| draft-ietf-dhc-stable-privacy-addresses-00.txt | draft-ietf-dhc-stable-privacy-addresses-01.txt | |||
|---|---|---|---|---|
| Dynamic Host Configuration (dhc) F. Gont | Dynamic Host Configuration (dhc) F. Gont | |||
| Internet-Draft SI6 Networks / UTN-FRH | Internet-Draft SI6 Networks / UTN-FRH | |||
| Intended status: Standards Track W. Liu | Intended status: Standards Track W. Liu | |||
| Expires: April 4, 2015 Huawei Technologies | Expires: August 22, 2015 Huawei Technologies | |||
| October 1, 2014 | February 18, 2015 | |||
| A Method for Generating Semantically Opaque Interface Identifiers with | A Method for Generating Semantically Opaque Interface Identifiers with | |||
| Dynamic Host Configuration Protocol for IPv6 (DHCPv6) | Dynamic Host Configuration Protocol for IPv6 (DHCPv6) | |||
| draft-ietf-dhc-stable-privacy-addresses-00 | draft-ietf-dhc-stable-privacy-addresses-01 | |||
| Abstract | Abstract | |||
| This document specifies a method for selecting IPv6 Interface | This document specifies a method for selecting IPv6 Interface | |||
| Identifiers, to be employed by Dynamic Host Configuration Protocol | Identifiers, to be employed by Dynamic Host Configuration Protocol | |||
| for IPv6 (DHCPv6) servers when leasing non-temporary IPv6 addresses | for IPv6 (DHCPv6) servers when leasing non-temporary IPv6 addresses | |||
| to DHCPv6 clients. This method is a DHCPv6 server side algorithm, | to DHCPv6 clients. This method is a DHCPv6 server side algorithm, | |||
| that does not require any updates to the existing DHCPv6 | that does not require any updates to the existing DHCPv6 | |||
| specifications. The aforementioned method results in stable | specifications. The aforementioned method results in stable | |||
| addresses within each subnet, even in the presence of multiple DHCPv6 | addresses within each subnet, even in the presence of multiple DHCPv6 | |||
| servers or even DHCPv6 server reinstallments. It is a DHCPv6-variant | servers or DHCPv6 server reinstallments. It is a DHCPv6-variant of | |||
| of the method specified in RFC 7217 for IPv6 Stateless Address | the method specified in RFC 7217 for IPv6 Stateless Address | |||
| Autoconfiguration. | Autoconfiguration. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on April 4, 2015. | This Internet-Draft will expire on August 22, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Method Specification . . . . . . . . . . . . . . . . . . . . 3 | 3. Method Specification . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . 6 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 6 | |||
| 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 | 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 7.1. Normative References . . . . . . . . . . . . . . . . . . 7 | 7.1. Normative References . . . . . . . . . . . . . . . . . . 7 | |||
| 7.2. Informative References . . . . . . . . . . . . . . . . . 7 | 7.2. Informative References . . . . . . . . . . . . . . . . . 7 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 1. Introduction | 1. Introduction | |||
| Stable IPv6 addresses tend to simplify event logging, trouble- | Stable IPv6 addresses tend to simplify event logging, trouble- | |||
| shooting, enforcement of access controls and quality of service, etc. | shooting, enforcement of access controls and quality of service, etc. | |||
| However, there are a number of scenarios in which a host employing | However, there are a number of scenarios in which a host employing | |||
| skipping to change at page 2, line 48 | skipping to change at page 2, line 48 | |||
| for IPv6 (DHCPv6) servers when leasing non-temporary IPv6 addresses | for IPv6 (DHCPv6) servers when leasing non-temporary IPv6 addresses | |||
| to DHCPv6 clients (i.e., to be employed with IA_NA options). This | to DHCPv6 clients (i.e., to be employed with IA_NA options). This | |||
| method is a DHCPv6 server side algorithm, that does not require any | method is a DHCPv6 server side algorithm, that does not require any | |||
| updates to the existing DHCPv6 specifications. The aforementioned | updates to the existing DHCPv6 specifications. The aforementioned | |||
| method has the following properties: | method has the following properties: | |||
| o The resulting IPv6 addresses remain stable within each subnet for | o The resulting IPv6 addresses remain stable within each subnet for | |||
| the same network interface of the same client, even when different | the same network interface of the same client, even when different | |||
