summaryrefslogtreecommitdiff
path: root/papers/draft-gsenger-secure-anycast-tunneling-protocol-02.txt
diff options
context:
space:
mode:
Diffstat (limited to 'papers/draft-gsenger-secure-anycast-tunneling-protocol-02.txt')
-rw-r--r--papers/draft-gsenger-secure-anycast-tunneling-protocol-02.txt952
1 files changed, 952 insertions, 0 deletions
diff --git a/papers/draft-gsenger-secure-anycast-tunneling-protocol-02.txt b/papers/draft-gsenger-secure-anycast-tunneling-protocol-02.txt
new file mode 100644
index 0000000..0a63c6f
--- /dev/null
+++ b/papers/draft-gsenger-secure-anycast-tunneling-protocol-02.txt
@@ -0,0 +1,952 @@
+
+
+
+Network Working Group O. Gsenger
+Internet-Draft January 2008
+Intended status: Informational
+Expires: July 4, 2008
+
+
+ secure anycast tunneling protocol (SATP)
+ draft-gsenger-secure-anycast-tunneling-protocol-01
+
+Status of this Memo
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware
+ have been or will be disclosed, and any of which he or she becomes
+ aware will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as Internet-
+ Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.txt.
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html.
+
+ This Internet-Draft will expire on July 4, 2008.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2008).
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Gsenger Expires July 4, 2008 [Page 1]
+
+Internet-Draft secure anycast tunneling protocol (SATP) January 2008
+
+
+Abstract
+
+ The secure anycast tunneling protocol (SATP) defines a protocol used
+ for communication between any combination of unicast and anycast
+ tunnel endpoints. It allows tunneling of every ETHER TYPE protocol
+ (ethernet, ip ...). SATP directly includes cryptography and message
+ authentication based on the methodes used by SRTP. It can be used as
+ an encrypted alternative to IP Encapsulation within IP [3] and
+ Generic Routing Encapsulation (GRE) [4]. It supports both anycast
+ receivers and senders.
+
+
+Table of Contents
+
+ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
+ 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 3
+ 2. Motivation and usage scenarios . . . . . . . . . . . . . . . . 4
+ 2.1. Usage scenarions . . . . . . . . . . . . . . . . . . . . . 4
+ 2.1.1. Tunneling from unicast hosts over anycast routers
+ to other unicast hosts . . . . . . . . . . . . . . . . 4
+ 2.1.2. Tunneling from unicast hosts to anycast networks . . . 5
+ 2.1.3. Redundant tunnel connection of 2 networks . . . . . . 5
+ 2.2. Encapsulation . . . . . . . . . . . . . . . . . . . . . . 6
+ 3. Using SATP on top of IP . . . . . . . . . . . . . . . . . . . 8
+ 3.1. Fragmentation . . . . . . . . . . . . . . . . . . . . . . 8
+ 3.2. ICMP messages . . . . . . . . . . . . . . . . . . . . . . 8
+ 4. Protocol specification . . . . . . . . . . . . . . . . . . . . 9
+ 4.1. Header format . . . . . . . . . . . . . . . . . . . . . . 9
+ 4.2. sequence number . . . . . . . . . . . . . . . . . . . . . 9
+ 4.3. sender ID . . . . . . . . . . . . . . . . . . . . . . . . 9
+ 4.4. MUX . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
+ 4.5. payload type field . . . . . . . . . . . . . . . . . . . . 10
+ 4.6. payload . . . . . . . . . . . . . . . . . . . . . . . . . 10
+ 4.7. padding (OPTIONAL) . . . . . . . . . . . . . . . . . . . . 10
+ 4.8. padding count (OPTIONAL) . . . . . . . . . . . . . . . . . 10
+ 4.9. MKI (OPTIONAL) . . . . . . . . . . . . . . . . . . . . . . 10
+ 4.10. authentication tag (RECOMMENDED) . . . . . . . . . . . . . 10
+ 4.11. Encryption . . . . . . . . . . . . . . . . . . . . . . . . 11
+ 5. Security Considerations . . . . . . . . . . . . . . . . . . . 12
+ 5.1. Replay protection . . . . . . . . . . . . . . . . . . . . 12
+ 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
+ 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
+ 7.1. Normative References . . . . . . . . . . . . . . . . . . . 14
+ 7.2. Informational References . . . . . . . . . . . . . . . . . 14
+ Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 16
+ Intellectual Property and Copyright Statements . . . . . . . . . . 17
+
+
+
+
+
+Gsenger Expires July 4, 2008 [Page 2]
+
+Internet-Draft secure anycast tunneling protocol (SATP) January 2008
+
+
+1. Introduction
+
+ SATP is a mixture of a generic encapsulation protocol like GRE [4]
+ and a secure tunneling protocol as IPsec [5] in tunnel mode. It can
+ be used to build redundant virtual private network (VPN) connections.
