idnits 2.17.1 

draft-ietf-opes-end-comm-00.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Looks like you're using RFC 2026 boilerplate.  This must be updated to
     follow RFC 3978/3979, as updated by RFC 4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** There is 1 instance of lines with control characters in the document.

  ** The document seems to lack a both a reference to RFC 2119 and the
     recommended RFC 2119 boilerplate, even if it appears to use RFC 2119
     keywords. 

     RFC 2119 keyword, line 120: '...tion means that OPES tracing SHOULD be...'
     RFC 2119 keyword, line 129: '...cation end point MUST be able to ident...'
     RFC 2119 keyword, line 132: '...cation end point SHOULD be able to ide...'
     RFC 2119 keyword, line 145: '...   o  An OPES system MUST be traceable...'
     RFC 2119 keyword, line 147: '... An OPES processor SHOULD be traceable...'
     (21 more instances...)


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  == Line 121 has weird spacing: '... on per  messa...'

  == Line 160 has weird spacing: '...ing and  enfor...'

  == Line 189 has weird spacing: '...be able  to tr...'

  == Line 221 has weird spacing: '...ication  to th...'

  == Line 223 has weird spacing: '...e trace  ident...'

  == (11 more instances...)

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (June 11, 2003) is 7617 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Unused Reference: '1' is defined on line 481, but no explicit reference
     was found in the text

  == Unused Reference: '3' is defined on line 488, but no explicit reference
     was found in the text

  == Unused Reference: '4' is defined on line 492, but no explicit reference
     was found in the text

  == Unused Reference: '5' is defined on line 495, but no explicit reference
     was found in the text

  == Unused Reference: '6' is defined on line 498, but no explicit reference
     was found in the text

  == Unused Reference: '7' is defined on line 502, but no explicit reference
     was found in the text

  == Unused Reference: '9' is defined on line 512, but no explicit reference
     was found in the text

  == Unused Reference: '10' is defined on line 517, but no explicit reference
     was found in the text

  -- Possible downref: Non-RFC (?) normative reference: ref. '1'

  ** Downref: Normative reference to an Informational RFC: RFC 3238 (ref. '2')

  ** Obsolete normative reference: RFC 2616 (ref. '3') (Obsoleted by RFC
     7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235)

  -- Possible downref: Non-RFC (?) normative reference: ref. '4'

  -- Possible downref: Non-RFC (?) normative reference: ref. '5'

  ** Downref: Normative reference to an Informational draft:
     draft-ietf-opes-protocol-reqs (ref. '6')

  -- Possible downref: Non-RFC (?) normative reference: ref. '7'

  -- Possible downref: Non-RFC (?) normative reference: ref. '8'


     Summary: 6 errors (**), 0 flaws (~~), 16 warnings (==), 7 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Network Working Group                                          A. Barbir
3	Internet-Draft                                           Nortel Networks
4	Expires: December 10, 2003                                 June 11, 2003

6	              OPES processor and end points communications
7	                      draft-ietf-opes-end-comm-00

9	Status of this Memo

11	   This document is an Internet-Draft and is in full conformance with
12	   all provisions of Section 10 of RFC2026.

14	   Internet-Drafts are working documents of the Internet Engineering
15	   Task Force (IETF), its areas, and its working groups. Note that other
16	   groups may also distribute working documents as Internet-Drafts.

18	   Internet-Drafts are draft documents valid for a maximum of six months
19	   and may be updated, replaced, or obsoleted by other documents at any
20	   time. It is inappropriate to use Internet-Drafts as reference
21	   material or to cite them other than as "work in progress."

