diff options
Diffstat (limited to 'doc/protocol/draft-nir-tls-eap-00.txt')
-rw-r--r-- | doc/protocol/draft-nir-tls-eap-00.txt | 1120 |
1 files changed, 0 insertions, 1120 deletions
diff --git a/doc/protocol/draft-nir-tls-eap-00.txt b/doc/protocol/draft-nir-tls-eap-00.txt deleted file mode 100644 index d740f04917..0000000000 --- a/doc/protocol/draft-nir-tls-eap-00.txt +++ /dev/null @@ -1,1120 +0,0 @@ - - - -TLS Working Group Y. Nir -Internet-Draft Y. Sheffer -Intended status: Standards Track Check Point -Expires: December 9, 2007 H. Tschofenig - NSN - P. Gutmann - University of Auckland - June 7, 2007 - - - TLS using EAP Authentication - draft-nir-tls-eap-00.txt - -Status of this Memo - - By submitting this Internet-Draft, each author represents that any - applicable patent or other IPR claims of which he or she is aware - have been or will be disclosed, and any of which he or she becomes - aware will be disclosed, in accordance with Section 6 of BCP 79. - - Internet-Drafts are working documents of the Internet Engineering - Task Force (IETF), its areas, and its working groups. Note that - other groups may also distribute working documents as Internet- - Drafts. - - Internet-Drafts are draft documents valid for a maximum of six months - and may be updated, replaced, or obsoleted by other documents at any - time. It is inappropriate to use Internet-Drafts as reference - material or to cite them other than as "work in progress." - - The list of current Internet-Drafts can be accessed at - http://www.ietf.org/ietf/1id-abstracts.txt. - - The list of Internet-Draft Shadow Directories can be accessed at - http://www.ietf.org/shadow.html. - - This Internet-Draft will expire on December 9, 2007. - -Copyright Notice - - Copyright (C) The IETF Trust (2007). - - - - - - - - - - -Nir, et al. Expires December 9, 2007 [Page 1] - -Internet-Draft EAP-in-TLS June 2007 - - -Abstract - - This document describes an extension to the TLS protocol to allow TLS - clients to authenticate with legacy credentials using the Extensible - Authentication Protocol (EAP). - - This work follows the example of IKEv2, where EAP has been added to - the IKEv2 protocol to allow clients to use different credentials such - as passwords, token cards, and shared secrets. - - When TLS is used with EAP, additional records are sent after the - ChangeCipherSpec protocol message and before the Finished message, - effectively creating an extended handshake before the application - layer data can be sent. Each EapMsg handshake record contains - exactly one EAP message. Using EAP for client authentication allows - TLS to be used with various AAA back-end servers such as RADIUS or - Diameter. - - TLS with EAP may be used for securing a data connection such as HTTP - or POP3. We believe it has three main benefits: - o The ability of EAP to work with backend servers can remove that - burden from the application layer. - o Moving the user authentication into the TLS handshake protects the - presumably less secure application layer from attacks by - unauthenticated parties. - o Using mutual authentication methods within EAP can help thwart - certain classes of phishing attacks. - - - - - - - - - - - - - - - - - - - - - - - - -Nir, et al. Expires December 9, 2007 [Page 2] - -Internet-Draft EAP-in-TLS June 2007 - - -Table of Contents - - 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 - 1.1. EAP Applicability . . . . . . . . . . . . . . . . . . . . 5 - 1.2. Conventions Used in This Document . . . . . . . . . . . . 5 - 2. Operating Environment . . . . . . . . . . . . . . . . . . . . 6 - 3. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 7 - 3.1. The tee_supported Extension . . . . . . . . . . . . . . . 8 - 3.2. The InterimAuth Handshake Message . . . . . . . . . . . . 8 - 3.3. The EapMsg Handshake Message . . . . . . . . . . . . . . . 8 - 3.4. Calculating the Finished message . . . . . . . . . . . . . 9 - 4. Security Considerations . . . . . . . . . . . . . . . . . . . 10 - 4.1. InterimAuth vs. Finished . . . . . . . . . . . . . . . . . 10 - 4.2. Identity Protection . . . . . . . . . . . . . . . . . . . 10 - 4.3. Mutual Authentication . . . . . . . . . . . . . . . . . . 11 - 5. Performance Considerations . . . . . . . . . . . . . . . . . . 12 - 6. Operational Considerations . . . . . . . . . . . . . . . . . . 13 - 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 - 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15 - 9. Changes from Previous Versions . . . . . . . . . . . . . . . . 16 - 9.1. Changes from the protocol model draft . . . . . . . . . . 16 - 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17 - 10.1. Normative References . . . . . . . . . . . . . . . . . . . 