[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: (draft-ipsecme-aes-ctr-ikev2) 00 01 02 03 04 05 06 07 RFC 5930

IPSECME                                                          S. Shen
Internet-Draft                                                    Huawei
Updates: RFC4307                                                  Y. Mao
(if approved)                                                        H3C
Expires: February 18, 2010                                   NSS. Murthy
                                                 Freescale Semiconductor
                                                         August 17, 2009


    Using Advanced Encryption Standard (AES) Counter Mode with IKEv2
                  draft-ietf-ipsecme-aes-ctr-ikev2-01

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on February 18, 2010.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.






Shen, et al.            Expires February 18, 2010               [Page 1]

Internet-Draft              AES-CTR for IKEv2                August 2009


Abstract

   This document describes the usage of Advanced Encryption Standard
   Counter Mode (AES_CTR), with an explicit initialization vector, by
   IKEv2 for encrypting the IKEv2 exchanges that follow the IKE_SA_INIT
   exchange.


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  Conventions Used In This Document  . . . . . . . . . . . .  3
   2.  AES Counter Mode . . . . . . . . . . . . . . . . . . . . . . .  4
     2.1.  Counter Mode . . . . . . . . . . . . . . . . . . . . . . .  4
     2.2.  Key Sizes and Rounds . . . . . . . . . . . . . . . . . . .  6
     2.3.  Block Size . . . . . . . . . . . . . . . . . . . . . . . .  7
   3.  IKEv2 Encrypted Payload  . . . . . . . . . . . . . . . . . . .  8
     3.1.  Initialization Vector(IV)  . . . . . . . . . . . . . . . .  8
     3.2.  Integrity Checksum Data  . . . . . . . . . . . . . . . . .  8
   4.  Counter Block Format . . . . . . . . . . . . . . . . . . . . .  9
   5.  IKEv2 Conventions  . . . . . . . . . . . . . . . . . . . . . . 11
     5.1.  Keying Material and Nonces . . . . . . . . . . . . . . . . 11
     5.2.  Encryption identifier  . . . . . . . . . . . . . . . . . . 12
     5.3.  Key Length Attribute . . . . . . . . . . . . . . . . . . . 12
   6.  Security Considerations  . . . . . . . . . . . . . . . . . . . 13
   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 14
   8.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 15
   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 16
     9.1.  Normative References . . . . . . . . . . . . . . . . . . . 16
     9.2.  Informative References . . . . . . . . . . . . . . . . . . 16
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17




















Shen, et al.            Expires February 18, 2010               [Page 2]

Internet-Draft              AES-CTR for IKEv2                August 2009


1.  Introduction

   IKEv2 [RFC4306] is a component of IPsec used for performing mutual
   authentication and establishing and maintaining security associations
   (SAs).  [RFC4307] defines the set of algorithms that are mandatory to
   implement as part of IKEv2, as well as algorithms that should be
   implemented because they may be promoted to mandatory at some future
   time.  [RFC4307] requires that an implementation "SHOULD" support
   Advanced Encryption Standard [AES] in Counter Mode [MODES] (AES_CTR)
   as a Transform Type 1 Algorithm (encryption).

   Although the [RFC4307] specifies that the AES_CTR encryption
   algorithm feature SHOULD be supported by IKEv2, no existing document
   specifies how IKEv2 can support the feature.  This document provides
   the specification and usage of AES-CTR counter mode by IKEv2.

   All the IKEv2 messages that follow the initial exchange(IKE_SA_INIT)
   are cryptographically protected using the cryptographic algorithms
   and keys negotiated in the first two messages of the IKEv2 exchange.
   These subsequent messages use the syntax of the IKEv2 Encrypted
   Payload as explained in [RFC4306].

   This document explains how IKEv2 makes use of AES_CTR algorithm for
   encrypting IKE messages that follow initial exchange: The second pair
   of messages (IKE_AUTH) in initial exchange, messages in
   CREATE_CHILD_SA exchange, messages in INFORMATIONAL exchange.

1.1.  Conventions Used In This Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].



















Shen, et al.            Expires February 18, 2010               [Page 3]

Internet-Draft              AES-CTR for IKEv2                August 2009


2.  AES Counter Mode

   AES [AES] is a symmetric block cipher that can process data blocks of
   128 bits, using cipher keys with lengths of 128, 192, and 256 bits.

   The use of AES algorithm operations in IKEv2 is the same as what
   defined in [AES].  The use of Counter Mode is defined the same as how
   AES_CTR is used to encrypt ESP payload [RFC3686].  The choices of Key
   Size, Rounds and Block Size are defined as following which are
   compatible with [RFC3686].

