Phil Zimmermann sells out to a key recovery company. What next, Prometheus suspected of arson?
Last Monday the news broke  that security software pioneer PGP, Inc. was being acquired by McAfee Associates, a company mostly known for its anti-virus products. McAfee was just completing a $1.3B merger with Network General, which specializes in network management products, with the merged entity called Network Associates (NASDAQ: NETA ).
Immediately a backlash  began against Phil Zimmermann, PGP hero and winner of the Norbert Weiner award. McAfee, as it turns out, was a member of the Key Recovery Alliance ; and Zimmermann was the man who once testified before the Senate that key recovery could "strengthen the hand of a police state."
Hiawatha Bray's column in the Boston Globe on 12/4  quoted PGP's chief scientist, Jon Callas:
Encryption policy is only one of the areas in which Freeh rankles White House
The lawman that every privacy advocate and first-amendment booster loves to hate may be on his way out. Freeh has been at odds with White House views on a number of issues, and on 12/4 the presidential press secretary sent him in public a less-than-subtly-encrypted signal that he may not have the full confidence of the president  (edited soundbites here  -- 736K wav file). Freeh's outspoken stance against efforts in Congress to liberalize crypto export have been at odds with the administration's policy, as publicly articulated by White House aide Ira Magaziner and Vice President Al Gore. But not to overstress the importance of this technical issue in the world of Washington politics, let it be noted that Freeh's most recent sin was to favor the appointment of a special prosecutor to investigate campaign fundraising by the President and Vice President. Attorney General Janet Reno decided against such an appointment on 12/2. Thanks to Gregory Alan Bolcer <gbolcer at gambetta dot ics dot uci dot edu> for tipping this story.
It fixes bugs, it provides accessibility, it munches disk
The 4.01 upgrade  reportedly fixes all of the IE 4.0 security bugs, and in addition returns to IE some of the features for people with disabilities that had been present in 3.0 but didn't make it back into 4.0 . News.com reports  that many users are unhappy with the size of the download, which comes in three flavors: 13, 16, or 25 MB. Once installed these packages eat disk to the tune of 56, 72, and 98 MB. Another unhappy constituency is the Windows NT 4.0 Server population  -- these users are required to download Internet Explorer 4.01 before they are able to access upgraded Option Pack components. Coming as it did in the week of Microsoft's date with a judge on antitrust charges , this cross-product requirement placed on NT 4.0 users had to be a bit embarassing for the company. Asked about this unfortunate confluence, vice president Steve Ballmer said: "We just don't need any more drumbeating where people are wondering whether we are these Machiavellian über thinkers who can plan out this weirdness." Try to remain calm, Steve.
Didn't they know in November about Internet World?
Late last month Microsoft invited 100 key "Java influentials" to come to Redmond, all expenses paid, to hear the company's spin on the future of Java technology. (Microsoft had convened a similar gathering a year ago.) The confab was scheduled for 12/5 and 12/6. Two days before its opening Microsoft abruptly canceled the arrangements , . The company claimed that too many invitees were complaining of schedule conflicts with the Internet World show opening the following week in New York. The president of the Java Lobby, Rick Ross, said, "I wonder whether this is a signal that Microsoft themselves are in some disarray about their handling of Java. It certainly doesn't look very organized." One invitee wondered whether the coincidental timing of a hearing in federal court  might have been a factor in the cancellation.
No, you can't hold buckinghampalace.co.uk
The business of Internet domain-name homesteading may be at an end in England. Two men who registered names such as "burgerking.co.uk" and "spice-girls.net" were ordered by a British court  to pay £ 60,000 in legal fees and to hand over the domain names. The court found in favor of five companies, including British Telecom and Ladbrokes, who had brought the action. The judge said: "Any person who deliberately registers a domain name on account of its similarity to the name, brand name, or trademark of an unconnected commercial organization must expect to find himself on the receiving end of an injunction".
The first shot is fired in an elliptic-curve challenge
Certicom is a maker of elliptic-curve encryption software. ECC algorithms are drawing considerable interest and study because they hold out the possibility of offering security comparable to the RSA algorithms using smaller keys, therefore requiring less computation. This possibility is not yet considered verified by most of the mathematics and cryptosystems research community.
