Network Working Group B. Aboba, Microsoft Request for Comments: 2989 P. Calhoun, S. Glass, Sun Microsystems, Inc. Category: Informational T. Hiller, P. McCann, H. Shiino, P. Walsh, Lucent G. Zorn, G. Dommety, Cisco Systems, Inc. C. Perkins, B. Patil, Nokia Telecommunications D. Mitton, S. Manning, Nortel Networks M. Beadles, SmartPipes Inc. X. Chen, Alcatel S. Sivalingham, Ericsson Wireless Communications A. Hameed, Fujitsu M. Munson, GTE Wireless S. Jacobs, GTE Laboratories B. Lim, LG Information & Communications, Ltd. B. Hirschman, Motorola R. Hsu, Qualcomm, Inc. H. Koo, Samsung Telecommunications America, Inc. M. Lipford, Sprint PCS E. Campbell, 3Com Corporation Y. Xu, Watercove Networks S. Baba, Toshiba America Research, Inc. E. Jaques, Vodaphone Airtouch November 2000
Network Working Group B. Aboba, Microsoft Request for Comments: 2989 P. Calhoun, S. Glass, Sun Microsystems, Inc. Category: Informational T. Hiller, P. McCann, H. Shiino, P. Walsh, Lucent G. Zorn, G. Dommety, Cisco Systems, Inc. C. Perkins, B. Patil, Nokia Telecommunications D. Mitton, S. Manning, Nortel Networks M. Beadles, SmartPipes Inc. X. Chen, Alcatel S. Sivalingham, Ericsson Wireless Communications A. Hameed, Fujitsu M. Munson, GTE Wireless S. Jacobs, GTE Laboratories B. Lim, LG Information & Communications, Ltd. B. Hirschman, Motorola R. Hsu, Qualcomm, Inc. H. Koo, Samsung Telecommunications America, Inc. M. Lipford, Sprint PCS E. Campbell, 3Com Corporation Y. Xu, Watercove Networks S. Baba, Toshiba America Research, Inc. E. Jaques, Vodaphone Airtouch November 2000
Criteria for Evaluating AAA Protocols for Network Access
网络访问AAA协议的评估标准
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
Abstract
摘要
This document represents a summary of Authentication, Authorization, Accounting (AAA) protocol requirements for network access. In creating this document, inputs were taken from documents produced by the Network Access Server Requirements Next Generation (NASREQ), Roaming Operations (ROAMOPS), and MOBILEIP working groups, as well as from TIA 45.6.
本文档概述了网络访问的身份验证、授权、计费(AAA)协议要求。在创建本文件时,输入来自网络访问服务器需求下一代(NASREQ)、漫游操作(ROAMOP)和MOBILEIP工作组以及TIA 45.6生成的文件。
This document summarizes the requirements collected from those sources, separating requirements for authentication, authorization and accounting. Details on the requirements are available in the original documents.
本文件总结了从这些来源收集的需求,将认证、授权和记帐的需求分开。原始文件中提供了有关要求的详细信息。
This document represents a summary of AAA protocol requirements for network access. In creating this documents, inputs were taken from documents produced by the NASREQ [3], ROAMOPS [2], and MOBILEIP [5] working groups, as well as from TIA 45.6 [4]. This document summarizes the requirements collected from those sources, separating requirements for authentication, authorization and accounting. Details on the requirements are available in the original documents.
本文档概述了网络访问的AAA协议要求。在创建本文件时,输入来自NASREQ[3]、ROAMOPS[2]和MOBILEIP[5]工作组以及TIA 45.6[4]编制的文件。本文件总结了从这些来源收集的需求,将认证、授权和记帐的需求分开。原始文件中提供了有关要求的详细信息。
In this document, the key words "MAY", "MUST, "MUST NOT", "optional", "recommended", "SHOULD", and "SHOULD NOT", are to be interpreted as described in [1].
在本文件中,关键词“可能”、“必须”、“不得”、“可选”、“建议”、“应该”和“不应该”的解释如[1]所述。
Please note that the requirements specified in this document are to be used in evaluating AAA protocol submissions. As such, the requirements language refers to capabilities of these protocols; the protocol documents will specify whether these features are required, recommended, or optional. For example, requiring that a protocol support confidentiality is NOT the same thing as requiring that all protocol traffic be encrypted.
请注意,本文件中规定的要求将用于评估AAA协议提交。因此,需求语言指的是这些协议的能力;协议文件将指定这些功能是必需的、推荐的还是可选的。例如,要求协议支持保密性与要求对所有协议通信量进行加密不同。
A protocol submission is not compliant if it fails to satisfy one or more of the MUST or MUST NOT requirements for the capabilities that it implements. A protocol submission that satisfies all the MUST, MUST NOT, SHOULD and SHOULD NOT requirements for its capabilities is said to be "unconditionally compliant"; one that satisfies all the MUST and MUST NOT requirements but not all the SHOULD or SHOULD NOT requirements for its protocols is said to be "conditionally compliant."
如果协议提交未能满足其实现的功能的一个或多个必须或不得要求,则该协议提交不符合要求。满足其能力的所有必须、不得、应该和不应该要求的协议提交称为“无条件符合”;满足其协议的所有必须和不得要求,但并非所有应该或不应该要求的协议称为“有条件兼容”
Accounting The act of collecting information on resource usage for the purpose of trend analysis, auditing, billing, or cost allocation.
会计收集资源使用信息的行为,用于趋势分析、审计、计费或成本分配。
Administrative Domain An internet, or a collection of networks, computers, and databases under a common administration. Computer entities operating in a common administration may be assumed to share administratively created security associations.
管理域:一个internet,或由一个共同管理的网络、计算机和数据库的集合。可以假设在公共管理中运行的计算机实体共享管理创建的安全关联。
Attendant A node designed to provide the service interface between a client and the local domain.
Attendant设计用于在客户端和本地域之间提供服务接口的节点。
Authentication The act of verifying a claimed identity, in the form of a pre-existing label from a mutually known name space, as the originator of a message (message authentication) or as the end-point of a channel (entity authentication).
身份验证——以相互已知的名称空间中预先存在的标签形式,验证作为消息发起人(消息身份验证)或作为通道终点(实体身份验证)的声明身份的行为。
Authorization The act of determining if a particular right, such as access to some resource, can be granted to the presenter of a particular credential.
授权确定是否可以将特定权利(如访问某些资源)授予特定凭证的演示者的行为。
Billing The act of preparing an invoice.
开票准备发票的行为。
Broker A Broker is an entity that is in a different administrative domain from both the home AAA server and the local ISP, and which provides services, such as facilitating payments between the local ISP and home administrative entities. There are two different types of brokers; proxy and routing.
代理代理是与家庭AAA服务器和本地ISP位于不同管理域中的实体,它提供服务,例如促进本地ISP和家庭管理实体之间的支付。有两种不同类型的经纪人;代理和路由。
Client A node wishing to obtain service from an attendant within an administrative domain.
客户端希望从管理域内的助理获取服务的节点。
End-to-End End-to-End is the security model that requires that security information be able to traverse, and be validated even when an AAA message is processed by intermediate nodes such as proxies, brokers, etc.
端到端是一种安全模型,它要求即使AAA消息由代理、代理等中间节点处理,安全信息也能够被遍历和验证。
Foreign Domain An administrative domain, visited by a Mobile IP client, and containing the AAA infrastructure needed to carry out the necessary operations enabling Mobile IP registrations. From the point of view of the foreign agent, the foreign domain is the local domain.
外来域一个管理域,由移动IP客户端访问,包含执行必要操作所需的AAA基础设施,以实现移动IP注册。从外国代理人的角度来看,外国域名是本地域名。
Home Domain An administrative domain, containing the network whose prefix matches that of a mobile node's home address, and containing the AAA infrastructure needed to carry out the necessary operations enabling Mobile IP registrations. From the point of view of the home agent, the home domain is the local domain.
归属域一个管理域,包含前缀与移动节点的归属地址匹配的网络,并包含执行必要操作以实现移动IP注册所需的AAA基础设施。从归属代理的角度来看,归属域是本地域。
Hop-by-hop Hop-by-hop is the security model that requires that each direct set of peers in a proxy network share a security association, and the security information does not traverse a AAA entity.
逐跳逐跳是一种安全模型,它要求代理网络中的每个直接对等点集共享一个安全关联,并且安全信息不会遍历AAA实体。
Inter-domain Accounting Inter-domain accounting is the collection of information on resource usage of an entity within an administrative domain, for use within another administrative domain. In inter-domain accounting, accounting packets and session records will typically cross administrative boundaries.
域间核算域间核算是一个管理域内实体的资源使用情况信息的集合,用于另一个管理域。在域间记帐中,记帐数据包和会话记录通常会跨越管理边界。
Intra-domain Accounting Intra-domain accounting is the collection of information on resource within an administrative domain, for use within that domain. In intra-domain accounting, accounting packets and session records typically do not cross administrative boundaries.
域内核算域内核算是管理域内资源信息的集合,供该域内使用。在域内记帐中,记帐数据包和会话记录通常不跨越管理边界。
Local Domain An administrative domain containing the AAA infrastructure of immediate interest to a Mobile IP client when it is away from home.
本地域一个管理域,包含移动IP客户端在离家时直接感兴趣的AAA基础设施。
Proxy A AAA proxy is an entity that acts as both a client and a server. When a request is received from a client, the proxy acts as a AAA server. When the same request needs to be forwarded to another AAA entity, the proxy acts as a AAA client.
代理AAA代理是同时充当客户端和服务器的实体。当从客户端接收到请求时,代理充当AAA服务器。当同一请求需要转发到另一个AAA实体时,代理将充当AAA客户端。
Local Proxy A Local Proxy is a AAA server that satisfies the definition of a Proxy, and exists within the same administrative domain as the network device (e.g., NAS) that issued the AAA request. Typically, a local proxy will enforce local policies prior to forwarding responses to the network devices, and are generally used to multiplex AAA messages from a large number of network devices.
本地代理本地代理是满足代理定义的AAA服务器,与发出AAA请求的网络设备(如NAS)位于同一管理域内。通常,本地代理将在向网络设备转发响应之前实施本地策略,并且通常用于多路传输来自大量网络设备的AAA消息。
Network Access Identifier The Network Access Identifier (NAI) is the userID submitted by the client during network access authentication. In roaming, the purpose of the NAI is to identify the user as well as to assist in the routing of the authentication request. The NAI may not necessarily be the same as the user's e-mail address or the user-ID submitted in an application layer authentication.
网络访问标识符网络访问标识符(NAI)是客户端在网络访问身份验证期间提交的用户ID。在漫游中,NAI的目的是识别用户以及协助认证请求的路由。NAI不一定与用户的电子邮件地址或在应用层认证中提交的用户ID相同。
Routing Broker A Routing Broker is a AAA entity that satisfies the definition of a Broker, but is NOT in the transmission path of AAA messages between the local ISP and the home domain's AAA servers. When a request is received by a Routing Broker, information is returned to the AAA requester that includes the information necessary for it to be able to contact the Home AAA server directly. Certain organizations providing Routing Broker services MAY also act as a Certificate Authority, allowing the Routing Broker to return the certificates necessary for the local ISP and the home AAA servers to communicate securely.
路由代理路由代理是满足代理定义的AAA实体,但不在本地ISP和主域AAA服务器之间的AAA消息传输路径中。当路由代理接收到请求时,信息将返回给AAA请求者,其中包括它能够直接联系家庭AAA服务器所需的信息。某些提供路由代理服务的组织也可以充当证书颁发机构,允许路由代理返回本地ISP和家庭AAA服务器安全通信所需的证书。
Non-Proxy Broker A Routing Broker is occasionally referred to as a Non-Proxy Broker.
非代理代理路由代理偶尔被称为非代理代理代理。
Proxy Broker A Proxy Broker is a AAA entity that satisfies the definition of a Broker, and acts as a Transparent Proxy by acting as the forwarding agent for all AAA messages between the local ISP and the home domain's AAA servers.
代理代理代理是满足代理定义的AAA实体,通过充当本地ISP和主域AAA服务器之间所有AAA消息的转发代理,代理代理充当透明代理。
Real-time Accounting Real-time accounting involves the processing of information on resource usage within a defined time window. Time constraints are typically imposed in order to limit financial risk.
实时会计实时会计包括在规定的时间窗口内处理有关资源使用情况的信息。时间限制通常是为了限制金融风险。
Roaming Capability Roaming capability can be loosely defined as the ability to use any one of multiple Internet service providers (ISPs), while maintaining a formal, customer-vendor relationship with only one. Examples of cases where roaming capability might be required include ISP "confederations" and ISP-provided corporate network access support.
漫游能力漫游能力可以粗略地定义为能够使用多个互联网服务提供商(ISP)中的任何一个,同时只与一个ISP保持正式的客户-供应商关系。可能需要漫游功能的案例包括ISP“联盟”和ISP提供的公司网络访问支持。
Session record A session record represents a summary of the resource consumption of a user over the entire session. Accounting gateways creating the session record may do so by processing interim accounting events.
会话记录会话记录表示整个会话中用户资源消耗的摘要。创建会话记录的记帐网关可以通过处理临时记帐事件来实现。
Transparent Proxy A Transparent Proxy is a AAA server that satisfies the definition of a Proxy, but does not enforce any local policies (meaning that it does not add, delete or modify attributes or modify information within messages it forwards).
透明代理透明代理是一个AAA服务器,它满足代理的定义,但不强制执行任何本地策略(这意味着它不添加、删除或修改属性或修改其转发的消息中的信息)。
The AAA protocol evaluation criteria for network access are summarized below. For details on the requirements, please consult the documents referenced in the footnotes.
网络访问的AAA协议评估标准总结如下。有关要求的详细信息,请参阅脚注中引用的文件。
These requirements apply to all aspects of AAA and thus are considered general requirements.
