What is RFC 1064

Network Working Group P. Nesser II Request for Comments: 2626 Nesser & Nesser Consulting Category: Informational June 1999 The Internet and the Millennium Problem (Year 2000) Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (1999). All rights reserved. Abstract The Year 2000 Working Group (WG) has conducted an investigation into the millennium problem as it regards Internet related protocols. This investigation only targeted the protocols as documented in the Request For Comments Series (RFCs). This investigation discovered little reason for concern with regards to the functionality of the protocols. A few minor cases of older implementations still using two digit years (ala RFC 850) were discovered, but almost all Internet protocols were given a clean bill of health. Several cases of "period" problems were discovered, where a time field would "roll over" as the size of field was reached. In particular, there are several protocols, which have 32 bit, signed integer representations of the number of seconds since January 1, 1970 which will turn negative at Tue Jan 19 03:14:07 GMT 2038. Areas whose protocols will be effected by such problems have been notified so that new revisions will remove this limitation. 1. Introduction According to the trade press billions of dollars will be spend the upcoming years on the year 2000 problem, also called the millennium problem (though the third millennium will really start in 2001). This problem consists of the fact that many software packages and some protocols use a two-digit field for the year in a date field. Most of the problems seem to be in administrative and financial programs, or in the hardcoded microcomputers found in electronic equipment. A lot of organizations are now starting to make an inventory of which software and tools they use will suffer from the millennium problem. Nesser Informational [Page 1]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 With the increasing popularity of the Internet, more and more organizations use the Internet as a serious business tool. This means that most organizations will want to analyze the millennium problems due to the use of Internet protocols and popular Internet software. In the trade press the first articles suggest that the Internet will collapse at midnight the 31st of December 1999. To counter these suggestions, and to avoid having countless companies redo the same investigation, this effort was undertaken by the IETF. The Year 2000 WG has made an inventory of all-important Internet protocols that have been documented in the Request for Comments (RFC) series. Only protocols directly related to the Internet will be considered. This document is divided into a number of sections. Section 1 is the Introduction which you are now reading. Section 2 is a disclaimer about the completeness of this effort. Section 3 describes areas in which millenium problems have been found, while Section 4 describes a few other "period" problems. Section 5 describes potential fixes to problems that have been identified. Section 6 describes the methodology used in the investigation. Sections 7 through 22 are devoted to the 15 different groupings of protocols and RFCs. Section 23 discusses security considerations, Section 24 is devoted to references, and Section 25 is the author contact information. Appendix A is the list of RFCs examined broken down by category. Appendix B is a PERL program used to make a first cut identification of problems, and Appendix C is the output of that PERL program. The editor of this document would like to acknowledge the critical contributions of the follow for direct performance of research and the provision of text: Alex Latzko, Robert Elz, Erik Huizer, Gillian Greenwood, Barbara Jennings, R.E. (Robert) Moore, David Mills, Lynn Kubinec, Michael Patton, Chris Newman, Erik-Jan Bos, Paul Hoffman, and Rick H. Wesson. The pace with which this group has operated has only been achievable by the intimate familiarity of the contributors with the protocols and ready access to the collective knowledge of the IETF. 2. Disclaimer This RFC is not complete. It is an effort to analyze the Y2K impact on hundreds of protocols but is likely to have missed some protocols and misunderstood others. Organizations should not attempt to claim any legitimacy or approval for any particular protocol based on this document. The efforts have concentrated on the identification of potential problems, rather than solutions to any of the problems that have been identified. Any proposed solutions are only that: proposed. A formal engineering review should take place before any solution is Nesser Informational [Page 2]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 adopted. It should also be noted that the research was performed on RFCs 1 through 2128. At that time the IESG was charted with not allowing any new RFCs to be published that had any Year 2000 issues. Since that cutoff time there has been work to correct issues discovered by this Working Group. In particular, RWhois as documented by RFC 1714 has been updated to fix the problems found. RFC 2167 now documents a fixed version of the RWhois protocol. The work of this group was to look backwards, and hence new RFC's which supplant the old are expected to make the information in this RFC obsolete. The work of this group will truly be complete when this document is completely obsolete. A number of people have suggested looking into other "special" dates. For example, the first leap year, the first "double digit" day (January 10, 2000), January 1, 2001, etc. There is not one place where days have been used in the protocols defined by the RFC series so there is little reason to believe that any of these special dates will have any impact. 3. Summary of Year 2000 Problems Here is a brief description of all the Millennium issues discovered in the course of this research. Note that many of the RFCs are unclear on the issue. They mandate the use of UTCTime but do not specify whether the two-digit or four-digit year representation should be used. 3.1 "Directory Services" rfc1274.txt - References UTC date / time rfc1276.txt - References UTC date / time for version control. rfc1488.txt - References UTC Time as printable strings. rfc1608.txt - Refers to uTCTimeSyntax rfc1609.txt - Refers to uTCTimeSyntax rfc1778.txt - Refers to uTCTimeSyntax 3.2 "Information Services and File Transfer" HTTP 1.1, as defined in RFC 2068, requires all newly generated date stamps to conform to RFC 1123 date formats which are Year 2000 compliant, but it also requires acceptance of the older non-compliant RFC850 formats. Some specific recommendations have been passed to the HTTP WG. Nesser Informational [Page 3]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 HTML 2.0, as defined in RFC 1866, could allow a very subtle Year 2000 problem, but once again this recommendation has been passed on the HTML WG. RFC 1778 on String Representations of Standard Attribute Syntax's define UTC Time in Section 2.21 and uses that definition in Section 2.25 on User Certificates. Since UTC Time is being used, there is a potential millennium issue. RFC 1440 on SIFT / UFT: Sender-Initiated / Unsolicited File Transfer defines an optional DATE command in Section 5 of the form mm / dd / yy which is subject to millennium issues. 3.3 "Electronic Mail" After reviewing all mail-related RFCs, it was discovered that while some obsolete standards required two-digit years, all currently used standards require four-digit years and are thus not prone to typical Year 2000 problems. RFCs 821 and 822, the main basis for SMTP mail exchange and message format, originally required two-digit years. However, both of these RFCs were later modified by RFC 1123 in 1989, which strongly recommended 4-digit years. 3.4 "Name Serving" While not a protocol issue, there is a common habit of writing serial numbers for DNS zone files in the form YYXXXXXX. The only real requirement on the serial numbers is that they be increasing (see RFC1982 for a complete description) and a change from 99XXXXXX to 00XXXXXX cause a failure. See the section on "Name Serving" for a complete description of the issues. 