Network Working Group P. Karn
Request for Comments: 2523 Qualcomm
Category: Experimental W. Simpson
DayDreamer
March 1999
Network Working Group P. Karn
Request for Comments: 2523 Qualcomm
Category: Experimental W. Simpson
DayDreamer
March 1999
Photuris: Extended Schemes and Attributes
Photuris:扩展方案和属性
Status of this Memo
本备忘录的状况
This document defines an Experimental Protocol for the Internet community. It does not specify an Internet standard of any kind. Discussion and suggestions for improvement are requested. Distribution of this memo is unlimited.
本文档为互联网社区定义了一个实验协议。它没有规定任何类型的互联网标准。要求进行讨论并提出改进建议。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1999). Copyright (C) Philip Karn and William Allen Simpson (1994-1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有(C)Philip Karn和William Allen Simpson(1994-1999)。版权所有。
Abstract
摘要
Photuris is a session-key management protocol. Extensible Exchange-Schemes are provided to enable future implementation changes without affecting the basic protocol.
Photuris是一种会话密钥管理协议。提供了可扩展的交换方案,以便在不影响基本协议的情况下支持将来的实现更改。
Additional authentication attributes are included for use with the IP Authentication Header (AH) or the IP Encapsulating Security Protocol (ESP).
还包括其他身份验证属性,用于IP身份验证标头(AH)或IP封装安全协议(ESP)。
Additional confidentiality attributes are included for use with ESP.
附加的保密属性包括在ESP中使用。
Table of Contents
目录
1. Additional Exchange-Schemes ........................... 1
1. Additional Exchange-Schemes ........................... 1
2. Additional Key-Generation-Function .................... 5
2.1 SHA1 Hash ....................................... 5
2. Additional Key-Generation-Function .................... 5
2.1 SHA1 Hash ....................................... 5
3. Additional Privacy-Methods ............................ 5
3.1 DES-CBC over Mask ............................... 5
3.2 DES-EDE3-CBC over Mask .......................... 6
3. Additional Privacy-Methods ............................ 5
3.1 DES-CBC over Mask ............................... 5
3.2 DES-EDE3-CBC over Mask .......................... 6
4. Additional Validity-Method ............................ 6
4.1 SHA1-IPMAC Check ................................ 6
4. Additional Validity-Method ............................ 6
4.1 SHA1-IPMAC Check ................................ 6
5. Additional Attributes ................................. 7
5.1 SHA1-IPMAC ...................................... 7
5.1.1 Symmetric Identification ........................ 8
5.1.2 Authentication .................................. 9
5.2 RIPEMD-160-IPMAC ................................ 9
5.2.1 Symmetric Identification ........................ 10
5.2.2 Authentication .................................. 11
5.3 DES-CBC ......................................... 11
5.4 Invert (Decryption/Encryption) .................. 12
5.5 XOR Whitening ................................... 13
5. Additional Attributes ................................. 7
5.1 SHA1-IPMAC ...................................... 7
5.1.1 Symmetric Identification ........................ 8
5.1.2 Authentication .................................. 9
5.2 RIPEMD-160-IPMAC ................................ 9
5.2.1 Symmetric Identification ........................ 10
5.2.2 Authentication .................................. 11
5.3 DES-CBC ......................................... 11
5.4 Invert (Decryption/Encryption) .................. 12
5.5 XOR Whitening ................................... 13
APPENDICES ................................................... 15
APPENDICES ................................................... 15
A. Exchange-Scheme Selection ............................. 15
A.1 Responder ....................................... 15
A.2 Initiator ....................................... 15
A. Exchange-Scheme Selection ............................. 15
A.1 Responder ....................................... 15
A.2 Initiator ....................................... 15
SECURITY CONSIDERATIONS ...................................... 16
SECURITY CONSIDERATIONS ...................................... 16
ACKNOWLEDGEMENTS ............................................. 16
ACKNOWLEDGEMENTS ............................................. 16
REFERENCES ................................................... 17
REFERENCES ................................................... 17
CONTACTS ..................................................... 18
CONTACTS ..................................................... 18
COPYRIGHT .................................................... 19
COPYRIGHT .................................................... 19
The packet format and basic facilities are already defined for Photuris [RFC-2522].
已经为Photuris[RFC-2522]定义了数据包格式和基本设施。
These optional Exchange-Schemes are specified separately, and no single implementation is expected to support all of them.
这些可选的交换方案是单独指定的,不希望单个实现支持所有这些方案。
This document defines the following values:
本文件定义了以下值:
(3) Implementation Optional. Any modulus (p) with a recommended generator (g) of 3. When the Exchange-Scheme Size is non-zero, the modulus is contained in the Exchange-Scheme Value field in the list of Offered-Schemes.
(3) 实现是可选的。任何模数(p),推荐的发电机(g)为3。当交换方案大小为非零时,模数包含在所提供方案列表中的交换方案值字段中。
An Exchange-Scheme Size of zero is invalid.
交换方案大小为零无效。
Key-Generation-Function "MD5 Hash" Privacy-Method "Simple Masking" Validity-Method "MD5-IPMAC Check"
密钥生成函数“MD5哈希”隐私方法“简单屏蔽”有效性方法“MD5-IPMAC检查”
This combination of features requires a modulus with at least 64-bits of cryptographic strength.
这种特性的组合需要具有至少64位加密强度的模。
(4) Implementation Optional. Any modulus (p) with a recommended generator (g) of 2. When the Exchange-Scheme Size is non-zero, the modulus is contained in the Exchange-Scheme Value field in the list of Offered-Schemes.
(4) 实现是可选的。任何模数(p),推荐的发电机(g)为2。当交换方案大小为非零时,模数包含在所提供方案列表中的交换方案值字段中。
When the Exchange-Scheme Size field is zero, includes by reference all of the moduli specified in the list of Offered-Schemes for Scheme #2.
当“交换方案大小”字段为零时,通过引用包括方案#2提供的方案列表中指定的所有模。
Key-Generation-Function "MD5 Hash" Privacy-Method "DES-CBC over Mask" Validity-Method "MD5-IPMAC Check"
密钥生成函数“MD5哈希”隐私方法“DES-CBC覆盖掩码”有效性方法“MD5-IPMAC检查”
This combination of features requires a modulus with at least 64-bits of cryptographic strength.
