Network Working Group                                           H. Singh
Internet-Draft                                                 W. Beebee
Intended status: Standards Track                     Cisco Systems, Inc.
Expires: April 9, September 7, 2009                                   E. Nordmark
                                                        Sun Microsystems
                                                         October
                                                           March 6, 2008 2009

 IPv6 Subnet Model: the Relationship between Links and Subnet Prefixes
                  draft-ietf-6man-ipv6-subnet-model-02
                  draft-ietf-6man-ipv6-subnet-model-03

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of which he BCP 78 and BCP 79.  This document may contain material
   from IETF Documents or she is aware
   have been IETF Contributions published or will made publicly
   available before November 10, 2008.  The person(s) controlling the
   copyright in some of this material may not have granted the IETF
   Trust the right to allow modifications of such material outside the
   IETF Standards Process.  Without obtaining an adequate license from
   the person(s) controlling the copyright in such materials, this
   document may not be disclosed, modified outside the IETF Standards Process, and any
   derivative works of which he or she becomes
   aware will it may not be disclosed, in accordance with Section 6 of BCP 79. created outside the IETF Standards
   Process, except to format it for publication as an RFC or to
   translate it into languages other than English.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on April 9, September 7, 2009.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Abstract

   IPv6 specifies a model of a subnet that is different than the IPv4
   subnet model.  The subtlety of the differences has resulted in
   incorrect implementations that do not interoperate.  This document
   spells out the most important difference; that an IPv6 address isn't
   automatically associated with an IPv6 on-link prefix.  This document
   also invalidates updates (partially due to security concerns) concerns caused by incorrect
   implementations) a part of the definition of on-link from [RFC4861].

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Host Behavior and Rules  . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Host Rules . . . . . . . . . . . . . . . . . . . . . . . . . .  7
   4.  Observed Incorrect Implementation Behavior . . . . . . . . . .  6
   4.  9
   5.  Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . .  6
   5.  9
   6.  Security Considerations  . . . . . . . . . . . . . . . . . . .  6
   6.  9
   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  6
   7.  Acknowledgements .  9
   8.  Contributors . . . . . . . . . . . . . . . . . . . . . .  7
   8.  References . . .  9
   9.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . .  7
     8.1.  Normative 10
   10. References . . . . . . . . . . . . . . . . . . .  7
     8.2.  Informative References . . . . . . . . . . . . 10
     10.1.  Normative References  . . . . . .  7
   Appendix A.  CHANGE HISTORY . . . . . . . . . . . . 10
     10.2.  Informative References  . . . . . . .  8
   Authors' Addresses . . . . . . . . . . 10
   Authors' Addresses . . . . . . . . . . . . . .  9
   Intellectual Property and Copyright Statements . . . . . . . . . . 10 11

1.  Introduction

   IPv4 implementations typically associate a netmask with an address
   when an IPv4 address is assigned to an interface.  That netmask
   together with the IPv4 address designates an on-link prefix.
   Addresses that are covered by this prefix are viewed as on-link i.e.,
   traffic to these addresses is not sent to a router.  See section
   3.3.1 in [RFC1122].  Prior to the deployment of Classless Intern- Inter-
   Domain Routing (CIDR), an address's netmask could be derived directly
   from the address.  In the absence of specifying a specific netmask
   when assigning a address, some implementations would fall back to
   deriving the netmask from the class of the address.

   The behavior of IPv6 as specified in Neighbor Discovery [RFC4861] is
   quite different.  The on-link determination is separate from the
   address assignment.  A host can have IPv6 addresses without any
   related on-link prefixes or have on-link prefixes that are not
   related to any IPv6 addresses that are assigned to the host.  Any
   assigned address on an interface should initially be considered as
   having no internal structure as shown in [RFC4291].

   In IPv6, by default, a host treats only the link-local prefix as on-
   link.

