Computer underground Digest Tue June 28, 1994 Volume 6 : Issue 58 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Retiring Shadow Archivist: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Coptic Idolator: Ephram Shrewdlieu CONTENTS, #6.58 (Tue, June 28, 1994) File 1--Re: E-Mail Female for a Day (CuD 6.57) File 2--Re: "Ghost in the Modem" (CuD 6.51) File 3--Cryptography export legislation in need of help! File 4--Terisa_Systems.html Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send a one-line message: SUB CUDIGEST your name Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 UNITED STATES: etext.archive.umich.edu (141.211.164.18) in /pub/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ uceng.uc.edu in /pub/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/cud/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) JAPAN: ftp.glocom.ac.jp /mirror/ftp.eff.org/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Mon, 27 Jun 1994 10:06:54 -0500 From: Anonymous Subject: File 1--Re: E-Mail Female for a Day (CuD 6.57) > It begins to dawn on me that Jeff is simply not going to leave me alone. > "Stop being a weenie, Jeff," I growl at the terminal. More than just > annoy, he's really beginning to piss me off. He is _only_ acting this > way because he thinks I'm female. If there was a "male" designation on > the screen beside my name, Jeff would not bothered me after the second > ignore, if he would have noticed me at all. Guys who impersonate females on the net are called 'she-males'. There are *lots* of them around... What many of these macho hetboys out there don't realise is that there's a large gay and bi subculture that gets off on hanging out on the net, irc, and bbs's, using female handles in order to hit on het guys like this. There's a great deal of satisfaction to be had from having hot netsex with one of these bozos, then while he's relaxing and wiping the cum off his keyboard you tell him 'Yo, that was fun. Say, next time, call me Danny...' That's one reason guys pretend to be females; another group talks to women to get them to talk dirty, thinking they're talking to other women, especially on the lesbian and bisexual female channels on IRC. (The lesbian channels are hilarious, where the women ask you questions that the men 'couldn't possibly' know the answers to, like the small print on a packet of tampons. Also you have to string off a list of very right-on lesbian-friendly music that you're supposed to like... They seem to think this will keep the she-males out. Bwahahaha!) I remember one time on #bifem last year when there were 5 people on the channel and *every one* of us was either male or m->f transsexual... not a real woman among us! (I'm not sure the other 4 guys realised this...) Watch out guys, the next woman you molest might be a 6'2'' programmer from Silverado California! ------------------------------ Date: 15 Jun 94 13:03:24 CDT From: A02DAG1@NOC.NIU.EDU Subject: File 2--Re: "Ghost in the Modem" (CuD 6.51) In Cu Digest #6.51, Bryce Wilcox wrote: -=> In CuD 6.50 I read an article entitled "Ghost in the Modem (Loka Alert -=> 1:6 Wash. Post)". In this article, authors Richard Sclove and -=> Jeffrey Scheuer deliver several warnings about the possible effects of -=> the developement of the Information Superhighway and conclude by -=> suggesting three restrictions that, they assert, should be placed on -=> information service developement. -=> -=> While I find myself in more or less complete disagreement with the -=> authors, I am not going to argue about the thesis of their article -=> today. Instead, I would like to draw attention to a statement made -=> earlier in the article which I believe indicates an underlying false -=> assumption. -=> -=> The statement is: "And the risk of inequity in contriving and -=> distributing electronic services [...] is clear." -=> -=> This statement seems to assume that access to information technology -=> should be equally distributed among individuals. The reason that I -=> find this assumption disturbing enough to write about is because I -=> often see variations on such a theme echoed in Computer underground -=> Digest, but I rarely if ever see a contradictory opinion stated. -=> -=> I would like to take this opportunity to state that I -=> believe egalitarianism, in regard to information technology -=> as elsewhere, is an irrational, immoral, and dangerous -=> ideal. -=> -=> As a denizen of cyberspace and a long-time reader of CuD, I would -=> like others to know that I will not assist anyone in his or her -=> attempt to enact policies which, I believe, would be vastly -=> destructive to the cyber-society, and the real society which I -=> inhabit. -=> I am sure that many of my fellow Net citizens have similar ideals -=> and ideologies, but I would not know it from reading CuD! -=> -=> commentary and criticism is welcome You don't leave much to comment on, but I'm curious what your reasoning is for your position. I agree with you on the second to last paragraph, that policies and programs that are, or could be, destructive should be opposed, but I don't understand the connection between the ideal that every citizen that cares to connect up and start surfing the net should be allowed to and a policy that's destructive to either the "cyberspace" that we keep hearing about or the real society in which we live. Maybe I'm misunderstanding your position, but you seem to favour a "status quo" position that only the technologically knowledgable should be allowed to use the networks. A sort of nerd-priesthood, if you will, paying homage to the net.gods. If this is, in fact, your position, how would one go about joining this priesthood? What sort of controls will have to be implemented to keep out the non-initiated? ------------------------------ Date: Tue, 28 Jun 1994 12:40:10 -0400 (EDT) From: "Shabbir J. Safdar" Subject: File 3--Cryptography export legislation in need of help! [URGENT ACTION REQUIRED BEFORE 10:30AM JUNE 30TH, 1994] [PLEASE CHECK THE "WHAT YOU CAN DO RIGHT NOW" SECTION!] ********************************************************************* DISTRIBUTE WIDELY ********************************************************************* Table of contents: Introduction & Alert Status of the bill What you can do right now List of legislators supporting HR 3937 (formerly HR 3627) List of legislators wavering on HR 3937 (formerly HR 3627) List of legislators opposing HR 3937 (formerly HR 3627) What is the Cantwell bill? --------------------------------------------------------------- INTRODUCTION & ALERT Voters Telecomm Watch keeps scorecards on legislators' positions on legislation that affects telecommunications and civil liberties. If you have updates to a legislator's positions, from either: -public testimony, -reply letters from the legislator, -stated positions from their office, please send them to vtw@panix.com so they can be added to this list. General questions: vtw@panix.com Mailing List Requests: vtw-list-request@panix.com Press Contact: stc@panix.com Gopher URL: gopher://gopher.panix.com:70/1/1/vtw WWW URL:Be patient; we're working on it. :-) --------------------------------------------------------------- STATUS OF THE BILL (updated 6/28/94) The Cantwell bill, that allows for fewer restrictions exports of cryptography, has an interesting history. It was rolled into the General Export Administration Act HR 3937. The House Foreign Affairs Committee passed the full strength version out of committee after open, public hearings. The House Intelligence Committee took the bill and gutted it after a day of closed, secret hearings. The gutted version is making its way to the House floor. There is a crucial stop-off point, however. The House Rules Committee will hold a hearing on Thursday June 30th, 10:30am in D.C. (Room H-13) to determine if the bill can be amended on the House floor (an "open" bill) or not (a "closed" bill). If they mark the bill as "open", then the Cantwell bill could be restored to its previous version, removing the language put in by the House Select Intelligence Committee which gutted it without a public hearing. It is crucial that you call of the members of the House Rules Committee before 10:30am Thursday June 30th and urge them to mark the bill as "open". This may be the last thing you can do for the cryptographic export legislation. Take the time to make a call! Chronology of the bill Jun 30, 94 House Rules Comm. decides whether to allow amendments on the bill when it reaches the House floor Jun 14, 94 Gutted by the House Select Committee on Intelligence May 20, 94 Referred to the House Select Committee on Intelligence May 18, 94 Passed out of the House Foreign Affairs Committee on May 18 attached to HR 3937, the General Export Administration Act Dec 6, 93 Referred to the Subcommittee on Economic Policy, Trade and Nov 22, 93 Referred to the House Committee on Foreign Affairs. --------------------------------------------------------------- WHAT YOU CAN DO RIGHT NOW Estimated time to do this good deed: Two minutes Show your support for HR 3937 (formerly HR 3627) by contacting a member of the House Rules Committee and ask them to mark the bill as "open" (allowing amendments) when it reaches the House floor. The phone numbers of the members of the House Rules Committee are listed below. Please pick one from your state and call them. If your state isn't listed please call the Chairman, Rep. Joe Moakley. Feel free to use the following sample communique: The Honorable ____________ address Washington DC, 20515 Dear Congressman or Congresswoman, Please mark the General Export Administration Act (HR 3937) as "open" (allowing amendments on the House floor). Recently the House Intelligence Committee removed several provisions of the General Export Administration Act, HR 3937, dealing with the export of cryptographic technology. The House Intelligence Committee did this in a closed, secret hearing which provided for no public input. The House Foreign Affairs Committee previously held an open hearing on the same issue and received a flood of people testifying in favor of the bill, which the committee then reported out in full. I urge you to allow the democratic process to take its course on the House floor and mark the bill as "open". Sincerely, _________________________________ Phone/Fax/Addresses of members of the House Rules Committee 103rd United States Congress, 1993-1994 All addresses are Washington, D.C. 20515 Dist ST Name, Address, and Party Phone Fax ==== == ======================== ============== ============== 9 MA Moakley, John Joseph (D) 1-202-225-8273 1-202-225-7304 235 Cannon 3 SC Derrick, Butler (D) 1-202-225-5301 1-202-225-5383 221 Cannon 24 CA Beilenson, Anthony (D) 1-202-225-5911 1-818-999-2258 2465 RHOB (might not answer) 24 TX Frost, Martin (D) 1-202-225-3605 1-202-225-4951 2459 RHOB 10 MI Bonior, David E. (D) 1-202-225-2106 1-202-226-1169 2207 RHOB 3 OH Hall, Tony P. (D) 1-202-225-6465 1-202-225-6766 2264 RHOB 5 MO Wheat, Alan (D) 1-202-225-4535 1-202-225-5990 2334 RHOB 6 TN Gordon, Bart (R) 1-202-225-4231 1-202-225-6887 103 Cannon 28 NY Slaughter, Louise M. (D) 1-202-225-3615 1-202-225-7822 2421 RHOB 22 NY Solomon, Gerald B. (R) 1-202-225-5614 1-202-225-1168 2265 RHOB 1 TN Quillen, James H. (R) 1-202-225-6356 1-202-225-7812 102 Cannon 28 CA Dreier, David (R) 1-202-225-2305 1-202-225-4745 411 Cannon 14 FL Goss, Porter J. (R) 1-202-225-2536 1-202-225-6820 330 Cannon -------------------------------------------------------- LIST OF LEGISLATORS SUPPORTING CRYPTOGRAPHY EXPORT LEGISLATION The following legislators have formally registered support for cryptography export legislation. Call them with your cheers. All addresses are Washington, D.C. 20515 Dist ST Name, Address, and Party Phone Fax ==== == ======================== ============== ============== 1 WA Cantwell, Maria (D) 1-202-225-6311 1-202-225-2286 1520 LHOB HR 3627's sponsor; thank her for her work! 16 IL Manzullo, Donald (R) 1-202-225-5676 1-202-225-5284 506 Cannon Cosponsored HR 3627 on 11/22/93 3 UT Orton, William H. (D) 1-202-225-7751 1-202-226-1223 1122 LHOB Cosponsored HR 3627 on 03/22/94 3 OR Wyden, Ronald (D) 1-202-225-4811 1-202-225-8941 1111 LHOB Cosponsored HR 3627 on 03/22/94 16 CA Edwards, Donald (D) 1-202-225-3072 1-202-225-9460 2307 RHOB Cosponsored HR 3627 on 03/22/94 19 OH Fingerhut, Eric D. (D) 1-202-225-5731 1-202-225-9114 431 Cannon Cosponsored HR 3627 on 03/22/94 4 MA Frank, Barney (D) 1-202-225-5931 1-202-225-0182 2404 RHOB Cosponsored HR 3627 on 03/22/94 2 UT Shepherd, Karen (D) 1-202-225-3011 1-202-226-0354 414 Cannon Cosponsored HR 3627 on 03/22/94 3 WA Unsoeld, Jolene (D) 1-202-225-3536 1-202-225-9095 1527 LHOB Cosponsored HR 3627 on 03/22/94 19 FL Johnston II, Harry (D) 1-202-225-3001 1-202-225-8791 204 Cannon Cosponsored HR 3627 on 03/22/94 9 WA Kreidler, Mike (D) 1-202-225-8901 1-202-226-2361 1535 LHOB Cosponsored HR 3627 on 03/22/94 4 WA Inslee, Jay (D) 1-202-225-5816 1-202-226-1137 1431 LHOB Cosponsored HR 3627 on 03/22/94 7 WA McDermott, James A. (D) 1-202-225-3106 1-202-225-9212 1707 LHOB Cosponsored HR 3627 on 03/22/94 8 IN McCloskey, Frank (D) 1-202-225-4636 1-202-225-4688 306 Cannon Cosponsored HR 3627 on 03/22/94 14 CA Eshoo, Anna G. (D) 1-202-225-8104 1-202-225-8890 1505 LHOB Cosponsored HR 3627 on 03/22/94 10 NC Ballenger, Thomas C. (R) 1-202-225-2576 1-202-225-0316 2238 RHOB Cosponsored HR 3627 on 05/04/94 2 WA Swift, Al (D) 1-202-225-2605 1-202-225-2608 1502 LHOB Cosponsored HR 3627 on 05/04/94 --------------------------------------------------------------- LIST OF LEGISLATORS WAVERING ON CRYPTOGRAPHY EXPORT LEGISLATION [Feel free to use the sample communique at the end of the FAQ when calling or writing a legislator.] 