Network Working Group                                         J. Klensin
Request for Comments: 4084                                      May 2005
BCP: 104
Category: Best Current Practice
        
Network Working Group                                         J. Klensin
Request for Comments: 4084                                      May 2005
BCP: 104
Category: Best Current Practice
        

Terminology for Describing Internet Connectivity

描述因特网连接的术语

Status of This Memo

关于下段备忘

This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Distribution of this memo is unlimited.

本文件规定了互联网社区的最佳现行做法,并要求进行讨论和提出改进建议。本备忘录的分发不受限制。

Copyright Notice

版权公告

Copyright (C) The Internet Society (2005).

版权所有(C)互联网协会(2005年)。

Abstract

摘要

As the Internet has evolved, many types of arrangements have been advertised and sold as "Internet connectivity". Because these may differ significantly in the capabilities they offer, the range of options, and the lack of any standard terminology, the effort to distinguish between these services has caused considerable consumer confusion. This document provides a list of terms and definitions that may be helpful to providers, consumers, and, potentially, regulators in clarifying the type and character of services being offered.

随着互联网的发展,许多类型的协议被宣传为“互联网连接”。由于这些服务在提供的功能、选项的范围以及缺乏任何标准术语方面可能存在显著差异,因此区分这些服务的努力造成了消费者的极大困惑。本文件提供了一系列术语和定义,这些术语和定义可能有助于供应商、消费者以及监管机构澄清所提供服务的类型和特征。

Table of Contents

目录

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
       1.1.  The Problem and the Requirement  . . . . . . . . . . . .  2
       1.2.  Adoption and a Non-pejorative Terminology  . . . . . . .  2
   2.  General Terminology  . . . . . . . . . . . . . . . . . . . . .  3
   3.  Filtering or Security Issues and Terminology . . . . . . . . .  5
   4.  Additional Terminology . . . . . . . . . . . . . . . . . . . .  7
   5.  Security Considerations  . . . . . . . . . . . . . . . . . . .  9
   6.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . .  9
   7.  Informative References . . . . . . . . . . . . . . . . . . . .  9
        
   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
       1.1.  The Problem and the Requirement  . . . . . . . . . . . .  2
       1.2.  Adoption and a Non-pejorative Terminology  . . . . . . .  2
   2.  General Terminology  . . . . . . . . . . . . . . . . . . . . .  3
   3.  Filtering or Security Issues and Terminology . . . . . . . . .  5
   4.  Additional Terminology . . . . . . . . . . . . . . . . . . . .  7
   5.  Security Considerations  . . . . . . . . . . . . . . . . . . .  9
   6.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . .  9
   7.  Informative References . . . . . . . . . . . . . . . . . . . .  9
        
1. Introduction
1. 介绍
1.1. The Problem and the Requirement
1.1. 问题与要求

Different ISPs and other providers offer a wide variety of products that are identified as "Internet" or "Internet access". These products offer different types of functionality and, as a result, some may be appropriate for certain users and uses and not others. For example, a service that offers only access to the Web (in this context, the portion of the Internet that is accessible via the HTTP and HTTPS protocols) may be appropriate for someone who is exclusively interested in browsing and in Web-based email services. It will not be appropriate for someone who needs to download files or use email more frequently. And it is likely to be even less appropriate for someone who needs to operate servers for other users, who needs virtual private network (VPN) capabilities or other secured access to a remote office, or who needs to synchronize mail for offline use.

不同的ISP和其他供应商提供各种各样的产品,被称为“互联网”或“互联网接入”。这些产品提供不同类型的功能,因此,有些产品可能适合某些用户和用途,而不是其他用户和用途。例如,仅提供对Web的访问的服务(在此上下文中,可通过HTTP和HTTPS协议访问的Internet部分)可能适合专门对浏览和基于Web的电子邮件服务感兴趣的人。对于需要更频繁地下载文件或使用电子邮件的人来说,这并不合适。对于需要为其他用户操作服务器、需要虚拟专用网络(VPN)功能或对远程办公室的其他安全访问、或者需要同步邮件以供脱机使用的人来说,这可能更不合适。

Recent and rapidly evolving changes to the Internet's email environment have led to additional restrictions on sending and retrieving email. These restrictions, most of them developed as part of well intentioned attempts to prevent or fight unsolicited mail, may be imposed independently of the service types described below and are discussed separately in Section 3.

最近,互联网电子邮件环境发生了迅速变化,这导致了对发送和检索电子邮件的额外限制。这些限制,其中大多数是作为防止或打击非邀约邮件的善意尝试的一部分制定的,可以独立于下面描述的服务类型实施,并在第3节中单独讨论。

This document describes only the functions provided or permitted by the service provider. It does not and cannot specify the functions that pass through and are supported by various user-provided equipment.

本文档仅描述服务提供商提供或允许的功能。它没有也不能指定各种用户提供的设备所支持的功能。

The terms SHOULD, MUST, or MAY are capitalized in this document, as defined in [1].

根据[1]中的定义,本文件中的术语应、必须或可能大写。

1.2. Adoption and a Non-pejorative Terminology
1.2. 收养和非贬义术语

The definitions proposed here are of little value if service providers and vendors are not willing to adopt them. The terms proposed are intended not to be pejorative, despite the belief of some members of the IETF community that some of these connectivity models are simply "broken" or "not really an Internet service". The mention of a particular service or model in this document does not imply any endorsement of it, only recognition of something that exists or might exist in the marketplace. Thus, the Best Current Practice described in this document is about terminology and information that should be supplied to the user and not about the types of service that should be offered.

如果服务提供商和供应商不愿意采用这些定义,那么这里提出的定义就没有什么价值。尽管IETF社区的一些成员认为这些连接模型中的一些只是“损坏”或“不是真正的互联网服务”,但提议的术语并不具有贬义性。本文档中提及的特定服务或模型并不意味着对它的任何认可,只意味着对市场上存在或可能存在的东西的认可。因此,本文档中描述的最佳当前实践是关于应向用户提供的术语和信息,而不是关于应提供的服务类型。

2. General Terminology
2. 一般术语

This section lists the primary IP service terms. It is hoped that service providers will adopt these terms, to better define the services to potential users or customers. The terms refer to the intent of the provider (ISP), as expressed in either technical measures or terms and conditions of service. It may be possible to work around particular implementations of these characteristic connectivity types, but that freedom is generally not the intent of the provider and is unlikely to be supported if the workarounds stop working.

本节列出了主要IP服务条款。希望服务提供商采用这些术语,以便更好地为潜在用户或客户定义服务。这些术语是指技术措施或服务条款和条件中所表达的提供商(ISP)的意图。可以围绕这些特征连接类型的特定实现进行工作,但自由度通常不是提供者的意图,如果工作区停止工作,则不太可能得到支持。

The service terms are listed in order of ascending capability, to reach "full Internet connectivity".

服务条款按能力升序列出,以实现“完全互联网连接”。

o Web connectivity.

o 网络连接。

This service provides connectivity to the Web, i.e., to services supported through a "Web browser" (such as Firefox, Internet Explorer, Mozilla, Netscape, Lynx, or Opera), particularly those services using the HTTP or HTTPS protocols. Other services are generally not supported. In particular, there may be no access to POP3 or IMAP4 email, encrypted tunnels or other VPN mechanisms.

此服务提供与Web的连接,即通过“Web浏览器”(如Firefox、Internet Explorer、Mozilla、Netscape、Lynx或Opera)支持的服务,尤其是使用HTTP或HTTPS协议的服务。一般不支持其他服务。特别是,可能无法访问POP3或IMAP4电子邮件、加密隧道或其他VPN机制。

The addresses used may be private and/or not globally reachable. They are generally dynamic (see the discussion of dynamic addresses in Section 3 for further discussion of this terminology and its implications) and relatively short-lived (hours or days rather than months or years). These addresses are often announced as "dynamic" to those who keep lists of dial-up or dynamic addresses. The provider may impose a filtering Web proxy on the connections; that proxy may change and redirect URLs to other sites than the one originally specified by the user or embedded link.

