Network Working Group S. Teiwes
Request for Comments: 3058 P. Hartmann
Category:Informational iT_Security AG (Ltd.)
D. Kuenzi
724 Solutions Inc.
February 2001
Network Working Group S. Teiwes
Request for Comments: 3058 P. Hartmann
Category:Informational iT_Security AG (Ltd.)
D. Kuenzi
724 Solutions Inc.
February 2001
Use of the IDEA Encryption Algorithm in CMS
IDEA加密算法在CMS中的应用
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2001). All Rights Reserved.
版权所有(C)互联网协会(2001年)。版权所有。
Abstract
摘要
This memo specifies how to incorporate International Data Encryption Algorithm (IDEA) into CMS or S/MIME as an additional strong algorithm for symmetric encryption. For organizations who make use of IDEA for data security purposes it is of high interest that IDEA is also available in S/MIME. The intention of this memo is to provide the OIDs and algorithms required that IDEA can be included in S/MIME for symmetric content and key encryption.
本备忘录规定了如何将国际数据加密算法(IDEA)合并到CMS或S/MIME中,作为对称加密的附加强算法。对于将IDEA用于数据安全目的的组织来说,IDEA也可以在S/MIME中使用,这是非常有趣的。本备忘录旨在提供IDEA可包含在S/MIME中用于对称内容和密钥加密所需的OID和算法。
This memo specifies how to incorporate International Data Encryption Algorithm (IDEA) [IDEA] into CMS or S/MIME [SMIME2, SMIME3] as an additional strong algorithm for symmetric encryption. For organizations who make use of IDEA for data security purposes it is of high interest that IDEA is also available in S/MIME. The intention of this memo is to provide the OIDs and algorithms required that IDEA can be included in S/MIME for symmetric content and key encryption.
本备忘录规定了如何将国际数据加密算法(IDEA)[IDEA]合并到CMS或S/MIME[SMIME2,SMIME3]中,作为对称加密的附加强算法。对于将IDEA用于数据安全目的的组织来说,IDEA也可以在S/MIME中使用,这是非常有趣的。本备忘录旨在提供IDEA可包含在S/MIME中用于对称内容和密钥加密所需的OID和算法。
The general functional capabilities and preferences of S/MIME are specified by the registered list of S/MIME object identifiers (OIDs). This list of OIDs is available from the Internet Mail Consortium at <http://www.imc.org/ietf-smime/oids.html>. The set of S/MIME functions provided by a client is expressed by the S/MIME capabilities attribute. This attribute contains a list of OIDs of supported cryptographic functions.
S/MIME的一般功能和首选项由注册的S/MIME对象标识符(OID)列表指定。此OID列表可从Internet Mail Consortium获得,网址为<http://www.imc.org/ietf-smime/oids.html>. 客户端提供的一组S/MIME函数由S/MIME capabilities属性表示。此属性包含受支持的加密函数的OID列表。
In this document, the terms MUST, MUST NOT, SHOULD, and SHOULD NOT are used in capital letters. This conforms to the definitions in [MUSTSHOULD].
在本文件中,术语必须、不得、应和不应使用大写字母。这符合[必须]中的定义。
The Cryptographic Message Syntax [CMS], derived from PKCS#7 [PKCS7], is the framework for the implementation of cryptographic functions in S/MIME. It specifies data formats and encryption processes without naming the cryptographic algorithms. Each algorithm which is used for encryption purposes must be specified by a unique algorithm identifier. For example, in the special case of content encryption the ContentEncryptionAlgorithmIdentifier specifies the algorithm to be applied. However, according to [CMS] any symmetric encryption algorithm that a CMS implementation includes as a content-encryption algorithm must also be included as a key-encryption algorithm.
密码消息语法[CMS]源自PKCS#7[PKCS7],是S/MIME中实现密码功能的框架。它指定数据格式和加密过程,而不命名加密算法。用于加密目的的每个算法必须由唯一的算法标识符指定。例如,在内容加密的特殊情况下,ContentEncryptionAlgorithmIdentifier指定要应用的算法。然而,根据[CMS],CMS实现作为内容加密算法包含的任何对称加密算法也必须作为密钥加密算法包含。
IDEA is added to the set of optional symmetric encryption algorithms in S/MIME by providing two unique object identifiers (OIDs). One OID defines content encryption and the other one key encryption. Thus an S/MIME agent can apply IDEA either for content or key encryption by selecting the corresponding object identifier, supplying the required parameter, and starting the program code.
