| draft-ietf-secsh-publickey-subsystem-01.txt | draft-ietf-secsh-publickey-subsystem-02.txt | |||
|---|---|---|---|---|
| Secure Shell Working Group J. Galbraith | Secure Shell Working Group J. Galbraith | |||
| Internet-Draft J. Van Dyke | Internet-Draft J. Van Dyke | |||
| Expires: October 1, 2004 B. McClure | Expires: September 18, 2005 B. McClure | |||
| VanDyke Software | VanDyke Software | |||
| J. Bright | J. Bright | |||
| Silicon Circus | Silicon Circus | |||
| April 2, 2004 | March 17, 2005 | |||
| Secure Shell Public-Key Subsystem | Secure Shell Public-Key Subsystem | |||
| draft-ietf-secsh-publickey-subsystem-01.txt | draft-ietf-secsh-publickey-subsystem-02.txt | |||
| Status of this Memo | Status of this Memo | |||
| This document is an Internet-Draft and is in full conformance with | This document is an Internet-Draft and is subject to all provisions | |||
| all provisions of Section 10 of RFC2026. | of Section 3 of RFC 3667. By submitting this Internet-Draft, each | |||
| author represents that any applicable patent or other IPR claims of | ||||
| which he or she is aware have been or will be disclosed, and any of | ||||
| which he or she become aware will be disclosed, in accordance with | ||||
| RFC 3668. | ||||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that other | Task Force (IETF), its areas, and its working groups. Note that | |||
| groups may also distribute working documents as Internet-Drafts. | other groups may also distribute working documents as | |||
| Internet-Drafts. | ||||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at http:// | The list of current Internet-Drafts can be accessed at | |||
| www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on October 1, 2004. | This Internet-Draft will expire on September 18, 2005. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (C) The Internet Society (2004). All Rights Reserved. | Copyright (C) The Internet Society (2005). | |||
| Abstract | Abstract | |||
| SECSH defines an authentication mechanism that is based on public | SECSH defines an authentication mechanism that is based on public | |||
| keys, but does not define any mechanism for key distribution. No | keys, but does not define any mechanism for key distribution. No | |||
| common key management solution exists in current implementations. | common key management solution exists in current implementations. | |||
| This document describes a protocol that can be used to configure | This document describes a protocol that can be used to configure | |||
| public keys in an implementation-independent fashion, allowing client | public keys in an implementation-independent fashion, allowing client | |||
| software to take on the burden of this configuration. | software to take on the burden of this configuration. | |||
| This protocol is intended to be used from the Secure Shell Connection | This protocol is intended to be used from the Secure Shell Connection | |||
| Protocol [4] as a subsystem, as described in Section ``Starting a | Protocol [4] as a subsystem, as described in the Section "Starting a | |||
| Shell or a Command''. The subsystem name used with this protocol is | Shell or a Command". The subsystem name used with this protocol is | |||
| "publickey". | "publickey". | |||
| The public-key subsystem provides a server-independent mechanism for | The public-key subsystem provides a server-independent mechanism for | |||
| clients to add public keys, remove public keys, and list the current | clients to add public keys, remove public keys, and list the current | |||
| public keys known by the server. Rights to manage public keys are | public keys known by the server. Rights to manage public keys are | |||
| specific and limited to the authenticated user. | specific and limited to the authenticated user. | |||
| A public key may also be associated with various restrictions, | A public key may also be associated with various restrictions, | |||
| including a mandatory command or subsystem. | including a mandatory command or subsystem. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2. Public-Key Subsystem Overview . . . . . . . . . . . . . . . 4 | 2. Public-Key Subsystem Overview . . . . . . . . . . . . . . . . 5 | |||
