draft-ietf-netmod-system-mgmt-11.txt   draft-ietf-netmod-system-mgmt-12.txt 
Network Working Group A. Bierman Network Working Group A. Bierman
Internet-Draft YumaWorks Internet-Draft YumaWorks
Intended status: Standards Track M. Bjorklund Intended status: Standards Track M. Bjorklund
Expires: July 24, 2014 Tail-f Systems Expires: August 17, 2014 Tail-f Systems
January 20, 2014 February 13, 2014
A YANG Data Model for System Management A YANG Data Model for System Management
draft-ietf-netmod-system-mgmt-11 draft-ietf-netmod-system-mgmt-12
Abstract Abstract
This document defines a YANG data model for the configuration and This document defines a YANG data model for the configuration and
identification of some common system properties within a device identification of some common system properties within a device
containing a NETCONF server. This includes data node definitions for containing a NETCONF server. This includes data node definitions for
system identification, time-of-day management, user management, DNS system identification, time-of-day management, user management, DNS
resolver configuration, and some protocol operations for system resolver configuration, and some protocol operations for system
management. management.
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 24, 2014. This Internet-Draft will expire on August 17, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 43 skipping to change at page 2, line 43
8.1. 00-01 . . . . . . . . . . . . . . . . . . . . . . . . . . 34 8.1. 00-01 . . . . . . . . . . . . . . . . . . . . . . . . . . 34
8.2. 01-02 . . . . . . . . . . . . . . . . . . . . . . . . . . 34 8.2. 01-02 . . . . . . . . . . . . . . . . . . . . . . . . . . 34
8.3. 02-03 . . . . . . . . . . . . . . . . . . . . . . . . . . 34 8.3. 02-03 . . . . . . . . . . . . . . . . . . . . . . . . . . 34
8.4. 03-04 . . . . . . . . . . . . . . . . . . . . . . . . . . 34 8.4. 03-04 . . . . . . . . . . . . . . . . . . . . . . . . . . 34
8.5. 04-05 . . . . . . . . . . . . . . . . . . . . . . . . . . 34 8.5. 04-05 . . . . . . . . . . . . . . . . . . . . . . . . . . 34
8.6. 05-06 . . . . . . . . . . . . . . . . . . . . . . . . . . 35 8.6. 05-06 . . . . . . . . . . . . . . . . . . . . . . . . . . 35
8.7. 06-07 . . . . . . . . . . . . . . . . . . . . . . . . . . 35 8.7. 06-07 . . . . . . . . . . . . . . . . . . . . . . . . . . 35
8.8. 07-08 . . . . . . . . . . . . . . . . . . . . . . . . . . 36 8.8. 07-08 . . . . . . . . . . . . . . . . . . . . . . . . . . 36
8.9. 08-09 . . . . . . . . . . . . . . . . . . . . . . . . . . 36 8.9. 08-09 . . . . . . . . . . . . . . . . . . . . . . . . . . 36
8.10. 09-10 . . . . . . . . . . . . . . . . . . . . . . . . . . 36 8.10. 09-10 . . . . . . . . . . . . . . . . . . . . . . . . . . 36
8.11. 11-12 . . . . . . . . . . . . . . . . . . . . . . . . . . 36
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 37 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 37
9.1. Normative References . . . . . . . . . . . . . . . . . . . 37 9.1. Normative References . . . . . . . . . . . . . . . . . . . 37
9.2. Informative References . . . . . . . . . . . . . . . . . . 38 9.2. Informative References . . . . . . . . . . . . . . . . . . 38
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 39 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 39
1. Introduction 1. Introduction
This document defines a YANG [RFC6020] data model for the This document defines a YANG [RFC6020] data model for the
configuration and identification of some common properties within a configuration and identification of some common properties within a
device containing a NETCONF server. device containing a NETCONF server.
skipping to change at page 5, line 28 skipping to change at page 5, line 28
2.2. System Time Management 2.2. System Time Management
The management of the date and time used by the system need to be The management of the date and time used by the system need to be
supported. Use of one or more NTP servers to automatically set the supported. Use of one or more NTP servers to automatically set the
system date and time need to be possible. Utilization of the system date and time need to be possible. Utilization of the
Timezone database [RFC6557] also need to be supported. It should be Timezone database [RFC6557] also need to be supported. It should be
possible to configure the system to use NTP. possible to configure the system to use NTP.
2.3. User Authentication 2.3. User Authentication
The authentication mechanism need to support password authentication The authentication mechanism needs to support password authentication
over RADIUS, to support deployment scenarios with centralized over RADIUS, to support deployment scenarios with centralized
authentication servers. Additionally, local users need to be authentication servers. Additionally, local users need to be
supported, for scenarios when no centralized authentication server supported, for scenarios when no centralized authentication server
exists, or for situations where the centralized authentication server exists, or for situations where the centralized authentication server
cannot be reached from the device. cannot be reached from the device.
Since the mandatory transport protocol for NETCONF is SSH [RFC6242] Since the mandatory transport protocol for NETCONF is SSH [RFC6242]
the authentication model need to support SSH's "publickey" and the authentication model needs to support SSH's "publickey" and
"password" authentication methods [RFC4252]. "password" authentication methods [RFC4252].
The model for authentication configuration should be flexible enough The model for authentication configuration should be flexible enough
to support authentication methods defined by other standard documents to support authentication methods defined by other standard documents
or by vendors. It should be possible to configure the system or by vendors. It should be possible to configure the system
authentication properties. authentication properties.
2.4. DNS Resolver 2.4. DNS Resolver
The configuration of the DNS resolver within the system containing The configuration of the DNS resolver within the system containing
skipping to change at page 7, line 30 skipping to change at page 7, line 30
+--ro machine? string +--ro machine? string
3.2. System Time Management 3.2. System Time Management
The data model for system time management has the following The data model for system time management has the following
structure: structure:
+--rw system +--rw system
| +--rw clock | +--rw clock
| | +--rw (timezone)? | | +--rw (timezone)?
| | +--:(timezone-location) | | +--:(timezone-name)
| | | +--rw timezone-location? ianatz:iana-timezone | | | +--rw timezone-name? timezone-name
| | +--:(timezone-utc-offset) | | +--:(timezone-utc-offset)
| | +--rw timezone-utc-offset? int16 | | +--rw timezone-utc-offset? int16
| +--rw ntp! | +--rw ntp!
| +--rw enabled? boolean | +--rw enabled? boolean
| +--rw server* [name] | +--rw server* [name]
| +--rw name string | +--rw name string
| +--rw (transport) | +--rw (transport)
| | +--:(udp) | | +--:(udp)
| | +--rw udp | | +--rw udp
| | +--rw address inet:host | | +--rw address inet:host
skipping to change at page 12, line 8 skipping to change at page 12, line 8
| contact | sysContact | | contact | sysContact |
| location | sysLocation | | location | sysLocation |
+----------------+-------------------+ +----------------+-------------------+
YANG interface configuration data nodes and related SNMPv2-MIB YANG interface configuration data nodes and related SNMPv2-MIB
objects objects
5. System YANG module 5. System YANG module
This YANG module imports YANG extensions from [RFC6536], and imports This YANG module imports YANG extensions from [RFC6536], and imports
YANG types from [RFC6991] and [I-D.ietf-netmod-iana-timezones]. It YANG types from [RFC6991]. It also references [RFC1035], [RFC1321],
also references [RFC1035], [RFC1321], [RFC2865], [RFC3418], [RFC2865], [RFC3418], [RFC5607], [RFC5966], [RFC6557],
[RFC5607], [RFC5966], [IEEE-1003.1-2008], and [FIPS.180-3.2008]. [IEEE-1003.1-2008], and [FIPS.180-3.2008].
RFC Ed.: update the date below with the date of RFC publication and RFC Ed.: update the date below with the date of RFC publication and
remove this note. remove this note.
