Network Working Group Kam Lam (Lucent) Document: draft-ietf-disman-conditionmib-02.txt An-ni Huynh (Cetus) Expiration: January 25, 2003 David Perkins (SNMPinfo) Category: Internet Draft July 25, 2002 Alarm Report Control MIB draft-ietf-disman-conditionmib-03.txt Status of this Memo This document is an Internet-Draft and is subject to all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. -- Editor's Note: -- This version (03) is an update to draft-ietf-disman-conditionmib-02.txt -- to include suggestions from the 54th IETF meeting: -- Technical changes -- (1) adding arcRowStatus into the arcTable and arcSettingGroup -- (2) changing MAC-ACCESS of arcAlarmType to not-accessible -- (3) changing MAC-ACCESS of arcState to read-create -- (4) define a IANAItuProbableCauseOrZero TC with syntax Unsigned32. -- So also remove the import of IANAItuProbableCause. -- Change the syntax of arcAlarmType from IANAItuProbableCause -- to IANAItuProbableCauseOrZero. -- (5) add a third index arcNotifictionId with syntax OID -- Editorial changes -- (6) add the 2nd paragraph into section 6 to list the -- the objects that are read-create and read-write and describe -- the risk when such objects get accessed by unauthorized source. -- (7) add the 6th paragraph into section 6 to note that the arc table -- is indexed by resource IDs, therefore there is potential of -- leaking of resource IDs, unless VACM is configured correctly. -- (8) add sentences to the timer objects and arcEntry to describe -- persistence across agent restarts. -- (9) update MODULE-IDENTITY -- (10) add section 4.2 "IANA Consideration" -- (11) move much of the description text in the module identity to -- the arc table DESCRIPTION clause -- (12) typo and phrase fix Copyright Notice Copyright (C) The Internet Society (2002). All Rights Reserved. 1. Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in TCP/IP-based internets. In particular, it defines objects for controlling the reporting of alarm conditions. Table of Contents 1 Abstract .............................................. xx 2 The SNMP Network Management Framework ................. xx 3 Introduction ......................................... xx 4 ARC MIB Overview ...................................... xx 4.1 Relationship between ARC mode and Alarm Reporting ... xx 4.2 IANA Consideration .................................. xx 5 ARC MIB Object Definitions ............................ xx 6 Security Considerations ............................... xx 7 Acknowledgments........................................ xx 8 References ............................................ xx 9 Author's Address ...................................... xx 10 Intellectual Property ................................. xx 11 Full Copyright Statement .............................. xx 2. The SNMP Management Framework The SNMP Management Framework presently consists of five major components: 0 An overall architecture, described in RFC 2571 [RFC2571]. 0 Mechanisms for describing and naming objects and events for the purpose of management. The first version of this Structure of Management Information (SMI) is called SMIv1 and described in STD 16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC 1215 [RFC1215]. The second version, called SMIv2, is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. 0 Message protocols for transferring management information. The first version of the SNMP message protocol is called SNMPv1 and described in STD 15, RFC 1157 [RFC1157]. A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and described in RFC 1901 [RFC1901] and RFC 1906 [RFC1906]. The third version of the message protocol is called SNMPv3 and described in RFC 1906 [RFC1906], RFC 2572 [RFC2572] and RFC 2574 [RFC2574]. 