smilint output for ./SNMP-USM-DH-OBJECTS-MIB
| Message Severities |
|---|
| Severity | Count |
|---|
| error | 1 |
| minor error | 3 |
| change recommended | 1 |
| warning | 2 |
| Message Types |
|---|
| Type | Count |
|---|
| date-in-past (change recommended) | 1 |
| date-length (error) | 1 |
| date-year-2digits (warning) | 1 |
| empty-description (warning) | 1 |
| revision-after-update (minor error) | 2 |
| revision-missing (minor error) | 1 |
Messages:
SNMP-USM-DH-OBJECTS-MIB
1: -- extracted from draft-ietf-ops-rfc2786std-00.txt
2: -- at Wed Aug 28 06:10:43 2002
3:
4: SNMP-USM-DH-OBJECTS-MIB DEFINITIONS ::= BEGIN
5:
6: IMPORTS
7: MODULE-IDENTITY, OBJECT-TYPE,
8: -- OBJECT-IDENTITY,
9: experimental, Integer32
10: FROM SNMPv2-SMI
11: TEXTUAL-CONVENTION
12: FROM SNMPv2-TC
13: MODULE-COMPLIANCE, OBJECT-GROUP
14: FROM SNMPv2-CONF
15: usmUserEntry
16: FROM SNMP-USER-BASED-SM-MIB
17: SnmpAdminString
18: FROM SNMP-FRAMEWORK-MIB;
19:
20: snmpUsmDHObjectsMIB MODULE-IDENTITY
21: LAST-UPDATED "0207250000Z" -- 25 July 2002, Midnight
21: warning -
warning: date specification `0207250000Z' contains a two-digit year representing `1902'
21: change recommended -
warning: date specification `0207250000Z' predates the SMI standard
22: ORGANIZATION "Network Associates Laboratories"
23: CONTACT-INFO "Author: Mike StJohns
24: Postal: Network Associates Laboratories
25: 15204 Omega Drive, Suite 300
26: Rockville, MD 20850
27: Email: Michael_St.Johns@NAI.com
28: Phone: +1-301-947-716"
29:
30: DESCRIPTION
31: "The management information definitions for providing forward
32: secrecy for key changes for the usmUserTable, and for providing a
33: method for 'kickstarting' access to the agent via a Diffie-Hellman
34: key agreement."
35: REVISION "9912140000Z" -- 14 December 1999
35: minor error -
revision date after last update
36: DESCRIPTION "Original version"
37: REVISION "020725000Z" -- 25 July 2002, Midnight
37: error -
date specification `020725000Z' has an illegal length
37: minor error -
revision date after last update
38: DESCRIPTION
39: "Revised DHKeyChange textual convention and
40: usmDHKickStartMyPublic object to restate the conditions on the
41: selection of 'r' from [2^(l-1) <= r < p-1 < 2^l] to [0 <= r < p-1'
42: AND '2^(l-1) <= r < 2^l]. The previous version was an incorrect
43: combination of the two restrictions."
44: ::= { experimental 101 } -- IANA DHKEY-CHANGE 101
44: minor error -
revision for last update is missing
45:
46: -- Administrative assignments
47:
48: usmDHKeyObjects OBJECT IDENTIFIER ::= { snmpUsmDHObjectsMIB 1 }
49: usmDHKeyConformance OBJECT IDENTIFIER ::= { snmpUsmDHObjectsMIB 2 }
50:
51: -- Textual conventions
52:
53: DHKeyChange ::= TEXTUAL-CONVENTION
54: STATUS current
55: DESCRIPTION
56: "Upon initialization, or upon creation of a row containing an
57: object of this type, and after any successful SET of this value, a
58: GET of this value returns 'y' where y = g^xa MOD p, and where g is
59: the base from usmDHParameters, p is the prime from
60: usmDHParameters, and xa is a new random integer selected by the
61: agent in the interval 0 <= xa < p-1. 'l' is the
62: optional privateValueLength from usmDHParameters in bits. If 'l'
63: is specified, then xa (and xr below) must also satisfy the
64: condition 2^(l-1) <= xa < 2^l. y is expressed as an OCTET STRING
65: 'PV' of length 'k' which satisfies
66:
67: k
68: y = SUM 2^(8(k-i)) PV'i
69: i=1
70:
71: where PV1,...,PVk are the octets of PV from first to last, and
72: where PV1 <> 0.