所使用的地址可能是私有的和/或无法全局访问。它们通常是动态的(有关此术语及其含义的进一步讨论,请参见第3节中的动态地址讨论),并且相对较短(数小时或数天,而不是数月或数年)。对于那些保留拨号或动态地址列表的人,这些地址通常被宣布为“动态”。提供商可以在连接上施加过滤Web代理;该代理可以更改URL并将其重定向到用户或嵌入链接最初指定的站点以外的其他站点。

o Client connectivity only, without a public address.

o 仅限客户端连接,无公共地址。

This service provides access to the Internet without support for servers or most peer-to-peer functions. The IP address assigned to the customer is dynamic and is characteristically assigned from non-public address space. Servers and peer-to-peer functions are generally not supported by the network address translation (NAT) systems that are required by the use of private addresses. (The more precise categorization of types of NATs given in [2] are somewhat orthogonal to this document, but they may be provided as additional terms, as described in Section 4.)

此服务提供对Internet的访问,而不支持服务器或大多数对等功能。分配给客户的IP地址是动态的,其特征是从非公共地址空间分配。使用专用地址所需的网络地址转换(NAT)系统通常不支持服务器和对等功能。(在[2]中给出的NAT类型的更精确分类在某种程度上与本文件正交,但它们可以作为附加术语提供,如第4节所述。)

Filtering Web proxies are common with this type of service, and the provider SHOULD indicate whether or not one is present.

过滤Web代理与这种类型的服务很常见,提供者应该指出是否存在代理。

o Client only, public address.

o 客户专用,公共广播。

This service provides access to the Internet without support for servers or most peer-to-peer functions. The IP address assigned to the customer is in the public address space. It is usually nominally dynamic or otherwise subject to change, but it may not change for months at a time. Most VPN and similar connections will work with this service. The provider may prohibit the use of server functions by either legal (contractual) restrictions or by filtering incoming connection attempts.

此服务提供对Internet的访问,而不支持服务器或大多数对等功能。分配给客户的IP地址位于公共地址空间中。它通常名义上是动态的,或者可能会发生变化,但一次可能几个月都不会发生变化。大多数VPN和类似连接都可以使用此服务。提供商可以通过法律(合同)限制或过滤传入连接尝试来禁止使用服务器功能。

Filtering Web proxies are uncommon with this type of service, and the provider SHOULD indicate if one is present.

过滤Web代理在这种类型的服务中并不常见,提供者应该指出是否存在。

o Firewalled Internet Connectivity.

o 防火墙互联网连接。

This service provides access to the Internet and supports most servers and most peer-to-peer functions, with one or (usually) more static public addresses. It is similar to "Full Internet Connectivity", below, and all of the qualifications and restrictions described there apply. However, this service places a provider-managed "firewall" between the customer and the public Internet, typically at customer request and at extra cost compared to non-firewalled services. Typically by contractual arrangements with the customer, this may result in blocking of some services.

此服务提供对Internet的访问,并支持大多数服务器和大多数对等功能,以及一个或(通常)多个静态公共地址。它类似于下面的“完全互联网连接”,这里描述的所有资格和限制都适用。然而,该服务在客户和公共互联网之间放置了一个由提供商管理的“防火墙”,通常是在客户请求时,与非防火墙服务相比,该服务的成本更高。通常通过与客户的合同安排,这可能导致某些服务受阻。

Other services may be intercepted by proxies, content-filtering arrangements, or application gateways. The provider SHOULD specify which services are blocked and which are intercepted or altered in other ways.

其他服务可能被代理、内容过滤安排或应用网关拦截。提供商应指定哪些服务被阻止,哪些服务被截获或以其他方式更改。

In most areas, this service arrangement is offered as an add-on, extra-cost, option with what would otherwise be Full Internet Connectivity. It is distinguished from the models above by the fact that any filtering or blocking services are ultimately performed at customer request, rather than being imposed as service restrictions.

在大多数地区,这种服务安排是作为附加、额外成本的选项提供的,否则将是完全的互联网连接。它与上述模型的区别在于,任何过滤或阻止服务最终都是根据客户的请求执行的,而不是作为服务限制来实施的。

o Full Internet Connectivity.

o 完整的互联网连接。

This service provides the user full Internet connectivity, with one or more static public addresses. Dynamic addresses that are long-lived enough to make operating servers practical without highly dynamic DNS entries are possible, provided that they are not characterized as "dynamic" to third parties.

此服务使用一个或多个静态公共地址为用户提供完整的Internet连接。如果动态地址对第三方而言不具有“动态”特征,则可以使用寿命足够长的动态地址,使操作服务器在没有高度动态DNS条目的情况下变得实用。

Filtering Web proxies, interception proxies, NAT, and other provider-imposed restrictions on inbound or outbound ports and traffic are incompatible with this type of service. Servers on a connected customer LAN are typically considered normal. The only compatible restrictions are bandwidth limitations and prohibitions against network abuse or illegal activities.