0 Protocol operations for accessing management information. The first set of protocol operations and associated PDU formats is described in STD 15, RFC 1157 [RFC1157]. A second set of protocol operations and associated PDU formats is described in RFC 1905 [RFC1905]. o A set of fundamental applications described in RFC 2573 [RFC2573] and the view-based access control mechanism described in RFC 2575 [RFC2575]. A more detailed introduction to the current SNMP Management Framework can be found in RFC 2570 [RFC2570]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the mechanisms defined in the SMI. This memo specifies a MIB module that is compliant to the SMIv2. A MIB conforming to the SMIv1 can be produced through the appropriate translations. The resulting translated MIB must be semantically equivalent, except where objects or events are omitted because no translation is possible (use of Counter64). Some machine-readable information in SMIv2 will be converted into textual descriptions in SMIv1 during the translation process. However, this loss of machine readable information is not considered to change the semantics of the MIB. 3. Introduction The scope of this MIB is targeted for network operators responsible for managing the operations of network resources. This document contains an alarm reporting control (ARC) MIB module, which provides a mechanism for a manager to suppress or defer the reporting of alarm conditions based on the resource ID and alarm condition type. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. 4. ARC MIB Overview There is a need to provide a mechanism for controlling the reporting of alarm conditions of resources in a network device. For example, (a) inhibiting the reporting of alarm conditions of a resource until the resource is problem-free, (b) inhibiting the reporting of alarm conditions of a resource for a specified time period, or (c) inhibiting the reporting of alarm conditions of a resource indefinitely until explicitly allowed by the managing system at a later time. The alarm reporting control (ARC) feature provides an automatic in-service provisioning capability. It allows sufficient time for service setup, customer testing, and other maintenance activities in an "alarm-free" state. Once a resource is "problem-free", alarm reporting can be automatically or manually turned on (i.e., allowed). By putting a network resource in ARC mode, (i.e., in NALM, NALM-TI, NALM-QI, or NALM-QI-CD states, as described in the MIB), the technicians and managing systems will not be flooded with unnecessary work items during operations activities such as service provisioning and network setup/teardown. This will reduce maintenance costs and improve the operation and maintenance of these systems. Putting a network resource in ARC mode shall not affect the availability of active alarm condition information for potential retrieval. ITU-T Recommendation M.3100 Amendment 3 [M.3100 Amd3] provides the business requirements, analysis, and design of the Alarm Reporting Control Feature. This document defines the SNMP objects to support a subset of the ARC functions described in M.3100 Amd3. In particular, it defines a table that can be used to specify the ARC setting for the resources in a system. Specification of objects for defining and storing alarms, including active and history alarms, standing and transient alarms, are outside the scope of this document. However, the probable causes listed in IANAItuProbableCause of the ITU Alarm MIB are used by the ARC mib for specifying alarm condition types of the ARC settings. 4.1 Relationship between ARC mode and alarm reporting When the ARC mib is used in a managed system, the following rules apply: For alarm condition raised prior to entering ARC mode, reporting of alarm raised and alarm cleared will be sent as usual. For alarm condition raised after entering ARC mode and also cleared before exiting ARC mode, no reporting of alarm raised will be sent and no reporting of alarm cleared will be sent. For alarm condition raised after entering ARC mode and not cleared when exiting ARC mode, the reporting of alarm raised will be deferred until the moment of exiting ARC mode. The reporting of alarm cleared will be sent as usual (i.e., at the time of alarm cleared). Further details of the ARC function can be found in M.3100 Amd3. 4.2 This document requires the allocation of a single object identifier beneath the mib-2 subtree for its module identity. 