这些要求适用于AAA的所有方面,因此被视为一般要求。
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | General | NASREQ | ROAMOPS | MOBILE | | Reqts. | | | IP | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Scalability | M | M | M | | a | 12 | 3 | 30 39 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Fail-over | M | | M | | b | 12 | | 31 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Mutual auth | M | | M | | AAA client/server | 16 | | 30 | | c | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Transmission level | | M | S | | security | | 6 | 31 39 | | d | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Data object | M | M | M | | Confidentiality | 26 | 6 | 40 | | e | | | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Data object | M | M | M | | Integrity | 16 | 6 | 31 39 | | f | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Certificate transport | M | | S/M | | g | 42 | |31,33/46 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | General | NASREQ | ROAMOPS | MOBILE | | Reqts. | | | IP | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Scalability | M | M | M | | a | 12 | 3 | 30 39 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Fail-over | M | | M | | b | 12 | | 31 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Mutual auth | M | | M | | AAA client/server | 16 | | 30 | | c | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Transmission level | | M | S | | security | | 6 | 31 39 | | d | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Data object | M | M | M | | Confidentiality | 26 | 6 | 40 | | e | | | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Data object | M | M | M | | Integrity | 16 | 6 | 31 39 | | f | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Certificate transport | M | | S/M | | g | 42 | |31,33/46 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Reliable AAA transport | M | | M | | mechanism | 22 | | 31 32 | | h | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Run Over IPv4 | M | M | M | | | 11 | 1 | 33 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Run Over IPv6 | M | | S | | | 11 | 1 | 47 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Support Proxy and | M | | M | | Routing Brokers | 12 | | 31 39 | | i | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Auditability | S | | | | j | 25 | | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Dual App and Transport | | O | M | | Security not required | | 6 | 40 | | k | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Ability to carry | M | | S | | service-specific attr. | 43 | | 31 33 | | l | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Reliable AAA transport | M | | M | | mechanism | 22 | | 31 32 | | h | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Run Over IPv4 | M | M | M | | | 11 | 1 | 33 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Run Over IPv6 | M | | S | | | 11 | 1 | 47 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Support Proxy and | M | | M | | Routing Brokers | 12 | | 31 39 | | i | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Auditability | S | | | | j | 25 | | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Dual App and Transport | | O | M | | Security not required | | 6 | 40 | | k | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Ability to carry | M | | S | | service-specific attr. | 43 | | 31 33 | | l | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Key M = MUST S = SHOULD O = MAY N = MUST NOT B = SHOULD NOT
键M=必须S=应该O=可能N=必须不B=不应该
Clarifications
澄清
[a] The AAA protocol must be capable of supporting millions of users and tens of thousands of simultaneous requests. The AAA architecture and protocol MUST be capable of supporting tens of thousands of devices, AAA servers, proxies and brokers.
[a] AAA协议必须能够支持数百万用户和数以万计的同时请求。AAA体系结构和协议必须能够支持数以万计的设备、AAA服务器、代理和代理。
[b] In the event of failure to communicate with a given server, the protocol must provide a mechanism to change service to another backup or secondary server.
[b] 在与给定服务器通信失败的情况下,协议必须提供将服务更改为另一个备份服务器或辅助服务器的机制。
[c] This requirement refers to the ability to support mutual authentication between the AAA client and server.
[c] 此要求是指支持AAA客户端和服务器之间的相互身份验证的能力。
[d] The AAA protocol requires authentication, integrity protection and confidentiality at the transmission layer. This security model is also referred to as hop-by-hop security, whereas the security is established between two communicating peers. All of the security is removed when the AAA message is processed by a receiving AAA entity.
[d] AAA协议要求在传输层进行身份验证、完整性保护和保密。该安全模型也称为逐跳安全,而该安全是在两个通信对等点之间建立的。当AAA消息由接收AAA实体处理时,所有安全性都将被删除。
[e] The AAA protocol requires confidentiality at the object level, where an object consists of one or more attributes. Object level confidentiality implies that only the target AAA entity for whom the data is ultimately destined may decrypt the data, regardless of the fact that the message may traverse one or more intermediate AAA entities (e.g., proxies, brokers).
[e] AAA协议要求对象级别的机密性,其中对象由一个或多个属性组成。对象级机密性意味着,无论消息可能穿越一个或多个中间AAA实体(例如,代理、代理)这一事实如何,只有数据最终目的地的目标AAA实体可以解密数据。
[f] The AAA protocol requires authentication and integrity protection at the object level, which consists of one or more attributes. Object level authentication must be persistent across one or more intermediate AAA entity (e.g., proxy, broker, etc), meaning that any AAA entity in a proxy chain may verify the authentication. This implies that data that is covered by object level security CANNOT be modified by intermediate servers.
[f] AAA协议要求在由一个或多个属性组成的对象级别上进行身份验证和完整性保护。对象级身份验证必须在一个或多个中间AAA实体(例如代理、代理等)之间保持,这意味着代理链中的任何AAA实体都可以验证身份验证。这意味着对象级安全性覆盖的数据不能由中间服务器修改。
[g] The AAA protocol MUST be capable of transporting certificates. This requirement is intended as an optimization, in lieu of requiring that an out-of-band protocol be used to fetch certificates.
[g] AAA协议必须能够传输证书。此要求旨在优化,而不是要求使用带外协议获取证书。
[h] This requirement refers to resilience against packet loss, including:
[h] 该要求是指对数据包丢失的恢复能力,包括:
1. Hop-by-hop retransmission and fail-over so that reliability does not solely depend on single hop transport retransmission.
1. 逐跳重传和故障转移,因此可靠性不完全取决于单跳传输重传。
2. Control of the retransmission mechanism by the AAA application. 3. Acknowledgment by the transport that a message was delivered successfully, separate from message semantics or syntax evaluation. 5. Piggy-backing of acknowledgments in AAA messages. 6. Timely delivery of AAA responses.
2. AAA应用程序对重传机制的控制。3.传输成功传递消息的确认,与消息语义或语法评估无关。5.借助AAA消息中的确认。6.及时提供AAA响应。
[i] In the Mobile IP AAA architecture, brokers can be in the forwarding path, in which case they act as transparent proxies (proxy brokers). Alternatively, it is also possible to conceive of brokers operating as certifying authorities outside of the forwarding path (routing brokers).
[i] 在移动IP AAA体系结构中,代理可以位于转发路径中,在这种情况下,它们充当透明代理(代理代理)。或者,也可以设想代理作为转发路径之外的认证机构进行操作(路由代理)。
[j] An auditable process is one in which it is possible to definitively determine what actions have been performed on AAA packets as they travel from the home AAA server to the network device and back.
[j] 可审核的过程是这样一种过程:当AAA数据包从家庭AAA服务器传输到网络设备并返回时,可以确定对其执行了哪些操作。
[k] The AAA protocol MUST allow communication to be secured. However, the AAA protocol MUST also allow an underlying security service (e.g., IP Security) to be used. When the latter is used, the former MUST NOT be required.