过滤Web代理、拦截代理、NAT和其他提供商对入站或出站端口和流量施加的限制与此类服务不兼容。连接的客户LAN上的服务器通常被认为是正常的。唯一兼容的限制是带宽限制和禁止网络滥用或非法活动。

3. Filtering or Security Issues and Terminology
3. 过滤或安全问题和术语

As mentioned in the Introduction, the effort to control or limit objectionable network traffic has led to additional restrictions on the behavior and capabilities of internet services. Such objectionable traffic may include unsolicited mail of various types (including "spam"), worms, viruses, and their impact, and in some cases, specific content.

如引言中所述,控制或限制不良网络流量的努力导致了对互联网服务行为和能力的额外限制。此类不良流量可能包括各种类型的未经请求的邮件(包括“垃圾邮件”)、蠕虫、病毒及其影响,在某些情况下还包括特定内容。

In general, significant restrictions are most likely to be encountered with Web connectivity and non-public-address services, but some current recommendations would apply restrictions at all levels. Some of these mail restrictions may prevent sending outgoing mail (except through servers operated by the ISP for that purpose), may prevent use of return addresses of the user's choice, and may even prevent access to mail repositories (other than those supplied by the provider) by remote-access protocols such as POP3 or IMAP4. Because users may have legitimate reasons to access remote file services, remote mail submission servers (or, at least, to use their preferred email addresses from multiple locations), and to access remote mail repositories (again, a near-requirement if a single address is to be used), it is important that providers disclose the services they are making available and the filters and conditions they are imposing.

一般来说,Web连接和非公共广播服务最有可能遇到重大限制,但当前的一些建议将在所有级别应用限制。其中一些邮件限制可能会阻止发送传出邮件(除非通过ISP为此目的操作的服务器),可能会阻止使用用户选择的返回地址,甚至可能会阻止通过远程访问协议(如POP3或IMAP4)访问邮件存储库(提供商提供的存储库除外)。因为用户可能有合法的理由访问远程文件服务、远程邮件提交服务器(或至少使用来自多个位置的首选电子邮件地址)和访问远程邮件存储库(如果使用单个地址,这也是一项近乎必要的要求),重要的是,供应商应披露他们提供的服务以及他们施加的过滤器和条件。

Several key issues in email filtering are of particular importance.

电子邮件过滤中的几个关键问题特别重要。

o Dynamic Addresses.

o 动态地址。

A number of systems, including several "blacklist" systems, are based on the assumption that most undesired email originates from systems with dynamic addresses, especially dialup and home broadband systems. Consequently, they attempt to prevent the addresses from being used to send mail, or perform some other services, except through provider systems designated for that purpose.

许多系统,包括几个“黑名单”系统,都基于这样的假设,即大多数不想要的电子邮件来自具有动态地址的系统,特别是拨号和家庭宽带系统。因此,它们试图阻止地址被用于发送邮件或执行某些其他服务,除非通过为此目的指定的提供商系统。

Different techniques are used to identify systems with dynamic addresses, including provider advertising of such addresses to blacklist operators, heuristics that utilize certain address ranges, and inspection of reverse-mapping domain names to see if

使用不同的技术来识别具有动态地址的系统,包括向黑名单运营商发布此类地址的提供商广告、利用特定地址范围的试探法,以及检查反向映射域名是否存在

they contain telltale strings such as "dsl" or "dial". In some cases, the absence of a reverse-mapping DNS address is taken as an indication that the address is "dynamic". (Prohibition on connections based on the absence of a reverse-mapping DNS record was a technique developed for FTP servers many years ago; it was found to have fairly high rates of failure, both prohibiting legitimate connection attempts and failing to prevent illegitimate ones). Service providers SHOULD describe what they are doing in this area for both incoming and outgoing message traffic, and users should be aware that, if an address is advertised as "dynamic", it may be impossible to use it to send mail to an arbitrary system even if Full Internet Connectivity is otherwise provided.