5. ARC MIB Object Definition ARC-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32 FROM SNMPv2-SMI TEXTUAL-CONVENTION, RowStatus FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF arcMIB MODULE-IDENTITY LAST-UPDATED "200207160000Z" ORGANIZATION "IETF Distributed Management Working Group" CONTACT-INFO "WG EMail: disman@dorothy.bmc.com Subscribe: disman-request@dorothy.bmc.com Chair: Randy Presuhn BMC Software, Inc. Office 1-3141 2141 North First Street San Jose, California 95131 USA Tel: +1 408 546-1006 E-mail: rpresuhn@bmc.com Editor: Kam Lam Lucent Technologies, 4C-616 101 Crawfords Corner Road Holmdel, NJ 07733 USA Tel: +1 732 949 8338 E-mail: hklam@lucent.com" DESCRIPTION "The MIB module describes the objects for controlling a resource in reporting alarm conditions that it detects." REVISION "200207160000Z" DESCRIPTION "Initial version, published as RFC xxxx." -- RFC Ed.: replace xxxx with actual RFC number & remove this notice ::={ mib-2 yy } -- RFC Ed.: replace yy with IANA-assigned number & remove this notice ------------------ -- TEXTUAL-CONVENTION ------------------ IANAItuProbableCauseOrZero ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This TC can take any value of IANAItuProbableCause or 0. IANAItuProbableCause is defined in the IANA-ITU-ALARM-TC module in the Alarm MIB document." SYNTAX Unsigned32 ------------------ -- MIB Objects ------------------ arcMIBTimeIntervals OBJECT IDENTIFIER ::= { arcMIB 1 } arcMIBObjects OBJECT IDENTIFIER ::= { arcMIB 2 } arcMIBTITimeInterval OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "This variable indicates the time interval used for the nalmTI state, in units of second. It is a pre-defined length of time in which the resource will stay in the NALM-TI state before transition into the ALM state. Instances of this object SHOULD persist across agent restarts." ::= { arcMIBTimeIntervals 1 } arcMIBCDTimeInterval OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "This variable indicates the time interval used for the nalmQICD state, in units of second. It is a pre-defined length of time in which the resource will stay in the NALM-QI-CD state before transition into the ALM state after it is problem-free. Instances of this object SHOULD persist across agent restarts." ::= { arcMIBTimeIntervals 2 } arcTable OBJECT-TYPE SYNTAX SEQUENCE OF ArcEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of Alarm Report Control (ARC) settings on the system. Alarm Report Control is a feature that provides an automatic in-service provisioning capability. Alarm reporting is turned off on a per-resource basis for a selective set of potential alarm conditions to allow sufficient time for customer testing and other maintenance activities in an "alarm free" state. Once a resource is ready for service, alarm reporting is automatically or manually turned on. There are five ARC states: ALM, NALM, NALM-QI, NALM-QI-CD and NALM-TI. ALM: Alarm reporting is turned on (i.e., is allowed). NALM: Alarm reporting is turned off (i.e., not allowed). NALM-QI: NALM - Qualified Inhibit. Alarm reporting is turned off until the managed entity is qualified problem-free for a specified persistence interval. NALM-QI-CD: NALM-QI - Count down. This is a substate of NALM-QI and performs the persistence timing countdown function when the managed entity is qualified problem-free. NALM-TI: NALM - Timed Inhibit. Alarm reporting is turned off for a specified time interval. ALM may transition to NALM, NALM-QI, or NAML-TI by management request. NALM may transition to ALM, NALM-QI, or NAML-TI by management request. NALM-QI may transition to NALM or ALM by management request. NALM-QI may transition to ALM automatically if qualified problem-free (if NALM-QI-CD is not supported) or if the CD timer expired (if NALM-QI-CD is supported) NALM-TI may transition to ALM or NALM by management request. NALM-TI may transition to ALM automatically if the TI timer expired. Further details of ARC state transitions are defined in Figure 3 of M.3100 Amd3." ::= { arcMIBObjects 1 } arcEntry OBJECT-TYPE SYNTAX ArcEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A conceptual row that contains information about the ARC setting of a resource in the system. Instances of this conceptual row SHOULD persist across agent restarts." INDEX { arcIndex, arcAlarmType, arcNotificationId } ::= { arcTable 1 } ArcEntry ::= SEQUENCE { arcIndex OBJECT IDENTIFIER, arcAlarmType IANAItuProbableCause, arcNotificationId OBJECT IDENTIFIER, arcState INTEGER, arcNalmTimeRemaining Unsigned32, arcRowStatus RowStatus } arcIndex OBJECT-TYPE SYNTAX OBJECT IDENTIFIER MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object uniquely identifies a resource, which is under the arcState's control for the associated arcAlarmType." ::= { arcEntry 1 } arcAlarmType OBJECT-TYPE SYNTAX IANAItuProbableCauseOrZero MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object identifies the alarm