[k] AAA协议必须允许通信安全。但是,AAA协议还必须允许使用底层安全服务(例如,IP安全)。使用后者时,不得要求使用前者。
[l] The AAA protocol MUST be extensible by third parties (e.g., other IETF Working Groups), in order to define attributes that are specific to the service being defined. This requirement simply means that the AAA protocol MUST allow groups other than the AAA WG to define standard attributes.
[l] AAA协议必须可由第三方(如其他IETF工作组)扩展,以便定义特定于所定义服务的属性。这一要求仅仅意味着AAA协议必须允许AAA WG以外的组定义标准属性。
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Authentication | NASREQ | ROAMOPS | MOBILE | | Reqts. | | | IP | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | NAI Support | M | M | S/M | | a | 9 | 2 |32,34,39/| | | | | 40 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | CHAP Support | M | M | | | b | 10 | 3 | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | EAP Support | M | S | | | c | 10 | 3 | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | PAP/Clear-Text Support | M | B | | | d | 26 | 3 | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Re-authentication | M | | S | | on demand | 17 | | 33 | | e | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Authorization Only | M | | | | without Authentication | 9 | | | | f | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Authentication | NASREQ | ROAMOPS | MOBILE | | Reqts. | | | IP | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | NAI Support | M | M | S/M | | a | 9 | 2 |32,34,39/| | | | | 40 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | CHAP Support | M | M | | | b | 10 | 3 | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | EAP Support | M | S | | | c | 10 | 3 | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | PAP/Clear-Text Support | M | B | | | d | 26 | 3 | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Re-authentication | M | | S | | on demand | 17 | | 33 | | e | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Authorization Only | M | | | | without Authentication | 9 | | | | f | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Key M = MUST S = SHOULD O = MAY N = MUST NOT B = SHOULD NOT
键M=必须S=应该O=可能N=必须不B=不应该
Clarifications
澄清
[a] The AAA protocol MUST allow the use of Network Access Identifiers (NAI) [8] to identify users and/or devices.
[a] AAA协议必须允许使用网络访问标识符(NAI)[8]来识别用户和/或设备。
[b] The AAA protocol MUST allow CHAP [20] authentication information to be transported. This is commonly used by Network Access Servers that request authentication of a PPP user.
[b] AAA协议必须允许传输CHAP[20]身份验证信息。这通常由请求PPP用户身份验证的网络访问服务器使用。
[c] The AAA protocol MUST allow for Extensible Authentication Protocol (EAP) [14] payload to be transported. Since some EAP authentication mechanisms require more than one round trip, the AAA protocol must allow for such authentication mechanisms to be used. The actual EAP authentication mechanism negotiated MUST be transparent to the AAA protocol. When EAP is used, authentication typically occurs between the user being authenticated and his/her home AAA server.
[c] AAA协议必须允许传输可扩展认证协议(EAP)[14]有效负载。由于某些EAP认证机制需要不止一次往返,AAA协议必须允许使用此类认证机制。协商的实际EAP身份验证机制必须对AAA协议透明。使用EAP时,身份验证通常发生在被身份验证的用户和他/她的家庭AAA服务器之间。
[d] While PAP is deprecated, it is still in widespread use for its original intended purpose, which is support of clear-text passwords. As a result, a AAA protocol will need to be able to securely transport clear-text passwords. This includes providing for confidentiality of clear-text passwords traveling over the wire, as well as protecting against disclosure of clear-text passwords to proxies in the forwarding path.
[d] 虽然PAP已被弃用,但它仍被广泛用于其最初的预期用途,即支持明文密码。因此,AAA协议需要能够安全地传输明文密码。这包括为通过线路传输的明文密码提供保密性,以及防止明文密码泄露给转发路径中的代理。
[e] The AAA protocol MUST allow for a user to be re-authenticated on-demand. The protocol MUST allow for this event to be triggered by either the user, access device (AAA client), or the home or visited AAA server.
[e] AAA协议必须允许用户按需重新认证。协议必须允许用户、访问设备(AAA客户端)或家庭或访问的AAA服务器触发此事件。
[f] The AAA protocol MUST NOT require that credentials of the user be provided during authorization. The AAA protocol supports authorization by identification or assertion only.
[f] AAA协议不得要求在授权期间提供用户的凭据。AAA协议仅支持通过标识或断言进行授权。
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Authorization | NASREQ | ROAMOPS | MOBILE | | Reqts. | | | IP | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Static and Dynamic | | | | | IPv4/6 Address Assign. | M | M | M | | a | 11 | 5 | 32 36 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | RADIUS gateway | M | M | M | | capability | 44 | 3 | 45 | | b | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Reject | M | M | M | | capability | 12 | 4 | 39 | | c | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Precludes layer 2 | N | N | | | tunneling | 11 | 5 | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Re-Authorization on | M | | S | | demand | 18 | | 30 33 | | d | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Support for Access Rules,| M | | | | Restrictions, Filters | 11, 19 | | | | e | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | State Reconciliation | M | | | | f | 20 | | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Unsolicited Disconnect | M | | | | g | 18 | | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Authorization | NASREQ | ROAMOPS | MOBILE | | Reqts. | | | IP | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Static and Dynamic | | | | | IPv4/6 Address Assign. | M | M | M | | a | 11 | 5 | 32 36 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | RADIUS gateway | M | M | M | | capability | 44 | 3 | 45 | | b | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Reject | M | M | M | | capability | 12 | 4 | 39 | | c | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Precludes layer 2 | N | N | | | tunneling | 11 | 5 | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Re-Authorization on | M | | S | | demand | 18 | | 30 33 | | d | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Support for Access Rules,| M | | | | Restrictions, Filters | 11, 19 | | | | e | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | State Reconciliation | M | | | | f | 20 | | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Unsolicited Disconnect | M | | | | g | 18 | | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Key M = MUST S = SHOULD O = MAY N = MUST NOT B = SHOULD NOT
键M=必须S=应该O=可能N=必须不B=不应该
Clarifications
澄清
[a] The AAA protocol MUST allow a server to provide a static or dynamic address during the authorization phase of a user and/or device. The address assigned MUST be either of type IPv4 or IPv6. If both the client AND the server are aware of a pre-configured address, then it is considered static. Anything else is dynamic.
[a] AAA协议必须允许服务器在用户和/或设备的授权阶段提供静态或动态地址。分配的地址必须是IPv4或IPv6类型。如果客户机和服务器都知道预先配置的地址,则认为它是静态的。其他一切都是动态的。
[b] This requirement refers to the ability of a new AAA protocol be sufficiently compatible with the large installed base of attributes for existing approaches (RADIUS), such that a server implementation could speak both protocols, or translate between them.
[b] 这一要求是指新的AAA协议能够与现有方法(RADIUS)的大量已安装属性充分兼容,以便服务器实现可以同时使用这两种协议,或在它们之间进行转换。
[c] This requirement refers to the ability of a proxy broker to deny access without forwarding the access request to the AAA server, or to deny access after receiving an access accept from the AAA server.
[c] 此要求是指代理代理代理在不将访问请求转发到AAA服务器的情况下拒绝访问的能力,或者在从AAA服务器接收访问接受后拒绝访问的能力。
[d] This requirement refers to the ability of the AAA client or server to trigger re-authorization, or to the ability of the server to send updated authorization information to the device, such as "stop service." Authorization can allow for a time period, then additional authorization can be sought to continue. A server can initially authorize a user to connect and receive services, but later decide the user is no longer allowed use of the service, for example after N minutes. Authorizations can have a time limit. Re-authorization does not necessarily imply re-authentication.
[d] 此要求是指AAA客户端或服务器触发重新授权的能力,或服务器向设备发送更新的授权信息的能力,如“停止服务”。授权可以允许一段时间,然后可以寻求额外的授权以继续。服务器最初可以授权用户连接和接收服务,但稍后会决定不再允许用户使用服务,例如在N分钟后。授权可以有时间限制。重新授权并不一定意味着重新认证。
[e] This requirement refers to the ability to of the protocol to describe access operational limitations and authorization restrictions to usage to the NAS which includes (but is not limited to):
[e] 此要求指的是协议描述NAS使用的访问操作限制和授权限制的能力,包括(但不限于):
1. Session expirations and Idle Timeouts 2. Packet filters 3. Static routes 4. QoS parameters
1. 会话过期和空闲超时2。包过滤器3。静态路线4。服务质量参数
[f] This requirement refers to the ability of the NAS to use the AAA server to manage resource allocation state. This capability can assist with, but it is not synonymous with, simultaneous user login control, port usage limitations, or IP address pooling.
[f] 此要求是指NAS使用AAA服务器管理资源分配状态的能力。此功能可以帮助实现同步用户登录控制、端口使用限制或IP地址池,但不是同义词。
The design must provide for recovery from data loss due to a variety of faults, including NAS and AAA server reboots, and NAS/AAA server communication outages, and MUST be independent of the accounting stream. The granularity of the recovery of state information after an outage may be on the order of a fraction of a minute. In order to provide for state recovery, explicit session/resource status and update and disconnect messages will be required.
该设计必须能够从各种故障(包括NAS和AAA服务器重新启动以及NAS/AAA服务器通信中断)导致的数据丢失中恢复,并且必须独立于记帐流。停机后状态信息恢复的粒度可能只有几分之一分钟。为了提供状态恢复,需要显式会话/资源状态以及更新和断开连接消息。
Because of potential multi-domain issues, only systems that allocate or use a resource should track its state.
由于潜在的多域问题,只有分配或使用资源的系统才应该跟踪其状态。
[g] This requirement refers to the ability of the AAA server to request the NAS to disconnect an active session for authorization policy reasons.
[g] 此要求是指AAA服务器出于授权策略的原因请求NAS断开活动会话的能力。
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Accounting | NASREQ | ROAMOPS | MOBILE | | Reqts. | | | IP | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Real-time accounting | M | M | M | | a | 14 | 7 | 31 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Mandatory Compact | | M | | | Encoding | | 7 | | | b | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Accounting Record | | M | M | | Extensibility | | 7 | 33 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Batch Accounting | S | | | | c | 21 | | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Guaranteed Delivery | M | | M | | d | 22 | | 31 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Accounting Time Stamps | M | | M | | e | 23 | | 40 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Dynamic Accounting | M | | | | f | 48 | | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Accounting | NASREQ | ROAMOPS | MOBILE | | Reqts. | | | IP | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Real-time accounting | M | M | M | | a | 14 | 7 | 31 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Mandatory Compact | | M | | | Encoding | | 7 | | | b | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Accounting Record | | M | M | | Extensibility | | 7 | 33 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Batch Accounting | S | | | | c | 21 | | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Guaranteed Delivery | M | | M | | d | 22 | | 31 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Accounting Time Stamps | M | | M | | e | 23 | | 40 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Dynamic Accounting | M | | | | f | 48 | | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Key M = MUST S = SHOULD O = MAY N = MUST NOT B = SHOULD NOT
键M=必须S=应该O=可能N=必须不B=不应该
Clarifications
澄清
[a] This requirement may be loosely defined as reporting synchronously with events. Typically the time window is on the order of seconds, not milliseconds.
[a] 这一要求可以松散地定义为与事件同步报告。通常,时间窗口以秒为单位,而不是以毫秒为单位。
[b] The AAA protocol's Accounting data format MUST NOT be bloated, imposing a large overhead for one or more accounting data elements.
[b] AAA协议的记帐数据格式不能过于臃肿,这会给一个或多个记帐数据元素带来很大的开销。
[c] This requirement refers to the ability to buffer or store multiple accounting records, and send them together at some later time.
[c] 这一要求是指能够缓冲或存储多个会计记录,并在以后某个时间将它们一起发送。
[d] This is an application layer acknowledgment. This is sent when the receiving server is willing to take responsibility for the message data.
[d] 这是一个应用层确认。当接收服务器愿意对消息数据负责时,将发送此消息。
[e] This requirement refers to the ability to reflect the time of occurrence of events such as log-on, logoff, authentication, authorization and interim accounting. It also implies the ability to provide for unambiguous time-stamps.
[e] 此要求是指能够反映事件发生的时间,如登录、注销、身份验证、授权和临时记帐。它还意味着能够提供明确的时间戳。
[f] This requirement refers to the ability to account for dynamic authentication and authorization. To support this, there can be multiple accounting records for a single session.
[f] 此要求指的是考虑动态身份验证和授权的能力。为了支持这一点,单个会话可以有多个记帐记录。
In addition to the above requirements, Mobile IP also has the following additional requirements:
除上述要求外,移动IP还具有以下附加要求:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Encoding of Mobile IP | | | M | | registration messages | | | 33 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Firewall friendly | | | M | | a | | | 35 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Allocation of local Home | | | S/M | | agent | | | 37/41 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Encoding of Mobile IP | | | M | | registration messages | | | 33 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Firewall friendly | | | M | | a | | | 35 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | | | Allocation of local Home | | | S/M | | agent | | | 37/41 | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Key M = MUST S = SHOULD O = MAY N = MUST NOT B = SHOULD NOT
键M=必须S=应该O=可能N=必须不B=不应该
Clarifications
澄清
[a] A firewall friendly protocol is one which is designed to accommodate a firewall acting as a proxy. For example, this would permit a Home Agent AAA server situated behind a firewall to be reachable from the Internet for the purposes of providing AAA services to a Mobile IP Foreign Agent.