3.5 "Network Management" Version 2 of SNMP's MIB definition language (SMIv2) specifies the use of UCTTimes for time stamping MIB modules. Even though these time stamps do not flow in any network protocols, there could be as issue with management applications, depending on implementations. 3.6 "Network News" There does exist a problem in both NNTP, RFC 977, and the Usenet News Message Format, RFC 10336. They both specify two-digit year format. A working group has been formed to update the network news protocols in general, and addressing this problem is on their list of work items. Nesser Informational [Page 4]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 19993.7 "Real-Time Services" A Year 2000 problem does occur in the Simple Network Paging Protocol, versions 2 & 3. Both define a HOLDuntil option which uses a YYMMDDHHMMSS +/- GMT field. Version 3 also defines a MSTAtus command, which is required to store, dates and times as YYMMDDHHMMSS +/- GMT. There is a small Year 2000 issue in RFC 1786 on the Representation of IP Routing Policies in the ripe-81 ++ Routing Registry. In Appendices C the "changed" object parameter defines a format of YYMMDD, and similarly in Appendix D "withdrawn" object identifier has he format of YYMMDD. Since these are only identifiers there should be little operational impact. Some application software may need to be modified. 3.8 "Security" RFC 1507 on Distributed Authentication Security Services (DASS) use UTCTime. Because of the imprecision of the UTC time definition there could be problems with this protocol. RFCs 1421-1424 specifies that PEM uses UTC time formats which could have a Millennium issue. 4. Summary of Other "Periodicity" Problems By far, the largest area of ​​"period" problems occurs in the year 2038. Many protocols use a 32-bit field to record the number of seconds since January 1, 1970. 4.1 "Name Serivces "DNS Security uses 32-bit timestamps which will roll over in 2038. This issue has been refered to the appropriate Working Group so that the details of rollover can be established. 4.2 "Routing" IDPR suffers from the classic Year 2038 problem, by having a timestamp counter which rolls over at that time. 5. Suggested Solutions The real solution to the problem is to use 4 digit year fields for applications and hardware systems. For counters that key off of a certain time (January 1, 1970 for example) need to either: define a wrapping solution, or to define a larger number space (greater than 32-bits), or to make more efficient use of the 32 -bit space. However, Nesser Informational [Page 5]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 it will be impossible to completely replace currently deployed systems, so solutions for handling problems are in order. 5.1 Fixed Solution A number of organizations and groups have suggested a fixed solution to the problem of two digit years. Given a two-digit year YY, if YY is greater than or equal to 50, the year shall be interpreted as 19YY; and where YY is less than 50, the year shall be intrepreted as 20YY. While a simple and straightforward solution, it only pushes the problem off 40 to 50 years, until the artificially generated year 2050 problem needs to be addressed. However, it is easy to implement and deploy, so it might be the most commonly adopted solution. 5.2 Sliding Window Another solution is the "sliding window" approach. In this approach, some value N is selected, and any two digit year that is less than or equal to the current two digit year plus N is considered the future, while any other two digit year is considered in the past. For example, choosing N equal to 10, If the current year is 2012, and I get a two digit year that is any of 12, 13, 14, 15, 16, 17, 18, 19, 20, 21 or 22, assume it is 20YY (ie the future), otherwise consider it to be in the past (1923-1999, 2000-2011). This solution has two advantages. First, no new fixed year problems are introduced. Second, different applications and protocols could choose different values ​​of N. The drawback is that this solution is harder to implement, and to work well the value of N will need to be constant across different implementations. 6. Methodology The first task was dividing the types of RFC's into logical groups rather than the strict numeric publishing order. Sixteen specific areas were identified. They are: "Autoconfiguration", "Directory Services", "Disk Sharing", "Games and Chat", "Information Services & File Transfer", "Network & Transport Layer", "Electronic Mail", "NTP", Name Serving " , "Network Management", "News", "Real Time Services", "Routing", "Security", "Virtual Terminal", and "Other". In addition to these categories, many hundreds of RFCs were immediately eliminated based on content . That is not to say that all Informational RFC's were not considered, many did contain some technical content or overview which demanded scrutiny. Nesser Informational [Page 6]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 Each area was assigned to a team for investigation. Although each team used whatever additional investigation techniques which seemed appropriate (including completely reading each RFC, and in some cases the source code for the reference implementation) at minimum each team used an automatic scanning system to search for the following items (case insensitively) in each RFC: - date - GMT - UTCTime - year - yy (that is not part of yyyy) - two-digit, 2-digit, 2digit - century - 1900 & 2000 Note that all of these strings except "UTCTime" may occur in conjunction with a date format that accommodates the Year 2000 crossing, as well as with one that does not. So "hits" on these string do not necessarily indicate Year 2000 problems: they simply identify elements that need to be examined. After the documents were scanned, therefore, each "hit" was examined individually. Those that cause no Year 2000 problems (e.g., those that encode the year as a two-byte integer, or as a four-character display string) are not discussed here. Those that do cause Year 2000 problems are identified in this document, and the nature and impact of the problems they cause are described. 7. Autoconfiguration 7.1 Summary The RFC's which were categorized into this group were primarily the BOOT Protocol (BOOTP) and the Dynamic Host Configuration Protocol (DHCP) for both IP version four and six. Examination of the BOOTP protocols and most popular implementations show no year 2000 problems. All times are references as 32 bit integers in seconds of UTC time. An investigation of all DHCP and the IPv6 Autoconfiguration mechanisms produced no year 2000 problems. All references to time, in particular lease lengths, are 32 bit integers in seconds, allowing lease times of well over 100 years. Nesser Informational [Page 7]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 7.2 Specifics The following RFCs were examined for possible millennium problems: 906, 951, 1048, 1084, 1395, 1497, 1531, 1532, 1533, 1534, 1541, 1542, 1970 , & 1971. RFC 951's only reference to time or dates is a two-byte field in the packet, which is number of second since the hosts, was booted. RFC's 1048, 1084, 1395, 1497, 1531, & 1532 have either no references to dates and time, or they are the same as the RFCs, which obsoleted them, discussed in the next paragraph. RFC 1533 enumerates all the known DHCP field types and a number of these have to do with time. Section 3.4 defines a "Time Offset" field which specifies the offset of the clients subnet in seconds from UTC. This 4 byte field has no millennium issues. Section 9.2 defines the IP Address Lease Time field which is used by clients to request a specific lease time. This four byte field is an unsigned integer containing a number of seconds. Section 9.9 defines a Renewal Time Value field, Section 9.10 defines a Rebinding Time Value, both of which are similarly 32 bit fields, which have no millennium issues. RFC 1534 has no references to times or dates. RFC 1541 has two mentions