draft-ietf-v6ops-onlinkassumption-02.txt   draft-ietf-v6ops-onlinkassumption-03.txt 
Network Working Group S. Roy Network Working Group S. Roy
Internet-Draft A. Durand Internet-Draft Sun Microsystems, Inc.
Expires: November 5, 2004 J. Paugh Expires: October 3, 2005 A. Durand
Sun Microsystems, Inc. Comcast Corporation
May 7, 2004 J. Paugh
April 2005
IPv6 Neighbor Discovery On-Link Assumption Considered Harmful IPv6 Neighbor Discovery On-Link Assumption Considered Harmful
draft-ietf-v6ops-onlinkassumption-02.txt draft-ietf-v6ops-onlinkassumption-03.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with By submitting this Internet-Draft, each author represents that any
all provisions of Section 10 of RFC2026. applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other Task Force (IETF), its areas, and its working groups. Note that
groups may also distribute working documents as Internet-Drafts. other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http:// The list of current Internet-Drafts can be accessed at
www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on November 5, 2004. This Internet-Draft will expire on October 3, 2005.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved. Copyright (C) The Internet Society (2005).
Abstract Abstract
This document describes a change to the IPv6 Neighbor Discovery This document describes the historical and background information
conceptual host sending algorithm. According to the algorithm, when behind the removal of the "on-link assumption" from the conceptual
a host's default router list is empty, the host assumes that all host sending algorithm defined in Neighbor Discovery for IP Version 6
(IPv6). According to the algorithm as originally described, when a
host's default router list is empty, the host assumes that all
destinations are on-link. This is particularly problematic with destinations are on-link. This is particularly problematic with
IPv6-capable nodes that do not have off-link IPv6 connectivity (e.g., IPv6-capable nodes that do not have off-link IPv6 connectivity (e.g.,
no default router). This document describes how making this no default router). This document describes how making this
assumption causes problems, and describes how these problems outweigh assumption causes problems, and describes how these problems outweigh
the benefits of this part of the conceptual sending algorithm. the benefits of this part of the conceptual sending algorithm.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Background on the On-link Assumption . . . . . . . . . . . . . 3 2. Background on the On-link Assumption . . . . . . . . . . . . . 3
3. Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1 First Rule of Destination Address Selection . . . . . . . 3 3.1 First Rule of Destination Address Selection . . . . . . . 3
3.2 Delays Associated with Address Resolution . . . . . . . . 4 3.2 Delays Associated with Address Resolution . . . . . . . . 4
3.3 Multi-homing Ambiguity . . . . . . . . . . . . . . . . . . 4 3.3 Multi-interface Ambiguity . . . . . . . . . . . . . . . . 5
3.4 Security Related Issues . . . . . . . . . . . . . . . . . 5 3.4 Security Related Issues . . . . . . . . . . . . . . . . . 5
4. Proposed Changes to RFC2461 . . . . . . . . . . . . . . . . . 5 4. Changes to RFC2461 . . . . . . . . . . . . . . . . . . . . . . 6
5. Security Considerations . . . . . . . . . . . . . . . . . . . 6 5. Security Considerations . . . . . . . . . . . . . . . . . . . 6
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6
6.1 Normative References . . . . . . . . . . . . . . . . . . . . 6 6.1 Normative References . . . . . . . . . . . . . . . . . . . 6
6.2 Informative References . . . . . . . . . . . . . . . . . . . 6 6.2 Informative References . . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 7
A. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7 A. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7
B. Changes from draft-ietf-v6ops-onlinkassumption-01 . . . . . . 7 B. Changes from draft-ietf-v6ops-onlinkassumption-02 . . . . . . 7
C. Changes from draft-ietf-v6ops-onlinkassumption-00 . . . . . . 8 C. Changes from draft-ietf-v6ops-onlinkassumption-01 . . . . . . 8
D. Changes from draft-ietf-v6ops-onlinkassumption-00 . . . . . . 8
Intellectual Property and Copyright Statements . . . . . . . . 9 Intellectual Property and Copyright Statements . . . . . . . . 9
1. Introduction 1. Introduction
Neighbor Discovery for IPv6 [ND] defines a conceptual sending Neighbor Discovery for IPv6 [I-D.ietf-ipv6-2461bis] defines a
algorithm for hosts. This algorithm states that if a host's default conceptual sending algorithm for hosts. The version of the algorithm
router list is empty, then the host assumes that all destinations are described in [RFC2461] states that if a host's default router list is
on-link. empty, then the host assumes that all destinations are on-link. This
memo documents the removal of this assumption in the updated Neighbor
Discovery specification [I-D.ietf-ipv6-2461bis], and describes the
reasons why this assumption was removed.