condition types controlled by the arcState. It specifies the value 0 or a value of IANAItuProbableCause that is applicable to the resource. IANAItuProbableCause is defined in the IANA-ITU-ALARM-TC module in the Alarm MIB document. The value of zero (0) implies any probable causes that are applicable to the resource. Usually, the applicable probable causes of a resource are specified in the resource-specific mib." ::= { arcEntry 2 } arcNotificationId OBJECT-TYPE SYNTAX OBJECT IDENTIFIER MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object identify the type of notification to be suppressed. The notification type identified should be the one normally used by the resource for reporting its alarms. When the value of 0.0 is specified for this object, it implies all applicable notification types." ::= { arcEntry 3 } arcState OBJECT-TYPE SYNTAX INTEGER { alm (1), nalm (2), nalmQI (3), nalmTI (4), nalmQICD (5) } MAX-ACCESS read-create STATUS current DESCRIPTION "The object controls the alarm report of a resource. A manager can set the arcState to either alm, nalm, nalmQI, or nalmTI. ALM: Alarm reporting is turned on (i.e., is allowed). NALM: Alarm reporting is turned off. NALM-TI: Alarm reporting is turned off for a time interval. (TI - Time Inhibit). NALM-QI: Alarm reporting is turned off for a specified alarm type until the resource is qualified problem-free for an optional time interval. Problem-free means that the condition corresponding to the specified alarm type does not exist. (QI - Qualified Inhibit). NALM-QI-CD: This is a substate of NALM-QI and performs the persistence timing count down function after the resource is qualified problem-free. (CD - Count Down). According to the requirements in M.3100 Amendment 3, a resource supporting the ARC feature shall support the ALM state and at least one of the NALM, NALM-TI, and NALM-QI states. NALM-QI-CD is an optional substate of NALM-QI. Once the resource enters the normal reporting mode (ie., in the alm state) for the specified alarm type, the corresponding entry will be automatically deleted from the arc table. The manual setting of the arcState to alm has the effect of removing the entry from the arc table. The value of nalamQICD is a transitional state from nalmQI to alm. It is optional depending on the type and the implementation of the resource. If it is supported, before the state transitions from nalmQI to alm, a count down period is activated for a duration set by the object arcNalmCDTimeInterval. When the time is up, the arcState is set to alm." ::= { arcEntry 4 } arcNalmTimeRemaining OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "This variable indicates the time remaining in the NALM-TI interval or the NALM-QI-CD interval, in units of second. At the moment the resource enters the NALM-TI state, this variable will have the initial value equal to the value of arcNalmTITimeInterval and then starts decrementing as time goes by. Similarly at the moment the resource enters the NALM-QI-CD state, this variable will have the initial value equal to the value of arcNalmCDTimeInterval and then starts decrementing as time goes by. This variable is read-write and thus will allow the manager to extend or shorten, as needed, the remaining time when the resource is in the NALM-TI or NALM-QI-CD state. If this variable is supported and the resource is currently not in the NALM-TI nor NAML-QI-CD state, the value of this variable shall equal to zero." ::= { arcEntry 5 } arcRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This columnar object is used for creating and deleting a conceptual row of the arcTable. It is used to create and delete a arc setting. Setting RowStatus to createAndGo or createAndWait implies creating a new ARC setting for the specified resource and alarm type. Setting RowStatus to destroy implies removing the ARC setting and thus has the effect of resuming normal reporting behaviour of the resource for the alarm type." ::= { arcEntry 6 } -------------------------- -- conformance information -------------------------- arcConformance OBJECT IDENTIFIER ::= { arcMIB 3 } arcCompliances OBJECT IDENTIFIER ::= { arcConformance 1 } arcCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for systems supporting the ARC MIB." MODULE -- this module MANDATORY-GROUPS { arcSettingGroup } ::= { arcCompliances 1 } arcGroups OBJECT IDENTIFIER ::= { arcConformance 