of times / dates. The first is the "secs" field which, similarly to RFC 951, is a 16-bit field for the number of seconds since the host has booted. There is also a discussion in section 3.3 about "Interpretation and Representation of Time Values" which while clearly states that there is no millennium or period problems. RFC 1542 also references the "secs" field mentioned previously. RFC 1970 mentions a number of variables, which are time related. In section 4.2 "Router Advertisement Message Format" the following fields are defined: Router Lifetime, Reachable Time, & Retrans Timer. In section 4.6.2 "Prefix Information" the following are defined: Valid Lifetime, & Preferred Lifetime. In section 6.2.1 "Router Configuration Variables the following are defined: MaxRtrAdvInterval, MinRtrAdvInterval, AdvReachableTime, AdvRetransTimer, AdvDefaultLifetime, AdvValidLifetime, & AdvPreferredLifetime. All of these fields specify counters of some sort which have no millennium or has some periodicity problems. RFC 1971 discussion of preferred lifetimes, depreciated lifetimes and valid lifetimes of leases, but only discusses them in an expository way. Nesser Informational [Page 8]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 8. Directory Services 8.1 Summary The RFC's which were categorized into this group were primarily X.500 related RFC's, Whois, Rwhois, Whois ++, and the Lightweight Directory Access Protocol (LDAP ). Upon review of the Directory Services related RFC's, no serious year 2000 problems were discovered. Some minor issues were noted and explained below in the specific portion of this section. 8.2 Specifics RFCs that mentioned UTC Time or made reference to uTCTimeSyntax could fail to be Y2K compliant. These should be updated to specify the four year version of uTCTimeSyntax rather than giving the option of using a two-year date representation. The following RFCs fall into this category: rfc1274.txt - References UTC date / time rfc1276.txt - References UTC date / time for version control. rfc1488.txt - References UTC Time as printable strings. rfc1608.txt - Refers to uTCTimeSyntax rfc1609.txt - Refers to uTCTimeSyntax rfc1778.txt - Refers to uTCTimeSyntax Two RFC's have unusual date specifications and specify their own date format. Both of these support Y2K compliant dates. RFC1714 (RWhois) specifies date formats that are not Y2K compliant, but it also supports dates that are. Implementers of the RWhois protocol should only use the% MY4 format RFC1834 (Whois ++) requires the use of dates, but it didn't specify the format, syntax, or representation of the date string to be used. 9. Disk Sharing 9.1 Summary The RFC's which were categorized into this group were those related to the Network File System (NFS). Other popular disk sharing protocols like SMB and AFS were referred to their respective trustees for review. After careful review, NFS has no year 2000 problems. Nesser Informational [Page 9]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 19999.2 Specifics The references to time in this protocol are the times of file data modification, file access, and file metadata change (mtime, atime, and time, respectively). These times are kept as 32 bit unsigned quantities in seconds since 1970-01-01, and so the NFS protocol will not experience an Epoch event until the year 2106. 10. Games and Chat 10.1 Summary The RFC's which were categorized into this group were related to the Internet Relay Chat Protocol (IRC). No millennium problems exist in the IRC protocol. 10.2 Specifics There is only a single instance of time or date related information in the IRC protocol as specified by RFC 1459. Section 4.3.4 defines a TIME message type which queries a server for its local time. No mention is made of the format of the reply or how it is parsed, the assumption being specific implementations will handle the reply and parse it appropriately. 11. Information Services & File Transfer 11.1 Summary The RFC's which were categorized into this group were divided among World Wide Web (WWW) protocols and File Transfer Protocols (FTP). WWW protocols include the Hypertext Transfer Protocol (HTTP), a variety of Uniform Resource formats (URL, URAs, etc.) and the HyperText Markup Language (HTML). FTP protocols include the well known FTP protocol, the Trivial File Transfer Protocol (TFTP) and a variety of extensions to these protocols. Other information services includes the Finger Protocol and the LPD protocol. HTTP 1.1, as defined in RFC 2068, requires all newly generated date stamps to conform to RFC 1123 date formats which are Year 2000 compliant, but it also requires acceptance of the older non-compliant RFC850 formats. Some specific recommendations are listed below and have been passed to the HTTP WG. HTML 2.0, as defined in RFC 1866, could allow a very subtle Year 2000 problem, but once again this recommendation has been passed on the HTML WG. Nesser Informational [Page 10]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 RFC 1778 on String Representations of Standard Attribute Syntax's define UTC Time in Section 2.21 and uses that definition in Section 2.25 on User Certificates. Since UTC Time is being used, there is a potential millennium issue. RFC 1440 on SIFT / UFT: Sender-Initiated / Unsolicited File Transfer defines an optional DATE command in Section 5 of the form mm / dd / yy which is subject to millennium issues. 11.2 Specifics The main IETF standards-track document on the HTTP protocol is RFC2068 on HTTP 1.1. It notes that historically three different date formats have been used, and that one of them uses a two-digit year field. In section 3.3.1 it requires HTTP 1.1 implementations to generate this RFC1123 format: Sun, 06 Nov 1994 08:49:37 GMT; RFC 822, updated by RFC 1123 instead of this RFC850 format: Sunday, 06-Nov-94 08:49:37 GMT; RFC 850, obsoleted by RFC 1036 Unfortunately, many existing servers, serving on the order of one fifth of the current HTTP traffic, send dates in the ambiguous RFC850 format. Section 19.3 of the RFC2068 says this: o HTTP / 1.1 clients and caches should assume that an RFC-850 date which appears to be more than 50 years in the future is in fact in the past (this helps solve the "year 2000" problem ). This avoids a "stale cache" problem, which would cause the user to see out-of-date data. RFC 1986 documents experiments with a simple file transfer program over radio links using Enhanced Trivial FTP (ETFTP). There are a number of timers defined which are all in seconds and have no year 2000 issues. In RFC 1866, on HTML 2.0, the tag allows the embedding of recommended values ​​for some HTTP headers, including Expires. E.g. Servers should rewrite these dates into RFC1123 format if necessary. Nesser Informational [Page 11]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 RFC 1807 defines a format for bibliographic records and it specifies a DATE format, which requires 4 digit year fields. RFC 1788 defines ICMP Domain Name messages. Section 3 defines a Domain Name Reply Packet, which contains a signed 32-bit integer. This timer is not Year 2000 reliant and is certainly large enough for it purposes. RFC 1784 on TFTP Timeout Intervals and Transfer Size Options uses a field for the number of seconds for the timeout. It is an ASCII value from 1 to 255 octets in length. There is no Y2K issue. RFC 1778 on String Representations of Standard Attribute Syntax's define UTC Time in Section 2.21 and uses that definition in Section 2.25 on User Certificates. Since UTC Time is being used, there is a potential millennium issue. RFC 1777 on LDAP defines a timelimit in Section 4.3 which is expressed in seconds, but does not define any limits. RFC 1440 on SIFT / UFT: Sender-Initiated / Unsolicited File Transfer defines an optional DATE command in Section 5 of the form mm / dd / yy, which is subject to millennium issues. RFC 1068 on the Background File Transfer Protocol (BFTP) defines two commands in Sections B.2.12 and B.2.13, the Submit and Time commands. > From the example usage's given in Appendix C it is clear that this protocol will function