Network Working Group IAB Request for Comments: 2804 IESG Category: Informational May 2000
Network Working Group IAB Request for Comments: 2804 IESG Category: Informational May 2000
IETF Policy on Wiretapping
IETF关于窃听的政策
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
Abstract
摘要
The Internet Engineering Task Force (IETF) has been asked to take a position on the inclusion into IETF standards-track documents of functionality designed to facilitate wiretapping.
互联网工程任务组(IETF)已被要求在IETF标准跟踪文件中纳入旨在促进窃听的功能。
This memo explains what the IETF thinks the question means, why its answer is "no", and what that answer means.
这份备忘录解释了IETF认为这个问题的含义,为什么它的答案是“不”,以及这个答案的含义。
The IETF has decided not to consider requirements for wiretapping as part of the process for creating and maintaining IETF standards.
IETF已决定不考虑窃听的要求,作为创建和维护IETF标准的过程的一部分。
It takes this position for the following basic reasons:
它采取这一立场的基本原因如下:
- The IETF, an international standards body, believes itself to be the wrong forum for designing protocol or equipment features that address needs arising from the laws of individual countries, because these laws vary widely across the areas that IETF standards are deployed in. Bodies whose scope of authority correspond to a single regime of jurisdiction are more appropriate for this task.
- IETF是一个国际标准机构,它认为自己在设计满足各个国家法律需求的协议或设备功能方面是一个错误的论坛,因为这些法律在IETF标准部署的各个领域存在很大差异。职权范围与单一管辖制度相对应的机构更适合执行这项任务。
- The IETF sets standards for communications that pass across networks that may be owned, operated and maintained by people from numerous jurisdictions with numerous requirements for privacy. In light of these potentially divergent requirements, the IETF believes that the operation of the Internet and the needs of its users are best served by making sure the security properties of
- IETF为通过网络的通信制定了标准,这些网络可能由来自多个司法管辖区、对隐私有诸多要求的人拥有、操作和维护。鉴于这些潜在的不同要求,IETF认为,确保互联网的安全属性最能满足互联网的运行及其用户的需求
connections across the Internet are as well known as possible. At the present stage of our ignorance this means making them as free from security loopholes as possible.
互联网上的连接尽可能广为人知。在我们无知的现阶段,这意味着使它们尽可能不存在安全漏洞。
- The IETF believes that in the case of traffic that is today going across the Internet without being protected by the end systems (by encryption or other means), the use of existing network features, if deployed intelligently, provides extensive opportunities for wiretapping, and should be sufficient under presently seen requirements for many cases. The IETF does not see an engineering solution that allows such wiretapping when the end systems take adequate measures to protect their communications.
- IETF认为,对于今天在互联网上传输的流量,如果没有终端系统(通过加密或其他方式)的保护,那么使用现有的网络功能,如果智能部署,将为窃听提供广泛的机会,在许多情况下,根据目前的要求,应足够。IETF没有看到一个工程解决方案,当终端系统采取适当措施保护其通信时,允许此类窃听。
- The IETF believes that adding a requirement for wiretapping will make affected protocol designs considerably more complex. Experience has shown that complexity almost inevitably jeopardizes the security of communications even when it is not being tapped by any legal means; there are also obvious risks raised by having to protect the access to the wiretap. This is in conflict with the goal of freedom from security loopholes.
- IETF认为,增加窃听要求将使受影响的协议设计更加复杂。经验表明,复杂性几乎不可避免地危及通信的安全,即使没有任何法律手段加以利用;此外,必须保护窃听器的接入也会带来明显的风险。这与消除安全漏洞的目标相冲突。
- The IETF restates its strongly held belief, stated at greater length in [RFC 1984], that both commercial development of the Internet and adequate privacy for its users against illegal intrusion requires the wide availability of strong cryptographic technology.
- IETF重申其坚定的信念,在[RFC 1984]中详细阐述了这一信念,即互联网的商业发展及其用户防止非法入侵的充分隐私都需要强大的密码技术的广泛可用性。
- On the other hand, the IETF believes that mechanisms designed to facilitate or enable wiretapping, or methods of using other facilities for such purposes, should be openly described, so as to ensure the maximum review of the mechanisms and ensure that they adhere as closely as possible to their design constraints. The IETF believes that the publication of such mechanisms, and the publication of known weaknesses in such mechanisms, is a Good Thing.
