📄 rfc2057.txt
字号:
Bradner Informational [Page 5]
RFC 2057 Source Directed Access Control November 1996
This separate preliminary communication is required because with
electronic mail, there is a complete electronic and temporal
"disconnect" between the sender and recipient. Electronic mail can
be routed through numerous computers between the sender and the
recipient, and the recipient may not "log in" to retrieve mail until
days or even weeks after the sender sent the mail. Thus, at no point
in time is there any direct or even indirect electronic linkage
between sender and recipient that would allow the sender to
interrogate the recipient prior to sending an e-mail. Thus,
unavoidably, the Communications Decency Act requires that the sender
incur the administrative (and in some cases financial) cost of an
entirely separate exchange of communications between sender and
recipient prior to the sender having sufficient information to ensure
that the recipient is an adult. Even if the sender were to
establish that an e-mail addressee is not a minor, the sender could
not be sure that the addressee was not sharing their computer account
with someone else, as is frequently done, who is a minor.
If an e-mail is part of a commercial transaction of sufficient value
to justify the time and expense of obtaining payment via credit card
from the e-mail addressee, an e-mail sender may be able to utilize
the credit card or debit account options set out in the
Communications Decency Act. At this time, however, one cannot verify
a credit or debit transaction over the Internet, and thus an e-mail
speaker would have to incur the expense of verifying the transaction
via telephone or separate computer connection to the correct banking
entity. Because of current concerns about data security on the
Internet, such an e-mail credit card transaction would likely also
require that the intended e-mail recipient transmit the credit card
information to the e-mail sender via telephone or the postal service.
Similarly, utilizing the "adult access code" or "adult personal
identification number" options set out in the statute would at this
time require the creation and maintenance of a database of adult
codes. While such a database would not be an insurmountable
technological problem, it would require a significant amount of human
clerical time to create and maintain the information. As with the
credit or debit transactions, an adult code database would also
likely require that information be transmitted by telephone or postal
mail.
Moreover, such an adult access code would likely be very ineffective
at screening access by minors. For the adult access code concept to
work at all, any such code would have to be transmitted over the
Internet, and thus would be vulnerable to interception and
disclosure. Any sort of "information based" code--that is, a code
that consists of letters and numbers transmitted in a message--could
be duplicated and circulated to other users on the Internet. It is
Bradner Informational [Page 6]
RFC 2057 Source Directed Access Control November 1996
highly likely that valid adult access codes would themselves become
widely distributed on the Internet, allowing industrious minors to
obtain a valid code and thus obtain access the material sought to be
protected.
A somewhat more effective alternative to this type of "information
based" access code would be to link such a code to the unique 32-bit
numeric "IP" addresses of networks and computers on the Internet.
Under this approach, "adult" information would only be transmitted to
the particular computer with the "approved" IP address. For tens of
millions of Internet users, however, IP addresses for a given access
session are dynamically assigned at the time of the access, and those
users will almost certainly utilize different IP addresses in
succeeding sessions. For example, users of the major online services
such as America Online (AOL) are only allocated a temporary IP
address at the time they link to the service, and the AOL user will
not retain that IP address in later sessions. Also, as discussed
above, the use of "firewalls" can dynamically alter the apparent IP
address of computers accessing the Internet. Thus, any sort of IP
address-based screening system would exclude tens of millions of
potential recipients, and thus would not be a viable screening
option.
At bottom, short of incurring the time and expense of obtaining and
charging the e-mail recipient's credit card, there are no reasonably
effective methods by which an e-mail sender can verify the identity
or age of an intended e-mail recipient even in a one-to-one
communication to a degree of confidence sufficient to ensure
compliance with the Communications Decency Act (and avoid the Act's
criminal sanction).
3.2 Point-to-Multipoint Communications
The difficulties described above for point-to-point communications
are magnified many times over for point-to-multipoint communications.
In addition, for almost all major types of point-to-multipoint
communications on the Internet, there is a technological obstacle
that makes it impossible or virtually impossible for the speaker to
control who receives his or her speech. For these types of
communications over the Internet, reasonably effective compliance
with the Communications Decency Act is impossible.
3.2.1 Mail Exploders
Essentially an extension of electronic mail allowing someone to
communicate with many people by sending a single e-mail, "mail
exploders" are an important means by which the Internet user can
exchange ideas and information on particular topics with others
Bradner Informational [Page 7]
RFC 2057 Source Directed Access Control November 1996
interested in the topic. "Mail exploders" is a generic term covering
programs such as "listserv" and "Majordomo." These programs typically
receive electronic mail messages from individual users, and
automatically retransmit the message to all other users who have
asked to receive postings on the particular list. In addition to
listserv and Majordomo, many e-mail retrieval programs contain the
option to receive messages and automatically forward the messages to
other recipients on a local mailing list.
Mail exploder programs are relatively simple to establish. The
leading programs such as listserv and Majordomo are available for
free, and once set up can generally run unattended. There is no
practical way to measure how many mailing lists have been established
worldwide, but there are certainly tens of thousands of such mailing
lists on a wide range of topics.
With the leading mail exploder programs, users typically can add or
remove their names from the mailing list automatically, with no
direct human involvement. To subscribe to a mailing list, a user
transmits an e-mail to the automated list program. For example, to
subscribe to the "Cyber-Rights" mailing list (relating to censorship
and other legal issues on the Internet) one sends e-mail addressed to
"listserv@cpsr.org" and includes as the first line of the body of the
message the words "subscribe cyber-rights name" (inserting a person's
name in the appropriate place). In this example, the listserv
program operated on the cpsr.org computer would automatically add the
new subscriber's e-mail address to the mailing list. The name
inserted is under the control of the person subscribing, and thus may
not be the actual name of the subscriber.
A speaker can post to a mailing list by transmitting an e-mail
message to a particular address for the mailing list. For example,
to post a message to the "Cyber-Rights" mailing list, one sends the
message in an e-mail addressed to "cyber-rights@cpsr.org". Some
mailing lists are "moderated," and messages are forwarded to a human
moderator who, in turn, forwards messages that moderator approves of
to the whole list. Many mailing lists, however, are unmoderated and
postings directed to the appropriate mail exploder programs are
automatically distributed to all users on the mailing list. Because
of the time required to review proposed postings and the large number
of people posting messages, most mailing lists are not moderated.
Bradner Informational [Page 8]
RFC 2057 Source Directed Access Control November 1996
An individual speaker posting to a mail exploder mailing list cannot
control who has subscribed to the particular list. In many cases,
the poster cannot even find out the e-mail address of who has
subscribed to the list. A speaker posting a message to a list thus
has no way to screen or control who receives the message. Even if
the mailing list is "moderated," an individual posting to the list
still cannot control who receives the posting.
Moreover, the difficulty in knowing (and the impossibility of
controlling) who will receive a posting to a mailing list is
compounded by the fact that it is possible that mail exploder lists
can themselves be entered as a subscriber to a mailing list. Thus,
one of the "subscribers" to a mailing list may in fact be another
mail exploder program that re-explodes any messages transmitted using
the first mailing list. Thus, a message sent to the first mailing
list may end up being distributed to many entirely separate mailing
lists as well.
Based on the current operations and standards of the Internet, it
would be impossible for someone posting to a listserv to screen
recipients to ensure the recipients were over 17 years of age. Short
of not speaking at all, I know of no actions available to a speaker
today that would be reasonably effective at preventing minors from
having access to messages posted to mail exploder programs.
Requiring such screening for any messages that might be "indecent" or
"patently offensive" to a minor would have the effect of banning such
messages from this type of mailing list program.
Even if one could obtain a listing of the e-mail addresses that have
subscribed to a mailing list, one would then be faced with the same
obstacles described above that face a point-to-point e-mail sender.
Instead of obtaining a credit card or adult access code from a single
intended recipient, however, a posted to a mailing list may have to
obtain such codes from a thousand potential recipients, including new
mailing list subscribers who may have only subscribed moments before
the poster wants to post a message. As noted above, complying with
the Communications Decency Act for a single e-mail would be very
difficult. Complying with the Act for a single mailing list posting
with any reasonable level of effectiveness is impossible.
3.2.2 USENET Newsgroups.
One of the most popular forms of communication on the Internet is the
USENET newsgroup. USENET newsgroups are similar in objective to mail
exploder mailing lists--to be able to communicate easily with others
who share an interest in a particular topic--but messages are
conveyed across the Internet in a very different manner.
Bradner Informational [Page 9]
RFC 2057 Source Directed Access Control November 1996
USENET newsgroups are distributed message databases that allow
discussions and exchanges on particular topics. USENET newsgroups
are disseminated using ad hoc, peer-to-peer connections between
200,000 or more computers (called USENET "servers") around the world.
There are newsgroups on more than twenty thousand different subjects.
Collectively, almost 100,000 new messages (or "articles") are posted
to newsgroups each day. Some newsgroups are "moderated" but most
are open access.
For unmoderated newsgroups, when an individual user with access to a
USENET server posts a message to a newsgroup, the message is
automatically forwarded to adjacent USENET servers that furnish
access to the newsgroup, and it is then propagated to the servers
adjacent to those servers, etc. The messages are temporarily stored
on each receiving server, where they are available for review and
response by individual users. The messages are automatically and
periodically purged from each system after a configurable amount of
time to make room for new messages. Responses to messages--like the
original messages--are automatically distributed to all other
computers receiving the newsgroup. The dissemination of messages to
USENET servers around the world is an automated process that does not
require direct human intervention or review.
An individual who posts a message to a newsgroup has no ability to
monitor or control who reads the posted message. When an individual
posts a message, she transmits it to a particular newsgroup located
on her local USENET server. The local service then automatically
routes the message to other servers (or in some cases to a
moderator), which in turn allow the users of those servers to read
the message. The poster has no control over the handling of her
message by the USENET servers worldwide that receive newsgroups.
Each individual server is configured by its local manager to
determine which newsgroups it will accept. There is no mechanism to
permit distribution based on characteristics of the individual
messages within a newsgroup.
The impossibility of the speaker controlling the message distribution
is made even more clear by the fact that new computers and computer
networks can join the USENET news distribution system at any time.
To obtain newsgroups, the operator of a new computer or computer
network need only reach agreement with a neighboring computer that
already receives the newsgroups. Speakers around the world do not
learn that the new computer had joined the distribution system.
Thus, just as a speaker cannot know or control who receives a
message, the speaker does not even know how many or which computers
might receive a given newsgroup.
Bradner Informational [Page 10]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -