Network Working Group P. Congdon Request for Comments: 4849 M. Sanchez Category: Standards Track ProCurve Networking by HP B. Aboba Microsoft Corporation April 2007
Network Working Group P. Congdon Request for Comments: 4849 M. Sanchez Category: Standards Track ProCurve Networking by HP B. Aboba Microsoft Corporation April 2007
RADIUS Filter Rule Attribute
半径过滤器规则属性
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The IETF Trust (2007).
版权所有(C)IETF信托基金(2007年)。
Abstract
摘要
While RFC 2865 defines the Filter-Id attribute, it requires that the Network Access Server (NAS) be pre-populated with the desired filters. However, in situations where the server operator does not know which filters have been pre-populated, it is useful to specify filter rules explicitly. This document defines the NAS-Filter-Rule attribute within the Remote Authentication Dial In User Service (RADIUS). This attribute is based on the Diameter NAS-Filter-Rule Attribute Value Pair (AVP) described in RFC 4005, and the IPFilterRule syntax defined in RFC 3588.
虽然RFC 2865定义了过滤器Id属性,但它要求网络访问服务器(NAS)预先填充所需的过滤器。但是,在服务器操作员不知道预填充了哪些筛选器的情况下,显式指定筛选器规则非常有用。本文档定义了远程身份验证拨入用户服务(RADIUS)中的NAS筛选器规则属性。此属性基于RFC 4005中描述的Diameter NAS筛选器规则属性值对(AVP)和RFC 3588中定义的IPFilterRule语法。
Table of Contents
目录
1. Introduction ....................................................2 1.1. Terminology ................................................2 1.2. Requirements Language ......................................3 1.3. Attribute Interpretation ...................................3 2. NAS-Filter-Rule Attribute .......................................3 3. Table of Attributes .............................................5 4. Diameter Considerations .........................................5 5. IANA Considerations .............................................6 6. Security Considerations .........................................6 7. References ......................................................7 7.1. Normative References .......................................7 7.2. Informative References .....................................7 8. Acknowledgments .................................................7
1. Introduction ....................................................2 1.1. Terminology ................................................2 1.2. Requirements Language ......................................3 1.3. Attribute Interpretation ...................................3 2. NAS-Filter-Rule Attribute .......................................3 3. Table of Attributes .............................................5 4. Diameter Considerations .........................................5 5. IANA Considerations .............................................6 6. Security Considerations .........................................6 7. References ......................................................7 7.1. Normative References .......................................7 7.2. Informative References .....................................7 8. Acknowledgments .................................................7
This document defines the NAS-Filter-Rule attribute within the Remote Authentication Dial In User Service (RADIUS). This attribute has the same functionality as the Diameter NAS-Filter-Rule AVP (400) defined in [RFC4005], Section 6.6, and the same syntax as an IPFilterRule defined in [RFC3588], Section 4.3. This attribute may prove useful for provisioning of filter rules.
本文档定义了远程身份验证拨入用户服务(RADIUS)中的NAS筛选器规则属性。此属性的功能与[RFC4005]第6.6节中定义的Diameter NAS筛选器规则AVP(400)相同,语法与[RFC3588]第4.3节中定义的IPFilterRule相同。此属性对于提供筛选规则可能很有用。
While [RFC2865], Section 5.11, defines the Filter-Id attribute (11), it requires that the Network Access Server (NAS) be pre-populated with the desired filters. However, in situations where the server operator does not know which filters have been pre-populated, it is useful to specify filter rules explicitly.
虽然[RFC2865]第5.11节定义了过滤器Id属性(11),但它要求网络访问服务器(NAS)预先填充所需的过滤器。但是,在服务器操作员不知道预填充了哪些筛选器的情况下,显式指定筛选器规则非常有用。
This document uses the following terms:
本文件使用以下术语:
Network Access Server (NAS) A device that provides an access service for a user to a network.
网络访问服务器(NAS)为用户提供网络访问服务的设备。
RADIUS server A RADIUS authentication server is an entity that provides an authentication service to a NAS.
RADIUS服务器RADIUS身份验证服务器是向NAS提供身份验证服务的实体。
RADIUS proxy A RADIUS proxy acts as an authentication server to the NAS, and a RADIUS client to the RADIUS server.
