Carl Malamud: Internet Talk Radio, flame of the Internet. 

This is Geek of the Week and we’re talk­ing with John Romkey, who’s a part­ner in the cor­po­ra­tion of ELF Communications. John, wel­come to Geek of the Week.

John Romkey: Thank you.

Malamud: You’re famous for the ToasterNet. Could you tell us what ToasterNet is and why we need one.

Romkey: Sure. Well I’m not sure you actu­al­ly need one. But the Internet Toaster orig­i­nal­ly start­ed out as sort of a par­tial­ly prac­ti­cal joke and par­tial­ly a way of demon­strat­ing some things that you could do with SNMP and com­put­er net­works that most peo­ple did­n’t tend to think about. The idea was that you could actu­al­ly use SNMP to con­trol things. Most peo­ple use SNMP today to mon­i­tor things and man­age them. And they don’t tend to use it much for con­fig­u­ra­tion or con­trol. But the mod­el of man­age­ment that SNMP pro­vides is actu­al­ly pret­ty gen­er­al, and you can mod­el all sorts of sys­tems in it and then actu­al­ly go and con­trol them. You could change the chan­nel on your TV, you could con­trol an ampli­fi­er, or you could con­trol a toaster. 

So what we did is we took a toast­er that Stuart Vance at TGV actu­al­ly found that’s a remark­able toast­er for us. It’s a Sunbeam radi­ant auto­mat­ic toast­er. The great fea­ture about it is that you don’t have to press any levers to actu­al­ly make it start toast­ing. You put the toast in, you put the bread in before it’s toast­ed, you drop that in, and the toast­er actu­al­ly sens­es the weight of the bread and low­ers it. And it only does this if pow­er’s sup­plied to it. 

So what we did is we took this and then we just switched the AC cur­rent going into it and we had that con­trolled by a PC that was run­ning an SNMP agent. And then if the pow­er was on, then you put in the bread and it would start toast­ing. You remove the pow­er, and it stops toast­ing and the toast­ed bread ris­es up. So what we did then was we cre­at­ed a small MIB, Management Information Base, for SNMP that actu­al­ly described the con­trol vari­ables for actu­al­ly doing the toast­ing. And you could do things like set the type of thing that you were toast­ing, and so that was an enu­mer­at­ed vari­able and you’d get val­ues like white bread, wheat bread—we decid­ed Wonder Bread was in a class of its own, so that was nei­ther white nor wheat. Bagel—

Malamud: Nor bread.

Romkey: Nor bread, actu­al­ly, yeah. Bagels, frozen hash browns, frozen waf­fles, things like that. And then you’d set that and then you’d set a done­ness lev­el, 1 through 10 how brown you want­ed it—and you real­ly did­n’t want to set it on 10. And anoth­er vari­able you could set was…and in fact per­haps the most impor­tant vari­able was the one you set to 1 in order to tell it start toast­ing, or 0 to tell it to stop toast­ing. And the SNMP agent that you actu­al­ly had the toast­er con­nect­ed to, all these did were just set a few vari­ables inter­nal­ly and then start a timer. So when you told us to start toast­ing what it did is made a com­pu­ta­tion that’d decide how long to toast for for the desired done­ness of what­ev­er it is you’re toast­ing, then it acti­vat­ed the pow­er sup­ply to the toast­er. It start­ed toast­ing then it turned it off after the appro­pri­ate num­ber sec­onds had passed.

One of the real­ly awful things was cal­i­brat­ing it, because you end up hav­ing to fill your garage with partially-toasted Eggos and pieces of bread and stuff, try­ing to fill out this matrix of val­ues to fig­ure out how long you have to toast an Eggo to achieve an 8 done­ness on it, you know, and it’s pret­ty dif­fi­cult to fig­ure out what an 8 is for an Eggo in the first place.

Malamud: Well this sounds like a poten­tial ACM SIGCOMM paper here.

Romkey: Yeah. Right. Van Jacobson might be able to come up with some opti­miza­tions for it, too.

Malamud: That’s right, you could do it based on one piece of bread, he’d have the full done­ness range done.

Romkey: Yeah. One of the things we did­n’t count on in demo­ing this at Interop, there are a cou­ple of things we did­n’t count on. This was done while I was as Epilogue Technology. And two prob­lems we ran into is— One was a polit­i­cal prob­lem with food ser­vices, which is that food ser­vices at the show, at the con­ven­tion cen­ter, would get real­ly upset at us because we were bring­ing food in. And only they were allowed to bring food in. And so we were actu­al­ly vio­lat­ing Interop’s con­tract by bring­ing in frozen waf­fles or pieces of bread and then stick­ing them in this toaster.

Malamud: There’s a waf­fle union?

Romkey: There’s uh…some sort of prob­lem with that. That’s why Interop ends up hav­ing to spend $2 a bot­tle for these lit­tle one-ounce bot­tles of Coke and things like that. 

So, Interop actu­al­ly man­aged to get per­mis­sion for us to bring in one slice of bread. And the oth­er prob­lem then that we did­n’t antic­i­pate was what hap­pens if you toast one slice of bread over, and over, and over again all day long. Or if you toast one Pop-Tart over, and over, and over again. It’s not too pretty.

Malamud: Not a pret­ty sight I would imagine.

Romkey: It breaks the matrix pret­ty badly.

Malamud: Now this was­n’t ful­ly auto­mat­ed the first year, you had actu­al­ly man­u­al­ly insert the bread into the toaster.

Romkey: Oh yeah. That’s right. You cer­tain­ly had to. In fact FTP Software did a ver­sion of it where I believe they built a robot arm out of Legos which would actu­al­ly drop the thing that you want­ed to toast into the toaster.

Malamud: In fact as I under­stand it they used a pow­er­ful GETNEXT oper­a­tor as the way of acti­vat­ing that function.

Romkey: Yep. Yep. And in fact— Yeah, in our first toast­er, you actu­al­ly did not get to set the vari­able. You got the val­ue of the vari­able and that caused it to toast because it turned out that we only got the code fin­ished a few hours before the show itself. 

Part of the rea­son that SNMP’s not used for con­trol appli­ca­tions a lot of the time has actu­al­ly been because of authen­ti­ca­tion and secu­ri­ty issues. Supposed to actu­al­ly do have your Internet toast­er in your kitchen, right. You real­ly don’t want ran­dom peo­ple all over the world to decide, Oh, I think I’ll have some fun. I’m gonna toast Carl’s bread this morn­ing,” you know. You want to make sure you have some secu­ri­ty there so that you can be very clear that only peo­ple who are allowed to are going to acti­vate your toast­er or play with your stereo or whatever.

Malamud: So will SNMP ver­sion 2 bring toast­ers into the main­stream, then?

Romkey: Well I can’t say that for sure. I think I’d have to check with Jeff Case on that. And I don’t see any stan­dard­iza­tion of the toast­er MIB in the future. The Toaster MIB Working Group just doesn’t—you know, has nev­er gone any­where. Someday I want­ed to pub­lish the toast­er MIB as an RFC. I need to sort of res­ur­rect it and get it out there. I think John Postel— I hope he’ll treat that with the appro­pri­ate amount of seri­ous­ness as it deserves.

Malamud: Now the point you were try­ing to make is if I can man­age a toast­er I can man­age any­thing. Did peo­ple under­stand that at a trade show like Interop?

Romkey: No, I don’t think they real­ly got that point across. In fact— [sighs] It’s not too clear to me that the— The toast­er had this prob­lem of most­ly being a flashy demo, but it did­n’t real­ly say any­thing about the com­pa­ny’s prod­uct, you know. And Epilogue with sell­ing a portable SNMP pro­to­col stack, right. And every­body says, Oh wow, look at this toast­er,” right. It’s got really…not very much to do with the actu­al prod­uct. And it also did­n’t— I think it real­ly actu­al­ly did­n’t com­mu­ni­cate the con­cept all that well. Because peo­ple did­n’t actu­al­ly— There’s noth­ing to show you that SNMP’s going on there. You know, what you see is some­body press­es a key on a key­board, and this bread sub­merges into this toast­er, you know, and there’s not enough there to actu­al­ly com­mu­ni­cate that there are bits going back and forth and what’s actu­al­ly going on and what the con­trol process is.

Simon Hackett con­trols his ampli­fi­er with SNMP, and that might be more use­ful for demon­strat­ing the con­trol util­i­ty of SNMP sim­ply because there’s more you can do. You can change the radio dial set­ting, you can change the vol­ume. There’s a lot more con­trols you can play with there, and the feed­back is much more in real-time. The toast­er’s a lit­tle too sim­ple there. 

Although, one per­son— I pub­lished the toast­er MIB once on the SNMP mail­ing list and I did get back some email from some­body’s thank­ing me because she said that this actu­al­ly real­ly clar­i­fied what a MIB did, how vari­ables in it were used, because it was some­thing she could relate to much bet­ter than the inter­face table, or the IP rout­ing table or some­thing like that, which is pret­ty abstract, you know. Here it’s like press­ing a but­ton and you cause the toast to go, right. And that was a lot eas­i­er to relate to. So it may be use­ful for class­room envi­ron­ments or teach­ing sit­u­a­tions. I don’t know about that.

Malamud: Is SNMP appro­pri­ate for small, arbi­trary devices. Is it too much over­head, is it too com­plex for toast­ers or modems, or things of that sort?

Romkey: Most toast­ers don’t actu­al­ly have a CPU. So, yes. SNMP is real­ly too com­pli­cat­ed to run on a tester but just about any­thing is real­ly too com­pli­cat­ed to run on a toaster. 

As far as that goes, I think that if your device has got say, any kind of 16-bit proces­sor with maybe 128K of mem­o­ry avail­able to it, which almost every­thing that has a CPU in it has avail­able to it these days, then I don’t think SNMP is too large or too com­plex. It draws a lot of crit­i­cism for ASN.1 because ASN.1 is viewed to be pret­ty large and bulky. But by con­ven­tion the facil­i­ties in ASN.1 that are used in SNMP, you know, if you work at it you can actu­al­ly do a pret­ty decent small and effi­cient imple­men­ta­tion of it. SNMP v2 is cer­tain­ly going to add a lot of over­head to that just because of the of the secu­ri­ty fea­tures int it, the encryp­tion, and everything—you know, if you throw all that in, there’s a lot more capa­bil­i­ties in it and it’s going to cost you some­thing to get that. But I can’t say that I real­ly will, you know, see the audio indus­try or the home appli­ance indus­try rush­ing out to use SNMP to man—implement SNMP on all their devices that they build. But I don’t think it’s inap­pro­pri­ate to use it for those sorts of things.

There are actu­al­ly stan­dards being done by oth­er non—com­plete­ly non-IETF orga­ni­za­tions for home con­trol sys­tems. There are bus­es, there’s a— Actually Ciarcia’s Circuit Cellar—Steve Ciarcia who used to do arti­cles for Byte, he’s actu­al­ly designed a sys­tem he calls the HCS II and I’ve been look­ing to get some infor­ma­tion on that because I may want to put some of that in my home. I just bought a house in Cambridge and we’re run­ning Ethernet through it and phone wiring in a twist­ed pair at every room that’s got a phone drop, and I’d actu­al­ly like to get things like lights con­trolled from the net­work sys­tem in the house. And prob­a­bly the appro­pri­ate way to deal with that sort of stuff is to say you know, you’ve got what­ev­er pro­to­col’s being spo­ken by that equip­ment that’s appro­pri­ate to it, it’s the native pro­to­col, whether it’s a pro­to­col spo­ken by the HCS II or the X.10 con­trollers that do dim­ming and you know. Or your bur­glar alarm sys­tem, or that sort of thing. And then have gate­ways that trans­late that into SNMP. If you real­ly do want to con­trol that from the Internet. A lot of this it’s real­ly overkill to con­trol from the Internet. 