这种特性的组合需要具有至少64位加密强度的模。
(5) Implementation Optional. Any modulus (p) with a recommended generator (g) of 5. When the Exchange-Scheme Size is non-zero, the modulus is contained in the Exchange-Scheme Value field in the list of Offered-Schemes.
(5) 实现是可选的。任何模数(p),推荐的发电机(g)为5。当交换方案大小为非零时,模数包含在所提供方案列表中的交换方案值字段中。
An Exchange-Scheme Size of zero is invalid.
交换方案大小为零无效。
Key-Generation-Function "MD5 Hash" Privacy-Method "Simple Masking" Validity-Method "MD5-IPMAC Check"
密钥生成函数“MD5哈希”隐私方法“简单屏蔽”有效性方法“MD5-IPMAC检查”
This combination of features requires a modulus with at least 64-bits of cryptographic strength.
这种特性的组合需要具有至少64位加密强度的模。
(6) Implementation Optional. Any modulus (p) with a recommended generator (g) of 3. When the Exchange-Scheme Size is non-zero, the modulus is contained in the Exchange-Scheme Value field in the list of Offered-Schemes.
(6) 实现是可选的。任何模数(p),推荐的发电机(g)为3。当交换方案大小为非零时,模数包含在所提供方案列表中的交换方案值字段中。
When the Exchange-Scheme Size field is zero, includes by reference all of the moduli specified in the list of Offered-Schemes for Scheme #3.
当“交换方案大小”字段为零时,通过引用包括方案#3提供的方案列表中指定的所有模。
Key-Generation-Function "MD5 Hash" Privacy-Method "DES-CBC over Mask" Validity-Method "MD5-IPMAC Check"
密钥生成函数“MD5哈希”隐私方法“DES-CBC覆盖掩码”有效性方法“MD5-IPMAC检查”
This combination of features requires a modulus with at least 64-bits of cryptographic strength.
这种特性的组合需要具有至少64位加密强度的模。
(7) Implementation Optional. Any modulus (p) with a variable generator (g). When the Exchange-Scheme Size is non-zero, the pair [g,p] is contained in the Exchange-Scheme Value field in the list of Offered-Schemes. Each is encoded in a separate Variable Precision Integer (VPI). The generator VPI is followed by (concatenated to) the modulus VPI, and the result is nested inside the Exchange-Scheme Value field.
(7) 实现是可选的。具有可变生成器(g)的任意模量(p)。当交换方案大小非零时,对[g,p]包含在所提供方案列表中的交换方案值字段中。每个都编码在一个单独的可变精度整数(VPI)中。生成器VPI后跟(连接到)模数VPI,结果嵌套在交换方案值字段中。
An Exchange-Scheme Size of zero is invalid.
交换方案大小为零无效。
Key-Generation-Function "MD5 Hash" Privacy-Method "Simple Masking" Validity-Method "MD5-IPMAC Check"
密钥生成函数“MD5哈希”隐私方法“简单屏蔽”有效性方法“MD5-IPMAC检查”
This combination of features requires a modulus with at least 64-bits of cryptographic strength.
这种特性的组合需要具有至少64位加密强度的模。
When more than one modulus is specified for a given kind of Scheme, the Size of the modulus MUST be unique, independent of the Size of the generator.
当为给定类型的方案指定多个模数时,模数的大小必须是唯一的,与生成器的大小无关。
(8) Implementation Optional. Any modulus (p) with a recommended generator (g) of 2. When the Exchange-Scheme Size is non-zero, the modulus is contained in the Exchange-Scheme Value field in
(8) 实现是可选的。任何模数(p),推荐的发电机(g)为2。当交换方案大小非零时,模数包含在中的交换方案值字段中
the list of Offered-Schemes.
提供的计划列表。
When the Exchange-Scheme Size field is zero, includes by reference all of the moduli specified in the list of Offered-Schemes for Schemes #2 and #4.
当交换方案大小字段为零时,通过引用包括方案2和方案4的提供方案列表中指定的所有模。
Key-Generation-Function "SHA1 Hash" Privacy-Method "DES-EDE3-CBC over Mask" Validity-Method "SHA1-IPMAC Check"
密钥生成函数“SHA1哈希”隐私方法“DES-EDE3-CBC覆盖掩码”有效性方法“SHA1-IPMAC检查”
This combination of features requires a modulus with at least 112-bits of cryptographic strength.
这种特征的组合需要具有至少112位密码强度的模。
(10) Implementation Optional. Any modulus (p) with a recommended generator (g) of 5. When the Exchange-Scheme Size is non-zero, the modulus is contained in the Exchange-Scheme Value field in the list of Offered-Schemes.
(10) 实现是可选的。任何模数(p),推荐的发电机(g)为5。当交换方案大小为非零时,模数包含在所提供方案列表中的交换方案值字段中。
When the Exchange-Scheme Size field is zero, includes by reference all of the moduli specified in the list of Offered-Schemes for Scheme #5.
当“交换方案大小”字段为零时,通过引用包括方案#5提供的方案列表中指定的所有模。
Key-Generation-Function "MD5 Hash" Privacy-Method "DES-CBC over Mask" Validity-Method "MD5-IPMAC Check"
密钥生成函数“MD5哈希”隐私方法“DES-CBC覆盖掩码”有效性方法“MD5-IPMAC检查”
This combination of features requires a modulus with at least 64-bits of cryptographic strength.
这种特性的组合需要具有至少64位加密强度的模。
(12) Implementation Optional. Any modulus (p) with a recommended generator (g) of 3. When the Exchange-Scheme Size is non-zero, the modulus is contained in the Exchange-Scheme Value field in the list of Offered-Schemes.
(12) 实现是可选的。任何模数(p),推荐的发电机(g)为3。当交换方案大小为非零时,模数包含在所提供方案列表中的交换方案值字段中。
When the Exchange-Scheme Size field is zero, includes by reference all of the moduli specified in the list of Offered-Schemes for Schemes #3 and #6.