This assumption is problematic with IPv6-capable nodes that do not This assumption is problematic with IPv6-capable nodes that do not
have off-link IPv6 connectivity. Specifically, it creates problems have off-link IPv6 connectivity. This is typical when systems that
for destination address selection as defined in [ADDRSEL], and adds have IPv6 enabled on their network interfaces (either on by default
connection delays associated with unnecessary address resolution and or administratively configured that way) are attached to networks
neighbor unreachability detection. The behavior associated with the that have no IPv6 services such as off-link routing. Such systems
assumption is undefined in multihomed scenarios, and has some subtle will resolve DNS names to AAAA and A records, and may attempt to
connect to unreachable IPv6 off-link nodes.
The on-link assumption creates problems for destination address
selection as defined in [RFC3484], and adds connection delays
associated with unnecessary address resolution and neighbor
unreachability detection. The behavior associated with the
assumption is undefined on multi-interface nodes, and has some subtle
security implications. All of these issues are discussed in this security implications. All of these issues are discussed in this
document. document.
A revision of Neighbor Discovery [NDBIS] is removing the on-link
assumption from the specification, but this memo gives historical
reference and background to why this is has been a good decision.
2. Background on the On-link Assumption 2. Background on the On-link Assumption
This part of Neighbor Discovery's [ND] conceptual sending algorithm This part of Neighbor Discovery's [RFC2461] conceptual sending
was created to facilitate communication on a single link between algorithm was created to facilitate communication on a single link
systems manually configured with different global prefixes. For between systems manually configured with different global prefixes.
example, consider the case where two systems on separate links are For example, consider the case where two systems on separate links
manually configured with global addresses, and are then plugged in are manually configured with global addresses, and are then plugged
back-to-back. They can still communicate with each other via their in back-to-back. They can still communicate with each other via
global addresses because they'll correctly assume that each is their global addresses because they'll correctly assume that each is
on-link. on-link.
Without the on-link assumption, the above scenario wouldn't work as Without the on-link assumption, the above scenario wouldn't work, and
seamlessly. One workaround would be to use link-local addresses for the systems would need to be configured to share a common prefix such
this communication. Another is to configure new global addresses as the link-local prefix.
using the same /64 prefix on these systems, either by manually
configuring such addresses or by placing a router on-link that
advertises this prefix, however users may not have appropriate
privileges or knowledge to implement this workaround.
3. Problems 3. Problems
The on-link assumption causes the following problems. The on-link assumption causes the following problems.
3.1 First Rule of Destination Address Selection 3.1 First Rule of Destination Address Selection
Default Address Selection for IPv6 [ADDRSEL] defines a destination Default Address Selection for IPv6 [RFC3484] defines a destination
address selection algorithm that takes an unordered list of address selection algorithm that takes an unordered list of
destination addresses as input, and produces a sorted list of destination addresses as input, and produces a sorted list of
destination addresses as output. The algorithm consists of destination addresses as output. The algorithm consists of
destination address sorting rules, the first of which is "Avoid destination address sorting rules, the first of which is "Avoid
unusable destinations". The idea behind this rule is to place unusable destinations". The idea behind this rule is to place
unreachable destinations at the end of the sorted list so that unreachable destinations at the end of the sorted list so that
applications will be least likely to try to communicate with those applications will be least likely to try to communicate with those
addresses first. addresses first.
