| rfc9310.original.xml | rfc9310.xml | |||
|---|---|---|---|---|
| <?xml version='1.0' encoding='utf-8'?> | <?xml version='1.0' encoding='utf-8'?> | |||
| <!DOCTYPE rfc [ | <!DOCTYPE rfc [ | |||
| <!ENTITY nbsp " "> | <!ENTITY nbsp " "> | |||
| <!ENTITY zwsp "​"> | <!ENTITY zwsp "​"> | |||
| <!ENTITY nbhy "‑"> | <!ENTITY nbhy "‑"> | |||
| <!ENTITY wj "⁠"> | <!ENTITY wj "⁠"> | |||
| ]> | ]> | |||
| <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> | ||||
| <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.5.26 (Ruby 2.3.7) --> | <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.5.26 (Ruby 2.3.7) --> | |||
| <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft | <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft | |||
| -ietf-lamps-5g-nftypes-08" category="std" consensus="true" submissionType="IETF" | -ietf-lamps-5g-nftypes-08" number="9310" category="std" consensus="true" updates | |||
| tocInclude="true" sortRefs="true" symRefs="true" version="3"> | ="" obsoletes="" submissionType="IETF" xml:lang="en" | |||
| tocInclude="true" sortRefs="true" symRefs="true" version="3"> | ||||
| <!-- xml2rfc v2v3 conversion 3.15.3 --> | <!-- xml2rfc v2v3 conversion 3.15.3 --> | |||
| <front> | <front> | |||
| <title abbrev="5G NFType in X.509 Certificates">X.509 Certificate Extension | <title abbrev="5G NFTypes in X.509 Certificates">X.509 Certificate Extension | |||
| for 5G Network Function Types</title> | for 5G Network Function Types</title> | |||
| <seriesInfo name="Internet-Draft" value="draft-ietf-lamps-5g-nftypes-08"/> | <seriesInfo name="RFC" value="9310"/> | |||
| <author initials="R." surname="Housley" fullname="Russ Housley"> | <author initials="R." surname="Housley" fullname="Russ Housley"> | |||
| <organization abbrev="Vigil Security">Vigil Security, LLC</organization> | <organization abbrev="Vigil Security">Vigil Security, LLC</organization> | |||
| <address> | <address> | |||
| <postal> | <postal> | |||
| <city>Herndon, VA</city> | <city>Herndon</city> | |||
| <country>US</country> | <region>VA</region> | |||
| <country>United States of America</country> | ||||
| </postal> | </postal> | |||
| <email>housley@vigilsec.com</email> | <email>housley@vigilsec.com</email> | |||
| </address> | </address> | |||
| </author> | </author> | |||
| <author initials="S." surname="Turner" fullname="Sean Turner"> | <author initials="S." surname="Turner" fullname="Sean Turner"> | |||
| <organization>sn3rd</organization> | <organization>sn3rd</organization> | |||
| <address> | <address> | |||
| <postal> | <postal> | |||
| <city>Washington, DC</city> | <city>Washington</city> | |||
| <country>US</country> | <region>DC</region> | |||
| <country>United States of America</country> | ||||
| </postal> | </postal> | |||
| <email>sean@sn3rd.com</email> | <email>sean@sn3rd.com</email> | |||
| </address> | </address> | |||
| </author> | </author> | |||
| <author initials="J. P." surname="Mattsson" fullname="John Preuß Mattsson"> | <author initials="J." surname="Preuß Mattsson" fullname="John Preuß Mattsson "> | |||
| <organization>Ericsson</organization> | <organization>Ericsson</organization> | |||
| <address> | <address> | |||
| <postal> | <postal> | |||
| <city>Kista</city> | <city>Kista</city> | |||
| <country>Sweden</country> | <country>Sweden</country> | |||
| </postal> | </postal> | |||
| <email>john.mattsson@ericsson.com</email> | <email>john.mattsson@ericsson.com</email> | |||
| </address> | </address> | |||
| </author> | </author> | |||
| <author initials="D." surname="Migault" fullname="Daniel Migault"> | <author initials="D." surname="Migault" fullname="Daniel Migault"> | |||
| <organization>Ericsson</organization> | <organization>Ericsson</organization> | |||
| <address> | <address> | |||
| <postal> | <postal> | |||
| <city>Saint Laurent, QC</city> | <city>Saint Laurent, QC</city> | |||
| <country>Canada</country> | <country>Canada</country> | |||
| </postal> | </postal> | |||
| <email>daniel.migault@ericsson.com</email> | <email>daniel.migault@ericsson.com</email> | |||
| </address> | </address> | |||
| </author> | </author> | |||
| <date year="2022" month="November" day="29"/> | <date year="2022" month="December"/> | |||
| <area>Security</area> | <area>Security</area> | |||
| <keyword>Internet-Draft</keyword> | <workgroup>lamps</workgroup> | |||
| <keyword>Digital Certificate</keyword> | ||||
| <abstract> | <abstract> | |||
| <t>This document specifies the certificate extension for including | <t>This document specifies the certificate extension for including | |||
| Network Function Types (NFTypes) for the 5G System in X.509v3 public | Network Function Types (NFTypes) for the 5G System in X.509 v3 public | |||
| key certificates as profiled in RFC 5280.</t> | key certificates as profiled in RFC 5280.</t> | |||
| </abstract> | </abstract> | |||
| </front> | </front> | |||
| <middle> | <middle> | |||
| <section anchor="intro"> | <section anchor="intro"> | |||
| <name>Introduction</name> | <name>Introduction</name> | |||
| <t>The 3rd Generation Partnership Project (3GPP) has specified several | <t>The 3rd Generation Partnership Project (3GPP) has specified several | |||
| Network Functions (NFs) as part of the service-based architecture within | Network Functions (NFs) as part of the service-based architecture within | |||
| the 5G System. There are 49 NF Types defined for 3GPP Release 17; they | the 5G System. There are 56 NF Types defined for 3GPP Release 17; they | |||
| are listed in Table 6.1.6.3.3-1 of <xref target="TS29.510"/>, and each NF type i s | are listed in Table 6.1.6.3.3-1 of <xref target="TS29.510"/>, and each NF type i s | |||
| identified by a short ASCII string.</t> | identified by a short ASCII string.</t> | |||
| <t>Operators of 5G systems make use of an internal PKI to identify | <t>Operators of 5G Systems make use of an internal PKI to identify | |||
| interface instances in the NFs in a 5G system. X.509v3 public key | interface instances in the NFs in a 5G System. X.509 v3 public key | |||
