Feeds

Vint Cerf wanted to make internet secure from the start, but secrecy prevented it

Tells Google Hangout buds that tech was 'classified' at the time...

Beginner's guide to SSL certificates

The NSA acted as a barrier to the rollout of encryption as standard from the very inception of the internet back in the mid 1970s.

Youtube Video

Engineers had wanted to add a network encryption layer as part of the original specifications for TCP/IP. Whitfield Diffie and Martin Hellman had published a paper on public key cryptography systems, so the kernel of a technology to make the internet secure was already there. However the algorithms that would have made the idea a practical reality had to wait until Ron Rivest, Adi Shamir and Leonard Adleman published the RSA algorithm in 1977.

Intel agencies including the NSA and GCHQ had already invented public key cryptography systems, but this work remained top secret.

Meanwhile, Vint Cerf, the pioneering internet security engineer, was working on components of a classified NSA at Stanford in the mid 1970s to build a secure, classified internet.

Cerf explained during a Google Hangout session:

I worked with the National Security Agency on the design of a secured version of the internet but we used classified security technology at the time and I couldn't share that with my colleagues. If I could start over again I would have introduced a lot more strong authentication and cryptography into the system.

Video from the key segment of the session can be found here (via YouTube).

Not sharing a fundamental leap forward in privacy communications security technology at the height of the Cold War is understandable if regrettable from the perspective of the current lamentable state of internet security.

Cert's historical footnote does, however, add an extra element to the current debate over the NSA's attempts to weaken encryption schemes and push weak algorithms through schemes like Project Bullrun and the now infamous Dual_EC_DRBG "backdoor".

Former NSA general counsel Stewart Baker, a lawyer rather than a cryptographer, argues that suggestions that his former employer is undermining net security are wide of the mark last weekend. Baker's blog post provoked a feisty exchange with regular sparing partner Jacob Appelbaum, a Tor Project developer, on Twitter. Appelbaum argued the NSA was sabotaging US companies, crypto standards and the US Constitution.

Baker responded that Edward Snowden is "under the thumb" of the Russians and that his revelations about NSA spying tactics are assisting authoritarian government, including the government of Syria.

The exchange can be reviewed here. ®

Remote control for virtualized desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
prev story

Whitepapers

Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.