73:
74: A successful SET consists of the value 'y' expressed as an OCTET
75: STRING as above concatenated with the value 'z'(expressed as an
76: OCTET STRING in the same manner as y) where z = g^xr MOD p, where
77: g, p and l are as above, and where xr is a new random integer
78: selected by the manager in the interval 0 <= xr < p-1. In
79: addition, if 'l' is specified, xr must also satisfy the condition
80: 2^(l-1) <= xr <= 2^l. A SET to an object of this type will fail
81: with the error wrongValue if the current 'y' does not match the
82: 'y' portion of the value of the varbind for the object. (E.g. GET
83: yout, SET concat(yin, z), yout <> yin).
84:
85: Note that the private values xa and xr are never transmitted from
86: manager to device or vice versa, only the values y and z.
87: Obviously, these values must be retained until a successful SET on
88: the associated object.
89:
90: The shared secret 'sk' is calculated at the agent as
91:
92: sk = z^xa MOD p,
93:
94: and at the manager as
95:
96: sk = y^xr MOD p.
97:
98: Each object definition of this type MUST describe how to map from
99: the shared secret 'sk' to the operational key value used by the
100: protocols and operations related to the object. In general, if n
101: bits of key are required, the author suggests using the n
102: right-most bits of the shared secret as the operational key value."
103: REFERENCE
104: "-- Diffie-Hellman Key-Agreement Standard, PKCS #3;
105: RSA Laboratories, November 1993"
106: SYNTAX OCTET STRING
107:
108:
109: -- Diffie Hellman public values
110:
111: usmDHPublicObjects OBJECT IDENTIFIER ::= { usmDHKeyObjects 1 }
112:
113: usmDHParameters OBJECT-TYPE
114: SYNTAX OCTET STRING
115: MAX-ACCESS read-write
116: STATUS current
117: DESCRIPTION
118: "The public Diffie-Hellman parameters for doing a Diffie-Hellman
119: key agreement for this device. This is encoded as an ASN.1
120: DHParameter per PKCS #3, section 9. E.g.
121:
122: DHParameter ::= SEQUENCE {
123: prime INTEGER, -- p
124: base INTEGER, -- g
125: privateValueLength INTEGER OPTIONAL }
126:
127:
128: Implementors are encouraged to use either the values from
129: Oakley Group 1 or the values of from Oakley Group 2 as specified
130: in RFC-2409, The Internet Key Exchange, Section 6.1, 6.2 as the
131: default for this object. Other values may be used, but the
132: security properties of those values MUST be well understood and
133: MUST meet the requirements of PKCS #3 for the selection of
134: Diffie-Hellman primes.
135:
136: In addition, any time usmDHParameters changes, all values of
137: type DHKeyChange will change and new random numbers MUST be
138: generated by the agent for each DHKeyChange object."
139: REFERENCE
140: "-- Diffie-Hellman Key-Agreement Standard, PKCS #3,
141: RSA Laboratories, November 1993
142: -- The Internet Key Exchange, RFC 2409, November 1998,
143: Sec 6.1, 6.2"
144: ::= { usmDHPublicObjects 1 }
145:
146: usmDHUserKeyTable OBJECT-TYPE
147: SYNTAX SEQUENCE OF UsmDHUserKeyEntry
148: MAX-ACCESS not-accessible
149: STATUS current
150: DESCRIPTION
151: "This table augments and extends the usmUserTable and provides
152: 4 objects which exactly mirror the objects in that table with the
153: textual convention of 'KeyChange'. This extension allows key
154: changes to be done in a manner where the knowledge of the current
155: secret plus knowledge of the key change data exchanges (e.g. via
156: wiretapping) will not reveal the new key."
157: ::= { usmDHPublicObjects 2 }
158:
159: usmDHUserKeyEntry OBJECT-TYPE
160: SYNTAX UsmDHUserKeyEntry
161: MAX-ACCESS not-accessible
162: STATUS current
163: DESCRIPTION
164: "A row of DHKeyChange objects which augment or replace the
165: functionality of the KeyChange objects in the base table row."
