One document matched: draft-ietf-ippm-ipsec-09.xml
<?xml version="1.0" encoding="US-ASCII"?>
<!-- This template is for creating an Internet Draft using xml2rfc,
which is available here: http://xml.resource.org. -->
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY RFC7296 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.7296.xml'>
<!ENTITY RFC4656 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4656.xml'>
<!ENTITY RFC5357 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5357.xml'>
<!ENTITY RFC6023 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.6023.xml'>
]>
<rfc category="std" ipr="trust200902" docName="draft-ietf-ippm-ipsec-09">
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="yes"?>
<?rfc iprnotified="no" ?>
<?rfc strict="yes" ?>
<?rfc compact="yes" ?>
<?rfc subcompact="no" ?>
<?rfc comments="yes"?>
<?rfc inline="yes" ?>
<front>
<title abbrev="IKEv2-based Shared Secret Key for O/TWAMP">IKEv2-based Shared Secret Key for O/TWAMP</title>
<author fullname="Kostas Pentikousis" initials="K.P." surname="Pentikousis" role="editor">
<organization abbrev="EICT">EICT GmbH</organization>
<address>
<postal>
<street>EUREF-Campus Haus 13</street>
<street>Torgauer Strasse 12-15</street>
<city>10829 Berlin</city>
<country>Germany</country>
</postal>
<email>k.pentikousis@eict.de</email>
</address>
</author>
<author initials="E" surname="Zhang" fullname="Emma Zhang">
<organization abbrev="Huawei Technologies">Huawei Technologies </organization>
<address>
<postal>
<street>Huawei Building, No.3, Rd. XinXi</street>
<city> Haidian District </city>
<region> Beijing </region>
<code> 100095 </code>
<country>P. R. China</country>
</postal>
<email> emma.zhanglijia@huawei.com </email>
</address>
</author>
<author initials="Y" surname="Cui" fullname="Yang Cui">
<organization abbrev="Huawei Technologies">Huawei Technologies </organization>
<address>
<postal>
<street>Otemachi First Square 1-5-1 Otemachi </street>
<city>Chiyoda-ku</city>
<region>Tokyo </region>
<code>100-0004</code>
<country>Japan</country>
</postal>
<email> cuiyang@huawei.com </email>
</address>
</author>
<date year="2015" />
<area>Transport</area>
<workgroup>IPPM WG</workgroup>
<abstract><t>The One-way Active Measurement Protocol (OWAMP) and Two-Way Active Measurement Protocol (TWAMP) security mechanism require that both the client and
server endpoints possess a shared secret. Since the currently-standardized
O/TWAMP security mechanism only supports a pre-shared key mode, large scale
deployment of O/TWAMP is hindered significantly. At the same time, recent trends
point to wider Internet Key Exchange Protocol Version 2 (IKEv2) deployment which, in turn, calls for mechanisms and methods
that enable tunnel end-users, as well as operators, to measure one-way and two-
way network performance in a standardized manner. This document describes the
use of keys derived from an IKEv2 security association (SA) as the shared key in O/TWAMP. If the shared
key can be derived from the IKEv2 SA, O/TWAMP can support certificate-based key
exchange, which would allow for more operational flexibility and efficiency. The
key derivation presented in this document can also facilitate automatic key
management.</t> </abstract>
</front>
<middle>
<section title="Introduction">
<t>The One-way Active Measurement Protocol (OWAMP) <xref target="RFC4656"/> and
the Two-Way Active Measurement Protocol (TWAMP) <xref target="RFC5357"/> can be
used to measure network performance parameters such as latency, bandwidth, and
packet loss by sending probe packets and monitoring their experience in the
network. In order to guarantee the accuracy of network measurement results,
security aspects must be considered. Otherwise, attacks may occur and the
authenticity of the measurement results may be violated. For example, if no
protection is provided, an adversary in the middle may modify packet timestamps,
thus altering the measurement results.</t>
<t>The currently-standardized O/TWAMP security mechanism <xref