| certificates <xref target="RFC5280"/> are used, and the primary function of a | certificates <xref target="RFC5280"/> are used, and the primary function of a | |||
| certificate is to bind a public key to the identity of an entity that | certificate is to bind a public key to the identity of an entity that | |||
| holds the corresponding private key, known as the certificate subject. | holds the corresponding private key, known as the certificate subject. | |||
| The certificate subject and the subjectAltName certificate extension can | The certificate subject and the SubjectAltName certificate extension can | |||
| be used to support identity-based access control decisions.</t> | be used to support identity-based access control decisions.</t> | |||
| <t>This document specifies the NFTypes certificate extension to support | <t>This document specifies the NFTypes certificate extension to support | |||
| role-based access control decisions by providing a list of NF Types | role-based access control decisions by providing a list of NF Types | |||
| associated with the certificate subject. The NFTypes certificate | associated with the certificate subject. The NFTypes certificate | |||
| extension can be used by operators of 5G systems or later.</t> | extension can be used by operators of 5G Systems or later.</t> | |||
| </section> | </section> | |||
| <section anchor="terms"> | <section anchor="terms"> | |||
| <name>Terminology</name> | <name>Terminology</name> | |||
| <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14 | <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", | |||
| >REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL | "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", | |||
| NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECO | "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", | |||
| MMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", | "<bcp14>SHOULD NOT</bcp14>", | |||
| "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be i | "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", | |||
| nterpreted as | "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document | |||
| described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and | are to be interpreted as described in BCP 14 | |||
| only when, they | <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only | |||
| appear in all capitals, as shown here.</t> | when, they appear in all capitals, as shown here.</t> | |||
| </section> | </section> | |||
| <section anchor="extn"> | <section anchor="extn"> | |||
| <name>Network Functions Certificate Extension</name> | <name>Network Function Types Certificate Extension</name> | |||
| <t>This section specifies the NFTypes certificate extension, which provide s | <t>This section specifies the NFTypes certificate extension, which provide s | |||
| a list of NF Types associated with the certificate subject.</t> | a list of NF Types associated with the certificate subject.</t> | |||
| <t>The NFTypes certificate extension <bcp14>MAY</bcp14> be included in pub lic key certificates | <t>The NFTypes certificate extension <bcp14>MAY</bcp14> be included in pub lic key certificates | |||
| <xref target="RFC5280"/>. The NFTypes certificate extension <bcp14>MUST</bcp14> be identified by the | <xref target="RFC5280"/>. The NFTypes certificate extension <bcp14>MUST</bcp14> be identified by the | |||
| following object identifier:</t> | following object identifier:</t> | |||
| <artwork><![CDATA[ | <sourcecode name="" type="asn.1"><![CDATA[ | |||
| id-pe-nftypes OBJECT IDENTIFIER ::= | id-pe-nftype OBJECT IDENTIFIER ::= | |||
| { iso(1) identified-organization(3) dod(6) internet(1) | { iso(1) identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) id-pe(1) 34 } | security(5) mechanisms(5) pkix(7) id-pe(1) 34 } | |||
| ]]></artwork> | ]]></sourcecode> | |||
| <t>This extension <bcp14>MUST NOT</bcp14> be marked critical.</t> | <t>This extension <bcp14>MUST NOT</bcp14> be marked critical.</t> | |||
| <t>The NFTypes extension <bcp14>MUST</bcp14> have the following syntax:</t > | <t>The NFTypes extension <bcp14>MUST</bcp14> have the following syntax:</t > | |||
| <artwork><![CDATA[ | <sourcecode name="" type="asn.1"><![CDATA[ | |||
| NFTypes ::= SEQUENCE SIZE (1..MAX) OF NFType | NFTypes ::= SEQUENCE SIZE (1..MAX) OF NFType | |||
| NFType ::= IA5String (SIZE (1..32)) | NFType ::= IA5String (SIZE (1..32)) | |||
| ]]></artwork> | ]]></sourcecode> | |||
| <t>The NFTypes <bcp14>MUST</bcp14> contain at least one NFType.</t> | <t>The NFTypes <bcp14>MUST</bcp14> contain at least one NFType.</t> | |||
| <t>Each NFType <bcp14>MUST</bcp14> contain only an ASCII string; however, the | <t>Each NFType <bcp14>MUST</bcp14> contain only an ASCII string; however, the | |||
| string <bcp14>MUST NOT</bcp14> include control characters (values 0 through 31), | string <bcp14>MUST NOT</bcp14> include control characters (values 0 through 31), | |||
| the space character (value 32), or the delete character (value 127).</t> | the space character (value 32), or the delete character (value 127).</t> | |||
| <t>Each NFType <bcp14>MUST</bcp14> contain at least one ASCII character an d | <t>Each NFType <bcp14>MUST</bcp14> contain at least one ASCII character an d | |||
| <bcp14>MUST NOT</bcp14> contain more than 32 ASCII characters.</t> | <bcp14>MUST NOT</bcp14> contain more than 32 ASCII characters.</t> | |||
| <t>The NFTypes <bcp14>MUST NOT</bcp14> contain the same NFType more than o nce.</t> | <t>The NFTypes <bcp14>MUST NOT</bcp14> contain the same NFType more than o nce.</t> | |||
| <t>If the NFTypes contain more than one NFType, the NFTypes | <t>If the NFTypes contain more than one NFType, the NFTypes | |||
| <bcp14>MUST</bcp14> appear in ascending sort order.</t> | <bcp14>MUST</bcp14> appear in ascending lexicographic order using the ASCII valu es.</t> | |||
| <t>The NFType uses the IA5String type to permit inclusion of the underscor e | <t>The NFType uses the IA5String type to permit inclusion of the underscor e | |||
| character ('_'), which is not part of the PrintableString character set.</t> | character ('_'), which is not part of the PrintableString character set.</t> | |||
| </section> | </section> | |||
| <section anchor="asn1-mod"> | <section anchor="asn1-mod"> | |||
| <name>ASN.1 Module</name> | <name>ASN.1 Module</name> | |||
| <t>This section provides an ASN.1 module <xref target="X.680"/> for the NF Types | <t>This section provides an ASN.1 Module <xref target="X.680"/> for the NF Types | |||
| certificate extension, and it follows the conventions established | certificate extension, and it follows the conventions established | |||
| in <xref target="RFC5912"/> and <xref target="RFC6268"/>.</t> | in <xref target="RFC5912"/> and <xref target="RFC6268"/>.</t> | |||
| <sourcecode type="asn.1" markers="true"><![CDATA[ | <sourcecode type="asn.1" markers="true"><![CDATA[ | |||
| NFTypeCertExtn | NFTypeCertExtn | |||
| { iso(1) identified-organization(3) dod(6) internet(1) | { iso(1) identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) id-mod(0) | security(5) mechanisms(5) pkix(7) id-mod(0) | |||
| id-mod-nftype(106) } | id-mod-nftype(106) } | |||
| DEFINITIONS IMPLICIT TAGS ::= | DEFINITIONS IMPLICIT TAGS ::= | |||
| BEGIN | BEGIN | |||
| skipping to change at line 152 ¶ | skipping to change at line 161 ¶ | |||
| id-mod-pkixCommon-02(57) } ; | id-mod-pkixCommon-02(57) } ; | |||
| -- NFTypes Certificate Extension | -- NFTypes Certificate Extension | |||
| ext-NFType EXTENSION ::= { | ext-NFType EXTENSION ::= { | |||
| SYNTAX NFTypes | SYNTAX NFTypes | |||
| IDENTIFIED BY id-pe-nftype } | IDENTIFIED BY id-pe-nftype } | |||
| -- NFTypes Certificate Extension OID | -- NFTypes Certificate Extension OID | |||
| id-pe-nftype OBJECT IDENTIFIER ::= | id-pe-nftype OBJECT IDENTIFIER ::= | |||
| { iso(1) identified-organization(3) dod(6) internet(1) | { iso(1) identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) id-pe(1) 34 } | security(5) mechanisms(5) pkix(7) id-pe(1) 34 } | |||
| -- NFTypes Certificate Extension Syntax | -- NFTypes Certificate Extension Syntax | |||
| NFTypes ::= SEQUENCE SIZE (1..MAX) OF NFType | NFTypes ::= SEQUENCE SIZE (1..MAX) OF NFType | |||
| NFType ::= IA5String (SIZE (1..32)) | NFType ::= IA5String (SIZE (1..32)) | |||
| END | END | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section anchor="sec-cons"> | <section anchor="sec-cons"> | |||
| <name>Security Considerations</name> | <name>Security Considerations</name> | |||
| <t>The Security Considerations of <xref target="RFC5280"/> are applicable to this document.</t> | <t>The security considerations of <xref target="RFC5280"/> are applicable to this document.</t> | |||
| <t>Some of the ASCII strings that specify the NF Types are standard. See | <t>Some of the ASCII strings that specify the NF Types are standard. See | |||
| Appendix A for values defined in 3GPP. Additionally, an operator <bcp14>MAY</bc p14> | <xref target="nftypes"/> for values defined in 3GPP Release 17. Additionally, a n operator <bcp14>MAY</bcp14> | |||
| assign its own NF Types for use in their own network. Since the NF Type | assign its own NF Types for use in their own network. Since the NF Type | |||
| is used for role-based access control decisions, an operator-assigned | is used for role-based access control decisions, an operator-assigned | |||
| NF Type <bcp14>MUST NOT</bcp14> overlap with a value already defined in the comm only | NF Type <bcp14>MUST NOT</bcp14> overlap with a value already defined in the comm only | |||
| defined set. Use of the same ASCII string by two different operators | defined set. Use of the same ASCII string by two different operators | |||
| for different roles could lead to confusion or incorrect access control | for different roles could lead to confusion or incorrect access control | |||
| decisions. The mechanism for an operator to determine whether an ASCII | decisions. The mechanism for an operator to determine whether an ASCII | |||
| string associated with a NF Type is unique across operators is outside | string associated with a NF Type is unique across operators is outside | |||
| the scope of this document.</t> | the scope of this document.</t> | |||
| <t>The certificate extension supports many different forms of role-based | <t>The certificate extension supports many different forms of role-based | |||
| access control to support the diversity of activities that NFs are | access control to support the diversity of activities that NFs are | |||
| trusted to perform in the overall system. Different levels of confidence | trusted to perform in the overall system. Different levels of confidence | |||
| that the NFTypes were properly assigned might be needed to contribute to the | that the NFTypes were properly assigned might be needed to contribute to the | |||
| overall security of the 5G system. For example, more confidence might be | overall security of the 5G System. For example, more confidence might be | |||
| needed to make access control decisions related to a scarce resource than | needed to make access control decisions related to a scarce resource than | |||
| implementation of filtering policies. As a result, different operators | implementation of filtering policies. As a result, different operators | |||
| might have different trust models for NFTypes certificate extension.</t> | might have different trust models for the NFTypes certificate extension.</t> | |||
| </section> | </section> | |||
| <section anchor="priv-cons"> | <section anchor="priv-cons"> | |||
| <name>Privacy Considerations</name> | <name>Privacy Considerations</name> | |||
| <t>In some security protocols, such as TLS 1.2 <xref target="RFC5246"/>, c ertificates are | <t>In some security protocols, such as TLS 1.2 <xref target="RFC5246"/>, c ertificates are | |||
| exchanged in the clear. In other security protocols, such as TLS 1.3 <xref targ et="RFC8446"/>, | exchanged in the clear. In other security protocols, such as TLS 1.3 <xref targ et="RFC8446"/>, | |||
| the certificates are encrypted. The inclusion of NFType certificate extension | the certificates are encrypted. The inclusion of the NFTypes certificate extens ion | |||
| can help an observer determine which systems are of most interest based on | can help an observer determine which systems are of most interest based on | |||
| the plaintext certificate transmission.</t> | the plaintext certificate transmission.</t> | |||
| </section> | </section> | |||
| <section anchor="iana"> | <section anchor="iana"> | |||
| <name>IANA Considerations</name> | <name>IANA Considerations</name> | |||
| <t>For the NFType certificate extension in <xref target="extn"/>, IANA is | <t>For the NFTypes certificate extension defined in <xref target="extn"/>, | |||
| requested | IANA has | |||
| to assign an object identifier (OID) for the certificate extension. The | assigned an object identifier (OID) for the certificate extension. The | |||
| OID for the certificate extension should be allocated in the "SMI Security | OID for the certificate extension has been allocated in the "SMI Security | |||
| for PKIX Certificate Extension" registry (1.3.6.1.5.5.7.1).</t> | for PKIX Certificate Extension" registry (1.3.6.1.5.5.7.1).</t> | |||
| <t>For the ASN.1 Module in <xref target="asn1-mod"/>, IANA is requested to | <t>For the ASN.1 Module defined in <xref target="asn1-mod"/>, IANA has ass | |||
| assign an | igned an | |||
| object identifier (OID) for the module identifier. The OID for the module | OID for the module identifier. The OID for the module | |||
| should be allocated in the "SMI Security for PKIX Module Identifier" | has been allocated in the "SMI Security for PKIX Module Identifier" | |||
| registry (1.3.6.1.5.5.7.0).</t> | registry (1.3.6.1.5.5.7.0).</t> | |||
| </section> | </section> | |||
| <section anchor="acknowledgements"> | ||||
| <name>Acknowledgements</name> | ||||
| <t>Many thanks to Ben Smeets, Michael Li, Tim Hollebeek, Roman Danyliw, | ||||
| Bernie Volz, and Eric Vyncke for their review, comments, and assistance.</t> | ||||
| </section> | ||||
| </middle> | </middle> | |||
| <back> | <back> | |||
| <references> | <references> | |||
| <name>References</name> | <name>References</name> | |||
| <references> | <references> | |||
| <name>Normative References</name> | <name>Normative References</name> | |||
| <reference anchor="RFC5280" target="https://www.rfc-editor.org/info/rfc5 | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5280.xml" | |||
| 280"> | /> | |||
| <front> | ||||
| <title>Internet X.509 Public Key Infrastructure Certificate and Cert | ||||
| ificate Revocation List (CRL) Profile</title> | ||||
| <author fullname="D. Cooper" initials="D." surname="Cooper"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="S. Santesson" initials="S." surname="Santesson"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="S. Farrell" initials="S." surname="Farrell"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="S. Boeyen" initials="S." surname="Boeyen"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="R. Housley" initials="R." surname="Housley"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="W. Polk" initials="W." surname="Polk"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date month="May" year="2008"/> | ||||
| <abstract> | ||||
| <t>This memo profiles the X.509 v3 certificate and X.509 v2 certif | ||||
| icate revocation list (CRL) for use in the Internet. An overview of this approa | ||||
| ch and model is provided as an introduction. The X.509 v3 certificate format is | ||||
| described in detail, with additional information regarding the format and seman | ||||
| tics of Internet name forms. Standard certificate extensions are described and | ||||
| two Internet-specific extensions are defined. A set of required certificate ext | ||||
| ensions is specified. The X.509 v2 CRL format is described in detail along with | ||||
| standard and Internet-specific extensions. An algorithm for X.509 certificatio | ||||
| n path validation is described. An ASN.1 module and examples are provided in th | ||||
| e appendices. [STANDARDS-TRACK]</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="5280"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC5280"/> | ||||
| </reference> | ||||
| <reference anchor="X.680" target="https://www.itu.int/rec/T-REC-X.680"> | <reference anchor="X.680" target="https://www.itu.int/rec/T-REC-X.680"> | |||
| <front> | <front> | |||
| <title>Information technology -- Abstract Syntax Notation One (ASN.1 ): Specification of basic notation</title> | <title>Information technology -- Abstract Syntax Notation One (ASN.1 ): Specification of basic notation</title> | |||
| <author> | <author> | |||
| <organization>ITU-T</organization> | <organization>ITU-T</organization> | |||
| </author> | </author> | |||
| <date year="2021" month="February"/> | <date year="2021" month="February"/> | |||
| </front> | </front> | |||
| <seriesInfo name="ITU-T Recommendation" value="X.680"/> | <refcontent>ITU-T Recommendation X.680</refcontent> | |||
| <seriesInfo name="ISO/IEC" value="8824-1:2021"/> | <refcontent>ISO/IEC 8824-1:2021</refcontent> | |||
| </reference> | ||||
| <reference anchor="TS29.510" target="https://www.3gpp.org/ftp/Specs/arch | ||||
| ive/29_series/29.510/29510-h50.zip"> | ||||
| <front> | ||||
| <title>5G System; Network Function Repository Services; Stage 3 (Rel | ||||
| ease 17)</title> | ||||
| <author> | ||||
| <organization>3rd Generation Partnership Project</organization> | ||||
| </author> | ||||
| <date year="2022" month="March"/> | ||||
| </front> | ||||
| <seriesInfo name="3GPP TS:29.510 V17.5.0" value=""/> | ||||
| </reference> | </reference> | |||
| <reference anchor="TS33.310" target="https://www.3gpp.org/ftp/Specs/arch ive/33_series/33.310/33310-h20.zip"> | <reference anchor="TS29.510" target="https://www.3gpp.org/ftp/Specs/arch ive/29_series/29.510/29510-h80.zip"> | |||
| <front> | <front> | |||
| <title>Network Domain Security (NDS); Authentication Framework (AF) (Release 17)</title> | <title>Technical Specification Group Core Network and Terminals; 5G System; Network Function Repository Services; Stage 3 (Release 17)</title> | |||
| <author> | <author> | |||
