Damm the Torpedoes, we did it anyways!

The Second Annual (hopefully not the last)
(most likely) Radar-Jammed

Cryptography and Internet Commerce
Software Development Workshop

Was Held on Mar 18 - 20, 1997

DeAnza 3 Auditorium
Apple R&D Campus
10500 N DeAnza Blvd, Cupertino, CA, USA

Yow! - We did it, Again!!!

On Mar 18 - 20 during the smoke and fire of Apple layoffs and restructuring, Vinnie Moscaritolo of Apple Computer and Robert Hettinga of Shipwright ran the second "Macintosh Cryptography and Internet Commerce Software Development Workshop" at the DeAnza 3 Auditorium of the Apple Cupertino R&D Campus.

This workshop was driven by the copious feedback received from developers from email, WWDC, MacHack and the Mac-Crypto mailing list.


Since the ability to perform Internet Commerce depends heavily on cryptographic technologies, both developers and customers alike were very concerned when Apple's Internet strategy was sorely lacking in this area.

In response Vinnie started the Mac-Crypto mailing list and subsequently also held a workshop to get the members of that list together discuss the implementation of cryptography on the MacOS.

The sessions were a real success. There was a lot of enthusiasm from the developers. The speakers were great and Apple received comments that the developers found the workshop very accessible; there was a lot of interaction between the audience and speakers. Plenty of time was allocated for Q&A and discussions. Some developers even commented that they wished that WWDC was more like this.

The attendees were treated to a number of informative and interactive sessions. The crowd was the perfect size to foster some very interesting conversations (and a few business deals, I suspect. )

Unfortunately either because of the chaos at Apple that week or for whatever reason we were dissapointed to not see more than a handful of Apple badges there.


We had three major goals for this event:

1) We wanted to provide a vehicle to educate Apple developers and employees who are responsible for Apple's future on the internet about what is going on in the Internet commerce world. We also felt the need to get Internet commerce on Apple's radar. It was clearly on Microsoft's agenda. Developer feedback made it loud and clear that we are losing and have lost developers to other platforms because of it.

2) To assist in bridging any disconnect between what the developers have been asking us for and what we are giving them in the internet commerce world.

3) To provide a forum where developers can work together to create internet commerce products for the Macintosh platform. In a manner similar to Quinn's Internet Config, we believed that a lot of this infrastructure can be built by the developers themselves.


Tuesday 3/18

Sameer Parekh, C2Net

Named one of the "50 People Who Matter Most on the Internet" by Newsweek magazine, Sameer has been active on the net since 1990, especially in areas related to privacy, electronic civil liberties, security and cryptography.

Parekh has been a member of the Apache Group since 1995; Apache quickly became the world's most popular webserver less than one year after its release. C2Net's Stronghold product is a logical combination of Sameer's passionate concern about security and privacy, and his ongoing work in web server development.

Introduction to Cryptography

Bill Frantz, Periwinkle Consulting

Bill's intro talk was such a great success last year that we asked him to come back and do it again. He gave a great discussion about the art and science of cryptography. His talk overviewed the history of crypto, vocabulary, algorithms, key management, attacks, protocols, regulations, patent issues, and even how to look out for snake oil. He also gave us a good list of references.

Digital Signatures without PowerTalk

Marshall Clow, Aladdin Systems

Marshall is a long time Mac developer. I remember running into him in one of the first few Mac developer conferences. Among other things he is one of the few Macintosh printer driver gurus left.

Marshall talked about the experiences and design decisions he encountered in the recent development of the SignaFile application .

Key Servers

Jon Callas, Senior Architect, PGP Inc

Jon Callas formally from Apple Research Labs is a vetran speaker at the Mac-Crypto workshop. This year he gave an informative talk about the design issues involved in public key servers. This is an exciting and important part of Internet commerce development. John discussed how current systems like PGP will grow into the key components of E-commerce systems and can be used for more advance forms of security than simple encryption.

Export Jobs, Not Crypto
Development under the Export Control Act

Greg Broiles, C2Net

Greg an active cypherpunk, recently took the California Bar exam. Greg gave an informative and enlightening discussion on the recent changes to crypto export control laws, the impact on programmers and privacy, and alternative strategies for deployment of strong crypto worldwide.

Designing Pretty Good Privacy on the Mac OS

Will Price, Project Manager, PGP Inc

Will is somewhat of a celebrity in the crypto world for the development of his shareware programs CryptDisk and PGPfone, and we very excited to have him at the workshop.

Will unveiled the new generation of integrated PGP software. He announced and demonstrated a beta of PGPmail 5.0 for the Mac. PGPmail also includes a PGPkey a key management application with a modern user interface, and set of plug-ins for both Eudora and Claris Emailer.

Will also introduced the beta of PGPfone, an outstanding piece of Mac software that turns your desktop or notebook computer into a secure telephone. Using modern speech compression and strong cryptographic protocols it gives you the ability to have a realtime secure telephone conversation over a modem, AppleTalk or a TCP/IP network.

Eudora & Crypto

John W. Noerenberg, Director of Technology, Eudora division,
Qualcomm Inc.

John is the director of technology for the Eudora division of Qualcomm, Inc. He gave a discussion of how Eudora can be adapted to do cryptography through the use of it's plug in architecture. John talked about the creation of Eudora's plug-in translator API and how the ITAR influenced their design decisions.

