draft-ietf-ace-aif-02.txt   draft-ietf-ace-aif-03.txt 
ACE Working Group C. Bormann ACE Working Group C. Bormann
Internet-Draft Universität Bremen TZI Internet-Draft Universität Bremen TZI
Intended status: Informational 17 February 2021 Intended status: Informational 24 June 2021
Expires: 21 August 2021 Expires: 26 December 2021
An Authorization Information Format (AIF) for ACE An Authorization Information Format (AIF) for ACE
draft-ietf-ace-aif-02 draft-ietf-ace-aif-03
Abstract Abstract
Constrained Devices as they are used in the "Internet of Things" need Constrained Devices as they are used in the "Internet of Things" need
security. One important element of this security is that devices in security. One important element of this security is that devices in
the Internet of Things need to be able to decide which operations the Internet of Things need to be able to decide which operations
requested of them should be considered authorized, need to ascertain requested of them should be considered authorized, need to ascertain
that the authorization to request the operation does apply to the that the authorization to request the operation does apply to the
actual requester, and need to ascertain that other devices they place actual requester, and need to ascertain that other devices they place
requests on are the ones they intended. requests on are the ones they intended.
skipping to change at page 1, line 45 skipping to change at page 1, line 45
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 21 August 2021. This Internet-Draft will expire on 26 December 2021.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 26 skipping to change at page 2, line 26
as described in Section 4.e of the Trust Legal Provisions and are as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License. provided without warranty as described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. Information Model . . . . . . . . . . . . . . . . . . . . . . 3 2. Information Model . . . . . . . . . . . . . . . . . . . . . . 3
2.1. REST-specific Model . . . . . . . . . . . . . . . . . . . 4 2.1. REST-specific Model . . . . . . . . . . . . . . . . . . . 4
2.2. Limitations . . . . . . . . . . . . . . . . . . . . . . . 5 2.2. Limitations . . . . . . . . . . . . . . . . . . . . . . . 5
2.3. Extended REST-specific Model . . . . . . . . . . . . . . 5 2.3. Extended REST-specific Model . . . . . . . . . . . . . . 6
3. Data Model . . . . . . . . . . . . . . . . . . . . . . . . . 6 3. Data Model . . . . . . . . . . . . . . . . . . . . . . . . . 6
4. Media Types . . . . . . . . . . . . . . . . . . . . . . . . . 8 4. Media Types . . . . . . . . . . . . . . . . . . . . . . . . . 8
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
5.1. Media Types . . . . . . . . . . . . . . . . . . . . . . . 8 5.1. Media Types . . . . . . . . . . . . . . . . . . . . . . . 8
5.2. Registries . . . . . . . . . . . . . . . . . . . . . . . 10 5.2. Registries . . . . . . . . . . . . . . . . . . . . . . . 10
5.3. Content-Format . . . . . . . . . . . . . . . . . . . . . 10 5.3. Content-Format . . . . . . . . . . . . . . . . . . . . . 11
6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 12
7.1. Normative References . . . . . . . . . . . . . . . . . . 11 7.1. Normative References . . . . . . . . . . . . . . . . . . 12
7.2. Informative References . . . . . . . . . . . . . . . . . 12 7.2. Informative References . . . . . . . . . . . . . . . . . 12
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 13 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 14
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 13 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 14
1. Introduction 1. Introduction
Constrained Devices as they are used in the "Internet of Things" need Constrained Devices as they are used in the "Internet of Things" need
security. One important element of this security is that devices in security. One important element of this security is that devices in
the Internet of Things need to be able to decide which operations the Internet of Things need to be able to decide which operations
requested of them should be considered authorized, need to ascertain requested of them should be considered authorized, need to ascertain
that the authorization to request the operation does apply to the that the authorization to request the operation does apply to the
actual requester, and need to ascertain that other devices they place actual requester, and need to ascertain that other devices they place
requests on are the ones they intended. requests on are the ones they intended.
skipping to change at page 4, line 32 skipping to change at page 4, line 32
2.1. REST-specific Model 2.1. REST-specific Model
In the specific instantiation of the REST resources and the In the specific instantiation of the REST resources and the
permissions on them, for the object identifiers ("Toid"), we use the permissions on them, for the object identifiers ("Toid"), we use the
URI of a resource on a CoAP server. More specifically, the parts of URI of a resource on a CoAP server. More specifically, the parts of
the URI that identify the server ("authority" in [RFC3986]) are the URI that identify the server ("authority" in [RFC3986]) are
considered the realm of the authentication mechanism (which are considered the realm of the authentication mechanism (which are
handled in the cryptographic armor); we therefore focus on the "path- handled in the cryptographic armor); we therefore focus on the "path-
absolute" and "query" parts of the URI (URI "local-part" in this absolute" and "query" parts of the URI (URI "local-part" in this
specification, as expressed by the Uri-Path and Uri-Query options in specification, as expressed by the Uri-Path and Uri-Query options in
CoAP). As a consequence, AIF MUST be used in a way that it is CoAP). As a consequence, AIF MUST be used in a way that it is clear
unambiguous who is the target (enforcement point) of these who is the target (enforcement point) of these authorizations (note
authorizations. that there may be more than one target that the same authorization
applies to, e.g., in a situation with homogeneous devices).
For the permissions ("Tperm"), we simplify the model permissions to For the permissions ("Tperm"), we simplify the model permissions to
giving the subset of the CoAP methods permitted. This model is giving the subset of the CoAP methods permitted. This model is
summarized in Table 1. summarized in Table 1.
+============+================+ +============+================+
| local-part | Permission Set | | local-part | Permission Set |
+============+================+ +============+================+
| /s/temp | GET | | /s/temp | GET |
+------------+----------------+ +------------+----------------+
skipping to change at page 5, line 13 skipping to change at page 5, line 27
Information Model Information Model
In this example, a device offers a temperature sensor "/s/temp" for In this example, a device offers a temperature sensor "/s/temp" for
read-only access and a LED actuator "/a/led" for read/write. read-only access and a LED actuator "/a/led" for read/write.
2.2. Limitations 2.2. Limitations
This simple information model only allows granting permissions for This simple information model only allows granting permissions for
statically identifiable objects, e.g., URIs for the REST-specific statically identifiable objects, e.g., URIs for the REST-specific
instantiation. One might be tempted to extend the model towards URI instantiation. One might be tempted to extend the model towards URI
templates [RFC6570], however, that requires some considerations of templates [RFC6570] (for instance, to open up an authorization for
the ease and unambiguity of matching a given URI against a set of many parameter values as in "/s/temp{?any*}"), however, that requires
templates in an AIF object. some considerations of the ease and unambiguity of matching a given
URI against a set of templates in an AIF object.
This simple information model also does not allow further This simple information model also does not allow further
conditionalizing access based on state outside the identification of conditionalizing access based on state outside the identification of
objects (e.g., "opening a door is allowed if that is not locked"). objects (e.g., "opening a door is allowed if that is not locked").
Finally, the model does not provide any special access for a set of Finally, the model does not provide any special access for a set of
resources that are specific to a subject, e.g., that the subject resources that are specific to a subject, e.g., that the subject
created itself by previous operations (PUT, POST, or PATCH/iPATCH created itself by previous operations (PUT, POST, or PATCH/iPATCH
[RFC8132]) or that were specifically created for the subject by [RFC8132]) or that were specifically created for the subject by
others. others.
skipping to change at page 8, line 48 skipping to change at page 9, line 28
For "application/aif+cbor": For "application/aif+cbor":
Type name: application Type name: application
Subtype name: aif+cbor Subtype name: aif+cbor
Required parameters: Required parameters:
* "Toid": the identifier for the object for which permissions are * "Toid": the identifier for the object for which permissions are
supplied. A value from the subregistry for "Toid". Default supplied. A value from the subregistry for "Toid". Default
value: "local-uri" (RFC XXXX). value: "local-uri" (RFC XXXX).
* "Tperm": the data type of a permission set for the the object * "Tperm": the data type of a permission set for the the object
identified via a "Toid". Default value: "REST-method-set" (RFC identified via a "Toid". A value from the subregistry for
XXXX). "Tperm". Default value: "REST-method-set" (RFC XXXX).
Optional parameters: none Optional parameters: none
Encoding considerations: binary (CBOR) Encoding considerations: binary (CBOR)
Security considerations: Section 6 of RFC XXXX Security considerations: Section 6 of RFC XXXX
Interoperability considerations: none Interoperability considerations: none
Published specification: Section 4 of RFC XXXX Published specification: Section 4 of RFC XXXX
Applications that use this media type: No known applications Applications that use this media type: No known applications
currently use this media type. currently use this media type.
Fragment identifier considerations: The syntax and semantics of Fragment identifier considerations: The syntax and semantics of
fragment identifiers is as specified for "application/cbor". (At fragment identifiers is as specified for "application/cbor". (At
publication of RFC XXXX, there is no fragment identification publication of RFC XXXX, there is no fragment identification
skipping to change at page 9, line 30 skipping to change at page 10, line 10
For "application/aif+json": For "application/aif+json":
Type name: application Type name: application
Subtype name: aif+json Subtype name: aif+json
Required parameters: Required parameters:
* "Toid": the identifier for the object for which permissions are * "Toid": the identifier for the object for which permissions are
supplied. A value from the subregistry for "Toid". Default supplied. A value from the subregistry for "Toid". Default
value: "local-uri" (RFC XXXX). value: "local-uri" (RFC XXXX).
* "Tperm": the data type of a permission set for the the object * "Tperm": the data type of a permission set for the the object
identified via a "Toid". Default value: "REST-method-set" (RFC identified via a "Toid". A value from the subregistry for
XXXX). "Tperm". Default value: "REST-method-set" (RFC XXXX).
Optional parameters: none Optional parameters: none
Encoding considerations: binary (JSON is UTF-8-encoded text) Encoding considerations: binary (JSON is UTF-8-encoded text)
Security considerations: Section 6 of RFC XXXX Security considerations: Section 6 of RFC XXXX
Interoperability considerations: none Interoperability considerations: none
Published specification: Section 4 of RFC XXXX Published specification: Section 4 of RFC XXXX
Applications that use this media type: No known applications Applications that use this media type: No known applications
currently use this media type. currently use this media type.
Fragment identifier considerations: The syntax and semantics of Fragment identifier considerations: The syntax and semantics of
fragment identifiers is as specified for "application/json". (At fragment identifiers is as specified for "application/json". (At
publication of RFC XXXX, there is no fragment identification publication of RFC XXXX, there is no fragment identification
skipping to change at page 11, line 21 skipping to change at page 11, line 49
careful to: careful to:
* ensure that the cryptographic armor employed around this format * ensure that the cryptographic armor employed around this format
fulfills the security objectives, and that the armor or some fulfills the security objectives, and that the armor or some
additional information included in it with the AIF information additional information included in it with the AIF information
unambiguously identifies the subject to which the authorizations unambiguously identifies the subject to which the authorizations
shall apply, and shall apply, and
* ensure that the types used for "Toid" and "Tperm" provide the * ensure that the types used for "Toid" and "Tperm" provide the
appropriate granularity so that application requirements on the appropriate granularity so that application requirements on the
precision of the authorization information are fulfilled. precision of the authorization information are fulfilled, and that
all parties understand "Toid"/"Tperm" pairs to signify the same
operations.
For the data formats, the security considerations of [RFC8259] and For the data formats, the security considerations of [RFC8259] and
[RFC8949] apply. [RFC8949] apply.
A generic implementation of AIF might implement just the basic REST A generic implementation of AIF might implement just the basic REST
model as per Section 2.1. If it receives authorizations that include model as per Section 2.1. If it receives authorizations that include
permissions that use the Section 2.3, it should either reject the AIF permissions that use the Section 2.3, it needs to either reject the
data item entirely or it should act only on the permissions that it AIF data item entirely or act only on the permissions that it does
does understand. In other words, the usual principle "everything is understand. In other words, the usual principle "everything is
denied until it is explicitly allowed" should hold here as well. denied until it is explicitly allowed" needs to hold here as well.
