draft-ietf-msec-policy-token-sec-01.txt   draft-ietf-msec-policy-token-sec-02.txt 
Internet Engineering Task Force Internet Engineering Task Force
INTERNET-DRAFT A Colegrove (SPARTA) INTERNET-DRAFT A Colegrove (SPARTA)
H Harney (SPARTA) H Harney (SPARTA)
draft-ietf-msec-policy-token-sec-01.txt SPARTA, Inc. draft-ietf-msec-policy-token-sec-02.txt SPARTA, Inc.
Expires: June 30, 2005 December 2004 Expires: September 7, 2005 March 2005
Group Policy Token V1 with Application to GSAKMP Group Policy Token V1 with Application to GSAKMP
Status of this memo Status of this memo
By submitting this Internet-Draft, the authors certify that any applicable By submitting this Internet-Draft, the authors certify that any applicable
patent or other IPR claims of which I am (we are) aware have been disclosed, patent or other IPR claims of which I am (we are) aware have been disclosed,
or will be disclosed, and any of which I (we) become aware will be or will be disclosed, and any of which I (we) become aware will be
disclosed, in accordance with RFC 3668 (BCP 79). disclosed, in accordance with RFC 3668 (BCP 79).
skipping to change at page 2, line ? skipping to change at page 2, line ?
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Abstract Abstract
The Policy Token is a structure used to specify the security The Policy Token is a structure used to specify the security
policy and configurable parameters for a cryptographic group, such policy and configurable parameters for a cryptographic group, such
as a secure multicast group. This document specifies the structure as a secure multicast group. This document specifies the structure
of such a token in order to securely bind system-level security to of such a token in order to securely bind system-level security to
protocols supporting the management of cryptographic groups. protocols supporting the management of cryptographic groups.
Copyright Notice Copyright (c) The Internet Society (2004). All Rights Copyright Notice Copyright (c) The Internet Society (2005). All Rights
Reserved. Reserved.
Contents Contents
1 Introduction 5 1 Introduction 5
2 Token Creation and Receipt 6 2 Token Creation and Receipt 6
3 The Policy Token 6 3 The Policy Token 6
3.1 tokenInfo . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3.1 tokenInfo . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.2 registration . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 3.2 registration . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
skipping to change at page 3, line 52 skipping to change at page 3, line 52
B.5.5 Rekey Interval . . . . . . . . . . . . . . . . . . . . . . . . 26 B.5.5 Rekey Interval . . . . . . . . . . . . . . . . . . . . . . . . 26
B.5.6 Rekey Reliability . . . . . . . . . . . . . . . . . . . . . . . 26 B.5.6 Rekey Reliability . . . . . . . . . . . . . . . . . . . . . . . 26
B.5.6.1 Rekey Reliability Mechanism None . . . . . . . . . . . . 26 B.5.6.1 Rekey Reliability Mechanism None . . . . . . . . . . . . 26
B.5.6.2 Rekey Reliability Mechanism Resend . . . . . . . . . . . 26 B.5.6.2 Rekey Reliability Mechanism Resend . . . . . . . . . . . 26
B.5.6.3 Rekey Reliability Mechanism Post . . . . . . . . . . . . 27 B.5.6.3 Rekey Reliability Mechanism Post . . . . . . . . . . . . 27
B.5.7 Distributed Operation Policy . . . . . . . . . . . . . . . . . 27 B.5.7 Distributed Operation Policy . . . . . . . . . . . . . . . . . 27
B.5.7.1 No Distributed Operation . . . . . . . . . . . . . . . . 27 B.5.7.1 No Distributed Operation . . . . . . . . . . . . . . . . 27
B.5.7.2 Autonomous Distributed Mode . . . . . . . . . . . . . . . 28 B.5.7.2 Autonomous Distributed Mode . . . . . . . . . . . . . . . 28
B.6 GSAKMPv1 Rekey Policy ASN.1 Module . . . . . . . . . . . . . . . . 28 B.6 GSAKMPv1 Rekey Policy ASN.1 Module . . . . . . . . . . . . . . . . 28
C APPENDIX C -- Data SA Policy 30 C APPENDIX C -- Data SA Policy 30
C.1 RFC 3711 Data Policy . . . . . . . . . . . . . . . . . . . . . . . 30 C.1 Generic Data Policy . . . . . . . . . . . . . . . . . . . . . . . . 30
C.2 Secure RTP Data Policy ASN.1 Module . . . . . . . . . . . . . . . . 33 C.2 Generic Data Policy ASN.1 Module . . . . . . . . . . . . . . . . . 31
D APPENDIX D -- Change History (To Be Removed from RFC) 34
D.1 Changes from Group Policy Token v-00 to v-01, December 2004 . . . . 34
Authors Addresses 35 D APPENDIX D -- Change History (To Be Removed from RFC) 32
D.1 Changes from Group Policy Token v-00 to v-01, December 2004 . . . . 32
D.2 Changes from Group Policy Token v-01 to v-02, March 2005 . . . . . 32
Full Copyright Statement 35 Authors Addresses 33
Full Copyright Statement 33
1 Introduction 1 Introduction
The Multicast Group Security Architecture [HW05] defines the security The Multicast Group Security Architecture [HW05] defines the security
infrastructure to support secure group communications. The Policy Token infrastructure to support secure group communications. The Policy Token
assumes this architecture in its definition. It defines the enforceable assumes this architecture in its definition. It defines the enforceable
security parameters for a Group Secure Association. security parameters for a Group Secure Association.