PGP/MIME overview (RFC 2015)

Dave Del Torto, Senior Technical Evangelist, PGP Inc

Dave made his entrance sporting a "Key Escrow Agent" warrant service jacket. He gave a discussion of how Pretty Good Privacy (PGP) can be used to provide privacy and authentication using the Multipurpose Internet Mail Extensions (MIME) security content types described in RFC 2015.

How to use Electronic Commerce Technology Today

Jay Van Vark, Pacific Coast Software

Pacific Coast Software is one of the more successful businesses in the internet commerce world. Jay gave such a great talk last year at Mac-Crypto we asked him to do it again. While others are talking about what can be done, Jay is doing it.

He was able to relate some real world success and failure stories and also spoke about common security concerns in the development of E-commerce systems and ways to overcome them. As expected his talk generated some interesting audience discussions.

Digital Commerce for the Rest of Us

Robert Hettinga, Shipwright Development Corporation

Bob is the leading digital commerce industry analyst and a prolific writer. His works have appeared all over the Internet and in print in such places as Wired and NetProfessional. He also the founder of the Digital Commerce Society of Boston. Bob recently organized and ran "Financial Cryptography '97" a conference on the security of digital financial transactions, it was held on the island of Anguilla in the British West Indies.

Mr. Hettinga talked about the ways to pay the Macintosh based developers of internet content as easily as possible for the work they do. Since historically, Apple/NeXT customers and their machines have been and peer-to-peer in their behavior, and believes that Apple should pay attention to peer-to-peer content settlement mechanisms.

He outlined three areas that Apple and its developers should investigate: The Financial Services Technology Consortium's electronic check project, Mondex; an up and coming book-entry cash settlement mechanism popular in Europe and the Far East, and digital bearer certificate payment protocols, like Digicash's ecash, or DEC's Millicent.

Rise of Elliptic Curve Technology

Richard E. Crandall, Senior Scientist, Apple Computer, Inc.

Richard gave an informative lecture on Elliptic Curve Encryption, a public key cryptosystem which he invented while he was Chief Scientist at NeXT Software.

Elliptic Curve Encryption is a powerful modern alternative to the factoring based cryptographic schemes such as RSA. Rather than depending on the intractability of factoring, Elliptic Curve Encryption exploits the difficulty of the discrete logarithm problem over a finite field. This makes it more secure and somewhat faster.

There are so many advantages to Elliptic Curve Encryption that it will most likely be the leading form of encryption of the future.

NeXT owned, and now Apple owns, U.S. patents on this technology.

Very fast RSA SW implementation

Marco Bucci, Fondazione Ugo Bordoni (FUB), Rome, Italy

Marco traveled all the way from Rome, Italy to give his presentation at Mac-Crypto. He is a member of the research group on cryptography at the Fondazione Ugo Bordoni (FUB), a research center working in agreement with Italian PTT and TELECOM. His main interest are in cryptographic algorithms implementations, both hardware and software. Based on Marco's research, an Italian company (AMTEC) is now producing the fastest RSA implementation coprocessor on the market.

Marco also demonstrated a portable software library on a PowerMac 8500 was able to perform 512 bit RSA encryption in 35 ms, whereas it's Pentium performances are 2.5 times slower

Cryptographic Acceleration Hardware

Shawn Abbott, Chief Scientist, Rainbow Technologies

Shawn Abbott is the Chief Scientist at Rainbow Technologies, he is an expert in intellectual property protection and Internet cryptographic security.

Shawn reviewed the security capabilities of SSL, the performance impact of SSL on a web server and the role of dedicated hardware in supporting security protocols. He demonstrated a PCI based crypto acceleration card and toolkit available from Rainbow Technologies.

Crypto Services in Rhapsody (Feedback)

Vinnie Moscaritolo, Apple Computer, Inc

Vinnie currently works for Apple MacOS DTS group. A number of his papers are available at his website. Vinnie has 15+ of experience years developing software for a variety of platforms and systems ranging from voice response to Nuclear incident management software. He also organized and runs the Mac-Crypto Conference.

Rhapsody provides Apple an unprecedented opportunity leading the electronic commerce revolution. We used this session to present some ideas and open up a discussion on what crypto features the developer community would like to see in Rhapsody, and to get a reading on the priorities

An outline of some of the items discussed, is available.


I want very much to thank the individuals that made this workshop possible.

Robert Hettinga from Shipwright - For his personal time and cost to fly out from Boston, mustering up the developers on the net, assembling the talks, giving the talks, educating us all, doing video booth duty, and everything else. Imagine what we could do with an army of folks like you. (scares me)

Richard Schlein - For understanding the importance and internet commerce to Apple's future.

Beth Reed - For all the help organizing coordinating and firefighting behind the scenes (and holding the bail money). We wouldn't have been able to do it without you.

Cynthia Zwerling - for the fantastic artwork, web design and for dealing with all our last minute notices.

And a personal thanks to all the speakers, for taking the time off their busy schedules to give great presentations.

And most of all, a big thank you to the developers for believing in Apple.

This page last updated on 3/28/97
Cool artwork by Cynthia Zwerling .