17 - 10.2. Informative References . . . . . . . . . . . . . . . . . . 17 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 19 - Intellectual Property and Copyright Statements . . . . . . . . . . 20 - - - - - - - - - - - - - - - - - - - - - - - - - -Nir, et al. Expires December 9, 2007 [Page 3] - -Internet-Draft EAP-in-TLS June 2007 - - -1. Introduction - - This document describes a new extension to [TLS]. This extension - allows a TLS client to authenticate using [EAP] instead of performing - the authentication at the application level. The extension follows - [TLS-EXT]. For the remainder of this document we will refer to this - extension as TEE (TLS with EAP Extension). - - TEE extends the TLS handshake beyond the regular setup, to allow the - EAP protocol to run between the TLS server (called an "authenticator" - in EAP) and the TLS client (called a "supplicant"). This allows the - TLS architecture to handle client authentication before exposing the - server application software to an unauthenticated client. In doing - this, we follow the approach taken for IKEv2 in [RFC4306]. However, - similar to regular TLS, we protect the user identity by only sending - the client identity after the server has authenticated. In this our - solution differs from that of IKEv2. - - Currently used applications that rely on non-certificate user - credentials use TLS to authenticate the server only. After that, the - application takes over, and presents a login screen where the user is - expected to present their credentials. - - This creates several problems. It allows a client to access the - application before authentication, thus creating a potential for - anonymous attacks on non-hardened applications. Additionally, web - pages are not particularly well suited for long shared secrets and - for interfacing with certain devices such as USB tokens. - - TEE allows full mutual authentication to occur for all these - applications within the TLS exchange. The application receives - control only when the user is identified and authenticated. The - authentication can be built into the server infrastructure by - connecting to an AAA server. The client side can be integrated into - client software such as web browsers and mail clients. An EAP - infrastructure is already built into some operating systems providing - a user interface for each authentication method within EAP. - - We intend TEE to be used for various protocols that use TLS such as - HTTPS, in cases where certificate based client authentication is not - practical. This includes web-based mail services, online banking, - premium content websites and mail clients. - - Another class of applications that may see benefit from TEE are TLS - based VPN clients used as part of so-called "SSL VPN" products. No - such client protocols have so far been standardized. - - - - - -Nir, et al. Expires December 9, 2007 [Page 4] - -Internet-Draft EAP-in-TLS June 2007 - - -1.1. EAP Applicability - - Section 1.3 of [EAP] states that EAP is only applicable for network - access authentication, rather than for "bulk data transfer". It then - goes on to explain why the transport properties of EAP indeed make it - unsuitable for bulk data transfer, e.g. for large file transport. - Our proposed use of EAP falls squarely within the applicability as - defined, since we make no further use of EAP beyond access - authentication. - -1.2. Conventions Used in This Document - - The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", - "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this - document are to be interpreted as described in [RFC2119]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Nir, et al. Expires December 9, 2007 [Page 5] - -Internet-Draft EAP-in-TLS June 2007 - - -2. Operating Environment - - TEE will work between a client application and a server application, - performing either client authentication or mutual authentication - within the TLS exchange. - - - Client Server - +-------------------------+ +------------------------+ - | |GUI| | Client | |TLS+-+-----+-+TLS| |Server | | - | +-^-+ |Software| +-^-+ | +-+-^-+ |Application | | - | | +--------+ | | | | |Software | | - | | | | | | +------------+ | - | +-v----------------v-+ | | | | - | | EAP | | +---|--------------------+ - | | Infrastructure | | | - | +--------------------+ | | +--------+ - +-------------------------+ | | AAA | - | | Server | - +----- | - +--------+ - - The above diagram shows the typical deployment. The client has - software that either includes a UI for some EAP methods, or else is - able to invoke some operating system EAP infrastructure that takes - care of the user