Network Working Group R. Hedberg
Request for Comments: 2378 Umea University
Category: Informational P. Pomes
QUALCOMM, Inc.
September 1998
Network Working Group R. Hedberg
Request for Comments: 2378 Umea University
Category: Informational P. Pomes
QUALCOMM, Inc.
September 1998
The CCSO Nameserver (Ph) Architecture
CCSO名称服务器(Ph)体系结构
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
Abstract
摘要
The Ph Nameserver from the Computing and Communications Services Office (CCSO), University of Illinois at Urbana-Champaign has for some time now been used by several organizations as their choice of publicly available database for information about people as well as other things. This document provides a formal definition of the client-server protocol. The Ph service as specified in this document is built around an information model, a client command language and the server responses.
来自伊利诺伊大学和通信服务办公室(CCSO)的Pr.NeSeServer,在Unrina ChanaPiangle的伊利诺伊大学已经有一段时间被一些组织用来作为公开选择的数据库来获取关于人以及其他事物的信息。本文档提供了客户机-服务器协议的正式定义。本文档中指定的Ph服务是围绕信息模型、客户端命令语言和服务器响应构建的。
At its simplest the Ph database can be thought of as a computer-resident "phone book". However, it can be used to collect arbitrary information about people, and in response to a query about an object named in the database, return information about that entity. It is in short a nameserver for people and objects. It was designed to keep a relatively small amount of arbitrary information about a relatively large number of people or things, and provide access to that information over the Internet. In order to structure the information the manager of the database has to decide which views to present of the real-world objects that are to be represented in the database. Each view is then composed of a number of fields and their values. To support this concept Ph has the notion of named information, i.e., categorizing information into what are called fields and assigning descriptive names to those fields.
在最简单的情况下,Ph数据库可以被认为是驻留在计算机上的“电话簿”。但是,它可以用于收集有关人员的任意信息,并在响应有关数据库中命名的对象的查询时,返回有关该实体的信息。简而言之,它是一个用于人员和对象的名称服务器。它的目的是保存相对少量的关于相对大量的人或事的任意信息,并通过互联网提供对这些信息的访问。为了构造信息,数据库管理器必须决定要在数据库中表示的真实世界对象的视图。然后,每个视图由多个字段及其值组成。为了支持这一概念,Ph提出了命名信息的概念,即将信息分类为所谓的字段,并为这些字段指定描述性名称。
Even if the database resides and is reachable from the Internet it is local in the meaning that no server is supposed to be able to refer a client to another server which might hold the wanted information. However a server may contain a list of other Nameservers which can be used by clients to query other Nameservers for information.
即使数据库驻留在Internet上并且可以从Internet访问,它也是本地的,这意味着任何服务器都不能将客户机引用到另一台可能保存所需信息的服务器。但是,服务器可能包含其他名称服务器的列表,客户端可以使用该列表查询其他名称服务器的信息。
A field descriptor is associated with each field and is used to describe the type and behavior of the field. A field descriptor includes the fieldname, the maximum length of information the field can store before truncation, keywords describing the properties of the field as well as free text describing what kind of information the field is supposed to hold.
字段描述符与每个字段关联,用于描述字段的类型和行为。字段描述符包括字段名、字段在截断前可以存储的信息的最大长度、描述字段属性的关键字以及描述字段应该包含的信息类型的自由文本。
The keywords can be any of the following:
关键字可以是以下任意一种:
Always: Forces the field's contents to be always printed in addition to whatever fields specified by the query.
Always:强制在查询指定的任何字段之外始终打印字段的内容。
Any: This field is always searched by queries. To be most use ful, a field marked as Any should also have the Indexed and Lookup keywords as well.
任何:此字段始终按查询进行搜索。为了最大限度地发挥作用,标记为Any的字段还应该具有索引关键字和查找关键字。
Change: Can be changed by the owner of the entry.
更改:可由条目的所有者更改。
Default: Printed if no return clause is given in the query.
默认值:如果查询中未给出return子句,则打印。
Encrypt: Must be encrypted before transmission.
加密:传输前必须加密。
ForcePub: Viewable/searchable regardless of the content of the suppress field
ForcePub:无论抑制字段的内容如何,都可以查看/搜索
Indexed: Fields that are kept track of in the database's index for efficient lookups. At least one indexed field must be present in each query.
索引:在数据库索引中跟踪的字段,用于高效查找。每个查询中必须至少存在一个索引字段。
LocalPub: May be viewed by anyone in the "local" domain or address space. Fields with this keyword are completely invisible outside of the "local" domain. They will not be shown with the fields command (section 3.3), and are disallowed in query commands or return clauses (section 3.8).
LocalPub:可由“本地”域或地址空间中的任何人查看。具有此关键字的字段在“本地”域之外完全不可见。字段命令(第3.3节)不会显示它们,查询命令或返回子句(第3.8节)不允许显示它们。
Lookup: May be used in the selection part of a query. A Field without this keyword may not be used to select entries.
查找:可用于查询的选择部分。没有此关键字的字段不能用于选择条目。
NoMeta: Wildcard searches are disallowed.
NoMeta:不允许使用通配符搜索。
NoPeople: No entry of type "person" may include this field.
NoPeople:类型为“person”的条目不能包含此字段。
Private: Field may be viewed by Heros (section 1.4) only.
私人:只能由Heros(第1.4节)查看该字段。
Public: May be viewed by anyone. Fields not marked with this keyword may only be viewed by the entry's owner or a Hero.
公共:任何人都可以查看。未标记此关键字的字段只能由条目的所有者或英雄查看。
Sacred: Changes to the field are prohibited except via non-network invocations of the server, i.e., from a tty, file, or pipe.
神圣:除非通过服务器的非网络调用(即从tty、文件或管道),否则禁止更改字段。
Turn: Users may turn off visibility of a field to everyone except themselves and Heros by prefixing the field text with '*'.
关闭:用户可以通过在字段文本前加“*”来关闭字段对除自己和Heros之外的所有人的可见性。
Unique: Any change to the field will be rejected if the change causes the modified field to match the same field in any other entry.
唯一:如果更改导致修改的字段与任何其他条目中的相同字段匹配,则对该字段的任何更改都将被拒绝。
Historically Ph has been restricted to only handle printable characters, that is characters with hexadecimal values between 0x20 and 0x7f. Lately with the spreading of 8-bit clean Operating Systems there is no reason to keep this limitation.