2.1.  Counter Mode

   This section gives description for AES Counter Mode algorithm and
   cites algorithm description part in section 2.1 of [RFC3686]

   NIST has defined five modes of operation for AES and other FIPS-
   approved block ciphers [MODES].  Each of these modes has different
   characteristics.  The five modes are: ECB (Electronic Code Book), CBC
   (Cipher Block Chaining), CFB (Cipher FeedBack), OFB (Output
   FeedBack), and CTR (Counter).

   Only AES Counter mode (AES-CTR) is discussed in this specification.
   AES-CTR requires the encryptor to generate a unique per-packet value,
   and communicate this value to the decryptor.  This specification
   calls this per-packet value an initialization vector (IV).  The same
   IV and key combination MUST NOT be used more than once.  The
   encryptor can generate the IV in any manner that ensures uniqueness.
   Common approaches to IV generation include incrementing a counter for
   each packet and linear feedback shift registers (LFSRs).

   This specification calls for the use of a nonce for additional
   protection against precomputation attacks.  The nonce value need not
   be secret.  However, the nonce MUST be unpredictable prior to the
   establishment of the IPsec security association that is making use of
   AES-CTR.

   AES-CTR has many properties that make it an attractive encryption
   algorithm for in high-speed networking.  AES-CTR uses the AES block
   cipher to create a stream cipher.  Data is encrypted and decrypted by
   XORing with the key stream produced by AES encrypting sequential
   counter block values.  AES-CTR is easy to implement, and AES-CTR can
   be pipelined and parallelized.  AES-CTR also supports key stream
   precomputation.

   Pipelining is possible because AES has multiple rounds (see
   Section 2.2).  A hardware implementation (and some software
   implementations) can create a pipeline by unwinding the loop implied



Shen, et al.            Expires February 18, 2010               [Page 4]

Internet-Draft              AES-CTR for IKEv2                August 2009


   by this round structure.  For example, after a 16-octet block has
   been input, one round later another 16-octet block can be input, and
   so on.  In AES- CTR, these inputs are the sequential counter block
   values used to generate the key stream.

   Multiple independent AES encrypt implementations can also be used to
   improve performance.  For example, one could use two AES encrypt
   implementations in parallel, to process a sequence of counter block
   values, doubling the effective throughput.

   The sender can precompute the key stream.  Since the key stream does
   not depend on any data in the packet, the key stream can be
   precomputed once the nonce and IV are assigned.  This precomputation
   can reduce packet latency.  The receiver cannot perform similar
   precomputation because the IV will not be known before the packet
   arrives.

   AES-CTR uses the only AES encrypt operation (for both encryption and
   decryption), making AES-CTR implementations smaller than
   implementations of many other AES modes.

   When used correctly, AES-CTR provides a high level of
   confidentiality.  Unfortunately, AES-CTR is easy to use incorrectly.
   Being a stream cipher, any reuse of the per-packet value, called the
   IV, with the same nonce and key is catastrophic.  An IV collision
   immediately leaks information about the plaintext in both packets.
   For this reason, it is inappropriate to use this mode of operation
   with static keys.  Extraordinary measures would be needed to prevent
   reuse of an IV value with the static key across power cycles.  To be
   safe, implementations MUST use fresh keys with AES-CTR.  The Internet
   Key Exchange [RFC4306] protocol can be used to establish fresh keys.
   IKE can also provide the nonce value.

   With AES-CTR, it is trivial to use a valid ciphertext to forge other
   (valid to the decryptor) ciphertexts.  Thus, it is equally
   catastrophic to use AES-CTR without a companion authentication
   function.  Implementations MUST use AES-CTR in conjunction with an
   authentication function, such as HMAC-SHA-1-96 [RFC2404].

   To encrypt a payload with AES-CTR, the encryptor partitions the
   plaintext, PT, into 128-bit blocks.  The final block need not be 128
   bits; it can be less.

      PT = PT[1] PT[2] ...  PT[n]

   Each PT block is XORed with a block of the key stream to generate the
   ciphertext, CT.  The AES encryption of each counter block results in
   128 bits of key stream.  The most significant 96 bits of the counter



Shen, et al.            Expires February 18, 2010               [Page 5]

Internet-Draft              AES-CTR for IKEv2                August 2009


   block are set to the nonce value, which is 32 bits, followed by the
   per-packet IV value, which is 64 bits.  The least significant 32 bits
   of the counter block are initially set to one.  This counter value is
   incremented by one to generate subsequent counter blocks, each
   resulting in another 128 bits of key stream.  The encryption of n
   plaintext blocks can be summarized as:

      CTRBLK := NONCE || IV || ONE
      FOR i := 1 to n-1 DO
        CT[i] := PT[i] XOR AES(CTRBLK)
        CTRBLK := CTRBLK + 1
      END
      CT[n] := PT[n] XOR TRUNC(AES(CTRBLK))

   The AES() function performs AES encryption with the fresh key.

   The TRUNC() function truncates the output of the AES encrypt
   operation to the same length as the final plaintext block, returning
   the most significant bits.

   Decryption is similar.  The decryption of n ciphertext blocks can be
   summarized as:

      CTRBLK := NONCE || IV || ONE
      FOR i := 1 to n-1 DO
        PT[i] := CT[i] XOR AES(CTRBLK)
        CTRBLK := CTRBLK + 1
      END
      PT[n] := CT[n] XOR TRUNC(AES(CTRBLK))

2.2.  Key Sizes and Rounds

   AES supports three key sizes: 128 bits, 192 bits, and 256 bits.  All
   IKEv2 implementations that implement AES-CTR MUST support the 128 key
   size.  An IKEv2 implementation MAY support key sizes of 192 and 256
   bits.

   AES MUST use different rounds for each of the key sizes:

      When a 128-bit key is used, implementations MUST use 10 rounds.

      When a 192-bit key is used, implementations MUST use 12 rounds.

      When a 256-bit key is used, implementations MUST use 14 rounds.







Shen, et al.            Expires February 18, 2010               [Page 6]

Internet-Draft              AES-CTR for IKEv2                August 2009


2.3.  Block Size

   The AES algorithm has a block size of 128 bits (16 octets), i.e., AES
   generate 128 bits of key stream.  For encryption or decryption, a
   user XOR the key stream with 128 bits of plaintext or ciphertext
   blocks.  If the generated key stream is longer than the plaintext or
   ciphertext, the extra key stream bits are simply discarded.  For this
   reason, AES-CTR does not require the plaintext to be padded to a
   multiple of the block size.










































Shen, et al.            Expires February 18, 2010               [Page 7]

Internet-Draft              AES-CTR for IKEv2                August 2009


3.  IKEv2 Encrypted Payload

   Section 3.14 of IKEv2 [RFC4306] explains the IKEv2 Encrypted Payload.
   The encrypted Payload, denoted SK{...} contains other IKEv2 payloads
   in encrypted form.

   The payload includes an Initialization Vector(IV) whose length is
   defined by the encryption algorithm negotiated.  It also includes
   Integrity Checksum data.  These two fields are not encrypted.

3.1.  Initialization Vector(IV)

   The IV field MUST be eight octets when AES_CTR algorithm is used for
   encryption.  The IV MUST be chosen by the encryptor in a manner that
   ensures that the same IV value is NOT used more than once with a
   given encryption key.  The encryptor can generate the IV in any
   manner that ensures uniqueness.  Common approaches to IV generation
   include incrementing a counter for each packet and linear feedback
   shift registers (LFSRs).

3.2.  Integrity Checksum Data

   Since it is trivial to construct a forgery AES_CTR ciphertext from a
   valid AES_CTR ciphertext, an integrity algorithm must be used when
   using AES_CTR.  IKEv2 does require Integrity Checksum Data for
   Encrypted Payload as described in section 3.14 of [RFC4306].  The
   choice of integrity algorithms in IKEv2 is defined in [RFC4307] as:

     Name                     Number       Defined In           Status
     NONE                     0
     AUTH_HMAC_MD5_96         1            [RFC2403]            MAY
     AUTH_HMAC_SHA1_96        2            [RFC2404]            MUST
     AUTH_AES_XCBC_96         5            [AES-MAC]            SHOULD+


















Shen, et al.            Expires February 18, 2010               [Page 8]

Internet-Draft              AES-CTR for IKEv2                August 2009


4.  Counter Block Format

   All the IKEv2 messages following the initial exchange are
   cryptographically protected using the cryptographic algorithms and
   keys negotiated in the first two messages of the IKEv2 exchange.
   These subsequent messages use the syntax of the IKEv2 Encrypted
   Payload.

   The Encrypted Payload is the XOR of the plaintext and key stream.
   The key stream is generated by inputing Counter Blocks into AES
   algorithm.  The AES counter block cipher block is 128 bits.  Counter
   Blocks are defined as in Figure 1.

   All messages carry the IV that is necessary to construct the sequence
   of counter blocks used to generate the key stream necessary to
   decrypt the payload.

   Figure 1 shows the format of the counter block.

