[Search] [txt|pdf|bibtex] [Tracker] [Email] [Nits]

Versions: 00 01                                                         
Network Working Group                           W A Simpson [DayDreamer]
Internet Draft
expires in six months                                           May 1998


                       Photuris: Secret Exchange
                  draft-simpson-photuris-secret-00.txt


Status of this Memo

   This document is an Internet-Draft.  Internet Drafts are working doc-
   uments of the Internet Engineering Task Force (IETF), its Areas, and
   its Working Groups.  Note that other groups may also distribute work-
   ing documents as Internet Drafts.

   Internet Drafts are draft documents valid for a maximum of six
   months, and may be updated, replaced, or obsoleted by other documents
   at any time.  It is not appropriate to use Internet Drafts as refer-
   ence material, or to cite them other than as a ``working draft'' or
   ``work in progress.''

   To learn the current status of any Internet-Draft, please check the
   ``1id-abstracts.txt'' listing contained in the internet-drafts Shadow
   Directories on:

      ftp.is.co.za (Africa)
      nic.nordu.net (Northern Europe)
      ftp.nis.garr.it (Southern Europe)
      ftp.ietf.org (Eastern USA)
      ftp.isi.edu (Western USA)
      munnari.oz.au (Pacific Rim)

   Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) William Allen Simpson (1995,1998).  All Rights
   Reserved.

Abstract

   Photuris is a session-key management protocol.  Extensible Messages
   are provided to enable future implementation changes without affect-
   ing the basic protocol.

   The Secret Exchange messages provide the capability to create
   ephemeral symmetric secrets between parties.



Simpson                   expires in six months                 [Page i]


DRAFT                        Secret Exchange                    May 1998


1.  Introduction

   In addition to establishing session-keys, Photuris is easily capable
   of generating high quality unpredictable secrets.  This facility can
   be useful to augment or expand lower quality user passwords, and to
   substitute for computationally expensive public-key operations.

   The packet format and basic facilities are already defined for Pho-
   turis [RFC-zzzz].


1.1.  Terminology

   In this document, the key words "MAY", "MUST, "MUST NOT", "optional",
   "recommended", "SHOULD", and "SHOULD NOT", are to be interpreted as
   described in [RFC-2119].

   nonce            A value that is not used more than once for the same
                    purpose.  The value is recommended to be generated
                    by a cryptographically random method, which may be
                    concatenated with a timestamp or sequence number.

   Party Secret Index (PSI)
                    A number that indicates a particular symmetric
                    secret.  The number is unique relative to the IP
                    Destination, which is the PSI Owner.  The value is
                    recommended to be generated by a cryptographically
                    random method.

                    The use of this value is orthogonal to usage of sim-
                    ilar values by other related security protocols,
                    such as the Security-Parameters-Index (SPI).  That
                    is, the same value MAY be used by multiple protocols
                    to concurrently indicate different Security Associa-
                    tion parameters.
















Simpson                   expires in six months                 [Page 1]


DRAFT                        Secret Exchange                    May 1998


2.  Secret Exchange

   The Secret Exchange will occur following the usual Value Exchange:

   Initiator                            Responder
   =========                            =========
   Cookie_Request                 ->
                                   <-   Cookie_Response
   Value_Request                  ->
                                   <-   Value_Response

             [generate shared-secret from exchanged values]

   Frequently, the Secret Exchange will occur before the Identification
   Exchange:

   Initiator                            Responder
   =========                            =========
   Secret_Request                 ->
                                   <-   Secret_Response

               [make PSI secret-keys in each direction]

   Identity_Request               ->
                                   <-   Identity_Response

               [make SPI session-keys in each direction]

   Alternatively, the Secret Exchange can occur in the middle of the
   Identification Exchange:

   Initiator                            Responder
   =========                            =========
   Identity_Request               ->
                                   <-   Secret_Request
   Secret_Response                ->

               [make PSI secret-keys in each direction]

                                   <-   Identity_Response

               [make SPI session-keys in each direction]

   Finally, the Secret Exchange can occur at both times.

   The exchange of messages is ordered, although the formats and mean-
   ings of the messages are identical in each direction.  The messages
   are easily distinguished by the parties themselves, by examining the



Simpson                   expires in six months                 [Page 2]


DRAFT                        Secret Exchange                    May 1998


   Message and Identification fields.