历史上,Ph仅限于处理可打印字符,即十六进制值介于0x20和0x7f之间的字符。最近,随着8位干净操作系统的普及,没有理由保持这种限制。
This document therefore proposes that ISO-8859-1 shall be regarded as an alternative character set for Ph, the default still being US-ASCII.
因此,本文件建议将ISO-8859-1视为Ph的替代字符集,默认字符集仍为US-ASCII。
Clients that utilize ISO-8859-1 should request that the server return ISO-8859-1 by using the "set"-command.
使用ISO-8859-1的客户端应使用“set”-命令请求服务器返回ISO-8859-1。
In the instance that values are stored using ISO-8859-1 and are to be shown to a client expecting US-ASCII, the characters with character codes outside of the US-ASCII range should be displayed in the "Quoted-Printable" content-transfer-encoding form defined in RFC-2045 [MIME].
在使用ISO-8859-1存储值并向需要US-ASCII的客户机显示的情况下,字符代码超出US-ASCII范围的字符应显示在RFC-2045[MIME]中定义的“带引号的可打印”内容传输编码格式中。
1.2. Standardization issues
1.2. 标准化问题
Each Nameserver manager is in essence free to name new fields to suit the special needs of his/her organization. But in order to make the directory service useful outside of the organization it is recommended that a core set of standard fields always should be present.
每个名称服务器管理员本质上都可以自由命名新字段,以满足其组织的特殊需要。但是为了使目录服务在组织之外有用,建议始终提供一组核心的标准字段。
Therefore this document defines a couple of standard collections of fields (Appendix A).
因此,本文档定义了两个标准字段集合(附录a)。
Also note that the architecture makes no assumption about the search and retrieval mechanisms used within individual servers. Operators are thereby free to use any kind of dedicated databases, fast indexing software or even gateways to other directory services to store and retrieve the information, if desired.
还要注意的是,该体系结构没有假设在单个服务器中使用的搜索和检索机制。因此,如果需要的话,运营商可以自由使用任何类型的专用数据库、快速索引软件甚至其他目录服务的网关来存储和检索信息。
Ph simply functions as a known front-end, offering a simple data model in addition to a well known port and simple query language.
Ph只是作为一个已知的前端,除了提供一个众所周知的端口和简单的查询语言外,还提供一个简单的数据模型。
In examples, "C:" and "S:" indicate lines sent by the client and server respectively.
在示例中,“C:”和“S:”分别表示客户端和服务器发送的行。
For Ph a Hero is equivalent to a superuser or operator. Being in Hero mode means that some or all artificial limits are removed; full Heros may change any field in any entry in the database, as well as view as many entries as they wish. Heros can also be limited to one field of one other entry. Hero mode is used mostly for administrative purposes, delegation of group authority over selected fields, and is controlled by the acl field.
对于Ph来说,英雄相当于超级用户或操作员。处于英雄模式意味着部分或全部人为限制被移除;full Heros可以更改数据库中任何条目中的任何字段,也可以查看任意数量的条目。Heros也可以限制在另一个条目的一个字段中。英雄模式主要用于管理目的,将组权限委托给选定字段,并由acl字段控制。
Initially, the server host starts the Ph service by listening on TCP port 105. When a client host wishes to make use of the service, it establishes a TCP connection to the server host. The client and the Ph server then exchange commands and responses (respectively) until the connection is closed or aborted.
最初,服务器主机通过侦听TCP端口105来启动Ph服务。当客户机主机希望使用该服务时,它将与服务器主机建立TCP连接。然后,客户端和Ph服务器(分别)交换命令和响应,直到连接关闭或中止。
Commands in Ph consist of a keyword optionally followed by zero or more keywords or values, separated by spaces, tabs or newlines, and followed by a carriage return-linefeed (CRLF) pair. A more thorough description using BNF is given in Appendix C.
Ph中的命令包括一个关键字(可选)后跟零个或多个关键字或值,用空格、制表符或换行符分隔,后跟回车换行符(CRLF)对。附录C中给出了使用BNF的更详细说明。
Values containing spaces, tabs or newlines must be enclosed in double quotes ('"'). In addition the sequences "\n", "\t","\"" and "\\" may be used to mean newline, tab, double quote and backslash, respectively.
包含空格、制表符或换行符的值必须用双引号(“”)括起来。此外,序列“\n”、“t”、“\”和“\\”可分别用于表示换行符、制表符、双引号和反斜杠。
Keywords must be given in lower case; case in the values of fields is preserved, although queries are not case-sensitive.
关键词必须以小写形式给出;字段值中的大小写保留,但查询不区分大小写。
Responses consist of a result code followed by additional information possibly separated by entry index and/or field name and are terminated by a CRLF pair.
响应由结果代码和附加信息组成,可能由条目索引和/或字段名分隔,并由CRLF对终止。
result code:[entry index:][field name:]text
result code:[entry index:][field name:]text
Responses to some commands might be multi-lined. In these cases each line in the response, except the last, has the appropriate result code negated (prefaced with "-"). The last line then starts with the appropriate result code without negation. Each line must be terminated by a CRLF pair.
对某些命令的响应可能是多行的。在这些情况下,响应中的每一行(最后一行除外)都有相应的否定结果代码(以“-”号开头)。最后一行以适当的结果代码开始,不带否定。每条线路必须由CRLF对端接。
If a particular command can apply to more than one entry, then the multilined response must be so organized that all information pertaining to each entry is returned on consecutive lines, and that each of those lines must have one and the same entry index directly following the resultcode. The first entry index should be 1 and incremented each time a new entry is referred to.
如果一个特定命令可以应用于多个条目,那么多行响应的组织方式必须确保与每个条目相关的所有信息都在连续的行中返回,并且这些行中的每一行都必须在resultcode后面有一个相同的条目索引。第一个条目索引应为1,并在每次引用新条目时递增。
C: query hedberg return email name title
S: 102:There were 3 matches to your request.
S: -200:1: email: canheg95@student.umu.se
S: -200:1: name: Carl Johan Hedberg
S: -200:1: title: Student
S: -200:2: email: parheg95@student.umu.se
S: -200:2: name: Par Hedberg
S: -200:2: title: Student
S: -200:3: email: Roland.Hedberg@umdac.umu.se
S: -200:3: name: Roland Hedberg
S: -200:3: title: Boss of the Network group
S: 200:Ok
C: query hedberg return email name title
S: 102:There were 3 matches to your request.
