draft-ietf-bridge-8021x-02.txt   draft-ietf-bridge-8021x-03.txt 
Bridge Working Group K.C. Norseth Bridge Working Group K.C. Norseth
INTERNET-DRAFT L-3 Communications INTERNET-DRAFT L-3 Communications
July 2003 November 2003
Expires August 2003 Expires May 2004
Definitions for Port Access Control (IEEE 802.1X) MIB Definitions for Port Access Control (IEEE 802.1X) MIB
draft-ietf-bridge-8021x-02.txt draft-ietf-bridge-8021x-03.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is subject to all provisions This document is an Internet-Draft and is subject to all provisions
of Section 10 of RFC2026. of Section 10 of RFC2026, except that the right to produce derivative
works is not granted, other than to extract the MIB module in Section
4 as-is for separate use.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet- Drafts as reference time. It is inappropriate to use Internet- Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
skipping to change at page 2, line 15 skipping to change at page 2, line 18
authorization process fails. authorization process fails.
This standard is part of a family of standards for local and This standard is part of a family of standards for local and
metropolitan area networks. metropolitan area networks.
This draft is written within the IEEE 802.1X working group and is This draft is written within the IEEE 802.1X working group and is
being presented to the IETF for informational purposes. being presented to the IETF for informational purposes.
Table of Contents Table of Contents
1. Introduction ............................................. 2 1. Introduction ............................................... 2
2. Overview ................................................. 3 2. Overview .................................................. 3
2.1. Scope .................................................... 4 2.1. Scope ................................................... 4
3. Structure of MIB ......................................... 4 3. Structure of MIB ........................................... 4
3.1 Relationship to the managed objects defined in IEEE 802.1X 4 3.1 Relationship to the managed objects defined in IEEE 802.1X . 4
3.2 The PAE System Group ..................................... 6 3.2 The PAE System Group ..................................... 6
3.3 The PAE Authenticator Group .............................. 6 3.3 The PAE Authenticator Group ............................... 6
3.4 The PAE Supplicant Group ................................. 6 3.4 The PAE Supplicant Group .................................. 6
3.5 Relationship to other MIBs ............................... 6 3.5 Relationship to other MIBs ................................ 6
3.6 Relationship to the Interfaces MIB ....................... 6 3.6 Relationship to the Interfaces MIB ........................ 6
4 Definitions for the 802.1X-MIB ........................... 7 4 Definitions for the 802.1X-MIB ............................. 7
5. Intellectual Property .................................... 38 5. Intellectual Property .................................... 38
6. Acknowledgements ......................................... 38 6. Acknowledgements ......................................... 38
7. Normative References ..................................... 38 7. Normative References ...................................... 39
8. Informative References ................................... 39 8. Informative References ................................... 39
9. Security Considerations .................................. 40 9. Security Considerations .................................. 40
10. Author's Address ......................................... 41 10. Author's Address ......................................... 41
11. Change Log ............................................... 41 11. Change Log ............................................... 41
12. Full Copyright Statement ................................. 41 12. Full Copyright Statement .................................. 41
1. Introduction 1. Introduction
The SNMP Management Framework The SNMP Management Framework
The SNMP Management Framework presently consists of five major The SNMP Management Framework presently consists of five major
components: components:
o An overall architecture, described in RFC 2571 [RFC2571]. o An overall architecture, described in RFC 2571 [RFC2571].
skipping to change at page 7, line 27 skipping to change at page 7, line 31
System, these numbers are equal to the ifIndex value for the System, these numbers are equal to the ifIndex value for the
interface for the corresponding Port. interface for the corresponding Port.
4 Definitions for the 802.1X-MIB 4 Definitions for the 802.1X-MIB
In the MIB definition below, should any discrepancy between the In the MIB definition below, should any discrepancy between the
DESCRIPTION text and the corresponding definition in IEEE 802.1X DESCRIPTION text and the corresponding definition in IEEE 802.1X
Clause 9 occur, the definition in IEEE 802.1X Clause 9 shall take Clause 9 occur, the definition in IEEE 802.1X Clause 9 shall take
precedence. precedence.
