Network Working Group                                         C. Malamud
Request for Comments: 1529                 Internet Multicasting Service
Obsoletes: 1486                                                  M. Rose
Category: Informational                     Dover Beach Consulting, Inc.
                                                            October 1993


           Principles of Operation for the TPC.INT Subdomain:
               Remote Printing -- Administrative Policies

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard.  Distribution of this memo is
   unlimited.

Introduction

   This document defines the administrative policies for the operation
   of remote printer facilities within the context of the tpc.int
   subdomain.  The document describes different approaches to resource
   recovery for remote printer server sites and includes discussions of
   issues pertaining to auditing, security, and denial of access.

   The technical procedures for remote printing are defined in [1]. The
   general principles of operation for the tpc.int subdomain are defined
   in [2].  An overview of the remote printing facility is returned when
   electronic mail is sent to tpc-faq@town.hall.org.

Overview of Remote Printing in the TPC.INT Subdomain

   The remote printing facility allows a user to image documents on a
   remote printer, defined as a G3-compatible facsimile device connected
   to the public telephone network.  The user sends electronic mail to
   an address which includes the phone number associated with the target
   G3-compatible facsimile device.  Using the Domain Name System, the
   Internet message-handling infrastructure routes the message to a
   remote printer server, which provides access to devices within a
   specified range of the telephone system numbering plan.  The message
   is imaged on the target remote printer and an acknowledgement is sent
   back to the initiator of the message.

   The remote printing facility is concerned with outreach, integrating
   the e-mail and G3-compatible facsimile communities into a common
   communications environment. By providing easy access to remote
   printing recipients, enterprise-wide access is enhanced, regardless
   of the kind of institution (e.g., commercial, educational, or
   government), or the size of institution (e.g., global, regional, or



Malamud & Rose                                                  [Page 1]


RFC 1529       Remote Printing -- Administrative Policies   October 1993


   local).  Remote printing allows an organization to make it easier for
   electronic mail users to communicate with the personnel in the
   organization who are users of G3-compatible facsimile but not e-mail,
   providing a valuable bridge between the two types of technology.

Models of Operation for Remote Printing Servers

   Remote printer servers in the tpc.int subdomain consume resources
   that are typically recovered from neither the initiator nor the
   recipient of the remote printing service.  Owing to a lack of
   widespread authentication facilities in the Internet and connected
   message handling domains, it is not currently possible to identify
   the initiator with certainty.  Since the request was not initiated by
   the recipient, it is inappropriate for a remote printer gateway to
   accept a request and then attempt to charge the receiver of the
   message before imaging the document on the remote printer.

   Several models of resource recovery for remote printer operation are
   possible in the tpc.int subdomain:

      Community Library Model
      Neighborhood Grocery Model
      Local Newspaper Model

   In the Community Library model, an organization would register a
   remote printer gateway willing to place calls to all devices located
   within the organization's telephone system.  Other operators may
   determine that the costs of servicing the immediate vicinity (or even
   a larger area) are minimal and register to serve a portion of the
   telephone address space as a community service.

   The Community Library model can apply to a neighborhood, or to an
   organization such as a government R&D Center, a university, or a
   corporation.  The library model does not recover costs from the
   particpants, but runs the remote printer as a community service.

   In the Neighborhood Grocery model, a commercial organization
   contracts with specific end users, offering to register their
   individual fax numbers in the namespace.  This service bureau model
   could be conducted with or without cost recovery from the owner of
   the remote printer device.

   The Local Newspaper model recovers the resources needed to operate
   the remote printer service from a third party not directly connected
   with the message exchange. When a document is successfully imaged on
   a remote printer, there are two actions that result.  First, a cover
   sheet is constructed and prepended to the document imaged on the
   remote printer.  Second, a notification is sent back to the



Malamud & Rose                                                  [Page 2]


RFC 1529       Remote Printing -- Administrative Policies   October 1993


   initiator.  An Internet site running a remote printer server
   registered in the tpc.int subdomain is permitted to acknowledge a
   sponsor in both cases.

   Specifically, up to one-third of the area of the cover sheet may be
   used for acknowledgement of the sponsor, and up to 250 bytes of ASCII
   text acknowledging the sponsor may be appended to the notification
   returned to the initiator.   Any such sponsor acknowledgement is
   subject to applicable regulations governing the content and form of
   such acknowledgements.

