Carl Malamud: Internet Talk Radio, flame of the Internet.
Malamud: This is Geek of the Week. We’re talking to David Crocker, who’s a member of the technical staff at Silicon Graphics. You may know David as the author of the famous Request For Comment 822, which defined electronic mail as we know it today. Welcome to Geek of the Week, David.
David Crocker: Thank you.
Malamud: Well, why don’t you tell us about 822. Why did we need to write down the format of a mail message? I mean, these things all look different. do we need to standardize this?
Crocker: Well, that effort in fact was the first RFC that declared itself to be a standard. And so it is an example of your question in the general form, why do we need standards. And the answer is initially we hadn’t had one. There was a format that Bolt Beranek and Newman was using, and eventually somebody asked them document it and they wrote that in an RFC. And then people started playing with it; they started making changes. And as always happens when you have independent efforts, they made incompatible changes. And so by about 19…early 1977, it was clear that we had some commonality of philosophy but no commonality of detail. And several of us were commissioned to go work on that, and RFC 733, which was the predecessor of 822, came out at the very first Internet—well, back then ARPANET—document that declared itself to be a standard, much to the chagrin of many of the ARPANET people.
Malamud: Was that considered bad, to be me making standards and telling people what to do?
Crocker: Telling people what to do was the key point. It wasn’t that it was popular. It was that it declared itself to be a rule that everyone had to follow. Back then, there was a much more anarchistic view, much more democratic view, which was that if you wrote something that was good then I’d choose to use it. And if the next guy chose to use it that was fine, too. But nobody was going to tell me that I had to use it.
Malamud: Well what’s wrong with that approach? I mean if everyone’ll kind of converge on a single way and things’ll either work or they won’t. Why do we need official standards?
Crocker: I think that…it’s a way of helping people to know what they should do. Because the reality is no one ever has to adopt a standard just because it declares itself to be a standard. And we have lots of examples of things declared to be standards that don’t get successful. So I think in fact it’s real benefit is a way of showing a consensus about a thing rather than really mandating.
Malamud: Now, RFC 822 is a fairly simple thing as standards go. Where do we go on the slippery slope between RFC 822 and X.400? Where do we stop in the middle?
Crocker: Boy, isn’t that a treat? Because back when we did 822, we very carefully kept it trivial. I mean the text body…I mean nobody would have ever viewed that as being a long-term solution. And all of us expected X.400 to be the one that took off. And so it was fascinating to watch MIME, which started as just a very focused effort to add a small upgrade to 822, end up being something which has features that are in many ways as good, in some ways perhaps better, as X.400.
I don’t know how you know ahead of time whether you’re biting off something that’s too complicated or too simple. The Internet philosophy has been to do things that are really very immediate and look too trivial, they look too simple, and end up instead being things that last a very long time.
Malamud: Now, how has MIME moved beyond the original electronic mail, and how will we move beyond MIME? I mean, what has been the progression of messaging that you see?
Crocker: Well MIME…in a way, from computer science and design standpoint, MIME is…offensive. I mean, it does multimedia encoding using text. I mean nobody would do that.
Malamud: So you take a binary file and you turn it in to ASCII for purposes of transfer, and to turn it back into binary, is that what you mean?
Crocker: Right. Right. And the structure information, what you might think of as the enveloping or the way of distinguishing the different parts of the message, is all done in text. And that’s not very efficient from a theoretical standpoint, but it’s very efficient if you’re trying to get through lots of email gateways, many of which don’t like binary data at all.
Malamud: Wouldn’t it make more sense just to tell the gateways to begin supporting modern data types like binary data?
Crocker: That would make a lot of sense. The trouble is going back to the earlier point, you don’t get to tell these people. You can try to seduce them. And so MIME represents an approach of seduction. And in fact we went and— I was not one of the original advocates of this, but I think for the long term it’s the right idea. We went and we did upgrade the email protocol SMTP so that it could support binary, but on an optional basis.
But you asked about MIME going beyond email, and I’m not sure people in general understand that it’s coming to be more than email. It was originally done as a way of upgrading the email body from a trivial text into this multimedia hierarchical wonderful thing. And instead what’s happening—not instead but in addition what’s happening, is that it’s getting used for other data transfer environments. It’s becoming a standard way—and this is by de facto, nobody’s imposing it—a standard way of encoding these kinds of objects in other situations. And so, people like the Gopher and World Wide Web services are tending to adopt it.