S: -200:1: email: canheg95@student.umu.se
S: -200:1: name: Carl Johan Hedberg
S: -200:1: title: Student
S: -200:2: email: parheg95@student.umu.se
S: -200:2: name: Par Hedberg
S: -200:2: title: Student
S: -200:3: email: Roland.Hedberg@umdac.umu.se
S: -200:3: name: Roland Hedberg
S: -200:3: title: Boss of the Network group
S: 200:Ok
Commands that can apply to more than one field must have the name of the field to which the response applies directly following the entry index.
可以应用于多个字段的命令必须在条目索引后直接应用响应的字段名称。
The text of the response will be either an error message in human readable format, or data from the Nameserver. Whitespace (spaces or tabs) may appear anywhere in the response, but the field name and text columns if present must each begin with a whitespace character.
响应的文本将是人类可读格式的错误消息,或者是来自名称服务器的数据。空白(空格或制表符)可能出现在响应中的任何位置,但字段名和文本列(如果存在)必须以空白字符开头。
Since more than one specific piece of information may be manipulated by a particular command, it is possible for parts of a command to succeed, while other parts of the same command fail. This situation is handled as a single multi-line response with the result code changing as appropriate.
由于一个特定命令可以操纵多条特定信息,因此命令的某些部分可能会成功,而同一命令的其他部分可能会失败。这种情况作为单个多行响应处理,结果代码会根据需要进行更改。
As for FTP, the result codes are in the range 100-699 (or from -699 to -100 for multiline responses), where the leading digit has the following significance:
对于FTP,结果代码的范围为100-699(或多行响应的范围为-699到-100),其中前导数字具有以下意义:
1: In progress 2: Success 3: More information needed 4: Temporary failure; it may be worthwhile to try again. 5: Permanent failure 6: Phquery specific codes
1:进行中2:成功3:需要更多信息4:暂时失败;也许值得再试一次。5:永久性故障6:Phquery特定代码
Many commands generate more than one line of response; every client should be prepared to deal with such continued responses. Note that a command is finished when and only when the result code on a response line (treated as a signed integer) is greater than or equal to 200.
许多命令生成多行响应;每个客户都应该准备好应对这种持续的回应。请注意,当且仅当响应行上的结果代码(视为有符号整数)大于或等于200时,命令才会完成。
Clients should assume that any numeric response, within the above mentioned ranges, are valid. Also note that the server is allowed to send one or more lines with result codes between -199 - -100 (the leading "-" indicates a continuation line) and 100 - 199, as status information, before the actual results are transmitted.
客户应假设上述范围内的任何数字响应都是有效的。还请注意,在传输实际结果之前,允许服务器发送一行或多行,其中结果代码介于-199--100(前导“-”表示延续行)和100-199之间,作为状态信息。
Matching is not sensitive to upper or lower case letters and is normally done on a word-by-word basis. That is, both the query expression and the entry information is broken up into words, and individual words are compared using exact matching. If the order of the words is important in a query, then the query string can be surrounded by '"' (double quotes), whereby the complete search string is matched against the information in the Nameserver database.
匹配对大写或小写字母不敏感,通常是逐字进行的。也就是说,查询表达式和条目信息都被分解成单词,并使用精确匹配对单个单词进行比较。如果单词的顺序在查询中很重要,那么查询字符串可以用''(双引号)括起来,从而将完整的搜索字符串与Nameserver数据库中的信息进行匹配。
Word delimiters are the following characters: <SPACE>, <TAB>, <NEW-LINE>, ",", ";" and ":" . These characters are not indexed and should not be part of the search string.
单词分隔符是以下字符:<SPACE>、<TAB>、<NEW-LINE>、“、”、;“和”:。这些字符没有索引,不应成为搜索字符串的一部分。
However, special symbols, called "wildcard" characters, can be used if the exact spelling is unknown. The '*' (asterisk, 0x2A) is used in place of zero or more characters, '+' (plus, 0x2B) in place of one or more unknown characters, and '?' (question mark, 0x3F) can be used when exactly one character is unknown. If the unknown character can be one of a limited set this can be specified by surrounding the set with brackets, e.g., [ei] means that in that place an 'e' or an 'i' would match.
但是,如果确切拼写未知,则可以使用称为“通配符”的特殊符号。“*”(星号,0x2A)用于代替零个或多个字符,“+”(加上,0x2B)用于代替一个或多个未知字符,而“?”(问号,0x3F)可在只有一个未知字符时使用。如果未知字符可以是有限集合中的一个,则可以通过用括号括住集合来指定,例如,[ei]表示在该位置,一个“e”或一个“i”将匹配。
status
地位
Prints the message of the day and the current status of the nameserver.
打印当天的消息和名称服务器的当前状态。
C: status
S: 100:Qi server $Revision: 1.6 $
S: 100:Ph passwords may be obtained at CCSO Accounting,
S: 100:1420 Digital Computer Lab, between 8:30 and 5 Monday-Friday.
S: 100:Be sure to bring your U of I ID card.
S: 200:Database ready
C: status
S: 100:Qi server $Revision: 1.6 $
S: 100:Ph passwords may be obtained at CCSO Accounting,
S: 100:1420 Digital Computer Lab, between 8:30 and 5 Monday-Friday.
S: 100:Be sure to bring your U of I ID card.
S: 200:Database ready
siteinfo
网站信息
Returns information about the servers site. Possible fields are
返回有关服务器站点的信息。可能的字段是
Version Version information for the server. Maildomain The mail domain to use for phquery-type mail. Mailfield The field containing the specific email address. Mailbox Mandatory entry that names the field to use as maildrop. Administrator Guru in charge of service. Passwords Person in charge of ordinary password/change requests. Authenticate Authentication methods supported by the server, ordered in the site-preferred way. Presently the following options are defined:
服务器的版本信息。Maildomain用于phquery类型邮件的邮件域。Mailfield包含特定电子邮件地址的字段。邮箱必填项,用于命名要用作邮件投递的字段。负责服务的管理员专家。密码负责普通密码/更改请求的人员。验证服务器支持的身份验证方法,按站点首选方式排序。目前定义了以下选项:
1 attempt auto login 2 allowed to be interactive if needed 4 use ANSI X9.9 challenge/response 8 use v4 Kerberos login 16 use v5 Kerberos [KRB5] login 32 use GSS-API [GSS-API] login 64 use email login 128 password encrypted response to challenge 256 use clear-text password 512 use HMAC [HMAC] with SHA-1 of challenge string
1尝试自动登录2允许交互(如果需要)4使用ANSI X9.9质询/响应8使用v4 Kerberos登录16使用v5 Kerberos[KRB5]登录32使用GSS-API[GSS-API]登录64使用电子邮件登录128密码加密响应质询256使用明文密码512使用HMAC[HMAC]和质询字符串的SHA-1
Example
实例
C: siteinfo
S: -200:1:version:3.1
S: -200:2:maildomain:umu.se
S: -200:3:mailfield:alias
S: -200:4:mailbox:email
S: -200:5:administrator:roland.hedberg@umdac.umu.se
S: -200:6:passwords:roland.hedberg@umdac.umu.se
S: -200:7:authenticate:64:32:128
S: 200: Ok.
