Invited Talks — Thursday, August 26

8:30am–10:00am
Apples, Oranges and the Public Key Infrastructure (PKI)
Paul C. Van Oorschot, Chief Scientist, Entrust Technologies
The unprecedented growth of the Internet is surpassed only by the confusion resulting from the rapid introduction of new technologies. A prime example is the application of Public Key Infrastructure (PKI) to a wide array of products, systems, and services. Many experts are positioning the Public Key Infrastructure as the answer to all security questions; other experts dismiss PKI as a poor fit for commercial problems. Both groups are correct – within their own unspoken definitions – and this is precisely the problem, namely the lack of common understanding of what PKI encompasses. In an attempt to clear the smoke (rather than to just move it around), this talk outlines the components of a baseline architecture for a managed PKI, explores standard features, and examines how these match the security requirements in a commercial world where public key certificates form the basis for security.

10:30am–Noon
Cryptography and the Internet
Steven Bellovin, AT&T Labs—Research
Slides for this invited talk are now available in PDF format and PostScript.

1:30pm–3:00pm
U.S. Crypto Policy: Explaining the Inexplicable
Susan Landau, Sun Microsystems Laboratories
The richest, strongest, most electronically vulnerable nation on earth persists in a policy that effectively restricts the use of encryption technology domestically as well as abroad. Even while the security of transactions over telephone and computer networks has become a source of wide public concern, the U.S. government continues to work against the proliferation of unbreakable cryptography (and thus perfectly concealable communications). Why? In this talk, I attempt to explain today's inexplicable U.S. crypto policy in a perhaps more explicable context of U.S. history.