它们包含指示字符串,如“dsl”或“拨号”。在某些情况下,如果没有反向映射DNS地址,则表示该地址是“动态”的。(基于没有反向映射DNS记录而禁止连接是多年前为FTP服务器开发的一种技术;人们发现这种技术的故障率相当高,既禁止合法连接尝试,也无法防止非法连接尝试)。服务提供商应说明他们在这方面为传入和传出消息流量所做的工作,用户应意识到,如果地址被宣传为“动态”,则即使提供了完整的Internet连接,也可能无法使用它向任意系统发送邮件。

o Non-public addresses and NATs.

o 非公开地址和NAT。

The NAT systems that are used to map between private and public address spaces may support connections to distant mail systems for outbound and inbound mail, but terms of service often prohibit the use of systems not supplied by the connectivity provider and prohibit the operation of "servers" (typically not precisely defined) on the client connection.

用于在私人和公共地址空间之间进行映射的NAT系统可能支持与远程邮件系统的连接,以供出站和入站邮件使用,但服务条款通常禁止使用非连接提供商提供的系统,并禁止操作“服务器”(通常未精确定义)在客户端连接上。

o Outbound port filtering from the provider.

o 从提供程序筛选出站端口。

Another common technique involves blocking connections to servers outside the provider's control by blocking TCP "ports" that are commonly used for messaging functions. Different providers have different theories about this. Some prohibit their customers from accessing external SMTP servers for message submission, but they permit the use of the mail submission protocol ([3]) with sender authentication. Others try to block all outgoing messaging-related protocols, including remote mail retrieval protocols; however, this is less common with public-address services than those that are dependent on private addresses and NATs. If this type of filtering is present, especially with "Client only, public address" and "Full Internet Connectivity" services, the provider MUST indicate that fact (see also Section 4).

另一种常见的技术是通过阻止通常用于消息传递功能的TCP“端口”来阻止与提供商控制之外的服务器的连接。不同的供应商对此有不同的理论。有些公司禁止客户访问外部SMTP服务器进行邮件提交,但允许使用邮件提交协议([3])进行发件人身份验证。其他人则试图阻止所有与传出消息相关的协议,包括远程邮件检索协议;然而,与依赖于私人地址和NAT的公共广播服务相比,这在公共广播服务中并不常见。如果存在这种类型的过滤,尤其是“仅客户端、公共地址”和“完全互联网连接”服务,提供商必须指出这一事实(另见第4节)。

Still others may divert (reroute) outbound email traffic to their own servers, on the theory that this eliminates the need for reconfiguring portable machines as they connect from a different network location. Again, such diversion MUST be disclosed, especially since it can have significant security and privacy implications.

还有一些人可能会将出站电子邮件流量转移(重新路由)到他们自己的服务器上,其理论是这样就不需要在便携式计算机从不同的网络位置连接时重新配置它们。同样,必须披露这种转移,特别是因为它可能会对安全和隐私产生重大影响。

More generally, filters that block some or all mail being sent to (or submitted to) remote systems (other than via provider-supported servers), or that attempt to divert that traffic to their own servers, are, as discussed above, becoming common and SHOULD be disclosed.

更一般地说,如上所述,阻止发送(或提交)到远程系统(通过提供商支持的服务器除外)的部分或所有邮件的过滤器,或试图将该流量转移到其自己的服务器的过滤器正在变得常见,应予以披露。

4. Additional Terminology
4. 附加术语

These additional terms, while not as basic to understanding a service offering as the ones identified above, are listed as additional information that a service provider might choose to provide to complement those general definitions. A potential customer might use those that are relevant to construct a list of specific questions to ask, for example.

这些附加术语虽然不像上述术语那样是理解服务产品的基础,但作为补充这些一般定义的服务提供商可能选择提供的附加信息列出。例如,潜在客户可能会使用那些相关的问题来构建一个要问的特定问题列表。

o Version support.

o 版本支持。

Does the service include IPv4 support only, both IPv4 and IPv6 support, or IPv6 support only?

该服务是否仅包括IPv4支持、IPv4和IPv6支持,还是仅包括IPv6支持?

o Authentication support.

o 身份验证支持。

Which technical mechanism(s) are used by the service to establish and possibly authenticate connections? Examples might include unauthenticated DHCP, PPP, RADIUS, or HTTP interception.

