Network Working Group C. Madson Request for Comments: 2405 Cisco Systems, Inc. Category: Standards Track N. Doraswamy Bay Networks, Inc. November 1998
Network Working Group C. Madson Request for Comments: 2405 Cisco Systems, Inc. Category: Standards Track N. Doraswamy Bay Networks, Inc. November 1998
The ESP DES-CBC Cipher Algorithm With Explicit IV
具有显式IV的ESP DES-CBC密码算法
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
Abstract
摘要
This document describes the use of the DES Cipher algorithm in Cipher Block Chaining Mode, with an explicit IV, as a confidentiality mechanism within the context of the IPSec Encapsulating Security Payload (ESP).
本文档描述了在密码块链接模式下使用DES密码算法,并带有明确的IV,作为IPSec封装安全负载(ESP)上下文中的保密机制。
This document describes the use of the DES Cipher algorithm in Cipher Block Chaining Mode as a confidentiality mechanism within the context of the Encapsulating Security Payload.
本文档描述了在密码块链接模式下使用DES密码算法作为封装安全负载上下文中的保密机制。
DES is a symmetric block cipher algorithm. The algorithm is described in [FIPS-46-2][FIPS-74][FIPS-81]. [Schneier96] provides a general description of Cipher Block Chaining Mode, a mode which is applicable to several encryption algorithms.
DES是一种对称分组密码算法。[FIPS-46-2][FIPS-74][FIPS-81]中描述了该算法。[Schneier96]提供了密码块链接模式的一般说明,该模式适用于多种加密算法。
As specified in this memo, DES-CBC is not an authentication mechanism. [Although DES-MAC, described in [Schneier96] amongst other places, does provide authentication, DES-MAC is not discussed here.]
如本备忘录所述,DES-CBC不是身份验证机制。[尽管[Schneier96]和其他地方描述的DES-MAC确实提供身份验证,但此处不讨论DES-MAC。]
For further information on how the various pieces of ESP fit together to provide security services, refer to [ESP] and [road].
有关ESP各部件如何配合以提供安全服务的更多信息,请参阅[ESP]和[road]。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC-2119].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC-2119]中所述进行解释。
DES-CBC is a symmetric secret-key block algorithm. It has a block size of 64 bits.
DES-CBC是一种对称密钥块算法。它的块大小为64位。
[FIPS-46-2][FIPS-74] and [FIPS-81] describe the DES algorithm, while [Schneier96] provides a good description of CBC mode.
[FIPS-46-2][FIPS-74]和[FIPS-81]描述了DES算法,而[Schneier96]提供了CBC模式的良好描述。
Phil Karn has tuned DES-CBC software to achieve 10.45 Mbps with a 90 MHz Pentium, scaling to 15.9 Mbps with a 133 MHz Pentium. Other DES speed estimates may be found in [Schneier96].
Phil Karn已调整DES-CBC软件,使其在90 MHz奔腾上达到10.45 Mbps,在133 MHz奔腾上扩展到15.9 Mbps。其他DES速度估计值可在[Schneier96]中找到。
DES-CBC requires an explicit Initialization Vector (IV) of 8 octets (64 bits). This IV immediately precedes the protected (encrypted) payload. The IV MUST be a random value.
DES-CBC需要8个八位字节(64位)的显式初始化向量(IV)。该IV紧跟在受保护(加密)有效负载之前。IV必须是一个随机值。
Including the IV in each datagram ensures that decryption of each received datagram can be performed, even when some datagrams are dropped, or datagrams are re-ordered in transit.
在每个数据报中包括IV确保可以对每个接收到的数据报进行解密,即使某些数据报被丢弃,或者数据报在传输过程中被重新排序。
Implementation note:
实施说明:
Common practice is to use random data for the first IV and the last 8 octets of encrypted data from an encryption process as the IV for the next encryption process; this logically extends the CBC across the packets. It also has the advantage of limiting the leakage of information from the random number genrator. No matter which mechnism is used, the receiver MUST NOT assume any meaning for this value, other than that it is an IV.
通常的做法是使用加密过程中的第一个IV和最后8个八位字节的加密数据的随机数据作为下一个加密过程的IV;这在逻辑上将CBC扩展到数据包。它还具有限制来自随机数发生器的信息泄漏的优点。无论使用哪种机制,接收器都不得对此值假设任何意义,除非它是IV。
To avoid ECB encryption of very similar plaintext blocks in different packets, implementations MUST NOT use a counter or other low-Hamming distance source for IVs.
为了避免对不同数据包中非常相似的明文块进行ECB加密,实现时不得为IVs使用计数器或其他低汉明距离源。
The payload field, as defined in [ESP], is broken down according to the following diagram:
[ESP]中定义的有效载荷字段根据下图进行分解:
+---------------+---------------+---------------+---------------+ | | + Initialization Vector (IV) + | | +---------------+---------------+---------------+---------------+ | | ~ Encrypted Payload (variable length) ~ | | +---------------------------------------------------------------+ 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8
+---------------+---------------+---------------+---------------+ | | + Initialization Vector (IV) + | | +---------------+---------------+---------------+---------------+ | | ~ Encrypted Payload (variable length) ~ | | +---------------------------------------------------------------+ 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8
The DES-CBC algorithm described in this document MUST use a block size of 8 octets (64 bits).
本文档中描述的DES-CBC算法必须使用8个八位字节(64位)的块大小。
When padding is required, it MUST be done according to the conventions specified in [ESP].
当需要填充时,必须按照[ESP]中指定的约定进行填充。
DES-CBC is a symmetric secret key algorithm. The key size is 64-bits. [It is commonly known as a 56-bit key as the key has 56 significant bits; the least significant bit in every byte is the parity bit.]
DES-CBC是一种对称密钥算法。密钥大小为64位。[通常称为56位密钥,因为密钥有56个有效位;每个字节中的最低有效位是奇偶校验位。]
[arch] describes the general mechanism to derive keying material for the ESP transform. The derivation of the key from some amount of keying material does not differ between the manually- and automatically-keyed security associations.
[arch]描述了为ESP转换导出关键帧材质的一般机制。在手动和自动设置密钥的安全关联中,从一定数量的密钥材料中派生出密钥并没有什么不同。
This mechanism MUST derive a 64-bit key value for use by this cipher. The mechanism will derive raw key values, the derivation process itself is not responsible for handling parity or weak key checks.
此机制必须派生64位密钥值以供此密码使用。该机制将派生原始密钥值,派生过程本身不负责处理奇偶校验或弱密钥检查。
Weak key checks SHOULD be performed. If such a key is found, the key SHOULD be rejected and a new SA requested.
应执行弱密钥检查。如果找到此类密钥,则应拒绝该密钥并请求新的SA。
Implementation note:
实施说明:
If an implementation chooses to do weak key checking, it should recognize that the known weak keys [FIPS74] have been adjusted for parity. Otherwise the handling of parity is a local issue.
如果一个实现选择进行弱密钥检查,它应该识别已知的弱密钥[FIPS74]已经针对奇偶校验进行了调整。否则,奇偶校验的处理是一个局部问题。
A strong pseudo-random function MUST be used to generate the required key. For a discussion on this topic, reference [RFC1750].
必须使用强伪随机函数来生成所需的密钥。有关此主题的讨论,请参考[RFC1750]。
DES has 16 known weak keys, including so-called semi-weak keys. The list of weak keys can be found in [FIPS74].
DES有16个已知的弱密钥,包括所谓的半弱密钥。弱键列表可在[FIPS74]中找到。
[Blaze96] discusses the costs and key recovery time for brute force attacks. It presents various combinations of total cost/time to recover a key/cost per key recovered for 40-bit and 56-bit DES keys, based on late 1995 estimates.
[Blaze96]讨论暴力攻击的成本和关键恢复时间。它根据1995年后期的估计,给出了恢复40位和56位DES密钥的密钥的总成本/时间/每个密钥的成本的各种组合。
While a brute force search of a 56-bit DES keyspace can be considered infeasable for the so-called casual hacker, who is simply using spare CPU cycles or other low-cost resources, it is within reach of someone willing to spend a bit more money.