correctly though the year 9999. RFC 1037 on NFILE (a file access protocol) discusses the a Date representation in Section 7.1 as the number of seconds since January 1, 1900, but does not limit the field size. There should be no Y2K issues. RFC 998 on NETBLT defines a Death time in Section 8, which is the sender's death time in seconds. RFC 978 on the Voice File Interchange Protocol defines the Total Time of a message to be a 32-bit number of deci-seconds. This limits the size of a message but has no millennium issues. RFC 969 was obsoleted by RFC 998. RFC 916 defines the Reliable Asynchronous Transfer Protocol (RATP). Three timers are discussed in an expository manner in Section 5.4 and its subsections. There are no relevant issues. Nesser Informational [Page 12]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 RFCs 2122, 2056, 2055, 2054, 2044, 2016, 1960, 1959, 1874, 1865, 1862, 1843, 1842, 1823, 1815, 1808, 1798, 1785 , 1783, 1782, 1779, 1766, 1738, 1737, 1736, 1729, 1728, 1727, 1639, 1633, 1630, 1625, 1554, 1545, 1530, 1529, 1528, 1489, 1486, 1436, 1415, 1413, 1350 , 1345, 1312, 1302, 1288, 1278, 1241, 1235, 1196, 1194, 1179, 1123, 1003, 971, 965, 959, 949, 913, 887, 866, 865, 864, 863, 862, 797, 795 , 783, 775, 765, 751, 743, 742, 740, 737, 725, 722, 707, 691, 683, 662, 640, 624, 614, 607, 599, 412, 411, 410, 407, and 406 were found to have no references to dates or times, and hence no millennium issues. RFCs 712, 697, 633, 630, 622, 610, 593, 592, 589, 573, 571, 570, 553, 551, 549, 543, 535, 532, 525, 520, 514, 506, 505, 504, 501 , 499, 493, 490, 487, 486, 485, 480, 479, 478, 477, 472, 468, 467, 463, 454, 451, 448, 446, 438, 437, 436, 430, 429, 418, 414 , and 409 were not available for review. RFCS below 400 were considered too obsolete to even consider. 12. Network & Transport Layer 12.1 Summary The RFC's which were categorized into this group were the Internet Protocol (IP) versions four and six, the Transmission Control Protocol (TCP), the User Datagram Protocol (UDP), the Point-to- Point Protocol (PPP) and its extensions, Internet Control Message Protocol (ICMP), the Address Resolution Protocol (ARP) and Remote Procedure Call (RPC) protocol. A variety of less known protocols were also examined. After careful review of the nearly 400 RFC's in this catagory, no millennium or year 2000 problems were found. 12.2 SpecificsRFC 2125 on the PPP Bandwidth Allocation Protocol (BAP) in section 5.3 discusses the use if mandatory timers, but gives no mention as to how they are implemented. RFC 2114 on a Data Link Switching Client Access Protocol defines a retry timer of five seconds in Section 3.4.1. RFC 2097 on the PPP NetBIOS Frame Control Protocol discuesses several timers and timeouts in Section 2.1, none of which suffers from a year 2000 problem. RFC 2075 on the IP Echo Host Service discusses timestamps and has no millennium issues. Nesser Informational [Page 13]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 RFC 2005 on the Applicability for Mobile IP discusses using timestamps as a security measure to avoid replay attacks (Section 3.), but does not quantify them. There are no expected issues. RFC 2002 on IP Mobility Support uses a 16-bit field for the lifetime of a connection and notes the 18.2 hour limitation that this imposes. Section 5.6.1 on replay protection requires the use of 64-bit time fields, of a similar format to NTP packets. RFC 1981 on Path MTU Discovery for IPv6 discusses timestamps and their potential use to purge stale information in section 5.3. There are no millennium issues in this use. RFC 1963 on the PPP Serial Data Transport Protocol defines a flow expiration time in section 4.9 which has no year 2000 issues. RFC 1833 on Binding Protocols for ONC RPC Version 2 defines a variable in Section 2.2.1 called RPCBPROC_GETTIME which returns the local time in seconds since 1/1/1970. Since this value is not fields width dependent, it may or may not wrap around the 32-bit value depending on the operating system parameters. RFC 1762 on the PPP DECnet Phase IV Control Protocol discusses a number of timers in Section 5 (General Considerations). None of these timers experience any millennium issues. RFC 1761 on Snoop Version 2 Packet Capture File Format discusses two 32-bit timestamp values ​​on Section 4 on Packet Record Formats. The first of these may wrap in the year 2038, but should not effect anything of any import. RFC 1755 on ATM Signaling Support for IP Over ATM discusses timing issues in Section 3.4 on VC Teardown. These limited timers have no year 2000 issues. RFC 1692 on the Transport Multiplexing Protocol (TMux) defines a TTL in Section 2.3 and a timer in Section 3.3. Neither of these suffer from any millennium or year 2000 issues. RFC 1661 on PPP defines three timers in Section 4.6, none of which have any year 2000 issues. RFC 1644 on T / TCP (TCP Extensions for Transactions) mentions RFC 1323 and the extended timers recommended in it. RFC 1575 defines an echo function for CNLP discusses in the narrative the use of the Lifetime Field in Section 5.3. There is nothing to suggest that there is any year 2000 issues. Nesser Informational [Page 14]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 RFC 1329 on Dual MAC FDDI Networks discusses ARP cache administration in Section 9.3 and 9.4 and various timers to expire entries. RFC 1256 on ICMP Router Discovery Messages talks about lifetime fields in Section 2 and defines three router configuration variables in Section 4.1. None of these have any millennium issues. RFC 792 on ICMP discusses Timestamps and Timestamp Reply messages which define a 32-bit timestamp which contains the number of milliseconds since midnight UT. RFC 791 on the Internet Protocol defines a packet type 68 which is an Internet Timestamp, which defines a 32-bit field which contains the number of milliseconds since midnght UT. RFC 781 was defines the same option which is codified in RFC 791 as a packet type 68. Nesser Informational [Page 15]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 RFC's 594, 591, 576, 550, 548, 528, 521, 489, 488, 473, 460, 459, 450, 449, 445, 442, 434, 426 , 417, 398, 395, 394, 359, 357, 348, 347, 346, 343, 312, 301, 300, 271, 241, 210, 203, 202, 197, 190, 178, 176, 175, 166, 165 , 161, 151, 150, 146, 145, 143, 142, 128, 127, 123, 122, 93, 91, 80, 79, 70, 67, 65, 62, 60, 59, 56, 55, 54, 53 , 41, 38, 33, 23, 22, 20, 19, 17, 12 were deemed too old to be considered for millennium investigation. 13. Electronic Mail 13.1 Summary The RFC's which were categorized into this group were the Simple Mail Transfer Protocol (SMTP), Internet Mail Access Protocol (IMAP), Post Office Protocol (POP), Multipurpose Internet Mail Exchange (MIME), and X .400 to SMTP interaction. After reviewing all mail-related RFCs, it was discovered that while some obsolete standards required two-digit years, all currently used standards require four-digit years and are thus not prone to typical Year 2000 problems. 13.2 Specifics RFCs 821 and 822, the main basis for SMTP mail exchange and message format, originally required two-digit years. However, both of these RFCs were later modified by RFC 1123 in 1989, which strongly recommended 4-digit years. Although there might be a few very old SMTP systems using two-digit years, it is believed that almost all mail sent over the Internet today uses four-digit years. Mail that contains two-digit years in its SMTP headers will not "fail", but might be mis-sorted in message stores and mail user agents. This problem is avoided entirely by taking the RFC 1123 change as a requirement, rather than merely as a recommendation. IMAP versions 1, 2, and 3 used two-digit years, but IMAP version 4 (defined in RFCs 1730 and 1732 in 1994) requires four-digit years. There are still a few IMAP 2 servers and clients in use on the Internet today, but IMAP version 4 has already taken over almost all of the IMAP market. Mail stored on an IMAP server or client with two-digit years will not "fail", but could possibly be mis-sorted or prematurely expired. RFC 1153 describes a format for digests of mailing lists, and uses two-digit dates. This format is not widely used. The use of two-digit dates could possibly cause missorting of stored messages. Nesser Informational [Page 16]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 RFC 1327, which describes mapping between X.400 mail and SMTP mail, uses the UTCTime format. RFC 1422 describes the structure of certificates that were used in PEM (and are expected to be used in many other mail and non-mail services). Those certificates use dates in UTCTime format. Poorly written software might prematurely expire or validate a certificate based on comparisons of the date with the current date, although no current software is known to do this. 14. Network Time Protocols 14.1 Summary The RFC's which were categorized into this group were the Network Time Protocol (NTP), and the Time Protocol. NTP has been certified year 2000 compliant, while the Time Protocol will "roll over" at Thu Feb 07 00:54:54 2036 GMT. Since NTP is the current defacto standard for network time, this does not seem to be an issue. 