Microsoft's Web site was unavailable sporadically for two days beginning Thursday 6/19. Microsoft originally said the outage was a result of a number of factors occurring together: unusually high demand, the consolidation of two data centers, and a bug in its network software. Some news wires picked up this version of the story. It now develops that the outage may have been exacerbated -- or even caused -- by a new kind of denial-of-service attack on NT servers running Internet Information Server [1]. The attack, which can be launched from across the Internet from any Netscape Navigator 3.0 browser running Java 1.0.2, disables IIS but does not crash the NT server completely. Microsoft has now found and fixed the bug and posted a patch [2] on its site along with an explanation [3]. I had difficulty getting to the Microsoft site on Saturday -- I hope the server is just busy this time -- so here is an alternate source [4] for Microsoft's explanation. It reads in part:

> The issue requires a very special URL to be generated for each
> server being attacked. There is no one URL that can bring
> every server down. The URL varies by server and by the current
> state of the server (current memory, current load -- both of
> which constantly change). A malicious hacker could write a
> program to find the exact character sequence. A hacker simply
> can't publish a URL that would bring down an IIS server. After
> sending continuous requests to a server for a period of time,
> a program might find the right URL sequence and cause the web
> server to stop running.

On 1997-06-18, for the first time in history (as far as anyone in the non-secret world knows), a message encrypted with 56-bit DES was successfully decrypted. The crack was an informal effort coordinated over the Net by a group called DESCHALL (DES challenge) [7]. The press release is here [8]. The group was responding to RSA Data Security's challenge [9], which carries a $10,000 reward. Over 78,000 computers participated in the challenge since it opened on January 29, mostly contributing "spare" cycles. Over the final weekend more than 14,000 machines were at work. Peter Trei <trei at process dot com> has estimated that the calculation consumed 457,000 MIP-years -- 100 times more CPU effort than the distributed crack of RSA-129 [10]. He posits the DES crack may have been the largest calculation ever undertaken by the human race, though this assertion has been challenged on the Cryptography list.

The secret message read:

The group got lucky: they found the secret key after checking not quite 25% of the 72 quadrillion possible keys.

Here are four graphs [11] that give a good idea of the scope of the effort. This graph generator [12] lets you explore the space of challenge participants. I discovered that MIT, with several hundred hosts participating, was consistently in the top 10 most productive domains in numbers of keys checked -- until the last four days of the challenge, when a new port of the key-ckecking code for the 64-bit UltraSPARC catapulted Sun's contribution to the top of the list.

The day before the crack succeeded, Senators John McCain and Bob Kerrey introduced legislation (see story below) that would codify the current 56-bit limit on exportable crypto products (besides its main purpose of mandating government access to private keys). DESCHALL has demonstrated unambiguously that 56 bits is no longer enough.

[7] http://www.frii.com/~rcv/deschall.htm
[8] http://www.frii.com/~rcv/despr4.txt
[9] http://www.rsa.com/rsalabs/97challenge/
[10] ftp://ftp.ox.ac.uk/pub/math/rsa129/rsa129.ps.gz
[11] http://www.cis.ohio-state.edu/~dolske/des97/deschall.html
[12] http://www.cis.ohio-state.edu/~dolske/des97/graph.html

Efforts to relax the rules for the export of cryptography died on 6/19 in the U.S. Senate. Sen. Conrad Burns's ProCODE bill -- already weakened into "ProCODE II" in a last-minute attempt to salvage it [13] -- was overrun by a vote of 12-8 in the Commerce Committee. The opposing McCain-Kerrey bill (S.909[14]), which was co-sponsored by Commerce's chair, Sen. John McCain, sailed through two days after introduction on a voice vote and without any hearings at all. This bill began as a proposal floated by the White House [15]; one observer called it a "poisen pill" intended to dispatch the bills lifting restrictions on crypto export and use.

Declan McCullagh writes, "In the end, it was child pornography that derailed encryption legislation in the U.S. Senate and dealt a bitter defeat to crypto supporters." McCain played the kiddie-porn card and Burns's outgunned supporters could only splutter.

McCain-Kerrey mandates key recovery for any computer network that receives even partial funding from the government -- this certainly includes university networks -- despite the conclusion of 11 noted cryptographers [16] that key recovery on this scale would be unworkable and would lessen security. S.909 criminalizes certain uses of cryptography for the first time. The bill states that law enforcement would need only a subpoena to access private keys; existing federal regulations require a court order. And it links digital certificates to key recovery and grants government the authority to license digital certificates.

Unless S.909 is diverted to another committee it will be scheduled for a full Senate vote. If it passes it may run headfirst into the SAFE bill [17] proceeding through the House, whose intent is diametrically opposed to that of McCain-Kerrey. No-one can guess what might emerge from a conference committee, but I can guarantee you it would not be pretty. President Clinton has threatened to veto any bill with provisions like those of SAFE that reaches his desk.

Coverage of S.909 in the mainstream press has been nonexistent. Online media reporting the story have frequently gotten parts of it wrong. Don't embrace the conclusions of any piece that names Sen. John Kerry of Massachusetts as the bill's co-sponsor. The actual co-sponsor is Sen. Bob Kerrey of Nebraska. (Kerry does sit on the Commerce Committee and in fact voted for S.909.)

For past coverage of the debate over cryptography export policy, see TBTF Threads [18].

[13] http://pathfinder.com/netly/editorial/0,1012,931,00.html
[14] http://www.cdt.org/crypto/legis_105/mccain_kerrey/
[15] http://www.ne0ws.com/News/Item/0,4,11693,00.html
[16] http://www.crypto.com/key_study/report.shtml
[17] http://www.cdt.org/crypto/legis_105/SAFE/
[18] http://www.tbtf.com/threads.html#Tcep

Another Pacific island has hung out its shingle in competition with Network Solutions, Inc. And this one is slick. The Kingdom of Tonga [19] -- the only Polynesian island so independent-minded that it was never colonized -- is selling .to domain names. Visit the Tonic service [20] and you can lay instant claim to toysRus.to, should you be inclined to set up cybershop in some jurisdiction beyond the reach of that corporation's lawyers [21]. The name was available when I checked just now, but mcdonalds.to has been spoken for.

Unlike Norfolk Island, the first independent top-level domain to offer services in competition with NSI (see TBTF for 1996-07-14 [22]), Tonga charges the same rates as the monopoly name grantor: $100 for two years and $50 per year thereafter. (Norfolk charges $250 to $1000 for .nf names.) And their signup form [20] is far friendlier than NSI's infamously Byzantine procedure. You get instant gratification. Once you click "Register," your credit card is debited and your domain name goes into effect. With NSI the wait for a new name to become active can stretch anywhere from weeks to months.

Better still, Tonic uses a two-level password scheme so you can edit your contact or billing information at any time and your ISP can edit the technical portion of the name-mapping form. It's rather like the "valet key" supplied with some makes of cars that unlocks the ignition but not the trunk or the glove compartment. No real-time forms when you deal with NSI -- you submit an email request and wait and hope.

The Tonga story was first published by nando.net [23]; I heard about it on Glen Macready's <glen at substance dot abuse dot blackdown dot org> 0xdeadbeef mailing list. You can learn more about Tonga at this deliciously retro site [24], featuring links such as "So what's happening on our little island!" For more on domain naming and its discontents visit TBTF Threads [25].

[19] http://www.tbtf.com/resource/tonga.jpg
[20] http://www.tonic.to/
[21] http://infolawalert.com/stories/051796b.html
[22] http://www.tbtf.com/archive/1996-07-14.html#Tdnp
[23] http://www.techserver.com/newsroom/ntn/info/061397/info19_1450.html
[24] http://www.tongatapu.net.to/
[25] http://www.tbtf.com/threads.html#Tdnp

TBTF for 1997-05-22 [26] reflected on the Economist's survey on electronic commerce, the initial premise of which is that the experts who predicted a frictionless future of disintermediated commerce lubricated by micropayments got it fundamentally wrong -- so far. (The survey is no longer available online as the Economist has gone over to access by paid subscription only.) Here's Phil Agre <pagre at ucsd dot edu>, proprietor of the Red Rock Eater News Service, grousing from a similar point of view:

> I'm a little disappointed with certain Internet people who
> envision all sorts of futuristic electronic commerce scen-
> arios in which everyone pays for everything incrementally
> using micropayment systems -- what Vinny Mosco called "the
> pay-per society" -- but who then turn around and resist
> that same principle when it applies to their own use of
> the Internet. These folks want a la carte for everyone
> else, but the buffet for themselves.

I'll admit to a continuing fascination with the technologies of electronic cash and anonymous trust; and in that spirit I volunteered TBTF to beta test Digital's Millicent payment system [27] this summer.

Subscribers, please send me a note with your reactions to the idea that parts of the TBTF site might one day be available on a "pay-per" basis. Would you pay a nickel for the convenience of reading TBTF on the Web where the links are live? A penny? A tenth of a cent? Would you just read the email and grumble? Or would you flame me and unsubscribe in disgust? (Note that the beta test will almost certainly be conducted using scrip of no value.)

I'll publish your collected remarks in a future Tasty Bit of the Day. Let me know if you prefer anonymity.

[26] http://www.tbtf.com/archive/1997-05-22.html
[27] http://millicent.digital.com/

Here are two high-quality sources of Net information that might interest TBTF readers: Stating the Obvious and That's Useful, This is Cool. Michael Sippey's Stating the Obvious [28] is, like TBTF, a daily-updated Web page and a weekly mailing. (It is from Sippey that I picked up the term "retro-push.") The man must spend even more time online than I do, though I don't know how one could; and he has sufficient personal bandwidth left to think about the online life and to write about it, sensibly and winningly. Lynn Siprelle's TUTIC [29] brings you two links per weekday: one useful, one cool, with a paragraph describing each. (Unlike TBTF, TUTIC takes the weekends off.) You can pull them from the Web or have TUTIC push them by email. A simple concept, nicely executed.

[28] http://www.theobvious.com/
[29] http://www.usefulcool.com/

For a complete list of TBTF's (mostly email) sources, see http://www.tbtf.com/sources.html>.

Cryptography -- mail majordomo@c2.net without subject and with message: subscribe cryptography [ your@email.address ] .

0xdeadbeef -- mail 0xdeadbeef-request@substance.abuse.blackdown.org without subject and with message: subscribe .

Red Rock Eater News Service -- mail rre-request@weber.ucsd.edu without subject and with message: subscribe . Archive at <http://communication.ucsd.edu/pagre/archive_help.html> (email-based). Web home at <http://communication.ucsd.edu/pagre/rre.html>.

TBTF home and archive at <http://www.tbtf.com/>. To subscribe
send the message "subscribe" to tbtf-request@world.std.com. TBTF is
Copyright 1994-1997 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com-
mercial use prohibited. For non-commercial purposes please forward,
post, and link as you see fit.
_______________________________________________
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.