idnits 2.17.1 draft-ietf-radext-extended-attributes-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 17. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 514. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 525. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 532. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 538. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year == Line 356 has weird spacing: '... String b;...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 21, 2008) is 5909 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Obsolete informational reference (is this intentional?): RFC 4005 (Obsoleted by RFC 7155) Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group Y. Li 3 Internet-Draft A. Lior 4 Intended status: Standards Track BWS 5 Expires: August 24, 2008 G. Zorn 6 Aruba Networks 7 February 21, 2008 9 Extended Remote Authentication Dial In User Service (RADIUS) Attributes 10 draft-ietf-radext-extended-attributes-01.txt 12 Status of this Memo 14 By submitting this Internet-Draft, each author represents that any 15 applicable patent or other IPR claims of which he or she is aware 16 have been or will be disclosed, and any of which he or she becomes 17 aware will be disclosed, in accordance with Section 6 of BCP 79. 19 Internet-Drafts are working documents of the Internet Engineering 20 Task Force (IETF), its areas, and its working groups. Note that 21 other groups may also distribute working documents as Internet- 22 Drafts. 24 Internet-Drafts are draft documents valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet-Drafts as reference 27 material or to cite them other than as "work in progress." 29 The list of current Internet-Drafts can be accessed at 30 http://www.ietf.org/ietf/1id-abstracts.txt. 32 The list of Internet-Draft Shadow Directories can be accessed at 33 http://www.ietf.org/shadow.html. 35 This Internet-Draft will expire on August 24, 2008. 37 Copyright Notice 39 Copyright (C) The IETF Trust (2008). 41 Abstract 43 In order for the Remote Authentication Dial In User Service (RADIUS) 44 protocol to continue to support new applications the RADIUS attribute 45 type space must be extended beyond the current limit of 255 possible 46 attribute types while maintaining backwards compatibility with the 47 existing protocol. This document defines a mechanism to accomplish 48 that task, along with standard methods to group together related 49 attributes and to encode values that don't fit into 253 octets. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 54 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 55 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 56 3. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4 57 4. RADIUS Type Extension . . . . . . . . . . . . . . . . . . . . 4 58 5. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 6 59 6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 60 7. Security Considerations . . . . . . . . . . . . . . . . . . . 11 61 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 62 9. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 11 63 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11 64 10.1. Normative References . . . . . . . . . . . . . . . . . . . 11 65 10.2. Informative References . . . . . . . . . . . . . . . . . . 11 66 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12 67 Intellectual Property and Copyright Statements . . . . . . . . . . 13 69 1. Introduction 71 The Remote Authentication Dial In User Service (RADIUS) Protocol 72 [RFC2865] defines two classes of attributes: standard and vendor- 73 specific. 75 Vendor-specific Attributes (VSAs) allow vendors (including Standards 76 Development Organizations (SDOs)) to define their own Attributes, 77 which may not be suitable for general usage; on the other hand, the 78 attributes that belong to the standard RADIUS space are controlled by 79 the IETF and are intended to be of general utility. These attributes 80 are defined in RFCs and are assigned type codes by the Internet 81 Assigned Number Authority (IANA)[IANA]. 83 The standard RADIUS attribute type code is 8 bits in length; hence 84 RADIUS is limited to 255 attribute types. Of these 255 attribute 85 types, 101 or so have been assigned. According to RFC 3575 86 [RFC3575], types 192-223 are reserved for experimental use; types 87 224-240 are reserved for implementation-specific use; and values 241- 88 255 are reserved and should not be used. Therefore, as of this 89 writing there are approximately 90 type codes that can be allocated 90 to new attributes. 92 RADIUS evolution must not be hindered by the inability to define new 93 standard RADIUS attributes. This document defines a mechanism to 94 extend the standard RADIUS Attribute space by defining a new scheme 95 to allocate attribute type codes. In addition, mechanisms are 96 defined to support both the grouping of related attributes and the 97 encoding of attribute values the length of which exceed the current 98 limit of 253 octets. 