idnits 2.17.1 

draft-ietf-dnsext-dhcid-rr-12.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3978, Section 5.1 on line 18.

  -- Found old boilerplate from RFC 3978, Section 5.5 on line 497.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 474.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 481.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 487.

  ** This document has an original RFC 3978 Section 5.4 Copyright Line,
     instead of the newer IETF Trust Copyright according to RFC 4748.

  ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead
     of the newer disclaimer which includes the IETF Trust according to RFC
     4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The abstract seems to contain references ([1]), which it shouldn't. 
     Please replace those with straight textual mentions of the documents in
     question.

  == There are 4 instances of lines with private range IPv4 addresses in the
     document.  If these are generic example addresses, they should be changed
     to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x,
     198.51.100.x or 203.0.113.x.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (February 28, 2006) is 6625 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  -- Looks like a reference, but probably isn't: 'TBD' on line 116

  -- No information found for draft-ietf-dhc-dns-resolution- - is the name
     correct?

  -- Possible downref: Normative reference to a draft: ref. '1' 

  ** Obsolete normative reference: RFC 2434 (ref. '5') (Obsoleted by RFC 5226)

  -- Obsolete informational reference (is this intentional?): RFC 3548 (ref.
     '7') (Obsoleted by RFC 4648)

  -- Obsolete informational reference (is this intentional?): RFC 3315 (ref.
     '10') (Obsoleted by RFC 8415)

  -- Obsolete informational reference (is this intentional?): RFC 2845 (ref.
     '11') (Obsoleted by RFC 8945)


     Summary: 5 errors (**), 0 flaws (~~), 3 warnings (==), 13 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	DNSEXT                                                          M. Stapp
3	Internet-Draft                                       Cisco Systems, Inc.
4	Expires: September 1, 2006                                      T. Lemon
5	                                                           Nominum, Inc.
6	                                                           A. Gustafsson
7	                                          Araneus Information Systems Oy
8	                                                       February 28, 2006

10	           A DNS RR for Encoding DHCP Information (DHCID RR)
11	                  <draft-ietf-dnsext-dhcid-rr-12.txt>

13	Status of this Memo

15	   By submitting this Internet-Draft, each author represents that any
16	   applicable patent or other IPR claims of which he or she is aware
17	   have been or will be disclosed, and any of which he or she becomes
18	   aware will be disclosed, in accordance with Section 6 of BCP 79.

20	   Internet-Drafts are working documents of the Internet Engineering
21	   Task Force (IETF), its areas, and its working groups.  Note that
22	   other groups may also distribute working documents as Internet-
23	   Drafts.

25	   Internet-Drafts are draft documents valid for a maximum of six months
26	   and may be updated, replaced, or obsoleted by other documents at any
27	   time.  It is inappropriate to use Internet-Drafts as reference
28	   material or to cite them other than as "work in progress."

30	   The list of current Internet-Drafts can be accessed at
31	   http://www.ietf.org/ietf/1id-abstracts.txt.

33	   The list of Internet-Draft Shadow Directories can be accessed at
34	   http://www.ietf.org/shadow.html.

36	   This Internet-Draft will expire on September 1, 2006.

38	Copyright Notice

40	   Copyright (C) The Internet Society (2006).

42	Abstract

44	   It is possible for DHCP clients to attempt to update the same DNS
45	   FQDN or attempt to update a DNS FQDN that has been added to the DNS
46	   for another purpose as they obtain DHCP leases.  Whether the DHCP
47	   server or the clients themselves perform the DNS updates, conflicts
48	   can arise.  To resolve such conflicts, "Resolution of DNS Name
49	   Conflicts" [1] proposes storing client identifiers in the DNS to
50	   unambiguously associate domain names with the DHCP clients to which
51	   they refer.  This memo defines a distinct RR type for this purpose
52	   for use by DHCP clients and servers, the "DHCID" RR.

