Carl Malamud: Internet Talk Radio, flame of the Internet. 

Malamud: This is Geek of the Week. We’re talk­ing to Major Michael St. Johns, who’s a pro­gram man­ag­er at the Advanced Research Projects Agency. Welcome to Geek of the Week, Mike.

Michael St. Johns Thanks, Carl.

Malamud: Program man­ag­er at ARPA is a posi­tion with a long, proud tra­di­tion. Vint Cerf was a pro­gram man­ag­er, and Dick desJardins was before he went off to NASA and formed the GOSIP Institute. What made you want to leave your tech­ni­cal work and become a gov­ern­ment bureaucrat?

St. Johns: [chuck­les] Leave my tech­ni­cal work and become a gov­ern­ment bureau­crat. I mean, I— You know, you show up in the Air Force and that’s sor­ta what you become. Um…

Malamud: What do you do as a pro­gram manager?

St. Johns: Well, to fin­ish the first ques­tion. I mean, Paul Mockapetris came and just sort of blue his lit­tle flute, and it’s like the Pied Piper of Hamlin adn he drags peo­ple off into ARPA nev­er to be seen again. 

ARPA funds basic research in networking—well, basic research in a lot of topics—and my area is net­work­ing. We basi­cal­ly try and recruit the best and bright­est researchers in the coun­try at the leading—as far in advance of the lead­ing edge of tech­nol­o­gy as makes sense and get them to do the right thing.

Malamud: Do you set the research pri­or­i­ties or do you just respond to pro­pos­als from the researchers?

St. Johns: We set the research pri­or­i­ties. Before peo­ple give us pro­pos­als, we basi­cal­ly issue this thing called a broad agency announce­ment, a BAA, and that’ll list the broad area of inter­est for maybe a year or maybe six months, depend­ing on how fast the tech­nol­o­gy’s turn­ing over and how fast the needs are com­ing with respect to the rest of the programs. 

Once that clos­es we will get a host of pro­pos­als, any­where from as few as ten depend­ing on how focused the BAA, up to as many as I’ve seen 150 in a BAA—fortunately not mine. They’re eval­u­at­ed, and then we skim off the cream and select those pro­pos­als and fund them.

Malamud: What kind of mon­ey are we talk­ing here? How much does ARPA spend on net­work­ing research?

St. Johns: [sighs] Networking research, the… It’s a lit­tle bit dif­fi­cult to say but it’s some­where in the thir­ty to fifty million-dollar range, every­thing thrown into the pot. I have such a large range there because there are things that are networking-like that are not nec­es­sar­i­ly in my pro­gram. They may be in dis­trib­uted com­put­ing, they may be in anoth­er pro­gram relat­ed more to the oper­a­tional mil­i­tary than my pro­gram is.

Malamud: Yet, thir­ty to fifty mil­lion dol­lars is a sig­nif­i­cant frac­tion of the research mon­ey going in that area in the United States, I would think.

St. Johns: Yeah.

Malamud: What are some of the areas that you want to see net­work­ing evolve into? What’re the areas that you’re fund­ing or push­ing research in?

St. Johns: Well, the major area that I’ve start­ed work­ing in is the secu­ri­ty area in net­work­ing. I was at the Data Network Program dur­ing the era of the Worm. And I real­ly resent being wak­ened up at two o’clock in the morn­ing to be told yet anoth­er machine has gone and bit­ten the dust. We’ve got the very large Internet that has con­tin­ued to grow and grow. And we real­ly haven’t made the invest­ment in pro­tect­ing the infra­struc­ture we real­ly need for some­thing this large. The empha­sis I’ve got is basi­cal­ly pro­vid­ing enough tools in a ubiq­ui­tous man­ner to basi­cal­ly build six-foot fences. You can spend a lot of dol­lars and build Fort Knox but you can’t build very many of them. Whereas you can spend a lit­tle bit of mon­ey and give every­body the tech­nol­o­gy to build six-foot fences and you get a pret­ty good ben­e­fit on a world­wide basis, because it spreads out very well.

Malamud: So for exam­ple I believe ARPA funds the CERT, the Computer Emergency Response Team at Carnegie Mellon?

