Copy Link
Add to Bookmark
Report
SURFPUNK Technical Journal 079
Date: Wed, 14 Apr 93 15:51:29 PDT
Reply-To: <surfpunk@osc.versant.com>
Return-Path: <cocot@osc.versant.com>
Message-ID: <surfpunk-0079@SURFPUNK.Technical.Journal>
Mime-Version: 1.0
Content-Type: text/plain
From: surfpunk@osc.versant.com (Ernqvat guvf FHESCHAX vzcyvrf hfref pbafrag gb fhpu zbavgbevat)
To: surfpunk@osc.versant.com (SURFPUNK Technical Journal)
Subject: [surfpunk-0079] USCONGRESS: Vinton G. Cerf Speaks
# You may have seen this already; I don't know where it's been. It seems
# like this information shows up in comp.risks every once in a while, but
# it's nice to have handy, anyway.
#
# Mike Mitten - gnome@pd.org
________________________________________________________________________
________________________________________________________________________
Written Testimony of
Dr. Vinton G. Cerf
Vice President
Corporation for National Research Initiatives
and
President
Internet Society
US House of Representatives
Committee on Science, Space and Technology
Subcommittee on Technology, Environment and Aviation
March 23, 1993
Corporation for National Research Initiatives
1895 Preston White Drive, Suite 100
Reston, VA 22091
+1 703-620-8990
+1 703-620-0913
National Information Infrastructure
INTRODUCTION
Mr. Chairman, distinguished members of the subcommittee
and guests, my name is Vinton G. Cerf and I am Vice
President of the non-profit Corporation for National Research
Initiatives (CNRI). I also have the honor to serve as President of
the Internet Society (ISOC), which is a professional society of
individuals who are users, developers or operators of the
Internet. My remarks today are personal in nature, but they
are colored by my past and present professional experiences
which form the backdrop against which my opinions and ob-
servations have evolved.
I worked on the ARPANET project while a graduate student at
UCLA in the early 1970s, helping to develop the protocols used
to support communication between the computers (hosts) on
the network. The highly successful ARPANET experience with
packet switching technology led to additional satellite, mobile
radio and local area packet networks, developed under
Advanced Research Projects Agency (ARPA) sponsorship and,
in the case of Ethernet, at the Palo Alto Research Center of the
Xerox Corporation. Dr. Robert Kahn, now the president of
CNRI, initiated an ARPA internetting research program to ex-
plore techniques to connect different packet networks in such
a way that the host computers did not have to know anything
about the intermediate networks linking them together. Dr.
Kahn and I developed the idea of gateways and wrote the first
specification for the basic TCP/IP protocols now used in the
Internet.
The idea behind Internet was the seamless linking of many
different kinds of packet switched networks. I came to ARPA in
1976 to manage the Internetting research program and by the
time I left ARPA in 1982, the TCP/IP protocols were widely
used and the Department of Defense had declared them stan-
dards for military use. The Internet has blossomed in the sub-
sequent 10 years, particularly after the National Science
Foundation (NSF) introduced the NSFNet as part of the
Internet in the mid-1980s. In 1982, there were about 100
computers on the ARPANET and a few score others were part
of the NSF-sponsored CSNET which also used the Telenet
public data network. In 1993 there are over 1.5 million of
them. The system links over 10,000 networks in roughly 50
countries. Although it is not known for certain how many
users there are, we believe there are well over 5 million. The
system is tied into most public and many private electronic
messaging services and this expands the population able to
exchange email to some 15 million. They include business
people, academics, government workers, scientists, engineers,
librarians, schoolteachers, astronomers, oceanographers, biol-
ogists, historians, reporters, attorneys, homemakers, and sec-
ondary school students .
The system is doubling annually in users, networks, hosts and
traffic. In some parts of the Internet, such as the NSFNet
backbone, traffic growth rates as high as 15% per month have
been measured. Internet is growing faster than any other
telecommunications systems ever built, including the tele-
phone network. Today, over half of the networks registered are
associated with business users. Of course, these rates of
growth cannot continue indefinitely, but there is reason to ex-
pect that the user population will exceed 100M by 1998.