+ It supports peer to peer tunnels, where tunnel endpoints can be any
+ combination of unicast, multicast or anycast hosts, so it defines a
+ Host Anycast Service [6]. Encryption is done per packet, so the
+ protocol is robust against packet loss and routing changes. To save
+ some header overhead it uses the encryption techniques of SRTP [1].
+
+1.1. Notational Conventions
+
+ The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in RFC2119 [2].
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Gsenger Expires July 4, 2008 [Page 3]
+
+Internet-Draft secure anycast tunneling protocol (SATP) January 2008
+
+
+2. Motivation and usage scenarios
+
+ This section gives an overview of possible usage scenarios. Please
+ note, that the protocols used in the figures are only examples and
+ that SATP itself does not care about either transport protocols or
+ encapsulated protocols. Routing is not done by SATP and each
+ implemetation MAY choose it's own way of doing this task (e.g. using
+ functions provided by the operating system). SATP is used only to
+ encapsulate and encrypt data.
+
+2.1. Usage scenarions
+
+2.1.1. Tunneling from unicast hosts over anycast routers to other
+ unicast hosts
+
+ An example of SATP used to tunnel in a unicast client - anycast
+ server model
+
+ --------- router -----------
+ / \
+ unicast ------+---------- router ------------+------ unicast
+ host \ / host
+ --------- router -----------
+
+ unicast | encrypted | anycast | encrypted | unicast
+ tunnel | communication | tunnel | communication | tunnel
+ endpoint | using SATP | endpoint | using SATP | endpoint
+
+ Figure 1
+
+ In this scenario the payload gets encapsuleted into a SATP packet by
+ a unicast host and gets transmitted to one of the anycast routers.
+ It than gets decapsulated by the router. This router makes a routing
+ descision based on the underlying protocol and transmits a new SATP
+ package to one or more unicast hosts depending on the routing
+ decision.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Gsenger Expires July 4, 2008 [Page 4]
+
+Internet-Draft secure anycast tunneling protocol (SATP) January 2008
+
+
+2.1.2. Tunneling from unicast hosts to anycast networks
+
+ An example of SATP used to encrypt data between a unicast host and
+ anycast networks
+
+ -------Router -+---- DNS Server
+ / \
+ / --- 6to4 Router
+ /
+ unicast -------+----------Router --+--- DNS Server
+ host \ \
+ \ --- 6to4 Router
+ \
+ -------Router -+---- DNS Server
+ \
+ --- 6to4 Router
+
+ unicast | encrypted | anycast | plaintext
+ tunnel | communication | tunnel | anycast
+ endpoint | using SATP | endpoint | services
+
+
+ Figure 2
+
+ When the unicast hosts wants to transmit data to one of the anycast
+ DNS servers, it encapsulates the data and sends a SATP packet to the
+ anycast address of the routers. The packet arrives at one of the
+ routers, gets decapsulated and routed to the DNS server. This method
+ can be used to tunnel between a clients and networks providing
+ anycast services. It can also be used the other way to virtually
+ locate a unicast service within anycasted networks.
