One document matched: draft-oiwa-http-mutualauth-03.ps
%!PS-Adobe-3.0
%%Title: Mutual Authentication Protocol for HTTP
%%Creator: html2ps version 1.0 beta5
%%CreationDate: Mon Aug 11 17:38:25 2008
%%DocumentNeededResources: font Times-Roman Times-Bold Courier Courier-Oblique
%%+ font Helvetica
%%DocumentData: Clean7Bit
%%Orientation: Portrait
%%BoundingBox: 0 0 596 842
%%Pages: 25
%%EndComments
%%BeginProlog
/d {bind def} bind def
/D {def} d
/ie {ifelse} d
/E {exch} d
/t true D
/f false D
/FL [/Times-Roman
/Times-Italic
/Times-Bold
/Times-BoldItalic
/Courier
/Courier-Oblique
/Courier-Bold
/Courier-BoldOblique
/Helvetica
/Helvetica-Oblique
/Helvetica-Bold
/Helvetica-BoldOblique] D
/Cd {aload length 2 idiv dup dict begin {D} repeat currentdict end} D
/reencodeISO {
dup dup findfont dup length dict begin{1 index /FID ne{D}{pop pop}ie}forall
/Encoding ISOLatin1Encoding D currentdict end definefont} D
/ISOLatin1Encoding [
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/space/exclam/quotedbl/numbersign/dollar/percent/ampersand/quoteright
/parenleft/parenright/asterisk/plus/comma/hyphen/period/slash
/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon
/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N
/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright
/asciicircum/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m
/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright/asciitilde
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/space/exclamdown/cent/sterling/currency/yen/brokenbar
/section/dieresis/copyright/ordfeminine/guillemotleft/logicalnot
/hyphen/registered/macron/degree/plusminus/twosuperior/threesuperior
/acute/mu/paragraph/periodcentered/cedilla/onesuperior/ordmasculine
/guillemotright/onequarter/onehalf/threequarters/questiondown
/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE/Ccedilla
/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex
/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis
/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute
/Thorn/germandbls/agrave/aacute/acircumflex/atilde/adieresis
/aring/ae/ccedilla/egrave/eacute/ecircumflex/edieresis/igrave
/iacute/icircumflex/idieresis/eth/ntilde/ograve/oacute/ocircumflex
/otilde/odieresis/divide/oslash/ugrave/uacute/ucircumflex/udieresis
/yacute/thorn/ydieresis
] D
[128/backslash 129/parenleft 130/parenright 141/circumflex 142/tilde
143/perthousand 144/dagger 145/daggerdbl 146/Ydieresis 147/scaron 148/Scaron
149/oe 150/OE 151/guilsinglleft 152/guilsinglright 153/quotesinglbase
154/quotedblbase 155/quotedblleft 156/quotedblright 157/endash 158/emdash
159/trademark]
aload length 2 idiv 1 1 3 -1 roll{pop ISOLatin1Encoding 3 1 roll put}for
/colorimage where{pop}{
/colorimage {
pop pop /Pr E D {/Cv Pr D /Gr Cv length 3 idiv string D 0 1 Gr length 1 sub
{Gr E dup /i E 3 mul D Cv i get 0.299 mul Cv i 1 add get 0.587 mul add
Cv i 2 add get 0.114 mul add cvi put}for Gr} image} D
}ie
/pdfmark where{pop}{userdict /pdfmark /cleartomark load put}ie
/MySymbol 10 dict dup begin
/FontType 3 D /FontMatrix [.001 0 0 .001 0 0 ] D /FontBBox [25 -10 600 600] D
/Encoding 256 array D 0 1 255{Encoding exch /.notdef put}for
Encoding (e) 0 get /euro put
/Metrics 2 dict D Metrics begin
/.notdef 0 D
/euro 651 D
end
/BBox 2 dict D BBox begin
/.notdef [0 0 0 0] D
/euro [25 -10 600 600] D
end
/CharacterDefs 2 dict D CharacterDefs begin
/.notdef {} D
/euro{newpath 114 600 moveto 631 600 lineto 464 200 lineto 573 200 lineto
573 0 lineto -94 0 lineto 31 300 lineto -10 300 lineto closepath clip
50 setlinewidth newpath 656 300 moveto 381 300 275 0 360 arc stroke
-19 350 moveto 600 0 rlineto -19 250 moveto 600 0 rlineto stroke}d
end
/BuildChar{0 begin
/char E D /fontdict E D /charname fontdict /Encoding get char get D
fontdict begin
Metrics charname get 0 BBox charname get aload pop setcachedevice
CharacterDefs charname get exec
end
end}D
/BuildChar load 0 3 dict put /UniqueID 1 D
end
definefont pop
/Nf {dup 0 ge{FL E get}{-1 eq{/Symbol}{/MySymbol}ie}ie findfont
E scalefont setfont} D
/IP {currentfile picstr readhexstring pop} D
/WF t D
/F 1 D
/N {showpage} d
/RL {rlineto} d
/S {show} d
/L {lineto} d
/M {moveto} d
/A {awidthshow} d
/RM {rmoveto} d
%%EndProlog
%%BeginSetup
%%PaperSize: A4
WF{FL{reencodeISO D}forall}{4 1 FL length 1 sub{FL E get reencodeISO D}for}ie
/Symbol dup dup findfont dup length dict begin
{1 index /FID ne{D}{pop pop}ie}forall /Encoding [Encoding aload pop]
dup 128 /therefore put D currentdict end definefont D
[/Creator (html2ps version 1.0 beta5) /Author () /Keywords (HTTP, authentication) /Subject () /Title (Mutual Authentication Protocol for HTTP) /DOCINFO pdfmark
[/PageMode /UseOutlines /DOCVIEW pdfmark
[/Count 1 /Dest /106 /Title (Mutual Authentication Protocol for HTTP draft-oiwa-http-mutualauth-03) /OUT pdfmark
[/Count 50 /Dest /107 /Title () /OUT pdfmark
[/Dest /107 /Title (Status of this Memo) /OUT pdfmark
[/Dest /108 /Title (Copyright Notice) /OUT pdfmark
[/Dest /109 /Title (Abstract) /OUT pdfmark
[/Dest /110 /Title (Table of Contents) /OUT pdfmark
[/Dest /111 /Title (1. Introduction) /OUT pdfmark
[/Dest /112 /Title (1.1. Requirements Language) /OUT pdfmark
[/Dest /113 /Title (2. Protocol Overview) /OUT pdfmark
[/Dest /114 /Title (3. Message Syntax) /OUT pdfmark
[/Dest /115 /Title (3.1. Tokens and Extensive-tokens) /OUT pdfmark
[/Dest /116 /Title (3.2. Numbers) /OUT pdfmark
[/Dest /117 /Title (3.3. Strings) /OUT pdfmark
[/Dest /118 /Title (4. Messages) /OUT pdfmark
[/Dest /119 /Title (4.1. 401-B0) /OUT pdfmark
[/Dest /120 /Title (4.2. 401-B0-stale) /OUT pdfmark
[/Dest /121 /Title (4.3. req-A1) /OUT pdfmark
[/Dest /122 /Title (4.4. 401-B1) /OUT pdfmark
[/Dest /123 /Title (4.5. req-A3) /OUT pdfmark
[/Dest /124 /Title (4.6. 200-B4) /OUT pdfmark
[/Dest /125 /Title (5. Decision procedure for the client) /OUT pdfmark
[/Dest /126 /Title (6. Decision procedure for the server) /OUT pdfmark
[/Dest /127 /Title (7. Authentication Algorithms) /OUT pdfmark
[/Dest /128 /Title (7.1. Common functions) /OUT pdfmark
[/Dest /129 /Title (7.2. Functions for discrete-logarithm settings) /OUT pdfmark
[/Dest /130 /Title (7.3. Functions for elliptic-curve settings) /OUT pdfmark
[/Dest /131 /Title (8. Authentication Realms) /OUT pdfmark
[/Dest /132 /Title (8.1. Resolving ambiguities) /OUT pdfmark
[/Dest /133 /Title (9. Validation Methods) /OUT pdfmark
[/Dest /134 /Title (10. Session Management) /OUT pdfmark
[/Dest /135 /Title (11. Extension 1: Optional Mutual Authentication) /OUT pdfmark
[/Dest /136 /Title (12. Methods to extend this protocol) /OUT pdfmark
[/Dest /137 /Title (13. IANA Considerations) /OUT pdfmark
[/Dest /138 /Title (14. Security Considerations) /OUT pdfmark
[/Dest /139 /Title (14.1. General Assumptions) /OUT pdfmark
[/Dest /140 /Title (14.2. Implementation Considerations) /OUT pdfmark
[/Dest /141 /Title (14.3. Usage Considerations) /OUT pdfmark
[/Dest /142 /Title (15. Notice on intellectual properties) /OUT pdfmark
[/Dest /143 /Title (16. Acknowledgement) /OUT pdfmark
[/Dest /144 /Title (17. References) /OUT pdfmark
[/Dest /145 /Title (17.1. Normative References) /OUT pdfmark
[/Dest /146 /Title (17.2. Informative References) /OUT pdfmark
[/Dest /147 /Title (Appendix A. Group parameters for discrete-logarithm based algorithms) /OUT pdfmark
[/Dest /148 /Title (Appendix B. Derived numerical values) /OUT pdfmark
[/Dest /149 /Title (Appendix C. Draft Remarks from the Authors) /OUT pdfmark
[/Dest /150 /Title (Appendix D. Draft Change Log) /OUT pdfmark
[/Dest /151 /Title (D.1. Changes in revision 03) /OUT pdfmark
[/Dest /152 /Title (D.2. Changes in revision 02) /OUT pdfmark
[/Dest /153 /Title (Authors' Addresses) /OUT pdfmark
[/Dest /154 /Title (Full Copyright Statement) /OUT pdfmark
[/Dest /155 /Title (Intellectual Property) /OUT pdfmark
[/Dest /156 /Title (Acknowledgment) /OUT pdfmark
%%EndSetup
%%Page: 1 1
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 0 M
[/View [/XYZ -4 842 null] /Dest /0 /DEST pdfmark
0 -0 M
save
2.5 -13.5 M
%%IncludeResource: font Times-Roman
11 0 Nf
(Internet Engineering Task ) S
(Force) S
199 -13.5 M
(Y. ) S
(Oiwa) S
2.5 -32.2 M
(Internet-Draft) S
199 -32.2 M
(H. ) S
(Watanabe) S
2.5 -51 M
(Intended status: Standards ) S
(Track) S
199 -51 M
(H. ) S
(Takagi) S
2.5 -69.8 M
(Expires: February 12, ) S
(2009) S
199 -69.8 M
(RCIS, ) S
(AIST) S
2.5 -88.5 M
(\240) S
199 -88.5 M
(H. ) S
(Suzuki) S
2.5 -107.2 M
(\240) S
199 -107.2 M
(Yahoo! ) S
(Japan) S
2.5 -126 M
(\240) S
199 -126 M
(August 11, ) S
(2008) S
0 -131.2 M
restore
227 -146.4 M
[/View [/XYZ -4 842 null] /Dest /106 /DEST pdfmark
54.5 -165.4 M
%%IncludeResource: font Times-Bold
19 2 Nf
(Mutual Authentication Protocol for ) S
(HTTP) S
100.9 -188.2 M
(draft-oiwa-http-mutualauth-03) S
0 -218.2 M
15 2 Nf
(Status) S
[/View [/XYZ -4 556.753906 null] /Dest /107 /DEST pdfmark
( of this ) S
(Memo) S
0 -242.4 M
11 0 Nf
0.0770089254 0 32 0 0 (By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims) A
0 -255.6 M
0.182291672 0 32 0 0 (of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware) A
0 -268.8 M
(will be disclosed, in accordance with Section\2406 of ) S
(BCP\24079.) S
0 -293 M
0.0139508927 0 32 0 0 (Internet-Drafts are working documents of the Internet Engineering Task Force \(IETF\), its areas, and its) A
0 -306.2 M
(working groups. Note that other groups may also distribute working documents as ) S
(Internet-Drafts.) S
0 -330.4 M
0.275781244 0 32 0 0 (Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced,) A
0 -343.6 M
1.51927078 0 32 0 0 (or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference) A
0 -356.8 M
(material or to cite them other than as \233work in ) S
(progress.\234) S
0 -381 M
(The list of current Internet-Drafts can be accessed at ) S
(http://www.ietf.org/ietf/1id-abstracts.txt) S
[/Rect [231.980469 -383.789062 410.199219 -371.689056] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (http://www.ietf.org/ietf/1id-abstracts.txt)] Cd /ANN pdfmark
(.) S
0 -405.2 M
(The list of Internet-Draft Shadow Directories can be accessed at ) S
(http://www.ietf.org/shadow.html) S
[/Rect [283.601562 -407.988281 430.082031 -395.888275] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (http://www.ietf.org/shadow.html)] Cd /ANN pdfmark
(.) S
0 -429.4 M
(This Internet-Draft will expire on February 12, ) S
(2009.) S
0 -459.4 M
15 2 Nf
(Copyright) S
[/View [/XYZ -4 315.5625 null] /Dest /108 /DEST pdfmark
( ) S
(Notice) S
0 -483.6 M
11 0 Nf
(Copyright \251 The IETF Trust ) S
(\(2008\).) S
0 -513.6 M
15 2 Nf
(Abstract) S
[/View [/XYZ -4 261.363281 null] /Dest /109 /DEST pdfmark
0 -537.8 M
11 0 Nf
0.252485782 0 32 0 0 (This document specifies the "Mutual authentication protocol for Hyper-Text Transport Protocol". This) A
0 -551 M
4.2045455 0 32 0 0 (protocol provides true mutual authentication between HTTP clients and servers using simple) A
0 -564.2 M
2.15195322 0 32 0 0 (password-based authentication. Unlike Basic and Digest HTTP access authentication protocol, the) A
0 -577.4 M
5.26207399 0 32 0 0 (protocol ensures that server knows the user's entity \(encrypted password\) upon successful) A
0 -590.6 M
0.621804 0 32 0 0 (authentication. This prevents common phishing attacks: phishing attackers cannot convince users that) A
0 -603.8 M
2.18932295 0 32 0 0 (the user has been authenticated to the genuine website. Furthermore, even when a user has been) A
0 -617 M
0.557477653 0 32 0 0 (authenticated against an illegitimate server, the server cannot gain any bit of information about user's) A
0 -630.2 M
1.24869788 0 32 0 0 (passwords. The protocol is designed as an extension to the HTTP protocol, and the protocol design) A
0 -643.4 M
0.762784064 0 32 0 0 (intends to replace existing authentication mechanism such as Basic/Digest access authentications and) A
0 -656.6 M
(form-based authentications. ) S
0 -656.6 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 1 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 2 2
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 0 M
[/View [/XYZ -4 757.0 null] /Dest /1 /DEST pdfmark
0 -18 M
%%IncludeResource: font Times-Bold
15 2 Nf
(Table) S
[/View [/XYZ -4 757.0 null] /Dest /110 /DEST pdfmark
( of ) S
(Contents) S
0 -42.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
(1.) S
[/Rect [-1.0 -44.9492188 9.25 -32.8492203] /Subtype /Link /Border [0 0 1] /Dest /2 /ANN pdfmark
(\240 ) S
(Introduction) S
0 -55.4 M
(\240\240\240\240) S
(1.1.) S
[/Rect [10.0 -58.1484375 28.5 -46.048439] /Subtype /Link /Border [0 0 1] /Dest /4 /ANN pdfmark
(\240 Requirements ) S
(Language) S
0 -68.6 M
(2.) S
[/Rect [-1.0 -71.3476562 9.25 -59.2476578] /Subtype /Link /Border [0 0 1] /Dest /6 /ANN pdfmark
(\240 Protocol ) S
(Overview) S
0 -81.8 M
(3.) S
[/Rect [-1.0 -84.546875 9.25 -72.4468765] /Subtype /Link /Border [0 0 1] /Dest /8 /ANN pdfmark
(\240 Message ) S
(Syntax) S
0 -95 M
(\240\240\240\240) S
(3.1.) S
[/Rect [10.0 -97.7460938 28.5 -85.6460953] /Subtype /Link /Border [0 0 1] /Dest /11 /ANN pdfmark
(\240 Tokens and ) S
(Extensive-tokens) S
0 -108.2 M
(\240\240\240\240) S
(3.2.) S
[/Rect [10.0 -110.945312 28.5 -98.845314] /Subtype /Link /Border [0 0 1] /Dest /13 /ANN pdfmark
(\240 ) S
(Numbers) S
0 -121.4 M
(\240\240\240\240) S
(3.3.) S
[/Rect [10.0 -124.144531 28.5 -112.044533] /Subtype /Link /Border [0 0 1] /Dest /15 /ANN pdfmark
(\240 ) S
(Strings) S
0 -134.6 M
(4.) S
[/Rect [-1.0 -137.34375 9.25 -125.243752] /Subtype /Link /Border [0 0 1] /Dest /17 /ANN pdfmark
(\240 ) S
(Messages) S
0 -147.8 M
(\240\240\240\240) S
(4.1.) S
[/Rect [10.0 -150.542969 28.5 -138.442963] /Subtype /Link /Border [0 0 1] /Dest /19 /ANN pdfmark
(\240 ) S
(401-B0) S
0 -161 M
(\240\240\240\240) S
(4.2.) S
[/Rect [10.0 -163.742188 28.5 -151.642181] /Subtype /Link /Border [0 0 1] /Dest /21 /ANN pdfmark
(\240 ) S
(401-B0-stale) S
0 -174.2 M
(\240\240\240\240) S
(4.3.) S
[/Rect [10.0 -176.941406 28.5 -164.8414] /Subtype /Link /Border [0 0 1] /Dest /23 /ANN pdfmark
(\240 ) S
(req-A1) S
0 -187.4 M
(\240\240\240\240) S
(4.4.) S
[/Rect [10.0 -190.140625 28.5 -178.040619] /Subtype /Link /Border [0 0 1] /Dest /25 /ANN pdfmark
(\240 ) S
(401-B1) S
0 -200.6 M
(\240\240\240\240) S
(4.5.) S
[/Rect [10.0 -203.339844 28.5 -191.239838] /Subtype /Link /Border [0 0 1] /Dest /27 /ANN pdfmark
(\240 ) S
(req-A3) S
0 -213.8 M
(\240\240\240\240) S
(4.6.) S
[/Rect [10.0 -216.539062 28.5 -204.439056] /Subtype /Link /Border [0 0 1] /Dest /29 /ANN pdfmark
(\240 ) S
(200-B4) S
0 -227 M
(5.) S
[/Rect [-1.0 -229.738281 9.25 -217.638275] /Subtype /Link /Border [0 0 1] /Dest /31 /ANN pdfmark
(\240 Decision procedure for the ) S
(client) S
0 -240.2 M
(6.) S
[/Rect [-1.0 -242.9375 9.25 -230.837494] /Subtype /Link /Border [0 0 1] /Dest /34 /ANN pdfmark
(\240 Decision procedure for the ) S
(server) S
0 -253.4 M
(7.) S
[/Rect [-1.0 -256.136719 9.25 -244.036713] /Subtype /Link /Border [0 0 1] /Dest /36 /ANN pdfmark
(\240 Authentication ) S
(Algorithms) S
0 -266.6 M
(\240\240\240\240) S
(7.1.) S
[/Rect [10.0 -269.335938 28.5 -257.235931] /Subtype /Link /Border [0 0 1] /Dest /38 /ANN pdfmark
(\240 Common ) S
(functions) S
0 -279.8 M
(\240\240\240\240) S
(7.2.) S
[/Rect [10.0 -282.535156 28.5 -270.43515] /Subtype /Link /Border [0 0 1] /Dest /40 /ANN pdfmark
(\240 Functions for discrete-logarithm ) S
(settings) S
0 -293 M
(\240\240\240\240) S
(7.3.) S
[/Rect [10.0 -295.734375 28.5 -283.634369] /Subtype /Link /Border [0 0 1] /Dest /42 /ANN pdfmark
(\240 Functions for elliptic-curve ) S
(settings) S
0 -306.2 M
(8.) S
[/Rect [-1.0 -308.933594 9.25 -296.833588] /Subtype /Link /Border [0 0 1] /Dest /44 /ANN pdfmark
(\240 Authentication ) S
(Realms) S
0 -319.4 M
(\240\240\240\240) S
(8.1.) S
[/Rect [10.0 -322.132812 28.5 -310.032806] /Subtype /Link /Border [0 0 1] /Dest /46 /ANN pdfmark
(\240 Resolving ) S
(ambiguities) S
0 -332.6 M
(9.) S
[/Rect [-1.0 -335.332031 9.25 -323.232025] /Subtype /Link /Border [0 0 1] /Dest /48 /ANN pdfmark
(\240 Validation ) S
(Methods) S
0 -345.8 M
(10.) S
[/Rect [-1.0 -348.53125 14.75 -336.431244] /Subtype /Link /Border [0 0 1] /Dest /50 /ANN pdfmark
(\240 Session ) S
(Management) S
0 -359 M
(11.) S
[/Rect [-1.0 -361.730469 14.75 -349.630463] /Subtype /Link /Border [0 0 1] /Dest /52 /ANN pdfmark
(\240 Extension 1: Optional Mutual ) S
(Authentication) S
0 -372.2 M
(12.) S
[/Rect [-1.0 -374.929688 14.75 -362.829681] /Subtype /Link /Border [0 0 1] /Dest /54 /ANN pdfmark
(\240 Methods to extend this ) S
(protocol) S
0 -385.4 M
(13.) S
[/Rect [-1.0 -388.128906 14.75 -376.0289] /Subtype /Link /Border [0 0 1] /Dest /56 /ANN pdfmark
(\240 IANA ) S
(Considerations) S
0 -398.6 M
(14.) S
[/Rect [-1.0 -401.328125 14.75 -389.228119] /Subtype /Link /Border [0 0 1] /Dest /58 /ANN pdfmark
(\240 Security ) S
(Considerations) S
0 -411.8 M
(\240\240\240\240) S
(14.1.) S
[/Rect [10.0 -414.527344 34.0 -402.427338] /Subtype /Link /Border [0 0 1] /Dest /60 /ANN pdfmark
(\240 General ) S
(Assumptions) S
0 -425 M
(\240\240\240\240) S
(14.2.) S
[/Rect [10.0 -427.726562 34.0 -415.626556] /Subtype /Link /Border [0 0 1] /Dest /62 /ANN pdfmark
(\240 Implementation ) S
(Considerations) S
0 -438.2 M
(\240\240\240\240) S
(14.3.) S
[/Rect [10.0 -440.925781 34.0 -428.825775] /Subtype /Link /Border [0 0 1] /Dest /64 /ANN pdfmark
(\240 Usage ) S
(Considerations) S
0 -451.4 M
(15.) S
[/Rect [-1.0 -454.125 14.75 -442.025] /Subtype /Link /Border [0 0 1] /Dest /66 /ANN pdfmark
(\240 Notice on intellectual ) S
(properties) S
0 -464.6 M
(16.) S
[/Rect [-1.0 -467.324219 14.75 -455.224213] /Subtype /Link /Border [0 0 1] /Dest /68 /ANN pdfmark
(\240 ) S
(Acknowledgement) S
0 -477.8 M
(17.) S
[/Rect [-1.0 -480.523438 14.75 -468.423431] /Subtype /Link /Border [0 0 1] /Dest /72 /ANN pdfmark
(\240 ) S
(References) S
0 -491 M
(\240\240\240\240) S
(17.1.) S
[/Rect [10.0 -493.722656 34.0 -481.62265] /Subtype /Link /Border [0 0 1] /Dest /72 /ANN pdfmark
(\240 Normative ) S
(References) S
0 -504.2 M
(\240\240\240\240) S
(17.2.) S
[/Rect [10.0 -506.921875 34.0 -494.821869] /Subtype /Link /Border [0 0 1] /Dest /82 /ANN pdfmark
(\240 Informative ) S
(References) S
0 -517.4 M
(Appendix\240A.) S
[/Rect [-1.0 -520.121094 57.8203125 -508.021088] /Subtype /Link /Border [0 0 1] /Dest /92 /ANN pdfmark
(\240 Group parameters for discrete-logarithm based ) S
(algorithms) S
0 -530.6 M
(Appendix\240B.) S
[/Rect [-1.0 -533.320312 57.2148438 -521.220337] /Subtype /Link /Border [0 0 1] /Dest /94 /ANN pdfmark
(\240 Derived numerical ) S
(values) S
0 -543.8 M
(Appendix\240C.) S
[/Rect [-1.0 -546.519531 57.2148438 -534.419556] /Subtype /Link /Border [0 0 1] /Dest /96 /ANN pdfmark
(\240 Draft Remarks from the ) S
(Authors) S
0 -557 M
(Appendix\240D.) S
[/Rect [-1.0 -559.71875 57.8203125 -547.618774] /Subtype /Link /Border [0 0 1] /Dest /98 /ANN pdfmark
(\240 Draft Change ) S
(Log) S
0 -570.2 M
(\240\240\240\240) S
(D.1.) S
[/Rect [10.0 -572.917969 30.9414062 -560.818] /Subtype /Link /Border [0 0 1] /Dest /100 /ANN pdfmark
(\240 Changes in revision ) S
(03) S
0 -583.4 M
(\240\240\240\240) S
(D.2.) S
[/Rect [10.0 -586.117188 30.9414062 -574.017212] /Subtype /Link /Border [0 0 1] /Dest /102 /ANN pdfmark
(\240 Changes in revision ) S
(02) S
0 -596.6 M
(\247) S
[/Rect [-1.0 -599.316406 6.5 -587.216431] /Subtype /Link /Border [0 0 1] /Dest /104 /ANN pdfmark
(\240 Authors' ) S
(Addresses) S
0 -609.8 M
(\247) S
[/Rect [-1.0 -612.515625 6.5 -600.415649] /Subtype /Link /Border [0 0 1] /Dest /105 /ANN pdfmark
(\240 Intellectual Property and Copyright ) S
(Statements) S
0 -620.8 M
[/View [/XYZ -4 136.234375 null] /Dest /2 /DEST pdfmark
0 -620.8 M
[/View [/XYZ -4 136.234375 null] /Dest /3 /DEST pdfmark
