Draft Minutes of the
Federal Network Council
Advisory Committee (FNCAC) Meeting

October 21 & 22, 1996
National Science Foundation
4201 Wilson Blvd., Rm. 1235
Arlington, VA 22230




I. ATTENDEES



Attending FNCAC Members:

 Henriette Avram, Library of Congress, Retired; Alan Blatecky, MCNC; Matt Blaze, AT&T Research; George Brandenburg, Harvard University; Susan Estrada, Aldea Communications, Inc.; Kenneth Flamm, Brookings Institution; John Gage, Sun Microsystems; Carol Henderson, American Library Association (FNCAC Chairperson); Stu Loken, Lawrence Berkeley National Lab; Paul Mockapetris, @Home; Robert Moskowitz, Chrysler Corporation; Ike Nassi, Apple Company; Carl Oliver, Lockheed Marietta, Energy Systems, Inc.; Stewart Personick, Bell Communications Research, Inc.; Thomas Rindfleisch, Stanford/Knowledge Systems Laboratory; Mike Roberts, EDUCOM; and Harold Thompson, Iowa Communications Network

Attending FNC and Working Group Members:

Bruce Bottomley, National Security Agency; John Cavallini, Department of Energy; Vary Coates, Nuclear Regulatory Commission; Tice DeYoung, National Aeronautics and Space Administration; Phil Dykstra, Army Research Laboratory; David Gaon, Defense Information Services Agency; Frank Hartel, National Institutes of Health; Jim Hott, US Geologic Survey; Henry Lai, General Services Administration; Fred Lee, National Technical Information Agency; Earnest Lucier, National Aeronautics and Space Administration; Hilarie Orman, Defense Advanced Research Projects Agency; Alexis Poliakoff, Department of Education; Stephen Squires, Defense Advanced Research Projects Agency; Elaine Stout, US Geologic Survey; George Strawn, National Science Foundation (Co-Chair); and Walter Wiebe, Federal Networking Council

Invited Speakers:

Steve Bellovin, AT&T Research; Marjory Blumenthal, CSTB/NRC; Charles Brownstein, Cross-Industry Working Team; Kim Claffy, SDSC/NLANR; Sally Floyd, Lawrence Berkeley National Lab; Brian Kahin, Harvard University; Herb Lin, NRC; Mike Nelson, OSTP; Bill St. Arnaud, CANARIE; and Jim Williams, FARNET

General Public:

Robert Aiken, DOE/Argonne; Don Austin, NCO; Javad Boroumand, USC/ISI; Jay Blaine, Cornell Theory Center; Paul Bosco, CCI/USMG; Heather Boyles, FARNET; Tim Clifford, Liquateq; Bob Crayle, Rose & Crayle; Barbara Dooley, CIX; Angela Drolte, Bureau of National Affairs; Chris Gamble, TENET; Les Gasser, NSF; Bob Gillespie, NWACL; David Graves, Network Solutions; Sally Howell, NCO; Jeffrey Kaufman, International Trademark Association; Jennifer Lucas, BNA; Norm Middaugh, University of Western Ontario; Dave Nelson, DOE; Catherine Peters, Industry Canada; Peter Rony, AIChE; Mike Stephens, USTI; Howard Susskind, Cable and Wireless; John Toole, NCO; Rick Weingarten, American Library Association; and Kevin Werbach, FCC

FNC Support Personnel:

Suzanne Burgess, DynCorp; Tracie Monk, DynCorp; Debra Summers, DynCorp; and Julie Walker, DynCorp



II. RECOMMENDATIONS / ACTION ITEMS:

a. Recommendations

Two recommendations were passed during the FNCAC meeting:

  1. Next Generation Internet Initiative: High-performance research and education (R&E) networking is critically needed to support today's advanced applications and for the early deployment of tomorrow's protocols, network services, and applications. Such networking promotes both continued leadership for U.S. R&E and accelerated availability of new services and applications on the commercial Internet. Therefore, the Federal Networking Council Advisory Committee (FNCAC) endorses the Administration's Next Generation Internet Initiative, one component of which is designed to catalyze the emergence of new Internet applications and services by promoting a vigorous partnership among the private sector, the R&E community, and the Federal Government. The FNCAC applauds the Administration's stated direction of a budgetary increase for participating Federal agencies to support this initiative.

    Further, the FNCAC encourages the Federal agencies to support initiatives such as the R&E community's Internet II initiative, which is designed to provide focus and coordination for R&E institutions that may be investing at a high level in the accelerated development of new Internet applications and services

  2. Domain Name Service: The FNCAC reiterates and underscores the urgency of transferring responsibility for supporting U.S. commercial interests in ITLD administration from the NSF to an appropriate entity.

Note that additional recommendations will be deliberated via e-mail following the meeting.

b. Action Items

Network Transitions and Scalability:

Internet Security and Privacy:

Education:

Intellectual Property:

General:



III. AGENDA AND PROCEEDINGS

1. Opening and Overview

Carol Henderson, FNCAC Chair, called the meeting to order, welcoming new and returning FNCAC members and the members of the FNC. The minutes of the April 1996 FNCAC meeting were approved as written.

2. FNC Initiatives and Issues During 1996

George Strawn, FNC Co-Chair / NSF appraised the Advisory Committee of FNC accomplishments during fiscal year 1996, provided details on new interagency organizations and current collaborations, and reported on the government role in top-level domain (TLD) names and address space issues.

FNC accomplishments include resolution of various federal networking architecture issues, including the decommissioning of FIX-East and the introduction of "gigaPoPs" as part of the next generation Internet architecture. The Next Generation Internet is a Presidential initiative announced in October. NSF's Connections Program will participate in this initiative through assisting universities by sharing costs associated with maintaining high performance Internet connections in addition to their commercial network services. New collaborations include exploring ways to stimulate interest in open platforms and IP v.6 among universities. Another collaboration effort being explored is expanding the very high Bandwidth Service (vBNS) network and the Collaborative Advanced Interagency Research Network (CAIRN) project to include participation by international networks.

