idnits 2.17.1 draft-ietf-radius-acc-clientmib-05.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** There are 4 instances of too long lines in the document, the longest one being 4 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 29 has weird spacing: '...t>, and expir...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (31 March 1999) is 9156 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Missing reference section? '1' on line 416 looks like a reference -- Missing reference section? '2' on line 421 looks like a reference -- Missing reference section? '3' on line 425 looks like a reference -- Missing reference section? '4' on line 428 looks like a reference -- Missing reference section? '5' on line 431 looks like a reference -- Missing reference section? '6' on line 437 looks like a reference -- Missing reference section? '7' on line 443 looks like a reference -- Missing reference section? '8' on line 449 looks like a reference -- Missing reference section? '9' on line 454 looks like a reference -- Missing reference section? '10' on line 459 looks like a reference -- Missing reference section? '11' on line 465 looks like a reference -- Missing reference section? '12' on line 526 looks like a reference -- Missing reference section? '13' on line 474 looks like a reference -- Missing reference section? '14' on line 480 looks like a reference -- Missing reference section? '15' on line 527 looks like a reference -- Missing reference section? '16' on line 489 looks like a reference Summary: 7 errors (**), 0 flaws (~~), 2 warnings (==), 18 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 RADIUS Working Group Bernard Aboba 2 INTERNET-DRAFT Microsoft 3 Category: Informational Glen Zorn 4 Microsoft 5 31 March 1999 7 RADIUS Accounting Client MIB 9 1. Status of this Memo 11 This document is an Internet-Draft and is in full conformance with all 12 provisions of Section 10 of RFC2026. 14 Internet-Drafts are working documents of the Internet Engineering Task 15 Force (IETF), its areas, and its working groups. Note that other groups 16 may also distribute working documents as Internet-Drafts. Internet- 17 Drafts are draft documents valid for a maximum of six months and may be 18 updated, replaced, or obsoleted by other documents at any time. It is 19 inappropriate to use Internet- Drafts as reference material or to cite 20 them other than as "work in progress." 22 The list of current Internet-Drafts can be accessed at 23 http://www.ietf.org/ietf/1id-abstracts.txt 25 The list of Internet-Draft Shadow Directories can be accessed at 26 http://www.ietf.org/shadow.html. 28 The distribution of this memo is unlimited. It is filed as , and expires October 1, 1999. Please send 30 comments to the authors. 32 2. Copyright Notice 34 Copyright (C) The Internet Society (1999). All Rights Reserved. 36 3. Abstract 38 This memo defines a set of extensions which instrument RADIUS accounting 39 client functions. These extensions represent a portion of the Management 40 Information Base (MIB) for use with network management protocols in the 41 Internet community. Using these extensions IP-based management stations 42 can manage RADIUS accounting clients. 44 4. Introduction 46 This memo defines a portion of the Management Information Base (MIB) for 47 use with network management protocols in the Internet community. In 48 particular, it describes managed objects used for managing RADIUS 49 accounting clients. 51 Today a wide range of network devices, including routers and NASes, act 52 as RADIUS accounting clients in order to provide accounting services. 53 As a result, the effective management of RADIUS accounting clients is of 54 considerable importance. 56 5. The SNMP Management Framework 58 The SNMP Management Framework presently consists of five major 59 components: 61 o An overall architecture, described in RFC 2271 [1]. 