C: siteinfo
S: -200:1:version:3.1
S: -200:2:maildomain:umu.se
S: -200:3:mailfield:alias
S: -200:4:mailbox:email
S: -200:5:administrator:roland.hedberg@umdac.umu.se
S: -200:6:passwords:roland.hedberg@umdac.umu.se
S: -200:7:authenticate:64:32:128
S: 200: Ok.
The mail fields in the siteinfo command direct how address information stored in the Nameserver is to be used for delivering mail.
siteinfo命令中的邮件字段指示存储在名称服务器中的地址信息如何用于传递邮件。
The specific (username, host) pair to where a user's mail should be sent for final delivery is stored in the field named by {mailbox}. Phquery and like utilities will use this field.
在{mailbox}命名的字段中存储了用户邮件最终发送到的特定(用户名、主机)对。Phquery等实用程序将使用此字段。
To construct a useable email address from Nameserver information, the algorithm below is followed:
要根据名称服务器信息构造可用的电子邮件地址,请遵循以下算法:
if ({maildomain} is not null) then
address = (contents of {mailfield})@{maildomain}
else
address = (contents of {mailfield})
if ({maildomain} is not null) then
address = (contents of {mailfield})@{maildomain}
else
address = (contents of {mailfield})
Some existing client software will not format email addresses correctly if the value of {mailbox} is set to anything other than "email" when {maildomain} is non-empty.
如果{maildomain}为非空时{maildomain}的值设置为“email”以外的任何值,则某些现有客户端软件将无法正确格式化电子邮件地址。
If {mailbox} is set to anything other than {email}, {maildomain} must be reported empty by the siteinfo command. Also reformatting of each record's {mailfield} must be done by the server before reporting it to the client.
如果{mailbox}设置为{email}以外的任何值,则siteinfo命令必须将{maildomain}报告为空。在向客户机报告之前,服务器还必须重新格式化每个记录的{mailfield}。
fields [field ...]
字段[字段…]
Without an argument, a list of all available field descriptors should be delivered. Any space-separated argument(s) restricts the list to the named fields. Fields marked with the "LocalPub" keyword (section 1.1.1) should not be delivered outside of the local domain.
如果没有参数,则应提供所有可用字段描述符的列表。任何空格分隔的参数都将列表限制为命名字段。标有“LocalPub”关键字(第1.1.1节)的字段不应在本地域之外传递。
The output of the command consists of two lines describing each field. The first line defines the field in technical terms (max length and field attributes), while the second line is a brief description of what the field is intended to hold. The second number of each response is the field id number.
命令的输出由描述每个字段的两行组成。第一行用技术术语(最大长度和字段属性)定义字段,第二行简要说明字段的用途。每个响应的第二个数字是字段id号。
C: fields
S: -200:6:alias:max 32 Indexed Lookup Public Default
S: -200:6:alias:Unique name for user.
S: -200:3:name:max 64 Indexed Lookup Public Default
S: -200:3:name:Fullname
S: -200:2:email:max 128 Lookup Public Default
S: -200:2:email:Account to receive electronic mail.
S: -200:16:other:max 256 Lookup Public Default Change
S: -200:16:other:Other info the user finds important.
S: -200:33:home_phone:max 60 Lookup Public Change Turn
S: -200:33:home_phone:Home telephone number.
S: 200:Ok.
C: fields
S: -200:6:alias:max 32 Indexed Lookup Public Default
S: -200:6:alias:Unique name for user.
S: -200:3:name:max 64 Indexed Lookup Public Default
S: -200:3:name:Fullname
S: -200:2:email:max 128 Lookup Public Default
S: -200:2:email:Account to receive electronic mail.
S: -200:16:other:max 256 Lookup Public Default Change
S: -200:16:other:Other info the user finds important.
S: -200:33:home_phone:max 60 Lookup Public Change Turn
S: -200:33:home_phone:Home telephone number.
S: 200:Ok.
id information
身份信息
Enters the given information in the Nameserver's log. This command is used by the Ph client to enter the user id of the person running it.
在名称服务器的日志中输入给定信息。Ph客户端使用此命令输入运行该命令的人员的用户id。
set [option[=value] ...]
设置[选项[=值]…]
Sets the named option for this nameserver session to a value. The default string "on" is used if no value is supplied. Used without arguments it return the settable options and their current value. Some common options are
将此名称服务器会话的命名选项设置为值。如果未提供值,则使用默认字符串“on”。不带参数使用它返回可设置选项及其当前值。一些常见的选择是
echo If on, echo the client's commands back to the client. limit Changes that affect more than the specified number of entries results in an error. charset Return responses to the client in the character set specified. verbose If on, report interim progress messages to the client. addonly If on, change commands can only create fields in entries, not modify them. nolog If on, disable logging. external If on, make Fields marked as "LocalPub" invisible.
echo如果启用,则将客户端的命令回显到客户端。限制影响超过指定条目数的更改将导致错误。字符集以指定的字符集向客户端返回响应。详细如果启用,则向客户端报告临时进度消息。addonly如果启用,则change命令只能在条目中创建字段,而不能修改它们。nolog如果启用,则禁用日志记录。外部如果启用,则使标记为“LocalPub”的字段不可见。
Example
实例
C: set verbose=off
S: 200:Done.
C: set verbose=off
S: 200:Done.
C: set
S: -200:echo:off
S: -200:limit:2
S: -200:charset:iso-8859-1
S: -200:verbose:off
S: -200:addonly:off
S: -200:nolog:off
S: -200:external:on
S: 200:Done.
C: set
S: -200:echo:off
S: -200:limit:2
S: -200:charset:iso-8859-1
S: -200:verbose:off
S: -200:addonly:off
S: -200:nolog:off
S: -200:external:on
S: 200:Done.
login [alias]
登录名[别名]
The "login" command allows client users to identify themselves to the Nameserver. More specifically it identifies a client user with a particular entry in the Nameserver and allows them to change fields in that entry and possibly other entries. It is also necessary to be logged in to the Nameserver to view certain sensitive fields in the user's own entry.
