Carl Malamud: Internet Talk Radio, flame of the Internet.
Malamud: This is Geek of the Week. We’re talking to Major Michael St. Johns, who’s a program manager at the Advanced Research Projects Agency. Welcome to Geek of the Week, Mike.
Michael St. Johns Thanks, Carl.
Malamud: Program manager at ARPA is a position with a long, proud tradition. Vint Cerf was a program manager, and Dick desJardins was before he went off to NASA and formed the GOSIP Institute. What made you want to leave your technical work and become a government bureaucrat?
St. Johns: [chuckles] Leave my technical work and become a government bureaucrat. I mean, I— You know, you show up in the Air Force and that’s sorta what you become. Um…
Malamud: What do you do as a program manager?
St. Johns: Well, to finish the first question. I mean, Paul Mockapetris came and just sort of blue his little flute, and it’s like the Pied Piper of Hamlin adn he drags people off into ARPA never to be seen again.
ARPA funds basic research in networking—well, basic research in a lot of topics—and my area is networking. We basically try and recruit the best and brightest researchers in the country at the leading—as far in advance of the leading edge of technology as makes sense and get them to do the right thing.
Malamud: Do you set the research priorities or do you just respond to proposals from the researchers?
St. Johns: We set the research priorities. Before people give us proposals, we basically issue this thing called a broad agency announcement, a BAA, and that’ll list the broad area of interest for maybe a year or maybe six months, depending on how fast the technology’s turning over and how fast the needs are coming with respect to the rest of the programs.
Once that closes we will get a host of proposals, anywhere from as few as ten depending on how focused the BAA, up to as many as I’ve seen 150 in a BAA—fortunately not mine. They’re evaluated, and then we skim off the cream and select those proposals and fund them.
Malamud: What kind of money are we talking here? How much does ARPA spend on networking research?
St. Johns: [sighs] Networking research, the… It’s a little bit difficult to say but it’s somewhere in the thirty to fifty million-dollar range, everything thrown into the pot. I have such a large range there because there are things that are networking-like that are not necessarily in my program. They may be in distributed computing, they may be in another program related more to the operational military than my program is.
Malamud: Yet, thirty to fifty million dollars is a significant fraction of the research money going in that area in the United States, I would think.
St. Johns: Yeah.
Malamud: What are some of the areas that you want to see networking evolve into? What’re the areas that you’re funding or pushing research in?
St. Johns: Well, the major area that I’ve started working in is the security area in networking. I was at the Data Network Program during the era of the Worm. And I really resent being wakened up at two o’clock in the morning to be told yet another machine has gone and bitten the dust. We’ve got the very large Internet that has continued to grow and grow. And we really haven’t made the investment in protecting the infrastructure we really need for something this large. The emphasis I’ve got is basically providing enough tools in a ubiquitous manner to basically build six-foot fences. You can spend a lot of dollars and build Fort Knox but you can’t build very many of them. Whereas you can spend a little bit of money and give everybody the technology to build six-foot fences and you get a pretty good benefit on a worldwide basis, because it spreads out very well.
Malamud: So for example I believe ARPA funds the CERT, the Computer Emergency Response Team at Carnegie Mellon?
St. Johns: That’s correct.
Malamud: Is that an example of a six-foot fence?
St. Johns: That’s sort of an example of the exterminator more than the six-foot fence. That’s been in existence since…oh, roughly four hours after we closed down the emergency with the Worm. And that’s actually funded out of a different area. That’s funded by another program manager. But that’s a good model for at least one piece of the puzzle. You can’t do it all in the computer or in the network, you have to have good people available to provide for the security of the system, or the continued operation of the system.
Malamud: Are there technologies that we should be looking at, such as public key cryptography, that your group can help develop further? Are you looking at public key, for example?
St. Johns: Yeah. The areas of research I’m concentrating in are not the crypto mathematics, but using existing technology, such as the various public key methods—Diffie-Hellman, RSA, the Digital Signature Standard from NIST, DES, which isn’t a public key method—and incorporating those into the existing technology base and providing the links in.
We’ve got a couple programs that have started, for example to protect the Domain Name System, basically signed information that’s in there. I’ve got another program working on intrusion detection. Got another one on mobile computing and dealing with the security issues around that. [crosstalk] It’s a broad area.
Malamud: Well for the domain name system, for example, are you looking at storing public keys in DNS, or— What’re you looking at?
St. Johns: It’s the other end around it. It’s the other end of it. It’s signing the information in the DNS so you can trust it more. There’s a lot of attacks that people have publish or talked about where a lot of the behavior of the network depends on where you come from, a good example being the Unix r-commands, which all are based on what IP address you come from or what name you come from. If you can spoof the DNS to return bad answers to those questions, you can actually do some pretty annoying damage within a community that uses these things. If you have a signed DNS, at least it takes away one route of attack.