IDEA通过提供两个唯一的对象标识符(OID)添加到S/MIME中的可选对称加密算法集中。一个OID定义内容加密,另一个定义密钥加密。因此,S/MIME代理可以通过选择相应的对象标识符、提供所需参数并启动程序代码,将IDEA应用于内容或密钥加密。
For content encryption the use of IDEA in cipher block chaining (CBC) mode is recommended. The key length is fixed to 128 bits.
对于内容加密,建议在密码块链接(CBC)模式中使用IDEA。密钥长度固定为128位。
The IDEA content-encryption algorithm in CBC mode has the object identifier
CBC模式下的IDEA内容加密算法具有对象标识符
IDEA-CBC OBJECT IDENTIFIER
::= { iso(1) identified-organization(3)
usdod(6) oid(1) private(4) enterprises(1)
ascom(188) systec(7) security(1) algorithms(1) 2 }
IDEA-CBC OBJECT IDENTIFIER
::= { iso(1) identified-organization(3)
usdod(6) oid(1) private(4) enterprises(1)
ascom(188) systec(7) security(1) algorithms(1) 2 }
The identifier's parameters field contains the initialization vector (IV) as an optional parameter.
标识符的参数字段包含初始化向量(IV)作为可选参数。
IDEA-CBCPar ::= SEQUENCE {
iv OCTET STRING OPTIONAL } -- exactly 8 octets
IDEA-CBCPar ::= SEQUENCE {
iv OCTET STRING OPTIONAL } -- exactly 8 octets
If IV is specified as above, it MUST be used as initial vector. In this case, the ciphertext MUST NOT include the initial vector. If IV is not specified, the first 64 bits of the ciphertext MUST be considered as the initial vector. However, this alternative of not including IV into "iv OCTET STRING" of IDEA-CBCPar SHOULD NOT be applied in CMS or S/MIME.
如果IV如上所述,则必须将其用作初始向量。在这种情况下,密文不能包含初始向量。如果未指定IV,则必须将密文的前64位视为初始向量。然而,这种不将IV包含在IDEA CBCPar的“IV八位字符串”中的替代方案不应应用于CMS或S/MIME。
The key-wrap/unwrap algorithms used to encrypt/decrypt an IDEA content-encryption key with an IDEA key-encryption key are specified in the following section. Generation and distribution of IDEA key-encryption keys are beyond the scope of this document.
用于使用IDEA密钥加密密钥加密/解密IDEA内容加密密钥的密钥包裹/展开算法在以下部分中指定。IDEA密钥加密密钥的生成和分发超出了本文档的范围。
The IDEA key-encryption algorithm has the object identifier
IDEA密钥加密算法具有对象标识符
id-alg-CMSIDEAwrap OBJECT IDENTIFIER
::= { iso(1) identified-organization(3)
usdod(6) oid(1) private(4) enterprises(1)
ascom(188) systec(7) security(1) algorithms(1) 6 }
id-alg-CMSIDEAwrap OBJECT IDENTIFIER
::= { iso(1) identified-organization(3)
usdod(6) oid(1) private(4) enterprises(1)
ascom(188) systec(7) security(1) algorithms(1) 6 }
The identifier's parameters field MUST be NULL.
标识符的参数字段必须为空。
In the following subsections IDEA key-wrap and key-unwrap algorithms are specified in conformance with [CMS], section 12.3.
在以下小节中,按照[CMS]第12.3节规定了密钥包裹和密钥展开算法。
The IDEA key-wrap algorithm encrypts an IDEA content-encryption key with an IDEA key-encryption key. The IDEA key-wrap algorithm is defined by:
IDEA密钥包裹算法使用IDEA密钥加密密钥加密IDEA内容加密密钥。IDEA密钥包裹算法的定义如下:
1. Let the content-encryption key (16 octets) be called CEK 2. Compute an 8 octet key checksum value on CEK as described in [CMS], section 12.6.1, call the result ICV. 3. Let CEKICV := CEK || ICV. 4. Generate 8 octets at random, call the result IV. 5. Encrypt CEKICV using IDEA in CBC mode and the key-encryption key. Use the random value generated in the previous step as the initialization vector (IV). Call the ciphertext TEMP1. 6. Let TEMP2 = IV || TEMP1. 7. Reverse the order of the octets in TEMP2. That is, the most significant (first) octet is swapped with the least significant (last) octet, and so on. Call the result TEMP3. 8. Encrypt TEMP3 using IDEA in CBC mode and the key-encryption key. Use an initialization vector (IV) of 0x4adda22c79e82105. The ciphertext is 32 octets long.
1. 将内容加密密钥(16个八位字节)称为CEK 2。如[CMS]第12.6.1节所述,计算CEK上的8个八位键校验和值,调用结果ICV。3.设CEKICV:=CEK | | ICV。4.随机生成8个八位组,调用结果IV.5。在CBC模式下使用IDEA和密钥加密密钥加密CEKICV。使用上一步中生成的随机值作为初始化向量(IV)。调用密文TEMP1。6.设TEMP2=IV | | TEMP1。7.颠倒TEMP2中八位字节的顺序。也就是说,最高有效(第一个)八位字节与最低有效(最后一个)八位字节交换,依此类推。调用结果TEMP3。8.在CBC模式下使用IDEA和密钥加密密钥加密TEMP3。使用0x4adda22c79e82105的初始化向量(IV)。密文有32个八位字节长。
The IDEA key-unwrap algorithm decrypts an IDEA content-encryption key using an IDEA key-encryption key. The IDEA key-unwrap algorithm is defined by:
IDEA密钥展开算法使用IDEA密钥加密密钥对IDEA内容加密密钥进行解密。IDEA密钥展开算法的定义如下:
1. If the wrapped content-encryption key is not 32 octets, then error. 2. Decrypt the wrapped content-encryption key using IDEA in CBC mode with the key-encryption key. Use an initialization vector (IV) of 0x4adda22c79e82105. Call the output TEMP3. 3. Reverse the order of the octets in TEMP3. That is, the most significant (first) octet is swapped with the least significant (last) octet, and so on. Call the result TEMP2. 4. Decompose the TEMP2 into IV and TEMP1. IV is the most significant (first) 8 octets, and TEMP1 is the remaining (last) 24 octets. 5. Decrypt TEMP1 using IDEA in CBC mode with the key-encryption key. Use the IV value from the previous step as the initialization vector. Call the plaintext CEKICV. 6. Decompose the CEKICV into CEK and ICV. CEK is the most significant (first) 16 octets, and ICV is the least significant (last) 8 octets. 7. Compute an 8 octet key checksum value on CEK as described in [CMS], section 12.6.1. If the computed key checksum value does not match the decrypted key checksum value, ICV, then error. 8. Use CEK as the content-encryption key.
1. 如果包装的内容加密密钥不是32个八位字节,则返回错误。2.在CBC模式下使用IDEA和密钥加密密钥解密包装的内容加密密钥。使用0x4adda22c79e82105的初始化向量(IV)。调用输出TEMP3。3.在TEMP3中颠倒八位组的顺序。也就是说,最高有效(第一个)八位字节与最低有效(最后一个)八位字节交换,依此类推。调用结果TEMP2。4.将TEMP2分解为IV和TEMP1。IV是最重要的(前)8个八位字节,TEMP1是剩余的(最后)24个八位字节。5.使用IDEA在CBC模式下使用密钥加密密钥解密TEMP1。使用上一步中的IV值作为初始化向量。调用明文CEKICV。6.将CEKICV分解为CEK和ICV。CEK是最重要的(前)16个八位字节,ICV是最不重要的(后)8个八位字节。7.按照[CMS]第12.6.1节所述,在CEK上计算8个八位键的校验和值。如果计算的密钥校验和值与解密的密钥校验和值ICV不匹配,则出现错误。8.使用CEK作为内容加密密钥。
An S/MIME client can announce the set of cryptographic functions it supports by using the S/MIME capabilities attribute as specified in [SMIME3]. This attribute provides a partial list of OIDs of cryptographic functions and must be signed by the client. These OIDs should be logically separated in functional categories and MUST be ordered with respect to their preference. If an S/MIME client is required to support symmetric encryption and key wrapping based on IDEA, the capabilities attribute MUST contain the above specified OIDs in the category of symmetric algorithms and key encipherment algorithms. IDEA does not require additional OID parameters since it has a fixed key length of 128 bits.
S/MIME客户端可以通过使用[SMIME3]中指定的S/MIME capabilities属性来宣布其支持的加密函数集。此属性提供加密函数OID的部分列表,必须由客户端签名。这些OID应按功能类别进行逻辑分隔,并且必须根据其偏好进行排序。如果S/MIME客户端需要支持基于IDEA的对称加密和密钥包装,则“能力”属性必须包含对称算法和密钥加密算法类别中的上述指定OID。IDEA不需要额外的OID参数,因为它具有128位的固定密钥长度。
The SMIMECapability SEQUENCE representing the IDEA symmetric encryption algorithm MUST include the IDEA-CBC OID in the capabilityID field and the parameters field MUST be absent. The SMIMECapability SEQUENCE for IDEA encryption SHOULD be included in the symmetric encryption algorithms portion of the SMIMECapabilities list. The SMIMECapability SEQUENCE representing IDEA MUST be DER-encoded as follows: 300D 060B 2B06 0104 0181 3C07 0101 02.
表示IDEA对称加密算法的SMIMECapability序列必须在capabilityID字段中包含IDEA-CBC OID,并且参数字段必须不存在。IDEA加密的SMIMECapability序列应包含在SMIMECapabilities列表的对称加密算法部分中。表示IDEA的SMIMECapability序列必须按如下顺序编码:300D 060B 2B06 0104 0181 3C07 0101 02。
The SMIMECapability SEQUENCE representing the IDEA key wrapping algorithm MUST include the id-alg-CMSIDEAwrap OID in the capabilityID field and the parameters field of KeyWrapAlgorithm MUST be absent. The SMIMECapability SEQUENCE for IDEA key wrapping SHOULD be included
表示IDEA密钥包装算法的SMIMECapability序列必须在capabilityID字段中包含id alg CMSIDEAwrap OID,并且必须缺少KeyWrappalGorithm的parameters字段。应包括IDEA密钥包装的SMIMECapability序列
in the key encipherment algorithms portion of the SMIMECapabilities list. The SMIMECapability SEQUENCE representing IDEA key wrapping MUST be DER-encoded as follows: 300D 060B 2B06 0104 0181 3C07 0101 06.
在SMIMECapabilities列表的密钥加密算法部分。代表IDEA密钥包装的SMIMECapability序列必须按如下顺序进行DER编码:300D 060B 2B06 0104 0181 3C07 0101 06。
The ASN.1 notation of the SMIMECapability SEQUENCE representing IDEA is
表示IDEA的SMIMECapability序列的ASN.1符号是
SMIMECapability ::= SEQUENCE {
capabilityID OBJECT IDENTIFIER,
parameters ANY DEFINED BY capabilityID OPTIONAL }
SMIMECapability ::= SEQUENCE {
capabilityID OBJECT IDENTIFIER,
parameters ANY DEFINED BY capabilityID OPTIONAL }
where capabilityID is IDEA-CBC (no parameters) for IDEA content encryption in CBC mode or capabilityID is id-alg-CMSIDEAwrap (no parameters) for IDEA key wrapping.
其中,capabilityID为CBC模式下IDEA内容加密的IDEA-CBC(无参数),或capabilityID为IDEA密钥包装的id alg CMSIDEAwrap(无参数)。
When a sending agent creates an encrypted message, it has to decide which type of encryption algorithm to use. In general the decision process involves information obtained from the capabilities lists included in messages received from the recipient, as well as other information such as private agreements, user preferences, legal restrictions, etc. If users require IDEA for symmetric encryption, it must be supported by the S/MIME clients on both the sending and receiving side, and it must be set in the user preferences.
当发送代理创建加密消息时,它必须决定使用哪种类型的加密算法。一般来说,决策过程涉及从收件人收到的消息中包含的功能列表中获得的信息,以及其他信息,如私人协议、用户偏好、法律限制等。如果用户需要对称加密的IDEA,它必须由发送端和接收端的S/MIME客户端支持,并且必须在用户首选项中设置。
A. References
A.参考资料
[IDEA] X. Lai, "On the design and security of block ciphers", ETH Series in Information Processing, J.L. Massey (editor), vol. 1, Hartung-Gorre Verlag Konstanz, Technische Hochschule (Zurich), 1992. A. J. Menezes, P.C. v. Oorschot, S.A. Vanstone, "Handbook of Applied Cryptography," CRC Press New York, 1997, p. 265. B. Schneier, "Applied Cryptography," 2nd ed., John Wiley & Sons Inc. New York, 1996, pp. 319-325. IPR: see the "IETF Page of Intellectual Property Rights Notices", http://www.ietf.org/ipr.html
[IDEA]X.Lai,“关于分组密码的设计和安全”,ETH信息处理系列,J.L.Massey(编辑),第一卷,Hartung Gorre Verlag Konstanz,Technische Hochschule(苏黎世),1992年。A.J.梅内泽斯,P.C.v。Oorschot,S.A.Vanstone,“应用密码学手册”,CRC出版社,纽约,1997年,第页。265B.Schneier,“应用密码学”,第二版,约翰·威利父子公司,纽约,1996年,第319-325页。知识产权:见“IETF知识产权公告页”,http://www.ietf.org/ipr.html
[SMIME2] Dusse, S., Hoffman, P., Ramsdell, B., Lundblade, l. and L. Repka, "S/MIME Version 2 Message Specification", RFC 2311, March 1998.
[SMIME2]杜塞,S.,霍夫曼,P.,拉姆斯代尔,B.,伦德布雷德,l。和L.Repka,“S/MIME版本2消息规范”,RFC2311,1998年3月。
[SMIME2] Dusse, S., Hoffman, P., Ramsdell, B. and J. Weinstein, "S/MIME Version 2 Certificate Handling", RFC 2312, March 1998.
[SMIME2]Dusse,S.,Hoffman,P.,Ramsdell,B.和J.Weinstein,“S/MIME版本2证书处理”,RFC 2312,1998年3月。
[SMIME3] Dusse, S., Hoffman, P., Ramsdell, B. and J. Weinstein, "S/MIME Version 3 Certificate Handling", RFC 2632, March 1998.
[SMIME3]Dusse,S.,Hoffman,P.,Ramsdell,B.和J.Weinstein,“S/MIME版本3证书处理”,RFC 2632,1998年3月。
[SMIME3] Ramsdell, B., "S/MIME Version 3 Message Specification", RFC 2633, June 1999.
[SMIME3]Ramsdell,B.,“S/MIME版本3消息规范”,RFC 2633,1999年6月。
[MUSTSHOULD] Bradner, S.,"Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[MUSTSHOULD]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[CMS] Housley, R., "Cryptographic Message Syntax", RFC 2630, June 1999.
[CMS]Housley,R.,“加密消息语法”,RFC 2630,1999年6月。
[PKCS7] Kaliski, B., "PKCS #7: Cryptographic Message Syntax Version 1.5", RFC 2315, March 1998.
[PKCS7]Kaliski,B.,“PKCS#7:加密消息语法版本1.5”,RFC 2315,1998年3月。
B. Comments on IDEA Security and Standards
B.对IDEA安全和标准的评论
The IDEA algorithm was developed in a joint project involving the Swiss Federal Institute of Technology in Zurich (Dr. X. Lai and Prof. J.L. Massey) and Ascom Ltd. The aim of the project was to develop a strong encryption algorithm that could replace the DES algorithm.