166: AUGMENTS { usmUserEntry }
167: ::= {usmDHUserKeyTable 1 }
168:
169: UsmDHUserKeyEntry ::= SEQUENCE {
170: usmDHUserAuthKeyChange DHKeyChange,
171: usmDHUserOwnAuthKeyChange DHKeyChange,
172: usmDHUserPrivKeyChange DHKeyChange,
173: usmDHUserOwnPrivKeyChange DHKeyChange
174: }
175:
176:
177: usmDHUserAuthKeyChange OBJECT-TYPE
178: SYNTAX DHKeyChange
179: MAX-ACCESS read-create
180: STATUS current
181: DESCRIPTION
182: "The object used to change any given user's Authentication Key
183: using a Diffie-Hellman key exchange.
184:
185: The right-most n bits of the shared secret 'sk', where 'n' is the
186: number of bits required for the protocol defined by
187: usmUserAuthProtocol, are installed as the operational
188: authentication key for this row after a successful SET."
189: ::= { usmDHUserKeyEntry 1 }
190:
191: usmDHUserOwnAuthKeyChange OBJECT-TYPE
192: SYNTAX DHKeyChange
193: MAX-ACCESS read-create
194: STATUS current
195: DESCRIPTION
196: "The object used to change the agents own Authentication Key
197: using a Diffie-Hellman key exchange.
198:
199: The right-most n bits of the shared secret 'sk', where 'n' is the
200: number of bits required for the protocol defined by
201: usmUserAuthProtocol, are installed as the operational
202: authentication key for this row after a successful SET."
203: ::= { usmDHUserKeyEntry 2 }
204:
205: usmDHUserPrivKeyChange OBJECT-TYPE
206: SYNTAX DHKeyChange
207: MAX-ACCESS read-create
208: STATUS current
209: DESCRIPTION
210: "The object used to change any given user's Privacy Key using
211: a Diffie-Hellman key exchange.
212:
213: The right-most n bits of the shared secret 'sk', where 'n' is the
214: number of bits required for the protocol defined by
215: usmUserPrivProtocol, are installed as the operational privacy key
216: for this row after a successful SET."
217: ::= { usmDHUserKeyEntry 3 }
218:
219: usmDHUserOwnPrivKeyChange OBJECT-TYPE
220: SYNTAX DHKeyChange
221: MAX-ACCESS read-create
222: STATUS current
223: DESCRIPTION
224: "The object used to change the agent's own Privacy Key using a
225: Diffie-Hellman key exchange.
226:
227: The right-most n bits of the shared secret 'sk', where 'n' is the
228: number of bits required for the protocol defined by
229: usmUserPrivProtocol, are installed as the operational privacy key
230: for this row after a successful SET."
231: ::= { usmDHUserKeyEntry 4 }
232:
233:
234: usmDHKickstartGroup OBJECT IDENTIFIER ::= { usmDHKeyObjects 2 }
235:
236: usmDHKickstartTable OBJECT-TYPE
237: SYNTAX SEQUENCE OF UsmDHKickstartEntry
238: MAX-ACCESS not-accessible
239: STATUS current
240: DESCRIPTION
241: "A table of mappings between zero or more Diffie-Hellman key
242: agreement values and entries in the usmUserTable. Entries in this
243: table are created by providing the associated device with a
244: Diffie-Hellman public value and a usmUserName/usmUserSecurityName
245: pair during initialization. How these values are provided is
246: outside the scope of this MIB, but could be provided manually, or
247: through a configuration file. Valid public value/name pairs
248: result in the creation of a row in this table as well as the
249: creation of an associated row (with keys derived as indicated) in
250: the usmUserTable. The actual access the related usmSecurityName
251: has is dependent on the entries in the VACM tables. In general,
252: an implementor will specify one or more standard security names
253: and will provide entries in the VACM tables granting various
254: levels of access to those names. The actual content of the VACM
255: table is beyond the scope of this MIB.
256:
257: Note: This table is expected to be readable without authentication
258: using the usmUserSecurityName 'dhKickstart'. See the conformance
259: statements for details."