| 2.1 Opening the Public-Key Subsystem . . . . . . . . . . . . . . 4 | 2.1 Opening the Public-Key Subsystem . . . . . . . . . . . . . 5 | |||
| 2.2 Requests . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 2.2 Requests . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 2.3 Responses . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 2.3 Responses . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 2.3.1 The Status Response . . . . . . . . . . . . . . . . . . . . 5 | 2.3.1 The Status Response . . . . . . . . . . . . . . . . . 6 | |||
| 3. Public-Key Subsystem Operations . . . . . . . . . . . . . . 7 | 3. Public-Key Subsystem Operations . . . . . . . . . . . . . . . 8 | |||
| 3.1 Version Packet . . . . . . . . . . . . . . . . . . . . . . . 7 | 3.1 Version Packet . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 3.2 Adding a public key . . . . . . . . . . . . . . . . . . . . 7 | 3.2 Adding a public key . . . . . . . . . . . . . . . . . . . 8 | |||
| 3.3 Removing a public key . . . . . . . . . . . . . . . . . . . 10 | 3.3 Removing a public key . . . . . . . . . . . . . . . . . . 11 | |||
| 3.4 Listing public keys . . . . . . . . . . . . . . . . . . . . 10 | 3.4 Listing public keys . . . . . . . . . . . . . . . . . . . 11 | |||
| 3.5 Listing server capabilities . . . . . . . . . . . . . . . . 10 | 3.5 Listing server capabilities . . . . . . . . . . . . . . . 11 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . 12 | 4. Security Considerations . . . . . . . . . . . . . . . . . . . 13 | |||
| Normative References . . . . . . . . . . . . . . . . . . . . 13 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 13 | 5.1 Registrations . . . . . . . . . . . . . . . . . . . . . . 14 | |||
| Intellectual Property and Copyright Statements . . . . . . . 15 | 5.2 Names . . . . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
| 5.2.1 Conventions for Names . . . . . . . . . . . . . . . . 14 | ||||
| 5.2.2 Future Assignments of Names . . . . . . . . . . . . . 14 | ||||
| 5.3 Request names . . . . . . . . . . . . . . . . . . . . . . 15 | ||||
| 5.4 Response names . . . . . . . . . . . . . . . . . . . . . . 15 | ||||
| 5.5 Attribute names . . . . . . . . . . . . . . . . . . . . . 15 | ||||
| 5.6 Status codes . . . . . . . . . . . . . . . . . . . . . . . 16 | ||||
| 5.6.1 Conventions . . . . . . . . . . . . . . . . . . . . . 16 | ||||
| 5.6.2 Initial Assignments . . . . . . . . . . . . . . . . . 16 | ||||
| 5.6.3 Future Assignments . . . . . . . . . . . . . . . . . . 16 | ||||
| 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17 | ||||
| 6.1 Normative References . . . . . . . . . . . . . . . . . . . 17 | ||||
| 6.2 Informative References . . . . . . . . . . . . . . . . . . 17 | ||||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 17 | ||||
| Intellectual Property and Copyright Statements . . . . . . . . 19 | ||||
| 1. Introduction | 1. Introduction | |||
| SECSH is a protocol for secure remote login and other secure network | SECSH is a protocol for secure remote login and other secure network | |||
| services over an insecure network. SECSH defines an authentication | services over an insecure network. SECSH defines an authentication | |||
| mechanism that is based on public keys, but does not define any | mechanism that is based on public keys, but does not define any | |||
| mechanism for key distribution. Common practice is to authenticate | mechanism for key distribution. Common practice is to authenticate | |||
| once with password authentication and transfer the public key to the | once with password authentication and transfer the public key to the | |||
| server. However, to date no two implementations use the same | server. However, to date no two implementations use the same | |||
| mechanism to configure a public key for use. | mechanism to configure a public key for use. | |||
| skipping to change at page 7, line 8 | skipping to change at page 8, line 8 | |||
| SSH_PUBLICKEY_VERSION_NOT_SUPPORTED 3 | SSH_PUBLICKEY_VERSION_NOT_SUPPORTED 3 | |||
| SSH_PUBLICKEY_KEY_NOT_FOUND 4 | SSH_PUBLICKEY_KEY_NOT_FOUND 4 | |||
| SSH_PUBLICKEY_KEY_NOT_SUPPORTED 5 | SSH_PUBLICKEY_KEY_NOT_SUPPORTED 5 | |||
| SSH_PUBLICKEY_KEY_ALREADY_PRESENT 6 | SSH_PUBLICKEY_KEY_ALREADY_PRESENT 6 | |||
| SSH_PUBLICKEY_GENERAL_FAILURE 7 | SSH_PUBLICKEY_GENERAL_FAILURE 7 | |||
| SSH_PUBLICKEY_REQUEST_NOT_SUPPORTED 8 | SSH_PUBLICKEY_REQUEST_NOT_SUPPORTED 8 | |||
| 3. Public-Key Subsystem Operations | 3. Public-Key Subsystem Operations | |||
| The public-key subsystem currently defines four operations: add, | The public-key subsystem currently defines four operations: add, | |||
| remove, list, and command. | remove, list, and listattributes. | |||
| 3.1 Version Packet | 3.1 Version Packet | |||
| Both sides MUST start by sending a version packet that indicates the | Both sides MUST start by sending a version packet that indicates the | |||
| version of the protocol they are using. | version of the protocol they are using. | |||
| string "version" | string "version" | |||
| uint32 protocol-version-number | uint32 protocol-version-number | |||
| The version of the protocol described by this document is version 2. | The version of the protocol described by this document is version 2. | |||
| Both sides send the highest version that they implement. The lower of | Both sides send the highest version that they implement. The lower | |||
| the version numbers is the version of the protocol to use. If either | of the version numbers is the version of the protocol to use. If | |||
| side can't support the lower version, it should close the subsystem | either side can't support the lower version, it should close the | |||
| and notify the other side by sending an SSH_MSG_CHANNEL_CLOSE | subsystem and notify the other side by sending an | |||
| message. Before closing the subsystem, a status message with the | SSH_MSG_CHANNEL_CLOSE message. Before closing the subsystem, a | |||
| status SSH_PUBLICKEY_VERSION_NOT_SUPPORTED SHOULD be sent. | status message with the status SSH_PUBLICKEY_VERSION_NOT_SUPPORTED | |||
| SHOULD be sent. | ||||
| Both sides MUST wait to receive this version before continuing. | Both sides MUST wait to receive this version before continuing. The | |||
| "version" packet MUST NOT be sent again after this initial exchange. | ||||
| 3.2 Adding a public key | 3.2 Adding a public key | |||
| If the client wishes to add a public key, the client sends: | If the client wishes to add a public key, the client sends: | |||
| string "add" | string "add" | |||
| string public-key algorithm name | string public-key algorithm name | |||
| string public-key blob | string public-key blob | |||
| boolean overwrite | boolean overwrite | |||
| uint32 attribute-count | uint32 attribute-count | |||
| skipping to change at page 13, line 5 | skipping to change at page 14, line 5 | |||
| for the new key than were previously present. Servers should take | for the new key than were previously present. Servers should take | |||
| care that when doing this, clients are not able to override presets | care that when doing this, clients are not able to override presets | |||
| from the server's administrator. | from the server's administrator. | |||
| This protocol requires the client to assume that the server will | This protocol requires the client to assume that the server will | |||
| correctly implement and observe attributes applied to keys. | correctly implement and observe attributes applied to keys. | |||
| Implementation errors in the server could cause clients to authorise | Implementation errors in the server could cause clients to authorise | |||
| keys for access they were not intended to have, or to apply fewer | keys for access they were not intended to have, or to apply fewer | |||
| restrictions than were intended. | restrictions than were intended. | |||
| Normative References | 5. IANA Considerations | |||
| [1] Ylonen, T., Kivinen, T., Saarinen, M., Rinne, T. and S. | This section contains conventions used in naming the namespaces, the | |||
| Lehtinen, "SSH Protocol Architecture", | initial state of the registry, and instructions for future | |||
| draft-ietf-secsh-architecture-13 (work in progress), January | assignments. | |||
| 2002. | ||||
| [2] Ylonen, T., Kivinen, T., Saarinen, M., Rinne, T. and S. | 5.1 Registrations | |||
| Lehtinen, "SSH Transport Layer Protocol", | ||||