Malamud: Okay. So we’ve taken mime and defined a series of body parts—
Crocker: Mm hm.
Malamud: —and ways of labeling those body parts.
Crocker: Right.
Malamud: And you’re telling me that’s not being used just for electronic mail, it’s also being used in menu-based resource discovery, it’s being used in hypertext markup languages—
Crocker: Right.
Malamud: —like the Web?
Crocker: Right. Right. My guess about where things are going, and I haven’t talked about this with a lot of people, is that MIME is in the process—and we’re very early days, so I could easily be wrong on this. But I think MIME is going to become the real global standard for attaching things to each other that are otherwise relatively independent. Whereas it sure looks like SGML’s becoming the way to composite objects, putting together a bunch of smaller things to make one integrated whole, like a document. Whereas MIME is a way of attaching collections of documents.
Malamud: David Crocker, we’ve been talking about MIME and multimedia messages. We’ve been looking at the SGML standard for marking up text. We’ve been looking at the MIME standard for labeling the different body parts. This sounds like a lot more than my father’s email message. Does electronic mail look like it’s going to be the basis for let’s say doing business transactions on the Internet?
Crocker: Well, that’s my view. And it’s the subject of some very intense debate right now. I’ve gotten involved in the most applied-focused aspect of using the Internet for commerce, called Electronic Data Interchange, which is a collection of business standards. It has nothing to do with the Internet. It was developed out of in fact the MIS departments of the world rather than the datacom departments. And they are currently using a variety of data communication services, and there are some people in the EDI community looking at using the Internet.
My view is…and I’m not alone in this, that using email is the easiest entrée to the Internet, because it is so used to getting through lots of incompatible sometimes, misbehaving gateways, both email gateways and other kinds. But there are other people who want to use file transfer, and in fact there are some people talking about building their own EDI protocols directly to run on top of TCP.
Malamud: I’ve never understood this. EDI has been out there for years. And I’ve never understood why it’s so complicated to put together a few standard labels and say “This is a purchase order. It’s to this person, it’s from this person, it’s for this much. Here’s the date.” Slap it in a mail message, and off it goes. What’s the big issue with EDI?
Crocker: And the answer—my answer to your question is I don’t know. I’m trying to learn. I am…confused, as you’ve just said, about the complexity. I understand some of the philosophy of why it’s complicated, and then because businesses conduct themselves in different ways, and my business which might be the same— I might be a competitor of yours, but I run it differently, and therefore need certain kinds of information that’s different from yours.
What I don’t understand is why in the paper world we can do just what you said. I could call you up on the phone and say, “Do you have a widget?”
And you say, “Yes, send me a purchase order.”
I send you a purchase order. And you send me back the widget with an invoice. And I pay you back. In paper we do very little negotiating about the details of what goes on my purchase order or your invoice. And yet for EDI they’re in the stage which seems to require negotiating a lot of the details. I’m very very new to this, and it’s clear there’s a great deal of work that’s been going on. There is in the US a standards body called X12 that’s been working on this stuff for about fifteen years—
Malamud: Well maybe it’s time for them to quit and hand it over?
Crocker: Uh…
Malamud: I don’t want to be harsh here, but would it take fifteen years to— Because I don’t see EDI out there a lot. I mean, I know there are some corporations using it. But it’s not a general-purpose tool used in the business world.
Crocker: Oh, they think it is. And there’s enough of them— The Internet standards process has grown from about a hundred people in 1989 to 600 now. And we hold three-time-a-year meetings. It turns out X12 holds three-times-a-year meetings, and they have a thousand people show up. So, in fact they’re quite large. There’s a lot of money involved, both in a literal sense of what’s transferred back and forth and then the software costs and service costs because there’s providers for EDI gatewaying; value-added networks do that. And starting to think about putting things over the Internet may impact that.
Malamud: Now I could see a couple issues that might require something besides just general-purpose mail. Obviously Internet mail is not secure.
Crocker: Mm hm.
Malamud: At all.