interaction. The server is configured with the - address and protocol of the AAA server. Typically the AAA server - communicates using the RADIUS protocol with EAP ([RADIUS] and - [RAD-EAP]), or the Diameter protocol ([Diameter] and [Dia-EAP]). - - As stated in the introduction, we expect TEE to be used in both - browsers and applications. Further uses may be authentication and - key generation for other protocols, and tunneling clients, which so - far have not been standardized. - - - - - - - - - - - - - - - - - -Nir, et al. Expires December 9, 2007 [Page 6] - -Internet-Draft EAP-in-TLS June 2007 - - -3. Protocol Overview - - The TEE extension defines the following: - o A new extension type called tee_supported, used to indicate that - the client supports this extension. - o A new message type for the handshake protocol, called InterimAuth, - which is used to sign previous messages. - o A new message type for the handshake protocol, called EapMsg, - which is used to carry a single EAP message. - - The diagram below outlines the protocol structure. For illustration - purposes only, we use the MSCHAPv2 EAP method - [I-D.dpotter-pppext-eap-mschap]. - - Client Server - ------ ------ - - ClientHello(*) --------> - ServerHello(*) - (Certificate) - ServerKeyExchange - EapMsg(Identity-Request) - <-------- ServerHelloDone - ClientKeyExchange - (CertificateVerify) - ChangeCipherSpec - InterimAuth - EapMsg(Identity-Reply) --------> - ChangeCipherSpec - InterimAuth - EapMsg(MS-CHAP-v2-Request) - <-------- - EapMsg(MS-CHAP-v2-Reply) --------> - EapMsg(Success) - <-------- Finished - Finished --------> - - (*) The ClientHello and ServerHello include the tee_supported - extension to indicate support for TEE - - - The client indicates in the first message its support for TEE. The - server sends an EAP identity request in the reply. The client sends - the identity reply after the handshake completion. The EAP request- - response sequence continues until the client is either authenticated - or rejected. - - - - - -Nir, et al. Expires December 9, 2007 [Page 7] - -Internet-Draft EAP-in-TLS June 2007 - - -3.1. The tee_supported Extension - - The tee_supported extension is a ClientHello and ServerHello - extension as defined in section 2.3 of [TLS-EXT]. The extension_type - field is TBA by IANA. The extension_data is zero-length. - -3.2. The InterimAuth Handshake Message - - The InterimAuth message is identical in syntax to the Finished - message described in section 7.4.9 of [TLS]. It is calculated in - exactly the same way. - - The semantics, however, are somewhat different. The "Finished" - message indicates that application data may now be sent. The - "InterimAuth" message does not indicate this. Instead, further - handshake messages are needed. - - The HandshakeType value for the InterimAuth handshake message is TBA - by IANA. - -3.3. The EapMsg Handshake Message - - The EapMsg handshake message carries exactly one EAP message as - defined in [EAP]. - - The HandshakeType value for the EapMsg handshake message is TBA by - IANA. - - The EapMsg message is used to tunnel EAP messages between the - authentication server, which may be co-located with the TLS server, - or else may be a separate AAA server, and the supplicant, which is - co-located with the TLS client. TLS on either side receives the EAP - data from the EAP infrastructure, and treats it as opaque. TLS does - not make any changes to the EAP payload or make any decisions based - on the contents of an EapMsg handshake message. - - Note that it is expected that the authentication server notifies the - TLS server about authentication success or failure, and so TLS need - not inspect the eap_payload within the EapMsg to detect success or - failure. - - struct { - opaque eap_payload[4..65535]; - } EapMsg; - - eap_payload is defined in section 4 of RFC 3748. It includes - the Code, Identifier, Length and Data fields of the EAP - packet. - - - -Nir, et al. Expires December 9, 2007 [Page 8] - -Internet-Draft EAP-in-TLS June 2007 - - -3.4. Calculating the Finished message - - If the EAP method is key-generating (see [I-D.ietf-eap-keying]), the - Finished message is calculated as follows: - - struct { - opaque verify_data[12]; - } Finished; - - verify_data - PRF(MSK, finished_label, MD5(handshake_messages) + - SHA-1(handshake_messages)) [0..11]; - - The finished_label and the PRF are as defined in section 7.4.9 of - [TLS]. - - The handshake_messages field, similar to regular TLS, comprises all - of the data from all messages in this handshake, including any EapMsg - and InterimAuth messages, up to but not including this Finished - message. This is the concatenation of all the Handshake