target="RFC4656"/> <xref target="RFC5357"/> requires that endpoints (i.e. both
the client and the server) possess a shared secret. In today's network
deployments, however, the use of pre-shared keys is far from optimal. For
example, in wireless infrastructure networks, certain network elements, which
can be seen as the two endpoints from an O/TWAMP perspective, support
certificate-based security. For instance, consider the case in which one wants
to measure IP performance between a E-UTRAN Evolved Node B (eNB) and Security Gateway (SeGW). Both eNB and SeGW are 3GPP
Long Term Evolution (LTE) nodes and support certificate mode and the Internet Key Exchange Protocol Version 2 (IKEv2). Since the currently
standardized O/TWAMP security mechanism only supports pre-shared key mode, large
scale deployment of O/TWAMP is hindered significantly. Furthermore, deployment
and management of "shared secrets" for massive equipment installation consumes a
tremendous amount of effort and is prone to human error.</t>
<t>With IKEv2 widely used, employing keys derived from IKEv2 security association (SA) as shared key
can be considered as a viable alternative. In mobile telecommunication networks,
the deployment rate of IPsec exceeds 95% with respect to the LTE serving
network. In older-technology cellular networks, such as UMTS and GSM, IPsec use
penetration is lower, but still quite significant. If the shared key can be
derived from the IKEv2 SA, O/TWAMP can support cert-based key exchange and practically increase operational flexibility and efficiency. The use of IKEv2 also makes it
easier to extend automatic key management. In general, O/TWAMP measurement
packets can be transmitted inside the IPsec tunnel, as it occurs with typical
user traffic, or transmitted outside the IPsec tunnel. This may depend on the
operator's policy and is orthogonal to the mechanism described in this
document.</t>
<t>When IPsec is deployed, protecting O/TWAMP traffic in unauthenticated mode
using IPsec is one option. Another option is to protect O/TWAMP traffic using
O/TWAMP layer security established using the PSK derived from IKEv2 but
bypassing the IPsec tunnel. Protecting unauthenticated O/TWAMP control and/or
test traffic via Authentication Header (AH) <xref target="RFC4302"/> or Encapsulating Security Payload (ESP) <xref target="RFC4303"/> cannot provide various security options, e.g. it
cannot authenticate part of a O/TWAMP packet as mentioned in <xref
target="RFC4656"/>. For measuring latency, timestamp is carried in O/TWAMP
traffic. The sender has to fetch the timestamp, encrypt it, and send it. In this
case, the middle step can be skipped, potentially improving accuracy as the
sequence number can be encrypted and authenticated before the timestamp is
fetched. It is the same case for the receiver since it can obtain the timestamp
by skipping the decryption step. In such cases, protecting O/TWAMP traffic using
O/TWAMP layer security but bypassing IPsec tunnel has its advantages.</t>
<t>This document specifies a method for enabling network measurements between a TWAMP client and a TWAMP server, as discussed in <xref target="Scope" />. In short, the shared key used for securing TWAMP traffic is derived using IKEv2 [RFC7296]. From an operations and management perspective <xref target="RFC5706" />, the mechanism described in this document requires that both the TWAMP client and server support IPsec. This method SHOULD be used when O/TWAMP traffic is bypassing IPsec protection and is running over an external network exactly between two IKEv2 systems.</t>
<t>After clarifying the terminology and scope in the subsequent sections, the
remainder of this document is organized as follows. <xref target="Motivation"/>
summarizes O/TWAMP protocol operation with respect to security. <xref
target="Solution"/> presents the method for binding TWAMP and IKEv2 for network
measurements between the client and the server which both support IKEv2.