2.1.  Secret_Request

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   ~                       Initiator-Cookie                        ~
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   ~                       Responder-Cookie                        ~
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Message    |                    LifeTime                   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      Party-Secret-Index                       |
   +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
   |        Identity-Choice        |                               |
   + + + + + + + + + + + + + + + + +                               +
   |                                                               |
   ~                        Identification                         ~
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                             ... Padding                           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Initiator-Cookie 16 bytes.  Copied from the Value_Request.

   Responder-Cookie 16 bytes.  Copied from the Value_Request.

   Message          6

   LifeTime         3 bytes.  The number of seconds remaining before the
                    indicated PSI expires.

                    When zero, indicates that the PSI is used for only
                    this Identification Exchange.

   Party-Secret-Index (PSI)
                    4 bytes.  The PSI to be used for this party in the
                    Identification Exchange.  The value MUST NOT be
                    zero.

   Identity-Choice  2 or more bytes.  An identity attribute is selected
                    from the list of Offered-Attributes sent by the
                    peer.



Simpson                   expires in six months                 [Page 3]


DRAFT                        Secret Exchange                    May 1998


                    The field may be any integral number of bytes in
                    length, as indicated by its Length field.  It does
                    not require any particular alignment.  The 16-bit
                    alignment shown is for convenience in the illustra-
                    tion.

   Identification   Variable Precision Integer, or alternative format
                    indicated by the Identity-Choice.  See the "Addi-
                    tional Attributes" for details.

                    The field may be any integral number of bytes in
                    length.  It does not require any particular align-
                    ment.  The 32-bit alignment shown is for convenience
                    in the illustration.

   Padding          8 to 255 bytes.  This field is filled up to at least
                    a 128 byte boundary, measured from the beginning of
                    the message.  The number of pad bytes are chosen
                    randomly.

                    In addition, when a Privacy-Method indicated by the
                    current Scheme-Choice requires the plaintext to be a
                    multiple of some number of bytes (the block size of
                    a block cipher), this field is adjusted as necessary
                    to the size required by the algorithm.

                    Self-Describing-Padding begins with the value 1.
                    Each byte contains the index of that byte.  Thus,
                    the final pad byte indicates the number of pad bytes
                    to remove.  For example, when the unpadded message
                    length is 120 bytes, the padding values might be 1,
                    2, 3, 4, 5, 6, 7, and 8.

   The portion of the message after the PSI field is masked using the
   Privacy-Method indicated by the current Scheme-Choice.

   The fields following the PSI are opaque.  That is, the values are set
   prior to masking (and optional encryption), and examined only after
   unmasking (and optional decryption).












Simpson                   expires in six months                 [Page 4]


DRAFT                        Secret Exchange                    May 1998


2.2.  Secret_Response

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   ~                       Initiator-Cookie                        ~
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   ~                       Responder-Cookie                        ~
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Message    |                    LifeTime                   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      Party-Secret-Index                       |
   +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
   |        Identity-Choice        |                               |
   + + + + + + + + + + + + + + + + +                               +
   |                                                               |
   ~                         Secret-Value                          ~
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   ~                         Verification                          ~
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |       (Identity-Choice)       |                               |
   + + + + + + + + + + + + + + + + +                               +
   |                                                               |
   ~                       (Identification)                        ~
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                             ... Padding                           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Initiator-Cookie 16 bytes.  Copied from the Secret_Request.

   Responder-Cookie 16 bytes.  Copied from the Secret_Request.

   Message          5

   LifeTime         3 bytes.  The number of seconds remaining before the
                    indicated PSI expires.

                    When zero, indicates that the PSI is used for only
                    this Identification Exchange.





Simpson                   expires in six months                 [Page 5]


DRAFT                        Secret Exchange                    May 1998


   Party-Secret-Index (PSI)
                    4 bytes.  The PSI to be used for this party in the
                    Identification Exchange.  The value MUST NOT be
                    zero.  Also, the value MUST NOT equal the PSI from
                    the Secret_Request.

   Identity-Choice  2 or more bytes.  A symmetric identity attribute is
                    selected from the list of Offered-Attributes sent by
                    the peer, and is used to calculate the Verification.

                    The field may be any integral number of bytes in
                    length, as indicated by its Length field.  It does
                    not require any particular alignment.  The 16-bit
                    alignment shown is for convenience in the illustra-
                    tion.

   Secret-Value     Variable Precision Integer, or alternative format
                    indicated by the Secret_Request Identity-Choice.
                    Used for calculating a pair of symmetric secret-keys
                    between the parties.

                    The field may be any integral number of bytes in
                    length, as indicated by its Size field.  It does not
                    require any particular alignment.  The 32-bit align-
                    ment shown is for convenience in the illustration.

   Verification     Variable Precision Integer, or alternative format
                    indicated by the Identity-Choice.  The calculation
                    of the value is described in "Secret Verification".

                    The field may be any integral number of bytes in
                    length.  It does not require any particular align-
                    ment.  The 32-bit alignment shown is for convenience
                    in the illustration.

   (Identity-Choice)
                    2 or more bytes.  An identity attribute is selected
                    from the list of Offered-Attributes sent by the
                    peer.

                    This field is optional.  Its presence is indicated
                    by the UDP Length after removing the Padding (UDP
                    Length - last Padding value).

                    The field may be any integral number of bytes in
                    length, as indicated by its Length field.  It does
                    not require any particular alignment.  The 16-bit
                    alignment shown is for convenience in the



Simpson                   expires in six months                 [Page 6]


DRAFT                        Secret Exchange                    May 1998


                    illustration.

   (Identification) Variable Precision Integer, or alternative format
                    indicated by the Identity-Choice.  See the "Addi-
                    tional Attributes" for details.

                    This field is optional.  Its presence is indicated
                    by the UDP Length after removing the Padding (UDP
                    Length - last Padding value).

                    The field may be any integral number of bytes in
                    length.  It does not require any particular align-
                    ment.  The 32-bit alignment shown is for convenience
                    in the illustration.

   Padding          8 to 255 bytes.  This field is filled up to at least
                    a 128 byte boundary, measured from the beginning of
                    the message.  The number of pad bytes are chosen
                    randomly.

                    In addition, when a Privacy-Method indicated by the
                    current Scheme-Choice requires the plaintext to be a
                    multiple of some number of bytes (the block size of
                    a block cipher), this field is adjusted as necessary
                    to the size required by the algorithm.

                    Self-Describing-Padding begins with the value 1.
                    Each byte contains the index of that byte.  Thus,
                    the final pad byte indicates the number of pad bytes
                    to remove.  For example, when the unpadded message
                    length is 120 bytes, the padding values might be 1,
                    2, 3, 4, 5, 6, 7, and 8.

   The portion of the message after the PSI field is masked using the
   Privacy-Method indicated by the current Scheme-Choice.

   The fields following the PSI are opaque.  That is, the values are set
   prior to masking (and optional encryption), and examined only after
   unmasking (and optional decryption).


2.3.  Secret-Nonce

   A secret-nonce is derived as indicated by the Identity-Choice speci-
   fied in the Secret_Request.

   Asymmetric Identity Attributes
      The Secret-Value contains the secret-nonce encoded by the public-



Simpson                   expires in six months                 [Page 7]


DRAFT                        Secret Exchange                    May 1998


      key.

   Symmetric Identity Attributes
      The Value part of the Secret-Value is concatenated to (followed
      by) the existing symmetric secret-key.

   Regardless of the internal representation of the secret-nonce, when
   used in calculations it is in the same form as the Value part of a
   Variable Precision Integer:

    - most significant byte first.
    - bits used are right justified within byte boundaries.
    - any unused bits are in the most significant byte.
    - unused bits are zero filled.

   The secret-nonce does not include a Size field.


2.4.  Secret-Key Computation

   Each pair of PSI values is used to generate a corresponding pair of
   symmetric secret-keys (one for each party).

   The Scheme-Choice specified Key-Generation-Function is calculated
   over the following concatenated values:

    + the Initiator Cookie,
    + the Responder Cookie,
    + the Owner Message, LifeTime and PSI,
    + the secret-nonce,
    + the Peer Message, LifeTime and PSI,
    + the computed shared-secret.

   Since the order of the Owner and Peer fields is different in each
   direction, the resulting secret-key will usually be different in each
   direction.

   Following verification, the pair of PSI values also identifies the
   secret-keys.  The primary (Requester) identity is the Secret_Request
   PSI value concatenated to (followed by) the Verification value.  The
   secondary (Peer) identity is the Secret_Request PSI value, concate-
   nated to (followed by) the Secret_Response PSI value, concatenated to
   (followed by) the Verification value.  These identities can be used
   with a Symmetric Identity Attribute in any subsequent Identification
   message.  The Secret_Request LifeTime is used as the LifeTime for
   both secret-keys.





Simpson                   expires in six months                 [Page 8]


DRAFT                        Secret Exchange                    May 1998


   Implementation Notes:

      The exact details of the secret-nonce and Secret-Value field that
      are included in the secret-key calculation are dependent on the
      Secret_Request Identity-Choice and Identification.

      The Secret Exchange ultimately depends upon the Identification
      Exchange for verification.  When verification fails, the PSI
      secret-keys MUST be discarded.


2.5.  Secret Verification

   The Secret_Response is authenticated using the Identity-Choice.  The
   Verification value is calculated prior to masking (and optional
   encryption), and verified after unmasking (and optional decryption).

   The Identity-Choice authentication function is supplied with two
   input values:

    - the secondary PSI secret-key,
    - the data to be verified (as a concatenated sequence of bytes).

   The resulting output value is stored in the Verification field.

   The Identity-Choice verification data consists of the following con-
   catenated values:

    + the Initiator Cookie,
    + the Responder Cookie,
    + the Secret_Request Message, LifeTime and PSI fields,
    + the Secret_Request Identity-Choice and Identification,
    + the Secret_Response Message, LifeTime and PSI fields,
    + the Secret_Response Identity-Choice and Secret-Value,
    + the Secret_Response Identity-Choice and Identification (optional),
    + the Padding.

   Note that the order of the Message, LifeTime and PSI fields are dif-
   ferent in each direction.

   If the verification fails, the users are notified, and a Verifica-
   tion_Failure message is sent, without adding any PSIs.  On success,
   normal operation begins with the remainder of the Identification
   Exchange.







Simpson                   expires in six months                 [Page 9]


DRAFT                        Secret Exchange                    May 1998


   Implementation Notes:

      The exact details of the Identifications and secret-nonce included
      in the Verification calculation are dependent on the corresponding
      Identity-Choices.

      Failure to find an Identification in either an internal or exter-
      nal database results in the same Verification_Failure message as
      failure of the verification computation.

      The Secret-Value data includes both the Size and Value fields.


2.6.  Optional Identification

   When the optional Identity-Choice and Identification fields are
   included in the Secret_Response, the next Identification message is
   modified.  The Identity-Choice and Identification fields are replaced
   by Identity-Choice and Secret-Value fields in the same manner as the
   Secret_Response format.

   The SPI value is used as a PSI value to generate two additional PSI
   secret-keys, yielding a total of four PSI secret-keys.  The secondary
   PSI secret-key is used to calculate the sender (SPI Owner) verifica-
   tion-key, and is used directly as the generation-key.

   Following verification, the pair of PSI and SPI values also identi-
   fies the secret-keys.  The primary (Responder) identity is the
   Secret_Response PSI value concatenated to (followed by) the Verifica-
   tion value.  The secondary (Peer) identity is the Secret_Response PSI
   value, concatenated to (followed by) the SPI value, concatenated to
   (followed by) the Verification value.  These identities can be used
   with a Symmetric Identity Attribute in any subsequent Identification
   message.  The Secret_Response LifeTime is used as the LifeTime for
   both additional secret-keys.

   Implementation Notes:

      The exact details of the secret-nonce and Secret-Value field that
      are included in the secret-key calculation are dependent on the
      Secret_Response optional Identity-Choice and Identification.

      The Secret-Value data includes both the Size and Value fields.








Simpson                   expires in six months                [Page 10]


DRAFT                        Secret Exchange                    May 1998


3.  Additional Attributes

   The attribute format and basic facilities are already defined for
   Photuris [RFC-zzzz].

   These optional attributes are specified separately, and no single
   implementation is expected to support all of them.

   This document defines the following values:

     Use    Type
      I      27  DNS-Key
      I      28  PGP

      I     Identity-Choice


3.1.  DNS-Key

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |   Algorithm   |     Power     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type             27

   Length           2

   Algorithm        An algorithm supported.  See [RFC-2065] for details.
                    Examples include:

                       1  RSA with MD5 (support optional).
                       3  DSA with SHA1 (support required).


   Power            The maximum public/private-key bits supported,
                    expressed as a power of two.  As a minimum, it is
                    required that all implementations of this attribute
                    support value 10 (1024-bit keys).

   When more than one version is supported, multiple attributes are
   listed in the Offered-Attributes.

   Asymmetric Identification

      When selected as an Identity-Choice, the immediately following
      Identification field consists of the binary form of the DNS-Key
      Resource Record.  The domain name is fully expanded (no name



Simpson                   expires in six months                [Page 11]


DRAFT                        Secret Exchange                    May 1998


      compression via pointers).

