Skip to main content
  • IETF 116 Yokohama registration now open

    Registration is now open for IETF 116 Yokohama

    • Jay DaleyIETF Executive Director
    24 Nov 2022
  • IETF 115 post-meeting survey

    IETF 115 London was held 5-11 November 2022

    • Jay DaleyIETF Executive Director
    22 Nov 2022
  • Catching up on IETF 115

    Recordings are now available for sessions held during the IETF 115 meeting and the IETF Hackathon, where more than 1500 participants gathered in London and online 5-11 November 2022.

      13 Nov 2022
    • Opportunities for university researchers and students during IETF 115

      The upcoming IETF 115 meeting in London on 5-11 November 2022 is a unique opportunity for networking researchers to learn how RFCs are written, to engage with the Internet standards community to begin to develop research impact, and to meet more than 1,000 leading technologists from around the world currently working in industry, academia, and other organizations.

        1 Nov 2022
      • Suggested IETF 115 Sessions for Getting Familiar with New Topics

        These IETF 115 meeting sessions are likely to include discussions and new proposals that are accessible to a broad range of Internet technologists whether they are new to the IETF or long-time participants.

          24 Oct 2022

        Filter by topic and date

        Filter by topic and date

        Celebrating Data Privacy Day

        • Alissa CooperApplications and Real-Time Area Director

        28 Jan 2014

        Today is International Data Privacy Day, and I wanted to let Alissa Cooper say a few words about how we are working on privacy topics at the IETF. - Jari Arkko, IETF Chair

        Each year, Data Privacy Day is celebrated on January 28 to commemorate the signing of the first legally binding international data protection treaty. It is an opportunity to promote user empowerment and education about protecting personal data.

        The IETF has seen the launch of many new privacy-relevant activities in recent months, including efforts that reflect the particular kinds of user empowerment that standards organizations such as ours can effectuate. Last year the IAB published RFC 6973, Privacy Considerations for Internet Protocols, one goal of which was to provide guidance to those working in the IETF about how to consider privacy threats and mitigations within their protocol designs. Since then, the IAB Privacy Program has been refining a privacy tutorial to help put RFC 6973’s guidance into practice. After several trial runs, the tutorial has been solidified and will be conducted for all IETF participants on Sunday, March 2, at the start of the next IETF meeting.

        Recent revelations concerning pervasive monitoring have spurred work on empowering users in a different way, by re-emphasising the need for security and privacy technologies to be easier to deploy and use. At least some of the attacks that we’ve learned about in recent months could have been deterred or mitigated if technologies and standards that already existed had been deployed (for example, the use of transport layer security to encrypt traffic between mail servers or data centers). But we know far too well that the difficulty of deploying and using security technologies has often prevented their adoption, both by corporations and individual end users. One consequence of the pervasive monitoring revelations has been to re-focus the technical community’s attention on usable security.

        This trend is apparent within many different IETF efforts. Using TLS in Applications (UTA) is a new working group that aims to (among other things) provide greater clarity for application developers about best practices for using transport layer security in their applications. There have been discussions in many different workings groups, mailing lists, and Internet drafts about whether and how to increase the use of opportunistic encryption, which can have fewer deployment barriers compared to fully authenticated encryption and could thereby help to mitigate passive traffic sniffing.

        While these examples reflect a desire to make encryption more usable, encryption alone does not suffice for meeting all data protection needs. Even with payload encryption, meta-data collection and traffic analysis can still reveal sensitive information to intermediaries, and care must be taken to ensure that payloads themselves do not include personal data unnecessarily.

        Tackling these sorts of problems requires adopting data minimization and anonymization techniques that in some cases have proved even more onerous to deploy and use than transport encryption. Making this class of solutions more usable will require significant effort going forward ­ meaning that there is plenty more work to be done both inside and outside the IETF.

        The IETF has long been committed to building secure protocols (see RFC 3365RFC 3552) and is currently debating extending that commitment to defending against pervasive monitoring. We still have a ways to go to make security more usable and to build in additional privacy protections beyond what security features already provide, but today we can celebrate our recent efforts and the renewed enthusiasm for privacy protection emerging throughout the IETF community. Let’s turn that energy into concrete solutions in the coming months and years.


        Share this page