<html>
Since the Internet was invented by Democrat Al Gore :-), I guess the
Republicans want a chance to "reinvent it right". I
wonder if the idea of using end-to-end encryption (IPSEC) occurred to the
national planners cited in the following article?<br><br>
The "creaky, cranky" 20-year old Internet protocols (which were
designed 25 years ago initially) had an answer to wireless security, and
network security in general. Steven Kent,my graduate student
officemate at MIT's Lab for Computer Science, wrote a detailed spec for
end-to-end cryptographic security in TCP/IP in 1976, but was told
strongly not to pursue it. I argued for it as well at several
TCP design meetings, and was told it couldn't be discussed any
further. Nonetheless, several of the TCP features I worked on were
designed explicitly so that end-to-end encryption could be folded in
easily. The idea of a "virtual header" explicitly
separated the minimal cleartext portion of IP+TCP from the part that
could be fully encrypted. And the idea of putting the TCP checksum
in separately from the IP checksum was primarily justified by an
end-to-end argument that included the argument that it should be
transmitted encrypted, so that man-in-the-middle attacks would be
prevented.<br><br>
The creaky, cranky folks like me and the many others involved in that
early design anticipated these problems. But instead of dealing
with them, we now are being told that some very good ideas need to be
thrown out and redesigned by the "private sector" - and likely
with the idea of developing proprietary standards that will enrich them
at the cost of the public goods of innovation, interoperation, and free
communications.<br><br>
Who are the patriots here? Those of us who pointed out the
vulnerability 25 years ago and provided solutions? I guess
not. Because apparently we created "creaky, cranky"
crap. Richard Clarke can kiss my ***. Perhaps it's time
to explain to the press exactly who prevented the deployment of a more
secure Internet, and that we don't need to throw out the Internet design
principles to fix it.<br><br>
- David Reed <br><br>
WHITE HOUSE SOUNDS CALL FOR NEW INTERNET STANDARDS<br>
The Bush administration's cyber security czar, Richard Clarke, said it
might <br>
be time to replace the "creaky, cranky" 20-year-old protocols
that drive the <br>
Internet with standards better able to accommodate a flood of new
wireless <br>
devices. Wireless devices, it is feared, may introduce large security
holes <br>
to the network. The White House is working with the private sector to
draft <br>
a national plan to secure the country's most vital computer networks from
<br>
cyber attack. The plan, expected to be released September 18, will
include <br>
several policy recommendations for wireless security. Clarke stated that
the <br>
administration had an obligation to take an active role in ensuring the
<br>
security of the Internet, especially since nearly 81 percent of major
<br>
businesses today use, or plan to use, wireless networks.<br>
[SOURCE: The Washington Post, AUTHOR: Brian Krebs] <br>
<<a href="http://www.washingtonpost.com/wp-dyn/articles/A22535-2002Jul30.html" eudora="autourl"><font color="#0000FF"><u>http://www.washingtonpost.com/wp-dyn/articles/A22535-2002Jul30.html</a></u></font>><br><br>
</html>