The on-link assumption could potentially cause false positives when The on-link assumption could potentially cause false positives when
attempting unreachability determination for this rule. On a network attempting unreachability determination for this rule. On a network
where there is no IPv6 router (all off-link IPv6 destinations are where there is no IPv6 router (all off-link IPv6 destinations are
unreachable), the on-link assumption states that destinations are unreachable), the on-link assumption states that destinations are
assumed to be on-link. An implementation could interpret that as, if assumed to be on-link. An implementation could interpret that as, if
the default router list is empty, then all destinations are the default router list is empty, then all destinations are reachable
reachable. This causes the rule to not necessarily prefer reachable on-link. This may cause the rule to prefer an unreachable IPv6
IPv4 destinations over unreachable IPv6 destinations, resulting in destination over a reachable IPv4 destination.
unreachable destinations being placed at the front of the sorted
list.
3.2 Delays Associated with Address Resolution 3.2 Delays Associated with Address Resolution
Users expect that applications quickly connect to a given destination Users expect that applications quickly connect to a given destination
regardless of the number of IP addresses assigned to that regardless of the number of IP addresses assigned to that
destination. If a destination name resolves to multiple addresses destination. If a destination name resolves to multiple addresses
and the application attempts to communicate to each address until one and the application attempts to communicate to each address until one
succeeds, this process shouldn't take an unreasonable amount of time. succeeds, this process shouldn't take an unreasonable amount of time.
It is therefore important that the system quickly determine if IPv6 It is therefore important that the system quickly determine if IPv6
destinations are unreachable so that the application can try other destinations are unreachable so that the application can try other
destinations when those IPv6 destinations are unreachable. destinations when those IPv6 destinations are unreachable.
For an IPv6 enabled host deployed on a network that has no IPv6 For an IPv6 enabled host deployed on a network that has no IPv6
routers, the result of the on-link assumption is that link-layer routers, the result of the on-link assumption is that link-layer
address resolution must be performed on all IPv6 addresses to which address resolution must be performed on all IPv6 addresses to which
the host sends packets. The Application will not receive the host sends packets. The Application will not receive
acknowledgment of the unreachability of destinations that are not acknowledgment of the unreachability of destinations that are not on-
on-link until at least address resolution has failed, which is no link until at least address resolution has failed, which is no less
less than three seconds (MAX_MULTICAST_SOLICIT * RETRANS_TIMER) than three seconds (MAX_MULTICAST_SOLICIT * RETRANS_TIMER). This is
(amplified by transport protocol delays). When the application has a greatly amplified by transport protocol delays. For example,
large list of off-link unreachable IPv6 addresses followed by at [RFC1122] requires that TCP retransmit for at least 3 minutes before
least one reachable IPv4 address, the delay associated with Neighbor aborting the connection attempt.
Unreachability Detection (NUD) of each IPv6 addresses before
successful communication with the IPv4 address is unacceptable.
3.3 Multi-homing Ambiguity When the application has a large list of off-link unreachable IPv6
addresses followed by at least one reachable IPv4 address, the delay
associated with Neighbor Unreachability Detection (NUD) of each IPv6
addresses before successful communication with the IPv4 address is
unacceptable.
3.3 Multi-interface Ambiguity
There is no defined way to implement this aspect of the sending There is no defined way to implement this aspect of the sending
algorithm on a multi-homed node. From an implementor's point of algorithm on a node that is attached to multiple links. From an
view, there are three ways to handle sending an IPv6 packet to a implementor's point of view, there are three ways to handle sending
destination in the face of the on-link assumption on a multi-homed an IPv6 packet to a destination in the face of the on-link assumption
node: on a multi-interface node:
1. Attempt to resolve the destination on a single link. 1. Attempt to resolve the destination on a single link.
2. Attempt to resolve the destination on every link. 2. Attempt to resolve the destination on every link.
3. Drop the packet. 3. Drop the packet.
If the destination is indeed on-link, the first option might not If the destination is indeed on-link, the first option might not
succeed since the wrong link could be picked. The second option succeed since the wrong link could be picked. The second option
might succeed in reaching a destination (assuming that one is might succeed in reaching a destination (assuming that one is
skipping to change at page 5, line 27 skipping to change at page 5, line 34
about which link to use if more than one node answers the about which link to use if more than one node answers the
solicitations on multiple links. Dropping the packet is equivalent solicitations on multiple links. Dropping the packet is equivalent
to not making the on-link assumption at all. In other words, if to not making the on-link assumption at all. In other words, if
there is no route to the destination, don't attempt to send the there is no route to the destination, don't attempt to send the
packet. packet.
3.4 Security Related Issues 3.4 Security Related Issues
The on-link assumption discussed here introduces a security The on-link assumption discussed here introduces a security
vulnerability to the Neighbor Discovery protocol described in section vulnerability to the Neighbor Discovery protocol described in section
4.2.2 of IPv6 Neighbor Discovery Trust Models and Threats [PSREQ] 4.2.2 of IPv6 Neighbor Discovery Trust Models and Threats [RFC3756]
titled "Default router is 'killed'". There is a threat that a host's titled "Default router is 'killed'". There is a threat that a host's
router can be maliciously killed in order to cause the host to start router can be maliciously killed in order to cause the host to start
sending all packets on-link. The attacker can then spoof off-link sending all packets on-link. The attacker can then spoof off-link
nodes by sending packets on the same link as the host. The nodes by sending packets on the same link as the host. The
vulnerability is discussed in detail in [PSREQ]. vulnerability is discussed in detail in [RFC3756].
Another security related side-effect of the on-link assumption has to Another security related side-effect of the on-link assumption has to
do with virtual private networks (VPN's). It has been observed that do with virtual private networks (VPN's). It has been observed that
some commercially available VPN software solutions that don't support some commercially available VPN software solutions that don't support
IPv6 send IPv6 packets to the local media in the clear (their IPv6 send IPv6 packets to the local media in the clear (their
security policy doesn't simply drop IPv6 packets). Consider a security policy doesn't simply drop IPv6 packets). Consider a
scenario where a system has a single Ethernet interface with VPN scenario where a system has a single Ethernet interface with VPN
software that encrypts and encapsulates certain packets. The system software that encrypts and encapsulates certain packets. The system
attempts to send a packet to an IPv6 destination that it obtained by attempts to send a packet to an IPv6 destination that it obtained by
doing a DNS lookup, and the packet ends up going in the clear to the doing a DNS lookup, and the packet ends up going in the clear to the
local media. A malicious second party could then spoof the local media. A malicious third party could then spoof the
destination on-link. destination on-link.
4. Proposed Changes to RFC2461 4. Changes to RFC2461
This document suggests the following changes to the Neighbor The following changes have been made to the Neighbor Discovery
Discovery [ND] specification: specification between [RFC2461] and [I-D.ietf-ipv6-2461bis]:
The last sentence of the second paragraph of section 5.2 The last sentence of the second paragraph of section 5.2
("Conceptual Sending Algorithm") should be removed. This sentence ("Conceptual Sending Algorithm") was removed. This sentence was,
is currently, "If the Default Router List is empty, the sender "If the Default Router List is empty, the sender assumes that the
assumes that the destination is on-link. destination is on-link."
Bullet item 3) in section 6.3.6 ("Default Router Selection") Bullet item 3) in section 6.3.6 ("Default Router Selection") was
should be removed. The item currently reads, "If the Default removed. The item read, "If the Default Router List is empty,
Router List is empty, assume that all destinations are on-link as assume that all destinations are on-link as specified in Section
specified in Section 5.2." 5.2."
APPENDIX A was modified to remove on-link assumption related text
in bullet item 1) under the discussion on what happens when a
multihomed host fails to receive Router Advertisements.
