Donate
Rough Guide to IETF 92: Strengthening the Internet Thumbnail
‹ Back
Improving Technical Security 20 March 2015

Rough Guide to IETF 92: Strengthening the Internet

Karen O'Donoghue
By Karen O'DonoghueResearch Analyst

One of our primary strategic objectives for 2015 is work related to strengthening the Internet. News continues to come in regarding the exploitation of various vulnerabilities and threats in core Internet protocols and operations. The IETF community continues to work to address these issues, as is evident from multiple activities scheduled for this week in Dallas at IETF 92

In November 2014, the Internet Architecture Board (IAB) published a statement on Internet Confidentiality urging the development and deployment of encryption technology. The IAB Privacy and Security Program continues to focus on Resilience, Confidentiality, and Trust. While all of these contribute to general strengthening of the Internet, the confidentiality area in particular is continuing work on a threat model and problem statement document: “Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement”. This document has been reviewed and updated since the last IETF and is reaching a state ready for broader community review.

The IAB research group, the Crypto Forum Research Group (cfrg) has been focusing extensively on the selection of new curves for use in IETF protocols. They will be meeting this week to discuss an update on curves, recapping where they are and where they are going. Anyone interested in the future direction of cryptographic curves and algorithms would be well served to follow these discussions. This work is also eagerly anticipated by communities outside the IETF including W3C, particularly the W3C WebCrypto WG.

There are a number of IETF working groups progressing work related to strengthening the Internet meeting this week. In this post I will focus on tls and uta. Note that other working groups related to trust, identity, and privacy will be discussed in a subsequent Rough Guide to IETF 92 blog post.

The tls (Transport Layer Security) working group is actively working on an update to the TLS protocol. They recently conducted an interim meeting in Seattle, WA, on 10-11 March 2015. Agenda items for IETF 92 include backwards compatibility, rekeying, and client authentication.

Since the last IETF meeting, the Using TLS in Applications (uta) wg has completed and forwarded a key document, “Recommendations for Secure Use of TLS and DTLS” to the RFC Editor for publication.
 
Finally, while this isn’t exactly an IETF activity, I’d again like to mention that the CrypTech project is making excellent progress in developing an open hardware cryptographic engine. This effort could eventually provide a set of open source cryptographic building blocks along with a trustworthy set of tools to be used to build more secure Internet products. Join the public mailing lists to follow progress.
 
Finally, I have mentioned this during my comments for IETF 90 and IETF 91, and I see that there still hasn’t been much activity, but there is an effort to review existing RFCs for privacy and pervasive monitoring issues. This is an excellent way to read some of those old RFCs that you never got around to. The wiki for that activity is: https://trac.tools.ietf.org/group/ppm-legacy-review/
 
Related Meetings, Working Groups, and BoFs at IETF 92:
 

  • cfrg (Crypto Forum Research Group)
    Wednesday, 25 March 2015, 1300-1500, Continental
    Charter: https://irtf.org/cfrg

Follow Us

There’s a lot going on in Dallas, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://www.internetsociety.org/rough-guide-ietf92.

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Rough Guide to IETF 94: Strengthening the Internet
Rough Guide to IETF 94: Strengthening the Internet
IETF29 October 2015

Rough Guide to IETF 94: Strengthening the Internet

The ongoing efforts of the Internet community to strengthen the Internet continue with IETF 94 in Yokohama next week. Even...

Rough Guide to IETF 93: Strengthening the Internet
Rough Guide to IETF 93: Strengthening the Internet
Building Trust17 July 2015

Rough Guide to IETF 93: Strengthening the Internet

Strengthening the Internet and encryption continue to be active areas for the IETF community. The news stories related to encryption...

Rough Guide to IETF 91: Strengthening the Internet (STRINT) Activities Continue
Rough Guide to IETF 91: Strengthening the Internet (STRINT) Activities Continue
IETF6 November 2014

Rough Guide to IETF 91: Strengthening the Internet (STRINT) Activities Continue

The daily news stories and revelations related to pervasive Internet monitoring have slowed in recent months, but the work to...

Join the conversation with Internet Society members around the world