Crocker: Mm hm.
Malamud: And it’s not guaranteed delivery.
Crocker: Right.
Malamud: Aaand, if you don’t define the inside of the package, what the EDI purchase order looks like, you’re not going to be able to machine process that incoming message, at least not necessarily. Are those areas that the Internet is going to ever be able to address? Secure, reliable delivery of well-formatted information?
Crocker: Well, you’re listing just the right issues. Security is the top of the hit list. And a guaranteed delivery is not as critical because it’s a data communications protocol and they have acknowledgments and retransmission. They care about reliability on the net, but I don’t think it’s as critical. Authentication and privacy and non-repudiation, or signatures, are absolutely the stopping point right now.
Malamud: How are we gonna solve those problems? Do we have technical solutions to those problems?
Crocker: The line of thinking that I’ve been trying to offer is that rather than go and invent the solution for EDI, we should observe that for Internet email there’s already been a great deal of effort in that area, where Privacy-Enhanced Mail, PEM, is the standards process approach to doing that. There are non-standards-process approaches, such as PGP, Pretty Good Privacy, which uses almost the same technology but uses it in a slightly different way.
Malamud: It doesn’t have a license.
Crocker: For example. There’s—
Malamud: Now that’s an important point, though, because the technology you’re talking about, Privacy-Enhanced Mail, is based on the RSA technology—
Crocker: And DES.
Malamud: —licensed by Public Key Partners.
Crocker: Right. And it’s also based on using DES. And the reason I’m mentioning that is DES has been around, it’s well-accepted, but it’s subject to export controls. And to the extent that the US wants to be competitive in our newly-aware global environment, the federal government policy on export controls is very much getting in the way.
Malamud: So DES is the Data Encryption Standard used for actually encrypting the data.
Crocker: Right.
Malamud: The public key technology is used in a very scalable solution exchanging authentication information.
Crocker: Right. There’s
Malamud: So one technology’s export-controlled, and the other one is owned by a private corporation. Is this really something we want to base a global infrastructure on? Does this make sense?
Crocker: I share your discomfort about the privately-owned part. But it happens that this is very specialized technology to which there is no real competition. And so for asymmetric keys, which is what public keys allows so that I can keep a hold of my decoding part but give you some public handle to know that it’s really my key, there’s no solution other than the RSA category approach, that I know of. And whereas much of the community is uncomfortable with having to rely on that, other people observe that Ethernet is another example of something that was a private solution that was used publicly quite successfully.
Malamud: So this is really no different than the Ethernet situation.
Crocker: I suspect the amount of money involved will be different. But from a philosophical standpoint I think not.
Malamud: So what is stopping, then, from having security? It’s obviously a roadblock to doing commerce on the Internet. What is stopping this train from moving forward?
Crocker: The operational aspects of doing general-purpose casual security—casual in the sense of without prior key exchange, without prior arrangement—
Malamud: Anybody knocks on my computer and I know who they are.
Crocker: Right. —is really tough. And it doesn’t look like, it doesn’t appear that it’s tough inherently from a theoretical standpoint. It’s tough from an administrative standpoint. And getting in place a public system that allows sending these keys around is something that has progressed very very slowly. And in general the use of security technology seems to involve administrative overhead that people aren’t usually very experienced with and there’s a lot of resistance to. So I think what it’s going to take in order to break through and get this as a general-purpose, regular option in our data communications exchanges is both changes in federal policy, and a lot more operational experience. And at the moment it doesn’t look like it actually needs changes to the underlying technology.
Malamud: What kind of changes in federal policy?
Crocker: The changing of the export controls, for which increasingly the security community, the body of people who spend their lives dealing with this technology, have been knocking on the federal government’s door trying to get that changed. And oh by the way also so has business. And in addition to which the federal government has just been pursuing a policy through some technology which is publicly referred to as “Clipper,” which is essentially competitive as a digital signature-based technology.
Malamud: It’s the hardware-based security scheme that has the backdoor in it so the federal government with proper court orders can go in and look at data exchanges.