[a] 防火墙友好协议是一种设计用于容纳充当代理的防火墙的协议。例如,这将允许位于防火墙后面的归属代理AAA服务器可以从互联网访问,以便向移动IP外部代理提供AAA服务。
Notes
笔记
[1] Section 4.2.1 of [2] [2] Section 4.2.2 of [2]. Also see [8]. [3] Section 4.2.3 of [2]. Also see [14]. [4] Section 4.2.4 of [2]. [5] Section 4.2.5 of [2]. [6] Section 4.2.6 of [2]. [7] Section 4.3 of [2]. [8] Section 6 of [3]. Also see [6]. [9] Section 8.2.2.2 of [3]. Also see [14]. [10] Section 8.2.2.1 of [3]. Also see [14]. [11] Section 8.3.2.2 of [3]. Also see [7]. [12] Section 8.1.1 of [3]. [13] Section 8.1.4.4 of [3]. [14] Section 8.4.1.2 of [3].
[1] Section 4.2.1 of [2] [2] Section 4.2.2 of [2]. Also see [8]. [3] Section 4.2.3 of [2]. Also see [14]. [4] Section 4.2.4 of [2]. [5] Section 4.2.5 of [2]. [6] Section 4.2.6 of [2]. [7] Section 4.3 of [2]. [8] Section 6 of [3]. Also see [6]. [9] Section 8.2.2.2 of [3]. Also see [14]. [10] Section 8.2.2.1 of [3]. Also see [14]. [11] Section 8.3.2.2 of [3]. Also see [7]. [12] Section 8.1.1 of [3]. [13] Section 8.1.4.4 of [3]. [14] Section 8.4.1.2 of [3].
[15] Section 8.4.2 of [3]. [16] Section 8.1.3 of [3]. [17] Section 8.2.1.2 of [3]. [18] Section 8.3.1.1 of [3]. [19] Section 8.3.2.1 of [3]. Also see [7]. [20] Section 8.3.2.3 of [3]. Also see [6], [7]. [21] Section 8.4.1.3 of [3]. [22] Section 8.4.1.1 of [3]. [23] Section 8.4.1.4 of [3]. [24] Section 8.4.3.1 of [3]. [25] Section 8.4.3.2 of [3]. [26] Section 8.2.3.1 of [3]. [27] Section 8.3.3.1 of [3]. [28] Section 8.1.4.1 of [3]. [29] Refer [15] [30] Section 3 of [5] [31] Section 3.1 of [5] [32] Section 4 of [5] [33] Section 5 of [5] [34] Section 5.1 of [5] [35] Section 5.2 of [5] [36] Section 5.3 of [5] [37] Section 5.4 of [5] [38] Section 5.5 of [5] [39] Section 6 of [5] [40] Section 5.1 of [4] [41] Section 5.2.2 of [4] [42] Section 8.2.2.2 of [3] [43] Section 8.1.2.3 of [3] [44] Section 8.1.2.2 of [3] [45] Section 5.4 of [4] [46] Section 7 of [4] [47] Section 8 of [5] [48] Section 8.4.1.5 of [3]
[15] Section 8.4.2 of [3]. [16] Section 8.1.3 of [3]. [17] Section 8.2.1.2 of [3]. [18] Section 8.3.1.1 of [3]. [19] Section 8.3.2.1 of [3]. Also see [7]. [20] Section 8.3.2.3 of [3]. Also see [6], [7]. [21] Section 8.4.1.3 of [3]. [22] Section 8.4.1.1 of [3]. [23] Section 8.4.1.4 of [3]. [24] Section 8.4.3.1 of [3]. [25] Section 8.4.3.2 of [3]. [26] Section 8.2.3.1 of [3]. [27] Section 8.3.3.1 of [3]. [28] Section 8.1.4.1 of [3]. [29] Refer [15] [30] Section 3 of [5] [31] Section 3.1 of [5] [32] Section 4 of [5] [33] Section 5 of [5] [34] Section 5.1 of [5] [35] Section 5.2 of [5] [36] Section 5.3 of [5] [37] Section 5.4 of [5] [38] Section 5.5 of [5] [39] Section 6 of [5] [40] Section 5.1 of [4] [41] Section 5.2.2 of [4] [42] Section 8.2.2.2 of [3] [43] Section 8.1.2.3 of [3] [44] Section 8.1.2.2 of [3] [45] Section 5.4 of [4] [46] Section 7 of [4] [47] Section 8 of [5] [48] Section 8.4.1.5 of [3]
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[1] Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[2] Aboba, B. and G. Zorn, "Criteria for Evaluating Roaming Protocols", RFC 2477, January 1999.
[2] Aboba,B.和G.Zorn,“评估漫游协议的标准”,RFC 2477,1999年1月。
[3] Beadles, M. and D. Mitton, "Criteria for Evaluating Network Access Server Protocols", Work in Progress.
[3] Beadles,M.和D.Mitton,“评估网络访问服务器协议的标准”,正在进行中。
[4] Hiller, T., et al., "Cdma2000 Wireless Data Requirements for AAA", Work in Progress.
[4] Hiller,T.等人,“AAA的Cdma2000无线数据要求”,正在进行中。
[5] Glass, S., Hiller, T., Jacobs, S. and C. Perkins, "Mobile IP Authentication, Authorization, and Accounting Requirements", RFC 2977, October 2000.
[5] Glass,S.,Hiller,T.,Jacobs,S.和C.Perkins,“移动IP认证、授权和记帐要求”,RFC 29772000年10月。
[6] Mitton, D., Beadles, M., "Network Access Server Requirements Next Generation (NASREQNG) NAS Model", RFC 2881, July 2000.
[6] Mitton,D.,Beadles,M.,“网络访问服务器需求下一代(NASREQNG)NAS模型”,RFC 28812000年7月。
[7] Mitton, D., "Network Access Server Requirements: Extended RADIUS Practices", RFC 2882, July 2000.
[7] Mitton,D.,“网络访问服务器要求:扩展RADIUS实践”,RFC 28822000年7月。
[8] Aboba, B. and M. Beadles, "The Network Access Identifier", RFC 2486, January 1999.
[8] Aboba,B.和M.Beadles,“网络接入标识符”,RFC 2486,1999年1月。
[9] Rigney, C., Willens, S., Rubens, A. and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000.
[9] Rigney,C.,Willens,S.,Rubens,A.和W.Simpson,“远程认证拨入用户服务(RADIUS)”,RFC 28652000年6月。
[10] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000.
[10] 里格尼,C.,“半径会计”,RFC 28662000年6月。
[11] Simpson, W., Editor, "The Point-to-Point Protocol (PPP)", STD 51, RFC 1661, July 1994.
[11] 辛普森,W.,编辑,“点对点协议(PPP)”,STD 51,RFC 1661994年7月。
[12] Sklower, K., Lloyd, B., McGregor, G., Carr, D. and T. Coradetti, "The PPP Multilink Protocol (MP)", RFC 1990, August 1996.
[12] K.Sklower、Lloyd、B.McGregor、G.Carr、D.和T.Coradetti,“PPP多链路协议(MP)”,RFC 1990,1996年8月。
[13] Simpson, W., Editor, "PPP LCP Extensions", RFC 1570, January 1994.
[13] 辛普森,W.,编辑,“PPP LCP扩展”,RFC 15701994年1月。
[14] Blunk, L. and J. Vollbrecht, "PPP Extensible Authentication Protocol (EAP)", RFC 2284, March 1998.