7. References 7. References
7.1. Normative References 7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/rfc/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained
Application Protocol (CoAP)", RFC 7252, Application Protocol (CoAP)", RFC 7252,
DOI 10.17487/RFC7252, June 2014, DOI 10.17487/RFC7252, June 2014,
<https://www.rfc-editor.org/rfc/rfc7252>. <https://www.rfc-editor.org/info/rfc7252>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26, Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017, RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/rfc/rfc8126>. <https://www.rfc-editor.org/info/rfc8126>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/rfc/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8610] Birkholz, H., Vigano, C., and C. Bormann, "Concise Data [RFC8610] Birkholz, H., Vigano, C., and C. Bormann, "Concise Data
Definition Language (CDDL): A Notational Convention to Definition Language (CDDL): A Notational Convention to
Express Concise Binary Object Representation (CBOR) and Express Concise Binary Object Representation (CBOR) and
JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610,
June 2019, <https://www.rfc-editor.org/rfc/rfc8610>. June 2019, <https://www.rfc-editor.org/info/rfc8610>.
7.2. Informative References 7.2. Informative References
[I-D.ietf-ace-oauth-authz] [I-D.ietf-ace-oauth-authz]
Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and
H. Tschofenig, "Authentication and Authorization for H. Tschofenig, "Authentication and Authorization for
Constrained Environments (ACE) using the OAuth 2.0 Constrained Environments (ACE) using the OAuth 2.0
Framework (ACE-OAuth)", Work in Progress, Internet-Draft, Framework (ACE-OAuth)", Work in Progress, Internet-Draft,
draft-ietf-ace-oauth-authz-37, 4 February 2021, draft-ietf-ace-oauth-authz-42, 8 June 2021,
<https://tools.ietf.org/html/draft-ietf-ace-oauth-authz- <https://www.ietf.org/archive/id/draft-ietf-ace-oauth-
37>. authz-42.txt>.
[IANA.core-parameters] [IANA.core-parameters]
IANA, "Constrained RESTful Environments (CoRE) IANA, "Constrained RESTful Environments (CoRE)
Parameters", Parameters",
<http://www.iana.org/assignments/core-parameters>. <http://www.iana.org/assignments/core-parameters>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, DOI 10.17487/RFC3986, January 2005, RFC 3986, DOI 10.17487/RFC3986, January 2005,
<https://www.rfc-editor.org/rfc/rfc3986>. <https://www.rfc-editor.org/info/rfc3986>.
[RFC4949] Shirey, R., "Internet Security Glossary, Version 2", [RFC4949] Shirey, R., "Internet Security Glossary, Version 2",
FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007,
<https://www.rfc-editor.org/rfc/rfc4949>. <https://www.rfc-editor.org/info/rfc4949>.
[RFC6570] Gregorio, J., Fielding, R., Hadley, M., Nottingham, M., [RFC6570] Gregorio, J., Fielding, R., Hadley, M., Nottingham, M.,
and D. Orchard, "URI Template", RFC 6570, and D. Orchard, "URI Template", RFC 6570,
DOI 10.17487/RFC6570, March 2012, DOI 10.17487/RFC6570, March 2012,
<https://www.rfc-editor.org/rfc/rfc6570>. <https://www.rfc-editor.org/info/rfc6570>.
[RFC7228] Bormann, C., Ersue, M., and A. Keranen, "Terminology for [RFC7228] Bormann, C., Ersue, M., and A. Keranen, "Terminology for
Constrained-Node Networks", RFC 7228, Constrained-Node Networks", RFC 7228,
DOI 10.17487/RFC7228, May 2014, DOI 10.17487/RFC7228, May 2014,
<https://www.rfc-editor.org/rfc/rfc7228>. <https://www.rfc-editor.org/info/rfc7228>.
[RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
Protocol (HTTP/1.1): Semantics and Content", RFC 7231, Protocol (HTTP/1.1): Semantics and Content", RFC 7231,
DOI 10.17487/RFC7231, June 2014, DOI 10.17487/RFC7231, June 2014,
<https://www.rfc-editor.org/rfc/rfc7231>. <https://www.rfc-editor.org/info/rfc7231>.
