draft-ietf-sip-eku-08.txt   rfc5924.txt 
SIP WG S. Lawrence Internet Engineering Task Force (IETF) S. Lawrence
Internet-Draft Nortel Networks, Inc. Request for Comments: 5924
Intended status: Experimental V. Gurbani Category: Experimental V. Gurbani
Expires: April 23, 2010 Bell Laboratories, Alcatel-Lucent ISSN: 2070-1721 Bell Laboratories, Alcatel-Lucent
October 20, 2009 June 2010
Using Extended Key Usage (EKU) for Session Initiation Protocol (SIP) Extended Key Usage (EKU) for Session Initiation Protocol (SIP)
X.509 Certificates X.509 Certificates
draft-ietf-sip-eku-08
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the Abstract
provisions of BCP 78 and BCP 79. This document may contain material
from IETF Documents or IETF Contributions published or made publicly
available before November 10, 2008. The person(s) controlling the
copyright in some of this material may not have granted the IETF
Trust the right to allow modifications of such material outside the
IETF Standards Process. Without obtaining an adequate license from
the person(s) controlling the copyright in such materials, this
document may not be modified outside the IETF Standards Process, and
derivative works of it may not be created outside the IETF Standards
Process, except to format it for publication as an RFC or to
translate it into languages other than English.
Internet-Drafts are working documents of the Internet Engineering This memo documents an extended key usage (EKU) X.509 certificate
Task Force (IETF), its areas, and its working groups. Note that extension for restricting the applicability of a certificate to use
other groups may also distribute working documents as Internet- with a Session Initiation Protocol (SIP) service. As such, in
Drafts. addition to providing rules for SIP implementations, this memo also
provides guidance to issuers of certificates for use with SIP.
Internet-Drafts are draft documents valid for a maximum of six months Status of This Memo
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at This document is not an Internet Standards Track specification; it is
http://www.ietf.org/ietf/1id-abstracts.txt. published for examination, experimental implementation, and
evaluation.
The list of Internet-Draft Shadow Directories can be accessed at This document defines an Experimental Protocol for the Internet
http://www.ietf.org/shadow.html. community. This document is a product of the Internet Engineering
Task Force (IETF). It represents the consensus of the IETF
community. It has received public review and has been approved for
publication by the Internet Engineering Steering Group (IESG). Not
all documents approved by the IESG are a candidate for any level of
Internet Standard; see Section 2 of RFC 5741.
This Internet-Draft will expire on April 23, 2010. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc5924.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of Provisions Relating to IETF Documents
publication of this document (http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Abstract This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Table of Contents
1. Introduction ....................................................3
2. Terminology .....................................................3
2.1. Key Words ..................................................3
2.2. Abstract Syntax Notation ...................................3
3. Problem Statement ...............................................3
4. Restricting Usage to SIP ........................................4
4.1. Extended Key Usage Values for SIP Domains ..................5
5. Using the SIP EKU in a Certificate ..............................5
6. Implications for a Certification Authority ......................6
7. Security Considerations .........................................6
8. IANA Considerations .............................................6
9. Acknowledgments .................................................7
10. Normative References ...........................................7
Appendix A. ASN.1 Module ..........................................8
1. Introduction
This memo documents an extended key usage (EKU) X.509 certificate This memo documents an extended key usage (EKU) X.509 certificate
extension for restricting the applicability of a certificate to use extension for restricting the applicability of a certificate to use
with a Session Initiation Protocol (SIP) service. As such, in with a Session Initiation Protocol (SIP) service. As such, in
addition to providing rules for SIP implementations, this memo also addition to providing rules for SIP implementations, this memo also
provides guidance to issuers of certificates for use with SIP. provides guidance to issuers of certificates for use with SIP.
Table of Contents 2. Terminology
1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Key Words . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2. Abstract syntax notation . . . . . . . . . . . . . . . . . 3
2. Problem statement . . . . . . . . . . . . . . . . . . . . . . . 3
3. Restricting usage to SIP . . . . . . . . . . . . . . . . . . . 4
3.1. Extended Key Usage values for SIP domains . . . . . . . . . 5
4. Using the SIP EKU in a certificate . . . . . . . . . . . . . . 5
5. Implications for a Certification Authority . . . . . . . . . . 6
6. Security Considerations . . . . . . . . . . . . . . . . . . . . 6
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 6
9. Normative References . . . . . . . . . . . . . . . . . . . . . 7
Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8
1. Terminology
1.1. Key Words 2.1. Key Words
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [1]. document are to be interpreted as described in RFC 2119 [1].