St. Johns: That’s correct.

Malamud: Is that an exam­ple of a six-foot fence?

St. Johns: That’s sort of an exam­ple of the exter­mi­na­tor more than the six-foot fence. That’s been in exis­tence since…oh, rough­ly four hours after we closed down the emer­gency with the Worm. And that’s actu­al­ly fund­ed out of a dif­fer­ent area. That’s fund­ed by anoth­er pro­gram man­ag­er. But that’s a good mod­el for at least one piece of the puz­zle. You can’t do it all in the com­put­er or in the net­work, you have to have good peo­ple avail­able to pro­vide for the secu­ri­ty of the sys­tem, or the con­tin­ued oper­a­tion of the system.

Malamud: Are there tech­nolo­gies that we should be look­ing at, such as pub­lic key cryp­tog­ra­phy, that your group can help devel­op fur­ther? Are you look­ing at pub­lic key, for example?

St. Johns: Yeah. The areas of research I’m con­cen­trat­ing in are not the cryp­to math­e­mat­ics, but using exist­ing tech­nol­o­gy, such as the var­i­ous pub­lic key methods—Diffie-Hellman, RSA, the Digital Signature Standard from NIST, DES, which isn’t a pub­lic key method—and incor­po­rat­ing those into the exist­ing tech­nol­o­gy base and pro­vid­ing the links in. 

We’ve got a cou­ple pro­grams that have start­ed, for exam­ple to pro­tect the Domain Name System, basi­cal­ly signed infor­ma­tion that’s in there. I’ve got anoth­er pro­gram work­ing on intru­sion detec­tion. Got anoth­er one on mobile com­put­ing and deal­ing with the secu­ri­ty issues around that. [crosstalk] It’s a broad area.

Malamud: Well for the domain name sys­tem, for exam­ple, are you look­ing at stor­ing pub­lic keys in DNS, or— What’re you look­ing at?

St. Johns: It’s the oth­er end around it. It’s the oth­er end of it. It’s sign­ing the infor­ma­tion in the DNS so you can trust it more. There’s a lot of attacks that peo­ple have pub­lish or talked about where a lot of the behav­ior of the net­work depends on where you come from, a good exam­ple being the Unix r‑commands, which all are based on what IP address you come from or what name you come from. If you can spoof the DNS to return bad answers to those ques­tions, you can actu­al­ly do some pret­ty annoy­ing dam­age with­in a com­mu­ni­ty that uses these things. If you have a signed DNS, at least it takes away one route of attack.

Malamud: So do you hope the result of that research will be…an RFC and deploy­ment, or is this going to be just a paper? Are you doing infra­struc­ture devel­op­ment here?

St. Johns: An RFC on the changes with respect to DNS to BIND as the ref­er­ence release. So that’ll be basi­cal­ly gen­er­al­ly avail­able to any­body who wants it. And infra­struc­ture deploy­ment, at least on some of the net­works that we run and con­trol. The idea being it’s an incre­men­tal deploy­ment. So you don’t have to do it if you don’t want to or you don’t think it makes sense. But the sec­ond time you get bit, you have the tool avail­able to come and solve the problem.

Malamud: Mike St. Johns, we’ve been talk­ing about secu­ri­ty prob­lems on the Internet and some of the research that you’ve been fund­ing. You dis­cussed Mobile IP and some of the secu­ri­ty impli­ca­tions there. Maybe you can elab­o­rate on what’s going to hap­pen to the Internet, par­tic­u­lar­ly with regard to secu­ri­ty, as we begin to be mobile and wire­less and use some of these oth­er new tech­nolo­gies that are emerging.

St. Johns: Well the most inter­est­ing prob­lem isn’t actu­al­ly believe it or not the mobile prob­lem, it’s re— The mobile prob­lem is a hard one. But prob­a­bly the most inter­est­ing one is the one I call proxy com­put­ing, where you basi­cal­ly let the net­work oper­ate on your behalf, or com­po­nents of the net­work oper­ate on your behalf. Either while you’re attached to them and they’re going off and doing things, or while you’re away and it’s oper­at­ing to go off and find par­tic­u­lar ref­er­ences to infor­ma­tion that you’re look­ing for. To maybe bal­ance your check­book… The semi-autonomous type of stuff that we read about in sci­ence fic­tion and we hope for tomorrow. 