14.2 Specifics There is no reference anywhere in the NTP specification or implementation to any reference epoch other than January 1, 1900. In short, NTP doesn't know anything about the millennium. > From the Time Protocol RFC (868): S: Send the time as a 32 bit binary number. ... The time is the number of seconds since 00:00 (midnight) 1 January 1900 GMT, such that the time 1 is 12:00:01 am on 1 January 1900 GMT; this base will serve until the year 2036. 15.Name Services 15.1 Summary The RFC's which were categorized into this group were the Domain Name System (DNS), it's advanced add on features (Incremental Zone Transfer, etc.). There have been no year 2000 relayed problems found with the DNS protocols, or common implementations of them. Nesser Informational [Page 17]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 15.2 Specifics One is a common practice of writing serial numbers in zone files as if they represent a date, and using only two digits of the year. That practice cannot survive into the year 2000. This is not a protocol problem, the serial number is simply an integer, and any value is OK, provided it always increases (see rfc1982 for a definition of what that means). In any case, a change from 97abcd (or similar) to 00abcd would be a decrease and so is not permitted. Zone file maintainers have two choices, one easy (though irrational) one would be to continue from 99 to 100 and so on. The other, is simply to switch, at any time between now and when the serial number first needs updating after the year 2000, to use 4 digits to represent the year instead of 2. As long as there are no more than 6 digits in the "abcd" part, and this is done sometime before the year 2100, this is always an increase, and therefore always safe. Should any zone files be of the form yyabcdefg (with 7 digits after a 2- digit year) then the procedures of section 7 of rfc2182 should be adopted to convert the serial number to some other value. The other item of note is related to timestamps in DNS security. Those are represented as 32 bit counts of seconds, based in 1970, and hence have no year 2000 problems. however, they do obviously have a natural end of life, and sometime before that time is reached, the definitions of those fields need to be corrected, perhaps to allow them to represent the number of seconds elapsed since the base, modulo 2 ^ 32, which is likely to be adequate for the purposes of DNS security (signatures and keys are unlikely to need to be valid for more than 70 years). In any case, more work is needed in this area in the not too far distant future. 16 Network Management 16.1 Summary The RFC's which were categorized into this group were the Simple Network Management Protocol (SNMP), a large number of Management Information Bases (MIBs) and the Common Management Information Protocol over TCP / IP (CMOT). Although a few discrepancies have been found and outlined below, none of them should have an impact on interoperability. 16.2 Specifics 16.2.1 Use of GeneralizedTime in CMOT as defined in RFCs 1095 and 1189. Nesser Informational [Page 18]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 The standards for CMOT specify an unusual use for the GeneralizedTime type. (GeneralizedTime has a four-digit representation of the year.) If the system generating the PDU does not have the current time, yet does have the time since last boot, then GeneralizedTime can be used to encode this information. The time since last boot will be added to the base time "0001 Jan 1 00: 00: 00.00" using the Gregorian calendar algorithm. This is really a "Year 0" problem rather than a Year 2000 problem, and in any case, CMOT is not currently deployed. 16.2.2 UTCTime in SNMP Definitions UTCTime is an ASN.1 type that includes a two-digit representation of the year. There are several options for UTCTime in ASN.1, that vary in precision and in local versus GMT, but these options all have two-digit years. The standards for SNMP definitions specify one particular format: YYMMDDHHMMZ The first usage of UTCTime in the standards for SNMP definitions goes all the way back to RFC 1303. It has persisted unchanged up through the current specifications in RFC 1902. The role of UTCTime in SNMP definitions is to record the history of an SNMP MIB module in the module itself, via two ASN.1 macros: o LAST-UPDATED o REVISION Management applications that store and use MIB modules need to be smart about interpreting these UTCTimes, by prepending a " 19 "or a" 20 "as appropriate. 16.2.3 Objects in the Printer MIB (RFC 1559) There are two objects in the Printer MIB that allow use of a date as an object value with no explicit guidance for formatting the value. The objects are prtInterpreterLangVersion and prtInterpreterVersion. Both are defined with a syntax of OCTET STRING. The descriptions for the objects allow the object value to contain a date, version code or other product specific information to identify the interpreter or language. The descriptions do not include an explicit statement recommending use of a four-digit year when a date is used as the object value. Nesser Informational [Page 19]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 16.2.4 Dates in Mobile Network Tracing Records (RFC 2041) The RFC specifies trace headers and footers with date fields that are character arrays of size 32. While 32 characters certainly provide enough room for a four-digit year, there's no explicit statement that these years must be represented with four digits. 17 Network News 17.1 Summary The RFC's which were categorized into this group were related to the Network News Protocol (NNTP). There does exist a problem in both NNTP, RFC 977, and the Usenet News Message Format, RFC 10336. They both specify two-digit year format. A working group has been formed to update the network news protocols in general, and addressing this problem is on their list of work items. 17.2 Specifics The NNTP transfer protocols defined in RFC 977. Sections 3.7.1, the definition of the NEWGROUPS command, and 3.8.1, the NEWNEWS command, that dates must be specified in YYMMDD format. The format for USENET news messages is defined in RFC 1036. The date line is defined in section 2.1.2 and it is specified in RFC-822 format. It specifically disallows the standard UNIX ctime (3) format, which would allow for four digit years. Section 2.2.4 on Expires also mandates the same two-digit year format. 