当交换方案大小字段为零时,通过引用包括方案3和方案6的提供方案列表中指定的所有模。
Key-Generation-Function "SHA1 Hash" Privacy-Method "DES-EDE3-CBC over Mask" Validity-Method "SHA1-IPMAC Check"
密钥生成函数“SHA1哈希”隐私方法“DES-EDE3-CBC覆盖掩码”有效性方法“SHA1-IPMAC检查”
This combination of features requires a modulus with at least 112-bits of cryptographic strength.
这种特征的组合需要具有至少112位密码强度的模。
(14) Implementation Optional. Any modulus (p) with a variable generator (g). When the Exchange-Scheme Size is non-zero, the pair [g,p] is contained in the Exchange-Scheme Value field in
(14) 实现是可选的。具有可变生成器(g)的任意模量(p)。当交换方案大小非零时,对[g,p]包含在中的交换方案值字段中
the list of Offered-Schemes. Each is encoded in a separate Variable Precision Integer (VPI). The generator VPI is followed by (concatenated to) the modulus VPI, and the result is nested inside the Exchange-Scheme Value field.
提供的计划列表。每个都编码在一个单独的可变精度整数(VPI)中。生成器VPI后跟(连接到)模数VPI,结果嵌套在交换方案值字段中。
When the Exchange-Scheme Size field is zero, includes by reference all of the moduli specified in the list of Offered-Schemes for Scheme #7.
当交换方案大小字段为零时,通过引用包括方案#7的提供方案列表中指定的所有模。
Key-Generation-Function "MD5 Hash" Privacy-Method "DES-CBC over Mask" Validity-Method "MD5-IPMAC Check"
密钥生成函数“MD5哈希”隐私方法“DES-CBC覆盖掩码”有效性方法“MD5-IPMAC检查”
This combination of features requires a modulus with at least 64-bits of cryptographic strength.
这种特性的组合需要具有至少64位加密强度的模。
When more than one modulus is specified for a given kind of Scheme, the Size of the modulus MUST be unique, independent of the Size of the generator.
当为给定类型的方案指定多个模数时,模数的大小必须是唯一的,与生成器的大小无关。
(20) Implementation Optional. Any modulus (p) with a recommended generator (g) of 5. When the Exchange-Scheme Size is non-zero, the modulus is contained in the Exchange-Scheme Value field in the list of Offered-Schemes.
(20) 实现是可选的。任何模数(p),推荐的发电机(g)为5。当交换方案大小为非零时,模数包含在所提供方案列表中的交换方案值字段中。
When the Exchange-Scheme Size field is zero, includes by reference all of the moduli specified in the list of Offered-Schemes for Schemes #5 and #10.
当交换方案大小字段为零时,通过引用包括方案5和方案10的提供方案列表中指定的所有模。
Key-Generation-Function "SHA1 Hash" Privacy-Method "DES-EDE3-CBC over Mask" Validity-Method "SHA1-IPMAC Check"
密钥生成函数“SHA1哈希”隐私方法“DES-EDE3-CBC覆盖掩码”有效性方法“SHA1-IPMAC检查”
This combination of features requires a modulus with at least 112-bits of cryptographic strength.
这种特征的组合需要具有至少112位密码强度的模。
(28) Implementation Optional. Any modulus (p) with a variable generator (g). When the Exchange-Scheme Size is non-zero, the pair [g,p] is contained in the Exchange-Scheme Value field in the list of Offered-Schemes. Each is encoded in a separate Variable Precision Integer (VPI). The generator VPI is followed by (concatenated to) the modulus VPI, and the result is nested inside the Exchange-Scheme Value field.
(28)执行可选。具有可变生成器(g)的任意模量(p)。当交换方案大小非零时,对[g,p]包含在所提供方案列表中的交换方案值字段中。每个都编码在一个单独的可变精度整数(VPI)中。生成器VPI后跟(连接到)模数VPI,结果嵌套在交换方案值字段中。
When the Exchange-Scheme Size field is zero, includes by reference all of the moduli specified in the list of Offered-Schemes for Schemes #7 and #14.
当交换方案大小字段为零时,通过引用包括方案7和方案14的提供方案列表中指定的所有模。
Key-Generation-Function "SHA1 Hash" Privacy-Method "DES-EDE3-CBC over Mask" Validity-Method "SHA1-IPMAC Check"
密钥生成函数“SHA1哈希”隐私方法“DES-EDE3-CBC覆盖掩码”有效性方法“SHA1-IPMAC检查”
This combination of features requires a modulus with at least 112-bits of cryptographic strength.
这种特征的组合需要具有至少112位密码强度的模。
When more than one modulus is specified for a given kind of Scheme, the Size of the modulus MUST be unique, independent of the Size of the generator.
当为给定类型的方案指定多个模数时,模数的大小必须是唯一的,与生成器的大小无关。
2. Additional Key-Generation-Function 2.1. SHA1 Hash
2. 附加密钥生成功能2.1。SHA1散列
SHA1 [FIPS-180-1] is used as a pseudo-random-function for generating the key(s). The key(s) begin with the most significant bits of the hash. SHA1 is iterated as needed to generate the requisite length of key material.
SHA1[FIPS-180-1]用作生成密钥的伪随机函数。密钥以散列的最高有效位开始。根据需要迭代SHA1,以生成关键材料的必要长度。
When an individual key does not use all 160-bits of the last hash, any remaining unused (least significant) bits of the last hash are discarded. When combined with other uses of key generation for the same purpose, the next key will begin with a new hash iteration.
当单个密钥未使用最后一个哈希的所有160位时,将丢弃最后一个哈希的任何剩余未使用(最低有效)位。当与密钥生成的其他用途结合使用时,下一个密钥将以新的哈希迭代开始。
3. Additional Privacy-Methods 3.1. DES-CBC over Mask
3. 附加隐私方法3.1。DES-CBC掩模
As described in [RFC-2522] "Privacy-Key Computation", sufficient privacy-key material is generated to match the message length, beginning with the next field after the SPI, and including the Padding. The message is masked by XOR with the privacy-key.
如[RFC-2522]“隐私密钥计算”中所述,生成足够的隐私密钥材料以匹配消息长度,从SPI后的下一个字段开始,并包括填充。消息被带有隐私密钥的XOR屏蔽。
Then, the Key-Generation-Function is iterated to generate a DES key. The most significant 64-bits (8 bytes) of the generated hash are used for the privacy-key, and the remainder are discarded. Although extremely rare, the 64 weak, semi-weak, and possibly weak keys [Schneier95, pages 280-282] are discarded. The Key-Generation-Function is iterated until a valid key is obtained.
