Donate
Rough Guide to IETF 93: Strengthening the Internet Thumbnail
‹ Back
Building Trust 17 July 2015

Rough Guide to IETF 93: Strengthening the Internet

Karen O'Donoghue
By Karen O'DonoghueResearch Analyst

Strengthening the Internet and encryption continue to be active areas for the IETF community. The news stories related to encryption just seem to keep coming. Now some governments are even considering requiring key escrow or banning encryption outright. The stakes continue to rise in this discussion. In this section of the Rough Guide, we will focus on CrypTech, the IAB Privacy and Security program, the Crypto Forum Research Group, and a few relevant IETF work groups happening at IETF 93 in Prague next week.

First, CrypTech (website: https://cryptech.is; wiki: https://trac.cryptech.is/wiki; mailing list: https://wiki.cryptech.is/wiki/MailingLists) is a project to create an open hardware cryptographic engine developed in a transparent manner. While this project is technically outside the scope of the IETF, it was originally started with the support of IETF and IAB leadership. CrypTech is making excellent technical progress, but it needs to establish more robust and stable funding.

At IETF 93, there will be several opportunities to learn more about the CrypTech project and to get involved. First, there will be a hands-on workshop on Saturday, 18 July, to learn more about the current state of the project. A detailed agenda is available here: (https://trac.cryptech.is/wiki/PrahaWorkshop) CrypTech will also be an agenda item in the saag and cfrg meetings mentioned below. This is an interesting project with great potential and many opportunities to participate and contribute.

Moving on, the Internet Architecture Board (IAB, www.iab.org), through its Privacy and Security Program (https://www.iab.org/activities/programs/privacy-and-security-program/) is continuing to work on the topic of confidentiality. A document on “Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement” (https://tools.ietf.org/html/draft-iab-privsec-confidentiality-threat-07) has been approved and is in the final steps of publication. The program is now working on a mitigations draft entitled “Confidentiality in the Face of Pervasive Surveillance” (https://tools.ietf.org/html/draft-iab-privsec-confidentiality-mitigations-02). Now is an excellent time to find some of the program participants and discuss this document with the authors.

While this is not an IETF 93 activity, the IAB is also working with the GSMA to plan a workshop on Managing Radio Networks in an Encrypted World (MaRNEW). There is still time to put together position papers if you feel you have something to contribute in this space. (https://www.iab.org/activities/workshops/marnew/) The workshop is planned for 24-25 September in Atlanta, GA, and there should be interesting results to review in time for IETF 94.

Next, the Internet Research Task Force (IRTF) Crypto Forum Research Group (cfrg, https://irtf.org/cfrg) continues to focus on use of cryptography for IETF protocols. It has been focusing extensively on the selection of new elliptic curves for use in IETF protocols, and rough consensus on this topic is documented in “Elliptic Curves for Security” (https://tools.ietf.org/html/draft-irtf-cfrg-curves-02). Hot topics at the meeting this week will include pake schemes, extended hash-based signatures, and elliptic curve signatures. Anyone interested in the future direction of cryptographic curves and algorithms would be well served to follow these discussions.

There are also a number of IETF working groups progressing efforts related to strengthening the Internet that will be meeting this week. In this post I will focus on tls and uta. Other working groups also working on strengthening the Internet are discussed in the “ DNSSEC, DANE, DPRIVE, and DNS Security” and the soon-to-come “Trust, Identity, and Privacy” Rough Guide posts.

The Transport Layer Security (tls) working group is actively working on an update to the TLS protocol (https://tools.ietf.org/html/draft-ietf-tls-tls13-07). This is a very active working group with a mailing list that is not for the faint of heart. There will be two sessions and a total of 4.5 hours of meeting time devoted to progressing the agenda. Topics for IETF 93 include known configuration mechanisms, 0-RTT, PSK and resumption, client authentication, and cipher suites among others.

Since the last IETF meeting, the Using TLS in Applications (uta) working group has published two RFCs; RFC 7525 ”Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)” (https://tools.ietf.org/html/rfc7525) and RFC 7590 “Use of Transport Layer Security (TLS) in the Extensible Messaging and Presence Protocol (XMPP)“ (https://tools.ietf.org/html/rfc7590). This meeting will focus on enhanced email privacy and TLS/DTLS security modules.

Finally, I’d like to give a quick plug for the Security Area Advisory Group (saag) session. This is an excellent way to get a quick view of some of the security-related conversations ongoing in the IETF. This week’s session will include CrypTech along with the state of transport security in email and http. All in all, there is much to see and do in the world of Strengthening the Internet for IETF 93.

Related Meetings, Working Groups, and BoFs at IETF 93:

cfrg (Crypto Forum Research Group)
Wednesday, 22 July 2015, 1300-1530, Athens/Barcelona
Agenda: https://tools.ietf.org/agenda/93/agenda-93-cfrg.html
Charter: https://irtf.org/cfrg

tls (Transport Layer Security) WG
Tuesday, 21 July, 2015, 1520-1720, Congress Hall III,
Wednesday, 22 July 2015, 0900-1130, Grand Ballroom
Agenda: https://tools.ietf.org/wg/tls/agenda
Documents: https://tools.ietf.org/wg/tls
Charter: https://tools.ietf.org/wg/tls/charters

uta (Using TLS in Applications) WG
Tuesday, 21 July 2015, 1740-1840, Congress Hall III
Agenda: https://tools.ietf.org/wg/uta/agenda
Documents: https://tools.ietf.org/wg/uta
Charter: https://tools.ietf.org/wg/uta/charter

saag (Security Area Advisory Group)
Thursday, 23 July 2015, 1300-1500, Congress Hall II
Agenda: https://tools.ietf.org/agenda/93/agenda-93-saag.html

Follow Us

There’s a lot going on in Prague, and whether you plan to be there or join remotely, there’s much to monitor. To follow along as we dole out this series of Rough Guide to IETF blog posts, follow us on the Internet Technology Matters blog, Twitter, Facebook, Google+, via RSS, or see http://www.internetsociety.org/rough-guide-ietf93.

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Rough Guide to IETF 92: Strengthening the Internet
Rough Guide to IETF 92: Strengthening the Internet
Improving Technical Security20 March 2015

Rough Guide to IETF 92: Strengthening the Internet

One of our primary strategic objectives for 2015 is work related to strengthening the Internet. News continues to come in...

Rough Guide to IETF 90: Strengthening the Internet
Rough Guide to IETF 90: Strengthening the Internet
Building Trust21 July 2014

Rough Guide to IETF 90: Strengthening the Internet

The pervasive monitoring revelations over the past year have galvanized the Internet technical community around the topic of Strengthening the...

Rough Guide to IETF 96: All Things Encryption
Rough Guide to IETF 96: All Things Encryption
Encryption17 July 2016

Rough Guide to IETF 96: All Things Encryption

IETF 96 finds us back in Berlin still talking about how to strengthen the Internet by improving the deployment and...

Join the conversation with Internet Society members around the world