18. Real Time Services 18.1 Summary The RFC's which were categorized into this group were related to IP Multicast, RTP, and Internet Stream Protocol. A Year 2000 problem does occur in the Simple Network Paging Protocol, versions 2 & 3. Both define a HOLDuntil option which uses a YYMMDDHHMMSS +/- GMT field. Version 3 also defines a MSTAtus command, which is required to store, dates and times as YYMMDDHHMMSS +/- GMT. 18.2 Specifics RFC 2102 discusses multicast support for NIMROD and has no mention of dates or time. RFC 2090 on TFTP Multicast options is also free from any date / time references. Nesser Informational [Page 20]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 RFC 2038 on RTP MPEG formats has three references to time: a Presentation Time Stamp (PTS), a Decoding Time Stamp (DTS), and a System Clock (SC) reference time . Each RTP packet contains a timestamp derived from the sender 90 kHz clock reference. Each of the header fields are defined in section 2.1, 3, and 3.3 are 32 bit fields. No mention is made of a "zero" start time, so it is presumed that this format will be valid until at least 2038. Similarly RFC 2035 on the RTP JPEG format defines the same timestamp in section 3. RFC 2032 on RTP H.261 video streams uses a calculated time based on the original frame so once again there is no millennium issue. RFC 2029 on the RTP format for Sun's CellB video encoding mentions the RTP timestamp in section 2.1. RFC 2022 defines support for multicast over UNI 3.0 / 3.1 based ATM networks. Section 5. defines a timeout value for connections between one and twenty minutes. Section 5.1.1 discusses several timers that are bound between five and ten seconds, while 5.1.3 requires an inactivity timer, which should also run between one and twenty minutes. Sections 5.1.5, 5.1.5.1, 5.1.5.2, 5.2.2, 5.4, 5.4.1, 5.4.2, 5.4.3, 6.1.3 and Appendix E all defines numerous timers, none of which have any millennium issues. RFC 1890 on RTP profiles for audio and video conferences discusses a sampling frequency which has no issues. RFC 1889 on RTP discusses time formats in section 4, as the same 64 bit unsigned integer format that NTP uses. There is a "period" problem, which will occur in the year 2106. Section 5.1 is a more formalized discussion of the timestamp properties, while Section 6.3.1 discusses a variety of different timers all using the 64 bit field format, or a compressed 32-bit version of the inner octet of bytes. Section 8.2 discusses loop detection and how the various timers are used to determine if looping occurs. RFC 1861 on Version 3 of the Simple Network Paging Protocol does have a Year 2000 problem. The protocol defines a HOLDuntil command in section 4.5.6 and a MSTAtus command in section 4.6.10, both of which require dates / times to be stored as YYMMDDHHMMSS +/- GMT. Clearly this format will be invalid after the end of 1999. RFC 1821 has no date / time references. RFC 1819 on Version 2 of the Internet Stream Protocol defines a HELLO message format in section6.1.2, which does contain a timer which is updated every millisecond. No year 2000 problems exist with this protocol. RFC 1645 on Version 2 of the Simple Network Paging Protocol contains the same HOLDuntil field problem as version 3. The definition is contained section 4.4.6. Nesser Informational [Page 21]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 RFC 1458 on the Requirements of Multicast Protocols discusses a retransmission timer in section 4.23. and a general discussion of timer expiration in section 5, neither of which have any millennium concerns. RFC 1301 on the Multicast Transport Protocol defines a heartbeat interval of time in section 2.1, as well as retention and windows. Formal definitions for each are contained in sections 2.2.7, 2.2.8 and 2.2.9. The heartbeat is a 32 bit unsigned field, while the Window and Retention are both 16 bit unsigned fields. Section 3.4.2 gives examples values ​​for these fields, which indicate no millennium issues. RFC 1193 on Client Requirements for Real Time Services talks about time in section 4.4, but there are no Year 2000 issues. RFC 1190 have been obsoleted by RFC 1819, but the hello timer issues are similar. RFCs 1789, 1768, 1703, 1614, 1569, 1568, 1546, 1469, 1453, 1313, 1257, 1197, 1112, 1054, 988, 966, 947, 809, 804, 803, 798, 769, 741, 511, 508 , 420, 408 and 251 contain no date or time references. 19. Routing 19.1 Summary The RFC's which were categorized into this group were Routing Information Protocol (RIP), the Open Shortest Path First (OSPF) protocol, Classless InterDomain Routing (CIDR), the Border Gateway Protocol (BGP), and the InterDomain Routing Protocol (IDRP). After careful examination both BGP and RIP have been found Year 2000 compliant. There is a small Year 2000 issue in RFC 1786 on the Representation of IP Routing Policies in the ripe-81 ++ Routing Registry. In Appendices C the "changed" object parameter defines a format of YYMMDD, and similarly in Appendix D "withdrawn" object identifier has he format of YYMMDD. Since these are only identifiers there should be little operational impact. Some application software may need to be modified. IDPR suffers from the classic year 2038 problem, by having a timestamp counter which rolls over at that time. 19.2 SpecificsRFC 2091 on Extensions to RIP to Support Demand Circuits defines three required and one optional timers in section 6. The Database Timer (6.1), the Hold down Timer (6.2), the Retransmission Time (6.3) Nesser Informational [Page 22]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 and the Over-Subscription Timer (6.4) are all counters, which have no millennium, issues. RFC 2081 on the applicability of RIPng discusses deletion of routes for a variety of issues, one of which is the garbage collection timer exceeds 120 seconds. There are no Year 2000 issues. RFC 2080 on RIPng for IPv6, discusses various times in section 2.6, none of which have any millennium problems. RFC 1987 on Ipsilon's General Switch Management protocol there is a Duration field defined in section 4, which has no relevant problems. Section 8.2 defines the procedure for dealing with timers. RFC 1953 on Ipsilon's Flow Management Specification for IPv4 defines the same procedure in section 3.2, as well as a lifetime field in the Redirect Message (Section 4.1). There are no millennium issues in either case. There is a small Year 2000 issue in RFC 1786 on the Representation of IP Routing Policies in the ripe-81 ++ Routing Registry. In Appendices C the "changed" object parameter defines a format of YYMMDD, and similarly in Appendix D "withdrawn" object identifier has he format of YYMMDD. Since these are only identifiers there should be little operational impact. Some application software may need to be modified. RFC 1771 defines the Border Gateway Protocol (BGP). BGP does not have knowledge of absolute time, only relative time. There are five timers defined: Hold Timer, ConnectRetry Timer, KeepAlive Timer, MinRoueAdvertisementInterval and MinASOriginationInterval. There are no known issues regarding BGP and the millennium. In RFC 1584, which defines Multicast Extensions to OSPF, three timers are defined in section 8.2: IGMPPollingInterval, IGMPTimeout, and IGMP polling timer. Section 8.4 defines an age parameter for the local groups database and section 9.3 outlines how to implement that age parameter. It is not expected that any connections lifetime will be long enough to cause any issues with these timers. RFC 1583, OSPF, there are two types of timers defined in section 4.4, single-shot timers and interval timers. There are a number of timers defined in Section 9 including: HelloInterval, RouterDeadInterval, InfTransDelay, Hello Timer, Wait Timer and RxmtInterval. Section 10 also defines the Inactivity Timer. No millennium problem exists for any of these timers. RFC 1582 is an earlier version of RFC 2091. Section 7 documents the same timers as noted above, with the same lack of a millennium issue. RFC 1504 on Appletalk Update-Based Routing Protocol defines a 10- second period in Section 3, and hence has no relevant issues. Nesser Informational [Page 23]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 RFC 1479 which specifies IDPR Version 1, defines a timestamp field in section 1.5.1, which is a 32 bit unsigned integer number of seconds since January 1, 1970. The authors recognize the problem of timestamp exhaustion in 2038, but feel that the protocol will not be in use for that period. Sections 1.7, 2.1, and 4.3.1 also discuss the timestamp field. RFC 1478 on the IDPR Architecture, also discusses the same timestamp field in section 3.3.4. RFC 1477 again refers to the IDPR timestamp in section 4.2. Thus IDPR has no Year 2000 issue, but does have a period problem in the year 2038. RFC 1075 on Distance Vector Multicast Routing Protocol devotes section 7 to time values. None of the timers have any millennium issues. RFC 1074, on the NFSNET backbone SPF IGP defines several hardcoded timers values ​​in section 5. RFC 1058 on RIP discusses the 30-second timers in section 3.3. There are no millennium issues related to RIP. RFC 995 on the Requirements for Internet Gateways has extensive discussions of timers in section 7.1 and throughout A.1 and A.2. None of these timers suffer from the millennium problem. RFC 911 on EGP on Berkeley Unix recommend timer values ​​of 30 and 120 seconds. RFC 904 which defines the Exterior Gateway Protocol (EGP). There are a number of timers discussed in sections 4.1.1 and 4.1.4. None of these timers suffer from any relevant problems. RFCs 2103, 2092, 2073, 2072, 2042, 2008, 1998, 1997, 1992, 1966, 1955, 1940, 1930, 1925, 1923, 1863, 1817, 1812, 1793, 1787, 1774, 1773, 1772, 1765, 1753 , 1745, 1723, 1722, 1721, 1716, 1702, 1701, 1668, 1656, 1655, 1654, 1587, 1586, 1585, 1581, 1520, 1519, 1517, 1482, 1476, 1439, 1403, 1397, 1388, 1387 , 1383, 1380, 1371, 1370, 1364, 1338, 1322, 1268, 1267, 1266, 1265, 1264, 1254, 1246, 1245, 1222, 1195, 1164, 1163, 1142, 1136, 1133, 1126, 1125, 1124 , 1104, 1102, 1092, 1009, 985, 981, 975, 950, 898, 890, 888, 875, and 823 contain no date or time references. 20. Security20.1 Summary The RFC's which were categorized into this group were kerberos authentication protocol, Remote Authentication Dial In User Service (RADIUS), One Time Password System (OTP), Privacy Enhanced Mail (PEM), security extensions to a variety of protocols including (but not limited to) RIPv2, HTTP, MIME, PPP, IP, Telnet and FTP. Nesser Informational [Page 24]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 Encryption and authentication algorithms are also examined. RFC 1507 on Distributed Authentication Security Services (DASS) discusses time and secure time in an expository manner in Sections 1.2.2, 1.4.4 and 2.1. Section 3.6 defines absolute time as an UTC time with a precision of 1 second, and Section 4.1 discusses ANS.1 encoding of time values. Because of the imprecision of the UTC time definition there could be problems with this protocol. RFCs 1421-1424 specifies that PEM uses UTC time formats which could have a Millennium issue since the year specification only provides the last two digits of the year. 20.2 SpecificsRFC 2082 on RIP-2 MD5 Authentication requires storage of security keys for a specified lifetime in sections 4.1 and 4.2. There are no millennium issues in this protocol. RFC 2078 on the GSSAPI Version 2 defines numerous calls that use timers for inputs and outputs. Sections 2.1.1, 2.1.3, 2.1.4, 2.1.5, 2.2.1, 2.2.2, 2.2.5 and 2.2.6 all use the lifetime_rec field, which is defined as an integer counter in seconds. There should be no relevant problems with this protocol. RFC 2069 on Digest Authentication for HTTP, defines a 'date' and a 1123 formats which is not subject to millennium issues. Section 3.2 discusses dates and times in the context of thwarting replay attacks, but have no relevant issues. RFC 2065 on DNS Security extensions first discusses time in section 2.3.3. The SIG RDATA format is defined in Section 4.1 discusses "time signed" field and defines it to be a 32 bit unsigned integer number of seconds since January 1, 1970. There will be a period problem in 2038 because of rollover. Section 4.5 on the file representations of SIG RRs specifies the time field is expressed as YYYYMMDDHHMMSS which is clearly Year 2000 compliant. RFC 2059 on RADIUS account formats defines a "time" attribute, which is optional which is a 32 bit unsigned integer number of seconds since January 1, 1970. Likewise RFC 2058 on RADIUS also defines this optional attribute in the same way. There will be a potential period problem that occurs on 2038. RFC 2035 on the Simple Public Key GSSAPI Mechanism talks about secure timestamps in the background and overview sections only in an expository manner. Nesser Informational [Page 25]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 RFC 1969 on the PPP DES Encryption Protocol uses time as an example in Section 4 when discussing how to encrypt the first packet of a stream. It is suggested that the first 32 bits be used for the number of seconds since January 1, 1970. There could thus be a potential operations problem in 2038. RFC 1898 on the CyberCash Credit Card Protocol provides an example message in Section 2.7 which uses a date field of the form YYYYMMDDHHMM that is clearly Y2K compliant. RFC 1510, which defines Kerberos Version 5, makes extensive use of times in the security model. There are discussions in the Introduction, as well as Sections 1.2, and 3.1.3. Kerberos uses ASN.1 definitions to abstract values, and hence defines a base definition for KerberosTime which is a generalized time format in Section 5.2. > From the text: "Example: The only valid format for UTC time 6 minutes, 27 seconds after 9 p.m. on 6 November 1985 is 19851106210627Z." A side note is that the MIT reference implementation of the Kerberos, by default set the expiration of tickets to December 31, 1999. This is not protocol related but could have some operational impacts. RFC 1509 on GSSAPI C-bindings makes a single reference that all counters are in seconds and assigned as 32 bit unsigned integers. Hence GSSAPI mechanisms may have problems in 2038. RFC 1507 on Distributed Authentication Security Services (DASS) discusses time and secure time in an expository manner in Sections 1.2.2, 1.4.4 and 2.1. Section 3.6 defines absolute time as an UTC time with a precision of 1 second, and Section 4.1 discusses ANS.1 encoding of time values. Because of the imprecision of the UTC time definition there could be problems with this protocol. RFC 1424 on PEM Part IV defines a self-signed certificate request in Section 3.1. The validity period start and end times are both suggested to be January 1, 1970. RFC 1422 on PEM Part II defines the validity period for a certificate in Section 3.3.6. It is recommended that UTC Time formats are used, and notes the lack of a century so that comparisons between different centuries must be done with care. No suggestions on how to do this are included. Sections 3.5.2 also discusses validity period in PEM CRLs. RFC 1421 on PEM Part I discusses validity periods in an expository way. PEM as a whole could have problems after December 31, 1999 based on its use of UTC Time. RFCs 1113, 1114, and 1115 specify the original version of PEM and have been obsoleted bye 1421, 1422, 1423, & 1424. Nesser Informational [Page 26]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 RFCs 2104, 2085, 2084, 2057, 2040, 2015, 1984, 1968, 1964, 1961, 1949, 1948, 1938, 1929, 1928, 1858, 1852, 1851 , 1829, 1828, 1827, 1826, 1825, 1824, 1760, 1751, 1750, 1704, 1675, 1579, 1535, 1511, 1492, 1457, 1455, 1423, 1416, 1412, 1411, 1409, 1408, 1321, 1320 , 1319, 1281, 1244, 1186, 1170, 1156, 1108, 1004, 972, 931, 927, 912, and 644 contain no date or time references. 21. Virtual Terminal 21.1 Summary The RFC's which were categorized into this group were Telnet and its many extensions, as well as the Secure SHell (SSH) protocol. The X window system was not considered since it is not an IETF protocol. Official acknowledgment by the trustee's of the X window system was given that they will examine the protocol. Unencrypted Telnet and TN3270 have both been found to be Year 2000 Compliant. The SSH protocols are also Year 2000 compliant. 21.2 Specifics RFC 1013 on the X Windows version 11 alpha protocol defines are 32 bit unsigned integer timestamp in Section 4. RFCs 2066, 1647, 1576, 1572, 1571, 1372, 1282, 1258, 1221, 1205, 1184, 1143, 1116, 1097, 1096, 1091, 1080, 1079, 1073, 1053, 1043, 1041, 1005, 946, 933, 930, 929, 907, 885, 884, 878, 861, 860, 859, 858, 857, 856, 855, 854, 851, 818, 802, 782, 779, 764, 749, 748, 747, 746, 736, 735, 734, 732, 731, 729, 728, 727, 726, 721, 719, 718, 701, 698, 658, 657, 656, 655, 654, 653, 652, 651, 647, 636, 431, 399, 393, 386, 365, 352, 340, 339, 328, 311, 297, 231, and 215 contain no date or time references. RFCs 703, 702, 688, 679, 669, 659, 600, 596, 595, 587, 563, 562, 560, 559, 513, 495, 470, 466, 461, 447, 435, 377, 364, 318, 296 , 216, 206, 205, 177, 158, 139, 137, 110, 97 were unavailable. 