(A Javascript-enabled browser is required to email me.)
TBTF logo

TBTF for 1997-03-01:
Small beer

Keith Dawson (dawson dot tbtf at gmail dot com)
Sat, 1 Mar 1997 22:02:54 -0500


Contents


The registry promoting ".web" sues IANA and IAHC

On Thursday Image Online Design, Inc., filed a lawsuit alleging breach of contract against the Internet Assigned Numbers Authority and the ad-hoc committee created by the IANA to rework the way domain names are assigned. You can read coverage of the suit at News.com [1] or browse the text of the suit itself on IOD's site [2]. IOD has been running a registry for names ending in .web under authority granted by the IANA. The company claims that a verbal agreement with the IANA to award it permanent proprietorship of .web was breached when the International Ad Hoc Committee promulgated its final recommendations [3]. Under the IAHC plan, .web would be placed in a lottery along with the six other new top-level domains.

[1] <http://www.news.com/News/Item/0%2C4%2C8375%2C00.html>
[2] <http://www.iodesign.com/complaint.html>
[3] <http://www.tbtf.com/archive/1997-02-11.html#s01>

______

More crypto export licenses, and more protest

In mid-February Open Market became the fourth company to receive an encryption export license under the new U.S. export rules -- this one for 128-bit crypto with no key-recovery requirement [4]. Because the encryption is strictly for securing financial data, Open Market qualifies for a special license whose terms don't require key recovery or key escrow.

The next day IBM was granted an export license for 56-bit encryption technology [5].

At the same time, 16 business and trade organizations sent a letter to President Clinton decrying the administration's crypto policy, according to the News.com story [4]. "By promoting the fact that businesses are signing up, [the government] implies that the business community is embracing this, and that's not what's happening," one of the signers reportedly said. I was unable to find any trace of this letter on the pages of any of the organizations named, however; a dozen search engines likewise came up blank. (Didn't try Beachcomber though...)

[4] <http://www.news.com/News/Item/0%2C4%2C7925%2C00.html>
[5] <http://www.news.com/News/Item/0%2C4%2C7961%2C00.html>

______

48-bit challenge is broken in 13 days

A group effort calling itself the Distributed Internet Crack has broken [6] the second of RSA's crypto challenges [7] in just over 13 days using more than 5000 machines across the Internet. The group was organized by Germano Caronni <caronni at tik dot ee dot ethz dot ch> from Switzerland. They have arranged to donate the prize money to Project Gutenberg [8], the longest-running effort to digitize out-of-copyright world literature, which has made available over 750 Etexts to date.

[6] <http://www.cstp.umkc.edu/personal/bhugh/dicinfo.html>
[7] <http://www.rsa.com/rsalabs/97challenge/>
[8] <http://promo.net/pg/>

______

The state of encryption regulation outside the U.S.

The Cryptography list has recently hosted discussions of the rules regulating crypto outside the U.S. This bulletin from the front summarizes the interpretations and opinions of the list members; I can't vouch for its legal accuracy. Many of the discussions concern the Wassenaar Arrangement, named after the Dutch suburb of Den Haag where it was crafted. Wassenaar's wording was based on that of the earlier COCOM, which was the West's embargo of high technology to the Eastern block. Wassenaar's intent is to stall technology exports from relatively more advanced countries to less advanced ones that would tend to upgrade the level of the recipient country in a particular area of weapons (or dual-use) technology. The agreement has now been signed by 33 countries, including Bulgaria, South Korea, and Turkey.

The best summary of international crypto regulation continues to be Bert-Jaap Koops's <E.J.Koops at kub dot nl> Crypto Law Survey [9], which includes information on the Wassenaar Arrangement.

[9] <http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm>

one Government access to keys

When referring to government schemes for key escrow or key recovery, online activists and members of the crypto community tend, with studied inelegance, to employ the term "GAK." Government officials in the European Union prefer "TTP," trusted third parties. France already has GAK regulations (as the U.S. does). The EU employs a crypto-politics coordinator, an Englishman named David Herson -- his role sounds analogous to that of Aaron Burns in the U.S. [10]. You can read a September 1996 interview with Herson here [11]. He reflects Europe's comparitively more relaxed attitude toward privacy when he says, "The private citizen doesn't need crypto -- that's been proved." But the OECD at its recent meeting refused to recommend a GAK policy [12].

[10] <http://www.tbtf.com/archive/1997-01-29.html#s04>
[11] <http://www.ingenioeren.dk/redaktion/herson.htm>
[12] <http://www.oecd.org/news_and_events/release/nw96119a.htm>

two United Kingdom

Mike Cobb <mikec at cobweb dot co dot uk> tried to find out if he would need a license to export his KeyRing file-encryption and password-tracking program from the UK. The letter [13] he eventually got from the Department of Trade and Industry seems to point out a loophole in Wassenaar, whose derivative wording predates modern electronic media. The regulations state:

> The control of technology transfer in the Strategic Goods List
> is limited to tangible forms.
This clause, written in the 1940s for COCOM, was intended to allow people's brains to cross borders. It now has the effect of allowing the free Internet posting of material that, if tangible (e.g. on a floppy disk), would require an export license -- in those Wassenaar countries lacking explicit contrary laws. A U.S. poster summarized:
> In the UK, a person could legally put up a piece of crypto
> software on an anonymous FTP site, but it would be illegal to
> print out the software and send it internationally via the
> post. In the US, I can print out source code and mail it
> internationally without worry, but if I put it on an unre-
> stricted ftp server, they'll try me and put me in jail.

[13] <http://www.tbtf.com/resource/UK-crypto.html>

three Germany

According to a recent report by Hannes Krill in the 1997-02-22 issue of Sueddeutsche Zeitung, a high-ranking official of the Bavarian Home Department, Mr. Regensburger, has urged the Federal Minister for Domestic Affairs to establish a crypto regulation act requiring mandatory deposition of secret keys with law-enforcement authorities.

four Sweden

A Swedish newspaper story [14] (this URL is in Swedish) describes the "terrorizing bureaucracy" that has resulted from Sweden's implementing an ITAR-like law after signing Wassenaar. A sub-department of Sweden's Foreign Office oversees export requests, calling as needed on the help of the local equivalent of the NSA. An official at this export directorate is quoted as saying that only a handful of EU member states unambiguously qualify under Wassenaar to import Swedish strong crypto: England, France, Holland, Sweden, and Germany. Several posters to the Cryptography list disputed this official's interpretation, citing an exemption in the Swedish ITAR for cryptographic items that are "publicly available." Some opined that the "intangible" loophole in Wassenaar applies to Sweden as well. Opinion on the list was that the story is an example of bluff and bluster by local bureaucrats with a fu
y grasp of their own laws. On the whole the Swedes can't seem to make up their minds about GAK; their crypto ambassador said an article in Dagens Nyheter [15] (again in Swedish):

> Who believes that the terrorists and the mafia will deposit any
> keys?

[14] <http://www.et.se/datateknik/arkiv/97-02/5.html>
[15] <http://www.dn.se/DNet/departments/12/content/dnit/dnitv2/kryptering.html>

five Japan

One Cryptography poster claimed that the Japanese Ministry of Justice, playing the emotional anti-terrorism card, is pushing hard for a sweeping new wiretapping and electronic eavesdropping statute. Another pointed out that any such law in Japan would require a constitutional amendment given the unambiguous privacy protection lodged in their constitution (Article 21, paragraph 2): "No censorship shall be maintained, nor shall the secrecy of any means of communication be violated."

______

Views on digital cash

Michael Froomkin and Tim May will share a stage in San Francisco next month to explore the implications of digital cash. You can preview drafts of their presentations for the Computers, Freedom, and Privacy Conference (CFP'97) on Froomkin's site [16], [17].

[16] <http://www.law.miami.edu/~froomkin/articles/cfp97.htm>
[17] <http://www.law.miami.edu/~froomkin/articles/tcmay.htm>

______

Faster Web coming

To improve Web performance we can get fatter pipes or we can send fewer and/or skinnier packets. The World-Wide Web Consortium conducted tests to estimate what levels of Web performance improvement we might expect to see when HTTP 1.1 [18] is widely supported by Web servers. The HTTP 1.1 performance-enhancing features include persistent connections, pipelining, and transport compression, and it is on these features that the W3C study concentrated. The results [19]:
> For all our tests, a pipelined HTTP/1.1 implementation out-
> performed HTTP/1.0... under all network environments. The
> savings were at least a factor of two, and sometimes as much
> as a factor of ten, in terms of packets transmitted. Elapsed
> time improvement is less dramatic, and strongly depends on...
> network connection.

The group also examined (in less detail) the speed improvements that CSS1 cascading style sheets [20] and PNG graphics [21] could effect. Style sheets were used here mainly to replace .gif images with more compact representations, and the W3C group found to their surprise that this technique could add up to large bandwidth savings.

[18] <http://ds.internic.net/rfc/rfc2068.txt>
[19] <http://www.w3.org/pub/WWW/Protocols/HTTP/Performance/Pipeline.html>
[20] <http://www.w3.org/pub/WWW/TR/REC-CSS1/>
[21] <http://www.w3.org/pub/WWW/TR/REC-png.html>

______

A middling smart online marketing tactic

I received a solicitation from did-it.com, a New Jersey outfit offering a free service -- the Did-It Detective [22] -- that checks whether your page is listed in 10 major search engines and emails you the results. The reason I received the offer is that the TBTF site contains a link to NetCreations [23], a site that did-it.com considers a competitor. Another business did-it.com is in, perhaps its main one, is compiling and selling lists of people who wish to receive targeted advertising via email. Each user of the free search-engine-check service receives an advertisement for this list service along with the answer to his/her query.

Now this tactic is clever, and in my view not particularly sleazy. The offer didn't trigger my anti-marketing radar the way a common spam does. The developers of did-it.com have done some online research using one of the search engines to find links to their competition. They have then gone to the trouble of finding email reply addresses for the sites thus located to build their mailing list. Their solicitation offers enticements for me to place a link to did-it.com on my site alongside the NetCreations link.

They could have done two things better: send me an individual letter instead of a mass mailing; and vet their email for the telltale non-Ascii evidence of its MS Word origins.

[22] <http://www.did-it.com/det-try.htm>
[23] <http://www.netcreations.com/>

______

Latency slows your modem

In the latest TidBITS Stuart Cheshire <cheshire at cs dot stanford dot edu> presents an easy-to-take tutorial [24] on how a communications device's throughput is affected by the latency built into certain of its operations. In the case of the modem, its heritage as a carrier of mostly text-based signals matches up particularly poorly with the requirements of a PPP connection:
> Modems were originally designed with remote terminal access in
> mind. They were meant to take characters -- typed by a user on
> one end and transmitted by a mainframe on the other -- and group
> them into little blocks to send. The only indication that a user
> had finished typing (or that the mainframe had finished respond-
> ing) was a pause in the data stream. No one told the modem when
> no more characters would be coming for a while, so it had to
> guess. This is no longer the case. Most people use modems to
> connect to the Internet, not old mainframes, and Internet traf-
> fic is made up of discrete packets, not a continuous stream of
> characters.

Cheshire describes some steps we can take to cut modem latency in half, and outlines a simple feature -- not present in most modems today -- that if implemented would cut the latency by a factor of five.

[24] <http://www.tidbits.com/tb-issues/TidBITS-367.html#lnk4>

______

Followups

one More on the ActiveX / Quicken demo

TBTF for 1997-02-11 [25]

Felix von Leitner <leitner at math dot fu-berlin dot de>, a member of the Chaos Computer Club, sent clarifications to Glen McCready's 0xdeadbeef mailing list, which had carried a story about the CCC's ActiveX / Quicken hack. I've placed von Leitner's note [26] on the TBTF archive by permission.

[25] <http://www.tbtf.com/archive/1997-02-11.html>
[26] <http://www.tbtf.com/resource/felix.html>

two Omniview gets an investor

TBTF for 1996-08-08 [27], 1997-01-21 [28]

Omniview, the inventor of the PhotoBubble technology profiled in TBTF for 1996-08-08 [27], has received an investment from Discovery Communications, home of the Discovery Channel and its online incarnation [29]. The amount invested was not disclosed but was reported to be multiple millions of dollars. PhotoBubbles are electronic spherical photographs produced by special software from two hemispherical views captured with conventional camera equipment. Discovery used the technology when it explored the remains of the Titanic last fall.

[27] <http://www.tbtf.com/archive/1996-08-08.html>
[28] <http://www.tbtf.com/archive/1997-01-21.html>
[29] <http://www.discovery.com/>

______

The Beachcomber search engine

Tired of wading through thousand of irrelevant hits from your Web searches? Try the Beachcomber search engine [30]: it returns only a few hits and guarantees 100 percent accuracy every time. Uh-huh, yeh right. Don Steinberg <dons at home dot cynet dot net> is the twisted intelligence behind the site. See if you can figure out how he achieves the top page's freeform layout before you resort to View Source. Oh, and you'll need to turn on JavaScript or the Submit button won't work.

[30] <http://www.cnet.com/Content/Voices/Steinberg/021297/index.html>


Notes

bul Today's TBTF title is an English expression dating from (at latest) 1604 in its meaning of "trivial occupations; matters or persons of little or no consequence": [Shakespeare, Othello II.i.161] To suckle Fooles, and chronicle small Beere. You can follow this link if you have an account with the OED Online: <http://www.oed.com/cgi-bin/oedp?query=small+beer&dictcolor=color&colnum=1&qregion=Headword+as+Word&format=Regular+Display&dtext1=oed>

bul TBTF's Web home has moved to a new ISP host and has a new look and two new features (most of the reason why this issue is late). I hope you didn't experience too much instability while the changeover was in progress over the last 10 days. The new look incorporates handy page footers for navigation and a more consistent color scheme. Nothing too radical. For navigation there is a topical index (current through 1996, to be updated quarterly); see <http://www.tbtf.com/blog-archive/index.html>. And at long last a search engine, this one based on Glimpse technology, provides access to TBTF's archived articles and other resources at <http://www.tbtf.com/search.html>.

bul Re: topical index -- the tool that did the meatiest part of this job is HTML Grinder and its Auto Indexer wheel or plug-in. See <http://www.matterform.com/>. The Grinder is a Macintosh-only site-maintenance tool that comes with some 20 other wheels that I haven't had a chance to exercise much yet. It has matured considerably since I first tried it in 1995 and is now well worth a look if you run a Web site from a Mac.

bul A number of you took the time to comment on the new look of TBTF's email edition, thanks. As luck would have it, half of the comments bemoaned the loss of the Ascii-art lips. I'll take that as popular demand; the lips will reside at <http://www.tbtf.com/resource/the-lips.html> in perpetuity. But not on the TBTF masthead. Oh, and the wrapped URLs are history: URLs will appear from this day forward in full RFC-1738 regalia. Don't know what got into me there.

bul On 2/24 the San Jose Mercury News published an article called Spinoffs of Valley's famed name surge that links the Siliconia page <http://www.tbtf.com/siliconia.html> and quotes me on the subject of the boom in Silicon Elsewhere appelations. See the article at <http://www.sjmercury.com/news/local/silicon022397.htm>. Siliconia enjoyed nearly 400 visitors that day and has been running far above historical levels since; few if any of the Siliconia visitors seem to have become subscribers, however.

bul I'll be attending CFP'97 (the Computers, Freedom, and Privacy conference) in Burlingame, CA March 11-14. If any of you are planning to attend, drop me a line -- perhaps we can work up a TBTF birds-of-a-feather session.


Sources

bul For a complete list of TBTF's (mostly email) sources, see <http://www.tbtf.com/sources.html>.

bul E.Commerce Today -- this commercial publication provided background information for some of the pieces in this issue of TBTF. For complete subscription details see <../resource/E.CT.txt>.

bul Cryptography -- mail majordomo@c2.net without subject and with message: subscribe cryptography [ your@email.address ] .

bul TidBITS -- mail listserv@ricevm1.rice.edu with no subject and with message: subscribe TidBITS Your Name . Web home at <http://www.ctidbits.com>. Web archive at <http://www.tidbits.com/tb-issues/default.html>.


TBTF home and archive at <http://www.tbtf.com/>. To subscribe
send the message "subscribe" to tbtf-request@world.std.com. TBTF is
Copyright 1994-1997 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com-
mercial use prohibited. For non-commercial purposes please forward,
post, and link as you see fit.
_______________________________________________
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.

______