ID Message Exchange Format Working Group Glenn Mansfield INTERNET-DRAFT Cyber Solutions Inc. draft-glenn-id-notification-mib-01.txt Dipankar Gupta Hewlett Packard Company October 23 1999 Intrusion Detection Message MIB Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet Drafts are working documents of the Internet Engineering Task Force (IETF), its Areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Copyright Notice Copyright (C) The Internet Society (1999). All Rights Reserved. Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it defines the contents of messages that will be exchanged among intrusion detection systems when an intrusion is detetcted. It also allows the message exchange system to be configured. Expires: April 22, 2000 [Page 1] Internet Draft October 23 1999 Table of Contents 1. The SNMP Network Management Framework ......................... 3 2. The Intrusion Detection Message Exchange Model ................ 4 3. MIB Model for ID Message Exchanges ............................ 5 4. MIB design .................................................... 6 5. The Intrusion Detection Message MIB ........................... 7 6. Intellectual Property .........................................17 7. Acknowledgements ..............................................17 8. References ....................................................18 Security Considerations ...........................................20 Authors' Addresses ................................................21 Full Copyright Statement ..........................................22 Expires: April 22, 2000 [Page 2] Internet Draft October 23 1999 1. The SNMP Management Framework The SNMP Management Framework presently consists of five major components: o An overall architecture, described in RFC 2571 [RFC2571]. o Mechanisms for describing and naming objects and events for the purpose of management. The first version of this Structure of Management Information (SMI) is called SMIv1 and described in STD 16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC 1215 [RFC1215]. The second version, called SMIv2, is described in STD 58, RFC 2578 [RFC2578], RFC 2579 [RFC2579] and RFC 2580 [RFC2580]. o Message protocols for transferring management information. The first version of the SNMP message protocol is called SNMPv1 and described in STD 15, RFC 1157 [RFC1157]. A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and described in RFC 1901 [RFC1901] and RFC 1906 [RFC1906]. The third version of the message protocol is called SNMPv3 and described in RFC 1906 [RFC1906], RFC 2572 [RFC2572] and RFC 2574 [RFC2574]. o Protocol operations for accessing management information. The first set of protocol operations and associated PDU formats is described in STD 15, RFC 1157 [RFC1157]. A second set of protocol operations and associated PDU formats is described in RFC 1905 [RFC1905]. o A set of fundamental applications described in RFC 2573 [RFC2573] and the view-based access control mechanism described in RFC 2575 [RFC2575]. A more detailed introduction to the current SNMP Management Framework can be found in RFC 2570 [RFC2570]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the mechanisms defined in the SMI. This memo specifies a MIB module that is compliant to the SMIv2. A MIB conforming to the SMIv1 can be produced through the appropriate translations. The resulting translated MIB must be semantically equivalent, except where objects or events are omitted because no translation is possible (use of Counter64). Some machine readable information in SMIv2 will be converted into textual descriptions in SMIv1 during the translation process. However, this loss of machine Expires: April 22, 2000 [Page 3] Internet Draft October 23 1999 readable information is not considered to change the semantics of the MIB. 2. The Intrusion detection Message Exchange model. An Intrusion Detection system (ID1) generally comprises an Analyzer which scans Data Sources for signs of intrusions. When it detects a sign or a signature an event occurs and the analyzer then sends a Message or Alert to the Manager(s). Managers in turn may exchange Messages or Alerts for cooperative or collaborative purposes. ID Message Exchange Model ========================= ............................................................. ID1 : : +------------+------------+ +----------------+ : | | | | | : | | |Message | | : | DataSource | Analyzer |---------->| Manager | : | | ..........|Alert | | : | | : Event | | | : +------------+------------+ +--------X-------+ : ID1 | : ................................................|.............. Message/| ID2 : Alert | : | : | : +--------X-------+ : | | : | | : | Manager | : | | : | | : +----------------+ : Expires: April 22, 2000 [Page 4] Internet Draft October 23 1999 3. MIB Model for ID Message Exchanges. In Intrusion detection and management, the communication between the different components of the system will essentially be event based. Presumably, some components (analysers or agents) will be assigned the tasks for watching some data-sources and looking out for signs of (attepmpted) intrusions or attacks. In case any such sign is detected it is brought to the notice of the Manager. The Manager will then take the appropriate action which may involve relaying the notification and/or carrying out further investigation by talking to peers, higher level managers and/or the entity that originated the notification. The investigation carried out by the manager will possibly involve getting o more information on some of the fields that are present in the messages from the agents. [Maybe using Http, ftp ] o more host-related information on the circumstances under which the intrusion/attack was detected - this may involve fetching further information from the various MIBs of the entity that originated the notification. o more network-related information on the circumstances under which the intrusion/attack was detected - this may involve fetching further information from the various MIBs of the relevant network entities in the network The notification to the manager will take the form of an inform- request. There may be several types of notifications. The constraint on a notification is its size. It is desirable that the packet carrying the notification is not fragmented at the IP level. The MIB defined in this document covers the portion which is specific to the Intrusion Detection Message itself. The other components of information that may be of relevance to the investigation will probably be found in the various MIBs defined. If they are absent then newer MIBs will have to be defined. 4. MIB design. The basic principle has been to keep the MIB as simple as possible. The generic requirements on the message are o ID messages should contain the minimum information required Expires: April 22, 2000 [Page 5] Internet Draft October 23 1999 by the manager to assess the situation correctly and to take appropriate defensive or investigative steps. o ID messages, if carried in UDP datagrams, should not be too large as to require IP fragmentation. Moreover if the SNMP protocol is being used, some managers may not accept SNMP-PDUs that are larger than 484 bytes. Over other transports this problem may not be encountered. The MIB comprises of two parts, the idMesageObjects and idMessages described below. - The idMessageObjects subtree defines the objects that are used in the notifications - The idMessages subtree defines the actual messages. Expires: April 22, 2000 [Page 6] Internet Draft October 23 1999 5. The Intrusion Detection Message MIB. INTRUSION-DETECTION-MESSAGE-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, Counter32, Gauge32, OBJECT-TYPE mib-2 FROM SNMPv2-SMI DateAndTime, TimeStamp FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF SnmpEngineID, SnmpAdminString FROM SNMP-FRAMEWORK-MIB InetEndpointType, IneEndpoint FROM INET-ENDPOINT-MIB URLString FROM NETWORK-SERVICES-MIB; idMIB MODULE-IDENTITY LAST-UPDATED "9910230000Z" -- 23rd October 1999 ORGANIZATION "IETF Intrusion Detection Message Exchange Format Working Group" CONTACT-INFO " Glenn Mansfield Postal: Cyber Solutions Inc. 6-6-3, Minami Yoshinari Aoba-ku, Sendai, Japan 989-3204. Tel: +81-22-303-4012 Fax: +81-22-303-4015 E-mail: glenn@cysols.com Dipankar Gupta Postal: Hewlett Packard Company 690 East Middlefield Road, MS 31R Mountain View California 94043. Tel: +1-650-919-8066 Fax: +1-650-919-8540 E-mail: dipankar_gupta@hp.com Working Group E-mail: idwg-public@zurich.ibm.com To subscribe: idwg-public-request@zurich.ibm.com" DESCRIPTION " The MIB for Intrusion Detection Messages." Expires: April 22, 2000 [Page 7] Internet Draft October 23 1999 -- revision information REVISION "9910230000Z" -- 23rd October 1999 