Additionally, the following term is defined: Additionally, the following term is defined:
SIP domain identity: A subject identity in the X.509 certificate SIP domain identity: A subject identity in the X.509 certificate
that conveys to a recipient of the certificate that the that conveys to a recipient of the certificate that the
certificate owner is authoritative for SIP services in the domain certificate owner is authoritative for SIP services in the domain
named by that subject identity. named by that subject identity.
1.2. Abstract syntax notation 2.2. Abstract Syntax Notation
All X.509 certificate X.509 [4] extensions are defined using ASN.1 All X.509 certificate X.509 [4] extensions are defined using ASN.1
X.680 [5],X.690 [6]. X.680 [5], and X.690 [6].
2. Problem statement 3. Problem Statement
Consider the SIP RFC 3261 [2] actors shown in Figure 1. Consider the SIP RFC 3261 [2] actors shown in Figure 1.
Proxy-A.example.com Proxy-B.example.net Proxy-A.example.com Proxy-B.example.net
+-------+ +-------+ +-------+ +-------+
| Proxy |--------------------| Proxy | | Proxy |--------------------| Proxy |
+----+--+ +---+---+ +----+--+ +---+---+
| | | |
| | | |
| | | |
| +---+ | +---+
0---0 | | 0---0 | |
/-\ |___| /-\ |___|
+---+ / / +---+ / /
+----+ +----+
alice@example.com bob@example.net alice@example.com bob@example.net
Figure 1: SIP Trapezoid Figure 1: SIP Trapezoid
Assume that alice@example.com creates an INVITE for bob@example.net; Assume that alice@example.com creates an INVITE for bob@example.net;
her user agent routes the request to some proxy in her domain, her user agent routes the request to some proxy in her domain,
example.com. Suppose also that example.com is a large organization example.com. Suppose also that example.com is a large organization
that maintains several SIP proxies, and her INVITE arrived at an that maintains several SIP proxies, and her INVITE arrived at an
outbound proxy Proxy-A.example.com. In order to route the request outbound proxy Proxy-A.example.com. In order to route the request
onward, Proxy-A uses RFC 3263 [7] resolution and finds that Proxy- onward, Proxy-A uses RFC 3263 [7] resolution and finds that Proxy-
B.example.net is a valid proxy for example.net that uses TLS. Proxy- B.example.net is a valid proxy for example.net that uses Transport
A.example.com requests a TLS connection to Proxy-B.example.net, and Layer Security (TLS). Proxy-A.example.com requests a TLS connection
in the TLS handshake each presents a certificate to authenticate that to Proxy-B.example.net, and in the TLS handshake each one presents a
connection. The validation of these certificates by each proxy to certificate to authenticate that connection. The validation of these
determine whether or not their peer is authoritative for the certificates by each proxy to determine whether or not their peer is
appropriate SIP domain is defined in Domain Certificates in the authoritative for the appropriate SIP domain is defined in "Domain
Session Initiation Protocol (SIP) [8]. Certificates in the Session Initiation Protocol (SIP)" [8].
A SIP domain name is frequently textually identical to the same DNS A SIP domain name is frequently textually identical to the same DNS
name used for other purposes. For example, the DNS name example.com name used for other purposes. For example, the DNS name example.com
can serve as a SIP domain name, an email domain name, and a web can serve as a SIP domain name, an email domain name, and a web
service name. Since these different services within a single service name. Since these different services within a single
organization might be administered independently and hosted organization might be administered independently and hosted
separately, it is desirable that a certificate be able to bind the separately, it is desirable that a certificate be able to bind the
DNS name to its usage as a SIP domain name without creating the DNS name to its usage as a SIP domain name without creating the
implication that the entity presenting the certificate is also implication that the entity presenting the certificate is also
authoritative for some other purpose. A mechanism is needed to allow authoritative for some other purpose. A mechanism is needed to allow
the certificate issued to a proxy to be restricted such that the the certificate issued to a proxy to be restricted such that the
subject name(s) that the certificate contains are valid only for use subject name(s) that the certificate contains are valid only for use
in SIP. In our example, Proxy-B possesses a certificate making in SIP. In our example, Proxy-B possesses a certificate making
Proxy-B authoritative as a SIP server for the domain example.net; Proxy-B authoritative as a SIP server for the domain example.net;
furthermore, Proxy-B has a policy that requires the client's SIP furthermore, Proxy-B has a policy that requires the client's SIP
domain be authenticated through a similar certificate. Proxy-A is domain be authenticated through a similar certificate. Proxy-A is
authoritative as a SIP server for the domain example.com; when authoritative as a SIP server for the domain example.com; when
Proxy-A makes a TLS connection to Proxy-B, the latter accepts the Proxy-A makes a TLS connection to Proxy-B, the latter accepts the
connection based on its policy. connection based on its policy.