22. Other 22.1 Summary This grouping was a hodge-podge of informational RFCs, April Fool's Jokes, IANA lists, and experimental RFCs. None were found to have any millennium issues. Nesser Informational [Page 27]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 199922.2 Specifics23. Security Considerations Although this document does consider the implications of various security protocols, there is no need for additional security considerations. The effect of a potential year 2000 problem may cause some security problems, but those problems are more of specific applications rather than protocol deficiencies introduced in this document. 24. References Because of the exhaustive nature of this investigation, the reader is referred to the list of published RFC's available from the IETF Secretariat or the RFC Editor, rather than republishing them here. 25. Editors' Address Philip J. Nesser II Nesser & Nesser Consulting 13501 100th Ave N.E. Suite 5202 Kirkland, WA 98052 Phone: 425-481-4303 EMail: [email protected] [email protected] Nesser Informational [Page 28]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 Appendix A: List of RFC's for each Area The following list contains the RFC's grouped by area that were searched for year 2000 problems. Each line contains three fields are separated by '::'. The first filed is the RFC number, the second field is the type of RFC (S = Standard, DS = Draft Standard, PS = Proposed Standard, E = Experimental, H = Historical, I = Informational, BC = Best Current Practice, ' '= No Type), and the third field is the Title. A.1 Autoconfiguration 1971 :: PS :: IPv6 Stateless Address Autoconfiguration 1970 :: PS :: Neighbor Discovery for IP Version 6 (IPv6) 1542 :: PS :: Clarifications and Extensions for the Bootstrap Protocol 1541 :: PS :: Dynamic Host Configuration Protocol 1534 :: PS :: Interoperation Between DHCP and BOOTP 1533 :: PS :: DHCP Options and BOOTP Vendor Extensions 1532 :: PS :: Clarifications and Extensions for the Bootstrap Protocol 1531 :: PS :: Dynamic Host Configuration Protocol 1497: : DS :: BOOTP Vendor Information Extensions 1395 :: DS :: BOOTP Vendor Information Extensions 1084 :: DS :: BOOTP vendor information extensions 1048 :: DS :: BOOTP vendor information extensions 951 :: DS :: Bootstrap Protocol 906 ::: : Bootstrap loading using TFTP A.2 Directory Services 2120 :: E :: Managing the X.500 Root Naming Context 2079 :: PS :: Definition of X.500 Attribute Types and an Object Class to Hold Uniform Resource Identifiers (URIs) 1943 :: I :: Building an X.500 Directory Service in the US 1914 :: PS :: How to interact with a Whois ++ mesh 1913 :: PS :: Architecture of the Whois ++ Index Service 1838 :: E :: Use of the X.500 Directory to support mapping between X.400 and RFC 822 Addresses 1837 :: E :: Representing Tables and Subtrees in the X.500 Directory 1836 :: E :: Representing the O / R Address hierarchy in the X.500 Directory Information Tree 1835 :: PS :: Architecture of the WHOIS ++ service 1834 :: I :: Whois and Network Information Lookup Service Whois ++ 1781 :: PS :: Using the OSI Directory to Achieve User Friendly Naming 1714 :: I :: Referral Whois Protocol (RWhois) 1684 :: I :: Introduction to White Pages services based on X.500 1637 :: E :: DNS NSAP Resource Records 1632 :: I :: A Revised Catalog of Available X.500 Implementations Nesser Informational [Page 29]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 1617 :: I :: Naming and Structuring Guidelines for X.500 Directory Pilots 1609 :: E :: Charting Networks in the X.500 Directory 1608 :: E :: Representing IP Information in the X.500 Directory 1588 :: I :: WHITE PAGES MEETING REPORT 1562 :: I :: Naming Guidelines for the AARNet X.500 Directory Service 1491 :: I :: A Survey of Advanced Usages of X.500 1488 :: PS :: The X.500 String Representation of Standard Attribute Syntaxes 1487 :: PS :: X.500 Lightweight Directory Access Protocol 1485 :: PS :: A String Representation of Distinguished Names 1484 :: E :: Using the OSI Directory to achieve User Friendly Naming 1430 :: I :: A Strategic Plan for Deploying an Internet X.500 Directory Service 1400 :: I :: Transition and Modernization of the Internet Registration Service 1384 :: I :: Naming Guidelines for Directory Pilots 1355 :: I :: Privacy and Accuracy Issues in Network Informati on Center Databases 1330 :: I :: Recommendations for the Phase I Deployment of OSI Directory Services (X.500) and OSI Message Handling Services (X.400) within the ESnet Community 1309 :: I :: Technical Overview of Directory Services Using the X.500 Protocol 1308 :: I :: Executive Introduction to Directory Services Using the X.500 Protocol 1292 :: I :: A Catalog of Available X.500 Implementations 1279 :: :: X.500 and Domains 1276 :: PS :: Replication and Distributed Operations extensions to provide an Internet Directory using X.500 1275 :: I :: Replication Requirements to provide an Internet Directory using X.500 1274 :: PS :: The COSINE and Internet X.500 Schema 1255 :: I :: A Naming Scheme for c = US 1218 :: :: A Naming Scheme for c = US 1202 :: I :: Directory Assistance Service 1107 :: :: Plan for Internet directory services 954 :: DS :: NICNAME / WHOIS 953 :: H :: hostname server 812 :: :: N ICNAME / WHOIS 756 :: :: NIC name server - a datagram-based information utility 752 :: :: Universal host table ============ ============ =============================================== Disk Sharing 1813: : I :: NFS Version 3 Protocol Specification 1094 :: H :: NFS: Network File System Protocol specification ============ ================ ========================================== Games and Chat 1459 :: E: : Internet Relay Chat Protocol Nesser Informational [Page 30]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 ==================================== ================================== Information Services & File Transfer 2122 :: PS :: VEMMI URL Specification 2070: : PS :: Internationalization of the Hypertext Markup Language 2068 :: PS :: Hypertext Transfer Protocol - HTTP / 1.1 2056 :: PS :: Uniform Resource Locators for Z39.50 2055 :: I :: WebNFS Server Specification 2054 :: I :: WebNFS Client Specification 2044 :: I :: UTF-8, a transformation format of Unicode and ISO 10646 2016 :: E :: Uniform Resource Agents (URAs) 1986 :: E :: Experiments with a Simple File Transfer Protocol for Radio Links using Enhanced Trivial File Transfer Protocol (ETFTP) 1980 :: I :: A Proposed Extension to HTML: Client-Side Image Maps 1960 :: PS :: A String Representation of LDAP Search Filters 1959 :: PS :: An LDAP URL Format 1945 :: I :: Hypertext Transfer Protocol - HTTP / 1.0 1942 :: E :: HTML Tables 1874 :: E :: SGML Med ia Types 1867 :: E :: Form-based File Upload in HTML 1866 :: PS :: Hypertext Markup Language - 2.50 Information Retrieval Protocol in the Internet Environment Nesser Informational [Page 31]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999 1728 :: I :: Resource Transponders 1727 :: I :: A Vision of an Integrated Internet Information Service 1639 :: E :: FTP Operation Over Big Address Records (FOOBAR ) 1633 :: I :: Integrated Services in the Internet Architecture 1630 :: I :: Universal Resource Identifiers in WWW 1625 :: I :: WAIS over Z39.50-1988 1558 :: I :: A String Representation of LDAP Search Filters 1554 :: I :: ISO-2022-JP-2: Multilingual Extension of ISO-2022-JP 1545 :: E :: FTP Operation Over Big Address Records (FOOBAR) 1530 :: I :: Principles of Operation for the TPC. INT Subdomain: General Principles and Policy 1529 :: I :: Principles of Operation for the TPC.INT Subdomain: Remote Printing - Administrative Policies 1528 :: E :: Principles of Operation for the TPC.Nesser Informational [Page 32]
RFC 2626 The Internet and the Millennium Problem (Year 2000) June 1999