rfc2804.txt

RFC 的详细文档！


RFC 2804               IETF Policy on Wiretapping               May 2000


   - Experience shows that human factors, not technology per se, is the
     biggest single source of such vulnerabilities.

   What this boils down to is that if effective tools for wiretapping
   exist, it is likely that they will be used as designed, for purposes
   legal in their jurisdiction, and also in ways they were not intended
   for, in ways that are not legal in that jurisdiction. When weighing
   the development or deployment of such tools, this should be borne in
   mind.

5. Utility considerations

   When designing any communications function, it is a relevant question
   to ask if such functions efficiently perform the task they are
   designed for, or whether the work spent in developing them is not, in
   fact, worth the benefit gained.

   Given that there are no specific proposals being developed in the
   IETF, the IETF cannot weigh proposals for wiretapping directly in
   this manner.

   However, as above, a few general observations can be made:

   - Wiretapping by copying the bytes passed between two users of the
     Internet with known, static points of attachment is not hard.
     Standard functions designed for diagnostic purposes can accomplish
     this.

   - Correlating users' identities with their points of attachment to
     the Internet can be significantly harder, but not impossible, if
     the user uses standard means of identification. However, this means
     linking into multiple Internet subsystems used for address
     assignment, name resolution and so on; this is not trivial.

   - An adversary has several simple countermeasures available to defeat
     wiretapping attempts, even without resorting to encryption. This
     includes Internet cafes and anonymous dialups, anonymous remailers,
     multi-hop login sessions and use of obscure communications media;
     these are well known tools in the cracker community.

   - Of course, communications where the content is protected by strong
     encryption can be easily recorded, but the content is still not
     available to the wiretapper, defeating all information gathering
     apart from traffic analysis.  Since Internet data is already in
     digital form, encrypting it is very simple for the end-user.






IAB & IESG                   Informational                      [Page 6]

RFC 2804               IETF Policy on Wiretapping               May 2000


   These things taken together mean that while wiretapping is an
   efficient tool for use in situations where the target of a wiretap is
   either ignorant or believes himself innocent of wrongdoing,
   Internet-based wiretapping is a less useful tool than might be
   imagined against an alerted and technically competent adversary.

6. Security Considerations

   Wiretapping, by definition (see above), releases information that the
   information sender did not expect to be released.

   This means that a system that allows wiretapping has to contain a
   function that can be exercised without alerting the information
   sender to the fact that his desires for privacy are not being met.

   This, in turn, means that one has to design the system in such a way
   that it cannot guarantee any level of privacy; at the maximum, it can
   only guarantee it as long as the function for wiretapping is not
   exercised.

   For instance, encrypted telephone conferences have to be designed in
   such a way that the participants cannot know to whom any shared
   keying material is being revealed.

   This means:

   - The system is less secure than it could be had this function not
     been present.

   - The system is more complex than it could be had this function not
     been present.

   - Being more complex, the risk of unintended security flaws in the
     system is larger.

   Wiretapping, even when it is not being exercised, therefore lowers
   the security of the system.














IAB & IESG                   Informational                      [Page 7]

RFC 2804               IETF Policy on Wiretapping               May 2000


7. Acknowledgements

   This memo is endorsed by the IAB and the IESG.

   Their membership is:

   IAB:

   Harald Alvestrand
   Randall Atkinson
   Rob Austein
   Brian Carpenter
   Steve Bellovin
   Jon Crowcroft
   Steve Deering
   Ned Freed
   Tony Hain
   Tim Howes
   Geoff Huston
   John Klensin


   IESG:

   Fred Baker
   Keith Moore
   Patrik Falstrom
   Erik Nordmark
   Thomas Narten
   Randy Bush
   Bert Wijnen
   Rob Coltun
   Dave Oran
   Jeff Schiller
   Marcus Leech
   Scott Bradner
   Vern Paxson
   April Marine

   The number of contributors to the discussion are too numerous to
   list.










IAB & IESG                   Informational                      [Page 8]

RFC 2804               IETF Policy on Wiretapping               May 2000


8. Author's Address

   This memo is authored by the IAB and the IESG.

   The chairs are:

   Fred Baker, IETF Chair
   519 Lado Drive
   Santa Barbara California 93111

   Phone: +1-408-526-4257
   EMail: fred@cisco.com


   Brian E. Carpenter, IAB Chair
   IBM
   c/o iCAIR
   Suite 150
   1890 Maple Avenue
   Evanston IL 60201
   USA

   EMail: brian@icair.org

9. References

   [RFC 1984]  IAB and IESG, "IAB and IESG Statement on Cryptographic
               Technology and the Internet", RFC 1984, August 1996.























IAB & IESG                   Informational                      [Page 9]

RFC 2804               IETF Policy on Wiretapping               May 2000


9. Full Copyright Statement

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.



















IAB & IESG                   Informational                     [Page 10]