   The reception of a Prefix Information Option (PIO) with the L-bit set
   [RFC4861] and a non-zero valid lifetime creates an entry (or updates
   the valid lifetime for updates) an existing entry) entry
   in the Prefix List.  All the prefixes that are on the Prefix List,
   i.e., have not yet timed out, are considered to be on-link.

   The on-link definition in the Terminology section of [RFC4861], as
   modified by this document, defines the complete list of cases where
   an address is considered on-link.  Note, in particular, that Redirect
   Messages can also indicate an address is off-link.  Individual  Individual address entries can be
   expired by the Neighbor Unreachability Detection mechanism.

   A host only performs address resolution for IPv6 addresses that are
   on-link.  Packets to any other address are sent to a default router.
   If there is no default router, then the node should send an ICMPv6
   Destination Unreachable indication as specified in [RFC4861] - more
   details are provided in the Host Behavior and Rules section.  (Note
   that [RFC4861] changed the behavior when the Default Router List is
   empty.  The behavior in the old version of Neighbor Discovery
   [RFC2461] was different when there were no default routers.)

   Failure of host implementations to correctly implement the IPv6
   subnet model can result in lack of IPv6 connectivity.  See the
   Observed Incorrect Implementation Behavior section for details.

   Host behavior is clarified in the Host Behavior and Rules section.

2.  Host Behavior and Rules

   A correctly implemented IPv6 host MUST adhere to the following rules:

   1.  By default only the link-local prefix is on-link.

   2.  The configuration original ND specification [RFC4861] was unclear in its usage
       of the term on-link in a few places.  In IPv6, an IPv6 address, whether through IPv6
       stateless address autoconfiguration [RFC4862], DHCPv6 [RFC3315],
       or manual configuration MUST NOT implicitly cause is
       considered to be on-link (with respect to a prefix
       derived from specific link), if
       the address has been assigned to an interface attached to that
       link.  Any node attached to the link can send a datagram directly
       to an on-link address without forwarding the datagram through a
       router.  In IPv6, there are two ways to be treated as indicate an address is
       on-link.  A  First, a host
       considers maintains a prefix Prefix List that identifies
       ranges of addresses that are to be on-link only through explicit means, considered on-link.  Second,
       Redirects can identify individual destinations that are on-link;
       such as those specified in Redirects update the on-link definition in Destination Cache.

       The Prefix List is populated via the
       Terminology section following means:

       *  Receipt of [RFC4861], as modified by this document,
       or via manual configuration.  Note a Valid RA that specifies a prefix with the requirement for
       manually configured addresses L-bit
          set.  Such a prefix is not explicitly mentioned in
       [RFC4861].

   3.  Note that the following items (from the definition of considered on-link in
       [RFC4861]):

          - for a Neighbor Advertisement message period
          specified in the Valid Lifetime and is received for added to the
          (target) address, or

          - any Neighbor Discovery message Prefix
          List.  (The link-local prefix is received from effectively considered a
          permanent entry on the address.

       are not sufficient to consider Prefix List.)

       *  Indication of an address to be on-link and will prefix (which may be removed in a future update to [RFC4861]. /128) via
          manual configuration, or some other yet-to-be specified
          configuration mechanism.

       A literal reading of
       the second test would allow a neighboring intruder to generate
       bogus ND messages that result Redirect can also signal whether an address is on-link.  If a
       host originates a packet, but the first-hop router routes the
       received packet back out onto the same link, the router also
       sends the host a Redirect.  If the Target and Destination Address
       of the Redirect are the same, the Target Address is to be treated
       as on-link as specified in Section 8 of [RFC4861].  That is, the
       host updates its Destination Cache (but not its Prefix List --
       though the impact is similar).

   2.  Note that Redirects cannot signal that an address is off-link.
       In section 8.1 of [RFC4861], a Redirect message is silently
       discarded if it does not have an IP source address that is the
       same as the current first-hop router for the specified ICMP
       Destination Address.  An ICMP Destination Address on the same
       link would have no current first-hop router.  Any Redirect
       message received could not have an IP source address that is the
       same as the current (null) first-hop router, so the Redirect MUST
       be dropped.