<CODE BEGINS> file "ietf-system@2013-12-23.yang" <CODE BEGINS> file "ietf-system@2014-02-13.yang"
module ietf-system { module ietf-system {
namespace "urn:ietf:params:xml:ns:yang:ietf-system"; namespace "urn:ietf:params:xml:ns:yang:ietf-system";
prefix "sys"; prefix "sys";
import ietf-yang-types { import ietf-yang-types {
prefix yang; prefix yang;
} }
import ietf-inet-types { import ietf-inet-types {
skipping to change at page 12, line 44 skipping to change at page 12, line 44
prefix ianatz; prefix ianatz;
} }
organization organization
"IETF NETMOD (NETCONF Data Modeling Language) Working Group"; "IETF NETMOD (NETCONF Data Modeling Language) Working Group";
contact contact
"WG Web: <http://tools.ietf.org/wg/netmod/> "WG Web: <http://tools.ietf.org/wg/netmod/>
WG List: <mailto:netmod@ietf.org> WG List: <mailto:netmod@ietf.org>
WG Chair: David Kessens WG Chair: Thomas Nadeau
<mailto:david.kessens@nsn.com> <mailto:tnadeau@lucidvision.com>
WG Chair: Juergen Schoenwaelder WG Chair: Juergen Schoenwaelder
<mailto:j.schoenwaelder@jacobs-university.de> <mailto:j.schoenwaelder@jacobs-university.de>
Editor: Andy Bierman Editor: Andy Bierman
<mailto:andy@yumaworks.com> <mailto:andy@yumaworks.com>
Editor: Martin Bjorklund Editor: Martin Bjorklund
<mailto:mbj@tail-f.com>"; <mailto:mbj@tail-f.com>";
description description
"This module contains a collection of YANG definitions for the "This module contains a collection of YANG definitions for the
configuration and identification of some common system configuration and identification of some common system
properties within a device containing a NETCONF server. This properties within a device containing a NETCONF server. This
includes data node definitions for system identification, includes data node definitions for system identification,
time-of-day management, user management, DNS resolver time-of-day management, user management, DNS resolver
configuration, and some protocol operations for system configuration, and some protocol operations for system
management. management.
Copyright (c) 2013 IETF Trust and the persons identified as Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved. authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
// RFC Ed.: replace XXXX with actual RFC number and remove this // RFC Ed.: replace XXXX with actual RFC number and remove this
// note. // note.
// RFC Ed.: remove this note // RFC Ed.: remove this note
// Note: extracted from draft-ietf-netmod-system-mgmt-07.txt // Note: extracted from draft-ietf-netmod-system-mgmt-07.txt
// RFC Ed.: update the date below with the date of RFC publication // RFC Ed.: update the date below with the date of RFC publication
// and remove this note. // and remove this note.
revision "2013-12-23" { revision "2014-02-13" {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: A YANG Data Model for System Management"; "RFC XXXX: A YANG Data Model for System Management";
} }
/* /*
* Typedefs * Typedefs
*/ */
typedef timezone-name {
type string;
description
"A timezone name as used by the Time Zone Database, sometimes
referred to as the 'Olson Database'.
The exact set of valid values is an implementation-specific
matter. Client discovery of the exact set of time zone names
for a particular server is out of scope.";
reference
"RFC 6557: Procedures for Maintaining the Time Zone Database";
}
typedef crypt-hash { typedef crypt-hash {
type string { type string {
pattern pattern
'$0$.*' '$0$.*'
+ '|$1$[a-zA-Z0-9./]{1,8}$[a-zA-Z0-9./]{22}' + '|$1$[a-zA-Z0-9./]{1,8}$[a-zA-Z0-9./]{22}'
+ '|$5$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{43}' + '|$5$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{43}'
+ '|$6$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{86}'; + '|$6$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{86}';
} }
description description
"The crypt-hash type is used to store passwords using "The crypt-hash type is used to store passwords using
a hash function. The algorithms for applying the hash a hash function. The algorithms for applying the hash
function and encoding the result are implemented in function and encoding the result are implemented in
various UNIX systems as the function crypt(3). various UNIX systems as the function crypt(3).
skipping to change at page 16, line 34 skipping to change at page 16, line 47
feature ntp-udp-port { feature ntp-udp-port {
description description
"Indicates that the device supports the configuration of "Indicates that the device supports the configuration of
the UDP port for NTP servers. the UDP port for NTP servers.
This is a 'feature' since many implementations do not support This is a 'feature' since many implementations do not support
any other port than the default port."; any other port than the default port.";
} }
feature timezone-location { feature timezone-name {
description description
"Indicates that the local timezone on the device "Indicates that the local timezone on the device
can be configured to use the TZ database can be configured to use the TZ database
to set the timezone and manage daylight savings time."; to set the timezone and manage daylight savings time.";
reference reference
"TZ Database http://www.twinsun.com/tz/tz-link.htm "RFC 6557: Procedures for Maintaining the Time Zone Database";
Maintaining the Timezone Database
RFC 6557 (BCP 175)";
} }
feature dns-udp-tcp-port { feature dns-udp-tcp-port {
description description
"Indicates that the device supports the configuration of "Indicates that the device supports the configuration of
the UDP and TCP port for DNS servers. the UDP and TCP port for DNS servers.
