rfc3156-openpgp.txt (26215B)
1 MIME Security with OpenPGP 2 3 Status of this Memo 4 5 This document specifies an Internet standards track protocol for the 6 Internet community, and requests discussion and suggestions for 7 improvements. Please refer to the current edition of the "Internet 8 Official Protocol Standards" (STD 1) for the standardization state 9 and status of this protocol. Distribution of this memo is unlimited. 10 11 Copyright Notice 12 13 Copyright (C) The Internet Society (2001). All Rights Reserved. 14 15 Abstract 16 17 This document describes how the OpenPGP Message Format can be used to 18 provide privacy and authentication using the Multipurpose Internet 19 Mail Extensions (MIME) security content types described in RFC 1847. 20 21 1. Introduction 22 23 24 Work on integrating PGP (Pretty Good Privacy) with MIME [3] 25 (including the since withdrawn "application/pgp" content type) prior 26 to RFC 2015 suffered from a number of problems, the most significant 27 of which is the inability to recover signed message bodies without 28 parsing data structures specific to PGP. RFC 2015 makes use of the 29 elegant solution proposed in RFC 1847, which defines security 30 multipart formats for MIME. The security multiparts clearly separate 31 the signed message body from the signature, and have a number of 32 other desirable properties. This document revises RFC 2015 to adopt 33 the integration of PGP and MIME to the needs which emerged during the 34 work on the OpenPGP specification. 35 36 This document defines three content types for implementing security 37 and privacy with OpenPGP: "application/pgp-encrypted", 38 "application/pgp-signature" and "application/pgp-keys". 39 40 41 42 43 Elkins, et al. Standards Track [Page 1] 44 45 46 RFC 3156 MIME Security with OpenPGP August 2001 47 48 49 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 50 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 51 document are to be interpreted as described in RFC 2119. 52 53 2. OpenPGP data formats 54 55 56 OpenPGP implementations can generate either ASCII armor (described in 57 [1]) or 8-bit binary output when encrypting data, generating a 58 digital signature, or extracting public key data. The ASCII armor 59 output is the REQUIRED method for data transfer. This allows those 60 users who do not have the means to interpret the formats described in 61 this document to be able to extract and use the OpenPGP information 62 in the message. 63 64 When the amount of data to be transmitted requires that it be sent in 65 many parts, the MIME message/partial mechanism SHOULD be used rather 66 than the multi-part ASCII armor OpenPGP format. 67 68 3. Content-Transfer-Encoding restrictions 69 70 71 Multipart/signed and multipart/encrypted are to be treated by agents 72 as opaque, meaning that the data is not to be altered in any way [2], 73 [7]. However, many existing mail gateways will detect if the next 74 hop does not support MIME or 8-bit data and perform conversion to 75 either Quoted-Printable or Base64. This presents serious problems 76 for multipart/signed, in particular, where the signature is 77 invalidated when such an operation occurs. For this reason all data 78 signed according to this protocol MUST be constrained to 7 bits (8- 79 bit data MUST be encoded using either Quoted-Printable or Base64). 80 Note that this also includes the case where a signed object is also 81 encrypted (see section 6). This restriction will increase the 82 likelihood that the signature will be valid upon receipt. 83 84 Additionally, implementations MUST make sure that no trailing 85 whitespace is present after the MIME encoding has been applied. 86 87 Note: In most cases, trailing whitespace can either be removed, or 88 protected by applying an appropriate content-transfer-encoding. 89 However, special care must be taken when any header lines - either 90 in MIME entity headers, or in embedded RFC 822 headers - are 91 present which only consist of whitespace: Such lines must be 92 removed entirely, since replacing them by empty lines would turn 93 them into header delimiters, and change the semantics of the 94 message. The restrictions on whitespace are necessary in order to 95 make the hash calculated invariant under the text and binary mode 96 signature mechanisms provided by OpenPGP [1]. Also, they help to 97 avoid compatibility problems with PGP implementations which 98 predate the OpenPGP specification. 99 100 101 102 Elkins, et al. Standards Track [Page 2] 103 104 105 RFC 3156 MIME Security with OpenPGP August 2001 106 107 108 Note: If any line begins with the string "From ", it is strongly 109 suggested that either the Quoted-Printable or Base64 MIME encoding 110 be applied. If Quoted-Printable is used, at least one of the 111 characters in the string should be encoded using the hexadecimal 112 coding rule. This is because many mail transfer and delivery 113 agents treat "From " (the word "from" followed immediately by a 114 space character) as the start of a new message and thus insert a 115 right angle-bracket (>) in front of any line beginning with 116 "From " to distinguish this case, invalidating the signature. 117 118 Data that is ONLY to be encrypted is allowed to contain 8-bit 119 characters and trailing whitespace and therefore need not undergo the 120 conversion to a 7bit format, and the stripping of whitespace. 121 122 Implementor's note: It cannot be stressed enough that applications 123 using this standard follow MIME's suggestion that you "be 124 conservative in what you generate, and liberal in what you 125 accept." In this particular case it means it would be wise for an 126 implementation to accept messages with any content-transfer- 127 encoding, but restrict generation to the 7-bit format required by 128 this memo. This will allow future compatibility in the event the 129 Internet SMTP framework becomes 8-bit friendly. 130 131 4. OpenPGP encrypted data 132 133 134 Before OpenPGP encryption, the data is written in MIME canonical 135 format (body and headers). 136 137 OpenPGP encrypted data is denoted by the "multipart/encrypted" 138 content type, described in [2], and MUST have a "protocol" parameter 139 value of "application/pgp-encrypted". Note that the value of the 140 parameter MUST be enclosed in quotes. 141 142 The multipart/encrypted MIME body MUST consist of exactly two body 143 parts, the first with content type "application/pgp-encrypted". This 144 body contains the control information. A message complying with this 145 standard MUST contain a "Version: 1" field in this body. Since the 146 OpenPGP packet format contains all other information necessary for 147 decrypting, no other information is required here. 148 149 The second MIME body part MUST contain the actual encrypted data. It 150 MUST be labeled with a content type of "application/octet-stream". 151 152 Example message: 153 154 From: Michael Elkins <elkins@aero.org> 155 To: Michael Elkins <elkins@aero.org> 156 Mime-Version: 1.0 157 158 159 160 Elkins, et al. Standards Track [Page 3] 161 162 163 RFC 3156 MIME Security with OpenPGP August 2001 164 165 166 Content-Type: multipart/encrypted; boundary=foo; 167 protocol="application/pgp-encrypted" 168 169 --foo 170 Content-Type: application/pgp-encrypted 171 172 Version: 1 173 174 --foo 175 Content-Type: application/octet-stream 176 177 -----BEGIN PGP MESSAGE----- 178 Version: 2.6.2 179 180 hIwDY32hYGCE8MkBA/wOu7d45aUxF4Q0RKJprD3v5Z9K1YcRJ2fve87lMlDlx4Oj 181 eW4GDdBfLbJE7VUpp13N19GL8e/AqbyyjHH4aS0YoTk10QQ9nnRvjY8nZL3MPXSZ 182 g9VGQxFeGqzykzmykU6A26MSMexR4ApeeON6xzZWfo+0yOqAq6lb46wsvldZ96YA 183 AABH78hyX7YX4uT1tNCWEIIBoqqvCeIMpp7UQ2IzBrXg6GtukS8NxbukLeamqVW3 184 1yt21DYOjuLzcMNe/JNsD9vDVCvOOG3OCi8= 185 =zzaA 186 -----END PGP MESSAGE----- 187 188 --foo-- 189 190 5. OpenPGP signed data 191 192 193 OpenPGP signed messages are denoted by the "multipart/signed" content 194 type, described in [2], with a "protocol" parameter which MUST have a 195 value of "application/pgp-signature" (MUST be quoted). 196 197 The "micalg" parameter for the "application/pgp-signature" protocol 198 MUST contain exactly one hash-symbol of the format "pgp-<hash- 199 identifier>", where <hash-identifier> identifies the Message 200 Integrity Check (MIC) algorithm used to generate the signature. 201 Hash-symbols are constructed from the text names registered in [1] or 202 according to the mechanism defined in that document by converting the 203 text name to lower case and prefixing it with the four characters 204 "pgp-". 205 206 Currently defined values are "pgp-md5", "pgp-sha1", "pgp-ripemd160", 207 "pgp-md2", "pgp-tiger192", and "pgp-haval-5-160". 