23	   The list of current Internet-Drafts can be accessed at http://
24	   www.ietf.org/ietf/1id-abstracts.txt.

26	   The list of Internet-Draft Shadow Directories can be accessed at
27	   http://www.ietf.org/shadow.html.

29	   This Internet-Draft will expire on December 10, 2003.

31	Copyright Notice

33	   Copyright (C) The Internet Society (2003). All Rights Reserved.

35	Abstract

37	   This memo documents tracing requirements for Open Pluggable Edge
38	   Services (OPES).

40	Table of Contents

42	   1.    Introduction . . . . . . . . . . . . . . . . . . . . . . . .  3
43	   2.    OPES Tracing . . . . . . . . . . . . . . . . . . . . . . . .  4
44	   2.1   What is traceable in an OPES Flow? . . . . . . . . . . . . .  4
45	   2.2   Requirements for Information Related to Traceable
46	         Entities?  . . . . . . . . . . . . . . . . . . . . . . . . .  5
47	   3.    Requirements for OPES systems  . . . . . . . . . . . . . . .  6
48	   4.    Requirements for OPES processors . . . . . . . . . . . . . .  7
49	   5.    Requirements for callout servers . . . . . . . . . . . . . .  8
50	   6.    Privacy considerations . . . . . . . . . . . . . . . . . . .  9
51	   6.1   Tracing and Trust Domains  . . . . . . . . . . . . . . . . .  9
52	   7.    How to Support Tracing . . . . . . . . . . . . . . . . . . . 10
53	   7.1   Tracing and OPES System Granularity  . . . . . . . . . . . . 10
54	   7.2   Requirements for In-Band Tracing . . . . . . . . . . . . . . 11
55	   7.2.1 Tracing Information Granularity and Persistence levels
56	         Requirements . . . . . . . . . . . . . . . . . . . . . . . . 11
57	   7.3   Protocol Binding . . . . . . . . . . . . . . . . . . . . . . 12
58	   7.4   Tracing scenarios and examples . . . . . . . . . . . . . . . 12
59	   8.    IAB considerations . . . . . . . . . . . . . . . . . . . . . 13
60	   8.1   Notification Concerns  . . . . . . . . . . . . . . . . . . . 13
61	   8.1.1 Addressing IAB Consideration 3.1 . . . . . . . . . . . . . . 14
62	   8.1.2 Addressing IAB Consideration 3.2 . . . . . . . . . . . . . . 15
63	   9.    Security considerations  . . . . . . . . . . . . . . . . . . 17
64	   10.   IANA Considerations  . . . . . . . . . . . . . . . . . . . . 18
65	         Normative References . . . . . . . . . . . . . . . . . . . . 19
66	         Informative References . . . . . . . . . . . . . . . . . . . 20
67	         Author's Address . . . . . . . . . . . . . . . . . . . . . . 20
68	   A.    Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 21
69	         Intellectual Property and Copyright Statements . . . . . . . 22

71	1. Introduction

73	   The Open Pluggable Edge Services (OPES) architecture [8] enables
74	   cooperative application services (OPES services) between a data
75	   provider, a data consumer, and zero or more OPES processors.  The
76	   application services under consideration analyze and possibly
77	   transform application-level messages exchanged between the data
78	   provider and the data consumer.

80	   The execution of such services is governed by a set of rules
81	   installed on the OPES processor.  The rules enforcement can trigger
82	   the execution of service applications local to the OPES processor.
83	   Alternatively, the OPES processor can distribute the responsibility
84	   of service execution by communicating and collaborating with one or
85	   more remote callout servers. As described in [8], an OPES processor
86	   communicates with and invokes services on a callout server by using a
87	   callout protocol.

89	   The work specify the requirements for providing tracing functionality
90	   for the OPES architecture [8]. This document specifies tracing
91	   mechanisms that the OPES architecture could provide that enable data
92	   provider application to detect inappropriate clinet centric actions
93	   by OPES entities. The work focus on developing tracing requirements
94	   that can be used to fulfil the notification and Non-Blocking
95	   requirements [2].

97	   In the OPES architecture document [8], there is a requirement of
98	   relaying tracing information in-band. This work investigates this
99	   possibility and discusses possible methods that could be used to
100	   detect faulty OPES processors or callout servers by end points in an
101	   OPES flow.

103	   The document is organized as follows: .......

105	2. OPES Tracing

107	   Before discussing what is traceable in an OPES flow, it is beneficial
108	   to define what tracing means. Tracing is defined as the inclusion of
109	   necessary information within a message in an OPES flow that could be
110	   used to identify the set of transformations or adpatations that have
111	   been performed on its content before its delivery to an end point
112	   (the data consumer application).

114	   o  OPES trace:	application message information about OPES entities
115	      that adapted that message

117	   o  OPES tracing: the process of including, manipulating, and
118	      interpreting an OPES trace

120	   To emphasize, the above definition means that OPES tracing SHOULD be
121	   performed on per  message basis. Trace format is dependent on the
122	   application protocol being adapted by OPES. Data consumer application
123	   can use OPES trace to infer the actions that have been performed by
124	   OPES system(s). The architecture document requires [8] that tracing
125	   be supported in-band.