The result of these changes is that destinations are considered The result of these changes is that destinations are considered
unreachable when there is no routing information for that destination unreachable when there is no routing information for that destination
(through a default router or otherwise). Instead of attempting (through a default router or otherwise). Instead of attempting link-
link-layer address resolution when sending to such a destination, a layer address resolution when sending to such a destination, a node
node should send an ICMPv6 Destination Unreachable message (code 0 - should send an ICMPv6 Destination Unreachable message (code 0 - no
no route to destination) message up the stack. route to destination) message up the stack.
5. Security Considerations 5. Security Considerations
The removal of the on-link assumption from Neighbor Discovery removes The removal of the on-link assumption from Neighbor Discovery removes
some security related vulnerabilities of the protocol as described in some security related vulnerabilities of the protocol as described in
Section 3.4. Section 3.4.
6. References 6. References
6.1 Normative References 6.1 Normative References
[ADDRSEL] Draves, R., "Default Address Selection for Internet [I-D.ietf-ipv6-2461bis]
Protocol version 6 (IPv6)", RFC 3484, February 2003. Narten, T., "Neighbor Discovery for IP version 6 (IPv6)",
draft-ietf-ipv6-2461bis-02 (work in progress),
February 2005.
[ND] Narten, T., Nordmark, E. and W. Simpson, "Neighbor [RFC1122] Braden, R., "Requirements for Internet Hosts -
Discovery for IP Version 6 (IPv6)", RFC 2461, December Communication Layers", STD 3, RFC 1122, October 1989.
1998.
[PSREQ] Nikander, P., Kempf, J. and E. Nordmark, "IPv6 Neighbor [RFC2461] Narten, T., Nordmark, E., and W. Simpson, "Neighbor
Discovery trust models and threats", October 2003. Discovery for IP Version 6 (IPv6)", RFC 2461,
December 1998.
draft-ietf-send-psreq-04 [RFC3484] Draves, R., "Default Address Selection for Internet
Protocol version 6 (IPv6)", RFC 3484, February 2003.
[RFC3756] Nikander, P., Kempf, J., and E. Nordmark, "IPv6 Neighbor
Discovery (ND) Trust Models and Threats", RFC 3756,
May 2004.
6.2 Informative References 6.2 Informative References
[AUTOCONF] [RFC2462] Thomson, S. and T. Narten, "IPv6 Stateless Address
Thomson, S. and T. Narten, "IPv6 Stateless Address
Autoconfiguration", RFC 2462, December 1998. Autoconfiguration", RFC 2462, December 1998.
[NDBIS] Narten, T., Nordmark, E., Simpson, W., Soliman, H. and J.
Tatuya, "Neighbor Discovery for IP Version 6 (IPv6)",
February 2004.
draft-soliman-ipv6-2461-bis-01
Authors' Addresses Authors' Addresses
Sebastien Roy Sebastien Roy
Sun Microsystems, Inc. Sun Microsystems, Inc.
1 Network Drive 1 Network Drive
UBUR02-212 UBUR02-212
Burlington, MA 01801 Burlington, MA 01801
EMail: sebastien.roy@sun.com Email: sebastien.roy@sun.com
Alain Durand Alain Durand
Sun Microsystems, Inc. Comcast Corporation
17 Network Circle 1500 Market St.
UMPK17-202 Philadelphia, PA 09102
Menlo Park, CA 94025
EMail: alain.durand@sun.com Email: alain_durand@cable.comcast.com
James Paugh James Paugh
Sun Microsystems, Inc.
17 Network Circle
UMPK17-202
Menlo Park, CA 94025
EMail: james.paugh@sun.com Email: jpaugh@speakeasy.net
Appendix A. Acknowledgments Appendix A. Acknowledgments
The authors gratefully acknowledge the contributions of Jim Bound, The authors gratefully acknowledge the contributions of Jim Bound,
Tony Hain, Mika Liljeberg, Erik Nordmark, Pekka Savola, and Ronald Tony Hain, Mika Liljeberg, Erik Nordmark, Pekka Savola, and Ronald
van der Pol. van der Pol.
