8L2C)pJJJJ IH(ȱH:=IH[H`@HcH  $ +   I/H`JLNGȄBȄF aK  haaFF  mJm# KKJ UJ )J ۈ) ;J3ȱJFȱJGJKaȄM  aaNNJFLGJL L The Hitchhikers Guide to the Internet 25 August 1987 Ed Krol krol@uxc.cso.uiuc.edu This document was produced through funding of the National Science Foundation. CINTERNET.15B3'' -HHIKERS.GUIDE`{*#U7INET.PRIVACY2g*#,FINDER.DATAɻX3p3? &PRODOS `DaElH$?EGvѶK+`L HHLy XP LM ŠϠĠӠS)*+,+`F)) (*=GJFjJJA QE'+ '== `@ STSP8QSS8 m P o R(8Ropyright (C) 1987, by the Board of Trustees of The Univer- sity of Illinois. Permission to duplicate this document, in whole or part, is granted provided reference is made to the source and this copyright is included in whole copies. Purpose and Audienc  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefing the issue and mailing it to Jon Postel (postel@isi.edu). He acts as a referee for the proposal. It is then commented upon by all those wishing to take part in the discussion (electronically of course). It may go through multiple revisions. Should itwork operations center. RFCs The internal workings of the Internet are defined by a set of documents called RFCs (Request for Comments). The gen- eral process for creating an RFC is for someone wanting something formalized to write a document describson should contact the network operator to which he is directly connected. That is, if you are connected to a regional network (which is gatewayed to the NSFnet, which is connected to the ARPAnet...) and have a problem, you should contact your regional neilar facilities to monitor and keep watch over the goings on of their portion of the Internet. In addition, they all should have some knowledge of what is happening to the Internet in total. If a problem comes up, it is suggested that a campus network liaiet is run by BBN, Inc. under contract from DARPA. Their facility is called the Network Operations Center or NOC. Cornell University temporarily operates NSFnet (called the Network Information Service Center, NISC). It goes on to the regionals having sime Internet most of the information in this document can be retrieved from the Network Information Center (NIC) run by SRI. Operating the Internet Each network, be it the ARPAnet, NSFnet or a regional net- work, has its own operations center. The ARPAn Internet (ISI and SRI). ISI (the Informational Sciences Institute) does much of the research, standardization, and allocation work of the Internet. SRI International provides information services for the Internet. In fact, after you are connected to ther groups created long haul IP based networks (NASA, NSF, states...). These nets, too, inter-operate because of IP. The collec- tion of all of these interoperating networks is the Inter- net. Two groups do much of the research and information work of theluntary standards for the net- work. As local area networks became more pervasive, many hosts became gateways to local networks. A network layer to allow the interoperation of these networks was developed and called IP (Internet Protocol). Over time oth tions are not necessary). What is the Internet? In the beginning there was the ARPAnet, a wide area experi- mental network connecting hosts and terminal servers together. Procedures were set up to regulate the allocation of addresses and to create voiterature, and hints which are not normally documented. Since the Internet is a dynamic environment, changes to this document will be made regularly. The author welcomes comments and suggestions. This is especially true of terms for the glossary (defini- is to get that person, familiar with a simple net, versed in the "oral tradition" of the Internet to the point that that net can be connected to the Internet with little danger to either. It is not a tutorial, it con- sists of pointers to other places, le This document assumes that one is familiar with the workings of a non-connected simple IP network (e.g. a few 4.2 BSD systems on an Ethernet not connected to anywhere else). Appendix A contains remedial information to get one to this point. Its purposet be generally accepted as a good idea, it will be assigned a number and filed with the RFCs. The RFCs can be divided into five groups: required, sug- gested, directional, informational and obsolete. Required RFC's (e.g. RFC-791, The Internet Protocol) must be imple- mented on any host connected to the Internet. Suggested RFCs are generally implemented by network hosts. Lack of them does not preclude access to the Internet, but may impact its usability. RFC-793 (Transmission Control Proto- col) is a suRI-NIC.ARPA Comments on NIC publication Services For people without network access, or if the number of docu- ments is large, many of the NIC documents are available in printed form for a small charge. One frequently ordered document for starting sites General user assistance, document requests REGISTRAR@SRI-NIC.ARPA User registration and WHOIS updates HOSTMASTER@SRI-NIC.ARPA Hostname and domain changes and updates ACTION@SRI-NIC.ARPA SRI-NIC computer operations SUGGESTIONS@SGoodbye. (Another good initial document to fetch is NETINFO:WHAT- THE-NIC-DOES.TXT)! Questions of the NIC or problems with services can be asked of or reported to using electronic mail. The following addresses can be used: NIC@SRI-NIC.ARPA ASCII retrieve of NUG.DOC.11 started. 226 Transfer Completed 157675 (8) bytes transferred local: netinfo:nug.doc remote:netinfo:nug.doc 157675 bytes in 4.5e+02 seconds (0.34 Kbytes/s) ftp> quit 221 QUIT command received. ame): anonymous 331 ANONYMOUS user ok, send real ident as password. Password: myname 230 User ANONYMOUS logged in at Wed 17-Jun-87 12:01 PDT, job 15. ftp> get netinfo:nug.doc 200 Port 18.144 at host 128.174.5.50 accepted. 150 following. (The dialogue may vary slightly depending on the implementa- tion of FTP you are using). %ftp sri-nic.arpa Connected to sri-nic.arpa. 220 SRI_NIC.ARPA FTP Server Process 5Z(47)-6 at Wed 17-Jun-87 12:01 Name (sri-nic.arpa:myner. From poking around in the databases provided one might decide that a document named NETINFO:NUG.DOC (The Users Guide to the ARPAnet) would be worth having. It could be retrieved via an anonymous FTP. An anonymous FTP would proceed something like the is frequently used to do queries of NIC service overviews, look up user and host names, and scan lists of NIC docu- ments. It is available by using %telnet sri-nic.arpa on a BSD system and following the directions provided by a user friendly promptk Information Center The NIC is a facility available to all Internet users which provides information to the community. There are three means of NIC contact: network, telephone, and mail. The network accesses are the most prevalent. Interactive access nderstanding the model on which the whole facility is based may involve reading the original and subsequent RFCs on the topic. (Appendix B contains a list of what are considered to be the major RFCs necessary for understanding the Internet). The Networsome RFCs have become unnecessary. These obsolete RFCs cannot be ignored, however. Frequently when a change is made to some RFC that causes a new one to be issued obsoleting others, the new RFC only contains explanations and motivations for the change. Uhe implementation will be in accordance with some standard and will be generally usable. Informational RFCs contain factual information about the Internet and its operation (RFC-990, Assigned Numbers). Finally, as the Internet and technology have grown, r, ran against other per- vasive approaches (RFC-891 Hello). It is suggested that should the facility be required by a particular site, an implementation be done in accordance with the RFC. This insures that, should the idea be one whose time has come, tggested RFC. Directional RFCs were discussed and agreed to, but their application has never come into wide use. This may be due to the lack of wide need for the specific application (RFC-937 The Post Office Protocol) or that, although technically superiois a compendium of major RFCs. Telephone access is used primarily for questions or problems with network access. (See appendix B for mail/telephone contact numbers). The NSFnet Network Service Center The NSFnet Network Service Center (NNSC) is funded by NSF to provide a first level of aid to users of NSFnet should they have questions or encounter problems traversing the network. It is run by BBN Inc. Karen Roubicek (roubicek@nnsc.nsf.net) is the NNSC user liaison. The NNSC, which currently has inform.arpa and ask for the template for a connected address). This template is filled out and mailed back to hostmaster. An address is allocated and e-mailed back to you. This can also be done by postal mail (Appendix B). IP addresses are 32 bits long. It re a local network can be connected to the Internet it must be allocated a unique IP address. These addresses are allocated by ISI. The allocation process consists of get- ting an application form received from ISI. (Send a message to hostmaster@sri-nicus wide area network liaison screen the messages in either case and only forward those which are considered of merit. Either of these schemes allows one message to be sent to the campus, while allowing wide distribution within. Address Allocation Befoan alias on a campus machine which places the messages into a notesfile on the topic. Campus users who want the information could access the notesfile and see the messages that have been sent since their last access. One might also elect to have the campthe news and not cause these messages to inundate the wide area net- works. One is to re-reflect the message on the campus. That is, set up a reflector on a local machine which for- wards the message to a campus distribution list. The other is to create rs). The messages are reflected by a central location and are sent as separate messages to each sub- scriber. This creates hundreds of messages on the wide area networks where bandwidth is the scarcest. There are two ways in which a campus could spread XT, NETINFO:INTEREST-GROUPS-2.TXT, and NETINFO:INTEREST-GROUPS- 3.TXT. The NSFNET mail reflector is targeted at those people who have a day to day interest in the news of the NSFnet (the backbone, regional network, and Internet inter-connection site worketed that, if you are interested, you read the mail from one list (like NSFNET) and you will probably become familiar with the existence of others. A registration service for mail reflectors is pro- vided by the NIC in the files NETINFO:INTEREST-GROUPS-1.Tanted