0 -621.8 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 2 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 3 3
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -18 M
%%IncludeResource: font Times-Bold
15 2 Nf
(1.) S
[/View [/XYZ -4 757.0 null] /Dest /111 /DEST pdfmark
( ) S
(Introduction) S
0 -42.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
0.252485782 0 32 0 0 (This document specifies the "Mutual authentication protocol for Hyper-Text Transport Protocol". This) A
0 -55.4 M
4.2045455 0 32 0 0 (protocol provides true mutual authentication between HTTP clients and servers using simple) A
0 -68.6 M
4.49522591 0 32 0 0 (password-based authentication. Unlike ) A
4.49522591 0 32 0 0 (Basic and Digest HTTP access authentication ) A
4.49522591 0 32 0 0 (protocol) A
[/Rect [185.957031 -71.3476562 454.972656 -59.2476578] /Subtype /Link /Border [0 0 1] /Dest /88 /ANN pdfmark
0 -81.8 M
2.83626294 0 32 0 0 ([RFC2617], the protocol ensures that server knows the user's entity \(encrypted password\) upon) A
0 -95 M
0.348437488 0 32 0 0 (successful authentication. This prevents common phishing attacks: phishing attackers cannot convince) A
0 -108.2 M
0.735351562 0 32 0 0 (users that the user has been authenticated to the genuine website. Furthermore, even when a user has) A
0 -121.4 M
0.949776769 0 32 0 0 (been authenticated against an illegitimate server, the server cannot gain any bit of information about) A
0 -134.6 M
(user's ) S
(passwords.) S
0 -158.8 M
1.95973563 0 32 0 0 (Recently, phishing attacks are getting more and more sophisticated. Phishers not only steal user's) A
0 -172 M
0.318359375 0 32 0 0 (password directly, but imitate successful authentication to steal user's sensitive information, check the) A
0 -185.2 M
0.24609375 0 32 0 0 (password validity by forwarding the password to the legitimate server, or employ a man-in-the-middle) A
0 -198.4 M
1.81835938 0 32 0 0 (attack to hijack user's login session. Existing countermeasures such as one-time passwords cannot) A
0 -211.6 M
(completely solve these ) S
(problems.) S
0 -235.8 M
1.33359373 0 32 0 0 (The protocol prevents such attacks by providing users a way to discriminate between true and fake) A
0 -249 M
0.771972656 0 32 0 0 (web servers using their own passwords. Even when a user inputs his/her password to a fake website,) A
0 -262.2 M
0.148697913 0 32 0 0 (using this authentication method, any information about the password does not leak to the phisher, and) A
0 -275.4 M
3.1595552 0 32 0 0 (the user certainly notices that the mutual authentication has failed. Phishers cannot make such) A
0 -288.6 M
0.380208343 0 32 0 0 (authentication attempt succeed, even if they forward received data from a user to the legitimate server) A
0 -301.8 M
0.728630543 0 32 0 0 (or vice versa. Users can safely input sensitive data to the web forms after confirming that the mutual) A
0 -315 M
(authentication has succeeded. ) S
0 -339.2 M
0.399274558 0 32 0 0 (To achieve this goal, this protocol uses a mechanism in ) A
0.399274558 0 32 0 0 (ISO/IEC ) A
0.399274558 0 32 0 0 (11770-4) A
[/Rect [248.867188 -341.933594 329.160156 -329.833588] /Subtype /Link /Border [0 0 1] /Dest /85 /ANN pdfmark
0.399274558 0 32 0 0 ( [ISO.11770-4.2006], a kind) A
0 -352.4 M
1.46321619 0 32 0 0 (of PAKE \(Password-Authenticated Key Exchange\) authentication algorithms as a basis. The use of) A
0 -365.6 M
1.28125 0 32 0 0 (PAKE mechanism allows users to use familiar ID/password based accesses, without fear of leaking) A
0 -378.8 M
2.04453135 0 32 0 0 (any password information to the communication peer. The protocol, as a whole, is designed as a) A
0 -392 M
(natural extension to the ) S
(HTTP ) S
(protocol) S
[/Rect [104.679688 -394.730469 173.574219 -382.630463] /Subtype /Link /Border [0 0 1] /Dest /87 /ANN pdfmark
( [RFC2616]. ) S
0 -416.2 M
0.436298072 0 32 0 0 (The design also considers to replace current form-based Web authentication, which is very vulnerable) A
0 -429.4 M
4.42613649 0 32 0 0 (against phishing attacks. To this purpose, several extensions to ) A
4.42613649 0 32 0 0 (current HTTP authentication ) A
[/Rect [317.707031 -432.128906 462.171875 -420.0289] /Subtype /Link /Border [0 0 1] /Dest /88 /ANN pdfmark
0 -442.6 M
(mechanism) S
[/Rect [-1.0 -445.328125 51.0898438 -433.228119] /Subtype /Link /Border [0 0 1] /Dest /88 /ANN pdfmark
( [RFC2617] are introduced. ) S
0 -453.6 M
[/View [/XYZ -4 303.421875 null] /Dest /4 /DEST pdfmark
0 -453.6 M
[/View [/XYZ -4 303.421875 null] /Dest /5 /DEST pdfmark
0 -472.6 M
15 2 Nf
(1.1.) S
[/View [/XYZ -4 302.421875 null] /Dest /112 /DEST pdfmark
( Requirements ) S
(Language) S
0 -496.8 M
11 0 Nf
1.89609373 0 32 0 0 (The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",) A
0 -510 M
2.6889205 0 32 0 0 ("SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be) A
0 -523.2 M
(interpreted as described in ) S
([RFC2119]) S
[/Rect [117.488281 -525.925781 169.59375 -513.825806] /Subtype /Link /Border [0 0 1] /Dest /75 /ANN pdfmark
(.) S
0 -534.2 M
[/View [/XYZ -4 222.824219 null] /Dest /6 /DEST pdfmark
0 -534.2 M
[/View [/XYZ -4 222.824219 null] /Dest /7 /DEST pdfmark
0 -553.2 M
15 2 Nf
(2.) S
[/View [/XYZ -4 221.824219 null] /Dest /113 /DEST pdfmark
( Protocol ) S
(Overview) S
0 -577.4 M
11 0 Nf
(The following sequence is a typical sequence for the first access to the resource. ) S
11 -597.9 M
gsave
0 setgray
newpath
11.0 -597.945312 2.75 0 360 arc
closepath
fill
grestore
22 -601.6 M
1.54326928 0 32 0 0 (If the server \(S\) has received a request for mutual-authentication protected resources from the) A
22 -614.8 M
(Client \(C\) \(which is not a req-A1 nor a req-A3 message\), it sends a 401-B0 message to C. ) S
22 -628 M
0.579166651 0 32 0 0 (When C has received a 401-B0 message, C SHOULD check validity of the message. If succeed,) A
22 -641.2 M
(C processes the body of the message, and enables the password entry field. ) S
11 -651.7 M
gsave
0 setgray
newpath
11.0 -651.742188 2.75 0 360 arc
closepath
fill
grestore
22 -655.4 M
0.160590276 0 32 0 0 (If the user has input the username and password as a response to the 401-B0 message, C creates a) A
22 -668.6 M
(value s_A, calculates the value w_A, and construct and send a req-A1 message. ) S
22 -669.6 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 3 -) S
0 setgray
44 -8 M
grestore
pgsave restore N
%%Page: 4 4
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
11 -9.6 M
gsave
0 setgray
newpath
11.0 -9.5703125 2.75 0 360 arc
closepath
fill
grestore
22 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
0.811523438 0 32 0 0 (If S has received an req-A1 message, S should check validity of w_A, record the received w_A) A
22 -13.2 M
0.955050647 0.955050647 scale
0.0 -13.2 RM
11 0 Nf
(value, and then look up the username from the user table. if the user is found, S prepares a new session) S
1.0470649 1.0470649 scale
22 -25.8 M
0.962138116 0.962138116 scale
0.0 -13.2 RM
(id \(sid\), record it into a session table, and then construct s_B, calculate w_B, and then send an 401-B1) S
1.03935182 1.03935182 scale
22 -51.7 M
(message. ) S
22 -64.9 M
0.781020224 0 32 0 0 (If there is no matching user found, the server SHOULD construct a fake w_B value, and let the) A
22 -78.1 M
(protocol going on by sending an 401-B1 message. ) S
11 -88.7 M
gsave
0 setgray
newpath
11.0 -88.671875 2.75 0 360 arc
closepath
fill
grestore
22 -92.3 M
1.13500977 0 32 0 0 (When C has received an 401-B1 message as a response for a req-A1 message, C should check) A
22 -105.5 M
(validity of w_B, and compute z and o_A, and send an req-A3 message. ) S
22 -118.7 M
0.0649414062 0 32 0 0 (If C receives any messages other than 401-B1, C MUST NOT process the message body and treat) A
22 -118.7 M
0.960925877 0.960925877 scale
0.0 -13.2 RM
(it as a fatal communication error condition. This case includes the reception of HTTP OK \(200-status\)) S
1.040663 1.040663 scale
22 -144.6 M
(message. ) S
11 -155.2 M
gsave
0 setgray
newpath
11.0 -155.152344 2.75 0 360 arc
closepath
fill
grestore
22 -158.8 M
0.449001729 0 32 0 0 (If S has received an req-A3 message, S should look up the received sid from the session table. If) A
22 -172 M
0.579687476 0 32 0 0 (no matching sid message is received, or if S has not received the corresponding req-A1 message) A
22 -185.2 M
(beforehand, S SHOULD send an 401-B0-stale message. ) S
22 -198.4 M
1.35260415 0 32 0 0 (Otherwise, S should computes o_A and check its value. If the validation has failed, the server) A
22 -211.6 M
(SHOULD send an 401-B0 message. ) S
22 -224.8 M
(If the validation has succeeded, the server SHOULD calculate o_B, and send a 200-B4 message. ) S
11 -235.3 M
gsave
0 setgray
newpath
11.0 -235.347656 2.75 0 360 arc
closepath
fill
grestore
22 -239 M
1.05580354 0 32 0 0 (When C has received an 401-B0 message, it means the authentication has been failed, possibly) A
22 -239 M
0.954284251 0.954284251 scale
0.0 -13.2 RM
(due to that the wrong password has been given. C MAY ignore the body of the 401-B0 message in this) S
1.0479058 1.0479058 scale
22 -264.8 M
(case. ) S
22 -278 M
0.63671875 0 32 0 0 (When C has received an 200-B4 message, C MUST first compute the value of o_B and validate) A
22 -278 M
0.966780901 0.966780901 scale
0.0 -13.2 RM
(the value o_B sent from the server. If it has not verified successfully, C MUST ignore the body of the) S
1.03436053 1.03436053 scale
22 -290.7 M
0.99895215 0.99895215 scale
0.0 -13.2 RM
(message, and treat it as a fatal communication error condition. If it has succeed, C will process the) S
1.00104892 1.00104892 scale
22 -317.1 M
(body of the message. ) S
22 -330.3 M
2.2877605 0 32 0 0 (If C receives any messages other than 401-B0 or valid 200-B4, C MUST NOT process the) A
22 -343.5 M
0.784114599 0 32 0 0 (message body and other headers and treat it as a fatal communication error condition. This case) A
22 -356.7 M
(includes the reception of usual HTTP OK \(200-status\) messages. ) S
0 -380.9 M
0.0849609375 0 32 0 0 (For the second or later request to the server, if the client knows that the resource is likely to require the) A
0 -394.1 M
4.678267 0 32 0 0 (authentication, the client MAY omit first unauthenticated request and send req-A1 message) A
0 -407.3 M
1.3393842 0 32 0 0 (immediately. In this case, the first \(and only the first\) response from the server MAY be a normal,) A
0 -420.5 M
(unauthenticated message, and client MAY accept such messages. ) S
0 -444.7 M
1.49780273 0 32 0 0 (Furthermore, if client owns a valid session ID \(sid\), the client MAY send a req-A3 message using) A
0 -457.9 M
1.84036458 0 32 0 0 (existing sid. In such cases, the server MAY have thrown out the corresponding sessions, then the) A
0 -471.1 M
0.0916666687 0 32 0 0 (server SHOULD send a 401-B0-stale message as a response to req-A3 message, and C SHOULD retry) A
0 -484.3 M
(from constructing req-A1 message. ) S
0 -508.5 M
(For more detail, see ) S
(Section\2405) S
[/Rect [89.09375 -511.25 132.332031 -499.15] /Subtype /Link /Border [0 0 1] /Dest /31 /ANN pdfmark
(. ) S
0 -519.5 M
[/View [/XYZ -4 237.5 null] /Dest /8 /DEST pdfmark
0 -519.5 M
[/View [/XYZ -4 237.5 null] /Dest /9 /DEST pdfmark
0 -538.5 M
%%IncludeResource: font Times-Bold
15 2 Nf
(3.) S
[/View [/XYZ -4 236.5 null] /Dest /114 /DEST pdfmark
( Message ) S
(Syntax) S
0 -562.7 M
11 0 Nf
1.04119313 0 32 0 0 (The Mutual authentication protocol uses four headers: WWW-Authenticate \(in responses with status) A
0 -575.9 M
1.05273438 0 32 0 0 (code 401\), Optional-WWW-Authenticate \(in responses with positive status codes\), Authorization \(in) A
0 -589.1 M
2.31960225 0 32 0 0 (requests\), and Authentication-info \(in positive responses\). These three headers share the common) A
0 -602.3 M
3.32282376 0 32 0 0 (syntax described in ) A
3.32282376 0 32 0 0 (Figure\2401) A
[/Rect [96.6210938 -605.046875 135.582031 -592.946899] /Subtype /Link /Border [0 0 1] /Dest /10 /ANN pdfmark
3.32282376 0 32 0 0 (. The syntax is denoted in the augmented BNF syntax defined in ) A
0 -615.5 M
([RFC5234]) S
[/Rect [-1.0 -618.246094 51.1054688 -606.146118] /Subtype /Link /Border [0 0 1] /Dest /81 /ANN pdfmark
(. The syntax is a subset of the one described in ) S
([RFC2617]) S
[/Rect [256.804688 -618.246094 308.910156 -606.146118] /Subtype /Link /Border [0 0 1] /Dest /88 /ANN pdfmark
(. ) S
0 -626.5 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -637.5 M
[/View [/XYZ -4 119.503906 null] /Dest /10 /DEST pdfmark
0 -637.5 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 4 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 5 5
%%PageResources: font Times-Roman Times-Bold Courier Courier-Oblique Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -10.8 M
%%IncludeResource: font Courier
9.0 4 Nf
( ) S
%%IncludeResource: font Courier-Oblique
9.0 5 Nf
(header) S
9.0 4 Nf
( = ) S
9.0 5 Nf
(header-name) S
9.0 4 Nf
( ":" [) S
9.0 5 Nf
(spaces) S
9.0 4 Nf
(] "Mutual" ) S
9.0 5 Nf
(spaces) S
9.0 4 Nf
( ) S
9.0 5 Nf
(fields) S
0 -21.6 M
9.0 4 Nf
( ) S
9.0 5 Nf
(header-name) S
9.0 4 Nf
( = "WWW-Authenticate" / "Optional-WWW-Authenticate") S
0 -32.4 M
( / "Authorization" / "Authentication-info") S
0 -43.2 M
9.0 4 Nf
( ) S
9.0 5 Nf
(spaces) S
9.0 4 Nf
( = 1*\(" " / %x09 / %x0D.0A \(" " / %x09\)\) ) S
9.0 5 Nf
(; LWSP) S
0 -54 M
9.0 4 Nf
( ) S
9.0 5 Nf
(fields) S
9.0 4 Nf
( = ) S
9.0 5 Nf
(field) S
9.0 4 Nf
( *\([) S
9.0 5 Nf
(spaces) S
9.0 4 Nf
(] "," ) S
9.0 5 Nf
(spaces) S
9.0 4 Nf
( ) S
9.0 5 Nf
(field) S
9.0 4 Nf
(\)) S
0 -64.8 M
9.0 4 Nf
( ) S
9.0 5 Nf
(field) S
9.0 4 Nf
( = ) S
9.0 5 Nf
(key) S
9.0 4 Nf
( "=" ) S
9.0 5 Nf
(value) S
0 -75.6 M
9.0 4 Nf
( ) S
9.0 5 Nf
(key) S
9.0 4 Nf
( = ) S
9.0 5 Nf
(extensive-token) S
0 -86.4 M
9.0 4 Nf
( ) S
9.0 5 Nf
(extensive-token) S
9.0 4 Nf
( = ) S
9.0 5 Nf
(token) S
9.0 4 Nf
( / ) S
9.0 5 Nf
(extension-token) S
0 -97.2 M
9.0 4 Nf
( ) S
9.0 5 Nf
(extension-token) S
9.0 4 Nf
( = ) S
9.0 5 Nf
(token) S
9.0 4 Nf
( "@" ) S
9.0 5 Nf
(token) S
0 -108 M
9.0 4 Nf
( ) S
9.0 5 Nf
(token) S
9.0 4 Nf
( = 1*\(%x30-39 / %x41-5A / %x61-7A / "." / "-" / "_"\)) S
0 -118.8 M
9.0 4 Nf
( ) S
9.0 5 Nf
(value) S
9.0 4 Nf
( = ) S
9.0 5 Nf
(extensive-token) S
9.0 4 Nf
( / ) S
9.0 5 Nf
(integer) S
9.0 4 Nf
( / ) S
9.0 5 Nf
(hex-integer) S
0 -129.6 M
9.0 4 Nf
( / ) S
9.0 5 Nf
(hex-fixed-number) S
0 -140.4 M
9.0 4 Nf
( / ) S
9.0 5 Nf
(base64-fixed-number) S
9.0 4 Nf
( / ) S
9.0 5 Nf
(string) S
0 -151.2 M
9.0 4 Nf
( ) S
9.0 5 Nf
(integer) S
9.0 4 Nf
( = "0" / \(%x31-39 *%x30-39\) ) S
9.0 5 Nf
(; no leading zeros) S
0 -162 M
9.0 4 Nf
( ) S
9.0 5 Nf
(hex-integer) S
9.0 4 Nf
( = "0") S
0 -172.8 M
9.0 4 Nf
( / \(\(%x31-39 / %x41-46 / %x61-66\) ) S
9.0 5 Nf
(; no leading zeros) S
0 -183.6 M
9.0 4 Nf
( *\(%x30-39 / %x41-46 / %x61-66\)\)) S
0 -194.3 M
9.0 4 Nf
( ) S
9.0 5 Nf
(hex-fixed-number) S
9.0 4 Nf
( = 1*\(%x30-39 / %x41-46 / %x61-66\)) S
0 -205.1 M
9.0 4 Nf
( ) S
9.0 5 Nf
(base64-fixed-number) S
9.0 4 Nf
( = ) S
9.0 5 Nf
(string) S
0 -215.9 M
9.0 4 Nf
( ) S
9.0 5 Nf
(string) S
9.0 4 Nf
( = %x22 *\(%x20-21 / %x23-5B / %x5D-FF) S
0 -226.7 M
( / %x5C.22 / "\\\\" / "\\,"\) %x22) S
125.3 -249.7 M
%%IncludeResource: font Times-Bold
7.63889 2 Nf
(\240Figure\2401: the BNF syntax for the headers used in the ) S
(protocol\240) S
0 -263.6 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -274.6 M
[/View [/XYZ -4 482.425781 null] /Dest /11 /DEST pdfmark
0 -274.6 M
[/View [/XYZ -4 482.425781 null] /Dest /12 /DEST pdfmark
0 -293.6 M
15 2 Nf
(3.1.) S
[/View [/XYZ -4 481.425781 null] /Dest /115 /DEST pdfmark
( Tokens and ) S
(Extensive-tokens) S
0 -317.8 M
%%IncludeResource: font Times-Roman
11 0 Nf
0.294677734 0 32 0 0 (The tokens MUST be interpreted case-insensitive, and SHOULD be sent in the same case as shown in) A
0 -331 M
0.479427069 0 32 0 0 (the specification. When these are used as \(partial\) inputs to any hash or other mathematical functions,) A
0 -344.2 M
6.09700537 0 32 0 0 (it MUST be used in lower-case. All hex-fixed-number or hex-integer numbers are also) A
0 -357.4 M
(case-insensitive, and SHOULD be sent in lower-case. ) S
0 -381.6 M
3.14518237 0 32 0 0 (Extensive-tokens are used where the set of acceptable tokens are extensible. Any non-standard) A
0 -394.8 M
1.51523435 0 32 0 0 (extensions of this protocol MUST use the extension-tokens of format "<token>@<domain-name>",) A
0 -408 M
0.152604163 0 32 0 0 (where domain-name is the valid registered \(sub-\)domain name on the Internet owned by the party who) A
0 -421.2 M
(defines extensions. ) S
0 -432.2 M
[/View [/XYZ -4 324.832031 null] /Dest /13 /DEST pdfmark
0 -432.2 M
[/View [/XYZ -4 324.832031 null] /Dest /14 /DEST pdfmark
0 -451.2 M
15 2 Nf
(3.2.) S
[/View [/XYZ -4 323.832031 null] /Dest /116 /DEST pdfmark
( ) S
(Numbers) S
0 -475.4 M
11 0 Nf
0.0100446427 0 32 0 0 (The syntax definitions of integer and hex-integer only allow representations which do not contain extra) A
0 -488.6 M
(leading 0s. ) S
0 -512.8 M
1.35336542 0 32 0 0 (The numbers represented as a hex-fixed-number MUST have even characters \(i.e. multiple of eight) A
0 -526 M
0.361049116 0 32 0 0 (bits\). When these are generated from cryptographic values, those SHOULD have the natural length: if) A
0 -539.2 M
0.372802734 0 32 0 0 (these are generated from a hash function, these lengths SHOULD correspond to the hash size; if these) A
0 -552.4 M
1.42912948 0 32 0 0 (are representing elements of a mathematical group, its lengths SHOULD be the shortest which can) A
0 -565.6 M
0.160888672 0 32 0 0 (represent all elements in the group. See ) A
0.160888672 0 32 0 0 (Appendix\240B) A
[/Rect [176.035156 -568.3125 231.5 -556.212524] /Subtype /Link /Border [0 0 1] /Dest /94 /ANN pdfmark
0.160888672 0 32 0 0 ( for information about the length of the fields used) A
0 -578.8 M
0.863002241 0 32 0 0 (in this specification. Other values such as session-id are represented in any \(even\) length determined) A
0 -592 M
2.92773438 0 32 0 0 (by the side who generates it first, and the same length SHALL be used throughout the whole) A
0 -605.2 M
(communications by both peers. ) S
0 -629.4 M
0.24849759 0 32 0 0 (The numbers represented as a base64-fixed-number SHALL be generated as follows: first, the number) A
0 -642.6 M
0.435997605 0 32 0 0 (is converted to a big-endian octet-string representation. The length of the representation is determined) A
0 -655.8 M
0.598958313 0 32 0 0 (in the same way as above. Then, the string is encoded by ) A
0.598958313 0 32 0 0 (the Base 64 ) A
0.598958313 0 32 0 0 (encoding) A
[/Rect [259.078125 -658.507812 357.257812 -646.407837] /Subtype /Link /Border [0 0 1] /Dest /80 /ANN pdfmark
0.598958313 0 32 0 0 ( [RFC4648], and then) A
0 -669 M
(enclosed by two double-quotations. ) S
0 -669 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 5 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 6 6
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 0 M
[/View [/XYZ -4 757.0 null] /Dest /15 /DEST pdfmark
0 0 M
[/View [/XYZ -4 757.0 null] /Dest /16 /DEST pdfmark
0 -18 M
%%IncludeResource: font Times-Bold
15 2 Nf
(3.3.) S
[/View [/XYZ -4 757.0 null] /Dest /117 /DEST pdfmark
( ) S
(Strings) S
0 -42.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
1.30198312 0 32 0 0 (All strings outside ASCII or equivalent character sets SHOULD be encoded using ) A
1.30198312 0 32 0 0 (UTF-8 ) A
1.30198312 0 32 0 0 (encoding) A
[/Rect [378.679688 -44.9492188 454.984375 -32.8492203] /Subtype /Link /Border [0 0 1] /Dest /78 /ANN pdfmark
0 -55.4 M
1.66503906 0 32 0 0 ([RFC3629] of the ) A
1.66503906 0 32 0 0 (ISO 10646-1 character ) A
1.66503906 0 32 0 0 (set) A
[/Rect [84.9453125 -58.1484375 207.066406 -46.048439] /Subtype /Link /Border [0 0 1] /Dest /84 /ANN pdfmark
1.66503906 0 32 0 0 ( [ISO.10646-1.1993]. Both peers SHOULD reject any) A
0 -68.6 M
1.64663458 0 32 0 0 (invalid UTF-8 sequences which causes decoding ambiguities \(e.g. containing <"> in the second or) A
0 -81.8 M
0.929947913 0 32 0 0 (later byte of the UTF-8 encoded characters\). To encode character strings, these will first be encoded) A
0 -95 M
1.91067708 0 32 0 0 (according to UTF-8 without leading BOM, then all occurrences of characters <"> and "\\" will be) A
0 -108.2 M
0.108552635 0 32 0 0 (escaped by prepending "\\", and two <">s will be put around the string. If the contents of the strings are) A
0 -121.4 M
(comma-separated values, the commas in the values are also quoted by "\\". ) S
0 -145.6 M
0.377864569 0 32 0 0 (If strings are representing a domain name or URI which contains non-ASCII characters, the host parts) A
0 -158.8 M
1.27584136 0 32 0 0 (SHOULD be encoded using puny-code defined in ) A
1.27584136 0 32 0 0 ([RFC3492]) A
[/Rect [230.585938 -161.542969 282.691406 -149.442963] /Subtype /Link /Border [0 0 1] /Dest /89 /ANN pdfmark
1.27584136 0 32 0 0 ( instead of UTF-8, and SHOULD use) A
0 -172 M
(lower-case ASCII characters. ) S
0 -196.2 M
(For Base64-fixed-numbers, which use the string syntax, see the previous section. ) S
0 -207.2 M
[/View [/XYZ -4 549.808594 null] /Dest /17 /DEST pdfmark
0 -207.2 M
[/View [/XYZ -4 549.808594 null] /Dest /18 /DEST pdfmark
0 -226.2 M
15 2 Nf
(4.) S
[/View [/XYZ -4 548.808594 null] /Dest /118 /DEST pdfmark
( ) S
(Messages) S
0 -250.4 M
11 0 Nf
0.684895813 0 32 0 0 (In this section, formats and requirements of the headers for each message are presented. The allowed) A
0 -263.6 M
3.58056641 0 32 0 0 (type for values for each header field is shown in parenthesis after the key names. The type) A
0 -276.8 M
0.0607910156 0 32 0 0 ("algorithm-determined" means that the acceptable value type for the field is one of the types defined in ) A
0 -290 M
(Section\2403) S
[/Rect [-1.0 -292.738281 42.2382812 -280.638275] /Subtype /Link /Border [0 0 1] /Dest /8 /ANN pdfmark
(, and is determined by the value of the "algorithm" field. ) S
0 -314.2 M
0.707763672 0 32 0 0 (Note: The term "optional" here means that omitting the field is allowed and has specific meanings in) A
0 -327.4 M
(communications \(i.e.\240it is not generally "OPTIONAL" defined in ) S
([RFC2119]) S
[/Rect [287.441406 -330.136719 339.546875 -318.036713] /Subtype /Link /Border [0 0 1] /Dest /75 /ANN pdfmark
(\). ) S
0 -338.4 M
[/View [/XYZ -4 418.613281 null] /Dest /19 /DEST pdfmark
0 -338.4 M
[/View [/XYZ -4 418.613281 null] /Dest /20 /DEST pdfmark
0 -357.4 M
15 2 Nf
(4.1.) S
[/View [/XYZ -4 417.613281 null] /Dest /119 /DEST pdfmark
( ) S
(401-B0) S
0 -381.6 M
11 0 Nf
0.926106751 0 32 0 0 (Every 401-B0 message SHALL be a valid HTTP 401 \(Authentication Required\) message containing) A
0 -394.8 M
1.81217444 0 32 0 0 (one \(and only one: hereafter not explicitly noticed\) "WWW-Authenticate" header of the following) A
0 -408 M
(format. ) S
0 -432.2 M
(WWW-Authenticate: Mutual algorithm=xxxx, validation=xxxx, realm="xxxx", stale=0 ) S
0 -456.4 M
(The header SHALL contain the fields with the following keys: ) S
11 -480.6 M
(algorithm: ) S
33 -493.8 M
0.290364593 0 32 0 0 (\(extensive-token\) specifies the authentication algorithm to be used. The value MUST be one) A
33 -507 M
4.18326807 0 32 0 0 (of the tokens described in ) A
4.18326807 0 32 0 0 (Section\2407) A
[/Rect [168.65625 -509.730469 211.894531 -497.630463] /Subtype /Link /Border [0 0 1] /Dest /36 /ANN pdfmark
4.18326807 0 32 0 0 (, or the tokens specified in other supplemental) A
33 -520.2 M
(specification documentations. ) S
11 -533.4 M
(validation: ) S
33 -546.6 M
1.37169468 0 32 0 0 (\(extensive-token\) specifies the method of host validation. The value MUST be one of the) A
33 -559.8 M
1.75994313 0 32 0 0 (tokens described in ) A
1.75994313 0 32 0 0 (Section\2409) A
[/Rect [124.933594 -562.527344 168.171875 -550.427368] /Subtype /Link /Border [0 0 1] /Dest /48 /ANN pdfmark
1.75994313 0 32 0 0 (, or the tokens specified in other supplemental specification) A
33 -573 M
(documentations. ) S
11 -586.2 M
(auth-domain: ) S
33 -599.4 M
1.31463063 0 32 0 0 (\(optional, string\) specifies authentication domain, the set of hosts on which authentication) A
33 -612.6 M
1.13452148 0 32 0 0 (credentials are valid. It MUST be one of the strings described in ) A
1.13452148 0 32 0 0 (Section\2408) A
[/Rect [330.542969 -615.324219 373.78125 -603.224243] /Subtype /Link /Border [0 0 1] /Dest /44 /ANN pdfmark
1.13452148 0 32 0 0 (. If the value is) A
33 -625.8 M
(omitted, it is assumed to be the host part of the requested URI. ) S
11 -639 M
(realm: ) S
33 -652.2 M
0.786057711 0 32 0 0 (\(string\) is a UTF-8 encoded string representing the name of the authentication realm inside) A
33 -665.4 M
(the authentication domain. ) S
33 -665.4 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 6 -) S
0 setgray
22 -8 M
grestore
pgsave restore N
%%Page: 7 7
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
11 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
(pwd-hash: ) S
33 -26.4 M
3.95667624 0 32 0 0 (\(optional, extensive-token\) specifies the hash algorithm \(referred to by ph\) used for) A
33 -39.6 M
(additionally hashing the password. The valid tokens are ) S
44 -50.2 M
gsave
0 setgray
newpath
44.0 -50.1679688 2.75 0 360 arc
closepath
fill
grestore
55 -53.8 M
(none: ph\(p\) = p ) S
44 -64.4 M
gsave
0 setgray
newpath
44.0 -64.3671875 2.75 0 360 arc
closepath
fill
grestore
55 -68 M
(md5: ph\(p\) = MD5\(p\) ) S
44 -78.6 M
gsave
0 setgray
newpath
44.0 -78.5664062 2.75 0 360 arc
closepath
fill
grestore
55 -82.2 M
0.602050781 0 32 0 0 (digest-md5: ph\(p\) = MD5\(username | ":" | realm | ":" | p\), the same value as MD5\(A1\)) A
55 -95.4 M
(for "MD5" algorithm in ) S
([RFC2617]) S
[/Rect [161.324219 -98.1445312 213.429688 -86.0445328] /Subtype /Link /Border [0 0 1] /Dest /88 /ANN pdfmark
(. ) S
44 -106 M
gsave
0 setgray
newpath
44.0 -105.964844 2.75 0 360 arc
closepath
fill
grestore
55 -109.6 M
(sha1: ph\(p\) = ) S
(SHA1\(p\)) S
33 -122.8 M
(If omitted, the value "none" is assumed. The use of "none" is recommended. ) S
11 -136 M
(stale: ) S
33 -149.2 M
(\(token\) MUST be "0". ) S
0 -173.4 M
0.860491097 0 32 0 0 (Any additional fields SHOULD NOT be contained in the header, except those explicitly specified in) A
0 -186.6 M
(supplement specifications of the "authentication algorithm". ) S
0 -210.8 M
(The algorithm will determine the types and the values for w_A, w_B, o_A and o_B. ) S
0 -221.8 M
[/View [/XYZ -4 535.210938 null] /Dest /21 /DEST pdfmark
0 -221.8 M
[/View [/XYZ -4 535.210938 null] /Dest /22 /DEST pdfmark
0 -240.8 M
%%IncludeResource: font Times-Bold
15 2 Nf
(4.2.) S
[/View [/XYZ -4 534.210938 null] /Dest /120 /DEST pdfmark
( ) S
(401-B0-stale) S
0 -265 M
11 0 Nf
0.116268381 0 32 0 0 (A 401-B0-stale message is a variant of 401-B0 message, which means that the client has sent a request) A
0 -278.2 M
(message which is not for any active session. ) S
0 -302.4 M
(WWW-Authenticate: Mutual algorithm=xxxx, validation=xxxx, realm="xxxx", stale=1 ) S
0 -326.6 M
(The header MUST contain the same fields as in 401-B0, except that stale field holds the integer 1. ) S
0 -337.6 M
[/View [/XYZ -4 419.414062 null] /Dest /23 /DEST pdfmark
0 -337.6 M
[/View [/XYZ -4 419.414062 null] /Dest /24 /DEST pdfmark
0 -356.6 M
15 2 Nf
(4.3.) S
[/View [/XYZ -4 418.414062 null] /Dest /121 /DEST pdfmark
( ) S
(req-A1) S
0 -380.8 M
11 0 Nf
0.285456717 0 32 0 0 (Every req-A1 message SHALL be a valid HTTP request message containing a "Authorization" header) A
0 -394 M
(of the following format. ) S
0 -418.2 M
(Authorization: Mutual algorithm=xxxx, validation=xxxx, realm="xxxx", user="xxxx", wa=xxxx ) S
0 -442.4 M
(The header SHALL contain the fields with the following keys: ) S
11 -466.6 M
(algorithm, validation, auth-domain, realm: ) S
33 -479.8 M
(MUST be the same value as it is received from S. ) S
11 -493 M
(user: ) S
33 -506.2 M
(\(string\) is the UTF-8 encoded name of the user. ) S
11 -519.4 M
(wa: ) S
33 -532.6 M
(\(algorithm-determined\) is the value of w_A specified by the used algorithm. ) S
0 -543.6 M
[/View [/XYZ -4 213.421875 null] /Dest /25 /DEST pdfmark
0 -543.6 M
[/View [/XYZ -4 213.421875 null] /Dest /26 /DEST pdfmark
0 -562.6 M
15 2 Nf
(4.4.) S
[/View [/XYZ -4 212.421875 null] /Dest /122 /DEST pdfmark
( ) S
(401-B1) S
0 -586.8 M
11 0 Nf
0.267728359 0 32 0 0 (Every 401-B1 message SHALL be a valid HTTP 401 \(Authentication Required\) message containing a) A
0 -600 M
("WWW-Authenticate" header of the following format. ) S
0 -624.2 M
1.6477865 0 32 0 0 (WWW-Authenticate: Mutual algorithm=xxxx, validation=xxxx, realm="xxxx", sid=xxxx, wb=xxxx,) A
0 -637.4 M
(nc-max=x, nc-window=x, time=x, path="xxxx" ) S
0 -637.4 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 7 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 8 8
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
(The header SHALL contain the fields with the following keys: ) S
11 -37.4 M
(algorithm, validation, auth-domain, realm: ) S
33 -50.6 M
(MUST be the same value as it is received from C. ) S
11 -63.8 M
(sid: ) S
33 -77 M
1.39483178 0 32 0 0 (\(hex-fixed-number\) MUST be a session id, which is a random integer. The sid SHOULD) A
33 -90.2 M
2.19056916 0 32 0 0 (have uniqueness of at least 80 bits or the square of the maximal estimated transactions) A
33 -103.4 M
2.8548677 0 32 0 0 (concurrently available in the session table, whichever is larger. Sids are local to each) A
33 -116.6 M
0.687890649 0 32 0 0 (authentication realm concerned: the same sids for different authentication realms SHOULD) A
33 -129.8 M
(be treated as independent ones. ) S
11 -143 M
(wb: ) S
33 -156.2 M
(\(algorithm-determined\) is the value of w_B specified by the algorithm. ) S
11 -169.4 M
(nc-max: ) S
33 -182.6 M
(\(hex-integer\) is the maximal value of nonce counts which S accepts. ) S
11 -195.8 M
(nc-window: ) S
33 -209 M
3.34735584 0 32 0 0 (\(hex-integer\) the number of available nonce slots which S will accept. The value of) A
33 -222.2 M
(nc-window is RECOMMENDED to be thirty-two \("20" in hex-integer\) or more. ) S
11 -235.4 M
(time: ) S
33 -248.6 M
4.1350913 0 32 0 0 (\(integer\) represents the suggested time \(in seconds\) which C can reuse the session) A
33 -261.8 M
1.02964151 0 32 0 0 (represented by sid. It is RECOMMENDED to be at least 60. The value of this field is not) A
33 -275 M
(directly linked to the duration that S keeps track of the session represented by sid. ) S
11 -288.2 M
(path: ) S
33 -301.4 M
2.68840146 0 32 0 0 (\(optional, string\) specifies for which path in the URI space the same authentication is) A
33 -314.6 M
1.1206342 0 32 0 0 (expected to apply. The value is in the same format as it is specified in ) A
1.1206342 0 32 0 0 ([RFC2617]) A
[/Rect [357.84375 -317.332031 409.949219 -305.232025] /Subtype /Link /Border [0 0 1] /Dest /88 /ANN pdfmark
1.1206342 0 32 0 0 ( for the) A
33 -327.8 M
2.759233 0 32 0 0 (Digest authentications, and clients are RECOMMENDED to recognize it. The all path) A
33 -341 M
1.79447114 0 32 0 0 (elements contained in the field MUST be inside the specified auth-domain: if not, client) A
33 -354.2 M
(SHOULD ignore such elements. ) S
0 -365.2 M
[/View [/XYZ -4 391.820312 null] /Dest /27 /DEST pdfmark
0 -365.2 M
[/View [/XYZ -4 391.820312 null] /Dest /28 /DEST pdfmark
0 -384.2 M
%%IncludeResource: font Times-Bold
15 2 Nf
(4.5.) S
[/View [/XYZ -4 390.820312 null] /Dest /123 /DEST pdfmark
( ) S
(req-A3) S
0 -408.4 M
11 0 Nf
0.285456717 0 32 0 0 (Every req-A3 message SHALL be a valid HTTP request message containing a "Authorization" header) A
0 -421.6 M
(of the following format. ) S
0 -445.8 M
(Authorization: Mutual algorithm=xxxx, validation=xxxx, realm="xxxx", sid=xxxx, nc=x, oa=xxxx ) S
0 -470 M
(The fields contained in the header is as follows: ) S
11 -494.2 M
(algorithm, validation, auth-domain, realm: ) S
33 -507.4 M
(MUST be the same value as it is received from S for the session. ) S
11 -520.6 M
(sid: ) S
33 -533.8 M
(\(hex-fixed-number\) MUST be one of the sid values which has been received from S. ) S
11 -547 M
(nc: ) S
33 -560.2 M
0.293229163 0 32 0 0 (\(hex-integer\) is a nonce value which is unique among the requests sharing the same sid. The) A
33 -573.4 M
(value of nc SHOULD satisfy the following properties: ) S
44 -583.9 M
gsave
0 setgray
newpath
44.0 -583.941406 2.75 0 360 arc
closepath
fill
grestore
55 -587.6 M
2.48828125 0 32 0 0 (It is not larger than the nc-max value which has been sent from S in the session) A
55 -600.8 M
(represented by the sid. ) S
44 -611.3 M
gsave
0 setgray
newpath
44.0 -611.339844 2.75 0 360 arc
closepath
fill
grestore
55 -615 M
(C have not sent the same value in the same session. ) S
44 -625.5 M
gsave
0 setgray
newpath
44.0 -625.539062 2.75 0 360 arc
closepath
fill
grestore
55 -629.2 M
0.0764508918 0 32 0 0 (It is not smaller than \(largest-nc - nc-window\), where largest-nc is the maximal value of) A
55 -642.4 M
1.39036453 0 32 0 0 (nc which has previously been sent in the session, and nc-window is the value of the) A
55 -655.6 M
(nc-window field which has been sent from S in the ) S
(session.) S
33 -655.6 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 8 -) S
0 setgray
22 -8 M
grestore
pgsave restore N
%%Page: 9 9
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
11 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
(oa: ) S
33 -26.4 M
(\(algorithm-determined\) is the value of o_A specified by the algorithm. ) S
0 -37.4 M
[/View [/XYZ -4 719.601562 null] /Dest /29 /DEST pdfmark
0 -37.4 M
[/View [/XYZ -4 719.601562 null] /Dest /30 /DEST pdfmark
0 -56.4 M
%%IncludeResource: font Times-Bold
15 2 Nf
(4.6.) S
[/View [/XYZ -4 718.601562 null] /Dest /124 /DEST pdfmark
( ) S
(200-B4) S
0 -80.6 M
11 0 Nf
0.269810259 0 32 0 0 (Every 200-B1 message SHALL be a valid HTTP message which is not 401 \(Authentication Required\)) A
0 -93.8 M
(type, containing an "Authentication-Info" header of the following format. ) S
0 -118 M
(Authentication-Info: Mutual sid=xxxx, ob=xxxx ) S
0 -142.2 M
(The fields contained in the header is as follows: ) S
11 -166.4 M
(sid: ) S
33 -179.6 M
(\(hex-fixed-number\) MUST be the value received from C. ) S
11 -192.8 M
(ob: ) S
33 -206 M
(\(algorithm-determined\) is the value of o_B specified by the algorithm. ) S
11 -219.2 M
(logout-timeout: ) S
33 -232.4 M
0.294642866 0 32 0 0 (\(optional, integer\) is a number of seconds after which the client should re-validate the user's) A
33 -245.6 M
0.641666651 0 32 0 0 (password for the current authentication realm. As a special case, the value 0 means that the) A
33 -258.8 M
0.196875 0 32 0 0 (client SHOULD automatically forget the user-inputed password to the current authentication) A
33 -272 M
1.88813925 0 32 0 0 (realm and revert to the unauthenticated state \(i.e.~server-initiated logout\). This does not,) A
33 -285.2 M
0.444335938 0 32 0 0 (however, mean that the long-term memories for the passwords \(such as password reminders) A
33 -298.4 M
1.66967773 0 32 0 0 (and auto fill-ins\) should be removed. If a new value of timeout is received for the same) A
33 -311.6 M
(authentication realm, it overrides the previous timeout. ) S
0 -322.6 M
[/View [/XYZ -4 434.414062 null] /Dest /31 /DEST pdfmark
0 -322.6 M
[/View [/XYZ -4 434.414062 null] /Dest /32 /DEST pdfmark
0 -341.6 M
15 2 Nf
(5.) S
[/View [/XYZ -4 433.414062 null] /Dest /125 /DEST pdfmark
( Decision procedure for the ) S
(client) S
0 -365.8 M
11 0 Nf
3.20793271 0 32 0 0 (To securely implement the protocol, the user client must be careful to accepting authenticated) A
0 -379 M
(responses from the server. ) S
0 -403.2 M
2.376302 0 32 0 0 (Clients SHOULD implement the decision procedure equivalent to the one shown below. \(Unless) A
0 -416.4 M
0.0852050781 0 32 0 0 (implementers understand what is required for the security, they should not alter this.\) The labels on the) A
0 -429.6 M
(steps are for informational purpose only. ) S
11 -453.8 M
(Step 1 \(step_new_request\): ) S
33 -467 M
2.3742187 0 32 0 0 (If the client software needs to get a new Web resource, check whether the resource is) A
33 -480.2 M
5.30598974 0 32 0 0 (expected to be inside some authentication realm for which the user has already) A
33 -493.4 M
(authenticated. If yes, go to Step 2. Otherwise, go to Step 5. ) S
11 -506.6 M
(Step 2: ) S
33 -519.8 M
0.702864587 0 32 0 0 (Check whether there is an available sid for the authentication realm you expects. If there is) A
33 -533 M
(one, go to Step 3. Otherwise, go to Step 4. ) S
11 -546.2 M
(Step 3 \(step_send_a3_1\): ) S
33 -559.4 M
(Send a req-A3 request. ) S
44 -569.9 M
gsave
0 setgray
newpath
44.0 -569.945312 2.75 0 360 arc
closepath
fill
grestore
55 -573.6 M
0.011117788 0 32 0 0 (If you receive a 401-B0 message with a different authentication realm than expected, go) A
55 -586.8 M
(to Step 6. ) S
44 -597.3 M
gsave
0 setgray
newpath
44.0 -597.34375 2.75 0 360 arc
closepath
fill
grestore
55 -601 M
(If you receive a 401-B0-stale message, go to Step 9. ) S
44 -611.5 M
gsave
0 setgray
newpath
44.0 -611.542969 2.75 0 360 arc
closepath
fill
grestore
55 -615.2 M
(If you receive a 401-B0 message, go to Step 13. ) S
44 -625.7 M
gsave
0 setgray
newpath
44.0 -625.742188 2.75 0 360 arc
closepath
fill
grestore
55 -629.4 M
(If you receive a valid 200-B4 message, go to Step 14. ) S
44 -639.9 M
gsave
0 setgray
newpath
44.0 -639.941406 2.75 0 360 arc
closepath
fill
grestore
55 -643.6 M
(If you receive a normal response \(without Mutual-specific headers\), go to Step ) S
(11.) S
33 -643.6 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 9 -) S
0 setgray
22 -8 M
grestore
pgsave restore N
%%Page: 10 10
%%PageResources: font Times-Roman Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
11 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
(Step 4 \(step_send_a1_1\): ) S
33 -26.4 M
(Send a req-A1 request. ) S
44 -37 M
gsave
0 setgray
newpath
44.0 -36.96875 2.75 0 360 arc
closepath
fill
grestore
55 -40.6 M
0.011117788 0 32 0 0 (If you receive a 401-B0 message with a different authentication realm than expected, go) A
55 -53.8 M
(to Step 6. ) S
44 -64.4 M
gsave
0 setgray
newpath
44.0 -64.3671875 2.75 0 360 arc
closepath
fill
grestore
55 -68 M
(If you receive a 401-B1 message, go to Step 10. ) S
44 -78.6 M
gsave
0 setgray
newpath
44.0 -78.5664062 2.75 0 360 arc
closepath
fill
grestore
55 -82.2 M
(If you receive a normal response \(without Mutual-specific headers\), go to Step ) S
(11.) S
11 -95.4 M
(Step 5 \(step_send_normal_1\): ) S
33 -108.6 M
(Send a request without any authentication headers. ) S
44 -119.2 M
gsave
0 setgray
newpath
44.0 -119.164062 2.75 0 360 arc
closepath
fill
grestore
55 -122.8 M
(If you receive a 401-B0 message, go to Step 6. ) S
44 -133.4 M
gsave
0 setgray
newpath
44.0 -133.363281 2.75 0 360 arc
closepath
fill
grestore
55 -137 M
(If you receive a normal response \(without Mutual-specific headers\), go to Step ) S
(11.) S
11 -150.2 M
(Step 6 \(step_rcvd_b0\): ) S
33 -163.4 M
0.41015625 0 32 0 0 (Check whether you know the user's password for the requested authentication realm. If yes,) A
33 -176.6 M
(go to Step 7. Otherwise, go to Step 12. ) S
11 -189.8 M
(Step 7: ) S
33 -203 M
0.702864587 0 32 0 0 (Check whether there is an available sid for the authentication realm you expects. If there is) A
33 -216.2 M
(one, go to Step 8. Otherwise, go to Step 9. ) S
11 -229.4 M
(Step 8 \(step_send_a3\): ) S
33 -242.6 M
(Send a req-A3 request. ) S
44 -253.2 M
gsave
0 setgray
newpath
44.0 -253.15625 2.75 0 360 arc
closepath
fill
grestore
55 -256.8 M
