CDR: Vint Cerf, ISOC Dictator and the CIA/NSC Man on the ICANN Board, Says Security Crucial to Internet's Future (fwd)

Fri Nov 3 10:18:25 PST 2000

COMPUTERGRAM INTERNATIONAL: NOVEMBER 03 2000

+ Vint Cerf Says Security Crucial to Internet's Future

Vinton Cerf, one of the few men who can claim to be credited
with being the "father of the internet", yesterday warned that
security needs to tighten up in most areas if the internet is
to fully achieve its potential. Cerf, WorldCom Inc's senior
vice president of internet architecture and technology, made
his plea for tighter security at the Compsec2000 International
conference in London, UK yesterday.

Cerf, who is perhaps best known as the co-designer of the web's
TCP/IP protocols, outlined numerous areas where security could
be improved. He named cryptographic technology, network
security, host security and internet-enabled appliances among
the main candidates where improvements are needed.

First on Cerf's hit list is the problem of cryptography. Cerf
pointed to the need for a universally adopted non-proprietary
standard. While the US National Institute of Standards and
Technology (NIST) has now accepted the Rijndael algorithm of
Belgian researchers Vincent Rijmen and Joan Daemen as its sole
candidate for standardization, the search for alternative
standards in both Japan and Europe threatens the possibility of
a unified approach, he said.

Cerf also criticized the slow rate of adoption of public key
infrastructure (PKI) in the public and cross enterprise arenas,
and argued strongly for the separation of identification and
authentication. Identity, he said, should just be a means of
declaring oneself for validation. Registering should not itself
confer authority. That should be left to individual entities
based on their own database rather than centralizing all
knowledge of individuals.

Cerf said there is a also a need for multiple public and
private keys to avoid people using others' public keys as
identifiers. He also argued that global verification standards
may need to relinquished in favor of using different methods
for individuals, enterprises and governments.

In terms of network security, Cerf said the internet protocol
security (IPSec) standard is well specified, giving hosts the
chance to defend themselves, but there is still a need to adopt
a common key distribution process and firewalls that defend
against internal threats. He also said there is a need for
end-to-end encryption in VPNs in order to prevent any danger
from packet leaks into other networks.

Host security is also critical, especially in a world of
increasingly distributed systems. Cerf said internal firewalls
within operating systems may be needed to overcome their
inherent security weaknesses. He also advocated mutual and
continuous authentication between devices to prevent hijacking
of IP addresses and active monitoring, for instance for virus
detection and trojan horse signatures.

Within the distributed world, internet-enabled appliances, such
as the much-hyped internet refrigerator, are likely to form the
next target for hackers, he said. As such, he said that
authentication is needed for secure device control from the net
to stop, say, the kid next door reprogramming your house while
you are away. The profusion of such devices, enabled by putting
IP into hardware, will also quickly put a strain on IP address
space, he said.
..............................................................

Michael Sondow
=================================================================
      INTERNATIONAL CONGRESS OF INDEPENDENT INTERNET USERS
   http://www.iciiu.org        (ICIIU)        iciiu at iciiu.org
Tel(718)846-7482                                Fax(603)754-8927
=================================================================