It’s very crit­i­cal that we pro­vide a path so that you can let the net­work act as if it were you with­out being able to cor­rupt that thing that’s act­ing as if it were you into doing things it should­n’t do, or things that you haven’t told it it can do. So that’s one part of the problem. 

With the mobile com­put­ing prob­lem, a lot of it can be han­dled by stan­dard cryp­tog­ra­phy, just either includ­ing the rela­tion­ship between the mobile com­po­nent and the base com­po­nent and pro­vid­ing some sig­na­ture data there, or by oth­er rel­a­tive­ly com­mon tech­niques that we’re using today. It’s going to be hard­er as we keep con­tin­u­ing to get larg­er to do the right thing. And we’re just try­ing to do it earlier.

Malamud: Do we know what we need to know in order to secure the Internet? Is it just a mat­ter of deploy­ing the cur­rent knowl­edge, or do we need to learn some­thing new?

St. Johns: We need to learn some­thing new on the basis that most of the sys­tems we’ve got today don’t scale well. They work rea­son­ably well if you con­trol the whole domain you’re involved in. A whole cam­pus, a whole com­pa­ny, a whole orga­ni­za­tion, a whole net­work. The moment you start split­ting your domains, for exam­ple if you came to vis­it us, as of right now you’re not allowed to sit down a to one of our ter­mi­nals and go through our sys­tem to your sys­tem. It’s a pen­e­tra­tion of our secu­ri­ty bar­ri­er on the way out, and maybe a pen­e­tra­tion of your secu­ri­ty bar­ri­er on the way in. We’d like to solve that prob­lem. We don’t real­ly know how to do that on a rea­son­able basis on a world­wide basis. So the major prob­lem there is scaling. 

There’s prob­a­bly some research needs to be done on the cryp­tog­ra­phy. Every sig­na­ture algo­rithm we’ve got where you go off and you ver­i­fy and val­i­date the data requires a longer and longer string of dig­its to say that some­body has signed it. Every time you change or every time you want some­body else to val­i­date it we need— That’s anoth­er thing that we prob­a­bly need to work on.

Malamud: There’s been a lot of activ­i­ty for a long time in the Internet on secu­ri­ty. And the Internet Architecture Board has looked at a vari­ety of pro­pos­als. And some peo­ple have crit­i­cized the IAB. You’re a recent mem­ber so you can’t speak for the past. Some peo­ple have crit­i­cized the IAB and said that by try­ing to do secu­ri­ty right we’ve end­ed up with no secu­ri­ty at all. Is there a mid­dle ground some­place there that needs to be attacked?

St. Johns: Yeah, I think there is. There are var­i­ous exist­ing pro­to­cols today, exist­ing imple­men­ta­tions that would ben­e­fit a lot from rel­a­tive­ly cheap and inex­pen­sive fix­es to them. Um…

Malamud: What are some examples?

St. Johns: Well, I mean for exam­ple tel­net. We’re talk­ing about pro­vid­ing an encryp­tion path for tel­net pro­vid­ing addi­tion­al stuff to basi­cal­ly meld in Kerberos, the inter­ro­ga­tion pro­to­col that MIT devel­oped. There’s prob­a­bly things we could do with respect to FTP. We could prob­a­bly pro­vide some encryp­tion path for pri­va­cy for the base TCP stuff. 

Part of the prob­lem real­ly has not been one of a tech­ni­cal nature but in many cas­es of a pol­i­cy nature. We have a very big prob­lem in this coun­try and in most of the coun­tries that sub­scribe to the CoCom—and don’t ask me what CoCom stands for, I keep forgetting—about export­ing cryp­tog­ra­phy in any form. And that includes even DES, Data Encryption Standard stuff. So, we need to work past all of this stuff, and we’re final­ly com­ing to crit­i­cal mass on a lot of these issues. 

