rfc2057.txt

中、英文RFC文档大全打包下载完全版 .

Bradner                      Informational                      [Page 5]

RFC 2057             Source Directed Access Control        November 1996


   This separate preliminary communication is required because with
   electronic mail, there is a complete electronic and temporal
   "disconnect" between the sender and recipient.  Electronic mail can
   be routed through numerous computers between the sender and the
   recipient, and the recipient may not "log in" to retrieve mail until
   days or even weeks after the sender sent the mail.  Thus, at no point
   in time is there any direct or even indirect electronic linkage
   between sender and recipient that would allow the sender to
   interrogate the recipient prior to sending an e-mail.  Thus,
   unavoidably, the Communications Decency Act requires that the sender
   incur the administrative (and in some cases financial) cost of an
   entirely separate exchange of communications between sender and
   recipient prior to the sender having sufficient information to ensure
   that the recipient is an adult.   Even if the sender were to
   establish that an e-mail addressee is not a minor, the sender could
   not be sure that the addressee was not sharing their computer account
   with someone else, as is frequently done, who is a minor.

   If an e-mail is part of a commercial transaction of sufficient value
   to justify the time and expense of obtaining payment via credit card
   from the e-mail addressee, an e-mail sender may be able to utilize
   the credit card or debit account options set out in the
   Communications Decency Act.  At this time, however, one cannot verify
   a credit or debit transaction over the Internet, and thus an e-mail
   speaker would have to incur the expense of verifying the transaction
   via telephone or separate computer connection to the correct banking
   entity.  Because of current concerns about data security on the
   Internet, such an e-mail credit card transaction would likely also
   require that the intended e-mail recipient transmit the credit card
   information to the e-mail sender via telephone or the postal service.

   Similarly, utilizing the "adult access code" or "adult personal
   identification number" options set out in the statute would at this
   time require the creation and maintenance of a database of adult
   codes.  While such a database would not be an insurmountable
   technological problem, it would require a significant amount of human
   clerical time to create and maintain the information.  As with the
   credit or debit transactions, an adult code database would also
   likely require that information be transmitted by telephone or postal
   mail.

   Moreover, such an adult access code would likely be very ineffective
   at screening access by minors.  For the adult access code concept to
   work at all, any such code would have to be transmitted over the
   Internet, and thus would be vulnerable to interception and
   disclosure.  Any sort of "information based" code--that is, a code
   that consists of letters and numbers transmitted in a message--could
   be duplicated and circulated to other users on the Internet.  It is



Bradner                      Informational                      [Page 6]

RFC 2057             Source Directed Access Control        November 1996


   highly likely that valid adult access codes would themselves become
   widely distributed on the Internet, allowing industrious minors to
   obtain a valid code and thus obtain access the material sought to be
   protected.

   A somewhat more effective alternative to this type of "information
   based" access code would be to link such a code to the unique 32-bit
   numeric "IP" addresses of networks and computers on the Internet.
   Under this approach, "adult" information would only be transmitted to
   the particular computer with the "approved" IP address.  For tens of
   millions of Internet users, however, IP addresses for a given access
   session are dynamically assigned at the time of the access, and those
   users will almost certainly utilize different IP addresses in
   succeeding sessions.  For example, users of the major online services
   such as America Online (AOL) are only allocated a temporary IP
   address at the time they link to the service, and the AOL user will
   not retain that IP address in later sessions.  Also, as discussed
   above, the use of "firewalls" can dynamically alter the apparent IP
   address of computers accessing the Internet.  Thus, any sort of IP
   address-based screening system would exclude tens of millions of
   potential recipients, and thus would not be a viable screening
   option.

   At bottom, short of incurring the time and expense of obtaining and
   charging the e-mail recipient's credit card, there are no reasonably
   effective methods by which an e-mail sender can verify the identity
   or age of an intended e-mail recipient even in a one-to-one
   communication to a degree of confidence sufficient to ensure
   compliance with the Communications Decency Act (and avoid the Act's
   criminal sanction).

3.2 Point-to-Multipoint Communications

   The difficulties described above for point-to-point communications
   are magnified many times over for point-to-multipoint communications.
   In addition, for almost all major types of point-to-multipoint
   communications on the Internet, there is a technological obstacle
   that makes it impossible or virtually impossible for the speaker to
   control who receives his or her speech.  For these types of
   communications over the Internet, reasonably effective compliance
   with the Communications Decency Act is impossible.

3.2.1 Mail Exploders

   Essentially an extension of electronic mail allowing someone to
   communicate with many people by sending a single e-mail, "mail
   exploders" are an important means by which the Internet user can
   exchange ideas and information on particular topics with others



Bradner                      Informational                      [Page 7]

RFC 2057             Source Directed Access Control        November 1996


   interested in the topic.  "Mail exploders" is a generic term covering
   programs such as "listserv" and "Majordomo." These programs typically
   receive electronic mail messages from individual users, and
   automatically retransmit the message to all other users who have
   asked to receive postings on the particular list.  In addition to
   listserv and Majordomo, many e-mail retrieval programs contain the
   option to receive messages and automatically forward the messages to
   other recipients on a local mailing list.

   Mail exploder programs are relatively simple to establish.  The
   leading programs such as listserv and Majordomo are available for
   free, and once set up can generally run unattended.  There is no
   practical way to measure how many mailing lists have been established
   worldwide, but there are certainly tens of thousands of such mailing
   lists on a wide range of topics.

   With the leading mail exploder programs, users typically can add or
   remove their names from the mailing list automatically, with no
   direct human involvement.  To subscribe to a mailing list, a user
   transmits an e-mail to the automated list program.  For example, to
   subscribe to the "Cyber-Rights" mailing list (relating to censorship
   and other legal issues on the Internet) one sends e-mail addressed to
   "listserv@cpsr.org" and includes as the first line of the body of the
   message the words "subscribe cyber-rights name" (inserting a person's
   name in the appropriate place).  In this example, the listserv
   program operated on the cpsr.org computer would automatically add the
   new subscriber's e-mail address to the mailing list.  The name
   inserted is under the control of the person subscribing, and thus may
   not be the actual name of the subscriber.

   A speaker can post to a mailing list by transmitting an e-mail
   message to a particular address for the mailing list.  For example,
   to post a message to the "Cyber-Rights" mailing list, one sends the
   message in an e-mail addressed to "cyber-rights@cpsr.org".  Some
   mailing lists are "moderated," and messages are forwarded to a human
   moderator who, in turn, forwards messages that moderator approves of
   to the whole list.   Many mailing lists, however, are unmoderated and
   postings directed to the appropriate mail exploder programs are
   automatically distributed to all users on the mailing list.  Because
   of the time required to review proposed postings and the large number
   of people posting messages, most mailing lists are not moderated.










Bradner                      Informational                      [Page 8]

RFC 2057             Source Directed Access Control        November 1996


   An individual speaker posting to a mail exploder mailing list cannot
   control who has subscribed to the particular list.  In many cases,
   the poster cannot even find out the e-mail address of who has
   subscribed to the list.  A speaker posting a message to a list thus
   has no way to screen or control who receives the message.  Even if
   the mailing list is "moderated," an individual posting to the list
   still cannot control who receives the posting.

   Moreover, the difficulty in knowing (and the impossibility of
   controlling) who will receive a posting to a mailing list is
   compounded by the fact that it is possible that mail exploder lists
   can themselves be entered as a subscriber to a mailing list.  Thus,
   one of the "subscribers" to a mailing list may in fact be another
   mail exploder program that re-explodes any messages transmitted using
   the first mailing list.  Thus, a message sent to the first mailing
   list may end up being distributed to many entirely separate mailing
   lists as well.

   Based on the current operations and standards of the Internet, it
   would be impossible for someone posting to a listserv to screen
   recipients to ensure the recipients were over 17 years of age.  Short
   of not speaking at all, I know of no actions available to a speaker
   today that would be reasonably effective at preventing minors from
   having access to messages posted to mail exploder programs.
   Requiring such screening for any messages that might be "indecent" or
   "patently offensive" to a minor would have the effect of banning such
   messages from this type of mailing list program.

   Even if one could obtain a listing of the e-mail addresses that have
   subscribed to a mailing list, one would then be faced with the same
   obstacles described above that face a point-to-point e-mail sender.
   Instead of obtaining a credit card or adult access code from a single
   intended recipient, however, a posted to a mailing list may have to
   obtain such codes from a thousand potential recipients, including new
   mailing list subscribers who may have only subscribed moments before
   the poster wants to post a message.  As noted above, complying with
   the Communications Decency Act for a single e-mail would be very
   difficult.  Complying with the Act for a single mailing list posting
   with any reasonable level of effectiveness is impossible.

3.2.2  USENET Newsgroups.

   One of the most popular forms of communication on the Internet is the
   USENET newsgroup.  USENET newsgroups are similar in objective to mail
   exploder mailing lists--to be able to communicate easily with others
   who share an interest in a particular topic--but messages are
   conveyed across the Internet in a very different manner.




Bradner                      Informational                      [Page 9]

RFC 2057             Source Directed Access Control        November 1996


   USENET newsgroups are distributed message databases that allow
   discussions and exchanges on particular topics.   USENET newsgroups
   are disseminated using ad hoc, peer-to-peer connections between
   200,000 or more computers (called USENET "servers") around the world.
   There are newsgroups on more than twenty thousand different subjects.
   Collectively, almost 100,000 new messages (or "articles") are posted
   to newsgroups each day.   Some newsgroups are "moderated" but most
   are open access.

   For unmoderated newsgroups, when an individual user with access to a
   USENET server posts a message to a newsgroup, the message is
   automatically forwarded to adjacent USENET servers that furnish
   access to the newsgroup, and it is then propagated to the servers
   adjacent to those servers, etc.  The messages are temporarily stored
   on each receiving server, where they are available for review and
   response by individual users.  The messages are automatically and
   periodically purged from each system after a configurable amount of
   time to make room for new messages.  Responses to messages--like the
   original messages--are automatically distributed to all other
   computers receiving the newsgroup.  The dissemination of messages to
   USENET servers around the world is an automated process that does not
   require direct human intervention or review.

   An individual who posts a message to a newsgroup has no ability to
   monitor or control who reads the posted message.  When an individual
   posts a message, she transmits it to a particular newsgroup located
   on her local USENET server.  The local service then automatically
   routes the message to other servers (or in some cases to a
   moderator), which in turn allow the users of those servers to read
   the message.  The poster has no control over the handling of her
   message by the USENET servers worldwide that receive newsgroups.
   Each individual server is configured by its local manager to
   determine which newsgroups it will accept.   There is no mechanism to
   permit distribution based on characteristics of the individual
   messages within a newsgroup.

   The impossibility of the speaker controlling the message distribution
   is made even more clear by the fact that new computers and computer
   networks can join the USENET news distribution system at any time.
   To obtain newsgroups, the operator of a new computer or computer
   network need only reach agreement with a neighboring computer that
   already receives the newsgroups.  Speakers around the world do not
   learn that the new computer had joined the distribution system.
   Thus, just as a speaker cannot know or control who receives a
   message, the speaker does not even know how many or which computers
   might receive a given newsgroup.





Bradner                      Informational                     [Page 10]