Noted changes between this draft and the IEEE draft are in the The MIB module below was originally published on-line as:
MODULE-IDENTITY section. Also dot1xPaePortReauthenticate and
dot1xAuthSessionUserName were added to conformance groups. http://www.ieee802.org/1/files/public/MIBs/802-1x-2001-mib.txt
The text that follows includes certain corrections relative to the
original version that were necessary in order to get the module to
compile. These changes were:
- Replaced all non-ascii double quotes and apostrophes by the
equivalent ASCII characters;
- In the MODULE-IDENTITY value assignment changed
"iso(1)" to "iso";
- Added dot1xPaePortReauthenticate and
dot1xAuthSessionUserName to
the appropriate conformance groups.
IEEE8021-PAE-MIB DEFINITIONS ::= BEGIN IEEE8021-PAE-MIB DEFINITIONS ::= BEGIN
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
-- IEEE 802.1X MIB -- IEEE 802.1X MIB
-- http://www.ieee802.org/1/files/public/MIBs/802-1x-2001-mib.txt
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
IMPORTS IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Counter32, Counter64, MODULE-IDENTITY, OBJECT-TYPE, Counter32, Counter64,
Unsigned32, TimeTicks Unsigned32, TimeTicks
FROM SNMPv2-SMI FROM SNMPv2-SMI
MacAddress, TEXTUAL-CONVENTION, TruthValue MacAddress, TEXTUAL-CONVENTION, TruthValue
FROM SNMPv2-TC FROM SNMPv2-TC
MODULE-COMPLIANCE, OBJECT-GROUP MODULE-COMPLIANCE, OBJECT-GROUP
FROM SNMPv2-CONF FROM SNMPv2-CONF
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB FROM SNMP-FRAMEWORK-MIB
InterfaceIndex InterfaceIndex
FROM IF-MIB FROM IF-MIB
; ;
ieee8021paeMIB MODULE-IDENTITY ieee8021paeMIB MODULE-IDENTITY
LAST-UPDATED "200101160000Z" LAST-UPDATED "200309050000Z"
ORGANIZATION "IEEE 802.1 Working Group" ORGANIZATION "IEEE 802.1 Working Group"
CONTACT-INFO CONTACT-INFO
"http://grouper.ieee.org/groups/802/1/index.html" "http://grouper.ieee.org/groups/802/1/index.html"
ORGANIZATION "IETF Bridge MIB Working Group"
CONTACT-INFO
"Email: Bridge-mib@ietf.org"
K.C. Norseth
L-3 Communications
Tel: +1 801-594-2809
Email: kenyon.c.norseth@L-3com.com
Postal: 640 N. 2200 West.
Salt Lake City, Utah 84116-0850
Send comments to <bridge-mib@ietf.org>
DESCRIPTION DESCRIPTION
"The Port Access Entity module for managing IEEE "The Port Access Entity module for managing IEEE
802.1X." 802.1X."
"Copyright (C) The Internet Society (2003). This version of REVISION "200309050000Z"
this MIB module is part of RFC xxxx; see the RFC itself for DESCRIPTION "The IETF published version as in RFC xxxx.
full legal notices."
-- ::= { iso(1) std(0) iso8802(8802) ieee802dot1(1) The IETF Bridge-mib WG made the following changes:
-- ieee802dot1mibs(1) 1 } - Replaced all non-ascii double quotes and
::= { iso std(0) iso8802(8802) ieee802dot1(1) ieee802dot1mibs(1) 1 } apostrophes by the equivalent ASCII characters;
- In the MODULE-IDENTITY value assignment changed
'iso(1)' to 'iso';
- Added dot1xPaePortReauthenticate and
dot1xAuthSessionUserName to the appropriate
conformance groups.
"
REVISION "200101160000Z" -- Jan 16th, 2001
DESCRIPTION "The initial and authoritative version as published at:
http://www.ieee802.org/1/files/public/MIBs/802-1x-2001-mib.txt
"
::= { iso std(0) iso8802(8802) ieee802dot1(1)
ieee802dot1mibs(1) 1 }
paeMIBObjects OBJECT IDENTIFIER ::= { ieee8021paeMIB 1 } paeMIBObjects OBJECT IDENTIFIER ::= { ieee8021paeMIB 1 }
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
-- Textual Conventions -- Textual Conventions
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
PaeControlledDirections ::= TEXTUAL-CONVENTION PaeControlledDirections ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 24, line 47 skipping to change at page 25, line 7
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Counts the number of times that the state machine "Counts the number of times that the state machine
receives a response from the Supplicant to an initial receives a response from the Supplicant to an initial
EAP-Request, and the response is something other than EAP-Request, and the response is something other than
EAP-NAK (i.e., rxResp becomes TRUE, causing the state EAP-NAK (i.e., rxResp becomes TRUE, causing the state
machine to transition from REQUEST to RESPONSE, machine to transition from REQUEST to RESPONSE,
and the response is not an EAP-NAK). Indicates that and the response is not an EAP-NAK). Indicates that
the Supplicant can respond to the Authenticators the Supplicant can respond to the Authenticator's
chosen EAP-method." chosen EAP-method."
REFERENCE REFERENCE
"9.4.2, 8.5.6.2.4" "9.4.2, 8.5.6.2.4"
::= { dot1xAuthDiagEntry 16 } ::= { dot1xAuthDiagEntry 16 }
dot1xAuthBackendAuthSuccesses OBJECT-TYPE dot1xAuthBackendAuthSuccesses OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 38, line 45 skipping to change at page 39, line 7
this standard. Please address the information to the IETF Executive this standard. Please address the information to the IETF Executive
Director. Director.
6. Acknowledgements 6. Acknowledgements
This document was reproduced by the IETF Bridge MIB Working Group This document was reproduced by the IETF Bridge MIB Working Group
from the IEEE Std 802.1X-2001 IEEE Standard for Local and from the IEEE Std 802.1X-2001 IEEE Standard for Local and
metropolitan area networks Port-Based Network Access Control. metropolitan area networks Port-Based Network Access Control.
A Special thanks to Les Bell for his help in getting this document A Special thanks to Les Bell for his help in getting this document
ready for publication and providing his insight ready for publication and providing his insight, and Mike Heard for
helping with security and copyright issues.
7. Normative References 7. Normative References
[IEEESTD8021] IEEE, IEEE Std 802.1, 2001 "Edition: IEEE Standard for [IEEESTD8021] IEEE, IEEE Std 802.1, 2001 "Edition: IEEE Standard for
Local and metropolitan area networks Port-Based Network Local and metropolitan area networks Port-Based Network
Access Control" Access Control"
[RFC2571] Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture
for Describing SNMP Management Frameworks", RFC 2571,
May 1999.
[RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M. and S. Waldbusser, "Structure of Management Rose, M. and S. Waldbusser, "Structure of Management
Information Version 2 (SMIv2)", STD 58, RFC 2578, Information Version 2 (SMIv2)", STD 58, RFC 2578,
April 1999. May 1999.
[RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M. and S. Waldbusser, "Textual Conventions for SMIv2", Rose, M. and S. Waldbusser, "Textual Conventions for SMIv2",
STD 58, RFC 2579, April 1999. STD 58, RFC 2579, May 1999.
[RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M. and S. Waldbusser, "Conformance Statements for Rose, M. and S. Waldbusser, "Conformance Statements for
SMIv2", STD 58, RFC 2580, April 1999. SMIv2", STD 58, RFC 2580, May 1999.
[RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB
using SMIv2", RFC 2863, June 2000.
[RFC3411] Harrington, D., Presuhn, R. and B. Wijnen, "An
Architecture for describing Simple Network Management
Protocol (SNMP) Management Frameworks", STD 62, RFC 3411,
December 2002.
[RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart,
"Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, December 2002.
[RFC3635] Flick, J., "Definitions of Managed Objects for the
Ethernet-like Interface Types", RFC 3635, September 2003.
[8021XAUTH] IEEE, 802.1x - Port Based Network Access Control, [8021XAUTH] IEEE, 802.1x - Port Based Network Access Control,
definition of Authenticator, clause 3.1.1 definition of Authenticator, clause 3.1.1
[8021XSUPP] IEEE, 802.1x - Port Based Network Access Control, [8021XSUPP] IEEE, 802.1x - Port Based Network Access Control,
definition of Supplicant, clause 3.1.5 definition of Supplicant, clause 3.1.5
8. Informative References 8. Informative References
[RFC1157] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple [RFC1157] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple
Network Management Protocol", STD 15, RFC 1157, May 1990. Network Management Protocol", STD 15, RFC 1157, May 1990.