You’re lis­ten­ing to Geek of the Week. Support for this pro­gram is pro­vid­ed by O’Reilly & Associates, rec­og­nized world­wide for defin­i­tive books on the Internet, Unix, the X Windows sys­tem, and oth­er tech­ni­cal top­ics. Additional sup­port for Geek of the Week comes from Sun Microsystems. Sun, the net­work is the computer.

Don’t touch that mouse, Internet Talk Radio will be right back.

[Ask Dr. SNMP seg­ment omitted]

Malamud: Would you feel safe, have your devices on your home net­work also con­nect­ed to the Internet? Do you feel that you’ll have the neigh­bor­hood kids just for a lark will play with your lights in rapid succession?

Romkey: I’d love it if the neigh­bor­hood kids were sophis­ti­cat­ed enough to play with my lights in rapid succession.

Malamud: What about the MIT kids?

Romkey: Yeah, them I’d feel more wor­ried about. Or the German hack­ers, or you know, who­ev­er peo­ple are para­noid about today. I’m not that wor­ried about it. I’m not a big… I think secu­ri­ty’s impor­tant but I’m not a big secu­ri­ty per­son. I think secu­ri­ty and pri­va­cy con­sid­er­a­tions are real­ly impor­tant to deal with the glob­al Internet where you want to be able to do things like elec­tron­ic funds trans­ac­tions across and things like that, cer­tain­ly that needs to be very secure. 

And cer­tain­ly I don’t want peo­ple to be able to open my front door. Or to be able to acti­vate a video cam­era in my bed­room or some­thing like that and be able to do that across the Internet. I think that the secu­ri­ty mech­a­nisms in SNMP, even ver­sion 1, if they’re fol­lowed you know, using com­mu­ni­ty strings or what­ev­er, I can set up com­mu­ni­ty strings that nobody’s prob­a­bly gonna guess. And nobody’s gonna be able to eaves­drop on the pack­ets that’re going back and forth on my net­work in my house with­out some pret­ty sophis­ti­cat­ed tech­nol­o­gy or with­out gain­ing access to the grounds. In that case unless the NSA decides they wan­na con­trol my toast­er I’m real­ly not too wor­ried about it. And espe­cial­ly with SNMP v2 with the par­ties and the heavy-duty authen­ti­ca­tion that’s in there, I think I’d feel pret­ty safe about it and feel that it was pret­ty secure.

Malamud: And you feel secure with your oth­er pro­to­cols, things like elec­tron­ic mail, you get an ade­quate lev­el of secu­ri­ty out of those, or do you want Privacy-Enhanced Mail.

Romkey: Actually I’m not too hap­py with the lev­el of secu­ri­ty there. I real­ly would like to have Privacy-Enhanced Mail. I think that a lot of peo­ple, a lot of users on the Internet, are pret­ty igno­rant of the pri­va­cy impli­ca­tions in the net. I sus­pect a lot of peo­ple don’t real­ize how easy it is to find out the mem­ber­ship of mail­ing lists, and prob­a­bly a lot of peo­ple who would be pret­ty freaked out if they knew that oth­ers could find out how eas­i­ly they are on cer­tain mail­ing list. I don’t like the fact that email trav­els the net in the clear. I espe­cial­ly don’t like the fact that FTP con­trol con­nec­tions and tel­net con­nec­tions trav­el the net in the clear. You know, I’m not real­ly very com­fort­able in the mail room typ­ing my pass­word to log in to my home sys­tem. I’d real­ly… You know, I change my pass­word before I come here and I will change it when I get back. I will not log in as root across that. Anybody who logs in as root on their office sys­tems or home sys­tems from Interop has got­ta be crazy, you know. There are peo­ple who are mon­i­tor­ing the net there, and it’s inten­tion­al. I mean, it’s a good thing to be mon­i­tor­ing the net there. They’re demo­ing prod­ucts and things like that. You’ve got to expect that. And I think that the lev­el of secu­ri­ty that’s avail­able there is pret­ty poor right now and it real­ly needs to be dealt with.

One thing that I think that peo­ple con­fuse a lot is authen­ti­ca­tion and pri­va­cy. I’m pret­ty sat­is­fied with pass­word pro­tec­tion on my Unix account on my machine at home. But I’m not sat­is­fied with the fact that every­thing that I type goes across the net in the clear. And any­body who’s mon­i­tor­ing the links can see it. I’d be very hap­py if that data stream were encrypt­ed. And that is one lev­el of pri­va­cy there that’s com­plete­ly unas­so­ci­at­ed with authen­ti­ca­tion. And if that were done, and there are mech­a­nisms that are under­stood today to do that—Diffie-Hellman key exchange could pro­vide that. In Diffie-Hellman key exchange what you do is both sides com­pute some ran­dom num­bers and they sent parts of them over the TCP con­nec­tion, say in this case TCP con­nec­tion. But they send enough— I can­not pro­fess to under­stand how this algo­rithm works, but I under­stand that it does work. I’ve been told by peo­ple I trust extremely—

Malamud: Well than that’s a secu­ri­ty fea­ture there.

Romkey: Yeah. One of the prob­lems with secu­ri­ty is it all comes down to trust at some point. You’ve got­ta trust some­body, and if they lie to you you’re in trouble. 

But the way this works is you com­pute these two sets of num­bers and then you send parts of them over the con­nec­tion. And it turns out that both sides can then con­struct enough of the num­bers to encrypt and decrypt the data stream, but an eaves­drop­per who can see every­thing going across the con­nec­tion does not have enough infor­ma­tion to do that. So then with­out hav­ing to do any— The good thing here is you don’t have to do a full key exchange in the clear, you don’t have to have keys pre­arranged, and you don’t have to ren­dezvous with some sort of key server.

So now, two process­es who don’t know any­thing about one anoth­er can have a secure—or rather, pri­vateTCP con­nec­tion that can­not be eaves­dropped upon. And that’s some­thing that’s a tech­nol­o­gy that I think is very impor­tant and I real­ly wish that was there today.