      No DNS-Signature Resource Records are included with the Identifi-
      cation.  Valid Identifications and corresponding signature cer-
      tificates are preconfigured by the parties, or maintained in
      external databases.

      The Identification is not contained within a Variable Precision
      Integer (VPI).  The Key RR elements are parsed by the implementa-
      tion to determine the end of the Identification field.

      This attribute is never used for [RFC-zzzz] "Identity Verifica-
      tion" or "Validity Verification".  Instead, a Secret Exchange
      occurs to associate a pair of symmetric secrets with the Identifi-
      cation.

      The Secret-Value consists of a public-key encrypted secret-nonce
      of the form determined by the DNS-Key algorithm.  The size of the
      secret-nonce is determined by the size of the public-key.  The
      result is contained within a Variable Precision Integer (VPI).


3.2.  PGP Identification

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |    Version    |     Power     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   Type             28

   Length           2

   Algorithm        An algorithm supported.  See [RFC-1991] for details.
                    Examples include:

                       3  PGP 2.6.x
                          RSA with MD5 (support optional).
                       4  PGP 5.0.x
                          DSA with SHA1 (support required).


   Power            The maximum public/private-key bits supported,
                    expressed as a power of two.  As a minimum, it is
                    required that all implementations of this attribute
                    support value 10 (1024-bit keys).





Simpson                   expires in six months                [Page 12]


DRAFT                        Secret Exchange                    May 1998


   When more than one version is supported, multiple attributes are
   listed in the Offered-Attributes.

   Asymmetric Identification

      When selected as an Identity-Choice, the immediately following
      Identification field consists of a PGP public-key element, fol-
      lowed by one or more PGP user identity elements.

      No PGP Signature elements are included in the Identification.
      Valid Identifications and corresponding signature certificates are
      preconfigured by the parties, or maintained in external databases.

      The Identification is not contained within a Variable Precision
      Integer (VPI).  The PGP elements are parsed by the implementation
      to determine the end of the Identification field.

      This attribute is never used for [RFC-zzzz] "Identity Verifica-
      tion" or "Validity Verification".  Instead, a Secret Exchange
      occurs to associate a pair of symmetric secrets with the Identifi-
      cation.

      The Secret-Value consists of a public-key encrypted secret-nonce
      in the form of a PGP Public-Key-Encrypted element.  The size of
      the secret-nonce is determined by the size of the public-key.

      The Secret-Value is not contained within a Variable Precision
      Integer (VPI).  The PGP elements are parsed by the implementation
      to determine the end of the Secret-Value field.

      Nota Bene:

         The PGP Multi-Precision Integer (MPI) is very similar to the
         Variable Precision Integer (VPI).  However, the Size field is
         not extensible, and PGP library functions truncate leading sig-
         nificant zeroes.















Simpson                   expires in six months                [Page 13]


DRAFT                        Secret Exchange                    May 1998


Security Considerations



Acknowledgements

   William Simpson was responsible for the packet formats, additional
   message types, editing and formatting.  All such mistakes are his
   responsibity.

   Hilarie Orman suggested adding secret "nonces" to session-key genera-
   tion for asymmetric public/private-key identity methods.


References

   [RFC-zzzz]  Karn, P., and Simpson, W., "Photuris: Session Key Manage-
               ment Protocol", draft-simpson-photuris-18.txt, work in
               progress.



Contacts

   Comments about this document should be discussed on the pho-
   turis@adk.gr mailing list.

   Questions about this document can also be directed to:

      William Allen Simpson
      DayDreamer
      Computer Systems Consulting Services
      1384 Fontaine
      Madison Heights, Michigan  48071

          wsimpson@UMich.edu
          wsimpson@GreenDragon.com (preferred)














Simpson                   expires in six months                [Page 14]


DRAFT                        Secret Exchange                    May 1998


Full Copyright Statement

   Copyright (C) William Allen Simpson (1995,1998).  All Rights
   Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this doc-
   ument itself may not be modified in any way, except as required to
   translate it into languages other than English.

   This document and the information contained herein is provided on an
   "AS IS" basis and the author(s) DISCLAIM ALL WARRANTIES, EXPRESS OR
   IMPLIED, INCLUDING (BUT NOT LIMITED TO) ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
































Simpson                   expires in six months                [Page 15]