100 2. Terminology 102 Extended Attribute 103 The term used for the new RADIUS attributes that are defined in 104 this document 106 Extended Type 107 The type code assigned to an Extended Attribute 109 2.1. Requirements Language 111 In this document, several words are used to signify the requirements 112 of the specification. These words are often capitalized. The key 113 words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", 114 "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document 115 are to be interpreted as described in [RFC2119]. 117 An implementation is not compliant if it fails to satisfy one or more 118 of the must or must not requirements for the protocols it implements. 119 An implementation that satisfies all the MUST, MUST NOT, SHOULD, and 120 SHOULD NOT requirements for its protocols is said to be 121 "unconditionally compliant"; one that satisfies all the MUST and MUST 122 NOT requirements but not all the SHOULD or SHOULD NOT requirements 123 for its protocols is said to be "conditionally compliant". 125 3. Problem Statement 127 A fundamental requirement for extending the RADIUS attribute space is 128 the maintenance of backwards compatibility. This means that RADIUS 129 servers and proxies must be able to continue to decode and encode 130 messages even though they may not need to understand an attribute 131 that has been extended. More specifically, the scheme MUST be 132 compliant with the various RADIUS RFCs such as [RFC2865] and RADIUS 133 Accounting [RFC2866], etc. 135 The scheme SHOULD ensure that the size of the standard type space 136 extension is large enough that it will not be quickly exhausted or is 137 extensible in the event that it is. 139 Furthermore, the scheme SHOULD align with the Diameter NASReq 140 Application [RFC4005], thereby allowing the two AAA standards to 141 interoperate. 143 A need to group related RADIUS attributes together has become 144 prevalent in current work. Therefore, the proposed scheme SHOULD 145 provide a mechanism to group related attributes together. 147 In recent years, attribute sizes have been threatening the limit of 148 253 octets. Fragmentation of RADIUS attributes has always been 149 possible by extending the value into another attribute of the same 150 type; however, this approach does not always work (for example, if 151 more than one instance of an attribute occurs in the same RADIUS 152 packet). The proposed scheme SHOULD enable the transmission of 153 attributes longer than 253 octets. 155 4. RADIUS Type Extension 157 The solution described in this document takes the recommended VSA 158 format [RFC2865] as a basis for the RADIUS Extended Attributes. 160 We allocate RADIUS the Vendor-Id of zero (0). In essence we are 161 assigning the IETF a Vendor-Id which is what other SDOs have done in 162 registering their own Vendor-Id. 164 Extended Attributes consist of an attribute header similar to that 165 recommended by RFC 2865 [RFC2865] for Vendor Specific Attributes 166 followed by a non-empty sequence of Type-Length-Value (TLV) triples 167 (see below). If an Extended Attribute contains more than one TLV 168 then all of the encapsulated TLVs MUST fit completely within the 169 Extended Attribute. 171 The Extended Attribute header is 7 octets in length and is encoded as 172 follows: 174 o The first octet contains the Type which is always Vendor-Specific 175 (26) 177 o The second octet contains the length (in octets) of the entire 178 Extended Attribute, including the Extended Attribute header and 179 all encapsulated TLVs 181 o The next 4 octets contain the Vendor-Id (0) 183 o The final octet of the header contains the More flag and Tag 184 field. If the one bit More flag is set (1) this indicates that 185 the encapsulated TLV is continued in the following Extended 186 Attribute; if the More flag is clear (0) then all of the 187 encapsulated TLVs fit into the current Extended Attribute. The 188 More flag MUST NOT be set if the Extended Attribute contains more 189 than one TLV. The Tag field is used to combine sets of related 190 Extended Attributes into simple groups. 192 TLVs are encoded as follows: 194 o The first bit is the Standard or 'S' flag. The Standard flag is 195 set (1) if the TLV is a standard RADIUS attribute (as defined in 196 RFC 2865, for example), otherwise it is clear (0). 198 o The next 2 octets are the Ext-Type field 200 o The next octet is the Ext-Length field, representing of the entire 201 TLV, including the length of the Ext-Type field (2 octets), the 202 length of the Ext-Length field itself (1 octet) and the length of 203 the Value field (1 or more octets) 205 o The Value field consists of one or more octets comprising the 206 actual data. 208 5. Formal Syntax 210 This section describes the encoding scheme used for RADIUS Extended 211 Attributes. The basis of this encoding is the format recommended for 212 Vendor Specific Attributes in RFC 2865 [RFC2865]. 214 1 2 3 215 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 216 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 217 | Type (26) | Length | Vendor-Id (0) | 218 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 219 | Vendor-Id (0) |M| Tag | Ext-Type 220 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 221 Ext-Type | Ext-Length | Value... 