63 o Mechanisms for describing and naming objects and events for the 64 purpose of management. The first version of this Structure of 65 Management Information (SMI) is called SMIv1 and described in 66 RFC 1155 [2], RFC 1212 [3] and RFC 1215 [4]. The second version, 67 called SMIv2, is described in RFC 1902 [5], RFC 1903 [6] and RFC 68 1904 [7]. 70 o Message protocols for transferring management information. The 71 first version of the SNMP message protocol is called SNMPv1 and 72 described in RFC 1157 [8]. A second version of the SNMP message 73 protocol, which is not an Internet standards track protocol, is 74 called SNMPv2c and described in RFC 1901 [9] and RFC 1906 [10]. 75 The third version of the message protocol is called SNMPv3 and 76 described in RFC 1906 [10], RFC 2272 [11] and RFC 2274 [12]. 78 o Protocol operations for accessing management information. The 79 first set of protocol operations and associated PDU formats is 80 described in RFC 1157 [8]. A second set of protocol operations 81 and associated PDU formats is described in RFC 1905 [13]. 83 o A set of fundamental applications described in RFC 2273 [14] and 84 the view-based access control mechanism described in RFC 2275 85 [15]. 87 Managed objects are accessed via a virtual information store, termed the 88 Management Information Base or MIB. Objects in the MIB are defined 89 using the mechanisms defined in the SMI. 91 This memo specifies a MIB module that is compliant to the SMIv2. A MIB 92 conforming to the SMIv1 can be poduced through the appropriate 93 translations. The resulting translated MIB must be semantically 94 equivalent, except where objects or events are omitted because no 95 translation is possible (use of Counter64). Some machine readable 96 information in SMIv2 will be converted into textual descriptions in 97 SMIv1 during the translation process. However, this loss of machine 98 readable information is not considered to change the semantics of the 99 MIB. 101 6. Overview 103 The RADIUS accounting protocol, described in [16], distinguishes between 104 the client function and the server function. In RADIUS accounting, 105 clients send Accounting-Requests, and servers reply with Accounting- 106 Responses. Typically NAS devices implement the client function, and thus 107 would be expected to implement the RADIUS accounting client MIB, while 108 RADIUS accounting servers implement the server function, and thus would 109 be expected to implement the RADIUS accounting server MIB. 111 However, it is possible for a RADIUS accounting entity to perform both 112 client and server functions. For example, a RADIUS proxy may act as a 113 server to one or more RADIUS accounting clients, while simultaneously 114 acting as an accounting client to one or more accounting servers. In 115 such situations, it is expected that RADIUS entities combining client 116 and server functionality will support both the client and server MIBs. 118 6.1. Selected objects 119 This MIB module contains two scalars as well as a single table: 121 (1) the RADIUS Accounting Server Table contains one row for each 122 RADIUS server that the client shares a secret with. 124 Each entry in the RADIUS Accounting Server Table includes thirteen 125 columns presenting a view of the activity of the RADIUS client. 127 7. Definitions 129 RADIUS-ACC-CLIENT-MIB DEFINITIONS ::= BEGIN 131 IMPORTS 132 MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, 133 Counter32, Integer32, Gauge32, 134 IpAddress, TimeTicks FROM SNMPv2-SMI 135 SnmpAdminString FROM SNMP-FRAMEWORK-MIB 136 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF 137 mib-2 FROM RFC1213-MIB; 139 radiusAccClientMIB MODULE-IDENTITY 140 LAST-UPDATED "9903290000Z" -- 29 Mar 1999 141 ORGANIZATION "IETF RADIUS Working Group." 142 CONTACT-INFO 143 " Bernard Aboba 144 Microsoft 145 One Microsoft Way 146 Redmond, WA 98052 147 US 149 Phone: +1 425 936 6605 150 EMail: bernarda@microsoft.com" 151 DESCRIPTION 152 "The MIB module for entities implementing the client side of 153 the Remote Access Dialin User Service (RADIUS) accounting 154 protocol." 