Perhaps even more important, this federal investment in re-
search has created new industries revolving at first around the
hardware and software of Internet technology, and more re-
cently, around network and information services supported by
the Internet. The new businesses (such as Sun Microsystems,
3COM and Cisco Systems) have highly positive international
trade balances and phenomenal growth, commensurate with
the rapid growth of the Internet itself. The growth rate is ex-
tremely strong in Europe, South America and the Pacific Rim
creating major export markets for the US firms offering
Internet products and services.
In 1975, operational management of the ARPANET was trans-
ferred to the Defense Communication Agency (now the Defense
Information Systems Agency - DISA). In the mid-80s, the
National Science Foundation (NSF), the Department of Energy
(DOE), and the National Aeronautics and Space
Administration (NASA) joined in supporting the evolution of
the Internet and developing and applying its technologies. In
addition to developing their own networks (that became inte-
gral components of the Internet), these agencies participated
in the development and standardization of the Internet proto-
cols (TCP/IP Protocol Suite) and provided support to the sec-
retariats of the Internet Architecture Board (IAB) and Internet
Engineering and Research Task Forces (IETF and IRTF). This
included support for the Internet Assigned Number Authority
(IANA), document editor (RFC Editor), and Network
Information Centers which provide information and assistance
to users and deal with Internet network address assignments.
ARPA, NSF, DISA, DOE and NASA now make up part of the
Federal Networking Council which continues to oversee the
development of networks used in government-sponsored re-
search and education.
Formed at the beginning of 1992, the non-profit, professional
membership Internet Society provides an institutional frame-
work for carrying out a variety of activities intended to foster
the continued growth, evolution and application of the
Internet. Included in this undertaking is the responsibility for
the technical standards used in the Internet. Along with mem-
bers of the Federal Networking Council, the Internet Society
supports the IETF Secretariat. It sponsors conferences and
workshops on the Internet and its technology, is establishing
liaison relationships with the International Telecommunication
Union (ITU) and Organization for International Standardization
(ISO), works with various United Nations agencies (e.g. UN
Development Program) to encourage the acquisition and use of
Internet facilities in technologically-emerging countries, and
participates in efforts to extend Internet services from univer-
sity and research library communities to secondary school
systems.
The Internet Society does not operate any of the thousands of
networks that make up the Internet, but it assists service
providers by providing information to prospective users and
involves product developers and researchers in the evolution of
Internet technical standards. Corporate and individual, pro-
fessional support for this organization is widespread and in-
ternational in scope.
High Performance Computing and Communication
The High Performance Computing Act was signed into law late
in 1991. The original impetus for this legislation came from
then-Senator and now-Vice President Gore whose vision of
information superhighways limned the potential of a comput-
ing and communications infrastructure which would permeate
and stimulate the government, business and private sectors of
the US economy. The promise of a vast new economic engine
equal to or larger than the engine sparked by the National
Highway Act of 1956 was a powerful incentive for this bill and
lies at the heart of the motivation for creating a new National
Information Infrastructure.
One of the key elements of the HPC initiative is its National
Research and Education Network (NREN) program. Designed
to extend the performance envelope of networking into billion
bit per second (gigabit) territory and to extend the scope of
access to a larger segment of the research and education
communities, the effort spawned a major research program on
gigabit networking. ARPA and NSF jointly funded an effort, or-
ganized by the Corporation for National Research Initiatives, to
establish multiple gigabit testbeds across the United States.
The program is highly leveraged, involving major contributions
from the computing and communications industries as well as
several of the national laboratories and major research uni-
versities .
An important focus of the gigabit testbed program is to dis-
cover by experimentation which technologies and applications
are likely to form the core of the high performance communi-
cation systems of the future. The deep involvement of industry
is intended, in part, to assure that the results take into ac-
count the plans and capabilities of the private sector. Such
partnerships among government, industry and academic insti-
tutions form a bedrock upon which new national infrastruc-
ture can be founded.
