rfc1273.txt

中、英文RFC文档大全打包下载完全版 .


RFC 1273                  A Measurement Study              November 1991


Network Appropriate Use and Privacy Issues

   When we performed our initial test runs of this study, we attempted
   to inform site administrators at each study site about this study, by
   posting a message on the USENET newsgroup "alt.security" and by
   sending individual electronic mail messages to site administrators.
   We also informed the Computer Emergency Response Team (CERT) at CMU
   of the study.  As a practical matter, informing all sites turned out
   to be quite difficult.  Part of the problem was that no channels
   exist to allow such information to be easily disseminated.
   Approximately half of the messages we sent to site administrators
   were returned by remote mail systems as undeliverable.  Moreover, the
   network traffic and remote site administrative load caused by the
   study announcement messages far outstripped the network and
   administrative load required by the study itself.  Some sites felt
   that the announcement was an unnecessary imposition of their time.

   In addition to these practical problems, a broad announcement of this
   study could affect the measurements it attempts to gather.  Some
   sites would likely react to the announcement by changing the
   reachability of their services.  Asking for explicit permission from
   sites would yield even worse methodological problems, as this would
   have provided a self-selected study group consisting of sites that
   are less likely to disconnect from the Internet.

   In contrast with our attempts to announce the study, running the
   study without announcing it caused only a small number of site
   administrators to notice the traffic and inquire about it to either
   the CERT or to one of the responsible network contacts at the
   University of Colorado.  The remote site administrator and network
   overhead of announcing the the study, coupled with the practical and
   methodological problems of announcing the study, lead us to prefer to
   run the study without further broad announcements.  Yet, to avoid
   causing alarm at a site detecting our network measurement activity,
   it makes sense to announce the study.

   To resolve this problem, we discussed the study with the Internet
   Activities Board, Internet Engineering Steering Group, National
   Science Foundation, representatives of several U.S.  regional
   networks, and a number of individuals involved with network security,
   including the Computer Emergency Response Team, members of the
   Internet Engineering Task Force Security and Advisory Group, and a
   member of the Lawrence Livermore National Laboratory Computer
   Incident Advisory Capability.  The first part of our efforts resulted
   in the production of Internet Request For Comments (RFC) number 1262
   [Cerf 1991].  Beyond this, we have agreed that the appropriate action
   at this point is to announce the study well ahead of running it via
   the current RFC, augmented with an electronic posting that briefly



Schwartz                                                        [Page 5]

RFC 1273                  A Measurement Study              November 1991


   describes the study goals and methodology and points to this RFC.
   That announcement will be posted to the Internet Engineering Task
   Force mailing list, the comp.protocols.tcp-ip USENET bulletin board,
   and the Computer Emergency Response Team's cert-tools mailing list.
   Moreover, in case a site misses these announcements, we will run the
   measurement software in a fashion intended to minimize the effort a
   site administrator might expend to determine the nature of the
   activity after detecting it.  In particular, we will run the program
   from an account called "testnet" on a machine with few other users
   logged in.  "Fingering" [Zimmerman 1990] this machine will indicate
   the testnet login.  "Fingering" the testnet login will return
   information about this study.

   The data collected by this study is somewhat sensitive to privacy and
   security concerns, in the sense that it might be used as a "road map"
   of accessible network services.  We will treat the raw data as
   private information, publishing measurements only in global
   statistical terms, divorced from the actual sites that make up the
   underlying data points.  We previously carried out a study with much
   larger privacy implications than the current study [Schwartz & Wood
   1991], and successfully masked the data to protect individual
   privacy.

For Further Information

   Information about the general research program within which this
   study fit is available by anonymous FTP from latour.cs.colorado.edu,
   in pub/RD.Papers.  This directory contains a "README" file that
   describes the overall research project (which focuses on resource
   discovery), and includes a bibliography.  Particularly relevant are:

      o [Schwartz 1991b], a project overview;

      o [Schwartz 1991a], about an earlier, simpler  version  of  the
        current study;

      o [Schwartz & Tsirigotis 1991b], about the netfind white  pages
        tool;

      o [Schwartz & Tsirigotis 1991a], which considers  a  number  of
        the  techniques  used in this experiment, including those for
        controlling the progress of the measurements;

        and

      o [Schwartz & Wood 1991], about an earlier study we carried out
        that  raises  significant  potential  privacy  questions, for
        which we carefully masked the underlying data, presenting the



Schwartz                                                        [Page 6]

RFC 1273                  A Measurement Study              November 1991


        results without sacrificing individual privacy.

        Also:

      o [Cerf  1991],  IAB  guidelines   for   Internet   measurement
        activity.

   Once the results of this study are complete, we will publish them in
   a conference or journal, as well as by anonymous FTP.

Communication With Principal Investigator

   If you would like to have your site removed from this study, or you
   would like to be added to the list of people who receive results from
   this study, or you would like to communicate with the Principal
   Investigator for some other reason, please send electronic mail to
   schwartz@cs.colorado.edu.

References

   [Cerf 1991]
             Cerf, V., Editor, "Guidelines for Internet Measurement
             Activities", RFC 1262, IAB, October 1991.

   [Schwartz & Tsirigotis 1991a]
             Schwartz M., and P. Tsirigotis, "Techniques for
             Supporting Wide Area Distributed Applications", Technical
             Report CU-CS-519-91, Department of Computer Science,
             University of Colorado, Boulder, Colorado, February 1991;
             Revised August 1991.  Submitted for publication.

   [Schwartz & Tsirigotis 1991b]
             Schwartz M., and P. Tsirigotis "Experience with a
             Semantically Cognizant Internet White Pages Directory
             Tool", Journal of Internetworking: Research and Experience,
             2(1), pp. 23-50, March 1991.

   [Schwartz 1991a]
             Schwartz, M., "The Great Disconnection?", Technical Report
             CU-CS-521-91, Department of Computer Science, University of
             Colorado, Boulder, Colorado, February 1991.

   [Schwartz & Wood 1991]
             Schwartz M., and D. Wood, "A Measurement Study of
             Organizational Properties in the Global Electronic Mail
             Community", Technical Report CU-CS- 482-90, Department of
             Computer Science, University of Colorado, Boulder, Colorado,
             August 1990; Revised July 1991.  Submitted for publication.



Schwartz                                                        [Page 7]

RFC 1273                  A Measurement Study              November 1991


   [Schwartz 1991b]
             Schwartz, M., "Resource Discovery in the Global Internet",
             Technical Report CU-CS-555-91, Department of Computer
             Science, University of Colorado, Boulder, Colorado,
             November 1991.  Submitted for publication.

   [Zimmerman 1990]
             Zimmerman, D., "The Finger User Information Protocol",
             RFC 1194, Center for Discrete Mathematics and Theoretical
             Computer Science, November 1990.

Security Considerations

   Security issues are discussed in the "Network Appropriate Use and
   Privacy Issues" section.

Author's Address

   Michael F. Schwartz
   Department of Computer Science
   Campus Box 430
   University of Colorado
   Boulder, Colorado 80309-0430

   Phone:  (303) 492-3902

   EMail: schwartz@cs.colorado.edu
























Schwartz                                                        [Page 8]