155 REVISION "9903290000Z" -- 29 Mar 1999 156 DESCRIPTION "Initial version as published in RFC xxxx" 157 -- RCC xxxx to be assigned by IANA 158 ::= { radiusAccounting 2 } 160 radiusMIB OBJECT-IDENTITY 161 STATUS current 162 DESCRIPTION 163 "The OID assigned to RADIUS MIB work by the IANA." 164 ::= { mib-2 xxx } -- To be assigned by IANA 166 radiusAccounting OBJECT IDENTIFIER ::= {radiusMIB 2} 168 radiusAccClientMIBObjects OBJECT IDENTIFIER ::= { radiusAccClientMIB 1 } 170 radiusAccClient OBJECT IDENTIFIER ::= { radiusAccClientMIBObjects 1 } 172 radiusAccClientInvalidServerAddresses OBJECT-TYPE 173 SYNTAX Counter32 174 MAX-ACCESS read-only 175 STATUS current 176 DESCRIPTION 177 "The number of RADIUS Accounting-Response packets 178 received from unknown addresses." 179 ::= { radiusAccClient 1 } 181 radiusAccClientIdentifier OBJECT-TYPE 182 SYNTAX SnmpAdminString 183 MAX-ACCESS read-only 184 STATUS current 185 DESCRIPTION 186 "The NAS-Identifier of the RADIUS accounting client. This 187 is not necessarily the same as sysName in MIB II." 188 ::= { radiusAccClient 2 } 190 radiusAccServerTable OBJECT-TYPE 191 SYNTAX SEQUENCE OF RadiusAccServerEntry 192 MAX-ACCESS not-accessible 193 STATUS current 194 DESCRIPTION 195 "The (conceptual) table listing the RADIUS accounting 196 servers with which the client shares a secret." 197 ::= { radiusAccClient 3 } 199 radiusAccServerEntry OBJECT-TYPE 200 SYNTAX RadiusAccServerEntry 201 MAX-ACCESS not-accessible 202 STATUS current 203 DESCRIPTION 204 "An entry (conceptual row) representing a RADIUS 205 accounting server with which the client shares a secret." 206 INDEX { radiusAccServerIndex } 207 ::= { radiusAccServerTable 1 } 209 RadiusAccServerEntry ::= SEQUENCE { 210 radiusAccServerIndex Integer32, 211 radiusAccServerAddress IpAddress, 212 radiusAccClientServerPortNumber Integer32, 213 radiusAccClientRoundTripTime TimeTicks, 214 radiusAccClientRequests Counter32, 215 radiusAccClientRetransmissions Counter32, 216 radiusAccClientResponses Counter32, 217 radiusAccClientMalformedResponses Counter32, 218 radiusAccClientBadAuthenticators Counter32, 219 radiusAccClientPendingRequests Gauge32, 220 radiusAccClientTimeouts Counter32, 221 radiusAccClientUnknownTypes Counter32, 222 radiusAccClientPacketsDropped Counter32 223 } 225 radiusAccServerIndex OBJECT-TYPE 226 SYNTAX Integer32 227 MAX-ACCESS not-accessible 228 STATUS current 229 DESCRIPTION 230 "A number uniquely identifying each RADIUS 231 Accounting server with which this client 232 communicates." 233 ::= { radiusAccServerEntry 1 } 235 radiusAccServerAddress OBJECT-TYPE 236 SYNTAX IpAddress 237 MAX-ACCESS read-only 238 STATUS current 239 DESCRIPTION 240 "The IP address of the RADIUS accounting server 241 referred to in this table entry." 242 ::= { radiusAccServerEntry 2 } 244 radiusAccClientServerPortNumber OBJECT-TYPE 245 SYNTAX Integer32 (0..65535) 246 MAX-ACCESS read-only 247 STATUS current 248 DESCRIPTION 249 "The UDP port the client is using to send requests to 250 this server." 251 ::= { radiusAccServerEntry 3 } 253 radiusAccClientRoundTripTime OBJECT-TYPE 254 SYNTAX TimeTicks 255 MAX-ACCESS read-only 256 STATUS current 257 DESCRIPTION 258 "The time interval between the most recent 259 Accounting-Response and the Accounting-Request that 260 matched it from this RADIUS accounting server." 261 ::= { radiusAccServerEntry 4 } 263 -- Request/Response statistics 264 -- 265 -- Requests = Responses + PendingRequests + ClientTimeouts 266 -- 267 -- Responses - MalformedResponses - BadAuthenticators - 268 -- UnknownTypes - PacketsDropped = Successfully received 270 radiusAccClientRequests OBJECT-TYPE 271 SYNTAX Counter32 272 MAX-ACCESS read-only 273 STATUS current 274 DESCRIPTION 275 "The number of RADIUS Accounting-Request packets 276 sent. This does not include retransmissions." 277 ::= { radiusAccServerEntry 5 } 279 radiusAccClientRetransmissions OBJECT-TYPE 280 SYNTAX Counter32 281 MAX-ACCESS read-only 282 STATUS current 283 DESCRIPTION 284 "The number of RADIUS Accounting-Request packets 285 retransmitted to this RADIUS accounting server. 286 Retransmissions include retries where the 287 Identifier and Acct-Delay have been updated, as 288 well as those in which they remain the same." 289 ::= { radiusAccServerEntry 6 } 291 radiusAccClientResponses OBJECT-TYPE 292 SYNTAX Counter32 293 MAX-ACCESS read-only 294 STATUS current 295 DESCRIPTION 296 "The number of RADIUS packets received on the 297 accounting port from this server." 298 ::= { radiusAccServerEntry 7 } 300 radiusAccClientMalformedResponses OBJECT-TYPE 301 SYNTAX Counter32 302 MAX-ACCESS read-only 303 STATUS current 304 DESCRIPTION 305 "The number of malformed RADIUS Accounting-Response 306 packets received from this server. Malformed packets 307 include packets with an invalid length. Bad 308 authenticators and unknown types are not included as 309 malformed accounting responses." 310 ::= { radiusAccServerEntry 8 } 312 radiusAccClientBadAuthenticators OBJECT-TYPE 313 SYNTAX Counter32 314 MAX-ACCESS read-only 315 STATUS current 316 DESCRIPTION 317 "The number of RADIUS Accounting-Response 318 packets which contained invalid authenticators 319 received from this server." 320 ::= { radiusAccServerEntry 9 } 322 radiusAccClientPendingRequests OBJECT-TYPE 323 SYNTAX Gauge32 324 MAX-ACCESS read-only 325 STATUS current 326 DESCRIPTION 327 "The number of RADIUS Accounting-Request packets 328 sent to this server that have not yet timed out or 329 received a response. This variable is incremented when an 330 Accounting-Request is sent and decremented due to 331 receipt of an Accounting-Response, a timeout or 332 a retransmission." 333 ::= { radiusAccServerEntry 10 } 335 radiusAccClientTimeouts OBJECT-TYPE 336 SYNTAX Counter32 337 MAX-ACCESS read-only 338 STATUS current 339 DESCRIPTION 340 "The number of accounting timeouts to this server. 341 After a timeout the client may retry to the same 342 server, send to a different server, or give up. 343 A retry to the same server is counted as a 344 retransmit as well as a timeout. A send to a different 345 server is counted as an Accounting-Request as well as a timeout." 346 ::= { radiusAccServerEntry 11 } 348 radiusAccClientUnknownTypes OBJECT-TYPE 349 SYNTAX Counter32 350 MAX-ACCESS read-only 351 STATUS current 352 DESCRIPTION 353 "The number of RADIUS packets of unknown type which 354 were received from this server on the accounting port." 355 ::= { radiusAccServerEntry 12 } 357 radiusAccClientPacketsDropped OBJECT-TYPE 358 SYNTAX Counter32 359 MAX-ACCESS read-only 360 STATUS current 361 DESCRIPTION 362 "The number of RADIUS packets which were received from 363 this server on the accounting port and dropped for some other 364 reason." 365 ::= { radiusAccServerEntry 13 } 367 -- conformance information 369 radiusAccClientMIBConformance 370 OBJECT IDENTIFIER ::= { radiusAccClientMIB 2 } 371 radiusAccClientMIBCompliances 372 OBJECT IDENTIFIER ::= { radiusAccClientMIBConformance 1 } 373 radiusAccClientMIBGroups 374 OBJECT IDENTIFIER ::= { radiusAccClientMIBConformance 2 } 376 -- compliance statements 378 radiusAccClientMIBCompliance MODULE-COMPLIANCE 379 STATUS current 380 DESCRIPTION 381 "The compliance statement for accounting clients 382 implementing the RADIUS Accounting Client MIB." 383 MODULE -- this module 384 MANDATORY-GROUPS { radiusAccClientMIBGroup } 386 ::= { radiusAccClientMIBCompliances 1 } 388 -- units of conformance 390 radiusAccClientMIBGroup OBJECT-GROUP 391 OBJECTS { radiusAccClientIdentifier, 392 radiusAccClientInvalidServerAddresses, 393 radiusAccServerAddress, 394 radiusAccClientServerPortNumber, 395 radiusAccClientRoundTripTime, 396 radiusAccClientRequests, 397 radiusAccClientRetransmissions, 398 radiusAccClientResponses, 399 radiusAccClientMalformedResponses, 400 radiusAccClientBadAuthenticators, 401 radiusAccClientPendingRequests, 402 radiusAccClientTimeouts, 403 radiusAccClientUnknownTypes, 404 radiusAccClientPacketsDropped 405 } 406 STATUS current 407 DESCRIPTION 408 "The basic collection of objects providing management of 409 RADIUS Accounting Clients." 