The Internet and the Year 2000

When Mark McGwire broke a cherished baseball record, every conversation seemed to turn to baseball, home runs and record-setting performances. The year 2000 problem is a bit like that: No matter where I go, I'm bombarded by questions about year 2000. Even though my day-to-day work focuses entirely on Internet infrastructure and network deployment, year 2000 questions are on everybody's mind and are part of every customer contact.

Even so, I was caught off guard when someone asked me if there are any problems with year 2000 on the Internet. "After all, most of the Internet standards are pretty old and susceptible to the same sort of two-digit thinking that led us into this mess," a friend said. "Who's looking into it on the Internet?" she asked me.

Year 2000 problems seem to be everywhere. People look for them in older applications, packaged software and even embedded chips that run everything from toasters to prison gates. It's perfectly reasonable to ask if year 2000 problems have cropped up in the fundamental standards that make the Internet work. Will electronic mail cease to work? Will cookies fail to sweeten the online experience? Will packets simply start to be lost once the date has brand-new first and second digits?

Fortunately, someone has been looking into it.

The IETF, the standards body responsible for almost all Internet standards, met this August in Chicago. At an evening meeting dominated by discussions on technical administration of the Internet, the group heard remarkable news about the Internet and the year 2000: The Internet is in surprisingly good shape.

More than a year ago, the IETF formed a small working group of Internet engineers to review the existing body of standards that are codified in the Request For Comment (RFC) series of protocols and standards. The RFCs document the fundamental standards that make the Internet work, including SMTP and POP for electronic mail, HTTP for the Web and SNMP for managing Internet networks. The RFCs also include arcane and little-known protocols such as the Sender Initiated/Unsolicited File Transfer Protocol or the NETRJS Protocol.

From the obscure to the most commonly implemented protocols, the working group found that the Internet protocol suite is largely free from year 2000 problems. Most elderly protocols that specify two-digit date fields have long since been revised with mandatory four-digit dates.

One reason for this is that in 1996, the group that oversees the activities of the IETF working groups mandated that no new standard would be promulgated with two-digit dates or any other millennium issues. Still, the working group had to examine more than 2,000 standards during the year 2000 investigation. The working group divided the collection of RFCs into 16 logical groups such as "Directory Services," "Electronic Mail," "Network Management," and so forth. Each of the groups was then assigned to a team for investigation. The teams then used a combination of automatic scanning, complete rereading of the RFC, and in some cases, a review of the source code for the reference implementation of the standard to find potential year 2000 problems.

Every standard with a potential problem was examined individually. The working group found that the current versions of every key Internet protocol were year 2000-compliant.

While year 2000 problems have been avoided, the working group identified an intriguing problem with certain timestamps. If you store the time as a 32-bit, signed, binary number representing the number of seconds since midnight on January 1, 1970, the field will only be big enough to last until the year 2036. In 2036 these fields become negative numbers with potentially problematic consequences. Several protocols, including the Network Time Protocol (NTP) and DNS security, "suffer" from this problem. Quite correctly, the working group referred these protocols back to the standards group that wrote them, to be fixed -- rather than wait for a new round of date-field panic in 2036.

The only other significant worry is that a vendor might have implemented a date field based on a very old, obsolete version of an Internet protocol. Some obsolete standards required two-digit years, but every current standard requires four-digit years and is not susceptible to year 2000 problems.

The good news is that the Internet protocol suite in common use today is free from almost all date-related problems. For most organizations using the Internet as a serious business tool, this reassurance means that you only need to check to see that software vendors are working from the most current specifications of key Internet standards. If they are, you've found a silver lining among the clouds that make up the year 2000 problem. --Mark McFadden is a consultant and is communications director for the Commercial Internet eXchange (Washington.) Contact him at