structures - exchanged thus far, as defined in section 7.4 of [TLS]. - - The Master Session Key (MSK) is derived by the AAA server and by the - client if the EAP method is key-generating. On the server-side, it - is typically received from the AAA server over the RADIUS or Diameter - protocol. On the client-side, it is passed to TLS by some other - method. - - If the EAP method is not key-generating, then the Finished message is - calculated exactly as described in [TLS]. For a discussion on the - use of such methods, see Section 4.1. - - - - - - - - - - - - - - - - - - - - -Nir, et al. Expires December 9, 2007 [Page 9] - -Internet-Draft EAP-in-TLS June 2007 - - -4. Security Considerations - -4.1. InterimAuth vs. Finished - - In regular TLS, the Finished message provides two functions: it signs - all preceding messages, and it signals that application data can now - be sent. In TEE, some of the messages are signed twice. - - Some EAP methods, such as EAP-TLS, EAP-IKEv2 and EAP-SIM generate - keys in addition to authenticating clients. Such methods are said to - be resistant to man-in-the-middle (MITM) attacks as discussed in - [MITM]. Such methods are called key-generating methods. - - To realize the benefit of such methods, we need to verify the key - that was generated within the EAP method. This is referred to as the - MSK in EAP. In TEE, the InterimAuth message signs all previous - messages with the master_secret, just like the Finished message in - regular TLS. The Finished message signs all previous messages using - the MSK if such exists. If not, then the messages are signed with - the master_secret as in regular TLS. - - The need for signing twice arises from the fact that we need to use - both the master_secret and the MSK. It was possible to use just one - Finished record and blend the MSK into the master_secret. However, - this would needlessly complicate the protocol and make security - analysis more difficult. Instead, we have decided to follow the - example of IKEv2, where two AUTH payloads are exchanged. - - It should be noted that using non-key-generating methods may expose - the client to a MITM attack if the same method and credentials are - used in some other situation, in which the EAP is done outside of a - protected tunnel with an authenticated server. Unless it can be - determined that the EAP method is never used in such a situation, - non-key-generating methods SHOULD NOT be used. - -4.2. Identity Protection - - Unlike [TLS-PSK], TEE provides identity protection for the client. - The client's identity is hidden from a passive eavesdropper using TLS - encryption. Active attacks are discussed in Section 4.3. - - We could save one round-trip by having the client send its identity - within the Client Hello message. This is similar to TLS-PSK. - However, we believe that identity protection is a worthy enough goal, - so as to justify the extra round-trip. - - - - - - -Nir, et al. Expires December 9, 2007 [Page 10] - -Internet-Draft EAP-in-TLS June 2007 - - -4.3. Mutual Authentication - - In order to achieve our security goals, we need to have both the - server and the client authenticate. Client authentication is - obviously done using the EAP method. The server authentication can - be done in either of two ways: - 1. The client can verify the server certificate. This may work well - depending on the scenario, but implies that the client or its - user can recognize the right DN or alternate name, and - distinguish it from plausible alternatives. The introduction to - [I.D.Webauth-phishing] shows that at least in HTTPS, this is not - always the case. - 2. The client can use a mutually authenticated (MA) EAP method such - as MS-CHAPv2. In this case, server certificate verification does - not matter, and the TLS handshake may as well be anonymous. Note - that in this case, the client identity is sent to the server - before server authentication. - - To summarize: - o Clients MUST NOT propose anonymous ciphersuites, unless they - support MA EAP methods. - o Servers MUST NOT accept anonymous ciphersuites, unless they - support MA EAP methods. If they support both MA and non-MA - methods, they SHOULD prefer to use the MA methods. - o Clients MUST NOT accept non-MA methods if the ciphersuite is - anonymous. - o Clients MUST NOT accpet non-MA mehtods if they are not able to - verify the server credentials. Note that this document does not - define what verification involves. If the server DN is known and - stored on the client, verifying certificate signature and checking - revocation may be enough. For web browsers, the case is not as - clear cut, and MA methods SHOULD be used. - - - - - - - - - - - - - - - - - - - -Nir, et