Network Working Group                                       S. Santesson
Request for Comments: 4985                                     Microsoft
Category: Standards Track                                    August 2007
        
Network Working Group                                       S. Santesson
Request for Comments: 4985                                     Microsoft
Category: Standards Track                                    August 2007
        

Internet X.509 Public Key Infrastructure Subject Alternative Name for Expression of Service Name

Internet X.509公钥基础设施主题服务名称表达式的备选名称

Status of This Memo

关于下段备忘

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。

Abstract

摘要

This document defines a new name form for inclusion in the otherName field of an X.509 Subject Alternative Name extension that allows a certificate subject to be associated with the service name and domain name components of a DNS Service Resource Record.

本文档定义了一个新的名称表单,用于包含在X.509使用者替代名称扩展的otherName字段中,该扩展允许证书使用者与DNS服务资源记录的服务名称和域名组件相关联。

Table of Contents

目录

   1. Introduction ....................................................2
      1.1. Terminology ................................................2
   2. Name Definitions ................................................2
   3. Internationalized Domain Names ..................................4
   4. Name Constraints Matching Rules .................................5
   5. Security Considerations .........................................6
   6. Normative References ............................................6
   Appendix A. ASN.1 Syntax ...........................................7
      Appendix A.1. 1988 ASN.1 Module .................................7
      Appendix A.2. 1993 ASN.1 Module .................................8
        
   1. Introduction ....................................................2
      1.1. Terminology ................................................2
   2. Name Definitions ................................................2
   3. Internationalized Domain Names ..................................4
   4. Name Constraints Matching Rules .................................5
   5. Security Considerations .........................................6
   6. Normative References ............................................6
   Appendix A. ASN.1 Syntax ...........................................7
      Appendix A.1. 1988 ASN.1 Module .................................7
      Appendix A.2. 1993 ASN.1 Module .................................8
        
1. Introduction
1. 介绍

This document specifies a name form for inclusion in X.509 certificates that may be used by a certificate relying party to verify that a particular host is authorized to provide a specific service within a domain.

本文档指定了X.509证书中包含的名称表单,证书依赖方可使用该表单验证特定主机是否有权在域内提供特定服务。

RFC 2782 [N3] defines a DNS RR (Resource Record) for specifying the location of services (SRV RR), which allows clients to ask for a specific service/protocol for a specific domain and get back the names of any available servers.

RFC 2782[N3]定义了用于指定服务位置(SRV RR)的DNS RR(资源记录),它允许客户端请求特定域的特定服务/协议,并获取任何可用服务器的名称。

Existing name forms in X.509 certificates support authentication of a host name. This is useful when the name of the host is known by the client prior to authentication.

X.509证书中的现有名称表单支持主机名的身份验证。当客户端在身份验证之前知道主机名时,这非常有用。

When a server host name is discovered through DNS RR lookup query based on service name, the client may need to authenticate the server's authorization to provide the requested service in addition to the server's host name.

当通过基于服务名称的DNS RR查找查询发现服务器主机名时,客户端可能需要验证服务器的授权,以提供服务器主机名之外的请求服务。

While DNS servers may have the capacity to provide trusted information, there may be many other situations where the binding between the name of the host and the provided service needs to be supported by additional credentials.

虽然DNS服务器可能具有提供受信任信息的能力,但在许多其他情况下,主机名和提供的服务之间的绑定需要额外的凭据支持。

Current dNSName GeneralName Subject Alternative name form only provides for DNS host names to be expressed in "preferred name syntax", as specified by RFC 1034 [N4]. This definition is therefore not broad enough to allow expression of a service related to that domain.

按照RFC 1034[N4]的规定,当前的dNSName GeneralName Subject备用名称表单仅提供了以“首选名称语法”表示的DNS主机名。因此,该定义不够广泛,不允许表达与该域相关的服务。

1.1. Terminology
1.1. 术语

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [N1].

本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[N1]中所述进行解释。

2. Name Definitions
2. 名称定义

This section defines the SRVName name as a form of otherName from the GeneralName structure in SubjectAltName defined in RFC 3280 [N2].

本节从RFC 3280[N2]中定义的SubjectAltName中的GeneralName结构中将SRVName名称定义为otherName的一种形式。

      id-on-dnsSRV OBJECT IDENTIFIER ::= { id-on 7 }
        
      id-on-dnsSRV OBJECT IDENTIFIER ::= { id-on 7 }
        
      SRVName ::= IA5String (SIZE (1..MAX))
        
      SRVName ::= IA5String (SIZE (1..MAX))
        

The SRVName, if present, MUST contain a service name and a domain name in the following form:

SRVName(如果存在)必须包含以下形式的服务名称和域名:

_Service.Name

_服务名称

The content of the components of this name form MUST be consistent with the corresponding definition of these components in an SRV RR according to RFC 2782 [N3].