The vision of the NREN component of the HPC effort begins
with the existing US component of the global Internet. Under
the NREN program, key parts of the US Internet have been
extended to operate at 45 million bits per second (in particular
the NSFNet) and procurement of higher speed services by DOE
and NASA is in progress. The gigabit testbed program is en-
abling the early availability of very high speed network tech-
nology and the results of the program will help to determine
the architecture and technology of even higher capacity ser-
vices. The NSFNet initiative, which began in 1986, has also led
to the creation of dozens of new Internet service providers, in-
cluding a number of for-profit networks offering unrestricted
Internet service to all who desire it.
Another fundamental motivation for the high performance
networking component of HPC is the intense investment by the
principal interexchange and local exchange telecommunica-
tions carriers in the US in the use of optical fiber in their net-
works. Capable of supporting operation in the billions of bits
per second, the optical networks form the strands from which
a national gigabit fabric can be woven. Investments by local
exchange carriers and cable companies to increase the capac-
ity of the lines reaching business and residential customers
make it possible to envision a time when very high capacity
services can be supported on an end-to-end basis.
The far-sighted vision of the HPC effort, together with the ex-
plosive growth of the Internet and basic communications fa-
cilities resulting from private sector initiatives, have set the
stage for a dramatic new step in the evolution and convergence
of computing and communication: the creation of a National
Information Infrastructure.
INFRASTRUCTURE
Information Infrastructure is the Rcommon groundS on which
computer-based products and services depend to achieve
commonality and interoperability. Included in infrastructure
are technical standards and the organizations and procedures
through which they are developed; communication services
and the physical, human and organizational resources needed
to deploy, maintain and operate them; legal and regulatory
frameworks which encourage cooperative development of pre-
competitive technology, foster the protection of computer-ac-
cessible intellectual property, the protection of privacy, and
support the conduct of electronic commerce; widely available
computer software for many hardware and operating system
platforms establishing ubiquitous and interoperable comput-
ing environments in which applications can be embedded.
Infrastructure supplies the raw material out of which limitless
applications may be constructed.
Some of the characteristics which mark elements of infrastruc-
ture include: ubiquity, expandable capacity, simplicity of use,
applicability to many uses and broad affordability. A function-
ing information infrastructure will lower technical and eco-
nomic barriers to the introduction of computer-based products
and services. It will simplify the discovery and ordering of
products and services as well as billing for their use or acqui-
sition. It will also facilitate the day-to-day operation of busi-
nesses, government, education, health care and all the myriad
activities that rely increasingly on the use of computer and
communication technology to accomplish their objectives.
Infrastructure has an enabling character. The highway system
enabled the suburban housing boom and convenient, door to
door delivery of goods. Of course, it also stimulated the auto-
mobile industry and travel. The power generation and distri-
bution system enabled the facile application of fractional
horsepower motors and a vast array of other electrical appli-
ances wherever they were needed.
Infrastructure development is almost always preceded by criti-
cal inventions which motivate the need for the infrastructure.
The light bulb preceded and motivated the need for power gen-
eration and distribution. The invention of the internal com-
bustion engine and its application in automobiles motivated
the need for better roads, service stations, gasoline refining
and distribution. Once the roads were in place, their ubiquity
and easy accessibility stimulated the production of a vast ar-
ray of different vehicles, all designed to conform to certain
common constraints (size, height, weight) so as to be usable on
most of the roads in the system.
The computer is the automobile of the information infrastruc-
ture. Laptops are the sports cars; desktops are the sedans;
supercomputers are the formula 1 racing engines; and gigantic
mainframe data storagesystems are the 18 wheelers. The local
access networks form the neighborhood streets; high capacity
computer networks are the superhighways; and circuit, cell
and packet switching systems form the complex interchanges.
Just as vehicles on the road can be filled with an endless
variety of people and products performing a multitude of
services, software applications fill the empty computing vessels
to create the new products and services of the information
infrastructure. Communication protocols and standards form
the rules of the road. When traffic jams and accidents occur,
we call on emergency services to assist. The same may prove
true for the information infrastructure when viruses infect the
system or other software and/or hardware failures occur; we
will need comparable emergency assistance to restore critical
services and functions.
The Electronic Frontier Foundation speaks of computers and
computer networking as a frontier in cyberspace. This is an
interesting and apt analogy, given the relative immaturity of
both technologies. Despite the apparent sophistication of to-
dayUs computers, networks and software, their application has
barely scratched the surface of the latent possibilities. The no-
tion of frontier raises images of boundaries and limits. But cy-
berspace is a virtual place. It is created out of software, mak-
ing cyberspace an endlessly expandable environment.