At the last IETF, I think I saw progress in about a half a dozen groups with respect to real secu­ri­ty com­ing out of them in one fla­vor or anoth­er. Unfortunately it’s not the grand uni­fied secu­ri­ty the­o­ry that we were hop­ing for, but at least it pro­vides benefits—three-and-a-half-foot fences.

Malamud: Well, three and a half is bet­ter than none, isn’t it?

St. Johns: That’s right.

Malamud: Mike St. Johns, you were one of the orig­i­nal peo­ple to attend the very first IETF meet­ing. In fact I under­stand you were at the meet­ing before the IETF meet­ing. How long ago was that?

St. Johns: Uh… 86 I think it was. We were meet­ing with a group called Gateway Algorithms and Data Structures, chaired by a guy name of Dave Mills. And my boss at the time Mike Corrigan, who’s now with GSA, came in like an aveng­ing angel and said, I’ve just come from the IAB we’re going to do nas­ti­ness to you.” The next thing we knew the GADS group had been dis­solved and in its place to the Internet Engineering Task Force and the Internet Architecture Task Force. 

Mike Corrigan took over the Internet Engineering Task Force. Dave Mills kept up with the Internet Architecture Task Force. For about the first two or three months they kept try­ing to call us INENG and INARC. Obviously the sim­pler IETF won out. And since that time we’ve grown from an orga­ni­za­tion that could com­fort­ably meet in a con­fer­ence room with thir­ty chairs to an orga­ni­za­tion where the work­ing groups have prob­lems meet­ing in a room with thir­ty chairs. The growth has been phe­nom­e­nal, and it’d be inter­est­ing plot­ting the growth of the IETF against the growth of the Internet and see­ing what we get.

Malamud: Why has it grown so quick­ly? Why haven’t peo­ple gone to the IETF and then said Well gee this is inter­est­ing. Now let’s do it right and go to the ISO com­mit­tees” for exam­ple? Why has the IETF been such a focus for development?

St. Johns: Well the first oh, half dozen or dozen meet­ings, some­where in that, were basi­cal­ly just straight meet­ings. You’d come in, you’d talk about the oper­a­tional prob­lems of the net­work. You’d iden­ti­fy what need­ed to be changed in the research agen­da. But there was no real work done with respect to pro­to­col and stuff. That was still being fund­ed either by ARPA, by the National Science Foundation. This was the era where the orig­i­nal NSFNET back­bone with…with the Fuzzballs? Yeah, I can’t even remember—were being phased out and the new NSFNET was being phased in. The new being rel­a­tive terms because it’s now being phased out.

The IETF as has been suc­cess­ful because the peo­ple who have had among oth­er things oper­a­tional respon­si­bil­i­ty for the net­works have been involved in set­ting the agen­da for the IETF and actu­al­ly cre­at­ing the prod­ucts which they then turn around and run on their own net­works. We did­n’t grow very much in the ear­ly years until we start­ed the work­ing groups con­cept. And since then we’ve real­ly grown. It was sort of like we were wait­ing for a cat­a­lyst. We had three or four work­ing groups at the first meet­ing that had the thing at, and we’ve got eight? now. Got more work­ing groups than orig­i­nal members.

Malamud: You men­tioned the sig­nif­i­cant oper­a­tional expe­ri­ence of the mem­bers. As the IETF grows and scales, obvi­ous­ly there’s a more dif­fuse mem­ber­ship that begins to attend. Is there a way we can keep that oper­a­tional focus in the IETF and yet still keep it open to all mem­bers and keep it growing?

St. Johns: Well we’ve made some good steps towards that. I think prob­a­bly the best thing we’ve done in recent years is the mul­ti­cast. If you take a look at who’s lis­ten­ing in and you start look­ing at these guys and say okay, He has soft­ware respon­si­bil­i­ty for net­work­ing. He’s learn­ing about net­work­ing at the school. Oh, an oper­a­tor, oper­a­tor, oper­a­tor, oper­a­tor.” You start see­ing peo­ple on the MBone who aren’t show­ing up to the IETFs but they’re still lis­ten­ing in on what’s hap­pen­ing. And you still get a lot of par­tic­i­pa­tion out of the IETF meet­ings per se on the mail­ing list. So there’s still this cross-fertilization. I don’t think we’ll lose that. 