服务使用哪些技术机制来建立连接并可能对连接进行身份验证?示例可能包括未经验证的DHCP、PPP、RADIUS或HTTP拦截。

o VPNs and Tunnels.

o VPN和隧道。

Is IPSec blocked or permitted? Are other tunneling techniques at the IP layer or below, such as L2TP, permitted? Is there any attempt to block applications-layer tunnel mechanisms such as SSH?

IPSec是否被阻止或允许?是否允许在IP层或IP层以下使用其他隧道技术,如L2TP?是否有人试图阻止应用程序层隧道机制(如SSH)?

o Multicast support

o 多播支持

Does the user machine have access to multicast packets and services?

用户计算机是否可以访问多播数据包和服务?

o DNS support.

o DNS支持。

Are users required to utilize DNS servers provided by the service provider, or are DNS queries permitted to reach arbitrary servers?

用户是否需要使用服务提供商提供的DNS服务器,或者是否允许DNS查询访问任意服务器?

o IP-related services.

o 与知识产权有关的服务。

Are ICMP messages to and from end user sites generally blocked or permitted? Are specific functions such as ping and traceroute blocked and, if so, at what point in the network?

与最终用户站点之间的ICMP消息是否通常被阻止或允许?ping和traceroute等特定功能是否被阻止,如果是,在网络中的什么位置?

o Roaming support.

o 漫游支持。

Does the service intentionally include support for IP roaming and, if so, how is this defined? For "broadband" connections, is some dialup arrangement provided for either backup or customer travel? If present, does that arrangement have full access to mailboxes, etc.

该服务是否有意包括对IP漫游的支持,如果是,这是如何定义的?对于“宽带”连接,是否为备份或客户旅行提供了一些拨号安排?如果存在,该安排是否可以完全访问邮箱等。

o Applications services provided.

o 提供的应用程序和服务。

Are email services and/or Web hosting provided as part of the service, and on what basis? An email services listing should identify whether POP3, IMAP4, or Web access are provided and in what combinations, and what types of authentication and privacy services are supported or required for each.

电子邮件服务和/或网络托管是否作为服务的一部分提供,基于什么?电子邮件服务列表应确定是否提供POP3、IMAP4或Web访问,以及以何种组合提供,以及每种组合支持或需要何种类型的身份验证和隐私服务。

o Use and Blocking of Outbound Applications Services.

o 使用和阻止出站应用程序服务。

Does the service block use of SMTP or mail submission to other than its own servers or intercept such submissions and route them to its servers? Do its servers restrict the user to use of its domain names on outbound email? (For email specifically, also see Section 3 above.) Is the FTP PASV command supported or blocked? Are blocks or intercepts imposed on other file sharing or file transfer mechanisms, on conferencing applications, or on private applications services?

服务是否阻止使用SMTP或邮件提交到其自身服务器以外的服务器,或拦截此类提交并将其路由到其服务器?其服务器是否限制用户在出站电子邮件中使用其域名?(对于电子邮件,请参见上文第3节。)FTP PASV命令是否受支持或阻止?是否对其他文件共享或文件传输机制、会议应用程序或私有应用程序服务施加了阻止或拦截?

More generally, the provider should identify any actions of the service to block, restrict, or alter the destination of, the outbound use (i.e., the use of services not supplied by the provider or on the provider's network) of applications services.

更一般地说,提供商应该识别服务的任何动作,以阻止、限制或改变应用程序服务的出站使用(即,使用非提供商提供的服务或在提供商的网络上的服务)。

o Blocking of Inbound Applications Services.

o 阻止入站应用程序服务。

In addition to issues raised by dynamic or private address space (when present), does the service take any other measures that specifically restrict the connections that can be made to equipment operated by the customer? Specifically, are inbound SMTP, HTTP or HTTPS, FTP, or various peer-to-peer or other connections (possibly including applications not specifically recognized by the provider) prohibited and, if so, which ones?

除了动态或专用地址空间(如果存在)引起的问题外,服务是否采取了任何其他措施,专门限制与客户操作的设备的连接?具体来说,是否禁止入站SMTP、HTTP或HTTPS、FTP或各种点对点或其他连接(可能包括提供商未明确识别的应用程序),如果是,禁止哪些连接?

o Application Content Filtering.

o 应用程序内容过滤。

The service should declare whether it provides filtering or protection against worms or denial of service attacks against its customers, virus and spam filtering for its mail services (if

该服务应声明是否针对其客户提供过滤或保护,防止蠕虫或拒绝服务攻击,以及针对其邮件服务的病毒和垃圾邮件过滤(如果需要)

any), non-discretionary or "parental control" filtering of content, and so on.

