD9
1F805B90273F001FF8137E017E4A13FE495CA248485C030F147C95C7FCA9187EB912FEA3
3B01F8000FC000187EB3A6486C496C13FF297FFFC1FFFE0F13F8A33D357FB440>14
D<14C01301EB0380EB0F00130E5B133C5B5BA2485A485AA212075B120F90C7FC5AA2121E
123EA3123C127CA55AB0127CA5123C123EA3121E121FA27E7F12077F1203A26C7E6C7EA2
13787F131C7F130FEB0380EB01C01300124A79B71E>40 D<12C07E1270123C121C7E120F
6C7E6C7EA26C7E6C7EA27F1378137C133C133EA2131E131FA37F1480A5EB07C0B0EB0F80
A514005BA3131E133EA2133C137C137813F85BA2485A485AA2485A48C7FC120E5A123C12
705A5A124A7CB71E>I<123C127EB4FCA21380A2127F123D1201A412031300A25A120612
0E120C121C5A5A126009177A8715>44 D<B512F0A514057F921A>I<123C127E12FFA412
7E123C08087A8715>I<1530157815F8A215F01401A215E01403A215C01407A21580140F
A215005CA2143EA2143C147CA2147814F8A25C1301A25C1303A25C1307A2495AA291C7FC
5BA2131E133EA2133C137CA2137813F8A25B1201A25B1203A2485AA25B120FA290C8FC5A
A2121E123EA2123C127CA2127812F8A25A12601D4B7CB726>I<EB0FE0EB7FFCEBF83E39
03E00F803907C007C0EB8003000F14E0391F0001F0A24814F8A2003E1300007E14FCA500
FE14FEB2007E14FCA56CEB01F8A36C14F0A2390F8003E03907C007C0A23903E00F803900
F83E00EB7FFCEB0FE01F347DB126>I<13075B5B137FEA07FFB5FC13BFEAF83F1200B3B3
A2497E007FB51280A319327AB126>I<EB3FC0EBFFF0000313FC380F80FF391E007F8000
1CEB3FC048EB1FE048130F15F00060130712FC6C14F87E1403A3007E1307123CC7FC15F0
A2140F15E0EC1FC0A2EC3F801500147E5C495A5C495A495A495A49C7FC133E133C491318
5B485A48481330485A48C7FC001C1470001FB512F05A5AB612E0A31D327CB126>I<EB1F
E0EBFFFC4813FF3907E03F80390F001FC0001EEB0FE0001CEB07F0123F018013F8140313
C01380A2381F0007C7FC15F0A2EC0FE015C0141FEC3F80EC7E00EB01F8EB7FE014FCEB00
3FEC1FC0EC0FE0EC07F015F8140315FC140115FEA3127EB4FCA415FC48130312780070EB
07F86C14F0003C130F001FEB1FE0390FE03F800003B51200C613FCEB1FE01F347DB126>
I<EC01C0A214031407A2140F141FA2143F147F146F14CF1301EB038F140F1307130E130C
131C13381330137013E013C0EA0180120313001206120E120C5A123812305A12E0B71280
A3C7380FC000A94A7E0107B51280A321337EB226>I<000C14C0380FC00F90B512801500
5C5C14F014C0D80C18C7FC90C8FCA9EB0FC0EB7FF8EBF07C380FC03F9038001F80EC0FC0
120E000CEB07E0A2C713F01403A215F8A41218127E12FEA315F0140712F8006014E01270
EC0FC06C131F003C14806CEB7F00380F80FE3807FFF8000113E038003F801D347CB126>
I<14FE903807FF80011F13E090383F00F0017C13703901F801F8EBF003EA03E01207EA0F
C0EC01F04848C7FCA248C8FCA35A127EEB07F0EB1FFC38FE381F9038700F809038E007C0
39FFC003E0018013F0EC01F8130015FC1400A24814FEA5127EA4127F6C14FCA26C130101
8013F8000F14F0EBC0030007EB07E03903E00FC03901F81F806CB51200EB3FFCEB0FE01F
347DB126>I<1230123C003FB6FCA34814FEA215FC0070C7123800601430157015E04814
C01401EC0380C7EA07001406140E5C141814385CA25CA2495A1303A3495AA2130FA3131F
91C7FCA25BA55BA9131C20347CB126>I<EB0FE0EB7FFC90B5FC3903F01F803907C007C0
390F0003E0000EEB01F0001E1300001C14F8003C1478A3123EA2003F14F86D13F0EBC001
D81FF013E09038F803C0390FFE07803907FF0F006C13DE6C13F87EEB3FFE8001F713C0D8
03E313E0D8078013F0390F007FF8001E131F003EEB07FC003C1303481301EC007E12F848
143EA2151EA37E153C1278007C14787E6C14F0390F8003E03907F01FC00001B512003800
7FFCEB1FE01F347DB126>I<EB0FE0EB7FF8EBFFFE3803F83F3907E00F80390FC007C0D8
1F8013E0EC03F0EA3F0048EB01F8127EA200FE14FC1400A415FEA5007E1301A2127F7E14
03EA1F80000F13073807C00E3803E01C3801F03838007FF090381FC0FC90C7FC1401A215
F8A215F01403001F14E0383F800715C0140FEC1F809038003F00001C137E381F01FC380F
FFF0000313C0C690C7FC1F347DB126>I<123C127E12FFA4127E123C1200B0123C127E12
FFA4127E123C08207A9F15>I<15E0A34A7EA24A7EA34A7EA3EC0DFE140CA2EC187FA34A
6C7EA202707FEC601FA202E07FECC00FA2D901807F1507A249486C7EA301066D7EA2010E
80010FB5FCA249800118C77EA24981163FA2496E7EA3496E7EA20001821607487ED81FF0
4A7ED8FFFE49B512E0A333367DB53A>65 D<B7FC16E016F83A03FC0003FE0001EC00FFEE
7F80EE3FC0161F17E0160F17F0A617E0161F17C0EE3F80EE7F0016FEED03FC90B612F05E
9039FC0007FCED00FEEE3F80EE1FC0EE0FE017F0160717F8160317FCA617F81607A2EE0F
F0EE1FE0163FEE7FC00003913803FF00B75A16F816C02E337DB236>I<DA03FE130C9139
3FFF801C91B512E0903A03FE01F83C903A0FF0003C7CD91FC0EB0EFCD97F80130701FEC7
120348481401000315005B4848157C485A173C485A171C123F5B007F160CA390C9FC4816
00AB7E6D150CA3123F7F001F161C17186C7E17386C6C15306C6C15706D15E012016C6CEC
01C0D97F80EB0380D91FC0EB0F00D90FF0131ED903FE13FC0100B512F0023F13C0DA03FE
C7FC2E377CB437>I<B77E16F016FE3A01FE0001FF00009138003FC0EE0FE0707E707E70
7E707E177E177FEF3F80A2EF1FC0A3EF0FE0A418F0AA18E0A3171F18C0A21880173F1800
5F17FE5F4C5AEE07F04C5AEE3FC000014AB45AB748C7FC16F8168034337EB23B>I<B812
C0A3D803FCC7127F0001150FEE03E01601A21600A21760A403061330A41700150EA2151E
157E90B512FEA39038FC007E151E150EA21506170CA3171892C7FCA41738A21770A217F0
1601160316070003157FB812E0A32E337DB234>I<B81280A3D803FCC7FC0001151FEE07
C01603A21601A21600A41760150CA31700A2151CA2153C15FC90B5FCA3EBFC00153C151C
A2150CA592C8FCAB487EB512FEA32B337DB232>I<DA03FE130C91393FFF801C91B512E0
903A03FE01F83C903A0FF0003C7CD91FC0EB0EFCD97F80130701FEC71203484814010003
15005B4848157C485A173C485A171C123F5B007F160CA390C9FC4893C7FCAA0303B512E0
7E7F92390003FE00705A123F7F121FA26C7E7F12076C7E7F6C6C14036C7E6D6C1307D91F
C0EB0E7CD90FF0EB1C3CD903FEEBF81C0100B5EAF00C023F01C0C7FCDA03FEC8FC33377C
B43C>I<B5D8FE03B512F8A3000190C73807FC006C486E5AB390B7FCA349C71203B3A348
6C4A7EB5D8FE03B512F8A335337EB23A>I<B512FEA3000113006C5AB3B3A7487EB512FE
A317337EB21C>I<017FB5FCA39038003FE0EC1FC0B3B1127EB4FCA4EC3F805A00601400
00705B6C13FE6C485A380F03F03803FFC0C690C7FC20357DB227>I<B500FE903807FFF8
A3000190C7000113006C48EC00FC17F04C5A4C5A4CC7FC160E5E5E5E5E4B5A4B5A4BC8FC
150E5D5D15F84A7E14034A7EEC0EFF5C4A6C7E4A6C7EECE01FD9FFC07F4A6C7E4A6C7E5B
6F7E6F7EA26F7E707EA2707E707E160F83707E707EA283486C913807FF80B500FE013F13
FCA336337EB23C>I<B512FEA3D803FEC9FC6C5AB3A9EE0180A416031700A45EA25E5E5E
5E16FE00031407B7FCA329337DB230>I<D8FFFC923801FFF86D5DA20003EFFE00D801BF
ED06FCA3D99F80140CA2D98FC01418A3D987E01430A2D983F01460A3D981F814C0A3D980
FCEB0180A2027EEB0300A36E1306A26E6C5AA36E6C5AA36E6C5AA26E6C5AA36E6C5AA391
3800FD80A2037FC7FCA3486C133ED80FF04B7EB5011C90387FFFF8A33D337CB246>I<D8
FFFE91381FFFF87F80C6030013006E143CD9DFE01418EBCFF0A2EBC7F8EBC3FCA2EBC1FE
EBC0FF6E7EA26E7E6E7EA26E7E6E7E6E7EA26E7E6E7EA2ED7F80ED3FC0ED1FE0A2ED0FF0
ED07F8A2ED03FCED01FEED00FFA2EE7F98EE3FD8A2EE1FF8160F1607A216031601A2486C
1400D807F81578B500C01438A2171835337EB23A>I<EC07FC91387FFFC0903901FC07F0
903907E000FCD90F80133E013FC76C7E017E6E7E496E7E48486E7E48486E7EA248486E7E
000F8249157E001F167FA24848ED3F80A2007F17C0A290C9121FA24817E0AB6C17C06D15
3FA3003F17806D157FA2001F17006D5D000F5E6C6C4A5AA26C6C4A5A00015E6C6C4A5A01
7E4A5A6D4A5AD91FC0017FC7FCD907E013FC903901FC07F09039007FFFC0DA07FCC8FC33
377CB43C>I<B612FEEDFFC016F03A03FC0007FC0001EC00FE167FEE3F80EE1FC017E016
0FA217F0A617E0A2EE1FC0A2EE3F80EE7F0016FEED07F890B65A168001FCC9FCB3A2487E
B512F8A32C337DB234>I<B612FCEDFF8016F03A01FE0007FC0000EC01FEED007F707E70
7E83160F83A65FA24C5AA24C5A047EC7FC4B5AED0FF090B612C093C8FC9039FE001FC0ED
07F06F7E6F7E150082167E167FA583A5180C17C0A2043F131C486C1618B500FEEB1FE004
0F1338933807F070C93801FFE09338003F8036357EB239>82 D<90381FE00390387FFC07
48B5FC3907F01FCF390F8003FF48C7FC003E80814880A200788000F880A46C80A27E92C7
FC127F13C0EA3FF013FF6C13F06C13FF6C14C06C14F0C680013F7F01037F9038003FFF14
0302001380157F153FED1FC0150F12C0A21507A37EA26CEC0F80A26C15006C5C6C143E6C
147E01C05B39F1FC03F800E0B512E0011F138026C003FEC7FC22377CB42B>I<007FB712
FEA390398007F001D87C00EC003E0078161E0070160EA20060160600E01607A3481603A6
C71500B3AB4A7E011FB512FCA330337DB237>I<B500FE90381FFFF8A3000190C813006C
48153C1718B3AF1738017F1530A217706D6C1460011F15E06E495A010F14036D6C495A6D
6C49C7FCD901FC131E6DB413FC91383FFFF0020F13C0020190C8FC35357EB23A>I<B500
F0903803FFF8A3D807FEC8EA7FC06C48ED1F000001161E6D151C00001618A26D15386D15
30A26D6C5CA26E14E0011F5DA26D6C495AA28001074AC7FCA26D6C1306A28001015CA26E
131C01001418806E5BA2ED8070023F1360A26E6C5AA215E1020F5BA2DA07F3C8FCA215FB
EC03FEA36E5AA26E5AA31570A235357EB23A>I<B5D8F007B539800FFFF0A3000390C727
3FF000011300D801FC6E48EB007C1A386D140F00001930836D020715706D1860A26E496C
14E0013F60A26ED919FC1301011F60A26ED930FE1303010F95C7FCA26ED9607F5B010717
06A26E9039C03F800E0103170CA2913BFC01801FC01C01011718A2913BFE03000FE03801
001730A2DAFF06EB07F0027F5EA2038CEB03F8023F5EA203D8EB01FC021FEDFD80A203F0
EB00FF020F93C8FCA24B800207157EA24B143E0203153CA24B141C020115184C357FB24F
>I<267FFFFC90B512C0A3000101E090381FF80026007F80EB0FC0013F6E5A6E91C7FC6D
6C130E010F140C6E5B6D6C133801035C6E13606D6C13E06D6C485A5EDA7F83C8FCEC3FC7
15C6EC1FECEC0FFC5D14076E7EA26E7E815C6F7E9138063FC0140E4A6C7E9138180FF0EC
380702707F91386003FCECC0010101804A6C7E49C77E4981010E6E7E010C6E7E131C496E
7E01786E7E13FCD807FEEC1FFEB56C90B512F8A335337EB23A>I<B500F8ECFFFEA30003
0180EC3FE06C90C8EA1F806CEE0E006D6C5C6D6C141817386D6C14305F6D6C14E06D6C5C
16016D6C5C6D6C49C7FC5E6D6C13065E91387F801C91383FC018163891381FE0306E6C5A
16E06E6C5AEDF980EC03FF6E90C8FC5D1400B14A7E91B512FCA337337FB23A>I<EAFFF0
A4EAF000B3B3B3ADEAFFF0A40C4B79B715>91 D<EAFFF0A41200B3B3B3AD12FFA40C4B7F
B715>93 D<EB7F803803FFF0380F80FC381C003E003F133F6D6C7E6E7EA26E7EEA1F00C7
FCA4EB01FF131FEBFF873803FC07EA0FF0EA1FC0EA3F80127F13004815C05AA3140FA26C
131F6C133B3A3F8071F180391FC1E1FF2607FFC013003900FE003C22237DA126>97
D<EA03F012FFA312071203AEEC3F80ECFFE09038F3C0F89038F7007E01FE7F49EB1F8049
EB0FC05BED07E016F0A2150316F8AA16F0150716E0A2ED0FC07F6DEB1F8001ECEB3F0001
CF137C90388381F8903801FFE0C76CC7FC25357EB32B>I<EB07F8EB3FFF9038FC07C039
01F000E03903E003F03807C007120FEA1F80123F90380003E04890C7FCA2127E12FEAA12
7FA26C14187F001F14386D1330000F14706C6C13E03903F001C03900FC0F8090383FFE00
EB07F01D237EA122>I<153FEC0FFFA3EC007F81AEEB07F0EB3FFCEBFC0F3901F003BF39
07E001FF48487E48487F8148C7FCA25A127E12FEAA127E127FA27E6C6C5BA26C6C5B6C6C
4813803A03F007BFFC3900F81E3FEB3FFCD90FE0130026357DB32B>I<EB0FE0EB7FFCEB
F83F3903F00F80D807E013C0390FC007E0381F800315F0EA3F0014014814F8127EA212FE
A2B6FCA248C8FCA5127E127FA26C1418A26C6C1338000F14306D13706C6C13E03901F003
C03900FC0F00EB3FFEEB07F01D237EA122>I<EB01FCEB07FF90381F078090383E0FC0EB
7C1F13FCEA01F8A20003EB070049C7FCACB512F0A3D803F0C7FCB3A7487E387FFFE0A31A
357FB417>I<151F90391FC07F809039FFF8E3C03901F07FC73907E03F033A0FC01F8380
9039800F8000001F80EB00074880A66C5CEB800F000F5CEBC01F6C6C48C7FCEBF07C380E
FFF8380C1FC0001CC9FCA3121EA2121F380FFFFEECFFC06C14F06C14FC4880381F000100
3EEB007F4880ED1F8048140FA56C141F007C15006C143E6C5C390FC001F83903F007E0C6
B51280D91FFCC7FC22337EA126>I<EA03F012FFA312071203AEEC1FC0EC7FF09038F1E0
FC9038F3807C9038F7007E13FE497FA25BA25BB3486CEB7F80B538C7FFFCA326347EB32B
>I<EA0780EA0FC0EA1FE0A4EA0FC0EA0780C7FCAAEA07E012FFA3120F1207B3A6EA0FF0
B5FCA310337EB215>I<EA03F012FFA312071203AF913803FFE0A36E1300EC00F8EC01E0
5D4A5A020FC7FC141C5C5C14F0EBF3F8EBF7FC13FEEBFC7EEBF87F496C7E141F6E7E8114
076E7E8114016E7E81486CEBFF80B500C313F0A324347EB329>107
D<EA07E012FFA3120F1207B3B3A7EA0FF0B5FCA310347EB315>I<2703F01FE013FF00FF
90267FF80313C0903BF1E07C0F03E0903BF3803E1C01F02807F7003F387FD803FE147049
6D486C7EA2495CA2495CB3486C496C487EB53BC7FFFE3FFFF0A33C217EA041>I<3903F0
1FC000FFEB7FF09038F1E0FC9038F3807C3907F7007EEA03FE497FA25BA25BB3486CEB7F
80B538C7FFFCA326217EA02B>I<EB07F0EB3FFE9038FC1F803901F007C03903C001E000
078048486C7E48C7127CA248147E003E143E007E143FA300FE1580A8007E1500A36C147E
A26C147C6D13FC6C6C485A00075C3903F007E03900FC1F80D93FFEC7FCEB07F021237EA1
26>I<3903F03F8000FFEBFFE09038F3C0F89038F7007ED807FE7F6C48EB1F804914C049
130F16E0ED07F0A3ED03F8A9150716F0A216E0150F16C06D131F6DEB3F80160001FF13FC
9038F381F89038F1FFE0D9F07FC7FC91C8FCAA487EB512C0A325307EA02B>I<903807F0
0390383FFC07EBFC0F3901F8038F3807E001000F14DF48486CB4FC497F123F90C77E5AA2
5A5AA9127FA36C6C5B121F6D5B000F5B3907E003BF3903F0073F3800F81EEB3FF8EB0FE0
90C7FCAAED7F8091380FFFFCA326307DA029>I<3803E07C38FFE1FF9038E38F809038E7
1FC0EA07EEEA03ECA29038FC0F8049C7FCA35BB2487EB512E0A31A217FA01E>I<EBFF06
000713CE381F00FE003C133E48131E140E5A1406A27EA200FE90C7FC6C7EEA7FFC383FFF
C014F0000F7F6C7FC67FEB0FFF1300EC3F8000C0131F140F6C1307A37E15006C5B6C130E
6C5B38F7807838E1FFE038C07F8019237EA11E>I<1330A51370A313F0A21201A2120312
07381FFFFEB5FCA23803F000AF1403A814073801F806A23800FC0EEB7E1CEB1FF8EB07E0
182F7FAD1E>I<D803F0133F00FFEB0FFFA30007EB007F000380B35DA35D12016D481380
0000903803BFFC90387E073FEB1FFED907F8130026227EA02B>I<B5EBFFF0A3D80FF0EB
3F800007EC1F000003140E150C6D131C00011418A26C6C5BA26D1370017E1360137F6D5B
A290381F8180A214C3010F90C7FCA2EB07E6A214FE6D5AA26D5AA36D5AA2146024217E9F
29>I<B53A1FFF81FFF0A33C07F801FC003F8001F049EB1E0000030100141C816C6C017C
1318A26D017E1338000002FE1330A290267E01FF5B159F168090263F030F5BA216C0903A
1F8607C180A202C613E390260FCC0390C7FCA2D907FC13F6ECF80116FE6D486C5AA36D48
1378A36D48133034217F9F37>I<B53801FFF8A32603FE0013806C48EB7C000000147801
7E1370017F5B90383F81C090381F8380D90FC3C7FCEB07E614FE6D5A6D5A6D7E80805B90
38039F809038071FC09038060FE0EB0C0790381C03F0496C7E01707FEBF000000180000F
ECFF8026FFFC0313FCA326207F9F29>I<3A7FFF807FF8A33A07F8001FC00003EC0F8000
01EC070015066C6C5BA26D131C017E1318A26D5BA2EC8070011F1360ECC0E0010F5BA290
3807E180A214F3010390C7FC14FBEB01FEA26D5AA31478A21430A25CA214E05CA2495A12
78D8FC03C8FCA21306130EEA701CEA7838EA1FF0EA0FC025307F9F29>I<003FB512F0A2
EB000F003C14E00038EB1FC00030EB3F800070137F1500006013FE495A13035CC6485A49
5AA2495A495A49C7FC153013FE485A12035B48481370485A001F14604913E0485A387F00
0348130F90B5FCA21C207E9F22>I<B712F8A22502809426>I E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fc cmmi10 10 1
/Fc 1 23 df<EB0380D907E01307010FEC0F80161F5CA2011F143FA24A1400A2013F5CA2
91C7127EA24914FEA2017E5CA201FE1301A2495CA200011403A249ECF018A20003140717
38EEE030150F00071670031F1360153F6D017713E0486C9038E3E1C0903AFF03C1F38090
3ACFFF00FF00D9C3FC133ED81FC0C9FCA25BA2123FA290CAFCA25AA2127EA212FEA25AA2
12702D377EA432>22 D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fd cmtt10 10 72
/Fd 72 126 df<010F133C90381F807EA8013F13FE4A5AA4007FB612F0B712F8A4003F15
F03A007E01F800A5EBFE0301FC5BA6003FB612F0B712F8A46C15F03A01F807E000A30003
130F01F05BA86C486C5A25337DB22C>35 D<143814FC13011303EB07F8EB0FF0EB1FC0EB
3F80EB7F0013FE485A485A5B12075B120F5B485AA2123F90C7FCA25A127EA312FE5AAC7E
127EA3127F7EA27F121FA26C7E7F12077F12037F6C7E6C7E137FEB3F80EB1FC0EB0FF0EB
07F8EB03FC130113001438164272B92C>40 D<127012FC7E7E6C7E6C7EEA0FE06C7E6C7E
6C7E6C7E137F7F1480131F14C0130FEB07E0A214F01303A214F81301A314FC1300AC1301
14F8A3130314F0A2130714E0A2EB0FC0131F1480133F14005B13FE485A485A485A485AEA
3FC0485A48C7FC5A5A1270164279B92C>I<EB0380497EA60020140800F8143E00FE14FE
00FF13C1EBC7C7EBE7CF003FB512F8000F14E0000314806C140038007FFCA248B5FC4814
80000F14E0003F14F839FFE7CFFEEBC7C7EB07C100FE13C000F8143E0020140800001400
A66D5A1F247AAA2C>I<EA0F80EA1FE0EA3FF0EA7FF8A213FCA3123F121F120F120013F8
A21201EA03F01207EA1FE0EA7FC0EAFF80130012FC12700E17718A2C>44
D<007FB6FCB71280A46C150021067B9B2C>I<121FEA3F80EA7FC0EAFFE0A5EA7FC0EA3F
80EA1F000B0B708A2C>I<1507ED0F80151FA2153F16005D157E15FE5D14015D14035DA2
14075D140F5D141F5D143F92C7FC5C147E14FE5CA213015C13035C13075C130F5C131F5C
A2133F91C8FC5B137E13FE5B12015B12035B12075BA2120F5B121F5B123F90C9FC5A127E
12FE5AA25A127821417BB92C>I<EB03F8EB0FFE90383FFF80497F90B57E3901FE0FF039
03F803F848486C7EEBE0004848137EA248487FA248C7EA1F80A2003E140F007E15C0A300
7C140700FC15E0AC6C140F007E15C0A46CEC1F80A36C6CEB3F00A26C6C137E6D13FE0007
5CEBF0016C6C485A3901FE0FF06CB55A6D5B6D5BD90FFEC7FCEB03F823357CB32C>I<13
07497EA2131FA2133F137F13FF5A1207127FB5FC13DF139FEA7C1F1200B3AE007FB512E0
B612F0A36C14E01C3477B32C>I<EB0FF890387FFF8048B512E00007804814FC391FF80F
FE393FE001FF903880007F48C7EA3F80007E141F00FE15C0150F6C15E01507A3127E123C
C8FCA2150F16C0151F1680153F16005D15FE4A5A14034A5A4A5A4A5A4A5AECFF804948C7
FC495A495A495AEB3FE0EB7F8049C8FC485A4848EB03C04848EB07E0EA1FE0485A48B6FC
B7FCA36C15C023347CB32C>I<EB0FFC90387FFF8048B512E0000714F84880391FF807FE
EBC0004848137F6D7F1680151FA26C5A6CC7FCC8FC153F16005D15FE14014A5AEC1FF890
381FFFF0495BA215F86D7F90380007FEEC00FF81ED3F80ED1FC0150FA216E01507A2123C
127EB4FC150F16C0A248141F007FEC3F806DEB7F006C6C5B391FF807FE6CB55A6C5C6C14
E0C66C1380D90FFCC7FC23357CB32C>I<EC07F04A7E141F143FA2147EA214FCEB01F8A2
EB03F0EB07E0A2EB0FC0EB1F80A2EB3F00137EA25B485AA2485A5B1207485AA2485A48C7
FCA2127E5AB712FC16FEA36C15FCC8EAF800AA91387FFFF091B512F8A36E13F027347EB3
2C>I<000FB512FE4880A35D0180C8FCADEB83FE90389FFF8090B512E015F8819038FE03
FE9038F000FF01C07F49EB3F8090C7121F6C15C0C8120FA2ED07E0A4123C127EB4FC150F
16C0A248141F007EEC3F80007FEC7F006C6C5B6D485A391FF80FFC6CB55A6C5C000114C0
6C6C90C7FCEB0FF823347CB22C>I<EC3FC0903801FFF801077F011F7F497F90387FE07F
9039FF003F804848137FEA03F8485A5B000FEC3F004848131E4990C7FC123F90C9FCA25A
127EEB03FE90381FFF80D8FC7F13E000FDB57EB67E9038FE07FC9038F001FE9038C0007F
49EB3F8090C7121F16C048140F16E01507A3127EA47E150F6D14C0001F141F6D1480000F
143F6DEB7F003907F801FE3903FE07FC6CB55A6C5C6D5B011F1380D907FCC7FC23357CB3
2C>I<1278B712C016E0A316C000FCC7EA3F80ED7F0015FE00785CC712014A5A4A5A5D14
0F5D4A5A143F92C7FC5C147E14FE5C13015CA2495AA213075CA3495AA4495AA5133F91C8
FCAA131E23357CB32C>I<EB07FC90383FFF8090B512E0000314F84880390FFC07FE391F
F001FF9038C0007F4848EB3F8090C7121F4815C0007E140FA56CEC1F80A26C6CEB3F006D
5B390FF001FE3903FC07F86CB55A6C6C13C0D907FCC7FC90387FFFC048B512F03903FC07
F8390FF001FE391FC0007F497F48C7EA1F80007EEC0FC0A248EC07E0A7007EEC0FC0A200
7F141F6C6CEB3F806C6CEB7F009038F001FF390FFC07FE6CB55A6C5CC614E0013F1380D9
07FCC7FC23357CB32C>I<EB07FCEB3FFF90B512C0488048803907FC07F8390FF001FC48
486C7ED83F80137E157F48C77E007EEC1F8012FE5AED0FC0A416E0A37E127E007F141F7E
6D133F6C6C137F390FF001FF3807FC0F6CB6FC6C14F76C14C7013F130FD90FF813C090C7
FCA2151F1680153F1600000F5C486C137E486C13FE4A5A4A5A14079038801FF0391FE07F
E090B55A6C91C7FC6C5B000113F838007FC023357CB32C>I<121FEA3F80EA7FC0EAFFE0
A5EA7FC0EA3F80EA1F00C7FCAE121FEA3F80EA7FC0EAFFE0A5EA7FC0EA3F80EA1F000B24
70A32C>I<EA0F80EA1FC0EA3FE0EA7FF0A5EA3FE0EA1FC0EA0F80C7FCAEEA0F80EA1FC0
EA3FE0127F13F0A4123F121F120F1201120313E01207EA0FC0A2EA3F80EA7F005A5A12F8
12700C3071A32C>I<007FB612F0B712F8A4003F15F0CAFCA8003FB612F0B712F8A46C15
F025147DA22C>61 D<127012FC7E6C7E13E06C7EEA1FFC6C7E3803FF80C67FEB7FF0EB1F
F8EB0FFEEB03FF6D13C06D6C7EEC3FF8EC0FFC6EB4FC0201138080A25C02071300EC0FFC
EC3FF8EC7FE049485A4990C7FCEB0FFEEB1FF8EB7FF0EBFFC000035BD80FFEC8FC485AEA
7FF0485A138048C9FC5A1270212A7BAD2C>I<14FE497EA4497FA214EFA2130781A214C7
A2010F7FA314C390381F83F0A590383F01F8A490387E00FCA549137E90B512FEA34880A2
9038F8003FA34848EB1F80A4000715C049130FD87FFEEBFFFC6D5AB514FE6C15FC497E27
347EB32C>65 D<007FB512E015F8B612FE6C8016C03903F0003FED0FE0ED07F01503A2ED
01F8A6ED03F0A21507ED0FE0ED1FC0EDFF8090B612005D5D15FF16C09039F0001FE0ED07
F0ED03F81501ED00FCA216FE167EA616FE16FC1501ED03F8150FED3FF0007FB612E016C0
B712806CECFE0015F027337FB22C>I<02FF13700107EBE0F84913F9013F13FD4913FFEB
FF813901FE007F4848131FD807F0130F1507485A491303485A150148C7FCA25A007EEC00
F01600A212FE5AAB7E127EA3007F15F06CEC01F8A26C7EA26C6C13036D14F06C6C130716
E0D803FC131F6C6CEB3FC03A00FF81FF806DB512006D5B010F5B6D13F00100138025357D
B32C>I<007FB5FCB612C015F0816C803907E003FEEC00FFED7F80153FED1FC0ED0FE0A2
150716F0150316F81501A4ED00FCACED01F8A3150316F0A2150716E0150FED1FC0153FED
7F80EDFF00EC03FE007FB55AB65A5D15C06C91C7FC26337EB22C>I<007FB612F0B712F8
A37E3903F00001A7ED00F01600A4EC01E04A7EA490B5FCA5EBF003A46E5A91C8FCA5163C
167EA8007FB612FEB7FCA36C15FC27337EB22C>I<007FB612F8B712FCA37ED803F0C7FC
A716781600A515F04A7EA490B5FCA5EBF001A46E5A92C7FCAD387FFFE0B5FC805C7E2633
7EB22C>I<903901FC038090390FFF87C04913EF017F13FF90B6FC4813073803FC01497E
4848137F4848133F49131F121F5B003F140F90C7FCA2127EED078092C7FCA212FE5AA891
3803FFF84A13FCA27E007E6D13F89138000FC0A36C141FA27F121F6D133F120F6D137F6C
7E6C6C13FF6D5A3801FF076C90B5FC6D13EF011F13CF6DEB0780D901FCC7FC26357DB32C
>I<D87FFEEBFFFCB54813FEA36C486C13FCD807E0EB0FC0B190B6FCA59038E0000FB3D8
7FFEEBFFFCB54813FEA36C486C13FC27337EB22C>I<007FB512F8B612FCA36C14F83900
0FC000B3B3A5007FB512F8B612FCA36C14F81E3379B22C>I<D87FFCEB7FF8486CEBFFFC
A36C48EB7FF8D807C0EB1F80153FED7F00157E5D4A5A14034A5A5D4A5A4A5A143F4AC7FC
147E5CEBC1F813C3EBC7FCA2EBCFFEEBDFBEEBFFBF141F01FE7F496C7E13F86E7EEBF003
01E07FEBC001816E7EA2157E153E153F811680ED0FC0A2ED07E0D87FFCEB1FFC486CEB3F
FEA36C48EB1FFC27337EB22C>75 D<387FFFE0B57EA36C5BD803F0C8FCB3AE16F0ED01F8
A8007FB6FCB7FCA36C15F025337DB22C>I<D87FE0EB0FFC486CEB1FFEA26D133F007F15
FC000F15E001BC137BA4019E13F3A3EB9F01A2018F13E3A21483A2018713C314C7A20183
1383A214EFA201811303A214FFEB80FEA3147C14381400ACD87FF0EB1FFC486CEB3FFEA3
6C48EB1FFC27337EB22C>I<D87FF0EB7FFC486CEBFFFEA27F007FEC7FFCD807FEEB07C0
13DEA213DF13CFA2148013C714C0A213C314E0A213C114F0A213C014F8A2147CA3143EA2
141E141FA2140F1587A2140715C7A2140315E71401A215F71400A215FFD87FFC137F487E
153FA26C48EB1F8027337EB22C>I<EB7FFF0003B512E0000F14F848804880EBE003EB80
0048C7127FA2007E80A300FE158048141FB3A86C143FA2007E1500A3007F5CA26C6C13FE
EBF00790B5FC6C5C6C5C000314E0C66C90C7FC21357BB32C>I<007FB512C0B612F88115
FF6C15802603F00013C0153FED0FE0ED07F0A2150316F81501A6150316F01507A2ED0FE0
ED3FC015FF90B61280160015FC5D15C001F0C8FCB0387FFF80B57EA36C5B25337EB22C>
I<387FFFFCB67E15E015F86C803907E007FE1401EC007F6F7E151FA26F7EA64B5AA2153F
4BC7FCEC01FE140790B55A5D15E081819038E007FCEC01FE1400157F81A8160FEE1F80A5
D87FFEEB1FBFB5ECFF00815E6C486D5AC8EA01F029347EB22C>82
D<90381FF80790B5EA0F804814CF000714FF5A381FF01F383FC003497E48C7FC007E147F
00FE143F5A151FA46CEC0F00007E91C7FC127F7FEA3FE0EA1FFCEBFFC06C13FC0003EBFF
C06C14F06C6C7F01077F9038007FFEEC07FF02001380153FED1FC0A2ED0FE0A200781407
12FCA56CEC0FC0A26CEC1F806D133F01E0EB7F009038FE01FF90B55A5D00F914F0D8F83F
13C0D8700790C7FC23357CB32C>I<007FB612FCB712FEA43AFC007E007EA70078153CC7
1400B3AF90383FFFFCA2497F6D5BA227337EB22C>I<3B7FFF803FFFC0B56C4813E0A36C
496C13C03B03F00001F800B3AF6D130300015DA26D130700005D6D130F017F495A6D6C48
5AECE0FF6DB5C7FC6D5B010313F86D5B9038003F802B3480B22C>I<D87FF0EB07FF486C
491380A36C486D1300001FC8127CA46C6C5CA76C6C495AA4143E147FA33A03E0FF83E0A2
14F7A201E113C3A3000101E35BA201F113C701F313E7A314C1A200005DA201F713F71480
A301FF13FF017F91C7FC4A7EA4013E133E29347FB22C>87 D<3A3FFF03FFE0484913F014
8714076C6D13E03A01F800FE007F0000495A13FE017E5BEB7F03013F5B1487011F5B14CF
010F5B14FF6D5BA26D90C7FCA26D5AA26D5AA2497EA2497EA2497F81EB0FCF81EB1FC7EC
87F0EB3F83EC03F8EB7F01017E7FEBFE00497F0001147E49137F000380491480151FD87F
FEEBFFFC6D5AB514FE6C15FC497E27337EB22C>I<D87FFCEB7FFC486CEBFFFEA36C48EB
7FFCD807F0EB0FC0151F000315806D133F12016DEB7F0012006D137E017E13FE017F5BEB
3F01EC81F8131FEC83F0EB0FC314C7903807E7E0A201035B14EF6DB45AA292C7FC7F5C14
7EB0903807FFE0497FA36D5B27337EB22C>I<387FFFFCB512FEA314FC00FCC7FCB3B3B3
B512FC14FEA36C13FC17416FB92C>91 D<387FFFFCB512FEA37EC7127EB3B3B3387FFFFE
B5FCA36C13FC17417DB92C>93 D<007FB6FCB71280A46C150021067B7D2C>95
D<3801FFF0000713FE001F6D7E15E048809038C01FF81407EC01FC381F80000006C77EC8
127EA3ECFFFE131F90B5FC1203120F48EB807E383FF800EA7FC090C7FC12FE5AA47E007F
14FEEB8003383FE01F6CB612FC6C15FE6C14BF0001EBFE1F3A003FF007FC27247CA32C>
97 D<EA7FF0487EA3127F1201AAEC1FE0ECFFF801FB13FE90B6FC16809138F07FC09138
801FE091380007F049EB03F85BED01FC491300A216FE167EA816FE6D14FCA2ED01F86D13
036DEB07F0150F9138801FE09138E07FC091B51280160001FB5B01F813F83900F03FC027
337FB22C>I<903803FFE0011F13F8017F13FE48B5FC48804848C6FCEA0FF0485A49137E
4848131890C9FC5A127EA25AA8127EA2127F6C140F6DEB1F806C7E6D133F6C6CEB7F0039
07FE03FF6CB55A6C5C6C6C5B011F13E0010390C7FC21247AA32C>I<EC0FFE4A7EA380EC
003FAAEB07F8EB3FFE90B512BF4814FF5A3807FC0F380FF00348487E497E48487F90C7FC
007E80A212FE5AA87E007E5CA2007F5C6C7E5C6C6C5A380FF0073807FC1F6CB612FC6CEC
BFFE6C143FEB3FFC90390FF01FFC27337DB22C>I<EB03FE90381FFFC0017F13F048B57E
48803907FE03FE390FF800FFD81FE0EB3F805B4848EB1FC090C7120F5A007E15E015075A
B7FCA416C000FCC9FC7E127EA2127F6CEC03C06DEB07E06C7ED80FF0130F6C6CEB3FC001
FF13FF000190B512806C1500013F13FC010F13F00101138023247CA32C>I<EC0FF8EC3F
FE91B5FC4914805B903807FC7F14F090390FE03F0014C092C7FCA6007FB512FEB7FCA36C
5C26000FC0C7FCB3A8003FB512F04880A36C5C21337DB22C>I<ED03F8903907F80FFC90
391FFE3FFE017FB6FC48B7FC48ECFE7F9038FC0FF82607F003133E3A0FE001FC1CD9C000
1300001F8049137EA66D13FE000F5CEBE0016C6C485A3903FC0FF048B5FC5D481480D99F
FEC7FCEB87F80180C8FCA37F6C7E90B512F06C14FE48ECFF804815E04815F03A3FC0001F
F848C7EA03FC007E1400007C157C00FC157E48153EA46C157E007E15FCD87F801303D83F
E0EB0FF8D81FFCEB7FF06CB612E0000315806C1500D8003F13F8010713C028387EA42C>
I<EA7FF0487EA3127F1201AAEC1FE0EC7FFC9038F9FFFE01FB7F90B6FC9138F03F80ECC0
1F02807FEC000F5B5BA25BB3267FFFE0B5FCB500F11480A36C01E0140029337FB22C>I<
1307EB1FC0A2497EA36D5AA20107C7FC90C8FCA7387FFFC080B5FC7EA2EA0007B3A8007F
B512FCB612FEA36C14FC1F3479B32C>I<EA7FE0487EA3127F1201AA91381FFFF04A13F8
A36E13F0913800FE004A5A4A5A4A5A4A5A4A5A4A5A4AC7FC14FEEBF1FC13F3EBF7FE90B5
FCA2EC9F80EC0FC001FE7FEBFC07496C7E496C7E811400157E811680151F3A7FFFC0FFFC
B500E113FEA36C01C013FC27337EB22C>107 D<387FFFE0B57EA37EEA0003B3B3A5007F