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                            Nonce                              |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                  Initialization Vector (IV)                   |
      |                                                               |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                         Block Counter                         |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                      Figure 1: Counter Block Format

   The components of the counter block are as follows:

   Nonce

      The Nonce field is 32 bits.  As the name implies, the nonce is a
      single use value.  That is, a fresh nonce value MUST be assigned
      for each security association.  It MUST be assigned at the
      beginning of the security association.  The nonce value need not
      be secret, but it MUST be unpredictable prior to the beginning of
      the security association.

   Initialization Vector (IV)

      The IV field is 64 bits.  The IV MUST be chosen by the encryptor
      in a manner that ensures that the same IV value is used only once
      for a given encryption key.  The encryptor includes the IV in the



Shen, et al.            Expires February 18, 2010               [Page 9]

Internet-Draft              AES-CTR for IKEv2                August 2009


      IKEv2 message containing encrypted payloads.

   Block Counter

      The block counter field is the least significant 32 bits of the
      counter block.  The block counter begins with the value of one,
      and it is incremented to generate subsequent portions of the key
      stream.  The block counter is a 32-bit big-endian integer value.

   Section 2 provides references to other documents for implementing
   AES_CTR encryption/decryption process.








































Shen, et al.            Expires February 18, 2010              [Page 10]

Internet-Draft              AES-CTR for IKEv2                August 2009


5.  IKEv2 Conventions

   This section describes the conventions used by IKEv2 protocol to
   generate encryption keys and nonces for use with AES-CTR algorithm in
   IKE-SA negotiation.  The identifiers and attributes related to AES-
   CTR required during IKE-SA and Child-SA negotiation are also defined.

5.1.  Keying Material and Nonces

   IKEv2 can be used to establish fresh keys and nonces, as the same
   combination of IV and encryption key values MUST not be reused when
   AES_CTR algorithm is used for encryption.  This section describes the
   conventions for generating an unpredictable and secret Nonce and an
   encryption key of required lengths using IKEv2.

   IKEv2 negotiates four cryptographic algorithms with its peer using
   IKE_SA_INIT exchange.  They include an encryption algorithm and a
   pseudo-random function(PRF).  All the payloads of IKEv2 messages that
   follow the IKE_SA_INIT exchange are encrypted using the negotiated
   encryption algorithm.  The pseudo-random function(PRF)is used to
   generate the keying material required for the encryption algorithm.

   AES_CTR encryption algorithm needs an encryption key and a nonce.
   The two directions of traffic flow use different encryption keys and
   nonces.  Section 2.14 of [RFC4306] details the process of generating
   the keying material.  SK_ei and SK_er represent the key material to
   be used for encryption purposes in the two directions.

   The size of the key material (SK_ei and SK_er) to be generated for
   AES_CTR algorithm for different key lengths is as follows:

   AES_CTR with a 128 bit key

      The key material required is 20 octets.  The first 16 octets are
      the 128-bit AES key, and the remaining four octets are used as the
      nonce value in the counter block.

   AES_CTR with a 192 bit key

      The key material required is 28 octets.  The first 24 octets are
      the 192-bit AES key, and the remaining four octets are used as the
      nonce value in the counter block.

   AES_CTR with a 256 bit key

      The key material required is 36 octets.  The first 32 octets are
      the 256-bit AES key, and the remaining four octets are used as the
      nonce value in the counter block.



Shen, et al.            Expires February 18, 2010              [Page 11]

Internet-Draft              AES-CTR for IKEv2                August 2009


5.2.  Encryption identifier

   IKEv2 uses the IANA allocated encryption identifier of 13 for
   ENCR_AES_CTR with an explicit IV (ENCR_AES_CTR 13) as the transform
   ID during IKE-SA and Child-SA negotiation.

5.3.  Key Length Attribute

   Since the AES_CTR algorithm supports three key lengths, the Key
   Length attribute MUST be specified in both the IKE-SA and Child-SA
   negotiations.  The Key Length attribute MUST have a value of 128,
   192, or 256.







































Shen, et al.            Expires February 18, 2010              [Page 12]

Internet-Draft              AES-CTR for IKEv2                August 2009


6.  Security Considerations

   Security considerations explained in section 7 of [RFC3686] are
   entirely relevant for this draft also.

   AES_CTR provides high confidentiality when used properly.  However,
   as a stream mode cipher, the security of will lose when AES-CTR is
   misused.

   Generally, a stream cipher should not use static keys.  This is
   because key streams will be easily canceled when two ciphertext use
   the same key stream (check detailed description of this attack in
   [RFC3686]).  Therefore, IKEv2 should avoid an identical key being
   used for different IKE SA or a same key stream being used on
   different blocks of plaintext.  Proper use of Nonce and counter as
   defined in Section 4 can successfully avoid the risk.