Crocker: Right. And this has been in development by the government for quite a few years. I heard about it in ’86. And it’s come to fruition from a technical standpoint. The federal government has decided to pursue it as a federal standard and thereby require that those doing business with the federal government support this option. They are not trying—
Malamud: Now wait a minute. I remember some standards called GOSIP which said if you’re gonna do business with the federal government you’ve gotta have OSI, and that didn’t go very far. Is Clipper gonna go any farther?
Crocker: Gosh I hope so. No, I mean I hope you’re right that it won’t go any farther. Because it— While I’m sympathetic to the concerns the federal government is raising about control over various odious people, the reality is that the rest of the world, the commercial world in the US and all of the international world, are using other technology, and it’s all in place. It hasn’t grown very large yet, but it’s all in place. And the federal government is creating an island with just itself.
Malamud: It sounds like this philosophy of…“let it go a little bit later” is the same philosophy that the multicast backbone folks are using moving audio and video over the net in a non-guaranteed, non-real-time environment. Does this kind of very simple packet-switching paradigm…I mean is this kind of the big difference between us and the telephone company?
Crocker: Sure. By the same token, they have a long history of making sure that real-time data gets delivered in real time. And we turn out to be doing better at that than we have any right to expect. But we don’t have any experience actually making guarantees. That’s what the work on flows for example is trying to solve.
Malamud: Is the telephone company and the Internet, are these different infrastructures? Is it the same thing? Are we fighting the telephone company? Are we different layers? Are we…becoming the telephone company?
Crocker: Given their size and given ours I hope we’re not fighting. There are certainly different philosophies of technical development and different philosophies of operation that are at base. But as we see phone companies starting to offer Internet service, I think that there will be some kind of convergence.
Malamud: Convergence, now who is gonna run this converged superhighway? I mean, you work for Silicon Graphics. Presumably you’re trying to build the ultimate set-top box. On the other hand I would assume that Microsoft is doing the same thing. But I wouldn’t be surprised if Walt Disney Studios is trying to build a set-top box, or program it. What’s this new industry going to look like?
Crocker: It is I hope going to be a highly competitive industry as opposed to a highly-regulated one. And it is one in which I hope that the consumer has a wide range of options rather than having things dictated by a local monopoly or by the government.
Malamud: How do we ensure that?
Crocker: Well the Internet has proved to be I think a good example of how to do that. And I hope that that lesson isn’t lost. But your question goes more into the realm of business policy and federal policy that I have real limited experience on, and so I become just another hallway conversation opportunity.
Malamud: Are you looking for…standard interfaces? We’ve been hearing a lot about that from Congressman Markey, for example. Are we back to standards again?
Crocker: That brings it back to a technical topic, and the answer is you’re absolutely right. That we figure out where the points of exchange need to be, and we define—openly define—interfaces which specify the service that crosses that interface; in both directions. And then we let whoever wants to be on one side of the interface provide service there, and whoever wants to be on the other side of the interface be a consumer of the service.
Malamud: So for example the set-top box and the underlying cable TV provider might be a point of interface.
Crocker: My personal opinion is that long-term that will be what will happen. I know that many of the cable providers are expecting that the set-top will be pretty much their captive piece of technology, because it tends to—certainly in the early days now, it tends to be integrated so deeply into their service offering that there’s no way that they can decouple it in an open way. [crosstalk] My guess is long—
Malamud: Do you think it could be decoupled?
Crocker: I’d guess long-term it will. And I know a lot of other people do too.
Malamud: We’ve been talking to David Crocker. This has been Geek of the Week.
Malamud: You’ve been listening to Geek of the Week, a production of the Internet Multicasting Service. To purchase an audio cassette of this program, send mail to audio@ora.com. You may copy this file and change the encoding format, but may not resell the content or make a derivative work.
Support for Geek of the Week comes from Sun Microsystems. Sun, makers of open system solutions for open minds. Support for Geek of the Week also comes from O’Reilly & Associates. O’Reilly & Associates, publishers of the Global Network Navigator. Send mail to info@gnn.com for more information. Additional support is provided by HarperCollins and Pearsall. Network connectivity for the Internet Multicasting Service is provided by UUNET Technologies, and MFS DataNet.
Geek of the Week is produced by Martin Lucas, and features Tungsten Macaque, our house band. This is Carl Malamud for the Internet Multicasting Service, flame of the Internet.