260: ::= { usmDHKickstartGroup 1 }
261:
262: usmDHKickstartEntry OBJECT-TYPE
263: SYNTAX UsmDHKickstartEntry
264: MAX-ACCESS not-accessible
265: STATUS current
266: DESCRIPTION
267:
268: "An entry in the usmDHKickstartTable. The agent SHOULD either
269: delete this entry or mark it as inactive upon a successful SET of
270: any of the KeyChange-typed objects in the usmUserEntry or upon a
271: successful SET of any of the DHKeyChange-typed objects in the
272: usmDhKeyChangeEntry where the related usmSecurityName (e.g. row of
273: usmUserTable or row of ushDhKeyChangeTable) equals this entry's
274: usmDhKickstartSecurityName. In otherwords, once you've changed
275: one or more of the keys for a row in usmUserTable with a
276: particular security name, the row in this table with that same
277: security name is no longer useful or meaningful."
278:
279: INDEX { usmDHKickstartIndex }
280: ::= {usmDHKickstartTable 1 }
281:
282: UsmDHKickstartEntry ::= SEQUENCE {
283: usmDHKickstartIndex Integer32,
284: usmDHKickstartMyPublic OCTET STRING,
285: usmDHKickstartMgrPublic OCTET STRING,
286: usmDHKickstartSecurityName SnmpAdminString
287: }
288:
289: usmDHKickstartIndex OBJECT-TYPE
290: SYNTAX Integer32 (1..2147483647)
291: MAX-ACCESS not-accessible
292: STATUS current
293: DESCRIPTION
294: "Index value for this row."
295: ::= { usmDHKickstartEntry 1 }
296:
297: usmDHKickstartMyPublic OBJECT-TYPE
298: SYNTAX OCTET STRING
299: MAX-ACCESS read-only
300: STATUS current
301: DESCRIPTION
302: "The agent's Diffie-Hellman public value for this row. At
303: initialization, the agent generates a random number and derives
304: its public value from that number. This public value is published
305: here. This public value 'y' equals g^r MOD p where g is the from
306: the set of Diffie-Hellman parameters, p is the prime from those
307: parameters, and r is a random integer selected by the agent in the
308: interval 0 <= r < p-1. If 'l' is specified, then r must also
309: satisfy 2^(l-1) <= r < 2^l.
310: The public value is expressed as an OCTET STRING 'PV' of length
311: 'k' which satisfies
312:
313: k
314: y = SUM 2^(8(k-i)) PV'i
315: i = 1
316:
317: where PV1,...,PVk are the octets of PV from first to last, and
318: where PV1 != 0.
319:
320:
321: The following DH parameters (Oakley group #2, RFC 2409, sec 6.1,
322: 6.2) are used for this object:
323:
324: g = 2
325: p = FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1
326: 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD
327: EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245
328: E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED
329: EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381
330: FFFFFFFF FFFFFFFF
331: l = 1024
332: "
333: REFERENCE
334: "-- Diffie-Hellman Key-Agreement Standard, PKCS#3v1.4;
335: RSA Laboratories, November 1993
336: -- The Internet Key Exchange, RFC2409;
337: Harkins, D., Carrel, D.; November 1998"
338: ::= { usmDHKickstartEntry 2 }
339:
340: usmDHKickstartMgrPublic OBJECT-TYPE
341: SYNTAX OCTET STRING
342: MAX-ACCESS read-only
343: STATUS current
344: DESCRIPTION
345:
346: "The manager's Diffie-Hellman public value for this row. Note
347: that this value is not set via the SNMP agent, but may be set via
348: some out of band method, such as the device's configuration file.
349:
350: The manager calculates this value in the same manner and using the
351: same parameter set as the agent does. E.g. it selects a random
352: number 'r', calculates y = g^r mod p and provides 'y' as the
353: public number expressed as an OCTET STRING. See
354: usmDHKickstartMyPublic for details.
