When you look at today's security threats, what worries you the most?
The phishing type of threat and e-mail scams have gotten really good. You hear a lot about the need for authentication. We should have every Web and e-mail connection authenticated from the start. People have accused me of being too utopian in my thinking. That may be true. I've heard people say it's too expensive to have authentication at every access point. But the cost of not authenticating will be much worse. And it gets hard to add on that extra security after the fact.
Which threats do you think get too much attention in the media?
None come to mind. The press tends to pick up on one thing, everyone picks up on it and other important things might be ignored. But in the end, the press attention keeps the focus on security awareness. That's a good thing, always raising awareness.
Any threats you think are not getting enough attention?
The Internet is basically insecure. Credit card numbers are all encrypted and you have SSL. But what the military learned long ago is that little pieces of information together can be very valuable. That so and so was moving to New Mexico in 1942 didn't seem major until you started to see evidence that others were moving there. I read that there was a competition using Google and other search engines; a contest on how much information you could gather on random people. They get Social Security numbers and other things, in many cases from government sites. Many pieces put together can make for an interesting dossier.
For tech vendors to succeed in the coming years, what do they need to offer people?
They need to bring security into the equation from the beginning. I don't want to mention specific companies by name, but I'll say this: In 1980 no one was thinking security except for people like myself and (Whitfield) Diffie. Security became an add-on later. Adding after the fact is very difficult and accounts for many of the flaws we see today. It's important not to try and sell encryption as a standalone product. Selling an encryption add-on to e-mail is much less likely to succeed than an e-mail offering that has it integrated in. Companies that form partnerships -- encryption companies partnering with Microsoft for e-mail protection, for example -- also have the best chance to succeed.
A running joke is that whatever year we're in is "The Year of PKI," meaning the technology has yet to live up to its hype. Do you believe there will ever be a true year of PKI?
I hope so. Whenever it happens, I hope it's the year security gets the attention it deserves. In the 70s we started seeing increased computer use that would drive encryption demand. We were thinking it would take five years for the technology to advance. It has taken much longer. The government is a big reason. The NSA (National Security Agency) didn't want a public key standard that ensured privacy. So the digital signature standard came out and didn't include privacy. RSA has privacy and authentication. The government held things back. There has also been a lack of user and vendor awareness. A major change seems to be happening now because of security guidelines like HIPAA, credit card issues, and so on. These things are forcing people to pay attention.
How do you see the technology evolving over the next decade?
Certain threats have been dealt with because of the Secure Sockets Layer (SSL), which has largely secured things like credit card transactions over the Web. I'd like to see more automated, transparent, integrated advancements in all areas, all technology where security is affected. People will use it when they don't know it's there. Integration is important because when people have to cobble things together, it's unlikely they'll do it.
A back issue of Information Security magazine calls Ralph Merkle an "unsung hero," arguing that he had as much to do with advancing PKI technology as you and Whitfield Diffie did. Do you think Merkle deserves more credit for his contributions than he has received in the past?
Even though his CACM paper, "Secure Communications Over Insecure Channels," appeared in April 1978, 17 months after "New Directions in Cryptography," Merkle's 1975 submission predates "New Directions." Merkle was unlucky to get an editor and referee who did not recognize the ground-breaking nature of his paper, so it went through a three-year review process while both "New Directions" and the RSA paper received unusually fast publication, each appearing in well under a year from initial submission. In partial defense of Merkle's editor and referee, Merkle was only a masters student at the time and had no experience in writing papers for publication, but that does not change the credit which is due him. His paper not only introduced the notion of public key distribution, but presented a working system based on puzzles. While not practical, particularly with the technology of the time, Merkle's puzzle system was the first and for well over a year was the only public key system known. What is now usually called the "Diffie-Hellman Key Exchange" is not a public key cryptosystem, the initial approach that Diffie and I took to public key cryptography. Rather, it is a public key distribution system, the concept introduced in Merkle's paper. Diffie and I made our debt to Merkle clear in "New Directions," but when names were later attached to the system, Merkle's was unfortunately left off. This was an error and, if any names are associated with that system, it should be the "Diffie-Hellman-Merkle Key Exchange."