然后,迭代密钥生成函数以生成DES密钥。生成的散列的最高有效64位(8字节)用于隐私密钥,其余的被丢弃。尽管非常罕见,但64个弱、半弱和可能弱的键[Schneier95,第280-282页]被丢弃。迭代密钥生成函数,直到获得有效密钥。
The least significant bit of each key byte is ignored (or set to parity when the implementation requires).
忽略每个键字节的最低有效位(或在实现需要时设置为奇偶校验)。
The 64-bit CBC IV is zero. Message encryption begins with the next field after the SPI, and continues to the end of the data indicated
64位CBC IV为零。消息加密从SPI后的下一个字段开始,并持续到所示数据的末尾
by the UDP Length.
按UDP长度。
This is "Triple DES" outer-CBC EDE encryption (and DED decryption) with three 56-bit keys [KR96].
这是带有三个56位密钥的“三重DES”外部CBC EDE加密(和DED解密)[KR96]。
As described in [RFC-2522] "Privacy-Key Computation", sufficient privacy-key material is generated to match the message length, beginning with the next field after the SPI, and including the Padding. The message is masked by XOR with the privacy-key.
如[RFC-2522]“隐私密钥计算”中所述,生成足够的隐私密钥材料以匹配消息长度,从SPI后的下一个字段开始,并包括填充。消息被带有隐私密钥的XOR屏蔽。
Then, the Key-Generation-Function is iterated (at least) three times to generate the three DES keys. The most significant 64-bits (8 bytes) of each generated hash are used for each successive privacy-key, and the remainder are discarded. Each key is examined sequentially, in the order used for encryption. A key that is identical to a previous key MUST be discarded. Although extremely rare, the 64 weak, semi-weak, and possibly weak keys [Schneier95, pages 280-282] MUST be discarded. The Key-Generation-Function is iterated until a valid key is obtained before generating the next key.
然后,密钥生成函数被迭代(至少)三次以生成三个DES密钥。每个生成的哈希的最高有效64位(8字节)用于每个连续的隐私密钥,剩余的被丢弃。按照用于加密的顺序依次检查每个密钥。必须丢弃与上一个密钥相同的密钥。尽管非常罕见,但必须丢弃64个弱、半弱和可能弱的密钥[Schneier95,第280-282页]。在生成下一个密钥之前,将迭代密钥生成函数,直到获得有效密钥。
In all three keys, the least significant bit of each key byte is ignored (or set to parity when the implementation requires).
在所有三个键中,忽略每个键字节的最低有效位(或在实现需要时设置为奇偶校验)。
The 64-bit CBC IV is zero. Message encryption begins with the next field after the SPI, and continues to the end of the data indicated by the UDP Length.
64位CBC IV为零。消息加密从SPI后的下一个字段开始,并继续到UDP长度指示的数据结尾。
4. Additional Validity-Method 4.1. SHA1-IPMAC Check
4. 附加有效性方法4.1。SHA1-IPMAC检查
As described in [RFC-2522] "Validity Verification", the Verification field value is the SHA1 [FIPS-180-1] hash over the concatenation of
如[RFC-2522]“有效性验证”中所述,验证字段的值是连接的SHA1[FIPS-180-1]散列
SHA1( key, keyfill, data, datafill, key, mdfill )
SHA1(键,键填充,数据,数据填充,键,mdfill)
where the key is the computed verification-key.
其中,密钥是计算的验证密钥。
The keyfill and datafill use the same pad-with-length technique defined for mdfill. This padding and length is implicit, and does not appear in the datagram.
keyfill和datafill使用相同的键盘,长度技术为mdfill定义。此填充和长度是隐式的,不会出现在数据报中。
The resulting Verification field is a 160-bit Variable Precision Integer (22 bytes including Size). When used in calculations, the
结果验证字段是一个160位可变精度整数(22字节,包括大小)。在计算中使用时
Verification data includes both the Size and Value fields.
验证数据包括大小和值字段。
The attribute format and basic facilities are already defined for Photuris [RFC-2522].
已经为Photuris[RFC-2522]定义了属性格式和基本设施。
These optional attributes are specified separately, and no single implementation is expected to support all of them.
这些可选属性是单独指定的,不希望单个实现支持所有这些属性。
This document defines the following values:
本文件定义了以下值:
Use Type AEI 6 SHA1-IPMAC AEI 7 RIPEMD-160-IPMAC E 8 DES-CBC E 9 Invert (Decryption/Encryption) E 10 XOR
使用类型AEI 6 SHA1-IPMAC AEI 7 RIPEMD-160-IPMAC E 8 DES-CBC E 9反转(解密/加密)E 10异或
A AH Attribute-Choice E ESP Attribute-Choice I Identity-Choice X dependent on list location
AH属性选择E ESP属性选择I标识选择X取决于列表位置
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attribute | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attribute | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Attribute 6
属性6
Length 0
长度0
When selected as an Identity-Choice, the immediately following Identification field contains an unstructured Variable Precision Integer. Valid Identifications and symmetric secret-keys are preconfigured by the parties.
选择作为标识选项时,紧跟其后的标识字段包含一个非结构化变量精度整数。有效标识和对称密钥由双方预先配置。
There is no required format or content for the Identification value. The value may be a number or string of any kind. See [RFC-2522] "Use of Identification and Secrets" for details.
标识值没有必需的格式或内容。该值可以是任何类型的数字或字符串。详见[RFC-2522]“标识和秘密的使用”。
The symmetric secret-key (as specified) is selected based on the contents of the Identification field. All implementations MUST support at least 62 bytes. The selected symmetric secret-key SHOULD provide at least 80-bits of cryptographic strength.
根据标识字段的内容选择对称密钥(如指定)。所有实现必须至少支持62个字节。所选对称密钥应提供至少80位的加密强度。
As described in [RFC-2522] "Identity Verification", the Verification field value is the SHA1 [FIPS-180-1] hash over the concatenation of:
如[RFC-2522]“身份验证”中所述,验证字段值是以下项串联的SHA1[FIPS-180-1]散列:
SHA1( key, keyfill, data, datafill, key, mdfill )
SHA1(键,键填充,数据,数据填充,键,mdfill)
where the key is the computed verification-key.
其中,密钥是计算的验证密钥。
The keyfill and datafill use the same pad-with-length technique defined for mdfill. This padding and length is implicit, and does not appear in the datagram.
keyfill和datafill使用相同的键盘,长度技术为mdfill定义。此填充和长度是隐式的,不会出现在数据报中。
The resulting Verification field is a 160-bit Variable Precision Integer (22 bytes including Size). When used in calculations, the Verification data includes both the Size and Value fields.
结果验证字段是一个160位可变精度整数(22字节,包括大小)。在计算中使用时,验证数据包括大小和值字段。
For both [RFC-2522] "Identity Verification" and "Validity Verification", the verification-key is the SHA1 [FIPS-180-1] hash of the following concatenated values:
对于[RFC-2522]“身份验证”和“有效性验证”,验证密钥是以下串联值的SHA1[FIPS-180-1]散列:
+ the symmetric secret-key, + the computed shared-secret.
+ 对称密钥+计算的共享密钥。
For [RFC-2522] "Session-Key Computation", the symmetric secret-key is used directly as the generation-key.
对于[RFC-2522]“会话密钥计算”,对称密钥直接用作生成密钥。
The symmetric secret-key is used in calculations in the same fashion as [RFC-2522] "MD5-IPMAC Symmetric Identification".
对称密钥在计算中的使用方式与[RFC-2522]“MD5-IPMAC对称标识”相同。
May be selected as an AH or ESP Attribute-Choice, pursuant to [RFC-1852] et sequitur. The selected Exchange-Scheme SHOULD provide at least 80-bits of cryptographic strength.
可根据[RFC-1852]等选择作为AH或ESP属性选择。所选交换方案应提供至少80位的加密强度。
As described in [RFC-2522] "Session-Key Computation", the most significant 384-bits (48 bytes) of the Key-Generation-Function iterations are used for the key.
如[RFC-2522]“会话密钥计算”中所述,密钥生成函数迭代的最高有效384位(48字节)用于密钥。
Profile:
轮廓:
When negotiated with Photuris, the transform differs slightly from [RFC-1852].
与Photuris协商时,转换与[RFC-1852]略有不同。
The form of the authenticated message is:
已验证消息的形式为:
SHA1( key, keyfill, datagram, datafill, key, mdfill )
SHA1(键,键填充,数据报,数据填充,键,mdfill)
where the key is the SPI session-key.
其中,密钥是SPI会话密钥。
The additional datafill protects against the attack described in [PO96]. The keyfill and datafill use the same pad-with-length technique defined for mdfill. This padding and length is implicit, and does not appear in the datagram.
额外的数据填充可以防止[PO96]中描述的攻击。keyfill和datafill使用相同的键盘,长度技术为mdfill定义。此填充和长度是隐式的,不会出现在数据报中。
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attribute | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attribute | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Attribute 7
属性7
Length 0
长度0
When selected as an Identity-Choice, the immediately following Identification field contains an unstructured Variable Precision Integer. Valid Identifications and symmetric secret-keys are preconfigured by the parties.
选择作为标识选项时,紧跟其后的标识字段包含一个非结构化变量精度整数。有效标识和对称密钥由双方预先配置。
There is no required format or content for the Identification value. The value may be a number or string of any kind. See [RFC-2522] "Use of Identification and Secrets" for details.
标识值没有必需的格式或内容。该值可以是任何类型的数字或字符串。详见[RFC-2522]“标识和秘密的使用”。
The symmetric secret-key (as specified) is selected based on the contents of the Identification field. All implementations MUST support at least 62 bytes. The selected symmetric secret-key SHOULD provide at least 80-bits of cryptographic strength.
根据标识字段的内容选择对称密钥(如指定)。所有实现必须至少支持62个字节。所选对称密钥应提供至少80位的加密强度。
As described in [RFC-2522] "Identity Verification", the Verification field value is the RIPEMD-160 [DBP96] hash over the concatenation of:
如[RFC-2522]“身份验证”中所述,验证字段值是以下各项串联的RIPEMD-160[DBP96]散列:
RIPEMD160( key, keyfill, data, datafill, key, mdfill )
RIPEMD160(键,键填充,数据,数据填充,键,mdfill)
where the key is the computed verification-key.
其中,密钥是计算的验证密钥。
The keyfill and datafill use the same pad-with-length technique defined for mdfill. This padding and length is implicit, and does not appear in the datagram.
keyfill和datafill使用相同的键盘,长度技术为mdfill定义。此填充和长度是隐式的,不会出现在数据报中。
The resulting Verification field is a 160-bit Variable Precision Integer (22 bytes including Size). When used in calculations, the Verification data includes both the Size and Value fields.
结果验证字段是一个160位可变精度整数(22字节,包括大小)。在计算中使用时,验证数据包括大小和值字段。
For both [RFC-2522] "Identity Verification" and "Validity Verification", the verification-key is the RIPEMD-160 [DBP96] hash of the following concatenated values:
对于[RFC-2522]“身份验证”和“有效性验证”,验证密钥是以下串联值的RIPEMD-160[DBP96]散列:
+ the symmetric secret-key, + the computed shared-secret.
+ 对称密钥+计算的共享密钥。
For [RFC-2522] "Session-Key Computation", the symmetric secret-key is used directly as the generation-key.
对于[RFC-2522]“会话密钥计算”,对称密钥直接用作生成密钥。
The symmetric secret-key is used in calculations in the same fashion as [RFC-2522] "MD5-IPMAC Symmetric Identification".
对称密钥在计算中的使用方式与[RFC-2522]“MD5-IPMAC对称标识”相同。
May be selected as an AH or ESP Attribute-Choice. The selected Exchange-Scheme SHOULD provide at least 80-bits of cryptographic strength.
可选择为AH或ESP属性选项。所选交换方案应提供至少80位的加密强度。
As described in [RFC-2522] "Session-Key Computation", the most significant 384-bits (48 bytes) of the Key-Generation-Function iterations are used for the key.