The Policy Token is a verifiable data construct signed by the group The Policy Token is a verifiable data construct signed by the group
owner, the entity with the authorization to create security policy. The owner, the entity with the authorization to create security policy. The
skipping to change at page 9, line 13 skipping to change at page 9, line 13
traffic protection keys and updating the Policy Token. traffic protection keys and updating the Policy Token.
This field is also specified as a sequence of protocols that will be used by This field is also specified as a sequence of protocols that will be used by
the GC/KS. the GC/KS.
3.4 data 3.4 data
The Data SA is the ultimate consumer of the group keys. The data field The Data SA is the ultimate consumer of the group keys. The data field
will indicate the keys and mechanisms that are to be used in communications will indicate the keys and mechanisms that are to be used in communications
between group members. There are several protocols that could make use of between group members. There are several protocols that could make use of
multicast key - IPSec and SRTP are the two that are of immediate interest to multicast key, ranging from simple security applications needing key only
the authors. The sequencing of the Data SA mechanisms are from "inside" to to more complex configurable security protocols such as IPSec and SRTP. The
"outside". That is, the first Data SA defined in a policy token must act on sequencing of the Data SA mechanisms are from "inside" to "outside". That
the raw data. Any data SA specified after that will be applied in turn. is, the first Data SA defined in a policy token must act on the raw data.
Any data SA specified after that will be applied in turn.
DataProtocol ::= Protocol DataProtocol ::= Protocol
4 Security Considerations 4 Security Considerations
The document specifies the structure for a Group Policy Token. As such, the The document specifies the structure for a Group Policy Token. As such, the
structure as received by a group entity must be verifiably authentic. This structure as received by a group entity must be verifiably authentic. This
Policy Token uses CMS to apply authentication through digital signatures. Policy Token uses CMS to apply authentication through digital signatures.
The security of this scheme relies upon a secure CMS implementation, choice The security of this scheme relies upon a secure CMS implementation, choice
of signature mechanism of appropriate strength for the group using the of signature mechanism of appropriate strength for the group using the
skipping to change at page 10, line 22 skipping to change at page 10, line 22
- id-reliabilityNone OBJECT IDENTIFIER ::= TBD - id-reliabilityNone OBJECT IDENTIFIER ::= TBD
- id-reliabilityResend OBJECT IDENTIFIER ::= TBD - id-reliabilityResend OBJECT IDENTIFIER ::= TBD
- id-reliabilityPost OBJECT IDENTIFIER ::= TBD - id-reliabilityPost OBJECT IDENTIFIER ::= TBD
- id-subGCKSSchemeNone OBJECT IDENTIFIER ::= TBD - id-subGCKSSchemeNone OBJECT IDENTIFIER ::= TBD
- id-subGCKSSchemeAutonomous OBJECT IDENTIFIER ::= TBD - id-subGCKSSchemeAutonomous OBJECT IDENTIFIER ::= TBD
- id-rfc3711DataSA OBJECT IDENTIFIER ::= TBD - id-genericDataSA OBJECT IDENTIFIER ::= TBD
6 References 6 References
The following references were used in the preparation of this document. The following references were used in the preparation of this document.
6.1 Normative References 6.1 Normative References
[HMC] H. Harney, U. Meth, and A. Colegrove, "GSAKMP", [HMC] H. Harney, U. Meth, and A. Colegrove, "GSAKMP",
draft-ietf-msec-gsakmp-sec-06.txt, work in progress, May 2004. draft-ietf-msec-gsakmp-sec-08.txt, work in progress, March 2005.
[RFC 3280] R. Housley, W. Polk, W. Ford, D. Solo, Internet X.509 Pulbic Key [RFC 3280] R. Housley, W. Polk, W. Ford, D. Solo, Internet X.509 Pulbic Key
Infrastructure Certificate and Certificate Revocation List (CRL) Profile, Infrastructure Certificate and Certificate Revocation List (CRL) Profile,
April 2002. April 2002.
[RFC 3852] R. Housley, Cryptographic Message Syntax, July 2004. [RFC 3852] R. Housley, Cryptographic Message Syntax, July 2004.
6.2 Non-Normative References 6.2 Non-Normative References
[HCLM00] H. Harney, A. Colegrove, P. Lough, and U. Meth, "GSAKMP Token [HCLM00] H. Harney, A. Colegrove, P. Lough, and U. Meth, "GSAKMP Token
skipping to change at page 11, line 20 skipping to change at page 11, line 20
[HHMCD01] , Thomas Hardjono, Hugh Harney, Pat McDaniel, Andrea Colgrove, [HHMCD01] , Thomas Hardjono, Hugh Harney, Pat McDaniel, Andrea Colgrove,
Pete Dinsmore, Group Security Policy Token: Definition and Payloads', Pete Dinsmore, Group Security Policy Token: Definition and Payloads',
draft-ietf-msec-gspt-00.txt, Work in progress. draft-ietf-msec-gspt-00.txt, Work in progress.
7 Acknowledgements 7 Acknowledgements
The following individuals deserve recognition and thanks for their The following individuals deserve recognition and thanks for their
contributions which have greatly improved this specification: Uri Meth, Rod contributions which have greatly improved this specification: Uri Meth, Rod
Fleischer, Peter Lough, Thomas Hardjono, Patrick McDaniel, and Pete Dinsmore Fleischer, Peter Lough, Thomas Hardjono, Patrick McDaniel, and Pete Dinsmore
for their work on earlier versions of policy tokens; George Gross for the for their work on earlier versions of policy tokens; and George Gross for
impetus to have a well-specified, extensible policy token, Mark Baugher and the impetus to have a well-specified, extensible policy token.
Elisabetta Carrara for review and clarrification of SRTP policy needs.
A APPENDIX A -- Core Policy Token ASN.1 Module A APPENDIX A -- Core Policy Token ASN.1 Module
PolicyToken -- {TBD} PolicyToken -- {TBD}
DEFINITIONS IMPLICIT TAGS ::= DEFINITIONS IMPLICIT TAGS ::
BEGIN BEGIN
Token ::= SEQUENCE { Token ::= SEQUENCE {
tokenInfo TokenID, tokenInfo TokenID,
registration SEQUENCE OF Registration, registration SEQUENCE OF Registration,
rekey SEQUENCE OF GroupMngmtProtocol, rekey SEQUENCE OF GroupMngmtProtocol,
data SEQUENCE OF DataProtocol data SEQUENCE OF DataProtocol
} }
skipping to change at page 19, line 9 skipping to change at page 19, line 9
Transport ::= CHOICE { Transport ::= CHOICE {
tcp [0] NULL, tcp [0] NULL,
udp [1] NULL, udp [1] NULL,
udpRTJtcpOther [2] NULL udpRTJtcpOther [2] NULL
} }
B.2 GSAKMPv1 Registration ASN.1 Module B.2 GSAKMPv1 Registration ASN.1 Module
GSAKMPv1RegistrationSA {TBD} GSAKMPv1RegistrationSA {TBD}
DEFINITIONS IMPLICIT TAGS ::= DEFINITIONS IMPLICIT TAGS ::
BEGIN BEGIN
EXPORTS EXPORTS
GCKSName; GCKSName;
IMPORTS IMPORTS
LifeDate LifeDate
FROM PolicyToken {TBD} FROM PolicyToken {TBD}
KeyIdentifier KeyIdentifier
skipping to change at page 22, line 26 skipping to change at page 22, line 26
Transport ::= CHOICE { Transport ::= CHOICE {
tcp [0] NULL, tcp [0] NULL,
udp [1] NULL udp [1] NULL
} }
B.4 GSAKMPv1 De-Registration ASN.1 Module B.4 GSAKMPv1 De-Registration ASN.1 Module
GSAKMPv1DeRegistrationSA {TBD} GSAKMPv1DeRegistrationSA {TBD}
DEFINITIONS IMPLICIT TAGS ::= DEFINITIONS IMPLICIT TAGS ::
BEGIN BEGIN
IMPORTS IMPORTS
KeyIdentifier KeyIdentifier
FROM PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) FROM PKIX1Implicit88 { iso(1) identified-organization(3) dod(6)
internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
id-pkix1-implicit(19) }; id-pkix1-implicit(19) };
id-GSAKMPv1DeRegistrationProtocol OBJECT IDENTIFIER::= {TBD} id-GSAKMPv1DeRegistrationProtocol OBJECT IDENTIFIER::= {TBD}
skipping to change at page 28, line 25 skipping to change at page 28, line 25
} }
The policy information needed for autonomous mode is a list of authorized The policy information needed for autonomous mode is a list of authorized
S-GC/KSs and and restrictions on who they may serve. The domain field, S-GC/KSs and and restrictions on who they may serve. The domain field,
representing these restrictions is NULL for this version. representing these restrictions is NULL for this version.
B.6 GSAKMPv1 Rekey Policy ASN.1 Module B.6 GSAKMPv1 Rekey Policy ASN.1 Module
GSAKMPv1RekeySA {TBD} GSAKMPv1RekeySA {TBD}
DEFINITIONS IMPLICIT TAGS ::= DEFINITIONS IMPLICIT TAGS ::
BEGIN BEGIN
IMPORTS IMPORTS
GCKSName GCKSName
FROM GSAKMPv1RegistrationSA {TBD} FROM GSAKMPv1RegistrationSA {TBD}
LifeDate LifeDate
FROM PolicyToken {TBD}; FROM PolicyToken {TBD};
id-GSAKMPv1Rekey OBJECT IDENTIFIER::= {TBD} id-GSAKMPv1Rekey OBJECT IDENTIFIER::= {TBD}
skipping to change at page 30, line 28 skipping to change at page 30, line 28
id-subGCKSSchemeAutonomous OBJECT IDENTIFIER ::= {TBD} id-subGCKSSchemeAutonomous OBJECT IDENTIFIER ::= {TBD}
SGCKSAutonomous ::= NULL SGCKSAutonomous ::= NULL
END END
C APPENDIX C -- Data SA Policy C APPENDIX C -- Data SA Policy
The Data SA provides the data structures needed for the protection of the The Data SA provides the data structures needed for the protection of the
data exchanged between group members. This appendix defines the specific data exchanged between group members. This appendix defines the data
data structure needed for one such client of a group security protocol, structures needed for a simple, generic security application making use of
Secure Real Time Protocol (SRTP) [RFC 3711]. fixed security mechanisms. Such a Data SA requires only that keys delivered
by the registration and rekey protocols be mapped to the service using them.
C.1 RFC 3711 Data Policy
The RFC 3711 Data Policy has the following identifier:
id-rfc3711DataSA OBJECT IDENTIFIER ::= {TBD}
RFC3711DataSAInfo describes the Policy for RFC 3711 and includes one or
two KeyIndicators for the Master Key, a KeyIndicator for the Master Salt
Key if one is given, a pseudo-random function (PRF) for derivation of
keys, security association information for STRP, and security association
information for SRTCP. The Master Key, and when used, the Master Salt Key
are provided by the key management protocol.
RFC3711DataSAInfo ::= SEQUENCE {
keyTrigger KeyIndicator,
altKeyTrigger KeyIndicator OPTIONAL,
masterSaltKeyID OCTET STRING (SIZE (4)) OPTIONAL,
pRF PRF,
sRTPSA SRTPSA,
sRTCPSA SRTCPSA
}
KeyIndicators may be of the form of an OCTET STRING Master Key Indicator
(MKI) or may be of the form of a <To, From> field as described in RFC 3711.
If two Key Indictors are PRESENT, then they MUST be of different types.
KeyIndicator ::= CHOICE {
mKI [0] OCTET STRING (SIZE (4)),
tOfROM [1] OCTET STRING
}
SRTPSA, the SA decription for STRP, includes encryption information,
authentication information if required by policy for a particular group, a
key derivation rate to describe the periodicity of key refreshment, and a
maximum number of packets to be used with an SA.
SRTPSA ::= SEQUENCE {
encrTransformData EncryptionTransformData,
authTransformData AuthenticationTransformData OPTIONAL,
keyDerivRate INTEGER,
sRTPPacketMax INTEGER
}
EncryptionTransformData describes the encryption information within a
particular SA. It describes the Encryption Transform to be used, the
prefixLength, the length of the encryption key to be derived for the
EncryptionTransform, and the length of the sessionSalt, if salt is used.
EncryptionTransformData ::= SEQUENCE { C.1 Generic Data Policy
encrTransform EncryptionTransform,
prefixLength INTEGER,
encrKeyLength INTEGER,
sessionSaltLength INTEGER OPTIONAL
}
EncryptionTransform is the encryption algorithm to be used in the SA. The The Generic Data Policy has the following identifier:
choices for SRTP and STRCP are AES Counter Mode, NULL encryption, and AES
F8.
EncryptionTransform ::= ENUMERATED { id-genericDataSA OBJECT IDENTIFIER :: = TBD
aesCM (0),
null (1),
aesF8 (2)
}
AuthenticationTransformData describes the authentication information for an If an authentication mechanism is used within the security application, the
SA. It includes the AuthenticationTransform, the authentication tagLength, key identifier used in the key management protocol is given, as well as an
and the length of the authentication key, authKeyLength. optional key expiration date. Likewise, if an encryption mechanism is used
within the security application, the encryption key identifier is given, as
well as an optional key expiration date.
AuthenticationTransformData ::= SEQUENCE { GenericDataSAInfo ::= SEQUENCE {
authTransform AuthenticationTransform, authentication [0] KeyInfo OPTIONAL,
tagLength INTEGER, encryption [1] KeyInfo OPTIONAL
authKeyLength INTEGER
} }
Authentication Transform is the choice of authentication algorithm used. KeyInfo ::= SEQUENCE{
Its current single choice of hmacSHA1 is enumerated as follows: kMKeyID OCTET STRING,
keyExpirationDate LifeDate OPTIONAL
AuthenticationTransform ::= ENUMERATED {
hmacSHA1 (0)
} }
SRTCPSA, the SA information for SRTCP, is similar to SRTPSA. The exception C.2 Generic Data Policy ASN.1 Module
is that AuthenticationTransformData MUST be provided for every group.
SRTCPSA ::= SEQUENCE {
encrTransformData EncryptionTransformData,
authTransformData AuthenticationTransformData,
keyDerivRate INTEGER,
sRTCPPacketMax INTEGER
}
C.2 Secure RTP Data Policy ASN.1 Module GenericDataSA {TBD}
RFC3711DataSA {TBD} DEFINITIONS IMPLICIT TAGS ::
DEFINITIONS IMPLICIT TAGS ::=
BEGIN BEGIN
id-rfc3711DataSA OBJECT IDENTIFIER ::= {TBD} -- DATA APPLICATION: Generic
-- This token specification is for data applications with fixed security
RFC3711DataSAInfo ::= SEQUENCE { -- mechanisms. Such data applications only need a mapping of management
keyTrigger KeyIndicator, -- protocol key identification tags to security service.