Malamud: So the work­ing groups that used to work are the ones that used elec­tron­ic mail. So they kept on work­ing. And it sounds like the work­ing groups in the future that are going to work are going to be the ones that also use the net­work. And so it’s not just a place to have fine din­ners, it’s a place to…culminate the work that’s been going on.

St. Johns: The major ben­e­fit to going to an IETF meet­ing over deal­ing with the mail­ing list is basi­cal­ly get­ting a base­line per­son­al­i­ty for the peo­ple that you’re going to be deal­ing with over the mail­ing list. You know, if any of you have met like, Steve Knowles for exam­ple, Steve in per­son is a lot like his mail­ing list per­sona, but you start under­stand­ing where he’s com­ing from a lit­tle bit faster and a lit­tle bit bet­ter. And it’s very use­ful in deal­ing with him. And that applies with I’m sure deal­ing with me or even deal­ing with you, Carl. There are peo­ple who have been around long enough that sor­ta like every­body knows them. 

Malamud: But it’s always nice to meet people.

St. Johns: It’s always nice to meet peo­ple. And you start think­ing about— Even after you’ve been talk­ing with them just a short peri­od time you start think­ing about the last email you got from them and you relate it against their per­son­al­i­ty and say, Oh that’s what he meant. And that’s why he put it that way.” And you get a lot more emo­tion­al con­tent and you get the clues that you won’t nor­mal­ly get over elec­tron­ic mail.

Malamud: Now this is a glob­al net­work, and the IETF is begin­ning to do one meet­ing per year out­side of the US. And in fact with Asia going great guns with the Internet and Europe as always con­tin­u­ing to help lead in some of the devel­op­ment efforts, is it going to be hard­er to have IETF meet­ings? Are we going to have to spend our lives on air­planes trav­el­ing to far­away places?

St. Johns: Well, I mean, when we start­ed this thing out there were IETF meet­ings every quar­ter. We’re down to three a year. The orig­i­nal deal was that there would be an IETF meet­ing sort of in con­junc­tion with Interop when that [indis­tinct phrase], and that just sort of died on us. I don’t think we’ll— I think the three meet­ings a year will prob­a­bly con­tin­ue. The four-month peri­od is almost too long between talk­ing with peo­ple in some cas­es, because the tech­nol­o­gy’s chang­ing so much. But we’re will­ing to sub­sti­tute through tele­con­fer­enc­ing through MBone stuff. I’ve recent­ly found myself going down­stairs and using the tool from ISI, the mul­ti­me­dia mul­ti­cast con­fer­ence con­troller stuff, which basi­cal­ly allows me to dial up on a multimedia-type of inter­face a list of peo­ple who have the same stuff, and use the MBone to do some of the work. Keeps me from traveling.

I think the more… What dis­tin­guish­es the IETF and its group more than any­thing else from the ISO is that we…use the tools that we devel­op, to devel­op the tools that we devel­op, the tools—there’s always a cycle going on. There used to be back in Rome, ancient Rome—I’m get­ting off the track a lit­tle bit. But, when the Romans built a bridge they made the design­er, the archi­tect, live under the bridge for twen­ty years. It was a very strong guar­an­tees that the bridge would con­tin­ue to oper­ate for twen­ty years. We tend to live on the Internet in the IETF, and that’s a very strong guar­an­tee that the Internet will con­tin­ue to operate.

Malamud: So a require­ment if you issue an RFC is that you must be a soft­ware for the next five years.

St. Johns: Oh I would­n’t say that. I unfor­tu­nate­ly have issued a cou­ple of RFCs myself that’ve come back to haunt me, that I wish we weren’t using. But we will from time to time get the bad stuff in there. But it turns out that there’s sort of a sort of an evo­lu­tion going on, or a Darwin-type effect where only the strongest sur­vive. Back before my time on the IAB, the IAB declared CMIP an SNMP co-standard with respect to the Internet. Frankly I don’t think I’ve even seen an adver­tise­ment for CMIP prod­ucts in the com­mu­ni­ca­tions rags on line of six to twelve months. SNMP’s all over the place. So.