355:
356: When this object is set with a valid value during initialization,
357: a row is created in the usmUserTable with the following values:
358: usmUserEngineID localEngineID
359: usmUserName [value of usmDHKickstartSecurityName]
360: usmUserSecurityName [value of usmDHKickstartSecurityName]
361: usmUserCloneFrom ZeroDotZero
362: usmUserAuthProtocol usmHMACMD5AuthProtocol
363: usmUserAuthKeyChange -- derived from set value
364: usmUserOwnAuthKeyChange -- derived from set value
365: usmUserPrivProtocol usmDESPrivProtocol
366: usmUserPrivKeyChange -- derived from set value
367: usmUserOwnPrivKeyChange -- derived from set value
368: usmUserPublic ''
369: usmUserStorageType permanent
370: usmUserStatus active
371:
372: A shared secret 'sk' is calculated at the agent as
373:
374: sk = mgrPublic^r mod p
375:
376: where r is the agents random number and p is the
377: DH prime from the common parameters. The underlying privacy key
378: for this row is derived from sk by applying the key derivation
379: function PBKDF2 defined in PKCS#5v2.0 with a salt of 0xd1310ba6,
380: and iterationCount of 500, a keyLength of 16 (for
381: usmDESPrivProtocol), and a prf (pseudo random function) of
382: 'id-hmacWithSHA1'. The underlying authentication key for this row
383: is derived from sk by applying the key derivation function PBKDF2
384: with a salt of 0x98dfb5ac , an interation count of 500, a
385: keyLength of 16 (for usmHMAC5AuthProtocol), and a prf of
386: 'id-hmacWithSHA1'. Note: The salts are the first two words in the
387: ks0 [key schedule 0] of the BLOWFISH cipher from 'Applied
388: Cryptography' by Bruce Schnier - they could be any relatively
389: random string of bits.
390:
391: The manager can use its knowledge of its own random number and the
392: agent's public value to kickstart its access to the agent in a
393: secure manner. Note that the security of this approach is
394: directly related to the strength of the authorization security of
395: the out of band provisioning of the managers public value
396: (e.g. the configuration file), but is not dependent at all on the
397: strength of the confidentiality of the out of band provisioning
398: data."
399: REFERENCE
400: "-- Password-Based Cryptography Standard, PKCS#5v2.0;
401: RSA Laboratories, March 1999
402: -- Applied Cryptography, 2nd Ed.; B. Schneier,
403: Counterpane Systems; John Wiley & Sons, 1996"
404: ::= { usmDHKickstartEntry 3 }
405:
406: usmDHKickstartSecurityName OBJECT-TYPE
407: SYNTAX SnmpAdminString
408: MAX-ACCESS read-only
409: STATUS current
410: DESCRIPTION
411: "The usmUserName and usmUserSecurityName in the usmUserTable
412: associated with this row. This is provided in the same manner and
413: at the same time as the usmDHKickstartMgrPublic value -
414: e.g. possibly manually, or via the device's configuration file."
415: ::= { usmDHKickstartEntry 4 }
416:
417:
418: -- Conformance Information
419:
420: usmDHKeyMIBCompliances OBJECT IDENTIFIER ::= { usmDHKeyConformance 1 }
421: usmDHKeyMIBGroups OBJECT IDENTIFIER ::= { usmDHKeyConformance 2 }
422:
423: -- Compliance statements
424:
425: usmDHKeyMIBCompliance MODULE-COMPLIANCE
426: STATUS current
427: DESCRIPTION
428: "The compliance statement for this module."
429: MODULE
430: GROUP usmDHKeyMIBBasicGroup
431: DESCRIPTION
432: "This group MAY be implemented by any agent which
433: implements the usmUserTable and which wishes to provide the
434: ability to change user and agent authentication and privacy
435: keys via Diffie-Hellman key exchanges."
436:
437: GROUP usmDHKeyParamGroup
438: DESCRIPTION
439: "This group MUST be implemented by any agent which
440: implements a MIB containing the DHKeyChange Textual
441: Convention defined in this module."
442:
443: GROUP usmDHKeyKickstartGroup
444: DESCRIPTION
445: "This group MAY be implemented by any agent which
446: implements the usmUserTable and which wishes the ability to
447: populate the USM table based on out-of-band provided DH
448: ignition values.
449:
450: Any agent implementing this group is expected to provide
451: preinstalled entries in the vacm tables as follows:
452:
453: In the usmUserTable: This entry allows access to the
454:
455: system and dhKickstart groups
456:
457: usmUserEngineID localEngineID
458: usmUserName 'dhKickstart'
459: usmUserSecurityName 'dhKickstart'
460: usmUserCloneFrom ZeroDotZero
461: usmUserAuthProtocol none
462: usmUserAuthKeyChange ''
463: usmUserOwnAuthKeyChange ''
464: usmUserPrivProtocol none
465: usmUserPrivKeyChange ''
466: usmUserOwnPrivKeyChange ''
467: usmUserPublic ''
468: usmUserStorageType permanent
469: usmUserStatus active
470:
471: In the vacmSecurityToGroupTable: This maps the initial
472: user into the accessible objects.