| DHCPv6 servers (implementing this specification) are employed. | DHCPv6 servers (implementing this specification) are employed. | |||
| o It must be difficult for an outsider to predict the IPv6 addresses | o Predicting the IPv6 addresses that will be generated by the method | |||
| that will be generated by the method specified in this document, | specified in this document, even with knowledge of the IPv6 | |||
| even with knowledge of the IPv6 addresses generated for other | addresses generated for other nodes within the same network, | |||
| nodes within the same network. | becomes very difficult. | |||
| The method specified in this document achieves the aforementioned | The method specified in this document achieves the aforementioned | |||
| goals by means of a calculated technique as opposed to e.g. state- | properties by means of a calculated technique as opposed to e.g. | |||
| sharing among DHCPv6 servers . This approach has been already | state- sharing among DHCPv6 servers. This approach has been already | |||
| suggested in [RFC7031]. We note that the method specified in this | suggested in [RFC7031]. We note that the method specified in this | |||
| document is essentially a DHCPv6-version of the "Method for | document is essentially a DHCPv6-version of the "Method for | |||
| Generating Semantically Opaque Interface Identifiers with IPv6 | Generating Semantically Opaque Interface Identifiers with IPv6 | |||
| Stateless Address Autoconfiguration (SLAAC)" specified in [RFC7217]. | Stateless Address Autoconfiguration (SLAAC)" specified in [RFC7217]. | |||
| 2. Terminology | 2. Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in RFC 2119 [RFC2119]. | document are to be interpreted as described in RFC 2119 [RFC2119]. | |||
| skipping to change at page 3, line 29 | skipping to change at page 3, line 29 | |||
| 3. Method Specification | 3. Method Specification | |||
| DHCPv6 server implementations conforming to this specification MUST | DHCPv6 server implementations conforming to this specification MUST | |||
| generate non-temporary IPv6 addresses using the algorithm specified | generate non-temporary IPv6 addresses using the algorithm specified | |||
| in this section. | in this section. | |||
| Implementations conforming to this specification SHOULD provide the | Implementations conforming to this specification SHOULD provide the | |||
| means for a system administrator to enable or disable the use of this | means for a system administrator to enable or disable the use of this | |||
| algorithm for generating IPv6 addresses. | algorithm for generating IPv6 addresses. | |||
| Unless otherwise noted, all of the parameters included in the | All of the parameters included in the expression below MUST be | |||
| expression below MUST be included when generating an IPv6 address. | included when generating an IPv6 address. | |||
| A DHCPv6 server implementing this specification must select the IPv6 | ||||
| addresses to be leased with the following algorithm: | ||||
| 1. Compute a random (but stable) identifier with the expression: | 1. Compute a random (but stable) identifier with the expression: | |||
| RID = F(Prefix | Client_DUID | IAID | Counter | secret_key) | RID = F(IPV6_ADDR_HI | IPV6_ADDR_LOW | Client_DUID | IAID | | |||
| Counter | secret_key) | ||||
| Where: | Where: | |||
| RID: | RID: | |||
| Random (but stable) Identifier | Random (but stable) Identifier | |||
| F(): | F(): | |||
| A pseudorandom function (PRF) that MUST NOT be computable from | A pseudorandom function (PRF) that MUST NOT be computable from | |||
| the outside (without knowledge of the secret key). F() MUST | the outside (without knowledge of the secret key). F() MUST | |||
| also be difficult to reverse, such that it resists attempts to | also be difficult to reverse, such that it resists attempts to | |||
| skipping to change at page 4, line 10 | skipping to change at page 4, line 13 | |||
| be implemented as a cryptographic hash of the concatenation of | be implemented as a cryptographic hash of the concatenation of | |||
| each of the function parameters. The default algorithm to be | each of the function parameters. The default algorithm to be | |||
| employed for F() SHOULD be SHA-1 [FIPS-SHS]. An | employed for F() SHOULD be SHA-1 [FIPS-SHS]. An | |||
| implementation MAY provide the means for selecting other other | implementation MAY provide the means for selecting other other | |||