Malamud: Well do you think the RSA-based tech­nol­o­gy is what we should be using in the Internet, then? That’s cer­tain­ly the basis for Privacy-enhanced Mail.

Romkey: Right. I think that there are there a lot of issues involved in that. I mean it’s not just tech­ni­cal, unfor­tu­nate­ly. There are polit­i­cal issues, there are issues with export con­trols. RSA actu­al­ly isn’t cov­ered by patent in Europe. But how­ev­er were not allowed to export it with­out spe­cif­ic export licens­es from var­i­ous gov­ern­ment agen­cies. That’s fair­ly ridicu­lous because you can actu­al­ly pick it up for free, code that imple­ments it, any­where off the net. It’s dif­fi­cult— I think the IETF for instance would be in a very dif­fi­cult posi­tion if it had to go and say, You know, we want to stan­dard­ize on this encryp­tion algo­rithm, but you’re gonna have to license it from this com­pa­ny and pay them a fee.” That’s a hor­ri­ble posi­tion to be in. And it may be a posi­tion that we end up hav­ing to be in. There’s a lot of peo­ple who feel that soft­ware patents are invalid. However, that’s not upheld in courts of law yet. Maybe some­day that will become an issue. 

PGP for instance is a pack­age called Pretty Good Privacy. It imple­ments RSA encryp­tion algo­rithms. RSA says that this vio­lates their patent. A lot of oth­er peo­ple say it does­n’t or that the patent is invalid because it’s a patent on an algo­rithm and not an imple­men­ta­tion. This is a real­ly messy issue. The lat­est ver­sions of PGP have actu­al­ly been dis­trib­uted from over­seas and come into the US because tech­ni­cal­ly it’s ille­gal to dis­trib­ute them from the US to the out­side world. There’ve been imple­men­ta­tions of DES, which have done like­wise. They’ve been dis­trib­uted around the world and they’ve come into the US

Well, this is sort of code is all avail­able for anony­mous FTP all over the world and inside the US as it is. Anybody who thinks that they can con­trol it by just putting export restric­tions on it is being fool­ish because it’s—you know, it’s a genie that’s already out of the bot­tle. You can buy an issue of Scientific American that describes the algo­rithms. Just do a lit­tle bit of cod­ing and— It may take you a while to ver­i­fy that you actu­al­ly cod­ed it cor­rect­ly, but…you’ve got it, and all export con­trols there are going to do— This is my export con­trol flame. All export con­trols are going to do is pre­vent peo­ple who want to obey the law from using this tech­nol­o­gy to pro­tect them­selves. And any­body who does­n’t care about the law already is going to use the tech­nol­o­gy whether or not it’s legal. And that’s not gonna pro­tect anybody.

Malamud: Pretty Good Privacy is sim­pler than the Privacy-Enhanced Mail, and as a result can be imple­ment­ed on brain­dead oper­at­ing sys­tems like DOS. Do you think that the IETF in the Internet Architecture Board has been try­ing to have too much secu­ri­ty and as a result we haven’t had very much at all?

Romkey: I’m not sure. I haven’t been involved with the secu­ri­ty work­ing groups in the IETF. I don’t under­stand— I mean I— I don’t under­stand, they’ve been work­ing on these issues for years. Kerberos for instance, from MIT, has exist­ed for years now, and I don’t under­stand why the IETF haven’t got some solu­tions to secu­ri­ty and pri­va­cy prob­lems that are stan­dard­ized now—even if they’re just inter­im things. You know, I real­ize that it’s very dif­fi­cult to come up with an archi­tec­ture that’s going to last for quite a few years, going through unknown tech­nol­o­gy changes that’re going to hap­pen, you know. Who knows what’s going to come out when silicon—next year—that’s going to com­plete­ly stand the world on its head and we’re going to say, Oh, we nev­er antic­i­pat­ed that. I guess we’re gonna just have to throw this out and start over.” And also that’s going to be able to deal with an Internet that’s grow­ing so rapid­ly that every time some­body guess­es how fast it’s grow­ing, next month they find out they were wrong, you know. I real­ize it’s very dif­fi­cult to come up with archi­tec­tures and stan­dards that can work in that sort of envi­ron­ment. It’s like you don’t get the chance to do research, you’re devel­op­ing in a pro­duc­tion envi­ron­ment and you’re months behind at the moment you start in the way the Internet is work­ing today. But I don’t under­stand why we don’t have some sort of inter­im mech­a­nisms for doing this. And if the IETF can’t come up with some­thing at least to pro­vide us with pri­va­cy, with bet­ter pri­va­cy on the sys­tems, then I think you’ll see a lot more peo­ple doing things. And PGP’s an ad hoc effort. It’s peo­ple out on the net who are not involved with the IETF, who aren’t involved with any stan­dard orga­ni­za­tions, who cer­tain­ly aren’t involved with RSA. Because RSA’s very unhap­py with them since they feel their paten­t’s been violated—

Malamud: They’re explic­it­ly uninvolved. [laughs]

Romkey: Yeah. Right. And unlike­ly to ever be involved, in a good way any­way. And they’re very con­cerned about this, you know. And they’ve gone out and they’ve done things like PGP, and they’ve made them avail­able to the world. And a lot of peo­ple are using PGP. And a lot of peo­ple are using Privacy-Enhanced Mail, and I guess there’s PEM and there’s RIPEM. I have not gone and actu­al­ly used PEM or RIPEM. I’ve played with PGP a few times, and… 

It is rather nice in that there are peo­ple who run it on Macintoshes, on PCs, on Unix. It’s been writ­ten to be fair­ly portable. That’s pret­ty impor­tant to design some­thing like that from the start such that it works on multi-user— On a vari­ety of plat­forms, rather, not multi-user sys­tems per se but on a vari­ety of plat­forms, that’s pret­ty important.

Figuring out how to plug some­thing like that into your mail sys­tem can be pret­ty much—it can be a pret­ty sub­stan­tial pain because there are so many dif­fer­ent mail sys­tems out there, and so many dif­fer­ent mail user inter­faces, so many dif­fer­ent mail­ers. That’s kind of a problem.