RADIUS代理RADIUS代理充当NAS的身份验证服务器,以及RADIUS服务器的RADIUS客户端。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
If a NAS conforming to this specification receives an Access-Accept packet containing a NAS-Filter-Rule attribute that it cannot apply, it MUST act as though it had received an Access-Reject. [RFC3576] requires that a NAS receiving a Change of Authorization Request (CoA-Request) reply with a CoA-NAK if the Request contains an unsupported attribute. It is RECOMMENDED that an Error-Cause attribute with value set to "Unsupported Attribute" (401) be included in the CoA-NAK. As noted in [RFC3576], authorization changes are atomic so that this situation does not result in session termination, and the pre-existing configuration remains unchanged. As a result, no accounting packets should be generated because of the CoA-Request.
如果符合本规范的NAS接收到包含其无法应用的NAS筛选规则属性的访问接受数据包,则其行为必须与接收到访问拒绝一样。[RFC3576]要求接收授权变更请求(CoA请求)的NAS在请求包含不受支持的属性时使用CoA NAK进行回复。建议在CoA NAK中包含一个值设置为“Unsupported attribute”(401)的错误原因属性。如[RFC3576]所述,授权更改是原子性的,因此这种情况不会导致会话终止,并且预先存在的配置保持不变。因此,由于CoA请求,不应生成记帐数据包。
Description
描述
This attribute indicates filter rules to be applied for this user. Zero or more NAS-Filter-Rule attributes MAY be sent in Access-Accept, CoA-Request, or Accounting-Request packets.
此属性表示要为此用户应用的筛选规则。可以在访问接受、CoA请求或记帐请求数据包中发送零个或多个NAS筛选规则属性。
The NAS-Filter-Rule attribute is not intended to be used concurrently with any other filter rule attribute, including Filter-Id (11) and NAS-Traffic-Rule [Traffic] attributes. NAS-Filter-Rule and NAS-Traffic-Rule attributes MUST NOT appear in the same RADIUS packet. If a NAS-Traffic-Rule attribute is present, a NAS implementing this specification MUST silently discard any NAS-Filter-Rule attributes that are present. Filter-Id and NAS-Filter-Rule attributes SHOULD NOT appear in the same RADIUS packet. Given the absence in [RFC4005] of well-defined precedence rules for combining Filter-Id and NAS-Filter-Rule attributes into a single rule set, the behavior of NASes receiving both attributes is undefined, and therefore a RADIUS server implementation cannot assume a consistent behavior.
NAS筛选器规则属性不打算与任何其他筛选器规则属性(包括筛选器Id(11)和NAS流量规则[流量]属性)同时使用。NAS筛选规则和NAS流量规则属性不得出现在同一RADIUS数据包中。如果存在NAS流量规则属性,则实施此规范的NAS必须以静默方式放弃存在的任何NAS筛选规则属性。筛选器Id和NAS筛选器规则属性不应出现在同一RADIUS数据包中。鉴于[RFC4005]中没有定义良好的优先规则将筛选器Id和NAS筛选器规则属性组合到单个规则集中,因此接收这两个属性的NASE的行为未定义,因此RADIUS服务器实现无法假设一致的行为。
Where multiple NAS-Filter-Rule attributes are included in a RADIUS packet, the String field of the attributes are to be concatenated to form a set of filter rules. As noted in [RFC2865], Section 2.3, "the forwarding server MUST NOT change the order of any attributes of the same type", so that RADIUS proxies will not reorder NAS-Filter-Rule attributes.
如果RADIUS数据包中包含多个NAS筛选规则属性,则属性的字符串字段将被连接以形成一组筛选规则。如[RFC2865]第2.3节所述,“转发服务器不得更改任何相同类型属性的顺序”,因此RADIUS代理不会对NAS筛选规则属性重新排序。
A summary of the NAS-Filter-Rule Attribute format is shown below. The fields are transmitted from left to right.
NAS筛选规则属性格式的摘要如下所示。字段从左向右传输。
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | String... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
类型
92
92
Length
长
>=3
>=3
String
一串
The String field is one or more octets. It contains filter rules in the IPFilterRule syntax defined in [RFC3588], Section 4.3, with individual filter rules separated by a NUL (0x00). A NAS-Filter-Rule attribute may contain a partial rule, one rule, or more than one rule. Filter rules may be continued across attribute boundaries, so implementations cannot assume that individual filter rules begin or end on attribute boundaries.
字符串字段是一个或多个八位字节。它包含在[RFC3588]第4.3节中定义的IPFilterRule语法中的过滤规则,各个过滤规则由NUL(0x00)分隔。NAS筛选器规则属性可以包含部分规则、一个规则或多个规则。过滤规则可以跨属性边界继续,因此实现不能假设单个过滤规则在属性边界上开始或结束。
The set of NAS-Filter-Rule attributes SHOULD be created by concatenating the individual filter rules, separated by a NUL (0x00) octet. The resulting data should be split on 253-octet boundaries to obtain a set of NAS-Filter-Rule attributes. On reception, the individual filter rules are determined by concatenating the contents of all NAS-Filter-Rule attributes, and then splitting individual filter rules with the NUL octet (0x00) as a delimiter.
NAS筛选规则属性集应通过连接各个筛选规则来创建,并由NUL(0x00)八位字节分隔。结果数据应在253个八位字节边界上分割,以获得一组NAS筛选规则属性。在接收时,通过连接所有NAS筛选器规则属性的内容,然后使用NUL八位字节(0x00)作为分隔符拆分单个筛选器规则来确定单个筛选器规则。
The following table provides a guide to which attributes may be found in which kinds of packets, and in what quantity.
下表提供了在哪些类型的数据包中可以找到哪些属性以及数量的指南。
Access- Access- Access- Access- CoA- Acct-Request Accept Reject Challenge Req Req # Attribute 0 0+ 0 0 0+ 0+ 92 NAS-Filter-Rule
访问-访问-访问-访问-CoA-帐户请求接受拒绝质询请求请求#属性0+0+0+0+92 NAS筛选规则
The following table defines the meaning of the above table entries.
下表定义了上述表格条目的含义。
0 This attribute MUST NOT be present in the packet. 0+ Zero or more instances of this attribute MAY be present in the packet. 0-1 Zero or one instance of this attribute MAY be present in the packet.
0此属性不能出现在数据包中。数据包中可能存在0+零个或多个此属性的实例。0-1数据包中可能存在该属性的零个或一个实例。
[RFC4005], Section 6.6, defines the NAS-Filter-Rule AVP (400) with the same functionality as the RADIUS NAS-Filter-Rule attribute. In order to support interoperability, Diameter/RADIUS gateways will need to be configured to translate RADIUS attribute 92 to Diameter NAS-Filter-Rule AVP (400) and vice versa.
[RFC4005]第6.6节定义了NAS过滤规则AVP(400),其功能与RADIUS NAS过滤规则属性相同。为了支持互操作性,需要将Diameter/RADIUS网关配置为将RADIUS属性92转换为Diameter NAS过滤规则AVP(400),反之亦然。
When translating Diameter NAS-Filter-Rule AVPs to RADIUS NAS-Filter-Rule attributes, the set of NAS-Filter-Rule attributes is created by concatenating the individual filter rules, separated by a NUL octet. The resulting data SHOULD then be split on 253-octet boundaries.
将Diameter NAS筛选规则AVPs转换为RADIUS NAS筛选规则属性时,NAS筛选规则属性集是通过连接单个筛选规则创建的,由NUL八位字节分隔。然后,应在253个八位组边界上拆分生成的数据。
When translating RADIUS NAS-Filter-Rule attributes to Diameter NAS-Filter-Rule AVPs, the individual rules are determined by concatenating the contents of all NAS-Filter-Rule attributes, and then splitting individual filter rules with the NUL octet as a delimiter. Each rule is then encoded as a single Diameter NAS-Filter-Rule AVP.
将RADIUS NAS筛选规则属性转换为Diameter NAS筛选规则AVPs时,通过连接所有NAS筛选规则属性的内容,然后以NUL八位字节作为分隔符拆分各个筛选规则来确定各个规则。然后将每个规则编码为单直径NAS筛选规则AVP。
Note that a translated Diameter message can be larger than the maximum RADIUS packet size (4096 bytes). Where a Diameter/RADIUS gateway receives a Diameter message containing a NAS-Filter-Rule AVP that is too large to fit into a RADIUS packet, the Diameter/RADIUS gateway will respond to the originating Diameter peer with a Result-Code AVP with the value DIAMETER_RADIUS_AVP_UNTRANSLATABLE (5018), and with a Failed-AVP AVP containing the NAS-Filter-Rule AVP. Since repairing the error will probably require re-working the filter rules, the originating peer should treat the combination of a Result-Code AVP with value DIAMETER_RADIUS_AVP_UNTRANSLATABLE and a Failed-AVP AVP containing a NAS-Filter-Rule AVP as a terminal error.