“login”命令允许客户端用户向名称服务器标识自己。更具体地说,它使用名称服务器中的特定条目标识客户机用户,并允许他们更改该条目中的字段以及可能的其他条目。还需要登录到名称服务器以查看用户自己条目中的某些敏感字段。
In order to use the "login" command the client must prompt the user for their ph alias and password. The client is then responsible for (optionally) encrypting the password and sending it to the server. This will be covered in sections 3.6.3 (answer) and 3.6.4 (clear).
为了使用“login”命令,客户端必须提示用户输入其ph别名和密码。然后,客户机负责(可选)加密密码并将其发送到服务器。这将在第3.6.3节(答案)和第3.6.4节(明确)中介绍。
C: login foo
S: 301:,:P"_Y$ONU%"SDUQ6&^`ZZ'?*#Y`A_.Z/A>?@SH>*-
C: login foo
S: 301:,:P"_Y$ONU%"SDUQ6&^`ZZ'?*#Y`A_.Z/A>?@SH>*-
logout
注销
The "logout" command allows a user who is logged in to the Nameserver to logout.
“logout”命令允许登录到名称服务器的用户注销。
C: logout S: 200:Ok.
C:注销S:200:好的。
answer encrypted-response
应答加密响应
In response to the login command, the Nameserver responds with a random challenge string. The Nameserver client encrypts the challenge with the password supplied by the user, uuencodes the result into US-ASCII, and returns the printable result in the "answer" command:
作为对login命令的响应,Nameserver使用随机质询字符串进行响应。Nameserver客户端使用用户提供的密码加密质询,将结果编码为US-ASCII,并在“应答”命令中返回可打印的结果:
C: login ppomes
S: 301:.%$&.D^67$*1?<.2S@DR:Z@M*)AV-<:4QM>#R>M*HT
C: answer M5K'F:NI(a?M?O2+-a9`48RA#ZF=L9)G)/XRS7Q^0>0@-R7X$WGb`50B]
S: 200:ppomes:Hi how are you?
C: login ppomes
S: 301:.%$&.D^67$*1?<.2S@DR:Z@M*)AV-<:4QM>#R>M*HT
C: answer M5K'F:NI(a?M?O2+-a9`48RA#ZF=L9)G)/XRS7Q^0>0@-R7X$WGb`50B]
S: 200:ppomes:Hi how are you?
The encryption algorithm is based on a three rotor Enigma engine. There are known attacks on the security of this approach.
加密算法基于三转子Enigma发动机。已知存在对该方法安全性的攻击。
The answer command is also used to return method-specific responses to the xlogin command (section 3.6.6).
answer命令还用于将特定于方法的响应返回到xlogin命令(第3.6.6节)。
clear cleartext-password
明文密码
The "clear" command can be used instead of the "answer" command to complete a login sequence. It's argument is the user's cleartext password. This command is supplied only to support those clients that have not implemented one of the encryption engines used by the "answer" command. It's use is strongly discouraged.
可以使用“清除”命令代替“应答”命令来完成登录序列。它的参数是用户的明文密码。此命令仅用于支持尚未实现“应答”命令使用的加密引擎之一的客户端。强烈反对使用它。
C: login ppomes
S: 301:E=@Y&VW^_9YVI;D5.[EB0:B)9Z#_&X$:2)/eL$VJC87
C: clear MySecret
S: 200:ppomes:Hi how are you?
C: login ppomes
S: 301:E=@Y&VW^_9YVI;D5.[EB0:B)9Z#_&X$:2)/eL$VJC87
C: clear MySecret
S: 200:ppomes:Hi how are you?
email local-userid
电子邮件本地用户ID
The "email" command can also be used instead of the "answer" command to complete a login sequence. The value of local-userid is the user's login name on the local machine. If all of the following conditions are true, then the email command will be accepted by the server:
也可以使用“email”命令代替“answer”命令来完成登录序列。本地userid的值是用户在本地计算机上的登录名。如果以下所有条件均为真,则服务器将接受电子邮件命令:
1) The connection to the server originates on port 1023 or less on the client. Note: This is a system port. Port 1023 is not allocated to this use.
1) 与服务器的连接源自客户端上的端口1023或更少。注意:这是一个系统端口。端口1023未分配给此用途。
2) The canonical name of the client's host matches the right-hand side of the email address of the requested alias specified in the "login" command.
2) 客户端主机的规范名称与“login”命令中指定的请求别名的电子邮件地址的右侧匹配。
3) The "local-userid" matches the left-hand side of the email address belonging to the requested alias.
3) “本地用户ID”与属于请求别名的电子邮件地址的左侧匹配。
This is a weak but convenient form of authentication. Depending on the information users are allowed to change about themselves and the threat environment the server operates in, this method may be appropriate. Servers should take care to avoid DNS spoofing.
这是一种弱但方便的身份验证形式。根据允许用户更改自己的信息以及服务器运行时所处的威胁环境,此方法可能是合适的。服务器应注意避免DNS欺骗。
xlogin option alias
xlogin选项别名
Extended login command for GSS, Kerberos v4 and v5, ANSI X9.9 token devices (e.g., SNK/4), etc. The option is one of the values returned in the Authenticate field of the "siteinfo" command (section 3.2). Alias is the user's alias.
GSS、Kerberos v4和v5、ANSI X9.9令牌设备(例如SNK/4)等的扩展登录命令。该选项是“siteinfo”命令(第3.2节)的Authenticate字段中返回的值之一。Alias是用户的别名。
C: xlogin 16 ppomes
S: 301:DoKrbLogin started; send Kerberos mutual authenticator.
C: answer MJa8QO1cJHYz2IdWyg7uhAnixVqgCZQBWr64ciXYku1ktdu....
S: 200:ppomes:Hi how are you?
C: xlogin 16 ppomes
S: 301:DoKrbLogin started; send Kerberos mutual authenticator.
C: answer MJa8QO1cJHYz2IdWyg7uhAnixVqgCZQBWr64ciXYku1ktdu....
S: 200:ppomes:Hi how are you?
C: xlogin 4 ppomes
S: 302:SNK Challenge "024142":
C: answer 82344338
S: 200:ppomes:Hi how are you?