208 209 The multipart/signed body MUST consist of exactly two parts. The 210 first part contains the signed data in MIME canonical format, 211 including a set of appropriate content headers describing the data. 212 213 The second body MUST contain the OpenPGP digital signature. It MUST 214 be labeled with a content type of "application/pgp-signature". 215 216 217 218 Elkins, et al. Standards Track [Page 4] 219 220 221 RFC 3156 MIME Security with OpenPGP August 2001 222 223 224 Note: Implementations can either generate "signatures of a 225 canonical text document" or "signatures of a binary document", as 226 defined in [1]. The restrictions on the signed material put forth 227 in section 3 and in this section will make sure that the various 228 MIC algorithm variants specified in [1] and [5] will all produce 229 the same result. 230 231 When the OpenPGP digital signature is generated: 232 233 (1) The data to be signed MUST first be converted to its content- 234 type specific canonical form. For text/plain, this means 235 conversion to an appropriate character set and conversion of 236 line endings to the canonical <CR><LF> sequence. 237 238 (2) An appropriate Content-Transfer-Encoding is then applied; see 239 section 3. In particular, line endings in the encoded data 240 MUST use the canonical <CR><LF> sequence where appropriate 241 (note that the canonical line ending may or may not be present 242 on the last line of encoded data and MUST NOT be included in 243 the signature if absent). 244 245 (3) MIME content headers are then added to the body, each ending 246 with the canonical <CR><LF> sequence. 247 248 (4) As described in section 3 of this document, any trailing 249 whitespace MUST then be removed from the signed material. 250 251 (5) As described in [2], the digital signature MUST be calculated 252 over both the data to be signed and its set of content headers. 253 254 (6) The signature MUST be generated detached from the signed data 255 so that the process does not alter the signed data in any way. 256 257 Note: The accepted OpenPGP convention is for signed data to end 258 with a <CR><LF> sequence. Note that the <CR><LF> sequence 259 immediately preceding a MIME boundary delimiter line is considered 260 to be part of the delimiter in [3], 5.1. Thus, it is not part of 261 the signed data preceding the delimiter line. An implementation 262 which elects to adhere to the OpenPGP convention has to make sure 263 it inserts a <CR><LF> pair on the last line of the data to be 264 signed and transmitted (signed message and transmitted message 265 MUST be identical). 266 267 Example message: 268 269 From: Michael Elkins <elkins@aero.org> 270 To: Michael Elkins <elkins@aero.org> 271 Mime-Version: 1.0 272 273 274 275 Elkins, et al. Standards Track [Page 5] 276 277 278 RFC 3156 MIME Security with OpenPGP August 2001 279 280 281 Content-Type: multipart/signed; boundary=bar; micalg=pgp-md5; 282 protocol="application/pgp-signature" 283 284 --bar 285 & Content-Type: text/plain; charset=iso-8859-1 286 & Content-Transfer-Encoding: quoted-printable 287 & 288 & =A1Hola! 289 & 290 & Did you know that talking to yourself is a sign of senility? 291 & 292 & It's generally a good idea to encode lines that begin with 293 & From=20because some mail transport agents will insert a greater- 294 & than (>) sign, thus invalidating the signature. 295 & 296 & Also, in some cases it might be desirable to encode any =20 297 & trailing whitespace that occurs on lines in order to ensure =20 298 & that the message signature is not invalidated when passing =20 299 & a gateway that modifies such whitespace (like BITNET). =20 300 & 301 & me 302 303 --bar 304 305 Content-Type: application/pgp-signature 306 307 -----BEGIN PGP MESSAGE----- 308 Version: 2.6.2 309 310 iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC// 311 jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq 312 uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn 313 HOxEa44b+EI= 314 =ndaj 315 -----END PGP MESSAGE----- 316 317 --bar-- 318 319 The "&"s in the previous example indicate the portion of the data 320 over which the signature was calculated. 321 322 Upon receipt of a signed message, an application MUST: 323 324 (1) Convert line endings to the canonical <CR><LF> sequence before 325 the signature can be verified. This is necessary since the 326 local MTA may have converted to a local end of line convention. 327 328 329 330 331 332 Elkins, et al. Standards Track [Page 6] 333 334 335 RFC 3156 MIME Security with OpenPGP August 2001 336 337 338 (2) Pass both the signed data and its associated content headers 339 along with the OpenPGP signature to the signature verification 340 service. 341 342 6. Encrypted and Signed Data 343 344 345 Sometimes it is desirable to both digitally sign and then encrypt a 346 message to be sent. This protocol allows for two methods of 347 accomplishing this task. 348 349 6.1. RFC 1847 Encapsulation 350 351 352 In [2], it is stated that the data is first signed as a 353 multipart/signature body, and then encrypted to form the final 354 multipart/encrypted body. This is most useful for standard MIME- 355 compliant message forwarding. 356 357 Example: 358 359 Content-Type: multipart/encrypted; 360 protocol="application/pgp-encrypted"; boundary=foo 361 362 --foo 363 Content-Type: application/pgp-encrypted 364 365 Version: 1 366 367 --foo 368 Content-Type: application/octet-stream 369 370 -----BEGIN PGP MESSAGE----- 371 & Content-Type: multipart/signed; micalg=pgp-md5 372 & protocol="application/pgp-signature"; boundary=bar 373 & 374 & --bar 375 & Content-Type: text/plain; charset=us-ascii 376 & 377 & This message was first signed, and then encrypted. 378 & 379 & --bar 380 & Content-Type: application/pgp-signature 381 & 382 & -----BEGIN PGP MESSAGE----- 383 & Version: 2.6.2 384 & 385 & iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC// 386 & jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq 387 & uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn 388 389 390 391 Elkins, et al. Standards Track [Page 7] 392 393 394 RFC 3156 MIME Security with OpenPGP August 2001 395 396 397 & HOxEa44b+EI= 398 & =ndaj 399 & -----END PGP MESSAGE----- 400 & 401 & --bar-- 402 -----END PGP MESSAGE----- 403 404 --foo-- 405 406 (The text preceded by '&' indicates that it is really encrypted, but 407 presented as text for clarity.) 408 409 6.2. Combined method 410 411 412 The OpenPGP packet format [1] describes a method for signing and 413 encrypting data in a single OpenPGP message. This method is allowed 414 in order to reduce processing overhead and increase compatibility 415 with non-MIME implementations of OpenPGP. The resulting data is 416 formatted as a "multipart/encrypted" object as described in Section 417 4. 418 419 Messages which are encrypted and signed in this combined fashion are 420 REQUIRED to follow the same canonicalization rules as 421 multipart/signed objects. 422 423 It is explicitly allowed for an agent to decrypt a combined message 424 and rewrite it as a multipart/signed object using the signature data 425 embedded in the encrypted version. 426 427 7. Distribution of OpenPGP public keys 428 429 430 Content-Type: application/pgp-keys 431 Required parameters: none 432 Optional parameters: none 433 434 A MIME body part of the content type "application/pgp-keys" contains 435 ASCII-armored transferable Public Key Packets as defined in [1], 436 section 10.1. 437 438 8. Security Considerations 439 440 441 Signatures of a canonical text document as defined in [1] ignore 442 trailing white space in signed material. Implementations which 443 choose to use signatures of canonical text documents will not be able 444 to detect the addition of whitespace in transit. 445 446 See [3], [4] for more information on the security considerations 447 concerning the underlying protocols. 448 449 450 451 Elkins, et al. Standards Track [Page 8] 452 453 454 RFC 3156 MIME Security with OpenPGP August 2001 455 456 457 9. IANA Considerations 458 459 460 This document defines three media types: "application/pgp-encrypted", 461 "application/pgp-signature" and "application/pgp-keys". The 462 following sections specify the IANA registrations for these types. 463 464 9.1. Registration of the application/pgp-encrypted media type 465 466 467 MIME media type name: application 468 MIME subtype name: pgp-encrypted 469 Required parameters: none 470 Optional parameters: none 471 472 Encoding considerations: 473 474 Currently this media type always consists of a single 7bit text 475 string. 