| <organization>3rd Generation Partnership Project</organization> | <organization>3rd Generation Partnership Project</organization> | |||
| </author> | </author> | |||
| <date year="2022" month="March"/> | <date year="2022" month="December"/> | |||
| </front> | </front> | |||
| <seriesInfo name="3GPP TS:33.310 V17.2.0" value=""/> | <refcontent>3GPP TS:29.510 V17.8.0</refcontent> | |||
| </reference> | </reference> | |||
| <reference anchor="TS23.003" target="https://www.3gpp.org/ftp/Specs/arch ive/23_series/23.003/23003-h50.zip"> | <reference anchor="TS33.310" target="https://www.3gpp.org/ftp/Specs/arch ive/33_series/33.310/33310-h40.zip"> | |||
| <front> | <front> | |||
| <title>Technical Specification Group Core Network and Terminals; Num bering, addressing and identification (Release 17)</title> | <title>Technical Specification Group Services and System Aspects; Ne twork Domain Security (NDS); Authentication Framework (AF) (Release 17)</title> | |||
| <author> | <author> | |||
| <organization>3rd Generation Partnership Project</organization> | <organization>3rd Generation Partnership Project</organization> | |||
| </author> | </author> | |||
| <date year="2022" month="March"/> | <date year="2022" month="September"/> | |||
| </front> | ||||
| <seriesInfo name="3GPP TS:23.003 V17.5.0" value=""/> | ||||
| </reference> | ||||
| <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2 | ||||
| 119"> | ||||
| <front> | ||||
| <title>Key words for use in RFCs to Indicate Requirement Levels</tit | ||||
| le> | ||||
| <author fullname="S. Bradner" initials="S." surname="Bradner"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date month="March" year="1997"/> | ||||
| <abstract> | ||||
| <t>In many standards track documents several words are used to sig | ||||
| nify the requirements in the specification. These words are often capitalized. | ||||
| This document defines these words as they should be interpreted in IETF document | ||||
| s. This document specifies an Internet Best Current Practices for the Internet | ||||
| Community, and requests discussion and suggestions for improvements.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="BCP" value="14"/> | ||||
| <seriesInfo name="RFC" value="2119"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC2119"/> | ||||
| </reference> | ||||
| <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8 | ||||
| 174"> | ||||
| <front> | ||||
| <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</ti | ||||
| tle> | ||||
| <author fullname="B. Leiba" initials="B." surname="Leiba"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date month="May" year="2017"/> | ||||
| <abstract> | ||||
| <t>RFC 2119 specifies common key words that may be used in protoco | ||||
| l specifications. This document aims to reduce the ambiguity by clarifying tha | ||||
| t only UPPERCASE usage of the key words have the defined special meanings.</t> | ||||
| </abstract> | ||||
| </front> | </front> | |||
| <seriesInfo name="BCP" value="14"/> | <refcontent>3GPP TS:33.310 V17.4.0</refcontent> | |||
| <seriesInfo name="RFC" value="8174"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC8174"/> | ||||
| </reference> | </reference> | |||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml" | ||||
| /> | ||||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml" | ||||
| /> | ||||
| </references> | </references> | |||
| <references> | <references> | |||
| <name>Informative References</name> | <name>Informative References</name> | |||
| <reference anchor="RFC5246" target="https://www.rfc-editor.org/info/rfc5 | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5246.xml" | |||
| 246"> | /> | |||
| <front> | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5912.xml" | |||
| <title>The Transport Layer Security (TLS) Protocol Version 1.2</titl | /> | |||
| e> | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6268.xml" | |||
| <author fullname="T. Dierks" initials="T." surname="Dierks"> | /> | |||
| <organization/> | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8446.xml" | |||
| </author> | /> | |||
| <author fullname="E. Rescorla" initials="E." surname="Rescorla"> | <reference anchor="TS29.571" target="https://www.3gpp.org/ftp/Specs/arch | |||
| <organization/> | ive/29_series/29.571/29571-h80.zip"> | |||
| </author> | ||||
| <date month="August" year="2008"/> | ||||
| <abstract> | ||||
| <t>This document specifies Version 1.2 of the Transport Layer Secu | ||||
| rity (TLS) protocol. The TLS protocol provides communications security over the | ||||
| Internet. The protocol allows client/server applications to communicate in a w | ||||
| ay that is designed to prevent eavesdropping, tampering, or message forgery. [S | ||||
| TANDARDS-TRACK]</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="5246"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC5246"/> | ||||
| </reference> | ||||
| <reference anchor="RFC5912" target="https://www.rfc-editor.org/info/rfc5 | ||||
| 912"> | ||||
| <front> | ||||
| <title>New ASN.1 Modules for the Public Key Infrastructure Using X.5 | ||||
| 09 (PKIX)</title> | ||||
| <author fullname="P. Hoffman" initials="P." surname="Hoffman"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="J. Schaad" initials="J." surname="Schaad"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date month="June" year="2010"/> | ||||
| <abstract> | ||||
| <t>The Public Key Infrastructure using X.509 (PKIX) certificate fo | ||||
| rmat, and many associated formats, are expressed using ASN.1. The current ASN.1 | ||||
| modules conform to the 1988 version of ASN.1. This document updates those ASN. | ||||
| 1 modules to conform to the 2002 version of ASN.1. There are no bits-on-the-wire | ||||
| changes to any of the formats; this is simply a change to the syntax. This doc | ||||
| ument is not an Internet Standards Track specification; it is published for inf | ||||
| ormational purposes.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="5912"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC5912"/> | ||||
| </reference> | ||||