   3.  IPv6 also defines the term "neighbor" and "link" to refer to
       nodes attached to the same link and that can send packets
       directly to each other.  Received ND packets that pass the
       required validation tests can only come from a neighbor attached
       to the link on which the ND packet was received.  Unfortunately,
       [RFC4861] is imprecise in its definition of on-link and states
       that a node considers an address to be on-link if:

          - a Neighbor Advertisement message is received for the
          (target) address, or

          - any Neighbor Discovery message is received from the address.

       Neither of these tests are acceptable definitions for an address
       to be considered as on-link as defined above, and this document
       deprecates and removes both of them from the formal definition of
       on-link.  Neither of these tests should be used as justification
       for modifying the Prefix List or Destination Cache for an
       address.

       The conceptual sending algorithm of [RFC4861] defines a Prefix
       List and Neighbor Cache.  The combination of Prefix List and
       Neighbor Cache form what many implementations consider to be the
       "IP routing table" for a host.  Note that the Neighbor Cache is a
       separate data structure referenced by the Destination Cache, but
       entries in the Neighbor Cache are not necessarily in the
       Destination Cache.  It is quite possible (and intentional) that
       entries be added to the Neighbor Cache for addresses that would
       not be considered on-link as-defined above.  For example, upon
       receipt of a valid NS, Section 7.2.3 of [RFC4861] states:

          If an entry does not already exist, the node SHOULD create a
          new one and set its reachability state to STALE as specified
          in Section 7.3.3.  If an entry already exists, and the cached
          link-layer address differs from the one in the received Source
          Link-Layer option, the cached address should be replaced by
          the received address, and the entry's reachability state MUST
          be set to STALE.

       The intention of the above feature is to add an address to the
       Neighbor Cache, even though it might not be considered on- link
       per the Prefix List.  The benefit of such a step is to have the
       receiver populate the Neighbor Cache with an address it will
       almost certainly be sending packets to shortly, thus avoiding the
       need for an additional round of ND to perform address resolution.
       But because there is no validation of the address being added to
       the Neighbor Cache, an intruder could spoof the address and cause
       a receiver to add an address for a remote site to its Neighbor
       Cache.  This vulnerability is a specific instance of the broad
       set of attacks that are possible by an on-link neighbor
       [RFC3756].This causes no problems in practice, so long as the
       entry only exists in the Neighbor Cache and the address is not
       considered to be on-link by the IP forwarding code (i.e., the
       address is not added to the Prefix List and is not marked as on-
       link in the Destination Cache).

   4.  After the update to the on-link definition in [RFC4861], certain
       text from section 7.2.3 of [RFC4861] may appear, upon a cursory
       examination, to be inconsistent with the updated definition of
       on-link because the text does not ensure that the source address
       is already deemed on-link through other methods:

          If the Source Address is not the unspecified address and, on-
          link layers that have addresses, the solicitation includes a spoofed
          Source Link-Layer Address option, then the recipient SHOULD
          create or update the Neighbor Cache entry for the IP Source
          Address of the solicitation.

          Similarly, the following text from section 6.2.5 of [RFC4861]
          may also seem inconsistent: If there is no existing Neighbor
          Cache entry for the solicitation's sender, the router creates
          one, installs the link- layer address being
       improperly treated and sets its
          reachability state to STALE as on-link.  This vulnerability specified in Section 7.3.3.

       However, the text in the aforementioned sections of [RFC4861],
       upon closer inspection, is a specific
       instance actually consistent with the
       deprecation of the broad set last two bullets of attacks that the on-link definition
       because there are possible by an on-
       link neighbor [RFC3756].  The threat is particularly problematic two different ways in the case of routers which allow such a spoofed message to
       update their forwarding tables (which can happen if a neighbor
       cache entry on-link
       determination can update affect the forwarding table).  Only addresses
       that are covered by state of ND: through updating the
       Prefix List or the Neighbor Cache.  Through deprecating the last
       two bullets of the modified on-link definition should definition, the Prefix List is
       explicitly not to be
       treated as on-link from changed when a sending node receives an NS, NA, or forwarding perspective, and
       it should
       RS.  The Neighbor Cache can still be noted that routers should generally obtain on-link
       information updated through receipt of
       an NS, NA, or RS.