| algorithms (e.g., SHA-256) for F(). Note: MD5 [RFC1321] is | algorithms (e.g., SHA-256) for F(). Note: MD5 [RFC1321] is | |||
| considered unacceptable for F() [RFC6151]. | considered unacceptable for F() [RFC6151]. | |||
| |: | |: | |||
| An operator representing "concatenation". | An operator representing "concatenation". | |||
| Prefix: | IPV6_ADDR_HI: | |||
| A prefix that represents an IPv6 address pool from which the | An IPv6 address specifying the upper boundary of the IPv6 | |||
| DHCPv6 server will assign addresses. That is, this algorithm | address pool from which the DHCPv6 server leases IPv6 | |||
| REQUIRES that the DHCPv6 server manages all the IPv6 address | addresses. It MUST be represented as a 128-bit unsigned | |||
| space within a specified prefix (as opposed to, e.g., an | integer in network byte order. If multiple servers operate on | |||
| address range that cannot be represented with a prefix | the same network to provide increased availability, all such | |||
| notation) and that it can be configured with such a prefix. | DHCPv6 servers MUST be configured with the address range | |||
| If multiple servers operate on the same network to provide | (i.e., the same IPV6_ADDR_HI and IPV6_ADDR_LOW parameters). | |||
| increased availability, all such DHCPv6 servers MUST be | It is the administrator's responsibility that the | |||
| configured with the same Prefix. It is the administrator's | aforementioned requirement is met. | |||
| responsibility that the aforementioned requirement is met. | ||||
| IPV6_ADDR_LOW: | ||||
| An IPv6 address specifying the lower boundary of the IPv6 | ||||
| address pool from which the DHCPv6 server leases IPv6 | ||||
| addresses. It MUST be represented as a 128-bit unsigned | ||||
| integer in network byte order. If multiple servers operate on | ||||
| the same network to provide increased availability, all such | ||||
| DHCPv6 servers MUST be configured with the address range | ||||
| (i.e., the same IPV6_ADDR_HI and IPV6_ADDR_LOW parameters). | ||||
| It is the administrator's responsibility that the | ||||
| aforementioned requirement is met. | ||||
| Client_DUID: | Client_DUID: | |||
| The DUID value contained in the Client Identifier option | The DUID value contained in the Client Identifier option | |||
| received in the client message. | received in the DHCPv6 client message. The DUID can be | |||
| treated as an array of 8-bit unsigned integers. | ||||
| IAID: | IAID: | |||
| The IAID value contained in the IA_NA option received in the | The IAID value contained in the IA_NA option received in the | |||
| client message. | client message. It MUST be interpreted as a 32-bit unsigned | |||
| integer in network byte order. | ||||
| Counter: | Counter: | |||
| A variable that is employed to resolve address conflicts. It | A 32-bit unsigned integer in network byte order, that is | |||
| MUST be initialized to 0. | employed to resolve address conflicts. It MUST be initialized | |||
| to 0. | ||||
| secret_key: | secret_key: | |||
| A secret key configured by the DHCPv6 server administrator, | A secret key configured by the DHCPv6 server administrator, | |||
| which MUST NOT be known by the attacker. An implementation of | which MUST NOT be known by the attacker. It MUST be encoded | |||
| as an array of 8-bit unsigned integers containing the ASCII | ||||
| codes corresponding to the secret key. An implementation of | ||||
| this specification MUST provide an interface for viewing and | this specification MUST provide an interface for viewing and | |||
| changing the secret key. All DHCPv6 servers leasing addresses | changing the secret key. All DHCPv6 servers leasing addresses | |||
| from the same Prefix MUST employ the same secret key. | from the same address range MUST employ the same secret key. | |||
| 2. The Interface Identifier is obtained by taking as many bits from | 2. A candidate IPv6 address to be leased is obtained as follows: | |||
| the RID value (computed in the previous step) as necessary, | ||||
| starting from the least significant bit. | IPV6_ADDRESS = IPV6_ADDR_LOW + RID % (IPV6_ADDR_HI - | |||
| IPV6_ADDR_LOW + 1) | ||||
| We note that [RFC4291] requires that, the Interface IDs of all | We note that [RFC4291] requires that, the Interface IDs of all | |||
| unicast addresses (except those that start with the binary | unicast addresses (except those that start with the binary | |||
| value 000) be 64-bit long. However, the method discussed in | value 000) be 64-bit long. The method discussed in this | |||