3. Restricting usage to SIP 4. Restricting Usage to SIP
This memo defines a certificate profile for restricting the usage of This memo defines a certificate profile for restricting the usage of
a domain name binding to usage as a SIP domain name. RFC 5280 [3] a domain name binding to usage as a SIP domain name. RFC 5280 [3],
Section 4.2.1.12 defines a mechanism for this purpose: an "Extended Section 4.2.1.12, defines a mechanism for this purpose: an "Extended
Key Usage" (EKU) attribute, where the purpose of the EKU extension is Key Usage" (EKU) attribute, where the purpose of the EKU extension is
described as: described as:
"If the extension is present, then the certificate MUST only be If the extension is present, then the certificate MUST only be
used for one of the purposes indicated. If multiple purposes are used for one of the purposes indicated. If multiple purposes are
indicated the application need not recognize all purposes indicated the application need not recognize all purposes
indicated, as long as the intended purpose is present. indicated, as long as the intended purpose is present.
Certificate using applications MAY require that the extended key Certificate using applications MAY require that the extended key
usage extension be present and that a particular purpose be usage extension be present and that a particular purpose be
indicated in order for the certificate to be acceptable to that indicated in order for the certificate to be acceptable to that
application." application.
A Certificate Authority issuing a certificate whose purpose is to A Certificate Authority issuing a certificate whose purpose is to
bind a SIP domain identity without binding other non-SIP identities bind a SIP domain identity without binding other non-SIP identities
MUST include an id-kp-SIPdomain attribute in the Extended Key Usage MUST include an id-kp-sipDomain attribute in the Extended Key Usage
extension value (see Section 3.1). extension value (see Section 4.1).
3.1. Extended Key Usage values for SIP domains 4.1. Extended Key Usage Values for SIP Domains
RFC 5280 [3] specifies the EKU X.509 certificate Extension for use in RFC 5280 [3] specifies the EKU X.509 certificate extension for use in
the Internet. The extension indicates one or more purposes for which the Internet. The extension indicates one or more purposes for which
the certified public key is valid. The EKU extension can be used in the certified public key is valid. The EKU extension can be used in
conjunction with the key usage extension, which indicates how the conjunction with the key usage extension, which indicates how the
public key in the certificate is used, in a more basic cryptographic public key in the certificate is used, in a more basic cryptographic
way. way.
The EKU extension syntax is repeated here for convenience: The EKU extension syntax is repeated here for convenience:
ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
skipping to change at page 5, line 34 skipping to change at page 5, line 39
Inclusion of this KeyPurposeId in a certificate indicates that the Inclusion of this KeyPurposeId in a certificate indicates that the
use of any Subject names in the certificate is restricted to use by a use of any Subject names in the certificate is restricted to use by a
SIP service (along with any usages allowed by other EKU values). SIP service (along with any usages allowed by other EKU values).
id-kp OBJECT IDENTIFIER ::= id-kp OBJECT IDENTIFIER ::=
{ iso(1) identified-organization(3) dod(6) internet(1) { iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) 3 } security(5) mechanisms(5) pkix(7) 3 }
id-kp-sipDomain OBJECT IDENTIFIER ::= { id-kp 20 } id-kp-sipDomain OBJECT IDENTIFIER ::= { id-kp 20 }
4. Using the SIP EKU in a certificate 5. Using the SIP EKU in a Certificate
Section 7.1 of Domain Certificates in the Session Initiation Protocol Section 7.1 of Domain Certificates in the Session Initiation Protocol
[8] contains the steps for finding an identity (or a set of [8] contains the steps for finding an identity (or a set of
identities) in an X.509 certificate for SIP. In order to determine identities) in an X.509 certificate for SIP. In order to determine
whether the usage of a certificate is restricted to serve as a SIP whether the usage of a certificate is restricted to serve as a SIP
certificate only, implementations MUST perform the step given below certificate only, implementations MUST perform the steps given below
as a part of the certificate validation: as a part of the certificate validation:
The implementation MUST examine the Extended Key Usage value(s), if The implementation MUST examine the Extended Key Usage value(s):
any:
o If the certificate does not contain any EKU values (the Extended o If the certificate does not contain any EKU values (the Extended
Key Usage extension does not exist), it is a matter of local Key Usage extension does not exist), it is a matter of local
policy whether or not to accept the certificate for use as a SIP policy whether or not to accept the certificate for use as a SIP
certificate. Note that since certificates not following this certificate. Note that since certificates not following this
specification will not have the id-kp-sipDomain EKU value, and specification will not have the id-kp-sipDomain EKU value, and
many do not have any EKU values, the more interoperable local many do not have any EKU values, the more interoperable local
policy would be to accept the certificate. policy would be to accept the certificate.
o If the certificate contains the id-kp-sipDomain EKU extension, o If the certificate contains the id-kp-sipDomain EKU extension,
skipping to change at page 6, line 21 skipping to change at page 6, line 29
o If the certificate does not contain the id-kp-sipDomain EKU value, o If the certificate does not contain the id-kp-sipDomain EKU value,
but does contain the id-kp-anyExtendedKeyUsage EKU value, it is a but does contain the id-kp-anyExtendedKeyUsage EKU value, it is a
matter of local policy whether or not to consider the certificate matter of local policy whether or not to consider the certificate
acceptable for use as a SIP certificate. acceptable for use as a SIP certificate.
o If the EKU extension exists, but does not contain any of the id- o If the EKU extension exists, but does not contain any of the id-
kp-sipDomain or id-kp-anyExtendedKeyUsage EKU values, then the kp-sipDomain or id-kp-anyExtendedKeyUsage EKU values, then the
certificate MUST NOT be accepted as valid for use as a SIP certificate MUST NOT be accepted as valid for use as a SIP
certificate. certificate.
5. Implications for a Certification Authority 6. Implications for a Certification Authority
The procedures and practices employed by a certification authority The procedures and practices employed by a certification authority
MUST ensure that the correct values for the EKU extension and MUST ensure that the correct values for the EKU extension and
subjectAltName are inserted in each certificate that is issued. For subjectAltName are inserted in each certificate that is issued. For
certificates that indicate authority over a SIP domain, but not over certificates that indicate authority over a SIP domain, but not over
services other than SIP, certificate authorities MUST include the id- services other than SIP, certificate authorities MUST include the id-
kp-sipDomain EKU extension. kp-sipDomain EKU extension.
6. Security Considerations 7. Security Considerations
This memo defines an EKU X.509 certificate extension that restricts This memo defines an EKU X.509 certificate extension that restricts
the the usage of a certificate to a SIP service belonging to an the usage of a certificate to a SIP service belonging to an
autonomous domain. Relying parties can execute applicable policies autonomous domain. Relying parties can execute applicable policies
(such as those related to billing) on receiving a certificate with (such as those related to billing) on receiving a certificate with
the id-kp-sipDomain EKU value. An id-kp-sipDomain EKU value does not the id-kp-sipDomain EKU value. An id-kp-sipDomain EKU value does not
introduce any new security or privacy concerns. introduce any new security or privacy concerns.
7. IANA Considerations 8. IANA Considerations
The id-kp-sipDomain purpose requires an object identifier (OID). The The id-kp-sipDomain purpose requires an object identifier (OID). The
objects are defined in an arc delegated by IANA to the PKIX working objects are defined in an arc delegated by IANA to the PKIX working
group. No further action is necessary by IANA. group. No further action is necessary by IANA.
8. Acknowledgments 9. Acknowledgments
The following IETF contributors provided substantive input to this The following IETF contributors provided substantive input to this
document: Jeroen van Bemmel, Michael Hammer, Cullen Jennings, Paul document: Jeroen van Bemmel, Michael Hammer, Cullen Jennings, Paul
Kyzivat, Derek MacDonald, Dave Oran, Jon Peterson, Eric Rescorla, Kyzivat, Derek MacDonald, Dave Oran, Jon Peterson, Eric Rescorla,
Jonathan Rosenberg, Russ Housley, Paul Hoffman, and Stephen Kent. Jonathan Rosenberg, Russ Housley, Paul Hoffman, and Stephen Kent.
Sharon Boyen and Trevor Freeman reviewed the document and facilitated Sharon Boyen and Trevor Freeman reviewed the document and facilitated
the discussion on id-kp-anyExtendedKeyUsage, id-kpServerAuth and id- the discussion on id-kp-anyExtendedKeyUsage, id-kpServerAuth and id-
kp-ClientAuth purposes in certificates. kp-ClientAuth purposes in certificates.
9. Normative References 10. Normative References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", RFC 2119, March 1997. Levels", BCP 14, RFC 2119, March 1997.