- 另一方面,IETF认为,应公开描述旨在促进或启用窃听的机制,或为此目的使用其他设施的方法,以确保对机制进行最大限度的审查,并确保它们尽可能遵守其设计约束。IETF认为,公布这些机制,以及公布这些机制中已知的弱点,是一件好事。
The issue of the IETF doing work on legal intercept technologies came up as a byproduct of the extensive work that the IETF is now doing in the area if IP-based telephony.
IETF在合法拦截技术方面的工作是IETF目前在基于IP的电话领域所做大量工作的副产品。
In the telephony world, there has been a tradition of cooperation (often mandated by law) between law enforcement agencies and telephone equipment operators on wiretapping, leading to companies that build telephone equipment adding wiretapping features to their telephony-related equipment, and an emerging consensus in the
在电话行业,执法机构和电话设备运营商之间在窃听方面有着合作的传统(通常由法律授权),这导致制造电话设备的公司在其电话相关设备上增加了窃听功能,并在未来几年形成了共识
industry of how to build and manage such features. Some traditional telephony standards organizations have supported this by adding intercept features to their telephony-related standards.
如何构建和管理此类功能的行业。一些传统的电话标准组织通过在其电话相关标准中添加截获功能来支持这一点。
Since the future of the telephone seems to be intertwined with the Internet it is inevitable that the primary Internet standards organization would be faced with the issue sooner or later.
由于电话的未来似乎与互联网交织在一起,主要的互联网标准组织迟早会面临这个问题,这是不可避免的。
In this case, some of the participants of one of the IETF working groups working on a new standard for communication between components of a distributed phone switch brought up the issue. Since adding features of this type would be something the IETF had never done before, the IETF management decided to have a public discussion before deciding if the working group should go ahead. A new mailing list was created (the Raven mailing list, see http://www.ietf.org/mailman/listinfo/raven) for this discussion. Close to 500 people subscribed to the list and about 10% of those sent at least one message to the list. The discussion on this list was a precursor to a discussion held during the IETF plenary in Washington, D.C.
在这种情况下,IETF工作组之一的一些参与者提出了这个问题,该工作组致力于制定分布式电话交换机组件之间通信的新标准。由于添加这种类型的功能是IETF以前从未做过的事情,IETF管理层决定在决定工作组是否继续之前进行公开讨论。创建了一个新的邮件列表(Raven邮件列表,请参阅http://www.ietf.org/mailman/listinfo/raven)为了这次讨论。近500人订阅了该名单,其中约10%的人至少向该名单发送了一条信息。该清单上的讨论是IETF在华盛顿特区全体会议期间进行讨论的前奏。
Twenty-nine people spoke during the plenary session. Opinions ranged from libertarian: 'governments have no right to wiretap' - to pragmatic: 'it will be done somewhere, best have it done where the technology was developed'. At the end of the discussion there was a show of hands to indicate opinions: should the IETF add special features, not do this or abstain. Very few people spoke out strongly in support for adding the intercept features, while many spoke out against it, but a sizable portion of the audience refused to state an opinion (raised their hands when asked for "abstain" in the show of hands).
29人在全体会议期间发言。从自由主义者的观点“政府无权窃听”,到务实主义者的观点“窃听将在某个地方进行,最好在技术发展的地方进行”。讨论结束时,大家举手表明了自己的观点:IETF应该增加特殊功能,而不是这样做或弃权。很少有人表示强烈支持添加拦截功能,而许多人表示反对,但相当大一部分观众拒绝发表意见(举手时要求“弃权”时举手)。
This is the background on the basis of which the Internet Engineering Steering Group (IESG) and the Internet Architecture Board (IAB) was asked to formulate a policy.
这就是互联网工程指导小组(IESG)和互联网架构委员会(IAB)被要求制定政策的背景。
The various legal statutes defining wiretapping do not give adequate definitions to distinguish between wiretapping and various other activities at the technical level. For the purposes of this memo, the following definition of wiretapping is used:
定义窃听的各种法律法规没有给出充分的定义,以区分窃听和技术层面的各种其他活动。在本备忘录中,使用了以下窃听定义:
Wiretapping is what occurs when information passed across the Internet from one party to one or more other parties is delivered to a third party:
当通过互联网从一方传递给另一方或多方的信息被传递给第三方时,就会发生窃听:
1. Without the sending party knowing about the third party
1. 发送方不知道第三方的情况下
2. Without any of the recipient parties knowing about the delivery to the third party
2. 在任何接收方不知道向第三方交付的情况下
3. When the normal expectation of the sender is that the transmitted information will only be seen by the recipient parties or parties obliged to keep the information in confidence
3. 当发送方的正常期望是传输的信息只能被接收方或有义务保密的各方看到时
4. When the third party acts deliberately to target the transmission of the first party, either because he is of interest, or because the second party's reception is of interest.
4. 当第三方故意以第一方的传输为目标,或者因为他感兴趣,或者因为第二方的接收感兴趣。
The term "party", as used here, can refer to one person, a group of persons, or equipment acting on behalf of persons; the term "party" is used for brevity.
此处使用的术语“一方”可指一个人、一群人或代表个人的设备;术语“一方”用于简洁。
Of course, many wiretaps will be bidirectional, monitoring traffic sent by two or more parties to each other.
当然,许多窃听都是双向的,监控两方或多方相互发送的通信量。
Thus, for instance, monitoring public newsgroups is not wiretapping (condition 3 violated), random monitoring of a large population is not wiretapping (condition 4 violated), a recipient passing on private email is not wiretapping (condition 2 violated).
因此,例如,监视公共新闻组不属于窃听(违反条件3),对大量人群的随机监视不属于窃听(违反条件4),通过私人电子邮件传递的收件人不属于窃听(违反条件2)。
An Internet equivalent of call tracing by means of accounting logs (sometimes called "pen registers") that is a feature of the telephone network is also wiretapping by this definition, since the normal expectation of the sender is that the company doing the accounting will keep this information in confidence.
根据这一定义,通过会计日志(有时称为“笔式登记簿”)进行电话追踪的互联网等价物也是窃听,因为发送方的正常期望是,进行会计的公司将对该信息保密。
Wiretapping may logically be thought of as 3 distinct steps:
从逻辑上讲,窃听可被视为三个不同的步骤:
- Capture - getting information off the wire that contains the information wanted.
- 捕获—从包含所需信息的线路上获取信息。
- Filtering - selecting the information wanted from information gathered by accident.
- 过滤-从意外收集的信息中选择需要的信息。
- Delivery - transmitting the information wanted to the ones who want it.
- 传递-将想要的信息传递给想要的人。
The term applies to the whole process; for instance, random monitoring followed by filtering to extract information about a smaller group of parties would be wiretapping by this definition.
该术语适用于整个过程;例如,根据这一定义,随机监测然后过滤以提取关于一小部分当事人的信息就是窃听。
In all these stages, the possibility of using or abusing mechanisms defined for this purpose for other purposes exists.
在所有这些阶段,都存在将为此目的定义的机制用于或滥用于其他目的的可能性。
This definition deliberately does not include considerations of:
该定义故意不包括以下考虑因素:
- Whether the wiretap is legal or not, since that is a legal, not a technical matter.
- 窃听是否合法,因为这是一个法律问题,而不是技术问题。
- Whether the wiretap occurs in real time, or can be performed after the fact by looking at information recorded for other purposes (such as the accounting example given above).
- 窃听是实时发生的,还是可以在事后通过查看为其他目的记录的信息(如上面给出的会计示例)执行的。
- What the medium targeted by the wiretap is - whether it is email, IP telephony, Web browsing or EDI transfers.
- 窃听所针对的媒介是什么——无论是电子邮件、IP电话、网络浏览还是EDI传输。
These questions are believed to be irrelevant to the policy outlined in this memo.
这些问题被认为与本备忘录中概述的政策无关。
Wiretapping is also sometimes called "interception", but that term is also used in a sense that is considerably wider than the monitoring of data crossing networks, and is therefore not used here.
窃听有时也被称为“拦截”,但该术语的使用范围也比监测跨网络数据要广得多,因此此处不使用。
Much of the debate about wiretapping has centered around the question of whether wiretapping is morally evil, no matter who does it, necessary in any civilized society, or an effective tool for catching criminals that has been abused in the past and will be abused again.
关于窃听的大部分争论都集中在这样一个问题上:窃听是否在道德上是邪恶的,无论是谁做的,在任何文明社会都是必要的,还是一种捕捉过去曾被滥用并将再次被滥用的罪犯的有效工具。
The IETF has decided not to take a position in this matter, since:
IETF决定不对此事采取立场,因为:
- There is no clear consensus around a single position in the IETF.
- 对于IETF中的单一立场没有明确的共识。
- There is no means of detecting the morality of an act "on the wire". Since the IETF deals with protocol standardization, not protocol deployment, it is not in a position to dictate that its product is only used in moral or legal ways.
- 没有办法检测“在线”行为的道德性。由于IETF处理的是协议标准化,而不是协议部署,因此不能规定其产品仅用于道德或法律方面。
However, a few observations can be made:
但是,可以提出一些意见:
- Experience shows that tools which are effective for a purpose tend to be used for that purpose.
- 经验表明,对某一目的有效的工具往往用于该目的。
- Experience shows that tools designed for one purpose that are effective for another tend to be used for that other purpose too, no matter what its designers intended.
- 经验表明,为一个目的而设计的对另一个目的有效的工具也倾向于用于另一个目的,无论其设计者的意图是什么。
- Experience shows that if a vulnerability exists in a security system, it is likely that someone will take advantage of it sooner or later.
- 经验表明,如果安全系统中存在漏洞,很可能有人迟早会利用它。
- Experience shows that human factors, not technology per se, is the biggest single source of such vulnerabilities.
- 经验表明,人为因素,而不是技术本身,是此类脆弱性的最大单一来源。
What this boils down to is that if effective tools for wiretapping exist, it is likely that they will be used as designed, for purposes legal in their jurisdiction, and also in ways they were not intended for, in ways that are not legal in that jurisdiction. When weighing the development or deployment of such tools, this should be borne in mind.
归根结底,如果存在有效的窃听工具,它们很可能会按照设计使用,用于其管辖区内的合法目的,也可能以其不打算用于的方式,以在该管辖区内不合法的方式使用。在权衡此类工具的开发或部署时,应牢记这一点。
When designing any communications function, it is a relevant question to ask if such functions efficiently perform the task they are designed for, or whether the work spent in developing them is not, in fact, worth the benefit gained.
在设计任何通信功能时,一个相关的问题是询问这些功能是否有效地执行了它们设计的任务,或者开发它们所花费的工作实际上是否不值得获得好处。
Given that there are no specific proposals being developed in the IETF, the IETF cannot weigh proposals for wiretapping directly in this manner.
鉴于IETF中没有制定具体提案,IETF无法以这种方式直接衡量窃听提案。
However, as above, a few general observations can be made:
然而,如上所述,可以提出一些一般性意见:
- Wiretapping by copying the bytes passed between two users of the Internet with known, static points of attachment is not hard. Standard functions designed for diagnostic purposes can accomplish this.
- 通过复制两个互联网用户之间通过已知静态连接点传递的字节进行窃听并不困难。为诊断目的而设计的标准功能可以实现这一点。
- Correlating users' identities with their points of attachment to the Internet can be significantly harder, but not impossible, if the user uses standard means of identification. However, this means linking into multiple Internet subsystems used for address assignment, name resolution and so on; this is not trivial.
- 如果用户使用标准的身份识别方法,将用户的身份与其在互联网上的连接点联系起来可能会困难得多,但并非不可能。然而,这意味着连接到多个互联网子系统,用于地址分配、名称解析等;这不是小事。
- An adversary has several simple countermeasures available to defeat wiretapping attempts, even without resorting to encryption. This includes Internet cafes and anonymous dialups, anonymous remailers, multi-hop login sessions and use of obscure communications media; these are well known tools in the cracker community.
- 对手有几种简单的应对措施,可以击败窃听企图,即使不使用加密。这包括网吧和匿名拨号、匿名重拨、多跳登录会话和使用晦涩的通信媒体;这些是cracker社区中众所周知的工具。
- Of course, communications where the content is protected by strong encryption can be easily recorded, but the content is still not available to the wiretapper, defeating all information gathering apart from traffic analysis. Since Internet data is already in digital form, encrypting it is very simple for the end-user.
