Enforcing the CDA improperly may pervert Internet architecture

Scott Brickner sjb at universe.digex.net
Thu Apr 11 01:06:27 PDT 1996


Duncan Frissell writes:
>At 12:38 PM 4/9/96 -0500, Scott Brickner wrote:
>
>>Wait a second.  I don't know that it's really as impossible as you
>>think.  Given the CDA advocates' hypothesis that anonymity is a Bad
>>Thing (tm), it's reasonable for them to assume that the ISP can arrange
>>to have a policy requiring that it know who's making the SLIP/PPP
>>connection.  It's not too hard to have *every* packet generated by a
>>given connection flagged with an IP option indicating "adult" or
>>"minor".
>
>Of course that doesn't overcome the "technical problem" of getting the IETF
>to adopt that change in the protocols and getting a significant number of
>sites to adopt the new protocol.  Even if you impose a substitutte on the
>IETF, it doesn't stop them from wandering off and creating their independent
>protocols and seeing whether the "official" or the "unofficial" get adopted.

Actually, the IP layer specifies "options", but doesn't use all of
them.  I think undefined options aren't interpreted by the router,
except to observe the "copy on fragment" bit's setting.  Even if they
are, using the existing "security compartment" instead of defining a
new option could do the same thing.  Using security compartment might
permit the use of existing equipment everywhere, making the transition
to this scheme require only reconfiguration of a subset of existing
routers.  IPv4 is so stable now that adopting a new option is *very*
unlikely to break anything in existing routers.  Let's say that option
class 1 (currently unused) is used for the information.  Option number
1 means "adult", option number 2 means "not adult".  Neither option
requires parameters, so they only mean one more octet per packet (13 if
security compartment is used).  The "copy on fragment" bit is set in
both.

Now, let's assume the worst:  the CDA is upheld through a few of these
court cases.  The IETF's raison d'etre is to facilitate usage of the
Internet, privacy isn't a goal per se.  With all the US members
scrambling to figure out how to cope with CDA, *many* of the members
might consider something like this to be a relatively easy protocol
fix.  Routers that don't accept packets directly from customers will
already work fine.  At the borders of autonomous systems, system owners
may categorize each link as "adult", "non adult", or "unspecified".
"Unspecified" means they can use an existing router, and assumes that
the other end bears responsibility for having the right "adulthood"
option.  For "adult" or "non adult", they need a router with software
modified to put the right option in all packets.  For switched
connections, like SLIP or PPP, the router needs to know who's on the
other end and put the appropriate options in the packets.

Ultimately, a relatively small number of network components need to be
changed, and almost all of them may be changed through fairly simple
software updates.  Still think the IETF would refuse?






More information about the cypherpunks-legacy mailing list