Malamud: So do you hope the result of that research will be…an RFC and deployment, or is this going to be just a paper? Are you doing infrastructure development here?
St. Johns: An RFC on the changes with respect to DNS to BIND as the reference release. So that’ll be basically generally available to anybody who wants it. And infrastructure deployment, at least on some of the networks that we run and control. The idea being it’s an incremental deployment. So you don’t have to do it if you don’t want to or you don’t think it makes sense. But the second time you get bit, you have the tool available to come and solve the problem.
Malamud: Mike St. Johns, we’ve been talking about security problems on the Internet and some of the research that you’ve been funding. You discussed Mobile IP and some of the security implications there. Maybe you can elaborate on what’s going to happen to the Internet, particularly with regard to security, as we begin to be mobile and wireless and use some of these other new technologies that are emerging.
St. Johns: Well the most interesting problem isn’t actually believe it or not the mobile problem, it’s re— The mobile problem is a hard one. But probably the most interesting one is the one I call proxy computing, where you basically let the network operate on your behalf, or components of the network operate on your behalf. Either while you’re attached to them and they’re going off and doing things, or while you’re away and it’s operating to go off and find particular references to information that you’re looking for. To maybe balance your checkbook… The semi-autonomous type of stuff that we read about in science fiction and we hope for tomorrow.
It’s very critical that we provide a path so that you can let the network act as if it were you without being able to corrupt that thing that’s acting as if it were you into doing things it shouldn’t do, or things that you haven’t told it it can do. So that’s one part of the problem.
With the mobile computing problem, a lot of it can be handled by standard cryptography, just either including the relationship between the mobile component and the base component and providing some signature data there, or by other relatively common techniques that we’re using today. It’s going to be harder as we keep continuing to get larger to do the right thing. And we’re just trying to do it earlier.
Malamud: Do we know what we need to know in order to secure the Internet? Is it just a matter of deploying the current knowledge, or do we need to learn something new?
St. Johns: We need to learn something new on the basis that most of the systems we’ve got today don’t scale well. They work reasonably well if you control the whole domain you’re involved in. A whole campus, a whole company, a whole organization, a whole network. The moment you start splitting your domains, for example if you came to visit us, as of right now you’re not allowed to sit down a to one of our terminals and go through our system to your system. It’s a penetration of our security barrier on the way out, and maybe a penetration of your security barrier on the way in. We’d like to solve that problem. We don’t really know how to do that on a reasonable basis on a worldwide basis. So the major problem there is scaling.
There’s probably some research needs to be done on the cryptography. Every signature algorithm we’ve got where you go off and you verify and validate the data requires a longer and longer string of digits to say that somebody has signed it. Every time you change or every time you want somebody else to validate it we need— That’s another thing that we probably need to work on.
Malamud: There’s been a lot of activity for a long time in the Internet on security. And the Internet Architecture Board has looked at a variety of proposals. And some people have criticized the IAB. You’re a recent member so you can’t speak for the past. Some people have criticized the IAB and said that by trying to do security right we’ve ended up with no security at all. Is there a middle ground someplace there that needs to be attacked?
St. Johns: Yeah, I think there is. There are various existing protocols today, existing implementations that would benefit a lot from relatively cheap and inexpensive fixes to them. Um…
Malamud: What are some examples?
St. Johns: Well, I mean for example telnet. We’re talking about providing an encryption path for telnet providing additional stuff to basically meld in Kerberos, the interrogation protocol that MIT developed. There’s probably things we could do with respect to FTP. We could probably provide some encryption path for privacy for the base TCP stuff.
Part of the problem really has not been one of a technical nature but in many cases of a policy nature. We have a very big problem in this country and in most of the countries that subscribe to the CoCom—and don’t ask me what CoCom stands for, I keep forgetting—about exporting cryptography in any form. And that includes even DES, Data Encryption Standard stuff. So, we need to work past all of this stuff, and we’re finally coming to critical mass on a lot of these issues.
At the last IETF, I think I saw progress in about a half a dozen groups with respect to real security coming out of them in one flavor or another. Unfortunately it’s not the grand unified security theory that we were hoping for, but at least it provides benefits—three-and-a-half-foot fences.
Malamud: Well, three and a half is better than none, isn’t it?
St. Johns: That’s right.
Malamud: Mike St. Johns, you were one of the original people to attend the very first IETF meeting. In fact I understand you were at the meeting before the IETF meeting. How long ago was that?