| this document could be employed for generating Interface IDs | document can be employed for generating IPv6 addresses for any | |||
| of any arbitrary length, albeit at the expense of reduced | address range (e.g., smaller than 2**64 bits), albeit at the | |||
| entropy (when employing Interface IDs smaller than 64 bits). | expense of reduced entropy (when the address range is smaller | |||
| than than of a full 64-bit subnet). | ||||
| The resulting Interface Identifier MUST be compared against the | 3. The Interface Identifier of the selected IPv6 address MUST be | |||
| reserved IPv6 Interface Identifiers [RFC5453] | compared against the reserved IPv6 Interface Identifiers | |||
| [IANA-RESERVED-IID]. In the event that an unacceptable | [RFC5453] [IANA-RESERVED-IID]. In the event that an unacceptable | |||
| identifier has been generated, the Counter variable should be | identifier has been generated, the Counter variable should be | |||
| incremented by 1, and a new Interface ID should be computed with | incremented by 1, and a new IPv6 address (RID and subsequent | |||
| the updated Counter value. | IPV6_ADDRESS) should be computed with the updated Counter value. | |||
| 3. The IPv6 address is finally obtained by concatenating the Prefix | 4. If the resulting address is not available (e.g., there is a | |||
| with the Interface Identifier obtained in the previous step. If | ||||
| the resulting address is not available (e.g., there is a | ||||
| conflicting binding), the server should increment the Counter | conflicting binding), the server should increment the Counter | |||
| variable, and a new Interface ID and IPv6 address should be | variable, and a new Interface ID and IPv6 address should be | |||
| computed with the updated Counter value. | computed with the updated Counter value. | |||
| This document requires that SHA-1 be the default function to be used | This document requires that SHA-1 be the default function to be used | |||
| for F(), such that, all other configuration parameters being the | for F(), such that, all other configuration parameters being the | |||
| same, different implementations of this specification result in the | same, different implementations of this specification result in the | |||
| same IPv6 addresses. | same IPv6 addresses. | |||
| Including the Prefix in the PRF computation causes the Interface | Including the address range in the PRF computation causes the | |||
| Identifier to for each address from a different prefix assigned to | Interface Identifier to be different for each IPv6 address leased | |||
| the same client. This mitigates the correlation of activities of | from a different address range to the same client. This mitigates | |||
| multi-homed nodes (since each of the corresponding addresses will | the correlation of activities of multi-homed nodes (since each of the | |||
| employ a different Interface ID), host-tracking (since the network | corresponding addresses will employ a different Interface ID), host- | |||
| prefix will change as the node moves from one network to another), | tracking (since the network prefix will change as the node moves from | |||
| and any other attacks that benefit from predictable Interface | one network to another), and any other attacks that benefit from | |||
| Identifiers (such as IPv6 address scanning attacks) | predictable Interface Identifiers (such as IPv6 address scanning | |||
| [I-D.ietf-6man-ipv6-address-generation-privacy]. | attacks) [I-D.ietf-6man-ipv6-address-generation-privacy]. | |||
| As required by [RFC3315], an IAID is associated with each of the | As required by [RFC3315], an IAID is associated with each of the | |||
| client's network interfaces, and is consistent across restarts of the | client's network interfaces, and is consistent across restarts of the | |||
| DHCP client. | DHCPv6 client. | |||
| The Counter parameter provides the means to intentionally cause this | The Counter parameter provides the means to intentionally cause this | |||
| algorithm to produce a different IPv6 addresses (all other parameters | algorithm to produce different IPv6 addresses (all other parameters | |||
| being the same). This could be necessary to resolve address | being the same). This could be necessary to resolve address | |||
| conflicts (e.g. the resulting address having a conflicting binding). | conflicts (e.g. the resulting address having a conflicting binding). | |||
| Note that the result of F() in the algorithm above is no more secure | Note that the result of F() in the algorithm above is no more secure | |||