如[RFC-2522]“会话密钥计算”中所述,密钥生成函数迭代的最高有效384位(48字节)用于密钥。
Profile:
轮廓:
When negotiated with Photuris, the form of the authenticated message is:
与Photuris协商时,经过身份验证的消息的形式为:
RIPEMD160( key, keyfill, datagram, datafill, key, mdfill )
RIPEMD160(键,键填充,数据报,数据填充,键,mdfill)
where the key is the SPI session-key.
其中,密钥是SPI会话密钥。
The additional datafill protects against the attack described in [PO96]. The keyfill and datafill use the same pad-with-length technique defined for mdfill. This padding and length is implicit, and does not appear in the datagram.
额外的数据填充可以防止[PO96]中描述的攻击。keyfill和datafill使用相同的键盘,长度技术为mdfill定义。此填充和长度是隐式的,不会出现在数据报中。
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attribute | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attribute | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Attribute 8
属性8
Length 0
长度0
May be selected as an ESP Attribute-Choice, pursuant to [RFC-1829] et sequitur. The selected Exchange-Scheme SHOULD provide at least 56- bits of cryptographic strength.
可根据[RFC-1829]等选择作为ESP属性选择。选定的交换方案应提供至少56位的加密强度。
As described in [RFC-2522] "Session-Key Computation", the most significant 64-bits (8 bytes) of the Key-Generation iteration are used for the key, and the remainder are discarded. Although extremely rare, the 64 weak, semi-weak, and possibly weak keys [Schneier95, pages 280-282] MUST be discarded. The Key-Generation-Function is iterated until a valid key is obtained.
如[RFC-2522]“会话密钥计算”中所述,密钥生成迭代的最高有效64位(8字节)用于密钥,剩余部分被丢弃。尽管非常罕见,但必须丢弃64个弱、半弱和可能弱的密钥[Schneier95,第280-282页]。迭代密钥生成函数,直到获得有效密钥。
The least significant bit of each key byte is ignored (or set to
忽略每个键字节的最低有效位(或设置为
parity when the implementation requires).
实现需要时的奇偶校验)。
Profile:
轮廓:
When negotiated with Photuris, the transform differs slightly from [RFC-1829].
与Photuris协商时,转换与[RFC-1829]略有不同。
The 32-bit Security Parameters Index (SPI) field is followed by a 32-bit Sequence Number (SN).
32位安全参数索引(SPI)字段后跟32位序列号(SN)。
The 64-bit CBC IV is generated from the 32-bit Security Parameters Index (SPI) field followed by (concatenated with) the 32-bit Sequence Number (SN) field. Then, the bit-wise complement of the 32-bit Sequence Number (SN) value is XOR'd with the first 32-bits (SPI):
64位CBC IV由32位安全参数索引(SPI)字段和32位序列号(SN)字段生成。然后,32位序列号(SN)值的逐位补码与前32位(SPI)异或:
(SPI ^ -SN) || SN
(SPI^-SN)| | SN
The Padding values begin with the value 1, and count up to the number of padding bytes. For example, if the plaintext length is 41, the padding values are 1, 2, 3, 4, 5, 6 and 7, plus any additional obscuring padding.
填充值以值1开始,并计至填充字节数。例如,如果纯文本长度为41,则填充值为1、2、3、4、5、6和7,再加上任何其他模糊填充。
The PadLength and PayloadType are not appended. Instead, the PayloadType is indicated by the SPI, as specified by the ESP-Attributes attribute (#2).
PadLength和PayloadType不会追加。相反,PayloadType由SPI指示,如ESP属性(#2)所指定。
After decryption, if the padding bytes are not the correct sequential values, then the payload is discarded, and a "Decryption Failed" error is indicated, as described in [RFC-2521].
解密后,如果填充字节不是正确的顺序值,则丢弃有效负载,并指示“解密失败”错误,如[RFC-2521]所述。
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attribute | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attribute | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Attribute 9
属性9
Length 0
长度0
May be selected as an ESP Attribute-Choice, immediately preceding an encryption choice. This indicates that the following attribute is inverted from encryption to decryption (or decryption to encryption) as the attributes are processed.
可以选择为ESP属性选项,紧跟在加密选项之前。这表示在处理属性时,以下属性从加密转换为解密(或从解密转换为加密)。
For example, the combination
例如,组合
"DES-CBC", "Invert", "DES-CBC", "DES-CBC",
“DES-CBC”、“倒置”、“DES-CBC”、“DES-CBC”,
indicates "Triple DES" outer-CBC EDE encryption (and DED decryption) with three keys [KR96] pursuant to [RFC-1851] et sequitur. The selected Exchange-Scheme SHOULD provide at least 112-bits of cryptographic strength.
表示根据[RFC-1851]et序列使用三个密钥[KR96]进行“三重DES”外部CBC EDE加密(和DED解密)。所选交换方案应提供至少112位的加密强度。
As described in [RFC-2522] "Session-Key Computation", the Key-Generation-Function is iterated (at least) three times to generate the three independent keys, in the order used for encryption. The most significant 64-bits (8 bytes) of each iteration are used for each successive key, and the remainder are discarded.
如[RFC-2522]“会话密钥计算”中所述,密钥生成函数迭代(至少)三次,以生成三个独立密钥,顺序与用于加密的顺序相同。每次迭代的最高有效64位(8字节)用于每个连续密钥,剩余的被丢弃。
Each key is examined sequentially, in the order used for encryption. A key that is identical to any previous key MUST be discarded. Any weak keys indicated for the algorithm MUST be discarded. The Key-Generation-Function is iterated until a valid key is obtained before generating the next key.
按照用于加密的顺序依次检查每个密钥。必须丢弃与任何先前密钥相同的密钥。必须丢弃为算法指定的任何弱键。在生成下一个密钥之前,将迭代密钥生成函数,直到获得有效密钥。
Profile:
轮廓:
When negotiated with Photuris, the "DES-EDE3-CBC" transform differs slightly from [RFC-1851], in the same fashion as "DES-CBC" (described earlier).