al. Expires December 9, 2007 [Page 11] - -Internet-Draft EAP-in-TLS June 2007 - - -5. Performance Considerations - - Regular TLS adds two round-trips to a TCP connection. However, - because of the stream nature of TCP, the client does not really need - to wait for the server's Finished message, and can begin sending - application data immediately after its own Finished message. In - practice, many clients do so, and TLS only adds one round-trip of - delay. - - TEE adds as many round-trips as the EAP method requires. For - example, EAP-MD5 requires 1 round-trip, while EAP-SIM requires 2 - round-trips. Additionally, the client MUST wait for the EAP-Success - message before sending its own Finished message, so we need at least - 3 round-trips for the entire handshake. The best a client can do is - two round-trips plus however many round-trips the EAP method - requires. - - It should be noted, though, that these extra round-trips save - processing time at the application level. Two extra round-trips take - a lot less time than presenting a log-in web page and processing the - user's input. - - It should also be noted, that TEE reverses the order of the Finished - messages. In regular TLS the client sends the Finished message - first. In TEE it is the server that sends the Finished message - first. This should not affect performance, and it is clear that the - client may send application data immediately after the Finished - message. - - - - - - - - - - - - - - - - - - - - - - - -Nir, et al. Expires December 9, 2007 [Page 12] - -Internet-Draft EAP-in-TLS June 2007 - - -6. Operational Considerations - - Section 4.3 defines a dependency between the TLS state and the EAP - state in that it mandates that certain EAP methods should not be used - with certain TLS ciphersuites. To avoid such dependencies, there are - two approaches that implementations can take. They can either not - use any anonymous ciphersuites, or else they can use only MA EAP - methods. - - Where certificate validation is problematic, such as in browser-based - HTTPS, we recommend the latter approach. - - In cases where the use of EAP within TLS is not known before opening - the connection, it is necessary to consider the implications of - requiring the user to type in credentials after the connection has - already started. TCP sessions may time out, because of security - considerations, and this may lead to session setup failure. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Nir, et al. Expires December 9, 2007 [Page 13] - -Internet-Draft EAP-in-TLS June 2007 - - -7. IANA Considerations - - IANA is asked to assign an extension type value from the - "ExtensionType Values" registry for the tee_supported extension. - - IANA is asked to assign two handshake message types from the "TLS - HandshakeType Registry", one for "EapMsg" and one for "InterimAuth". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Nir, et al. Expires December 9, 2007 [Page 14] - -Internet-Draft EAP-in-TLS June 2007 - - -8. Acknowledgments - - The TLS Inner Application Extension work ([TLS/IA]) has inspired the - authors to create this simplified work. TLS/IA provides a somewhat - different approach to integrating non-certificate credentials into - the TLS protocol, in addition to several other features available - from the RADIUS namespace. - - The authors would also like to thank the various contributors to - [RFC4306] whose work inspired this one. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Nir, et al. Expires December 9, 2007 [Page 15] - -Internet-Draft EAP-in-TLS June 2007 - - -9. Changes from Previous Versions - -9.1. Changes from the protocol model draft - - o Added diagram for EapMsg - o Added discussion of EAP applicability - o Added discussion of mutually-authenticated EAP methods vs other - methods in the security considerations. - o Added operational considerations. - o Other minor nits. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Nir, et al. Expires December 9, 2007 [Page 16] - -Internet-Draft EAP-in-TLS June 2007 - - -10. References - -10.1. Normative References - - [EAP] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H. - Levkowetz, "Extensible Authentication Protocol (EAP)", - RFC 3748, June 2004. - - [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate - Requirement Levels", BCP 14, RFC 2119, March 1997. - - [TLS] Dierks, T. and E. Rescorla, "The Transport Layer Security - (TLS) Protocol Version 1.1", RFC 4346, April 2006. - - [TLS-EXT] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., - and T. Wright, "Transport Layer Security (TLS) - Extensions", RFC 4366, April 2006. - -10.2. Informative References - - [Dia-EAP] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible - Authentication Protocol (EAP) Application", RFC 4072, - August 2005. - - [Diameter] - Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. - Arkko, "Diameter Base Protocol", RFC 3588, September 2003. - - [I-D.dpotter-pppext-eap-mschap] - Potter, D. and J. Zamick, "PPP EAP MS-CHAP-V2 - Authentication Protocol", - draft-dpotter-pppext-eap-mschap-01 (work in progress), - January 2002. - - [I-D.ietf-eap-keying] - Aboba, B., "Extensible Authentication Protocol (EAP) Key - Management Framework", draft-ietf-eap-keying-18 (work in - progress), February 2007. - - [I.D.Webauth-phishing] - Hartman, S., "Requirements for Web Authentication - Resistant to Phishing", draft-hartman-webauth-phishing-03 - (work in progress), March 2007. - - [MITM] Asokan, N., Niemi, V., and K. Nyberg, "Man-in-the-Middle - in Tunneled Authentication Protocols", October 2002. - - [RAD-EAP] Aboba, B. and P. Calhoun, "RADIUS (Remote Authentication - - - -Nir, et al. Expires December 9, 2007 [Page 17] - -Internet-Draft EAP-in-TLS June 2007 - - - Dial In User Service) Support For Extensible - Authentication Protocol (EAP)", RFC 3579, September 2003. - - [RADIUS] Rigney, C., Willens, S., Rubens, A., and W. Simpson, - "Remote Authentication Dial In User Service (RADIUS)", - RFC 2865, June 2000. - - [RFC4306] Kaufman, C., "Internet Key Exchange (IKEv2) Protocol", - RFC 4306, December 2005. - - [TLS-PSK] Eronen, P. and H. Tschofenig, "Pre-Shared Key Ciphersuites - for Transport Layer Security (TLS)", RFC 4279, - December 2005. - - [TLS/IA] Funk, P., Blake-Wilson, S., Smith, H., Tschofenig, N., and - T. Hardjono, "TLS Inner Application Extension (TLS/IA)", - draft-funk-tls-inner-application-extension-03 (work in - progress), June 2006. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Nir, et al. Expires December 9, 2007 [Page 18] - -Internet-Draft EAP-in-TLS June 2007 - - -Authors' Addresses - - Yoav Nir - Check Point Software Technologies Ltd. - 5 Hasolelim st. - Tel Aviv 67897 - Israel - - Email: ynir@checkpoint.com - - - Yaron Sheffer - Check Point Software Technologies Ltd. - 5 Hasolelim st. - Tel Aviv 67897 - Israel - - Email: yaronf at checkpoint dot com - - - Hannes Tschofenig - Nokia Siemens Networks - Otto-Hahn-Ring 6 - Munich, Bavaria 81739 - Germany - - Email: Hannes.Tschofenig@siemens.com - URI: http://www.tschofenig.com - - - Peter Gutmann - University of Auckland - Department of Computer Science - New Zealand - - Email: pgut001@cs.auckland.ac.nz - - - - - - - - - - - - - - - -Nir, et al. Expires December 9, 2007 [Page 19] - -Internet-Draft EAP-in-TLS June 2007 - - -Full Copyright Statement - - Copyright (C) The IETF Trust (2007). - - This document is subject to the rights, licenses and restrictions - contained in BCP 78, and except as set forth therein, the authors - retain all their rights. - - This document and the information contained herein are provided on an - "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS - OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND - THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS - OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF - THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED - WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - - -Intellectual Property - - The IETF takes no position regarding the validity or scope of any - Intellectual Property Rights or other rights that might be claimed to - pertain to the implementation or use of the technology described in - this document or the extent to which any license under such rights - might or might not be available; nor does it represent that it has - made any independent effort to identify any such rights. Information - on the procedures with respect to rights in RFC documents can be - found in BCP 78 and BCP 79. - - Copies of IPR disclosures made to the IETF Secretariat and any - assurances of licenses to be made available, or the result of an - attempt made to obtain a general license or permission for the use of - such proprietary rights by implementers or users of this - specification can be obtained from the IETF on-line IPR repository at - http://www.ietf.org/ipr. - - The IETF invites any interested party to bring to its attention any - copyrights, patents or patent applications, or other proprietary - rights that may cover technology that may be required to implement - this standard. Please address the information to the IETF at - ietf-ipr@ietf.org. - - -Acknowledgment - - Funding for the RFC Editor function is provided by the IETF - Administrative Support Activity (IASA). - - - - - -Nir, et al. Expires December 9, 2007 [Page 20] - |