C: xlogin 4 ppomes
S: 302:SNK Challenge "024142":
C: answer 82344338
S: 200:ppomes:Hi how are you?
The answer command returns the requested quantity, Kerberos authenticator, X9.9 device response, etc. Binary quantities are first uuencoded into US-ASCII.
应答命令返回请求的数量、Kerberos验证器、X9.9设备响应等。二进制数量首先被编码为US-ASCII。
add field=value...
添加字段=值。。。
This command is used to add new entries to the database. You must be logged in and have full Hero privileges (section 1.4) to use "add".
此命令用于向数据库中添加新条目。您必须登录并拥有完整的英雄权限(第1.4节)才能使用“添加”。
C: add name="doe john" id="123456789" alias="j-doe"
S: 200:Ok.
C: add name="doe john" id="123456789" alias="j-doe"
S: 200:Ok.
query [field=]value [field=value] . . . [return field1 [field2]]
查询[field=]值[field=value]。[返回字段1[field2]]
If no field is specified together with a value then the field is assumed to be "name" and/or "nickname". When more than one field-value specification are given in a query, entries matching all specifications are returned (implicit AND).
如果没有字段与值一起指定,则假定该字段为“名称”和/或“昵称”。当查询中给出多个字段值规范时,将返回与所有规范匹配的条目(隐式和)。
It is possible to define which fields should be returned by adding a "return" clause. If no return clause is defined the Ph server will return a default list of fields. Typical default fields are "alias", "name", "title", "email", "phone", "address", "department", "www", and "other". A return clause consists of the word "return" followed by a list of fields or the word "all". If the word "all" is used then all viewable fields will be returned.
可以通过添加“return”子句来定义应该返回哪些字段。如果未定义return子句,Ph服务器将返回字段的默认列表。典型的默认字段是“别名”、“姓名”、“标题”、“电子邮件”、“电话”、“地址”、“部门”、“www”和“其他”。return子句由单词“return”和字段列表或单词“all”组成。如果使用“全部”一词,则将返回所有可查看的字段。
C: query name=doe name=john
S: 102:There was 1 match to your request.
S: -200:1: alias: j-doe
S: -200:1: name: doe john
S: 200:Ok.
C: query name=doe name=john
S: 102:There was 1 match to your request.
S: -200:1: alias: j-doe
S: -200:1: name: doe john
S: 200:Ok.
delete [field=]value...
删除[字段=]值。。。
This command is used to delete entire entries from the database. You must be logged in and have full Hero (section 1.4) privileges to use "delete".
此命令用于从数据库中删除整个条目。您必须登录并具有完整的英雄(第1.4节)权限才能使用“删除”。
The arguments to the "delete" command are the same as the selection part of a "query" command. "Delete" finds all the entries that match the argument(s) and deletes them.
“delete”命令的参数与“query”命令的选择部分相同。“删除”查找与参数匹配的所有条目并将其删除。
The "delete" command obeys the Nameserver "limit" option, which can be used to prevent deletion of more entries than intended.
“delete”命令遵循Nameserver的“limit”选项,该选项可用于防止删除超过预期数量的条目。
C: delete name="doe john" id="123456789" alias="j-doe"
S: 200:1 entries deleted.
C: delete name="doe john" id="123456789" alias="j-doe"
S: 200:1 entries deleted.
change [field=]value [make|force] field="value"...
更改[field=]值[make | force]field=“value”。。。
This command is used to change one or more fields in one or more entries to the values specified. The "change" command consists of two clauses, the "change" clause and the "make" or "force" clause.
此命令用于将一个或多个条目中的一个或多个字段更改为指定的值。“更改”命令由两个子句组成,“更改”子句和“生成”或“强制”子句。
The "change" clause determines which entries will be affected by the command. It uses the same arguments as the selection clause of a "query" command. The "make" or "force" clause specifies which field(s) will be changed and the new value(s) of the specified field(s). The "force" clause is only used to make non-encrypted changes to fields marked "Encrypt".
“change”子句确定哪些条目将受命令影响。它使用与“query”命令的selection子句相同的参数。“make”或“force”子句指定要更改的字段以及指定字段的新值。“force”子句仅用于对标记为“Encrypt”的字段进行非加密更改。
You must be logged in to use "change".
您必须登录才能使用“更改”。
The "change" command obeys the Nameserver "limit" option, which can be used to prevent changing the field contents of more entries than intended.
“change”命令遵循Nameserver的“limit”选项,该选项可用于防止更改超出预期数量的条目的字段内容。
C: change alias=j-doe force password=NewSecret
S: 200:1 entry changed.
C: change alias=j-doe force password=NewSecret
S: 200:1 entry changed.
C: set limit=500
S: 200:Done.
C: change fax="(619) 555-1212" make fax="(760) 555-1212"
S: 200: 113 entries changed.
C: set limit=500
S: 200:Done.
C: change fax="(619) 555-1212" make fax="(760) 555-1212"
S: 200: 113 entries changed.
help [{native|client} [topic ...]]
帮助[{native | client}[主题…]]
Prints help on the Nameserver or on specific clients. If client is specified, it should be a valid Nameserver client identifier, such as "ph". The client-specific help will first be searched for topic, and then the native help will be searched. If topic is omitted, a list of all available help texts will be returned. If "native" or client are also omitted, a list of clients will be returned.
在名称服务器或特定客户端上打印帮助。如果指定了客户端,则它应该是有效的名称服务器客户端标识符,如“ph”。将首先搜索特定于客户端的帮助以查找主题,然后搜索本机帮助。如果省略主题,将返回所有可用帮助文本的列表。如果还省略了“native”或client,则将返回一个客户端列表。
C: help native 101 -200:1:101: -200:1: The Nameserver echo option is set. The text of this response is -200:1: the command you just gave, which has not (yet) been executed. 200:Ok.
C:help native 101-200:1:101:-200:1:已设置名称服务器回显选项。此响应的文本是-200:1:您刚刚发出的命令,尚未执行。200:好的。
quit
退出
Terminates the session with the Nameserver and causes the client to exit.
终止与名称服务器的会话并导致客户端退出。
C: quit
S: 200:Bye!
C: quit
S: 200:Bye!
In the absence of encryption between client and server, all Nameserver traffic is unsecure. Kerberos v4, v5, and the GSS-API all provide encryption mechanisms, however the Nameserver protocol does not support the means to negotiate encryption between client and server. This implies that all traffic can be seen by other machines having access to the network linking the client and server. Furthermore clear-text traffic is subject to modification in transit between client and server. Possible ways of augmenting this would be to use something like TLS [TLS] or IPSec [IPSEC].
在客户端和服务器之间没有加密的情况下,所有名称服务器通信都是不安全的。Kerberos v4、v5和GSS-API都提供加密机制,但是名称服务器协议不支持在客户端和服务器之间协商加密的方法。这意味着所有通信量都可以被其他能够访问连接客户端和服务器的网络的机器看到。此外,在客户端和服务器之间的传输过程中,明文通信量会受到修改。可能的增强方法是使用TLS[TLS]或IPSec[IPSec]之类的东西。
Unless one of the mutual authentication mechanisms is used, e.g., Kerberos 4/5 or GSS-API, there is no way to prove the identity of a server. Further, there is no mechanism to prove a given server is authoritative for a set of information.
除非使用其中一种相互身份验证机制,例如Kerberos 4/5或GSS-API,否则无法证明服务器的身份。此外,没有任何机制可以证明给定服务器对一组信息具有权威性。
The Ph protocol allows the negotiation of several authentication protocols between client and server, some weak and some strong. It does not prohibit the use of cleartext passwords, something which should be depreciated, but is useful when dealing with some clients.
Ph协议允许在客户端和服务器之间协商几种身份验证协议,有些弱,有些强。它并不禁止使用明文密码,这应该被贬低,但在处理一些客户时是有用的。
Directory services like the CCSO white pages server that contain information on persons have to consider privacy issues. This paper describes one way of partitioning specific attributes from unwanted access by designating them visible only to the "local" community, visible only to the person connected with the information, or visible only to the database administrator.
目录服务,如CCSO白页服务器,包含关于人的信息,必须考虑隐私问题。本文描述了一种将特定属性从不需要的访问中划分出来的方法,方法是将它们指定为仅对“本地”社区可见、仅对与信息相关的人员可见或仅对数据库管理员可见。
[GSS-API] Linn, J., "Generic Security Service Application Program Interface, Version 2", RFC 2078, January 1997.
[GSS-API]Linn,J.,“通用安全服务应用程序接口,第2版”,RFC 2078,1997年1月。
[HMAC] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997.
[HMAC]Krawczyk,H.,Bellare,M.,和R.Canetti,“HMAC:用于消息身份验证的键控哈希”,RFC 2104,1997年2月。
[IPSEC] Atkinson, R., "Security Architecture for the Internet Protocol", RFC 1825, August 1995.
[IPSEC]Atkinson,R.,“互联网协议的安全架构”,RFC 18251995年8月。
[KRB5] Kohl, J., and C. Neuman, "The Kerberos Network Authentication Service (V5)", RFC 1510, September 1993.
[KRB5]Kohl,J.和C.Neuman,“Kerberos网络身份验证服务(V5)”,RFC15101993年9月。
[TLS] Dierks, T., and C. Allen, "The TLS Protocol, Version 1.0", Work in Progress.
[TLS]Dierks,T.和C.Allen,“TLS协议,版本1.0”,正在进行中。
[MIME] Freed, N., and N. Borenstein, "Multipurpose Internet Mail Extensions, (MIME) Part One: Format of Internet Message Bodies", RFC 2045, November 1996.
[MIME]Freed,N.和N.Borenstein,“多用途互联网邮件扩展(MIME)第一部分:互联网邮件正文格式”,RFC 20451996年11月。
Roland Hedberg Umdac Umea University 901 87 Umea Sweden
Roland Hedberg Umdac Umea大学901 87 Umea瑞典
EMail: Roland.Hedberg@umdac.umu.se
EMail: Roland.Hedberg@umdac.umu.se
Paul Pomes Qualcomm Inc 6455 Lusk Blvd San Diego, CA USA
Paul Pomes高通公司美国加利福尼亚州圣地亚哥路斯克大道6455号
EMail: ppomes@qualcomm.com
EMail: ppomes@qualcomm.com
Default fields and suggested lengths connected to different object types.
连接到不同对象类型的默认字段和建议长度。
All entries: Information common to all entries type 64 name 256 address 128 proxy 32 password 32
所有条目:所有条目共有的信息键入64名称256地址128代理32密码32
type=phone: Information found in a phonebook phone 64 fax 64
type=电话:在电话簿电话64传真64中找到的信息
type=person: Information about a human being alias 32 forename 64 surname 64 group 32 email 128 public_key 4096 nickname 128 www 256 acl 128
type=person:关于人的信息别名32姓名64姓氏64组32电子邮件128公钥4096昵称128 www 256 acl 128
type=staff: Information about an employee empno 16 department 64 supervisor 64 secretary 64 office_location 128 office_address 128 office_phone 64 title 64 pager 64 hours 128
类型=员工:关于员工的信息empno 16部门64主管64秘书64办公室位置128办公室地址128办公室电话64头衔64寻呼机64小时128
type=unit: Information about an organizational unit email 128 www 256 public_key 4096
类型=单位:有关组织单位的信息电子邮件128 www 256 public_key 4096
Result codes
结果代码
100 In progress (general). 101 Echo of current command. 102 Count of number of matches to query. 103 No hostname found for IP address. 200 Success (general). 201 Database ready, but read-only. 300 More information (general). 301 Encrypt this string. 302 Print this prompt. 400 Temporary error (general). 401 Internal database error. 402 Lock not obtained within timeout period. 403 Login would have been OK, but database read-only 475 Database unavailable; try later. 500 Permanent error (general). 501 No matches to query. 502 Too many matches to query. 503 Not authorized for requested information. 504 Not authorized for requested search criteria. 505 Not authorized to change requested field. 506 Request refused; must be logged in to execute. 507 Field does not exist. 508 Field is not present in requested entry. 509 Alias already in use. 510 Not authorized to change this entry. 511 Not authorized to add entries. 512 Illegal value. 513 Unknown option. 514 Unknown command. 515 No indexed field in query. 516 No authorization for request. 517 Operation failed because database is read-only. 518 To many entries selected by change command. 520 CPU usage limit exceeded. 521 Change command would have overridden existing field, and the "addonly" option is on. 522 Attempt to view "Encrypted" field. 523 Expecting "answer" or "clear". 524 Names of help topics may not contain "/". 525 Email authentication failed 526 Host name address not found in DNS 527 Reverse DNS lookup does not match forward DNS lookup 528 General Kerberos database error. 529 Selected authentication method not available
100正在进行中(一般)。101当前命令的回声。102要查询的匹配数的计数。103找不到IP地址的主机名。200成功(一般)。201数据库就绪,但为只读。300更多信息(概述)。301加密此字符串。302打印此提示。400临时错误(一般)。401内部数据库错误。402超时期间未获得锁。403登录本可以,但数据库只读475数据库不可用;稍后再试。500永久性错误(一般)。501没有要查询的匹配项。502要查询的匹配项太多。503未授权提供所需信息。504未授权用于请求的搜索条件。505未授权更改请求的字段。506个请求被拒绝;必须登录才能执行。507字段不存在。请求的条目中不存在508字段。509别名已在使用中。510无权更改此条目。511未授权添加条目。512非法值。513未知选项。514未知命令。515查询中没有索引字段。516没有请求的授权。517操作失败,因为数据库是只读的。518更改命令选择的多个条目。超过520 CPU使用限制。521更改命令将覆盖现有字段,并且“addonly”选项处于启用状态。522尝试查看“加密”字段。523期望“回答”或“清楚”。524帮助主题的名称不能包含“/”。525电子邮件身份验证失败526在DNS 527中找不到主机名地址反向DNS查找与正向DNS查找不匹配528常规Kerberos数据库错误。529选定的身份验证方法不可用
590 Remote queries not allowed. 598 Command unknown. 599 Syntax error. 600 Ambiguous or multiple match
590不允许远程查询。598命令未知。599语法错误。600不明确或多重匹配
Appendix C
附录C
Description of the client command language using the augmented Backus-Naur Form (RFC822).