当与Photuris协商时,“DES-EDE3-CBC”转换与[RFC-1851]略有不同,方式与“DES-CBC”(前面描述)相同。
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attribute | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attribute | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Attribute 10
属性10
Length 0
长度0
May be selected as an ESP Attribute-Choice, pursuant to [XEX3] et sequitur. The combination
可根据[XEX3]等选择作为ESP属性选择。组合
"XOR", "DES-CBC", "XOR",
“异或”、“DES-CBC”、“异或”,
indicates "DESX" encryption with three keys [KR96]. The selected Exchange-Scheme SHOULD provide at least 104-bits of cryptographic strength.
表示使用三个密钥进行“DESX”加密[KR96]。所选交换方案应提供至少104位的加密强度。
As described in [RFC-2522] "Session-Key Computation", the Key-Generation-Function is iterated (at least) three times to generate the three independent keys, in the order used for encryption. The most significant bytes of each iteration are used for each successive key, and the remainder are discarded.
如[RFC-2522]“会话密钥计算”中所述,密钥生成函数迭代(至少)三次,以生成三个独立密钥,顺序与用于加密的顺序相同。每次迭代的最高有效字节用于每个连续密钥,剩余字节将被丢弃。
Note that this attribute may appear multiple times in the same ESP attribute list, both before and after an encryption transform. For example,
请注意,该属性可能在加密转换前后多次出现在同一ESP属性列表中。例如
"XOR", "DES-CBC", "XOR", "Invert", "DES-CBC", "XOR", "DES-CBC", "XOR",
“异或”、“DES-CBC”、“异或”、“反转”、“DES-CBC”、“异或”、“DES-CBC”、“异或”,
would be one possible combination with Triple DES.
将是一种可能的三重DES组合。
A. Exchange-Scheme Selection
A.交换方案选择
At first glance, there appear to be a large number of exchange-schemes. In practice, the selection is simple to automate.
乍一看,似乎有大量的交换方案。实际上,选择很容易自动化。
Each scheme indicates a needed strength. This strength is based upon the functions used in protecting the Photuris Exchanges themselves.
每个方案都表明了所需的强度。这种力量是基于用于保护Photuris交易所本身的功能。
Each keyed attribute also indicates a needed strength. This strength is based upon its cryptographic functions.
每个设置关键帧的属性还指示所需的强度。这一优势基于其密码功能。
Because the usage of these functions is orthogonal, the same strength value can select an appropriate scheme that meets the needs of both features.
由于这些函数的使用是正交的,因此相同的强度值可以选择满足这两个特征需要的适当方案。
The attributes to be offered to the particular Initiator are examined. For each level of strength specified, a scheme that meets or exceeds the requirements is offered.
将检查要提供给特定启动器的属性。对于规定的每个强度等级,提供满足或超过要求的方案。
For example, a Responder offering MD5-IPMAC and SHA1-IPMAC might offer scheme #2 with a 512-bit modulus and a 1024-bit modulus, and scheme #4 with a zero Size (indicating moduli of #2).
例如,提供MD5-IPMAC和SHA1-IPMAC的响应程序可能提供具有512位模和1024位模的方案#2,以及具有零大小的方案#4(表示模为#2)。
The strength indicated by the application for the Security Association, together with the party privacy policy of the system operator, is used to select from the offered schemes. The strength indicates the minimal level to be chosen, while the party privacy policy indicates whether to choose the minimal or maximal level of available protection.
安全关联应用程序显示的强度,以及系统运营商的第三方隐私政策,用于从提供的方案中进行选择。强度表示要选择的最小级别,而当事人隐私策略表示是选择可用保护的最小级别还是最大级别。
For example, an application might indicate that it desires 80-bits of strength. In that case, only the 1024-bit modulus would be appropriate. The party privacy policy of the system operator would indicate whether to choose scheme #2 with "Simple Masking" or scheme #4 with "DES-CBC over Mask".
例如,应用程序可能表示需要80位的强度。在这种情况下,只有1024位模才合适。系统运营商的第三方隐私政策将指明是选择方案2(带有“简单屏蔽”还是方案4(带有“DES-CBC覆盖屏蔽”)。
Alternatively, an application might indicate that it desires 64-bits of strength. The party privacy policy of the system operator would indicate whether to choose scheme #2 with the 512-bit modulus, or scheme #4 with the 1024-bit modulus.
或者,应用程序可能表示它需要64位的强度。系统运营商的第三方隐私政策将指明是选择512位模的方案2,还是选择1024位模的方案4。
Security Considerations
安全考虑
Provision for multiple generators does not enhance the security of the Photuris protocol exchange itself. Rather, it provides an opportunity for novelty of moduli, by allowing more forms of moduli to be used. An abundance of moduli inhibits a determined attacker from pre-calculating moduli exchange values, and discourages dedication of resources for analysis of any particular modulus. That is, this protects the community of Photuris users.
提供多个生成器不会增强Photuris协议交换本身的安全性。相反,通过允许使用更多形式的模块,它为模块的新颖性提供了机会。大量的模会阻止已确定的攻击者预先计算模交换值,并阻止将资源用于分析任何特定的模。也就是说,这保护了Photuris用户社区。
In addition to preventing various attacks by protecting verification fields, the masking of the message plaintext before encryption is intended to obscure the relation of the number of parties and SPIs active between two IP nodes. The privacy mask dependency on the SPI and SPILT generates a different initial encrypted block for every SPI creation message.
除了通过保护验证字段来防止各种攻击外,加密前对消息明文的屏蔽旨在掩盖两个IP节点之间活动的参与方数量和SPI之间的关系。SPI和SPILT上的隐私掩码依赖项为每个SPI创建消息生成不同的初始加密块。
This obscurement would be less effective when the SPI and SPILT are invariant or are not created for a particular exchange direction. The number of parties could be revealed by the number of exchanges with differences in the initial encrypted blocks.
当SPI和SPILT是不变的或不是为特定交换方向创建的时,这种模糊效果会降低。参与方的数量可以通过在初始加密块中存在差异的交换数量来显示。
Acknowledgements
致谢
Phil Karn was principally responsible for the design of party privacy protection, and provided much of the design rationale text (now removed to a separate document).
Phil Karn主要负责第三方隐私保护的设计,并提供了大部分设计原理文本(现已删除到单独的文档中)。
William Simpson was responsible for the packet formats, and additional Exchange-Schemes, editing and formatting. All such mistakes are his responsibity.
