RealTime IT News

Vint Cerf, 'A Father of the Internet'

Vint Cerf Widely known as one of the "Fathers of the Internet," Vint Cerf is the co-designer of the TCP/IP protocols. He serves as chairman of the board of the Internet Corporation for Assigned Names and Numbers (ICANN) and was founding president of the Internet Society as well as honorary chairman of the IPv6 Forum.

Today, Cerf is the chief Internet strategist for MCI WorldCom. His latest pet project is called the Interplanetary Network (IPN), a NASA-supported project that aims to create an Internet that reaches into space. sat down with Cerf during a recent E-mail Technology show to talk about what companies can do about spam, Internet security and IPv6.

Q: What advice do you give companies with regards to the future of Internet?

There are side effects of international domain names and multilingual content and it's already starting to be clear that we don't have a good handle on that. For example, the Germans are using umlauts [two dots above a vowel] in their domain names, which sometimes are mapped into Cyrillic [Russian Alphabet] Unicode.

The problem here is that the text representations that are going on internally are not Unicode representations. They are 8-bit maps from the Unicode set. And so by extracting from the Unicode set and then mapping that into an 8-bit code you have the same glyph represented by two things.

Software that it is used today to manipulate text material isn't fully in sync with the multilingual environment requiring more than one language or script in the same message. So we have to start rethinking our MIME [Multipurpose Internet Mail Extension] code schemes and everything else because they are now in the scope.

Q: What are your feelings about the controversial "Do-Not-Spam" List?

"From" fields do nothing, for all practical purposes. So that doesn't help you a whole lot.

It's an amazing mark of the gentler time of the origins of the e-mail in the early 1970s and the homogeneity of the community -- when no one thought that it would be necessary to be assured the correctness of the "From" field. So we never put anything in there in the beginning that would validate that. And of course digital signatures hadn't been invented yet.

So we now confront the problem of identifying the origins of e-mail. And you move into the awkward column that you introduce identification and authenticity of source. That doesn't inhibit spam necessarily because someone could legitimately sign up and send spam. And because there is such a modest cost associated in the sending of spam, the motivation for sending spam is very high.

There are suggestions by some that people should pay for mail. When we started MCI mail in 1982, we charged a dollar for each message. Even [National Review magazine founder] William F. Buckley had an account. We finally put that system to sleep because it was hard to have a service that no one else was paying for. The side effect of that is spam.

My guess is that as we increase the use of all communications -- not just e-mail -- for commerce, that the need to authenticate source, and validate integrity of content will increase.

Q: Is the answer white-listing or black-listing?

White-listing -- accepting e-mail only from a list of the following people -- is probably as close as you can get to the reasonable practice of handling the problem. Now we're seeing kind of white and black lists or white and gray lists that look at where the e-mail came from and the things in between are what you painfully manually filter through.

Spam filters that are going in some of those e-mail packages seem to be remarkably good at detecting that which really is spam.

I don't think purely technical means are the path best taken. So I've been jokingly suggesting another possibility. As we identify these people who are sending out these spam e-mails... we resort to public flogging .

Q: Seriously though, who should be responsible for spam? What is the role of the ISP?

I am unhappy with the thought that an ISP in a literal sense should be responsible for filtering out spam. First of all, we are running packets at 10 billion bits per second and we can't look at them that fast, let alone move them that fast. We get 2 to 3 million spams per day.

What one would want to avoid is some situation where you are held accountable for not successfully filtering all of the spam out -- or worse -- what if you filter something out that wasn't spam and have someone sue for damages. This is really a hard problem. You could probably argue that this is the equivalent of the Turing Halting Problem (defining the terminating program task). No algorithm that I can fathom can guarantee something is or is not spam just by looking. In spite of all of that, e-mail is still potentially a powerful and enabling tool.

Q: And the future of communication?

Probably, we will see more direct applications communicating with each other communicating in forms other than e-mail.

Because when you Internet-enable a thing, you need to build an efficient command and control language to manage it. So lots of devices that are on the Net will use some command and control protocols like SNMP (Simple Network Management Protocol) or SIP (Session Initiation Protocol) as a peer-to-peer style interaction. It's very popular because these are the ports that are open to get e-mail in and out, whereas lots of ports get open and closed for a second and secured. Even port 25 is under attack.

The same problem showed up with DNSSEC (DNS security extensions) and signing the zone files. At the very beginning, not too many are signing these things so if you see an unsigned packet then you just ignore it and reject it.

At some point you have to archive critical mass so quickly that the bulk of the time that you refuse something or reject it, you are doing so with a high probability that it is a reasonable position.

Q: What about IPsec?

IPsec is a very good thing to have virtually everywhere. Essentially it eliminates a whole series of higher layer attacks that you can make in the absence of cryptographic security. So the TCP hacks that were highlighted would be completely silenced by that end-to-end communication. The problem is getting these NAT (Network Address Translation) boxes in the architecture and the translation of the address space that somehow get in the way. Getting rid of NATs is part of an important crusade for me and the only way to get there is to use IPsec. But IPsec is no the only answer. You also have TLS (Transport Layer Security) transport, SSL or SSH and then cryptographically signing.

Q: What is your opinion of some of the new hardware/software combinations like semiconductor manufacturers working with Microsoft's No Execute?

It's an interesting idea. It has the awkward problem that you are bound to the piece of equipment. And if you ever had an electric book that you couldn't move from one laptop to another or you upgraded your equipment and all of a sudden it's like losing your wallet and you have to go get everything re-issued again. There is a binding subtype that is inconvenient and Americans don't handle inconvenient very well.

Q: With all of its troubles and critics, has ICANN outlived its purpose?

We need ICANN. If we were to go back and start over again, we would still end up with a similar thing. Many of the debates that occur take political positions without understanding that there is a technology that has limits.

The standards are too permissive and we need to add procedures to the registration of domain names to avoid overlap. In the example of the umlauts, there are two ways to spell the same thing and they mean the same thing, but you have to make a decision: should I allow two people to register two treated different representations of the same word. The Germans map it as distinct. Some other administrations don't get into that argument.

I'm by no means suggesting that ICANN knows what the answer is to that. I'm only saying that ICANN is asking people who are going to register in that way to think their way and hire extra language speakers to determine whether a restriction on a reservation would be advisable.

Q: Will the boom times ever return?

I feel like we just barely scratched the surface. With Tim Berners-Lee and his work on the Semantic Web, XML-encoded documents of that sort, eBusiness will be increasingly regularized and that will allow some substantial efficiencies. So here we've seen running up to 2000 all the big investment opportunities and the Y2K problem. Now what I'm expecting is the companies paying attention to inter-corporate exchange where up to now they were focused on intra-corporation efficiencies.

Q: And the Interplanetary Network (IPN)?

We have the lower two layers of the five layer case running on the two rovers on Mars. We're hoping to put a telephone satellite in orbit by the end of the decade connecting the two planets together.