Another prob­lem involved in that I think is pub­lic per­cep­tion. I’m kin­da wor­ried about what the non-computer hacker—and I use hack­er in the good sense, not the crack­er sense there. What the non-computer hack­er pop­u­la­tion of the US thinks about cryp­tog­ra­phy. And I’m afraid that… I’m kind of afraid that we’re in a sit­u­a­tion where what they hear is things like child moles­ters writ­ing about the crimes they’ve com­mit­ted and then encrypt­ing them so that the FBI can­not break that and can’t get access to it, about crim­i­nals encrypt­ing data that they’re using, encrypt­ing records of var­i­ous crim­i­nal trans­ac­tions. And I’m afraid that what the pub­lic hears about is this sort of stuff and not all the ways that it’s impor­tant that the pri­va­cy tech­nol­o­gy can help them. I’m afraid they only hear about the bad side of pri­va­cy technology. 

You’re lis­ten­ing to Geek of the Week. Support for this pro­gram is pro­vid­ed by Sun Microsystems. Sun Microsystems, Open Systems for Open Minds. Additional sup­port for Geek of the Week comes from O’Reilly & Associates, pub­lish­ers of books that help peo­ple get more out of computers. 

This is Internet Talk Radio. You may copy these files and change the encod­ing for­mat, but may not alter the con­tent or resell the pro­grams. You can send us mail to mail@​radio.​com.

Internet Talk Radio, same-day ser­vice in a nanosec­ond world.

Malamud: Well there’s a pro­pos­al by cer­tain FBI offi­cials that if we adopt cer­tain meth­ods of cryp­tog­ra­phy that we should also reg­is­ter the meth­ods that would be used to break them so that if they have a valid war­rant, they’re able to find the infor­ma­tion. What do you think of that?

Romkey: That one left me on the floor for a long time after I heard that one. That has got­ta be one of the scari­est pro­pos­als that I’ve heard in a long time. Because… Okay, there are lots of dif­fer­ent ways that peo­ple view the gov­ern­ment. You know, some peo­ple are just scared of the gov­ern­ment. They want the gov­ern­ment out of their lives as much as pos­si­ble. They basi­cal­ly think gov­ern­ment is evil. There’s some peo­ple who think gov­ern­ment is won­der­ful. They want the gov­ern­ment to pro­tect them. That’s fine. Both of those are valid view­points. There’s a whole spec­trum of view­points in between there. 

But I think the thing you’ve got­ta understand—and I’m try­ing to not take any posi­tion on whether gov­ern­men­t’s good or bad and how the gov­ern­ment should be involved here. I think the thing you have to under­stand is that the gov­ern­ment is not a mono­lith­ic enti­ty. That the gov­ern­ment, even if you believe the gov­ern­ment is a saint and will nev­er do any­thing to hurt you, the gov­ern­ment can be bro­ken, you know. We had Richard Nixon, you know. There are abus­es of pow­er. There are peo­ple who may take gov­ern­ment office, there are peo­ple who may have jobs in the gov­ern­ment, who can use access to infor­ma­tion there, and use that in crim­i­nal ways. And it’s impos­si­ble to pro­tect against that entire­ly. I think that any kind of of sug­ges­tion that things like pri­vate keys be reg­is­tered or back­doors be built into pri­va­cy tech­nol­o­gy com­plete­ly defeats the util­i­ty of pri­va­cy tech­nol­o­gy. That’s dan­ger­ous and I think that’s an extreme­ly bad idea.

Malamud: Well what about the argu­ment that by not reg­is­ter­ing those back­doors you’re gonna let a mur­der­er go free.

Romkey: Why is the mur­der­er gonna reg­is­ter it any­way? Oh, that’s the back­door. Okay. Sorry. If this were a pri­vate key, why would the mur­der­er reg­is­ter his pri­vate key any­way, you know? If I were gonna do that— It’s like you keep two sets of books, right. You keep the book to show the IRS and you keep the books that keep you aware of what’s real­ly going on. You nev­er show that sec­ond set of books to the IRS. You’d nev­er show your pri­vate key to the IRS. It’s too late for the back­doors any­way, you know. 

As far as back­doors go, to the best of the world’s knowl­edge PGP has no back­doors. There are oth­er encryp­tion algo­rithms—imple­men­ta­tions of encryp­tion algo­rithms that have no back­doors. Those exist today. Those aren’t goin’ away. You can get a CD-ROM with those on them. Go to any of a very large num­ber of bul­letin board sys­tems or anony­mous FTP archives, pick it up from there. So even if the fed­er­al gov­ern­ment required today that all encryp­tion pro­grams have back­doors in them and that the gov­ern­ment was required to be told those back­doors or ways of break­ing the algo­rithms, first of all the exist­ing tech­nol­o­gy would not go away, and that would con­tin­ue to be used and be avail­able. So you’re defeat­ed there.

Second of all there will always be some kind of under­ground or black mar­ket for soft­ware where—you know, you can buy a cable TV descram­bler, right. You’ll also be able to buy a backdoor-free ver­sion of PGP or some kind of encryp­tion com­mand. Of course, you’re trust­ing the peo­ple who are sell­ing that to you to be telling the truth there. 

You know, there’s also some things I’ve heard about where you can send in sam­ples of drugs. You go on the street, buy some ille­gal drugs, right. So then you go send these to this drug test­ing cen­ter in Florida or some­thing. You write four-number ran­dom sequence of dig­its on the sam­ple that you sent in, right. Then you call then up— Go use a pay phone or some­thing some­where, you don’t want any­body to know who you are. Call them up and tell them the num­ber and they’ll tell you what was actu­al­ly in these drugs. Of course the DEA runs many of these cen­ters, right. So you nev­er know who you’re deal­ing with and there’s this lev­el of trust there.

And maybe PGP does have back­doors in it. I don’t know enough about cryp­tog­ra­phy to be able to look at that code and be sure. And 99% of the US pop­u­la­tion knows way less than I know. So when they go buy a pack­age from Apple or from Microsoft, who knows, it may be com­pro­mised. I’m not try­ing to accuse Apple or Microsoft of doing any­thing there, but it may be com­pro­mised. Maybe unin­ten­tion­al­ly com­pro­mised, you know. There may be bugs in it that weak­en the encryp­tion algo­rithm. Maybe the key gen­er­a­tor does­n’t quite gen­er­ate the right key sequences, you know. There are all sorts of poten­tial prob­lems in there. 

But I don’t think any­thing that would require reg­is­tra­tion of keys or algo­rithms for break­ing soft­ware or any­thing, I don’t think that can real­ly stand a chance of work­ing. All that’s going to do is weak­en the util­i­ty of pri­va­cy tech­nol­o­gy for peo­ple who are actu­al­ly try­ing to obey the law. And any­body who’s going to try to use it to break the law, they’ve already got access to ample resources to get around that. 

Malamud: You’re lis­ten­ing to Geek of the Week. Support for this pro­gram is pro­vid­ed by Sun Microsystems. Sun Microsystems, Open Systems for Open Minds. Additional sup­port for Geek of the Week comes from O’Reilly & Associates, pub­lish­ers of books that help peo­ple get more out of computers. 

Don’t touch that mouse, Internet Talk Radio will be right back.

Malamud: This is a spe­cial edi­tion of Geek of the Week. We have with us a guest, A Concerned Member of the Internet Community, who is the author of…GUP. What is GUP?

Concerned: GUP is a Generic Ultimate Protocol, intend­ed to solve all fore­see­able and unfore­see­able prob­lems in near, medi­um, and long-term future.

Malamud: Well that sounds like a com­mend­able goal. Does it oper­ate at the net­work layer?

Concerned: Well, GUP decid­ed to get rid of all the net lay­ers, and it can oper­ate at any layer.

Malamud: How can we have one sim­ple pro­to­col that does everything?

Concerned: Well, it’s a result of very care­ful analy­sis of exist­ing solu­tions, and expe­ri­ence in the Internet. And as a result of this work we were able to design a sin­gle pro­to­col for all the problems.

Malamud: And what is the for­mat of this pro­to­col? Does it have a header?

Concerned: Well we actu­al­ly decid­ed a head­er isn’t need­ed any longer because each field is encod­ed as triplets: type, length, and val­ue. And you can have an arbi­trary num­ber of these fields, arbi­trary length.

Malamud: Well but how do we do a migra­tion into GUP? Is there a ver­sion num­ber in the field that tells us which ver­sion of GUP we’re work­ing with?

Concerned: Well, cer­tain­ly ver­sion is a wrong idea. It should­n’t be applied to GUP. And as a mat­ter of fact, expe­ri­ence with the Internet Protocol suite shows us that ver­sion num­bers should be dep­re­cat­ed as soon as pos­si­ble. So GUP does­n’t have a ver­sion number. 

Malamud: I see. I see. So we could put any pro­to­col on top of GUP.

Concerned: That is cer­tain­ly cor­rect. And as a mat­ter of fact, if you read the doc­u­ment on GUP, it tells you how GUP can be applied to such diverse prob­lems as solv­ing rout­ing and address­ing prob­lems in the Internet, and at the oth­er end of the spec­trum, solv­ing AI problems.

Malamud: Okay. So how does it solve rout­ing and address­ing, then?

Concerned: Well, you just encode any infor­ma­tion you like in a GUP and send them as GUP PDUs.

Malamud: And…how do I know what that address is?

Concerned: That it actu­al­ly between two con­sent­ing adults, because GUP oper­ates on a [indis­tinct] basis. Multicast will be added lat­er on.

Malamud: So mul­ti­cast is not in GUP yet.

Concerned: But work is in progress.

Malamud: I see. I see. And how do we han­dle arti­fi­cial intel­li­gence with GUP?

Concerned: We’re see­ing that because GUP is so flex­i­ble, it would let us put arbi­trary infor­ma­tion in a pro­to­col. And you’ll just build GUP trans­la­tion box­es that will inter­pret infor­ma­tion— Put prop­er­ly at some key places in the Internet, these box­es would allow it to con­cate­nate dis­sim­i­lar net­work lay­er pro­to­cols and build seam­less infrastructure.

Malamud: I see. So GUP-to-GUP trans­lat­ing gateways. 

Concerned: That is cer­tain­ly correct.

Malamud: I assume those GUP-to-GUP trans­lat­ing gate­ways are cod­ed in GUP.

Concerned: Oh, cer­tain­ly yes. 

Malamud: Of course.

Concerned: GUP is the ulti­mate solution.

Malamud: Nathaniel Borenstein and some col­leagues have come up with a new MIME body part for non-sentient life­forms, which is essen­tial­ly a way of includ­ing a human being in a MIME mes­sage. Would GUP be the appro­pri­ate way to do this?

Concerned: I would sug­gest that we should work togeth­er and try to uni­fy GUP and the pro­pos­al you men­tioned into a new uni­fied architecture.

Malamud: GUP is the open sys­tems solution.

Concerned: Truly open.

Malamud: John, you helped found FTP Software, you worked at Epilogue, and you’ve spent much of your career deep in the bow­els of the pro­to­col stack, doing a lot of low-level cod­ing. And your new com­pa­ny, ELF Communications is look­ing at higher-level issues. I know you can’t dis­cuss details of what the prod­ucts are that you’re devel­op­ing, but can you give us a bit of a vision of what’s miss­ing in appli­ca­tions on the net­works? What you’d like to see.

Romkey: Sure. I think that we’ve— I mean, many of the peo­ple in the IETF here have been work­ing on pro­to­col stacks, and rout­ing pro­to­cols, and secu­ri­ty pro­to­cols and all of this for years and years and years. I’ve writ­ten way more pro­to­col stack imple­men­ta­tions and ever want to—I nev­er want to write anoth­er one. I think I’ve learned just about every­thing I can or want to learn by writ­ing them. 