DESCRIPTION "1. fixed a few nits in the MODULE-INDENTITY 2. put the mib under the mib-2 tree 3. editorial changes" REVISION "9908250000Z" -- 25th August 1999 DESCRIPTION "First draft of the idMIB" ::= { mib-2 xxx } -- to be assigned by IANA idMessageObjects OBJECT-IDENTITY STATUS current DESCRIPTION " This is the base object for the objects used in the notifications." ::= {idMIB 1} idMessages OBJECT-IDENTITY STATUS current DESCRIPTION " This is the base object for the objects defining the notifications." ::= {idMIB 2} idMessageLocalAddress OBJECT-TYPE SYNTAX SnmpEngineID MAX-ACCESS read-only STATUS current DESCRIPTION "A local Address associated with the message, The first bit will be 1 and the syntax will be in accordance with the syntax specified in RFC 2571." ::= {idMessageObjects 1} idMessageTimeStamp OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION " The Local date and time when this message was generated." ::= {idMessageObjects 2} idMessageGeneratorProductID OBJECT-TYPE SYNTAX OBJECT IDENTIFIER ACCESS read-only STATUS mandatory Expires: April 22, 2000 [Page 8] Internet Draft October 23 1999 DESCRIPTION "A reference to MIB definitions specific to the analyzer generating the message. If this information is not present, its value should be set to the OBJECT IDENTIFIER { 0 0 }, which is a syntatically valid object identifier." ::= { idMessageObjects 3 } -- the actions will probably be a comma separated list of action -- codes or a pointer to another MIB table from which the actions -- may be fetched. -- -- May be better to put this object as a secondary Object idMessageActionsTaken OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION " The list of automatic actions taken by the originator" ::= {idMessageObjects 4} -- the potential impact taxonomy will need be carried out and then -- the MO will need to be enumerated. idMessagePotentialImpact OBJECT-TYPE SYNTAX INTEGER { other(1), VerySerious(2), Serious(3), Others(4), etc(5) } MAX-ACCESS read-only STATUS current DESCRIPTION " An indication of the potentiall impact of the detected attack/intrusion" ::= {idMessageObjects 5} -- Do the following need to be in the primary set ? -- Probably secondary will be better -- SnmpAdminString length is 255 characters max. It contains -- information represented using the ISO/IEC IS 10646-1 character -- set, encoded using the UTF-8 transformation format to facilitate -- internationalization. Expires: April 22, 2000 [Page 9] Internet Draft October 23 1999 idMessageSysManufacturer OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION " the Manufacturer of the tool that detected the event." ::= {idMessageObjects 6} idMessageSysProductName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION " the name of the product that detected the event." ::= {idMessageObjects 7} idMessageSysVersion OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION " the version number of the tool that detected the event." ::= {idMessageObjects 8} idMessageAttackName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION " the name of the atack, if known. If not known this field will be inaccessile." ::= {idMessageObjects 9} idMessageToolLocation OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION " the location of the tool that detected the event." ::= {idMessageObjects 10} idMessageMoreInfo OBJECT-TYPE SYNTAX OBJECT IDENTIFIER ACCESS read-only STATUS mandatory DESCRIPTION "A reference to MIB definitions specific to this Expires: April 22, 2000 [Page 10] Internet Draft October 23 1999 message. If this information is not present, its value should be set to the OBJECT IDENTIFIER { 0 0 }, which is a syntatically valid object identifier." ::= { idMessageObjects 11} -- we may define an InetEndpointType that points to a range of -- InetEndPoints e.g. 130.34.0.0-130.34.199.255 idMessageSrcInetAddrType OBJECT-TYPE SYNTAX InetEndpointType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of the Internet endpoint that was the attack source." ::= {idMessageObjects 12} idMessageSrcInetAddr OBJECT-TYPE SYNTAX InetEndPoint MAX-ACCESS read-only STATUS current DESCRIPTION " One of the Internet addresses of the entity from which the attack originated, if known. If not known this field will be inaccessible" ::= {idMessageObjects 13} idMessageUserIDOnSrc OBJECT-TYPE SYNTAX SNMPAdminString MAX-ACCESS read-only STATUS current DESCRIPTION " The identifier of the user on the machine originating the attack" ::= {idMessageObjects 14} idMessageDstInetAddrType OBJECT-TYPE SYNTAX InetEndpointType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of the Internet endpoint that was the attack target." ::= {idMessageObjects 15} idMessageDstInetAddr OBJECT-TYPE SYNTAX InetEndpoint MAX-ACCESS read-only STATUS current DESCRIPTION " One of the IP addresses of the entity to which the attack Expires: April 22, 2000 [Page 11] Internet Draft October 23 1999 was destined, if known. If not known, this field will be inaccessible" ::= {idMessageObjects 16} idMessageUserIDOnDst OBJECT-TYPE SYNTAX SNMPAdminString MAX-ACCESS read-only STATUS current DESCRIPTION " The identifier of the user on the target Machine" ::= {idMessageObjects 17} -- Only one advisory is provisioned for idMessageAdvisory OBJECT-TYPE SYNTAX URLString MAX-ACCESS read-only STATUS current DESCRIPTION " URL of the related advisory, if any" ::= {idMessageObjects 18} -- semantics of "degree of confidence needs to be well defined -- what happens when the message is not generated - just relayed? idMessageDegreeOfConfidence OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION " A measure of the degree of confidence the originator has on the report it is generating" ::= {idMessageObjects 19} idMessageFileID OBJECT-TYPE SYNTAX SNMPAdminString MAX-ACCESS read-only STATUS current DESCRIPTION " The full path and name of the file that is being accessed" ::= {idMessageObjects 20} idMessageProcessID OBJECT-TYPE SYNTAX SNMPAdminString MAX-ACCESS read-only STATUS current DESCRIPTION " The identifier of the process involved in the illegal access" ::= {idMessageObjects 21} Expires: April 22, 2000 [Page 12] Internet Draft October 23 1999 idMessageSrcPort OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION " The port number from where the attack has originated " ::= {idMessageObjects 22} idMessageDstPort OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION " The port number to which the attack is destined " ::= {idMessageObjects 23} -- Interaction table ? -- It may contain statistical data on the peer -- Managers with which the monitored Manager -- interacts or, attempts to interact. This table is -- It may provide a useful insight into the performance -- of the ID system on a large scale -- The control may be carried out using the SNMP tables available -- for configuring Informs. -- How many types of messages do we have - below there is only one idMessageGeneric NOTIFICATION-TYPE OBJECTS { idMessageLocalAddress idMessageTimeStamp idMessageGeneratorProductID idMessageActionsTaken idMessagePotentialImpact idMessageAttackName idMessageToolLocation idMessageMoreInfo idMessageAdvisory idMessageDegreeOfConfidence } STATUS current DESCRIPTION " This is the generic message that is sent when an intrusion is detected." ::= {idMessages 0 1} idMessageLocal NOTIFICATION-TYPE Expires: April 22, 2000 [Page 13] Internet Draft October 23 1999 OBJECTS { idMessageLocalAddress idMessageTimeStamp idMessageGeneratorProductID idMessageActionsTaken idMessagePotentialImpact idMessageAttackName idMessageToolLocation idMessageMoreInfo idMessageAdvisory idMessageDegreeOfConfidence idMessageFileID idMessageProcessID } STATUS current DESCRIPTION " This is the generic message that is sent when an intrusion is detected." ::= {idMessages 0 2} idMessageNetwork NOTIFICATION-TYPE OBJECTS { idMessageLocalAddress idMessageTimeStamp idMessageGeneratorProductID idMessageActionsTaken idMessagePotentialImpact idMessageAttackName idMessageToolLocation idMessageMoreInfo idMessageSrcInetAddrType idMessageSrcInetAddr idMessageDstInetAddrType idMessageDstInetAddr idMessageAdvisory idMessageDegreeOfConfidence } STATUS current DESCRIPTION " This is the generic message that is sent when an intrusion is detected." ::= {idMessages 0 3} Expires: April 22, 2000 [Page 14] Internet Draft October 23 1999 -- Conformance information idConformance OBJECT IDENTIFIER ::= { idMIB 4 } idGroups OBJECT IDENTIFIER ::= { idConformance 1 } idCompliances OBJECT IDENTIFIER ::= { idConformance 2 } -- Compliance statements idMessageCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities which implement the INTRUSION-DETECTION-MESSAGE-MIB." MODULE -- this module MANDATORY-GROUPS { idMessageGroup } ::= { idCompliances 1 } .bp -- Units of conformance idMessageGroup OBJECT-GROUP