[2] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., [2] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
Session Initiation Protocol", RFC 3261, June 2002. Session Initiation Protocol", RFC 3261, June 2002.
[3] Cooper, D., Santesson, S., Farrell, S., Boyen, S., Housley, R., [3] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R.,
and W. Polk, "Internet X.509 Public Key Infrastructure and W. Polk, "Internet X.509 Public Key Infrastructure
Certificate and Certificate Revocation List (CRL) Profile", Certificate and Certificate Revocation List (CRL) Profile",
RFC 5280, May 2008. RFC 5280, May 2008.
[4] International Telecommunications Union, "Information technology [4] International Telecommunications Union, "Information technology
- Open Systems Interconnection - The Directory: Public-key and - Open Systems Interconnection - The Directory: Public-key and
attribute certificate frameworks", ITU-T Recommendation X.509, attribute certificate frameworks", ITU-T Recommendation X.509,
ISO Standard 9594-8, March 2000. ISO Standard 9594-8, March 2000.
[5] International International Telephone and Telegraph Consultative [5] International International Telephone and Telegraph Consultative
Committee, "Abstract Syntax Notation One (ASN.1): Specification Committee, "Abstract Syntax Notation One (ASN.1): Specification
of basic notation", CCITT Recommendation X.680, July 2002. of basic notation", CCITT Recommendation X.680, July 2002.
[6] International International Telephone and Telegraph Consultative [6] International International Telephone and Telegraph Consultative
Committee, "ASN.1 encoding rules: Specification of basic Committee, "ASN.1 encoding rules: Specification of basic
encoding Rules (BER), Canonical encoding rules (CER) and encoding Rules (BER), Canonical encoding rules (CER) and
Distinguished encoding rules (DER)", CCITT Recommendation X.690, Distinguished encoding rules (DER)", CCITT Recommendation X.690,
July 2002. July 2002.
[7] Rosenberg, J. and H. Schulzrinne, "Session Initiation Protocol [7] Rosenberg, J. and H. Schulzrinne, "Session Initiation Protocol
(SIP): Location SIP Servers", RFC 3263, June 2002. (SIP): Locating SIP Servers", RFC 3263, June 2002.
[8] Gurbani, V., Lawrence, S., and A. Jeffrey, "Domain Certificates [8] Gurbani, V., Lawrence, S., and A. Jeffrey, "Domain Certificates
in the Session Initiation Protocol (SIP)", in the Session Initiation Protocol (SIP)", RFC 5922, June 2010.
draft-ietf-sip-domain-certs-04.txt (work in progress), May 2009.
Appendix A. ASN.1 Module Appendix A. ASN.1 Module
SIPDomainCertExtn SIPDomainCertExtn
{ iso(1) identified-organization(3) dod(6) internet(1) { iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-sip-domain-extns2007(62) } id-mod-sip-domain-extns2007(62) }
DEFINITIONS IMPLICIT TAGS ::= DEFINITIONS IMPLICIT TAGS ::=
BEGIN BEGIN
-- OID Arcs -- OID Arcs
id-kp OBJECT IDENTIFIER ::= id-kp OBJECT IDENTIFIER ::=
{ iso(1) identified-organization(3) dod(6) internet(1) { iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) 3 } security(5) mechanisms(5) pkix(7) 3 }
-- Extended Key Usage Values -- Extended Key Usage Values
id-kp-sipDomain OBJECT IDENTIFIER ::= { id-kp 20 } id-kp-sipDomain OBJECT IDENTIFIER ::= { id-kp 20 }
END END
Authors' Addresses Authors' Addresses
Scott Lawrence Scott Lawrence
Nortel Networks, Inc.
600 Technology Park
Billerica, MA 01821
USA
Phone: +1 978 248 5508 EMail: scott-ietf@skrb.org
Email: scott.lawrence@nortel.com
Vijay K. Gurbani Vijay K. Gurbani
Bell Laboratories, Alcatel-Lucent Bell Laboratories, Alcatel-Lucent
1960 Lucent Lane 1960 Lucent Lane
Room 9C-533 Room 9C-533
Naperville, IL 60566 Naperville, IL 60566
USA USA
Phone: +1 630 224-0216 Phone: +1 630 224-0216
Email: vkg@bell-labs.com EMail: vkg@bell-labs.com
 End of changes. 51 change blocks. 
115 lines changed or deleted 116 lines changed or added

This html diff was produced by rfcdiff 1.38. The latest version is available from http://tools.ietf.org/tools/rfcdiff/