IAHC domain-naming plan advances as opposition mounts
Also on 4/8 the New York Internet company PGP Media (no relation to PGP, Inc.) filed a restraint-of-trade lawsuit  against Network Solutions, the current monopoly issuer of global TLDs. PGP media has set up an registry called "name.space" under the renegade Extended Domain Naming System plan (see TBTF for 1997-03-09 ).
And on 4/14 NSI launched a campaign against the IAHC plan , . Under the IAHC proposal NSI would lose its monopoly control over .com, .org, and .net when its contract with the U.S. government expires in 1998. NSI has released two drafts on the way to its own plan for gTLDs. A draft dated 4/10 called for the FCC to assert interim control over the Internet; this idea was dropped, possibly as a result of public outcry according to Declan McCullagh. The 4/15 draft is quite similar to the eDNS proposal ; in fact the head of NSI and the chief proponent of eDNS were both quoted as saying they hoped to come up with a combined proposal soon.
In what may be the most worrisome development for the future of Net self-regulation, both the White House and the OECD have convened task forces to look at issues of Internet naming and numbering . The OECD is expected to declare domain names an issue of critical importance to member countries and to urge that governments set a framework in this area.
In another late development, c|net on 4/23 carries news [6c] that the National Science Foundation has made an abrupt exit from the domain-name fray, catching the White House by surprise. The NSF offered strong encouragement to the IAHC plan at the expense of the rival plans of NSI and eDNS.
Asked to comment on these developments, IAHC member Dave Crocker <dcrocker at brandenburg dot com> said:
"There's a lot of over-interpretation going on concerning the recent public comments by various agencies. Keep watching the [IAHC] signatories page It's the best indicator of continuing acceptance."
ODBC security hole opened in MS Office 97
The Trace facility in ODBC 3.0 (the Open Database Connectivity API), augmented for the release of Microsoft Office 97, now reportedly permits anyone who walks up to a logged-in computer running Windows 95 to see a record of all ODBC database accesses from that machine, including users' names and passwords in clear text . (The recipe is Start, Settings, Control Panel, ODBC, Trace.) The problem was brought to light by Dan Gordon, a consultant working with an unnamed manufacturing company in the northwestern U.S. Gordon called the new feature "a massive, monstrous security hole" and claims that ODBC passwords can even be captured from another machine over the network. Microsoft's initial response was cautious ; at this writing (two days after the first press reports) there is nothing on their security site about this problem, and a search of the MS Knowledge Base for "ODBC 3.0 Trace" turns up only a single unrelated article.
AOL's version of Internet Explorer still not fixed
News  of security problems with MSIE is nearly two months old, and the availability of Microsoft's fixed version, 3.02, is not much younger. But the roughly 200,000 America Online members who use a browser derived from MSIE 3.0 still do not have a fix . As of 4/11 an AOL spokesman said the company was testing a fixed version.
RPK: a public-key cryptosystem from New Zealand
Last December a new contender emerged in the international business of encryption. RPK is a New Zealand-based company with a presence in Silicon Valley. For several years it has been working on a cryptosystem based on some of the same mathematics that underlies Diffie-Hellman key distribution (discrete exponentiation over multiple finite fields). The technology is believed by its developers to be unencumbered by existing patents; and RPK has applied (two years since) for patents both in New Zealand and internationally. See  for a high-level introduction to the RPK cryptosystem.  summarizes its main distinguishing characteristics and  intro-duces its technical concepts. RPK is said to be speedy compared to established methods such as RSA and to be particularly well suited for implementing in silicon. The cryptosystem is believed to offer security equivalent to that of other modern systems. While RPK's strength cannot be directly compared with that of RSA -- any comparison based on key lengths is especially misleading -- the company offers some guidelines  to gauge how computationally difficult the system might be to crack.
Its developers acknowledge that RPK has not been examined or tested to nearly the same degree as other systems such as RSA. To expand RPK's base of trustworthiness the company is offering an ongoing "SafeCracker Challenge"  in which interested parties are given 60 days to extract either a secret message or the secret key with which it was encoded, for a prize of $3,000.
DigiCash  announced that the largest banks in Norway and Austria, Den norske Bank and Bank Austria, have decided to issue e-cash . Deutsche Bank and Advance Bank of Australia are now in the final implementation stages, and banks in the U.S. and Finland have fully operational programs that will convert e-cash to and from the local legal tender.
The much-delayed SET spec for online commerce by credit card, championed by Visa and MasterCard, will be delayed a further six weeks ; version 1 is now scheduled for release on May 30. Confusion reigned after Steve Mott, a MasterCard vice president, disclosed the delay, because he seemed to have said that SET v1.0 when it emerges will be cryptographically vendor-neutral, abandoning the required use of RSA encryption. Later accounts  clarified that he had been talking about plans for v2.0 of the SET spec, which will be opened up to allow other cryptosystems, for example RPK (see above) or Certicom's ECC , . Mott did say that MasterCard has experimented with using non-RSA encryption in SET. The push for vendor-neutral encryption arises from performance concerns with the RSA algorithm, especially in computationally challenged environments such as smart cards.