请注意,转换后的Diameter消息可以大于最大RADIUS数据包大小(4096字节)。如果Diameter/RADIUS网关接收到包含NAS过滤规则AVP的Diameter消息,该规则AVP太大,无法装入RADIUS数据包,则Diameter/RADIUS网关将使用值为Diameter\u RADIUS\u AVP\u UNTRANSLATABLE(5018)的结果代码AVP响应原始Diameter对等方,以及包含NAS筛选规则AVP的失败AVP AVP。由于修复错误可能需要重新处理过滤规则,发起对等方应将结果代码AVP与值DIAMETER_RADIUS_AVP_不可翻译和包含NAS过滤规则AVP的失败AVP AVP的组合视为终端错误。
This specification does not create any new registries.
本规范不创建任何新的注册表。
This document uses the RADIUS [RFC2865] namespace, see <http://www.iana.org/assignments/radius-types>. One value has been allocated in the section "RADIUS Attribute Types". The RADIUS attribute for which a value has been assigned is:
本文档使用RADIUS[RFC2865]名称空间,请参阅<http://www.iana.org/assignments/radius-types>. “半径属性类型”一节中分配了一个值。已为其指定值的半径属性为:
92 - NAS-Filter-Rule
92-NAS筛选规则
This document also utilizes the Diameter [RFC3588] namespace. A Diameter Result-Code AVP value for the DIAMETER_RADIUS_AVP_UNTRANSLATABLE error has been allocated. Since this is a permanent failure, the allocation (5018) is in the 5xxx range.
本文档还使用Diameter[RFC3588]名称空间。已分配直径_半径_AVP _不可翻译错误的直径结果代码AVP值。由于这是一个永久性故障,分配(5018)在5xxx范围内。
This specification describes the use of RADIUS for purposes of authentication, authorization and accounting. Threats and security issues for this application are described in [RFC3579] and [RFC3580]; security issues encountered in roaming are described in [RFC2607].
本规范描述了RADIUS用于身份验证、授权和记帐的用途。[RFC3579]和[RFC3580]中描述了此应用程序的威胁和安全问题;[RFC2607]中描述了漫游中遇到的安全问题。
This document specifies a new attribute that can be included in existing RADIUS packets, which are protected as described in [RFC3579] and [RFC3576]. See those documents for a more detailed description.
本文档指定了可包含在现有RADIUS数据包中的新属性,这些数据包受[RFC3579]和[RFC3576]中所述的保护。有关更详细的说明,请参阅这些文档。
The security mechanisms supported in RADIUS and Diameter are focused on preventing an attacker from spoofing packets or modifying packets in transit. They do not prevent an authorized RADIUS/Diameter server or proxy from modifying, inserting, or removing attributes with malicious intent. Filter attributes modified or removed by a RADIUS/Diameter proxy may enable a user to obtain network access without the appropriate filters; if the proxy were also to modify accounting packets, then the modification would not be reflected in the accounting server logs.
RADIUS和Diameter中支持的安全机制主要用于防止攻击者欺骗数据包或修改传输中的数据包。它们不能阻止授权的RADIUS/Diameter服务器或代理修改、插入或删除恶意属性。由RADIUS/Diameter代理修改或删除的过滤器属性可使用户在不使用适当过滤器的情况下获得网络访问;如果代理也要修改记帐数据包,则该修改不会反映在记帐服务器日志中。
Since the RADIUS protocol currently does not support capability negotiation, a RADIUS server cannot automatically discover whether a NAS supports the NAS-Filter-Rule attribute. A legacy NAS not compliant with this specification may silently discard the NAS-Filter-Rule attribute while permitting the user to access the network. This can cause users to improperly receive unfiltered access to the network. As a result, the NAS-Filter-Rule attribute SHOULD only be sent to a NAS that is known to support it.
由于RADIUS协议当前不支持能力协商,RADIUS服务器无法自动发现NAS是否支持NAS筛选规则属性。不符合此规范的旧版NAS可能会在允许用户访问网络时自动放弃NAS筛选规则属性。这可能会导致用户不正确地接收未经过滤的网络访问。因此,NAS筛选规则属性应仅发送到已知支持它的NAS。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March, 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000.
[RFC2865]Rigney,C.,Willens,S.,Rubens,A.,和W.Simpson,“远程认证拨入用户服务(RADIUS)”,RFC 28652000年6月。
[RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, "Diameter Base Protocol", RFC 3588, September 2003.