+
+2.1.3. Redundant tunnel connection of 2 networks
+
+ An example of SATP used to connect 2 networks
+
+ Router ----------- ---------------Router
+ / \ / \
+ Network - Router ------------x Network
+ A \ / \ / B
+ Router ----------- ---------------Router
+
+ | packets | packets | packets |
+ plaintext | get | take a | get | plaintext
+ packets | de/encrypted | random | de/encrypted | packets
+ |de/encapsulated| path |de/encapsulated|
+
+
+
+
+
+Gsenger Expires July 4, 2008 [Page 5]
+
+Internet-Draft secure anycast tunneling protocol (SATP) January 2008
+
+
+ Figure 3
+
+ Network A has multiple routers, that act as gateway/tunnel endpoints
+ to another network B. This is done to build a redundant encrypted
+ tunnel connection between the two networks. All tunnel endpoints of
+ network A share the same anycast address and all tunnel endpoints of
+ network B share another anycast address. When a packet from network
+ A gets transmitted to network B, it first arrives on one of network
+ A's border routers. Which router is used is determined by network
+ A's internal routing. This router encapsulates the package and sends
+ it to the anycast address of the network B routers. The SATP packet
+ arrives at one of network B's routers and gets decapsulated and
+ routed to it's destination within network B.
+
+2.2. Encapsulation
+
+ SATP does not depend on which lower layer protocols is used, but this
+ section gives an example of how packets could look like.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Gsenger Expires July 4, 2008 [Page 6]
+
+Internet-Draft secure anycast tunneling protocol (SATP) January 2008
+
+
+ Examples of SATP used with different lower layer and payload
+ protocols
+
+ +------+-----+-------------------------------+
+ | | | +----------------+-----+ |
+ | IPv6 | UDP | SATP | Ethernet 802.3 | ... | |
+ | | | +----------------+-----+ |
+ +------+-----+-------------------------------+
+
+ Tunneling of Ethernet over UDP/IPv6
+
+ +------+-----+---------------------------+
+ | | | +------+-----+-----+ |
+ | IPv4 | UDP | SATP | IPv6 | UDP | RTP | |
+ | | | +------+-----+-----+ |
+ +------+-----+---------------------------+
+
+ Tunneling of IPv6 over UDP/IPv4 with RTP payload
+
+ +------+-------------------------------+
+ | | +----------------+-----+ |
+ | IPv6 | SATP | Ethernet 802.3 | ... | |
+ | | +----------------+-----+ |
+ +------+-------------------------------+
+
+ Tunneling of Ethernet over IPv6
+
+ +------+---------------------------+
+ | | +------+-----+-----+ |
+ | IPv4 | SATP | IPv6 | UDP | RTP | |
+ | | +------+-----+-----+ |
+ +------+---------------------------+
+
+ Tunneling of IPv6 over IPv4 with RTP payload
+
+ Figure 4
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Gsenger Expires July 4, 2008 [Page 7]
+
+Internet-Draft secure anycast tunneling protocol (SATP) January 2008
+
+
+3. Using SATP on top of IP
+
+3.1. Fragmentation
+
+ The only way of fully supporting fragmentation would be to
+ synchronise fragments between all anycast servers. This is
+ considered to be too much overhead, so there are two non perfect
+ solutions for these problems. Either fragmentation HAS TO be
+ disabled or if not all fragments arrive at the same server the ip
+ datagramm HAS TO be discarded. As routing changes are not expected
+ to occure very frequently, the encapsulated protocol can do a
+ retransmission and all fragments will arrive at the new server.
+
+ If the payload type is IP and the ip headers's Don't Fragment (DF)
+ bit is set, than the DF bit of the outer IP header HAS TO be set as
+ well.
+
+3.2. ICMP messages
+
+ ICMP messages MUST be relayed according to rfc2003 section 4 [3].
