TBTF for 1999-05-22: Hush

Keith Dawson (dawson@world.std.com)
Sat, 22 May 1999 14:04:45 -0400


TBTF for 1999-05-22: Hush

T a s t y B i t s f r o m t h e T e c h n o l o g y F r o n t

Timely news of the bellwethers in computer and communications
technology that will affect electronic commerce -- since 1994

Your Host: Keith Dawson

This issue: < http://tbtf.com/archive/1999-05-22.html >

C o n t e n t s

HushMail: free Web-based email with bulletproof encryption
ICANN increasingly under fire
Good news and bad news from Europe
EU reverses course, won't ban caching
EU passes mandatory Net wiretap regulation
Canada will not regulate the Net
Domain-name competition? Not yet
Live from Linux Expo
Chicken Little was right

..HushMail: free Web-based email with bulletproof encryption

Now refugees can email in safety from Internet cafes

Hush Communications has quietly begun beta testing a significant
development in email privacy. HushMail [1] works like Hotmail or
Rocketmail -- you can set up multiple free accounts and access
them from any Web browser anywhere -- but when you email another
HushMail user your communication is protected by unbreakable en-
cryption. The crypto, implemented in a downloadable Java applet,
was developed outside of US borders and so has no export limita-

Here are the FAQ [2] and a more technical overview [3] of the Hush-
Mail system.

HushMail public and private keys are 1024 bits long, and are stored
on a server located in Canada. All information sent between the
HushApplet and the HushMail server is encrypted via the Blowfish
symmetric 128-bit algorithm. The key to this symmetric pipe is ran-
domly generated each session by the server and is transferred to the
client machine over a secure SSL connection. When I posted news of
HushMail to the Cryptography list, the moderator questioned the wis-
dom of storing keys on a remote server, and several posters (none
from Hush) have provided the rationale. You can follow the discus-
sion here [4].

When you sign on as a new user you can choose an anonymous account
or an identifiable one. For the latter you have to fill out a dem-
ographic profile, to make you more attractive (in the aggregate) to
HushMail's advertisers. The HushApplet walks you through generating
a public-private key-pair. The process is fun and slick as a smelt.
You need to come up with a secure pass-phrase, and in this process
HushMail gives only minimal guidance. You might want to visit Arnold
Reinhold's Diceware page [5], which lays out a foolproof passphrase
protocol utilizing a pair of dice.

HushMail relies heavily on Java (JVM 1.1.5 or higher), so it can
only be used with the latest browsers. For Netscape, version 4.5 or
4.6 is best; the earliest workable version is 4.04, and some fea-
tures don't work before 4.07. For Internet Explorer, 4.5 is rec-
ommended, but the latest Windows release of IE 4.0 (sub-version
4.72.3110) works as well. Red Hat Linux version 5.2 is also tested
and supported. Unfortunately, HushMail does not work on Macintoshes,
due to limitations in Apple's Java implementation. (Mac users can
crawl HushMail under Connectix Virtual PC. Note that I don't say
"run." I've tried this interpretation-under-emulation and do not
recommend it.) The company is trying urgently to connect with the
right people at Apple to get this situation remedied.

One of the limitations of this early release of HushMail is that en-
cryption can only be used to and from another HushMail account. It
is not currently possible to export your public/private key-pair, to
set up automatic forwarding of mail sent to a HushMail account, or
to import non-Hush public keys. I spoke with Cliff Baltzley, Hush's
CEO and chief technical wizard. He stresses that Hush's desire and
intention is to move toward interoperability with other players in
the crypto world, such as PGP and S/MIME. The obstacles to doing
so are the constraints on technical resources (read: offshore crypto
programmers) and legal questions of intellectual property. Baltzley
believes that HushMail's positive impact on privacy worldwide will
be enhanced by maximizing the product's openness.

[1] https://www.hushmail.com/
[2] https://www.hushmail.com/faq.htm
[3] https://www.hushmail.com/tech_description.htm
[4] http://www.mail-archive.com/cryptography@c2.net/index.html
[5] http://world.std.com/~reinhold/diceware.html

..ICANN increasingly under fire

Diverse critics voice concern about the organization's sewardship
of domain names

Complaints are building about the way ICANN, the organization tasked
with guiding Internet naming and numbering from government to pri-
vate oversight, is pursuing its charter. This Telepolis article [6]
summarizes some of the concerns. Here are three separate controver-
sies that have arisen in recent days in advance of ICANN's next
meeting in Berlin, scheduled for 26 May.

- A number of domain-name activists have petitioned [7] ICANN
and the US Department of Commerce protesting ICANN's inten-
tion to consider, at the Berlin meeting, a trademark reso-
lution report [8] from the World Intellectual Property
Organization. The petition argues that ICANN's charter gives
it no power to implement such a far-reaching power shift as
the WIPO proposal calls for; the current unelected ICANN
members are supposed to limit themselves to the transition
to a permanent ICANN with elected representation. Here is a
response [9] from the US Small Business Administration to
the petition, and here are WIPO representative Michael Froom-
kin's comments [10] on the final WIPO report.

- Recently Ellen Rony, coauthor of The Domain Name Handbook and
one of the signatories to [7], posted a note [11] requesting
that ICANN make stronger provisions for input and participa-
tion via the Internet, instead of answering all critics with
the less-than-helpful (and quite expensive) suggestion that
they come to Berlin.

- The people who run the country-code top-level domains around
the world are unhappy with ICANN for a variety of reasons.
One of the principals of Adams Names, which handles regis-
tration for five island ccTLDs, posted a note to the wwTLD
mailing list (not online as far as I have been able to dis-
cover) detailing how the official representative from the
Turks and Caicos Islands was denied admission to the Ber-
lin ICANN meeting on the grounds that T & C is not a country,
but a colony. (The islands are in fact a British Overseas
Territory with their own democratically elected government.)
Ant Brooks <ant at hivemind dot com> sent this summary [12]
of the ccTLD community's complaints with ICANN; it is posted
on the TBTF archive by permission.

[6] http://www.heise.de/tp/english/inhalt/te/2837/1.html
[7] http://www.interesting-people.org/199905/0044.html
[8] http://wipo2.wipo.int/process/eng/final_report.html
[9] http://www.interesting-people.org/199905/0076.html
[10] http://www.law.miami.edu/~amf/commentary.htm
[11] http://www.interesting-people.org/199905/0073.html
[12] http://tbtf.com/resource/brooks-ccTLD.html

..Good news and bad news from Europe

..EU reverses course, won't ban caching

TBTF for 1999-03-26 [13] reported on an EU proposal, backed by music
copyright interests, that would have banned caching of Internet data
in Europe. On 13 May the EU inserted a critical nine-word amendment
into the Report on Copyright in the Information Society that appears
to lift the threat of imminent European Internet molasses. The amendm-
ent reads: "...including those which facilitate effective functioning
of transmission systems..." [14].

[13] http://tbtf.com/archive/1999-03-26.html#s02
[14] http://www.theregister.co.uk/990521-000016.html

..EU passes mandatory Net wiretap regulation

TBTF for 1999-05-08 [15] noted the European movement towards a US
CALEA-style requirement. With little scrutiny and in a nearly empty
chamber on a Friday afternoon, the European Parliament passed a
regulation that would require European ISPs to provide full real-
time access to law enforcement for Internet, telephony, and wire-
less traffic, with the cost to be borne by ISPs and other communi-
cations carriers [16].

[15] http://tbtf.com/archive/1999-05-08.html#s01
[16] http://www.europemedia.com/emeu/18_May_1999.shtml

..Canada will not regulate the Net

The civilization to the north shows us how it should be done

The minister of the Canadian Radio-television and Telecommunications
Commission, equivalent to the US FCC, announced that CTRC will not
regulate new media over the Internet [17]. Francoise Bertrand's mes-
sage was so sensible and straightforward as to make grown men weep
in such benighted backwaters as the US, Australia [18], and the Euro-
pean Union. "By not regulating, we hope to support the growth of new
media services in Canada," said Bertrand. "Our message is clear. We
are not regulating any portion of the Internet."

[17] http://www.crtc.gc.ca/ENG/NEWS/RELEASES/1999/R990517e.htm
[18] http://tbtf.com/archive/1999-05-08.html#s04

..Domain-name competition? Not yet

NSI still claims ownership of the Whois database, and acts
like it

Esther Dyson is the chair of ICANN, the entity chartered with moving
control of Internet naming and numbering out from under the purview
of the US government. Dave Winer interviewed her by email [19] and
here is what she has to say about competition in the granting of do-
main names.

We haven't created competition for NSI in toto, but for the
service of registering domain names -- i.e. its registrar
business. NSI still maintains the database (the registry),
but does so under a price cap (which may be further reduced
in negotiations between NSI and the Department of Commerce).

The reality is that four weeks after the competition starting gun
fired, none of the five companies participating in the first phase
of ICANN's process is yet selling names in competition with NSI
[20]. Some are still negotiating with NSI over the terms of their
agreements. A particular sticking point is NSI's requirement that
each new registrar take out $100,000 of liability insurance, pay-
able to NSI under what one company described as "very liberal"
terms. The chairman of the Internet Council of Registrars said,
"NSI has taken all the liability that has previously existed for
the registry and passed it back to the registrars."

Here is an interview [21] with the CEO of another of the new regis-
trars, Register.com. He is all understated discretion.

Meanwhile the Justice Department is expanding its two-year antitrust
probe into NSI [22], looking in particular at its recent stewardship
of the Whois database [23].

[19] http://davenet.userland.com/1999/05/whoOwnsDotCom
[20] http://www.news.com/News/Item/Textonly/0,25,36117,00.html
[21] http://www.techweb.com/wire/story/TWB19990506S0021
[22] http://www.news.com/News/Item/Textonly/0,25,36116,00.html
[23] http://tbtf.com/archive/1999-03-26.html#s01

..Live from Linux Expo

David Sklar reports from what has become a Big Show

For the second year, David Sklar <sklar at student dot net> is
feeding TBTF readers color commentary from Linux Expo in Raleigh,
NC, USA. This report was filed Friday 21 May at 14:16 EDT (-0400).

Checking in from the "e-mail garden" here.

The show is definitely much bigger and snazzier than last
year -- the location (Raleigh Convention Ctr. vs. Duke's
campus) is a big part plus the exhibitors -- a huge booth
from IBM (with some really comfy super-plush carpeting) plus
HP, Compaq, Oracle, etc. Curiously, Sun only has a little
booth on the fringes of the room. Lots of cool freebies and
giveaways in the exhibit hall. I think the coolest are the
lollipops that LinuxCare is giving away -- they have a real
cricket inside them. I think the LinuxCare line about them
is something like "These are open source lollipops -- you
can see the bugs."

My favorite part so far was the technical keynote from Jim
Gettys yesterday. He talked mostly about design decisions in
[the X Window System] and how they can help promote GUI
standardization today. Towards the beginning, he mentioned
that a particular feature in some window managers enables
easy ways to abstract input devices and showed a 7-year old
(but still supercool) video demo using voice input to X.
Miguel DeIcaza, the GNOME guy, was sitting in the front row
and yelled out that GNOME would have the feature that Jim
was talking about "by tomorrow." Shortly before Jim finished
his talk, the GNOME guys interrupted to say that they had
added the feature while he was talking. Jim laughed and said
that he had been bugging them for a month and a half to add
it, and Miguel replied, to much laughter, that it was the
video that really convinced him.

Tonight is the Linux Bowl trivia challenge, which should be

..Chicken Little was right

Global warming is cooling and shrinking the upper atmosphere

Lloyd Wood, satellite maven, forwarded this bit from the New Sci-
entist [24]. As the lower atmosphere heats due to the greenhouse
effects caused by human activity, the upper layers of the atmos-
phere cool down. This is happening at a rate far faster than had
been predicted 10 years ago. The cooling in the stratosphere con-
tributes directly to the ozone hole over Antartica, and is expected
to open up a similar hole over the Arctic any year now; Greenland
and northern Europe will bear the brunt of the effects of the in-
creased solar radiation reaching the earth's surface. As the upper
atmosphere cools it shrinks, many satellites orbiting in the layer
known as the thermosphere, above 90 km, will find themselves reg-
istering less air resistance as the atmosphere literally falls
away below them. This effect will throw off current calculations
of satellite longevity in orbit.

[24] http://www.newscientist.com/ns/19990501/chillinthe.html

N o t e s

> TBTF will welcome its 10,000th email subscriber probably on Monday or
Tuesday. Of course this subscriber will, if willing, be subjected
to unexpected net.fame and the glare of publicity. I would grate-
fully entertain any further suggestions for appropriate pomp and

S o u r c e s

> For a complete list of TBTF's (mostly email) sources, see
http://tbtf.com/sources.html .

TBTF home and archive at http://tbtf.com/ . To (un)subscribe send
the message "(un)subscribe" to tbtf-request@tbtf.com. TBTF is Copy-
right 1994-1999 by Keith Dawson, <dawson@world.std.com>. Commercial
use prohibited. For non-commercial purposes please forward, post,
and link as you see fit.
Keith Dawson dawson@world.std.com
Layer of ash separates morning and evening milk.

Version: PGP for Personal Privacy 5.5