(If you receive a 401-B0-stale message, go to Step 9. ) S
44 -267.4 M
gsave
0 setgray
newpath
44.0 -267.355469 2.75 0 360 arc
closepath
fill
grestore
55 -271 M
(If you receive a 401-B0 message, go to Step 13. ) S
44 -281.6 M
gsave
0 setgray
newpath
44.0 -281.554688 2.75 0 360 arc
closepath
fill
grestore
55 -285.2 M
(If you receive a valid 200-B4 message, go to Step ) S
(14.) S
11 -298.4 M
(Step 9 \(step_send_a1\): ) S
33 -311.6 M
(Send a req-A1 request. ) S
44 -322.2 M
gsave
0 setgray
newpath
44.0 -322.152344 2.75 0 360 arc
closepath
fill
grestore
55 -325.8 M
(If you receive a 401-B1 message, go to Step ) S
(10.) S
11 -339 M
(Step 10 \(step_rcvd_b1\): ) S
33 -352.2 M
(Send a req-A3 request. ) S
44 -362.7 M
gsave
0 setgray
newpath
44.0 -362.75 2.75 0 360 arc
closepath
fill
grestore
55 -366.4 M
(If you receive a 401-B0 message, go to Step 13. ) S
44 -376.9 M
gsave
0 setgray
newpath
44.0 -376.949219 2.75 0 360 arc
closepath
fill
grestore
55 -380.6 M
(If you receive a valid 200-B4 message, go to Step ) S
(14.) S
11 -393.8 M
(Step 11 \(step_rcvd_normal\): ) S
33 -407 M
0.703125 0 32 0 0 (This case means that the resource requested is out of the authenticated area. The client will) A
33 -420.2 M
(be in "UNAUTHENTICATED" status. ) S
11 -433.4 M
(Step 12 \(step_rcvd_b0_unknown\): ) S
33 -446.6 M
0.857271612 0 32 0 0 (This case means that the resource requested requires Mutual authentication, and the user is) A
33 -459.8 M
7.17617178 0 32 0 0 (not authenticated yet. The client will be in "AUTH_REQUESTED" status, is) A
33 -473 M
0.488839298 0 32 0 0 (RECOMMENDED to process the content sent from the server and ask user a username and) A
33 -486.2 M
(password. If the user has input those, go to Step 9. ) S
11 -499.4 M
(Step 13 \(step_rcvd_b0_failed\): ) S
33 -512.6 M
0.706473231 0 32 0 0 (This case means that in some reason the authentication failed: possibly the password or the) A
33 -525.8 M
5.899858 0 32 0 0 (username is invalid for the authenticated resource. Forget the password for the) A
33 -539 M
(authentication realm and go to Step 12. ) S
11 -552.2 M
(Step 14 \(step_rcvd_b4\): ) S
33 -565.4 M
1.51450896 0 32 0 0 (This case means that the mutual authentication has been succeeded. The client will be in) A
33 -578.6 M
("AUTH_SUCCEEDED" status. ) S
0 -602.8 M
3.54464293 0 32 0 0 (All other kind of responses than shown in above procedure SHOULD be interpreted as fatal) A
0 -616 M
0.417187512 0 32 0 0 (communication error, and in such cases user clients MUST NOT process any data \(contents and other) A
0 -629.2 M
(content-related headers\) sent from the server. ) S
0 -629.2 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 10 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 11 11
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
(The client software SHOULD show the three client status to the end-user. ) S
0 -37.4 M
(Figure\2402) S
[/Rect [-1.0 -40.1484375 37.9609375 -28.0484371] /Subtype /Link /Border [0 0 1] /Dest /33 /ANN pdfmark
( shows the full client-side state diagram. ) S
0 -48.4 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -59.4 M
[/View [/XYZ -4 697.601562 null] /Dest /33 /DEST pdfmark
0 -453.4 M
gsave
0.0 -453.398438 translate
/IS 1 D
save
0 0 M
IS IS scale
/showpage {}D
-71 -427 translate
/tgifdict 53 dict def
tgifdict begin
/tgifarrowtipdict 8 dict def
tgifarrowtipdict /mtrx matrix put
/TGAT % tgifarrowtip
{ tgifarrowtipdict begin
/dy exch def
/dx exch def
/h exch def
/w exch def
/y exch def
/x exch def
/savematrix mtrx currentmatrix def
x y translate
dy dx atan rotate
0 0 moveto
w neg h lineto
w neg h neg lineto
savematrix setmatrix
end
} def
/TGMAX
{ exch dup 3 1 roll exch dup 3 1 roll gt { pop } { exch pop } ifelse
} def
/TGMIN
{ exch dup 3 1 roll exch dup 3 1 roll lt { pop } { exch pop } ifelse
} def
/TGSW { stringwidth pop } def
/bd { bind def } bind def
/GS { gsave } bd
/GR { grestore } bd
/NP { newpath } bd
/CP { closepath } bd
/CHP { charpath } bd
/CT { curveto } bd
/L { lineto } bd
/RL { rlineto } bd
/M { moveto } bd
/RM { rmoveto } bd
/S { stroke } bd
/F { fill } bd
/TR { translate } bd
/RO { rotate } bd
/SC { scale } bd
/MU { mul } bd
/DI { div } bd
/DU { dup } bd
/NE { neg } bd
/AD { add } bd
/SU { sub } bd
/PO { pop } bd
/EX { exch } bd
/CO { concat } bd
/CL { clip } bd
/EC { eoclip } bd
/EF { eofill } bd
/IM { image } bd
/IMM { imagemask } bd
/ARY { array } bd
/SG { setgray } bd
/RG { setrgbcolor } bd
/SD { setdash } bd
/W { setlinewidth } bd
/SM { setmiterlimit } bd
/SLC { setlinecap } bd
/SLJ { setlinejoin } bd
/SH { show } bd
/FF { findfont } bd
/MS { makefont setfont } bd
/AR { arcto 4 {pop} repeat } bd
/CURP { currentpoint } bd
/FLAT { flattenpath strokepath clip newpath } bd
/TGSM { tgiforigctm setmatrix } def
/TGRM { savematrix setmatrix } def
end
tgifdict begin
/tgifsavedpage save def
1 SM
1 W
0 SG
72 0 MU 72 11.602 MU TR
72 128 DI 100.000 MU 100 DI DU NE SC
GS
/tgiforigctm matrix currentmatrix def
NP
0 SG
GS
1 W
250 45 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(NEW REQUEST) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(NEW REQUEST) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
GR
GR
0 SG
NP
250 95 M
180 125 L
250 155 L
320 125 L
CP
GS
GR
GS
S
GR
NP
0 SG
GS
1 W
250 120 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(the requested URI) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(the requested URI) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(known to be authed?) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(known to be authed?) SH
GR
GR
0 SG
GS
NP
250 50 M
45 0 atan DU cos 8.000 MU 250 exch SU
exch sin 8.000 MU 95 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
250 95 8.000 3.000 0 45 TGAT
1 SG CP F
0 SG
NP
250 95 8.000 3.000 0 45 TGAT
CP F
GR
0 SG
GS
GS
NP
684 100 M
700 100 700 150 16 AR
700 134 L
700 150 600 150 16 AR
616 150 L
600 150 600 100 16 AR
600 116 L
600 100 700 100 16 AR
CP
S
GR
GR
NP
0 SG
GS
1 W
650 120 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(normal request) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(normal request) SH
GR
GR
0 SG
GS
NP
600 105 M
-35 -55 atan DU cos 8.000 MU 545 exch SU
exch sin 8.000 MU 70 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
545 70 8.000 3.000 -55 -35 TGAT
1 SG CP F
0 SG
NP
545 70 8.000 3.000 -55 -35 TGAT
CP F
GR
NP
0 SG
GS
1 W
480 75 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(UNAUTHENTICATED) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(UNAUTHENTICATED) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
GR
GR
0 SG
GS
NP
320 125 M
0 280 atan DU cos 8.000 MU 600 exch SU
exch sin 8.000 MU 125 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
600 125 8.000 3.000 280 0 TGAT
1 SG CP F
0 SG
NP
600 125 8.000 3.000 280 0 TGAT
CP F
GR
NP
0 SG
GS
1 W
540 100 M
GS
GS
0
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(normal-res.) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(normal-res.) SH
GR
GR
0 SG
NP
650 195 M
580 225 L
650 255 L
720 225 L
CP
GS
GR
GS
S
GR
NP
0 SG
GS
1 W
650 220 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(user/pass) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(user/pass) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(known?) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(known?) SH
GR
GR
0 SG
GS
NP
650 150 M
45 0 atan DU cos 8.000 MU 650 exch SU
exch sin 8.000 MU 195 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
650 195 8.000 3.000 0 45 TGAT
1 SG CP F
0 SG
NP
650 195 8.000 3.000 0 45 TGAT
CP F
GR
NP
0 SG
GS
1 W
660 165 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(401-B0) SH
GR
0 15 RM
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(200-optional-B0) SH
GR
GR
0 SG
GS
NP
590 230 M
25 -55 atan DU cos 8.000 MU 535 exch SU
exch sin 8.000 MU 255 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
535 255 8.000 3.000 -55 25 TGAT
1 SG CP F
0 SG
NP
535 255 8.000 3.000 -55 25 TGAT
CP F
GR
NP
0 SG
GS
1 W
475 260 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_REQUESTED) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_REQUESTED) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
GR
GR
NP
0 SG
GS
1 W
550 230 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) SH
GR
GR
NP
0 SG
GS
1 W
350 115 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) SH
GR
GR
0 SG
NP
250 295 M
180 325 L
250 355 L
320 325 L
CP
GS
GR
GS
S
GR
NP
0 SG
GS
1 W
250 320 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(session) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(session) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(available?) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(available?) SH
GR
GR
0 SG
GS
NP
250 155 M
140 0 atan DU cos 8.000 MU 250 exch SU
exch sin 8.000 MU 295 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
250 295 8.000 3.000 0 140 TGAT
1 SG CP F
0 SG
NP
250 295 8.000 3.000 0 140 TGAT
CP F
GR
0 SG
GS
GS
NP
284 400 M
300 400 300 450 16 AR
300 434 L
300 450 200 450 16 AR
216 450 L
200 450 200 400 16 AR
200 416 L
200 400 300 400 16 AR
CP
S
GR
GR
NP
0 SG
GS
1 W
250 420 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(req-A3) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(req-A3) SH
GR
GR
0 SG
GS
NP
250 355 M
45 0 atan DU cos 8.000 MU 250 exch SU
exch sin 8.000 MU 400 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
250 400 8.000 3.000 0 45 TGAT
1 SG CP F
0 SG
NP
250 400 8.000 3.000 0 45 TGAT
CP F
GR
NP
0 SG
GS
1 W
190 715 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(UNAUTHENTICATED) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(UNAUTHENTICATED) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
GR
GR
0 SG
GS
NP
200 430 M
180 480 L
215 0 atan DU cos 8.000 MU 180 exch SU
exch sin 8.000 MU 695 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
180 695 8.000 3.000 0 215 TGAT
1 SG CP F
0 SG
NP
180 695 8.000 3.000 0 215 TGAT
CP F
GR
NP
0 SG
GS
1 W
215 640 M
GS
GS
0
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(normal-res.) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(normal-res.) SH
GR
GR
0 SG
GS
NP
300 425 M
0 90 atan DU cos 8.000 MU 390 exch SU
exch sin 8.000 MU 425 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
390 425 8.000 3.000 90 0 TGAT
1 SG CP F
0 SG
NP
390 425 8.000 3.000 90 0 TGAT
CP F
GR
NP
0 SG
GS
1 W
340 415 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(401-B0) SH
GR
GR
NP
0 SG
GS
1 W
450 430 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_REQUESTED) TGSW
AD
/Times-Roman FF [12 0 0 -12 0 0] MS
(:) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_REQUESTED) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(:) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(forget user/pass) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(forget user/pass) SH
GR
GR
0 SG
GS
NP
180 325 M
180 460 L
250 480 L
20 0 atan DU cos 8.000 MU 250 exch SU
exch sin 8.000 MU 500 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
250 500 8.000 3.000 0 20 TGAT
1 SG CP F
0 SG
NP
250 500 8.000 3.000 0 20 TGAT
CP F
GR
0 SG
GS
GS
NP
284 500 M
300 500 300 550 16 AR
300 534 L
300 550 200 550 16 AR
216 550 L
200 550 200 500 16 AR
200 516 L
200 500 300 500 16 AR
CP
S
GR
GR
NP
0 SG
GS
1 W
250 520 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(req-A1) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(req-A1) SH
GR
GR
NP
0 SG
GS
1 W
165 345 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) SH
GR
GR
0 SG
GS
NP
200 525 M
180 555 L
140 0 atan DU cos 8.000 MU 180 exch SU
exch sin 8.000 MU 695 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
180 695 8.000 3.000 0 140 TGAT
1 SG CP F
0 SG
NP
180 695 8.000 3.000 0 140 TGAT
CP F
GR
0 SG
GS
NP
450 600 M
-150 0 atan DU cos 8.000 MU 450 exch SU
exch sin 8.000 MU 450 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
450 450 8.000 3.000 0 -150 TGAT
1 SG CP F
0 SG
NP
450 450 8.000 3.000 0 -150 TGAT
CP F
GR
NP
0 SG
GS
1 W
460 580 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(401-B0) SH
GR
GR
NP
0 SG
GS
1 W
450 720 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_SUCCEED) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_SUCCEED) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
GR
GR
0 SG
GS
NP
250 550 M
80 150 atan DU cos 8.000 MU 400 exch SU
exch sin 8.000 MU 630 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
400 630 8.000 3.000 150 80 TGAT
1 SG CP F
0 SG
NP
400 630 8.000 3.000 150 80 TGAT
CP F
GR
0 SG
GS
NP
295 445 M
250 105 atan DU cos 8.000 MU 400 exch SU
exch sin 8.000 MU 695 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
400 695 8.000 3.000 105 250 TGAT
1 SG CP F
0 SG
NP
400 695 8.000 3.000 105 250 TGAT
CP F
GR
NP
0 SG
GS
1 W
350 552 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(200-B4) SH
GR
GR
NP
0 SG
GS
1 W
250 585 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(401-B1) SH
GR
GR
0 SG
GS
GS
NP
484 600 M
500 600 500 650 16 AR
500 634 L
500 650 400 650 16 AR
416 650 L
400 650 400 600 16 AR
400 616 L
400 600 500 600 16 AR
CP
S
GR
GR
NP
0 SG
GS
1 W
450 620 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(req-A3) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(req-A3) SH
GR
GR
NP
0 SG
GS
1 W
455 682 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(200-B4) SH
GR
GR
0 SG
GS
NP
450 650 M
45 0 atan DU cos 8.000 MU 450 exch SU
exch sin 8.000 MU 695 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
450 695 8.000 3.000 0 45 TGAT
1 SG CP F
0 SG
NP
450 695 8.000 3.000 0 45 TGAT
CP F
GR
0 SG
NP
650 295 M
580 325 L
650 355 L
720 325 L
CP
GS
GR
GS
S
GR
NP
0 SG
GS
1 W
650 320 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(session) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(session) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(available?) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(available?) SH
GR
GR
0 SG
GS
GS
NP
684 400 M
700 400 700 450 16 AR
700 434 L
700 450 600 450 16 AR
616 450 L
600 450 600 400 16 AR
600 416 L
600 400 700 400 16 AR
CP
S
GR
GR
NP
0 SG
GS
1 W
650 420 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(req-A3) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(req-A3) SH
GR
GR
0 SG
GS
NP
650 355 M
45 0 atan DU cos 8.000 MU 650 exch SU
exch sin 8.000 MU 400 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
650 400 8.000 3.000 0 45 TGAT
1 SG CP F
0 SG
NP
650 400 8.000 3.000 0 45 TGAT
CP F
GR
0 SG
GS
GS
NP
684 500 M
700 500 700 550 16 AR
700 534 L
700 550 600 550 16 AR
616 550 L
600 550 600 500 16 AR
600 516 L
600 500 700 500 16 AR
CP
S
GR
GR
NP
0 SG
GS
1 W
650 520 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(req-A1) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(req-A1) SH
GR
GR
0 SG
GS
NP
650 255 M
40 0 atan DU cos 8.000 MU 650 exch SU
exch sin 8.000 MU 295 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
650 295 8.000 3.000 0 40 TGAT
1 SG CP F
0 SG
NP
650 295 8.000 3.000 0 40 TGAT
CP F
GR
NP
0 SG
GS
1 W
520 415 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(401-B0) SH
GR
GR
0 SG
GS
NP
600 425 M
0 -90 atan DU cos 8.000 MU 510 exch SU
exch sin 8.000 MU 425 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
510 425 8.000 3.000 -90 0 TGAT
1 SG CP F
0 SG
NP
510 425 8.000 3.000 -90 0 TGAT
CP F
GR
0 SG
GS
NP
720 325 M
720 465 L
650 480 L
20 0 atan DU cos 8.000 MU 650 exch SU
exch sin 8.000 MU 500 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
650 500 8.000 3.000 0 20 TGAT
1 SG CP F
0 SG
NP
650 500 8.000 3.000 0 20 TGAT
CP F
GR
NP
0 SG
GS
1 W
625 580 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(401-B1) SH
GR
GR
0 SG
GS
NP
650 550 M
75 -150 atan DU cos 8.000 MU 500 exch SU
exch sin 8.000 MU 625 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
500 625 8.000 3.000 -150 75 TGAT
1 SG CP F
0 SG
NP
500 625 8.000 3.000 -150 75 TGAT
CP F
GR
0 SG
GS
NP
605 445 M
250 -105 atan DU cos 8.000 MU 500 exch SU
exch sin 8.000 MU 695 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
500 695 8.000 3.000 -105 250 TGAT
1 SG CP F
0 SG
NP
500 695 8.000 3.000 -105 250 TGAT
CP F
GR
NP
0 SG
GS
1 W
520 552 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(200-B4) SH
GR
GR
0 SG
GS
NP
300 440 M
65 305 atan DU cos 8.000 MU 605 exch SU
exch sin 8.000 MU 505 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
605 505 8.000 3.000 305 65 TGAT
1 SG CP F
0 SG
NP
605 505 8.000 3.000 305 65 TGAT
CP F
GR
0 SG
GS
NP
625 450 M
50 0 atan DU cos 8.000 MU 625 exch SU
exch sin 8.000 MU 500 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
625 500 8.000 3.000 0 50 TGAT
1 SG CP F
0 SG
NP
625 500 8.000 3.000 0 50 TGAT
CP F
GR
NP
0 SG
GS
1 W
360 480 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(401-B0-stale) SH
GR
GR
NP
0 SG
GS
1 W
630 465 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(401-B0-stale) SH
GR
GR
NP
0 SG
GS
1 W
735 345 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) SH
GR
GR
NP
0 SG
GS
1 W
670 280 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) SH
GR
GR
NP
0 SG
GS
1 W
235 170 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) SH
GR
GR
NP
0 SG
GS
1 W
265 370 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) SH
GR
GR
NP
0 SG
GS
1 W
635 375 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) SH
GR
GR
NP
0 SG
GS
1 W
775 45 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(USER/PASS INPUTED) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(USER/PASS INPUTED) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
GR
GR
0 SG
GS
NP
780 50 M
780 470 L
35 -85 atan DU cos 8.000 MU 695 exch SU
exch sin 8.000 MU 505 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
695 505 8.000 3.000 -85 35 TGAT
1 SG CP F
0 SG
NP
695 505 8.000 3.000 -85 35 TGAT
CP F
GR
0 SG
GS
NP
295 405 M
330 355 L
330 180 L
0 320 atan DU cos 8.000 MU 650 exch SU
exch sin 8.000 MU 180 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
650 180 8.000 3.000 320 0 TGAT
1 SG CP F
0 SG
NP
650 180 8.000 3.000 320 0 TGAT
CP F
GR
NP
0 SG
GS
1 W
345 160 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(401-B0, 200-optional-B0) SH
GR
0 15 RM
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
( with different realm ) SH
GR
GR
0 SG
GS
NP
295 505 M
330 460 L
330 355 L
TGSM
1 W
S
GR
NP
0 SG
GS
1 W
195 105 M
GS
0 SG
/Helvetica FF [12 0 0 -12 0 0] MS
(\(1\)) SH
GR
GR
NP
0 SG
GS
1 W
200 325 M
GS
0 SG
/Helvetica FF [12 0 0 -12 0 0] MS
(\(2\)) SH
GR
GR
NP
0 SG
GS
1 W
210 415 M
GS
0 SG
/Helvetica FF [12 0 0 -12 0 0] MS
(\(3\)) SH
GR
GR
NP
0 SG
GS
1 W
210 515 M
GS
0 SG
/Helvetica FF [12 0 0 -12 0 0] MS
(\(4\)) SH
GR
GR
NP
0 SG
GS
1 W
610 115 M
GS
0 SG
/Helvetica FF [12 0 0 -12 0 0] MS
(\(5\)) SH
GR
GR
NP
0 SG
GS
1 W
605 330 M
GS
0 SG
/Helvetica FF [12 0 0 -12 0 0] MS
(\(7\)) SH
GR
GR
NP
0 SG
GS
1 W
610 415 M
GS
0 SG
/Helvetica FF [12 0 0 -12 0 0] MS
(\(8\)) SH
GR
GR
NP
0 SG
GS
1 W
610 515 M
GS
0 SG
/Helvetica FF [12 0 0 -12 0 0] MS
(\(9\)) SH
GR
GR
NP
0 SG
GS
1 W
600 230 M
GS
0 SG
/Helvetica FF [12 0 0 -12 0 0] MS
(\(6\)) SH
GR
GR
NP
0 SG
GS
1 W
390 75 M
GS
0 SG
/Helvetica FF [12 0 0 -12 0 0] MS
(\(11\)) SH
GR
GR
NP
0 SG
GS
1 W
130 695 M
GS
0 SG
/Helvetica FF [12 0 0 -12 0 0] MS
(\(11\)) SH
GR
GR
NP
0 SG
GS
1 W
415 240 M
GS
0 SG
/Helvetica FF [12 0 0 -12 0 0] MS
(\(12\)) SH
GR
GR
NP
0 SG
GS
1 W
395 410 M
GS
0 SG
/Helvetica FF [12 0 0 -12 0 0] MS
(\(13\)) SH
GR
GR
NP
0 SG
GS
1 W
410 615 M
GS
0 SG
/Helvetica FF [12 0 0 -12 0 0] MS
(\(10\)) SH
GR
GR
NP
0 SG
GS
1 W
410 700 M
GS
0 SG
/Helvetica FF [12 0 0 -12 0 0] MS
(\(14\)) SH
GR
GR
GR
tgifsavedpage restore
end
showpage
restore
grestore
400.0 0.0 RM
169 -476.3 M
%%IncludeResource: font Times-Bold
7.63889 2 Nf
(\240Figure\2402: State diagram for ) S
(clients\240) S
0 -490.2 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -501.2 M