Information is, itself, an infinitely renewable resource to be
harvested, shaped, applied and recycled. The products and
services which can be built atop the computer and communi-
cation infrastructure simply have no logical limits. It is this
ceaselessly changing, growing, transmuting information re-
source which will fuel the economic engine of the information
infrastructure.
INFORMATION INFRASTRUCTURE FORMATION
The technical challenges to be overcome in creating a national
information infrastructure may only be overshadowed by some
of the legal and policy problems. Taking the easier ones, first,
it should be apparent that standards for the exchange of a va-
riety of types of information (data) are essential. The value of
infrastructure is that providers of two services which must in-
terwork do not have to make bilateral agreements with every
partner if appropriate technical standards are developed which
enable such interworking. In the case of program (software)
interworking, common representations of shared information
must be agreed upon so that software developers can be
reasonably assured that, if they follow the protocols, their
application programs will interwork with each other.
A variety of high and low-level standards are needed for
representation of digital documents; information retrieval
queries and responses;remote program interactions; financial
or other commercial transactions; privacy, integrity and
authenticity preservation; and a plethora of application-
specific standards for information interchange. These
representations need to include the capability for a wide range
of media, including sound and pictures. There are a number of
representations available for encoding these various media,
but there is not yet widespread agreement on a common set.
Consequently, we are still some distance away from a workable
information infrastructure.
The applications that can be supported on a suitable
information infrastructure are limited only by imagination and
creativity. Examples include health care support (e.g., patient
information, prescription databases, digitized X-Rays and MRI
scans), remote consultation); education (classrooms without
walls, using the information infrastructure to receive
instruction, explore digital libraries and work with distant
partners), manufacturing, provision of government
information, and support for electronic commerce (e.g., order
entry, electronic or physical delivery of products, electronic
payments, product specifications).
An important element of Internet growth is the typical pricing
strategy of service providers: flat rates based on the bandwidth
of the lines used to access the Internet. Unlike some
commercial email and other public data network service
providers, Internet service providers have not charged by the
Rpacket.S Many believe that this policy has had a major,
positive effect on the growth of the network because users had
little uncertainty with respect to annual costs for use of the
system.
ANECDOTES FROM THE 21ST CENTURY
Those of us who have lived with the Internet since its inception
have been living in what will be common in the next century.
In preparation for this testimony, I sent a brief message out on
the Internet to hundreds of thousands of people who make
daily use of the network. I asked them to offer their thoughts
on points they considered important to make. Within hours, I
had thousands of responses, not just from domestic sources
but from all over the world. Without the infrastructure of the
Internet, such a question would not have been worth asking
since the answers would have taken far too long to receive,
and I could not have applied available computer cycles to sort
and sift the resulting responses. My correspondents were al-
most uniformly enthusiastic about the prospects for national
and global information infrastructure. The following were some
of the points they made:
o The Internet Society newsletter is created by correspondents
all over the globe who email their stories to the editors in
Los Angeles, California and Reston, Virginia. The whole
process takes places over a few days, with all the editing
taking place on-line. Each issue is available on-line within
minutes of completion through a variety of information
services on the Internet.
o A professor at the University of Southern Louisiana offered
to teach a class on Internet use through email on the
Internet. 15,000 people applied to take the class! This is
distance-learning with clout!!
o A blind student of Shakespeare asked on the net, where
can I get on-line copies of the plays, itUs the only convenient
way for me to read them. He uses a text-to-speech and
text-to-Braille device. He got back many pointers to on-line
archives around the world.
o When President Clinton and Vice President Gore were visit-
ing Silicon Graphics in CaliforniaUs Silicon Valley, the audio
and video of the speeches were packetized and multicast
on the Internet to hundreds of participating sites. This is an
example of the nascent potential in combining all forms of
communication in computer-mediated form.
o Internet Talk Radio recently made the front page of the New
York Times - it is another example of the convergence of
digital computer communications and mass media.
o When I needed information about the Spratley Islands, I
just turned to the CIA World Fact Book made available on
the Internet by the University of Minnesota.
o A technical problem arose with an application running on
an Apple Macintosh. The user sent an email message to
several distribution lists and news groups and got back
helpful responses, some in minutes, from France, Germany,
Italy, Australia, India, Singapore, Canada, England,
Norway, United States, Finland, ... well, you get the idea.
