June 11, 2009, 3:47 PM — WASHINGTON - The co-designer of the Internet's basic architecture, Vinton Cerf, said the Internet "still lacks many of the features that it needs," particularly in security, in a blunt talk to a tech industry crowd here.
Cerf, who is a vice president and chief Internet evangelist at Google Inc., co-designed with Robert Kahn the TCP/IP protocols that underpin the Internet. That was in 1973. And despite becoming operational in 1983, and commercially available in 1989, the Internet remains incomplete, he said.
Cerf is influential because of his accomplishments, but he may be even more so today because of his affiliation with Google. President Obama's administration has appointed a number of Google employees, including CEO Eric Schmidt, to important positions.
One of the most critical needs is authentication, Cerf said, and he told the crowd at a TechAmerica gathering Wednesday that anyone who performs transactions over the Internet - which is everyone - should "should be deeply concerned about that technology."
The lack of authentication is pervasive and is even a problem in simple cases, such as authenticating entries in the domain name system, he said.
"Authentication isn't available on an end-to-end basis at all layers of the architecture," Cerrf said. While users are good "at building concrete tunnels" using simple SSL (Secure Sockets Layer) techniques, they don't identify the end points and just secure the channel, he said. You can have an e-mail with an attached virus, thoroughly encrypted, and send it through an encrypted tunnel, and once it gets to the other end "it gets decrypted and then, of course, does its damage," he said.
Mobile is another problem. "We do a terrible job serving up mobile," Cerf said, referring to the ever broadening use of the Internet via mobile devices. He said protocol work is needed to address it.
Asked later what the White House should be doing in regard to this issue, Cerf cited the work that's been assigned to the National Institute of Standards and Technology in coordinating standards on the smart grid and health IT. However, he said he would anticipate that Obama's new CTO and CIO will "have some things to say about what the U.S. government hopes will emerge in the infrastructure of our digital communications system."
The Obama administration recently released a report on cyberspace security and has promised to make this issue a priority. The actions have been met with cautious optimism by the security industry.