   5.  [RFC4861] is written from sources other than RAs and Redirects.

   4.  To maintain consistency with the invalidation perspective of a host with a single
       interface on which Neighbor Discovery is run.  All ND traffic
       (whether sent or received) traverses the last two
       bullets single interface.  On
       hosts with multiple interfaces, care must be taken to ensure that
       the scope of ND processing from one link stays local to that
       link.  That is, when responding to a NS, the on-link definition in [RFC4861], NA would be sent out
       on the following
       text from section 7.2.3 same link on which it was received.  Likewise, a host
       would not respond to a received NS for an an address assigned to
       an interface on a different link.  Although implementions may
       choose to implement Neighbor Discovery using a single data
       structure that merges the Neighbor Caches of [RFC4861] will also all interfaces, an
       implementation's behavior must be augmented:

          If consistent with the Source Address above
       model.

   6.  Note that the receipt of a link-local IPv6 multicast packet which
       is not the unspecified address and, an ND packet indicates direct reachability on
          link layers that have addresses, the solicitation includes a
          Source Link-Layer Address option, then the recipient SHOULD
          create or update the Neighbor Cache entry for link, but
       is not specifically treated by [RFC4861].

   7.  Note that the IP Source
          Address receipt of a packet with the solicitation.

       changes to:

          If the Source Address Hop Limit field
       unchanged (the Hop Limit could be specified in a packet-type
       specific document) which is not an ND packet indicates direct
       reachability on a link, but is not specifically treated by
       [RFC4861].

3.  Host Rules

   A correctly implemented IPv6 host MUST adhere to the unspecified following rules:

   1.  The assignment of an IPv6 address, whether through IPv6 stateless
       address and, on
          link layers autoconfiguration [RFC4862], DHCPv6 [RFC3315], or manual
       configuration MUST NOT implicitly cause a prefix derived from
       that have addresses, address to be treated as on-link and added to the solicitation includes Prefix
       List.  A host considers a
          Source Link-Layer Address option, then the recipient SHOULD
          create or update prefix to be on-link only through
       explicit means, such as those specified in the Neighbor Cache entry for on-link definition
       in the IP Source
          Address Terminology section of the solicitation provided [RFC4861], as modified by this
       document, or via manual configuration.  Note that the source address
          of the NS requirement
       for manually configured addresses is deemed on-link through other indications.

   5. not explicitly mentioned in
       [RFC4861].

   2.  In the absence of other sources of on-link information, including
       Redirects, if the RA advertises a prefix with the on-link(L) bit
       set and later the Valid Lifetime expires, the host MUST then
       consider addresses of the prefix to be off-link, as specified by
       the PIO paragraph of section 6.3.4 of [RFC4861].

   6.

   3.  Newer implementations, which are compliant with [RFC4861] MUST
       adhere to the following rules.  Older implementations, which are
       compliant with [RFC2461] but not [RFC4861] may remain as is.  If
       the Default Router List is empty and there is no other source of
       on-link information about any address or prefix:

       1.  The host MUST NOT assume that all destinations are on-link.

       2.  The host MUST NOT perform address resolution for non-link-
           local addresses.

       3.  Since the host cannot assume the destination is on-link, and
           off-link traffic cannot be sent to a default router (since
           the Default Router List is empty), address resolution cannot
           be performed.  This case is specified in the last paragraph
           of section 4 of [RFC4943]: when there is no route to
           destination, the host should send an ICMPv6 Destination
           Unreachable indication (for example, a locally delivered
           error message) as specified in the Terminology section of
           [RFC4861].