Over the coming year, FNC agencies will place greater emphasis on their international networking collaborations. Quality of service and integrated services will receive particular attention. George Strawn briefly reviewed NSF's upcoming International Connections program solicitation. This program currently supports some of the costs of Internet connections to Asia and Latin America. He indicated that this follow-on effort will include support for high performance networks. [See below for additional information on FNC agency international networking activities.]

The Collaborations in Internet Security (CIS) project is the primary focus of the FNC's Internet privacy and security initiatives. This effort includes pilot studies by the various federal networks testing different security technologies and processes. A CIS workshop is planned for early November 1996. Additional information is provided on the CIS website at http://www.nitrd.gov/fnc/cis_page.html and in the Internet Privacy and Security section below.

George Strawn outlined the FNC's relationship within the Committee on Computing, Information, and Communication (CCIC). The FNC is one of three organizations reporting to the CCIC - the other two being the Computing, Information and Communications (CIC) R&D subcommittee and the Applications Council. The FNC and the CIC's Large Scale Networking (LSN) working group both share internetworking responsibilities, with the FNC focusing on operational issues and the LSN concentrating on networking R&D. Questions arose concerning the role of the FNCAC in light of the proposed Presidential Advisory Committee for the CCIC and concerning the future relationship between the FNC and the LSN. These and related issues are being considered within the CCIC structure, but given the nascent stage of the CIC working groups, these relationships are still being clarified.

FNC goals for 1997 were outlined; they include: increased collaborations among FNC R&E networks and promotion of interconnection of high performance networks; continued efforts to enhance effectiveness / capabilities of the national and global information infrastructures (NII/GII); provision of FNC agencies perspective on regulatory issues, e.g., ACTA Petition, Post FTS2000, copyrights; improved privacy and security awareness, technologies and application; and transition of DNS/Domain addressing responsibilities, e.g., long term plans for .com/.net/.org; also .gov/.edu. The FNC will advise the FNCAC on these issues via e-mail over the coming months.

Strawn discussed changes to the vBNS' policies and the role of NSF's Connections Program in the Next Generation Internet initiative. NSF views the vBNS as a link between universities and the next generation Internet, which could be included in the Internet II project recently announced by the President. While the exact relationship and progression of vBNS and Internet II are still being developed, several significant changes in the vBNS' operation are being initiated to better support high-performance networking for research and education. These changes are also intended to contribute to a new community for advanced applications of networking that is expected to speed the pace of research and development. They include:

  1. Many more institutions connected to the vBNS - 14 institutions selected for high-performance connections to the vBNS (in addition to the five original supercomputing sites); approximately 30 additional institutions are expected to be connected this year.

  2. Many new types of applications will be run on the vBNS - new connections include support for advanced networking for a wide variety of research including: scientific visualization, distributed workstation computing, distributed massive data sets, digital libraries, control of remote instrumentation, and multimedia collaboration tools plus better access to supercomputing.

  3. New interconnections with other R&E networks - the vBNS will connect to other high-performance research networks (e.g., DARPA, Energy, NASA, international, etc.) in order to reach more resources and larger community of collaborators.

  4. New technologies - the vBNS will support RSVP, IPv.6, limited layer-2 connections, and other emerging features. The focus will be on the enhanced qualities of service (QoS) required for advanced applications.

  5. New emphasis - the vBNS will be hardened to support the development of the leading-edge, but stable, applications of the general research community. Experimental networking applications will continue on a limited slice of the vBNS and through partnerships with other networks.

  6. Higher speed - The backbone capacity of the vBNS will be increased OC-12 (622 Mbps), maintaining its leadership position among large-scale research networks.

  7. New policies - The authorized usage policy (AUP) for the vBNS is being reviewed by NSF's General Counsel, and is expected to soon be updated to support hundreds of applications at dozens of institutions.

Background URL's for NSF High-Performance Connections program include:

Additional URLs include:

Strawn also provided an overview of the government's role in the domain name / address space issues. The FNC Executive Committee agencies have historically cost-shared administration of the Internet including financial support for IANA, the InterNIC, and the IETF secretariat. The InterNIC, which operates under a cooperative agreement between the NSF and Network Solutions Inc. (NSI), has implemented various policy changes during 1995/96, including the current fee policy.

Over the last year, NSF sponsored three workshops designed to facilitate community-driven consensus on long-term solutions for domain names / addressing policy and administration. As of this FNCAC meeting, there have been multiple recommendations from the Internet Society (ISOC), the International Telecommunications Union (ITU) and others, albeit no consensus. Proceedings from the September 1996 conference at Harvard are available at: http://ksgwww.harvard.edu/iip/cai.html.

The FNC continues to exercise responsibility for the .GOV Domain. A task force was established in September 1996 and charged with reviewing and refining the ".GOV" domain policy and with developing options for administration of the policy. NSF has continuing responsibility for the .EDU domain and is sponsoring its use by the higher education community. DISA continues to administer .MIL, with the Department of Defense having policy authority for the domain, and the ITU has the responsibility for the .INT domain.

FNCAC members discussed some of the longer-term concerns associated with top level domain (TLD) names and addresses, such as scalability, legitimacy, and impartiality of the registration system. Issues were raised about the growth rate of domain names (particularly in the .COM sector) and about the increased incidence of trademark lawsuits. Other issues were discussed relating to the de facto monopoly held by NSI and whether the root domain should be expanded to accommodate more TLDs. In response to participants' inquiries about DoD's interests in this topics, Hilarie Orman explained that DARPA supports the FNC's role as the source of authority for assignment of Internet DNS names and address numbers. This position, she explained, derives from DARPA's long-standing interest in the smooth functioning of the Internet.

FNCAC members noted the FNC continuing role in this sector and reiterated their view that the FNC and the NSF should transition out of their DNS and addressing responsibilities.

3. Network Transitions and Scalability

a. Governance in the Internet

Brian Kahin of Harvard University discussed the issues raised at the September 1996 workshop on administration of the Internet. While no consensus was reached at this workshop, the level of participation was broadened to include other elements of the U.S. government, including the U.S. Patent and Trademark Office, and several international organizations, including the International Telecommunications Union (ITU), the World Intellectual Property Organization (WIPO), and the European Commission (EC). Harvard plans to sponsor follow-up conferences/workshops outside of the U.S. in 1997; a proceedings will also be published as a result of the September workshop.

Mr. Kahin discussed ongoing issues relating to domain names/addresses. Kahin chairs the Working Group on Intellectual Property, Interoperability, and Standards of the U.S. Advisory Committee on International Communications and Information Policy, which reports to the U.S. State Department. The focus of this working group is copyright issues, however, the DNS discussion (from an intellectual property standpoint) is of great interest to the participants. On behalf of this working group, a letter was sent on September 23rd to the FNC co-chairs requesting clarification of the government's position on the following points:

  1. whether any of the FNC agencies claim any right of ownership or other element of control over the network number system and space;

  2. federal agency interests in international top-level domains, particularly .com, .net., .org;

  3. federal agency interests in the "root domain".

On behalf of the FNC, George Strawn explained that these points were currently being addressed within the FNC Executive Committee, with a response anticipated soon. FNCAC members expressed their interest in this topic and requested that a copy of the FNC's response be distributed to members via e-mail once it is finalized.

Participants also discussed the formation of the Internet Society's Ad Hoc Advisory Group. This international group is being established to provide guidance to ISOC on implementing the ISOC/Postel RFC for administration of the DNS. While not endorsing the RFC, FNCAC members urged NSF and the FNC to seek membership on this advisory committee, in recognition of the government's historic stewardship role in this sector.

Kahin also referred to the U.S. Patent and Trademark Office proposal to the World Intellectual Property Organization (WIPO) for a new treaty on databases as intellectual property. He noted that the proposed database right (http://www.loc.gov/copyright/wipo6.html) may have unanticipated implications for control over network numbers, name registries, and routing tables. Participants expressed concern that this treaty could have adverse implications for the R&E community's access to information resident on databases.

ACTION ITEMS:

RESOLUTION:

"The FNCAC reiterates and underscores the urgency of transferring responsibility for supporting U.S. commercial interests in ITLD administration from the NSF to an appropriate entity."

b. Internet Scalability

Sally Floyd (Lawrence Berkeley Laboratory) presented the FNCAC with an overview of some current issues relating to the scalability of the Internet architecture and protocols. She summarized the conclusions of the August ISAT 96 Mini Study Group on Scaleable Loosely-Coupled Systems. Key technologies which have significant scalability implications include: web caching (from the standpoint of optimizing global web architecture), multicast technologies, integrated services (such as bandwidth reservation and IP v.6 implementations); and the DNS and routing tables.

Floyd used the Alta Vista search engine as an example of future scalability questions organizations will face when decentralizing large amounts of information. Currently, Alta Vista is able to handle requests for searches of its very large index, however its index will soon reach a size requiring its decentralization. At that point, it will encounter scalability and management issues similar to those thwarting continued growth of the Internet.

The ability of the TCP protocol itself was questioned, in terms of whether it will be sufficiently scalable to accommodate a much larger Internet. Alternatives employing technologies such as scaleable reliable multicast (SRM) are being explored through the Virtual InterNetwork Testbed and other research.

The August ISAT 96 Mini Study Group on Scaleable Loosely-Coupled Systems divided its research themes into two groups: non-scaleable systems, and self-configuring systems. In non-scaleable systems, researchers are looking at questions of inefficiency; lack of robustness; and the inability of these systems to evolve. This last question is harder to define. Self-configuring systems are an answer for decentralizing large configurations and there is a wide range of applications (e.g., web caching, reliable multicast, multicast session management, multi-party transaction systems, network management). The main conclusions drawn from the study group was that more research, data collection, collaboration, and tools are needed as more themes emerge.

c. Current Efforts in Statistics/Metrics Research and Practices

During the break, an NLANR video depicting global traffic flows (mbone, caching, bgp route flaps; autonomous systems) was presented. The video illustrated several visualization tools that could facilitate the investigation and analysis of Internet traffic measurments, with a particular focus on measurements that would enable engineers to better architect their infrastructure.

K Claffy (National Laboratory for Applied Networking Research, U.C. San Diego) explained the development of the videos and invited participants to examine the nlanr website for more detailed information (see: http://www.nlanr.net/Viz/Deunion and http://www.nlanr.net/INFO.)

Claffy noted that there is an increasing need for accurate data and analysis supportive of the complex infrastructure of the commerical internet and a fundamental need for better tools and for common definitions (see efforts of ietf/ippm).

Claffy described the two main categories of tools: those to measure path performance (end-to-end) and those to measure traffic flow characteristics (network internal). Path performance measurement tools enable users and providers to better evaluate and compare providers and monitor service qualities. These tools typically treat the Internet as a black box, measuring end-to-end path characteristics from points originating and terminating outside transit networks, e.g. response time, packet loss (ping), reachability (traceroute). Claffy described several emerging tools used to this end. (see: http://www.nitrd.gov/fnc/claffy.html)

General tools, routing statistics, traceroute servers, traffic visualizations, etc. are available at the following websites: http://www.nlanr.net/INFO, http://www.ra.net/tools/, and http://www.slac.stanford.edu/comp/net/wan-mon.html.

