(A Javascript-enabled browser is required to email me.)
TBTF logo

TBTF for 1997-12-08: Prometheus suspected of arson

Keith Dawson (dawson dot tbtf at gmail dot com )
Mon, 8 Dec 1997 10:51:37 -0400


McAfee buys PGP, Inc.

Phil Zimmermann sells out to a key recovery company. What next, Prometheus suspected of arson?

Last Monday the news broke [1] that security software pioneer PGP, Inc. was being acquired by McAfee Associates, a company mostly known for its anti-virus products. McAfee was just completing a $1.3B merger with Network General, which specializes in network management products, with the merged entity called Network Associates (NASDAQ: NETA [2]).

Immediately a backlash [3] began against Phil Zimmermann, PGP hero and winner of the Norbert Weiner award. McAfee, as it turns out, was a member of the Key Recovery Alliance [4]; and Zimmermann was the man who once testified before the Senate that key recovery could "strengthen the hand of a police state."

Hiawatha Bray's column in the Boston Globe on 12/4 [5] quoted PGP's chief scientist, Jon Callas:

[Callas] said yesterday that he would find the person at Network Associates who was responsible for the firm's membership in the Key Recovery Alliance, and persuade this person that the firm should resign. "That's my task for today," Callas said.
When I read this on Thursday morning I wished Callas luck, but held out little hope. But it has come to pass [6]. Network Associates resigned from the Key Recovery Alliance on Friday 12/5.

[1] http://www.news.com/News/Item/Textonly/0%2c25%2c16903%2c00.html?pfv
[2] http://www.dbc.com/cgi-bin/htx.exe/squote?source=blq/cnet&ticker=NETA
[3] http://www.wired.com/news/news/politics/story/8906.html
[4] http://www.kra.org/
[5] http://www.boston.com/dailyglobe/globehtml/340/Encryption_hero...
[6] http://www.pgp.com/newsroom/na-kra.cgi


Is FBI director Louis Freeh on the way out?

Encryption policy is only one of the areas in which Freeh rankles White House

The lawman that every privacy advocate and first-amendment booster loves to hate may be on his way out. Freeh has been at odds with White House views on a number of issues, and on 12/4 the presidential press secretary sent him in public a less-than-subtly-encrypted signal that he may not have the full confidence of the president [7] (edited soundbites here [8] -- 736K wav file). Freeh's outspoken stance against efforts in Congress to liberalize crypto export have been at odds with the administration's policy, as publicly articulated by White House aide Ira Magaziner and Vice President Al Gore. But not to overstress the importance of this technical issue in the world of Washington politics, let it be noted that Freeh's most recent sin was to favor the appointment of a special prosecutor to investigate campaign fundraising by the President and Vice President. Attorney General Janet Reno decided against such an appointment on 12/2. Thanks to Gregory Alan Bolcer <gbolcer at gambetta dot ics dot uci dot edu> for tipping this story.

[7] http://allpolitics.com/1997/12/04/mccurry/
[8] http://allpolitics.com/1997/12/04/mccurry/mccurry.wav


Microsoft releases Internet Explorer 4.01

It fixes bugs, it provides accessibility, it munches disk

The 4.01 upgrade [9] reportedly fixes all of the IE 4.0 security bugs, and in addition returns to IE some of the features for people with disabilities that had been present in 3.0 but didn't make it back into 4.0 [10]. News.com reports [11] that many users are unhappy with the size of the download, which comes in three flavors: 13, 16, or 25 MB. Once installed these packages eat disk to the tune of 56, 72, and 98 MB. Another unhappy constituency is the Windows NT 4.0 Server population [12] -- these users are required to download Internet Explorer 4.01 before they are able to access upgraded Option Pack components. Coming as it did in the week of Microsoft's date with a judge on antitrust charges [15], this cross-product requirement placed on NT 4.0 users had to be a bit embarassing for the company. Asked about this unfortunate confluence, vice president Steve Ballmer said: "We just don't need any more drumbeating where people are wondering whether we are these Machiavellian über thinkers who can plan out this weirdness." Try to remain calm, Steve.

[9] http://www.microsoft.com/ie/ie40/download/
[10] http://www.tbtf.com/archive/1997-10-20.html#s02
[11] http://www.news.com/News/Item/Textonly/0%2c25%2c16932%2c00.html?pfv
[12] http://www.news.com/News/Item/Textonly/0%2c25%2c17058%2c00.html?pfv


Microsoft invites Java developers, then cancels

Didn't they know in November about Internet World?