I think that if you look at the peo­ple who are using the Internet today, and the peo­ple who will be using the Internet as time goes on, that what you’re going to find is they real­ly don’t care what’s going on there, you know. To them it’s like whether their disk uses SCSI inter­face or an ST inter­face or some­thing like that, what they care about is the price and reli­a­bil­i­ty char­ac­ter­is­tics. And more than that, they care what they can do with it. That’s why I think you’re see­ing more appli­ca­tions things like Gopher, and WAIS, and the World Wide Web show­ing up. 

Some things that I think are par­tic­u­lar­ly impor­tant are that there’s an awful lot of com­plex­i­ty involved in both run­ning an Internet site and using an Internet site. And you know, things like IP address­es and domain names, those’re great for us, you know, for com­put­er geeks. We go and we say, Oh yeah, 192 dot 48 dot 232 dot 17. Yeah, that’s a Class C address. I know what Class C address­es are about,” right.

Malamud: Not only that, I know who owns it.

Romkey: Yeah, right! Right, and if I don’t I can find out, and I know how to find out. Doctors. don’t. care. And they should­n’t have to care, you know. I don’t think that they should have to care. To be hon­est, I’m tired of car­ing about that, you know. I have a cer­tain capac­i­ty in my brain and I’d real­ly actu­al­ly like to use some of it for things oth­er than remem­ber­ing how dot­ted IP address­es work and things like that. I need to know that because of my line of work, and to be hon­est I do enjoy play­ing with it and it’s a nice toy, you know, and I have a lot of fun with it. But a lot of the world does­n’t care. And I think that they need, and they deserve, tools to assist them with the deal­ing with that sort of stuff, hid­ing that sort of complexity. 

And some of this is sim­ply user inter­face tech­nol­o­gy. User inter­faces to a lot of exist­ing TCP/IP soft­ware are hor­ri­ble. And the rea­son why I think is because they’re not hor­ri­ble to the peo­ple who wrote them, and they’re not hor­ri­ble prob­a­bly to you or to me. That’s because we under­stand what’s going on at a deep lev­el inside the soft­ware, you know. We know how pro­to­col stacks work, we know how rout­ing works, we know how IP address­es work. Now, we real­ize that you type ftp elf​.com” and it comes back and says host unknown,” oh, we prob­a­bly can’t talk to the domain name serv­er. Okay. I remem­ber the IP address, I’ll type that in. We under­stand what’s going on there. But for oth­er peo­ple they should­n’t have to under­stand that. And—

Malamud: Is it a mat­ter of just new soft­ware? Do we just need­ed a higher-level inter­face to FTP, or do we need a bet­ter file trans­fer protocol?

Romkey: I think we need both. You know, there are cer­tain­ly valid cas­es today where you still— I don’t think I want to say that you should nev­er have to inter­act with FTP. I think I do want to say that you should­n’t have to inter­act with it as much as you do now. I’d like to see tools out there that would auto­mat­i­cal­ly invoke FTP for you. And for instance Gopher will auto­mat­i­cal­ly FTP files for you. That’s great. That’s one of the won­der­ful things. In that case, ftp’s still there. It’s an impor­tant pro­to­col, but every­thing going on with it is going on under the cov­ers and the user does­n’t know that that’s going on there. And I think that’s real­ly impor­tant. What the user cares about is get­ting the file, whether that file was sent via elec­tron­ic mail, whether it came over FTP, or whether it was accessed via NFS, it does­n’t mat­ter. The user real­ly does­n’t care. There are dif­fer­ent prop­er­ties to those dif­fer­ent meth­ods of access­ing the file, though, and the user may care about some of those char­ac­ter­is­tics of it. 

I think that if the user does have to deal with FTP that there are cer­tain­ly ways that we can improve the user inter­face to ftp. I can’t say that I am one of the world’s peo­ple most enam­ored of say, the Microsoft Windows file man­ag­er. You know, it’s there, it’s a file man­ag­er, it’s a graph­ic user inter­face. Okay, I’ll live with it. Most of the time to be hon­est I go to a DOS prompt and I type com­mand line instead of using the file man­ag­er. However there’s an awful lot of peo­ple who are used to the file man­ag­er and have a lot eas­i­er time deal­ing with it than they have deal­ing with a com­mand line inter­face. And cer­tain­ly an alter­na­tive type of user inter­face to an FTP client, say for Microsoft Windows, would be to pro­vide some­thing that looks like the file man­ag­er, you know. You do an FTP to the sys­tem, you get a win­dow that pops up, it looks like the file man­ag­er, you can drag and drop just like the file man­ag­er, you can use menus just like in file man­ag­er, use the tool­bar just like that. And I would­n’t stand up and say that’s the world’s best user inter­face. I don’t think there is such a thing as best user inter­face. User inter­face, it’s like writ­ing a book. You’re talk­ing to a cer­tain audi­ence. You write a user inter­face for a cer­tain audi­ence, you know. FTP com­mand line user inter­face in 4.whatever Berkeley Unix, that’s great for a cer­tain audi­ence. It’s awful for a cer­tain oth­er audi­ence. The prob­lem is that there’s much more of that oth­er audi­ence than there is of the audi­ence it’s good for, and we’ve got to start deal­ing with that.

Part of the rea­son why we ough­ta to start deal­ing with that is just a type of… What the Internet can do for us, and the access to resources that the Internet can pro­vide us I think is so great, you know, and what the world could be like if every­body could use the Internet. And if things like gov­ern­ment records data that the gov­ern­ment col­lect, data­bas­es, every­thing could be on there, that is so amaz­ing that it would be crim­i­nal—from my point of view of where the Internet could go—be crim­i­nal to not try to make it avail­able to everybody.

One of the things I’m kin­da wor­ried about there is not only may the tech­nol­o­gy be unus­able to a lot of peo­ple sim­ply because of the way the inter­faces to it are, but also it may be inac­ces­si­ble, and I’m pret­ty wor­ried about that. I don’t want to see— Something I’d real­ly love to see is con­gres­sion­al vot­ing records online. I’d love to find out how my sen­a­tors vot­ed because I would love to beat them up on it and make sure that they are actu­al­ly rep­re­sent­ing me in Congress.