虽然56位DES密钥空间的暴力搜索对于所谓的临时黑客来说是不可行的,因为他们只是使用空闲的CPU周期或其他低成本资源,但愿意多花一点钱的人是可以做到的。
For example, for a cost of $300,000, a 56-bit DES key can be recovered in an average of 19 days using off-the-shelf technology and in only 3 hours using a custom developed chip.
例如,成本为30万美元,使用现成的技术,56位DES密钥平均可在19天内恢复,使用定制开发的芯片仅需3小时即可恢复。
It should be noted that there are other attacks which can recover the key faster, that brute force attacks are considered the "worst case", although the easiest to implement.
应该注意的是,还有其他攻击可以更快地恢复密钥,暴力攻击被认为是“最坏的情况”,尽管最容易实现。
[Wiener94] also discusses a $1M machine which can break a DES key in 3.5 hours (1993 estimates), using a known-plaintext attack. As discussed in the Security Considerations section, a known plaintext attack is reasonably likely.
[Wiener94]还讨论了一台价值100万美元的机器,它可以使用已知的明文攻击在3.5小时内破解DES密钥(1993年估计)。正如在“安全注意事项”一节中所讨论的,已知的明文攻击相当可能发生。
It should also be noted that over time, the total and average search costs as well as the average key recovery time will continue to drop.
还应注意,随着时间的推移,总搜索成本和平均搜索成本以及平均密钥恢复时间将继续下降。
While the above does not provide specific recommendations for key lifetime, it does reinforce the point that for a given application the desired key lifetime is dependent upon the perceived threat (an educated guess as to the amount of resources available to the attacker) relative to the worth of the data to be protected.
虽然上面没有提供密钥生存期的具体建议,但它确实强调了一点,即对于给定的应用程序,所需的密钥生存期取决于相对于要保护的数据价值的感知威胁(关于攻击者可用资源量的有根据的猜测)。
While there are no recommendations for volume-based lifetimes made here, it shoud be noted that given sufficient volume there is an increased probabilty that known plaintext can be accumulated.
虽然这里没有对基于卷的生存期提出建议,但应该注意的是,如果有足够的卷,则积累已知明文的可能性会增加。
As of this writing, there are no known issues which preclude the use of the DES-CBC algorithm with any specific authentication algorithm.
在撰写本文时,还没有任何已知的问题阻止DES-CBC算法与任何特定的认证算法一起使用。
[Much of this section was originally written by William Allen Simpson and Perry Metzger.]
[本节大部分内容最初由威廉·艾伦·辛普森和佩里·梅茨格撰写。]
Users need to understand that the quality of the security provided by this specification depends completely on the strength of the DES algorithm, the correctness of that algorithm's implementation, the security of the Security Association management mechanism and its implementation, the strength of the key [CN94], and upon the correctness of the implementations in all of the participating nodes.
用户需要了解,本规范提供的安全质量完全取决于DES算法的强度、该算法实现的正确性、安全关联管理机制及其实现的安全性、密钥的强度[CN94],以及在所有参与节点中实现的正确性。
[Bell95] and [Bell96] describe a cut and paste splicing attack which applies to all Cipher Block Chaining algorithms. This attack can be addressed with the use of an authentication mechanism.
[Bell95]和[Bell96]描述了一种剪切粘贴拼接攻击,该攻击适用于所有密码块链接算法。可以使用身份验证机制解决此攻击。
The use of the cipher mechanism without any corresponding authentication mechanism is strongly discouraged. This cipher can be used in an ESP transform that also includes authentication; it can also be used in an ESP transform that doesn't include authentication provided there is an companion AH header. Refer to [ESP], [AH], [arch], and [road] for more details.
强烈反对在没有任何相应身份验证机制的情况下使用密码机制。此密码可用于还包括身份验证的ESP转换;它还可以用于不包括身份验证的ESP转换,前提是有一个伴随的AH头。有关详细信息,请参阅[ESP]、[AH]、[arch]和[road]。
When the default ESP padding is used, the padding bytes have a predictable value. They provide a small measure of tamper detection on their own block and the previous block in CBC mode. This makes it somewhat harder to perform splicing attacks, and avoids a possible covert channel. This small amount of known plaintext does not create any problems for modern ciphers.
使用默认ESP填充时,填充字节具有可预测的值。它们在CBC模式下对自己的块和前一个块提供少量篡改检测。这使得执行拼接攻击变得有些困难,并避免了可能的隐蔽通道。已知的少量明文不会给现代密码带来任何问题。
At the time of writing of this document, [BS93] demonstrated a differential cryptanalysis based chosen-plaintext attack requiring 2^47 plaintext-ciphertext pairs, where the size of a pair is the size of a DES block (64 bits). [Matsui94] demonstrated a linear cryptanalysis based known-plaintext attack requiring only 2^43 plaintext-ciphertext pairs. Although these attacks are not considered practical, they must be taken into account.
在撰写本文档时,[BS93]演示了一种基于差分密码分析的选择明文攻击,需要2^47个明文密文对,其中对的大小是DES块的大小(64位)。[Matsui94]演示了一种基于线性密码分析的已知明文攻击,只需要2^43个明文密文对。虽然这些攻击被认为是不切实际的,但必须加以考虑。
More disturbingly, [Wiener94] has shown the design of a DES cracking machine costing $1 Million that can crack one key every 3.5 hours. This is an extremely practical attack.
更令人不安的是,[Wiener94]展示了一款价值100万美元的DES破解机的设计,它每3.5小时就能破解一把钥匙。这是一次非常实际的攻击。
One or two blocks of known plaintext suffice to recover a DES key. Because IP datagrams typically begin with a block of known and/or guessable header text, frequent key changes will not protect against this attack.
一个或两个已知明文块足以恢复DES密钥。由于IP数据报通常以已知和/或可猜测的头文本块开始,频繁的密钥更改将无法防止此攻击。
It is suggested that DES is not a good encryption algorithm for the protection of even moderate value information in the face of such equipment. Triple DES is probably a better choice for such purposes.
有人认为,DES不是一种很好的加密算法,即使在面对此类设备时,它也不能保护中等价值的信息。三重DES可能是更好的选择。
However, despite these potential risks, the level of privacy provided by use of ESP DES-CBC in the Internet environment is far greater than sending the datagram as cleartext.
然而,尽管存在这些潜在风险,但在互联网环境中使用ESP DES-CBC提供的隐私级别远远高于以明文形式发送数据报。
The case for using random values for IVs has been refined with the following summary provided by Steve Bellovin. Refer to [Bell97] for further information.
史蒂夫·贝洛文(Steve Bellovin)提供了以下总结,对IVs使用随机值的情况进行了改进。有关更多信息,请参阅[Bell97]。
"The problem arises if you use a counter as an IV, or some other source with a low Hamming distance between successive IVs, for encryption in CBC mode. In CBC mode, the "effective plaintext" for an encryption is the XOR of the actual plaintext and the ciphertext of the preceeding block. Normally, that's a random value, which means that the effective plaintext is quite random. That's good, because many blocks of actual plaintext don't change very much from packet to packet, either.
如果在CBC模式下,将计数器用作IV或连续IV之间具有较低汉明距离的其他来源进行加密,则会出现问题“因为加密是前一块的实际明文和密文的异或。通常,这是一个随机值,这意味着有效的明文是随机的。这很好,因为许多实际的明文块在不同的数据包之间也不会有太大的变化。
For the first block of plaintext, though, the IV takes the place of the previous block of ciphertext. If the IV doesn't differ much from the previous IV, and the actual plaintext block doesn't differ much from the previous packet's, then the effective plaintext won't differ much, either. This means that you have pairs of ciphertext blocks combined with plaintext blocks that differ in just a few bit positions. This can be a wedge for assorted cryptanalytic attacks."
然而,对于第一块明文,IV取代了前一块密文。如果IV与前一个IV没有太大差异,并且实际的明文块与前一个数据包没有太大差异,那么有效的明文也不会有太大差异。这意味着您有一对密文块和纯文本块组合在一起,它们仅在几位位置上不同。这可能是各种密码分析攻击的楔子。”
The discussion on IVs has been updated to require that an implementation not use a low-Hamming distance source for IVs.
关于IVs的讨论已经更新,要求实现不对IVs使用低汉明距离源。
[Bell95] Bellovin, S., "An Issue With DES-CBC When Used Without Strong Integrity", Presentation at the 32nd Internet Engineering Task Force, Danvers Massachusetts, April 1995.
[Bell95]Bellovin,S.,“DES-CBC在使用时不具有强完整性的问题”,在马萨诸塞州丹弗斯市第32届互联网工程特别工作组上的演讲,1995年4月。
[Bell96] Bellovin, S., "Problem Areas for the IP Security Protocols", Proceedings of the Sixth Usenix Security Symposium, July 1996.
[Bell96]Bellovin,S.,“IP安全协议的问题领域”,第六届Usenix安全研讨会论文集,1996年7月。
[Bell97] Bellovin, S., "Probable Plaintext Cryptanalysis of the IP Security Protocols", Proceedings of the Symposium on Network and Distributed System Security, San Diego, CA, pp. 155-160, February 1997 (also http://www.research.att.com/~smb/papers/probtxt.{ps, pdf}).
[Bell97]Bellovin,S.,“IP安全协议的可能明文密码分析”,网络和分布式系统安全研讨会论文集,加利福尼亚州圣地亚哥,第155-160页,1997年2月(也是http://www.research.att.com/~smb/papers/probtxt.{ps,pdf})。
[BS93] Biham, E., and A. Shamir, "Differential Cryptanalysis of the Data Encryption Standard", Berlin: Springer-Verlag, 1993.
[BS93]Biham,E.和A.Shamir,“数据加密标准的差分密码分析”,柏林:Springer Verlag,1993年。
[Blaze96] Blaze, M., Diffie, W., Rivest, R., Schneier, B., Shimomura, T., Thompson, E., and M. Wiener, "Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security", currently available at http://www.bsa.org/policy/encryption/cryptographers.html.
[Blaze96]Blaze,M.,Diffie,W.,Rivest,R.,Schneier,B.,Shimomura,T.,Thompson,E.,和M.Wiener,“对称密码提供充分商业安全的最小密钥长度”,目前可在http://www.bsa.org/policy/encryption/cryptographers.html.
[CN94] Carroll, J.M., and S. Nudiati, "On Weak Keys and Weak Data: Foiling the Two Nemeses", Cryptologia, Vol. 18 No. 23 pp. 253-280, July 1994.
[CN94]Carroll,J.M.和S.Nudiati,“关于弱密钥和弱数据:挫败两个敌人”,密码学,第18卷第23期,253-280页,1994年7月。
[FIPS-46-2] US National Bureau of Standards, "Data Encryption Standard", Federal Information Processing Standard (FIPS) Publication 46-2, December 1993, http://www.itl.nist.gov/div897/pubs/fip46-2.htm (supercedes FIPS-46-1).
[FIPS-46-2]美国国家标准局,“数据加密标准”,联邦信息处理标准(FIPS)出版物46-2,1993年12月,http://www.itl.nist.gov/div897/pubs/fip46-2.htm (取代FIPS-46-1)。
[FIPS-74] US National Bureau of Standards, "Guidelines for Implementing and Using the Data Encryption Standard", Federal Information Processing Standard (FIPS) Publication 74, April 1981, http://www.itl.nist.gov/div897/pubs/fip74.htm.
[FIPS-74]美国国家标准局,“实施和使用数据加密标准的指南”,联邦信息处理标准(FIPS)出版物74,1981年4月,http://www.itl.nist.gov/div897/pubs/fip74.htm.
[FIPS-81] US National Bureau of Standards, "DES Modes of Operation", Federal Information Processing Standard (FIPS) Publication 81, December 1980, http://www.itl.nist.gov/div897/pubs/fip81.htm.
[FIPS-81]美国国家标准局,“DES操作模式”,联邦信息处理标准(FIPS)出版物81,1980年12月,http://www.itl.nist.gov/div897/pubs/fip81.htm.
[Matsui94] Matsui, M., "Linear Cryptanalysis method for DES Cipher", Advances in Cryptology -- Eurocrypt '93 Proceedings, Berlin: Springer-Verlag, 1994.
[Matsui94]Matsui,M.,“DES密码的线性密码分析方法”,密码学进展——欧洲密码'93会议录,柏林:Springer Verlag,1994年。
[RFC-1750] Eastlake, D., Crocker, S., and J. Schiller, "Randomness Recommendations for Security", RFC 1750, December 1994.
