Network Working Group H. Alvestrand
Request for Comments: 3254 Cisco Systems
Category: Informational April 2002
Network Working Group H. Alvestrand
Request for Comments: 3254 Cisco Systems
Category: Informational April 2002
Definitions for talking about directories
讨论目录的定义
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2002). All Rights Reserved.
版权所有(C)互联网协会(2002年)。版权所有。
Abstract
摘要
When discussing systems for making information accessible through the Internet in standardized ways, it may be useful if the people who are discussing it have a common understanding of the terms they use.
在讨论以标准化方式通过互联网访问信息的系统时,如果讨论信息的人对他们使用的术语有共同的理解,这可能会很有用。
For example, a reference to this document would give one the power to agree that the DNS (Domain Name System) is a global lookup repository with perimeter integrity and loose, converging consistency. On the other hand, a LDAP (Lightweight Directory Access Protocol) directory server is a local, centralized repository with both lookup and search capability.
例如,引用本文档将使人有权同意DNS(域名系统)是一个具有周界完整性和松散、聚合一致性的全局查找存储库。另一方面,LDAP(轻量级目录访问协议)目录服务器是一个具有查找和搜索功能的本地集中存储库。
This document discusses one group of such systems which is known under the term, "directories".
本文件讨论了一组此类系统,称为“目录”。
We suggest using the following terms for the remainder of this document:
我们建议在本文件的其余部分使用以下术语:
- Information: Facts and ideas which can be represented (encoded) as data in various forms.
- 信息:可以以各种形式表示(编码)为数据的事实和想法。
- Data: Information in a specific physical representation, usually a sequence of symbols that have meaning; especially a representation of information that can be processed or produced by a computer. (From [SEC].)
- 数据:特定物理表示形式的信息,通常是一系列有意义的符号;尤其是计算机可以处理或产生的信息的表示。(摘自[证券交易委员会])
- Repository: An amount of data that is accessible through one or more access methods.
- 存储库:可通过一种或多种访问方法访问的数据量。
- Requester: Entity that may (try to) access data in a repository. Note that no assumption is made that the requester is animal, vegetable, or mineral.
- 请求者:可以(尝试)访问存储库中数据的实体。请注意,没有假设请求者是动物、植物或矿物。
- Maintainer: Entity that causes changes to the data in the repository. Usually, all maintainers are requesters, since they need to look at the data too, however, the roles are distinct.
- 维护者:对存储库中的数据进行更改的实体。通常,所有的维护者都是请求者,因为他们也需要查看数据,然而,角色是不同的。
- Access method: Well-defined series of operations that will cause data available from a repository to be obtained by the requester.
- 访问方法:定义良好的一系列操作,这些操作将导致请求者获取存储库中可用的数据。
- Site: Entity that hosts all or part of a repository, and makes it available through one or more access methods. A site may in various contexts be a machine, a datacenter, a network of datacenters, or a single device.
- 站点:承载全部或部分存储库并通过一种或多种访问方法使其可用的实体。在各种环境中,站点可以是机器、数据中心、数据中心网络或单个设备。
This document is not intended to be either comprehensive or definitive, but is intended to give some aid in mutual comprehension when discussing information access methods to be incorporated into Internet Standards-Track documents.
本文件的目的不是全面或明确,而是在讨论纳入互联网标准跟踪文件的信息访问方法时,为相互理解提供一些帮助。
Some information systems are global, in the sense that only one can sensibly exist in the world.
有些信息系统是全球性的,从这个意义上说,世界上只有一个信息系统能够理智地存在。
Others are inherently local, in that each locality, site or even box will run its own information store, independent of all others.
另一些则天生是本地的,因为每个地方、站点甚至盒子都将运行自己的信息存储,独立于所有其他地方。
The following terms are suggested:
建议使用以下术语:
- Global repository: A repository that there can be only one of in the world. The world itself is a prime example; the public telephone system's number assignments according to E.164 is another.
- 全局存储库:世界上只有一个存储库。世界本身就是一个最好的例子;根据E.164,公共电话系统的号码分配是另一个例子。
- Local repository: A class of repository of which multiple instances can exist, each with information relevant to that particular repository, with no need for coordination between them.