   A stream cipher like AES_CTR is also vulnerable under data forgery
   attack (check [RFC3686] for a demonstration of this attack).
   However, when integrity protection is provided as Section 3.2
   requires, this risk is avoided.

   Additionally, since AES has a 128-bit block size, regardless of the
   mode employed, the ciphertext generated by AES encryption becomes
   distinguishable from random values after 2^64 blocks are encrypted
   with a single key.  Since IKEv2 are not likely to carry traffics in
   such a high quantity, this won't be a big concern here.  However,
   when large amount of traffic appear in the future or under abnormal
   circumstances, implementations SHOULD generate a fresh key before
   2^64 blocks are encrypted with the same key.

   For generic attacks on AES, such as brute force or precalculations,
   the requirement of key size provides reasonable security
   [Recommendations].

















Shen, et al.            Expires February 18, 2010              [Page 13]

Internet-Draft              AES-CTR for IKEv2                August 2009


7.  IANA Considerations

   IANA has assigned 13 as the transform ID for ENCR_AES_CTR encryption
   with an explicit IV.  This ID is to be used during IKE_SA
   negotiation.














































Shen, et al.            Expires February 18, 2010              [Page 14]

Internet-Draft              AES-CTR for IKEv2                August 2009


8.  Acknowledgments

   The authors thank Yaron Sheffer, Paul Hoffman for their direction and
   comments on this document.















































Shen, et al.            Expires February 18, 2010              [Page 15]

Internet-Draft              AES-CTR for IKEv2                August 2009


9.  References

9.1.  Normative References

   [RFC4306]  Kaufman, C., "Internet Key Exchange (IKEv2) Protocol",
              RFC 4306, December 2005.

   [RFC4307]  Schiller, J., "Cryptographic Algorithms for Use in the
              Internet Key Exchange Version 2 (IKEv2)", RFC 4307,
              December 2005.

   [AES]      National Institute of Standards and Technology, "Advanced
              Encryption Standard (AES)", FIPS PUB 197, November 2001, <
              http://csrc.nist.gov/publications/fips/fips197/
              fips-197.pdf>.

   [MODES]    Dworkin, M., "Recommendation for Block Cipher Modes of
              Operation Methods and Techniques", NIST Special
              Publication 800-38A, December 2001, <http://csrc.nist.gov/
              publications/nistpubs/800-38a/sp800-38a.pdf>.

9.2.  Informative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2404]  Madson, C. and R. Glenn, "The Use of HMAC-SHA-1-96 within
              ESP and AH", RFC 2404, November 1998.

   [RFC2409]  Harkins, D. and D. Carrel, "The Internet Key Exchange
              (IKE)", RFC 2409, November 1998.

   [RFC3686]  Housley, R., "Using Advanced Encryption Standard (AES)
              Counter Mode With IPsec  Encapsulating Security Payload
              (ESP)", RFC 3686, January 2004.

   [draft-ietf-ipsecme-roadmap-02]
              Sheila, S. and S. Suresh, "IP Security (IPsec) and
              Internet Key Exchange (IKE) Document Roadmap",
              draft-ietf-ipsecme-roadmap-02 (work in progress),
              July 2009.

   [Recommendations]
              Barker, E., Barker, W., Burr, W., Polk, W., and M. Smid,
              "Recommendation for Key Management - Part1 -
              General(Revised)", NIST Special Publication 800-57,
              March 2007, <http://csrc.nist.gov/publications/nistpubs/
              800-57/SP800-57-Part1.pdf>.



Shen, et al.            Expires February 18, 2010              [Page 16]

Internet-Draft              AES-CTR for IKEv2                August 2009


Authors' Addresses

   Sean Shen
   Huawei
   No. 9  Xinxi Road
   Beijing  100085
   China

   Email: sshen@huawei.com


   Yu Mao
   H3C Tech. Co., Ltd
   Oriental Electronic Bld.
   No.2 Chuangye Road
   Shang-Di Information Industry
   Hai-Dian District
   Beijing  100085
   China

   Email: maoyu@h3c.com


   N S Srinivasa Murthy
   UMA PLAZA, NAGARJUNA CIRCLE, PUNJAGUTTA
   HYDERABAD  500082
   INDIA

   Email: ssmurthy.nittala@freescale.com






















Shen, et al.            Expires February 18, 2010              [Page 17]


Html markup produced by rfcmarkup 1.109, available from https://tools.ietf.org/tools/rfcmarkup/