This is a 'feature' since many implementations do not support This is a 'feature' since many implementations do not support
any other port than the default port."; any other port than the default port.";
} }
/* /*
* Identities * Identities
*/ */
identity authentication-method { identity authentication-method {
description description
"Base identity for user authentication methods."; "Base identity for user authentication methods.";
} }
skipping to change at page 19, line 4 skipping to change at page 19, line 15
A server implementation MAY map this leaf to the sysLocation A server implementation MAY map this leaf to the sysLocation
MIB object. Such an implementation needs to use some MIB object. Such an implementation needs to use some
mechanism to handle the differences in size and characters mechanism to handle the differences in size and characters
allowed between this leaf and sysLocation. The definition allowed between this leaf and sysLocation. The definition
of such a mechanism is outside the scope of this document."; of such a mechanism is outside the scope of this document.";
reference reference
"RFC 3418: Management Information Base (MIB) for the "RFC 3418: Management Information Base (MIB) for the
Simple Network Management Protocol (SNMP) Simple Network Management Protocol (SNMP)
SNMPv2-MIB.sysLocation"; SNMPv2-MIB.sysLocation";
} }
container clock { container clock {
description description
"Configuration of the system date and time properties."; "Configuration of the system date and time properties.";
choice timezone { choice timezone {
description description
"The system timezone information."; "The system timezone information.";
case timezone-location { case timezone-name {
if-feature timezone-location; if-feature timezone-name;
leaf timezone-location { leaf timezone-name {
type ianatz:iana-timezone; type timezone-name;
description description
"The TZ database location identifier string "The TZ database name to use for the system, such
to use for the system, such as 'Europe/Stockholm'."; as 'Europe/Stockholm'.";
} }
} }
case timezone-utc-offset { case timezone-utc-offset {
leaf timezone-utc-offset { leaf timezone-utc-offset {
type int16 { type int16 {
range "-1500 .. 1500"; range "-1500 .. 1500";
} }
units "minutes"; units "minutes";
description description
"The number of minutes to add to UTC time to "The number of minutes to add to UTC time to
skipping to change at page 26, line 22 skipping to change at page 26, line 31
error-message error-message
"When 'radius' is used, a RADIUS server" "When 'radius' is used, a RADIUS server"
+ " must be configured."; + " must be configured.";
description description
"When 'radius' is used as an authentication method, "When 'radius' is used as an authentication method,
a RADIUS server must be configured."; a RADIUS server must be configured.";
} }
ordered-by user; ordered-by user;
description description
"When the device authenticates a user with "When the device authenticates a user with a password,
a password, it tries the authentication methods in this it tries the authentication methods in this leaf-list in
leaf-list in order. If authentication with one method order. If authentication with one method fails, the next
fails, the next method is used. If no method succeeds, method is used. If no method succeeds, the user is
the user is denied access. denied access.
An empty user-authentication-order leaf-list still allows
authentication of users using mechanisms that do not
involve a password.
If the 'radius-authentication' feature is advertised by If the 'radius-authentication' feature is advertised by
the NETCONF server, the 'radius' identity can be added to the NETCONF server, the 'radius' identity can be added to
this list. this list.
If the 'local-users' feature is advertised by the If the 'local-users' feature is advertised by the
NETCONF server, the 'local-users' identity can be NETCONF server, the 'local-users' identity can be
added to this list."; added to this list.";
} }
skipping to change at page 32, line 17 skipping to change at page 32, line 17
The YANG module defined in this memo is designed to be accessed via The YANG module defined in this memo is designed to be accessed via
the NETCONF protocol [RFC6241]. The lowest NETCONF layer is the the NETCONF protocol [RFC6241]. The lowest NETCONF layer is the
secure transport layer and the mandatory-to-implement secure secure transport layer and the mandatory-to-implement secure
transport is SSH [RFC6242]. Authorization for access to specific transport is SSH [RFC6242]. Authorization for access to specific
portions of conceptual data and operations within this module is portions of conceptual data and operations within this module is
provided by the NETCONF access control model (NACM) [RFC6536]. provided by the NETCONF access control model (NACM) [RFC6536].
There are a number of data nodes defined in this YANG module which There are a number of data nodes defined in this YANG module which
are writable/creatable/deletable (i.e., config true, which is the are writable/creatable/deletable (i.e., config true, which is the
default). These data nodes may be considered sensitive or vulnerable default). These data nodes may be considered sensitive or vulnerable
in some network environments. Write operations (e.g., edit-config) in some network environments. Write operations to these data nodes
to these data nodes without proper protection can have a negative can have a negative effect on network operations. It is thus
effect on network operations. These are the subtrees and data nodes important to control write access (e.g., via edit-config) to these
and their sensitivity/vulnerability: data nodes. These are the subtrees and data nodes and their
sensitivity/vulnerability:
o /system/clock/timezone: This choice contains the objects used to o /system/clock/timezone: This choice contains the objects used to
control the timezone used by the device. control the timezone used by the device.
o /system/ntp: This container contains the objects used to control o /system/ntp: This container contains the objects used to control
the Network Time Protocol servers used by the device. the Network Time Protocol servers used by the device.
o /system/dns-resolver: This container contains the objects used to o /system/dns-resolver: This container contains the objects used to
control the Domain Name System servers used by the device. control the Domain Name System servers used by the device.
skipping to change at page 33, line 6 skipping to change at page 33, line 9
nodes and their sensitivity/vulnerability: nodes and their sensitivity/vulnerability:
o /system/platform: This container has objects which may help o /system/platform: This container has objects which may help
identify the specific NETCONF server and/or operating system identify the specific NETCONF server and/or operating system
implementation used on the device. implementation used on the device.
o /system/authentication/user: This list has objects that may help o /system/authentication/user: This list has objects that may help
identify the specific user names and password information in use identify the specific user names and password information in use
on the device. on the device.
Some of the RPC operations in this YANG module may be considered Some of the remote procedure call (RPC) operations in this YANG
sensitive or vulnerable in some network environments. It is thus module may be considered sensitive or vulnerable in some network
important to control access to these operations. These are the environments. It is thus important to control access to these
operations and their sensitivity/vulnerability: operations. These are the operations and their sensitivity/
vulnerability:
o set-current-datetime: Changes the current date and time on the o set-current-datetime: Changes the current date and time on the
device. device.
o system-restart: Reboots the device. o system-restart: Reboots the device.
o system-shutdown: Shuts down the device. o system-shutdown: Shuts down the device.
This YANG model defines a type "crypt-hash" that can be used to store This YANG model defines a type "crypt-hash" that can be used to store
MD5 hashes. [RFC6151] discusses security considerations for MD5. MD5 hashes. [RFC6151] discusses security considerations for MD5.
The usage of MD5 is NOT RECOMMENDED.
8. Change Log 8. Change Log
-- RFC Ed.: remove this section before publication. -- RFC Ed.: remove this section before publication.
8.1. 00-01 8.1. 00-01
o added configuration-source identities o added configuration-source identities
o added configuration-source leaf to ntp and dns (via grouping) to o added configuration-source leaf to ntp and dns (via grouping) to
skipping to change at page 37, line 5 skipping to change at page 36, line 31
o added reference to RFC 6151 o added reference to RFC 6151
o updated reference from 6021-bis to RFC 6991 o updated reference from 6021-bis to RFC 6991
o cleaned up usage of config false in the YANG module o cleaned up usage of config false in the YANG module
8.10. 09-10 8.10. 09-10
o clarified relationship with SNMPv2-MIB o clarified relationship with SNMPv2-MIB
8.11. 11-12
o added typedef "timezone-name", and removed reference to
draft-ietf-netmod-iana-timezones
9. References 9. References
9.1. Normative References 9.1. Normative References
[FIPS.180-3.2008] [FIPS.180-3.2008]
National Institute of Standards and Technology, "Secure National Institute of Standards and Technology, "Secure
Hash Standard", FIPS PUB 180-3, October 2008, <http:// Hash Standard", FIPS PUB 180-3, October 2008, <http://
csrc.nist.gov/publications/fips/fips180-3/ csrc.nist.gov/publications/fips/fips180-3/
fips180-3_final.pdf>. fips180-3_final.pdf>.
[I-D.ietf-netmod-iana-timezones]
Lange, J., "IANA Timezone Database YANG Module",
draft-ietf-netmod-iana-timezones-00 (work in progress),
July 2012.
[IEEE-1003.1-2008] [IEEE-1003.1-2008]
Institute of Electrical and Electronics Engineers, Institute of Electrical and Electronics Engineers,
"POSIX.1-2008", IEEE Standard 1003.1, March 2008. "POSIX.1-2008", IEEE Standard 1003.1, March 2008.
[RFC1035] Mockapetris, P., "Domain names - implementation and [RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987. specification", STD 13, RFC 1035, November 1987.
[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, [RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
April 1992. April 1992.
 End of changes. 27 change blocks. 
46 lines changed or deleted 65 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/