127	2.1 What is traceable in an OPES Flow?

129	   o  The data consumer application end point MUST be able to identify
130	      the OPES processors that have acted on an application message.

132	   o  The data consumer application end point SHOULD be able to identify
133	      OPES services (including callout services) that were performed on
134	      request/responses that are part of an application message.

136	   o  TBD

138	   o  TBD

140	   For a given trace, an OPES entity involved in handling the
141	   corresponding application message is "traceable" or "traced" if
142	   information about it appears in that trace. OPES entities have
143	   different levels of traceability requirements. Specifically,

145	   o  An OPES system MUST be traceable

147	   o  An OPES processor SHOULD be traceable

149	   o  An OPES service MAY be traceable

151	   o  Editor Note: Need to define an OPES System properly

153	2.2 Requirements for Information Related to Traceable Entities?

155	   The requirements for information as related to entities that are
156	   terceable in an OPES flow are:

158	   o  The privacy policy at the time it dealt with the message

160	   o  Identification of the party responsible for setting and  enforcing
161	      that policy

163	   o  Information pointing to a technical contact

165	   o  Information that identifies, to the technical contact, the OPES
166	      processors involved in processing the messag

168	   o  TBD

170	3. Requirements for OPES systems

172	   Editor Note: Need to define OPES System and state requirements

174	4. Requirements for OPES processors

176	   TBD

178	5. Requirements for callout servers

180	   If it is the task of an OPES processor to add trace records to
181	   application messages, then callout servers that uses the OCP protocol
182	   are not affected by tracing requirements.In order for an OCP protocol
183	   to be tracing neutral, the OPES server SHOULD be able to meet the
184	   following requirements:

186	   o  Callout services adapt payload regardless of the application
187	      protocol in use and leave header adjustment to OPES processor.

189	   o  OPES processor SHOULD be able  to trace its own invocation and
190	      service(s) execution because OPES processor understand the
191	      application protocol.

193	   o  Callout servers  MAY be able to add their own OPES trace records
194	      to application level messages.

196	   o  TBD

198	6. Privacy considerations

200	6.1 Tracing and Trust Domains

202	   A trust domain may include several OPES systems and entities. Within
203	   a trust domain, there MUST be at least support for one trace entry
204	   per system. Entities outside of that system may or may not see any
205	   traces, depending on domain policies or configuration. For example,
206	   if an OPES system is on the content provider "side", end-users are
207	   not guaranteed any traces. If an OPES system is working inside
208	   end-user domain, the origin server is not guaranteed any traces
209	   related to user requests.

211	7. How to Support Tracing

213	   In order to support tracing, the following aspects must be addressed:

215	   o  There MUST be a System Identifier that identify a domain that is
216	      employing an OPES system.

218	   o  An OPES processor MUST be able to be uniquely identified (MUST
219	      have an Identifier) within a system.

221	   o  An OPES processor MUST add its identification  to the trace.

223	   o  An OPES processor SHOULD add to the trace  identification of every
224	      callout service that received the application message.

226	   o  An OPES processor MUST add to the trace identification  of the
227	      "system/entity" it belongs to. "System" ID MUST make it possible
228	      to access "system" privacy  policy.

230	   o  An OPES processor MAY group the above information for sequential
231	      trace entries having  the same "system/entity" ID. In other words,
232	      trace  entries produced within the same "system/entity"  MAY be
233	      merged/aggregated into a single less detailed trace entry.

235	   o  An OPES processor MAY delegate trace management to  a callout
236	      service within the same "system/entity".

238	   TBD

240	7.1 Tracing and OPES System Granularity

242	   There are two distinct uses of traces. First, is to SHOULD enable the
243	   "end (content producer or consumer) to detect OPES processor presence
244	   within end's trust domain. Such "end" should be able to see a trace
245	   entry, but does not need to be able to interpret it beyond
246	   identification of the trust domain(s).

248	   Second, the domain administrator SHOULD be able to take a trace entry
249	   (possibly supplied by an "end? as an opaque string) and interpret it.
250	   The administrator must be able to identify OPES processor(s) involved
251	   and may be able to identify applied adaptation services along with
252	   other message-specific information. That information SHOULD help to
253	   explain what OPES agent(s) were involved and what they did. It may be
254	   impractical to provide all the required information in all cases.
255	   This document view a trace record as a hint, as opposed to an
256	   exhaustive audit.