任何),非自主或“家长控制”内容过滤,等等。

o Wiretapping and interception.

o 窃听和拦截。

The service SHOULD indicate whether traffic passing through it is subject to lawful intercept, and whether the provider will make a proactive attempt to inform the user of such an intercept when such notice is legal. Analogous questions can be asked for traffic data that is stored for possible use by law enforcement.

该服务应说明通过该服务的流量是否受到合法拦截,以及当此类通知合法时,提供商是否会主动尝试通知用户此类拦截。对于存储供执法部门可能使用的交通数据,可以提出类似的问题。

5. Security Considerations
5. 安全考虑

This document is about terminology, not protocols, so it does not raise any particular security issues. However, if the type of terminology that is proposed is widely adopted, it may become easier to identify security-related expectations of particular hosts, LANs, and types of connections.

本文档涉及术语,而非协议,因此不会提出任何特定的安全问题。但是,如果所建议的术语类型被广泛采用,那么识别特定主机、LAN和连接类型的安全相关期望可能会变得更容易。

6. Acknowledgements
6. 致谢

This document was inspired by an email conversation with Vernon Schryver, Paul Vixie, and Nathaniel Bornstein. While there have been proposals to produce such definitions for many years, that conversation convinced the author that it was finally time to put a strawman on the table to see if the IETF could actually carry it forward. Harald Alvestrand, Brian Carpenter, George Michaelson, Vernon Schryver, and others made several suggestions on the initial draft that resulted in clarifications to the second one and Stephane Bortzmeyer, Brian Carpenter, Tony Finch, Susan Harris, David Kessens, Pekka Savola, and Vernon Schryver made very useful suggestions that were incorporated into subsequent versions. Susan Harris also gave the penultimate version an exceptionally careful reading, which is greatly appreciated, as are editorial suggestions by the RFC Editor.

本文档的灵感来源于与Vernon Schryver、Paul Vixie和Nathaniel Bornstein的电子邮件对话。尽管多年来一直有人提议制定这样的定义,但这一对话使作者确信,现在终于到了摆出一个替罪羊的时候了,看看IETF是否真的可以继续下去。Harald Alvestrand、Brian Carpenter、George Michaelson、Vernon Schryver和其他人对初稿提出了几项建议,并对第二稿进行了澄清,Stephane Bortzmeyer、Brian Carpenter、Tony Finch、Susan Harris、David Kessens、Pekka Savola、,弗农·施莱弗提出了非常有用的建议,这些建议被纳入了后续版本中。Susan Harris还对倒数第二个版本进行了非常仔细的阅读,非常感谢RFC编辑的编辑建议。

7. Informative References
7. 资料性引用

[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[1] Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[2] Srisuresh, P. and M. Holdrege, "IP Network Address Translator (NAT) Terminology and Considerations", RFC 2663, August 1999.

[2] Srisuresh,P.和M.Holdrege,“IP网络地址转换器(NAT)术语和注意事项”,RFC 2663,1999年8月。

[3] Gellens, R. and J. Klensin, "Message Submission", RFC 2476, December 1998.

[3] Gellens,R.和J.Klensin,“信息提交”,RFC 24761998年12月。

Author's Address

作者地址

John C Klensin 1770 Massachusetts Ave, #322 Cambridge, MA 02140 USA

美国马萨诸塞州剑桥市322号马萨诸塞大道1770号约翰·C·克伦辛,邮编:02140

   Phone: +1 617 491 5735
   EMail: john-ietf@jck.com
        
   Phone: +1 617 491 5735
   EMail: john-ietf@jck.com
        

Full Copyright Statement

完整版权声明

Copyright (C) The Internet Society (2005).

版权所有(C)互联网协会(2005年)。

This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.

本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。

This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Intellectual Property

知识产权

The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the IETF's procedures with respect to rights in IETF Documents can be found in BCP 78 and BCP 79.

IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关IETF文件中权利的IETF程序信息,请参见BCP 78和BCP 79。

Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.

向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.

IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.

Acknowledgement

确认

Funding for the RFC Editor function is currently provided by the Internet Society.

RFC编辑功能的资金目前由互联网协会提供。