B61280B712C0A36C158022337BB22C>I<3A7F83F007E09039CFFC1FF83AFFDFFE3FFCD8
7FFF13FF91B57E3A07FE1FFC3E01FCEBF83F496C487E01F013E001E013C0A301C01380B3
3B7FFC3FF87FF0027F13FFD8FFFE6D13F8D87FFC4913F0023F137F2D2481A32C>I<397F
F01FE039FFF87FFC9038F9FFFE01FB7F6CB6FC00019038F03F80ECC01F02807FEC000F5B
5BA25BB3267FFFE0B5FCB500F11480A36C01E0140029247FA32C>I<EB07FCEB1FFF017F
13C048B512F048803907FC07FC390FF001FE48486C7E0180133F003F158090C7121F007E
EC0FC0A348EC07E0A76C140F007E15C0A2007F141F6C15806D133F6C6CEB7F006D5B6C6C
485A3907FC07FC6CB55A6C5C6C6C13C0011F90C7FCEB07FC23247CA32C>I<397FF01FE0
39FFF8FFF801FB13FE90B6FC6C158000019038F07FC09138801FE091380007F049EB03F8
5BED01FC491300A216FE167EA816FE6D14FCA2ED01F86D13036DEB07F0150F9138801FE0
9138E07FC091B51280160001FB5B01F813F8EC3FC091C8FCAD387FFFE0B57EA36C5B2736
7FA32C>I<D87FFEEB3FC0B53801FFF0020713F8021F13FC6C5B39003F7FE1ECFF019138
FC00F84A13704A13005CA25C5CA391C8FCAF007FB512E0B67EA36C5C26247EA32C>114
D<90387FF8700003B512F8120F5A5A387FC00F387E00034813015AA36CEB00F0007F1400
13F0383FFFC06C13FE6CEBFF80000314E0C66C13F8010113FCEB0007EC00FE0078147F00
FC143F151F7EA26C143F6D133E6D13FE9038F007FC90B5FC15F815E000F8148039701FFC
0020247AA32C>I<131E133FA9007FB6FCB71280A36C1500D8003FC8FCB1ED03C0ED07E0
A5EC800F011FEB1FC0ECE07F6DB51280160001035B6D13F89038003FE0232E7EAD2C>I<
3A7FF003FF80486C487FA3007F7F0001EB000FB3A3151FA2153F6D137F3900FE03FF90B7
FC6D15807F6D13CF902603FE07130029247FA32C>I<3A7FFF01FFFCB514FE148314016C
15FC3A03E0000F80A26D131F00011500A26D5B0000143EA26D137E017C137CA2017E13FC
013E5BA2EB3F01011F5BA21483010F5BA214C701075BA214EF01035BA214FF6D90C7FCA2
6D5A147C27247EA32C>I<D87FFFEB7FFF6EB5FCB515806C16004A7ED807C0EB01F0A66C
6C495AA3143E147FA2D801F0495AECFF87A214F7A201F113C700005D9038F9E3CFA201FB
13EFA3D97BC190C7FC017F13FFA21480A2013F5B90381F007C29247FA32C>I<3A3FFF03
FFF048018713F8A36C010313F03A00FC007E005D90387E01F8013F5BEB1F83EC87E09038
0FCFC0903807EF80EB03FF6D90C7FC5C6D5A147C14FE130180903803EF80903807CFC0EB
0FC7EC83E090381F01F0013F7FEB7E00017C137C49137E0001803A7FFF01FFFC1483B514
FE6C15FC140127247EA32C>I<3A7FFF01FFFCB5008113FE148314816C010113FC3A03E0
000F806C7E151F6D140012005D6D133E137C017E137E013E137CA2013F13FC6D5BA2EB0F
815DA2EB07C1ECC3E0A2EB03E3ECE7C0130114F75DEB00FFA292C7FC80A2143EA2147E14
7CA214FC5CA2EA0C01003F5BEA7F83EB87E0EA7E0F495A387FFF806C90C8FC6C5A6C5AEA
07E027367EA32C>I<15FF02071380141F147F91B512004913C04AC7FCEB03F85CB31307
EB1FE013FF007F5BB55A49C8FC6D7E6C7FC67F131FEB07F01303B380EB01FEECFFC06D13
FF6E1380141F14070200130021417BB92C>123 D<EA7FC0EAFFF813FE6D7E6C7FC67F13
1FEB07F01303B380EB01FEECFFC06D13FF6E1380141F147F91B512004913C04AC7FCEB03
F85CB31307EB1FE013FF007F5BB55A49C8FC13F8EA7FC021417BB92C>125
D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fe cmr8 8 40
/Fe 40 122 df<14FF010713E090381F80F090383E003849137C4913FC485A1203491378
153092C7FCA7157CB612FCA23803E000157CB3A5486C13FE3A7FFF0FFFE0A2232F7FAE27
>12 D<123C127EB4FCA21380A2127F123D1201A312031300A25A1206120E5A5A5A126009
157A8714>44 D<B512C0A412047F9018>I<123C127E12FFA4127E123C08087A8714>I<EB
3FC0EBFFF03803E07C48487E48487E497E001EEB0780A2003E14C0A248EB03E0A500FC14
F0B0007C14E0A3007E1307003E14C0A36CEB0F806C14006D5A3807C03E3803F0FC3800FF
F0EB3FC01C2D7DAB23>48 D<000CEB0180380FC01F90B512005C5C14F014C0D80C7EC7FC
90C8FCA8EB1FC0EB7FF8380DE07C380F801F01001380000E130F000CEB07C0C713E0A214
0315F0A4127812FCA448EB07E012E0006014C00070130F6C14806CEB1F006C133E380780
F83801FFE038007F801C2D7DAB23>53 D<EB3F80EBFFF03803E0783807C03E48487E4848
7E003E14801407007E14C0127C00FC14E01403A315F0A5007C1307127EA2003E130F7E6C
131F3807803B3803E0F33800FFC390383F03E013001407A215C0A2140F001E1480003F14
005C143E143C003E5B001C5B380E03E03807FF80D801FEC7FC1C2D7DAB23>57
D<B612F815FF3A03F8001FE00001EC03F0ED00F8167E82EE1F80160F17C0EE07E0A2EE03
F0A217F81601A317FCAA17F8A3EE03F0A217E0160717C0160FEE1F80EE3F00167E5EED03
F00003EC1FE0B7128003F8C7FC2E2D7DAC36>68 D<B712FEA23903F800010001EC003E82
8282A282A3178016011518A293C7FCA31538157815F890B5FCA2EBF800157815381518A2
1760A392C712C0A4160117801603A21607160F163F0003913801FF00B8FCA22B2D7EAC30
>I<B512F0A23803FC006C5AB3B3A3487EB512F0A2142D7EAC19>73
D<D8FFF8903803FFFC7F00019138003FC06DEC0F006D1406EBBF80A2EB9FC0EB8FE01387
80EB83F8138180EB80FE147E147FEC3F80EC1FC0140F15E0EC07F0140315F8EC01FC1400
15FE157FED3F86151F16C6ED0FE6150716F6ED03FE1501A21500167E163EA2486C141ED8
0FF0140EB5FC16062E2D7DAC35>78 D<EC3FF0903801FFFE903907E01F8090391F8007E0
90393E0001F001FCEB00FC4848147E4848804848EC1F8049140F000F16C04848EC07E0A2
48C8EA03F0A24816F8A2007E1501A200FE16FCAA007FED03F8A36C16F06D1407001F16E0
A26C6CEC0FC06D141F000716806C6CEC3F006C6C147E6C6C5C017E495A90391F8007E090
3907E01F80902601FFFEC7FC9038003FF02E2F7CAD37>I<B612FCEDFF803A03F8000FE0
0001EC03F0ED00F882167E167F821780A617005E167E5E5EED03F0ED0FE090B6128003FC
C7FC01F8C9FCB2487EB512F0A2292D7EAC30>I<B612C015FC3903F8007F0001EC0FC06F
7E6F7E6F7E82150082A55E15015E4B5A4B5A4B5A037FC7FC90B512FC15F09038F800FC15
3E6F7E150F826F7EA582A5170316F815031707486C903801FC0EB539F000FE1CEE3FF8C9
EA07E0302E7DAC34>82 D<90383F80303901FFF0703807C07C390F000EF0001E13074813
034813011400127000F01470A315307EA26C1400127E127FEA3FE013FE381FFFE06C13FC
6C13FF00011480D8003F13E013039038003FF0EC07F81401140015FC157C12C0153CA37E
A215787E6C14706C14F06CEB01E039F78003C039E3F00F0038E07FFE38C00FF01E2F7CAD
27>I<B53C801FFFF001FFF8A22707FC000190C7EA3FC0D803F06D48EC1F00047E140EA2
6C6C027F140CA26D171C0000DBDF801318A26D1738017E9026018FC01330A2017F17706D
90260307E01360A2028016E0011F90260603F05BA202C01501010F90260C01F85BA202E0
1503010790261800FC90C7FCA202F05D010349EB7E06A202F8150E010149EB3F0CA202FC
151C010049EB1F98A202FE15B8DA7F80EB0FF0A2023F5D92C71207A26E5D021E1403A202
0E5D020C1401452E7FAC48>87 D<3B7FFFE003FFF8A2000390C713806C48EC7E00000015
7C017F14786D14706E5B6D6C5B6D6C485A15036D6C48C7FC903803F80601015BECFC1C6D
6C5AEC7F305DEC3FE06E5A140F816E7E81140DEC1DFCEC38FEEC307F14609138E03F8049
486C7EEC800FD903007F496D7E010E6D7E130C011C6D7E496D7E49147E167F01F0EC3F80
000316C0D80FF8EC7FE0D8FFFE0103B5FCA2302D7EAC35>I<13FF000713C0380F01F038
1C00F8003F137C80A2143F001E7FC7FCA4EB07FF137F3801FE1FEA07F0EA1FC0EA3F80EA
7F00127E00FE14065AA3143F7E007E137F007FEBEF8C391F83C7FC390FFF03F83901FC01
E01F207D9E23>97 D<EA07C012FFA2120F1207AC14FE9038C7FF809038CF03E09038DC01
F09038F8007C49137E49133E497F1680A2150F16C0A9ED1F80A216005D6D133E6D5B01B0
5B9038BC01F090380E07E0390607FF80260001FCC7FC222F7EAD27>I<EB1FE0EB7FFC38
01F01E3803E0073907C01F80EA0F80EA1F005A003EEB0F00007E90C7FCA2127C12FCA912
7EA215C07E6C130101801380380FC0033907E007003801F03E38007FF8EB1FC01A207E9E
1F>I<15F8141FA214011400ACEB0FE0EB7FF83801F81E3803E0073807C003380F8001EA
1F00481300123E127EA25AA9127C127EA2003E13017EEB8003000F13073903E00EFC3A01
F03CFFC038007FF090391FC0F800222F7EAD27>I<EB1F80EBFFF03803E0783807C03E38
0F801E381F001FEC0F80123E007E130715C0127C12FCA3B6FCA200FCC8FCA5127EA2003E
14C0123F6C1301390F80038001C013003803E00F3801F03C38007FF8EB1FC01A207E9E1F
>I<EB03F0EB0FFCEB3E1EEB7C3F13F8EA01F0A23803E00C1400AAB512E0A23803E000B3
A6487E387FFF80A2182F7FAE16>I<013F13F89038FFC3FE3903E1FF1E3807807C000F14
0C391F003E00A2003E7FA76C133EA26C6C5A00071378380FE1F0380CFFC0D81C3FC7FC90
C8FCA3121E121F380FFFF814FF6C14C04814F0391E0007F848130048147C12F848143CA4
6C147C007C14F86CEB01F06CEB03E03907E01F803901FFFE0038003FF01F2D7E9D23>I<
EA07C012FFA2120F1207AC14FE9038C3FF809038C703E09038DE01F013F8496C7EA25BA2
5BB2486C487E3AFFFE1FFFC0A2222E7EAD27>I<EA0780EA0FC0EA1FE0A4EA0FC0EA0780
C7FCA8EA07C012FFA2120F1207B3A5EA0FE0EAFFFCA20E2E7EAD14>I<EA07C012FFA212
0F1207ADEC1FFEA2EC0FF0EC07C05D020EC7FC5C5C5C5CEBC3C013C7EBCFE0EBDFF013F9
EBF0F8497EEBC07E143E80816E7E14076E7E816E7E486C487E3AFFFE07FF80A2212E7EAD
25>107 D<EA07C012FFA2120F1207B3B3A3EA0FE0EAFFFEA20F2E7EAD14>I<2607C07FEB
07F03BFFC3FFC03FFC903AC783F0783F3C0FCE01F8E01F803B07DC00F9C00F01F8D9FF80
13C04990387F000749137EA249137CB2486C01FEEB0FE03CFFFE0FFFE0FFFEA2371E7E9D
3C>I<3807C0FE39FFC3FF809038C703E0390FDE01F0EA07F8496C7EA25BA25BB2486C48
7E3AFFFE1FFFC0A2221E7E9D27>I<EB1FE0EB7FF83801F03E3803C00F3907800780390F
0003C04814E0003EEB01F0A248EB00F8A300FC14FCA9007C14F8A26CEB01F0A26CEB03E0
A2390F8007C03907C00F803901F03E0038007FF8EB1FE01E207E9E23>I<3807C0FE39FF
C7FF809038CF03E0390FDC01F03907F800FC49137E49133E49133FED1F80A3ED0FC0A815
1F1680A2ED3F00A26D137E6D137C5D9038FC01F09038CE07E09038C7FF80D9C1FCC7FC01
C0C8FCA9487EEAFFFEA2222B7E9D27>I<380781F838FF87FEEB8E3FEA0F9CEA07B813B0
EBF01EEBE000A45BB0487EB5FCA2181E7E9D1C>114 D<3801FE183807FFB8381E01F8EA
3C00481378481338A21418A27E7EB41300EA7FF06CB4FC6C13C06C13F0000113F838001F
FC130138C0007E143EA26C131EA27EA26C133CA26C137838FF01F038E3FFC000C0130017
207E9E1C>I<1360A413E0A312011203A21207121FB512F0A23803E000AF1418A7143838
01F03014703800F860EB3FE0EB0F80152A7FA81B>I<D807C013F800FF131FA2000F1301
00071300B21401A314033803E007EC0EFC3A01F81CFFC038007FF890391FE0F800221F7E
9D27>I<3AFFFC01FFC0A23A0FE0007E000007147C15380003143015706C6C1360A26C6C
5BA390387C0180A26D48C7FCA2EB3F07EB1F06A2EB0F8CA214DCEB07D8A2EB03F0A36D5A
A26D5A221E7F9C25>I<3BFFFC3FFE07FFA23B0FE003F001F801C09038E000F000070101
14E0812603E00314C0A2913807F8012701F006781380A29039F80E7C030000D90C3C1300
A290397C181E06A2151F6D486C5AA2168C90391F600798A216D890390FC003F0A36D486C
5AA36DC75A301E7F9C33>I<3AFFFC07FF80A23A0FF003FC000003EB01F0000114C06D48
5A000091C7FCEB7C06EB3E0E6D5A14B8EB0FB0EB07E013036D7E497E1307EB067C497EEB
1C1F01387FEB700F496C7E6E7ED803C07F00076D7E391FE003FC3AFFF007FFC0A2221D7F
9C25>I<3AFFFC01FFC0A23A0FE0007E000007147C1538000314306D137000011460A26C
6C5BA2EBFC01017C5BEB7E03013E90C7FCA2EB1F06A2148EEB0F8CA2EB07D8A2EB03F0A3
6D5AA26D5AA2495AA2130391C8FC1278EAFC06A25B131CEA7838EA7070EA3FE0EA0F8022
2B7F9C25>I E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Ff cmr6 6 3
/Ff 3 52 df<13E01201120712FF12F91201B3A7487EB512C0A212217AA01E>49
D<EA01FC3807FF80381C0FC0383003E0386001F0EB00F812F86C13FCA2147C1278003013
FCC7FC14F8A2EB01F0EB03E014C0EB0780EB0F00131E13385B5B3801C00CEA0380380600
185A5A383FFFF85AB512F0A216217CA01E>I<13FF000313C0380F03E0381C00F014F800
3E13FC147CA2001E13FC120CC712F8A2EB01F0EB03E0EB0FC03801FF00A2380003E0EB00
F01478147C143E143F1230127812FCA2143E48137E0060137C003813F8381E03F0380FFF
C00001130018227DA01E>I E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fg cmr7 7 3
/Fg 3 52 df<13381378EA01F8121F12FE12E01200B3AB487EB512F8A215267BA521>49
D<13FF000313E0380E03F0381800F848137C48137E00787F12FC6CEB1F80A4127CC7FC15
005C143E147E147C5C495A495A5C495A010EC7FC5B5B903870018013E0EA018039030003
0012065A001FB5FC5A485BB5FCA219267DA521>I<13FF000313E0380F01F8381C007C00
30137E003C133E007E133FA4123CC7123E147E147C5C495AEB07E03801FF8091C7FC3800
01E06D7E147C80143F801580A21238127C12FEA21500485B0078133E00705B6C5B381F01
F03807FFC0C690C7FC19277DA521>I E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fh cmsy10 10 1
/Fh 1 16 df<EB1FF0EBFFFE487F000714C04814E04814F04814F8A24814FCA3B612FEA9
6C14FCA36C14F8A26C14F06C14E06C14C0000114006C5BEB1FF01F1F7BA42A>15
D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fi cmti10 10 37
/Fi 37 122 df<150C151C153815F0EC01E0EC03C0EC0780EC0F00141E5C147C5C5C495A
1303495A5C130F49C7FCA2133EA25BA25BA2485AA212035B12075BA2120F5BA2121FA290
C8FCA25AA2123EA2127EA2127CA412FC5AAD1278A57EA3121C121EA2120E7EA26C7E6C7E
A212001E5274BD22>40 D<140C140E80EC0380A2EC01C015E0A2140015F0A21578A4157C
153CAB157CA715FCA215F8A21401A215F0A21403A215E0A21407A215C0140F1580A2141F
1500A2143EA25CA25CA2495AA2495A5C1307495A91C7FC5B133E133C5B5B485A12035B48
C8FC120E5A12785A12C01E527FBD22>I<EA03C0EA07F0120F121F13F8A313F0EA07B0EA
003013701360A213E013C01201EA038013005A120E5A5A5A5A5A0D197A8819>44
D<387FFFF8A2B5FCA214F0150579941E>I<120EEA3F80127F12FFA31300127E123C0909
778819>I<1703EF0780170FA2EF1F005F173E5FA25FA24C5A16035F4C5AA24C5AA24CC7
FCA2163E167E167C5EA24B5AA24B5A15075E4B5AA24BC8FCA2153E157E157C5DA24A5AA2
4A5A14075D4A5AA24AC9FCA2143EA25C14FC5C495AA2495AA2495A130F5C49CAFCA2133E
A25B13FC5B485AA2485AA2485A120F5B48CBFCA2123EA25AA25AA2127031537FBD2A>I<
EC03F8EC1FFEEC7C1F9138F80780D901E013C0903903C003E0EB0780010F1301D91F0013
F0A2133E137E017C130313FCA2485AA2000314075BA2120716E049130F120FA34848EB1F
C0A44848EB3F80A448C7EA7F00A3157E007E14FEA25D00FE13015DA248495AA25D007C13
075D4A5AA24AC7FC6C133E5C6C5B380F83E03807FF80C648C8FC243A77B72A>I<EC03FC
EC1FFF91387E07C09138F003E0903903C001F0D9078013F849C7FC131E011C14FC133CEB
38C0EB78E0EB7060150101F014F813E0A2ECE003D971C013F090387F8007D91E0013E090
C7EA0FC0ED1F80ED3F00157E5D49B45A4913E092C7FC9038000FC0EC03F014016E7E81A3
81A5007E130100FE5CA31403485C00E05C14074A5A5D4A5A007049C7FC0078137E6C13F8
381E07F03807FF80D801FCC8FC263A78B72A>51 D<010314186E13F8903907F007F091B5
12E016C01600495B15F8010E13E0020CC7FC011EC8FC131CA3133C1338A313781370A214
7F9038F3FFC09038EF83E09038FC01F0496C7E485A497F49137CC8FC157EA315FEA41401
000C5C123F5A1403485C5A4A5A12F800E05C140F4A5A5D6C49C7FC0070137E00785B387C
01F8383E07F0381FFFC06C90C8FCEA01F8253A77B72A>53 D<EC01FCEC0FFF023F138091
387E07C0903901F803E0EB03F0903907E001F0EB0FC0EB1F80013F14F814005B137E13FE
A2485AA2150312035BA2ED07F012075B150FA216E00003141FA2153FED7FC0120115FF6C
6C5A90397803BF8090383C0F3FD91FFC1300903807F07F90C7FC157E15FE5D14015D4A5A
A2003E495A007F495A5D4AC7FC00FE5B48137E007013F8387803F0387C0FE0383FFF806C
48C8FCEA03F8253A78B72A>57 D<0103B512F8A390390007F8005DA2140FA25DA2141FA2
5DA2143FA25DA2147FA292C7FCA25CA25CA21301A25CA21303A25CA21307A25CA2130FA2
5CA2131FA25CA2133FA25CA2137FA291C8FC497EB6FCA25C25397CB820>73
D<0107B612F817FF1880903B000FF0003FE04BEB0FF0EF03F8141FEF01FC5DA2023F15FE
A25DA2147FEF03FC92C7FCA24A15F817074A15F0EF0FE01301EF1FC04AEC3F80EFFE0001
034A5AEE0FF091B612C04CC7FCD907F8C9FCA25CA2130FA25CA2131FA25CA2133FA25CA2
137FA291CAFCA25BA25B1201B512FCA337397BB838>80 D<0103B612F017FEEFFF80903B
0007F8003FC04BEB0FF01707020FEC03F8EF01FC5DA2021F15FEA25DA2143FEF03FC5DA2
027FEC07F818F092C7120F18E04AEC1FC0EF3F004A14FEEE01F80101EC0FE091B6128004
FCC7FC9138FC003F0103EC0F80834A6D7E8301071403A25C83010F14075F5CA2011F140F
A25CA2133F161F4AECE007A2017F160F180E91C7FC49020F131C007F01FE153CB5913807
F078040313F0CAEAFFE0EF3F80383B7CB83D>82 D<003FB539800FFFFEA326007F80C7EA
7F8091C8EA3F00173E49153CA2491538A20001167817705BA2000316F05F5BA200071501
5F5BA2000F15035F5BA2001F150794C7FC5BA2003F5D160E5BA2007F151E161C90C8FCA2
163C4815385A16781670A216F04B5A5E1503007E4A5A4BC8FC150E6C143E6C6C5B15F039
0FC003E03907F01FC00001B5C9FC38007FFCEB1FE0373B70B83E>85
D<49B5D8F007B5FCA3D9000790C713E0DA03FCEC7F00187C020115786F5C4D5A02005D6F
495A4DC7FC6F5BEE801E5F033F5BEEC0705F92381FC1C016E3EEE780DB0FEFC8FC16FE6F
5A5EA2150382A2150782150F151CED3CFF5D4B7EDA01E07FEDC03FDA03807FEC0700020E
131F021E805C4A130F0270805C49481307494880130749C71203011E81133E01FE81D807
FF1407B500E090387FFFFC93B5FC6040397CB83E>88 D<14F8EB07FE90381F871C90383E
03FE137CEBF801120148486C5A485A120FEBC001001F5CA2EA3F801403007F5C1300A214
07485C5AA2140F5D48ECC1C0A2141F15831680143F1587007C017F1300ECFF076C485B90
38038F8E391F0F079E3907FE03FC3901F000F0222677A42A>97 D<133FEA1FFFA3C67E13
7EA313FE5BA312015BA312035BA31207EBE0F8EBE7FE9038EF0F80390FFC07C013F89038
F003E013E0D81FC013F0A21380A2123F1300A214075A127EA2140F12FE4814E0A2141F15
C05AEC3F80A215005C147E5C387801F8007C5B383C03E0383E07C0381E1F80D80FFEC7FC
EA01F01C3B77B926>I<147F903803FFC090380FC1E090381F0070017E13784913383901
F801F83803F003120713E0120FD81FC013F091C7FC485AA2127F90C8FCA35A5AA45AA315
3015381578007C14F0007EEB01E0003EEB03C0EC0F806CEB3E00380F81F83803FFE0C690
C7FC1D2677A426>I<ED01F815FFA3150316F0A21507A216E0A2150FA216C0A2151FA216
80A2153FA202F81300EB07FE90381F877F90383E03FF017C5BEBF80112013803F0004848
5B120FEBC001121F5DEA3F801403127F01005BA214075A485CA2140FA248ECC1C0A2141F
15C3ED8380143F1587007C017F1300ECFF076C485B9038038F8E391F0F079E3907FE03FC
3901F000F0253B77B92A>I<147F903803FFC090380FC1E090383F00F0017E13785B485A
485A485A120F4913F8001F14F0383F8001EC07E0EC1F80397F81FF00EBFFF891C7FC90C8
FC5A5AA55AA21530007C14381578007E14F0003EEB01E0EC03C06CEB0F806CEB3E003807
81F83803FFE0C690C7FC1D2677A426>I<ED07C0ED1FF0ED3E38ED7C3CEDF8FC15F91401
15F1020313F8EDF0F0160014075DA4140F5DA4141F5D010FB512C05B16809039003F8000
92C7FCA45C147EA414FE5CA413015CA413035CA413075CA4130F5CA3131F5CA391C8FC5B
121CEA7E3EA2EAFE3C137C1378EAF8F01278EA3FC0EA0F80264C82BA19>I<EC07C0EC3F
F09138FC38E0903901F01FF0EB03E0903807C00FEB0F80011F1307D93F0013E05B017E13
0F13FE4914C01201151F1203491480A2153F1207491400A25DA249137EA215FEA25D0003
1301140314076C6C485A0000131FEB787BEB3FF390380FC3F0EB00031407A25DA2140F5D
121C007E131F5D00FE49C7FC147E5C387801F8387C07E0381FFF80D803FEC8FC24367CA4
26>I<EB03F0EA01FFA3EA00075CA3130F5CA3131F5CA3133F91C8FCA35B90387E07F0EC
1FFCEC783E9038FFE01F02C01380EC800F1400485A16C05B49EB1F8012035BA2153F0007
15005BA25D000F147E5B15FE5D121FD98001131C15F8163C003F01031338010013F0A216
704814E0007E15F016E0EDE1C000FE903801E38048903800FF000038143C263B7BB92A>
I<EB01C0EB07E014F0130F14E01307EB038090C7FCAB13F0EA03FCEA071EEA0E1F121CA2
12385B1270A25BEAF07E12E013FEC65AA212015B1203A25B12075BA2000F13E013C013C1
001F13C01381A2EB83801303EB0700A2130E6C5AEA07F8EA01E0143879B619>I<EB03F0
EA01FFA3EA00075CA3130F5CA3131F5CA3133F91C8FCA35B017EEB0F80ED3FE015F09039
FE01C1F09038FC0387EC0707140E0001011C13E0EBF83891383003800270C7FC00035BEB
F1C0EBF38001FFC8FCEA07FC7FEBFFC0EBE7F8380FE1FCEBC07E147F80001F809039801F
81C0A21583003F013F138001001303A21507481500007E133EEC1E0E151E00FE6D5A48EB
07F80038EB01E0243B7BB926>107 D<EB0FC0EA07FFA3EA001F1480A2133FA21400A25B
A2137EA213FEA25BA21201A25BA21203A25BA21207A25BA2120FA25BA2121FA25BA2123F
A290C7FCA25AA2EA7E0EA212FE131EEAFC1CA2133C133812F81378EA7870EA7CE0121FEA
0F80123B79B915>I<D801E001FEEB07F03C07F803FF801FFC3C0E3C0F07C0783E3C1E3E
3C03E1E01F261C1F78D9F3C013803C383FF001F7800F02E01400007801C013FE007018C0
02805B4A4848EB1F80EAF07FD8E07E5CA200000207143F01FE1700495CA2030F5C000117
7E495C18FE031F5C120349DA8001131C18F8033F153C00070403133849020013F0A24B15
70000F17E049017E15F019E003FEECE1C0001FEE01E34949903800FF000007C70038143C
3E2679A444>I<D801E013FE3A07F803FF803A0E3C0F07C03A1E3E3C03E0261C1F787F39
383FF00114E0007813C000708114804A485AEAF07FEAE07EA20000140701FE5C5BA2150F
00015D5B151F5E12034990383F8380160316070007027F130049137EA2160E000F147C49
141E161C5E001FEC3C7849EB1FE00007C7EA0780292679A42F>I<147F903803FFC09038
0FC1F090381F00F8017E137C5B4848137E4848133E0007143F5B120F485AA2485A157F12
7F90C7FCA215FF5A4814FEA2140115FC5AEC03F8A2EC07F015E0140F007C14C0007EEB1F
80003EEB3F00147E6C13F8380F83F03803FFC0C648C7FC202677A42A>I<9039078007C0
90391FE03FF090393CF0787C903938F8E03E9038787FC00170497EECFF00D9F0FE148013
E05CEA01E113C15CA2D80003143FA25CA20107147FA24A1400A2010F5C5E5C4B5A131F5E
EC80035E013F495A6E485A5E6E48C7FC017F133EEC70FC90387E3FF0EC0F8001FEC9FCA2
5BA21201A25BA21203A25B1207B512C0A3293580A42A>I<3903C003F0390FF01FFC391E
783C0F381C7C703A3C3EE03F8038383FC0EB7F800078150000701300151CD8F07E90C7FC
EAE0FE5BA2120012015BA312035BA312075BA3120F5BA3121F5BA3123F90C9FC120E2126
79A423>114 D<14FE903807FF8090380F83C090383E00E04913F00178137001F813F000
01130313F0A215E00003EB01C06DC7FC7FEBFFC06C13F814FE6C7F6D13807F010F13C013
00143F141F140F123E127E00FE1480A348EB1F0012E06C133E00705B6C5B381E03E06CB4
5AD801FEC7FC1C267AA422>I<EB0380EB07C0130FA4131F1480A3133F1400A35B137E00
7FB5FCA2B6FC3800FC00A312015BA312035BA312075BA3120F5BA3121FEB801CA2143C00
3F1338EB0078147014F014E0EB01C0EA3E03381F0780380F0F00EA07FCEA01F0183579B3
1C>I<13F8D803FEEB01C0D8078FEB03E0390E0F8007121E121C0038140F131F007815C0
1270013F131F00F0130000E015805BD8007E133FA201FE14005B5D120149137EA215FE12
0349EBFC0EA20201131E161C15F813E0163CD9F003133814070001ECF07091381EF8F03A
00F83C78E090393FF03FC090390FC00F00272679A42D>I<01F0130ED803FC133FD8071E
EB7F80EA0E1F121C123C0038143F49131F0070140FA25BD8F07E140000E08013FEC6485B
150E12015B151E0003141C5BA2153C000714385B5DA35DA24A5A140300035C6D48C7FC00
01130E3800F83CEB7FF8EB0FC0212679A426>I<903907E007C090391FF81FF89039787C
383C9038F03E703A01E01EE0FE3803C01F018013C0D8070014FC481480000E1570023F13
00001E91C7FC121CA2C75AA2147EA214FEA25CA21301A24A1370A2010314F016E0001C5B
007E1401010714C000FEEC0380010F1307010EEB0F0039781CF81E9038387C3C393FF03F
F03907C00FC027267CA427>120 D<13F0D803FCEB01C0D8071EEB03E0D80E1F1307121C
123C0038140F4914C01270A249131FD8F07E148012E013FEC648133F160012015B5D0003
147E5BA215FE00075C5BA214015DA314035D14070003130FEBF01F3901F87FE038007FF7
EB1FC7EB000F5DA2141F003F5C48133F92C7FC147E147C007E13FC387001F8EB03E06C48
5A383C1F80D80FFEC8FCEA03F0233679A428>I E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fj cmbx10 10 48
/Fj 48 124 df<913803FFC0027F13F00103B512FC010FEB00FED93FF8133FD97FE0EBFF
8049485A5A1480484A13C04A6C1380A36F1300167E93C7FCA592383FFFC0B8FCA4000390
C7FCB3ABB5D8FC3F13FFA4303A7EB935>12 D<D80F80137C393FE001FF486C481380A248
6C4813C0A201FC14E0A3007F7FA2003F7F390F9C007CD8001C1300013C1301013814C0A3
017813030170148001F013074848EB0F00A24848131E48485B48C75A4814F8001C14E000
185C231D7DB932>34 D<EA0F80EA3FE0EA7FF0A2EAFFF8A5EA7FF0A2EA3FE0EA0F800D0D
798C1B>46 D<141E143E14FE1307133FB5FCA313CFEA000FB3B3A6007FB61280A4213779
B630>49 D<EB0FFC90387FFFC048B512F0000714FC390FF03FFF261F800F1380263F0003
13C05AD9C00113E0486C6C13F07FA2ED7FF8A46C5A6C5A000FC7FCC8FCEDFFF0A216E05C
16C04A138016004A5A5D4A5A4A5A4A5AEC7F8092C7FC14FEEB01F849481378495A495A49
5A013EC712F84914F05B4848130148B6FCA25A5A5A5A4815E0B7FCA425377BB630>I<EB
03FF011F13F0017F13FC3901FC07FF2603F003138048486C13C0496C13E0EA0FF001FC14
F0121F7FA56C4814E0A23803F001C714C04A138016004A5A4A5AEC3FF090380FFFC092C7
FC15F090380007FE913801FF806E13C016E0ED7FF016F816FC153FA216FEEA1FC0487E48
7E487EA416FCA249EB7FF8127F01C0EBFFF06C4814E06C6C4813C0260FFC0713806CB612
00000114FC6C6C13F0010790C7FC27387CB630>I<ED07C0150FA2151F153F157F15FFA2
5C5C5C5CA2141E5C147C5C5C495A495A1307495A5C131E5B137C5B5B485A485A1207485A
90C7FC121E5A127C5AB81280A4C70001EBC000AA0103B61280A429377DB630>I<001C15
C0D81F80130701F8137F90B61280A216005D5D15F05D15804AC7FC14F090C9FCA8EB07FE
90383FFFE090B512F89038FC07FC9038E003FFD98001138090C713C0120EC813E0157F16
F0A216F8A21206EA3F80EA7FE012FF7FA44914F0A26C4813FF90C713E0007C15C06C5B6C
491380D9C0071300390FF01FFE6CB512F8000114E06C6C1380D90FF8C7FC25387BB630>
I<EC0FF8ECFFFE0103EBFF8090390FF80FC090393FE003E090397FC001F09038FF000F48
EC1FF84848133F485A120F5B121FA2003FEC1FF0ED0FE04990C7FC127FA21408EC7FF039
FFF1FFFC01F313FFD9F78013809039FF007FC049EB3FE04914F0ED1FF85B16FCA34914FE
A5127FA5123F16FCA26C7E16F8000F143F6C6C14F0ED7FE06C6C14C03A01FF81FF806C90
B51200013F13FC010F13F00101138027387CB630>I<123C123EEA3FE090B71280A41700
485D5E5E5EA25E007CC7EA0FC000784A5A4BC7FC00F8147E48147C15FC4A5A4A5AC7485A
5D140F4A5A143F92C8FC5C147E14FE1301A2495AA31307A2130F5CA2131FA5133FA96D5A
6D5A6D5A293A7BB830>I<EB1FFE48B512E0000714F8390FE00FFE393F0003FF4815806D
7ED8FFC014C013E0A5EA7FC06C48481380EA1F00C7481300EC0FFC4A5AEC3FE04A5A92C7
FC14FE5C495AA25C495AA25CA990C9FCA7EB07C0EB1FF0497EA2497EA56D5AA26D5AEB07
C0223A7BB92D>63 D<ED03E04B7EA24B7EA34B7EA24B7EA34B7EA292B57EA34A8015F302
038015E1A202078015C0020F80ED807FA2021F80ED003F4A80023E131FA2027E80027C7F
02FC814A7FA20101824A7F49B77EA3498202C0C7FC010F824A147FA2011F8291C8123F49
82013E151FA2017E82017C8101FE83B500F80107B61280A4413A7DB948>65
D<DB3FFCEB01C00203B5EAC003021FECF00791B6EAFC0F01039039FC00FF3F4901C0EB1F
FFD91FFEC77E49481403D97FF080494880485B48177F4849153F4890C9FC181F485A180F
123F5B1807127FA24993C7FC12FFAD127F7FF003C0123FA27F001F1707A26C6C1780180F
6C6D16006C6D5D6C173E6C6D157ED97FF85D6D6C4A5A6DB44A5A010701C0EB0FE06D01FC
EBFF80010090B548C7FC021F14F8020314E09126003FFEC8FC3A3B7BB945>67
D<B87E17F817FF18C028007FF8000713F09338007FF8EF1FFE717E050313807113C0A271
13E0F07FF0A2F03FF8A219FC181FA219FEA419FFAC19FEA419FC183FA219F8187F19F0F0
FFE0A24D13C04D13804D1300EF1FFEEF7FFC933807FFF0B912C095C7FC17FC178040397D
B849>I<B912F0A426007FF8C7FCEF1FF8170717031701A21700A21878A3043C137C183C
A41800167CA216FC150391B5FCA4ECF8031500167CA2163C180FA3181EA293C7FCA2183E
A2183C187CA218FCA2EF01F81703170F173FEE01FFB9FC18F0A338397DB83F>I<B912C0
A43A007FF800039338007FE0171F170F1707A21703A21701A318F0EE7800A41800A216F8
A21501150791B5FCA4ECF80715011500A21678A693C8FCADB7FCA434397DB83C>I<B600
FC0103B512C0A426007FF8C8381FE00019804EC7FC18FEEF01F84D5A4D5A4D5AEF3F8005
7EC8FC5F4C5A4C5AEE0FE0EE1F804CC9FC167E5EED03F84B7E4B7E4B7E4B7F5D02F9B57E
DAFBF77FDAFFE37F15C103807F4A487F4A6D7E4A133F707E707F8482707F707F8482717E
717E8483717F717F858385B600FC017FEBFFE0A443397DB84B>75
D<B500F80403B512F06E5EA26E5ED8007FF1E000A2D97BFF161EA201796D5DA201786D5D
A26E6C5DA36E6C4A5AA26E6C4A5AA26E6C4A5AA26E6C4A5AA26E6C141EA36E6D5BA26E6D
5BA26F6C5BA26F6C485AA36F6C485AA26F6C485AA26F6C48C7FCA2923803FF1EA36F13BC
A26F13F8A2705AA2705AA213FCB500FC6D4848B612F0A2EE0F80EE070054397DB85B>77
D<B8FC17F017FEEFFF8028007FF8000F13C0040113E07013F0EF7FF8EF3FFCA2EF1FFEA2
