idnits 2.17.1 draft-ietf-dnsext-dhcid-rr-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 18. -- Found old boilerplate from RFC 3978, Section 5.5 on line 501. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 478. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 485. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 491. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([1]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 22, 2006) is 6609 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: 'TBD' on line 114 -- No information found for draft-ietf-dhc-dns-resolution- - is the name correct? -- Possible downref: Normative reference to a draft: ref. '1' ** Obsolete normative reference: RFC 2434 (ref. '5') (Obsoleted by RFC 5226) -- Obsolete informational reference (is this intentional?): RFC 3548 (ref. '8') (Obsoleted by RFC 4648) -- Obsolete informational reference (is this intentional?): RFC 3315 (ref. '11') (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 2845 (ref. '12') (Obsoleted by RFC 8945) Summary: 5 errors (**), 0 flaws (~~), 2 warnings (==), 13 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DNSEXT M. Stapp 3 Internet-Draft Cisco Systems, Inc. 4 Expires: September 23, 2006 T. Lemon 5 Nominum, Inc. 6 A. Gustafsson 7 Araneus Information Systems Oy 8 March 22, 2006 10 A DNS RR for Encoding DHCP Information (DHCID RR) 11 13 Status of this Memo 15 By submitting this Internet-Draft, each author represents that any 16 applicable patent or other IPR claims of which he or she is aware 17 have been or will be disclosed, and any of which he or she becomes 18 aware will be disclosed, in accordance with Section 6 of BCP 79. 20 Internet-Drafts are working documents of the Internet Engineering 21 Task Force (IETF), its areas, and its working groups. Note that 22 other groups may also distribute working documents as Internet- 23 Drafts. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as "work in progress." 30 The list of current Internet-Drafts can be accessed at 31 http://www.ietf.org/ietf/1id-abstracts.txt. 33 The list of Internet-Draft Shadow Directories can be accessed at 34 http://www.ietf.org/shadow.html. 36 This Internet-Draft will expire on September 23, 2006. 38 Copyright Notice 40 Copyright (C) The Internet Society (2006). 42 Abstract 44 It is possible for DHCP clients to attempt to update the same DNS 45 FQDN or attempt to update a DNS FQDN that has been added to the DNS 46 for another purpose as they obtain DHCP leases. Whether the DHCP 47 server or the clients themselves perform the DNS updates, conflicts 48 can arise. To resolve such conflicts, [1] proposes storing client 49 identifiers in the DNS to unambiguously associate domain names with 50 the DHCP clients to which they refer. This memo defines a distinct 51 RR type for this purpose for use by DHCP clients and servers, the 52 "DHCID" RR. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 3. The DHCID RR . . . . . . . . . . . . . . . . . . . . . . . . . 3 59 3.1. DHCID RDATA format . . . . . . . . . . . . . . . . . . . . 3 60 3.2. DHCID Presentation Format . . . . . . . . . . . . . . . . 4 61 3.3. The DHCID RR Identifier Type Codes . . . . . . . . . . . . 4 62 3.4. The DHCID RR Digest Type Code . . . . . . . . . . . . . . 5 63 3.5. Computation of the RDATA . . . . . . . . . . . . . . . . . 5 64 3.5.1. Using the Client's DUID . . . . . . . . . . . . . . . 5 65 3.5.2. Using the Client Identifier Option . . . . . . . . . . 6 66 3.5.3. Using the Client's htype and chaddr . . . . . . . . . 6 67 3.6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . 6 68 3.6.1. Example 1 . . . . . . . . . . . . . . . . . . . . . . 6 69 3.6.2. Example 2 . . . . . . . . . . . . . . . . . . . . . . 7 70 3.6.3. Example 3 . . . . . . . . . . . . . . . . . . . . . . 7 71 4. Use of the DHCID RR . . . . . . . . . . . . . . . . . . . . . 8 72 5. Updater Behavior . . . . . . . . . . . . . . . . . . . . . . . 8 73 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 74 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 75 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 9 76 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 77 9.1. Normative References . . . . . . . . . . . . . . . . . . . 9 78 9.2. Informative References . . . . . . . . . . . . . . . . . . 10 79 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 80 Intellectual Property and Copyright Statements . . . . . . . . . . 12 82 1. Introduction 84 A set of procedures to allow DHCP [7] [11] clients and servers to 85 automatically update the DNS ([3], [4]) is proposed in [1]. 87 Conflicts can arise if multiple DHCP clients wish to use the same DNS 88 name or a DHCP client attempts to use a name added for another 89 purpose. To resolve such conflicts, [1] proposes storing client 90 identifiers in the DNS to unambiguously associate domain names with 91 the DHCP clients using them. In the interest of clarity, it is 92 preferable for this DHCP information to use a distinct RR type. This 93 memo defines a distinct RR for this purpose for use by DHCP clients 94 or servers, the "DHCID" RR. 96 In order to obscure potentially sensitive client identifying 97 information, the data stored is the result of a one-way SHA-256 hash 98 computation. The hash includes information from the DHCP client's 99 message as well as the domain name itself, so that the data stored in 100 the DHCID RR will be dependent on both the client identification used 101 in the DHCP protocol interaction and the domain name. This means 102 that the DHCID RDATA will vary if a single client is associated over 103 time with more than one name. This makes it difficult to 'track' a 104 client as it is associated with various domain names. 106 2. Terminology 108 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 109 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 110 document are to be interpreted as described in [2]. 112 3. The DHCID RR 114 The DHCID RR is defined with mnemonic DHCID and type code [TBD]. The 115 DHCID RR is only defined in the IN class. DHCID RRs cause no 116 additional section processing. 118 3.1. DHCID RDATA format 120 The RDATA section of a DHCID RR in transmission contains RDLENGTH 121 octets of binary data. The format of this data and its 122 interpretation by DHCP servers and clients are described below. 124 DNS software should consider the RDATA section to be opaque. DHCP 125 clients or servers use the DHCID RR to associate a DHCP client's 126 identity with a DNS name, so that multiple DHCP clients and servers 127 may deterministically perform dynamic DNS updates to the same zone. 129 From the updater's perspective, the DHCID resource record RDATA 130 consists of a 2-octet identifier type, in network byte order, 131 followed by a 1-octet digest type, followed by one or more octets 132 representing the actual identifier: 134 < 2 octets > Identifier type code 135 < 1 octet > Digest type code 136 < n octets > Digest (length depends on digest type) 138 3.2. DHCID Presentation Format 140 In DNS master files, the RDATA is represented as a single block in 141 base 64 encoding identical to that used for representing binary data 142 in [8], Section 3. The data may be divided up into any number of 143 white space separated substrings, down to single base 64 digits, 144 which are concatenated to form the complete RDATA. These substrings 145 can span lines using the standard parentheses. 147 3.3. The DHCID RR Identifier Type Codes 149 The DHCID RR Identifier Type Code specifies what data from the DHCP 150 client's request was used as input into the hash function. The 151 identifier type codes are defined in a registry maintained by IANA, 152 as specified in Section 7. The initial list of assigned values for 153 the identifier type code and that type's identifier is: 155 +------------------+------------------------------------------------+ 156 | Identifier Type | Identifier | 157 | Code | | 158 +------------------+------------------------------------------------+ 159 | 0x0000 | The 1-octet 'htype' followed by 'hlen' octets | 160 | | of 'chaddr' from a DHCPv4 client's DHCPREQUEST | 161 | | [7]. | 162 | 0x0001 | The data octets (i.e., the Type and | 163 | | Client-Identifier fields) from a DHCPv4 | 164 | | client's Client Identifier option [10]. | 165 | 0x0002 | The client's DUID (i.e., the data octets of a | 166 | | DHCPv6 client's Client Identifier option [11] | 167 | | or the DUID field from a DHCPv4 client's | 168 | | Client Identifier option [6]). | 169 | 0x0003 - 0xfffe | Undefined; available to be assigned by IANA. | 170 | 0xffff | Undefined; RESERVED | 171 +------------------+------------------------------------------------+ 173 3.4. The DHCID RR Digest Type Code 175 The DHCID RR Digest Type Code is an identifier for the digest 176 algorithm used. The digest is calculated over an identifier and the 177 canonical FQDN as described in the next section. 179 The digest type codes are defined in a registry maintained by IANA, 180 as specified in Section 7. The initial list of assigned values for 181 the digest type codes is: value 0 is reserved and value 1 is SHA-256. 182 Reserving other types requires IETF standards action. Defining new 183 values will also require IETF standards action to document how DNS 184 updaters are to deal with multiple digest types. 186 3.5. Computation of the RDATA 188 The DHCID RDATA is formed by concatenating the 2-octet identifier 189 type code with variable-length data. 191 The RDATA for all type codes other than 0xffff, which is reserved for 192 future expansion, is formed by concatenating the 2-octet identifier 193 type code, the 1-octet digest type code, and the digest value (32 194 octets for SHA-256). 196 < identifier-type > < digest-type > < digest > 198 The input to the digest hash function is defined to be: 200 digest = SHA-256(< identifier > < FQDN >) 202 The FQDN is represented in the buffer in the canonical wire format as 203 described in [9], section 6.2. The identifier type code and the 204 identifier are related as specified in Section 3.3: the identifier 205 type code describes the source of the identifier. 207 A DHCPv4 updater uses the 0x0002 type code if a Client Identifier 208 option is present in the DHCPv4 messages and it is encoded as 209 specified in [6]. Otherwise, the updater uses 0x0001 if a Client 210 Identifier option is present and 0x0000 if not. 212 A DHCPv6 updater always uses the 0x0002 type code. 214 3.5.1. Using the Client's DUID 216 When the updater is using the Client's DUID (either from a DHCPv6 217 Client Identifier option or from a portion of the DHCPv4 Client 218 Identifier option encoded as specified in [6]), the first two octets 219 of the DHCID RR MUST be 0x0002, in network byte order. The third 220 octet is the digest type code (1 for SHA-256). The rest of the DHCID 221 RR MUST contain the results of computing the SHA-256 hash across the 222 octets of the DUID followed by the FQDN. 224 3.5.2. Using the Client Identifier Option 226 When the updater is using the DHCPv4 Client Identifier option sent by 227 the client in its DHCPREQUEST message, the first two octets of the 228 DHCID RR MUST be 0x0001, in network byte order. The third octet is 229 the digest type code (1 for SHA-256). The rest of the DHCID RR MUST 230 contain the results of computing the SHA-256 hash across the data 231 octets (i.e., the Type and Client-Identifier fields) of the option, 232 followed by the FQDN. 234 3.5.3. Using the Client's htype and chaddr 236 When the updater is using the client's link-layer address as the 237 identifier, the first two octets of the DHCID RDATA MUST be zero. 238 The third octet is the digest type code (1 for SHA-256). To generate 239 the rest of the resource record, the updater computes a one-way hash 240 using the SHA-256 algorithm across a buffer containing the client's 241 network hardware type, link-layer address, and the FQDN data. 242 Specifically, the first octet of the buffer contains the network 243 hardware type as it appeared in the DHCP 'htype' field of the 244 client's DHCPREQUEST message. All of the significant octets of the 245 'chaddr' field in the client's DHCPREQUEST message follow, in the 246 same order in which the octets appear in the DHCPREQUEST message. 247 The number of significant octets in the 'chaddr' field is specified 248 in the 'hlen' field of the DHCPREQUEST message. The FQDN data, as 249 specified above, follows. 251 3.6. Examples 253 3.6.1. Example 1 255 A DHCP server allocates the IPv6 address 2001:DB8::1234:5678 to a 256 client which included the DHCPv6 client-identifier option data 00:01: 257 00:06:41:2d:f1:66:01:02:03:04:05:06 in its DHCPv6 request. The 258 server updates the name "chi6.example.com" on the client's behalf, 259 and uses the DHCP client identifier option data as input in forming a 260 DHCID RR. The DHCID RDATA is formed by setting the two type octets 261 to the value 0x0002, the 1-octet digest type to 1 for SHA-256, and 262 performing a SHA-256 hash computation across a buffer containing the 263 14 octets from the client-id option and the FQDN (represented as 264 specified in Section 3.5). 266 chi6.example.com. AAAA 2001:DB8::1234:5678 267 chi6.example.com. DHCID ( AAIBY2/AuCccgoJbsaxcQc9TUapptP69l 268 OjxfNuVAA2kjEA= ) 270 If the DHCID RR type is not supported, the RDATA would be encoded 271 [13] as: 273 \# 35 ( 000201636fc0b8271c82825bb1ac5c41cf5351aa69b4febd94e8f17cd 274 b95000da48c40 ) 276 3.6.2. Example 2 278 A DHCP server allocates the IPv4 address 192.0.2.2 to a client which 279 included the DHCP client-identifier option data 01:07:08:09:0a:0b:0c 280 in its DHCP request. The server updates the name "chi.example.com" 281 on the client's behalf, and uses the DHCP client identifier option 282 data as input in forming a DHCID RR. The DHCID RDATA is formed by 283 setting the two type octets to the value 0x0001, the 1-octet digest 284 type to 1 for SHA-256, and performing a SHA-256 hash computation 285 across a buffer containing the seven octets from the client-id option 286 and the FQDN (represented as specified in Section 3.5). 288 chi.example.com. A 192.0.2.2 289 chi.example.com. DHCID ( AAEBOSD+XR3Os/0LozeXVqcNc7FwCfQdW 290 L3b/NaiUDlW2No= ) 292 If the DHCID RR type is not supported, the RDATA would be encoded 293 [13] as: 295 \# 35 ( 0001013920fe5d1dceb3fd0ba3379756a70d73b17009f41d58bddbfcd 296 6a2503956d8da ) 298 3.6.3. Example 3 300 A DHCP server allocating the IPv4 address 192.0.2.3 to a client with 301 Ethernet MAC address 01:02:03:04:05:06 using domain name 302 "client.example.com" uses the client's link-layer address to identify 303 the client. The DHCID RDATA is composed by setting the two type 304 octets to zero, the 1-octet digest type to 1 for SHA-256, and 305 performing an SHA-256 hash computation across a buffer containing the 306 1-octet 'htype' value for Ethernet, 0x01, followed by the six octets 307 of the Ethernet MAC address, and the domain name (represented as 308 specified in Section 3.5). 310 client.example.com. A 192.0.2.3 311 client.example.com. DHCID ( AAABxLmlskllE0MVjd57zHcWmEH3pCQ6V 312 ytcKD//7es/deY= ) 314 If the DHCID RR type is not supported, the RDATA would be encoded 315 [13] as: 317 \# 35 ( 000001c4b9a5b249651343158dde7bcc77169841f7a4243a572b5c283 318 fffedeb3f75e6 ) 320 4. Use of the DHCID RR 322 This RR MUST NOT be used for any purpose other than that detailed in 323 [1]. Although this RR contains data that is opaque to DNS servers, 324 the data must be consistent across all entities that update and 325 interpret this record. Therefore, new data formats may only be 326 defined through actions of the DHC Working Group, as a result of 327 revising [1]. 329 5. Updater Behavior 331 The data in the DHCID RR allows updaters to determine whether more 332 than one DHCP client desires to use a particular FQDN. This allows 333 site administrators to establish policy about DNS updates. The DHCID 334 RR does not establish any policy itself. 336 Updaters use data from a DHCP client's request and the domain name 337 that the client desires to use to compute a client identity hash, and 338 then compare that hash to the data in any DHCID RRs on the name that 339 they wish to associate with the client's IP address. If an updater 340 discovers DHCID RRs whose RDATA does not match the client identity 341 that they have computed, the updater SHOULD conclude that a different 342 client is currently associated with the name in question. The 343 updater SHOULD then proceed according to the site's administrative 344 policy. That policy might dictate that a different name be selected, 345 or it might permit the updater to continue. 347 6. Security Considerations 349 The DHCID record as such does not introduce any new security problems 350 into the DNS. In order to obscure the client's identity information, 351 a one-way hash is used. And, in order to make it difficult to 352 'track' a client by examining the names associated with a particular 353 hash value, the FQDN is included in the hash computation. Thus, the 354 RDATA is dependent on both the DHCP client identification data and on 355 each FQDN associated with the client. 357 However, it should be noted that an attacker that has some knowledge, 358 such as of MAC addresses commonly used in DHCP client identification 359 data, may be able to discover the client's DHCP identify by using a 360 brute-force attack. Even without any additional knowledge, the 361 number of unknown bits used in computing the hash is typically only 362 48 to 80. 364 Administrators should be wary of permitting unsecured DNS updates to 365 zones, whether or not they are exposed to the global Internet. Both 366 DHCP clients and servers SHOULD use some form of update 367 authentication (e.g., [12]) when performing DNS updates. 369 7. IANA Considerations 371 IANA is requested to allocate a DNS RR type number for the DHCID 372 record type. 374 This specification defines a new number-space for the 2-octet 375 identifier type codes associated with the DHCID RR. IANA is 376 requested to establish a registry of the values for this number- 377 space. Three initial values are assigned in Section 3.3, and the 378 value 0xFFFF is reserved for future use. New DHCID RR identifier 379 type codes are assigned through Standards Action, as defined in [5]. 381 This specification defines a new number-space for the 1-octet digest 382 type codes associated with the DHCID RR. IANA is requested to 383 establish a registry of the values for this number-space. Two 384 initial values are assigned in Section 3.4. New DHCID RR digest type 385 codes are assigned through Standards Action, as defined in [5]. 387 8. Acknowledgements 389 Many thanks to Harald Alvestrand, Ralph Droms, Olafur Gudmundsson, 390 Sam Hartman, Josh Littlefield, Pekka Savola, and especially Bernie 391 Volz for their review and suggestions. 393 9. References 395 9.1. Normative References 397 [1] Stapp, M. and B. Volz, "Resolution of DNS Name Conflicts Among 398 DHCP Clients (draft-ietf-dhc-dns-resolution-*)", February 2006. 400 [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement 401 Levels", BCP 14, RFC 2119, March 1997. 403 [3] Mockapetris, P., "Domain names - concepts and facilities", 404 STD 13, RFC 1034, November 1987. 406 [4] Mockapetris, P., "Domain names - implementation and 407 specification", STD 13, RFC 1035, November 1987. 409 [5] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA 410 Considerations Section in RFCs", BCP 26, RFC 2434, October 1998. 412 [6] Lemon, T. and B. Sommerfeld, "Node-specific Client Identifiers 413 for Dynamic Host Configuration Protocol Version Four (DHCPv4)", 414 RFC 4361, February 2006. 416 9.2. Informative References 418 [7] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, 419 March 1997. 421 [8] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", 422 RFC 3548, July 2003. 424 [9] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, 425 "Resource Records for the DNS Security Extensions", RFC 4034, 426 March 2005. 428 [10] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor 429 Extensions", RFC 2132, March 1997. 431 [11] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. 432 Carney, "Dynamic Host Configuration Protocol for IPv6 433 (DHCPv6)", RFC 3315, July 2003. 435 [12] Vixie, P., Gudmundsson, O., Eastlake, D., and B. Wellington, 436 "Secret Key Transaction Authentication for DNS (TSIG)", 437 RFC 2845, May 2000. 439 [13] Gustafsson, A., "Handling of Unknown DNS Resource Record (RR) 440 Types", RFC 3597, September 2003. 442 Authors' Addresses 444 Mark Stapp 445 Cisco Systems, Inc. 446 1414 Massachusetts Ave. 447 Boxborough, MA 01719 448 USA 450 Phone: 978.936.1535 451 Email: mjs@cisco.com 453 Ted Lemon 454 Nominum, Inc. 455 950 Charter St. 456 Redwood City, CA 94063 457 USA 459 Email: mellon@nominum.com 461 Andreas Gustafsson 462 Araneus Information Systems Oy 463 Ulappakatu 1 464 02320 Espoo 465 Finland 467 Email: gson@araneus.fi 469 Intellectual Property Statement 471 The IETF takes no position regarding the validity or scope of any 472 Intellectual Property Rights or other rights that might be claimed to 473 pertain to the implementation or use of the technology described in 474 this document or the extent to which any license under such rights 475 might or might not be available; nor does it represent that it has 476 made any independent effort to identify any such rights. Information 477 on the procedures with respect to rights in RFC documents can be 478 found in BCP 78 and BCP 79. 480 Copies of IPR disclosures made to the IETF Secretariat and any 481 assurances of licenses to be made available, or the result of an 482 attempt made to obtain a general license or permission for the use of 483 such proprietary rights by implementers or users of this 484 specification can be obtained from the IETF on-line IPR repository at 485 http://www.ietf.org/ipr. 487 The IETF invites any interested party to bring to its attention any 488 copyrights, patents or patent applications, or other proprietary 489 rights that may cover technology that may be required to implement 490 this standard. Please address the information to the IETF at 491 ietf-ipr@ietf.org. 493 Disclaimer of Validity 495 This document and the information contained herein are provided on an 496 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 497 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 498 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 499 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 500 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 501 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 503 Copyright Statement 505 Copyright (C) The Internet Society (2006). This document is subject 506 to the rights, licenses and restrictions contained in BCP 78, and 507 except as set forth therein, the authors retain all their rights. 509 Acknowledgment 511 Funding for the RFC Editor function is currently provided by the 512 Internet Society.