Rough Guide to IETF 90: Strengthening the Internet Thumbnail
‹ Back
Building Trust 21 July 2014

Rough Guide to IETF 90: Strengthening the Internet

Karen O'Donoghue
By Karen O'DonoghueDirector, Internet Trust and Technology

The pervasive monitoring revelations over the past year have galvanized the Internet technical community around the topic of Strengthening the Internet (STRINT). The community responded with an Internet Architecture Board (IAB) technical plenary at IETF 88 and a joint IAB/W3C workshop prior to IETF 89 in London. A summary of the workshop is provided in our latest issue of the IETF Journal. The full set of papers and presentations is available at the workshop website. Now is an excellent time to take a quick look at some of the STRINT-related activities that are being discussed this week in Toronto at IETF 90.
The IETF community established consensus around the fact that pervasive monitoring is an attack with the publication of RFC 7258 “Pervasive Monitoring Is an Attack”. The next topic to be addressed is terminology. While the topic can seem mundane and frustrating, having a common set of well understood terms is one of the key factors to a productive discussion leading to community consensus. The Security Area Advisory Group (saag) has been discussing terminology over the last few months primarily through two drafts. The first draft ( draft-dukhovni-opportunistic-security-01) is in the middle of an IETF Last Call. Now is a good time to review and comment on that document. Additionally, there is a more general draft on terminology in the works (draft-kent-opportunistic-security-01).
The Internet Architecture Board (IAB) has established a Security and Privacy Program with three areas of focus: Internet Scale Resilience, Confidentiality, and Trust. Members of this program will hold their first meeting during the week here in Toronto. One of the specific STRINT-related work items for the IAB will be the discussion of the pervasive monitoring threat model based on the draft (
Several working groups are taking a second look at how encryption is used within their protocols. While highlighting each one here is a bit too detailed, keep an eye out for those discussions in the individual work group meetings. One that does deserve mention is the relatively new uta (Using TLS in Applications) Working Group that is specifically tasked with looking at the use of TLS in applications. This is only their second IETF as a working group.
Also of interest is IRTF Crypto Forum Research Group, the cfrg. With the increased interest in encryption and the desire to have more standards track cryptographic algorithms, the profile of the cfrg has increased here at IETF. This meeting will focus on ChaCha20 and Poly1305, hash-based signatures, and elliptic curve cryptography.
Beyond the incorporation of more encryption in developing protocols, there is also an effort to review existing RFCs for privacy and pervasive monitoring issues. This is an activity that is looking for additional volunteers and is an excellent way to read some of those old RFCs that you never got around to. The wiki for that activity is:
Finally, the CrypTech project is looking to develop an open hardware cryptographic engine (see our blog post on CrypTech for more information). The leaders of this project will be having another Wednesday lunch meeting to discuss its design and status. This effort could eventually provide a set of open source cryptographic building blocks along with a trustworthy set of tools to be used to build more secure Internet products.
Related Meetings, Working Groups, and BoFs at IETF 90
uta (Using TLS in Applications) WG
Tuesday, 22 July 2014; 900-1130
IRTF cfrg (Crypto Forum Research Group)
Wednesday, 23 July 2014; 1300-1500

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Building Trust 11 February 2020

Every Day Should Be Safer Internet Day

Safer Internet Day is an opportunity for people and organizations around the world to join forces in a series...

Building Trust 28 January 2020

This Data Privacy Day It’s the Little Things That Count

Today we’re celebrating Data Privacy Day, which is all about empowering people and organizations to respect privacy, safeguard data,...

Join the conversation with Internet Society members around the world