222 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 224 Type 226 26 for Vendor-Specific 228 Length 230 >=10 232 Vendor ID 234 The high-order octet is zero (0) and the low-order 3 octets are 235 zeros (0)s representing an extended IETF RADIUS attribute 237 M (More) 239 The More Flag is one (1) bit in length. When a value to be 240 transmitted exceeds 246 octets in length it is fragmented over two 241 or more Extended Attributes. If the More Flag is set (1), this 242 indicates that the Value field of the Extended Attribute contains 243 a fragment of a larger value, which is continued in the next 244 Extended Attribute of the same Ext-Type. When the More Flag is 245 clear (0), the final (or only) fragment of the value is contained 246 in the Extended Attribute. 248 Tag 250 The Tag field is 7 bits long and MUST be present. It is used to 251 group Extended Attributes. Extended Attributes with the same non- 252 zero value in the Tag field belong to the same group. A Tag value 253 of zero (0) indicates that the attribute is not grouped. A Tag 254 value of all ones (0x7F) is reserved. 256 Ext-Type 258 Two (2) octets. Up-to-date values of the Ext-Type field are 259 specified in the most recent "Assigned Numbers" [IANA]. Values 260 XXXX-YYYY are reserved. 262 Ext-Length 264 >= 4. The length of the Extended Attribute, including the Ext- 265 Type, Ext-Length and Value fields. 267 Value 269 One or more octets. 271 6. Examples 273 Consider an attribute called Foo of type String. Foo is allocated an 274 Extended-Type by IANA of 10. The following figure shows the encoding 275 of Foo(0,4) = "Hello": 277 1 2 3 278 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 279 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 280 | Type (26) | Length | Vendor-Id 281 | | (6 + 9 = 15) | (0) 282 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 283 Vendor-Id (cont) |M| Tag | Ext-Type 284 |0| (0) | (257) 285 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 286 Ext-Type (cont)| Ext-Length | Value | | 287 | (4 + 5 = 9) | (H) | (e) | 288 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 289 | | | | 290 | (l) | (l) | (o) | 291 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 293 Figure 1 295 Now consider another instantiation of the Foo Extended Attribute, 296 this one with a length of 251 octets. In this case the value is 297 fragmented over two Extended Attributes. The first 245 octets are 298 included in the first fragment which has the More bit set and the 299 remaining 6 octets appear in the second attribute. Figure 2 below 300 illustrates the encoding of the first 7 octets of the first Extended 301 Attribute (Foo(0,6) = "Hello W"), while Figure 3 shows how the second 302 attribute (Foo(245,250) = "e end.") is encoded. 304 1 2 3 305 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 306 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 307 | Type (26) | Length | Vendor-Id 308 | |(7 + 248 = 255)| (0) 309 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 310 Vendor-Id (cont) |M| Tag | Ext-Type 311 |1| (0) | (256) 312 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 313 Ext-Type (cont)| Ext-Length | Value | | 314 |(3 + 245 = 248)| (H) | (e) | 315 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 316 | | | | | 317 | (l) | (l) | (o) | ( ) | 318 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 319 | | 320 | (W) | 321 +-+-+-+-+-+-+-+-+ 322 ... 324 Figure 2 326 1 2 3 327 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 328 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 329 | Type (26) | Length | Vendor-Id | 330 | | (7 + 9 = 16) | (0) | 331 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 332 Vendor-Id |M| Tag | Ext-Type 333 (0) |0| (0) | (256) 334 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 335 Ext-Type (cont)| Ext-Length | Value | | 336 | (3 + 6 = 9) | (e) | ( ) | 337 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 338 | | | | | 339 | (e) | (n) | (d) | (.) | 340 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 342 Figure 3 344 The next example illustrates several of the features of Extended 345 Attributes: 347 o encapsulation of values greater than 253 octets in length 349 o grouping of related Extended Attributes using tags 350 o encapsulation of more than one TLV in a single Extended Attribute 352 Consider the following structure: 354 struct 355 Integer a; 356 String b; 357 Integer c; 358 endStruct 360 Element a is assigned an Extended Type of 20. Element b is assigned 361 an Extended Type of 25 and element c is assigned an Extended Type of 362 27. The following figure illustrates the coding where a(0,20) = 363 0xDEADDEAD, b(0,1) = "He", b(243,250) = "The end." and is of length 364 251 octets; and c(0,27) = 0x12345678. The attributes are grouped 365 together with TAG=42. For the sake of brevity, the value of b(3,241) 366 is omitted. 368 1 2 3 369 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 370 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 371 | Type (26) | Length | Vendor-Id | 372 | | (7 + 6 = 13) | (0) | 373 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 374 | Vendor-Id |M| Tag | Ext-Type | 375 | (0) |0| (42) | (20) | 376 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 377 | Ext-Length | Value | | | 378 | (2 + 4 = 6) | (0xDE) | (0xAD) | (0xDE) | 379 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 380 | | 381 | (0xAD) | 382 +-+-+-+-+-+-+-+-+ 384 1 2 3 385 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 386 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 387 | Type (26) | Length | Vendor-Id | 388 | |(7 + 248 = 255)| (0) | 389 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 390 | Vendor-Id |M| Tag | Ext-Type | 391 | (0) |1| (42) | (25) | 392 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 393 | Ext-Length | Value | | 394 |(2 + 246 = 248)| (H) | (e) | 395 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 396 ... 