Malamud: Yeah that clear­ly has won. There is a major ven­dor which still uses CMIP in its archi­tec­ture, but as you’ve said the adver­tise­ments tend to be for SNMP these days.

Malamud: As a recent mem­ber of the IAB, the IAB has changed its char­ac­ter over the last year or so. A lot of the orig­i­nal mem­bers have resigned. There’s a new gen­er­a­tion that’s there. What do you see the role for the IAB being?

St. Johns: [sighs deeply] Well, we’ve been dis­cussing it almost inces­sant­ly since the thing changed. It was kind of my— I got kind of roped into it. It was like, I got asked Will you serve?” and I was sick that day. [laughs]

Malamud: But you said yes.

St. Johns: And so I said yes. Right now the role I think the IAB sees for itself is sort of the archi­tec­tur­al puri­ty of the sys­tem. And I use puri­ty in a very loose sense con­sid­er­ing what we’re talk­ing about with respect to the IETF. We’re basi­cal­ly just try­ing to do the right thing. At the last IETF, Christian Huitema who’s the chair and Barry Leiner who’s anoth­er IAB mem­ber, got up and talked about the mul­ti­pro­to­col Internet and basi­cal­ly said Well okay that’s fine, but we believe that we ough­ta have just one com­mon Internet lay­er pro­to­col.” And…that was tak­en very well. Especially con­sid­er­ing some of the things the IAB has said before and peo­ple have react­ed to. I think that’s where we’re going with this. We’re—

Malamud: Well but is that enough to say we need a sin­gle pro­to­col? Shouldn’t you be say­ing which one it is? I mean, it’s enough to say gee, we need open sys­tems but I mean…how? How do we do it?

St. Johns: Well as I recall, again before my time the IAB said at a cer­tain meet­ing in Japan you know We know what IP: The Next Generation is going to be. Or IPv7—I think at that time it was TUBA. And sur­prise, most of them came back to the United States…you know, there were lynch­ing par­ties wait­ing for them.

Malamud: So this is the IAB basi­cal­ly got up and said We think the direc­tion we ought to move is the Connectionless Network Protocol as mod­i­fied as nec­es­sary,” but the reac­tion from the com­mu­ni­ty was you know, how dare you tell us what the answer is when we don’t know the ques­tions yet.

St. Johns: Right. And in fact that result­ed in a lot of the changes that we saw with respect to the rela­tion­ship between the IAB and the IETF/IESG stuff. Right now you know, the IAB is sort of look­ing at us as the Twelve Wise Men or— I think it sort of looks at itself as sort of the Twelve Wise Men who—

Malamud: Wise peo­ple, actu­al­ly. For the first time [crosstalk] there is a—

St. Johns: Yes. We have Elise there. I’m sor­ry, Elise. 

—who reign but do not rule. We’ve sort of turned into the con­sti­tu­tion­al monarchy-type of situation. 

Malamud: So the twelve of you togeth­er form a kind of vir­tu­al Queen Elizabeth, if you will. [St. Johns laughs]

Well, thank you very much. We’ve been talk­ing to Mike St. Johns from ARPA and this has been Geek of the Week.

Malamud: This is Internet Talk Radio, flame of the Internet. You’ve been lis­ten­ing to Geek of the Week. You may copy this pro­gram to any medi­um and change the encod­ing, but may not alter the data or sell the con­tents. To pur­chase an audio cas­sette of this pro­gram, send mail to radio@​ora.​com.

Support for Geek of the Week comes from Sun Microsystems. Sun, The Network is the Computer. Support for Geek of the Week also comes from O’Reilly & Associates, pub­lish­ers of the Global Network Navigator, your online hyper­text mag­a­zine. For more infor­ma­tion, send mail to info@​gnn.​com. Network con­nec­tiv­i­ty for the Internet Multicasting Service is pro­vid­ed by MFS DataNet, and by UUNET Technologies.

Executive pro­duc­er for Geek of the Week is Martin Lucas. Production Manager is James Roland. Rick Dunbar and Curtis Generous are the sysad­mins. This is Carl Malamud for the Internet Multicasting Service, town crier to the glob­al village.