Cyberspace has common interest groups that transcend
national boundaries.
o The city of Wellington, New Zealand, has a computer on the
Internet. It has placed there a wide range of information of
interest to potential visitors and tourists, local residents,
and Internet explorers. There is strong historical evidence
that the rich personal interactions that take place on the
Internet contribute to a marked increase in face-to-face
meetings requiring travel, so the local government is to be
commended for its foresight.
IMPORTANT THINGS THE US GOVERNMENT CAN DO
Offered below is a representative set of comments and sugges-
tions received over the course of a few days from the Internet
community. Because of its source, it has an obvious Internet
bias to it, but despite that, I think these ideas are worthy of
serious consideration.
1. Invest in the development of pre-competitive software and
technology which is made available to industry for competitive
productizing. Historically, universities have developed sample
implementations of new Internet software which is then used
as the basis for product and service development in industry.
Occasionally, industry will sponsor development of freely
available software which can be readily distributed throughout
the network, creating a kind of mini-infrastructure on which
more elaborate, for-profit products and services may be based.
In both cases, new businesses are often created to service the
market created.
2. Foster and facilitate the development of technical informa-
tion standards through cooperative efforts among industry,
academia and government. The procedures of the Internet
Engineering Task Force are a model for expeditious and
effective development because the standards must be im-
plemented by multiple parties and shown to interoperate be-
fore they are eligible for standardization.
3. Revisit COCOM and US-specific policy on the application,
use, and export of the RSA and DES cryptographic technology.
Present policies inhibit the creation of particular aspects of
global information infrastructure and, in some cases, US
companies are placed at a severe disadvantage relative to
competitors. These technologies are key elements [no pun
intended] in solving problems of intellectual property protec-
tion and management and electronic commerce in an on-line
environment.
4. Adopt the TCP/IP protocols as coequal with the OSI proto-
cols in the US GOSIP specifications (which describe the profile
of protocols that are recommended for use in Government pro-
curements). The TCP/IP protocols are already in wide-spread
use within the government, so this change would merely
acknowledge reality.
5. Move aggressively to support library access to Internet ser-
vices, with particular attention to rural community access.
6. Institute training programs to educate the nationUs sec-
ondary school teachers and support staff on the use of com-
puter and communication technology in the classroom.
Subsidize access where this is necessary. Involve state educa-
tional infrastructure in this effort. Review highly successful
state-level programs as input to national policy development.
7. Stimulate the development of quality software for use in
curricula at all levels. Consider programs to develop pre-pro-
duction software and make it available at no charge, leveraging
the creativity of national laboratories, universities and individ-
uals.
8. Mandate public, on-line availability of government-produced
or sponsored information and allow the private sector to add
value and resell it. For example, the White House is providing
on-line access to unclassified executive orders and text of
speeches by senior administration officials within hours (and
sometimes minutes) of their release.
9. Foster programs to explore and experiment with the use of
information infrastructure to support telecommuting. Not only
as an energy-saving, pollution-reducing step, but a major tool
for implementing the Americans with Disabilities Act provi-
sions. It was noted that home-employment and suburban
satellite offices illustrate that electronic communication infras-
tructure is approaching the importance of the more concrete
(pun intended) traffic highways.
10. Make use of the Internet to harvest information from its
tens of thousands of public databases as an adjunct to intelli-
gence gathering and analysis by various agencies of the federal
government. Make available government unclassified
information and analysis via the Internet as a contribution to
the community (e.g. CIA World Fact Book).
11. Get all branches of the government on electronic mail and
support the ability to exchange email with the public.
12. Encourage the deployment of ISDN services.
13 Foster the development of shared scientific databases and
collaboration tools which can be used to enhance the utility of
research results and provide access to raw as well as analyzed
data to support corroborating research.
14. Make use of the Internet to build bridges among the
scientific, research, academic and educational communities.
15. Link the museums of the world on the Internet.
16. Avoid the unintentional creation of a gap between
information rich and poor. The concern here is that private
sector entrepreneurship may conflict with freedom of access to
public information. Note that the potential gap problem applies
equally as well to individuals and to large and small cor-
porations!
17. Position national policy so that the government need not
subsidize network service providers. Rather, subsidize users,
where this is appropriate. By this means, remove most of the
Appropriate Use Policy dilemmas from consideration at the
network level. It is not technically possible today, using exist-
ing capabilities, to distinguish different classes of traffic at the
network level. [There were a few people who thought the gov-
ernment should build the National Information Infrastructure
but the vast majority who commented on this preferred private
sector service provision, albeit under government policies
which assure ubiquity of service, full interconnection of all
service providers and reasonable costs].
18. Find a way to make advertising permissible and useful in
the National Information Infrastructure.
________________________________________________________________________
Subject: Letter to Congress/RSA + DES
Date: Tue, 13 Apr 93 20:26:01 -0400
Sender: cprince
From: "Vinton G. Cerf" <vcerf@CNRI.Reston.VA.US>
Message-Id: <9304132026.aa01197@IETF.CNRI.Reston.VA.US>
Dr. Vinton G. Cerf
3614 Camelot Drive
Annandale, VA 22003-1302
11 April 1993
The Honorable Timothy Valentine
Committee on Science, Space and Technology
Subcommittee on Technology, Environment and Aviation
House of Representatives
Rayburn House Office Building
Dear Chairman Valentine:
I recently had the honor of testifying before the
Subcommittee on Technology, Environment and Aviation
during which time Representative Rohrabacher (R,
California) made the request that I prepare
correspondence to the committee concerning the
present US policy on the export of hardware and
software implementing the Data Encryption Standard
(DES) and the RSA Public Key encryption algorithm
(RSA).
As you know, the DES was developed by the National
Institute for Standards and Technology (NIST) in the
mid-1970s, based on technology developed by
Internatonal Business Machines (IBM). The details of
the algorithm were made widely available to the
public and considerable opportunity for public
comment on the technology was offered. In the same
general time period, two researchers at Stanford
University (Martin Hellman and Whitfield Diffie)
published a paper describing the possible existence
of mathematical functions which, unlike the
symmetric DES algorithm, could act in a special,
pairwise fashion to support encryption and
decryption. These so-called "public key algorithms"
had the unusual property that one function would
encrypt and the other decrypt -- differing from the
symmetric DES in which a single function performs
both operations. The public key system uses a pair
of keys, one held private and the other made public.
DES uses one key which is kept secret by all parties
using it.
Three researchers at MIT (Rivest, Shamir and
Adelman) discovered an algorithm which met Hellman
and Diffie's criteria. This algorithm is now called
"RSA" in reference to its inventors. The RSA
technology was patented by Stanford and MIT and a
company, Public Key Partners (PKP), created to
manage licensing of the RSA technology. A company
called RSA Data Security, Inc., was also formed,
which licensed the technology from PKP and markets
products to the public based on the technology.
The current policy of the United States places DES
and RSA technology under export control. Because
cryptography falls into the category of munitions,
it is controlled not only by the Commerce Department
but also by the State Department under the terms of
the International Traffic in Arms regulations.
Despite the public development of both of these
technologies and their documented availability
outside the United States over the last 15 years, US
policy has been uniformly restrictive concerning
export licensing.
As the United States and the rest of the world enter
more fully into the Information Age in which digital
communications plays a critical role in the global
infrastructure, the "digital signature" capability
of public key cryptography is a critical necessity
for validating business transactions and for
identifying ownership of intellectual property
expressed in digital electronic forms.
Registration and transfer of intellectual property
rights in works which can be represented in digital
form will be cenral factors in the national and
global information infrastructure. A number of
parties are exploring technical means for carrying
out rights registration and transfer, making use of
public key cryptography as a basic tool.
In addition, there is a great deal of current work
on electronic mail systems which support privacy by
means of encryption and support authenticity by
means of digital signatures. One of these systems,
developed in the Internet environment I mentioned in
my testimony, is called Privacy-enhanced Mail (PEM)
and makes use of DES, RSA and some other special
"hash" functions which are integral to the
production of digital signatures.