258	   Since the administrators of various trust domains can have various
259	   ways of looking into tracing, they MAY require the choice of freedom
260	   in what to put in trace records and how to format them. Trace records
261	   should be easy to extend beyond basic OPES requirements. Trace
262	   management algorithms should treat trace records as opaque data to
263	   the extent possible.

265	   It is not expected that entities in one trust domain to be able to
266	   get all OPES-related feedback from entities in other trust domains.
267	   For example, if an end-user suspects that a served is corrupted by a
268	   callout service, there is no guarantee that the use will be able to
269	   identify that service, contact its owner, or debug it _unless_ the
270	   service is within my trust domain. This is no different from the
271	   current situation where it is impossible, in general, to know the
272	   contact person for an application on an origin server that generates
273	   corrupted HTML; and even if the person is known, one should not
274	   expect that person to respond to end-user queries.

276	7.2 Requirements for In-Band Tracing

278	   The OPES architecture [8] states that traces must be in-band. The
279	   support of this design specification is dependent on the specifics of
280	   the message application level protocol that is being used in an OPES
281	   flow. In-band tracing limits the type of application protocols that
282	   OPES can support. The details of what a trace record can convey is
283	   also dependent on the choice of the application level protocol.

285	   For these reasons, the work will document requirements for
286	   application protocols that need to support OPES traces. However, the
287	   architecture does not prevent implementers of developing out-of-band
288	   protocols and techniques to address the above limitation.

290	7.2.1 Tracing Information Granularity and Persistence levels
291	      Requirements

293	   In order to be able to trace entities that have acted on an
294	   application message in an OPES flow, there may be requirements to
295	   keep information that is related to the following:

297	   o  Message-related informatio: All data that describes specific
298	      actions performed on the message SHOULD be provided with that
299	      message, as there is no other way to find message level details
300	      later.

302	   o  Session related information: Session level data MUST be preserved
303	      for the duration of the session. OPES processor is responsible for
304	      inserting notifications if session-level information changes.

306	   o  End-point related data: What profile is activated? Where to get
307	      profile details? Where to set preferences?

309	   o  TBD

311	7.3 Protocol Binding

313	   How tracing is added is application protocol-specific and will be
314	   documented in separate drafts. This work documents what tracing
315	   information is required and some common tracing elements.

317	7.4 Tracing scenarios and examples

319	   TBD

321	8. IAB considerations

323	   This section examines IAB [2] considerations (3.1) and (3.2)
324	   regarding notification in an OPES architecture. The IAB
325	   considerations are reiterated here for ease of reference.

327	   Notification propagates in opposite direction of tracing and cannot
328	   be attached to application messages that it notifies about.
329	   Notification can be done out-band and may require the development of
330	   a new protocol. The direction of data flow for tracing and
331	   notification are deoicted in Figure 1.

333	                                      Notification
334	                +-----------------------------------------------
335	                |                                               |
336	                |                                               V
337	          +---------------+            +-------+       +---------------+
338	          |               |            |       |       | Data Provider |
339	          | Data Consumer | Tracing    | OPES  |<----->|  Application  |
340	          |  Application  |<-----------|       |       +---------------+
341	          +---------------+            +-------+
342	                                           ^
343	                                           |OCP
344	                                           |
345	                                           V
346	                                       +---------+
347	                                       | Callout |
348	                                       | Server  |
349	                                       +---------+

351	                      Figure 1: Notification Flow

353	8.1 Notification Concerns

355	   Notifications for every HTTP request can burden some content
356	   providers. Therefore, it might be preferable to consider mechanisms
357	   that allow for the  explicit request of notification. Hence, a
358	   mechanism for explicit request of notification May be required.

360	   Furthermore, end point privacy is a concern. An end user may consider
361	   information about OPES services applied on their behalf as private.
362	   For example, if translation for braille device has been applied, it
363	   can be concluded that the user is having eyesight problems; such
364	   information may be misused if the user is applying for a job online.
365	   Similarly, a content provider may consider information about its OPES
366	   services private. For example, use of a specific OPES intermediary by
367	   a high traffic volume site may indicate business alliances that have
368	   not been publicly announced yet. Another example of privacy, include
369	   situations where a user may not want to reveal to any content
370	   provider all the OPES services that have been applied on their
371	   behalf. For example, why should every content provider know what
372	   exact virus scanner a user is using?