Finally, <xref target="Security"/> discusses the security considerations arising
from the proposed mechanisms.</t>
</section>
<section title="Terminology">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in <xref target="RFC2119"/>.</t>
</section>
<section anchor="Scope" title="Scope and Applicability">
<t>This document reserves from the TWAMP-Modes registry the Mode value IKEv2Derived
which is equal to 128 (i.e. bit set in position 7) and MUST be used by TWAMP implementations
compatible with this specification.</t>
<t>Although the control procedures described in this document are applicable to
OWAMP per se, the lack of an established IANA registry for OWAMP Mode values
technically prevents us from extending OWAMP Mode values. Therefore, independent
OWAMP implementations SHOULD be checked for full compatibility with respect to
the use of this Mode value. Until an IANA registry for OWAMP Mode values is
established, the use this feature in OWAMP implementations MUST be arranged
privately among consenting OWAMP users.</t> </section>
<section anchor="Motivation" title="O/TWAMP Security" >
<t>Security for O/TWAMP-Control and O/TWAMP-Test are briefly reviewed in the following subsections.</t>
<section title="O/TWAMP-Control Security">
<t>O/TWAMP uses a simple cryptographic protocol which relies on
<list style="symbols">
<t>AES in Cipher Block Chaining (AES-CBC) for confidentiality</t>
<t>HMAC-SHA1 truncated to 128 bits for message authentication</t></list></t>
<t>Three modes of operation are supported in the OWAMP-Control protocol: unauthenticated,
authenticated, and encrypted. In addition to these modes, the TWAMP-Control
protocol also supports a mixed mode, i.e. the TWAMP-Control protocol
operates in encrypted mode while TWAMP-Test protocol operates in unauthenticated mode.
The authenticated, encrypted and mixed modes require that endpoints possess a
shared secret, typically a passphrase. The secret key is derived from the
passphrase using a password-based key derivation function PBKDF2 (PKCS#5) <xref
target="RFC2898"/>.</t>
<t>In the unauthenticated mode, the security parameters are left unused. In the
authenticated, encrypted and mixed modes, the security parameters are negotiated
during the control connection establishment.</t>
<t><xref target="MES" /> illustrates the initiation stage of the O/TWAMP-Control
protocol between a client and the server. In short, the client opens a TCP
connection to the server in order to be able to send O/TWAMP-Control commands.
The server responds with a Server Greeting, which contains the Modes, Challenge,
Salt, Count, and MBZ fields (see Section 3.1 of <xref target="RFC4656"/>). If
the client-preferred mode is available, the client responds with a Set-Up-
Response message, wherein the selected Mode, as well as the KeyID, Token and
Client initialization vector (IV) are included. The Token is the concatenation of a 16-octet Challenge,
a 16-octet AES Session-key used for encryption, and a 32-octet HMAC-SHA1
Session-key used for authentication. The Token is encrypted using AES-CBC.</t>
<figure anchor="MES" title="Initiation of O/TWAMP-Control"><artwork><![CDATA[
+--------+ +--------+
| Client | | Server |
+--------+ +--------+
| |
|<---- TCP Connection ----->|
| |
|<---- Greeting message ----|
| |
|----- Set-Up-Response ---->|
| |
|<---- Server-Start --------|
| |]]>
</artwork></figure>
<t>Encryption uses a key derived from the shared secret associated with KeyID.
In the authenticated, encrypted and mixed modes, all further communication is
encrypted using the AES Session-key and authenticated with the HMAC Session-key.
After receiving Set-Up-Response the server responds with a Server-Start message
containing Server-IV. The client encrypts everything it transmits through the
just-established O/TWAMP-Control connection using stream encryption with Client-
IV as the IV. Correspondingly, the server encrypts its side of the connection
using Server-IV as the IV. The IVs themselves are transmitted in cleartext.
Encryption starts with the block immediately following that containing the
IV.</t>
<t>The AES Session-key and HMAC Session-key are generated randomly by the
client. The HMAC Session-key is communicated along with the AES Session-key
during O/TWAMP-Control connection setup. The HMAC Session-key is derived
independently of the AES Session-key.</t>
</section>
<section title="O/TWAMP-Test Security">
<t>The O/TWAMP-Test protocol runs over UDP, using the client and server IP and
port numbers that were negotiated during the Request-Session exchange. O/TWAMP-
Test has the same mode with O/TWAMP-Control and all O/TWAMP-Test sessions
inherit the corresponding O/TWAMP-Control session mode except when operating in
mixed mode.</t>
<t>The O/TWAMP-Test packet format is the same in authenticated and encrypted
modes. The encryption and authentication operations are, however, different.
Similarly with the respective O/TWAMP-Control session, each O/TWAMP-Test session
has two keys: an AES Session-key and an HMAC Session-key. However, there is a
difference in how the keys are obtained:
<list style="hanging" hangIndent="8"> <t hangText="O/TWAMP-Control:"> the keys
are generated by the client and communicated to the server during the control
connection establishment with the Set-Up-Response message (as part of the
Token).</t>
<t hangText="O/TWAMP-Test:"> the keys are derived from the O/TWAMP-Control keys
and the session identifier (SID), which serve as inputs of the key derivation
function (KDF). The O/TWAMP-Test AES Session-key is generated using the O/TWAMP-
Control AES Session-key, with the 16-octet session identifier (SID), for
encrypting and decrypting the packets of the particular O/TWAMP-Test session.
The O/TWAMP-Test HMAC Session-key is generated using the O/TWAMP-Control HMAC
Session-key, with the 16-octet session identifier (SID), for authenticating the
packets of the particular O/TWAMP-Test session.</t> </list></t>
</section>
<section title="O/TWAMP Security Root">
<t>As discussed above, the AES Session-key and HMAC Session-key used by the
O/TWAMP-Test protocol are derived from the AES Session-key and HMAC Session-key
which are used in O/TWAMP-Control protocol. The AES Session-key and HMAC
Session-key used in the O/TWAMP-Control protocol are generated randomly by the
client, and encrypted with the shared secret associated with KeyID. Therefore,
the security root is the shared secret key. Thus, for large deployments, key
provision and management may become overly complicated. Comparatively, a
certificate-based approach using IKEv2 can automatically manage the
security root and solve this problem, as we explain in <xref
target="Solution"></xref>.</t>
</section>
</section>
<section anchor="Solution" title="O/TWAMP for IPsec Networks" >
<t>This section presents a method of binding O/TWAMP and IKEv2 for network
measurements between a client and a server which both support IPsec. In short,
the shared key used for securing O/TWAMP traffic is derived using IKEv2 <xref
target="RFC7296"/>.</t>
<section anchor="SharedKeyDerivation" title="Shared Key Derivation">
<t>In the authenticated, encrypted and mixed modes, the shared secret key MUST be derived
from the IKEv2 Security Association (SA). Note that we explicitly opt to derive
the shared secret key from the IKEv2 SA, rather than the child SA, since the use
case whereby an IKEv2 SA can be created without generating any child SA is
possible <xref target="RFC6023"/>.</t>
<t>When the shared secret key is derived from the IKEv2 SA, SK_d must be
generated first. SK_d MUST be computed as per <xref target="RFC7296"/>.</t>
<t>The shared secret key MUST be generated as follows:</t>
<t><list><t>Shared secret key = prf( SK_d, "IPPM" )</t></list></t>
<t>Wherein the string "IPPM" comprises four ASCII characters and "prf" is a
pseudorandom function. It is recommended that the shared secret key is derived
in the IPsec layer. This way, the IPsec keying material is not exposed to the
O/TWAMP client. Note, however, that the interaction between the O/TWAMP and
IPsec layers is host-internal and implementation-specific. Therefore, this is
clearly outside the scope of this document, which focuses on the interaction
between the O/TWAMP client and server. That said, one possible way could be the
following: at the client side, the IPSec layer can perform a lookup in the
Security Association Database (SAD) using the IP address of the server and thus
match the corresponding IKEv2 SA. At the server side, the IPSec layer can look
up the corresponding IKEv2 SA by using the SPIs sent by the client, and
therefore extract the shared secret key. In case that both client and server do
support IKEv2 but there is no current IKEv2 SA, two alternative ways could be
considered. First, the O/TWAMP client initiates the establishment of the IKEv2
SA, logs this operation, and selects the mode which supports IKEv2.