18FFA818FEA2EF3FFCA2EF7FF8EFFFF04C13E0040F13C091B7120017FC17E002F8C9FCB3
A4B612FCA438397DB841>80 D<B712FCEEFFE017FC17FF28007FF8000F13C004017F707F
717E717EA2717EA284A760A24D5A604D5A4D5A04035B041F90C8FC91B612FC17E0839139
F8003FFCEE0FFF707F707F8284A2707FA584A51A601AF084177F1901DD3FFE13E0B600FC
011F130394390FFF87C071EBFF8005011400CBEA1FFC443A7DB848>82
D<D907FF130E013FEBE01E90B5EAF83E0003ECFE7E3A07FC01FFFE390FF0001F4848130F
48481303491301007F140090C8FC167E5A163EA27F161E7F7F6D91C7FC13FC387FFFE014
FEECFFF06C14FE6F7E6C816C15F06C816C81C681133F010F801301D9000F1480EC007F03
0F13C01503818100F0157FA3163FA27E17807E167F6C16007E6D14FE01E0495A01F81303
9039FF801FF800FC90B512E0D8F83F5CD8F00749C7FC39E0007FF02A3B7BB935>I<003F
B91280A4D9F800EBF003D87FC09238007FC049161F007EC7150FA2007C1707A200781703
A400F818E0481701A4C892C7FCB3AE010FB7FCA43B387DB742>I<B600F049B512E0A4C6
01FCC8380FF000017F705A6E4B5A6D6C4B5A6D7F4EC7FC6D6D147E6D7F606D6D495A6D7F
4D5A6D6D495A6E7E4D5A6E6C495A6E13804DC8FC6EEBC07E6E13E05F6EEBF1F86E13F9EE
FBF06EEBFFE0815F6F5B816F90C9FCB3A2021FB6FCA443397EB848>89
D<0160130301E05B0003141F49131E48485B48C75A001E5CA248495A00385C0078130300
705CA300F013074891C7FCD8E7C0133ED8FFF0EBFF8001F814C0A201FC14E0A3007F7FA2
6C486C13C0A26C486C1380D807C0EB3E00231D75B932>92 D<EB3FFE0003B512E0000F14
F8391FF00FFE003FEB03FF6D6C7F6E7FA26F7EA26C5A6C5AEA0380C8FCA2EC3FFF010FB5
FC137F3901FFF87F00071380380FFE00EA3FF85B485A12FF5BA415FF6D5A127F263FF007
13F83B1FFC1FBFFFC0390FFFFE1F0003EBF80F39003FE0032A257DA42E>97
D<13FFB5FCA412077EAF4AB47E020F13F0023F13FC9138FE03FFDAF00013804AEB7FC002
80EB3FE091C713F0EE1FF8A217FC160FA217FEAA17FCA3EE1FF8A217F06E133F6EEB7FE0
6E14C0903AFDF001FF80903AF8FC07FE009039F03FFFF8D9E00F13E0D9C00390C7FC2F3A
7EB935>I<903801FFC0010F13FC017F13FFD9FF8013802603FE0013C048485AEA0FF812
1F13F0123F6E13804848EB7F00151C92C7FC12FFA9127FA27F123FED01E06C7E15036C6C
EB07C06C6C14806C6C131FC69038C07E006DB45A010F13F00101138023257DA42A>I<EE
7F80ED7FFFA4150381AF903801FF81010F13F1013F13FD9038FFC07F0003EB001FD807FC
1307000F8048487F5B123FA2485AA312FFAA127FA27F123FA26C6C5B000F5C6C6C5B6C6C
4913C02701FF80FD13FE39007FFFF9011F13E1010313012F3A7DB935>I<903803FF8001
1F13F0017F13FC3901FF83FE3A03FE007F804848133F484814C0001FEC1FE05B003FEC0F
F0A2485A16F8150712FFA290B6FCA301E0C8FCA4127FA36C7E1678121F6C6C14F86D14F0
00071403D801FFEB0FE06C9038C07FC06DB51200010F13FC010113E025257DA42C>I<EC
1FF0903801FFFC010713FF90391FF87F8090383FE0FFD9FFC113C0A2481381A24813016E
1380A2ED3E0092C7FCA8B6FCA4000390C8FCB3ABB512FEA4223A7DB91D>I<161FD907FE
EBFFC090387FFFE348B6EAEFE02607FE07138F260FF801131F48486C138F003F15CF4990
387FC7C0EEC000007F81A6003F5DA26D13FF001F5D6C6C4890C7FC3907FE07FE48B512F8
6D13E0261E07FEC8FC90CAFCA2123E123F7F6C7E90B512F8EDFF8016E06C15F86C816C81
5A001F81393FC0000F48C8138048157F5A163FA36C157F6C16006D5C6C6C495AD81FF0EB
07FCD807FEEB3FF00001B612C06C6C91C7FC010713F02B377DA530>I<13FFB5FCA41207
7EAFED7FC0913803FFF8020F13FE91381F03FFDA3C01138014784A7E4A14C05CA25CA291
C7FCB3A3B5D8FC3F13FFA4303A7DB935>I<EA01F0EA07FC487EA2487EA56C5AA26C5AEA
01F0C8FCA913FF127FA412077EB3A9B512F8A4153B7DBA1B>I<13FFB5FCA412077EAF92
380FFFE0A4923803FC0016F0ED0FE0ED1F804BC7FC157E5DEC03F8EC07E04A5A141FEC7F
E04A7E8181A2ECCFFEEC0FFF496C7F806E7F6E7F82157F6F7E6F7E82150F82B5D8F83F13
F8A42D3A7EB932>107 D<13FFB5FCA412077EB3B3ACB512FCA4163A7DB91B>I<01FED97F
E0EB0FFC00FF902601FFFC90383FFF80020701FF90B512E0DA1F81903983F03FF0DA3C00
903887801F000749DACF007F00034914DE6D48D97FFC6D7E4A5CA24A5CA291C75BB3A3B5
D8FC1FB50083B512F0A44C257DA451>I<01FEEB7FC000FF903803FFF8020F13FE91381F
03FFDA3C011380000713780003497E6D4814C05CA25CA291C7FCB3A3B5D8FC3F13FFA430
257DA435>I<903801FFC0010F13F8017F13FFD9FF807F3A03FE003FE048486D7E48486D
7E48486D7EA2003F81491303007F81A300FF1680A9007F1600A3003F5D6D1307001F5DA2
6C6C495A6C6C495A6C6C495A6C6C6CB45A6C6CB5C7FC011F13FC010113C029257DA430>
I<9039FF01FF80B5000F13F0023F13FC9138FE07FFDAF00113800007496C13C06C0180EB
7FE091C713F0EE3FF8A2EE1FFCA3EE0FFEAA17FC161FA217F8163F17F06E137F6E14E06E
EBFFC0DAF00313809139FC07FE0091383FFFF8020F13E0020390C7FC91C9FCACB512FCA4
2F357EA435>I<9038FE03F000FFEB0FFEEC3FFF91387C7F809138F8FFC000075B6C6C5A
5CA29138807F80ED3F00150C92C7FC91C8FCB3A2B512FEA422257EA427>114
D<90383FF0383903FFFEF8000F13FF381FC00F383F0003007E1301007C130012FC15787E
7E6D130013FCEBFFE06C13FCECFF806C14C06C14F06C14F81203C614FC131F9038007FFE
140700F0130114007E157E7E157C6C14FC6C14F8EB80019038F007F090B512C000F81400
38E01FF81F257DA426>I<130FA55BA45BA25B5BA25A1207001FEBFFE0B6FCA3000390C7
FCB21578A815F86CEB80F014816CEBC3E090383FFFC06D1380903803FE001D357EB425>
I<01FFEC3FC0B5EB3FFFA4000714016C80B3A35DA25DA26C5C6E4813E06CD9C03E13FF90
387FFFFC011F13F00103138030257DA435>I<B539F001FFF8A4000390C7EA3F00161E6E
133E6C153C6E137C6C15786E13F8017F5CECF001013F5C14F8011F495AA2ECFC07010F5C
ECFE0F010791C7FC6E5A6D131E15BE6D13BC15FC6D5BA36E5AA26E5AA26E5AA26E5AA22D
257EA432>I<B539F01FFFF0A4000390398003F8006C01C013E06C1407D97FE05B6D6C48
5A6E48C7FC90381FFC3E010F5B903807FEFC6D6C5A5D6D5B6D5B6E7E6E7E814A7EA24A7E
903801F3FFD903E37FD907C17FEB0FC049486C7E4A6C7E013E80496D7E49130F00016E7E
B590383FFFF8A42D257EA432>120 D<B539F001FFF8A4000390C7EA3F00161E6E133E6C
153C6E137C6C15786E13F8017F5CECF001013F5C14F8011F495AA2ECFC07010F5CECFE0F
010791C7FC6E5A6D131E15BE6D13BC15FC6D5BA36E5AA26E5AA26E5AA26E5AA292C8FCA2
5C141E003F133E387F803C38FFC07C147814F8EBC1F0EBC3E06C485A387D1F80D83FFFC9
FCEA1FFCEA07F02D357EA432>I<003FB612C0A3D9F0031380EB800749481300003E5C00
3C495A007C133F5D0078495A14FF5D495B5BC6485B92C7FC495A131F5C495A017FEB03C0
EBFFF014E04813C05AEC80074813005A49EB0F80485A003F141F4848133F9038F001FFB7
FCA322257DA42A>I<B812FEA32F03809730>I E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fk cmr10 10 81
/Fk 81 124 df<DA0FF813FC91397FFF07FF903B01F807DF83C0903A07E001FF0F903B1F
8007FE1FE090393F000FFC137E16F85B9338F007804848010790C7FC1503ACB812F8A328
01F80003F0C7FCB3AB486C497E267FFFE0B512F0A3333B7FBA30>11
D<EC0FF8EC7FFE903901F80780903907E001C090391F8000E090383F0007017E497EA25B
A2485A6F5AED018092C8FCA9ED03F0B7FCA33901F8000F1503B3AA486C497E267FFFE0B5
12C0A32A3B7FBA2E>I<EC0FFC91387FFF70903901F803F0903807E00790381F800FEB3F
00137EA25B150748481303ADB7FCA33901F80003B3AB486C497E267FFFE0B512C0A32A3B
7FBA2E>I<DA0FF0EB1FF0DA7FFEEBFFFC903B01F80F83F00F903C07E001CFC00380903C
1F8000FF0001C090273F0007FE130F017E4948497EA2495CA248485C03076E5A03030203
C7FC95C8FCA9F007E0BAFCA33C01F80003F0001F1807B3AA486C496C497E267FFFE0B500
C1B51280A3413B7FBA45>I<EA07C0EA1FF0EA3838EA600CA2EAC006A5EA600CA2EA3838
EA1FF0EA07C00F0F69BB3E>23 D<001C131C007F137F39FF80FF80A26D13C0A3007F137F
001C131C00001300A40001130101801380A20003130301001300485B00061306000E130E
485B485B485B006013601A197DB92A>34 D<030C1303031E497EA2033E130FA2033C91C7
FCA2037C5BA20378131EA303F8133EA24B133CA20201147CA24B1378A2020314F8A24B5B
A302071301007FB91280BA12C0A26C1880C7271F0007C0C7FC021E5CA3023E130FA2023C
91C8FCA2027C5BA20278131EA302F8133E007FB91280BA12C0A26C1880280003E000F8C8
FC4A5BA301071301A202805BA2010F1303A202005BA2491307A2011E5CA3013E130FA201
3C91C9FCA2017C5BA20178131EA20130130C3A4A7BB945>I<121C127FEAFF80A213C0A3
127F121C1200A412011380A2120313005A1206120E5A5A5A12600A1979B917>39
D<146014E0EB01C0EB0380EB0700130E131E5B5BA25B485AA2485AA212075B120F90C7FC
A25A121EA2123EA35AA65AB2127CA67EA3121EA2121F7EA27F12077F1203A26C7EA26C7E
1378A27F7F130E7FEB0380EB01C0EB00E01460135278BD20>I<12C07E12707E7E7E120F
6C7E6C7EA26C7E6C7EA21378A2137C133C133E131EA2131F7FA21480A3EB07C0A6EB03E0
B2EB07C0A6EB0F80A31400A25B131EA2133E133C137C1378A25BA2485A485AA2485A48C7
FC120E5A5A5A5A5A13527CBD20>I<15301578B3A6007FB812F8B912FCA26C17F8C80078
C8FCB3A6153036367BAF41>43 D<121C127FEAFF80A213C0A3127F121C1200A412011380
A2120313005A1206120E5A5A5A12600A19798817>I<B512FCA516057F941C>I<121C127F
EAFF80A5EA7F00121C0909798817>I<150C151E153EA2153C157CA2157815F8A215F014
01A215E01403A215C01407A21580140FA215005CA2141E143EA2143C147CA2147814F8A2
5C1301A25C1303A2495AA25C130FA291C7FC5BA2131E133EA2133C137CA2137813F8A25B
1201A25B1203A25B1207A25B120FA290C8FC5AA2121E123EA2123C127CA2127812F8A25A
12601F537BBD2A>I<EB03F8EB1FFF90387E0FC09038F803E03901E000F0484813780007
147C48487FA248C77EA2481580A3007EEC0FC0A600FE15E0B3007E15C0A4007F141F6C15
80A36C15006D5B000F143EA26C6C5B6C6C5B6C6C485A6C6C485A90387E0FC0D91FFFC7FC
EB03F8233A7DB72A>I<EB01C013031307131F13FFB5FCA2131F1200B3B3A8497E007FB5
12F0A31C3879B72A>I<EB0FF0EB7FFE48B57E3903E03FE0390F000FF0000E6D7E486D7E
486D7E123000706D7E126012FCB4EC7F807FA56CC7FC121CC8FCEDFF00A34A5A5D14035D
4A5A5D140F4A5A4A5A92C7FC147C5C495A495A495A495A91C8FC011EEB01805B5B491303
48481400485A485A000EC75A000FB6FC5A5A485CB6FCA321387CB72A>I<EB07F8EB3FFF
4913C03901F80FF03903C007F848486C7E380E0001000F80381FE0006D7FA56C5A6C5AC8
5A1401A25D4A5AA24A5A5DEC0F80027EC7FCEB1FFCECFF809038000FE06E7EEC01FC816E
7EED7F80A216C0A2153F16E0A2121EEA7F80487EA416C049137F007F1580007EC7FC0070
ECFF006C495A121E390F8003F83907F00FF00001B512C06C6C90C7FCEB0FF8233A7DB72A
>I<1538A2157815F8A2140114031407A2140F141F141B14331473146314C313011483EB
030313071306130C131C131813301370136013C01201EA038013005A120E120C5A123812
305A12E0B712F8A3C73803F800AB4A7E0103B512F8A325397EB82A>I<0006140CD80780
133C9038F003F890B5FC5D5D158092C7FC14FC38067FE090C9FCABEB07F8EB3FFE903878
0F803907E007E090388003F0496C7E12066E7EC87EA28181A21680A4123E127F487EA490
C71300485C12E000605C12700030495A00385C6C1303001E495A6C6C485A3907E03F8000
01B5C7FC38007FFCEB1FE0213A7CB72A>I<EC3FC0903801FFF0010713FC90380FE03E90
383F800790387E001F49EB3F804848137F485AA2485A000FEC3F0049131E001F91C7FCA2
485AA3127F90C9FCEB01FC903807FF8039FF1E07E090383801F0496C7E01607F01E0137E
497FA249148016C0151FA290C713E0A57EA56C7E16C0A2121FED3F807F000F15006C6C5B
15FE6C6C5B6C6C485A3900FE07F090383FFFC06D90C7FCEB03FC233A7DB72A>I<EB03F8
EB1FFF017F13C09038FC07F03901E001F848486C7E4848137C90C77E48141E000E141F00
1E80A3121FA27F5D01E0131E6C6C133E01FC133C6D5B6C6C6C5AECC1E06CEBF3C06C01FF
C7FC6C5BEB3FFF6D13C081017F13F801F07F3903E07FFE3907801FFF48486C1380481303
003E6D13C0003CEB007F007C143F0078EC0FE000F814075A1503A21501A36C15C0127815
03007C15806CEC07006C5C6C6C131ED807E0137C3903F803F0C6B55A013F1380D907FCC7
FC233A7DB72A>56 D<EB03F8EB1FFF017F13C09038FC07E03903F803F048486C7E48486C
7E49137E121F48487FA2007F158090C7FCA248EC1FC0A616E0A56C143FA27F123F001F14
7FA26C6C13FF3907E001DF0003149F3801F0033900FC0F1FD93FFC13C0EB07F090C7FC15
3F1680A316005D000F147E487E486C5BA24A5A4A5A49485A6C48485A001C495A260F807F
C7FC3807FFFC000113F038003FC0233A7DB72A>I<121C127FEAFF80A5EA7F00121CC7FC
B2121C127FEAFF80A5EA7F00121C092479A317>I<121C127FEAFF80A5EA7F00121CC7FC
B2121C127F5A1380A4127F121D1201A412031300A25A1206A2120E5A121812385A126009
3479A317>I<1538A3157CA315FEA34A7EA34A6C7EA202077FEC063FA2020E7FEC0C1FA2
021C7FEC180FA202387FEC3007A202707FEC6003A202C07F1501A2D901807F81A249C77F
167FA20106810107B6FCA24981010CC7121FA2496E7EA3496E7EA3496E7EA213E0707E12
01486C81D80FFC02071380B56C90B512FEA3373C7DBB3E>65 D<B712E016FC16FF000190
3980007FC06C90C7EA1FE0707E707E707EA2707EA283A75F16035F4C5A4C5A4C5A4C5AEE
FF8091B500FCC7FCA291C7EA7F80EE1FE0EE07F0707E707E83707EA21880177F18C0A718
8017FFA24C13005F16034C5AEE1FF8486DEB7FF0B812C094C7FC16F832397DB83B>I<91
3A01FF800180020FEBE003027F13F8903A01FF807E07903A03FC000F0FD90FF0EB039F49
48EB01DFD93F80EB00FF49C8127F01FE153F12014848151F4848150FA248481507A2485A
1703123F5B007F1601A35B00FF93C7FCAD127F6DED0180A3123F7F001F160318006C7E5F
6C7E17066C6C150E6C6C5D00001618017F15386D6C5CD91FE05C6D6CEB03C0D903FCEB0F
80902701FF803FC7FC9039007FFFFC020F13F002011380313D7BBA3C>I<B712C016F816
FE000190398001FF806C90C7EA3FE0EE0FF0EE03F8707E707E177FA2EF3F8018C0171F18
E0170F18F0A3EF07F8A418FCAC18F8A4EF0FF0A218E0A2171F18C0EF3F80A2EF7F0017FE
4C5A4C5AEE0FF0EE3FE0486DEBFF80B8C7FC16F816C036397DB83F>I<B812FCA3000190
3880000F6C90C71201EE007E173E171E170EA31706A317078316C0A394C7FCA31501A215
03150F91B5FCA3EC000F15031501A21500A21860A318E093C712C0A41701A3EF0380A217
07A2170F173F177F486D903807FF00B9FCA333397DB839>I<B812F8A30001903880001F
6C90C71201EE00FC177C173C171CA2170CA4170E1706A2ED0180A21700A41503A2150715
1F91B5FCA3EC001F15071503A21501A692C8FCAD4813C0B612C0A32F397DB836>I<DBFF
8013C0020FEBF001023F13FC9139FF803F03903A03FC000787D90FF0EB03CF4948EB00EF
4948147F4948143F49C8121F485A4848150F48481507A248481503A2485A1701123F5B00
7F1600A448481600AB93B6FCA26C7E9338007FE0EF3FC0A2123F7F121FA26C7EA26C7EA2
6C7E6C7E6C6C157F6D7E6D6C14FF6D6C14EFD90FF8EB03C7D903FEEB0783903A00FFC03F
0191393FFFFC00020F01F0130002001380383D7CBA41>I<B648B512FEA3000190268000
0313006C90C76C5AB3A491B6FCA391C71201B3A6486D497EB648B512FEA337397DB83E>
I<B612C0A3C6EBC0006D5AB3B3AD497EB612C0A31A397EB81E>I<013FB512E0A3903900
1FFC00EC07F8B3B3A3123FEA7F80EAFFC0A44A5A1380D87F005B0070131F6C5C6C495A6C
49C7FC380781FC3801FFF038007F80233B7DB82B>I<B649B5FCA3000101809038007FF0
6C90C8EA3F80053EC7FC173C17385F5F4C5A4C5A4CC8FC160E5E5E5E5E4B5AED0780030E
C9FC5D153E157E15FF5C4A7F4A6C7E140E4A6C7E4A6C7E14704A6C7E4A6C7E14804A6C7E
6F7EA26F7F707EA2707E707EA2707EA2707E707EA2707E707F8484486D497FB6011FEBFF
80A339397DB841>I<B612E0A3000101C0C8FC6C90C9FCB3AD1718A517381730A31770A3
17F0A216011603160FEE1FE0486D13FFB8FCA32D397DB834>I<B5933807FFF86E5DA200
01F0FC002600DFC0ED1BF8A2D9CFE01533A3D9C7F01563A3D9C3F815C3A2D9C1FCEC0183
A3D9C0FEEC0303A2027F1406A36E6C130CA36E6C1318A26E6C1330A36E6C1360A26E6C13
C0A3913901FC0180A3913900FE0300A2ED7F06A3ED3F8CA2ED1FD8A3ED0FF0A3486C6D5A
487ED80FFC6D48497EB500C00203B512F8A2ED018045397DB84C>I<B5913807FFFE8080
C69238007FE06EEC1F80D9DFF0EC0F001706EBCFF8EBC7FCA2EBC3FEEBC1FFA201C07F6E
7EA26E7E6E7E81140F6E7E8114036E7E168080ED7FC016E0153FED1FF0ED0FF8A2ED07FC
ED03FEA2ED01FF6F1386A2EE7FC6EE3FE6A2EE1FF6EE0FFEA216071603A216011600A217
7E486C153E487ED80FFC151EB500C0140EA2170637397DB83E>I<EC03FF021F13E09138
FE01FC903901F8007ED907E0EB1F8049486D7ED93F80EB07F049C76C7E01FE6E7E48486E
7E49157E0003167F4848ED3F80A24848ED1FC0A2001F17E049150F003F17F0A3007F17F8
491507A300FF17FCAC007F17F86D150FA3003F17F0A26C6CED1FE0A36C6CED3FC0000717
806D157F000317006C6C15FEA26C6C4A5A017F4A5A6D6C495A6D6C495AD907E0EB1F80D9
03F8017FC7FC903900FE01FC91381FFFE0020390C8FC363D7BBA41>I<B712C016F816FE
000190398001FF806C90C7EA3FC0EE0FE0EE07F0EE03F817FC17FE1601A217FFA717FEA2
EE03FCA2EE07F817F0EE0FE0EE3FC0923801FF0091B512FC16F091C9FCB3A5487FB6FCA3
30397DB839>I<EC03FF021F13E09138FE01FC903901F8007ED907E0EB1F8049486D7ED9
3F80EB07F049C76C7E01FE6E7E48486E7EA24848157F0007178049153F000F17C049151F
001F17E0A24848ED0FF0A3007F17F8A2491507A200FF17FCAC007F17F8A26D150FA2003F
17F0A26C6CED1FE0A36C6CED3FC00007027C14804AB4FC3C03F80383807F003B01FC0701
C0FEEC0E002600FE0CEBE1FC017FEC63F8D93F8CEB77F0D91FCCEB3FE0D907EE14806DB4
49C7FC0100D981FC130CEC1FFF0203131C91C7001E131C161F183CEF807CEFC0F8EE0FFF
A318F08218E07013C07013809338007E00364B7BBA41>I<B612FEEDFFE016F800019038
8007FE6C90C76C7EEE3FC0707E707E707EA2707EA283A65FA24C5AA24C5A4C5AEE3F8004
FFC8FCED07FC91B512E05E9138000FF0ED03F8ED00FE82707E707EA2161F83A583A6F001
80A217F8160F1803486D01071400B66D6C5A04011306933800FE0ECAEA3FFCEF07F0393B
7DB83D>I<D90FF813C090383FFE0190B512813903F807E33907E000F74848137F484813
3F48C7121F003E140F007E1407A2007C140312FC1501A36C1400A37E6D14006C7E7F13F8
6CB47E6C13F8ECFF806C14E06C14F86C14FEC680013F1480010714C0EB007F020713E0EC
007FED3FF0151F150FED07F8A200C01403A21501A37EA216F07E15036C15E06C14076C15
C06C140F6DEB1F80D8FBF0EB3F00D8F0FE13FE39E03FFFF8010F13E0D8C00190C7FC253D
7CBA2E>I<003FB812E0A3D9C003EB001F273E0001FE130348EE01F00078160000701770
A300601730A400E01738481718A4C71600B3B0913807FF80011FB612E0A335397DB83C>
I<B6903807FFFEA3000101809038007FE06C90C8EA1F80EF0F001706B3B2170E6D150C80
171C133F17186D6C14385F6D6C14F06D6C5C6D6C495A6D6CEB07806D6C49C7FC91387F80
7E91381FFFF8020713E09138007F80373B7DB83E>I<B500FC91387FFF80A30003018091
380FFC006C90C8EA07E0715A6C705A6E1403017F93C7FCA280013F1506A26E140E011F15
0C80010F5DA28001075DA26E147001031560A26D6C5CA2806D4A5AA2ED8003027F91C8FC
A291383FC006A215E0021F5BA2EDF01C020F1318A26E6C5AA215FC02035BA2EDFEE00201
5BA26E6C5AA36FC9FCA3153EA2151CA3393B7EB83E>I<B5D8FC07B5D8F001B5FCA30007
902780001FFEC7EA1FF86C48C7D80FF8EC07E000010307ED03C01B807F6C6F6C1500A26E
5F017F6E6C1406A280013F4A6C5CA280011F4A6D5BEE067FA26D6C010E6D5BEE0C3FA26D
6C011C6D5BEE181FA26D6C6F5BEE300FA26D6C6F485AEE6007A26D6C4CC7FC9338C003FC
A203805D913B7F818001FE06A203C1150EDA3FC3C7EAFF0CA203E3151CDA1FE6EC7F98A2
15F6DA0FFCEC3FF0A302075E4B141FA202035E4B140FA202015E4B1407A2020093C8FC4B
80503B7EB855>I<007FB590383FFFFCA3C601F801071380D97FE0D903FCC7FC013FEC01
F06D6C5C5F6D6C5C6D6C13034CC8FC6D6C1306160E6D6C5B6DEB8018163891387FC0306E
6C5A16E06E6C5A91380FF18015FB6EB4C9FC5D14036E7EA26E7F6F7EA24B7E15DF913801
9FF09138038FF8150F91380607FC91380E03FE140C4A6C7EEC38000230804A6D7E14E04A
6D7E49486D7E130391C76C7E01066E7E130E010C6E7E011C1401013C8101FE822607FF80
010713E0B500E0013FEBFF80A339397EB83E>I<B500FE91383FFFE0A3000301E0913807
FE00C649EC03F0017F6F5A606D6C5D6D6C140395C7FC6D6C1406A26D6C5C6D6C141C1718
6D6C143817306D6D5B6E6C13E05F91383FE0015F91381FF003DA0FF890C8FC1606913807
FC0E160C913803FE1C913801FF185E6E13B016E0157F6F5AB3A24B7E023FB512C0A33B39
7FB83E>I<EAFFF8A4EAF000B3B3B3B3A3EAFFF8A40D5378BD17>91
D<3901800180000313033907000700000E130E485B001813180038133800301330007013
7000601360A200E013E0485BA400CE13CE39FF80FF806D13C0A3007F137FA2393F803F80
390E000E001A1974B92A>I<EAFFF8A4EA0078B3B3B3B3A3EAFFF8A40D537FBD17>I<EB1F
E0EBFFFC3803E03F3907000F80390F8007E0486C6C7E13E06E7EA26E7E6C5A6C5AC8FCA4
147FEB07FFEB3FE0EBFE00EA03F8EA0FF0EA1FC0123F485A90C7FC160C12FEA31401A26C
13036CEB077C903980063E18383FC01E3A0FE0781FF03A03FFF00FE03A007F8007C02627
7DA52A>97 D<EA03F012FFA3120F1203B0EC1FE0EC7FF89038F1E03E9039F3801F809039
F7000FC001FEEB07E049EB03F049EB01F85BED00FCA216FEA2167E167FAA167E16FEA216
FC15016D14F8ED03F07F01EEEB07E001C6EB0FC09039C7801F00903881E07E903800FFF8
C7EA1FC0283B7EB92E>I<EB03FC90381FFF8090387E03E03901F80070484813F83907E0
01FC380FC003A2EA1F80123F90380001F848EB00F01500A2127E12FEAA127E127FA26C14
067F001F140E6D130C000F141C6C6C13386C6C13706C6C13E039007C07C090381FFF00EB
07F81F277DA525>I<ED0FC0EC03FFA3EC003F150FB0EB03F8EB1FFF90387E078F9038F8
01EF3903F0007F4848133F4848131FA24848130F123F90C7FC5AA2127E12FEAA127E127F
A27EA26C6C131FA26C6C133F6C6C137F6C6CEBEFF03A01F801CFFF39007C078F90381FFE
0FD907F813C0283B7DB92E>I<EB07F8EB1FFF90387C0FC03901F803E03903F001F0D807
E013F8380FC0004848137CA248C7127E153E5A153F127E12FEA3B7FCA248C8FCA5127EA2
127FA26C14037F001F14076C6C13060007140E6D131CD801F013386C6C137090387E03E0
90381FFF80903803FC0020277EA525>I<147E903803FF8090380FC1E0EB1F8790383F0F
F0137EA213FCA23901F803C091C7FCADB512FCA3D801F8C7FCB3AB487E387FFFF8A31C3B
7FBA19>I<ED03F090390FF00FF890393FFC3C3C9039F81F707C3901F00FE03903E007C0
3A07C003E010000FECF000A248486C7EA86C6C485AA200075C6C6C485A6D485A6D48C7FC
38073FFC38060FF0000EC9FCA4120FA213C06CB512C015F86C14FE6CECFF804815C03A0F
80007FE048C7EA0FF0003E140348140116F8481400A56C1401007C15F06CEC03E0003F14
07D80F80EB0F80D807E0EB3F003901FC01FC39007FFFF0010790C7FC26387EA52A>I<EA
03F012FFA3120F1203B0EC0FF0EC3FFCECF03F9039F1C01F809039F3800FC0EBF70013FE
496D7EA25BA35BB3A3486C497EB500C1B51280A3293A7EB92E>I<EA0380EA0FE0487EA5
6C5AEA0380C8FCAAEA03F012FFA312071203B3AA487EB512C0A312387EB717>I<EB01C0
EB07F0EB0FF8A5EB07F0EB01C090C7FCAAEB01F813FFA313071301B3B3A2123C127E00FF
13F01303A214E038FE07C0127C383C0F00EA0FFEEA03F8154984B719>I<EA03F012FFA3
120F1203B1913801FFFCA39138007FC01600157C15705D4A5A4A5A4AC7FC141E14381478
14FC13F1EBF3FEEBF73F01FE7FEBF81F496C7E8114076E7E6E7E811400157E157F811680
ED1FC0486CEB3FF0B500C0B5FCA3283A7EB92C>I<EA03F012FFA3120F1203B3B3AD487E
B512C0A3123A7EB917>I<2703F00FF0EB1FE000FFD93FFCEB7FF8913AF03F01E07E903B
F1C01F83803F3D0FF3800FC7001F802603F70013CE01FE14DC49D907F8EB0FC0A2495CA3
495CB3A3486C496CEB1FE0B500C1B50083B5FCA340257EA445>I<3903F00FF000FFEB3F
FCECF03F9039F1C01F803A0FF3800FC03803F70013FE496D7EA25BA35BB3A3486C497EB5
00C1B51280A329257EA42E>I<EB03FE90380FFF8090383E03E09038F800F84848137C48
487F48487F4848EB0F80001F15C090C712074815E0A2007EEC03F0A400FE15F8A9007E15
F0A2007F14076C15E0A26C6CEB0FC0000F15806D131F6C6CEB3F006C6C137EC66C13F890
387E03F090381FFFC0D903FEC7FC25277EA52A>I<3903F01FE000FFEB7FF89038F1E07E
9039F3801F803A0FF7000FC0D803FEEB07E049EB03F04914F849130116FC150016FEA316
7FAA16FEA3ED01FCA26DEB03F816F06D13076DEB0FE001F614C09039F7803F009038F1E0
7E9038F0FFF8EC1FC091C8FCAB487EB512C0A328357EA42E>I<D903F813C090381FFE01
90387E07819038FC01C33903F000E3000714774848133749133F001F141F485A150F48C7
FCA312FEAA127FA37E6D131F121F6D133F120F6C6C137F6C6C13EF3901F801CF39007E07
8F90381FFE0FEB07F890C7FCABED1FE00203B5FCA328357DA42C>I<3807E01F00FFEB7F
C09038E1E3E09038E387F0380FE707EA03E613EE9038EC03E09038FC0080491300A45BB3
A2487EB512F0A31C257EA421>I<EBFF03000313E7380F80FF381E003F487F487F00707F
12F0A2807EA27EB490C7FCEA7FE013FF6C13E06C13F86C7F00037FC67F01071380EB007F
141F00C0EB0FC01407A26C1303A37E15806C13077EEC0F00B4131E38F3C07C38E1FFF038
C03F801A277DA521>I<1318A51338A31378A313F8120112031207001FB5FCB6FCA2D801
F8C7FCB215C0A93800FC011580EB7C03017E13006D5AEB0FFEEB01F81A347FB220>I<D8
03F0EB07E000FFEB01FFA3000FEB001F00031407B3A4150FA3151F12016D133F0000EC77
F86D9038E7FF8090383F03C790381FFF87903A03FC07E00029267EA42E>I<B538803FFE
A33A0FF8000FF06C48EB07E00003EC03C06D148000011500A26C6C1306A26D130E017E13
0CA26D5BA2EC8038011F1330A26D6C5AA214E001075BA2903803F180A3D901FBC7FCA214
FF6D5AA2147CA31438A227257EA32C>I<B53A1FFFE03FFEA3260FF8009038000FF86C48
017EEB03E018C00003023EEB0180A26C6C013FEB0300A36C6CEC8006156FA2017E9038EF
C00C15C7A2D93F016D5A15830281EBF038D91F831430150102C3EBF87090260FC6001360
A2D907E66D5A02EC137CA2D903FCEB7F804A133FA2010192C7FC4A7FA20100141E4A130E
0260130C37257EA33C>I<B538807FFFA33A03FE003FF00001EC1F80000092C7FC017E13
1C6D13186D6C5AECC070010F5B6D6C5AECF180EB03FB6DB4C8FC6D5AA2147F804A7E8114
CF903801C7E090380383F090380703F8EB0601496C7E011C137E49137F01787F496D7E48
6C80000FEC3FF0D8FFFE90B51280A329247FA32C>I<B538803FFEA33A0FF8000FF06C48
EB07C00003EC03806C7E16007F00001406A2017E5BA2137F6D5BA26D6C5AA2ECC070010F
1360A26D6C5AA214F101035BA2D901FBC7FCA214FF6D5AA2147CA31438A21430A2147014
60A25CA2EA7C0100FE5B130391C8FC1306EAFC0EEA701C6C5AEA1FF0EA0FC027357EA32C
>I<003FB512FCA2EB8003D83E0013F8003CEB07F00038EB0FE012300070EB1FC0EC3F80
0060137F150014FE495AA2C6485A495AA2495A495A495AA290387F000613FEA2485A485A
0007140E5B4848130C4848131CA24848133C48C7127C48EB03FC90B5FCA21F247EA325>
I<B81280A2290280962A>I E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fl cmbx10 10.95 37
/Fl 37 123 df<EA0FC0EA1FE0EA3FF0EA7FF8EAFFFCA6EA7FF8EA3FF0EA1FE0EA0FC00E
0E798D1D>46 D<140F143F5C495A130F48B5FCB6FCA313F7EAFE071200B3B3A8007FB612
F0A5243C78BB34>49 D<903803FF80013F13F890B512FE00036E7E4881260FF80F7F261F
C0037F4848C67F486C6D7E6D6D7E487E6D6D7EA26F1380A46C5A6C5A6C5A0007C7FCC8FC
4B1300A25E153F5E4B5AA24B5A5E4A5B4A5B4A48C7FC5D4A5AEC1FE04A5A4A5A9139FF00
0F80EB01FC495A4948EB1F00495AEB1F8049C7FC017E5C5B48B7FC485D5A5A5A5A5AB7FC
5EA4293C7BBB34>I<903801FFE0010F13FE013F6D7E90B612E04801817F3A03FC007FF8
D807F06D7E82D80FFC131F6D80121F7FA56C5A5E6C48133FD801F05CC8FC4B5A5E4B5A4A
5B020F5B902607FFFEC7FC15F815FEEDFFC0D9000113F06E6C7E6F7E6F7E6F7E1780A26F
13C0A217E0EA0FC0487E487E487E487EA317C0A25D491580127F49491300D83FC0495A6C
6C495A3A0FFE01FFF86CB65A6C5DC61580013F49C7FC010313E02B3D7CBB34>I<ED01F8
15031507A2150F151F153FA2157F15FF5C5CA25C5CEC1FBFEC3F3F143E147C14FCEB01F8
14F0EB03E01307EB0FC0EB1F801400133E137E5B485A5B485A1207485A5B48C7FC5A127E
5AB812F8A5C8387FF800AA49B612F8A52D3C7DBB34>I<00071538D80FE0EB01F801FE13
3F90B6FC5E5E5E5E93C7FC5D15F85D15C04AC8FC0180C9FCA9ECFFC0018713FC019F13FF
90B67E020113E09039F8007FF0496D7E01C06D7E5B6CC77FC8120F82A31780A21207EA1F
C0487E487E12FF7FA21700A25B4B5A6C5A01805C6CC7123F6D495AD81FE0495A260FFC07
5B6CB65A6C92C7FCC614FC013F13F0010790C8FC293D7BBB34>I<EC07FF023F13C049B5
12F001078049EB03FC90383FF80090397FE001FE9038FFC0034849487E48495AA2485A12
0FA2485A6F5A003F6E5A6F5A92C8FC485AA21402EC3FFE00FF496C7E01F9B512E001FB80
9138E03FF89039FF800FFC4A6C7E825B6F13804915C0A317E05BA4127FA5123FA26D15C0
121FA2000F4A13806D150012076C6C495A6C6D485A6C9038E07FF86DB55A6D5C6D148001
0749C7FC010013F02B3D7CBB34>I<16FCA24B7EA24B7EA34B7FA24B7FA34B7FA24B7FA3
4B7F157C03FC7FEDF87FA2020180EDF03F0203804B7E02078115C082020F814B7E021F81
1500824A81023E7F027E81027C7FA202FC814A147F49B77EA34982A2D907E0C7001F7F4A
80010F835C83011F8391C87E4983133E83017E83017C81B500FC91B612FCA5463F7CBE4F
>65 D<922607FFC0130E92B500FC131E020702FF133E023FEDC07E91B7EAE1FE01039138
803FFB499039F80003FF4901C01300013F90C8127F4948151FD9FFF8150F48491507485B
4A1503481701485B18004890CAFC197E5A5B193E127FA349170012FFAC127F7F193EA212
3FA27F6C187E197C6C7F19FC6C6D16F86C6D150119F06C6D15036C6DED07E0D97FFEED0F
C06D6CED3F80010F01C0ECFF006D01F8EB03FE6D9039FF801FFC010091B55A023F15E002