altKeyTrigger KeyIndicator OPTIONAL,
masterSaltKeyID OCTET STRING (SIZE (4)) OPTIONAL,
pRF PRF,
sRTPSA SRTPSA,
sRTCPSA SRTCPSA
}
KeyIndicator ::= CHOICE {
mKI [0] OCTET STRING (SIZE (4)),
tOfROM [1] OCTET STRING
}
SRTPSA ::= SEQUENCE {
encrTransformData EncryptionTransformData,
authTransformData AuthenticationTransformData OPTIONAL,
keyDerivRate INTEGER,
sRTPPacketMax INTEGER
}
EncryptionTransformData ::= SEQUENCE {
encrTransform EncryptionTransform,
prefixLength INTEGER,
encrKeyLength INTEGER,
sessionSaltLength INTEGER OPTIONAL
}
AuthenticationTransformData ::= SEQUENCE { IMPORTS
authTransform AuthenticationTransform, LifeDate
tagLength INTEGER, FROM PolicyToken {TBD}
authKeyLength INTEGER
}
EncryptionTransform ::= ENUMERATED { KeyIdentifier
aesCM (0), FROM PKIX1Implicit88 { iso(1) identified-organization(3)
null (1), dod(6) internet(1)
aesF8 (2) security(5) mechanisms(5) pkix(7) id-mod(0)
} id-pkix1-implicit(19) };
AuthenticationTransform ::= ENUMERATED { id-genericDataSA OBJECT IDENTIFIER ::= {TBD}
hmacSHA1 (0)
}
PRF ::= ENUMERATED { GenericDataSAInfo ::= SEQUENCE {
aesCM (0) authentication [0] KeyInfo OPTIONAL,
encryption [1] KeyInfo OPTIONAL
} }
SRTCPSA ::= SEQUENCE { KeyInfo ::= SEQUENCE{
encrTransformData EncryptionTransformData, kMKeyID OCTET STRING,
authTransformData AuthenticationTransformData, keyExpirationDate LifeDate OPTIONAL
keyDerivRate INTEGER,
sRTCPPacketMax INTEGER
} }
END END
D APPENDIX D -- Change History (To Be Removed from RFC) D APPENDIX D -- Change History (To Be Removed from RFC)
D.1 Changes from Group Policy Token v-00 to v-01, December 2004 D.1 Changes from Group Policy Token v-00 to v-01, December 2004
- Editorial/Grammatical changes throughout the document. - Editorial/Grammatical changes throughout the document.
- Core Policy Token ASN.1 Module Appendix rewritten. - Core Policy Token ASN.1 Module Appendix rewritten.
- GSAKMPv1 Registration ASN.1 Module Appendix rewritten. - GSAKMPv1 Registration ASN.1 Module Appendix rewritten.
- GSAKMPv1 De-Registration ASN.1 Module Appendix rewritten. - GSAKMPv1 De-Registration ASN.1 Module Appendix rewritten.
- GSAKMPv1 Rekey Policy ASN.1 Module Appendix rewritten. - GSAKMPv1 Rekey Policy ASN.1 Module Appendix rewritten.
- RFC 3711 Policy Appendix was rewritten. - RFC 3711 Policy Appendix was rewritten.
D.2 Changes from Group Policy Token v-01 to v-02, March 2005
- RFC 3711 policy removed.
- Generic Data SA provided.
Authors Addresses Authors Addresses
Andrea Colegrove Andrea Colegrove
SPARTA, Inc. SPARTA, Inc.
7075 Samuel Morse Drive 7075 Samuel Morse Drive
Columbia, MD 21046 Columbia, MD 21046
(410) 872-1515 ext 232 (410) 872-1515 ext 232
FAX (410) 872-8079 FAX (410) 872-8079
acc@sparta.com acc@sparta.com
Hugh Harney Hugh Harney
SPARTA, Inc. SPARTA, Inc.
7075 Samuel Morse Drive 7075 Samuel Morse Drive
Columbia, MD 21046 Columbia, MD 21046
(410) 872-1515 ext 203 (410) 872-1515 ext 203
FAX (410) 872-8079 FAX (410) 872-8079
hh@sparta.com hh@sparta.com
Full Copyright Statement Full Copyright Statement
Copyright (C) The Internet Society (2004). This document is subject to the Copyright (C) The Internet Society (2005). This document is subject to the
rights, licenses and restrictions contained in BCP 78, and except as set rights, licenses and restrictions contained in BCP 78, and except as set
forth therein, the authors retain all their rights. forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an "AS This document and the information contained herein are provided on an "AS
IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS
SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT
INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE. FOR A PARTICULAR PURPOSE.
Document expiration: June 30, 2005 Document expiration: September 7, 2005
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/