410 ::= { radiusAccClientMIBGroups 1 } 412 END 414 8. References 416 [1] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for 417 Describing SNMP Management Frameworks", RFC 2271, Cabletron 418 Systems, Inc., BMC Software, Inc., IBM T. J. Watson Research, 419 January 1998. 421 [2] Rose, M., and K. McCloghrie, "Structure and Identification of 422 Management Information for TCP/IP-based Internets", RFC 1155, 423 Performance Systems International, Hughes LAN Systems, May 1990. 425 [3] Rose, M., and K. McCloghrie, "Concise MIB Definitions", RFC 1212, 426 Performance Systems International, Hughes LAN Systems, March 1991. 428 [4] M. Rose, "A Convention for Defining Traps for use with the SNMP", 429 RFC 1215, Performance Systems International, March 1991. 431 [5] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Structure 432 of Management Information for Version 2 of the Simple Network 433 Management Protocol (SNMPv2)", RFC 1902, SNMP Research,Inc., Cisco 434 Systems, Inc., Dover Beach Consulting, Inc., International Network 435 Services, January 1996. 437 [6] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Textual 438 Conventions for Version 2 of the Simple Network Management Protocol 439 (SNMPv2)", RFC 1903, SNMP Research, Inc., Cisco Systems, Inc., 440 Dover Beach Consulting, Inc., International Network Services, 441 January 1996. 443 [7] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Conformance 444 Statements for Version 2 of the Simple Network Management Protocol 445 (SNMPv2)", RFC 1904, SNMP Research, Inc., Cisco Systems, Inc., 446 Dover Beach Consulting, Inc., International Network Services, 447 January 1996. 449 [8] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network 450 Management Protocol", RFC 1157, SNMP Research, Performance Systems 451 International, Performance Systems International, MIT Laboratory 452 for Computer Science, May 1990. 454 [9] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 455 "Introduction to Community-based SNMPv2", RFC 1901, SNMP Research, 456 Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 457 International Network Services, January 1996. 459 [10] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport 460 Mappings for Version 2 of the Simple Network Management Protocol 461 (SNMPv2)", RFC 1906, SNMP Research, Inc., Cisco Systems, Inc., 462 Dover Beach Consulting, Inc., International Network Services, 463 January 1996. 465 [11] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message 466 Processing and Dispatching for the Simple Network Management 467 Protocol (SNMP)", RFC 2272, SNMP Research, Inc., Cabletron Systems, 468 Inc., BMC Software, Inc., IBM T. J. Watson Research, January 1998. 470 [12] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for 471 version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 472 2274, IBM T. J. Watson Research, January 1998. 474 [13] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol 475 Operations for Version 2 of the Simple Network Management Protocol 476 (SNMPv2)", RFC 1905, SNMP Research, Inc., Cisco Systems, Inc., 477 Dover Beach Consulting, Inc., International Network Services, 478 January 16. 480 [14] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 481 2273, SNMP Research, Inc., Secure Computing Corporation, Cisco 482 Systems, January 1998 484 [15] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access 485 Control Model (VACM) for the Simple Network Management Protocol 486 (SNMP)", RFC 2275, IBM T. J. Watson Research, BMC Software, Inc., 487 Cisco Systems, Inc., January 1998 489 [16] Rigney, C., "RADIUS Accounting", RFC 2139, April 1997. 