2 } arcSettingGroup OBJECT-GROUP OBJECTS { arcState, arcRowStatus } STATUS current DESCRIPTION "ARC Setting group." ::= { arcGroups 1} arcTIGroup OBJECT-GROUP OBJECTS { arcMIBTITimeInterval, arcNalmTimeRemaining } STATUS current DESCRIPTION "ARC Time Inhibit group." ::= { arcGroups 2} arcQICDGroup OBJECT-GROUP OBJECTS { arcMIBCDTimeInterval, arcNalmTimeRemaining } STATUS current DESCRIPTION "ARC Quality Inhibit (QI) Count Down (CD) group." ::= { arcGroups 3} END 6. Security Considerations There are a number of management objects defined in this MIB that have a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. In particular, the ARC setting feature defined in the MIB affects alarm notification generation. Unauthorized access to the write-able objects could cause omission of alarm notifications or flooding of unwanted alarm notifications from the netowrk. These write-able objects (defined with a MAX-ACCESS clause of read-create) are: arcMIBTITimeInterval, arcMIBCDTimeInterval, arcState, arcNalmTimeRemaining, and arcRowStatus. So, it is important to control the GET/SET access to these objects and possibly even encrypt the object values when sending them over the network via SNMP. Not all versions of SNMP provide features for such a secure environment. SNMPv1 by itself is not a secure environment. Even if the network itself is secure (for example by using IPSec), there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB. It is recommended that the implementers consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User-based Security Model RFC 2574 [RFC2574] and the View-based Access Control Model (VACM) RFC 2575 [RFC2575] is recommended. Note that the arc Table is indexed by resource ID. In order to prevent leaking of resource instance IDs, VACM should be used and correctly configured. It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB, is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 7. Acknowledgements The authors wish to thank Brian Teer and Sharon Chisholm for reviewing and commenting on this draft. 8. References 8.1 Normative References [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC1906] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, January 1996. [RFC2572] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, April 1999. [RFC2574] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, April 1999. [RFC1905] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996. [RFC2573] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 2573, April 1999. [RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2575, April 1999. [M.3100 Amendment 3] ITU Recommendation M.3100 Amendment 3, "Generic Network Information Model", January 2001. 8.2 Informative References [RFC2570] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to Version 3 of the Internet-standard Network Management Framework", RFC 2570, April 1999. [RFC2571] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing SNMP Management Frameworks", RFC 2571, April 1999. [RFC1155] Rose, M., and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", STD 16, RFC 1155, May 1990. [RFC1212] Rose, M. and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 1212, March 1991. [RFC1215] M. Rose, "A Convention for Defining Traps for use with the SNMP", RFC 1215, March 1991. [RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network Management Protocol", STD 15, RFC 1157, May 1990. [RFC1901] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, January 1996. [RFC1213] McCloghrie, K. and M. Rose, "Management Information Base for Network Management of TCP/IP-based internets - MIB-II", STD 17, RFC 1213, March 1991. [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, June 2000. 9. Authors' Addresses Hing-Kam Lam Lucent Technologies 101 Crawfords Corner Road, Room 4C-616 Holmdel, NJ 07733 USA Phone: +1 732-949-8338 EMail: hklam@lucent.com An-ni Huynh Cetus Networks 480 Red Hill Road, Middletown, NJ 07748-3098 USA Phone: +1 732-615-5402 EMail: a_n_huynh@yahoo.com David T. Perkins SNMPinfo 3600 Benton Street, #24 Santa Clara, CA 95051 USA Phone: +1 408-394-8702 EMail: dperkins@dsperkins.com 10. Intellectual Property The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director. 11. Full Copyright Statement Copyright (C) The Internet Society (2002). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Expires January 25, 2003 [Page xx]