rfc2057.txt

RFC 的详细文档！

Network Working Group                                         S. Bradner
Request for Comments: 2057                            Harvard University
Category: Informational                                    November 1996


             Source Directed Access Control on the Internet

Status of this Memo

   This memo provides information for the Internet community.  This memo
   does not specify an Internet standard of any kind.  Distribution of
   this memo is unlimited.

1.  Abstract

   This memo was developed from a deposition that I submitted as part of
   a challenge to the Communications Decency Act of 1996, part of the
   Telecommunications Reform Act of 1996.  The Telecommunications Reform
   Act is a U.S. federal law substantially changing the regulatory
   structure in the United States in the telecommunications arena.  The
   Communications Decency Act (CDA) part of this law has as its aim the
   desire to protect minors from some of the material carried over
   telecommunications networks.  In particular the law requires that the
   sender of potentially offensive material take "effective action" to
   ensure that it is not presented to minors.  A number of people have
   requested that I publish the deposition as an informational RFC since
   some of the information in it may be useful where descriptions of the
   way the Internet and its applications work could help clear up
   confusion in the technical feasibility of proposed content control
   regulations.

2.  Control and oversight over the Internet

   No organization or entity operates or controls the Internet.  The
   Internet consists of tens of thousands of local networks linking
   millions of computers, owned by governments, public institutions,
   non-profit organizations, and private companies around the world.
   These local networks are linked together by thousands of Internet
   service providers which interconnect at dozens of points throughout
   the world.  None of these entities, however, controls the Internet;
   each entity only controls its own computers and computer networks,
   and the links allowed into those computers and computer networks.

   Although no organizations control the Internet, a limited number of
   organizations are responsible for the development of communications
   and operational standards and protocols used on the Internet.  These
   standards and protocols are what allow the millions of different (and
   sometimes incompatible) computers worldwide to communicate with each



Bradner                      Informational                      [Page 1]

RFC 2057             Source Directed Access Control        November 1996


   other.  These standards and protocols are not imposed on any computer
   or computer network, but any computer or computer network must follow
   at least some of the standards and protocols to be able to
   communicate with other computers over the Internet.

   The most significant of the organizations involved in defining these
   standards include the Internet Society (ISOC), the Internet
   Architecture Board (IAB), Internet Engineering Steering Group (IESG),
   and the Internet Engineering Task Force (IETF).   The following
   summary outlines the relationship of these four organizations:

   The Internet Society (ISOC) is a professional society that is
   concerned with the growth and evolution of the worldwide Internet,
   with the way in which the Internet is and can be used, and with the
   social, political, and technical issues which arise as a result.  The
   ISOC Trustees are responsible for approving appointments to the IAB
   from among the nominees submitted by the IETF nominating committee
   and ratifying the IETF Standards Process.

   The Internet Architecture Board (IAB) is a technical advisory group
   of the ISOC.  It is chartered to provide oversight of the
   architecture of the Internet and its protocols, and to serve, in the
   context of the Internet standards process, as a body to which the
   decisions of the IESG may be appealed.  The IAB is responsible for
   approving appointments to the IESG from among the nominees submitted
   by the IETF nominations committee and advising the IESG on the
   approval of Working Group charters.

   The Internet Engineering Steering Group (IESG) is responsible for
   technical management of IETF activities and the Internet standards
   process.  As a part of the ISOC, it administers the process according
   to the rules and procedures which have been ratified by the ISOC
   Trustees.  The IESG is directly responsible for the actions
   associated with entry into and movement along the Internet "standards
   track," including final approval of specifications as Internet
   Standards.

   The Internet Engineering Task Force (IETF) is a self-organized group
   of people who make technical and other contributions to the
   engineering and evolution of the Internet and its technologies.  It
   is the principal body engaged in the development of new Internet
   standard specifications.  The IETF is divided into eight functional
   areas.  They are: Applications, Internet, IP: Next Generation,
   Network Management, Operational Requirements, Routing, Security,
   Transport and User Services.  Each area has one or two area
   directors.  These area directors, along with the IETF/IESG Chair,
   form the IESG.




Bradner                      Informational                      [Page 2]

RFC 2057             Source Directed Access Control        November 1996


   In addition to these organizations, there are a variety of other
   formal and informal groups that develop standards and agreements
   about specialized or emerging areas of the Internet.   For example,
   the World Wide Web Consortium has developed agreements and standards
   for the Web.

   None of these organizations controls, governs, runs, or pays for the
   Internet.  None of these organizations controls the substantive
   content available on the Internet.  None of these organizations has
   the power or authority to require content providers to alter, screen,
   or restrict access to content on the Internet other than content that
   they themselves create.