| <reference anchor="RFC6268" target="https://www.rfc-editor.org/info/rfc6 | ||||
| 268"> | ||||
| <front> | ||||
| <title>Additional New ASN.1 Modules for the Cryptographic Message Sy | ||||
| ntax (CMS) and the Public Key Infrastructure Using X.509 (PKIX)</title> | ||||
| <author fullname="J. Schaad" initials="J." surname="Schaad"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="S. Turner" initials="S." surname="Turner"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date month="July" year="2011"/> | ||||
| <abstract> | ||||
| <t>The Cryptographic Message Syntax (CMS) format, and many associa | ||||
| ted formats, are expressed using ASN.1. The current ASN.1 modules conform to th | ||||
| e 1988 version of ASN.1. This document updates some auxiliary ASN.1 modules to | ||||
| conform to the 2008 version of ASN.1; the 1988 ASN.1 modules remain the normativ | ||||
| e version. There are no bits- on-the-wire changes to any of the formats; this i | ||||
| s simply a change to the syntax. This document is not an Internet Standards Tra | ||||
| ck specification; it is published for informational purposes.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="6268"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC6268"/> | ||||
| </reference> | ||||
| <reference anchor="RFC8446" target="https://www.rfc-editor.org/info/rfc8 | ||||
| 446"> | ||||
| <front> | ||||
| <title>The Transport Layer Security (TLS) Protocol Version 1.3</titl | ||||
| e> | ||||
| <author fullname="E. Rescorla" initials="E." surname="Rescorla"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date month="August" year="2018"/> | ||||
| <abstract> | ||||
| <t>This document specifies version 1.3 of the Transport Layer Secu | ||||
| rity (TLS) protocol. TLS allows client/server applications to communicate over | ||||
| the Internet in a way that is designed to prevent eavesdropping, tampering, and | ||||
| message forgery.</t> | ||||
| <t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 50 | ||||
| 77, 5246, and 6961. This document also specifies new requirements for TLS 1.2 i | ||||
| mplementations.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="8446"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC8446"/> | ||||
| </reference> | ||||
| <reference anchor="TS29.571" target="https://www.3gpp.org/ftp/Specs/arch | ||||
| ive/29_series/29.571/29571-h50.zip"> | ||||
| <front> | <front> | |||
| <title>5G System; Common Data Types for Service Based Interfaces; St age 3 (Release 17)</title> | <title>Technical Specification Group Core Network and Terminals; 5G System; Common Data Types for Service Based Interfaces; Stage 3 (Release 17)</ti tle> | |||
| <author> | <author> | |||
| <organization>3rd Generation Partnership Project</organization> | <organization>3rd Generation Partnership Project</organization> | |||
| </author> | </author> | |||
| <date year="2022" month="March"/> | <date year="2022" month="December"/> | |||
| </front> | </front> | |||
| <seriesInfo name="3GPP TS:29.571 V17.5.0" value=""/> | <refcontent>3GPP TS:29.571 V17.8.0</refcontent> | |||
| </reference> | </reference> | |||
| </references> | </references> | |||
| </references> | </references> | |||
| <section anchor="nftypes"> | <section anchor="nftypes"> | |||
| <name>NFType Strings</name> | <name>NFType Strings</name> | |||
| <t>Table 6.1.6.3.3-1 of <xref target="TS29.510"/> defines the ASCII string s for the | <t>Table 6.1.6.3.3-1 of <xref target="TS29.510"/> defines the ASCII string s for the | |||
| NF Types specified in 3GPP documents, which are listed below in | NF Types specified in 3GPP documents; these enumeration values in 3GPP Release 1 | |||
| alphabetical order. This list is not exhaustive.</t> | 7 are listed below in | |||
| ascending lexicographic order. This list is not exhaustive.</t> | ||||
| <artwork><![CDATA[ | <artwork><![CDATA[ | |||
| "5G_DDNMF" "ICSCF" "SCEF" | "5G_DDNMF" "LMF" "PKMF" | |||
| "5G_EIR" "IMS_AS" "SCP" | "5G_EIR" "MBSF" "SCEF" | |||
| "AANF" "LMF" "SCSAS" | "AANF" "MBSTF" "SCP" | |||
| "ADRF" "MB-SMF" "SCSCF" | "ADRF" "MB_SMF" "SCSAS" | |||
| "AF" "MB-UPF" "SEPP" | "AF" "MB_UPF" "SCSCF" | |||
| "AMF" "MFAF" "SMF" | "AMF" "MFAF" "SEPP" | |||
| "AUSF" "MME" "SMSF" | "AUSF" "MME" "SMF" | |||
| "BSF" "N3IWF" "SOR_AF" | "BSF" "MNPF" "SMSF" | |||
| "CBCF" "NEF" "SPAF" | "CBCF" "N3IWF" "SMS_GMSC" | |||
| "CEF" "NRF" "TSCTSF" | "CEF" "NEF" "SMS_IWMSC" | |||
| "CHF" "NSACF" "UCMF" | "CHF" "NRF" "SOR_AF" | |||
| "DCCF" "NSSAAF" "UDM" | "DCCF" "NSACF" "SPAF" | |||
| "DRA" "NSSF" "UDR" | "DRA" "NSSAAF" "TSCTSF" | |||
| "EASDF" "NSWOF" "UDSF" | "EASDF" "NSSF" "UCMF" | |||
| "GBA_BSF" "NWDAF" "UPF" | "GBA_BSF" "NSWOF" "UDM" | |||
| "GMLC" "PCF" | "GMLC" "NWDAF" "UDR" | |||
| "HSS" "PCSCF" | "HSS" "PANF" "UDSF" | |||
| "ICSCF" "PCF" "UPF" | ||||
| "IMS_AS" "PCSCF" | ||||
| ]]></artwork> | ]]></artwork> | |||
| </section> | </section> | |||
| <section anchor="example"> | <section anchor="example"> | |||
| <name>Example Certificate Containing a NFTypes Extension</name> | <name>Example Certificate Containing a NFTypes Extension</name> | |||
| <t>The example certificate conformes to certificate profile in | <t>The example certificate conforms to the certificate profile in | |||
| Table 6.1.3c.3-1 of <xref target="TS33.310"/>. In addition, the NFTypes | Table 6.1.3c.3-1 of <xref target="TS33.310"/>. In addition, the NFTypes | |||
| certificate is included with only one NFType, and it is "AMF". The | certificate is included with only one NFType, and it is "AMF". The | |||
| SubjectAltName certificate extension contains a fully qualified domain | SubjectAltName certificate extension contains a fully qualified domain | |||
| names (FQDN) and a uniformResourceIdentifier, which carries the | name (FQDN) and a uniformResourceIdentifier, which carries the | |||
| NF Instance ID as specified in Clause 5.3.2 of <xref target="TS29.571"/>.</t> | NF Instance ID as specified in Clause 5.3.2 of <xref target="TS29.571"/>.</t> | |||
| <artwork><![CDATA[ | <artwork><![CDATA[ | |||
| -----BEGIN CERTIFICATE----- | -----BEGIN CERTIFICATE----- | |||
| MIIC0DCCAlagAwIBAgIUDD5o44zEdfSghT2hMK+P/EjGHlowCgYIKoZIzj0EAwMw | MIIC0DCCAlagAwIBAgIUDD5o44zEdfSghT2hMK+P/EjGHlowCgYIKoZIzj0EAwMw | |||
| FTETMBEGA1UECgwKRXhhbXBsZSBDQTAeFw0yMjExMjkxODE0NThaFw0yMzExMjkx | FTETMBEGA1UECgwKRXhhbXBsZSBDQTAeFw0yMjExMjkxODE0NThaFw0yMzExMjkx | |||
| ODE0NThaMDkxCzAJBgNVBAYTAlVTMSowKAYDVQQKEyE1Z2MubW5jNDAwLm1jYzMx | ODE0NThaMDkxCzAJBgNVBAYTAlVTMSowKAYDVQQKEyE1Z2MubW5jNDAwLm1jYzMx | |||
| MS4zZ3BwbmV0d29yay5vcmcwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATJ6IFHI683 | MS4zZ3BwbmV0d29yay5vcmcwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATJ6IFHI683 | |||
| q/JJjsJUfEiRFqGQ6uKDGJ0oqDP6wEhRAuvyEyz5pgRmz/7Mze1+s1qcnPU9mo1v | q/JJjsJUfEiRFqGQ6uKDGJ0oqDP6wEhRAuvyEyz5pgRmz/7Mze1+s1qcnPU9mo1v | |||
| rIW9rjKhb/Hm8H9TPvnMQwCRCtKvCD90MkWvc/G8qyCBpCms3zNOJOijggFBMIIB | rIW9rjKhb/Hm8H9TPvnMQwCRCtKvCD90MkWvc/G8qyCBpCms3zNOJOijggFBMIIB | |||
| PTATBggrBgEFBQcBIgQHMAUWA0FNRjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMDAw | PTATBggrBgEFBQcBIgQHMAUWA0FNRjAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMDAw | |||
| skipping to change at line 608 ¶ | skipping to change at line 487 ¶ | |||
| 02 49: INTEGER | 02 49: INTEGER | |||
| : 00 A3 28 60 0B 70 E6 CA E4 36 31 3E 66 0E 82 A8 | : 00 A3 28 60 0B 70 E6 CA E4 36 31 3E 66 0E 82 A8 | |||
| : 49 1F F5 FD 9B 6A 71 65 B5 1B 8F 6D 3A 78 07 45 | : 49 1F F5 FD 9B 6A 71 65 B5 1B 8F 6D 3A 78 07 45 | |||
| : EB 6B 3E 73 FE 39 F7 34 33 CC F5 AB 5A 48 75 31 | : EB 6B 3E 73 FE 39 F7 34 33 CC F5 AB 5A 48 75 31 | |||
| : 39 | : 39 | |||
| : } | : } | |||
| : } | : } | |||
| : } | : } | |||
| ]]></artwork> | ]]></artwork> | |||
| </section> | </section> | |||
| <section anchor="acknowledgements" numbered="false"> | ||||
| <name>Acknowledgements</name> | ||||
| <t>Many thanks to <contact fullname="Ben Smeets"/>, <contact fullname="Mic | ||||
| hael Li"/>, <contact fullname="Tim Hollebeek"/>, <contact fullname="Roman Danyli | ||||
| w"/>, | ||||
| <contact fullname="Bernie Volz"/>, and <contact fullname="Éric Vyncke"/> for the | ||||
| ir review, comments, and assistance.</t> | ||||
| </section> | ||||
| </back> | </back> | |||
| <!-- ##markdown-source: | ||||
| H4sIANlMhmMAA81b61LjyJL+r6eopX8AO9jo4vvsnBjdDAZkjGWay8REhyyX | ||||
| bYEsuSUZY4jeV9l9lt0X28wqSbaM6abnnI1zujsaqZRVlZmV+eVFolQqCXHi | ||||
| BKMvjh8GtEWSaEEFbx6xqziRRbEpysIodANnBo9HkTNOSh5NxiXfmc3jUnVS | ||||
| CsbJak7jktgQXCdpkTgZCW4YxDSIF3GL7OOS+8LcawmEJKELIysa78NNHEZJ | ||||
| RMfxxshqtjmQeIkPm+7flqtik+g0SryxB3tQYj4nsLwXBmQcRqR6Qro0WYbR | ||||
| I2kvAjfB8QHytC84w2FEn1qMpI1jxAvIm/ViIV4MZ16MKyJRi3TMQVtwIuq0 | ||||
| iE3dReQlK+FxCeNBQqOAJiUDNSGMYHKLyKIslySpJDcFwVkk0zBqCSXCNdZf | ||||
| xDE5DRexT1cgYRhNWuSzN/H8fN0jcnGhw6OM1eJTeODCjxY5hX1HYXBEPqs4 | ||||
| Fi6CJILhaxvu6Mzx/BaZ8m1+f8IVYuqW3XCWM2JTB7SyAOajjI84UKJRvsGN | ||||
| E0+9YJLgHob+3h4xLPM7m1hY/SycBqQX0cX//hexnCSJ4zDItjEjz03v+U7n | ||||
| Htjc5gb2ko5osN7kAVYrz9Jlfqfp/MKGhhN41CeWN3EWfvLuVrbjBQm5cBYR | ||||
| DZIjclWQS3cCZ+Sstx2xNcszvmZxX8ELwNSAJ++JoiX323pVrtSyy6Ykp5c1 | ||||
| udZILxsVTjCw5Wa5WpfwGnzAiSYU/GSaJPO4dXy8XC7LymQ+L4MEx+NkfmzP | ||||
| qRsfO5E7hb2O5eaXGDih8TFfBH7A/6VpVSy/eHO+IveTv7EbgrZur+KEzn4l | ||||
| ejibgTMYTuJwj2D+YtPoyXMp0ZyYjrhJjx2Xxr8SO3EmlCjkoE99Ck+JVD9k | ||||
| q2ZmjdclrmswAXJCwZwc5nA9J0rgBmxoDoYQPlA3YdQbLiIqbISLg/pspRwr | ||||
| J70eaKnFJSSfpXq5WhYFIXij8YaIl7flGr/YrU0vWZTh2I8j6h4PSn1TL7EJ | ||||
| u3TVyU4VJEioOw1CP5ysCMAif64O4yRy3AQ0GiTOM+mGCSe+DCg5UO1uWTrM | ||||
| pMBz44CCBOGYDJ3Yc0mQTnlPj53BdWlQVJVUAtDdrSpGTfoUbHJGgxFbuUXW | ||||
| 8gGFfXncMfUWaTTkSklq4Xq5EUrfUduHjVAS0Qgl8YNG+Aab+3Qexl4SRqvM | ||||
| FP81TE8Sc9NDfSlKWfmL+lKUTF98EfihoL7kd/WVKckIAYuCHP7JQdewD38l | ||||
| KigBECwzrnYEIMjoD9T24T9LZ1w2pjM51ZmslEVR+Ws2luuMLwI/4P/v2dgA | ||||
| HRZU4m+53kkULuaAfRHN1QopDpBHMy9wfDC27mI2hL2CyRFxRqOIQuQPJozI | ||||
| G6Ga86X+WdbINLAGQqFUKkGCwLFIEAZTLyaQlC0AAhISc+EB3MFGiLuRJtFC | ||||
| muQFrr8YgaDC7mwJbI2lSPEhI8fFci/O06YnhcwXQ99zhUe62twsJk5M5lE4 | ||||
| 9nwIKkAOeE0QsMuc+5k3GvlUED5hwInC0YLv/PrJw9tvKBT9gCrJAerokExh | ||||
| t0zwEWjyCeb4bwRjMoE8yBqshaCMYsUcdUpDFgCZAQL4J5AkkKWXQBYkFIQv | ||||
| g6lNKTyEhJBUmpBJpgob0bEXwAqoLnZ0a2v5FTdaYQpJfEh3uEoGztCnpFaW | ||||
| yrUy+E5JQoZeXzNo/vbtiNkgddwpbpKwfDUWMpuERYYr4pAYLDAhqq13OpBt | ||||
| oxmDji/nqLUwinFNYD1mrMdk5jxSsgCeYBgyQI8lsOAyvfMOpOOZva8EL0sD | ||||
| gARLAgBlZBkVASrES2e9bJlsWQMBaxAK1vD6mgbsb9+Y3oCFERcPl5xH3swB | ||||
| /B9nFojcbS4AciN7Qw8mOBub4CAuwPkGgORipTfJ1EmEaeiPUl8II/DteRig | ||||
| 1eOeT7gyrHJEHoNwGaBdbPsMVAJoZ2Vmjzse5CKk96qfdAGM3/E71wmEIRce | ||||
| OY8X8zmeXcZ9ZoEuaDsGdtEVfDAr18PZcfn7rp666ztbr7cTYFH6g63QssB7 | ||||
| nzymKocZLeo2s3XBgVTY9Ry0ZPSRd/XGfGUXa0JBKyTTCuwbvmO64FU+TIxA | ||||
| DQAbHL55fvb6CYZncYoaaBbg9nDoe9a1Pdg74j9J95Jd982r607fNPDaPlUv | ||||
| LvILIaWwTy+vL4z11XqmfmlZZtfgk2GUFIaEPUu92+NWvXfZG3Quu+rFHneb | ||||
| zWND+0djptz95hFFNTqxMKKxG3lDjg6a3vuf/5Yq4Dn/Bq4jS1ITXIffNKR6 | ||||
| BW6WkAPw3cLAX6W3HGfmc+pEzEt9H/Q79xIIdEdo4IAWYOmIX6DHf/8DNfNn | ||||
| i/zH0J1Llb+lAyhwYTDTWWGQ6eztyJvJXIk7hnZsk2uzML6l6SK/6l3hPtP7 | ||||
| xiCzl7exYHcH4fUTGGbwLXU1KJsZHv2Epx3BQXiA2Nx90FXeeA/5qPdwg/6+ | ||||
| Y4MCuClhOOems4GPmyAsbIDw+465uTTawpCSYsQBZoVx6PvhErEh5DCYk0Ay | ||||
| JPwn/IEUxhuV5jRrCBFyqZ2Z+oB0DLM76LQ7Zp+QVus3nuq8AsCHB9LhxlYl | ||||
| yKagAn9hsf9AOQT/GR3UDtOQRROgTtMkPCWWHh9UD8kMskCYFs9ivJs/es8H | ||||
| 9UPOCq6vVMg3zh8/4C1h0dJAYAhGjyAsOCPm2P7WOWzNmTpPlJ3gWikxKw/X | ||||
| mshmgrzEBl8yu7pJ7M69SQ6kctlSbw/JZTulEnJ6Rt5RqzYL6uQgn6DIh4e5 | ||||
| EGu+GDcI5VgyOAnB5APsLsgoQAyT5xJs9QI5QxDA4c004lcCWIGpFEMVgQ+u | ||||
| 9ZRaXB48QO+Yj0KCRg6eHH8BHIkwEbLvyZQo0uERS6PiOSYVOW1KSkCkI5Km | ||||
| mSNIm5IdNJJcP/yeDAWRuSDrNQAmhZz1bMYMiwLIEgLYf3tGXN6h3c3JTBqM | ||||
| 9Skv68VCSJdgdmdcRIs3m66P5miTkvO5geGxS3nOgj1S0NKIBcE1cxg6OTKt | ||||
| rYVlixBl5hgnE35YcZpaIeUigFViSImosKHo/S/7hxmAgXcEYVLIlHuwdIJZ | ||||
| a7rJemZMEx6XWROEWJDRQ277+smJA6k0C0fbgJqhI7c5nDJLp7yy7gWEt6zq | ||||
| yLTyDtqyMi1JnS9L9IInhBFEeRojw148pSNIatM8tCnJmIfCTHaPTTqARO6u | ||||
| oO6gLOVOiFECogPv1/xdMPUhlAItHIjZDH6fIuiBJMKy3xAeDLPd6XYwztmk | ||||
| Y/UuOnpnQAbqiZ0CqmaedLpICA8v+wObLWfeDsyuDXPYXbt/aWHSf1viTUGm | ||||
| 4hI2+KGQLfFqDbSUMvL3wfNfkDyXHQk4hyVRPqgC6Tfyq4CyAZeZZ+2M5EgD | ||||
