You are here

Cerf and the "secure from the start" Internet

Early Arpanet Map

Vint Cerf, co-intentor of TCP/IP, talked recently about the technology available to "secure the Internet" when it first arrived. News sites claimed "The Internet could have been secure from the start, but the tech was classified." 

 That's really not what he said. And it's not true.


If the Internet had been made "secure from the start," then none of us would be using it. 

The Internet is literally everywhere today because it was not secure. Back in the 1990s it was easy to start an Internet service provider. All you needed was a link to a router, any router, that was already on the Internet. This was a matter of transitive trust - if anyone trusted you enough to let you connect to the Internet, then you were in. This is also why shopping malls and big box retail stores are so successful: they have a lot of customers, and make lots of money, because they let everyone in.

Transitive trust is also why Internet security is so hard. Since it's easy to get on the Internet, everyone is there, including criminals. We can't exclude criminals without making the Internet too expensive. 

For the sake of argument, let's say that Cerf had his way and tne NSA released their then-secret security technologies. The most sophisticated technology they had back then was a public-key technique they called FIREFLY. They used it in secure telephones, the STU III, which appeared in the late 1980s. 

(For technical purists: Yes, yes, no doubt someone at NSA had worked out more sophisticated techniques than FIREFLY. But FIREFLY was the most elaborate thing they could deploy at that time at a large scale. It eventually found its way into some of NSA's early network security devices.)

Network security relies on cryptography. Cryptography relies on sharing chunks of totally secret information: the keys. FIREFLY provided a way of sharing keys, but it also relied on distributing some keys physically. You couldn't just buy a STU III and converse with others. You needed to receive an officially generated STU III key on a "Datakey" device from the NSA.

If we used STU III technology to secure the Internet, we would have needed an authority to vet the participants and physically ship them the appropriate STU III keys. It costs money to do that sort of thing. Imagine if every Internet user had to purchase their very own SSL private key before they could participate, and wait for its delivery through the mail. That's what we're talking about here.

Compare that to the actual task of joining the Internet: you needed a computer and a data link to another site. OK, you also needed one of those 32-bit IP addresses, and possibly a domain name. Before the days of local ISPs, the address and name came from the Internet Naming and Numbering Authority. This impressive-sounding bureacracy was actually a single person, Jon Postel, until he passed away in the late 1990s. You did this all through email with "" Now it's a distributed process in which ISPs dole out addresses to paying customers and domain registrars sell domain names. 

Access control makes a huge difference. Compare a stroll through a large city with a stroll through Disneyland. It's relatively easy to enter or leave a city: all you need is transportation using one of many routes. To enter Disneyland you use restricted entrances and pay an entrance fee. Inside, you are limited to activities vetted by the owner. While a street in Disneyland may be more secure in many ways than a city street, you have dramatically fewer options as well. 

The "secure from the start" Internet wouldn't be the Internet.


Post category: 

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer