Network Working Group M. Rose Request for Comments: 3683 Dover Beach Consulting, Inc. BCP: 83 March 2004 Category: Best Current Practice
Network Working Group M. Rose Request for Comments: 3683 Dover Beach Consulting, Inc. BCP: 83 March 2004 Category: Best Current Practice
A Practice for Revoking Posting Rights to IETF Mailing Lists
撤销IETF邮件列表的发布权限的实践
Status of this Memo
本备忘录的状况
This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Distribution of this memo is unlimited.
本文件规定了互联网社区的最佳现行做法,并要求进行讨论和提出改进建议。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2004). All Rights Reserved.
版权所有(C)互联网协会(2004年)。版权所有。
Abstract
摘要
All self-governing bodies have ways of managing the scope of participant interaction. The IETF uses a consensus-driven process for developing computer-communications standards in an open fashion. An important part of this consensus-driven process is the pervasive use of mailing lists for discussion. Notably, in a small number of cases, a participant has engaged in a "denial-of-service" attack to disrupt the consensus-driven process. Regrettably, as these bad faith attacks become more common, the IETF needs to establish a practice that reduces or eliminates these attacks. This memo recommends such a practice for use by the IETF.
所有自治机构都有办法管理参与者互动的范围。IETF采用共识驱动的过程,以开放的方式开发计算机通信标准。这一共识驱动过程的一个重要部分是普遍使用邮件列表进行讨论。值得注意的是,在少数情况下,参与者参与了“拒绝服务”攻击,以破坏共识驱动的过程。遗憾的是,随着这些恶意攻击变得越来越普遍,IETF需要建立一种减少或消除这些攻击的做法。本备忘录建议IETF采用这种做法。
Table of Contents
目录
1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . 3 2. A Revocation Practice . . . . . . . . . . . . . . . . . . . . 5 3. Acknowledgements. . . . . . . . . . . . . . . . . . . . . . . 7 4. Security Considerations . . . . . . . . . . . . . . . . . . . 8 5. Normative References. . . . . . . . . . . . . . . . . . . . . 9 Appendix - Q & A . . . . . . . . . . . . . . . . . . . . . . . . 10 Author's Address. . . . . . . . . . . . . . . . . . . . . . . . . 12 Full Copyright Statement. . . . . . . . . . . . . . . . . . . . . 13
1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . 3 2. A Revocation Practice . . . . . . . . . . . . . . . . . . . . 5 3. Acknowledgements. . . . . . . . . . . . . . . . . . . . . . . 7 4. Security Considerations . . . . . . . . . . . . . . . . . . . 8 5. Normative References. . . . . . . . . . . . . . . . . . . . . 9 Appendix - Q & A . . . . . . . . . . . . . . . . . . . . . . . . 10 Author's Address. . . . . . . . . . . . . . . . . . . . . . . . . 12 Full Copyright Statement. . . . . . . . . . . . . . . . . . . . . 13
All self-governing bodies have ways of managing the scope of participant interaction. For example, deliberative assemblies often employ "rules of order" for determining who gets to speak, when, and for how long. Similarly, there is widespread agreement in so-called "liberal" societies that the right to free speech is not absolute, e.g., political speech is given more leeway than commercial speech, and some forms of speech (e.g., egregious libel or incitement to violence) are considered unacceptable.
所有自治机构都有办法管理参与者互动的范围。例如,审议大会通常采用“议事规则”来决定谁发言、何时发言以及发言时间。同样,在所谓的“自由”社会中,人们普遍认为言论自由权不是绝对的,例如,政治言论比商业言论有更多的回旋余地,某些形式的言论(如严重诽谤或煽动暴力)被认为是不可接受的。
The IETF uses a consensus-driven process for developing computer-communications standards in an open fashion. An important part of this consensus-driven process is the pervasive use of mailing lists for discussion. Unlike many other organizations, anyone may post messages on those IETF mailing lists, and in doing so, participate in the IETF process. Historically, this approach has worked very well in the IETF, as it fosters participation from a wide range of stakeholders. (For the purposes of this memo, the term "IETF mailing list" refers to any mailing list functioning under IETF auspices, such as the IETF general discussion list, or a working group or design team mailing list.)