[RFC3588]Calhoun,P.,Loughney,J.,Guttman,E.,Zorn,G.,和J.Arkko,“直径基础协议”,RFC 3588,2003年9月。
[RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, "Diameter Network Access Server Application", RFC 4005, August 2005.
[RFC4005]Calhoun,P.,Zorn,G.,Spence,D.,和D.Mitton,“Diameter网络访问服务器应用”,RFC 4005,2005年8月。
[RFC2607] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy Implementation in Roaming", RFC 2607, June 1999.
[RFC2607]Aboba,B.和J.Vollbrecht,“漫游中的代理链接和策略实施”,RFC 2607,1999年6月。
[RFC3576] Chiba, M., Dommety, G., Eklund, M., Mitton, D., and B. Aboba, "Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)", RFC 3576, July 2003.
[RFC3576]Chiba,M.,Dommety,G.,Eklund,M.,Mitton,D.,和B.Aboba,“远程认证拨号用户服务(RADIUS)的动态授权扩展”,RFC 35762003年7月。
[RFC3579] Aboba, B. and P. Calhoun, "RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP)", RFC 3579, September 2003.
[RFC3579]Aboba,B.和P.Calhoun,“RADIUS(远程认证拨入用户服务)对可扩展认证协议(EAP)的支持”,RFC 3579,2003年9月。
[RFC3580] Congdon, P., Aboba, B., Smith, A., Zorn, G., and J. Roese, "IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines", RFC 3580, September 2003.
[RFC3580]Congdon,P.,Aboba,B.,Smith,A.,Zorn,G.,和J.Roese,“IEEE 802.1X远程认证拨入用户服务(RADIUS)使用指南”,RFC 35802003年9月。
[Traffic] Congdon, P., Sanchez, M., Lior, A., Adrangi, F., and B. Aboba, "RADIUS Attributes for Filtering and Redirection", Work in Progress, March 2007.
[Traffic]Congdon,P.,Sanchez,M.,Lior,A.,Adrangi,F.,和B.Aboba,“过滤和重定向的半径属性”,正在进行的工作,2007年3月。
The authors would like to acknowledge Emile Bergen, Alan DeKok, Greg Weber, Glen Zorn, Pasi Eronen, David Mitton, and David Nelson for contributions to this document.
作者要感谢Emile Bergen、Alan DeKok、Greg Weber、Glen Zorn、Pasi Eronen、David Mitton和David Nelson对本文件的贡献。
Authors' Addresses
作者地址
Paul Congdon Hewlett Packard Company ProCurve Networking by HP 8000 Foothills Blvd, M/S 5662 Roseville, CA 95747
Paul Congdon Hewlett-Packard Company ProCurve Networking,惠普8000 Foothills Blvd,加利福尼亚州罗斯维尔市南5662号,邮编95747
EMail: paul.congdon@hp.com Phone: +1 916 785 5753 Fax: +1 916 785 8478
EMail: paul.congdon@hp.com Phone: +1 916 785 5753 Fax: +1 916 785 8478
Mauricio Sanchez Hewlett Packard Company ProCurve Networking by HP 8000 Foothills Blvd, M/S 5559 Roseville, CA 95747
Mauricio Sanchez Hewlett-Packard Company ProCurve Networking,惠普8000 Foothills Blvd,加利福尼亚州罗斯维尔市南5559号,邮编95747
EMail: mauricio.sanchez@hp.com Phone: +1 916 785 1910 Fax: +1 916 785 1815
EMail: mauricio.sanchez@hp.com Phone: +1 916 785 1910 Fax: +1 916 785 1815
Bernard Aboba Microsoft Corporation One Microsoft Way Redmond, WA 98052
伯纳德·阿博巴(Bernard Aboba)微软公司华盛顿州雷德蒙微软大道一号,邮编:98052
EMail: bernarda@microsoft.com Phone: +1 425 706 6605 Fax: +1 425 936 7329
EMail: bernarda@microsoft.com Phone: +1 425 706 6605 Fax: +1 425 936 7329
Full Copyright Statement
完整版权声明
Copyright (C) The IETF Trust (2007).
版权所有(C)IETF信托基金(2007年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息以“原样”为基础提供,贡献者、他/她所代表或赞助的组织(如有)、互联网协会、IETF信托基金和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。