St. Johns: Uh… ’86 I think it was. We were meeting with a group called Gateway Algorithms and Data Structures, chaired by a guy name of Dave Mills. And my boss at the time Mike Corrigan, who’s now with GSA, came in like an avenging angel and said, “I’ve just come from the IAB we’re going to do nastiness to you.” The next thing we knew the GADS group had been dissolved and in its place to the Internet Engineering Task Force and the Internet Architecture Task Force.
Mike Corrigan took over the Internet Engineering Task Force. Dave Mills kept up with the Internet Architecture Task Force. For about the first two or three months they kept trying to call us INENG and INARC. Obviously the simpler IETF won out. And since that time we’ve grown from an organization that could comfortably meet in a conference room with thirty chairs to an organization where the working groups have problems meeting in a room with thirty chairs. The growth has been phenomenal, and it’d be interesting plotting the growth of the IETF against the growth of the Internet and seeing what we get.
Malamud: Why has it grown so quickly? Why haven’t people gone to the IETF and then said “Well gee this is interesting. Now let’s do it right and go to the ISO committees” for example? Why has the IETF been such a focus for development?
St. Johns: Well the first oh, half dozen or dozen meetings, somewhere in that, were basically just straight meetings. You’d come in, you’d talk about the operational problems of the network. You’d identify what needed to be changed in the research agenda. But there was no real work done with respect to protocol and stuff. That was still being funded either by ARPA, by the National Science Foundation. This was the era where the original NSFNET backbone with…with the Fuzzballs? Yeah, I can’t even remember—were being phased out and the new NSFNET was being phased in. The new being relative terms because it’s now being phased out.
The IETF as has been successful because the people who have had among other things operational responsibility for the networks have been involved in setting the agenda for the IETF and actually creating the products which they then turn around and run on their own networks. We didn’t grow very much in the early years until we started the working groups concept. And since then we’ve really grown. It was sort of like we were waiting for a catalyst. We had three or four working groups at the first meeting that had the thing at, and we’ve got eight? now. Got more working groups than original members.
Malamud: You mentioned the significant operational experience of the members. As the IETF grows and scales, obviously there’s a more diffuse membership that begins to attend. Is there a way we can keep that operational focus in the IETF and yet still keep it open to all members and keep it growing?
St. Johns: Well we’ve made some good steps towards that. I think probably the best thing we’ve done in recent years is the multicast. If you take a look at who’s listening in and you start looking at these guys and say okay, “He has software responsibility for networking. He’s learning about networking at the school. Oh, an operator, operator, operator, operator.” You start seeing people on the MBone who aren’t showing up to the IETFs but they’re still listening in on what’s happening. And you still get a lot of participation out of the IETF meetings per se on the mailing list. So there’s still this cross-fertilization. I don’t think we’ll lose that.
Malamud: So the working groups that used to work are the ones that used electronic mail. So they kept on working. And it sounds like the working groups in the future that are going to work are going to be the ones that also use the network. And so it’s not just a place to have fine dinners, it’s a place to…culminate the work that’s been going on.
St. Johns: The major benefit to going to an IETF meeting over dealing with the mailing list is basically getting a baseline personality for the people that you’re going to be dealing with over the mailing list. You know, if any of you have met like, Steve Knowles for example, Steve in person is a lot like his mailing list persona, but you start understanding where he’s coming from a little bit faster and a little bit better. And it’s very useful in dealing with him. And that applies with I’m sure dealing with me or even dealing with you, Carl. There are people who have been around long enough that sorta like everybody knows them.
Malamud: But it’s always nice to meet people.
St. Johns: It’s always nice to meet people. And you start thinking about— Even after you’ve been talking with them just a short period time you start thinking about the last email you got from them and you relate it against their personality and say, “Oh that’s what he meant. And that’s why he put it that way.” And you get a lot more emotional content and you get the clues that you won’t normally get over electronic mail.
Malamud: Now this is a global network, and the IETF is beginning to do one meeting per year outside of the US. And in fact with Asia going great guns with the Internet and Europe as always continuing to help lead in some of the development efforts, is it going to be harder to have IETF meetings? Are we going to have to spend our lives on airplanes traveling to faraway places?
St. Johns: Well, I mean, when we started this thing out there were IETF meetings every quarter. We’re down to three a year. The original deal was that there would be an IETF meeting sort of in conjunction with Interop when that [indistinct phrase], and that just sort of died on us. I don’t think we’ll— I think the three meetings a year will probably continue. The four-month period is almost too long between talking with people in some cases, because the technology’s changing so much. But we’re willing to substitute through teleconferencing through MBone stuff. I’ve recently found myself going downstairs and using the tool from ISI, the multimedia multicast conference controller stuff, which basically allows me to dial up on a multimedia-type of interface a list of people who have the same stuff, and use the MBone to do some of the work. Keeps me from traveling.