[14] Blunk,L.和J.Vollbrecht,“PPP可扩展认证协议(EAP)”,RFC 2284,1998年3月。
[15] Solomon, J. and S. Glass, "Mobile-IPv4 Configuration Option for PPP IPCP", RFC 2290, Feb 1998
[15] Solomon,J.和S.Glass,“PPP IPCP的移动IPv4配置选项”,RFC 2290,1998年2月
[16] Calhoun, P. and C. Perkins, "Mobile IP Network Access Identifier Extension for IPv4", RFC 2794, March 2000.
[16] Calhoun,P.和C.Perkins,“IPv4移动IP网络访问标识符扩展”,RFC 27942000年3月。
[17] Perkins, C., "IP Mobility Support", RFC 2002, Oct 1996.
[17] Perkins,C.,“IP移动支持”,RFC 2002,1996年10月。
[18] Johnson, D. and C. Perkins, "Mobility Support in IPv6", Work in Progress.
[18] Johnson,D.和C.Perkins,“IPv6中的移动支持”,正在进行中。
[19] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy Implementation in Roaming", RFC 2607, June 1999.
[19] Aboba,B.和J.Vollbrecht,“漫游中的代理链接和策略实施”,RFC 2607,1999年6月。
[20] Simpson, W., "PPP Challenge Handshake Authentication Protocol (CHAP)", RFC 1994, August 1996.
[20] 辛普森,W.,“PPP挑战握手认证协议(CHAP)”,RFC 1994,1996年8月。
This document, being a requirements document, does not have any security concerns. The security requirements on protocols to be evaluated using this document are described in the referenced documents.
本文件为需求文件,不存在任何安全问题。参考文件中描述了使用本文件评估的协议的安全要求。
This memo does not create any new number spaces for IANA administration.
此备忘录不会为IANA管理创建任何新的数字空间。
Thanks to the members of the Mobile IP, AAA, and NASREQ working groups who have discussed and commented on these requirements. We would also like to thank the members of the AAA evaluation team, Mike St. Johns, Barney Wolf, Mark Stevens, David Nelson, Dave Mitton, Basavaraj Patil and Stuart Barkley for their thorough review of this document.
感谢移动IP、AAA和NASREQ工作组的成员对这些要求进行了讨论和评论。我们还要感谢AAA评估小组成员迈克·圣约翰、巴尼·沃尔夫、马克·史蒂文斯、大卫·纳尔逊、戴夫·米顿、巴萨瓦拉伊·帕蒂尔和斯图尔特·巴克利对本文件的全面审查。
Bernard Aboba Microsoft Corporation One Microsoft Way Redmond, WA 98052
伯纳德·阿博巴(Bernard Aboba)微软公司华盛顿州雷德蒙微软大道一号,邮编:98052
Phone: +1 425-936-6605 Fax: +1 425-936-7329 EMail: bernarda@microsoft.com
Phone: +1 425-936-6605 Fax: +1 425-936-7329 EMail: bernarda@microsoft.com
Pat R. Calhoun Network and Security Research Center, Sun Labs Sun Microsystems, Inc. 15 Network Circle Menlo Park, CA 94025
Pat R.Calhoun网络和安全研究中心,Sun实验室Sun Microsystems,Inc.位于加利福尼亚州门罗公园网络圈15号,邮编94025
Phone: +1 650-786-7733 EMail: pcalhoun@eng.sun.com
Phone: +1 650-786-7733 EMail: pcalhoun@eng.sun.com
Steven M. Glass Sun Microsystems 1 Network Drive Burlington, MA 01845
Steven M.Glass Sun Microsystems马萨诸塞州伯灵顿网络大道1号01845
Phone: +1 781-442-0504 Fax: +1 781-442-1677 EMail: steven.glass@sun.com
Phone: +1 781-442-0504 Fax: +1 781-442-1677 EMail: steven.glass@sun.com
Tom Hiller Wireless Data Standards & Architectures Lucent Technologies 263 Shuman Drive Room 1HP2F-218 Naperville, IL 60563
Tom Hiller无线数据标准与架构朗讯科技263 Shuman Drive Room 1HP2F-218 Naperville,IL 60563
Phone: +1 630-976-7673 EMail: tom.hiller@lucent.com
Phone: +1 630-976-7673 EMail: tom.hiller@lucent.com
Peter J. McCann Lucent Technologies Rm 2Z-305 263 Shuman Blvd Naperville, IL 60566
Peter J.McCann-Lucent Technologies,地址:伊利诺伊州纳珀维尔市舒曼大道263号2Z-305室,邮编:60566
Phone: +1 630-713 9359 EMail: mccap@lucent.com
Phone: +1 630-713 9359 EMail: mccap@lucent.com
Hajime Shiino Lucent Technologies Japan Ltd. 25 Mori Bldg. 1-4-30 Roppongi, Minato-ku Tokyo Japan
Hajime Shiino-Lucent Technologies Japan Ltd.日本东京Minato ku六本木森大厦25号1-4-30
Phone: +81-3-5561-3695 EMail: hshiino@lucent.com
Phone: +81-3-5561-3695 EMail: hshiino@lucent.com
Glen Zorn Cisco Systems, Inc. 500 108th Avenue N.E., Suite 500 Bellevue, WA 98004
格伦佐恩思科系统有限公司,地址:华盛顿州贝尔维尤第108大道500号,邮编:98004
Phone: +1 425-468-0955 EMail: gwz@cisco.com
Phone: +1 425-468-0955 EMail: gwz@cisco.com
Gopal Dommety IOS Network Protocols Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706
Gopal Dommety IOS网络协议思科系统公司,位于加利福尼亚州圣何塞市西塔斯曼大道170号,邮编95134-1706
Phone: +1 408-525-1404 Fax: +1 408-526-4952 EMail: gdommety@cisco.com
Phone: +1 408-525-1404 Fax: +1 408-526-4952 EMail: gdommety@cisco.com
Charles E. Perkins Communications Systems Lab Nokia Research Center 313 Fairchild Drive Mountain View, CA
查尔斯·E·珀金斯通信系统实验室诺基亚研究中心加利福尼亚州山景镇飞兆半导体大道313号
Phone: +1 650-625-2986 Fax: +1-650-625-2502 EMail: charliep@iprg.nokia.com
Phone: +1 650-625-2986 Fax: +1-650-625-2502 EMail: charliep@iprg.nokia.com
Basavaraj Patil Nokia Networks 6000 Connection Dr. Irving, TX 75039
Basavaraj Patil诺基亚网络6000连接德克萨斯州欧文博士75039
Phone: +1 972-894-6709 Fax: +1 972-894-5349 EMail: Basavaraj.Patil@nokia.com
Phone: +1 972-894-6709 Fax: +1 972-894-5349 EMail: Basavaraj.Patil@nokia.com
David Mitton Nortel Networks 880 Technology Park Drive Billerica, MA 01821
David Mitton Nortel Networks马萨诸塞州比尔里卡科技园大道880号01821
Phone: +1 978-288-4570 EMail: dmitton@nortelnetworks.com
Phone: +1 978-288-4570 EMail: dmitton@nortelnetworks.com
Serge Manning Nortel Networks 2201 Lakeside Blvd Richardson, TX 75082-4399
德克萨斯州理查森湖畔大道2201号Serge Manning Nortel Networks 75082-4399
Phone: +1 972-684-7277 EMail: smanning@nortelnetworks.com
Phone: +1 972-684-7277 EMail: smanning@nortelnetworks.com
Mark Anthony Beadles SmartPipes, Inc. 565 Metro Place South Suite 300 Dublin, OH 43017
Mark Anthony Beadles SmartPipes,Inc.俄亥俄州都柏林市城南565号300套房,邮编43017
Phone: +1 614-923-5657 EMail: mbeadles@smartpipes.com
Phone: +1 614-923-5657 EMail: mbeadles@smartpipes.com
Pat Walsh Lucent Technologies 263 Shuman Blvd. 1F-545 Naperville, IL
帕特·沃尔什·朗讯科技公司舒曼大道263号。伊利诺伊州纳珀维尔1F-545
Phone: +1 630-713-5063 EMail: walshp@lucent.com
Phone: +1 630-713-5063 EMail: walshp@lucent.com
Xing Chen Alcatel USA 1000 Coit Road Plano, TX 75075
美国德克萨斯州普莱诺科伊特路1000号兴辰阿尔卡特75075
Phone: +1 972-519-4142 Fax: +1 972-519-3300 EMail: xing.chen@usa.alcatel.com
Phone: +1 972-519-4142 Fax: +1 972-519-3300 EMail: xing.chen@usa.alcatel.com
Sanjeevan Sivalingham Ericsson Wireless Communications Inc., Rm Q-356C 6455 Lusk Blvd San Diego, CA 92126
Sanjeevan Sivalingham Ericsson Wireless Communications Inc.,地址:加利福尼亚州圣地亚哥路斯克大道6455号Q-356C室,邮编:92126
Phone: +1 858-332-5670 EMail: s.sivalingham@ericsson.com
Phone: +1 858-332-5670 EMail: s.sivalingham@ericsson.com
Alan Hameed Fujitsu 2801 Telecom Parkway Richardson, TX 75082
德克萨斯州理查森电信大道2801号艾伦·哈米德·富士通75082
Phone: +1 972-479-2089
电话:+1 972-479-2089
Mark Munson GTE Wireless One GTE Place Alpharetta, GA 30004
Mark Munson GTE Wireless One GTE Place Alpharetta,GA 30004
Phone: +1 678-339-4439 EMail: mmunson@mobilnet.gte.com
Phone: +1 678-339-4439 EMail: mmunson@mobilnet.gte.com
Stuart Jacobs Secure Systems Department GTE Laboratories 40 Sylvan Road, Waltham, MA 02451-1128
斯图尔特·雅各布斯安全系统部GTE实验室马萨诸塞州沃尔瑟姆Sylvan路40号02451-1128
Phone: +1 781-466-3076 Fax: +1 781-466-2838 EMail: sjacobs@gte.com
Phone: +1 781-466-3076 Fax: +1 781-466-2838 EMail: sjacobs@gte.com
Byung-Keun Lim LG Electronics, Ltd. 533, Hogye-dong, Dongan-ku, Anyang-shi, Kyungki-do,431-080 Korea
Byung Keun Lim LG电子有限公司,地址:韩国京畿道安阳市东安区Hogye dong 533,邮编:431-080
Phone: +82-31-450-7199 Fax: +82-31-450-7050 EMail: bklim@lgic.co.kr
Phone: +82-31-450-7199 Fax: +82-31-450-7050 EMail: bklim@lgic.co.kr
Brent Hirschman 1501 Shure Dr. Arlington Hieghts, IL 60006
布伦特·赫希曼1501舒尔阿灵顿博士,伊利诺伊州,60006
Phone: +1 847-632-1563 EMail: qa4053@email.mot.com
Phone: +1 847-632-1563 EMail: qa4053@email.mot.com
Raymond T. Hsu Qualcomm Inc. 6455 Lusk Blvd. San Diego, CA 92121
雷蒙德T.许高通公司,卢斯克大道6455号。加利福尼亚州圣地亚哥92121
Phone: +1 619-651-3623 EMail: rhsu@qualcomm.com
Phone: +1 619-651-3623 EMail: rhsu@qualcomm.com
Haeng S. Koo Samsung Telecommunications America, Inc. 1130 E. Arapaho Road Richardson, TX 75081
德克萨斯州理查森市阿拉帕霍东路1130号三星通讯美国有限公司,邮编75081
Phone: +1 972-761-7755 EMail: hskoo@sta.samsung.com
Phone: +1 972-761-7755 EMail: hskoo@sta.samsung.com
Mark A. Lipford Sprint PCS 8001 College Blvd.; Suite 210 Overland Park, KS 66210
马克·A·利普福德斯普林特PCS 8001学院大道。;堪萨斯州陆上公园210室,邮编66210
Phone: +1 913-664-8335 EMail: mlipfo01@sprintspectrum.com
Phone: +1 913-664-8335 EMail: mlipfo01@sprintspectrum.com
Ed Campbell 3Com Corporation 1800 W. Central Rd. Mount Prospect, IL 60056
伊利诺伊州展望山中央西路1800号Ed Campbell 3Com Corporation 60056
Phone: +1 847-342-6769 EMail: ed_campbell@3com.com
Phone: +1 847-342-6769 EMail: ed_campbell@3com.com
Name: Yingchun Xu WaterCove Networks One Century Centre, Suite 550 1750 E. Golf Road Schaumburg, IL
名称:伊利诺伊州绍姆堡高尔夫大道东5501750室迎春徐水运网络一世纪中心
Phone: +1 847-477-9280 EMail: yxu@watercove.com
Phone: +1 847-477-9280 EMail: yxu@watercove.com
Shinichi Baba Toshiba America Research, Inc. PO Box 136, Convent Station, NJ 07961-0136
新日本东芝美国研究有限公司新日Baba Toshiba America Research,Inc.新泽西州修道院站136号邮政信箱07961-0136
Phone: +1 973-829-4795 EMail: sbaba@tari.toshiba.com
Phone: +1 973-829-4795 EMail: sbaba@tari.toshiba.com
Eric Jaques Vodafone AirTouch 2999 Oak Road, MS-750 Walnut Creek, CA 94596
Eric Jaques Vodafone AirTouch加利福尼亚州核桃溪橡树路2999号MS-750邮编94596
Phone: +1 925-279-6142 EMail: ejaques@akamail.com
Phone: +1 925-279-6142 EMail: ejaques@akamail.com
The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何努力来确定任何此类权利。有关IETF在标准跟踪和标准相关文件中权利的程序信息,请参见BCP-11。可从IETF秘书处获得可供发布的权利声明副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果。
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涉及实施本标准所需技术的专有权利。请将信息发送给IETF执行董事。
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。