[/View [/XYZ -4 255.761719 null] /Dest /34 /DEST pdfmark
0 -501.2 M
[/View [/XYZ -4 255.761719 null] /Dest /35 /DEST pdfmark
0 -520.2 M
15 2 Nf
(6.) S
[/View [/XYZ -4 254.761719 null] /Dest /126 /DEST pdfmark
( Decision procedure for the ) S
(server) S
0 -544.4 M
11 0 Nf
(Servers SHOULD respond to the client requests according to the following procedure: ) S
11 -565 M
gsave
0 setgray
newpath
11.0 -565.007812 2.75 0 360 arc
closepath
fill
grestore
22 -568.6 M
(When the server receives a normal request: ) S
33 -579.2 M
gsave
0 setgray
newpath
33.0 -579.207031 2.75 0 360 arc
closepath
stroke
grestore
44 -582.8 M
(If the requested resource is not protected by Mutual Authentication, send a normal response. ) S
33 -593.4 M
gsave
0 setgray
newpath
33.0 -593.40625 2.75 0 360 arc
closepath
stroke
grestore
44 -597 M
(If the resource is protected by Mutual Authentication, send a 401-B0 response. ) S
33 -607.6 M
gsave
0 setgray
newpath
33.0 -607.605469 2.75 0 360 arc
closepath
stroke
grestore
44 -611.2 M
0.926491499 0 32 0 0 (If the resource is protected by Mutual Authentication with Optional Mutual Authentication) A
44 -624.4 M
(extension ) S
(\() S
(Section\24011) S
[/Rect [91.5625 -627.183594 140.300781 -615.083618] /Subtype /Link /Border [0 0 1] /Dest /52 /ANN pdfmark
(\), send a 200-Optional-B0 ) S
(response.) S
11 -635 M
gsave
0 setgray
newpath
11.0 -635.003906 2.75 0 360 arc
closepath
fill
grestore
22 -638.6 M
(When the server receives a req-A1 request: ) S
33 -649.2 M
gsave
0 setgray
newpath
33.0 -649.203125 2.75 0 360 arc
closepath
stroke
grestore
44 -652.8 M
(If the requested resource is not protected by Mutual Authentication, send a normal response. ) S
33 -663.4 M
gsave
0 setgray
newpath
33.0 -663.402344 2.75 0 360 arc
closepath
stroke
grestore
44 -667 M
2.40835333 0 32 0 0 (If the authentication realm specified in the req-A1 request is non-expected one, send a) A
44 -667 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 11 -) S
0 setgray
88 -8 M
grestore
pgsave restore N
%%Page: 12 12
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
44 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
(401-B0 \(or 200-Optional-B0\) response. ) S
33 -23.8 M
gsave
0 setgray
newpath
33.0 -23.7695312 2.75 0 360 arc
closepath
stroke
grestore
44 -27.4 M
11 0 Nf
(If the server cannot validate field wa, send a 401-B0 response. ) S
33 -38 M
gsave
0 setgray
newpath
33.0 -37.96875 2.75 0 360 arc
closepath
stroke
grestore
44 -41.6 M
(If the received user name is invalid, send a fake 401-B1 response. ) S
33 -52.2 M
gsave
0 setgray
newpath
33.0 -52.1679688 2.75 0 360 arc
closepath
stroke
grestore
44 -55.8 M
(Otherwise, send a 401-B1 ) S
(response.) S
11 -66.4 M
gsave
0 setgray
newpath
11.0 -66.3671875 2.75 0 360 arc
closepath
fill
grestore
22 -70 M
(When the server receives a req-A3 request: ) S
33 -80.6 M
gsave
0 setgray
newpath
33.0 -80.5664062 2.75 0 360 arc
closepath
stroke
grestore
44 -84.2 M
(If the requested resource is not protected by Mutual Authentication, send a normal response. ) S
33 -94.8 M
gsave
0 setgray
newpath
33.0 -94.765625 2.75 0 360 arc
closepath
stroke
grestore
44 -98.4 M
2.40835333 0 32 0 0 (If the authentication realm specified in the req-A3 request is non-expected one, send a) A
44 -111.6 M
(401-B0 \(or 200-Optional-B0\) response. ) S
33 -122.2 M
gsave
0 setgray
newpath
33.0 -122.164062 2.75 0 360 arc
closepath
stroke
grestore
44 -125.8 M
(If the received sid is invalid, inactive or unknown, send a 401-B0-stale response. ) S
33 -136.4 M
gsave
0 setgray
newpath
33.0 -136.363281 2.75 0 360 arc
closepath
stroke
grestore
44 -140 M
(If the receive oa is invalid, send a 401-B0 response. ) S
33 -150.6 M
gsave
0 setgray
newpath
33.0 -150.5625 2.75 0 360 arc
closepath
stroke
grestore
44 -154.2 M
(If the receive oa is correct, send a 200-B4 ) S
(response.) S
0 -165.2 M
[/View [/XYZ -4 591.808594 null] /Dest /36 /DEST pdfmark
0 -165.2 M
[/View [/XYZ -4 591.808594 null] /Dest /37 /DEST pdfmark
0 -184.2 M
%%IncludeResource: font Times-Bold
15 2 Nf
(7.) S
[/View [/XYZ -4 590.808594 null] /Dest /127 /DEST pdfmark
( Authentication ) S
(Algorithms) S
0 -208.4 M
11 0 Nf
0.81640625 0 32 0 0 (This document specifies only one family of the authentication algorithm. The family consists of four) A
0 -221.6 M
4.74726582 0 32 0 0 (authentication algorithms, which only differ in underlying mathematical groups and security) A
0 -234.8 M
(parameters. The algorithms do not add any additional fields. The tokens for algorithms ) S
(are) S
11 -255.4 M
gsave
0 setgray
newpath
11.0 -255.359375 2.75 0 360 arc
closepath
fill
grestore
22 -259 M
("iso11770-4-ec-p256" for the 256-bit prime-field elliptic-curve setting. ) S
11 -269.6 M
gsave
0 setgray
newpath
11.0 -269.558594 2.75 0 360 arc
closepath
fill
grestore
22 -273.2 M
("iso11770-4-ec-p521" for the 521-bit prime-field elliptic-curve setting. ) S
11 -283.8 M
gsave
0 setgray
newpath
11.0 -283.757812 2.75 0 360 arc
closepath
fill
grestore
22 -287.4 M
("iso11770-4-dl-2048" for the 2048-bit discrete-logarithm setting. ) S
11 -298 M
gsave
0 setgray
newpath
11.0 -297.957031 2.75 0 360 arc
closepath
fill
grestore
22 -301.6 M
("iso11770-4-dl-4096" for the 4096-bit discrete-logarithm ) S
(setting.) S
0 -325.8 M
0.059495192 0 32 0 0 (For the elliptic-curve settings, the underlying fields and the curves used for elliptic-curve cryptography) A
0 -339 M
1.30639648 0 32 0 0 (are the prime field and the Curve P-256 and P-521, respectively, specified in the appendix of ) A
1.30639648 0 32 0 0 (FIPS) A
[/Rect [430.972656 -341.734375 454.972656 -329.634369] /Subtype /Link /Border [0 0 1] /Dest /74 /ANN pdfmark
0 -352.2 M
0.666466355 0 32 0 0 (PUB ) A
0.666466355 0 32 0 0 (186-2) A
[/Rect [-1.0 -354.933594 51.4648438 -342.833588] /Subtype /Link /Border [0 0 1] /Dest /74 /ANN pdfmark
0.666466355 0 32 0 0 ( [FIPS.186-2.2000] specification. The hash functions H are SHA-256 for P-256 curve and) A
0 -365.4 M
4.2294035 0 32 0 0 (SHA-512 for P-521 curve, respectively, defined in ) A
4.2294035 0 32 0 0 (FIPS PUB ) A
4.2294035 0 32 0 0 (180-2) A
[/Rect [253.679688 -368.132812 338.683594 -356.032806] /Subtype /Link /Border [0 0 1] /Dest /73 /ANN pdfmark
4.2294035 0 32 0 0 ( [FIPS.180-2.2002]. The) A
0 -378.6 M
(representation of fields wa, wb, oa, and ob is hex-fixed-number. ) S
0 -402.8 M
3.174716 0 32 0 0 (For discrete-logarithm settings, the underlying groups are 2048-bit and 4096-bit MODP groups) A
0 -416 M
2.38371396 0 32 0 0 (defined in ) A
2.38371396 0 32 0 0 ([RFC3526]) A
[/Rect [50.8007812 -418.730469 102.90625 -406.630463] /Subtype /Link /Border [0 0 1] /Dest /77 /ANN pdfmark
2.38371396 0 32 0 0 ( respectively. See ) A
2.38371396 0 32 0 0 (Appendix\240A) A
[/Rect [188.066406 -418.730469 244.136719 -406.630463] /Subtype /Link /Border [0 0 1] /Dest /92 /ANN pdfmark
2.38371396 0 32 0 0 ( for the exact specification of the group and) A
0 -429.2 M
0.458333343 0 32 0 0 (associated parameters. The hash functions H are SHA-256 for the 2048-bit field and SHA-512 for the) A
0 -442.4 M
(4096-bit field, respectively. The representation of fields wa, wb, oa, and ob is base64-fixed-number. ) S
0 -466.6 M
0.728365362 0 32 0 0 (The clients SHOULD support at least "iso11770-4-dl-2048" algorithm, and are advised to support all) A
0 -479.8 M
2.56818175 0 32 0 0 (of the above four algorithms whenever possible. The server software implementations SHOULD) A
0 -493 M
(support at least "iso11770-4-dl-2048" algorithm, unless it is known that users will not use it. ) S
0 -517.2 M
6.65332031 0 32 0 0 (This algorithm uses Key Agreement Mechanism 3 \(KAM3\) defined in Section 6.3 of ) A
0 -530.4 M
(ISO/IEC-11770-4) S
[/Rect [-1.0 -533.125 79.8046875 -521.025] /Subtype /Link /Border [0 0 1] /Dest /85 /ANN pdfmark
( [ISO.11770-4.2006] as a basis. ) S
0 -541.4 M
[/View [/XYZ -4 215.625 null] /Dest /38 /DEST pdfmark
0 -541.4 M
[/View [/XYZ -4 215.625 null] /Dest /39 /DEST pdfmark
0 -560.4 M
15 2 Nf
(7.1.) S
[/View [/XYZ -4 214.625 null] /Dest /128 /DEST pdfmark
( Common ) S
(functions) S
0 -584.6 M
11 0 Nf
(The password-based string pi used by this authentication is derived in the following manner: ) S
0 -608.8 M
(pi = H\(VS\(algorithm\) | VS\(auth-domain\) | VS\(realm\) | VS\(username\) | VS\(ph\(password\)\). ) S
0 -633 M
1.23125 0 32 0 0 (The values of algorithm, realm and auth-domain are taken from the values contained in the 401-B0) A
0 -646.2 M
0.685763896 0 32 0 0 (message. When pi is used in the context of an octet string, it SHALL have the natural length derived) A
0 -659.4 M
0.617393076 0 32 0 0 (from the size of the output of function H \(e.g. 32 octets for SHA-256\). The function ph is defined by) A
0 -659.4 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 12 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 13 13
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
(the value of the pwd-hash field given in a 401-B0 message. ) S
0 -37.4 M
11 0 Nf
2.10491061 0 32 0 0 (The function VI encodes natural numbers into octet strings in the following manner: integers are) A
0 -50.6 M
0.12109375 0 32 0 0 (represented in big-endian radix-128 string, where each digit is represented by a octet 0x80\2350xff except) A
0 -63.8 M
1.3190918 0 32 0 0 (the last digit represented by 0x00\2350x7f. The first octet MUST NOT be 0x80. For example, VI\(i\) =) A
0 -77 M
1.4193275 0 32 0 0 (octet\(i\) for i < 128, and VI\(i\) = octet\(0x80 | \(i >> 7\)\) | octet\(i & 127\) for 128 <= i < 16384. This) A
0 -90.2 M
(encoding is the same as the one used in the length field in ) S
(the ASN.1 ) S
(encoding) S
[/Rect [255.269531 -92.9453125 346.773438 -80.845314] /Subtype /Link /Border [0 0 1] /Dest /86 /ANN pdfmark
( [ITU.X690.1994]. ) S
0 -114.4 M
1.03487718 0 32 0 0 (The function VS encodes variable-length octet string into decodable octet string, as in the following) A
0 -127.6 M
(manner: ) S
0 -151.8 M
(VS\(s\) = VI\(length\(s\)\) | s ) S
0 -176 M
(where length\(s\) is a number of octets \(not characters\) in s. ) S
0 -200.2 M
0.824869812 0 32 0 0 (The function OCTETS converts an integer to corresponding radix-256 big-endian octet string having) A
0 -213.4 M
0.803466797 0 32 0 0 (its natural length: See ) A
0.803466797 0 32 0 0 (Section\2403.2) A
[/Rect [100.550781 -216.140625 152.039062 -204.040619] /Subtype /Link /Border [0 0 1] /Dest /13 /ANN pdfmark
0.803466797 0 32 0 0 ( for the definition of the "natural length". Note that this is different) A
0 -226.6 M
(from the function GE2OS_x in ) S
([ISO.11770-4.2006]) S
[/Rect [137.984375 -229.339844 229.179688 -217.239838] /Subtype /Link /Border [0 0 1] /Dest /85 /ANN pdfmark
(, which takes the shortest ) S
(representation.) S
0 -250.8 M
0.0869140625 0 32 0 0 (The equations for J, w_A, T, z, and w_B are specified differently for the discrete-logarithm setting and) A
0 -264 M
2.735677 0 32 0 0 (the elliptic-curve setting based on ) A
2.735677 0 32 0 0 ([ISO.11770-4.2006]) A
[/Rect [163.851562 -266.738281 255.046875 -254.638275] /Subtype /Link /Border [0 0 1] /Dest /85 /ANN pdfmark
2.735677 0 32 0 0 (. These equations are defined later in this) A
0 -277.2 M
(section. ) S
0 -301.4 M
0.218994141 0 32 0 0 (The values o_A and o_B are derived by the following equation. Note that these equations are different) A
0 -314.6 M
(from ones specified in ) S
([ISO.11770-4.2006]) S
[/Rect [99.7851562 -317.335938 190.980469 -305.235931] /Subtype /Link /Border [0 0 1] /Dest /85 /ANN pdfmark
(. ) S
0 -338.8 M
(o_A = H\(octet\(04\) | OCTETS\(w_A\) | OCTETS\(w_B\) | OCTETS\(z\) | VI\(nc\) | VS\(v\)\) ) S
0 -352 M
(o_B = H\(octet\(03\) | OCTETS\(w_A\) | OCTETS\(w_B\) | OCTETS\(z\) | VI\(nc\) | VS\(v\)\) ) S
0 -363 M
[/View [/XYZ -4 394.015625 null] /Dest /40 /DEST pdfmark
0 -363 M
[/View [/XYZ -4 394.015625 null] /Dest /41 /DEST pdfmark
0 -382 M
%%IncludeResource: font Times-Bold
15 2 Nf
(7.2.) S
[/View [/XYZ -4 393.015625 null] /Dest /129 /DEST pdfmark
( Functions for discrete-logarithm ) S
(settings) S
0 -406.2 M
11 0 Nf
0.209821433 0 32 0 0 (In this section, the equation \(x / y mod z\) denotes an natural number w less than z which satisfies \(w *) A
0 -419.4 M
(y\) mod z = x mod z. ) S
0 -443.6 M
(For the discrete-logarithm, we refer some of the domain parameters by the following symbols: ) S
11 -464.2 M
gsave
0 setgray
newpath
11.0 -464.152344 2.75 0 360 arc
closepath
fill
grestore
22 -467.8 M
(q: for "the prime" of the group. ) S
11 -478.4 M
gsave
0 setgray
newpath
11.0 -478.351562 2.75 0 360 arc
closepath
fill
grestore
22 -482 M
(g: for "the generator" associated with the group. ) S
11 -492.6 M
gsave
0 setgray
newpath
11.0 -492.550781 2.75 0 360 arc
closepath
fill
grestore
22 -496.2 M
(r: for the order of the subgroup generated by ) S
(g.) S
0 -520.4 M
(The function J is defined as ) S
0 -544.6 M
(J\(pi\) = g^\(pi\) mod q, ) S
0 -568.8 M
(where g and q are domain parameters of the underlying field. ) S
0 -593 M
(The value of w_A is derived as ) S
0 -617.2 M
(w_A = g^\(s_A\) mod q, ) S
0 -628.2 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 13 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 14 14
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
0.109188989 0 32 0 0 (where s_A is a random integer within range [1, r-1] and r is the size of the subgroup generated by g. In) A
0 -26.4 M
(addition, s_A MUST be larger than log\(q\)/log\(g\) \(so that g^\(s_A\) > q\). ) S
0 -50.6 M
2.07927394 0 32 0 0 (The value of w_A SHALL satisfy 1 < w_A < q-1. The server MUST check this condition upon) A
0 -63.8 M
(reception. ) S
0 -88 M
(The value of w_B is derived from J\(pi\) and w_A as: ) S
0 -112.2 M
(w_B = \(J\(pi\) * w_A^\(H\(octet\(1\) | OCTETS\(w_A\)\)\)\)^s_B mod q, ) S
0 -136.4 M
0.286328137 0 32 0 0 (where s_B is a random number within range [1, r-1]. The value of w_B MUST satisfy 1 < w_B < q-1.) A
0 -149.6 M
0.0744357631 0 32 0 0 (If this condition is not hold, the server MUST retry with another value of s_B. The client MUST check) A
0 -162.8 M
(this condition upon reception. ) S
0 -187 M
(The value z in the client side is derived by the following equation: ) S
0 -211.2 M
0.037224263 0 32 0 0 (z = w_B^\(\(s_A + H\(octet\(2\) | OCTETS\(w_A\) | OCTETS\(w_B\)\)\) / \(s_A * H\(octet\(1\) | w_A\) + pi\) mod) A
0 -224.4 M
(r\) mod q. ) S
0 -248.6 M
(The value z in the server side is derived by the following equation: ) S
0 -272.8 M
(z = \(w_A * g^\(H\(octet\(2\) | OCTETS\(w_A\) | OCTETS\(w_B\)\)\)\)^s_B mod q. ) S
0 -283.8 M
[/View [/XYZ -4 473.210938 null] /Dest /42 /DEST pdfmark
0 -283.8 M
[/View [/XYZ -4 473.210938 null] /Dest /43 /DEST pdfmark
0 -302.8 M
%%IncludeResource: font Times-Bold
15 2 Nf
(7.3.) S
[/View [/XYZ -4 472.210938 null] /Dest /130 /DEST pdfmark
( Functions for elliptic-curve ) S
(settings) S
0 -327 M
11 0 Nf
(For the elliptic-curve setting, we refer some of the domain parameters by the following symbols: ) S
11 -347.6 M
gsave
0 setgray
newpath
11.0 -347.558594 2.75 0 360 arc
closepath
fill
grestore
22 -351.2 M
(q: for the prime used to define the field, ) S
11 -361.8 M
gsave
0 setgray
newpath
11.0 -361.757812 2.75 0 360 arc
closepath
fill
grestore
22 -365.4 M
(G: for the defined point called the generator, ) S
11 -376 M
gsave
0 setgray
newpath
11.0 -375.957031 2.75 0 360 arc
closepath
fill
grestore
22 -379.6 M
(r: for the order of the subfield generated by ) S
(G.) S
0 -403.8 M
0.138085932 0 32 0 0 (The function P\(p\) converts a curve point p to an integer representing the point p, by computing x * 2 +) A
0 -417 M
0.548117876 0 32 0 0 (\(y mod 2\), where \(x, y\) are the coordinates of the point p. P'\(z\) is the inverse of function P, that is, it) A
0 -430.2 M
1.19419646 0 32 0 0 (converts an integer z to a point p which satisfies P\(p\) = z. If such p is exist, it is uniquely defined.) A
0 -443.4 M
5.48723936 0 32 0 0 (Otherwise, z does not represent a valid curve point. The operation [x] * p denotes an) A
0 -456.6 M
3.16471362 0 32 0 0 (integer-multiplication of point p: it calculates p + p + ... \(x times\) ... + p. See literatures on) A
0 -469.8 M
1.16346157 0 32 0 0 (elliptic-curve cryptography for the exact algorithms for those. 0_E represents the infinity point. The) A
0 -483 M
0.279891312 0 32 0 0 (equation \(x / y mod z\) denotes an natural number w less than z which satisfies \(w * y\) mod z = x mod) A
0 -496.2 M
(z. ) S
0 -520.4 M
(the function J is defined as ) S
0 -544.6 M
(J\(pi\) = [pi] * G. ) S
0 -568.8 M
(The value of w_A is derived as ) S
0 -593 M
(w_A = P\(W_A\), where W_A = [s_A] x G. ) S
0 -617.2 M
0.178602427 0 32 0 0 (where s_A is a random number within range [1, r-1]. The value of w_A MUST represent a valid curve) A
0 -630.4 M
(point, and W_A SHALL NOT be 0_E. The server MUST check this condition upon reception. ) S
0 -630.4 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 14 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 15 15
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
(The value of w_B is derived from J\(pi\) and W_A = P'\(w_A\) as: ) S
0 -37.4 M
(w_B = P\(W_B\), where W_B = [s_B] * \(J\(pi\) + [H\(octet\(1\) | OCTETS\(w_A\)\)] * W_A\). ) S
0 -61.6 M
0.245876729 0 32 0 0 (where s_B is a random number within range [1, r-1]. The value of w_B MUST represent a valid curve) A
0 -74.8 M
1.59049475 0 32 0 0 (point and satisfy [4] * P'\(w_B\) <> 0_E. If this condition is not hold, the server MUST retry with) A
0 -88 M
(another value of s_B. The client MUST check this condition upon reception. ) S
0 -112.2 M
(The value z in the client side is derived by the following equation: ) S
0 -136.4 M
0.346354157 0 32 0 0 (z = P\([\(s_A + H\(octet\(2\) | OCTETS\(w_A\) | OCTETS\(w_B\)\)\) / \(s_A * H\(octet\(1\) | OCTETS\(w_A\)\) +) A
0 -149.6 M
(pi\) mod r] * W_B\), where W_B = P'\(w_B\). ) S
0 -173.8 M
(The value z in the server side is derived by the following equation: ) S
0 -198 M
(z = P\([s_B] * \(W_A + [H\(octet\(2\) | OCTETS\(w_A\) | OCTETS\(w_B\)\)] * G\)\), where W_A = P'\(w_A\). ) S
0 -209 M
[/View [/XYZ -4 548.007812 null] /Dest /44 /DEST pdfmark
0 -209 M
[/View [/XYZ -4 548.007812 null] /Dest /45 /DEST pdfmark
0 -228 M
%%IncludeResource: font Times-Bold
15 2 Nf
(8.) S
[/View [/XYZ -4 547.007812 null] /Dest /131 /DEST pdfmark
( Authentication ) S
(Realms) S
0 -252.2 M
11 0 Nf
0.129365802 0 32 0 0 (In this protocol, "authentication realm" is defined as the set of resources \(URIs\) for which the same set) A
0 -265.4 M
1.0703125 0 32 0 0 (of user names and passwords is valid for. If the server requests authentication for the authentication) A
0 -278.6 M
1.46549475 0 32 0 0 (realm which the client is already authenticated, the client will automatically perform authentication) A
0 -291.8 M
2.63671875 0 32 0 0 (using the already-known secrets. On the contrary, for the different authentication realms, clients) A
0 -305 M
(SHOULD NOT automatically reuse the usernames and passwords for another realm. ) S
0 -329.2 M
2.12109375 0 32 0 0 (Just like Basic and Digest access authentication protocol, Mutual authentication protocol supports) A
0 -342.4 M
2.26652646 0 32 0 0 (multiple, separate authentication realms to be set up inside each hosts. Furthermore, the protocol) A
0 -355.6 M
(supports that a single authentication realm spans over several hosts in the same Internet domain. ) S
0 -379.8 M
0.777043283 0 32 0 0 (Each authentication realm is defined and distinguished by the triple of an "authentication algorithm",) A
0 -393 M
0.249674484 0 32 0 0 (an "authentication domain", a "realm" parameter. Server operators are NOT RECOMMENDED to use) A
0 -406.2 M
3.20823312 0 32 0 0 (the same pair of an authentication domain and a realm for different authentication algorithms,) A
0 -419.4 M
(however. ) S
0 -443.6 M
0.833533645 0 32 0 0 (Authentication algorithms are defined in ) A
0.833533645 0 32 0 0 (Section\2404) A
[/Rect [184.273438 -446.332031 227.511719 -434.232025] /Subtype /Link /Border [0 0 1] /Dest /17 /ANN pdfmark
0.833533645 0 32 0 0 ( and ) A
0.833533645 0 32 0 0 (Section\2407) A
[/Rect [248.558594 -446.332031 291.796875 -434.232025] /Subtype /Link /Border [0 0 1] /Dest /36 /ANN pdfmark
0.833533645 0 32 0 0 (. Realm parameters are just a string,) A
0 -456.8 M
(as defined in ) S
(Section\2404) S
[/Rect [57.9453125 -459.53125 101.183594 -447.431244] /Subtype /Link /Border [0 0 1] /Dest /17 /ANN pdfmark
(. Authentication domains are described in the rest of this section. ) S
0 -481 M
1.07924104 0 32 0 0 (An authentication domain specifies the range of hosts which the authentication realm spans over. In) A
0 -494.2 M
(the protocol, it MUST currently be one of the following strings. ) S
11 -514.7 M
gsave
0 setgray
newpath
11.0 -514.75 2.75 0 360 arc
closepath
fill
grestore
22 -518.4 M
0.616286039 0 32 0 0 (the string in format "<scheme>://<host>:<port>", where scheme, host and port are the URI parts) A
22 -531.6 M
0.00759548601 0 32 0 0 (of the requested URI. Even if the request-URI does not have a port part, the string will include the) A
22 -544.8 M
1.37224269 0 32 0 0 (one \(i.e. 80 for http and 443 for https\). Use this when authentication is only valid for specific) A
22 -558 M
(protocol \(such as https\). ) S
11 -568.5 M
gsave
0 setgray
newpath
11.0 -568.546875 2.75 0 360 arc
closepath
fill
grestore
22 -572.2 M
0.248535156 0 32 0 0 (The "host" part of the requested URI. This is the default value. Authentication realms in this kind) A
22 -585.4 M
0.902864575 0 32 0 0 (of authentication domain will span over several protocols \(i.e. http and https\) and ports, but not) A
22 -598.6 M
(over different hosts. ) S
11 -609.1 M
gsave
0 setgray
newpath
11.0 -609.144531 2.75 0 360 arc
closepath
fill
grestore
22 -612.8 M
2.31738281 0 32 0 0 (String in format "*.<domain-postfix>", where "domain-postfix" is either the host part of the) A
22 -626 M
2.45078135 0 32 0 0 (requested URI, or any domain in which the requested host is included \(this means that the) A
22 -639.2 M
0.418402791 0 32 0 0 (specification "*.example.com" is valid for all of hosts "www.example.com", "web.example.com") A
22 -652.4 M
0.37109375 0 32 0 0 (and "example.com"\). The domain-postfix must be equal to or included in a valid Internet domain) A
22 -665.6 M
1.57682288 0 32 0 0 (assigned to specific organization: if the clients can know by some way \(such as blacklists for) A
22 -665.6 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 15 -) S
0 setgray
44 -8 M
grestore
pgsave restore N
%%Page: 16 16
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
22 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
0.802343726 0 32 0 0 (HTTP cookies\) that the specified domain is not to be assigned to any specific organization \(e.g.) A
22 -26.4 M
11 0 Nf
("*.com" or "*.jp"\), the client is RECOMMENDED to reject the authentication request. ) S
0 -50.6 M
1.74759614 0 32 0 0 (In the above specifications, every "scheme", "host" and "domain" MUST in lower-case. and IDNs) A
0 -63.8 M
2.41826916 0 32 0 0 (MUST be represented in ) A
2.41826916 0 32 0 0 (puny-code) A
[/Rect [119.84375 -66.546875 168.269531 -54.4468765] /Subtype /Link /Border [0 0 1] /Dest /89 /ANN pdfmark
2.41826916 0 32 0 0 ( [RFC3492]. All "port"s MUST be in the shortest, unsigned,) A
0 -77 M
0.012369792 0 32 0 0 (decimal number notation. Not obeying these requirements will cause failure of authentication attempts. ) A
0 -88 M
[/View [/XYZ -4 669.003906 null] /Dest /46 /DEST pdfmark
0 -88 M
[/View [/XYZ -4 669.003906 null] /Dest /47 /DEST pdfmark
0 -107 M
%%IncludeResource: font Times-Bold
15 2 Nf
(8.1.) S
[/View [/XYZ -4 668.003906 null] /Dest /132 /DEST pdfmark
( Resolving ) S
(ambiguities) S
0 -131.2 M
11 0 Nf
3.77929688 0 32 0 0 (In the above definition of authentication domains, several domains will overwrap each other.) A
0 -144.4 M
1.47767854 0 32 0 0 (Depending on the "path" parameters given in the "401-B1" message \(see ) A
1.47767854 0 32 0 0 (Section\2404) A
[/Rect [337.691406 -147.144531 380.929688 -135.044525] /Subtype /Link /Border [0 0 1] /Dest /17 /ANN pdfmark
1.47767854 0 32 0 0 (\), There may be) A
0 -157.6 M
0.846093774 0 32 0 0 (several candidate when the client is to send a request with authentication credentials included \(at the) A
0 -170.8 M
(Steps 3 and 4 of the decision procedure shown in ) S
(Section\2405) S
[/Rect [217.703125 -173.542969 260.941406 -161.442963] /Subtype /Link /Border [0 0 1] /Dest /31 /ANN pdfmark
(\). ) S
0 -195 M
(If such choices are required, the following procedure SHOULD be ) S
(followed.) S
11 -215.6 M
gsave
0 setgray
newpath
11.0 -215.5625 2.75 0 360 arc
closepath
fill
grestore
22 -219.2 M
0.90625 0 32 0 0 (If the client has previously sent a request to the same URI, and it remembers the authentication) A
22 -232.4 M
(realm requested by 401-B0 messages at that time, use that realm. ) S
11 -243 M
gsave
0 setgray
newpath
11.0 -242.960938 2.75 0 360 arc
closepath
fill
grestore
22 -246.6 M
2.7361505 0 32 0 0 (In other cases, use one of authentication realms which specific most-specific authentication) A
22 -259.8 M
1.77163458 0 32 0 0 (domains. In the list of possible domain specifications shown above, one described earlier has) A
22 -273 M
(priority over ones described after that. ) S
22 -286.2 M
2.43294263 0 32 0 0 (If there are several choices with different domain-postfix specifications, the ones which has) A
22 -299.4 M
(longer domain possible has priority over ones with shorter domain-postfix. ) S
11 -310 M
gsave
0 setgray
newpath
11.0 -309.957031 2.75 0 360 arc
closepath
fill
grestore
22 -313.6 M
1.56110489 0 32 0 0 (If there are realms with the same specifications of authentication domain, there is not defined) A
22 -326.8 M
(priority: client can choose any one of possible choices. ) S
0 -351 M
0.591346145 0 32 0 0 (If possible, server operators are recommended to avoid such ambiguities by setting "path" parameters) A
0 -364.2 M
(properly. ) S
0 -375.2 M
[/View [/XYZ -4 381.816406 null] /Dest /48 /DEST pdfmark
0 -375.2 M
[/View [/XYZ -4 381.816406 null] /Dest /49 /DEST pdfmark
0 -394.2 M
15 2 Nf
(9.) S
[/View [/XYZ -4 380.816406 null] /Dest /133 /DEST pdfmark
( Validation ) S
(Methods) S
0 -418.4 M
11 0 Nf
1.56730771 0 32 0 0 (The "validation method" specifies a method to "relate" the mutual authentication processed by this) A
0 -431.6 M
3.67773438 0 32 0 0 (protocol with other authentications already performed in the underlying layers and to prevent) A
0 -444.8 M
(man-in-the-middle attacks. It decides the value of v which is an input to authentication protocols. ) S
0 -469 M
(The valid tokens for the validation field and corresponding values of v are as follows: ) S
11 -493.2 M
(host: ) S
33 -506.4 M
8.47727299 0 32 0 0 (hostname validation: v will be the ASCII string in the following format:) A
33 -519.6 M
2.62304688 0 32 0 0 ("scheme://host:port", where scheme, host and port are the URI parts correspond to the) A
33 -532.8 M
2.41183043 0 32 0 0 (currently accessing resource. The scheme and host are lower-case, and the port is in a) A
33 -546 M
1.44977677 0 32 0 0 (shortest decimal representation. Even if the request-URI does not have a port part, v will) A
33 -559.2 M
(include the one. ) S
11 -572.4 M
(tls-cert: ) S
33 -585.6 M
1.87866211 0 32 0 0 (TLS certificate validation: v will be the octet string of the hash value of the public key) A
33 -598.8 M
2.68131518 0 32 0 0 (certificate used in underlying ) A
2.68131518 0 32 0 0 (TLS) A
[/Rect [174.039062 -601.523438 195.589844 -589.423462] /Subtype /Link /Border [0 0 1] /Dest /79 /ANN pdfmark
2.68131518 0 32 0 0 ( [RFC4346] \(or SSL\) connection. The hash value is) A
33 -612 M
4.91764307 0 32 0 0 (defined as the value of the whole signed certificate \(specified as "Certificate" in ) A
33 -625.2 M
([RFC5280]) S
[/Rect [32.0 -627.921875 84.1054688 -615.821899] /Subtype /Link /Border [0 0 1] /Dest /91 /ANN pdfmark
(\), hashed by the hash algorithm specified by the authentication algorithm used. ) S
11 -638.4 M
(tls-key: ) S
33 -651.6 M
0.0296875 0 32 0 0 (TLS shared-key validation: v will be the octet string of the shared master secret negotiated in) A
33 -664.8 M
(underlying TLS \(or SSL\) ) S
(connection.) S
11 -664.8 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 16 -) S
0 setgray
22 -8 M
grestore
pgsave restore N
%%Page: 17 17
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
2.89166665 0 32 0 0 (If the HTTP protocol is used on unencrypted channel, the validation type MUST be "host". If ) A
0 -26.4 M
0.808293283 0 32 0 0 (HTTP/TLS) A
[/Rect [-1.0 -29.1484375 51.0976562 -17.0484371] /Subtype /Link /Border [0 0 1] /Dest /76 /ANN pdfmark
0.808293283 0 32 0 0 ( [RFC2818] \(https\) protocol is used with server certificates, the validation type MUST be) A
0 -39.6 M
2.51367188 0 32 0 0 (either "tls-cert" or "tls-key". If HTTP/TLS protocol is used with anonymous Diffie-Hellman key) A
0 -52.8 M
(exchange, the validation type MUST be "tls-key" \(but see the note below\). ) S
0 -77 M
(The client MUST validate this field upon reception of 401-B0 messages. ) S
0 -101.2 M
0.793526769 0 32 0 0 (However, when the protocol is used on web browsers with any scripting capabilities, the anonymous) A
0 -114.4 M
0.898158491 0 32 0 0 (Diffie-Hellman family of TLS \(or SSL\) cipher-suite MUST NOT be used even if "tls-key" validated) A
0 -127.6 M
2.12439895 0 32 0 0 (Mutual authentication has been employed, and the certificate shown in TLS \(or SSL\) negotiation) A
0 -140.8 M
0.933823526 0 32 0 0 (MUST be verified using PKI. For other systems, if the "tls-key" validation is used on TLS \(or SSL\)) A
0 -154 M
1.20833337 0 32 0 0 (protocol without certificate verification using PKI, those systems MUST ensure that all transactions) A
0 -167.2 M
1.56129813 0 32 0 0 (with authenticated peer servers MUST use and be validated by the Mutual authentication protocol,) A
0 -180.4 M
(regardless of the existence of the 401-B0 responses. ) S
0 -204.6 M
0.480189741 0 32 0 0 (The protocol defines two variants for validation on TLS connections. The method "tls-key" method is) A
0 -217.8 M
2.25104165 0 32 0 0 (the more secure, so it is recommended to use tls-key when applicable. However, there are some) A
0 -231 M
(situations where tls-cert is more ) S
(preferable.) S
11 -251.6 M
gsave
0 setgray
newpath
11.0 -251.558594 2.75 0 360 arc
closepath
fill
grestore
22 -255.2 M
0.0490722656 0 32 0 0 (When TLS accelerating proxies are used. In this case, it is difficult for the authenticating server to) A
22 -268.4 M
1.04986215 0 32 0 0 (acquire the TLS key information which are used between the client and the proxy. It is not the) A
22 -281.6 M
(case for client-side "tunneling" proxies using CONNECT method extension of HTTP. ) S
11 -292.2 M
gsave
0 setgray
newpath
11.0 -292.15625 2.75 0 360 arc
closepath
fill
grestore
22 -295.8 M
(When a black-box implementation of the TLS protocol is used on either peer. ) S
0 -306.8 M
[/View [/XYZ -4 450.214844 null] /Dest /50 /DEST pdfmark
0 -306.8 M
[/View [/XYZ -4 450.214844 null] /Dest /51 /DEST pdfmark
0 -325.8 M
%%IncludeResource: font Times-Bold
15 2 Nf
(10.) S
[/View [/XYZ -4 449.214844 null] /Dest /134 /DEST pdfmark
( Session ) S
(Management) S
0 -350 M
11 0 Nf
0.870404422 0 32 0 0 (By the first 4 messages \(first request, 401-B0, req-A1 and 401-B1\), a session represented by a sid is) A
0 -363.2 M
0.657628655 0 32 0 0 (generated. This session can be used for 1 or more requests for resources protected by the same realm) A
0 -376.4 M
1.80422795 0 32 0 0 (in the same server. Note that the session management is only an inside detail of the protocol and) A
0 -389.6 M
2.4325521 0 32 0 0 (usually not visible to normal users. If a session expires, the client and server will automatically) A
0 -402.8 M
(reestablish another session without telling it to the users. ) S
0 -427 M
2.3742187 0 32 0 0 (The server SHOULD accept at least one req-A3 request for each session, given that the request) A
0 -440.2 M
1.19416356 0 32 0 0 (reaches the server in a time window specified by the timeout field in the 401-B1 message, and that) A
0 -453.4 M
0.966308594 0 32 0 0 (there are no emergent reasons \(such as flooding attacks\) to forget the sessions. After that, the server) A
0 -466.6 M
(MAY discard any session at any time and MAY send 401-B0-stale messages for any req-A3 requests. ) S
0 -490.8 M
0.241038606 0 32 0 0 (The client MAY send more than one requests using a single session specified by the sid. However, for) A
0 -504 M
0.775390625 0 32 0 0 (all such requests, the values of the nonce-counter \(nc field\) MUST be different from each other. The) A
0 -517.2 M
1.7414062 0 32 0 0 (server MUST check for duplication of the received nonces, and if any duplication is detected, the) A
0 -530.4 M
(server MUST discard the session and respond by a 401-B0-stale message. ) S
0 -554.6 M
0.567925334 0 32 0 0 (In addition, for each sessions, if the client has already sent a request with nonce value x, it SHOULD) A
0 -567.8 M
0.980239 0 32 0 0 (NOT send requests with a nonce value not larger than \(x - nc-window\). The server MAY reject any) A
0 -581 M
0.104567304 0 32 0 0 (requests with nonces violating this rule with 401-B0-stale responses. This restriction enables servers to) A
0 -594.2 M
(implement duplicated nonce detection in a constant memory. ) S
0 -618.4 M
0.186104909 0 32 0 0 (Values of nonces and nonce-related values MUST always be treated as natural numbers within infinite) A
0 -631.6 M
0.77734375 0 32 0 0 (range. Implementations using fixed-width integers or fixed-precision floating numbers MUST handle) A
0 -644.8 M
0.84765625 0 32 0 0 (integer overflow correctly and carefully. Such implementations are RECOMMENDED to accept any) A
0 -658 M
0.776227653 0 32 0 0 (larger values which cannot be represented in the fixed-width integer representations, as long as other) A
0 -671.2 M
0.0326450877 0 32 0 0 (limits such as internal header-length restrictions are not involved. The protocol is designed carefully so) A
0 -671.2 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 17 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 18 18
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
0.902622759 0 32 0 0 (that both clients and servers can implement the protocol only with fixed-width integers, by rounding) A
0 -26.4 M
11 0 Nf
(any overflowed values to the maximum possible value. ) S
0 -37.4 M
[/View [/XYZ -4 719.601562 null] /Dest /52 /DEST pdfmark
0 -37.4 M
[/View [/XYZ -4 719.601562 null] /Dest /53 /DEST pdfmark
0 -56.4 M
%%IncludeResource: font Times-Bold
15 2 Nf
(11.) S
[/View [/XYZ -4 718.601562 null] /Dest /135 /DEST pdfmark
( Extension 1: Optional Mutual ) S
(Authentication) S
0 -80.6 M
11 0 Nf
2.74080873 0 32 0 0 (In several Web applications, users can access the same contents both as a guest user and as a) A
0 -93.8 M
4.13216162 0 32 0 0 (authenticated users. In usual Web applications, it is implemented using Cookies and custom) A
0 -107 M
1.00585938 0 32 0 0 (form-based authentications. The extension described in this section provides a replacement for those) A
0 -120.2 M
0.591619313 0 32 0 0 (authentication systems. The support for this extension is RECOMMENDED, unless an authentication) A
0 -133.4 M
(is mandatory for some specific applications. ) S
0 -157.6 M
1.46664667 0 32 0 0 (Servers MAY send HTTP successful responses \(response code 200, 206 and others\) containing the) A
0 -170.8 M
0.010516827 0 32 0 0 (Optional-WWW-Authenticate header, when it is allowed to send 401-B0 responses and the requests do) A
0 -184 M
4.15972233 0 32 0 0 (not contain Authentication-Info: headers. Such responses are hereafter called 200-Optional-B0) A
0 -197.2 M
(responses. ) S
0 -221.4 M
(HTTP/1.1 200 ) S
(OK) S
0 -234.6 M
(Optional-WWW-Authenticate: Mutual algorithm=xxxx, validation=xxxx, realm="xxxx", stale=0 ) S
0 -258.8 M
1.02253604 0 32 0 0 (The fields contained in the Optional-WWW-Authenticate header is the same as the 401-B0 message) A
0 -272 M
0.240559891 0 32 0 0 (described in ) A
0.240559891 0 32 0 0 (Section\2404.1) A
[/Rect [55.671875 -274.738281 107.160156 -262.638275] /Subtype /Link /Border [0 0 1] /Dest /19 /ANN pdfmark
0.240559891 0 32 0 0 (. The client software supporting the mutual authentication protocol receiving a) A
0 -285.2 M
0.12740384 0 32 0 0 (200-Optional-B0 message will process the contents of the message and enables an authentication input) A
0 -298.4 M
(field. ) S
0 -322.6 M
1.17135417 0 32 0 0 (When the user input the username and password, the client resends the request with req-A1 header.) A
0 -335.8 M
1.39322913 0 32 0 0 (The server MUST respond with a 401-B1 message. In terms of the state management in ) A
1.39322913 0 32 0 0 (Section\2405) A
[/Rect [408.972656 -338.535156 452.210938 -326.43515] /Subtype /Link /Border [0 0 1] /Dest /31 /ANN pdfmark
1.39322913 0 32 0 0 (,) A
0 -349 M
0.620814741 0 32 0 0 (200-Optional-B0 responses are treated as if it is 401-B0 response: these messages SHOULD NOT be) A
0 -362.2 M
0.220214844 0 32 0 0 (sent as a response to req-A1 and req-A3 messages, unless the authentication realm sent from the client) A
0 -375.4 M
(or indicated by sid is different from the one which the server expects. ) S
0 -399.6 M
1.07845056 0 32 0 0 (Servers requesting optional mutual authentication SHOULD send the path field in 401-B1 messages) A
0 -412.8 M
0.289417624 0 32 0 0 (with an appropriate value. Client software supporting optional mutual authentication MUST recognize) A
0 -426 M
0.0638786778 0 32 0 0 (the field, and MUST send either req-A1 or req-A3 request for the URI space inside the specified paths,) A
0 -439.2 M
(instead of unauthenticated requests. ) S
0 -450.2 M
[/View [/XYZ -4 306.820312 null] /Dest /54 /DEST pdfmark
0 -450.2 M
[/View [/XYZ -4 306.820312 null] /Dest /55 /DEST pdfmark
0 -469.2 M
15 2 Nf
(12.) S
[/View [/XYZ -4 305.820312 null] /Dest /136 /DEST pdfmark
( Methods to extend this ) S
(protocol) S
0 -493.4 M
11 0 Nf
1.60044646 0 32 0 0 (If a non-standard extension to the this protocol is implemented, it MUST use the extension-tokens) A
0 -506.6 M
(defined in ) S
(Section\2403) S
[/Rect [46.0351562 -509.328125 89.2734375 -497.228119] /Subtype /Link /Border [0 0 1] /Dest /8 /ANN pdfmark
( to avoid conflicts with this protocol and other extensions. ) S
0 -530.8 M
1.13020837 0 32 0 0 (Authentication algorithms other than those defined in this document MAY use other representations) A
0 -544 M
0.8203125 0 32 0 0 (for keys "wa", "wb", "oa" and "ob", replace those keys, and/or add fields to the messages containing) A
0 -557.2 M
0.271205366 0 32 0 0 (those fields by supplemental specifications. If those specifications use keys other than shown above, it) A
0 -570.4 M
3.7252605 0 32 0 0 (is RECOMMENDED to use extension-tokens to avoid any key-name conflict with the future) A
0 -583.6 M
(extension of this protocol. ) S
0 -607.8 M
0.012019231 0 32 0 0 (Extension-tokens MAY be freely used for any non-standard, private and/or experimental uses for those) A
0 -621 M
(fields provided that the domain part in the token is appropriately used. ) S
0 -632 M
[/View [/XYZ -4 125.027344 null] /Dest /56 /DEST pdfmark
0 -632 M
[/View [/XYZ -4 125.027344 null] /Dest /57 /DEST pdfmark
0 -632 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 18 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 19 19
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -18 M