| ZlJKXSQXn6HqK9vHvusO1NvcwFi7LItOBtHuChGMq/5Hu5LLjiFsxb5/pdD3 | ||||
| ERF4c1P4f4pbBOggjePx67UFmLaIXOqGI1piYTeKf+Mvib4xPMlbXzp4M6iI | ||||
| 9wKgoPwEopfwzVKa9r9HyGrqYvEJ0Ar5Eau+Wf24kZwDCNjhjGaAtxkOY1ZP | ||||
| pqngKoWmLKGDVdmbMycaQWplUyqogN+A2s9EZUiWRsSsRwBQhC0CoFVHIw85 | ||||
| hUx9hWiW1z+Y2WGd5U2gTk9AEMjb8w1xSSzjeRzyIvY04DkuMgB4TzdZFEBG | ||||
| VmDhxA8UgAVOSpwLQNB0tXUwDCE98J05T2MdLiUUHRF1RqtNYTksox/7KyEb | ||||
| x6BByHWcq5uF002ds3xzGZKRNx5TfGmzrg4FlGQ9jjKhHAt/hFkAq69BqnEa | ||||
| 9Fi/C+t/LNkLMgvr+prnxLkbMV1tHggsOaIJKzwpllvAcpQnTVl+tJ3bO9kR | ||||
| YEBdBN5XVJAbhcDButKFR+EiQbPlSZILj7hSira53YVYp6JpcY8dnmC1oRd8 | ||||
| ocGcYH3owtahb3QiWPrlwZnGWTMFwvUT2CdNrR+bP2DsAnsfzLsYIARukp1y | ||||
| yHpv/ro1ZOS8+JBM+owZPBnEOxfldZJCnrTE3hrkB7Au5qSp6ZGZN5kmmJwH | ||||
| lI5odr6g8+EiSf2YCvnmGRikhrXZqmrDSdJnZzb3Ie1iydiam3wXYb0La5m9 | ||||
| 2yiJqO+kinDg3BzAMhjjoMayPMHDnfD88jdBY89PWL+ZzEMAIlAu4gAoFmcu | ||||
| /ORop71z1li1sX7MzgFzJ1Qs2ut3K7oyYZjaw9aXuwNSsSeWYWoHbAqRMFcl | ||||
| HEkSuiH2EeIF5IdOTAYXNpHKcgawlRr2LItd4Ag7PehQkw0gAAeNyvi6jYTM | ||||
| h368h8L3wHeosIewVTBzAIYDjFZzOIzUkQs5bxqadqpFwA7UlPpz5u1D7AcD | ||||
| U5uujvlw1ofCrWDBWRgnPCJDikk4moa8VTz38T0zLF/YLomcIE4/K+C5ckft | ||||
| qm8PwXMCB/TfLqS/73g9y2hZwwIUz5bz0CQBY9A7BTRKHkCYYFuVOjmAZGXd | ||||
| 3X/HYlCVAhB+nw77Sgi9Q0R/P3SdZH3ce7bVWX/BgMtg4rk7+dgD7iceQOkK | ||||
| MwaljN3xKvytlyWs/TKlFKoMpoS80NilCLKpCOFHikgrkfXzMjOnTR1wEuGj | ||||
| QpNc6JTlTr72nvCewOJhWlG52J326WjCUCQWBAshHrHlkXXFNQo524zSBLzG | ||||
| Akt1qE8uvCMy8GbkFMoiOqT08Yj0QwgN+KXEyveWR4IGqaRHyefQf+FFFH4t | ||||
| QT6vAveRZnJCXhHRJ48ujwh/w5zEnBaVyV8LlNPXUUPHfWR9Nm6udpoyvX5K | ||||
| +z+Ypf3ofUeaMMQ7Uq+UISFPgNZve9JUKg+TcVbAbrxtGVIoDoFScPz51BlS | ||||
| 1tZJK2m0cDAW1qRLa176PHUAVyEQ8qKQZdt71ZMvhtG12ntZjbLX0W19fYsj | ||||
| tm6293Jys9PfeLrXsewvqr1XIO+l1KraLaxE9i6s4gBS2zA9pTf6W/SWVrIL | ||||
| U5Bez7hRtxZj9Ne9Ir3Zy9l5s7nV3lpiD3dLqa/tbWYsc5t5y87INXt78a7S | ||||
| udlS5GX/i5pN0DV9a/2u+UY5vTX5m4fd/vbIwNYHOUP66ZsJtrp1std6Lq6h | ||||
| v2HHttWCevauDSuj7qtvFt9W17XRT6lN1TaKG3ftm8stVoyc8xNN/VJQ5173 | ||||
| xlC3yHs5tXWhFzfu5QZyattbbPa4+bA+4yeAaJYyFWBb5y0t/o4oyzyKvXQ2 | ||||
| KS3R0rtCBMHcC7JHypBs80H68hiddg0ciruJG/yLA9bMhlTCSQupo3e7Rl68 | ||||
| bpOz3Jx1PTe7cGkzCQiZB6TRz/7Quz2uC8zixguo5cjXheNzhBqxrzgE/FQt | ||||
| JgftK6N7yFEU6wGUvp8mjOuwkGEYJJRR+toBsa+TvowlEIucLRDUfQcrwipg | ||||
| q7yJrHUp620hUJdKrDtEdLOPrQhdHZhsVLA6HV0Ey1Z9Z6IuO5o66VwbRjWs | ||||
| VF7M0dieTAfy1Dr/pXdsPpycAprqk7vOeXjfeXkQTXVpLYX2wBxYsLgqXZv6 | ||||
| ZHnev51Oh7dafG9rxtVApe2luLIezGfr4fH50jDF7mDqsLEXPiZkg5bx+Ky/ | ||||
| qGfapPtZU+8Gqv95YNnh8ly9Mz5fXZ2bK1O6l63F8Kb60DXU5cVMerh7sZ4F | ||||
| y6683Cvacjj7LI7k5spZVZ/cmbscPahX2sT9On18uOxddTRtch1Nrq7UzqTr | ||||
| qergrNZpn3ZqDUX4enx29hCfXY9Nr9/+enJVW5wbJ2di+NXo1ZbmtK8unlbm | ||||
| 6qU6n/RnL8d164VKv8TSVzfoXTdnofQkRJ2bZvRwPh0en84ap81B7ymwrpZ6 | ||||
| X0/On3SjKVqPN0/u8Unj60rX5vosVl66l2eX3sNk0tbgADShN1AH2mQSaROz | ||||
| rV25WmdydWqp1zeq2O72H9Rb1MmprZqmoV5a6vJEn+knttr28cQs0IVgTEBJ | ||||
| fbGnXp0ea+qVoU6oamkWnsro7OrKstTwRNfjE/Xquq0tLd3SRPbMmFzdaFrf | ||||
| Eu6r55PlnX8XNBrV2XnHqFbvXfMl6Ggv6pjvbpknhnoz0ezOuNYxa1fJ14fb | ||||
| vvzL/PhZT/pTodL7+tIdqM+MuN8wzx/U0NKdydm56k09LRyd9peXXuPpPreP | ||||
| 6sNQFvN74f6mO72YdVdDQ5P4Iqamjhum86LNJw9AdHP3DM/j0W1XvL/twHXV | ||||
| Hxmdxd2NNLt4+BwId6tqMpxZIigEjKT7gBZ28dAN3FNtcX/bV4bKWXQxa67u | ||||
| K3fJ6PZscRl8lpybq9r9w+T53ujPhLub66Qr9/27lfhs3VwtL25MpftwnViG | ||||
| NrVOrKp1cy3fze5krsyvJ7ZVaWoqbCdPVOvkWhcsM7kyF0nzkfqPntWx+r9c | ||||
| vTza3ZPOoq+IF5GsjBMnuvCaS2uu3Pc7Z3dXE0e9cWuT2VixPqtzoX7VeVbP | ||||
| rfBOTZbVOHrsPpi/3E9q+lfzcdwcy0MnaPtJf9EbDuYVTbyNnJfqy/FDoHSN | ||||
| ntV0EkewT6+fL69++437vNk13np8/gJp48XVNOuh78DqtKxKO1khz3N9Ok7Y | ||||
| dy3rtDxxJuTAw4rq2cFCeeb4h/l3Ej4NJoC8+Dx7loKTIpK6LLbWjcZXHKo2 | ||||
| Gy2yOaaKEJsUGCN/iH/CvSjDpYT3pNMdmCdmn2RtazZIvjESXDmn2Hwu6kQx | ||||
| Sa1BTIU0dKJXSL1K2hUC+zSqRDGIKhHgQ22TRpu09c2plQbRa0QySVVFVonE | ||||
| 9tjgVazBfYPRvm0BU3cUOzcQhuxTVWlUIP0nMmlURFhGrFRJhShEOdySBHeR | ||||
| pa1dFAm2bjIS2xxwtRGpzudsc6Pw4R38bDadWZw7kAmyIYmHAigplQ7+XA/a | ||||
| jbS3u59nBep+gVVktnD/bYckyra+pDpswzm8HuhQv1AiN48l6Ri/kyNSoyVV | ||||
| WtUGObEG3yVViqRvN67Wd6lQ2lIhaf6sCtNvyTe1VzsUJAWI5XTS9iu0/Wv7 | ||||
| h5pD7iryFncV8R95wMijorzHY3XilmeBWxHF8sx1FUliX25m7WZY9+cPX5Ia | ||||
| 22eAVltr7ZIpteVdPtRj3zqc09W2/4C9HPLZ1fdmx9Sdg+dFEs4Fo1FkIhKl | ||||
| crjNvAjKaXI31joDYg/6ne5JgUisEL1JzAZpSKRSJ2CBgBdKnagaacv4kWDD | ||||
| JDpoG8BFB9gozG1KIDaiTFMkpkpMEAINmDQNIjeI2oBzIW2V6CLiTVUq7isT | ||||
| k20B5yfrpN0kag2ZqdWIDmgFmwKiGcQ0SN0kmlKYW1VJU8d/bQZzTZU0DFJr | ||||
| E1VH4NMA+Ez2WlzCwXZxX7NG2gDXbVJVED1hX9ioohBRRHFElRgyakAE5tuk | ||||
| XinMhTXheOBpHeSSiKajlmQRVadWwImRAaONUldMIhfnmo0tS1Jhfw6Ifyh/ | ||||
| ciNSUujbNq13vLnxrr8E4/RDWDQOwHlwliqpw080EVBybpfkUofcN7WLI+xD | ||||
| OvN44fMPHzmUVDPP2ES7TXclG2/M9qH22PaoNz71diAND8pPo9Y6xPfSfjSH | ||||
| BjgLReaipo75AVEBd9+Kyh7IOedbvOWRZSd7+zL6B3NsoMSzgAH0hUrjrZLe | ||||
| aumjesv4/rjeHunqOsZfU8iUJVVBWYDVaToCaHF5eWGqXTLoX5vcYiofUaO4 | ||||
| GTA2IAeMbxHwzyS9JN4Wa1/a18gBPCHi4QdF/ukAB+Xu+bbUSj01EfnDJiLu | ||||
| MJGCM+40U9+D6hh/9WHbI8Ei3kj8YXf5aR2kH+eBHjobHeTMBFJokD+kDEaZ | ||||
| K2OTdJv5ik5qddKUMS3VJdJoEkhumm1EeaUJwYmoELsUYgJNjVT17ekQHoBM | ||||
| bxCx/jG1KNLPqoX/KoSXrHYrRqmmivmQB7CTkXdYSUPc1BiWANvyNBoYl1Ad | ||||
| FWI2iaiRGotsdYi9NQykTYxmLEZBnJS2p5si0migr+pfNanKz+eN/QsD3wHg | ||||
| u0xIznoh5F8bGCxx1VU+7GCVXQ7GjnXtYFsllVJby8kLKzZaWY+mw40ahvCN | ||||
| YfJH7U+yj7/W0zo+TstG/CXJ7Np1ym7k74DqXWC9c+yvYrr080XQ1mf8uVvX | ||||
| f4DskvjRXEASd+UCDShRq+sj+EN+Y9dk35mNpTK+0kxoJJUh+5bLMFR+Nzl/ | ||||
| q/L9db6Ox1iprjes7dhwEQWtxcIbtcYNaVQZO7RUh5q9JEkjseTUa9WSKDqi | ||||
| 25RobTiu/aWEpXC/XSVs3H1bx42dIeMfUF2zNF8S0eDXEXf3AW4X4NhfqHDP | ||||
| 2tFgIBWNVGEaS9XrBibIgEu1CiIV1ARQWkPFYFYw4YVHcjFJr9QAB/FpvU4M | ||||
| kWgqadeIYZC2hvk7ZMpaA1N1KA50FWgKc2tV3FSEvSTMxCWVgAlDFFEAD2W8 | ||||
| aMO1hLyBhZsGF6P5rhiQ20O2DSVJTURUrYtYBcCuyHoNF8I2ClQfJq6uFhN1 | ||||
| qICkNhYabZCfIXJdQv40YFHDxkrNQLbqGKDALIs5P9BruDjWCybGMeSb6Utn | ||||
| xYvKdAEJYR0KmSKgK83v2dT6hn0TLvwfSjd7DABBAAA= | ||||
| </rfc> | </rfc> | |||
| End of changes. 51 change blocks. | ||||
| 423 lines changed or deleted | 118 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||