Alternatively, the O/TWAMP client does not initiate the establishment of the
IKEv2 SA, logs an error for operational management purposes, and proceeds with
the modes defined in <xref target="RFC4656"/><xref target="RFC5357"/><xref target="RFC5618"/>. Again,
although both alternatives are feasible, they are in fact implementation-specific.</t>
<t>If rekeying for the IKEv2 SA or deletion of the IKEv2 SA occurs, the corresponding shared secret key generated from the SA can continue to be used until the O/TWAMP session terminates.</t>
</section>
<section anchor="ServerGreetingUpdate" title="Server Greeting Message Update">
<t>To achieve a binding association between the key generated from IKEv2 and the O/TWAMP shared secret key, Server Greeting Message should include these extensions, as in <xref target="ServerGreeting" />.</t>
<figure anchor="ServerGreeting" title="Server Greeting format"><artwork><![CDATA[
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Unused (12 octets) |
| |
|+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Modes |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Challenge (16 octets) |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Salt (16 octets) |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Count (4 octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| MBZ (12 octets) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+]]>
</artwork></figure>
<t>The Modes field in <xref target="ServerGreeting" /> will need to allow for
support of key derivation as discussed in <xref target="SharedKeyDerivation"/>.
As such, the Modes value extension MUST be supported by implementations
compatible with this document, indicating support for deriving the shared key
from the IKEv2 SA. The new Modes value indicating support for this specification
is IKEv2Derived and is equal to 128 (i.e. bit set in position 7). Clearly, an implementation
compatible with this specification MUST support the authenticated, encrypted and
mixed modes as per <xref target="RFC4656"/><xref target="RFC5357"/><xref
target="RFC5618"/>. </t>
<t>The choice of this set of Modes values poses no backwards compatibility problems to existing O/TWAMP clients. Robust legacy client implementations would disregard the fact that the IKEv2Derived Modes bit in the Server Greeting is set. On the other hand, a client compatible with this specification can easily identify that the O/TWAMP server contacted does not support this specification. If the server supports other Modes, as one could assume, the client would then decide which Mode to use and indicate such accordingly as per <xref target="RFC4656"/><xref target="RFC5357"/>. A client compatible with this specification which decides not to employ IKEv2 derivation, can simply behave as a purely <xref target="RFC4656"/>/<xref target="RFC5357"/> compatible client.</t>
</section>
<section anchor="SetUpResponseUpdate" title="Set-Up-Response Update">
<t>The Set-Up-Response Message should be updated as in <xref target="Response"
/>. When a O/TWAMP client compatible with this specification receives a Server
Greeting indicating support for Mode IKEv2Derived it SHOULD reply
to the O/TWAMP server with a Set-Up response that indicates so. For example, a
compatible O/TWAMP client choosing the authenticated mode with IKEv2 shared
secret key derivation should set Mode to 130, i.e. set the bits in positions 1 and 7 to one.</t>
<figure anchor="Response" title="Set-Up-Response Message"><artwork><![CDATA[
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mode |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Key ID (80 octets) |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Token (16 octets) |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Client-IV (12 octets) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+]]>
</artwork></figure>
<t>The Security Parameter Index (SPI)(see <xref target="RFC4301"/> <xref
target="RFC7296"/>) can uniquely identify the Security Association (SA). If the
client supports the derivation of shared secret key from IKEv2 SA, it will
choose the corresponding mode value and carry SPIi and SPIr in the Key ID field.