For these various systems to be compatible on an
international basis, it would be very helpful for
the cryptographic components to be exportable on a
world-wide basis. A number of vendors make produces
relying on these technologies within the United
States but often find it very difficult to engage in
international commerce owing to the export licensing
required for these technologies. Ironically, the
technology appears to be widely available outside
the US and also outside the COCOM countries, so US
firms face both competition outside the US and
export inhibitions in their attempts to develop
worldwide markets.
There are many valid national security reasons for
limiting the export of cryptographic capabilities,
since these technologies may aid an opponent in time
of war or other conflict. Perhaps just as important,
US intelligence gathering capability can be eroded
by the availability of high grade cryptography on a
worldwide basis. Recently, it has also been alleged
that the world-wide availability of cryptography
would also seriously impede US drug enforcement and
anti-crime efforts. While these reasons seem
sufficient, many have pointed out that the
widespread accessibility to the detailed
specifications of DES and RSA and availability and
existence of software and hardware outside the US
have long since done whatever damage is going to be
done in respect of warfighting, crime or drug
potential. This line of reasoning leads to the
conclusion that our policies only inhibit legitimate
commerce, but have little impact on the other
concerns expressed.
As in all such controversy, there is often some
truth on both sides. The National Institutes of
Standards and Technology (NIST), has offered
alternative digital signature capability. Technical
assessments of the alternative have turned up
weaknesses, in the opinions of some experts. There
is not yet an alternative to DES, unless it is to be
found in NSA's Commercial Crypto Evaluation Program
(CCEP) in which NSA proposes to provide algorithms
which are implemented in hardware by industry and
made available for civilian use. As I understand
this program, NSA does not intend to release any
details of the algorithms, leaving open questions
about the nature and strength of the technology.
Some experts will persist in the belief that such
offerings have weaknesses which are deliberately
built in and hidden (so-called "Trojan Horses")
which will allow the agency to "break" any messages
protected by this means.
The critics complained loudly that the reasoning
behind the design of certain parts of the DES
algorithm (specifically the "S-boxes") was never
made public and therefore that the algorithm was
suspect. In fact, the DES has proven to be very
strong - indeed, it may be that very fact which
makes it so unpalatable in some quarters to permit
its unrestricted export. It may be that the CCEP
technology offered is satisfactory, but this is hard
to tell without knowing more about its provenance.
Presuming the wide availability of both DES and RSA
technology, it seems to me appropriate and timely to
re-examine US export control policy regarding these
two algorithms. In all probability, any such review
will require some classified testimony which will
have to be heard in confidence by cleared members of
your committee. I sincerely hope that the outcome
will be favorable to use by US industry in
international commerce, but even if the outcome
results in continuation of present policy, it is
timely to make such a review, in my opinion.
Sincerely,
Vinton G. Cerf
________________________________________________________________________
________________________________________________________________________
The SURFPUNK Technical Journal is a dangerous multinational hacker zine
originating near BARRNET in the fashionable western arm of the northern
California matrix. Quantum Californians appear in one of two states,
spin surf or spin punk. Undetected, we are both, or might be neither.
________________________________________________________________________
Send postings to <surfpunk@osc.versant.com>, subscription requests
to <surfpunk-request@osc.versant.com>. MIME encouraged.
Xanalogical archive access soon. Call the Helpdesk at 404-894-7173.
________________________________________________________________________
________________________________________________________________________
atdt 8942195
CONNECT 2400
Checking authorization, Please wait...
Welcome to Georgia Tech's TCP Service.
This network system is for the use of authorized users only.
Individuals using this network system without authority, or in
excess of their authority, are subject to having all of their
activities on this system monitored and recorded by system
personnel.
In the course of monitoring individuals improperly using this
system, or during system maintenance, the activities of authorized
users may also be monitored.
Usage of this network implies the user's consent to such monitoring,
The user hereby is advised that if such monitoring reveals possible
evidence of criminal activity, system personnel may provide the
evidence of the monitored activity to law enforcement officials.
To get a menu type Help or ?
If you have any difficulty call the Helpdesk at 894-7173.