to take part in the mailing list for NSFnet reflected by NSFNET@NNSC.NSF.NET, one sends a request to NSFNET-REQUEST@NNSC.NSF.NET. This may be a wonderful scheme, but the problem is that you must know the list exists in the first place. It is suggesto put his "two cents" in sends a message with the comments to the reflector.... The general format to subscribe to a mail list is to find the address reflector and append the string -REQUEST to the mailbox name (not the host name). For example, if you ws are special electronic mailboxes which, when they receive a message, resend it to a list of other mailboxes. This in effect creates a discussion group on a particular topic. Each subscriber sees all the mail forwarded by the reflector, and if one wants c components of the Internet, will help users find the appropriate contact for further assistance. (Appendix B) Mail Reflectors The way most people keep up to date on network news is through subscription to a number of mail reflectors. Mail reflectorponent networks and supercomputer centers. Prospective or current users who do not know whom to call concerning questions about NSFnet use, should contact the NNSC. The NNSC will answer general questions, and, for detailed information relating to specifiation and documents online and in printed form, plans to distribute news through network mailing lists, bulletins, newsletters, and online reports. The NNSC also maintains a database of contact points and sources of additional information about NSFnet comis usually written as four decimal numbers separated by periods (e.g., 192.17.5.100). Each number is the value of an octet of the 32 bits. It was seen from the beginning that some networks might choose to organize themselves as very flat (one net with a lot of nodes) and some might organize hierarchically (many interconnected nets with fewer nodes each and a back- bone). To provide for these cases, addresses were differen- tiated into class A, B, and C networks. This classification had to with the inter care should be taken that the all ones format is chosen. (This is explained in RFC-1009 and RFC-1010). Internet Problems There are a number of problems with the Internet. Solutions to the problems range from software changes to long term research prg when machines of both type were connected to the same network. The broadcast address of all ones has been adopted to end the grief. Some systems (e.g. 4.2 BSD) allow one to choose the format of the broadcast address. If a system does allow this choice,nd more systems become 4.3BSD based, these problems should disappear. There has been some confusion in the past over the format of an IP broadcast address. Some machines used an address of all zeros to mean broadcast and some all ones. This was confusin subnet as released. Other devices and operating systems vary in the problems they have dealing with subnets. Frequently these machines can be used as a leaf on a network but not as a gateway within the subnetted portion of the network. As time passes ass the subnet mask of FF.FF.00.00 to the Internet, the octet meaning is implicit in its being a class B address). A word of warning is necessary. Not all systems know how to do subnetting. Some 4.2BSD systems require additional software. 4.3BSD systems128.174 to the Internet with a subnet mask of FF.FF.00.00, the Internet would treat these two addresses as one. Within the campus a mask of FF.FF.FF.00 would be used, allowing the campus to treat the addresses as separate entities. (In reality you don't pa For example, if a campus requires two networks internally and has the 32,000 addresses beginning 128.174.X.X (a Class B address) allo- cated to it, the campus could allocate 128.174.5.X to one part of campus and 128.174.10.X to another. By advertising the campus. Basically, one defines a mask which allows the network to differentiate between the net- work portion and host portion of the address. By using a different mask on the Internet and the campus, the address can be interpreted in multiple ways.e (make known to the Internet) no more than two discrete network numbers. If a campus expects to be constrained by this, it should consider subnetting. Subnetting (RFC-932) allows one to announce one address to the Internet and use a set of addresses onork (routing information) must be stored in Internet gateways and packet switches. Some of these nodes have a limited capability to store and exchange routing information (limited to about 300 networks). Therefore, it is suggested that any campus announctes requiring multiple network addresses requested multiple discrete addresses (usually Class C). This was done because much of the software available (not- ably 4.2BSD) could not deal with subnetted addresses. Information on how to reach a particular netws to choose between Class B and Class C when placing an order. (There are also class D (Multicast) and E (Experi- mental) formats. Multicast addresses will likely come into greater use in the near future, but are not frequently used now). In the past sifore, there is an address space for a few large nets, a reasonable number of medium nets and a large number of small nets. The top two bits in the first octet are coded to tell the address for- mat. All of the class A nets have been allocated. So one hapretation of the octets. Class A net- works have the first octet as a network address and the remaining three as a host address on that network. Class C addresses have three octets of network address and one of host. Class B is split two and two. Thereojects. Some of the major ones are detailed below: Number of Networks When the Internet was designed it was to have about 50 connected networks. With the explosion of networking, the number is now approaching 300. The software in a group of critical gateways (called the core gateways of the ARPAnet) are not able to pass or store much more than that number. In the short term, core reallocation and recoding has raised the number slightly. By the summer of '88 the ptimal one to the goal is not discernible. A little more background might be appropriate. IP gateways (more correctly routers) are boxes which have connections to multiple networks and pass traffic between these nets. They decide how the packet is to beild trying to find a table in a restau- rant. From the adult point of view the structure of the dining room is seen and an optimal route easily chosen. The child, however, is presented with a set of paths between tables where a good path, let alone the oand chairs to look at short term concerns. The chairs of these task forces are not part of the IAB. Routing Routing is the algorithm by which a network directs a packet from its source to its destination. To appreciate the prob- lem, watch a small ch Steve Kent IRINET Requirements Vint Cerf Robustness & Survivability Jim Mathis Scientific Requirements Barry Leiner Note that under Internet Engineering, there are a set of task forces ridge Internic Jake Feinler Performance & Congestion Control Robert Stine NSF Routing Chuck Hedrick Misc. MilSup Issues Mike St. Johns Privacy et Architecture Dave Mills Internet Engineering Phil Gross EGP2 Mike Petry Name Domain Planning Doug Kingston Gateway Monitoring Craig Partareas of the Inter- net. The committees composing the IAB and their chairmen are: Committee Chair Autonomous Networks Deborah Estrin End-to-End Services Bob Braden Interne future direction of the Internet are determined by the Internet Architect (Dave Clark of MIT) being advised by the Internet Activities Board (IAB). This board is composed of chairmen of a number of committees with responsibility for various specialized Capacity & Congestion Many portions of the ARPAnet are very congested during the busy part of the day. Additional links are planned to alleviate this congestion, but the implementation will take a few months. These problems and th cripple the Internet. There is design work going on to solve both the problem of a gateway doing unreasonable things and providing enough information to reasonably route data between multiply connected networks (multi-homed networks). In the past this was not a big problem since most of the gateways belonged to a single administra- tive entity (DARPA). Now with multiple wide area net- works under different administrations, a rogue gateway somewhere in the net could works, but sub-optimally and sometimes unpredictably. Trust Issues Gateways exchange network routing information. Currently, most gateways accept on faith that the information provided about the state of the network is correct. blems with the updating, stability, and optimality of the routing algorithms. Much research is being done in the area, but the optimal solution to these routing problems is still years away. In most cases the the routing we have todaycurrent PDP-11 core gateways will be replaced with BBN Butterfly gateways which will solve the problem. Routing Issues Along with sheer mass of the data necessary to route packets to a large number of networks, there are many pro sent based on the infor- mation in the IP header of the packet and the state of the network. Each interface on a router has an unique address appropriate to the network to which it is connected. The information in the IP header which is used is primarily the destination address. Other information (e.g. type of ser- vice) is largely ignored at this time. The state of the network is determined by the routers passing information among themselves. The distribution of the database (what each node knows), tst is the hop-count. A hop is a traversal across a gateway. So, all machines on the same Ethernet are zero hops away. If a router connects connects two net- works directly, a machine on the other side of the router is one hop away...ogram called routed to exchange information with other systems run- ning RIP. RIP works best for nets of small diameter where the links are of equal speed. The reason for this is that the metric used to determine which path is being than to use static routes. RIP RIP is a routing protocol based on XNS (Xerox Network System) adapted for IP networks. It is used by many routers (Proteon, cisco, UB...) and many BSD Unix sys- tems. BSD systems typically run a pred by conflicting dynamic and static routes. If your host is on an ethernet with multiple routers to other networks on it and the routers are doing dynamic routing among themselves, it is usually better to take part in