Donate
Rough Guide to IETF 90: Strengthening the Internet Thumbnail
‹ Back
Building Trust 21 July 2014

Rough Guide to IETF 90: Strengthening the Internet

Karen O'Donoghue
By Karen O'DonoghueResearch Analyst

The pervasive monitoring revelations over the past year have galvanized the Internet technical community around the topic of Strengthening the Internet (STRINT). The community responded with an Internet Architecture Board (IAB) technical plenary at IETF 88 and a joint IAB/W3C workshop prior to IETF 89 in London. A summary of the workshop is provided in our latest issue of the IETF Journal. The full set of papers and presentations is available at the workshop website. Now is an excellent time to take a quick look at some of the STRINT-related activities that are being discussed this week in Toronto at IETF 90.
 
The IETF community established consensus around the fact that pervasive monitoring is an attack with the publication of RFC 7258 “Pervasive Monitoring Is an Attack”. The next topic to be addressed is terminology. While the topic can seem mundane and frustrating, having a common set of well understood terms is one of the key factors to a productive discussion leading to community consensus. The Security Area Advisory Group (saag) has been discussing terminology over the last few months primarily through two drafts. The first draft (http://tools.ietf.org/draft- draft-dukhovni-opportunistic-security-01) is in the middle of an IETF Last Call. Now is a good time to review and comment on that document. Additionally, there is a more general draft on terminology in the works (draft-kent-opportunistic-security-01).
 
The Internet Architecture Board (IAB) has established a Security and Privacy Program with three areas of focus: Internet Scale Resilience, Confidentiality, and Trust. Members of this program will hold their first meeting during the week here in Toronto. One of the specific STRINT-related work items for the IAB will be the discussion of the pervasive monitoring threat model based on the draft (http://tools.ietf.org/html/draft-barnes-pervasive-problem-01).
 
Several working groups are taking a second look at how encryption is used within their protocols. While highlighting each one here is a bit too detailed, keep an eye out for those discussions in the individual work group meetings. One that does deserve mention is the relatively new uta (Using TLS in Applications) Working Group that is specifically tasked with looking at the use of TLS in applications. This is only their second IETF as a working group.
 
Also of interest is IRTF Crypto Forum Research Group, the cfrg. With the increased interest in encryption and the desire to have more standards track cryptographic algorithms, the profile of the cfrg has increased here at IETF. This meeting will focus on ChaCha20 and Poly1305, hash-based signatures, and elliptic curve cryptography.
 
Beyond the incorporation of more encryption in developing protocols, there is also an effort to review existing RFCs for privacy and pervasive monitoring issues. This is an activity that is looking for additional volunteers and is an excellent way to read some of those old RFCs that you never got around to. The wiki for that activity is:
https://trac.tools.ietf.org/group/ppm-legacy-review/
 
Finally, the CrypTech project is looking to develop an open hardware cryptographic engine (see our blog post on CrypTech for more information). The leaders of this project will be having another Wednesday lunch meeting to discuss its design and status. This effort could eventually provide a set of open source cryptographic building blocks along with a trustworthy set of tools to be used to build more secure Internet products.
 
Related Meetings, Working Groups, and BoFs at IETF 90
 
uta (Using TLS in Applications) WG
Agenda: https://tools.ietf.org/wg/uta/agenda
Charter: https://tools.ietf.org/wg/uta/charter
Tuesday, 22 July 2014; 900-1130
 
IRTF cfrg (Crypto Forum Research Group)
Agenda: https://tools.ietf.org/agenda/90/agenda-90-cfrg.html
Wednesday, 23 July 2014; 1300-1500
 

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

IETF Issues RFC 7258 Declaring That Pervasive Monitoring Is An Attack Against The Internet
IETF Issues RFC 7258 Declaring That Pervasive Monitoring Is An Attack Against The Internet
Building Trust14 May 2014

IETF Issues RFC 7258 Declaring That Pervasive Monitoring Is An Attack Against The Internet

Large-scale pervasive monitoring (PM) of Internet traffic represents a clear attack against Internet privacy. That is the view stated in...

Rough Guide to IETF 91: Strengthening the Internet (STRINT) Activities Continue
Rough Guide to IETF 91: Strengthening the Internet (STRINT) Activities Continue
IETF6 November 2014

Rough Guide to IETF 91: Strengthening the Internet (STRINT) Activities Continue

The daily news stories and revelations related to pervasive Internet monitoring have slowed in recent months, but the work to...

The Internet Society Rough Guide to IETF 89 - London Calling
The Internet Society Rough Guide to IETF 89 - London Calling
Improving Technical Security21 February 2014

The Internet Society Rough Guide to IETF 89 – London Calling

It's that time, again – in just over a week, more than a thousand Internet engineers will arrive in London...

Join the conversation with Internet Society members around the world