+ This is needed for path MTU detection.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Gsenger Expires July 4, 2008 [Page 8]
+
+Internet-Draft secure anycast tunneling protocol (SATP) January 2008
+
+
+4. Protocol specification
+
+4.1. Header format
+
+ Protocol Format
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | sequence number | |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
+ | sender ID | MUX | |
+ +#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+ |
+ | | payload type | | |
+ | +-------------------------------+ | |
+ | | .... payload ... | |
+ | | +-------------------------------+ |
+ | | | padding (OPT) | pad count(OPT)| |
+ +#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+-+
+ | ~ MKI (OPTIONAL) ~ |
+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
+ | : authentication tag (RECOMMENDED) : |
+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
+ | |
+ +- Encrypted Portion Authenticated Portion ---+
+
+ Figure 5
+
+4.2. sequence number
+
+ The sequence number is a 32 bit unsigned integer in network byte
+ order. It starts with a random value and is increased by 1 for every
+ sent packet. After the maximum value, it starts over from 0. This
+ overrun causes the ROC to be increased.
+
+4.3. sender ID
+
+ The sender ID is a 16 bit unsigned integer. It HAS TO be unique for
+ every sender sharing the same anycast address
+
+4.4. MUX
+
+ The MUX (multiplex) field is a 16 bit unsigned integer. It is used
+ to destinguish multible tunnel connections.
+
+
+
+
+
+
+
+Gsenger Expires July 4, 2008 [Page 9]
+
+Internet-Draft secure anycast tunneling protocol (SATP) January 2008
+
+
+4.5. payload type field
+
+ The payload type field defines the payload protocol. ETHER TYPE
+ protocol numbers are used. See IANA assigned ethernet numbers [7] .
+ The values 0000-05DC are reserverd and MUST NOT be used.
+
+ Some examples for protocol types
+
+ HEX
+ 0000 Reserved
+ .... Reserved
+ 05DC Reserved
+ 0800 Internet IP (IPv4)
+ 6558 transparent ethernet bridging
+ 86DD IPv6
+
+ Figure 6
+
+4.6. payload
+
+ A packet of the type payload type (e.g. an IP packet).
+
+4.7. padding (OPTIONAL)
+
+ Padding of max 255 octets. None of the pre-defined encryption
+ transforms uses any padding; for these, the plaintext and encrypted
+ payload sizes match exactly. Transforms are based on transforms of
+ the SRTP protocol and these transforms might use the RTP padding
+ format, so a RTP like padding is supported. If the padding count
+ field is present, than the padding count field MUST be set to the
+ padding length.
+
+4.8. padding count (OPTIONAL)
+
+ The number of octets of the padding field. This field is optional.
+ It's presence is signaled by the key management and not by this
+ protocol. If this field isn't present, the padding field MUST NOT be
+ present as well.
+
+4.9. MKI (OPTIONAL)
+
+ The MKI (Master Key Identifier) is OPTIONAL and of configurable
+ length. See SRTP Section 3.1 [1] for details
+
+4.10. authentication tag (RECOMMENDED)
+
+ The authentication tag is RECOMMENDED and of configurable length. It
+ contains a cryptographic checksum of the sender ID, sequence number
+
+
+
+Gsenger Expires July 4, 2008 [Page 10]
+
+Internet-Draft secure anycast tunneling protocol (SATP) January 2008
+
+
+ and the encrypted portion, but not of the MKI. On sender side
+ encryption HAS TO be done before calculating the authentication tag.
+ A receiver HAS TO calculate the authentication tag before decrypting
+ the encrypted portion.
+
+4.11. Encryption
+
+ Encryption is done in the same way as for SRTP [1]. This section
+ will only discuss some small changes that HAVE TO be made. Please
+ read SRTP RFC3711 section 3-9 [1] for details.