476 477 Security considerations: 478 479 See Section 8 and RFC 2440 Section 13. 480 481 Interoperability considerations: none 482 483 Published specification: 484 485 This document. 486 487 Additional information: 488 489 Magic number(s): none 490 File extension(s): none 491 Macintosh File Type Code(s): none 492 493 Person & email address to contact for further information: 494 495 Michael Elkins 496 Email: me@cs.hmc.edu 497 498 Intended usage: common 499 500 Author/Change controller: 501 502 Michael Elkins 503 Email: me@cs.hmc.edu 504 505 506 507 508 509 510 Elkins, et al. Standards Track [Page 9] 511 512 513 RFC 3156 MIME Security with OpenPGP August 2001 514 515 516 9.2. Registration of the application/pgp-signature media type 517 518 519 MIME media type name: application 520 MIME subtype name: pgp-signature 521 Required parameters: none 522 Optional parameters: none 523 524 Encoding considerations: 525 526 The content of this media type always consists of 7bit text. 527 528 Security considerations: 529 530 See Section 8 and RFC 2440 Section 13. 531 532 Interoperability considerations: none 533 534 Published specification: 535 536 RFC 2440 and this document. 537 538 Additional information: 539 540 Magic number(s): none 541 File extension(s): asc, sig 542 Macintosh File Type Code(s): pgDS 543 544 Person & email address to contact for further information: 545 546 Michael Elkins 547 Email: me@cs.hmc.edu 548 549 Intended usage: common 550 551 Author/Change controller: 552 553 Michael Elkins 554 Email: me@cs.hmc.edu 555 556 9.3. Registration of the application/pgp-keys media type 557 558 559 MIME media type name: application 560 MIME subtype name: pgp-keys 561 Required parameters: none 562 Optional parameters: none 563 564 565 566 567 568 569 Elkins, et al. Standards Track [Page 10] 570 571 572 RFC 3156 MIME Security with OpenPGP August 2001 573 574 575 Encoding considerations: 576 577 The content of this media type always consists of 7bit text. 578 579 Security considerations: 580 581 See Section 8 and RFC 2440 Section 13. 582 583 Interoperability considerations: none 584 585 Published specification: 586 587 RFC 2440 and this document. 588 589 Additional information: 590 591 Magic number(s): none 592 File extension(s): asc 593 Macintosh File Type Code(s): none 594 595 Person & email address to contact for further information: 596 597 Michael Elkins 598 Email: me@cs.hmc.edu 599 600 Intended usage: common 601 602 Author/Change controller: 603 604 Michael Elkins 605 Email: me@cs.hmc.edu 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 Elkins, et al. Standards Track [Page 11] 627 628 629 RFC 3156 MIME Security with OpenPGP August 2001 630 631 632 10. Notes 633 634 635 "PGP" and "Pretty Good Privacy" are registered trademarks of Network 636 Associates, Inc. 637 638 11. Acknowledgements 639 640 641 This document relies on the work of the IETF's OpenPGP Working 642 Group's definitions of the OpenPGP Message Format. The OpenPGP 643 message format is currently described in RFC 2440 [1]. 644 645 Special thanks are due: to Philip Zimmermann for his original and 646 ongoing work on PGP; to Charles Breed, Jon Callas and Dave Del Torto 647 for originally proposing the formation of the OpenPGP Working Group; 648 and to Steve Schoenfeld for helpful feedback during the draft 649 process. The authors would also like to thank the engineers at 650 Pretty Good Privacy, Inc (now Network Associates, Inc), including 651 Colin Plumb, Hal Finney, Jon Callas, Mark Elrod, Mark Weaver and 652 Lloyd Chambers, for their technical commentary. 653 654 Additional thanks are due to Jeff Schiller and Derek Atkins for their 655 continuing support of strong cryptography and PGP freeware at MIT; to 656 Rodney Thayer of Sable Technology; to John Noerenberg, Steve Dorner 657 and Laurence Lundblade of the Eudora team at QUALCOMM, Inc; to Bodo 658 Moeller for proposing the approach followed with respect to trailing 659 whitespace; to John Gilmore, Hugh Daniel and Fred Ringel (at 660 Rivertown) and Ian Bell (at Turnpike) for their timely critical 661 commentary; and to the international members of the IETF's OpenPGP 662 mailing list, including William Geiger, Lutz Donnerhacke and Kazu 663 Yamamoto. The idea to use multipart/mixed with multipart/signed has 664 been attributed to James Galvin. Finally, our gratitude is due to 665 the many members of the "Cypherpunks," "Coderpunks" and "pgp-users" 666 <http://cryptorights.org/pgp-users> mailing lists and the many users 667 of PGP worldwide for helping keep the path to privacy open. 