使用扩展的Backus Naur表单(RFC822)描述客户机命令语言。
response = code [index] [field] text CRLF
响应=代码[索引][字段]文本CRLF
code = [-] LDIG 2DIGIT ":"
index = number ":"
field = 1*SPACE attribute ":" 1*SPACE
text = 1*( CHAR / LWSP-char )
code = [-] LDIG 2DIGIT ":"
index = number ":"
field = 1*SPACE attribute ":" 1*SPACE
text = 1*( CHAR / LWSP-char )
command = ph-command CRLF
command = ph-command CRLF
ph-command = "status" / a-command / oa-command
ph-command =/ av-command / answer-command / query-command
ph-command =/ delete-command / change-command / "help" / quit-command
ph-command = "status" / a-command / oa-command
ph-command =/ av-command / answer-command / query-command
ph-command =/ delete-command / change-command / "help" / quit-command
a-command = ("siteinfo"/"fields"/"id"/"login"/"help"/"email"/
"clear") [attribute]
oa-command = ("xlogin") number attribute
av-command = ("set"/"add"/"make") 1*attribute-value
answer-command = ("answer") 1*printable
query-command = ("query"/"ph") 1*selection ["return" 1*attribute]
quit-command = "quit" / "exit" / "stop"
change-command = "change" 1*selection make 1*attribute-value
delete-command = "delete" selection
a-command = ("siteinfo"/"fields"/"id"/"login"/"help"/"email"/
"clear") [attribute]
oa-command = ("xlogin") number attribute
av-command = ("set"/"add"/"make") 1*attribute-value
answer-command = ("answer") 1*printable
query-command = ("query"/"ph") 1*selection ["return" 1*attribute]
quit-command = "quit" / "exit" / "stop"
change-command = "change" 1*selection make 1*attribute-value
delete-command = "delete" selection
selection = value / attribute-value
selection = value / attribute-value
attribute-value = attribute "=" value
属性值=属性“=”值
value = 1*(cstring / quoted-string / set)
value = 1*(cstring / quoted-string / set)
cstring = 1*( ALPHA / DIGIT / S_SPEC / set / quoted-pair )
attribute = 1*( ALPHA / DIGIT / "_" / "-" )
number = 1*(DIGIT)
cstring = 1*( ALPHA / DIGIT / S_SPEC / set / quoted-pair )
attribute = 1*( ALPHA / DIGIT / "_" / "-" )
number = 1*(DIGIT)
quoted-string = <"> 1*(qtext/quoted-pair) <">
quoted-string = <"> 1*(qtext/quoted-pair) <">
quoted-pair = "\" CHAR
qtext = 1*( CHAR / CR / SPEC1 / DELIMIT1 / DELIMIT2 / LWS )
set = '[' 1*(ALPHA/DIGIT) ']'
quoted-pair = "\" CHAR
qtext = 1*( CHAR / CR / SPEC1 / DELIMIT1 / DELIMIT2 / LWS )
set = '[' 1*(ALPHA/DIGIT) ']'
LWSP-char = SPACE / HTAB
LWS = 1*([CRLF] (LWSP-char))
CRLF = CR LF
LWSP-char = SPACE / HTAB
LWS = 1*([CRLF] (LWSP-char))
CRLF = CR LF
S_SPEC = '*'/'+'/'?'
SPEC1 = "=" / "*" / "?" / "+" / "[" / "]"
SPEC2 = "\" / """
DELIMIT1 = SPACE / HTAB / LF
DELIMIT2 = "," / ";" / ":"
PRINTABLE = %d32..%d126
CTL = %d0..%d31 / %d127..%d160
ALPHA = %d65..%d90 / %d97..%d122
DIGIT = %d48..%d57
LDIG = %d49..%d54
SPACE = %d32
SEP = (CR LF) / LF
CR = %d13
LF = %d10
HTAB = %d9
CHAR = %d33..%d126 / %d160..%d255
OTHER = "(" / ")" / "-" / "." / "/"
"@" / "$" / "_" / "!" / "~" /
"'" / "#" / "&" / "<" / ">" /
"^" / "`" / "{" / "|" / "}"
S_SPEC = '*'/'+'/'?'
SPEC1 = "=" / "*" / "?" / "+" / "[" / "]"
SPEC2 = "\" / """
DELIMIT1 = SPACE / HTAB / LF
DELIMIT2 = "," / ";" / ":"
PRINTABLE = %d32..%d126
CTL = %d0..%d31 / %d127..%d160
ALPHA = %d65..%d90 / %d97..%d122
DIGIT = %d48..%d57
LDIG = %d49..%d54
SPACE = %d32
SEP = (CR LF) / LF
CR = %d13
LF = %d10
HTAB = %d9
CHAR = %d33..%d126 / %d160..%d255
OTHER = "(" / ")" / "-" / "." / "/"
"@" / "$" / "_" / "!" / "~" /
"'" / "#" / "&" / "<" / ">" /
"^" / "`" / "{" / "|" / "}"
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。