54	Table of Contents

56	   1.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  3
57	   2.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
58	   3.  The DHCID RR . . . . . . . . . . . . . . . . . . . . . . . . .  3
59	     3.1.  DHCID RDATA format . . . . . . . . . . . . . . . . . . . .  3
60	     3.2.  DHCID Presentation Format  . . . . . . . . . . . . . . . .  4
61	     3.3.  The DHCID RR Identifier Type Codes . . . . . . . . . . . .  4
62	     3.4.  The DHCID RR Digest Type Code  . . . . . . . . . . . . . .  4
63	     3.5.  Computation of the RDATA . . . . . . . . . . . . . . . . .  5
64	       3.5.1.  Using the Client's DUID  . . . . . . . . . . . . . . .  5
65	       3.5.2.  Using the Client Identifier Option . . . . . . . . . .  5
66	       3.5.3.  Using the Client's htype and chaddr  . . . . . . . . .  6
67	     3.6.  Examples . . . . . . . . . . . . . . . . . . . . . . . . .  6
68	       3.6.1.  Example 1  . . . . . . . . . . . . . . . . . . . . . .  6
69	       3.6.2.  Example 2  . . . . . . . . . . . . . . . . . . . . . .  6
70	       3.6.3.  Example 3  . . . . . . . . . . . . . . . . . . . . . .  7
71	   4.  Use of the DHCID RR  . . . . . . . . . . . . . . . . . . . . .  7
72	   5.  Updater Behavior . . . . . . . . . . . . . . . . . . . . . . .  8
73	   6.  Security Considerations  . . . . . . . . . . . . . . . . . . .  8
74	   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  8
75	   8.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . .  9
76	   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . .  9
77	     9.1.  Normative References . . . . . . . . . . . . . . . . . . .  9
78	     9.2.  Informative References . . . . . . . . . . . . . . . . . . 10
79	   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11
80	   Intellectual Property and Copyright Statements . . . . . . . . . . 12

82	1.  Terminology

84	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
85	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
86	   document are to be interpreted as described in RFC 2119 [2].

88	2.  Introduction

90	   A set of procedures to allow DHCP [6] [10] clients and servers to
91	   automatically update the DNS (RFC 1034 [3], RFC 1035 [4]) is proposed
92	   in "Resolution of DNS Name Conflicts" [1].

94	   Conflicts can arise if multiple DHCP clients wish to use the same DNS
95	   name or a DHCP client attempts to use a name added for another
96	   purpose.  To resolve such conflicts, "Resolution of DNS Name
97	   Conflicts" [1] proposes storing client identifiers in the DNS to
98	   unambiguously associate domain names with the DHCP clients using
99	   them.  In the interest of clarity, it is preferable for this DHCP
100	   information to use a distinct RR type.  This memo defines a distinct
101	   RR for this purpose for use by DHCP clients or servers, the "DHCID"
102	   RR.

104	   In order to obscure potentially sensitive client identifying
105	   information, the data stored is the result of a one-way SHA-256 hash
106	   computation.  The hash includes information from the DHCP client's
107	   message as well as the domain name itself, so that the data stored in
108	   the DHCID RR will be dependent on both the client identification used
109	   in the DHCP protocol interaction and the domain name.  This means
110	   that the DHCID RDATA will vary if a single client is associated over
111	   time with more than one name.  This makes it difficult to 'track' a
112	   client as it is associated with various domain names.

114	3.  The DHCID RR

116	   The DHCID RR is defined with mnemonic DHCID and type code [TBD].  The
117	   DHCID RR is only defined in the IN class.  DHCID RRs cause no
118	   additional section processing.  The DHCID RR is not a singleton type.

120	3.1.  DHCID RDATA format

122	   The RDATA section of a DHCID RR in transmission contains RDLENGTH
123	   octets of binary data.  The format of this data and its
124	   interpretation by DHCP servers and clients are described below.