the dynamic routide of itself). One word of warning, it is only with extreme caution that one should use static routes in the middle of a network which is also using dynamic routing. The routers passing dynamic information are sometimes con- fusis con- nected to an Ethernet which has only one gateway off of it, one should make that the default gateway for the host and do no other routing. (Of course that gateway may pass the reachablity information somehow on the other sis probably the most reliable, easiest to implement, and least likely to get one into trouble for a small network or a leaf on the Internet. This is, also, the only method available on some CPU-operating system combinations. If a host ea, but to leave that area they go to one par- ticular place (the default gateway). Typically these are used in smaller networks (campus, regional...). Routing protocols in current use: Static (no protocol-table/default routing) Don't laugh. It until its time to live (TTL) field expires and it is discarded. Other algorithms may know about only a subset of the net- work. To prevent loops in these protocols, they are usually used in a hierarchical network. They know completely about their own arng room. One is likely to pick the optimal route and find a bus-cart has moved in to block the path after the photo was taken). These inconsistencies can cause circular routes (called routing loops) where once a packet enters it is routed in a closed path propagation time is non-trivial, the view of the network at each node is a correct historical view of the network at varying times in the past. (The adult algorithm, but rather than looking directly at the dining area, looking at a photograph of the dini existing information (or you spend a large amount of the network capacity passing around megabyte routing updates). This type of algorithm has several problems. Since the only way the routing information can be passed around is across the network and the(the adult algorithm). This implies the nodes must have larger amounts of local storage and enough CPU to search the large tables in a short enough time (remember this must be done for each packet). Also, routing updates usually contain only changes to thehe form of the updates, and metrics used to measure the value of a connection, are the parameters which determine the characteristics of a routing protocol. Under some algorithms each node in the network has complete knowledge of the state of the network . As the routing information is passed through a gateway, the gateway adds one to the hop counts to keep them consistent across the net- work. The diameter of a network is defined as the largest hop-count possible within a network. Unfor- tunately, a hop count of 16 is defined as infinity in RIP meaning the link is down. Therefore, RIP will not allow hosts separated by more than 15 gateways in the RIP space to communicate. The other problem with hop-count metspeeds and performs better in congestive situations. One of the most interesting side effects of Hello based networks is their great timekeeping ability. If you consider the problem of measuring delay on a link for the metric, yoy used on the NSFnet backbone. The data transferred between nodes is similar to RIP (a list of networks and their metrics). The metric, however, is milliseconds of delay. This allows Hello to be used over nets of vari- ous link networks. Hello (RFC-891) Hello is a routing protocol which was designed and implemented in a experimental software router called a "Fuzzball" which runs on a PDP-11. It does not have wide usage, but is the routing protocol currentlm adding IP addresses to the network which may be illegal and you being responsible for passing them on to the Internet. This type of reasonability checks are not available with routed and leave it usable, but inadequate for large times in larger networks where various parts of the network are under different administrative controls, you would like to pass on through RIP only nets which you receive from RIP and you know are rea- sonable. This prevents people fron the /etc/gateways file, that mistake will soon permeate the RIP space and may bring the network to its knees. One of the problems with routed is that you have very little control over what gets broadcast and what doesn't. Many export it through RIP. The /etc/gateways file takes precedence over any routing information received through a RIP update. It is also broadcast as fact in RIP updates produced by the host without ques- tion, so if a mistake is made i a distant network, but you are not receiving that route using RIP. For the most part the route add command is preferable to use. The reason for this is that the command adds the route to that machine's routing table but does notevent having to pass all the addresses known to the Internet around with RIP). There are two ways to insert static routes into routed, the /etc/gateways file and the route add command. Static routes are useful if you know how to reachbe used by a machine on a network with multiple RIP speaking gate- ways. It allows the host to determine which gateway is best (hopwise) to use to reach a distant network. (Of course you might want to have a default gateway to pr BSD routed. Routed The routed program, which does RIP for 4.2BSD systems, has many options. One of the most frequently used is: routed -q (quiet mode) which means listen to RIP infor- mation but never broadcast it. This would ted. A group of people are working on producing an RFC to both define the current RIP and to do some extensions to it to allow it to better cope with larger networks. Currently, the best documentation for RIP appears to be the code to decrease in the efficacy of a link. So, as a link gets more congested, RIP will still know it is the best hop-count route and congest it even more by throwing more packets on the queue for that link. The protocol is not well documenrics is that if links have different speeds, that difference is not reflected in the hop-count. So a one hop satellite link (with a .5 sec delay) at 56kb would be used instead of a two hop T1 connection. Congestion can be viewed as a u find that it is not an easy thing to do. You cannot measure round trip time since the return link may be more congested, of a different speed, or even not there. It is not really feasible for each node on the network to have a builtin WWV (nationwide radio time standard) receiver. So, you must design an algorithm to pass around time between nodes over the network links where the delay in transmission can only be approximated. Hello routers do this and in a ill think your gateway can reach the unreachable and will send every packet in the world your way. For these reasons, Mark requests that you consult closely with him when configuring and using gated. Names All routing across the network 16 to RIP, 30000 or so to Hello, and 8 to the DDN with EGP. Get- ting all these metrics to work well together is no small feat. If done incorrectly and you translate an RIP of 16 into an EGP of 6, everyone in the ARPAnet will sting in hops, Hello measuring in mil- liseconds, and EGP using arbitrary small numbers. The big questions is how many hops to a millisecond, how many milliseconds in the EGP number 3.... Also, remember that infinity (unreachability) isside of the world. There are also configuration options to do static routing and name trusted gateways. This may sound like the greatest thing since sliced bread, but there is a catch called metric conversion. You have RIP measurg announce RIP nets via Hello only if they are specified in a list and are reachable by way of a RIP broadcast as well. This means that if a rogue network appears in your local site's RIP space, it won't be passed through to the Hello quently all live on one Ethernet, but luckily (or unluckily) cannot understand each others ruminations. In addition, under configuration file control it can filter the conversion. For example, one can produce a configuration sayinMark Fedor of Cornell (fedor@devvax.tn.cornell.edu) attempted to solve these problems with a replacement for routed called gated. Gated talks RIP to RIP speaking hosts, EGP to EGP speakers, and Hello to Hello'ers. These speakers fre- try to get there, dynamic routing will immediately issue a net unreachable to you. Under static routing the routers would think the net could be reached and would continue trying until the application gave up (in 2 or more minutes). e Fuzzball software configured for each site. The problem with doing static routing in the middle of the network is that it is broadcast to the Internet whether it is usable or not. Therefore, if a net becomes unreachable and you ated So we have regional and campus networks talking RIP among themselves, the NSFnet backbone talking Hello, and the DDN speaking EGP. How do they interoperate? In the beginning there was static routing, assembled into thng between 1 and 2, 3 and 4..., so the usablity of this as a metric is as three values and unreachable. Within NSFnet the values used are 1, 3, and unreachable. Many routers talk EGP so they can be used for ARPAnet gate- ways. G typical value is value is 1 to 8 which are arbitrary goodness of link values understood by the internal DDN gateways. The smaller the value the better and a value of 8 being unreach- able. A quirk of the protocol prevents distinguishiicular gateway, not how good the connec- tion is. It is the standard by which gateways to local nets inform the ARPAnet of the nets they can reach. There is a metric passed around by EGP but its usage is not standardized formally. Itsnationwide network maintain synchron- ized time within milliseconds. Exterior Gateway Protocol (EGP RFC-904) EGP is not strictly a routing protocol, it is a reacha- bility protocol. It tells only if nets can be reached through a part is done by means of the IP address associated with a packet. Since humans find it dif- ficult to remember addresses like 128.174.5.50, a symbolic name register was set up at the NIC where people would say "I would like my host to be named 'uiucuxc'". Machines con- nected to the Internet across the nation would connect to the NIC in the middle of the night, check modification dates on the hosts file, and if modified move it to their local machine. With the advent of workstations and micros, changes to thetc/hosts file for host name lookup. BIND is still an evolving program. To keep up with reports on operational problems, future design decisions, etc, join the BIND mailing list by sending a request to bind-request@ucbarpa.Berkeley.edu. It can also be ob base system that allows clients to name resources and to share that information with other net- work hosts. BIND is integrated with 4.3BSD and is used to lookup and store host names, addresses, mail agents, host information, and more. It replaces the /eocated to an administrative entity, that entity can freely allocate subdomains using what ever manner it sees fit. The Berkeley Internet Name Domain (BIND) Server implements the Internet name server for UNIX systems. The name server is a distributed datate to act on its behalf and that would be fine). The biggest problem is that someone must do maintenance on the database. If the machine is not convenient, that might not be done in a timely fashion. The other thing to note is that once the domain is all. Those servers could also act as servers for subdomains or other servers could be designated as such. Note that the servers need not be located in any particular place, as long as they are reach- able for name resolution. (U of I could ask Michigan Stay apply for its own domain name (like 'uiuc' above). This is done in a manner similar to the IP address allocation. The only requirements are that the requestor have two machines reachable from the Internet, which will act as name servers for that domain'). This action is repeated with the subdomain servers until the final sub- domain returns a list of addresses of interfaces on the host in question. The user's machine then has its choice of which of these addresses to use for communication. A group ma 'edu'). What root servers to use is an installation parameter. From the root server the resolver finds out who provides 'edu' service. It contacts the 'edu' name server which supplies it with a list of addresses of servers for the subdomains (like 'uiucn the user's machine there is a resolver. The resolver knows how to contact across the network a root name server. Root servers are the base of the tree structured data retrieval system. They know who is responsible for handling first level domains (e.g.lled 'uxc' (purely arbitrary), within the subdomains method of allocation of the U of I) and 'uiuc' (the University of Illinois at Urbana), registered with 'edu' (the set of educational institutions). A simplified model of how a name is resolved is that o If a machine moves to a different network, the addresses will change but the name could remain the same. Domain names are tree structured names with the root of the tree at the right. For example: uxc.cso.uiuc.edu is a machine caddresses (connections) to different networks. Names point to a something which does useful work (i.e. the machine) and IP addresses point to an interface on that provider. A name is a purely symbolic representation of a list of addresses on the network. ust look a little more closely into what's in a name. First, note that an address specifies a particular connec- tion on a specific network. If the machine moves, the address changes. Second, a machine can have one or more names and one or more network a host file would have to be made nightly. It would also be very labor intensive and consume a lot of net- work bandwidth. RFC-882 and a number of others describe domain name service, a distributed data base system for map- ping names into addresses. We mtained via anonymous FTP from ucbarpa.berkley.edu. There are several advantages in using BIND. One of the most important is that it frees a host from relying on /etc/hosts being up to date and complete. Within the .uiuc.edu domain, only a few hosts are included in the host table distributed by SRI. The remainder are listed locally within the BIND tables on uxc.cso.uiuc.edu (the server machine for most of the .uiuc.edu domain). All are equally reachable from any other Internet host running BIND. BIND c gateway sends a packet to the originator. BSD 4.3 uses the redirect to update its routing tables, will use the route until it times out, then revert to the use of the route it thinks is should use. The whole process then repeats, but r this message for you, but you really ought to use that gate- way over there to reach this host". BSD 4.2 ignores these messages. This creates more stress on the gate- ways and the local network, since for every packet sent, theateways, and a host sends a packet for delivery to a gateway which feels another directly connected gateway is more appropriate, the gateway sends the sender a message. This message is an ICMP redirect, which politely says "I'll delive get anywhere in the Internet is its own address, the address of where it wants to go, and how to reach a gateway which knows about the Internet. It doesn't have to be the best gateway. If the system is on a network with multiple g trickles through vendors as new release, many of the problems will be resolved. Following is a list of some problem scenarios and their handling under each of these releases. ICMP redirects Under the Internet model, all a system needs to know to nched Unix implementations (either by porting the existing code or by using it as a model), many implementations (e.g. Ultrix) are still based on BSD 4.2. Therefore, many implementations still exist with the BSD 4.2 problems. As time goes on, when BSD 4.3er- nets and smaller Internets. There were deficiencies, how- ever, when it was connected to complicated networks. Most of these problems have been resolved under the newest release (BSD 4.3). Since it is the springboard from which many vendors have lausystem in a number of ways. Included in these modifications is support for the Internet protocols. In earlier versions (e.g. BSD 4.2) there was good support for the basic Internet protocols (TCP, IP, SMTP, ARP) which allowed it to perform nicely on IP ethows the system to be used both by non-IP networks and for mail, where it may be necessary to give information on intermediate mail bridges. What's wrong with Berkeley Unix University of California at Berkeley has been funded by DARPA to modify the Unix ystem is a much more general and complex system than has been described. Resolvers and some servers cache information to allow steps in the resolution to be skipped. Information provided by the servers can be arbitrary, not merely IP addresses. This allion. This allows for the actual server to be moved around the net while the user interface to that machine remains constant. That is, should BBN relinquish control of the NNSC, the new provider would be pointed to by that name. In actuality, the domain s the old hosts database at the NIC. There are others of the form NNSC.NSF.NET. These special domains are used sparingly and require ample justification. They refer to servers under the administrative control of the network rather than any single organization on BIND is available in the "Name Server Operations Guide for BIND" in UNIX System Manager's Manual, 4.3BSD release. There are a few special domains on the network, like SRI- NIC.ARPA. The 'arpa' domain is historical, referring to hosts registered inan also provide mail forwarding information for inte- rior hosts not directly reachable from the Internet. These hosts can either be on non-advertised networks, or not con- nected to a network at all, as in the case of UUCP-reachable hosts. More informatit is far better than one per packet. Trailers An application (like FTP) sends a string of octets to TCP which breaks it into chunks, and adds a TCP header. TCP then sends blocks of data to IP which adds its own headers and ships the packets over the network. All this prepending of the data with headers causes memory moves in both the sending and the receiving machines. Someone got the bright idea that if packets were long and they stuck the headers on the end17 * Internet Subnets RFC-919 * Broadcasting Internet Datagrams RFC-922 * Broadcasting Internet Datagrams in the Presence of Subnets RFC-940 * Toward an Internet Standard Scheme fmission Control Protocol (TCP) RFC-821 Simple Mail Transfer Protocol (SMTP) RFC-822 Standard for the Format of ARPA Internet Text Messages RFC-854 Telnet Protocol RFC-9 Appendix B List of Major RFCs RFC-768 User Datagram Protocol (UDP) RFC-791 Internet Protocol (IP) RFC-792 Internet Control Message Protocol (ICMP) RFC-793 Trans Tannenbaum, Andrew S., Computer Networks, Prentice Hall, 1981. Hedrick, Chuck, Introduction to the Internet Protocols, Anonymous FTP from topaz.rutgers.edu, directory pub/tcp-ip-docs, file tcp-ip-intro.doc. eclares the connection broken. Appendix A References to Remedial Information Quaterman and Hoskins, "Notable Computer Networks", Communications of the ACM, Vol 29, #10, pp. (October, 1986). ies to do the best for both worlds. It fires off a few retransmissions really quickly assuming it is on a low delay network, and then backs off very quickly. It also allows the delay to be about 4 minutes before it gives up and ds pass more traffic than is really necessary for a given conversation. Retransmis- sion algorithms do adapt to the delay of the network after a few packets, but 4.2's adapts slowly in delay situations. BSD 4.3 does a lot better and tres on an ethernet (a low delay network of large bandwidth). If you have a network of relatively longer delay and scarce bandwidth (e.g. 56kb lines), it tends to retransmit too aggressively. Therefore, it makes the networks and gatewaythers, where better is measured by the number of retransmis- sions done unnecessarily. BSD 4.2 had a retransmission algorithm which retransmitted quickly and often. This is exactly what you would want if you had a bunch of machindoesn't receive an acknowledge- ment in a reasonable amount of time it retransmits the blocks. The determination of what is reasonable is done by TCP's retransmission algorithm. There is no correct algorithm but some are better than o using the Internet. BSD 4.3 negotiates trailers, so it uses them on its local net and doesn't use them when going across the network. Retransmissions TCP fires off blocks to its partner at the far end of the connection. If it ort blocks through gateways (on which trailers aren't used). So TELNET and FTP's of very short files work just fine and FTP's of long files seem to hang. On BSD 4.2 trailers are a boot option and one should make sure they are off when trailers were never standardized and most gateways don't know to look for the routing information at the end of the block. When trailers are used, the machine typically works fine on the local network (no gateways involved) and for sh (they became trailers), the receiving machine could put the packet on the beginning of a page boundary and if the trailer was OK merely delete it and transfer control of the page with no memory moves involved. The problem is thator Sub- netting RFC-947 * Multi-network Broadcasting within the Internet RFC-950 * Internet Standard Subnetting Procedure RFC-959 File Transfer Protocol (FTP) RFC-966 * Host Groups: A Multicast Extension to the Internet Protocol RFC-988 * Host Extensions for IP Multicasting RFC-997 * Internet Numbers RFC-1010 * Assigned Numbers RFC-1011 * INET.PRIVACY2u#' *#' '&PART.6iS*#U:gbogus routes to a network from being pro- pagated because of gossip or counting to infinity. consort) accept routing information from mul- tiple external networks, but do not pass on information learned from one external network to any others. This is an attempt to prevent least two minutes). This allows for the pro- pagation of the routing information across the network and prevents the formation of routing loops. split horizon When a router (or group of routers working in g used, which typically denotes a link outage. hold down When a router discovers a path in the network has gone down announcing that that path is down for a minimum amount of time (usually at way increments the metric appropriately and passes it on. As the metric is passed around the loop, it increments to ever increasing values til it reaches the maximum for the routing protocol beinis then passed to you via Hello, gated, RIP.... count to infinity The symptom of a routing problem where routing information is passed in a circular manner through multiple gateways. Each gate- o all those gateways speak- ing EGP. It is from them your EGP agent (there is one acting for you somewhere if you can reach the ARPAnet) finds out it can reach all the nets on the ARPAnet. Which he innermost gateways of the ARPAnet. These gateways have a total picture of the reacha- bility to all networks known to the ARPAnet with EGP. They then redistribute reachabil- ity information t (415) 859-3695 NIC@SRI-NIC.ARPA NSF Network Service Center (NNSC) NNSC BBN Laboratories Inc. 10 Moulton St. Cambridge, MA 02238 (617) 497-3400 NNSC@NNSC.NSF.NET Glossary core gateway T Appendix C Contact Points for Network Information Network Information Center (NIC) DDN Network Information Center SRI International, Room EJ291 333 Ravenswood Avenue Menlo Park, CA 94025 (800) 235-3155 or RFC-883 Domain Names - Implementation RFC-973 Domain System Changes and Observations RFC-974 Mail Routing and the Domain System RFC-1009 Requirements for Internet Gateways (anonymous FTP of course). The following list is not necessary for connection to the Internet, but is useful in understanding the domain system, mail system, and gateways: RFC-882 Domain Names - Concepts and Facilities Official ARPA-Internet Protocols RFC's marked with the asterisk (*) are not included in the 1985 DDN Protocol Handbook. Note: This list is a portion of a list of RFC's by topic retrieved from the NIC under NETINFO:RFC-SETS.TXT PRIVACY ON THE INTERNET: PART 6 Resources --------- <6.1> What UNIX programs are related to privacy? <6.2> How can I learn about or use cryptography? <6.3> What is the cypherpunks mailing list? <6.4> What are some privacy-related newsgroups? FAQs? <6.5ysses.att.com (Steven Bellovin) NIST (U.S. National Institute for Standards and Technology) publishes an introductory paper on cryptography, special publication 800-2 ``Public-Key Cryptograhy'' by James Nechvatal (April 1991). Available via anonytion to mostly theoretical cryptographic issues, especially those frequently discussed in sci.crypt, is available in FAQ form: > Compiled by: > cme@ellisun.sw.stratus.com (Carl Ellison) > Gwyn@BRL.MIL (Doug Gwyn) > smb@ulperformance. A current version is available via anonymous ftp from host ftp.ee.lbl.gov (currently at address 128.3.254.68) file tcpdump.tar.Z (a compressed Unix tar file). _____ <6.2> How can I learn about or use cryptography? A general introductings The `tcpdump' packet-tracing program is loosely based on SMI's "etherfind". It was originally written by Van Jacobson, Lawrence Berkeley Laboratory, as part of an ongoing research project to investigate and improve tcp and internet gateway ature - file in the home directory appended to USENET posts .forward - file used to forward email to other accounts .Xauthority - file used for X Window server authentication keys $SIGNATURE - variable used for name in email and USENET pos originations who - list other users, login/idle times, originations w - list other users and what they are running xhost - access control list for X Window client use xauth - control X Window server authentication .sign rights ls - list the rights associated with files and directories xhost - allow or disable access control of particular users to an Xwindow server last - list the latest user logins on the system and their mote user chfn - change information about yourself obtainable by remote users (sometimes `passwd -f') chmod - change the rights associated with a file or directory umask - (shell) change the default (on creation) file access ory * * * RESOURCES ========= _____ <6.1> What UNIX programs are related to privacy? For more information, type `man [cmd]' or `apropos [keyword]' at the UNIX shell prompt. passwd - change password finger - obtain information about a reare `identity daemons'? <7.7> What standards are needed to guard electronic privacy? Footnotes --------- <8.1> What is the background behind the Internet? <8.2> How is Internet `anarchy' like the English language? <8.3> Most Wanted list <8.4> Change histse policies? Miscellaneous ------------- <7.1> What is ``digital cash''? <7.2> What is a ``hacker'' or ``cracker''? <7.3> What is a ``cypherpunk''? <7.4> What is `steganography' and anonymous pools? <7.5> What is `security through obscurity'? <7.6> What hjklmnopqrstuvwxyz{|}~> What is internet Privacy Enhanced Mail (PEM)? <6.6> What are other Request For Comments (RFCs) related to privacy? <6.7> How can I run an anonymous remailer? <6.8> What are references on privacy in email? <6.9> What are some email, Usenet, and internet umous FTP from csrc.ncsl.nist.gov (129.6.54.11), file pub/nistpubs/800-2.txt. Also via available anonymous FTP from wimsey.bc.ca as crypt.txt.Z in the crypto directory. Covers technical mathematical aspects of encryption such as number theory. More general information can be found in a FAQ by Paul Fahn of RSA Labortories via anonymous FTP from rsa.com in /pub/faq.ps.Z. See the `readme' file for information on the `tex' version. Also available as hardcopy for $20 from RSA Laboratories, 10 alt.comp.acad-freedom.news alt.comp.acad-freedom.talk -------------------------- Moderated and unmoderated issues related to academic freedom and privacy at universities. Documented examples of violated privacy in e.g. email. Documente > with weak cryptography is to indicate not too much desire for > privacy. Cypherpunks hope that all people desiring privacy will > learn how best to defend it. _____ <6.4> What are some privacy-related newsgroups? FAQs? Newsgroups ========== > as the Clinton Administration has recently proposed. From the charter on soda.berkely.edu:/pub/cypherpunks: > The most important means to the defense of privacy is encryption. > To encrypt is to indicate the desire for privacy. But to encrypt Cypherpunks, who often communicate among themselves by > electronic mail protected with an encryption system popular in > the computing underground, feel certain about one thing: The > Government should not be creating a national encoding standard, ryptography, there may be no > more self-consciously ornery group of coders than the > Cypherpunks, an alliance of some of Silicon Valley's best > programmers and hardware designers, who preach absolute privacy > in the information age. > > Theunks-request@toad.com to be added or subtracted from the list. (Traffic is sometimes up to 30-40 messages per day.) From `Wrestling Over the Key to the Codes', by John Markoff, New York Times, Sun. May 9 1993: > In the obscure world of computer cad.com> runs the `cypherpunk' mailing list dedicated to ``discussion about technological defenses for privacy in the digital domain.'' Frequent topics include voice and data encryption, anonymous remailers, the Clipper chip. Send email to cypherpypt/, and > read the file GETTING_ACCESS. Note: cryptography is generally not well integrated into email yet and some system proficiency is required by users to utilize it. _____ <6.3> What is the cypherpunks mailing list? Eric Hughes rpub.cl.msu.edu, which is open to non-anonymous FTP for users in > the U.S. and Canada who are citizens or permanent residents. To > find out how to obtain access, ftp there, cd to pub/cres, which are a library called RSAREF > licensed from RSA Data Security Inc. > > RIPEM is available via anonymous FTP to citizens and permanent > residents in the U.S. from rsa.com; cd to rsaref/ and read the > README file for info. > > RIPEM. who sent it can be confirmed) and privacy (i.e. nobody can > read it except the intended recipient.) > > RIPEM was written primarily by Mark Riordan > . Most of the code is in the public domain, > except for the RSA routin on news.answers: > RIPEM is a program which performs Privacy Enhanced Mail (PEM) > using the cryptographic techniques of RSA and DES. It allows > your electronic mail to have the properties of authentication > (i.e PC-, Macintosh-, and UNIX-based file encryption (including email). Consult the archie FTP database. Also see the newsgroup alt.security.pgp. Mailing list requests to info-pgp-request@lucpul.it.luc.edu. From the RIPEM FAQ by Marc VanHeyningen 0 Marine Parkway, Redwood City, CA 94065. Send questions to faq-editor@rsa.com. Phil Zimmerman's PGP (Pretty Good Privacy) package for public key encryption is available at numerous sites, and is in widespread use over the internet for generald examples of `censorship' as in e.g. limiting USENET groups local availability. alt.cyberpunk ------------- Virtual reality, (science) fiction by William Gibson and Bruce Sterling, cyberpunk in the mainstream. alt.hackers ----------- USENET Network News Transfer Protocol (NNTP) posting mechanisms, Simple Mail Transfer Protocol (SMTP), `obligatory hack' reports. alt.politics.org.nsa -------------------- Discussion of the U.S. National Security Agency, in charge of e company that owns patents on public key cryptography. unix-faq/faq/part1 ------------------ Frequently-asked questions about UNIX, including information on `finger' and terminal spying. distributions/* --------------- Known geos for undergraduate and graduate students, faculty and staff at various colleges and universities. ripem/faq --------- Information on RIPEM, a program for public key mail encryption officially sanctioned by Public Key Partners Inc., thed. ssn-privacy ----------- Privacy issues associated with the use of the U.S. Social Security number (SSN). pdial ----- Public dialup internet accounts list. college-email/part1 ------------------- How to find email addresseSources of information about the Internet and how to connect to it, through the NSF or commercial vendors. alt-security-faq ---------------- Computer related security issues arising in alt.security and comp.security.misc, mostly UNIX relatFTP to pit-manager.mit.edu [18.172.1.27] (also rtfm.mit.edu) from the directory /pub/usenet/news.answers/[x] where [x] is the archive name. This FAQ is archived in the file `net-privacy'. Others are: network-info/part1 ------------------ -------------------- The politics of cryptography. ITAR regulations, patent ] restrictions, `arms analogies', key escrow, etc. FAQs ==== FAQs or ``Frequently-Asked Questions'' are available in the newsgroups *.answers or via anonymous us groups, most active sites, etc. sci.crypt --------- Considers scientific and social issues of cryptography. Examples: legitimate use of PGP, public-key patents, DES, cryptographic security, cypher breaking, etc. talk.politics.crypto ights in the electronic realm. news.admin news.admin.policy ----------------- Concerns of news administrators. NNTP standards and mechanisms. news.lists ---------- USENET traffic distributions. Most frequent posters, most voluminos, mailing lists, etc. Moderated. comp.org.eff.news comp.org.eff.talk ----------------- Moderated and unmoderated groups associated with the Electronic Frontier Foundation started by Mitch Kapor for protecting civil and constitutional rste, and abuse. Discussion of claims. Whistleblower support. comp.society.privacy -------------------- Privacy issues associated with computer technologies. Examples: caller identification, social security numbers, credit application`Pretty Good Privacy'' Software developed by Phil Zimmerman for public key encryption, and RIPEM by Mark Riordan for public key and DES encryption. alt.whistleblowing ------------------ Whistleblowing on government and commercial fraud, wa comp.security.misc ------------------ Computer related security issues. FAQ in news.answers below. alt.security.pgp alt.security.ripem ---------------- Dedicated to discussing public domain cryptographic software packages: PGP, or `-server ----------------------- Spillover of debate on news.admin.policy regarding anonymous servers. alt.privacy.clipper ------------------- Group dedicated to discussing technical/political aspects of the Clipper chip. alt.security international radio surveillance, making and breaking official military codes and behind the Clipper proposal. alt.privacy ----------- General privacy issues involving taxpaying, licensing, social security numbers, etc. alt.privacy.anongraphic, university, and network distributions. _____ <6.5> What is internet Privacy Enhanced Mail (PEM)? Internet drafts on Privacy Enhanced Mail (PEM) describe a standard under revision for six years delineating the official protocols for email encryption. The standard has only recently stabilized and implementations are being developed. - RFC-1421: ``Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures.'' J. Linn <104-8456@mcimaiAdopt Policy on E-mail Privacy.'' Network World (Oct 29, 1990), 7.44: 2. Bairstow, Jeffrey. ``Who Reads your Electronic Mail?'' Electronic Business (June 11, 1990) 16 (11): 92. ``Electronic Envelopes - the uncertainty of keeping e-mail private'' use'' in this document prior to advertising your service. You should be committed to the long-term stability of the site and avoid running one surreptitiously. _____ <6.8> What are references on privacy in email? Brown, Bob. ``EMA Urges Users to o.uh.edu> has more information and modifications. Also, most remailer operators mentioned above are amenable to discussing features, problems, and helping new sites become operational. Address all points in the section ``responsibities of anonymousemailer source is at soda.berkeley.edu in the /pub/cypherpunks directory. It's written in PERL, and is relatively easy to install (no administrative rights are required) although basic familiarity with UNIX is necessary. Karl Barrus blank. The first line of the text of the message must be `SEND > RFCnnnn.TXT-1', where nnnn is replaced by the RFC number. _____ <6.7> How can I run an anonymous remailer? Cypherpunk r to the RFC directory (`cd RFC'). The file name is of the > form RFCnnnn.TXT-1 (where `nnnn' refers to the number of the > RFC). The NIS also provides an automatic mail service for those > sites which cannot use FTP. Address the request to > NISessage indicate the RFC number, as in `Subject: RFC nnnn' (or > `Subject: RFC nnnn.PS' for PostScript RFCs). > > RFCs can also be obtained via FTP from NIS.NSF.NET. Using FTP, > login with username `anonymous' and password `guest'; then > connecter of the RFC). Login with FTP, username `anonymous' and > password `guest'. The NIC also provides an automatic mail > service for those sites which cannot use FTP. Address the > request to SERVICE@NIC.DDN.MIL and in the subject field of the > mt Enbgineering Task Force), and a glossary of terms. Also from ftp.eff.org: /pub/internet-info/internet.q. > RFCs can be obtained via FTP from NIC.DDN.MIL, with the pathname > RFC:RFCnnnn.TXT or RFC:RFCnnnn.PS (where `nnnn' refers to the > numbcenter databases RFC-1177 is ``FYI: Answers to commonly asked ``new internet user'' questions, and includes: basic terminology on the Internet (TCP/IP, SMTP, FTP), internet organizations such as IAB (Internet Activities Board) and IETF (Internendard for interchange of network news messages RFC-1208: Glossary of Networking Terms RFC-1207: Answers to ``experienced Internet user'' questions RFC-1206: Answers to ``new Internet user'' questions RFC-1355: Privacy issues in Network Information RFCs related to privacy'' for information on how to obtain RFCs. _____ <6.6> What are other Request For Comments (RFCs) related to privacy? RFC-822: SMTP, Simple Mail Transfer Protocol RFC-977: NNTP, Network News Transfer Protocol RFC-1036: Staervices'' B. Kaliski - RFC-1423: ``Privacy Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes, and Identifiers'' D. Balenson Send email to pem-info@tis.com for more information. See ``l.com> - RFC-1422: ``Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management'' S. Kent - RFC-1424: ``Privacy Enhancement for Internet Electronic Mail: Part IV: Key Certification and Related S Scientific American, February 1993. ftp.eff.org =========== /pub/EFF/legal-issues/email-privacy-biblio-2 --- Compilation of bibliography on E-Mail and its privacy issues (part 2 of the work). Compiled by Stacy B. Veeder (12/91). /pub/EFF/email-privacy-research --- The author at Digital Research tried to formalize their employee privacy policy on E-Mail. The casesightings are divided into two groups: US Constitutional law, and California law. _____ <6.9> What are somb/devetzis/imp. Includes a mailing list archive and other documents. Some papers on the subject of digital cash are available from ftp.cwi.nl: - CS-R9323 Stefan Brands ``An Efficient Off-line Electronic Cash System Based On The Representati :: command: help user@host where `user@host' is your email address. A new set of Internet standards called Internet Mercantile Protocols are being developed to support cash transactions in encrypted email. See thumper.bellcore.com:/puDec.1992). An experimental digital bank is run by Karl Barrus based on suggestions by Hal Finney on the cypherpunks mailing list. To use the server send mail to elee7h5@rosebud.ee.uh.edu message with the following text: milar to today's checking system except entirely digital) may be one approach. The issues of cryptography, privacy, and anonymity are closely associated with transfer of cash in an economy. See the article in Scientific American by David Chaum (~S ============= _____ <7.1> What is ``digital cash''? With digital encryption and authentication technologies, the possibility of a widespread digital cash system may someday be realized. A system utilizing codes sent between users and banks (sihould my university remove (or restrict) Netnews newsgroups because some people find them offensive? /pub/academic/faq/policy --- What guidance is there for creating or evaluating a university's academic computer policy? MISCELLANEOUpolicies --- Do any universities treat email and computer files as private? /pub/academic/faq/netnews.writing --- Policies on what users write on Usenet. /pub/academic/faq/netnews.reading --- Policies on what users read on Usenet: s-- Computer use policies of a number of schools. See schools/Index for a full list and description. Commentary ========== /pub/academic/faq/policy.best --- Opinions on the best academic computer policies. /pub/academic/faq/email.s. See /pub/cud/networks/index. /pub/cud/networks/email --- Policies from various sysadmins about how they handle the issue of email privacy, control, and abuse, compiled by T. Hooper . /pub/cud/schools/ -licies (but not critiques). ftp.eff.org =========== /pub/cud/networks/ --- Acceptable Use Policies for various networks, including CompuServe (file `compuserve'), NSFNET (file `nsfnet') with information on research and commercial useles that you want. File > README is a detailed description of the items in the directory. > > For more information, to make contributions, or to report typos > contact J.S. Greenfield (greeny@eff.org). Directory `widener' > contains additional potp > to ftp.eff.org (192.88.144.4). It is in directory > `pub/academic/policies'. For email access, send email to > archive-server@eff.org. Include the line: > > send acad-freedom/policies > > where is a list of the fisite. The collection also includes critiques of some of the policies. > If you have gopher, the archive is browsable with the command: > gopher -p academic/policies gopher.eff.org > > The archive is also accessible via anonymous ftp and email. Fe email, Usenet, and internet use policies? The Computer Policy and Critiques Archive is a collection of the computer policies of many schools and networks, run by the Computers and Academic Freedom group on the Electronic Frontier Foundation FTP on Problem'' - CS-R9318 N. Ferguson ``Single Term Off-Line Coins'' Thanks to P. Honeyman and J. McCoy for contributions to this section. _____ <7.2> What is a ``hacker'' or ``cracker''? These terms arouse strong feelings by many on their meaning, especially on the internet. In the general news media in the past a person who uses computers and networks to malicious ends (such as breaking into systems) has been referred to as a hacker, bu not make public information on its software's encryption techniques to evade `attacks' based on knowledge of it. Another example would be concealing data on the existence of security holes or bugs in operating systems. Or, some reliance may be mascribe help _____ <7.5> What is `security through obscurity'? `Security through obscurity' refers to the attempt to gain protection from system weaknesses by hiding sensitive information or programs relating to them. For example, a company may their unique key. An anonymous pool has been set up by Miron Cuperman (miron@extropia.wimsey.com) for experiments. Send email to with one of the following commands in the subject line: subscribe unsuben sender and receiver. For steganographic communications in the electronic realm one another possibility is setting up a mailing list where individual messages get broadcast to the entire list and individual users decode particular messages withmple, it is possible to encode messages in the least-significant bits of images, typically the most 'noisy'. In addition, when such an item is posted in a public place (such as a newsgroup), virtually untraceable communication can take place betwehy' or the techniques for not only pursuing private (encrypted) communication but concealing the very existence of the communication itself. Many new possibilities in this area are introduced with the proliferation of computer technology. For exa cypherpunk mailing list below. See also the CryptoAnarchist Manifesto and the Cryptography Glossary in soda.berkeley.edu:/pub/cypherpunks. _____ <7.4> What is `steganography' and anonymous pools? Closely associated with encryption is `steganograped with an encryption system popular in > the electronic underground, feel certain about one thing: The > Government should not be creating a national encoding standard, > as the Clinton Administration has recently proposed. See information on thethe Cypherpunks, > an alliance of some of Silicon Valley's best programmers and > hardware designers, who preach absolute privacy in the information > age. > > The Cypherpunks, who often communicate among themselves by > electronic mail protectces or > their opinions. From `Wrestling Over the Key to the Codes,'' by J. Markoff in the New York Times, Sunday, May 9 1993: > In the obscure world of computer cryptography, there may be no > more self-consciously ornery group of coders than ivacy out of beneficence. Cypherpunks know that people > have been creating their own privacy for centuries with whispers, > envelopes, closed doors, and couriers. Cypherpunks do not seek > to prevent other people from speaking about their experienume privacy is a good thing and wish there were > more of it. Cypherpunks acknowledge that those who want privacy > must create it for themselves and not expect governments, > corporations, or other large, faceless organizations to grant > them prnic pioneer and patriot. This is the sense intended in this document. See also the ``Hacker's Dictionary'' and the FAQ `alt-security-faq'. _____ <7.3> What is a ``cypherpunk''? From the charter of the cypherpunk mailing list: > Cypherpunks asst most internet users prefer the term ``cracker'' for this. Instead, a ``hacker'' is perceived as a benign but intensely ambitious, curious, and driven computer user who explores obscure areas of a system, for example---something of a proud electrode on the fact that some standard or mechanism with potential problems is serious because they are ``not widely known'' or ``not widely used.'' This argument is occasionally applied to mechanisms for email and Usenet posting `forgery'. `Security through obscurity' is regarded as a very feeble technique at best and inappropriate and ineffective at worst (also called the ``head-in-the-sand approach''). See the FAQ for alt.security. Some remarks of John Perry Barlow, cofounder of the Electronementation of the Ident protocol and related files are available via anonymous FTP from ftp.lysator.liu.se:/pub/ident. TCP Wrapper ----------- Wietse Vensema's tcp_wrapper suite is a group of programs that `wraps around' the traditional tcp/ip uetermine whether or not your particular Unix machine is running an Ident server, examine the file /etc/services. If you find a list entry for port 113, your system is supporting Ident. The line should look something like `auth 113/tcp' An impl- Some popular freeware packages and sites are now supporting Ident services. For example, the popular FTP site wuarchive.wustl.edu contains a built-in Ident client and will interact with an existing Ident server on the remote machine. To dystem administrators. - The Ident program can be configured to refuse to return information for particular (groups of) users by the administrator although the conventional implementation returns any requested user information by default. in. - `Ident' must be running on both sides of a connection for the receiver's identification request to succeed. - Reportedly no systems are currently shipped with the Ident protocol installed. Installation is voluntary on the part of s to track down problematic users. - An `Ident' server can only inquire about connections from a directly-connecting host. If a user uses that host as an intermediate link in a chain the protocol cannot trace past the nearest link in the cha NNTP news posting protocol). This software can be used to enforce e.g. program usage (licensing) restrictions such as databases that restrict access to a particular organization. The protocol can also be used in some cases (when it is supported)not guaranteed. The protocol is detrimental to anonymity but as a voluntary standard system adminstrators can decide not to install it. This standard may represent a trend toward greater authentication mechanisms (as with user verification in thent it but the number is increasing (the most common implementation `pidentd' has reportedly been ported to over a dozen UNIX variants). Under an optional `HIDDEN-USER' function the user may be able to disable it individually but this capability is remote user's login name after connection to a local communication socket (a connection of this type is established during FTP and TELNET sessions, for example). The standard is not uniformly supported, about 200 sites and domains currently implemein my view, > but you may differ... _____ <7.6> What are `identity daemons'? Ident Protocol -------------- The RFC 1413 `Identification Protocol' standard (obsoletes RFC-931) describes a protocol standard that allows UNIX programs to query a > believe you must simply accept the idea that we are moving into > an environment where any information which is at all interesting > to people is going to get out. And there will be very little > that you can do about it. This is not a bad thing ned. ... This stuff is incredibly leaky and volatile. It's > almost a life form in its ability to self-propagate. If > something hits the Net and it's something which people on there > find interesting it will spread like a virus of the mind. I ic Frontier Foundation, directed to NSA agents at the First International Symposium on National Security & National Competitiveness held in McLean, Virginia Dec. 1, 1992: > Digitized information is very hard to stamp classified or keep > contaitilities, such as finger, telnet, rsh, and ftp. It allows an admin to make origin-based decisions about network requests. For example, all `finger' requests could be denied or `telnet' sessions could be restricted to certain remote users or sites. See ftp.win.tue.nl:/pub/security/log_tcp.shar.Z. Thanks to Wes Morgan for contributions here. _____ <7.7> What standards are needed to guard electronic privacy? Remailing/Posting ----------------- - Stable, secure, Roubicek, M. Stahl, and A. Yuan, ``Where to Start - A Bibliography of General Internetworking Information'' (RFC-1175), CNRI, U Texas, ISI, BBN, SRI, Mitre, August 1990. The Whole Internet Catalog & User's Guide by Ed Krol. (1992) O'Reilly and Internet (NSFNet) statistics are available via anonymous ftp to nic.merit.edu in the /statistics/nsfnet directory. Summaries are contained in the `highlights' file organized by year. References ========== Bowers, K., T. LaQuey, J. Reynolds, K.tion to TCP/IP has been doubling > every year since 1988. The Internet is moving out of its > original base in military and research institutions, into > elementary and high schools, as well as into public libraries > and the commercial sector. rly 1990s is spectacular, > almost ferocious. It is spreading faster than cellular phones, > faster than fax machines. Last year the Internet was growing at > a rate of twenty percent a *month.* The number of `host' > machines with direct connecnstrument of the late > twentieth century. The powerful, sophisticated access that it > provides to specialized data and personal communication has sped > up the pace of scientific research enormously. > > The Internet's pace of growth in the eaes, with more coming on-line every day. Three million, > possibly four million people use this gigantic > mother-of-all-computer-networks. > > The Internet is especially popular among scientists, and is > probably the most important scientific iTCP/IP standards for computer networking is now > global. In 1971, a mere twenty-one years ago, there were only > four nodes in the ARPANET network. Today there are tens of > thousands of nodes in the Internet, scattered over forty-two > countriIT, UCLA, ARPANET, TCP/IP, NSF, NREN, etc.: > ARPANET itself formally expired in 1989, a happy victim of its > own overwhelming success. Its users scarcely noticed, for > ARPANET's functions not only continued but steadily improved. > The use of sy and Science Fiction by Bruce Sterling contains general and nontechnical introductory notes on origins of the Internet, including the role of the RAND corporation, the goal of network resilience in face of nuclear attack, Mssolution of laws and government agencies opposed to privacy, replaced by structures dedicated to strengthening and protecting it. FOOTNOTES ========= _____ <8.1> What is the background behind the Internet? The article ``Internet'' in Fanta standards, implemented `securely,' `seamlessly,' and `transparently'. - General shift of use, dependence, and reliance to means other than wiretapping and electronic surveillance by law enforcement agencies. - Publicity, retraction, and diyptography, and related privacy shields as legitimate, useful, desirable, and crucial by the general public and their governments. - Widespread use and implementation of these technologies by systems designers into hardware, software, andinformation obscured or absent and hidden routing mechanisms (chaining, encrypted addresses, etc.) - Standards for anonymous email addressing, embedding files, and remailer site chaining. General ------- - Recognition of anonymity, cr protected, officially sanctioned and permitted, publicly and privately operated anonymous servers and hubs. - Official standards for encryption and anonymity in mail and USENET postings. - Truly anonymous protocols with source and destination Associates, Inc. --- A clear, non-jargonized introduction to the intimidating business of network literacy written in humorous style. Krol, E., ``The Hitchhikers Guide to the Internet'' (RFC-1118), University of Illinois Urbana, September 1989. ``The User's Directory to Computer Networks'', by Tracy LaQuey. The Matrix: Computer Networks and Conferencing Systems Worldwide. by John Quarterman. Digital Press: Bedford, MA. (1990) --- Massive and highly technical compendium detailiised privacy on the internet. - Volunteers for EFF, CPSR, Clipper, etc. FAQ writing. Commerical use of this document is negotiable and is a way for the author to recoup from a significant time investment. Email feedback to ld231782@longs.lanceg items are sought: - Short summaries of RFC documents and other references listed, esp. CPSR files. - Internet traffic statistics. How much is email? How much USENET? What are the *costs* involved? - Famous or obscure examples of compromegarding privacy, identity, and anonymity on the internet. The author is committed to keeping this up-to-date and strengthening it, but this can only be effective with your feedback, especially on sections of interest. In particular, the followind a Congress? > There'd probably be a lot fewer new words in English, and a lot > fewer new ideas. _____ <8.3> Most Wanted list Hopefully you have benefitted from this creation, compilation, and condensation of information from various sources rh, > `English' as an institution is public property, a public good. > Much the same goes for the Internet. Would English be improved > if the `The English Language, Inc.' had a board of directors > and a chief executive officer, or a President antherwise, everybody just sort of pitches in, and somehow the > thing evolves on its own, and somehow turns out workable. And > interesting. Fascinating, even. Though a lot of people earn > their living from using and exploiting and teaching Englisobody owns English. As an English-speaking person, it's up > to you to learn how to speak English properly and make whatever > use you please of it (though the government provides certain > subsidies to help you learn to read and write a bit). > Oding to Bruce Sterling : > The Internet's `anarchy' may seem strange or even unnatural, but > it makes a certain deep and basic sense. It's rather like the > `anarchy' of the English language. Nobody rents English, and > nross-Cultural Electronic Networking.'' Whole Earth Review (Winter) 1990: 32-35. Varley, Pamela. ``Electronic Democracy.'' Technology Review (November/December, 1991): 43-51. ______ <8.2> How is Internet `anarchy' like the English language? Accor 0-390-03083-X --- Essays on information infrastructure. Policy and design issues, research and NREN, future visions, information markets. See table of contents in ftp.eff.org:/pub/pub-infra/1992-03. Shapard, Jeffrey. ``Observations on Cunningham, Scott and Alan L. Porter. ``Communication Networks: A dozen ways they'll change our lives.'' The Futurist 26, 1 (January-February, 1992): 19-22. Brian Kahin, ed., BUILDING INFORMATION INFRASTRUCTURE (New York: McGraw-Hill, 1992) ISBN#ntice Hall. --- Brief but useful Internet guide with plenty of good advice on useful databases. See also ftp.eff.com:/pub/internet-info/. (Thanks to Bruce Sterling for contributions here.) General ======= Cesley. --- ``Evangelical'' etiquette guide to the Internet featuring anecdotal tales of life-changing Internet experiences. Foreword by Senator Al Gore. Zen and the Art of the Internet: A Beginner's Guide by Brendan P. Kehoe (1992) Preng the mind-boggling scope and complexity of global internetworks. ``!%@:: A Directory of Electronic Mail Addressing and Networks'' by Donnalyn Frey and Rick Adams. The Internet Companion, by Tracy LaQuey with Jeanne C. Ryer (1992) Addison W.colostate.edu. Please note where you saw this (which newsgroup, etc.). _____ <8.4> Change history 10/11/93 v3.2 (current) More notes on (in)security of internet networks. NIST BBS pointer. Digital cash section strengthened with IMP and FTP references. Email & posting liability section mentions C. Kadie. talk.politics.crypto and alt.politics.org.nsa newsgroups added. UNIX `finger' utilities and FTP site added (finally!). `finger' identity question rearranged. 7/10/93 v3.1onymity on the internet? Part 2 ------ <4.1> What is the Electronic Frontier Foundation (EFF)? <4.2> Who are Computer Professionals for Social Responsibility (CPSR)? <4.3> What was `Operation Sundevil' and the Steve Jackson Game case? <4.4> What is Integ.2> Why is `anonymity' (un)important on the internet? <3.3> How can anonymity be protected on the internet? <3.4> What is `anonymous mail'? <3.5> What is `anonymous posting'? <3.6> Why is anonymity (un)stable on the internet? <3.7> What is the future of anHow am I (not) liable for my email and postings? <2.9> Who is my sysadmin? What does s/he know about me? <2.10> Why is privacy (un)stable on the internet? <2.11> What is the future of privacy on the internet? <3.1> What is `anonymity' on the internet? <3.2> Why is privacy (un)important on the internet? <2.3> How (in)secure are internet networks? <2.4> How (in)secure is my account? <2.5> How (in)secure are my files and directories? <2.6> How (in)secure is X Windows? <2.7> How (in)secure is my email? <2.8> rom their email address? <1.5> How do I provide more/less information to others on my identity? <1.6> Why is identification (un)stable on the internet? <1.7> What is the future of identification on the internet? <2.1> What is `privacy' on the internet? <2s. * * * SEE ALSO ======== Part 1 ------ <1.1> What is `identity' on the internet? <1.2> Why is identity (un)important on the internet? <1.3> How does my email address (not) identify me and my background? <1.4> How can I find out more about somebody f information and instability. Posted to sci.crypt. 1/25/93 v0.1 Originally posted to the cypherpunks mailing list on 1/25/93 as a call to organize a list of anonymous servers. email ld231782@longs.lance.colostate.edu for earlier versionerpunk servers and use warnings. More UNIX examples (`ls' and `chmod'). Posted to alt.privacy, comp.society.privacy. 1/29/93 v0.2 `Identity' and `Privacy' sections added. `Anonymity' expanded. Remailer addresses removed due to lack of.0 More newsgroups & FAQs added. More `Most Wanted'. Posted to news.answers. Future monthly posting to sci.crypt, alt.privacy. 2/1/93 v0.3 Formatted to 72 columns for quoting etc. `miscellaneous,' `resources' sections added with cyphl liability issues, anonymity history and responsibilities. Split into three files. Many new sources added, particularly from EFF and CAF in new `issues' part. `commentary' from news.admin.policy. 21 day automated posting starts. 2/3/93 v1, alt.answers, sci.answers was cancelled by J. Kamens because of incorrect subject line. 2/14/93 v2.0 Major revisions. New section for X Windows. Some email privacy items reorganized to network security section. New sections for emaie file pointers not fixed. 3/3/93 v2.1 CPSR pointer, new UNIX mode examples, digital telephony act, Steve Jackson incident, additions/ reorganization to anonymity section, part 3. Note: v2.0 post to sci.crypt, alt.privacy, news.answersd. 5/7/93 v3.0 Revisions/additions to Anonymity history. Anonymity history & commentary moved to new FAQ. Information on the Clipper chip initiative. Minor miscellaneous corrections. Crosslink program info deleted. Some EFF out-of-dat Minor formatting, FTP reference fixup. New Clipper references and quotations. Expansion on Cypherpunk documentation. CFP reference added. Merit Internet statistics pointer. Anonymity references added. Identity daemon function elaboraterated Services Digital Network (ISDN)? <4.5> What is the National Research and Education Network (NREN)? <4.6> What is the FBI's proposed Digital Telephony Act? <4.7> What is U.S. policy on freedom/restriction of strong encryption? <4.8> What other U.S. legislation is related to privacy? <4.9> What are references on rights in cyberspace? <4.10> What is the Computers and Academic Freedom (CAF) archive? <4.11> What is the Conference on Freedom and Privacy (CFP)? <4.12> What is the NIST computer security bulle-(m$.*B HHIKERS.GUIDEf INET.PRIVACY25newsgroups news.answers, sci.answers, alt.answers every 21 days. Written by L. Detweiler . All rights reserved. s/criticisms of the Clipper announcement? <5.10> Where does Clipper fit in U.S. cryptographic technology policy? * * * This is Part 3 of the Privacy & Anonymity FAQ, obtained via anonymous FTP to rtfm.mit.edu:/pub/usenet/news.answers/net-privacy/ or 5> How is commerical use/export of Clipper chips regulated? <5.6> What are references on the Clipper Chip? <5.7> What are compliments/criticisms of the Clipper chip? <5.8> What are compliments/criticisms of the Clipper Initiative? <5.9> What are complimenttin board? <5.1> What is the Clipper Chip Initiative? <5.2> How does Clipper blunt `cryptography's dual-edge sword'? <5.3> Why are technical details of the Clipper chip being kept secret? <5.4> Who was consulted in the development of the Clipper chip? <5.