| draft-ietf-secsh-transport-15 (work in progress), March 2002. | ||||
| [3] Ylonen, T., Kivinen, T., Saarinen, M., Rinne, T. and S. | Consistent with section 7 of [1], this document makes the following | |||
| Lehtinen, "SSH Authentication Protocol", | registration: | |||
| draft-ietf-secsh-userauth-16 (work in progress), February 2002. | ||||
| [4] Ylonen, T., Kivinen, T., Saarinen, M., Rinne, T. and S. | The subsystem name "publickey". | |||
| Lehtinen, "SSH Connection Protocol", draft-ietf-secsh-connect-16 | ||||
| (work in progress), January 2002. | ||||
| [5] Alvestrand, H., "Tags for the Identification of Languages", RFC | 5.2 Names | |||
| 1766, March 1995. | ||||
| [6] Yergeau, F., "UTF-8, a transformation format of ISO 10646", RFC | In the following sections, the values for the name spaces are | |||
| 2279, January 1998. | textual. The conventions and instructions to the IANA for future | |||
| assignments are given in this section. The initial assignments are | ||||
| given in their respective sections. | ||||
| 5.2.1 Conventions for Names | ||||
| All names registered by the IANA in the following sections MUST be | ||||
| printable US-ASCII strings, and MUST NOT contain the characters | ||||
| at-sign ("@"), comma (","), or whitespace or control characters | ||||
| (ASCII codes 32 or less). Names are case-sensitive, and MUST NOT be | ||||
| longer than 64 characters. | ||||
| A provision is made here for locally extensible names. The IANA will | ||||
| not register, and will not control names with the at-sign in them. | ||||
| Names with the at-sign in them will have the format of | ||||
| "name@domainname" (without the double quotes) where the part | ||||
| preceeding the at-sign is the name. The format of the part preceding | ||||
| the at-sign is not specified, however these names MUST be printable | ||||
| US-ASCII strings, and MUST NOT contain the comma character (","), or | ||||
| whitespace, or control characters (ASCII codes 32 or less). The part | ||||
| following the at-sign MUST be a valid, fully qualified internet | ||||
| domain name [8] controlled by the person or organization defining the | ||||
| name. Names are case-sensitive, and MUST NOT be longer than 64 | ||||
| characters. It is up to each domain how it manages its local | ||||
| namespace. It has been noted that these names resemble STD 11 [7] | ||||
| email addresses. This is purely coincidental and actually has | ||||
| nothing to do with STD 11 [7]. An example of a locally defined name | ||||
| is "ourcipher-cbc@example.com" (without the double quotes). | ||||
| 5.2.2 Future Assignments of Names | ||||
| Requests for assignments of new Names MUST be done through the IETF | ||||
| CONSENSUS method as described in [9]. | ||||
| 5.3 Request names | ||||
| The following table lists the initial assignments of Request names | ||||
| Request Name | ||||
| ------------- | ||||
| version | ||||
| add | ||||
| remove | ||||
| list | ||||
| listattributes | ||||
| 5.4 Response names | ||||
| The following table lists the initial assignments of Response names | ||||
| Response Name | ||||
| -------------- | ||||
| version | ||||
| status | ||||
| publickey | ||||
| attribute | ||||
| 5.5 Attribute names | ||||
| Attributes are used to define properties or restrictions for public | ||||
| keys. The following table lists the initial assignments of Response | ||||
| names | ||||
| Attribute Name | ||||
| --------------- | ||||
| comment | ||||
| comment-language | ||||
| command-override | ||||
| subsystem | ||||
| x11 | ||||
| shell | ||||
| exec | ||||
| agent | ||||
| env | ||||
| from | ||||
| port-forward | ||||
| reverse-forward | ||||
| 5.6 Status codes | ||||
| The status code is a byte value, describing the status of a request. | ||||
| 5.6.1 Conventions | ||||
| Status responses have status codes in the range 0 to 255. These | ||||
| numbers are allocated as follows. Of these, the range 192 to 255 is | ||||
| reserved for use by local, private extensions. | ||||
| 5.6.2 Initial Assignments | ||||
| The following table identifies the initial assignments of the status | ||||
| code values. | ||||
| Status code Value Reference | ||||
| ------------ ----- --------- | ||||
| SSH_PUBLICKEY_SUCCESS 0 | ||||