OBJECTS { idMessageLocalAddress idMessageTimeStamp idMessageGeneratorProductID idMessageActionsTaken idMessagePotentialImpact idMessageSysManufacturer idMessageSysProductName idMessageSysVersion idMessageAttackName idMessageToolLocation idMessageMoreInfo idMessageSrcInetAddrType idMessageSrcInetAddr idMessageUserIDOnSrc idMessageDstInetAddrType idMessageDstInetAddr idMessageUserIDOnDst idMessageAdvisory idMessageDegreeOfConfidence idMessageFileID idMessageProcessID idMessageSrcPort idMessageDstPort Expires: April 22, 2000 [Page 15] Internet Draft October 23 1999 } STATUS current DESCRIPTION " A collection of objects for generation and despatch of messages pertaining to Intrusions detected." ::= { idGroups 1 } END Expires: April 22, 2000 [Page 16] Internet Draft October 23 1999 6. Intellectual Property The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director. 7. Acknowledgements This draft is the product of discussions and deliberations carried out in the IETF intrusion detection message exchange format working group (ietf-idwg-wg). Expires: April 22, 2000 [Page 17] Internet Draft October 23 1999 References [RFC2571] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing SNMP Management Frameworks", RFC 2571, April 1999 [RFC1155] Rose, M., and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", STD 16, RFC 1155, May 1990 [RFC1212] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 1212, March 1991 [RFC1215] M. Rose, "A Convention for Defining Traps for use with the SNMP", RFC 1215, March 1991 [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999 [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999 [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999 [RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network Management Protocol", STD 15, RFC 1157, May 1990. [RFC1901] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, January 1996. [RFC1906] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, January 1996. [RFC2572] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, April 1999 [RFC2574] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, April 1999 Expires: April 22, 2000 [Page 18] Internet Draft October 23 1999 [RFC1905] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996. [RFC2573] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 2573, April 1999 [RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network [RFC2570] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to Version 3 of the Internet-standard Network Management Framework", RFC 2570, April 1999 [INETMIB] http://www.ietf.org/internet-drafts/draft-ops-endpoint-mib-00.txt - work in progress. Expires: April 22, 2000 [Page 19] Internet Draft October 23 1999 Security Considerations There are management objects defined in this MIB that have a MAX- ACCESS clause of read-write and read-create. There is the risk that an intruder can alter or create any management objects of this MIB via direct SNMP SET operations. So, care must be taken to put in place the security provisions of SNMP for authentication and access control. Not all versions of SNMP provide features for such a secure environment. SNMPv1 by itself is such an insecure environment. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET (read) and SET (write) the objects in this MIB. It is strongly recommended that the implementors consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User-based Security Model RFC 2274 [RFC2274] and the View-based Access Control Model RFC 2275 [RFC2275] is recommended. It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB, is properly configured to give access to those objects only to those principals (users) that have legitimate rights to access them. Expires: April 22, 2000 [Page 20] Internet Draft October 23 1999 Authors' Addresses Glenn Mansfield Cyber Solutions Inc. 6-6-3 Minami Yoshinari Aoba-ku, Sendai 989-3204 Japan Phone: +81-22-303-4012 EMail: glenn@cysols.com Dipankar Gupta Hewlett Packard Company 690 East Middlefield Road, MS 31R Mountain View California 94043. Phone: +1-650-919-8066 E-mail: dipankar_gupta@hp.com Expires: April 22, 2000 [Page 21] Internet Draft October 23 1999 Full Copyright statement "Copyright (C) The Internet Society (date). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implmentation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." Expires: April 22, 2000 [Page 22]