William Simpson负责数据包格式、附加交换方案、编辑和格式化。所有这些错误都是他的责任。
Use of encryption for privacy protection is also found in the Station-To-Station authentication protocol [DOW92].
在站对站身份验证协议[DOW92]中也可以找到使用加密保护隐私的方法。
Bart Preneel and Paul C van Oorschot in [PO96] recommended padding between the data and trailing key when hashing for authentication.
Bart Preneel和Paul C van Oorschot在[PO96]中建议在对身份验证进行散列时,在数据和尾随密钥之间进行填充。
Niels Provos developed the first implementation with multiple schemes and multiple moduli per scheme (circa July 1997).
Niels Provos开发了第一个具有多个方案和每个方案的多个模块的实现(大约1997年7月)。
Special thanks to the Center for Information Technology Integration (CITI) for providing computing resources.
特别感谢信息技术集成中心(CITI)提供的计算资源。
References
工具书类
[DBP96] Dobbertin, H., Bosselaers, A., and Preneel, B., "RIPEMD-160: a strengthened version of RIPEMD", Fast Software Encryption, Third International Workshop, Lecture Notes in Computer Science 1039 (1996), Springer-Verlag, pages 71-82.
[DBP96]Dobbertin,H.,Bosselaers,A.,和Preneel,B.,“RIPEMD-160:RIPEMD的强化版本”,快速软件加密,第三届国际研讨会,计算机科学讲稿1039(1996),Springer Verlag,第71-82页。
See also corrections at ftp://ftp.esat.kuleuven.ac.be/pub/COSIC/bosselae/ripemd/.
另见更正处ftp://ftp.esat.kuleuven.ac.be/pub/COSIC/bosselae/ripemd/.
[DOW92] Whitfield Diffie, Paul C van Oorshot, and Michael J Wiener, "Authentication and Authenticated Key Exchanges", Designs, Codes and Cryptography, v 2 pp 107-125, Kluwer Academic Publishers, 1992.
[DOW92]Whitfield Diffie,Paul C van Oorshot和Michael J Wiener,“认证和认证密钥交换”,设计、代码和密码学,v 2 pp 107-125,Kluwer学术出版社,1992年。
[FIPS-180-1] "Secure Hash Standard", National Institute of Standards and Technology, U.S. Department Of Commerce, April 1995.
[FIPS-180-1]“安全哈希标准”,美国商务部国家标准与技术研究所,1995年4月。
Also known as: 59 Fed Reg 35317 (1994).
也称为:59美联储条例35317(1994)。
[KR96] Kaliski, B., and Robshaw, M., "Multiple Encryption: Weighing Security and Performance", Dr. Dobbs Journal, January 1996.
[KR96]Kaliski,B.和Robshaw,M.,“多重加密:衡量安全性和性能”,Dobbs博士期刊,1996年1月。
[PO96] Bart Preneel, and Paul C van Oorshot, "On the security of two MAC algorithms", Advances in Cryptology -- Eurocrypt '96, Lecture Notes in Computer Science 1070 (May 1996), Springer-Verlag, pages 19-32.
[PO96]Bart Preneel和Paul C van Oorshot,“关于两种MAC算法的安全性”,《密码学进展——Eurocrypt'96》,计算机科学课堂讲稿1070(1996年5月),Springer Verlag,第19-32页。
[RFC-1829] Karn, P., Metzger, P., Simpson, W., "The ESP DES-CBC Transform", July 1995.
[RFC-1829]卡恩,P.,梅茨格,P.,辛普森,W.,“ESP DES-CBC转换”,1995年7月。
[RFC-1850] Karn, P., Metzger, P., Simpson, W., "The ESP Triple DES Transform", September 1995.
[RFC-1850]卡恩,P.,梅茨格,P.,辛普森,W.,“ESP三重DES变换”,1995年9月。
[RFC-1851] Metzger, P., Simpson, W., "IP Authentication using Keyed SHA", September 1995.
[RFC-1851]梅茨格,P.,辛普森,W.,“使用密钥SHA的IP认证”,1995年9月。
[RFC-2521] Karn, P., and Simpson, W., "ICMP Security Failures Messages", March 1999.
[RFC-2521]Karn,P.和Simpson,W.,“ICMP安全故障消息”,1999年3月。
[RFC-2522] Karn, P., and Simpson, W., "Photuris: Session-Key Management Protocol", March 1999.
[RFC-2522]Karn,P.和Simpson,W.,“Photuris:会话密钥管理协议”,1999年3月。
[XEX3] Simpson, W., Baldwin, R., "The ESP DES-XEX3-CBC Transform", Work In Progress, June 1997.
[XEX3]辛普森,W.,鲍德温,R.,“ESP DES-XEX3-CBC转换”,正在进行的工作,1997年6月。
Contacts
联络
Comments about this document should be discussed on the photuris@adk.gr mailing list.
关于本文件的评论应在photuris@adk.gr邮件列表。
Questions about this document can also be directed to:
有关本文件的问题,请联系:
Phil Karn Qualcomm, Inc. 6455 Lusk Blvd. San Diego, California 92121-2779
菲尔·卡恩高通公司,地址:卢斯克大道6455号。加利福尼亚州圣地亚哥92121-2779
karn@qualcomm.com karn@unix.ka9q.ampr.org (preferred)
karn@qualcomm.com karn@unix.ka9q.ampr.org(首选)
William Allen Simpson DayDreamer Computer Systems Consulting Services 1384 Fontaine Madison Heights, Michigan 48071
William Allen Simpson DayDreamer计算机系统咨询服务1384 Fontaine Madison Heights,Michigan 48071
wsimpson@UMich.edu wsimpson@GreenDragon.com (preferred)
wsimpson@UMich.edu wsimpson@GreenDragon.com(首选)
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (1999). Copyright (C) Philip Karn and William Allen Simpson (1994-1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有(C)Philip Karn和William Allen Simpson(1994-1999)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards (in which case the procedures for copyrights defined in the Internet Standards process must be followed), or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的目的(在这种情况下,必须遵循互联网标准流程中定义的版权程序),或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING (BUT NOT LIMITED TO) ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括(但不限于)保证使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。