| SSH_PUBLICKEY_ACCESS_DENIED 1 | ||||
| SSH_PUBLICKEY_STORAGE_EXCEEDED 2 | ||||
| SSH_PUBLICKEY_VERSION_NOT_SUPPORTED 3 | ||||
| SSH_PUBLICKEY_KEY_NOT_FOUND 4 | ||||
| SSH_PUBLICKEY_KEY_NOT_SUPPORTED 5 | ||||
| SSH_PUBLICKEY_KEY_ALREADY_PRESENT 6 | ||||
| SSH_PUBLICKEY_GENERAL_FAILURE 7 | ||||
| SSH_PUBLICKEY_REQUEST_NOT_SUPPORTED 8 | ||||
| 5.6.3 Future Assignments | ||||
| Requests for assignments of new message numbers in the range of 0 to | ||||
| 191 MUST be done through the STANDARDS ACTION method as described in | ||||
| [9]. | ||||
| The IANA will not control the message numbers range of 192 through | ||||
| 255. This range will be left for PRIVATE USE. | ||||
| 6. References | ||||
| 6.1 Normative References | ||||
| [1] Lonvick, C., "SSH Protocol Architecture", | ||||
| Internet-Draft draft-ietf-secsh-architecture-22, March 2005. | ||||
| [2] Lonvick, C., "SSH Transport Layer Protocol", | ||||
| Internet-Draft draft-ietf-secsh-transport-24, March 2005. | ||||
| [3] Lonvick, C., "SSH Authentication Protocol", | ||||
| Internet-Draft draft-ietf-secsh-userauth-27, March 2005. | ||||
| [4] Lonvick, C., "SSH Connection Protocol", | ||||
| Internet-Draft draft-ietf-secsh-connect-25, March 2005. | ||||
| [5] Alvestrand, H., "Tags for the Identification of Languages", | ||||
| RFC 1766, March 1995. | ||||
| [6] Yergeau, F., "UTF-8, a transformation format of ISO 10646", | ||||
| RFC 2279, January 1998. | ||||
| 6.2 Informative References | ||||
| [7] Crocker, D., "Standard for the format of ARPA Internet text | ||||
| messages", STD 11, RFC 822, August 1982. | ||||
| [8] Mockapetris, P., "Domain names - concepts and facilities", | ||||
| STD 13, RFC 1034, November 1987. | ||||
| [9] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA | ||||
| Considerations Section in RFCs", BCP 26, RFC 2434, October 1998. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Joseph Galbraith | Joseph Galbraith | |||
| VanDyke Software | VanDyke Software | |||
| 4848 Tramway Ridge Blvd | 4848 Tramway Ridge Blvd | |||
| Suite 101 | Suite 101 | |||
| Albuquerque, NM 87111 | Albuquerque, NM 87111 | |||
| US | US | |||
| Phone: +1 505 332 5700 | Phone: +1 505 332 5700 | |||
| EMail: galb-list@vandyke.com | Email: galb-list@vandyke.com | |||
| Jeff P. Van Dyke | Jeff P. Van Dyke | |||
| VanDyke Software | VanDyke Software | |||
| 4848 Tramway Ridge Blvd | 4848 Tramway Ridge Blvd | |||
| Suite 101 | Suite 101 | |||
| Albuquerque, NM 87111 | Albuquerque, NM 87111 | |||
| US | US | |||
| Phone: +1 505 332 5700 | Phone: +1 505 332 5700 | |||
| EMail: jpv@vandyke.com | Email: jpv@vandyke.com | |||
| Brent McClure | Brent McClure | |||
| VanDyke Software | VanDyke Software | |||
| 4848 Tramway Ridge Blvd | 4848 Tramway Ridge Blvd | |||
| Suite 101 | Suite 101 | |||
| Albuquerque, NM 87111 | Albuquerque, NM 87111 | |||
| US | US | |||
| Phone: +1 505 332 5700 | Phone: +1 505 332 5700 | |||
| EMail: bdm@vandyke.com | Email: bdm@vandyke.com | |||
| Jon Bright | Jon Bright | |||
| Silicon Circus | Silicon Circus | |||
| 24 Jubilee Road | 24 Jubilee Road | |||
| Chichester, West Sussex PO19 7XB | Chichester, West Sussex PO19 7XB | |||
| UK | UK | |||
| Phone: +49 172 524 0521 | Phone: +49 172 524 0521 | |||
| EMail: jon@siliconcircus.com | Email: jon@siliconcircus.com | |||
| Trademark notice | ||||
| "ssh" is a registered trademark in the United States and/or other | ||||
| countries. | ||||
| Intellectual Property Statement | Intellectual Property Statement | |||
| The IETF takes no position regarding the validity or scope of any | The IETF takes no position regarding the validity or scope of any | |||
| intellectual property or other rights that might be claimed to | Intellectual Property Rights or other rights that might be claimed to | |||
| pertain to the implementation or use of the technology described in | pertain to the implementation or use of the technology described in | |||
| this document or the extent to which any license under such rights | this document or the extent to which any license under such rights | |||
| might or might not be available; neither does it represent that it | might or might not be available; nor does it represent that it has | |||