The assumption that ECC encryption can use smaller keys is the assumption that no subexponential-time solution exists for the mathematical problem (the elliptic curve discrete logarithm problem) on which ECC is based. The only solution to ECDLP known to exist takes fully exponential time. In contrast, both of the other well-studied mathematical problems that underlie modern cryptosystems -- the integer factorization problem (e.g., RSA) and the discrete logarithm problem (e.g., Diffie-Hellman) -- have solutions that require only subexponential time.
In order to gain exposure and to jumpstart the expert scrutiny that ECC will need if it is to be widely trusted, Certicom is sponsoring a crypto crack contest (they call it a challenge) . The challenge comes in three parts: a series of "warmup exercises" followed by Level 1 and Level 2 problems . A total of $625,000 in prize money is offered.
Yesterday Robery Harley <Robert.Harley at inria dot fr> announced  that he and Wayne Baisley had cracked one of two first-level warmup exercises, a 79-bit problem  designated ECCp-79. At this writing he has had no reply and the Certicom status page  has not been updated, so it is possible (but unlikely) that Harley's claim will prove not to be the first. If it is, he will receive as a prize a copy of the Handbook of Applied Cryptography (though somehow I suspect he's already read it) and a Maple V encryption package from Certicom.
Certicom estimates the difficulty of the warmup exercises thus:
Harley takes the opportunity presented by his winning claim  to tweak Certicom for their membership in the Key Recovery Alliance . If the company replies to him substantively on this point, I'll post their response on the TBTF archive.
An anchor to windward for some of the more high-flying e-pundits
Writing in Salon, Scott Rosenberg pours sand into the vision of a friction-free economy . His piece, though too dismissive of the power of Net technology to transform industries, does add some needed detail to the Economist's argument outlined in TBTF for 1997-05-22 . The various forms of micropayments and electronic cash are in their infancy, while online consumers have embraced a payment system with which they're already familiar: credit cards. Rosenberg quotes Elinor Harris Solomon's book "Virtual Money" to illuminate where the real e-money is in the US economy (figures are from 1995).
trillions of trillions medium transactions of dollars ---------- ------------ ---------- cash 550 2.2 checks 62 73 electronic 19 544 transfer http://www.salon1999.com/21st/feature/1997/10/cov_30emoney.html
Yes, the Star Trek site is as unfriendly as reported. Here are two others that don't welcome Netscape
TBTF for 1997-11-24  reported a Star Trek site  carried on the Microsoft Network that welcomes only visitors running IE on Windows. A number of people wrote with elaborations and results from other platforms, and I posted an emendation softening the claims in the original article. Now that all the facts are in I'm convinced that the site behaves as badly as first described.
Here are some other MSIE-only sites that readers wrote in about.
The Microsoft Gaming Zone  tells you this when you visit using Navigator.
How accessible are your Web pages to people with limited sight?
This tool , from CAST (the Center for Applied Special Technology), tells you about obstacles your Web site may be presenting to visitors using text-to-speech screen readers. I assumed TBTF's pages to be fairly accessible, but a visit to Bobby gave me some tips to improve them. For example, did you know it's a good idea to separate links with something more than whitespace, else screen readers can get confused about which text goes with which link? Once the service rates your page 4 stars or better you can download and affix the "Bobby Approved" logo .
Bobby also offers an unusually comprehensive suite of HTML compliance tools. You can check your pages against W3C HTML 2.0 or 3.2, four flavors of Netscape Navigator, two of Internet Explorer, four of AOL's browser, three of Lynx, and even WebTV 1.0. Bobby informed me about irregularities inside TBTF's META tags, a detail far below the notice of most other verifiers.
Finally, source code for Bobby is offered freely. You can download the Perl source  and run your own copy of Bobby locally on any Unix computer. CAST is working on a Java version.
I learned about this TBTF Essential Tool for Website Development  from David Weinberger's <self at evident dot com> Journal of the Hyperlinked Organization , a new corporate-focused newsletter with plenty of attitude. Weinberger notes that JOHO's tone is humorous, sometimes even on purpose. Check it out.
TBTF home and archive at http://www.tbtf.com/ . To subscribe send the message "subscribe" to email@example.com. TBTF is Copyright 1994-1997 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com- mercial use prohibited. For non-commercial purposes please forward, post, and link as you see fit. _______________________________________________ Keith Dawson dawson dot tbtf at gmail dot com Layer of ash separates morning and evening milk.