473:
474: vacmSecurityModel 3 (USM)
475: vacmSecurityName 'dhKickstart'
476: vacmGroupName 'dhKickstart'
477: vacmSecurityToGroupStorageType permanent
478: vacmSecurityToGroupStatus active
479:
480:
481:
482: In the vacmAccessTable: Group name to view name translation.
483:
484: vacmGroupName 'dhKickstart'
485: vacmAccessContextPrefix ''
486: vacmAccessSecurityModel 3 (USM)
487: vacmAccessSecurityLevel noAuthNoPriv
488: vacmAccessContextMatch exact
489: vacmAccessReadViewName 'dhKickRestricted'
490: vacmAccessWriteViewName ''
491: vacmAccessNotifyViewName 'dhKickRestricted'
492: vacmAccessStorageType permanent
493: vacmAccessStatus active
494:
495:
496: In the vacmViewTreeFamilyTable: Two entries to allow the
497: initial entry to access the system and kickstart groups.
498:
499: vacmViewTreeFamilyViewName 'dhKickRestricted'
500: vacmViewTreeFamilySubtree 1.3.6.1.2.1.1 (system)
501: vacmViewTreeFamilyMask ''
502: vacmViewTreeFamilyType 1
503: vacmViewTreeFamilyStorageType permanent
504: vacmViewTreeFamilyStatus active
505:
506: vacmViewTreeFamilyViewName 'dhKickRestricted'
507: vacmViewTreeFamilySubtree (usmDHKickstartTable OID)
508: vacmViewTreeFamilyMask ''
509: vacmViewTreeFamilyType 1
510: vacmViewTreeFamilyStorageType permanent
511: vacmViewTreeFamilyStatus active
512: "
513:
514: OBJECT usmDHParameters
515: MIN-ACCESS read-only
516: DESCRIPTION
517: "It is compliant to implement this object as read-only for
518: any device."
519:
520: ::= { usmDHKeyMIBCompliances 1 }
521:
522: -- Units of Compliance
523:
524: usmDHKeyMIBBasicGroup OBJECT-GROUP
525: OBJECTS {
526: usmDHUserAuthKeyChange,
527: usmDHUserOwnAuthKeyChange,
528: usmDHUserPrivKeyChange,
529: usmDHUserOwnPrivKeyChange
530: }
531: STATUS current
532: DESCRIPTION
533: ""
533: warning -
warning: zero-length description string
534: ::= { usmDHKeyMIBGroups 1 }
535:
536: usmDHKeyParamGroup OBJECT-GROUP
537: OBJECTS {
538: usmDHParameters
539: }
540: STATUS current
541: DESCRIPTION
542: "The mandatory object for all MIBs which use the DHKeyChange
543: textual convention."
544: ::= { usmDHKeyMIBGroups 2 }
545:
546: usmDHKeyKickstartGroup OBJECT-GROUP
547: OBJECTS {
548: usmDHKickstartMyPublic,
549: usmDHKickstartMgrPublic,
550: usmDHKickstartSecurityName
551: }
552: STATUS current
553: DESCRIPTION
554: "The objects used for kickstarting one or more SNMPv3 USM
555: associations via a configuration file or other out of band,
556: non-confidential access."
557: ::= { usmDHKeyMIBGroups 3 }
558:
559:
560: END
561:
562: --
563: -- Copyright (C) The Internet Society (2002). All Rights Reserved.
564: --
565: -- This document and translations of it may be copied and furnished to
566: -- others, and derivative works that comment on or otherwise explain it
567: -- or assist in its implementation may be prepared, copied, published
568: -- and distributed, in whole or in part, without restriction of any
569: -- kind, provided that the above copyright notice and this paragraph are
570: -- included on all such copies and derivative works. However, this
571: -- document itself may not be modified in any way, such as by removing
572: -- the copyright notice or references to the Internet Society or other
573: -- Internet organizations, except as needed for the purpose of
574: -- developing Internet standards in which case the procedures for
575: -- copyrights defined in the Internet Standards process must be
576: -- followed, or as required to translate it into languages other than
577: -- English.
578: --
579: -- The limited permissions granted above are perpetual and will not be
580: -- revoked by the Internet Society or its successors or assigns.
581: --
582: -- This document and the information contained herein is provided on an
583: -- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
584: -- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
585: -- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
586: -- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
587: -- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
588: --
589: