rfc2057.txt

中、英文RFC文档大全打包下载完全版 .

RFC 2057             Source Directed Access Control        November 1996


4.3  World Wide Web (WWW).

   Fast becoming the most well known method of communicating on the
   Internet, the "World Wide Web" offers users the easy ability to
   locate and view a vast array of content on the Internet.  The Web
   uses a "hypertext" formatting language called hypertext markup
   language (HTML), and Web "browsers" can display HTML documents
   containing text, images, and sound.  Any HTML document can include
   links to other types of information or resources anywhere in the
   world, so that while viewing an HTML document that, for example,
   describes resources available on the Internet, an individual can
   "click" using a computer mouse on the description of the resource and
   be immediately connected to the resource itself.  Such "hyperlinks"
   allow information to be accessed and organized in very flexible ways,
   and allow individuals to locate and efficiently view related
   information even if the information is stored on numerous computers
   all around the world.

   Unlike with USENET newsgroups, mail exploders, FTP, and gopher, an
   operator of a World Wide Web server does have some ability to
   interrogate a user of a Web site on the server, and thus has some
   ability to screen out users.  An HTML document can include a fill-in-
   the-blank "form" to request information from a visitor to a Web site,
   and this information can be transmitted back to the Web server.  The
   information received can then be processed by a computer program
   (usually a "Common Gateway Interface," or "CGI," script), and based
   on the results of that computer program the Web server could grant or
   deny access to a particular Web page.  Thus, it is possible for some
   (but not all, as discussed below) World Wide Web sites to be designed
   to "screen" visitors to ensure that they are adults.

   The primary barrier to such screening is the administrative burden of
   creating and maintaining the screening system.  For an individual Web
   site to create a software system capable of screening thousands of
   visitors a day, determining (to the extent possible) whether a
   visitor is an adult or a minor, and maintaining a database to allow
   subsequent access to the Web site would require a significant on-
   going effort.  Moreover, as discussed above with regard to electronic
   mail, the task of actually establishing a Web visitor's identity or
   "verifying" a credit card would require a significant investment of
   administrative and clerical time.  As there is no effective method to
   establish identity over the Internet, nor is there currently a method
   to verify credit card numbers over the Internet (and given the
   current cost of credit card verifications done by other means), this
   type of identification process is only practical for a commercial
   entity that is charging for access to the Web information.





Bradner                      Informational                     [Page 16]

RFC 2057             Source Directed Access Control        November 1996


   Beyond the major administrative burden that would be required for a
   Web site host to comply with the Communications Decency Act, there
   are two additional problems presented by the Act.  First, many Web
   publishers cannot utilize computer programs such as CGI scripts to
   process input from a Web visitor.  For example, I have been informed
   that the major online services such as America Online and Compuserve
   do not allow their customers to run CGI scripts or other processes
   that could be a significant drain on the online services' computers
   as well as a potential security risk.  Thus, for this category of Web
   publisher, the Communications Decency Act works as a ban on any
   arguably "indecent" or "patently offensive" speech.  It is impossible
   for this category of Web publisher to control access to their Web
   sites.

   Moreover, even for Web publishers who can use CGI scripts to screen
   access, the existence of Web page caching on the Internet can make
   such screening ineffective.  "Caching" refers to a method to speed up
   access to Internet resources.  Caching is often used at one or both
   ends of, for example, a transatlantic or transpacific cable that
   carries Internet communications.  An example of caching might occur
   when a Internet user in Europe requests access to a World Wide Web
   page located in the United States.  The request travels by
   transatlantic cable to the United States, and the Web page is
   transmitted back across the ocean to Europe (and ultimately to the
   user who requested access).  But, the operator of the transatlantic
   cable will place the Web page in a storage "cache" located on the
   European side of the cable.  Then, if a second Internet user in
   Europe requests the same Web page, the operator of the transatlantic
   cable will intercept the request and provide the page from its
   "cache" (thereby reducing traffic on the transatlantic cable).  This
   type of caching typically occurs without the awareness of the
   requesting user.  Moreover, in this scenario, the original content
   provider is not even aware that the second user requested the Web
   page--and the original content provider has no opportunity to screen
   the access by the second user.  Nevertheless, the original content
   provider risks prosecution if the content is "adult" content and the
   second requester is a minor.  The use of caching web servers is
   rapidly increasing within the United States (mostly to help moderate
   the all too rapid growth in Internet traffic), and thus can affect
   entirely domestic communications.  For example, a growing number of
   universities use caching web servers to reduce the usage of the link
   to their Internet service provider.  In light of this type of
   caching, efforts to screen access to Web pages can only at best be
   partially effective.







Bradner                      Informational                     [Page 17]

RFC 2057             Source Directed Access Control        November 1996


   In light of the existence of Web page caching on the Internet, it
   would be extremely difficult if not impossible to for someone
   operating a World Wide Web server to ensure that no minors received
   "adult" content.

   Moreover, for those Web page publishers who lack access to CGI
   scripts, there is no possible way for them to screen recipients to
   ensure that all recipients are over 17 years of age.  For these
   content providers, short of not supporting World Wide Web access to
   their materials, I know of no actions available to them that would be
   reasonably effective at preventing minors from having access to
   "adult" files on a World Wide Web server.  Requiring such screening
   by these Web publishers to prevent minors from accessing files that
   might be "indecent" or "patently offensive" to a minor would have the
   effect of banning their speech on the World Wide Web.

   The Web page caching described above contributes to the difficulty of
   determining with specificity the number of visitors to a particular
   Web site.  Some Web servers can count how many different Web clients,
   some of which could be caching Web servers, requested access to a Web
   site.  Some Web servers can also count how many "hits"--or separate
   file accesses--were made on a particular Web site (a single access to
   a Web page that contains a images or graphic icons would likely be
   registered as more than one "hit").  With caching, the actual number
   of users that retrieved information that originated on a particular
   Web server is likely to be greater than the number of "hits" recorded
   for the server.

5.0  Client-end Blocking

   As detailed above, for many important methods of communication on the
   Internet, the senders--the content providers--have no ability to
   ensure that their messages are only available to adults.  It is also
   not possible for a Internet service provider or large institutional
   provider of access to the Internet (such as a university) to screen
   out all or even most content that could be deemed "indecent" or
   "patently offensive" (to the extent those terms can be understood at
   all).  A large institution could at least theoretically screen a
   portion of the communications over the Internet, scanning for example
   for "indecent" words, but not pictures.  Such a screening program
   capable of screening a high volume of Internet traffic at the point
   of its entry into the institution would require an investment of
   computing resources of as much as one million dollars per major
   Internet information conduit.  In addition it would be quit difficult
   to configure such a system to only control the content for those
   users that are under-age recipients, since in many cases the
   information would be going to a server within the university where
   many users, under-age and not, would have access to it.



Bradner                      Informational                     [Page 18]

RFC 2057             Source Directed Access Control        November 1996


   Based on my experience and knowledge of the Internet, I believe that
   the most effective way to monitor, screen, or control the full range
   of information transmitted over the Internet to block undesired
   content is at the client end--that is, by using software installed in
   the individual user's computer.  Such software could block certain
   forms of incoming transmissions by using content descriptive tags in
   the messages, or could use content ratings developed by third parties
   to select what can and cannot be retrieved for display on a user's
   computer.

6.0  Tagging Material

   I am informed that the government in this action may advocate the use
   of special tags or flags in electronic mail messages, USENET
   newsgroup postings, and World Wide Web HTML documents to indicate
   "adult" material.  To my knowledge, no Internet access software or
   World Wide Web browsers are currently configurable to block material
   with such tags.  Thus, the headers and flags the government may
   advocate is currently an ineffective means to ensure the blocking of
   access by minors to "adult" material.  Even in a predictable future
   where there are defined standards for such tags and there are
   readably available browsers that are configurable to make use of
   those tags, a content provider--e.g., a listserv or Newsgroup poster
   or a Web page author--will have little power to ensure that the
   client software used to receive the postings was in all cases
   properly configured to recognize these tags and to block access to
   the posting when required.  Thus I feel that the tagging that may be
   proposed by the government would in fact not be "effective" in
   ensuring that the poster's speech would not be "available to a person
   under 18 years of age," as the Communications Decency Act requires.
   Although I strongly support both voluntary self-rating and third-
   party rating (as described in the preceding paragraph), I do not feel
   that the use of tags of this type would satisfy the speaker's
   obligation to take effective actions to ensure that "patently
   offensive" material would not be "available" to minors.  Furthermore,
   since it is impossible to embed such flags or headers in many of the
   documents currently made available by anonymous FTP, gopher and the
   World Wide Web without rendering the files useless (executable
   programs for example), any government proposal to require the use of
   tags to indicate "adult" material would not allow the continued use
   of those methods of communication for speech that might be deemed
   "indecent" or "patently offensive."

   With the exception of electronic mail and e-mail exploders all of the
   methods of Internet communications discussed above require an
   affirmative action by the listener before the communication takes
   place.  A listener must take specific action to receive
   communications from USENET newsgroups, Internet Relay Chat, gopher,



Bradner                      Informational                     [Page 19]

RFC 2057             Source Directed Access Control        November 1996


   FTP, and the World Wide Web.  In general this is also true for e-mail
   exploders except in the case where a third party subscribes the user
   to the exploder list.  These communications over the Internet do not
   "invade" a person's home or appear on a person's computer screen
   unbidden.  Instead, a person must almost always take specific
   affirmative steps to receive information over the Internet.

7.0  Acknowledgment

   I owe a great deal of thanks to John Morris of Jenner and Block, one
   of the law firms involved in the CDA challenge.  Without his
   extensive help this document would not exist, or if it did, it would
   be even more scattered.

8.0 Security Considerations

   To be actually able to do the type of content access control that the
   CDA envisions would require a secure Internet infrastructure along
   with secure ways to determine the minor status of potential
   reciepiants around the world.  Developing such a system is outside of
   the scope of this document.

9.0 Author's Address

   Scott Bradner
   Harvard University
   1350 Mass Ave.
   Cambridge MA 02138 USA

   Phone: +1 617 495 3864
   EMail: sob@harvard.edu




















Bradner                      Informational                     [Page 20]