26 NY Hinchey, Maurice D. (D) 1-202-225-6335 1-202-226-0774 1313 LHOB Recently told a constituent that he is taking the Cantwell bill under consideration, but has "national security concerns" about allowing encryption to be exported outside the United States. 1 IA Leach, James (R) 1-202-225-6576 1-202-226-1278 2186 RHOB Has yet to answer a constituent letter with a stated position. 13 NY Molinari, Susan (D) 1-202-225-3371 1-202-226-1272 123 Cannon Has yet to answer a constituent letter with a stated position. (has taken inordinately long) 8 NY Nadler, Jerrold (D) 1-202-225-5635 1-202-225-6923 424 Cannon Met with lobbying constituent in April '94; no position taken yet 25 CA McKeon, Howard P. (R) 1-202-225-1956 1-202-226-0683 307 Cannon Responded to a constituent with a "non-position", May '94 Had a favorable meeting with a constituent and a VTW volunteer in May '94. ------------------------------------------------------------------------------- LIST OF LEGISLATORS OPPOSING CRYPTOGRAPHY EXPORT LEGISLATION [Feel free to use the sample communique at the end of the FAQ when calling or writing a legislator.] Dist ST Name, Address, and Party Phone Fax ==== == ======================== ============== ============== 5 AL Cramer Jr, Robert E. (D) 1-202-225-4801 1-202-225-4392 1318 LHOB FAILED Cryptography exports: Voted to kill Rep. Cantwell's export provisions in the House Intelligence Committee on 6/15/94. 8 CA Pelosi, Nancy (D) 1-202-225-4965 1-202-225-8259 240 Cannon FAILED Cryptography exports: Voted to kill Rep. Cantwell's export provisions in the House Intelligence Committee on 6/15/94. 32 CA Dixon, Julian C. (D) 1-202-225-7084 1-202-225-4091 2400 RHOB FAILED Cryptography exports: Voted to kill Rep. Cantwell's export provisions in the House Intelligence Committee on 6/15/94. 40 CA Lewis, Jerry (R) 1-202-225-5861 1-202-225-6498 2312 RHOB FAILED Cryptography exports: Voted to kill Rep. Cantwell's export provisions in the House Intelligence Committee on 6/15/94. 46 CA Dornan, Robert K. (R) 1-202-225-2965 1-202-225-3694 2402 RHOB FAILED Cryptography exports: Voted to kill Rep. Cantwell's export provisions in the House Intelligence Committee on 6/15/94. 2 CO Skaggs, David E. (D) 1-202-225-2161 1-202-225-9127 1124 LHOB FAILED Cryptography exports: Voted to kill Rep. Cantwell's export provisions in the House Intelligence Committee on 6/15/94. 10 FL Young, C. W. (R) 1-202-225-5961 1-202-225-9764 2407 RHOB FAILED Cryptography exports: Voted to kill Rep. Cantwell's export provisions in the House Intelligence Committee on 6/15/94. 4 KS Glickman, Daniel (D) 1-202-225-6216 1-202-225-5398 2371 RHOB FAILED Cryptography exports: Voted to kill Rep. Cantwell's export provisions in the House Intelligence Committee on 6/15/94. 1 NE Bereuter, Douglas (R) 1-202-225-4806 1-202-226-1148 2348 RHOB FAILED Cryptography exports: Voted to kill Rep. Cantwell's export provisions in the House Intelligence Committee on 6/15/94. 9 NJ Torricelli, Robert (D) 1-202-224-5061 1-202-225-0843 2159 RHOB FAILED Cryptography exports: Voted to kill Rep. Cantwell's export provisions in the House Intelligence Committee on 6/15/94. 3 NM Richardson, William (D) 1-202-225-6190 1-202-225-1950 2349 RHOB FAILED Cryptography exports: Voted to kill Rep. Cantwell's export provisions in the House Intelligence Committee on 6/15/94. 1 NV Bilbray, James H. (D) 1-202-225-5965 1-202-225-8808 2431 RHOB FAILED Cryptography exports: Voted to kill Rep. Cantwell's export provisions in the House Intelligence Committee on 6/15/94. 17 PA Gekas, George W. (R) 1-202-225-4315 1-202-225-8440 2410 RHOB FAILED Cryptography exports: Voted to kill Rep. Cantwell's export provisions in the House Intelligence Committee on 6/15/94. 2 RI Reed, John F. (D) 1-202-225-2735 1-202-225-9580 1510 LHOB FAILED Cryptography exports: Voted to kill Rep. Cantwell's export provisions in the House Intelligence Committee on 6/15/94. 14 TX Laughlin, Gregory H. (D) 1-202-225-2831 1-202-225-1108 236 Cannon FAILED Cryptography exports: Voted to kill Rep. Cantwell's export provisions in the House Intelligence Committee on 6/15/94. 16 TX Coleman, Ronald D. (D) 1-202-225-4831 None 440 Cannon FAILED Cryptography exports: Voted to kill Rep. Cantwell's export provisions in the House Intelligence Committee on 6/15/94. 19 TX Combest, Larry (R) 1-202-225-4005 1-202-225-9615 1511 LHOB FAILED Cryptography exports: Voted to kill Rep. Cantwell's export provisions in the House Intelligence Committee on 6/15/94. 1 UT Hansen, James V. (R) 1-202-225-0453 1-202-225-5857 2466 RHOB FAILED Cryptography exports: Voted to kill Rep. Cantwell's export provisions in the House Intelligence Committee on 6/15/94. 6 WA Dicks, Norman D. (D) 1-202-225-5916 1-202-226-1176 2467 RHOB FAILED Cryptography exports: Voted to kill Rep. Cantwell's export provisions in the House Intelligence Committee on 6/15/94. -------------------------------------------------------------- What is the Cantwell bill? The Cantwell bill would permit companies to export products with encryption technology in them. US companies are currently not permitted to export products (hardware or software) with this technology in them. What is encryption technology? Encryption technology, or cryptography, is the art of scrambling a conversation so that only the people communicating can decode it. Other people (such as eavesdroppers) cannot learn about the conversation. Where is cryptography being used? Cryptography is used to encrypt electronic mail to protect its confidentiality in transit. It's used by bank automatic teller machines to protect sensitive data (such as your account number, your Personal Identification Number, and your bank balance). It can be implemented into software (such as electronic mail programs and word processors) as well as hardware (such as telephones and "walkie-talkies") to ensure your privacy. Why is there a restriction on exporting products with technology in them? For many years the United States was a leading researcher in cryptography. High quality cryptographic technology was available only within the United States. The US government thought that if they did not let this technology be exported, foreign individuals would not be able to obtain it and use it against us (by keeping US intelligence agencies from eavesdropping on their communications) Since then, cryptography research has been published in international journals. Companies have been created throughout the world who export cryptographic technology from countries that do not have these restrictions. You can now buy the same, high-quality cryptographic technology from many international firms. Although the marketplace has changed, the regulations have not. Why should the regulations be changed? US companies compete in a global marketplace. Because of the export regulations, they often compete alongside products with superior cryptographic capabilities built into them. The result is that US companies build their products with an inferior encryption technology. The result of this is that you, as an American consumer, have great difficulty obtaining products with strong encryption in them. Because US products cannot compete against products with better privacy features, and because the laws are outdated, the regulations should be changed. The Cantwell bill fixes these regulations to more accurately resemble the current situation of the world marketplace. How can I help encourage more privacy-enhanced products and pass the Cantwell bill? Call or write your representative and ask them to support or cosponsor Rep. Cantwell's export provisions (formerly HR 3627) in the General Export Administration Act, HR 3937. You can base your letter on the sample communication below. SAMPLE LETTER OR PHONE CALL The Honorable ____________ address Washington DC, 20515 Dear Congressman or Congresswoman, As a citizen concerned for my privacy, as well as a supporter of American business, I urge you to cosponsor the Rep. Cantwell's cryptographic export provisions (formerly HR 3627) in the General Export Administration Act, HR 3937. The bill would allow US companies to produce and export products with cryptographic privacy-enhancing technology in them. These products are already available from firms throughout the world. US companies lose nearly $100 million per year in exports to them. By encouraging this industry, ordinary citizens like you and me would be able to purchase products with better privacy features. Please support or co-sponsor HR 3937. Sincerely, ___________________________________ ------------------------------ Date: Fri, 24 Jun 94 23:26:47 MDT From: adunkin@NYX.CS.DU.EDU(Alan Dunkin) Subject: File 4--Terisa_Systems.html RSA AND EIT JOINT VENTURE WILL MAKE INTERNET TRANSACTIONS SECURE PRESS CONTACTS: Kurt Stammberger Nancy Teater RSA Data Security Inc. Hamilton Communications Phone: (415) 595-8782 Phone: (415) 321-0252 Internet: kurt@rsa.com Internet: nrt@hamilton.com FOR IMMEDIATE RELEASE PALO ALTO, Calif., June 13, 1994 -- RSA Data Security Inc. (RSA) and Enterprise Integration Technologies Corp. (EIT) today announced the formation of Terisa Systems, a joint venture that will market, license and support technologies that make secure Internet transactions possible. The new company will provide toolkits and support to developers of Internet applications for the World Wide Web (WWW) and NCSA Mosaic. RSA is the world leader in commercial cryptography and principal source of public key cryptosystems; EIT is a leading developer of software supporting commercial use of the Internet. Terisa Systems will combine the strengths of both companies to provide developers of Internet applications with a complete, consistent, and well-supported solution to their security needs. Initial toolkits from Terisa Systems will support the development of secure WWW clients and servers. The World Wide Web is a popular Internet application architecture that enables easy access to multimedia information distributed across the thousands of computers that comprise the Internet. However, use of the WWW in commerce requires features such as authentication, authorization, encryption and payment that are currently not well supported. Terisa Systems will provide an integrated solution to all of these needs based on RSA's public key cryptography and EIT's Secure-HTTP (HyperText Transfer Protocol), an enhanced version of the World Wide Web's internal communications language. Secure-HTTP ensures the authenticity of transactions and the confidentiality of information exchanged via HTTP. With a Secure-HTTP enabled application, a user can affix digital signatures that cannot be repudiated, permitting digital contracts that are legally binding and auditable. In addition, sensitive information such as credit card numbers and bid amounts can be encrypted and securely exchanged. Secure-HTTP can incorporate a variety of cryptographic standards and support interoperation between programs using different cryptographic algorithms. This is particularly useful for interaction between domestic and foreign users, where foreign users may not have access to the same algorithms as domestic users. Allan M. Schiffman, chief technical officer of EIT, said, "We've had tremendous interest on the part of developers in Secure-HTTP, but haven't been able to address their needs for a fully integrated package. Terisa Systems will provide 'one-stop shopping' for developers and give them the technology and support they need to get their applications to the market quickly." According to John Young, chairman of Smart Valley Inc., "The Internet has been evolving quickly as a medium where businesses can interact, but it is weak in key areas, such as security, which is critically important to business. Terisa Systems is taking a significant step forward in enabling electronic commerce by providing a standard security implementation for software developers in this market." RSA Technology Terisa Systems' Secure-HTTP toolkits will use RSA public key cryptography technology to permit spontaneous, secure communications between unfamiliar correspondents over non-secure, open, public networks. RSA's technology provides privacy through encryption and authentication through digital signatures. Terisa Systems will be the one source from which WWW application developers can obtain RSA security technology, complete with Secure-HTTP integration and support. Public key cryptography is a security technique that uses a matched pair of encryption keys. Data encrypted with an RSA public key can only be decrypted with the corresponding RSA secret key, and vice-versa. In contrast, traditional shared-key cryptography requires correspondents to agree on a secret encryption key before they can communicate. Public key cryptography avoids the need for prior agreement on keys, thus assuring security between unfamiliar correspondents. James Bidzos, president of RSA, said, "Rapidly growing interest in business use of the Internet is producing a lot of interest in our security technologies. Developers, however, have been looking for a consistent, interoperable, and quick way to incorporate these technologies. Terisa Systems will meet these needs by delivering RSA cryptography wrapped in a high-value Web security system." NCSA Mosaic NCSA Mosaic, one of the most popular World Wide Web browsers, was developed by the National Center for Supercomputing Applications (NCSA) at the University of Illinois. Mosaic is a multi-platform program with a point-and-click user interface for accessing the Internet and is primarily known for its ability to view multimedia World Wide Web information. NCSA also distributes NCSA HTTPD, a WWW server software package that makes information available to Mosaic and other WWW browsers. The first toolkits from Terisa Systems will include support for implementation of Secure-HTTP in NCSA Mosaic and NCSA HTTPD. In April, EIT, RSA, and NCSA announced an agreement to jointly develop and distribute secure versions of NCSA Mosaic and NCSA HTTPD based on RSA's public key cryptography and EIT's Secure-HTTP software. The enhancements are to be made available to NCSA for widespread public distribution for non-commercial use; Terisa Systems will now assume the responsibility of providing these versions. Terisa Systems' commercial line of toolkits and support systems will further enhance the secure Mosaic and HTTPD implementations with additional performance, functions and support options. According to Joseph Hardin, director of the group that developed NCSA Mosaic, "Mosaic's growth in the marketplace has been explosive, and has positioned it as the application of choice for users of the World Wide Web. With Secure-HTTP, Mosaic can become a framework for companies to engage easily in routine commerce on the Internet. By providing a standard source for toolkits and support, Terisa Systems will address the need of developers to implement Secure-HTTP applications quickly so they can compete in the World Wide Web marketplace." Products and Services Terisa Systems will deliver a full line of toolkits and services. SecureWeb Viewer Developer's Toolkit Intended for developers of World Wide Web clients, this toolkit is used to create viewers and other applications that can communicate with Secure-HTTP enhanced WWW servers. In addition, the toolkit will include a facility for managing multiple certificates and keys, enabling, for example, the automatic selection of an appropriate key through negotiation with the server. User interface components will provide easy-to-understand control over secure communications, using icons to make clear the status of confidential or digitally signed documents and other information. SecureWeb Server Developer's Toolkit Intended for developers of World Wide Web servers, this toolkit facilitates the creation of WWW servers that communicate with Secure-HTTP enhanced viewers. The toolkit addresses the more demanding server aspects of key and certificate administration. It includes tools for storing and managing multiple keys and certificates, associating appropriate keys with requests for particular documents, and managing the revocation of certificates and keys. It also will provide a stronger and more manageable document access control system. Certificates Certificates are central to the use of public keys, for they guarantee public key authenticity. While Secure-HTTP works with hierarchical public key certificates issued by major institutions, in the future, Terisa Systems plans to provide toolkits that allow organizations to issue their own certificates. These certificates, called "lightweight" because they may not be supported by rigorous user validation, enable businesses to manage the certification process and issue their own certificates. Availability Initial implementations of Secure-HTTP and Secure-HTTPD will be provided to NCSA in September, 1994 for subsequent non-commercial distribution. Fully-supported Terisa Systems commercial security products will be available in the fourth quarter of 1994. In addition to toolkits, Terisa Systems will provide full support services, including technical support, tutorials, training, an on-line information service and custom consulting. RSA Data Security Inc., Redwood City, Calif., invented the leading public key cryptography system and performs basic research and development in cryptography. RSA markets software that facilitates the integration of their technology into applications. Enterprise Integration Technologies Corp. (EIT), of Palo Alto, Calif., is an R&D and consulting organization, developing software and services that help companies do business on the Internet. EIT is also the project manager for CommerceNet, the first large-scale market trial of electronic commerce on the Internet. Additional information on Terisa Systems can be obtained by sending e-mail to terisa@eit.com. Telephone (415) 617-1836. Additional information on Secure-HTTP is available by sending e-mail to shttp-info@eit.com; additional RSA Data Security information is available by sending e-mail to info@rsa.com. _________________________________________________________________ Copyright (C) 1994 RSA Data Security, Inc. All rights reserved. (Go to Overview of RSA Press Releases) (Go to Recent Press Releases) (Go to RSA's Home Page) Last modified: Sun, 12 Jun 1994 19:26:02 -0700, ------------------------------ End of Computer Underground Digest #6.58 ************************************