Late last month Microsoft invited 100 key "Java influentials" to come to Redmond, all expenses paid, to hear the company's spin on the future of Java technology. (Microsoft had convened a similar gathering a year ago.) The confab was scheduled for 12/5 and 12/6. Two days before its opening Microsoft abruptly canceled the arrangements [13], [14]. The company claimed that too many invitees were complaining of schedule conflicts with the Internet World show opening the following week in New York. The president of the Java Lobby, Rick Ross, said, "I wonder whether this is a signal that Microsoft themselves are in some disarray about their handling of Java. It certainly doesn't look very organized." One invitee wondered whether the coincidental timing of a hearing in federal court [15] might have been a factor in the cancellation.

[13] http://www.infoworld.com/cgi-bin/displayStory.pl?97123.ecancel.htm
[14] http://www.zdnet.com/intweek/daily/971204f.html
[15] http://www8.zdnet.com/pcweek/news/1201/05edoj.html


Threads Businesses based on domain names
See also TBTF for
2000-07-20, 04-19, 1999-12-16, 08-30, 07-08, 02-01, 1998-08-10, 04-20, 02-23, 02-09, 1997-12-08, more...

English court rules against domain-name hoarders

No, you can't hold buckinghampalace.co.uk

The business of Internet domain-name homesteading may be at an end in England. Two men who registered names such as "burgerking.co.uk" and "spice-girls.net" were ordered by a British court [16] to pay £ 60,000 in legal fees and to hand over the domain names. The court found in favor of five companies, including British Telecom and Ladbrokes, who had brought the action. The judge said: "Any person who deliberately registers a domain name on account of its similarity to the name, brand name, or trademark of an unconnected commercial organization must expect to find himself on the receiving end of an injunction".

[16] http://news.bbc.co.uk/hi/english/sci/tech/newsid%5F35000/35458.stm


First level of Certicom Challenge falls

The first shot is fired in an elliptic-curve challenge

Certicom is a maker of elliptic-curve encryption software. ECC algorithms are drawing considerable interest and study because they hold out the possibility of offering security comparable to the RSA algorithms using smaller keys, therefore requiring less computation. This possibility is not yet considered verified by most of the mathematics and cryptosystems research community.

The assumption that ECC encryption can use smaller keys is the assumption that no subexponential-time solution exists for the mathematical problem (the elliptic curve discrete logarithm problem) on which ECC is based. The only solution to ECDLP known to exist takes fully exponential time. In contrast, both of the other well-studied mathematical problems that underlie modern cryptosystems -- the integer factorization problem (e.g., RSA) and the discrete logarithm problem (e.g., Diffie-Hellman) -- have solutions that require only subexponential time.

In order to gain exposure and to jumpstart the expert scrutiny that ECC will need if it is to be widely trusted, Certicom is sponsoring a crypto crack contest (they call it a challenge) [17]. The challenge comes in three parts: a series of "warmup exercises" followed by Level 1 and Level 2 problems [18]. A total of $625,000 in prize money is offered.

Yesterday Robery Harley <Robert.Harley at inria dot fr> announced [19] that he and Wayne Baisley had cracked one of two first-level warmup exercises, a 79-bit problem [20] designated ECCp-79. At this writing he has had no reply and the Certicom status page [21] has not been updated, so it is possible (but unlikely) that Harley's claim will prove not to be the first. If it is, he will receive as a prize a copy of the Handbook of Applied Cryptography (though somehow I suspect he's already read it) and a Maple V encryption package from Certicom.

Certicom estimates the difficulty of the warmup exercises thus:

Using a network of 3000 computers, it is expected that the 79-bit exercise could be solved in a matter of hours, the 89-bit in a matter of days, and the 97-bit in a matter of weeks.
Harley and Baisley applied 6 computers to ECCp-79 and solved it in a bit under 10 days, which would have amounted to less than half an hour had they had 3000 machines to throw at the problem.

Harley takes the opportunity presented by his winning claim [19] to tweak Certicom for their membership in the Key Recovery Alliance [22]. If the company replies to him substantively on this point, I'll post their response on the TBTF archive.