491 9. Security considerations 493 There are no management objects defined in this MIB that have a MAX- 494 ACCESS clause of read-write and/or read-create. So, if this MIB is 495 implemented correctly, then there is no risk that an intruder can alter 496 or create any management objects of this MIB via direct SNMP SET 497 opertions. 499 There are a number of managed objects in this MIB that may contain 500 sensitive information. These are: 502 radiusAccServerAddress 503 This can be used to determine the address of the RADIUS 504 accounting server with which the client is communicating. This 505 information could be useful in mounting an attack on the 506 acounting server, which may contain sensitive financial data. 508 radiusAccClientServerPortNumber 509 This can be used to determine the port number on which the 510 RADIUS accounting client is sending. This information could be 511 useful in impersonating the client in order to send fraudulent 512 data to the accounting server. 514 It is thus important to control even GET access to these objects and 515 possibly to even encrypt the values of these object when sending them 516 over the network via SNMP. Not all versions of SNMP provide features 517 for such a secure environment. 519 SNMPv1 by itself is not a secure environment. Even if the network itself 520 is secure (for example by using IPSec), there is no control as to who on 521 the secure network is allowed to access and GET/SET 522 (read/change/create/delete) the objects in this MIB. 524 It is recommended that the implementers consider the security features 525 as provided by the SNMPv3 framework. Specifically, the use of the User- 526 based Security Model RFC 2274 [12] and the View-based Access Control 527 Model RFC 2275 [15] is recommended. Using these security features, 528 customer/users can give access to the objects only to those principals 529 (users) that have legitimate rights to GET or SET (change/create/delete) 530 them. 532 10. Acknowledgments 534 The authors acknowledge the contributions of the RADIUS Working Group in 535 the development of this MIB. Thanks to Narendra Gidwani of Microsoft, 536 Allan C. Rubens of MERIT, Carl Rigney of Livingston and Peter Heitman of 537 American Internet Corporation for useful discussions of this problem 538 space. 540 11. Authors' Addresses 542 Bernard Aboba 543 Microsoft Corporation 544 One Microsoft Way 545 Redmond, WA 98052 547 Phone: 425-936-6605 548 EMail: bernarda@microsoft.com 550 Glen Zorn 551 Microsoft Corporation 552 One Microsoft Way 553 Redmond, WA 98052 555 Phone: 425-703-1559 556 EMail: glennz@microsoft.com 558 12. Full Copyright Statement 560 Copyright (C) The Internet Society (1999). All Rights Reserved. 561 This document and translations of it may be copied and furnished to 562 others, and derivative works that comment on or otherwise explain it or 563 assist in its implmentation may be prepared, copied, published and 564 distributed, in whole or in part, without restriction of any kind, 565 provided that the above copyright notice and this paragraph are included 566 on all such copies and derivative works. However, this document itself 567 may not be modified in any way, such as by removing the copyright notice 568 or references to the Internet Society or other Internet organizations, 569 except as needed for the purpose of developing Internet standards in 570 which case the procedures for copyrights defined in the Internet 571 Standards process must be followed, or as required to translate it into 572 languages other than English. The limited permissions granted above are 573 perpetual and will not be revoked by the Internet Society or its 574 successors or assigns. This document and the information contained 575 herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE 576 INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR 577 IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 578 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 579 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." 581 13. Expiration Date 583 This memo is filed as , and 584 expires October 1, 1999.