%%IncludeResource: font Times-Bold
15 2 Nf
(13.) S
[/View [/XYZ -4 757.0 null] /Dest /137 /DEST pdfmark
( IANA ) S
(Considerations) S
0 -42.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
0.774088562 0 32 0 0 (The tokens used for authentication-algorithm, pwd-hash, and validation fields MUST be allocated by) A
0 -55.4 M
0.659423828 0 32 0 0 (IANA. To acquire registered tokens, a specification for the use of such tokens MUST be available as) A
0 -68.6 M
(an RFC, as outlined in ) S
([RFC5226]) S
[/Rect [100.429688 -71.3476562 152.535156 -59.2476578] /Subtype /Link /Border [0 0 1] /Dest /90 /ANN pdfmark
(. ) S
0 -92.8 M
([More formal declarations will be added in future drafts to meet RFC 5226 requirements.] ) S
0 -103.8 M
[/View [/XYZ -4 653.203125 null] /Dest /58 /DEST pdfmark
0 -103.8 M
[/View [/XYZ -4 653.203125 null] /Dest /59 /DEST pdfmark
0 -122.8 M
15 2 Nf
(14.) S
[/View [/XYZ -4 652.203125 null] /Dest /138 /DEST pdfmark
( Security ) S
(Considerations) S
0 -130.3 M
[/View [/XYZ -4 626.703125 null] /Dest /60 /DEST pdfmark
0 -130.3 M
[/View [/XYZ -4 626.703125 null] /Dest /61 /DEST pdfmark
0 -152.8 M
15 2 Nf
(14.1.) S
[/View [/XYZ -4 622.203125 null] /Dest /139 /DEST pdfmark
( General ) S
(Assumptions) S
11 -173.4 M
gsave
0 setgray
newpath
11.0 -173.367188 2.75 0 360 arc
closepath
fill
grestore
22 -177 M
11 0 Nf
1.03027344 0 32 0 0 (The protocol is secure against passive eavesdropping and replay attacks. However, the protocol) A
22 -190.2 M
1.20735681 0 32 0 0 (relies on transport security including DNS security for active attacks. HTTP/TLS SHOULD be) A
22 -203.4 M
(used where transport security is not assured and data secrecy is important. ) S
11 -214 M
gsave
0 setgray
newpath
11.0 -213.964844 2.75 0 360 arc
closepath
fill
grestore
22 -217.6 M
0.733309686 0 32 0 0 (When used with HTTP/TLS, the protocol gives true protection against active man-in-the-middle) A
22 -230.8 M
1.3153646 0 32 0 0 (attacks for each HTTP request/response pair, even when the server certificate is not used or is) A
22 -244 M
0.558035731 0 32 0 0 (unreliable. However, in such cases, JavaScript or similar scripting facilities can be used to affect) A
22 -257.2 M
0.408593744 0 32 0 0 (Mutually-authenticated contents from those not protected by this authentication mechanism. This) A
22 -270.4 M
(is why this memo requires that valid TLS server certificates MUST be presented ) S
(\() S
(Section\2409) S
[/Rect [381.683594 -273.140625 424.921875 -261.040619] /Subtype /Link /Border [0 0 1] /Dest /48 /ANN pdfmark
(\). ) S
0 -281.4 M
[/View [/XYZ -4 475.609375 null] /Dest /62 /DEST pdfmark
0 -281.4 M
[/View [/XYZ -4 475.609375 null] /Dest /63 /DEST pdfmark
0 -300.4 M
15 2 Nf
(14.2.) S
[/View [/XYZ -4 474.609375 null] /Dest /140 /DEST pdfmark
( Implementation ) S
(Considerations) S
11 -321 M
gsave
0 setgray
newpath
11.0 -320.960938 2.75 0 360 arc
closepath
fill
grestore
22 -324.6 M
11 0 Nf
2.0110085 0 32 0 0 (To securely implement the protocol, the Authentication-Info headers in the 200-B4 messages) A
22 -337.8 M
0.0461425781 0 32 0 0 (MUST always be validated by the client. If the validation is failed, the client MUST NOT process) A
22 -351 M
1.01088166 0 32 0 0 (any content sent with the message, including the body part. Non-compliance to this will enable) A
22 -364.2 M
(phishing attacks. ) S
11 -374.8 M
gsave
0 setgray
newpath
11.0 -374.757812 2.75 0 360 arc
closepath
fill
grestore
22 -378.4 M
1.88151038 0 32 0 0 (The authentication status on the client-side SHOULD be visible to the users of the client. In) A
22 -391.6 M
1.13671875 0 32 0 0 (addition, the method for asking user's name and passwords SHOULD be carefully designed so) A
22 -404.8 M
0.575892866 0 32 0 0 (that \(1\) the user can easily distinguish request of this authentication methods from other existing) A
22 -418 M
2.26382208 0 32 0 0 (authentication methods such as Basic and Digest methods, and \(2\) the Web contents cannot) A
22 -431.2 M
(imitate the user-interfaces of this protocol. ) S
22 -444.4 M
4.52587891 0 32 0 0 (An informational memo regarding user-interface considerations and recommendations for) A
22 -457.6 M
(implementing this protocol will be separately published. ) S
11 -468.2 M
gsave
0 setgray
newpath
11.0 -468.152344 2.75 0 360 arc
closepath
fill
grestore
22 -471.8 M
2.05703115 0 32 0 0 (For HTTP/TLS communications, when a web form is submitted from Mutually-authenticated) A
22 -485 M
0.252757341 0 32 0 0 (pages with the validation methods of "tls-cert" to a URI which is protected by the same realm \(so) A
22 -498.2 M
2.2927084 0 32 0 0 (indicated by the path field\), if server certificate has been changed since the pages has been) A
22 -511.4 M
2.73587751 0 32 0 0 (received, the peer is RECOMMENDED to be revalidated using a req-A1 message with an) A
22 -524.6 M
1.01262021 0 32 0 0 ("Expect: 100-continue" header. The same applies when the page is received with the validation) A
22 -537.8 M
(methods of "tls-key", and when the TLS session has been expired. ) S
11 -548.3 M
gsave
0 setgray
newpath
11.0 -548.347656 2.75 0 360 arc
closepath
fill
grestore
22 -552 M
2.05649042 0 32 0 0 (Server-side storages of user passwords are advised to have the values encrypted by one-way) A
22 -565.2 M
(function J\(pi\), instead of the real passwords, those hashed by ph, or pi. ) S
0 -576.2 M
[/View [/XYZ -4 180.824219 null] /Dest /64 /DEST pdfmark
0 -576.2 M
[/View [/XYZ -4 180.824219 null] /Dest /65 /DEST pdfmark
0 -595.2 M
15 2 Nf
(14.3.) S
[/View [/XYZ -4 179.824219 null] /Dest /141 /DEST pdfmark
( Usage ) S
(Considerations) S
11 -615.7 M
gsave
0 setgray
newpath
11.0 -615.746094 2.75 0 360 arc
closepath
fill
grestore
22 -619.4 M
11 0 Nf
2.14787936 0 32 0 0 (The user-names inputted by user may be sent automatically to any servers sharing the same) A
22 -632.6 M
0.949869812 0 32 0 0 (auth-domain. This means that when host-type auth-domain is used for authentication in HTTPS) A
22 -645.8 M
1.14817703 0 32 0 0 (site, and when an HTTP server on the same host requests Mutual authentication with the same) A
22 -659 M
0.388327211 0 32 0 0 (realm, the client will send the user-name in a clear text. If user-names have to kept secret against) A
22 -659 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 19 -) S
0 setgray
44 -8 M
grestore
pgsave restore N
%%Page: 20 20
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
22 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
1.81835938 0 32 0 0 (eavesdropping, the server must use full-scheme-type auth-domain parameter. On the contrary,) A
22 -26.4 M
11 0 Nf
(passwords are not exposed to eavesdroppers even on HTTP requests. ) S
11 -37 M
gsave
0 setgray
newpath
11.0 -36.96875 2.75 0 360 arc
closepath
fill
grestore
22 -40.6 M
0.458007812 0 32 0 0 ("Pwd_hash" field is only provided for backward compatibility for password databases, and using) A
22 -40.6 M
0.999024391 0.999024391 scale
0.0 -13.2 RM
("none" function is the mostly secure choice and RECOMMENDED. If values other than "none" is) S
1.00097656 1.00097656 scale
22 -53.8 M
0.966071427 0.966071427 scale
0.0 -13.2 RM
(used, you must ensure that the hash values of the passwords were not exposed to the public. Note that) S
1.03512013 1.03512013 scale
22 -79.7 M
(hashed password databases for plain-text authentications are usually not considered secret. ) S
11 -90.3 M
gsave
0 setgray
newpath
11.0 -90.3007812 2.75 0 360 arc
closepath
fill
grestore
22 -93.9 M
0.296354175 0 32 0 0 (If the server provides several ways of storing server-side password database, it is advised to store) A
22 -93.9 M
0.973444 0.973444 scale
0.0 -13.2 RM
(the values encrypted by one-way function J\(pi\), instead of the real passwords, those hashed by ph, or) S
1.02728045 1.02728045 scale
22 -120 M
(pi. ) S
0 -131 M
[/View [/XYZ -4 626.023438 null] /Dest /66 /DEST pdfmark
0 -131 M
[/View [/XYZ -4 626.023438 null] /Dest /67 /DEST pdfmark
0 -150 M
%%IncludeResource: font Times-Bold
15 2 Nf
(15.) S
[/View [/XYZ -4 625.023438 null] /Dest /142 /DEST pdfmark
( Notice on intellectual ) S
(properties) S
0 -174.2 M
11 0 Nf
0.270432681 0 32 0 0 (The National Institute of Advanced Industrial Science and Technology \(AIST\) and Yahoo! Japan, Inc.) A
0 -187.4 M
1.53348219 0 32 0 0 (has jointly submitted a patent application about the protocol proposed in this documentation to the) A
0 -200.6 M
0.532769084 0 32 0 0 (Patent Office of Japan. The patent is intended to be open to any implementors of this protocol and its) A
0 -213.8 M
0.109074518 0 32 0 0 (variants under non-exclusive royalty-free manner once the protocol is accepted as an Internet standard.) A
0 -227 M
(For the detail of the patent application and its status, please contact the author of this document. ) S
0 -251.2 M
5.14531231 0 32 0 0 (The elliptic-curve based authentication algorithms might involve several existing patents of) A
0 -264.4 M
1.55625 0 32 0 0 (third-parties. The authors of the document take no position regarding the validity or scope of such) A
0 -277.6 M
(patents, and other patents as well. ) S
0 -288.6 M
[/View [/XYZ -4 468.429688 null] /Dest /68 /DEST pdfmark
0 -288.6 M
[/View [/XYZ -4 468.429688 null] /Dest /69 /DEST pdfmark
0 -307.6 M
15 2 Nf
(16.) S
[/View [/XYZ -4 467.429688 null] /Dest /143 /DEST pdfmark
( ) S
(Acknowledgement) S
0 -331.8 M
11 0 Nf
0.727957606 0 32 0 0 (We gratefully acknowledge Lepidum, Co. Ltd. for support on design and trial implementation of this) A
0 -345 M
(protocol. ) S
0 -356 M
[/View [/XYZ -4 401.03125 null] /Dest /70 /DEST pdfmark
0 -356 M
[/View [/XYZ -4 401.03125 null] /Dest /71 /DEST pdfmark
0 -375 M
15 2 Nf
(17.) S
[/View [/XYZ -4 400.03125 null] /Dest /144 /DEST pdfmark
( ) S
(References) S
0 -382.5 M
[/View [/XYZ -4 374.53125 null] /Dest /72 /DEST pdfmark
0 -405 M
15 2 Nf
(17.1.) S
[/View [/XYZ -4 370.03125 null] /Dest /145 /DEST pdfmark
( Normative ) S
(References) S
8 -421.3 M
0.989260316 0.989260316 scale
-0.0 -11.0 RM
11 0 Nf
([FIPS.180-2.2002]) S
[/View [/XYZ -4 842 null] /Dest /73 /DEST pdfmark
1.01085627 1.01085627 scale
105.6 -432.3 M
(National Institute of Standards and Technology, ) S
(\233) S
(Secure Hash ) S
(Standard) S
[/Rect [323.589844 -435.015625 422.707031 -422.915619] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf)] Cd /ANN pdfmark
(,\234) S
105.6 -445.5 M
(FIPS\240PUB 180-2, ) S
(August\2402002.) S
8 -456.2 M
0.989260316 0.989260316 scale
-0.0 -11.0 RM
([FIPS.186-2.2000]) S
[/View [/XYZ -4 842 null] /Dest /74 /DEST pdfmark
1.01085627 1.01085627 scale
105.6 -467.2 M
(National Institute of Standards and Technology, ) S
(\233) S
(Digital Signature) S
[/Rect [323.589844 -469.964844 401.03125 -457.864838] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf)] Cd /ANN pdfmark
105.6 -480.4 M
(Standard ) S
(\(DSS\)) S
[/Rect [104.59375 -483.164062 175.925781 -471.064056] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf)] Cd /ANN pdfmark
(,\234 FIPS\240PUB 186-2, ) S
(January\2402000.) S
8 -502.2 M
([RFC2119]) S
[/View [/XYZ -4 842 null] /Dest /75 /DEST pdfmark
105.6 -502.2 M
(Bradner, ) S
(S.) S
(, ) S
(\233) S
(Key words for use in RFCs to Indicate Requirement ) S
(Levels) S
[/Rect [164.761719 -504.914062 427.910156 -492.814056] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc2119.txt)] Cd /ANN pdfmark
(,\234) S
105.6 -515.4 M
(BCP\24014, RFC\2402119, March\2401997 ) S
(\() S
(TXT) S
[/Rect [255.527344 -518.113281 278.90625 -506.013275] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc2119.txt)] Cd /ANN pdfmark
(, ) S
(HTML) S
[/Rect [282.40625 -518.113281 315.5625 -506.013275] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (http://xml.resource.org/public/rfc/html/rfc2119.html)] Cd /ANN pdfmark
(, ) S
(XML) S
[/Rect [319.0625 -518.113281 345.5 -506.013275] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (http://xml.resource.org/public/rfc/xml/rfc2119.xml)] Cd /ANN pdfmark
(\).) S
8 -537.1 M
([RFC2818]) S
[/View [/XYZ -4 842 null] /Dest /76 /DEST pdfmark
105.6 -537.1 M
(Rescorla, E., ) S
(\233) S
(HTTP Over ) S
(TLS) S
[/Rect [168.421875 -539.863281 244.949219 -527.763306] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc2818.txt)] Cd /ANN pdfmark
(,\234 RFC\2402818, ) S
(May\2402000.) S
8 -558.9 M
([RFC3526]) S
[/View [/XYZ -4 842 null] /Dest /77 /DEST pdfmark
105.6 -558.9 M
(Kivinen, T. and M. Kojo, ) S
(\233) S
(More Modular Exponential \(MODP\)) S
[/Rect [224.035156 -561.613281 388.222656 -549.513306] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc3526.txt)] Cd /ANN pdfmark
105.6 -572.1 M
(Diffie-Hellman groups for Internet Key Exchange ) S
(\(IKE\)) S
[/Rect [104.59375 -574.8125 355.164062 -562.712524] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc3526.txt)] Cd /ANN pdfmark
(,\234 RFC\2403526, ) S
105.6 -585.3 M
(May\2402003.) S
8 -607 M
([RFC3629]) S
[/View [/XYZ -4 842 null] /Dest /78 /DEST pdfmark
105.6 -607 M
(Yergeau, F., ) S
(\233) S
(UTF-8, a transformation format of ISO ) S
(10646) S
[/Rect [166.589844 -609.761719 371.085938 -597.661743] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc3629.txt)] Cd /ANN pdfmark
(,\234 STD\24063,) S
105.6 -620.2 M
(RFC\2403629, ) S
(November\2402003.) S
8 -642 M
([RFC4346]) S
[/View [/XYZ -4 842 null] /Dest /79 /DEST pdfmark
105.6 -642 M
(Dierks, T. and E. Rescorla, ) S
(\233) S
(The Transport Layer Security \(TLS\) Protocol) S
[/Rect [231.339844 -644.710938 433.375 -632.610962] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc4346.txt)] Cd /ANN pdfmark
105.6 -655.2 M
(Version ) S
(1.1) S
[/Rect [104.59375 -657.910156 157.910156 -645.810181] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc4346.txt)] Cd /ANN pdfmark
(,\234 RFC\2404346, ) S
(April\2402006.) S
105.6 -655.2 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 20 -) S
0 setgray
211.2 -8 M
grestore
pgsave restore N
%%Page: 21 21
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
8 -13 M
%%IncludeResource: font Times-Roman
11 0 Nf
([RFC4648]) S
[/View [/XYZ -4 842 null] /Dest /80 /DEST pdfmark
105.6 -13 M
(Josefsson, S., ) S
(\233) S
(The Base16, Base32, and Base64 Data ) S
(Encodings) S
[/Rect [171.492188 -15.75 392.808594 -3.64999962] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc4648.txt)] Cd /ANN pdfmark
(,\234) S
105.6 -26.2 M
(RFC\2404648, ) S
(October\2402006.) S
8 -47.9 M
([RFC5234]) S
[/View [/XYZ -4 842 null] /Dest /81 /DEST pdfmark
105.6 -47.9 M
(Crocker, D. and P. Overell, ) S
(\233) S
(Augmented BNF for Syntax Specifications: ) S
[/Rect [232.5625 -50.6992188 429.746094 -38.5992203] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc5234.txt)] Cd /ANN pdfmark
105.6 -61.1 M
(ABNF) S
[/Rect [104.59375 -63.8984375 135.925781 -51.798439] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc5234.txt)] Cd /ANN pdfmark
(,\234 STD\24068, RFC\2405234, ) S
(January\2402008.) S
0 -80.9 M
[/View [/XYZ -4 676.101562 null] /Dest /82 /DEST pdfmark
0 -99.9 M
%%IncludeResource: font Times-Bold
15 2 Nf
(17.2.) S
[/View [/XYZ -4 675.101562 null] /Dest /146 /DEST pdfmark
( Informative ) S
(References) S
8 -116.2 M
0.98958987 0.98958987 scale
-0.0 -11.0 RM
11 0 Nf
([I-D.altman-tls-channel-bindings]) S
[/View [/XYZ -4 842 null] /Dest /83 /DEST pdfmark
1.01051962 1.01051962 scale
171.2 -127.2 M
(Altman, J. and N. Williams, ) S
(\233) S
(Unique Channel Bindings for ) S
[/Rect [301.207031 -129.945312 435.785156 -117.845314] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (http://www.ietf.org/internet-drafts/draft-altman-tls-channel-bindings-03.txt)] Cd /ANN pdfmark
171.2 -140.4 M
(TLS) S
[/Rect [170.167969 -143.144531 191.71875 -131.044525] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (http://www.ietf.org/internet-drafts/draft-altman-tls-channel-bindings-03.txt)] Cd /ANN pdfmark
(,\234 draft-altman-tls-channel-bindings-03 \(work in) S
171.2 -153.6 M
(progress\), ) S
(November\2402007.) S
8 -175.3 M
([ISO.10646-1.1993]) S
[/View [/XYZ -4 842 null] /Dest /84 /DEST pdfmark
171.2 -175.3 M
(International Organization for Standardization, \233Information) S
171.2 -188.5 M
(Technology - Universal Multiple-octet coded Character Set) S
171.2 -201.7 M
(\(UCS\) - Part 1: Architecture and Basic Multilingual Plane,\234) S
171.2 -214.9 M
(ISO\240Standard 10646-1, ) S
(May\2401993.) S
8 -236.7 M
([ISO.11770-4.2006]) S
[/View [/XYZ -4 842 null] /Dest /85 /DEST pdfmark
171.2 -236.7 M
(International Organization for Standardization, \233Information) S
171.2 -249.9 M
(technology \235 Security techniques \235 Key management \235 Part) S
171.2 -263.1 M
(4: Mechanisms based on weak secrets,\234 ISO\240Standard) S
171.2 -276.3 M
(11770-4, ) S
(May\2402006.) S
8 -298 M
([ITU.X690.1994]) S
[/View [/XYZ -4 842 null] /Dest /86 /DEST pdfmark
171.2 -298 M
(International Telecommunications Union, \233Information) S
171.2 -311.2 M
(Technology - ASN.1 encoding rules: Specification of Basic) S
171.2 -324.4 M
(Encoding Rules \(BER\), Canonical Encoding Rules \(CER\)) S
171.2 -337.6 M
(and Distinguished Encoding Rules \(DER\),\234) S
171.2 -350.8 M
(ITU-T\240Recommendation X.690, ) S
(1994.) S
8 -372.6 M
([RFC2616]) S
[/View [/XYZ -4 842 null] /Dest /87 /DEST pdfmark
171.2 -372.6 M
(Fielding, ) S
(R.) S
(, ) S
(Gettys, ) S
(J.) S
(, ) S
(Mogul, ) S
(J.) S
(, ) S
(Frystyk, ) S
(H.) S
(, ) S
(Masinter, ) S
(L.) S
(, ) S
171.2 -385.8 M
(Leach, ) S
(P.) S
(, and ) S
(T. ) S
(Berners-Lee) S
(, ) S
(\233) S
(Hypertext Transfer Protocol) S
[/Rect [312.476562 -388.535156 438.460938 -376.43515] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc2616.txt)] Cd /ANN pdfmark
171.2 -399 M
(-- ) S
(HTTP/1.1) S
[/Rect [170.167969 -401.734375 226.535156 -389.634369] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc2616.txt)] Cd /ANN pdfmark
(,\234 RFC\2402616, June\2401999 ) S
(\() S
(TXT) S
[/Rect [337.273438 -401.734375 360.652344 -389.634369] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc2616.txt)] Cd /ANN pdfmark
(, ) S
(PS) S
[/Rect [364.152344 -401.734375 378.378906 -389.634369] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc2616.ps)] Cd /ANN pdfmark
(, ) S
(PDF) S
[/Rect [381.878906 -401.734375 404.046875 -389.634369] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc2616.pdf)] Cd /ANN pdfmark
(, ) S
171.2 -412.2 M
(HTML) S
[/Rect [170.167969 -414.933594 203.324219 -402.833588] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (http://xml.resource.org/public/rfc/html/rfc2616.html)] Cd /ANN pdfmark
(, ) S
(XML) S
[/Rect [206.824219 -414.933594 233.261719 -402.833588] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (http://xml.resource.org/public/rfc/xml/rfc2616.xml)] Cd /ANN pdfmark
(\).) S
8 -433.9 M
([RFC2617]) S
[/View [/XYZ -4 842 null] /Dest /88 /DEST pdfmark
171.2 -433.9 M
(Franks, ) S
(J.) S
(, ) S
(Hallam-Baker, ) S
(P.) S
(, ) S
(Hostetler, ) S
(J.) S
(, ) S
(Lawrence, ) S
(S.) S
(, ) S
171.2 -447.1 M
(Leach, ) S
(P.) S
(, Luotonen, A., and ) S
(L. ) S
(Stewart) S
(, ) S
(\233) S
(HTTP) S
[/Rect [355.570312 -449.882812 385.0625 -437.782806] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc2617.txt)] Cd /ANN pdfmark
171.2 -460.3 M
(Authentication: Basic and Digest Access ) S
(Authentication) S
[/Rect [170.167969 -463.082031 419.871094 -450.982025] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc2617.txt)] Cd /ANN pdfmark
(,\234) S
171.2 -473.5 M
(RFC\2402617, June\2401999 ) S
(\() S
(TXT) S
[/Rect [272.523438 -476.28125 295.902344 -464.181244] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc2617.txt)] Cd /ANN pdfmark
(, ) S
(HTML) S
[/Rect [299.402344 -476.28125 332.558594 -464.181244] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (http://xml.resource.org/public/rfc/html/rfc2617.html)] Cd /ANN pdfmark
(, ) S
(XML) S
[/Rect [336.058594 -476.28125 362.496094 -464.181244] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (http://xml.resource.org/public/rfc/xml/rfc2617.xml)] Cd /ANN pdfmark
(\).) S
8 -495.3 M
([RFC3492]) S
[/View [/XYZ -4 842 null] /Dest /89 /DEST pdfmark
171.2 -495.3 M
(Costello, A., ) S
(\233) S
(Punycode: A Bootstring encoding of Unicode) S
[/Rect [233.402344 -498.03125 436.707031 -485.931244] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc3492.txt)] Cd /ANN pdfmark
171.2 -508.5 M
(for Internationalized Domain Names in Applications ) S
[/Rect [170.167969 -511.230469 406.726562 -499.130463] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc3492.txt)] Cd /ANN pdfmark
171.2 -521.7 M
(\(IDNA\)) S
[/Rect [170.167969 -524.429688 206.972656 -512.329712] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc3492.txt)] Cd /ANN pdfmark
(,\234 RFC\2403492, ) S
(March\2402003.) S
8 -543.4 M
([RFC5226]) S
[/View [/XYZ -4 842 null] /Dest /90 /DEST pdfmark
171.2 -543.4 M
(Narten, T. and H. Alvestrand, ) S
(\233) S
(Guidelines for Writing an) S
[/Rect [308.519531 -546.179688 423.828125 -534.079712] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc5226.txt)] Cd /ANN pdfmark
171.2 -556.6 M
(IANA Considerations Section in ) S
(RFCs) S
[/Rect [170.167969 -559.378906 343.238281 -547.278931] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc5226.txt)] Cd /ANN pdfmark
(,\234 BCP\24026, RFC\2405226, ) S
171.2 -569.8 M
(May\2402008.) S
8 -591.6 M
([RFC5280]) S
[/View [/XYZ -4 842 null] /Dest /91 /DEST pdfmark
171.2 -591.6 M
(Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley,) S
171.2 -604.8 M
(R., and W. Polk, ) S
(\233) S
(Internet X.509 Public Key Infrastructure) S
[/Rect [250.820312 -607.527344 431.472656 -595.427368] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc5280.txt)] Cd /ANN pdfmark
171.2 -618 M
(Certificate and Certificate Revocation List \(CRL\) ) S
(Profile) S
[/Rect [170.167969 -620.726562 423.199219 -608.626587] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (ftp://ftp.isi.edu/in-notes/rfc5280.txt)] Cd /ANN pdfmark
(,\234) S
171.2 -631.2 M
(RFC\2405280, ) S
(May\2402008.) S
0 -639.9 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 21 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 22 22
%%PageResources: font Times-Roman Times-Bold Courier Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 0 M
[/View [/XYZ -4 757.0 null] /Dest /92 /DEST pdfmark
0 0 M
[/View [/XYZ -4 757.0 null] /Dest /93 /DEST pdfmark
0 -18 M
%%IncludeResource: font Times-Bold
15 2 Nf
(Appendix) S
[/View [/XYZ -4 757.0 null] /Dest /147 /DEST pdfmark
( A. Group parameters for discrete-logarithm based ) S
0 -36 M
(algorithms) S
0 -60.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
(The MODP group used for the iso11770-4-dl-2048 algorithm is defined by the following ) S
(parameters.) S
0 -84.4 M
(The prime ) S
(is:) S
0 -106.2 M
%%IncludeResource: font Courier
9.0 4 Nf
( q = 0xFFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1) S
0 -117 M
( 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD) S
0 -127.8 M
( EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245) S
0 -138.6 M
( E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED) S
0 -149.4 M
( EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D) S
0 -160.2 M
( C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F) S
0 -171 M
( 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D) S
0 -181.8 M
( 670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B) S
0 -192.6 M
( E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9) S
0 -203.4 M
( DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510) S
0 -214.2 M
( 15728E5A 8AACAA68 FFFFFFFF FFFFFFFF.) S
0 -238.4 M
11 0 Nf
(The generator ) S
(is:) S
0 -260.2 M
9.0 4 Nf
( g = 2.) S
0 -284.4 M
11 0 Nf
(The size of the subgroup generated by g ) S
(is:) S
0 -306.2 M
9.0 4 Nf
( r = \(q - 1\) / 2 =) S
0 -317 M
( 0x7FFFFFFF FFFFFFFF E487ED51 10B4611A 62633145 C06E0E68) S
0 -327.8 M
( 94812704 4533E63A 0105DF53 1D89CD91 28A5043C C71A026E) S
0 -338.6 M
( F7CA8CD9 E69D218D 98158536 F92F8A1B A7F09AB6 B6A8E122) S
0 -349.3 M
( F242DABB 312F3F63 7A262174 D31BF6B5 85FFAE5B 7A035BF6) S
0 -360.1 M
( F71C35FD AD44CFD2 D74F9208 BE258FF3 24943328 F6722D9E) S
0 -370.9 M
( E1003E5C 50B1DF82 CC6D241B 0E2AE9CD 348B1FD4 7E9267AF) S
0 -381.7 M
( C1B2AE91 EE51D6CB 0E3179AB 1042A95D CF6A9483 B84B4B36) S
0 -392.5 M
( B3861AA7 255E4C02 78BA3604 650C10BE 19482F23 171B671D) S
0 -403.3 M
( F1CF3B96 0C074301 CD93C1D1 7603D147 DAE2AEF8 37A62964) S
0 -414.1 M
( EF15E5FB 4AAC0B8C 1CCAA4BE 754AB572 8AE9130C 4C7D0288) S
0 -424.9 M
( 0AB9472D 45565534 7FFFFFFF FFFFFFFF.) S
0 -449.1 M
11 0 Nf
(The MODP group used for the iso11770-4-dl-4096 algorithm is defined by the following ) S
(parameters.) S
0 -473.3 M
(The prime ) S
(is:) S
0 -495.1 M
9.0 4 Nf
( q = 0xFFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1) S
0 -505.9 M
( 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD) S
0 -516.7 M
( EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245) S
0 -527.5 M
( E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED) S
0 -538.3 M
( EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D) S
0 -549.1 M
( C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F) S
0 -559.9 M
( 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D) S
0 -570.7 M
( 670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B) S
0 -581.5 M
( E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9) S
0 -592.3 M
( DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510) S
0 -603.1 M
( 15728E5A 8AAAC42D AD33170D 04507A33 A85521AB DF1CBA64) S
0 -613.9 M
( ECFB8504 58DBEF0A 8AEA7157 5D060C7D B3970F85 A6E1E4C7) S
0 -624.7 M
( ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226 1AD2EE6B) S
0 -635.5 M
( F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C) S
0 -646.3 M
( BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31) S
0 -657.1 M
( 43DB5BFC E0FD108E 4B82D120 A9210801 1A723C12 A787E6D7) S
0 -667.9 M
( 88719A10 BDBA5B26 99C32718 6AF4E23C 1A946834 B6150BDA) S
0 -667.9 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 22 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 23 23
%%PageResources: font Times-Roman Times-Bold Courier Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -10.8 M
%%IncludeResource: font Courier
9.0 4 Nf
( 2583E9CA 2AD44CE8 DBBBC2DB 04DE8EF9 2E8EFC14 1FBECAA6) S
0 -21.6 M
9.0 4 Nf
( 287C5947 4E6BC05D 99B2964F A090C3A2 233BA186 515BE7ED) S
0 -32.4 M
( 1F612970 CEE2D7AF B81BDD76 2170481C D0069127 D5B05AA9) S
0 -43.2 M
( 93B4EA98 8D8FDDC1 86FFB7DC 90A6C08F 4DF435C9 34063199) S
0 -54 M
( FFFFFFFF FFFFFFFF.) S
0 -78.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
(The generator ) S
(is:) S
0 -100 M
9.0 4 Nf
( g = 2.) S
0 -124.2 M
11 0 Nf
(The size of the subgroup generated by g ) S
(is:) S
0 -146 M
9.0 4 Nf
( r = \(q - 1\) / 2 =) S
0 -156.8 M
( 0x7FFFFFFF FFFFFFFF E487ED51 10B4611A 62633145 C06E0E68) S
0 -167.6 M
( 94812704 4533E63A 0105DF53 1D89CD91 28A5043C C71A026E) S
0 -178.4 M
( F7CA8CD9 E69D218D 98158536 F92F8A1B A7F09AB6 B6A8E122) S
0 -189.2 M
( F242DABB 312F3F63 7A262174 D31BF6B5 85FFAE5B 7A035BF6) S
0 -200 M
( F71C35FD AD44CFD2 D74F9208 BE258FF3 24943328 F6722D9E) S
0 -210.8 M
( E1003E5C 50B1DF82 CC6D241B 0E2AE9CD 348B1FD4 7E9267AF) S
0 -221.6 M
( C1B2AE91 EE51D6CB 0E3179AB 1042A95D CF6A9483 B84B4B36) S
0 -232.4 M
( B3861AA7 255E4C02 78BA3604 650C10BE 19482F23 171B671D) S
0 -243.2 M
( F1CF3B96 0C074301 CD93C1D1 7603D147 DAE2AEF8 37A62964) S
0 -253.9 M
( EF15E5FB 4AAC0B8C 1CCAA4BE 754AB572 8AE9130C 4C7D0288) S
0 -264.7 M
( 0AB9472D 45556216 D6998B86 82283D19 D42A90D5 EF8E5D32) S
0 -275.5 M
( 767DC282 2C6DF785 457538AB AE83063E D9CB87C2 D370F263) S
0 -286.3 M
( D5FAD746 6D8499EB 8F464A70 2512B0CE E771E913 0D697735) S
0 -297.1 M
( F897FD03 6CC50432 6C3B0139 9F643532 290F958C 0BBD9006) S
0 -307.9 M
( 5DF08BAB BD30AEB6 3B84C460 5D6CA371 047127D0 3A72D598) S
0 -318.7 M
( A1EDADFE 707E8847 25C16890 54908400 8D391E09 53C3F36B) S
0 -329.5 M
( C438CD08 5EDD2D93 4CE1938C 357A711E 0D4A341A 5B0A85ED) S
0 -340.3 M
( 12C1F4E5 156A2674 6DDDE16D 826F477C 97477E0A 0FDF6553) S
0 -351.1 M
( 143E2CA3 A735E02E CCD94B27 D04861D1 119DD0C3 28ADF3F6) S
0 -361.9 M
( 8FB094B8 67716BD7 DC0DEEBB 10B8240E 68034893 EAD82D54) S
0 -372.7 M
( C9DA754C 46C7EEE0 C37FDBEE 48536047 A6FA1AE4 9A0318CC) S
0 -383.5 M
( FFFFFFFF FFFFFFFF.) S
0 -392.5 M
[/View [/XYZ -4 364.492188 null] /Dest /94 /DEST pdfmark
0 -392.5 M
[/View [/XYZ -4 364.492188 null] /Dest /95 /DEST pdfmark
0 -413.5 M
%%IncludeResource: font Times-Bold
15 2 Nf
(Appendix) S
[/View [/XYZ -4 361.492188 null] /Dest /148 /DEST pdfmark
( B. Derived numerical ) S
(values) S
0 -437.7 M
11 0 Nf
1.37379813 0 32 0 0 (This section gives several numerical values for implementing this protocol, derived from the above) A
0 -450.9 M
(specifications. The values shown in this section are for informative purpose only. ) S
195.8 -479.2 M
11 2 Nf
(dl-2048) S
236.7 -479.2 M
11 2 Nf
(dl-4096) S
277.7 -479.2 M
11 2 Nf
(ec-p256) S
319.8 -479.2 M
11 2 Nf
(ec-p521) S
59 -499 M
11 0 Nf
(Size of w_A ) S
(etc.) S
195.8 -499 M
(2048) S
236.7 -499 M
(4096) S
277.7 -499 M
(257) S
319.8 -499 M
(522) S
361.9 -499 M
(\(bits\)) S
59 -518.7 M
(Size of ) S
(H\(...\)) S
195.8 -518.7 M
(256) S
236.7 -518.7 M
(512) S
277.7 -518.7 M
(256) S
319.8 -518.7 M
(512) S
361.9 -518.7 M
(\(bits\)) S
59 -538.5 M
(length of OCTETS\(w_A\) ) S
(etc.) S
195.8 -538.5 M
(256) S
236.7 -538.5 M
(512) S
277.7 -538.5 M
(33) S
319.8 -538.5 M
(66) S
361.9 -538.5 M
(\(octets\)) S
59 -558.2 M
(length of wa, wb field ) S
(values.) S
195.8 -558.2 M
(346 ) S
(*) S
236.7 -558.2 M
(686 ) S
(*) S
277.7 -558.2 M
(66) S
319.8 -558.2 M
(132) S
361.9 -558.2 M
(\(octets\)) S
59 -578 M
(length of oa, ob field ) S
(values.) S
195.8 -578 M
(46 ) S
(*) S
236.7 -578 M
(90 ) S
(*) S
277.7 -578 M
(64) S
319.8 -578 M
(128) S
361.9 -578 M
(\(octets\)) S
59 -597.7 M
(minimum allowed ) S
(s_A) S
195.8 -597.7 M
(2048) S
236.7 -597.7 M
(4096) S
277.7 -597.7 M
(1) S
319.8 -597.7 M
(1) S
361.9 -597.7 M
(\240) S
0 -627.7 M
11 0 Nf
(\(The numbers marked with * include enclosing quotation ) S
(marks.\)) S
0 -638.7 M
[/View [/XYZ -4 118.347656 null] /Dest /96 /DEST pdfmark
0 -638.7 M
[/View [/XYZ -4 118.347656 null] /Dest /97 /DEST pdfmark
0 -638.7 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 23 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 24 24
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -18 M
%%IncludeResource: font Times-Bold
15 2 Nf
(Appendix) S
[/View [/XYZ -4 757.0 null] /Dest /149 /DEST pdfmark
( C. Draft Remarks from the ) S
(Authors) S
0 -42.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
(The following items are currently under consideration for future revisions by the authors. ) S
11 -62.8 M
gsave
0 setgray
newpath
11.0 -62.7695312 2.75 0 360 arc
closepath
fill
grestore
22 -66.4 M
6.51904297 0 32 0 0 (Whether to use ) A
6.51904297 0 32 0 0 ("TLS channel ) A
6.51904297 0 32 0 0 (binding") A
[/Rect [109.875 -69.1484375 226.738281 -57.048439] /Subtype /Link /Border [0 0 1] /Dest /83 /ANN pdfmark
6.51904297 0 32 0 0 ( [I-D.altman-tls-channel-bindings] for "tls-key") A
22 -79.6 M
2.64808249 0 32 0 0 (verification ) A
2.64808249 0 32 0 0 (\() A
2.64808249 0 32 0 0 (Section\2409) A
[/Rect [80.7421875 -82.3476562 123.980469 -70.2476578] /Subtype /Link /Border [0 0 1] /Dest /48 /ANN pdfmark
2.64808249 0 32 0 0 (\). Note that existing implementations of TLS should be considered to) A
22 -92.8 M
(determine ) S
(this.) S
0 -103.8 M
[/View [/XYZ -4 653.203125 null] /Dest /98 /DEST pdfmark
0 -103.8 M
[/View [/XYZ -4 653.203125 null] /Dest /99 /DEST pdfmark
0 -122.8 M
15 2 Nf
(Appendix) S
[/View [/XYZ -4 652.203125 null] /Dest /150 /DEST pdfmark
( D. Draft Change ) S
(Log) S
0 -130.3 M
[/View [/XYZ -4 626.703125 null] /Dest /100 /DEST pdfmark
0 -130.3 M
[/View [/XYZ -4 626.703125 null] /Dest /101 /DEST pdfmark
0 -152.8 M
15 2 Nf
(D.1.) S
[/View [/XYZ -4 622.203125 null] /Dest /151 /DEST pdfmark
( Changes in revision ) S
(03) S
11 -173.4 M
gsave
0 setgray
newpath
11.0 -173.367188 2.75 0 360 arc
closepath
fill
grestore
22 -177 M
11 0 Nf
1.63454866 0 32 0 0 (Wildcard domain specifications \(e.g. "*.example.com"\) is allowed for auth-domain parameters ) A
22 -190.2 M
(\() S
(Section\2404.1) S
[/Rect [24.6601562 -192.945312 76.1484375 -180.845306] /Subtype /Link /Border [0 0 1] /Dest /19 /ANN pdfmark
(\). ) S
11 -200.8 M
gsave
0 setgray
newpath
11.0 -200.765625 2.75 0 360 arc
closepath
fill
grestore
22 -204.4 M
(Specification of the "tls-host" verification is updated \(incompatible change\). ) S
11 -215 M
gsave
0 setgray
newpath
11.0 -214.964844 2.75 0 360 arc
closepath
fill
grestore
22 -218.6 M
(State transitions fixed. ) S
11 -229.2 M
gsave
0 setgray
newpath
11.0 -229.164062 2.75 0 360 arc
closepath
fill
grestore
22 -232.8 M
(Requirements for servers about w_a values clarified. ) S
11 -243.4 M
gsave
0 setgray
newpath
11.0 -243.363281 2.75 0 360 arc
closepath
fill
grestore
22 -247 M
(RFC references are ) S
(updated.) S
0 -258 M
[/View [/XYZ -4 499.007812 null] /Dest /102 /DEST pdfmark
0 -258 M
[/View [/XYZ -4 499.007812 null] /Dest /103 /DEST pdfmark
0 -277 M
15 2 Nf
(D.2.) S
[/View [/XYZ -4 498.007812 null] /Dest /152 /DEST pdfmark
( Changes in revision ) S
(02) S
11 -297.6 M
gsave
0 setgray
newpath
11.0 -297.5625 2.75 0 360 arc
closepath
fill
grestore
22 -301.2 M
11 0 Nf
(Auth-realm is extended to allow full-scheme type. ) S
11 -311.8 M
gsave
0 setgray
newpath
11.0 -311.761719 2.75 0 360 arc
closepath
fill
grestore
22 -315.4 M
(A decision diagram for clients and decision procedures for servers are added. ) S
11 -326 M
gsave
0 setgray
newpath
11.0 -325.960938 2.75 0 360 arc
closepath
fill
grestore
22 -329.6 M
(401-B1 and req-A3 messages is changed to have authentication realm information. ) S
11 -340.2 M
gsave
0 setgray
newpath
11.0 -340.160156 2.75 0 360 arc
closepath
fill
grestore
22 -343.8 M
(Bugs on equations for o_A and o_B is fixed. ) S
11 -354.4 M
gsave
0 setgray
newpath
11.0 -354.359375 2.75 0 360 arc
closepath
fill
grestore
22 -358 M
(Detailed equations for the whole algorithm is included. ) S
11 -368.6 M
gsave
0 setgray
newpath
11.0 -368.558594 2.75 0 360 arc
closepath
fill
grestore
22 -372.2 M
(Elliptic-curve algorithms are updated. ) S
11 -382.8 M
gsave
0 setgray
newpath
11.0 -382.757812 2.75 0 360 arc
closepath
fill
grestore
22 -386.4 M
(Several clarifications and other minor ) S
(updates.) S
0 -397.4 M
[/View [/XYZ -4 359.613281 null] /Dest /104 /DEST pdfmark
0 -416.4 M
15 2 Nf
(Authors') S
[/View [/XYZ -4 358.613281 null] /Dest /153 /DEST pdfmark
( ) S
(Addresses) S
0 -441.7 M
11 0 Nf
(\240) S
46.2 -441.7 M
(Yutaka ) S
(Oiwa) S
0 -455.4 M
(\240) S
46.2 -455.4 M
(National Institute of Advanced Industrial Science and ) S
(Technology) S
0 -469.2 M
(\240) S
46.2 -469.2 M
(Research Center for Information ) S
(Security) S
0 -482.9 M
(\240) S
46.2 -482.9 M
(Akihabara Daibiru ) S
(#1102) S
0 -496.7 M
(\240) S
46.2 -496.7 M
(1-18-13 ) S
(Sotokanda) S
0 -510.4 M
(\240) S
46.2 -510.4 M
(Chiyoda-ku, ) S
(Tokyo) S
0 -524.2 M
(\240) S
46.2 -524.2 M
(JP) S
12.9 -537.9 M
(Phone:\240) S
46.2 -537.9 M
(+81 ) S
(3-5298-4722) S
14.1 -551.7 M
(Email:\240) S
46.2 -551.7 M
(mutual-auth-contact@m.aist.go.jp) S
0 -565.4 M
(\240) S
46.2 -565.4 M
(\240) S
0 -579.2 M
(\240) S
46.2 -579.2 M
(Hajime ) S
(Watanabe) S
0 -592.9 M
(\240) S
46.2 -592.9 M
(National Institute of Advanced Industrial Science and ) S
(Technology) S
0 -606.7 M
(\240) S
46.2 -606.7 M
(\240) S
0 -620.4 M
(\240) S
46.2 -620.4 M
(Hiromitsu ) S
(Takagi) S
0 -634.2 M
(\240) S
46.2 -634.2 M
(National Institute of Advanced Industrial Science and ) S
(Technology) S
0 -647.9 M
(\240) S
46.2 -647.9 M
(\240) S
0 -661.7 M
(\240) S
46.2 -661.7 M
(Hirofumi ) S
(Suzuki) S
46.2 -661.7 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 24 -) S
0 setgray
92.3 -8 M
grestore
pgsave restore N
%%Page: 25 25
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -11 M
%%IncludeResource: font Times-Roman
11 0 Nf
(\240) S
46.2 -11 M
(Yahoo! Japan, ) S
(Inc.) S
0 -24.8 M
(\240) S
46.2 -24.8 M
(Roppongi Hills Mori ) S
(Tower) S
0 -38.5 M
(\240) S
46.2 -38.5 M
(6-10-1 ) S
(Roppongi) S
0 -52.2 M
(\240) S
46.2 -52.2 M
(Minato-ku, ) S
(Tokyo) S
0 -66 M
(\240) S
46.2 -66 M
(JP) S
12.9 -79.8 M
(Phone:\240) S
46.2 -79.8 M
(+81 ) S
(3-6440-6290) S
0 -93.5 M
[/View [/XYZ -4 663.5 null] /Dest /105 /DEST pdfmark
0 -112.5 M
%%IncludeResource: font Times-Bold
15 2 Nf
(Full) S
[/View [/XYZ -4 662.5 null] /Dest /154 /DEST pdfmark
( Copyright ) S
(Statement) S
0 -136.7 M
11 0 Nf
(Copyright \251 The IETF Trust ) S
(\(2008\).) S
0 -160.9 M
0.29296875 0 32 0 0 (This document is subject to the rights, licenses and restrictions contained in BCP\24078, and except as set) A
0 -174.1 M
(forth therein, the authors retain all their ) S
(rights.) S
0 -198.3 M
2.10598969 0 32 0 0 (This document and the information contained herein are provided on an \233AS IS\234 basis and THE) A
0 -211.5 M
2.11024308 0 32 0 0 (CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY \(IF) A
0 -224.7 M
1.90585935 0 32 0 0 (ANY\), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING) A
0 -237.9 M
2.55251741 0 32 0 0 (TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT) A
0 -251.1 M
2.703125 0 32 0 0 (NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN) A
0 -264.3 M
10.4982643 0 32 0 0 (WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF) A
0 -277.5 M
(MERCHANTABILITY OR FITNESS FOR A PARTICULAR ) S
(PURPOSE.) S
0 -307.5 M
15 2 Nf
(Intellectual) S
[/View [/XYZ -4 467.507812 null] /Dest /155 /DEST pdfmark
( ) S
(Property) S
0 -331.7 M
11 0 Nf
0.275390625 0 32 0 0 (The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other) A
0 -344.9 M
0.168428302 0 32 0 0 (rights that might be claimed to pertain to the implementation or use of the technology described in this) A
0 -358.1 M
1.17440259 0 32 0 0 (document or the extent to which any license under such rights might or might not be available; nor) A
0 -371.3 M
0.116038606 0 32 0 0 (does it represent that it has made any independent effort to identify any such rights. Information on the) A
0 -384.5 M
(procedures with respect to rights in RFC documents can be found in BCP\24078 and ) S
(BCP\24079.) S
0 -408.7 M
1.42236328 0 32 0 0 (Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made) A
0 -421.9 M
0.233758226 0 32 0 0 (available, or the result of an attempt made to obtain a general license or permission for the use of such) A
0 -435.1 M
0.153125 0 32 0 0 (proprietary rights by implementers or users of this specification can be obtained from the IETF on-line) A
0 -448.3 M
(IPR repository at ) S
(http://www.ietf.org/ipr) S
[/Rect [76.8867188 -451.035156 179.066406 -438.93515] /Subtype /Link /Border [0 0 1] /Action [/Subtype /URI /URI (http://www.ietf.org/ipr)] Cd /ANN pdfmark
(.) S
0 -472.5 M
2.69583344 0 32 0 0 (The IETF invites any interested party to bring to its attention any copyrights, patents or patent) A
0 -485.7 M
0.511997759 0 32 0 0 (applications, or other proprietary rights that may cover technology that may be required to implement) A
0 -498.9 M
(this standard. Please address the information to the IETF at ) S
(ietf-ipr@ietf.org) S
(.) S
0 -528.9 M
15 2 Nf
(Acknowledgment) S
[/View [/XYZ -4 246.117188 null] /Dest /156 /DEST pdfmark
0 -553.1 M
11 0 Nf
(Funding for the RFC Editor function is provided by the IETF Administrative Support Activity ) S
(\(IASA\).) S
0 -564.1 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 25 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%EOF
| PAFTECH AB 2003-2026 | 2026-04-24 19:33:12 |