[17] http://www.certicom.com/chal/index.htm
[18] http://www.certicom.com/chal/ch4.htm
[19] http://www.tbtf.com/resource/certicom2.html
[20] http://www.certicom.com/chal/curves.htm
[21] http://www.certicom.com/chal/ch_52.htm
[22] http://www.kra.org/roster.html


E-money: a reality check

An anchor to windward for some of the more high-flying e-pundits

Writing in Salon, Scott Rosenberg pours sand into the vision of a friction-free economy [23]. His piece, though too dismissive of the power of Net technology to transform industries, does add some needed detail to the Economist's argument outlined in TBTF for 1997-05-22 [24]. The various forms of micropayments and electronic cash are in their infancy, while online consumers have embraced a payment system with which they're already familiar: credit cards. Rosenberg quotes Elinor Harris Solomon's book "Virtual Money" to illuminate where the real e-money is in the US economy (figures are from 1995).

               trillions of   trillions
      medium   transactions   of dollars
  ----------   ------------   ----------
        cash       550          2.2

      checks        62           73

  electronic        19          544
[23] http://www.salon1999.com/21st/feature/1997/10/cov_30emoney.html
[24] http://www.tbtf.com/archive/1997-05-22.html#s05


Followup: the TBTF Exclusionary Sites Hall of Shame

Yes, the Star Trek site is as unfriendly as reported. Here are two others that don't welcome Netscape

TBTF for 1997-11-24 [25] reported a Star Trek site [26] carried on the Microsoft Network that welcomes only visitors running IE on Windows. A number of people wrote with elaborations and results from other platforms, and I posted an emendation softening the claims in the original article. Now that all the facts are in I'm convinced that the site behaves as badly as first described.

Here are some other MSIE-only sites that readers wrote in about.

The Microsoft Gaming Zone [27] tells you this when you visit using Navigator.

We're sorry. For technincal reasons, the Zone doesn't yet support Navigator 3.0 or higher. We're working to add this support and we apologize for the inconvenience. If you think this message was sent to you in error, please report it to the Zone as a bug.In the meantime, we invite you to download Microsoft Internet Explorer for free.
The English supermarket chain Tesco offers an Internet Shopping page [28] that says this to a Netscape browser.
The Tesco Internet Superstore uses the latest Internet Technologies. We Have detected that the browser you are using does not support either ActiveX controls or VBScript. Both of these technologies are required to use the Internet Superstore.

[25] http://www.tbtf.com/archive/1997-11-24.html#s11
[26] http://startrek.msn.com/
[27] http://www.zone.com/
[28] http://www.tesco.co.uk/superstore/tis.asp


Bobby Approved

Essential Tools: Bobby

How accessible are your Web pages to people with limited sight?

This tool [29], from CAST (the Center for Applied Special Technology), tells you about obstacles your Web site may be presenting to visitors using text-to-speech screen readers. I assumed TBTF's pages to be fairly accessible, but a visit to Bobby gave me some tips to improve them. For example, did you know it's a good idea to separate links with something more than whitespace, else screen readers can get confused about which text goes with which link? Once the service rates your page 4 stars or better you can download and affix the "Bobby Approved" logo [30].

Bobby also offers an unusually comprehensive suite of HTML compliance tools. You can check your pages against W3C HTML 2.0 or 3.2, four flavors of Netscape Navigator, two of Internet Explorer, four of AOL's browser, three of Lynx, and even WebTV 1.0. Bobby informed me about irregularities inside TBTF's META tags, a detail far below the notice of most other verifiers.

Finally, source code for Bobby is offered freely. You can download the Perl source [31] and run your own copy of Bobby locally on any Unix computer. CAST is working on a Java version.

I learned about this TBTF Essential Tool for Website Development [32] from David Weinberger's <self at evident dot com> Journal of the Hyperlinked Organization [33], a new corporate-focused newsletter with plenty of attitude. Weinberger notes that JOHO's tone is humorous, sometimes even on purpose. Check it out.

[29] http://www.cast.org/bobby/
[30] http://www.cast.org/bobby/images/approved.gif
[31] http://www.cast.org/bobby/getsource.html
[32] http://www.tbtf.com/essential-tools.html
[33] http://www.hyperorg.com/


bul I'll be at Internet World in New York from 12/10 to 12/12. If you're at the show, drop by the Sitara Networks booth (#135) and look me up. Sitara's new Web site has launched [34]; it offers a free download of the beta SpeedSeeker client software for Windows 95 or NT. SpeedSeeker lets you view Sitara-enabled Web sites an average of three times faster, with enhanced reliability. At the show we'll be announcing some of the SpeedServer beta sites.

[34] http://www.sitara.net/


bul For a complete list of TBTF's (mostly email) sources, see http://www.tbtf.com/sources.html.

TBTF home and archive at http://www.tbtf.com/ . To subscribe send
the message "subscribe" to tbtf-request@world.std.com. TBTF is
Copyright 1994-1997 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com-
mercial use prohibited. For non-commercial purposes please forward,
post, and link as you see fit.
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.

space ______


Copyright © 1994-2017 by Keith Dawson. Commercial use prohibited. May be excerpted, mailed, posted, or linked for non-commercial purposes.