IETF采用共识驱动的过程,以开放的方式开发计算机通信标准。这一共识驱动过程的一个重要部分是普遍使用邮件列表进行讨论。与许多其他组织不同,任何人都可以在这些IETF邮件列表上发布消息,并在这样做时参与IETF过程。从历史上看,这种方法在IETF中非常有效,因为它促进了广泛利益相关者的参与。(在本备忘录中,术语“IETF邮件列表”指在IETF主持下运行的任何邮件列表,如IETF一般讨论列表或工作组或设计团队邮件列表。)
Notably, in a small number of cases, a participant has engaged in what amounts to a "denial-of-service" attack to disrupt the consensus-driven process. Typically, these attacks are made by repeatedly posting messages that are off-topic, inflammatory, or otherwise counter-productive. In contrast, good faith disagreement is a healthy part of the consensus-driven process.
值得注意的是,在少数情况下,参与者参与了相当于“拒绝服务”的攻击,以破坏共识驱动的过程。通常,这些攻击是通过反复发布离题、煽动性或其他适得其反的消息进行的。相反,善意的分歧是共识驱动过程中健康的一部分。
For example, if a working group is unable to reach consensus, this is an acceptable, albeit unfortunate, outcome; however, if that working group fails to achieve consensus because it is being continuously disrupted, then the disruption constitutes an abuse of the consensus-driven process. Interactions of this type are fundamentally different from "the lone voice of dissent" in which a participant expresses a view that is discussed but does not achieve consensus. In other words, individual bad faith should not trump community goodwill.
例如,如果一个工作组无法达成共识,这是一个可以接受但不幸的结果;然而,如果该工作组由于不断受到干扰而未能达成共识,那么这种干扰就构成了对共识驱动进程的滥用。这种类型的互动从根本上不同于“单独的异议之声”,在这种声音中,参与者表达了一种经过讨论但未达成共识的观点。换句话说,个人的不诚信不应该压倒社区的善意。
Guidelines have been developed for dealing with abusive behavior (c.f., Section 3.2 of [1] and [2]). Although not exhaustive, examples of abusive or otherwise inappropriate postings to IETF mailing lists include:
已经制定了处理虐待行为的指南(c.f.[1]和[2]第3.2节)。尽管并非详尽无遗,但向IETF邮件列表发布的滥用或其他不适当信息的示例包括:
o unsolicited bulk e-mail;
o 未经请求的批量电子邮件;
o discussion of subjects unrelated to IETF policy, meetings, activities, or technical concerns;
o 讨论与IETF政策、会议、活动或技术问题无关的主题;
o unprofessional commentary, regardless of the general subject; and,
o 不专业的评论,不考虑一般主题;和
o announcements of conferences, events, or activities that are not sponsored or endorsed by the Internet Society or IETF.
o 非互联网协会或IETF赞助或认可的会议、活动或活动的公告。
In practice, the application of those guidelines has included the temporary suspension of posting rights to a specific mailing list. If necessary, the length of the suspension has been increased with each successive suspension. In many cases, applying those guidelines will produce the desired modification in behaviour. However, when those guidelines fail to provide the desired modification in behaviour, more drastic measures should be available to reduce or eliminate these attacks' impact on the IETF process.
在实践中,这些准则的适用包括暂时中止对特定邮件列表的投递权。如有必要,每次连续悬架都会增加悬架的长度。在许多情况下,应用这些准则将产生预期的行为改变。然而,当这些指南未能提供预期的行为修改时,应采取更严厉的措施来减少或消除这些攻击对IETF过程的影响。
This document describes one such drastic measure.
这份文件描述了这样一个极端的措施。
Please refer to [3] for the meaning conveyed by the uppercase words in this section.
请参考[3]了解本节中大写字母所表达的含义。
As a part of its activities, the Internet Engineering Steering Group (IESG) makes decisions about "actions". Typically, an action refers to the publication of a document on the standards-track, the chartering of a working group, and so on. This memo recommends that the IESG also undertake a new type of action, termed a PR-action ("posting rights" action).
作为其活动的一部分,互联网工程指导小组(IESG)就“行动”作出决定。通常,行动是指在标准轨道上发布文件、成立工作组等。本备忘录建议IESG也采取一种新的行动,称为公关行动(“发布权利”行动)。
A PR-action identifies one or more individuals, citing messages posted by those individuals to an IETF mailing list, that appear to be abusive of the consensus-driven process. If approved by the IESG, then:
公共关系行动指出一个或多个个人,引用这些个人在IETF邮件列表中发布的信息,这些信息似乎滥用了共识驱动的过程。如果IESG批准,则:
o those identified on the PR-action have their posting rights to that IETF mailing list removed; and,
o 在公共关系行动中确定的人,其对IETF邮件列表的张贴权被删除;和
o maintainers of any IETF mailing list may, at their discretion, also remove posting rights to that IETF mailing list.
o 任何IETF邮件列表的维护者也可以自行决定删除该IETF邮件列表的发布权限。
Once taken, this action remains in force until explicitly nullified and SHOULD remain in force for at least one year.
一旦采取,该行动将继续有效,直至明确无效,并应至少持续一年。
One year after the PR-action is approved, a new PR-action MAY be introduced which restores the posting rights for that individual. The IESG SHOULD consider the frequency of nullifying requests when evaluating a new PR-action. If the posting rights are restored the individual is responsible for contacting the owners of the mailing lists to have them restored.
公关行动批准一年后,可能会推出新的公关行动,恢复该个人的发布权限。IESG应考虑在评估新的PR行动时取消请求的频率。如果恢复了投递权限,则个人负责联系邮件列表的所有者以恢复其权限。
Regardless of whether the PR-action revokes or restores posting rights, the IESG follows the same algorithm as with its other actions:
无论PR操作是撤销还是恢复发布权限,IESG都遵循与其其他操作相同的算法:
1. it is introduced by an IESG Area Director (AD), who, prior to doing so, may choose to inform the interested parties;
1. 它由IESG区域主管(AD)介绍,在介绍之前,他可以选择通知相关方;
2. it is published as an IESG last call on the IETF general discussion list;
2. 它作为IESG在IETF一般性讨论列表中的最后一次调用发布;
3. it is discussed by the community;
3. 社区讨论;
4. it is discussed by the IESG; and, finally,
4. IESG对此进行了讨论;最后,
5. using the usual consensus-based process, it is decided upon by the IESG.
5. 采用通常的基于共识的流程,由IESG决定。
Of course, as with all IESG actions, the appeals process outlined in [4] may be invoked to contest a PR-action approved by the IESG.
当然,与所有IESG行动一样,可以援引[4]中概述的上诉程序对IESG批准的公关行动提出质疑。
Working groups SHOULD ensure that their associated mailing list is manageable. For example, some may try to circumvent the revocation of their posting rights by changing email addresses; accordingly it should be possible to restrict the new email address.
工作组应确保其相关邮件列表易于管理。例如,一些人可能试图通过更改电子邮件地址来规避其发布权限的撤销;因此,应该可以限制新的电子邮件地址。
Finally, note that the scope of a PR-action deals solely with posting rights. Consistent with the final paragraph of Section 3.2 of [1], no action may be taken to prevent individuals from receiving messages sent to a mailing list.
最后,请注意,公关活动的范围仅涉及发布权限。根据[1]第3.2节的最后一段,不得采取任何措施阻止个人接收发送至邮件列表的邮件。
The author gratefully acknowledges the contributions of: Brian Carpenter, Jim Galvin, Jeff Haas, Ted Hardie, Russ Housley, Thomas Narten, Jon Peterson, Margaret Wasserman, and Bert Wijnen.
作者衷心感谢布莱恩·卡彭特、吉姆·加尔文、杰夫·哈斯、特德·哈迪、罗斯·霍斯利、托马斯·纳滕、乔恩·彼得森、玛格丽特·沃瑟曼和伯特·维恩的贡献。
This memo deals with matters of process, not protocol.
这份备忘录涉及的是程序问题,而不是礼节问题。
A reasonable person might note that this memo describes a mechanism to throttle active denial-of-service attacks against the consensus-driven process used by the IETF.
理智的人可能会注意到,本备忘录描述了一种机制,用于阻止针对IETF使用的共识驱动流程的主动拒绝服务攻击。
[1] Bradner, S., "IETF Working Group Guidelines and Procedures", BCP 25, RFC 2418, September 1998.
[1] Bradner,S.,“IETF工作组指南和程序”,BCP 25,RFC 2418,1998年9月。
[2] Harris, S., "IETF Discussion List Charter", BCP 45, RFC 3005, November 2000.
[2] Harris,S.,“IETF讨论列表章程”,BCP 45,RFC 3005,2000年11月。
[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[3] Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[4] Bradner, S., "The Internet Standards Process -- Revision 3", BCP 9, RFC 2026, October 1996.
