Internet Buzz with Richard Wiggins | 7

An Interview with Vint Cerf

A follow-up on mobility: I can carry my cell phone anywhere in North America and it works. I carry my laptop, and I either have to figure out how to get my Ethernet card to work in a hostile environment, or how to dial into an 800 number. When am I going to have a portable, self-identifying, common jack that I can plug into, and it'll work?

One would sort of love to have Ethernet everywhere, or something which one could just plug into. I'm not going to try to predict when, but I will tell that there are people interested in wiring hotels, and doing it with DHCP and Ethernet… What would give me pause, of course, would be sitting in a hotel network without end-to-end crypto; I would be a little concerned about packet sniffing on the Ethernet.

So some things have to happen before I'd be comfortable. The pressure will come, of course, as people carry more hand-held devices, not just laptops. And we're seeing more such devices emerging now – telephones, Web TV, and so forth. The more of those we're sitting with – I'm sitting here with a beeper and a cell phone and hearing aid batteries and all – the more of those devices we have, the more pressure there will be to provide communication for them….

Would Ethernet be what I should plug into? Or some sort of ADSL outlet?

Ethernet is probably what you want your device to plug into. It's a very inexpensive, very high speed way to plug in, carrying even a billion bits per second. Now, what it's plugged into on the other side is a different story. It could be a subscriber loop, it could be a cable modem, it could be a dedicated circuit, but you don't care. What you want is the same interface, so you don't have to worry about different plugs, different connectors – you just want the same thing to plug into. The thing on the other side deals with the question of what kind of transport it is.

So you don't see the phone companies promulgating the digital equivalent of an RJ-11 jack; we'll stick with Ethernet?

I would expect rather to see RJ-45, which is the standard Ethernet interface these days. That would seem to be perfectly reasonable.

I was at the Michigan Information Technology meeting yesterday. One of the things we talked about was the great step forward for the state if we had the equivalent of DHCP, that is the ability to plug into the Internet at Ethernet speeds – anywhere in the state – so that you could walk into the average hotel, or walk into a university or a governmental facility or even a business and know that just as all of these places have little commons areas, reception areas outside where you can sit down and pick up a telephone – usually a 1-800 restricted telephone, but it's a telephone – and you'd be able to plug your computer into that jack and do your thing.

We actually took a little step in that direction at MCI. We wired all of our conference rooms, so there's power, and an Ethernet interface. And we put firewalls in, so that the guy using it isn't penetrating the middle of our internal network. but there's a way to get out. I used to think of them as guest ports.

Now, if you're a visitor, and you're at a university or somebody else's company, plugging into one of those things should also give you pause, for the reason that I was saying before: what if the company routinely monitors everything that goes over that interface? So you probably want to encrypt the traffic that you inject on that thing before it leaves your machine. And, if the traffic actually needs to go through the corporate network to get to the outside world, the corporate network probably needs to have its traffic encrypted, too, so that you can't pull anything off the corporate network. So I can imagine these sort of doubly-encrypted things or pipes that emerge as being the normal thing....

[Discussion of Internet2 and its need for encryption]

....[under the] general rubric of administrative infrastructure, dealing with public key certificates for example has not been an easy proposition. Companies have been started, like VeriSign, to do this as a business, and I think that's the right idea: we have to do it as a business, in order for it to be self-supporting. But getting it going has been really tough. And part of the problem is not technical, as Doug has alluded to – some of it has to do with liability. If you become a certificate authority and you issue public key information on it, and somebody uses that to authenticate himself or herself for a transaction, and then something goes wrong with a transaction...are they going to blame the certificate issuer for, you know, having done the wrong thing?

Since nobody knows what the nature of the liability is, it's not quite clear what you're getting into when you get into that business. I always though the most successful company in that business would be one that's already taken on so much liability that this would be a minor increase. Dun and Bradstreet struck me as a good example. So many companies' fortunes depend on the quality of their information, at Dun and Bradstreet they probably already have a considerable mechanism for alleviating liability....

Dr. Cerf, you mentioned the proliferation of Internet-enabled devices – cell phones, what have you. In five years, won't it be the case that every device has Web capability, and if so, isn't it natural for Microsoft to put it into its operating system?

[laughter]

You knew you wouldn't be able to avoid that, right?

[laughter]

Why didn't I see that one coming?

[laughter]

Well, first of all, let's be careful, because you said "Web" and I carefully said "Internet-enabled" ...and it is not true that the Web is everything – although I must say 75% of the traffic we carry is Web traffic. My sense right now is that it's the Internet transport capability that's being built into these things. Whether they need Web capability is very much dependent on the kind of application that's being considered.

Do they need to go into the operating system? Not clear. For some of these Internet devices, Windows 95 is probably not the right operating system. Maybe CE is, but one could imagine very simple devices only intended to do a few things – as opposed to being general-purpose computers – it's not obvious that you need a complex operating system.

When you work around operating systems long enough, you realize that what they are intended to do is to figure out how to distribute the few remaining cycles that are left after the...operating system has chewed up the rest figuring out what it's going to do.

I would try to escape the question a little bit by saying maybe that operating system isn't the one that will be used for these devices anyway.

Well, let's ask it differently. If I point and click to find files on my hard disk, why shouldn't the same operating system let me point and click to find files that reside somewhere on the Web?

I'm actually partial to the general notion that the same interface should work for gathering information, whether it resides on my local hard drive, my local server, my corporate server, my national service, and so on. But it isn't 100% clear whether the way to do that is to literally integrate it into the operating system. That literally is a design choice that you have to make.