根据RFC 2782[N3],此名称表的组件内容必须与SRV RR中这些组件的相应定义一致。

The content of these components are:

这些组件的内容包括:

Service The symbolic name of the desired service, as defined in Assigned Numbers [N5] or locally. An underscore (_) is prepended to the service identifier to avoid collisions with DNS labels that occur in nature. Some widely used services, notably POP, don't have a single universal name. If Assigned Numbers names the service indicated, that name is the only name that is allowed in the service component of this name form. The Service is case insensitive.

服务所需服务的符号名称,如分配编号[N5]或本地所定义。在服务标识符前面加上下划线(41;,以避免与自然界中发生的DNS标签发生冲突。一些广泛使用的服务,尤其是POP,没有一个通用名称。如果指定的编号为所指示的服务命名,则该名称是此名称表单的服务组件中允许的唯一名称。该服务不区分大小写。

Name The DNS domain name of the domain where the specified service is located.

Name指定服务所在域的DNS域名。

If the domain name is an Internationalized Domain Name (IDN), then encoding in ASCII form SHALL be done as defined in section 3.

如果域名是国际化域名(IDN),则应按照第3节中的定义以ASCII格式进行编码。

Even though this name form is based on the service resource record (SRV RR) definition in RFC 2782 [N3] and may be used to enhance subsequent authentication of DNS-based service discovery, this standard does not define any new conditions or requirements regarding use of SRV RR for service discovery or where and when such use is appropriate.

尽管此名称表基于RFC 2782[N3]中的服务资源记录(SRV RR)定义,并可用于增强基于DNS的服务发现的后续身份验证,但本标准未定义有关使用SRV RR进行服务发现的任何新条件或要求,也未定义此类使用的适当位置和时间。

The format of a DNS RR, according to RFC 2782, also includes a protocol component (_Service._Proto.Name). This protocol component is not included in the SRVName specified in this document. The purpose of the SRVName is limited to authorization of service provision within a domain. It is outside the scope of the SRVName to provide any means to verify that the host is using any intended protocol. By omitting the protocol component from the SRVName two important advantages have been achieved:

根据RFC2782,DNS RR的格式还包括一个协议组件(_Service._Proto.Name)。此协议组件不包括在本文档中指定的SRVName中。SRVName的用途仅限于授权域内的服务提供。提供任何方法来验证主机是否正在使用任何预期的协议超出了SRVName的范围。通过从SRVName中省略协议组件,实现了两个重要的优点:

* One certificate with a single SRVName can be issued to a host that offers multiple protocol alternatives.

* 可以向提供多个协议替代方案的主机颁发一个带有单个SRVName的证书。

* Name constraints processing rules (specified in section 4)are significantly less complex to define without the protocol component.

* 在没有协议组件的情况下,名称约束处理规则(在第4节中指定)的定义要简单得多。

A present SRVName in a certificate MUST NOT be used to identify a host unless one of the following conditions applies:

除非下列条件之一适用,否则证书中的当前SRVName不得用于标识主机:

* Use of this name form is specified by the security protocol being used and the identified service has a defined service name according to RFC 2782, or;

* 此名称表的使用由所使用的安全协议指定,且已识别的服务具有根据RFC 2782定义的服务名称,或;

* Use of this name form is configured by local policy.

* 此名称表单的使用由本地策略配置。

3. Internationalized Domain Names
3. 国际化域名

IA5String is limited to the set of ASCII characters. To accommodate internationalized domain names in the current structure, conforming implementations MUST convert internationalized domain names to the ASCII Compatible Encoding (ACE) format as specified in section 4 of RFC 3490 [N6] before storage in the Name part of SRVName. Specifically, conforming implementations MUST perform the conversion operation specified in section 4 of RFC 3490 [N6], with the following clarifications:

IA5String仅限于ASCII字符集。为了在当前结构中容纳国际化域名,一致性实现必须将国际化域名转换为RFC 3490[N6]第4节规定的ASCII兼容编码(ACE)格式,然后再存储在SRVName的名称部分。具体而言,符合性实施必须执行RFC 3490[N6]第4节中规定的转换操作,并进行以下澄清:

* in step 1, the domain name SHALL be considered a "stored string". That is, the AllowUnassigned flag SHALL NOT be set;

* 在步骤1中,域名应被视为“存储字符串”。即,不应设置AllowUnassigned标志;

* in step 3, set the flag called "UseSTD3ASCIIRules";

* 在步骤3中,设置名为“usestd3ascirules”的标志;

* in step 4, process each label with the "ToASCII" operation; and

* 在步骤4中,使用“ToASCII”操作处理每个标签;和

* in step 5, change all label separators to U+002E (full stop).

* 在步骤5中,将所有标签分隔符更改为U+002E(句号)。

When comparing DNS names for equality, conforming implementations MUST perform a case-insensitive exact match on the entire domain name. When evaluating name constraints, conforming implementations MUST perform a case-insensitive exact match on a label-by-label basis.

在比较DNS名称是否相等时,一致性实现必须对整个域名执行不区分大小写的精确匹配。在评估名称约束时,一致性实现必须逐个标签执行不区分大小写的精确匹配。

Implementations SHOULD convert IDNs to Unicode before display. Specifically, conforming implementations SHOULD perform the conversion operation specified in section 4 of RFC 3490 [N6], with the following clarifications:

实现应在显示之前将IDN转换为Unicode。具体而言,符合性实施应执行RFC 3490[N6]第4节中规定的转换操作,并进行以下澄清:

* in step 1, the domain name SHALL be considered a "stored string". That is, the AllowUnassigned flag SHALL NOT be set;

* 在步骤1中,域名应被视为“存储字符串”。即,不应设置AllowUnassigned标志;

* in step 3, set the flag called "UseSTD3ASCIIRules";

* 在步骤3中,设置名为“usestd3ascirules”的标志;

* in step 4, process each label with the "ToUnicode" operation; and

* 在步骤4中,使用“ToUnicode”操作处理每个标签;和

* skip step 5.

* 跳过第5步。

Note: Implementations MUST allow for increased space requirements for IDNs. An IDN ACE label will begin with the four additional characters "xn--" and may require as many as five ASCII characters to specify a single international character.

注意:实施必须考虑到IDN增加的空间需求。IDN ACE标签将以四个附加字符“xn--”开头,并且可能需要多达五个ASCII字符来指定单个国际字符。

4. Name Constraints Matching Rules
4. 名称约束匹配规则

Name constraining, as specified in RFC 3280, MAY be applied to the SRVName by adding name restriction in the name constraints extension in the form of an SRVName.

RFC 3280中指定的名称约束可以通过在名称约束扩展中以SRVName的形式添加名称约束来应用于SRVName。

SRVName restrictions are expressed as a complete SRVName (_mail.example.com), just a service name (_mail), or just as a DNS name (example.com). The name restriction of the service name part and the DNS name part of SRVName are handled separately.

SRVName限制表示为完整的SRVName(_mail.example.com)、服务名称(_mail)或DNS名称(example.com)。SRVName的服务名称部分和DNS名称部分的名称限制分别处理。

If a service name is included in the restriction, then that restriction can only be satisfied by an SRVName that includes a corresponding service name. If the restriction has an absent service name, then that restriction is satisfied by any SRVName that matches the domain part of the restriction.

如果限制中包含服务名称,则只有包含相应服务名称的SRVName才能满足该限制。如果该限制缺少服务名称,则与该限制的域部分匹配的任何SRVName都会满足该限制。

DNS name restrictions are expressed as host.example.com. Any DNS name that can be constructed by simply adding subdomains to the left-hand side of the name satisfies the DNS name part of the name constraint. For example, www.host.example.com would satisfy the constraint (host.example.com) but 1host.example.com would not.

DNS名称限制表示为host.example.com。只要将子域添加到名称的左侧即可构造的任何DNS名称都满足名称约束的DNS名称部分。例如,www.host.example.com会满足约束条件(host.example.com),但1host.example.com不会。

Examples:

示例:

      Name Constraints
      SRVName restriction   Matching SRVName      non-matching SRVName
      ===================   ================      ====================
      example.com           _mail.example.com     _mail.1example.com
                            _ntp.example.com
                            _mail.1.example.com
        
      Name Constraints
      SRVName restriction   Matching SRVName      non-matching SRVName
      ===================   ================      ====================
      example.com           _mail.example.com     _mail.1example.com
                            _ntp.example.com
                            _mail.1.example.com
        

_mail _mail.example.com _ntp.example.com _mail.1example.com

_mail\u mail.example.com\u ntp.example.com\u mail.1example.com

_mail.example.com _mail.example.com _mail.1example.com _mail.1.example.com _ntp.example.com

_mail.example.com\u mail.example.com\u mail.1example.com\u mail.1.example.com\u ntp.example.com

5. Security Considerations
5. 安全考虑

Assignment of services to hosts may be subject to change. Implementers should be aware of the need to revoke old certificates that no longer reflect the current assignment of services and thus make sure that all issued certificates are up to date.

向主机分配服务可能会发生变化。实现者应该意识到需要撤销不再反映当前服务分配的旧证书,从而确保所有颁发的证书都是最新的。

When X.509 certificates enhanced with the name form specified in this standard is used to enhance authentication of service discovery based on an SRV RR query to a DNS server, all security considerations of RFC 2782 applies.

当使用本标准中指定的名称形式增强的X.509证书来增强基于对DNS服务器的SRV RR查询的服务发现的身份验证时,RFC 2782的所有安全注意事项均适用。

6. Normative References
6. 规范性引用文件

[N1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[N1]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[N2] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002.

[N2]Housley,R.,Polk,W.,Ford,W.,和D.Solo,“互联网X.509公钥基础设施证书和证书撤销列表(CRL)概要”,RFC 32802002年4月。

[N3] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for specifying the location of services (DNS SRV)", RFC 2782, February 2000.

[N3]Gulbrandsen,A.,Vixie,P.和L.Esibov,“用于指定服务位置(DNS SRV)的DNS RR”,RFC 2782,2000年2月。

[N4] Mockapetris, P., "DOMAIN NAMES - CONCEPTS AND FACILITIES", STD 13, RFC 1034, November 1987

[N4]Mockapetris,P.,“域名-概念和设施”,STD 13,RFC 1034,1987年11月

[N5] Reynolds, J., "Assigned Numbers: RFC 1700 is Replaced by an On-line Database", RFC 3232, January 2002.

[N5]Reynolds,J.,“分配号码:RFC 1700被在线数据库取代”,RFC 3232,2002年1月。

[N6] Faltstrom, P., Hoffman, P., and A. Costello, "Internationalizing Domain Names in Applications (IDNA)", RFC 3490, March 2003.

[N6]Faltstrom,P.,Hoffman,P.,和A.Costello,“应用程序中的域名国际化(IDNA)”,RFC 34902003年3月。

Appendix A. ASN.1 Syntax
附录A.ASN.1语法

As in RFC 2459, ASN.1 modules are supplied in two different variants of the ASN.1 syntax.

与RFC2459一样,ASN.1模块以ASN.1语法的两种不同变体提供。

This section describes data objects used by conforming Public Key Infrastructure (PKI) components in an "ASN.1-like" syntax. This syntax is a hybrid of the 1988 and 1993 ASN.1 syntaxes. The 1988 ASN.1 syntax is augmented with the 1993 UNIVERSAL Type UTF8String.

本节以“ASN.1-like”语法描述一致性公钥基础设施(PKI)组件使用的数据对象。这种语法是1988年和1993年ASN.1语法的混合。1988年的ASN.1语法使用1993年的通用类型UTF8String进行了扩充。

The ASN.1 syntax does not permit the inclusion of type statements in the ASN.1 module, and the 1993 ASN.1 standard does not permit use of the new UNIVERSAL types in modules using the 1988 syntax. As a result, this module does not conform to either version of the ASN.1 standard.

ASN.1语法不允许在ASN.1模块中包含类型语句,1993年ASN.1标准不允许在使用1988语法的模块中使用新的通用类型。因此,该模块不符合ASN.1标准的任何版本。

Appendix A.1 may be parsed by an 1988 ASN.1-parser by replacing the definitions for the UNIVERSAL Types with the 1988 catch-all "ANY".

附录A.1可由1988年ASN.1-解析器解析,方法是将通用类型的定义替换为1988年的“任何”。

Appendix A.2 may be parsed "as is" by a 1997-compliant ASN.1 parser.

附录A.2可由符合1997年ASN.1的解析器“按原样”进行解析。

In case of discrepancies between these modules, the 1988 module is the normative one.

如果这些模块之间存在差异,则1988模块为规范模块。

Appendix A.1. 1988 ASN.1 Module

附录A.1。1988 ASN.1模块

   PKIXServiceNameSAN88 {iso(1) identified-organization(3) dod(6)
         internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
         id-mod-dns-srv-name-88(39) }
        
   PKIXServiceNameSAN88 {iso(1) identified-organization(3) dod(6)
         internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
         id-mod-dns-srv-name-88(39) }
        
   DEFINITIONS EXPLICIT TAGS ::=
        
   DEFINITIONS EXPLICIT TAGS ::=
        

BEGIN

开始

-- EXPORTS ALL --

--全部出口--

IMPORTS

进口

   -- UTF8String, / move hyphens before slash if UTF8String does not
   -- resolve with your compiler
        
   -- UTF8String, / move hyphens before slash if UTF8String does not
   -- resolve with your compiler
        
        id-pkix
              FROM PKIX1Explicit88 { iso(1) identified-organization(3)
              dod(6) internet(1) security(5) mechanisms(5) pkix(7)
              id-mod(0) id-pkix1-explicit(18) } ;
              -- from RFC3280 [N2]
        
        id-pkix
              FROM PKIX1Explicit88 { iso(1) identified-organization(3)
              dod(6) internet(1) security(5) mechanisms(5) pkix(7)
              id-mod(0) id-pkix1-explicit(18) } ;
              -- from RFC3280 [N2]
        
     -- Service Name Object Identifier and Syntax
     -- id-pkix OBJECT IDENTIFIER ::= {1 3 6 1 5 5 7}
        
     -- Service Name Object Identifier and Syntax
     -- id-pkix OBJECT IDENTIFIER ::= {1 3 6 1 5 5 7}
        
     id-on   OBJECT IDENTIFIER ::= { id-pkix 8 }
        
     id-on   OBJECT IDENTIFIER ::= { id-pkix 8 }
        
     id-on-dnsSRV OBJECT IDENTIFIER ::= { id-on 7 }
        
     id-on-dnsSRV OBJECT IDENTIFIER ::= { id-on 7 }
        
     SRVName ::= IA5String    (SIZE (1..MAX))
        
     SRVName ::= IA5String    (SIZE (1..MAX))
        

END

终止

Appendix A.2. 1993 ASN.1 Module

附录A.2。1993 ASN.1模块

   PKIXServiceNameSAN93 {iso(1) identified-organization(3) dod(6)
       internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
       id-mod-dns-srv-name-93(40) }
        
   PKIXServiceNameSAN93 {iso(1) identified-organization(3) dod(6)
       internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
       id-mod-dns-srv-name-93(40) }
        
   DEFINITIONS EXPLICIT TAGS ::=
        
   DEFINITIONS EXPLICIT TAGS ::=
        

BEGIN

开始

-- EXPORTS ALL --

--全部出口--

IMPORTS

进口

      id-pkix
            FROM PKIX1Explicit88 { iso(1) identified-organization(3)
            dod(6) internet(1) security(5) mechanisms(5) pkix(7)
            id-mod(0) id-pkix1-explicit(18) } ;
             -- from RFC 3280 [N2]
        
      id-pkix
            FROM PKIX1Explicit88 { iso(1) identified-organization(3)
            dod(6) internet(1) security(5) mechanisms(5) pkix(7)
            id-mod(0) id-pkix1-explicit(18) } ;
             -- from RFC 3280 [N2]
        
   -- In the GeneralName definition using the 1993 ASN.1 syntax
   -- includes:
        
   -- In the GeneralName definition using the 1993 ASN.1 syntax
   -- includes:
        
   OTHER-NAME ::= TYPE-IDENTIFIER
        
   OTHER-NAME ::= TYPE-IDENTIFIER
        

-- Service Name Object Identifier

--服务名称对象标识符

   id-on   OBJECT IDENTIFIER ::= { id-pkix 8 }
        
   id-on   OBJECT IDENTIFIER ::= { id-pkix 8 }
        
   id-on-dnsSRV OBJECT IDENTIFIER ::= { id-on 7 }
        
   id-on-dnsSRV OBJECT IDENTIFIER ::= { id-on 7 }
        

-- Service Name

--服务名称

   srvName OTHER-NAME ::= { SRVName IDENTIFIED BY { id-on-dnsSRV }}
        
   srvName OTHER-NAME ::= { SRVName IDENTIFIED BY { id-on-dnsSRV }}
        
   SRVName ::= IA5String (SIZE (1..MAX))
        
   SRVName ::= IA5String (SIZE (1..MAX))
        

END

终止

Author's Address

作者地址

Stefan Santesson Microsoft Tuborg Boulevard 12 2900 Hellerup Denmark

Stefan Santesson Microsoft Tuborg大道12 2900号Hellerup丹麦

   EMail: stefans@microsoft.com
        
   EMail: stefans@microsoft.com
        

Full Copyright Statement

完整版权声明

Copyright (C) The IETF Trust (2007).

版权所有(C)IETF信托基金(2007年)。

This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.

本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。

This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件及其包含的信息以“原样”为基础提供,贡献者、他/她所代表或赞助的组织(如有)、互联网协会、IETF信托基金和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Intellectual Property

知识产权

The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.

IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。

Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.

向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.

IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.