Technical Considerations for Internet Service Blocking and Filtering
RFC 7754
| Document | Type |
RFC - Informational
(March 2016; No errata)
Was draft-iab-filtering-considerations (iab IETF)
|
|
|---|---|---|---|
| Last updated | 2016-03-03 | ||
| Replaces | draft-barnes-blocking-considerations | ||
| Stream | IAB | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Stream | IAB state | Published RFC | |
| Consensus Boilerplate | Yes | ||
| RFC Editor Note | (None) | ||
Internet Architecture Board (IAB) R. Barnes
Request for Comments: 7754 A. Cooper
Category: Informational O. Kolkman
ISSN: 2070-1721 D. Thaler
E. Nordmark
March 2016
Technical Considerations for Internet Service Blocking and Filtering
Abstract
The Internet is structured to be an open communications medium. This
openness is one of the key underpinnings of Internet innovation, but
it can also allow communications that may be viewed as undesirable by
certain parties. Thus, as the Internet has grown, so have mechanisms
to limit the extent and impact of abusive or objectionable
communications. Recently, there has been an increasing emphasis on
"blocking" and "filtering", the active prevention of such
communications. This document examines several technical approaches
to Internet blocking and filtering in terms of their alignment with
the overall Internet architecture. When it is possible to do so, the
approach to blocking and filtering that is most coherent with the
Internet architecture is to inform endpoints about potentially
undesirable services, so that the communicants can avoid engaging in
abusive or objectionable communications. We observe that certain
filtering and blocking approaches can cause unintended consequences
to third parties, and we discuss the limits of efficacy of various
approaches.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Architecture Board (IAB)
and represents information that the IAB has deemed valuable to
provide for permanent record. It represents the consensus of the
Internet Architecture Board (IAB). Documents approved for
publication by the IAB are not a candidate for any level of Internet
Standard; see Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7754.
Barnes, et al. Informational [Page 1]
RFC 7754 Blocking and Filtering Considerations March 2016
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Barnes, et al. Informational [Page 2]
RFC 7754 Blocking and Filtering Considerations March 2016
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Filtering Examples . . . . . . . . . . . . . . . . . . . . . 5
3. Characteristics of Blocking Systems . . . . . . . . . . . . . 7
3.1. The Party Who Sets Blocking Policies . . . . . . . . . . 8
3.2. Purposes of Blocking . . . . . . . . . . . . . . . . . . 8
3.2.1. Blacklist vs. Whitelist Model . . . . . . . . . . . . 9
3.3. Intended Targets of Blocking . . . . . . . . . . . . . . 9
3.4. Components Used for Blocking . . . . . . . . . . . . . . 10
4. Evaluation of Blocking Design Patterns . . . . . . . . . . . 11
4.1. Criteria for Evaluation . . . . . . . . . . . . . . . . . 11
4.1.1. Scope: What set of hosts and users are affected? . . 12
4.1.2. Granularity: How specific is the blocking? Will
blocking one service also block others? . . . . . . . 12
4.1.3. Efficacy: How easy is it for a resource or service to
avoid being blocked? . . . . . . . . . . . . . . . . 13
4.1.4. Security: How does the blocking impact existing trust
infrastructures? . . . . . . . . . . . . . . . . . . 14
4.2. Network-Based Blocking . . . . . . . . . . . . . . . . . 15
4.2.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . 16
4.2.2. Granularity . . . . . . . . . . . . . . . . . . . . . 17
4.2.3. Efficacy and Security . . . . . . . . . . . . . . . . 17
4.2.4. Summary . . . . . . . . . . . . . . . . . . . . . . . 20
4.3. Rendezvous-Based Blocking . . . . . . . . . . . . . . . . 20
4.3.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . 21
4.3.2. Granularity . . . . . . . . . . . . . . . . . . . . . 21
4.3.3. Efficacy . . . . . . . . . . . . . . . . . . . . . . 21
Show full document text