The other category of tools, those that characterize traffic flow, focus on the internal dynamics of a network component, which if measured at the right location can include information on cross-provider traffic flows. These data, and models to predict the traffic based on relatively small samples at relatively few locations, would enable network architects to better: engineer and operate networks, understand global traffic trends and behavior, and adopt/respond to new technologies and protocols as they emerge onto the global Internet infrastructure (GII). Flow characterization tools would typically be most useful when deployed within a certain network component, particularly at border routers and at peering points. Traffic flow characterization tools therefore require a higher degree of cooperation and involvement by service providers than do performance oriented tools.

Traffic flows are currently being monitored by NLANR at the federally sponsored Internet exchange point, FIX-West (see previous FNCAC minutes for a discussion of these statistics efforts). Claffy focused this segment of her presentation on a flow measurement tool derived from the FIX-west tool, which the MCI vBNS team is developing for research use on the vBNS. Claffy described the tool, known as OC3mon, and presented graphics depicting sample data gathered on one node of MCI's commercial IP backbone.

OC3mon is PC-based, with two ATM network interface cards (NICs). It sits on a fiber connection, constantly monitoring traffic (i.e., not sampling, which no other monitor could do at OC3), and funneling 5% of the light through the fiber to the processor that examines the first packet (header) of each flow. The hardware costs less than $5,000 and the software is freely distributed by MCI (ftp://ftp.nlanr.net/Software/Oc3mon/). Plans are underway to place these tools at several sites within the vBNS and at the FIX-West facility by year end. MCI expects to be able to upgrade the monitor to OC-12 speeds by Spring 1997. For more information on the tool, see: http://www.nlanr.net/NA/Oc3mon/.

Claffy also mentioned that Cisco netflow switching support is now available in select routers. Gathering statistics directly from the router has the advantage of saving the complexity of installing and supporting additional monitoring hardware. However, having to perform statistics collection will somewhat degrade router performance, as well as remove the flexibility of having a separately configurable/reprogrammable tool. Claffy emphasized that the most critical factor affecting future developments in this sector is that of maintaining flexibility. Given the pace of change in the Internet, flexibility in monitoring capabilities and usage models will be critical for researchers and Internet engineers to be able to dynamically address users' needs and integrate new networking technologies into the Internet.

She also expressed concern over the lack of coordination characterizing current developments in Internet statistics and metrics measurement technologies. A more integrated approach to tool development and to the evaluation of the strengths, weaknesses and commonalities of existing tools is needed, as are common metrics definitions and reporting formats. These features are fundamental to improving the usefulness of existing and emerging Internet traffic analysis capabilities for both users and ISPs.

Asked by FNCAC members what is needed most to promote further tool development and deployment, Claffy recommended:

  1. further allocation of resources and prioritization of measurement tool development / integration;

  2. coordinated deployment of tools and analysis of results across federal R&E networks;

  3. creation of a taxonomy of existing measurement tools and recommendations on how to systematically group, improve, and deploy the tools; and

  4. the creation of a "swat team" to address and offer recommendations on specific Internet infrastructure technical issues as they arise.

ACTION ITEM:

 c. Industry- & User-Driven Efforts to Encourage ISP Collaboration

Charles Brownstein of the Cross Industry Working Team (XIWT) briefed the group on recent initiatives relating to Internet performance and measurement. In early October, the XIWT held two workshops - a user-oriented performance workshop and a workshop for ISPs to focus on industry-driven cooperation. The workshops were, in part, a follow-up to the FNCAC's recommendation of October 1995 regarding encouraging industry to form an organization focusing on network reliability. Stewart Personick (previous FNCAC chair) championed this issue within the XIWT organization.

The first meeting resulted in a list of user desires with respect to which metrics they would like to see measured and reported on. Users also were in agreement about the importance of ISPs forming an industry-driven forum within which they could cooperate on metrics, engineering and general Internet reliability issues. During the ISP workshop, participants also agreed on the need to develop an ISP forum, but focused on result-oriented targets such as inter-NOC cooperation and similar engineering-oriented goals.

A task group of ISPs has been established under the auspices of the XIWT to draft a charter and start the process of establishing this association. The XIWT's role in this process is to assist during the formation of the association, then once formed, the organization will be independent.

The XIWT's Executive Committee has also approved the formation of a performance working group under the XIWT. The group would consist of XIWT members and other major user groups. It is expected that this group would work closely with the ISP forum and might also serve as a venue for industry input to government initiatives such as Internet II and other next generation networking efforts. Jim Williams of FARNET briefed the group about related efforts of the research/education community to work directly with ISPs to address common issues. In July, representatives from FARNET, Educom's NTTF, and government met with MCI and Sprint to discuss Internet performance related concerns. Williams noted that the lack of performance related measurement data is of concern to the R&E community and other users. Participants at this meeting agreed about the need for an industry forum to establish performance metrics, solve inter-provider problems/outages, and share traffic trend information to improve provider traffic engineering. In addition, the group is now exploring the possible deployment of strategically placed "beacons" at private and public exchange points to be used in a coordinated attempt to gather and analyze Internet performance statistics.

e. Discussion and Working Group Resolutions / Statement

George Brandenburg and Stewart Personick, co-chairs of the FNCAC's Transitions and Scalability working group, summarized key points from the afternoon's discussions and reiterated the working group's interests in continuing to promote efforts related to the development and deployment of measurement tools. The following draft resolution was proposed:

Recommendations on Internet Statistics/Measurements

The FNCAC applauds the progress that has been made in the development of tools for the measurement of Internet performance. It is recommended that standard suites of these tools be assembled for traffic flow analysis at the network level and for end-to-end performance analysis at the user level. These should produce results which are easy to interpret, compare, and track.

The FNCAC recommends that the FNC agencies deploy such tools in both their production and experimental networks. Furthermore commercial network providers are encouraged to make use of them. In addition to providing much-needed performance metrics, these tools are essential for the identification of network interconnection problems and potential failure points.

The FNCAC recommends that the FNC fund studies of interpretation of Internet statistical data and its trends. The results of these studies would be shared with network providers to help them optimize their operations and engineer improvements using new technologies and protocols.

The FNCAC recommends that the FNC encourage those agencies which are traditionally involved with the collection and dissemination of industry-wide statistics and data on other national resources to become involved in the area of Internet statistics.

The FNCAC is concerned that the privacy of network providers and users be protected in the process of collecting, analyzing, and disseminating data.

Members agreed that they would discuss and refine these points via e-mail following the meeting.

Brandenburg also indicated that the working group planned to present a recommendation supporting the Internet II initiative and related large scale networking efforts. [This resolution was presented and passed on Oct. 22nd -- see below.]

Participants also discussed the emergence of international networking as a critical area for FNCAC attention, and discussed whether a separate FNCAC working group should be established to address international issues. It was agreed that these issues were closely associated with general Internet transition and scalability issues, therefore this existing working group would expand its focus to address topics associated with international networking.

ACTION ITEMS:

4. Internet Privacy & Security

a. IAB/IESG Statement on Cryptography

In August of 1996, the Internet Architecture Board (IAB) and the Internet Engineering Steering Group (IESG) -- the bodies that oversee architectural issues and standards development for the Internet -- released a statement reflecting their concern about the need for increased protection of international commercial transactions on the Internet, as well as the need of all Internet users to ensure the privacy of their communications.

Steve Bellovin of AT&T Research and member of the IAB, joined the FNCAC to brief the committee on this Cryptography Statement, RFC 1984. The statement reflects the IAB/IESG's belief that the anticipated societal benefits from restrictions on cryptography do not outweigh the harm resulting from these restrictions. The IAB/IESG would like to encourage policies that allow ready access to uniform strong cryptography for all Internet users in all countries. Briefly summarized, their statement says that there should be:

This statement was carefully crafted to not be US-specific, but rather to apply equally to all countries.

Several points were used to justify this position, including the thought that the global Internet cannot be secured without cryptography, and that knowledge of how to use cryptography is universally available, and cannot be eliminated by a governmental command. Bellovin explained that the IAB/IESG also viewed export and usage controls as placing companies at a disadvantage internationally as a result of limiting their ability to securely and easily engage in electronic commerce. Finally, it was felt that escrow mechanisms create new points of vulnerability to attack, and inevitably weaken the overall security of any cryptographic system. In this era of increased Internet growth and corresponding attacks, export and usage controls are restricting the development of effective security technologies.

From a technical perspective, the IAB/IESG believe that limitations on key sizes will not prevent attacks on government and large corporate sites. Furthermore, hackers are omnipresent, and even many students have the ability to successfully attack current exportable systems. As technology develops, Bellovin explained, keys that are too large to crack easily today will likely become susceptible later.

Bellovin contrasted the IAB/IESG statement with the recent report released by the National Academy of Sciences, National Research Council (see below). Both essentially agree on key length, key escrow, and usage control issues. There is some divergence on export issues, but Bellovin conceded that this was partly reflective of the fact that the IAB/IESG are international bodies, therefore export controls from individual countries are not directly relevant to the membership. The IAB/IESG statement on Cryptographic Technology and the Internet is available at: http://ds.internic.net/rfc/rfc1984.txt.

b. NRC Study on Encryption

Herb Lin from the National Research Council provided the FNCAC with a summary of the May 30, 1996 report on "Cryptography's Role in Securing the Information Society." This report was completed by the Computer Science and Telecommunication Board of the National Research Council, and is available at: http://www2.nas.edu/cstweb. A published form of this report with a complete index will be available in early November 1996.

Lin commended the Committee members who produced the report. The report provides a basic framework for potential vendors and non-government users of cryptography, through three key recommendations:

The first recommendation for export controls concerns progressively relaxing (but not eliminating) the export control regime on cryptography. Relaxation will better balance the economic and crime-fighting needs with the information gathering needs of the law enforcement and National Security communities. At the same time, retaining some control is expected to mitigate short-term losses to national security and buy time for US national security authorities to adjust to a new technical reality.

It also recommends that products providing confidentiality at a level addressing most general commercial requirements should be easily exportable. Specifically, the report recommends the Commerce Control List (CCL) export of 56-bit DES products. These products should be designed in a way that precludes their repeated use to increase confidentiality beyond the acceptable level, and the US government should be given acceptable technical assistance to formulate a good technical understanding of the product's internal workings. Finally, a periodic upward adjustment of the export level threshold should be allowed as technology evolves.

While 56-bit DES technology is acceptable for most commercial users, the report recognizes that there will be some occasions when stronger technology is required. It recommends that stronger products should be exportable to a list of approved companies such as foreign suppliers and customers of US firms and trustworthy foreign firms if the product user agrees to provide access to decrypted information upon legally authorized requests. The report also recommends that self-escrow be permitted. Finally, related to export controls, the report recommends that the US government should streamline and increase the transparency of the export licensing process for cryptography, e.g., changing licensing presumptions from denial to approval and establishing specific deadlines for licensing.

The report also addresses the need for the Administration to "adjust to new technical realities" by shifting away from its current technical foundations (e.g., escrowed encryption and the Clipper, Capstone/Fortezza chips). Instead, the report recommends that the government should actively encourage the use of cryptography in non-confidential applications such as user authentication and integrity checks. It should also move to improve the security of the public switch telecommunications network (PSTN), which is undergoing rapid evolution, by improving security in telephone switches and encrypting wireless voice communications. Finally, the report suggests that Congress should seriously explore legislation that would criminalize the use of encrypted communications for federal crimes and that high priority should be given to support R&D for new technical capabilities, especially for law enforcement.

The committee's final recommendation concerned the policy relationship between information security and cryptography. A better mechanism is needed to promote information security in the private sector especially since the government is not well-organized for an information society, nor does any agency currently have a responsibility to serve as an advocate of information security in the private sector. It claims that, in critical infrastructure areas such as financial systems, air traffic control system, and the electric power grid, government should play both a policy and implementation role. In other areas, it should restrict its involvement to expertise and advice.

Reactions to this report have been across the board -- with some communities claiming that the report has gone too far and others suggesting that it has not gone far enough. In general, the report has made an important contribution by focusing national debate on this important topic.

Since the NRC report was released, several significant events have occurred such as the signing of Executive Order 1310 calling for a critique of the nation's Critical Infrastructure Protection, the Economic Espionage act of 1996 (released in October) that criminalized IP threats, adoption of a new policy to export unescrowed DES for 2 years, and the introduction of the "Promotion of Commerce On-Line in the Digital Era (Pro-CODE) Act of 1996" in Congress. The latter bill is designed to encourage the widespread availability of strong, easy-to-use privacy and security technologies for the Internet.

c. The Administration's Position on Encryption

Mike Nelson of the White House summarized the Administration's position on the encryption issue. As described by Nelson, the IAB/IESG Statement addressed technology issues, and the NRC statement addressed policies. In contrast, Nelson's presentation focused on the politics of the issue.

According to Nelson, the goal of the White House is to provide users with global encryption solutions that they can trust to protect their privacy and corporate secrets. The White House recognizes the need for cryptographic technology to protect personal data, corporate secrets, tele-medicine, digital commerce, and so forth. The challenge is therefore to find encryption solutions that do not unnecessarily hinder the ability of law enforcement and intelligence agencies to fullfill their jobs.

The stakes in the encryption issue are enormous, with billions of dollars and industrial global markets on the line. However, according to Nelson, thousands of lives also ride on the line from threats of terrorism, nuclear proliferation, drugs, and chemical and biological weapons.

The US Government's position on encryption is backed by the determination that:

Therefore, the fundamentals of current US encryption policy include:

The Administration recognizes that main encryption issues have yet to be resolved, such as: Who can hold the keys -- particularly in the private sector? Who should escrow keys for customers outside of the US? Will there be international cooperation on decryption? What products will the US Government use? Will key escrow work? Will anyone buy it?

Nelson reiterated the need to develop criteria that can be used to evaluate key recovery systems and to identify the ways in which key recovery in products could be circumvented. He also expressed the hope that companies will continue to develop and incorporate key recovery mechanisms in their emerging communications products.

d. Encryption Discussions

In September 1996, the FNCAC's Privacy & Security working group discussed the possibility of endorsing the IAB/IESG statement on encryption. After significant discussion via e-mail, it was agreed that this topic would be addressed at the present meeting. It was also agreed that Ken Flamm would provide an analysis of the commonalities and divergences between the IAB/IESG statement and the NRC report.

Flamm presented a series of recommendations concerning features that the FNCAC may want to incorporate into a position statement. He argued that these points were somewhat broader than the technology-focused recommendations of the IAB/IESG. He suggests that the FNCAC position:

Flamm also recognized and called for the FNCAC to recognize the legitimate social objectives of the export policy issue:


Flamm supported no constraints on domestic use of strong encryption, and called for the availability of at least some forms of strong encryption for international use. He recognized that this may mean "key recovery" systems if practical, or something else that would be as acceptably strong.

He recommended that a new legal framework be developed based on these features which could impose safeguards on government access of encrypted data, including policies such as:

Participants also discussed the requirements for an international system of encryption, which would recognize that law enforcement, intelligence, and regulation of economic infrastructure are inherently international today.

Flamm recommended that in order for an export control regime to be considered acceptable, it must pass a test of technical feasibility and practicality. It should also avoid encryption technologies that would adversely affect some societal interests and that are not widely and reliably available internationally. A new system should support and not block expected rapid technical changes. He noted that a distributed private "key recovery" system is an interesting concept, but one that needs to be further refined.

The participants discussed Flamm's recommendations. They also expressed concern that the standard recommended by the IAB/IESG is not exportable or importable in many countries.

An open discussion ensued considering the importance of the encryption issue to other communities. Matt Blaze offered thoughts on the counter-intuitive features of cryptography such as

Members of the FNCAC cautioned that when discussing this issue, the word "strong" lends itself to misinterpretation and any recommendation should therefore be worded to avoid this word. Also considered in any discussion should be "real" costs associated with not having strong encryption available to the commercial sector.

Members discussed an Ivan Sullivan graphic where the value of blocking encryption to law enforcement declines over time; while the value of encryption to commerce and trade increases over time. At issue was where the two lines intersect. Participants also discussed the issue of "risks" versus costs of protecting the private sector.

Based on this discussion, the following draft resolution language was presented and discussed:

  1. Strong encryption technology is a basic tool to enable information security and must be available to all. Therefore, we recommend no restrictions on the use of cryptography. No law should bar the design, manufacture, sale, use, or research into any form of encryption.

  2. Federal networks must implement a full range of information security technologies. Furthermore, Federal networks connect and inter-operate with networks in the rest of the world. Federal networks should be able to use any form of encryption and information security used elsewhere in the world.

  3. The Federal government has rights, under the law, to access and acquire various forms of data. Technology exists to allow complete audit trails of data access to be maintained, cryptographically signed, and authenticated. Technology exists, enabled by encryption technology, to maintain and guarantee the integrity of data acquired. Therefore, we recommend that such access and acquisition be accompanied by strict accountability: the integrity, authenticity, and non-repudiation of data acquired by the Federal government must be guaranteed, as far as possible, by the use of encryption technology.

  4. Federal agencies with experience in the use of encryption technology for information security have an obligation to participate in the re-examination of national policy, and, in particular, support research into all aspects of encryption technology.

Mike Nelson again asked for input from the FNCAC about what the administration can do about the broader topic of security, beyond the encryption issue. He requested advice about "show stopper" encryption issues such as the implementation procedures for a key escrow system such as "who" holds the keys. He also requested advice on the technical feasibility of key recovery.

ACTION ITEMS:

e. Collaborations in Internet Security

Phil Dykstra, technical lead for the FNC's Privacy & Security Working Group's project on Collaborations in Internet Security (CIS) briefly updated the FNCAC on the CIS's progress.

This year-long project is supported through seed money from the National Performance Review's Information Technology Innovation Fund and additional funds from the eight participating agencies: Army Research Laboratory (ARL)/DoD, the Defense Advanced Research Projects Agency (DARPA), the Department of Energy (DOE), the National Aeronautics and Space Administration (NASA), the National Institutes of Health (NIH), the National Institutes for Standards and Technology (NIST), the National Science Foundation (NSF), and the National Security Agency (NSA). The project is developing a new and sustainable process for designing, integrating, and deploying security technologies that are interoperable at all levels of the federal government.

The CIS effort focuses on eight security technologies/areas (lead agencies for each technology are identified in parentheses): advanced authentication (ARL), digital signatures (NASA), fortezza (NSA), kerberos v.5 (DOE), public key infrastructure - PKI (NIST), privacy (NASA), secure messaging (NASA), secure web (ARL), and standards for security technologies (NIST) through the use of national voluntary testing labs.

There will be a workshop for all CIS participants on November 7-8th in the D.C. area. A second workshop is planned for Argonne National Labs in April 1997. The first semi-annual report has been submitted to the Interagency Management Council (IMC) which oversees the NPR-funded projects. Kits for each testbed technology are expected to be ready for distribution in March of 1997. The effort will conclude its initial NPR-funded stage in September 1997. Further information about CIS can be found at http://www.nitrd.gov/fnc/cis_page.html.

CIS participants are looking to FNCAC members to provide advice on questions such as who else should be participating in CIS, how industry can be involved, how other similar efforts can best be leveraged, and what are the most valuable things that could come out of CIS.

ACTION ITEM:

5. Education

a. Internet II

Mike Roberts of EDUCOM briefed the Advisory Committee on the Internet II initiative. The terms "next generation Internet", as described in President Clinton's recent announcement, and the "Internet II" initiative, proposed by more than three dozen major US universities, both represent efforts to move the Internet community forward. The Internet is constantly changing and is international in scope. The priorities for the Internet II initiative include recreating a leading edge R&E network capability. The Internet II will interconnect the nation's leading universities and enable development and testing of a new generation of applications. Through deployment of gigaPoPs (see discussion above) and other techniques, the Internet II will seek to integrate next generation networking technologies with the universities' current production environments. It will co-exist with the commercial Internet, but will be used to implement scaled up Internet protocols (i.e., voice and video), explore interoperability with wireless media, extend quality of service functionality, and increase measurement/optimization options. FNCAC members were also briefed on applications that are being planned for Internet II (e.g., interactive, network-based instruction; real time, sensor-based modeling/simulation; large scale, multi-site computation; very large database processing).

Discussion centered around questions of funding for Internet II initiatives and ensuring that the Internet II is consistent with the Administration's background paper, which includes the Defense Department and the health care industry as major users of Internet II applications.

RESOLUTION:

The following resolution was passed by the FNCAC:

"High-performance research and education (R&E) networking is critically needed to support today's advanced applications for early deployment of tomorrow's protocols, network services, and applications. Such networking promotes both continued leadership for U.S. R&E and the accelerated availability of new services and applications on the commercial Internet.

Therefore, the Federal Networking Council Advisory Committee (FNCAC) endorses the Administration's Next Generation Internet Initiative, one component of which is designed to catalyze the emergence of new Internet application and services by promoting a vigorous partnership among the private sector, the R&E community, and the Federal Government. The FNCAC applauds the Administration's stated direction of budgetary increase for participating federal agencies to support this initiative.

Further, the FNCAC encourages the federal agencies to support initiatives such as the R&E community's Internet II Initiative, which is designed to provide focus and coordination for R&E institutions that may be investing at a high level in the accelerated development of new Internet applications and services."

b. Distance Education - CANARIE/National Test Network Vision

Bill St. Arnaud of the Canadian Network for the Advancement of Research, Industry, and Education (CANARIE) presented an overview of the Canadian R&E network. CANARIE resembles the vBNS in many ways. It is private-sector led (not for profit consortium formed in 1993) with over 140 members. Total project costs are estimated at over C$500 million; C$104.5 million (1993-99) of which is provided by the Canadian government. Its programs include: advanced networks, educational outreach, and technology/applications development.

CANARIE uses a new architecture which combines the Canadian R&E Internet backbone, CA*net, and the National Test Network (NTN). The latter provides one of the world's largest ATM test-beds and has links to the US and Europe. By April 1997, CA*net is expected to be privatized, and NTN will continue as primarily a university network.

As one of the world's largest test network, one of CANARIE's goals is to ensure that distance education includes both individuals and universities. CANARIE's new Distance Education program provides funding of between C$2,500 - C$15,000 per course for up to twelve courses during Phase I. Phase II is expected to fund development of between 50-100 distance education courses. Applicants are required to use the NTN, and are encouraged to employ emerging technologies such as Mbone, Isabell, and MMC. Applicants are encouraged to partner with domestic or international carriers and other parties to deliver the service to ADSL or cable modem customers.

CANARIE's services are interconnected with the commercial Internet so that more people can utilize it. There are no telecommunications "clouds" in Canada due to the proximity of the population centers to the US -- everyone is within 200 miles of the US. Canada's segment of the Internet is therefore not as congested as that in the US, making it easier for researchers to utilize the general Internet for testing applications such as JPEG video conferencing and advanced Mbone.

Future plans include a "distributed gigaPoP" between NTN and CA*net and encouraging applicants to use new technologies to communicate over that link. Towards that end, the Technical University of Nova Scotia (TUNS) created the first Master's Degree in Internet Engineering and some of the classes will be held via Mbone. In a similar effort to increase the availability of Internet engineering educational resources, NLANR has created a repository for such materials at http://iec.nlanr.net.

c. Education Clearinghouses

FNC Education Chair, Alexis Poliakoff (US Department of Education), reported that NSF and the Department of Education are working on the concept and specifications for a clearinghouse on best practices in K-12 educational networking. Additional information on the status of this initiative will be provided at the April FNCAC meeting.

ACTION ITEM:



d. Universal Service

The National Telecommunications and Information Administration (NTIA) of the U.S. Department of Commerce submitted comments to the Federal Communications Commission (FCC) in response to its Notice of Proposed Rulemaking concerning Universal Service. Participants discussed this topic and several members expressed the desire to be briefed on the NTIA submission. The NTIA's submission is available at: http://www.fcc.gov/Bureaus/Common_Carrier/WWW/universal_service/welcome.html

ACTION ITEM:


6. FNC Agencies' International Connections/Programs

George Strawn provided an overview of the current international activities and program plans by the FNC agencies. He explained that during the coming year, international networking will receive increasing attention within NSF, DOE and NASA and urged the FNCAC members to focus some of their attention and recommendations on this topic.

George provided background on NSF's current International Connections Management (ICM) cooperative agreement with Sprint. It was initiated by NSF in 1991, and recently extended until September 1997 to permit a transition to NSF's next generation International Internet Services program. The ICMnet infrastructure consists of more than 60 international connections -- with NSF participating directly in 22 through the payment of port fees.

NSF installed a 34 Mbps link to Stockholm (NORDUnet) in 1995 to remove pressure on international links (all circuits are now at capacity). There are 13 ICM nodes worldwide, supported by a 24x7 NOC. Sprint and other international partners have contributed almost twice the funds contributed by NSF and other federal agencies.

NSF's International Internet Services (IIS) program will be launched soon. It will focus on high-performance services (reservation, services guarantees, QOS) and on connectivity to the vBNS and attached U.S. nets. It is not designed for non-commodity traffic, however, there is a recognition that internationally, research networks are operated somewhat differently than in the U.S. The IIS will target a small number of global links at approximately 155 Mbps (shared capacity) and will incorporate the concept of gigaPoPs.

Energy Science Internet (ESnet) has a domestic backbone based on a fast-packet ATM architecture -- a full mesh virtual circuit implementation with some switching delegated to level-2 (i.e., at ATM vs. IP level). It uses aggregation points, co-located at Sprint facilities, to facilitate connectivity to end-user sites - similar Internet II gigaPOPs.

ESnet's current international connections include Brazil, Italy, Germany, Japan, and Russia. DOE is also exploring a pilot ATM connection with Europe. It is working with Duetsch Telecom to define potential partners, and anticipates the establishment of links estimated at 5-16 Mbps (1996/97); T3/E3 (2000); and OC3 thereafter. A map of ESnet's connectivity is available at: http://www.es.net/pub/maps/esnet-backbone-map.gif.

NASA Science Internet's (NSI) has numerous connections throughout the globe, ranging from 56 Kbps satellite links, e.g. Chile & Greenland, to 1.544 Mbps via the PACCOM link to Japan and China. NASA currently shares a T1 link to the University College London w/ DARPA (via NSF ICM contract with Sprint).

NSI also plans to install a link to the Ukraine for telemedicine applications and upgrade the link to Russia to 512 Kbps. Maps of NSI U.S. and global connectivity at: http://nsipo.nasa.gov/nsi/maps/. Other international activities in which FNC agencies are active include those of the Coordinating Committee for Intercontinental Research Networking (CCIRN). The FNC agencies represent the U.S. to the CCIRN. Currently working groups are being formed to explore international collaborations related to: information caching, Internet measurements, MBONE, and incident response/security.


6. Report on Intellectual Property Study Plan

Marjory Blumenthal of the National Research Council (NRC) Computer Science and Telecommunications Board (CSTB) presented an update on the NRC study on Intellectual Property issues. This study resulted from a FNCAC action item at the April 1996 meeting. A summary of the NRC's workplan for this study was discussed with FNCAC members. As currently envisioned, the study will build on the nature/uses of networks and will discuss the various technical issues associated with copyrights as they relate to networks. A committee will be formed soon after funding is approved. It will review the literature and participate in a workshop/open meeting. Towards the end of the study, a web site will be created with information on the study's findings. The CSTB will also consider hosting a joint session with the FNCAC. It is estimated that the study will be a 12 month effort, and started by early 1997.

Marjory Blumenthal reported that the CSTB needs federal approval and funding. Staff are also considering whether the implications of the proposed WIPO database treaty (see Kahin section above) should be included in the study framework. The NRC published an earlier study on the access and use of databases and transborder data flows, and feel that its inclusion in this proposed study would be appropriate.

The proposed study was discussed and a recommendation supporting this effort was drafted:

The FNCAC endorses the concept paper developed by the NRC Computer Science and Telecommunications Board and recommends that scope of the study be expanded to include the addition of relevant database issues. The FNCAC recommends that the FNC agencies promptly fund the proposed National Research Council study of Intellectual Property Rights in Networked Environments.

Members agreed that this language would be further considered via e-mail prior to its final approval.

ACTION ITEMS:



7. General Business

At the conclusion of the first day, members voted to elect George Brandenburg of Harvard University as FNCAC Chair-Designate for year beginning September 1997. Brandenburg will work with the past Chair, Carol Henderson of the American Library Association, and the current Chair, Sid Karin of the University of California in San Diego , to develop a workplan for the coming year. It is envisioned that the four existing working groups: Intellectual Property Rights; Internet Privacy and Security; Education; and Transitions and Scalability will continue next year with the focus of the latter group expanding to accommodate the FNC's new emphasis on international networking.

George Strawn, Walter Wiebe, and the FNCAC/FNC members expressed their appreciation for the outstanding efforts of Carol Henderson during her term as FNCAC Chair.

The next meeting of the FNCAC is tentatively scheduled for April 14 and 15.

The meeting was adjourned.