       On-link information concerning particular addresses and prefixes
       can make those specific addresses and prefixes on-link, but does
       not change the default behavior mentioned above for addresses and
       prefixes not specified.  [RFC4943] provides justification for
       these rules.

   Using cached on-link determination information without first
   verifying that the information is still valid after IPv6 interface
   re-initialization may lead to lack of IPv6 network connectivity.  For
   example, a host receives an RA from a router with on-link prefix A.
   The host reboots. powers down.  During the reboot, power off, the router sends out
   prefix A with on-link bit set and a zero lifetime to indicate a
   renumbering.  The host misses the renumbering.  The host powers on
   and comes online.  Then, the router sends an RA with no PIO.  The
   host uses cached on-link prefix A and issues NS's instead of sending
   traffic to a default router.  The "Observed Incorrect Implementation
   Behavior" section below describes how this can result in lack of IPv6
   connectivity.

3.

4.  Observed Incorrect Implementation Behavior

   One incorrect implementation behavior illustrates the severe
   consequences when the IPv6 subnet model is not understood by the
   implementers of several popular host operating systems.  In an access
   concentrator network ([RFC4388]), a host receives a Router
   Advertisement Message with no on-link prefix advertised.  The host
   incorrectly assumes an invented prefix is on-link and performs
   address resolution when the host should send all non-link-local
   traffic to a default router.  Neither the router nor any other host
   will respond to the address resolution, preventing this host from
   sending IPv6 traffic.

4.

5.  Conclusion

   This document clarifies and summarizes the relationship between links
   and subnet prefixes described in [RFC4861].  Configuration of an IPv6
   address does not imply the existence of corresponding on-link
   prefixes.  One should also look at API considerations for prefix
   length as described in last paragraph of section 4.2 of [RFC4903].
   This document also invalidates a part of updates the definition of on-link from [RFC4861].

5. [RFC4861]
   by retracting the last two bullets.

6.  Security Considerations

   This document addresses a security concern present in [RFC4861].  As
   a result, the last two bullets bullet of the on-link definition in [RFC4861]
   have has
   been invalidated.

6. retracted.

7.  IANA Considerations

   None.

7.

8.  Contributors

   Thomas Narten contributed significant text and provided substantial
   guidance to the production of this document.

9.  Acknowledgements

   Thanks (in alphabetical order) to Adeel Ahmed, Jari Arkko, Ralph
   Droms, Alun Evans, Dave Forster, Prashanth Krishnamurthy, Suresh
   Krishnan, Josh Littlefield, David Miles, Thomas Narten, Madhu Sudan, Jinmei Tatuya,
   Dave Thaler, Bernie Volz, and Vlad Yasevich for their consistent
   input, ideas and review during the production of this document.  The
   security problem related to an NS message that provides one reason
   for invalidating a part of the on-link definition was found by David
   Miles.  Thomas Narten has provided substantial guidance to  Jinmei Tatuya found the
   production of this document.

8. security problem to also exist with
   an RS message.

10.  References

8.1.

10.1.  Normative References

   [RFC4861]  Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
              "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
              September 2007.

8.2.

10.2.  Informative References

   [RFC1122]  Braden, R., "Requirements for Internet Hosts -
              Communication Layers", STD 3, RFC 1122, October 1989.

   [RFC2461]  Narten, T., Nordmark, E., and W. Simpson, "Neighbor
              Discovery for IP Version 6 (IPv6)", RFC 2461,
              December 1998.

   [RFC3315]  Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
              and M. Carney, "Dynamic Host Configuration Protocol for
              IPv6 (DHCPv6)", RFC 3315, July 2003.

   [RFC3756]  Nikander, P., Kempf, J., and E. Nordmark, "IPv6 Neighbor
              Discovery (ND) Trust Models and Threats", RFC 3756,
              May 2004.

   [RFC4291]  Hinden, R. and S. Deering, "IP Version 6 Addressing
              Architecture", RFC 4291, February 2006.