[RFC1212] Rose, M. and K. McCloghrie, "Concise MIB Definitions", [RFC1212] Rose, M. and K. McCloghrie, "Concise MIB Definitions",
STD 16, RFC 1212, March 1991. STD 16, RFC 1212, March 1991.
[RFC1213] McCloghrie, K. and M. Rose, Editors, "Management Information
Base for Network Management of TCP/IP-based internets:
MIB-II", STD 17, RFC 1213, March 1991.
[RFC1284] Cook, J., "Definitions of Managed Objects for Ethernet-Like
Interface Types", RFC 1284, December 1991.
[RFC1369] Kastenholz, F., "Implementation Notes and Experience for The
Internet Ethernet MIB", RFC 1369, October 1992.
[RFC1398] Kastenholz, F., "Definitions of Managed Objects for the
Ethernet-like Interface Types", RFC 1398, January 1993.
[RFC1643] Kastenholz, F., "Definitions of Managed Objects for the
Ethernet-like Interface Types", STD 50, RFC 1643, July 1994.
[RFC1650] Kastenholz, F., "Definitions of Managed Objects for the
Ethernet-like Interface Types using SMIv2", RFC 1650, August
1994.
[RFC1901] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, [RFC1901] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser,
"Introduction to Community-based SNMPv2", RFC 1901, January "Introduction to Community-based SNMPv2", RFC 1901, January
1996. 1996.
[RFC1905] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, [RFC1905] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser,
"Protocol Operations for Version 2 of the Simple Network "Protocol Operations for Version 2 of the Simple Network
Management Protocol (SNMPv2)", RFC 1905, January 1996. Management Protocol (SNMPv2)", RFC 1905, January 1996.
[RFC1906] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, [RFC1906] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser,
"Transport Mappings for Version 2 of the Simple Network "Transport Mappings for Version 2 of the Simple Network
Management Protocol (SNMPv2)", RFC 1906, January 1996. Management Protocol (SNMPv2)", RFC 1906, January 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirements Levels", BCP 14, RFC 2119, March 1997. Requirements Levels", BCP 14, RFC 2119, March 1997.
[RFC2570] Case, J., Mundy, R., Partain, D. and B. Stewart, [RFC2570] Case, J., Mundy, R., Partain, D. and B. Stewart,
"Introduction to Version 3 of the Internet-Standard Network "Introduction to Version 3 of the Internet-Standard Network
Management Framework", RFC 2570, April 1999. Management Framework", RFC 2570, May 1999.
[RFC2572] Case, J., Harrington D., Presuhn R. and B. Wijnen, "Message [RFC2572] Case, J., Harrington D., Presuhn R. and B. Wijnen, "Message
Processing and Dispatching for the Simple Network Management Processing and Dispatching for the Simple Network Management
Protocol (SNMP)", RFC 2572, May 1999. Protocol (SNMP)", RFC 2572, May 1999.
[RFC2574] Blumenthal, U. and B. Wijnen, "User-based Security Model [RFC2574] Blumenthal, U. and B. Wijnen, "User-based Security Model
(USM) for version 3 of the Simple Network Management Protocol (USM) for version 3 of the Simple Network Management Protocol
(SNMPv3)", RFC 2574, May 1999. (SNMPv3)", RFC 2574, May 1999.
[RFC2573] Levi, D., Meyer, P. and B. Stewart, "SNMPv3 Applications", [RFC2573] Levi, D., Meyer, P. and B. Stewart, "SNMPv3 Applications",
RFC 2573, May 1999. RFC 2573, May 1999.
[RFC2575] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access [RFC2575] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access
Control Model (VACM) for the Simple Network Management Control Model (VACM) for the Simple Network Management
Protocol (SNMP)", RFC 2575, May 1999. Protocol (SNMP)", RFC 2575, May 1999.
[RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB
using SMIv2", RFC 2863, June 2000.
9. Security Considerations 9. Security Considerations
The Port Access Entity defined in this MIB is integral to the There are a number of management objects defined in this MIB module
security of the network accessed through the Authenticator. The with a MAX-ACCESS clause of read-write. If maliciously set these
managed objects in this MIB that have a MAX-ACCESS clause of objects can affect the operation of the port authentication
read-write or read-create must be considered sensitive in a secure functions, including allowing access to unathorized users or denying
environment. The support of SET operations in a non-secure access to authorized users. Hence the support for SET operations in
environment without proper protection can have a negative effect on without proper access control may have a negative effect on network
the security of access to the network, for both the Authenticator and operations. The sensitive read-write objects in this MIB module are:
the Supplicant. The managed objects in this MIB that have a dot1xPaeSystemAuthControl, dot1xPaePortInitialize,
MAX-ACCESS clause of anything other than not-accessible may allow dot1xPaePortReauthenticate, dot1xAuthAdminControlledDirections,
users, including authenticated users that have authorised access to dot1xAuthAuthControlledPortControl, dot1xAuthQuietPeriod,
the secured network, to discover information that may help to dot1xAuthTxPeriod, dot1xAuthSuppTimeout, dot1xAuthServerTimeout,
compromise the access and security of others. Therefore the support dot1xAuthMaxReq, dot1xAuthReAuthPeriod, dot1xAuthReAuthEnabled,
of GET operations must also be considered sensitive in a secure dot1xAuthKeyTxEnabled, dot1xSuppHeldPeriod, dot1xSuppAuthPeriod,
environment. dot1xSuppStartPeriod, and dot1xSuppMaxStart.
SNMPv1 by itself is not a secure environment. Even if the network is The readable object in this MIB module (i.e., the managed objects
secure (for example, by using IPSec), there is no control as to who that have a MAX-ACCESS clause of anything other than not-accessible)
on the secure network is allowed to access (read / change / create contain information that may be used to compromise the access and
/ delete) the objects in this MIB. security of network users. It is therefore important to control
GET and/or NOTIFY access to these objects and possibly even to
encrypt their values when sending them over the network via SNMP.
It is recommended that the implementors consider the security SNMP versions prior to SNMPv3 did not include adequate security.
features as provided by the SNMPv3 framework. Specifically, the use Even if the network itself is secure (for example by using IPSec),
of the User-based Security Model, IETF RFC 2574, and the View-based even then, there is no control as to who on the secure network is
Access Control Model, IETF RFC 2575, is recommended. It then becomes allowed to access and GET/SET (read/change/create/delete) the objects
a user responsibility to ensure that the SNMP entity giving access to in this MIB module.
an instance of this MIB is properly configured to give access only to
those principals (users) that have legitimate rights to access It is RECOMMENDED that implementers consider the security features as
change / create / delete) them, as appropriate. provided by the SNMPv3 framework (see [RFC3410], section 8),
including full support for the SNMPv3 cryptographic mechanisms (for
authentication and privacy).
Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them.
10. Author's Address 10. Author's Address
K.C. Norseth K.C. Norseth
L-3 Communications L-3 Communications
640 N. 2200 West. 640 N. 2200 West.
Salt Lake City, Utah 84116-0850 Salt Lake City, Utah 84116-0850
Email: kenyon.c.norseth@L-3com.com Email: kenyon.c.norseth@L-3com.com
kcn@norseth.com kcn@norseth.com
11. Change Log 11. Change Log
The following changes were made to <draft-ietf-bridge-8021x-00.txt> The following changes were made to <draft-ietf-bridge-8021x-00.txt>
to produce <draft-ietf-bridge-8021x-02.txt>: to produce <draft-ietf-bridge-8021x-03.txt>:
1) Redefined the overview to more reflect the IEEE 802.1x document. 1) Redefined the overview to more reflect the IEEE 802.1x document.
1) Clarification of the security section 1) Clarification of the security section
2) Splitting references into Normative and Informative 2) Splitting references into Normative and Informative
3) Changing draft to reflect IETF document standards. 3) Changing draft to reflect IETF document standards.
12. Full Copyright Statement 12. Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved. Copyright (C) The Internet Society (2003). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others provided that the above copyright notice and this paragraph
or assist in its implementation may be prepared, copied, published are included on all such copies. However, this document itself may
and distributed, in whole or in part, without restriction of any not be modified in any way, such as by removing the copyright notice
kind, provided that the above copyright notice and this paragraph are or references to the Internet Society or other Internet
included on all such copies and derivative works. However, this organizations, except as required to translate it into languages
document itself may not be modified in any way, such as by removing other than English, and derivative works of it may not be created,
the copyright notice or references to the Internet Society or other other than to extract the MIB module in Section 4 as-is for separate
Internet organizations, except as needed for the purpose of use.
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns. revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/