(A Javascript-enabled browser is required to email me.)
TBTF logo

TBTF for 1999-05-22: Hush

Keith Dawson (dawson dot tbtf at gmail dot com)
Sat, 22 May 14:02:11 -0400


Contents


HushMail: free Web-based email with bulletproof encryption

Now refugees can email in safety from Internet cafes

Hush Communications has quietly begun beta testing a significant development in email privacy. HushMail [1] works like Hotmail or Rocketmail -- you can set up multiple free accounts and access them from any Web browser anywhere -- but when you email another HushMail user your communication is protected by unbreakable encryption. The crypto, implemented in a downloadable Java applet, was developed outside of US borders and so has no export limitations.

Here are the FAQ [2] and a more technical overview [3] of the HushMail system.

HushMail public and private keys are 1024 bits long, and are stored on a server located in Canada. All information sent between the HushApplet and the HushMail server is encrypted via the Blowfish symmetric 128-bit algorithm. The key to this symmetric pipe is randomly generated each session by the server and is transferred to the client machine over a secure SSL connection. When I posted news of HushMail to the Cryptography list, the moderator questioned the wisdom of storing keys on a remote server, and several posters (none from Hush) have provided the rationale. You can follow the discussion here [4].

When you sign on as a new user you can choose an anonymous account or an identifiable one. For the latter you have to fill out a demographic profile, to make you more attractive (in the aggregate) to HushMail's advertisers. The HushApplet walks you through generating a public-private key-pair. The process is fun and slick as a smelt. You need to come up with a secure pass-phrase, and in this process HushMail gives only minimal guidance. You might want to visit Arnold Reinhold's Diceware page [5], which lays out a foolproof passphrase protocol utilizing a pair of dice.

HushMail relies heavily on Java (JVM 1.1.5 or higher), so it can only be used with the latest browsers. For Netscape, version 4.5 or 4.6 is best; the earliest workable version is 4.04, and some features don't work before 4.07. For Internet Explorer, 4.5 is recommended, but the latest Windows release of IE 4.0 (sub-version 4.72.3110) works as well. Red Hat Linux version 5.2 is also tested and supported. Unfortunately, HushMail does not work on Macintoshes, due to limitations in Apple's Java implementation. (Mac users can crawl HushMail under Connectix Virtual PC. Note that I don't say "run." I've tried this interpretation-under-emulation and do not recommend it.) The company is trying urgently to connect with the right people at Apple to get this situation remedied.

One of the limitations of this early release of HushMail is that encryption can only be used to and from another HushMail account. It is not currently possible to export your public/private key-pair, to set up automatic forwarding of mail sent to a HushMail account, or to import non-Hush public keys. I spoke with Cliff Baltzley, Hush's CEO and chief technical wizard. He stresses that Hush's desire and intention is to move toward interoperability with other players in the crypto world, such as PGP and S/MIME. The obstacles to doing so are the constraints on technical resources (read: offshore crypto programmers) and legal questions of intellectual property. Baltzley believes that HushMail's positive impact on privacy worldwide will be enhanced by maximizing the product's openness.

[1] https://www.hushmail.com/
[2] https://www.hushmail.com/faq.htm
[3] https://www.hushmail.com/tech_description.htm
[4] http://www.mail-archive.com/cryptography@c2.net/index.html
[5] http://world.std.com/~reinhold/diceware.html

___

ICANN increasingly under fire

Diverse critics voice concern about the organization's sewardship of domain names

Complaints are building about the way ICANN, the organization tasked with guiding Internet naming and numbering from government to private oversight, is pursuing its charter. This Telepolis article [6] summarizes some of the concerns. Here are three separate controversies that have arisen in recent days in advance of ICANN's next meeting in Berlin, scheduled for 26 May.

[6] http://www.heise.de/tp/english/inhalt/te/2837/1.html
[7] http://www.interesting-people.org/199905/0044.html
[8] http://wipo2.wipo.int/process/eng/final_report.html
[9] http://www.interesting-people.org/199905/0076.html
[10] http://www.law.miami.edu/~amf/commentary.htm
[11] http://www.interesting-people.org/199905/0073.html
[12] http://tbtf.com/resource/brooks-ccTLD.html

___

Good news and bad news from Europe

bul EU reverses course, won't ban caching

TBTF for 1999-03-26 [13] reported on an EU proposal, backed by music copyright interests, that would have banned caching of Internet data in Europe. On 13 May the EU inserted a critical nine-word amendment into the Report on Copyright in the Information Society that appears to lift the threat of imminent European Internet molasses. The amendment reads: "...including those which facilitate effective functioning of transmission systems..." [14].

[13] http://tbtf.com/archive/1999-03-26.html#s02
[14] http://www.theregister.co.uk/990521-000016.html

bul EU passes mandatory Net wiretap regulation

TBTF for 1999-05-08 [15] noted the European movement towards a US CALEA-style requirement. With little scrutiny and in a nearly empty chamber on a Friday afternoon, the European Parliament passed a regulation that would require European ISPs to provide full real-time access to law enforcement for Internet, telephony, and wireless traffic, with the cost to be borne by ISPs and other communications carriers [16].