+
+ The least significant bits of SSRC are replaced by the sender ID and
+ the most significant bits are replaced by the mux. For the SRTP SEQ
+ the 16 least significant bits of the SATP sequence number are used
+ and the 16 most significant bits of the sequence number replace the
+ 16 least significant bits of the SRTP ROC.
+
+ Difference between SRTP and SATP
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | SATP sequence number |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ =
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | SRTP ROC least significant | SRTP SEQ |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | SATP MUX | SATP sender ID |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ =
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | SRTP SSRC |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+ Figure 7
+
+
+
+
+
+
+
+
+
+
+Gsenger Expires July 4, 2008 [Page 11]
+
+Internet-Draft secure anycast tunneling protocol (SATP) January 2008
+
+
+5. Security Considerations
+
+ As SATP uses the same encryption techniques as SRTP [1], it shares
+ the same security issues. This section will only discuss some small
+ changes. Please read SRTP RFC3711 section 9 [1] for details.
+
+5.1. Replay protection
+
+ Replay protection is done by a replay list. Every anycast receiver
+ has it's own replay list, which SHOULDN'T be syncronised, because of
+ massive overhead. This leads to an additional possible attack. A
+ attacker is able to replay a captured packet once to every anycast
+ receiver. This attack is considered of be very unlikely, because
+ multiple attack hosts in different loactions are needed to reach the
+ seperate anycast receivers and the number of replays is limited to
+ the count of receivers - 1. Such replays might also happen because
+ of routing problems, so a payload protocol HAS TO be robust against a
+ small number of duplicated packages. The window size and position
+ HAS TO be syncronised between multible anycast receivers to limit
+ this attack.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Gsenger Expires July 4, 2008 [Page 12]
+
+Internet-Draft secure anycast tunneling protocol (SATP) January 2008
+
+
+6. IANA Considerations
+
+ The protocol is intended to be used on top of IP or on top of UDP (to
+ be compatible with NAT routers), so UDP and IP protocol numbers have
+ to be assiged by IANA.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Gsenger Expires July 4, 2008 [Page 13]
+
+Internet-Draft secure anycast tunneling protocol (SATP) January 2008
+
+
+7. References
+
+7.1. Normative References
+
+ [1] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K.
+ Norrman, "The Secure Real-time Transport Protocol (SRTP)",
+ RFC 3711, March 2004.
+
+ [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement
+ Levels", BCP 14, RFC 2119, March 1997.
+
+ [3] Perkins, C., "IP Encapsulation within IP", RFC 2003,
+ October 1996.
+
+7.2. Informational References
+
+ [4] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P. Traina,
+ "Generic Routing Encapsulation (GRE)", RFC 2784, March 2000.
+
+ [5] Kent, S. and R. Atkinson, "Security Architecture for the
+ Internet Protocol", RFC 2401, November 1998.
+
+ [6] Partridge, C., Mendez, T., and W. Milliken, "Host Anycasting
+ Service", RFC 1546, November 1993.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Gsenger Expires July 4, 2008 [Page 14]
+
+Internet-Draft secure anycast tunneling protocol (SATP) January 2008
+
+
+URIs
+
+ [7] <http://www.iana.org/assignments/ethernet-numbers>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Gsenger Expires July 4, 2008 [Page 15]
+
+Internet-Draft secure anycast tunneling protocol (SATP) January 2008
+
+
+Author's Address
+
+ Othmar Gsenger
+ Puerstingerstr 32
+ Saalfelden 5760
+ AT
+
+ Phone:
+ Email: satp@gsenger.com
+ URI: http://www.gsenger.com/satp/
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Gsenger Expires July 4, 2008 [Page 16]
+
+Internet-Draft secure anycast tunneling protocol (SATP) January 2008
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2008).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr@ietf.org.
+
+
+Acknowledgment
+
+ Funding for the RFC Editor function is provided by the IETF
+ Administrative Support Activity (IASA).
+
+
+
+
+
+Gsenger Expires July 4, 2008 [Page 17]
+