What is "Free"? (RFC0491)
Original Publication Date: 1973-Apr-01
Included in the Prior Art Database: 2019-Feb-12
Internet Society Requests For Comment (RFCs)
Network Working Group M. A. Padlipsky Request for Comments: 491 MIT-Multics NIC: 15356 12 April 1973
What Is Free
In at least three of the RFC’s about "mail" and the File Transfer Protocol (RFC’s 454, 475, 479), something very like the following is asserted: "Network mail should be free; i.e., no login or USER command should be required." Unfortunately, "i.e" (=that is) is misleading. It simply does not follow to imply that the only way mail can be free is for it not to require a login; explicit login on a free account would of course also work. Indeed, depending upon per-Host idiosyncrasies in the Logger / Answering Service / process creation environment, an explicit login may well prove to be far more natural than an implicit login. (Even in environments where implicit login is easy, surely explicit login is just easy.) Granted, login on a free account requires users to remember the name of the free account. However, this would not be too great a burden to bear if there were reasons for preferring an explicit login and if the free account had the same name on all Hosts. Therefore, from the promise that Network protocols should not implicitly legislate "unnatural" implementations for participating Hosts if it is conveniently avoidable, I propose the following formulation:
Network mail should be free. Network mail should not require users to remember the name of the free account on a given system. I.e., it should either be "loginless" or it should take the same login everywhere. But some systems need/want/prefer a login. Therefore, USER NETML / PASS NETML should be made to work everywhere for free mail.
Note: "NETML" is fewer than six characters and is upper case hence, it should fit in the least common denominator category of user identifiers, but it’s still long enough not to conflict with anybody’s initials (in all probability).
Now, because of the implementation implications this may all sound like special pleading, but I claim that another implication of the "incorrect" formulation will further show the superiority of an explicit login for mail. For the "loginless" view leads to problems in regard to the authentication aspects of login and the accounting aspects, by apparently assuming that the sole purpose of login is to initiate accounting. In RFC 475, the problem is exposed when, after noting that some systems allow access control to be applied to mailboxes, it is asserted that FTP USER command is wrong for access control because you’d then be on the free account and a new FTP FROM
Padlipsky [Page 1]
RFC 491 What Is Free 12 April 1973
command would be right. (Presumably, FROM would be followed by PASS.) Being reasonably familiar with one of the systems which does allow access control on mailboxes, let me point out how it works: permissible "principal identifiers" are placed on the "access control list" of the mailbox, and when the mailbox is referenced by a process the principal identifier of that process must match (expl...