[RFC-1750]Eastlake,D.,Crocker,S.,和J.Schiller,“安全性的随机性建议”,RFC 1750,1994年12月。
[RFC-2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC-2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[Schneier96] Schneier, B., "Applied Cryptography Second Edition", John Wiley & Sons, New York, NY, 1996. ISBN 0-471- 12845-7.
[Schneier96]Schneier,B.,“应用密码学第二版”,John Wiley&Sons,纽约,1996年。ISBN 0-471-12845-7。
[Wiener94] Wiener, M.J., "Efficient DES Key Search", School of Computer Science, Carleton University, Ottawa, Canada, TR-244, May 1994. Presented at the Rump Session of Crypto '93. [Reprinted in "Practical Cryptography for Data Internetworks", W.Stallings, editor, IEEE Computer Society Press, pp.31-79 (1996). Currently available at ftp://ripem.msu.edu/pub/crypt/docs/des-key-search.ps.]
[Wiener94]Wiener,M.J.,“有效的密钥搜索”,加拿大渥太华卡尔顿大学计算机科学学院,TR-244,1994年5月。在Crypto'93的尾部会议上提出。[重印于“数据互联网络的实用加密”,W.Stallings,编辑,IEEE计算机学会出版社,第31-79页(1996年)。目前可在ftp://ripem.msu.edu/pub/crypt/docs/des-key-search.ps.]
[ESP] Kent, S., and R. Atkinson, "IP Encapsulating Security Payload (ESP)", RFC 2406, November 1998.
[ESP]Kent,S.和R.Atkinson,“IP封装安全有效负载(ESP)”,RFC 2406,1998年11月。
[AH] Kent, S., and R. Atkinson, "IP Authentication Header (AH)", RFC 2402, November 1998.
[AH]Kent,S.和R.Atkinson,“IP认证头(AH)”,RFC 2402,1998年11月。
[arch] Kent, S., and R. Atkinson, "Security Architecture for the Internet Protocol", RFC 2401, November 1998.
[arch]Kent,S.和R.Atkinson,“互联网协议的安全架构”,RFC 2401,1998年11月。
[road] Thayer, R., Doraswamy, N., and R. Glenn, "IP Security Document Roadmap", RFC 2411, November 1998.
[road]Thayer,R.,Doraswamy,N.,和R.Glenn,“IP安全文档路线图”,RFC 24111998年11月。
Much of the information provided here originated with various ESP-DES documents authored by Perry Metzger and William Allen Simpson, especially the Security Considerations section.
这里提供的大部分信息来源于Perry Metzger和William Allen Simpson编写的各种ESP-DES文档,特别是安全注意事项部分。
This document is also derived in part from previous works by Jim Hughes, those people that worked with Jim on the combined DES-CBC+HMAC-MD5 ESP transforms, the ANX bakeoff participants, and the members of the IPsec working group.
本文件还部分来源于Jim Hughes之前的工作、与Jim合作进行DES-CBC+HMAC-MD5 ESP组合转换的人员、ANX bakeoff参与者以及IPsec工作组成员。
Thanks to Rob Glenn for assisting with the nroff formatting.
感谢Rob Glenn对nroff格式的帮助。
The IPSec working group can be contacted via the IPSec working group's mailing list (ipsec@tis.com) or through its chairs:
可以通过IPSec工作组的邮件列表联系IPSec工作组(ipsec@tis.com)或者通过它的椅子:
Robert Moskowitz International Computer Security Association
罗伯特·莫斯科维茨国际计算机安全协会
EMail: rgm@icsa.net
EMail: rgm@icsa.net
Theodore Y. Ts'o Massachusetts Institute of Technology
西奥多·Y·曹麻省理工学院
EMail: tytso@MIT.EDU
EMail: tytso@MIT.EDU
Cheryl Madson Cisco Systems, Inc.
谢丽尔·马德森思科系统公司。
EMail: cmadson@cisco.com
EMail: cmadson@cisco.com
Naganand Doraswamy Bay Networks, Inc.
纳加南多拉斯瓦米海湾网络公司。
EMail: naganand@baynetworks.com
EMail: naganand@baynetworks.com
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。