SPIi and SPIr MUST be included in the Key ID field of Set-Up-Response Message to
indicate the IKEv2 SA from which the O/TWAMP shared secret key derived from. The
length of SPI is 8 octets. Therefore, the first 8 octets of Key ID field MUST carry
SPIi and the second 8 octets MUST carry SPIr. The remaining bits of the Key ID field
MUST set to zero.</t>
<t>A O/TWAMP server which supports the specification of this document, MUST
obtain the SPIi and SPIr from the first 16 octets and ignore the remaining octets of
the Key ID field. Then, the client and the server can derive the shared secret
key based on the mode value and SPI. If the O/TWAMP server cannot find the IKEv2
SA corresponding to the SPIi and SPIr received, it MUST log the event for
operational management purposes. In addition, the O/TWAMP server SHOULD set the
Accept field of the Server-Start message to the value 6 to indicate that server
is not willing to conduct further transactions in this O/TWAMP-Control session
since it can not find the corresponding IKEv2 SA.</t>
</section>
<section anchor="OWAMPTWAMPOverIpsec" title="O/TWAMP over an IPsec tunnel">
<t>IPsec Authentication Header (AH) <xref target="RFC4302"/> and Encapsulating Security Payload (ESP) <xref target="RFC4303"/> provide
confidentiality and data integrity to IP datagrams. An IPsec tunnel can be
used to provide the protection needed for O/TWAMP Control and Test packets, even
if the peers choose the unauthenticated mode of operation. In order to ensure
authenticity and security, the IPsec tunnel SHOULD be configured to include O/TWAMP measurement packets even when using the unauthenticated mode.</t>
</section>
</section>
<section anchor="Security" title="Security Considerations">
<t>As the shared secret key is derived from the IKEv2 SA, the key derivation
algorithm strength and limitations are as per <xref target="RFC7296"/>. The
strength of a key derived from a Diffie-Hellman exchange using any of the groups
defined here depends on the inherent strength of the group, the size of the
exponent used, and the entropy provided by the random number generator employed.
The strength of all keys and implementation vulnerabilities, particularly Denial
of Service (DoS) attacks are as defined in <xref target="RFC7296"/>.</t>
</section>
<section anchor="iana" title="IANA Considerations">
<t>IANA is requested to allocate the IKEv2Derived Mode bit that is equal to 128 (i.e. bit set in position 7) in the TWAMP-Modes registry. The TWAMP-Modes registry should be augmented as follows:</t>
<figure anchor="MODE" title="IKEv2 Modes Capability"><artwork><![CDATA[
Value Description Semantics Definition
--------------------------------------------------------
128 IKEv2 Derived This memo, Section 5.2
Mode Capability new bit position 7]]>
</artwork></figure>
</section>
<section title="Acknowledgments">
<t>We thank Eric Chen, Yaakov Stein, Brian Trammell, Emily Bi, John Mattsson, Steve Baillargeon, Spencer Dawkins, Tero Kivinen, Fred Baker, Meral Shirazipour, and Hannes Tschofenig for their reviews, comments and text suggestions.</t>
<t>Al Morton deserves a special mention for his thorough reviews and text contributions to this document as well as the constructive discussions over several IPPM meetings.</t>
</section>
</middle>
<back>
<references title="Normative References">
&RFC4656;
&RFC5357;
&RFC7296;
<?rfc include="reference.RFC.5618" ?>
<?rfc include="reference.RFC.2119" ?>
<?rfc include="reference.RFC.4302" ?>
<?rfc include="reference.RFC.4303" ?>
</references>
<references title="Informative References">
<?rfc include="reference.RFC.2898" ?>
<?rfc include="reference.RFC.4301" ?>
<?rfc include="reference.RFC.5706" ?>
&RFC6023;
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 07:44:06 |