126	   DNS software should consider the RDATA section to be opaque.  DHCP
127	   clients or servers use the DHCID RR to associate a DHCP client's
128	   identity with a DNS name, so that multiple DHCP clients and servers
129	   may deterministically perform dynamic DNS updates to the same zone.
130	   From the updater's perspective, the DHCID resource record RDATA
131	   consists of a 2-octet identifier type, in network byte order,
132	   followed by a 1-octet digest type, followed by one or more octets
133	   representing the actual identifier:

135	           < 2 octets >    Identifier type code
136	           < 1 octet >     Digest type code
137	           < n octets >    Digest (length depends on digest type)

139	3.2.  DHCID Presentation Format

141	   In DNS master files, the RDATA is represented as a single block in
142	   base 64 encoding identical to that used for representing binary data
143	   in RFC 3548 [7].  The data may be divided up into any number of white
144	   space separated substrings, down to single base 64 digits, which are
145	   concatenated to form the complete RDATA.  These substrings can span
146	   lines using the standard parentheses.

148	3.3.  The DHCID RR Identifier Type Codes

150	   The DHCID RR Identifier Type Code specifies what data from the DHCP
151	   client's request was used as input into the hash function.  The
152	   identifier type codes are defined in a registry maintained by IANA,
153	   as specified in Section 7.  The initial list of assigned values for
154	   the identifier type code is:

156	   0x0000 = htype, chaddr from a DHCPv4 client's DHCPREQUEST [6].
157	   0x0001 = The data octets (i.e., the Type and Client-Identifier
158	      fields) from a DHCPv4 client's Client Identifier option [9].
159	   0x0002 = The client's DUID (i.e., the data octets of a DHCPv6
160	      client's Client Identifier option [10] or the DUID field from a
161	      DHCPv4 client's Client Identifier option [12]).

163	   0x0003 - 0xfffe = Available to be assigned by IANA.

165	   0xffff = RESERVED

167	3.4.  The DHCID RR Digest Type Code

169	   The DHCID RR Digest Type Code is an identifier for the digest
170	   algorithm used.  The digest is calculated over an identifier and the
171	   canonical FQDN as described in the next section.

173	   The digest type codes are defined in a registry maintained by IANA,
174	   as specified in Section 7.  The initial list of assigned values for
175	   the digest type codes is: value 0 is reserved and value 1 is SHA-256.

177	   Reserving other types requires IETF standards action.  Defining new
178	   values will also require IETF standards action to document how DNS
179	   updaters are to deal with multiple digest types.

181	3.5.  Computation of the RDATA

183	   The DHCID RDATA is formed by concatenating the 2-octet identifier
184	   type code with variable-length data.

186	   The RDATA for all type codes other than 0xffff, which is reserved for
187	   future expansion, is formed by concatenating the 2-octet identifier
188	   type code, the 1-octet digest type code, and the digest value (32
189	   octets for SHA-256).

191	       < identifier-type > < digest-type > < digest >

193	   The input to the digest hash function is defined to be:

195	       digest = SHA-256(< identifier > < FQDN >)

197	   The FQDN is represented in the buffer in unambiguous canonical form
198	   as described in RFC 4034 [8], section 6.1.  The identifier type code
199	   and the identifier are related as specified in Section 3.3: the
200	   identifier type code describes the source of the identifier.

202	   A DHCPv4 updater uses the 0x0002 type code if a Client Identifier
203	   option is present in the DHCPv4 messages and it is encoded as
204	   specified in [12].  Otherwise, the updater uses 0x0001 if a Client
205	   Identifier option is present and 0x0000 if not.

207	   A DHCPv6 updater always uses the 0x0002 type code.

209	3.5.1.  Using the Client's DUID

211	   When the updater is using the Client's DUID (either from a DHCPv6
212	   Client Identifier option or from a portion of the DHCPv4 Client
213	   Identifier option encoded as specified in [12]), the first two octets
214	   of the DHCID RR MUST be 0x0002, in network byte order.  The third
215	   octet is the digest type code (1 for SHA-256).  The rest of the DHCID
216	   RR MUST contain the results of computing the SHA-256 hash across the
217	   octets of the DUID followed by the FQDN.

219	3.5.2.  Using the Client Identifier Option

221	   When the updater is using the DHCPv4 Client Identifier option sent by
222	   the client in its DHCPREQUEST message, the first two octets of the
223	   DHCID RR MUST be 0x0001, in network byte order.  The third octet is
224	   the digest type code (1 for SHA-256).  The rest of the DHCID RR MUST
225	   contain the results of computing the SHA-256 hash across the data
226	   octets (i.e., the Type and Client-Identifier fields) of the option,
227	   followed by the FQDN.

229	3.5.3.  Using the Client's htype and chaddr

231	   When the updater is using the client's link-layer address as the
232	   identifier, the first two octets of the DHCID RDATA MUST be zero.
233	   The third octet is the digest type code (1 for SHA-256).  To generate
234	   the rest of the resource record, the updater computes a one-way hash
235	   using the SHA-256 algorithm across a buffer containing the client's
236	   network hardware type, link-layer address, and the FQDN data.
237	   Specifically, the first octet of the buffer contains the network
238	   hardware type as it appeared in the DHCP 'htype' field of the
239	   client's DHCPREQUEST message.  All of the significant octets of the
240	   'chaddr' field in the client's DHCPREQUEST message follow, in the
241	   same order in which the octets appear in the DHCPREQUEST message.
242	   The number of significant octets in the 'chaddr' field is specified
243	   in the 'hlen' field of the DHCPREQUEST message.  The FQDN data, as
244	   specified above, follows.

246	3.6.  Examples

248	3.6.1.  Example 1

250	   A DHCP server allocating the IPv4 address 10.0.0.1 to a client with
251	   Ethernet MAC address 01:02:03:04:05:06 using domain name
252	   "client.example.com" uses the client's link-layer address to identify
253	   the client.  The DHCID RDATA is composed by setting the two type
254	   octets to zero, the 1-octet digest type to 1 for SHA-256, and
255	   performing an SHA-256 hash computation across a buffer containing the
256	   Ethernet MAC type octet, 0x01, the six octets of MAC address, and the
257	   domain name (represented as specified in Section 3.5).

259	     client.example.com.   A       10.0.0.1
260	     client.example.com.   DHCID   ( AAABxLmlskllE0MVjd57zHcWmEH3pCQ6V
261	                                     ytcKD//7es/deY= )

263	   If the DHCID RR type is not supported, the RDATA would be encoded
264	   [13] as:

266	     \# 35 ( 000001c4b9a5b249651343158dde7bcc77169841f7a4243a572b5c283
267	             fffedeb3f75e6 )

269	3.6.2.  Example 2

271	   A DHCP server allocates the IPv4 address 10.0.12.99 to a client which
272	   included the DHCP client-identifier option data 01:07:08:09:0a:0b:0c
273	   in its DHCP request.  The server updates the name "chi.example.com"
274	   on the client's behalf, and uses the DHCP client identifier option
275	   data as input in forming a DHCID RR.  The DHCID RDATA is formed by
276	   setting the two type octets to the value 0x0001, the 1-octet digest
277	   type to 1 for SHA-256, and performing a SHA-256 hash computation
278	   across a buffer containing the seven octets from the client-id option
279	   and the FQDN (represented as specified in Section 3.5).

281	     chi.example.com.      A       10.0.12.99
282	     chi.example.com.      DHCID   ( AAEBOSD+XR3Os/0LozeXVqcNc7FwCfQdW
283	                                     L3b/NaiUDlW2No= )

285	   If the DHCID RR type is not supported, the RDATA would be encoded
286	   [13] as:

288	     \# 35 ( 0001013920fe5d1dceb3fd0ba3379756a70d73b17009f41d58bddbfcd
289	             6a2503956d8da )

291	3.6.3.  Example 3

293	   A DHCP server allocates the IPv6 address 2000::1234:5678 to a client
294	   which included the DHCPv6 client-identifier option data 00:01:00:06:
295	   41:2d:f1:66:01:02:03:04:05:06 in its DHCPv6 request.  The server
296	   updates the name "chi6.example.com" on the client's behalf, and uses
297	   the DHCP client identifier option data as input in forming a DHCID
298	   RR.  The DHCID RDATA is formed by setting the two type octets to the
299	   value 0x0002, the 1-octet digest type to 1 for SHA-256, and
300	   performing a SHA-256 hash computation across a buffer containing the
301	   14 octets from the client-id option and the FQDN (represented as
302	   specified in Section 3.5).

304	     chi6.example.com.     AAAA    2000::1234:5678
305	     chi6.example.com.     DHCID   ( AAIBY2/AuCccgoJbsaxcQc9TUapptP69l
306	                                     OjxfNuVAA2kjEA= )

308	   If the DHCID RR type is not supported, the RDATA would be encoded
309	   [13] as:

311	     \# 35 ( 000201636fc0b8271c82825bb1ac5c41cf5351aa69b4febd94e8f17cd
312	             b95000da48c40 )

314	4.  Use of the DHCID RR

316	   This RR MUST NOT be used for any purpose other than that detailed in
317	   "Resolution of DNS Name Conflicts" [1].  Although this RR contains
318	   data that is opaque to DNS servers, the data must be consistent
319	   across all entities that update and interpret this record.

321	   Therefore, new data formats may only be defined through actions of
322	   the DHC Working Group, as a result of revising [1].

324	5.  Updater Behavior

326	   The data in the DHCID RR allows updaters to determine whether more
327	   than one DHCP client desires to use a particular FQDN.  This allows
328	   site administrators to establish policy about DNS updates.  The DHCID
329	   RR does not establish any policy itself.

331	   Updaters use data from a DHCP client's request and the domain name
332	   that the client desires to use to compute a client identity hash, and
333	   then compare that hash to the data in any DHCID RRs on the name that
334	   they wish to associate with the client's IP address.  If an updater
335	   discovers DHCID RRs whose RDATA does not match the client identity
336	   that they have computed, the updater SHOULD conclude that a different
337	   client is currently associated with the name in question.  The
338	   updater SHOULD then proceed according to the site's administrative
339	   policy.  That policy might dictate that a different name be selected,
340	   or it might permit the updater to continue.

342	6.  Security Considerations

344	   The DHCID record as such does not introduce any new security problems
345	   into the DNS.  In order to obscure the client's identity information,
346	   a one-way hash is used.  And, in order to make it difficult to
347	   'track' a client by examining the names associated with a particular
348	   hash value, the FQDN is included in the hash computation.  Thus, the
349	   RDATA is dependent on both the DHCP client identification data and on
350	   each FQDN associated with the client.

352	   However, it should be noted that an attacker that has some knowledge,
353	   such as of MAC addresses commonly used in DHCP client identification
354	   data, may be able to discover the client's DHCP identify by using a
355	   brute-force attack.  Even without any additional knowledge, the
356	   number of unknown bits used in computing the hash is typically only
357	   48 to 80.

359	   Administrators should be wary of permitting unsecured DNS updates to
360	   zones, whether or not they are exposed to the global Internet.  Both
361	   DHCP clients and servers SHOULD use some form of update
362	   authentication (e.g., TSIG [11]) when performing DNS updates.

364	7.  IANA Considerations
365	   IANA is requested to allocate a DNS RR type number for the DHCID
366	   record type.

368	   This specification defines a new number-space for the 2-octet
369	   identifier type codes associated with the DHCID RR.  IANA is
370	   requested to establish a registry of the values for this number-
371	   space.  Three initial values are assigned in Section 3.3, and the
372	   value 0xFFFF is reserved for future use.  New DHCID RR identifier
373	   type codes are assigned through Standards Action, as defined in RFC
374	   2434 [5].

376	   This specification defines a new number-space for the 1-octet digest
377	   type codes associated with the DHCID RR.  IANA is requested to
378	   establish a registry of the values for this number-space.  Two
379	   initial values are assigned in Section 3.4.  New DHCID RR digest type
380	   codes are assigned through Standards Action, as defined in RFC 2434
381	   [5].

383	8.  Acknowledgements

385	   Many thanks to Harald Alvestrand, Ralph Droms, Olafur Gudmundsson,
386	   Sam Hartman, Josh Littlefield, Pekka Savola, and especially Bernie
387	   Volz for their review and suggestions.

389	9.  References

391	9.1.  Normative References

393	   [1]  Stapp, M. and B. Volz, "Resolution of DNS Name Conflicts Among
394	        DHCP Clients (draft-ietf-dhc-dns-resolution-*)", February 2006.

396	   [2]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
397	        Levels", BCP 14, RFC 2119, March 1997.

399	   [3]  Mockapetris, P., "Domain names - concepts and facilities",
400	        STD 13, RFC 1034, November 1987.

402	   [4]  Mockapetris, P., "Domain names - implementation and
403	        specification", STD 13, RFC 1035, November 1987.

405	   [5]  Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
406	        Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.

408	9.2.  Informative References

410	   [6]   Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
411	         March 1997.

413	   [7]   Josefsson, S., "The Base16, Base32, and Base64 Data Encodings",
414	         RFC 3548, July 2003.

416	   [8]   Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
417	         "Resource Records for the DNS Security Extensions", RFC 4034,
418	         March 2005.

420	   [9]   Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
421	         Extensions", RFC 2132, March 1997.

423	   [10]  Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M.
424	         Carney, "Dynamic Host Configuration Protocol for IPv6
425	         (DHCPv6)", RFC 3315, July 2003.

427	   [11]  Vixie, P., Gudmundsson, O., Eastlake, D., and B. Wellington,
428	         "Secret Key Transaction Authentication for DNS (TSIG)",
429	         RFC 2845, May 2000.

431	   [12]  Lemon, T. and B. Sommerfeld, "Node-specific Client Identifiers
432	         for Dynamic Host Configuration Protocol Version Four (DHCPv4)",
433	         RFC 4361, February 2006.

435	   [13]  Gustafsson, A., "Handling of Unknown DNS Resource Record (RR)
436	         Types", RFC 3597, September 2003.

438	Authors' Addresses

440	   Mark Stapp
441	   Cisco Systems, Inc.
442	   1414 Massachusetts Ave.
443	   Boxborough, MA  01719
444	   USA

446	   Phone: 978.936.1535
447	   Email: mjs@cisco.com

449	   Ted Lemon
450	   Nominum, Inc.
451	   950 Charter St.
452	   Redwood City, CA  94063
453	   USA

455	   Email: mellon@nominum.com

457	   Andreas Gustafsson
458	   Araneus Information Systems Oy
459	   Ulappakatu 1
460	   02320 Espoo
461	   Finland

463	   Email: gson@araneus.fi

465	Intellectual Property Statement

467	   The IETF takes no position regarding the validity or scope of any
468	   Intellectual Property Rights or other rights that might be claimed to
469	   pertain to the implementation or use of the technology described in
470	   this document or the extent to which any license under such rights
471	   might or might not be available; nor does it represent that it has
472	   made any independent effort to identify any such rights.  Information
473	   on the procedures with respect to rights in RFC documents can be
474	   found in BCP 78 and BCP 79.

476	   Copies of IPR disclosures made to the IETF Secretariat and any
477	   assurances of licenses to be made available, or the result of an
478	   attempt made to obtain a general license or permission for the use of
479	   such proprietary rights by implementers or users of this
480	   specification can be obtained from the IETF on-line IPR repository at
481	   http://www.ietf.org/ipr.

483	   The IETF invites any interested party to bring to its attention any
484	   copyrights, patents or patent applications, or other proprietary
485	   rights that may cover technology that may be required to implement
486	   this standard.  Please address the information to the IETF at
487	   ietf-ipr@ietf.org.

489	Disclaimer of Validity

491	   This document and the information contained herein are provided on an
492	   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
493	   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
494	   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
495	   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
496	   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
497	   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

499	Copyright Statement

501	   Copyright (C) The Internet Society (2006).  This document is subject
502	   to the rights, licenses and restrictions contained in BCP 78, and
503	   except as set forth therein, the authors retain all their rights.

505	Acknowledgment

507	   Funding for the RFC Editor function is currently provided by the
508	   Internet Society.