   [RFC4388]  Woundy, R. and K. Kinnear, "Dynamic Host Configuration
              Protocol (DHCP) Leasequery", RFC 4388, February 2006.

   [RFC4862]  Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
              Address Autoconfiguration", RFC 4862, September 2007.

   [RFC4903]  Thaler, D., "Multi-Link Subnet Issues", RFC 4903,
              June 2007.

   [RFC4943]  Roy, S., Durand, A., and J. Paugh, "IPv6 Neighbor
              Discovery On-Link Assumption Considered Harmful",
              RFC 4943, September 2007.

Appendix A.  CHANGE HISTORY

   [NOTE TO RFC EDITOR: PLEASE REMOVE THIS SECTION UPON PUBLICATION.]

   Changes in draft-ietf-6man-ipv6-subnet-model-02.txt since -01.txt
   are:

   o  Augmented Abstract to say an important change to [RFC4861] is
      being made by this document.

   o  Removed the following sentence at the end of the Introduction
      section: "Finally, this document mainly restates and clarifies
      [RFC4861]."

   o  Added new bullet three to the "Host Behavior and Rules" section
      where the bullet invalidates bullets three and four from the on-
      link definition from [RFC4861].

   o  Added new bullet four to the "Host Behavior and Rules" section
      where the bullet proposes changes to text in section 7.2.3 of
      [RFC4861].

   o  The security section has been modified to reflect the important
      invalidation proposed by this document.

   o  Modified minor text in the "Observed Incorrect Implementation
      Behavior" section to explain what the prefix is in the second
      sentence.

   o  Changed bullet 3 from a new rule with normative language to just a
      paragraph of text describing behavior for a host blindly caching
      on-link determination and a possible severe consequence of that.
      The text also includes a solution for the problem.  The new text
      lies at the end of section 2 as a new paragraph.

   o  The title of section 2 has been changed to Host Behavior and
      Rules.  Also changed Host Behavior Rules to Host Behavior and
      Rules in two places in the Introduction section.

   Changes in draft-ietf-6man-ipv6-subnet-model-01.txt since -00.txt
   are:

   o  Changed Introduction section to remove any mention of src address
      of ND message as a means for on-link determination.  Also reworded
      first paragraph of Introduction section.

   o  Reworded bullet 2 of section 2 K. Kinnear, "Dynamic Host Configuration
              Protocol (DHCP) Leasequery", RFC 4388, February 2006.

   [RFC4862]  Thomson, S., Narten, T., and added text to clarify on-link
      definition.

   o  Added text to bullet 3 of section 2 to make explicit that this is
      a new rule.

   o  Reworded bullet 5 of section 2 to clearly explain where ICMPv6
      Destination Unreachable is sent to. T. Jinmei, "IPv6 Stateless
              Address Autoconfiguration", RFC 4862, September 2007.

   [RFC4903]  Thaler, D., "Multi-Link Subnet Issues", RFC 4903,
              June 2007.

   [RFC4943]  Roy, S., Durand, A., and J. Paugh, "IPv6 Neighbor
              Discovery On-Link Assumption Considered Harmful",
              RFC 4943, September 2007.

Authors' Addresses

   Hemant Singh
   Cisco Systems, Inc.
   1414 Massachusetts Ave.
   Boxborough, MA  01719
   USA

   Phone: +1 978 936 1622
   Email: shemant@cisco.com
   URI:   http://www.cisco.com/

   Wes Beebee
   Cisco Systems, Inc.
   1414 Massachusetts Ave.
   Boxborough, MA  01719
   USA

   Phone: +1 978 936 2030
   Email: wbeebee@cisco.com
   URI:   http://www.cisco.com/

   Erik Nordmark
   Sun Microsystems
   17 Network Circle
   Menlo Park, CA 94025
   USA

   Phone: +1 650 786 2921
   Email: erik.nordmark@sun.com

Full Copyright Statement

   Copyright (C) The IETF Trust (2008).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.