Bill Buchanan - Jon Postel: Editor of the Internet
ASecuritySite Podcast - Een podcast door Professor Bill Buchanan OBE
Categorieën:
So while there is much debate around people like Tim Berners-Lee and Vint Cerf, we should also include “The Editor of the Internet”: Jon Postel. Jon was born on 6 August 1943 and died in October 1998. Even up to his death, he was the editor of the Request for Comment (RFC) documents and administered the Internet Assigned Numbers Authority (IANA). In 2012, he was inducted into the Internet Hall of Fame by the Internet Society, and the foundation he has left is as strong as any foundation ever created, in fact, it’s the foundation for our Cyber Age. Building and standardizing the Internet Before the Internet, companies such as IBM held a stranglehold on the industry, and typically defined the standards for others to follow. Along with this, we had standards agencies, such as ISO and the IEEE, which were comborsome entities which took years, if not decades, to standardize anything. With these standardization agencies, a standard could take years to develop, and often involved the tinkering from countries, in order to protect their industries, and thus often stifled innovation. Overall the Internet was built around many of the systems and protocols that grew up in the early 1980s. It then grew without the constraints of governments and standards agencies. The core part of this growth was the quick method of publishing a new standard: the RFC. RFCs RFC (Request For Comment) documents are a way to quickly define standards. With this HTTP and email quickly become standardized. Developers could then go ahead and implement the system against the standards, without the massive overhead of taking them to international standards agencies like the ISO (International Standard Organisation) or the IEEE. While first published in 1969 (with RFC1), the classics first started to appear in 1981, and which now provide the core of the Internet: RFC 791 which defines the format of IP packets (IPv4) RFC 793 which defines TCP (Transport Control Protocol), and the foundation of virtually all of the traffic that exists on the Internet. Many protocols, although now limited, became de-facto standards, and have moved on little since, including HTTP (HyperText Transmission Protocol) 1.1, which was initially created as RFC 1945. The foundation: TCP and IP So, it was in September 1981, that the true foundation of the standardisation of Internet communications was born: For RFC 783 we have: September 1981 Transmission Control Protocol PREFACE This document describes the DoD Standard Transmission Control Protocol (TCP). There have been nine earlier editions of the ARPA TCP specification on which this standard is based, and the present text draws heavily from them. There have been many contributors to this work both in terms of concepts and in terms of text. This edition clarifies several details and removes the end-of-letter buffer-size adjustments, and redescribes the letter mechanism as a push function. Jon Postel Editor Sandwiched in-between the two classics, was another one, which did not have the same impact, but has helped to debug a billion systems: Internet Control Message Protocol (ICMP) — RFC 782. So RFC791, RFC792 and RFC793 have since changed the course of our societies. The impact of the IP and TCP standards cannot be underestimated in terms of their impact on our society, and certainly rate alongside “The Wheel” and “The Transistor” as some of the most disruptive technologies ever created. Its standardization supported a whole range of activities and basically allow the Internet to boot up quickly. If nation-states had controlled the Internet, it would have ended up being licensed, and locked down in its growth. Without the massive growth of the spread of the protocols, the Internet would have died as quickly as it had been created. With standards and government agencies controlling its every move. For Jon, he just gathered the required methods for the standards and posted them for everyone to review. If you missed it, you really couldn’t contribute until the next version came along. Building a Web: HTTP For something like HTTP, which provides the core of most of what we do on the Web, it started with 1.0 (with the input from Tim Berners-Lee) with RFC1945 (in 1996) and then developed on HTTP 1.1 as RFC2068 (in 1997). Basically in the 18 years since, very little has changed with the core HTTP protocol, as it quickly becomes as standard. New methods of using in — such as with REST Web services — actually made use of all the things that were not really used when accessing static Web pages. The lack of thought to security is highlighted by the fact that it took to RFC 1508 before the word “Security” was included in the title (Sept 1993), which was more than 12 years since the IP packet definition (Sept 1981). So it was 1981 when TCP and IP were created, and two major other things happened around the time that supported the growth of the Internet. The first was the release of the PC by IBM, and the other was when Leonard Bosack networked the Stanford University computer science department’s computers, along with Sandy Lerner. Their knowledge was then used to create the router, and the formation of Cisco in 1984. At its core was the implementation of the IP and TCP standards. Email, remote access and lots more… It’s not just TCP, IP and HTTP that we have to thank Jon for, it’s all the other protocols he helped standardize. The way that we use Web addresses, such as http://asecuritysite.com/challenges, was standardized in RFC 1738 — Uniform Resource Locators (URL), and which is something that we just take for granted, but without it, we really couldn’t create our integrated infrastructure. And without Jon, we would have to remember the IP address of every Web site we wanted to visit — for that, he standardised domain names and their mapping to IP addresses with RFC1035. And how can I connect a computer to the Internet, and every computer in the whole knows it’s there — well that one is a shy little protocol — ARP — Address Resolution Protocol — the most horrible and beautiful of all the protocols. It was published as RFC826 (standardized in 1982), and allows the discovery of computers on a local network by a network gateway. Without ARP, we would have to create a massive database that kept a copy of all the computers which connect to the Internet. With it, computers are discovered and connectable. The Killer App: Email In the early phases of the Internet, it was not the Web that was the “killer app”, it was electronic mail. The large-scale adoption of email was indebted to Jon with standards around sending emails (SMTP — Simple Mail Transport Protocol — RFC821 — defined in 1982) and reading it (POP — Post Office Protocol — RFC960) — defined in 1985). Often, though, the first, and even the second version, was not enough, and some protocols, such as POP-3 (RFC1939) and IMAP-4 (RFC1730), went through a few major iterations to become the worldwide de-facto standard. The Internet and the internet The greatest challenge for the Internet, when it was first created, was how it would scale, so that new computers and networks could be added, and discovered by the rest of “The Internet”. I must here define “The Internet”, as it is different from “the internet”. Basically, “The Internet” uses publicly defined IP addresses, whereas “the internet” is not publicly routable. The key to this, along with IP Version 4, was routing protocols, which were used to find the best way to a destination, and involved routers intercommunicating to discover new networks. The first of these “routing protocols” were fairly simple, just measuring the number of hops that it took to get from one network to another. And so Jon posted RFC1058 for RIP (Routing Information Protocol) Version 1. Before RFCs, large companies often defined the standards, especially IBM, and who could force the market to abide by their interface and who could thus control the market. This monopoly was completely broken by Jon, and few companies could release new standards unless they had been standardized by RFCs.