   Beyond the standards setting process, the only Internet functions
   that are centralized are the allocation of numeric addresses to
   networks and the registration of "domain names."  Three entities
   around the world share responsibility for ensuring that each network
   and computer on the Internet has a unique 32-bit numeric "IP" address
   (such as 123.32.22.132), and for ensuring that all "domain names"
   (such as "harvard.edu") are unique.  InterNIC allocates IP addresses
   for the Americas, and has counterparts in Europe and Asia.  InterNIC
   allocates large blocks of IP addresses to major Internet providers,
   who in turn allocate smaller blocks to smaller Internet providers
   (who in turn allocate even smaller blocks to other providers or end
   users).  InterNIC does not, however, reliably receive information on
   who receives each numeric IP address, and thus cannot provide any
   central database of computer addresses.  In addition, a growing
   number of computers access the Internet indirectly through address
   translating devices such as application "firewalls".  With these
   devices the IP address used by a computer on the "inside" of the
   firewall is translated to another IP address for transmission over
   the Internet.  The IP address used over the Internet can be
   dynamically assigned from a pool of available IP addresses at the
   time that a communication is initiated.  In this case the IP
   addresses used inside the firewall is not required to be globally
   unique and the IP addresses used over the Internet do not uniquely
   identify a specific computer.  Neither the InterNIC nor its
   counterparts in Europe and Asia control the substantive content
   available on the Internet, nor do they have the power or authority to
   require content providers to alter, screen, or restrict access to
   content on the Internet.










Bradner                      Informational                      [Page 3]

RFC 2057             Source Directed Access Control        November 1996


3.  Characteristics of Internet communications

   There are a wide variety of methods of communications over the
   Internet, including electronic mail, mail exploders such as listserv,
   USENET newsgroups, Internet Relay Chat, gopher, FTP, and the World
   Wide Web.  With each of these forms of communication, the speaker has
   little or no way to control or verify who receives the communication.

   As detailed below, for each of these methods of communications, it is
   either impossible or very difficult for the speaker to restrict
   access to his or her communications "by requiring use of a verified
   credit card, debit account, adult access code, or adult personal
   identification number." Similarly, for each of these methods of
   communication, there are no feasible actions that I know of that the
   speaker can take that would be reasonably effective to "restrict or
   prevent access by minors" to the speaker's communications.

   With each of these methods of communications, it is either
   technologically impossible or practically infeasible for the speaker
   to ensure that the speech is not "available" to a minor.  For most of
   these methods--mail exploders such as listserv, USENET newsgroups,
   Internet Relay Chat, gopher, FTP, and the World Wide Web--there are
   technological obstacles to a speaker knowing about or preventing
   access by minors to a communication.  Yet even for the basic point-
   to-point communication of electronic mail, there are practical and
   informational obstacles to a speaker ensuring that minors do not have
   access to a communication that might be considered "indecent" or
   "patently offensive" in some communities.

3.1 Point-to-Point Communications

3.1.1  Electronic Mail.

   Of all of the primary methods of communication on the Internet, there
   is the highest likelihood that the sender of electronic mail will
   personally know the intended recipient (and know the intended
   recipient's true e-mail address), and thus the sender (i.e., the
   speaker or content provider) may be able to transmit potentially
   "indecent" or "patently offensive" content with relatively little
   concern that the speech might be "available" to minors.

   There is significantly greater risk for the e-mail speaker who does
   not know the intended recipient.  As a hypothetical example, if an
   AIDS information organization receives from an unknown individual a
   request for information via electronic mail, the organization has no
   practical or effective way to verify the identity or age of the e-
   mail requester.




Bradner                      Informational                      [Page 4]

RFC 2057             Source Directed Access Control        November 1996


   An electronic mail address provides no authoritative information
   about the addressee.  Addresses are often chosen by the addressees
   themselves, and may or may not be based on the addressees' real
   names.  For millions of people with e-mail addresses, no additional
   information is available over the Internet.  Where information is
   available (via, for example, inquiry tools such as "finger"), it is
   usually provided by the addressee, and thus may not be accurate
   (especially in a case of a minor seeking to obtain information the
   government has restricted to adults).

   There exists no universal or even extensive "white pages" listing of
   e-mail addresses and corresponding names or telephone numbers.  Given
   the rapidly expanding and global nature of the Internet, any attempt
   as such a listing likely will be incomplete (and likely will not
   contain information about the age of the e-mail addressee).  Nor is
   there any systematic, practical, and efficient method to obtain the
   identity of an e-mail address holder from the organization or
   institution operating the addressee's computer system.

   Moreover, it is relatively simple for someone to create an e-mail
   "alias" to send and receive mail under a different name.  Thus, a
   given e-mail address may not even be the true e-mail address of the
   recipient.  On some systems, for example, an individual seeking to
   protect his or her anonymity could easily create a temporary e-mail
   address for the sole purpose of requesting information from an AIDS
   information resource.  In addition, there exist "anonymous remailers"
   which replace the original e-mail address on messages with a randomly
   chosen new one.  The remailer keeps a record of the relationship
   between the original and the replacement name so that return mail
   will get forwarded to the right person.  These remailers are used
   frequently for discussion or support groups on sensitive or
   controversial topics such as AIDS.

   Thus, there is no reasonably effective method by which one can obtain
   information from existing online information sources about an e-mail
   address sufficient to ensure that a given address is used by an adult
   and not a minor.

   Absent the ability to comply with the Communications Decency Act
   based on information from existing online information sources, an e-
   mail speaker's only recourse is to interrogate the intended e-mail
   recipient in an attempt to verify that the intended recipient is an
   adult.  Such verification inherently and unavoidably imposes the
   burden of an entirely separate exchange of communications prior to
   sending the e-mail itself, and is likely to be unreliable if the
   recipient intends to deceive the speaker.