   The words "paid advertisement" should be prominently displayed in the
   area containing the message if money has changed hands for the
   transaction.  If an organization uses the local newspaper model
   simply to transmit community service messages, then the words "paid
   advertisement" need not be displayed.

Auditing and Security

   A remote printer server should maintain a log for auditing and
   security.  This log may contain at most the following information:

      1) the date the message was received;
      2) the "From" and "Message-ID" fields;
      3) the size of the body;
      4) the identity (telephone number) of the printer;
      5) any telephony-related information, such as call
         duration;
      6) any G3-related information, such recipient ID.

   This information is the most that can be kept and may be further
   limited by legal authority with jurisdiction at the site.

   The purpose of the log is to maintain accountability and security.
   It is considered a violation of the privacy of the initiator and the
   recipient of the remote printer services to divulge such logs unless
   required by legal authority with jurisdiction at the site.  In
   particular, it is a violation of privacy to divulge, either directly
   or indirectly, such information for the compilation of lists for
   marketing purposes.

   It is permissible, however, to furnish interested parties with
   summary reports that indicate the number of calls, average length,
   and other summary information provided that such summary information
   could not be used to identify individual initiators or recipients or
   their calling patterns.  For example, a remote printer gateway might
   furnish an interested party with a report of the number of calls per
   day and hours logged to a specific local area exchange.



Malamud & Rose                                                  [Page 3]


RFC 1529       Remote Printing -- Administrative Policies   October 1993


   Remote printer servers operate in a public service capacity and must
   strictly respect the privacy of the contents of messages. Unless
   required by technical or legal considerations, the content of
   messages shall not be monitored or disclosed.

Denial of Access

   Internet sites registered in the tpc.int subdomain may deny access
   based on the source but not the destination of the message.  If an
   Internet site feels that it is inappropriate to provide access to a
   particular destination, then it should re-register itself
   accordingly.

   Denial of access based on source should be made only if required by
   legal authority with jurisdiction at the site or because of abuse.
   In all cases, denial of access should result in a notification
   returned to the initiator indicating the policy that was violated.
   However, if repeated attempts continue to be made by the source,
   repeated notifications are not necessary.  Denial of access should be
   distinguished from the inability to provide access.  For example,
   improperly formatted messages will prevent access.

   Denial of access can occur due to problems in a single message or set
   of messages or because of consistent patterns of abuse. Examples of
   denial on a single message might include an attempt to transmit an
   extremely long document, such as a 100-page memo. Such a document
   might violate local policies limiting the number of pages or
   transmission time.

   A more serious problem is long-term abuse of facilities.  A remote
   printer server might choose to impose a usage limit on a daily or
   monthly basis.  Such limits should be chosen to balance the desire to
   encourage legitimate users with the need to prevent consistent abuse.

   At present, it is the responsibility for each Internet site running a
   remote printer server to define a local policy for denial of access.
   This policy should be based on objective criteria, and those criteria
   should be registered with the tpc.int subdomain secretariat at the
   e-mail address tpc-admin@town.hall.org.

Security Considerations

   Security issues are not discussed in this memo.








Malamud & Rose                                                  [Page 4]


RFC 1529       Remote Printing -- Administrative Policies   October 1993


References

   [1] Malamud, C., and M. Rose, "Principles of Operation for the
       TPC.INT Subdomain: Remote Printing -- Technical Procedures", RFC
       1528, Dover Beach Consulting, Inc., Internet Multicasting
       Service, October 1993.

   [2] Malamud, C., and M. Rose, "Principles of Operation for the
       TPC.INT Subdomain: General Principles and Policy", RFC 1530,
       Internet Multicasting Service, Dover Beach Consulting, Inc.,
       October 1993.

Authors' Addresses

   Carl Malamud
   Internet Multicasting Service
   Suite 1155, The National Press Building
   Washington, DC 20045
   US

   Phone: +1 202 628 2044
   Fax:   +1 202 628 2042
   Email: carl@malamud.com


   Marshall T. Rose
   Dover Beach Consulting, Inc.
   420 Whisman Court
   Mountain View, CA  94043-2186
   US

   Phone: +1 415 968 1052
   Fax:   +1 415 968 2510
   Email: mrose@dbc.mtview.ca.us

















Malamud & Rose                                                  [Page 5]