Malamud: You know, they are online. The Cleveland Freenet has the Congressional Memory Project. Not all record are online, but every week they take a dozen bills and they enter in the vot­ing records.

Romkey: Okay.

Malamud: And they’re slow­ly build­ing that over time.

Romkey: That’s great. I’m glad to hear about that. There’s so many things going on around the Internet today that I can not keep track of them all any­more. I try. I need something—I need a box to read my net news for me. That would help a lot. 

Malamud: And that’s basi­cal­ly what your vision is of the type of soft­ware that you want to see, is things that’ll help you do that?

Romkey: Yeah. That’s part of it, that’s cer­tain­ly part of it. Part of it is— There’s a lot of data that’s pub­lished that’s pret­ty much unstruc­tured. Part of the vision is tools to add struc­ture to it that the user uses. Eventually, it’s impor­tant that the struc­ture be added by the peo­ple who pub­lish the data as well, you know. That’s anoth­er aspect of it. And it turns out that data you pub­lish and you put struc­ture on may not be struc­tured in a way that’s use­ful to me. So I still need tools to put my own struc­ture on it, right. That’s cer­tain­ly part of it. 

More tools to assist me in find­ing that data, you know, not nec­es­sar­i­ly even putting struc­ture on it so it’s use­ful to me. Like vot­ing records. Well, I just want to extract my sen­a­tor’s name to find out how they vot­ed. I prob­a­bly real­ly don’t want to read the text of the bill or any­thing like that. So I want tools to help me to do that. But I also need to just find out that it’s there in the first place. I don’t have to deal with FTP to get it, I want to have a soft­ware agent that will go out and get it for me. Things like that. Those are all impor­tant aspects of it.

Malamud: You have an unusu­al elec­tron­ic mail address, asy​lum​.sf​.cal​i​for​nia​.us, yet you live in Boston. Do you have a leased line that goes all the way to California to do your Internet access?

Romkey: That would be pret­ty hor­ren­dous. Yeah, I got a cheap— You know, I got a swamp in Florida I could sell you and I got a leased line that goes from Boston to San Francisco.

Malamud: Well you must work for a tele­phone com­pa­ny, then. [both laugh] You can call to San Francisco.

Romkey: Yeah. I moved to San Francisco about five— I actu­al­ly moved to the Bay Area, San Francisco Bay Area about five years ago and was talked into putting my host Asylum into the .us domain at that time. It seemed like a good idea, you know. I lived in Belmont, not in San Francisco, and a bunch of sites in the San Francisco area decid­ed that what they real­ly want­ed was ba​.ca​.us, ba” for Bay Area.” But that would­n’t be grant­ed because that did­n’t fit into the .us domain con­ven­tions. So that’s okay. We said well, we’ll lie a lit­tle bit, we’ll say San Francisco, because I fig­ured I was­n’t going to live in Belmont for the rest of my life, you know. And it turns out I did­n’t. But instead of mov­ing to San Matteo, I moved to Reading, Massachusetts, and now I’ve moved to Cambridge. 

I kept my domain name, though. And the rea­son why is that my sys­tem of sev­er­al megabytes of mail a day. I have no idea what mail­ing lists it’s on, you know, and I don’t real­ly want to have to go out and change that. I don’t want to have to update all the places that have point­ers to my sys­tem. We have fair­ly—rel­a­tive­ly sub­stan­tial anony­mous FTP archives on the sys­tem and some oth­er things like that. Nothing like what UUNET has but you know, we have we a hun­dred megabytes or so of stuff we give away to the net and don’t want to have to tell every­body the dif­fer­ence. But peo­ple make assump­tions about it. This is one of the rea­sons I think that geo­graph­ic nam­ing in… Geographic infor­ma­tion in host names is actu­al­ly a pret­ty bad idea because things move around, you know—

Malamud: Well names are not address­es, at least in the­o­ry, and I think you’ve proved that.

Romkey: Right. And Dave Clark wrote a won­der­ful RFC on that years ago and every­body seems to for­get about it, you know. He talks about the dif­fer­ence between names, address­es, and routes. And there’s very impor­tant dif­fer­ences, and peo­ple seem to get con­fused about that all the time and they just keep mak­ing the same mis­takes over and over again. In fact part of the rea­son why I keep the name now it also serves as an exis­tence proof of why it’s bad to do that sort of thing. 

I’m involved in a tape tree. This is a thing where some­body goes and gets a boot­leg tape, with bands’ per­mis­sion, off a sound­board at a con­cert, you know. And this band hap­pens to be Phish from Vermont. And so some­body got a tape with the band’s per­mis­sion and they’re orga­niz­ing this tree where they actu­al­ly have a DAT tape of a show, and then sev­er­al peo­ple send them blank DATs, they make mas­ters of that and then those peo­ple have five or six peo­ple under them who send them blank tapes, and you do this tree, right. And every­body only has to make five or six copies but hun­dreds of peo­ple can actu­al­ly get copies of the show. And that’s a pret­ty cool thing.

Well, they ignored my my US mail address and they assumed I was in California because of my email address, and they orga­nized this based on states to try to min­i­mize the delay for tapes to actu­al­ly trav­el in the mail. So, it’s not a big deal but it’s one of the exam­ples of how peo­ple will make assump­tions based on infor­ma­tion they see in a domain name that’s actu­al­ly out of date or invalid, you know, and it’s some­thing that’s mis­lead­ing. The num­ber of—

Malamud: Well you know the old say­ing, don’t judge a domain by its name. 

Romkey: [both laugh­ing] Yeah.

Malamud: Well, this has been Geek of the Week. We’ve been talk­ing to John Romkey. Thanks a lot, John. 

Romkey: Sure. Thank you.

Malamud: This has been Geek of the Week, brought to you by Sun Microsystems, and by O’Reilly & Associates. To pur­chase an audio cas­sette or audio CD of this pro­gram, send elec­tron­ic mail to radio@​ora.​com.

Internet Talk Radio, the medi­um is the message.