IDEA算法是在苏黎世瑞士联邦理工学院(X.Lai博士和J.L.Massey教授)和Ascom有限公司的一个联合项目中开发的。该项目的目的是开发一种可替代DES算法的强加密算法。
IDEA uses 128-bit secret keys and encrypts one 64-bit block at a time [IDEA]. It was particularly strengthened to protect against differential cryptoanalysis attacks. For the full 8-round IDEA there is no attack known which is better than exhaustive search on the total 128-bit key space.
IDEA使用128位密钥,一次加密一个64位块[IDEA]。它得到了特别加强,以防止差分密码分析攻击。对于完整的8轮思想,没有已知的攻击比对总128位密钥空间进行穷举搜索更好。
IDEA permits the implementation of standard Electronic Data Interchange applications. It has been entered in the ISO/IEC register for encryption algorithms and incorporated in the "SECURITY GUIDE LINES" code list by the UNI/EDIFACT "SECURITY JOINT WORKING GROUP".
IDEA允许实现标准的电子数据交换应用程序。它已被输入ISO/IEC加密算法登记册,并由UNI/EDIFACT“安全联合工作组”纳入“安全指南”代码列表。
C. Intellectual Property Rights Notice
C.知识产权公告
Ascom Ltd. holds the patent to IDEA. In accordance with the intellectual property rights procedures of the IETF standards process, Ascom offers a non-exclusive license under reasonable and non-discriminatory terms and conditions.
Ascom有限公司拥有IDEA的专利。根据IETF标准过程的知识产权程序,Ascom根据合理和非歧视性的条款和条件提供非排他性许可。
IDEA(TM) is protected by international copyright law and in addition has been patented in several countries. Because Ascom wants to make this highly secure algorithm widely available, the non-commercial use of this algorithm is free.
IDEA(TM)受国际版权法保护,此外,还获得了多个国家的专利。由于Ascom希望广泛使用这种高度安全的算法,因此该算法的非商业用途是免费的。
Any party wishing to know more about IDEA or to request a license should visit the web sites <http://www.media-crypt.com/>, <http://www.it-sec.com/> or send an e-mail to info@media-crypt.com or Idea@it-sec.com.
希望了解IDEA更多信息或申请许可证的任何一方应访问网站<http://www.media-crypt.com/>, <http://www.it-sec.com/>或发送电子邮件至info@media-crypt.com或Idea@it-sec.com。
D. Acknowledgements
D.致谢
We would like to thank Russ Housley, Jim Schaad and Francois Zeller for their contributions to this document.
我们要感谢Russ Housley、Jim Schaad和Francois Zeller对本文件的贡献。
E. Authors' Addresses
E.作者地址
Stephan Teiwes iT_Security AG (Ltd.) Badenerstrasse 530 CH-8048 Zurich, Switzerland
Stephan Teiwes iT_Security AG(有限公司)Badenerstrasse 530 CH-8048瑞士苏黎世
Phone: +41 1 404 8200
Fax : +41 1 404 8201
EMail: stephan.teiwes@it-sec.com
Phone: +41 1 404 8200
Fax : +41 1 404 8201
EMail: stephan.teiwes@it-sec.com
Peter Hartmann iT_Security AG (Ltd.) Badenerstrasse 530 CH-8048 Zurich, Switzerland
Peter Hartmann iT_Security AG(Ltd.)Badenerstrasse 530 CH-8048瑞士苏黎世
Phone: +41 1 404 8200
Fax : +41 1 404 8201
EMail: peter.hartmann@it-sec.com
Phone: +41 1 404 8200
Fax : +41 1 404 8201
EMail: peter.hartmann@it-sec.com
Diego Kuenzi 724 Solutions Inc. Bahnhofstrasse 16 CH-5600 Lenzburg, Switzerland
Diego Kuenzi 724 Solutions Inc.Bahnhofstrasse 16 CH-5600瑞士伦茨堡
Phone: +41 62 888 3070
Fax: +41 62 888 3071
EMail: dkuenzi@724.com
Phone: +41 62 888 3070
Fax: +41 62 888 3071
EMail: dkuenzi@724.com
F. Full Copyright Statement
F.完整的版权声明
Copyright (C) The Internet Society (2001). All Rights Reserved.
版权所有(C)互联网协会(2001年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。