I think the more… What distinguishes the IETF and its group more than anything else from the ISO is that we…use the tools that we develop, to develop the tools that we develop, the tools—there’s always a cycle going on. There used to be back in Rome, ancient Rome—I’m getting off the track a little bit. But, when the Romans built a bridge they made the designer, the architect, live under the bridge for twenty years. It was a very strong guarantees that the bridge would continue to operate for twenty years. We tend to live on the Internet in the IETF, and that’s a very strong guarantee that the Internet will continue to operate.
Malamud: So a requirement if you issue an RFC is that you must be a software for the next five years.
St. Johns: Oh I wouldn’t say that. I unfortunately have issued a couple of RFCs myself that’ve come back to haunt me, that I wish we weren’t using. But we will from time to time get the bad stuff in there. But it turns out that there’s sort of a sort of an evolution going on, or a Darwin-type effect where only the strongest survive. Back before my time on the IAB, the IAB declared CMIP an SNMP co-standard with respect to the Internet. Frankly I don’t think I’ve even seen an advertisement for CMIP products in the communications rags on line of six to twelve months. SNMP’s all over the place. So.
Malamud: Yeah that clearly has won. There is a major vendor which still uses CMIP in its architecture, but as you’ve said the advertisements tend to be for SNMP these days.
Malamud: As a recent member of the IAB, the IAB has changed its character over the last year or so. A lot of the original members have resigned. There’s a new generation that’s there. What do you see the role for the IAB being?
St. Johns: [sighs deeply] Well, we’ve been discussing it almost incessantly since the thing changed. It was kind of my— I got kind of roped into it. It was like, I got asked “Will you serve?” and I was sick that day. [laughs]
Malamud: But you said yes.
St. Johns: And so I said yes. Right now the role I think the IAB sees for itself is sort of the architectural purity of the system. And I use purity in a very loose sense considering what we’re talking about with respect to the IETF. We’re basically just trying to do the right thing. At the last IETF, Christian Huitema who’s the chair and Barry Leiner who’s another IAB member, got up and talked about the multiprotocol Internet and basically said “Well okay that’s fine, but we believe that we oughta have just one common Internet layer protocol.” And…that was taken very well. Especially considering some of the things the IAB has said before and people have reacted to. I think that’s where we’re going with this. We’re—
Malamud: Well but is that enough to say we need a single protocol? Shouldn’t you be saying which one it is? I mean, it’s enough to say gee, we need open systems but I mean…how? How do we do it?
St. Johns: Well as I recall, again before my time the IAB said at a certain meeting in Japan you know “We know what IP: The Next Generation is going to be. Or IPv7—I think at that time it was TUBA. And surprise, most of them came back to the United States…you know, there were lynching parties waiting for them.
Malamud: So this is the IAB basically got up and said “We think the direction we ought to move is the Connectionless Network Protocol as modified as necessary,” but the reaction from the community was you know, how dare you tell us what the answer is when we don’t know the questions yet.
St. Johns: Right. And in fact that resulted in a lot of the changes that we saw with respect to the relationship between the IAB and the IETF/IESG stuff. Right now you know, the IAB is sort of looking at us as the Twelve Wise Men or— I think it sort of looks at itself as sort of the Twelve Wise Men who—
Malamud: Wise people, actually. For the first time [crosstalk] there is a—
St. Johns: Yes. We have Elise there. I’m sorry, Elise.
—who reign but do not rule. We’ve sort of turned into the constitutional monarchy-type of situation.
Malamud: So the twelve of you together form a kind of virtual Queen Elizabeth, if you will. [St. Johns laughs]
Well, thank you very much. We’ve been talking to Mike St. Johns from ARPA and this has been Geek of the Week.
Malamud: This is Internet Talk Radio, flame of the Internet. You’ve been listening to Geek of the Week. You may copy this program to any medium and change the encoding, but may not alter the data or sell the contents. To purchase an audio cassette of this program, send mail to radio@ora.com.
Support for Geek of the Week comes from Sun Microsystems. Sun, The Network is the Computer. Support for Geek of the Week also comes from O’Reilly & Associates, publishers of the Global Network Navigator, your online hypertext magazine. For more information, send mail to info@gnn.com. Network connectivity for the Internet Multicasting Service is provided by MFS DataNet, and by UUNET Technologies.
Executive producer for Geek of the Week is Martin Lucas. Production Manager is James Roland. Rick Dunbar and Curtis Generous are the sysadmins. This is Carl Malamud for the Internet Multicasting Service, town crier to the global village.