Appendix B. Changes from draft-ietf-v6ops-onlinkassumption-01 Appendix B. Changes from draft-ietf-v6ops-onlinkassumption-02
o Changed abstract to reflect the historical nature of this
document.
o Changed the introduction to stress that this is historical
information documenting the removal of the on-link assumption from
the ND spec.
o Added text to the introduction stating that the assumption is a
problem for nodes with IPv6 on by default.
o Added mention to RFC1122 in section 3.2.
o Changed use of the term multi-homed nodes to "nodes that are
attached to multiple links".
o Changed section 4 from "Proposed Changes" to "Changes" and
adjusted included text to reflect that the changes have been made.
Appendix C. Changes from draft-ietf-v6ops-onlinkassumption-01
o Added text in the Introduction stating that rfc2461bis has removed o Added text in the Introduction stating that rfc2461bis has removed
the on-link assumption, and that this memo gives the historical the on-link assumption, and that this memo gives the historical
reference and background for its removal. reference and background for its removal.
o Stated in Section 2 that users may not have sufficient privileges o Stated in Section 2 that users may not have sufficient privileges
or knowledge to manually configure addresses or routers in order or knowledge to manually configure addresses or routers in order
to work-around the lack of an on-link assumption. to work-around the lack of an on-link assumption.
o Removed implementation details of the on-link assumption from o Removed implementation details of the on-link assumption from
Section 3.1. Section 3.1.
o Miscellaneous editorial changes. o Miscellaneous editorial changes.
Appendix C. Changes from draft-ietf-v6ops-onlinkassumption-00 Appendix D. Changes from draft-ietf-v6ops-onlinkassumption-00
o Clarified in the abstract and introduction that the problem is o Clarified in the abstract and introduction that the problem is
with systems that are IPv6 enabled but have no off-link with systems that are IPv6 enabled but have no off-link
connectivity. connectivity.
o In Section 3.3, clarified that soliciting on all links could have o In Section 3.3, clarified that soliciting on all links could have
ambiguous results. ambiguous results.
o The old Security Considerations section was moved to Section 3.4, o The old Security Considerations section was moved to Section 3.4,
and the new Security Considerations section refers to that new and the new Security Considerations section refers to that new
section. section.
o Miscellaneous editorial changes. o Miscellaneous editorial changes.
Intellectual Property Statement Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it might or might not be available; nor does it represent that it has
has made any effort to identify any such rights. Information on the made any independent effort to identify any such rights. Information
IETF's procedures with respect to rights in standards-track and on the procedures with respect to rights in RFC documents can be
standards-related documentation can be found in BCP-11. Copies of found in BCP 78 and BCP 79.
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to Copies of IPR disclosures made to the IETF Secretariat and any
obtain a general license or permission for the use of such assurances of licenses to be made available, or the result of an
proprietary rights by implementors or users of this specification can attempt made to obtain a general license or permission for the use of
be obtained from the IETF Secretariat. such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF Executive this standard. Please address the information to the IETF at
Director. ietf-ipr@ietf.org.
Full Copyright Statement
Copyright (C) The Internet Society (2004). All Rights Reserved. Disclaimer of Validity
This document and translations of it may be copied and furnished to This document and the information contained herein are provided on an
others, and derivative works that comment on or otherwise explain it "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
or assist in its implementation may be prepared, copied, published OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
and distributed, in whole or in part, without restriction of any ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
kind, provided that the above copyright notice and this paragraph are INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
included on all such copies and derivative works. However, this INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
document itself may not be modified in any way, such as by removing WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be Copyright Statement
revoked by the Internet Society or its successors or assignees.
This document and the information contained herein is provided on an Copyright (C) The Internet Society (2005). This document is subject
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING to the rights, licenses and restrictions contained in BCP 78, and
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING except as set forth therein, the authors retain all their rights.
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgment Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is currently provided by the
Internet Society. Internet Society.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/