[RFC7493] Bray, T., Ed., "The I-JSON Message Format", RFC 7493, [RFC7493] Bray, T., Ed., "The I-JSON Message Format", RFC 7493,
DOI 10.17487/RFC7493, March 2015, DOI 10.17487/RFC7493, March 2015,
<https://www.rfc-editor.org/rfc/rfc7493>. <https://www.rfc-editor.org/info/rfc7493>.
[RFC8132] van der Stok, P., Bormann, C., and A. Sehgal, "PATCH and [RFC8132] van der Stok, P., Bormann, C., and A. Sehgal, "PATCH and
FETCH Methods for the Constrained Application Protocol FETCH Methods for the Constrained Application Protocol
(CoAP)", RFC 8132, DOI 10.17487/RFC8132, April 2017, (CoAP)", RFC 8132, DOI 10.17487/RFC8132, April 2017,
<https://www.rfc-editor.org/rfc/rfc8132>. <https://www.rfc-editor.org/info/rfc8132>.
[RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data [RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
Interchange Format", STD 90, RFC 8259, Interchange Format", STD 90, RFC 8259,
DOI 10.17487/RFC8259, December 2017, DOI 10.17487/RFC8259, December 2017,
<https://www.rfc-editor.org/rfc/rfc8259>. <https://www.rfc-editor.org/info/rfc8259>.
[RFC8576] Garcia-Morchon, O., Kumar, S., and M. Sethi, "Internet of [RFC8576] Garcia-Morchon, O., Kumar, S., and M. Sethi, "Internet of
Things (IoT) Security: State of the Art and Challenges", Things (IoT) Security: State of the Art and Challenges",
RFC 8576, DOI 10.17487/RFC8576, April 2019, RFC 8576, DOI 10.17487/RFC8576, April 2019,
<https://www.rfc-editor.org/rfc/rfc8576>. <https://www.rfc-editor.org/info/rfc8576>.
[RFC8881] Noveck, D., Ed. and C. Lever, "Network File System (NFS) [RFC8881] Noveck, D., Ed. and C. Lever, "Network File System (NFS)
Version 4 Minor Version 1 Protocol", RFC 8881, Version 4 Minor Version 1 Protocol", RFC 8881,
DOI 10.17487/RFC8881, August 2020, DOI 10.17487/RFC8881, August 2020,
<https://www.rfc-editor.org/rfc/rfc8881>. <https://www.rfc-editor.org/info/rfc8881>.
[RFC8949] Bormann, C. and P. Hoffman, "Concise Binary Object [RFC8949] Bormann, C. and P. Hoffman, "Concise Binary Object
Representation (CBOR)", STD 94, RFC 8949, Representation (CBOR)", STD 94, RFC 8949,
DOI 10.17487/RFC8949, December 2020, DOI 10.17487/RFC8949, December 2020,
<https://www.rfc-editor.org/rfc/rfc8949>. <https://www.rfc-editor.org/info/rfc8949>.
Acknowledgements Acknowledgements
Jim Schaad, Francesca Palombini, Olaf Bergmann, and Marco Tiloca Jim Schaad, Francesca Palombini, Olaf Bergmann, Marco Tiloca, and
provided comments that shaped the direction of this document. Alexey Christian Amsüss provided comments that shaped the direction of this
Melnikov pointed out that there were gaps in the media type document. Alexey Melnikov pointed out that there were gaps in the
specifications. media type specifications, and Loganaden Velvindron provided a
shepherd review with further comments.
Author's Address Author's Address
Carsten Bormann Carsten Bormann
Universität Bremen TZI Universität Bremen TZI
Postfach 330440 Postfach 330440
D-28359 Bremen D-28359 Bremen
Germany Germany
Phone: +49-421-218-63921 Phone: +49-421-218-63921
Email: cabo@tzi.org Email: cabo@tzi.org
 End of changes. 32 change blocks. 
48 lines changed or deleted 54 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/