IBM for one won't wait for the final spec. On 4/9 the company announced  version 2 of its Net.Commerce server for shipment on May 30, with what IBM calls the first commercial implementation of SET built in -- though clearly it cannot now be the final spec.
Jack Rickard on AOL's death spiral
I recommend Mr. Rickard's editorial  in the March Boardwatch magazine. It covers a lot of ground, including one of the more sensible proposals I've read on how xDSL broadband technologies can spread rapidly and succeed -- implemented by ISPs, and emphatically not by telephone companies. Mr. Rickard also presents a closely reasoned essay on why, in his view, America Online is now doomed to sink from sight, dragging a fair chuck of the Internet's infrastructure down with it. A sample:
During his keynote address at Sun's JavaOne conference earlier this month, CEO Scott McNealy invited an expert, Fred McLain, to demonstrate how Microsoft's ActiveX technology could be abused. McLain downloaded a signed ActiveX control that then took over his machine and rifled its files for personal financial information. The point of course was to highlight the security advantages of Java technology. The recent focus on Microsoft security issues all but guaranteed that the exploit would get ink in the press and attention in the newsgroups. The fact that you can make an ActiveX control behave so badly is hardly news. What makes the story interesting is that Sun paid McLain to develop the malicious control  -- a considerable escalation in a marketing battle that was already near the level of a barroom brawl. Microsoft emerged with dignity, Sun less so, in my opinion.
You're in a miasma of twisty paranoias, all alike
Netsurfer Digest (1997-04-13) carried this convoluted if cautionary tale:
The friendliest comet this century is receding now, harder to see night by night in the light of the waxing moon but still visible on a clear night anywhere outside of a major city. Two days ago astronomers reported a third tail to Hale Bopp, this one composed of pure sodium and extending at an angle to the other two tails (one of dust and one of gas), straight as a geometer's line.
SPRINGTIME FOR COMET HALE-BOPP. Now past its prime in the dusk
sky, Hale-Bopp was first spotted two years ago as far away as
seven astronomical units, allowing astronomers to observe the
thawing process at an earlier stage than is usual for comet
watches. This in turn permitted the detection of trace species
not before seen on comets, such as SO2 and H2CS. What else do
we know? First of all, the size of the comet nucleus is esti-
mated to be 27-42 km, at least three times bigger than that of
Comet Halley. Of the cometary products vaporized on the inward
trip toward the sun, the chief gases are H2O, CO, and CO2,
which seem to be the main constituents of interstellar ice as
well. Dust jets are rich in crystalline olivine, and dust
production in general was more than 100 times stronger than
with Halley at comparable distances. Variations in the vented
jet activity will be used to determine Hale-Bopp's rotation
rate. Chemical composition suggests that the comet comes from
the Oort Cloud rather than the Kuiper Belt.
After studying polarized light coming to Earth from 160 galaxies, some as distant as 7 billion light years, physicists John Ralston and Borge Nodland claim that the universe isn't the same in all directions. Their paper will be published today in the journal Physical Review Letters. You can glean insight into this result from Nodland's page  "A Peek into the Crystal Ball of an Anisotropic Universe"; it's rather dense technically for those not conversant with astrophysics and cosmology. (The New York Times site on Friday featured a masterful example of science journalism on the subject but the article appears not to be available any longer.)
The effect manifests itself by rotating the polarization plane of radiation coming from some directions more than others. It's as if the universe has a grain like a block of wood. The effect acts in some ways like the "spin" of an elementary particle; it's as if the universe has a rotation axis. From Earth the preferred direction, the hooks and hingles of the world, falls on a line between the constellations Sextans and Aquila.
Ah well, at least I got a durn fine TBTF title out of it.
A new navigation aid, TBTF Threads, has made its debut -- see <http://www.tbtf.com/threads.html>. Threads features eleven topics which have each been covered in three or more issues of TBTF, linked in a graphically consistent style.
E.Commerce Today -- this commercial publication provided background information for some of the pieces in this issue of TBTF. For complete subscription details see <../resource/E.CT.txt>.
RISKS -- read the newsgroup comp.risks or mail email@example.com without subject and with message: subscribe . Archive at <http://catless.ncl.ac.uk/Risks/>.
NetSurfer Digest -- mail firstname.lastname@example.org without subject and with message:subscribe nsdigest-html . Web home at <http://www.netsurf.com/>.
AIP Physics Update -- mail email@example.com without subject and with message: add physnews . Searchable archive at <http://newton.ex.ac.uk/aip/>.
TBTF home and archive at <http://www.tbtf.com/>. To subscribe send the message "subscribe" to firstname.lastname@example.org. TBTF is Copyright 1994-1997 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com- mercial use prohibited. For non-commercial purposes please forward, post, and link as you see fit. _______________________________________________ Keith Dawson dawson dot tbtf at gmail dot com Layer of ash separates morning and evening milk.