1996-04-18 - Re: Protocols at the Point of a Gun

Header Data

From: Scott Brickner <sjb@universe.digex.net>
To: Jeff Barber <jeffb@sware.com>
Message Hash: 52445e33d61c499f0636575667160097076a8ec9fbf7149b336cb4ee26ffd148
Message ID: <199604172021.QAA01638@universe.digex.net>
Reply To: <199604171526.LAA30813@jafar.sware.com>
UTC Datetime: 1996-04-18 01:54:59 UTC
Raw Date: Thu, 18 Apr 1996 09:54:59 +0800

Raw message

From: Scott Brickner <sjb@universe.digex.net>
Date: Thu, 18 Apr 1996 09:54:59 +0800
To: Jeff Barber <jeffb@sware.com>
Subject: Re: Protocols at the Point of a Gun
In-Reply-To: <199604171526.LAA30813@jafar.sware.com>
Message-ID: <199604172021.QAA01638@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain

Jeff Barber writes:
>Scott Brickner writes:
>> Steve Reid writes:
>> >Really, the apropriate place for content filtering is at the application 
>> >layer. It *could* be done at the transport layer, but that's really not 
>> >the place for it.
>> Izzat so?  So explain to me what the difference between the PICS type
>> ratings and security classifications is.
>> Clearly the IETF believed that the network layer was an appropriate
>> place for general classification when they developed IPv4.  I haven't
>> verified it, but I suspect that IPv6 has (or will have) an appropriate
>> mechanism for indicating security classification.
>That's not at all clear.  The IETF did not sit down in committee and
>"develop IPv4" (thank god).  And I've not seen any evidence that it was
>designed with support for security labels in mind.

Nevertheless, security labels *already* exist in IPv4.

>Personally, I agree with Steve that, even though IP *may* be used to
>propagate security options, it isn't the "right" place.
>One problem with labeling things at the transport level is that this

Actually, we're talking about the network level.  The transport level
is where TCP and UDP reside, not IP, which has the security labels.

>requires support for the labels throughout the operating system(s) on
>which the "content" is generated (at least for a "real" multi-user system
>with a potentially mixed adult/child user base) or through which it flows.
>The operating system has to carry labels around in conjunction with each
>and every process and file on the system in order that the low-level
>software will be able to accurately label IP datagrams.  And this OS
>support is both difficult to implement and onerous to the users and
>applications running on that platform -- otherwise, we'd all be running
>on TCSEC B-level operating systems right now.

I'm beginning to agree with the CDA supporter who claimed that "you're
just trying to protect your pornography by saying it's impossible when
we all know otherwise."  Of course, that person really didn't know
otherwise, but I do.  The abstract model of the Internet network layer
thinks of all transport entities as equivalent, as are all link
entities.  In the real world, such mixed user bases are unusual.  If my
scheme were implemented, service providers would probably have to
segregate shell account access onto "childproof" and "adult" machines,
or acquire a TCSEC B level system.  Either approach works, and most
would likely choose the former, since its cheaper.  It's still not
really that many machines.

>Fundamentally, the decision boils down to whether you want the labeling
>to be mandatory (as with DoD security labels) or voluntary as with PICS.

I don't want the labelling to exist at all.  But I note that even PICS
labelling is not strictly voluntary.  A content provider who fails to
label adult material as "unsuitable for minors" is fully liable for
legal penalties should such material be transmitted to a minor.  The CDA
has nothing to do with it.  It's the same situation as when a bookstore
sells Playboy to a minor or a liquor store sells him beer.

As I outlined the scheme, network layer labels are just as "voluntary".
They really are in the DoD security world, too.  If you create a file in
an editor, you're responsible for making sure the right classification
goes on it, and *you're* going to be held accountable if the information
is leaked because you put the wrong label on it.