- 本地存储库:一类存储库,其中可以存在多个实例,每个实例都有与该特定存储库相关的信息,不需要它们之间的协调。
- Centralized repository: A repository where all access to data has to pass through some single site.
- 集中式存储库:所有数据访问都必须通过某个站点的存储库。
- Distributed repository: A repository that is not centralized; that is, access to data can occur through multiple sites.
- 分布式存储库:不是集中式的存储库;也就是说,可以通过多个站点访问数据。
- Replicated repository: A distributed repository where all sites have the same information.
- 复制存储库:所有站点具有相同信息的分布式存储库。
- Cooperative repository: A distributed repository where not all sites have all the information, but where mechanisms exist to get the info to the requester, even when it is not available to the site originally asked.
- 协作存储库:一种分布式存储库,其中并非所有站点都拥有所有信息,但存在向请求者获取信息的机制,即使最初请求的站点无法使用这些信息。
Note: The term "global" is often a matter of social or legal context; for instance, the E.164 telephone numbering system is global by international treaty, while the debate about whether the Domain Name System is global in fact or just a local repository with ambitions has proved bait for too many discussions to enumerate.
注:“全球”一词通常是社会或法律背景的问题;例如,根据国际条约,E.164电话号码系统是全球性的,而关于域名系统究竟是全球性的,还是仅仅是一个雄心勃勃的本地存储库的争论已经被证明是太多讨论的诱饵,无法列举。
Some claim that globality is in the eye of the beholder; "everything is local to some context". When discussing technology, it may be wise to use "very widely deployed" instead.
有人声称,全局性在旁观者的眼中;“每件事都是特定环境的局部”。在讨论技术时,明智的做法可能是使用“非常广泛的部署”。
Note: Locating the repositories changes with the scale of consideration. For instance, the global DNS system is considered a distributed cooperative repository, built out of zone repositories that themselves may be distributed, and are always replicated when distributed.
注意:定位存储库会随着考虑的范围而变化。例如,全局DNS系统被认为是一个分布式协作存储库,它是在区域外构建的存储库,其本身可能是分布式的,并且在分布式时总是被复制。
A different consideration when describing repositories is the types of method they offer to find information.
在描述存储库时,另一个考虑因素是它们提供的查找信息的方法类型。
The chief classifications are:
主要分类如下:
- Lookup methods require the user to know or guess some exact value before asking for information, sometimes called a "lookup key" or "identifier" and sometimes called a "name". The word "name" is NOT recommended, since it conflicts with other uses of that word The response to a successful lookup is a single group of information, often called "information about the identified entity". A lookup method is binary (yes/no) in recall: It either returns one result or no result; if it returns a result, that result is the right result for that lookup key, so it is also of binary precision (no info or completely relevant info).
- 查找方法要求用户在询问信息之前知道或猜测一些准确的值,有时称为“查找键”或“标识符”,有时称为“名称”。不建议使用“名称”一词,因为它与该词的其他用法冲突。对成功查找的响应是一组信息,通常称为“有关已识别实体的信息”。查全率中的查找方法是二进制的(yes/no):它要么返回一个结果,要么不返回结果;如果它返回一个结果,则该结果是该查找键的正确结果,因此它也是二进制精度(无信息或完全相关信息)。
- Search methods require the user to know some approximate value of some information. They usually return zero, one, or more responses that match the information supplied according to some algorithm. Where the repository is structured around "entities", the information can be about zero, one, or many entities.
- 搜索方法要求用户知道某些信息的近似值。它们通常返回零个、一个或多个响应,这些响应与根据某种算法提供的信息相匹配。如果存储库是围绕“实体”构建的,则信息可以是零个、一个或多个实体。
In database terms, a lookup method corresponds to a query exactly matching a unique key on a table; all other database queries would be classified as "search" methods.
在数据库术语中,查找方法对应于与表上唯一键完全匹配的查询;所有其他数据库查询将被归类为“搜索”方法。
In general, repositories that offer more flexible search methods may also give room for ad-hoc queries, refinements from a previous query, approximate matching and other aids; this may lead to many different combinations of precision and recall.
