Early hope for consensus through an open process fades amid acrimony, accusations, and an untimely death
When last we looked in on the US government turning authority for domain naming over to a not-yet-created private corporation, in late August , the process seemed to be moving along smoothly. The International Forum on the White Paper  had organized open meetings around the globe whose participants had agreed on a number of principles, but hadn't generated a concrete proposal for forming a "New IANA." A separate and, some argue , equally open process had been going on at IANA -- Jon Postel had been posting drafts of articles of incorporation for the new organization, taking comments, issuing revisions. Postel's third draft embodied many of the IFWP principles but, critics claimed, didn't build enough accountability and transparency into the New IANA.
Also conspicuous by its absence in IANA's process was Network Solutions Inc., the party with the most to lose in the upcoming transition (e.g. $18.6M over the last 30 days ). In early September, at the urging of Ira Magaziner, godfather of the White Paper, IANA and NSI met. By 9/17 their meetings has produced what many took to be a good final consensus draft .
Then things began seriously to fall apart.
Magaziner insisted on one more draft to sew up the consensus. Gordon Cook, in his Cook Report on Internet, charges  that Magaziner was determined to strip NSI of its monopoly cash cow. Time was running out -- a September 30 deadline was looming, the end of NSI's contract with the US government. NSI was unwilling to sign away 80% of its business and planned simply to let the contract expire. NSI accepted a 1-week extension, according to Cook, under unprecedented government pressure.
Then on October 2 Postel surprised everyone by issuing Draft 5 without NSI participation. The clauses from Draft 4 that had offered some protection for NSI's revenue stream -- and had also allowed the future participation of small companies such as Iperdome and Image Online Design -- had been excised from Draft 5. The new organization, when created, was to be called the Internet Corporation for Assigned Numbers and Names -- ICANN. IANA submitted the ICANN proposal to the Commerce Department for official consideration. It included a proposed 9-member interim board of directors  who were to select the final board members.
Reactions to what many perceived as IANA's unilateral abandonment of an open process were largely negative , , , though some observers, such as Gordon Cook, said it was the government which had long since abandoned openness . But Postel continued to enjoy the support of a wide spectrum of the Internet community, especially the technical insiders .
Ira Magaziner accepted IANA's proposal along with two others and opened up a short comment period  ending on 10/13. One alternate proposal  was submitted by IFWP participants who called themselves The Boston Group and claimed to represent the true spirit of the open IFWP process which IANA had abandoned. Here is an analysis  of the three proposals (but considering the IANA-NSI Draft 4, not the one finally submitted).
On 10/16 the head of a Congressional committee sent Magaziner a letter  questioning the process by which IANA's proposal had been birthed and the truncated period allowed for public comment.
And on Friday night, 10/16, Jon Postel died of complications following heart surgery . He was 55. I believe it's safe to say that no-one knows what effect Postel's death will have on a process already polarized and fractal. Here is Dave Crocker's remembrance of Jon Postel ; it's the truest that has come across the wires.
"I chose Netscape because I thought they were right." -- Bork
The landmark antitrust trial against Microsoft, brought by the federal government and attorneys general from 20 states, gets underway Monday 10/19 after three delays and months of legal wrangling . The case has come to trial in a flash in lawyer time but an age in Internet time. Already the issue that sparked the case is passe; the battle is less about browsers and more about which Internet portal you use.
There's not a lot to say after all the buildup; we'll see how it goes. Do peruse the following two links for some perspective on the upcoming trial. Here is Judge Robert Bork's blunt candor on the legal theories at issue  -- you can even hear him growl  -- and here is the ever-thoughtful NY Times on the importance to Microsoft of passing the Slime Test .
Too many bits for key exchange
Netscape has corrected a problem in its browser that the company says technically had put it in violation of the US Commerce Department's regulations governing the export of strong cryptography . Netscape says that Internet Explorer is currently in violation in the same fashion, but Microsoft denies this. Before Netscape's fix in version 4.06, both browsers used 1024-bit encryption for key exchange, while US rules limit this phase to 512 bits. Both companies' browsers were compliant with the more important phase of an SSL session, the actual exchange of encrypted data -- here the regulations limit encryption keys to 40 bits in international versions. This story is being publicized by O'Reilly, whose server product was recently revved  to work with Netscape's 4.06 and later browsers. Thanks to Simon Clement <sclement at nmol dot com>, who runs the O'Reilly website host, for this pointer.
IE (and Netscape) supports data encryption over HTTP using SSL2, PCT1, and SSL3, the latter being most common. The protocol design of SSL2 and PCT1 (which is based on SSL2) does not provide a way to downward-negotiate the (usually RSA) key-exchange algorithm. So in order for export clients to connect to domestic SSL2 and PCT1 servers, the client must allow 1024-bit key exchange.