397 1 2 3 398 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 399 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 400 | Type (26) | Length | Vendor-Id | 401 | | (7+7+6=20) | (0) | 402 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 403 | Vendor-Id |M| Tag | Ext-Type | 404 | (0) |0| (42) | (25) | 405 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 406 | Ext-Length | Value | | | 407 | (2 + 5 = 7) | ( ) | (e) | (n) | 408 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 409 | | | Ext-Type | Ext-Length | 410 | (d) | (.) | (27) | (2 + 4 = 6) | 411 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 412 | Value | | | | 413 | (0x12) | (0x34) | (0x56) | (0x78) | 414 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 415 Figure 4 417 7. Security Considerations 419 TBD 421 8. IANA Considerations 423 This solution requires that the IETF be allocated Vendor-Type of zero 424 to the IETF. 426 It also requires that IANA set up a new registry for the RADIUS 427 Extended Attribute Types. 429 9. Open Issues 431 What is the numbering scheme for attributes that will be used by RFC 432 writers going forward? For example today we write user-name(1). 433 Going forward, will we write foo-bar(0,1)? 435 What is the numbering plan for these attributes? What range should 436 be reserved? 438 We have allocated 1 octet for Extended Type. Is that too little? 439 Note, if we run out the IETF can request another enterprise number. 441 10. References 443 10.1. Normative References 445 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 446 Requirement Levels", BCP 14, RFC 2119, March 1997. 448 [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, 449 "Remote Authentication Dial In User Service (RADIUS)", 450 RFC 2865, June 2000. 452 10.2. Informative References 454 [IANA] Internet Assigned Number Authority, "RADIUS TYPES", 455 August 2007, 456 . 458 [RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000. 460 [RFC3575] Aboba, B., "IANA Considerations for RADIUS (Remote 461 Authentication Dial In User Service)", RFC 3575, 462 July 2003. 464 [RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, 465 "Diameter Network Access Server Application", RFC 4005, 466 August 2005. 468 Authors' Addresses 470 Yong Li 471 Bridgewater Systems Corporation 472 303 Terry Fox Drive 473 Suite 100 474 Ottawa, Ontario K2K 3J1 475 Canada 477 Phone: +1 (613) 591-6655 478 Email: yongli@bridgewatersystems.com 479 URI: http://www.bridgewatersystems.com/ 481 Avi Lior 482 Bridgewater Systems Corporation 483 303 Terry Fox Drive 484 Suite 100 485 Ottawa, Ontario K2K 3J1 486 Canada 488 Phone: +1 (613) 591-6655 489 Email: avi@bridgewatersystems.com 490 URI: http://www.bridgewatersystems.com/ 492 Glen Zorn 493 Aruba Networks 494 1322 Crossman Avenue 495 Sunnyvale, CA 94089-1113 496 USA 498 Email: gwz@arubanetworks.com 500 Full Copyright Statement 502 Copyright (C) The IETF Trust (2008). 504 This document is subject to the rights, licenses and restrictions 505 contained in BCP 78, and except as set forth therein, the authors 506 retain all their rights. 508 This document and the information contained herein are provided on an 509 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 510 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 511 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 512 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 513 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 514 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 516 Intellectual Property 518 The IETF takes no position regarding the validity or scope of any 519 Intellectual Property Rights or other rights that might be claimed to 520 pertain to the implementation or use of the technology described in 521 this document or the extent to which any license under such rights 522 might or might not be available; nor does it represent that it has 523 made any independent effort to identify any such rights. Information 524 on the procedures with respect to rights in RFC documents can be 525 found in BCP 78 and BCP 79. 527 Copies of IPR disclosures made to the IETF Secretariat and any 528 assurances of licenses to be made available, or the result of an 529 attempt made to obtain a general license or permission for the use of 530 such proprietary rights by implementers or users of this 531 specification can be obtained from the IETF on-line IPR repository at 532 http://www.ietf.org/ipr. 534 The IETF invites any interested party to bring to its attention any 535 copyrights, patents or patent applications, or other proprietary 536 rights that may cover technology that may be required to implement 537 this standard. Please address the information to the IETF at 538 ietf-ipr@ietf.org. 540 Acknowledgment 542 Funding for the RFC Editor function is provided by the IETF 543 Administrative Support Activity (IASA).