- 当然,内容受强加密保护的通信可以很容易地记录下来,但有线窃听器仍然无法获取这些内容,这使得除了流量分析之外的所有信息收集都失败了。由于互联网数据已经是数字形式,加密对最终用户来说非常简单。
These things taken together mean that while wiretapping is an efficient tool for use in situations where the target of a wiretap is either ignorant or believes himself innocent of wrongdoing, Internet-based wiretapping is a less useful tool than might be imagined against an alerted and technically competent adversary.
这些因素加在一起意味着,虽然窃听是一种有效的工具,可用于窃听目标要么无知,要么认为自己没有违法行为的情况,但基于互联网的窃听是一种不如想象中对警惕且技术熟练的对手有用的工具。
Wiretapping, by definition (see above), releases information that the information sender did not expect to be released.
根据定义(见上文),窃听会释放信息发送者不希望释放的信息。
This means that a system that allows wiretapping has to contain a function that can be exercised without alerting the information sender to the fact that his desires for privacy are not being met.
这意味着允许窃听的系统必须包含一项功能,该功能可以在不提醒信息发送者其隐私需求未得到满足的情况下执行。
This, in turn, means that one has to design the system in such a way that it cannot guarantee any level of privacy; at the maximum, it can only guarantee it as long as the function for wiretapping is not exercised.
这反过来意味着,必须以无法保证任何隐私级别的方式设计系统;最多只能保证不使用窃听功能。
For instance, encrypted telephone conferences have to be designed in such a way that the participants cannot know to whom any shared keying material is being revealed.
例如,加密电话会议的设计方式必须确保参与者无法知道任何共享密钥材料将透露给谁。
This means:
这意味着:
- The system is less secure than it could be had this function not been present.
- 如果没有此功能,系统的安全性可能会降低。
- The system is more complex than it could be had this function not been present.
- 如果没有此功能,系统将变得更加复杂。
- Being more complex, the risk of unintended security flaws in the system is larger.
- 更为复杂的是,系统中出现意外安全缺陷的风险更大。
Wiretapping, even when it is not being exercised, therefore lowers the security of the system.
因此,即使未进行窃听,也会降低系统的安全性。
This memo is endorsed by the IAB and the IESG.
本备忘录由IAB和IESG签署。
Their membership is:
他们的成员是:
IAB:
国际律师协会:
Harald Alvestrand Randall Atkinson Rob Austein Brian Carpenter Steve Bellovin Jon Crowcroft Steve Deering Ned Freed Tony Hain Tim Howes Geoff Huston John Klensin
Harald Alvestrand Randall Atkinson Rob Austein Brian木匠Steve Bellovin Jon Crowcroft Steve Deering Ned释放了Tony Hain Tim Howes Geoff Huston John Klesins
IESG:
IESG:
Fred Baker Keith Moore Patrik Falstrom Erik Nordmark Thomas Narten Randy Bush Bert Wijnen Rob Coltun Dave Oran Jeff Schiller Marcus Leech Scott Bradner Vern Paxson April Marine
弗雷德·贝克·基思·摩尔·帕特里克·福尔斯特罗姆·埃里克·诺德马克·托马斯·纳滕·兰迪·布什·伯特·维恩·罗伯·科尔顿·戴夫·奥兰·杰夫·席勒·马库斯·利奇·斯科特·布拉德纳·弗恩·帕克森·四月海军陆战队
The number of contributors to the discussion are too numerous to list.
参与讨论的人太多,无法列出。
This memo is authored by the IAB and the IESG.
本备忘录由IAB和IESG编写。
The chairs are:
主席是:
Fred Baker, IETF Chair 519 Lado Drive Santa Barbara California 93111
弗雷德·贝克,IETF主席加利福尼亚州圣巴巴拉拉多大道519号93111
Phone: +1-408-526-4257 EMail: fred@cisco.com
Phone: +1-408-526-4257 EMail: fred@cisco.com
Brian E. Carpenter, IAB Chair IBM c/o iCAIR Suite 150 1890 Maple Avenue Evanston IL 60201 USA
Brian E.Carpenter,美国伊利诺伊州埃文斯顿枫叶大道1890号iCAIR套房150室国际商用机器协会主席,邮编60201
EMail: brian@icair.org
EMail: brian@icair.org
[RFC 1984] IAB and IESG, "IAB and IESG Statement on Cryptographic Technology and the Internet", RFC 1984, August 1996.
[RFC 1984]IAB和IESG,“IAB和IESG关于加密技术和互联网的声明”,RFC 1984,1996年8月。
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。