A rule of thumb when seeeking an export license from the Commerce Department is that it's easy to get export approval for an RSA algorithm using a key length up to 512 bits -- for the key-exchange phase -- bulk data encryption still being limited to 40 bits. Microsoft applied for and was granted export approval for all versions of IE for SSL2, PCT1, and SSL3 using 1024-bit RSA with 40-bit bulk encryption ciphers.
Presumably Netscape did not apply for and is not in possession of similar 1024-bit approvals.
There you go again
The Son of the Communications Decency Act  was slipped into the mammoth $0.5T budget compromise agreed between Congress and the White House , despite President Clinton's avowed preference for technical solutions (read: censorware) to address the too-easy access by kids to unsavory matter on the Net. Clinton was purring happily over the concessions he had wrung from Congress and probably barely noticed a little unconstitutional detail like CDA-II. The ACLU, along with the Electronic Privacy Information Center and the EFF, have been preparing a lawsuit and could file it as soon as next week . So far CDA-II has barely appeared on the radar screen of the larger Internet community, but that will change.
The problems arising from US-European privacy differences may not all arrive at once
TBTF for 1998-03-09  noted the looming threat to online commerce posed by the US-European impedence mismatch on the question of personal privacy. The new EU Data Protection Directive comes into effect on October 25 and requires member countries to implement laws forbidding the transfer of personally identifiable data to countries with less stringent privacy rules -- such as the US.
Peter Swire, an Ohio State University professor of law and co-author of None of Your Business [26a], a new book on the European directive, said the new rules could spark a trade war: "The European hope was that the US would pass a law to comply with the directive. That's not going to happen anytime soon" .
But to date only Italy, Finland, and Greece have implemented laws in keeping with the directive. Several more states are expected to do so in time to meet the 10/25 deadline, but Austria, France, the UK, Ireland, and Luxembourg will not introduce national rules for at least another couple of months , reducing the risk of an immediate data embargo.
A quick fix for a nasty bug
The privacy bug, reported in last week's TBTF , allowed an end run around Internet Explorer's file-system protections on Intel machines. A bad guy could snatch any file from a victim's disk for which he knew or could guess the name and location. Microsoft has now issued a patch  for the bug, which it calls "Untrusted Scripted Paste."
Amazon tries Germany, England
The giant German publisher Bertelsmann was in the news after it bought a 50% stake in Barnesnandoble.com , vaulting it instantly to the rank of Amazon's primary competitor. Almost immediately Amazon counterattacked on Bertelsmann's home turf  by opening amazon.de and amazon.co.uk. Few industry watchers doubt that Amazon will have a tough slog in Europe, where the Bertelsmann brand is gilt and Amazon "means nothing to nobody," according to a Forrester analyst.
A Bertelsmann-Amazon deal nearly happened
The Bertelsmann deal almost got made with Amazon itself, the Wall Street Journal claims  (subscription required). The CEOs for the two companies met several times to discuss a deal, but the talks broke down over price. The WSJ also reports that Bertelsmann is waiting in the wings to snatch up a combined N2K-CDnow venture  if that deal goes through.
Wal-Mart sues Amazon and others
The giant meatspace retailer has its own cyberspace presence , and it has just served notice that it doesn't want to see Amazon.com around these parts. The chain filed suit  in Arkansas claiming that Amazon.com, Kleiner Perkins, and Drugstore.com hired away Wal-Mart employees in order to steal Wal-Mart's trade secrets. Amazon.com and Drugstore.com have hired about 15 former Wal-Mart employees, beginning with Amazon's CIO, a former manager in Wal-Mart's IS division, who joined the bookseller in September 1997.
Meet the Chandler Circle and other mysteries of geomancy
My local newspaper has a feature that invites readers to write with questions and runs two or three answers a day. Typically the questions involve the fate of some naval vessel on which the questioner served, or the history of the building where the writer's grandmother was born. Yesterday's column  answered the question "How many North Poles are there?" I would have said two, but am delighted to report to you on the five North Poles.
South Poles ditto, of course.
TBTF home and archive at http://tbtf.com/ . To subscribe send the the message "subscribe" to firstname.lastname@example.org. TBTF is Copy- right 1994-1998 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Commercial use prohibited. For non-commercial purposes please forward, post, and link as you see fit. _______________________________________________ Keith Dawson dawson dot tbtf at gmail dot com Layer of ash separates morning and evening milk.
include ("../inc/foot-ar") ?>