| than the secret key. If an attacker is aware of the PRF that is | than the secret key. If an attacker is aware of the PRF that is | |||
| being used by the DHCPv6 server (which we should expect), and the | being used by the DHCPv6 server (which we should expect), and the | |||
| attacker can obtain enough material (i.e. addresses generated by the | attacker can obtain enough material (i.e. addresses generated by the | |||
| DHCPv6 server), the attacker may simply search the entire secret-key | DHCPv6 server), the attacker may simply search the entire secret-key | |||
| space to find matches. To protect against this, the secret key | space to find matches. To protect against this, the secret key | |||
| SHOULD be of at least 128 bits. Key lengths of at least 128 bits | SHOULD be of at least 128 bits. Key lengths of at least 128 bits | |||
| skipping to change at page 6, line 43 | skipping to change at page 7, line 13 | |||
| [I-D.ietf-opsec-ipv6-host-scanning] are mitigated. | [I-D.ietf-opsec-ipv6-host-scanning] are mitigated. | |||
| The method specified in this document neither mitigates nor | The method specified in this document neither mitigates nor | |||
| exacerbates the security considerations for DHCPv6 discussed in | exacerbates the security considerations for DHCPv6 discussed in | |||
| [RFC3315]. | [RFC3315]. | |||
| 6. Acknowledgements | 6. Acknowledgements | |||
| This document is based on [RFC7217], authored by Fernando Gont. | This document is based on [RFC7217], authored by Fernando Gont. | |||
| The authors would like to thank Tatuya Jinmei for providing valuable | The authors would like to thank Stephane Bortzmeyer, Tatuya Jinmei, | |||
| comments on earlier versions of this documents. | Andre Kostur, Tomek Mrugalski, Hosnieh Rafiee, Jean-Francois | |||
| Tremblay, Tina Tsou, and Bernie Volz, for providing valuable comments | ||||
| on earlier versions of this documents. | ||||
| The authors would like to thank Ted Lemon, who kindly answered some | The authors would like to thank Ted Lemon, who kindly answered some | |||
| DHCPv6-related questions. | DHCPv6-related questions. | |||
| 7. References | 7. References | |||
| 7.1. Normative References | 7.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| skipping to change at page 7, line 39 | skipping to change at page 8, line 8 | |||
| [FIPS-SHS] | [FIPS-SHS] | |||
| FIPS, , "Secure Hash Standard (SHS)", Federal Information | FIPS, , "Secure Hash Standard (SHS)", Federal Information | |||
| Processing Standards Publication 180-4, March 2012, | Processing Standards Publication 180-4, March 2012, | |||
| <http://csrc.nist.gov/publications/fips/fips180-4/ | <http://csrc.nist.gov/publications/fips/fips180-4/ | |||
| fips-180-4.pdf>. | fips-180-4.pdf>. | |||
| [I-D.ietf-6man-ipv6-address-generation-privacy] | [I-D.ietf-6man-ipv6-address-generation-privacy] | |||
| Cooper, A., Gont, F., and D. Thaler, "Privacy | Cooper, A., Gont, F., and D. Thaler, "Privacy | |||
| Considerations for IPv6 Address Generation Mechanisms", | Considerations for IPv6 Address Generation Mechanisms", | |||
| draft-ietf-6man-ipv6-address-generation-privacy-01 (work | draft-ietf-6man-ipv6-address-generation-privacy-03 (work | |||
| in progress), February 2014. | in progress), January 2015. | |||
| [I-D.ietf-opsec-ipv6-host-scanning] | [I-D.ietf-opsec-ipv6-host-scanning] | |||
| Gont, F. and T. Chown, "Network Reconnaissance in IPv6 | Gont, F. and T. Chown, "Network Reconnaissance in IPv6 | |||
| Networks", draft-ietf-opsec-ipv6-host-scanning-04 (work in | Networks", draft-ietf-opsec-ipv6-host-scanning-06 (work in | |||
| progress), June 2014. | progress), February 2015. | |||
| [IANA-RESERVED-IID] | [IANA-RESERVED-IID] | |||
| Reserved IPv6 Interface Identifiers, , | Reserved IPv6 Interface Identifiers, , | |||
| "http://www.iana.org/assignments/ipv6-interface-ids/ | "http://www.iana.org/assignments/ipv6-interface-ids/ | |||
| ipv6-interface-ids.xml", . | ipv6-interface-ids.xml", . | |||
| [RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, | [RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, | |||
| April 1992. | April 1992. | |||
| [RFC6151] Turner, S. and L. Chen, "Updated Security Considerations | [RFC6151] Turner, S. and L. Chen, "Updated Security Considerations | |||
| End of changes. 28 change blocks. | ||||
| 66 lines changed or deleted | 88 lines changed or added | |||
This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||