374	   Security is also a concern. An attacker may benefit from knowledge
375	   of internal OPES services layout, execution order, software versions
376	   and other information that are likely to be present in  automated
377	   notifications.

379	   The level of available details in notifications versus content
380	   provider interest in supporting notification is a concern.
381	   Experience shows that content providers often require very detailed
382	   information  about user actions to be interested in notifications at
383	   all. For example, Hit Metering protocol [11] has been designed to
384	   supply content providers with proxy cache hit counts, in an effort to
385	   reduce cache busting behavior which was caused by content providers
386	   desire to get accurate site "access counts". However, the Hit
387	   Metering protocol is currently not widely deployed. This is because
388	   the protocol does not supply  content providers with information such
389	   as client IP addresses, browser versions, or cookies.

391	   The Hit  Metering experience is relevant because Hit Metering
392	   protocol was  designed to do for HTTP caching intermediaries what
393	   OPES notifications are meant to do for OPES intermediaries. Thus, it
394	   is important to have the right balance when specifying the
395	   notofication requirements for OPES.

397	   In this document,  IAB choice of "Notification" label is interpreted
398	   as "Notification assistance" (i.e. making notifications meaningful)
399	   and is not be interpreted as a "Notification protocol".  Therefore,
400	   the work treats IAB considerations (3.1 and 3.2) as informative (not
401	   normative).

403	8.1.1 Addressing IAB Consideration 3.1

405	   The consideration is restated below for ease of reference.

407	   (3.1) Notification: The overall OPES framework needs to assist
408	   content providers in detecting and responding to client-centric
409	   actions by OPES intermediaries that are deemed inappropriate by the
410	   content provider.

412	   IAB consideration (3.1) suggests that the overall OPES framework
413	   needs to assist content providers in detecting and responding to
414	   client-centric actions by OPES intermediaries that are deemed
415	   inappropriate by the content provider.

417	   It is important to note that most client-centric actions happen after
418	   the application message has left the content provider(s). Thus,
419	   notifications cannot be piggy-backed to application messages and have
420	   to travel in the opposite direction of traces, see Figure 1. To
421	   address this requirement directly, one would have to develop an out
422	   of band protocol to support notification.

424	   At this stage, there is no need to develop an out of band protocol to
425	   support notification, since requiring the OPES architecture to having
426	   a  tracing facility can fulfil the objectives of notification. In
427	   this regard, it is recommended that tracing MUST be always-on, just
428	   like HTTP Via headers. This should eliminate notification as a
429	   separate requirement.

431	8.1.2 Addressing IAB Consideration 3.2

433	   The consideration is restated below for ease of reference.

435	   (3.2) Notification: The overall OPES framework should assist end
436	   users in detecting the behavior of OPES intermediaries, potentially
437	   allowing them to identify imperfect or compromised intermediaries.

439	   TBD

441	   If the OPES end points cooperate then notification can be supported
442	   by tracing. Content providers that suspect or experience difficulties
443	   can do any of the following:

445	   o  Check whether requests they receive pass through OPES
446	      intermediaries. Presence of OPES tracing info will determine that.
447	      This check is only possible for request/response protocols. For
448	      other protocols (e.g., broadcast or push), the provider would have
449	      to assume that OPES intermediaries are involved until proven
450	      otherwise.

452	   o  If OPES intermediaries are suspected, request OPES traces from
453	      potentially affected user(s). The trace will be a part of the
454	      application message received by the user software. If users
455	      cooperate, the provider(s) have all the information they need. If
456	      users do not cooperate, the provider(s) cannot do much about it
457	      (they might be able to deny service  to uncooperative users in
458	      some cases).

460	   o  Some traces may indicate that more information is available by
461	      accessing certain resources on the specified OPES intermediary or
462	      elsewhere. Content providers may query for more information in
463	      that case.

465	   o  If everything else fails, providers can enforce no-adaptation
466	      policy using appropriate OPES bypass mechanisms and/or end-to-end
467	      mechanisms.

469	9. Security considerations

471	   TBD

473	10. IANA Considerations

475	   The proposed work will evaluate current protocols for OCP. If the
476	   work determines that a new protocol need to be developed, then there
477	   may be a need to request new numbers from IANA.

479	Normative References

481	   [1]  McHenry, S., et. al, "OPES Scenarios and Use Cases",
482	        Internet-Draft TBD, May 2002.

484	   [2]  Floyd, S. and L. Daigle, "IAB Architectural and Policy
485	        Considerations for Open Pluggable Edge Services", RFC 3238,
486	        January 2002.

488	   [3]  Fielding, R., Gettys, J., Mogul, J., Nielsen, H., Masinter, L.,
489	        Leach, P. and T. Berners-Lee, "Hypertext Transfer Protocol --
490	        HTTP/1.1", RFC 2616, June 1999.

492	   [4]  OPES working group, "OPES Service Authorization and Enforcement
493	        Requirements", Internet-Draft TBD, May 2002.

495	   [5]  OPES working group, "OPES Ruleset Schema", Internet-Draft TBD,
496	        May 2002.

498	   [6]  A. Beck et al., "Requirements for OPES Callout Protocols",
499	        Internet-Draft http://www.ietf.org/internet-drafts/
500	        draft-ietf-opes-protocol-reqs-03.txt, December 2002.

502	   [7]  A. Barbir et al., "Security Threats and Risks for Open Pluggable
503	        Edge Services", Internet-Draft http://www.ietf.org/
504	        internet-drafts/draft-ietf-opes-threats-00.txt, October  2002.

506	   [8]  A. Barbir et al., "An Architecture for Open Pluggable Edge
507	        Services (OPES)", Internet-Draft http://www.ietf.org/
508	        internet-drafts/draft-ietf-opes-architecture-04, December  2002.

510	Informative References

512	   [9]   Westerinen, A., Schnizlein, J., Strassner, J., Scherling, M.,
513	         Quinn, B., Herzog, S., Huynh, A., Carlson, M., Perry, J. and S.
514	         Waldbusser, "Terminology for Policy-Based Management", RFC
515	         3198, November 2001.

517	   [10]  L. Cranor,  et. al, "The Platform for Privacy Preferences 1.0
518	         (P3P1.0) Specification", W3C Recommendation 16 http://
519	         www.w3.org/TR/2002/REC-P3P-20020416/ , April  2002.

521	   [11]  "Hit Metering", RFC .

523	Author's Address

525	   Abbie Barbir
526	   Nortel Networks
527	   3500 Carling Avenue
528	   Nepean, Ontario  K2H 8E9
529	   Canada

531	   Phone: +1 613 763 5229
532	   EMail: abbieb@nortelnetworks.com

534	Appendix A. Acknowledgements

536	   TBD

538	Intellectual Property Statement

540	   The IETF takes no position regarding the validity or scope of any
541	   intellectual property or other rights that might be claimed to
542	   pertain to the implementation or use of the technology described in
543	   this document or the extent to which any license under such rights
544	   might or might not be available; neither does it represent that it
545	   has made any effort to identify any such rights. Information on the
546	   IETF's procedures with respect to rights in standards-track and
547	   standards-related documentation can be found in BCP-11. Copies of
548	   claims of rights made available for publication and any assurances of
549	   licenses to be made available, or the result of an attempt made to
550	   obtain a general license or permission for the use of such
551	   proprietary rights by implementors or users of this specification can
552	   be obtained from the IETF Secretariat.

554	   The IETF invites any interested party to bring to its attention any
555	   copyrights, patents or patent applications, or other proprietary
556	   rights which may cover technology that may be required to practice
557	   this standard. Please address the information to the IETF Executive
558	   Director.

560	Full Copyright Statement

562	   Copyright (C) The Internet Society (2003). All Rights Reserved.

564	   This document and translations of it may be copied and furnished to
565	   others, and derivative works that comment on or otherwise explain it
566	   or assist in its implementation may be prepared, copied, published
567	   and distributed, in whole or in part, without restriction of any
568	   kind, provided that the above copyright notice and this paragraph are
569	   included on all such copies and derivative works. However, this
570	   document itself may not be modified in any way, such as by removing
571	   the copyright notice or references to the Internet Society or other
572	   Internet organizations, except as needed for the purpose of
573	   developing Internet standards in which case the procedures for
574	   copyrights defined in the Internet Standards process must be
575	   followed, or as required to translate it into languages other than
576	   English.

578	   The limited permissions granted above are perpetual and will not be
579	   revoked by the Internet Society or its successors or assignees.

581	   This document and the information contained herein is provided on an
582	   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
583	   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
584	   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
585	   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
586	   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

588	Acknowledgment

590	   Funding for the RFC Editor function is currently provided by the
591	   Internet Society.