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 Elkins, et al. Standards Track [Page 12] 686 687 688 RFC 3156 MIME Security with OpenPGP August 2001 689 690 691 12. Addresses of the Authors and OpenPGP Working Group Chair 692 693 694 The OpenPGP working group can be contacted via the current chair: 695 696 John W. Noerenberg II 697 Qualcomm, Inc. 698 5775 Morehouse Dr. 699 San Diego, CA 92121 USA 700 701 Phone: +1 619 658 3510 702 EMail: jwn2@qualcomm.com 703 704 The principal authors of this document are: 705 706 Dave Del Torto 707 CryptoRights Foundation 708 80 Alviso Street, Mailstop: CRF 709 San Francisco, CA 94127 USA 710 711 Phone: +1.415.334.5533, vm: #2 712 EMail: ddt@cryptorights.org, ddt@openpgp.net 713 714 715 Michael Elkins 716 Network Associates, Inc. 717 3415 S. Sepulveda Blvd Suite 700 718 Los Angeles, CA 90034 USA 719 720 Phone: +1.310.737.1663 721 Fax: +1.310.737.1755 722 Email: me@cs.hmc.edu, Michael_Elkins@NAI.com 723 724 725 Raph Levien 726 University of California at Berkeley 727 579 Soda Hall 728 Berkeley, CA 94720 USA 729 730 Phone: +1.510.642.6509 731 EMail: raph@acm.org 732 733 734 Thomas Roessler 735 Nordstrasse 99 736 D-53111 Bonn, Germany 737 738 Phone: +49-228-638007 739 EMail: roessler@does-not-exist.org 740 741 742 743 Elkins, et al. Standards Track [Page 13] 744 745 746 RFC 3156 MIME Security with OpenPGP August 2001 747 748 749 References 750 751 [1] Callas, J., Donnerhacke, L., Finney, H. and R. Thayer, "OpenPGP 752 Message Format", RFC 2440, November 1998. 753 754 [2] Galvin, J., Murphy, G., Crocker, S. and N. Freed, "Security 755 Multiparts for MIME: Multipart/Signed and Multipart/Encrypted", 756 RFC 1847, October 1995. 757 758 [3] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 759 Extensions (MIME) Part Two: Media Types", RFC 2046, November 760 1996. 761 762 [4] Galvin, J., Murphy, G., Crocker, S. and N. Freed, "MIME Object 763 Security Services", RFC 1848, October 1995. 764 765 [5] Atkins, D., Stallings, W. and P. Zimmermann, "PGP Message 766 Exchange Formats", RFC 1991, August 1996. 767 768 [6] Elkins, M., "MIME Security with Pretty Good Privacy (PGP)", RFC 769 2015, October 1996. 770 771 [7] Freed, N., "Gateways and MIME Security Multiparts", RFC 2480, 772 January 1999. 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 Elkins, et al. Standards Track [Page 14] 801 802 803 RFC 3156 MIME Security with OpenPGP August 2001 804 805 806 Full Copyright Statement 807 808 Copyright (C) The Internet Society (2001). All Rights Reserved. 809 810 This document and translations of it may be copied and furnished to 811 others, and derivative works that comment on or otherwise explain it 812 or assist in its implementation may be prepared, copied, published 813 and distributed, in whole or in part, without restriction of any 814 kind, provided that the above copyright notice and this paragraph are 815 included on all such copies and derivative works. However, this 816 document itself may not be modified in any way, such as by removing 817 the copyright notice or references to the Internet Society or other 818 Internet organizations, except as needed for the purpose of 819 developing Internet standards in which case the procedures for 820 copyrights defined in the Internet Standards process must be 821 followed, or as required to translate it into languages other than 822 English. 823 824 The limited permissions granted above are perpetual and will not be 825 revoked by the Internet Society or its successors or assigns. 826 827 This document and the information contained herein is provided on an 828 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 829 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 830 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 831 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 832 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 833 834 Acknowledgement 835 836 Funding for the RFC Editor function is currently provided by the 837 Internet Society. 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 Elkins, et al. Standards Track [Page 15]