No key changes seen for Internet Safe commerce possible, some experts say

October 12, 1995|By MICHAEL DRESSER | MICHAEL DRESSER,SUN STAFF

Despite recent alarms about a lack of security on the Internet, computer security experts meeting in Baltimore this week agreed that safe commerce over the worldwide network will be able to go forward in short order with no fundamental changes in its structure.

Participants interviewed at the National Information Systems Security Conference yesterday said that strong programs for scrambling messages will make the Internet reasonably -- though not perfectly -- safe for financial transactions despite the fact the system was not built with security in mind.

Most of them discounted a front-page report yesterday in the New York Times that said weaknesses in the Internet require an extensive redesign that could delay the viability of electronic commerce over the network for years.

The article said the disclosure casts doubts on the plans by Netscape Communications Corp. for offering secure commerce on the Internet's World Wide Web. Netscape, whose Navigator program has captured about 80 percent of the market for World Wide Web software, created a sensation on Wall Street this summer when its initial public stock offering soared from $28 to $75 in minutes.

A serious failure in the Netscape model would be a blow to the Internet commerce aspirations of such telecommunications giants as AT&T Corp. and MCI Communications Corp., both of which have licensed Netscape's software. Many major catalog retailers are planning to offer electronic versions through the World Wide Web. Some retailers already are conducting transactions.

But computer security experts said the weakness publicized by computer researchers at the University of California at Berkeley has been well known for years and could be compensated for by using strong cryptographic software to scramble such information as credit card numbers.

"This business about rebuilding the Internet is just completely off the wall," said Lance J. Hoffman, director of the Institute for Computer and Telecommunications Systems Policy at George Washington University.

"It won't be rebuilt, but what you'll see is gradual, incremental improvements in security," said Dorothy E. Denning, a computer science professor at Georgetown University and a leading authority on encryption systems.

She said some were unrealistically insisting upon 100 percent security for on-line transactions. "Security from my perspective is a bottomless pit," she said. "You've got to accept some risk."

The problem cited in the Times article was that a technical standard called the Network File Service includes no means for the recipient of a program or document to ensure that it has not been intercepted or tampered with.

But conference participants said that characteristic was not truly a flaw. "There is no security on the Internet by design. Any security would limit its availability, and availability is what the Internet's all about," said Padgett Peterson of Lockheed Martin.

Baltimore Sun Articles
|
|
|
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.