071580020002FCC7FC030713C03F407ABE4C>67 D<B812F8EFFF8018F018FC18FF26003F
FCC76C13C005077F05017F716C7E727E727E727E721380A27213C0A27213E0A21AF084A2
1AF8A41AFCA5197FA319FFA51AF8A41AF0A2601AE0A24E13C0A24E13804E1300604E5A4E
5A4D485A050713E0057F5BBA5A4EC7FC18F818C005F8C8FC463E7DBD50>I<B912FEA484
26003FFEC77E170F1703170084A284F01F80A3180FA2EE07C0A2F007C0A4040F90C7FCA2
161F163F16FF91B6FCA54AC6FC163F161F160FA21607A693C9FCACB712E0A53A3D7DBC42
>70 D<B71280A526003FFEC7FCB3B3B0B71280A5213E7DBD28>73
D<ED3FFF0203B512F0021F14FE027F6E7E902701FFF80713E00107D9C00013F84990C7EA
3FFCD93FFCEC0FFF49486E7F49486E7F48496E7F4A80488448496F7EA24890C96C7E4884
A249161F003F84A34848701380A400FF19C0AD007F19806D5EA3003F1900A26D5E6C60A2
6C6D4B5AA26C6D4B5A6C6D4A5BA26C6D4A5B6C6D4A5B6D6C4A5B6DB4023F90C7FC6D01C0
EBFFFE0107D9F80713F8010190B612E06D5E021F4AC8FC020314F0DA003F90C9FC42407A
BE4F>79 D<B812F017FF18C018F018FC26003FFCC77FEF1FFF7113807113C07113E0A271
13F0A319F8A819F0A34D13E019C05F4D1380053F1300EFFFFE91B712F860188005FCC7FC
4ACAFCB3A4B77EA53D3E7DBD47>I<B87E17FCEFFF8018F08428003FFC000113FE933800
3FFF050F7F717F717FA2858385A761A25F61614D5B4D90C8FCEF3FFE4CB45A91B712F018
C04DC9FC717E9126FC000F7F040113F0707F717EA2717EA2717EA685A6F207C019C0A271
140F07E01380B76DEBF01F719038FC3F007190B5FC716C5B061F13F8CB000113E04A3F7D
BD4E>82 D<903A03FFC001C0011FEBF803017FEBFE0748B6128F4815DF48010013FFD80F
F8130F48481303497F4848EB007F127F49143F161F12FF160FA27F1607A27F7F01FC91C7
FCEBFF806C13F8ECFFC06C14FCEDFF806C15E016F86C816C816C816C16806C6C15C07F01
0715E0EB007F020714F0EC003F1503030013F8167F163F127800F8151FA2160FA27EA217
F07E161F6C16E06D143F01E015C001F8EC7F8001FEEB01FF9026FFE00713004890B55A48
6C14F8D8F81F5CD8F00314C027E0003FFEC7FC2D407ABE3A>I<B6D8FC03B600F090B512
FEA5C601FCC7000301F0C8EA7E00017F6F177C856E6E17FC013F63856D6C037F4B5AA26F
4A6C14036D634D7F6F18076D634D806F02EF150F6D636F01076E131F6D04C793C7FC050F
806F02835D6D1A3E051F806F0201157E027F197C6F013F6E13FC023FDA3E005D057E806F
017C017F13016E6105FC14FE7048013F13036E6104C1EDFF076E4A6D5C04C31687DCE3E0
6D138F6E6104E716CFDCF7C06D13DF6E96C8FC04FF16FF6E4A6D5BA294C77E6F5FA24C80
033F5FA26F486F5AA24C153F030F5FA24C151F03075FA26F486F5A673F7EBD6C>87
D<903807FFC0013F13F848B6FC48812607FE037F260FF8007F6DEB3FF0486C806F7EA36F
7EA26C5A6C5AEA01E0C8FC153F91B5FC130F137F3901FFFE0F4813E0000F1380381FFE00
485A5B485A12FF5BA4151F7F007F143F6D90387BFF806C6C01FB13FE391FFF07F36CEBFF
E100031480C6EC003FD91FF890C7FC2F2B7DA933>97 D<13FFB5FCA512077EAFEDFFE002
0713FC021FEBFF80027F80DAFF8113F09139FC003FF802F06D7E4A6D7E4A13074A807013
80A218C082A318E0AA18C0A25E1880A218005E6E5C6E495A6E495A02FCEB7FF0903AFCFF
01FFE0496CB55AD9F01F91C7FCD9E00713FCC7000113C033407DBE3A>I<EC7FF00107B5
FC011F14C0017F14E09039FFF01FF0489038800FF848EB001F4848EB3FFC120F485AA248
5AA2007FEC1FF849EB0FF0ED03C000FF91C7FCAB127F7FA3003F153E7F001F157E6C6C14
7C6C6C14FC91388001F86C9038C003F0C69038F81FE06DB512C0011F14800107EBFE0090
38007FF0272B7DA92E>I<EE07F8ED07FFA5ED003F161FAFEC7FF0903807FFFE011FEBFF
9F017F14DF9039FFF01FFF48EBC00348EB00014848EB007F485A001F153F5B123FA2127F
5BA212FFAA127FA37F123FA26C6C147F120F6D14FF6C6C01037F6C6D48EBFFE06CEBF03F
6C6CB512BF6D143F010713FC010001E0EBE00033407DBE3A>I<ECFFF0010713FE011F6D
7E017F809039FFE07FE0489038801FF048496C7E48486D7E48486D7E121F491301003F81
A2485A6F1380A212FFA290B7FCA401F0C9FCA5127FA27F123FEE0F806C7E161F6C6C1500
6C6C5C6C6D137E6C9038E001FC6C9038F80FF8013FB55A6D14C0010391C7FC9038007FF8
292B7DA930>I<903A03FF8007F0013F9038F83FF8499038FCFFFC48B712FE48018313F9
3A07FC007FC34848EB3FE1001FEDF1FC4990381FF0F81700003F81A7001F5DA26D133F00
0F5D6C6C495A3A03FF83FF8091B5C7FC4814FC01BF5BD80F03138090CAFCA2487EA27F13
F06CB6FC16F016FC6C15FF17806C16C06C16E01207001F16F0393FE000034848EB003F49
EC1FF800FF150F90C81207A56C6CEC0FF06D141F003F16E001F0147FD81FFC903801FFC0
2707FF800F13006C90B55AC615F8013F14E0010101FCC7FC2F3D7DA834>103
D<13FFB5FCA512077EAFED1FF8EDFFFE02036D7E4A80DA0FE07F91381F007F023C805C4A
6D7E5CA25CA35CB3A4B5D8FE0FB512E0A5333F7CBE3A>I<EA01F8487E487E487E481380
A66C13006C5A6C5A6C5AC8FCA913FFB5FCA512077EB3ABB512F8A515407CBF1D>I<13FF
B5FCA512077EB092380FFFFEA5DB01FEC7FC4B5AED07F0ED1FE04B5A4B5A4BC8FCEC03FC
4A5A4A5A141F4A7EECFFFCA2818102E77F02C37F148102007F826F7E6F7E151F6F7E826F
7F6F7F816F7FB5D8FC07EBFFC0A5323F7DBE37>107 D<13FFB5FCA512077EB3B3AFB512
FCA5163F7CBE1D>I<01FFD91FF8ECFFC0B590B5010713F80203DAC01F13FE4A6E487FDA
0FE09026F07F077F91261F003FEBF8010007013EDAF9F0806C0178ECFBC04A6DB4486C7F
A24A92C7FC4A5CA34A5CB3A4B5D8FE07B5D8F03FEBFF80A551297CA858>I<01FFEB1FF8
B5EBFFFE02036D7E4A80DA0FE07F91381F007F0007013C806C5B4A6D7E5CA25CA35CB3A4
B5D8FE0FB512E0A533297CA83A>I<EC7FF0903803FFFE011FEBFFC0017F14F09039FFE0
3FF8489038800FFC3A03FE0003FE48486D7E000F168048486D13C0A2003F16E049147F00
7F16F0A400FF16F8AA007F16F0A46C6CECFFE0A2001F16C06C6C491380A26C6C4913003A
03FF800FFE6C9038E03FFC6C6CB512F0011F14C0010791C7FC9038007FF02D2B7DA934>
I<01FFEBFFE0B5000713FC021FEBFF80027F80DAFF8113F09139FC007FF8000701F06D7E
6C496D7E4A130F4A6D7E1880A27013C0A38218E0AA4C13C0A318805E18005E6E5C6E495A
6E495A02FCEBFFF0DAFF035B92B55A029F91C7FC028713FC028113C00280C9FCACB512FE
A5333B7DA83A>I<3901FE01FE00FF903807FF804A13E04A13F0EC3F1F91387C3FF80007
13F8000313F0EBFFE0A29138C01FF0ED0FE091388007C092C7FCA391C8FCB3A2B6FCA525
297DA82B>114 D<90383FFC1E48B512BE000714FE5A381FF00F383F800148C7FC007E14
7EA200FE143EA27E7F6D90C7FC13F8EBFFE06C13FF15C06C14F06C806C806C806C80C615
80131F1300020713C014000078147F00F8143F151F7EA27E16806C143F6D140001E013FF
9038F803FE90B55A15F0D8F87F13C026E00FFEC7FC222B7DA929>I<EB07C0A5130FA413
1FA3133F137FA213FF5A1207001FEBFFFEB6FCA40001EBC000B3151FA96CEBE03EA2017F
137EECF8FC90383FFFF86D13F0010713E001001380203B7EB929>I<D9FF80EB0FF8B5EB
0FFFA50007EC007F6C153FB3A5167FA316FF6C5C4B7F6C903AC007DFFFE09138F01F9F6D
B5121F6D13FE010F13F8010101E0EBE000332A7CA83A>I<B500FC90383FFFC0A5000101
C0903803E0006E1307A26C5E6E130F017F5D6E131F013F92C7FC6E5B011F143E6E137E01
0F147C6E13FCA26D5C15816D5C15C36D5C15E76D5C15FF6E5BA36E90C8FCA26E5AA26E5A
A26E5AA26E5AA35D14075D000E130FD83F805B387FC01FD8FFE090C9FC5C143E147E5CEB
C1F8387FC3F0387E0FE06CB45A6C5B6C48CAFCEA03F8323B7EA737>121
D<003FB612F8A4D9F80113F001C014E0495A494813C04A1380007E15005C4A5A007C5C14
7F4A5A495B5DC65A495B495BA249EB007C495A5C137F494813FC484913F85C5A48EBC001
14804814034813004848130749131F007FECFFF0B7FCA426287DA72E>I
E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fm cmtt12 12 15
/Fm 15 116 df<121FEA3F80EA7FC0EAFFE0A5EA7FC0EA3F80EA1F000B0B6C8A33>46
D<EC07F8EC3FFF91B57E010314E0010F80498090383FFC0F90397FE003FC9038FF800148
90C77ED803FC147E49EB7E7F0007903801FFBFD9F00713FF4848481480495A001F5B0180
13C3003FEB7F810100010013C002FE137F4849133FEA7E014A131FA212FEEAFC034A130F
A96E131FD8FE011580127EA26E133FD87F0015006C6D5B027F13FE01801381001F90383F
C3FC01C013FF000F6D5B6D6C5B6C6C6C5BD9F80113800003D9007EC7FC6D9038000F806C
B4EC1FC06C6D133FD97FE013FF90263FFC0713806DB612006D5C010314F801005C023F13
80DA07FCC7FC2A3F7CBD33>64 D<EB1FFC90B57E000314E048804814FC48809038F007FF
EBE0016E7F153F6C48806C48131FC87F150FA5EC0FFF49B5FC131F137F48B6FC0007140F
4813C0381FFC00EA3FF0EA7FC05B48C7FC5AA56C141F7E6D137FD83FE0497ED9F807EBFF
F06CB712F87E6C14F36C14C1C69138003FF0D91FF090C7FC2D2E7BAC33>97
D<EA3FFC487E12FFA2127F123F1200ABEC01FE91380FFFC04A13F0027F7F91B512FE90B7
FCECFE07DAF800138002E0EB7FC04AEB3FE04A131FEE0FF091C7FC16074915F81603A217
FC1601A9160317F8A26D140717F06E130F17E06E131FEE3FC06E137F9139F801FF80DAFE
07130091B55A495C6E5BD97E3F13E0D93C0F138090260003FEC7FC2E3E7FBC33>I<ED7F
F84B7E5CA280157F1501ABEB01FF010713C1011F13F1017F13F990B6FC5A4813813907FE
003FD80FF8131F49130F48481307491303123F491301127F90C7FCA25A5AA97E7E15037F
123F6D1307A26C6C130F6D131F6C6C133F6C6C137F2603FF81B512F091B612F8C602FD13
FC6D13F96D01E113F8010F018013F0D901FEC8FC2E3E7DBC33>100
D<ECFF80010713F0011F13FC497F90B6FC48158048018013C03A07FE003FE001F8EB0FF0
48481307484814F8491303003F15FC491301127F90C7FC16FE15005A5AB7FCA516FC48C9
FC7E7EA36C7E167C6C6C14FE7F6C7E6D13016C6CEB03FC6CB4130F6C9038C03FF86C90B5
12F06D14E06D14C0010F1400010313FC9038007FE0272E7BAC33>I<D901FEEB1FE0903A
0FFFC0FFF0013F01F313F84990B512FC90B7FC5A48010313E12607FC00EB80F849017F13
60484890383FC00049131FA2001F8149130FA66D131F000F5DA26D133F6C6C495A6D13FF
2603FF0390C7FCECFFFE485C5D5DD80FCF13C0D981FEC8FC0180C9FCA27FA26C7E7F90B5
12FC6CECFFC06C15F0000715FC4815FF4816809038E0000748489038007FC090C8EA1FE0
48150F007E150700FE16F0481503A56C1507007E16E0007F150F6C6CEC1FC001E0147FD8
1FF8903801FF80270FFF801F13006C90B55A6C5DC615F0013F14C0010F91C7FC010013F0
2E447DAB33>103 D<14E0EB03F8A2497EA36D5AA2EB00E091C8FCAA383FFFF8487FA47E
EA0001B3AD007FB612C0B712E016F0A216E06C15C0243E78BD33>105
D<EA7FF8487EA4127F1200AC4AB512C04A14E04A14F0A26E14E06E14C09139000FF0004B
5A4B5A4B5A4BC7FC4A5A4A5A4A5A4A5A4A5A4A5A4A5A4A7E01FD7F90B5FC81ECF3F8ECE3
FC14C1EC80FEEC007F5B496D7E6F7E82150F6F7E6F7E8215016F7E3B7FFFF80FFFF0B56C
4813F817FCA217F86C496C13F02E3D7EBC33>107 D<383FFFFC487FB5FCA27E7EC7FCB3
B3AD003FB612F84815FCB712FEA26C15FC6C15F8273D7ABC33>I<4AB4FC263FFC0713C0
267FFE1F13F000FF017F7F91B5FC6CB67E6CEC07FEC6EBF801ECF0004A7F4A7F5CA291C7
FCA35BB3A43B3FFFF80FFFFC486D4813FEB56C4813FFA26C496C13FE6C496C13FC302C7F
AB33>110 D<EB01FE90380FFFC0013F13F0497F90B57E488048EB03FF2607FC00138048
48EB7FC049133F4848EB1FE049130F4848EB07F0A2007F15F890C71203A300FEEC01FCAA
6C14036C15F8A26D1307003F15F06D130FA26C6CEB1FE06D133F6C6CEB7FC06C6CEBFF80
2603FF0313006CEBFFFE6C5C6D5B6D5B010F13C0D901FEC7FC262E7AAC33>I<EC01FE3A
3FFC0FFFC0486C4813F000FF017F7F91B512FE6CB7FC6CEBFE07C6D9F800138002E0EB7F
C04AEB3FE04A131FEE0FF091C7FC16074915F81603A217FC1601A9160317F8A26D140717
F06E130F17E06E131FEE3FC06E137F9139F801FF80DAFE07130091B55A495C6E5B6E13E0
020F1380DA03FEC7FC91C9FCAF383FFFF8487FB57EA26C5B6C5B2E427FAB33>I<ED03FE
3B7FFF801FFF80B5D8C07F13E002C1B5FC02C314F014C76C9038CFFE0F39001FDFF09139
FFC007E092388003C092C8FC5C5C5CA25CA25CA35CB2007FB512FEB7FCA46C5C2C2C7DAB
33>114 D<90381FFE0F90B5EA8F80000314FF120F5A5AEBF007387F800190C7FC00FE14
7F5A153FA37E007FEC1F0001C090C7FCEA3FF8EBFFC06C13FF6C14E0000314F8C680011F
13FF01001480020713C0EC007FED1FE0007C140F00FEEC07F01503A27EA27F15076D14E0
6D130F6DEB3FC09038FE01FF90B61280160000FD5C00FC14F8D8F83F13E0D8780790C7FC
242E79AC33>I E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fn cmr12 12 32
/Fn 32 122 df<121EEA7F8012FF13C0A213E0A3127FEA1E601200A413E013C0A3120113
80120313005A1206120E5A5A5A12600B1D78891B>44 D<121EEA7F80A2EAFFC0A4EA7F80
A2EA1E000A0A78891B>46 D<16C04B7EA34B7EA34B7EA34B7EA3ED19FEA3ED30FFA20370
7FED607FA203E07FEDC03FA2020180ED801FA2DA03007F160FA20206801607A24A6D7EA3
4A6D7EA34A6D7EA20270810260147FA202E08191B7FCA249820280C7121FA249C87F170F
A20106821707A2496F7EA3496F7EA3496F7EA201788313F8486C83D80FFF03037FB500E0
027FEBFFC0A342477DC649>65 D<B8FC17E017FC00019039C00003FF6C6C4801007FEF3F
C0717E717E717E84170384170184A760A21703601707604D5A4D5AEF7FC04DC7FCEE03FE
EE3FF091B65A17FC0280C7B47EEF1FC0EF0FF0717E717E717E717E1980187F19C0A2183F
19E0A8F07FC0A2198018FF4D1300A24D5AEF0FFC4D5AEF7FE048486C903803FFC0B9C7FC
17FC17C03B447CC345>I<B8FC17F017FC00019039C00007FF6C499038007FC0017FED1F
E0EF07F0EF03FC717E717E84727E727E727EA2727E85180385A2180185A38584A31A80AD
1A00A36061A361180361180761180F614E5A183F614EC7FC18FEEF03FC4D5AEF1FE001FF
ED7FC0486DD907FFC8FCB812FC17F094C9FC41447CC34B>68 D<B6D8C003B6FCA3000101
E0C70007138026007F80913801FE00B3A991B7FCA30280C71201B3AC2601FFE0913807FF
80B6D8C003B6FCA340447CC349>72 D<B600C049B512C0A3000101E0C8387FFC006C49ED
3FE06D481680063EC7FC183C183860604D5A4D5A4DC8FC171E17385F5F4C5A4C5A4CC9FC
160E5E5E5E5E4B5A4B7E4B7E150F4B7E4B7E1577EDE3FE913881C1FFEC8381DA87007F02
8E6D7E149C02B86D7E02F06D7E14C04A6D7E707EA2707E707EA2707F717EA2717E717EA2
717E717EA2717E717EA2717F8585496C82486D4A13FCB600C0011FEBFFE0A343447CC34C
>75 D<B612F8A3000101E0C9FC6C6C5A5CB3B31830A418701860A518E0A3EF01C0A21703
1707A2170F173F177FEE01FF48486C011F1380B9FCA334447CC33D>I<B56C020FB5FC80
80C6040013F06D6CED1F80D96FF8ED0F00A2D967FC1506EB63FEA2EB61FF01607FA26E7E
6E7EA26E7E6E7EA26E7E6E7EA26E7E6E7FA26F7E6F7EA26F7E6F7EA26F7E6F7EA26F7E6F
1380A2EE7FC0EE3FE0A2EE1FF0EE0FF8A2EE07FCEE03FEA2EE01FF701386A2EF7FC6EF3F
E6A2EF1FF6EF0FFEA217071703A217011700A201F0167E183E487ED80FFF161EB500F015
0EA2180640447CC349>78 D<B712FCEEFFC017F800019039C0000FFC6C6C48EB01FF9338
007F80EF1FE0170FEF07F018F8EF03FCA218FE1701A218FFA718FEA2170318FCA2EF07F8
18F0EF0FE0EF1FC0EF7F80933801FE00EE0FFC91B612F017800280C9FCB3AA3801FFE0B6
12C0A338447CC342>80 D<49B41303010FEBE007013F13F89039FE00FE0FD801F8131FD8
07E0EB079F49EB03DF48486DB4FC48C8FC4881003E81127E82127C00FC81A282A37E82A2
7EA26C6C91C7FC7F7FEA3FF813FE381FFFE06C13FE6CEBFFE06C14FC6C14FF6C15C0013F
14F0010F80010180D9001F7F14019138001FFF03031380816F13C0167F163F161F17E000
C0150FA31607A37EA36C16C0160F7E17806C151F6C16006C5D6D147ED8FBC05CD8F9F049
5AD8F07C495A90393FC00FE0D8E00FB51280010149C7FC39C0003FF02B487BC536>83
D<B600C0010FB5FCA3000101E0C813F026007F80ED1F80F00F00A21806B3B3A7180E6D6C
150CA2181C131F6E1518010F163818306D6C1570606D6C14016D6C5D6D6CEC0780027F4A
C7FC6E6C131EDA1FE0137C913907FC03F00201B55A6E6C1380DB07FCC8FC40467CC349>
85 D<EB07FC90383FFF809038F80FE03903C003F048C66C7E000E6D7ED80FC0137E486C
137F6D6D7EA36F7EA26C5AEA0380C8FCA4EC0FFF49B5FC90380FFE1FEB3FC0EBFF00EA03
FC485A485A485A485A127F5B176048C7FCA3153FA36D137F007F14EF6D9038C7E0C0003F
13013A1FE00783F13B07F81E03FF802701FFFC0113003A001FE0007C2B2E7CAC31>97
D<EA01FC12FFA3120712031201B3EC03FC91380FFF8091383C07E091387001F89039FDE0
007E02807F01FFEC1F8091C713C049EC0FE049140717F0A2EE03F8A217FCA2160117FEAB
17FC1603A217F8A2EE07F0A26DEC0FE017C06D141F01FBEC3F80D9F380EB7E00D9E1C05B
9039E0F001F89039C03C07E09039801FFF80C7D803FCC7FC2F467DC436>I<167FED3FFF
A315018182B3EC7F80903803FFF090380FC07C90383F000E017E1307496D5AD803F87F48
487F5B000F81485AA2485AA2127FA290C8FC5AAB7E7FA2123FA26C7EA2000F5D7F6C6C5B
00035C6C6C9038077F806C6C010E13C0013F011C13FE90380FC0F8903803FFE09026007F
0013002F467DC436>100 D<EB01FE903807FFC090381F03F090387E00FC49137E48487F
485A4848EB1F80000F15C049130F121F484814E01507A2007F15F090C7FCA25AA390B6FC
A290C9FCA67EA27FA2123F16306C7E1670000F15606D14E06C6C14C0000314016C6CEB03
806C6CEB0700013E131E90381F80F8903803FFE0010090C7FC242E7DAC2B>I<EC0FE0EC
7FF8903801F81E903803F03F90390FE07F8090381FC0FF5C133F495AA2ED7F0001FE131C
92C7FCAFB67EA3C648C8FCB3B2486C7E007F13FFA321467EC51E>I<EE0F80D901FCEB7F
E0903A0FFF81F0F090393F07E3819039FC01FF033A01F800FE014848017E13E00007027F
C7FC497F000F8149131F001F81A9000F5D6D133F000792C7FC6D5B0003147E6C6C5B6D48
5A3903BF07E090380FFF80260701FCC8FC90CAFCA25AA37F6C7E7F90B512F86C14FF16E0
6C15F86C6C8048B67E3A07C0000FFF48481300003FC8EA3F80003E151F48ED0FC0A24815
07A56C150F007C1680007E151F003E16006C153E6C6C5CD807E0495AD801F8EB07E0D800
7FEB3F8090261FFFFEC7FC010113E02C427DAC31>I<EA01E0EA07F8A2487EA46C5AA2EA
01E0C8FCADEA01FC12FFA3120712031201B3B0487EB512F8A315437DC21C>105
D<EA01FC12FFA3120712031201B3A292381FFFE0A36F1300ED07F816E05E5E030EC7FC5D
5D5D5D4A5A4A5A4AC8FC5CEC3F804A7E14FF9038FDCFE09038FF8FF01407496C7E01FC7F
14016E7E81816F7E82151F6F7E821507826F7E8282486C491380B5D8F81F13F8A32D457D
C433>107 D<EA01FC12FFA3120712031201B3B3B3A5487EB512F8A315457DC41C>I<D801
FC01FFEC1FE000FF010701E0EBFFFC913B0F03F801E07F913C3C01FC07803F800007903C
7000FE0E001FC0000349D97E1C130F2601FDC0D97F38804A143001FFDA3FF06D7E91C75B
A2495DA3495DB3A8486C4A6C497EB5D8F81FB50003B512E0A34B2C7DAB52>I<3901FC01
FE00FF903807FFC091381E07F091383801F8000701707F0003EBE0002601FDC07F5C01FF
147F91C7FCA25BA35BB3A8486CECFF80B5D8F83F13FEA32F2C7DAB36>I<EC7F80903803
FFF090380FC0FC90383E001F496D7E496D7E48486D7E48486D7E48486D7E000F81A24848
147E003F157FA290C87E481680A44816C0AA6C1680A26D147F003F1600A2001F157E6D14
FE000F5D6D130100075D6C6C495A6C6C495A6C6C495A013E49C7FC90381FC0FE903807FF
F89038007F802A2E7DAC31>I<3901FC03FC00FF90380FFF8091383C07E091387001F83A
07FDE000FE00030180137FD801FFEC3F8091C7EA1FC04915E049140F17F0160717F81603
17FCA3EE01FEABEE03FCA3EE07F8A217F0160F6D15E0EE1FC06D143F17806EEB7E00D9FD
C05B9039FCF003F891383C0FE091381FFF80DA03FCC7FC91C9FCAE487EB512F8A32F3F7D
AB36>I<91387F8003903903FFE00790380FE07890393F801C0F90387E000E496D5AD803
F8EB039F0007EC01BF4914FF48487F121F5B003F81A2485AA348C8FCAB6C7EA3123F7F12
1F6D5C120F6D5B12076C6C5B6C6C497E6C6C130E013F131C90380FC0F8903803FFE09038
007F0091C7FCAEEEFF80033F13FEA32F3F7DAB33>I<3903F803F000FFEB1FFCEC3C3EEC
707F0007EBE0FF3803F9C000015B13FBEC007E153C01FF13005BA45BB3A748B4FCB512FE
A3202C7DAB26>I<90383FE0183901FFFC383907E01F78390F0003F8001E130148130000
7C1478127800F81438A21518A27EA27E6C6C13006C7E13FC383FFFE06C13FC6C13FF6C14
C06C14E0C614F0011F13F81300EC0FFC140300C0EB01FE1400157E7E153EA27EA36C143C
6C147C15786C14F86CEB01F039F38003E039F1F00F8039E07FFE0038C00FF01F2E7DAC26
>I<1306A5130EA4131EA3133E137EA213FE12011207001FB512F0B6FCA2C648C7FCB3A4
150CAA017E131C017F1318A26D133890381F8030ECC070903807E0E0903801FFC0903800
7F001E3E7EBC26>I<D801FC147F00FFEC3FFFA300071401000380000181B3A85EA35DA2
12006D5B017E9038077F80017F010E13C06D011C13FE90380FC078903803FFF09026007F
8013002F2D7DAB36>I<B539F001FFFCA3000790C7EA7FE06C48EC1F8000011600160E12
00160C017F5CA280013F5CA26E1370011F146080010F5CA2ECF00101075CA26D6C48C7FC
A26E5A01011306A26D6C5AA214FF6E5AA215B8EC3FB015F06E5AA36E5AA26E5AA36EC8FC
2E2C7EAA33>I<B539F001FFFCA3000790C7EA7FE06C48EC1F8000011600160E0000150C
6D141C6D1418A26E1338013F1430A26D6C5BA26E13E0010F5CA26D6C485AA2ECF8030103
91C7FCA2903801FC06A2ECFE0E0100130CA2EC7F18A215B8EC3FB0A2EC1FE0A36E5AA26E
5AA36EC8FCA21406A35CA25CA2123C007E5BB4FC5CA25CEAFE01387C0380D87007C9FCEA
3C1EEA0FFCEA03F02E3F7EAA33>121 D E
%EndDVIPSBitmapFont
%DVIPSBitmapFont: Fo cmbx12 12 45
/Fo 45 122 df<EC01E01403EC0FC0EC1F80EC3F00147E5C1301495A495A5C130F495A13
3F5C137F49C7FCA2485AA2485AA212075BA2120F5BA2121FA25B123FA4485AA612FFA25B
AE7FA2127FA66C7EA4121F7FA2120FA27F1207A27F1203A26C7EA26C7EA26D7E133F8013
1F6D7E1307806D7E6D7E1300147E80EC1F80EC0FC0EC03E014011B6476CA2C>40
D<12F07E127E7E6C7E6C7E6C7E7F6C7E6C7E12007F137F80133F806D7EA26D7EA26D7EA2
801303A2801301A280A27F1580A4EC7FC0A615E0A2143FAE147FA215C0A6ECFF80A41500
5BA25CA213035CA213075CA2495AA2495AA2495A5C137F91C7FC13FE5B1201485A485A5B
485A485A48C8FC127E12F85A1B647ACA2C>I<EC03C01407141F147FEB03FF133FB6FCA4
13C3EA0003B3B3ADB712FCA5264177C038>49 D<ECFFE0010F13FE013F6D7E90B612E000
0315F82607FC0313FE3A0FE0007FFFD81F806D138048C7000F13C0488001C015E001F07F
00FF6E13F07F17F881A46C5A6C5A6C5AC9FC17F05DA217E05D17C04B13804B1300A2ED1F
FC4B5A5E4B5A4B5A4A90C7FC4A5A4A5AEC0FF04A5AEC3F804AC7127814FE495A494814F8
D907E014F0495A495A49C8FC017C140149140348B7FC4816E05A5A5A5A5AB8FC17C0A42D
417BC038>I<ECFFF0010713FF011F14C0017F14F049C66C7ED803F8EB3FFED807E06D7E
81D80FF86D138013FE001F16C07FA66C5A6C4815806C485BC814005D5E4B5A4B5A4B5A4A
5B020F1380902607FFFEC7FC15F815FF16C090C713F0ED3FFCED0FFEEEFF80816F13C017
E0A26F13F0A217F8A3EA0FC0EA3FF0487EA2487EA217F0A25D17E06C5A494913C05BD83F
80491380D81FF0491300D80FFEEBFFFE6CB612F800015D6C6C14C0011F49C7FC010113E0
2D427BC038>I<163FA25E5E5D5DA25D5D5D5DA25D92B5FCEC01F7EC03E7140715C7EC0F
87EC1F07143E147E147C14F8EB01F0EB03E0130714C0EB0F80EB1F00133E5BA25B485A48
5A485A120F5B48C7FC123E5A12FCB91280A5C8000F90C7FCAC027FB61280A531417DC038
>I<0007150301E0143F01FFEB07FF91B6FC5E5E5E5E5E16804BC7FC5D15E092C8FC01C0
C9FCAAEC3FF001C1B5FC01C714C001DF14F09039FFE03FFC9138000FFE01FC6D7E01F06D
13804915C0497F6C4815E0C8FC6F13F0A317F8A4EA0F80EA3FE0487E12FF7FA317F05B5D
6C4815E05B007EC74813C0123E003F4A1380D81FC0491300D80FF0495AD807FEEBFFFC6C
B612F0C65D013F1480010F01FCC7FC010113C02D427BC038>I<4AB47E021F13F0027F13
FC49B6FC01079038807F8090390FFC001FD93FF014C04948137F4948EBFFE048495A5A14
00485A120FA248486D13C0EE7F80EE1E00003F92C7FCA25B127FA2EC07FC91381FFF8000
FF017F13E091B512F89039F9F01FFC9039FBC007FE9039FF8003FF17804A6C13C05B6F13
E0A24915F0A317F85BA4127FA5123FA217F07F121FA2000F4A13E0A26C6C15C06D491380
6C018014006C6D485A6C9038E01FFC6DB55A011F5C010714C0010191C7FC9038003FF02D
427BC038>I<121E121F13FC90B712FEA45A17FC17F817F017E017C0A2481680007EC8EA
3F00007C157E5E00785D15014B5A00F84A5A484A5A5E151FC848C7FC157E5DA24A5A1403
5D14074A5AA2141F5D143FA2147F5D14FFA25BA35B92C8FCA35BA55BAA6D5A6D5A6D5A2F
447AC238>I<EC7FF00103B5FC010F14C0013F14F090397F801FFC3A01FC0003FE48486D
7E497F4848EC7F80163F484815C0A2001F151FA27FA27F7F01FE143F6D158002C0137F02
F014006C01FC5B6E485A6C9038FF83FCEDE7F86CECFFE06C5D6C92C7FC6D14C06D80010F
14F882013F8090B7FC48013F14802607FC0F14C0260FF80314E04848C6FC496D13F0003F
141F48481307496D13F8150000FF157F90C8123F161F160FA21607A36D15F0127F160F6D
15E06C6C141F6DEC3FC06C6CEC7F80D80FFE903801FF003A07FFC00FFE6C90B55AC615F0
013F14C0010F91C7FC010013F02D427BC038>I<EE1F80A24C7EA24C7EA34C7EA24B7FA3
4B7FA24B7FA34B7F169F031F80161F82033F80ED3E07037E80157C8203FC804B7E020181
15F0820203814B137F0207815D173F020F814B7F021F8292C77EA24A82023E80027E8202
7FB7FCA291B87EA2498302F0C8FCA20103834A157F0107834A153FA249488284011F8491
C97E4984133E017E82B6020FB612F0A54C457CC455>65 D<B9FC18F018FE727E19E02600
3FFCC700077F05017F716C7E727E727EA2721380A37213C0A74E1380A24E1300A24E5A4E
5A4E5A4D5B05075B94B5128091B700FCC7FC18F018FF19E002FCC7000113F8716C7EF01F
FE727E7213801AC07213E0A27213F0A31AF8A71AF0A2601AE0604E13C0604E138095B512
0005075BBA12F86119C04EC7FC18E045447CC350>I<DCFFF01470031F01FF14F04AB6EA
E0010207EDF803023FEDFE0791B539E001FF0F4949C7EA3F9F010701F0EC0FFF4901C080
4990C87E4948814948814948167F4849163F4849161F5A4A160F485B19074890CAFC1903
5A5BA2007F1801A34994C7FC12FFAE127F7F1AF0A2123FA27F6C18011AE06C7F19036C6D
17C06E16077E6C6DEE0F806C6DEE1F006D6C5E6D6C167E6D6C6C5D6D6D4A5A6D01F0EC07
F0010101FEEC1FE06D903AFFF001FF80023F90B6C7FC020715FC020115F0DA001F148003
0001F8C8FC44467AC451>I<B9FC18F018FE727E19E026003FFEC7001F13F805017F9438
003FFF060F7F727F727F727F84737E737EA2737EA2737EA21B80A2851BC0A51BE0AD1BC0
A51B8061A21B006162193F624F5A19FF624E5B06075B4E5B063F90C7FC4DB45A050F13F8
BA5A19C04EC8FC18F095C9FC4B447CC356>I<BA12F8A485D8001F90C71201EF003F180F
180318011800A2197E193EA3191EA21778A285A405F890C7FCA316011603161F92B5FCA5
ED001F160316011600A2F101E01778A2F103C0A494C7FC1907A21A80A2190FA2191FA219
3FF17F0061601807181F4DB5FCBBFC61A443447DC34A>I<B712E0A5D8001F90C7FCB3B3
B3A4B712E0A523447DC32A>73 D<B76C0103B512F8A526003FFEC93807E0004F5A4F5A07
7EC7FC614E5A4E5A4E5AF01F804EC8FC187E604D5AEF07F0EF0FC04D5A4DC9FC177E4C5A
EE03F04C5A4C5A4C7EEE7FF04C7E5D4B7F4B7F4B7FED3F3FDB7E1F7F03FC806E486C7F4B
7E4B6C7F0380804B6C7F4A7F717E84717F83717F85717F83717F85717F187F727E86727F
84727F86727F84B76C90B612FCA54E447CC358>75 D<923807FFC092B512FE0207ECFFC0
021F15F091267FFE0013FC902601FFF0EB1FFF01070180010313C04990C76C7FD91FFC6E
6C7E49486F7E49486F7E01FF8348496F7E48496F1380A248496F13C0A24890C96C13E0A2
4819F04982003F19F8A3007F19FC49177FA400FF19FEAD007F19FC6D17FFA3003F19F8A2
6D5E6C19F0A26E5D6C19E0A26C6D4B13C06C19806E5D6C6D4B13006C6D4B5A6D6C4B5A6D
6C4B5A6D6C4A5B6D01C001075B6D01F0011F5B010101FE90B5C7FC6D90B65A023F15F802
0715C002004AC8FC030713C047467AC454>79 D<B9FC18F018FE727E19E0D8001F90C700
0F7F05017F716C7E727E727E721380A21AC084A21AE0A91AC0A24E1380A21A00604E5A4E
5A4D485A050F5B92B712C096C7FC18FC18C092CBFCB3A7B712E0A543447DC34D>I<B812
F8EFFFC018F818FE727ED8001F90C7003F13E005037F05007F727E727E727EA28684A286
A762A24E90C7FCA24E5A61187F943801FFF005075B053F138092B7C8FC18F818E018F892
C77FEF3FFF050F7F717F717FA2717FA2717FA785A61B0F85A2187F73131F72141EB700E0
6DEB803E72EBE0FC72EBFFF8060114F0726C13E0CC0007138050457DC354>82
D<DAFFE0131C010701FE133C013F9038FF807C90B6EAE0FC4815F9489038801FFF3907FC
00014848EB007F4848143F4848140F491407007F15035B1601160012FF177CA27FA26D15
3C7F7F6D92C7FC6C7EEBFFE014FE6CEBFFF015FF6C15E016FC6C816C6F7E6C826C826C6C
81011F810107811300020F80140003077FED007F82040F1380828212F082A282A27EA218
007EA26C5D6C5E6D14036D5D6D140701F84A5A01FFEC3FF002F8EBFFE0486CB65AD8FC1F
92C7FCD8F80714FC48C614F0480107138031467AC43E>I<003FBA12E0A59026FE000FEB
8003D87FE09338003FF049171F90C71607A2007E1803007C1801A300781800A400F819F8
481978A5C81700B3B3A20107B8FCA545437CC24E>I<903801FFE0011F13FE017F6D7E48
B612E03A03FE007FF84848EB1FFC6D6D7E486C6D7EA26F7FA36F7F6C5A6C5AEA00F090C7
FCA40203B5FC91B6FC1307013F13F19038FFFC01000313E0000F1380381FFE00485A5B12
7F5B12FF5BA35DA26D5B6C6C5B4B13F0D83FFE013EEBFFC03A1FFF80FC7F0007EBFFF86C
ECE01FC66CEB8007D90FFCC9FC322F7DAD36>97 D<EB7FC0B5FCA512037EB1ED0FF892B5
7E02C314E002CF14F89139DFC03FFC9139FF000FFE02FCEB03FF4A6D13804A15C04A6D13
E05CEF7FF0A218F8173FA318FCAC18F8A2177F18F0A3EFFFE06E15C06E5B6E491380027C
491300496C495A903AFC1FC07FFC496CB512F0D9F00314C049C691C7FCC8EA1FF036467D
C43E>I<EC3FFC49B512C0010F14F0013F14FC90397FF003FE9039FFC001FF0003495A48
494813805B120F485AA2485A6F1300007F6E5AED00784991C7FCA212FFAC6C7EA3123F6D
EC03C0A26C6C1407000F16806D140F6C6DEB1F006C6D133E6C01F05B3A007FFC03F86DB5
5A010F14C0010391C7FC9038003FF82A2F7CAD32>I<EE03FEED07FFA5ED001F160FB1EC
3FE0903803FFFC010FEBFF8F013F14CF9039FFF807FF48EBC00148903880007F4890C712
3F4848141F49140F121F485AA3127F5BA212FFAC127FA37F123FA26C6C141FA26C6C143F
0007157F6C6C91B5FC6CD9C00314FC6C9038F01FEF6DB5128F011FEBFE0F010713F89026
007FC0EBF80036467CC43E>I<EC3FF80103B57E010F14E0013F8090397FF83FF89039FF
C007FC48496C7E48496C7E48486D1380485A001FED7FC05B003FED3FE0A2127F5B17F016
1F12FFA290B7FCA401F0C9FCA5127FA27FA2123F17F06C7E16016C6C15E06C6C14036C6D
EB07C06C6DEB0F806C01F0EB3F0090397FFE01FE011FB55A010714F0010114C09026001F
FEC7FC2C2F7DAD33>I<EDFF80020F13E0027F13F049B512F849EB8FFC90390FFE0FFE90
381FFC1F14F8133FEB7FF0A2ED0FFCEBFFE0ED03F0ED00C01600ABB612F8A5C601E0C7FC
B3B0007FEBFFE0A527467DC522>I<DAFFE0137E010F9039FE03FF80013FEBFF8F90B812
C048D9C07F133F489038001FF84848EB0FFC4848903907FE1F80001F9238FF0F00496D90
C7FCA2003F82A8001F93C7FCA26D5B000F5D6C6C495A6C6C495A6C9038C07FF04890B55A
1680D8078F49C8FC018013E0000F90CAFCA47F7F7F90B612C016FC6CEDFF8017E06C826C
16FC7E000382000F82D81FF0C77ED83FC014074848020113808248C9FC177FA46D15FF00
7F17006D5C6C6C4A5A6C6C4A5AD80FFEEC3FF83B07FFC001FFF0000190B612C06C6C92C7
FC010F14F8D9007F90C8FC32427DAC38>I<EB7FC0B5FCA512037EB1ED07FE92383FFF80
92B512E002C114F89139C7F03FFC9138CF801F9139DF000FFE14DE14FC4A6D7E5CA25CA3
5CB3A7B60083B512FEA537457CC43E>I<137C48B4FC4813804813C0A24813E0A56C13C0
A26C13806C1300EA007C90C7FCAAEB7FC0EA7FFFA512037EB3AFB6FCA518467CC520>I<
EB7FC0B5FCA512037EB293387FFFE0A593380FE0004C5A4CC7FC167E5EED03F8ED07E04B
5A4B5A037FC8FC15FEECC1FCECC3FE14C7ECDFFF91B57E82A202F97F02E17F02C07FEC80
7F6F7E826F7E816F7F836F7F816F7F83707E163FB60003B512F8A535457DC43B>107
D<EB7FC0B5FCA512037EB3B3B3A3B61280A519457CC420>I<90277F8007FEEC0FFCB590
263FFFC090387FFF8092B5D8F001B512E002816E4880913D87F01FFC0FE03FF8913D8FC0
0FFE1F801FFC0003D99F009026FF3E007F6C019E6D013C130F02BC5D02F86D496D7EA24A
5D4A5DA34A5DB3A7B60081B60003B512FEA5572D7CAC5E>I<90397F8007FEB590383FFF
8092B512E0028114F8913987F03FFC91388F801F000390399F000FFE6C139E14BC02F86D
7E5CA25CA35CB3A7B60083B512FEA5372D7CAC3E>I<EC1FFC49B512C0010714F0011F14
FC90397FF80FFF9026FFC0017F48496C7F4848C7EA3FE000078248486E7E49140F001F82
A2003F82491407007F82A400FF1780AA007F1700A46C6C4A5AA2001F5E6D141F000F5E6C
6C4A5AA26C6C6CEBFFE06C6D485B27007FF80F90C7FC6DB55A010F14F8010114C0902600
1FFCC8FC312F7DAD38>I<90397FC00FF8B590B57E02C314E002CF14F89139DFC03FFC91
39FF001FFE000301FCEB07FF6C496D13804A15C04A6D13E05C7013F0A2EF7FF8A4EF3FFC
ACEF7FF8A318F017FFA24C13E06E15C06E5B6E4913806E4913006E495A9139DFC07FFC02
CFB512F002C314C002C091C7FCED1FF092C9FCADB67EA536407DAC3E>I<90387F807FB5
3881FFE0028313F0028F13F8ED8FFC91389F1FFE000313BE6C13BC14F8A214F0ED0FFC91
38E007F8ED01E092C7FCA35CB3A5B612E0A5272D7DAC2E>114 D<90391FFC038090B512
87000314FF120F381FF003383FC00049133F48C7121F127E00FE140FA215077EA27F01E0
90C7FC13FE387FFFF014FF6C14C015F06C14FC6C800003806C15806C7E010F14C0EB003F
020313E0140000F0143FA26C141F150FA27EA26C15C06C141FA26DEB3F8001E0EB7F0090
38F803FE90B55A00FC5CD8F03F13E026E007FEC7FC232F7CAD2C>I<EB01E0A51303A413
07A2130FA2131FA2133F137F13FF1203000F90B51280B7FCA4C601E0C7FCB3A3ED01E0A9
150302F013C0137F150790393FF80F8090391FFC1F006DB5FC6D13FC01015B9038003FE0
23407EBE2C>I<D97FC049B4FCB50103B5FCA50003EC000F6C81B3A85EA25EA25E7E6E49
1380017FD901F713FE9138F807E76DB512C7010F1407010313FE9026007FF0EBFC00372E
7CAC3E>I<B6903803FFFCA5000101E09038003E006C163C80017F5D8017F8013F5D6E13
01011F5D6E1303010F5D6E13076D5DED800F6D92C7FC15C05E6DEBE01E163E6D143CEDF0
7C027F1378EDF8F8023F5B15FD021F5B15FF6E5BA36E5BA26E90C8FCA26E5AA26E5AA215
78362C7EAB3B>I<B5D8FE1FB539801FFFF0A500019027C0003FE0C7EA7C007114786E17
F86C6F6C5C6E1601017F6E6C5CA26E011F1403013F6F5C6E013F1407011F6F5CA26E0179
140F010F048090C7FC6E01F95C6D02F0EBC01E15806D902681E07F5B18E003C3157C6D91
39C03FF07815E76DDA801F5B18F803FF14F96E9039000FFDE018FF6E486D5BA36E486D5B
A26E486D90C8FCA24B7F02075DA26E48147C4B143C4C2C7EAB51>I<B500FE90383FFFF0
A5C601F0903803E0006D6C495A013F4A5A6D6C49C7FC6E5B6D6C137E6DEB807C6D6D5A6D
EBC1F0EDE3E06DEBF7C06EB45A806E90C8FC5D6E7E6E7F6E7FA24A7F4A7F8291381F3FFC
EC3E1F027C7F4A6C7E49486C7F01036D7F49487E02C08049486C7F49C76C7E013E6E7E01
7E141FB500E090B512FCA5362C7EAB3B>I<B6903803FFFCA5000101E09038003E006C16
3C80017F5D8017F8013F5D6E1301011F5D6E1303010F5D6E13076D5DED800F6D92C7FC15
C05E6DEBE01E163E6D143CEDF07C027F1378EDF8F8023F5B15FD021F5B15FF6E5BA36E5B
A26E90C8FCA26E5AA26E5AA21578A215F85D14015D001F1303D83F805B387FC007D8FFE0
5B140F92C9FC5C143E495A387FC1F8EB07F06CB45A6C5B000790CAFCEA01FC36407EAB3B
>I E
%EndDVIPSBitmapFont
end
%%EndProlog
%%BeginSetup
%%Feature: *Resolution 600dpi
TeXDict begin
%%PaperSize: A4

%%EndSetup
%%Page: 1 1
1 0 bop 846 282 a Fo(Implemen)m(ting)35 b(In)m(ternet)h(Key)i(Exc)m
(hange)g(\(IKE\))1594 523 y Fn(Niklas)32 b(Hallqvist)1374
639 y(Applitron)f(Datasystem)h(AB)1474 756 y Fm(niklas@openbsd.org)1465
988 y Fn(Angelos)g(D.)g(Kerom)m(ytis)806 1104 y(Distributed)f(Systems)j
(Lab,)e(Univ)m(ersit)m(y)i(of)e(P)m(ennsylv)-5 b(ania)1448
1220 y Fm(angelos@openbsd.org)0 1546 y Fl(Abstract)0
1829 y Fk(A)29 b(k)n(ey)e(comp)r(onen)n(t)h(of)h(the)f(IP)g(Securit)n
(y)g(arc)n(hitecture)f(is)0 1928 y(the)21 b(In)n(ternet)g(Key)f(Exc)n
(hange)f(proto)r(col.)33 b(IKE)20 b(is)h(in)n(v)n(ok)n(ed)0
2028 y(to)46 b(establish)f(session)g(k)n(eys)g(\(and)i(asso)r(ciated)d
(crypto-)0 2128 y(graphic)25 b(and)g(net)n(w)n(orking)g
(con\014guration\))f(b)r(et)n(w)n(een)i(t)n(w)n(o)0 2227
y(hosts)20 b(across)e(the)j(net)n(w)n(ork.)33 b(IKE)19
b(needs)h(to)g(authen)n(ticate)0 2327 y(and)32 b(authorize)f(the)h
(parties)f(in)n(v)n(olv)n(ed)g(in)h(an)f(exc)n(hange,)0
2427 y(negotiate)h(parameters)g(to)h(b)r(e)g(used)g(for)g(the)h(comm)n
(uni-)0 2526 y(cation,)25 b(and)g(in)n(teract)g(with)g(the)h(lo)r(cal)f
(IPsec)f(stac)n(k.)35 b(The)0 2626 y(n)n(um)n(b)r(er)24
b(of)f(tasks,)h(along)f(with)h(the)g(\015exibilit)n(y)g(built)g(in)n
(to)0 2725 y(the)i(proto)r(col,)f(as)g(w)n(ell)h(as)f(the)h(need)f(to)h
(allo)n(w)f(future)h(ad-)0 2825 y(ditions)35 b(and)g(mo)r
(di\014cations)g(to)g(the)h(proto)r(col,)g(need)f(to)0
2925 y(b)r(e)25 b(tak)n(en)g(in)n(to)f(consideration)g(when)h
(designing)f(and)h(im-)0 3024 y(plemen)n(ting)j(IKE.)0
3224 y(Another)c(complicating)g(factor)g(is)g(the)h(need)g(for)f
(securit)n(y)0 3323 y(p)r(olicy)c(managemen)n(t.)33 b(Although)20
b(IKE)f(can)h(establish)g(se-)0 3423 y(curit)n(y)k(asso)r(ciations)e
(with)i(remote)g(hosts,)g(some)g(metho)r(d)0 3522 y(for)e(determining)h
(what)f(kinds)h(of)f(tra\016c)h(can)f(and)g(should)0
3622 y(b)r(e)34 b(exc)n(hanged)e(with)i(a)f(remote)g(host)g(is)g
(necessary)-7 b(.)53 b(As)0 3722 y(there)40 b(is)f(no)h(standard)e(sp)r
(eci\014cation)i(y)n(et,)i(w)n(e)e(are)e(us-)0 3821 y(ing)c(a)g
(trust-managemen)n(t)f(based)h(approac)n(h)f(using)h(the)0
3921 y(KeyNote)27 b(system)g(as)g(a)g(basis)g(for)g(sp)r(ecifying)h(p)r
(olicy)-7 b(.)0 4120 y(This)36 b(pap)r(er)f(discusses)g(the)h(design,)i
(arc)n(hitecture,)e(and)0 4220 y(implemen)n(tation)f(details)g(of)f
(the)i(Op)r(enBSD)f(IKE)f(dae-)0 4319 y(mon,)i(with)f(separate)f(men)n
(tion)g(of)h(the)g(securit)n(y)e(p)r(olicy)0 4419 y(mec)n(hanism.)0
4818 y Fo(1)112 b(In)m(tro)s(duction)0 5101 y Fk(The)26
b(IP)f(Securit)n(y)g(arc)n(hitecture)f([)p Fj(?)p Fk(],)i(as)f(sp)r
(eci\014ed)h(b)n(y)f(the)0 5201 y(IETF)41 b(\(In)n(ternet)h
(Engineering)e(T)-7 b(ask)41 b(F)-7 b(orce\),)44 b(is)e(com-)0
5300 y(prised)d(of)h(a)f(set)g(of)h(proto)r(cols)e(that)i(pro)n(vide)e
(data)h(in-)0 5400 y(tegrit)n(y)-7 b(,)43 b(con\014den)n(tialit)n(y)-7
b(,)42 b(repla)n(y)d(protection,)k(and)d(au-)2010 1546
y(then)n(tication)29 b(at)g(the)h(net)n(w)n(ork)e(la)n(y)n(er.)40
b(This)30 b(p)r(ositioning)2010 1645 y(in)38 b(the)g(net)n(w)n(ork)f
(stac)n(k)g(o\013ers)g(considerable)f(\015exibilit)n(y)2010
1745 y(in)f(transparen)n(tly)e(emplo)n(ying)g(IPsec)h(in)h(di\013eren)n
(t)f(roles)2010 1845 y(\()p Fi(e.g.,)c Fk(in)f(building)f(Virtual)g
(Priv)-5 b(ate)27 b(Net)n(w)n(orks,)g(end-to-)2010 1944
y(end)f(securit)n(y)-7 b(,)25 b(remote)g(access,)f Fi(etc.)p
Fk(\).)37 b(Suc)n(h)26 b(\015exibilit)n(y)f(is)2010 2044
y(not)h(p)r(ossible)f(in)h(higher)f(or)g(lo)n(w)n(er)f(lev)n(els)h(of)g
(abstraction.)2010 2243 y(The)e(o)n(v)n(erall)d(IPsec)i(arc)n
(hitecture)f(is)i(v)n(ery)e(similar)h(to)h(pre-)2010
2343 y(vious)k(w)n(ork)f([)p Fj(?)p Fk(])i(and)f(is)h(comp)r(osed)f(of)
g(three)h(mo)r(dules:)2093 2616 y Fh(\017)41 b Fk(The)36
b(data)g(encryption/authen)n(tication)f(proto)r(cols)2176
2716 y([)p Fj(?)p Fk(,)41 b Fj(?)p Fk(].)75 b(These)41
b(are)e(the)i(\\wire)e(proto)r(cols,")j(used)2176 2815
y(for)37 b(encapsulating)f(IP)h(pac)n(k)n(ets)f(to)i(b)r(e)f
(protected.)2176 2915 y(Outgoing)19 b(pac)n(k)n(ets)f(are)h(authen)n
(ticated,)i(encrypted,)2176 3014 y(and)53 b(encapsulated)g(just)h(b)r
(efore)f(b)r(eing)g(sen)n(t)g(to)2176 3114 y(the)33 b(net)n(w)n(ork,)e
(and)h(incoming)g(pac)n(k)n(ets)f(are)g(decap-)2176 3214
y(sulated,)49 b(v)n(eri\014ed,)g(and)c(decrypted)g(immediately)2176
3313 y(up)r(on)25 b(receipt.)35 b(These)25 b(proto)r(cols)e(are)g(t)n
(ypically)h(im-)2176 3413 y(plemen)n(ted)42 b(inside)g(the)g(k)n
(ernel,)i(for)d(p)r(erformance)2176 3513 y(and)35 b(securit)n(y)f
(reasons.)57 b(A)35 b(brief)g(o)n(v)n(erview)e(of)i(the)2176
3612 y(Op)r(enBSD)29 b(k)n(ernel)f(IPsec)g(arc)n(hitecture)g(is)h(giv)n
(en)f(in)2176 3712 y(Section)g(2.)2093 3874 y Fh(\017)41
b Fk(The)f(k)n(ey)f(exc)n(hange)f(proto)r(col)h(\(IKE\))g([)p
Fj(?)q Fk(])g(is)h(used)2176 3974 y(to)23 b(dynamically)g(establish)g
(and)g(main)n(tain)h(Securit)n(y)2176 4073 y(Asso)r(ciations)38
b(\(SAs\).)72 b(An)39 b(SA)h(is)e(the)i(set)f(of)g(pa-)2176
4173 y(rameters)26 b(necessary)f(for)i(one-w)n(a)n(y)e(secure)i(comm)n
(u-)2176 4273 y(nication)21 b(b)r(et)n(w)n(een)h(t)n(w)n(o)f(hosts)g
(\()p Fi(e.g.,)k Fk(cryptographic)2176 4372 y(k)n(eys,)k(algorithm)e(c)
n(hoice,)i(ordering)e(of)i(transforms,)2176 4472 y Fi(etc.)p
Fk(\).)38 b(Although)27 b(the)g(wire)g(proto)r(cols)f(can)h(b)r(e)g
(used)2176 4572 y(on)38 b(their)h(o)n(wn)e(using)i(man)n(ual)e(k)n(ey)h
(managemen)n(t,)2176 4671 y(wide)27 b(deplo)n(ymen)n(t)f(and)g(use)h
(of)f(IPsec)g(in)h(the)g(In)n(ter-)2176 4771 y(net)32
b(requires)d(automated,)j(on-demand)e(SA)i(estab-)2176
4870 y(lishmen)n(t.)2176 5001 y(Due)c(to)f(the)h(large)e(n)n(um)n(b)r
(er)i(and)f(v)-5 b(ariet)n(y)27 b(of)g(con\014g-)2176
5101 y(urations)38 b(and)i(options)e(an)h(IKE)g(implemen)n(tation)2176
5201 y(m)n(ust)34 b(supp)r(ort,)h(this)g(part)e(of)h(the)g(IPsec)f(arc)
n(hitec-)2176 5300 y(ture)c(tends)h(to)f(dominate)g(the)h(other)e(t)n
(w)n(o)h(in)g(terms)2176 5400 y(of)k(co)r(de)g(size)f(and)h(complexit)n
(y)-7 b(.)52 b(The)33 b(\014rst)g(part)f(of)p eop
%%Page: 2 2
2 1 bop 166 83 a Fk(this)36 b(pap)r(er)e(discusses)h(the)g(Op)r(enBSD)h
(implemen-)166 183 y(tation)27 b(of)h(IKE.)83 366 y Fh(\017)41
b Fk(The)50 b(p)r(olicy)h(mo)r(dule)f(go)n(v)n(erns)e(the)j(handling)f
(of)166 466 y(pac)n(k)n(ets)34 b(on)h(their)h(w)n(a)n(y)e(in)n(to)h(or)
f(out)i(of)f(an)g(IPsec-)166 566 y(complian)n(t)28 b(host.)39
b(Ev)n(en)27 b(though)h(the)h(securit)n(y)e(pro-)166
665 y(to)r(cols)37 b(protect)f(the)i(data)f(from)g(tamp)r(ering,)i
(they)166 765 y(do)g(not)g(address)f(the)i(issue)e(of)i(whic)n(h)f
(host)g(is)g(al-)166 865 y(lo)n(w)n(ed)k(to)h(exc)n(hange)f(what)h
(kind)h(of)f(tra\016c)g(with)166 964 y(what)33 b(other)g(host.)54
b(While)34 b(traditional)f(pac)n(k)n(et)f(\014l-)166
1064 y(tering)g(mec)n(hanisms,)h(suc)n(h)g(as)f(emplo)n(y)n(ed)f(in)i
(mo)r(d-)166 1163 y(ern)21 b(\014rew)n(alls,)g(can)g(b)r(e)g(used)g
(\(with)h(minor)f(mo)r(di\014ca-)166 1263 y(tions\))g(in)h(enforcing)e
(tra\016c)h(p)r(olicies,)h(a)f(higher-lev)n(el)166 1363
y(mec)n(hanism)28 b(for)g(v)-5 b(alidating)28 b(and)g(con\014guring)f
(suc)n(h)166 1462 y(\014lters)f(is)g(needed.)37 b(The)26
b(second)f(part)h(of)g(this)h(pap)r(er)166 1562 y(discusses)f(the)i
(implemen)n(tation)f(of)g(a)f(securit)n(y)g(p)r(ol-)166
1662 y(icy)j(mec)n(hanism)f(based)g(on)h(trust)g(managemen)n(t)f([)p
Fj(?)p Fk(])166 1761 y(in)g(the)g(Op)r(enBSD)g(IPsec.)0
2069 y Fl(1.1)105 b(P)m(ap)s(er)35 b(Organization)0 2377
y Fk(The)25 b(remainder)f(of)h(this)h(pap)r(er)e(is)h(organized)f(as)g
(follo)n(ws.)0 2476 y(Section)g(2)g(outlines)g(the)h(Op)r(enBSD)g
(IPsec)e(arc)n(hitecture.)0 2576 y(Section)g(3)f(giv)n(es)g(a)g(brief)h
(o)n(v)n(erview)e(of)i(the)g(IKE)f(proto)r(col,)0 2676
y(while)28 b(Section)f(4)g(discusses)g(the)h(design)f(and)g(implemen-)0
2775 y(tation)37 b(of)f(the)i(Op)r(enBSD)f(IKE)f(implemen)n(tation,)j
(and)0 2875 y(Section)e(5)g(presen)n(ts)g(the)h(securit)n(y)e(p)r
(olicy)i(mec)n(hanism.)0 2975 y(Related)28 b(and)f(future)h(w)n(ork)e
(is)i(presen)n(ted)f(in)g(Section)h(6.)0 3399 y Fo(2)112
b(Op)s(enBSD)38 b(IPsec)0 3706 y Fk(IPsec)43 b(in)h(the)g(Op)r(enBSD)h
(k)n(ernel)e(is)g(implemen)n(ted)i(as)0 3806 y(just)24
b(another)f(pair)g(of)g(IP)g(transp)r(ort)g(proto)r(cols)f(\(AH)i(and)0
3906 y(ESP\).)f(Th)n(us,)h(incoming)f(IPsec)f(pac)n(k)n(ets)g(destined)
i(to)f(the)0 4005 y(lo)r(cal)37 b(host)g(are)f(submitted)i(to)f(the)h
(appropriate)d(IPsec)0 4105 y(proto)r(col)27 b(for)h(pro)r(cessing)f
(based)h(on)g(the)h(proto)r(col)e(n)n(um-)0 4204 y(b)r(er)38
b(in)g(the)g(IP)g(header.)67 b(The)38 b(SA)g(needed)g(to)g(pro)r(cess)0
4304 y(the)27 b(pac)n(k)n(et)f(is)h(lo)r(cated)g(in)g(an)g(in-k)n
(ernel)f(database)f(using)0 4404 y(information)33 b(retriev)n(ed)f
(from)h(the)h(pac)n(k)n(et)e(itself.)55 b(Once)0 4503
y(the)25 b(pac)n(k)n(et)f(has)g(b)r(een)h(correctly)e(pro)r(cessed)h
(\(decrypted,)0 4603 y(authen)n(ticit)n(y)36 b(v)n(eri\014ed,)i
Fi(etc.)p Fk(\),)h(it)d(is)g(re-queued)g(for)f(fur-)0
4703 y(ther)30 b(pro)r(cessing)e(b)n(y)h(the)h(IP)f(mo)r(dule,)i
(accompanied)d(b)n(y)0 4802 y(additional)e(information)h(\(suc)n(h)g
(as)f(the)h(fact)g(that)h(it)f(w)n(as)0 4902 y(receiv)n(ed)35
b(securely\))h(for)g(use)g(b)n(y)g(higher)f(proto)r(cols)g(and)0
5001 y(the)28 b(so)r(c)n(k)n(et)f(la)n(y)n(er.)0 5201
y(Outgoing)38 b(pac)n(k)n(ets)g(require)h(somewhat)g(di\013eren)n(t)g
(pro-)0 5300 y(cessing.)c(When)26 b(a)f(pac)n(k)n(et)f(is)h(handed)g
(to)g(the)h(IP)f(mo)r(dule)0 5400 y(for)40 b(transmission,)i(a)e(lo)r
(okup)g(is)g(made)g(in)h(a)f(mo)r(di\014ed)2010 83 y(v)n(ersion)30
b(of)i(the)g(routing)f(table)h(\(called)f(Securit)n(y)g(P)n(olicy)2010
183 y(Database,)24 b(or)e(SPD,)i(in)g(the)g(IPsec)e(standards\))h(to)h
(deter-)2010 282 y(mine)k(whether)f(that)g(pac)n(k)n(et)f(needs)i(to)f
(b)r(e)g(pro)r(cessed)f(b)n(y)2010 382 y(IPsec.)56 b(If)34
b(this)h(is)f(the)g(case,)h(the)g(result)f(of)g(the)h(lo)r(okup)2010
482 y(also)22 b(sp)r(eci\014es)g(what)h(SA\(s\))g(to)g(use)g(for)f
(IPsec-pro)r(cessing)2010 581 y(the)32 b(pac)n(k)n(et.)49
b(Once)31 b(pro)r(cessed,)h(the)g(pac)n(k)n(et)f(is)h(then)g(re-)2010
681 y(queued)25 b(for)g(transmission)e(b)n(y)i(IP)-7
b(.)25 b(If)g(no)g(SA)g(is)g(curren)n(tly)2010 780 y(established)k
(with)g(the)h(destination)f(host,)g(the)g(pac)n(k)n(et)f(is)2010
880 y(dropp)r(ed)j(and)f(a)h(message)e(is)i(sen)n(t)g(to)f(the)h(k)n
(ey)g(manage-)2010 980 y(men)n(t)j(daemon)f(through)g(the)h
Fj(PF)p 3141 980 29 4 v 34 w(KEY)g Fk(in)n(terface)f([)p
Fj(?)p Fk(].)2010 1079 y(It)h(is)g(then)g(the)h(k)n(ey)e(managemen)n
(t's)g(task)g(to)h(negotiate)2010 1179 y(the)28 b(necessary)e(SAs.)2010
1378 y(T)-7 b(o)44 b(manage)f(the)i(SA)g(and)f(SPD)g(tables,)49
b(w)n(e)44 b(use)g(the)2010 1478 y(PF)p 2126 1478 25
4 v 30 w(KEY)38 b(in)n(terface,)i(whic)n(h)f(is)f(similar)g(in)h
(concept)f(to)2010 1577 y(the)29 b(routing)e(so)r(c)n(k)n(et)g(in)n
(terface)g(a)n(v)-5 b(ailable)27 b(in)i(BSD.)f(Both)2010
1677 y(man)n(ual)36 b(k)n(eying)g(utilities)i(and)f(k)n(ey)f(managemen)
n(t)g(dae-)2010 1777 y(mons)20 b(\(suc)n(h)h(as)f(IKE)f(or)h(Photuris)f
([)p Fj(?)q Fk(]\))i(use)f(this)h(in)n(terface)2010 1876
y(to)27 b(comm)n(unicate)h(with)g(the)g(k)n(ernel.)2010
2076 y(A)e(somewhat)f(dated)h(o)n(v)n(erview)e(of)i(the)g(Op)r(enBSD)g
(IPsec)2010 2175 y(arc)n(hitecture)g(is)i(giv)n(en)f(in)h([)p
Fj(?)p Fk(].)2010 2600 y Fo(3)112 b(The)38 b(IKE)e(Proto)s(col)2010
2909 y Fk(IPsec)d(pro)n(vides)g(a)h(solution)g(to)g(the)g(problem)g(of)
g(secur-)2010 3009 y(ing)k(comm)n(unications.)70 b(Ho)n(w)n(ev)n(er,)39
b(for)f(large-scale)e(de-)2010 3109 y(plo)n(ymen)n(t)31
b(and)g(use,)h(an)e(automated)h(metho)r(d)h(for)f(man-)2010
3208 y(aging)41 b(SAs)h(and)g(k)n(ey)f(setup)h(is)g(required.)80
b(There)41 b(are)2010 3308 y(sev)n(eral)32 b(issues)g(in)i(this)f
(problem)g(domain:)48 b(negotiation)2010 3407 y(of)e(SA)g(attributes,)
51 b(authen)n(tication,)f(secure)45 b(k)n(ey)g(dis-)2010
3507 y(tribution,)f(and)c(k)n(ey)g(aging)f(to)h(name)g(some.)75
b(Man)n(ual)2010 3607 y(managemen)n(t)41 b(is)i(complicated,)i
(tedious,)h(error-prone,)2010 3706 y(and)h(do)r(es)g(not)g(scale.)95
b(Standardized)46 b(proto)r(cols)g(ad-)2010 3806 y(dressing)g(these)i
(issues)e(are)h(needed;)57 b(IETF's)47 b(recom-)2010
3906 y(mended)37 b(proto)r(col)f(is)h(named)g(IKE,)f(the)i(In)n(ternet)
f(Key)2010 4005 y(Exc)n(hange.)58 b(IKE)34 b(is)h(based)g(on)g(a)g
(framew)n(ork)e(proto)r(col)2010 4105 y(called)22 b(ISAKMP)h(and)f
(implemen)n(ts)h(seman)n(tics)f(from)h(the)2010 4204
y(Oakley)32 b(k)n(ey)g(exc)n(hange,)g(therefore)g(IKE)g(is)h(also)f
(kno)n(wn)2010 4304 y(as)27 b(ISAKMP/Oakley)-7 b(.)2010
4503 y(The)23 b(IKE)e(proto)r(col)g(is)i(unfortunately)f(a)g(rather)g
(complex)2010 4603 y(one,)35 b(with)f(man)n(y)g(mo)r(des)f(and)h
(options.)55 b(F)-7 b(urthermore,)2010 4703 y(new)24
b(extensions)f(prop)r(osed)f(result)i(in)g(a)f(further)g(increase)2010
4802 y(in)35 b(complexit)n(y)-7 b(.)59 b(In)n(terop)r(eration)34
b(has)g(b)r(een)i(a)f(problem)2010 4902 y(b)r(ecause)g(of)g(this,)i
(but)f(w)n(e)e(are)g(b)r(eginning)h(to)g(see)g(go)r(o)r(d)2010
5001 y(in)n(terop)r(erabilit)n(y)28 b(in)i(the)g(mandatory)e(parts)h
(of)g(the)h(pro-)2010 5101 y(to)r(col.)2010 5300 y(The)35
b(IKE)f(proto)r(col)g(has)g(t)n(w)n(o)h(phases:)50 b(the)36
b(\014rst)f(phase)2010 5400 y(establishes)k(a)g(secure)g(c)n(hannel)g
(b)r(et)n(w)n(een)h(the)g(t)n(w)n(o)f(k)n(ey)p eop
%%Page: 3 3
3 2 bop 0 83 a Fk(managemen)n(t)39 b(daemons,)k(while)e(in)g(the)g
(second)f(phase)0 183 y(IPsec)j(SAs)i(can)f(b)r(e)h(directly)f
(negotiated.)86 b(The)44 b(\014rst)0 282 y(phase)23 b(negotiates)g(at)g
(least)h(an)f(authen)n(tication)h(metho)r(d,)0 382 y(an)36
b(encryption)f(algorithm,)i(a)e(hash)h(algorithm,)h(and)e(a)0
482 y(Di\016e-Hellman)c([)p Fj(?)p Fk(])f(group.)44 b(This)30
b(set)g(of)h(parameters)d(is)0 581 y(called)i(a)f(\\Phase)f(1)i(SA.")g
(Using)g(this)g(information,)g(the)0 681 y(p)r(eers)24
b(authen)n(ticate)g(eac)n(h)g(other)f(and)i(compute)f(k)n(ey)g(ma-)0
780 y(terial)30 b(to)g(use)g(for)g(protecting)g(Phase)f(2.)44
b(Dep)r(ending)31 b(on)0 880 y(the)24 b(protection)g(suite)g(sp)r
(eci\014ed)g(during)f(Phase)g(1,)h(di\013er-)0 980 y(en)n(t)33
b(mo)r(des)g(can)f(b)r(e)i(used)e(to)h(establish)g(a)f(Phase)g(1)h(SA,)
0 1079 y(the)38 b(t)n(w)n(o)f(most)g(imp)r(ortan)n(t)g(ones)g(b)r(eing)
h(\\main)e(mo)r(de")0 1179 y(and)31 b(\\aggressiv)n(e)c(mo)r(de.")45
b(Main)31 b(mo)r(de)g(pro)n(vides)e(iden-)0 1279 y(tit)n(y)24
b(protection,)h(b)n(y)f(transmitting)f(the)i(iden)n(tities)g(of)f(the)0
1378 y(p)r(eers)35 b(encrypted.)62 b(Aggressiv)n(e)34
b(mo)r(de)i(pro)n(vides)e(some-)0 1478 y(what)42 b(w)n(eak)n(er)f
(guaran)n(tees,)j(but)f(requires)f(few)n(er)f(mes-)0
1577 y(sages)28 b(and)i(allo)n(ws)e(for)h(\\road)f(w)n(arrior")1323
1547 y Fg(1)1390 1577 y Fk(t)n(yp)r(es)h(of)h(con-)0
1677 y(\014guration)c(using)i(passphrase-based)c(authen)n(tication.)0
1876 y(The)g(second)f(phase)h(is)g(commonly)f(called)h(\\quic)n(k)e(mo)
r(de")0 1976 y(and)30 b(results)g(in)h(a)f(IPsec)g(SA)h(tuple)g(\(one)f
(incoming)g(and)0 2076 y(one)40 b(outgoing\).)74 b(As)40
b(quic)n(k)g(mo)r(de)g(is)h(protected)e(b)n(y)h(a)0 2175
y(Phase)f(1)g(SA,)h(it)g(do)r(es)f(not)h(need)g(to)f(pro)n(vide)g(its)h
(o)n(wn)0 2275 y(authen)n(tication)29 b(protection,)h(allo)n(wing)f
(for)g(a)g(fast)h(nego-)0 2374 y(tiation)f(\(hence)g(the)g(name\).)41
b(Optionally)-7 b(,)28 b(a)h(new)g(Di\016e-)0 2474 y(Hellman)e
(computation)g(can)g(b)r(e)g(done,)g(pro)n(viding)f(\\P)n(er-)0
2574 y(fect)34 b(F)-7 b(orw)n(ard)33 b(Secrecy".)54 b(PFS)34
b(is)g(an)f(attribute)h(of)g(en-)0 2673 y(crypted)18
b(comm)n(unications)g(allo)n(wing)f(for)h(a)g(transien)n(t)g(ses-)0
2773 y(sion)32 b(k)n(ey)h(to)f(get)h(compromised)f(without)h
(a\013ecting)g(the)0 2873 y(securit)n(y)i(of)i(future)g(k)n(eys)e
(negotiated)h(under)g(the)h(same)0 2972 y(Phase)j(1)g(SA)i(\(in)f
(other)g(w)n(ords,)i(all)d(session)g(k)n(eys)g(are)0
3072 y(cryptographically)25 b(indep)r(enden)n(t\).)0
3514 y Fo(4)112 b(Op)s(enBSD)38 b(IKE)0 3841 y Fk(During)k(spring)f
(1998,)i(Ericsson)d(Radio)h(Systems)h(w)n(as)0 3940 y(lo)r(oking)23
b(for)h(tec)n(hnology)e(that)j(could)f(secure)f(general)g(IP-)0
4040 y(tra\016c)g(in)h(net)n(w)n(orks)e(of)i(tens,)g(ma)n(yb)r(e)f(h)n
(undreds)h(of)f(thou-)0 4140 y(sands)29 b(of)g(participating)f(hosts.)
42 b(F)-7 b(airly)29 b(so)r(on)f(it)i(b)r(ecame)0 4239
y(eviden)n(t)37 b(that)g(IPsec)f(w)n(as)g(the)h(righ)n(t)g(approac)n
(h,)g(but)h(it)0 4339 y(w)n(as)17 b(not)i(at)f(all)h(clear)e(what)i
(IKE)e(implemen)n(tation)i(to)f(use.)0 4439 y(The)30
b(IKE)g(standard)f(w)n(as)g(still)i(ev)n(olving,)e(and)h(a)n(v)-5
b(ailable)0 4538 y(implemen)n(tations)18 b(w)n(ere)g(lac)n(king)f(in)i
(either)f(functionalit)n(y)-7 b(,)0 4638 y(p)r(ortabilit)n(y)g(,)32
b(exp)r(ortabilit)n(y)-7 b(,)31 b(or)g(scalabilit)n(y)-7
b(.)46 b(After)32 b(ha)n(v-)0 4737 y(ing)f(b)r(een)g(presen)n(ted)g
(with)g(the)h(state)f(of)g(the)g(IKE)f(mar-)0 4837 y(k)n(et,)e
(Ericsson)f(agreed)g(to)h(fund)h(the)f(dev)n(elopmen)n(t)g(of)g(an)0
4937 y(IKE)23 b(implemen)n(tation)g(written)h(from)f(scratc)n(h,)g
Fi(isakmp)l(d.)0 5036 y Fk(The)29 b(initial)g(authors)f(w)n(ere)h
(Niklas)f(Hallqvist)h(and)g(Niels)0 5136 y(Pro)n(v)n(os,)c(b)r(oth)j
(from)f(the)h(Op)r(enBSD)g(pro)5 b(ject.)p 0 5244 744
4 v 92 5298 a Ff(1)127 5321 y Fe(Remote)29 b(mobile)f(users)h(that)i
(need)f(to)g(access)g(the)g(protected)0 5400 y(net)n(w)n(ork)25
b(b)r(ehind)f(a)g(\014rew)n(all,)e(using)i(IPsec.)2010
83 y Fl(4.1)105 b(Arc)m(hitecture)2010 419 y Fk(When)38
b(reading)e(the)h(drafts)g(\(later)g(RF)n(Cs\))g(on)g(IKE,)g(it)2010
518 y(b)r(ecame)28 b(clear)e(the)i(proto)r(col)f(w)n(as)f(complex,)i
(with)g(man)n(y)2010 618 y(degrees)23 b(of)i(freedom.)35
b(It)25 b(w)n(as)f(also)g(kno)n(wn)g(that)g Fi(isakmp)l(d)2010
718 y Fk(w)n(ould)g(b)r(e)g(p)r(orted)g(to)g(sev)n(eral)e(platforms,)i
(eac)n(h)f(with)i(dif-)2010 817 y(feren)n(t)41 b(APIs)g(to)g(the)g
(IPsec)f(stac)n(k.)77 b(There)40 b(w)n(ere)g(also)2010
917 y(a)32 b(n)n(um)n(b)r(er)g(of)h(prop)r(osals)d(for)i(IKE)g
(extensions)g(in)g(v)-5 b(ary-)2010 1016 y(ing)39 b(stages)g(of)g
(completion.)73 b(All)40 b(these)f(facts)h(p)r(oin)n(ted)2010
1116 y(to)n(w)n(ards)34 b(a)h(v)n(ery)f(mo)r(dular)h(arc)n(hitecture)f
(with)i(distinct)2010 1216 y(APIs)h(b)r(et)n(w)n(een)h(the)g
(subsystems.)67 b(T)-7 b(o)37 b(a)n(v)n(oid)f(dev)n(elop-)2010
1315 y(men)n(t)d(complexit)n(y)-7 b(,)34 b(w)n(e)e(also)g(decided)g(to)
h(map)g(the)g(con-)2010 1415 y(cepts)h(of)g(the)g(standards)f(fairly)h
(directly)f(on)n(to)h(in)n(ternal)2010 1515 y(data)27
b(structures.)2010 1714 y(Giv)n(en)59 b(ho)n(w)f Fi(isakmp)l(d)i
Fk(w)n(ould)e(w)n(ork)g(\(accepting)g(in-)2010 1813 y(b)r(ound)21
b(pac)n(k)n(ets,)g(doing)f(some)g(pro)r(cessing)f(in)i(the)g(pac)n(k)n
(et-)2010 1913 y(prescrib)r(ed)29 b(con)n(text,)h(sending)f(a)g
(reply\),)h(it)h(felt)f(natural)2010 2013 y(to)j(build)h(a)g
(message-based)d(ev)n(en)n(t-driv)n(en)h(application.)2010
2112 y(Th)n(us)39 b Fi(isakmp)l(d)i Fk(lo)r(oks)e(lik)n(e)g(most)g
(Unix)h(UDP)g(serv)n(ers,)2010 2212 y(with)27 b(a)g(main)f(lo)r(op)h
(consisting)f(of)h(a)f(select)h(call)f(follo)n(w)n(ed)2010
2312 y(b)n(y)34 b(a)f(m)n(ultiplexor)g(calling)h(the)g(righ)n(t)f
(handlers)g(for)h(the)2010 2411 y(o)r(ccurring)26 b(ev)n(en)n(ts.)2010
2610 y(The)k(most)h(common)f(ev)n(en)n(t)g(is)g(pac)n(k)n(et)f(arriv)-5
b(al,)30 b(handled)2010 2710 y(b)n(y)42 b(the)g(message)f(mo)r(dule)i
(whic)n(h)f(is)g(also)f(resp)r(onsible)2010 2810 y(for)31
b(pac)n(k)n(et)f(v)-5 b(alidation)30 b(and)h(con)n(text)g(lo)r(okup.)47
b(Another)2010 2909 y(fairly)33 b(common)g(ev)n(en)n(t)g(is)g(the)h
(timeout,)i(dealt)d(with)h(b)n(y)2010 3009 y(the)20 b(timer)f(mo)r
(dule.)35 b(There)19 b(are)f(also)h(application)g(ev)n(en)n(ts,)2010
3109 y(whic)n(h)37 b(are)f(up)r(calls)g(from)h(the)g(con)n(trolled)f
(application,)2010 3208 y(in)30 b(our)f(case)g(the)h(IPsec)f(stac)n(k.)
42 b(The)30 b(design)f(of)g Fi(isakmp)l(d)2010 3308 y
Fk(allo)n(ws)34 b(for)h(other)g(suc)n(h)g(\\applications")e(in)j(the)g
(future.)2010 3407 y(This)28 b(is)h(the)f(reason)f(wh)n(y)h(it)h(is)g
(called)f Fi(isakmp)l(d,)i Fk(instead)2010 3507 y(of)25
b Fi(ike)l(d.)37 b Fk(IKE)24 b(is)g(just)h(one)g(p)r(ossible)f(instan)n
(tiation)g(of)h(the)2010 3607 y(ISAKMP)39 b(framew)n(ork.)72
b(The)40 b(up)r(calls)g(are)f(dealt)h(with)2010 3706
y(b)n(y)29 b(the)g(application)f(mo)r(dule,)h(whic)n(h)g(to)g(a)f
(great)g(exten)n(t)2010 3806 y(consists)f(of)h(system-dep)r(enden)n(t)g
(co)r(de)f(dealing)g(with)i(the)2010 3906 y(IPsec)37
b(stac)n(k)g(at)h(hand.)69 b(Curren)n(tly)-7 b(,)39 b(there)f(exist)g
(three)2010 4005 y(application)h(bac)n(k-ends,)i(PF)p
2988 4005 25 4 v 30 w(KEY,)e(PF)p 3375 4005 V 29 w(ENCAP)g(and)2010
4105 y(F)-7 b(reeS/W)e(AN's)27 b(NetLink)h(API.)2010
4304 y(F)-7 b(or)30 b(con)n(trolling)e Fi(isakmp)l(d)k
Fk(there)f(are)e(a)h(couple)g(of)g(mo)r(d-)2010 4404
y(ules)36 b(w)n(orth)f(men)n(tioning.)62 b(The)36 b(\\user)f(in)n
(terface")g(\()p Fi(UI)p Fk(\))2010 4503 y(mo)r(dule)26
b(listens)g(for)f(async)n(hronous)e(ev)n(en)n(ts)i(that)h(con)n(trol)
2010 4603 y(di\013eren)n(t)19 b(asp)r(ects)f(of)g Fi(isakmp)l(d,)k
Fk(lik)n(e)d(debugging)e(lev)n(el,)j(ac-)2010 4703 y(tiv)n(e)j
(connections)f Fi(etc.)36 b Fk(This)23 b(is)g(curren)n(tly)f(done)h
(through)2010 4802 y(a)e(FIF)n(O,)h(but)g(the)g(design)f(allo)n(ws)f
(use)i(of)g(so)r(c)n(k)n(ets)e(or)h(some)2010 4902 y(other)i(IPC)g(mec)
n(hanism.)35 b(There)23 b(is)h(also)e(a)i(con\014guration)2010
5001 y(mo)r(dule)39 b(dealing)e(with)i(con\014guration)e(\014le)h
(parsing,)i(as)2010 5101 y(w)n(ell)c(as)h(lo)r(okups)f(and)g(o)n(v)n
(errides)e(\(via)j(UI\))g(of)g(con\014gu-)2010 5201 y(ration)30
b(en)n(tries.)44 b(Last)30 b(but)h(not)g(least,)g(there)f(is)g(a)g(p)r
(olicy)2010 5300 y(mo)r(dule)c(con)n(trolling)f(what)h(kind)h(of)f(SAs)
g(are)f(allo)n(w)n(ed)g(to)2010 5400 y(b)r(e)j(negotiated)f(and)g(b)n
(y)h(whom)f(\(see)h(Section)f(5\).)p eop
%%Page: 4 4
4 3 bop 0 83 a Fk(As)33 b(ISAKMP)g(is)g(a)g(transp)r(ort-neutral)e
(proto)r(col,)i(there)0 183 y(is)44 b(also)e(a)h(transp)r(ort)g(mo)r
(dule,)48 b(whic)n(h)c(is)f(actually)g(an)0 282 y(abstract)i(class)f
(in)i(an)g(ob)5 b(ject-orien)n(ted)44 b(view.)91 b(Since)0
382 y(IKE)18 b(only)h(requires)f(UDP)i(as)f(the)g(transp)r(ort)g(mec)n
(hanism,)0 482 y(there)h(is)g(just)h(one)f(deriv)n(ed)g(class,)h(the)g
Fi(udp)g Fk(class.)33 b(Finally)-7 b(,)0 581 y(there)38
b(is)f(also)g(a)g(lo)n(w-lev)n(el)f(net)n(w)n(ork)h(in)n(terface)g(mo)r
(dule)0 681 y(whic)n(h)28 b(pro)n(vides)e(in)n(terface-w)n(alking,)f
Fi(etc.)0 880 y Fk(As)k(all)g(ISAKMP)f(pac)n(k)n(ets)g(b)r(elong)h(to)g
(\\exc)n(hanges,")d(w)n(e)0 980 y(c)n(hose)j(to)i(create)e(an)i(exc)n
(hange)e(abstraction)g(whic)n(h)h(w)n(as)0 1079 y(mainly)35
b(a)g(script)g(engine)g(and)g(a)g(data)g(structure)g(accu-)0
1179 y(m)n(ulating)28 b(con)n(text)h(state)f(to)h(later)f(b)r(e)h
(carried)e(o)n(v)n(er)g(in)n(to)0 1279 y(SAs.)59 b(Therefore,)36
b(there)f(are)f(exc)n(hange)g(and)h(SA)g(mo)r(d-)0 1378
y(ules.)g(They)21 b(deal)g(with)g(creation,)h(lo)r(okup,)g(main)n
(tenance,)0 1478 y(aging,)44 b(and)d(destruction)g(of)g(these)g
(structures.)77 b(Eac)n(h)0 1577 y(exc)n(hange)31 b(has)g(a)h
(\\script,")f(whic)n(h)h(is)g(w)n(alk)n(ed)f(for)g(ev)n(ery)0
1677 y(pac)n(k)n(et)e(receiv)n(ed)f(or)g(transmitted.)43
b(This)30 b(mak)n(es)e(it)i(easy)0 1777 y(to)37 b(create)g(a)g(source)f
(\014le)h(p)r(er)h(exc)n(hange)e(t)n(yp)r(e,)k(making)0
1876 y(the)28 b(co)r(de)f(w)n(ell)h(mo)r(dularized.)0
2076 y(Indep)r(enden)n(t)33 b(of)f(what)g(exc)n(hange)e(is)i(used,)i
(there)d(are)g(a)0 2175 y(lot)36 b(of)g(common)f(op)r(erations)g(that)h
(need)g(to)g(b)r(e)g(carried)0 2275 y(out)31 b(during)g(a)f
(negotiation.)47 b(F)-7 b(or)30 b(this)i(purp)r(ose)e(w)n(e)h(cre-)0
2374 y(ated)37 b(separate)f(mo)r(dules)h(for)g(authen)n(tication,)i
(encryp-)0 2474 y(tion,)45 b(hash)d(computation,)j(and)d
(Di\016e-Hellman)g(com-)0 2574 y(putation.)50 b(These)31
b(in)i(turn)f(need)g(more)f(basic)g(mo)r(dules,)0 2673
y(lik)n(e)d(random)f(n)n(um)n(b)r(er)i(generation,)e(long)g(in)n(teger)
h(math,)0 2773 y(group)g(math)i(of)f(b)r(oth)h Fi(mo)l(dP)g
Fk(and)g(elliptic)g(curv)n(e)e(kinds,)0 2873 y(and)f
Fi(X.509)j Fk(certi\014cate)d(managemen)n(t)f([)p Fj(?)p
Fk(].)0 3072 y(Lastly)-7 b(,)20 b(there)f(are)f(miscellaneous)f(mo)r
(dules)i(dealing)g(with)0 3171 y(things)28 b(lik)n(e)f(dynamic)g
(loading)g(of)g(co)r(de,)h(logging,)e Fi(etc.)0 3488
y Fl(4.2)105 b(Comp)s(onen)m(t)34 b(Description)83 3754
y Fh(\017)41 b Fk(The)28 b(message)e(mo)r(dule.)166 3904
y(This)47 b(mo)r(dule)g(pro)n(vides)e(an)i(abstract)f(data-t)n(yp)r(e)
166 4004 y(represen)n(ting)21 b(individual)i(ISAKMP)g(messages.)33
b(In-)166 4104 y(ternally)-7 b(,)39 b(the)e(messages)f(are)g(sub)r
(divided)h(and)g(in-)166 4203 y(dexed)25 b(b)n(y)f(pa)n(yload)g(t)n(yp)
r(e.)36 b(Exp)r(orted)24 b(functionalit)n(y)166 4303
y(consists)52 b(of)h(creation/destruction,)k(incremen)n(tal)166
4403 y(pa)n(yload)26 b(addition,)h(parsing,)f(v)-5 b(alidation,)27
b(and)g(con-)166 4502 y(text)37 b(lo)r(okup)e(of)h(incoming)g
(messages,)h(registering)166 4602 y(of)i(p)r(ost-send)f(functions,)k
(transp)r(ort-indep)r(enden)n(t)166 4701 y(send)c(logic,)h(and)e
(message)f(debugging.)66 b(There)37 b(is)166 4801 y(also)29
b(generic)f(SA)i(negotiation)f(logic)f(whic)n(h)i(is)f(co)n(v-)166
4901 y(ered)j(in)g(the)h(implemen)n(tation)f(details)g(section)g(b)r
(e-)166 5000 y(lo)n(w.)k(The)28 b(reason)e(for)h(this)g(logic)g(b)r
(eing)h(here)f(is)g(b)r(e-)166 5100 y(cause)j(it)g(is)h(driv)n(en)e(b)n
(y)h(the)h(ph)n(ysical)e(message)g(la)n(y-)166 5200 y(out.)83
5400 y Fh(\017)41 b Fk(The)28 b(timer)f(mo)r(dule.)2176
83 y(A)38 b(fairly)f(simple)h(mo)r(dule)g(accepting)f(registration)2176
183 y(of)h(functions)h(to)f(call)g(at)h(sp)r(eci\014c)f(times)h
(together)2176 282 y(with)g(their)f(actual)f(parameter.)67
b(In)39 b(order)d(to)i(get)2176 382 y(the)d(functions)f(called,)i(the)e
(time)h(mo)r(dule)g(exp)r(orts)2176 482 y(a)26 b(function)h(that)g
(calculates)f(the)h(timeout)g(parame-)2176 581 y(ter)32
b(to)h(giv)n(e)f(the)h Fi(sele)l(ct)g Fk(call)f(of)g(the)i(main)e(lo)r
(op,)i(as)2176 681 y(w)n(ell)26 b(as)f(the)i(actual)e(timer)h(run)g
(function.)37 b(Remo)n(v)-5 b(al)2176 780 y(and)29 b(rep)r(orting)f
(\(for)h(debugging\))f(of)h(timers)g(is)g(also)2176 880
y(supp)r(orted.)2093 1054 y Fh(\017)41 b Fk(The)82 b(application)g(mo)r
(dules)g(\()p Fi(app,)94 b(pf)p 3614 1054 26 4 v 32 w(enc)l(ap,)2176
1154 y(pf)p 2248 1154 V 31 w(key,)31 b(etc.)p Fk(\))2176
1291 y(These)41 b(mo)r(dules)h(deal)f(with)h(the)g(comm)n(unication)
2176 1390 y(with)25 b(the)f(application)f(for)h(whic)n(h)g
Fi(isakmp)l(d)h Fk(is)f(nego-)2176 1490 y(tiating)29
b(SAs.)41 b(Curren)n(tly)-7 b(,)29 b(only)f(one)h(application)f(is)2176
1590 y(supp)r(orted,)35 b(IPsec.)55 b(Comm)n(unication)33
b(with)h(it)h(o)r(c-)2176 1689 y(curs)i(through)f(v)-5
b(arious)36 b(system-dep)r(enden)n(t)h(APIs.)2176 1789
y(Op)r(erations)31 b(that)i(need)g(to)f(b)r(e)h(supp)r(orted)g(include)
2176 1889 y(getting)g(a)g(fresh)g(SPI,)g(creating)g(an)g(SA,)h(up)r
(dating)2176 1988 y(a)39 b(\\larv)-5 b(al")37 b(SA,)i(grouping)f(SA)h
(bundles,)j(and,)g(\014-)2176 2088 y(nally)-7 b(,)37
b(remo)n(ving)c(SAs.)59 b(Also)35 b(needed)g(is)g(a)g(means)2176
2187 y(for)d(telling)h(the)g(IPsec)e(stac)n(k)h(that)h(ISAKMP)f(traf-)
2176 2287 y(\014c)24 b(needs)h(to)f(b)r(e)h(unencrypted.)35
b(In)25 b(Op)r(enBSD,)g(this)2176 2387 y(is)31 b(ac)n(hiev)n(ed)e(b)n
(y)i(setting)g(the)g(appropriate)e Fi(setso)l(ck-)2176
2486 y(opt\(3\))f Fk(options)g(in)f(the)h Fi(isakmp)l(d)i
Fk(so)r(c)n(k)n(et.)2093 2661 y Fh(\017)41 b Fk(The)28
b(net)n(w)n(ork)e(mo)r(dules)i(\()p Fi(tr)l(ansp)l(ort,)i(udp)e
Fk(and)f Fi(if)p Fk(\).)2176 2797 y(The)59 b(transp)r(ort)f(mo)r(dule)h
(exp)r(orts)f(an)g(abstract)2176 2897 y(data-t)n(yp)r(e)31
b(represen)n(ting)f(a)i(sp)r(eci\014c)f(transp)r(ort.)49
b(It)2176 2997 y(has)36 b(an)h(asso)r(ciated)e(function)i(p)r(oin)n
(ter)f(table,)j(just)2176 3096 y(lik)n(e)50 b(the)g(common)g
Fi(vtables)h Fk(that)f(C++)f(compil-)2176 3196 y(ers)55
b(create)g(in)g(order)g(to)g(implemen)n(t)h(p)r(olymor-)2176
3296 y(phism.)97 b(Th)n(us)47 b(the)h(transp)r(ort)f(structure)g(is)g
(re-)2176 3395 y(ally)31 b(a)f(base)g(class)g(for)h(the)g(real)f
(transp)r(ort)g(classes.)2176 3495 y(There)41 b(is)h(just)g(one)f(suc)n
(h)g(class)g(at)g(the)h(momen)n(t,)2176 3594 y(the)51
b Fi(udp)h Fk(class.)105 b(Exp)r(orted)50 b(functionalit)n(y)h(con-)
2176 3694 y(sists)43 b(of)f(creation/destruction)f(\(or)h(rather)g
(refer-)2176 3794 y(ence/dereference)47 b(as)g(they)i(are)e(ref-coun)n
(ted\))h(of)2176 3893 y(transp)r(orts,)k(getting)47 b(\014le)h
(descriptors)f(ready)g(for)2176 3993 y(I/O)26 b(to)h(use)h(in)f(the)h
(select)f(lo)r(op)f(of)i Fi(main\(\),)g Fk(as)e(w)n(ell)2176
4093 y(as)20 b(c)n(hec)n(king)f(them)i(for)f(I/O)g(p)r(ossibilit)n(y)g
(afterw)n(ards.)2176 4192 y(Message)g(sending)i(and)f(reception)g
(metho)r(ds)h(are)f(ex-)2176 4292 y(p)r(orted)i(as)g(w)n(ell,)h(along)e
(with)i(endp)r(oin)n(t)g(address)e(de-)2176 4391 y(termination.)2093
4566 y Fh(\017)41 b Fk(The)28 b(UI)g(mo)r(dule.)2176
4703 y(This)61 b(mo)r(dule)g(is)f(really)g(just)h(a)g(simple)g(com-)
2176 4802 y(mand)32 b(line)g(in)n(terpreter.)49 b(It)32
b(con)n(v)n(enien)n(tly)f(accepts)2176 4902 y(commands)j(async)n
(hronously)e(through)h(a)h(one-w)n(a)n(y)2176 5001 y(FIF)n(O)c(\(named)
h(pip)r(e\).)47 b(The)30 b(commands)g(are)f(rudi-)2176
5101 y(men)n(tary)-7 b(,)60 b(one)54 b(letter)g(with)h(a)e(few)i
(parameters)2176 5201 y(eac)n(h.)80 b(The)42 b(existing)g(con)n(trols)e
(deal)i(with)h(issues)2176 5300 y(lik)n(e)29 b(debugging,)f(SA)i
(managemen)n(t,)e(and)h(dynamic)2176 5400 y(c)n(hanges)d(to)i(the)g
(con\014guration)e(database.)p eop
%%Page: 5 5
5 4 bop 0 58 a Fd(int)42 b(\(*ike_main_mode_i)o(ni)o(tia)o(to)o(r[])o
(\))37 b(\(struct)k(message)g(*\))h(=)i({)87 157 y(ike_phase_1_initi)o
(at)o(or)o(_se)o(nd)o(_SA)o(,)87 257 y(ike_phase_1_initi)o(at)o(or)o
(_re)o(cv)o(_SA)o(,)87 357 y(ike_phase_1_initi)o(at)o(or)o(_se)o(nd)o
(_KE)o(_N)o(ONC)o(E,)87 456 y(ike_phase_1_initi)o(at)o(or)o(_re)o(cv)o
(_KE)o(_N)o(ONC)o(E,)87 556 y(initiator_send_ID)o(_A)o(UT)o(H,)87
655 y(ike_phase_1_recv_)o(ID)o(_A)o(UTH)0 755 y(};)1179
1021 y Fk(Figure)27 b(1:)36 b(The)28 b(Initiator)f(Main)g(Mo)r(de)h
(script)83 1286 y Fh(\017)41 b Fk(The)28 b(con\014guration)e(mo)r
(dule.)166 1418 y Fi(isakmp)l(d)56 b Fk(main)n(tains)d(a)h
(con\014guration)e(database)166 1518 y(consisting)32
b(of)g(section/tag/v)-5 b(alue)31 b(triplets,)j Fi(i.e.)54
b Fk(it)166 1617 y(maps)46 b(closely)g(to)g(a)g(w)n(ell)g(kno)n(wn)g
(format)f(called)166 1717 y(\\.INI".)35 b(This)g(con\014guration)f
(database)g(is)h(primed)166 1817 y(from)e(the)i(con\014guration)d
(\014le)i(\(.INI-st)n(yle\))g(at)f(pro-)166 1916 y(gram)20
b(start,)j(and)e(ev)n(ery)f(time)i(a)g(HUP)f(signal)g(is)g(sen)n(t)166
2016 y(to)36 b(the)h Fi(isakmp)l(d)g Fk(pro)r(cess.)62
b(It)36 b(is)g(also)f(p)r(ossible)h(to)166 2116 y(dynamically)21
b(alter)g(the)h(database)f(via)g(the)h(UI)g(mo)r(d-)166
2215 y(ule.)37 b(There)25 b(is)h(functionalit)n(y)g(to)g(treat)g(the)g
(v)-5 b(alue)26 b(of)166 2315 y(a)j(triplet)h(as)f(a)h(comma-separated)
d(list,)j(and)g(easily)166 2414 y(\\w)n(alk")25 b(that)i(list.)37
b(Otherwise,)26 b(ordinary)f(database)166 2514 y(op)r(erations)20
b(lik)n(e)g(creation,)i(lo)r(okup,)g(and)e(remo)n(v)-5
b(al)20 b(of)166 2614 y(en)n(tries)27 b(are)g(exp)r(orted.)83
2779 y Fh(\017)41 b Fk(The)28 b(p)r(olicy)f(mo)r(dule.)166
2911 y(See)32 b(section)f(5)h(for)f(a)h(description)f(of)h(this)g(mo)r
(dule.)166 3011 y(This)f(mo)r(dule)h(exp)r(orts)e(only)h(one)g
(function,)i(whic)n(h)166 3110 y(is)g(called)f(to)h(v)-5
b(alidate)33 b(a)f(com)n(bination)g(of)h(SA)g(pro-)166
3210 y(p)r(osal,)38 b(remote)e(p)r(eer)g(iden)n(tit)n(y)-7
b(,)39 b(and)d(pac)n(k)n(et)g(selec-)166 3309 y(tors)27
b(\(Phase)g(2)g(IDs\).)83 3474 y Fh(\017)41 b Fk(The)28
b(exc)n(hange)e(mo)r(dule.)166 3607 y(A)32 b(k)n(ey)f(abstraction)g(in)
h Fi(isakmp)l(d)h Fk(is)f(the)g(exc)n(hange.)166 3706
y(This)e(is)g(the)h(engine)e(that)i(driv)n(es)e(the)h(negotiations)166
3806 y(to)n(w)n(ards)19 b(SA)j(establishmen)n(t.)35 b(Exc)n(hanges)19
b(form)i(the)166 3906 y(con)n(text)29 b(of)h(all)f(negotiations,)g(and)
g(closely)g(map)g(to)166 4005 y(the)k(exc)n(hange)d(concept)i(of)g(the)
h(RF)n(Cs.)50 b(Ev)n(ery)31 b(ex-)166 4105 y(c)n(hange)f(is)h(a)g(w)n
(ell-de\014ned,)h(\014xed-length)f(sequence)166 4204
y(of)h(messages)f(b)r(et)n(w)n(een)i(the)g(t)n(w)n(o)e(p)r(eers.)51
b(Ev)n(ery)31 b(in-)166 4304 y(dividual)36 b(message)e(also)h(has)h(a)f
(w)n(ell-de\014ned)h(min-)166 4404 y(im)n(um)j(con)n(ten)n(t)e(of)h(pa)
n(yloads.)67 b(This)38 b(structure)g(of)166 4503 y(exc)n(hanges)d
(lends)i(itself)g(to)g(implemen)n(tation)f(as)g(a)166
4603 y(generic)24 b(\014nite)h(state)g(mac)n(hine)f(driv)n(en)g(b)n(y)h
(\\scripts")166 4703 y(supplied)30 b(b)n(y)f(eac)n(h)f(exc)n(hange)g(t)
n(yp)r(e.)42 b(These)29 b(scripts)166 4802 y(pro)n(vide)17
b(the)i(actions)f(to)h(execute)f(at)h(message)e(recep-)166
4902 y(tion)33 b(as)g(w)n(ell)g(as)g(b)r(efore/after)f(message)g
(transmis-)166 5001 y(sion.)49 b(It)32 b(is)f(also)g(easy)g(to)g(ha)n
(v)n(e)g(a)g(generic)f(\\syn)n(tax)166 5101 y(c)n(hec)n(k)n(er")23
b(insp)r(ecting)j(eac)n(h)f(message,)f(ensuring)h(the)166
5201 y(required)35 b(pa)n(yloads)e(are)i(presen)n(t.)60
b(This)36 b(mo)r(dule's)166 5300 y(exp)r(orted)j(API)g(consists)f(of)h
(functions)g(for)g(estab-)166 5400 y(lishing)d(exc)n(hanges)f(when)h
(acting)g(as)g(initiator,)i(as)2176 1286 y(w)n(ell)23
b(as)f(setting)h(up)g(exc)n(hanges)e(for)i(\\incoming")e(ne-)2176
1386 y(gotiations.)38 b(There)28 b(are)f(also)g(sev)n(eral)g(lo)r(okup)
h(func-)2176 1485 y(tions,)c(\014nding)e(exc)n(hanges)f(using)h
(di\013eren)n(t)h(criteria.)2093 1659 y Fh(\017)41 b
Fk(The)28 b(SA)g(mo)r(dule.)2176 1796 y(Just)43 b(lik)n(e)g(the)g
(IPsec)f(k)n(ernel,)47 b Fi(isakmp)l(d)d Fk(needs)f(to)2176
1896 y(main)n(tain)32 b(its)g(o)n(wn)f(SA)h(database.)48
b(This)32 b(database)2176 1995 y(actually)e(consists)f(of)h(b)r(oth)h
(ISAKMP)f(SAs,)h(whic)n(h)2176 2095 y(are)43 b(the)i(results)e(of)h
(Phase)f(1)h(negotiations,)j(and)2176 2195 y(application)34
b(SAs)h(from)f(Phase)f(2.)57 b(Ev)n(ery)33 b(SA)i(has)2176
2294 y(attac)n(hed)24 b(DOI-dep)r(enden)n(t)g(\(Domain)h(Of)f(In)n
(terpre-)2176 2394 y(tation\))37 b(data,)i(should)e(w)n(e)g(ev)n(er)f
(need)h(to)g(supp)r(ort)2176 2493 y(other)27 b(DOIs)f(than)i(IPsec.)35
b(The)28 b(SA)f(structure)g(con-)2176 2593 y(tains)21
b(b)r(oth)g(the)h(on-the-wire)d(represen)n(tation)h(of)h(the)2176
2693 y(SA,)35 b(as)g(w)n(ell)f(as)h(in)n(ternal)f(p)r(er-SA)h(data.)58
b(SAs)35 b(are)2176 2792 y(created)22 b(when)h(the)g(negotiation)f
(starts,)h(but)g(are)f(in-)2176 2892 y(activ)n(e)30 b(un)n(til)g(an)h
(exc)n(hange)d(\014nalization)i(routine)g(is)2176 2992
y(run.)46 b(The)30 b(SA)h(API)g(is)f(mostly)g(a)g(set)h(of)f(life)h
(main-)2176 3091 y(tenance)36 b(functions,)k Fi(i.e.)65
b Fk(creation,)38 b(ref-coun)n(ting,)2176 3191 y(expiration)j(setup,)k
(and)c(destruction)g(op)r(erations.)2176 3290 y(Similar)c(to)f(the)i
(exc)n(hange)d(mo)r(dule,)40 b(a)c(fairly)g(v)n(er-)2176
3390 y(satile)27 b(set)h(of)f(lo)r(okup)h(functions)f(is)h(a)n(v)-5
b(ailable.)2093 3564 y Fh(\017)41 b Fk(The)28 b(authen)n(tication)f(mo)
r(dule.)2176 3701 y(IKE)h(allo)n(ws)f(for)i(sev)n(eral)e(kinds)i(of)f
(authen)n(tication.)2176 3801 y(An)19 b(authen)n(tication)f(metho)r(d)h
(needs)f(to)g(pro)n(vide)f(just)2176 3900 y(three)35
b(functions:)51 b(generation)33 b(of)i(a)f(shared)g(secret)2176
4000 y(the)25 b(p)r(eers)f(deriv)n(e)f(k)n(eys)g(from,)i(enco)r(ding)f
(of)g(a)g(k)n(ey)n(ed)2176 4099 y(hash)29 b(pro)n(ving)g(the)h(authen)n
(ticit)n(y)g(of)g(the)g(p)r(eer,)g(and)2176 4199 y(deco)r(ding)k(of)f
(suc)n(h)h(a)f(hash)h(thereb)n(y)f(v)n(erifying)g(the)2176
4299 y(other)41 b(p)r(eer's)g(authen)n(ticit)n(y)-7 b(.)78
b(Curren)n(tly)40 b Fi(isakmp)l(d)2176 4398 y Fk(supp)r(orts)18
b(the)h(mandatory)f(pre-shared)e(k)n(ey)i(authen-)2176
4498 y(tication)44 b(metho)r(d,)50 b(as)44 b(w)n(ell)g(as)g
(certi\014cate)g(based)2176 4598 y(\(X.509\))50 b(RSA)g(signature)f
(authen)n(tication.)105 b(W)-7 b(e)2176 4697 y(plan)45
b(to)f(supp)r(ort)h(public)g(k)n(ey)f(encryption-based)2176
4797 y(authen)n(tication)27 b(in)h(the)g(near)f(future.)2093
4971 y Fh(\017)41 b Fk(Cryptograph)n(y)25 b(and)j(math.)2176
5108 y Fi(Isakmp)l(d)h Fk(builds)f(up)r(on)f(some)g(basic)g
(cryptographic)2176 5207 y(and)g(mathematic)h(comp)r(onen)n(ts.)2269
5400 y Fj({)42 b Fk(Ciphers.)p eop
%%Page: 6 6
6 5 bop 349 83 a Fk(There)28 b(is)h(a)g(collection)g(of)g(ciphers)f
(whic)n(h)h(can)349 183 y(b)r(e)49 b(used)h(in)n(terc)n(hangeably)d(to)
i(protect)g(the)349 282 y(data)21 b(that)h(go)r(es)f(on)g(the)h(wire.)
35 b(It)22 b(is)f(natural)g(to)349 382 y(implemen)n(t)i(these)g
(ciphers)g(as)f(sub)r(classes)g(to)g(a)349 482 y(\\crypto")i(base)h
(class,)g(whic)n(h)h(pro)n(vides)e(ho)r(oks)349 581 y(for)g
(initialization,)h(cloning,)g(and)f(up)r(dating)h(of)349
681 y(k)n(ey)37 b(state,)k(as)d(w)n(ell)g(as)f(encryption)h(and)g(de-)
349 780 y(cryption)e(of)h(data.)65 b(The)37 b(separation)f(of)h(k)n(ey)
349 880 y(state)i(managemen)n(t)f(from)h(the)g(actual)g(algo-)349
980 y(rithm)29 b(applications)g(is)g(imp)r(ortan)n(t)g(for)f(main-)349
1079 y(taining)d(cryptographic)e(sync)n(hronization)g(b)r(e-)349
1179 y(t)n(w)n(een)53 b(the)h(p)r(eers.)114 b Fi(isakmp)l(d)56
b Fk(implemen)n(ts)349 1279 y(the)48 b(follo)n(wing)e(algorithms:)75
b(DES,)48 b(3-DES,)349 1378 y(CAST,)28 b(and)f(Blo)n(w\014sh.)259
1517 y Fj({)42 b Fk(Hashes.)349 1636 y(As)32 b(w)n(as)f(the)h(case)g
(with)g(ciphers,)h(it)g(is)e(also)g(a)349 1736 y(design)36
b(requiremen)n(t)g(that)i(hash)e(algorithms)349 1836
y(b)r(e)h(easy)f(to)h(alter.)64 b(Th)n(us,)39 b(hash)d(algorithms)349
1935 y(are)41 b(also)f(implemen)n(ted)j(as)e(sub)r(classes)g(of)g(a)349
2035 y(generic)21 b(hash)i(class,)g(pro)n(viding)e(a)h(simple)h(API)349
2135 y(for)29 b(incremen)n(tal)f(hash)h(computation)g(of)h(con-)349
2234 y(catenated)d(data.)259 2373 y Fj({)42 b Fk(Di\016e-Hellman.)349
2492 y(The)34 b(Di\016e-Hellman)h(algorithm)e(is)h(a)g(means)349
2592 y(of)18 b(establishing)g(a)g(shared)g(secret)f(b)r(et)n(w)n(een)i
(t)n(w)n(o)349 2692 y(p)r(eers)28 b(without)i(exp)r(osing)f(su\016cien)
n(t)g(data)g(for)349 2791 y(wire-tapp)r(ers)e(to)h(compute)g(that)g
(secret.)38 b(The)349 2891 y(API)21 b(is)g(simple,)i(since)f(only)f(t)n
(w)n(o)f(functions)i(are)349 2991 y(needed:)60 b(creation)38
b(of)h(a)g(lo)r(cal)f(random)h(big-)349 3090 y(in)n(teger,)24
b(and)h(computation)f(of)h(the)g(actual)g(se-)349 3190
y(cret)33 b(based)h(on)f(the)h(lo)r(cal)g(big-in)n(teger)e(and)h(a)349
3289 y(similar-t)n(yp)r(e)26 b(v)-5 b(alue)28 b(receiv)n(ed)e(from)i
(the)g(p)r(eer.)259 3428 y Fj({)42 b Fk(Group)27 b(mathematics.)349
3548 y(The)19 b(mathematical)g(basis)f(for)h(Di\016e-Hellman)349
3647 y(is)45 b(called)f(group)g(math.)89 b(Groups)45
b(are)f(big-)349 3747 y(in)n(teger)27 b(arithmetic)h(systems)g(with)g
(a)g(few)h(pa-)349 3847 y(rameters.)81 b(It)44 b(turns)e(out)h(that)h
(groups)d(are)349 3946 y(also)c(suitable)g(to)h(implemen)n(t)h(in)f(an)
g(ob)5 b(ject-)349 4046 y(orien)n(ted)51 b(fashion,)59
b(as)51 b(there)i(are)e(di\013eren)n(t)349 4145 y(algorithms)44
b(that)j(comply)e(with)i(the)f(group)349 4245 y(math)35
b(requiremen)n(ts.)58 b(In)35 b Fi(isakmp)l(d,)k Fk(there)c(is)349
4345 y(supp)r(ort)44 b(for)f(t)n(w)n(o)g(kind)i(of)f(groups,)j
(elliptic)349 4444 y(curv)n(es)26 b(and)h Fi(mo)l(dP)i
Fk(groups.)259 4583 y Fj({)42 b Fk(Big)27 b(in)n(teger)f(mathematics.)
349 4703 y(Both)38 b(group)f(mathematics)h(and)h(the)g(public)349
4802 y(k)n(ey)29 b(cryptograph)n(y)f(used)i(in)h(the)g(authen)n(tica-)
349 4902 y(tion)e(and)f(p)r(olicy)h(mo)r(dules,)h(need)f(big-in)n
(teger)349 5001 y(math.)69 b(W)-7 b(e)39 b(curren)n(tly)e(use)h(Op)r
(enSSL's)h(BN)349 5101 y(functions)33 b(as)f(w)n(ell)g(as)g(a)h(few)g
(supplemen)n(tary)349 5201 y(routines)44 b(written)h(b)n(y)g(us.)90
b(W)-7 b(e)45 b(ha)n(v)n(e)f(ho)n(w-)349 5300 y(ev)n(er)i(made)h(the)h
(underlying)f(math)g(library)349 5400 y(exc)n(hangeable)31
b(so)i(other)g(math)g(libraries)f(can)2359 83 y(b)r(e)49
b(used)g(if)h(needed.)102 b(W)-7 b(e)49 b(curren)n(tly)f(sup-)2359
183 y(p)r(ort)41 b(FSF's)g(GMP)g(but)h(w)n(e)f(also)f(in)n(tend)h(to)
2359 282 y(tak)n(e)h(adv)-5 b(an)n(tage)41 b(of)h(hardw)n(are)f(supp)r
(ort)i(for)2359 382 y(big-in)n(teger)i(op)r(erations,)52
b(since)47 b(suc)n(h)g(pro)r(d-)2359 482 y(ucts)23 b(ha)n(v)n(e)f(b)r
(egun)h(to)g(mak)n(e)f(their)h(app)r(earance)2359 581
y(in)28 b(the)g(mark)n(et.)2093 757 y Fh(\017)41 b Fk(The)28
b(dynamic)f(loader)f(mo)r(dule.)2176 887 y(P)n(erhaps)g(a)h(less)f(ob)n
(vious)g(comp)r(onen)n(t)h(to)h(ha)n(v)n(e)e(in)h(a)2176
987 y(daemon)32 b(lik)n(e)h Fi(isakmp)l(d)h Fk(is)f(a)g(mo)r(dule)g
(for)f(dynamic)2176 1086 y(loading)40 b(and)h(linking)g(of)f(co)r(de.)
77 b(The)41 b(reason)f(for)2176 1186 y(this)31 b(mo)r(dule)h(is)e
(mainly)h(due)g(to)g(the)g(RSA)h(paten)n(t;)2176 1286
y(w)n(e)f(cannot)g(ship)g(RSA)h(co)r(de)f(in)g(Op)r(enBSD)h(as)f(the)
2176 1385 y(license-free)18 b(implemen)n(tation)g(cannot)g(b)r(e)h(imp)
r(orted)2176 1485 y(to)39 b(the)h(United)g(States.)72
b(Therefore,)42 b(w)n(e)d(dynam-)2176 1584 y(ically)e(load)f(that)h
(supp)r(ort)g(if)h(it)g(is)f(a)n(v)-5 b(ailable)35 b(\(the)2176
1684 y(supp)r(orting)d(libraries)e(can)i(b)r(e)g(fetc)n(hed)g
(separately)-7 b(,)2176 1784 y(di\013eren)n(t)30 b(v)n(ersions)e(for)i
(di\013eren)n(t)g(coun)n(tries\).)43 b(This)2176 1883
y(mo)r(dule)20 b(exp)r(orts)e(a)h(function)h(that)g(tak)n(es)e(a)h
(dynamic)2176 1983 y(load)33 b(script,)i(written)f(in)f(a)h(v)n(ery)e
(simple)i(language)2176 2083 y(w)n(e)21 b(designed,)h(that)f(describ)r
(es)f(what)h(\014les)g(should)g(b)r(e)2176 2182 y(loaded)27
b(and)g(what)h(sym)n(b)r(ols)f(should)g(b)r(e)h(resolv)n(ed.)2093
2343 y Fh(\017)41 b Fk(The)28 b(log)e(mo)r(dule.)2176
2474 y(Logging)d(is)i(crucial)e(in)i(securit)n(y)f(applications.)35
b(It)25 b(is)2176 2574 y(also)f(imp)r(ortan)n(t)i(that)f(dev)n(elop)r
(ers)f(of)i(securit)n(y)e(soft-)2176 2673 y(w)n(are)34
b(are)h(presen)n(ted)g(with)h(debugging)f(to)r(ols)g(that)2176
2773 y(help)21 b(them)g(\014nd)g(bugs)f(faster.)34 b(W)-7
b(e)21 b(consider)f(logging)2176 2872 y(to)f(b)r(e)g(suc)n(h)g(a)g(to)r
(ol,)h(if)g(it)f(can)g(b)r(e)g(con)n(trolled)f(in)i(a)e(\014ne-)2176
2972 y(grained)25 b(w)n(a)n(y)-7 b(.)36 b(This)26 b(mo)r(dule)h(exp)r
(orts)f(functions)h(to)2176 3072 y(c)n(hange)34 b(the)h(lev)n(els)f(p)r
(er)h(logging)e(class,)j(to)e(con)n(trol)2176 3171 y(where)d(logging)f
(information)h(go)r(es)g(and,)h(naturally)2176 3271 y(to)24
b(actually)f(log)g(b)r(oth)i(binary)e(and)h(textual)g(bu\013ers.)2093
3432 y Fh(\017)41 b Fk(The)28 b(system-dep)r(enden)n(t)f(mo)r(dule.)
2176 3563 y(In)43 b(order)e(to)h(main)n(tain)g(p)r(ortabilit)n(y)-7
b(,)46 b(ev)n(ery)41 b(func-)2176 3662 y(tion)c(that)g(ma)n(y)f(need)i
(di\013ering)e(implemen)n(tations)2176 3762 y(dep)r(ending)28
b(on)g(the)g(platform,)g(needs)g(to)g(b)r(e)g(placed)2176
3862 y(in)40 b(a)g(cen)n(tral,)i(exc)n(hangeable,)f(system-dep)r(enden)
n(t)2176 3961 y(mo)r(dule.)j(Most)29 b(often,)i(functions)f(placed)g
(here)f(are)2176 4061 y(glue)e(or)g(pro)n(xies.)2010
4355 y Fl(4.3)105 b(Implemen)m(tation)33 b(Details)2010
4649 y Fj(4.3.1)94 b(The)32 b(Exc)m(hange)g(Script)h(Mac)m(hine)2010
4902 y Fk(An)26 b(IKE)f(exc)n(hange)f(normally)h(consists)g(of)g(a)g
(\014xed)h(n)n(um-)2010 5001 y(b)r(er)g(of)g(w)n(ell-de\014ned)g
(messages,)e(whic)n(h)i(eac)n(h)g(p)r(eer)f(sends)2010
5101 y(ev)n(ery)31 b(other)g(turn.)51 b(Recognizing)31
b(this)i(simple)f(fact,)h(w)n(e)2010 5201 y(c)n(hose)45
b(to)h(build)h(the)f(state)g(mac)n(hine)f(around)h(an)f(en-)2010
5300 y(gine)33 b(whic)n(h)h(ran)e(\\scripts")g(unique)i(for)f(eac)n(h)g
(exc)n(hange)2010 5400 y(t)n(yp)r(e.)51 b(An)33 b(example)f(of)g(a)g
(script)g(is)h(sho)n(wn)e(in)i(\014gure)e(1.)p eop
%%Page: 7 7
7 6 bop 0 83 a Fk(This)39 b(is)g(the)h(script)f(an)g(initiator)g(runs)f
(when)i(doing)e(a)0 183 y(\\main)28 b(mo)r(de".)41 b(The)29
b(elemen)n(ts)g(of)g(the)g(script)g(are)f(func-)0 282
y(tions,)c(alternately)e(constructing)g(a)g(message)g(to)h(b)r(e)g(sen)
n(t,)0 382 y(or)34 b(dealing)g(with)h(a)f(message)g(that)h(has)f(b)r
(een)h(receiv)n(ed.)0 482 y(Along)c(with)i(this)f(seman)n(tics)f
(description)h(there)f(is)h(also)0 581 y(a)i(syn)n(tactic)g(\\script",)
h(whic)n(h)g(ma)n(y)f(lo)r(ok)f(lik)n(e)i(\014gure)e(2.)0
681 y(This)22 b(syn)n(tax)f(description)g(describ)r(es)g(what)h(pa)n
(yloads)e(are)0 780 y(mandatory)k(in)h(eac)n(h)f(message)g(of)h(the)g
(exc)n(hange.)35 b(It)25 b(also)0 880 y(marks)h(when)i(the)g(exc)n
(hange)e(ends.)0 1251 y Fj(4.3.2)94 b(Con\014guration)0
1515 y Fk(Con\014guring)24 b(IKE)h(is)g(an)g(in)n(v)n(olv)n(ed)f(pro)r
(cess,)h(due)h(to)f(IKE)0 1614 y(b)r(eing)c(a)g(complex)g(proto)r(col.)
33 b(When)22 b(w)n(e)e(w)n(ere)h(faced)g(with)0 1714
y(the)26 b(problem)g(of)g(ho)n(w)f(to)h(design)f(the)h(con\014guration)
f(lan-)0 1813 y(guage)20 b(w)n(e)h(tried)h(a)f(few)h(simplistic)g
(approac)n(hes,)f(but)h(they)0 1913 y(so)r(on)33 b(turned)g(out)h(to)f
(b)r(e)h(to)r(o)f(in\015exible.)55 b(Th)n(us)33 b(w)n(e)g(de-)0
2013 y(cided)j(to)g(use)f(a)g(rather)g(generic)g(con\014guration)f(syn)
n(tax)0 2112 y(whic)n(h)i(w)n(e)g(could)f(\014t)i(in)f(ev)n(erything)f
(w)n(e)h(w)n(an)n(ted.)61 b(The)0 2212 y(syn)n(tax)26
b(w)n(ould)g(also)f(allo)n(w)h(for)g(easy)f(dynamic)i(mo)r(di\014ca-)0
2312 y(tion)h(of)g(the)h(in)n(ternal)e(con\014guration)f(information)i
(with-)0 2411 y(out)e(reloading)e(a)h(full)h(\014le.)37
b(The)25 b(ca)n(v)n(eat)f(is)i(that)g(our)f(con-)0 2511
y(\014guration)g(syn)n(tax)g(maps)g(m)n(uc)n(h)h(b)r(etter)g(to)g(the)h
(mac)n(hine)0 2610 y(and)e(proto)r(cols)f(than)h(to)g(a)g(h)n(uman)g(b)
r(eing)h(administering)0 2710 y Fi(isakmp)l(d)p Fk(.)42
b(Our)28 b(plan)h(w)n(as)f(to)g(get)h(someone)e(else)i(write)f(a)0
2810 y(\\real")23 b(con\014guration)g(\014le)i(format)g(that)g(could)g
(b)r(e)g(trans-)0 2909 y(lated)20 b(in)n(to)f(our)g(st)n(yle.)33
b(So)20 b(far)f(no)g(one)g(has)g(tak)n(en)g(the)h(bait.)0
3009 y(Note)j(that)f(ideally)-7 b(,)24 b(v)n(ery)d(little)i
(con\014guration)e(should)i(b)r(e)0 3109 y(needed)j(for)g
Fi(isakmp)l(d)p Fk(;)i(most)e(of)g(the)h(information)e(should)0
3208 y(b)r(e)h(pro)n(vided)g(on-the-\015y)f(b)n(y)h(the)g(k)n(ernel)f
(\(at)i(least)e(in)i(the)0 3308 y(end-to-end)37 b(case\),)j(or)d
(through)g(some)g(securit)n(y)g(p)r(olicy)0 3407 y(disco)n(v)n(ery)25
b(mec)n(hanism.)0 3607 y(The)j(\014le)f(format)g(is)h(commonly)f(kno)n
(wn)g(as)g(.INI-format,)0 3706 y(and)33 b(a)g(snipp)r(et)i(is)e(sho)n
(wn)g(in)g(\014gure)g(3.)54 b(In)n(ternally)-7 b(,)35
b(ev-)0 3806 y(erything)c(is)h(treated)f(as)g(\(section,)i(tag,)f(v)-5
b(alue\))32 b(triplets,)0 3906 y(where)21 b(the)g(v)-5
b(alues)21 b(can)f(optionally)h(b)r(e)g(lists)g(of)g(scalar)f(v)-5
b(al-)0 4005 y(ues.)37 b(The)27 b(v)-5 b(alues)27 b(themselv)n(es)g
(are)f(often)i(section)f(names)0 4105 y(thereb)n(y)k(giving)h(a)f(tree)
h(\(or)f(rather)g(a)h(forest\))g(structure)0 4204 y(to)27
b(the)h(data.)0 4404 y(As)i(w)n(e)f(ha)n(v)n(e)f(already)g(men)n
(tioned,)i(the)g(in)n(ternal)f(con\014g-)0 4503 y(uration)39
b(is)g(dynamically)g(alterable.)72 b(W)-7 b(e)40 b(sa)n(w)f(a)g(need)0
4603 y(for)f(sev)n(eral)f(\\users")f(altering)i(the)h(con\014guration)e
(con-)0 4703 y(curren)n(tly)-7 b(,)29 b(so)f(w)n(e)h(made)f(the)i(API)f
(transactional.)39 b(Eac)n(h)0 4802 y(transaction)23
b(can)h(con)n(tain)g(sev)n(eral)e(mo)r(di\014cations)i(to)h(the)0
4902 y(con\014guration,)h(and)h(they)h(are)f(atomically)f(in)n(tro)r
(duced.)0 5101 y(In)n(ternally)21 b(there)g(is)h(also)f(an)g(API)g(to)h
(get)g(the)g(actual)f(con-)0 5201 y(\014guration)33 b(v)-5
b(alues.)56 b(Because)33 b(of)h(this,)i(it)e(is)g(considered)0
5300 y(v)n(ery)f(easy)g(to)h(mo)n(v)n(e)f(the)i(con\014guration)d
(database)h(in)n(to)0 5400 y(other)27 b(in)n(ternal)g(formats)g(or)f
(ev)n(en)i(externalize)e(it.)2010 83 y Fj(4.3.3)94 b(P)m(ortabilit)m(y)
32 b(Considerations)2010 338 y Fk(F)-7 b(rom)20 b(its)h(conception,)h
(there)f(w)n(as)f(a)g(p)r(ortabilit)n(y)g(require-)2010
437 y(men)n(t)41 b(in)f Fi(isakmp)l(d)p Fk(.)78 b(It)40
b(should)h(run)f(on)g(v)-5 b(arious)39 b(plat-)2010 537
y(forms,)33 b(and)g(with)g(di\013eren)n(t)g(IPsec)f(stac)n(ks.)50
b(Because)32 b(of)2010 637 y(this)d(demand,)g(the)g(\\sysdep")e(mo)r
(dule)i(w)n(as)e(in)n(tro)r(duced.)2010 736 y(Eac)n(h)f(platform)i(w)n
(e)f(supp)r(ort)g(needs)h(to)f(pro)n(vide)g(its)h(o)n(wn)2010
836 y(v)n(ersion)c(of)h(this)h(mo)r(dule.)36 b(In)26
b(principle,)g(all)f(of)g(the)h(IPsec)2010 935 y(API)32
b(could)g(b)r(e)h(dealt)f(with)h(here,)g(but)g(as)f(APIs)g(can)g(b)r(e)
2010 1035 y(shared)24 b(among)g(sev)n(eral)f(platforms)h(\(and)h(there)
f(ev)n(en)h(ex-)2010 1135 y(ist)35 b(standards)e(no)n(w\),)i(most)g
(often)f(the)h(sysdep)f(mo)r(dule)2010 1234 y(only)21
b(has)g(stub)h(co)r(de)f(to)g(call)g(the)h(righ)n(t)e(API)i(mo)r(dule,)
g(lik)n(e)2010 1334 y(PF)p 2126 1334 25 4 v 30 w(KEY.)2010
1533 y(PF)p 2126 1533 V 30 w(KEY)27 b(ma)n(y)g(b)r(ecome)h(a)g
(standard,)f(but)h(it)h(is)f(only)f(an)2010 1633 y(API)f(for)g(main)n
(taining)g(SAs,)g(and)h(IPsec)e(also)g(needs)h(p)r(ol-)2010
1732 y(icy)k(main)n(tenance.)42 b(All)30 b(PF)p 2918
1732 V 30 w(KEY)f(systems)g(w)n(e)g(supp)r(ort)2010 1832
y(ha)n(v)n(e)36 b(c)n(hosen)h(to)h(add)f(p)r(olicy)h(extensions)f(to)g
(PF)p 3662 1832 V 30 w(KEY)2010 1932 y(b)r(ecause)30
b(of)h(the)g(fact)f(that)h(the)g(API)g(is)f(\015exible)h(enough)2010
2031 y(to)d(pass)f(suc)n(h)h(data)f(as)h(w)n(ell,)g(and)g(it)g(is)g
(easier)f(to)h(extend)2010 2131 y(something)43 b(w)n(orking)f(than)i
(to)g(in)n(v)n(en)n(t)f(something)g(en-)2010 2231 y(tirely)22
b(new.)35 b(Ho)n(w)n(ev)n(er,)21 b(extensions)g(tend)h(to)g(b)r(e)g
(platform)2010 2330 y(sp)r(eci\014c,)39 b(so)e(the)g(PF)p
2713 2330 V 30 w(KEY)f(supp)r(ort)h(co)r(de)f(in)h Fi(isakmp)l(d)2010
2430 y Fk(has)21 b(to)g(deal)h(with)g(sev)n(eral)e(di\013eren)n(t)h(v)
-5 b(arian)n(ts)21 b(of)g(the)h(pro-)2010 2529 y(to)r(col.)49
b(This)32 b(problem)f(is)h(recognized,)f(and)h(there)g(actu-)2010
2629 y(ally)d(is)g(some)g(consensus)g(b)r(et)n(w)n(een)g(Op)r(enBSD,)h
(KAME,)2010 2729 y(and)21 b(F)-7 b(reeS/W)e(AN)21 b(that)g(this)g
(needs)g(to)g(c)n(hange,)g(and)g(that)2010 2828 y(the)i(extensions)e
(need)i(to)f(con)n(v)n(erge,)f(if)i(not)f(ev)n(en)g(b)r(e)h(stan-)2010
2928 y(dardized.)2010 3127 y(With)44 b(resp)r(ect)f(to)g(di\013erences)
f(in)i(the)f(build)h(en)n(viron-)2010 3227 y(men)n(t,)39
b(w)n(e)e(ha)n(v)n(e)f(seen)g(a)h(need)g(to)f(supp)r(ort)h(b)r(oth)g
(main)2010 3326 y(\\mak)n(e")31 b(dialects,)j(BSD)g(and)f(GNU.)g(This)g
(is)g(of)g(course)2010 3426 y(less)38 b(than)g(optimal,)j(but)d(giv)n
(en)g(the)g(alternativ)n(es)f(it)h(is)2010 3526 y(curren)n(tly)28
b(our)g(b)r(est)i(option.)40 b(F)-7 b(urthermore,)29
b(ev)n(ery)e(sup-)2010 3625 y(p)r(orted)g(platform)f(has)h(to)f(pro)n
(vide)g(a)h(mak)n(e\014le)f(fragmen)n(t)2010 3725 y(wherein)18
b(constrain)n(ts)f(on)h(what)h Fi(isakmp)l(d)h Fk(should)e(supp)r(ort)
2010 3825 y(on)h(that)i(particular)d(platform)h(can)h(b)r(e)g
(expressed,)g(as)f(w)n(ell)2010 3924 y(as)36 b(instructions)g(on)g(ho)n
(w)g(to)h(build)g(system-dep)r(enden)n(t)2010 4024 y(co)r(de.)2010
4348 y Fj(4.3.4)94 b(Debugging)30 b(Supp)s(ort)2010 4603
y Fk(Being)53 b(a)g(securit)n(y)g(critical)g(application,)59
b(it)54 b(is)f(vital)2010 4703 y Fi(isakmp)l(d)22 b Fk(b)r(e)f(as)f
(bug-free)f(as)h(p)r(ossible.)34 b(All)21 b(soft)n(w)n(are)e(con-)2010
4802 y(tains)35 b(bugs,)h(and)e(all)h(dev)n(elopmen)n(t)f(creates)g
(new)h(ones.)2010 4902 y(Recognizing)f(that,)j(w)n(e)d(ha)n(v)n(e)g(c)n
(hosen)g(to)h(mak)n(e)f(debug-)2010 5001 y(ging)e(a)h(more)f(pleasan)n
(t)g(task)g(than)h(it)h(usually)e(is.)53 b(Nor-)2010
5101 y(mally)28 b Fi(isakmp)l(d)j Fk(detac)n(hes)d(from)g(the)h(con)n
(trolling)e(termi-)2010 5201 y(nal)g(and)g(logs)f(only)h(exceptional)g
(conditions)f(to)h(the)h(sys-)2010 5300 y(log)39 b(facilit)n(y)-7
b(.)74 b(Ho)n(w)n(ev)n(er,)41 b(in)f(order)f(to)h(b)r(e)g(able)f(to)h
(run)2010 5400 y(under)e(a)f(normal)g(debugger,)i(it)f(is)f(p)r
(ossible)h(to)f(run)h(in)p eop
%%Page: 8 8
8 7 bop 0 152 a Fd(int16_t)41 b(script_identity)o(_pr)o(ot)o(ect)o(io)o
(n[])c(=)43 b({)87 252 y(ISAKMP_PAYLOAD_SA)o(,/)o(*)37
b(Initiator)j(->)j(responder.)83 b(*/)87 351 y(EXCHANGE_SCRIPT_S)o(WI)o
(TC)o(H,)87 451 y(ISAKMP_PAYLOAD_SA)o(,/)o(*)37 b(Responder)j(->)j
(initiator.)83 b(*/)87 551 y(EXCHANGE_SCRIPT_S)o(WI)o(TC)o(H,)87
650 y(ISAKMP_PAYLOAD_KE)o(Y_)o(EX)o(CH,)o(/*)37 b(Initiator)j(->)j
(responder.)83 b(*/)87 750 y(ISAKMP_PAYLOAD_NO)o(NC)o(E,)87
849 y(EXCHANGE_SCRIPT_S)o(WI)o(TC)o(H,)87 949 y(ISAKMP_PAYLOAD_KE)o(Y_)
o(EX)o(CH,)o(/*)37 b(Responder)j(->)j(initiator.)83 b(*/)87
1049 y(ISAKMP_PAYLOAD_NO)o(NC)o(E,)87 1148 y(EXCHANGE_SCRIPT_S)o(WI)o
(TC)o(H,)87 1248 y(ISAKMP_PAYLOAD_ID)o(,/)o(*)37 b(Initiator)j(->)j
(responder.)83 b(*/)87 1348 y(EXCHANGE_SCRIPT_A)o(UT)o(H,)87
1447 y(EXCHANGE_SCRIPT_S)o(WI)o(TC)o(H,)87 1547 y(ISAKMP_PAYLOAD_ID)o
(,/)o(*)37 b(Responder)j(->)j(initiator.)83 b(*/)87 1646
y(EXCHANGE_SCRIPT_A)o(UT)o(H,)87 1746 y(EXCHANGE_SCRIPT_E)o(ND)0
1846 y(};)1071 2111 y Fk(Figure)27 b(2:)36 b(The)28 b(syn)n(tax)f(of)g
(an)h(ID)p 2179 2111 25 4 v 30 w(PR)n(OT)e(exc)n(hange)0
2433 y Fd(#)43 b(Incoming)d(phase)i(1)h(negotiations)c(are)j
(multiplexed)d(on)k(the)f(source)f(IP)i(address.)0 2633
y([Phase)e(1])0 2732 y(192.168.0.1=)e(ISAKMP-peer-nod)o(e-0)0
2932 y([ISAKMP-peer-nod)o(e-0)o(])0 3031 y(Phase=)i(1)0
3131 y(Transport=)e(udp)0 3231 y(Address=)h(192.168.0.1)0
3330 y(Configuration=)e(Default-main-mod)o(e)0 3430 y(Authentication=)f
(yoursharedsecretw)o(ith)o(0)0 3629 y([Default-main-mo)o(de])0
3729 y(DOI=)42 b(IPSEC)0 3828 y(EXCHANGE_TYPE=)c(ID_PROT)0
3928 y(Transforms=)h(3DES-SHA,3DES-MD)o(5)0 4127 y([3DES-SHA])0
4227 y(ENCRYPTION_ALGOR)o(ITH)o(M=)e(3DES_CBC)0 4326
y(HASH_ALGORITHM=)g(SHA)0 4426 y(AUTHENTICATION_M)o(ETH)o(OD)o(=)g
(PRE_SHARED)0 4526 y(GROUP_DESCRIPTIO)o(N=)g(MODP_1024)0
4625 y(Life=)42 b(LIFE_600_SECS)0 4825 y([LIFE_600_SECS])0
4924 y(LIFE_TYPE=)d(SECONDS)0 5024 y(LIFE_DURATION=)f(600,450:720)1241
5289 y Fk(Figure)27 b(3:)36 b(Con\014guration)26 b(en)n(try)h(samples)p
eop
%%Page: 9 9
9 8 bop 0 83 a Fk(the)32 b(foreground,)f(sending)g(logging)f(messages)f
(to)j Fi(stderr)0 183 y Fk(instead.)k(As)25 b(w)n(e)g(ha)n(v)n(e)e
(already)h(men)n(tioned,)h(the)h(logging)0 282 y(mo)r(dule)j(has)g(a)g
(\014ne-grained)e(con)n(trol)h(mec)n(hanism)h(mak-)0
382 y(ing)f(it)h(easy)f(to)g(c)n(hose)f(detailed)i(information)f(on)g
(certain)0 482 y(topics.)34 b(In)22 b(order)d(to)i(ease)g(problem)f
(pinp)r(oin)n(ting,)j(almost)0 581 y(ev)n(ery)j(in)n(termediary)h
(computation)g(can)g(b)r(e)h(logged.)0 780 y(The)22 b(build)h(en)n
(vironmen)n(t)e(also)g(con)n(tains)g(instructions)g(on)0
880 y(ho)n(w)40 b(to)g(build)h Fi(isakmp)l(d)h Fk(with)g(t)n(w)n(o)d
(di\013eren)n(t)i(memory)0 980 y(allo)r(cation)30 b(debugging)h(to)r
(ols:)44 b(ElectricF)-7 b(ence,)31 b(for)g(\014nd-)0
1079 y(ing)d(bu\013er)h(o)n(v)n(er\015o)n(ws)d(and)i(use)g(after)h
(deallo)r(cation,)e(and)0 1179 y(Bo)r(ehm's)42 b(garbage)f(collector)g
(to)i(\014nd)g(memory)f(leaks.)0 1279 y(W)-7 b(e)24 b(p)r(erio)r
(dically)e(run)i(with)f(these)h(to)r(ols)f(to)g(test)h(for)e(suc)n(h)0
1378 y(problems.)0 1696 y Fj(4.3.5)94 b(Addressing)31
b(Denial)g(of)h(Service)g(A)m(ttac)m(ks)0 1949 y Fk(IKE)j(is)h(sub)5
b(ject)35 b(to)h(DoS)g(\(Denial)g(of)g(Service\))f(attac)n(ks)0
2049 y(since)25 b(state)f(has)h(to)g(b)r(e)g(k)n(ept)g(in)g(the)g(resp)
r(onder)f(after)h(the)0 2148 y(\014rst)j(message)e(has)h(b)r(een)i
(receiv)n(ed.)36 b(If)29 b(a)e(malicious)g(p)r(eer)0
2248 y(starts)e(\015o)r(o)r(ding)h Fi(isakmp)l(d)i Fk(with)f(exc)n
(hange)e(initiations,)h(a)0 2347 y(lot)d(of)h(state)f(will)g(accum)n
(ulate)g(in)h(the)g(resp)r(onder.)34 b(W)-7 b(orse)0
2447 y(y)n(et,)30 b(in)h(aggressiv)n(e)26 b(mo)r(de,)31
b(the)g(resp)r(onder)d(will)i(ha)n(v)n(e)f(to)0 2547
y(do)f(exp)r(ensiv)n(e)g(computational)g(w)n(ork)1245
2517 y Fg(2)1311 2547 y Fk(b)r(efore)g(the)h(p)r(eer)0
2646 y(has)35 b(b)r(een)g(authen)n(ticated.)60 b(These)35
b(issues)g(are)f(actually)0 2746 y(proto)r(col)19 b(problems)g(and)h
(could)f(ha)n(v)n(e)g(b)r(een)i(mo)r(ot,)g(if)f(only)0
2846 y(the)25 b(\\co)r(okie")f(mec)n(hanism)g(adopted)h(from)g(the)g
(Photuris)0 2945 y(proto)r(col)39 b(had)h(b)r(een)h(understo)r(o)r(d)e
(and)h(used)h(correctly)0 3045 y([)p Fj(?)p Fk(,)e Fj(?)p
Fk(].)70 b(Since)39 b(the)g(proto)r(col)e(has)h(b)r(een)h
(standardized,)0 3144 y(w)n(e)32 b(need)h(to)f(address)f(the)i(p)r
(oten)n(tial)f(attac)n(ks.)50 b(Our)32 b(ap-)0 3244 y(proac)n(h)21
b(is)i(t)n(w)n(ofold:)34 b(\014rst)22 b(o\013,)i(w)n(e)e(alw)n(a)n(ys)f
(c)n(hec)n(k)h(memory)0 3344 y(allo)r(cation)29 b(for)g(failure,)g(and)
h(bac)n(k)e(out,)j(cleaning)d(up)i(all)0 3443 y(resources)i(tied)i(in)g
(with)g(the)h(message)d(w)n(e)i(are)e(re)i(deal-)0 3543
y(ing)26 b(with.)36 b(Second,)26 b(w)n(e)g(use)f(a)h(maxim)n(um,)g
(con\014gurable,)0 3643 y(exc)n(hange)38 b(lifetime.)75
b(If)40 b(the)h(exc)n(hange)d(times)i(out,)j(all)0 3742
y(resources)26 b(are)g(giv)n(en)h(bac)n(k)g(to)g(the)h(system.)0
3941 y(W)-7 b(e)42 b(ha)n(v)n(e)e(considered)g(additional)g(measures,)k
(lik)n(e)c(ag-)0 4041 y(gressiv)n(e)25 b(random)h(tail)h(drop)g(of)g
(exc)n(hanges)e(stuc)n(k)i(in)h(the)0 4141 y(state)g(after)g(the)g
(\014rst)g(reply)-7 b(.)38 b(This)29 b(w)n(ould)e(b)r(e)i(somewhat)0
4240 y(analogous)41 b(to)j(the)f(normal)g(resp)r(onse)f(to)i(TCP)f
(SYN-)0 4340 y(\015o)r(o)r(ds.)0 4658 y Fj(4.3.6)94 b(Solving)31
b(the)g(RSA)h(\\problem")0 4911 y Fk(A)n(t)h(the)f(time)h(w)n(e)f
(started)g(implemen)n(ting)h Fi(isakmp)l(d,)j Fk(ex-)0
5010 y(p)r(orting)21 b(a)g(US)h(RSA)g(implemen)n(tation)f(in)h(source)e
(form)h(to)0 5110 y(the)j(w)n(orld)f(at)g(large)g(w)n(as)f(illegal.)35
b(Another)24 b(problem)f(w)n(as)p 0 5165 744 4 v 92 5219
a Ff(2)127 5242 y Fe(Ev)n(en)g(hardw)n(are)g(accelerators)g(for)f(big)g
(n)n(um)n(b)r(er)g(computation)0 5321 y(cannot)28 b(handle)f(the)g
(high)g(v)n(olume)f(of)g(op)r(erations)h(that)h(w)n(ould)e(b)r(e)0
5400 y(in)n(v)n(olv)n(ed)e(in)g(suc)n(h)g(a)g(DOS)f(attac)n(k.)2010
83 y Fk(that)j(it)g(is)f(not)g(legal)g(to)g(use)g(the)h(RSA)g
(algorithm)e(within)2010 183 y(the)33 b(US)g(unless)g(one)f(has)h(a)f
(license)h(from)f(RSA)h(Inc.)53 b(or)2010 282 y(use)28
b(the)g(US-originated)f(non-commercial)g(RSAREF)h(li-)2010
382 y(brary)-7 b(.)42 b(Th)n(us,)30 b(there)g(w)n(as)e(no)i(w)n(a)n(y)e
(to)i(mak)n(e)f(a)g(distribu-)2010 482 y(tion)23 b(that)h(w)n(ould)f(b)
r(e)g(free)g(to)g(use)g(b)r(oth)h(in)f(the)h(US)g(and)f(in)2010
581 y(the)35 b(rest)e(of)i(the)f(w)n(orld,)h(b)r(ecause)f(the)h(only)f
(implemen-)2010 681 y(tation)39 b(that)g(is)g(free)g(in)h(the)f(US)h(w)
n(as)e(not)h(exp)r(ortable.)2010 780 y(Op)r(enBSD)23
b(has)f(solv)n(ed)g(this)g(problem)g(in)h(other)f(places)g(of)2010
880 y(the)f(source)e(tree)h(in)h(an)f(elegan)n(t)g(w)n(a)n(y:)32
b(w)n(e)20 b(c)n(hose)g(to)g(use)g(all)2010 980 y(RSA)32
b(functionalit)n(y)g(via)f(a)h(dynamically)e(link)n(ed)i(shared)2010
1079 y(library)-7 b(,)37 b Fi(lib)l(crypto,)k Fk(whic)n(h)36
b(is)g(part)g(of)g(Op)r(enSSL.)h(This)2010 1179 y(library)32
b(exists)h(in)h(three)f(v)-5 b(arian)n(ts:)48 b(one)33
b(RSA-crippled,)2010 1279 y(with)20 b(no)g(RSA)g(supp)r(ort)g(at)f
(all,)j(one)d(with)h(in)n(ternationally)2010 1378 y(written)27
b(RSA)h(co)r(de)e(and)h(one)g(with)g(RSAREF.)h(W)-7 b(e)27
b(ship)2010 1478 y(the)g(RSA-crippled)f(v)n(ersion)f(as)g(that)i(one)e
(has)h(no)g(paten)n(t)2010 1577 y(or)i(exp)r(ortabilit)n(y)h(issues)g
(at)g(all.)42 b(Then)29 b(w)n(e)g(tell)h(in)n(terna-)2010
1677 y(tional)25 b(users)f(to)h(fetc)n(h)h(the)f(in)n(ternational)f
(lib)r(crypto)h(v)n(er-)2010 1777 y(sion,)d(and)f(US)h(users)e(to)h
(get)g(the)g(one)g(based)g(on)g(RSAREF)2010 1876 y(\(if)28
b(they)g(meet)g(criteria)f(to)g(legally)g(use)g(it\).)2010
2076 y(This)k(could)g(w)n(ork)f(for)g Fi(isakmp)l(d)j
Fk(to)r(o,)f(if)g(it)f(w)n(ere)f(not)i(for)2010 2175
y(the)19 b(fact)g(that)g(w)n(e)f(w)n(an)n(t)g Fi(isakmp)l(d)j
Fk(to)d(b)r(e)h(statically)f(link)n(ed,)2010 2275 y(so)41
b(w)n(e)g(can)g(get)h(IKE)f(negotiation)f(capabilities)h(really)2010
2374 y(early)26 b(in)i(the)g(b)r(o)r(ot)g(pro)r(cess.)2010
2574 y(The)41 b(solution)g(w)n(as)g(to)g(use)g(dynamic)h(linking)f(via)
g(the)2010 2673 y Fi(d)t(lop)l(en)26 b Fk(API.)e(Ev)n(ery)e
(RSA-related)i(sym)n(b)r(ol)g(of)g(lib)r(crypto)2010
2773 y(needs)35 b(to)h(b)r(e)f(accessed)f(indirectly)i(through)e(a)h(p)
r(oin)n(ter.)2010 2873 y(This)j(p)r(oin)n(ter)f(is)g(initialized)h
(with)g(the)g(address)e(of)i(the)2010 2972 y(statically)d(link)n(ed)g
(RSA-crippled)g(stubs.)61 b(After)36 b(a)f(suc-)2010
3072 y(cessful)j(dynamic)g(link)g(the)h(p)r(oin)n(ters)e(get)h(reset)g
(to)g(the)2010 3171 y(newly)23 b(loaded)f(lib)r(crypto)g(equiv)-5
b(alen)n(ts.)35 b(It)23 b(is)g(not)g(consid-)2010 3271
y(ered)31 b(a)h(fatal)f(error)f(if)i(the)h(dynamic)e(linking)h(fails.)
49 b(Not)2010 3371 y(all)22 b(op)r(erating)f(systems)g(allo)n(w)g
(statically)g(link)n(ed)h(binaries)2010 3470 y(to)k(use)h
Fi(d)t(lop)l(en)h Fk(though,)e(but)h(those)g(who)f(do)g(can)g(b)r
(ene\014t)2010 3570 y(from)h(this.)2010 3941 y Fj(4.3.7)94
b(P)m(erformance)32 b(and)g(Co)s(de)f(Size)2010 4204
y Fk(The)38 b(SA)h(negotiation)e(is)h(v)n(ery)f(CPU-in)n(tensiv)n(e.)67
b(More)2010 4304 y(sp)r(eci\014cally)-7 b(,)41 b(in)d(main)g(and)h
(aggressiv)n(e)c(mo)r(de)j(there)g(is)2010 4404 y(alw)n(a)n(ys)c(a)h
(Di\016e-Hellman)h(exp)r(onen)n(tiation)f(and)h(some-)2010
4503 y(times,)k(dep)r(ending)e(on)g(authen)n(tication)f(metho)r(d,)j
(RSA)2010 4603 y(or)32 b(DSS)h(signature)e(op)r(erations)h(that)h(are)e
(fairly)h(exp)r(en-)2010 4703 y(siv)n(e)21 b(in)h(terms)f(of)h(CPU)f
(pro)r(cessing.)34 b(In)22 b(quic)n(k)f(mo)r(de,)i(the)2010
4802 y(DH)41 b(exp)r(onen)n(tiation)e(is)h(optional)f(but)i
(recommended.)2010 4902 y(That)27 b(exp)r(onen)n(tiation)f(is)h(what)f
(pro)n(vides)g(\\P)n(erfect)f(F)-7 b(or-)2010 5001 y(w)n(ard)29
b(Secrecy)-7 b(.")44 b(Some)30 b(sample)g(timings)h(can)f(b)r(e)h
(found)2010 5101 y(in)d(\014gure)f(4.)2010 5300 y(In)46
b(its)h(curren)n(t)e(state,)50 b Fi(isakmp)l(d)e Fk(consists)d(of)h
(roughly)2010 5400 y(36,000)30 b(lines)h(of)h(co)r(de,)h(almost)e(all)h
(of)g(it)g(in)g(C.)g(This)g(in-)p eop
%%Page: 10 10
10 9 bop 468 3 2935 4 v 466 103 4 100 v 518 73 a Fk(Exc)n(hange)p
3015 103 V 2199 w(Seconds)p 3401 103 V 468 106 2935 4
v 466 206 4 100 v 518 176 a(Main)27 b(mo)r(de,)h(3DES,)f(SHA,)h(DH)h
(group)d(2,)h(pre-shared)f(k)n(ey)p 3015 206 V 736 w(1.44)p
3401 206 V 466 306 V 518 276 a(Quic)n(k)g(mo)r(de,)i(3DES,)f(SHA,)i
(PFS)e(\(DH)i(group)d(2\))p 3015 306 V 1042 w(1.40)p
3401 306 V 468 309 2935 4 v 466 408 4 100 v 518 379 a(Main)h(mo)r(de,)h
(DES,)g(MD5,)f(DH)i(group)d(1,)h(pre-shared)f(k)n(ey)p
3015 408 V 767 w(0.95)p 3401 408 V 466 508 V 518 478
a(Quic)n(k)g(mo)r(de,)i(DES,)g(MD5,)g(PFS)f(\(DH)i(group)d(1\))p
3015 508 V 1073 w(0.60)p 3401 508 V 468 511 2935 4 v
466 611 4 100 v 518 581 a(Aggressiv)n(e)f(mo)r(de,)j(3DES,)f(SHA,)h(DH)
h(group)d(2,)h(RSA)i(signature)d(\(X.509\))p 3015 611
V 238 w(1.50)p 3401 611 V 466 711 V 518 681 a(Quic)n(k)g(mo)r(de,)i
(3DES,)f(SHA,)i(no)e(PFS)p 3015 711 V 1449 w(0.35)p 3401
711 V 468 714 2935 4 v 0 951 a(Figure)c(4:)35 b(A)24
b(P)n(en)n(tium)g(200MHz)f(running)g(t)n(w)n(o)h(instances)f(of)h
(isakmp)r(d)g(negotiating)f(o)n(v)n(er)f(the)i(lo)r(opbac)n(k)f(in)n
(terface)g(\(an)0 1050 y(exc)n(hange)f(b)r(et)n(w)n(een)i(t)n(w)n(o)f
(distinct)i(mac)n(hines)e(ma)n(y)g(actually)g(\014nish)h(faster)f(as)h
(some)f(computations)g(can)g(b)r(e)i(carried)d(out)0
1150 y(in)28 b(parallel\).)0 1420 y(cludes)g(commen)n(tary)-7
b(,)26 b(whic)n(h)h(w)n(e)h(ha)n(v)n(e)e(at)i(least)f(tried)g(to)0
1519 y(b)r(e)40 b(fairly)e(generous)g(with.)71 b(Securit)n(y)39
b(proto)r(col)f(imple-)0 1619 y(men)n(tations)28 b(need)g(to)g(b)r(e)h
(auditable,)f(and)g(readabilit)n(y)f(is)0 1719 y(therefore)36
b(an)g(imp)r(ortan)n(t)g(asp)r(ect.)63 b(4,000)35 b(of)i(these)f(are)0
1818 y(the)25 b(platform-dep)r(enden)n(t)g(parts,)f(and)h(2,500)e(are)g
(regres-)0 1918 y(sion)f(testing.)35 b(The)22 b(static)g(memory)f(fo)r
(otprin)n(t)h(for)f(i386)g(is)0 2017 y(appro)n(ximately)32
b(950KB)g(for)i(a)f(full-blo)n(wn)h(v)n(ersion)e(and)0
2117 y(300KB)37 b(for)i(a)g(trimmed)g(do)n(wn)g(v)n(ersion)f(with)h
(supp)r(ort)0 2217 y(only)25 b(for)g(mandatory)f(ciphers,)h(exc)n
(hanges,)f(groups,)g(and)0 2316 y(authen)n(tication)44
b(metho)r(ds)g(\(no)h(debugging)e(or)g(re\014ned)0 2416
y(p)r(olicy)g(handling)f(is)g(included)i(in)f(the)g(trimmed-do)n(wn)0
2516 y(v)n(ersion\).)0 2920 y Fo(5)112 b(Securit)m(y)37
b(P)m(olicy)0 3208 y Fk(When)h(discussing)f(securit)n(y)f(p)r(olicy)-7
b(,)41 b(it)c(is)h(often)g(useful)0 3308 y(to)32 b(de\014ne)f(the)h
(term)g(in)g(the)g(appropriate)e(con)n(text.)49 b(F)-7
b(or)0 3407 y(our)24 b(purp)r(oses,)g(securit)n(y)g(p)r(olicy)h(in)g
(the)g(net)n(w)n(ork)e(la)n(y)n(er)g(is)0 3507 y(the)30
b(information)f(needed)h(to)f(decide)h(whether)g(a)f(pac)n(k)n(et)0
3607 y(should)f(b)r(e)h(accepted/forw)n(arded)e(or)g(dropp)r(ed.)40
b(F)-7 b(urther)0 3706 y(restricting)37 b(the)h(de\014nition)g(in)g
(the)h(IPsec)e(con)n(text,)j(se-)0 3806 y(curit)n(y)h(p)r(olicy)g
(dictates)g(what)g(classes)f(of)h(pac)n(k)n(ets)f(are)0
3906 y(acceptable)32 b(o)n(v)n(er)f(a)i(sp)r(eci\014c)g(SA.)g(This)g
(is)g(all)g(the)g(more)0 4005 y(imp)r(ortan)n(t)23 b(for)f(IPsec,)h
(since)g(the)g(encapsulation)f(mec)n(ha-)0 4105 y(nism)h(used)g
(literally)g(allo)n(ws)e(establishmen)n(t)i(of)g(arbitrary)0
4204 y(virtual)k(top)r(ologies)f(o)n(v)n(er)g(the)i(net)n(w)n(ork)e
(fabric.)0 4404 y(Since)f(there)f(exists)h(no)f(standard)g(mec)n
(hanism)g(for)g(sp)r(eci-)0 4503 y(fying,)j(disseminating,)f(and)h(pro)
r(cessing)e(securit)n(y)h(p)r(olicy)0 4603 y(for)33 b(IPsec,)i(w)n(e)f
(ha)n(v)n(e)f(adopted)g(some)h(ongoing)e(researc)n(h)0
4703 y(w)n(ork)f(based)h(on)f(a)h(compliance-c)n(hec)n(king)e(arc)n
(hitecture.)0 4802 y(The)d(concept)f(b)r(ehind)i(this)f(arc)n
(hitecture)e(is)i(that,)g(at)g(SA)0 4902 y(establishmen)n(t)21
b(time,)j(w)n(e)d(utilize)h(some)f(mec)n(hanism)g(that)0
5001 y(v)-5 b(alidates)37 b(the)i(suitabilit)n(y)f(of)f(an)h(SA)g(for)g
(a)f(particular)0 5101 y(class)31 b(of)g(pac)n(k)n(ets)f(and)i(a)f
(remote)g(principal)g(at)g(IKE)g(ex-)0 5201 y(c)n(hange)24
b(time;)i(all)f(the)g(c)n(haracteristics)d(of)j(the)g(SA)h(\(cryp-)0
5300 y(tographic)e(algorithms,)g(k)n(ey)h(sizes,)g(transform)f
(ordering,)0 5400 y Fi(etc.)p Fk(\),)f(along)c(with)i(the)g(pac)n(k)n
(et)f(classes)f(\(in)i(e\013ect,)h(a)f(set)f(of)2010
1420 y(pac)n(k)n(et)27 b(\014lter)i(rules\))f(and)g(the)h(remote)f
(principal's)g(iden-)2010 1519 y(tit)n(y)c(\(public)g(k)n(ey)-7
b(,)24 b(X.509)e(certi\014cates,)i(passphrase,)e Fi(etc.)p
Fk(\))2010 1619 y(are)f(a)n(v)-5 b(ailable)21 b(at)h(that)h(stage.)34
b(It)23 b(is)f(imp)r(ortan)n(t)g(to)g(realize)2010 1719
y(that)36 b(this)g(op)r(eration)f(is)h(p)r(erformed)g(only)f(infrequen)
n(tly)2010 1818 y(compared)21 b(to)h(the)h(n)n(um)n(b)r(er)f(of)g(pac)n
(k)n(ets)f(that)h(will)h(use)f(the)2010 1918 y(established)f(SAs.)35
b(Th)n(us,)23 b(it)f(is)g(p)r(ossible)f(to)g(use)h(a)f(mec)n(ha-)2010
2017 y(nism)28 b(that)g(is)g(more)f(general,)f(p)r(o)n(w)n(erful,)h
(and)h(extensible)2010 2117 y(than)38 b(a)g(simple)h(pac)n(k)n(et)e
(\014lter)i(sp)r(eci\014cation)f(language.)2010 2217
y(W)-7 b(e)31 b(w)n(ould)g(also)f(lik)n(e)g(to)h(b)r(e)g(able)g(to)g
(utilize)g(creden)n(tials)2010 2316 y(delegating)f(authorit)n(y)-7
b(,)31 b(as)f(w)n(e)h(ha)n(v)n(e)f(found)h(these)g(to)g(al-)2010
2416 y(lo)n(w)c(easier)f(and)i(more)e(scalable)h(administration.)2010
2615 y(The)61 b(higher-lev)n(el)e(mec)n(hanism)h(for)g(securit)n(y)g(p)
r(olicy)2010 2715 y(compliance-c)n(hec)n(king)28 b(w)n(e)j(use)f(is)h
(a)f(trust-managemen)n(t)2010 2814 y(system.)58 b(T)-7
b(rust-managemen)n(t)34 b(systems)g([)p Fj(?)p Fk(,)h
Fj(?)p Fk(])g(pro)n(vide)2010 2914 y(a)40 b(uni\014ed)g(approac)n(h)f
(to)h(sp)r(ecifying)g(securit)n(y)f(p)r(olicies,)2010
3014 y(creden)n(tials,)28 b(and)h(relationships)f(b)r(et)n(w)n(een)h
(principals)g(in)2010 3113 y(the)21 b(system.)34 b(Unlik)n(e)20
b(traditional)g(certi\014cation)g(sc)n(hemes,)2010 3213
y(trust-managemen)n(t)28 b(creden)n(tials)g(bind)i(k)n(eys)e(directly)h
(to)2010 3313 y(the)37 b(authorization)d(to)i(p)r(erform)g(some)g
(task.)62 b(A)36 b(trust-)2010 3412 y(managemen)n(t)50
b(system)h(pro)n(vides)f(a)g(highly-adaptable)2010 3512
y(general-purp)r(ose)35 b(mec)n(hanism)i(for)g(sp)r(ecifying)h(securit)
n(y)2010 3611 y(p)r(olicies)32 b(and)h(creden)n(tials.)51
b(A)33 b(principle)f(of)h(trust)g(man-)2010 3711 y(agemen)n(t)g(is)g
(\\monotonicit)n(y)-7 b(.")54 b(This)33 b(means)g(that)h(p)r(oli-)2010
3811 y(cies)e(and)f(creden)n(tials)g(can)h(only)f(ha)n(v)n(e)g(a)g(p)r
(ositiv)n(e)h(e\013ect)2010 3910 y(on)27 b(the)i(privileges)d(of)i(a)f
(principal;)g(it)i(is)e(not)h(p)r(ossible)f(to)2010 4010
y(rev)n(ok)n(e)32 b(privilege)g(b)n(y)i(issuing)f(a)g(creden)n(tial.)54
b(This)34 b(ma)n(y)2010 4110 y(only)h(b)r(e)h(done)g(b)n(y)f(expiring)g
(creden)n(tials,)i(or)e(b)n(y)g(mo)r(di-)2010 4209 y(fying)f(the)h
(relev)-5 b(an)n(t)33 b(p)r(olicies)h(and)g(creden)n(tials.)55
b(F)-7 b(or)33 b(an)2010 4309 y(extensiv)n(e)27 b(o)n(v)n(erview)e(of)j
(trust-managemen)n(t,)e(see)i([)p Fj(?)p Fk(].)2010 4508
y(KeyNote)f(is)h(an)g(instan)n(tiation)f(of)h(a)f(trust-managemen)n(t)
2010 4608 y(system,)35 b(designed)e(to)g(b)r(e)h(simple)f(y)n(et)g
(\015exible.)54 b(It)34 b(pro-)2010 4707 y(vides)23 b(a)f(single)h
(language)e(for)h(b)r(oth)h(p)r(olicies)g(and)g(creden-)2010
4807 y(tials,)30 b(based)f(on)g(predicates)g(that)h(describ)r(e)f(the)h
(trusted)2010 4907 y(actions)d(p)r(ermitted)i(b)n(y)f(holders)f(of)h
(sp)r(eci\014c)g(public)h(k)n(eys)2010 5006 y(\(or)35
b(other)h(cryptographic)e(iden)n(ti\014ers\).)62 b(F)-7
b(or)35 b(more)g(de-)2010 5106 y(tails)22 b(on)g(KeyNote)f(syn)n(tax)h
(and)g(pro)r(cessing,)g(see)f([)p Fj(?)p Fk(].)36 b(F)-7
b(or)2010 5205 y(more)21 b(details)g(on)h(the)g(p)r(olicy)f(arc)n
(hitecture)g(itself,)i(see)f([)p Fj(?)p Fk(].)2010 5305
y(The)28 b(follo)n(wing)f(subsection)h(discusses)f(some)h(implemen-)p
eop
%%Page: 11 11
11 10 bop 0 83 a Fk(tation)27 b(sp)r(eci\014cs.)0 397
y Fl(5.1)105 b(Implemen)m(tation)33 b(Details)0 710 y
Fk(Mo)r(difying)d Fi(isakmp)l(d)i Fk(to)e(mak)n(e)g(use)g(of)g(the)h
(compliance-)0 810 y(c)n(hec)n(king)40 b(arc)n(hitecture)g(for)h(p)r
(olicy)g(resolution)g(pro)n(v)n(ed)0 910 y(straigh)n(tforw)n(ard.)31
b Fi(isakmp)l(d)20 b Fk(w)n(as)e(initially)h(designed)g(with)0
1009 y(a)29 b(rudimen)n(tary)e(mec)n(hanism)i(for)f(v)n(erifying)g
(securit)n(y)g(as-)0 1109 y(so)r(ciations)f(prop)r(osed)h(b)n(y)g(the)g
(remote)g(p)r(eer.)39 b(The)29 b(set)f(of)0 1208 y(acceptable)k
(securit)n(y)h(asso)r(ciations)e(w)n(as)h(read)g(from)h(the)0
1308 y(con\014guration)22 b(\014le,)i(and)f(then)h(consulted)f(when)h
(examin-)0 1408 y(ing)33 b(the)g(prop)r(osed)f(SA.)h(Ho)n(w)n(ev)n(er,)
g(this)g(sc)n(heme)f(lac)n(k)n(ed)0 1507 y(\015exibilit)n(y)41
b(and)g(extensibilit)n(y)-7 b(.)78 b(In)42 b(particular,)h(it)f(w)n(as)
0 1607 y(not)f(p)r(ossible)g(to)g(delegate)g(authorit)n(y)-7
b(,)43 b(allo)n(w)e(for)f(v)n(ery)0 1707 y(\014ne-grained)34
b(SA)i(sp)r(eci\014cation)f(without)h(an)f(explosion)0
1806 y(in)24 b(the)f(size)h(of)f(the)h(con\014guration)e(\014le,)i(tak)
n(e)f(in)n(to)g(consid-)0 1906 y(eration)28 b(information)h(not)g
(directly)g(relev)-5 b(an)n(t)29 b(to)g(the)h(SA)0 2005
y(\(suc)n(h)h(as)f(time)h(of)g(da)n(y)-7 b(,)31 b(or)f(system)g
(securit)n(y)g(lev)n(el\),)i(nor)0 2105 y(allo)n(w)i(for)g(\015exible)h
(pac)n(k)n(et)f(selectors)f(\(an)i(exact)f(matc)n(h)0
2205 y(w)n(as)27 b(required\).)0 2404 y(Since)h(this)g(v)n
(eri\014cation)f(mec)n(hanism)g(w)n(as)g(implemen)n(ted)0
2504 y(as)45 b(a)g(pro)r(cedure)g(call,)k(w)n(e)d(only)f(had)g(to)h(mo)
r(dify)g(the)0 2603 y(in)n(v)n(oking)35 b(co)r(de)h(to)g(call)g
(another)f(pro)r(cedure)g(that)i(ulti-)0 2703 y(mately)32
b(in)n(v)n(ok)n(ed)e(KeyNote.)48 b(This)32 b(c)n(hange)e(o)r(ccurred)h
(in)0 2802 y(t)n(w)n(o)c(places:)60 3107 y(1.)41 b(When)19
b(the)g(Resp)r(onder)f(of)g(an)g(IKE)g(exc)n(hange)f(exam-)166
3206 y(ines)i(the)h(list)f(of)h(IPsec)e(\(Phase)g(2\))h(SAs)h(to)f
(determine)166 3306 y(whic)n(h)28 b(one)f(is)g(acceptable.)60
3502 y(2.)41 b(When)e(the)f(Initiator)g(receiv)n(es)e(\(during)i(Phase)
f(2\))166 3601 y(the)28 b(resp)r(onse)f(con)n(taining)f(the)i
(acceptable)f(SA.)0 3906 y(When)k(in)n(v)n(ok)n(ed,)f(the)h(pro)r
(cedure)f(con)n(v)n(erts)f(information)0 4005 y(tak)n(en)d(from)h(the)g
Fi(exchange)g Fk(and)g Fi(sa)g Fk(structures)f(to)h(a)f(for-)0
4105 y(mat)h(suitable)f(for)g(use)g(b)n(y)g(KeyNote.)36
b(Suc)n(h)27 b(information)0 4204 y(con)n(tains)d(the)i(IPsec)e(proto)r
(cols)g(to)h(b)r(e)h(used,)g(the)f(crypto-)0 4304 y(graphic)k
(algorithms)f(to)i(b)r(e)h(used,)f(the)g(pac)n(k)n(et)f(selectors)0
4404 y(requested)43 b(\(Phase)g(2)g(User)g(IDs\),)48
b(the)c(cryptographic)0 4503 y(iden)n(ti\014er)27 b(used)h(in)g(Phase)e
(1)i(b)n(y)f(the)h(remote)f(p)r(eer,)g Fi(etc.)0 4703
y Fk(This)g(cryptographic)e(iden)n(ti\014er)h(is)h(used)g(b)n(y)f(the)h
(compli-)0 4802 y(ance)21 b(c)n(hec)n(k)n(er)f(to)i(determine)g(whic)n
(h)g(part)f(of)h(the)g(securit)n(y)0 4902 y(p)r(olicy)j(is)h(relev)-5
b(an)n(t)25 b(to)g(a)g(sp)r(eci\014c)h(request.)36 b(If)26
b(public)g(k)n(ey)0 5001 y(authen)n(tication)39 b(w)n(as)f(used,)k
(then)e(our)f(securit)n(y)f(p)r(olicy)0 5101 y(ma)n(y)28
b(directly)h(refer)f(to)h(said)g(public)g(k)n(ey)-7 b(,)29
b(and)g(the)h(same)0 5201 y(applies)37 b(for)g(passphrase)f(authen)n
(tication.)66 b(F)-7 b(or)36 b(X.509-)0 5300 y(based)29
b(authen)n(tication,)g(w)n(e)g(ha)n(v)n(e)f(a)h(n)n(um)n(b)r(er)f(of)i
(options)0 5400 y(as)d(to)g(who)h(p)r(olicy)f(ma)n(y)g(refer)g(to:)2093
83 y Fh(\017)41 b Fk(The)24 b(public)g(k)n(ey)e(of)i(the)g(remote)f
(principal)g(as)g(it)h(ap-)2176 183 y(p)r(ears)32 b(in)h(the)g(Sub)5
b(ject)34 b(\014eld)f(of)g(the)g(X.509)f(certi\014-)2176
282 y(cate,)h(or)e(the)h(X.509)e(certi\014cate)i(itself.)50
b(This)31 b(form)2176 382 y(of)g(delegation)f(is)g(the)h(most)g(direct)
g(and)f(limited)i(in)2176 482 y(scop)r(e.)2093 656 y
Fh(\017)41 b Fk(The)46 b(public)g(k)n(ey)f(or)g(X.509)g(certi\014cate)g
(of)h(some)2176 755 y(certi\014cation)54 b(authorit)n(y)f(\(CA\))i
(that)g(ultimately)2176 855 y(\\sp)r(eaks)21 b(for")g(the)i(remote)f
(principal.)35 b(This)22 b(ma)n(y)g(b)r(e)2176 955 y(the)34
b(CA)g(immediately)g(v)-5 b(alidating)33 b(said)g(principal,)2176
1054 y(or)h(some)f(other)h(CA)h(further)f(up)h(in)g(a)f(CA)h(hierar-)
2176 1154 y(c)n(h)n(y)-7 b(.)36 b(The)27 b(higher)g(up)g(the)h(CA)f(w)n
(e)g(delegate)g(to,)g(the)2176 1254 y(broader)h(the)i(scop)r(e)g(of)g
(the)g(delegation)f(\(and)h(th)n(us,)2176 1353 y(more)j(users)g(share)g
(the)i(same)e(righ)n(ts\).)56 b(Note)34 b(that)2176 1453
y(it)26 b(is)g(p)r(ossible)f(to)h(delegate)f(a)h(set)f(of)h(righ)n(ts)f
(to)h(some)2176 1552 y(CA)32 b(that)g(\\sp)r(eaks)e(for")g(some)h
(user,)h(and)g(sim)n(ulta-)2176 1652 y(neously)h(giv)n(e)g(more)g(righ)
n(ts)f(to)i(that)g(sp)r(eci\014c)g(user.)2176 1752 y(Reducing)d(a)g
(user's)g(privileges)f(through)h(the)h(same)2176 1851
y(mec)n(hanism)21 b(is)h(not)f(feasible)g(under)h(KeyNote,)g(ho)n(w-)
2176 1951 y(ev)n(er)d(\(b)r(ecause)h(of)g(monotonicit)n(y)-7
b(,)20 b(as)g(previously)e(de-)2176 2051 y(scrib)r(ed\).)2093
2225 y Fh(\017)41 b Fk(Since)46 b(public)f(k)n(eys)g(and)g(X.509)f
(certi\014cates)g(can)2176 2325 y(b)r(e)38 b(cum)n(b)r(ersome)f(to)g
(manipulate)h(ev)n(en)f(in)h(a)f(text)2176 2424 y(form,)47
b(it)d(is)f(p)r(ossible)g(to)h(use)f(the)h(Distinguished)2176
2524 y(Name)19 b(as)f(it)i(app)r(ears)e(in)h(an)g(X.509)f
(certi\014cate.)33 b(This)2176 2623 y(mak)n(es)18 b(p)r(olicies)i(m)n
(uc)n(h)f(more)f(concise)h(and)g(readable.)2176 2723
y(An)29 b(added)f(b)r(ene\014t)h(is)f(that)h(certi\014cates)e(\(and)i
(ev)n(en)2176 2823 y(k)n(eys\))i(ma)n(y)f(c)n(hange)g(without)i
(a\013ecting)f(the)g(p)r(olicy)2176 2922 y(\(although)23
b(in)h(some)f(cases)g(this)h(ma)n(y)f(turn)h(in)n(to)f(a)g(li-)2176
3022 y(abilit)n(y\).)35 b(W)-7 b(e)21 b(can)g(use)g(the)h(DN)f(of)g
(the)h(remote)e(prin-)2176 3122 y(cipal)26 b(directly)-7
b(,)26 b(or)e(that)i(of)g(some)f(CA)h(that)g(\\sp)r(eaks)2176
3221 y(for")h(the)h(principal.)2010 3510 y(The)20 b(assem)n(bled)e
(information)h(is)g(passed)g(on)g(to)h(KeyNote,)2010
3609 y(and)33 b(the)h(resp)r(onse)e(indicates)h(whether)h(the)f(SA)h
(should)2010 3709 y(b)r(e)d(accepted)g(or)e(dropp)r(ed.)47
b(In)31 b(e\013ect,)h(KeyNote)e(is)g(v)n(er-)2010 3809
y(ifying)36 b(that)h(the)g(com)n(bination)e(of)i(remote)f(p)r(eer,)i
(IPsec)2010 3908 y(proto)r(cols)d(\(and)i(algorithms,)h(lifetimes,)h
Fi(etc.)65 b Fk(used)36 b(b)n(y)2010 4008 y(those)k(proto)r(cols\),)h
(and)f(pac)n(k)n(et)f(selectors)g(are)g(accept-)2010
4107 y(able)27 b(b)n(y)g(p)r(olicy)-7 b(.)37 b(This)28
b(p)r(olicy)f(ma)n(y)g(b)r(e)h(expressed)e(solely)2010
4207 y(in)h(terms)f(of)g(lo)r(cal)g(p)r(olicy)g(or)g(as)g(a)g(com)n
(bination)f(of)i(lo)r(cal)2010 4307 y(p)r(olicy)37 b(and)f(\(signed\))h
(creden)n(tials.)63 b(These)36 b(creden)n(tials)2010
4406 y(ma)n(y)24 b(b)r(e)i(acquired)e(during)h(the)g(Phase)f(1)h(exc)n
(hange)f(\(pro-)2010 4506 y(vided)33 b(b)n(y)f(the)h(remote)f(p)r
(eer\))h(or)f(at)h(an)n(y)f(p)r(oin)n(t)h(in)g(time)2010
4606 y(afterw)n(ards)f(\()p Fi(e.g.,)37 b Fk(fetc)n(hed)d(on-demand)f
(through)g(some)2010 4705 y(out-of-band)39 b(proto)r(col)2771
4675 y Fg(3)2807 4705 y Fk(\).)75 b(As)40 b(so)r(on)g(as)f(an)h(SA)h
(is)f(ac-)2010 4805 y(cepted,)28 b(the)g(searc)n(h)e(is)h(concluded.)
2010 5004 y(The)37 b(pro)r(cedure)f(is)g(called)h(once)f(for)g(eac)n(h)
g(distinct)i(SA)2010 5104 y(prop)r(osal)c(receiv)n(ed)h(from)g(the)i(p)
r(eer)e(\(since)h(there)g(is)f(no)p 2010 5165 744 4 v
2102 5219 a Ff(3)2137 5242 y Fe(W)-6 b(e)29 b(ha)n(v)n(e)g(exp)r
(erimen)n(ted)g(with)f(fetc)n(hing)h(creden)n(tials)g(from)d(a)2010
5321 y(w)n(eb)c(serv)n(er,)f(using)g(a)g(primitiv)n(e)f(cgi-script)g
(and)i(a)g(database)g(k)n(ey)n(ed)2010 5400 y(on)i(public)g(k)n(eys)g
(and)g(X.509)g(Distinguished)g(Names.)p eop
%%Page: 12 12
12 11 bop 0 83 a Fk(w)n(a)n(y)22 b(to)h(e\016cien)n(tly)g(enco)r(de)f
(all)h(the)h(SA)f(prop)r(osals)e(in)i(one)0 183 y(action)31
b(attribute)i(set)f(and)f(ha)n(v)n(e)g(KeyNote)h(mak)n(e)f(a)g(de-)0
282 y(cision)25 b(on)g(whic)n(h)g(one)g(to)g(select)g({)g(this)g(is)g
(a)g(dra)n(wbac)n(k)e(of)0 382 y(using)c(KeyNote)f(instead)h(of)g(a)f
(more)g(complex)h(p)r(olicy)g(lan-)0 482 y(guage\).)46
b(Note)31 b(ho)n(w)n(ev)n(er)e(that)i(eac)n(h)f(suc)n(h)h(in)n(v)n(o)r
(cation)e(is)0 581 y(v)n(ery)j(\\ligh)n(t)n(w)n(eigh)n(t")f(in)i(pro)r
(cessing)f(terms:)48 b(con)n(v)n(erting)0 681 y(the)23
b(relev)-5 b(an)n(t)22 b(information)g(is)h(straigh)n(tforw)n(ard,)d
(and)j(an)n(y)0 780 y(cryptographic)35 b(op)r(erations)h(are)g(only)h
(p)r(erformed)g(once)0 880 y(and)h(their)g(results)g(cac)n(hed)f(for)g
(future)i(use.)68 b(The)38 b(p)r(ol-)0 980 y(icy)29 b(assertions)e(are)
h(loaded)g(once)g(at)h(startup)g(time)g(\(and)0 1079
y(reloaded)h(if)i Fi(isakmp)l(d)g Fk(is)f(ask)n(ed)f(to)h
(re-initialize\).)47 b(Some)0 1179 y(simple)33 b(exp)r(erimen)n(ts)g
(sho)n(w)f(that)h(the)h(cost)f(of)g(in)n(v)n(oking)0
1279 y(KeyNote)f(increases)g(linearly)g(with)i(the)f(n)n(um)n(b)r(er)g
(of)g(as-)0 1378 y(sertions)k(in)i(use,)i(and)d(that)g(for)g(a)g
(simple)g(setup)h(of)f(3-)0 1478 y(4)d(assertions/creden)n(tials)d(the)
k(cost)e(is)i(in)f(the)h(order)e(of)0 1577 y(150)p Fc(\026)p
Fk(sec.)0 1777 y(Here,)26 b(w)n(e)h(wish)f(to)g(mak)n(e)g(t)n(w)n(o)g
(additional)g(observ)-5 b(ations:)83 2050 y Fh(\017)41
b Fk(KeyNote)22 b(is)g(in)n(v)n(ok)n(ed)f(during)h(Phase)f(2)h(only)-7
b(.)35 b(While)166 2149 y(it)f(is)f(trivial)g(to)g(allo)n(w)f(p)r
(olicy)h(con)n(trol)f(o)n(v)n(er)g(estab-)166 2249 y(lishmen)n(t)i(of)g
(Phase)f(1)g(SAs,)j(w)n(e)d(b)r(eliev)n(e)h(that)g(this)166
2349 y(is)h(b)r(oth)g(unnecessary)e(and)i(p)r(oten)n(tially)g
(confusing)166 2448 y(to)e(users.)51 b(Since)33 b(Phase)f(1)g(SAs)h
(are)f(used)h(only)f(b)n(y)166 2548 y Fi(isakmp)l(d)37
b Fk(and)e(ha)n(v)n(e)f(no)g(direct)h(e\013ect)h(on)f(the)g(sys-)166
2647 y(tem)g(or)f(on)h(net)n(w)n(ork)e(tra\016c,)j(this)f(approac)n(h)e
(do)r(es)166 2747 y(not)28 b(compromise)e(safet)n(y)-7
b(.)83 2909 y Fh(\017)41 b Fk(Curren)n(tly)-7 b(,)41
b(compliance)e(c)n(hec)n(king)f(on)h(the)g(initia-)166
3009 y(tor)c(is)g(p)r(erformed)g(when)g(the)h(accepted)f(SA)h(is)f(re-)
166 3109 y(ceiv)n(ed)26 b(from)h(the)g(resp)r(onder)f(\(message)f(2)i
(in)g(Quic)n(k)166 3208 y(Mo)r(de\).)49 b(Ideally)-7
b(,)33 b(this)f(c)n(hec)n(k)e(should)i(b)r(e)g(done)f(b)r(e-)166
3308 y(fore)e(transmission)f(of)h(the)g(\014rst)g(message)f(in)i(Quic)n
(k)166 3407 y(Mo)r(de,)25 b(to)g(a)n(v)n(oid)e(transmitting)i(SA)g
(prop)r(osals)e(that)166 3507 y(in)j(the)g(end)g(will)g(not)g(b)r(e)g
(accepted)g(b)n(y)f(us.)36 b(Pro)r(cess-)166 3607 y(ing)i(after)g
(receipt)g(of)g(message)f(2)g(should)h(b)r(e)h(lim-)166
3706 y(ited)24 b(to)f(v)n(erifying)f(that)i(the)f(returned)g(SA)h(is)f
(among)166 3806 y(those)33 b(o\013ered)g(in)h(the)f(\014rst)g(message.)
53 b(W)-7 b(e)34 b(elected)166 3906 y(not)28 b(to)h(do)f(this)h(b)r
(ecause)f(of)g(co)r(de)g(complexit)n(y:)38 b(b)r(e-)166
4005 y(cause)19 b(KeyNote)h(supp)r(ort)g(w)n(as)f(added)h(after)g(most)
g(of)166 4105 y Fi(isakmp)l(d)32 b Fk(w)n(as)e(written,)i(the)f(co)r
(de)g(that)g(constructs)166 4204 y(the)g(list)g(of)g(SAs)g(in)g
(message)e(1)i(w)n(as)e(already)h(in)n(tri-)166 4304
y(cately)e(tied)i(to)e(message)g(construction,)g(con\014gura-)166
4404 y(tion)h(\014le)h(parsing,)f(and)g(attribute)g(syn)n(tax)g(v)n
(eri\014ca-)166 4503 y(tion.)66 b(Rewriting)37 b(the)g(relev)-5
b(an)n(t)37 b(co)r(de)g(just)h(to)f(ac-)166 4603 y(commo)r(date)29
b(KeyNote)h(w)n(ould)f(in)n(v)n(olv)n(e)f(serious)h(re-)166
4703 y(structuring.)70 b(W)-7 b(e)39 b(in)n(tend)g(to)g(rewrite)f(that)
h(piece)166 4802 y(of)h Fi(isakmp)l(d)i Fk(in)f(the)f(near)g(future)g
(to)h(retriev)n(e)e(SA)166 4902 y(information)d(from)g(the)h(k)n(ernel)
e(\(as)h(opp)r(osed)g(to)g(a)166 5001 y(con\014guration)d(\014le\).)58
b(A)n(t)34 b(that)h(time,)i(an)d(in)n(terface)166 5101
y(b)r(etter)22 b(suited)g(to)f(p)r(olicy)h(compliance)f(c)n(hec)n(king)
f(will)166 5201 y(b)r(e)31 b(in)n(tro)r(duced.)47 b(W)-7
b(e)31 b(should)f(note)h(that)g(this)g(issue)166 5300
y(is)e(not)g(an)g(artifact)g(of)g(our)g(use)g(of)g(KeyNote;)g(using)166
5400 y(an)n(y)c(securit)n(y)g(p)r(olicy)h(system)f(on)h(the)g
(initiator)f(side)2176 83 y(w)n(ould)i(require)g(the)h(same)f(co)r(de)g
(restructuring.)2010 374 y(In)49 b(terms)f(of)h(co)r(de)f(size,)54
b(the)48 b(\\glue")g(co)r(de)g(b)r(et)n(w)n(een)2010
473 y Fi(isakmp)l(d)28 b Fk(and)e(KeyNote)g(w)n(as)g(ab)r(out)g(1200)f
(lines,)i(almost)2010 573 y(exclusiv)n(ely)j(dealing)g(with)i(the)f
(con)n(v)n(ersion)e(of)i(informa-)2010 673 y(tion)e(from)f
Fi(isakmp)l(d)p Fk('s)i(in)n(ternal)e(structures)f(to)i(KeyNote)2010
772 y(action)41 b(attributes.)79 b(W)-7 b(e)42 b(also)f(had)g(to)h(add)
f(ab)r(out)h(50)2010 872 y(lines)31 b(of)f(co)r(de)h(in)g(di\013eren)n
(t)f(parts)g(of)h(KeyNote,)g(dealing)2010 972 y(with)41
b(initialization)g(and)f(record)f(k)n(eeping.)76 b(The)40
b(co)r(de)2010 1071 y(displaced)30 b(b)n(y)h(KeyNote)e(w)n(as)h(appro)n
(ximately)f(500)g(lines)2010 1171 y(long.)35 b(The)26
b(KeyNote)e(library)g(itself)i(is)f(ab)r(out)h(5000)d(lines)2010
1270 y(\(not)38 b(including)h(the)f(cryptographic)e(functions,)42
b(where)2010 1370 y Fi(lib)l(crypto)29 b Fk(is)f(used\).)2010
1791 y Fo(6)112 b(Conclusion)2010 2095 y Fl(6.1)105 b(Curren)m(t)34
b(State)2010 2400 y Fk(W)-7 b(e)51 b(b)r(eliev)n(e)f(that)h
Fi(isakmp)l(d)h Fk(curren)n(tly)e(addresses)e(all)2010
2500 y(mandatory)69 b(features)g(in)h(the)g(RF)n(Cs.)164
b(W)-7 b(e)70 b(also)2010 2599 y(implemen)n(t)77 b(most)f(optional)g
(features.)182 b Fi(isakmp)l(d)2010 2699 y Fk(curren)n(tly)62
b(runs)g(on)h(Op)r(enBSD's)g(old)g(IPsec)f(stac)n(k)2010
2798 y(with)44 b(PF)p 2331 2798 25 4 v 29 w(ENCAP)-7
b(,)43 b(Op)r(enBSD's)h(curren)n(t)e(stac)n(k)h(with)2010
2898 y(PF)p 2126 2898 V 30 w(KEY,)19 b(F)-7 b(reeS/W)e(AN)21
b(with)f(Lin)n(ux)g(NetLink)h(API)f(and)2010 2998 y(F)-7
b(reeBSD/NetBSD)47 b(with)g(KAME's)f(IPsec)g(stac)n(k)g(via)2010
3097 y(PF)p 2126 3097 V 30 w(KEY.)35 b(W)-7 b(e)37 b(ha)n(v)n(e)e(also)
g(made)i(it)f(p)r(ossible)g(to)h(sha)n(v)n(e)2010 3197
y(o\013)24 b(m)n(uc)n(h)g(of)g(the)h(extras)e(at)h(compile)g(time,)i
(th)n(us)e(making)2010 3297 y Fi(isakmp)l(d)43 b Fk(a)d(candidate)h
(for)g(b)r(eing)g(used)g(in)g(small)g(em-)2010 3396 y(b)r(edded)34
b(systems.)55 b Fi(isakmp)l(d)35 b Fk(is)e(in)h(pro)r(duction)f(used)h
(in)2010 3496 y(n)n(umerous)27 b(sites.)2010 3800 y Fl(6.2)105
b(F)-9 b(uture)35 b(Directions)2010 4105 y Fk(There)20
b(seems)g(to)g(b)r(e)h(an)f(increasing)f(n)n(um)n(b)r(er)i(of)f(prop)r
(osed)2010 4204 y(new)j(IKE)g(extensions)f(after)h(ev)n(ery)f(IETF.)h
(W)-7 b(e)24 b(are,)f(ho)n(w-)2010 4304 y(ev)n(er,)g(reluctan)n(t)f(to)
g(incorp)r(orate)f(them)i(all)f(as)g(co)r(de)h(bloat)2010
4404 y(is)f(a)g(problem)g(w)n(e)g(should)g(\014gh)n(t)g(to)g(main)n
(tain)g(an)n(y)g(kind)g(of)2010 4503 y(securit)n(y)-7
b(.)34 b(Something)21 b(w)n(e)f(de\014nitely)i(are)e(going)g(to)g(add)h
(is)2010 4603 y(IPv6)28 b(supp)r(ort,)i(as)f(w)n(e)g(recen)n(tly)g(ha)n
(v)n(e)f(started)h(shipping)2010 4703 y(Op)r(enBSD)34
b(with)h(an)e(IPsec-a)n(w)n(are)e(IPv6)i(stac)n(k.)55
b(Other)2010 4802 y(lik)n(ely)29 b(enhancemen)n(ts)g(are)f(supp)r(ort)h
(for)g(PK)n(CS#11)e(\(an)2010 4902 y(API)43 b(to)g(talk)g(to)g
(cryptographic)f(tok)n(ens,)k(lik)n(e)d(smart-)2010 5001
y(cards,)48 b(for)c(authen)n(tication\),)49 b(c)n(hallenge-resp)r(onse)
43 b(au-)2010 5101 y(then)n(tication)27 b(for)f(Phase)f(1)h(exc)n
(hanges)f(and)i(PKIX)f(com-)2010 5201 y(pliance.)46 b(A)31
b(ma)5 b(jor)30 b(short-term)f(pro)5 b(ject)30 b(is)h(supp)r(ort)g(for)
2010 5300 y(cryptographic)18 b(hardw)n(are)f(for)j(RSA)g(and)g
(Di\016e-Hellman)2010 5400 y(computation,)50 b(since)45
b(Op)r(enBSD)h(has)g(b)r(egan)f(to)g(sup-)p eop
%%Page: 13 13
13 12 bop 0 83 a Fk(p)r(ort)26 b(a)g(cryptographic)e(services)g(framew)
n(ork)h(in)h(the)g(k)n(er-)0 183 y(nel.)50 b(Other)31
b(minor)h(pro)5 b(jects)31 b(in)n(v)n(olv)n(e)f(in)n(tegration)h(with)0
282 y(DNSSEC)g([)p Fj(?)p Fk(])f(infrastructure)g(once)f(w)n(e)h(see)g
(further)g(de-)0 382 y(plo)n(ymen)n(t)45 b(and)g(use,)k(and)c(\\New)g
(group)f(mo)r(de")g(sup-)0 482 y(p)r(ort)32 b(to)h(dynamically)f
(negotiate)f(new)i(groups)e(to)i(com-)0 581 y(pute)42
b(DH)h(secrets)e(in.)80 b(There)41 b(are)g(plans)h(to)f(supp)r(ort)0
681 y(some)29 b(new)h(platforms,)g(for)g(example)f(F)-7
b(reeS/W)e(AN)30 b(o)n(v)n(er)0 780 y(PF)p 116 780 25
4 v 30 w(KEY)k(and)h(Solaris)f(8.)59 b(There)34 b(are)h(other)f
(commer-)0 880 y(cial)39 b(Unices)g(with)h(IPsec)e(stac)n(ks)g(whic)n
(h)h(w)n(e)g(ma)n(y)f(p)r(ort)0 980 y Fi(isakmp)l(d)32
b Fk(to.)44 b(Closer)29 b(in)n(tegration)g(with)h(the)h(k)n(ernel)e
(and)0 1079 y(userland)23 b(applications)f(\(p)r(ossibly)i(through)e
(the)i Fi(setso)l(ck-)0 1179 y(opt\(3\)/getso)l(ckopt\(3\))30
b Fk(API\),)e(and)g(v)-5 b(arious)26 b(pro)5 b(jects)27
b(in-)0 1279 y(v)n(olving)i(p)r(olicy)i(disco)n(v)n(ery/negotiation)26
b(\(in)31 b(particular,)0 1378 y(direct)i(exc)n(hanging)e(of)i(KeyNote)
g(creden)n(tials\))f(and)h(au-)0 1478 y(tomatic)28 b(con\014guration)f
(are)h(also)g(part)g(of)g(our)g(plans)h(for)0 1577 y(future)f(w)n(ork.)
0 1885 y Fl(6.3)105 b(In)m(terop)s(erabilit)m(y)0 2194
y Fk(W)-7 b(e)23 b(ha)n(v)n(e)f(attended)i(a)e(couple)h(of)g(in)n
(terop)r(erabilit)n(y)f(w)n(ork-)0 2293 y(shops)k(as)h(w)n(ell)g(as)f
(carried)g(out)h(our)g(o)n(wn)f(tests)h(and)g(ha)n(v)n(e)0
2393 y(succeeded)h(remark)-5 b(ably)26 b(w)n(ell,)i(giv)n(en)f(the)i
(complexit)n(y)e(of)0 2492 y(the)42 b(IKE)e(sp)r(eci\014cations.)78
b(A)41 b(lot)g(ma)n(y)g(b)r(e)h(attributed)0 2592 y(to)23
b(our)g(\015exible)h(con\014guration)e(whic)n(h,)i(ho)n(w)n(ev)n(er,)f
(cannot)0 2692 y(b)r(e)k(said)e(to)h(b)r(e)h(user-friendly)-7
b(.)35 b(W)-7 b(e)27 b(ha)n(v)n(e)e(b)r(een)i(kno)n(wn)e(to)0
2791 y(in)n(terop)r(erate)34 b(with)i(the)f(3com)f(P)n(ath)n(builder)g
(500,)i(Ash-)0 2891 y(ley)c(Lauren)n(t)f(VPCom,)i(Axen)n(t)f(Raptor,)g
(Cendio)g(F)-7 b(uego)0 2991 y(Firew)n(all,)34 b(Chec)n(kP)n(oin)n(t)e
(FireW)-7 b(all-1,)34 b(Cisco)f(IOS,)h(Cisco)0 3090 y(PIX,)41
b(F-secure)g(VPN+,)k(F)-7 b(reeBSD/NetBSD)41 b(KAME,)0
3190 y(In)n(tel)29 b(LanRo)n(v)n(er,)e(Lin)n(ux)i(F)-7
b(reeS/W)e(AN,)29 b(Nortel)g(Con)n(tiv-)0 3289 y(it)n(y)-7
b(,)23 b(PGP)d(VPN,)h(Radguard)f(cIPro,)h(T)-7 b(eam)n(w)n(are)19
b(TWISS,)0 3389 y(Windo)n(ws)27 b(2K,)g(and)g(Timestep)h(P)n(ermit.)0
3588 y(Most)19 b(of)g(this)g(in)n(terop)r(eration)f(has)h(b)r(een)g
(with)h(pre-shared)0 3688 y(k)n(eys.)33 b(Unfortunately)20
b(w)n(e)f(ha)n(v)n(e)g(not)g(y)n(et)h(had)f(a)g(c)n(hance)g(to)0
3788 y(do)33 b(extensiv)n(e)g(certi\014cate-based)g(in)n(terop)r
(erabilit)n(y)f(test-)0 3887 y(ing.)0 4195 y Fl(6.4)105
b(Securit)m(y)36 b(Considerations)0 4503 y Fk(As)27 b(migh)n(t)g(ha)n
(v)n(e)f(b)r(ecome)h(clear)f(b)n(y)h(no)n(w,)f(IKE)g(is)h(a)g(com-)0
4603 y(plex)k(proto)r(col,)f(p)r(erhaps)h(o)n(v)n(erly)e(so.)46
b(As)31 b(w)n(e)f(are)g(imple-)0 4703 y(men)n(ting)h(securit)n(y)-7
b(,)32 b(complexit)n(y)e(is)h(not)h(something)e(w)n(ell)0
4802 y(lo)r(ok)n(ed)k(up)r(on.)58 b(Complex)34 b(proto)r(cols)f(are)g
(implemen)n(ted)0 4902 y(with)40 b(complex)e(programs)f(whic)n(h)i
(tend)h(to)f(ha)n(v)n(e)f(more)0 5001 y(bugs,)26 b(and)h(some)e(bugs)h
(migh)n(t)h(just)g(happ)r(en)g(to)f(b)r(e)h(secu-)0 5101
y(rit)n(y)19 b(breac)n(hes.)33 b(Mo)r(dular)19 b(design)h(with)g(clear)
f(APIs)h(in)n(ter-)0 5201 y(nally)30 b(helps)g(reduce)g(complexit)n(y)f
(and)h(allo)n(ws)f(for)g(easier)0 5300 y(auditing,)c(but)h(there)f(is)f
(still)i(a)e(lot)h(more)f(risk)g(with)i(com-)0 5400 y(plex)39
b(programs)f(than)h(with)h(simple)g(ones.)72 b(There)39
b(are)2010 83 y(simpler)34 b(alternativ)n(es)f(to)i(IKE,)f(more)g
(limited)h(in)g(func-)2010 183 y(tionalit)n(y)-7 b(,)27
b(but)h(lik)n(ely)g(more)e(secure)h([)p Fj(?)p Fk(].)2010
476 y Fl(6.5)105 b(Related)35 b(W)-9 b(ork)2010 769 y
Fk(There)46 b(are)g(of)h(course)f(other)g(Op)r(en)h(Source)f(pro)5
b(jects)2010 869 y(that)38 b(implemen)n(t)g(IKE,)f(the)h(t)n(w)n(o)f
(most)h(widely)g(kno)n(wn)2010 968 y(b)r(eing)h(the)g(Lin)n(ux)f(F)-7
b(reeS/W)e(AN)39 b(pro)5 b(ject's)37 b Fi(Pluto,)42 b
Fk(and)2010 1068 y Fi(R)l(ac)l(o)l(on,)c Fk(of)d(the)g(KAME)g(pro)5
b(ject)35 b(whose)f(IPsec)g(stac)n(ks)2010 1167 y(exist)27
b(for)f(b)r(oth)h(NetBSD)h(and)e(F)-7 b(reeBSD.)27 b(Both)f(of)h(these)
2010 1267 y(are)21 b(only)h(mean)n(t)h(for)e(their)i(resp)r(ectiv)n(e)e
(platforms,)i(unlik)n(e)2010 1367 y Fi(isakmp)l(d,)i
Fk(whic)n(h)d(is)f(mean)n(t)h(to)f(b)r(e)h(a)g(p)r(ortable)f(implemen-)
2010 1466 y(tation.)38 b(As)29 b(a)e(matter)h(of)g(fact,)h
Fi(isakmp)l(d)g Fk(runs)f(on)g(top)g(of)2010 1566 y(b)r(oth)35
b(the)g(F)-7 b(reeS/W)e(AN)34 b(and)g(KAME)g(stac)n(ks.)56
b(Raco)r(on)2010 1666 y(is,)49 b(to)44 b(our)g(kno)n(wledge,)j(the)e
(only)f(IKE)f(implemen)n(ta-)2010 1765 y(tion)33 b(with)g(IPv6)e(supp)r
(ort.)51 b(There)32 b(are)g(also)f(other)h(k)n(ey-)2010
1865 y(managemen)n(t)19 b(proto)r(col)g(implemen)n(tations)g(a)n(v)-5
b(ailable,)20 b(an)2010 1964 y(example)37 b(is)g Fi(photurisd,)k
Fk(Op)r(enBSD's)c(Photuris)f(imple-)2010 2064 y(men)n(tation.)65
b(An)37 b(extensiv)n(e)f(o)n(v)n(erview)f(of)i(the)g(emplo)n(y-)2010
2164 y(men)n(t)f(of)g(cryptograph)n(y)e(in)i(Op)r(enBSD)g(ma)n(y)f(b)r
(e)i(found)2010 2263 y(in)28 b([)p Fj(?)p Fk(].)2010
2673 y Fo(7)112 b(Ac)m(kno)m(wledgmen)m(ts)2010 2966
y Fk(W)-7 b(e)23 b(w)n(ould)f(lik)n(e)h(to)f(thank)h(Matt)g(Blaze,)g
(Theo)g(de)f(Raadt,)2010 3066 y(Martin)29 b(F)-7 b(redriksson,)29
b(Markus)g(F)-7 b(riedl,)30 b(Hugh)g(Graham,)2010 3165
y(John)41 b(Ioannidis,)i(H)-10 b(\027)-52 b(ak)-5 b(an)41
b(Olsson,)i(Niels)f(Pro)n(v)n(os,)f(and)2010 3265 y(Jonathan)32
b(Smith)h(for)f(their)h(supp)r(ort,)g(commen)n(ts,)h(sug-)2010
3364 y(gestions,)24 b(and)g(w)n(ork)f(in)i(v)-5 b(arious)23
b(asp)r(ects)h(of)g(this)h(pro)5 b(ject)2010 3464 y(and)41
b(pap)r(er.)76 b(Most)41 b(of)g(the)g(dev)n(elopmen)n(t)g(of)f
Fi(isakmp)l(d)2010 3564 y Fk(w)n(as)30 b(funded)j(b)n(y)e(Ericsson)f
(Radio)h(Systems.)48 b(The)32 b(secu-)2010 3663 y(rit)n(y)h(p)r(olicy)g
(w)n(ork)g(men)n(tioned)g(in)h(this)g(pap)r(er)f(w)n(as)f(sup-)2010
3763 y(p)r(orted)j(b)n(y)g(D)n(ARP)-7 b(A)35 b(under)g(gran)n(t)f
(F39502-99-1-0512)o(-)2010 3863 y(MOD)28 b(P0001.)2010
4272 y Fo(8)112 b(Av)-6 b(ailabilit)m(y)2010 4565 y Fk(All)30
b(the)g(soft)n(w)n(are)f(describ)r(ed)g(in)h(the)g(pap)r(er)g(is)f(a)n
(v)-5 b(ailable)2010 4665 y(through)27 b(the)h(Op)r(enBSD)g(w)n(eb)f
(page)g(at:)2439 4933 y Fd(http://www.openb)o(sd)o(.o)o(rg/)2010
5201 y Fk(Op)r(enBSD)d(is)g(based)f(in)h(Calgary)-7 b(,)23
b(Canada.)35 b(All)24 b(individ-)2010 5300 y(uals)j(doing)f
(cryptograph)n(y-related)e(w)n(ork)h(do)i(so)f(outside)2010
5400 y(coun)n(tries)h(that)g(ha)n(v)n(e)g(limiting)h(la)n(ws.)p
eop
%%Page: 14 14
14 13 bop 0 83 a Fo(References)38 293 y Fb([1])43 b(R.)19
b(A)n(tkinson.)j(IP)d(Authen)n(tication)g(Header.)k(RF)n(C)c(1826,)161
384 y(August)25 b(1995.)38 510 y([2])43 b(R.)32 b(A)n(tkinson.)53
b(IP)32 b(Encapsulating)h(Securit)n(y)e(P)n(a)n(yload.)161
601 y(RF)n(C)26 b(1827,)h(August)e(1995.)38 727 y([3])43
b(M.)64 b(Blaze,)75 b(J.)65 b(F)-6 b(eigen)n(baum,)72
b(J.)64 b(Ioannidis,)74 b(and)161 818 y(A.)20 b(Kerom)n(ytis.)k(The)c
(role)h(of)f(trust)g(managemen)n(t)e(in)i(dis-)161 910
y(tributed)28 b(systems)g(securit)n(y)-6 b(.)42 b(In)28
b Fa(Se)l(cur)l(e)k(Internet)g(Pr)l(o-)161 1001 y(gr)l(amming)p
Fb(,)f(v)n(olume)e(1603)i(of)f Fa(L)l(e)l(ctur)l(e)k(Notes)e(in)f(Com-)
161 1092 y(puter)26 b(Scienc)l(e)p Fb(,)e(pages)g(185{210.)h
(Springer-V)-6 b(erlag)23 b(Inc.,)161 1184 y(New)j(Y)-6
b(ork,)25 b(NY,)g(USA,)g(1999.)38 1310 y([4])43 b(M.)32
b(Blaze,)i(J.)d(F)-6 b(eigen)n(baum,)32 b(J.)g(Ioannidis,)h(and)d(A.)h
(D.)161 1401 y(Kerom)n(ytis.)f(The)24 b(k)n(eynote)f(trust)g(managemen)
n(t)f(system)161 1492 y(v)n(ersion)k(2.)35 b(In)n(ternet)24
b(RF)n(C)i(2704,)h(Septem)n(b)r(er)d(1999.)38 1618 y([5])43
b(M.)29 b(Blaze,)i(J.)e(F)-6 b(eigen)n(baum,)29 b(and)f(J.)h(Lacy)-6
b(.)42 b(Decen)n(tral-)161 1710 y(ized)25 b(T)-6 b(rust)24
b(Managemen)n(t.)33 b(In)23 b Fa(Pr)l(o)l(c.)k(of)g(the)g(17th)g(Sym-)
161 1801 y(p)l(osium)40 b(on)h(Se)l(curity)g(and)g(Privacy)p
Fb(,)j(pages)c(164{173.)161 1892 y(IEEE)21 b(Computer)e(So)r(ciet)n(y)i
(Press,)h(Los)f(Alamitos,)h(1996.)38 2018 y([6])43 b(M.)34
b(Blaze,)k(J.)c(Ioannidis,)j(and)c(A.)h(Kerom)n(ytis.)57
b(T)-6 b(rust)161 2109 y(Managemen)n(t)38 b(and)f(Net)n(w)n(ork)g(La)n
(y)n(er)h(Securit)n(y)e(Proto-)161 2201 y(cols.)26 b(In)19
b Fa(Pr)l(o)l(c)l(e)l(e)l(dings)24 b(of)e(the)h(1999)g(Cambridge)f(Se)l
(curity)161 2292 y(Pr)l(oto)l(c)l(ols)29 b(International)g(Workshop)p
Fb(.)e(Springer,)f(1999.)38 2418 y([7])43 b(Consultation)d(Committee.)
74 b Fa(X.509:)60 b(The)40 b(Dir)l(e)l(ctory)161 2509
y(A)n(uthentic)l(ation)55 b(F)-6 b(r)l(amework)p Fb(.)117
b(In)n(ternational)53 b(T)-6 b(ele-)161 2601 y(phone)29
b(and)g(T)-6 b(elegraph,)31 b(In)n(ternational)f(T)-6
b(elecomm)n(uni-)161 2692 y(cations)27 b(Union,)e(Genev)l(a,)h(1989.)38
2818 y([8])43 b(T.)37 b(de)g(Raadt,)i(N.)d(Hallqvist,)k(A.)d(Grab)r(o)n
(wski,)k(A.)36 b(D.)161 2909 y(Kerom)n(ytis,)62 b(and)55
b(N.)g(Pro)n(v)n(os.)123 b(Cryptograph)n(y)55 b(in)161
3001 y(Op)r(enBSD:)42 b(An)g(Ov)n(erview.)84 b(In)42
b Fa(Pr)l(o)l(c.)i(of)e(the)i(1999)161 3092 y(USENIX)52
b(A)n(nnual)h(T)-6 b(e)l(chnic)l(al)53 b(Confer)l(enc)l(e,)60
b(F)-6 b(r)l(e)l(enix)161 3183 y(T)g(r)l(ack)p Fb(,)27
b(pages)g(93)f({)g(101,)h(June)f(1999.)38 3309 y([9])43
b(W.)36 b(Di\016e)g(and)f(M.E.)i(Hellman.)64 b(New)36
b(Directions)h(in)161 3401 y(Cryptograph)n(y)-6 b(.)35
b Fa(IEEE)28 b(T)-6 b(r)l(ansactions)30 b(on)e(Information)161
3492 y(The)l(ory)p Fb(,)f(IT{22\(6\):644{654,)k(No)n(v)25
b(1976.)0 3618 y([10])43 b(D.)24 b(Eastlak)n(e)i(and)e(C.)h(Kaufman.)32
b(Dynamic)23 b(Name)h(Ser-)161 3709 y(vice)40 b(and)g(Securit)n(y)-6
b(.)78 b(In)n(ternet)39 b(RF)n(C)h(2065,)46 b(Jan)n(uary)161
3800 y(1997.)0 3926 y([11])d(D.)36 b(Harkins)f(and)h(D.)g(Carrel.)66
b(The)36 b(in)n(ternet)g(k)n(ey)f(ex-)161 4018 y(c)n(hange)f(\(IKE\).)
58 b(Request)32 b(for)j(Commen)n(ts)d(\(Prop)r(osed)161
4109 y(Standard\))f(2409,)k(In)n(ternet)c(Engineering)h(T)-6
b(ask)32 b(F)-6 b(orce,)161 4200 y(No)n(v)n(em)n(b)r(er)24
b(1998.)0 4326 y([12])43 b(John)28 b(Ioannidis)h(and)f(Matt)h(Blaze.)44
b(The)29 b(Arc)n(hitecture)161 4418 y(and)18 b(Implemen)n(tation)e(of)j
(Net)n(w)n(ork-La)n(y)n(er)f(Securit)n(y)f(Un-)161 4509
y(der)35 b(Unix.)64 b(In)35 b Fa(F)-6 b(ourth)38 b(Usenix)f(Se)l
(curity)i(Symp)l(osium)161 4600 y(Pr)l(o)l(c)l(e)l(e)l(dings)p
Fb(.)28 b(USENIX,)d(Octob)r(er)g(1993.)0 4726 y([13])43
b(P)-6 b(.)34 b(Karn)g(and)g(W.)g(Simpson.)59 b(Photuris:)52
b(Session-k)n(ey)161 4817 y(managemen)n(t)20 b(proto)r(col.)29
b(Request)20 b(for)j(Commen)n(ts)d(\(Ex-)161 4909 y(p)r(erimen)n(tal\))
h(2522,)j(In)n(ternet)d(Engineering)h(T)-6 b(ask)22 b(F)-6
b(orce,)161 5000 y(Marc)n(h)26 b(1999.)0 5126 y([14])43
b(S.)25 b(Ken)n(t)f(and)h(R.)f(A)n(tkinson.)33 b(Securit)n(y)24
b(arc)n(hitecture)h(for)161 5217 y(the)d(in)n(ternet)g(proto)r(col.)30
b(Request)22 b(for)h(Commen)n(ts)e(\(Pro-)161 5309 y(p)r(osed)34
b(Standard\))f(2401,)38 b(In)n(ternet)33 b(Engineering)i(T)-6
b(ask)161 5400 y(F)g(orce,)26 b(No)n(v)n(em)n(b)r(er)e(1998.)2010
83 y([15])43 b(A.)35 b(D.)g(Kerom)n(ytis,)j(J.)e(Ioannidis,)i(and)d(J.)
h(M.)g(Smith.)2171 174 y(Implemen)n(ting)16 b(IPsec.)23
b(In)18 b Fa(Pr)l(o)l(c)l(e)l(e)l(dings)23 b(of)e(Glob)l(al)g(Inter-)
2171 266 y(net)28 b(\(Glob)l(eCom\))g('97)p Fb(,)e(pages)g(1948)g({)g
(1952,)h(No)n(v)n(em)n(b)r(er)2171 357 y(1997.)2010 482
y([16])43 b(D.)18 b(McDonald,)j(C.)e(Metz,)i(and)d(B.)h(Phan.)k(PF)p
3525 482 24 4 v 28 w(KEY)18 b(Key)2171 573 y(Managemen)n(t)38
b(API,)f(V)-6 b(ersion)38 b(2.)70 b(Request)37 b(for)i(Com-)2171
664 y(men)n(ts)34 b(\(Informational\))h(2367,)k(In)n(ternet)34
b(Engineering)2171 756 y(T)-6 b(ask)26 b(F)-6 b(orce,)26
b(July)g(1998.)2010 880 y([17])43 b(W.)26 b(A.)h(Simpson.)35
b(IKE/ISAKMP)25 b(Considered)i(Harm-)2171 971 y(ful.)35
b Fa(USENIX)27 b(;lo)l(gin:)p Fb(,)e(Decem)n(b)r(er)f(1999.)p
eop
%%Trailer
end
userdict /end-hook known{end-hook}if
%%EOF