[15] http://tbtf.com/archive/1999-05-08.html#s01
[16] http://www.europemedia.com/emeu/18_May_1999.shtml

space ______

Canada will not regulate the Net

The civilization to the north shows us how it should be done

The minister of the Canadian Radio-television and Telecommunications Commission, equivalent to the US FCC, announced that CRTC will not regulate new media over the Internet [17]. Francoise Bertrand's message was so sensible and straightforward as to make grown men weep in such benighted backwaters as the US, Australia [18], and the European Union. "By not regulating, we hope to support the growth of new media services in Canada," said Bertrand. "Our message is clear. We are not regulating any portion of the Internet."

[17] http://www.crtc.gc.ca/ENG/NEWS/RELEASES/1999/R990517e.htm
[18] http://tbtf.com/archive/1999-05-08.html#s04

space ______

Domain-name competition? Not yet

NSI still claims ownership of the Whois database, and acts like it

Esther Dyson is the chair of ICANN, the entity chartered with moving control of Internet naming and numbering out from under the purview of the US government. Dave Winer interviewed her by email [19] and here is what she has to say about competition in the granting of domain names.

We haven't created competition for NSI in toto, but for the service of registering domain names -- i.e. its registrar business. NSI still maintains the database (the registry), but does so under a price cap (which may be further reduced in negotiations between NSI and the Department of Commerce).
The reality is that four weeks after the competition starting gun fired, none of the five companies participating in the first phase of ICANN's process is yet selling names in competition with NSI [20]. Some are still negotiating with NSI over the terms of their agreements. A particular sticking point is NSI's requirement that each new registrar take out $100,000 of liability insurance, payable to NSI under what one company described as "very liberal" terms. The chairman of the Internet Council of Registrars said, "NSI has taken all the liability that has previously existed for the registry and passed it back to the registrars."

Here is an interview [21] with the CEO of another of the new registrars, Register.com. He is all understated discretion.

Meanwhile the Justice Department is expanding its two-year antitrust probe into NSI [22], looking in particular at its recent stewardship of the Whois database [23].

[19] http://davenet.userland.com/1999/05/whoOwnsDotCom
[20] http://www.news.com/News/Item/Textonly/0,25,36117,00.html
[21] http://www.techweb.com/wire/story/TWB19990506S0021
[22] http://www.news.com/News/Item/Textonly/0,25,36116,00.html
[23] http://tbtf.com/archive/1999-03-26.html#s01

___

Live from Linux Expo

David Sklar reports from what has become a Big Show

For the second year, David Sklar <sklar at student dot net> is feeding TBTF readers color commentary from Linux Expo in Raleigh, NC, USA. This report was filed Friday 21 May at 14:16 EDT (-0400).

Checking in from the "e-mail garden" here.

The show is definitely much bigger and snazzier than last year -- the location (Raleigh Convention Ctr. vs. Duke's campus) is a big part plus the exhibitors -- a huge booth from IBM (with some really comfy super-plush carpeting) plus HP, Compaq, Oracle, etc. Curiously, Sun only has a little booth on the fringes of the room. Lots of cool freebies and giveaways in the exhibit hall. I think the coolest are the lollipops that LinuxCare is giving away -- they have a real cricket inside them. I think the LinuxCare line about them is something like These are open source lollipops -- you can see the bugs.

My favorite part so far was the technical keynote from Jim Gettys yesterday. He talked mostly about design decisions in [the X Window System] and how they can help promote GUI standardization today. Towards the beginning, he mentioned that a particular feature in some window managers enables easy ways to abstract input devices and showed a 7-year old (but still supercool) video demo using voice input to X. Miguel DeIcaza, the GNOME guy, was sitting in the front row and yelled out that GNOME would have the feature that Jim was talking about "by tomorrow." Shortly before Jim finished his talk, the GNOME guys interrupted to say that they had added the feature while he was talking. Jim laughed and said that he had been bugging them for a month and a half to add it, and Miguel replied, to much laughter, that it was the video that really convinced him.

Tonight is the Linux Bowl trivia challenge, which should be fun.

___

Chicken Little was right

Global warming is cooling and shrinking the upper atmosphere

Lloyd Wood, satellite maven, forwarded this bit from the New Scientist [24]. As the lower atmosphere heats due to the greenhouse effects caused by human activity, the upper layers of the atmosphere cool down. This is happening at a rate far faster than had been predicted 10 years ago. The cooling in the stratosphere contributes directly to the ozone hole over Antartica, and is expected to open up a similar hole over the Arctic any year now; Greenland and northern Europe will bear the brunt of the effects of the increased solar radiation reaching the earth's surface. As the upper atmosphere cools it shrinks, many satellites orbiting in the layer known as the thermosphere, above 90 km, will find themselves registering less air resistance as the atmosphere literally falls away below them. This effect will throw off current calculations of satellite longevity in orbit.

[24] http://www.newscientist.com/ns/19990501/chillinthe.html


Notes

bul TBTF will welcome its 10,000th email subscriber probably on Monday or Tuesday. Of course this subscriber will, if willing, be subjected to unexpected net.fame and the glare of publicity. I would gratefully entertain any further suggestions for appropriate pomp and ceremony.

Sources

bul For a complete list of TBTF's (mostly email) sources, see http://tbtf.com/sources.html.

TBTF home and archive at http://tbtf.com/ . To subscribe send the
the message "subscribe" to tbtf-request@tbtf.com. TBTF is Copyright
1994-1999 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Commercial use pro-
hibited. For non-commercial purposes please forward, post, and link as
you see fit.
_______________________________________________
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.

___

Created 1999-05-14