[4] Bradner,S.,“互联网标准过程——第3版”,BCP 9,RFC 2026,1996年10月。
Appendix A. Q & A
附录A.问答
Q: Isn't a year too long?
问:一年不是太长了吗?
A: No.
A:没有。
An initial PR-action is not undertaken lightly. It is approved only after a period of substantive consideration and community review. If a PR-action is approved, then this indicates that a serious situation has arisen.
最初的公关行动不会轻易进行。只有在经过一段时间的实质性审议和社区审查后,才批准该计划。如果公共关系行动获得批准,则表明出现了严重情况。
Q: Why not require one PR-action per IETF mailing list?
问:为什么不要求每个IETF邮件列表执行一次公关活动?
A: To do so would enable a prolonged series of denial-of-service attacks.
答:这样做将导致一系列长期的拒绝服务攻击。
If someone is poorly-behaved on one IETF mailing list, but well-behaved on another, then the maintainer for the second IETF mailing list needn't revoke posting rights. However, the more likely scenario is that someone who behaves poorly on one IETF mailing list is unwilling to be well-behaved on any IETF mailing list.
如果某人在一个IETF邮件列表上表现不佳,但在另一个IETF邮件列表上表现良好,则第二个IETF邮件列表的维护者无需撤销发布权限。然而,更可能的情况是,在一个IETF邮件列表中表现不佳的人不愿意在任何IETF邮件列表中表现良好。
Q: Should the initiation of a PR-action come from outside the IESG?
问:公关行动的发起是否应该来自IESG之外?
A: Informally, sure; formally, no.
答:非正式的,当然可以;正式地说,没有。
Under the IETF's consensus-driven process, IESG actions are always formally initiated by an IESG Area Director (AD). In practice, the motivation for an IESG member to initiate an action almost always comes from outside the IESG. For example, when a working group (WG) reaches consensus on a document, the WG chair informs the relevant AD that the document is ready for the AD to consider it for a document action. In the case of this document -- an IETF individual submission -- the author will iteratively circulate the document for wide discussion and make revisions. At some point, the author will contact an AD and ask for a document action to publish this document as a Best Current Practice (BCP).
根据IETF的共识驱动流程,IESG行动通常由IESG区域主管(AD)正式发起。实际上,IESG成员发起行动的动机几乎总是来自IESG外部。例如,当工作组(WG)在文件上达成共识时,WG主席通知相关的广告,该文件已准备好供广告考虑文件行动。在本文件(IETF个人提交)的情况下,作者将反复分发该文件进行广泛讨论并进行修订。在某个时候,作者将联系广告并要求采取文档行动,以将此文档发布为最佳实践(BCP)。
Q: Is this censorship?
问:这是审查制度吗?
A: Only if you believe in anarchy.
答:除非你相信无政府状态。
What is important is that the rules surrounding PR-actions exhibit the same properties used by the rest of the consensus-based process.
重要的是,围绕公关行动的规则表现出与基于共识的流程的其余部分相同的属性。
Q: C'mon! You really are a closet fascist.
问:来吧!你真是个秘密的法西斯分子。
A: No, I'm a libertarian.
不,我是自由主义者。
Frankly, I would prefer that people behave reasonably and act in good faith. Since my first involvement with the IETF (nee GADS, circa 1983), everyone understood that reasonable behavior was a good thing. After 20 years, I regret to inform you that this step is inevitable.
坦率地说,我更希望人们行为合理,真诚行事。自从我第一次参与IETF(nee GADS,大约1983年)以来,每个人都明白合理的行为是件好事。20年后,我遗憾地通知你,这一步是不可避免的。
Author's Address
作者地址
Marshall T. Rose Dover Beach Consulting, Inc. POB 255268 Sacramento, CA 95865-5268 US
马歇尔T.罗斯多佛海滩咨询公司POB 255268萨克拉门托,加利福尼亚州95865-5268美国
Phone: +1 916 483 8878 EMail: mrose@dbc.mtview.ca.us
Phone: +1 916 483 8878 EMail: mrose@dbc.mtview.ca.us
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2004). This document is subject to the rights, licenses and restrictions contained in BCP 78 and except as set forth therein, the authors retain all their rights.
版权所有(C)互联网协会(2004年)。本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。