| has made any effort to identify any such rights. Information on the | made any independent effort to identify any such rights. Information | |||
| IETF's procedures with respect to rights in standards-track and | on the procedures with respect to rights in RFC documents can be | |||
| standards-related documentation can be found in BCP-11. Copies of | found in BCP 78 and BCP 79. | |||
| claims of rights made available for publication and any assurances of | ||||
| licenses to be made available, or the result of an attempt made to | Copies of IPR disclosures made to the IETF Secretariat and any | |||
| obtain a general license or permission for the use of such | assurances of licenses to be made available, or the result of an | |||
| proprietary rights by implementors or users of this specification can | attempt made to obtain a general license or permission for the use of | |||
| be obtained from the IETF Secretariat. | such proprietary rights by implementers or users of this | |||
| specification can be obtained from the IETF on-line IPR repository at | ||||
| http://www.ietf.org/ipr. | ||||
| The IETF invites any interested party to bring to its attention any | The IETF invites any interested party to bring to its attention any | |||
| copyrights, patents or patent applications, or other proprietary | copyrights, patents or patent applications, or other proprietary | |||
| rights which may cover technology that may be required to practice | rights that may cover technology that may be required to implement | |||
| this standard. Please address the information to the IETF Executive | this standard. Please address the information to the IETF at | |||
| Director. | ietf-ipr@ietf.org. | |||
| Full Copyright Statement | ||||
| Copyright (C) The Internet Society (2004). All Rights Reserved. | Disclaimer of Validity | |||
| This document and translations of it may be copied and furnished to | This document and the information contained herein are provided on an | |||
| others, and derivative works that comment on or otherwise explain it | "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | |||
| or assist in its implementation may be prepared, copied, published | OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET | |||
| and distributed, in whole or in part, without restriction of any | ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, | |||
| kind, provided that the above copyright notice and this paragraph are | INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | |||
| included on all such copies and derivative works. However, this | INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | |||
| document itself may not be modified in any way, such as by removing | WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | |||
| the copyright notice or references to the Internet Society or other | ||||
| Internet organizations, except as needed for the purpose of | ||||
| developing Internet standards in which case the procedures for | ||||
| copyrights defined in the Internet Standards process must be | ||||
| followed, or as required to translate it into languages other than | ||||
| English. | ||||
| The limited permissions granted above are perpetual and will not be | Copyright Statement | |||
| revoked by the Internet Society or its successors or assignees. | ||||
| This document and the information contained herein is provided on an | Copyright (C) The Internet Society (2005). This document is subject | |||
| "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING | to the rights, licenses and restrictions contained in BCP 78, and | |||
| TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING | except as set forth therein, the authors retain all their rights. | |||
| BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION | ||||
| HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF | ||||
| MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | ||||
| Acknowledgment | Acknowledgment | |||
| Funding for the RFC Editor function is currently provided by the | Funding for the RFC Editor function is currently provided by the | |||
| Internet Society. | Internet Society. | |||
| End of changes. | ||||
This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||