一般来说,提供更灵活搜索方法的存储库也可能为临时查询、对以前查询的改进、近似匹配和其他帮助提供空间;这可能导致精度和召回率的许多不同组合。
One may define terms to enumerate what one gets out of these repositories:
可以定义术语来列举从这些存储库中获得的内容:
. Precision is the degree to which what you asked for is what you wanted (no extraneous information)
. 精确性是指你所要求的是你想要的(没有无关信息)
. Recall is the ability to assure oneself that all relevant data from the repository is returned
. 召回是指能够确保从存储库返回所有相关数据的能力
. Type I errors occurs when relevant data exists in the repository, but is not returned
. 当存储库中存在相关数据但未返回时,会发生类型I错误
. Type II errors occur when irrelevant data is returned with a query result
. 当查询结果返回不相关的数据时,会发生类型II错误
Note that these concepts can only be applied when the property "relevance" is well defined; that is, it depends on what the repository is used for. A further discussion of these topics is found in [KORFHAGE].
请注意,这些概念只有在“相关性”属性定义明确时才能应用;也就是说,这取决于存储库的用途。有关这些主题的进一步讨论,请参见[KORFHAGE]。
An orthogonal dimension has to do with time:
正交维度与时间有关:
- Query repositories will answer a request with a response, and once that is over with, will do nothing more.
- 查询存储库将用一个响应来回答一个请求,完成后,将不再执行任何操作。
- Notify repositories will get a request from a user to have information returned at some later time when it becomes available, current or whatever, and will respond at that time with a notification that information is available.
- Notify repositories将从用户处获得一个请求,要求在以后某个时间返回可用信息(当前信息或其他信息),并将在该时间以信息可用的通知作出响应。
- Subscription repositories are like notify repositories, but will transfer the actual information when available.
- 订阅存储库类似于通知存储库,但在可用时将传输实际信息。
Consistency (or the lack thereof) is a property of distributed repositories; for this particular discussion, we ignore the subject of semantically inconsistent data (such as occurrences of pregnant men), and focus on the problem of consistency where inconsistency is
一致性(或缺乏一致性)是分布式存储库的属性;在这个特殊的讨论中,我们忽略了语义不一致数据的主题(例如怀孕男性的出现),而将重点放在一致性问题上,因为不一致是不一致的
defined as having the same request, using the same credentials, be answered with different data at different sites.
定义为具有相同的请求,使用相同的凭据,在不同的站点使用不同的数据进行应答。
Distributed repositories may have:
分布式存储库可能有:
- Strict consistency, where the problem above never arises. This is quite difficult; repositories that exhibit this property are usually quite constrained and/or quite expensive.
- 严格一致性,上述问题从未出现。这是相当困难的,;显示此属性的存储库通常非常受限和/或非常昂贵。
- Strict internal consistency, where the replies always reflect a consistent picture of the total repository, but some sites may reflect an earlier version of the repository than others.
- 严格的内部一致性,其中回复始终反映整个存储库的一致性,但某些站点可能反映存储库的早期版本。
- Loose, converging consistency, where different parts of the repository may be updated at different times as seen from a single site, but the process is designed in such a way that if one stops making changes to the repository, all sites will sooner or later present the same information.
- 松散、聚合的一致性,从单个站点可以看到存储库的不同部分可能在不同的时间更新,但该过程的设计方式是,如果停止对存储库进行更改,所有站点迟早会显示相同的信息。
- Inconsistency, where no guarantee can be made whatsoever
- 不一致,无法作出任何保证
One interesting variant is subset consistency, where the system is consistent (according to one of the definitions above), but not all questions will be answered at all sites; possibly because different sites have different policies on what they make available (NetNews), or because different sites only need different subsets of the "whole picture" (BGP).
一个有趣的变体是子集一致性,其中系统是一致的(根据上述定义之一),但并非所有站点都能回答所有问题;可能是因为不同的网站对其提供的内容有不同的政策(NetNews),或者是因为不同的网站只需要“全貌”(BGP)的不同子集。
Its harder to describe security models in a few sentences than other properties of information systems. There also exists a large specialized literature on terminology for security, including [SEC].
与信息系统的其他属性相比,用几句话描述安全模型更难。还有大量关于安全术语的专门文献,包括[SEC]。
Some thoughts, though:
但也有一些想法:
On trust in data: Why do we trust a piece of data to be correct?
关于对数据的信任:为什么我们相信一段数据是正确的?
- Because it's in the repository (and therefore must have been authorized).
- 因为它在存储库中(因此必须经过授权)。
This is perimeter (or Eggshell) integrity.
这就是周长(或蛋壳)完整性。
- Because it contains internal integrity checks, usually involving digital signatures by verifiable identities. This is item integrity; the granularity of the integrity and the ability to do
- 因为它包含内部完整性检查,通常涉及可验证身份的数字签名。这是项目完整性;完整性的粒度和执行的能力
integrity checks on the relationships between objects is extremely important and extremely hard to get right, as is establishing the roots of the trust chains.
对对象之间关系的完整性检查极为重要,而且极为困难,建立信任链的根也是如此。
- Because it fits other available information, and causes the right things to happen when I use it.
- 因为它适合其他可用信息,并且在我使用它时会导致正确的事情发生。
This is hopeful integrity.
这是充满希望的诚信。
Which integrity model to choose is a matter of evaluating the cost of implementing the integrity (cost), the value to you of integrity of the resource being protected (value), and the impact of cost on doing business (risk).
选择哪种完整性模型取决于评估实现完整性的成本(成本)、受保护资源的完整性对您的价值(价值)以及成本对业务的影响(风险)。
On access to information, the usual categories apply:
在获取信息方面,通常的类别适用于:
- Open access: Anyone can get the information.
- 开放存取:任何人都可以获得信息。
- Property-based access: Access because of what you are, or where you are. For example limited to "same network", "physically present", or "resolvable DNS name"
- 基于属性的访问:基于您的身份或位置的访问。例如,仅限于“相同网络”、“物理存在”或“可解析DNS名称”
- Identity-based access: Access because of who you are (or successfully claim to be). (I.e., username/password, personal certificates or other verifiable information.)
- 基于身份的访问:由于您是谁(或成功声称是谁)而进行的访问。(即用户名/密码、个人证书或其他可验证信息。)
These are then backed up by a layer specifying what the identity you have proven yourself to be has access to.
然后由一个层进行备份,该层指定您已证明自己的身份可以访问的身份。
- Token-based access: Access because of what you have. Hardware tokens, smartcards, certificates, or capability keys.
- 基于令牌的访问:基于您所拥有的内容进行访问。硬件令牌、智能卡、证书或功能密钥。
In this case, access is given to all who can present that credential, without caring about their identity.
在这种情况下,所有能够出示凭证的人都可以访问,而不必关心他们的身份。
The most common approaches are identity-based and open access; however, "what you have" access is commonly used informally in, for example, password-protected FTP or Web sites where the password is shared between all members of a group.
最常见的方法是基于身份和开放访问;但是,“您拥有的”访问权限通常非正式地用于受密码保护的FTP或网站中,在这些网站中,密码在组的所有成员之间共享。
A few examples:
举几个例子:
- Read-only repositories have no standard means of changing the information in them. This is usually accomplished through some other interface than the standard interface.
- 只读存储库没有更改其中信息的标准方法。这通常是通过标准接口以外的其他接口实现的。
- Read-mostly repositories are designed based on a theory that reads will greatly outnumber updates; this may, for instance, be reflected in relatively slow consistency-updating protocols.
- 以阅读为主的存储库是基于这样一种理论设计的:阅读的数量将大大超过更新的数量;例如,这可能反映在相对缓慢的一致性更新协议中。
- Read-write repositories assume that the updates and the read operations are of the same order of magnitude.
- 读写存储库假定更新和读操作具有相同的数量级。
- Write-mostly repositories are designed to store an incoming stream of data, and when needed reproduce a relevant piece of data from the stream. Typical examples are insurance company databases and audit logs.
- 以写为主的存储库设计用于存储传入的数据流,并在需要时从数据流中复制相关数据段。典型的例子是保险公司数据库和审计日志。
The definitions above never used the term "Directory".
上述定义从未使用“目录”一词。
In most common usages, the properties that a repository must have in order to be worthy of being called a directory are:
在最常见的用法中,存储库必须具有以下属性才能被称为目录:
- Search
- 搜索
- Convergent consistency
- 收敛一致性
All the other terms above may vary across the set of things that are called "directories".
上述所有其他术语可能因称为“目录”的一组内容而异。
The DNS [DNS] is a global cooperative lookup repository with loose, converging consistency and query capability only.
DNS[DNS]是一个全局协作查找存储库,仅具有松散、聚合一致性和查询功能。
It is either strictly read-only or read-mostly (with Dynamic DNS), has an open access model, and mainly perimeter integrity (some would say hopeful integrity). DNSSEC [DNSSEC] aims to give it item integrity.
它要么是严格的只读的,要么是多读的(使用动态DNS),具有开放访问模型,主要是外围完整性(有些人会说是希望的完整性)。DNSSEC[DNSSEC]旨在赋予it项目完整性。
The DNS is built out of zone repositories that themselves may be distributed, and are always replicated when distributed.
DNS是在区域外构建的存储库,其本身可能是分布式的,并且在分发时总是进行复制。
Note that like many other systems, the DNS has some features that do not fit neatly in the classification; for instance, there is a (deprecated and not widely used) function called IQUERY, which allows a very limited query capability.
请注意,与许多其他系统一样,DNS具有一些不适合分类的功能;例如,有一个名为IQUERY的函数(已弃用且未广泛使用),它允许非常有限的查询功能。
If one opens up the box and looks at the relationship between primary and secondary nameservers, that can be seen as a limited form of notify capability, but this is not available to end-users of the total system.
如果打开该框并查看主名称服务器和辅助名称服务器之间的关系,可以将其视为一种有限形式的通知功能,但整个系统的最终用户无法使用这种功能。
X.500 [X500] was intended to be a global search repository with loose, converging consistency.
X.500[X500]旨在成为一个具有松散、聚合一致性的全局搜索存储库。
It was intended to be read-mostly, perimeter secure and query-capable.
它主要用于阅读、周边安全和查询功能。
The Global or top-level BGP routing information database [BGP1] is often viewed as a global read-write repository with loose, converging subset consistency (not all routes are carried everywhere) and very limited integrity control, mostly intended to be perimeter integrity based on, "access control based on what you are".
全局或顶级BGP路由信息数据库[BGP1]通常被视为一个全局读写存储库,具有松散、聚合的子集一致性(并非所有路由都在任何地方进行)和非常有限的完整性控制,主要是基于“基于您的身份的访问控制”的周界完整性。
One can argue that BGP [BGP2] is better viewed as a global mechanism for updating a set of local read/write repositories, since far from all routing information is carried everywhere, and the decision on what routes to accept is always considered a local policy matter. But from a security model perspective, a lot of the controls are applied at the periphery of the routing system, not at each local repository; this still makes it interesting to consider properties that apply to the BGP system as a whole.
有人可能会争辩说,BGP[BGP2]更适合被视为更新一组本地读/写存储库的全局机制,因为并非所有路由信息都被到处携带,关于接受哪些路由的决定总是被视为本地策略问题。但从安全模型的角度来看,许多控制应用于路由系统的外围,而不是每个本地存储库;这仍然使得考虑作为整体应用于BGP系统的属性是有趣的。
NetNews [NEWS] is a global read-write repository with loose (non-converging) subset consistency (not all sites carry all articles, and article retention times differ). Between sites it offers subscription capability; to users it offers both search and lookup functionality.
NetNews[NEWS]是一个具有松散(非收敛)子集一致性的全局读写存储库(并非所有站点都承载所有文章,而且文章保留时间不同)。在站点之间,它提供订阅功能;对于用户来说,它提供了搜索和查找功能。
An SNMP [SNMP] agent can be thought of as a local, centralized repository offering lookup functionality.
SNMP[SNMP]代理可以被视为提供查找功能的本地集中存储库。
With SNMPv3, it offers all kinds of access models, but mostly, "access because of what you have", seems popular.
有了SNMPv3,它提供了各种访问模型,但大多数情况下,“因为你拥有的东西而访问”似乎很流行。
Security is a very relevant question when considering information access systems.
在考虑信息访问系统时,安全性是一个非常相关的问题。
Some issues to consider are:
需要考虑的一些问题有:
- Controlled access to information
- 对信息的受控访问
- Controlled rights to update information
- 更新信息的受控权限
- Protection of the information path from provider to consumer
- 保护从提供者到使用者的信息路径
- With personal information, privacy issues
- 个人信息、隐私问题
- Interactions between multiple ways to access the same information
- 访问相同信息的多种方式之间的交互
It is probably a Good Thing to consider carefully the security models from section 2.4 when designing repositories or repository access protocols.
在设计存储库或存储库访问协议时,仔细考虑第2.4节中的安全模型可能是一件好事。
The author wishes to thank all who contributed to this document, including Patrik Faltstrom, Eric A. Hall, James Benedict, Ted Hardie, Urs Eppenberger, John Klensin, and many others.
作者希望感谢所有对本文件作出贡献的人,包括帕特里克·法茨特罗姆、埃里克·霍尔、詹姆斯·本尼迪克特、特德·哈代、乌斯·埃彭伯格、约翰·克莱辛和其他许多人。
[SEC] Shirey, R., "Internet Security Glossary", FYI 36, RFC 2828, May 2000.
[SEC]Shirey,R.,“互联网安全词汇表”,FYI 36,RFC 28282000年5月。
[DNS] Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, November 1987.
[DNS]Mockapetris,P.,“域名-概念和设施”,STD 13,RFC 1034,1987年11月。
[DNSSEC] Eastlake, D., "Domain Name System Security Extensions", RFC 2535, March 1999.
[DNSSEC] Eastlake, D., "Domain Name System Security Extensions", RFC 2535, March 1999.translate error, please retry
[E164] ITU-T Recommendation E.164/I.331 (05/97): The International Public Telecommunication Numbering Plan. 1997.
[E164]ITU-T建议E.164/I.331(05/97):国际公共电信编号计划。1997
[BGP1] "Analyzing the Internet's BGP Routing Table", published in
"The Internet Protocol Journal", Volume 4, No 1, April
2001. At the time of writing, available at
http://www.telstra.net/gih/papers/ipj/4-1-bgp.pdf
[BGP1] "Analyzing the Internet's BGP Routing Table", published in
"The Internet Protocol Journal", Volume 4, No 1, April
2001. At the time of writing, available at
http://www.telstra.net/gih/papers/ipj/4-1-bgp.pdf
[BGP2] Rekhter, Y. and T. Li, "A Border Gateway Protocol 4 (BGP-4)", RFC 1771, March 1995.
[BGP2]Rekhter,Y.和T.Li,“边境网关协议4(BGP-4)”,RFC 17711995年3月。
[NEWS] Kantor, B. and P. Lapsley, "Network News Transfer Protocol", RFC 977, February 1986.
[新闻]Kantor,B.和P.Lapsley,“网络新闻传输协议”,RFC9771986年2月。
[SNMP] Case, J., Mundy, R., Partain, D. and B. Stewart, "Introduction to Version 3 of the Internet-standard Network Management Framework", RFC 2570, April 1999.
[SNMP]Case,J.,Mundy,R.,Partain,D.和B.Stewart,“互联网标准网络管理框架第3版简介”,RFC 25701999年4月。
[X500] Weider, C. and J. Reynolds, "Executive Introduction to Directory Services Using the X.500 Protocol", FYI 13, RFC 1308, March 1992.
[X500]Weider,C.和J.Reynolds,“使用X.500协议的目录服务执行简介”,FYI 13,RFC 1308,1992年3月。
[KORFHAGE] "Information Storage and Retrieval", Robert R. Korfhage, Wiley 1997. See page 194 for "precision" and "recall" definitions.
[KORFHAGE]“信息存储和检索”,Robert R.KORFHAGE,Wiley,1997年。“精度”和“召回”定义见第194页。
Harald Tveit Alvestrand Cisco Systems Weidemanns vei 27 N-7043 Trondheim NORWAY
Harald Tveit Alvestrand Cisco Systems Weidemans vei 27 N-7043挪威特隆赫姆
Phone: +47 41 44 29 94
EMail: Harald@alvestrand.no
Phone: +47 41 44 29 94
EMail: Harald@alvestrand.no
Copyright (C) The Internet Society (2002). All Rights Reserved.
版权所有(C)互联网协会(2002年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。